[git] GnuPG - branch, master, updated. gnupg-2.1.9-71-g0d37a40
by Werner Koch
cvs at cvs.gnupg.org
Mon Oct 26 16:43:09 CET 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 0d37a40fc34519e93af3ceffff2cd726d29576d3 (commit)
via 68100b4a0b6118cfd2813fa73ace0df441079379 (commit)
via 4524a2a3714f263d56bb7db349c169b456994fd9 (commit)
via 7735bbe539af35ce16e270946d5ae798c5989d6e (commit)
from c18fb0d99b633bb267dead6e7c46229f4b780bc3 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 0d37a40fc34519e93af3ceffff2cd726d29576d3
Author: Werner Koch <wk at gnupg.org>
Date: Mon Oct 26 16:38:41 2015 +0100
w32: Make it build again if Tofu support is not available.
* g10/keylist.c (public_key_list) [!USE_TOFU]: Do not call tofu
functions.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/g10/keylist.c b/g10/keylist.c
index d4e6b74..509cf7c 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -132,7 +132,9 @@ public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode)
which is associated with the inode of a deleted file. */
check_trustdb_stale ();
+#ifdef USE_TOFU
tofu_begin_batch_update ();
+#endif
if (locate_mode)
locate_one (ctrl, list);
@@ -141,7 +143,9 @@ public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode)
else
list_one (ctrl, list, 0, opt.with_secret);
+#ifdef USE_TOFU
tofu_end_batch_update ();
+#endif
}
commit 68100b4a0b6118cfd2813fa73ace0df441079379
Author: Werner Koch <wk at gnupg.org>
Date: Mon Oct 26 16:32:32 2015 +0100
dirmngr: Add example Tor hidden service.
--
diff --git a/README b/README
index 6ad3e51..f1215ef 100644
--- a/README
+++ b/README
@@ -169,7 +169,7 @@
"https://gnupg.org/faq/whats-new-in-2.1.html" .
The primary WWW page is "https://www.gnupg.org"
- or using TOR "http://ic6au7wa3f6naxjq.onion"
+ or using Tor "http://ic6au7wa3f6naxjq.onion"
The primary FTP site is "ftp://ftp.gnupg.org/gcrypt/"
See [[https://gnupg.org/download/mirrors.html]] for a list of
diff --git a/g10/dirmngr-conf.skel b/g10/dirmngr-conf.skel
index 8857843..2ba5e4d 100644
--- a/g10/dirmngr-conf.skel
+++ b/g10/dirmngr-conf.skel
@@ -29,6 +29,9 @@
# Example HKP keyservers:
# hkp://keys.gnupg.net
#
+# Example HKP keyserver using a Tor hidden service
+# hkp://dyh2j3qyrirn43iw.onion
+#
# Example HKPS keyservers (see --hkp-cacert below):
# hkps://hkps.pool.sks-keyservers.net
#
commit 4524a2a3714f263d56bb7db349c169b456994fd9
Author: Werner Koch <wk at gnupg.org>
Date: Mon Oct 26 16:32:03 2015 +0100
dirmngr: Support Tor hidden services.
* dirmngr/dns-stuff.c (is_onion_address): New.
* dirmngr/ks-engine-hkp.c (hostinfo_s): Add field "onion".
(map_host): Special case onion addresses.
(ks_hkp_print_hosttable): Print an 'O' for an onion address.
* dirmngr/http.c (connect_server): Special case onion addresses.
--
Note that this requires the latest libassuan from git. Onion addresses
are always support regardless of the --use-tor flag.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
index c80ee1d..21e5610 100644
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@@ -403,6 +403,20 @@ is_ip_address (const char *name)
}
+/* Return true if NAME is an onion address. */
+int
+is_onion_address (const char *name)
+{
+ size_t len;
+
+ len = name? strlen (name) : 0;
+ if (len < 8 || strcmp (name + len - 6, ".onion"))
+ return 0;
+ /* Note that we require at least 2 characters before the suffix. */
+ return 1; /* Yes. */
+}
+
+
#ifdef USE_ADNS
/* Init ADNS and store the new state at R_STATE. Returns 0 on
success; prints an error message and returns an error code on
diff --git a/dirmngr/dns-stuff.h b/dirmngr/dns-stuff.h
index c3effad..515a859 100644
--- a/dirmngr/dns-stuff.h
+++ b/dirmngr/dns-stuff.h
@@ -110,6 +110,9 @@ gpg_error_t resolve_dns_addr (const struct sockaddr *addr, int addrlen,
/* Return true if NAME is a numerical IP address. */
int is_ip_address (const char *name);
+/* Return true if NAME is an onion address. */
+int is_onion_address (const char *name);
+
/* Get the canonical name for NAME. */
gpg_error_t get_dns_cname (const char *name, char **r_cname);
diff --git a/dirmngr/http.c b/dirmngr/http.c
index 1a7c1ff..9e2ba90 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -2212,6 +2212,32 @@ connect_server (const char *server, unsigned short port,
init_sockets ();
#endif /*Windows*/
+ /* Onion addresses require special treatment. */
+ if (is_onion_address (server))
+ {
+#ifdef ASSUAN_SOCK_TOR
+
+ my_unprotect ();
+ sock = assuan_sock_connect_byname (server, port, 0, NULL,
+ ASSUAN_SOCK_TOR);
+ my_protect ();
+
+ if (sock == ASSUAN_INVALID_FD)
+ {
+ if (errno == EHOSTUNREACH)
+ *r_host_not_found = 1;
+ log_error ("can't connect to '%s': %s\n", server, strerror (errno));
+ }
+ return sock;
+
+#else /*!ASSUAN_SOCK_TOR*/
+
+ gpg_err_set_errno (ENETUNREACH);
+ return -1; /* Out of core. */
+
+#endif /*!HASSUAN_SOCK_TOR*/
+ }
+
#ifdef USE_DNS_SRV
/* Do the SRV thing */
if (srvtag)
diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index 340b012..a658727 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -80,6 +80,7 @@ struct hostinfo_s
int poolidx; /* Index into POOL with the used host. -1 if not set. */
unsigned int v4:1; /* Host supports AF_INET. */
unsigned int v6:1; /* Host supports AF_INET6. */
+ unsigned int onion:1;/* NAME is an onion (Tor HS) address. */
unsigned int dead:1; /* Host is currently unresponsive. */
time_t died_at; /* The time the host was marked dead. If this is
0 the host has been manually marked dead. */
@@ -124,6 +125,7 @@ create_new_hostinfo (const char *name)
hi->lastfail = (time_t)(-1);
hi->v4 = 0;
hi->v6 = 0;
+ hi->onion = 0;
hi->dead = 0;
hi->died_at = 0;
hi->cname = NULL;
@@ -267,7 +269,15 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
/* See whether the host is in our table. */
idx = find_hostinfo (name);
- if (idx == -1)
+ if (idx == -1 && is_onion_address (name))
+ {
+ idx = create_new_hostinfo (name);
+ if (idx == -1)
+ return gpg_error_from_syserror ();
+ hi = hosttable[idx];
+ hi->onion = 1;
+ }
+ else if (idx == -1)
{
/* We never saw this host. Allocate a new entry. */
dns_addrinfo_t aibuf, ai;
@@ -512,6 +522,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
*r_httpflags |= HTTP_FLAG_IGNORE_IPv4;
if (!hi->v6)
*r_httpflags |= HTTP_FLAG_IGNORE_IPv6;
+
+ /* Note that we do not set the HTTP_FLAG_FORCE_TOR for onion
+ addresses because the http module detects this itself. This
+ also allows us to use an onion address without Tor mode being
+ enabled. */
}
*r_host = xtrystrdup (hi->name);
@@ -683,7 +698,9 @@ ks_hkp_print_hosttable (ctrl_t ctrl)
else
diedstr = died = NULL;
err = ks_printf_help (ctrl, "%3d %s %s %s %s%s%s%s%s%s%s%s\n",
- idx, hi->v6? "6":" ", hi->v4? "4":" ",
+ idx,
+ hi->onion? "O" : hi->v6? "6":" ",
+ hi->v4? "4":" ",
hi->dead? "d":" ",
hi->name,
hi->v6addr? " v6=":"",
commit 7735bbe539af35ce16e270946d5ae798c5989d6e
Author: Werner Koch <wk at gnupg.org>
Date: Mon Oct 26 15:53:31 2015 +0100
dirmngr,w32: Remove gethostbyname hack and make it build again.
* dirmngr/http.c (connect_server) [W32]: Remove gethostbyname hack;
we require getaddrinfo anyway.
* dirmngr/dns-stuff.c (AI_ADDRCONFIG): Add replacement if not defined.
(map_eai_to_gpg_error) [W32]: Take care of unsupported codes.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
index f3b622d..c80ee1d 100644
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@@ -59,6 +59,11 @@
# error AF_UNSPEC does not have the value 0
#endif
+/* Windows does not support tge AI_ADDRCONFIG flag - use zero instead. */
+#ifndef AI_ADDRCONFIG
+# define AI_ADDRCONFIG 0
+#endif
+
/* Not every installation has gotten around to supporting SRVs or
CERTs yet... */
#ifndef T_SRV
@@ -115,10 +120,12 @@ map_eai_to_gpg_error (int ec)
case EAI_NODATA: err = gpg_error (GPG_ERR_NO_DATA); break;
case EAI_NONAME: err = gpg_error (GPG_ERR_NO_NAME); break;
case EAI_SERVICE: err = gpg_error (GPG_ERR_NOT_SUPPORTED); break;
- case EAI_ADDRFAMILY:err = gpg_error (GPG_ERR_EADDRNOTAVAIL); break;
case EAI_FAMILY: err = gpg_error (GPG_ERR_EAFNOSUPPORT); break;
case EAI_SOCKTYPE: err = gpg_error (GPG_ERR_ESOCKTNOSUPPORT); break;
+#ifndef HAVE_W32_SYSTEM
+ case EAI_ADDRFAMILY:err = gpg_error (GPG_ERR_EADDRNOTAVAIL); break;
case EAI_SYSTEM: err = gpg_error_from_syserror (); break;
+#endif
default: err = gpg_error (GPG_ERR_UNKNOWN_ERRNO); break;
}
return err;
diff --git a/dirmngr/http.c b/dirmngr/http.c
index de5edc3..1a7c1ff 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -2205,46 +2205,12 @@ connect_server (const char *server, unsigned short port,
int srv, connected;
int last_errno = 0;
struct srventry *serverlist = NULL;
-#ifdef HAVE_W32_SYSTEM
- unsigned long inaddr;
-#endif
int ret;
*r_host_not_found = 0;
-#ifdef HAVE_W32_SYSTEM
-
-#ifndef HTTP_NO_WSASTARTUP
+#if defined(HAVE_W32_SYSTEM) && !defined(HTTP_NO_WSASTARTUP)
init_sockets ();
-#endif
- /* Win32 gethostbyname doesn't handle IP addresses internally, so we
- try inet_addr first on that platform only. */
- inaddr = inet_addr(server);
- if ( inaddr != INADDR_NONE )
- {
- struct sockaddr_in addr;
-
- memset(&addr,0,sizeof(addr));
-
- sock = assuan_sock_new (AF_INET, SOCK_STREAM, 0);
- if (sock == ASSUAN_INVALID_FD)
- {
- log_error ("error creating socket: %s\n", strerror (errno));
- return ASSUAN_INVALID_FD;
- }
-
- addr.sin_family = AF_INET;
- addr.sin_port = htons(port);
- memcpy (&addr.sin_addr,&inaddr,sizeof(inaddr));
-
- my_unprotect ();
- ret = assuan_sock_connect (sock,(struct sockaddr *)&addr,sizeof(addr));
- my_protect ();
- if (!ret)
- return sock;
- assuan_sock_close (sock);
- return ASSUAN_INVALID_FD;
- }
-#endif /*HAVE_W32_SYSTEM*/
+#endif /*Windows*/
#ifdef USE_DNS_SRV
/* Do the SRV thing */
-----------------------------------------------------------------------
Summary of changes:
README | 2 +-
dirmngr/dns-stuff.c | 23 ++++++++++++++++++++++-
dirmngr/dns-stuff.h | 3 +++
dirmngr/http.c | 50 +++++++++++++++++++++----------------------------
dirmngr/ks-engine-hkp.c | 21 +++++++++++++++++++--
g10/dirmngr-conf.skel | 3 +++
g10/keylist.c | 4 ++++
7 files changed, 73 insertions(+), 33 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list