From cvs at cvs.gnupg.org Tue Feb 3 09:14:23 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 03 Feb 2015 09:14:23 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.1-60-g3f67426 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 3f67426a89bf4b37e1d2662fddc3eb4fa474c4ad (commit) via 8872657b2a52dd9698224b80e5672e23c5405eda (commit) via 616633b7713081ecc39419494879947cc7f163d0 (commit) from 7db6c82cec49b7c56c403a8ea98364086baf75f3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3f67426a89bf4b37e1d2662fddc3eb4fa474c4ad Author: Werner Koch Date: Tue Feb 3 09:12:45 2015 +0100 Update copyright years. * common/w32info-rc.h.in (W32INFO_COMPANYNAME): Change to "The GnuPG Project". diff --git a/AUTHORS b/AUTHORS index 58cfdb8..9f7377e 100644 --- a/AUTHORS +++ b/AUTHORS @@ -15,8 +15,8 @@ copyrightable year that would otherwise be listed individually. List of Copyright holders ========================= - Copyright (C) 1997-2014 Werner Koch - Copyright (C) 1994-2013 Free Software Foundation, Inc. + Copyright (C) 1997-2015 Werner Koch + Copyright (C) 1994-2015 Free Software Foundation, Inc. Copyright (C) 2003-2013 g10 Code GmbH Copyright (C) 2002 Klar?lvdalens Datakonsult AB Copyright (C) 1995-1997, 2000-2007 Ulrich Drepper diff --git a/README b/README index fef57aa..886e87e 100644 --- a/README +++ b/README @@ -2,8 +2,8 @@ ========================= Version 2.1 - Copyright 1997-2014 Werner Koch - Copyright 1998-2013 Free Software Foundation, Inc. + Copyright 1997-2015 Werner Koch + Copyright 1998-2015 Free Software Foundation, Inc. * INTRODUCTION diff --git a/common/argparse.c b/common/argparse.c index 169e234..b067314 100644 --- a/common/argparse.c +++ b/common/argparse.c @@ -1372,7 +1372,7 @@ strusage( int level ) break; case 11: p = "foo"; break; case 13: p = "0.0"; break; - case 14: p = "Copyright (C) 2014 Free Software Foundation, Inc."; break; + case 14: p = "Copyright (C) 2015 Free Software Foundation, Inc."; break; case 15: p = "This is free software: you are free to change and redistribute it.\n" "There is NO WARRANTY, to the extent permitted by law.\n"; diff --git a/common/w32info-rc.h.in b/common/w32info-rc.h.in index 1a427ee..d7909dd 100644 --- a/common/w32info-rc.h.in +++ b/common/w32info-rc.h.in @@ -17,7 +17,7 @@ you can redistribute it and/or modify it under the terms of the \ GNU General Public License as published by the Free Software Foundation; \ either version 3 of the License, or (at your option) any later version.\0" -#define W32INFO_COMPANYNAME "g10 Code GmbH\0" +#define W32INFO_COMPANYNAME "The GnuPG Project\0" #define W32INFO_VI_FILEVERSION @BUILD_FILEVERSION@ #define W32INFO_VI_PRODUCTVERSION @BUILD_FILEVERSION@ @@ -29,4 +29,4 @@ built on @BUILD_HOSTNAME@ at @BUILD_TIMESTAMP@\0" #define W32INFO_PRODUCTVERSION "@VERSION@\0" #define W32INFO_LEGALCOPYRIGHT "Copyright \xa9 \ -2013 Free Software Foundation, Inc.\0" +2015 Free Software Foundation, Inc.\0" diff --git a/configure.ac b/configure.ac index 30a639e..c61ecdc 100644 --- a/configure.ac +++ b/configure.ac @@ -1,6 +1,6 @@ # configure.ac - for GnuPG 2.1 # Copyright (C) 1998-2012 Free Software Foundation, Inc. -# Copyright (C) 1998-2014 Werner Koch +# Copyright (C) 1998-2015 Werner Koch # # This file is part of GnuPG. # diff --git a/doc/gnupg.texi b/doc/gnupg.texi index 875b8e4..b095230 100644 --- a/doc/gnupg.texi +++ b/doc/gnupg.texi @@ -35,7 +35,7 @@ Published by The GnuPG Project@* @end iftex @copyright{} 2002, 2004, 2005, 2006, 2007, 2010 Free Software Foundation, Inc.@* - at copyright{} 2013, 2014 Werner Koch. + at copyright{} 2013, 2014, 2015 Werner Koch. @quotation Permission is granted to copy, distribute and/or modify this document commit 8872657b2a52dd9698224b80e5672e23c5405eda Author: Werner Koch Date: Sun Feb 1 15:35:57 2015 +0100 w32: Change default Windows install dir and add bin to PATH. * build-aux/speedo.mk (WITH_GUI): New macro. The Windows installer is now build by default without any GUI stuff. * build-aux/speedo/w32/inst.nsi: Change standard installation directory. (AddToPath, un.RemoveFromPath): New. (gnupginst): Add bin directory to the PATH. Signed-off-by: Werner Koch diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk index 005add7..8a2053a 100644 --- a/build-aux/speedo.mk +++ b/build-aux/speedo.mk @@ -84,22 +84,22 @@ this-native-gui: check-tools $(SPEEDOMAKE) TARGETOS=native WHAT=this WITH_GUI=1 all w32-installer: check-tools - $(SPEEDOMAKE) TARGETOS=w32 WHAT=release WITH_GUI=1 installer + $(SPEEDOMAKE) TARGETOS=w32 WHAT=release WITH_GUI=0 installer git-w32-installer: check-tools - $(SPEEDOMAKE) TARGETOS=w32 WHAT=git WITH_GUI=1 installer + $(SPEEDOMAKE) TARGETOS=w32 WHAT=git WITH_GUI=0 installer this-w32-installer: check-tools - $(SPEEDOMAKE) TARGETOS=w32 WHAT=this WITH_GUI=1 installer + $(SPEEDOMAKE) TARGETOS=w32 WHAT=this WITH_GUI=0 installer w32-source: check-tools - $(SPEEDOMAKE) TARGETOS=w32 WHAT=release WITH_GUI=1 dist-source + $(SPEEDOMAKE) TARGETOS=w32 WHAT=release WITH_GUI=0 dist-source git-w32-source: check-tools - $(SPEEDOMAKE) TARGETOS=w32 WHAT=git WITH_GUI=1 dist-source + $(SPEEDOMAKE) TARGETOS=w32 WHAT=git WITH_GUI=0 dist-source this-w32-source: check-tools - $(SPEEDOMAKE) TARGETOS=w32 WHAT=git WITH_GUI=1 dist-source + $(SPEEDOMAKE) TARGETOS=w32 WHAT=git WITH_GUI=0 dist-source # Set this to "git" to build from git, @@ -160,43 +160,54 @@ speedo_spkgs = \ ifeq ($(TARGETOS),w32) speedo_spkgs += \ - zlib bzip2 adns libiconv gettext + zlib bzip2 adns libiconv +ifeq ($(WITH_GUI),1) +speedo_spkgs += gettext +endif endif speedo_spkgs += \ libassuan libksba gnupg ifeq ($(TARGETOS),w32) +ifeq ($(WITH_GUI),1) speedo_spkgs += \ libffi glib pkg-config endif +endif speedo_spkgs += \ gpgme ifeq ($(TARGETOS),w32) +ifeq ($(WITH_GUI),1) speedo_spkgs += \ libpng \ gdk-pixbuf atk pixman cairo pango gtk+ endif +endif ifeq ($(WITH_GUI),1) speedo_spkgs += \ pinentry gpa -endif - ifeq ($(TARGETOS),w32) speedo_spkgs += \ gpgex endif +endif + # =====END LIST OF PACKAGES===== -# Packages which are additionally build for 64 bit Windows -speedo_w64_spkgs = \ - libgpg-error libiconv gettext libassuan gpgex +# Packages which are additionally build for 64 bit Windows. They are +# only used for gpgex and thus we need to build them only if we want +# a full installer. +speedo_w64_spkgs = +ifeq ($(WITH_GUI),1) +speedo_w64_spkgs += ibgpg-error libiconv gettext libassuan gpgex +endif # Packages which use the gnupg autogen.sh build style speedo_gnupg_style = \ @@ -217,8 +228,10 @@ endif ifeq ($(UPD_SWDB),1) SWDB := $(shell $(topsrc)/build-aux/getswdb.sh $(getswdb_options) && echo okay) ifeq ($(strip $(SWDB)),) +ifneq ($(WHAT),git) $(error Error getting GnuPG software version database) endif +endif # Version numbers of the released packages gnupg_ver = $(shell cat $(topsrc)/VERSION) @@ -328,7 +341,7 @@ else ifeq ($(WHAT),git) speedo_pkg_libassuan_git = $(gitrep)/libassuan speedo_pkg_libassuan_gitref = master speedo_pkg_libgcrypt_git = $(gitrep)/libgcrypt - speedo_pkg_libgcrypt_gitref = LIBGCRYPT-1-6-BRANCH + speedo_pkg_libgcrypt_gitref = master speedo_pkg_libksba_git = $(gitrep)/libksba speedo_pkg_libksba_gitref = master speedo_pkg_gpgme_git = $(gitrep)/gpgme @@ -412,10 +425,17 @@ endef endif # The LDFLAGS is needed for -lintl for glib. +ifeq ($(WITH_GUI),1) speedo_pkg_gpgme_configure = \ --enable-static --enable-w32-glib --disable-w32-qt \ --with-gpg-error-prefix=$(idir) \ LDFLAGS=-L$(idir)/lib +else +speedo_pkg_gpgme_configure = \ + --disable-static --disable-w32-glib --disable-w32-qt \ + --with-gpg-error-prefix=$(idir) \ + LDFLAGS=-L$(idir)/lib +endif speedo_pkg_pinentry_configure = \ --disable-pinentry-qt --disable-pinentry-qt4 --disable-pinentry-gtk \ @@ -1051,6 +1071,11 @@ w32_insthelpers: $(bdir)/g4wihelp.dll $(bdir)/inst-options.ini: $(w32src)/inst-options.ini cat $(w32src)/inst-options.ini >$(bdir)/inst-options.ini +extra_installer_options = +ifeq ($(WITH_GUI),1) +extra_installer_options += -DWITH_GUI=1 +endif + installer: all w32_insthelpers $(w32src)/inst-options.ini $(bdir)/README.txt $(MAKENSIS) -V2 \ -DINST_DIR=$(idir) \ @@ -1063,7 +1088,7 @@ installer: all w32_insthelpers $(w32src)/inst-options.ini $(bdir)/README.txt -DNAME=$(INST_NAME) \ -DVERSION=$(INST_VERSION) \ -DPROD_VERSION=$(INST_PROD_VERSION) \ - $(w32src)/inst.nsi + $(extra_installer_options) $(w32src)/inst.nsi @echo "Ready: $(idir)/$(INST_NAME)-$(INST_VERSION)_$(BUILD_DATESTR).exe" endif diff --git a/build-aux/speedo/w32/inst.nsi b/build-aux/speedo/w32/inst.nsi index 8c64953..e88a91c 100644 --- a/build-aux/speedo/w32/inst.nsi +++ b/build-aux/speedo/w32/inst.nsi @@ -27,6 +27,8 @@ # NAME # VERSION # PROD_VERSION +# +# WITH_GUI - Include the GPA GUI !cd "${INST_DIR}" !addincludedir "${W32_SRCDIR}" @@ -40,7 +42,7 @@ !define PRETTY_PACKAGE "GNU Privacy Guard" !define PRETTY_PACKAGE_SHORT "GnuPG" !define COMPANY "The GnuPG Project" -!define COPYRIGHT "Copyright (C) 2014 The GnuPG Project" +!define COPYRIGHT "Copyright (C) 2015 The GnuPG Project" !define DESCRIPTION "GnuPG: The GNU Privacy Guard for Windows" !define INSTALL_DIR "GnuPG" @@ -105,9 +107,9 @@ OutFile "${NAME}-${VERSION}_${BUILD_DATESTR}.exe" !ifndef INSTALL_DIR !define INSTALL_DIR "GnuPG" !endif -InstallDir "$PROGRAMFILES\GNU\${INSTALL_DIR}" +InstallDir "$PROGRAMFILES\${INSTALL_DIR}" -InstallDirRegKey HKLM "Software\GNU\${PACKAGE_SHORT}" "Install Directory" +InstallDirRegKey HKLM "Software\${PACKAGE_SHORT}" "Install Directory" # Add version information to the file properties. @@ -138,7 +140,7 @@ VIAddVersionKey "FileVersion" "${PROD_VERSION}" # Remember the installer language !define MUI_LANGDLL_REGISTRY_ROOT "HKCU" -!define MUI_LANGDLL_REGISTRY_KEY "Software\GNU\GnuPG" +!define MUI_LANGDLL_REGISTRY_KEY "Software\GnuPG" !define MUI_LANGDLL_REGISTRY_VALUENAME "Installer Language" # @@ -168,7 +170,7 @@ Var STARTMENU_FOLDER !define MUI_PAGE_CUSTOMFUNCTION_PRE CheckIfStartMenuWanted !define MUI_STARTMENUPAGE_NODISABLE !define MUI_STARTMENUPAGE_REGISTRY_ROOT "HKCU" -!define MUI_STARTMENUPAGE_REGISTRY_KEY "Software\GNU\GnuPG" +!define MUI_STARTMENUPAGE_REGISTRY_KEY "Software\GnuPG" !define MUI_STARTMENUPAGE_REGISTRY_VALUENAME "Start Menu Folder" # We need to set the Startmenu name explicitly because a slash in the # name is not possible. @@ -498,6 +500,31 @@ Function TrimNewlines Exch $R0 FunctionEnd + +# AddToPath - Adds the given dir to the search path. +# Input - head of the stack +Function AddToPath + Exch $0 + g4wihelp::path_add "$0" + StrCmp $R5 "0" add_to_path_done + SendMessage ${HWND_BROADCAST} ${WM_WININICHANGE} 0 "STR:Environment" /TIMEOUT=5000 + add_to_path_done: + Pop $0 +FunctionEnd + + +# RemoveFromPath - Remove a given dir from the path +# Input: head of the stack +Function un.RemoveFromPath + Exch $0 + g4wihelp::path_remove "$0" + StrCmp $R5 "0" remove_from_path_done + SendMessage ${HWND_BROADCAST} ${WM_WININICHANGE} 0 "STR:Environment" /TIMEOUT=5000 + remove_from_path_done: + Pop $0 +FunctionEnd + + # # Define the installer sections. # @@ -513,7 +540,7 @@ Section "-gnupginst" FileWrite $0 "${VERSION}$\r$\n" FileClose $0 - WriteRegStr HKLM "Software\GNU\GnuPG" "Install Directory" $INSTDIR + WriteRegStr HKLM "Software\GnuPG" "Install Directory" $INSTDIR # If we are reinstalling, try to kill a possible running gpa using # an already installed gpa. @@ -529,6 +556,11 @@ Section "-gnupginst" ExecWait '"$INSTDIR\bin\gpgconf" --kill gpg-agent' no_gpgconf: + + # Add the bin directory to the PATH + Push "$INSTDIR\bin" + Call AddToPath + DetailPrint "Added $INSTDIR\bin to PATH" SectionEnd LangString DESC_Menu_gnupg_readme ${LANG_ENGLISH} \ @@ -558,19 +590,19 @@ Section "GnuPG" SEC_gnupg ClearErrors SetOverwrite try - File "libexec/scdaemon.exe" + File "bin/dirmngr.exe" SetOverwrite lastused ifErrors 0 +3 - File /oname=scdaemon.exe.tmp "libexec/scdaemon.exe" - Rename /REBOOTOK scdaemon.exe.tmp scdaemon.exe + File /oname=dirmngr.exe.tmp "bin/dirmngr.exe" + Rename /REBOOTOK dirmngr.exe.tmp dirmngr.exe ClearErrors SetOverwrite try - File "bin/dirmngr.exe" + File "libexec/scdaemon.exe" SetOverwrite lastused ifErrors 0 +3 - File /oname=dirmngr.exe.tmp "bin/dirmngr.exe" - Rename /REBOOTOK dirmngr.exe.tmp dirmngr.exe + File /oname=scdaemon.exe.tmp "libexec/scdaemon.exe" + Rename /REBOOTOK scdaemon.exe.tmp scdaemon.exe SetOutPath "$INSTDIR\share\gnupg" File "share/gnupg/gpg-conf.skel" @@ -657,15 +689,16 @@ SectionEnd Section "-gpgme" SEC_gpgme SetOutPath "$INSTDIR\bin" File bin/libgpgme-11.dll - File bin/libgpgme-glib-11.dll + File /nonfatal bin/libgpgme-glib-11.dll File libexec/gpgme-w32spawn.exe SetOutPath "$INSTDIR\lib" File /oname=libgpgme.imp lib/libgpgme.dll.a - File /oname=libgpgme-glib.imp lib/libgpgme-glib.dll.a + File /nonfatal /oname=libgpgme-glib.imp lib/libgpgme-glib.dll.a SetOutPath "$INSTDIR\include" File include/gpgme.h SectionEnd +!ifdef WITH_GUI Section "-gettext" SEC_gettext SetOutPath "$INSTDIR\bin" File bin/libintl-8.dll @@ -781,12 +814,16 @@ Section "-gtk+" SEC_gtk_ SetOutPath "$INSTDIR\etc\gtk-2.0" File etc/gtk-2.0/im-multipress.conf SectionEnd +!endif +!ifdef WITH_GUI Section "-pinentry" SEC_pinentry SetOutPath "$INSTDIR\bin" File /oname=pinentry.exe "bin/pinentry-gtk-2.exe" SectionEnd +!endif +!ifdef WITH_GUI Section "gpa" SEC_gpa SectionIn RO SetOutPath "$INSTDIR\bin" @@ -853,6 +890,8 @@ LangString T_GPGEX_RegFailed ${LANG_ENGLISH} \ LangString DESC_SEC_gpgex ${LANG_ENGLISH} \ "GnuPG Explorer Extension" +!endif + Section "-gnupglast" SEC_gnupglast SetOutPath "$INSTDIR" @@ -885,19 +924,22 @@ ${If} ${RunningX64} ${EndIf} SectionEnd - +!ifdef WITH_GUI Section "-un.gpa" Delete "$INSTDIR\bin\gpa.exe" Delete "$INSTDIR\bin\launch-gpa.exe" RMDir "$INSTDIR\share\gpa" SectionEnd +!endif +!ifdef WITH_GUI Section "-un.pinentry" Delete "$INSTDIR\bin\pinentry.exe" SectionEnd +!endif - +!ifdef WITH_GUI Section "-un.gtk+" Delete "$INSTDIR\bin\libgdk_pixbuf-2.0-0.dll" Delete "$INSTDIR\bin\libgdk-win32-2.0-0.dll" @@ -1006,6 +1048,8 @@ Section "-un.glib" Delete "$INSTDIR\bin\gspawn-win32-helper-console.exe" Delete "$INSTDIR\bin\libffi-6.dll" SectionEnd +!endif + Section "-un.gettext" Delete "$INSTDIR\bin\libintl-8.dll" @@ -1085,6 +1129,10 @@ Section "-un.gnupginst" Delete "$INSTDIR\VERSION" + # Remove the bin directory from the PATH + Push "$INSTDIR\bin" + Call un.RemoveFromPath + # Try to remove the top level directories. RMDir "$INSTDIR\bin" RMDir "$INSTDIR\lib" @@ -1149,6 +1197,7 @@ FunctionEnd # This also must be in a central place. Also Urgs. +!ifdef WITH_GUI Section "-startmenu" !ifdef HAVE_STARTMENU @@ -1231,7 +1280,7 @@ no_quick_launch: !endif SectionEnd - +!endif # @@ -1248,7 +1297,9 @@ Section WriteRegExpandStr HKLM $MYTMP "UninstallString" '"$INSTDIR\gnupg-uninstall.exe"' WriteRegExpandStr HKLM $MYTMP "InstallLocation" "$INSTDIR" WriteRegStr HKLM $MYTMP "DisplayName" "${PRETTY_PACKAGE}" +!ifdef WITH_GUI WriteRegStr HKLM $MYTMP "DisplayIcon" "$INSTDIR\bin\gpa.exe,0" +!endif WriteRegStr HKLM $MYTMP "DisplayVersion" "${VERSION}" WriteRegStr HKLM $MYTMP "Publisher" "The GnuPG Project" WriteRegStr HKLM $MYTMP "URLInfoAbout" "https://gnupg.org" @@ -1259,6 +1310,7 @@ SectionEnd Section Uninstall +!ifdef WITH_GUI !ifdef HAVE_STARTMENU # Make sure that the context of the automatic variables has been set to # the "all users" shell folder. This guarantees that the menu gets written @@ -1296,14 +1348,14 @@ Section Uninstall no_quick_launch_uninstall: !endif - +!endif Delete "$INSTDIR\gnupg-uninstall.exe" RMDir "$INSTDIR" # Clean the registry. - DeleteRegValue HKLM "Software\GNU\GnuPG" "Install Directory" - DeleteRegKey /ifempty HKLM "Software\GNU\GnuPG" + DeleteRegValue HKLM "Software\GnuPG" "Install Directory" + DeleteRegKey /ifempty HKLM "Software\GnuPG" # Remove Windows Add/Remove Programs support. DeleteRegKey HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\GnuPG" SectionEnd commit 616633b7713081ecc39419494879947cc7f163d0 Author: Werner Koch Date: Sun Feb 1 15:27:32 2015 +0100 w32: Allow for Unicocde installation directory. * common/homedir.c (w32_rootdir): Use Unicode fucntion not only for WinCE. -- This uses the same code We used for WindowsCE. It has not been tested with a Unicode requiring installation directory. Signed-off-by: Werner Koch diff --git a/common/homedir.c b/common/homedir.c index 7939841..27141eb 100644 --- a/common/homedir.c +++ b/common/homedir.c @@ -74,7 +74,7 @@ static int w32_portable_app; #ifdef HAVE_W32_SYSTEM /* This flag is true if this process' binary has been installed under - bin and not in the root directory. */ + bin and not in the root directory as often used before GnuPG 2.1. */ static int w32_bin_is_bin; #endif /*HAVE_W32_SYSTEM*/ @@ -288,21 +288,15 @@ w32_rootdir (void) { char *p; int rc; + wchar_t wdir [MAX_PATH+5]; -#ifdef HAVE_W32CE_SYSTEM - { - wchar_t wdir [MAX_PATH+5]; - rc = GetModuleFileName (NULL, wdir, MAX_PATH); - if (rc && WideCharToMultiByte (CP_UTF8, 0, wdir, -1, dir, MAX_PATH-4, - NULL, NULL) < 0) - rc = 0; - } -#else - rc = GetModuleFileName (NULL, dir, MAX_PATH); -#endif + rc = GetModuleFileNameW (NULL, wdir, MAX_PATH); + if (rc && WideCharToMultiByte (CP_UTF8, 0, wdir, -1, dir, MAX_PATH-4, + NULL, NULL) < 0) + rc = 0; if (!rc) { - log_debug ("GetModuleFileName failed: %s\n", w32_strerror (0)); + log_debug ("GetModuleFileName failed: %s\n", w32_strerror (-1)); *dir = 0; } got_dir = 1; ----------------------------------------------------------------------- Summary of changes: AUTHORS | 4 +- README | 4 +- build-aux/speedo.mk | 53 ++++++++++++++++++------- build-aux/speedo/w32/inst.nsi | 92 +++++++++++++++++++++++++++++++++---------- common/argparse.c | 2 +- common/homedir.c | 20 ++++------ common/w32info-rc.h.in | 4 +- configure.ac | 2 +- doc/gnupg.texi | 2 +- 9 files changed, 127 insertions(+), 56 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 3 20:11:32 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 03 Feb 2015 20:11:32 +0100 Subject: [git] ADNS-g10 - branch, master, updated. adns-1.4-g10-5-4-gbaa4774 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "ADNS migrated to autotools/libtool". The branch, master has been updated via baa4774005963c8390cacb23db8f409a7f4fdd0e (commit) via d73cfb06052569a10cd2d7f1988800191759faa7 (commit) via d24a6598e08f009b3b1ea1df64e6d898895289d7 (commit) from ab74c339e9c71f93062ed98d46ffdebd2a1e0a59 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit baa4774005963c8390cacb23db8f409a7f4fdd0e Author: Werner Koch Date: Tue Feb 3 16:55:47 2015 +0100 Use copies of the source file in client and regress. * src/source.list: Remove. * src/Makefile.am (adnssources): Directly insert names. * client/Makefile.am (sources_from_src): New. ($(PROGRAMS)): Depend on sources_from_src. * regress/Makefile.am (sources_from_src): New. (sources_from_client): New. ($(sources_from_src)): Copy them. ($(sources_from_client)): Ditto. (CLEANFILES): New. -- The old hack does not work anmore with automake 1.14. Thus we use this ugly scheme. diff --git a/client/Makefile.am b/client/Makefile.am index 6a7e979..5179e0a 100644 --- a/client/Makefile.am +++ b/client/Makefile.am @@ -1,26 +1,25 @@ # Makefile.am - Makefile for client/ # Copyright (C) 2008 g10 Code GmbH -# +# # This file is part of adns, which is # Copyright (C) 1997-2000,2003,2006 Ian Jackson # Copyright (C) 1999-2000,2003,2006 Tony Finch # Copyright (C) 1991 Massachusetts Institute of Technology # (See the file INSTALL for full details.) -# +# # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. -# +# # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program; if not, see . -adnssrcdir = $(top_srcdir)/src bin_PROGRAMS = adnslogres adnsheloex adnshost if HAVE_TSEARCH @@ -29,13 +28,18 @@ endif noinst_PROGRAMS = fanftest adnstest -AM_CPPFLAGS = $(PLATFORMCPPFLAGS) -I$(adnssrcdir) +AM_CPPFLAGS = $(PLATFORMCPPFLAGS) -I$(top_srcdir)/src LDADD = ../src/libadns.la +BUILT_SOURCES = adns.h tvarith.h w32extra.c +CLEANFILES = adns.h tvarith.h w32extra.c + +sources_from_src = adns.h tvarith.h w32extra.c + commonsrc = client.h if HAVE_W32_SYSTEM -commonsrc += $(adnssrcdir)/w32extra.c +commonsrc += w32extra.c endif adnslogres_SOURCES = adnslogres.c $(commonsrc) @@ -51,8 +55,18 @@ fanftest_SOURCES = fanftest.c $(commonsrc) adnstest_SOURCES = adnstest.c $(commonsrc) +./adns.h : $(top_srcdir)/src/adns.h + cp $< $@ + +./tvarith.h : $(top_srcdir)/src/tvarith.h + cp $< $@ + +./w32extra.c : $(top_srcdir)/src/w32extra.c + cp $< $@ + + # Make sure that the library is build before we use it. This is -# important for make -j. Because some tools are based certain header files -# we better directly depend on them too. -$(PROGRAMS): ../src/libadns.la $(adnssrcdir)/adns.h $(adnssrcdir)/tvarith.h +# important for make -j. Because some tools are based on certain +# header files we also directly depend on them too. +$(PROGRAMS): ../src/libadns.la $(sources_from_src) diff --git a/regress/Makefile.am b/regress/Makefile.am index 1055969..7c1a5c5 100644 --- a/regress/Makefile.am +++ b/regress/Makefile.am @@ -1,17 +1,17 @@ # regress/Makefile.am - regression test Makefile # Copyright (C) 2008 g10 Code GmbH -# +# # This file is part of adns, which is # Copyright (C) 1997-2000,2003,2006 Ian Jackson # Copyright (C) 1999-2000,2003,2006 Tony Finch # Copyright (C) 1991 Massachusetts Institute of Technology # (See the file INSTALL for full details.) -# +# # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. -# +# # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the @@ -20,9 +20,6 @@ # You should have received a copy of the GNU General Public License # along with this program; if not, see . -adnssrcdir = $(top_srcdir)/src -adnsclientdir = $(top_srcdir)/client - clients = adnstest_record adnstest_playback clients += adnslogres_record adnslogres_playback clients += adnsheloex_record adnsheloex_playback @@ -32,16 +29,47 @@ if HAVE_TSEARCH clients += adnsresfilter_record adnsresfilter_playback endif -# Define adnssources (using $(adnssrcdir) does not work.) We need to -# build a static version of the library here so that we are able to -# redirect all system calls. On a ELF system it would be easier to -# use an LD_PRELOAD mechanism instead but that is not portable. Using -# sources from another directory is a bit problematic because the -# automatic depency tracky may get messed up if we have a name clash. -# Fixme: A better solution would be to build a harnessed version of -# the library in src and link the test programs with that harnessed -# library. -include $(top_srcdir)/src/source.list +# Using sources from another directory is problematic thus we copy the files. +sources_from_src = \ + adns.h \ + internal.h \ + dlist.h \ + tvarith.h \ + platform.h \ + types.c \ + event.c \ + query.c \ + reply.c \ + general.c \ + vbuf.c \ + setup.c \ + transmit.c \ + parse.c \ + poll.c \ + check.c + +sources_from_client = \ + client.h \ + adnstest.c \ + adnslogres.c \ + adnsheloex.c \ + adh-main.c \ + adh-opts.c \ + adh-query.c \ + adnshost.h \ + fanftest.c \ + adnsresfilter.c + +$(sources_from_src): + for file in $(sources_from_src); do \ + ln -sf $(top_srcdir)/src/$$file . ; \ + done + +$(sources_from_client): + for file in $(sources_from_client); do \ + ln -sf $(top_srcdir)/client/$$file . ; \ + done + # Define casefiles and initfiles. include $(srcdir)/casefiles.list @@ -53,7 +81,10 @@ harnesssrcs = hrecord.c.m4 hplayback.c.m4 hcommon.c.m4 \ harness.h.m4 hsyscalls.h.m4 hredirect.h.m4 BUILT_SOURCES = hrecord.c hplayback.c hcommon.c \ - harness.h hsyscalls.h hredirect.h + harness.h hsyscalls.h hredirect.h \ + $(sources_from_src) $(sources_from_client) + +CLEANFILES = $(sources_from_src) $(sources_from_client) DISTCLEANFILES = harness.h hsyscalls.h hredirect.h \ output-*.{err,out,leftover,report} @@ -69,44 +100,45 @@ TESTS = checkall SUFFIXES = .c.m4 .h.m4 -AM_CPPFLAGS = $(PLATFORMCPPFLAGS) -DADNS_REGRESS_TEST -I. -I$(adnssrcdir) +AM_CPPFLAGS = $(PLATFORMCPPFLAGS) -DADNS_REGRESS_TEST -I. -I$(top_srcdir)/src -LDADD = +LDADD = -recordsrc = hrecord.c hcommon.c $(adnssources) -playbacksrc = hplayback.c hcommon.c $(adnssources) +recordsrc = hrecord.c hcommon.c $(sources_from_src) +playbacksrc = hplayback.c hcommon.c $(sources_from_src) -adnstest_record_SOURCES = $(adnsclientdir)/adnstest.c $(recordsrc) -adnstest_playback_SOURCES = $(adnsclientdir)/adnstest.c $(playbacksrc) +adnstest_record_SOURCES = adnstest.c $(recordsrc) +adnstest_playback_SOURCES = adnstest.c $(playbacksrc) -adnslogres_record_SOURCES = $(adnsclientdir)/adnslogres.c $(recordsrc) -adnslogres_playback_SOURCES = $(adnsclientdir)/adnslogres.c $(playbacksrc) +adnslogres_record_SOURCES = adnslogres.c $(recordsrc) +adnslogres_playback_SOURCES = adnslogres.c $(playbacksrc) -adnsheloex_record_SOURCES = $(adnsclientdir)/adnsheloex.c $(recordsrc) -adnsheloex_playback_SOURCES = $(adnsclientdir)/adnsheloex.c $(playbacksrc) +adnsheloex_record_SOURCES = adnsheloex.c $(recordsrc) +adnsheloex_playback_SOURCES = adnsheloex.c $(playbacksrc) adnshost_commonsrc = \ - $(adnsclientdir)/adh-main.c \ - $(adnsclientdir)/adh-opts.c \ - $(adnsclientdir)/adh-query.c \ - $(adnsclientdir)/adnshost.h + adh-main.c \ + adh-opts.c \ + adh-query.c \ + adnshost.h adnshost_record_SOURCES = $(adnshost_commonsrc) $(recordsrc) adnshost_playback_SOURCES = $(adnshost_commonsrc) $(playbacksrc) -fanftest_record_SOURCES = $(adnsclientdir)/fanftest.c $(recordsrc) -fanftest_playback_SOURCES = $(adnsclientdir)/fanftest.c $(playbacksrc) +fanftest_record_SOURCES = fanftest.c $(recordsrc) +fanftest_playback_SOURCES = fanftest.c $(playbacksrc) -adnsresfilter_record_SOURCES = $(adnsclientdir)/adnsresfilter.c $(recordsrc) -adnsresfilter_playback_SOURCES = $(adnsclientdir)/adnsresfilter.c $(playbacksrc) +adnsresfilter_record_SOURCES = adnsresfilter.c $(recordsrc) +adnsresfilter_playback_SOURCES = adnsresfilter.c $(playbacksrc) $(harnesssrcs): hmacros.i4 hsyscalls.i4 -.c.m4.c: +.c.m4.c: include $(srcdir)/m4-to-c.rule -.h.m4.h: +.h.m4.h: include $(srcdir)/m4-to-c.rule +$(clients): $(sources_from_src) $(sources_from_client) diff --git a/src/Makefile.am b/src/Makefile.am index dcdebb4..66da383 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -22,9 +22,6 @@ ## Process this file with automake to produce Makefile.in -# Thsi directory. It is used by the include file. -adnssrcdir = $(top_srcdir)/src - EXTRA_DIST = adns-config.in libadns.vers libadns.def versioninfo.rc.in \ w32support.c w32extra.c w32inet.c bin_SCRIPTS = adns-config @@ -81,9 +78,24 @@ libadns_la_LDFLAGS = $(no_undefined) $(export_symbols) $(extra_ltoptions) \ libadns_la_DEPENDENCIES = $(srcdir)/libadns.vers $(adns_deps) libadns_la_LIBADD = @LTLIBOBJS@ $(NETLIBS) -# Because we need the list of source files also in ../regress, we put -# them into a separate file. -include $(srcdir)/source.list +# NOTE: The list of these files is also used in ../regress. +adnssources = \ + adns.h \ + internal.h \ + dlist.h \ + tvarith.h \ + platform.h \ + types.c \ + event.c \ + query.c \ + reply.c \ + general.c \ + vbuf.c \ + setup.c \ + transmit.c \ + parse.c \ + poll.c \ + check.c libadns_la_SOURCES = $(adnssources) $(w32src) diff --git a/src/source.list b/src/source.list deleted file mode 100644 index 33553fe..0000000 --- a/src/source.list +++ /dev/null @@ -1,19 +0,0 @@ -# List of source files for the adns library. -# To be included by automake. -adnssources = \ - $(adnssrcdir)/adns.h \ - $(adnssrcdir)/internal.h \ - $(adnssrcdir)/dlist.h \ - $(adnssrcdir)/tvarith.h \ - $(adnssrcdir)/platform.h \ - $(adnssrcdir)/types.c \ - $(adnssrcdir)/event.c \ - $(adnssrcdir)/query.c \ - $(adnssrcdir)/reply.c \ - $(adnssrcdir)/general.c \ - $(adnssrcdir)/vbuf.c \ - $(adnssrcdir)/setup.c \ - $(adnssrcdir)/transmit.c \ - $(adnssrcdir)/parse.c \ - $(adnssrcdir)/poll.c \ - $(adnssrcdir)/check.c commit d73cfb06052569a10cd2d7f1988800191759faa7 Author: Werner Koch Date: Tue Feb 3 15:33:28 2015 +0100 w32: Use -static-libgcc to avoid linking to libgcc_s_sjlj-1.dll. * src/Makefile.am (extra_ltoptions): New. (libadns_la_LDFLAGS): Use it. -- Since gcc 4.8 there is a regression in that plain C programs may link to libgcc_s.a which has a dependency on libgcc_s_sjlj.dll. This is for example triggered by using long long arithmetic on a 32 bit Windows (e.g symbol __udivdi3). diff --git a/src/Makefile.am b/src/Makefile.am index 1c6169c..dcdebb4 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -52,6 +52,7 @@ adns_res = versioninfo.lo adns_res_ldflag = -Wl,.libs/versioninfo.o no_undefined = -no-undefined export_symbols = -export-symbols $(srcdir)/libadns.def +extra_ltoptions = -XCClinker -static-libgcc adns_deps = $(ksba_res) libadns.def w32src = w32support.c w32extra.c w32inet.c @@ -66,6 +67,7 @@ adns_res = adns_ldflag = no_undefined = export_symbols = +extra_ltoptions = adns_deps = w32src = install-def-file: @@ -73,7 +75,7 @@ uninstall-def-file: endif !HAVE_W32_SYSTEM -libadns_la_LDFLAGS = $(no_undefined) $(export_symbols) \ +libadns_la_LDFLAGS = $(no_undefined) $(export_symbols) $(extra_ltoptions) \ $(adns_version_script_cmd) -version-info \ @ADNS_LT_CURRENT@:@ADNS_LT_REVISION@:@ADNS_LT_AGE@ libadns_la_DEPENDENCIES = $(srcdir)/libadns.vers $(adns_deps) commit d24a6598e08f009b3b1ea1df64e6d898895289d7 Author: Werner Koch Date: Tue Feb 3 15:32:23 2015 +0100 Require the use of automake 1.14 and update build-aux file. diff --git a/config.guess b/config.guess index 9afd676..dbfb978 100755 --- a/config.guess +++ b/config.guess @@ -1,8 +1,8 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright 1992-2013 Free Software Foundation, Inc. +# Copyright 1992-2015 Free Software Foundation, Inc. -timestamp='2013-11-29' +timestamp='2015-01-01' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -24,12 +24,12 @@ timestamp='2013-11-29' # program. This Exception is an additional permission under section 7 # of the GNU General Public License, version 3 ("GPLv3"). # -# Originally written by Per Bothner. +# Originally written by Per Bothner; maintained since 2000 by Ben Elliston. # # You can get the latest version of this script from: # http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD # -# Please send patches with a ChangeLog entry to config-patches at gnu.org. +# Please send patches to . me=`echo "$0" | sed -e 's,.*/,,'` @@ -50,7 +50,7 @@ version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright 1992-2013 Free Software Foundation, Inc. +Copyright 1992-2015 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -149,7 +149,7 @@ Linux|GNU|GNU/*) LIBC=gnu #endif EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC' | sed 's, ,,g'` ;; esac @@ -579,8 +579,9 @@ EOF else IBM_ARCH=powerpc fi - if [ -x /usr/bin/oslevel ] ; then - IBM_REV=`/usr/bin/oslevel` + if [ -x /usr/bin/lslpp ] ; then + IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | + awk -F: '{ print $3 }' | sed s/[0-9]*$/0/` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi @@ -826,7 +827,7 @@ EOF *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; - i*:MSYS*:*) + *:MSYS*:*) echo ${UNAME_MACHINE}-pc-msys exit ;; i*:windows32*:*) @@ -969,10 +970,10 @@ EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } ;; - or1k:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + openrisc*:Linux:*:*) + echo or1k-unknown-linux-${LIBC} exit ;; - or32:Linux:*:*) + or32:Linux:*:* | or1k*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; padre:Linux:*:*) @@ -1371,154 +1372,6 @@ EOF exit ;; esac -eval $set_cc_for_build -cat >$dummy.c < -# include -#endif -main () -{ -#if defined (sony) -#if defined (MIPSEB) - /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, - I don't know.... */ - printf ("mips-sony-bsd\n"); exit (0); -#else -#include - printf ("m68k-sony-newsos%s\n", -#ifdef NEWSOS4 - "4" -#else - "" -#endif - ); exit (0); -#endif -#endif - -#if defined (__arm) && defined (__acorn) && defined (__unix) - printf ("arm-acorn-riscix\n"); exit (0); -#endif - -#if defined (hp300) && !defined (hpux) - printf ("m68k-hp-bsd\n"); exit (0); -#endif - -#if defined (NeXT) -#if !defined (__ARCHITECTURE__) -#define __ARCHITECTURE__ "m68k" -#endif - int version; - version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; - if (version < 4) - printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); - else - printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); - exit (0); -#endif - -#if defined (MULTIMAX) || defined (n16) -#if defined (UMAXV) - printf ("ns32k-encore-sysv\n"); exit (0); -#else -#if defined (CMU) - printf ("ns32k-encore-mach\n"); exit (0); -#else - printf ("ns32k-encore-bsd\n"); exit (0); -#endif -#endif -#endif - -#if defined (__386BSD__) - printf ("i386-pc-bsd\n"); exit (0); -#endif - -#if defined (sequent) -#if defined (i386) - printf ("i386-sequent-dynix\n"); exit (0); -#endif -#if defined (ns32000) - printf ("ns32k-sequent-dynix\n"); exit (0); -#endif -#endif - -#if defined (_SEQUENT_) - struct utsname un; - - uname(&un); - - if (strncmp(un.version, "V2", 2) == 0) { - printf ("i386-sequent-ptx2\n"); exit (0); - } - if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ - printf ("i386-sequent-ptx1\n"); exit (0); - } - printf ("i386-sequent-ptx\n"); exit (0); - -#endif - -#if defined (vax) -# if !defined (ultrix) -# include -# if defined (BSD) -# if BSD == 43 - printf ("vax-dec-bsd4.3\n"); exit (0); -# else -# if BSD == 199006 - printf ("vax-dec-bsd4.3reno\n"); exit (0); -# else - printf ("vax-dec-bsd\n"); exit (0); -# endif -# endif -# else - printf ("vax-dec-bsd\n"); exit (0); -# endif -# else - printf ("vax-dec-ultrix\n"); exit (0); -# endif -#endif - -#if defined (alliant) && defined (i860) - printf ("i860-alliant-bsd\n"); exit (0); -#endif - - exit (1); -} -EOF - -$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && - { echo "$SYSTEM_NAME"; exit; } - -# Apollos put the system type in the environment. - -test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } - -# Convex versions that predate uname can use getsysinfo(1) - -if [ -x /usr/convex/getsysinfo ] -then - case `getsysinfo -f cpu_type` in - c1*) - echo c1-convex-bsd - exit ;; - c2*) - if getsysinfo -f scalar_acc - then echo c32-convex-bsd - else echo c2-convex-bsd - fi - exit ;; - c34*) - echo c34-convex-bsd - exit ;; - c38*) - echo c38-convex-bsd - exit ;; - c4*) - echo c4-convex-bsd - exit ;; - esac -fi - cat >&2 <. # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. @@ -68,7 +68,7 @@ Report bugs and patches to ." version="\ GNU config.sub ($timestamp) -Copyright 1992-2013 Free Software Foundation, Inc. +Copyright 1992-2015 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -260,7 +260,7 @@ case $basic_machine in | c4x | c8051 | clipper \ | d10v | d30v | dlx | dsp16xx \ | epiphany \ - | fido | fr30 | frv \ + | fido | fr30 | frv | ft32 \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | hexagon \ | i370 | i860 | i960 | ia64 \ @@ -283,8 +283,10 @@ case $basic_machine in | mips64vr5900 | mips64vr5900el \ | mipsisa32 | mipsisa32el \ | mipsisa32r2 | mipsisa32r2el \ + | mipsisa32r6 | mipsisa32r6el \ | mipsisa64 | mipsisa64el \ | mipsisa64r2 | mipsisa64r2el \ + | mipsisa64r6 | mipsisa64r6el \ | mipsisa64sb1 | mipsisa64sb1el \ | mipsisa64sr71k | mipsisa64sr71kel \ | mipsr5900 | mipsr5900el \ @@ -296,11 +298,11 @@ case $basic_machine in | nds32 | nds32le | nds32be \ | nios | nios2 | nios2eb | nios2el \ | ns16k | ns32k \ - | open8 \ - | or1k | or32 \ + | open8 | or1k | or1knd | or32 \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle \ | pyramid \ + | riscv32 | riscv64 \ | rl78 | rx \ | score \ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ @@ -311,6 +313,7 @@ case $basic_machine in | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ | ubicom32 \ | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ + | visium \ | we32k \ | x86 | xc16x | xstormy16 | xtensa \ | z8k | z80) @@ -325,6 +328,9 @@ case $basic_machine in c6x) basic_machine=tic6x-unknown ;; + leon|leon[3-9]) + basic_machine=sparc-$basic_machine + ;; m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip) basic_machine=$basic_machine-unknown os=-none @@ -402,8 +408,10 @@ case $basic_machine in | mips64vr5900-* | mips64vr5900el-* \ | mipsisa32-* | mipsisa32el-* \ | mipsisa32r2-* | mipsisa32r2el-* \ + | mipsisa32r6-* | mipsisa32r6el-* \ | mipsisa64-* | mipsisa64el-* \ | mipsisa64r2-* | mipsisa64r2el-* \ + | mipsisa64r6-* | mipsisa64r6el-* \ | mipsisa64sb1-* | mipsisa64sb1el-* \ | mipsisa64sr71k-* | mipsisa64sr71kel-* \ | mipsr5900-* | mipsr5900el-* \ @@ -415,6 +423,7 @@ case $basic_machine in | nios-* | nios2-* | nios2eb-* | nios2el-* \ | none-* | np1-* | ns16k-* | ns32k-* \ | open8-* \ + | or1k*-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ @@ -432,6 +441,7 @@ case $basic_machine in | ubicom32-* \ | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ | vax-* \ + | visium-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* \ | xstormy16-* | xtensa*-* \ @@ -769,6 +779,9 @@ case $basic_machine in basic_machine=m68k-isi os=-sysv ;; + leon-*|leon[3-9]-*) + basic_machine=sparc-`echo $basic_machine | sed 's/-.*//'` + ;; m68knommu) basic_machine=m68k-unknown os=-linux @@ -824,6 +837,10 @@ case $basic_machine in basic_machine=powerpc-unknown os=-morphos ;; + moxiebox) + basic_machine=moxie-unknown + os=-moxiebox + ;; msdos) basic_machine=i386-pc os=-msdos @@ -1369,14 +1386,14 @@ case $os in | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ | -linux-newlib* | -linux-musl* | -linux-uclibc* \ - | -uxpv* | -beos* | -mpeix* | -udk* \ + | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) + | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* | -tirtos*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1594,9 +1611,6 @@ case $basic_machine in mips*-*) os=-elf ;; - or1k-*) - os=-elf - ;; or32-*) os=-coff ;; diff --git a/configure.ac b/configure.ac index d943f80..aff9ec1 100644 --- a/configure.ac +++ b/configure.ac @@ -22,7 +22,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.61) -min_automake_version="1.10" +min_automake_version="1.14" # To build a release you need to create a tag with the version number # (git tag -s gnupg-2.n.m) and run "./autogen.sh --force". Please @@ -61,7 +61,7 @@ ADNS_CONFIG_API_VERSION=1 AC_CONFIG_SRCDIR([src/adns.h]) -AM_INIT_AUTOMAKE([dist-bzip2 no-dist-gzip]) +AM_INIT_AUTOMAKE([serial-tests dist-bzip2 no-dist-gzip]) AM_MAINTAINER_MODE AM_CONFIG_HEADER(src/config.h) AC_CONFIG_MACRO_DIR([m4]) diff --git a/depcomp b/depcomp index 91d4bf8..4ebd5b3 100755 --- a/depcomp +++ b/depcomp @@ -1,7 +1,7 @@ #! /bin/sh # depcomp - compile a program generating dependencies as side-effects -scriptversion=2012-10-18.11; # UTC +scriptversion=2013-05-30.07; # UTC # Copyright (C) 1999-2013 Free Software Foundation, Inc. @@ -251,6 +251,41 @@ hp) exit 1 ;; +sgi) + if test "$libtool" = yes; then + "$@" "-Wp,-MDupdate,$tmpdepfile" + else + "$@" -MDupdate "$tmpdepfile" + fi + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + + if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files + echo "$object : \\" > "$depfile" + # Clip off the initial element (the dependent). Don't try to be + # clever and replace this with sed code, as IRIX sed won't handle + # lines with more than a fixed number of characters (4096 in + # IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines; + # the IRIX cc adds comments like '#:fec' to the end of the + # dependency line. + tr ' ' "$nl" < "$tmpdepfile" \ + | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' \ + | tr "$nl" ' ' >> "$depfile" + echo >> "$depfile" + # The second pass generates a dummy entry for each header file. + tr ' ' "$nl" < "$tmpdepfile" \ + | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \ + >> "$depfile" + else + make_dummy_depfile + fi + rm -f "$tmpdepfile" + ;; + xlc) # This case exists only to let depend.m4 do its work. It works by # looking at the text of this script. This case will never be run, @@ -517,6 +552,7 @@ $ { G p }' >> "$depfile" + echo >> "$depfile" # make sure the fragment doesn't end with a backslash rm -f "$tmpdepfile" ;; diff --git a/mdate-sh b/mdate-sh index cd916c0..b3719cf 100755 --- a/mdate-sh +++ b/mdate-sh @@ -1,10 +1,9 @@ #!/bin/sh # Get modification time of a file or directory and pretty-print it. -scriptversion=2005-06-29.22 +scriptversion=2010-08-21.06; # UTC -# Copyright (C) 1995, 1996, 1997, 2003, 2004, 2005 Free Software -# Foundation, Inc. +# Copyright (C) 1995-2013 Free Software Foundation, Inc. # written by Ulrich Drepper , June 1995 # # This program is free software; you can redistribute it and/or modify @@ -18,8 +17,7 @@ scriptversion=2005-06-29.22 # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software Foundation, -# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -30,16 +28,26 @@ scriptversion=2005-06-29.22 # bugs to or send patches to # . +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +fi + case $1 in '') - echo "$0: No file. Try \`$0 --help' for more information." 1>&2 + echo "$0: No file. Try '$0 --help' for more information." 1>&2 exit 1; ;; -h | --h*) cat <<\EOF Usage: mdate-sh [--help] [--version] FILE -Pretty-print the modification time of FILE. +Pretty-print the modification day of FILE, in the format: +1 January 1970 Report bugs to . EOF @@ -51,6 +59,13 @@ EOF ;; esac +error () +{ + echo "$0: $1" >&2 + exit 1 +} + + # Prevent date giving response in another language. LANG=C export LANG @@ -60,7 +75,7 @@ LC_TIME=C export LC_TIME # GNU ls changes its time format in response to the TIME_STYLE -# variable. Since we cannot assume `unset' works, revert this +# variable. Since we cannot assume 'unset' works, revert this # variable to its documented default. if test "${TIME_STYLE+set}" = set; then TIME_STYLE=posix-long-iso @@ -75,27 +90,32 @@ if ls -L /dev/null 1>/dev/null 2>&1; then else ls_command='ls -l -d' fi +# Avoid user/group names that might have spaces, when possible. +if ls -n /dev/null 1>/dev/null 2>&1; then + ls_command="$ls_command -n" +fi -# A `ls -l' line looks as follows on OS/2. +# A 'ls -l' line looks as follows on OS/2. # drwxrwx--- 0 Aug 11 2001 foo # This differs from Unix, which adds ownership information. # drwxrwx--- 2 root root 4096 Aug 11 2001 foo # # To find the date, we split the line on spaces and iterate on words # until we find a month. This cannot work with files whose owner is a -# user named `Jan', or `Feb', etc. However, it's unlikely that `/' +# user named "Jan", or "Feb", etc. However, it's unlikely that '/' # will be owned by a user whose name is a month. So we first look at # the extended ls output of the root directory to decide how many # words should be skipped to get the date. # On HPUX /bin/sh, "set" interprets "-rw-r--r--" as options, so the "x" below. -set x`ls -l -d /` +set x`$ls_command /` # Find which argument is the month. month= command= until test $month do + test $# -gt 0 || error "failed parsing '$ls_command /' output" shift # Add another shift to the command. command="$command shift;" @@ -115,8 +135,10 @@ do esac done +test -n "$month" || error "failed parsing '$ls_command /' output" + # Get the extended ls output of the file or directory. -set dummy x`eval "$ls_command \"\$save_arg1\""` +set dummy x`eval "$ls_command \"\\\$save_arg1\""` # Remove all preceding arguments eval $command @@ -197,5 +219,6 @@ echo $day $month $year # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-end: "$" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" # End: diff --git a/missing b/missing index 894e786..db98974 100755 --- a/missing +++ b/missing @@ -1,11 +1,10 @@ #! /bin/sh -# Common stub for a few missing GNU programs while installing. +# Common wrapper for a few potentially missing GNU programs. -scriptversion=2005-06-08.21 +scriptversion=2013-10-28.13; # UTC -# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005 -# Free Software Foundation, Inc. -# Originally by Fran,cois Pinard , 1996. +# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Originally written by Fran,cois Pinard , 1996. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -18,9 +17,7 @@ scriptversion=2005-06-08.21 # GNU General Public License for more details. # You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -# 02110-1301, USA. +# along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -28,63 +25,40 @@ scriptversion=2005-06-08.21 # the same distribution terms that you use for the rest of that program. if test $# -eq 0; then - echo 1>&2 "Try \`$0 --help' for more information" + echo 1>&2 "Try '$0 --help' for more information" exit 1 fi -run=: +case $1 in -# In the cases where this matters, `missing' is being run in the -# srcdir already. -if test -f configure.ac; then - configure_ac=configure.ac -else - configure_ac=configure.in -fi - -msg="missing on your system" + --is-lightweight) + # Used by our autoconf macros to check whether the available missing + # script is modern enough. + exit 0 + ;; -case "$1" in ---run) - # Try to run requested program, and just exit if it succeeds. - run= - shift - "$@" && exit 0 - # Exit code 63 means version mismatch. This often happens - # when the user try to use an ancient version of a tool on - # a file that requires a minimum version. In this case we - # we should proceed has if the program had been absent, or - # if --run hadn't been passed. - if test $? = 63; then - run=: - msg="probably too old" - fi - ;; + --run) + # Back-compat with the calling convention used by older automake. + shift + ;; -h|--h|--he|--hel|--help) echo "\ $0 [OPTION]... PROGRAM [ARGUMENT]... -Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an -error status if there is no known handling for PROGRAM. +Run 'PROGRAM [ARGUMENT]...', returning a proper advice when this fails due +to PROGRAM being missing or too old. Options: -h, --help display this help and exit -v, --version output version information and exit - --run try to run the given command, and emulate it if it fails Supported PROGRAM values: - aclocal touch file \`aclocal.m4' - autoconf touch file \`configure' - autoheader touch file \`config.h.in' - automake touch all \`Makefile.in' files - bison create \`y.tab.[ch]', if possible, from existing .[ch] - flex create \`lex.yy.c', if possible, from existing .c - help2man touch the output file - lex create \`lex.yy.c', if possible, from existing .c - makeinfo touch the output file - tar try tar, gnutar, gtar, then tar without non-portable flags - yacc create \`y.tab.[ch]', if possible, from existing .[ch] + aclocal autoconf autoheader autom4te automake makeinfo + bison yacc flex lex help2man + +Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and +'g' are ignored when checking the name. Send bug reports to ." exit $? @@ -96,265 +70,146 @@ Send bug reports to ." ;; -*) - echo 1>&2 "$0: Unknown \`$1' option" - echo 1>&2 "Try \`$0 --help' for more information" + echo 1>&2 "$0: unknown '$1' option" + echo 1>&2 "Try '$0 --help' for more information" exit 1 ;; esac -# Now exit if we have it, but it failed. Also exit now if we -# don't have it and --version was passed (most likely to detect -# the program). -case "$1" in - lex|yacc) - # Not GNU programs, they don't have --version. - ;; - - tar) - if test -n "$run"; then - echo 1>&2 "ERROR: \`tar' requires --run" - exit 1 - elif test "x$2" = "x--version" || test "x$2" = "x--help"; then - exit 1 - fi - ;; - - *) - if test -z "$run" && ($1 --version) > /dev/null 2>&1; then - # We have it, but it failed. - exit 1 - elif test "x$2" = "x--version" || test "x$2" = "x--help"; then - # Could not run --version or --help. This is probably someone - # running `$TOOL --version' or `$TOOL --help' to check whether - # $TOOL exists and not knowing $TOOL uses missing. - exit 1 - fi - ;; -esac - -# If it does not exist, or fails to run (possibly an outdated version), -# try to emulate it. -case "$1" in - aclocal*) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified \`acinclude.m4' or \`${configure_ac}'. You might want - to install the \`Automake' and \`Perl' packages. Grab them from - any GNU archive site." - touch aclocal.m4 - ;; - - autoconf) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified \`${configure_ac}'. You might want to install the - \`Autoconf' and \`GNU m4' packages. Grab them from any GNU - archive site." - touch configure - ;; - - autoheader) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified \`acconfig.h' or \`${configure_ac}'. You might want - to install the \`Autoconf' and \`GNU m4' packages. Grab them - from any GNU archive site." - files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}` - test -z "$files" && files="config.h" - touch_files= - for f in $files; do - case "$f" in - *:*) touch_files="$touch_files "`echo "$f" | - sed -e 's/^[^:]*://' -e 's/:.*//'`;; - *) touch_files="$touch_files $f.in";; - esac - done - touch $touch_files - ;; - - automake*) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'. - You might want to install the \`Automake' and \`Perl' packages. - Grab them from any GNU archive site." - find . -type f -name Makefile.am -print | - sed 's/\.am$/.in/' | - while read f; do touch "$f"; done - ;; - - autom4te) - echo 1>&2 "\ -WARNING: \`$1' is needed, but is $msg. - You might have modified some files without having the - proper tools for further handling them. - You can get \`$1' as part of \`Autoconf' from any GNU - archive site." - - file=`echo "$*" | sed -n 's/.*--output[ =]*\([^ ]*\).*/\1/p'` - test -z "$file" && file=`echo "$*" | sed -n 's/.*-o[ ]*\([^ ]*\).*/\1/p'` - if test -f "$file"; then - touch $file - else - test -z "$file" || exec >$file - echo "#! /bin/sh" - echo "# Created by GNU Automake missing as a replacement of" - echo "# $ $@" - echo "exit 0" - chmod +x $file - exit 1 - fi - ;; - - bison|yacc) - echo 1>&2 "\ -WARNING: \`$1' $msg. You should only need it if - you modified a \`.y' file. You may need the \`Bison' package - in order for those modifications to take effect. You can get - \`Bison' from any GNU archive site." - rm -f y.tab.c y.tab.h - if [ $# -ne 1 ]; then - eval LASTARG="\${$#}" - case "$LASTARG" in - *.y) - SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'` - if [ -f "$SRCFILE" ]; then - cp "$SRCFILE" y.tab.c - fi - SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'` - if [ -f "$SRCFILE" ]; then - cp "$SRCFILE" y.tab.h - fi - ;; - esac - fi - if [ ! -f y.tab.h ]; then - echo >y.tab.h - fi - if [ ! -f y.tab.c ]; then - echo 'main() { return 0; }' >y.tab.c - fi - ;; - - lex|flex) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified a \`.l' file. You may need the \`Flex' package - in order for those modifications to take effect. You can get - \`Flex' from any GNU archive site." - rm -f lex.yy.c - if [ $# -ne 1 ]; then - eval LASTARG="\${$#}" - case "$LASTARG" in - *.l) - SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'` - if [ -f "$SRCFILE" ]; then - cp "$SRCFILE" lex.yy.c - fi - ;; - esac - fi - if [ ! -f lex.yy.c ]; then - echo 'main() { return 0; }' >lex.yy.c - fi - ;; - - help2man) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified a dependency of a manual page. You may need the - \`Help2man' package in order for those modifications to take - effect. You can get \`Help2man' from any GNU archive site." - - file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'` - if test -z "$file"; then - file=`echo "$*" | sed -n 's/.*--output=\([^ ]*\).*/\1/p'` - fi - if [ -f "$file" ]; then - touch $file - else - test -z "$file" || exec >$file - echo ".ab help2man is required to generate this page" - exit 1 - fi - ;; - - makeinfo) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified a \`.texi' or \`.texinfo' file, or any other file - indirectly affecting the aspect of the manual. The spurious - call might also be the consequence of using a buggy \`make' (AIX, - DU, IRIX). You might want to install the \`Texinfo' package or - the \`GNU make' package. Grab either from any GNU archive site." - # The file to touch is that specified with -o ... - file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'` - if test -z "$file"; then - # ... or it is the one specified with @setfilename ... - infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'` - file=`sed -n '/^@setfilename/ { s/.* \([^ ]*\) *$/\1/; p; q; }' $infile` - # ... or it is derived from the source name (dir/f.texi becomes f.info) - test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info - fi - # If the file does not exist, the user really needs makeinfo; - # let's fail without touching anything. - test -f $file || exit 1 - touch $file - ;; - - tar) - shift - - # We have already tried tar in the generic part. - # Look for gnutar/gtar before invocation to avoid ugly error - # messages. - if (gnutar --version > /dev/null 2>&1); then - gnutar "$@" && exit 0 - fi - if (gtar --version > /dev/null 2>&1); then - gtar "$@" && exit 0 - fi - firstarg="$1" - if shift; then - case "$firstarg" in - *o*) - firstarg=`echo "$firstarg" | sed s/o//` - tar "$firstarg" "$@" && exit 0 - ;; - esac - case "$firstarg" in - *h*) - firstarg=`echo "$firstarg" | sed s/h//` - tar "$firstarg" "$@" && exit 0 - ;; - esac - fi - - echo 1>&2 "\ -WARNING: I can't seem to be able to run \`tar' with the given arguments. - You may want to install GNU tar or Free paxutils, or check the - command line arguments." - exit 1 - ;; - - *) - echo 1>&2 "\ -WARNING: \`$1' is needed, and is $msg. - You might have modified some files without having the - proper tools for further handling them. Check the \`README' file, - it often tells you about the needed prerequisites for installing - this package. You may also peek at any GNU archive site, in case - some other package would contain this missing \`$1' program." - exit 1 - ;; -esac +# Run the given program, remember its exit status. +"$@"; st=$? + +# If it succeeded, we are done. +test $st -eq 0 && exit 0 + +# Also exit now if we it failed (or wasn't found), and '--version' was +# passed; such an option is passed most likely to detect whether the +# program is present and works. +case $2 in --version|--help) exit $st;; esac + +# Exit code 63 means version mismatch. This often happens when the user +# tries to use an ancient version of a tool on a file that requires a +# minimum version. +if test $st -eq 63; then + msg="probably too old" +elif test $st -eq 127; then + # Program was missing. + msg="missing on your system" +else + # Program was found and executed, but failed. Give up. + exit $st +fi -exit 0 +perl_URL=http://www.perl.org/ +flex_URL=http://flex.sourceforge.net/ +gnu_software_URL=http://www.gnu.org/software + +program_details () +{ + case $1 in + aclocal|automake) + echo "The '$1' program is part of the GNU Automake package:" + echo "<$gnu_software_URL/automake>" + echo "It also requires GNU Autoconf, GNU m4 and Perl in order to run:" + echo "<$gnu_software_URL/autoconf>" + echo "<$gnu_software_URL/m4/>" + echo "<$perl_URL>" + ;; + autoconf|autom4te|autoheader) + echo "The '$1' program is part of the GNU Autoconf package:" + echo "<$gnu_software_URL/autoconf/>" + echo "It also requires GNU m4 and Perl in order to run:" + echo "<$gnu_software_URL/m4/>" + echo "<$perl_URL>" + ;; + esac +} + +give_advice () +{ + # Normalize program name to check for. + normalized_program=`echo "$1" | sed ' + s/^gnu-//; t + s/^gnu//; t + s/^g//; t'` + + printf '%s\n' "'$1' is $msg." + + configure_deps="'configure.ac' or m4 files included by 'configure.ac'" + case $normalized_program in + autoconf*) + echo "You should only need it if you modified 'configure.ac'," + echo "or m4 files included by it." + program_details 'autoconf' + ;; + autoheader*) + echo "You should only need it if you modified 'acconfig.h' or" + echo "$configure_deps." + program_details 'autoheader' + ;; + automake*) + echo "You should only need it if you modified 'Makefile.am' or" + echo "$configure_deps." + program_details 'automake' + ;; + aclocal*) + echo "You should only need it if you modified 'acinclude.m4' or" + echo "$configure_deps." + program_details 'aclocal' + ;; + autom4te*) + echo "You might have modified some maintainer files that require" + echo "the 'autom4te' program to be rebuilt." + program_details 'autom4te' + ;; + bison*|yacc*) + echo "You should only need it if you modified a '.y' file." + echo "You may want to install the GNU Bison package:" + echo "<$gnu_software_URL/bison/>" + ;; + lex*|flex*) + echo "You should only need it if you modified a '.l' file." + echo "You may want to install the Fast Lexical Analyzer package:" + echo "<$flex_URL>" + ;; + help2man*) + echo "You should only need it if you modified a dependency" \ + "of a man page." + echo "You may want to install the GNU Help2man package:" + echo "<$gnu_software_URL/help2man/>" + ;; + makeinfo*) + echo "You should only need it if you modified a '.texi' file, or" + echo "any other file indirectly affecting the aspect of the manual." + echo "You might want to install the Texinfo package:" + echo "<$gnu_software_URL/texinfo/>" + echo "The spurious makeinfo call might also be the consequence of" + echo "using a buggy 'make' (AIX, DU, IRIX), in which case you might" + echo "want to install GNU make:" + echo "<$gnu_software_URL/make/>" + ;; + *) + echo "You might have modified some files without having the proper" + echo "tools for further handling them. Check the 'README' file, it" + echo "often tells you about the needed prerequisites for installing" + echo "this package. You may also peek at any GNU archive site, in" + echo "case some other package contains this missing '$1' program." + ;; + esac +} + +give_advice "$1" | sed -e '1s/^/WARNING: /' \ + -e '2,$s/^/ /' >&2 + +# Propagate the correct exit status (expected to be 127 for a program +# not found, 63 for a program that failed due to version mismatch). +exit $st # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-end: "$" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" # End: ----------------------------------------------------------------------- Summary of changes: client/Makefile.am | 34 ++-- config.guess | 173 ++------------------ config.sub | 38 +++-- configure.ac | 4 +- depcomp | 38 ++++- mdate-sh | 49 ++++-- missing | 453 ++++++++++++++++++---------------------------------- regress/Makefile.am | 106 +++++++----- src/Makefile.am | 28 +++- src/source.list | 19 --- 10 files changed, 382 insertions(+), 560 deletions(-) delete mode 100644 src/source.list hooks/post-receive -- ADNS migrated to autotools/libtool http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 4 10:31:09 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 04 Feb 2015 10:31:09 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.1-62-g0de5c6a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 0de5c6a9a783ed9dc69cecbf34eadcaace4be243 (commit) via 05428d12561bc7eb872a81444918dfe706477a41 (commit) from 3f67426a89bf4b37e1d2662fddc3eb4fa474c4ad (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0de5c6a9a783ed9dc69cecbf34eadcaace4be243 Author: Werner Koch Date: Wed Feb 4 10:09:28 2015 +0100 gpg-agent: Use "pinentry-basic" as fallback. * common/homedir.c (get_default_pinentry_name): New. (gnupg_module_name): Use that for the default pinentry. (gnupg_module_name_flush_some): New. * agent/gpg-agent.c (agent_sighup_action): Flush some module names. * agent/call-pinentry.c (start_pinentry): Do not modify opt.pinentry_program. -- The idea with this change is that under Windows we can install a simple native Windows pinentry as "pinentry-basic" and a full GUI version may then later install pinentry-gtk etc which would then automatically be used. Unfortunately installing another pinentry from a different package would clobber the GnuPG core directory which is not nice. To fix that we would need to agree on standard installation directories for GUIs to also look there. Signed-off-by: Werner Koch diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index e5977ad..a96406f 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -205,6 +205,7 @@ static int start_pinentry (ctrl_t ctrl) { int rc = 0; + const char *full_pgmname; const char *pgmname; assuan_context_t ctx; const char *argv[5]; @@ -257,11 +258,11 @@ start_pinentry (ctrl_t ctrl) #endif } - if (!opt.pinentry_program || !*opt.pinentry_program) - opt.pinentry_program = gnupg_module_name (GNUPG_MODULE_NAME_PINENTRY); - pgmname = opt.pinentry_program; - if ( !(pgmname = strrchr (opt.pinentry_program, '/'))) - pgmname = opt.pinentry_program; + full_pgmname = opt.pinentry_program; + if (!full_pgmname || !*full_pgmname) + full_pgmname = gnupg_module_name (GNUPG_MODULE_NAME_PINENTRY); + if ( !(pgmname = strrchr (full_pgmname, '/'))) + pgmname = full_pgmname; else pgmname++; @@ -269,7 +270,7 @@ start_pinentry (ctrl_t ctrl) the resource bundle. For other systems we stick to the usual convention of supplying only the name of the program. */ #ifdef __APPLE__ - argv[0] = opt.pinentry_program; + argv[0] = full_pgmname; #else /*!__APPLE__*/ argv[0] = pgmname; #endif /*__APPLE__*/ @@ -310,13 +311,13 @@ start_pinentry (ctrl_t ctrl) that atfork is used to change the environment for pinentry. We start the server in detached mode to suppress the console window under Windows. */ - rc = assuan_pipe_connect (ctx, opt.pinentry_program, argv, + rc = assuan_pipe_connect (ctx, full_pgmname, argv, no_close_list, atfork_cb, ctrl, ASSUAN_PIPE_CONNECT_DETACHED); if (rc) { log_error ("can't connect to the PIN entry module '%s': %s\n", - opt.pinentry_program, gpg_strerror (rc)); + full_pgmname, gpg_strerror (rc)); assuan_release (ctx); return unlock_pinentry (gpg_error (GPG_ERR_NO_PIN_ENTRY)); } diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index a874e76..6e1c76e 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -1827,9 +1827,14 @@ agent_sighup_action (void) { log_info ("SIGHUP received - " "re-reading configuration and flushing cache\n"); + agent_flush_cache (); reread_configuration (); agent_reload_trustlist (); + /* We flush the module name cache so that after installing a + "pinentry" binary that one can be used in case the + "pinentry-basic" fallback was in use. */ + gnupg_module_name_flush_some (); } diff --git a/common/homedir.c b/common/homedir.c index 27141eb..e3efcee 100644 --- a/common/homedir.c +++ b/common/homedir.c @@ -32,6 +32,7 @@ #include #include #include +#include #ifdef HAVE_W32_SYSTEM #include /* Due to the stupid mingw64 requirement to @@ -607,6 +608,41 @@ dirmngr_user_socket_name (void) } +/* Return the default pinentry name. If RESET is true the internal + cache is first flushed. */ +static const char * +get_default_pinentry_name (int reset) +{ + static char *name; + + if (reset) + { + xfree (name); + name = NULL; + } + + if (!name) + { + name = xstrconcat (gnupg_bindir (), + DIRSEP_S "pinentry" EXEEXT_S, NULL); + if (access (name, F_OK) && errno == ENOENT) + { + char *name2; + name2 = xstrconcat (gnupg_bindir (), + DIRSEP_S "pinentry-basic" EXEEXT_S, NULL); + if (access (name2, F_OK)) + xfree (name2); /* Does not exist. */ + else /* Switch to pinentry-basic. */ + { + xfree (name); + name = name2; + } + } + } + return name; +} + + /* Return the file name of a helper tool. WHICH is one of the GNUPG_MODULE_NAME_foo constants. */ const char * @@ -630,9 +666,9 @@ gnupg_module_name (int which) case GNUPG_MODULE_NAME_PINENTRY: #ifdef GNUPG_DEFAULT_PINENTRY - return GNUPG_DEFAULT_PINENTRY; + return GNUPG_DEFAULT_PINENTRY; /* (Set by a configure option) */ #else - X(bindir, "pinentry"); + return get_default_pinentry_name (0); #endif case GNUPG_MODULE_NAME_SCDAEMON: @@ -683,3 +719,12 @@ gnupg_module_name (int which) } #undef X } + + +/* Flush some of the cached module names. This is for example used by + gpg-agent to allow configuring a different pinentry. */ +void +gnupg_module_name_flush_some (void) +{ + (void)get_default_pinentry_name (1); +} diff --git a/common/util.h b/common/util.h index 24107f5..9103e09 100644 --- a/common/util.h +++ b/common/util.h @@ -254,6 +254,7 @@ const char *dirmngr_user_socket_name (void); #define GNUPG_MODULE_NAME_GPGCONF 10 #define GNUPG_MODULE_NAME_DIRMNGR_LDAP 11 const char *gnupg_module_name (int which); +void gnupg_module_name_flush_some (void); diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 9326498..84a7d60 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -445,8 +445,10 @@ This option does nothing yet. @item --pinentry-program @var{filename} @opindex pinentry-program -Use program @var{filename} as the PIN entry. The default is installation -dependent. +Use program @var{filename} as the PIN entry. The default is +installation dependent. With the default configuration the name of +the default pinentry is @file{pinentry}; if that file does not exist +but a @file{pinentry-basic} exist the latter is used. @item --pinentry-touch-file @var{filename} @opindex pinentry-touch-file commit 05428d12561bc7eb872a81444918dfe706477a41 Author: Werner Koch Date: Tue Feb 3 19:11:44 2015 +0100 w32: Add manifest to gpg. * g10/gpg.w32-manifest.in: New. * g10/gpg-w32info.rc: Add manifest. * g10/Makefile.am (EXTRA_DIST): Add manifest. (gpg-w32info.o): Depend on manifest. * configure.ac (BUILD_VERSION): New. (AC_CONFIG_FILES): Add manifest. -- There are no dependencies yet defined - we need to do this for the libs first. Signed-off-by: Werner Koch diff --git a/configure.ac b/configure.ac index c61ecdc..ef04588 100644 --- a/configure.ac +++ b/configure.ac @@ -1653,9 +1653,11 @@ AC_DEFINE_UNQUOTED(BUILD_REVISION, "$BUILD_REVISION", [GIT commit id revision used to build this package]) changequote(,)dnl -BUILD_FILEVERSION=`echo "$VERSION" | sed 's/\([0-9.]*\).*/\1./;s/\./,/g'` +BUILD_VERSION=`echo "$VERSION" | sed 's/\([0-9.]*\).*/\1./'` changequote([,])dnl -BUILD_FILEVERSION="${BUILD_FILEVERSION}mym4_revision_dec" +BUILD_VERSION="${BUILD_VERSION}mym4_revision_dec" +BUILD_FILEVERSION=`echo "${BUILD_VERSION}" | tr . ,` +AC_SUBST(BUILD_VERSION) AC_SUBST(BUILD_FILEVERSION) BUILD_TIMESTAMP=`date -u +%Y-%m-%dT%H:%M+0000 2>/dev/null || date` @@ -1774,6 +1776,7 @@ doc/Makefile tests/Makefile tests/openpgp/Makefile tests/pkits/Makefile +g10/gpg.w32-manifest ]) diff --git a/g10/Makefile.am b/g10/Makefile.am index b47b2eb..0a02119 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -18,7 +18,8 @@ ## Process this file with automake to produce Makefile.in -EXTRA_DIST = options.skel distsigkey.gpg ChangeLog-2011 gpg-w32info.rc +EXTRA_DIST = options.skel distsigkey.gpg ChangeLog-2011 gpg-w32info.rc \ + gpg.w32-manifest.in AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common \ -I$(top_srcdir)/include -I$(top_srcdir)/intl @@ -57,6 +58,9 @@ endif if HAVE_W32_SYSTEM resource_objs += gpg-w32info.o + +gpg-w32info.o : gpg.w32-manifest + endif common_source = \ diff --git a/g10/gpg-w32info.rc b/g10/gpg-w32info.rc index 8caf221..cc34c30 100644 --- a/g10/gpg-w32info.rc +++ b/g10/gpg-w32info.rc @@ -48,3 +48,5 @@ VALUE "Translation", 0x409, 0x4b0 END END + +1 RT_MANIFEST "gpg.w32-manifest" diff --git a/g10/gpg.w32-manifest.in b/g10/gpg.w32-manifest.in new file mode 100644 index 0000000..8c98dc5 --- /dev/null +++ b/g10/gpg.w32-manifest.in @@ -0,0 +1,17 @@ + + +GNU Privacy Guard (OpenPGP tool) + + + + + + + + + + ----------------------------------------------------------------------- Summary of changes: agent/call-pinentry.c | 17 +++++++++-------- agent/gpg-agent.c | 5 +++++ common/homedir.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++-- common/util.h | 1 + configure.ac | 7 +++++-- doc/gpg-agent.texi | 6 ++++-- g10/Makefile.am | 6 +++++- g10/gpg-w32info.rc | 2 ++ g10/gpg.w32-manifest.in | 17 +++++++++++++++++ 9 files changed, 95 insertions(+), 15 deletions(-) create mode 100644 g10/gpg.w32-manifest.in hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 5 20:54:43 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 05 Feb 2015 20:54:43 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.5.3-3-g428ea76 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 428ea7696585bc24d127b903840554ca659069b6 (commit) from c32fab44f86921ef3f6d42e128e8ba6d287a7718 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 428ea7696585bc24d127b903840554ca659069b6 Author: Werner Koch Date: Fri Jan 30 10:45:20 2015 +0100 Switch to automake 1.14 and update build-aux files. Signed-off-by: Werner Koch diff --git a/build-aux/compile b/build-aux/compile index 9bb997a..531136b 100755 --- a/build-aux/compile +++ b/build-aux/compile @@ -1,8 +1,9 @@ #! /bin/sh +# Wrapper for compilers which do not understand '-c -o'. -# Wrapper for compilers which do not understand `-c -o'. +scriptversion=2012-10-14.11; # UTC -# Copyright 1999, 2000 Free Software Foundation, Inc. +# Copyright (C) 1999-2013 Free Software Foundation, Inc. # Written by Tom Tromey . # # This program is free software; you can redistribute it and/or modify @@ -16,84 +17,331 @@ # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. -# Usage: -# compile PROGRAM [ARGS]... -# `-o FOO.o' is removed from the args passed to the actual compile. +# This file is maintained in Automake, please report +# bugs to or send patches to +# . -prog=$1 -shift +nl=' +' + +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent tools from complaining about whitespace usage. +IFS=" "" $nl" + +file_conv= + +# func_file_conv build_file lazy +# Convert a $build file to $host form and store it in $file +# Currently only supports Windows hosts. If the determined conversion +# type is listed in (the comma separated) LAZY, no conversion will +# take place. +func_file_conv () +{ + file=$1 + case $file in + / | /[!/]*) # absolute file, and not a UNC file + if test -z "$file_conv"; then + # lazily determine how to convert abs files + case `uname -s` in + MINGW*) + file_conv=mingw + ;; + CYGWIN*) + file_conv=cygwin + ;; + *) + file_conv=wine + ;; + esac + fi + case $file_conv/,$2, in + *,$file_conv,*) + ;; + mingw/*) + file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'` + ;; + cygwin/*) + file=`cygpath -m "$file" || echo "$file"` + ;; + wine/*) + file=`winepath -w "$file" || echo "$file"` + ;; + esac + ;; + esac +} + +# func_cl_dashL linkdir +# Make cl look for libraries in LINKDIR +func_cl_dashL () +{ + func_file_conv "$1" + if test -z "$lib_path"; then + lib_path=$file + else + lib_path="$lib_path;$file" + fi + linker_opts="$linker_opts -LIBPATH:$file" +} + +# func_cl_dashl library +# Do a library search-path lookup for cl +func_cl_dashl () +{ + lib=$1 + found=no + save_IFS=$IFS + IFS=';' + for dir in $lib_path $LIB + do + IFS=$save_IFS + if $shared && test -f "$dir/$lib.dll.lib"; then + found=yes + lib=$dir/$lib.dll.lib + break + fi + if test -f "$dir/$lib.lib"; then + found=yes + lib=$dir/$lib.lib + break + fi + if test -f "$dir/lib$lib.a"; then + found=yes + lib=$dir/lib$lib.a + break + fi + done + IFS=$save_IFS + + if test "$found" != yes; then + lib=$lib.lib + fi +} + +# func_cl_wrapper cl arg... +# Adjust compile command to suit cl +func_cl_wrapper () +{ + # Assume a capable shell + lib_path= + shared=: + linker_opts= + for arg + do + if test -n "$eat"; then + eat= + else + case $1 in + -o) + # configure might choose to run compile as 'compile cc -o foo foo.c'. + eat=1 + case $2 in + *.o | *.[oO][bB][jJ]) + func_file_conv "$2" + set x "$@" -Fo"$file" + shift + ;; + *) + func_file_conv "$2" + set x "$@" -Fe"$file" + shift + ;; + esac + ;; + -I) + eat=1 + func_file_conv "$2" mingw + set x "$@" -I"$file" + shift + ;; + -I*) + func_file_conv "${1#-I}" mingw + set x "$@" -I"$file" + shift + ;; + -l) + eat=1 + func_cl_dashl "$2" + set x "$@" "$lib" + shift + ;; + -l*) + func_cl_dashl "${1#-l}" + set x "$@" "$lib" + shift + ;; + -L) + eat=1 + func_cl_dashL "$2" + ;; + -L*) + func_cl_dashL "${1#-L}" + ;; + -static) + shared=false + ;; + -Wl,*) + arg=${1#-Wl,} + save_ifs="$IFS"; IFS=',' + for flag in $arg; do + IFS="$save_ifs" + linker_opts="$linker_opts $flag" + done + IFS="$save_ifs" + ;; + -Xlinker) + eat=1 + linker_opts="$linker_opts $2" + ;; + -*) + set x "$@" "$1" + shift + ;; + *.cc | *.CC | *.cxx | *.CXX | *.[cC]++) + func_file_conv "$1" + set x "$@" -Tp"$file" + shift + ;; + *.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO]) + func_file_conv "$1" mingw + set x "$@" "$file" + shift + ;; + *) + set x "$@" "$1" + shift + ;; + esac + fi + shift + done + if test -n "$linker_opts"; then + linker_opts="-link$linker_opts" + fi + exec "$@" $linker_opts + exit 1 +} + +eat= + +case $1 in + '') + echo "$0: No command. Try '$0 --help' for more information." 1>&2 + exit 1; + ;; + -h | --h*) + cat <<\EOF +Usage: compile [--help] [--version] PROGRAM [ARGS] + +Wrapper for compilers which do not understand '-c -o'. +Remove '-o dest.o' from ARGS, run PROGRAM with the remaining +arguments, and rename the output as expected. + +If you are trying to build a whole package this is not the +right script to run: please start by reading the file 'INSTALL'. + +Report bugs to . +EOF + exit $? + ;; + -v | --v*) + echo "compile $scriptversion" + exit $? + ;; + cl | *[/\\]cl | cl.exe | *[/\\]cl.exe ) + func_cl_wrapper "$@" # Doesn't return... + ;; +esac ofile= cfile= -args= -while test $# -gt 0; do - case "$1" in - -o) - # configure might choose to run compile as `compile cc -o foo foo.c'. - # So we do something ugly here. - ofile=$2 - shift - case "$ofile" in - *.o | *.obj) - ;; - *) - args="$args -o $ofile" - ofile= - ;; - esac - ;; - *.c) - cfile=$1 - args="$args $1" - ;; - *) - args="$args $1" - ;; - esac - shift + +for arg +do + if test -n "$eat"; then + eat= + else + case $1 in + -o) + # configure might choose to run compile as 'compile cc -o foo foo.c'. + # So we strip '-o arg' only if arg is an object. + eat=1 + case $2 in + *.o | *.obj) + ofile=$2 + ;; + *) + set x "$@" -o "$2" + shift + ;; + esac + ;; + *.c) + cfile=$1 + set x "$@" "$1" + shift + ;; + *) + set x "$@" "$1" + shift + ;; + esac + fi + shift done if test -z "$ofile" || test -z "$cfile"; then - # If no `-o' option was seen then we might have been invoked from a - # pattern rule where we don't need one. That is ok -- this is a - # normal compilation that the losing compiler can handle. If no - # `.c' file was seen then we are probably linking. That is also - # ok. - exec "$prog" $args + # If no '-o' option was seen then we might have been invoked from a + # pattern rule where we don't need one. That is ok -- this is a + # normal compilation that the losing compiler can handle. If no + # '.c' file was seen then we are probably linking. That is also + # ok. + exec "$@" fi # Name of file we expect compiler to create. -cofile=`echo $cfile | sed -e 's|^.*/||' -e 's/\.c$/.o/'` +cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'` # Create the lock directory. -# Note: use `[/.-]' here to ensure that we don't use the same name +# Note: use '[/\\:.-]' here to ensure that we don't use the same name # that we are using for the .o file. Also, base the name on the expected # object file name, since that is what matters with a parallel build. -lockdir=`echo $cofile | sed -e 's|[/.-]|_|g'`.d +lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d while true; do - if mkdir $lockdir > /dev/null 2>&1; then - break - fi - sleep 1 + if mkdir "$lockdir" >/dev/null 2>&1; then + break + fi + sleep 1 done # FIXME: race condition here if user kills between mkdir and trap. -trap "rmdir $lockdir; exit 1" 1 2 15 +trap "rmdir '$lockdir'; exit 1" 1 2 15 # Run the compile. -"$prog" $args -status=$? +"$@" +ret=$? if test -f "$cofile"; then - mv "$cofile" "$ofile" + test "$cofile" = "$ofile" || mv "$cofile" "$ofile" +elif test -f "${cofile}bj"; then + test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile" fi -rmdir $lockdir -exit $status +rmdir "$lockdir" +exit $ret + +# Local Variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" +# End: diff --git a/build-aux/config.guess b/build-aux/config.guess index d622a44..dbfb978 100755 --- a/build-aux/config.guess +++ b/build-aux/config.guess @@ -1,14 +1,12 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, -# 2011, 2012 Free Software Foundation, Inc. +# Copyright 1992-2015 Free Software Foundation, Inc. -timestamp='2012-02-10' +timestamp='2015-01-01' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or +# the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but @@ -22,19 +20,17 @@ timestamp='2012-02-10' # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. - - -# Originally written by Per Bothner. Please send patches (context -# diff format) to and include a ChangeLog -# entry. +# the same distribution terms that you use for the rest of that +# program. This Exception is an additional permission under section 7 +# of the GNU General Public License, version 3 ("GPLv3"). # -# This script attempts to guess a canonical system name similar to -# config.sub. If it succeeds, it prints the system name on stdout, and -# exits with 0. Otherwise, it exits with 1. +# Originally written by Per Bothner; maintained since 2000 by Ben Elliston. # # You can get the latest version of this script from: # http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD +# +# Please send patches to . + me=`echo "$0" | sed -e 's,.*/,,'` @@ -54,9 +50,7 @@ version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, -2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 -Free Software Foundation, Inc. +Copyright 1992-2015 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -138,6 +132,27 @@ UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown +case "${UNAME_SYSTEM}" in +Linux|GNU|GNU/*) + # If the system lacks a compiler, then just pick glibc. + # We could probably try harder. + LIBC=gnu + + eval $set_cc_for_build + cat <<-EOF > $dummy.c + #include + #if defined(__UCLIBC__) + LIBC=uclibc + #elif defined(__dietlibc__) + LIBC=dietlibc + #else + LIBC=gnu + #endif + EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC' | sed 's, ,,g'` + ;; +esac + # Note: order is significant - the case branches are not exclusive. case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in @@ -200,6 +215,10 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. echo "${machine}-${os}${release}" exit ;; + *:Bitrig:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` + echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE} + exit ;; *:OpenBSD:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} @@ -302,7 +321,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) echo arm-acorn-riscix${UNAME_RELEASE} exit ;; - arm:riscos:*:*|arm:RISCOS:*:*) + arm*:riscos:*:*|arm*:RISCOS:*:*) echo arm-unknown-riscos exit ;; SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) @@ -560,8 +579,9 @@ EOF else IBM_ARCH=powerpc fi - if [ -x /usr/bin/oslevel ] ; then - IBM_REV=`/usr/bin/oslevel` + if [ -x /usr/bin/lslpp ] ; then + IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | + awk -F: '{ print $3 }' | sed s/[0-9]*$/0/` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi @@ -801,10 +821,13 @@ EOF i*:CYGWIN*:*) echo ${UNAME_MACHINE}-pc-cygwin exit ;; + *:MINGW64*:*) + echo ${UNAME_MACHINE}-pc-mingw64 + exit ;; *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; - i*:MSYS*:*) + *:MSYS*:*) echo ${UNAME_MACHINE}-pc-msys exit ;; i*:windows32*:*) @@ -852,21 +875,21 @@ EOF exit ;; *:GNU:*:*) # the GNU system - echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` exit ;; *:GNU/*:*:*) # other systems with GNU libc and userland - echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu + echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} exit ;; i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit ;; aarch64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; aarch64_be:Linux:*:*) UNAME_MACHINE=aarch64_be - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in @@ -879,59 +902,54 @@ EOF EV68*) UNAME_MACHINE=alphaev68 ;; esac objdump --private-headers /bin/sh | grep -q ld.so.1 - if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi - echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} + if test "$?" = 0 ; then LIBC="gnulibc1" ; fi + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + arc:Linux:*:* | arceb:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; arm*:Linux:*:*) eval $set_cc_for_build if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_EABI__ then - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} else if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_PCS_VFP then - echo ${UNAME_MACHINE}-unknown-linux-gnueabi + echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi else - echo ${UNAME_MACHINE}-unknown-linux-gnueabihf + echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf fi fi exit ;; avr32*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; cris:Linux:*:*) - echo ${UNAME_MACHINE}-axis-linux-gnu + echo ${UNAME_MACHINE}-axis-linux-${LIBC} exit ;; crisv32:Linux:*:*) - echo ${UNAME_MACHINE}-axis-linux-gnu + echo ${UNAME_MACHINE}-axis-linux-${LIBC} exit ;; frv:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; hexagon:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; i*86:Linux:*:*) - LIBC=gnu - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #ifdef __dietlibc__ - LIBC=dietlibc - #endif -EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` - echo "${UNAME_MACHINE}-pc-linux-${LIBC}" + echo ${UNAME_MACHINE}-pc-linux-${LIBC} exit ;; ia64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; m32r*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; m68*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; mips:Linux:*:* | mips64:Linux:*:*) eval $set_cc_for_build @@ -950,54 +968,63 @@ EOF #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` - test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } ;; - or32:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + openrisc*:Linux:*:*) + echo or1k-unknown-linux-${LIBC} + exit ;; + or32:Linux:*:* | or1k*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; padre:Linux:*:*) - echo sparc-unknown-linux-gnu + echo sparc-unknown-linux-${LIBC} exit ;; parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-gnu + echo hppa64-unknown-linux-${LIBC} exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in - PA7*) echo hppa1.1-unknown-linux-gnu ;; - PA8*) echo hppa2.0-unknown-linux-gnu ;; - *) echo hppa-unknown-linux-gnu ;; + PA7*) echo hppa1.1-unknown-linux-${LIBC} ;; + PA8*) echo hppa2.0-unknown-linux-${LIBC} ;; + *) echo hppa-unknown-linux-${LIBC} ;; esac exit ;; ppc64:Linux:*:*) - echo powerpc64-unknown-linux-gnu + echo powerpc64-unknown-linux-${LIBC} exit ;; ppc:Linux:*:*) - echo powerpc-unknown-linux-gnu + echo powerpc-unknown-linux-${LIBC} + exit ;; + ppc64le:Linux:*:*) + echo powerpc64le-unknown-linux-${LIBC} + exit ;; + ppcle:Linux:*:*) + echo powerpcle-unknown-linux-${LIBC} exit ;; s390:Linux:*:* | s390x:Linux:*:*) - echo ${UNAME_MACHINE}-ibm-linux + echo ${UNAME_MACHINE}-ibm-linux-${LIBC} exit ;; sh64*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; sh*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; sparc:Linux:*:* | sparc64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; tile*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; vax:Linux:*:*) - echo ${UNAME_MACHINE}-dec-linux-gnu + echo ${UNAME_MACHINE}-dec-linux-${LIBC} exit ;; x86_64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; xtensa*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. @@ -1201,6 +1228,9 @@ EOF BePC:Haiku:*:*) # Haiku running on Intel PC compatible. echo i586-pc-haiku exit ;; + x86_64:Haiku:*:*) + echo x86_64-unknown-haiku + exit ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} exit ;; @@ -1227,19 +1257,31 @@ EOF exit ;; *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown - case $UNAME_PROCESSOR in - i386) - eval $set_cc_for_build - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then - if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_64BIT_ARCH >/dev/null - then - UNAME_PROCESSOR="x86_64" - fi - fi ;; - unknown) UNAME_PROCESSOR=powerpc ;; - esac + eval $set_cc_for_build + if test "$UNAME_PROCESSOR" = unknown ; then + UNAME_PROCESSOR=powerpc + fi + if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + case $UNAME_PROCESSOR in + i386) UNAME_PROCESSOR=x86_64 ;; + powerpc) UNAME_PROCESSOR=powerpc64 ;; + esac + fi + fi + elif test "$UNAME_PROCESSOR" = i386 ; then + # Avoid executing cc on OS X 10.9, as it ships with a stub + # that puts up a graphical alert prompting to install + # developer tools. Any system running Mac OS X 10.7 or + # later (Darwin 11 and later) is required to have a 64-bit + # processor. This is not true of the ARM version of Darwin + # that Apple uses in portable devices. + UNAME_PROCESSOR=x86_64 + fi echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) @@ -1256,7 +1298,7 @@ EOF NEO-?:NONSTOP_KERNEL:*:*) echo neo-tandem-nsk${UNAME_RELEASE} exit ;; - NSE-?:NONSTOP_KERNEL:*:*) + NSE-*:NONSTOP_KERNEL:*:*) echo nse-tandem-nsk${UNAME_RELEASE} exit ;; NSR-?:NONSTOP_KERNEL:*:*) @@ -1330,157 +1372,6 @@ EOF exit ;; esac -#echo '(No uname command or uname output not recognized.)' 1>&2 -#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 - -eval $set_cc_for_build -cat >$dummy.c < -# include -#endif -main () -{ -#if defined (sony) -#if defined (MIPSEB) - /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, - I don't know.... */ - printf ("mips-sony-bsd\n"); exit (0); -#else -#include - printf ("m68k-sony-newsos%s\n", -#ifdef NEWSOS4 - "4" -#else - "" -#endif - ); exit (0); -#endif -#endif - -#if defined (__arm) && defined (__acorn) && defined (__unix) - printf ("arm-acorn-riscix\n"); exit (0); -#endif - -#if defined (hp300) && !defined (hpux) - printf ("m68k-hp-bsd\n"); exit (0); -#endif - -#if defined (NeXT) -#if !defined (__ARCHITECTURE__) -#define __ARCHITECTURE__ "m68k" -#endif - int version; - version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; - if (version < 4) - printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); - else - printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); - exit (0); -#endif - -#if defined (MULTIMAX) || defined (n16) -#if defined (UMAXV) - printf ("ns32k-encore-sysv\n"); exit (0); -#else -#if defined (CMU) - printf ("ns32k-encore-mach\n"); exit (0); -#else - printf ("ns32k-encore-bsd\n"); exit (0); -#endif -#endif -#endif - -#if defined (__386BSD__) - printf ("i386-pc-bsd\n"); exit (0); -#endif - -#if defined (sequent) -#if defined (i386) - printf ("i386-sequent-dynix\n"); exit (0); -#endif -#if defined (ns32000) - printf ("ns32k-sequent-dynix\n"); exit (0); -#endif -#endif - -#if defined (_SEQUENT_) - struct utsname un; - - uname(&un); - - if (strncmp(un.version, "V2", 2) == 0) { - printf ("i386-sequent-ptx2\n"); exit (0); - } - if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ - printf ("i386-sequent-ptx1\n"); exit (0); - } - printf ("i386-sequent-ptx\n"); exit (0); - -#endif - -#if defined (vax) -# if !defined (ultrix) -# include -# if defined (BSD) -# if BSD == 43 - printf ("vax-dec-bsd4.3\n"); exit (0); -# else -# if BSD == 199006 - printf ("vax-dec-bsd4.3reno\n"); exit (0); -# else - printf ("vax-dec-bsd\n"); exit (0); -# endif -# endif -# else - printf ("vax-dec-bsd\n"); exit (0); -# endif -# else - printf ("vax-dec-ultrix\n"); exit (0); -# endif -#endif - -#if defined (alliant) && defined (i860) - printf ("i860-alliant-bsd\n"); exit (0); -#endif - - exit (1); -} -EOF - -$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && - { echo "$SYSTEM_NAME"; exit; } - -# Apollos put the system type in the environment. - -test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } - -# Convex versions that predate uname can use getsysinfo(1) - -if [ -x /usr/convex/getsysinfo ] -then - case `getsysinfo -f cpu_type` in - c1*) - echo c1-convex-bsd - exit ;; - c2*) - if getsysinfo -f scalar_acc - then echo c32-convex-bsd - else echo c2-convex-bsd - fi - exit ;; - c34*) - echo c34-convex-bsd - exit ;; - c38*) - echo c38-convex-bsd - exit ;; - c4*) - echo c4-convex-bsd - exit ;; - esac -fi - cat >&2 <. @@ -26,11 +20,12 @@ timestamp='2012-02-10' # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. +# the same distribution terms that you use for the rest of that +# program. This Exception is an additional permission under section 7 +# of the GNU General Public License, version 3 ("GPLv3"). -# Please send patches to . Submit a context -# diff and a properly formatted GNU ChangeLog entry. +# Please send patches to . # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. @@ -73,9 +68,7 @@ Report bugs and patches to ." version="\ GNU config.sub ($timestamp) -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, -2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 -Free Software Foundation, Inc. +Copyright 1992-2015 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -123,7 +116,7 @@ esac maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ - linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ + linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ knetbsd*-gnu* | netbsd*-gnu* | \ kopensolaris*-gnu* | \ storm-chaos* | os2-emx* | rtmk-nova*) @@ -156,7 +149,7 @@ case $os in -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ - -apple | -axis | -knuth | -cray | -microblaze) + -apple | -axis | -knuth | -cray | -microblaze*) os= basic_machine=$1 ;; @@ -225,6 +218,12 @@ case $os in -isc*) basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; + -lynx*178) + os=-lynxos178 + ;; + -lynx*5) + os=-lynxos5 + ;; -lynx*) os=-lynxos ;; @@ -253,21 +252,24 @@ case $basic_machine in | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ | am33_2.0 \ - | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ - | be32 | be64 \ + | arc | arceb \ + | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ + | avr | avr32 \ + | be32 | be64 \ | bfin \ - | c4x | clipper \ + | c4x | c8051 | clipper \ | d10v | d30v | dlx | dsp16xx \ | epiphany \ - | fido | fr30 | frv \ + | fido | fr30 | frv | ft32 \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | hexagon \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ + | k1om \ | le32 | le64 \ | lm32 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ - | maxq | mb | microblaze | mcore | mep | metag \ + | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ @@ -281,23 +283,26 @@ case $basic_machine in | mips64vr5900 | mips64vr5900el \ | mipsisa32 | mipsisa32el \ | mipsisa32r2 | mipsisa32r2el \ + | mipsisa32r6 | mipsisa32r6el \ | mipsisa64 | mipsisa64el \ | mipsisa64r2 | mipsisa64r2el \ + | mipsisa64r6 | mipsisa64r6el \ | mipsisa64sb1 | mipsisa64sb1el \ | mipsisa64sr71k | mipsisa64sr71kel \ + | mipsr5900 | mipsr5900el \ | mipstx39 | mipstx39el \ | mn10200 | mn10300 \ | moxie \ | mt \ | msp430 \ | nds32 | nds32le | nds32be \ - | nios | nios2 \ + | nios | nios2 | nios2eb | nios2el \ | ns16k | ns32k \ - | open8 \ - | or32 \ + | open8 | or1k | or1knd | or32 \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle \ | pyramid \ + | riscv32 | riscv64 \ | rl78 | rx \ | score \ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ @@ -308,6 +313,7 @@ case $basic_machine in | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ | ubicom32 \ | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ + | visium \ | we32k \ | x86 | xc16x | xstormy16 | xtensa \ | z8k | z80) @@ -322,7 +328,10 @@ case $basic_machine in c6x) basic_machine=tic6x-unknown ;; - m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip) + leon|leon[3-9]) + basic_machine=sparc-$basic_machine + ;; + m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip) basic_machine=$basic_machine-unknown os=-none ;; @@ -364,13 +373,13 @@ case $basic_machine in | aarch64-* | aarch64_be-* \ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ - | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ + | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* | avr32-* \ | be32-* | be64-* \ | bfin-* | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* \ - | clipper-* | craynv-* | cydra-* \ + | c8051-* | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ @@ -379,11 +388,13 @@ case $basic_machine in | hexagon-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ + | k1om-* \ | le32-* | le64-* \ | lm32-* \ | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \ + | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ + | microblaze-* | microblazeel-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ @@ -397,18 +408,22 @@ case $basic_machine in | mips64vr5900-* | mips64vr5900el-* \ | mipsisa32-* | mipsisa32el-* \ | mipsisa32r2-* | mipsisa32r2el-* \ + | mipsisa32r6-* | mipsisa32r6el-* \ | mipsisa64-* | mipsisa64el-* \ | mipsisa64r2-* | mipsisa64r2el-* \ + | mipsisa64r6-* | mipsisa64r6el-* \ | mipsisa64sb1-* | mipsisa64sb1el-* \ | mipsisa64sr71k-* | mipsisa64sr71kel-* \ + | mipsr5900-* | mipsr5900el-* \ | mipstx39-* | mipstx39el-* \ | mmix-* \ | mt-* \ | msp430-* \ | nds32-* | nds32le-* | nds32be-* \ - | nios-* | nios2-* \ + | nios-* | nios2-* | nios2eb-* | nios2el-* \ | none-* | np1-* | ns16k-* | ns32k-* \ | open8-* \ + | or1k*-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ @@ -426,6 +441,7 @@ case $basic_machine in | ubicom32-* \ | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ | vax-* \ + | visium-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* \ | xstormy16-* | xtensa*-* \ @@ -763,6 +779,9 @@ case $basic_machine in basic_machine=m68k-isi os=-sysv ;; + leon-*|leon[3-9]-*) + basic_machine=sparc-`echo $basic_machine | sed 's/-.*//'` + ;; m68knommu) basic_machine=m68k-unknown os=-linux @@ -782,11 +801,15 @@ case $basic_machine in basic_machine=ns32k-utek os=-sysv ;; - microblaze) + microblaze*) basic_machine=microblaze-xilinx ;; + mingw64) + basic_machine=x86_64-pc + os=-mingw64 + ;; mingw32) - basic_machine=i386-pc + basic_machine=i686-pc os=-mingw32 ;; mingw32ce) @@ -814,6 +837,10 @@ case $basic_machine in basic_machine=powerpc-unknown os=-morphos ;; + moxiebox) + basic_machine=moxie-unknown + os=-moxiebox + ;; msdos) basic_machine=i386-pc os=-msdos @@ -822,7 +849,7 @@ case $basic_machine in basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` ;; msys) - basic_machine=i386-pc + basic_machine=i686-pc os=-msys ;; mvs) @@ -1013,7 +1040,11 @@ case $basic_machine in basic_machine=i586-unknown os=-pw32 ;; - rdos) + rdos | rdos64) + basic_machine=x86_64-pc + os=-rdos + ;; + rdos32) basic_machine=i386-pc os=-rdos ;; @@ -1340,29 +1371,29 @@ case $os in -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ - | -sym* | -kopensolaris* \ + | -sym* | -kopensolaris* | -plan9* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ | -aos* | -aros* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ - | -openbsd* | -solidbsd* \ + | -bitrig* | -openbsd* | -solidbsd* \ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ | -chorusos* | -chorusrdb* | -cegcc* \ | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ - | -mingw32* | -linux-gnu* | -linux-android* \ - | -linux-newlib* | -linux-uclibc* \ - | -uxpv* | -beos* | -mpeix* | -udk* \ + | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ + | -linux-newlib* | -linux-musl* | -linux-uclibc* \ + | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) + | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* | -tirtos*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1486,9 +1517,6 @@ case $os in -aros*) os=-aros ;; - -kaos*) - os=-kaos - ;; -zvmoe) os=-zvmoe ;; @@ -1537,6 +1565,12 @@ case $basic_machine in c4x-* | tic4x-*) os=-coff ;; + c8051-*) + os=-elf + ;; + hexagon-*) + os=-elf + ;; tic54x-*) os=-coff ;; diff --git a/build-aux/depcomp b/build-aux/depcomp index e5f9736..4ebd5b3 100755 --- a/build-aux/depcomp +++ b/build-aux/depcomp @@ -1,10 +1,9 @@ #! /bin/sh # depcomp - compile a program generating dependencies as side-effects -scriptversion=2007-03-29.01 +scriptversion=2013-05-30.07; # UTC -# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006, 2007 Free Software -# Foundation, Inc. +# Copyright (C) 1999-2013 Free Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -17,9 +16,7 @@ scriptversion=2007-03-29.01 # GNU General Public License for more details. # You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -# 02110-1301, USA. +# along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -30,9 +27,9 @@ scriptversion=2007-03-29.01 case $1 in '') - echo "$0: No command. Try \`$0 --help' for more information." 1>&2 - exit 1; - ;; + echo "$0: No command. Try '$0 --help' for more information." 1>&2 + exit 1; + ;; -h | --h*) cat <<\EOF Usage: depcomp [--help] [--version] PROGRAM [ARGS] @@ -42,11 +39,11 @@ as side-effects. Environment variables: depmode Dependency tracking mode. - source Source file read by `PROGRAMS ARGS'. - object Object file output by `PROGRAMS ARGS'. + source Source file read by 'PROGRAMS ARGS'. + object Object file output by 'PROGRAMS ARGS'. DEPDIR directory where to store dependencies. depfile Dependency file to output. - tmpdepfile Temporary file to use when outputing dependencies. + tmpdepfile Temporary file to use when outputting dependencies. libtool Whether libtool is used (yes/no). Report bugs to . @@ -59,6 +56,66 @@ EOF ;; esac +# Get the directory component of the given path, and save it in the +# global variables '$dir'. Note that this directory component will +# be either empty or ending with a '/' character. This is deliberate. +set_dir_from () +{ + case $1 in + */*) dir=`echo "$1" | sed -e 's|/[^/]*$|/|'`;; + *) dir=;; + esac +} + +# Get the suffix-stripped basename of the given path, and save it the +# global variable '$base'. +set_base_from () +{ + base=`echo "$1" | sed -e 's|^.*/||' -e 's/\.[^.]*$//'` +} + +# If no dependency file was actually created by the compiler invocation, +# we still have to create a dummy depfile, to avoid errors with the +# Makefile "include basename.Plo" scheme. +make_dummy_depfile () +{ + echo "#dummy" > "$depfile" +} + +# Factor out some common post-processing of the generated depfile. +# Requires the auxiliary global variable '$tmpdepfile' to be set. +aix_post_process_depfile () +{ + # If the compiler actually managed to produce a dependency file, + # post-process it. + if test -f "$tmpdepfile"; then + # Each line is of the form 'foo.o: dependency.h'. + # Do two passes, one to just change these to + # $object: dependency.h + # and one to simply output + # dependency.h: + # which is needed to avoid the deleted-header problem. + { sed -e "s,^.*\.[$lower]*:,$object:," < "$tmpdepfile" + sed -e "s,^.*\.[$lower]*:[$tab ]*,," -e 's,$,:,' < "$tmpdepfile" + } > "$depfile" + rm -f "$tmpdepfile" + else + make_dummy_depfile + fi +} + +# A tabulation character. +tab=' ' +# A newline character. +nl=' +' +# Character ranges might be problematic outside the C locale. +# These definitions help. +upper=ABCDEFGHIJKLMNOPQRSTUVWXYZ +lower=abcdefghijklmnopqrstuvwxyz +digits=0123456789 +alpha=${upper}${lower} + if test -z "$depmode" || test -z "$source" || test -z "$object"; then echo "depcomp: Variables source, object and depmode must be set" 1>&2 exit 1 @@ -71,6 +128,9 @@ tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`} rm -f "$tmpdepfile" +# Avoid interferences from the environment. +gccflag= dashmflag= + # Some modes work just like other modes, but use different flags. We # parameterize here, but still list the modes in the big case below, # to make depend.m4 easier to write. Note that we *cannot* use a case @@ -82,9 +142,32 @@ if test "$depmode" = hp; then fi if test "$depmode" = dashXmstdout; then - # This is just like dashmstdout with a different argument. - dashmflag=-xM - depmode=dashmstdout + # This is just like dashmstdout with a different argument. + dashmflag=-xM + depmode=dashmstdout +fi + +cygpath_u="cygpath -u -f -" +if test "$depmode" = msvcmsys; then + # This is just like msvisualcpp but w/o cygpath translation. + # Just convert the backslash-escaped backslashes to single forward + # slashes to satisfy depend.m4 + cygpath_u='sed s,\\\\,/,g' + depmode=msvisualcpp +fi + +if test "$depmode" = msvc7msys; then + # This is just like msvc7 but w/o cygpath translation. + # Just convert the backslash-escaped backslashes to single forward + # slashes to satisfy depend.m4 + cygpath_u='sed s,\\\\,/,g' + depmode=msvc7 +fi + +if test "$depmode" = xlc; then + # IBM C/C++ Compilers xlc/xlC can output gcc-like dependency information. + gccflag=-qmakedep=gcc,-MF + depmode=gcc fi case "$depmode" in @@ -107,8 +190,7 @@ gcc3) done "$@" stat=$? - if test $stat -eq 0; then : - else + if test $stat -ne 0; then rm -f "$tmpdepfile" exit $stat fi @@ -116,13 +198,17 @@ gcc3) ;; gcc) +## Note that this doesn't just cater to obsosete pre-3.x GCC compilers. +## but also to in-use compilers like IMB xlc/xlC and the HP C compiler. +## (see the conditional assignment to $gccflag above). ## There are various ways to get dependency output from gcc. Here's ## why we pick this rather obscure method: ## - Don't want to use -MD because we'd like the dependencies to end ## up in a subdir. Having to rename by hand is ugly. ## (We might end up doing this anyway to support other compilers.) ## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like -## -MM, not -M (despite what the docs say). +## -MM, not -M (despite what the docs say). Also, it might not be +## supported by the other compilers which use the 'gcc' depmode. ## - Using -M directly means running the compiler twice (even worse ## than renaming). if test -z "$gccflag"; then @@ -130,31 +216,31 @@ gcc) fi "$@" -Wp,"$gccflag$tmpdepfile" stat=$? - if test $stat -eq 0; then : - else + if test $stat -ne 0; then rm -f "$tmpdepfile" exit $stat fi rm -f "$depfile" echo "$object : \\" > "$depfile" - alpha=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz -## The second -e expression handles DOS-style file names with drive letters. + # The second -e expression handles DOS-style file names with drive + # letters. sed -e 's/^[^:]*: / /' \ -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile" -## This next piece of magic avoids the `deleted header file' problem. +## This next piece of magic avoids the "deleted header file" problem. ## The problem is that when a header file which appears in a .P file ## is deleted, the dependency causes make to die (because there is ## typically no way to rebuild the header). We avoid this by adding ## dummy dependencies for each header file. Too bad gcc doesn't do ## this for us directly. - tr ' ' ' -' < "$tmpdepfile" | -## Some versions of gcc put a space before the `:'. On the theory +## Some versions of gcc put a space before the ':'. On the theory ## that the space means something, we add a space to the output as -## well. +## well. hp depmode also adds that space, but also prefixes the VPATH +## to the object. Take care to not repeat it in the output. ## Some versions of the HPUX 10.20 sed can't process this invocation ## correctly. Breaking it into two sed invocations is a workaround. - sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" + tr ' ' "$nl" < "$tmpdepfile" \ + | sed -e 's/^\\$//' -e '/^$/d' -e "s|.*$object$||" -e '/:$/d' \ + | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" ;; @@ -172,8 +258,7 @@ sgi) "$@" -MDupdate "$tmpdepfile" fi stat=$? - if test $stat -eq 0; then : - else + if test $stat -ne 0; then rm -f "$tmpdepfile" exit $stat fi @@ -181,43 +266,41 @@ sgi) if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files echo "$object : \\" > "$depfile" - # Clip off the initial element (the dependent). Don't try to be # clever and replace this with sed code, as IRIX sed won't handle # lines with more than a fixed number of characters (4096 in # IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines; - # the IRIX cc adds comments like `#:fec' to the end of the + # the IRIX cc adds comments like '#:fec' to the end of the # dependency line. - tr ' ' ' -' < "$tmpdepfile" \ - | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \ - tr ' -' ' ' >> $depfile - echo >> $depfile - + tr ' ' "$nl" < "$tmpdepfile" \ + | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' \ + | tr "$nl" ' ' >> "$depfile" + echo >> "$depfile" # The second pass generates a dummy entry for each header file. - tr ' ' ' -' < "$tmpdepfile" \ - | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \ - >> $depfile + tr ' ' "$nl" < "$tmpdepfile" \ + | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \ + >> "$depfile" else - # The sourcefile does not contain any dependencies, so just - # store a dummy comment line, to avoid errors with the Makefile - # "include basename.Plo" scheme. - echo "#dummy" > "$depfile" + make_dummy_depfile fi rm -f "$tmpdepfile" ;; +xlc) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + aix) # The C for AIX Compiler uses -M and outputs the dependencies # in a .u file. In older versions, this file always lives in the - # current directory. Also, the AIX compiler puts `$object:' at the + # current directory. Also, the AIX compiler puts '$object:' at the # start of each line; $object doesn't have directory information. # Version 6 uses the directory in both cases. - dir=`echo "$object" | sed -e 's|/[^/]*$|/|'` - test "x$dir" = "x$object" && dir= - base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'` + set_dir_from "$object" + set_base_from "$object" if test "$libtool" = yes; then tmpdepfile1=$dir$base.u tmpdepfile2=$base.u @@ -230,9 +313,7 @@ aix) "$@" -M fi stat=$? - - if test $stat -eq 0; then : - else + if test $stat -ne 0; then rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" exit $stat fi @@ -241,44 +322,100 @@ aix) do test -f "$tmpdepfile" && break done - if test -f "$tmpdepfile"; then - # Each line is of the form `foo.o: dependent.h'. - # Do two passes, one to just change these to - # `$object: dependent.h' and one to simply `dependent.h:'. - sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile" - # That's a tab and a space in the []. - sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile" - else - # The sourcefile does not contain any dependencies, so just - # store a dummy comment line, to avoid errors with the Makefile - # "include basename.Plo" scheme. - echo "#dummy" > "$depfile" + aix_post_process_depfile + ;; + +tcc) + # tcc (Tiny C Compiler) understand '-MD -MF file' since version 0.9.26 + # FIXME: That version still under development at the moment of writing. + # Make that this statement remains true also for stable, released + # versions. + # It will wrap lines (doesn't matter whether long or short) with a + # trailing '\', as in: + # + # foo.o : \ + # foo.c \ + # foo.h \ + # + # It will put a trailing '\' even on the last line, and will use leading + # spaces rather than leading tabs (at least since its commit 0394caf7 + # "Emit spaces for -MD"). + "$@" -MD -MF "$tmpdepfile" + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat fi + rm -f "$depfile" + # Each non-empty line is of the form 'foo.o : \' or ' dep.h \'. + # We have to change lines of the first kind to '$object: \'. + sed -e "s|.*:|$object :|" < "$tmpdepfile" > "$depfile" + # And for each line of the second kind, we have to emit a 'dep.h:' + # dummy dependency, to avoid the deleted-header problem. + sed -n -e 's|^ *\(.*\) *\\$|\1:|p' < "$tmpdepfile" >> "$depfile" rm -f "$tmpdepfile" ;; -icc) - # Intel's C compiler understands `-MD -MF file'. However on - # icc -MD -MF foo.d -c -o sub/foo.o sub/foo.c - # ICC 7.0 will fill foo.d with something like - # foo.o: sub/foo.c - # foo.o: sub/foo.h - # which is wrong. We want: - # sub/foo.o: sub/foo.c - # sub/foo.o: sub/foo.h - # sub/foo.c: - # sub/foo.h: - # ICC 7.1 will output +## The order of this option in the case statement is important, since the +## shell code in configure will try each of these formats in the order +## listed in this file. A plain '-MD' option would be understood by many +## compilers, so we must ensure this comes after the gcc and icc options. +pgcc) + # Portland's C compiler understands '-MD'. + # Will always output deps to 'file.d' where file is the root name of the + # source file under compilation, even if file resides in a subdirectory. + # The object file name does not affect the name of the '.d' file. + # pgcc 10.2 will output # foo.o: sub/foo.c sub/foo.h - # and will wrap long lines using \ : + # and will wrap long lines using '\' : # foo.o: sub/foo.c ... \ # sub/foo.h ... \ # ... + set_dir_from "$object" + # Use the source, not the object, to determine the base name, since + # that's sadly what pgcc will do too. + set_base_from "$source" + tmpdepfile=$base.d + + # For projects that build the same source file twice into different object + # files, the pgcc approach of using the *source* file root name can cause + # problems in parallel builds. Use a locking strategy to avoid stomping on + # the same $tmpdepfile. + lockdir=$base.d-lock + trap " + echo '$0: caught signal, cleaning up...' >&2 + rmdir '$lockdir' + exit 1 + " 1 2 13 15 + numtries=100 + i=$numtries + while test $i -gt 0; do + # mkdir is a portable test-and-set. + if mkdir "$lockdir" 2>/dev/null; then + # This process acquired the lock. + "$@" -MD + stat=$? + # Release the lock. + rmdir "$lockdir" + break + else + # If the lock is being held by a different process, wait + # until the winning process is done or we timeout. + while test -d "$lockdir" && test $i -gt 0; do + sleep 1 + i=`expr $i - 1` + done + fi + i=`expr $i - 1` + done + trap - 1 2 13 15 + if test $i -le 0; then + echo "$0: failed to acquire lock after $numtries attempts" >&2 + echo "$0: check lockdir '$lockdir'" >&2 + exit 1 + fi - "$@" -MD -MF "$tmpdepfile" - stat=$? - if test $stat -eq 0; then : - else + if test $stat -ne 0; then rm -f "$tmpdepfile" exit $stat fi @@ -290,8 +427,8 @@ icc) sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile" # Some versions of the HPUX 10.20 sed can't process this invocation # correctly. Breaking it into two sed invocations is a workaround. - sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" | - sed -e 's/$/ :/' >> "$depfile" + sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" \ + | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" ;; @@ -302,9 +439,8 @@ hp2) # 'foo.d', which lands next to the object file, wherever that # happens to be. # Much of this is similar to the tru64 case; see comments there. - dir=`echo "$object" | sed -e 's|/[^/]*$|/|'` - test "x$dir" = "x$object" && dir= - base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'` + set_dir_from "$object" + set_base_from "$object" if test "$libtool" = yes; then tmpdepfile1=$dir$base.d tmpdepfile2=$dir.libs/$base.d @@ -315,8 +451,7 @@ hp2) "$@" +Maked fi stat=$? - if test $stat -eq 0; then : - else + if test $stat -ne 0; then rm -f "$tmpdepfile1" "$tmpdepfile2" exit $stat fi @@ -326,72 +461,107 @@ hp2) test -f "$tmpdepfile" && break done if test -f "$tmpdepfile"; then - sed -e "s,^.*\.[a-z]*:,$object:," "$tmpdepfile" > "$depfile" - # Add `dependent.h:' lines. - sed -ne '2,${; s/^ *//; s/ \\*$//; s/$/:/; p;}' "$tmpdepfile" >> "$depfile" + sed -e "s,^.*\.[$lower]*:,$object:," "$tmpdepfile" > "$depfile" + # Add 'dependent.h:' lines. + sed -ne '2,${ + s/^ *// + s/ \\*$// + s/$/:/ + p + }' "$tmpdepfile" >> "$depfile" else - echo "#dummy" > "$depfile" + make_dummy_depfile fi rm -f "$tmpdepfile" "$tmpdepfile2" ;; tru64) - # The Tru64 compiler uses -MD to generate dependencies as a side - # effect. `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'. - # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put - # dependencies in `foo.d' instead, so we check for that too. - # Subdirectories are respected. - dir=`echo "$object" | sed -e 's|/[^/]*$|/|'` - test "x$dir" = "x$object" && dir= - base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'` - - if test "$libtool" = yes; then - # With Tru64 cc, shared objects can also be used to make a - # static library. This mechanism is used in libtool 1.4 series to - # handle both shared and static libraries in a single compilation. - # With libtool 1.4, dependencies were output in $dir.libs/$base.lo.d. - # - # With libtool 1.5 this exception was removed, and libtool now - # generates 2 separate objects for the 2 libraries. These two - # compilations output dependencies in $dir.libs/$base.o.d and - # in $dir$base.o.d. We have to check for both files, because - # one of the two compilations can be disabled. We should prefer - # $dir$base.o.d over $dir.libs/$base.o.d because the latter is - # automatically cleaned when .libs/ is deleted, while ignoring - # the former would cause a distcleancheck panic. - tmpdepfile1=$dir.libs/$base.lo.d # libtool 1.4 - tmpdepfile2=$dir$base.o.d # libtool 1.5 - tmpdepfile3=$dir.libs/$base.o.d # libtool 1.5 - tmpdepfile4=$dir.libs/$base.d # Compaq CCC V6.2-504 - "$@" -Wc,-MD - else - tmpdepfile1=$dir$base.o.d - tmpdepfile2=$dir$base.d - tmpdepfile3=$dir$base.d - tmpdepfile4=$dir$base.d - "$@" -MD - fi - - stat=$? - if test $stat -eq 0; then : - else - rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4" - exit $stat - fi - - for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4" - do - test -f "$tmpdepfile" && break - done - if test -f "$tmpdepfile"; then - sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile" - # That's a tab and a space in the []. - sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile" - else - echo "#dummy" > "$depfile" - fi - rm -f "$tmpdepfile" - ;; + # The Tru64 compiler uses -MD to generate dependencies as a side + # effect. 'cc -MD -o foo.o ...' puts the dependencies into 'foo.o.d'. + # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put + # dependencies in 'foo.d' instead, so we check for that too. + # Subdirectories are respected. + set_dir_from "$object" + set_base_from "$object" + + if test "$libtool" = yes; then + # Libtool generates 2 separate objects for the 2 libraries. These + # two compilations output dependencies in $dir.libs/$base.o.d and + # in $dir$base.o.d. We have to check for both files, because + # one of the two compilations can be disabled. We should prefer + # $dir$base.o.d over $dir.libs/$base.o.d because the latter is + # automatically cleaned when .libs/ is deleted, while ignoring + # the former would cause a distcleancheck panic. + tmpdepfile1=$dir$base.o.d # libtool 1.5 + tmpdepfile2=$dir.libs/$base.o.d # Likewise. + tmpdepfile3=$dir.libs/$base.d # Compaq CCC V6.2-504 + "$@" -Wc,-MD + else + tmpdepfile1=$dir$base.d + tmpdepfile2=$dir$base.d + tmpdepfile3=$dir$base.d + "$@" -MD + fi + + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + exit $stat + fi + + for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + do + test -f "$tmpdepfile" && break + done + # Same post-processing that is required for AIX mode. + aix_post_process_depfile + ;; + +msvc7) + if test "$libtool" = yes; then + showIncludes=-Wc,-showIncludes + else + showIncludes=-showIncludes + fi + "$@" $showIncludes > "$tmpdepfile" + stat=$? + grep -v '^Note: including file: ' "$tmpdepfile" + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + echo "$object : \\" > "$depfile" + # The first sed program below extracts the file names and escapes + # backslashes for cygpath. The second sed program outputs the file + # name when reading, but also accumulates all include files in the + # hold buffer in order to output them again at the end. This only + # works with sed implementations that can handle large buffers. + sed < "$tmpdepfile" -n ' +/^Note: including file: *\(.*\)/ { + s//\1/ + s/\\/\\\\/g + p +}' | $cygpath_u | sort -u | sed -n ' +s/ /\\ /g +s/\(.*\)/'"$tab"'\1 \\/p +s/.\(.*\) \\/\1:/ +H +$ { + s/.*/'"$tab"'/ + G + p +}' >> "$depfile" + echo >> "$depfile" # make sure the fragment doesn't end with a backslash + rm -f "$tmpdepfile" + ;; + +msvc7msys) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; #nosideeffect) # This comment above is used by automake to tell side-effect @@ -404,13 +574,13 @@ dashmstdout) # Remove the call to Libtool. if test "$libtool" = yes; then - while test $1 != '--mode=compile'; do + while test "X$1" != 'X--mode=compile'; do shift done shift fi - # Remove `-o $object'. + # Remove '-o $object'. IFS=" " for arg do @@ -430,18 +600,18 @@ dashmstdout) done test -z "$dashmflag" && dashmflag=-M - # Require at least two characters before searching for `:' + # Require at least two characters before searching for ':' # in the target name. This is to cope with DOS-style filenames: - # a dependency such as `c:/foo/bar' could be seen as target `c' otherwise. + # a dependency such as 'c:/foo/bar' could be seen as target 'c' otherwise. "$@" $dashmflag | - sed 's:^[ ]*[^: ][^:][^:]*\:[ ]*:'"$object"'\: :' > "$tmpdepfile" + sed "s|^[$tab ]*[^:$tab ][^:][^:]*:[$tab ]*|$object: |" > "$tmpdepfile" rm -f "$depfile" cat < "$tmpdepfile" > "$depfile" - tr ' ' ' -' < "$tmpdepfile" | \ -## Some versions of the HPUX 10.20 sed can't process this invocation -## correctly. Breaking it into two sed invocations is a workaround. - sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" + # Some versions of the HPUX 10.20 sed can't process this sed invocation + # correctly. Breaking it into two sed invocations is a workaround. + tr ' ' "$nl" < "$tmpdepfile" \ + | sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \ + | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" ;; @@ -455,41 +625,51 @@ makedepend) "$@" || exit $? # Remove any Libtool call if test "$libtool" = yes; then - while test $1 != '--mode=compile'; do + while test "X$1" != 'X--mode=compile'; do shift done shift fi # X makedepend shift - cleared=no - for arg in "$@"; do + cleared=no eat=no + for arg + do case $cleared in no) set ""; shift cleared=yes ;; esac + if test $eat = yes; then + eat=no + continue + fi case "$arg" in -D*|-I*) set fnord "$@" "$arg"; shift ;; # Strip any option that makedepend may not understand. Remove # the object too, otherwise makedepend will parse it as a source file. + -arch) + eat=yes ;; -*|$object) ;; *) set fnord "$@" "$arg"; shift ;; esac done - obj_suffix="`echo $object | sed 's/^.*\././'`" + obj_suffix=`echo "$object" | sed 's/^.*\././'` touch "$tmpdepfile" ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@" rm -f "$depfile" - cat < "$tmpdepfile" > "$depfile" - sed '1,2d' "$tmpdepfile" | tr ' ' ' -' | \ -## Some versions of the HPUX 10.20 sed can't process this invocation -## correctly. Breaking it into two sed invocations is a workaround. - sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" + # makedepend may prepend the VPATH from the source file name to the object. + # No need to regex-escape $object, excess matching of '.' is harmless. + sed "s|^.*\($object *:\)|\1|" "$tmpdepfile" > "$depfile" + # Some versions of the HPUX 10.20 sed can't process the last invocation + # correctly. Breaking it into two sed invocations is a workaround. + sed '1,2d' "$tmpdepfile" \ + | tr ' ' "$nl" \ + | sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \ + | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" "$tmpdepfile".bak ;; @@ -500,13 +680,13 @@ cpp) # Remove the call to Libtool. if test "$libtool" = yes; then - while test $1 != '--mode=compile'; do + while test "X$1" != 'X--mode=compile'; do shift done shift fi - # Remove `-o $object'. + # Remove '-o $object'. IFS=" " for arg do @@ -525,10 +705,10 @@ cpp) esac done - "$@" -E | - sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \ - -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' | - sed '$ s: \\$::' > "$tmpdepfile" + "$@" -E \ + | sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \ + -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \ + | sed '$ s: \\$::' > "$tmpdepfile" rm -f "$depfile" echo "$object : \\" > "$depfile" cat < "$tmpdepfile" >> "$depfile" @@ -538,35 +718,56 @@ cpp) msvisualcpp) # Important note: in order to support this mode, a compiler *must* - # always write the preprocessed file to stdout, regardless of -o, - # because we must use -o when running libtool. + # always write the preprocessed file to stdout. "$@" || exit $? + + # Remove the call to Libtool. + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + IFS=" " for arg do case "$arg" in + -o) + shift + ;; + $object) + shift + ;; "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI") - set fnord "$@" - shift - shift - ;; + set fnord "$@" + shift + shift + ;; *) - set fnord "$@" "$arg" - shift - shift - ;; + set fnord "$@" "$arg" + shift + shift + ;; esac done - "$@" -E | - sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::echo "`cygpath -u \\"\1\\"`":p' | sort | uniq > "$tmpdepfile" + "$@" -E 2>/dev/null | + sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile" rm -f "$depfile" echo "$object : \\" > "$depfile" - . "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s:: \1 \\:p' >> "$depfile" - echo " " >> "$depfile" - . "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s::\1\::p' >> "$depfile" + sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::'"$tab"'\1 \\:p' >> "$depfile" + echo "$tab" >> "$depfile" + sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile" rm -f "$tmpdepfile" ;; +msvcmsys) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + none) exec "$@" ;; @@ -585,5 +786,6 @@ exit 0 # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-end: "$" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" # End: diff --git a/build-aux/install-sh b/build-aux/install-sh index a5897de..377bb86 100755 --- a/build-aux/install-sh +++ b/build-aux/install-sh @@ -1,7 +1,7 @@ #!/bin/sh # install - install a program, script, or datafile -scriptversion=2006-12-25.00 +scriptversion=2011-11-20.07; # UTC # This originates from X11R5 (mit/util/scripts/install.sh), which was # later released in X11R6 (xc/config/util/install.sh) with the @@ -35,7 +35,7 @@ scriptversion=2006-12-25.00 # FSF changes to this file are in the public domain. # # Calling this script install-sh is preferred over install.sh, to prevent -# `make' implicit rules from creating a file called install from it +# 'make' implicit rules from creating a file called install from it # when there is no Makefile. # # This script is compatible with the BSD install script, but was written @@ -156,6 +156,10 @@ while test $# -ne 0; do -s) stripcmd=$stripprog;; -t) dst_arg=$2 + # Protect names problematic for 'test' and other utilities. + case $dst_arg in + -* | [=\(\)!]) dst_arg=./$dst_arg;; + esac shift;; -T) no_target_directory=true;; @@ -186,6 +190,10 @@ if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then fi shift # arg dst_arg=$arg + # Protect names problematic for 'test' and other utilities. + case $dst_arg in + -* | [=\(\)!]) dst_arg=./$dst_arg;; + esac done fi @@ -194,13 +202,17 @@ if test $# -eq 0; then echo "$0: no input file specified." >&2 exit 1 fi - # It's OK to call `install-sh -d' without argument. + # It's OK to call 'install-sh -d' without argument. # This can happen when creating conditional directories. exit 0 fi if test -z "$dir_arg"; then - trap '(exit $?); exit' 1 2 13 15 + do_exit='(exit $ret); exit $ret' + trap "ret=129; $do_exit" 1 + trap "ret=130; $do_exit" 2 + trap "ret=141; $do_exit" 13 + trap "ret=143; $do_exit" 15 # Set umask so as not to create temps with too-generous modes. # However, 'strip' requires both read and write access to temps. @@ -228,9 +240,9 @@ fi for src do - # Protect names starting with `-'. + # Protect names problematic for 'test' and other utilities. case $src in - -*) src=./$src;; + -* | [=\(\)!]) src=./$src;; esac if test -n "$dir_arg"; then @@ -252,12 +264,7 @@ do echo "$0: no destination specified." >&2 exit 1 fi - dst=$dst_arg - # Protect names starting with `-'. - case $dst in - -*) dst=./$dst;; - esac # If destination is a directory, append the input filename; won't work # if double slashes aren't ignored. @@ -347,7 +354,7 @@ do if test -z "$dir_arg" || { # Check for POSIX incompatibilities with -m. # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or - # other-writeable bit of parent directory when it shouldn't. + # other-writable bit of parent directory when it shouldn't. # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. ls_ld_tmpdir=`ls -ld "$tmpdir"` case $ls_ld_tmpdir in @@ -385,7 +392,7 @@ do case $dstdir in /*) prefix='/';; - -*) prefix='./';; + [-=\(\)!]*) prefix='./';; *) prefix='';; esac @@ -403,7 +410,7 @@ do for d do - test -z "$d" && continue + test X"$d" = X && continue prefix=$prefix$d if test -d "$prefix"; then @@ -515,5 +522,6 @@ done # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-end: "$" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" # End: diff --git a/build-aux/missing b/build-aux/missing index 86a8fc3..db98974 100755 --- a/build-aux/missing +++ b/build-aux/missing @@ -1,11 +1,10 @@ #! /bin/sh -# Common stub for a few missing GNU programs while installing. +# Common wrapper for a few potentially missing GNU programs. -scriptversion=2012-01-06.13; # UTC +scriptversion=2013-10-28.13; # UTC -# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006, -# 2008, 2009, 2010, 2011, 2012 Free Software Foundation, Inc. -# Originally by Fran,cois Pinard , 1996. +# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Originally written by Fran,cois Pinard , 1996. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -26,68 +25,40 @@ scriptversion=2012-01-06.13; # UTC # the same distribution terms that you use for the rest of that program. if test $# -eq 0; then - echo 1>&2 "Try \`$0 --help' for more information" + echo 1>&2 "Try '$0 --help' for more information" exit 1 fi -run=: -sed_output='s/.* --output[ =]\([^ ]*\).*/\1/p' -sed_minuso='s/.* -o \([^ ]*\).*/\1/p' - -# In the cases where this matters, `missing' is being run in the -# srcdir already. -if test -f configure.ac; then - configure_ac=configure.ac -else - configure_ac=configure.in -fi +case $1 in -msg="missing on your system" + --is-lightweight) + # Used by our autoconf macros to check whether the available missing + # script is modern enough. + exit 0 + ;; -case $1 in ---run) - # Try to run requested program, and just exit if it succeeds. - run= - shift - "$@" && exit 0 - # Exit code 63 means version mismatch. This often happens - # when the user try to use an ancient version of a tool on - # a file that requires a minimum version. In this case we - # we should proceed has if the program had been absent, or - # if --run hadn't been passed. - if test $? = 63; then - run=: - msg="probably too old" - fi - ;; + --run) + # Back-compat with the calling convention used by older automake. + shift + ;; -h|--h|--he|--hel|--help) echo "\ $0 [OPTION]... PROGRAM [ARGUMENT]... -Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an -error status if there is no known handling for PROGRAM. +Run 'PROGRAM [ARGUMENT]...', returning a proper advice when this fails due +to PROGRAM being missing or too old. Options: -h, --help display this help and exit -v, --version output version information and exit - --run try to run the given command, and emulate it if it fails Supported PROGRAM values: - aclocal touch file \`aclocal.m4' - autoconf touch file \`configure' - autoheader touch file \`config.h.in' - autom4te touch the output file, or create a stub one - automake touch all \`Makefile.in' files - bison create \`y.tab.[ch]', if possible, from existing .[ch] - flex create \`lex.yy.c', if possible, from existing .c - help2man touch the output file - lex create \`lex.yy.c', if possible, from existing .c - makeinfo touch the output file - yacc create \`y.tab.[ch]', if possible, from existing .[ch] + aclocal autoconf autoheader autom4te automake makeinfo + bison yacc flex lex help2man -Version suffixes to PROGRAM as well as the prefixes \`gnu-', \`gnu', and -\`g' are ignored when checking the name. +Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and +'g' are ignored when checking the name. Send bug reports to ." exit $? @@ -99,228 +70,141 @@ Send bug reports to ." ;; -*) - echo 1>&2 "$0: Unknown \`$1' option" - echo 1>&2 "Try \`$0 --help' for more information" + echo 1>&2 "$0: unknown '$1' option" + echo 1>&2 "Try '$0 --help' for more information" exit 1 ;; esac -# normalize program name to check for. -program=`echo "$1" | sed ' - s/^gnu-//; t - s/^gnu//; t - s/^g//; t'` - -# Now exit if we have it, but it failed. Also exit now if we -# don't have it and --version was passed (most likely to detect -# the program). This is about non-GNU programs, so use $1 not -# $program. -case $1 in - lex*|yacc*) - # Not GNU programs, they don't have --version. - ;; - - *) - if test -z "$run" && ($1 --version) > /dev/null 2>&1; then - # We have it, but it failed. - exit 1 - elif test "x$2" = "x--version" || test "x$2" = "x--help"; then - # Could not run --version or --help. This is probably someone - # running `$TOOL --version' or `$TOOL --help' to check whether - # $TOOL exists and not knowing $TOOL uses missing. - exit 1 - fi - ;; -esac - -# If it does not exist, or fails to run (possibly an outdated version), -# try to emulate it. -case $program in - aclocal*) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified \`acinclude.m4' or \`${configure_ac}'. You might want - to install the \`Automake' and \`Perl' packages. Grab them from - any GNU archive site." - touch aclocal.m4 - ;; - - autoconf*) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified \`${configure_ac}'. You might want to install the - \`Autoconf' and \`GNU m4' packages. Grab them from any GNU - archive site." - touch configure - ;; - - autoheader*) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified \`acconfig.h' or \`${configure_ac}'. You might want - to install the \`Autoconf' and \`GNU m4' packages. Grab them - from any GNU archive site." - files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}` - test -z "$files" && files="config.h" - touch_files= - for f in $files; do - case $f in - *:*) touch_files="$touch_files "`echo "$f" | - sed -e 's/^[^:]*://' -e 's/:.*//'`;; - *) touch_files="$touch_files $f.in";; - esac - done - touch $touch_files - ;; - - automake*) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'. - You might want to install the \`Automake' and \`Perl' packages. - Grab them from any GNU archive site." - find . -type f -name Makefile.am -print | - sed 's/\.am$/.in/' | - while read f; do touch "$f"; done - ;; - - autom4te*) - echo 1>&2 "\ -WARNING: \`$1' is needed, but is $msg. - You might have modified some files without having the - proper tools for further handling them. - You can get \`$1' as part of \`Autoconf' from any GNU - archive site." - - file=`echo "$*" | sed -n "$sed_output"` - test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` - if test -f "$file"; then - touch $file - else - test -z "$file" || exec >$file - echo "#! /bin/sh" - echo "# Created by GNU Automake missing as a replacement of" - echo "# $ $@" - echo "exit 0" - chmod +x $file - exit 1 - fi - ;; - - bison*|yacc*) - echo 1>&2 "\ -WARNING: \`$1' $msg. You should only need it if - you modified a \`.y' file. You may need the \`Bison' package - in order for those modifications to take effect. You can get - \`Bison' from any GNU archive site." - rm -f y.tab.c y.tab.h - if test $# -ne 1; then - eval LASTARG=\${$#} - case $LASTARG in - *.y) - SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'` - if test -f "$SRCFILE"; then - cp "$SRCFILE" y.tab.c - fi - SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'` - if test -f "$SRCFILE"; then - cp "$SRCFILE" y.tab.h - fi - ;; - esac - fi - if test ! -f y.tab.h; then - echo >y.tab.h - fi - if test ! -f y.tab.c; then - echo 'main() { return 0; }' >y.tab.c - fi - ;; - - lex*|flex*) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified a \`.l' file. You may need the \`Flex' package - in order for those modifications to take effect. You can get - \`Flex' from any GNU archive site." - rm -f lex.yy.c - if test $# -ne 1; then - eval LASTARG=\${$#} - case $LASTARG in - *.l) - SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'` - if test -f "$SRCFILE"; then - cp "$SRCFILE" lex.yy.c - fi - ;; - esac - fi - if test ! -f lex.yy.c; then - echo 'main() { return 0; }' >lex.yy.c - fi - ;; - - help2man*) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified a dependency of a manual page. You may need the - \`Help2man' package in order for those modifications to take - effect. You can get \`Help2man' from any GNU archive site." - - file=`echo "$*" | sed -n "$sed_output"` - test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` - if test -f "$file"; then - touch $file - else - test -z "$file" || exec >$file - echo ".ab help2man is required to generate this page" - exit $? - fi - ;; - - makeinfo*) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified a \`.texi' or \`.texinfo' file, or any other file - indirectly affecting the aspect of the manual. The spurious - call might also be the consequence of using a buggy \`make' (AIX, - DU, IRIX). You might want to install the \`Texinfo' package or - the \`GNU make' package. Grab either from any GNU archive site." - # The file to touch is that specified with -o ... - file=`echo "$*" | sed -n "$sed_output"` - test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` - if test -z "$file"; then - # ... or it is the one specified with @setfilename ... - infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'` - file=`sed -n ' - /^@setfilename/{ - s/.* \([^ ]*\) *$/\1/ - p - q - }' $infile` - # ... or it is derived from the source name (dir/f.texi becomes f.info) - test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info - fi - # If the file does not exist, the user really needs makeinfo; - # let's fail without touching anything. - test -f $file || exit 1 - touch $file - ;; +# Run the given program, remember its exit status. +"$@"; st=$? + +# If it succeeded, we are done. +test $st -eq 0 && exit 0 + +# Also exit now if we it failed (or wasn't found), and '--version' was +# passed; such an option is passed most likely to detect whether the +# program is present and works. +case $2 in --version|--help) exit $st;; esac + +# Exit code 63 means version mismatch. This often happens when the user +# tries to use an ancient version of a tool on a file that requires a +# minimum version. +if test $st -eq 63; then + msg="probably too old" +elif test $st -eq 127; then + # Program was missing. + msg="missing on your system" +else + # Program was found and executed, but failed. Give up. + exit $st +fi - *) - echo 1>&2 "\ -WARNING: \`$1' is needed, and is $msg. - You might have modified some files without having the - proper tools for further handling them. Check the \`README' file, - it often tells you about the needed prerequisites for installing - this package. You may also peek at any GNU archive site, in case - some other package would contain this missing \`$1' program." - exit 1 +perl_URL=http://www.perl.org/ +flex_URL=http://flex.sourceforge.net/ +gnu_software_URL=http://www.gnu.org/software + +program_details () +{ + case $1 in + aclocal|automake) + echo "The '$1' program is part of the GNU Automake package:" + echo "<$gnu_software_URL/automake>" + echo "It also requires GNU Autoconf, GNU m4 and Perl in order to run:" + echo "<$gnu_software_URL/autoconf>" + echo "<$gnu_software_URL/m4/>" + echo "<$perl_URL>" + ;; + autoconf|autom4te|autoheader) + echo "The '$1' program is part of the GNU Autoconf package:" + echo "<$gnu_software_URL/autoconf/>" + echo "It also requires GNU m4 and Perl in order to run:" + echo "<$gnu_software_URL/m4/>" + echo "<$perl_URL>" + ;; + esac +} + +give_advice () +{ + # Normalize program name to check for. + normalized_program=`echo "$1" | sed ' + s/^gnu-//; t + s/^gnu//; t + s/^g//; t'` + + printf '%s\n' "'$1' is $msg." + + configure_deps="'configure.ac' or m4 files included by 'configure.ac'" + case $normalized_program in + autoconf*) + echo "You should only need it if you modified 'configure.ac'," + echo "or m4 files included by it." + program_details 'autoconf' + ;; + autoheader*) + echo "You should only need it if you modified 'acconfig.h' or" + echo "$configure_deps." + program_details 'autoheader' + ;; + automake*) + echo "You should only need it if you modified 'Makefile.am' or" + echo "$configure_deps." + program_details 'automake' + ;; + aclocal*) + echo "You should only need it if you modified 'acinclude.m4' or" + echo "$configure_deps." + program_details 'aclocal' + ;; + autom4te*) + echo "You might have modified some maintainer files that require" + echo "the 'autom4te' program to be rebuilt." + program_details 'autom4te' + ;; + bison*|yacc*) + echo "You should only need it if you modified a '.y' file." + echo "You may want to install the GNU Bison package:" + echo "<$gnu_software_URL/bison/>" + ;; + lex*|flex*) + echo "You should only need it if you modified a '.l' file." + echo "You may want to install the Fast Lexical Analyzer package:" + echo "<$flex_URL>" + ;; + help2man*) + echo "You should only need it if you modified a dependency" \ + "of a man page." + echo "You may want to install the GNU Help2man package:" + echo "<$gnu_software_URL/help2man/>" ;; -esac - -exit 0 + makeinfo*) + echo "You should only need it if you modified a '.texi' file, or" + echo "any other file indirectly affecting the aspect of the manual." + echo "You might want to install the Texinfo package:" + echo "<$gnu_software_URL/texinfo/>" + echo "The spurious makeinfo call might also be the consequence of" + echo "using a buggy 'make' (AIX, DU, IRIX), in which case you might" + echo "want to install GNU make:" + echo "<$gnu_software_URL/make/>" + ;; + *) + echo "You might have modified some files without having the proper" + echo "tools for further handling them. Check the 'README' file, it" + echo "often tells you about the needed prerequisites for installing" + echo "this package. You may also peek at any GNU archive site, in" + echo "case some other package contains this missing '$1' program." + ;; + esac +} + +give_advice "$1" | sed -e '1s/^/WARNING: /' \ + -e '2,$s/^/ /' >&2 + +# Propagate the correct exit status (expected to be 127 for a program +# not found, 63 for a program that failed due to version mismatch). +exit $st # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) diff --git a/configure.ac b/configure.ac index 4660122..3b444a0 100644 --- a/configure.ac +++ b/configure.ac @@ -20,7 +20,7 @@ # (Process this file with autoconf to produce a configure script.) AC_PREREQ(2.59) -min_automake_version="1.11" +min_automake_version="1.14" # To build a release you need to create a tag with the version number # (git tag -s gpgme-n.m.k) and run "./autogen.sh --force". Please @@ -77,9 +77,7 @@ AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_SRCDIR(src/gpgme.h.in) AC_CONFIG_HEADER(config.h) -# Note: For automake 1.13 add the option -# serial-tests -AM_INIT_AUTOMAKE([dist-bzip2 no-dist-gzip]) +AM_INIT_AUTOMAKE([serial-tests dist-bzip2 no-dist-gzip]) AM_MAINTAINER_MODE AC_CANONICAL_HOST AM_SILENT_RULES diff --git a/tests/Makefile.am b/tests/Makefile.am index 0ecdab2..4b465d8 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -25,9 +25,7 @@ TESTS = t-version t-data t-engine-info EXTRA_DIST = t-data-1.txt t-data-2.txt ChangeLog-2011 -INCLUDES = -I$(top_builddir)/src - -AM_CPPFLAGS = @GPG_ERROR_CFLAGS@ +AM_CPPFLAGS = -I$(top_builddir)/src @GPG_ERROR_CFLAGS@ LDADD = ../src/libgpgme.la @GPG_ERROR_LIBS@ noinst_HEADERS = run-support.h diff --git a/tests/gpg/Makefile.am b/tests/gpg/Makefile.am index 5c1266e..5f40dfe 100644 --- a/tests/gpg/Makefile.am +++ b/tests/gpg/Makefile.am @@ -57,9 +57,7 @@ EXTRA_DIST = start-stop-agent initial.test final.test \ pubdemo.asc secdemo.asc cipher-1.asc cipher-2.asc \ geheim.txt pubkey-1.asc seckey-1.asc pinentry $(private_keys) -INCLUDES = -I$(top_builddir)/src - -AM_CPPFLAGS = @GPG_ERROR_CFLAGS@ +AM_CPPFLAGS = -I$(top_builddir)/src @GPG_ERROR_CFLAGS@ LDADD = ../../src/libgpgme.la t_thread1_LDADD = ../../src/libgpgme-pthread.la -lpthread diff --git a/tests/gpgsm/Makefile.am b/tests/gpgsm/Makefile.am index ecc53a6..bf616d3 100644 --- a/tests/gpgsm/Makefile.am +++ b/tests/gpgsm/Makefile.am @@ -29,9 +29,7 @@ TESTS = t-import t-keylist t-encrypt t-verify t-decrypt t-sign t-export EXTRA_DIST = cert_dfn_pca01.der cert_dfn_pca15.der cert_g10code_test1.der \ $(key_id) -INCLUDES = -I$(top_builddir)/src - -AM_CPPFLAGS = @GPG_ERROR_CFLAGS@ +AM_CPPFLAGS = -I$(top_builddir)/src @GPG_ERROR_CFLAGS@ LDADD = ../../src/libgpgme.la # We don't run t-genkey in the test suite, because it takes too long diff --git a/tests/opassuan/Makefile.am b/tests/opassuan/Makefile.am index 2446007..31d26ed 100644 --- a/tests/opassuan/Makefile.am +++ b/tests/opassuan/Makefile.am @@ -1,35 +1,33 @@ # Copyright (C) 2009 g10 Code GmbH -# +# # This file is part of GPGME. -# +# # GPGME is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as # published by the Free Software Foundation; either version 2.1 of the # License, or (at your option) any later version. -# +# # GPGME is distributed in the hope that it will be useful, but WITHOUT # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General # Public License for more details. -# +# # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . ## Process this file with automake to produce Makefile.in -TESTS_ENVIRONMENT = GNUPGHOME=$(abs_builddir) GPG_AGENT_INFO= +TESTS_ENVIRONMENT = GNUPGHOME=$(abs_builddir) GPG_AGENT_INFO= noinst_HEADERS = -TESTS = +TESTS = -EXTRA_DIST = +EXTRA_DIST = -INCLUDES = -I$(top_builddir)/src - -AM_CPPFLAGS = @GPG_ERROR_CFLAGS@ +AM_CPPFLAGS = -I$(top_builddir)/src @GPG_ERROR_CFLAGS@ LDADD = ../../src/libgpgme.la noinst_PROGRAMS = $(TESTS) t-command -DISTCLEANFILES = +DISTCLEANFILES = ----------------------------------------------------------------------- Summary of changes: build-aux/compile | 356 ++++++++++++++++++++++----- build-aux/config.guess | 351 ++++++++++----------------- build-aux/config.sub | 132 ++++++---- build-aux/depcomp | 586 ++++++++++++++++++++++++++++++--------------- build-aux/install-sh | 38 +-- build-aux/missing | 414 ++++++++++++-------------------- configure.ac | 6 +- tests/Makefile.am | 4 +- tests/gpg/Makefile.am | 4 +- tests/gpgsm/Makefile.am | 4 +- tests/opassuan/Makefile.am | 20 +- 11 files changed, 1086 insertions(+), 829 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Fri Feb 6 00:24:51 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 06 Feb 2015 00:24:51 +0100 Subject: [git] gnupg-doc - branch, master, updated. ea7e17dafbb7acfa201d628edf2d0cebf8742206 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via ea7e17dafbb7acfa201d628edf2d0cebf8742206 (commit) via f9dac45c4a69803f0a3b22a068123158e9682a4c (commit) from 650d86f2193ce6125c8c60fb39499f0b11069503 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ea7e17dafbb7acfa201d628edf2d0cebf8742206 Author: Werner Koch Date: Fri Feb 6 00:24:25 2015 +0100 tools: Fix overflow of the donation progress bar. diff --git a/tools/mkkudos.sh b/tools/mkkudos.sh index 3dbcab8..6d7e32b 100755 --- a/tools/mkkudos.sh +++ b/tools/mkkudos.sh @@ -87,8 +87,9 @@ goal="120000" tmp=$(grep '^2014:12:' "$donations") euro=$(echo "$tmp" | awk -F: '{printf "%d", int($8 + 0.5)}') euro=$(($euro + $euroyr_campaign)) -percent=$(echo "$euro:$goal" | awk -F: '{printf "%d",(int($1)*100)/int($2)}') - +percent=$(echo "$euro:$goal" | awk -F: '{ p = (int($1)*100)/int($2); + if(p > 100) { p = 100 }; + printf "%d", p}') for file in "$htdocs/donate/"kudos-????.html "$htdocs/donate/"kudos.html \ "$htdocs/donate/"index.html \ commit f9dac45c4a69803f0a3b22a068123158e9682a4c Author: Werner Koch Date: Wed Feb 4 10:39:04 2015 +0100 web: Minor instruction change on how to build from git. diff --git a/web/download/cvs_access.org b/web/download/cvs_access.org index 0887139..62ffe9c 100644 --- a/web/download/cvs_access.org +++ b/web/download/cvs_access.org @@ -28,14 +28,14 @@ git clone git://git.gnupg.org/gnupg.git #+END_EXAMPLE - You must run =scripts/autogen.sh= before doing the =./configure - --enable-maintainer-mode=, as this creates some needed files which - are not stored in the repository. =autogen.sh= should check that you - have all required tools installed. Please read the GIT manual pages - before doing so. The =master= revision is the development branch; - the stable 2.0 version (currently version {{{gnupg_ver}}}) is known - as =STABLE-BRANCH-2-0=; the stable 1.4 version of GnuPG - ({{{gnupg1_ver}}}) is known as =STABLE-BRANCH-1-4=. + You must run =./autogen.sh= before running the =./configure= in the + way suggested by the putput of =autogen.sh=. This creates some + required files which are not stored in the repository. =autogen.sh= + also checks that you have all required tools installed. Please read + the GIT manual pages before doing so. The =master= revision is the + development branch; the stable 2.0 version (currently version + {{{gnupg_ver}}}) is known as =STABLE-BRANCH-2-0=; the stable 1.4 + version of GnuPG ({{{gnupg1_ver}}}) is known as =STABLE-BRANCH-1-4=. Bug reports should go to the developers mailing list. See the page on [[../documentation/mailing-lists.org][mailing lists]] . ----------------------------------------------------------------------- Summary of changes: tools/mkkudos.sh | 5 +++-- web/download/cvs_access.org | 16 ++++++++-------- 2 files changed, 11 insertions(+), 10 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri Feb 6 12:48:56 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 06 Feb 2015 12:48:56 +0100 Subject: [git] gnupg-doc - branch, master, updated. cea06837791feceacba5e51c9c4e4f98241e342e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via cea06837791feceacba5e51c9c4e4f98241e342e (commit) from ea7e17dafbb7acfa201d628edf2d0cebf8742206 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cea06837791feceacba5e51c9c4e4f98241e342e Author: Werner Koch Date: Fri Feb 6 12:48:28 2015 +0100 web: Add a Thank you note for the current campaign. diff --git a/web/index.org b/web/index.org index 946afff..ae05844 100644 --- a/web/index.org +++ b/web/index.org @@ -29,11 +29,38 @@ style="width: 0%"> #+END_HTML For a critical project of this size two experienced developers are -required for proper operation. This requires gross revenues of 120000 -Euro per year. Unfortunately there is currently only one underpaid -full time developer who is barely able to keep up with the work; see -this [[file:blog/20141214-gnupg-and-g10.org][blog entry]] for some backgound. Please help to secure the -future of GnuPG and consider to [[file:donate/index.org][donate]] to this project [[file:donate/index.org][now]]. +required for proper operation. This requires gross revenues of at +least 120000 Euro per year. Unfortunately there is currently only one +underpaid full time developer who is barely able to keep up with the +work; see this [[file:blog/20141214-gnupg-and-g10.org][blog entry]] for some backgound. Please help to secure +the future of GnuPG and consider to [[file:donate/index.org][donate]] to this project [[file:donate/index.org][now]]. +(Donating Bitcoins is possible via the Wau Holland Stiftung; see the +[[file:donate/index.org][donation page]] for details.) + +** A big Thanks to all supporters + +Due to this [[http://www.propublica.org/article/the-worlds-email-encryption-software-relies-on-one-guy-who-is-going-broke][ProPublica article]] we received more than 120,000 \euro of +individual donations on a single day. There is even more: The [[http://www.linuxfoundation.org/programs/core-infrastructure-initiative][Core +Infrastructure Initiative]] granted 60,000 $ for 2015. Our payment +service [[https://twitter.com/stripe/status/563449352635432960][Stripe]] and [[https://www.facebook.com/notes/protect-the-graph/supporting-gnu-privacy-guard/1564591893780956][Facebook]] will each give 50,000 $ to the project. +And finally the [[https://www.wauland.de/en/donation.html#61][Wau Holland Stiftung]] is collecting tax deductible +funds for GnuPG (7000 \euro in December; numbers for January will be +posted soon). + +As the main author of GnuPG, I like to thank everyone for supporting +the project, be it small or large individual donations, helping users, +providing corporate sponsorship, working on the software, and for all +the encouraging words. + +GnuPG does not stand alone: there are many other projects, often +unknown to most people, which are essential to keep the free Internet +running. Many of them are run by volunteers who spend a lot of unpaid +time on them. They need our support as well. + +/--- Werner, 2015-02-06/ + + + * The GNU Privacy Guard ----------------------------------------------------------------------- Summary of changes: web/index.org | 37 ++++++++++++++++++++++++++++++++----- 1 file changed, 32 insertions(+), 5 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Sun Feb 8 19:08:30 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sun, 08 Feb 2015 19:08:30 +0100 Subject: [git] gnupg-doc - branch, master, updated. 32e7375719d592eb4915991197f6f9ca689d07e8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 32e7375719d592eb4915991197f6f9ca689d07e8 (commit) from cea06837791feceacba5e51c9c4e4f98241e342e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 32e7375719d592eb4915991197f6f9ca689d07e8 Author: Werner Koch Date: Sun Feb 8 19:07:48 2015 +0100 web: Add amount of funds collected by WHS. diff --git a/web/index.org b/web/index.org index ae05844..e9d16fa 100644 --- a/web/index.org +++ b/web/index.org @@ -44,8 +44,7 @@ individual donations on a single day. There is even more: The [[http://www.linu Infrastructure Initiative]] granted 60,000 $ for 2015. Our payment service [[https://twitter.com/stripe/status/563449352635432960][Stripe]] and [[https://www.facebook.com/notes/protect-the-graph/supporting-gnu-privacy-guard/1564591893780956][Facebook]] will each give 50,000 $ to the project. And finally the [[https://www.wauland.de/en/donation.html#61][Wau Holland Stiftung]] is collecting tax deductible -funds for GnuPG (7000 \euro in December; numbers for January will be -posted soon). +funds for GnuPG (19000 \euro plus 57 BTC). As the main author of GnuPG, I like to thank everyone for supporting the project, be it small or large individual donations, helping users, @@ -135,7 +134,7 @@ restart the dirmngr process. Read the full [[http://lists.gnupg.org/pipermail/g ** GnuPG 2.1.0 with ECC support released (2014-11-06) -This is the first released of the new /modern/ branch of GnuPG. It +This is the first release of the new /modern/ branch of GnuPG. It features a lot of new things including support for ECC. Read more at the [[file:faq/whats-new-in-2.1.org][feature overview]] page and in the [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000358.html][announcement]] mail. ----------------------------------------------------------------------- Summary of changes: web/index.org | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Mon Feb 9 17:24:16 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 09 Feb 2015 17:24:16 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.1-65-gf0f71a7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via f0f71a721ccd7ab9e40b8b6b028b59632c0cc648 (commit) via 0835d2f44ef62eab51fce6a927908f544e01cf8f (commit) via 39978487863066e59bb657f5fe4e8baab510da7e (commit) from 0de5c6a9a783ed9dc69cecbf34eadcaace4be243 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f0f71a721ccd7ab9e40b8b6b028b59632c0cc648 Author: Werner Koch Date: Mon Feb 9 15:46:00 2015 +0100 gpg: Prevent an invalid memory read using a garbled keyring. * g10/keyring.c (keyring_get_keyblock): Whitelist allowed packet types. * g10/keydb.c (parse_keyblock_image): Ditto. -- The keyring DB code did not reject packets which don't belong into a keyring. If for example the keyblock contains a literal data packet it is expected that the processing code stops at the data packet and reads from the input stream which is referenced from the data packets. Obviously the keyring processing code does not and cannot do that. However, when exporting this messes up the IOBUF and leads to an invalid read of sizeof (int). We now skip all packets which are not allowed in a keyring. Reported-by: Hanno B?ck Test data: gpg2 --no-default-keyring --keyring FILE --export >/dev/null With this unpacked data for FILE: -----BEGIN PGP ARMORED FILE----- mI0EVNP2zQEEALvETPVDCJDBXkegF4esiV1fqlne40yJnCmJeDEJYocwFPXfFA86 sSGjInzgDbpbC9gQPwq91Qe9x3Vy81CkyVonPOejhINlzfpzqAAa3A6viJccZTwt DJ8E/I9jg53sbYW8q+VgfLn1hlggH/XQRT0HkXMP5y9ClURYnTsNwJhXABEBAAGs CXRlc3QgdGVzdIi5BBMBCgAjBQJU0/bNAhsDBwsJCAcDAgEGFQgCCQoLBBYCAwEC HgECF4AACgkQlsmuCapsqYLvtQP/byY0tM0Lc3moftbHQZ2eHj9ykLjsCjeMDfPx kZUUtUS3HQaqgZLZOeqPjM7XgGh5hJsd9pfhmRWJ0x+iGB47XQNpRTtdLBV/WMCS l5z3uW7e9Md7QVUVuSlJnBgQHTS6EgP8JQadPkAiF+jgpJZXP+gFs2j3gobS0qUF eyTtxs+wAgAD =uIt9 -----END PGP ARMORED FILE----- Signed-off-by: Werner Koch diff --git a/g10/keydb.c b/g10/keydb.c index 401478a..cf422a8 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -771,21 +771,30 @@ parse_keyblock_image (iobuf_t iobuf, int pk_no, int uid_no, err = gpg_error (GPG_ERR_INV_KEYRING); break; } - if (pkt->pkttype == PKT_COMPRESSED) - { - log_error ("skipped compressed packet in keybox blob\n"); - free_packet(pkt); - init_packet(pkt); - continue; - } - if (pkt->pkttype == PKT_RING_TRUST) + + /* Filter allowed packets. */ + switch (pkt->pkttype) { - log_info ("skipped ring trust packet in keybox blob\n"); + case PKT_PUBLIC_KEY: + case PKT_PUBLIC_SUBKEY: + case PKT_SECRET_KEY: + case PKT_SECRET_SUBKEY: + case PKT_USER_ID: + case PKT_ATTRIBUTE: + case PKT_SIGNATURE: + break; /* Allowed per RFC. */ + + default: + /* Note that can't allow ring trust packets here and some of + the other GPG specific packets don't make sense either. */ + log_error ("skipped packet of type %d in keybox\n", + (int)pkt->pkttype); free_packet(pkt); init_packet(pkt); continue; } + /* Other sanity checks. */ if (!in_cert && pkt->pkttype != PKT_PUBLIC_KEY) { log_error ("parse_keyblock_image: first packet in a keybox blob " diff --git a/g10/keyring.c b/g10/keyring.c index 6060f08..ee76e8a 100644 --- a/g10/keyring.c +++ b/g10/keyring.c @@ -406,12 +406,31 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb) rc = GPG_ERR_INV_KEYRING; break; } - if (pkt->pkttype == PKT_COMPRESSED) { - log_error ("skipped compressed packet in keyring\n"); + + /* Filter allowed packets. */ + switch (pkt->pkttype) + { + case PKT_PUBLIC_KEY: + case PKT_PUBLIC_SUBKEY: + case PKT_SECRET_KEY: + case PKT_SECRET_SUBKEY: + case PKT_USER_ID: + case PKT_ATTRIBUTE: + case PKT_SIGNATURE: + break; /* Allowed per RFC. */ + case PKT_RING_TRUST: + case PKT_OLD_COMMENT: + case PKT_COMMENT: + case PKT_GPG_CONTROL: + break; /* Allowed by us. */ + + default: + log_error ("skipped packet of type %d in keyring\n", + (int)pkt->pkttype); free_packet(pkt); init_packet(pkt); continue; - } + } if (in_cert && (pkt->pkttype == PKT_PUBLIC_KEY || pkt->pkttype == PKT_SECRET_KEY)) { @@ -478,7 +497,7 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb) if (rc || !ret_kb) release_kbnode (keyblock); else { - /*(duplicated form the loop body)*/ + /*(duplicated from the loop body)*/ if ( pkt && pkt->pkttype == PKT_RING_TRUST && lastnode && lastnode->pkt->pkttype == PKT_SIGNATURE commit 0835d2f44ef62eab51fce6a927908f544e01cf8f Author: Werner Koch Date: Mon Feb 9 10:54:06 2015 +0100 gpg: Fix a NULL-deref in export due to invalid packet lengths. * g10/build-packet.c (write_fake_data): Take care of a NULL stored as opaque MPI. -- Reported-by: Hanno B?ck Test data: gpg2 --no-default-keyring --keyring FILE --export With this unpacked data for FILE: -----BEGIN PGP ARMORED FILE----- Version: GnuPG v2 Comment: Use "gpg --dearmor" for unpacking mI0EGRkZGRkZGRkZGRkZGRkBGRkZGRkZGRkZGRkZGQAZGRkZGRkZGRkZGRkZGRkZ GRkZInzgDbpa/9gQ4wq9////f3Vy81CkyVq3HQaqgZLZOeqPjM7XgGh5hJvAkpec 9wAAAgDHe0FVFbkppJZXP+gFs6z3gobS0qUFeyTtxs+wAgAD =JDFT -----END PGP ARMORED FILE----- Signed-off-by: Werner Koch diff --git a/g10/build-packet.c b/g10/build-packet.c index 6bd1c9b..cda753c 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -261,6 +261,9 @@ write_fake_data (IOBUF out, gcry_mpi_t a) if (!a) return 0; p = gcry_mpi_get_opaque ( a, &n); + if (!p) + return 0; /* For example due to a read error in + parse-packet.c:read_rest. */ return iobuf_write (out, p, (n+7)/8 ); } @@ -305,9 +308,9 @@ do_key (iobuf_t out, int ctb, PKT_public_key *pk) nskey = pubkey_get_nskey (pk->pubkey_algo); npkey = pubkey_get_npkey (pk->pubkey_algo); - /* If we don't have any public parameters - which is the case if we - don't know the algorithm used - the parameters are stored as one - blob in a faked (opaque) MPI. */ + /* If we don't have any public parameters - which is for example the + case if we don't know the algorithm used - the parameters are + stored as one blob in a faked (opaque) MPI. */ if (!npkey) { write_fake_data (a, pk->pkey[0]); commit 39978487863066e59bb657f5fe4e8baab510da7e Author: Werner Koch Date: Mon Feb 9 10:21:19 2015 +0100 gpg: Fix a NULL-deref due to empty ring trust packets. * g10/parse-packet.c (parse_trust): Always allocate a packet. -- Reported-by: Hanno B?ck Signed-off-by: Werner Koch Test data: gpg2 --no-default-keyring --keyring FILE --export With this unpacked data for FILE: -----BEGIN PGP ARMORED FILE----- Version: GnuPG v2 Comment: Use "gpg --dearmor" for unpacking mI0EVNP2zQEEALvETPVDCJDBXkegF4esiV1fqlne40yJnCmJeDEJYocwFPXfFA86 sSGjInzgDbpbC9gQPwq91Qe9x3Vy81CkyVonPOejhINlzfpzqAAa3A6viJccZTwt DJ8E/I9jg53sbYW8q+VgfLn1hlggH/XQRT0HkXMP5y9ClURYnTsNwJhXABEBAAG0 CXRlc3QgdGVzdIi5BBMBCgAjBQJU0/bNAhsDBwsJCAcDAgEGFQgCCQoLBBYCAwEC HgECF4AACgkQlsmuCapsqYLvtQP/byY0tM0Lc3moftbHQZ2eHj9ykLjsCjeMDfPx kZUUtUS3HQaqgZLZOeqPjM7XgGh5hJsd9pfhmRWJ0x+iGB47XQNpRTtdLBV/WMCS l5z3uW7e9Md7QVUVuSlJnBgQHTS6EgP8JQadPkAiF+jgpJZXP+gFs2j3gobS0qUF eyTtxs+wAAAD =puSt -----END PGP ARMORED FILE----- diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 524fabe..012d373 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -2596,11 +2596,11 @@ parse_trust (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * pkt) (void) pkttype; + pkt->pkt.ring_trust = xmalloc (sizeof *pkt->pkt.ring_trust); if (pktlen) { c = iobuf_get_noeof (inp); pktlen--; - pkt->pkt.ring_trust = xmalloc (sizeof *pkt->pkt.ring_trust); pkt->pkt.ring_trust->trustval = c; pkt->pkt.ring_trust->sigcache = 0; if (!c && pktlen == 1) @@ -2619,6 +2619,8 @@ parse_trust (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * pkt) } else { + pkt->pkt.ring_trust->trustval = 0; + pkt->pkt.ring_trust->sigcache = 0; if (list_mode) es_fprintf (listfp, ":trust packet: empty\n"); } ----------------------------------------------------------------------- Summary of changes: g10/build-packet.c | 9 ++++++--- g10/keydb.c | 27 ++++++++++++++++++--------- g10/keyring.c | 27 +++++++++++++++++++++++---- g10/parse-packet.c | 4 +++- 4 files changed, 50 insertions(+), 17 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 11 10:29:58 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 11 Feb 2015 10:29:58 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.1-66-g2183683 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 2183683bd633818dd031b090b5530951de76f392 (commit) from f0f71a721ccd7ab9e40b8b6b028b59632c0cc648 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2183683bd633818dd031b090b5530951de76f392 Author: Werner Koch Date: Wed Feb 11 10:27:57 2015 +0100 Use inline functions to convert buffer data to scalars. * common/host2net.h (buf16_to_ulong, buf16_to_uint): New. (buf16_to_ushort, buf16_to_u16): New. (buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New. -- Commit 91b826a38880fd8a989318585eb502582636ddd8 was not enough to avoid all sign extension on shift problems. Hanno B?ck found a case with an invalid read due to this problem. To fix that once and for all almost all uses of "<< 24" and "<< 8" are changed by this patch to use an inline function from host2net.h. Signed-off-by: Werner Koch diff --git a/agent/cvt-openpgp.c b/agent/cvt-openpgp.c index 5f94493..cadc871 100644 --- a/agent/cvt-openpgp.c +++ b/agent/cvt-openpgp.c @@ -27,6 +27,7 @@ #include "agent.h" #include "i18n.h" #include "cvt-openpgp.h" +#include "host2net.h" /* Helper to pass data via the callback to do_unprotect. */ @@ -487,7 +488,7 @@ do_unprotect (const char *passphrase, ndata = (ndatabits+7)/8; if (ndata > 1) - csum_pgp7 = p[ndata-2] << 8 | p[ndata-1]; + csum_pgp7 = buf16_to_u16 (p+ndata-2); data = xtrymalloc_secure (ndata); if (!data) { @@ -531,7 +532,7 @@ do_unprotect (const char *passphrase, } else { - desired_csum = (data[ndata-2] << 8 | data[ndata-1]); + desired_csum = buf16_to_u16 (data+ndata-2); actual_csum = checksum (data, ndata-2); if (desired_csum != actual_csum) { @@ -586,7 +587,7 @@ do_unprotect (const char *passphrase, p = gcry_mpi_get_opaque (skey[i], &ndatabits); ndata = (ndatabits+7)/8; - if (!(ndata >= 2) || !(ndata == ((p[0] << 8 | p[1]) + 7)/8 + 2)) + if (!(ndata >= 2) || !(ndata == (buf16_to_ushort (p) + 7)/8 + 2)) { gcry_cipher_close (cipher_hd); return gpg_error (GPG_ERR_BAD_SECKEY); diff --git a/common/b64enc.c b/common/b64enc.c index 91ba69d..087f27c 100644 --- a/common/b64enc.c +++ b/common/b64enc.c @@ -253,7 +253,7 @@ b64enc_write (struct b64state *state, const void *buffer, size_t nbytes) u32 crc = state->crc; for (p=buffer, n=nbytes; n; p++, n-- ) - crc = (crc << 8) ^ crc_table[((crc >> 16)&0xff) ^ *p]; + crc = ((u32)crc << 8) ^ crc_table[((crc >> 16)&0xff) ^ *p]; state->crc = (crc & 0x00ffffff); } diff --git a/common/dns-cert.c b/common/dns-cert.c index 4e297bf..317ebb1 100644 --- a/common/dns-cert.c +++ b/common/dns-cert.c @@ -47,6 +47,7 @@ #endif #include "util.h" +#include "host2net.h" #include "dns-cert.h" /* Not every installation has gotten around to supporting CERTs @@ -130,7 +131,7 @@ get_dns_cert (const char *name, estream_t *r_key, if (datalen < 5) continue; /* Truncated CERT record - skip. */ - ctype = ((data[0] << 8) | data[1]); + ctype = buf16_to_uint (data); /* (key tag and algorithm fields are not required.) */ data += 5; datalen -= 5; @@ -262,12 +263,13 @@ get_dns_cert (const char *name, estream_t *r_key, if ((emsg - pt) < 15) break; - type = *pt++ << 8; - type |= *pt++; + type = buf16_to_u16 (pt); + pt += 2; - class = *pt++ << 8; + class = buf16_to_u16 (pt); + pt += 2; class |= *pt++; - /* We asked for IN and got something else !? */ + if (class != C_IN) break; @@ -275,8 +277,8 @@ get_dns_cert (const char *name, estream_t *r_key, pt += 4; /* data length */ - dlen = *pt++ << 8; - dlen |= *pt++; + dlen = buf16_to_u16 (pt); + pt += 2; /* We asked for CERT and got something else - might be a CNAME, so loop around again. */ @@ -287,8 +289,8 @@ get_dns_cert (const char *name, estream_t *r_key, } /* The CERT type */ - ctype = *pt++ << 8; - ctype |= *pt++; + ctype = buf16_to_u16 (pt); + pt += 2; /* Skip the CERT key tag and algo which we don't need. */ pt += 3; diff --git a/common/host2net.h b/common/host2net.h index dd20e36..be5e520 100644 --- a/common/host2net.h +++ b/common/host2net.h @@ -1,5 +1,5 @@ /* host2net.h - Endian conversion macros - * Copyright (C) 1998, 2014 Werner Koch + * Copyright (C) 1998, 2014, 2015 Werner Koch * * This file is part of GnuPG. * @@ -32,9 +32,6 @@ #include "types.h" -#define buftoulong( p ) ((*(byte*)(p) << 24) | (*((byte*)(p)+1)<< 16) | \ - (*((byte*)(p)+2) << 8) | (*((byte*)(p)+3))) -#define buftoushort( p ) ((*((byte*)(p)) << 8) | (*((byte*)(p)+1))) #define ulongtobuf( p, a ) do { \ ((byte*)p)[0] = a >> 24; \ ((byte*)p)[1] = a >> 16; \ @@ -45,8 +42,71 @@ ((byte*)p)[0] = a >> 8; \ ((byte*)p)[1] = a ; \ } while(0) -#define buftou32( p) buftoulong( (p) ) -#define u32tobuf( p, a) ulongtobuf( (p), (a) ) + + +static inline unsigned long +buf16_to_ulong (const void *buffer) +{ + const unsigned char *p = buffer; + + return (((unsigned long)p[0] << 8) | p[1]); +} + +static inline unsigned int +buf16_to_uint (const void *buffer) +{ + const unsigned char *p = buffer; + + return (((unsigned int)p[0] << 8) | p[1]); +} + +static inline unsigned short +buf16_to_ushort (const void *buffer) +{ + const unsigned char *p = buffer; + + return (((unsigned short)p[0] << 8) | p[1]); +} + +static inline u16 +buf16_to_u16 (const void *buffer) +{ + const unsigned char *p = buffer; + + return (((u16)p[0] << 8) | p[1]); +} + +static inline size_t +buf32_to_size_t (const void *buffer) +{ + const unsigned char *p = buffer; + + return (((size_t)p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]); +} + +static inline unsigned long +buf32_to_ulong (const void *buffer) +{ + const unsigned char *p = buffer; + + return (((unsigned long)p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]); +} + +static inline unsigned int +buf32_to_uint (const void *buffer) +{ + const unsigned char *p = buffer; + + return (((unsigned int)p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]); +} + +static inline u32 +buf32_to_u32 (const void *buffer) +{ + const unsigned char *p = buffer; + + return (((u32)p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]); +} #endif /*GNUPG_COMMON_HOST2NET_H*/ diff --git a/common/iobuf.c b/common/iobuf.c index badbf78..ca74bd7 100644 --- a/common/iobuf.c +++ b/common/iobuf.c @@ -871,7 +871,7 @@ block_filter (void *opaque, int control, iobuf_t chain, byte * buffer, } else if (c == 255) { - a->size = iobuf_get (chain) << 24; + a->size = (size_t)iobuf_get (chain) << 24; a->size |= iobuf_get (chain) << 16; a->size |= iobuf_get (chain) << 8; if ((c = iobuf_get (chain)) == -1) @@ -1228,9 +1228,12 @@ iobuf_t iobuf_temp_with_content (const char *buffer, size_t length) { iobuf_t a; + int i; a = iobuf_alloc (3, length); - memcpy (a->d.buf, buffer, length); + /* memcpy (a->d.buf, buffer, length); */ + for (i=0; i < length; i++) + a->d.buf[i] = buffer[i]; a->d.len = length; return a; diff --git a/common/pka.c b/common/pka.c index d472162..4ead97f 100644 --- a/common/pka.c +++ b/common/pka.c @@ -51,6 +51,7 @@ #endif #include "util.h" +#include "host2net.h" #include "pka.h" #ifdef USE_DNS_PKA @@ -252,13 +253,14 @@ get_pka_info (const char *address, unsigned char *fpr) if (p >= pend - 10) return NULL; /* RR too short. */ - type = *p++ << 8; - type |= *p++; - class = *p++ << 8; - class |= *p++; + type = buf16_to_uint (p); + p += 2; + class = buf16_to_uint (p); + p += 2; p += 4; - txtlen = *p++ << 8; - txtlen |= *p++; + txtlen = buf16_to_uint (p); + p += 2; + if (type != T_TXT || class != C_IN) return NULL; /* Answer does not match the query. */ diff --git a/common/srv.c b/common/srv.c index 7a0c42d..2107aa5 100644 --- a/common/srv.c +++ b/common/srv.c @@ -48,6 +48,7 @@ #endif #include "util.h" +#include "host2net.h" #include "srv.h" /* Not every installation has gotten around to supporting SRVs @@ -184,27 +185,28 @@ getsrv (const char *name,struct srventry **list) if((emsg-pt)<16) goto fail; - type=*pt++ << 8; - type|=*pt++; + type = buf16_to_u16 (pt); + pt += 2; /* We asked for SRV and got something else !? */ if(type!=T_SRV) goto fail; - class=*pt++ << 8; - class|=*pt++; + class = buf16_to_u16 (pt); + pt += 2; /* We asked for IN and got something else !? */ if(class!=C_IN) goto fail; - pt+=4; /* ttl */ - dlen=*pt++ << 8; - dlen|=*pt++; - srv->priority=*pt++ << 8; - srv->priority|=*pt++; - srv->weight=*pt++ << 8; - srv->weight|=*pt++; - srv->port=*pt++ << 8; - srv->port|=*pt++; + pt += 4; /* ttl */ + dlen = buf16_to_u16 (pt); + pt += 2; + + srv->priority = buf16_to_ushort (pt); + pt += 2; + srv->weight = buf16_to_ushort (pt); + pt += 2; + srv->port = buf16_to_ushort (pt); + pt += 2; /* Get the name. 2782 doesn't allow name compression, but dn_expand still works to pull the name out of the diff --git a/common/tlv.c b/common/tlv.c index 51a0907..74cb4a7 100644 --- a/common/tlv.c +++ b/common/tlv.c @@ -96,7 +96,7 @@ do_find_tlv (const unsigned char *buffer, size_t length, { /* Two byte length follows. */ if (n < 2) return NULL; /* We expected 2 more bytes with the length. */ - len = (s[0] << 8) | s[1]; + len = ((size_t)s[0] << 8) | s[1]; s += 2; n -= 2; } else diff --git a/dirmngr/ldap.c b/dirmngr/ldap.c index 00df167..c596198 100644 --- a/dirmngr/ldap.c +++ b/dirmngr/ldap.c @@ -36,6 +36,7 @@ #include "ldapserver.h" #include "misc.h" #include "ldap-wrapper.h" +#include "host2net.h" #define UNENCODED_URL_CHARS "abcdefghijklmnopqrstuvwxyz" \ @@ -664,7 +665,7 @@ fetch_next_cert_ldap (cert_fetch_context_t context, gpg_error_t err; unsigned char hdr[5]; char *p, *pend; - int n; + unsigned long n; int okay = 0; /* int is_cms = 0; */ @@ -677,7 +678,7 @@ fetch_next_cert_ldap (cert_fetch_context_t context, err = read_buffer (context->reader, hdr, 5); if (err) break; - n = (hdr[1] << 24)|(hdr[2]<<16)|(hdr[3]<<8)|hdr[4]; + n = buf32_to_ulong (hdr+1); if (*hdr == 'V' && okay) { #if 0 /* That code is not yet ready. */ diff --git a/g10/build-packet.c b/g10/build-packet.c index cda753c..e44350e 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -32,6 +32,7 @@ #include "iobuf.h" #include "i18n.h" #include "options.h" +#include "host2net.h" static int do_user_id( IOBUF out, int ctb, PKT_user_id *uid ); static int do_key (iobuf_t out, int ctb, PKT_public_key *pk); @@ -621,10 +622,7 @@ delete_sig_subpkt (subpktarea_t *area, sigsubpkttype_t reqtype ) if( n == 255 ) { if( buflen < 4 ) break; - n = (((size_t)buffer[0] << 24) - | (buffer[1] << 16) - | (buffer[2] << 8) - | buffer[3]); + n = buf32_to_size_t (buffer); buffer += 4; buflen -= 4; } @@ -747,7 +745,7 @@ build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type, /* This should never happen since we don't currently allow creating such a subpacket, but just in case... */ case SIGSUBPKT_SIG_EXPIRE: - if(buffer_to_u32(buffer)+sig->timestamp<=make_timestamp()) + if(buf32_to_u32(buffer)+sig->timestamp<=make_timestamp()) sig->flags.expired=1; else sig->flags.expired=0; diff --git a/g10/call-agent.c b/g10/call-agent.c index dc9d157..4bac8a0 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -41,6 +41,7 @@ #include "call-agent.h" #include "status.h" #include "../common/shareddefs.h" +#include "host2net.h" #ifndef DBG_ASSUAN # define DBG_ASSUAN 1 @@ -761,7 +762,7 @@ agent_scd_apdu (const char *hexapdu, unsigned int *r_sw) err = gpg_error (GPG_ERR_CARD); else { - *r_sw = (data[datalen-2] << 8) | data[datalen-1]; + *r_sw = buf16_to_uint (data+datalen-2); } xfree (data); } diff --git a/g10/getkey.c b/g10/getkey.c index 62d2d33..30c454b 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -36,6 +36,8 @@ #include "i18n.h" #include "keyserver-internal.h" #include "call-agent.h" +#include "host2net.h" + #define MAX_PK_CACHE_ENTRIES PK_UID_CACHE_SIZE #define MAX_UID_CACHE_ENTRIES PK_UID_CACHE_SIZE @@ -1418,8 +1420,8 @@ fixup_uidnode (KBNODE uidnode, KBNODE signode, u32 keycreated) /* Ditto for the key expiration. */ p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL); - if (p && buffer_to_u32 (p)) - uid->help_key_expire = keycreated + buffer_to_u32 (p); + if (p && buf32_to_u32 (p)) + uid->help_key_expire = keycreated + buf32_to_u32 (p); else uid->help_key_expire = 0; @@ -1651,9 +1653,9 @@ merge_selfsigs_main (KBNODE keyblock, int *r_revoked, key_usage = parse_key_usage (sig); p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL); - if (p && buffer_to_u32 (p)) + if (p && buf32_to_u32 (p)) { - key_expire = keytimestamp + buffer_to_u32 (p); + key_expire = keytimestamp + buf32_to_u32 (p); key_expire_seen = 1; } @@ -2102,8 +2104,8 @@ merge_selfsigs_subkey (KBNODE keyblock, KBNODE subnode) subpk->pubkey_usage = key_usage; p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL); - if (p && buffer_to_u32 (p)) - key_expire = keytimestamp + buffer_to_u32 (p); + if (p && buf32_to_u32 (p)) + key_expire = keytimestamp + buf32_to_u32 (p); else key_expire = 0; subpk->has_expired = key_expire >= curtime ? 0 : key_expire; diff --git a/g10/keygen.c b/g10/keygen.c index 0789571..11bfbd4 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -43,6 +43,8 @@ #include "call-agent.h" #include "pkglue.h" #include "../common/shareddefs.h" +#include "host2net.h" + /* The default algorithms. If you change them remember to change them also in gpg.c:gpgconf_list. You should also check that the value @@ -845,10 +847,7 @@ make_backsig (PKT_signature *sig, PKT_public_key *pk, } else if (buf[1] == 255) { - pktlen = buf[2] << 24; - pktlen |= buf[3] << 16; - pktlen |= buf[4] << 8; - pktlen |= buf[5]; + pktlen = buf32_to_size_t (buf+2); buf += 6; } else @@ -865,7 +864,7 @@ make_backsig (PKT_signature *sig, PKT_public_key *pk, break; case 2: - pktlen = buf[mark++] << 24; + pktlen = (size_t)buf[mark++] << 24; pktlen |= buf[mark++] << 16; case 1: diff --git a/g10/keyid.c b/g10/keyid.c index 662806b..9f7b70f 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -35,6 +35,8 @@ #include "keydb.h" #include "i18n.h" #include "rmd160.h" +#include "host2net.h" + #define KEYID_STR_SIZE 19 @@ -256,9 +258,9 @@ v3_keyid (gcry_mpi_t a, u32 *ki) else { p = buffer + nbytes - 8; - ki[0] = (p[0] << 24) | (p[1] <<16) | (p[2] << 8) | p[3]; + ki[0] = buf32_to_u32 (p); p += 4; - ki[1] = (p[0] << 24) | (p[1] <<16) | (p[2] << 8) | p[3]; + ki[1] = buf32_to_u32 (p); } xfree (buffer); return ki[1]; @@ -378,15 +380,8 @@ keystr_from_desc(KEYDB_SEARCH_DESC *desc) { u32 keyid[2]; - keyid[0] = ((unsigned char)desc->u.fpr[12] << 24 - | (unsigned char)desc->u.fpr[13] << 16 - | (unsigned char)desc->u.fpr[14] << 8 - | (unsigned char)desc->u.fpr[15]); - keyid[1] = ((unsigned char)desc->u.fpr[16] << 24 - | (unsigned char)desc->u.fpr[17] << 16 - | (unsigned char)desc->u.fpr[18] << 8 - | (unsigned char)desc->u.fpr[19]); - + keyid[0] = buf32_to_u32 (desc->u.fpr+12); + keyid[1] = buf32_to_u32 (desc->u.fpr+16); return keystr(keyid); } @@ -427,8 +422,8 @@ keyid_from_pk (PKT_public_key *pk, u32 *keyid) if(md) { dp = gcry_md_read ( md, 0 ); - keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ; - keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ; + keyid[0] = buf32_to_u32 (dp+12); + keyid[1] = buf32_to_u32 (dp+16); lowbits = keyid[1]; gcry_md_close (md); pk->keyid[0] = keyid[0]; @@ -474,8 +469,8 @@ keyid_from_fingerprint( const byte *fprint, size_t fprint_len, u32 *keyid ) else { const byte *dp = fprint; - keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ; - keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ; + keyid[0] = buf32_to_u32 (dp+12); + keyid[1] = buf32_to_u32 (dp+16); } return keyid[1]; @@ -691,8 +686,8 @@ fingerprint_from_pk (PKT_public_key *pk, byte *array, size_t *ret_len) if (!array) array = xmalloc ( len ); memcpy (array, dp, len ); - pk->keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ; - pk->keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ; + pk->keyid[0] = buf32_to_u32 (dp+12); + pk->keyid[1] = buf32_to_u32 (dp+16); gcry_md_close( md); if (ret_len) diff --git a/g10/misc.c b/g10/misc.c index a2b5075..37582af 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -278,16 +278,6 @@ checksum_mpi (gcry_mpi_t a) return csum; } -u32 -buffer_to_u32( const byte *buffer ) -{ - unsigned long a; - a = *buffer << 24; - a |= buffer[1] << 16; - a |= buffer[2] << 8; - a |= buffer[3]; - return a; -} void print_pubkey_algo_note (pubkey_algo_t algo) diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 012d373..6232086 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -34,6 +34,7 @@ #include "options.h" #include "main.h" #include "i18n.h" +#include "host2net.h" /* Maximum length of packets to avoid excessive memory allocation. */ @@ -90,7 +91,7 @@ static unsigned short read_16 (IOBUF inp) { unsigned short a; - a = iobuf_get_noeof (inp) << 8; + a = (unsigned short)iobuf_get_noeof (inp) << 8; a |= iobuf_get_noeof (inp); return a; } @@ -100,7 +101,7 @@ static unsigned long read_32 (IOBUF inp) { unsigned long a; - a = iobuf_get_noeof (inp) << 24; + a = (unsigned long)iobuf_get_noeof (inp) << 24; a |= iobuf_get_noeof (inp) << 16; a |= iobuf_get_noeof (inp) << 8; a |= iobuf_get_noeof (inp); @@ -486,7 +487,7 @@ parse (IOBUF inp, PACKET * pkt, int onlykeypkts, off_t * retpos, } else if (c == 255) { - pktlen = (hdr[hdrlen++] = iobuf_get_noeof (inp)) << 24; + pktlen = (unsigned long)(hdr[hdrlen++] = iobuf_get_noeof (inp)) << 24; pktlen |= (hdr[hdrlen++] = iobuf_get_noeof (inp)) << 16; pktlen |= (hdr[hdrlen++] = iobuf_get_noeof (inp)) << 8; if ((c = iobuf_get (inp)) == -1) @@ -1132,14 +1133,14 @@ dump_sig_subpkt (int hashed, int type, int critical, case SIGSUBPKT_SIG_CREATED: if (length >= 4) es_fprintf (listfp, "sig created %s", - strtimestamp (buffer_to_u32 (buffer))); + strtimestamp (buf32_to_u32 (buffer))); break; case SIGSUBPKT_SIG_EXPIRE: if (length >= 4) { - if (buffer_to_u32 (buffer)) + if (buf32_to_u32 (buffer)) es_fprintf (listfp, "sig expires after %s", - strtimevalue (buffer_to_u32 (buffer))); + strtimevalue (buf32_to_u32 (buffer))); else es_fprintf (listfp, "sig does not expire"); } @@ -1172,9 +1173,9 @@ dump_sig_subpkt (int hashed, int type, int critical, case SIGSUBPKT_KEY_EXPIRE: if (length >= 4) { - if (buffer_to_u32 (buffer)) + if (buf32_to_u32 (buffer)) es_fprintf (listfp, "key expires after %s", - strtimevalue (buffer_to_u32 (buffer))); + strtimevalue (buf32_to_u32 (buffer))); else es_fprintf (listfp, "key does not expire"); } @@ -1198,8 +1199,8 @@ dump_sig_subpkt (int hashed, int type, int critical, case SIGSUBPKT_ISSUER: if (length >= 8) es_fprintf (listfp, "issuer key ID %08lX%08lX", - (ulong) buffer_to_u32 (buffer), - (ulong) buffer_to_u32 (buffer + 4)); + (ulong) buf32_to_u32 (buffer), + (ulong) buf32_to_u32 (buffer + 4)); break; case SIGSUBPKT_NOTATION: { @@ -1461,8 +1462,7 @@ enum_sig_subpkt (const subpktarea_t * pktbuf, sigsubpkttype_t reqtype, { if (buflen < 4) goto too_short; - n = (buffer[0] << 24) | (buffer[1] << 16) - | (buffer[2] << 8) | buffer[3]; + n = buf32_to_size_t (buffer); buffer += 4; buflen -= 4; } @@ -1735,7 +1735,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen, p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_CREATED, NULL); if (p) - sig->timestamp = buffer_to_u32 (p); + sig->timestamp = buf32_to_u32 (p); else if (!(sig->pubkey_algo >= 100 && sig->pubkey_algo <= 110) && opt.verbose) log_info ("signature packet without timestamp\n"); @@ -1743,16 +1743,16 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen, p = parse_sig_subpkt2 (sig, SIGSUBPKT_ISSUER, NULL); if (p) { - sig->keyid[0] = buffer_to_u32 (p); - sig->keyid[1] = buffer_to_u32 (p + 4); + sig->keyid[0] = buf32_to_u32 (p); + sig->keyid[1] = buf32_to_u32 (p + 4); } else if (!(sig->pubkey_algo >= 100 && sig->pubkey_algo <= 110) && opt.verbose) log_info ("signature packet without keyid\n"); p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL); - if (p && buffer_to_u32 (p)) - sig->expiredate = sig->timestamp + buffer_to_u32 (p); + if (p && buf32_to_u32 (p)) + sig->expiredate = sig->timestamp + buf32_to_u32 (p); if (sig->expiredate && sig->expiredate <= make_timestamp ()) sig->flags.expired = 1; @@ -2365,8 +2365,7 @@ parse_attribute_subpkts (PKT_user_id * uid) { if (buflen < 4) goto too_short; - n = (buffer[0] << 24) | (buffer[1] << 16) - | (buffer[2] << 8) | buffer[3]; + n = buf32_to_size_t (buffer); buffer += 4; buflen -= 4; } diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index fcd24f8..9574769 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -35,6 +35,7 @@ #include "i18n.h" #include "pkglue.h" #include "call-agent.h" +#include "host2net.h" static gpg_error_t get_it (PKT_pubkey_enc *k, @@ -321,8 +322,7 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid) } /* Copy the key to DEK and compare the checksum. */ - csum = frame[nframe - 2] << 8; - csum |= frame[nframe - 1]; + csum = buf16_to_u16 (frame+nframe-2); memcpy (dek->key, frame + n, dek->keylen); for (csum2 = 0, n = 0; n < dek->keylen; n++) csum2 += dek->key[n]; diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c index 1003756..02dbb48 100644 --- a/g10/seckey-cert.c +++ b/g10/seckey-cert.c @@ -115,7 +115,7 @@ xxxx_do_check( PKT_secret_key *sk, const char *tryagain_text, int mode, ndata = (ndatabits+7)/8; if ( ndata > 1 ) - csumc = p[ndata-2] << 8 | p[ndata-1]; + csumc = buf16_to_u16 (p+ndata-2); data = xmalloc_secure ( ndata ); gcry_cipher_decrypt ( cipher_hd, data, ndata, p, ndata ); gcry_mpi_release (sk->skey[i]); sk->skey[i] = NULL ; diff --git a/g10/tdbio.c b/g10/tdbio.c index 9bb8a04..91ee3ab 100644 --- a/g10/tdbio.c +++ b/g10/tdbio.c @@ -1257,13 +1257,13 @@ tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected ) rec->r.ver.trust_model = *p++; rec->r.ver.min_cert_level = *p++; p += 2; - rec->r.ver.created = buftoulong(p); p += 4; - rec->r.ver.nextcheck = buftoulong(p); p += 4; + rec->r.ver.created = buf32_to_ulong(p); p += 4; + rec->r.ver.nextcheck = buf32_to_ulong(p); p += 4; p += 4; p += 4; - rec->r.ver.firstfree =buftoulong(p); p += 4; + rec->r.ver.firstfree =buf32_to_ulong(p); p += 4; p += 4; - rec->r.ver.trusthashtbl =buftoulong(p); p += 4; + rec->r.ver.trusthashtbl =buf32_to_ulong(p); p += 4; if( recnum ) { log_error( _("%s: version record with recnum %lu\n"), db_name, (ulong)recnum ); @@ -1276,17 +1276,17 @@ tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected ) } break; case RECTYPE_FREE: - rec->r.free.next = buftoulong(p); p += 4; + rec->r.free.next = buf32_to_ulong(p); p += 4; break; case RECTYPE_HTBL: for(i=0; i < ITEMS_PER_HTBL_RECORD; i++ ) { - rec->r.htbl.item[i] = buftoulong(p); p += 4; + rec->r.htbl.item[i] = buf32_to_ulong(p); p += 4; } break; case RECTYPE_HLST: - rec->r.hlst.next = buftoulong(p); p += 4; + rec->r.hlst.next = buf32_to_ulong(p); p += 4; for(i=0; i < ITEMS_PER_HLST_RECORD; i++ ) { - rec->r.hlst.rnum[i] = buftoulong(p); p += 4; + rec->r.hlst.rnum[i] = buf32_to_ulong(p); p += 4; } break; case RECTYPE_TRUST: @@ -1295,12 +1295,12 @@ tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected ) rec->r.trust.depth = *p++; rec->r.trust.min_ownertrust = *p++; p++; - rec->r.trust.validlist = buftoulong(p); p += 4; + rec->r.trust.validlist = buf32_to_ulong(p); p += 4; break; case RECTYPE_VALID: memcpy( rec->r.valid.namehash, p, 20); p+=20; rec->r.valid.validity = *p++; - rec->r.valid.next = buftoulong(p); p += 4; + rec->r.valid.next = buf32_to_ulong(p); p += 4; rec->r.valid.full_count = *p++; rec->r.valid.marginal_count = *p++; break; diff --git a/g10/trust.c b/g10/trust.c index 796694d..316fe2f 100644 --- a/g10/trust.c +++ b/g10/trust.c @@ -33,6 +33,7 @@ #include "main.h" #include "i18n.h" #include "trustdb.h" +#include "host2net.h" /* Return true if key is disabled. Note that this is usually used via @@ -536,7 +537,7 @@ mark_usable_uid_certs (kbnode_t keyblock, kbnode_t uidnode, u32 expire; p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL ); - expire = p? sig->timestamp + buffer_to_u32(p) : 0; + expire = p? sig->timestamp + buf32_to_u32(p) : 0; if (expire==0 || expire > curtime ) { diff --git a/g13/mount.c b/g13/mount.c index a9203d1..8d1c015 100644 --- a/g13/mount.c +++ b/g13/mount.c @@ -37,6 +37,7 @@ #include "call-gpg.h" #include "mountinfo.h" #include "runner.h" +#include "host2net.h" /* Parse the header prefix and return the length of the entire header. */ @@ -50,8 +51,7 @@ parse_header (const char *filename, if (packetlen != 32) return gpg_error (GPG_ERR_BUG); - len = ((packet[2] << 24) | (packet[3] << 16) - | (packet[4] << 8) | packet[5]); + len = buf32_to_uint (packet+2); if (packet[0] != (0xc0|61) || len < 26 || memcmp (packet+6, "GnuPG/G13", 10)) { @@ -76,8 +76,7 @@ parse_header (const char *filename, return gpg_error (GPG_ERR_NOT_IMPLEMENTED); } - len = ((packet[20] << 24) | (packet[21] << 16) - | (packet[22] << 8) | packet[23]); + len = buf32_to_uint (packet+20); /* Do a basic sanity check on the length. */ if (len < 32 || len > 1024*1024) diff --git a/kbx/keybox-dump.c b/kbx/keybox-dump.c index 5315e84..8815a6f 100644 --- a/kbx/keybox-dump.c +++ b/kbx/keybox-dump.c @@ -25,30 +25,14 @@ #include "keybox-defs.h" #include +#include "host2net.h" /* Argg, we can't include ../common/util.h */ char *bin2hexcolon (const void *buffer, size_t length, char *stringbuf); +#define get32(a) buf32_to_ulong ((a)) +#define get16(a) buf16_to_ulong ((a)) -static ulong -get32 (const byte *buffer) -{ - ulong a; - a = *buffer << 24; - a |= buffer[1] << 16; - a |= buffer[2] << 8; - a |= buffer[3]; - return a; -} - -static ulong -get16 (const byte *buffer) -{ - ulong a; - a = *buffer << 8; - a |= buffer[1]; - return a; -} void print_string (FILE *fp, const byte *p, size_t n, int delim) diff --git a/kbx/keybox-openpgp.c b/kbx/keybox-openpgp.c index 6ae6c44..2cac242 100644 --- a/kbx/keybox-openpgp.c +++ b/kbx/keybox-openpgp.c @@ -36,7 +36,7 @@ #include #include "../common/openpgpdefs.h" - +#include "host2net.h" /* Assume a valid OpenPGP packet at the address pointed to by BUFBTR which has a maximum length as stored at BUFLEN. Return the header @@ -94,10 +94,8 @@ next_packet (unsigned char const **bufptr, size_t *buflen, { if (len <4 ) return gpg_error (GPG_ERR_INV_PACKET); /* No length bytes. */ - pktlen = (*buf++) << 24; - pktlen |= (*buf++) << 16; - pktlen |= (*buf++) << 8; - pktlen |= (*buf++); + pktlen = buf32_to_ulong (buf); + buf += 4; len -= 4; } else /* Partial length encoding is not allowed for key packets. */ diff --git a/kbx/keybox-search.c b/kbx/keybox-search.c index 0a3ed43..d22ef19 100644 --- a/kbx/keybox-search.c +++ b/kbx/keybox-search.c @@ -29,7 +29,7 @@ #include "keybox-defs.h" #include - +#include "host2net.h" #define xtoi_1(p) (*(p) <= '9'? (*(p)- '0'): \ *(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10)) @@ -42,27 +42,8 @@ struct sn_array_s { }; - -static inline ulong -get32 (const byte *buffer) -{ - ulong a; - a = *buffer << 24; - a |= buffer[1] << 16; - a |= buffer[2] << 8; - a |= buffer[3]; - return a; -} - -static inline ulong -get16 (const byte *buffer) -{ - ulong a; - a = *buffer << 8; - a |= buffer[1]; - return a; -} - +#define get32(a) buf32_to_ulong ((a)) +#define get16(a) buf16_to_ulong ((a)) static inline unsigned int diff --git a/kbx/keybox-update.c b/kbx/keybox-update.c index 7b207a5..4b14b2f 100644 --- a/kbx/keybox-update.c +++ b/kbx/keybox-update.c @@ -28,6 +28,7 @@ #include "keybox-defs.h" #include "../common/sysutils.h" +#include "../common/host2net.h" #define EXTSEP_S "." @@ -734,8 +735,7 @@ keybox_compress (KEYBOX_HANDLE hd) buffer = _keybox_get_blob_image (blob, &length); if (length > 4 && buffer[4] == KEYBOX_BLOBTYPE_HEADER) { - u32 last_maint = ((buffer[20] << 24) | (buffer[20+1] << 16) - | (buffer[20+2] << 8) | (buffer[20+3])); + u32 last_maint = buf32_to_u32 (buffer+20); if ( (last_maint + 3*3600) > time (NULL) ) { @@ -811,7 +811,7 @@ keybox_compress (KEYBOX_HANDLE hd) rc = gpg_error (GPG_ERR_BUG); break; } - blobflags = ((buffer[pos] << 8) | (buffer[pos+1])); + blobflags = buf16_to_uint (buffer+pos); if ((blobflags & KEYBOX_FLAG_BLOB_EPHEMERAL)) { /* This is an ephemeral blob. */ @@ -820,8 +820,7 @@ keybox_compress (KEYBOX_HANDLE hd) || size != 4) created_at = 0; /* oops. */ else - created_at = ((buffer[pos] << 24) | (buffer[pos+1] << 16) - | (buffer[pos+2] << 8) | (buffer[pos+3])); + created_at = buf32_to_u32 (buffer+pos); if (created_at && created_at < cut_time) { diff --git a/scd/apdu.c b/scd/apdu.c index 4ec6b4d..e5db4f0 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -59,6 +59,7 @@ #include "scdaemon.h" #include "exechelp.h" #endif /* GNUPG_MAJOR_VERSION != 1 */ +#include "host2net.h" #include "iso7816.h" #include "apdu.h" @@ -1047,15 +1048,14 @@ pcsc_get_status_wrapped (int slot, unsigned int *status) i? strerror (errno) : "premature EOF"); goto command_failed; } - len = (msgbuf[1] << 24) | (msgbuf[2] << 16) | (msgbuf[3] << 8 ) | msgbuf[4]; + len = buf_to_size_t (msgbuf+1); if (msgbuf[0] != 0x81 || len < 4) { log_error ("invalid response header from PC/SC received\n"); goto command_failed; } len -= 4; /* Already read the error code. */ - err = PCSC_ERR_MASK ((msgbuf[5] << 24) | (msgbuf[6] << 16) - | (msgbuf[7] << 8 ) | msgbuf[8]); + err = PCSC_ERR_MASK (buf32_to_ulong (msgbuf+5)); if (err) { log_error ("pcsc_status failed: %s (0x%lx)\n", @@ -1218,15 +1218,14 @@ pcsc_send_apdu_wrapped (int slot, unsigned char *apdu, size_t apdulen, i? strerror (errno) : "premature EOF"); goto command_failed; } - len = (msgbuf[1] << 24) | (msgbuf[2] << 16) | (msgbuf[3] << 8 ) | msgbuf[4]; + len = buf_to_size_t (msgbuf+1); if (msgbuf[0] != 0x81 || len < 4) { log_error ("invalid response header from PC/SC received\n"); goto command_failed; } len -= 4; /* Already read the error code. */ - err = PCSC_ERR_MASK ((msgbuf[5] << 24) | (msgbuf[6] << 16) - | (msgbuf[7] << 8 ) | msgbuf[8]); + err = PCSC_ERR_MASK (buf32_to_ulong (msgbuf+5)); if (err) { log_error ("pcsc_transmit failed: %s (0x%lx)\n", @@ -1359,15 +1358,14 @@ control_pcsc_wrapped (int slot, pcsc_dword_t ioctl_code, i? strerror (errno) : "premature EOF"); goto command_failed; } - len = (msgbuf[1] << 24) | (msgbuf[2] << 16) | (msgbuf[3] << 8 ) | msgbuf[4]; + len = buf32_to_size_t (msgbuf+1); if (msgbuf[0] != 0x81 || len < 4) { log_error ("invalid response header from PC/SC received\n"); goto command_failed; } len -= 4; /* Already read the error code. */ - err = PCSC_ERR_MASK ((msgbuf[5] << 24) | (msgbuf[6] << 16) - | (msgbuf[7] << 8 ) | msgbuf[8]); + err = PCSC_ERR_MASK (buf32_to_ulong (msgbuf+5)); if (err) { log_error ("pcsc_control failed: %s (0x%lx)\n", @@ -1497,15 +1495,14 @@ close_pcsc_reader_wrapped (int slot) i? strerror (errno) : "premature EOF"); goto command_failed; } - len = (msgbuf[1] << 24) | (msgbuf[2] << 16) | (msgbuf[3] << 8 ) | msgbuf[4]; + len = buf32_to_size_t (msgbuf+1); if (msgbuf[0] != 0x81 || len < 4) { log_error ("invalid response header from PC/SC received\n"); goto command_failed; } len -= 4; /* Already read the error code. */ - err = PCSC_ERR_MASK ((msgbuf[5] << 24) | (msgbuf[6] << 16) - | (msgbuf[7] << 8 ) | msgbuf[8]); + err = PCSC_ERR_MASK (buf32_to_ulong (msgbuf+5)); if (err) log_error ("pcsc_close failed: %s (0x%lx)\n", pcsc_error_string (err), err); @@ -1687,7 +1684,7 @@ reset_pcsc_reader_wrapped (int slot) i? strerror (errno) : "premature EOF"); goto command_failed; } - len = (msgbuf[1] << 24) | (msgbuf[2] << 16) | (msgbuf[3] << 8 ) | msgbuf[4]; + len = buf32_to_size_t (msgbuf+1); if (msgbuf[0] != 0x81 || len < 4) { log_error ("invalid response header from PC/SC received\n"); @@ -1701,8 +1698,7 @@ reset_pcsc_reader_wrapped (int slot) sw = SW_HOST_GENERAL_ERROR; goto command_failed; } - err = PCSC_ERR_MASK ((msgbuf[5] << 24) | (msgbuf[6] << 16) - | (msgbuf[7] << 8 ) | msgbuf[8]); + err = PCSC_ERR_MASK (buf32_to_ulong (msgbuf+5)); if (err) { log_error ("PC/SC RESET failed: %s (0x%lx)\n", @@ -1794,9 +1790,9 @@ pcsc_vendor_specific_init (int slot) if (l == 1) v = p[0]; else if (l == 2) - v = ((p[0] << 8) | p[1]); + v = buf16_to_uint (p); else if (l == 4) - v = ((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]); + v = buf32_to_uint (p); if (code == FEATURE_VERIFY_PIN_DIRECT) reader_table[slot].pcsc.verify_ioctl = v; @@ -1855,9 +1851,9 @@ pcsc_vendor_specific_init (int slot) if (l == 1) v = p[0]; else if (l == 2) - v = ((p[1] << 8) | p[0]); + v = buf16_to_uint (p); else if (l == 4) - v = ((p[3] << 24) | (p[2] << 16) | (p[1] << 8) | p[0]); + v = buf32_to_uint (p); if (tag == PCSCv2_PART10_PROPERTY_bMinPINSize) reader_table[slot].pcsc.pinmin = v; @@ -2151,7 +2147,7 @@ open_pcsc_reader_wrapped (const char *portstr) i? strerror (errno) : "premature EOF"); goto command_failed; } - len = (msgbuf[1] << 24) | (msgbuf[2] << 16) | (msgbuf[3] << 8 ) | msgbuf[4]; + len = buf32_to_size_t (msgbuf+1); if (msgbuf[0] != 0x81 || len < 4) { log_error ("invalid response header from PC/SC received\n"); @@ -2164,9 +2160,7 @@ open_pcsc_reader_wrapped (const char *portstr) (unsigned long)len); goto command_failed; } - err = PCSC_ERR_MASK ((msgbuf[5] << 24) | (msgbuf[6] << 16) - | (msgbuf[7] << 8 ) | msgbuf[8]); - + err = PCSC_ERR_MASK (buf32_to_ulong (msgbuf+5)); if (err) { log_error ("PC/SC OPEN failed: %s\n", pcsc_error_string (err)); diff --git a/scd/app-nks.c b/scd/app-nks.c index 19a33ed..d0b96a9 100644 --- a/scd/app-nks.c +++ b/scd/app-nks.c @@ -56,6 +56,7 @@ #include "app-common.h" #include "tlv.h" #include "apdu.h" +#include "host2net.h" static char const aid_nks[] = { 0xD2, 0x76, 0x00, 0x00, 0x03, 0x01, 0x02 }; static char const aid_sigg[] = { 0xD2, 0x76, 0x00, 0x00, 0x66, 0x01 }; @@ -278,7 +279,7 @@ get_chv_status (app_t app, int sigg, int pwid) rc = -1; /* Error. */ else { - unsigned int sw = ((result[resultlen-2] << 8) | result[resultlen-1]); + unsigned int sw = buf16_to_uint (result+resultlen-2); if (sw == 0x6a88) rc = -2; /* No such PIN. */ diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index f68813b..6583fb2 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -67,6 +67,7 @@ #include "iso7816.h" #include "app-common.h" #include "tlv.h" +#include "host2net.h" /* A table describing the DOs of the card. */ @@ -876,7 +877,7 @@ send_fprtime_if_not_null (ctrl_t ctrl, const char *keyword, char numbuf1[50], numbuf2[50]; unsigned long value; - value = (stamp[0] << 24) | (stamp[1]<<16) | (stamp[2]<<8) | stamp[3]; + value = buf32_to_ulong (stamp); if (!value) return; sprintf (numbuf1, "%d", number); diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index fdfe1f5..1926f71 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -290,7 +290,7 @@ static int send_escape_cmd (ccid_driver_t handle, const unsigned char *data, static unsigned int convert_le_u32 (const unsigned char *buf) { - return buf[0] | (buf[1] << 8) | (buf[2] << 16) | (buf[3] << 24); + return buf[0] | (buf[1] << 8) | (buf[2] << 16) | ((unsigned int)buf[3] << 24); } diff --git a/sm/fingerprint.c b/sm/fingerprint.c index b849afb..a82945e 100644 --- a/sm/fingerprint.c +++ b/sm/fingerprint.c @@ -31,6 +31,9 @@ #include #include +#include "host2net.h" + + /* Return the fingerprint of the certificate (we can't put this into libksba because we need libgcrypt support). The caller must provide an array of sufficient length or NULL so that the function @@ -149,14 +152,8 @@ gpgsm_get_short_fingerprint (ksba_cert_t cert, unsigned long *r_high) gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, digest, NULL); if (r_high) - *r_high = (((unsigned long)digest[12]<<24) - |(digest[13]<<16) - |(digest[14]<< 8) - |digest[15]); - return (((unsigned long)digest[16]<<24) - |(digest[17]<<16) - |(digest[18]<<8) - |digest[19]); + *r_high = buf32_to_ulong (digest+12); + return buf32_to_ulong (digest + 16); } diff --git a/tools/ccidmon.c b/tools/ccidmon.c index 1137bab..4e39b5c 100644 --- a/tools/ccidmon.c +++ b/tools/ccidmon.c @@ -145,7 +145,7 @@ err (const char *format, ...) static unsigned int convert_le_u32 (const unsigned char *buf) { - return buf[0] | (buf[1] << 8) | (buf[2] << 16) | (buf[3] << 24); + return buf[0] | (buf[1] << 8) | (buf[2] << 16) | ((unsigned int)buf[3] << 24); } ----------------------------------------------------------------------- Summary of changes: agent/cvt-openpgp.c | 7 ++--- common/b64enc.c | 2 +- common/dns-cert.c | 20 ++++++++------- common/host2net.h | 72 +++++++++++++++++++++++++++++++++++++++++++++++----- common/iobuf.c | 7 +++-- common/pka.c | 14 +++++----- common/srv.c | 28 ++++++++++---------- common/tlv.c | 2 +- dirmngr/ldap.c | 5 ++-- g10/build-packet.c | 8 +++--- g10/call-agent.c | 3 ++- g10/getkey.c | 14 +++++----- g10/keygen.c | 9 +++---- g10/keyid.c | 29 +++++++++------------ g10/misc.c | 10 -------- g10/parse-packet.c | 37 +++++++++++++-------------- g10/pubkey-enc.c | 4 +-- g10/seckey-cert.c | 2 +- g10/tdbio.c | 20 +++++++-------- g10/trust.c | 3 ++- g13/mount.c | 7 +++-- kbx/keybox-dump.c | 22 +++------------- kbx/keybox-openpgp.c | 8 +++--- kbx/keybox-search.c | 25 +++--------------- kbx/keybox-update.c | 9 +++---- scd/apdu.c | 40 +++++++++++++---------------- scd/app-nks.c | 3 ++- scd/app-openpgp.c | 3 ++- scd/ccid-driver.c | 2 +- sm/fingerprint.c | 13 ++++------ tools/ccidmon.c | 2 +- 31 files changed, 220 insertions(+), 210 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 11 12:11:32 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 11 Feb 2015 12:11:32 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.1-67-g15fad6b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 15fad6b1b9e5ea0bfe76be8c2692b76d57b74291 (commit) from 2183683bd633818dd031b090b5530951de76f392 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 15fad6b1b9e5ea0bfe76be8c2692b76d57b74291 Author: Werner Koch Date: Wed Feb 11 12:10:39 2015 +0100 doc: Change remaining http links to gnupg.org to https -- GnuPG-bug-id: 1830 diff --git a/README b/README index 886e87e..6ad3e51 100644 --- a/README +++ b/README @@ -145,9 +145,9 @@ enter "make pdf" For a HTML version enter "make html" and point your browser to gnupg.html/index.html. Standard man pages for all components are provided as well. An online version of the manual is - available at http://www.gnupg.org/documentation/manuals/gnupg/ . A + available at [[https://gnupg.org/documentation/manuals/gnupg/]] . A version of the manual pertaining to the current development snapshot - is at http://www.gnupg.org/documentation/manuals/gnupg-devel/ . + is at [[https://gnupg.org/documentation/manuals/gnupg-devel/]] . * GnuPG 1.4 and GnuPG 2.0 @@ -172,7 +172,7 @@ or using TOR "http://ic6au7wa3f6naxjq.onion" The primary FTP site is "ftp://ftp.gnupg.org/gcrypt/" - See https://www.gnupg.org/download/mirrors.html for a list of + See [[https://gnupg.org/download/mirrors.html]] for a list of mirrors and use them if possible. You may also find GnuPG mirrored on some of the regular GNU mirrors. diff --git a/doc/gpg.texi b/doc/gpg.texi index 8df0e3f..ffb892e 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -342,7 +342,7 @@ useful for debugging. Present a menu to work with a smartcard. The subcommand "help" provides an overview on available commands. For a detailed description, please see the Card HOWTO at -http://www.gnupg.org/documentation/howtos.html#GnuPG-cardHOWTO . +https://gnupg.org/documentation/howtos.html#GnuPG-cardHOWTO . @item --card-status @opindex card-status diff --git a/g10/sig-check.c b/g10/sig-check.c index dd475be..27c51fd 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -106,7 +106,7 @@ signature_check2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate, log_info(_("WARNING: signing subkey %s is not" " cross-certified\n"),keystr_from_pk(pk)); log_info(_("please see %s for more information\n"), - "http://www.gnupg.org/faq/subkey-cross-certify.html"); + "https://gnupg.org/faq/subkey-cross-certify.html"); /* --require-cross-certification makes this warning an error. TODO: change the default to require this after more keys have backsigs. */ ----------------------------------------------------------------------- Summary of changes: README | 6 +++--- doc/gpg.texi | 2 +- g10/sig-check.c | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 11 12:22:48 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 11 Feb 2015 12:22:48 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.1-68-g1209ea4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 1209ea4e07b50d5cc4f9ffe6aef970ed3572fff0 (commit) from 15fad6b1b9e5ea0bfe76be8c2692b76d57b74291 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1209ea4e07b50d5cc4f9ffe6aef970ed3572fff0 Author: Werner Koch Date: Wed Feb 11 12:21:30 2015 +0100 doc: Add another use case for --show-session-key. -- GnuPG-bug-id: 1835 diff --git a/doc/gpg.texi b/doc/gpg.texi index ffb892e..77df55c 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2838,8 +2838,13 @@ Display the session key used for one message. See We think that Key Escrow is a Bad Thing; however the user should have the freedom to decide whether to go to prison or to reveal the content of one specific message without compromising all messages ever -encrypted for one secret key. DON'T USE IT UNLESS YOU ARE REALLY -FORCED TO DO SO. +encrypted for one secret key. + +You can also use this option if you receive an encrypted message which +is abusive or offensive, to prove to the administrators of the +messaging system that the ciphertext transmitted corresponds to an +inappropriate plaintext so they can take action against the offending +user. @item --override-session-key @code{string} @opindex override-session-key ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 11 19:48:59 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 11 Feb 2015 19:48:59 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.2-1-gb4c798b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via b4c798b86ed4b70bfc26213727dd2d613e4a8540 (commit) from fc17562cc4f8d531ae7f0887cf2a96dcc224b021 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b4c798b86ed4b70bfc26213727dd2d613e4a8540 Author: Werner Koch Date: Wed Feb 11 19:48:21 2015 +0100 Post release updates. -- diff --git a/NEWS b/NEWS index 3a386f9..1003652 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 2.1.3 (unreleased) +------------------------------------------------ + + Noteworthy changes in version 2.1.2 (2015-02-11) ------------------------------------------------ diff --git a/configure.ac b/configure.ac index ef04588..0d18f19 100644 --- a/configure.ac +++ b/configure.ac @@ -28,7 +28,7 @@ min_automake_version="1.14" m4_define([mym4_package],[gnupg]) m4_define([mym4_major], [2]) m4_define([mym4_minor], [1]) -m4_define([mym4_micro], [2]) +m4_define([mym4_micro], [3]) # To start a new development series, i.e a new major or minor number # you need to mark an arbitrary commit before the first beta release ----------------------------------------------------------------------- Summary of changes: NEWS | 4 ++++ configure.ac | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 11 21:07:53 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 11 Feb 2015 21:07:53 +0100 Subject: [git] gnupg-doc - branch, master, updated. 1dc19e5c97389309642760aa56c12d2a7f4ac6d8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 1dc19e5c97389309642760aa56c12d2a7f4ac6d8 (commit) from 32e7375719d592eb4915991197f6f9ca689d07e8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1dc19e5c97389309642760aa56c12d2a7f4ac6d8 Author: Werner Koch Date: Wed Feb 11 20:48:15 2015 +0100 web: Add 2.1.2 release. diff --git a/web/index.org b/web/index.org index e9d16fa..f4203db 100644 --- a/web/index.org +++ b/web/index.org @@ -117,6 +117,12 @@ all [[file:news.org][news of previous years]] is also available. # GnuPG's latest news are available as [[http://feedvalidator.org/check.cgi?url%3Dhttps://www.gnupg.org/news.en.rss][RSS 2.0 compliant]] feed. Just # point or paste the [[news.en.rss][RSS file]] into your aggregator. + +** GnuPG 2.1.2 released (2015-02-11) + +This is the third release of the /modern/ branch of GnuPG. It fixes +a lot of bugs. Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000361.html][anouncement mail]]. + ** GnuPG 2.1.1 released (2014-12-16) This is the second release of the /modern/ branch of GnuPG. It fixes diff --git a/web/roadmap.org b/web/roadmap.org index 8d5a347..6a4a881 100644 --- a/web/roadmap.org +++ b/web/roadmap.org @@ -12,16 +12,16 @@ guaranteed milestones or with fixed release dates. This page should better be viewed as a scratchpad with notes of GnuPG developers. - The next GnuPG /modern/ release will be 2.1.2 and is planned for - +January+ the first February week. + The next GnuPG /modern/ release will be 2.1.3 and is planned for + mid to end of March. ** New features in 2.1 - gpg: The parameter 'Passphrase' for batch key generation works - again. + again. (2.1.2) - gpg: Using a passphrase option in batch mode now has the expected - effect on --quick-gen-key. + effect on --quick-gen-key. (2.1.2) ** All things to do @@ -32,10 +32,10 @@ - +Add unattended key generation with passphrase.+ - - More and more bug reports are coming in. Decide which of them to - fix for 2.1.2. + - +More and more bug reports are coming in. Decide which of them to+ + +fix for 2.1.2.+ - - Migrate everything to automake 1.14. + - +Migrate everything to automake 1.14.+ * Libgcrypt Roadmap diff --git a/web/swdb.mac b/web/swdb.mac index 2babb1b..77d5add 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -17,10 +17,10 @@ # # GnuPG-2.1 # -#+macro: gnupg21_ver 2.1.1 +#+macro: gnupg21_ver 2.1.2 #+macro: gnupg21_branch master -#+macro: gnupg21_size 4689k -#+macro: gnupg21_sha1 3d11fd150cf86f842d077437edb119a775c7325d +#+macro: gnupg21_size 4720k +#+macro: gnupg21_sha1 7e972cb9af47d9b8ce164dcf37fc4f32634d6cd6 # #+macro: gnupg21_w32_ver 2.1.1_20141216 #+macro: gnupg21_w32_size 6364k ----------------------------------------------------------------------- Summary of changes: web/index.org | 6 ++++++ web/roadmap.org | 14 +++++++------- web/swdb.mac | 6 +++--- 3 files changed, 16 insertions(+), 10 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 12 11:57:25 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 12 Feb 2015 11:57:25 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-167-g653a9fa Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 653a9fa1a3a4c35a4dc1841cb57d7e2a318f3288 (commit) from 40a7bdf50e19faaf106470897fed72af623adc50 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 653a9fa1a3a4c35a4dc1841cb57d7e2a318f3288 Author: NIIBE Yutaka Date: Wed Feb 11 21:42:22 2015 +0900 mpi: Add mpi_set_cond. * mpi/mpiutil.c (_gcry_mpi_set_cond): New. (_gcry_mpi_swap_cond): Fix types. * src/mpi.h (mpi_set_cond): New. diff --git a/mpi/mpiutil.c b/mpi/mpiutil.c index f74dd91..fbbd3b4 100644 --- a/mpi/mpiutil.c +++ b/mpi/mpiutil.c @@ -482,6 +482,31 @@ _gcry_mpi_set (gcry_mpi_t w, gcry_mpi_t u) return w; } +gcry_mpi_t +_gcry_mpi_set_cond (gcry_mpi_t w, const gcry_mpi_t u, unsigned long set) +{ + mpi_size_t i; + mpi_size_t nlimbs = u->alloced; + mpi_limb_t mask = ((mpi_limb_t)0) - !!set; + mpi_limb_t x; + + if (w->alloced != u->alloced) + log_bug ("mpi_set_cond: different sizes\n"); + + for (i = 0; i < nlimbs; i++) + { + x = mask & (w->d[i] ^ u->d[i]); + w->d[i] = w->d[i] ^ x; + } + + x = mask & (w->nlimbs ^ u->nlimbs); + w->nlimbs = w->nlimbs ^ x; + + x = mask & (w->sign ^ u->sign); + w->sign = w->sign ^ x; + return w; +} + gcry_mpi_t _gcry_mpi_set_ui (gcry_mpi_t w, unsigned long u) @@ -545,10 +570,10 @@ _gcry_mpi_swap (gcry_mpi_t a, gcry_mpi_t b) void _gcry_mpi_swap_cond (gcry_mpi_t a, gcry_mpi_t b, unsigned long swap) { - size_t i; - size_t nlimbs = a->alloced; - unsigned long mask = 0UL - !!swap; - unsigned long x; + mpi_size_t i; + mpi_size_t nlimbs = a->alloced; + mpi_limb_t mask = ((mpi_limb_t)0) - !!swap; + mpi_limb_t x; if (a->alloced != b->alloced) log_bug ("mpi_swap_cond: different sizes\n"); diff --git a/src/mpi.h b/src/mpi.h index 13b5117..0d19f46 100644 --- a/src/mpi.h +++ b/src/mpi.h @@ -120,8 +120,11 @@ void _gcry_mpi_immutable_failed (void); #define mpi_m_check(a) _gcry_mpi_m_check ((a)) #define mpi_const(n) _gcry_mpi_const ((n)) #define mpi_swap_cond(a,b,sw) _gcry_mpi_swap_cond ((a),(b),(sw)) +#define mpi_set_cond(w,u,set) _gcry_mpi_set_cond ((w),(u),(set)) void _gcry_mpi_clear( gcry_mpi_t a ); +gcry_mpi_t _gcry_mpi_set_cond (gcry_mpi_t w, const gcry_mpi_t u, + unsigned long swap); gcry_mpi_t _gcry_mpi_alloc_like( gcry_mpi_t a ); gcry_mpi_t _gcry_mpi_alloc_set_ui( unsigned long u); void _gcry_mpi_m_check( gcry_mpi_t a ); ----------------------------------------------------------------------- Summary of changes: mpi/mpiutil.c | 33 +++++++++++++++++++++++++++++---- src/mpi.h | 3 +++ 2 files changed, 32 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 12 13:06:02 2015 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Thu, 12 Feb 2015 13:06:02 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.2-2-g070d7bf Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 070d7bf940efa60db2b0734273b9b3736d18338a (commit) from b4c798b86ed4b70bfc26213727dd2d613e4a8540 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 070d7bf940efa60db2b0734273b9b3736d18338a Author: Andre Heinecke Date: Thu Feb 5 13:58:50 2015 +0100 dirmngr: Initialize cache from sysconfig dir * dirmngr/certcache.c (cert_cache_init): Load certificates from sysconfig dir instead of the homeidr. * dirmngr/dirmngr.c (main): Removed parsing of obsolete homedir_data option. * dirmngr/dirmngr.h (opt): Removed homedir_data. * doc/dirmngr.texi: Update and clarify certs directory doc. -- Using the homedir for extra-certs and trusted-certs makes little sense when dirmngr is used with a caller that manages it's own store of certificates and can provide those through the SENDCERT command. You can use trusted-certs and extra-certs to provide users with a base of locally available certificates that are not already in store of the applications. diff --git a/NEWS b/NEWS index 1003652..48142bc 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,9 @@ Noteworthy changes in version 2.1.3 (unreleased) ------------------------------------------------ + * dirmngr: extra-certs and trusted-certs are now always loaded from + the sysconfig dir instead of the homedir. + Noteworthy changes in version 2.1.2 (2015-02-11) ------------------------------------------------ diff --git a/dirmngr/certcache.c b/dirmngr/certcache.c index 969b3ec..7fc9826 100644 --- a/dirmngr/certcache.c +++ b/dirmngr/certcache.c @@ -435,11 +435,11 @@ cert_cache_init (void) init_cache_lock (); acquire_cache_write_lock (); - dname = make_filename (opt.homedir, "trusted-certs", NULL); + dname = make_filename (gnupg_sysconfdir (), "trusted-certs", NULL); load_certs_from_dir (dname, 1); xfree (dname); - dname = make_filename (opt.homedir_data, "extra-certs", NULL); + dname = make_filename (gnupg_sysconfdir (), "extra-certs", NULL); load_certs_from_dir (dname, 0); xfree (dname); diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c index fd31b7f..36a476a 100644 --- a/dirmngr/dirmngr.c +++ b/dirmngr/dirmngr.c @@ -800,7 +800,6 @@ main (int argc, char **argv) #else opt.homedir = gnupg_sysconfdir (); #endif - opt.homedir_data = gnupg_datadir (); opt.homedir_cache = gnupg_cachedir (); socket_name = dirmngr_sys_socket_name (); } @@ -926,8 +925,6 @@ main (int argc, char **argv) if (nogreeting ) greeting = 0; - if (!opt.homedir_data) - opt.homedir_data = opt.homedir; if (!opt.homedir_cache) opt.homedir_cache = opt.homedir; diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h index bb368f2..3dd16a3 100644 --- a/dirmngr/dirmngr.h +++ b/dirmngr/dirmngr.h @@ -80,7 +80,6 @@ struct int dry_run; /* don't change any persistent data */ int batch; /* batch mode */ const char *homedir; /* Configuration directory name */ - const char *homedir_data; /* Ditto for data files (/usr/share/dirmngr). */ const char *homedir_cache; /* Ditto for cache files (/var/cache/dirmngr). */ char *config_filename; /* Name of a config file, which will be diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi index 5f2cfd4..6c413de 100644 --- a/doc/dirmngr.texi +++ b/doc/dirmngr.texi @@ -143,9 +143,8 @@ running mode: @table @asis @item With @code{--daemon} given on the commandline -the directory named @file{/etc/gnupg} for configuration files, - at file{/var/lib/gnupg/} for extra data and @file{/var/cache/gnupg} -for cached CRLs. +the directory named @file{/etc/gnupg} is used for configuration files +and @file{/var/cache/gnupg} for cached CRLs. @item Without @code{--daemon} given on the commandline the directory named @file{.gnupg} directly below the home directory @@ -428,11 +427,9 @@ Dirmngr makes use of several directories when running in daemon mode: The first is the standard home directory for all configuration files. In the deprecated system daemon mode the second directory is used instead. - at item ~/.gnupg/trusted-certs - at itemx /etc/gnupg/trusted-certs -The first directory should be filled with certificates of Root CAs you -are trusting in checking the CRLs and signing OCSP Reponses. The -second directory is used in the deprecated systems daemon mode. + at item /etc/gnupg/trusted-certs +This directory should be filled with certificates of Root CAs you +are trusting in checking the CRLs and signing OCSP Reponses. Usually these are the same certificates you use with the applications making use of dirmngr. It is expected that each of these certificate @@ -442,20 +439,22 @@ those certificates on startup and when given a SIGHUP. Certificates which are not readable or do not make up a proper X.509 certificate are ignored; see the log file for details. +Applications using dirmngr (e.g. gpgsm) can request these +certificates to complete a trust chain in the same way as with the +extra-certs directory (see below). + Note that for OCSP responses the certificate specified using the option @option{--ocsp-signer} is always considered valid to sign OCSP requests. - - at item ~/.gnupg/extra-certs - at itemx /var/lib/gnupg/extra-certs -The first directory may contain extra certificates which are preloaded -into the interal cache on startup.This is convenient in cases you have -a couple intermediate CA certificates or certificates ususally used to -sign OCSP reponses. These certificates are first tried before going + at item /etc/gnupg/extra-certs +This directory may contain extra certificates which are preloaded +into the interal cache on startup. Applications using dirmngr (e.g. gpgsm) +can request cached certificates to complete a trust chain. +This is convenient in cases you have a couple intermediate CA certificates +or certificates ususally used to sign OCSP reponses. +These certificates are first tried before going out to the net to look for them. These certificates must also be @acronym{DER} encoded and suffixed with @file{.crt} or @file{.der}. -The second directory is used instead in the deprecated systems daemon -mode. @item /var/run/gnupg This directory is only used in the deprecated system daemon mode. It ----------------------------------------------------------------------- Summary of changes: NEWS | 3 +++ dirmngr/certcache.c | 4 ++-- dirmngr/dirmngr.c | 3 --- dirmngr/dirmngr.h | 1 - doc/dirmngr.texi | 33 ++++++++++++++++----------------- 5 files changed, 21 insertions(+), 23 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 12 18:48:15 2015 From: cvs at cvs.gnupg.org (by Joshua Rogers) Date: Thu, 12 Feb 2015 18:48:15 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.26-51-ga55c212 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via a55c2125380aa2253ff13ea9b39e53d7b7df3db8 (commit) via 2b2adb85948ce2c7db727ebc0c99e8ad2c29bf5f (commit) via f256bab03e2f191bc2e97fd2cc579d82c440b996 (commit) from b2359db21c1eca7441c63b0791f8e3405b42ff83 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a55c2125380aa2253ff13ea9b39e53d7b7df3db8 Author: Joshua Rogers Date: Fri Jan 30 11:42:52 2015 +0900 kbx: Fix resource leak. * kbx/keybox-update.c (blob_filecopy): Fix resource leak. On error return, 'fp' and 'newfp' was never closed. -- Signed-off-by: Joshua Rogers [Log entry reformatted, and added more fixes - gniibe] (cherry picked from commit 7db6c82cec49b7c56c403a8ea98364086baf75f3) diff --git a/kbx/keybox-update.c b/kbx/keybox-update.c index dfa7af3..410986c 100644 --- a/kbx/keybox-update.c +++ b/kbx/keybox-update.c @@ -237,11 +237,17 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob, rc = _keybox_write_header_blob (newfp); if (rc) - return rc; + { + fclose (newfp); + return rc; + } rc = _keybox_write_blob (blob, newfp); if (rc) - return rc; + { + fclose (newfp); + return rc; + } if ( fclose (newfp) ) return gpg_error_from_syserror (); @@ -264,7 +270,8 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob, rc = create_tmp_file (fname, &bakfname, &tmpfname, &newfp); if (rc) { - fclose(fp); + fclose (fp); + fclose (newfp); goto leave; } @@ -277,12 +284,16 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob, if (fwrite (buffer, nread, 1, newfp) != 1) { rc = gpg_error_from_syserror (); + fclose (fp); + fclose (newfp); goto leave; } } if (ferror (fp)) { rc = gpg_error_from_syserror (); + fclose (fp); + fclose (newfp); goto leave; } } @@ -306,19 +317,27 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob, if (fwrite (buffer, nread, 1, newfp) != 1) { rc = gpg_error_from_syserror (); + fclose (fp); + fclose (newfp); goto leave; } } if (ferror (fp)) { rc = gpg_error_from_syserror (); + fclose (fp); + fclose (newfp); goto leave; } /* Skip this blob. */ rc = _keybox_read_blob (NULL, fp); if (rc) - return rc; + { + fclose (fp); + fclose (newfp); + return rc; + } } /* Do an insert or update. */ @@ -326,7 +345,11 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob, { rc = _keybox_write_blob (blob, newfp); if (rc) + { + fclose (fp); + fclose (newfp); return rc; + } } /* Copy the rest of the packet for an delete or update. */ @@ -337,12 +360,16 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob, if (fwrite (buffer, nread, 1, newfp) != 1) { rc = gpg_error_from_syserror (); + fclose (fp); + fclose (newfp); goto leave; } } if (ferror (fp)) { rc = gpg_error_from_syserror (); + fclose (fp); + fclose (newfp); goto leave; } } @@ -614,7 +641,7 @@ keybox_compress (KEYBOX_HANDLE hd) rc = create_tmp_file (fname, &bakfname, &tmpfname, &newfp); if (rc) { - fclose(fp); + fclose (fp); return rc;; } commit 2b2adb85948ce2c7db727ebc0c99e8ad2c29bf5f Author: Werner Koch Date: Thu Feb 12 18:45:08 2015 +0100 gpg: Limit the size of key packets to a sensible value. * g10/parse-packet.c (MAX_KEY_PACKET_LENGTH): New. (MAX_UID_PACKET_LENGTH): New. (MAX_COMMENT_PACKET_LENGTH): New. (MAX_ATTR_PACKET_LENGTH): New. (parse_key): Limit the size of a key packet to 256k. (parse_user_id): Use macro for the packet size limit. (parse_attribute): Ditto. (parse_comment): Ditto. -- Without that it is possible to force gpg to allocate large amounts of memory by using a bad encoded MPI. This would be an too easy DoS. Another way to mitigate would be to change the MPI read function to allocate memory dynamically while reading the MPI. However, that complicates and possibly slows down the code. A too large key packet is in any case a sign for broken data and thus gpg should not use it. Reported-by: Hanno B?ck GnuPG-bug-id: 1823 Signed-off-by: Werner Koch (back ported from commit 382ba4b137b42d5f25a7e256bb7c053ee5ac7b64) diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 1048402..c374477 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -35,6 +35,14 @@ #include "main.h" #include "i18n.h" + +/* Maximum length of packets to avoid excessive memory allocation. */ +#define MAX_KEY_PACKET_LENGTH (256 * 1024) +#define MAX_UID_PACKET_LENGTH ( 2 * 1024) +#define MAX_COMMENT_PACKET_LENGTH ( 64 * 1024) +#define MAX_ATTR_PACKET_LENGTH ( 16 * 1024*1024) + + static int mpi_print_mode; static int list_mode; static FILE *listfp; @@ -1741,6 +1749,13 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen, rc = gpg_error (GPG_ERR_INV_PACKET); goto leave; } + else if (pktlen > MAX_KEY_PACKET_LENGTH) { + log_error ("packet(%d) too large\n", pkttype); + if (list_mode) + fputs (":key packet: [too large]\n", listfp); + rc = gpg_error (GPG_ERR_INV_PACKET); + goto leave; + } timestamp = read_32(inp); pktlen -= 4; if( is_v4 ) { @@ -2158,7 +2173,7 @@ parse_user_id( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet ) allocatable, and a very large pktlen could actually cause our allocation to wrap around in xmalloc to a small number. */ - if (pktlen > 2048) + if (pktlen > MAX_UID_PACKET_LENGTH) { log_error ("packet(%d) too large\n", pkttype); iobuf_skip_rest(inp, pktlen, 0); @@ -2232,7 +2247,7 @@ parse_attribute( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet ) /* We better cap the size of an attribute packet to make DoS not too easy. 16MB should be more then enough for one attribute packet (ie. a photo). */ - if (pktlen > 16*1024*1024) { + if (pktlen > MAX_ATTR_PACKET_LENGTH) { log_error ("packet(%d) too large\n", pkttype); if (list_mode) fprintf (listfp, ":attribute packet: [too large]\n"); @@ -2274,7 +2289,7 @@ parse_comment( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet ) overflow in the malloc below. Comment packets are actually not anymore define my OpenPGP and we even stopped to use our private comment packet. */ - if (pktlen>65536) + if (pktlen > MAX_COMMENT_PACKET_LENGTH) { log_error ("packet(%d) too large\n", pkttype); iobuf_skip_rest (inp, pktlen, 0); commit f256bab03e2f191bc2e97fd2cc579d82c440b996 Author: Werner Koch Date: Thu Feb 12 18:26:58 2015 +0100 Avoid double-close in unusual dotlock situations. * jnlib/dotlock.c (create_dotlock): Avoid double close due to EINTR. -- close(2) says: close() should not be retried after an EINTR since this may cause a reused descriptor from another thread to be closed. (backported from commit 628b111fa679612e23c0d46505b1ecbbf091897d) Debian-Bug-Id: 773423 Signed-off-by: Werner Koch diff --git a/jnlib/dotlock.c b/jnlib/dotlock.c index 260c086..2578658 100644 --- a/jnlib/dotlock.c +++ b/jnlib/dotlock.c @@ -1,5 +1,5 @@ /* dotlock.c - dotfile locking - * Copyright (C) 1998, 2000, 2001, 2003, 2004, + * Copyright (C) 1998, 2000, 2001, 2003, 2004, * 2005, 2006, 2008 Free Software Foundation, Inc. * * This file is part of JNLIB. @@ -58,7 +58,7 @@ /* The object describing a lock. */ -struct dotlock_handle +struct dotlock_handle { struct dotlock_handle *next; char *lockname; /* Name of the actual lockfile. */ @@ -109,7 +109,7 @@ disable_dotlock(void) Calling this function with NULL does only install the atexit handler and may thus be used to assure that the cleanup is called after all other atexit handlers. - + This function creates a lock file in the same directory as FILE_TO_LOCK using that name and a suffix of ".lock". Note that on POSIX systems a temporary file ".#lk..pid[.threadid] is @@ -171,7 +171,7 @@ create_dotlock (const char *file_to_lock) nodename = "unknown"; else nodename = utsbuf.nodename; - + #ifdef __riscos__ { char *iter = (char *) nodename; @@ -220,15 +220,15 @@ create_dotlock (const char *file_to_lock) "%s/%d", nodename, (int)getpid () ); #endif /* __riscos__ */ - do + do { errno = 0; fd = open (h->tname, O_WRONLY|O_CREAT|O_EXCL, S_IRUSR|S_IRGRP|S_IROTH|S_IWUSR ); - } + } while (fd == -1 && errno == EINTR); - if ( fd == -1 ) + if ( fd == -1 ) { all_lockfiles = h->next; log_error (_("failed to create temporary file `%s': %s\n"), @@ -244,7 +244,12 @@ create_dotlock (const char *file_to_lock) if ( write (fd, "\n", 1 ) != 1 ) goto write_failed; if ( close (fd) ) - goto write_failed; + { + if ( errno == EINTR ) + fd = -1; + goto write_failed; + } + fd = -1; # ifdef _REENTRANT /* release mutex */ @@ -267,7 +272,8 @@ create_dotlock (const char *file_to_lock) /* fixme: release mutex */ # endif log_error ( _("error writing to `%s': %s\n"), h->tname, strerror(errno) ); - close (fd); + if (fd != -1) + close (fd); unlink (h->tname); jnlib_free (h->tname); jnlib_free (h); @@ -300,7 +306,7 @@ create_dotlock (const char *file_to_lock) reasons why a lock file can't be created and thus the process would not stop as expected but spin til until Windows crashes. Our solution is to keep the lock file open; that does not - harm. */ + harm. */ h->lockhd = CreateFile (h->lockname, GENERIC_READ|GENERIC_WRITE, FILE_SHARE_READ|FILE_SHARE_WRITE, @@ -339,7 +345,7 @@ destroy_dotlock ( DOTLOCK h ) h->next = NULL; break; } - + /* Then destroy the lock. */ if (!h->disable) { @@ -395,7 +401,7 @@ make_dotlock ( DOTLOCK h, long timeout ) if ( h->disable ) return 0; /* Locks are completely disabled. Return success. */ - if ( h->locked ) + if ( h->locked ) { #ifndef __riscos__ log_debug ("Oops, `%s' is already locked\n", h->lockname); @@ -419,19 +425,19 @@ make_dotlock ( DOTLOCK h, long timeout ) return -1; } # else /* __riscos__ */ - if ( !renamefile(h->tname, h->lockname) ) + if ( !renamefile(h->tname, h->lockname) ) { h->locked = 1; return 0; /* okay */ } - if ( errno != EEXIST ) + if ( errno != EEXIST ) { log_error( "lock not made: rename() failed: %s\n", strerror(errno) ); return -1; } # endif /* __riscos__ */ - if ( (pid = read_lockfile (h, &same_node)) == -1 ) + if ( (pid = read_lockfile (h, &same_node)) == -1 ) { if ( errno != ENOENT ) { @@ -461,11 +467,11 @@ make_dotlock ( DOTLOCK h, long timeout ) # endif /* __riscos__ */ } - if ( timeout == -1 ) + if ( timeout == -1 ) { /* Wait until lock has been released. */ struct timeval tv; - + log_info (_("waiting for lock (held by %d%s) %s...\n"), pid, maybe_dead, maybe_deadlock(h)? _("(deadlock?) "):""); @@ -495,7 +501,7 @@ make_dotlock ( DOTLOCK h, long timeout ) return -1; } - if ( timeout == -1 ) + if ( timeout == -1 ) { /* Wait until lock has been released. */ log_info (_("waiting for lock %s...\n"), h->lockname); @@ -545,7 +551,7 @@ release_dotlock( DOTLOCK h ) #else pid = read_lockfile (h, &same_node); - if ( pid == -1 ) + if ( pid == -1 ) { log_error( "release_dotlock: lockfile error\n"); return -1; @@ -566,7 +572,7 @@ release_dotlock( DOTLOCK h ) /* Fixme: As an extra check we could check whether the link count is now really at 1. */ #else /* __riscos__ */ - if ( renamefile (h->lockname, h->tname) ) + if ( renamefile (h->lockname, h->tname) ) { log_error ("release_dotlock: error renaming lockfile `%s' to `%s'\n", h->lockname, h->tname); @@ -594,7 +600,7 @@ read_lockfile (DOTLOCK h, int *same_node ) char *buffer, *p; size_t expected_len; int res, nread; - + *same_node = 0; expected_len = 10 + 1 + h->nodename_len + 1; if ( expected_len >= sizeof buffer_space) @@ -627,7 +633,7 @@ read_lockfile (DOTLOCK h, int *same_node ) if (res < 0) { log_info ("error reading lockfile `%s'", h->lockname ); - close (fd); + close (fd); if (buffer != buffer_space) jnlib_free (buffer); errno = 0; /* Do not return an inappropriate ERRNO. */ @@ -651,7 +657,7 @@ read_lockfile (DOTLOCK h, int *same_node ) if (buffer[10] != '\n' || (buffer[10] = 0, pid = atoi (buffer)) == -1 #ifndef __riscos__ - || !pid + || !pid #else /* __riscos__ */ || (!pid && riscos_getpid()) #endif /* __riscos__ */ @@ -665,7 +671,7 @@ read_lockfile (DOTLOCK h, int *same_node ) } if (nread == expected_len - && !memcmp (h->tname+h->nodename_off, buffer+11, h->nodename_len) + && !memcmp (h->tname+h->nodename_off, buffer+11, h->nodename_len) && buffer[11+h->nodename_len] == '\n') *same_node = 1; @@ -683,10 +689,10 @@ void dotlock_remove_lockfiles() { DOTLOCK h, h2; - + h = all_lockfiles; all_lockfiles = NULL; - + while ( h ) { h2 = h->next; ----------------------------------------------------------------------- Summary of changes: g10/parse-packet.c | 21 ++++++++++++++++--- jnlib/dotlock.c | 58 +++++++++++++++++++++++++++++------------------------ kbx/keybox-update.c | 37 +++++++++++++++++++++++++++++----- 3 files changed, 82 insertions(+), 34 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 12 20:42:08 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 12 Feb 2015 20:42:08 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.2-3-g07a71da Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 07a71da479daaac43b8c5b1034a1e66f96bdbc48 (commit) from 070d7bf940efa60db2b0734273b9b3736d18338a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 07a71da479daaac43b8c5b1034a1e66f96bdbc48 Author: Werner Koch Date: Thu Feb 12 20:40:39 2015 +0100 scd: Fix regression in 2.1.2 (due to commit 2183683) * scd/apdu.c (pcsc_vendor_specific_init): Replace use of bufNN_to_uint by direct code. -- Hey, that was little endian. diff --git a/scd/apdu.c b/scd/apdu.c index e5db4f0..5e7d27b 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -1851,9 +1851,9 @@ pcsc_vendor_specific_init (int slot) if (l == 1) v = p[0]; else if (l == 2) - v = buf16_to_uint (p); + v = (((unsigned int)p[1] << 8) | p[0]); else if (l == 4) - v = buf32_to_uint (p); + v = (((unsigned int)p[3] << 24) | (p[2] << 16) | (p[1] << 8) | p[0]); if (tag == PCSCv2_PART10_PROPERTY_bMinPINSize) reader_table[slot].pcsc.pinmin = v; ----------------------------------------------------------------------- Summary of changes: scd/apdu.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Feb 16 17:10:39 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 16 Feb 2015 17:10:39 +0100 Subject: [git] gnupg-doc - branch, master, updated. 80457d4bc0010f1de6f8eb415e78c9e3f05f5daa Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 80457d4bc0010f1de6f8eb415e78c9e3f05f5daa (commit) from 1dc19e5c97389309642760aa56c12d2a7f4ac6d8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 80457d4bc0010f1de6f8eb415e78c9e3f05f5daa Author: Werner Koch Date: Mon Feb 16 17:02:03 2015 +0100 blog: Status report for January 2015. diff --git a/misc/blog.gnupg.org/20150216-gnupg-in-january.org b/misc/blog.gnupg.org/20150216-gnupg-in-january.org new file mode 100644 index 0000000..a9c47ec --- /dev/null +++ b/misc/blog.gnupg.org/20150216-gnupg-in-january.org @@ -0,0 +1,75 @@ +# GnuPG News for January 2015 +#+STARTUP: showall +#+AUTHOR: Werner +#+DATE: February 16th, 2015 + +** GnuPG News for January 2015 + +This is the first issue of a series of status reports for the GnuPG +project. It is quite late for a review of things which happened +January but unexpected (but meanwhile widely known) events prohibited +me from writing this earlies. More on this in another article. + +First the good news: In January I was contacted by the [[http://www.linuxfoundation.org/programs/core-infrastructure-initiative][Core +Infrastructure Initiative]] with an offer to help funding the GnuPG +development. I gladly accepted that that offer for 60,000 USD for +this year. After short and exceptionally non-bureaucratic negotiations +we agreed on a contract which pays [[https://g10code.com][g10^code]] 5,000 USD each month in +2015 for work on GnuPG. That money will be used to pay my, now +increased, salary. Thanks guys. + +After the release of GnuPG 2.1.1 in late December quite some bugs were +reported for this new branch. Thus most of my work was related to +fixing these bugs and prepare a bug fix release. As usual Niibe +Yutaka helped a lot by taking care of the smartcard part and reviewing +other patches and bugs. Some minor bugs and memory leaks were fixed +in that time as well as some code cleanup. + +The move to automake 1.14 and gcc 4.9 required a bit of work. The +update to the latest automake version was originally planned after the +release of Debian Jessie but for other reasons I had to update my +development box to to-be-Jessie already now and thus switching +automake was done right away. This required only minor changes but +with all those libraries required by GnuPG 2.x, it nevertheless took +some days. At that opportunity all the build-aux files (config.guess +et al.) were also updated to the latest version. The code base is now +quite up to the latest development tools (at least in the repo). gcc +4.9 prints a couple of new warnings and thus a few other code changes +were required as well. + +I also took some days to play with the Windows port but finally +decided that there won't be a Windows installer for the forthcoming +2.1.2 versions. We need to investigate on how to best package the +Windows binary version without having too much dependencies to +external libraries. In particular GPGME with its dependencies on Glib +is still troublesome and this might need some re-packaging of +GPGME. The general idea for the 2.1 installer will be to package only +the GnuPG core without any GUI stuff and do that in a way which helps +other packages to use that one GnuPG version on Windows. This has the +huge advantage that we can release updates to GnuPG without having +also to update all the other software which uses GnuPG under the hood. + +After having fixed a couple of build problems of OS X, Patrick +Brunswick of Enigmail is meanwhile able to build an OS X installer +soon after a new GnuPG release and thus a link to this installer has +been added to the download page. + +To allow for a one-stop key generation we also came up with an easy +way to generate a key without having to resort to Pinentry. Even +after 15 or so years of the =--command-fd= based API to gpg, the first +request was filed to provide a stable interface to select the +algorithm: gpg has always printed a list of algorithm sets and asked +the user to enter the order number to select the algorithms. However, +there was no way for a script to map algorithm names to these order +numbers. It is surprising that it took so long until someone +requested a solid way of entering that. It has been solved by +assigning fixed strings (see doc/DETAILS) to each algorithm and +allowing this string as an alternative to the order number. Please do +not hesitate to ask on gnupg-devel@ for advise or ask for a new +feature. If a new feature makes sense and fits into the overall +architecture then there is quite some chance that it will be added. +But we need to know about it. + +Like in many years, January closed at that great hackers meeting in +Brussels. Maybe next year there will be enough interest for a GnuPG +session and a booth as [[https://fosdem.org][FOSDEM]]. ----------------------------------------------------------------------- Summary of changes: misc/blog.gnupg.org/20150216-gnupg-in-january.org | 75 +++++++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 misc/blog.gnupg.org/20150216-gnupg-in-january.org hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 18 11:04:20 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Wed, 18 Feb 2015 11:04:20 +0100 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.18-3-gb400d7c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via b400d7c65daaf44f227073ddde7d06986afde786 (commit) from 8487ec25e1c8f73ca7dc31e5d648cb05eede0f14 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b400d7c65daaf44f227073ddde7d06986afde786 Author: Neal H. Walfield Date: Wed Feb 18 11:04:12 2015 +0100 Correct URL. diff --git a/autogen.sh b/autogen.sh index 471193c..24da40c 100755 --- a/autogen.sh +++ b/autogen.sh @@ -347,7 +347,7 @@ if [ -d .git ]; then [ -z "${SILENT}" ] && cat < This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 0c3d7645dfad9968d0128fb35a304881121ec61b (commit) via cb2ee2dc50ae2f15022db38214bd820dbea93aaa (commit) from 3627123dc8fdc551caca1c7944713fbf01feccf6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0c3d7645dfad9968d0128fb35a304881121ec61b Author: Werner Koch Date: Wed Feb 18 12:14:22 2015 +0100 gpg: Print better diagnostics for keyserver operations. * g10/armor.c (parse_key_failed_line): New. (check_input): Watch out for gpgkeys_ error lines. * g10/filter.h (armor_filter_context_t): Add field key_failed_code. * g10/import.c (import): Add arg r_gpgkeys_err. (import_keys_internal): Ditto. (import_keys_stream): Ditto. * g10/keyserver.c (keyserver_errstr): New. (keyserver_spawn): Detect "KEY " lines while sending. Get gpgkeys_err while receiving keys. (keyserver_work): Add kludge for better error messages. -- GnuPG-bug-id: 1832 Note that these changes can be backported to 1.4 but they don't make sense for 2.1 due to the removal of the keyserver helpers. The error reporting could be improved even more but given that this is an old GnuPG branch it is not justified to put too much effort into it. Signed-off-by: Werner Koch diff --git a/g10/armor.c b/g10/armor.c index 2065335..6c0013d 100644 --- a/g10/armor.c +++ b/g10/armor.c @@ -381,6 +381,32 @@ is_armor_header( byte *line, unsigned len ) } +/* Helper to parse a "KEY FAILED " line and return the + error code. LINEPTR points right behind "KEY ". */ +int +parse_key_failed_line (const void *lineptr, unsigned int len) +{ + const byte *line = lineptr; + int code = 0; + + for (; len && !spacep (line); len--, line++) + ; + for (; len && spacep (line); len--, line++) + ; + if (len > 7 && !memcmp (line, "FAILED ", 7)) + { + line += 7; + len -= 7; + for (; len && digitp (line); len--, line++) + { + code *= 10; + code += atoi_1 (line); + } + } + + return code; +} + /**************** * Parse a header lines @@ -501,6 +527,17 @@ check_input( armor_filter_context_t *afx, IOBUF a ) /* find the armor header */ while(len) { i = is_armor_header( line, len ); + if (i == -1 && afx->only_keyblocks + && !afx->key_failed_code + && len > 4 && !memcmp (line, "KEY ", 4)) + { + /* This is probably input from a keyserver helper and we + have not yet seen an error line. */ + afx->key_failed_code = parse_key_failed_line (line+4, len-4); + log_debug ("armor-keys-failed (%.*s) ->%d\n", + (int)len, line, + afx->key_failed_code); + } if( i >= 0 && !(afx->only_keyblocks && i != 1 && i != 5 && i != 6 )) { hdr_line = i; if( hdr_line == BEGIN_SIGNED_MSG_IDX ) { diff --git a/g10/filter.h b/g10/filter.h index 923cfda..6bcb037 100644 --- a/g10/filter.h +++ b/g10/filter.h @@ -39,6 +39,8 @@ typedef struct { /* these fields must be initialized to zero */ int no_openpgp_data; /* output flag: "No valid OpenPGP data found" */ + int key_failed_code; /* Error code from the first gpgkkeys_* + "KEY FAILED " line. */ /* the following fields must be initialized to zero */ int inp_checked; /* set if the input has been checked */ @@ -121,7 +123,7 @@ typedef struct { unsigned long last; /* last amount reported */ unsigned long offset; /* current amount */ unsigned long total; /* total amount */ - int refcount; + int refcount; } progress_filter_context_t; /* encrypt_filter_context_t defined in main.h */ diff --git a/g10/import.c b/g10/import.c index 8e509dd..e1f43b2 100644 --- a/g10/import.c +++ b/g10/import.c @@ -60,7 +60,8 @@ struct stats_s { static int import( IOBUF inp, const char* fname,struct stats_s *stats, unsigned char **fpr,size_t *fpr_len,unsigned int options, - import_filter_t filter, void *filter_arg ); + import_filter_t filter, void *filter_arg, + int *r_gpgkeys_err); static int read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root ); static void revocation_present(KBNODE keyblock); static int import_one(const char *fname, KBNODE keyblock,struct stats_s *stats, @@ -177,7 +178,8 @@ static int import_keys_internal( IOBUF inp, char **fnames, int nnames, void *stats_handle, unsigned char **fpr, size_t *fpr_len, unsigned int options, - import_filter_t filter, void *filter_arg) + import_filter_t filter, void *filter_arg, + int *r_gpgkeys_err) { int i, rc = 0; struct stats_s *stats = stats_handle; @@ -187,7 +189,7 @@ import_keys_internal( IOBUF inp, char **fnames, int nnames, if (inp) { rc = import (inp, "[stream]", stats, fpr, fpr_len, options, - filter, filter_arg); + filter, filter_arg, r_gpgkeys_err); } else { int once = (!fnames && !nnames); @@ -208,7 +210,7 @@ import_keys_internal( IOBUF inp, char **fnames, int nnames, else { rc = import (inp2, fname, stats, fpr, fpr_len, options, - NULL, NULL); + NULL, NULL, r_gpgkeys_err); iobuf_close(inp2); /* Must invalidate that ugly cache to actually close it. */ iobuf_ioctl (NULL, 2, 0, (char*)fname); @@ -240,37 +242,42 @@ import_keys( char **fnames, int nnames, void *stats_handle, unsigned int options ) { import_keys_internal (NULL, fnames, nnames, stats_handle, NULL, NULL, - options, NULL, NULL); + options, NULL, NULL, NULL); } + +/* Import keys from an open stream. */ int import_keys_stream( IOBUF inp, void *stats_handle, unsigned char **fpr, size_t *fpr_len,unsigned int options, - import_filter_t filter, void *filter_arg) + import_filter_t filter, void *filter_arg, + int *r_gpgkeys_err) { return import_keys_internal (inp, NULL, 0, stats_handle, fpr, fpr_len, - options, filter, filter_arg); + options, filter, filter_arg, r_gpgkeys_err); } +/* Note: If R_GPGKEYS_ERR is not NULL an error code from the keyserver + helpers will be stored there. */ static int import (IOBUF inp, const char* fname,struct stats_s *stats, unsigned char **fpr, size_t *fpr_len, unsigned int options, - import_filter_t filter, void *filter_arg) + import_filter_t filter, void *filter_arg, int *r_gpgkeys_err) { PACKET *pending_pkt = NULL; KBNODE keyblock = NULL; int rc = 0; + int need_armor = (!opt.no_armor || r_gpgkeys_err); + armor_filter_context_t *afx = NULL; getkey_disable_caches(); - if( !opt.no_armor ) { /* armored reading is not disabled */ - armor_filter_context_t *afx; - + if (!opt.no_armor || r_gpgkeys_err) { + /* armored reading is not disabled or enforced. */ afx = new_armor_context (); afx->only_keyblocks = 1; push_armor_filter (afx, inp); - release_armor_context (afx); } while( !(rc = read_block( inp, &pending_pkt, &keyblock) )) { @@ -300,6 +307,11 @@ import (IOBUF inp, const char* fname,struct stats_s *stats, else if( rc && rc != G10ERR_INV_KEYRING ) log_error( _("error reading `%s': %s\n"), fname, g10_errstr(rc)); + if (afx && r_gpgkeys_err) + *r_gpgkeys_err = afx->key_failed_code; + + release_armor_context (afx); + return rc; } diff --git a/g10/keyserver.c b/g10/keyserver.c index af00401..dc49e1b 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -1062,6 +1062,30 @@ keyserver_retrieval_filter (kbnode_t keyblock, void *opaque) } +static const char * +keyserver_errstr (int code) +{ + const char *s; + + switch (code) + { + case KEYSERVER_OK: s = "success"; break; + case KEYSERVER_INTERNAL_ERROR:s = "keyserver helper internal error"; break; + case KEYSERVER_NOT_SUPPORTED: s =gpg_strerror (GPG_ERR_NOT_SUPPORTED);break; + case KEYSERVER_VERSION_ERROR: s = "keyserver helper version mismatch";break; + case KEYSERVER_GENERAL_ERROR: s = "keyserver helper general error"; break; + case KEYSERVER_NO_MEMORY: s = "keyserver helper is out of core"; break; + case KEYSERVER_KEY_NOT_FOUND: s =gpg_strerror (GPG_ERR_NOT_FOUND); break; + case KEYSERVER_KEY_EXISTS: s = "key exists"; break; + case KEYSERVER_KEY_INCOMPLETE:s = "key incomplete (EOF)"; break; + case KEYSERVER_UNREACHABLE: s =gpg_strerror (GPG_ERR_UNKNOWN_HOST);break; + case KEYSERVER_TIMEOUT: s =gpg_strerror (GPG_ERR_TIMEOUT); break; + default: s = "?"; break; + } + return s; +} + + static int keyserver_spawn (enum ks_action action, strlist_t list, KEYDB_SEARCH_DESC *desc, int count, int *prog, unsigned char **fpr, size_t *fpr_len, @@ -1534,8 +1558,11 @@ keyserver_spawn (enum ks_action action, strlist_t list, KEYDB_SEARCH_DESC *desc, plen--; plen[ptr]='\0'; - if(*ptr=='\0') - break; + /* Stop at the first empty line but not if we are sending keys. + In the latter case we won't continue reading later and thus + we need to watch out for errors right in this loop. */ + if(*ptr=='\0' && action != KS_SEND) + break; if(ascii_strncasecmp(ptr,"VERSION ",8)==0) { @@ -1556,6 +1583,14 @@ keyserver_spawn (enum ks_action action, strlist_t list, KEYDB_SEARCH_DESC *desc, } else if(ascii_strncasecmp(ptr,"OPTION OUTOFBAND",16)==0) outofband=1; /* Currently the only OPTION */ + else if (action == KS_SEND + && ascii_strncasecmp(ptr,"KEY ",4)==0) + { + ret = parse_key_failed_line (ptr+4, strlen (ptr+4)); + break; /* We stop at the first KEY line so that we won't + run into an EOF which would return an unspecified + error message (due to iobuf_read_line). */ + } } if(!gotversion) @@ -1572,6 +1607,7 @@ keyserver_spawn (enum ks_action action, strlist_t list, KEYDB_SEARCH_DESC *desc, { void *stats_handle; struct ks_retrieval_filter_arg_s filterarg; + int gpgkeys_err; stats_handle=import_new_stats_handle(); @@ -1586,14 +1622,21 @@ keyserver_spawn (enum ks_action action, strlist_t list, KEYDB_SEARCH_DESC *desc, but we better protect against rogue keyservers. */ filterarg.desc = desc; filterarg.ndesc = count; + gpgkeys_err = 0; import_keys_stream (spawn->fromchild, stats_handle, fpr, fpr_len, (opt.keyserver_options.import_options | IMPORT_NO_SECKEY), - keyserver_retrieval_filter, &filterarg); + keyserver_retrieval_filter, &filterarg, + &gpgkeys_err); import_print_stats(stats_handle); import_release_stats_handle(stats_handle); - + if (gpgkeys_err) + { + log_error (_("keyserver communications error: %s\n"), + keyserver_errstr (gpgkeys_err)); + ret = gpgkeys_err; + } break; } @@ -1614,7 +1657,6 @@ keyserver_spawn (enum ks_action action, strlist_t list, KEYDB_SEARCH_DESC *desc, xfree(line); xfree(searchstr); - *prog=exec_finish(spawn); return ret; @@ -1641,9 +1683,11 @@ keyserver_work (enum ks_action action, strlist_t list, KEYDB_SEARCH_DESC *desc, return G10ERR_KEYSERVER; #else - /* Spawn a handler */ - + /* Spawn a handler. The use of RC and RET is a mess. We use a + kludge to return a suitable error message. */ rc=keyserver_spawn(action,list,desc,count,&ret,fpr,fpr_len,keyserver); + if (ret == KEYSERVER_INTERNAL_ERROR && rc) + ret = rc; if(ret) { switch(ret) @@ -1672,6 +1716,9 @@ keyserver_work (enum ks_action action, strlist_t list, KEYDB_SEARCH_DESC *desc, log_error(_("keyserver timed out\n")); break; + case KEYSERVER_UNREACHABLE: + return gpg_error (GPG_ERR_UNKNOWN_HOST); + case KEYSERVER_INTERNAL_ERROR: default: log_error(_("keyserver internal error\n")); @@ -2136,7 +2183,7 @@ keyserver_import_cert(const char *name,unsigned char **fpr,size_t *fpr_len) rc=import_keys_stream (key, NULL, fpr, fpr_len, (opt.keyserver_options.import_options - | IMPORT_NO_SECKEY), NULL, NULL); + | IMPORT_NO_SECKEY), NULL, NULL, NULL); opt.no_armor=armor_status; diff --git a/g10/main.h b/g10/main.h index 7cd6756..4ee1b73 100644 --- a/g10/main.h +++ b/g10/main.h @@ -66,6 +66,7 @@ extern int g10_errors_seen; /*-- armor.c --*/ char *make_radix64_string( const byte *data, size_t len ); +int parse_key_failed_line (const void *lineptr, unsigned int len); /*-- misc.c --*/ void trap_unaligned(void); @@ -271,7 +272,8 @@ void import_keys( char **fnames, int nnames, void *stats_hd, unsigned int options ); int import_keys_stream (iobuf_t inp, void *stats_hd, unsigned char **fpr, size_t *fpr_len, unsigned int options, - import_filter_t filter, void *filter_arg); + import_filter_t filter, void *filter_arg, + int *r_gpgkeys_err); void *import_new_stats_handle (void); void import_release_stats_handle (void *p); void import_print_stats (void *hd); commit cb2ee2dc50ae2f15022db38214bd820dbea93aaa Author: Werner Koch Date: Fri Feb 13 11:37:17 2015 +0100 keyserver: Show log prefix when not build with cURL. * keyserver/ksutil.c (init_ks_options) [!HAVE_LIBCURL]: Set logging prefix. Signed-off-by: Werner Koch diff --git a/keyserver/ksutil.c b/keyserver/ksutil.c index 7231d0a..0ba09cd 100644 --- a/keyserver/ksutil.c +++ b/keyserver/ksutil.c @@ -112,6 +112,12 @@ init_ks_options(void) { struct ks_options *opt; +#ifndef HAVE_LIBCURL + /* Without cURL we use our own HTTP module which uses our logging + subsystem. Thus we need to init that. */ + log_set_prefix ("gpgkeys", JNLIB_LOG_WITH_PREFIX); +#endif /*!HAVE_LIBCURL*/ + opt=calloc(1,sizeof(struct ks_options)); if(opt) ----------------------------------------------------------------------- Summary of changes: g10/armor.c | 37 ++++++++++++++++++++++++++++++++ g10/filter.h | 4 +++- g10/import.c | 36 ++++++++++++++++++++----------- g10/keyserver.c | 63 +++++++++++++++++++++++++++++++++++++++++++++++------- g10/main.h | 4 +++- keyserver/ksutil.c | 6 ++++++ 6 files changed, 128 insertions(+), 22 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 18 19:27:26 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 18 Feb 2015 19:27:26 +0100 Subject: [git] gnupg-doc - branch, master, updated. 4acb6162899cf58c97b2a34e0dadf13590d0ffe7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 4acb6162899cf58c97b2a34e0dadf13590d0ffe7 (commit) from 80457d4bc0010f1de6f8eb415e78c9e3f05f5daa (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4acb6162899cf58c97b2a34e0dadf13590d0ffe7 Author: Werner Koch Date: Wed Feb 18 19:18:43 2015 +0100 web: GnuPG 2.0.27 release news etc. diff --git a/web/download/index.org b/web/download/index.org index ede8133..d4c01af 100644 --- a/web/download/index.org +++ b/web/download/index.org @@ -104,6 +104,7 @@ | | {{{ftpopen}}}{{{ftp_base}}}/binary/gnupg-w32-{{{gnupg21_w32_ver}}}.exe{{{ftpclose}}} {{{ftpopen}}}{{{ftp_base}}}/binary/gnupg-w32-{{{gnupg21_w32_ver}}}.exe.sig{{{ftpcloseS}}} | Simple installer for /GnuPG modern/ | | | {{{ftpopen}}}{{{ftp_base}}}/binary/gnupg-w32cli-{{{gnupg1_w32cli_ver}}}.exe{{{ftpclose}}} {{{ftpopen}}}{{{ftp_base}}}/binary/gnupg-w32cli-{{{gnupg1_w32cli_ver}}}.exe.sig{{{ftpcloseS}}} | Simple installer for /GnuPG classic/ | | OS X | [[http://gpgtools.org][Mac GPG]] | Installer from the gpgtools project | + | | [[https://sourceforge.net/p/gpgosx/docu/Download/][GnuPG for OS X]] | Installer for /GnuPG modern/ | | Debian | [[https://www.debian.org][Debian site]] | GnuPG stable and classic are part of Debian | | RPM | [[http://rpmfind.net/][rpmfind]] | RPM packages for different OS | | Android | [[https://guardianproject.info/code/gnupg/][Guardian project]] | Provides a GnuPG 2.1 framework | diff --git a/web/index.org b/web/index.org index f4203db..44f1081 100644 --- a/web/index.org +++ b/web/index.org @@ -118,6 +118,11 @@ all [[file:news.org][news of previous years]] is also available. # point or paste the [[news.en.rss][RSS file]] into your aggregator. +** GnuPG 2.0.27 released (2015-02-18) + +GnuPG 2.0.27 is now available. This release fixes a couple of bugs; +users of GnuPG 2.0.x should update to this version. [[http://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html][{more}]] + ** GnuPG 2.1.2 released (2015-02-11) This is the third release of the /modern/ branch of GnuPG. It fixes diff --git a/web/swdb.mac b/web/swdb.mac index 77d5add..93da7ff 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -9,10 +9,10 @@ # # GnuPG-2 # -#+macro: gnupg_ver 2.0.26 +#+macro: gnupg_ver 2.0.27 #+macro: gnupg_branch STABLE-BRANCH-2-0 -#+macro: gnupg_size 4203k -#+macro: gnupg_sha1 3ff5b38152c919724fd09cf2f17df704272ba192 +#+macro: gnupg_size 4321k +#+macro: gnupg_sha1 d065be185f5bac8ea07b210ab7756e79b83b63d4 # # GnuPG-2.1 ----------------------------------------------------------------------- Summary of changes: web/download/index.org | 1 + web/index.org | 5 +++++ web/swdb.mac | 6 +++--- 3 files changed, 9 insertions(+), 3 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 19 16:31:21 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 19 Feb 2015 16:31:21 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.2-4-g76c8122 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 76c8122adfed0f0f443cce7bda702ba2b39661b3 (commit) from 07a71da479daaac43b8c5b1034a1e66f96bdbc48 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 76c8122adfed0f0f443cce7bda702ba2b39661b3 Author: Werner Koch Date: Thu Feb 19 16:29:58 2015 +0100 gpg: Fix segv due to NULL value stored as opaque MPI. * g10/build-packet.c (gpg_mpi_write): Check for NULL return from gcry_mpi_get_opaque. (gpg_mpi_write_nohdr, do_key): Ditto. * g10/keyid.c (hash_public_key): Ditto. -- This fix extends commmit 0835d2f44ef62eab51fce6a927908f544e01cf8f. gpg2 --export --no-default-keyring --keyring TESTDATA With TESTDATA being below after unpacking. -----BEGIN PGP ARMORED FILE----- mBMEhdkMmS8BcX8F//8F5voEhQAQmBMEnAAAZwAAo4D/f/8EhQAAAIAEnP8EhQAQ iBMEnP8AAAAABf8jIID///8EhQYQmBMEnIUAEIgTBKT/AAAAAAUAACCA/f//BIUA EJgTBJx/AP8ABPPzBJx/AP8ABPPz =2yE0 -----END PGP ARMORED FILE----- Reported-by: Jodie Cunningham Signed-off-by: Werner Koch diff --git a/g10/build-packet.c b/g10/build-packet.c index e44350e..557dffe 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -171,7 +171,7 @@ gpg_mpi_write (iobuf_t out, gcry_mpi_t a) lenhdr[0] = nbits >> 8; lenhdr[1] = nbits; rc = iobuf_write (out, lenhdr, 2); - if (!rc) + if (!rc && p) rc = iobuf_write (out, p, (nbits+7)/8); } else @@ -209,7 +209,7 @@ gpg_mpi_write_nohdr (iobuf_t out, gcry_mpi_t a) const void *p; p = gcry_mpi_get_opaque (a, &nbits); - rc = iobuf_write (out, p, (nbits+7)/8); + rc = p ? iobuf_write (out, p, (nbits+7)/8) : 0; } else rc = gpg_error (GPG_ERR_BAD_MPI); @@ -393,7 +393,8 @@ do_key (iobuf_t out, int ctb, PKT_public_key *pk) assert (gcry_mpi_get_flag (pk->pkey[npkey], GCRYMPI_FLAG_OPAQUE)); p = gcry_mpi_get_opaque (pk->pkey[npkey], &ndatabits); - iobuf_write (a, p, (ndatabits+7)/8 ); + if (p) + iobuf_write (a, p, (ndatabits+7)/8 ); } else { diff --git a/g10/keyid.c b/g10/keyid.c index 9f7b70f..a0571b0 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -179,7 +179,10 @@ hash_public_key (gcry_md_hd_t md, PKT_public_key *pk) p = gcry_mpi_get_opaque (pk->pkey[i], &nbits); pp[i] = xmalloc ((nbits+7)/8); - memcpy (pp[i], p, (nbits+7)/8); + if (p) + memcpy (pp[i], p, (nbits+7)/8); + else + pp[i] = NULL; nn[i] = (nbits+7)/8; n += nn[i]; } @@ -214,14 +217,18 @@ hash_public_key (gcry_md_hd_t md, PKT_public_key *pk) if(npkey==0 && pk->pkey[0] && gcry_mpi_get_flag (pk->pkey[0], GCRYMPI_FLAG_OPAQUE)) { - gcry_md_write (md, pp[0], nn[0]); + if (pp[0]) + gcry_md_write (md, pp[0], nn[0]); } else - for(i=0; i < npkey; i++ ) - { - gcry_md_write ( md, pp[i], nn[i] ); - xfree(pp[i]); - } + { + for(i=0; i < npkey; i++ ) + { + if (pp[i]) + gcry_md_write ( md, pp[i], nn[i] ); + xfree(pp[i]); + } + } } ----------------------------------------------------------------------- Summary of changes: g10/build-packet.c | 7 ++++--- g10/keyid.c | 21 ++++++++++++++------- 2 files changed, 18 insertions(+), 10 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 19 17:24:12 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 19 Feb 2015 17:24:12 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.2-5-gd2a70fd Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via d2a70fd8348d6c11d1960caf2afe0701833dad6a (commit) from 76c8122adfed0f0f443cce7bda702ba2b39661b3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d2a70fd8348d6c11d1960caf2afe0701833dad6a Author: Werner Koch Date: Thu Feb 19 17:22:27 2015 +0100 gpg: Replace remaining uses of stdio by estream. * g10/sign.c (sign_file): Use log_printf instead of stderr. * g10/tdbdump.c (export_ownertrust): Use estream fucntions. (import_ownertrust): Ditto. * g10/tdbio.c (tdbio_dump_record): Ditto. Change arg to estream_t. -- Reported-by: Guilhem Moulin Needed for unattended key edits with --status-fd, because since 2.1 status prompts are preceded by es_fflush (in cpr.c:do_get_from_fd) not fflush(3), so the standard output may not be flushed before each prompt. (Which breaks scripts using select(2) to multiplex between the standard and status outputs.) His patch only affected print_and_check_one_sig_colon() but there are many more places where stdio and estream are mixed. This patch now replaces most of them in g10/. At some places stdio is still used, but that is local to a function and should not have side effects. Signed-off-by: Werner Koch diff --git a/g10/getkey.c b/g10/getkey.c index 30c454b..76ee493 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -116,7 +116,7 @@ print_stats () for (i = 0; i < DIM (lkup_stats); i++) { if (lkup_stats[i].any) - fprintf (stderr, + es_fprintf (es_stderr, "lookup stats: mode=%-2d ok=%-6d nokey=%-6d err=%-6d\n", i, lkup_stats[i].okay_count, diff --git a/g10/gpg.c b/g10/gpg.c index 9a6b104..b8d621d 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -1038,7 +1038,7 @@ build_list (const char *text, char letter, static void wrong_args( const char *text) { - fprintf (stderr, _("usage: %s [options] %s\n"), GPG_NAME, text); + es_fprintf (es_stderr, _("usage: %s [options] %s\n"), GPG_NAME, text); g10_exit(2); } @@ -4021,7 +4021,7 @@ main (int argc, char **argv) mpi_print (es_stdout, generate_elg_prime( 1, atoi(argv[1]), atoi(argv[2]), NULL,&factors ), 1); - putchar('\n'); + es_putc ('\n', es_stdout); mpi_print (es_stdout, factors[0], 1 ); /* print q */ } else if( mode == 4 && argc == 3 ) { @@ -4029,13 +4029,13 @@ main (int argc, char **argv) mpi_print (es_stdout, generate_elg_prime( 0, atoi(argv[1]), atoi(argv[2]), g, NULL ), 1); - putchar('\n'); + es_putc ('\n', es_stdout); mpi_print (es_stdout, g, 1 ); mpi_free (g); } else wrong_args("--gen-prime mode bits [qbits] "); - putchar('\n'); + es_putc ('\n', es_stdout); } #endif wrong_args("--gen-prime not yet supported "); @@ -4064,21 +4064,21 @@ main (int argc, char **argv) #endif if (opt.armor) { char *tmp = make_radix64_string (p, n); - fputs (tmp, stdout); + es_fputs (tmp, es_stdout); xfree (tmp); if (n%3 == 1) - putchar ('='); + es_putc ('=', es_stdout); if (n%3) - putchar ('='); + es_putc ('=', es_stdout); } else { - fwrite( p, n, 1, stdout ); + es_fwrite( p, n, 1, es_stdout ); } xfree(p); if( !endless ) count -= n; } if (opt.armor) - putchar ('\n'); + es_putc ('\n', es_stdout); } break; @@ -4298,7 +4298,7 @@ print_hex (gcry_md_hd_t md, int algo, const char *fname) if (indent>40) { - printf("\n"); + es_printf ("\n"); indent=0; } @@ -4396,24 +4396,22 @@ print_hashline( gcry_md_hd_t md, int algo, const char *fname ) static void print_mds( const char *fname, int algo ) { - FILE *fp; + estream_t fp; char buf[1024]; size_t n; gcry_md_hd_t md; if (!fname) { - fp = stdin; -#ifdef HAVE_DOSISH_SYSTEM - setmode ( fileno(fp) , O_BINARY ); -#endif + fp = es_stdin; + es_set_binary (fp); } else { - fp = fopen (fname, "rb" ); - if (fp && is_secured_file (fileno (fp))) + fp = es_fopen (fname, "rb" ); + if (fp && is_secured_file (es_fileno (fp))) { - fclose (fp); + es_fclose (fp); fp = NULL; gpg_err_set_errno (EPERM); } @@ -4444,10 +4442,10 @@ print_mds( const char *fname, int algo ) gcry_md_enable (md, GCRY_MD_SHA512); } - while ((n=fread (buf, 1, DIM(buf), fp))) + while ((n=es_fread (buf, 1, DIM(buf), fp))) gcry_md_write (md, buf, n); - if (ferror(fp)) + if (es_ferror(fp)) log_error ("%s: %s\n", fname?fname:"[stdin]", strerror(errno)); else { @@ -4497,8 +4495,8 @@ print_mds( const char *fname, int algo ) } gcry_md_close (md); - if (fp != stdin) - fclose (fp); + if (fp != es_stdin) + es_fclose (fp); } diff --git a/g10/keyedit.c b/g10/keyedit.c index f283e55..91f5dae 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -158,23 +158,23 @@ print_and_check_one_sig_colon (KBNODE keyblock, KBNODE node, if (sigrc != '?' || print_without_key) { - printf ("sig:%c::%d:%08lX%08lX:%lu:%lu:", - sigrc, sig->pubkey_algo, (ulong) sig->keyid[0], - (ulong) sig->keyid[1], (ulong) sig->timestamp, - (ulong) sig->expiredate); + es_printf ("sig:%c::%d:%08lX%08lX:%lu:%lu:", + sigrc, sig->pubkey_algo, (ulong) sig->keyid[0], + (ulong) sig->keyid[1], (ulong) sig->timestamp, + (ulong) sig->expiredate); if (sig->trust_depth || sig->trust_value) - printf ("%d %d", sig->trust_depth, sig->trust_value); + es_printf ("%d %d", sig->trust_depth, sig->trust_value); - printf (":"); + es_printf (":"); if (sig->trust_regexp) es_write_sanitized (es_stdout, sig->trust_regexp, strlen (sig->trust_regexp), ":", NULL); - printf ("::%02x%c\n", sig->sig_class, - sig->flags.exportable ? 'x' : 'l'); + es_printf ("::%02x%c\n", sig->sig_class, + sig->flags.exportable ? 'x' : 'l'); if (opt.show_subpackets) print_subpackets_colon (sig); @@ -4735,11 +4735,11 @@ ask_revoke_sig (KBNODE keyblock, KBNODE node) printf ("uat:::::::::%u %lu", uid->numattribs, uid->attrib_len); else { - printf ("uid:::::::::"); + es_printf ("uid:::::::::"); es_write_sanitized (es_stdout, uid->name, uid->len, ":", NULL); } - printf ("\n"); + es_printf ("\n"); print_and_check_one_sig_colon (keyblock, node, NULL, NULL, NULL, NULL, 1); diff --git a/g10/keyserver.c b/g10/keyserver.c index 035cd03..8bcb827 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -1488,12 +1488,12 @@ keyserver_search (ctrl_t ctrl, strlist_t tokens) /* Write global options */ /* for(temp=opt.keyserver_options.other;temp;temp=temp->next) */ - /* fprintf(spawn->tochild,"OPTION %s\n",temp->d); */ + /* es_fprintf(spawn->tochild,"OPTION %s\n",temp->d); */ /* Write per-keyserver options */ /* for(temp=keyserver->options;temp;temp=temp->next) */ - /* fprintf(spawn->tochild,"OPTION %s\n",temp->d); */ + /* es_fprintf(spawn->tochild,"OPTION %s\n",temp->d); */ { membuf_t mb; diff --git a/g10/mainproc.c b/g10/mainproc.c index 8ff84b7..e0dba13 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -930,15 +930,15 @@ print_userid (PACKET *pkt) if (pkt->pkttype != PKT_USER_ID) { - printf ("ERROR: unexpected packet type %d", pkt->pkttype ); + es_printf ("ERROR: unexpected packet type %d", pkt->pkttype ); return; } if (opt.with_colons) { if (pkt->pkt.user_id->attrib_data) - printf("%u %lu", - pkt->pkt.user_id->numattribs, - pkt->pkt.user_id->attrib_len); + es_printf("%u %lu", + pkt->pkt.user_id->numattribs, + pkt->pkt.user_id->attrib_len); else es_write_sanitized (es_stdout, pkt->pkt.user_id->name, pkt->pkt.user_id->len, ":", NULL); diff --git a/g10/misc.c b/g10/misc.c index 37582af..276ff0a 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -1394,8 +1394,8 @@ parse_options(char *str,unsigned int *options, for(i=0;opts[i].name;i++) if(opts[i].help) - printf("%s%*s%s\n",opts[i].name, - maxlen+2-(int)strlen(opts[i].name),"",_(opts[i].help)); + es_printf("%s%*s%s\n",opts[i].name, + maxlen+2-(int)strlen(opts[i].name),"",_(opts[i].help)); g10_exit(0); } diff --git a/g10/sig-check.c b/g10/sig-check.c index 27c51fd..f8ba98b 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -427,7 +427,7 @@ check_revocation_keys(PKT_public_key *pk,PKT_signature *sig) busy=1; - /* printf("looking at %08lX with a sig from %08lX\n",(ulong)pk->keyid[1], + /* es_printf("looking at %08lX with a sig from %08lX\n",(ulong)pk->keyid[1], (ulong)sig->keyid[1]); */ /* is the issuer of the sig one of our revokers? */ diff --git a/g10/sign.c b/g10/sign.c index d2f4abf..afc117e 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -1021,7 +1021,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr, } handle_progress (pfx, inp, sl->d); if( opt.verbose ) - fprintf(stderr, " '%s'", sl->d ); + log_printf (" '%s'", sl->d ); if(opt.textmode) { memset( &tfx, 0, sizeof tfx); @@ -1033,7 +1033,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr, iobuf_close(inp); inp = NULL; } if( opt.verbose ) - putc( '\n', stderr ); + log_printf ("\n"); } else { /* read, so that the filter can calculate the digest */ diff --git a/g10/tdbdump.c b/g10/tdbdump.c index c12e9b7..bf9f387 100644 --- a/g10/tdbdump.c +++ b/g10/tdbdump.c @@ -78,12 +78,12 @@ list_trustdb( const char *username ) ulong recnum; int i; - printf("TrustDB: %s\n", tdbio_get_dbname() ); + es_printf ("TrustDB: %s\n", tdbio_get_dbname() ); for(i=9+strlen(tdbio_get_dbname()); i > 0; i-- ) - putchar('-'); - putchar('\n'); + es_putc ('-', es_stdout); + es_putc ('\n', es_stdout); for(recnum=0; !tdbio_read_record( recnum, &rec, 0); recnum++ ) - tdbio_dump_record( &rec, stdout ); + tdbio_dump_record (&rec, es_stdout); } } @@ -97,23 +97,25 @@ list_trustdb( const char *username ) void export_ownertrust() { - TRUSTREC rec; - ulong recnum; - int i; - byte *p; + TRUSTREC rec; + ulong recnum; + int i; + byte *p; - init_trustdb(); - printf(_("# List of assigned trustvalues, created %s\n" - "# (Use \"gpg --import-ownertrust\" to restore them)\n"), - asctimestamp( make_timestamp() ) ); - for(recnum=0; !tdbio_read_record( recnum, &rec, 0); recnum++ ) { - if( rec.rectype == RECTYPE_TRUST ) { - if( !rec.r.trust.ownertrust ) - continue; - p = rec.r.trust.fingerprint; - for(i=0; i < 20; i++, p++ ) - printf("%02X", *p ); - printf(":%u:\n", (unsigned int)rec.r.trust.ownertrust ); + init_trustdb(); + es_printf (_("# List of assigned trustvalues, created %s\n" + "# (Use \"gpg --import-ownertrust\" to restore them)\n"), + asctimestamp( make_timestamp() ) ); + for (recnum=0; !tdbio_read_record (recnum, &rec, 0); recnum++ ) + { + if (rec.rectype == RECTYPE_TRUST) + { + if (!rec.r.trust.ownertrust) + continue; + p = rec.r.trust.fingerprint; + for (i=0; i < 20; i++, p++ ) + es_printf("%02X", *p ); + es_printf (":%u:\n", (unsigned int)rec.r.trust.ownertrust ); } } } @@ -122,7 +124,7 @@ export_ownertrust() void import_ownertrust( const char *fname ) { - FILE *fp; + estream_t fp; int is_stdin=0; char line[256]; char *p; @@ -134,24 +136,24 @@ import_ownertrust( const char *fname ) init_trustdb(); if( iobuf_is_pipe_filename (fname) ) { - fp = stdin; + fp = es_stdin; fname = "[stdin]"; is_stdin = 1; } - else if( !(fp = fopen( fname, "r" )) ) { + else if( !(fp = es_fopen( fname, "r" )) ) { log_error ( _("can't open '%s': %s\n"), fname, strerror(errno) ); return; } - if (is_secured_file (fileno (fp))) + if (is_secured_file (es_fileno (fp))) { - fclose (fp); + es_fclose (fp); gpg_err_set_errno (EPERM); log_error (_("can't open '%s': %s\n"), fname, strerror(errno) ); return; } - while( fgets( line, DIM(line)-1, fp ) ) { + while (es_fgets (line, DIM(line)-1, fp)) { TRUSTREC rec; if( !*line || *line == '#' ) @@ -216,10 +218,10 @@ import_ownertrust( const char *fname ) log_error (_("error finding trust record in '%s': %s\n"), fname, gpg_strerror (rc)); } - if( ferror(fp) ) + if (es_ferror (fp)) log_error ( _("read error in '%s': %s\n"), fname, strerror(errno) ); - if( !is_stdin ) - fclose(fp); + if (!is_stdin) + es_fclose (fp); if (any) { diff --git a/g10/tdbio.c b/g10/tdbio.c index 91ee3ab..69438b4 100644 --- a/g10/tdbio.c +++ b/g10/tdbio.c @@ -1141,59 +1141,62 @@ update_trusthashtbl( TRUSTREC *tr ) void -tdbio_dump_record( TRUSTREC *rec, FILE *fp ) +tdbio_dump_record (TRUSTREC *rec, estream_t fp) { int i; ulong rnum = rec->recnum; - fprintf(fp, "rec %5lu, ", rnum ); + es_fprintf ( fp, "rec %5lu, ", rnum ); switch( rec->rectype ) { - case 0: fprintf(fp, "blank\n"); + case 0: + es_fprintf (fp, "blank\n"); break; - case RECTYPE_VER: fprintf(fp, - "version, td=%lu, f=%lu, m/c/d=%d/%d/%d tm=%d mcl=%d nc=%lu (%s)\n", - rec->r.ver.trusthashtbl, - rec->r.ver.firstfree, - rec->r.ver.marginals, - rec->r.ver.completes, - rec->r.ver.cert_depth, - rec->r.ver.trust_model, - rec->r.ver.min_cert_level, - rec->r.ver.nextcheck, - strtimestamp(rec->r.ver.nextcheck) - ); + case RECTYPE_VER: + es_fprintf (fp, + "version, td=%lu, f=%lu, m/c/d=%d/%d/%d tm=%d mcl=%d nc=%lu (%s)\n", + rec->r.ver.trusthashtbl, + rec->r.ver.firstfree, + rec->r.ver.marginals, + rec->r.ver.completes, + rec->r.ver.cert_depth, + rec->r.ver.trust_model, + rec->r.ver.min_cert_level, + rec->r.ver.nextcheck, + strtimestamp(rec->r.ver.nextcheck) + ); break; - case RECTYPE_FREE: fprintf(fp, "free, next=%lu\n", rec->r.free.next ); + case RECTYPE_FREE: + es_fprintf (fp, "free, next=%lu\n", rec->r.free.next ); break; case RECTYPE_HTBL: - fprintf(fp, "htbl,"); + es_fprintf (fp, "htbl,"); for(i=0; i < ITEMS_PER_HTBL_RECORD; i++ ) - fprintf(fp, " %lu", rec->r.htbl.item[i] ); - putc('\n', fp); + es_fprintf (fp, " %lu", rec->r.htbl.item[i] ); + es_putc ('\n', fp); break; case RECTYPE_HLST: - fprintf(fp, "hlst, next=%lu,", rec->r.hlst.next ); + es_fprintf (fp, "hlst, next=%lu,", rec->r.hlst.next ); for(i=0; i < ITEMS_PER_HLST_RECORD; i++ ) - fprintf(fp, " %lu", rec->r.hlst.rnum[i] ); - putc('\n', fp); + es_fprintf (fp, " %lu", rec->r.hlst.rnum[i] ); + es_putc ('\n', fp); break; case RECTYPE_TRUST: - fprintf(fp, "trust "); + es_fprintf (fp, "trust "); for(i=0; i < 20; i++ ) - fprintf(fp, "%02X", rec->r.trust.fingerprint[i] ); - fprintf (fp, ", ot=%d, d=%d, vl=%lu\n", rec->r.trust.ownertrust, - rec->r.trust.depth, rec->r.trust.validlist); + es_fprintf (fp, "%02X", rec->r.trust.fingerprint[i] ); + es_fprintf (fp, ", ot=%d, d=%d, vl=%lu\n", rec->r.trust.ownertrust, + rec->r.trust.depth, rec->r.trust.validlist); break; case RECTYPE_VALID: - fprintf(fp, "valid "); + es_fprintf (fp, "valid "); for(i=0; i < 20; i++ ) - fprintf(fp, "%02X", rec->r.valid.namehash[i] ); - fprintf (fp, ", v=%d, next=%lu\n", rec->r.valid.validity, - rec->r.valid.next); + es_fprintf(fp, "%02X", rec->r.valid.namehash[i] ); + es_fprintf (fp, ", v=%d, next=%lu\n", rec->r.valid.validity, + rec->r.valid.next); break; default: - fprintf(fp, "unknown type %d\n", rec->rectype ); + es_fprintf (fp, "unknown type %d\n", rec->rectype ); break; } } diff --git a/g10/tdbio.h b/g10/tdbio.h index 4f37de4..d259518 100644 --- a/g10/tdbio.h +++ b/g10/tdbio.h @@ -95,7 +95,7 @@ typedef struct trust_record TRUSTREC; int tdbio_update_version_record(void); int tdbio_set_dbname( const char *new_dbname, int create, int *r_nofile); const char *tdbio_get_dbname(void); -void tdbio_dump_record( TRUSTREC *rec, FILE *fp ); +void tdbio_dump_record( TRUSTREC *rec, estream_t fp ); int tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected ); int tdbio_write_record( TRUSTREC *rec ); int tdbio_db_matches_options(void); diff --git a/g10/trustdb.c b/g10/trustdb.c index 08f6cf4..f0b5501 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1068,7 +1068,7 @@ get_validity_counts (PKT_public_key *pk, PKT_user_id *uid) { uid->help_marginal_count=vrec.r.valid.marginal_count; uid->help_full_count=vrec.r.valid.full_count; - /* printf("Fetched marginal %d, full %d\n",uid->help_marginal_count,uid->help_full_count); */ + /* es_printf("Fetched marginal %d, full %d\n",uid->help_marginal_count,uid->help_full_count); */ break; } @@ -1197,8 +1197,8 @@ dump_key_array (int depth, struct key_array *keys) u32 kid[2]; keyid_from_pk(node->pkt->pkt.public_key, kid); - printf ("%d:%08lX%08lX:K::%c::::\n", - depth, (ulong)kid[0], (ulong)kid[1], '?'); + es_printf ("%d:%08lX%08lX:K::%c::::\n", + depth, (ulong)kid[0], (ulong)kid[1], '?'); for (; node; node = node->next) { @@ -1208,15 +1208,15 @@ dump_key_array (int depth, struct key_array *keys) if (len > 30) len = 30; - printf ("%d:%08lX%08lX:U:::%c:::", - depth, (ulong)kid[0], (ulong)kid[1], - (node->flag & 4)? 'f': - (node->flag & 2)? 'm': - (node->flag & 1)? 'q':'-'); + es_printf ("%d:%08lX%08lX:U:::%c:::", + depth, (ulong)kid[0], (ulong)kid[1], + (node->flag & 4)? 'f': + (node->flag & 2)? 'm': + (node->flag & 1)? 'q':'-'); es_write_sanitized (es_stdout, node->pkt->pkt.user_id->name, len, ":", NULL); - putchar (':'); - putchar ('\n'); + es_putc (':', es_stdout); + es_putc ('\n', es_stdout); } } } ----------------------------------------------------------------------- Summary of changes: g10/getkey.c | 2 +- g10/gpg.c | 42 ++++++++++++++++++------------------- g10/keyedit.c | 20 +++++++++--------- g10/keyserver.c | 4 ++-- g10/mainproc.c | 8 +++---- g10/misc.c | 4 ++-- g10/sig-check.c | 2 +- g10/sign.c | 4 ++-- g10/tdbdump.c | 60 +++++++++++++++++++++++++++------------------------- g10/tdbio.c | 65 ++++++++++++++++++++++++++++++--------------------------- g10/tdbio.h | 2 +- g10/trustdb.c | 20 +++++++++--------- 12 files changed, 118 insertions(+), 115 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Feb 23 11:08:32 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 23 Feb 2015 11:08:32 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.18-43-ge0c13ad Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via e0c13ad5f290aec05706797b8f6c9e13d613eb66 (commit) via 6f032181ba78c5eeb14f9aab4307a75bbaf0b115 (commit) via a35ed8af41a91a52e1bbf992522a209f9c27dd55 (commit) via 2b2f2767851eccb12e591c7a3fa432e6bf9db8f2 (commit) via cf8d89b0ce69d4cfaa835fab913cc7c77565a75d (commit) via 57af33d9e7c9b20b413b96882e670e75a67a5e65 (commit) via 7106165fd3161b614445d459df3b333d557d9d02 (commit) via 81d3e541326e94d26a953aa70afc3cb149d11ebe (commit) via 68f260f77a9e4f5cacf0a58e4f55ddee125d3f00 (commit) via 2e8db53854506572e9d5b5908e143b5ca28f30f5 (commit) via 27d7addccf782d5cb0084cb17522d712d4a6d6b6 (commit) via 20e14e331de4a7e9746650f8b39c1a66d2565c9e (commit) via 8baf452bb308a59478c9148109f4c78941170ecc (commit) via ff53cf06e966dce0daba5f2c84e03ab9db2c3c8b (commit) from 397987c33233bd672b29e3c607577c8d93ed48ed (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e0c13ad5f290aec05706797b8f6c9e13d613eb66 Author: Werner Koch Date: Mon Feb 23 11:04:35 2015 +0100 Protect against NULL return of mpi_get_opaque. * g10/seckey-cert.c (do_check): Call BUG for NULL return of get_opaque. -- This is the suggested addition from commit 6f03218. We better run into an fatal error than into a segv. Signed-off-by: Werner Koch diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c index cad4e63..4edd74e 100644 --- a/g10/seckey-cert.c +++ b/g10/seckey-cert.c @@ -91,8 +91,12 @@ do_check( PKT_secret_key *sk, const char *tryagain_text, int mode, u16 csumc = 0; i = pubkey_get_npkey(sk->pubkey_algo); - assert( mpi_is_opaque( sk->skey[i] ) ); - p = mpi_get_opaque( sk->skey[i], &ndata ); + if (!mpi_is_opaque (sk->skey[i])) + p = NULL; + else + p = mpi_get_opaque (sk->skey[i], &ndata); + if (!p) + BUG (); if ( ndata > 1 ) csumc = p[ndata-2] << 8 | p[ndata-1]; data = xmalloc_secure( ndata ); @@ -169,9 +173,12 @@ do_check( PKT_secret_key *sk, const char *tryagain_text, int mode, byte *p; unsigned int ndata; - assert (mpi_is_opaque (sk->skey[i])); - p = mpi_get_opaque (sk->skey[i], &ndata); - assert (ndata >= 2); + if (!mpi_is_opaque (sk->skey[i])) + p = NULL; + else + p = mpi_get_opaque (sk->skey[i], &ndata); + if (!p || !(ndata >= 2)) + BUG (); assert (ndata == ((p[0] << 8 | p[1]) + 7)/8 + 2); buffer = xmalloc_secure (ndata); cipher_sync (cipher_hd); commit 6f032181ba78c5eeb14f9aab4307a75bbaf0b115 Author: Daniel Kahn Gillmor Date: Sat Feb 21 23:10:37 2015 -0500 gpg: Fix segv due to NULL value stored as opaque MPI * g10/build-packet.c (do_secret_key): Check for NULL return from gcry_mpi_get_opaque. * g10/keyid.c (hash_public_key): Ditto. -- This is a backport of 76c8122adfed0f0f443cce7bda702ba2b39661b3 from master to the STABLE-BRANCH-1-4 On the STABLE-BRANCH-1-4, we may also want to patch g10/seckey-cert.c, but that has not been done in this patch. This fix extends commmit 0835d2f44ef62eab51fce6a927908f544e01cf8f. gpg2 --export --no-default-keyring --keyring TESTDATA With TESTDATA being below after unpacking. -----BEGIN PGP ARMORED FILE----- mBMEhdkMmS8BcX8F//8F5voEhQAQmBMEnAAAZwAAo4D/f/8EhQAAAIAEnP8EhQAQ iBMEnP8AAAAABf8jIID///8EhQYQmBMEnIUAEIgTBKT/AAAAAAUAACCA/f//BIUA EJgTBJx/AP8ABPPzBJx/AP8ABPPz =2yE0 -----END PGP ARMORED FILE----- Reported-by: Jodie Cunningham [dkg: rebased to STABLE-BRANCH-1-4] Signed-off-by: Daniel Kahn Gillmor diff --git a/g10/build-packet.c b/g10/build-packet.c index 60eb3c8..028d064 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -356,7 +356,8 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk ) assert( mpi_is_opaque( sk->skey[npkey] ) ); p = mpi_get_opaque( sk->skey[npkey], &ndata ); - iobuf_write(a, p, ndata ); + if (p) + iobuf_write(a, p, ndata ); } else if( sk->is_protected ) { /* The secret key is protected te old v4 way. */ @@ -366,7 +367,8 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk ) assert (mpi_is_opaque (sk->skey[i])); p = mpi_get_opaque (sk->skey[i], &ndata); - iobuf_write (a, p, ndata); + if (p) + iobuf_write (a, p, ndata); } write_16(a, sk->csum ); } diff --git a/g10/keyid.c b/g10/keyid.c index ed30cff..a86ac94 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -112,13 +112,17 @@ hash_public_key( MD_HANDLE md, PKT_public_key *pk ) md_putc( md, pk->pubkey_algo ); if(npkey==0 && pk->pkey[0] && mpi_is_opaque(pk->pkey[0])) - md_write(md,pp[0],nn[0]); + { + if (pp[0]) + md_write(md,pp[0],nn[0]); + } else for(i=0; i < npkey; i++ ) { md_putc( md, nb[i]>>8); md_putc( md, nb[i] ); - md_write( md, pp[i], nn[i] ); + if (pp[i]) + md_write( md, pp[i], nn[i] ); xfree(pp[i]); } } commit a35ed8af41a91a52e1bbf992522a209f9c27dd55 Author: Werner Koch Date: Sat Feb 21 23:10:36 2015 -0500 gpg: Remove an unused variable. * g10/import.c (import): Remove need_armor. [dkg: rebased to STABLE-BRANCH-1-4] Signed-off-by: Daniel Kahn Gillmor diff --git a/g10/import.c b/g10/import.c index 7050039..4620c5f 100644 --- a/g10/import.c +++ b/g10/import.c @@ -268,7 +268,6 @@ import (IOBUF inp, const char* fname,struct stats_s *stats, PACKET *pending_pkt = NULL; KBNODE keyblock = NULL; int rc = 0; - int need_armor = (!opt.no_armor || r_gpgkeys_err); armor_filter_context_t *afx = NULL; getkey_disable_caches(); commit 2b2f2767851eccb12e591c7a3fa432e6bf9db8f2 Author: Daniel Kahn Gillmor Date: Sat Feb 21 23:10:35 2015 -0500 curl-shim: clean up varargs * keyserver/curl-shim.c (curl_easy_setopt) : ensure that va_end is called. -- stdarg(3) says: Each invocation of va_start() must be matched by a corresponding invocation of va_end() in the same function. Observed by Joshua Rogers Debian-Bug-Id: #773475 [dkg: rebased to STABLE-BRANCH-1-4] Signed-off-by: Daniel Kahn Gillmor diff --git a/keyserver/curl-shim.c b/keyserver/curl-shim.c index ce510cb..72c0f04 100644 --- a/keyserver/curl-shim.c +++ b/keyserver/curl-shim.c @@ -155,6 +155,8 @@ curl_easy_setopt(CURL *curl,CURLoption option,...) break; } + va_end(ap); + return handle_error(curl,CURLE_OK,NULL); } commit cf8d89b0ce69d4cfaa835fab913cc7c77565a75d Author: Werner Koch Date: Sat Feb 21 23:10:34 2015 -0500 gpg: Print better diagnostics for keyserver operations. * g10/armor.c (parse_key_failed_line): New. (check_input): Watch out for gpgkeys_ error lines. * g10/filter.h (armor_filter_context_t): Add field key_failed_code. * g10/import.c (import): Add arg r_gpgkeys_err. (import_keys_internal): Ditto. (import_keys_stream): Ditto. * g10/keyserver.c (keyserver_errstr): New. (keyserver_spawn): Detect "KEY " lines while sending. Get gpgkeys_err while receiving keys. (keyserver_work): Add kludge for better error messages. -- GnuPG-bug-id: 1832 Note that these changes can be backported to 1.4 but they don't make sense for 2.1 due to the removal of the keyserver helpers. The error reporting could be improved even more but given that this is an old GnuPG branch it is not justified to put too much effort into it. Signed-off-by: Werner Koch [dkg: rebased to STABLE-BRANCH-1-4] Signed-off-by: Daniel Kahn Gillmor diff --git a/g10/armor.c b/g10/armor.c index c50525c..4332d70 100644 --- a/g10/armor.c +++ b/g10/armor.c @@ -385,6 +385,32 @@ is_armor_header( byte *line, unsigned len ) } +/* Helper to parse a "KEY FAILED " line and return the + error code. LINEPTR points right behind "KEY ". */ +int +parse_key_failed_line (const void *lineptr, unsigned int len) +{ + const byte *line = lineptr; + int code = 0; + + for (; len && !spacep (line); len--, line++) + ; + for (; len && spacep (line); len--, line++) + ; + if (len > 7 && !memcmp (line, "FAILED ", 7)) + { + line += 7; + len -= 7; + for (; len && digitp (line); len--, line++) + { + code *= 10; + code += atoi_1 (line); + } + } + + return code; +} + /**************** * Parse a header lines @@ -505,6 +531,17 @@ check_input( armor_filter_context_t *afx, IOBUF a ) /* find the armor header */ while(len) { i = is_armor_header( line, len ); + if (i == -1 && afx->only_keyblocks + && !afx->key_failed_code + && len > 4 && !memcmp (line, "KEY ", 4)) + { + /* This is probably input from a keyserver helper and we + have not yet seen an error line. */ + afx->key_failed_code = parse_key_failed_line (line+4, len-4); + log_debug ("armor-keys-failed (%.*s) ->%d\n", + (int)len, line, + afx->key_failed_code); + } if( i >= 0 && !(afx->only_keyblocks && i != 1 && i != 5 && i != 6 )) { hdr_line = i; if( hdr_line == BEGIN_SIGNED_MSG_IDX ) { diff --git a/g10/filter.h b/g10/filter.h index 54a4152..f746695 100644 --- a/g10/filter.h +++ b/g10/filter.h @@ -40,6 +40,8 @@ typedef struct { /* these fileds must be initialized to zero */ int no_openpgp_data; /* output flag: "No valid OpenPGP data found" */ + int key_failed_code; /* Error code from the first gpgkkeys_* + "KEY FAILED " line. */ /* the following fields must be initialized to zero */ int inp_checked; /* set if the input has been checked */ diff --git a/g10/import.c b/g10/import.c index c9df368..7050039 100644 --- a/g10/import.c +++ b/g10/import.c @@ -60,7 +60,8 @@ struct stats_s { static int import( IOBUF inp, const char* fname,struct stats_s *stats, unsigned char **fpr,size_t *fpr_len,unsigned int options, - import_filter_t filter, void *filter_arg ); + import_filter_t filter, void *filter_arg, + int *r_gpgkeys_err); static int read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root ); static void revocation_present(KBNODE keyblock); static int import_one(const char *fname, KBNODE keyblock,struct stats_s *stats, @@ -177,7 +178,8 @@ static int import_keys_internal( IOBUF inp, char **fnames, int nnames, void *stats_handle, unsigned char **fpr, size_t *fpr_len, unsigned int options, - import_filter_t filter, void *filter_arg) + import_filter_t filter, void *filter_arg, + int *r_gpgkeys_err) { int i, rc = 0; struct stats_s *stats = stats_handle; @@ -187,7 +189,7 @@ import_keys_internal( IOBUF inp, char **fnames, int nnames, if (inp) { rc = import (inp, "[stream]", stats, fpr, fpr_len, options, - filter, filter_arg); + filter, filter_arg, r_gpgkeys_err); } else { int once = (!fnames && !nnames); @@ -208,7 +210,7 @@ import_keys_internal( IOBUF inp, char **fnames, int nnames, else { rc = import (inp2, fname, stats, fpr, fpr_len, options, - NULL, NULL); + NULL, NULL, r_gpgkeys_err); iobuf_close(inp2); /* Must invalidate that ugly cache to actually close it. */ iobuf_ioctl (NULL, 2, 0, (char*)fname); @@ -240,34 +242,42 @@ import_keys( char **fnames, int nnames, void *stats_handle, unsigned int options ) { import_keys_internal (NULL, fnames, nnames, stats_handle, NULL, NULL, - options, NULL, NULL); + options, NULL, NULL, NULL); } + +/* Import keys from an open stream. */ int import_keys_stream( IOBUF inp, void *stats_handle, unsigned char **fpr, size_t *fpr_len,unsigned int options, - import_filter_t filter, void *filter_arg ) + import_filter_t filter, void *filter_arg, + int *r_gpgkeys_err) { return import_keys_internal (inp, NULL, 0, stats_handle, fpr, fpr_len, - options, filter, filter_arg); + options, filter, filter_arg, r_gpgkeys_err); } + +/* Note: If R_GPGKEYS_ERR is not NULL an error code from the keyserver + helpers will be stored there. */ static int -import( IOBUF inp, const char* fname,struct stats_s *stats, - unsigned char **fpr,size_t *fpr_len,unsigned int options, - import_filter_t filter, void *filter_arg) +import (IOBUF inp, const char* fname,struct stats_s *stats, + unsigned char **fpr, size_t *fpr_len, unsigned int options, + import_filter_t filter, void *filter_arg, int *r_gpgkeys_err) { PACKET *pending_pkt = NULL; KBNODE keyblock = NULL; int rc = 0; + int need_armor = (!opt.no_armor || r_gpgkeys_err); + armor_filter_context_t *afx = NULL; getkey_disable_caches(); - if( !opt.no_armor ) { /* armored reading is not disabled */ - armor_filter_context_t *afx = new_armor_context (); + if (!opt.no_armor || r_gpgkeys_err) { + /* armored reading is not disabled or enforced. */ + afx = new_armor_context (); afx->only_keyblocks = 1; push_armor_filter (afx, inp); - release_armor_context (afx); } while( !(rc = read_block( inp, &pending_pkt, &keyblock) )) { @@ -297,6 +307,11 @@ import( IOBUF inp, const char* fname,struct stats_s *stats, else if( rc && rc != G10ERR_INV_KEYRING ) log_error( _("error reading `%s': %s\n"), fname, g10_errstr(rc)); + if (afx && r_gpgkeys_err) + *r_gpgkeys_err = afx->key_failed_code; + + release_armor_context (afx); + return rc; } diff --git a/g10/keyserver.c b/g10/keyserver.c index 810713c..d1ddc99 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -1040,6 +1040,30 @@ keyserver_retrieval_filter (kbnode_t keyblock, void *opaque) } +static const char * +keyserver_errstr (int code) +{ + const char *s; + + switch (code) + { + case KEYSERVER_OK: s = "success"; break; + case KEYSERVER_INTERNAL_ERROR:s = "keyserver helper internal error"; break; + case KEYSERVER_NOT_SUPPORTED: s = "keyserver not supported"; break; + case KEYSERVER_VERSION_ERROR: s = "keyserver helper version mismatch";break; + case KEYSERVER_GENERAL_ERROR: s = "keyserver helper general error"; break; + case KEYSERVER_NO_MEMORY: s = "keyserver helper is out of core"; break; + case KEYSERVER_KEY_NOT_FOUND: s = "key not found"; break; + case KEYSERVER_KEY_EXISTS: s = "key exists"; break; + case KEYSERVER_KEY_INCOMPLETE:s = "key incomplete (EOF)"; break; + case KEYSERVER_UNREACHABLE: s = "keyserver unreachable"; break; + case KEYSERVER_TIMEOUT: s = "keyserver timeout"; break; + default: s = "?"; break; + } + return s; +} + + static int keyserver_spawn(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc, int count,int *prog,unsigned char **fpr,size_t *fpr_len, @@ -1539,8 +1563,11 @@ keyserver_spawn(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc, plen--; ptr[plen]='\0'; - if(*ptr=='\0') - break; + /* Stop at the first empty line but not if we are sending keys. + In the latter case we won't continue reading later and thus + we need to watch out for errors right in this loop. */ + if(*ptr=='\0' && action != KS_SEND) + break; if(ascii_strncasecmp(ptr,"VERSION ",8)==0) { @@ -1561,6 +1588,14 @@ keyserver_spawn(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc, } else if(ascii_strncasecmp(ptr,"OPTION OUTOFBAND",16)==0) outofband=1; /* Currently the only OPTION */ + else if (action == KS_SEND + && ascii_strncasecmp(ptr,"KEY ",4)==0) + { + ret = parse_key_failed_line (ptr+4, strlen (ptr+4)); + break; /* We stop at the first KEY line so that we won't + run into an EOF which would return an unspecified + error message (due to iobuf_read_line). */ + } } if(!gotversion) @@ -1577,6 +1612,7 @@ keyserver_spawn(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc, { void *stats_handle; struct ks_retrieval_filter_arg_s filterarg; + int gpgkeys_err; stats_handle=import_new_stats_handle(); @@ -1591,14 +1627,21 @@ keyserver_spawn(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc, but we better protect against rogue keyservers. */ filterarg.desc = desc; filterarg.ndesc = count; + gpgkeys_err = 0; import_keys_stream (spawn->fromchild, stats_handle, fpr, fpr_len, (opt.keyserver_options.import_options | IMPORT_NO_SECKEY), - keyserver_retrieval_filter, &filterarg); + keyserver_retrieval_filter, &filterarg, + &gpgkeys_err); import_print_stats(stats_handle); import_release_stats_handle(stats_handle); - + if (gpgkeys_err) + { + log_error (_("keyserver communications error: %s\n"), + keyserver_errstr (gpgkeys_err)); + ret = gpgkeys_err; + } break; } @@ -1619,7 +1662,6 @@ keyserver_spawn(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc, xfree(line); xfree(searchstr); - *prog=exec_finish(spawn); return ret; @@ -1644,9 +1686,11 @@ keyserver_work(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc, return G10ERR_KEYSERVER; #else - /* Spawn a handler */ - + /* Spawn a handler. The use of RC and RET is a mess. We use a + kludge to return a suitable error message. */ rc=keyserver_spawn(action,list,desc,count,&ret,fpr,fpr_len,keyserver); + if (ret == KEYSERVER_INTERNAL_ERROR && rc) + ret = rc; if(ret) { switch(ret) @@ -1675,6 +1719,9 @@ keyserver_work(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc, log_error(_("keyserver timed out\n")); break; + case KEYSERVER_UNREACHABLE: + return G10ERR_UNKNOWN_HOST; + case KEYSERVER_INTERNAL_ERROR: default: log_error(_("keyserver internal error\n")); @@ -2127,7 +2174,7 @@ keyserver_import_cert(const char *name,unsigned char **fpr,size_t *fpr_len) rc=import_keys_stream (key, NULL, fpr, fpr_len, (opt.keyserver_options.import_options - | IMPORT_NO_SECKEY), NULL, NULL); + | IMPORT_NO_SECKEY), NULL, NULL, NULL); opt.no_armor=armor_status; diff --git a/g10/main.h b/g10/main.h index 05a4059..05b60bb 100644 --- a/g10/main.h +++ b/g10/main.h @@ -67,6 +67,7 @@ void print_digest_algo_note( int algo ); /*-- armor.c --*/ char *make_radix64_string( const byte *data, size_t len ); +int parse_key_failed_line (const void *lineptr, unsigned int len); /*-- misc.c --*/ void trap_unaligned(void); @@ -216,7 +217,8 @@ void import_keys( char **fnames, int nnames, void *stats_hd, unsigned int options ); int import_keys_stream (IOBUF inp,void *stats_hd,unsigned char **fpr, size_t *fpr_len,unsigned int options, - import_filter_t filter, void *filter_arg); + import_filter_t filter, void *filter_arg, + int *r_gpgkeys_err); void *import_new_stats_handle (void); void import_release_stats_handle (void *p); void import_print_stats (void *hd); commit 57af33d9e7c9b20b413b96882e670e75a67a5e65 Author: Werner Koch Date: Sat Feb 21 23:10:32 2015 -0500 Use inline functions to convert buffer data to scalars. * include/host2net.h (buf16_to_ulong, buf16_to_uint): New. (buf16_to_ushort, buf16_to_u16): New. (buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New. -- This fixes sign extension on shift problems. Hanno B?ck found a case with an invalid read due to this problem. To fix that almost all uses of "<< 24" and "<< 8" are changed by this patch to use an inline function from host2net.h. (back ported from commit 2183683bd633818dd031b090b5530951de76f392) Signed-off-by: Werner Koch [dkg: rebased to STABLE-BRANCH-1-4] Signed-off-by: Daniel Kahn Gillmor diff --git a/g10/apdu.c b/g10/apdu.c index 66cf30b..ffc7d36 100644 --- a/g10/apdu.c +++ b/g10/apdu.c @@ -60,6 +60,7 @@ #include "scdaemon.h" #include "exechelp.h" #endif /* GNUPG_MAJOR_VERSION != 1 */ +#include "../include/host2net.h" #include "apdu.h" #include "ccid-driver.h" @@ -916,15 +917,14 @@ pcsc_get_status_wrapped (int slot, unsigned int *status) i? strerror (errno) : "premature EOF"); goto command_failed; } - len = (msgbuf[1] << 24) | (msgbuf[2] << 16) | (msgbuf[3] << 8 ) | msgbuf[4]; + len = buf32_to_size_t (msgbuf+1); if (msgbuf[0] != 0x81 || len < 4) { log_error ("invalid response header from PC/SC received\n"); goto command_failed; } len -= 4; /* Already read the error code. */ - err = PCSC_ERR_MASK ((msgbuf[5] << 24) | (msgbuf[6] << 16) - | (msgbuf[7] << 8 ) | msgbuf[8]); + err = PCSC_ERR_MASK (buf32_to_ulong (msgbuf+5)); if (err) { log_error ("pcsc_status failed: %s (0x%lx)\n", @@ -1084,15 +1084,14 @@ pcsc_send_apdu_wrapped (int slot, unsigned char *apdu, size_t apdulen, i? strerror (errno) : "premature EOF"); goto command_failed; } - len = (msgbuf[1] << 24) | (msgbuf[2] << 16) | (msgbuf[3] << 8 ) | msgbuf[4]; + len = buf32_to_size_t (msgbuf+1); if (msgbuf[0] != 0x81 || len < 4) { log_error ("invalid response header from PC/SC received\n"); goto command_failed; } len -= 4; /* Already read the error code. */ - err = PCSC_ERR_MASK ((msgbuf[5] << 24) | (msgbuf[6] << 16) - | (msgbuf[7] << 8 ) | msgbuf[8]); + err = PCSC_ERR_MASK (buf32_to_ulong (msgbuf+5)); if (err) { log_error ("pcsc_transmit failed: %s (0x%lx)\n", @@ -1217,15 +1216,14 @@ close_pcsc_reader_wrapped (int slot) i? strerror (errno) : "premature EOF"); goto command_failed; } - len = (msgbuf[1] << 24) | (msgbuf[2] << 16) | (msgbuf[3] << 8 ) | msgbuf[4]; + len = buf32_to_size_t (msgbuf+1); if (msgbuf[0] != 0x81 || len < 4) { log_error ("invalid response header from PC/SC received\n"); goto command_failed; } len -= 4; /* Already read the error code. */ - err = PCSC_ERR_MASK ((msgbuf[5] << 24) | (msgbuf[6] << 16) - | (msgbuf[7] << 8 ) | msgbuf[8]); + err = PCSC_ERR_MASK (buf32_to_ulong (msgbuf+5)); if (err) log_error ("pcsc_close failed: %s (0x%lx)\n", pcsc_error_string (err), err); @@ -1405,7 +1403,7 @@ reset_pcsc_reader_wrapped (int slot) i? strerror (errno) : "premature EOF"); goto command_failed; } - len = (msgbuf[1] << 24) | (msgbuf[2] << 16) | (msgbuf[3] << 8 ) | msgbuf[4]; + len = buf32_to_size_t (msgbuf+1); if (msgbuf[0] != 0x81 || len < 4) { log_error ("invalid response header from PC/SC received\n"); @@ -1419,8 +1417,7 @@ reset_pcsc_reader_wrapped (int slot) sw = SW_HOST_GENERAL_ERROR; goto command_failed; } - err = PCSC_ERR_MASK ((msgbuf[5] << 24) | (msgbuf[6] << 16) - | (msgbuf[7] << 8 ) | msgbuf[8]); + err = PCSC_ERR_MASK (buf32_to_ulong (msgbuf+5)); if (err) { log_error ("PC/SC RESET failed: %s (0x%lx)\n", @@ -1719,7 +1716,7 @@ open_pcsc_reader_wrapped (const char *portstr) i? strerror (errno) : "premature EOF"); goto command_failed; } - len = (msgbuf[1] << 24) | (msgbuf[2] << 16) | (msgbuf[3] << 8 ) | msgbuf[4]; + len = buf32_to_size_t (msgbuf+1); if (msgbuf[0] != 0x81 || len < 4) { log_error ("invalid response header from PC/SC received\n"); @@ -1732,8 +1729,8 @@ open_pcsc_reader_wrapped (const char *portstr) (unsigned long)len); goto command_failed; } - err = PCSC_ERR_MASK ((msgbuf[5] << 24) | (msgbuf[6] << 16) - | (msgbuf[7] << 8 ) | msgbuf[8]); + err = PCSC_ERR_MASK (buf32_to_ulong (msgbuf+5)); + if (err) { log_error ("PC/SC OPEN failed: %s\n", pcsc_error_string (err)); diff --git a/g10/app-openpgp.c b/g10/app-openpgp.c index c3b4fae..192680c 100644 --- a/g10/app-openpgp.c +++ b/g10/app-openpgp.c @@ -68,6 +68,7 @@ #include "iso7816.h" #include "app-common.h" #include "tlv.h" +#include "../include/host2net.h" /* A table describing the DOs of the card. */ @@ -744,7 +745,7 @@ send_fprtime_if_not_null (ctrl_t ctrl, const char *keyword, char numbuf1[50], numbuf2[50]; unsigned long value; - value = (stamp[0] << 24) | (stamp[1]<<16) | (stamp[2]<<8) | stamp[3]; + value = buf32_to_ulong (stamp); if (!value) return; sprintf (numbuf1, "%d", number); diff --git a/g10/build-packet.c b/g10/build-packet.c index 499dd68..60eb3c8 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -34,6 +34,7 @@ #include "memory.h" #include "i18n.h" #include "options.h" +#include "../include/host2net.h" static int do_user_id( IOBUF out, int ctb, PKT_user_id *uid ); static int do_public_key( IOBUF out, int ctb, PKT_public_key *pk ); @@ -586,8 +587,7 @@ delete_sig_subpkt (subpktarea_t *area, sigsubpkttype_t reqtype ) if( n == 255 ) { if( buflen < 4 ) break; - n = (buffer[0] << 24) | (buffer[1] << 16) - | (buffer[2] << 8) | buffer[3]; + n = buf32_to_size_t (buffer); buffer += 4; buflen -= 4; } @@ -710,7 +710,7 @@ build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type, /* This should never happen since we don't currently allow creating such a subpacket, but just in case... */ case SIGSUBPKT_SIG_EXPIRE: - if(buffer_to_u32(buffer)+sig->timestamp<=make_timestamp()) + if (buf32_to_u32 (buffer) + sig->timestamp <= make_timestamp()) sig->flags.expired=1; else sig->flags.expired=0; diff --git a/g10/ccid-driver.c b/g10/ccid-driver.c index 8c362d7..515b15a 100644 --- a/g10/ccid-driver.c +++ b/g10/ccid-driver.c @@ -92,6 +92,7 @@ #include #include "ccid-driver.h" +#include "../include/host2net.h" #define DRVNAME "ccid-driver: " @@ -292,7 +293,7 @@ static int abort_cmd (ccid_driver_t handle, int seqno); static unsigned int convert_le_u32 (const unsigned char *buf) { - return buf[0] | (buf[1] << 8) | (buf[2] << 16) | (buf[3] << 24); + return buf[0] | (buf[1] << 8) | (buf[2] << 16) | ((unsigned int)buf[3] << 24); } diff --git a/g10/getkey.c b/g10/getkey.c index 3c953d6..9870710 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -34,6 +34,7 @@ #include "trustdb.h" #include "i18n.h" #include "keyserver-internal.h" +#include "../include/host2net.h" #define MAX_PK_CACHE_ENTRIES PK_UID_CACHE_SIZE #define MAX_UID_CACHE_ENTRIES PK_UID_CACHE_SIZE @@ -1427,14 +1428,14 @@ merge_keys_and_selfsig( KBNODE keyblock ) p = parse_sig_subpkt( sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL ); if( pk ) { - ed = p? pk->timestamp + buffer_to_u32(p):0; + ed = p? pk->timestamp + buf32_to_u32(p):0; if( sig->timestamp > sigdate ) { pk->expiredate = ed; sigdate = sig->timestamp; } } else { - ed = p? sk->timestamp + buffer_to_u32(p):0; + ed = p? sk->timestamp + buf32_to_u32(p):0; if( sig->timestamp > sigdate ) { sk->expiredate = ed; sigdate = sig->timestamp; @@ -1559,8 +1560,8 @@ fixup_uidnode ( KBNODE uidnode, KBNODE signode, u32 keycreated ) /* ditto for the key expiration */ p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL); - if( p && buffer_to_u32(p) ) - uid->help_key_expire = keycreated + buffer_to_u32(p); + if( p && buf32_to_u32 (p) ) + uid->help_key_expire = keycreated + buf32_to_u32(p); else uid->help_key_expire = 0; @@ -1774,9 +1775,9 @@ merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo) key_usage=parse_key_usage(sig); p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL); - if( p && buffer_to_u32(p) ) + if( p && buf32_to_u32 (p) ) { - key_expire = keytimestamp + buffer_to_u32(p); + key_expire = keytimestamp + buf32_to_u32 (p); key_expire_seen = 1; } @@ -2198,8 +2199,8 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode ) subpk->pubkey_usage = key_usage; p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL); - if ( p && buffer_to_u32(p) ) - key_expire = keytimestamp + buffer_to_u32(p); + if ( p && buf32_to_u32 (p) ) + key_expire = keytimestamp + buf32_to_u32 (p); else key_expire = 0; subpk->has_expired = key_expire >= curtime? 0 : key_expire; diff --git a/g10/keygen.c b/g10/keygen.c index 995ba63..76ee74e 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -40,6 +40,7 @@ #include "i18n.h" #include "cardglue.h" #include "keyserver-internal.h" +#include "host2net.h" #define MAX_PREFS 30 @@ -832,10 +833,7 @@ make_backsig (PKT_signature *sig, PKT_public_key *pk, } else if(buf[1]==255) { - pktlen =buf[2] << 24; - pktlen|=buf[3] << 16; - pktlen|=buf[4] << 8; - pktlen|=buf[5]; + pktlen = buf32_to_size_t (buf+2); buf+=6; } else @@ -852,14 +850,14 @@ make_backsig (PKT_signature *sig, PKT_public_key *pk, break; case 2: - pktlen =buf[mark++] << 24; - pktlen|=buf[mark++] << 16; + pktlen = (size_t)buf[mark++] << 24; + pktlen |= buf[mark++] << 16; case 1: - pktlen|=buf[mark++] << 8; + pktlen |= buf[mark++] << 8; case 0: - pktlen|=buf[mark++]; + pktlen |= buf[mark++]; } buf+=mark; diff --git a/g10/keyid.c b/g10/keyid.c index d7072d4..ed30cff 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -32,6 +32,7 @@ #include "mpi.h" #include "keydb.h" #include "i18n.h" +#include "host2net.h" #ifdef HAVE_UNSIGNED_TIME_T # define INVALID_TIME_CHECK(a) ((a) == (time_t)(-1)) @@ -241,15 +242,8 @@ keystr_from_desc(KEYDB_SEARCH_DESC *desc) { u32 keyid[2]; - keyid[0] = (unsigned char)desc->u.fpr[12] << 24 - | (unsigned char)desc->u.fpr[13] << 16 - | (unsigned char)desc->u.fpr[14] << 8 - | (unsigned char)desc->u.fpr[15] ; - keyid[1] = (unsigned char)desc->u.fpr[16] << 24 - | (unsigned char)desc->u.fpr[17] << 16 - | (unsigned char)desc->u.fpr[18] << 8 - | (unsigned char)desc->u.fpr[19] ; - + keyid[0] = buf32_to_u32 (desc->u.fpr+12); + keyid[1] = buf32_to_u32 (desc->u.fpr+16); return keystr(keyid); } @@ -300,8 +294,8 @@ keyid_from_sk( PKT_secret_key *sk, u32 *keyid ) if(md) { dp = md_read( md, 0 ); - keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ; - keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ; + keyid[0] = buf32_to_u32 (dp+12); + keyid[1] = buf32_to_u32 (dp+16); lowbits = keyid[1]; md_close(md); sk->keyid[0] = keyid[0]; @@ -354,8 +348,8 @@ keyid_from_pk( PKT_public_key *pk, u32 *keyid ) if(md) { dp = md_read( md, 0 ); - keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ; - keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ; + keyid[0] = buf32_to_u32 (dp+12); + keyid[1] = buf32_to_u32 (dp+16); lowbits = keyid[1]; md_close(md); pk->keyid[0] = keyid[0]; @@ -398,8 +392,8 @@ keyid_from_fingerprint( const byte *fprint, size_t fprint_len, u32 *keyid ) } else { const byte *dp = fprint; - keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ; - keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ; + keyid[0] = buf32_to_u32 (dp+12); + keyid[1] = buf32_to_u32 (dp+16); } return keyid[1]; @@ -687,8 +681,8 @@ fingerprint_from_pk( PKT_public_key *pk, byte *array, size_t *ret_len ) if( !array ) array = xmalloc( len ); memcpy(array, dp, len ); - pk->keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ; - pk->keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ; + pk->keyid[0] = buf32_to_u32 (dp+12); + pk->keyid[1] = buf32_to_u32 (dp+16); md_close(md); } diff --git a/g10/misc.c b/g10/misc.c index 60ecf96..2c5c6cc 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -295,17 +295,6 @@ checksum_mpi( MPI a ) return csum; } -u32 -buffer_to_u32( const byte *buffer ) -{ - unsigned long a; - a = *buffer << 24; - a |= buffer[1] << 16; - a |= buffer[2] << 8; - a |= buffer[3]; - return a; -} - void print_pubkey_algo_note( int algo ) { diff --git a/g10/parse-packet.c b/g10/parse-packet.c index e7e923b..862ec6e 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -35,6 +35,7 @@ #include "options.h" #include "main.h" #include "i18n.h" +#include "host2net.h" #ifndef MAX_EXTERN_MPI_BITS #define MAX_EXTERN_MPI_BITS 16384 @@ -94,7 +95,7 @@ static unsigned short read_16(IOBUF inp) { unsigned short a; - a = iobuf_get_noeof(inp) << 8; + a = (unsigned short)iobuf_get_noeof(inp) << 8; a |= iobuf_get_noeof(inp); return a; } @@ -103,7 +104,7 @@ static unsigned long read_32(IOBUF inp) { unsigned long a; - a = iobuf_get_noeof(inp) << 24; + a = (unsigned long)iobuf_get_noeof(inp) << 24; a |= iobuf_get_noeof(inp) << 16; a |= iobuf_get_noeof(inp) << 8; a |= iobuf_get_noeof(inp); @@ -383,7 +384,8 @@ parse( IOBUF inp, PACKET *pkt, int onlykeypkts, off_t *retpos, } else if( c == 255 ) { - pktlen = (hdr[hdrlen++] = iobuf_get_noeof(inp)) << 24; + pktlen = + (unsigned long)(hdr[hdrlen++] = iobuf_get_noeof(inp)) << 24; pktlen |= (hdr[hdrlen++] = iobuf_get_noeof(inp)) << 16; pktlen |= (hdr[hdrlen++] = iobuf_get_noeof(inp)) << 8; if( (c = iobuf_get(inp)) == -1 ) @@ -878,14 +880,15 @@ dump_sig_subpkt( int hashed, int type, int critical, switch( type ) { case SIGSUBPKT_SIG_CREATED: if( length >= 4 ) - fprintf (listfp, "sig created %s", strtimestamp( buffer_to_u32(buffer) ) ); + fprintf (listfp, "sig created %s", + strtimestamp (buf32_to_u32(buffer)) ); break; case SIGSUBPKT_SIG_EXPIRE: if( length >= 4 ) { - if(buffer_to_u32(buffer)) + if(buf32_to_u32(buffer)) fprintf (listfp, "sig expires after %s", - strtimevalue( buffer_to_u32(buffer) ) ); + strtimevalue( buf32_to_u32(buffer) ) ); else fprintf (listfp, "sig does not expire"); } @@ -918,9 +921,9 @@ dump_sig_subpkt( int hashed, int type, int critical, case SIGSUBPKT_KEY_EXPIRE: if( length >= 4 ) { - if(buffer_to_u32(buffer)) + if(buf32_to_u32(buffer)) fprintf (listfp, "key expires after %s", - strtimevalue( buffer_to_u32(buffer) ) ); + strtimevalue( buf32_to_u32(buffer) ) ); else fprintf (listfp, "key does not expire"); } @@ -943,8 +946,8 @@ dump_sig_subpkt( int hashed, int type, int critical, case SIGSUBPKT_ISSUER: if( length >= 8 ) fprintf (listfp, "issuer key ID %08lX%08lX", - (ulong)buffer_to_u32(buffer), - (ulong)buffer_to_u32(buffer+4) ); + buf32_to_ulong (buffer), + buf32_to_ulong (buffer+4)); break; case SIGSUBPKT_NOTATION: { @@ -1192,8 +1195,7 @@ enum_sig_subpkt( const subpktarea_t *pktbuf, sigsubpkttype_t reqtype, if( n == 255 ) { /* 4 byte length header */ if( buflen < 4 ) goto too_short; - n = (buffer[0] << 24) | (buffer[1] << 16) - | (buffer[2] << 8) | buffer[3]; + n = buf32_to_size_t (buffer); buffer += 4; buflen -= 4; } @@ -1415,7 +1417,7 @@ parse_signature( IOBUF inp, int pkttype, unsigned long pktlen, p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_CREATED, NULL ); if(p) - sig->timestamp = buffer_to_u32(p); + sig->timestamp = buf32_to_u32 (p); else if(!(sig->pubkey_algo>=100 && sig->pubkey_algo<=110) && opt.verbose) log_info ("signature packet without timestamp\n"); @@ -1423,16 +1425,16 @@ parse_signature( IOBUF inp, int pkttype, unsigned long pktlen, p = parse_sig_subpkt2( sig, SIGSUBPKT_ISSUER, NULL ); if(p) { - sig->keyid[0] = buffer_to_u32(p); - sig->keyid[1] = buffer_to_u32(p+4); + sig->keyid[0] = buf32_to_u32 (p); + sig->keyid[1] = buf32_to_u32 (p+4); } else if(!(sig->pubkey_algo>=100 && sig->pubkey_algo<=110) && opt.verbose) log_info ("signature packet without keyid\n"); p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_SIG_EXPIRE,NULL); - if(p && buffer_to_u32(p)) - sig->expiredate=sig->timestamp+buffer_to_u32(p); + if(p && buf32_to_u32 (p)) + sig->expiredate = sig->timestamp + buf32_to_u32 (p); if(sig->expiredate && sig->expiredate<=make_timestamp()) sig->flags.expired=1; @@ -2032,9 +2034,8 @@ parse_attribute_subpkts(PKT_user_id *uid) if( n == 255 ) { /* 4 byte length header */ if( buflen < 4 ) goto too_short; - n = (buffer[0] << 24) | (buffer[1] << 16) - | (buffer[2] << 8) | buffer[3]; - buffer += 4; + n = buf32_to_size_t (buffer); + buffer += 4; buflen -= 4; } else if( n >= 192 ) { /* 2 byte special encoded length header */ diff --git a/g10/tdbio.c b/g10/tdbio.c index f109dde..403b608 100644 --- a/g10/tdbio.c +++ b/g10/tdbio.c @@ -1219,13 +1219,13 @@ tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected ) rec->r.ver.trust_model = *p++; rec->r.ver.min_cert_level = *p++; p += 2; - rec->r.ver.created = buftoulong(p); p += 4; - rec->r.ver.nextcheck = buftoulong(p); p += 4; + rec->r.ver.created = buf32_to_ulong (p); p += 4; + rec->r.ver.nextcheck = buf32_to_ulong (p); p += 4; p += 4; p += 4; - rec->r.ver.firstfree =buftoulong(p); p += 4; + rec->r.ver.firstfree =buf32_to_ulong (p); p += 4; p += 4; - rec->r.ver.trusthashtbl =buftoulong(p); p += 4; + rec->r.ver.trusthashtbl =buf32_to_ulong (p); p += 4; if( recnum ) { log_error( _("%s: version record with recnum %lu\n"), db_name, (ulong)recnum ); @@ -1238,17 +1238,17 @@ tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected ) } break; case RECTYPE_FREE: - rec->r.free.next = buftoulong(p); p += 4; + rec->r.free.next = buf32_to_ulong (p); p += 4; break; case RECTYPE_HTBL: for(i=0; i < ITEMS_PER_HTBL_RECORD; i++ ) { - rec->r.htbl.item[i] = buftoulong(p); p += 4; + rec->r.htbl.item[i] = buf32_to_ulong (p); p += 4; } break; case RECTYPE_HLST: - rec->r.hlst.next = buftoulong(p); p += 4; + rec->r.hlst.next = buf32_to_ulong (p); p += 4; for(i=0; i < ITEMS_PER_HLST_RECORD; i++ ) { - rec->r.hlst.rnum[i] = buftoulong(p); p += 4; + rec->r.hlst.rnum[i] = buf32_to_ulong (p); p += 4; } break; case RECTYPE_TRUST: @@ -1257,12 +1257,12 @@ tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected ) rec->r.trust.depth = *p++; rec->r.trust.min_ownertrust = *p++; p++; - rec->r.trust.validlist = buftoulong(p); p += 4; + rec->r.trust.validlist = buf32_to_ulong (p); p += 4; break; case RECTYPE_VALID: memcpy( rec->r.valid.namehash, p, 20); p+=20; rec->r.valid.validity = *p++; - rec->r.valid.next = buftoulong(p); p += 4; + rec->r.valid.next = buf32_to_ulong (p); p += 4; rec->r.valid.full_count = *p++; rec->r.valid.marginal_count = *p++; break; @@ -1570,7 +1570,7 @@ migrate_from_v2 () ottable_size += 1000; ottable = xrealloc (ottable, ottable_size * sizeof *ottable); } - ottable[ottable_used].keyrecno = buftoulong (oldbuf+6); + ottable[ottable_used].keyrecno = buf32_to_ulong (oldbuf+6); ottable[ottable_used].ot = oldbuf[18]; ottable[ottable_used].okay = 0; memset (ottable[ottable_used].fpr,0, 20); diff --git a/g10/trustdb.c b/g10/trustdb.c index a541106..e4317e2 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1624,7 +1624,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode, u32 expire; p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL ); - expire = p? sig->timestamp + buffer_to_u32(p) : 0; + expire = p? sig->timestamp + buf32_to_u32 (p) : 0; if (expire==0 || expire > curtime ) { diff --git a/include/host2net.h b/include/host2net.h index fe0ec41..ecb00dc 100644 --- a/include/host2net.h +++ b/include/host2net.h @@ -1,5 +1,5 @@ -/* host2net.h - Some macros - * Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc. +/* host2net.h - Endian conversion macros + * Copyright (C) 1998, 2014, 2015 Werner Koch * * This file is part of GNUPG. * @@ -17,14 +17,11 @@ * along with this program; if not, see . */ -#ifndef G10_HOST2NET_H -#define G10_HOST2NET_H +#ifndef GNUPG_COMMON_HOST2NET_H +#define GNUPG_COMMON_HOST2NET_H #include "types.h" -#define buftoulong( p ) ((*(byte*)(p) << 24) | (*((byte*)(p)+1)<< 16) | \ - (*((byte*)(p)+2) << 8) | (*((byte*)(p)+3))) -#define buftoushort( p ) ((*((byte*)(p)) << 8) | (*((byte*)(p)+1))) #define ulongtobuf( p, a ) do { \ ((byte*)p)[0] = a >> 24; \ ((byte*)p)[1] = a >> 16; \ @@ -35,8 +32,71 @@ ((byte*)p)[0] = a >> 8; \ ((byte*)p)[1] = a ; \ } while(0) -#define buftou32( p) buftoulong( (p) ) -#define u32tobuf( p, a) ulongtobuf( (p), (a) ) -#endif /*G10_HOST2NET_H*/ +static inline unsigned long +buf16_to_ulong (const void *buffer) +{ + const unsigned char *p = buffer; + + return (((unsigned long)p[0] << 8) | p[1]); +} + +static inline unsigned int +buf16_to_uint (const void *buffer) +{ + const unsigned char *p = buffer; + + return (((unsigned int)p[0] << 8) | p[1]); +} + +static inline unsigned short +buf16_to_ushort (const void *buffer) +{ + const unsigned char *p = buffer; + + return (((unsigned short)p[0] << 8) | p[1]); +} + +static inline u16 +buf16_to_u16 (const void *buffer) +{ + const unsigned char *p = buffer; + + return (((u16)p[0] << 8) | p[1]); +} + +static inline size_t +buf32_to_size_t (const void *buffer) +{ + const unsigned char *p = buffer; + + return (((size_t)p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]); +} + +static inline unsigned long +buf32_to_ulong (const void *buffer) +{ + const unsigned char *p = buffer; + + return (((unsigned long)p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]); +} + +static inline unsigned int +buf32_to_uint (const void *buffer) +{ + const unsigned char *p = buffer; + + return (((unsigned int)p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]); +} + +static inline u32 +buf32_to_u32 (const void *buffer) +{ + const unsigned char *p = buffer; + + return (((u32)p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]); +} + + +#endif /*GNUPG_COMMON_HOST2NET_H*/ commit 7106165fd3161b614445d459df3b333d557d9d02 Author: Werner Koch Date: Sat Feb 21 23:10:31 2015 -0500 doc: Change remaining http links to gnupg.org to https -- GnuPG-bug-id: 1830 [dkg: rebased to STABLE-BRANCH-1-4] Signed-off-by: Daniel Kahn Gillmor diff --git a/doc/gpg.texi b/doc/gpg.texi index 7d08756..67dc3d0 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -321,7 +321,7 @@ useful for debugging. Present a menu to work with a smartcard. The subcommand "help" provides an overview on available commands. For a detailed description, please see the Card HOWTO at -http://www.gnupg.org/documentation/howtos.html#GnuPG-cardHOWTO . +https://gnupg.org/documentation/howtos.html#GnuPG-cardHOWTO . @item --card-status @opindex card-status diff --git a/g10/misc.c b/g10/misc.c index 68b4cea..60ecf96 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -462,7 +462,7 @@ md5_digest_warn (int show) log_info (_("WARNING: digest algorithm %s is deprecated\n"), digest_algo_to_string (DIGEST_ALGO_MD5)); log_info (_("please see %s for more information\n"), - "http://www.gnupg.org/faq/weak-digest-algos.html"); + "https://gnupg.org/faq/weak-digest-algos.html"); warned = 1; } } @@ -477,7 +477,7 @@ not_in_gpg1_notice (void) { log_info (_("NOTE: This feature is not available in %s\n"), "GnuPG 1.x"); log_info (_("please see %s for more information\n"), - "http://www.gnupg.org/faq/features-not-in-gnupg-1.html"); + "https://gnupg.org/faq/features-not-in-gnupg-1.html"); warned = 1; } } diff --git a/g10/sig-check.c b/g10/sig-check.c index d6bbb92..b7709c1 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -99,7 +99,7 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate, log_info(_("WARNING: signing subkey %s is not" " cross-certified\n"),keystr_from_pk(pk)); log_info(_("please see %s for more information\n"), - "http://www.gnupg.org/faq/subkey-cross-certify.html"); + "https://gnupg.org/faq/subkey-cross-certify.html"); /* --require-cross-certification makes this warning an error. TODO: change the default to require this after more keys have backsigs. */ commit 81d3e541326e94d26a953aa70afc3cb149d11ebe Author: Werner Koch Date: Sat Feb 21 23:10:30 2015 -0500 gpg: Prevent an invalid memory read using a garbled keyring. * g10/keyring.c (keyring_get_keyblock): Whitelist allowed packet types. -- The keyring DB code did not reject packets which don't belong into a keyring. If for example the keyblock contains a literal data packet it is expected that the processing code stops at the data packet and reads from the input stream which is referenced from the data packets. Obviously the keyring processing code does not and cannot do that. However, when exporting this messes up the IOBUF and leads to an invalid read of sizeof (int). We now skip all packets which are not allowed in a keyring. Reported-by: Hanno B?ck (back ported from commit f0f71a721ccd7ab9e40b8b6b028b59632c0cc648) [dkg: rebased to STABLE-BRANCH-1-4] Signed-off-by: Daniel Kahn Gillmor diff --git a/g10/keyring.c b/g10/keyring.c index 108e107..270bf8e 100644 --- a/g10/keyring.c +++ b/g10/keyring.c @@ -400,8 +400,26 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb) rc = G10ERR_INV_KEYRING; break; } - if (pkt->pkttype == PKT_COMPRESSED) { - log_error ("skipped compressed packet in keyring\n"); + + /* Filter allowed packets. */ + switch (pkt->pkttype){ + case PKT_PUBLIC_KEY: + case PKT_PUBLIC_SUBKEY: + case PKT_SECRET_KEY: + case PKT_SECRET_SUBKEY: + case PKT_USER_ID: + case PKT_ATTRIBUTE: + case PKT_SIGNATURE: + break; /* Allowed per RFC. */ + case PKT_RING_TRUST: + case PKT_OLD_COMMENT: + case PKT_COMMENT: + case PKT_GPG_CONTROL: + break; /* Allowed by us. */ + + default: + log_error ("skipped packet of type %d in keyring\n", + (int)pkt->pkttype); free_packet(pkt); init_packet(pkt); continue; @@ -467,7 +485,7 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb) if (rc || !ret_kb) release_kbnode (keyblock); else { - /*(duplicated form the loop body)*/ + /*(duplicated from the loop body)*/ if ( pkt && pkt->pkttype == PKT_RING_TRUST && lastnode && lastnode->pkt->pkttype == PKT_SIGNATURE commit 68f260f77a9e4f5cacf0a58e4f55ddee125d3f00 Author: Werner Koch Date: Sat Feb 21 23:10:29 2015 -0500 gpg: Fix a NULL-deref in export due to invalid packet lengths. * g10/build-packet.c (write_fake_data): Take care of a NULL stored as opaque MPI. -- Reported-by: Hanno B?ck (back ported from commit 0835d2f44ef62eab51fce6a927908f544e01cf8f) [dkg: rebased to STABLE-BRANCH-1-4] Signed-off-by: Daniel Kahn Gillmor diff --git a/g10/build-packet.c b/g10/build-packet.c index abe0181..499dd68 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -193,7 +193,8 @@ write_fake_data( IOBUF out, MPI a ) void *p; p = mpi_get_opaque( a, &i ); - iobuf_write( out, p, i ); + if (p) + iobuf_write( out, p, i ); } } commit 2e8db53854506572e9d5b5908e143b5ca28f30f5 Author: Werner Koch Date: Sat Feb 21 23:10:28 2015 -0500 gpg: Fix a NULL-deref due to empty ring trust packets. * g10/parse-packet.c (parse_trust): Always allocate a packet. -- Reported-by: Hanno B?ck Signed-off-by: Werner Koch (back ported from commit 39978487863066e59bb657f5fe4e8baab510da7e) [dkg: rebased to STABLE-BRANCH-1-4] Signed-off-by: Daniel Kahn Gillmor diff --git a/g10/parse-packet.c b/g10/parse-packet.c index c0b6ad6..e7e923b 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -2245,11 +2245,13 @@ parse_trust( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *pkt ) { int c; + (void)pkttype; + + pkt->pkt.ring_trust = xmalloc( sizeof *pkt->pkt.ring_trust ); if (pktlen) { c = iobuf_get_noeof(inp); pktlen--; - pkt->pkt.ring_trust = xmalloc( sizeof *pkt->pkt.ring_trust ); pkt->pkt.ring_trust->trustval = c; pkt->pkt.ring_trust->sigcache = 0; if (!c && pktlen==1) @@ -2267,8 +2269,10 @@ parse_trust( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *pkt ) } else { - if( list_mode ) - fprintf (listfp, ":trust packet: empty\n"); + pkt->pkt.ring_trust->trustval = 0; + pkt->pkt.ring_trust->sigcache = 0; + if (list_mode) + fprintf (listfp, ":trust packet: empty\n"); } iobuf_skip_rest (inp, pktlen, 0); } commit 27d7addccf782d5cb0084cb17522d712d4a6d6b6 Author: Werner Koch Date: Sat Feb 21 23:10:27 2015 -0500 gpg: Limit the size of key packets to a sensible value. * g10/parse-packet.c (MAX_KEY_PACKET_LENGTH): New. (MAX_UID_PACKET_LENGTH): New. (MAX_COMMENT_PACKET_LENGTH): New. (MAX_ATTR_PACKET_LENGTH): New. (parse_key): Limit the size of a key packet to 256k. (parse_user_id): Use macro for the packet size limit. (parse_attribute): Ditto. (parse_comment): Ditto. -- Without that it is possible to force gpg to allocate large amounts of memory by using a bad encoded MPI. This would be an too easy DoS. Another way to mitigate would be to change the MPI read function to allocate memory dynamically while reading the MPI. However, that complicates and possibly slows down the code. A too large key packet is in any case a sign for broken data and thus gpg should not use it. Reported-by: Hanno B?ck GnuPG-bug-id: 1823 Signed-off-by: Werner Koch (back ported from commit 382ba4b137b42d5f25a7e256bb7c053ee5ac7b64) [dkg: rebased to STABLE-BRANCH-1-4] Signed-off-by: Daniel Kahn Gillmor diff --git a/g10/parse-packet.c b/g10/parse-packet.c index e4e524c..c0b6ad6 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -40,6 +40,12 @@ #define MAX_EXTERN_MPI_BITS 16384 #endif +/* Maximum length of packets to avoid excessive memory allocation. */ +#define MAX_KEY_PACKET_LENGTH (256 * 1024) +#define MAX_UID_PACKET_LENGTH ( 2 * 1024) +#define MAX_COMMENT_PACKET_LENGTH ( 64 * 1024) +#define MAX_ATTR_PACKET_LENGTH ( 16 * 1024*1024) + static int mpi_print_mode; static int list_mode; @@ -1663,6 +1669,13 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen, rc = G10ERR_INVALID_PACKET; goto leave; } + else if (pktlen > MAX_KEY_PACKET_LENGTH) { + log_error ("packet(%d) too large\n", pkttype); + if (list_mode) + fputs (":key packet: [too large]\n", listfp); + rc = G10ERR_INVALID_PACKET; + goto leave; + } timestamp = read_32(inp); pktlen -= 4; if( is_v4 ) { @@ -2083,7 +2096,7 @@ parse_user_id( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet ) allocatable, and a very large pktlen could actually cause our allocation to wrap around in xmalloc to a small number. */ - if(pktlen>2048) + if (pktlen > MAX_UID_PACKET_LENGTH) { log_error("packet(%d) too large\n", pkttype); iobuf_skip_rest(inp, pktlen, 0); @@ -2152,6 +2165,19 @@ parse_attribute( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet ) { byte *p; + (void)pkttype; + + /* We better cap the size of an attribute packet to make DoS not + too easy. 16MB should be more then enough for one attribute + packet (ie. a photo). */ + if (pktlen > MAX_ATTR_PACKET_LENGTH) { + log_error ("packet(%d) too large\n", pkttype); + if (list_mode) + fprintf (listfp, ":attribute packet: [too large]\n"); + iobuf_skip_rest (inp, pktlen, 0); + return G10ERR_INVALID_PACKET; + } + #define EXTRA_UID_NAME_SPACE 71 packet->pkt.user_id = xmalloc_clear(sizeof *packet->pkt.user_id + EXTRA_UID_NAME_SPACE); @@ -2186,7 +2212,7 @@ parse_comment( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet ) overflow in the malloc below. Comment packets are actually not anymore define my OpenPGP and we even stopped to use our private comment packet. */ - if (pktlen>65536) + if (pktlen > MAX_COMMENT_PACKET_LENGTH) { log_error ("packet(%d) too large\n", pkttype); iobuf_skip_rest (inp, pktlen, 0); commit 20e14e331de4a7e9746650f8b39c1a66d2565c9e Author: Werner Koch Date: Sat Feb 21 23:10:26 2015 -0500 gpg: Allow predefined names as answer to the keygen.algo prompt. * g10/keygen.c (ask_algo): Add list of strings. -- Signed-off-by: Werner Koch (backported from commit b1d5ed6ac842469afcb84868d0f6641dc286a6c7) [dkg: rebased to STABLE-BRANCH-1-4] Signed-off-by: Daniel Kahn Gillmor diff --git a/doc/DETAILS b/doc/DETAILS index 7f12e21..de0f21c 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -1251,3 +1251,33 @@ This can be implemented using Hurd's translator mechanism. However, I think the whole key server stuff has to be re-thought; I have some ideas and probably create a white paper. + +Algorithm names for the "keygen.algo" prompt +============================================ + + When using a --command-fd controlled key generation or "addkey" + there is way to know the number to enter on the "keygen.algo" + prompt. The displayed numbers are for human reception and may + change with releases. To provide a stable way to enter a desired + algorithm choice the prompt also accepts predefined names for the + algorithms, which will not change. + + | Name | No | Description | + |---------+----+---------------------------------| + | rsa+rsa | 1 | RSA and RSA (default) | + | dsa+elg | 2 | DSA and Elgamal | + | dsa | 3 | DSA (sign only) | + | rsa/s | 4 | RSA (sign only) | + | elg | 5 | Elgamal (encrypt only) | + | rsa/e | 6 | RSA (encrypt only) | + | dsa/* | 7 | DSA (set your own capabilities) | + | rsa/* | 8 | RSA (set your own capabilities) | + + If one of the "foo/*" names are used a "keygen.flags" prompt needs + to be answered as well. Instead of toggling the predefined flags, + it is also possible to set them direct: Use a "=" character + directly followed by a comination of "a" (for authentication), "s" + (for signing), or "c" (for certification). + + +## diff --git a/g10/keygen.c b/g10/keygen.c index 5af0043..995ba63 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -1481,7 +1481,7 @@ ask_key_flags(int algo,int subkey) static int ask_algo (int addmode, int *r_subkey_algo, unsigned int *r_usage) { - char *answer; + char *answer = NULL; int algo; int dummy_algo; @@ -1512,53 +1512,53 @@ ask_algo (int addmode, int *r_subkey_algo, unsigned int *r_usage) { *r_usage = 0; *r_subkey_algo = 0; + xfree (answer); answer = cpr_get ("keygen.algo", _("Your selection? ")); cpr_kill_prompt (); - algo = *answer? atoi(answer): 1; - xfree (answer); - if ( algo == 1 && !addmode ) + algo = *answer? atoi (answer) : 1; + if ((algo == 1 || !strcmp (answer, "rsa+rsa")) && !addmode) { algo = PUBKEY_ALGO_RSA; *r_subkey_algo = PUBKEY_ALGO_RSA; break; } - else if (algo == 2 && !addmode) + else if ((algo == 2 || !strcmp (answer, "dsa+elg")) && !addmode) { algo = PUBKEY_ALGO_DSA; *r_subkey_algo = PUBKEY_ALGO_ELGAMAL_E; break; } - else if (algo == 3) + else if (algo == 3 || !strcmp (answer, "dsa")) { algo = PUBKEY_ALGO_DSA; *r_usage = PUBKEY_USAGE_SIG; break; } - else if (algo == 4) + else if (algo == 4 || !strcmp (answer, "rsa/s")) { algo = PUBKEY_ALGO_RSA; *r_usage = PUBKEY_USAGE_SIG; break; } - else if (algo == 5 && addmode) + else if ((algo == 5 || !strcmp (answer, "elg")) && addmode) { algo = PUBKEY_ALGO_ELGAMAL_E; *r_usage = PUBKEY_USAGE_ENC; break; } - else if (algo == 6 && addmode) + else if ((algo == 6 || !strcmp (answer, "rsa/e")) && addmode) { algo = PUBKEY_ALGO_RSA; *r_usage = PUBKEY_USAGE_ENC; break; } - else if (algo == 7 && opt.expert) + else if ((algo == 7 || !strcmp (answer, "dsa/*")) && opt.expert) { algo = PUBKEY_ALGO_DSA; *r_usage = ask_key_flags (algo, addmode); break; } - else if (algo == 8 && opt.expert) + else if ((algo == 8 || !strcmp (answer, "rsa/*")) && opt.expert) { algo = PUBKEY_ALGO_RSA; *r_usage = ask_key_flags (algo, addmode); @@ -1566,8 +1566,10 @@ ask_algo (int addmode, int *r_subkey_algo, unsigned int *r_usage) } else tty_printf (_("Invalid selection.\n")); + } + xfree(answer); return algo; } commit 8baf452bb308a59478c9148109f4c78941170ecc Author: Werner Koch Date: Sat Feb 21 23:10:25 2015 -0500 gpg: Print a warning if the subkey expiration may not be what you want. * g10/keyedit.c (subkey_expire_warning): New. keyedit_menu): Call it when needed. -- GnuPG-bug-id: 1715 The heuristic to detect a problem is not very advanced but it should catch the most common cases. (backported from commit ae3d1bbb65b65cf3c57bb14886be120f5e31635d) [dkg: rebased to STABLE-BRANCH-1-4] Signed-off-by: Daniel Kahn Gillmor diff --git a/g10/keyedit.c b/g10/keyedit.c index afc5ff4..95be10e 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -51,6 +51,7 @@ static void show_names(KBNODE keyblock,PKT_public_key *pk, static void show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker, int with_fpr, int with_subkeys, int with_prefs ); static void show_key_and_fingerprint( KBNODE keyblock ); +static void subkey_expire_warning (kbnode_t keyblock); static int menu_adduid( KBNODE keyblock, KBNODE sec_keyblock, int photo, const char *photo_name ); static void menu_deluid( KBNODE pub_keyblock, KBNODE sec_keyblock ); @@ -1506,6 +1507,7 @@ keyedit_menu( const char *username, STRLIST locusr, int redisplay = 1; int modified = 0; int sec_modified = 0; + int run_subkey_warnings = 0; int toggle; int have_commands = !!commands; @@ -1604,6 +1606,14 @@ keyedit_menu( const char *username, STRLIST locusr, tty_printf("\n"); redisplay = 0; } + + if (run_subkey_warnings) + { + run_subkey_warnings = 0; + if (!count_selected_keys (keyblock)) + subkey_expire_warning (keyblock); + } + do { xfree(answer); if( have_commands ) { @@ -2053,6 +2063,7 @@ keyedit_menu( const char *username, STRLIST locusr, { merge_keys_and_selfsig( sec_keyblock ); merge_keys_and_selfsig( keyblock ); + run_subkey_warnings = 1; sec_modified = 1; modified = 1; redisplay = 1; @@ -2952,6 +2963,53 @@ no_primary_warning(KBNODE keyblock) " the assumed primary.\n")); } + +/* Print a warning if the latest encryption subkey expires soon. This + function is called after the expire data of the primary key has + been changed. */ +static void +subkey_expire_warning (kbnode_t keyblock) +{ + u32 curtime = make_timestamp (); + kbnode_t node; + PKT_public_key *pk; + /* u32 mainexpire = 0; */ + u32 subexpire = 0; + u32 latest_date = 0; + + for (node = keyblock; node; node = node->next) + { + if (node->pkt->pkttype != PKT_PUBLIC_SUBKEY) + continue; + pk = node->pkt->pkt.public_key; + + if (!pk->is_valid) + continue; + if (pk->is_revoked) + continue; + if (pk->timestamp > curtime) + continue; /* Ignore future keys. */ + if (!(pk->pubkey_usage & PUBKEY_USAGE_ENC)) + continue; /* Not an encryption key. */ + + if (pk->timestamp > latest_date || (!pk->timestamp && !latest_date)) + { + latest_date = pk->timestamp; + subexpire = pk->expiredate; + } + } + + if (!subexpire) + return; /* No valid subkey with an expiration time. */ + + if (curtime + (10*86400) > subexpire) + { + log_info (_("WARNING: Your encryption subkey expires soon.\n")); + log_info (_("You may want to change its expiration date too.\n")); + } +} + + /**************** * Ask for a new user id, do the selfsignature and put it into * both keyblocks. commit ff53cf06e966dce0daba5f2c84e03ab9db2c3c8b Author: Werner Koch Date: Mon Aug 11 16:15:40 2014 +0200 Use ciphertext blinding for Elgamal decryption. * cipher/elgamal.c (USE_BLINDING): New. (decrypt): Rewrite to use ciphertext blinding. -- CVE-id: CVE-2014-3591 As a countermeasure to a new side-channel attacks on sliding windows exponentiation we blind the ciphertext for Elgamal decryption. This is similar to what we are doing with RSA. Unfortunately, the performance impact of Elgamal blinding is quite noticeable: For a 3072 bit Elgamal key the decryption used to take 13ms; with the blinding it takes 24ms. This has been measured using time(1), calling gpg with a 100 byte message, and having gpg modified to run the pubkey_decrypt function 100 times and finally scale the result (using an i5-2410M CPU @ 2.30GHz TP 220). diff --git a/cipher/elgamal.c b/cipher/elgamal.c index 5143ecc..2ec5217 100644 --- a/cipher/elgamal.c +++ b/cipher/elgamal.c @@ -31,6 +31,11 @@ #include "cipher.h" #include "elgamal.h" +/* Blinding is used to mitigate side-channel attacks. You may undef + this to speed up the operation in case the system is secured + against physical and network mounted side-channel attacks. */ +#define USE_BLINDING 1 + typedef struct { MPI p; /* prime */ MPI g; /* group generator */ @@ -372,25 +377,55 @@ do_encrypt(MPI a, MPI b, MPI input, ELG_public_key *pkey ) static void decrypt(MPI output, MPI a, MPI b, ELG_secret_key *skey ) { - MPI t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) ); + MPI t1, t2, r; + unsigned int nbits = mpi_get_nbits (skey->p); + + mpi_normalize (a); + mpi_normalize (b); + + t1 = mpi_alloc_secure (mpi_nlimb_hint_from_nbits (nbits)); +#ifdef USE_BLINDING + + t2 = mpi_alloc_secure (mpi_nlimb_hint_from_nbits (nbits)); + r = mpi_alloc (mpi_nlimb_hint_from_nbits (nbits)); + + /* We need a random number of about the prime size. The random + number merely needs to be unpredictable; thus we use level 0. */ + randomize_mpi (r, nbits, 0); + + /* t1 = r^x mod p */ + mpi_powm (t1, r, skey->x, skey->p); + /* t2 = (a * r)^-x mod p */ + mpi_mulm (t2, a, r, skey->p); + mpi_powm (t2, t2, skey->x, skey->p); + mpi_invm (t2, t2, skey->p); + /* t1 = (t1 * t2) mod p*/ + mpi_mulm (t1, t1, t2, skey->p); - mpi_normalize (a); - mpi_normalize (b); + mpi_free (r); + mpi_free (t2); + +#else /*!USE_BLINDING*/ + + /* output = b/(a^x) mod p */ + mpi_powm (t1, a, skey->x, skey->p); + mpi_invm (t1, t1, skey->p); + +#endif /*!USE_BLINDING*/ + + mpi_mulm (output, b, t1, skey->p); - /* output = b/(a^x) mod p */ - mpi_powm( t1, a, skey->x, skey->p ); - mpi_invm( t1, t1, skey->p ); - mpi_mulm( output, b, t1, skey->p ); #if 0 - if( DBG_CIPHER ) { - log_mpidump("elg decrypted x= ", skey->x); - log_mpidump("elg decrypted p= ", skey->p); - log_mpidump("elg decrypted a= ", a); - log_mpidump("elg decrypted b= ", b); - log_mpidump("elg decrypted M= ", output); + if (DBG_CIPHER) + { + log_mpidump("elg decrypted x= ", skey->x); + log_mpidump("elg decrypted p= ", skey->p); + log_mpidump("elg decrypted a= ", a); + log_mpidump("elg decrypted b= ", b); + log_mpidump("elg decrypted M= ", output); } #endif - mpi_free(t1); + mpi_free (t1); } ----------------------------------------------------------------------- Summary of changes: cipher/elgamal.c | 63 ++++++++++++++++++++++++++++++--------- doc/DETAILS | 30 +++++++++++++++++++ doc/gpg.texi | 2 +- g10/apdu.c | 27 ++++++++--------- g10/app-openpgp.c | 3 +- g10/armor.c | 37 +++++++++++++++++++++++ g10/build-packet.c | 15 ++++++---- g10/ccid-driver.c | 3 +- g10/filter.h | 2 ++ g10/getkey.c | 17 ++++++----- g10/import.c | 40 ++++++++++++++++--------- g10/keyedit.c | 58 ++++++++++++++++++++++++++++++++++++ g10/keygen.c | 38 ++++++++++++------------ g10/keyid.c | 36 +++++++++++------------ g10/keyring.c | 24 +++++++++++++-- g10/keyserver.c | 63 ++++++++++++++++++++++++++++++++++----- g10/main.h | 4 ++- g10/misc.c | 15 ++-------- g10/parse-packet.c | 81 +++++++++++++++++++++++++++++++++++---------------- g10/seckey-cert.c | 17 +++++++---- g10/sig-check.c | 2 +- g10/tdbio.c | 22 +++++++------- g10/trustdb.c | 2 +- include/host2net.h | 80 +++++++++++++++++++++++++++++++++++++++++++------- keyserver/curl-shim.c | 2 ++ 25 files changed, 508 insertions(+), 175 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Feb 23 11:42:07 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 23 Feb 2015 11:42:07 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-168-g410d70b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 410d70bad9a650e3837055e36f157894ae49a57d (commit) from 653a9fa1a3a4c35a4dc1841cb57d7e2a318f3288 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 410d70bad9a650e3837055e36f157894ae49a57d Author: Werner Koch Date: Mon Feb 23 11:39:58 2015 +0100 cipher: Use ciphertext blinding for Elgamal decryption. * cipher/elgamal.c (USE_BLINDING): New. (decrypt): Rewrite to use ciphertext blinding. -- CVE-id: CVE-2014-3591 As a countermeasure to a new side-channel attacks on sliding windows exponentiation we blind the ciphertext for Elgamal decryption. This is similar to what we are doing with RSA. This patch is a backport of the GnuPG 1.4 commit ff53cf06e966dce0daba5f2c84e03ab9db2c3c8b. Unfortunately, the performance impact of Elgamal blinding is quite noticeable (i5-2410M CPU @ 2.30GHz TP 220): Algorithm generate 100*priv 100*public ------------------------------------------------ ELG 1024 bit - 100ms 90ms ELG 2048 bit - 330ms 350ms ELG 3072 bit - 660ms 790ms Algorithm generate 100*priv 100*public ------------------------------------------------ ELG 1024 bit - 150ms 90ms ELG 2048 bit - 520ms 360ms ELG 3072 bit - 1100ms 800ms Signed-off-by: Werner Koch diff --git a/cipher/elgamal.c b/cipher/elgamal.c index cb3ca43..4eb52d6 100644 --- a/cipher/elgamal.c +++ b/cipher/elgamal.c @@ -33,6 +33,12 @@ #include "pubkey-internal.h" +/* Blinding is used to mitigate side-channel attacks. You may undef + this to speed up the operation in case the system is secured + against physical and network mounted side-channel attacks. */ +#define USE_BLINDING 1 + + typedef struct { gcry_mpi_t p; /* prime */ @@ -516,15 +522,45 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey ) static void decrypt (gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey ) { - gcry_mpi_t t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) ); + gcry_mpi_t t1, t2, r; + unsigned int nbits = mpi_get_nbits (skey->p); mpi_normalize (a); mpi_normalize (b); + t1 = mpi_snew (nbits); + +#ifdef USE_BLINDING + + t2 = mpi_snew (nbits); + r = mpi_new (nbits); + + /* We need a random number of about the prime size. The random + number merely needs to be unpredictable; thus we use level 0. */ + _gcry_mpi_randomize (r, nbits, GCRY_WEAK_RANDOM); + + /* t1 = r^x mod p */ + mpi_powm (t1, r, skey->x, skey->p); + /* t2 = (a * r)^-x mod p */ + mpi_mulm (t2, a, r, skey->p); + mpi_powm (t2, t2, skey->x, skey->p); + mpi_invm (t2, t2, skey->p); + /* t1 = (t1 * t2) mod p*/ + mpi_mulm (t1, t1, t2, skey->p); + + mpi_free (r); + mpi_free (t2); + +#else /*!USE_BLINDING*/ + /* output = b/(a^x) mod p */ - mpi_powm( t1, a, skey->x, skey->p ); - mpi_invm( t1, t1, skey->p ); - mpi_mulm( output, b, t1, skey->p ); + mpi_powm (t1, a, skey->x, skey->p); + mpi_invm (t1, t1, skey->p); + +#endif /*!USE_BLINDING*/ + + mpi_mulm (output, b, t1, skey->p); + #if 0 if( DBG_CIPHER ) { @@ -535,7 +571,7 @@ decrypt (gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey ) log_mpidump ("elg decrypted M", output); } #endif - mpi_free(t1); + mpi_free (t1); } ----------------------------------------------------------------------- Summary of changes: cipher/elgamal.c | 46 +++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 41 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Feb 23 11:47:46 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 23 Feb 2015 11:47:46 +0100 Subject: [git] GCRYPT - branch, LIBGCRYPT-1-6-BRANCH, updated. libgcrypt-1.6.2-5-gd482948 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, LIBGCRYPT-1-6-BRANCH has been updated via d482948ac41768c36c5352a513fca8c50d2da4db (commit) from 0c2d1443124dc6e65bd7f980f79aa2a6e33a82da (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d482948ac41768c36c5352a513fca8c50d2da4db Author: Werner Koch Date: Mon Feb 23 11:39:58 2015 +0100 cipher: Use ciphertext blinding for Elgamal decryption. * cipher/elgamal.c (USE_BLINDING): New. (decrypt): Rewrite to use ciphertext blinding. -- CVE-id: CVE-2014-3591 As a countermeasure to a new side-channel attacks on sliding windows exponentiation we blind the ciphertext for Elgamal decryption. This is similar to what we are doing with RSA. This patch is a backport of the GnuPG 1.4 commit ff53cf06e966dce0daba5f2c84e03ab9db2c3c8b. Unfortunately, the performance impact of Elgamal blinding is quite noticeable (i5-2410M CPU @ 2.30GHz TP 220): Algorithm generate 100*priv 100*public ------------------------------------------------ ELG 1024 bit - 100ms 90ms ELG 2048 bit - 330ms 350ms ELG 3072 bit - 660ms 790ms Algorithm generate 100*priv 100*public ------------------------------------------------ ELG 1024 bit - 150ms 90ms ELG 2048 bit - 520ms 360ms ELG 3072 bit - 1100ms 800ms Signed-off-by: Werner Koch (cherry picked from commit 410d70bad9a650e3837055e36f157894ae49a57d) diff --git a/cipher/elgamal.c b/cipher/elgamal.c index cb3ca43..4eb52d6 100644 --- a/cipher/elgamal.c +++ b/cipher/elgamal.c @@ -33,6 +33,12 @@ #include "pubkey-internal.h" +/* Blinding is used to mitigate side-channel attacks. You may undef + this to speed up the operation in case the system is secured + against physical and network mounted side-channel attacks. */ +#define USE_BLINDING 1 + + typedef struct { gcry_mpi_t p; /* prime */ @@ -516,15 +522,45 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey ) static void decrypt (gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey ) { - gcry_mpi_t t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) ); + gcry_mpi_t t1, t2, r; + unsigned int nbits = mpi_get_nbits (skey->p); mpi_normalize (a); mpi_normalize (b); + t1 = mpi_snew (nbits); + +#ifdef USE_BLINDING + + t2 = mpi_snew (nbits); + r = mpi_new (nbits); + + /* We need a random number of about the prime size. The random + number merely needs to be unpredictable; thus we use level 0. */ + _gcry_mpi_randomize (r, nbits, GCRY_WEAK_RANDOM); + + /* t1 = r^x mod p */ + mpi_powm (t1, r, skey->x, skey->p); + /* t2 = (a * r)^-x mod p */ + mpi_mulm (t2, a, r, skey->p); + mpi_powm (t2, t2, skey->x, skey->p); + mpi_invm (t2, t2, skey->p); + /* t1 = (t1 * t2) mod p*/ + mpi_mulm (t1, t1, t2, skey->p); + + mpi_free (r); + mpi_free (t2); + +#else /*!USE_BLINDING*/ + /* output = b/(a^x) mod p */ - mpi_powm( t1, a, skey->x, skey->p ); - mpi_invm( t1, t1, skey->p ); - mpi_mulm( output, b, t1, skey->p ); + mpi_powm (t1, a, skey->x, skey->p); + mpi_invm (t1, t1, skey->p); + +#endif /*!USE_BLINDING*/ + + mpi_mulm (output, b, t1, skey->p); + #if 0 if( DBG_CIPHER ) { @@ -535,7 +571,7 @@ decrypt (gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey ) log_mpidump ("elg decrypted M", output); } #endif - mpi_free(t1); + mpi_free (t1); } ----------------------------------------------------------------------- Summary of changes: cipher/elgamal.c | 46 +++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 41 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Feb 23 11:55:47 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 23 Feb 2015 11:55:47 +0100 Subject: [git] GCRYPT - branch, LIBGCRYPT-1-5-BRANCH, updated. libgcrypt-1.5.4-3-g35cd81f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, LIBGCRYPT-1-5-BRANCH has been updated via 35cd81f134c0da4e7e6fcfe40d270ee1251f52c2 (commit) from 5958574a8285e9d759d7d95418cacd3d352f77a2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 35cd81f134c0da4e7e6fcfe40d270ee1251f52c2 Author: Werner Koch Date: Mon Feb 23 11:39:58 2015 +0100 cipher: Use ciphertext blinding for Elgamal decryption. * cipher/elgamal.c (USE_BLINDING): New. (decrypt): Rewrite to use ciphertext blinding. -- CVE-id: CVE-2014-3591 As a countermeasure to a new side-channel attacks on sliding windows exponentiation we blind the ciphertext for Elgamal decryption. This is similar to what we are doing with RSA. This patch is a backport of the GnuPG 1.4 commit ff53cf06e966dce0daba5f2c84e03ab9db2c3c8b. Unfortunately, the performance impact of Elgamal blinding is quite noticeable (i5-2410M CPU @ 2.30GHz TP 220): Algorithm generate 100*priv 100*public ------------------------------------------------ ELG 1024 bit - 100ms 90ms ELG 2048 bit - 330ms 350ms ELG 3072 bit - 660ms 790ms Algorithm generate 100*priv 100*public ------------------------------------------------ ELG 1024 bit - 150ms 90ms ELG 2048 bit - 520ms 360ms ELG 3072 bit - 1100ms 800ms Signed-off-by: Werner Koch (cherry picked from commit 410d70bad9a650e3837055e36f157894ae49a57d) Resolved conflicts: cipher/elgamal.c. diff --git a/cipher/elgamal.c b/cipher/elgamal.c index ce4be85..b2c55b3 100644 --- a/cipher/elgamal.c +++ b/cipher/elgamal.c @@ -30,6 +30,12 @@ #include "mpi.h" #include "cipher.h" +/* Blinding is used to mitigate side-channel attacks. You may undef + this to speed up the operation in case the system is secured + against physical and network mounted side-channel attacks. */ +#define USE_BLINDING 1 + + typedef struct { gcry_mpi_t p; /* prime */ @@ -486,12 +492,45 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey ) static void decrypt(gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey ) { - gcry_mpi_t t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) ); + gcry_mpi_t t1, t2, r; + unsigned int nbits = mpi_get_nbits (skey->p); + + mpi_normalize (a); + mpi_normalize (b); + + t1 = mpi_snew (nbits); + +#ifdef USE_BLINDING + + t2 = mpi_snew (nbits); + r = mpi_new (nbits); + + /* We need a random number of about the prime size. The random + number merely needs to be unpredictable; thus we use level 0. */ + _gcry_mpi_randomize (r, nbits, GCRY_WEAK_RANDOM); + + /* t1 = r^x mod p */ + mpi_powm (t1, r, skey->x, skey->p); + /* t2 = (a * r)^-x mod p */ + mpi_mulm (t2, a, r, skey->p); + mpi_powm (t2, t2, skey->x, skey->p); + mpi_invm (t2, t2, skey->p); + /* t1 = (t1 * t2) mod p*/ + mpi_mulm (t1, t1, t2, skey->p); + + mpi_free (r); + mpi_free (t2); + +#else /*!USE_BLINDING*/ /* output = b/(a^x) mod p */ - gcry_mpi_powm( t1, a, skey->x, skey->p ); - mpi_invm( t1, t1, skey->p ); - mpi_mulm( output, b, t1, skey->p ); + mpi_powm (t1, a, skey->x, skey->p); + mpi_invm (t1, t1, skey->p); + +#endif /*!USE_BLINDING*/ + + mpi_mulm (output, b, t1, skey->p); + #if 0 if( DBG_CIPHER ) { @@ -502,7 +541,7 @@ decrypt(gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey ) log_mpidump("elg decrypted M= ", output); } #endif - mpi_free(t1); + mpi_free (t1); } ----------------------------------------------------------------------- Summary of changes: cipher/elgamal.c | 49 ++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 44 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Feb 23 13:12:15 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 23 Feb 2015 13:12:15 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.18-44-g6186637 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via 6186637cc9a4cbe4964ae0ca2aa00ed1738fc6a4 (commit) from e0c13ad5f290aec05706797b8f6c9e13d613eb66 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6186637cc9a4cbe4964ae0ca2aa00ed1738fc6a4 Author: Werner Koch Date: Mon Feb 23 13:10:57 2015 +0100 doc: Add warning note about not acting as an oracle to --batch. -- diff --git a/doc/gpg.texi b/doc/gpg.texi index 67dc3d0..d311732 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -949,12 +949,23 @@ Try to be as quiet as possible. @opindex batch @opindex no-batch Use batch mode. Never ask, do not allow interactive commands. - at option{--no-batch} disables this option. Note that even with a -filename given on the command line, gpg might still need to read from -STDIN (in particular if gpg figures that the input is a -detached signature and no data file has been specified). Thus if you -do not want to feed data via STDIN, you should connect STDIN to - at file{/dev/null}. + at option{--no-batch} disables this option. This option is commonly +used for unattended operations. + +WARNING: Unattended operation bears a higher risk of being exposed to +security attacks. In particular any unattended use of GnuPG which +involves the use of secret keys should take care not to provide an +decryption oracle. There are several standard pre-cautions against +being used as an oracle. For example never return detailed error +messages or any diagnostics printed by your software to the remote +site. Consult with an expert in case of doubt. + +Note that even with a filename given on the command line, gpg might +still need to read from STDIN (in particular if gpg figures that the +input is a detached signature and no data file has been specified). +Thus if you do not want to feed data via STDIN, you should connect +STDIN to @file{/dev/null}. + @item --no-tty @opindex no-tty ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Feb 23 15:27:18 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 23 Feb 2015 15:27:18 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.2-6-gd9f6eea Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via d9f6eea6115df7959564123eb99d633ce5bba42e (commit) from d2a70fd8348d6c11d1960caf2afe0701833dad6a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d9f6eea6115df7959564123eb99d633ce5bba42e Author: Werner Koch Date: Mon Feb 23 15:25:37 2015 +0100 common: Fix regression due to commit 2183683b. * common/dns-cert.c (get_dns_cert): Remove cruft. -- GnuPG-bug-id: 1850 Signed-off-by: Werner Koch diff --git a/common/dns-cert.c b/common/dns-cert.c index 317ebb1..e743308 100644 --- a/common/dns-cert.c +++ b/common/dns-cert.c @@ -268,7 +268,6 @@ get_dns_cert (const char *name, estream_t *r_key, class = buf16_to_u16 (pt); pt += 2; - class |= *pt++; if (class != C_IN) break; ----------------------------------------------------------------------- Summary of changes: common/dns-cert.c | 1 - 1 file changed, 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Feb 23 16:41:06 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 23 Feb 2015 16:41:06 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.2-7-ga8116aa Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via a8116aacd91b7e775762a62c268fab6cc3c77438 (commit) from d9f6eea6115df7959564123eb99d633ce5bba42e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a8116aacd91b7e775762a62c268fab6cc3c77438 Author: Werner Koch Date: Mon Feb 23 16:37:57 2015 +0100 gpg: Skip legacy keys while searching keyrings. * g10/getkey.c (search_modes_are_fingerprint): New. (lookup): Skip over legacy keys. -- GnuPG-bug-id: 1847 Signed-off-by: Werner Koch diff --git a/g10/getkey.c b/g10/getkey.c index 76ee493..116753c 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -2525,6 +2525,29 @@ found: } +/* Return true if all the search modes are fingerprints. */ +static int +search_modes_are_fingerprint (getkey_ctx_t ctx) +{ + size_t n, found; + + for (n=found=0; n < ctx->nitems; n++) + { + switch (ctx->items[n].mode) + { + case KEYDB_SEARCH_MODE_FPR16: + case KEYDB_SEARCH_MODE_FPR20: + case KEYDB_SEARCH_MODE_FPR: + found++; + break; + default: + break; + } + } + return found && found == ctx->nitems; +} + + /* The main function to lookup a key. On success the found keyblock is stored at RET_KEYBLOCK and also in CTX. If WANT_SECRET is true a corresponding secret key is required. */ @@ -2534,9 +2557,21 @@ lookup (getkey_ctx_t ctx, kbnode_t *ret_keyblock, int want_secret) int rc; int no_suitable_key = 0; - rc = 0; - while (!(rc = keydb_search (ctx->kr_handle, ctx->items, ctx->nitems, NULL))) + for (;;) { + rc = keydb_search (ctx->kr_handle, ctx->items, ctx->nitems, NULL); + /* Skip over all legacy keys but only if they are not requested + by fingerprints. + Fixme: The lower level keydb code should actually do that but + then it would be harder to report the number of skipped + legacy keys during import. */ + if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY + && !(ctx->nitems && ctx->items->mode == KEYDB_SEARCH_MODE_FIRST) + && !search_modes_are_fingerprint (ctx)) + continue; + if (rc) + break; + /* If we are searching for the first key we have to make sure that the next iteration does not do an implicit reset. This can be triggered by an empty key ring. */ ----------------------------------------------------------------------- Summary of changes: g10/getkey.c | 39 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 37 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Feb 23 17:55:42 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 23 Feb 2015 17:55:42 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.2-8-gae09515 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via ae09515b9d3aae653b62a32ea5b4a9b9e557fc52 (commit) from a8116aacd91b7e775762a62c268fab6cc3c77438 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ae09515b9d3aae653b62a32ea5b4a9b9e557fc52 Author: Werner Koch Date: Mon Feb 23 17:54:05 2015 +0100 gpg: Add option to print fingerprints in ICAO spelling. * g10/gpg.c: Add option --with-icao-spelling. * g10/options.h (struct opt): Add with_icao_spelling. * g10/keylist.c (print_icao_hexdigit): New. (print_fingerprint): Print ICAO spelling. Signed-off-by: Werner Koch diff --git a/doc/gpg.texi b/doc/gpg.texi index 77df55c..79fe234 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2136,6 +2136,11 @@ Same as the command @option{--fingerprint} but changes only the format of the output and may be used together with another command. @ifset gpgtwoone + + at item --with-icao-spelling + at opindex with-icao-spelling +Print the ICAO spelling of the fingerprint in addition to the hex digits. + @item --with-keygrip @opindex with-keygrip Include the keygrip in the key listings. diff --git a/g10/gpg.c b/g10/gpg.c index b8d621d..df67d4f 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -176,6 +176,7 @@ enum cmd_and_opt_values oNoAskCertLevel, oFingerprint, oWithFingerprint, + oWithICAOSpelling, oWithKeygrip, oWithSecret, oAnswerYes, @@ -692,6 +693,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oUtf8Strings, "utf8-strings", "@"), ARGPARSE_s_n (oNoUtf8Strings, "no-utf8-strings", "@"), ARGPARSE_s_n (oWithFingerprint, "with-fingerprint", "@"), + ARGPARSE_s_n (oWithICAOSpelling, "with-icao-spelling", "@"), ARGPARSE_s_n (oWithKeygrip, "with-keygrip", "@"), ARGPARSE_s_n (oWithSecret, "with-secret", "@"), ARGPARSE_s_s (oDisableCipherAlgo, "disable-cipher-algo", "@"), @@ -2421,6 +2423,9 @@ main (int argc, char **argv) opt.with_fingerprint = 1; opt.fingerprint++; break; + case oWithICAOSpelling: + opt.with_icao_spelling = 1; + break; case oFingerprint: opt.fingerprint++; fpr_maybe_cmd = 1; diff --git a/g10/keylist.c b/g10/keylist.c index 5fd9eb8..da933ca 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -1580,6 +1580,20 @@ list_keyblock (KBNODE keyblock, int secret, int has_secret, int fpr, es_fflush (es_stdout); } + +/* Print an hex digit in ICAO spelling. */ +static void +print_icao_hexdigit (estream_t fp, int c) +{ + static const char *list[16] = { + "Zero", "One", "Two", "Three", "Four", "Five", "Six", "Seven", + "Eight", "Niner", "Alfa", "Bravo", "Charlie", "Delta", "Echo", "Foxtrot" + }; + + tty_fprintf (fp, "%s", list[c&15]); +} + + /* * Function to print the finperprint. * mode 0: as used in key listings, opt.with_colons is honored @@ -1675,6 +1689,26 @@ print_fingerprint (estream_t override_fp, PKT_public_key *pk, int mode) } } tty_fprintf (fp, "\n"); + if (!opt.with_colons && opt.with_icao_spelling) + { + p = array; + tty_fprintf (fp, "%*s\"", (int)strlen(text)+1, ""); + for (i = 0; i < n; i++, p++) + { + if (!i) + ; + else if (!(i%4)) + tty_fprintf (fp, "\n%*s ", (int)strlen(text)+1, ""); + else if (!(i%2)) + tty_fprintf (fp, " "); + else + tty_fprintf (fp, " "); + print_icao_hexdigit (fp, *p >> 4); + tty_fprintf (fp, " "); + print_icao_hexdigit (fp, *p & 15); + } + tty_fprintf (fp, "\"\n"); + } } /* Print the serial number of an OpenPGP card if available. */ diff --git a/g10/options.h b/g10/options.h index 7b9f366..a09d3d5 100644 --- a/g10/options.h +++ b/g10/options.h @@ -67,6 +67,7 @@ struct int check_sigs; /* check key signatures */ int with_colons; int with_key_data; + int with_icao_spelling; /* Print ICAO spelling with fingerprints. */ int with_fingerprint; /* Option --with-fingerprint active. */ int with_keygrip; /* Option --with-keygrip active. */ int with_secret; /* Option --with-secret active. */ ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 5 +++++ g10/gpg.c | 5 +++++ g10/keylist.c | 34 ++++++++++++++++++++++++++++++++++ g10/options.h | 1 + 4 files changed, 45 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 24 17:48:04 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 24 Feb 2015 17:48:04 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.2-10-g93fa3d5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 93fa3d5c1760f3fee5412fb29d58fbd60db16ea9 (commit) via d79011180112199a8df105f463952b4bcbe04410 (commit) from ae09515b9d3aae653b62a32ea5b4a9b9e557fc52 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 93fa3d5c1760f3fee5412fb29d58fbd60db16ea9 Author: Werner Koch Date: Tue Feb 24 17:43:57 2015 +0100 gpg: Add function to extract the mailbox. * g10/misc.c (has_invalid_email_chars, is_valid_mailbox) (is_valid_user_id): Move to ... * g10/mailbox.c: new file. (string_has_ctrl_or_space, has_dotdot_after_at): New. (has_invalid_email_chars): New. * g10/t-mailbox.c: New. * g10/Makefile.am (module_tests): Add t-mailbox. (t_mailbox_SOURCES, t_mailbox_LDADD): New. -- Signed-off-by: Werner Koch diff --git a/g10/Makefile.am b/g10/Makefile.am index 0a02119..0704924 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -83,6 +83,7 @@ common_source = \ textfilter.c \ progress.c \ misc.c \ + mailbox.c \ rmd160.c rmd160.h \ options.h \ openfile.c \ @@ -154,9 +155,11 @@ gpgv2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \ gpgv2_LDFLAGS = $(extra_bin_ldflags) t_common_ldadd = -module_tests = t-rmd160 +module_tests = t-rmd160 t-mailbox t_rmd160_SOURCES = t-rmd160.c rmd160.c t_rmd160_LDADD = $(t_common_ldadd) +t_mailbox_SOURCES = t-mailbox.c mailbox.c +t_mailbox_LDADD = $(t_common_ldadd) $(PROGRAMS): $(needed_libs) ../common/libgpgrl.a diff --git a/g10/mailbox.c b/g10/mailbox.c new file mode 100644 index 0000000..64b818f --- /dev/null +++ b/g10/mailbox.c @@ -0,0 +1,184 @@ +/* mailbox.c - Mail address helper functions + * Copyright (C) 1998-2010 Free Software Foundation, Inc. + * Copyright (C) 2014-2015 Werner Koch + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#include +#include +#include +#include +#include +#include + +#include "gpg.h" +#include "util.h" +#include "main.h" + + +static int +string_count_chr (const char *string, int c) +{ + int count; + + for (count=0; *string; string++ ) + if ( *string == c ) + count++; + return count; +} + + +static int +string_has_ctrl_or_space (const char *string) +{ + for (; *string; string++ ) + if (!(*string & 0x80) && *string <= 0x20) + return 1; + return 0; +} + + +/* Return true if STRING has two consecutive '.' after an '@' + sign. */ +static int +has_dotdot_after_at (const char *string) +{ + string = strchr (string, '@'); + if (!string) + return 0; /* No at-sign. */ + string++; + return !!strstr (string, ".."); +} + + +/* Check whether the string has characters not valid in an RFC-822 + address. To cope with OpenPGP we ignore non-ascii characters + so that for example umlauts are legal in an email address. An + OpenPGP user ID must be utf-8 encoded but there is no strict + requirement for RFC-822. Thus to avoid IDNA encoding we put the + address verbatim as utf-8 into the user ID under the assumption + that mail programs handle IDNA at a lower level and take OpenPGP + user IDs as utf-8. Note that we can't do an utf-8 encoding + checking here because in keygen.c this function is called with the + native encoding and native to utf-8 encoding is only done later. */ +int +has_invalid_email_chars (const char *s) +{ + int at_seen=0; + const char *valid_chars= + "01234567890_-.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; + + for ( ; *s; s++ ) + { + if ( (*s & 0x80) ) + continue; /* We only care about ASCII. */ + if ( *s == '@' ) + at_seen=1; + else if ( !at_seen && !(strchr (valid_chars, *s) + || strchr ("!#$%&'*+/=?^`{|}~", *s))) + return 1; + else if ( at_seen && !strchr( valid_chars, *s ) ) + return 1; + } + return 0; +} + + +/* Check whether NAME represents a valid mailbox according to + RFC822. Returns true if so. */ +int +is_valid_mailbox (const char *name) +{ + return !( !name + || !*name + || has_invalid_email_chars (name) + || string_count_chr (name,'@') != 1 + || *name == '@' + || name[strlen(name)-1] == '@' + || name[strlen(name)-1] == '.' + || strstr (name, "..") ); +} + + +/* Return the mailbox (local-part at domain) form a standard user id. + Caller must free the result. Returns NULL if no valid mailbox was + found (or we are out of memory). */ +char * +mailbox_from_userid (const char *userid) +{ + const char *s, *s_end; + size_t len; + char *result = NULL; + + s = strchr (userid, '<'); + if (s) + { + /* Seems to be a standard user id. */ + s++; + s_end = strchr (s, '>'); + if (s_end && s_end > s) + { + len = s_end - s; + result = xtrymalloc (len + 1); + if (!result) + return NULL; /* Ooops - out of core. */ + strncpy (result, s, len); + result[len] = 0; + /* Apply some basic checks on the address. We do not use + is_valid_mailbox because those checks are too strict. */ + if (string_count_chr (result, '@') != 1 /* Need exactly one '@. */ + || *result == '@' /* local-part missing. */ + || result[len-1] == '@' /* domain missing. */ + || result[len-1] == '.' /* ends with a dot. */ + || string_has_ctrl_or_space (result) + || has_dotdot_after_at (result)) + { + xfree (result); + result = NULL; + errno = EINVAL; + } + } + else + errno = EINVAL; + } + else if (is_valid_mailbox (userid)) + { + /* The entire user id is a mailbox. Return that one. Note that + this fallback method has some restrictions on the valid + syntax of the mailbox. However, those who want weird + addresses should know about it and use the regular <...> + syntax. */ + result = xtrystrdup (userid); + } + else + errno = EINVAL; + + return result; +} + + +/* Check whether UID is a valid standard user id of the form + "Heinrich Heine " + and return true if this is the case. */ +int +is_valid_user_id (const char *uid) +{ + if (!uid || !*uid) + return 0; + + return 1; +} diff --git a/g10/main.h b/g10/main.h index d313afb..8c326f6 100644 --- a/g10/main.h +++ b/g10/main.h @@ -162,9 +162,6 @@ char *optsep(char **stringp); char *argsplit(char *string); int parse_options(char *str,unsigned int *options, struct parse_options *opts,int noisy); -int has_invalid_email_chars (const char *s); -int is_valid_mailbox (const char *name); -int is_valid_user_id (const char *uid); const char *get_libexecdir (void); int path_access(const char *file,int mode); @@ -179,6 +176,13 @@ int mpi_print (estream_t stream, gcry_mpi_t a, int mode); unsigned int ecdsa_qbits_from_Q (unsigned int qbits); +/*-- mailbox.c --*/ +int has_invalid_email_chars (const char *s); +int is_valid_mailbox (const char *name); +char *mailbox_from_userid (const char *userid); +int is_valid_user_id (const char *uid); + + /*-- status.c --*/ void set_status_fd ( int fd ); int is_status_enabled ( void ); diff --git a/g10/misc.c b/g10/misc.c index 276ff0a..4cff2dc 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -70,18 +70,6 @@ #include -static int -string_count_chr (const char *string, int c) -{ - int count; - - for (count=0; *string; string++ ) - if ( *string == c ) - count++; - return count; -} - - #ifdef ENABLE_SELINUX_HACKS /* A object and a global variable to keep track of files marked as @@ -1464,69 +1452,6 @@ parse_options(char *str,unsigned int *options, } -/* Check whether the string has characters not valid in an RFC-822 - address. To cope with OpenPGP we ignore non-ascii characters - so that for example umlauts are legal in an email address. An - OpenPGP user ID must be utf-8 encoded but there is no strict - requirement for RFC-822. Thus to avoid IDNA encoding we put the - address verbatim as utf-8 into the user ID under the assumption - that mail programs handle IDNA at a lower level and take OpenPGP - user IDs as utf-8. Note that we can't do an utf-8 encoding - checking here because in keygen.c this function is called with the - native encoding and native to utf-8 encoding is only done later. */ -int -has_invalid_email_chars (const char *s) -{ - int at_seen=0; - const char *valid_chars= - "01234567890_-.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; - - for ( ; *s; s++ ) - { - if ( (*s & 0x80) ) - continue; /* We only care about ASCII. */ - if ( *s == '@' ) - at_seen=1; - else if ( !at_seen && !(strchr (valid_chars, *s) - || strchr ("!#$%&'*+/=?^`{|}~", *s))) - return 1; - else if ( at_seen && !strchr( valid_chars, *s ) ) - return 1; - } - return 0; -} - - -/* Check whether NAME represents a valid mailbox according to - RFC822. Returns true if so. */ -int -is_valid_mailbox (const char *name) -{ - return !( !name - || !*name - || has_invalid_email_chars (name) - || string_count_chr (name,'@') != 1 - || *name == '@' - || name[strlen(name)-1] == '@' - || name[strlen(name)-1] == '.' - || strstr (name, "..") ); -} - - -/* Check whether UID is a valid standard user id of the form - "Heinrich Heine " - and return true if this is the case. */ -int -is_valid_user_id (const char *uid) -{ - if (!uid || !*uid) - return 0; - - return 1; -} - - - /* Similar to access(2), but uses PATH to find the file. */ int path_access(const char *file,int mode) diff --git a/g10/t-mailbox.c b/g10/t-mailbox.c new file mode 100644 index 0000000..aa7cf33 --- /dev/null +++ b/g10/t-mailbox.c @@ -0,0 +1,127 @@ +/* t-mailbox.c - Module test for mailbox.c + * Copyright (C) 2015 Werner Koch + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#include +#include +#include +#include + +#include "gpg.h" +#include "util.h" +#include "main.h" + +#define pass() do { ; } while(0) +#define fail(a) do { fprintf (stderr, "%s:%d: test %d failed\n",\ + __FILE__,__LINE__, (a)); \ + exit (1); \ + } while(0) + + +void * +gcry_malloc (size_t n) +{ + return malloc (n); +} + + +char * +gcry_strdup (const char *string) +{ + return strdup (string); +} + + +void +gcry_free (void *a) +{ + if (a) + free (a); +} + + + +static void +run_test (void) +{ + static struct + { + const char *userid; + const char *mbox; + } testtbl[] = + { + { "Werner Koch ", "wk at gnupg.org" }, + { "", "wk at gnupg.org" }, + { "wk at gnupg.org", "wk at gnupg.org" }, + { "wk at gnupg.org ", NULL }, + { " wk at gnupg.org", NULL }, + { "Werner Koch (test) ", "wk at gnupg.org" }, + { "Werner Koch (test)", "wk at gnupg.org" }, + { "Werner Koch ", NULL }, + { "Werner Koch ", NULL }, + { "", "foo at example.org" }, + { "", "foo. at example.org" }, + { "<.foo. at example.org>", ".foo. at example.org" }, + { "", "foo.. at example.org" }, + { "", "foo..bar at example.org" }, + { "", NULL }, + { "", NULL }, + { "", NULL }, + { "<@example.org>", NULL }, + { "", NULL }, + { "<@foo at example.org>", NULL }, + { " ()", "foo at example.org" }, + { " ()", "fo()o at example.org" }, + { " ()", "fo()o at example.org" }, + { "fo()o at example.org", NULL}, + { "Mr. Foo ", "foo at example.org"}, + { NULL, NULL } + }; + int idx; + + for (idx=0; testtbl[idx].userid; idx++) + { + char *mbox = mailbox_from_userid (testtbl[idx].userid); + + if (!testtbl[idx].mbox) + { + if (mbox) + fail (idx); + } + else if (!mbox) + fail (idx); + else if (strcmp (mbox, testtbl[idx].mbox)) + fail (idx); + } +} + + +int +main (int argc, char **argv) +{ + (void)argc; + (void)argv; + + run_test (); + + return 0; +} commit d79011180112199a8df105f463952b4bcbe04410 Author: Werner Koch Date: Tue Feb 24 17:02:00 2015 +0100 common: Add another test case to zb32.c -- Fingerprints may eventually be used with zb32 and thus thre should be a test case. diff --git a/common/t-zb32.c b/common/t-zb32.c index 7d509da..2b19c09 100644 --- a/common/t-zb32.c +++ b/common/t-zb32.c @@ -76,6 +76,9 @@ test_zb32enc (void) { 20, "\x81\x81\x81", "ogya" }, { 64, "\x81\x81\x81\x81\x81\x81\x81\x81", "ogyadycbogyan" }, /* More tests. */ + { 160, "\x80\x61\x58\x70\xF5\xBA\xD6\x90\x33\x36" + /* */"\x86\xD0\xF2\xAD\x85\xAC\x1E\x42\xB3\x67", + /* */"oboioh8izmmjyc3so5exfmcfioxrfc58" }, { 0, "", "" } }; int tidx; ----------------------------------------------------------------------- Summary of changes: common/t-zb32.c | 3 + g10/Makefile.am | 5 +- g10/mailbox.c | 184 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ g10/main.h | 10 ++- g10/misc.c | 75 ----------------------- g10/t-mailbox.c | 127 ++++++++++++++++++++++++++++++++++++++ 6 files changed, 325 insertions(+), 79 deletions(-) create mode 100644 g10/mailbox.c create mode 100644 g10/t-mailbox.c hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 24 19:33:10 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 24 Feb 2015 19:33:10 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.2-11-ge2d9340 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via e2d93402801a2cb822c723e891fd98233fdb3fd5 (commit) from 93fa3d5c1760f3fee5412fb29d58fbd60db16ea9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e2d93402801a2cb822c723e891fd98233fdb3fd5 Author: Werner Koch Date: Tue Feb 24 19:31:59 2015 +0100 gpg: Add command --print-pka-records. * g10/gpg.c (main): Add command --print-pka-records. * g10/options.h (struct opt): Add field "print_pka_records". * g10/keylist.c (list_keyblock_pka): New. (list_keyblock): Call it if new option is set. (print_fingerprint): Add mode 10. -- This is a fist step towards a slightly updated PKA implementation. Signed-off-by: Werner Koch diff --git a/g10/gpg.c b/g10/gpg.c index df67d4f..ea331d6 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -131,6 +131,7 @@ enum cmd_and_opt_values aSendKeys, aRecvKeys, aLocateKeys, + aPrintPKARecords, aSearchKeys, aRefreshKeys, aFetchKeys, @@ -407,6 +408,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_c (aCheckKeys, "check-sigs",N_("list and check key signatures")), ARGPARSE_c (oFingerprint, "fingerprint", N_("list keys and fingerprints")), ARGPARSE_c (aListSecretKeys, "list-secret-keys", N_("list secret keys")), + ARGPARSE_c (aPrintPKARecords, "print-pka-records", "@"), ARGPARSE_c (aKeygen, "gen-key", N_("generate a new key pair")), ARGPARSE_c (aQuickKeygen, "quick-gen-key" , @@ -2312,6 +2314,11 @@ main (int argc, char **argv) set_cmd (&cmd, pargs.r_opt); break; + case aPrintPKARecords: + set_cmd (&cmd, pargs.r_opt); + opt.print_pka_records = 1; + break; + case aKeygen: case aFullKeygen: case aEditKey: @@ -3857,6 +3864,13 @@ main (int argc, char **argv) public_key_list (ctrl, sl, 1); free_strlist (sl); break; + case aPrintPKARecords: + sl = NULL; + for (; argc; argc--, argv++) + add_to_strlist2( &sl, *argv, utf8_strings ); + public_key_list (ctrl, sl, 0); + free_strlist (sl); + break; case aQuickKeygen: if (argc != 1 ) diff --git a/g10/keylist.c b/g10/keylist.c index da933ca..881ffa4 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -794,6 +794,78 @@ dump_attribs (const PKT_user_id *uid, PKT_public_key *pk) } +/* Print IPGP cert records instead of a standard key listing. */ +static void +list_keyblock_pka (kbnode_t keyblock) +{ + kbnode_t kbctx; + kbnode_t node; + PKT_public_key *pk; + char pkstrbuf[PUBKEY_STRING_SIZE]; + char *hexfpr; + + /* Get the keyid from the keyblock. */ + node = find_kbnode (keyblock, PKT_PUBLIC_KEY); + if (!node) + { + log_error ("Oops; key lost!\n"); + dump_kbnode (keyblock); + return; + } + + pk = node->pkt->pkt.public_key; + + es_fprintf (es_stdout, ";; pub %s/%s %s\n;; ", + pubkey_string (pk, pkstrbuf, sizeof pkstrbuf), + keystr_from_pk (pk), datestr_from_pk (pk)); + print_fingerprint (NULL, pk, 10); + hexfpr = hexfingerprint (pk); + + for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));) + { + if (node->pkt->pkttype == PKT_USER_ID) + { + PKT_user_id *uid = node->pkt->pkt.user_id; + char *mbox; + char *p; + + if (pk && (uid->is_expired || uid->is_revoked) + && !(opt.list_options & LIST_SHOW_UNUSABLE_UIDS)) + continue; + + es_fputs (";; uid ", es_stdout); + print_utf8_buffer (es_stdout, uid->name, uid->len); + es_putc ('\n', es_stdout); + mbox = mailbox_from_userid (uid->name); + if (mbox && (p = strchr (mbox, '@'))) + { + char hashbuf[20]; + char *hash; + unsigned int len; + + *p++ = 0; + es_fprintf (es_stdout, "$ORIGIN _pka.%s.\n", p); + gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf, mbox, strlen (mbox)); + hash = zb32_encode (hashbuf, 8*20); + if (hash) + { + len = strlen (hexfpr)/2; + es_fprintf (es_stdout, + "%s TYPE37 \\# %u 0006 0000 00 %02X %s\n", + hash, 6 + len, len, hexfpr); + xfree (hash); + } + } + xfree (mbox); + } + + } + es_putc ('\n', es_stdout); + + xfree (hexfpr); +} + + static void list_keyblock_print (KBNODE keyblock, int secret, int fpr, void *opaque) { @@ -1572,7 +1644,12 @@ list_keyblock (KBNODE keyblock, int secret, int has_secret, int fpr, void *opaque) { reorder_keyblock (keyblock); - if (opt.with_colons) + if (opt.print_pka_records) + { + if (!secret) + list_keyblock_pka (keyblock); + } + else if (opt.with_colons) list_keyblock_colon (keyblock, secret, has_secret, fpr); else list_keyblock_print (keyblock, secret, fpr, opaque); @@ -1600,6 +1677,7 @@ print_icao_hexdigit (estream_t fp, int c) * 1: print using log_info () * 2: direct use of tty * 3: direct use of tty but only primary key. + * 10: Same as 0 but with_colons etc is ignored. * * Modes 1 and 2 will try and print both subkey and primary key * fingerprints. A MODE with bit 7 set is used internally. If @@ -1614,6 +1692,15 @@ print_fingerprint (estream_t override_fp, PKT_public_key *pk, int mode) estream_t fp; const char *text; int primary = 0; + int with_colons = opt.with_colons; + int with_icao = opt.with_icao_spelling; + + if (mode == 10) + { + mode = 0; + with_colons = 0; + with_icao = 0; + } if (pk->main_keyid[0] == pk->keyid[0] && pk->main_keyid[1] == pk->keyid[1]) @@ -1667,7 +1754,7 @@ print_fingerprint (estream_t override_fp, PKT_public_key *pk, int mode) fingerprint_from_pk (pk, array, &n); p = array; - if (opt.with_colons && !mode) + if (with_colons && !mode) { es_fprintf (fp, "fpr:::::::::"); for (i = 0; i < n; i++, p++) @@ -1689,7 +1776,7 @@ print_fingerprint (estream_t override_fp, PKT_public_key *pk, int mode) } } tty_fprintf (fp, "\n"); - if (!opt.with_colons && opt.with_icao_spelling) + if (!with_colons && with_icao) { p = array; tty_fprintf (fp, "%*s\"", (int)strlen(text)+1, ""); diff --git a/g10/options.h b/g10/options.h index a09d3d5..18cca2b 100644 --- a/g10/options.h +++ b/g10/options.h @@ -73,6 +73,7 @@ struct int with_secret; /* Option --with-secret active. */ int fingerprint; /* list fingerprints */ int list_sigs; /* list signatures */ + int print_pka_records; int no_armor; int list_packets; /* list-packets mode: 1=normal, 2=invoked by command*/ int def_cipher_algo; ----------------------------------------------------------------------- Summary of changes: g10/gpg.c | 14 +++++++++ g10/keylist.c | 93 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- g10/options.h | 1 + 3 files changed, 105 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 25 16:37:53 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 25 Feb 2015 16:37:53 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.2-14-g2fc27c8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 2fc27c8696f5cf2ddf3212397ea49bff115d617b (commit) via af60152a4632ef26ca950a424429b15b6c69038d (commit) via 9913253610bac69e9503800e85696491e018e327 (commit) from e2d93402801a2cb822c723e891fd98233fdb3fd5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2fc27c8696f5cf2ddf3212397ea49bff115d617b Author: Werner Koch Date: Wed Feb 25 16:34:19 2015 +0100 gpg: Switch to a hash and CERT record based PKA system. * common/dns-cert.c (get_dns_cert): Make r_key optional. * common/pka.c: Rewrite for the new hash based lookup. * common/t-pka.c: New. * configure.ac: Remove option --disable-dns-pka. (USE_DNS_PKA): Remove ac_define. * g10/getkey.c (parse_auto_key_locate): Always include PKA. -- Note that although PKA is now always build, it will only work if support for looking up via DNS has not been disabled. The new PKA only works with the IPGP DNS certtype and shall be used only to retrieve the fingerprint and optional the key for the first time. Due to the security problems with DNSSEC the former assumption to validate the key using DNSSEC is not anymore justified. Instead an additional layer (e.g. Trust-On-First-Use) needs to be implemented to track change to the key. Having a solid way of getting a key matching a mail address is however a must have. More work needs to go into a redefinition of the --verify-options pka-lookups and pka-trust-increase. The auto-key-locate mechanism should also be able to continue key fetching with another methods once the fingerprint has been retrieved with PKA. Signed-off-by: Werner Koch diff --git a/common/Makefile.am b/common/Makefile.am index df2dafe..2ba6dc0 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -178,7 +178,7 @@ jnlib_tests += t-w32-reg endif module_tests = t-convert t-percent t-gettime t-sysutils t-sexputil \ t-session-env t-openpgp-oid t-ssh-utils t-dns-cert \ - t-mapstrings t-zb32 t-mbox-util + t-pka t-mapstrings t-zb32 t-mbox-util if !HAVE_W32CE_SYSTEM module_tests += t-exechelp endif @@ -222,6 +222,7 @@ t_session_env_LDADD = $(t_common_ldadd) t_openpgp_oid_LDADD = $(t_common_ldadd) t_ssh_utils_LDADD = $(t_common_ldadd) t_dns_cert_LDADD = $(t_common_ldadd) $(DNSLIBS) +t_pka_LDADD = $(t_common_ldadd) $(DNSLIBS) t_mapstrings_LDADD = $(t_common_ldadd) t_zb32_LDADD = $(t_common_ldadd) t_mbox_util_LDADD = $(t_common_ldadd) diff --git a/common/dns-cert.c b/common/dns-cert.c index e7be275..405ca29 100644 --- a/common/dns-cert.c +++ b/common/dns-cert.c @@ -70,7 +70,7 @@ returns the first CERT found with a supported type; it is expected that only one CERT record is used. If WANT_CERTTYPE is one of the supported certtypes only records wih this certtype are considered - and the first found is returned. */ + and the first found is returned. R_KEY is optional. */ gpg_error_t get_dns_cert (const char *name, int want_certtype, estream_t *r_key, @@ -84,7 +84,8 @@ get_dns_cert (const char *name, int want_certtype, unsigned int ctype; int count; - *r_key = NULL; + if (r_key) + *r_key = NULL; *r_fpr = NULL; *r_fprlen = 0; *r_url = NULL; @@ -129,7 +130,7 @@ get_dns_cert (const char *name, int want_certtype, if (want_certtype && want_certtype != ctype) ; /* Not of the requested certtype. */ - else if (ctype == DNS_CERTTYPE_PGP && datalen >= 11) + else if (ctype == DNS_CERTTYPE_PGP && datalen >= 11 && r_key) { /* CERT type is PGP. Gpg checks for a minimum length of 11, thus we do the same. */ @@ -197,7 +198,8 @@ get_dns_cert (const char *name, int want_certtype, int r; u16 count; - *r_key = NULL; + if (r_key) + *r_key = NULL; *r_fpr = NULL; *r_fprlen = 0; *r_url = NULL; @@ -292,7 +294,7 @@ get_dns_cert (const char *name, int want_certtype, /* 15 bytes takes us to here */ if (want_certtype && want_certtype != ctype) ; /* Not of the requested certtype. */ - else if (ctype == DNS_CERTTYPE_PGP && dlen) + else if (ctype == DNS_CERTTYPE_PGP && dlen && r_key) { /* PGP type */ *r_key = es_fopenmem_init (0, "rwb", pt, dlen); @@ -355,7 +357,8 @@ get_dns_cert (const char *name, int want_certtype, #endif /*!USE_ADNS */ #else /* !USE_DNS_CERT */ (void)name; - *r_key = NULL; + if (r_key) + *r_key = NULL; *r_fpr = NULL; *r_fprlen = 0; *r_url = NULL; diff --git a/common/pka.c b/common/pka.c index 4ead97f..c3c68b5 100644 --- a/common/pka.c +++ b/common/pka.c @@ -33,307 +33,76 @@ #include #include -#ifdef USE_DNS_PKA -#include -#ifdef _WIN32 -# ifdef HAVE_WINSOCK2_H -# include -# endif -# include -#else -#include -#include -#include -#endif -#endif /* USE_DNS_PKA */ -#ifdef USE_ADNS -# include -#endif - #include "util.h" -#include "host2net.h" +#include "mbox-util.h" +#include "dns-cert.h" #include "pka.h" -#ifdef USE_DNS_PKA -/* Parse the TXT resource record. Format is: - - v=pka1;fpr=a4d94e92b0986ab5ee9dcd755de249965b0358a2;uri=string - - For simplicity white spaces are not allowed. Because we expect to - use a new RRTYPE for this in the future we define the TXT really - strict for simplicity: No white spaces, case sensitivity of the - names, order must be as given above. Only URI is optional. - - This function modifies BUFFER. On success 0 is returned, the 20 - byte fingerprint stored at FPR and BUFFER contains the URI or an - empty string. -*/ -static int -parse_txt_record (char *buffer, unsigned char *fpr) -{ - char *p, *pend; - int i; - - p = buffer; - pend = strchr (p, ';'); - if (!pend) - return -1; - *pend++ = 0; - if (strcmp (p, "v=pka1")) - return -1; /* Wrong or missing version. */ - - p = pend; - pend = strchr (p, ';'); - if (pend) - *pend++ = 0; - if (strncmp (p, "fpr=", 4)) - return -1; /* Missing fingerprint part. */ - p += 4; - for (i=0; i < 20 && hexdigitp (p) && hexdigitp (p+1); i++, p += 2) - fpr[i] = xtoi_2 (p); - if (i != 20) - return -1; /* Fingerprint consists not of exactly 40 hexbytes. */ - - p = pend; - if (!p || !*p) - { - *buffer = 0; - return 0; /* Success (no URI given). */ - } - if (strncmp (p, "uri=", 4)) - return -1; /* Unknown part. */ - p += 4; - /* There is an URI, copy it to the start of the buffer. */ - while (*p) - *buffer++ = *p++; - *buffer = 0; - return 0; -} - /* For the given email ADDRESS lookup the PKA information in the DNS. - On success the 20 byte SHA-1 fingerprint is stored at FPR and the - URI will be returned in an allocated buffer. Note that the URI - might be an zero length string as this information is optional. - Caller must xfree the returned string. + On success the fingerprint is stored at FPRBUF and the URI will be + returned in an allocated buffer. Note that the URI might be a zero + length string as this information is optional. Caller must xfree + the returned string. FPRBUFLEN gives the size of the expected + fingerprint (usually 20). - On error NULL is returned and the 20 bytes at FPR are not - defined. */ + On error NULL is returned and the FPRBUF is not defined. */ char * -get_pka_info (const char *address, unsigned char *fpr) +get_pka_info (const char *address, void *fprbuf, size_t fprbuflen) { -#ifdef USE_ADNS - int rc; - adns_state state; - const char *domain; - char *name; - adns_answer *answer = NULL; - char *buffer = NULL; - - domain = strrchr (address, '@'); - if (!domain || domain == address || !domain[1]) - return NULL; /* Invalid mail address given. */ - name = xtrymalloc (strlen (address) + 5 + 1); + char *result = NULL; + char *mbox; + char *domain; /* Points to mbox. */ + char hashbuf[20]; + char *hash = NULL; + char *name = NULL; + unsigned char *fpr = NULL; + size_t fpr_len; + char *url = NULL; + gpg_error_t err; + + mbox = mailbox_from_userid (address); + if (!mbox) + goto leave; + domain = strchr (mbox, '@'); + if (!domain) + goto leave; + *domain++ = 0; + + gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf, mbox, strlen (mbox)); + hash = zb32_encode (hashbuf, 8*20); + if (!hash) + goto leave; + name = strconcat (hash, "._pka.", domain, NULL); if (!name) - return NULL; - memcpy (name, address, domain - address); - strcpy (stpcpy (name + (domain-address), "._pka."), domain+1); - - rc = adns_init (&state, adns_if_noerrprint, NULL); - if (rc) - { - log_error ("error initializing adns: %s\n", strerror (errno)); - xfree (name); - return NULL; - } + goto leave; - rc = adns_synchronous (state, name, adns_r_txt, adns_qf_quoteok_query, - &answer); - xfree (name); - if (rc) - { - log_error ("DNS query failed: %s\n", strerror (errno)); - adns_finish (state); - return NULL; - } - if (answer->status != adns_s_ok - || answer->type != adns_r_txt || !answer->nrrs) - { - log_error ("DNS query returned an error: %s (%s)\n", - adns_strerror (answer->status), - adns_errabbrev (answer->status)); - adns_free (answer); - adns_finish (state); - return NULL; - } + if (get_dns_cert (name, DNS_CERTTYPE_IPGP, NULL, &fpr, &fpr_len, &url)) + goto leave; + if (!fpr) + goto leave; - /* We use a PKA records iff there is exactly one record. */ - if (answer->nrrs == 1 && answer->rrs.manyistr[0]->i != -1) + /* Return the fingerprint. */ + if (fpr_len != fprbuflen) { - buffer = xtrystrdup (answer->rrs.manyistr[0]->str); - if (parse_txt_record (buffer, fpr)) - { - xfree (buffer); - buffer = NULL; /* Not a valid gpg trustdns RR. */ - } + /* fprintf (stderr, "get_dns_cert failed: fprlen (%zu/%zu)\n", */ + /* fpr_len, fprbuflen); */ + goto leave; } + memcpy (fprbuf, fpr, fpr_len); - adns_free (answer); - adns_finish (state); - return buffer; - -#else /*!USE_ADNS*/ - unsigned char answer[PACKETSZ]; - int anslen; - int qdcount, ancount; - int rc; - unsigned char *p, *pend; - const char *domain; - char *name; - HEADER header; - - domain = strrchr (address, '@'); - if (!domain || domain == address || !domain[1]) - return NULL; /* invalid mail address given. */ + /* We return the URL or an empty string. */ + if (!url) + url = xtrycalloc (1, 1); + result = url; + url = NULL; - name = xtrymalloc (strlen (address) + 5 + 1); - if (!name) - return NULL; - memcpy (name, address, domain - address); - strcpy (stpcpy (name + (domain-address), "._pka."), domain+1); - - anslen = res_query (name, C_IN, T_TXT, answer, PACKETSZ); + leave: + xfree (fpr); + xfree (url); xfree (name); - if (anslen < sizeof(HEADER)) - return NULL; /* DNS resolver returned a too short answer. */ - - /* Don't despair: A good compiler should optimize this away, as - header is just 32 byte and constant at compile time. It's - one way to comply with strict aliasing rules. */ - memcpy (&header, answer, sizeof (header)); - - if ( (rc=header.rcode) != NOERROR ) - return NULL; /* DNS resolver returned an error. */ - - /* We assume that PACKETSZ is large enough and don't do dynmically - expansion of the buffer. */ - if (anslen > PACKETSZ) - return NULL; /* DNS resolver returned a too long answer */ - - qdcount = ntohs (header.qdcount); - ancount = ntohs (header.ancount); - - if (!ancount) - return NULL; /* Got no answer. */ - - p = answer + sizeof (HEADER); - pend = answer + anslen; /* Actually points directly behind the buffer. */ - - while (qdcount-- && p < pend) - { - rc = dn_skipname (p, pend); - if (rc == -1) - return NULL; - p += rc + QFIXEDSZ; - } - - if (ancount > 1) - return NULL; /* more than one possible gpg trustdns record - none used. */ - - while (ancount-- && p <= pend) - { - unsigned int type, class, txtlen, n; - char *buffer, *bufp; - - rc = dn_skipname (p, pend); - if (rc == -1) - return NULL; - p += rc; - if (p >= pend - 10) - return NULL; /* RR too short. */ - - type = buf16_to_uint (p); - p += 2; - class = buf16_to_uint (p); - p += 2; - p += 4; - txtlen = buf16_to_uint (p); - p += 2; - - if (type != T_TXT || class != C_IN) - return NULL; /* Answer does not match the query. */ - - buffer = bufp = xmalloc (txtlen + 1); - while (txtlen && p < pend) - { - for (n = *p++, txtlen--; txtlen && n && p < pend; txtlen--, n--) - *bufp++ = *p++; - } - *bufp = 0; - if (parse_txt_record (buffer, fpr)) - { - xfree (buffer); - return NULL; /* Not a valid gpg trustdns RR. */ - } - return buffer; - } - - return NULL; -#endif /*!USE_ADNS*/ + xfree (hash); + xfree (mbox); + return result; } - -#else /* !USE_DNS_PKA */ - -/* Dummy version of the function if we can't use the resolver - functions. */ -char * -get_pka_info (const char *address, unsigned char *fpr) -{ - (void)address; - (void)fpr; - return NULL; -} -#endif /* !USE_DNS_PKA */ - - -#ifdef TEST -int -main(int argc,char *argv[]) -{ - unsigned char fpr[20]; - char *uri; - int i; - - if (argc < 2) - { - fprintf (stderr, "usage: pka mail-addresses\n"); - return 1; - } - argc--; - argv++; - - for (; argc; argc--, argv++) - { - uri = get_pka_info ( *argv, fpr ); - printf ("%s", *argv); - if (uri) - { - putchar (' '); - for (i=0; i < 20; i++) - printf ("%02X", fpr[i]); - if (*uri) - printf (" %s", uri); - xfree (uri); - } - putchar ('\n'); - } - return 0; -} -#endif /* TEST */ - -/* -Local Variables: -compile-command: "cc -DUSE_DNS_PKA -DTEST -I.. -I../include -Wall -g -o pka pka.c -lresolv ../tools/no-libgcrypt.o ../jnlib/libjnlib.a" -End: -*/ diff --git a/common/pka.h b/common/pka.h index 68b4c2e..93a4eb3 100644 --- a/common/pka.h +++ b/common/pka.h @@ -29,7 +29,7 @@ #ifndef GNUPG_COMMON_PKA_H #define GNUPG_COMMON_PKA_H -char *get_pka_info (const char *address, unsigned char *fpr); +char *get_pka_info (const char *address, void *fprbuf, size_t fprbuflen); #endif /*GNUPG_COMMON_PKA_H*/ diff --git a/common/t-pka.c b/common/t-pka.c new file mode 100644 index 0000000..7c4d7c3 --- /dev/null +++ b/common/t-pka.c @@ -0,0 +1,72 @@ +/* t-pak.c - Module test for pka.c + * Copyright (C) 2015 Werner Koch + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#include +#include +#include +#include + +#include "util.h" +#include "pka.h" + + +int +main (int argc, char **argv) +{ + unsigned char fpr[20]; + char *url; + char const *name; + int i; + + if (argc) + { + argc--; + argv++; + } + + if (!argc) + name = "wk at gnupg.org"; + else if (argc == 1) + name = *argv; + else + { + fputs ("usage: t-pka [userid]\n", stderr); + return 1; + } + + printf ("User id ...: %s\n", name); + + url = get_pka_info (name, fpr, sizeof fpr); + printf ("Fingerprint: "); + if (url) + { + for (i = 0; i < sizeof fpr; i++) + printf ("%02X", fpr[i]); + } + else + printf ("[not found]"); + + putchar ('\n'); + + printf ("URL .......: %s\n", (url && *url)? url : "[none]"); + + xfree (url); + + return 0; +} diff --git a/configure.ac b/configure.ac index 0d18f19..34fffb2 100644 --- a/configure.ac +++ b/configure.ac @@ -920,18 +920,12 @@ AC_ARG_ENABLE(dns-srv, [disable the use of DNS SRV in HKP and HTTP]), use_dns_srv=$enableval,use_dns_srv=yes) -AC_ARG_ENABLE(dns-pka, - AC_HELP_STRING([--disable-dns-pka], - [disable the use of PKA records in DNS]), - use_dns_pka=$enableval,use_dns_pka=yes) - AC_ARG_ENABLE(dns-cert, AC_HELP_STRING([--disable-dns-cert], [disable the use of CERT records in DNS]), use_dns_cert=$enableval,use_dns_cert=yes) -if test x"$use_dns_pka" = xyes || test x"$use_dns_srv" = xyes \ - || test x"$use_dns_cert" = xyes; then +if test x"$use_dns_srv" = xyes || test x"$use_dns_cert" = xyes; then _dns_save_libs=$LIBS LIBS="" # the double underscore thing is a glibc-ism? @@ -988,10 +982,6 @@ if test x"$use_dns_pka" = xyes || test x"$use_dns_srv" = xyes \ AC_DEFINE(USE_DNS_SRV,1,[define to use DNS SRV]) fi - if test x"$use_dns_pka" = xyes ; then - AC_DEFINE(USE_DNS_PKA,1,[define to use our experimental DNS PKA]) - fi - if test x"$use_dns_cert" = xyes ; then AC_DEFINE(USE_DNS_CERT,1,[define to use DNS CERT]) fi @@ -1010,16 +1000,11 @@ if test x"$use_dns_pka" = xyes || test x"$use_dns_srv" = xyes \ AC_DEFINE(USE_DNS_SRV,1) fi - if test x"$use_dns_pka" = xyes ; then - AC_DEFINE(USE_DNS_PKA,1) - fi - if test x"$use_dns_cert" = xyes ; then AC_DEFINE(USE_DNS_CERT,1,[define to use DNS CERT]) fi else use_dns_srv=no - use_dns_pka=no use_dns_cert=no fi fi diff --git a/g10/getkey.c b/g10/getkey.c index 2a24484..d54bd57 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -2971,10 +2971,8 @@ parse_auto_key_locate (char *options) else if (ascii_strcasecmp (tok, "cert") == 0) akl->type = AKL_CERT; #endif -#ifdef USE_DNS_PKA else if (ascii_strcasecmp (tok, "pka") == 0) akl->type = AKL_PKA; -#endif else if ((akl->spec = parse_keyserver_uri (tok, 1))) akl->type = AKL_SPEC; else diff --git a/g10/keyserver.c b/g10/keyserver.c index ffcc1bf..477ff17 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -1980,7 +1980,7 @@ keyserver_import_pka (ctrl_t ctrl, *fpr = xmalloc (20); *fpr_len = 20; - uri = get_pka_info (name, *fpr); + uri = get_pka_info (name, *fpr, 20); if (uri && *uri) { /* An URI is available. Lookup the key. */ diff --git a/g10/mainproc.c b/g10/mainproc.c index 753fdbe..0ae9168 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1498,7 +1498,8 @@ pka_uri_from_sig (PKT_signature *sig) { char *uri; - uri = get_pka_info (sig->pka_info->email, sig->pka_info->fpr); + uri = get_pka_info (sig->pka_info->email, + sig->pka_info->fpr, sizeof sig->pka_info->fpr); if (uri) { sig->pka_info->valid = 1; commit af60152a4632ef26ca950a424429b15b6c69038d Author: Werner Koch Date: Wed Feb 25 12:03:21 2015 +0100 common: Allow requesting a specific certtype with get_dns_cert() * common/dns-cert.c (get_dns_cert): Add arg want_certtype. Change all callers. (CERTTYPE_): Move constants to ... * common/dns-cert.h: here as DNS_CERTTYPE_. Signed-off-by: Werner Koch diff --git a/common/dns-cert.c b/common/dns-cert.c index e743308..e7be275 100644 --- a/common/dns-cert.c +++ b/common/dns-cert.c @@ -60,29 +60,20 @@ #define my_adns_r_cert 37 -/* Certificate types according to RFC-4398. */ -#define CERTTYPE_PKIX 1 /* X.509 as per PKIX. */ -#define CERTTYPE_SPKI 2 /* SPKI certificate. */ -#define CERTTYPE_PGP 3 /* OpenPGP packet. */ -#define CERTTYPE_IPKIX 4 /* The URL of an X.509 data object. */ -#define CERTTYPE_ISPKI 5 /* The URL of an SPKI certificate. */ -#define CERTTYPE_IPGP 6 /* The fingerprint and URL of an OpenPGP packet.*/ -#define CERTTYPE_ACPKIX 7 /* Attribute Certificate. */ -#define CERTTYPE_IACPKIX 8 /* The URL of an Attribute Certificate. */ -#define CERTTYPE_URI 253 /* URI private. */ -#define CERTTYPE_OID 254 /* OID private. */ - /* Returns 0 on success or an error code. If a PGP CERT record was found, a new estream with that key will be returned at R_KEY and the other return parameters are set to NULL/0. If an IPGP CERT record was found the fingerprint is stored as an allocated block at R_FPR and its length at R_FPRLEN; an URL is is allocated as a - string and returned at R_URL. Note that this function returns the - first CERT found with a supported type; it is expected that only - one CERT record is used. */ + string and returned at R_URL. If WANT_CERTTYPE is 0 this function + returns the first CERT found with a supported type; it is expected + that only one CERT record is used. If WANT_CERTTYPE is one of the + supported certtypes only records wih this certtype are considered + and the first found is returned. */ gpg_error_t -get_dns_cert (const char *name, estream_t *r_key, +get_dns_cert (const char *name, int want_certtype, + estream_t *r_key, unsigned char **r_fpr, size_t *r_fprlen, char **r_url) { #ifdef USE_DNS_CERT @@ -136,7 +127,9 @@ get_dns_cert (const char *name, estream_t *r_key, data += 5; datalen -= 5; - if (ctype == CERTTYPE_PGP && datalen >= 11) + if (want_certtype && want_certtype != ctype) + ; /* Not of the requested certtype. */ + else if (ctype == DNS_CERTTYPE_PGP && datalen >= 11) { /* CERT type is PGP. Gpg checks for a minimum length of 11, thus we do the same. */ @@ -148,7 +141,7 @@ get_dns_cert (const char *name, estream_t *r_key, err = 0; goto leave; } - else if (ctype == CERTTYPE_IPGP && datalen && datalen < 1023 + else if (ctype == DNS_CERTTYPE_IPGP && datalen && datalen < 1023 && datalen >= data[0] + 1 && r_fpr && r_fprlen && r_url) { /* CERT type is IPGP. We made sure that the data is @@ -297,8 +290,9 @@ get_dns_cert (const char *name, estream_t *r_key, dlen -= 5; /* 15 bytes takes us to here */ - - if (ctype == CERTTYPE_PGP && dlen) + if (want_certtype && want_certtype != ctype) + ; /* Not of the requested certtype. */ + else if (ctype == DNS_CERTTYPE_PGP && dlen) { /* PGP type */ *r_key = es_fopenmem_init (0, "rwb", pt, dlen); @@ -309,7 +303,7 @@ get_dns_cert (const char *name, estream_t *r_key, err = 0; goto leave; } - else if (ctype == CERTTYPE_IPGP + else if (ctype == DNS_CERTTYPE_IPGP && dlen && dlen < 1023 && dlen >= pt[0] + 1) { /* IPGP type */ diff --git a/common/dns-cert.h b/common/dns-cert.h index ae38caa..4b49efc 100644 --- a/common/dns-cert.h +++ b/common/dns-cert.h @@ -29,7 +29,24 @@ #ifndef GNUPG_COMMON_DNS_CERT_H #define GNUPG_COMMON_DNS_CERT_H -gpg_error_t get_dns_cert (const char *name, estream_t *r_key, + +#define DNS_CERTTYPE_ANY 0 /* Internal catch all type. */ +/* Certificate types according to RFC-4398: */ +#define DNS_CERTTYPE_PKIX 1 /* X.509 as per PKIX. */ +#define DNS_CERTTYPE_SPKI 2 /* SPKI certificate. */ +#define DNS_CERTTYPE_PGP 3 /* OpenPGP packet. */ +#define DNS_CERTTYPE_IPKIX 4 /* The URL of an X.509 data object. */ +#define DNS_CERTTYPE_ISPKI 5 /* The URL of an SPKI certificate. */ +#define DNS_CERTTYPE_IPGP 6 /* The fingerprint + and URL of an OpenPGP packet. */ +#define DNS_CERTTYPE_ACPKIX 7 /* Attribute Certificate. */ +#define DNS_CERTTYPE_IACPKIX 8 /* The URL of an Attribute Certificate. */ +#define DNS_CERTTYPE_URI 253 /* URI private. */ +#define DNS_CERTTYPE_OID 254 /* OID private. */ + + +gpg_error_t get_dns_cert (const char *name, int want_certtype, + estream_t *r_key, unsigned char **r_fpr, size_t *r_fprlen, char **r_url); diff --git a/common/t-dns-cert.c b/common/t-dns-cert.c index 71c7a9c..a170ffb 100644 --- a/common/t-dns-cert.c +++ b/common/t-dns-cert.c @@ -54,7 +54,7 @@ main (int argc, char **argv) printf ("CERT lookup on '%s'\n", name); - err = get_dns_cert (name, &key, &fpr, &fpr_len, &url); + err = get_dns_cert (name, DNS_CERTTYPE_ANY, &key, &fpr, &fpr_len, &url); if (err) printf ("get_dns_cert failed: %s <%s>\n", gpg_strerror (err), gpg_strsource (err)); diff --git a/g10/keyserver.c b/g10/keyserver.c index 8bcb827..ffcc1bf 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -1910,7 +1910,7 @@ keyserver_import_cert (ctrl_t ctrl, if(domain) *domain='.'; - err = get_dns_cert (look, &key, fpr, fpr_len, &url); + err = get_dns_cert (look, DNS_CERTTYPE_ANY, &key, fpr, fpr_len, &url); if (err) ; else if (key) commit 9913253610bac69e9503800e85696491e018e327 Author: Werner Koch Date: Wed Feb 25 11:43:50 2015 +0100 Move new mailbox.c source file to common/. * g10/mailbox.c: Move to ... * common/mbox-util.c: new file. * common/mbox-util.h: New. Include where needed. * g10/t-mailbox.c: Move to ... * common/t-mbox-util.c: new file. -- This will make it easier to use the code by other modules in common/. diff --git a/common/Makefile.am b/common/Makefile.am index 6b41062..df2dafe 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -75,6 +75,7 @@ common_sources = \ b64enc.c b64dec.c zb32.c \ convert.c \ percent.c \ + mbox-util.c mbox-util.h \ miscellaneous.c \ xasprintf.c \ xreadline.c \ @@ -177,7 +178,7 @@ jnlib_tests += t-w32-reg endif module_tests = t-convert t-percent t-gettime t-sysutils t-sexputil \ t-session-env t-openpgp-oid t-ssh-utils t-dns-cert \ - t-mapstrings t-zb32 + t-mapstrings t-zb32 t-mbox-util if !HAVE_W32CE_SYSTEM module_tests += t-exechelp endif @@ -223,6 +224,7 @@ t_ssh_utils_LDADD = $(t_common_ldadd) t_dns_cert_LDADD = $(t_common_ldadd) $(DNSLIBS) t_mapstrings_LDADD = $(t_common_ldadd) t_zb32_LDADD = $(t_common_ldadd) +t_mbox_util_LDADD = $(t_common_ldadd) # http tests t_http_SOURCES = t-http.c diff --git a/g10/mailbox.c b/common/mbox-util.c similarity index 87% rename from g10/mailbox.c rename to common/mbox-util.c index 64b818f..332f62f 100644 --- a/g10/mailbox.c +++ b/common/mbox-util.c @@ -1,15 +1,25 @@ -/* mailbox.c - Mail address helper functions +/* mbox-util.c - Mail address helper functions * Copyright (C) 1998-2010 Free Software Foundation, Inc. - * Copyright (C) 2014-2015 Werner Koch + * Copyright (C) 1998-2015 Werner Koch * * This file is part of GnuPG. * - * GnuPG is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. + * This file is free software; you can redistribute it and/or modify + * it under the terms of either * - * GnuPG is distributed in the hope that it will be useful, + * - the GNU Lesser General Public License as published by the Free + * Software Foundation; either version 3 of the License, or (at + * your option) any later version. + * + * or + * + * - the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * or both in parallel, as here. + * + * This file is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. @@ -25,9 +35,8 @@ #include #include -#include "gpg.h" #include "util.h" -#include "main.h" +#include "mbox-util.h" static int diff --git a/common/mbox-util.h b/common/mbox-util.h new file mode 100644 index 0000000..b9a3bda --- /dev/null +++ b/common/mbox-util.h @@ -0,0 +1,38 @@ +/* mbox-util.h - Defs for mail address helper functions + * Copyright (C) 2015 Werner Koch + * + * This file is part of GnuPG. + * + * This file is free software; you can redistribute it and/or modify + * it under the terms of either + * + * - the GNU Lesser General Public License as published by the Free + * Software Foundation; either version 3 of the License, or (at + * your option) any later version. + * + * or + * + * - the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * or both in parallel, as here. + * + * This file is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ +#ifndef GNUPG_COMMON_MBOX_UTIL_H +#define GNUPG_COMMON_MBOX_UTIL_H + +int has_invalid_email_chars (const char *s); +int is_valid_mailbox (const char *name); +char *mailbox_from_userid (const char *userid); +int is_valid_user_id (const char *uid); + + +#endif /*GNUPG_COMMON_MBOX_UTIL_H*/ diff --git a/g10/t-mailbox.c b/common/t-mbox-util.c similarity index 91% rename from g10/t-mailbox.c rename to common/t-mbox-util.c index aa7cf33..dfa4ada 100644 --- a/g10/t-mailbox.c +++ b/common/t-mbox-util.c @@ -1,4 +1,4 @@ -/* t-mailbox.c - Module test for mailbox.c +/* t-mbox-util.c - Module test for mbox-util.c * Copyright (C) 2015 Werner Koch * * This file is part of GnuPG. @@ -22,9 +22,8 @@ #include #include -#include "gpg.h" #include "util.h" -#include "main.h" +#include "mbox-util.h" #define pass() do { ; } while(0) #define fail(a) do { fprintf (stderr, "%s:%d: test %d failed\n",\ @@ -33,29 +32,6 @@ } while(0) -void * -gcry_malloc (size_t n) -{ - return malloc (n); -} - - -char * -gcry_strdup (const char *string) -{ - return strdup (string); -} - - -void -gcry_free (void *a) -{ - if (a) - free (a); -} - - - static void run_test (void) { diff --git a/g10/Makefile.am b/g10/Makefile.am index 0704924..0a02119 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -83,7 +83,6 @@ common_source = \ textfilter.c \ progress.c \ misc.c \ - mailbox.c \ rmd160.c rmd160.h \ options.h \ openfile.c \ @@ -155,11 +154,9 @@ gpgv2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \ gpgv2_LDFLAGS = $(extra_bin_ldflags) t_common_ldadd = -module_tests = t-rmd160 t-mailbox +module_tests = t-rmd160 t_rmd160_SOURCES = t-rmd160.c rmd160.c t_rmd160_LDADD = $(t_common_ldadd) -t_mailbox_SOURCES = t-mailbox.c mailbox.c -t_mailbox_LDADD = $(t_common_ldadd) $(PROGRAMS): $(needed_libs) ../common/libgpgrl.a diff --git a/g10/getkey.c b/g10/getkey.c index 116753c..2a24484 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -37,7 +37,7 @@ #include "keyserver-internal.h" #include "call-agent.h" #include "host2net.h" - +#include "mbox-util.h" #define MAX_PK_CACHE_ENTRIES PK_UID_CACHE_SIZE #define MAX_UID_CACHE_ENTRIES PK_UID_CACHE_SIZE diff --git a/g10/keygen.c b/g10/keygen.c index 11bfbd4..769e193 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -44,6 +44,7 @@ #include "pkglue.h" #include "../common/shareddefs.h" #include "host2net.h" +#include "mbox-util.h" /* The default algorithms. If you change them remember to change them diff --git a/g10/keylist.c b/g10/keylist.c index 881ffa4..7f13d8b 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -42,6 +42,8 @@ #include "i18n.h" #include "status.h" #include "call-agent.h" +#include "mbox-util.h" + static void list_all (int, int); static void list_one (strlist_t names, int secret, int mark_secret); diff --git a/g10/main.h b/g10/main.h index 8c326f6..39a1feb 100644 --- a/g10/main.h +++ b/g10/main.h @@ -176,13 +176,6 @@ int mpi_print (estream_t stream, gcry_mpi_t a, int mode); unsigned int ecdsa_qbits_from_Q (unsigned int qbits); -/*-- mailbox.c --*/ -int has_invalid_email_chars (const char *s); -int is_valid_mailbox (const char *name); -char *mailbox_from_userid (const char *userid); -int is_valid_user_id (const char *uid); - - /*-- status.c --*/ void set_status_fd ( int fd ); int is_status_enabled ( void ); diff --git a/g10/mainproc.c b/g10/mainproc.c index e0dba13..753fdbe 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -39,6 +39,7 @@ #include "keyserver-internal.h" #include "photoid.h" #include "pka.h" +#include "mbox-util.h" /* Put an upper limit on nested packets. The 32 is an arbitrary ----------------------------------------------------------------------- Summary of changes: common/Makefile.am | 5 +- common/dns-cert.c | 45 ++--- common/dns-cert.h | 19 +- g10/mailbox.c => common/mbox-util.c | 27 ++- common/{dns-cert.h => mbox-util.h} | 18 +- common/pka.c | 341 ++++++-------------------------- common/pka.h | 2 +- common/t-dns-cert.c | 2 +- g10/t-mailbox.c => common/t-mbox-util.c | 28 +-- common/{t-dns-cert.c => t-pka.c} | 55 ++---- configure.ac | 17 +- g10/Makefile.am | 5 +- g10/getkey.c | 4 +- g10/keygen.c | 1 + g10/keylist.c | 2 + g10/keyserver.c | 4 +- g10/main.h | 7 - g10/mainproc.c | 4 +- 18 files changed, 156 insertions(+), 430 deletions(-) rename g10/mailbox.c => common/mbox-util.c (87%) copy common/{dns-cert.h => mbox-util.h} (71%) rename g10/t-mailbox.c => common/t-mbox-util.c (91%) copy common/{t-dns-cert.c => t-pka.c} (51%) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 26 09:40:14 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 26 Feb 2015 09:40:14 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.27-2-g9364166 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 936416690e6c889505d84fe96983a66983beae5e (commit) from 24d8c00e6e7902a293eaf303f20bb8df803f9cce (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 936416690e6c889505d84fe96983a66983beae5e Author: Werner Koch Date: Thu Feb 26 09:38:58 2015 +0100 gpg: Remove left-over debug message. * g10/armor.c (check_input): Remove log_debug. diff --git a/g10/armor.c b/g10/armor.c index 6c0013d..de1726d 100644 --- a/g10/armor.c +++ b/g10/armor.c @@ -534,9 +534,6 @@ check_input( armor_filter_context_t *afx, IOBUF a ) /* This is probably input from a keyserver helper and we have not yet seen an error line. */ afx->key_failed_code = parse_key_failed_line (line+4, len-4); - log_debug ("armor-keys-failed (%.*s) ->%d\n", - (int)len, line, - afx->key_failed_code); } if( i >= 0 && !(afx->only_keyblocks && i != 1 && i != 5 && i != 6 )) { hdr_line = i; ----------------------------------------------------------------------- Summary of changes: g10/armor.c | 3 --- 1 file changed, 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 26 11:58:23 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 26 Feb 2015 11:58:23 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.2-15-ga9acf10 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via a9acf10a1522332bbcd427ac52914ce3c9ce85a1 (commit) from 2fc27c8696f5cf2ddf3212397ea49bff115d617b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a9acf10a1522332bbcd427ac52914ce3c9ce85a1 Author: Werner Koch Date: Thu Feb 26 11:57:06 2015 +0100 doc: Update the description of the S2K extension. -- diff --git a/doc/DETAILS b/doc/DETAILS index 59ccaec..4286f45 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -1125,12 +1125,26 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB: * GNU extensions to the S2K algorithm - S2K mode 101 is used to identify these extensions. - After the hash algorithm the 3 bytes "GNU" are used to make - clear that these are extensions for GNU, the next bytes gives the - GNU protection mode - 1000. Defined modes are: - - 1001 :: Do not store the secret part at all. - - 1002 :: A stub to access smartcards (not used in 1.2.x) + 1 octet - S2K Usage: either 254 or 255. + 1 octet - S2K Cipher Algo: 0 + 1 octet - S2K Specifier: 101 + 3 octets - "GNU" + 1 octet - GNU S2K Extension Number. + + If such a GNU extension is used neither an IV nor any kind of + checksum is used. The defined GNU S2K Extension Numbers are: + + - 1 :: Do not store the secret part at all. No specific data + follows. + + - 2 :: A stub to access smartcards. This data follows: + - One octet with the length of the following serial number. + - The serial number. Regardless of what the length octet + indicates no more than 16 octets are stored. + + Note that gpg stores the GNU S2K Extension Number internally as an + S2K Specifier with an offset of 1000. + * Keyserver helper message format ----------------------------------------------------------------------- Summary of changes: doc/DETAILS | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 26 13:09:01 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 26 Feb 2015 13:09:01 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.18-45-g6cbc75e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via 6cbc75e71295f23431c4ab95edc7573f2fc28476 (commit) from 6186637cc9a4cbe4964ae0ca2aa00ed1738fc6a4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6cbc75e71295f23431c4ab95edc7573f2fc28476 Author: NIIBE Yutaka Date: Thu Feb 26 21:00:05 2015 +0900 mpi: Avoid data-dependent timing variations in mpi_powm. * include/mpi.h, mpi/mpiutils.c (mpi_set_cond): New. * mpi/mpi-pow.c (SIZE_PRECOMP): Rename from SIZE_B_2I3. (mpi_powm): Access all data in the table and use mpi_set_cond. -- Access to the precomputed table was indexed by a portion of EXPO, which could be mounted by a side channel attack. This change fixes this particular data-dependent access pattern. diff --git a/include/mpi.h b/include/mpi.h index a027d2a..a4c16f5 100644 --- a/include/mpi.h +++ b/include/mpi.h @@ -81,6 +81,7 @@ void *mpi_get_opaque( MPI a, unsigned int *len ); void mpi_set_secure( MPI a ); void mpi_clear( MPI a ); void mpi_set( MPI w, MPI u); +void mpi_set_cond( MPI w, MPI u, unsigned long set); void mpi_set_ui( MPI w, ulong u); MPI mpi_alloc_set_ui( unsigned long u); void mpi_m_check( MPI a ); diff --git a/mpi/mpi-pow.c b/mpi/mpi-pow.c index 1c3fadb..7f23a5a 100644 --- a/mpi/mpi-pow.c +++ b/mpi/mpi-pow.c @@ -344,7 +344,7 @@ mul_mod (mpi_ptr_t xp, mpi_size_t *xsize_p, *xsize_p = rsize + ssize; } -#define SIZE_B_2I3 ((1 << (5 - 1)) - 1) +#define SIZE_PRECOMP ((1 << (5 - 1))) /**************** * RES = BASE ^ EXPO mod MOD @@ -375,11 +375,12 @@ mpi_powm (MPI res, MPI base, MPI expo, MPI mod) mpi_ptr_t bp_marker = NULL; mpi_ptr_t ep_marker = NULL; mpi_ptr_t xp_marker = NULL; - mpi_ptr_t b_2i3[SIZE_B_2I3]; /* Pre-computed array: BASE^3, ^5, ^7, ... */ - mpi_size_t b_2i3size[SIZE_B_2I3]; + mpi_ptr_t precomp[SIZE_PRECOMP]; /* Pre-computed array: BASE^1, ^3, ^5, ... */ + mpi_size_t precomp_size[SIZE_PRECOMP]; mpi_size_t W; mpi_ptr_t base_u; mpi_size_t base_u_size; + mpi_size_t max_u_size; esize = expo->nlimbs; msize = mod->nlimbs; @@ -493,7 +494,7 @@ mpi_powm (MPI res, MPI base, MPI expo, MPI mod) /* Main processing. */ { - mpi_size_t i, j; + mpi_size_t i, j, k; mpi_ptr_t xp; mpi_size_t xsize; int c; @@ -507,33 +508,29 @@ mpi_powm (MPI res, MPI base, MPI expo, MPI mod) memset( &karactx, 0, sizeof karactx ); negative_result = (ep[0] & 1) && bsign; - /* Precompute B_2I3[], BASE^(2 * i + 3), BASE^3, ^5, ^7, ... */ + /* Precompute PRECOMP[], BASE^(2 * i + 1), BASE^1, ^3, ^5, ... */ if (W > 1) /* X := BASE^2 */ mul_mod (xp, &xsize, bp, bsize, bp, bsize, mp, msize, &karactx); - for (i = 0; i < (1 << (W - 1)) - 1; i++) - { /* B_2I3[i] = BASE^(2 * i + 3) */ - if (i == 0) - { - base_u = bp; - base_u_size = bsize; - } - else - { - base_u = b_2i3[i-1]; - base_u_size = b_2i3size[i-1]; - } - + base_u = precomp[0] = mpi_alloc_limb_space (bsize, esec); + base_u_size = max_u_size = precomp_size[0] = bsize; + MPN_COPY (precomp[0], bp, bsize); + for (i = 1; i < (1 << (W - 1)); i++) + { /* PRECOMP[i] = BASE^(2 * i + 1) */ if (xsize >= base_u_size) mul_mod (rp, &rsize, xp, xsize, base_u, base_u_size, mp, msize, &karactx); else mul_mod (rp, &rsize, base_u, base_u_size, xp, xsize, mp, msize, &karactx); - b_2i3[i] = mpi_alloc_limb_space (rsize, esec); - b_2i3size[i] = rsize; - MPN_COPY (b_2i3[i], rp, rsize); + base_u = precomp[i] = mpi_alloc_limb_space (rsize, esec); + base_u_size = precomp_size[i] = rsize; + if (max_u_size < base_u_size) + max_u_size = base_u_size; + MPN_COPY (precomp[i], rp, rsize); } + base_u = mpi_alloc_limb_space (max_u_size, esec); + i = esize - 1; /* Main loop. @@ -619,17 +616,26 @@ mpi_powm (MPI res, MPI base, MPI expo, MPI mod) rsize = xsize; } - if (e0 == 0) + /* + * base_u <= precomp[e0] + * base_u_size <= precomp_size[e0]; + */ + base_u_size = 0; + for (k = 0; k < (1<< (W - 1)); k++) { - base_u = bp; - base_u_size = bsize; + struct gcry_mpi w, u; + w.alloced = w.nlimbs = precomp_size[k]; + u.alloced = u.nlimbs = precomp_size[k]; + w.nbits = w.nlimbs * BITS_PER_MPI_LIMB; + u.nbits = u.nlimbs * BITS_PER_MPI_LIMB; + w.sign = u.sign = 0; + w.flags = u.flags = 0; + w.d = base_u; + u.d = precomp[k]; + + mpi_set_cond (&w, &u, k == e0); + base_u_size |= (precomp_size[k] & ((mpi_size_t)0 - (k == e0)) ); } - else - { - base_u = b_2i3[e0 - 1]; - base_u_size = b_2i3size[e0 -1]; - } - mul_mod (xp, &xsize, rp, rsize, base_u, base_u_size, mp, msize, &karactx); tp = rp; rp = xp; xp = tp; @@ -655,15 +661,21 @@ mpi_powm (MPI res, MPI base, MPI expo, MPI mod) if (e != 0) { - if ((e>>1) == 0) - { - base_u = bp; - base_u_size = bsize; - } - else + base_u_size = 0; + for (k = 0; k < (1<< (W - 1)); k++) { - base_u = b_2i3[(e>>1) - 1]; - base_u_size = b_2i3size[(e>>1) -1]; + struct gcry_mpi w, u; + w.alloced = w.nlimbs = precomp_size[k]; + u.alloced = u.nlimbs = precomp_size[k]; + w.nbits = w.nlimbs * BITS_PER_MPI_LIMB; + u.nbits = u.nlimbs * BITS_PER_MPI_LIMB; + w.sign = u.sign = 0; + w.flags = u.flags = 0; + w.d = base_u; + u.d = precomp[k]; + + mpi_set_cond (&w, &u, k == (e>>1)); + base_u_size |= (precomp_size[k] & ((mpi_size_t)0 - (k == (e>>1))) ); } mul_mod (xp, &xsize, rp, rsize, base_u, base_u_size, @@ -713,8 +725,9 @@ mpi_powm (MPI res, MPI base, MPI expo, MPI mod) MPN_NORMALIZE (rp, rsize); mpihelp_release_karatsuba_ctx (&karactx ); - for (i = 0; i < (1 << (W - 1)) - 1; i++) - mpi_free_limb_space (b_2i3[i]); + for (i = 0; i < (1 << (W - 1)); i++) + mpi_free_limb_space (precomp[i]); + mpi_free_limb_space (base_u); } /* Fixup for negative results. */ diff --git a/mpi/mpiutil.c b/mpi/mpiutil.c index 3a1d71f..8b2071a 100644 --- a/mpi/mpiutil.c +++ b/mpi/mpiutil.c @@ -433,6 +433,34 @@ mpi_set( MPI w, MPI u) void +mpi_set_cond( MPI w, MPI u, unsigned long set) +{ + mpi_size_t i; + mpi_size_t nlimbs = u->alloced; + mpi_limb_t mask = ((mpi_limb_t)0) - !!set; + mpi_limb_t x; + + if (w->alloced != u->alloced) + log_bug ("mpi_set_cond: different sizes\n"); + + for (i = 0; i < nlimbs; i++) + { + x = mask & (w->d[i] ^ u->d[i]); + w->d[i] = w->d[i] ^ x; + } + + x = mask & (w->nlimbs ^ u->nlimbs); + w->nlimbs = w->nlimbs ^ x; + + x = mask & (w->nbits ^ u->nbits); + w->nbits = w->nbits ^ x; + + x = mask & (w->sign ^ u->sign); + w->sign = w->sign ^ x; +} + + +void mpi_set_ui( MPI w, unsigned long u) { RESIZE_IF_NEEDED(w, 1); ----------------------------------------------------------------------- Summary of changes: include/mpi.h | 1 + mpi/mpi-pow.c | 93 ++++++++++++++++++++++++++++++++++------------------------- mpi/mpiutil.c | 28 ++++++++++++++++++ 3 files changed, 82 insertions(+), 40 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 26 13:35:42 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 26 Feb 2015 13:35:42 +0100 Subject: [git] GCRYPT - branch, LIBGCRYPT-1-6-BRANCH, updated. libgcrypt-1.6.2-8-g5e72b6c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, LIBGCRYPT-1-6-BRANCH has been updated via 5e72b6c76ebee720f69b8a5c212f52d38eb50287 (commit) via d9f002899d26dc64f1502ae5050632340a4780fe (commit) via deb6f231ba85f65283c9e1deb3e2dea3b6ca46dc (commit) from d482948ac41768c36c5352a513fca8c50d2da4db (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5e72b6c76ebee720f69b8a5c212f52d38eb50287 Author: NIIBE Yutaka Date: Thu Feb 26 21:07:01 2015 +0900 mpi: Avoid data-dependent timing variations in mpi_powm. * mpi/mpi-pow.c (mpi_powm): Access all data in the table by mpi_set_cond. -- Access to the precomputed table was indexed by a portion of EXPO, which could be mounted by a side channel attack. This change fixes this particular data-dependent access pattern. diff --git a/mpi/mpi-pow.c b/mpi/mpi-pow.c index 4a79162..70bf9e8 100644 --- a/mpi/mpi-pow.c +++ b/mpi/mpi-pow.c @@ -422,6 +422,7 @@ _gcry_mpi_powm (gcry_mpi_t res, mpi_size_t W; mpi_ptr_t base_u; mpi_size_t base_u_size; + mpi_size_t max_u_size; esize = expo->nlimbs; msize = mod->nlimbs; @@ -540,7 +541,7 @@ _gcry_mpi_powm (gcry_mpi_t res, /* Main processing. */ { - mpi_size_t i, j; + mpi_size_t i, j, k; mpi_ptr_t xp; mpi_size_t xsize; int c; @@ -559,7 +560,7 @@ _gcry_mpi_powm (gcry_mpi_t res, if (W > 1) /* X := BASE^2 */ mul_mod (xp, &xsize, bp, bsize, bp, bsize, mp, msize, &karactx); base_u = precomp[0] = mpi_alloc_limb_space (bsize, esec); - base_u_size = precomp_size[0] = bsize; + base_u_size = max_u_size = precomp_size[0] = bsize; MPN_COPY (precomp[0], bp, bsize); for (i = 1; i < (1 << (W - 1)); i++) { /* PRECOMP[i] = BASE^(2 * i + 1) */ @@ -571,9 +572,14 @@ _gcry_mpi_powm (gcry_mpi_t res, mp, msize, &karactx); base_u = precomp[i] = mpi_alloc_limb_space (rsize, esec); base_u_size = precomp_size[i] = rsize; + if (max_u_size < base_u_size) + max_u_size = base_u_size; MPN_COPY (precomp[i], rp, rsize); } + base_u = mpi_alloc_limb_space (max_u_size, esec); + MPN_ZERO (base_u, max_u_size); + i = esize - 1; /* Main loop. @@ -659,8 +665,24 @@ _gcry_mpi_powm (gcry_mpi_t res, rsize = xsize; } - base_u = precomp[e0]; - base_u_size = precomp_size[e0]; + /* + * base_u <= precomp[e0] + * base_u_size <= precomp_size[e0] + */ + base_u_size = 0; + for (k = 0; k < (1<< (W - 1)); k++) + { + struct gcry_mpi w, u; + w.alloced = w.nlimbs = precomp_size[k]; + u.alloced = u.nlimbs = precomp_size[k]; + w.sign = u.sign = 0; + w.flags = u.flags = 0; + w.d = base_u; + u.d = precomp[k]; + + mpi_set_cond (&w, &u, k == e0); + base_u_size |= (precomp_size[k] & ((mpi_size_t)0 - (k == e0)) ); + } mul_mod (xp, &xsize, rp, rsize, base_u, base_u_size, mp, msize, &karactx); @@ -687,8 +709,24 @@ _gcry_mpi_powm (gcry_mpi_t res, if (e != 0) { - base_u = precomp[(e>>1)]; - base_u_size = precomp_size[(e>>1)]; + /* + * base_u <= precomp[(e>>1)] + * base_u_size <= precomp_size[(e>>1)] + */ + base_u_size = 0; + for (k = 0; k < (1<< (W - 1)); k++) + { + struct gcry_mpi w, u; + w.alloced = w.nlimbs = precomp_size[k]; + u.alloced = u.nlimbs = precomp_size[k]; + w.sign = u.sign = 0; + w.flags = u.flags = 0; + w.d = base_u; + u.d = precomp[k]; + + mpi_set_cond (&w, &u, k == (e>>1)); + base_u_size |= (precomp_size[k] & ((mpi_size_t)0 - (k == (e>>1))) ); + } mul_mod (xp, &xsize, rp, rsize, base_u, base_u_size, mp, msize, &karactx); @@ -739,6 +777,7 @@ _gcry_mpi_powm (gcry_mpi_t res, _gcry_mpih_release_karatsuba_ctx (&karactx ); for (i = 0; i < (1 << (W - 1)); i++) _gcry_mpi_free_limb_space( precomp[i], esec ? precomp_size[i] : 0 ); + _gcry_mpi_free_limb_space (base_u, esec ? max_u_size : 0); } /* Fixup for negative results. */ commit d9f002899d26dc64f1502ae5050632340a4780fe Author: NIIBE Yutaka Date: Mon Feb 23 20:10:27 2015 +0900 mpi: Revise mpi_powm. * mpi/mpi-pow.c (_gcry_mpi_powm): Rename the table to PRECOMP. -- The name of precomputed table was b_2i3 which stands for BASE^(2*I+3). But it's too cryptic, so, it's renamed. Besides, we needed to distinguish the case of I==0, that was not good. Since it's OK to increase the size of table by one, it's BASE^(2*I+1), now. diff --git a/mpi/mpi-pow.c b/mpi/mpi-pow.c index 0f0947f..4a79162 100644 --- a/mpi/mpi-pow.c +++ b/mpi/mpi-pow.c @@ -381,7 +381,7 @@ mul_mod (mpi_ptr_t xp, mpi_size_t *xsize_p, *xsize_p = rsize + ssize; } -#define SIZE_B_2I3 ((1 << (5 - 1)) - 1) +#define SIZE_PRECOMP ((1 << (5 - 1))) /**************** * RES = BASE ^ EXPO mod MOD @@ -417,8 +417,8 @@ _gcry_mpi_powm (gcry_mpi_t res, unsigned int bp_nlimbs = 0; unsigned int ep_nlimbs = 0; unsigned int xp_nlimbs = 0; - mpi_ptr_t b_2i3[SIZE_B_2I3]; /* Pre-computed array: BASE^3, ^5, ^7, ... */ - mpi_size_t b_2i3size[SIZE_B_2I3]; + mpi_ptr_t precomp[SIZE_PRECOMP]; /* Pre-computed array: BASE^1, ^3, ^5, ... */ + mpi_size_t precomp_size[SIZE_PRECOMP]; mpi_size_t W; mpi_ptr_t base_u; mpi_size_t base_u_size; @@ -555,31 +555,23 @@ _gcry_mpi_powm (gcry_mpi_t res, memset( &karactx, 0, sizeof karactx ); negative_result = (ep[0] & 1) && bsign; - /* Precompute B_2I3[], BASE^(2 * i + 3), BASE^3, ^5, ^7, ... */ + /* Precompute PRECOMP[], BASE^(2 * i + 1), BASE^1, ^3, ^5, ... */ if (W > 1) /* X := BASE^2 */ mul_mod (xp, &xsize, bp, bsize, bp, bsize, mp, msize, &karactx); - for (i = 0; i < (1 << (W - 1)) - 1; i++) - { /* B_2I3[i] = BASE^(2 * i + 3) */ - if (i == 0) - { - base_u = bp; - base_u_size = bsize; - } - else - { - base_u = b_2i3[i-1]; - base_u_size = b_2i3size[i-1]; - } - + base_u = precomp[0] = mpi_alloc_limb_space (bsize, esec); + base_u_size = precomp_size[0] = bsize; + MPN_COPY (precomp[0], bp, bsize); + for (i = 1; i < (1 << (W - 1)); i++) + { /* PRECOMP[i] = BASE^(2 * i + 1) */ if (xsize >= base_u_size) mul_mod (rp, &rsize, xp, xsize, base_u, base_u_size, mp, msize, &karactx); else mul_mod (rp, &rsize, base_u, base_u_size, xp, xsize, mp, msize, &karactx); - b_2i3[i] = mpi_alloc_limb_space (rsize, esec); - b_2i3size[i] = rsize; - MPN_COPY (b_2i3[i], rp, rsize); + base_u = precomp[i] = mpi_alloc_limb_space (rsize, esec); + base_u_size = precomp_size[i] = rsize; + MPN_COPY (precomp[i], rp, rsize); } i = esize - 1; @@ -667,16 +659,8 @@ _gcry_mpi_powm (gcry_mpi_t res, rsize = xsize; } - if (e0 == 0) - { - base_u = bp; - base_u_size = bsize; - } - else - { - base_u = b_2i3[e0 - 1]; - base_u_size = b_2i3size[e0 -1]; - } + base_u = precomp[e0]; + base_u_size = precomp_size[e0]; mul_mod (xp, &xsize, rp, rsize, base_u, base_u_size, mp, msize, &karactx); @@ -703,16 +687,8 @@ _gcry_mpi_powm (gcry_mpi_t res, if (e != 0) { - if ((e>>1) == 0) - { - base_u = bp; - base_u_size = bsize; - } - else - { - base_u = b_2i3[(e>>1) - 1]; - base_u_size = b_2i3size[(e>>1) -1]; - } + base_u = precomp[(e>>1)]; + base_u_size = precomp_size[(e>>1)]; mul_mod (xp, &xsize, rp, rsize, base_u, base_u_size, mp, msize, &karactx); @@ -761,8 +737,8 @@ _gcry_mpi_powm (gcry_mpi_t res, MPN_NORMALIZE (rp, rsize); _gcry_mpih_release_karatsuba_ctx (&karactx ); - for (i = 0; i < (1 << (W - 1)) - 1; i++) - _gcry_mpi_free_limb_space( b_2i3[i], esec ? b_2i3size[i] : 0 ); + for (i = 0; i < (1 << (W - 1)); i++) + _gcry_mpi_free_limb_space( precomp[i], esec ? precomp_size[i] : 0 ); } /* Fixup for negative results. */ commit deb6f231ba85f65283c9e1deb3e2dea3b6ca46dc Author: NIIBE Yutaka Date: Wed Feb 11 21:42:22 2015 +0900 mpi: Add mpi_set_cond. * mpi/mpiutil.c (_gcry_mpi_set_cond): New. * src/mpi.h (mpi_set_cond): New. diff --git a/mpi/mpiutil.c b/mpi/mpiutil.c index fdce578..6bef2a8 100644 --- a/mpi/mpiutil.c +++ b/mpi/mpiutil.c @@ -482,6 +482,31 @@ _gcry_mpi_set (gcry_mpi_t w, gcry_mpi_t u) return w; } +gcry_mpi_t +_gcry_mpi_set_cond (gcry_mpi_t w, const gcry_mpi_t u, unsigned long set) +{ + mpi_size_t i; + mpi_size_t nlimbs = u->alloced; + mpi_limb_t mask = ((mpi_limb_t)0) - !!set; + mpi_limb_t x; + + if (w->alloced != u->alloced) + log_bug ("mpi_set_cond: different sizes\n"); + + for (i = 0; i < nlimbs; i++) + { + x = mask & (w->d[i] ^ u->d[i]); + w->d[i] = w->d[i] ^ x; + } + + x = mask & (w->nlimbs ^ u->nlimbs); + w->nlimbs = w->nlimbs ^ x; + + x = mask & (w->sign ^ u->sign); + w->sign = w->sign ^ x; + return w; +} + gcry_mpi_t _gcry_mpi_set_ui (gcry_mpi_t w, unsigned long u) diff --git a/src/mpi.h b/src/mpi.h index 8446d23..bb3c26d 100644 --- a/src/mpi.h +++ b/src/mpi.h @@ -119,8 +119,11 @@ void _gcry_mpi_immutable_failed (void); #define mpi_alloc_set_ui(a) _gcry_mpi_alloc_set_ui ((a)) #define mpi_m_check(a) _gcry_mpi_m_check ((a)) #define mpi_const(n) _gcry_mpi_const ((n)) +#define mpi_set_cond(w,u,set) _gcry_mpi_set_cond ((w),(u),(set)) void _gcry_mpi_clear( gcry_mpi_t a ); +gcry_mpi_t _gcry_mpi_set_cond (gcry_mpi_t w, const gcry_mpi_t u, + unsigned long swap); gcry_mpi_t _gcry_mpi_alloc_like( gcry_mpi_t a ); gcry_mpi_t _gcry_mpi_alloc_set_ui( unsigned long u); void _gcry_mpi_m_check( gcry_mpi_t a ); ----------------------------------------------------------------------- Summary of changes: mpi/mpi-pow.c | 93 ++++++++++++++++++++++++++++++++++------------------------- mpi/mpiutil.c | 25 ++++++++++++++++ src/mpi.h | 3 ++ 3 files changed, 82 insertions(+), 39 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 26 18:22:58 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 26 Feb 2015 18:22:58 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.2-19-gc071be6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via c071be698efadef1ad01fd3d329d1b486a372927 (commit) via 736710aedecfb1cb5ab6293a24f09b433917d7eb (commit) via 91baea2dcde6c1e5ca9e8fa7020d9ab4551d1bca (commit) via 165094a4453f7ee5522beb080536783ea7bc7f0c (commit) from a9acf10a1522332bbcd427ac52914ce3c9ce85a1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c071be698efadef1ad01fd3d329d1b486a372927 Author: Werner Koch Date: Thu Feb 26 18:16:45 2015 +0100 gpg: Lowercase mailbox for PKA lookups. * common/stringhelp.c (ascii_strlwr): New. * common/mbox-util.c (mailbox_from_userid): Downcase result. -- Signed-off-by: Werner Koch diff --git a/common/mbox-util.c b/common/mbox-util.c index 332f62f..0885f0e 100644 --- a/common/mbox-util.c +++ b/common/mbox-util.c @@ -124,8 +124,9 @@ is_valid_mailbox (const char *name) /* Return the mailbox (local-part at domain) form a standard user id. - Caller must free the result. Returns NULL if no valid mailbox was - found (or we are out of memory). */ + All plain ASCII characters in the result are converted to + lowercase. Caller must free the result. Returns NULL if no valid + mailbox was found (or we are out of memory). */ char * mailbox_from_userid (const char *userid) { @@ -176,7 +177,7 @@ mailbox_from_userid (const char *userid) else errno = EINVAL; - return result; + return result? ascii_strlwr (result): NULL; } diff --git a/common/stringhelp.c b/common/stringhelp.c index 7128de5..42e1bcb 100644 --- a/common/stringhelp.c +++ b/common/stringhelp.c @@ -804,6 +804,18 @@ ascii_tolower (int c) return c; } +/* Lowercase all ASCII characters in S. */ +char * +ascii_strlwr (char *s) +{ + char *p = s; + + for (p=s; *p; p++ ) + if (isascii (*p) && *p >= 'A' && *p <= 'Z') + *p |= 0x20; + + return s; +} int ascii_strcasecmp( const char *a, const char *b ) diff --git a/common/stringhelp.h b/common/stringhelp.h index d4fe169..ffef2d5 100644 --- a/common/stringhelp.h +++ b/common/stringhelp.h @@ -75,6 +75,7 @@ int ascii_isupper (int c); int ascii_islower (int c); int ascii_toupper (int c); int ascii_tolower (int c); +char *ascii_strlwr (char *s); int ascii_strcasecmp( const char *a, const char *b ); int ascii_strncasecmp (const char *a, const char *b, size_t n); int ascii_memcasecmp( const void *a, const void *b, size_t n ); commit 736710aedecfb1cb5ab6293a24f09b433917d7eb Author: Werner Koch Date: Thu Feb 26 18:15:10 2015 +0100 Remove an unused variable. -- diff --git a/common/pka.c b/common/pka.c index c3c68b5..1aa5b33 100644 --- a/common/pka.c +++ b/common/pka.c @@ -60,7 +60,6 @@ get_pka_info (const char *address, void *fprbuf, size_t fprbuflen) unsigned char *fpr = NULL; size_t fpr_len; char *url = NULL; - gpg_error_t err; mbox = mailbox_from_userid (address); if (!mbox) commit 91baea2dcde6c1e5ca9e8fa7020d9ab4551d1bca Author: Werner Koch Date: Thu Feb 26 18:01:13 2015 +0100 gpg: Fix memory leak due to PKA lookup. * g10/keyserver.c (keyserver_import_pka): Move the xfree. diff --git a/g10/keyserver.c b/g10/keyserver.c index 477ff17..7cac55e 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -1991,8 +1991,8 @@ keyserver_import_pka (ctrl_t ctrl, rc = keyserver_import_fprint (ctrl, *fpr, 20, spec); free_keyserver_spec (spec); } - xfree (uri); } + xfree (uri); if (rc) { commit 165094a4453f7ee5522beb080536783ea7bc7f0c Author: Werner Koch Date: Thu Feb 26 15:06:00 2015 +0100 doc: Fix name of keep-ownertrust. -- Reported-by: Guilhem Moulin (cherry picked from commit 0d286a11c857a8f84b084b6f4e8a38737adca034) diff --git a/doc/gpg.texi b/doc/gpg.texi index 79fe234..b90f487 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2019,7 +2019,7 @@ opposite meaning. The options are: generally useful unless a shared keyring scheme is being used. Defaults to no. - @item import-keep-ownertrust + @item keep-ownertrust Normally possible still existing ownertrust values of a key are cleared if a key is imported. This is in general desirable so that a formerly deleted key does not automatically gain an ownertrust ----------------------------------------------------------------------- Summary of changes: common/mbox-util.c | 7 ++++--- common/pka.c | 1 - common/stringhelp.c | 12 ++++++++++++ common/stringhelp.h | 1 + doc/gpg.texi | 2 +- g10/keyserver.c | 2 +- 6 files changed, 19 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 26 18:33:42 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 26 Feb 2015 18:33:42 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.18-51-g52c6c30 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via 52c6c30647a96162a10715e667299167717c58dd (commit) via 240451a26e3e1fdabe0451a33f8918d4adfa852b (commit) via 484d0730582a57808333e6af58d51c471f2b125a (commit) via 2e7a3ed39007deb561a9175f7fccd52946c85d28 (commit) via d2323ce6fdceeba9765f23a1d5b5e4cb127d99ed (commit) via 0d286a11c857a8f84b084b6f4e8a38737adca034 (commit) from 6cbc75e71295f23431c4ab95edc7573f2fc28476 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 52c6c30647a96162a10715e667299167717c58dd Author: Werner Koch Date: Thu Feb 26 16:34:44 2015 +0100 Switch to a hash and CERT record based PKA system. * util/pka.c: Rewrite. (get_pka_info): Add arg fprbuflen. Change callers to pass this. * util/strgutil.c (ascii_strlwr): New. * configure.ac: Remove option --disable-dns-pka. (USE_DNS_PKA): Remove ac_define. * g10/getkey.c (parse_auto_key_locate): Always include PKA. -- Note that although PKA is now always build, it will only work if support for looking up via DNS has not been disabled. The new PKA only works with the IPGP DNS certtype and shall be used only to retrieve the fingerprint and optional the key for the first time. Due to the security problems with DNSSEC the former assumption to validate the key using DNSSEC is not anymore justified. Instead an additional layer (e.g. Trust-On-First-Use) needs to be implemented to track change to the key. Having a solid way of getting a key matching a mail address is however a must have. More work needs to go into a redefinition of the --verify-options pka-lookups and pka-trust-increase. The auto-key-locate mechanism should also be able to continue key fetching with another method once the fingerprint has been retrieved with PKA. Signed-off-by: Werner Koch This is a backport from master. (backported from commit 2fc27c8696f5cf2ddf3212397ea49bff115d617b) diff --git a/configure.ac b/configure.ac index b8f3ddd..512ae74 100644 --- a/configure.ac +++ b/configure.ac @@ -703,18 +703,13 @@ if test x"$try_dns" = xyes ; then use_dns_srv=$enableval,use_dns_srv=yes) fi - AC_ARG_ENABLE(dns-pka, - AC_HELP_STRING([--disable-dns-pka], - [disable the use of PKA records in DNS]), - use_dns_pka=$enableval,use_dns_pka=yes) - AC_ARG_ENABLE(dns-cert, AC_HELP_STRING([--disable-dns-cert], [disable the use of CERT records in DNS]), use_dns_cert=$enableval,use_dns_cert=yes) fi -if test x"$use_dns_pka" = xyes || test x"$use_dns_srv" = xyes || test x"$use_dns_cert" = xyes; then +if test x"$use_dns_srv" = xyes || test x"$use_dns_cert" = xyes; then _dns_save_libs=$LIBS LIBS="" # the double underscore thing is a glibc-ism? @@ -762,10 +757,6 @@ if test x"$use_dns_pka" = xyes || test x"$use_dns_srv" = xyes || test x"$use_dns AC_DEFINE(USE_DNS_SRV,1,[define to use DNS SRV]) fi - if test x"$use_dns_pka" = xyes ; then - AC_DEFINE(USE_DNS_PKA,1,[define to use our experimental DNS PKA]) - fi - if test x"$use_dns_cert" = xyes ; then AC_DEFINE(USE_DNS_CERT,1,[define to use DNS CERT]) fi @@ -775,7 +766,6 @@ if test x"$use_dns_pka" = xyes || test x"$use_dns_srv" = xyes || test x"$use_dns fi else use_dns_srv=no - use_dns_pka=no use_dns_cert=no fi diff --git a/g10/getkey.c b/g10/getkey.c index 9870710..d5d1135 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -3063,10 +3063,8 @@ parse_auto_key_locate(char *options) else if(ascii_strcasecmp(tok,"cert")==0) akl->type=AKL_CERT; #endif -#ifdef USE_DNS_PKA else if(ascii_strcasecmp(tok,"pka")==0) akl->type=AKL_PKA; -#endif else if((akl->spec=parse_keyserver_uri(tok,1,NULL,0))) akl->type=AKL_SPEC; else diff --git a/g10/keyserver.c b/g10/keyserver.c index 568a7fa..7b8dda9 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -2229,8 +2229,8 @@ keyserver_import_pka(const char *name,unsigned char **fpr,size_t *fpr_len) *fpr=xmalloc(20); *fpr_len=20; - uri = get_pka_info (name, *fpr); - if (uri) + uri = get_pka_info (name, *fpr, 20); + if (uri && *uri) { struct keyserver_spec *spec; spec = parse_keyserver_uri (uri, 1, NULL, 0); @@ -2239,11 +2239,14 @@ keyserver_import_pka(const char *name,unsigned char **fpr,size_t *fpr_len) rc=keyserver_import_fprint (*fpr, 20, spec); free_keyserver_spec (spec); } - xfree (uri); } + xfree (uri); - if(rc!=0) - xfree(*fpr); + if (rc) + { + xfree(*fpr); + *fpr = NULL; + } return rc; } diff --git a/g10/mainproc.c b/g10/mainproc.c index 15baefe..2cf6dbc 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1443,7 +1443,8 @@ pka_uri_from_sig (PKT_signature *sig) { char *uri; - uri = get_pka_info (sig->pka_info->email, sig->pka_info->fpr); + uri = get_pka_info (sig->pka_info->email, + sig->pka_info->fpr, sizeof sig->pka_info->fpr); if (uri) { sig->pka_info->valid = 1; diff --git a/include/util.h b/include/util.h index 4cc5801..312a022 100644 --- a/include/util.h +++ b/include/util.h @@ -196,6 +196,7 @@ char *string_to_utf8 (const char *string); int ascii_isupper (int c); int ascii_islower (int c); int ascii_memcasecmp( const char *a, const char *b, size_t n); +char *ascii_strlwr (char *s); #ifndef HAVE_STPCPY char *stpcpy(char *a,const char *b); @@ -251,7 +252,7 @@ char *xtryvasprintf (const char *fmt, va_list arg_ptr); char *strconcat (const char *s1, ...) GNUPG_GCC_A_SENTINEL(0); /*-- pka.c --*/ -char *get_pka_info (const char *address, unsigned char *fpr); +char *get_pka_info (const char *address, void *fprbuf, size_t fprbuflen); /*-- cert.c --*/ int get_cert (const char *name, int want_ipgp, size_t max_size, IOBUF *iobuf, diff --git a/util/pka.c b/util/pka.c index 08c82f1..91b39ed 100644 --- a/util/pka.c +++ b/util/pka.c @@ -1,5 +1,6 @@ -/* pka.c - DNS Public Key Association RR access - * Copyright (C) 2005, 2007 Free Software Foundation, Inc. +/* pka.c - DNS Public Key Association CERT record access + * Copyright (C) 1998-2015 Free Software Foundation, Inc. + * Copyright (C) 1998-2015 Werner Koch * * This file is part of GnuPG. * @@ -22,241 +23,237 @@ #include #include #include - -#ifdef USE_DNS_PKA -# include -# ifdef _WIN32 -# include -# else -# include -# include -# include -# include - /* Not every installation has gotten around to supporting CERTs yet... */ -# ifndef T_CERT -# define T_CERT 37 -# ifdef __VMS -# include "cert_vms.h" -# endif /* def __VMS */ -# endif -# endif -#endif /* USE_DNS_PKA */ +#include #include "memory.h" #include "types.h" +#include "cipher.h" #include "util.h" +static int +string_has_ctrl_or_space (const char *string) +{ + for (; *string; string++ ) + if (!(*string & 0x80) && *string <= 0x20) + return 1; + return 0; +} -#ifdef USE_DNS_PKA -/* Parse the TXT resource record. Format is: - - v=pka1;fpr=a4d94e92b0986ab5ee9dcd755de249965b0358a2;uri=string - - For simplicity white spaces are not allowed. Because we expect to - use a new RRTYPE for this in the future we define the TXT really - strict for simplicity: No white spaces, case sensitivity of the - names, order must be as given above. Only URI is optional. - This function modifies BUFFER. On success 0 is returned, the 20 - byte fingerprint stored at FPR and BUFFER contains the URI or an - empty string. -*/ +/* Return true if STRING has two consecutive '.' after an '@' + sign. */ static int -parse_txt_record (char *buffer, unsigned char *fpr) +has_dotdot_after_at (const char *string) { - char *p, *pend; - int i; + string = strchr (string, '@'); + if (!string) + return 0; /* No at-sign. */ + string++; + return !!strstr (string, ".."); +} - p = buffer; - pend = strchr (p, ';'); - if (!pend) - return -1; - *pend++ = 0; - if (strcmp (p, "v=pka1")) - return -1; /* Wrong or missing version. */ - p = pend; - pend = strchr (p, ';'); - if (pend) - *pend++ = 0; - if (strncmp (p, "fpr=", 4)) - return -1; /* Missing fingerprint part. */ - p += 4; - for (i=0; i < 20 && hexdigitp (p) && hexdigitp (p+1); i++, p += 2) - fpr[i] = xtoi_2 (p); - if (i != 20) - return -1; /* Fingerprint consists not of exactly 40 hexbytes. */ +/* Return the mailbox (local-part at domain) form a standard user id. + Caller must free the result. Returns NULL if no valid mailbox was + found (or we are out of memory). */ +static char * +mailbox_from_userid (const char *userid) +{ + const char *s, *s_end; + size_t len; + char *result = NULL; - p = pend; - if (!p || !*p) + s = strchr (userid, '<'); + if (s) { - *buffer = 0; - return 0; /* Success (no URI given). */ + /* Seems to be a standard user id. */ + s++; + s_end = strchr (s, '>'); + if (s_end && s_end > s) + { + len = s_end - s; + result = xmalloc (len + 1); + strncpy (result, s, len); + result[len] = 0; + /* Apply some basic checks on the address. We do not use + is_valid_mailbox because those checks are too strict. */ + if (string_count_chr (result, '@') != 1 /* Need exactly one '@. */ + || *result == '@' /* local-part missing. */ + || result[len-1] == '@' /* domain missing. */ + || result[len-1] == '.' /* ends with a dot. */ + || string_has_ctrl_or_space (result) + || has_dotdot_after_at (result)) + { + xfree (result); + result = NULL; + errno = EINVAL; + } + } + else + errno = EINVAL; } - if (strncmp (p, "uri=", 4)) - return -1; /* Unknown part. */ - p += 4; - /* There is an URI, copy it to the start of the buffer. */ - while (*p) - *buffer++ = *p++; - *buffer = 0; - return 0; -} - + else if (is_valid_mailbox (userid)) + { + /* The entire user id is a mailbox. Return that one. Note that + this fallback method has some restrictions on the valid + syntax of the mailbox. However, those who want weird + addresses should know about it and use the regular <...> + syntax. */ + result = xtrystrdup (userid); + } + else + errno = EINVAL; -/* For the given email ADDRESS lookup the PKA information in the DNS. + return result? ascii_strlwr (result) : NULL; +} - On success the 20 byte SHA-1 fingerprint is stored at FPR and the - URI will be returned in an allocated buffer. Note that the URI - might be an zero length string as this information is optiobnal. - Caller must xfree the returned string. - On error NULL is returned and the 20 bytes at FPR are not - defined. */ -char * -get_pka_info (const char *address, unsigned char *fpr) +/* Zooko's base32 variant. See RFC-6189 and + http://philzimmermann.com/docs/human-oriented-base-32-encoding.txt + Caller must xfree the returned string. Returns NULL and sets ERRNO + on error. To avoid integer overflow DATALEN is limited to 2^16 + bytes. Note, that DATABITS is measured in bits!. */ +static char * +zb32_encode (const void *data, unsigned int databits) { - union + static char const zb32asc[32] = {'y','b','n','d','r','f','g','8', + 'e','j','k','m','c','p','q','x', + 'o','t','1','u','w','i','s','z', + 'a','3','4','5','h','7','6','9' }; + const unsigned char *s; + char *output, *d; + size_t datalen; + + datalen = (databits + 7) / 8; + if (datalen > (1 << 16)) { - signed char p[PACKETSZ]; - HEADER h; - } answer; - int anslen; - int qdcount, ancount; - int rc; - unsigned char *p, *pend; - const char *domain; - char *name; - - - domain = strrchr (address, '@'); - if (!domain || domain == address || !domain[1]) - return NULL; /* invalid mail address given. */ - - name = malloc (strlen (address) + 5 + 1); - memcpy (name, address, domain - address); - strcpy (stpcpy (name + (domain-address), "._pka."), domain+1); - - anslen = res_query (name, C_IN, T_TXT, answer.p, PACKETSZ); - xfree (name); - if (anslen < sizeof(HEADER)) - return NULL; /* DNS resolver returned a too short answer. */ - if ( (rc=answer.h.rcode) != NOERROR ) - return NULL; /* DNS resolver returned an error. */ - - /* We assume that PACKETSZ is large enough and don't do dynmically - expansion of the buffer. */ - if (anslen > PACKETSZ) - return NULL; /* DNS resolver returned a too long answer */ - - qdcount = ntohs (answer.h.qdcount); - ancount = ntohs (answer.h.ancount); - - if (!ancount) - return NULL; /* Got no answer. */ + errno = EINVAL; + return NULL; + } - p = answer.p + sizeof (HEADER); - pend = answer.p + anslen; /* Actually points directly behind the buffer. */ + d = output = xtrymalloc (8 * (datalen / 5) + + 2 * (datalen % 5) + - ((datalen%5)>2) + + 1); + if (!output) + return NULL; - while (qdcount-- && p < pend) + /* I use straightforward code. The compiler should be able to do a + better job on optimization than me and it is easier to read. */ + for (s = data; datalen >= 5; s += 5, datalen -= 5) { - rc = dn_skipname (p, pend); - if (rc == -1) - return NULL; - p += rc + QFIXEDSZ; + *d++ = zb32asc[((s[0] ) >> 3) ]; + *d++ = zb32asc[((s[0] & 7) << 2) | (s[1] >> 6) ]; + *d++ = zb32asc[((s[1] & 63) >> 1) ]; + *d++ = zb32asc[((s[1] & 1) << 4) | (s[2] >> 4) ]; + *d++ = zb32asc[((s[2] & 15) << 1) | (s[3] >> 7) ]; + *d++ = zb32asc[((s[3] & 127) >> 2) ]; + *d++ = zb32asc[((s[3] & 3) << 3) | (s[4] >> 5) ]; + *d++ = zb32asc[((s[4] & 31) ) ]; } - if (ancount > 1) - return NULL; /* more than one possible gpg trustdns record - none used. */ - - while (ancount-- && p <= pend) + switch (datalen) { - unsigned int type, class, txtlen, n; - char *buffer, *bufp; - - rc = dn_skipname (p, pend); - if (rc == -1) - return NULL; - p += rc; - if (p >= pend - 10) - return NULL; /* RR too short. */ - - type = *p++ << 8; - type |= *p++; - class = *p++ << 8; - class |= *p++; - p += 4; - txtlen = *p++ << 8; - txtlen |= *p++; - if (type != T_TXT || class != C_IN) - return NULL; /* Answer does not match the query. */ - - buffer = bufp = xmalloc (txtlen + 1); - while (txtlen && p < pend) - { - for (n = *p++, txtlen--; txtlen && n && p < pend; txtlen--, n--) - *bufp++ = *p++; - } - *bufp = 0; - if (parse_txt_record (buffer, fpr)) - { - xfree (buffer); - return NULL; /* Not a valid gpg trustdns RR. */ - } - return buffer; + case 4: + *d++ = zb32asc[((s[0] ) >> 3) ]; + *d++ = zb32asc[((s[0] & 7) << 2) | (s[1] >> 6) ]; + *d++ = zb32asc[((s[1] & 63) >> 1) ]; + *d++ = zb32asc[((s[1] & 1) << 4) | (s[2] >> 4) ]; + *d++ = zb32asc[((s[2] & 15) << 1) | (s[3] >> 7) ]; + *d++ = zb32asc[((s[3] & 127) >> 2) ]; + *d++ = zb32asc[((s[3] & 3) << 3) ]; + break; + case 3: + *d++ = zb32asc[((s[0] ) >> 3) ]; + *d++ = zb32asc[((s[0] & 7) << 2) | (s[1] >> 6) ]; + *d++ = zb32asc[((s[1] & 63) >> 1) ]; + *d++ = zb32asc[((s[1] & 1) << 4) | (s[2] >> 4) ]; + *d++ = zb32asc[((s[2] & 15) << 1) ]; + break; + case 2: + *d++ = zb32asc[((s[0] ) >> 3) ]; + *d++ = zb32asc[((s[0] & 7) << 2) | (s[1] >> 6) ]; + *d++ = zb32asc[((s[1] & 63) >> 1) ]; + *d++ = zb32asc[((s[1] & 1) << 4) ]; + break; + case 1: + *d++ = zb32asc[((s[0] ) >> 3) ]; + *d++ = zb32asc[((s[0] & 7) << 2) ]; + break; + default: + break; } + *d = 0; - return NULL; + /* Need to strip some bytes if not a multiple of 40. */ + output[(databits + 5 - 1) / 5] = 0; + return output; } -#else /* !USE_DNS_PKA */ -/* Dummy version of the function if we can't use the resolver - functions. */ -char * -get_pka_info (const char *address, unsigned char *fpr) -{ - return NULL; -} -#endif /* !USE_DNS_PKA */ -#ifdef TEST -int -main(int argc,char *argv[]) -{ - unsigned char fpr[20]; - char *uri; - int i; +/* For the given email ADDRESS lookup the PKA information in the DNS. - if (argc < 2) - { - fprintf (stderr, "usage: pka mail-addresses\n"); - return 1; - } - argc--; - argv++; + On success the fingerprint is stored at FPRBUF and the URI will be + returned in an allocated buffer. Note that the URI might be a zero + length string as this information is optional. Caller must xfree + the returned string. FPRBUFLEN gives the size of the expected + fingerprint (usually 20). - for (; argc; argc--, argv++) + On error NULL is returned and the 20 bytes at FPR are not + defined. */ +char * +get_pka_info (const char *address, void *fprbuf, size_t fprbuflen) +{ + char *result = NULL; + char *mbox; + char *domain; /* Points to mbox. */ + char hashbuf[20]; + char *hash = NULL; + char *name = NULL; + unsigned char *fpr = NULL; + size_t fpr_len; + char *url = NULL; + + mbox = mailbox_from_userid (address); + if (!mbox) + goto leave; + domain = strchr (mbox, '@'); + if (!domain) + goto leave; + *domain++ = 0; + + sha1_hash_buffer (hashbuf, mbox, strlen (mbox)); + hash = zb32_encode (hashbuf, 8*20); + if (!hash) + goto leave; + name = strconcat (hash, "._pka.", domain, NULL); + if (!name) + goto leave; + if (get_cert (name, 1, 16384, NULL, &fpr, &fpr_len, &url)) + goto leave; + if (!fpr) + goto leave; + + /* Return the fingerprint. */ + if (fpr_len != fprbuflen) { - uri = get_pka_info ( *argv, fpr ); - printf ("%s", *argv); - if (uri) - { - putchar (' '); - for (i=0; i < 20; i++) - printf ("%02X", fpr[i]); - if (*uri) - printf (" %s", uri); - xfree (uri); - } - putchar ('\n'); + /* fprintf (stderr, "get_dns_cert failed: fprlen (%zu/%zu)\n", */ + /* fpr_len, fprbuflen); */ + goto leave; } - return 0; + memcpy (fprbuf, fpr, fpr_len); + /* We return the URL or an empty string. */ + if (!url) + url = xcalloc (1, 1); + result = url; + url = NULL; + + leave: + xfree (fpr); + xfree (url); + xfree (name); + xfree (hash); + xfree (mbox); + return result; } -#endif /* TEST */ - -/* -Local Variables: -compile-command: "cc -DUSE_DNS_PKA -DTEST -I.. -I../include -Wall -g -o pka pka.c -lresolv libutil.a" -End: -*/ diff --git a/util/strgutil.c b/util/strgutil.c index 620fb33..3d45405 100644 --- a/util/strgutil.c +++ b/util/strgutil.c @@ -1297,6 +1297,18 @@ ascii_memcasecmp( const char *a, const char *b, size_t n ) return 0; } +/* Lowercase all ASCII characters in S. */ +char * +ascii_strlwr (char *s) +{ + char *p; + + for (p = s; *p; p++ ) + if (isascii (*p) && *p >= 'A' && *p <= 'Z') + *p |= 0x20; + + return s; +} /********************************************* commit 240451a26e3e1fdabe0451a33f8918d4adfa852b Author: Werner Koch Date: Thu Feb 26 16:08:02 2015 +0100 Move two functions from g10/ to util/. * g10/misc.c (has_invalid_email_chars, is_valid_mailbox): Move to ... * util/strgutil.c: here. Signed-off-by: Werner Koch diff --git a/g10/main.h b/g10/main.h index 05b60bb..dbc8d8f 100644 --- a/g10/main.h +++ b/g10/main.h @@ -125,8 +125,6 @@ char *argsplit(char *string); int parse_options(char *str,unsigned int *options, struct parse_options *opts,int noisy); char *unescape_percent_string (const unsigned char *s); -int has_invalid_email_chars (const char *s); -int is_valid_mailbox (const char *name); char *default_homedir (void); const char *get_libexecdir (void); int path_access(const char *file,int mode); diff --git a/g10/misc.c b/g10/misc.c index 2c5c6cc..2b38a8f 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -1141,54 +1141,6 @@ unescape_percent_string (const unsigned char *s) } -/* Check whether the string has characters not valid in an RFC-822 - address. To cope with OpenPGP we ignore non-ascii characters - so that for example umlauts are legal in an email address. An - OpenPGP user ID must be utf-8 encoded but there is no strict - requirement for RFC-822. Thus to avoid IDNA encoding we put the - address verbatim as utf-8 into the user ID under the assumption - that mail programs handle IDNA at a lower level and take OpenPGP - user IDs as utf-8. Note that we can't do an utf-8 encoding - checking here because in keygen.c this function is called with the - native encoding and native to utf-8 encoding is only done later. */ -int -has_invalid_email_chars (const char *s) -{ - int at_seen=0; - const char *valid_chars= - "01234567890_-.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; - - for ( ; *s; s++ ) - { - if ( *s & 0x80 ) - continue; /* We only care about ASCII. */ - if ( *s == '@' ) - at_seen=1; - else if ( !at_seen && !( !!strchr( valid_chars, *s ) || *s == '+' ) ) - return 1; - else if ( at_seen && !strchr( valid_chars, *s ) ) - return 1; - } - return 0; -} - - -/* Check whether NAME represents a valid mailbox according to - RFC822. Returns true if so. */ -int -is_valid_mailbox (const char *name) -{ - return !( !name - || !*name - || has_invalid_email_chars (name) - || string_count_chr (name,'@') != 1 - || *name == '@' - || name[strlen(name)-1] == '@' - || name[strlen(name)-1] == '.' - || strstr (name, "..") ); -} - - /* This is a helper function to load a Windows function from either of one DLLs. */ #ifdef HAVE_W32_SYSTEM diff --git a/util/strgutil.c b/util/strgutil.c index 402881a..620fb33 100644 --- a/util/strgutil.c +++ b/util/strgutil.c @@ -455,6 +455,56 @@ string_count_chr( const char *string, int c ) return count; } + +/* Check whether the string has characters not valid in an RFC-822 + address. To cope with OpenPGP we ignore non-ascii characters + so that for example umlauts are legal in an email address. An + OpenPGP user ID must be utf-8 encoded but there is no strict + requirement for RFC-822. Thus to avoid IDNA encoding we put the + address verbatim as utf-8 into the user ID under the assumption + that mail programs handle IDNA at a lower level and take OpenPGP + user IDs as utf-8. Note that we can't do an utf-8 encoding + checking here because in keygen.c this function is called with the + native encoding and native to utf-8 encoding is only done later. */ +int +has_invalid_email_chars (const char *s) +{ + int at_seen=0; + const char *valid_chars= + "01234567890_-.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; + + for ( ; *s; s++ ) + { + if ( *s & 0x80 ) + continue; /* We only care about ASCII. */ + if ( *s == '@' ) + at_seen=1; + else if ( !at_seen && !( !!strchr( valid_chars, *s ) || *s == '+' ) ) + return 1; + else if ( at_seen && !strchr( valid_chars, *s ) ) + return 1; + } + return 0; +} + + +/* Check whether NAME represents a valid mailbox according t + RFC822. Returns true if so. */ +int +is_valid_mailbox (const char *name) +{ + return !( !name + || !*name + || has_invalid_email_chars (name) + || string_count_chr (name,'@') != 1 + || *name == '@' + || name[strlen(name)-1] == '@' + || name[strlen(name)-1] == '.' + || strstr (name, "..") ); +} + + + #ifdef USE_GNUPG_ICONV static void handle_iconv_error (const char *to, const char *from, int use_fallback) commit 484d0730582a57808333e6af58d51c471f2b125a Author: Werner Koch Date: Thu Feb 26 16:05:19 2015 +0100 Add new function strconcat. * include/util.h (GNUPG_GCC_A_SENTINEL): New. * util/strgutil.c (do_strconcat, strconcat): New. Signed-off-by: Werner Koch diff --git a/include/util.h b/include/util.h index 355dd0c..4cc5801 100644 --- a/include/util.h +++ b/include/util.h @@ -28,6 +28,14 @@ #include "mpi.h" #include "compat.h" +/* GCC attributes. */ +#if __GNUC__ >= 4 +# define GNUPG_GCC_A_SENTINEL(a) __attribute__ ((sentinel(a))) +#else +# define GNUPG_GCC_A_SENTINEL(a) +#endif + + typedef struct { int *argc; /* pointer to argc (value subject to change) */ char ***argv; /* pointer to argv (value subject to change) */ @@ -177,6 +185,8 @@ unsigned int check_trailing_chars( const byte *line, unsigned int len, const char *trimchars ); unsigned int check_trailing_ws( const byte *line, unsigned int len ); int string_count_chr( const char *string, int c ); +int has_invalid_email_chars (const char *s); +int is_valid_mailbox (const char *name); int set_native_charset( const char *newset ); const char* get_native_charset(void); char *native_to_utf8( const char *string ); @@ -238,7 +248,7 @@ int write_w32_registry_string(const char *root, const char *dir, char *xasprintf (const char *fmt, ...); char *xtryasprintf (const char *fmt, ...); char *xtryvasprintf (const char *fmt, va_list arg_ptr); - +char *strconcat (const char *s1, ...) GNUPG_GCC_A_SENTINEL(0); /*-- pka.c --*/ char *get_pka_info (const char *address, unsigned char *fpr); diff --git a/util/strgutil.c b/util/strgutil.c index 91e20f2..402881a 100644 --- a/util/strgutil.c +++ b/util/strgutil.c @@ -112,7 +112,7 @@ static int use_iconv = 0; #ifdef _WIN32 typedef void* iconv_t; #ifndef ICONV_CONST -#define ICONV_CONST const +#define ICONV_CONST const #endif iconv_t (* __stdcall iconv_open) (const char *tocode, const char *fromcode); @@ -126,25 +126,25 @@ int (* __stdcall iconv_close) (iconv_t cd); #ifdef _WIN32 -static int +static int load_libiconv (void) { static int done; - + if (!done) { void *handle; done = 1; /* Do it right now because we might get called recursivly through gettext. */ - + handle = dlopen ("iconv.dll", RTLD_LAZY); if (handle) { iconv_open = dlsym (handle, "libiconv_open"); if (iconv_open) iconv = dlsym (handle, "libiconv"); - if (iconv) + if (iconv) iconv_close = dlsym (handle, "libiconv_close"); } if (!handle || !iconv_close) @@ -161,7 +161,7 @@ load_libiconv (void) } } return iconv_open? 0: -1; -} +} #endif /* _WIN32 */ @@ -625,7 +625,7 @@ set_native_charset( const char *newset ) #ifdef _WIN32 if (load_libiconv ()) return G10ERR_GENERAL; -#endif /*_WIN32*/ +#endif /*_WIN32*/ cd = iconv_open (full_newset, "utf-8"); if (cd == (iconv_t)-1) { @@ -641,7 +641,7 @@ set_native_charset( const char *newset ) iconv_close (cd); active_charset_name = full_newset; no_translation = 0; - active_charset = NULL; + active_charset = NULL; use_iconv = 1; } #else /*!USE_GNUPG_ICONV*/ @@ -680,15 +680,15 @@ native_to_utf8( const char *string ) char *buffer; byte *p; size_t length=0; - + if (no_translation) { /* Already utf-8 encoded. */ buffer = xstrdup (string); } else if( !active_charset && !use_iconv) /* Shortcut implementation for Latin-1. */ - { - for(s=string; *s; s++ ) + { + for(s=string; *s; s++ ) { length++; if( *s & 0x80 ) @@ -708,13 +708,13 @@ native_to_utf8( const char *string ) *p = 0; } else /* Need to use a translation table. */ - { + { #ifdef USE_GNUPG_ICONV iconv_t cd; const char *inptr; char *outptr; size_t inbytes, outbytes; - + cd = iconv_open ("utf-8", active_charset_name); if (cd == (iconv_t)-1) { @@ -722,7 +722,7 @@ native_to_utf8( const char *string ) return native_to_utf8 (string); } - for (s=string; *s; s++ ) + for (s=string; *s; s++ ) { length++; if ((*s & 0x80)) @@ -756,7 +756,7 @@ native_to_utf8( const char *string ) iconv_close (cd); #else /*!USE_GNUPG_ICONV*/ - for(s=string; *s; s++ ) + for(s=string; *s; s++ ) { length++; if( *s & 0x80 ) @@ -791,7 +791,7 @@ native_to_utf8( const char *string ) * Convert string, which is in UTF8 to native encoding. illegal * encodings by some "\xnn" and quote all control characters. A * character with value DELIM will always be quoted, it must be a - * vanilla ASCII character. A DELIM value of -1 is special: it disables + * vanilla ASCII character. A DELIM value of -1 is special: it disables * all quoting of control characters. */ char * @@ -826,7 +826,7 @@ utf8_to_native( const char *string, size_t length, int delim ) } if( !nleft ) { if( !(*s & 0x80) ) { /* plain ascii */ - if( delim != -1 + if( delim != -1 && (*s < 0x20 || *s == 0x7f || *s == delim || (delim && *s=='\\'))) { n++; @@ -993,7 +993,7 @@ utf8_to_native( const char *string, size_t length, int delim ) const char *inptr; char *outbuf, *outptr; size_t inbytes, outbytes; - + *p = 0; /* Terminate the buffer. */ cd = iconv_open (active_charset_name, "utf-8"); @@ -1010,13 +1010,13 @@ utf8_to_native( const char *string, size_t length, int delim ) inbytes = n - 1;; inptr = buffer; outbytes = n * MB_LEN_MAX; - if (outbytes / MB_LEN_MAX != n) + if (outbytes / MB_LEN_MAX != n) BUG (); /* Actually an overflow. */ outbuf = outptr = xmalloc (outbytes); if ( iconv (cd, (ICONV_CONST char **)&inptr, &inbytes, &outptr, &outbytes) == (size_t)-1) { static int shown; - + if (!shown) log_info (_("conversion from `%s' to `%s' failed: %s\n"), "utf-8", active_charset_name, strerror (errno)); @@ -1057,10 +1057,10 @@ char * string_to_utf8 (const char *string) { const char *s; - + if (!string) return NULL; - + /* Due to a bug in old and not so old PGP versions user IDs have been copied verbatim into the key. Thus many users with Umlauts et al. in their name will see their names garbled. Although this @@ -1076,7 +1076,7 @@ string_to_utf8 (const char *string) || ((*s & 0xf8) == 0xf0) || ((*s & 0xfc) == 0xf8) || ((*s & 0xfe) == 0xfc)) ) - { + { /* Possible utf-8 character followed by continuation byte. Although this might still be Latin-1 we better assume that it is valid utf-8. */ @@ -1089,7 +1089,7 @@ string_to_utf8 (const char *string) /* No 0xC3 character in the string; assume that it is Latin-1. */ - for(s=string; *s; s++ ) + for(s=string; *s; s++ ) { length++; if( *s & 0x80 ) @@ -1166,6 +1166,59 @@ xtryvasprintf (const char *fmt, va_list arg_ptr) } +static char * +do_strconcat (const char *s1, va_list arg_ptr) +{ + const char *argv[48]; + size_t argc; + size_t needed; + char *buffer, *p; + + argc = 0; + argv[argc++] = s1; + needed = strlen (s1); + while (((argv[argc] = va_arg (arg_ptr, const char *)))) + { + needed += strlen (argv[argc]); + if (argc >= DIM (argv)-1) + { + errno = EINVAL; + return NULL; + } + argc++; + } + needed++; + buffer = xtrymalloc (needed); + if (buffer) + { + for (p = buffer, argc=0; argv[argc]; argc++) + p = stpcpy (p, argv[argc]); + } + return buffer; +} + + +/* Concatenate the string S1 with all the following strings up to a + NULL. Returns a malloced buffer with the new string or NULL on a + malloc error or if too many arguments are given. */ +char * +strconcat (const char *s1, ...) +{ + va_list arg_ptr; + char *result; + + if (!s1) + result = xtrystrdup (""); + else + { + va_start (arg_ptr, s1); + result = do_strconcat (s1, arg_ptr); + va_end (arg_ptr); + } + return result; +} + + /**************************************************** ******** locale insensitive ctype functions ******** ****************************************************/ @@ -1258,13 +1311,13 @@ w32_strerror (int w32_errno) { static char strerr[256]; int ec = (int)GetLastError (); - + if (w32_errno == 0) w32_errno = ec; FormatMessage (FORMAT_MESSAGE_FROM_SYSTEM, NULL, w32_errno, MAKELANGID (LANG_NEUTRAL, SUBLANG_DEFAULT), strerr, DIM (strerr)-1, NULL); - return strerr; + return strerr; } #endif /*_WIN32*/ commit 2e7a3ed39007deb561a9175f7fccd52946c85d28 Author: Werner Koch Date: Thu Feb 26 15:35:49 2015 +0100 Add convenience function to hash a buffer. * cipher/sha1.c (sha1_hash_buffer): New. Signed-off-by: Werner Koch diff --git a/cipher/sha1.c b/cipher/sha1.c index 309b386..898a9a1 100644 --- a/cipher/sha1.c +++ b/cipher/sha1.c @@ -52,7 +52,7 @@ static void burn_stack (int bytes) { char buf[128]; - + wipememory(buf,sizeof buf); bytes -= sizeof buf; if (bytes > 0) @@ -323,6 +323,23 @@ sha1_read( SHA1_CONTEXT *hd ) return hd->buf; } + +/**************** + * Shortcut functions which puts the hash value of the supplied buffer + * into outbuf which must have a size of 20 bytes. + */ +void +sha1_hash_buffer (char *outbuf, const char *buffer, size_t length) +{ + SHA1_CONTEXT hd; + + sha1_init (&hd); + sha1_write (&hd, (byte*)buffer, length); + sha1_final (&hd); + memcpy (outbuf, hd.buf, 20); +} + + /**************** * Return some information about the algorithm. We need algo here to * distinguish different flavors of the algorithm. diff --git a/include/cipher.h b/include/cipher.h index dcc3045..dd4af18 100644 --- a/include/cipher.h +++ b/include/cipher.h @@ -157,6 +157,7 @@ void md_stop_debug( MD_HANDLE a ); } while(0) void rmd160_hash_buffer (char *outbuf, const char *buffer, size_t length); +void sha1_hash_buffer (char *outbuf, const char *buffer, size_t length); /*-- cipher.c --*/ commit d2323ce6fdceeba9765f23a1d5b5e4cb127d99ed Author: Werner Koch Date: Thu Feb 26 15:17:56 2015 +0100 Allow requesting only an IPGP certtype with dns_cert(). * util/cert.c (get_cert): Add arg want_ipgp. Change callers. Signed-off-by: Werner Koch diff --git a/g10/keyserver.c b/g10/keyserver.c index d1ddc99..568a7fa 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -2164,7 +2164,7 @@ keyserver_import_cert(const char *name,unsigned char **fpr,size_t *fpr_len) if(domain) *domain='.'; - type=get_cert(look,max_cert_size,&key,fpr,fpr_len,&url); + type = get_cert (look, 0, max_cert_size, &key, fpr, fpr_len, &url); if(type==1) { int armor_status=opt.no_armor; diff --git a/include/util.h b/include/util.h index 0eb6281..355dd0c 100644 --- a/include/util.h +++ b/include/util.h @@ -244,8 +244,8 @@ char *xtryvasprintf (const char *fmt, va_list arg_ptr); char *get_pka_info (const char *address, unsigned char *fpr); /*-- cert.c --*/ -int get_cert(const char *name,size_t max_size,IOBUF *iobuf, - unsigned char **fpr,size_t *fpr_len,char **url); +int get_cert (const char *name, int want_ipgp, size_t max_size, IOBUF *iobuf, + unsigned char **fpr,size_t *fpr_len,char **url); /*-- convert.c --*/ int hex2bin (const char *string, void *buffer, size_t length); diff --git a/util/cert.c b/util/cert.c index 0eaead5..7c5e9cf 100644 --- a/util/cert.c +++ b/util/cert.c @@ -48,8 +48,8 @@ /* Returns -1 on error, 0 for no answer, 1 for PGP provided and 2 for IPGP provided. */ int -get_cert(const char *name,size_t max_size,IOBUF *iobuf, - unsigned char **fpr,size_t *fpr_len,char **url) +get_cert (const char *name, int want_ipgp, size_t max_size,IOBUF *iobuf, + unsigned char **fpr, size_t *fpr_len, char **url) { unsigned char *answer; int r,ret=-1; @@ -140,7 +140,9 @@ get_cert(const char *name,size_t max_size,IOBUF *iobuf, /* 15 bytes takes us to here */ - if(ctype==3 && iobuf && dlen) + if (want_ipgp && ctype != 6) + ; /* Skip non IPGP cert records. */ + else if (ctype==3 && iobuf && dlen) { /* PGP type */ *iobuf=iobuf_temp_with_content((char *)pt,dlen); @@ -216,7 +218,7 @@ main(int argc,char *argv[]) printf("CERT lookup on %s\n",argv[1]); - rc=get_cert(argv[1],16384,&iobuf,&fpr,&fpr_len,&url); + rc=get_cert (argv[1], 0, 16384, &iobuf, &fpr, &fpr_len, &url); if(rc==-1) printf("error\n"); else if(rc==0) commit 0d286a11c857a8f84b084b6f4e8a38737adca034 Author: Werner Koch Date: Thu Feb 26 15:06:00 2015 +0100 doc: Fix name of keep-ownertrust. -- Reported-by: Guilhem Moulin diff --git a/doc/gpg.texi b/doc/gpg.texi index d311732..2797fff 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1903,7 +1903,7 @@ opposite meaning. The options are: generally useful unless a shared keyring scheme is being used. Defaults to no. - @item import-keep-ownertrust + @item keep-ownertrust Normally possible still existing ownertrust values of a key are cleared if a key is imported. This is in general desirable so that a formerly deleted key does not automatically gain an ownertrust ----------------------------------------------------------------------- Summary of changes: cipher/sha1.c | 19 ++- configure.ac | 12 +- doc/gpg.texi | 2 +- g10/getkey.c | 2 - g10/keyserver.c | 15 ++- g10/main.h | 2 - g10/mainproc.c | 3 +- g10/misc.c | 48 ------- include/cipher.h | 1 + include/util.h | 19 ++- util/cert.c | 10 +- util/pka.c | 405 +++++++++++++++++++++++++++---------------------------- util/strgutil.c | 167 +++++++++++++++++++---- 13 files changed, 395 insertions(+), 310 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Feb 27 06:18:03 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Fri, 27 Feb 2015 06:18:03 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-170-g6636c4f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 6636c4fd0c6ceab9f79827bf96967d1e112c0b82 (commit) via 1fa8cdb933505960d4e4b4842b122d4e06953e88 (commit) from 410d70bad9a650e3837055e36f157894ae49a57d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6636c4fd0c6ceab9f79827bf96967d1e112c0b82 Author: NIIBE Yutaka Date: Thu Feb 26 21:07:01 2015 +0900 mpi: Avoid data-dependent timing variations in mpi_powm. * mpi/mpi-pow.c (mpi_powm): Access all data in the table by mpi_set_cond. -- Access to the precomputed table was indexed by a portion of EXPO, which could be mounted by a side channel attack. This change fixes this particular data-dependent access pattern. Cherry-picked from commit 5e72b6c76ebee720f69b8a5c212f52d38eb50287 in LIBGCRYPT-1-6-BRANCH. diff --git a/mpi/mpi-pow.c b/mpi/mpi-pow.c index 930d344..70bf9e8 100644 --- a/mpi/mpi-pow.c +++ b/mpi/mpi-pow.c @@ -422,6 +422,7 @@ _gcry_mpi_powm (gcry_mpi_t res, mpi_size_t W; mpi_ptr_t base_u; mpi_size_t base_u_size; + mpi_size_t max_u_size; esize = expo->nlimbs; msize = mod->nlimbs; @@ -540,7 +541,7 @@ _gcry_mpi_powm (gcry_mpi_t res, /* Main processing. */ { - mpi_size_t i, j; + mpi_size_t i, j, k; mpi_ptr_t xp; mpi_size_t xsize; int c; @@ -559,7 +560,7 @@ _gcry_mpi_powm (gcry_mpi_t res, if (W > 1) /* X := BASE^2 */ mul_mod (xp, &xsize, bp, bsize, bp, bsize, mp, msize, &karactx); base_u = precomp[0] = mpi_alloc_limb_space (bsize, esec); - base_u_size = precomp_size[0] = bsize; + base_u_size = max_u_size = precomp_size[0] = bsize; MPN_COPY (precomp[0], bp, bsize); for (i = 1; i < (1 << (W - 1)); i++) { /* PRECOMP[i] = BASE^(2 * i + 1) */ @@ -571,9 +572,14 @@ _gcry_mpi_powm (gcry_mpi_t res, mp, msize, &karactx); base_u = precomp[i] = mpi_alloc_limb_space (rsize, esec); base_u_size = precomp_size[i] = rsize; + if (max_u_size < base_u_size) + max_u_size = base_u_size; MPN_COPY (precomp[i], rp, rsize); } + base_u = mpi_alloc_limb_space (max_u_size, esec); + MPN_ZERO (base_u, max_u_size); + i = esize - 1; /* Main loop. @@ -659,8 +665,24 @@ _gcry_mpi_powm (gcry_mpi_t res, rsize = xsize; } - base_u = precomp[e0]; - base_u_size = precomp_size[e0]; + /* + * base_u <= precomp[e0] + * base_u_size <= precomp_size[e0] + */ + base_u_size = 0; + for (k = 0; k < (1<< (W - 1)); k++) + { + struct gcry_mpi w, u; + w.alloced = w.nlimbs = precomp_size[k]; + u.alloced = u.nlimbs = precomp_size[k]; + w.sign = u.sign = 0; + w.flags = u.flags = 0; + w.d = base_u; + u.d = precomp[k]; + + mpi_set_cond (&w, &u, k == e0); + base_u_size |= (precomp_size[k] & ((mpi_size_t)0 - (k == e0)) ); + } mul_mod (xp, &xsize, rp, rsize, base_u, base_u_size, mp, msize, &karactx); @@ -687,8 +709,24 @@ _gcry_mpi_powm (gcry_mpi_t res, if (e != 0) { - base_u = precomp[(e>>1)]; - base_u_size = precomp_size[(e>>1)]; + /* + * base_u <= precomp[(e>>1)] + * base_u_size <= precomp_size[(e>>1)] + */ + base_u_size = 0; + for (k = 0; k < (1<< (W - 1)); k++) + { + struct gcry_mpi w, u; + w.alloced = w.nlimbs = precomp_size[k]; + u.alloced = u.nlimbs = precomp_size[k]; + w.sign = u.sign = 0; + w.flags = u.flags = 0; + w.d = base_u; + u.d = precomp[k]; + + mpi_set_cond (&w, &u, k == (e>>1)); + base_u_size |= (precomp_size[k] & ((mpi_size_t)0 - (k == (e>>1))) ); + } mul_mod (xp, &xsize, rp, rsize, base_u, base_u_size, mp, msize, &karactx); @@ -739,6 +777,7 @@ _gcry_mpi_powm (gcry_mpi_t res, _gcry_mpih_release_karatsuba_ctx (&karactx ); for (i = 0; i < (1 << (W - 1)); i++) _gcry_mpi_free_limb_space( precomp[i], esec ? precomp_size[i] : 0 ); + _gcry_mpi_free_limb_space (base_u, esec ? max_u_size : 0); } /* Fixup for negative results. */ commit 1fa8cdb933505960d4e4b4842b122d4e06953e88 Author: NIIBE Yutaka Date: Wed Feb 11 22:30:02 2015 +0900 mpi: Revise mpi_powm. * mpi/mpi-pow.c (_gcry_mpi_powm): Rename the table to PRECOMP. -- The name of precomputed table was b_2i3 which stands for BASE^(2*I+3). But it's too cryptic, so, it's renamed. Besides, we needed to distinguish the case of I==0, that was not good. Since it's OK to increase the size of table by one, it's BASE^(2*I+1), now. diff --git a/mpi/mpi-pow.c b/mpi/mpi-pow.c index 0f0947f..930d344 100644 --- a/mpi/mpi-pow.c +++ b/mpi/mpi-pow.c @@ -381,7 +381,7 @@ mul_mod (mpi_ptr_t xp, mpi_size_t *xsize_p, *xsize_p = rsize + ssize; } -#define SIZE_B_2I3 ((1 << (5 - 1)) - 1) +#define SIZE_PRECOMP ((1 << (5 - 1))) /**************** * RES = BASE ^ EXPO mod MOD @@ -417,8 +417,8 @@ _gcry_mpi_powm (gcry_mpi_t res, unsigned int bp_nlimbs = 0; unsigned int ep_nlimbs = 0; unsigned int xp_nlimbs = 0; - mpi_ptr_t b_2i3[SIZE_B_2I3]; /* Pre-computed array: BASE^3, ^5, ^7, ... */ - mpi_size_t b_2i3size[SIZE_B_2I3]; + mpi_ptr_t precomp[SIZE_PRECOMP]; /* Pre-computed array: BASE^1, ^3, ^5, ... */ + mpi_size_t precomp_size[SIZE_PRECOMP]; mpi_size_t W; mpi_ptr_t base_u; mpi_size_t base_u_size; @@ -555,31 +555,23 @@ _gcry_mpi_powm (gcry_mpi_t res, memset( &karactx, 0, sizeof karactx ); negative_result = (ep[0] & 1) && bsign; - /* Precompute B_2I3[], BASE^(2 * i + 3), BASE^3, ^5, ^7, ... */ + /* Precompute PRECOMP[], BASE^(2 * i + 1), BASE^1, ^3, ^5, ... */ if (W > 1) /* X := BASE^2 */ mul_mod (xp, &xsize, bp, bsize, bp, bsize, mp, msize, &karactx); - for (i = 0; i < (1 << (W - 1)) - 1; i++) - { /* B_2I3[i] = BASE^(2 * i + 3) */ - if (i == 0) - { - base_u = bp; - base_u_size = bsize; - } - else - { - base_u = b_2i3[i-1]; - base_u_size = b_2i3size[i-1]; - } - + base_u = precomp[0] = mpi_alloc_limb_space (bsize, esec); + base_u_size = precomp_size[0] = bsize; + MPN_COPY (precomp[0], bp, bsize); + for (i = 1; i < (1 << (W - 1)); i++) + { /* PRECOMP[i] = BASE^(2 * i + 1) */ if (xsize >= base_u_size) mul_mod (rp, &rsize, xp, xsize, base_u, base_u_size, mp, msize, &karactx); else mul_mod (rp, &rsize, base_u, base_u_size, xp, xsize, mp, msize, &karactx); - b_2i3[i] = mpi_alloc_limb_space (rsize, esec); - b_2i3size[i] = rsize; - MPN_COPY (b_2i3[i], rp, rsize); + base_u = precomp[i] = mpi_alloc_limb_space (rsize, esec); + base_u_size = precomp_size[i] = rsize; + MPN_COPY (precomp[i], rp, rsize); } i = esize - 1; @@ -667,16 +659,8 @@ _gcry_mpi_powm (gcry_mpi_t res, rsize = xsize; } - if (e0 == 0) - { - base_u = bp; - base_u_size = bsize; - } - else - { - base_u = b_2i3[e0 - 1]; - base_u_size = b_2i3size[e0 -1]; - } + base_u = precomp[e0]; + base_u_size = precomp_size[e0]; mul_mod (xp, &xsize, rp, rsize, base_u, base_u_size, mp, msize, &karactx); @@ -703,16 +687,8 @@ _gcry_mpi_powm (gcry_mpi_t res, if (e != 0) { - if ((e>>1) == 0) - { - base_u = bp; - base_u_size = bsize; - } - else - { - base_u = b_2i3[(e>>1) - 1]; - base_u_size = b_2i3size[(e>>1) -1]; - } + base_u = precomp[(e>>1)]; + base_u_size = precomp_size[(e>>1)]; mul_mod (xp, &xsize, rp, rsize, base_u, base_u_size, mp, msize, &karactx); @@ -761,8 +737,8 @@ _gcry_mpi_powm (gcry_mpi_t res, MPN_NORMALIZE (rp, rsize); _gcry_mpih_release_karatsuba_ctx (&karactx ); - for (i = 0; i < (1 << (W - 1)) - 1; i++) - _gcry_mpi_free_limb_space( b_2i3[i], esec ? b_2i3size[i] : 0 ); + for (i = 0; i < (1 << (W - 1)); i++) + _gcry_mpi_free_limb_space( precomp[i], esec ? precomp_size[i] : 0 ); } /* Fixup for negative results. */ ----------------------------------------------------------------------- Summary of changes: mpi/mpi-pow.c | 93 ++++++++++++++++++++++++++++++++++------------------------- 1 file changed, 54 insertions(+), 39 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Fri Feb 27 09:26:13 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Fri, 27 Feb 2015 09:26:13 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-171-g505decf Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 505decf5369970219ddc9e78a20f97c623957b78 (commit) from 6636c4fd0c6ceab9f79827bf96967d1e112c0b82 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 505decf5369970219ddc9e78a20f97c623957b78 Author: NIIBE Yutaka Date: Fri Feb 27 17:24:49 2015 +0900 tests: fix t-sexp.c. * tests/t-sexp.c (bug_1594): Free N and PUBKEY. diff --git a/tests/t-sexp.c b/tests/t-sexp.c index 1051723..4785b17 100644 --- a/tests/t-sexp.c +++ b/tests/t-sexp.c @@ -1045,6 +1045,8 @@ static char thing[] = if (gcry_sexp_nth (n_val, 1)) fail ("extracting 1-th of car of 'n' list did not fail"); gcry_sexp_release (n_val); + gcry_sexp_release (n); + gcry_sexp_release (pubkey); } ----------------------------------------------------------------------- Summary of changes: tests/t-sexp.c | 2 ++ 1 file changed, 2 insertions(+) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Fri Feb 27 10:02:30 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 27 Feb 2015 10:02:30 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.18-66-geb645a5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via eb645a57e2a041ed9b368b447cc7e7d77ac05565 (commit) via bcf44e2d153792e20036a26126ad77cef79a0304 (commit) via 7b3ed1a85fc382da9980713e03ee2f574a31629c (commit) via 47c2369bb723aac85caf848a7b563889e83bc88f (commit) from 9dbfca0db80789d8d2020a945de2ccff484abc02 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit eb645a57e2a041ed9b368b447cc7e7d77ac05565 Author: Werner Koch Date: Fri Feb 27 10:01:08 2015 +0100 Post release updates -- diff --git a/NEWS b/NEWS index 71cfb33..03817ec 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,6 @@ +Noteworthy changes in version 1.4.10 (unreleased) +------------------------------------------------- + Noteworthy changes in version 1.4.19 (2015-02-27) ------------------------------------------------- diff --git a/configure.ac b/configure.ac index bc9ca91..92ae205 100644 --- a/configure.ac +++ b/configure.ac @@ -26,7 +26,7 @@ min_automake_version="1.14" # (git tag -s gnupg-1.n.m) and run "./autogen.sh --force". Please # bump the version number immediately *after* the release and do # another commit and push so that the git magic is able to work. -m4_define([mym4_version], [1.4.19]) +m4_define([mym4_version], [1.4.20]) # Below is m4 magic to extract and compute the git revision number, # the decimalized short revision number, a beta version string and a commit bcf44e2d153792e20036a26126ad77cef79a0304 Author: Werner Koch Date: Fri Feb 27 09:33:58 2015 +0100 Release 1.4.19. diff --git a/NEWS b/NEWS index 6fb00cd..71cfb33 100644 --- a/NEWS +++ b/NEWS @@ -1,7 +1,35 @@ -Noteworthy changes in version 1.4.19 (unreleased) +Noteworthy changes in version 1.4.19 (2015-02-27) ------------------------------------------------- - * Fix argument parsing for option --debug-level. + * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591]. + See http://www.cs.tau.ac.il/~tromer/radioexp/ for details. + + * Fixed data-dependent timing variations in modular exponentiation + [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks + are Practical]. + + * Detect faulty use of --verify on detached signatures. + + * Changed the PKA method to use CERT records and hashed names. + + * New import option "keep-ownertrust". + + * Support algorithm names when generating keys using the --command-fd + method. + + * Updated many translations. + + * Updated build system. + + * Fixed a regression in keyserver import + + * Fixed argument parsing for option --debug-level. + + * Fixed DoS based on bogus and overlong key packets. + + * Fixed bugs related to bogus keyrings. + + * The usual minor minor bug fixes. Noteworthy changes in version 1.4.18 (2014-06-30) @@ -2127,10 +2155,8 @@ Noteworthy changes in version 0.2.3 is generated on a system without a good random number generator. -Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, - 2005, 2006, 2007, 2008, 2009, 2010, 2011, - 2012 Free Software Foundation, Inc. -Copyright (C) 2013 Werner Koch +Copyright (C) 1998-2015 Free Software Foundation, Inc. +Copyright (C) 1997-2015 Werner Koch This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without diff --git a/README b/README index c1847a6..dbf0896 100644 --- a/README +++ b/README @@ -3,10 +3,8 @@ ------------------------------- Version 1.4.19 - Copyright 1998, 1999, 2000, 2001, 2002, 2003, - 2004, 2005, 2006, 2007, 2008, 2009, - 2010, 2012, 2013 Free Software Foundation, Inc. - Copyright 1997, 1998, 2013, 2014 Werner Koch + Copyright 1998-2015 Free Software Foundation, Inc. + Copyright 1997-2015 Werner Koch This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or diff --git a/configure.ac b/configure.ac index e232fae..bc9ca91 100644 --- a/configure.ac +++ b/configure.ac @@ -1,7 +1,6 @@ # configure.ac script for GnuPG -# Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, -# 2008, 2009, 2010, 2012, 2013 Free Software Foundation, Inc. -# Copyright (C) 1998, 2013 Werner Koch +# Copyright (C) 1998-2015 Free Software Foundation, Inc. +# Copyright (C) 1998-2015 Werner Koch # # This file is part of GnuPG. # diff --git a/g10/gpg.c b/g10/gpg.c index 6dc15fa..544c576 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -1,7 +1,6 @@ /* gpg.c - The GnuPG utility (main for gpg) - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, - * 2007, 2008, 2009, 2010, 2012 Free Software Foundation, Inc. - * Copyright (C) 1997, 1998, 2013 Werner Koch + * Copyright (C) 1998-2015 Free Software Foundation, Inc. + * Copyright (C) 1997-2015 Werner Koch * * This file is part of GnuPG. * diff --git a/util/argparse.c b/util/argparse.c index 267b6f1..3ed669a 100644 --- a/util/argparse.c +++ b/util/argparse.c @@ -1046,7 +1046,7 @@ default_strusage( int level ) break; case 11: p = "foo"; break; case 13: p = "0.0"; break; - case 14: p = "Copyright (C) 2014 Free Software Foundation, Inc."; break; + case 14: p = "Copyright (C) 2015 Free Software Foundation, Inc."; break; case 15: p = "This is free software: you are free to change and redistribute it.\n" "There is NO WARRANTY, to the extent permitted by law.\n"; commit 7b3ed1a85fc382da9980713e03ee2f574a31629c Author: Werner Koch Date: Fri Feb 27 09:06:46 2015 +0100 po: Auto-update -- diff --git a/po/be.po b/po/be.po index 2625282..986aa84 100644 --- a/po/be.po +++ b/po/be.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg 1.2.2\n" -"Report-Msgid-Bugs-To: gnupg-i18n at gnupg.org\n" +"Report-Msgid-Bugs-To: translations at gnupg.org\n" "PO-Revision-Date: 2012-08-24 17:19+0200\n" "Last-Translator: Ales Nyakhaychyk \n" "Language-Team: Belarusian \n" @@ -1725,6 +1725,9 @@ msgstr "" msgid "repair damage from the pks keyserver during import" msgstr "" +msgid "do not clear the ownertrust values during import" +msgstr "" + msgid "do not update the trustdb after import" msgstr "" @@ -2681,6 +2684,12 @@ msgid "" " cause a different user ID to become the assumed primary.\n" msgstr "" +msgid "WARNING: Your encryption subkey expires soon.\n" +msgstr "" + +msgid "You may want to change its expiration date too.\n" +msgstr "" + msgid "" "WARNING: This is a PGP2-style key. Adding a photo ID may cause some " "versions\n" @@ -3405,6 +3414,10 @@ msgstr "" msgid "keyserver did not send VERSION\n" msgstr "" +#, fuzzy, c-format +msgid "keyserver communications error: %s\n" +msgstr "???????? ??????????????????????: %s\n" + msgid "no keyserver known (use option --keyserver)\n" msgstr "" @@ -3431,10 +3444,6 @@ msgstr "???????? ??????????????????????: %s\n" msgid "keyserver internal error\n" msgstr "???????????????? ??????????????" -#, fuzzy, c-format -msgid "keyserver communications error: %s\n" -msgstr "???????? ??????????????????????: %s\n" - #, c-format msgid "\"%s\" not a key ID: skipping\n" msgstr "" @@ -3604,6 +3613,10 @@ msgid "unknown" msgstr "?????????????????? ????????????" #, c-format +msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n" +msgstr "" + +#, c-format msgid "Can't check signature: %s\n" msgstr "" diff --git a/po/ca.po b/po/ca.po index 3d08b48..3fca28b 100644 --- a/po/ca.po +++ b/po/ca.po @@ -26,7 +26,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg 1.4.0\n" -"Report-Msgid-Bugs-To: gnupg-i18n at gnupg.org\n" +"Report-Msgid-Bugs-To: translations at gnupg.org\n" "PO-Revision-Date: 2012-08-24 17:20+0200\n" "Last-Translator: Jordi Mallach \n" "Language-Team: Catalan \n" @@ -1942,6 +1942,10 @@ msgid "repair damage from the pks keyserver during import" msgstr "" #, fuzzy +msgid "do not clear the ownertrust values during import" +msgstr "actualitza la base de dades de confian??a" + +#, fuzzy msgid "do not update the trustdb after import" msgstr "actualitza la base de dades de confian??a" @@ -3014,6 +3018,14 @@ msgstr "" " causar que una ID d'usuari diferent esdevinga en la prim??ria " "assumida.\n" +msgid "WARNING: Your encryption subkey expires soon.\n" +msgstr "" + +#, fuzzy +#| msgid "You can't change the expiration date of a v3 key\n" +msgid "You may want to change its expiration date too.\n" +msgstr "No podeu canviar la data de caducitat de les claus v3\n" + # Photo ID com abans. ivb msgid "" "WARNING: This is a PGP2-style key. Adding a photo ID may cause some " @@ -3825,6 +3837,10 @@ msgstr "" msgid "keyserver did not send VERSION\n" msgstr "" +#, fuzzy, c-format +msgid "keyserver communications error: %s\n" +msgstr "la recepci?? des del servidor de claus ha fallat: %s\n" + msgid "no keyserver known (use option --keyserver)\n" msgstr "no es coneix cap servidor de claus (useu l'opci?? \"--keyserver\")\n" @@ -3854,10 +3870,6 @@ msgid "keyserver internal error\n" msgstr "error de servidor de claus" #, fuzzy, c-format -msgid "keyserver communications error: %s\n" -msgstr "la recepci?? des del servidor de claus ha fallat: %s\n" - -#, fuzzy, c-format msgid "\"%s\" not a key ID: skipping\n" msgstr "%s: no ??s un ID v??lid\n" @@ -4031,6 +4043,10 @@ msgid "unknown" msgstr "desconeguda" #, c-format +msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n" +msgstr "" + +#, c-format msgid "Can't check signature: %s\n" msgstr "No s'ha pogut comprovar la signatura: %s\n" diff --git a/po/cs.po b/po/cs.po index fefdb4b..dd34205 100644 --- a/po/cs.po +++ b/po/cs.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg-1.3.92\n" -"Report-Msgid-Bugs-To: gnupg-i18n at gnupg.org\n" +"Report-Msgid-Bugs-To: translations at gnupg.org\n" "PO-Revision-Date: 2012-08-24 17:20+0200\n" "Last-Translator: Roman Pavlik \n" "Language-Team: Czech \n" @@ -2825,6 +2825,14 @@ msgstr "" "VAROV??N??: ????dn?? u??ivatelsk?? ID nebylo ozna??eno jako prim??rn??. Tento p????kaz\n" " m????e zp??sobit, ??e za prim??rn?? bude pova??ov??no jin?? user ID.\n" +msgid "WARNING: Your encryption subkey expires soon.\n" +msgstr "" + +#, fuzzy +#| msgid "You can't change the expiration date of a v3 key\n" +msgid "You may want to change its expiration date too.\n" +msgstr "Nem????ete zm??nit dobu platnosti kl????e verze 3\n" + msgid "" "WARNING: This is a PGP2-style key. Adding a photo ID may cause some " "versions\n" @@ -3589,6 +3597,10 @@ msgstr "VAROV??N??: keyserver handler z jin?? verze GnuPG (%s)\n" msgid "keyserver did not send VERSION\n" msgstr "server kl?????? neposlal VERSION\n" +#, c-format +msgid "keyserver communications error: %s\n" +msgstr "chyba komunikace se serverem kl??????: %s\n" + msgid "no keyserver known (use option --keyserver)\n" msgstr "??adn?? server kl?????? nen?? zn??m (pou????jte volbu --keyserver)\n" @@ -3614,10 +3626,6 @@ msgid "keyserver internal error\n" msgstr "intern?? chyba serveru kl??????\n" #, c-format -msgid "keyserver communications error: %s\n" -msgstr "chyba komunikace se serverem kl??????: %s\n" - -#, c-format msgid "\"%s\" not a key ID: skipping\n" msgstr "\"%s\" nen?? ID kl????e: p??esko??eno\n" @@ -3789,6 +3797,10 @@ msgid "unknown" msgstr "nezn??m?? form??t" #, c-format +msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n" +msgstr "" + +#, c-format msgid "Can't check signature: %s\n" msgstr "Nemohu ov????it podpis: %s\n" diff --git a/po/da.po b/po/da.po index 6d871f6..13960e8 100644 --- a/po/da.po +++ b/po/da.po @@ -14,7 +14,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg\n" -"Report-Msgid-Bugs-To: gnupg-i18n at gnupg.org\n" +"Report-Msgid-Bugs-To: translations at gnupg.org\n" "PO-Revision-Date: 2012-11-04 20:27+0200\n" "Last-Translator: Joe Hansen \n" "Language-Team: Danish \n" @@ -1838,6 +1838,11 @@ msgstr "importer underskrifter som er markeret som local-only" msgid "repair damage from the pks keyserver during import" msgstr "reparer skade fra pks-n??gleserveren under import" +#, fuzzy +#| msgid "do not update the trustdb after import" +msgid "do not clear the ownertrust values during import" +msgstr "opdater ikke trustdb efter import" + msgid "do not update the trustdb after import" msgstr "opdater ikke trustdb efter import" @@ -2826,6 +2831,14 @@ msgstr "" "ADVARSEL: Intet bruger-id er blevet markeret som prim??r. Denne kommando\n" " kan medf??re at et anden bruger-id bliver den formodede prim??re.\n" +msgid "WARNING: Your encryption subkey expires soon.\n" +msgstr "" + +#, fuzzy +#| msgid "You can't change the expiration date of a v3 key\n" +msgid "You may want to change its expiration date too.\n" +msgstr "Du kan ikke ??ndre udl??bsdatoen for en v3-n??gle\n" + msgid "" "WARNING: This is a PGP2-style key. Adding a photo ID may cause some " "versions\n" @@ -3594,6 +3607,10 @@ msgstr "ADVARSEL: n??gleserverh??ndtering fra en anden version af GnuPG (%s)\n" msgid "keyserver did not send VERSION\n" msgstr "n??gleserver sendte ikke VERSION\n" +#, c-format +msgid "keyserver communications error: %s\n" +msgstr "kommunikationsfejl for n??gleserver: %s\n" + msgid "no keyserver known (use option --keyserver)\n" msgstr "ingen kendt n??gleserver (brug tilvalget --keyserver)\n" @@ -3619,10 +3636,6 @@ msgid "keyserver internal error\n" msgstr "n??gleserver fik intern fejl\n" #, c-format -msgid "keyserver communications error: %s\n" -msgstr "kommunikationsfejl for n??gleserver: %s\n" - -#, c-format msgid "\"%s\" not a key ID: skipping\n" msgstr "??%s?? er ikke et n??gle-id: udelader\n" @@ -3788,6 +3801,10 @@ msgid "unknown" msgstr "ukendt" #, c-format +msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n" +msgstr "" + +#, c-format msgid "Can't check signature: %s\n" msgstr "Kan ikke kontrollere underskrift: %s\n" diff --git a/po/de.po b/po/de.po index cec3495..a9157ae 100644 --- a/po/de.po +++ b/po/de.po @@ -3883,7 +3883,9 @@ msgstr "unbekannt" #, c-format msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n" -msgstr "\"WARNUNG: Keine abgetrennte Signatur; die Datei '%s' wurde NICHT ??berpr??ft!\n" +msgstr "" +"\"WARNUNG: Keine abgetrennte Signatur; die Datei '%s' wurde NICHT " +"??berpr??ft!\n" #, c-format msgid "Can't check signature: %s\n" diff --git a/po/el.po b/po/el.po index a6eb951..a440d74 100644 --- a/po/el.po +++ b/po/el.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg-1.1.92\n" -"Report-Msgid-Bugs-To: gnupg-i18n at gnupg.org\n" +"Report-Msgid-Bugs-To: translations at gnupg.org\n" "PO-Revision-Date: 2012-08-24 17:21+0200\n" "Last-Translator: Dokianakis Theofanis \n" "Language-Team: Greek \n" @@ -1894,6 +1894,10 @@ msgid "repair damage from the pks keyserver during import" msgstr "" #, fuzzy +msgid "do not clear the ownertrust values during import" +msgstr "???????? ??? ????? ????????? ????????????" + +#, fuzzy msgid "do not update the trustdb after import" msgstr "???????? ??? ????? ????????? ????????????" @@ -2944,6 +2948,14 @@ msgstr "" "?????????????: ??? ???? ????????? ID ?????? ??? ????????. ???? ? ??????\n" " ?????? ?? ????? ??? ???? ID ?????? ?? ????? ?? ????????.\n" +msgid "WARNING: Your encryption subkey expires soon.\n" +msgstr "" + +#, fuzzy +#| msgid "You can't change the expiration date of a v3 key\n" +msgid "You may want to change its expiration date too.\n" +msgstr "??? ???????? ?? ???????? ??? ?????????? ????? ?? ??? v3 ??????\n" + msgid "" "WARNING: This is a PGP2-style key. Adding a photo ID may cause some " "versions\n" @@ -3748,6 +3760,10 @@ msgstr "" msgid "keyserver did not send VERSION\n" msgstr "" +#, fuzzy, c-format +msgid "keyserver communications error: %s\n" +msgstr "keyserver ???? ???????: %s\n" + msgid "no keyserver known (use option --keyserver)\n" msgstr "" @@ -3774,10 +3790,6 @@ msgstr " msgid "keyserver internal error\n" msgstr "?????? ?????????? ????????" -#, fuzzy, c-format -msgid "keyserver communications error: %s\n" -msgstr "keyserver ???? ???????: %s\n" - #, c-format msgid "\"%s\" not a key ID: skipping\n" msgstr "" @@ -3947,6 +3959,10 @@ msgid "unknown" msgstr "???????" #, c-format +msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n" +msgstr "" + +#, c-format msgid "Can't check signature: %s\n" msgstr "???????? ??????? ??? ?????????: %s\n" diff --git a/po/eo.po b/po/eo.po index 21a54d7..9b023b7 100644 --- a/po/eo.po +++ b/po/eo.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg 1.0.6d\n" -"Report-Msgid-Bugs-To: gnupg-i18n at gnupg.org\n" +"Report-Msgid-Bugs-To: translations at gnupg.org\n" "PO-Revision-Date: 2012-08-24 17:22+0200\n" "Last-Translator: Edmund GRIMLEY EVANS \n" "Language-Team: Esperanto \n" @@ -1863,6 +1863,10 @@ msgid "repair damage from the pks keyserver during import" msgstr "" #, fuzzy +msgid "do not clear the ownertrust values during import" +msgstr "aktualigi la fido-datenaron" + +#, fuzzy msgid "do not update the trustdb after import" msgstr "aktualigi la fido-datenaron" @@ -2911,6 +2915,14 @@ msgid "" " cause a different user ID to become the assumed primary.\n" msgstr "" +msgid "WARNING: Your encryption subkey expires soon.\n" +msgstr "" + +#, fuzzy +#| msgid "You can't change the expiration date of a v3 key\n" +msgid "You may want to change its expiration date too.\n" +msgstr "Vi ne povas ?an?i la daton de eksvalidi?o de v3-?losilo\n" + msgid "" "WARNING: This is a PGP2-style key. Adding a photo ID may cause some " "versions\n" @@ -3710,6 +3722,10 @@ msgstr "" msgid "keyserver did not send VERSION\n" msgstr "" +#, fuzzy, c-format +msgid "keyserver communications error: %s\n" +msgstr "listigo de sekretaj ?losiloj malsukcesis: %s\n" + msgid "no keyserver known (use option --keyserver)\n" msgstr "neniu ?losilservilo konata (uzu la opcion --keyserver)\n" @@ -3737,10 +3753,6 @@ msgid "keyserver internal error\n" msgstr "?losilservila eraro" #, fuzzy, c-format -msgid "keyserver communications error: %s\n" -msgstr "listigo de sekretaj ?losiloj malsukcesis: %s\n" - -#, fuzzy, c-format msgid "\"%s\" not a key ID: skipping\n" msgstr "%s: ne valida ?losilidentigilo\n" @@ -3912,6 +3924,10 @@ msgid "unknown" msgstr "nekonata versio" #, c-format +msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n" +msgstr "" + +#, c-format msgid "Can't check signature: %s\n" msgstr "Ne povas kontroli subskribon: %s\n" diff --git a/po/es.po b/po/es.po index eb0bf56..6044b04 100644 --- a/po/es.po +++ b/po/es.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: GnuPG 1.4.1\n" -"Report-Msgid-Bugs-To: gnupg-i18n at gnupg.org\n" +"Report-Msgid-Bugs-To: translations at gnupg.org\n" "PO-Revision-Date: 2014-11-23 01:52+0100\n" "Last-Translator: Manuel \"Venturi\" Porras Peralta \n" @@ -2867,6 +2867,14 @@ msgstr "" " causar que se tome como principal otro identificador de usuario " "distinto.\n" +msgid "WARNING: Your encryption subkey expires soon.\n" +msgstr "" + +#, fuzzy +#| msgid "You can't change the expiration date of a v3 key\n" +msgid "You may want to change its expiration date too.\n" +msgstr "No puede cambiar la fecha de caducidad de una clave v3\n" + msgid "" "WARNING: This is a PGP2-style key. Adding a photo ID may cause some " "versions\n" @@ -3639,6 +3647,10 @@ msgstr "" msgid "keyserver did not send VERSION\n" msgstr "el servidor de claves no envi?? VERSION\n" +#, c-format +msgid "keyserver communications error: %s\n" +msgstr "error de comunicaci??n con el servidor de claves: %s\n" + msgid "no keyserver known (use option --keyserver)\n" msgstr "no hay servidores de claves conocidos (use opci??n --keyserver)\n" @@ -3667,10 +3679,6 @@ msgid "keyserver internal error\n" msgstr "error interno del servidor de claves\n" #, c-format -msgid "keyserver communications error: %s\n" -msgstr "error de comunicaci??n con el servidor de claves: %s\n" - -#, c-format msgid "\"%s\" not a key ID: skipping\n" msgstr "\"%s\" no es un identificador de clave v??lido: omitido\n" diff --git a/po/et.po b/po/et.po index 25a0e4a..1765ff3 100644 --- a/po/et.po +++ b/po/et.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg 1.2.2\n" -"Report-Msgid-Bugs-To: gnupg-i18n at gnupg.org\n" +"Report-Msgid-Bugs-To: translations at gnupg.org\n" "PO-Revision-Date: 2012-08-24 17:22+0200\n" "Last-Translator: Toomas Soome \n" "Language-Team: Estonian \n" @@ -1862,6 +1862,10 @@ msgid "repair damage from the pks keyserver during import" msgstr "" #, fuzzy +msgid "do not clear the ownertrust values during import" +msgstr "uuenda usalduse andmebaasi" + +#, fuzzy msgid "do not update the trustdb after import" msgstr "uuenda usalduse andmebaasi" @@ -2900,6 +2904,14 @@ msgstr "" "HOIATUS: ?htegi kasutaja ID pole m?rgitud primaarseks. See k?sklus v?ib\n" " p?hjustada muu kasutaja ID primaarseks m??ramist.\n" +msgid "WARNING: Your encryption subkey expires soon.\n" +msgstr "" + +#, fuzzy +#| msgid "You can't change the expiration date of a v3 key\n" +msgid "You may want to change its expiration date too.\n" +msgstr "v3 v?tme aegumise aega ei saa muuta.\n" + msgid "" "WARNING: This is a PGP2-style key. Adding a photo ID may cause some " "versions\n" @@ -3684,6 +3696,10 @@ msgstr "" msgid "keyserver did not send VERSION\n" msgstr "" +#, fuzzy, c-format +msgid "keyserver communications error: %s\n" +msgstr "v?tmeserverilt lugemine eba?nnestus: %s\n" + msgid "no keyserver known (use option --keyserver)\n" msgstr "" @@ -3710,10 +3726,6 @@ msgstr "v msgid "keyserver internal error\n" msgstr "v?tmeserveri viga" -#, fuzzy, c-format -msgid "keyserver communications error: %s\n" -msgstr "v?tmeserverilt lugemine eba?nnestus: %s\n" - #, c-format msgid "\"%s\" not a key ID: skipping\n" msgstr "" @@ -3881,6 +3893,10 @@ msgid "unknown" msgstr "tundmatu" #, c-format +msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n" +msgstr "" + +#, c-format msgid "Can't check signature: %s\n" msgstr "Allkirja ei saa kontrollida: %s\n" diff --git a/po/fi.po b/po/fi.po index 9b52b14..304f811 100644 --- a/po/fi.po +++ b/po/fi.po @@ -21,7 +21,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg 1.2.2\n" -"Report-Msgid-Bugs-To: gnupg-i18n at gnupg.org\n" +"Report-Msgid-Bugs-To: translations at gnupg.org\n" "PO-Revision-Date: 2012-08-24 17:23+0200\n" "Last-Translator: Tommi Vainikainen \n" "Language-Team: Finnish \n" @@ -1893,6 +1893,10 @@ msgid "repair damage from the pks keyserver during import" msgstr "" #, fuzzy +msgid "do not clear the ownertrust values during import" +msgstr "p??ivit?? luottamustietokanta" + +#, fuzzy msgid "do not update the trustdb after import" msgstr "p??ivit?? luottamustietokanta" @@ -2937,6 +2941,14 @@ msgstr "" "VAROITUS: mit????n k??ytt??j??tunnusta ei ole merkitty ensisijaiseksi. T??m??n \n" "komennon johdosta eri k??ytt??j??tunnus voi tulla oletetuksi ensisijaiseksi.\n" +msgid "WARNING: Your encryption subkey expires soon.\n" +msgstr "" + +#, fuzzy +#| msgid "You can't change the expiration date of a v3 key\n" +msgid "You may want to change its expiration date too.\n" +msgstr "Et voi muuttaa v3-avainten vanhentumisp??iv????\n" + msgid "" "WARNING: This is a PGP2-style key. Adding a photo ID may cause some " "versions\n" @@ -3733,6 +3745,10 @@ msgstr "" msgid "keyserver did not send VERSION\n" msgstr "" +#, fuzzy, c-format +msgid "keyserver communications error: %s\n" +msgstr "avainpalvelimelta vastaanotto ep??onnistui: %s\n" + msgid "no keyserver known (use option --keyserver)\n" msgstr "" @@ -3759,10 +3775,6 @@ msgstr "avainpalvelinvirhe" msgid "keyserver internal error\n" msgstr "avainpalvelinvirhe" -#, fuzzy, c-format -msgid "keyserver communications error: %s\n" -msgstr "avainpalvelimelta vastaanotto ep??onnistui: %s\n" - #, c-format msgid "\"%s\" not a key ID: skipping\n" msgstr "" @@ -3934,6 +3946,10 @@ msgid "unknown" msgstr "tuntematon " #, c-format +msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n" +msgstr "" + +#, c-format msgid "Can't check signature: %s\n" msgstr "Allekirjoitusta ei voi tarkistaa: %s\n" diff --git a/po/fr.po b/po/fr.po index 6d7be96..1ffb567 100644 --- a/po/fr.po +++ b/po/fr.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg 1.4.19\n" -"Report-Msgid-Bugs-To: gnupg-i18n at gnupg.org\n" +"Report-Msgid-Bugs-To: translations at gnupg.org\n" "PO-Revision-Date: 2014-09-06 15:56-0400\n" "Last-Translator: David Pr??vot \n" "Language-Team: French \n" @@ -1888,6 +1888,11 @@ msgstr "importer des signatures marqu??es comme locales seulement" msgid "repair damage from the pks keyserver during import" msgstr "r??parer les donn??es endommag??es du serveur pks pendant l'importation" +#, fuzzy +#| msgid "do not update the trustdb after import" +msgid "do not clear the ownertrust values during import" +msgstr "ne pas mettre ?? jour la base de confiance apr??s l'importation" + msgid "do not update the trustdb after import" msgstr "ne pas mettre ?? jour la base de confiance apr??s l'importation" @@ -2882,6 +2887,14 @@ msgstr "" "commande\n" " risque de rendre une autre identit?? principale par d??faut.\n" +msgid "WARNING: Your encryption subkey expires soon.\n" +msgstr "" + +#, fuzzy +#| msgid "You can't change the expiration date of a v3 key\n" +msgid "You may want to change its expiration date too.\n" +msgstr "Vous ne pouvez pas modifier la date d'expiration d'une clef??v3\n" + msgid "" "WARNING: This is a PGP2-style key. Adding a photo ID may cause some " "versions\n" @@ -3676,6 +3689,10 @@ msgstr "" msgid "keyserver did not send VERSION\n" msgstr "le serveurs de clefs n'a pas envoy?? sa VERSION\n" +#, c-format +msgid "keyserver communications error: %s\n" +msgstr "erreur de communication avec le serveur de clefs??: %s\n" + msgid "no keyserver known (use option --keyserver)\n" msgstr "pas de serveur de clefs connu (utilisez l'option --keyserver)\n" @@ -3705,10 +3722,6 @@ msgid "keyserver internal error\n" msgstr "erreur interne du serveur de clefs\n" #, c-format -msgid "keyserver communications error: %s\n" -msgstr "erreur de communication avec le serveur de clefs??: %s\n" - -#, c-format msgid "\"%s\" not a key ID: skipping\n" msgstr "????%s???? n'est pas un identifiant de clef??: ignor??\n" @@ -3879,6 +3892,10 @@ msgid "unknown" msgstr "inconnu" #, c-format +msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n" +msgstr "" + +#, c-format msgid "Can't check signature: %s\n" msgstr "Impossible de v??rifier la signature??: %s\n" diff --git a/po/gl.po b/po/gl.po index fe1eabc..d1437ee 100644 --- a/po/gl.po +++ b/po/gl.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg 1.2.4\n" -"Report-Msgid-Bugs-To: gnupg-i18n at gnupg.org\n" +"Report-Msgid-Bugs-To: translations at gnupg.org\n" "PO-Revision-Date: 2012-08-24 17:23+0200\n" "Last-Translator: Jacobo Tarrio \n" "Language-Team: Galician \n" @@ -1878,6 +1878,10 @@ msgid "repair damage from the pks keyserver during import" msgstr "" #, fuzzy +msgid "do not clear the ownertrust values during import" +msgstr "actualiza-la base de datos de confianza" + +#, fuzzy msgid "do not update the trustdb after import" msgstr "actualiza-la base de datos de confianza" @@ -2933,6 +2937,14 @@ msgstr "" "AVISO: non se marcou ning?n ID de usuario coma primario. Esta orde pode\n" " facer que un ID de usuario diferente se converta no primario.\n" +msgid "WARNING: Your encryption subkey expires soon.\n" +msgstr "" + +#, fuzzy +#| msgid "You can't change the expiration date of a v3 key\n" +msgid "You may want to change its expiration date too.\n" +msgstr "Non pode cambia-la data de expiraci?n dunha chave v3\n" + msgid "" "WARNING: This is a PGP2-style key. Adding a photo ID may cause some " "versions\n" @@ -3734,6 +3746,10 @@ msgstr "" msgid "keyserver did not send VERSION\n" msgstr "" +#, fuzzy, c-format +msgid "keyserver communications error: %s\n" +msgstr "a recepci?n do servidor de chaves fallou: %s\n" + msgid "no keyserver known (use option --keyserver)\n" msgstr "" "non hai un servidor de chaves co?ecido (empregue a opci?n --keyserver)\n" @@ -3762,10 +3778,6 @@ msgid "keyserver internal error\n" msgstr "erro do servidor de chaves" #, fuzzy, c-format -msgid "keyserver communications error: %s\n" -msgstr "a recepci?n do servidor de chaves fallou: %s\n" - -#, fuzzy, c-format msgid "\"%s\" not a key ID: skipping\n" msgstr "%s: non ? un ID de chave v?lido\n" @@ -3932,6 +3944,10 @@ msgid "unknown" msgstr "desco?ecido" #, c-format +msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n" +msgstr "" + +#, c-format msgid "Can't check signature: %s\n" msgstr "Non foi posible verifica-la sinatura: %s\n" diff --git a/po/hu.po b/po/hu.po index 05e3b6a..62c1f1e 100644 --- a/po/hu.po +++ b/po/hu.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg 1.2.5\n" -"Report-Msgid-Bugs-To: gnupg-i18n at gnupg.org\n" +"Report-Msgid-Bugs-To: translations at gnupg.org\n" "PO-Revision-Date: 2012-08-24 17:24+0200\n" "Last-Translator: Nagy Ferenc L?szl? \n" "Language-Team: Hungarian \n" @@ -1870,6 +1870,10 @@ msgid "repair damage from the pks keyserver during import" msgstr "" #, fuzzy +msgid "do not clear the ownertrust values during import" +msgstr "bizalmi adatb?zis friss?t?se" + +#, fuzzy msgid "do not update the trustdb after import" msgstr "bizalmi adatb?zis friss?t?se" @@ -2910,6 +2914,14 @@ msgstr "" "FIGYELEM: Nincs kijel?lt els?dleges felhaszn?l?azonos?t?. Ez a parancs\n" " azt okozhatja, hogy egy m?sik azonos?t? lesz els?dlegesk?nt haszn?lva.\n" +msgid "WARNING: Your encryption subkey expires soon.\n" +msgstr "" + +#, fuzzy +#| msgid "You can't change the expiration date of a v3 key\n" +msgid "You may want to change its expiration date too.\n" +msgstr "Nem v?ltoztathatja meg egy v3 kulcs lej?rati d?tum?t!\n" + msgid "" "WARNING: This is a PGP2-style key. Adding a photo ID may cause some " "versions\n" @@ -3704,6 +3716,10 @@ msgstr "" msgid "keyserver did not send VERSION\n" msgstr "" +#, fuzzy, c-format +msgid "keyserver communications error: %s\n" +msgstr "V?tel a kulcsszerverr?l sikertelen: %s\n" + msgid "no keyserver known (use option --keyserver)\n" msgstr "" @@ -3730,10 +3746,6 @@ msgstr "kulcsszerverhiba" msgid "keyserver internal error\n" msgstr "kulcsszerverhiba" -#, fuzzy, c-format -msgid "keyserver communications error: %s\n" -msgstr "V?tel a kulcsszerverr?l sikertelen: %s\n" - #, c-format msgid "\"%s\" not a key ID: skipping\n" msgstr "" @@ -3907,6 +3919,10 @@ msgid "unknown" msgstr "Ismeretlen m?d?" #, c-format +msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n" +msgstr "" + +#, c-format msgid "Can't check signature: %s\n" msgstr "Nem tudom ellen?rizni az al??r?st: %s.\n" diff --git a/po/id.po b/po/id.po index f17e4eb..5129441 100644 --- a/po/id.po +++ b/po/id.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg-id\n" -"Report-Msgid-Bugs-To: gnupg-i18n at gnupg.org\n" +"Report-Msgid-Bugs-To: translations at gnupg.org\n" "PO-Revision-Date: 2012-08-24 17:24+0200\n" "Last-Translator: Tedi Heriyanto \n" "Language-Team: Indonesian \n" @@ -1885,6 +1885,10 @@ msgid "repair damage from the pks keyserver during import" msgstr "" #, fuzzy +msgid "do not clear the ownertrust values during import" +msgstr "perbarui database trust" + +#, fuzzy msgid "do not update the trustdb after import" msgstr "perbarui database trust" @@ -2926,6 +2930,14 @@ msgstr "" "WARNING: no user ID has been marked as primary. This command may\n" " cause a different user ID to become the assumed primary.\n" +msgid "WARNING: Your encryption subkey expires soon.\n" +msgstr "" + +#, fuzzy +#| msgid "You can't change the expiration date of a v3 key\n" +msgid "You may want to change its expiration date too.\n" +msgstr "Anda tidak dapat merubah batas waktu kunci v3\n" + msgid "" "WARNING: This is a PGP2-style key. Adding a photo ID may cause some " "versions\n" @@ -3719,6 +3731,10 @@ msgstr "" msgid "keyserver did not send VERSION\n" msgstr "" +#, fuzzy, c-format +msgid "keyserver communications error: %s\n" +msgstr "Penerimaan keyserver gagal: %s\n" + msgid "no keyserver known (use option --keyserver)\n" msgstr "" @@ -3745,10 +3761,6 @@ msgstr "kesalahan keyserver" msgid "keyserver internal error\n" msgstr "kesalahan keyserver" -#, fuzzy, c-format -msgid "keyserver communications error: %s\n" -msgstr "Penerimaan keyserver gagal: %s\n" - #, c-format msgid "\"%s\" not a key ID: skipping\n" msgstr "" @@ -3916,6 +3928,10 @@ msgid "unknown" msgstr "tidak dikenal" #, c-format +msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n" +msgstr "" + +#, c-format msgid "Can't check signature: %s\n" msgstr "Tidak dapat memeriksa signature: %s\n" diff --git a/po/it.po b/po/it.po index 372c82f..f10f49f 100644 --- a/po/it.po +++ b/po/it.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg\n" -"Report-Msgid-Bugs-To: gnupg-i18n at gnupg.org\n" +"Report-Msgid-Bugs-To: translations at gnupg.org\n" "PO-Revision-Date: 2014-11-16 16:08+0100\n" "Last-Translator: Milo Casagrande \n" "Language-Team: Italian \n" @@ -31,12 +31,10 @@ msgstr "impossibile generare un numero primo con meno di %d bit\n" msgid "no entropy gathering module detected\n" msgstr "modulo di raccolta entropia non rilevato\n" -#. Some unexpected open failure. #, c-format msgid "can't lock `%s': %s\n" msgstr "impossibile bloccare \"%s\": %s\n" -#. Show the first message after ~3.75 seconds. #, c-format msgid "waiting for lock on `%s'...\n" msgstr "attesa del blocco su \"%s\"...\n" @@ -59,9 +57,6 @@ msgstr "nota: il file random_seed ?? vuoto\n" msgid "WARNING: invalid size of random_seed file - not used\n" msgstr "ATTENZIONE: dimensioni del file random_seed non valide - non usato\n" -#. On a Unix system that should never happen. However, I can -#. imagine this error code on non-inode based systems. -#. A real read error. #, c-format msgid "can't read `%s': %s\n" msgstr "impossibile leggere \"%s\": %s\n" @@ -141,9 +136,6 @@ msgstr "la risposta non contiene l'esponente pubblico RSA\n" msgid "using default PIN as %s\n" msgstr "viene utilizzato come PIN predefinito %s\n" -#. Verification of CHV2 with the default PIN failed, -#. although the card pretends to have the default PIN set as -#. CHV2. We better disable the def_chv2 flag now. #, c-format msgid "failed to use default PIN as %s: %s - disabling further default use\n" msgstr "" @@ -303,12 +295,6 @@ msgstr "header dell'armatura: " msgid "invalid clearsig header\n" msgstr "header della firma in chiaro non valido\n" -#. Section 6.2: "Unknown keys should be reported to the user, -#. but OpenPGP should continue to process the message." Note -#. that in a clearsigned message this applies to the signature -#. part (i.e. "BEGIN PGP SIGNATURE") and not the signed data -#. ("BEGIN PGP SIGNED MESSAGE"). The only key allowed in the -#. signed data section is "Hash". msgid "unknown armor header: " msgstr "header dell'armatura sconosciuto: " @@ -318,7 +304,6 @@ msgstr "firme in chiaro annidate\n" msgid "unexpected armor: " msgstr "armatura inattesa: " -#. Bad dash-escaping. msgid "invalid dash escaped line: " msgstr "riga protetta con il trattino non valida: " @@ -366,7 +351,6 @@ msgstr "scheda OpenPGP non disponibile: %s\n" msgid "OpenPGP card no. %s detected\n" msgstr "rilevata scheda OpenPGP n. %s\n" -#. We don't yet support unattended key generation. msgid "can't do this in batch mode\n" msgstr "impossibile eseguire in modalit?? batch\n" @@ -554,7 +538,6 @@ msgstr " (2) Chiave di cifratura\n" msgid " (3) Authentication key\n" msgstr " (3) Chiave di autenticazione\n" -#. Okay. msgid "Invalid selection.\n" msgstr "Selezione non valida.\n" @@ -885,7 +868,6 @@ msgstr "in procinto di esportare una sottochiave non protetta\n" msgid "failed to unprotect the subkey: %s\n" msgstr "rimozione della protezione alla sottochiave non riuscita: %s\n" -#. I hope this warning doesn't confuse people. #, c-format msgid "WARNING: secret key %s does not have a simple SK checksum\n" msgstr "" @@ -2108,9 +2090,6 @@ msgstr "chiave %s: \"%s\" non cambiata\n" msgid "secret key %s: %s\n" msgstr "chiave segreta %s: %s\n" -#. We don't allow to import secret keys because that may be used -#. to put a secret key into the keyring and the user might later -#. be tricked into signing stuff with that key. msgid "importing secret keys not allowed\n" msgstr "importazione delle chiavi segrete non consentita\n" @@ -2126,7 +2105,6 @@ msgstr "nessun portachiavi segreto predefinito: %s\n" msgid "key %s: secret key imported\n" msgstr "chiave %s: chiave segreta importata\n" -#. we can't merge secret keys #, c-format msgid "key %s: already in secret keyring\n" msgstr "chiave %s: gi?? presente nel portachiavi segreto\n" @@ -2305,8 +2283,6 @@ msgstr "Trovato 1 ID utente senza auto-firma valida\n" msgid "%d user IDs without valid self-signatures detected\n" msgstr "Trovati %d ID utenti senza auto-firme valide\n" -#. Same string as pkclist.c:do_edit_ownertrust -#. This string also used in keyedit.c:trustsig_prompt msgid "" "Please decide how far you trust this user to correctly verify other users' " "keys\n" @@ -2386,8 +2362,6 @@ msgstr "" msgid "Do you want to issue a new signature to replace the expired one? (y/N) " msgstr "Emettere una nuova firma per sostituire quella scaduta? (s/N) " -#. It's a local sig, and we want to make a -#. exportable sig. #, c-format msgid "" "Your current signature on \"%s\"\n" @@ -2569,9 +2543,6 @@ msgstr "" "Firma gli ID utente selezionati [* controllare pi?? sotto per i relativi " "comandi]" -#. "lsign" and friends will never match since "sign" comes first -#. and it is a tail match. They are just here so they show up in -#. the help menu. msgid "sign selected user IDs locally" msgstr "Firma localmente gli ID utente selezionati" @@ -2882,6 +2853,14 @@ msgstr "" " potrebbe far diventare un altro ID utente quello primario\n" " predefinito.\n" +msgid "WARNING: Your encryption subkey expires soon.\n" +msgstr "" + +#, fuzzy +#| msgid "You can't change the expiration date of a v3 key\n" +msgid "You may want to change its expiration date too.\n" +msgstr "Non ?? possibile modificare la data di scadenza di una chiave v3\n" + msgid "" "WARNING: This is a PGP2-style key. Adding a photo ID may cause some " "versions\n" @@ -2965,9 +2944,6 @@ msgid "cannot appoint a PGP 2.x style key as a designated revoker\n" msgstr "" "impossibile nominare come revocatore designato una chiave in stile PGP 2.x\n" -#. This actually causes no harm (after all, a key that -#. designates itself as a revoker is the same as a -#. regular key), but it's easy enough to check. msgid "you cannot appoint a key as its own designated revoker\n" msgstr "" "impossibile nominare una chiave come revocatore designato di se stessa\n" @@ -3072,7 +3048,6 @@ msgstr "Creare un certificato di revoca per questa firma? (s/N) " msgid "Not signed by you.\n" msgstr "Non firmato dalla propria chiave.\n" -#. FIXME: detect duplicates here #, c-format msgid "You have signed these user IDs on key %s:\n" msgstr "Questi ID utente sono stati firmati sulla chiave %s:\n" @@ -3097,10 +3072,6 @@ msgstr "nessuna chiave segreta\n" msgid "user ID \"%s\" is already revoked\n" msgstr "l'ID utente \"%s\" ?? gi?? revocato\n" -#. Okay, this is a problem. The user ID selfsig was -#. created in the future, so we need to warn the user and -#. set our revocation timestamp one second after that so -#. everything comes out clean. #, c-format msgid "WARNING: a user ID signature is dated %d seconds in the future\n" msgstr "ATTENZIONE: una firma dell'ID utente ?? datata %d secondi nel futuro\n" @@ -3543,11 +3514,9 @@ msgstr " Impronta digitale chiave primaria:" msgid " Subkey fingerprint:" msgstr " Impronta digitale della sottochiave:" -#. use tty msgid " Key fingerprint =" msgstr " Impronta digitale della chiave =" -#. Handled elsewhere. msgid " Card serial no. =" msgstr " Numero di serie della scheda=" @@ -3676,6 +3645,10 @@ msgstr "" msgid "keyserver did not send VERSION\n" msgstr "il server di chiavi non ha inviato la VERSIONE\n" +#, c-format +msgid "keyserver communications error: %s\n" +msgstr "errore di comunicazione con server di chiavi: %s\n" + msgid "no keyserver known (use option --keyserver)\n" msgstr "nessun server di chiavi conosciuto (usare l'opzione --keyserver)\n" @@ -3703,10 +3676,6 @@ msgid "keyserver internal error\n" msgstr "errore interno del server di chiavi\n" #, c-format -msgid "keyserver communications error: %s\n" -msgstr "errore di comunicazione con server di chiavi: %s\n" - -#, c-format msgid "\"%s\" not a key ID: skipping\n" msgstr "\"%s\" non ?? ID di chiave: ignorato\n" @@ -3827,10 +3796,6 @@ msgstr " con %s chiave %s\n" msgid "Signature made %s using %s key ID %s\n" msgstr "Firma eseguita in data %s usando %s, ID chiave %s\n" -#. According to my favorite copy editor, in English -#. grammar, you say "at" if the key is located on a web -#. page, but "from" if it is located on a keyserver. I'm -#. not going to even try to make two strings here :) msgid "Key available at: " msgstr "Chiave disponibile presso: " @@ -3874,8 +3839,6 @@ msgstr "modo testo" msgid "unknown" msgstr "sconosciuto" -#. Not only signature packets in the tree thus this -#. is not a detached signature. #, c-format msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n" msgstr "" @@ -3977,7 +3940,6 @@ msgstr "opzione \"%s\" ambigua\n" msgid "unknown option `%s'\n" msgstr "opzione \"%s\" sconosciuta\n" -#. do not overwrite #, c-format msgid "File `%s' exists. " msgstr "Il file \"%s\" esiste. " @@ -4063,14 +4025,12 @@ msgstr "Ripetere la passphrase\n" msgid "Enter passphrase\n" msgstr "Digitare la passphrase\n" -#. 99 is GPG_ERR_CANCELED. msgid "cancelled by user\n" msgstr "annullato dall'utente\n" msgid "can't query passphrase in batch mode\n" msgstr "impossibile interrogare la passphrase in modalit?? batch\n" -#. Read the passphrase from the tty or the command-fd. msgid "Enter passphrase: " msgstr "Inserire la passphrase: " @@ -4156,8 +4116,6 @@ msgstr "ragione della revoca: " msgid "revocation comment: " msgstr "commento alla revoca: " -#. A string with valid answers. -#. #. TRANSLATORS: These are the allowed answers in lower and #. uppercase. Below you will find the matching strings which #. should be translated accordingly and the letter changed to @@ -4436,7 +4394,6 @@ msgstr "Forzato l'output con armatura ASCII.\n" msgid "make_keysig_packet failed: %s\n" msgstr "make_keysig_packet non riuscita: %s\n" -#. and issue a usage notice msgid "Revocation certificate created.\n" msgstr "Certificato di revoca creato.\n" @@ -4464,7 +4421,6 @@ msgstr "algoritmo di protezione sconosciuto\n" msgid "NOTE: This key is not protected!\n" msgstr "Nota: questa chiave non ?? protetta.\n" -#. and issue a usage notice msgid "" "Revocation certificate created.\n" "\n" @@ -4554,10 +4510,6 @@ msgstr "la chiave %s utilizza un hash non sicuro (%u bit)\n" msgid "DSA key %s requires a %u bit or larger hash\n" msgstr "la chiave DSA %s richiede un hash di %u bit o pi?? grande\n" -#. Sanity check that the md has a context for the hash that the -#. sig is expecting. This can happen if a onepass sig header does -#. not match the actual sig, and also if the clearsign "Hash:" -#. header is missing or does not match the actual sig. msgid "WARNING: signature digest conflict in message\n" msgstr "ATTENZIONE: conflitto del digest delle firme nel messaggio\n" @@ -4718,7 +4670,6 @@ msgstr "impronta digitale non valida" msgid "ownertrust value missing" msgstr "valore di fiducia del proprietario mancante" -#. error #, c-format msgid "error finding trust record in `%s': %s\n" msgstr "errore nella ricerca del record della fiducia in \"%s\": %s\n" @@ -5147,7 +5098,6 @@ msgstr "non cifrato" msgid "not processed" msgstr "non analizzato" -#. the key cannot be used for a specific usage msgid "unusable public key" msgstr "chiave pubblica inutilizzabile" diff --git a/po/ja.po b/po/ja.po index 4b76e2a..c7da6d7 100644 --- a/po/ja.po +++ b/po/ja.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg 1.3.92\n" -"Report-Msgid-Bugs-To: gnupg-i18n at gnupg.org\n" +"Report-Msgid-Bugs-To: translations at gnupg.org\n" "PO-Revision-Date: 2012-08-24 17:25+0200\n" "Last-Translator: IIDA Yosiaki \n" "Language-Team: Japanese \n" @@ -1823,6 +1823,10 @@ msgid "repair damage from the pks keyserver during import" msgstr "" #, fuzzy +msgid "do not clear the ownertrust values during import" +msgstr "??????????????????????" + +#, fuzzy msgid "do not update the trustdb after import" msgstr "??????????????????????" @@ -2821,6 +2825,14 @@ msgstr "" "????: ??????????????ID??????????????????????????????????\n" " ????????ID????????????????????????????????????\n" +msgid "WARNING: Your encryption subkey expires soon.\n" +msgstr "" + +#, fuzzy +#| msgid "You can't change the expiration date of a v3 key\n" +msgid "You may want to change its expiration date too.\n" +msgstr "v3????????????????????????????\n" + msgid "" "WARNING: This is a PGP2-style key. Adding a photo ID may cause some " "versions\n" @@ -3584,6 +3596,10 @@ msgstr " msgid "keyserver did not send VERSION\n" msgstr "????????????VERSION????????????????????\n" +#, c-format +msgid "keyserver communications error: %s\n" +msgstr "????????????????????: %s\n" + msgid "no keyserver known (use option --keyserver)\n" msgstr "???????????????????????????? (??????????--keyserver??????????????)\n" @@ -3609,10 +3625,6 @@ msgid "keyserver internal error\n" msgstr "??????????????????????\n" #, c-format -msgid "keyserver communications error: %s\n" -msgstr "????????????????????: %s\n" - -#, c-format msgid "\"%s\" not a key ID: skipping\n" msgstr "??%s????ID??????????????: ??????????\n" @@ -3779,6 +3791,10 @@ msgid "unknown" msgstr "??????" #, c-format +msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n" +msgstr "" + +#, c-format msgid "Can't check signature: %s\n" msgstr "????????????????????: %s\n" diff --git a/po/nb.po b/po/nb.po index a242fce..bb68689 100644 --- a/po/nb.po +++ b/po/nb.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg 1.4.3\n" -"Report-Msgid-Bugs-To: gnupg-i18n at gnupg.org\n" +"Report-Msgid-Bugs-To: translations at gnupg.org\n" "PO-Revision-Date: 2012-08-24 17:11+0200\n" "Last-Translator: Trond Endrest?l \n" "Language-Team: Norwegian Bokm?l \n" @@ -1760,6 +1760,11 @@ msgstr "" msgid "repair damage from the pks keyserver during import" msgstr "" +#, fuzzy +#| msgid "do not update the trustdb after import" +msgid "do not clear the ownertrust values during import" +msgstr "ikke oppdat?r tillitsdatabasen etter import" + msgid "do not update the trustdb after import" msgstr "ikke oppdat?r tillitsdatabasen etter import" @@ -2711,6 +2716,12 @@ msgid "" " cause a different user ID to become the assumed primary.\n" msgstr "" +msgid "WARNING: Your encryption subkey expires soon.\n" +msgstr "" + +msgid "You may want to change its expiration date too.\n" +msgstr "" + msgid "" "WARNING: This is a PGP2-style key. Adding a photo ID may cause some " "versions\n" @@ -3478,6 +3489,10 @@ msgstr "" msgid "keyserver did not send VERSION\n" msgstr "n?kkelserver sendte ikke VERSION\n" +#, c-format +msgid "keyserver communications error: %s\n" +msgstr "kommunikasjonsfeil med n?kkelserver: %s\n" + msgid "no keyserver known (use option --keyserver)\n" msgstr "" @@ -3503,10 +3518,6 @@ msgid "keyserver internal error\n" msgstr "intern feil ved n?kkelserver\n" #, c-format -msgid "keyserver communications error: %s\n" -msgstr "kommunikasjonsfeil med n?kkelserver: %s\n" - -#, c-format msgid "\"%s\" not a key ID: skipping\n" msgstr "" @@ -3673,6 +3684,10 @@ msgid "unknown" msgstr "ukjent" #, c-format +msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n" +msgstr "" + +#, c-format msgid "Can't check signature: %s\n" msgstr "" diff --git a/po/nl.po b/po/nl.po index 331b872..fa8a3f9 100644 --- a/po/nl.po +++ b/po/nl.po @@ -29,7 +29,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg 1.4.6\n" -"Report-Msgid-Bugs-To: gnupg-i18n at gnupg.org\n" +"Report-Msgid-Bugs-To: translations at gnupg.org\n" "PO-Revision-Date: 2014-11-24 12:23+0100\n" "Last-Translator: Frans Spiesschaert \n" "Language-Team: Debian Dutch l10n Team \n" @@ -2942,6 +2942,14 @@ msgstr "" "ID\n" " de veronderstelde primaire ID worden.\n" +msgid "WARNING: Your encryption subkey expires soon.\n" +msgstr "" + +#, fuzzy +#| msgid "You can't change the expiration date of a v3 key\n" +msgid "You may want to change its expiration date too.\n" +msgstr "U kunt de vervaldatum van een v3-sleutel niet veranderen\n" + msgid "" "WARNING: This is a PGP2-style key. Adding a photo ID may cause some " "versions\n" @@ -3739,6 +3747,10 @@ msgstr "" msgid "keyserver did not send VERSION\n" msgstr "sleutelserver verstuurde geen versie-informatie\n" +#, c-format +msgid "keyserver communications error: %s\n" +msgstr "fout in de communicatie met de sleutelserver: %s\n" + msgid "no keyserver known (use option --keyserver)\n" msgstr "er is geen sleutelserver bekend (gebruik optie --keyserver)\n" @@ -3766,10 +3778,6 @@ msgid "keyserver internal error\n" msgstr "sleutelserver geeft een interne fout\n" #, c-format -msgid "keyserver communications error: %s\n" -msgstr "fout in de communicatie met de sleutelserver: %s\n" - -#, c-format msgid "\"%s\" not a key ID: skipping\n" msgstr "\"%s\" is geen sleutel-ID: overgeslagen\n" diff --git a/po/pl.po b/po/pl.po index 3d42582..63a06ab 100644 --- a/po/pl.po +++ b/po/pl.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg-1.4.18\n" -"Report-Msgid-Bugs-To: gnupg-i18n at gnupg.org\n" +"Report-Msgid-Bugs-To: translations at gnupg.org\n" "PO-Revision-Date: 2014-11-21 20:41+0100\n" "Last-Translator: Jakub Bogusz \n" "Language-Team: Polish \n" @@ -2828,6 +2828,14 @@ msgstr "" " jako g????wny. Wykonanie tego polecenie mo??e wi??c spowodowa??\n" " wy??wietlanie innego identyfikatora jako domy??lnego g????wnego.\n" +msgid "WARNING: Your encryption subkey expires soon.\n" +msgstr "" + +#, fuzzy +#| msgid "You can't change the expiration date of a v3 key\n" +msgid "You may want to change its expiration date too.\n" +msgstr "Nie mo??na zmieni?? daty wa??no??ci klucza w wersji 3.\n" + msgid "" "WARNING: This is a PGP2-style key. Adding a photo ID may cause some " "versions\n" @@ -3605,6 +3613,10 @@ msgstr "" msgid "keyserver did not send VERSION\n" msgstr "serwer kluczy nie wys??a?? VERSION\n" +#, c-format +msgid "keyserver communications error: %s\n" +msgstr "b????d ????czno??ci z serwerem kluczy: %s\n" + msgid "no keyserver known (use option --keyserver)\n" msgstr "brak znanyk serwer??w kluczy (u??yj opcji --keyserver)\n" @@ -3632,10 +3644,6 @@ msgid "keyserver internal error\n" msgstr "b????d serwera kluczy\n" #, c-format -msgid "keyserver communications error: %s\n" -msgstr "b????d ????czno??ci z serwerem kluczy: %s\n" - -#, c-format msgid "\"%s\" not a key ID: skipping\n" msgstr ",,%s'' nie jest poprawnym identyfikatorem klucza, pomini??ty\n" @@ -3802,7 +3810,8 @@ msgstr "nieznany" #, c-format msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n" -msgstr "UWAGA: to nie jest podpis oddzielony; plik ,,%s'' NIE zosta?? sprawdzony!\n" +msgstr "" +"UWAGA: to nie jest podpis oddzielony; plik ,,%s'' NIE zosta?? sprawdzony!\n" #, c-format msgid "Can't check signature: %s\n" diff --git a/po/pt.po b/po/pt.po index 9c95055..d0aad65 100644 --- a/po/pt.po +++ b/po/pt.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg\n" -"Report-Msgid-Bugs-To: gnupg-i18n at gnupg.org\n" +"Report-Msgid-Bugs-To: translations at gnupg.org\n" "PO-Revision-Date: 2012-08-24 17:25+0200\n" "Last-Translator: Pedro Morais \n" "Language-Team: pt \n" @@ -1875,6 +1875,10 @@ msgid "repair damage from the pks keyserver during import" msgstr "" #, fuzzy +msgid "do not clear the ownertrust values during import" +msgstr "actualizar a base de dados de confian?a" + +#, fuzzy msgid "do not update the trustdb after import" msgstr "actualizar a base de dados de confian?a" @@ -2917,6 +2921,14 @@ msgid "" " cause a different user ID to become the assumed primary.\n" msgstr "" +msgid "WARNING: Your encryption subkey expires soon.\n" +msgstr "" + +#, fuzzy +#| msgid "You can't change the expiration date of a v3 key\n" +msgid "You may want to change its expiration date too.\n" +msgstr "Voc? n?o pode modificar a data de validade de uma chave v3\n" + msgid "" "WARNING: This is a PGP2-style key. Adding a photo ID may cause some " "versions\n" @@ -3711,6 +3723,10 @@ msgstr "" msgid "keyserver did not send VERSION\n" msgstr "" +#, fuzzy, c-format +msgid "keyserver communications error: %s\n" +msgstr "A gera??o de chaves falhou: %s\n" + msgid "no keyserver known (use option --keyserver)\n" msgstr "" @@ -3737,10 +3753,6 @@ msgstr "erro do servidor de chaves" msgid "keyserver internal error\n" msgstr "erro do servidor de chaves" -#, fuzzy, c-format -msgid "keyserver communications error: %s\n" -msgstr "A gera??o de chaves falhou: %s\n" - #, c-format msgid "\"%s\" not a key ID: skipping\n" msgstr "" @@ -3912,6 +3924,10 @@ msgid "unknown" msgstr "vers?o desconhecida" #, c-format +msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n" +msgstr "" + +#, c-format msgid "Can't check signature: %s\n" msgstr "Imposs?vel verificar assinatura: %s\n" diff --git a/po/pt_BR.po b/po/pt_BR.po index 0e2802c..75014b3 100644 --- a/po/pt_BR.po +++ b/po/pt_BR.po @@ -12,7 +12,7 @@ msgid "" msgstr "" "Project-Id-Version: GnuPG 1.0\n" -"Report-Msgid-Bugs-To: gnupg-i18n at gnupg.org\n" +"Report-Msgid-Bugs-To: translations at gnupg.org\n" "PO-Revision-Date: 2012-08-24 17:14+0200\n" "Last-Translator:\n" "Language-Team: ?\n" @@ -1840,6 +1840,10 @@ msgid "repair damage from the pks keyserver during import" msgstr "" #, fuzzy +msgid "do not clear the ownertrust values during import" +msgstr "atualizar o banco de dados de confiabilidade" + +#, fuzzy msgid "do not update the trustdb after import" msgstr "atualizar o banco de dados de confiabilidade" @@ -2863,6 +2867,14 @@ msgid "" " cause a different user ID to become the assumed primary.\n" msgstr "" +msgid "WARNING: Your encryption subkey expires soon.\n" +msgstr "" + +#, fuzzy +#| msgid "You can't change the expiration date of a v3 key\n" +msgid "You may want to change its expiration date too.\n" +msgstr "Voc? n?o pode modificar a data de validade de uma chave v3\n" + msgid "" "WARNING: This is a PGP2-style key. Adding a photo ID may cause some " "versions\n" @@ -3667,6 +3679,10 @@ msgstr "" msgid "keyserver did not send VERSION\n" msgstr "" +#, fuzzy, c-format +msgid "keyserver communications error: %s\n" +msgstr "enumera??o de chaves secretas falhou: %s\n" + msgid "no keyserver known (use option --keyserver)\n" msgstr "" @@ -3694,10 +3710,6 @@ msgid "keyserver internal error\n" msgstr "erro geral" #, fuzzy, c-format -msgid "keyserver communications error: %s\n" -msgstr "enumera??o de chaves secretas falhou: %s\n" - -#, fuzzy, c-format msgid "\"%s\" not a key ID: skipping\n" msgstr "%s n?o ? um mapa de caracteres v?lido\n" @@ -3868,6 +3880,10 @@ msgid "unknown" msgstr "vers?o desconhecida" #, c-format +msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n" +msgstr "" + +#, c-format msgid "Can't check signature: %s\n" msgstr "Imposs?vel verificar assinatura: %s\n" diff --git a/po/ro.po b/po/ro.po index a2c1c54..dd81ffe 100644 --- a/po/ro.po +++ b/po/ro.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg 1.4.10\n" -"Report-Msgid-Bugs-To: gnupg-i18n at gnupg.org\n" +"Report-Msgid-Bugs-To: translations at gnupg.org\n" "PO-Revision-Date: 2012-08-24 17:15+0200\n" "Last-Translator: Lauren??iu Buzdugan \n" "Language-Team: Romanian \n" @@ -1854,6 +1854,11 @@ msgstr "import?? semn??turi marcate ca numai-local" msgid "repair damage from the pks keyserver during import" msgstr "repar?? defectele de la serverul de chei pks la import" +#, fuzzy +#| msgid "do not update the trustdb after import" +msgid "do not clear the ownertrust values during import" +msgstr "nu actualiza baza de date de ??ncredere dup?? import" + msgid "do not update the trustdb after import" msgstr "nu actualiza baza de date de ??ncredere dup?? import" @@ -2847,6 +2852,14 @@ msgstr "" " Aceast?? comand?? poate cauza ca un alt ID utilizator\n" " s?? devin?? ID-ul utilizator primar presupus.\n" +msgid "WARNING: Your encryption subkey expires soon.\n" +msgstr "" + +#, fuzzy +#| msgid "You can't change the expiration date of a v3 key\n" +msgid "You may want to change its expiration date too.\n" +msgstr "Nu pute??i schimba data de expirare a unei chei v3\n" + msgid "" "WARNING: This is a PGP2-style key. Adding a photo ID may cause some " "versions\n" @@ -3622,6 +3635,10 @@ msgstr "" msgid "keyserver did not send VERSION\n" msgstr "serverul de chei nu a trimis VERSION (versiune)\n" +#, c-format +msgid "keyserver communications error: %s\n" +msgstr "eroare de comunicare server de chei: %s\n" + msgid "no keyserver known (use option --keyserver)\n" msgstr "nici un server de chei cunoscut (folosi??i op??iunea --keyserver)\n" @@ -3648,10 +3665,6 @@ msgid "keyserver internal error\n" msgstr "eroare intern?? server de chei\n" #, c-format -msgid "keyserver communications error: %s\n" -msgstr "eroare de comunicare server de chei: %s\n" - -#, c-format msgid "\"%s\" not a key ID: skipping\n" msgstr "\"%s\" nu este un ID de cheie: s??rit\n" @@ -3816,6 +3829,10 @@ msgid "unknown" msgstr "necunoscut" #, c-format +msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n" +msgstr "" + +#, c-format msgid "Can't check signature: %s\n" msgstr "Nu pot verifica semn??tura: %s\n" diff --git a/po/ru.po b/po/ru.po index 89c239c..5b7b0f8 100644 --- a/po/ru.po +++ b/po/ru.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: GnuPG 1.4.18\n" -"Report-Msgid-Bugs-To: gnupg-i18n at gnupg.org\n" +"Report-Msgid-Bugs-To: translations at gnupg.org\n" "PO-Revision-Date: 2015-02-12 17:16+0200\n" "Last-Translator: Ineiev \n" "Language-Team: Russian \n" @@ -2814,6 +2814,14 @@ msgstr "" " ???????????????? ?? ????????, ?????? ?????????????? ???????????? ?????????????????? ???????????? ID " "????????????????????????.\n" +msgid "WARNING: Your encryption subkey expires soon.\n" +msgstr "" + +#, fuzzy +#| msgid "You can't change the expiration date of a v3 key\n" +msgid "You may want to change its expiration date too.\n" +msgstr "???????????? ???????????????? ???????? ???????????????? ?????????? v3\n" + msgid "" "WARNING: This is a PGP2-style key. Adding a photo ID may cause some " "versions\n" @@ -3579,6 +3587,10 @@ msgstr "????????????????: ???????????????????? ?????????????? ???????????? ???? msgid "keyserver did not send VERSION\n" msgstr "???????????? ???????????? ???? ?????????????? VERSION\n" +#, c-format +msgid "keyserver communications error: %s\n" +msgstr "???????????? ?????????? ?? ???????????????? ????????????: %s\n" + msgid "no keyserver known (use option --keyserver)\n" msgstr "???? ???????????? ?????????????? ???????????? (?????????????????????? --keyserver)\n" @@ -3604,10 +3616,6 @@ msgid "keyserver internal error\n" msgstr "???????????????????? ???????????? ?????????????? ????????????\n" #, c-format -msgid "keyserver communications error: %s\n" -msgstr "???????????? ?????????? ?? ???????????????? ????????????: %s\n" - -#, c-format msgid "\"%s\" not a key ID: skipping\n" msgstr "\"%s\" ???? ?????????????????????????? ??????????: ????????????????\n" diff --git a/po/sk.po b/po/sk.po index 05178c9..74c0fa1 100644 --- a/po/sk.po +++ b/po/sk.po @@ -4,7 +4,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg 1.2.5\n" -"Report-Msgid-Bugs-To: gnupg-i18n at gnupg.org\n" +"Report-Msgid-Bugs-To: translations at gnupg.org\n" "PO-Revision-Date: 2012-08-24 17:16+0200\n" "Last-Translator: Michal Majer \n" "Language-Team: Slovak \n" @@ -1881,6 +1881,10 @@ msgid "repair damage from the pks keyserver during import" msgstr "" #, fuzzy +msgid "do not clear the ownertrust values during import" +msgstr "aktualizova? datab?zu d?very" + +#, fuzzy msgid "do not update the trustdb after import" msgstr "aktualizova? datab?zu d?very" @@ -2928,6 +2932,14 @@ msgstr "" "VAROVANIE: ?iadne ID u??vate?a nebolo ozna?en? ako prim?rne. Tento pr?kaz\n" "sp?sob?, ?e in? ID u??vate?a sa bude pova?ova? prim?rne.\n" +msgid "WARNING: Your encryption subkey expires soon.\n" +msgstr "" + +#, fuzzy +#| msgid "You can't change the expiration date of a v3 key\n" +msgid "You may want to change its expiration date too.\n" +msgstr "Nem??ete zmeni? dobu platnosti k???a verzie 3\n" + msgid "" "WARNING: This is a PGP2-style key. Adding a photo ID may cause some " "versions\n" @@ -3716,6 +3728,10 @@ msgstr "" msgid "keyserver did not send VERSION\n" msgstr "" +#, fuzzy, c-format +msgid "keyserver communications error: %s\n" +msgstr "nepodarilo sa prija? k??? zo servera: %s\n" + msgid "no keyserver known (use option --keyserver)\n" msgstr "" @@ -3742,10 +3758,6 @@ msgstr "chyba servera k msgid "keyserver internal error\n" msgstr "chyba servera k???ov" -#, fuzzy, c-format -msgid "keyserver communications error: %s\n" -msgstr "nepodarilo sa prija? k??? zo servera: %s\n" - #, c-format msgid "\"%s\" not a key ID: skipping\n" msgstr "" @@ -3920,6 +3932,10 @@ msgid "unknown" msgstr "nezn?me" #, c-format +msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n" +msgstr "" + +#, c-format msgid "Can't check signature: %s\n" msgstr "Nem??em overi? podpis: %s\n" diff --git a/po/sv.po b/po/sv.po index c58173a..3896b39 100644 --- a/po/sv.po +++ b/po/sv.po @@ -23,7 +23,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg 2.0\n" -"Report-Msgid-Bugs-To: gnupg-i18n at gnupg.org\n" +"Report-Msgid-Bugs-To: translations at gnupg.org\n" "PO-Revision-Date: 2012-08-24 17:17+0200\n" "Last-Translator: Daniel Nylander \n" "Language-Team: Swedish \n" @@ -1896,6 +1896,11 @@ msgstr "importera signaturer som ??r markerade som endast lokala" msgid "repair damage from the pks keyserver during import" msgstr "reparera skada fr??n pks-nyckelservern vid importering" +#, fuzzy +#| msgid "do not update the trustdb after import" +msgid "do not clear the ownertrust values during import" +msgstr "uppdatera inte tillitsdatabasen efter importering" + msgid "do not update the trustdb after import" msgstr "uppdatera inte tillitsdatabasen efter importering" @@ -2894,6 +2899,14 @@ msgstr "" "Detta kommando kan g??ra att en annan anv??ndaridentitet antas\n" "vara den prim??ra identiteten.\n" +msgid "WARNING: Your encryption subkey expires soon.\n" +msgstr "" + +#, fuzzy +#| msgid "You can't change the expiration date of a v3 key\n" +msgid "You may want to change its expiration date too.\n" +msgstr "Du kan inte ??ndra giltighetsdatum f??r en v3-nyckel\n" + msgid "" "WARNING: This is a PGP2-style key. Adding a photo ID may cause some " "versions\n" @@ -3678,6 +3691,10 @@ msgstr "VARNING: nyckelserverhanteraren fr??n en annan version av GnuPG (%s)\n" msgid "keyserver did not send VERSION\n" msgstr "nyckelserver skickade inte VERSION\n" +#, c-format +msgid "keyserver communications error: %s\n" +msgstr "kommunikationsfel mot nyckelserver: %s\n" + msgid "no keyserver known (use option --keyserver)\n" msgstr "ingen nyckelserver ??r k??nd (anv??nd flaggan --keyserver)\n" @@ -3703,10 +3720,6 @@ msgid "keyserver internal error\n" msgstr "internt fel i nyckelserver\n" #, c-format -msgid "keyserver communications error: %s\n" -msgstr "kommunikationsfel mot nyckelserver: %s\n" - -#, c-format msgid "\"%s\" not a key ID: skipping\n" msgstr "\"%s\" inte ett nyckel-id: hoppar ??ver\n" @@ -3881,6 +3894,10 @@ msgid "unknown" msgstr "ok??nd" #, c-format +msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n" +msgstr "" + +#, c-format msgid "Can't check signature: %s\n" msgstr "Kan inte kontrollera signaturen: %s\n" diff --git a/po/tr.po b/po/tr.po index 6bec2c2..667bdcc 100644 --- a/po/tr.po +++ b/po/tr.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg 1.4.1\n" -"Report-Msgid-Bugs-To: gnupg-i18n at gnupg.org\n" +"Report-Msgid-Bugs-To: translations at gnupg.org\n" "PO-Revision-Date: 2012-08-24 17:17+0200\n" "Last-Translator: Nilg??n Belma Bug??ner \n" "Language-Team: Turkish \n" @@ -1824,6 +1824,10 @@ msgid "repair damage from the pks keyserver during import" msgstr "" #, fuzzy +msgid "do not clear the ownertrust values during import" +msgstr "g??vence veritaban??n?? g??nceller" + +#, fuzzy msgid "do not update the trustdb after import" msgstr "g??vence veritaban??n?? g??nceller" @@ -2840,6 +2844,14 @@ msgstr "" " farkl?? bir kullan??c?? kimli??in birincil kullan??c?? kimlik olarak\n" " kabul edilmesini sa??layabilirsiniz.\n" +msgid "WARNING: Your encryption subkey expires soon.\n" +msgstr "" + +#, fuzzy +#| msgid "You can't change the expiration date of a v3 key\n" +msgid "You may want to change its expiration date too.\n" +msgstr "Bir v3 anahtar??n??n son kullanma tarihini de??i??tiremezsiniz\n" + msgid "" "WARNING: This is a PGP2-style key. Adding a photo ID may cause some " "versions\n" @@ -3621,6 +3633,10 @@ msgstr "UYARI: GnuPG'nin ba??ka bir s??r??m??n??n anahtar sunucusu eylemcisi (%s msgid "keyserver did not send VERSION\n" msgstr "anahtar sunucusu VERSION g??ndermiyor\n" +#, c-format +msgid "keyserver communications error: %s\n" +msgstr "anahtar sunucusuyla ileti??im hatas??: %s\n" + msgid "no keyserver known (use option --keyserver)\n" msgstr "bilinen bir anahtar sunucusu yok (--keyserver se??ene??ini kullan??n)\n" @@ -3646,10 +3662,6 @@ msgid "keyserver internal error\n" msgstr "anahtar sunucusu i?? hatas??\n" #, c-format -msgid "keyserver communications error: %s\n" -msgstr "anahtar sunucusuyla ileti??im hatas??: %s\n" - -#, c-format msgid "\"%s\" not a key ID: skipping\n" msgstr "\"%s\" bir anahtar kimli??i de??il: atlan??yor\n" @@ -3820,6 +3832,10 @@ msgid "unknown" msgstr "bilinmeyen" #, c-format +msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n" +msgstr "" + +#, c-format msgid "Can't check signature: %s\n" msgstr "??mza kontrol edilemedi: %s\n" diff --git a/po/uk.po b/po/uk.po index 3750118..d2feda6 100644 --- a/po/uk.po +++ b/po/uk.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg\n" -"Report-Msgid-Bugs-To: gnupg-i18n at gnupg.org\n" +"Report-Msgid-Bugs-To: translations at gnupg.org\n" "PO-Revision-Date: 2014-11-15 18:41+0200\n" "Last-Translator: Yuri Chornoivan \n" "Language-Team: Ukrainian \n" @@ -2876,6 +2876,14 @@ msgstr "" " ???????? ?????????????? ?????????? ?????????????? ???????????????? ?????????? ?????????????????????????? " "??????????????????????.\n" +msgid "WARNING: Your encryption subkey expires soon.\n" +msgstr "" + +#, fuzzy +#| msgid "You can't change the expiration date of a v3 key\n" +msgid "You may want to change its expiration date too.\n" +msgstr "???? ?????????? ?????????????????? ???????? ???????????????????? ???????????? ?????? ?????????? v3\n" + msgid "" "WARNING: This is a PGP2-style key. Adding a photo ID may cause some " "versions\n" @@ -3653,6 +3661,10 @@ msgstr "" msgid "keyserver did not send VERSION\n" msgstr "???????????? ???????????? ???? ???????????????? ???????????????? VERSION\n" +#, c-format +msgid "keyserver communications error: %s\n" +msgstr "?????????????? ?????? ?????? ???????????? ???????????? ?? ???????????????? ????????????: %s\n" + msgid "no keyserver known (use option --keyserver)\n" msgstr "" "???? ?????????????? ?????????????? ?????????????? ???????????? (?????????????????????????? ???????????????????? --keyserver)\n" @@ -3679,10 +3691,6 @@ msgid "keyserver internal error\n" msgstr "?????????????????? ?????????????? ?????????????? ????????????\n" #, c-format -msgid "keyserver communications error: %s\n" -msgstr "?????????????? ?????? ?????? ???????????? ???????????? ?? ???????????????? ????????????: %s\n" - -#, c-format msgid "\"%s\" not a key ID: skipping\n" msgstr "??%s?? ???? ?? ?????????????????????????????? ??????????: ??????????????????????\n" diff --git a/po/zh_CN.po b/po/zh_CN.po index 08da3c1..3594fe4 100644 --- a/po/zh_CN.po +++ b/po/zh_CN.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg 1.4.7\n" -"Report-Msgid-Bugs-To: gnupg-i18n at gnupg.org\n" +"Report-Msgid-Bugs-To: translations at gnupg.org\n" "PO-Revision-Date: 2012-08-24 17:18+0200\n" "Last-Translator: Meng Jie \n" "Language-Team: Chinese (simplified) \n" "Language-Team: Chinese (traditional) \n" @@ -1787,6 +1787,11 @@ msgstr "??????????????????????????????????????????" msgid "repair damage from the pks keyserver during import" msgstr "????????????????????? pks ????????????????????????" +#, fuzzy +#| msgid "do not update the trustdb after import" +msgid "do not clear the ownertrust values during import" +msgstr "????????????????????????????????????" + msgid "do not update the trustdb after import" msgstr "????????????????????????????????????" @@ -2750,6 +2755,14 @@ msgstr "" "??????: ????????????????????? ID ?????????????????? ID. ?????????????????????\n" " ???????????????????????? ID ??????????????? ID.\n" +msgid "WARNING: Your encryption subkey expires soon.\n" +msgstr "" + +#, fuzzy +#| msgid "You can't change the expiration date of a v3 key\n" +msgid "You may want to change its expiration date too.\n" +msgstr "??????????????? v3 ?????????????????????\n" + msgid "" "WARNING: This is a PGP2-style key. Adding a photo ID may cause some " "versions\n" @@ -3506,6 +3519,10 @@ msgstr "??????: ??????????????????????????????????????????????????? GnuPG (%s)\n msgid "keyserver did not send VERSION\n" msgstr "????????????????????????????????? (VERSION)\n" +#, c-format +msgid "keyserver communications error: %s\n" +msgstr "???????????????????????????: %s\n" + msgid "no keyserver known (use option --keyserver)\n" msgstr "?????????????????????????????? (?????? --keyserver ??????)\n" @@ -3531,10 +3548,6 @@ msgid "keyserver internal error\n" msgstr "???????????????????????????\n" #, c-format -msgid "keyserver communications error: %s\n" -msgstr "???????????????????????????: %s\n" - -#, c-format msgid "\"%s\" not a key ID: skipping\n" msgstr "\"%s\" ???????????? ID: ?????????\n" @@ -3699,6 +3712,10 @@ msgid "unknown" msgstr "??????" #, c-format +msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n" +msgstr "" + +#, c-format msgid "Can't check signature: %s\n" msgstr "??????????????????: %s\n" commit 47c2369bb723aac85caf848a7b563889e83bc88f Author: Werner Koch Date: Fri Feb 27 09:05:21 2015 +0100 po: Update German translation diff --git a/po/de.po b/po/de.po index 8b3ccd8..cec3495 100644 --- a/po/de.po +++ b/po/de.po @@ -7,8 +7,8 @@ msgid "" msgstr "" "Project-Id-Version: gnupg-1.4.8\n" -"Report-Msgid-Bugs-To: gnupg-i18n at gnupg.org\n" -"PO-Revision-Date: 2014-06-23 16:34+0200\n" +"Report-Msgid-Bugs-To: translations at gnupg.org\n" +"PO-Revision-Date: 2015-02-27 09:04+0100\n" "Last-Translator: Walter Koch \n" "Language-Team: German \n" "Language: de\n" @@ -1887,6 +1887,9 @@ msgstr "Importiere Signaturen, die als nicht exportf??hig markiert sind" msgid "repair damage from the pks keyserver during import" msgstr "Beseitige Besch??digung durch den Schl??sselserver w??hrend des Imports" +msgid "do not clear the ownertrust values during import" +msgstr "die \"Owner trust\" Werte beim Import nicht l??schen" + msgid "do not update the trustdb after import" msgstr "??ndern Sie die \"Trust\"-Datenbank nach dem Import nicht" @@ -2894,6 +2897,12 @@ msgstr "" "WARNUNG: Keine User-ID ist als prim??r markiert. Dieser Befehl kann\n" "dazu f??hren, da?? eine andere User-ID als prim??r angesehen wird.\n" +msgid "WARNING: Your encryption subkey expires soon.\n" +msgstr "WARNUNG: Ihr Unterschl??ssel zum Verschl??sseln wird bald verfallen.\n" + +msgid "You may want to change its expiration date too.\n" +msgstr "Bitte erw??gen Sie, dessen Verfallsdatum auch zu ??ndern.\n" + msgid "" "WARNING: This is a PGP2-style key. Adding a photo ID may cause some " "versions\n" @@ -3673,6 +3682,10 @@ msgstr "" msgid "keyserver did not send VERSION\n" msgstr "Schl??sselserver sendete VERSION nicht\n" +#, c-format +msgid "keyserver communications error: %s\n" +msgstr "Schl??sselserver-Daten??bertragunsfehler: %s\n" + msgid "no keyserver known (use option --keyserver)\n" msgstr "Kein Schl??sselserver bekannt (Option --keyserver verwenden)\n" @@ -3699,10 +3712,6 @@ msgid "keyserver internal error\n" msgstr "interner Fehler Schl??sselserver\n" #, c-format -msgid "keyserver communications error: %s\n" -msgstr "Schl??sselserver-Daten??bertragunsfehler: %s\n" - -#, c-format msgid "\"%s\" not a key ID: skipping\n" msgstr "\"%s\" ist keine Schl??ssel-ID: ??berspringe\n" @@ -3873,6 +3882,10 @@ msgid "unknown" msgstr "unbekannt" #, c-format +msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n" +msgstr "\"WARNUNG: Keine abgetrennte Signatur; die Datei '%s' wurde NICHT ??berpr??ft!\n" + +#, c-format msgid "Can't check signature: %s\n" msgstr "Unterschrift kann nicht gepr??ft werden: %s\n" ----------------------------------------------------------------------- Summary of changes: NEWS | 41 ++++++++++++++++++++++++++----- README | 6 ++--- configure.ac | 7 +++--- g10/gpg.c | 5 ++-- po/be.po | 23 +++++++++++++---- po/ca.po | 26 ++++++++++++++++---- po/cs.po | 22 +++++++++++++---- po/da.po | 27 ++++++++++++++++---- po/de.po | 27 +++++++++++++++----- po/el.po | 26 ++++++++++++++++---- po/eo.po | 26 ++++++++++++++++---- po/es.po | 18 ++++++++++---- po/et.po | 26 ++++++++++++++++---- po/fi.po | 26 ++++++++++++++++---- po/fr.po | 27 ++++++++++++++++---- po/gl.po | 26 ++++++++++++++++---- po/hu.po | 26 ++++++++++++++++---- po/id.po | 26 ++++++++++++++++---- po/it.po | 76 ++++++++++----------------------------------------------- po/ja.po | 26 ++++++++++++++++---- po/nb.po | 25 +++++++++++++++---- po/nl.po | 18 ++++++++++---- po/pl.po | 21 +++++++++++----- po/pt.po | 26 ++++++++++++++++---- po/pt_BR.po | 26 ++++++++++++++++---- po/ro.po | 27 ++++++++++++++++---- po/ru.po | 18 ++++++++++---- po/sk.po | 26 ++++++++++++++++---- po/sv.po | 27 ++++++++++++++++---- po/tr.po | 26 ++++++++++++++++---- po/uk.po | 18 ++++++++++---- po/zh_CN.po | 27 ++++++++++++++++---- po/zh_TW.po | 27 ++++++++++++++++---- util/argparse.c | 2 +- 34 files changed, 604 insertions(+), 223 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sat Feb 28 18:25:58 2015 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Sat, 28 Feb 2015 18:25:58 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-172-g5e66a4f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 5e66a4f8d5a63f58caeee367433dd8dd32346083 (commit) from 505decf5369970219ddc9e78a20f97c623957b78 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5e66a4f8d5a63f58caeee367433dd8dd32346083 Author: Jussi Kivilinna Date: Sat Feb 28 18:04:34 2015 +0200 Fix in-place encryption for OCB mode * cipher/cipher-ocb.c (ocb_checksum): New. (ocb_crypt): Move checksum calculation outside main crypt loop, do checksum calculation for encryption before inbuf is overwritten. * tests/basic.c (check_ocb_cipher): Rename to ... (do_check_ocb_cipher): ... to this and add argument for testing in-place encryption/decryption. (check_ocb_cipher): New. -- Signed-off-by: Jussi Kivilinna diff --git a/cipher/cipher-ocb.c b/cipher/cipher-ocb.c index 25466f0..652683c 100644 --- a/cipher/cipher-ocb.c +++ b/cipher/cipher-ocb.c @@ -299,6 +299,21 @@ _gcry_cipher_ocb_authenticate (gcry_cipher_hd_t c, const unsigned char *abuf, } +/* Checksumming for encrypt and decrypt. */ +static void ocb_checksum(unsigned char *chksum, const unsigned char *plainbuf, + size_t nblks) +{ + while (nblks > 0) + { + /* Checksum_i = Checksum_{i-1} xor P_i */ + buf_xor_1(chksum, plainbuf, OCB_BLOCK_LEN); + + plainbuf += OCB_BLOCK_LEN; + nblks--; + } +} + + /* Common code for encrypt and decrypt. */ static gcry_err_code_t ocb_crypt (gcry_cipher_hd_t c, int encrypt, @@ -308,6 +323,7 @@ ocb_crypt (gcry_cipher_hd_t c, int encrypt, unsigned char l_tmp[OCB_BLOCK_LEN]; unsigned int burn = 0; unsigned int nburn; + size_t nblks = inbuflen / OCB_BLOCK_LEN; /* Check that a nonce and thus a key has been set and that we are not yet in end of data state. */ @@ -324,6 +340,12 @@ ocb_crypt (gcry_cipher_hd_t c, int encrypt, else if ((inbuflen % OCB_BLOCK_LEN)) return GPG_ERR_INV_LENGTH; /* We support only full blocks for now. */ + if (encrypt) + { + /* Checksum_i = Checksum_{i-1} xor P_i */ + ocb_checksum (c->u_ctr.ctr, inbuf, nblks); + } + /* Encrypt all full blocks. */ while (inbuflen >= OCB_BLOCK_LEN) { @@ -341,15 +363,18 @@ ocb_crypt (gcry_cipher_hd_t c, int encrypt, burn = nburn > burn ? nburn : burn; buf_xor_1 (outbuf, c->u_iv.iv, OCB_BLOCK_LEN); - /* Checksum_i = Checksum_{i-1} xor P_i */ - buf_xor_1 (c->u_ctr.ctr, encrypt? inbuf : outbuf, OCB_BLOCK_LEN); - inbuf += OCB_BLOCK_LEN; inbuflen -= OCB_BLOCK_LEN; outbuf += OCB_BLOCK_LEN; outbuflen =- OCB_BLOCK_LEN; } + if (!encrypt) + { + /* Checksum_i = Checksum_{i-1} xor P_i */ + ocb_checksum (c->u_ctr.ctr, outbuf - nblks * OCB_BLOCK_LEN, nblks); + } + /* Encrypt final partial block. Note that we expect INBUFLEN to be shorter than OCB_BLOCK_LEN (see above). */ if (inbuflen) diff --git a/tests/basic.c b/tests/basic.c index 869b381..6ebc056 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -2781,7 +2781,7 @@ check_ccm_cipher (void) static void -check_ocb_cipher (void) +do_check_ocb_cipher (int inplace) { /* Note that we use hex strings and not binary strings in TV. That makes it easier to maintain the test vectors. */ @@ -3028,7 +3028,18 @@ check_ocb_cipher (void) err = gcry_cipher_final (hde); if (!err) - err = gcry_cipher_encrypt (hde, out, MAX_DATA_LEN, plain, plainlen); + { + if (inplace) + { + memcpy(out, plain, plainlen); + err = gcry_cipher_encrypt (hde, out, plainlen, NULL, 0); + } + else + { + err = gcry_cipher_encrypt (hde, out, MAX_DATA_LEN, + plain, plainlen); + } + } if (err) { fail ("cipher-ocb, gcry_cipher_encrypt failed (tv %d): %s\n", @@ -3075,7 +3086,19 @@ check_ocb_cipher (void) /* Now for the decryption. */ err = gcry_cipher_final (hdd); if (!err) - err = gcry_cipher_decrypt (hdd, out, plainlen, NULL, 0); + { + if (inplace) + { + err = gcry_cipher_decrypt (hdd, out, plainlen, NULL, 0); + } + else + { + unsigned char tmp[MAX_DATA_LEN]; + + memcpy(tmp, out, plainlen); + err = gcry_cipher_decrypt (hdd, out, plainlen, tmp, plainlen); + } + } if (err) { fail ("cipher-ocb, gcry_cipher_decrypt (tv %d) failed: %s\n", @@ -3130,6 +3153,18 @@ check_ocb_cipher (void) static void +check_ocb_cipher (void) +{ + /* Check OCB cipher with separate destination and source buffers for + * encryption/decryption. */ + do_check_ocb_cipher(0); + + /* Check OCB cipher with inplace encrypt/decrypt. */ + do_check_ocb_cipher(1); +} + + +static void check_stream_cipher (void) { static const struct tv ----------------------------------------------------------------------- Summary of changes: cipher/cipher-ocb.c | 31 ++++++++++++++++++++++++++++--- tests/basic.c | 41 ++++++++++++++++++++++++++++++++++++++--- 2 files changed, 66 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org