From cvs at cvs.gnupg.org Mon Aug 1 11:19:15 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Mon, 01 Aug 2016 11:19:15 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.14-30-gc971ff0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via c971ff0823d9a649b32fd9f169a12abc3095246e (commit) from 9e799b0e4f131126b80a5d3272c36d52b8ba1720 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c971ff0823d9a649b32fd9f169a12abc3095246e Author: Justus Winter Date: Mon Aug 1 11:08:43 2016 +0200 tests: Distribute standalone test runner. * tests/openpgp/Makefile.am (EXTRA_DIST): Add missing file 'run-tests.scm'. GnuPG-bug-id: 2431 Signed-off-by: Justus Winter diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am index fa02a93..7983d6f 100644 --- a/tests/openpgp/Makefile.am +++ b/tests/openpgp/Makefile.am @@ -159,7 +159,7 @@ sample_msgs = samplemsgs/issue2419.asc EXTRA_DIST = defs.inc defs.scm pinentry.sh $(TESTS) $(TEST_FILES) \ mkdemodirs signdemokey $(priv_keys) $(sample_keys) \ - $(sample_msgs) ChangeLog-2011 + $(sample_msgs) ChangeLog-2011 run-tests.scm CLEANFILES = prepared.stamp x y yy z out err $(data_files) \ plain-1 plain-2 plain-3 trustdb.gpg *.lock .\#lk* \ ----------------------------------------------------------------------- Summary of changes: tests/openpgp/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Aug 1 12:35:37 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Mon, 01 Aug 2016 12:35:37 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.14-31-g40365b2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 40365b28c3fdf087fd58401f5a6f42f9d7d29d20 (commit) from c971ff0823d9a649b32fd9f169a12abc3095246e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 40365b28c3fdf087fd58401f5a6f42f9d7d29d20 Author: Justus Winter Date: Mon Aug 1 12:32:36 2016 +0200 gpgsm: Fix machine-readable key listing. * sm/keylist.c (list_cert_colon): Drop superfluous colon. GnuPG-bug-id: 2432 Signed-off-by: Justus Winter diff --git a/sm/keylist.c b/sm/keylist.c index dab1295..0d975c3 100644 --- a/sm/keylist.c +++ b/sm/keylist.c @@ -494,7 +494,6 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity, es_putc (':', fp); /* Field 12, capabilities: */ print_capabilities (cert, fp); - es_putc (':', fp); /* Field 13, not used: */ es_putc (':', fp); if (have_secret || ctrl->with_secret) ----------------------------------------------------------------------- Summary of changes: sm/keylist.c | 1 - 1 file changed, 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Aug 1 18:00:05 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Mon, 01 Aug 2016 18:00:05 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.7-20-gad390f2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via ad390f29df34ef73f2393a8ad97cbe2d60af31e7 (commit) via fe5bb475da08cb46242825d5abe5b4d27e6086e3 (commit) via abf4f9924412c7afb6ce6c08eeda81b4c5365ab5 (commit) from ed066c261594de69c3c2aeaac98aeaf74bbb5f9e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ad390f29df34ef73f2393a8ad97cbe2d60af31e7 Author: Justus Winter Date: Mon Aug 1 17:49:50 2016 +0200 gtk2: Be more persistent trying to grab the keyboard. We seem to get the 'visibility-notify' event before X is willing to let us grab the keyboard, insisting that the target window is not viewable (sic). * gtk+-2/pinentry-gtk-2.c (grab_keyboard): Retry grabbing the keyboard. GnuPG-bug-id: 2375 Signed-off-by: Justus Winter diff --git a/gtk+-2/pinentry-gtk-2.c b/gtk+-2/pinentry-gtk-2.c index 3fff176..0e6b8ff 100644 --- a/gtk+-2/pinentry-gtk-2.c +++ b/gtk+-2/pinentry-gtk-2.c @@ -165,13 +165,17 @@ static int grab_keyboard (GtkWidget *win, GdkEvent *event, gpointer data) { GdkGrabStatus err; + int tries = 0, max_tries = 4096; (void)data; if (! pinentry->grab) return FALSE; - err = gdk_keyboard_grab (gtk_widget_get_window (win), - FALSE, gdk_event_get_time (event)); + do + err = gdk_keyboard_grab (gtk_widget_get_window (win), + FALSE, gdk_event_get_time (event)); + while (tries++ < max_tries && err == GDK_GRAB_NOT_VIEWABLE); + if (err) { g_critical ("could not grab keyboard: %s (%d)", @@ -180,6 +184,9 @@ grab_keyboard (GtkWidget *win, GdkEvent *event, gpointer data) gtk_main_quit (); } + if (tries > 1) + g_warning ("it took %d tries to grab the keyboard", tries); + return FALSE; } commit fe5bb475da08cb46242825d5abe5b4d27e6086e3 Author: Justus Winter Date: Mon Aug 1 17:18:32 2016 +0200 gtk2: Print keyboard grabbing errors. * gtk+-2/pinentry-gtk-2.c (grab_strerror): New function. (grab_keyboard): Use the new function to print the error. Signed-off-by: Justus Winter diff --git a/gtk+-2/pinentry-gtk-2.c b/gtk+-2/pinentry-gtk-2.c index 98d4fc2..3fff176 100644 --- a/gtk+-2/pinentry-gtk-2.c +++ b/gtk+-2/pinentry-gtk-2.c @@ -145,22 +145,41 @@ make_transient (GtkWidget *win, GdkEvent *event, gpointer data) } +/* Convert GdkGrabStatus to string. */ +static const char * +grab_strerror (GdkGrabStatus status) +{ + switch (status) { + case GDK_GRAB_SUCCESS: return "success"; + case GDK_GRAB_ALREADY_GRABBED: return "already grabbed"; + case GDK_GRAB_INVALID_TIME: return "invalid time"; + case GDK_GRAB_NOT_VIEWABLE: return "not viewable"; + case GDK_GRAB_FROZEN: return "frozen"; + } + return "unknown"; +} + + /* Grab the keyboard for maximum security */ static int grab_keyboard (GtkWidget *win, GdkEvent *event, gpointer data) { + GdkGrabStatus err; (void)data; if (! pinentry->grab) return FALSE; - if (gdk_keyboard_grab (gtk_widget_get_window (win), - FALSE, gdk_event_get_time (event))) + err = gdk_keyboard_grab (gtk_widget_get_window (win), + FALSE, gdk_event_get_time (event)); + if (err) { - g_critical ("could not grab keyboard"); + g_critical ("could not grab keyboard: %s (%d)", + grab_strerror (err), err); grab_failed = 1; gtk_main_quit (); } + return FALSE; } commit abf4f9924412c7afb6ce6c08eeda81b4c5365ab5 Author: Justus Winter Date: Mon Aug 1 15:01:21 2016 +0200 gtk2: Avoid possible format string troubles. * gtk+-2/pinentry-gtk-2.c (confirm_unhiding): Do not use message as format string. Signed-off-by: Justus Winter diff --git a/gtk+-2/pinentry-gtk-2.c b/gtk+-2/pinentry-gtk-2.c index 28b4fdc..98d4fc2 100644 --- a/gtk+-2/pinentry-gtk-2.c +++ b/gtk+-2/pinentry-gtk-2.c @@ -389,7 +389,7 @@ confirm_unhiding (void) GTK_DIALOG_MODAL, GTK_MESSAGE_WARNING, GTK_BUTTONS_NONE, - message); + "%s", message); gtk_dialog_add_buttons (GTK_DIALOG (dialog), GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, show_btn_label, GTK_RESPONSE_OK, ----------------------------------------------------------------------- Summary of changes: gtk+-2/pinentry-gtk-2.c | 34 ++++++++++++++++++++++++++++++---- 1 file changed, 30 insertions(+), 4 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Tue Aug 2 12:47:44 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 02 Aug 2016 12:47:44 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.7-21-g2f1f1f0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 2f1f1f06c1885d2f5a30ea734359613609be0743 (commit) from ad390f29df34ef73f2393a8ad97cbe2d60af31e7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2f1f1f06c1885d2f5a30ea734359613609be0743 Author: Justus Winter Date: Tue Aug 2 12:34:07 2016 +0200 gtk2: Also grab the pointer. * gtk+-2/pinentry-gtk-2.c (grab_pointer): New function. (ungrab_keyboard): Rename to 'ungrab_inputs' and also release the pointer grab. (create_window): Also grab the pointer. GnuPG-bug-id: 2430 Signed-off-by: Justus Winter diff --git a/gtk+-2/pinentry-gtk-2.c b/gtk+-2/pinentry-gtk-2.c index 0e6b8ff..cd6270f 100644 --- a/gtk+-2/pinentry-gtk-2.c +++ b/gtk+-2/pinentry-gtk-2.c @@ -191,13 +191,53 @@ grab_keyboard (GtkWidget *win, GdkEvent *event, gpointer data) } -/* Remove grab. */ +/* Grab the pointer to prevent the user from accidentally locking + herself out of her graphical interface. */ static int -ungrab_keyboard (GtkWidget *win, GdkEvent *event, gpointer data) +grab_pointer (GtkWidget *win, GdkEvent *event, gpointer data) { + GdkGrabStatus err; + GdkCursor *cursor; + int tries = 0, max_tries = 4096; (void)data; + /* Change the cursor for the duration of the grab to indicate that + something is going on. */ + /* XXX: It would be nice to have a key cursor, unfortunately there + is none readily available. */ + cursor = gdk_cursor_new_for_display (gtk_widget_get_display (win), + GDK_DOT); + + do + err = gdk_pointer_grab (gtk_widget_get_window (win), + TRUE, 0 /* event mask */, + NULL /* confine to */, + cursor, + gdk_event_get_time (event)); + while (tries++ < max_tries && err == GDK_GRAB_NOT_VIEWABLE); + + if (err) + { + g_critical ("could not grab pointer: %s (%d)", + grab_strerror (err), err); + grab_failed = 1; + gtk_main_quit (); + } + + if (tries > 1) + g_warning ("it took %d tries to grab the pointer", tries); + + return FALSE; +} + + +/* Remove all grabs and restore the windows transient state. */ +static int +ungrab_inputs (GtkWidget *win, GdkEvent *event, gpointer data) +{ + (void)data; gdk_keyboard_ungrab (gdk_event_get_time (event)); + gdk_pointer_ungrab (gdk_event_get_time (event)); /* Unmake window transient for the root window. */ /* gdk_window_set_transient_for cannot be used with parent = NULL to unset transient hint (unlike gtk_ version which can). Replacement @@ -548,9 +588,13 @@ create_window (pinentry_t ctx) ? "visibility-notify-event" : "focus-in-event", G_CALLBACK (grab_keyboard), NULL); + if (pinentry->grab) + g_signal_connect (G_OBJECT (win), + "visibility-notify-event", + G_CALLBACK (grab_pointer), NULL); g_signal_connect (G_OBJECT (win), pinentry->grab ? "unmap-event" : "focus-out-event", - G_CALLBACK (ungrab_keyboard), NULL); + G_CALLBACK (ungrab_inputs), NULL); } gtk_window_add_accel_group (GTK_WINDOW (win), acc); ----------------------------------------------------------------------- Summary of changes: gtk+-2/pinentry-gtk-2.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 47 insertions(+), 3 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Tue Aug 2 16:58:19 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 02 Aug 2016 16:58:19 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-253-g135185b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 135185b7ef2225aa5e8c54a6cf1265d3e6cbbe48 (commit) via e11c65cfb56adce949cf3888545c56fbb6f5ab42 (commit) from 4e728de8421e2ade2061786aaebcdae3f60da3b8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 135185b7ef2225aa5e8c54a6cf1265d3e6cbbe48 Author: Justus Winter Date: Tue Aug 2 16:51:08 2016 +0200 doc: Document the Assuan protocol. * doc/gpgme.texi: Document the Assuan protocol. GnuPG-bug-id: 2407 Signed-off-by: Justus Winter diff --git a/doc/gpgme.texi b/doc/gpgme.texi index a5ba9cc..68f85ec 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -872,9 +872,12 @@ This specifies the OpenPGP protocol. @item GPGME_PROTOCOL_CMS This specifies the Cryptographic Message Syntax. - at item GPGME_PROTOCOL_ASSUAN + at item GPGME_PROTOCOL_GPGCONF Under development. Please ask on @email{gnupg-devel@@gnupg.org} for help. + at item GPGME_PROTOCOL_ASSUAN +This specifies the raw Assuan protocol. + @item GPGME_PROTOCOL_G13 Under development. Please ask on @email{gnupg-devel@@gnupg.org} for help. @@ -905,6 +908,7 @@ allocated string describing the protocol @var{protocol}, or * Engine Configuration:: Changing the engine configuration. * OpenPGP:: Support for the OpenPGP protocol. * Cryptographic Message Syntax:: Support for the CMS. +* Assuan:: Support for the raw Assuan protocol. @end menu @@ -1109,6 +1113,20 @@ GnuPG. The @acronym{CMS} protocol is specified by @code{GPGME_PROTOCOL_CMS}. + at node Assuan + at section Assuan + at cindex ASSUAN + at cindex protocol, ASSUAN + at cindex engine, ASSUAN + +Assuan is the RPC library used by the various @acronym{GnuPG} +components. The Assuan protocol allows one to talk to arbitrary +Assuan servers using @acronym{GPGME}. @xref{Using the Assuan +protocol}. + +The ASSUAN protocol is specified by @code{GPGME_PROTOCOL_ASSUAN}. + + @node Algorithms @chapter Algorithms @cindex algorithms @@ -5478,6 +5496,7 @@ Here are some support functions which are sometimes useful. @menu * Running other Programs:: Running other Programs +* Using the Assuan protocol:: Using the Assuan protocol @end menu @@ -5532,6 +5551,83 @@ This is the asynchronous variant of @code{gpgme_op_spawn}. @end deftypefun + at node Using the Assuan protocol + at subsection Using the Assuan protocol + +The Assuan protocol can be used to talk to arbitrary Assuan servers. +By default it is connected to the GnuPG agent, but it may be connected +to arbitrary servers by using @code{gpgme_ctx_set_engine_info}, +passing the location of the servers socket as @var{file_name} +argument, and an empty string as @var{home_dir} argument. + +The Assuan protocol functions use three kinds of callbacks to transfer +data: + + at deftp {Data type} {gpgme_error_t (*gpgme_assuan_data_cb_t) @ + (@w{void *@var{opaque}}, @w{const void *@var{data}}, @ + @w{size_t @var{datalen}})} + +This callback receives any data sent by the server. @var{opaque} is +the pointer passed to @code{gpgme_op_assuan_transact_start}, + at var{data} of length @var{datalen} refers to the data sent. + at end deftp + + at deftp {Data type} {gpgme_error_t (*gpgme_assuan_inquire_cb_t) @ + (@w{void *@var{opaque}}, @w{const char *@var{name}}, @ + @w{const char *@var{args}}, @w{gpgme_data_t *@var{r_data}})} + +This callback is used to provide additional data to the Assuan server. + at var{opaque} is the pointer passed to + at code{gpgme_op_assuan_transact_start}, @var{name} and @var{args} +specify what kind of data the server requested, and @var{r_data} is +used to return the actual data. + +Note: Returning data is currently not implemented in @acronym{GPGME}. + at end deftp + + at deftp {Data type} {gpgme_error_t (*gpgme_assuan_status_cb_t) @ + (@w{void *@var{opaque}}, @w{const char *@var{status}}, @ + @w{const char *@var{args}})} + +This callback receives any status lines sent by the server. + at var{opaque} is the pointer passed to + at code{gpgme_op_assuan_transact_start}, @var{status} and @var{args} +denote the status update sent. + at end deftp + + at deftypefun gpgme_error_t gpgme_op_assuan_transact_start @ + (@w{gpgme_ctx_t @var{ctx}}, @w{const char *@var{command}}, @ + @w{gpgme_assuan_data_cb_t @var{data_cb}}, @ + @w{void * @var{data_cb_value}}, @ + @w{gpgme_assuan_inquire_cb_t @var{inquire_cb}}, @ + @w{void * @var{inquire_cb_value}}, @ + @w{gpgme_assuan_status_cb_t @var{status_cb}}, @ + @w{void * @var{status_cb_value}}) + +Send the Assuan @var{command} and return results via the callbacks. +Any callback may be @code{NULL}. The result of the operation may be +retrieved using @code{gpgme_wait_ext}. + +Asynchronous variant. + at end deftypefun + + at deftypefun gpgme_error_t gpgme_op_assuan_transact_ext @ + (@w{gpgme_ctx_t @var{ctx}}, @w{const char *@var{command}}, @ + @w{gpgme_assuan_data_cb_t @var{data_cb}}, @ + @w{void * @var{data_cb_value}}, @ + @w{gpgme_assuan_inquire_cb_t @var{inquire_cb}}, @ + @w{void * @var{inquire_cb_value}}, @ + @w{gpgme_assuan_status_cb_t @var{status_cb}}, @ + @w{void * @var{status_cb_value}}, @ + @w{gpgme_error_t *@var{op_err}}) + +Send the Assuan @var{command} and return results via the callbacks. +The result of the operation is returned in @var{op_err}. + +Synchronous variant. + at end deftypefun + + @node Run Control @section Run Control @cindex run control commit e11c65cfb56adce949cf3888545c56fbb6f5ab42 Author: Justus Winter Date: Tue Aug 2 16:50:54 2016 +0200 doc: Fix formatting. -- Signed-off-by: Justus Winter diff --git a/doc/gpgme.texi b/doc/gpgme.texi index c514ff8..a5ba9cc 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -5492,7 +5492,7 @@ which are part of the GnuPG system but are not directly accessible with the GPGME API. - at deftypefun gpgme_error_t gpgme_op_spawn + at deftypefun gpgme_error_t gpgme_op_spawn @ (@w{gpgme_ctx_t @var{ctx}}, @w{const char *@var{file}}, @ @w{const char *@var{argv}[]}, @w{gpgme_data_t @var{datain}}, @ @w{gpgme_data_t @var{dataout}}, @w{gpgme_data_t @var{dataerr}}, @ @@ -5522,7 +5522,7 @@ the foreground. @end table @end deftypefun - at deftypefun gpgme_error_t gpgme_op_spawn_start + at deftypefun gpgme_error_t gpgme_op_spawn_start @ (@w{gpgme_ctx_t @var{ctx}}, @w{const char *@var{file}}, @ @w{const char *@var{argv}[]}, @w{gpgme_data_t @var{datain}}, @ @w{gpgme_data_t @var{dataout}}, @w{gpgme_data_t @var{dataerr}}, @ ----------------------------------------------------------------------- Summary of changes: doc/gpgme.texi | 102 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 99 insertions(+), 3 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Aug 2 18:14:58 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 02 Aug 2016 18:14:58 +0200 Subject: [git] gnupg-doc - branch, master, updated. 93b627789f7fa7f61484b3cdd0f670fe22407994 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 93b627789f7fa7f61484b3cdd0f670fe22407994 (commit) from ff08d72e451c10e318b59e5c6a3b92ebbc155525 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 93b627789f7fa7f61484b3cdd0f670fe22407994 Author: Werner Koch Date: Tue Aug 2 18:02:57 2016 +0200 web: Rename cvs_access.org to git.org diff --git a/web/documentation/guides.org b/web/documentation/guides.org index 9f59d04..2a08842 100644 --- a/web/documentation/guides.org +++ b/web/documentation/guides.org @@ -33,7 +33,7 @@ [[../../gph/it/gph.tar.gz][it]] ? [[http://www.inar.ru/~zwon/gph.tar.gz][ru]] ) - GPH is also available in the [[../download/cvs_access.org][source repository]]. + GPH is also available in the [[../download/git.org][source repository]]. ** Replacing PGP 2.x with GnuPG diff --git a/web/documentation/howtos.org b/web/documentation/howtos.org index d3e98b3..f79425c 100644 --- a/web/documentation/howtos.org +++ b/web/documentation/howtos.org @@ -58,7 +58,7 @@ - as one big HTML file ( [[../howtos/card-howto/en/smartcard-howto-single.html][en]] ) - as plain text ( [[../howtos/card-howto/en/smartcard-howto.txt][en]] ) - This smartcard howto is also available in the [[../download/cvs_access.org][source repository]]. + This smartcard howto is also available in the [[../download/git.org][source repository]]. ** GnuPG Keysigning Party HOWTO diff --git a/web/documentation/security.org b/web/documentation/security.org index e328928..783a5c9 100644 --- a/web/documentation/security.org +++ b/web/documentation/security.org @@ -6,7 +6,7 @@ The GnuPG Project takes the security of software it develops very seriously. In general we prefer a [[https://en.wikipedia.org/wiki/Full_disclosure_(computer_security)][full disclosure]] approach and all -bugs listed in our [[file:bts.org][bug tracker]] as well as code changes in our [[../download/cvs_access.org][software +bugs listed in our [[file:bts.org][bug tracker]] as well as code changes in our [[../download/git.org][software repository]] are public. Given that GnuPG is an important part of many software distributions and severe bugs in GnuPG would affect their users directly, we co-ordinate with them in private as soon as we diff --git a/web/download/cvs_access.org b/web/download/git.org similarity index 100% rename from web/download/cvs_access.org rename to web/download/git.org diff --git a/web/share/gpgweb.el b/web/share/gpgweb.el index 7458dfe..15e4162 100644 --- a/web/share/gpgweb.el +++ b/web/share/gpgweb.el @@ -105,7 +105,7 @@ if not available." ("/download/supported_systems.html" "Supported Systems") ("/download/release_notes.html" "Release Notes") ("/download/mirrors.html" "Mirrors") - ("/download/cvs_access.html" "GIT"))) + ("/download/git.html" "GIT"))) ("/documentation/index.html" "Support" (("/documentation/howtos.html" "HOWTOs") ----------------------------------------------------------------------- Summary of changes: web/documentation/guides.org | 2 +- web/documentation/howtos.org | 2 +- web/documentation/security.org | 2 +- web/download/{cvs_access.org => git.org} | 0 web/share/gpgweb.el | 2 +- 5 files changed, 4 insertions(+), 4 deletions(-) rename web/download/{cvs_access.org => git.org} (100%) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue Aug 2 18:49:42 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 02 Aug 2016 18:49:42 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-255-g4c8265d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 4c8265d32ddff5960a464b8d4e8d7d2258495b2e (commit) via 0bd7d8c1977183abc414e11aafa26a4f834ca2a5 (commit) from 135185b7ef2225aa5e8c54a6cf1265d3e6cbbe48 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4c8265d32ddff5960a464b8d4e8d7d2258495b2e Author: Justus Winter Date: Tue Aug 2 18:45:10 2016 +0200 python: Add a flag identifying in-tree builds. * lang/python/helpers.c (pyme_in_tree_build): New variable. * lang/python/helpers.h (pyme_in_tree_build): New declaration. * lang/python/pyme/version.py.in (in_tree_build): New variable. * lang/python/setup.py.in: Rework macro handling, set 'IN_TREE_BUILD' as appropriate. Signed-off-by: Justus Winter diff --git a/lang/python/helpers.c b/lang/python/helpers.c index 0406f9f..0b4a773 100644 --- a/lang/python/helpers.c +++ b/lang/python/helpers.c @@ -28,6 +28,15 @@ #include "helpers.h" #include "private.h" +/* Flag specifying whether this is an in-tree build. */ +int pyme_in_tree_build = +#if IN_TREE_BUILD + 1 +#else + 0 +#endif + ; + static PyObject *GPGMEError = NULL; void _pyme_exception_init(void) { diff --git a/lang/python/helpers.h b/lang/python/helpers.h index 16a9b9f..9200f93 100644 --- a/lang/python/helpers.h +++ b/lang/python/helpers.h @@ -26,6 +26,9 @@ #define write(fd, str, sz) {DWORD written; WriteFile((HANDLE) fd, str, sz, &written, 0);} #endif +/* Flag specifying whether this is an in-tree build. */ +extern int pyme_in_tree_build; + PyObject *pyme_raise_callback_exception(PyObject *self); PyObject *pyme_set_passphrase_cb(PyObject *self, PyObject *cb); diff --git a/lang/python/pyme/version.py.in b/lang/python/pyme/version.py.in index a40e02d..e4a5a27 100644 --- a/lang/python/pyme/version.py.in +++ b/lang/python/pyme/version.py.in @@ -21,6 +21,7 @@ from . import gpgme productname = 'pyme' versionstr = "@VERSION@" gpgme_versionstr = gpgme.GPGME_VERSION +in_tree_build = bool(gpgme.cvar.pyme_in_tree_build) versionlist = versionstr.split(".") major = versionlist[0] diff --git a/lang/python/setup.py.in b/lang/python/setup.py.in index 45b56a3..a524c95 100755 --- a/lang/python/setup.py.in +++ b/lang/python/setup.py.in @@ -28,7 +28,9 @@ gpg_error_config = "gpg-error-config" gpgme_config = "gpgme-config" gpgme_h = "" library_dirs = [] +in_tree = False extra_swig_opts = [] +extra_macros = dict() if os.path.exists("../../src/gpgme-config"): # In-tree build. @@ -36,7 +38,10 @@ if os.path.exists("../../src/gpgme-config"): gpgme_config = "../../src/gpgme-config" gpgme_h = "../../src/gpgme.h" library_dirs = ["../../src/.libs"] # XXX uses libtool internals - extra_swig_opts = ["-DHAVE_DATA_H=1"] + extra_macros.update( + HAVE_DATA_H=1, + IN_TREE_BUILD=1, + ) try: subprocess.check_call([gpg_error_config, '--version'], @@ -87,6 +92,11 @@ include_dirs = [os.getcwd()] define_macros = [] libs = getconfig('libs') +# Define extra_macros for both the SWIG and C code +for k, v in extra_macros.items(): + extra_swig_opts.append("-D{0}={1}".format(k, v)) + define_macros.append((k, str(v))) + for item in getconfig('cflags'): if item.startswith("-I"): include_dirs.append(item[2:]) commit 0bd7d8c1977183abc414e11aafa26a4f834ca2a5 Author: Justus Winter Date: Tue Aug 2 18:42:26 2016 +0200 python: Fix build system integration. * lang/python/Makefile.am: Be more careful when cleaning the build directory, we must not delete the generated file 'pyme/version.py'. Signed-off-by: Justus Winter diff --git a/lang/python/Makefile.am b/lang/python/Makefile.am index f0df800..8e18dab 100644 --- a/lang/python/Makefile.am +++ b/lang/python/Makefile.am @@ -32,14 +32,25 @@ COPY_FILES = \ $(srcdir)/README \ $(srcdir)/MANIFEST.in \ $(srcdir)/gpgme-h-clean.py \ - $(srcdir)/pyme \ $(srcdir)/examples \ $(srcdir)/helpers.c $(srcdir)/helpers.h $(srcdir)/private.h +COPY_FILES_PYME = \ + $(srcdir)/pyme/callbacks.py \ + $(srcdir)/pyme/constants \ + $(srcdir)/pyme/core.py \ + $(srcdir)/pyme/errors.py \ + $(srcdir)/pyme/__init__.py \ + $(srcdir)/pyme/results.py \ + $(srcdir)/pyme/util.py + # For VPATH builds we need to copy some files because Python's # distutils are not VPATH-aware. -copystamp: $(COPY_FILES) - if test "$(srcdir)" != "$(builddir)" ; then cp -r $^ . ; fi +copystamp: $(COPY_FILES) $(COPY_FILES_PYME) + if test "$(srcdir)" != "$(builddir)" ; then \ + cp -r $(COPY_FILES) . ; \ + cp -r $(COPY_FILES_PYME) pyme ; \ + fi touch $@ all-local: copystamp @@ -70,6 +81,9 @@ clean-local: if test "$(srcdir)" != "$(builddir)" ; then \ find . -type d ! -perm -200 -exec chmod u+w {} ';' ; \ for F in $(COPY_FILES); do rm -rf -- `basename $$F` ; done ; \ + for F in $(COPY_FILES_PYME); do \ + rm -rf -- pyme/`basename $$F` ; \ + done ; \ fi install-exec-local: ----------------------------------------------------------------------- Summary of changes: lang/python/Makefile.am | 20 +++++++++++++++++--- lang/python/helpers.c | 9 +++++++++ lang/python/helpers.h | 3 +++ lang/python/pyme/version.py.in | 1 + lang/python/setup.py.in | 12 +++++++++++- 5 files changed, 41 insertions(+), 4 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Aug 3 15:42:01 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 03 Aug 2016 15:42:01 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.14-33-g48a2c93 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 48a2c93a1886589d1a0e2a4a2173e0e81311200b (commit) via 3a2421c94015432caa49e166bc5bf5c4f80ab7c7 (commit) from 40365b28c3fdf087fd58401f5a6f42f9d7d29d20 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 48a2c93a1886589d1a0e2a4a2173e0e81311200b Author: Werner Koch Date: Wed Aug 3 15:31:27 2016 +0200 gpg,gpgsm: Block signals during keyring/keybox update. * kbx/keybox-util.c (keybox_file_rename): Add arg BLOCK_SIGNALS. * kbx/keybox-update.c (rename_tmp_file): Block all signals when doing a double rename. * g10/keyring.c (rename_tmp_file): Block all signals during the double rename. -- This might fix Debian-bug-id: 831510 Signed-off-by: Werner Koch diff --git a/g10/keyring.c b/g10/keyring.c index 0611b2e..aa73290 100644 --- a/g10/keyring.c +++ b/g10/keyring.c @@ -1338,6 +1338,7 @@ static int rename_tmp_file (const char *bakfname, const char *tmpfname, const char *fname) { int rc = 0; + int block = 0; /* Invalidate close caches. */ if (iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)tmpfname )) @@ -1349,12 +1350,18 @@ rename_tmp_file (const char *bakfname, const char *tmpfname, const char *fname) iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)fname ); /* First make a backup file. */ - rc = keybox_file_rename (fname, bakfname); + block = 1; + rc = keybox_file_rename (fname, bakfname, &block); if (rc) goto fail; /* then rename the file */ - rc = keybox_file_rename (tmpfname, fname); + rc = keybox_file_rename (tmpfname, fname, NULL); + if (block) + { + gnupg_unblock_all_signals (); + block = 0; + } if (rc) { register_secured_file (fname); @@ -1379,6 +1386,8 @@ rename_tmp_file (const char *bakfname, const char *tmpfname, const char *fname) return 0; fail: + if (block) + gnupg_unblock_all_signals (); return rc; } diff --git a/kbx/keybox-update.c b/kbx/keybox-update.c index ff65904..ec28b4c 100644 --- a/kbx/keybox-update.c +++ b/kbx/keybox-update.c @@ -97,6 +97,7 @@ rename_tmp_file (const char *bakfname, const char *tmpfname, const char *fname, int secret ) { int rc=0; + int block = 0; /* restrict the permissions for secret keyboxs */ #ifndef HAVE_DOSISH_SYSTEM @@ -119,27 +120,35 @@ rename_tmp_file (const char *bakfname, const char *tmpfname, /* First make a backup file except for secret keyboxes. */ if (!secret) { - rc = keybox_file_rename (fname, bakfname); + block = 1; + rc = keybox_file_rename (fname, bakfname, &block); if (rc) - return rc; + goto leave; } /* Then rename the file. */ - rc = keybox_file_rename (tmpfname, fname); - if (rc) + rc = keybox_file_rename (tmpfname, fname, NULL); + if (block) { - if (secret) - { -/* log_info ("WARNING: 2 files with confidential" */ -/* " information exists.\n"); */ -/* log_info ("%s is the unchanged one\n", fname ); */ -/* log_info ("%s is the new one\n", tmpfname ); */ -/* log_info ("Please fix this possible security flaw\n"); */ - } - return rc; + gnupg_unblock_all_signals (); + block = 0; } + /* if (rc) */ + /* { */ + /* if (secret) */ + /* { */ + /* log_info ("WARNING: 2 files with confidential" */ + /* " information exists.\n"); */ + /* log_info ("%s is the unchanged one\n", fname ); */ + /* log_info ("%s is the new one\n", tmpfname ); */ + /* log_info ("Please fix this possible security flaw\n"); */ + /* } */ + /* } */ - return 0; + leave: + if (block) + gnupg_unblock_all_signals (); + return rc; } diff --git a/kbx/keybox-util.c b/kbx/keybox-util.c index 13fedb3..a2ca3f0 100644 --- a/kbx/keybox-util.c +++ b/kbx/keybox-util.c @@ -27,6 +27,7 @@ #endif #include "keybox-defs.h" +#include "utilproto.h" static void *(*alloc_func)(size_t n) = malloc; @@ -147,55 +148,70 @@ keybox_tmp_names (const char *filename, int for_keyring, } -/* Wrapper for rename(2) to handle Windows peculiarities. */ +/* Wrapper for rename(2) to handle Windows peculiarities. If + * BLOCK_SIGNALS is not NULL and points to a variable set to true, all + * signals will be blocked by calling gnupg_block_all_signals; the + * caller needs to call gnupg_unblock_all_signals if that variable is + * still set to true on return. */ gpg_error_t -keybox_file_rename (const char *oldname, const char *newname) +keybox_file_rename (const char *oldname, const char *newname, + int *block_signals) { gpg_error_t err = 0; -#ifdef HAVE_DOSISH_SYSTEM - int wtime = 0; + if (block_signals && *block_signals) + gnupg_block_all_signals (); - gnupg_remove (newname); - again: - if (rename (oldname, newname)) - { - if (GetLastError () == ERROR_SHARING_VIOLATION) - { - /* Another process has the file open. We do not use a lock - * for read but instead we wait until the other process has - * closed the file. This may take long but that would also - * be the case with a dotlock approach for read and write. - * Note that we don't need this on Unix due to the inode - * concept. - * - * So let's wait until the rename has worked. The retry - * intervals are 50, 100, 200, 400, 800, 50ms, ... */ - if (!wtime || wtime >= 800) - wtime = 50; - else - wtime *= 2; - - if (wtime >= 800) - log_info ("waiting for file '%s' to become accessible ...\n", - oldname); - - Sleep (wtime); - goto again; - } - err = gpg_error_from_syserror (); - } +#ifdef HAVE_DOSISH_SYSTEM + { + int wtime = 0; + gnupg_remove (newname); + again: + if (rename (oldname, newname)) + { + if (GetLastError () == ERROR_SHARING_VIOLATION) + { + /* Another process has the file open. We do not use a + * lock for read but instead we wait until the other + * process has closed the file. This may take long but + * that would also be the case with a dotlock approach for + * read and write. Note that we don't need this on Unix + * due to the inode concept. + * + * So let's wait until the rename has worked. The retry + * intervals are 50, 100, 200, 400, 800, 50ms, ... */ + if (!wtime || wtime >= 800) + wtime = 50; + else + wtime *= 2; + + if (wtime >= 800) + log_info ("waiting for file '%s' to become accessible ...\n", + oldname); + + Sleep (wtime); + goto again; + } + err = gpg_error_from_syserror (); + } + } #else /* Unix */ - + { #ifdef __riscos__ - gnupg_remove (newname); + gnupg_remove (newname); #endif - if (rename (oldname, newname) ) - err = gpg_error_from_syserror (); - + if (rename (oldname, newname) ) + err = gpg_error_from_syserror (); + } #endif /* Unix */ + if (block_signals && *block_signals && err) + { + gnupg_unblock_all_signals (); + *block_signals = 0; + } + if (err) log_error ("renaming '%s' to '%s' failed: %s\n", oldname, newname, gpg_strerror (err)); diff --git a/kbx/keybox.h b/kbx/keybox.h index bfc3586..6180a2f 100644 --- a/kbx/keybox.h +++ b/kbx/keybox.h @@ -134,7 +134,8 @@ void keybox_set_malloc_hooks ( void *(*new_alloc_func)(size_t n), gpg_error_t keybox_tmp_names (const char *filename, int for_keyring, char **r_bakname, char **r_tmpname); -gpg_error_t keybox_file_rename (const char *oldname, const char *newname); +gpg_error_t keybox_file_rename (const char *oldname, const char *newname, + int *block_signals); #ifdef __cplusplus commit 3a2421c94015432caa49e166bc5bf5c4f80ab7c7 Author: Werner Koch Date: Wed Aug 3 15:27:03 2016 +0200 common: New file utilproto.c * common/util.h: Factor prototypes from signal.c out to ... * common/utilproto.h: new. * common/Makefile.am (common_sources): Add new file. Signed-off-by: Werner Koch diff --git a/common/Makefile.am b/common/Makefile.am index 759800b..2a24c57 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -42,7 +42,7 @@ include $(top_srcdir)/am/cmacros.am common_sources = \ common-defs.h \ - util.h fwddecl.h i18n.c i18n.h \ + util.h utilproto.h fwddecl.h i18n.c i18n.h \ types.h host2net.h dynload.h w32help.h \ mapstrings.c stringhelp.c stringhelp.h \ strlist.c strlist.h \ diff --git a/common/fwddecl.h b/common/fwddecl.h index 92f0453..f9d7536 100644 --- a/common/fwddecl.h +++ b/common/fwddecl.h @@ -1,4 +1,4 @@ -/* fwddecl.h - Formward declarations +/* fwddecl.h - Forward declarations * Copyright (C) 2015 Werner Koch * * This file is part of GnuPG. diff --git a/common/util.h b/common/util.h index eb7a3fd..29e0ec9 100644 --- a/common/util.h +++ b/common/util.h @@ -54,6 +54,7 @@ #include "../common/utf8conv.h" #include "../common/dynload.h" #include "../common/fwddecl.h" +#include "../common/utilproto.h" #include "gettime.h" @@ -114,11 +115,6 @@ out_of_core (void) } -/*-- signal.c --*/ -void gnupg_init_signals (int mode, void (*fast_cleanup)(void)); -void gnupg_block_all_signals (void); -void gnupg_unblock_all_signals (void); - /*-- yesno.c --*/ int answer_is_yes (const char *s); int answer_is_yes_no_default (const char *s, int def_answer); diff --git a/common/fwddecl.h b/common/utilproto.h similarity index 64% copy from common/fwddecl.h copy to common/utilproto.h index 92f0453..5bb9dd1 100644 --- a/common/fwddecl.h +++ b/common/utilproto.h @@ -1,5 +1,5 @@ -/* fwddecl.h - Formward declarations - * Copyright (C) 2015 Werner Koch +/* utilproto.h - Some prototypes for inclusion by util.h + * Copyright (C) 2016 Werner Koch * * This file is part of GnuPG. * @@ -27,13 +27,18 @@ * along with this program; if not, see . */ -#ifndef GNUPG_COMMON_FWDDECL_H -#define GNUPG_COMMON_FWDDECL_H +/* This file is in general included via util.h but sometimes we do not + * want all stuff from util.h and instead use this file with its + * simple prototypes. */ +#ifndef GNUPG_COMMON_UTILPROTO_H +#define GNUPG_COMMON_UTILPROTO_H -/*-- Forward declaration of the commonly used server control structure. */ -struct server_control_s; -typedef struct server_control_s *ctrl_t; +/*-- signal.c --*/ +void gnupg_init_signals (int mode, void (*fast_cleanup)(void)); +void gnupg_block_all_signals (void); +void gnupg_unblock_all_signals (void); -#endif /*GNUPG_COMMON_FWDDECL_H*/ + +#endif /*GNUPG_COMMON_UTILPROTO_H*/ ----------------------------------------------------------------------- Summary of changes: common/Makefile.am | 2 +- common/fwddecl.h | 2 +- common/util.h | 6 +-- common/{recsel.h => utilproto.h} | 25 +++++------ g10/keyring.c | 13 +++++- kbx/keybox-update.c | 37 ++++++++++------ kbx/keybox-util.c | 92 +++++++++++++++++++++++----------------- kbx/keybox.h | 3 +- 8 files changed, 106 insertions(+), 74 deletions(-) copy common/{recsel.h => utilproto.h} (65%) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Aug 3 16:34:38 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 03 Aug 2016 16:34:38 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-256-g56e26b5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 56e26b54da9f16961209275d7a61883d3ea898ca (commit) from 4c8265d32ddff5960a464b8d4e8d7d2258495b2e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 56e26b54da9f16961209275d7a61883d3ea898ca Author: Justus Winter Date: Wed Aug 3 16:32:30 2016 +0200 python: Add a nicer interface to list keys. * lang/python/pyme/core.py (Context.keylist): New method. * lang/python/tests/t-keylist.py: Test new method. Signed-off-by: Justus Winter diff --git a/lang/python/pyme/core.py b/lang/python/pyme/core.py index e12dc7b..f9df6e8 100644 --- a/lang/python/pyme/core.py +++ b/lang/python/pyme/core.py @@ -468,6 +468,21 @@ class Context(GpgmeWrapper): plainbytes = data.read() return plainbytes, result + def keylist(self, pattern=None, secret=False): + """List keys + + Keyword arguments: + pattern -- return keys matching pattern (default: all keys) + secret -- return only secret keys + + Returns: + -- an iterator returning key objects + + Raises: + GPGMEError -- as signaled by the underlying library + """ + return self.op_keylist_all(pattern, secret) + def assuan_transact(self, command, data_cb=None, inquire_cb=None, status_cb=None): """Issue a raw assuan command diff --git a/lang/python/tests/t-keylist.py b/lang/python/tests/t-keylist.py index fb59321..40d9c80 100755 --- a/lang/python/tests/t-keylist.py +++ b/lang/python/tests/t-keylist.py @@ -216,7 +216,7 @@ result = c.op_keylist_result() assert not result.truncated, "Key listing unexpectedly truncated" -for i, key in enumerate(c.op_keylist_all(None, False)): +for i, key in enumerate(c.keylist()): try: if len(keys[i]) == 4: fpr, sec_keyid, uids, n_subkeys = keys[i] ----------------------------------------------------------------------- Summary of changes: lang/python/pyme/core.py | 15 +++++++++++++++ lang/python/tests/t-keylist.py | 2 +- 2 files changed, 16 insertions(+), 1 deletion(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Aug 3 17:02:56 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 03 Aug 2016 17:02:56 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.14-38-g993f36e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 993f36e23cf8c2216a40d3e51b922a1edd871e1b (commit) via e3358b246d9380008a4ba7c8f2fe03659901adaf (commit) via dc107b78509807db375d3a382eb3376cd2183357 (commit) via 436b28c23194fa77919967338d5a61a82d242153 (commit) via cd45cf782b91ff0f6b023913963e5258ffcbf464 (commit) from 48a2c93a1886589d1a0e2a4a2173e0e81311200b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 993f36e23cf8c2216a40d3e51b922a1edd871e1b Author: Justus Winter Date: Wed Aug 3 17:00:40 2016 +0200 Reword feature description. -- Suggested-by: Peter Gutmann Signed-off-by: Justus Winter diff --git a/README b/README index bb5cbef..c8b166b 100644 --- a/README +++ b/README @@ -17,8 +17,8 @@ GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries are available that make use of GnuPG. - Since version 2 GnuPG provides support for S/MIME and Secure Shell - in addition to OpenPGP. + Starting with version 2 GnuPG provides support for S/MIME and Secure + Shell in addition to OpenPGP. GnuPG is Free Software (meaning that it respects your freedom). It can be freely used, modified and distributed under the terms of the diff --git a/doc/announce-2.1.txt b/doc/announce-2.1.txt index 8c35e53..eccd0e7 100644 --- a/doc/announce-2.1.txt +++ b/doc/announce-2.1.txt @@ -11,8 +11,8 @@ communication, features a versatile key management system as well as access modules for public key directories. GnuPG itself is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries are available that -make use of GnuPG. Since version 2 GnuPG provides support for S/MIME -and Secure Shell in addition to OpenPGP. +make use of GnuPG. Starting with version 2 GnuPG provides support for +S/MIME and Secure Shell in addition to OpenPGP. GnuPG is Free Software (meaning that it respects your freedom). It can be freely used, modified and distributed under the terms of the GNU commit e3358b246d9380008a4ba7c8f2fe03659901adaf Author: Justus Winter Date: Wed Aug 3 16:58:32 2016 +0200 kbx: Add missing header file. * kbx/keybox-update.c: Add missing header file. Signed-off-by: Justus Winter diff --git a/kbx/keybox-update.c b/kbx/keybox-update.c index ec28b4c..e5d4dc8 100644 --- a/kbx/keybox-update.c +++ b/kbx/keybox-update.c @@ -29,6 +29,7 @@ #include "keybox-defs.h" #include "../common/sysutils.h" #include "../common/host2net.h" +#include "../common/utilproto.h" #define EXTSEP_S "." commit dc107b78509807db375d3a382eb3376cd2183357 Author: Daniel Kahn Gillmor Date: Mon Aug 1 22:19:17 2016 -0400 More cleanup of "allow to". * README, agent/command.c, agent/keyformat.txt, common/i18n.c, common/iobuf.c, common/keyserver.h, dirmngr/cdblib.c, dirmngr/ldap-wrapper.c, doc/DETAILS, doc/TRANSLATE, doc/announce-2.1.txt, doc/gpg.texi, doc/gpgsm.texi, doc/scdaemon.texi, doc/tools.texi, doc/whats-new-in-2.1.txt, g10/export.c, g10/getkey.c, g10/import.c, g10/keyedit.c, m4/ksba.m4, m4/libgcrypt.m4, m4/ntbtls.m4, po/ca.po, po/cs.po, po/da.po, po/de.po, po/el.po, po/eo.po, po/es.po, po/et.po, po/fi.po, po/fr.po, po/gl.po, po/hu.po, po/id.po, po/it.po, po/ja.po, po/nb.po, po/pl.po, po/pt.po, po/ro.po, po/ru.po, po/sk.po, po/sv.po, po/tr.po, po/uk.po, po/zh_CN.po, po/zh_TW.po, scd/app-p15.c, scd/ccid-driver.c, scd/command.c, sm/gpgsm.c, sm/sign.c, tools/gpgconf-comp.c, tools/gpgtar.h: replace "Allow to" with clearer text. In standard English, the normal construction is "${XXX} allows ${YYY} to" -- that is, the subject (${XXX}) of the sentence is allowing the object (${YYY}) to do something. When the object is missing, the phrasing sounds awkward, even if the object is implied by context. There's almost always a better construction that isn't as awkward. These changes should make the language a bit clearer. Signed-off-by: Daniel Kahn Gillmor diff --git a/README b/README index 224db30..bb5cbef 100644 --- a/README +++ b/README @@ -9,15 +9,16 @@ * INTRODUCTION GnuPG is a complete and free implementation of the OpenPGP standard - as defined by RFC4880 (also known as PGP). GnuPG allows to encrypt - and sign data and communication, features a versatile key management - system as well as access modules for public key directories. + as defined by RFC4880 (also known as PGP). GnuPG enables encryption + and signing of data and communication, and features a versatile key + management system as well as access modules for public key + directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications. A wealth of frontend - applications and libraries making use of GnuPG are available. Since - version 2 GnuPG provides support for S/MIME and Secure Shell in - addition to OpenPGP. + applications and libraries are available that make use of GnuPG. + Since version 2 GnuPG provides support for S/MIME and Secure Shell + in addition to OpenPGP. GnuPG is Free Software (meaning that it respects your freedom). It can be freely used, modified and distributed under the terms of the diff --git a/agent/command.c b/agent/command.c index e5d2268..1803b5f 100644 --- a/agent/command.c +++ b/agent/command.c @@ -3043,7 +3043,7 @@ io_monitor (assuan_context_t ctx, void *hook, int direction, (void) hook; - /* Note that we only check for the uppercase name. This allows to + /* Note that we only check for the uppercase name. This allows the user to see the logging for debugging if using a non-upercase command name. */ if (ctx && direction == ASSUAN_IO_FROM_PEER diff --git a/agent/keyformat.txt b/agent/keyformat.txt index c1a59ce..ddfb44b 100644 --- a/agent/keyformat.txt +++ b/agent/keyformat.txt @@ -324,7 +324,7 @@ similar to the private-key storage format. This is a master passphrase format where each file may protect several secrets under one master passphrase. It is possible to have several of those files each protected by a dedicated master passphrase. Clear text keywords -allow to list the available protected passphrases. +allow listing the available protected passphrases. The name of the files with these protected secrets have this form: pw-.dat. STRING may be an arbitrary string, as a default name diff --git a/common/i18n.c b/common/i18n.c index 39e3d8f..413fa9a 100644 --- a/common/i18n.c +++ b/common/i18n.c @@ -156,9 +156,9 @@ i18n_utf8 (const char *string) } -/* A variant of gettext which allows to specify the local to use for - translating the message. The function assumes that utf-8 is used - for the encoding. */ +/* A variant of gettext which allows the programmer to specify the + locale to use for translating the message. The function assumes + that utf-8 is used for the encoding. */ const char * i18n_localegettext (const char *lc_messages, const char *string) { diff --git a/common/iobuf.c b/common/iobuf.c index 9d582ca..06d0b61 100644 --- a/common/iobuf.c +++ b/common/iobuf.c @@ -1198,7 +1198,7 @@ iobuf_cancel (iobuf_t a) #if defined(HAVE_W32_SYSTEM) || defined(__riscos__) if (remove_name) { - /* Argg, MSDOS does not allow to remove open files. So + /* Argg, MSDOS does not allow removing open files. So * we have to do it here */ #ifdef HAVE_W32CE_SYSTEM wchar_t *wtmp = utf8_to_wchar (remove_name); diff --git a/common/keyserver.h b/common/keyserver.h index 63dbde6..200378d 100644 --- a/common/keyserver.h +++ b/common/keyserver.h @@ -48,8 +48,8 @@ /* Must be 127 due to shell internal magic. */ #define KEYSERVER_SCHEME_NOT_FOUND 127 -/* Object to hold information pertaining to a keyserver; it further - allows to build a list of keyservers. Note that g10/options.h has +/* Object to hold information pertaining to a keyserver; it also + allows building a list of keyservers. Note that g10/options.h has a typedef for this. FIXME: We should make use of the parse_uri_t. */ struct keyserver_spec diff --git a/dirmngr/cdblib.c b/dirmngr/cdblib.c index 23cb317..52c17c9 100644 --- a/dirmngr/cdblib.c +++ b/dirmngr/cdblib.c @@ -296,7 +296,7 @@ cdb_find(struct cdb *cdbp, const void *key, cdbi_t klen) /* Sequential-find routines that used separate structure. It is possible to have many than one record with the same key in a - database, and these routines allows to enumerate all them. + database, and these routines allow enumeration of all of them. cdb_findinit() initializes search structure pointed to by cdbfp. It will return negative value on error or 0 on success. cdb_find? next() attempts to find next matching key, setting value position diff --git a/dirmngr/ldap-wrapper.c b/dirmngr/ldap-wrapper.c index 55fcd8b..5fa3eac 100644 --- a/dirmngr/ldap-wrapper.c +++ b/dirmngr/ldap-wrapper.c @@ -545,8 +545,8 @@ reader_callback (void *cb_value, char *buffer, size_t count, size_t *nread) if (!buffer && !count && !nread) return -1; /* Rewind is not supported. */ - /* If we ever encountered a read error don't allow to continue and - possible overwrite the last error cause. Bail out also if the + /* If we ever encountered a read error, don't continue (we don't want to + possibly overwrite the last error cause). Bail out also if the file descriptor has been closed. */ if (ctx->fd_error || ctx->fd == -1) { diff --git a/doc/DETAILS b/doc/DETAILS index 4b3f0af..02f9bad 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -913,8 +913,8 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB: *** FAILURE This is the counterpart to SUCCESS and used to indicate a program - failure. It is used similar to ISO-C's EXIT_FAILURE but allows to - convey more information, in particular an gpg-error error code. + failure. It is used similar to ISO-C's EXIT_FAILURE but allows + conveying more information, in particular a gpg-error error code. That numerical error code may optionally have a suffix made of an underscore and a string with an error symbol like "151011327_EOF". A dash may be used instead of . diff --git a/doc/TRANSLATE b/doc/TRANSLATE index 2a20aad..eb0de97 100644 --- a/doc/TRANSLATE +++ b/doc/TRANSLATE @@ -23,8 +23,8 @@ Help files GnuPG provides a little help feature (entering a ? on a prompt). This help used to be translated the usual way with gettext but it turned -out that this is too inflexible and does for example not allow to -correct little mistakes in the English text. For some newer features +out that this is too inflexible and does for example not allow +correcting little mistakes in the English text. For some newer features we require editable help files anyway and thus the existing help strings have been moved to plain text files names "help.LL.txt". We distribute these files and allow overriding them by files of that name diff --git a/doc/announce-2.1.txt b/doc/announce-2.1.txt index e165332..8c35e53 100644 --- a/doc/announce-2.1.txt +++ b/doc/announce-2.1.txt @@ -6,13 +6,13 @@ new release: Version 2.1.0. The GNU Privacy Guard (GnuPG) is a complete and free implementation of the OpenPGP standard as defined by RFC-4880 and better known as PGP. -GnuPG, also known as GPG, allows to encrypt and sign data and +GnuPG, also known as GPG, enables encryption and signing of data and communication, features a versatile key management system as well as access modules for public key directories. GnuPG itself is a command line tool with features for easy integration with other applications. -A wealth of frontend applications and libraries making use of GnuPG -are available. Since version 2 GnuPG provides support for S/MIME and -Secure Shell in addition to OpenPGP. +A wealth of frontend applications and libraries are available that +make use of GnuPG. Since version 2 GnuPG provides support for S/MIME +and Secure Shell in addition to OpenPGP. GnuPG is Free Software (meaning that it respects your freedom). It can be freely used, modified and distributed under the terms of the GNU diff --git a/doc/gpg.texi b/doc/gpg.texi index 3be401f..4d6a261 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2357,7 +2357,7 @@ obsolete; it does not harm to use it though. Revert to the pre-2.1 public key list mode. This only affects the human readable output and not the machine interface (i.e. @code{--with-colons}). Note that the legacy format does not -allow to convey suitable information for elliptic curves. +convey suitable information for elliptic curves. @item --with-fingerprint @opindex with-fingerprint diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index 2f6c297..dae26b2 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -636,7 +636,7 @@ algorithm than actually used. @command{gpgsm} uses a one-pass data processing model and thus needs to rely on the announced digest algorithms to properly hash the data. As a workaround this option may be used to tell gpg to also hash the data using the algorithm - at var{name}; this slows processing down a little bit but allows to verify + at var{name}; this slows processing down a little bit but allows verification of such broken signatures. If @command{gpgsm} prints an error like ``digest algo 8 has not been enabled'' you may want to try this option, with @samp{SHA256} for @var{name}. @@ -1479,7 +1479,7 @@ GETAUDITLOG [--data] [--html] If @option{--data} is used, the audit log is send using D-lines instead of being sent to the file descriptor given by an OUTPUT -command. If @option{--html} is used, the output is formated as an +command. If @option{--html} is used, the output is formatted as an XHTML block. This is designed to be incorporated into a HTML document. diff --git a/doc/scdaemon.texi b/doc/scdaemon.texi index 5e53223..c145814 100644 --- a/doc/scdaemon.texi +++ b/doc/scdaemon.texi @@ -258,7 +258,7 @@ deprecated; it may be removed in future releases. @item --disable-ccid @opindex disable-ccid Disable the integrated support for CCID compliant readers. This -allows to fall back to one of the other drivers even if the internal +allows falling back to one of the other drivers even if the internal CCID driver can handle the reader. Note, that CCID support is only available if libusb was available at build time. @@ -284,10 +284,10 @@ To get a list of available CCID readers you may use this command: If @var{n} is not 0 and no client is actively using the card, the card will be powered down after @var{n} seconds. Powering down the card avoids a potential risk of damaging a card when used with certain -cheap readers. This also allows non Scdaemon aware applications to -access the card. The disadvantage of using a card timeout is that -accessing the card takes longer and that the user needs to enter the -PIN again after the next power up. +cheap readers. This also allows applications that are not aware of +Scdaemon to access the card. The disadvantage of using a card timeout +is that accessing the card takes longer and that the user needs to +enter the PIN again after the next power up. Note that with the current version of Scdaemon the card is powered down immediately at the next timer tick for any value of @var{n} other diff --git a/doc/tools.texi b/doc/tools.texi index e52d6a7..d6cf56e 100644 --- a/doc/tools.texi +++ b/doc/tools.texi @@ -234,7 +234,7 @@ commit the changes. @command{gpgconf} provides the backend of a configuration editor. The configuration editor would usually be a graphical user interface -program, that allows to display the current options, their default +program that displays the current options, their default values, and allows the user to make changes to the options. These changes can then be made active with @command{gpgconf} again. Such a program that uses @command{gpgconf} in this way will be called GUI @@ -999,9 +999,9 @@ This script is a wrapper around @command{gpgconf} to run it with the command @code{--apply-defaults} for all real users with an existing GnuPG home directory. Admins might want to use this script to update he GnuPG configuration files for all users after - at file{/etc/gnupg/gpgconf.conf} has been changed. This allows to enforce -certain policies for all users. Note, that this is not a bulletproof of -forcing a user to use certain options. A user may always directly edit + at file{/etc/gnupg/gpgconf.conf} has been changed. This allows enforcing +certain policies for all users. Note, that this is not a bulletproof way to +force a user to use certain options. A user may always directly edit the configuration files and bypass gpgconf. @noindent diff --git a/doc/whats-new-in-2.1.txt b/doc/whats-new-in-2.1.txt index dd29c66..19ed8b9 100644 --- a/doc/whats-new-in-2.1.txt +++ b/doc/whats-new-in-2.1.txt @@ -540,7 +540,7 @@ https://gnupg.org/faq/whats-new-in-2.1.html key id matching the key id of another key. Importing a key with a long key id already used by another key in gpg???s local key store was not possible due to checks done on import. Now, if the ???wrong??? key - has been imported first /gpg/ would not allow to later import the + has been imported first /gpg/ would not allow later import of the second ???correct??? key. This problem has been fixed in 2.1 by allowing the import and by doing trial verification against all matching keys. diff --git a/g10/export.c b/g10/export.c index 92235fb..8c15868 100644 --- a/g10/export.c +++ b/g10/export.c @@ -1925,7 +1925,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, continue; } - /* The agent does not yet allow to export v3 packets. It is + /* The agent does not yet allow export of v3 packets. It is actually questionable whether we should allow them at all. */ if (pk->version == 3) diff --git a/g10/getkey.c b/g10/getkey.c index 3fe8274..90083ba 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -2514,7 +2514,7 @@ merge_selfsigs_main (KBNODE keyblock, int *r_revoked, else if ((IS_UID_SIG (sig) || IS_UID_REV (sig)) && sig->timestamp >= sigdate) { - /* Note: we allow to invalidate cert revocations + /* Note: we allow invalidation of cert revocations * by a newer signature. An attacker can't use this * because a key should be revoked with a key revocation. * The reason why we have to allow for that is that at diff --git a/g10/import.c b/g10/import.c index b83f371..3c7edd7 100644 --- a/g10/import.c +++ b/g10/import.c @@ -2020,7 +2020,7 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, #ifdef ENABLE_SELINUX_HACKS if (1) { - /* We don't allow to import secret keys because that may be used + /* We don't allow importing secret keys because that may be used to put a secret key into the keyring and the user might later be tricked into signing stuff with that key. */ log_error (_("importing secret keys not allowed\n")); diff --git a/g10/keyedit.c b/g10/keyedit.c index 9ebd643..4c833f8 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -1338,7 +1338,7 @@ sign_uids (ctrl_t ctrl, estream_t fp, } /* Fixme: see whether there is a revocation in which - * case we should allow to sign it again. */ + * case we should allow signing it again. */ if (!node->pkt->pkt.signature->flags.exportable && local) tty_fprintf ( fp, _("\"%s\" was already locally signed by key %s\n"), diff --git a/m4/ksba.m4 b/m4/ksba.m4 index 73b2e26..3e14e67 100644 --- a/m4/ksba.m4 +++ b/m4/ksba.m4 @@ -13,11 +13,11 @@ dnl AM_PATH_KSBA([MINIMUM-VERSION, dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) dnl Test for libksba and define KSBA_CFLAGS and KSBA_LIBS -dnl MINIMUN-VERSION is a string with the version number optionalliy prefixed +dnl MINIMUM-VERSION is a string with the version number optionalliy prefixed dnl with the API version to also check the API compatibility. Example: -dnl a MINIMUN-VERSION of 1:1.0.7 won't pass the test unless the installed +dnl a MINIMUM-VERSION of 1:1.0.7 won't pass the test unless the installed dnl version of libksba is at least 1.0.7 *and* the API number is 1. Using -dnl this features allows to prevent build against newer versions of libksba +dnl this feature prevents building against newer versions of libksba dnl with a changed API. dnl AC_DEFUN([AM_PATH_KSBA], diff --git a/m4/libgcrypt.m4 b/m4/libgcrypt.m4 index c67cfec..d89fe11 100644 --- a/m4/libgcrypt.m4 +++ b/m4/libgcrypt.m4 @@ -15,11 +15,11 @@ dnl AM_PATH_LIBGCRYPT([MINIMUM-VERSION, dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) dnl Test for libgcrypt and define LIBGCRYPT_CFLAGS and LIBGCRYPT_LIBS. -dnl MINIMUN-VERSION is a string with the version number optionalliy prefixed +dnl MINIMUM-VERSION is a string with the version number optionalliy prefixed dnl with the API version to also check the API compatibility. Example: -dnl a MINIMUN-VERSION of 1:1.2.5 won't pass the test unless the installed +dnl a MINIMUM-VERSION of 1:1.2.5 won't pass the test unless the installed dnl version of libgcrypt is at least 1.2.5 *and* the API number is 1. Using -dnl this features allows to prevent build against newer versions of libgcrypt +dnl this feature prevents building against newer versions of libgcrypt dnl with a changed API. dnl dnl If a prefix option is not used, the config script is first diff --git a/m4/ntbtls.m4 b/m4/ntbtls.m4 index 85c8ee9..0a30d92 100644 --- a/m4/ntbtls.m4 +++ b/m4/ntbtls.m4 @@ -14,11 +14,11 @@ dnl AM_PATH_NTBTLS([MINIMUM-VERSION, dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) dnl dnl Test for NTBTLS and define NTBTLS_CFLAGS and NTBTLS_LIBS. -dnl MINIMUN-VERSION is a string with the version number optionalliy prefixed +dnl MINIMUM-VERSION is a string with the version number optionalliy prefixed dnl with the API version to also check the API compatibility. Example: -dnl a MINIMUN-VERSION of 1:1.2.5 won't pass the test unless the installed -dnl version of libgcrypt is at least 1.2.5 *and* the API number is 1. Using -dnl this features allows to prevent build against newer versions of libgcrypt +dnl a MINIMUM-VERSION of 1:1.2.5 won't pass the test unless the installed +dnl version of ntbtls is at least 1.2.5 *and* the API number is 1. Using +dnl this feature prevents building against newer versions of ntbtls dnl with a changed API. dnl AC_DEFUN([AM_PATH_NTBTLS], diff --git a/po/ca.po b/po/ca.po index 086ac26..633fc3c 100644 --- a/po/ca.po +++ b/po/ca.po @@ -8756,7 +8756,7 @@ msgstr "" msgid "Options enforcing a passphrase policy" msgstr "" -msgid "do not allow to bypass the passphrase policy" +msgid "do not allow bypassing the passphrase policy" msgstr "" msgid "|N|set minimal required length for new passphrases to N" diff --git a/po/cs.po b/po/cs.po index 96bb049..ef00cd1 100644 --- a/po/cs.po +++ b/po/cs.po @@ -8257,7 +8257,7 @@ msgstr "|N| nastavit maxim??ln?? ??ivotnost kl?????? SSH na N sekund" msgid "Options enforcing a passphrase policy" msgstr "Volby vynucuj??c?? politiku hesel" -msgid "do not allow to bypass the passphrase policy" +msgid "do not allow bypassing the passphrase policy" msgstr "nedovolit obej??t politiku hesel" msgid "|N|set minimal required length for new passphrases to N" diff --git a/po/da.po b/po/da.po index 2f8fb37..edc95da 100644 --- a/po/da.po +++ b/po/da.po @@ -8774,7 +8774,7 @@ msgstr "|N|angive maksimal livsforl??b for SSH-n??gle til N sekunder" msgid "Options enforcing a passphrase policy" msgstr "Tilvalg der fremtvinger en adgangsfrasepolitik" -msgid "do not allow to bypass the passphrase policy" +msgid "do not allow bypassing the passphrase policy" msgstr "tillad ikke omg??else af adgangsfrasepolitikken" msgid "|N|set minimal required length for new passphrases to N" diff --git a/po/de.po b/po/de.po index f341c5f..c8748fe 100644 --- a/po/de.po +++ b/po/de.po @@ -8322,7 +8322,7 @@ msgstr "|N|setze die maximale Lebenszeit von SSH Schl??sseln auf N Sekunden" msgid "Options enforcing a passphrase policy" msgstr "Optionen f??r eine Passphrase-Policy" -msgid "do not allow to bypass the passphrase policy" +msgid "do not allow bypassing the passphrase policy" msgstr "Einhaltung der Passphrase-Policy erzwingen" msgid "|N|set minimal required length for new passphrases to N" diff --git a/po/el.po b/po/el.po index 0160ccb..9e0cc10 100644 --- a/po/el.po +++ b/po/el.po @@ -8572,7 +8572,7 @@ msgstr "" msgid "Options enforcing a passphrase policy" msgstr "" -msgid "do not allow to bypass the passphrase policy" +msgid "do not allow bypassing the passphrase policy" msgstr "" msgid "|N|set minimal required length for new passphrases to N" diff --git a/po/eo.po b/po/eo.po index 958c534..7b9921b 100644 --- a/po/eo.po +++ b/po/eo.po @@ -8515,7 +8515,7 @@ msgstr "" msgid "Options enforcing a passphrase policy" msgstr "" -msgid "do not allow to bypass the passphrase policy" +msgid "do not allow bypassing the passphrase policy" msgstr "" msgid "|N|set minimal required length for new passphrases to N" diff --git a/po/es.po b/po/es.po index 5e374f5..4cbfd2e 100644 --- a/po/es.po +++ b/po/es.po @@ -8801,7 +8801,7 @@ msgstr "|N|establecer vida m msgid "Options enforcing a passphrase policy" msgstr "Opciones que fuerzan una pol?tica de frases contrase?a" -msgid "do not allow to bypass the passphrase policy" +msgid "do not allow bypassing the passphrase policy" msgstr "no permitir evitar la pol?tica de frases contrase?a" msgid "|N|set minimal required length for new passphrases to N" diff --git a/po/et.po b/po/et.po index 5d9dcf3..c0534d9 100644 --- a/po/et.po +++ b/po/et.po @@ -8489,7 +8489,7 @@ msgstr "" msgid "Options enforcing a passphrase policy" msgstr "" -msgid "do not allow to bypass the passphrase policy" +msgid "do not allow bypassing the passphrase policy" msgstr "" msgid "|N|set minimal required length for new passphrases to N" diff --git a/po/fi.po b/po/fi.po index 414f99b..0fe5521 100644 --- a/po/fi.po +++ b/po/fi.po @@ -8552,7 +8552,7 @@ msgstr "" msgid "Options enforcing a passphrase policy" msgstr "" -msgid "do not allow to bypass the passphrase policy" +msgid "do not allow bypassing the passphrase policy" msgstr "" msgid "|N|set minimal required length for new passphrases to N" diff --git a/po/fr.po b/po/fr.po index c4b6e4d..af39a5c 100644 --- a/po/fr.po +++ b/po/fr.po @@ -8490,7 +8490,7 @@ msgstr "|N|d??finir la dur??e maximale du cache de clef SSH ?? N??secondes" msgid "Options enforcing a passphrase policy" msgstr "Options d'application d'une politique de phrase secr??te" -msgid "do not allow to bypass the passphrase policy" +msgid "do not allow bypassing the passphrase policy" msgstr "pas de contournement de politique de phrase secr??te" msgid "|N|set minimal required length for new passphrases to N" diff --git a/po/gl.po b/po/gl.po index c8c5a26..c892f28 100644 --- a/po/gl.po +++ b/po/gl.po @@ -8576,7 +8576,7 @@ msgstr "" msgid "Options enforcing a passphrase policy" msgstr "" -msgid "do not allow to bypass the passphrase policy" +msgid "do not allow bypassing the passphrase policy" msgstr "" msgid "|N|set minimal required length for new passphrases to N" diff --git a/po/hu.po b/po/hu.po index 8505a8f..392ac37 100644 --- a/po/hu.po +++ b/po/hu.po @@ -8522,7 +8522,7 @@ msgstr "" msgid "Options enforcing a passphrase policy" msgstr "" -msgid "do not allow to bypass the passphrase policy" +msgid "do not allow bypassing the passphrase policy" msgstr "" msgid "|N|set minimal required length for new passphrases to N" diff --git a/po/id.po b/po/id.po index f1fbc44..452dccd 100644 --- a/po/id.po +++ b/po/id.po @@ -8511,7 +8511,7 @@ msgstr "" msgid "Options enforcing a passphrase policy" msgstr "" -msgid "do not allow to bypass the passphrase policy" +msgid "do not allow bypassing the passphrase policy" msgstr "" msgid "|N|set minimal required length for new passphrases to N" diff --git a/po/it.po b/po/it.po index 3a0572b..a5cf128 100644 --- a/po/it.po +++ b/po/it.po @@ -8555,7 +8555,7 @@ msgstr "" msgid "Options enforcing a passphrase policy" msgstr "" -msgid "do not allow to bypass the passphrase policy" +msgid "do not allow bypassing the passphrase policy" msgstr "" msgid "|N|set minimal required length for new passphrases to N" diff --git a/po/ja.po b/po/ja.po index 51cfc72..5f94814 100644 --- a/po/ja.po +++ b/po/ja.po @@ -7974,7 +7974,7 @@ msgstr "|N|??????SSH??????????????????N????????????" msgid "Options enforcing a passphrase policy" msgstr "??????????????????????????????????????????????????????" -msgid "do not allow to bypass the passphrase policy" +msgid "do not allow bypassing the passphrase policy" msgstr "??????????????????????????????????????????????????????????????????" msgid "|N|set minimal required length for new passphrases to N" diff --git a/po/nb.po b/po/nb.po index db163f2..12bfd13 100644 --- a/po/nb.po +++ b/po/nb.po @@ -8090,7 +8090,7 @@ msgstr "|N|endre maksimal livstid for SSH-n??kler til N antall sekunder" msgid "Options enforcing a passphrase policy" msgstr "Valg som h??ndhever passordfrase-regler" -msgid "do not allow to bypass the passphrase policy" +msgid "do not allow bypassing the passphrase policy" msgstr "ikke tillat overstyring av passordfrase-regler" msgid "|N|set minimal required length for new passphrases to N" diff --git a/po/pl.po b/po/pl.po index 74cd6d9..75822e4 100644 --- a/po/pl.po +++ b/po/pl.po @@ -8837,7 +8837,7 @@ msgstr "|N|ustawienie maksymalnego czasu msgid "Options enforcing a passphrase policy" msgstr "Opcje wymuszaj?ce polityk? hase?" -msgid "do not allow to bypass the passphrase policy" +msgid "do not allow bypassing the passphrase policy" msgstr "nie zezwalanie na pomini?cie polityki hase?" msgid "|N|set minimal required length for new passphrases to N" diff --git a/po/pt.po b/po/pt.po index beee02b..63c6cec 100644 --- a/po/pt.po +++ b/po/pt.po @@ -8524,7 +8524,7 @@ msgstr "" msgid "Options enforcing a passphrase policy" msgstr "" -msgid "do not allow to bypass the passphrase policy" +msgid "do not allow bypassing the passphrase policy" msgstr "" msgid "|N|set minimal required length for new passphrases to N" diff --git a/po/ro.po b/po/ro.po index 71435aa..dffe008 100644 --- a/po/ro.po +++ b/po/ro.po @@ -8586,7 +8586,7 @@ msgstr "" msgid "Options enforcing a passphrase policy" msgstr "" -msgid "do not allow to bypass the passphrase policy" +msgid "do not allow bypassing the passphrase policy" msgstr "" msgid "|N|set minimal required length for new passphrases to N" diff --git a/po/ru.po b/po/ru.po index 57c4045..f36a27c 100644 --- a/po/ru.po +++ b/po/ru.po @@ -8195,7 +8195,7 @@ msgstr "|N|???????????????????? ???????????????????????? ???????? ?????????????? msgid "Options enforcing a passphrase policy" msgstr "??????????????????, ???????????????????????????? ?????????????? ?????? ????????-??????????????" -msgid "do not allow to bypass the passphrase policy" +msgid "do not allow bypassing the passphrase policy" msgstr "???? ?????????????????? ???????????????? ?????????????? ?????? ????????-??????????????" msgid "|N|set minimal required length for new passphrases to N" diff --git a/po/sk.po b/po/sk.po index 8dda2be..d5e8692 100644 --- a/po/sk.po +++ b/po/sk.po @@ -8541,7 +8541,7 @@ msgstr "" msgid "Options enforcing a passphrase policy" msgstr "" -msgid "do not allow to bypass the passphrase policy" +msgid "do not allow bypassing the passphrase policy" msgstr "" msgid "|N|set minimal required length for new passphrases to N" diff --git a/po/sv.po b/po/sv.po index 5c41560..8ff4dbf 100644 --- a/po/sv.po +++ b/po/sv.po @@ -8917,7 +8917,7 @@ msgstr "|N|st??ll in maximal livstid f??r SSH-nyckel till N sekunder" msgid "Options enforcing a passphrase policy" msgstr "Flaggor som tvingar igenom en l??senfraspolicy" -msgid "do not allow to bypass the passphrase policy" +msgid "do not allow bypassing the passphrase policy" msgstr "till??t inte att g?? f??rbi l??senfraspolicyn" msgid "|N|set minimal required length for new passphrases to N" diff --git a/po/tr.po b/po/tr.po index 6e661b5..1eae9b4 100644 --- a/po/tr.po +++ b/po/tr.po @@ -8819,7 +8819,7 @@ msgstr "|N|azami SSH anahtar?? ??mr?? N saniyeye ayarlan??r" msgid "Options enforcing a passphrase policy" msgstr "Bir anahtar parolas?? kural??n?? zorlayan se??enekler" -msgid "do not allow to bypass the passphrase policy" +msgid "do not allow bypassing the passphrase policy" msgstr "anahtar parolas?? kural??n??n atlanmas??na izin verilmez" msgid "|N|set minimal required length for new passphrases to N" diff --git a/po/uk.po b/po/uk.po index 97442c8..ac57ed4 100644 --- a/po/uk.po +++ b/po/uk.po @@ -8299,7 +8299,7 @@ msgstr "|N|???????????????????? ???????????????????????? ?????????? ?????? ???? msgid "Options enforcing a passphrase policy" msgstr "?????????????????? ?????????????????????? ???????????????????????? ???????????? ??????????????" -msgid "do not allow to bypass the passphrase policy" +msgid "do not allow bypassing the passphrase policy" msgstr "???? ?????????????????? ?????????? ???????????? ??????????????" msgid "|N|set minimal required length for new passphrases to N" diff --git a/po/zh_CN.po b/po/zh_CN.po index 41613c7..27f88bb 100644 --- a/po/zh_CN.po +++ b/po/zh_CN.po @@ -8410,7 +8410,7 @@ msgstr "" msgid "Options enforcing a passphrase policy" msgstr "" -msgid "do not allow to bypass the passphrase policy" +msgid "do not allow bypassing the passphrase policy" msgstr "" msgid "|N|set minimal required length for new passphrases to N" diff --git a/po/zh_TW.po b/po/zh_TW.po index d9a4bb8..9438e3d 100644 --- a/po/zh_TW.po +++ b/po/zh_TW.po @@ -8039,7 +8039,7 @@ msgstr "|N|??? SSH ?????????????????????????????? N ???" msgid "Options enforcing a passphrase policy" msgstr "?????????????????????????????????" -msgid "do not allow to bypass the passphrase policy" +msgid "do not allow bypassing the passphrase policy" msgstr "???????????????????????????" msgid "|N|set minimal required length for new passphrases to N" diff --git a/scd/app-p15.c b/scd/app-p15.c index e4d9de0..12254ab 100644 --- a/scd/app-p15.c +++ b/scd/app-p15.c @@ -2935,8 +2935,8 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, /* Due to the fact that the non-repudiation signature on a BELPIC card requires a verify immediately before the DSO we set the - MSE before we do the verification. Other cards might allow to do - this also but I don't want to break anything, thus we do it only + MSE before we do the verification. Other cards might also allow + this but I don't want to break anything, thus we do it only for the BELPIC card here. */ if (app->app_local->card_type == CARD_TYPE_BELPIC) { diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index 7a093f6..b1523cb 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -2980,7 +2980,7 @@ ccid_transceive (ccid_driver_t handle, nresp = &dummy_nresp; *nresp = 0; - /* Smarter readers allow to send APDUs directly; divert here. */ + /* Smarter readers allow sending APDUs directly; divert here. */ if (handle->apdu_level) { /* We employ a hack for Omnikey readers which are able to send diff --git a/scd/command.c b/scd/command.c index d90c320..239480b 100644 --- a/scd/command.c +++ b/scd/command.c @@ -499,7 +499,7 @@ static const char hlp_serialno[] = "error is returned if the application is not supported or available.\n" "The default is to auto-select the application using a hardwired\n" "preference system. Note, that a future extension to this function\n" - "may allow to specify a list and order of applications to try.\n" + "may enable specifying a list and order of applications to try.\n" "\n" "This function is special in that it can be used to reset the card.\n" "Most other functions will return an error when a card change has\n" diff --git a/sm/gpgsm.c b/sm/gpgsm.c index 9b7dd4b..b64072e 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -1681,7 +1681,7 @@ main ( int argc, char **argv) /* Build the recipient list. We first add the regular ones and then the encrypt-to ones because the underlying function will silently - ignore duplicates and we can't allow to keep a duplicate which is + ignore duplicates and we can't allow keeping a duplicate which is flagged as encrypt-to as the actually encrypt function would then complain about no (regular) recipients. */ for (sl = remusr; sl; sl = sl->next) @@ -1785,7 +1785,7 @@ main ( int argc, char **argv) { estream_t fp = open_es_fwrite (opt.outfile?opt.outfile:"-"); - /* Fixme: We should also allow to concatenate multiple files for + /* Fixme: We should also allow concatenation of multiple files for signing because that is what gpg does.*/ set_binary (stdin); if (!argc) /* Create from stdin. */ diff --git a/sm/sign.c b/sm/sign.c index 08eebb7..6cb1f86 100644 --- a/sm/sign.c +++ b/sm/sign.c @@ -109,7 +109,7 @@ hash_and_copy_data (int fd, gcry_md_hd_t md, ksba_writer_t writer) es_fclose (fp); if (!any) { - /* We can't allow to sign an empty message because it does not + /* We can't allow signing an empty message because it does not make much sense and more seriously, ksba_cms_build has already written the tag for data and now expects an octet string and an octet string of size 0 is illegal. */ diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c index 3d456a9..82b5325 100644 --- a/tools/gpgconf-comp.c +++ b/tools/gpgconf-comp.c @@ -560,7 +560,7 @@ static gc_option_t gc_options_gpg_agent[] = "gnupg", N_("Options enforcing a passphrase policy") }, { "enforce-passphrase-constraints", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT, "gnupg", - N_("do not allow to bypass the passphrase policy"), + N_("do not allow bypassing the passphrase policy"), GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT }, { "min-passphrase-len", GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED, "gnupg", @@ -3736,7 +3736,7 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults, if (defaults) { - /* Here we explicitly allow to update the value again. */ + /* Here we explicitly allow updating the value again. */ if (newflags) { option_info->new_flags = 0; diff --git a/tools/gpgtar.h b/tools/gpgtar.h index 3f21ea1..7d03719 100644 --- a/tools/gpgtar.h +++ b/tools/gpgtar.h @@ -103,7 +103,7 @@ struct tar_header_s unsigned long long mtime; /* Modification time since Epoch. Note that we don't use time_t here but a type which is more likely to be larger - that 32 bit and thus allows to track + that 32 bit and thus allows tracking times beyond 2106. */ typeflag_t typeflag; /* The type of the file. */ commit 436b28c23194fa77919967338d5a61a82d242153 Author: Daniel Kahn Gillmor Date: Mon Aug 1 22:19:16 2016 -0400 dirmngr: Emit correct spelling of "superseded". * dirmngr/crlcache.c (list_one_crl_entry): Spell superseded correctly. * dirmngr/ocsp.c (ocsp_invalid): Likewise. This might break some tools which parse the existing output and expect misspellings, but i'm not sure there are many such tools, and we should use standardized orthography going forward. Signed-off-by: Daniel Kahn Gillmor diff --git a/dirmngr/crlcache.c b/dirmngr/crlcache.c index 25ce7a6..af2a956 100644 --- a/dirmngr/crlcache.c +++ b/dirmngr/crlcache.c @@ -2361,7 +2361,7 @@ list_one_crl_entry (crl_cache_t cache, crl_cache_entry_t e, estream_t fp) if (reason & KSBA_CRLREASON_AFFILIATION_CHANGED ) es_fputs( "affiliation_changed ", fp ), any = 1; if (reason & KSBA_CRLREASON_SUPERSEDED ) - es_fputs( "superseeded", fp ), any = 1; + es_fputs( "superseded", fp ), any = 1; if (reason & KSBA_CRLREASON_CESSATION_OF_OPERATION ) es_fputs( "cessation_of_operation", fp ), any = 1; if (reason & KSBA_CRLREASON_CERTIFICATE_HOLD ) diff --git a/dirmngr/ocsp.c b/dirmngr/ocsp.c index e123409..561b7d7 100644 --- a/dirmngr/ocsp.c +++ b/dirmngr/ocsp.c @@ -716,7 +716,7 @@ ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr, reason == KSBA_CRLREASON_CA_COMPROMISE? "CA compromise": reason == KSBA_CRLREASON_AFFILIATION_CHANGED? "affiliation changed": - reason == KSBA_CRLREASON_SUPERSEDED? "superseeded": + reason == KSBA_CRLREASON_SUPERSEDED? "superseded": reason == KSBA_CRLREASON_CESSATION_OF_OPERATION? "cessation of operation": reason == KSBA_CRLREASON_CERTIFICATE_HOLD? commit cd45cf782b91ff0f6b023913963e5258ffcbf464 Author: Daniel Kahn Gillmor Date: Mon Aug 1 22:19:15 2016 -0400 Fix spelling and grammar. * agent/learncard.c: s/coccured/occurred/ * doc/dirmngr.texi: s/ommitted/omitted/, s/orginally/originally/, s/reponses/responses/i * doc/gpg-agent.texi, doc/dirmngr.texi, doc/gpg.texi: Fix "allows to" to more conventional english usage. * doc/tools.texi, g10/gpgcommpose.c, tests/openpgp/armor.scm, tests/openpgp/armor.test: s/occured/occurred/ * tools/gpgsplit.c: s/calcualting/calculating/ * sm/server.c: s/formated/formatted/ Signed-off-by: Daniel Kahn Gillmor diff --git a/agent/learncard.c b/agent/learncard.c index e0f2340..e9304fb 100644 --- a/agent/learncard.c +++ b/agent/learncard.c @@ -133,7 +133,7 @@ kpinfo_cb (void *opaque, const char *line) char *p; if (parm->error) - return; /* no need to gather data after an error coccured */ + return; /* no need to gather data after an error occurred */ if ((parm->error = agent_write_status (parm->ctrl, "PROGRESS", "learncard", "k", "0", "0", NULL))) @@ -190,7 +190,7 @@ certinfo_cb (void *opaque, const char *line) char *p, *pend; if (parm->error) - return; /* no need to gather data after an error coccured */ + return; /* no need to gather data after an error occurred */ if ((parm->error = agent_write_status (parm->ctrl, "PROGRESS", "learncard", "c", "0", "0", NULL))) @@ -232,7 +232,7 @@ sinfo_cb (void *opaque, const char *keyword, size_t keywordlen, SINFO item; if (sparm->error) - return; /* no need to gather data after an error coccured */ + return; /* no need to gather data after an error occurred */ item = xtrycalloc (1, sizeof *item + keywordlen + 1 + strlen (data)); if (!item) diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi index e87442f..033b5d3 100644 --- a/doc/dirmngr.texi +++ b/doc/dirmngr.texi @@ -321,9 +321,9 @@ whether @option{--honor-http-proxy} has been set. @item --ldap-proxy @var{host}[:@var{port}] @opindex ldap-proxy Use @var{host} and @var{port} to connect to LDAP servers. If @var{port} -is ommitted, port 389 (standard LDAP port) is used. This overrides any +is omitted, port 389 (standard LDAP port) is used. This overrides any specified host and port part in a LDAP URL and will also be used if host -and port have been ommitted from the URL. +and port have been omitted from the URL. @item --only-ldap-proxy @opindex only-ldap-proxy @@ -346,12 +346,12 @@ This server list file contains one LDAP server per line in the format Lines starting with a @samp{#} are comments. Note that as usual all strings entered are expected to be UTF-8 encoded. -Obviously this will lead to problems if the password has orginally been +Obviously this will lead to problems if the password has originally been encoded as Latin-1. There is no other solution here than to put such a password in the binary encoding into the file (i.e. non-ascii characters won't show up readable). at footnote{The @command{gpgconf} tool might be -helpful for frontends as it allows to edit this configuration file using -percent escaped strings.} +helpful for frontends as it enables editing this configuration file using +percent-escaped strings.} @item --ldaptimeout @var{secs} @@ -474,7 +474,7 @@ In the deprecated system daemon mode the second directory is used instead. @item /etc/gnupg/trusted-certs This directory should be filled with certificates of Root CAs you -are trusting in checking the CRLs and signing OCSP Reponses. +are trusting in checking the CRLs and signing OCSP Responses. Usually these are the same certificates you use with the applications making use of dirmngr. It is expected that each of these certificate @@ -496,7 +496,7 @@ This directory may contain extra certificates which are preloaded into the interal cache on startup. Applications using dirmngr (e.g. gpgsm) can request cached certificates to complete a trust chain. This is convenient in cases you have a couple intermediate CA certificates -or certificates ususally used to sign OCSP reponses. +or certificates ususally used to sign OCSP responses. These certificates are first tried before going out to the net to look for them. These certificates must also be @acronym{DER} encoded and suffixed with @file{.crt} or @file{.der}. diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index cd5d751..b481dd6 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -540,8 +540,8 @@ Also listen on native gpg-agent connections on the given socket. The intended use for this extra socket is to setup a Unix domain socket forwarding from a remote machine to this socket on the local machine. A @command{gpg} running on the remote machine may then connect to the -local gpg-agent and use its private keys. This allows to decrypt or -sign data on a remote machine without exposing the private keys to the +local gpg-agent and use its private keys. This enables decrypting or +signing data on a remote machine without exposing the private keys to the remote machine. @@ -633,7 +633,7 @@ agent. By default they may all be found in the current home directory lines are ignored. To mark a key as trusted you need to enter its fingerprint followed by a space and a capital letter @code{S}. Colons may optionally be used to separate the bytes of a fingerprint; this - allows to cut and paste the fingerprint from a key listing output. If + enables cutting and pasting the fingerprint from a key listing output. If the line is prefixed with a @code{!} the key is explicitly marked as not trusted. @@ -1041,8 +1041,8 @@ Here is an example session: @subsection Generating a Key This is used to create a new keypair and store the secret key inside the -active PSE --- which is in most cases a Soft-PSE. An not yet defined -option allows to choose the storage location. To get the secret key out +active PSE --- which is in most cases a Soft-PSE. A not-yet-defined +option allows choosing the storage location. To get the secret key out of the PSE, a special export tool has to be used. @example diff --git a/doc/gpg.texi b/doc/gpg.texi index 38f417e..3be401f 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1678,7 +1678,7 @@ mechanisms, in the order they are to be tried: may be used here to query that particular keyserver. @item local - Locate the key using the local keyrings. This mechanism allows to + Locate the key using the local keyrings. This mechanism allows the user to select the order a local key lookup is done. Thus using @samp{--auto-key-locate local} is identical to @option{--no-auto-key-locate}. @@ -2110,7 +2110,7 @@ Use @var{name} as the key to sign with. Note that this option overrides @opindex try-secret-key For hidden recipients GPG needs to know the keys to use for trial decryption. The key set with @option{--default-key} is always tried -first, but this is often not sufficient. This option allows to set more +first, but this is often not sufficient. This option allows setting more keys to be used for trial decryption. Although any valid user-id specification may be used for @var{name} it makes sense to use at least the long keyid to avoid ambiguities. Note that gpg-agent might pop up a @@ -2791,7 +2791,7 @@ to display the message. This option overrides @option{--set-filename}. @itemx --no-use-embedded-filename @opindex use-embedded-filename Try to create a file with a name as embedded in the data. This can be -a dangerous option as it allows to overwrite files. Defaults to no. +a dangerous option as it enables overwriting files. Defaults to no. @item --cipher-algo @code{name} @opindex cipher-algo diff --git a/doc/tools.texi b/doc/tools.texi index 577df8e..e52d6a7 100644 --- a/doc/tools.texi +++ b/doc/tools.texi @@ -1749,7 +1749,7 @@ The possible exit status codes of @command{symcryptrun} are: @item 0 Success. @item 1 - Some error occured. + Some error occurred. @item 2 No valid passphrase was provided. @item 3 diff --git a/g10/gpgcompose.c b/g10/gpgcompose.c index cd5346f..e3bb013 100644 --- a/g10/gpgcompose.c +++ b/g10/gpgcompose.c @@ -1317,7 +1317,7 @@ sig_notation (const char *option, int argc, char *argv[], void *cookie) else notation = string_to_notation (p, 1); if (! notation) - log_fatal ("creating notation: an unknown error occured.\n"); + log_fatal ("creating notation: an unknown error occurred.\n"); notation->next = si->notations; si->notations = notation; diff --git a/sm/server.c b/sm/server.c index 8b4a29c..cdccff3 100644 --- a/sm/server.c +++ b/sm/server.c @@ -1039,7 +1039,7 @@ static const char hlp_getauditlog[] = "If --data is used, the output is send using D-lines and not to the\n" "file descriptor given by an OUTPUT command.\n" "\n" - "If --html is used the output is formated as an XHTML block. This is\n" + "If --html is used the output is formatted as an XHTML block. This is\n" "designed to be incorporated into a HTML document."; static gpg_error_t cmd_getauditlog (assuan_context_t ctx, char *line) diff --git a/tests/openpgp/armor.scm b/tests/openpgp/armor.scm index 5b4ea14..578e248 100755 --- a/tests/openpgp/armor.scm +++ b/tests/openpgp/armor.scm @@ -749,7 +749,7 @@ wg7Md81a5RI3F2FG8747t9gX ") ;; Bug 1179 solved 2010-05-12: -;; It occured for messages of a multiple of the iobuf block size where +;; It occurred for messages of a multiple of the iobuf block size where ;; the last line had no pad character. Due to premature poppng of thea ;; rmor filter gpg swalled the CRC line and passed the '-----END...' ;; line on to the decryption layer. diff --git a/tests/openpgp/armor.test b/tests/openpgp/armor.test index ce5939c..72831e3 100755 --- a/tests/openpgp/armor.test +++ b/tests/openpgp/armor.test @@ -742,7 +742,7 @@ wg7Md81a5RI3F2FG8747t9gX ' # Bug 1179 solved 2010-05-12: -# It occured for messages of a multiple of the iobuf block size where +# It occurred for messages of a multiple of the iobuf block size where # the last line had no pad character. Due to premature poppng of thea # rmor filter gpg swalled the CRC line and passed the '-----END...' # line on to the decryption layer. diff --git a/tools/gpgsplit.c b/tools/gpgsplit.c index 2451ab3..93dd8ed 100644 --- a/tools/gpgsplit.c +++ b/tools/gpgsplit.c @@ -577,7 +577,7 @@ write_part (FILE *fpin, unsigned long pktlen, len = public_key_length (blob, pktlen); if (!len) { - log_error ("error calcualting public key length\n"); + log_error ("error calculating public key length\n"); g10_exit (1); } if ( (hdr[0] & 0x40) ) ----------------------------------------------------------------------- Summary of changes: README | 13 +++++++------ agent/command.c | 2 +- agent/keyformat.txt | 2 +- agent/learncard.c | 6 +++--- common/i18n.c | 6 +++--- common/iobuf.c | 2 +- common/keyserver.h | 4 ++-- dirmngr/cdblib.c | 2 +- dirmngr/crlcache.c | 2 +- dirmngr/ldap-wrapper.c | 4 ++-- dirmngr/ocsp.c | 2 +- doc/DETAILS | 4 ++-- doc/TRANSLATE | 4 ++-- doc/announce-2.1.txt | 8 ++++---- doc/dirmngr.texi | 14 +++++++------- doc/gpg-agent.texi | 10 +++++----- doc/gpg.texi | 8 ++++---- doc/gpgsm.texi | 4 ++-- doc/scdaemon.texi | 10 +++++----- doc/tools.texi | 10 +++++----- doc/whats-new-in-2.1.txt | 2 +- g10/export.c | 2 +- g10/getkey.c | 2 +- g10/gpgcompose.c | 2 +- g10/import.c | 2 +- g10/keyedit.c | 2 +- kbx/keybox-update.c | 1 + m4/ksba.m4 | 6 +++--- m4/libgcrypt.m4 | 6 +++--- m4/ntbtls.m4 | 8 ++++---- po/ca.po | 2 +- po/cs.po | 2 +- po/da.po | 2 +- po/de.po | 2 +- po/el.po | 2 +- po/eo.po | 2 +- po/es.po | 2 +- po/et.po | 2 +- po/fi.po | 2 +- po/fr.po | 2 +- po/gl.po | 2 +- po/hu.po | 2 +- po/id.po | 2 +- po/it.po | 2 +- po/ja.po | 2 +- po/nb.po | 2 +- po/pl.po | 2 +- po/pt.po | 2 +- po/ro.po | 2 +- po/ru.po | 2 +- po/sk.po | 2 +- po/sv.po | 2 +- po/tr.po | 2 +- po/uk.po | 2 +- po/zh_CN.po | 2 +- po/zh_TW.po | 2 +- scd/app-p15.c | 4 ++-- scd/ccid-driver.c | 2 +- scd/command.c | 2 +- sm/gpgsm.c | 4 ++-- sm/server.c | 2 +- sm/sign.c | 2 +- tests/openpgp/armor.scm | 2 +- tests/openpgp/armor.test | 2 +- tools/gpgconf-comp.c | 4 ++-- tools/gpgsplit.c | 2 +- tools/gpgtar.h | 2 +- 67 files changed, 116 insertions(+), 114 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Aug 4 09:29:17 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 04 Aug 2016 09:29:17 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.14-39-g6f284e6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 6f284e6ed63f514b15fe610f490ffcefc87a2164 (commit) from 993f36e23cf8c2216a40d3e51b922a1edd871e1b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6f284e6ed63f514b15fe610f490ffcefc87a2164 Author: NIIBE Yutaka Date: Thu Aug 4 16:21:39 2016 +0900 g10: Fix checking key for signature validation. * g10/sig-check.c (check_signature2): Not only subkey, but also primary key should have flags.valid=1. -- The tweak of gpgv in e32c575e0f3704e7563048eea6d26844bdfc494b only makes sense with this change. Signed-off-by: NIIBE Yutaka diff --git a/g10/sig-check.c b/g10/sig-check.c index 7000b48..334add7 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -118,9 +118,9 @@ check_signature2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate, } else if( get_pubkey( pk, sig->keyid ) ) rc = GPG_ERR_NO_PUBKEY; - else if(!pk->flags.valid && !pk->flags.primary) + else if(!pk->flags.valid) { - /* You cannot have a good sig from an invalid subkey. */ + /* You cannot have a good sig from an invalid key. */ rc = GPG_ERR_BAD_PUBKEY; } else ----------------------------------------------------------------------- Summary of changes: g10/sig-check.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Aug 4 10:03:13 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 04 Aug 2016 10:03:13 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.14-40-g573e0f3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 573e0f36190346e0263bea3ae12a389f4f598d55 (commit) from 6f284e6ed63f514b15fe610f490ffcefc87a2164 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 573e0f36190346e0263bea3ae12a389f4f598d55 Author: NIIBE Yutaka Date: Thu Aug 4 17:02:20 2016 +0900 po: update Japanese translation. diff --git a/po/ja.po b/po/ja.po index 5f94814..35482a3 100644 --- a/po/ja.po +++ b/po/ja.po @@ -8,9 +8,9 @@ # msgid "" msgstr "" -"Project-Id-Version: gnupg 2.1.12\n" +"Project-Id-Version: gnupg 2.1.15\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2016-06-07 14:12+0900\n" +"PO-Revision-Date: 2016-08-04 16:38+0900\n" "Last-Translator: NIIBE Yutaka \n" "Language-Team: none\n" "Language: ja\n" @@ -432,10 +432,6 @@ msgid "error binding socket to '%s': %s\n" msgstr "'%s'??????????????: %s\n" #, c-format -msgid "can't set permissions of '%s': %s\n" -msgstr "'%s'???????????: %s\n" - -#, c-format msgid "listen() failed: %s\n" msgstr "listen() ???????: %s\n" @@ -452,6 +448,10 @@ msgid "directory '%s' created\n" msgstr "??????'%s'????????\n" #, c-format +msgid "can't set permissions of '%s': %s\n" +msgstr "'%s'???????????: %s\n" + +#, c-format msgid "stat() failed for '%s': %s\n" msgstr "'%s'?stat()???????: %s\n" @@ -1652,14 +1652,6 @@ msgstr "??????????????????" msgid " - skipped" msgstr " - ?????????" -#, c-format -msgid "writing to '%s'\n" -msgstr "'%s'??????\n" - -#, c-format -msgid "key %s: key material on-card - skipped\n" -msgstr "?%s: ??????????? - ???????\n" - msgid "exporting secret keys not allowed\n" msgstr "??????????????????\n" @@ -1667,6 +1659,10 @@ msgstr "??????????????????\n" msgid "key %s: PGP 2.x style key - skipped\n" msgstr "?%s: PGP 2.x?????? - ???????\n" +#, c-format +msgid "key %s: key material on-card - skipped\n" +msgstr "?%s: ??????????? - ???????\n" + msgid "WARNING: nothing exported\n" msgstr "*??*: ???????????????\n" @@ -1773,11 +1769,6 @@ msgstr "?????????????" msgid "quickly add a new user-id" msgstr "??????????ID???" -#, fuzzy -#| msgid "quickly add a new user-id" -msgid "quickly revoke a user-id" -msgstr "??????????ID???" - msgid "full featured key pair generation" msgstr "??????????" @@ -1811,13 +1802,13 @@ msgstr "?????????" msgid "export keys" msgstr "??????????" -msgid "export keys to a keyserver" +msgid "export keys to a key server" msgstr "???????????????" -msgid "import keys from a keyserver" +msgid "import keys from a key server" msgstr "???????????????" -msgid "search for keys on a keyserver" +msgid "search for keys on a key server" msgstr "???????????" msgid "update all keys from a keyserver" @@ -2034,340 +2025,6 @@ msgstr "?????????????????" msgid "show expiration dates during signature listings" msgstr "???????????????????" -msgid "available TOFU policies:\n" -msgstr "?????TOFU????:\n" - -#, c-format -msgid "unknown TOFU policy '%s'\n" -msgstr "???TOFU????'%s'\n" - -msgid "(use \"help\" to list choices)\n" -msgstr "(????????\"help\"????????)\n" - -#, c-format -msgid "unknown TOFU DB format '%s'\n" -msgstr "???TOFU DB??????'%s'\n" - -#, c-format -msgid "Note: old default options file '%s' ignored\n" -msgstr "*??*: ????????????????????'%s'????????\n" - -#, c-format -msgid "libgcrypt is too old (need %s, have %s)\n" -msgstr "libgcrypt ?????? (?? %s, ?? %s)\n" - -#, c-format -msgid "Note: %s is not for normal use!\n" -msgstr "*??*: ??%s??????!\n" - -#, c-format -msgid "'%s' is not a valid signature expiration\n" -msgstr "'%s'????????????????\n" - -#, c-format -msgid "invalid pinentry mode '%s'\n" -msgstr "??? pinentry mode '%s'??\n" - -#, c-format -msgid "'%s' is not a valid character set\n" -msgstr "'%s'????????????????\n" - -msgid "could not parse keyserver URL\n" -msgstr "?????URL?????\n" - -#, c-format -msgid "%s:%d: invalid keyserver options\n" -msgstr "%s:%d: ???????????????\n" - -msgid "invalid keyserver options\n" -msgstr "???????????????\n" - -#, c-format -msgid "%s:%d: invalid import options\n" -msgstr "%s:%d: ????????????????\n" - -msgid "invalid import options\n" -msgstr "????????????????\n" - -#, fuzzy, c-format -#| msgid "invalid list options\n" -msgid "invalid filter option: %s\n" -msgstr "????????????\n" - -#, c-format -msgid "%s:%d: invalid export options\n" -msgstr "%s:%d: ?????????????????\n" - -msgid "invalid export options\n" -msgstr "?????????????????\n" - -#, c-format -msgid "%s:%d: invalid list options\n" -msgstr "%s:%d: ????????????\n" - -msgid "invalid list options\n" -msgstr "????????????\n" - -msgid "display photo IDs during signature verification" -msgstr "??????????ID?????" - -msgid "show policy URLs during signature verification" -msgstr "???????????URL?????" - -msgid "show all notations during signature verification" -msgstr "??????????????????" - -msgid "show IETF standard notations during signature verification" -msgstr "???????IETF?????????" - -msgid "show user-supplied notations during signature verification" -msgstr "??????????????????" - -msgid "show preferred keyserver URLs during signature verification" -msgstr "?????????????URL?????" - -msgid "show user ID validity during signature verification" -msgstr "??????????ID?????????" - -msgid "show revoked and expired user IDs in signature verification" -msgstr "??????????????ID????????????ID?????" - -msgid "show only the primary user ID in signature verification" -msgstr "????????????ID????????" - -msgid "validate signatures with PKA data" -msgstr "PKA???????????" - -msgid "elevate the trust of signatures with valid PKA data" -msgstr "???PKA????????????????" - -#, c-format -msgid "%s:%d: invalid verify options\n" -msgstr "%s:%d: ????????????\n" - -msgid "invalid verify options\n" -msgstr "????????????\n" - -#, c-format -msgid "unable to set exec-path to %s\n" -msgstr "exec-path?%s?????\n" - -#, c-format -msgid "%s:%d: invalid auto-key-locate list\n" -msgstr "%s:%d: ??? auto-key-locate ?????\n" - -msgid "invalid auto-key-locate list\n" -msgstr "??? auto-key-locate ?????\n" - -msgid "WARNING: program may create a core file!\n" -msgstr "*??*: ??????core????????????????!\n" - -#, c-format -msgid "WARNING: %s overrides %s\n" -msgstr "*??*: %s?%s????\n" - -#, c-format -msgid "%s not allowed with %s!\n" -msgstr "%s?%s??????????????!\n" - -#, c-format -msgid "%s makes no sense with %s!\n" -msgstr "%s?%s?????????????!\n" - -msgid "WARNING: running with faked system time: " -msgstr "*??*: ???????????????????: " - -#, c-format -msgid "will not run with insecure memory due to %s\n" -msgstr "%s ?????????????????????\n" - -msgid "selected cipher algorithm is invalid\n" -msgstr "???????????????????\n" - -msgid "selected digest algorithm is invalid\n" -msgstr "????????????????????????\n" - -msgid "selected compression algorithm is invalid\n" -msgstr "???????????????????\n" - -msgid "selected certification digest algorithm is invalid\n" -msgstr "???????????????????????????\n" - -msgid "completes-needed must be greater than 0\n" -msgstr "completes-needed?????????\n" - -msgid "marginals-needed must be greater than 1\n" -msgstr "marginals-needed?1???????????\n" - -msgid "max-cert-depth must be in the range from 1 to 255\n" -msgstr "max-cert-depth?1??255?????????????\n" - -msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n" -msgstr "???default-cert-level?0?1?2?3??????????\n" - -msgid "invalid min-cert-level; must be 1, 2, or 3\n" -msgstr "???min-cert-level?0?1?2?3??????????\n" - -msgid "Note: simple S2K mode (0) is strongly discouraged\n" -msgstr "*??*: ???S2K???(0)????????????\n" - -msgid "invalid S2K mode; must be 0, 1 or 3\n" -msgstr "???S2K????0?1?3??????????\n" - -msgid "invalid default preferences\n" -msgstr "?????????????\n" - -msgid "invalid personal cipher preferences\n" -msgstr "???????????????\n" - -msgid "invalid personal digest preferences\n" -msgstr "?????????????????\n" - -msgid "invalid personal compress preferences\n" -msgstr "?????????????\n" - -#, c-format -msgid "%s does not yet work with %s\n" -msgstr "%s?%s??????????\n" - -#, c-format -msgid "you may not use cipher algorithm '%s' while in %s mode\n" -msgstr "????????'%s'?%s??????????????\n" - -#, c-format -msgid "you may not use digest algorithm '%s' while in %s mode\n" -msgstr "?????????????'%s'?%s??????????????\n" - -#, c-format -msgid "you may not use compression algorithm '%s' while in %s mode\n" -msgstr "????????'%s'?%s??????????????\n" - -#, c-format -msgid "failed to initialize the TrustDB: %s\n" -msgstr "???????????????????: %s\n" - -msgid "WARNING: recipients (-r) given without using public key encryption\n" -msgstr "*??*: ?????????????? (-r) ????????\n" - -msgid "--store [filename]" -msgstr "--store [?????]" - -msgid "--symmetric [filename]" -msgstr "--symmetric [?????]" - -#, c-format -msgid "symmetric encryption of '%s' failed: %s\n" -msgstr "'%s'?????????????: %s\n" - -msgid "--encrypt [filename]" -msgstr "--encrypt [?????]" - -msgid "--symmetric --encrypt [filename]" -msgstr "--symmetric --encrypt [?????]" - -msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n" -msgstr "--symmetric --encrypt?--s2k-mode 0???????????\n" - -#, c-format -msgid "you cannot use --symmetric --encrypt while in %s mode\n" -msgstr "--symmetric --encrypt?%s??????????????\n" - -msgid "--sign [filename]" -msgstr "--sign [?????]" - -msgid "--sign --encrypt [filename]" -msgstr "--sign --encrypt [?????]" - -msgid "--symmetric --sign --encrypt [filename]" -msgstr "--symmetric --sign --encrypt [?????]" - -msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n" -msgstr "--symmetric --sign --encrypt?--s2k-mode 0???????????\n" - -#, c-format -msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n" -msgstr "--symmetric --sign --encrypt?%s??????????????\n" - -msgid "--sign --symmetric [filename]" -msgstr "--sign --symmetric [?????]" - -msgid "--clearsign [filename]" -msgstr "--clearsign [?????]" - -msgid "--decrypt [filename]" -msgstr "--decrypt [?????]" - -msgid "--sign-key user-id" -msgstr "--sign-key ???id" - -msgid "--lsign-key user-id" -msgstr "--lsign-key ???id" - -msgid "--edit-key user-id [commands]" -msgstr "--edit-key ???id [????]" - -msgid "--passwd " -msgstr "--passwd " - -#, c-format -msgid "keyserver send failed: %s\n" -msgstr "???????????????: %s\n" - -#, c-format -msgid "keyserver receive failed: %s\n" -msgstr "????????????????: %s\n" - -#, c-format -msgid "key export failed: %s\n" -msgstr "???????????????: %s\n" - -#, c-format -msgid "export as ssh key failed: %s\n" -msgstr "ssh??????????????????: %s\n" - -#, c-format -msgid "keyserver search failed: %s\n" -msgstr "??????????????: %s\n" - -#, c-format -msgid "keyserver refresh failed: %s\n" -msgstr "??????????????: %s\n" - -#, c-format -msgid "dearmoring failed: %s\n" -msgstr "???????????: %s\n" - -#, c-format -msgid "enarmoring failed: %s\n" -msgstr "?????????: %s\n" - -#, c-format -msgid "invalid hash algorithm '%s'\n" -msgstr "??????????????'%s'??\n" - -#, c-format -msgid "error parsing key specification '%s': %s\n" -msgstr "???'%s'????????: %s\n" - -#, c-format -msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n" -msgstr "'%s'?????ID, ??????????keygrip?????????\n" - -msgid "[filename]" -msgstr "[?????]" - -msgid "Go ahead and type your message ...\n" -msgstr "??????????????????? ...\n" - -msgid "the given certification policy URL is invalid\n" -msgstr "?????????????URL?????\n" - -msgid "the given signature policy URL is invalid\n" -msgstr "????????????URL?????\n" - -msgid "the given preferred keyserver URL is invalid\n" -msgstr "???????????URL?????\n" - msgid "|FILE|take the keys from the keyring FILE" msgstr "|FILE|????FILE???????" @@ -2409,11 +2066,6 @@ msgstr "??????????????????????" msgid "do not update the trustdb after import" msgstr "?????????????????????" -#, fuzzy -#| msgid "show key fingerprint" -msgid "show key during import" -msgstr "??????????????" - msgid "only accept updates to existing keys" msgstr "????????????????" @@ -2423,9 +2075,6 @@ msgstr "???????????????????????? msgid "remove as much as possible from key after import" msgstr "?????????????????" -msgid "run import filters and export key immediately" -msgstr "" - #, c-format msgid "skipping block of type %d\n" msgstr "?%d?????????????\n" @@ -2567,6 +2216,10 @@ msgid "no writable keyring found: %s\n" msgstr "???????????????????: %s\n" #, c-format +msgid "writing to '%s'\n" +msgstr "'%s'??????\n" + +#, c-format msgid "error writing keyring '%s': %s\n" msgstr "????'%s'????????: %s\n" @@ -3276,11 +2929,6 @@ msgstr "?????????: %s\n" msgid "Key not changed so no update needed.\n" msgstr "????????????????\n" -#, fuzzy, c-format -#| msgid "Key generation failed: %s\n" -msgid "User ID revocation failed: %s\n" -msgstr "???????????: %s\n" - #, c-format msgid "\"%s\" is not a fingerprint\n" msgstr "\"%s\"?????????????????\n" @@ -3509,6 +3157,9 @@ msgstr "???ID\"%s\"?v3????????????\n" msgid "Enter your preferred keyserver URL: " msgstr "??????URL?????????: " +msgid "could not parse keyserver URL\n" +msgstr "?????URL?????\n" + msgid "Are you sure you want to replace it? (y/N) " msgstr "????????????? (y/N) " @@ -3582,10 +3233,6 @@ msgid "no secret key\n" msgstr "?????????\n" #, c-format -msgid "tried to revoke a non-user ID: %s\n" -msgstr "" - -#, c-format msgid "user ID \"%s\" is already revoked\n" msgstr "???ID\"%s\"????????????\n" @@ -4078,6 +3725,10 @@ msgstr[0] "*??*: %lu?????????????????? msgid "Keyring" msgstr "????" +#, c-format +msgid "skipped \"%s\": %s\n" +msgstr "\"%s\"?????????: %s\n" + msgid "Primary key fingerprint:" msgstr " ???????????:" @@ -4187,14 +3838,14 @@ msgid "no keyserver known\n" msgstr "???????????\n" #, c-format -msgid "skipped \"%s\": %s\n" -msgstr "\"%s\"?????????: %s\n" - -#, c-format msgid "sending key %s to %s\n" msgstr "?%s?%s???\n" #, c-format +msgid "keyserver send failed: %s\n" +msgstr "???????????????: %s\n" + +#, c-format msgid "requesting key from '%s'\n" msgstr "??'%s'????\n" @@ -5345,6 +4996,10 @@ msgid "error updating TOFU database: %s\n" msgstr "TOFU????????????: %s\n" #, c-format +msgid "error setting TOFU binding's trust level to %s\n" +msgstr "TOFU??????????????????: %s\n" + +#, c-format msgid "The binding %s is NOT known." msgstr "%s??????????????" @@ -5417,14 +5072,14 @@ msgid_plural " over the past %ld months." msgstr[0] "??%ld???" #. TRANSLATORS: Please translate the text found in the source -#. * file below. We don't directly internationalize that text so -#. * that we can tweak it without breaking translations. +#. file below. We don't directly internationalize that text +#. so that we can tweak it without breaking translations. msgid "TOFU detected a binding conflict" msgstr "TOFU??????????????????" #. TRANSLATORS: Two letters (normally the lower and upper case -#. * version of the hotkey) for each of the five choices. If -#. * there is only one choice in your language, repeat it. +#. version of the hotkey) for each of the five choices. If +#. there is only one choice in your language, repeat it. msgid "gGaAuUrRbB" msgstr "gGaAuUrRbB" @@ -5434,10 +5089,6 @@ msgstr "" "?, (B)ad-??? " #, c-format -msgid "error setting TOFU binding's trust level to %s\n" -msgstr "TOFU??????????????????: %s\n" - -#, c-format msgid "error changing TOFU policy: %s\n" msgstr "TOFU??????????: %s\n" @@ -6558,9 +6209,25 @@ msgstr "%s:%u: ????????????????\n" msgid "%s:%u: skipping this line\n" msgstr "%s:%u: ????????\n" +#, c-format +msgid "invalid pinentry mode '%s'\n" +msgstr "??? pinentry mode '%s'??\n" + msgid "could not parse keyserver\n" msgstr "?????URL?????\n" +msgid "WARNING: program may create a core file!\n" +msgstr "*??*: ??????core????????????????!\n" + +msgid "WARNING: running with faked system time: " +msgstr "*??*: ???????????????????: " + +msgid "selected cipher algorithm is invalid\n" +msgstr "???????????????????\n" + +msgid "selected digest algorithm is invalid\n" +msgstr "????????????????????????\n" + #, c-format msgid "importing common certificates '%s'\n" msgstr "???????????????: %s\n" @@ -7974,7 +7641,7 @@ msgstr "|N|??SSH??????N????" msgid "Options enforcing a passphrase policy" msgstr "??????????????????" -msgid "do not allow bypassing the passphrase policy" +msgid "do not allow to bypass the passphrase policy" msgstr "??????????????????????" msgid "|N|set minimal required length for new passphrases to N" @@ -8283,6 +7950,295 @@ msgstr "" "??: gpg-check-pattern [?????] ????????\n" "????????????????????????????\n" +#~ msgid "quickly revoke a user-id" +#~ msgstr "???????ID???" + +#~ msgid "available TOFU policies:\n" +#~ msgstr "?????TOFU????:\n" + +#~ msgid "unknown TOFU policy '%s'\n" +#~ msgstr "???TOFU????'%s'\n" + +#~ msgid "(use \"help\" to list choices)\n" +#~ msgstr "(????????\"help\"????????)\n" + +#~ msgid "unknown TOFU DB format '%s'\n" +#~ msgstr "???TOFU DB??????'%s'\n" + +#~ msgid "Note: old default options file '%s' ignored\n" +#~ msgstr "" +#~ "*??*: ????????????????????'%s'????????\n" + +#~ msgid "libgcrypt is too old (need %s, have %s)\n" +#~ msgstr "libgcrypt ?????? (?? %s, ?? %s)\n" + +#~ msgid "Note: %s is not for normal use!\n" +#~ msgstr "*??*: ??%s??????!\n" + +#~ msgid "'%s' is not a valid signature expiration\n" +#~ msgstr "'%s'????????????????\n" + +#~ msgid "'%s' is not a valid character set\n" +#~ msgstr "'%s'????????????????\n" + +#~ msgid "%s:%d: invalid keyserver options\n" +#~ msgstr "%s:%d: ???????????????\n" + +#~ msgid "invalid keyserver options\n" +#~ msgstr "???????????????\n" + +#~ msgid "%s:%d: invalid import options\n" +#~ msgstr "%s:%d: ????????????????\n" + +#~ msgid "invalid import options\n" +#~ msgstr "????????????????\n" + +#~ msgid "invalid filter option: %s\n" +#~ msgstr "???????????????: %s\n" + +#~ msgid "%s:%d: invalid export options\n" +#~ msgstr "%s:%d: ?????????????????\n" + +#~ msgid "invalid export options\n" +#~ msgstr "?????????????????\n" + +#~ msgid "%s:%d: invalid list options\n" +#~ msgstr "%s:%d: ????????????\n" + +#~ msgid "invalid list options\n" +#~ msgstr "????????????\n" + +#~ msgid "display photo IDs during signature verification" +#~ msgstr "??????????ID?????" + +#~ msgid "show policy URLs during signature verification" +#~ msgstr "???????????URL?????" + +#~ msgid "show all notations during signature verification" +#~ msgstr "??????????????????" + +#~ msgid "show IETF standard notations during signature verification" +#~ msgstr "???????IETF?????????" + +#~ msgid "show user-supplied notations during signature verification" +#~ msgstr "??????????????????" + +#~ msgid "show preferred keyserver URLs during signature verification" +#~ msgstr "?????????????URL?????" + +#~ msgid "show user ID validity during signature verification" +#~ msgstr "??????????ID?????????" + +#~ msgid "show revoked and expired user IDs in signature verification" +#~ msgstr "??????????????ID????????????ID?????" + +#~ msgid "show only the primary user ID in signature verification" +#~ msgstr "????????????ID????????" + +#~ msgid "validate signatures with PKA data" +#~ msgstr "PKA???????????" + +#~ msgid "elevate the trust of signatures with valid PKA data" +#~ msgstr "???PKA????????????????" + +#~ msgid "%s:%d: invalid verify options\n" +#~ msgstr "%s:%d: ????????????\n" + +#~ msgid "invalid verify options\n" +#~ msgstr "????????????\n" + +#~ msgid "unable to set exec-path to %s\n" +#~ msgstr "exec-path?%s?????\n" + +#~ msgid "%s:%d: invalid auto-key-locate list\n" +#~ msgstr "%s:%d: ??? auto-key-locate ?????\n" + +#~ msgid "invalid auto-key-locate list\n" +#~ msgstr "??? auto-key-locate ?????\n" + +#~ msgid "WARNING: %s overrides %s\n" +#~ msgstr "*??*: %s?%s????\n" + +#~ msgid "%s not allowed with %s!\n" +#~ msgstr "%s?%s??????????????!\n" + +#~ msgid "%s makes no sense with %s!\n" +#~ msgstr "%s?%s?????????????!\n" + +#~ msgid "will not run with insecure memory due to %s\n" +#~ msgstr "%s ?????????????????????\n" + +#~ msgid "selected compression algorithm is invalid\n" +#~ msgstr "???????????????????\n" + +#~ msgid "selected certification digest algorithm is invalid\n" +#~ msgstr "???????????????????????????\n" + +#~ msgid "completes-needed must be greater than 0\n" +#~ msgstr "completes-needed?????????\n" + +#~ msgid "marginals-needed must be greater than 1\n" +#~ msgstr "marginals-needed?1???????????\n" + +#~ msgid "max-cert-depth must be in the range from 1 to 255\n" +#~ msgstr "max-cert-depth?1??255?????????????\n" + +#~ msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n" +#~ msgstr "???default-cert-level?0?1?2?3??????????\n" + +#~ msgid "invalid min-cert-level; must be 1, 2, or 3\n" +#~ msgstr "???min-cert-level?0?1?2?3??????????\n" + +#~ msgid "Note: simple S2K mode (0) is strongly discouraged\n" +#~ msgstr "*??*: ???S2K???(0)????????????\n" + +#~ msgid "invalid S2K mode; must be 0, 1 or 3\n" +#~ msgstr "???S2K????0?1?3??????????\n" + +#~ msgid "invalid default preferences\n" +#~ msgstr "?????????????\n" + +#~ msgid "invalid personal cipher preferences\n" +#~ msgstr "???????????????\n" + +#~ msgid "invalid personal digest preferences\n" +#~ msgstr "?????????????????\n" + +#~ msgid "invalid personal compress preferences\n" +#~ msgstr "?????????????\n" + +#~ msgid "%s does not yet work with %s\n" +#~ msgstr "%s?%s??????????\n" + +#~ msgid "you may not use cipher algorithm '%s' while in %s mode\n" +#~ msgstr "????????'%s'?%s??????????????\n" + +#~ msgid "you may not use digest algorithm '%s' while in %s mode\n" +#~ msgstr "?????????????'%s'?%s??????????????\n" + +#~ msgid "you may not use compression algorithm '%s' while in %s mode\n" +#~ msgstr "????????'%s'?%s??????????????\n" + +#~ msgid "failed to initialize the TrustDB: %s\n" +#~ msgstr "???????????????????: %s\n" + +#~ msgid "WARNING: recipients (-r) given without using public key encryption\n" +#~ msgstr "*??*: ?????????????? (-r) ????????\n" + +#~ msgid "--store [filename]" +#~ msgstr "--store [?????]" + +#~ msgid "--symmetric [filename]" +#~ msgstr "--symmetric [?????]" + +#~ msgid "symmetric encryption of '%s' failed: %s\n" +#~ msgstr "'%s'?????????????: %s\n" + +#~ msgid "--encrypt [filename]" +#~ msgstr "--encrypt [?????]" + +#~ msgid "--symmetric --encrypt [filename]" +#~ msgstr "--symmetric --encrypt [?????]" + +#~ msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n" +#~ msgstr "--symmetric --encrypt?--s2k-mode 0???????????\n" + +#~ msgid "you cannot use --symmetric --encrypt while in %s mode\n" +#~ msgstr "--symmetric --encrypt?%s??????????????\n" + +#~ msgid "--sign [filename]" +#~ msgstr "--sign [?????]" + +#~ msgid "--sign --encrypt [filename]" +#~ msgstr "--sign --encrypt [?????]" + +#~ msgid "--symmetric --sign --encrypt [filename]" +#~ msgstr "--symmetric --sign --encrypt [?????]" + +#~ msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n" +#~ msgstr "--symmetric --sign --encrypt?--s2k-mode 0???????????\n" + +#~ msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n" +#~ msgstr "--symmetric --sign --encrypt?%s??????????????\n" + +#~ msgid "--sign --symmetric [filename]" +#~ msgstr "--sign --symmetric [?????]" + +#~ msgid "--clearsign [filename]" +#~ msgstr "--clearsign [?????]" + +#~ msgid "--decrypt [filename]" +#~ msgstr "--decrypt [?????]" + +#~ msgid "--sign-key user-id" +#~ msgstr "--sign-key ???id" + +#~ msgid "--lsign-key user-id" +#~ msgstr "--lsign-key ???id" + +#~ msgid "--edit-key user-id [commands]" +#~ msgstr "--edit-key ???id [????]" + +#~ msgid "--passwd " +#~ msgstr "--passwd " + +#~ msgid "keyserver receive failed: %s\n" +#~ msgstr "????????????????: %s\n" + +#~ msgid "key export failed: %s\n" +#~ msgstr "???????????????: %s\n" + +#~ msgid "export as ssh key failed: %s\n" +#~ msgstr "ssh??????????????????: %s\n" + +#~ msgid "keyserver search failed: %s\n" +#~ msgstr "??????????????: %s\n" + +#~ msgid "keyserver refresh failed: %s\n" +#~ msgstr "??????????????: %s\n" + +#~ msgid "dearmoring failed: %s\n" +#~ msgstr "???????????: %s\n" + +#~ msgid "enarmoring failed: %s\n" +#~ msgstr "?????????: %s\n" + +#~ msgid "invalid hash algorithm '%s'\n" +#~ msgstr "??????????????'%s'??\n" + +#~ msgid "error parsing key specification '%s': %s\n" +#~ msgstr "???'%s'????????: %s\n" + +#~ msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n" +#~ msgstr "'%s'?????ID, ??????????keygrip?????????\n" + +#~ msgid "[filename]" +#~ msgstr "[?????]" + +#~ msgid "Go ahead and type your message ...\n" +#~ msgstr "??????????????????? ...\n" + +#~ msgid "the given certification policy URL is invalid\n" +#~ msgstr "?????????????URL?????\n" + +#~ msgid "the given signature policy URL is invalid\n" +#~ msgstr "????????????URL?????\n" + +#~ msgid "the given preferred keyserver URL is invalid\n" +#~ msgstr "???????????URL?????\n" + +#~ msgid "show key during import" +#~ msgstr "????????????" + +#~ msgid "run import filters and export key immediately" +#~ msgstr "????????????????????????????" + +#~ msgid "User ID revocation failed: %s\n" +#~ msgstr "???ID??????????: %s\n" + +#~ msgid "tried to revoke a non-user ID: %s\n" +#~ msgstr "???ID????????????????: %s\n" + #~ msgid "you found a bug ... (%s:%d)\n" #~ msgstr "????????????? ... (%s:%d)\n" ----------------------------------------------------------------------- Summary of changes: po/ja.po | 728 ++++++++++++++++++++++++++++++--------------------------------- 1 file changed, 342 insertions(+), 386 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Aug 4 10:31:41 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 04 Aug 2016 10:31:41 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.14-41-g89234f7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 89234f7f3643bad2daddc94569f1d651ec5c835e (commit) from 573e0f36190346e0263bea3ae12a389f4f598d55 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 89234f7f3643bad2daddc94569f1d651ec5c835e Author: NIIBE Yutaka Date: Thu Aug 4 17:31:13 2016 +0900 po: Update Japanese translation. diff --git a/po/ja.po b/po/ja.po index 35482a3..8c2de0f 100644 --- a/po/ja.po +++ b/po/ja.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg 2.1.15\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2016-08-04 16:38+0900\n" +"PO-Revision-Date: 2016-08-04 17:30+0900\n" "Last-Translator: NIIBE Yutaka \n" "Language-Team: none\n" "Language: ja\n" @@ -432,6 +432,10 @@ msgid "error binding socket to '%s': %s\n" msgstr "'%s'??????????????: %s\n" #, c-format +msgid "can't set permissions of '%s': %s\n" +msgstr "'%s'???????????: %s\n" + +#, c-format msgid "listen() failed: %s\n" msgstr "listen() ???????: %s\n" @@ -448,10 +452,6 @@ msgid "directory '%s' created\n" msgstr "??????'%s'????????\n" #, c-format -msgid "can't set permissions of '%s': %s\n" -msgstr "'%s'???????????: %s\n" - -#, c-format msgid "stat() failed for '%s': %s\n" msgstr "'%s'?stat()???????: %s\n" @@ -1652,6 +1652,14 @@ msgstr "??????????????????" msgid " - skipped" msgstr " - ?????????" +#, c-format +msgid "writing to '%s'\n" +msgstr "'%s'??????\n" + +#, c-format +msgid "key %s: key material on-card - skipped\n" +msgstr "?%s: ??????????? - ???????\n" + msgid "exporting secret keys not allowed\n" msgstr "??????????????????\n" @@ -1659,10 +1667,6 @@ msgstr "??????????????????\n" msgid "key %s: PGP 2.x style key - skipped\n" msgstr "?%s: PGP 2.x?????? - ???????\n" -#, c-format -msgid "key %s: key material on-card - skipped\n" -msgstr "?%s: ??????????? - ???????\n" - msgid "WARNING: nothing exported\n" msgstr "*??*: ???????????????\n" @@ -1769,6 +1773,9 @@ msgstr "?????????????" msgid "quickly add a new user-id" msgstr "??????????ID???" +msgid "quickly revoke a user-id" +msgstr "???????ID???" + msgid "full featured key pair generation" msgstr "??????????" @@ -1802,13 +1809,13 @@ msgstr "?????????" msgid "export keys" msgstr "??????????" -msgid "export keys to a key server" +msgid "export keys to a keyserver" msgstr "???????????????" -msgid "import keys from a key server" +msgid "import keys from a keyserver" msgstr "???????????????" -msgid "search for keys on a key server" +msgid "search for keys on a keyserver" msgstr "???????????" msgid "update all keys from a keyserver" @@ -2025,6 +2032,339 @@ msgstr "?????????????????" msgid "show expiration dates during signature listings" msgstr "???????????????????" +msgid "available TOFU policies:\n" +msgstr "?????TOFU????:\n" + +#, c-format +msgid "unknown TOFU policy '%s'\n" +msgstr "???TOFU????'%s'\n" + +msgid "(use \"help\" to list choices)\n" +msgstr "(????????\"help\"????????)\n" + +#, c-format +msgid "unknown TOFU DB format '%s'\n" +msgstr "???TOFU DB??????'%s'\n" + +#, c-format +msgid "Note: old default options file '%s' ignored\n" +msgstr "*??*: ????????????????????'%s'????????\n" + +#, c-format +msgid "libgcrypt is too old (need %s, have %s)\n" +msgstr "libgcrypt ?????? (?? %s, ?? %s)\n" + +#, c-format +msgid "Note: %s is not for normal use!\n" +msgstr "*??*: ??%s??????!\n" + +#, c-format +msgid "'%s' is not a valid signature expiration\n" +msgstr "'%s'????????????????\n" + +#, c-format +msgid "invalid pinentry mode '%s'\n" +msgstr "??? pinentry mode '%s'??\n" + +#, c-format +msgid "'%s' is not a valid character set\n" +msgstr "'%s'????????????????\n" + +msgid "could not parse keyserver URL\n" +msgstr "?????URL?????\n" + +#, c-format +msgid "%s:%d: invalid keyserver options\n" +msgstr "%s:%d: ???????????????\n" + +msgid "invalid keyserver options\n" +msgstr "???????????????\n" + +#, c-format +msgid "%s:%d: invalid import options\n" +msgstr "%s:%d: ????????????????\n" + +msgid "invalid import options\n" +msgstr "????????????????\n" + +#, c-format +msgid "invalid filter option: %s\n" +msgstr "???????????????: %s\n" + +#, c-format +msgid "%s:%d: invalid export options\n" +msgstr "%s:%d: ?????????????????\n" + +msgid "invalid export options\n" +msgstr "?????????????????\n" + +#, c-format +msgid "%s:%d: invalid list options\n" +msgstr "%s:%d: ????????????\n" + +msgid "invalid list options\n" +msgstr "????????????\n" + +msgid "display photo IDs during signature verification" +msgstr "??????????ID?????" + +msgid "show policy URLs during signature verification" +msgstr "???????????URL?????" + +msgid "show all notations during signature verification" +msgstr "??????????????????" + +msgid "show IETF standard notations during signature verification" +msgstr "???????IETF?????????" + +msgid "show user-supplied notations during signature verification" +msgstr "??????????????????" + +msgid "show preferred keyserver URLs during signature verification" +msgstr "?????????????URL?????" + +msgid "show user ID validity during signature verification" +msgstr "??????????ID?????????" + +msgid "show revoked and expired user IDs in signature verification" +msgstr "??????????????ID????????????ID?????" + +msgid "show only the primary user ID in signature verification" +msgstr "????????????ID????????" + +msgid "validate signatures with PKA data" +msgstr "PKA???????????" + +msgid "elevate the trust of signatures with valid PKA data" +msgstr "???PKA????????????????" + +#, c-format +msgid "%s:%d: invalid verify options\n" +msgstr "%s:%d: ????????????\n" + +msgid "invalid verify options\n" +msgstr "????????????\n" + +#, c-format +msgid "unable to set exec-path to %s\n" +msgstr "exec-path?%s?????\n" + +#, c-format +msgid "%s:%d: invalid auto-key-locate list\n" +msgstr "%s:%d: ??? auto-key-locate ?????\n" + +msgid "invalid auto-key-locate list\n" +msgstr "??? auto-key-locate ?????\n" + +msgid "WARNING: program may create a core file!\n" +msgstr "*??*: ??????core????????????????!\n" + +#, c-format +msgid "WARNING: %s overrides %s\n" +msgstr "*??*: %s?%s????\n" + +#, c-format +msgid "%s not allowed with %s!\n" +msgstr "%s?%s??????????????!\n" + +#, c-format +msgid "%s makes no sense with %s!\n" +msgstr "%s?%s?????????????!\n" + +msgid "WARNING: running with faked system time: " +msgstr "*??*: ???????????????????: " + +#, c-format +msgid "will not run with insecure memory due to %s\n" +msgstr "%s ?????????????????????\n" + +msgid "selected cipher algorithm is invalid\n" +msgstr "???????????????????\n" + +msgid "selected digest algorithm is invalid\n" +msgstr "????????????????????????\n" + +msgid "selected compression algorithm is invalid\n" +msgstr "???????????????????\n" + +msgid "selected certification digest algorithm is invalid\n" +msgstr "???????????????????????????\n" + +msgid "completes-needed must be greater than 0\n" +msgstr "completes-needed?????????\n" + +msgid "marginals-needed must be greater than 1\n" +msgstr "marginals-needed?1???????????\n" + +msgid "max-cert-depth must be in the range from 1 to 255\n" +msgstr "max-cert-depth?1??255?????????????\n" + +msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n" +msgstr "???default-cert-level?0?1?2?3??????????\n" + +msgid "invalid min-cert-level; must be 1, 2, or 3\n" +msgstr "???min-cert-level?0?1?2?3??????????\n" + +msgid "Note: simple S2K mode (0) is strongly discouraged\n" +msgstr "*??*: ???S2K???(0)????????????\n" + +msgid "invalid S2K mode; must be 0, 1 or 3\n" +msgstr "???S2K????0?1?3??????????\n" + +msgid "invalid default preferences\n" +msgstr "?????????????\n" + +msgid "invalid personal cipher preferences\n" +msgstr "???????????????\n" + +msgid "invalid personal digest preferences\n" +msgstr "?????????????????\n" + +msgid "invalid personal compress preferences\n" +msgstr "?????????????\n" + +#, c-format +msgid "%s does not yet work with %s\n" +msgstr "%s?%s??????????\n" + +#, c-format +msgid "you may not use cipher algorithm '%s' while in %s mode\n" +msgstr "????????'%s'?%s??????????????\n" + +#, c-format +msgid "you may not use digest algorithm '%s' while in %s mode\n" +msgstr "?????????????'%s'?%s??????????????\n" + +#, c-format +msgid "you may not use compression algorithm '%s' while in %s mode\n" +msgstr "????????'%s'?%s??????????????\n" + +#, c-format +msgid "failed to initialize the TrustDB: %s\n" +msgstr "???????????????????: %s\n" + +msgid "WARNING: recipients (-r) given without using public key encryption\n" +msgstr "*??*: ?????????????? (-r) ????????\n" + +msgid "--store [filename]" +msgstr "--store [?????]" + +msgid "--symmetric [filename]" +msgstr "--symmetric [?????]" + +#, c-format +msgid "symmetric encryption of '%s' failed: %s\n" +msgstr "'%s'?????????????: %s\n" + +msgid "--encrypt [filename]" +msgstr "--encrypt [?????]" + +msgid "--symmetric --encrypt [filename]" +msgstr "--symmetric --encrypt [?????]" + +msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n" +msgstr "--symmetric --encrypt?--s2k-mode 0???????????\n" + +#, c-format +msgid "you cannot use --symmetric --encrypt while in %s mode\n" +msgstr "--symmetric --encrypt?%s??????????????\n" + +msgid "--sign [filename]" +msgstr "--sign [?????]" + +msgid "--sign --encrypt [filename]" +msgstr "--sign --encrypt [?????]" + +msgid "--symmetric --sign --encrypt [filename]" +msgstr "--symmetric --sign --encrypt [?????]" + +msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n" +msgstr "--symmetric --sign --encrypt?--s2k-mode 0???????????\n" + +#, c-format +msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n" +msgstr "--symmetric --sign --encrypt?%s??????????????\n" + +msgid "--sign --symmetric [filename]" +msgstr "--sign --symmetric [?????]" + +msgid "--clearsign [filename]" +msgstr "--clearsign [?????]" + +msgid "--decrypt [filename]" +msgstr "--decrypt [?????]" + +msgid "--sign-key user-id" +msgstr "--sign-key ???id" + +msgid "--lsign-key user-id" +msgstr "--lsign-key ???id" + +msgid "--edit-key user-id [commands]" +msgstr "--edit-key ???id [????]" + +msgid "--passwd " +msgstr "--passwd " + +#, c-format +msgid "keyserver send failed: %s\n" +msgstr "???????????????: %s\n" + +#, c-format +msgid "keyserver receive failed: %s\n" +msgstr "????????????????: %s\n" + +#, c-format +msgid "key export failed: %s\n" +msgstr "???????????????: %s\n" + +#, c-format +msgid "export as ssh key failed: %s\n" +msgstr "ssh??????????????????: %s\n" + +#, c-format +msgid "keyserver search failed: %s\n" +msgstr "??????????????: %s\n" + +#, c-format +msgid "keyserver refresh failed: %s\n" +msgstr "??????????????: %s\n" + +#, c-format +msgid "dearmoring failed: %s\n" +msgstr "???????????: %s\n" + +#, c-format +msgid "enarmoring failed: %s\n" +msgstr "?????????: %s\n" + +#, c-format +msgid "invalid hash algorithm '%s'\n" +msgstr "??????????????'%s'??\n" + +#, c-format +msgid "error parsing key specification '%s': %s\n" +msgstr "???'%s'????????: %s\n" + +#, c-format +msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n" +msgstr "'%s'?????ID, ??????????keygrip?????????\n" + +msgid "[filename]" +msgstr "[?????]" + +msgid "Go ahead and type your message ...\n" +msgstr "??????????????????? ...\n" + +msgid "the given certification policy URL is invalid\n" +msgstr "?????????????URL?????\n" + +msgid "the given signature policy URL is invalid\n" +msgstr "????????????URL?????\n" + +msgid "the given preferred keyserver URL is invalid\n" +msgstr "???????????URL?????\n" + msgid "|FILE|take the keys from the keyring FILE" msgstr "|FILE|????FILE???????" @@ -2066,6 +2406,9 @@ msgstr "??????????????????????" msgid "do not update the trustdb after import" msgstr "?????????????????????" +msgid "show key during import" +msgstr "????????????" + msgid "only accept updates to existing keys" msgstr "????????????????" @@ -2075,6 +2418,9 @@ msgstr "???????????????????????? msgid "remove as much as possible from key after import" msgstr "?????????????????" +msgid "run import filters and export key immediately" +msgstr "????????????????????????????" + #, c-format msgid "skipping block of type %d\n" msgstr "?%d?????????????\n" @@ -2216,10 +2562,6 @@ msgid "no writable keyring found: %s\n" msgstr "???????????????????: %s\n" #, c-format -msgid "writing to '%s'\n" -msgstr "'%s'??????\n" - -#, c-format msgid "error writing keyring '%s': %s\n" msgstr "????'%s'????????: %s\n" @@ -2930,6 +3272,10 @@ msgid "Key not changed so no update needed.\n" msgstr "????????????????\n" #, c-format +msgid "User ID revocation failed: %s\n" +msgstr "???ID??????????: %s\n" + +#, c-format msgid "\"%s\" is not a fingerprint\n" msgstr "\"%s\"?????????????????\n" @@ -3157,9 +3503,6 @@ msgstr "???ID\"%s\"?v3????????????\n" msgid "Enter your preferred keyserver URL: " msgstr "??????URL?????????: " -msgid "could not parse keyserver URL\n" -msgstr "?????URL?????\n" - msgid "Are you sure you want to replace it? (y/N) " msgstr "????????????? (y/N) " @@ -3233,6 +3576,10 @@ msgid "no secret key\n" msgstr "?????????\n" #, c-format +msgid "tried to revoke a non-user ID: %s\n" +msgstr "???ID????????????????: %s\n" + +#, c-format msgid "user ID \"%s\" is already revoked\n" msgstr "???ID\"%s\"????????????\n" @@ -3725,10 +4072,6 @@ msgstr[0] "*??*: %lu?????????????????? msgid "Keyring" msgstr "????" -#, c-format -msgid "skipped \"%s\": %s\n" -msgstr "\"%s\"?????????: %s\n" - msgid "Primary key fingerprint:" msgstr " ???????????:" @@ -3838,12 +4181,12 @@ msgid "no keyserver known\n" msgstr "???????????\n" #, c-format -msgid "sending key %s to %s\n" -msgstr "?%s?%s???\n" +msgid "skipped \"%s\": %s\n" +msgstr "\"%s\"?????????: %s\n" #, c-format -msgid "keyserver send failed: %s\n" -msgstr "???????????????: %s\n" +msgid "sending key %s to %s\n" +msgstr "?%s?%s???\n" #, c-format msgid "requesting key from '%s'\n" @@ -4996,10 +5339,6 @@ msgid "error updating TOFU database: %s\n" msgstr "TOFU????????????: %s\n" #, c-format -msgid "error setting TOFU binding's trust level to %s\n" -msgstr "TOFU??????????????????: %s\n" - -#, c-format msgid "The binding %s is NOT known." msgstr "%s??????????????" @@ -5072,14 +5411,14 @@ msgid_plural " over the past %ld months." msgstr[0] "??%ld???" #. TRANSLATORS: Please translate the text found in the source -#. file below. We don't directly internationalize that text -#. so that we can tweak it without breaking translations. +#. * file below. We don't directly internationalize that text so +#. * that we can tweak it without breaking translations. msgid "TOFU detected a binding conflict" msgstr "TOFU??????????????????" #. TRANSLATORS: Two letters (normally the lower and upper case -#. version of the hotkey) for each of the five choices. If -#. there is only one choice in your language, repeat it. +#. * version of the hotkey) for each of the five choices. If +#. * there is only one choice in your language, repeat it. msgid "gGaAuUrRbB" msgstr "gGaAuUrRbB" @@ -5089,6 +5428,10 @@ msgstr "" "?, (B)ad-??? " #, c-format +msgid "error setting TOFU binding's trust level to %s\n" +msgstr "TOFU??????????????????: %s\n" + +#, c-format msgid "error changing TOFU policy: %s\n" msgstr "TOFU??????????: %s\n" @@ -6209,25 +6552,9 @@ msgstr "%s:%u: ????????????????\n" msgid "%s:%u: skipping this line\n" msgstr "%s:%u: ????????\n" -#, c-format -msgid "invalid pinentry mode '%s'\n" -msgstr "??? pinentry mode '%s'??\n" - msgid "could not parse keyserver\n" msgstr "?????URL?????\n" -msgid "WARNING: program may create a core file!\n" -msgstr "*??*: ??????core????????????????!\n" - -msgid "WARNING: running with faked system time: " -msgstr "*??*: ???????????????????: " - -msgid "selected cipher algorithm is invalid\n" -msgstr "???????????????????\n" - -msgid "selected digest algorithm is invalid\n" -msgstr "????????????????????????\n" - #, c-format msgid "importing common certificates '%s'\n" msgstr "???????????????: %s\n" @@ -7641,7 +7968,7 @@ msgstr "|N|??SSH??????N????" msgid "Options enforcing a passphrase policy" msgstr "??????????????????" -msgid "do not allow to bypass the passphrase policy" +msgid "do not allow bypassing the passphrase policy" msgstr "??????????????????????" msgid "|N|set minimal required length for new passphrases to N" @@ -7950,295 +8277,6 @@ msgstr "" "??: gpg-check-pattern [?????] ????????\n" "????????????????????????????\n" -#~ msgid "quickly revoke a user-id" -#~ msgstr "???????ID???" - -#~ msgid "available TOFU policies:\n" -#~ msgstr "?????TOFU????:\n" - -#~ msgid "unknown TOFU policy '%s'\n" -#~ msgstr "???TOFU????'%s'\n" - -#~ msgid "(use \"help\" to list choices)\n" -#~ msgstr "(????????\"help\"????????)\n" - -#~ msgid "unknown TOFU DB format '%s'\n" -#~ msgstr "???TOFU DB??????'%s'\n" - -#~ msgid "Note: old default options file '%s' ignored\n" -#~ msgstr "" -#~ "*??*: ????????????????????'%s'????????\n" - -#~ msgid "libgcrypt is too old (need %s, have %s)\n" -#~ msgstr "libgcrypt ?????? (?? %s, ?? %s)\n" - -#~ msgid "Note: %s is not for normal use!\n" -#~ msgstr "*??*: ??%s??????!\n" - -#~ msgid "'%s' is not a valid signature expiration\n" -#~ msgstr "'%s'????????????????\n" - -#~ msgid "'%s' is not a valid character set\n" -#~ msgstr "'%s'????????????????\n" - -#~ msgid "%s:%d: invalid keyserver options\n" -#~ msgstr "%s:%d: ???????????????\n" - -#~ msgid "invalid keyserver options\n" -#~ msgstr "???????????????\n" - -#~ msgid "%s:%d: invalid import options\n" -#~ msgstr "%s:%d: ????????????????\n" - -#~ msgid "invalid import options\n" -#~ msgstr "????????????????\n" - -#~ msgid "invalid filter option: %s\n" -#~ msgstr "???????????????: %s\n" - -#~ msgid "%s:%d: invalid export options\n" -#~ msgstr "%s:%d: ?????????????????\n" - -#~ msgid "invalid export options\n" -#~ msgstr "?????????????????\n" - -#~ msgid "%s:%d: invalid list options\n" -#~ msgstr "%s:%d: ????????????\n" - -#~ msgid "invalid list options\n" -#~ msgstr "????????????\n" - -#~ msgid "display photo IDs during signature verification" -#~ msgstr "??????????ID?????" - -#~ msgid "show policy URLs during signature verification" -#~ msgstr "???????????URL?????" - -#~ msgid "show all notations during signature verification" -#~ msgstr "??????????????????" - -#~ msgid "show IETF standard notations during signature verification" -#~ msgstr "???????IETF?????????" - -#~ msgid "show user-supplied notations during signature verification" -#~ msgstr "??????????????????" - -#~ msgid "show preferred keyserver URLs during signature verification" -#~ msgstr "?????????????URL?????" - -#~ msgid "show user ID validity during signature verification" -#~ msgstr "??????????ID?????????" - -#~ msgid "show revoked and expired user IDs in signature verification" -#~ msgstr "??????????????ID????????????ID?????" - -#~ msgid "show only the primary user ID in signature verification" -#~ msgstr "????????????ID????????" - -#~ msgid "validate signatures with PKA data" -#~ msgstr "PKA???????????" - -#~ msgid "elevate the trust of signatures with valid PKA data" -#~ msgstr "???PKA????????????????" - -#~ msgid "%s:%d: invalid verify options\n" -#~ msgstr "%s:%d: ????????????\n" - -#~ msgid "invalid verify options\n" -#~ msgstr "????????????\n" - -#~ msgid "unable to set exec-path to %s\n" -#~ msgstr "exec-path?%s?????\n" - -#~ msgid "%s:%d: invalid auto-key-locate list\n" -#~ msgstr "%s:%d: ??? auto-key-locate ?????\n" - -#~ msgid "invalid auto-key-locate list\n" -#~ msgstr "??? auto-key-locate ?????\n" - -#~ msgid "WARNING: %s overrides %s\n" -#~ msgstr "*??*: %s?%s????\n" - -#~ msgid "%s not allowed with %s!\n" -#~ msgstr "%s?%s??????????????!\n" - -#~ msgid "%s makes no sense with %s!\n" -#~ msgstr "%s?%s?????????????!\n" - -#~ msgid "will not run with insecure memory due to %s\n" -#~ msgstr "%s ?????????????????????\n" - -#~ msgid "selected compression algorithm is invalid\n" -#~ msgstr "???????????????????\n" - -#~ msgid "selected certification digest algorithm is invalid\n" -#~ msgstr "???????????????????????????\n" - -#~ msgid "completes-needed must be greater than 0\n" -#~ msgstr "completes-needed?????????\n" - -#~ msgid "marginals-needed must be greater than 1\n" -#~ msgstr "marginals-needed?1???????????\n" - -#~ msgid "max-cert-depth must be in the range from 1 to 255\n" -#~ msgstr "max-cert-depth?1??255?????????????\n" - -#~ msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n" -#~ msgstr "???default-cert-level?0?1?2?3??????????\n" - -#~ msgid "invalid min-cert-level; must be 1, 2, or 3\n" -#~ msgstr "???min-cert-level?0?1?2?3??????????\n" - -#~ msgid "Note: simple S2K mode (0) is strongly discouraged\n" -#~ msgstr "*??*: ???S2K???(0)????????????\n" - -#~ msgid "invalid S2K mode; must be 0, 1 or 3\n" -#~ msgstr "???S2K????0?1?3??????????\n" - -#~ msgid "invalid default preferences\n" -#~ msgstr "?????????????\n" - -#~ msgid "invalid personal cipher preferences\n" -#~ msgstr "???????????????\n" - -#~ msgid "invalid personal digest preferences\n" -#~ msgstr "?????????????????\n" - -#~ msgid "invalid personal compress preferences\n" -#~ msgstr "?????????????\n" - -#~ msgid "%s does not yet work with %s\n" -#~ msgstr "%s?%s??????????\n" - -#~ msgid "you may not use cipher algorithm '%s' while in %s mode\n" -#~ msgstr "????????'%s'?%s??????????????\n" - -#~ msgid "you may not use digest algorithm '%s' while in %s mode\n" -#~ msgstr "?????????????'%s'?%s??????????????\n" - -#~ msgid "you may not use compression algorithm '%s' while in %s mode\n" -#~ msgstr "????????'%s'?%s??????????????\n" - -#~ msgid "failed to initialize the TrustDB: %s\n" -#~ msgstr "???????????????????: %s\n" - -#~ msgid "WARNING: recipients (-r) given without using public key encryption\n" -#~ msgstr "*??*: ?????????????? (-r) ????????\n" - -#~ msgid "--store [filename]" -#~ msgstr "--store [?????]" - -#~ msgid "--symmetric [filename]" -#~ msgstr "--symmetric [?????]" - -#~ msgid "symmetric encryption of '%s' failed: %s\n" -#~ msgstr "'%s'?????????????: %s\n" - -#~ msgid "--encrypt [filename]" -#~ msgstr "--encrypt [?????]" - -#~ msgid "--symmetric --encrypt [filename]" -#~ msgstr "--symmetric --encrypt [?????]" - -#~ msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n" -#~ msgstr "--symmetric --encrypt?--s2k-mode 0???????????\n" - -#~ msgid "you cannot use --symmetric --encrypt while in %s mode\n" -#~ msgstr "--symmetric --encrypt?%s??????????????\n" - -#~ msgid "--sign [filename]" -#~ msgstr "--sign [?????]" - -#~ msgid "--sign --encrypt [filename]" -#~ msgstr "--sign --encrypt [?????]" - -#~ msgid "--symmetric --sign --encrypt [filename]" -#~ msgstr "--symmetric --sign --encrypt [?????]" - -#~ msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n" -#~ msgstr "--symmetric --sign --encrypt?--s2k-mode 0???????????\n" - -#~ msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n" -#~ msgstr "--symmetric --sign --encrypt?%s??????????????\n" - -#~ msgid "--sign --symmetric [filename]" -#~ msgstr "--sign --symmetric [?????]" - -#~ msgid "--clearsign [filename]" -#~ msgstr "--clearsign [?????]" - -#~ msgid "--decrypt [filename]" -#~ msgstr "--decrypt [?????]" - -#~ msgid "--sign-key user-id" -#~ msgstr "--sign-key ???id" - -#~ msgid "--lsign-key user-id" -#~ msgstr "--lsign-key ???id" - -#~ msgid "--edit-key user-id [commands]" -#~ msgstr "--edit-key ???id [????]" - -#~ msgid "--passwd " -#~ msgstr "--passwd " - -#~ msgid "keyserver receive failed: %s\n" -#~ msgstr "????????????????: %s\n" - -#~ msgid "key export failed: %s\n" -#~ msgstr "???????????????: %s\n" - -#~ msgid "export as ssh key failed: %s\n" -#~ msgstr "ssh??????????????????: %s\n" - -#~ msgid "keyserver search failed: %s\n" -#~ msgstr "??????????????: %s\n" - -#~ msgid "keyserver refresh failed: %s\n" -#~ msgstr "??????????????: %s\n" - -#~ msgid "dearmoring failed: %s\n" -#~ msgstr "???????????: %s\n" - -#~ msgid "enarmoring failed: %s\n" -#~ msgstr "?????????: %s\n" - -#~ msgid "invalid hash algorithm '%s'\n" -#~ msgstr "??????????????'%s'??\n" - -#~ msgid "error parsing key specification '%s': %s\n" -#~ msgstr "???'%s'????????: %s\n" - -#~ msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n" -#~ msgstr "'%s'?????ID, ??????????keygrip?????????\n" - -#~ msgid "[filename]" -#~ msgstr "[?????]" - -#~ msgid "Go ahead and type your message ...\n" -#~ msgstr "??????????????????? ...\n" - -#~ msgid "the given certification policy URL is invalid\n" -#~ msgstr "?????????????URL?????\n" - -#~ msgid "the given signature policy URL is invalid\n" -#~ msgstr "????????????URL?????\n" - -#~ msgid "the given preferred keyserver URL is invalid\n" -#~ msgstr "???????????URL?????\n" - -#~ msgid "show key during import" -#~ msgstr "????????????" - -#~ msgid "run import filters and export key immediately" -#~ msgstr "????????????????????????????" - -#~ msgid "User ID revocation failed: %s\n" -#~ msgstr "???ID??????????: %s\n" - -#~ msgid "tried to revoke a non-user ID: %s\n" -#~ msgstr "???ID????????????????: %s\n" - #~ msgid "you found a bug ... (%s:%d)\n" #~ msgstr "????????????? ... (%s:%d)\n" ----------------------------------------------------------------------- Summary of changes: po/ja.po | 720 +++++++++++++++++++++++++++++++++------------------------------ 1 file changed, 379 insertions(+), 341 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Aug 4 10:32:29 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 04 Aug 2016 10:32:29 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.30-10-gcaff669 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via caff669212d2465a3a387571305a7230d394c0e0 (commit) from b531f2fd75be3f616073cba714d73324525fd3e4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit caff669212d2465a3a387571305a7230d394c0e0 Author: NIIBE Yutaka Date: Thu Aug 4 16:21:39 2016 +0900 g10: Fix checking key for signature validation. * g10/sig-check.c (signature_check2): Not only subkey, but also primary key should have flags.valid=1. -- (backport of master commit 6f284e6ed63f514b15fe610f490ffcefc87a2164) Signed-off-by: NIIBE Yutaka diff --git a/g10/sig-check.c b/g10/sig-check.c index fc5e1fa..7178d06 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -82,9 +82,9 @@ signature_check2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate, } else if( get_pubkey( pk, sig->keyid ) ) rc = G10ERR_NO_PUBKEY; - else if(!pk->is_valid && !pk->is_primary) + else if(!pk->is_valid) rc=G10ERR_BAD_PUBKEY; /* you cannot have a good sig from an - invalid subkey */ + invalid key */ else { if(r_expiredate) ----------------------------------------------------------------------- Summary of changes: g10/sig-check.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Aug 4 10:32:52 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 04 Aug 2016 10:32:52 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.20-16-gf474b16 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via f474b161f6c8c7a3dc0fb90d25ffceacba1ff117 (commit) from 0f6bda4ccd2091e386e78c369131388ae5ebc002 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f474b161f6c8c7a3dc0fb90d25ffceacba1ff117 Author: NIIBE Yutaka Date: Thu Aug 4 16:21:39 2016 +0900 g10: Fix checking key for signature validation. * g10/sig-check.c (signature_check2): Not only subkey, but also primary key should have flags.valid=1. -- (backport of master commit 6f284e6ed63f514b15fe610f490ffcefc87a2164) Signed-off-by: NIIBE Yutaka diff --git a/g10/sig-check.c b/g10/sig-check.c index 6bac630..8dd0373 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -76,9 +76,9 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate, } else if( get_pubkey( pk, sig->keyid ) ) rc = G10ERR_NO_PUBKEY; - else if(!pk->is_valid && !pk->is_primary) + else if(!pk->is_valid) rc=G10ERR_BAD_PUBKEY; /* you cannot have a good sig from an - invalid subkey */ + invalid key */ else { if(r_expiredate) ----------------------------------------------------------------------- Summary of changes: g10/sig-check.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Aug 4 12:11:27 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Thu, 04 Aug 2016 12:11:27 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.14-43-g05cb300 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 05cb30052cdf1d308ff7da901cfa5a809cd49479 (commit) via 3566544d04a4b81e5dd8a2883304673b2cc2f108 (commit) from 89234f7f3643bad2daddc94569f1d651ec5c835e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 05cb30052cdf1d308ff7da901cfa5a809cd49479 Author: Justus Winter Date: Thu Aug 4 12:10:47 2016 +0200 tests: Update list of tests in Scheme test runner. * tests/openpgp/run-tests.scm: Add missing tests. Signed-off-by: Justus Winter diff --git a/tests/openpgp/run-tests.scm b/tests/openpgp/run-tests.scm index ad94baf..367c641 100644 --- a/tests/openpgp/run-tests.scm +++ b/tests/openpgp/run-tests.scm @@ -192,9 +192,15 @@ "import.scm" "ecc.scm" "4gb-packet.scm" + "tofu.scm" "gpgtar.scm" "use-exact-key.scm" - "default-key.scm")) + "default-key.scm" + "export.scm" + "ssh.scm" + "issue2015.scm" + "issue2346.scm" + "issue2419.scm")) (let* ((runner (if (member "--parallel" *args*) (if (member "--shared" *args*) commit 3566544d04a4b81e5dd8a2883304673b2cc2f108 Author: Justus Winter Date: Thu Aug 4 12:09:52 2016 +0200 tests: Fix path to fake-pinentry. * tests/openpgp/defs.scm: Correctly compute the path to fake-pinentry. Signed-off-by: Justus Winter diff --git a/tests/openpgp/defs.scm b/tests/openpgp/defs.scm index 9408cd5..2cbad46 100644 --- a/tests/openpgp/defs.scm +++ b/tests/openpgp/defs.scm @@ -60,7 +60,8 @@ "agent/gpg-preset-passphrase") (mktdata "MKTDATA" "tools/mk-tdata") (gpgtar "GPGTAR" "tools/gpgtar") - (gpg-zip "GPGZIP" "tools/gpg-zip"))) + (gpg-zip "GPGZIP" "tools/gpg-zip") + (pinentry "PINENTRY" "tests/openpgp/fake-pinentry"))) (define (tool which) (let ((t (assoc which tools)) @@ -77,7 +78,7 @@ (define GPG `(,(tool 'gpg) --no-permission-warning ,@(if have-opt-always-trust '(--always-trust) '()))) -(define PINENTRY (string-append (getcwd) "/" (qualify "fake-pinentry"))) +(define PINENTRY (tool 'pinentry)) (define (tr:gpg input args) (tr:spawn input `(, at GPG --output **out** , at args **in**))) ----------------------------------------------------------------------- Summary of changes: tests/openpgp/defs.scm | 5 +++-- tests/openpgp/run-tests.scm | 8 +++++++- 2 files changed, 10 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Aug 4 12:38:59 2016 From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor) Date: Thu, 04 Aug 2016 12:38:59 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.20-18-g15d1327 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via 15d13272344fa0d8753a321c087b30a6d5115dfb (commit) via 1820889e3c4a9a07981951b3e74f722658fb01c5 (commit) from f474b161f6c8c7a3dc0fb90d25ffceacba1ff117 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 15d13272344fa0d8753a321c087b30a6d5115dfb Author: Daniel Kahn Gillmor Date: Wed Aug 3 11:56:56 2016 -0400 Clean up "allow to" * README, cipher/cipher.c, cipher/pubkey.c, doc/gpg.texi: replace "allow to" with clearer text In standard English, the normal construction is "${XXX} allows ${YYY} to" -- that is, the subject (${XXX}) of the sentence is allowing the object (${YYY}) to do something. When the object is missing, the phrasing sounds awkward, even if the object is implied by context. There's almost always a better construction that isn't as awkward. These changes should make the language a bit clearer. Signed-off-by: Daniel Kahn Gillmor diff --git a/README b/README index 85b29d0..1a331fb 100644 --- a/README +++ b/README @@ -632,7 +632,7 @@ is in general the preferable solution. However the code is new and under some cirumstances it may give different output than with the limited old - support. This option allows to explicity disable + support. This option explicitly disables the use of iconv. Note, that iconv is also disabled if gettext has been disabled. diff --git a/cipher/cipher.c b/cipher/cipher.c index 4ef0d81..f55ce8b 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -586,7 +586,7 @@ do_cfb_encrypt( CIPHER_HANDLE c, byte *outbuf, byte *inbuf, unsigned nbytes ) /* Now we can process complete blocks. We use a loop as long as we have at least 2 blocks and use conditions for the rest. This - also allows to use a bulk encryption function if available. */ + also allows use of a bulk encryption function if available. */ #ifdef USE_AES if (nbytes >= blocksize_x_2 && (c->algo == CIPHER_ALGO_AES @@ -677,7 +677,7 @@ do_cfb_decrypt( CIPHER_HANDLE c, byte *outbuf, byte *inbuf, unsigned nbytes ) /* Now we can process complete blocks. We use a loop as long as we have at least 2 blocks and use conditions for the rest. This - also allows to use a bulk encryption function if available. */ + also allows use of a bulk encryption function if available. */ #ifdef USE_AES if (nbytes >= blocksize_x_2 && (c->algo == CIPHER_ALGO_AES diff --git a/cipher/pubkey.c b/cipher/pubkey.c index 02c096e..60d855c 100644 --- a/cipher/pubkey.c +++ b/cipher/pubkey.c @@ -276,7 +276,7 @@ check_pubkey_algo2( int algo, unsigned use ) int i; /* Map type 20 Elgamal algorithm to type 16 if it is used for - decryption. This allows to use legacy type 20 Elgamal keys for + decryption. This allows use of legacy type 20 Elgamal keys for decryption. */ if (algo == PUBKEY_ALGO_ELGAMAL && use == PUBKEY_USAGE_ENC) algo = PUBKEY_ALGO_ELGAMAL_E; diff --git a/doc/gpg.texi b/doc/gpg.texi index ee756d8..a41ab8e 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1211,7 +1211,7 @@ Use @code{file} to access the smartcard reader. The current default is @item --disable-ccid @opindex disable-ccid Disable the integrated support for CCID compliant readers. This -allows to fall back to one of the other drivers even if the internal +allows falling back to one of the other drivers even if the internal CCID driver can handle the reader. Note, that CCID support is only available if libusb was available at build time. @@ -1438,7 +1438,7 @@ mechanisms, in the order they are to be tried: may be used here to query that particular keyserver. @item local - Locate the key using the local keyrings. This mechanism allows to + Locate the key using the local keyrings. This mechanism allows the user to select the order a local key lookup is done. Thus using @samp{--auto-key-locate local} is identical to @option{--no-auto-key-locate}. @@ -2416,7 +2416,7 @@ to display the message. This option overrides @option{--set-filename}. @itemx --no-use-embedded-filename @opindex use-embedded-filename Try to create a file with a name as embedded in the data. This can be -a dangerous option as it allows to overwrite files. Defaults to no. +a dangerous option as it enables overwriting files. Defaults to no. @item --cipher-algo @code{name} @opindex cipher-algo commit 1820889e3c4a9a07981951b3e74f722658fb01c5 Author: Daniel Kahn Gillmor Date: Wed Aug 3 11:56:55 2016 -0400 Fix spelling: "occured" should be "occurred" * checks/armor.test, cipher/des.c, g10/ccid-driver.c, g10/pkclist.c, util/regcomp.c, util/regex_internal.c: correct the spelling of "occured" to "occurred" Signed-off-by: Daniel Kahn Gillmor diff --git a/checks/armor.test b/checks/armor.test index cfd2359..a23f8d8 100755 --- a/checks/armor.test +++ b/checks/armor.test @@ -734,7 +734,7 @@ wg7Md81a5RI3F2FG8747t9gX ' # Bug 1179 solved 2010-05-12: -# It occured for messages of a multiple of the iobuf block size where +# It occurred for messages of a multiple of the iobuf block size where # the last line had no pad character. Due to premature popping of the # armor filter gpg swalled the CRC line and passed the '-----END...' # line on to the decryption layer. diff --git a/cipher/des.c b/cipher/des.c index 670ba65..7eaa2df 100644 --- a/cipher/des.c +++ b/cipher/des.c @@ -104,7 +104,7 @@ * * if ( (error_msg = selftest()) ) * { - * fprintf(stderr, "An error in the DES/Tripple-DES implementation occured: %s\n", error_msg); + * fprintf(stderr, "An error in the DES/Tripple-DES implementation occurred: %s\n", error_msg); * abort(); * } */ diff --git a/g10/ccid-driver.c b/g10/ccid-driver.c index 515b15a..6f7c9b2 100644 --- a/g10/ccid-driver.c +++ b/g10/ccid-driver.c @@ -2264,7 +2264,7 @@ ccid_poll (ccid_driver_t handle) } else if (msg[0] == RDR_to_PC_HardwareError) { - DEBUGOUT ("hardware error occured\n"); + DEBUGOUT ("hardware error occurred\n"); } else { diff --git a/g10/pkclist.c b/g10/pkclist.c index 198e307..b78070e 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -952,7 +952,7 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned int use ) } /* Do group expand here too. The trick here is to continue - the loop if any expansion occured. The code above will + the loop if any expansion occurred. The code above will then list all expanded keys. */ if (expand_id(answer,&backlog,0)) continue; diff --git a/util/regcomp.c b/util/regcomp.c index 6964df9..aafb9c8 100644 --- a/util/regcomp.c +++ b/util/regcomp.c @@ -1764,7 +1764,7 @@ peek_token_bracket (token, input, syntax) /* Entry point of the parser. Parse the regular expression REGEXP and return the structure tree. - If an error is occured, ERR is set by error code, and return NULL. + If an error is occurred, ERR is set by error code, and return NULL. This function build the following tree, from regular expression : CAT / \ @@ -3349,7 +3349,7 @@ build_word_op (dfa, not, err) /* This is intended for the expressions like "a{1,3}". Fetch a number from `input', and return the number. Return -1, if the number field is empty like "{,1}". - Return -2, If an error is occured. */ + Return -2, If an error is occurred. */ static int fetch_number (input, token, syntax) diff --git a/util/regex_internal.c b/util/regex_internal.c index 6f3a96e..4349f1b 100644 --- a/util/regex_internal.c +++ b/util/regex_internal.c @@ -793,7 +793,7 @@ re_node_set_merge (dest, src) /* Insert the new element ELEM to the re_node_set* SET. return 0 if SET already has ELEM, - return -1 if an error is occured, return 1 otherwise. */ + return -1 if an error is occurred, return 1 otherwise. */ static int re_node_set_insert (set, elem) @@ -909,7 +909,7 @@ re_node_set_remove_at (set, idx) /* Add the token TOKEN to dfa->nodes, and return the index of the token. - Or return -1, if an error will be occured. */ + Or return -1, if an error will be occurred. */ static int re_dfa_add_node (dfa, token, mode) ----------------------------------------------------------------------- Summary of changes: README | 2 +- checks/armor.test | 2 +- cipher/cipher.c | 4 ++-- cipher/des.c | 2 +- cipher/pubkey.c | 2 +- doc/gpg.texi | 6 +++--- g10/ccid-driver.c | 2 +- g10/pkclist.c | 2 +- util/regcomp.c | 4 ++-- util/regex_internal.c | 4 ++-- 10 files changed, 15 insertions(+), 15 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Aug 4 12:58:43 2016 From: cvs at cvs.gnupg.org (by Ben Kibbey) Date: Thu, 04 Aug 2016 12:58:43 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.7-22-g2227f67 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 2227f67af53f38d3d7f97760f2553d2c9ed05969 (commit) from 2f1f1f06c1885d2f5a30ea734359613609be0743 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2227f67af53f38d3d7f97760f2553d2c9ed05969 Author: Ben Kibbey Date: Mon Aug 1 21:25:32 2016 -0400 Fix ncurses build. * pinentry/Makefile.am: Add NCURSES_CFLAGS. Signed-off-by: Ben Kibbey diff --git a/pinentry/Makefile.am b/pinentry/Makefile.am index be99822..a99f12e 100644 --- a/pinentry/Makefile.am +++ b/pinentry/Makefile.am @@ -41,3 +41,4 @@ AM_CPPFLAGS = $(COMMON_CFLAGS) -I$(top_srcdir)/secmem libpinentry_a_SOURCES = pinentry.h pinentry.c argparse.c argparse.h \ password-cache.h password-cache.c $(pinentry_emacs_sources) libpinentry_curses_a_SOURCES = pinentry-curses.h pinentry-curses.c +libpinentry_curses_a_CFLAGS = @NCURSES_CFLAGS@ ----------------------------------------------------------------------- Summary of changes: pinentry/Makefile.am | 1 + 1 file changed, 1 insertion(+) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Thu Aug 4 14:16:51 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 04 Aug 2016 14:16:51 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.14-45-g0c2a745 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 0c2a745a2bc21e8f439930f7c0e5d1521c2fd44c (commit) via db6f3eb926619dfe6ed2a9be197c51f9a1b6198c (commit) from 05cb30052cdf1d308ff7da901cfa5a809cd49479 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0c2a745a2bc21e8f439930f7c0e5d1521c2fd44c Author: Werner Koch Date: Thu Aug 4 13:04:28 2016 +0200 tests: Use gpgconf to set the ssh socket envvar. * tests/openpgp/ssh.scm ("SSH_AUTH_SOCK"): Use gpgconf. Signed-off-by: Werner Koch diff --git a/tests/openpgp/ssh.scm b/tests/openpgp/ssh.scm index fe0b115..dfa1f52 100755 --- a/tests/openpgp/ssh.scm +++ b/tests/openpgp/ssh.scm @@ -23,7 +23,9 @@ (if (string=? "" GNUPGHOME) (error "GNUPGHOME not set")) -(setenv "SSH_AUTH_SOCK" (path-join GNUPGHOME "S.gpg-agent.ssh") #t) +(setenv "SSH_AUTH_SOCK" + (call-check `(,(tool 'gpgconf) --null --list-dirs agent-ssh-socket)) + #t) (define SSH-ADD #f) (catch (skip "ssh-add not found") commit db6f3eb926619dfe6ed2a9be197c51f9a1b6198c Author: Werner Koch Date: Thu Aug 4 13:02:37 2016 +0200 gpgconf: Add limited support for -0. * tools/gpgconf.h (opt): Add field 'null'. * tools/gpgconf.c: Add option --null/-0. (list_dirs): Use it here. -- This option changes the delimites for --list-dir with arguments from LF to Nul. Signed-off-by: Werner Koch diff --git a/tools/gpgconf.c b/tools/gpgconf.c index ad61511..f7ce4c9 100644 --- a/tools/gpgconf.c +++ b/tools/gpgconf.c @@ -40,6 +40,7 @@ enum cmd_and_opt_values oVerbose = 'v', oRuntime = 'r', oComponent = 'c', + oNull = '0', oNoVerbose = 500, oHomedir, @@ -93,6 +94,7 @@ static ARGPARSE_OPTS opts[] = { oRuntime, "runtime", 0, N_("activate changes at runtime, if possible") }, /* hidden options */ { oHomedir, "homedir", 2, "@" }, + { oNull, "null", 0, "@" }, { oNoVerbose, "no-verbose", 0, "@"}, {0} }; @@ -197,7 +199,10 @@ list_dirs (estream_t fp, char **names) { for (j=0; names[j]; j++) if (!strcmp (names[j], list[idx].name)) - es_fprintf (fp, "%s\n", s); + { + es_fputs (s, fp); + es_putc (opt.null? '\0':'\n', fp); + } } xfree (tmp); @@ -241,6 +246,7 @@ main (int argc, char **argv) case oVerbose: opt.verbose++; break; case oNoVerbose: opt.verbose = 0; break; case oHomedir: gnupg_set_homedir (pargs.r.ret_str); break; + case oNull: opt.null = 1; break; case aListDirs: case aListComponents: diff --git a/tools/gpgconf.h b/tools/gpgconf.h index d63833d..a1e3828 100644 --- a/tools/gpgconf.h +++ b/tools/gpgconf.h @@ -29,6 +29,7 @@ struct int quiet; /* Be extra quiet. */ int dry_run; /* Don't change any persistent data. */ int runtime; /* Make changes active at runtime. */ + int null; /* Option -0 active. */ char *outfile; /* Name of output file. */ int component; /* The active component. */ ----------------------------------------------------------------------- Summary of changes: tests/openpgp/ssh.scm | 4 +++- tools/gpgconf.c | 8 +++++++- tools/gpgconf.h | 1 + 3 files changed, 11 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Aug 4 15:12:08 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 04 Aug 2016 15:12:08 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.14-46-g54a1ed2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 54a1ed20e203dcafeacbe21eb147efa08255dbf5 (commit) from 0c2a745a2bc21e8f439930f7c0e5d1521c2fd44c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 54a1ed20e203dcafeacbe21eb147efa08255dbf5 Author: Werner Koch Date: Thu Aug 4 15:01:42 2016 +0200 gpg: Always print the fingerprint in colons mode. * g10/keylist.c (list_keyblock_colon): Remove arg FPR. Always print fingerprint records. For secret keys always print keygrip records. -- The fingerprint should always be used thus we should always print it. Signed-off-by: Werner Koch diff --git a/doc/gpg.texi b/doc/gpg.texi index 4d6a261..c544967 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2378,7 +2378,8 @@ Print the ICAO spelling of the fingerprint in addition to the hex digits. @item --with-keygrip @opindex with-keygrip -Include the keygrip in the key listings. +Include the keygrip in the key listings. In @code{--with-colons} mode +this is implicitly enable for secret keys. @item --with-wkd-hash @opindex with-wkd-hash diff --git a/g10/keylist.c b/g10/keylist.c index 2c99502..1ba9212 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -1175,7 +1175,7 @@ print_revokers (estream_t fp, PKT_public_key * pk) secret key is available even if SECRET is not set. */ static void list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock, - int secret, int has_secret, int fpr) + int secret, int has_secret) { int rc; KBNODE kbctx; @@ -1271,15 +1271,11 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock, es_putc ('\n', es_stdout); print_revokers (es_stdout, pk); - if (fpr) - print_fingerprint (NULL, pk, 0); - if (opt.with_key_data || opt.with_keygrip) - { - if (hexgrip) - es_fprintf (es_stdout, "grp:::::::::%s:\n", hexgrip); - if (opt.with_key_data) - print_key_data (pk); - } + print_fingerprint (NULL, pk, 0); + if (hexgrip) + es_fprintf (es_stdout, "grp:::::::::%s:\n", hexgrip); + if (opt.with_key_data) + print_key_data (pk); for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));) { @@ -1408,15 +1404,11 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock, } es_putc (':', es_stdout); /* End of field 17. */ es_putc ('\n', es_stdout); - if (fpr > 1) - print_fingerprint (NULL, pk2, 0); - if (opt.with_key_data || opt.with_keygrip) - { - if (hexgrip) - es_fprintf (es_stdout, "grp:::::::::%s:\n", hexgrip); - if (opt.with_key_data) - print_key_data (pk2); - } + print_fingerprint (NULL, pk2, 0); + if (hexgrip) + es_fprintf (es_stdout, "grp:::::::::%s:\n", hexgrip); + if (opt.with_key_data) + print_key_data (pk2); } else if (opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE) { @@ -1599,7 +1591,7 @@ list_keyblock (ctrl_t ctrl, reorder_keyblock (keyblock); if (opt.with_colons) - list_keyblock_colon (ctrl, keyblock, secret, has_secret, fpr); + list_keyblock_colon (ctrl, keyblock, secret, has_secret); else list_keyblock_print (ctrl, keyblock, secret, fpr, listctx); ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 3 ++- g10/keylist.c | 32 ++++++++++++-------------------- 2 files changed, 14 insertions(+), 21 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Aug 4 16:20:13 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 04 Aug 2016 16:20:13 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-257-g6f3dc66 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 6f3dc66634e30d86aa6250c4ac22f9b8f7ec1be9 (commit) from 56e26b54da9f16961209275d7a61883d3ea898ca (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6f3dc66634e30d86aa6250c4ac22f9b8f7ec1be9 Author: Werner Koch Date: Thu Aug 4 16:17:01 2016 +0200 core: Extend gpgme_subkey_t to carry the keygrip. * src/gpgme.h.in (struct _gpgme_subkey): Add file 'keygrip'. * src/key.c (gpgme_key_unref): Free KEYGRIP. * src/keylist.c (keylist_colon_handler): Parse GRP records. * src/engine-gpg.c (gpg_keylist_build_options): Do not use --with-fingerprint options for gpg versions >= 2.1.15. * tests/run-keylist.c (main): Print subkeys and keygrips. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index bb31a50..09d0a1c 100644 --- a/NEWS +++ b/NEWS @@ -11,6 +11,7 @@ Noteworthy changes in version 1.7.0 (unreleased) [C25/A14/R_] GPGME_PK_EDDSA NEW. gpgme_set_ctx_flag NEW. gpgme_signature_t EXTENDED: New field tofu. + gpgme_subkey_t EXTENDED: New field keygrip. gpgme_tofu_policy_t NEW. gpgme_tofu_info_t NEW. GPGME_STATUS_KEY_CONSIDERED NEW. diff --git a/src/engine-gpg.c b/src/engine-gpg.c index 16571a5..942711f 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -2283,12 +2283,19 @@ gpg_keylist_build_options (engine_gpg_t gpg, int secret_only, gpg_error_t err; err = add_arg (gpg, "--with-colons"); - if (!err) - err = add_arg (gpg, "--fixed-list-mode"); - if (!err) - err = add_arg (gpg, "--with-fingerprint"); - if (!err) - err = add_arg (gpg, "--with-fingerprint"); + + /* Since gpg 2.1.15 fingerprints are always printed, thus there is + * no more need to explictly reqeust them. */ + if (!have_gpg_version (gpg, "2.1.15")) + { + if (!err) + err = add_arg (gpg, "--fixed-list-mode"); + if (!err) + err = add_arg (gpg, "--with-fingerprint"); + if (!err) + err = add_arg (gpg, "--with-fingerprint"); + } + if (!err && (mode & GPGME_KEYLIST_MODE_WITH_SECRET)) err = add_arg (gpg, "--with-secret"); if (!err diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 49d56c3..c05686d 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -691,6 +691,9 @@ struct _gpgme_subkey /* The name of the curve for ECC algorithms or NULL. */ char *curve; + + /* The keygrip of the subkey in hex digit form or NULL if not availabale. */ + char *keygrip; }; typedef struct _gpgme_subkey *gpgme_subkey_t; diff --git a/src/key.c b/src/key.c index 1a68966..de97102 100644 --- a/src/key.c +++ b/src/key.c @@ -333,6 +333,8 @@ gpgme_key_unref (gpgme_key_t key) free (subkey->fpr); if (subkey->curve) free (subkey->curve); + if (subkey->keygrip) + free (subkey->keygrip); if (subkey->card_number) free (subkey->card_number); free (subkey); diff --git a/src/keylist.c b/src/keylist.c index fcf574f..5a346ea 100644 --- a/src/keylist.c +++ b/src/keylist.c @@ -426,7 +426,7 @@ keylist_colon_handler (void *priv, char *line) gpgme_ctx_t ctx = (gpgme_ctx_t) priv; enum { - RT_NONE, RT_SIG, RT_UID, RT_SUB, RT_PUB, RT_FPR, + RT_NONE, RT_SIG, RT_UID, RT_SUB, RT_PUB, RT_FPR, RT_GRP, RT_SSB, RT_SEC, RT_CRT, RT_CRS, RT_REV, RT_SPK } rectype = RT_NONE; @@ -479,6 +479,8 @@ keylist_colon_handler (void *priv, char *line) rectype = RT_CRS; else if (!strcmp (field[0], "fpr") && key) rectype = RT_FPR; + else if (!strcmp (field[0], "grp") && key) + rectype = RT_GRP; else if (!strcmp (field[0], "uid") && key) rectype = RT_UID; else if (!strcmp (field[0], "sub") && key) @@ -717,6 +719,22 @@ keylist_colon_handler (void *priv, char *line) } break; + case RT_GRP: + /* Field 10 has the keygrip. */ + if (fields >= 10 && field[9] && *field[9]) + { + /* Need to apply it to the last subkey because all subkeys + have a keygrip. */ + subkey = key->_last_subkey; + if (!subkey->keygrip) + { + subkey->keygrip = strdup (field[9]); + if (!subkey->keygrip) + return gpg_error_from_syserror (); + } + } + break; + case RT_SIG: case RT_REV: if (!opd->tmp_uid) diff --git a/tests/run-keylist.c b/tests/run-keylist.c index 8abdf43..fc0f066 100644 --- a/tests/run-keylist.c +++ b/tests/run-keylist.c @@ -67,6 +67,7 @@ main (int argc, char **argv) gpgme_ctx_t ctx; gpgme_keylist_mode_t mode = 0; gpgme_key_t key; + gpgme_subkey_t subkey; gpgme_keylist_result_t result; int import = 0; gpgme_key_t keyarray[100]; @@ -173,22 +174,54 @@ main (int argc, char **argv) { gpgme_user_id_t uid; int nuids; - + int nsub; printf ("keyid : %s\n", key->subkeys?nonnull (key->subkeys->keyid):"?"); printf ("fpr : %s\n", key->subkeys?nonnull (key->subkeys->fpr):"?"); + if (key->subkeys && key->subkeys->keygrip) + printf ("grip : %s\n", key->subkeys->keygrip); + if (key->subkeys && key->subkeys->curve) + printf ("curve : %s\n", key->subkeys->curve); printf ("caps : %s%s%s%s\n", key->can_encrypt? "e":"", key->can_sign? "s":"", key->can_certify? "c":"", key->can_authenticate? "a":""); - printf ("flags :%s%s%s%s%s%s\n", + printf ("flags :%s%s%s%s%s%s%s\n", key->secret? " secret":"", key->revoked? " revoked":"", key->expired? " expired":"", key->disabled? " disabled":"", key->invalid? " invalid":"", - key->is_qualified? " qualifid":""); + key->is_qualified? " qualifid":"", + key->subkeys && key->subkeys->is_cardkey? " cardkey":""); + + subkey = key->subkeys; + if (subkey) + subkey = subkey->next; + for (nsub=1; subkey; subkey = subkey->next, nsub++) + { + printf ("fpr %2d: %s\n", nsub, nonnull (subkey->fpr)); + if (subkey->keygrip) + printf ("grip %2d: %s\n", nsub, subkey->keygrip); + if (subkey->curve) + printf ("curve %2d: %s\n", nsub, subkey->curve); + printf ("caps %2d: %s%s%s%s\n", + nsub, + subkey->can_encrypt? "e":"", + subkey->can_sign? "s":"", + subkey->can_certify? "c":"", + subkey->can_authenticate? "a":""); + printf ("flags %2d:%s%s%s%s%s%s%s\n", + nsub, + subkey->secret? " secret":"", + subkey->revoked? " revoked":"", + subkey->expired? " expired":"", + subkey->disabled? " disabled":"", + subkey->invalid? " invalid":"", + subkey->is_qualified? " qualifid":"", + subkey->is_cardkey? " cardkey":""); + } for (nuids=0, uid=key->uids; uid; uid = uid->next, nuids++) { printf ("userid %d: %s\n", nuids, nonnull(uid->uid)); @@ -201,6 +234,8 @@ main (int argc, char **argv) uid->validity == GPGME_VALIDITY_ULTIMATE? "ultimate": "[?]"); } + + putchar ('\n'); if (import) ----------------------------------------------------------------------- Summary of changes: NEWS | 1 + src/engine-gpg.c | 19 +++++++++++++------ src/gpgme.h.in | 3 +++ src/key.c | 2 ++ src/keylist.c | 20 +++++++++++++++++++- tests/run-keylist.c | 41 ++++++++++++++++++++++++++++++++++++++--- 6 files changed, 76 insertions(+), 10 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Aug 4 19:08:57 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 04 Aug 2016 19:08:57 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.14-47-gc8cc804 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via c8cc804f56bfefba46641f2c7078fcd67b494bae (commit) from 54a1ed20e203dcafeacbe21eb147efa08255dbf5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c8cc804f56bfefba46641f2c7078fcd67b494bae Author: Werner Koch Date: Thu Aug 4 15:34:14 2016 +0200 gpg: Make sure that keygrips are printed for each subkey. * g10/keylist.c (list_keyblock_colon): Print an emprty grip in case of an error. Signed-off-by: Werner Koch diff --git a/g10/keylist.c b/g10/keylist.c index 1ba9212..60b8f23 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -1186,7 +1186,8 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock, int ulti_hack = 0; int i; char *p; - char *hexgrip = NULL; + char *hexgrip_buffer = NULL; + const char *hexgrip = NULL; char *serialno = NULL; int stubkey; @@ -1202,9 +1203,13 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock, pk = node->pkt->pkt.public_key; if (secret || has_secret || opt.with_keygrip || opt.with_key_data) { - rc = hexkeygrip_from_pk (pk, &hexgrip); + rc = hexkeygrip_from_pk (pk, &hexgrip_buffer); if (rc) log_error ("error computing a keygrip: %s\n", gpg_strerror (rc)); + /* In the error case we print an empty string so that we have a + * "grp" record for each and subkey - even if it is empty. This + * may help to prevent sync problems. */ + hexgrip = hexgrip_buffer? hexgrip_buffer : ""; } stubkey = 0; if ((secret || has_secret) @@ -1338,16 +1343,19 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock, { u32 keyid2[2]; PKT_public_key *pk2; + int need_hexgrip = !!hexgrip; pk2 = node->pkt->pkt.public_key; - xfree (hexgrip); hexgrip = NULL; + xfree (hexgrip_buffer); hexgrip_buffer = NULL; hexgrip = NULL; xfree (serialno); serialno = NULL; - if (secret || has_secret || opt.with_keygrip || opt.with_key_data) + if (need_hexgrip + || secret || has_secret || opt.with_keygrip || opt.with_key_data) { - rc = hexkeygrip_from_pk (pk2, &hexgrip); + rc = hexkeygrip_from_pk (pk2, &hexgrip_buffer); if (rc) log_error ("error computing a keygrip: %s\n", gpg_strerror (rc)); + hexgrip = hexgrip_buffer? hexgrip_buffer : ""; } stubkey = 0; if ((secret||has_secret) @@ -1523,7 +1531,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock, } } - xfree (hexgrip); + xfree (hexgrip_buffer); xfree (serialno); } ----------------------------------------------------------------------- Summary of changes: g10/keylist.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Aug 5 12:26:59 2016 From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor) Date: Fri, 05 Aug 2016 12:26:59 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.14-48-gc9387e4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via c9387e41db7520d176edd3d6613b85875bdeb32c (commit) from c8cc804f56bfefba46641f2c7078fcd67b494bae (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c9387e41db7520d176edd3d6613b85875bdeb32c Author: Daniel Kahn Gillmor Date: Thu Aug 4 16:58:13 2016 -0400 gpg: Avoid publishing the GnuPG version by default * g10/gpg.c (main): initialize opt.emit_version to 0 * doc/gpg.texi: document different default for --emit-version -- The version of GnuPG in use is not particularly helpful. It is not cryptographically verifiable, and it doesn't distinguish between significant version differences like 2.0.x and 2.1.x. Additionally, it leaks metadata that can be used to distinguish users from one another, and can potentially be used to target specific attacks if there are known behaviors that differ between major versions. It's probably better to take the more parsimonious approach to metadata production by default. Signed-off-by: Daniel Kahn Gillmor diff --git a/doc/gpg.texi b/doc/gpg.texi index c544967..ffbc269 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2713,9 +2713,9 @@ protected by the signature. @opindex emit-version Force inclusion of the version string in ASCII armored output. If given once only the name of the program and the major number is -emitted (default), given twice the minor is also emitted, given triple +emitted, given twice the minor is also emitted, given triple the micro is added, and given quad an operating system identification -is also emitted. @option{--no-emit-version} disables the version +is also emitted. @option{--no-emit-version} (default) disables the version line. @item --sig-notation @code{name=value} diff --git a/g10/gpg.c b/g10/gpg.c index 35d350e..b33b61b 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -2269,7 +2269,7 @@ main (int argc, char **argv) opt.def_cert_expire = "0"; gnupg_set_homedir (NULL); opt.passphrase_repeat = 1; - opt.emit_version = 1; /* Limit to the major number. */ + opt.emit_version = 0; opt.weak_digests = NULL; additional_weak_digest("MD5"); ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 4 ++-- g10/gpg.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Aug 5 14:07:27 2016 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Fri, 05 Aug 2016 14:07:27 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-258-g2a613e8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 2a613e87156b23c4aa6aa5ce38505cb285de6a18 (commit) from 6f3dc66634e30d86aa6250c4ac22f9b8f7ec1be9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2a613e87156b23c4aa6aa5ce38505cb285de6a18 Author: Justus Winter Date: Fri Aug 5 14:03:15 2016 +0200 python: Clean up and modernize examples. * lang/python/examples/Examples.rst: Delete file. * lang/python/examples/t-edit.py: Likewise. This is actually a test case and has been moved to 'tests'. * lang/python/examples/assuan.py: New file. * lang/python/examples/decryption-filter.py: Likewise. * lang/python/examples/delkey.py: Modernize. * lang/python/examples/encrypt-to-all.py: Likewise. * lang/python/examples/exportimport.py: Likewise. * lang/python/examples/genkey.py: Likewise. * lang/python/examples/inter-edit.py: Likewise. * lang/python/examples/sign.py: Likewise. * lang/python/examples/signverify.py: Likewise. * lang/python/examples/simple.py: Likewise. * lang/python/examples/testCMSgetkey.py: Likewise. * lang/python/examples/verifydetails.py: Likewise. Signed-off-by: Justus Winter diff --git a/lang/python/examples/Examples.rst b/lang/python/examples/Examples.rst deleted file mode 100644 index 18b03b2..0000000 --- a/lang/python/examples/Examples.rst +++ /dev/null @@ -1,7 +0,0 @@ -=============== -Example Scripts -=============== - -Most of the examples have been converted to work with Python 3, just as the original versions worked with Python 2. A small number produce errors on OS X, but may behave differently on other POSIX systems. The GTK based scripts (PyGtkGpgKeys.py and pygpa.py) have not been modified at all. - -When using or referring to the example scripts here, the most common change has been the byte encoded strings, so if something does not work then chances are that it will be related to the encoding or decoding of UTF-8. diff --git a/lang/python/examples/assuan.py b/lang/python/examples/assuan.py new file mode 100644 index 0000000..82b1e1d --- /dev/null +++ b/lang/python/examples/assuan.py @@ -0,0 +1,25 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2016 g10 Code GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see . + +"""Demonstrate the use of the Assuan protocol engine""" + +import pyme + +with pyme.Context(protocol=pyme.constants.PROTOCOL_ASSUAN) as c: + # Invoke the pinentry to get a confirmation. + err = c.assuan_transact(['GET_CONFIRMATION', 'Hello there']) + print("You chose {}.".format("cancel" if err else "ok")) diff --git a/lang/python/examples/decryption-filter.py b/lang/python/examples/decryption-filter.py new file mode 100644 index 0000000..1647ca3 --- /dev/null +++ b/lang/python/examples/decryption-filter.py @@ -0,0 +1,29 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2016 g10 Code GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see . + +"""A decryption filter + +This demonstrates decryption using pyme3 in three lines of code. To +be used like this: + +./decryption-filter.py message.plain + +""" + +import sys +import pyme +pyme.Context().decrypt(sys.stdin, sink=sys.stdout) diff --git a/lang/python/examples/delkey.py b/lang/python/examples/delkey.py index 3fb71eb..e607f21 100755 --- a/lang/python/examples/delkey.py +++ b/lang/python/examples/delkey.py @@ -1,35 +1,30 @@ #!/usr/bin/env python3 +# +# Copyright (C) 2016 g10 Code GmbH # Copyright (C) 2004,2008 Igor Belyi # -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; either version 2 of -# the License, or (at your option) any later version. +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. # -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. # -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -# 02111-1307 USA +# You should have received a copy of the GNU General Public License +# along with this program; if not, see . # Sample of key deletion -# It deletes keys for joe at example.org generated by genkey.pl script - -from pyme import core +# It deletes keys for joe at example.org generated by genkey.py script -core.check_version(None) +import pyme -# Note that we need to collect all keys out of the iterator return by -# c.op_keylist_all() method before starting to delete them. If you -# delete a key in the middle of iteration c.op_keylist_next() will -# raise INV_VALUE exception +with pyme.Context() as c: + # Note: We must not modify the key store during iteration, + # therefore, we explicitly make a list. + keys = list(c.keylist("joe+pyme at example.org")) -c = core.Context() -# 0 in keylist means to list not only public but secret keys as well. -for thekey in [x for x in c.op_keylist_all("joe+pyme at example.org", 0)]: - # 1 in delete means to delete not only public but secret keys as well. - c.op_delete(thekey, 1) + for k in keys: + c.op_delete(k, True) diff --git a/lang/python/examples/encrypt-to-all.py b/lang/python/examples/encrypt-to-all.py index 5e12676..4586f93 100755 --- a/lang/python/examples/encrypt-to-all.py +++ b/lang/python/examples/encrypt-to-all.py @@ -1,21 +1,21 @@ #!/usr/bin/env python3 +# +# Copyright (C) 2016 g10 Code GmbH # Copyright (C) 2008 Igor Belyi # Copyright (C) 2002 John Goerzen # -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; either version 2 of -# the License, or (at your option) any later version. +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. # -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. # -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -# 02111-1307 USA +# You should have received a copy of the GNU General Public License +# along with this program; if not, see . """ This program will try to encrypt a simple message to each key on your @@ -24,44 +24,28 @@ be skipped and it will re-try the encryption.""" import sys import os -from pyme import core -from pyme.core import Data, Context - -core.check_version(None) - -plain = Data('This is my message.') - -c = Context() -c.set_armor(1) +import pyme -def sendto(keylist): - cipher = Data() - c.op_encrypt(keylist, 1, plain, cipher) - cipher.seek(0, os.SEEK_SET) - return cipher.read() - -names = [] -for key in c.op_keylist_all(None, 0): - try: - print(" *** Found key for %s" % key.uids[0].uid) +with pyme.Context(armor=True) as c: + recipients = list() + for key in c.keylist(): valid = 0 - for subkey in key.subkeys: - keyid = subkey.keyid - if keyid is None: - break - can_encrypt = subkey.can_encrypt - valid += can_encrypt - print(" Subkey %s: encryption %s" % - (keyid, can_encrypt and "enabled" or "disabled")) - except UnicodeEncodeError as e: - print(e) - - if valid: - names.append(key) - else: - print(" This key cannot be used for encryption; skipping.") - -passno = 0 - -print("Encrypting to %d recipients" % len(names)) -sys.stdout.buffer.write(sendto(names)) + if any(sk.can_encrypt for sk in key.subkeys): + recipients.append(key) + print("Adding recipient {0}.".format(key.uids[0].uid)) + + ciphertext = None + while not ciphertext: + print("Encrypting to %d recipients" % len(recipients)) + try: + ciphertext, _, _ = c.encrypt(b'This is my message.', + recipients=recipients) + except pyme.errors.InvalidRecipients as e: + print("Encryption failed for these keys:\n{0!s}".format(e)) + + # filter out the bad keys + bad_keys = {bad.fpr for bad in e.recipients} + recipients = [r for r in recipients + if not r.subkeys[0].fpr in bad_keys] + + sys.stdout.buffer.write(ciphertext) diff --git a/lang/python/examples/exportimport.py b/lang/python/examples/exportimport.py index d0e1fa8..39b1595 100755 --- a/lang/python/examples/exportimport.py +++ b/lang/python/examples/exportimport.py @@ -1,75 +1,58 @@ #!/usr/bin/env python3 +# +# Copyright (C) 2016 g10 Code GmbH # Copyright (C) 2004,2008 Igor Belyi # -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; either version 2 of -# the License, or (at your option) any later version. +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. # -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. # -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -# 02111-1307 USA +# You should have received a copy of the GNU General Public License +# along with this program; if not, see . # Sample of export and import of keys -# It uses keys for joe at example.org generated by genkey.pl script +# It uses keys for joe+pyme at example.org generated by genkey.py script import sys -from pyme import core - -core.check_version(None) - -expkey = core.Data() -c = core.Context() -c.set_armor(1) -user = b"joe at example.org" - -print(" - Export %s's public keys - " % user) -c.op_export(user, 0, expkey) - -# print out exported data to see how it looks in armor. -expkey.seek(0, 0) -expstring = expkey.read() -if expstring: - print(expstring) -else: - print("No %s's keys to export!" % user) - sys.exit(0) - - -# delete keys to ensure that they came from our imported data. -# Note that since joe's key has private part as well we can only delete -# both of them. As a side effect joe won't have private key for this -# exported public one. If it's Ok with you uncomment the next 4 lines. -# print " - Delete %s's public keys - " % user -# for thekey in [x for x in c.op_keylist_all(user, 0)]: -# if not thekey.secret: -# c.op_delete(thekey, 1) - - -# initialize import data from a string as if it was read from a file. -newkey = core.Data(expstring) - -print(" - Import exported keys - ") -c.op_import(newkey) -result = c.op_import_result() - -# show the import result -if result: - print(" - Result of the import - ") - for k in dir(result): - if k not in result.__dict__ and not k.startswith("_"): - if k == "imports": - print(k, ":") - for impkey in result.__getattr__(k): - print(" fpr=%s result=%d status=%x" % - (impkey.fpr, impkey.result, impkey.status)) - else: - print(k, ":", result.__getattr__(k)) -else: - print(" - No import result - ") +import os +import pyme + +user = "joe+pyme at example.org" + +with pyme.Context(armor=True) as c, pyme.Data() as expkey: + print(" - Export %s's public keys - " % user) + c.op_export(user, 0, expkey) + + # print out exported data to see how it looks in armor. + expkey.seek(0, os.SEEK_SET) + expstring = expkey.read() + if expstring: + sys.stdout.buffer.write(expstring) + else: + sys.exit("No %s's keys to export!" % user) + +# delete keys to ensure that they came from our imported data. Note +# that if joe's key has private part as well we can only delete both +# of them. +with pyme.Context() as c: + # Note: We must not modify the key store during iteration, + # therfore, we explicitly make a list. + keys = list(c.keylist(user)) + + for k in keys: + c.op_delete(k, True) + +with pyme.Context() as c: + print(" - Import exported keys - ") + c.op_import(expstring) + result = c.op_import_result() + if result: + print(result) + else: + sys.exit(" - No import result - ") diff --git a/lang/python/examples/genkey.py b/lang/python/examples/genkey.py index d5a88a7..66e382b 100755 --- a/lang/python/examples/genkey.py +++ b/lang/python/examples/genkey.py @@ -1,31 +1,25 @@ #!/usr/bin/env python3 +# +# Copyright (C) 2016 g10 Code GmbH # Copyright (C) 2004 Igor Belyi # Copyright (C) 2002 John Goerzen # -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. # -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. # -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -from pyme import core, callbacks - -# Initialize our context. -core.check_version(None) +# You should have received a copy of the GNU General Public License +# along with this program; if not, see . -c = core.Context() -c.set_armor(1) -c.set_progress_cb(callbacks.progress_stdout, None) +import pyme -# This example from the GPGME manual +# This is the example from the GPGME manual. parms = """ Key-Type: RSA @@ -40,5 +34,8 @@ Expire-Date: 2020-12-31 """ -c.op_genkey(parms, None, None) -print(c.op_genkey_result().fpr) +with pyme.Context() as c: + c.set_progress_cb(pyme.callbacks.progress_stdout) + c.op_genkey(parms, None, None) + print("Generated key with fingerprint {0}.".format( + c.op_genkey_result().fpr)) diff --git a/lang/python/examples/inter-edit.py b/lang/python/examples/inter-edit.py index dcb47c2..8199cc6 100644 --- a/lang/python/examples/inter-edit.py +++ b/lang/python/examples/inter-edit.py @@ -1,58 +1,60 @@ #!/usr/bin/env python3 +# +# Copyright (C) 2016 g10 Code GmbH # Copyright (C) 2005 Igor Belyi # -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. # -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. # -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -# 02111-1307 USA +# You should have received a copy of the GNU General Public License +# along with this program; if not, see . -import sys -from pyme import core -from pyme.core import Data, Context -from pyme.constants import status +"""Simple interactive editor to test editor scripts""" -core.check_version(None) +import sys +import pyme +import pyme.constants.status # Get names for the status codes -stat2str = {} -for name in dir(status): +status2str = {} +for name in dir(pyme.constants.status): if not name.startswith('__') and name != "util": - stat2str[getattr(status, name)] = name - - -# Print the output received since the last prompt before giving the new prompt -def edit_fnc(stat, args, helper): - global stat_strings - try: - while True: - helper["data"].seek(helper["skip"], 0) - data = helper["data"].read() - helper["skip"] += len(data) - sys.stdout.buffer.write(data) - return input("(%s) %s > " % (stat2str[stat], args)) - except EOFError: - pass - -# Simple interactive editor to test editor scripts + status2str[getattr(pyme.constants.status, name)] = name + if len(sys.argv) != 2: - sys.stderr.write("Usage: %s \n" % sys.argv[0]) -else: - c = Context() - out = Data() - c.op_keylist_start(sys.argv[1], 0) - key = c.op_keylist_next() - helper = {"skip": 0, "data": out} - c.op_edit(key, edit_fnc, helper, out) - print("[-- Final output --]") - out.seek(helper["skip"], 0) - sys.stdout.buffer.write(out.read()) + sys.exit("Usage: %s \n" % sys.argv[0]) + +name = sys.argv[1] + +with pyme.Context() as c: + keys = list(c.keylist(name)) + if len(keys) == 0: + sys.exit("No key matching {}.".format(name)) + if len(keys) > 1: + sys.exit("More than one key matching {}.".format(name)) + + key = keys[0] + print("Editing key {} ({}):".format(key.uids[0].uid, key.subkeys[0].fpr)) + + def edit_fnc(status, args): + print("Status: {} ({}), args: {} > ".format( + status2str[status], status, args), end='', flush=True) + + if not 'GET' in status2str[status]: + # no prompt + print() + return None + + try: + return input() + except EOFError: + return "quit" + + c.op_edit(key, edit_fnc, None, sys.stdout) diff --git a/lang/python/examples/sign.py b/lang/python/examples/sign.py index b6a1d3c..0dd6a7c 100755 --- a/lang/python/examples/sign.py +++ b/lang/python/examples/sign.py @@ -1,32 +1,25 @@ #!/usr/bin/env python3 -# Copyright (C) 2002 John Goerzen -# # -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. +# Copyright (C) 2016 g10 Code GmbH +# Copyright (C) 2002 John Goerzen # -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. # -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see . import sys -import os -from pyme import core, callbacks +import pyme from pyme.constants.sig import mode -core.check_version(None) - -plain = core.Data(b"Test message") -sig = core.Data() -c = core.Context() -c.set_passphrase_cb(callbacks.passphrase_stdin, b'for signing') -c.op_sign(plain, sig, mode.CLEAR) -sig.seek(0, os.SEEK_SET) -sys.stdout.buffer.write(sig.read()) +with pyme.Context() as c: + signed, _ = c.sign(b"Test message", mode=mode.CLEAR) + sys.stdout.buffer.write(signed) diff --git a/lang/python/examples/signverify.py b/lang/python/examples/signverify.py index 6a63112..7a24d71 100755 --- a/lang/python/examples/signverify.py +++ b/lang/python/examples/signverify.py @@ -1,77 +1,39 @@ #!/usr/bin/env python3 +# +# Copyright (C) 2016 g10 Code GmbH # Copyright (C) 2004,2008 Igor Belyi # -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. # -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. # -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# You should have received a copy of the GNU General Public License +# along with this program; if not, see . # Sample of unattended signing/verifying of a message. -# It uses keys for joe at example.org generated by genkey.pl script +# It uses keys for joe+pyme at example.org generated by genkey.py script import sys import os -from pyme import core +import pyme from pyme.constants.sig import mode -core.check_version(None) - -plain = core.Data(b"Test message") -sig = core.Data() -c = core.Context() -user = "joe" - -c.signers_clear() -# Add joe at example.org's keys in the list of signers -for sigkey in c.op_keylist_all(user, 1): - if sigkey.can_sign: - c.signers_add(sigkey) -if not c.signers_enum(0): - print("No secret %s's keys suitable for signing!" % user) - sys.exit(0) - -# This is a map between signer e-mail and its password -passlist = { - b"": b"Crypt0R0cks" - } - -# callback will return password based on the e-mail listed in the hint. -c.set_passphrase_cb(lambda x,y,z: passlist[x[x.rindex("<"):]]) - -c.op_sign(plain, sig, mode.CLEAR) - -# Print out the signature (don't forget to rewind since signing put sig at EOF) -sig.seek(0, os.SEEK_SET) -signedtext = sig.read() -sys.stdout.buffer.write(signedtext) - -# Create Data with signed text. -sig2 = core.Data(signedtext) -plain2 = core.Data() +user = "joe+pyme" -# Verify. -c.op_verify(sig2, None, plain2) -result = c.op_verify_result() +with pyme.Context(pinentry_mode=pyme.constants.PINENTRY_MODE_LOOPBACK) as c: + keys = list(c.keylist(user)) + if len(keys) == 0: + sys.exit("No key matching {}.".format(user)) -# List results for all signatures. Status equal 0 means "Ok". -for index, sign in enumerate(result.signatures): - print("signature", index, ":") - print(" summary: ", sign.summary) - print(" status: ", sign.status) - print(" timestamp: ", sign.timestamp) - print(" fingerprint:", sign.fpr) - print(" uid: ", c.get_key(sign.fpr, 0).uids[0].uid) + c.signers = keys[:1] + c.set_passphrase_cb(lambda *args: "Crypt0R0cks") + signed_data, _ = c.sign(b"Test message", mode=mode.CLEAR) -# Print "unsigned" text. Rewind since verify put plain2 at EOF. -plain2.seek(0, os.SEEK_SET) -print("\n") -sys.stdout.buffer.write(plain2.read()) + data, result = c.verify(signed_data, verify=keys[:1]) + print("Data: {!r}\nSignature: {!s}".format(data, result.signatures[0])) diff --git a/lang/python/examples/simple.py b/lang/python/examples/simple.py index 29a4449..50a3938 100755 --- a/lang/python/examples/simple.py +++ b/lang/python/examples/simple.py @@ -1,52 +1,45 @@ #!/usr/bin/env python3 +# +# Copyright (C) 2016 g10 Code GmbH # Copyright (C) 2005 Igor Belyi # Copyright (C) 2002 John Goerzen # -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. # -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. # -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# You should have received a copy of the GNU General Public License +# along with this program; if not, see . import sys import os -from pyme import core, errors - -core.check_version(None) - -# Set up our input and output buffers. - -plain = core.Data('This is my message.') -cipher = core.Data() - -# Initialize our context. - -c = core.Context() -c.set_armor(1) - -# Set up the recipients. - -sys.stdout.write("Enter name of your recipient: ") -sys.stdout.flush() -name = sys.stdin.readline().strip() -c.op_keylist_start(name, 0) -r = c.op_keylist_next() - -if r == None: - print("The key for user \"%s\" was not found" % name) -else: - # Do the encryption. - try: - c.op_encrypt([r], 1, plain, cipher) - cipher.seek(0, os.SEEK_SET) - sys.stdout.buffer.write(cipher.read()) - except errors.GPGMEError as ex: - print(ex.getstring()) +import pyme + +with pyme.Context(armor=True) as c: + recipients = [] + print("Enter name of your recipient(s), end with a blank line.") + while True: + line = input() + if not line: + break + new = list(c.keylist(line)) + if not new: + print("Matched no known keys.") + else: + print("Adding {}.".format(", ".join(k.uids[0].name for k in new))) + recipients.extend(new) + + if not recipients: + sys.exit("No recipients.") + + print("Encrypting for {}.".format(", ".join(k.uids[0].name + for k in recipients))) + + ciphertext, _, _ = c.encrypt(b"This is my message,", recipients) + sys.stdout.buffer.write(ciphertext) diff --git a/lang/python/examples/t-edit.py b/lang/python/examples/t-edit.py deleted file mode 100644 index 4a3b8ac..0000000 --- a/lang/python/examples/t-edit.py +++ /dev/null @@ -1,62 +0,0 @@ -#!/usr/bin/env python3 -# Copyright (C) 2005 Igor Belyi -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -import sys -import os -from pyme import core -from pyme.core import Data, Context - -core.check_version(None) - -class KeyEditor: - def __init__(self): - self.steps = ["fpr", "expire", "1", "primary", "quit"] - self.step = 0 - - def edit_fnc(self, status, args, out): - print("[-- Response --]") - out.seek(0, os.SEEK_SET) - sys.stdout.buffer.write(out.read()) - print("[-- Code: %d, %s --]" % (status, args)) - - if args == "keyedit.prompt": - result = self.steps[self.step] - self.step += 1 - elif args == "keyedit.save.okay": - result = "Y" - elif args == "keygen.valid": - result = "0" - else: - result = None - - return result - -if not os.getenv("GNUPGHOME"): - print("Please, set GNUPGHOME env.var. pointing to GPGME's tests/gpg dir") -else: - c = Context() - c.set_passphrase_cb(lambda x,y,z: "abc") - out = Data() - c.op_keylist_start(b"Alpha", 0) - key = c.op_keylist_next() - if not key: - sys.exit("Key Alpha not found. " + - "Did you point GNUPGHOME to GPGME's tests/gpg dir?") - c.op_edit(key, KeyEditor().edit_fnc, out, out) - print("[-- Last response --]") - out.seek(0, os.SEEK_SET) - sys.stdout.buffer.write(out.read()) diff --git a/lang/python/examples/testCMSgetkey.py b/lang/python/examples/testCMSgetkey.py index 7c95301..7c642e6 100644 --- a/lang/python/examples/testCMSgetkey.py +++ b/lang/python/examples/testCMSgetkey.py @@ -1,47 +1,32 @@ #!/usr/bin/env python3 -# initial 20080124 bernhard at intevation.de -# 20080124-2: removed some superflous imports -# 20080703: adapted for pyme-0.8.0 -# This script is Free Software under GNU GPL v>=2. # -# No modification made for python3 port, Bernhard can field this one -# if it is still required. -- Ben McGinnes +# Copyright (C) 2016 g10 Code GmbH +# Copyright (C) 2008 Bernhard Reiter # -"""A test applicaton for gpg_get_key() protocol.CMS. +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see . -Tested on Debian Etch with - pyme 0.8.0 (manually compiled) - libgpgme11 1.1.6-0kk2 - gpgsm 2.0.9-0kk2 -""" +"""A test applicaton for the CMS protocol.""" import sys -from pyme import core -from pyme.constants import protocol +import pyme -def printgetkeyresults(keyfpr): - """Run gpgme_get_key().""" +if len(sys.argv) != 2: + sys.exit("fingerprint or unique key ID for gpgme_get_key()") - # gpgme_check_version() necessary for initialisation according to - # gogme 1.1.6 and this is not done automatically in pyme-0.7.0 - print("gpgme version:", core.check_version(None)) - c = core.Context() - c.set_protocol(protocol.CMS) - - key = c.get_key(keyfpr, False) +with pyme.Context(protocol=pyme.constants.PROTOCOL_CMS) as c: + key = c.get_key(sys.argv[1], False) print("got key: ", key.subkeys[0].fpr) - for uid in key.uids: print(uid.uid) - -def main(): - if len(sys.argv) < 2: - print("fingerprint or unique key ID for gpgme_get_key()") - sys.exit(1) - - printgetkeyresults(sys.argv[1]) - - -if __name__ == "__main__": - main() diff --git a/lang/python/examples/verifydetails.py b/lang/python/examples/verifydetails.py index 99e5e0a..b57ed84 100755 --- a/lang/python/examples/verifydetails.py +++ b/lang/python/examples/verifydetails.py @@ -1,27 +1,21 @@ #!/usr/bin/env python3 -# initial 20080123 build from the example: -# very simple - probably INCOMPLETE -# 20080703 Bernhard -# added second usage for detached signatures. -# added output of signature.summary (another bitfield) -# printing signature bitfield in hex format -# # +# Copyright (C) 2016 g10 Code GmbH # Copyright (C) 2004,2008 Igor Belyi # Copyright (c) 2008 Bernhard Reiter # -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. # -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. # -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . +# You should have received a copy of the GNU General Public License +# along with this program; if not, see . import sys import os @@ -36,60 +30,47 @@ def print_engine_infos(): print(engine.file_name, engine.version) for proto in [protocol.OpenPGP, protocol.CMS]: - print(core.get_protocol_name(proto), core.engine_check_version(proto)) + print("Have {}? {}".format(core.get_protocol_name(proto), + core.engine_check_version(proto))) -def verifyprintdetails(sigfilename, filefilename=None): +def verifyprintdetails(filename, detached_sig_filename=None): """Verify a signature, print a lot of details.""" - c = core.Context() - - # Create Data with signed text. - sig2 = core.Data(file=sigfilename) - if filefilename: - file2 = core.Data(file=filefilename) - plain2 = None - else: - file2 = None - plain2 = core.Data() - - # Verify. - c.op_verify(sig2, file2, plain2) - result = c.op_verify_result() - - # List results for all signatures. Status equal 0 means "Ok". - for index, sign in enumerate(result.signatures): - print("signature", index, ":") - print(" summary: %#0x" % (sign.summary)) - print(" status: %#0x" % (sign.status)) - print(" timestamp: ", sign.timestamp) - print(" fingerprint:", sign.fpr) - print(" uid: ", c.get_key(sign.fpr, 0).uids[0].uid) + with core.Context() as c: + + # Verify. + data, result = c.verify(open(filename), + open(detached_sig_filename) + if detached_sig_filename else None) + + # List results for all signatures. Status equal 0 means "Ok". + for index, sign in enumerate(result.signatures): + print("signature", index, ":") + print(" summary: %#0x" % (sign.summary)) + print(" status: %#0x" % (sign.status)) + print(" timestamp: ", sign.timestamp) + print(" fingerprint:", sign.fpr) + print(" uid: ", c.get_key(sign.fpr, 0).uids[0].uid) # Print "unsigned" text if inline signature - if plain2: - #Rewind since verify put plain2 at EOF. - plain2.seek(0, os.SEEK_SET) - print("\n") - sys.stdout.buffer.write(plain2.read()) + if data: + sys.stdout.buffer.write(data) def main(): print_engine_infos() - print() - argc= len(sys.argv) + argc = len(sys.argv) if argc < 2 or argc > 3: - print("need a filename for inline signature") - print("or two filename for detached signature and file to check") - sys.exit(1) + sys.exit( + "Usage: {} [ ]".format( + sys.argv[0])) if argc == 2: - print("trying to verify file: " + sys.argv[1]) + print("trying to verify file {}.".format(sys.argv[1])) verifyprintdetails(sys.argv[1]) if argc == 3: - print("trying to verify signature %s for file %s" \ - % (sys.argv[1], sys.argv[2])) - + print("trying to verify signature {1} for file {0}.".format(*sys.argv)) verifyprintdetails(sys.argv[1], sys.argv[2]) if __name__ == "__main__": ----------------------------------------------------------------------- Summary of changes: lang/python/examples/Examples.rst | 7 -- lang/python/examples/assuan.py | 25 +++++++ lang/python/examples/decryption-filter.py | 29 ++++++++ lang/python/examples/delkey.py | 45 ++++++------ lang/python/examples/encrypt-to-all.py | 86 +++++++++------------- lang/python/examples/exportimport.py | 115 +++++++++++++----------------- lang/python/examples/genkey.py | 41 +++++------ lang/python/examples/inter-edit.py | 96 +++++++++++++------------ lang/python/examples/sign.py | 41 +++++------ lang/python/examples/signverify.py | 86 +++++++--------------- lang/python/examples/simple.py | 79 ++++++++++---------- lang/python/examples/t-edit.py | 62 ---------------- lang/python/examples/testCMSgetkey.py | 55 ++++++-------- lang/python/examples/verifydetails.py | 93 ++++++++++-------------- 14 files changed, 360 insertions(+), 500 deletions(-) delete mode 100644 lang/python/examples/Examples.rst create mode 100644 lang/python/examples/assuan.py create mode 100644 lang/python/examples/decryption-filter.py delete mode 100644 lang/python/examples/t-edit.py hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Sat Aug 6 07:49:39 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Sat, 06 Aug 2016 07:49:39 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.14-49-g894789c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 894789c3299dc47a8c1ccaaa7070382f0fae0262 (commit) from c9387e41db7520d176edd3d6613b85875bdeb32c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 894789c3299dc47a8c1ccaaa7070382f0fae0262 Author: NIIBE Yutaka Date: Sat Aug 6 14:47:29 2016 +0900 agent: Clean up SSH support. * agent/command-ssh.c (file_to_buffer): Remove. (ssh_handler_request_identities): Use agent_public_key_from_file. -- Signed-off-by: NIIBE Yutaka diff --git a/agent/command-ssh.c b/agent/command-ssh.c index 48f1b3d..583b4c7 100644 --- a/agent/command-ssh.c +++ b/agent/command-ssh.c @@ -814,67 +814,6 @@ stream_copy (estream_t dst, estream_t src) return err; } - - -/* Read the content of the file specified by FILENAME into a newly - create buffer, which is to be stored in BUFFER; store length of - buffer in BUFFER_N. */ -static gpg_error_t -file_to_buffer (const char *filename, unsigned char **buffer, size_t *buffer_n) -{ - unsigned char *buffer_new; - struct stat statbuf; - estream_t stream; - gpg_error_t err; - int ret; - - *buffer = NULL; - *buffer_n = 0; - - buffer_new = NULL; - err = 0; - - stream = es_fopen (filename, "rb"); - if (! stream) - { - err = gpg_error_from_syserror (); - goto out; - } - - ret = fstat (es_fileno (stream), &statbuf); - if (ret) - { - err = gpg_error_from_syserror (); - goto out; - } - - buffer_new = xtrymalloc (statbuf.st_size); - if (! buffer_new) - { - err = gpg_error_from_syserror (); - goto out; - } - - err = stream_read_data (stream, buffer_new, statbuf.st_size); - if (err) - goto out; - - *buffer = buffer_new; - *buffer_n = statbuf.st_size; - - out: - - if (stream) - es_fclose (stream); - - if (err) - xfree (buffer_new); - - return err; -} - - - /* Open the ssh control file and create it if not available. With APPEND passed as true the file will be opened in append mode, @@ -2683,12 +2622,8 @@ static gpg_error_t ssh_handler_request_identities (ctrl_t ctrl, estream_t request, estream_t response) { - ssh_key_type_spec_t spec; - char *key_fname = NULL; - char *fnameptr; u32 key_counter; estream_t key_blobs; - gcry_sexp_t key_secret; gcry_sexp_t key_public; gpg_error_t err; int ret; @@ -2700,7 +2635,6 @@ ssh_handler_request_identities (ctrl_t ctrl, /* Prepare buffer stream. */ - key_secret = NULL; key_public = NULL; key_counter = 0; err = 0; @@ -2729,29 +2663,6 @@ ssh_handler_request_identities (ctrl_t ctrl, key_counter++; } - - /* Prepare buffer for key name construction. */ - { - char *dname; - - dname = make_filename (gnupg_homedir (), GNUPG_PRIVATE_KEYS_DIR, NULL); - if (!dname) - { - err = gpg_err_code_from_syserror (); - goto out; - } - - key_fname = xtrymalloc (strlen (dname) + 1 + 40 + 4 + 1); - if (!key_fname) - { - err = gpg_err_code_from_syserror (); - xfree (dname); - goto out; - } - fnameptr = stpcpy (stpcpy (key_fname, dname), "/"); - xfree (dname); - } - /* Then look at all the registered and non-disabled keys. */ err = open_control_file (&cf, 0); if (err) @@ -2759,52 +2670,27 @@ ssh_handler_request_identities (ctrl_t ctrl, while (!read_control_file_item (cf)) { + unsigned char grip[20]; + if (!cf->item.valid) continue; /* Should not happen. */ if (cf->item.disabled) continue; assert (strlen (cf->item.hexgrip) == 40); + hex2bin (cf->item.hexgrip, grip, sizeof (grip)); - stpcpy (stpcpy (fnameptr, cf->item.hexgrip), ".key"); - - /* Read file content. */ - { - unsigned char *buffer; - size_t buffer_n; - - err = file_to_buffer (key_fname, &buffer, &buffer_n); - if (err) - { - log_error ("%s:%d: key '%s' skipped: %s\n", - cf->fname, cf->lnr, cf->item.hexgrip, - gpg_strerror (err)); - continue; - } - - err = gcry_sexp_sscan (&key_secret, NULL, (char*)buffer, buffer_n); - xfree (buffer); - if (err) - goto out; - } - - { - char *key_type = NULL; - - err = sexp_extract_identifier (key_secret, &key_type); - if (err) - goto out; - - err = ssh_key_type_lookup (NULL, key_type, &spec); - xfree (key_type); - if (err) + err = agent_public_key_from_file (ctrl, grip, &key_public); + if (err) + { + log_error ("failed to read the public key\n"); goto out; - } + } - err = ssh_send_key_public (key_blobs, key_secret, NULL); + err = ssh_send_key_public (key_blobs, key_public, NULL); if (err) goto out; - gcry_sexp_release (key_secret); - key_secret = NULL; + gcry_sexp_release (key_public); + key_public = NULL; key_counter++; } @@ -2820,7 +2706,6 @@ ssh_handler_request_identities (ctrl_t ctrl, out: /* Send response. */ - gcry_sexp_release (key_secret); gcry_sexp_release (key_public); if (!err) @@ -2838,7 +2723,6 @@ ssh_handler_request_identities (ctrl_t ctrl, es_fclose (key_blobs); close_control_file (cf); - xfree (key_fname); return ret_err; } ----------------------------------------------------------------------- Summary of changes: agent/command-ssh.c | 138 +++++----------------------------------------------- 1 file changed, 11 insertions(+), 127 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sat Aug 6 10:18:19 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 06 Aug 2016 10:18:19 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.14-50-g40d1602 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 40d16029ed8b334c371fa7f24ac762d47302826e (commit) from 894789c3299dc47a8c1ccaaa7070382f0fae0262 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 40d16029ed8b334c371fa7f24ac762d47302826e Author: Werner Koch Date: Sat Aug 6 10:14:17 2016 +0200 agent: Fix long standing regression tracking the connection count. * agent/gpg-agent.c (get_agent_active_connection_count): New. (do_start_connection_thread, start_connection_thread_ssh): Bump ACTIVE_CONNECTIONS up and down. * agent/command.c (cmd_getinfo): Add subcommand "connections". -- The variable ACTIVE_CONNECTIONS is used to shutdown gpg-agent in a friendly way. Before we switched to nPth a Pth provided count of threads was used for this. During the migration to nPth ACTIVE_CONNECTIONS was introduced and checked but never set. Signed-off-by: Werner Koch diff --git a/agent/agent.h b/agent/agent.h index 42a580c..fe5ffba 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -341,6 +341,7 @@ void agent_set_progress_cb (void (*cb)(ctrl_t ctrl, const char *what, gpg_error_t agent_copy_startup_env (ctrl_t ctrl); const char *get_agent_socket_name (void); const char *get_agent_ssh_socket_name (void); +int get_agent_active_connection_count (void); #ifdef HAVE_W32_SYSTEM void *get_agent_scd_notify_event (void); #endif diff --git a/agent/command.c b/agent/command.c index 1803b5f..7fc28ad 100644 --- a/agent/command.c +++ b/agent/command.c @@ -2775,6 +2775,7 @@ static const char hlp_getinfo[] = " std_startup_env - List the standard startup environment.\n" " cmd_has_option\n" " - Returns OK if the command CMD implements the option OPT.\n" + " connections - Return number of active connections.\n" " restricted - Returns OK if the connection is in restricted mode.\n"; static gpg_error_t cmd_getinfo (assuan_context_t ctx, char *line) @@ -2907,6 +2908,14 @@ cmd_getinfo (assuan_context_t ctx, char *line) } } } + else if (!strcmp (line, "connections")) + { + char numbuf[20]; + + snprintf (numbuf, sizeof numbuf, "%d", + get_agent_active_connection_count ()); + rc = assuan_send_data (ctx, numbuf, strlen (numbuf)); + } else rc = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT"); return rc; diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 90b0eaf..8a957cc 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -1694,6 +1694,14 @@ get_agent_ssh_socket_name (void) } +/* Return the number of active connections. */ +int +get_agent_active_connection_count (void) +{ + return active_connections; +} + + /* Under W32, this function returns the handle of the scdaemon notification event. Calling it the first time creates that event. */ @@ -2302,6 +2310,7 @@ putty_message_thread (void *arg) static void * do_start_connection_thread (ctrl_t ctrl) { + active_connections++; agent_init_default_ctrl (ctrl); if (opt.verbose) log_info (_("handler 0x%lx for fd %d started\n"), @@ -2314,6 +2323,7 @@ do_start_connection_thread (ctrl_t ctrl) agent_deinit_default_ctrl (ctrl); xfree (ctrl); + active_connections--; return NULL; } @@ -2380,6 +2390,7 @@ start_connection_thread_ssh (void *arg) if (check_nonce (ctrl, &socket_nonce_ssh)) return NULL; + active_connections++; agent_init_default_ctrl (ctrl); if (opt.verbose) log_info (_("ssh handler 0x%lx for fd %d started\n"), @@ -2392,6 +2403,7 @@ start_connection_thread_ssh (void *arg) agent_deinit_default_ctrl (ctrl); xfree (ctrl); + active_connections--; return NULL; } ----------------------------------------------------------------------- Summary of changes: agent/agent.h | 1 + agent/command.c | 9 +++++++++ agent/gpg-agent.c | 12 ++++++++++++ 3 files changed, 22 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Aug 8 06:45:22 2016 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Mon, 08 Aug 2016 06:45:22 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.14-51-g7dcad0d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 7dcad0d3503ac0d75e09efb16246dd78518986fc (commit) from 40d16029ed8b334c371fa7f24ac762d47302826e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7dcad0d3503ac0d75e09efb16246dd78518986fc Author: NIIBE Yutaka Date: Mon Aug 8 13:24:02 2016 +0900 tests: Add openpgp/gpgv-forged-keyring.scm. * tests/openpgp/gpgv-forged-keyring.scm: New. * tests/openpgp/forged-keyring.gpg: New. * tests/openpgp/Makefile.am (TESTS): Add gpgv-forged-keyring.scm. * tests/openpgp/defs.scm (tools): Add GPGV. (GPGV): New. -- Signed-off-by: NIIBE Yutaka diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am index 7983d6f..564439a 100644 --- a/tests/openpgp/Makefile.am +++ b/tests/openpgp/Makefile.am @@ -72,6 +72,7 @@ TESTS = setup.scm \ conventional-mdc.scm \ multisig.scm \ verify.scm \ + gpgv-forged-keyring.scm \ armor.scm \ import.scm \ ecc.scm \ diff --git a/tests/openpgp/defs.scm b/tests/openpgp/defs.scm index 2cbad46..4a968da 100644 --- a/tests/openpgp/defs.scm +++ b/tests/openpgp/defs.scm @@ -53,6 +53,7 @@ (define tools '((gpg "GPG" "g10/gpg") + (gpgv "GPGV" "g10/gpgv") (gpg-agent "GPG_AGENT" "agent/gpg-agent") (gpg-connect-agent "GPG_CONNECT_AGENT" "tools/gpg-connect-agent") (gpgconf "GPGCONF" "tools/gpgconf") @@ -78,6 +79,7 @@ (define GPG `(,(tool 'gpg) --no-permission-warning ,@(if have-opt-always-trust '(--always-trust) '()))) +(define GPGV `(,(tool 'gpgv))) (define PINENTRY (tool 'pinentry)) (define (tr:gpg input args) diff --git a/tests/openpgp/forged-keyring.gpg b/tests/openpgp/forged-keyring.gpg new file mode 100644 index 0000000..8fe733a Binary files /dev/null and b/tests/openpgp/forged-keyring.gpg differ diff --git a/tests/openpgp/gpgv-forged-keyring.scm b/tests/openpgp/gpgv-forged-keyring.scm new file mode 100755 index 0000000..7094c96 --- /dev/null +++ b/tests/openpgp/gpgv-forged-keyring.scm @@ -0,0 +1,67 @@ +#!/usr/bin/env gpgscm + +;; Copyright (C) 2016 g10 Code GmbH +;; +;; This file is part of GnuPG. +;; +;; GnuPG is free software; you can redistribute it and/or modify +;; it under the terms of the GNU General Public License as published by +;; the Free Software Foundation; either version 3 of the License, or +;; (at your option) any later version. +;; +;; GnuPG is distributed in the hope that it will be useful, +;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;; GNU General Public License for more details. +;; +;; You should have received a copy of the GNU General Public License +;; along with this program; if not, see . + +(load (with-path "defs.scm")) + +(define msg_signed_asc " +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +This is an example text file to demonstrate a problem. + +Using forged-keyring.gpg with signature cache, it looks like it is +signed by the following key: + + Echo Test (demo key) + +But actually not. + +It is signed by a key (steve.biko at example.net) distributed as: + + gnupg/tests/openpgp/samplekeys/rsa-rsa-sample-1.asc + +in GnuPG. + +The forged-keyring.gpg file is created by a key in + + gnupg/tests/openpgp/pubdemo.asc + +Replacing the raw key material packet by one of rsa-rsa-sample-1.asc. +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iQEcBAEBCAAGBQJXp+5MAAoJEKpD8dzH/tG3bGMH/1idFLJAaMxkrq+JguvAboiN +tAA44IdAgJvAxtR5w5fgfed7PfsH70+tj54/ZTObt7rZDIlj/YBQ7XeCwd7/O5vx +W0QtjjAxMuAPH80rVv4JIoflxV/deD8YaV9EhPE+6W5G0Z8SYL9B2RzdBVMwJY9+ +OZGJeKnUZ92Zg9jFr+H5gQNSeYdDHVDWYxr/xJUf0jYsZvAIBfB1mcSK1niiiVBv +GAcUC/I8g18a7pCS9Qf9iZflqxX4AXfocAGQqQAiG4744OCNhVa5q6TScqhaGUah +N1Glbw1OJfP1q+QFPMPKoCsTYmZpuugq2b5gV/eH0Abvk2pG4Fo/YTDPHhec7Jk= +=NnY/ +-----END PGP SIGNATURE----- +") + +(for-each-p + "Checking that a signature by bad key should not be verified" + (lambda (armored-file) + (catch '() + (pipe:do + (pipe:echo (eval armored-file (current-environment))) + (pipe:spawn `(, at GPGV --keyring ,(in-srcdir "forged-keyring.gpg")))) + (error "verification succeded but should not"))) + '(msg_signed_asc)) ----------------------------------------------------------------------- Summary of changes: tests/openpgp/Makefile.am | 1 + tests/openpgp/defs.scm | 2 + tests/openpgp/forged-keyring.gpg | Bin 0 -> 970 bytes tests/openpgp/gpgv-forged-keyring.scm | 67 ++++++++++++++++++++++++++++++++++ 4 files changed, 70 insertions(+) create mode 100644 tests/openpgp/forged-keyring.gpg create mode 100755 tests/openpgp/gpgv-forged-keyring.scm hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Aug 8 08:12:03 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 08 Aug 2016 08:12:03 +0200 Subject: [git] gnupg-doc - branch, master, updated. cc3c0679a8ff6a468fc00415a37af203a2909e1d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via cc3c0679a8ff6a468fc00415a37af203a2909e1d (commit) from 93b627789f7fa7f61484b3cdd0f670fe22407994 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cc3c0679a8ff6a468fc00415a37af203a2909e1d Author: Werner Koch Date: Mon Aug 8 08:09:37 2016 +0200 web: Fixed link for WinGPG Requested by Andrei Sergeenko from scand. diff --git a/web/related_software/swlist.org b/web/related_software/swlist.org index d6b9efd..26cb2b4 100644 --- a/web/related_software/swlist.org +++ b/web/related_software/swlist.org @@ -478,7 +478,7 @@ allow users to encrypt chat and multi-user chat as well as encrypting/signing messages and signing presence of the user. It is multilingual and runs on GNU/Linux, Mac OS X and Windows. -** [[http://wingpg.com][WinGPG]] [Windows] GUI +** [[https://scand.com/products/wingpg/][WinGPG]] [Windows] GUI :PROPERTIES: :CUSTOM_ID: wingpg :END: ----------------------------------------------------------------------- Summary of changes: web/related_software/swlist.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Mon Aug 8 11:36:46 2016 From: cvs at cvs.gnupg.org (by Damien Goutte-Gattat) Date: Mon, 08 Aug 2016 11:36:46 +0200 Subject: [git] Scute - branch, master, updated. scute-1.3.0-64-g94eeb2d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "PKCS#11 token on top of gpg-agent". The branch, master has been updated via 94eeb2d580f67bd56ba711e055d9ea2ea089ec89 (commit) via b9b8319083b78168e69757fde020cb7d0b1f21e9 (commit) via 0050056965eff7d3740680f49517f57851d51f38 (commit) via b04c929fcef090e0e9788a8434f3401d271a1823 (commit) via f0e91f6aeb5b8e38cfc46eeb306059136584d214 (commit) from bc6c9e746432f4005aef359a620660a9d35df791 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 94eeb2d580f67bd56ba711e055d9ea2ea089ec89 Author: Damien Goutte-Gattat Date: Fri Aug 5 22:45:09 2016 +0200 doc: Update list of not implemented functions. * README: Update list of not implemented functions. * doc/manual/scute.texi: Likewise. * TODO: Remove C_GenerateRandom from the TODO list. Signed-off-by: Damien Goutte-Gattat diff --git a/README b/README index acc9904..7064b29 100644 --- a/README +++ b/README @@ -317,9 +317,6 @@ The following functions are not supported: C_VerifyRecoverInit, C_VerifyRec: Not supported. Only secret key operations are supported. -* C_SignInit, C_Sign: Currently, only signing 36 bytes - (MD5+SHA1) hashes is supported (used for client authentication). - * C_DecryptInit, C_Decrypt: Not yet supported, but will be in the future. @@ -337,8 +334,7 @@ The following functions are not supported: the tools accompanying the GnuPG software suite to generate and import keys for use with the token. -* C_SeedRandom, C_GenerateRandom: Not supported at this point. - C_GenerateRandom may be supported in the future, though. +* C_SeedRandom: Not supported. * C_CreateObject, C_CopyObject, C_DestroyObject, C_SetAttributeValue: Only read-only operations are supported on objects. diff --git a/TODO b/TODO index 75ef5fd..6f49130 100644 --- a/TODO +++ b/TODO @@ -13,7 +13,6 @@ ** Windows: Find thread-safe replacement for localtime_r and timegm. * Missing features: -** Implement random number generation function C_GenerateRandom. ** Add canonical gnupg logging module. ** Mozilla ignores the CKA_TRUSTED attribute to certificates, so exporting the information from GPGSM (ISTRUSTED) will not be diff --git a/doc/manual/scute.texi b/doc/manual/scute.texi index 0d16742..7199edf 100644 --- a/doc/manual/scute.texi +++ b/doc/manual/scute.texi @@ -710,11 +710,6 @@ Passphrase queries are implemented by the use of GPG Agent and Pinentry. @itemx C_VerifyRec Not supported. Only secret key operations are supported. - at item C_SignInit - at itemx C_Sign -Currently, only signing 36 bytes (MD5+SHA1) hashes is supported (used -for client authentication). - @item C_DecryptInit @itemx C_Decrypt Not yet supported, but will be in the future. @@ -745,9 +740,7 @@ accompanying the GnuPG software suite to generate and import keys for use with the token. @item C_SeedRandom - at itemx C_GenerateRandom -Not supported at this point. @code{C_GenerateRandom} may be supported -in the future, though. +Not supported. @item C_CreateObject @itemx C_CopyObject commit b9b8319083b78168e69757fde020cb7d0b1f21e9 Author: Damien Goutte-Gattat Date: Fri Aug 5 22:45:08 2016 +0200 doc: Scute can be used to sign documents. * doc/manual/scute.texi: Explain how to use Scute with LibreOffice. * doc/manual/libreoffice-certificate-selection.png: New image. * doc/manual/libreoffice-digital-signatures.png: New image. * doc/manual/libreoffice-pdf-signature.png: New image. * doc/manual/Makefile.am: Include the new images. * README: Mention that Scute can work with LibreOffice. * doc/website/index.xhtml: Likewise. Signed-off-by: Damien Goutte-Gattat diff --git a/README b/README index 3e43aba..acc9904 100644 --- a/README +++ b/README @@ -26,7 +26,8 @@ authentication with SSL in Mozilla. See below for more details on how to get this working. Scute also allows you to sign emails with Thunderbird, using the -S/MIME protocol. +S/MIME protocol, and to sign OpenDocument and PDF files with +LibreOffice. Prerequisites diff --git a/doc/manual/Makefile.am b/doc/manual/Makefile.am index 14034e8..499e750 100644 --- a/doc/manual/Makefile.am +++ b/doc/manual/Makefile.am @@ -35,7 +35,9 @@ images = firefox-cm.png firefox-cm-view-detail.png firefox-cm-view.png \ firefox-dm-load-after.png firefox-dm-load-before.png \ firefox-dm-load.png firefox-dm-token-present.png firefox-pref.png \ firefox-pref-view.png firefox-bad-pin.png \ - thunderbird-account-settings.png thunderbird-smime-button.png + thunderbird-account-settings.png thunderbird-smime-button.png \ + libreoffice-certificate-selection.png \ + libreoffice-digital-signatures.png libreoffice-pdf-signature.png images_eps = $(images:.png=.eps) diff --git a/doc/manual/libreoffice-certificate-selection.png b/doc/manual/libreoffice-certificate-selection.png new file mode 100644 index 0000000..ca94f37 Binary files /dev/null and b/doc/manual/libreoffice-certificate-selection.png differ diff --git a/doc/manual/libreoffice-digital-signatures.png b/doc/manual/libreoffice-digital-signatures.png new file mode 100644 index 0000000..9a84d6c Binary files /dev/null and b/doc/manual/libreoffice-digital-signatures.png differ diff --git a/doc/manual/libreoffice-pdf-signature.png b/doc/manual/libreoffice-pdf-signature.png new file mode 100644 index 0000000..ab5cc35 Binary files /dev/null and b/doc/manual/libreoffice-pdf-signature.png differ diff --git a/doc/manual/scute.texi b/doc/manual/scute.texi index d7205db..0d16742 100644 --- a/doc/manual/scute.texi +++ b/doc/manual/scute.texi @@ -83,6 +83,7 @@ module. * Preparation:: What you should do before using Scute. * Client Authentication:: How to use Scute for client authentication. * Email Signing:: How to use Scute for S/MIME email signing. +* Document Signing:: How to use Scute with LibreOffice. * Troubleshooting:: What to do when things go wrong. * Internals:: Technical details about Scute. @@ -118,6 +119,8 @@ Client Authentication Email Signing +Document Signing + Troubleshooting Internals @@ -210,8 +213,8 @@ application and GnuPG 2.0. Currently supported usages are client authentication over HTTPS with Firefox (allowing users to authenticate themselves to a remote web -service without entering their log-in information), and email signing -with Thunderbird. +service without entering their log-in information), email signing +with Thunderbird, and document signing with LibreOffice. @node Preparation @@ -574,6 +577,37 @@ will be prompted for your User PIN before the message is sent. @center @image{thunderbird-smime-button,13cm} + at node Document Signing + at chapter Document Signing + +Scute can also be used with LibreOffice to sign OpenDocument files. + +First, you must load the Scute module into Mozilla Firefox according to +the above procedure. Then, configure LibreOffice to use Firefox's +certificate store by defining the @code{MOZILLA_CERTIFICATE_FOLDER} +environment variable to your Firefox profile directory. + +Then, to sign the document you are editing, select the + at code{File->Digital Signatures...} menu option to open the + at code{Digital Signatures} dialog. + + at center @image{libreoffice-digital-signatures,13cm} + +Click the @code{Sign Document} button to open the certificate selection +dialog. Select your card-based certificate, then validate. Enter your +User PIN when prompted by GPG Agent. + + at center @image{libreoffice-certificate-selection,13cm} + +You may also sign a PDF export of your document. Select the + at code{File->Export as PDF...} menu option to open the @code{PDF Options} +dialog. In the @code{Digital Signatures} tab, use the @code{Select} +button to open the certificate selection dialog as above. You will be +prompted for your User PIN when you will click the @code{Export} button. + + at center @image{libreoffice-pdf-signature,13cm} + + @node Troubleshooting @chapter Troubleshooting diff --git a/doc/website/index.xhtml b/doc/website/index.xhtml index bd60464..cd182a7 100644 --- a/doc/website/index.xhtml +++ b/doc/website/index.xhtml @@ -67,8 +67,8 @@

Currently, supported usages are HTTPS client - authentication and S/MIME email signing using X.509 - certificates. + authentication, S/MIME email signing, and document signing with + LibreOffice.

You can read the commit 0050056965eff7d3740680f49517f57851d51f38 Author: Damien Goutte-Gattat Date: Fri Aug 5 22:45:07 2016 +0200 doc: Scute can now be used to sign emails. * doc/manual/scute.texi: Explain how to use Scute for email signing. * doc/manual/thunderbird-account-settings.png: New image. * doc/manual/thunderbird-smime-button.png: New image. * doc/manual/Makefile.am: Include the two above files. * doc/website/index.xhtml: Mention the email signing capability. * README: Likewise. -- Since commit e22c8cf, which added support for generic hash functions in addition to the TLS-specific 'tls-md5sha1', Scute is no longer limited to TLS client authentication. Signed-off-by: Damien Goutte-Gattat diff --git a/README b/README index 43a6212..3e43aba 100644 --- a/README +++ b/README @@ -25,9 +25,8 @@ Scute enables you to use your OpenPGP smart card for client authentication with SSL in Mozilla. See below for more details on how to get this working. -In the future, Scute will enable you to use your OpenPGP smart card -for email decryption and signing with Thunderbird, using the X.509 -protocol. +Scute also allows you to sign emails with Thunderbird, using the +S/MIME protocol. Prerequisites diff --git a/doc/manual/Makefile.am b/doc/manual/Makefile.am index 62431d7..14034e8 100644 --- a/doc/manual/Makefile.am +++ b/doc/manual/Makefile.am @@ -34,7 +34,8 @@ DISTCLEANFILES = scute.tmp images = firefox-cm.png firefox-cm-view-detail.png firefox-cm-view.png \ firefox-dm-load-after.png firefox-dm-load-before.png \ firefox-dm-load.png firefox-dm-token-present.png firefox-pref.png \ - firefox-pref-view.png firefox-bad-pin.png + firefox-pref-view.png firefox-bad-pin.png \ + thunderbird-account-settings.png thunderbird-smime-button.png images_eps = $(images:.png=.eps) diff --git a/doc/manual/scute.texi b/doc/manual/scute.texi index 749b4c4..d7205db 100644 --- a/doc/manual/scute.texi +++ b/doc/manual/scute.texi @@ -82,6 +82,7 @@ module. * Introduction:: How to use this manual. * Preparation:: What you should do before using Scute. * Client Authentication:: How to use Scute for client authentication. +* Email Signing:: How to use Scute for S/MIME email signing. * Troubleshooting:: What to do when things go wrong. * Internals:: Technical details about Scute. @@ -115,6 +116,8 @@ Client Authentication * Application Configuration:: Preparing the application for use with Scute. * Authentication With Service:: Using Scute for client authentication. +Email Signing + Troubleshooting Internals @@ -178,7 +181,7 @@ Anybody can use, modify, and redistribute it under the terms of the GNU General Public License (@pxref{Copying}). @item it's built to grow -Although Scute currently only provides a single function, client +Although Scute initially provided a single function, client authentication using OpenPGP smart cards in Mozilla-based web browsers, it was built with the intention of supporting other applications as well in the future. @@ -205,10 +208,10 @@ Instead, it uses the GnuPG 2.0 framework to access the smart cards and associated data like certificates. Scute acts as the glue between the application and GnuPG 2.0. -Currently, only client authentication over HTTPS with Firefox using the -OpenPGP card is supported. In this configuration, Scute allows users to -authenticate themselves to a remote web service without entering their -log-in information. +Currently supported usages are client authentication over HTTPS with +Firefox (allowing users to authenticate themselves to a remote web +service without entering their log-in information), and email signing +with Thunderbird. @node Preparation @@ -545,6 +548,32 @@ the @code{Try Again} button does not work as expected: @comment FIXME: Document possible error codes. + at node Email Signing + at chapter Email Signing + +Scute also allows you to use your card-based X.509 certificate to sign +your emails with the S/MIME signature format. This has been tested +with Mozilla Thunderbird only, but should work with any mail client +with support for PKCS #11 (notably GNOME Evolution). + +You must first load the Scute module into your mail client. With +Mozilla Thunderbird, the procedure is the same as the one described +above for Mozilla Firefox. + +Then, open your accent configuration dialog (@code{Edit->Account +Settings}), and in the @code{Security} tab, under the section + at code{Digital Signing}, use the @code{Select...} button to associate +your card-based certificate with your account. + + at center @image{thunderbird-account-settings,13cm} + +When writing a new message, you may then use the @code{S/MIME} button +and select @code{Digitally sign this message} in the popup menu. You +will be prompted for your User PIN before the message is sent. + + at center @image{thunderbird-smime-button,13cm} + + @node Troubleshooting @chapter Troubleshooting diff --git a/doc/manual/thunderbird-account-settings.png b/doc/manual/thunderbird-account-settings.png new file mode 100644 index 0000000..a1caa4e Binary files /dev/null and b/doc/manual/thunderbird-account-settings.png differ diff --git a/doc/manual/thunderbird-smime-button.png b/doc/manual/thunderbird-smime-button.png new file mode 100644 index 0000000..5492b08 Binary files /dev/null and b/doc/manual/thunderbird-smime-button.png differ diff --git a/doc/website/index.xhtml b/doc/website/index.xhtml index 78f8d82..bd60464 100644 --- a/doc/website/index.xhtml +++ b/doc/website/index.xhtml @@ -65,12 +65,10 @@ that makes use the NSS library.

- Currently, only HTTPS client - authentication is supported. In the future, Scute will also - allow you to use your OpenPGP Card with Thunderbird for signing and - decrypting e-mails using X.509 certificates. + authentication and S/MIME email signing using X.509 + certificates.

- GnuPG + GnuPG

@@ -77,9 +77,9 @@

The GnuPG Repositories

-Use our GIT +Use our GIT Viewer to browse the GIT -repository. Activity reports +repository. Activity reports are also available.

@@ -88,29 +88,29 @@ Here is a list of shortcuts to often used repositories:

----------------------------------------------------------------------- Summary of changes: misc/git.gnupg.org/index.html | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Sun Aug 21 15:59:01 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sun, 21 Aug 2016 15:59:01 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-292-g3e60788 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 3e60788810f93cfcd7f08e5882aff32ed7b6f831 (commit) from 30f156280f18500ee522db58aecd40711c8af685 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3e60788810f93cfcd7f08e5882aff32ed7b6f831 Author: Werner Koch Date: Sun Aug 21 15:49:03 2016 +0200 core: New commands --lang and --have-lang for gpgme-config * configure.ac (GPGME_CONFIG_AVAIL_LANG): New ac_subst. * src/gpgme-config.in (avail_lang): Add commands --lang and --have-lang. Signed-off-by: Werner Koch diff --git a/configure.ac b/configure.ac index 9eb55bb..744b52a 100644 --- a/configure.ac +++ b/configure.ac @@ -717,10 +717,12 @@ AH_BOTTOM([ GPGME_CONFIG_LIBS="-lgpgme" GPGME_CONFIG_CFLAGS="" GPGME_CONFIG_HOST="$host" +GPGME_CONFIG_AVAIL_LANG="$enabled_languages" AC_SUBST(GPGME_CONFIG_API_VERSION) AC_SUBST(GPGME_CONFIG_LIBS) AC_SUBST(GPGME_CONFIG_CFLAGS) AC_SUBST(GPGME_CONFIG_HOST) +AC_SUBST(GPGME_CONFIG_AVAIL_LANG) # Frob'da Variables LTLIBOBJS=`echo "$LIB@&t at OBJS" | diff --git a/doc/gpgme.texi b/doc/gpgme.texi index ac0fffa..e8a735a 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -450,6 +450,19 @@ any other option to select the thread package you want to link with. Supported thread packages are @option{--thread=pth} and @option{--thread=pthread}. +If you need to detect the installed language bindings you can use list +them using: + + at example +gpgme-config --print-lang + at end example + +or test for the availability using + + at example +gpgme-config --have-lang=python && echo 'Bindings for Pythons available' + at end example + @node Largefile Support (LFS) @section Largefile Support (LFS) diff --git a/src/gpgme-config.in b/src/gpgme-config.in index 4be1e08..0d9fda2 100644 --- a/src/gpgme-config.in +++ b/src/gpgme-config.in @@ -36,6 +36,8 @@ thread_modules="" libs_pthread="-lpthread" cflags_pthread="" +avail_lang='c @GPGME_CONFIG_AVAIL_LANG@' + # Configure glib. libs_glib="@GLIB_LIBS@" cflags_glib="@GLIB_CFLAGS@" @@ -48,16 +50,16 @@ usage() cat <&2 fi ;; + --print-lang) + output="$avail_lang" + ;; + --have-lang=*) + for lang in $avail_lang; do + if test x"$lang" = x"$optarg"; then + exit 0 + fi + done + exit 1 + ;; --get-gpg) + # Deprecated output="$output @GPG@" ;; --get-gpgsm) + # Deprecated output="$output @GPGSM@" ;; *) ----------------------------------------------------------------------- Summary of changes: configure.ac | 2 ++ doc/gpgme.texi | 13 +++++++++++++ src/gpgme-config.in | 35 +++++++++++++++++++++++++---------- 3 files changed, 40 insertions(+), 10 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Aug 22 11:14:00 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 22 Aug 2016 11:14:00 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-2-g62f3e00 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 62f3e0027724b23c0de5be6d1e66cfdeef7e7bc9 (commit) from d4bd9743cfb888ee89d2c42eb681788489f52d47 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 62f3e0027724b23c0de5be6d1e66cfdeef7e7bc9 Author: Werner Koch Date: Mon Aug 22 11:09:42 2016 +0200 common: Remove unused vars in simple-pwquery. * common/simple-pwquery.c (agent_send_option): Remove unused vars. (simple_query): Ditto. (agent_open): Ditto. Return RC on error. (simple_pwquery): Remove unused vars. Remove shadowing of 'p'. Signed-off-by: Werner Koch diff --git a/common/simple-pwquery.c b/common/simple-pwquery.c index 240451b..bc555df 100644 --- a/common/simple-pwquery.c +++ b/common/simple-pwquery.c @@ -101,10 +101,7 @@ static int agent_send_option (assuan_context_t ctx, const char *name, const char *value) { int err; - char buf[200]; - int nread; char *line; - int i; line = spwq_malloc (7 + strlen (name) + 1 + strlen (value) + 2); if (!line) @@ -241,12 +238,7 @@ static int agent_open (assuan_context_t *ctx) { int rc; - int fd; - char *infostr, *p; - struct sockaddr_un client_addr; - size_t len; - char line[200]; - int nread; + char *infostr; infostr = default_gpg_agent_info; if ( !infostr || !*infostr ) @@ -285,6 +277,7 @@ agent_open (assuan_context_t *ctx) errout: assuan_release (*ctx); *ctx = NULL; + return rc; } @@ -373,13 +366,14 @@ simple_pwquery (const char *cacheid, int opt_check, int *errorcode) { + int rc; assuan_context_t ctx; membuf_t data; - int nread; char *result = NULL; char *pw = NULL; char *p; - int rc, i; + size_t n; + rc = agent_open (&ctx); if (rc) @@ -437,9 +431,6 @@ simple_pwquery (const char *cacheid, if (rc) { - void *p; - size_t n; - p = get_membuf (&data, &n); if (p) wipememory (p, n); @@ -490,8 +481,6 @@ int simple_query (const char *query) { assuan_context_t ctx; - char response[500]; - int have = 0; int rc; rc = agent_open (&ctx); ----------------------------------------------------------------------- Summary of changes: common/simple-pwquery.c | 21 +++++---------------- 1 file changed, 5 insertions(+), 16 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Aug 22 11:14:30 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 22 Aug 2016 11:14:30 +0200 Subject: [git] KSBA - branch, master, updated. libksba-1.3.4-9-g89d8983 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "KSBA is a library to access X.509 certificates and CMS data.". The branch, master has been updated via 89d898346b75337ec2546c672ea720c5c956b53a (commit) from eb7833b8720cd0831c78d42e993ca878cecf27bc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 89d898346b75337ec2546c672ea720c5c956b53a Author: Werner Koch Date: Mon Aug 22 10:47:59 2016 +0200 Limit allocation in the BER decoder to 16 MiB. * src/ber-decoder.c (MAX_IMAGE_LENGTH): New. (decoder_next): Limit allcoation to MAX_IMAGE_LENGTH. (_ksba_ber_decoder_dump, _ksba_ber_decoder_decode): Ditto. -- We allocate the image used to allocate BER encoded data from the provided length in the object. However, this length may be given arbitrary and we would thus try to allocate huge amounts of memory (and zero them out since commit 2a9fc56) unless the user has set an appropriate ulimit. This is not desirable and thus we better bail out early if a strange (ie. very large object is seen). That whole table driven parser is a mess. Reported-by: Pascal Cuoq Signed-off-by: Werner Koch diff --git a/src/ber-decoder.c b/src/ber-decoder.c index dde73fd..20a91b1 100644 --- a/src/ber-decoder.c +++ b/src/ber-decoder.c @@ -42,6 +42,11 @@ #include "ber-help.h" +/* The maximum length we allow for an image, that is for a BER encoded + * object. */ +#define MAX_IMAGE_LENGTH (16 * 1024 * 1024) + + struct decoder_state_item_s { AsnNode node; int went_up; @@ -867,6 +872,8 @@ decoder_next (BerDecoder d) d->image.length = ti.length + 100; if (d->image.length < ti.length) return gpg_error (GPG_ERR_BAD_BER); + if (d->image.length > MAX_IMAGE_LENGTH) + return gpg_error (GPG_ERR_TOO_LARGE); d->image.buf = xtrycalloc (1, d->image.length); if (!d->image.buf) return gpg_error (GPG_ERR_ENOMEM); @@ -1111,9 +1118,12 @@ _ksba_ber_decoder_dump (BerDecoder d, FILE *fp) if (!buf || buflen < d->val.length) { xfree (buf); + buf = NULL; buflen = d->val.length + 100; if (buflen < d->val.length) err = gpg_error (GPG_ERR_BAD_BER); /* Overflow */ + else if (buflen > MAX_IMAGE_LENGTH) + err = gpg_error (GPG_ERR_TOO_LARGE); else { buf = xtrymalloc (buflen); @@ -1247,9 +1257,12 @@ _ksba_ber_decoder_decode (BerDecoder d, const char *start_name, if (!buf || buflen < d->val.length) { xfree (buf); + buf = NULL; buflen = d->val.length + 100; if (buflen < d->val.length) err = gpg_error (GPG_ERR_BAD_BER); + else if (buflen > MAX_IMAGE_LENGTH) + err = gpg_error (GPG_ERR_TOO_LARGE); else { buf = xtrymalloc (buflen); ----------------------------------------------------------------------- Summary of changes: src/ber-decoder.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) hooks/post-receive -- KSBA is a library to access X.509 certificates and CMS data. http://git.gnupg.org From cvs at cvs.gnupg.org Mon Aug 22 11:50:44 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 22 Aug 2016 11:50:44 +0200 Subject: [git] KSBA - branch, master, updated. libksba-1.3.4-10-g68fba3d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "KSBA is a library to access X.509 certificates and CMS data.". The branch, master has been updated via 68fba3d8d7757b7f7ed75fdebd2b91299943503b (commit) from 89d898346b75337ec2546c672ea720c5c956b53a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 68fba3d8d7757b7f7ed75fdebd2b91299943503b Author: Werner Koch Date: Mon Aug 22 11:47:28 2016 +0200 Use size_t for the result of fread. * src/reader.c (ksba_reader_read): Make 'n' and size_t. -- GnuPG-bug-id: 2415 Signed-off-by: Werner Koch diff --git a/src/reader.c b/src/reader.c index 0f8bad5..c59978d 100644 --- a/src/reader.c +++ b/src/reader.c @@ -366,7 +366,7 @@ ksba_reader_read (ksba_reader_t r, char *buffer, size_t length, size_t *nread) } else if (r->type == READER_TYPE_FILE) { - int n; + size_t n; if (r->eof) return gpg_error (GPG_ERR_EOF); @@ -378,7 +378,7 @@ ksba_reader_read (ksba_reader_t r, char *buffer, size_t length, size_t *nread) } n = fread (buffer, 1, length, r->u.file); - if (n > 0) + if (n) { r->nread += n; *nread = n; @@ -388,9 +388,9 @@ ksba_reader_read (ksba_reader_t r, char *buffer, size_t length, size_t *nread) if (n < length) { if (ferror(r->u.file)) - r->error = errno; + r->error = errno; r->eof = 1; - if (n <= 0) + if (!n) return gpg_error (GPG_ERR_EOF); } } ----------------------------------------------------------------------- Summary of changes: src/reader.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) hooks/post-receive -- KSBA is a library to access X.509 certificates and CMS data. http://git.gnupg.org From cvs at cvs.gnupg.org Mon Aug 22 12:03:02 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 22 Aug 2016 12:03:02 +0200 Subject: [git] KSBA - branch, master, updated. libksba-1.3.4-12-g861cd1e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "KSBA is a library to access X.509 certificates and CMS data.". The branch, master has been updated via 861cd1eb38453a39226c7e206486078e9ac4a12c (commit) via 25cc42cf61a56e01f1bd72883e452f691dda8309 (commit) from 68fba3d8d7757b7f7ed75fdebd2b91299943503b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 861cd1eb38453a39226c7e206486078e9ac4a12c Author: Werner Koch Date: Mon Aug 22 11:59:47 2016 +0200 Post release updates -- diff --git a/NEWS b/NEWS index 22aeead..24192bc 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 1.3.6 (unreleased) [C19/A11/R-] +------------------------------------------------ + + Noteworthy changes in version 1.3.5 (2016-08-22) [C19/A11/R6] ------------------------------------------------ diff --git a/configure.ac b/configure.ac index e5e8764..44da1cb 100644 --- a/configure.ac +++ b/configure.ac @@ -30,7 +30,7 @@ min_automake_version="1.14" m4_define([mym4_package],[libksba]) m4_define([mym4_major], [1]) m4_define([mym4_minor], [3]) -m4_define([mym4_micro], [5]) +m4_define([mym4_micro], [6]) # Below is m4 magic to extract and compute the git revision number, # the decimalized short revision number, a beta version string and a commit 25cc42cf61a56e01f1bd72883e452f691dda8309 Author: Werner Koch Date: Mon Aug 22 11:54:04 2016 +0200 Release 1.3.5 * configure.ac: Set LT version to C19/A/11/R6. diff --git a/NEWS b/NEWS index 9dca760..22aeead 100644 --- a/NEWS +++ b/NEWS @@ -1,8 +1,18 @@ -Noteworthy changes in version 1.3.5 (unreleased) [C19/A11/R_] +Noteworthy changes in version 1.3.5 (2016-08-22) [C19/A11/R6] ------------------------------------------------ + * Limit the allowed size of complex ASN.1 objects (e.g. certificates) + to 16MiB. -Noteworthy changes in version 1.3.4 (2016-05-03) [C19/A11/R4] + * Avoid read access to unitialized memory. + + * Improve detection of invalid RDNs. + + * Encode the OCSP nonce value as an octet string as described by + RFC-6960. + + +Noteworthy changes in version 1.3.4 (2016-05-03) [C19/A11/R5] ------------------------------------------------ * Fixed two OOB read access bugs which could be used to force a DoS. diff --git a/configure.ac b/configure.ac index d678ce4..e5e8764 100644 --- a/configure.ac +++ b/configure.ac @@ -52,7 +52,7 @@ AC_INIT([mym4_package],[mym4_version], [http://bugs.gnupg.org]) # Please remember to document interface changes in the NEWS file. LIBKSBA_LT_CURRENT=19 LIBKSBA_LT_AGE=11 -LIBKSBA_LT_REVISION=5 +LIBKSBA_LT_REVISION=6 #------------------- # If the API is changed in an incompatible way: increment the next counter. KSBA_CONFIG_API_VERSION=1 ----------------------------------------------------------------------- Summary of changes: NEWS | 18 ++++++++++++++++-- configure.ac | 4 ++-- 2 files changed, 18 insertions(+), 4 deletions(-) hooks/post-receive -- KSBA is a library to access X.509 certificates and CMS data. http://git.gnupg.org From cvs at cvs.gnupg.org Mon Aug 22 15:51:46 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Mon, 22 Aug 2016 15:51:46 +0200 Subject: [git] GpgOL - branch, nomapi, updated. gpgol-1.4.0-21-g553db6b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, nomapi has been updated via 553db6ba3cfaca7275669abbc5024037363630be (commit) via 7f9f7bf99de356d794df06852bc12faf9c6e99ba (commit) via 3b27162dcb06c99aa62ab12403312854871e2214 (commit) via 87d57374bbe502b121d68874e9e807e89a20f358 (commit) from c1398da89a56f4c2cad743af8eb687d33e7f3246 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 553db6ba3cfaca7275669abbc5024037363630be Author: Andre Heinecke Date: Mon Aug 22 15:40:37 2016 +0200 Add GPGME based async decryption * src/Makefile.am (gpgol_SOURCES): Add Mimedataprovider. * src/mail.cpp (Mail::m_moss_position): Store moss pos. (Mail::is_mail_valid): Helper to check for orphaned mail pointer. (Mail::pre_process_message): Store moss position. (get_cipherstream): Use stored moss position. (use_body): Removed. Always use MOSS. (do_parsing): Helper to run in different thread. (Mail::decrypt_verify): Insert placehoder, create parser, start parser thread. (Mail::parsing_done): Helper to insert plaintext in UI Thread. (Mail::revert_all_mails): Fix typo. (Mail::wipe_all_mails): Init err. (Mail::close_inspector): Helper to close current inspector with discard changes. * src/mail.h: Update accordingly. * src/mailparser.cpp (MailParser::MailParser): Use MimeDataProvider. (operation_for_type): Helper to figure out type of work and protocol. (MailParser::parse): Enable a fist version of decrypt. * src/mailparser.h: Update accordingly. * src/main.c (DllMain): Set w32-inst-dir for GpgME. * src/mimedataprovider.cpp: New. Copy stream into GpgME Data. * src/mimedataprovider.h: New. * src/util.h (log_mime_parser): New helper for logging. * src/windowmessages.cpp (gpgol_window_proc): Handle parsing done signal. * src/windowmessages.h (PARSING_DONE): New. * src/attachment.cpp: Implement DataProvider interface. * src/attachment.h: Update accordingly. -- The idea is that DataProvider classes will take and recieve Data from GpgOL, copy it into internal buffers (to avoid working with the OOM from a background thread) and then provide the data as needed to GpgOL. On Read they shall parse the MIME e.g. into a signature part, and on Write they shall deliver useful objects (e.g. attachments) for Outlook to work with. The Close / Wipe changes are a bit unrelated as they were created for experiments to avoid "save your changes" message boxes. diff --git a/src/Makefile.am b/src/Makefile.am index 65e4f7b..fd91691 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -88,7 +88,8 @@ gpgol_SOURCES = \ gmime-table-private.h \ exechelp.c exechelp.h \ addin-options.cpp addin-options.h \ - mailparser.cpp mailparser.h + mailparser.cpp mailparser.h \ + mimedataprovider.cpp mimedataprovider.h #treeview_SOURCES = treeview.c diff --git a/src/attachment.cpp b/src/attachment.cpp index a9ad736..b052d00 100644 --- a/src/attachment.cpp +++ b/src/attachment.cpp @@ -25,7 +25,9 @@ #include "mapihelp.h" #include "gpgolstr.h" +#include #include +#include Attachment::Attachment() { @@ -42,6 +44,15 @@ Attachment::Attachment() } } +Attachment::Attachment(LPSTREAM stream) +{ + if (stream) + { + stream->AddRef (); + } + m_stream = stream; +} + Attachment::~Attachment() { log_debug ("%s:%s", SRCNAME, __func__); @@ -60,12 +71,6 @@ Attachment::get_display_name() const return m_utf8DisplayName; } -std::string -Attachment::get_tmp_file_name() const -{ - return m_utf8FileName; -} - void Attachment::set_display_name(const char *name) { @@ -78,26 +83,129 @@ Attachment::set_attach_type(attachtype_t type) m_type = type; } -void -Attachment::set_hidden(bool value) +bool +Attachment::isSupported(GpgME::DataProvider::Operation op) const { - m_hidden = value; + return op == GpgME::DataProvider::Read || + op == GpgME::DataProvider::Write || + op == GpgME::DataProvider::Seek || + op == GpgME::DataProvider::Release; +} + +ssize_t +Attachment::read(void *buffer, size_t bufSize) +{ + if (!bufSize) + { + return 0; + } + if (!buffer || bufSize >= ULONG_MAX) + { + log_error ("%s:%s: Read invalid", + SRCNAME, __func__); + GpgME::Error::setSystemError (GPG_ERR_EINVAL); + return -1; + } + if (!m_stream) + { + log_error ("%s:%s: Read on null stream.", + SRCNAME, __func__); + GpgME::Error::setSystemError (GPG_ERR_EIO); + return -1; + } + + ULONG cb = static_cast (bufSize); + ULONG bRead = 0; + HRESULT hr = m_stream->Read (buffer, cb, &bRead); + if (hr != S_OK && hr != S_FALSE) + { + log_error ("%s:%s: Read failed", + SRCNAME, __func__); + GpgME::Error::setSystemError (GPG_ERR_EIO); + return -1; + } + return static_cast(bRead); } -int -Attachment::write(const char *data, size_t size) +ssize_t +Attachment::write(const void *data, size_t size) { - if (!data || !size) + if (!size) { return 0; } - if (!m_stream && m_stream->Write (data, size, NULL) != S_OK) + if (!data || size >= ULONG_MAX) + { + GpgME::Error::setSystemError (GPG_ERR_EINVAL); + return -1; + } + if (!m_stream) { - return 1; + log_error ("%s:%s: Write on NULL stream. ", + SRCNAME, __func__); + GpgME::Error::setSystemError (GPG_ERR_EIO); + return -1; + } + ULONG written = 0; + if (m_stream->Write (data, static_cast(size), &written) != S_OK) + { + GpgME::Error::setSystemError (GPG_ERR_EIO); + log_error ("%s:%s: Write failed.", + SRCNAME, __func__); + return -1; } if (m_stream->Commit (0) != S_OK) { - return 1; + log_error ("%s:%s: Commit failed. ", + SRCNAME, __func__); + GpgME::Error::setSystemError (GPG_ERR_EIO); + return -1; + } + return static_cast (written); +} + +off_t Attachment::seek(off_t offset, int whence) +{ + DWORD dwOrigin; + switch (whence) + { + case SEEK_SET: + dwOrigin = STREAM_SEEK_SET; + break; + case SEEK_CUR: + dwOrigin = STREAM_SEEK_CUR; + break; + case SEEK_END: + dwOrigin = STREAM_SEEK_END; + break; + default: + GpgME::Error::setSystemError (GPG_ERR_EINVAL); + return (off_t) - 1; + } + if (!m_stream) + { + log_error ("%s:%s: Seek on null stream.", + SRCNAME, __func__); + GpgME::Error::setSystemError (GPG_ERR_EIO); + return (off_t) - 1; + } + LARGE_INTEGER move = {0, 0}; + move.QuadPart = offset; + ULARGE_INTEGER result; + HRESULT hr = m_stream->Seek (move, dwOrigin, &result); + + if (hr != S_OK) + { + log_error ("%s:%s: Seek failed. ", + SRCNAME, __func__); + GpgME::Error::setSystemError (GPG_ERR_EINVAL); + return (off_t) - 1; } - return 0; + return result.QuadPart; +} + +void Attachment::release() +{ + /* No op. */ + log_debug ("%s:%s", SRCNAME, __func__); } diff --git a/src/attachment.h b/src/attachment.h index 68821ff..ae1fb49 100644 --- a/src/attachment.h +++ b/src/attachment.h @@ -1,6 +1,6 @@ -/* attachment.h - Functions for attachment handling +/* attachment.h - Wrapper class for attachments * Copyright (C) 2005, 2007 g10 Code GmbH - * Copyright (C) 2015 Intevation GmbH + * Copyright (C) 2015, 2016 Intevation GmbH * * This file is part of GpgOL. * @@ -25,40 +25,41 @@ #include "mapihelp.h" #include +#include + /** Helper class for attachment actions. */ -class Attachment +class Attachment : public GpgME::DataProvider { public: /** Creates and opens a new temporary stream. */ Attachment(); + /** Creates the attachment wrapper for an existing stream. */ + Attachment(LPSTREAM stream); + /** Deletes the attachment and the underlying temporary file. */ ~Attachment(); /** Get an assoicated ISteam ptr or NULL. */ LPSTREAM get_stream(); - /** Writes data to the attachment stream. - * Calling this method automatically commits the stream. - * - * Returns 0 on success. */ - int write(const char *data, size_t size); - /** Set the display name */ void set_display_name(const char *name); std::string get_display_name() const; - std::string get_tmp_file_name() const; - void set_attach_type(attachtype_t type); - void set_hidden(bool value); + /* Dataprovider interface */ + bool isSupported(Operation) const; + ssize_t read(void *buffer, size_t bufSize); + ssize_t write(const void *buffer, size_t bufSize); + off_t seek(off_t offset, int whence); + void release(); + private: LPSTREAM m_stream; - std::string m_utf8FileName; std::string m_utf8DisplayName; attachtype_t m_type; - bool m_hidden; }; #endif // ATTACHMENT_H diff --git a/src/mail.cpp b/src/mail.cpp index 4c16852..6043ed1 100644 --- a/src/mail.cpp +++ b/src/mail.cpp @@ -31,6 +31,7 @@ #include "mymapitags.h" #include "mailparser.h" #include "gpgolstr.h" +#include "windowmessages.h" #include #include @@ -87,6 +88,7 @@ Mail::Mail (LPDISPATCH mailitem) : m_crypt_successful(false), m_is_smime(false), m_is_smime_checked(false), + m_moss_position(0), m_sender(NULL), m_type(MSGTYPE_UNKNOWN) { @@ -142,6 +144,19 @@ Mail::get_mail_for_item (LPDISPATCH mailitem) return it->second; } +bool +Mail::is_mail_valid (const Mail *mail) +{ + auto it = g_mail_map.begin(); + while (it != g_mail_map.end()) + { + if (it->second == mail) + return true; + ++it; + } + return false; +} + int Mail::pre_process_message () { @@ -168,7 +183,8 @@ Mail::pre_process_message () /* Create moss attachments here so that they are properly hidden when the item is read into the model. */ - if (mapi_mark_or_create_moss_attach (message, m_type)) + m_moss_position = mapi_mark_or_create_moss_attach (message, m_type); + if (!m_moss_position) { log_error ("%s:%s: Failed to find moss attachment.", SRCNAME, __func__); @@ -181,7 +197,7 @@ Mail::pre_process_message () /** Get the cipherstream of the mailitem. */ static LPSTREAM -get_cipherstream (LPDISPATCH mailitem) +get_cipherstream (LPDISPATCH mailitem, int pos) { LPDISPATCH attachments = get_oom_object (mailitem, "Attachments"); LPDISPATCH attachment = NULL; @@ -203,13 +219,9 @@ get_cipherstream (LPDISPATCH mailitem) gpgol_release (attachments); return NULL; } - if (count > 1) - { - log_debug ("%s:%s: More then one attachment count: %i. Continuing anway.", - SRCNAME, __func__, count); - } /* We assume the crypto attachment is the second item. */ - attachment = get_oom_object (attachments, "Item(2)"); + const auto item_str = std::string("Item(") + std::to_string(pos) + ")"; + attachment = get_oom_object (attachments, item_str.c_str()); gpgol_release (attachments); attachments = NULL; @@ -231,21 +243,6 @@ get_cipherstream (LPDISPATCH mailitem) return stream; } -/** Helper to check if the body should be used for decrypt verify - or if the mime Attachment should be used. */ -static bool -use_body(msgtype_t type) -{ - switch (type) - { - case MSGTYPE_GPGOL_PGP_MESSAGE: - case MSGTYPE_GPGOL_CLEAR_SIGNED: - return true; - default: - return false; - } -} - /** Helper to update the attachments of a mail object in oom. does not modify the underlying mapi structure. */ static bool @@ -270,6 +267,19 @@ add_attachments(LPDISPATCH mail, return false; } +static DWORD WINAPI +do_parsing (LPVOID arg) +{ + log_debug ("%s:%s: starting parsing for: %p", + SRCNAME, __func__, arg); + + Mail *mail = (Mail *)arg; + auto parser = mail->parser(); + parser->parse(); + do_in_ui_thread (PARSING_DONE, arg); + return 0; +} + int Mail::decrypt_verify() { @@ -282,75 +292,75 @@ Mail::decrypt_verify() { log_error ("%s:%s: Decrypt verify called for msg that needs wipe: %p", SRCNAME, __func__, m_mailitem); - return 0; + return 1; } m_processed = true; - /* Do the actual parsing */ - std::unique_ptr parser; - if (!use_body (m_type)) - { - auto cipherstream = get_cipherstream (m_mailitem); - - if (!cipherstream) - { - /* TODO Error message? */ - log_debug ("%s:%s: Failed to get cipherstream.", - SRCNAME, __func__); - return 1; - } - - parser = std::unique_ptr(new MailParser (cipherstream, m_type)); - gpgol_release (cipherstream); - } - else + /* Inser placeholder */ + if (put_oom_string (m_mailitem, "HTMLBody", WAIT_TEMPLATE)) { - parser = std::unique_ptr(); + log_error ("%s:%s: Failed to modify html body of item.", + SRCNAME, __func__); + return 1; } - const std::string err = parser->parse(); - if (!err.empty()) + /* Do the actual parsing */ + auto cipherstream = get_cipherstream (m_mailitem, m_moss_position); + + if (!cipherstream) { - /* TODO Show error message. */ - log_error ("%s:%s: Failed to parse message: %s", - SRCNAME, __func__, err.c_str()); + /* TODO Error message? */ + log_debug ("%s:%s: Failed to get cipherstream.", + SRCNAME, __func__); return 1; } + m_parser = new MailParser (cipherstream, m_type); + gpgol_release (cipherstream); + + CreateThread (NULL, 0, do_parsing, (LPVOID) this, 0, + NULL); + return 0; +} + +void Mail::parsing_done() +{ m_needs_wipe = true; /* Update the body */ - const auto html = parser->get_utf8_html_body(); + const auto html = m_parser->get_utf8_html_body(); if (!html->empty()) { if (put_oom_string (m_mailitem, "HTMLBody", html->c_str())) { log_error ("%s:%s: Failed to modify html body of item.", SRCNAME, __func__); - return 1; + return; } } else { - const auto body = parser->get_utf8_text_body(); + const auto body = m_parser->get_utf8_text_body(); if (put_oom_string (m_mailitem, "Body", body->c_str())) { log_error ("%s:%s: Failed to modify body of item.", SRCNAME, __func__); - return 1; + return; } } /* Update attachments */ - if (add_attachments (m_mailitem, parser->get_attachments())) + if (add_attachments (m_mailitem, m_parser->get_attachments())) { log_error ("%s:%s: Failed to update attachments.", SRCNAME, __func__); - return 1; + return; } /* Invalidate UI to set the correct sig status. */ + delete m_parser; + m_parser = nullptr; gpgoladdin_invalidate_ui (); - return 0; + return; } int @@ -493,7 +503,7 @@ Mail::revert_all_mails () { if (it->second->revert ()) { - log_error ("Failed to wipe mail: %p ", it->first); + log_error ("Failed to revert mail: %p ", it->first); err++; } } @@ -519,14 +529,13 @@ Mail::wipe_all_mails () int Mail::revert () { - int err; + int err = 0; if (!m_processed) { return 0; } err = gpgol_mailitem_revert (m_mailitem); - if (err == -1) { log_error ("%s:%s: Message revert failed falling back to wipe.", @@ -590,3 +599,41 @@ Mail::get_subject() { return std::string(get_oom_string (m_mailitem, "Subject")); } + +int +Mail::close_inspector () +{ + LPDISPATCH inspector = get_oom_object (m_mailitem, "GetInspector"); + HRESULT hr; + DISPID dispid; + if (!inspector) + { + log_debug ("%s:%s: No inspector.", + SRCNAME, __func__); + return -1; + } + + dispid = lookup_oom_dispid (inspector, "Close"); + if (dispid != DISPID_UNKNOWN) + { + VARIANT aVariant[1]; + DISPPARAMS dispparams; + + dispparams.rgvarg = aVariant; + dispparams.rgvarg[0].vt = VT_INT; + dispparams.rgvarg[0].intVal = 1; + dispparams.cArgs = 1; + dispparams.cNamedArgs = 0; + + hr = inspector->Invoke (dispid, IID_NULL, LOCALE_SYSTEM_DEFAULT, + DISPATCH_METHOD, &dispparams, + NULL, NULL, NULL); + if (hr != S_OK) + { + log_debug ("%s:%s: Failed to close inspector: %#lx", + SRCNAME, __func__, hr); + return -1; + } + } + return 0; +} diff --git a/src/mail.h b/src/mail.h index 1bbc789..0dc96d4 100644 --- a/src/mail.h +++ b/src/mail.h @@ -25,6 +25,9 @@ #include "mapihelp.h" #include +#include + +class MailParser; /** @brief Data wrapper around a mailitem. * @@ -57,6 +60,13 @@ public: */ static Mail* get_mail_for_item (LPDISPATCH mailitem); + /** @brief looks for existing Mail objects. + + @returns A reference to an existing mailitem or NULL in case none + could be found. Can be used to check if a mail object was destroyed. + */ + static bool is_mail_valid (const Mail *mail); + /** @brief wipe the plaintext from all known Mail objects. * * This is intended as a "cleanup" call to be done on unload @@ -168,6 +178,22 @@ public: */ bool is_smime (); + /** @brief closes the inspector for this mail + * + * @returns true on success. + */ + int close_inspector (); + + /** @brief get the associated parser. + only valid while the actual parsing happens. */ + MailParser *parser () { return m_parser; } + + /** To be called from outside once the paser was done. + In Qt this would be a slot that is called once it is finished + we hack around that a bit by calling it from our windowmessages + handler. + */ + void parsing_done (); private: LPDISPATCH m_mailitem; LPDISPATCH m_event_sink; @@ -177,7 +203,9 @@ private: m_crypt_successful, /* We successfuly performed crypto on the item. */ m_is_smime, /* This is an smime mail. */ m_is_smime_checked; /* it was checked if this is an smime mail */ + int m_moss_position; /* The number of the original message attachment. */ char *m_sender; msgtype_t m_type; /* Our messagetype as set in mapi */ + MailParser *m_parser; }; #endif // MAIL_H diff --git a/src/mailparser.cpp b/src/mailparser.cpp index 500a383..c73de1f 100644 --- a/src/mailparser.cpp +++ b/src/mailparser.cpp @@ -23,31 +23,104 @@ #include "mailparser.h" #include "attachment.h" +#include "mimedataprovider.h" + +#include +#include + +#include + +using namespace GpgME; MailParser::MailParser(LPSTREAM instream, msgtype_t type): m_body (std::shared_ptr(new std::string())), m_htmlbody (std::shared_ptr(new std::string())), - m_stream (instream), + m_input (Data(new MimeDataProvider(instream))), m_type (type), - m_error (false), - m_in_data (false), - signed_data (nullptr), - sig_data (nullptr) + m_error (false) { - log_debug ("%s:%s: Creating parser for stream: %p", - SRCNAME, __func__, instream); - instream->AddRef(); + log_mime_parser ("%s:%s: Creating parser for stream: %p", + SRCNAME, __func__, instream); } MailParser::~MailParser() { - gpgol_release(m_stream); + log_debug ("%s:%s", SRCNAME, __func__); +} + +static void +operation_for_type(msgtype_t type, bool *decrypt, + bool *verify, Protocol *protocol) +{ + *decrypt = false; + *verify = false; + *protocol = Protocol::UnknownProtocol; + switch (type) + { + case MSGTYPE_GPGOL_MULTIPART_ENCRYPTED: + case MSGTYPE_GPGOL_PGP_MESSAGE: + *decrypt = true; + *protocol = Protocol::OpenPGP; + break; + case MSGTYPE_GPGOL_MULTIPART_SIGNED: + case MSGTYPE_GPGOL_CLEAR_SIGNED: + *verify = true; + *protocol = Protocol::OpenPGP; + break; + case MSGTYPE_GPGOL_OPAQUE_SIGNED: + *protocol = Protocol::CMS; + *verify = true; + break; + case MSGTYPE_GPGOL_OPAQUE_ENCRYPTED: + *protocol = Protocol::CMS; + *decrypt = true; + break; + default: + log_error ("%s:%s: Unknown data type: %i", + SRCNAME, __func__, type); + } } std::string MailParser::parse() { - m_body = std::shared_ptr(new std::string("Hello world")); + // Wrap the input stream in an attachment / GpgME Data + Protocol protocol; + bool decrypt, verify; + operation_for_type (m_type, &decrypt, &verify, &protocol); + auto ctx = Context::createForProtocol (protocol); + ctx->setArmor(true); + + if (decrypt) + { + Data output; + log_debug ("%s:%s: Decrypting with protocol: %s", + SRCNAME, __func__, + protocol == OpenPGP ? "OpenPGP" : + protocol == CMS ? "CMS" : "Unknown"); + auto combined_result = ctx->decryptAndVerify(m_input, output); + m_decrypt_result = combined_result.first; + m_verify_result = combined_result.second; + if (m_decrypt_result.error()) + { + MessageBox (NULL, "Decryption failed.", "Failed", MB_OK); + } + char buf[2048]; + size_t bRead; + output.seek (0, SEEK_SET); + while ((bRead = output.read (buf, 2048)) > 0) + { + (*m_body).append(buf, bRead); + } + log_debug ("Body is: %s", m_body->c_str()); + } + + if (opt.enable_debug) + { + std::stringstream ss; + ss << m_decrypt_result << '\n' << m_verify_result; + log_debug ("Decrypt / Verify result: %s", ss.str().c_str()); + } Attachment *att = new Attachment (); att->write ("Hello attachment", strlen ("Hello attachment")); att->set_display_name ("The Attachment.txt"); @@ -55,17 +128,20 @@ MailParser::parse() return std::string(); } -std::shared_ptr MailParser::get_utf8_html_body() +std::shared_ptr +MailParser::get_utf8_html_body() { return m_htmlbody; } -std::shared_ptr MailParser::get_utf8_text_body() +std::shared_ptr +MailParser::get_utf8_text_body() { return m_body; } -std::vector > MailParser::get_attachments() +std::vector > +MailParser::get_attachments() { return m_attachments; } diff --git a/src/mailparser.h b/src/mailparser.h index 1e03139..f92c313 100644 --- a/src/mailparser.h +++ b/src/mailparser.h @@ -24,12 +24,15 @@ #include "oomhelp.h" #include "mapihelp.h" -#include "gpgme.h" #include #include #include +#include +#include +#include + class Attachment; class MailParser @@ -65,17 +68,11 @@ private: std::shared_ptr m_htmlbody; /* State variables */ - LPSTREAM m_stream; + GpgME::Data m_input; msgtype_t m_type; bool m_error; - bool m_in_data; - gpgme_data_t signed_data;/* NULL or the data object used to collect - the signed data. It would be better to - just hash it but there is no support in - gpgme for this yet. */ - gpgme_data_t sig_data; /* NULL or data object to collect the - signature attachment which should be a - signature then. */ + GpgME::DecryptionResult m_decrypt_result; + GpgME::VerificationResult m_verify_result; }; #endif /* MAILPARSER_H */ diff --git a/src/main.c b/src/main.c index 12321f3..fdff49c 100644 --- a/src/main.c +++ b/src/main.c @@ -162,6 +162,13 @@ DllMain (HINSTANCE hinst, DWORD reason, LPVOID reserved) gpg_err_init (); + /* Set the installation directory for GpgME so that + it can find tools like gpgme-w32-spawn correctly. */ + char *instdir; + gpgrt_asprintf (&instdir, "%s\\bin", get_gpg4win_dir ()); + gpgme_set_global_flag ("w32-inst-dir", instdir); + xfree (instdir); + /* The next call initializes subsystems of gpgme and should be done as early as possible. The actual return value (the version string) is not used here. It may be called at any diff --git a/src/mimedataprovider.cpp b/src/mimedataprovider.cpp new file mode 100644 index 0000000..d6628f3 --- /dev/null +++ b/src/mimedataprovider.cpp @@ -0,0 +1,213 @@ +/* mimedataprover.cpp - GpgME dataprovider for mime data + * Copyright (C) 2016 Intevation GmbH + * + * This file is part of GpgOL. + * + * GpgOL is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * GpgOL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, see . + */ +#include "config.h" +#include "common.h" + +#include "mimedataprovider.h" + +/* The maximum length of a line we are able to process. RFC822 allows + only for 1000 bytes; thus 2000 seems to be a reasonable value. */ +#define LINEBUFSIZE 2000 + +/* How much data is read from the underlying stream in a collect + call. */ +#define BUFSIZE 8192 + +#include + +static int +message_cb (void *opaque, rfc822parse_event_t event, + rfc822parse_t msg) +{ + (void) opaque; + (void) event; + (void) msg; + return 0; +} + +MimeDataProvider::MimeDataProvider(LPSTREAM stream): + m_collect(true), + m_parser(rfc822parse_open (message_cb, this)), + m_current_encoding(None) +{ + if (stream) + { + stream->AddRef (); + } + else + { + log_error ("%s:%s called without stream ", SRCNAME, __func__); + return; + } + b64_init (&m_base64_context); + log_mime_parser ("%s:%s Collecting data.", SRCNAME, __func__); + collect_data (stream); + log_mime_parser ("%s:%s Data collected.", SRCNAME, __func__); + gpgol_release (stream); +} + +MimeDataProvider::~MimeDataProvider() +{ + log_debug ("%s:%s", SRCNAME, __func__); +} + +bool +MimeDataProvider::isSupported(GpgME::DataProvider::Operation op) const +{ + return op == GpgME::DataProvider::Read || + op == GpgME::DataProvider::Seek || + op == GpgME::DataProvider::Release; +} + +ssize_t +MimeDataProvider::read(void *buffer, size_t size) +{ + log_mime_parser ("%s:%s: Reading: " SIZE_T_FORMAT "Bytes", + SRCNAME, __func__, size); + ssize_t bRead = m_data.read (buffer, size); + if (opt.enable_debug & DBG_MIME_PARSER) + { + std::string buf ((char *)buffer, bRead); + log_mime_parser ("%s:%s: Data: \"%s\"", + SRCNAME, __func__, buf.c_str()); + } + return bRead; +} + +void +MimeDataProvider::decode_and_collect(char *line, size_t pos) +{ + /* We are inside the data. That should be the actual + ciphertext in the given encoding. Add it to our internal + cache. */ + int slbrk = 0; + size_t len; + + if (m_current_encoding == Quoted) + len = qp_decode (line, pos, &slbrk); + else if (m_current_encoding == Base64) + len = b64_decode (&m_base64_context, line, pos); + else + len = pos; + m_data.write (line, len); + if (m_current_encoding != Encoding::Base64 && !slbrk) + { + m_data.write ("\r\n", 2); + } + return; +} + +/* Split some raw data into lines and handle them accordingly. + returns the amount of bytes not taken from the input buffer. +*/ +size_t +MimeDataProvider::collect_input_lines(const char *input, size_t insize) +{ + char linebuf[LINEBUFSIZE]; + const char *s = input; + size_t pos = 0; + size_t nleft = insize; + size_t not_taken = nleft; + + /* Split the raw data into lines */ + for (; nleft; nleft--, s++) + { + if (pos >= LINEBUFSIZE) + { + log_error ("%s:%s: rfc822 parser failed: line too long\n", + SRCNAME, __func__); + GpgME::Error::setSystemError (GPG_ERR_EIO); + return not_taken; + } + if (*s != '\n') + linebuf[pos++] = *s; + else + { + /* Got a complete line. Remove the last CR. */ + not_taken -= pos + 1; /* Pos starts at 0 so + 1 for it */ + if (pos && linebuf[pos-1] == '\r') + { + pos--; + } + + if (rfc822parse_insert (m_parser, + (unsigned char*) linebuf, + pos)) + { + log_error ("%s:%s: rfc822 parser failed: %s\n", + SRCNAME, __func__, strerror (errno)); + return not_taken; + } + /* If we are currently in a collecting state actually + collect that line */ + if (m_collect) + { + decode_and_collect (linebuf, pos); + } + /* Continue with next line. */ + pos = 0; + } + } + return not_taken; +} + +void +MimeDataProvider::collect_data(LPSTREAM stream) +{ + if (!stream) + { + return; + } + HRESULT hr; + char buf[BUFSIZE]; + ULONG bRead; + while ((hr = stream->Read (buf, BUFSIZE, &bRead)) == S_OK || + hr == S_FALSE) + { + if (!bRead) + { + log_mime_parser ("%s:%s: Input stream at EOF.", + SRCNAME, __func__); + return; + } + log_mime_parser ("%s:%s: Read %lu bytes.", + SRCNAME, __func__, bRead); + + m_rawbuf += std::string (buf, bRead); + size_t not_taken = collect_input_lines (m_rawbuf.c_str(), + m_rawbuf.size()); + + if (not_taken == m_rawbuf.size()) + { + log_error ("%s:%s: Collect failed to consume anything.\n" + "Buffer too small?", + SRCNAME, __func__); + return; + } + log_mime_parser ("%s:%s: Consumed: " SIZE_T_FORMAT " bytes", + SRCNAME, __func__, m_rawbuf.size() - not_taken); + m_rawbuf.erase (0, m_rawbuf.size() - not_taken); + } +} + +off_t +MimeDataProvider::seek(off_t offset, int whence) +{ + return m_data.seek (offset, whence); +} diff --git a/src/mimedataprovider.h b/src/mimedataprovider.h new file mode 100644 index 0000000..8b9d8ee --- /dev/null +++ b/src/mimedataprovider.h @@ -0,0 +1,83 @@ +/* mimedataprover.h - GpgME dataprovider for mime data + * Copyright (C) 2016 Intevation GmbH + * + * This file is part of GpgOL. + * + * GpgOL is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * GpgOL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, see . + */ +#ifndef MIMEDATAPROVIDER_H +#define MIMEDATAPROVIDER_H + +#include +#include +#include "oomhelp.h" +#include "mapihelp.h" +#include "rfc822parse.h" + +#include + +/** This class does simple one level mime parsing to find crypto + data. + + Use the mimedataprovider on a body or attachment stream. It + will do the conversion from MIME to PGP / CMS data on the fly. + + The raw mime data from the underlying stream is "collected" and + parsed into Crypto data which is then buffered in "databuf". +*/ +class MimeDataProvider : public GpgME::DataProvider +{ +public: + /* Read and parse the stream. Does not hold a reference + to the stream but releases it after read. */ + MimeDataProvider(LPSTREAM stream); + ~MimeDataProvider(); + + /* Dataprovider interface */ + bool isSupported(Operation) const; + + /** Read some data from the stream. This triggers + the conversion code interanally to convert mime + data into PGP/CMS Data that GpgME can work with. */ + ssize_t read(void *buffer, size_t bufSize); + ssize_t write(const void *buffer, size_t bufSize) { + (void)buffer; (void)bufSize; return -1; + } + /* Seek the underlying stream. This discards the internal + buffers as the offset is not mapped. Should not really + be used but can be used to reset the DataProvider. */ + off_t seek(off_t offset, int whence); + /* Noop */ + void release() {} + + /* The the data of the signature part. */ + const GpgME::Data &get_signature_data(); +private: + /* Collect the crypto data from mime. */ + void collect_data(LPSTREAM stream); + /* Collect a single line. */ + size_t collect_input_lines(const char *input, size_t size); + /* Move actual data into the databuffer. */ + void decode_and_collect(char *line, size_t pos); + enum Encoding {None, Base64, Quoted}; + std::string m_sig_data; + GpgME::Data m_data; + GpgME::Data m_signature; + std::string m_rawbuf; + bool m_collect; + rfc822parse_t m_parser; + Encoding m_current_encoding; + b64_state_t m_base64_context; +}; +#endif // MIMEDATAPROVIDER_H diff --git a/src/util.h b/src/util.h index b20f0bc..0b78332 100644 --- a/src/util.h +++ b/src/util.h @@ -96,6 +96,8 @@ void log_window_hierarchy (HWND window, const char *fmt, #define log_oom if (opt.enable_debug & DBG_OOM) log_debug #define log_oom_extra if (opt.enable_debug & DBG_OOM_EXTRA) log_debug +#define log_mime_parser if (opt.enable_debug & DBG_MIME_PARSER) log_debug + #define gpgol_release(X) \ { \ if (X && opt.enable_debug & DBG_OOM_EXTRA) \ diff --git a/src/windowmessages.cpp b/src/windowmessages.cpp index e0c95cd..d850a8c 100644 --- a/src/windowmessages.cpp +++ b/src/windowmessages.cpp @@ -1,7 +1,28 @@ +/* @file windowmessages.h + * @brief Helper class to work with the windowmessage handler thread. + * + * Copyright (C) 2015, 2016 Intevation GmbH + * + * This file is part of GpgOL. + * + * GpgOL is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * GpgOL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, see . + */ #include "windowmessages.h" #include "util.h" #include "oomhelp.h" +#include "mail.h" #include @@ -39,10 +60,21 @@ gpgol_window_proc (HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam) ctx->err = request_send_mail ((LPDISPATCH) ctx->data); break; } + case (PARSING_DONE): + { + auto mail = (Mail*) ctx->data; + if (!Mail::is_mail_valid (mail)) + { + log_debug ("%s:%s: Parsing done for mail which is gone.", + SRCNAME, __func__); + } + mail->parsing_done(); + } + break; default: log_debug ("Unknown msg"); } - return 0; + return DefWindowProc(hWnd, message, wParam, lParam); } return DefWindowProc(hWnd, message, wParam, lParam); diff --git a/src/windowmessages.h b/src/windowmessages.h index c9355d5..ec66f7b 100644 --- a/src/windowmessages.h +++ b/src/windowmessages.h @@ -38,8 +38,10 @@ typedef enum _gpgol_wmsg_type { UNKNOWN = 0, - REQUEST_SEND_MAIL = 1 /* Request to send a mail. - Data should be LPMAILITEM */ + REQUEST_SEND_MAIL = 1, /* Request to send a mail. + Data should be LPMAILITEM */ + PARSING_DONE = 2 /* A mail was parsed. Data should be a pointer + to the mail object. */ } gpgol_wmsg_type; typedef struct commit 7f9f7bf99de356d794df06852bc12faf9c6e99ba Author: Andre Heinecke Date: Mon Aug 22 15:38:58 2016 +0200 Return MOSS attachment positon from mapihelp * src/mapihelp.cpp (mapi_mark_or_create_moss_attach): Return MOSS position. * src/mapihelp.h (mapi_mark_or_create_moss_attach): Update doc. -- Returning the attachment position here makes sense as we can then store it in the mail object and won't have search it again later. diff --git a/src/mapihelp.cpp b/src/mapihelp.cpp index 76213cb..854e6f4 100644 --- a/src/mapihelp.cpp +++ b/src/mapihelp.cpp @@ -3505,30 +3505,52 @@ mapi_mark_or_create_moss_attach (LPMESSAGE message, msgtype_t msgtype) /* First check if we already have one marked. */ mapi_attach_item_t *table = mapi_create_attach_table (message, 0); + int part1 = 0, + part2 = 0; for (i = 0; table && !table[i].end_of_table; i++) { if (table[i].attach_type == ATTACHTYPE_PGPBODY || table[i].attach_type == ATTACHTYPE_MOSS || table[i].attach_type == ATTACHTYPE_MOSSTEMPL) { - /* Found existing moss attachment */ - mapi_release_attach_table (table); - return 0; + if (!part1) + { + part1 = i + 1; + } + else if (!part2) + { + /* If we have two MOSS attachments we use + the second one. */ + part2 = i + 1; + break; + } } } + if (part1 || part2) + { + /* Found existing moss attachment */ + mapi_release_attach_table (table); + return part2; + } if (msgtype == MSGTYPE_GPGOL_CLEAR_SIGNED || msgtype == MSGTYPE_GPGOL_PGP_MESSAGE) { /* Inline message we need to create body attachment so that we are able to restore the content. */ - return mapi_body_to_attachment (message); + if (mapi_body_to_attachment (message)) + { + log_error ("%s:%s: Failed to create body attachment.", + SRCNAME, __func__); + return 0; + } + return 1; } if (!table) { log_debug ("%s:%s: Neither pgp inline nor an attachment table.", SRCNAME, __func__); - return -1; + return 0; } /* MIME Mails check for S/MIME first. */ @@ -3546,7 +3568,7 @@ mapi_mark_or_create_moss_attach (LPMESSAGE message, msgtype_t msgtype) { mapi_mark_moss_attach (message, table + i); mapi_release_attach_table (table); - return 0; + return i + 1; } /* PGP/MIME or S/MIME stuff. */ @@ -3579,7 +3601,7 @@ mapi_mark_or_create_moss_attach (LPMESSAGE message, msgtype_t msgtype) mapi_mark_moss_attach (message, table+part1_idx); mapi_mark_moss_attach (message, table+part2_idx); mapi_release_attach_table (table); - return 0; + return 2; } } @@ -3593,9 +3615,9 @@ mapi_mark_or_create_moss_attach (LPMESSAGE message, msgtype_t msgtype) we have a mean to find it again (see above). */ mapi_mark_moss_attach (message, table + 0); mapi_release_attach_table (table); - return 0; + return 1; } mapi_release_attach_table (table); - return -1; /* No original attachment - this should not happen. */ + return 0; /* No original attachment - this should not happen. */ } diff --git a/src/mapihelp.h b/src/mapihelp.h index 3f22538..da60531 100644 --- a/src/mapihelp.h +++ b/src/mapihelp.h @@ -179,7 +179,8 @@ int get_gpgol_draft_info_flags (LPMESSAGE message); int set_gpgol_draft_info_flags (LPMESSAGE message, int flags); /* Mark crypto attachments as hidden. And mark the moss - attachment for later use. Returns true on error. */ + attachment for later use. Returns the attachments position + (1 is the first attachment) or 0 in case no attachment was found. */ int mapi_mark_or_create_moss_attach (LPMESSAGE message, msgtype_t msgtype); /* Copy the MAPI body to a PGPBODY type attachment. */ commit 3b27162dcb06c99aa62ab12403312854871e2214 Author: Andre Heinecke Date: Mon Aug 22 15:33:24 2016 +0200 Check for and depend on GpgMEpp * configure.ac: Check for GpgMEpp. * m4/gpgme.m4 (AM_PATH_GPGMEPP): New. * src/Makefile.am: Link GpgMEpp. (AM_CXXFLAGS): Add GpgMEpp flags. diff --git a/configure.ac b/configure.ac index d6e79d9..340df73 100644 --- a/configure.ac +++ b/configure.ac @@ -166,6 +166,7 @@ AM_CONDITIONAL(BUILD_W64, test "$host" = "x86_64-w64-mingw32") AM_PATH_GPGME("$NEED_GPGME_API:$NEED_GPGME_VERSION", have_gpgme=yes,have_gpgme=no) +AM_PATH_GPGMEPP(have_gpgmepp=yes,have_gpgmepp=no) AM_PATH_GPG_ERROR("$NEED_GPG_ERROR_VERSION", have_gpg_error=yes,have_gpg_error=no) AC_DEFINE(GPG_ERR_SOURCE_DEFAULT, GPG_ERR_SOURCE_USER_2, @@ -272,6 +273,14 @@ if test "$have_gpgme" = "no"; then *** (at least version $NEED_GPGME_VERSION is required.) ***]]) fi +if test "$have_gpgmepp" = "no"; then + die=yes + AC_MSG_NOTICE([[ +*** +*** You need the C++ language binding for gpgme to build this program. +** Ensure that GPGME was compiled with --enabled-languages=cpp +***]]) +fi if test "$have_libassuan" = "no"; then die=yes AC_MSG_NOTICE([[ diff --git a/m4/gpgme.m4 b/m4/gpgme.m4 index 44bf43c..4bea719 100644 --- a/m4/gpgme.m4 +++ b/m4/gpgme.m4 @@ -98,6 +98,31 @@ AC_DEFUN([AM_PATH_GPGME], AC_SUBST(GPGME_LIBS) ]) +dnl AM_PATH_GPGMEPP([ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) +dnl Test for libgpgme and define GPGME_CFLAGS and GPGME_LIBS. +dnl +AC_DEFUN([AM_PATH_GPGMEPP], +[ AC_REQUIRE([_AM_PATH_GPGME_CONFIG])dnl + AC_MSG_CHECKING(for GPGME C++ Bindings) + ok=no + if $GPGME_CONFIG --have-lang=cpp 2>/dev/null ; then + ok=yes + fi + if test $ok = yes; then + GPGMEPP_CXXFLAGS="-I `$GPGME_CONFIG --prefix`/include/gpgme++" + GPGMEPP_CXXFLAGS="${GPGMEPP_CXXFLAGS} -DGPGMEPP_STATIC_DEFINE" + AC_MSG_RESULT(yes) + ifelse([$1], , :, [$1]) + else + GPGMEPP_CFLAGS="" + GPGMEPP_LIBS="" + AC_MSG_RESULT(no) + ifelse([$2], , :, [$2]) + fi + AC_SUBST(GPGMEPP_CXXFLAGS) + AC_SUBST(GPGMEPP_LIBS) +]) + dnl AM_PATH_GPGME_PTH([MINIMUM-VERSION, dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) dnl Test for libgpgme and define GPGME_PTH_CFLAGS and GPGME_PTH_LIBS. diff --git a/src/Makefile.am b/src/Makefile.am index f9507f4..65e4f7b 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -34,6 +34,7 @@ EXEEXT = .dll AM_CFLAGS = $(GPGME_CFLAGS) $(LIBASSUAN_CFLAGS) -shared AM_CXXFLAGS = $(GPGME_CFLAGS) $(LIBASSUAN_CFLAGS) -shared -std=c++11 +AM_CXXFLAGS += $(GPGMEPP_CXXFLAGS) gpgol_SOURCES = \ main.c gpgol.def \ @@ -98,7 +99,7 @@ gpgol_SOURCES = \ # versions of GPGME and gpg-error, because we want to link to them # statically, and not dynamically (otherwise Outlook would not find # them). -gpgol_DEPENDENCIES = libmapi32.a libgpg-error.a libgpgme.a libassuan.a +gpgol_DEPENDENCIES = libmapi32.a libgpg-error.a libgpgme.a libassuan.a libgpgmepp.a if BUILD_W64 DLLTOOLFLAGS64=--as-flags=--64 -m i386:x86-64 @@ -116,13 +117,16 @@ libgpgme.a: libassuan.a: ln -s $$($(LIBASSUAN_CONFIG) --prefix)/lib/libassuan.a . +libgpgmepp.a: + ln -s $$($(LIBASSUAN_CONFIG) --prefix)/lib/libgpgmepp.a . + clean-local: - rm -f libmapi32.a libgpg-error.a libgpgme.a libassuan.a + rm -f libmapi32.a libgpg-error.a libgpgme.a libassuan.a libgpgmepp.a gpgol_LDFLAGS = -static-libgcc -static-libstdc++ gpgol_LDADD = $(srcdir)/gpgol.def \ - -L . -lgpgme -lassuan -lgpg-error \ + -L . -lgpgmepp -lgpgme -lassuan -lgpg-error \ -lmapi32 -lshell32 -lgdi32 -lcomdlg32 \ -lole32 -loleaut32 -lws2_32 -ladvapi32 \ -luuid -lgdiplus commit 87d57374bbe502b121d68874e9e807e89a20f358 Author: Andre Heinecke Date: Mon Aug 22 15:32:32 2016 +0200 Bump required gpgme version to 1.7.0 * configure.ac (NEED_GPGME_VERSION): 1.7.0 diff --git a/configure.ac b/configure.ac index 709e427..d6e79d9 100644 --- a/configure.ac +++ b/configure.ac @@ -40,7 +40,7 @@ GPGOL_FORMS_REVISION=335 NEED_GPG_ERROR_VERSION=1.9 NEED_GPGME_API=1 -NEED_GPGME_VERSION=1.1.0 +NEED_GPGME_VERSION=1.7.0 NEED_LIBASSUAN_API=2 NEED_LIBASSUAN_VERSION=2.0.0 ----------------------------------------------------------------------- Summary of changes: configure.ac | 11 ++- m4/gpgme.m4 | 25 ++++++ src/Makefile.am | 13 ++- src/attachment.cpp | 140 +++++++++++++++++++++++++++---- src/attachment.h | 29 +++---- src/mail.cpp | 163 +++++++++++++++++++++++------------- src/mail.h | 28 +++++++ src/mailparser.cpp | 102 ++++++++++++++++++++--- src/mailparser.h | 17 ++-- src/main.c | 7 ++ src/mapihelp.cpp | 40 +++++++-- src/mapihelp.h | 3 +- src/mimedataprovider.cpp | 213 +++++++++++++++++++++++++++++++++++++++++++++++ src/mimedataprovider.h | 83 ++++++++++++++++++ src/util.h | 2 + src/windowmessages.cpp | 34 +++++++- src/windowmessages.h | 6 +- 17 files changed, 787 insertions(+), 129 deletions(-) create mode 100644 src/mimedataprovider.cpp create mode 100644 src/mimedataprovider.h hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Mon Aug 22 17:02:53 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 22 Aug 2016 17:02:53 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-294-g24e6198 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 24e61984c9532924135c57b8ff98489a2d3bd4a3 (commit) via c9e7dcb100d807583d8e312da459561138231376 (commit) from 3e60788810f93cfcd7f08e5882aff32ed7b6f831 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 24e61984c9532924135c57b8ff98489a2d3bd4a3 Author: Werner Koch Date: Mon Aug 22 16:57:51 2016 +0200 core: Add new items for gpgme_get_dirinfo. * src/dirinfo.c (WANT_SYSCONFDIR, WANT_LIBEXECDIR, WANT_LIBDIR): New. (WANT_DATADIR, WANT_LCOALEDIR, WANT_AGENT_SSH_SOCKET): New (WANT_DIRMNGR_SOCKET): New. (dirinfo): Add fields 'sysconfdir', 'bindir', 'libexecdir', 'libdir', 'datadir', 'localedir', 'agent_ssh_socket', and 'dirmngr_socket'. (parse_output): Set these fields. (get_gpgconf_item): Return them. (gpgme_get_dirinfo): Likewise. Signed-off-by: Werner Koch diff --git a/doc/gpgme.texi b/doc/gpgme.texi index e8a735a..b28c6ca 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -946,9 +946,34 @@ supported values for @var{what} are: @item homedir Return the default home directory. + at item sysconfdir +Return the name of the system configuration directory + + at item bindir +Return the name of the directory with GnuPG program files. + + at item libdir +Return the name of the directory with GnuPG related library files. + + at item libexecdir +Return the name of the directory with GnuPG helper program files. + + at item datadir +Return the name of the directory with GnuPG shared data. + + at item localedir +Return the name of the directory with GnuPG locale data. + @item agent-socket Return the name of the socket to connect to the gpg-agent. + at item agent-ssh-socket +Return the name of the socket to connect to the ssh-agent component of +gpg-agent. + + at item dirmngr-socket +Return the name of the socket to connect to the dirmngr. + @item uiserver-socket Return the name of the socket to connect to the user interface server. diff --git a/src/dirinfo.c b/src/dirinfo.c index 226f93c..ecb1c0c 100644 --- a/src/dirinfo.c +++ b/src/dirinfo.c @@ -37,12 +37,20 @@ DEFINE_STATIC_LOCK (dirinfo_lock); enum { WANT_HOMEDIR, + WANT_SYSCONFDIR, + WANT_BINDIR, + WANT_LIBEXECDIR, + WANT_LIBDIR, + WANT_DATADIR, + WANT_LOCALEDIR, WANT_AGENT_SOCKET, + WANT_AGENT_SSH_SOCKET, + WANT_DIRMNGR_SOCKET, + WANT_UISRV_SOCKET, WANT_GPGCONF_NAME, WANT_GPG_NAME, WANT_GPGSM_NAME, WANT_G13_NAME, - WANT_UISRV_SOCKET, WANT_GPG_ONE_MODE }; @@ -51,12 +59,20 @@ static struct { int valid; /* Cached information is valid. */ int disable_gpgconf; char *homedir; + char *sysconfdir; + char *bindir; + char *libexecdir; + char *libdir; + char *datadir; + char *localedir; char *agent_socket; + char *agent_ssh_socket; + char *dirmngr_socket; + char *uisrv_socket; char *gpgconf_name; char *gpg_name; char *gpgsm_name; char *g13_name; - char *uisrv_socket; int gpg_one_mode; /* System is in gpg1 mode. */ } dirinfo; @@ -121,6 +137,18 @@ parse_output (char *line, int components) { if (!strcmp (line, "homedir") && !dirinfo.homedir) dirinfo.homedir = strdup (value); + else if (!strcmp (line, "sysconfdir") && !dirinfo.sysconfdir) + dirinfo.sysconfdir = strdup (value); + else if (!strcmp (line, "bindir") && !dirinfo.bindir) + dirinfo.bindir = strdup (value); + else if (!strcmp (line, "libexecdir") && !dirinfo.libexecdir) + dirinfo.libexecdir = strdup (value); + else if (!strcmp (line, "libdir") && !dirinfo.libdir) + dirinfo.libdir = strdup (value); + else if (!strcmp (line, "datadir") && !dirinfo.datadir) + dirinfo.datadir = strdup (value); + else if (!strcmp (line, "localedir") && !dirinfo.localedir) + dirinfo.localedir = strdup (value); else if (!strcmp (line, "agent-socket") && !dirinfo.agent_socket) { const char name[] = "S.uiserver"; @@ -139,6 +167,10 @@ parse_output (char *line, int components) } } } + else if (!strcmp (line, "dirmngr-socket") && !dirinfo.dirmngr_socket) + dirinfo.dirmngr_socket = strdup (value); + else if (!strcmp (line, "agent-ssh-socket") && !dirinfo.agent_ssh_socket) + dirinfo.agent_ssh_socket = strdup (value); } } @@ -273,14 +305,28 @@ get_gpgconf_item (int what) if (dirinfo.agent_socket) _gpgme_debug (DEBUG_INIT, "gpgme-dinfo: agent='%s'\n", dirinfo.agent_socket); + if (dirinfo.agent_ssh_socket) + _gpgme_debug (DEBUG_INIT, "gpgme-dinfo: ssh='%s'\n", + dirinfo.agent_ssh_socket); + if (dirinfo.dirmngr_socket) + _gpgme_debug (DEBUG_INIT, "gpgme-dinfo: dirmngr='%s'\n", + dirinfo.dirmngr_socket); if (dirinfo.uisrv_socket) _gpgme_debug (DEBUG_INIT, "gpgme-dinfo: uisrv='%s'\n", dirinfo.uisrv_socket); } switch (what) { - case WANT_HOMEDIR: result = dirinfo.homedir; break; + case WANT_HOMEDIR: result = dirinfo.homedir; break; + case WANT_SYSCONFDIR: result = dirinfo.sysconfdir; break; + case WANT_BINDIR: result = dirinfo.bindir; break; + case WANT_LIBEXECDIR: result = dirinfo.libexecdir; break; + case WANT_LIBDIR: result = dirinfo.libdir; break; + case WANT_DATADIR: result = dirinfo.datadir; break; + case WANT_LOCALEDIR: result = dirinfo.localedir; break; case WANT_AGENT_SOCKET: result = dirinfo.agent_socket; break; + case WANT_AGENT_SSH_SOCKET: result = dirinfo.agent_ssh_socket; break; + case WANT_DIRMNGR_SOCKET: result = dirinfo.dirmngr_socket; break; case WANT_GPGCONF_NAME: result = dirinfo.gpgconf_name; break; case WANT_GPG_NAME: result = dirinfo.gpg_name; break; case WANT_GPGSM_NAME: result = dirinfo.gpgsm_name; break; @@ -392,6 +438,22 @@ gpgme_get_dirinfo (const char *what) return get_gpgconf_item (WANT_GPGSM_NAME); else if (!strcmp (what, "g13-name")) return get_gpgconf_item (WANT_G13_NAME); + else if (!strcmp (what, "agent-ssh-socket")) + return get_gpgconf_item (WANT_AGENT_SSH_SOCKET); + else if (!strcmp (what, "dirmngr-socket")) + return get_gpgconf_item (WANT_DIRMNGR_SOCKET); + else if (!strcmp (what, "sysconfdir")) + return get_gpgconf_item (WANT_SYSCONFDIR); + else if (!strcmp (what, "bindir")) + return get_gpgconf_item (WANT_BINDIR); + else if (!strcmp (what, "libexecdir")) + return get_gpgconf_item (WANT_LIBEXECDIR); + else if (!strcmp (what, "libdir")) + return get_gpgconf_item (WANT_LIBDIR); + else if (!strcmp (what, "datadir")) + return get_gpgconf_item (WANT_DATADIR); + else if (!strcmp (what, "localedir")) + return get_gpgconf_item (WANT_LOCALEDIR); else return NULL; } diff --git a/tests/t-engine-info.c b/tests/t-engine-info.c index 53f5b2f..8f617f9 100644 --- a/tests/t-engine-info.c +++ b/tests/t-engine-info.c @@ -111,8 +111,20 @@ main (int argc, char **argv ) gpgme_check_version (NULL); { - const char *keys[] = {"homedir", "agent-socket", "uiserver-socket", - "gpgconf-name", "gpg-name", "gpgsm-name", + const char *keys[] = {"homedir", + "sysconfdir", + "bindir", + "libexecdir", + "libdir", + "datadir", + "localedir", + "agent-socket", + "agent-ssh-socket", + "dirmngr-socket", + "uiserver-socket", + "gpgconf-name", + "gpg-name", + "gpgsm-name", "g13-name", NULL }; const char *s; int i; commit c9e7dcb100d807583d8e312da459561138231376 Author: Werner Koch Date: Mon Aug 22 16:32:14 2016 +0200 core: Base gpgme_get_dirinfo(uiserver-socket) on the socket dir. * src/dirinfo.c (dirname_len): New. (parse_output): Change computation of UISRV_SOCKET. Signed-off-by: Werner Koch diff --git a/src/dirinfo.c b/src/dirinfo.c index 8824c9a..226f93c 100644 --- a/src/dirinfo.c +++ b/src/dirinfo.c @@ -70,6 +70,15 @@ _gpgme_dirinfo_disable_gpgconf (void) } +/* Return the length of the directory part including the trailing + * slash of NAME. */ +static size_t +dirname_len (const char *name) +{ + return _gpgme_get_basename (name) - name; +} + + /* Parse the output of "gpgconf --list-dirs". This function expects that DIRINFO_LOCK is held by the caller. If COMPONENTS is set, the output of --list-components is expected. */ @@ -77,6 +86,7 @@ static void parse_output (char *line, int components) { char *value, *p; + size_t n; value = strchr (line, ':'); if (!value) @@ -110,22 +120,25 @@ parse_output (char *line, int components) else { if (!strcmp (line, "homedir") && !dirinfo.homedir) + dirinfo.homedir = strdup (value); + else if (!strcmp (line, "agent-socket") && !dirinfo.agent_socket) { const char name[] = "S.uiserver"; + char *buffer; - dirinfo.homedir = strdup (value); - if (dirinfo.homedir) + dirinfo.agent_socket = strdup (value); + if (dirinfo.agent_socket) { - dirinfo.uisrv_socket = malloc (strlen (dirinfo - .homedir) - + 1 + strlen (name) + 1); - if (dirinfo.uisrv_socket) - strcpy (stpcpy (stpcpy (dirinfo.uisrv_socket, dirinfo.homedir), - DIRSEP_S), name); + n = dirname_len (dirinfo.agent_socket); + buffer = malloc (n + strlen (name) + 1); + if (buffer) + { + strncpy (buffer, dirinfo.agent_socket, n); + strcpy (buffer + n, name); + dirinfo.uisrv_socket = buffer; + } } } - else if (!strcmp (line, "agent-socket") && !dirinfo.agent_socket) - dirinfo.agent_socket = strdup (value); } } ----------------------------------------------------------------------- Summary of changes: doc/gpgme.texi | 25 +++++++++++++ src/dirinfo.c | 101 +++++++++++++++++++++++++++++++++++++++++++------- tests/t-engine-info.c | 16 +++++++- 3 files changed, 127 insertions(+), 15 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Aug 22 17:07:42 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 22 Aug 2016 17:07:42 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-3-gc47386a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via c47386a11a32c5ed3b5a31fad5c3e9a9a020ca7b (commit) from 62f3e0027724b23c0de5be6d1e66cfdeef7e7bc9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c47386a11a32c5ed3b5a31fad5c3e9a9a020ca7b Author: Werner Koch Date: Mon Aug 22 17:05:00 2016 +0200 wks: Install gpg-wks-client under libexec * tools/Makefile.am (bin_PROGRAMS): Move gpg-wks-client to ... (libexec_PROGRAMS): ...here. -- Signed-off-by: Werner Koch diff --git a/tools/Makefile.am b/tools/Makefile.am index 12e5815..6df49f6 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -53,13 +53,16 @@ else gpg_wks_client = endif +libexec_PROGRAMS = + bin_PROGRAMS = gpgconf gpg-connect-agent ${symcryptrun} if !HAVE_W32_SYSTEM -bin_PROGRAMS += watchgnupg gpgparsemail ${gpg_wks_server} ${gpg_wks_client} +bin_PROGRAMS += watchgnupg gpgparsemail ${gpg_wks_server} +libexec_PROGRAMS += ${gpg_wks_client} endif if !DISABLE_REGEX -libexec_PROGRAMS = gpg-check-pattern +libexec_PROGRAMS += gpg-check-pattern endif if !HAVE_W32CE_SYSTEM ----------------------------------------------------------------------- Summary of changes: tools/Makefile.am | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Aug 22 20:47:55 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 22 Aug 2016 20:47:55 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-4-g5424597 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 54245979e691129ed9d3a6c642087fb8d3227449 (commit) from c47386a11a32c5ed3b5a31fad5c3e9a9a020ca7b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 54245979e691129ed9d3a6c642087fb8d3227449 Author: Werner Koch Date: Mon Aug 22 20:44:23 2016 +0200 common: Change license of mbox-util to LGPLv2.1+. -- Noet that the code has entirely been written by me. Signed-off-by: Werner Koch diff --git a/common/mbox-util.c b/common/mbox-util.c index 2029324..c451198 100644 --- a/common/mbox-util.c +++ b/common/mbox-util.c @@ -5,26 +5,16 @@ * This file is part of GnuPG. * * This file is free software; you can redistribute it and/or modify - * it under the terms of either - * - * - the GNU Lesser General Public License as published by the Free - * Software Foundation; either version 3 of the License, or (at - * your option) any later version. - * - * or - * - * - the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * or both in parallel, as here. + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. * * This file is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * - * You should have received a copy of the GNU General Public License + * You should have received a copy of the GNU Lesser General Public License * along with this program; if not, see . */ diff --git a/common/mbox-util.h b/common/mbox-util.h index 4dd48ec..9c7271f 100644 --- a/common/mbox-util.h +++ b/common/mbox-util.h @@ -4,26 +4,16 @@ * This file is part of GnuPG. * * This file is free software; you can redistribute it and/or modify - * it under the terms of either - * - * - the GNU Lesser General Public License as published by the Free - * Software Foundation; either version 3 of the License, or (at - * your option) any later version. - * - * or - * - * - the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * or both in parallel, as here. + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. * * This file is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * - * You should have received a copy of the GNU General Public License + * You should have received a copy of the GNU Lesser General Public License * along with this program; if not, see . */ #ifndef GNUPG_COMMON_MBOX_UTIL_H ----------------------------------------------------------------------- Summary of changes: common/mbox-util.c | 18 ++++-------------- common/mbox-util.h | 18 ++++-------------- 2 files changed, 8 insertions(+), 28 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Aug 23 15:26:49 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 23 Aug 2016 15:26:49 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-297-gbe4ff75 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via be4ff75d7d5ac6ed15feb245ef3cec59b4bad561 (commit) via 3955dce06e9d056599e5ec7d40301e66b9305195 (commit) via 26c5ba528ce1411d96655952ec48359105695c0f (commit) from 24e61984c9532924135c57b8ff98489a2d3bd4a3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit be4ff75d7d5ac6ed15feb245ef3cec59b4bad561 Author: Werner Koch Date: Tue Aug 23 15:22:28 2016 +0200 core: Change the way TOFU information are represented. * src/gpgme.h.in (struct _gpgme_signature): Remove field 'tofu'. Add field 'key'. (struct _gpgme_key): Add field 'fpr'. (struct _gpgme_user_id): Add field 'tofu'. (struct _gpgme_tofu_info): Remove fields 'address' and 'fpr'. * src/key.c (gpgme_key_unref): Release TOFU and FPR. * src/keylist.c (keylist_colon_handler): Store the fingerprint of the first subkey also in KEY. * src/verify.c (release_tofu_info): Remove. (release_op_data): Release KEY. (parse_tofu_user): Rewrite for new data structure. (parse_tofu_stats): Ditto. (parse_tofu_stats_long): Ditto. * tests/run-verify.c (print_result): Ditto. * tests/run-keylist.c (main): Print more fields. -- TOFU information are now associated with the user ID and not with a separate object. Note that this breaks code relying on the former non-released TOFU feature. The C++ bindings won't work right now. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index ce16687..1294e0b 100644 --- a/NEWS +++ b/NEWS @@ -15,8 +15,10 @@ Noteworthy changes in version 1.7.0 (unreleased) [C25/A14/R_] GPGME_PK_EDDSA NEW. gpgme_set_ctx_flag NEW. gpgme_data_set_flag NEW. - gpgme_signature_t EXTENDED: New field tofu. + gpgme_signature_t EXTENDED: New field key. + gpgme_key_t EXTENDED: New field fpr. gpgme_subkey_t EXTENDED: New field keygrip. + gpgme_user_id_t EXTENDED: New field tofu. gpgme_tofu_policy_t NEW. gpgme_tofu_info_t NEW. GPGME_STATUS_KEY_CONSIDERED NEW. diff --git a/doc/gpgme.texi b/doc/gpgme.texi index b28c6ca..02551d9 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -3017,6 +3017,10 @@ This is the key ID of the subkey in hexadecimal digits. This is the fingerprint of the subkey in hexadecimal digits, if available. + at item char *keygrip +The keygrip of the subkey in hex digit form or @code{NULL} if not +availabale. + @item long int timestamp This is the creation timestamp of the subkey. This is -1 if the timestamp is invalid, and 0 if it is not available. @@ -3144,6 +3148,16 @@ This is the comment component of @code{uid}, if available. @item char *email This is the email component of @code{uid}, if available. + at item char *address; +The mail address (addr-spec from RFC-5322) of the user ID string. +This is general the same as the @code{email} part of this structure +but might be slightly different. If no mail address is available + at code{NULL} is stored. + + at item gpgme_tofu_info_t tofu +If not @code{NULL} information from the TOFU database pertaining to +this user id. + @item gpgme_key_sig_t signatures This is a linked list with the signatures on this user ID. @end table @@ -3168,8 +3182,8 @@ This is true if the key is disabled. @item unsigned int invalid : 1 This is true if the key is invalid. This might have several reasons, -for a example for the S/MIME backend, it will be set in during key -listsing if the key could not be validated due to a missing +for a example for the S/MIME backend, it will be set during key +listings if the key could not be validated due to missing certificates or unmatched policies. @item unsigned int can_encrypt : 1 @@ -3224,6 +3238,13 @@ in the list is the primary key and usually available. @item gpgme_user_id_t uids This is a linked list with the user IDs of the key. The first user ID in the list is the main (or primary) user ID. + + at item char *fpr +This field gives the fingerprint of the primary key. Note that +this is a copy of the fingerprint of the first subkey. For an +incomplete key (for example from a verification result) a subkey may +be missing but this field may be set nevertheless. + @end table @end deftp @@ -4870,6 +4891,13 @@ The hash algorithm used to create this signature. @item char *pka_address The mailbox from the PKA information or @code{NULL}. + + at item gpgme_key_t key +An object describing the key used to create the signature. This key +object may be incomplete in that it only conveys information +availabale directly with a signature. It may also be @code{NULL} if +such information is not readily available. + @end table @end deftp diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 49cea77..c07cac8 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -624,6 +624,41 @@ struct _gpgme_engine_info typedef struct _gpgme_engine_info *gpgme_engine_info_t; +/* An object with TOFU information. */ +struct _gpgme_tofu_info +{ + struct _gpgme_tofu_info *next; + + /* The TOFU validity: + * 0 := conflict + * 1 := key without history + * 2 := key with too little history + * 3 := key with enough history for basic trust + * 4 := key with a lot of history + */ + unsigned int validity : 3; + + /* The TOFU policy (gpgme_tofu_policy_t). */ + unsigned int policy : 4; + + unsigned int _rfu : 25; + + /* Number of signatures seen for this binding. Capped at USHRT_MAX. */ + unsigned short signcount; + /* Number of encryptions done with this binding. Capped at USHRT_MAX. */ + unsigned short encrcount; + + /* Number of seconds since the first and the most recently seen + * message was verified. */ + unsigned int firstseen; + unsigned int lastseen; + + /* If non-NULL a human readable string summarizing the TOFU data. */ + char *description; +}; +typedef struct _gpgme_tofu_info *gpgme_tofu_info_t; + + /* A subkey from a key. */ struct _gpgme_subkey { @@ -807,6 +842,9 @@ struct _gpgme_user_id * might be slightly different. IF no mail address is available * NULL is stored. */ char *address; + + /* The malloced tofo information or NULL. */ + gpgme_tofu_info_t tofu; }; typedef struct _gpgme_user_id *gpgme_user_id_t; @@ -883,6 +921,11 @@ struct _gpgme_key /* The keylist mode that was active when listing the key. */ gpgme_keylist_mode_t keylist_mode; + + /* This field gives the fingerprint of the primary key. Note that + * this is a copy of the FPR of the first subkey. We need it here + * to allow for an incomplete key object. */ + char *fpr; }; typedef struct _gpgme_key *gpgme_key_t; @@ -1570,50 +1613,6 @@ typedef enum gpgme_sigsum_t; -struct _gpgme_tofu_info -{ - struct _gpgme_tofu_info *next; - - /* The mail address (addr-spec from RFC5322) of the tofu binding. - * - * If no mail address is set for a User ID this is the name used - * for the user ID. Can be ambiguous when the same mail address or - * name is used in multiple user ids. - */ - char *address; - - /* The fingerprint of the primary key. */ - char *fpr; - - /* The TOFU validity: - * 0 := conflict - * 1 := key without history - * 2 := key with too little history - * 3 := key with enough history for basic trust - * 4 := key with a lot of history - */ - unsigned int validity : 3; - - /* The TOFU policy (gpgme_tofu_policy_t). */ - unsigned int policy : 4; - - unsigned int _rfu : 25; - - /* Number of signatures seen for this binding. Capped at USHRT_MAX. */ - unsigned short signcount; - unsigned short reserved; - - /* Number of seconds since the first and the most recently seen - * message was verified. */ - unsigned int firstseen; - unsigned int lastseen; - - /* If non-NULL a human readable string summarizing the TOFU data. */ - char *description; -}; -typedef struct _gpgme_tofu_info *gpgme_tofu_info_t; - - struct _gpgme_signature { struct _gpgme_signature *next; @@ -1621,7 +1620,7 @@ struct _gpgme_signature /* A summary of the signature status. */ gpgme_sigsum_t summary; - /* The fingerprint or key ID of the signature. */ + /* The fingerprint of the signature. This can be a subkey. */ char *fpr; /* The status of the signature. */ @@ -1660,8 +1659,9 @@ struct _gpgme_signature /* The mailbox from the PKA information or NULL. */ char *pka_address; - /* If non-NULL, TOFU info for this signature are available. */ - gpgme_tofu_info_t tofu; + /* If non-NULL, a possible incomplete key object with the data + * available for the signature. */ + gpgme_key_t key; }; typedef struct _gpgme_signature *gpgme_signature_t; diff --git a/src/key.c b/src/key.c index f642501..38acc71 100644 --- a/src/key.c +++ b/src/key.c @@ -356,6 +356,7 @@ gpgme_key_unref (gpgme_key_t key) { gpgme_user_id_t next_uid = uid->next; gpgme_key_sig_t keysig = uid->signatures; + gpgme_tofu_info_t tofu = uid->tofu; while (keysig) { @@ -373,8 +374,21 @@ gpgme_key_unref (gpgme_key_t key) free (keysig); keysig = next_keysig; } + + while (tofu) + { + /* NB: The ->next is currently not used but we are prepared + * for it. */ + gpgme_tofu_info_t tofu_next = tofu->next; + + free (tofu->description); + free (tofu); + tofu = tofu_next; + } + if (uid->address && uid->address != uid->email) free (uid->address); + free (uid); uid = next_uid; } @@ -386,10 +400,13 @@ gpgme_key_unref (gpgme_key_t key) if (key->chain_id) free (key->chain_id); + if (key->fpr) + free (key->fpr); free (key); } + /* Support functions. */ diff --git a/src/keylist.c b/src/keylist.c index 5a346ea..38ddd0c 100644 --- a/src/keylist.c +++ b/src/keylist.c @@ -708,6 +708,22 @@ keylist_colon_handler (void *priv, char *line) if (!subkey->fpr) return gpg_error_from_syserror (); } + /* If this is the first subkey, store the fingerprint also + in the KEY object. */ + if (subkey == key->subkeys) + { + if (key->fpr && strcmp (key->fpr, subkey->fpr)) + { + /* FPR already set but mismatch: Should never happen. */ + return trace_gpg_error (GPG_ERR_INTERNAL); + } + if (!key->fpr) + { + key->fpr = strdup (subkey->fpr); + if (!key->fpr) + return gpg_error_from_syserror (); + } + } } /* Field 13 has the gpgsm chain ID (take only the first one). */ diff --git a/src/ops.h b/src/ops.h index 9c27529..97b1019 100644 --- a/src/ops.h +++ b/src/ops.h @@ -138,9 +138,11 @@ gpgme_error_t _gpgme_progress_status_handler (void *priv, gpgme_error_t _gpgme_key_new (gpgme_key_t *r_key); gpgme_error_t _gpgme_key_add_subkey (gpgme_key_t key, gpgme_subkey_t *r_subkey); -gpgme_error_t _gpgme_key_append_name (gpgme_key_t key, const char *src, int convert); +gpgme_error_t _gpgme_key_append_name (gpgme_key_t key, + const char *src, int convert); gpgme_key_sig_t _gpgme_key_add_sig (gpgme_key_t key, char *src); + /* From keylist.c. */ void _gpgme_op_keylist_event_cb (void *data, gpgme_event_io_t type, diff --git a/src/verify.c b/src/verify.c index 1ec09fe..173d1cb 100644 --- a/src/verify.c +++ b/src/verify.c @@ -50,22 +50,6 @@ typedef struct static void -release_tofu_info (gpgme_tofu_info_t t) -{ - while (t) - { - gpgme_tofu_info_t t2 = t->next; - - free (t->address); - free (t->fpr); - free (t->description); - free (t); - t = t2; - } -} - - -static void release_op_data (void *hook) { op_data_t opd = (op_data_t) hook; @@ -88,7 +72,8 @@ release_op_data (void *hook) free (sig->fpr); if (sig->pka_address) free (sig->pka_address); - release_tofu_info (sig->tofu); + if (sig->key) + gpgme_key_unref (sig->key); free (sig); sig = next; } @@ -690,49 +675,80 @@ parse_tofu_user (gpgme_signature_t sig, char *args) { gpg_error_t err; char *tail; - gpgme_tofu_info_t ti, ti2; + gpgme_user_id_t uid; + gpgme_tofu_info_t ti; + char *fpr = NULL; + char *address = NULL; tail = strchr (args, ' '); if (!tail || tail == args) - return trace_gpg_error (GPG_ERR_INV_ENGINE); /* No fingerprint. */ + { + err = trace_gpg_error (GPG_ERR_INV_ENGINE); /* No fingerprint. */ + goto leave; + } *tail++ = 0; - ti = calloc (1, sizeof *ti); - if (!ti) - return gpg_error_from_syserror (); - - ti->fpr = strdup (args); - if (!ti->fpr) + fpr = strdup (args); + if (!fpr) { - free (ti); - return gpg_error_from_syserror (); + err = gpg_error_from_syserror (); + goto leave; } args = tail; tail = strchr (args, ' '); if (tail == args) - return trace_gpg_error (GPG_ERR_INV_ENGINE); /* No addr-spec. */ + { + err = trace_gpg_error (GPG_ERR_INV_ENGINE); /* No addr-spec. */ + goto leave; + } if (tail) *tail = 0; - err = _gpgme_decode_percent_string (args, &ti->address, 0, 0); + err = _gpgme_decode_percent_string (args, &address, 0, 0); if (err) + goto leave; + + if (!sig->key) { - free (ti); - return err; + err = _gpgme_key_new (&sig->key); + if (err) + goto leave; + sig->key->fpr = fpr; + fpr = NULL; + } + else if (!sig->key->fpr) + { + err = trace_gpg_error (GPG_ERR_INTERNAL); + goto leave; + } + else if (strcmp (sig->key->fpr, fpr)) + { + /* The engine did not emit NEWSIG before a new key. */ + err = trace_gpg_error (GPG_ERR_INV_ENGINE); + goto leave; } - /* Append to the tofu info list. */ - if (!sig->tofu) - sig->tofu = ti; - else + err = _gpgme_key_append_name (sig->key, address, 0); + if (err) + goto leave; + + uid = sig->key->_last_uid; + assert (uid); + + ti = calloc (1, sizeof *ti); + if (!ti) { - for (ti2 = sig->tofu; ti2->next; ti2 = ti2->next) - ; - ti2->next = ti; + err = gpg_error_from_syserror (); + goto leave; } + uid->tofu = ti; - return 0; + + leave: + free (fpr); + free (address); + return err; } @@ -749,12 +765,10 @@ parse_tofu_stats (gpgme_signature_t sig, char *args) int nfields; unsigned long uval; - if (!sig->tofu) + if (!sig->key || !sig->key->_last_uid || !(ti = sig->key->_last_uid->tofu)) return trace_gpg_error (GPG_ERR_INV_ENGINE); /* No TOFU_USER seen. */ - for (ti = sig->tofu; ti->next; ti = ti->next) - ; if (ti->firstseen || ti->signcount || ti->validity || ti->policy) - return trace_gpg_error (GPG_ERR_INV_ENGINE); /* Already seen. */ + return trace_gpg_error (GPG_ERR_INV_ENGINE); /* Already set. */ nfields = _gpgme_split_fields (args, field, DIM (field)); if (nfields < 3) @@ -825,12 +839,10 @@ parse_tofu_stats_long (gpgme_signature_t sig, char *args, int raw) gpgme_tofu_info_t ti; char *p; - if (!sig->tofu) + if (!sig->key || !sig->key->_last_uid || !(ti = sig->key->_last_uid->tofu)) return trace_gpg_error (GPG_ERR_INV_ENGINE); /* No TOFU_USER seen. */ - for (ti = sig->tofu; ti->next; ti = ti->next) - ; if (ti->description) - return trace_gpg_error (GPG_ERR_INV_ENGINE); /* Already seen. */ + return trace_gpg_error (GPG_ERR_INV_ENGINE); /* Already set. */ err = _gpgme_decode_percent_string (args, &ti->description, 0, 0); if (err) diff --git a/tests/run-keylist.c b/tests/run-keylist.c index cc4c354..bae2dbb 100644 --- a/tests/run-keylist.c +++ b/tests/run-keylist.c @@ -233,7 +233,14 @@ main (int argc, char **argv) for (nuids=0, uid=key->uids; uid; uid = uid->next, nuids++) { printf ("userid %d: %s\n", nuids, nonnull(uid->uid)); - printf ("valid %d: %s\n", nuids, + printf (" mbox %d: %s\n", nuids, nonnull(uid->address)); + if (uid->email && uid->email != uid->address) + printf (" email %d: %s\n", nuids, uid->email); + if (uid->name) + printf (" name %d: %s\n", nuids, uid->name); + if (uid->comment) + printf (" cmmnt %d: %s\n", nuids, uid->comment); + printf (" valid %d: %s\n", nuids, uid->validity == GPGME_VALIDITY_UNKNOWN? "unknown": uid->validity == GPGME_VALIDITY_UNDEFINED? "undefined": uid->validity == GPGME_VALIDITY_NEVER? "never": diff --git a/tests/run-verify.c b/tests/run-verify.c index b174516..ef4dd32 100644 --- a/tests/run-verify.c +++ b/tests/run-verify.c @@ -111,6 +111,7 @@ print_result (gpgme_verify_result_t result) { gpgme_signature_t sig; gpgme_sig_notation_t nt; + gpgme_user_id_t uid; gpgme_tofu_info_t ti; int count = 0; @@ -153,29 +154,34 @@ print_result (gpgme_verify_result_t result) if ((nt->value?strlen (nt->value):0) != nt->value_len) printf (" warning : value larger (%d)\n", nt->value_len); } - for (ti = sig->tofu; ti; ti = ti->next) + if (sig->key) { - printf (" tofu addr .: %s\n", ti->address); - if (!sig->fpr || strcmp (sig->fpr, ti->fpr)) - printf (" WARNING .: fpr mismatch (%s)\n", ti->fpr); - printf (" validity : %u (%s)\n", ti->validity, - ti->validity == 0? "conflict" : - ti->validity == 1? "no history" : - ti->validity == 2? "little history" : - ti->validity == 3? "enough history" : - ti->validity == 4? "lot of history" : "?"); - printf (" policy ..: %u (%s)\n", ti->policy, - ti->policy == GPGME_TOFU_POLICY_NONE? "none" : - ti->policy == GPGME_TOFU_POLICY_AUTO? "auto" : - ti->policy == GPGME_TOFU_POLICY_GOOD? "good" : - ti->policy == GPGME_TOFU_POLICY_UNKNOWN? "unknown" : - ti->policy == GPGME_TOFU_POLICY_BAD? "bad" : - ti->policy == GPGME_TOFU_POLICY_ASK? "ask" : "?"); - printf (" sigcount : %hu\n", ti->signcount); - printf (" firstseen: %u\n", ti->firstseen); - printf (" lastseen : %u\n", ti->lastseen); - printf (" desc ....: "); - print_description (nonnull (ti->description), 15); + printf (" primary fpr: %s\n", nonnull (sig->key->fpr)); + for (uid = sig->key->uids; uid; uid = uid->next) + { + printf (" tofu addr .: %s\n", nonnull (uid->address)); + ti = uid->tofu; + if (!ti) + continue; + printf (" validity : %u (%s)\n", ti->validity, + ti->validity == 0? "conflict" : + ti->validity == 1? "no history" : + ti->validity == 2? "little history" : + ti->validity == 3? "enough history" : + ti->validity == 4? "lot of history" : "?"); + printf (" policy ..: %u (%s)\n", ti->policy, + ti->policy == GPGME_TOFU_POLICY_NONE? "none" : + ti->policy == GPGME_TOFU_POLICY_AUTO? "auto" : + ti->policy == GPGME_TOFU_POLICY_GOOD? "good" : + ti->policy == GPGME_TOFU_POLICY_UNKNOWN? "unknown" : + ti->policy == GPGME_TOFU_POLICY_BAD? "bad" : + ti->policy == GPGME_TOFU_POLICY_ASK? "ask" : "?"); + printf (" sigcount : %hu\n", ti->signcount); + printf (" firstseen: %u\n", ti->firstseen); + printf (" lastseen : %u\n", ti->lastseen); + printf (" desc ....: "); + print_description (nonnull (ti->description), 15); + } } } } commit 3955dce06e9d056599e5ec7d40301e66b9305195 Author: Werner Koch Date: Tue Aug 23 06:48:50 2016 +0200 core: Extend gpgme_user_id_t with 'address'. * src/mbox-util.c, src/mbox-util.h: Adjust for use in gpgme. * src/Makefile.am (main_sources): Add mbox-util. * src/key.c (_gpgme_key_append_name): Set 'address' field of uid. (gpgme_key_unref): Free it. Signed-off-by: Werner Koch diff --git a/src/Makefile.am b/src/Makefile.am index 6691540..d541f87 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -76,6 +76,7 @@ endif main_sources = \ util.h conversion.c b64dec.c get-env.c context.h ops.h \ parsetlv.c parsetlv.h \ + mbox-util.c mbox-util.h \ data.h data.c data-fd.c data-stream.c data-mem.c data-user.c \ data-compat.c data-identify.c \ signers.c sig-notation.c \ diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 40f5442..49cea77 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -801,6 +801,12 @@ struct _gpgme_user_id /* Internal to GPGME, do not use. */ gpgme_key_sig_t _last_keysig; + + /* The mail address (addr-spec from RFC5322) of the UID string. + * This is general the same as the EMAIL part of this struct but + * might be slightly different. IF no mail address is available + * NULL is stored. */ + char *address; }; typedef struct _gpgme_user_id *gpgme_user_id_t; diff --git a/src/key.c b/src/key.c index de97102..f642501 100644 --- a/src/key.c +++ b/src/key.c @@ -31,6 +31,8 @@ #include "ops.h" #include "sema.h" #include "debug.h" +#include "mbox-util.h" + /* Protects all reference counters in keys. All other accesses to a @@ -233,6 +235,14 @@ _gpgme_key_append_name (gpgme_key_t key, const char *src, int convert) parse_user_id (uid->uid, &uid->name, &uid->email, &uid->comment, dst); + uid->address = _gpgme_mailbox_from_userid (uid->uid); + if (uid->address && uid->email && !strcmp (uid->address, uid->email)) + { + /* The ADDRESS is the same as EMAIL: Save some space. */ + free (uid->address); + uid->address = uid->email; + } + if (!key->uids) key->uids = uid; if (key->_last_uid) @@ -363,6 +373,8 @@ gpgme_key_unref (gpgme_key_t key) free (keysig); keysig = next_keysig; } + if (uid->address && uid->address != uid->email) + free (uid->address); free (uid); uid = next_uid; } diff --git a/src/mbox-util.c b/src/mbox-util.c index c451198..83c8b5e 100644 --- a/src/mbox-util.c +++ b/src/mbox-util.c @@ -18,16 +18,34 @@ * along with this program; if not, see . */ -#include +/* NB: This code has been taken from GnuPG. Please keep it in sync + * with GnuPG. */ + +#if HAVE_CONFIG_H +# include +#endif + #include #include #include #include #include -#include "util.h" #include "mbox-util.h" +/* Lowercase all ASCII characters in STRING. */ +static char * +ascii_strlwr (char *string) +{ + char *p; + + for (p = string; *p; p++ ) + if (!(*p & ~0x7f) && *p >= 'A' && *p <= 'Z') + *p |= 0x20; + + return string; +} + static int string_count_chr (const char *string, int c) @@ -117,7 +135,7 @@ has_dotdot_after_at (const char *string) Note that we can't do an utf-8 encoding checking here because in keygen.c this function is called with the native encoding and native to utf-8 encoding is only done later. */ -int +static int has_invalid_email_chars (const void *buffer, size_t length) { const unsigned char *s = buffer; @@ -143,7 +161,7 @@ has_invalid_email_chars (const void *buffer, size_t length) /* Same as is_valid_mailbox (see below) but operates on non-nul terminated buffer. */ -int +static int is_valid_mailbox_mem (const void *name_arg, size_t namelen) { const char *name = name_arg; @@ -162,7 +180,7 @@ is_valid_mailbox_mem (const void *name_arg, size_t namelen) /* Check whether NAME represents a valid mailbox according to RFC822. Returns true if so. */ int -is_valid_mailbox (const char *name) +_gpgme_is_valid_mailbox (const char *name) { return name? is_valid_mailbox_mem (name, strlen (name)) : 0; } @@ -173,7 +191,7 @@ is_valid_mailbox (const char *name) lowercase. Caller must free the result. Returns NULL if no valid mailbox was found (or we are out of memory). */ char * -mailbox_from_userid (const char *userid) +_gpgme_mailbox_from_userid (const char *userid) { const char *s, *s_end; size_t len; @@ -188,7 +206,7 @@ mailbox_from_userid (const char *userid) if (s_end && s_end > s) { len = s_end - s; - result = xtrymalloc (len + 1); + result = malloc (len + 1); if (!result) return NULL; /* Ooops - out of core. */ strncpy (result, s, len); @@ -202,7 +220,7 @@ mailbox_from_userid (const char *userid) || string_has_ctrl_or_space (result) || has_dotdot_after_at (result)) { - xfree (result); + free (result); result = NULL; errno = EINVAL; } @@ -210,14 +228,14 @@ mailbox_from_userid (const char *userid) else errno = EINVAL; } - else if (is_valid_mailbox (userid)) + else if (_gpgme_is_valid_mailbox (userid)) { /* The entire user id is a mailbox. Return that one. Note that this fallback method has some restrictions on the valid syntax of the mailbox. However, those who want weird addresses should know about it and use the regular <...> syntax. */ - result = xtrystrdup (userid); + result = strdup (userid); } else errno = EINVAL; @@ -226,14 +244,14 @@ mailbox_from_userid (const char *userid) } -/* Check whether UID is a valid standard user id of the form - "Heinrich Heine " - and return true if this is the case. */ -int -is_valid_user_id (const char *uid) -{ - if (!uid || !*uid) - return 0; +/* /\* Check whether UID is a valid standard user id of the form */ +/* "Heinrich Heine " */ +/* and return true if this is the case. *\/ */ +/* int */ +/* is_valid_user_id (const char *uid) */ +/* { */ +/* if (!uid || !*uid) */ +/* return 0; */ - return 1; -} +/* return 1; */ +/* } */ diff --git a/src/mbox-util.h b/src/mbox-util.h index 9c7271f..3195a4d 100644 --- a/src/mbox-util.h +++ b/src/mbox-util.h @@ -19,11 +19,11 @@ #ifndef GNUPG_COMMON_MBOX_UTIL_H #define GNUPG_COMMON_MBOX_UTIL_H -int has_invalid_email_chars (const void *buffer, size_t length); -int is_valid_mailbox (const char *name); -int is_valid_mailbox_mem (const void *buffer, size_t length); -char *mailbox_from_userid (const char *userid); -int is_valid_user_id (const char *uid); +/* int has_invalid_email_chars (const void *buffer, size_t length); */ +int _gpgme_is_valid_mailbox (const char *name); +/* int _gpgme_is_valid_mailbox_mem (const void *buffer, size_t length); */ +char *_gpgme_mailbox_from_userid (const char *userid); +/* int is_valid_user_id (const char *uid); */ #endif /*GNUPG_COMMON_MBOX_UTIL_H*/ commit 26c5ba528ce1411d96655952ec48359105695c0f Author: Werner Koch Date: Mon Aug 22 20:50:37 2016 +0200 core: New code for parsing mail addresses. * src/mbox-util.c: New. * src/mbox-util.h: New. -- The files haven been copied verbatim from GnuPG 2.1.15 commit 54245979e691129ed9d3a6c642087fb8d3227449 after the license has been changed in GnuPG. We need this file too match GnuPG's idea of a mail address. Signed-off-by: Werner Koch diff --git a/src/mbox-util.c b/src/mbox-util.c new file mode 100644 index 0000000..c451198 --- /dev/null +++ b/src/mbox-util.c @@ -0,0 +1,239 @@ +/* mbox-util.c - Mail address helper functions + * Copyright (C) 1998-2010 Free Software Foundation, Inc. + * Copyright (C) 1998-2015 Werner Koch + * + * This file is part of GnuPG. + * + * This file is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This file is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, see . + */ + +#include +#include +#include +#include +#include +#include + +#include "util.h" +#include "mbox-util.h" + + +static int +string_count_chr (const char *string, int c) +{ + int count; + + for (count=0; *string; string++ ) + if ( *string == c ) + count++; + return count; +} + +static int +mem_count_chr (const void *buffer, int c, size_t length) +{ + const char *s = buffer; + int count; + + for (count=0; length; length--, s++) + if (*s == c) + count++; + return count; +} + + +/* This is a case-sensitive version of our memistr. I wonder why no + standard function memstr exists but I better do not use the name + memstr to avoid future conflicts. */ +static const char * +my_memstr (const void *buffer, size_t buflen, const char *sub) +{ + const unsigned char *buf = buffer; + const unsigned char *t = (const unsigned char *)buf; + const unsigned char *s = (const unsigned char *)sub; + size_t n = buflen; + + for ( ; n ; t++, n-- ) + { + if (*t == *s) + { + for (buf = t++, buflen = n--, s++; n && *t ==*s; t++, s++, n--) + ; + if (!*s) + return (const char*)buf; + t = (const unsigned char *)buf; + s = (const unsigned char *)sub ; + n = buflen; + } + } + return NULL; +} + + + +static int +string_has_ctrl_or_space (const char *string) +{ + for (; *string; string++ ) + if (!(*string & 0x80) && *string <= 0x20) + return 1; + return 0; +} + + +/* Return true if STRING has two consecutive '.' after an '@' + sign. */ +static int +has_dotdot_after_at (const char *string) +{ + string = strchr (string, '@'); + if (!string) + return 0; /* No at-sign. */ + string++; + return !!strstr (string, ".."); +} + + +/* Check whether BUFFER has characters not valid in an RFC-822 + address. LENGTH gives the length of BUFFER. + + To cope with OpenPGP we ignore non-ascii characters so that for + example umlauts are legal in an email address. An OpenPGP user ID + must be utf-8 encoded but there is no strict requirement for + RFC-822. Thus to avoid IDNA encoding we put the address verbatim + as utf-8 into the user ID under the assumption that mail programs + handle IDNA at a lower level and take OpenPGP user IDs as utf-8. + Note that we can't do an utf-8 encoding checking here because in + keygen.c this function is called with the native encoding and + native to utf-8 encoding is only done later. */ +int +has_invalid_email_chars (const void *buffer, size_t length) +{ + const unsigned char *s = buffer; + int at_seen=0; + const char *valid_chars= + "01234567890_-.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; + + for ( ; length && *s; length--, s++ ) + { + if ((*s & 0x80)) + continue; /* We only care about ASCII. */ + if (*s == '@') + at_seen=1; + else if (!at_seen && !(strchr (valid_chars, *s) + || strchr ("!#$%&'*+/=?^`{|}~", *s))) + return 1; + else if (at_seen && !strchr (valid_chars, *s)) + return 1; + } + return 0; +} + + +/* Same as is_valid_mailbox (see below) but operates on non-nul + terminated buffer. */ +int +is_valid_mailbox_mem (const void *name_arg, size_t namelen) +{ + const char *name = name_arg; + + return !( !name + || !namelen + || has_invalid_email_chars (name, namelen) + || mem_count_chr (name, '@', namelen) != 1 + || *name == '@' + || name[namelen-1] == '@' + || name[namelen-1] == '.' + || my_memstr (name, namelen, "..")); +} + + +/* Check whether NAME represents a valid mailbox according to + RFC822. Returns true if so. */ +int +is_valid_mailbox (const char *name) +{ + return name? is_valid_mailbox_mem (name, strlen (name)) : 0; +} + + +/* Return the mailbox (local-part at domain) form a standard user id. + All plain ASCII characters in the result are converted to + lowercase. Caller must free the result. Returns NULL if no valid + mailbox was found (or we are out of memory). */ +char * +mailbox_from_userid (const char *userid) +{ + const char *s, *s_end; + size_t len; + char *result = NULL; + + s = strchr (userid, '<'); + if (s) + { + /* Seems to be a standard user id. */ + s++; + s_end = strchr (s, '>'); + if (s_end && s_end > s) + { + len = s_end - s; + result = xtrymalloc (len + 1); + if (!result) + return NULL; /* Ooops - out of core. */ + strncpy (result, s, len); + result[len] = 0; + /* Apply some basic checks on the address. We do not use + is_valid_mailbox because those checks are too strict. */ + if (string_count_chr (result, '@') != 1 /* Need exactly one '@. */ + || *result == '@' /* local-part missing. */ + || result[len-1] == '@' /* domain missing. */ + || result[len-1] == '.' /* ends with a dot. */ + || string_has_ctrl_or_space (result) + || has_dotdot_after_at (result)) + { + xfree (result); + result = NULL; + errno = EINVAL; + } + } + else + errno = EINVAL; + } + else if (is_valid_mailbox (userid)) + { + /* The entire user id is a mailbox. Return that one. Note that + this fallback method has some restrictions on the valid + syntax of the mailbox. However, those who want weird + addresses should know about it and use the regular <...> + syntax. */ + result = xtrystrdup (userid); + } + else + errno = EINVAL; + + return result? ascii_strlwr (result): NULL; +} + + +/* Check whether UID is a valid standard user id of the form + "Heinrich Heine " + and return true if this is the case. */ +int +is_valid_user_id (const char *uid) +{ + if (!uid || !*uid) + return 0; + + return 1; +} diff --git a/src/mbox-util.h b/src/mbox-util.h new file mode 100644 index 0000000..9c7271f --- /dev/null +++ b/src/mbox-util.h @@ -0,0 +1,29 @@ +/* mbox-util.h - Defs for mail address helper functions + * Copyright (C) 2015 Werner Koch + * + * This file is part of GnuPG. + * + * This file is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This file is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, see . + */ +#ifndef GNUPG_COMMON_MBOX_UTIL_H +#define GNUPG_COMMON_MBOX_UTIL_H + +int has_invalid_email_chars (const void *buffer, size_t length); +int is_valid_mailbox (const char *name); +int is_valid_mailbox_mem (const void *buffer, size_t length); +char *mailbox_from_userid (const char *userid); +int is_valid_user_id (const char *uid); + + +#endif /*GNUPG_COMMON_MBOX_UTIL_H*/ ----------------------------------------------------------------------- Summary of changes: NEWS | 4 +- doc/gpgme.texi | 32 ++++++- src/Makefile.am | 1 + src/gpgme.h.in | 100 ++++++++++---------- src/key.c | 29 ++++++ src/keylist.c | 16 ++++ src/mbox-util.c | 257 ++++++++++++++++++++++++++++++++++++++++++++++++++++ src/mbox-util.h | 29 ++++++ src/ops.h | 4 +- src/verify.c | 106 ++++++++++++---------- tests/run-keylist.c | 9 +- tests/run-verify.c | 50 +++++----- 12 files changed, 516 insertions(+), 121 deletions(-) create mode 100644 src/mbox-util.c create mode 100644 src/mbox-util.h hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Aug 23 15:58:30 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 23 Aug 2016 15:58:30 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-298-g2972c44 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 2972c44bd7e97b2169dea9c4a49d9754afdae3f0 (commit) from be4ff75d7d5ac6ed15feb245ef3cec59b4bad561 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2972c44bd7e97b2169dea9c4a49d9754afdae3f0 Author: Werner Koch Date: Tue Aug 23 15:55:55 2016 +0200 core: Put the protocol into a TOFU created key object. * src/verify.c (parse_tofu_user): Add arg 'protocol' and store it in the KEY. (_gpgme_verify_status_handler): Pass protocol. Signed-off-by: Werner Koch diff --git a/src/verify.c b/src/verify.c index 173d1cb..075f1d6 100644 --- a/src/verify.c +++ b/src/verify.c @@ -671,7 +671,7 @@ parse_trust (gpgme_signature_t sig, gpgme_status_code_t code, char *args) /* Parse a TOFU_USER line and put the info into SIG. */ static gpgme_error_t -parse_tofu_user (gpgme_signature_t sig, char *args) +parse_tofu_user (gpgme_signature_t sig, char *args, gpgme_protocol_t protocol) { gpg_error_t err; char *tail; @@ -715,6 +715,7 @@ parse_tofu_user (gpgme_signature_t sig, char *args) if (err) goto leave; sig->key->fpr = fpr; + sig->key->protocol = protocol; fpr = NULL; } else if (!sig->key->fpr) @@ -993,7 +994,7 @@ _gpgme_verify_status_handler (void *priv, gpgme_status_code_t code, char *args) case GPGME_STATUS_TOFU_USER: opd->only_newsig_seen = 0; - return sig ? parse_tofu_user (sig, args) + return sig ? parse_tofu_user (sig, args, ctx->protocol) /* */ : trace_gpg_error (GPG_ERR_INV_ENGINE); case GPGME_STATUS_TOFU_STATS: ----------------------------------------------------------------------- Summary of changes: src/verify.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Aug 23 16:44:54 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Tue, 23 Aug 2016 16:44:54 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-299-g799b168 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 799b168243e6499ac01bf59e0656547f353a2589 (commit) from 2972c44bd7e97b2169dea9c4a49d9754afdae3f0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 799b168243e6499ac01bf59e0656547f353a2589 Author: Andre Heinecke Date: Tue Aug 23 16:40:21 2016 +0200 Cpp: Move tofuinfo from signature to userid * lang/cpp/src/key.cpp (UserID::tofuInfo): New. * lang/cpp/src/key.h: Update accordingly. * lang/cpp/src/tofuinfo.cpp: Remove dropped fields. * lang/cpp/src/tofuinfo.h: Update accordingly. * lang/cpp/src/verificationresult.cpp, lang/cpp/src/verificationresult.h: Remove tofu info. * lang/qt/tests/t-tofuinfo.cpp: Disable for now. -- With be4ff75d7 Tofu info now lives with a UserID Object. While this breaks API it was not yet released. diff --git a/lang/cpp/src/key.cpp b/lang/cpp/src/key.cpp index d99c5ec..68d7685 100644 --- a/lang/cpp/src/key.cpp +++ b/lang/cpp/src/key.cpp @@ -23,6 +23,7 @@ #include #include "util.h" +#include "tofuinfo.h" #include @@ -625,6 +626,14 @@ bool UserID::isInvalid() const return uid && uid->invalid; } +TofuInfo UserID::tofuInfo() const +{ + if (!uid) { + return TofuInfo(); + } + return TofuInfo(uid->tofu); +} + // // // class Signature diff --git a/lang/cpp/src/key.h b/lang/cpp/src/key.h index bb0487b..e8d7ee2 100644 --- a/lang/cpp/src/key.h +++ b/lang/cpp/src/key.h @@ -43,6 +43,7 @@ class Context; class Subkey; class UserID; +class TofuInfo; typedef std::shared_ptr< std::remove_pointer::type > shared_gpgme_key_t; @@ -309,6 +310,10 @@ public: bool isRevoked() const; bool isInvalid() const; + /** TOFU info for this userid. + * @returns The TOFU stats or a null TofuInfo. + */ + GpgME::TofuInfo tofuInfo() const; private: shared_gpgme_key_t key; gpgme_user_id_t uid; diff --git a/lang/cpp/src/tofuinfo.cpp b/lang/cpp/src/tofuinfo.cpp index c27a59e..fe8f051 100644 --- a/lang/cpp/src/tofuinfo.cpp +++ b/lang/cpp/src/tofuinfo.cpp @@ -31,12 +31,6 @@ public: Private(gpgme_tofu_info_t info) : mInfo(info ? new _gpgme_tofu_info(*info) : nullptr) { - if (mInfo && mInfo->fpr) { - mInfo->fpr = strdup(mInfo->fpr); - } - if (mInfo && mInfo->address) { - mInfo->address = strdup(mInfo->address); - } if (mInfo && mInfo->description) { mInfo->description = strdup(mInfo->description); } @@ -45,12 +39,6 @@ public: Private(const Private &other) : mInfo(other.mInfo) { - if (mInfo && mInfo->fpr) { - mInfo->fpr = strdup(mInfo->fpr); - } - if (mInfo && mInfo->address) { - mInfo->address = strdup(mInfo->address); - } if (mInfo && mInfo->description) { mInfo->description = strdup(mInfo->description); } @@ -59,10 +47,6 @@ public: ~Private() { if (mInfo) { - std::free(mInfo->fpr); - mInfo->fpr = nullptr; - std::free(mInfo->address); - mInfo->address = nullptr; std::free(mInfo->description); mInfo->description = nullptr; @@ -129,16 +113,6 @@ GpgME::TofuInfo::Policy GpgME::TofuInfo::policy() const } } -const char *GpgME::TofuInfo::fingerprint() const -{ - return isNull() ? nullptr : d->mInfo->fpr; -} - -const char *GpgME::TofuInfo::address() const -{ - return isNull() ? nullptr : d->mInfo->address; -} - const char *GpgME::TofuInfo::description() const { return isNull() ? nullptr : d->mInfo->description; @@ -163,9 +137,7 @@ std::ostream &GpgME::operator<<(std::ostream &os, const GpgME::TofuInfo &info) { os << "GpgME::Signature::TofuInfo("; if (!info.isNull()) { - os << "\n address: " << protect(info.address()) - << "\n fpr: " << protect(info.fingerprint()) - << "\n desc: " << protect(info.description()) + os << "\n desc: " << protect(info.description()) << "\n validity: " << info.validity() << "\n policy: " << info.policy() << "\n signcount: "<< info.signCount() diff --git a/lang/cpp/src/tofuinfo.h b/lang/cpp/src/tofuinfo.h index c698360..4835120 100644 --- a/lang/cpp/src/tofuinfo.h +++ b/lang/cpp/src/tofuinfo.h @@ -99,20 +99,9 @@ public: /* Number of seconds since the last message was verified. */ unsigned int lastSeen() const; - /* Finterprint of the key for this entry. */ - const char *fingerprint() const; - /* If non-NULL a human readable string summarizing the TOFU data. */ const char *description() const; - /* The address of the tofu binding. - * - * If no mail address is set for a User ID this is the name used - * for the user ID. Can be ambiguous when the same mail address or - * name is used in multiple user ids. - */ - const char *address() const; - private: class Private; std::shared_ptr d; diff --git a/lang/cpp/src/verificationresult.cpp b/lang/cpp/src/verificationresult.cpp index 3eb8a85..c32c896 100644 --- a/lang/cpp/src/verificationresult.cpp +++ b/lang/cpp/src/verificationresult.cpp @@ -24,7 +24,6 @@ #include #include "result_p.h" #include "util.h" -#include "tofuinfo.h" #include @@ -82,11 +81,6 @@ public: } nota.back().push_back(n); } - // copy tofu info: - tinfos.push_back(std::vector()); - for (gpgme_tofu_info_t in = is->tofu; in ; in = in->next) { - tinfos.back().push_back(TofuInfo(in)); - } } } ~Private() @@ -113,7 +107,6 @@ public: std::vector sigs; std::vector< std::vector > nota; - std::vector< std::vector > tinfos; std::vector purls; std::string file_name; }; @@ -373,15 +366,6 @@ std::vector GpgME::Signature::notations() const return result; } -std::vector GpgME::Signature::tofuInfo() const -{ - if (isNull()) { - return std::vector(); - } - - return d->tinfos[idx]; -} - class GpgME::Notation::Private { public: @@ -550,9 +534,6 @@ std::ostream &GpgME::operator<<(std::ostream &os, const Signature &sig) const std::vector nota = sig.notations(); std::copy(nota.begin(), nota.end(), std::ostream_iterator(os, "\n")); - const std::vector tinfos = sig.tofuInfo(); - std::copy(tinfos.begin(), tinfos.end(), - std::ostream_iterator(os, "\n")); } return os << ')'; } diff --git a/lang/cpp/src/verificationresult.h b/lang/cpp/src/verificationresult.h index f5fbc2e..3394a47 100644 --- a/lang/cpp/src/verificationresult.h +++ b/lang/cpp/src/verificationresult.h @@ -40,7 +40,6 @@ namespace GpgME class Error; class Signature; class Notation; -class TofuInfo; class GPGMEPP_EXPORT VerificationResult : public Result { @@ -158,18 +157,6 @@ public: GpgME::Notation notation(unsigned int index) const; std::vector notations() const; - /** List of TOFU stats for this signature. - * - * For each UserID of the key used to create this - * signature a tofu entry is returned. - * - * Warning: Addresses can be ambigous if there are multiple UserID's - * with the same mailbox in a key. - * - * @returns The list of TOFU stats. - */ - std::vector tofuInfo() const; - private: std::shared_ptr d; unsigned int idx; diff --git a/lang/qt/tests/t-tofuinfo.cpp b/lang/qt/tests/t-tofuinfo.cpp index 3072f0f..2f2ed43 100644 --- a/lang/qt/tests/t-tofuinfo.cpp +++ b/lang/qt/tests/t-tofuinfo.cpp @@ -57,6 +57,7 @@ static const char testMsg1[] = class TofuInfoTest: public QGpgMETest { +#if 0 Q_OBJECT void testTofuCopy(TofuInfo other, const TofuInfo &orig) @@ -235,6 +236,7 @@ private /* FIXME Disabled until GnuPG-Bug-Id 2405 is fixed Q_SLOTS */: mDir.path() + QStringLiteral("/secring.gpg"))); } +#endif }; QTEST_MAIN(TofuInfoTest) ----------------------------------------------------------------------- Summary of changes: lang/cpp/src/key.cpp | 9 +++++++++ lang/cpp/src/key.h | 5 +++++ lang/cpp/src/tofuinfo.cpp | 30 +----------------------------- lang/cpp/src/tofuinfo.h | 11 ----------- lang/cpp/src/verificationresult.cpp | 19 ------------------- lang/cpp/src/verificationresult.h | 13 ------------- lang/qt/tests/t-tofuinfo.cpp | 2 ++ 7 files changed, 17 insertions(+), 72 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Aug 24 14:01:56 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Wed, 24 Aug 2016 14:01:56 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-302-gd2e40fb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via d2e40fb7adf667f3e2d2457ee4c646ea4d4d88b3 (commit) via 7c5a4974b71c30e824cbfcb3a0a70064e5ed5adb (commit) via 40ea1c85773cbe324557c34b3a4282f609fcdaf6 (commit) from 799b168243e6499ac01bf59e0656547f353a2589 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d2e40fb7adf667f3e2d2457ee4c646ea4d4d88b3 Author: Andre Heinecke Date: Wed Aug 24 14:00:41 2016 +0200 Qt: Adapt (disabled) tofuinfo test to new API * lang/qt/tests/t-tofuinfo.cpp: Switch to UID based API. -- Test is still disabled as GnuPG still returns unexpected results. diff --git a/lang/qt/tests/t-tofuinfo.cpp b/lang/qt/tests/t-tofuinfo.cpp index 2f2ed43..ab466ee 100644 --- a/lang/qt/tests/t-tofuinfo.cpp +++ b/lang/qt/tests/t-tofuinfo.cpp @@ -41,6 +41,7 @@ #include "qgpgmesignjob.h" #include "key.h" #include "t-support.h" +#include "engineinfo.h" #include using namespace QGpgME; @@ -57,14 +58,20 @@ static const char testMsg1[] = class TofuInfoTest: public QGpgMETest { -#if 0 Q_OBJECT + bool testSupported() + { + /* GnuPG currently returns different values for different uid's + * on the first verify. This breaks this test. so its disabled + * for now. See GnuPG-Bug 2405 */ + return !(GpgME::engineInfo(GpgME::GpgEngine).engineVersion() < "3.0.0"); + } + void testTofuCopy(TofuInfo other, const TofuInfo &orig) { Q_ASSERT(!orig.isNull()); Q_ASSERT(!other.isNull()); - Q_ASSERT(!strcmp(orig.fingerprint(), other.fingerprint())); Q_ASSERT(orig.lastSeen() == other.lastSeen()); Q_ASSERT(orig.signCount() == other.signCount()); Q_ASSERT(orig.validity() == other.validity()); @@ -84,6 +91,9 @@ class TofuInfoTest: public QGpgMETest QByteArray signedData; auto sigResult = job->exec(keys, what.toUtf8(), NormalSignatureMode, signedData); + auto info = keys[0].userID(0).tofuInfo(); + Q_ASSERT(info.signCount() == expected - 1); + Q_ASSERT(!sigResult.error()); auto verifyJob = openpgp()->verifyOpaqueJob(); @@ -97,23 +107,23 @@ class TofuInfoTest: public QGpgMETest Q_ASSERT(result.numSignatures() == 1); auto sig = result.signatures()[0]; - Q_FOREACH(const TofuInfo stats, sig.tofuInfo()) { - Q_ASSERT(!stats.isNull()); - Q_ASSERT(!strcmp(stats.fingerprint(), sig.fingerprint())); - Q_ASSERT(stats.signCount() == expected); - } + auto key2 = sig.key(); + Q_ASSERT(!key.isNull()); + Q_ASSERT(!strcmp (key2.primaryFingerprint(), key.primaryFingerprint())); + Q_ASSERT(!strcmp (key.primaryFingerprint(), sig.fingerprint())); + auto stats = key2.userID(0).tofuInfo(); + Q_ASSERT(!stats.isNull()); + Q_ASSERT(stats.signCount() == expected); } -private: - QTemporaryDir mDir; - -private /* FIXME Disabled until GnuPG-Bug-Id 2405 is fixed Q_SLOTS */: +private Q_SLOTS: void testTofuNull() { + if (!testSupported()) { + return; + } TofuInfo tofu; Q_ASSERT(tofu.isNull()); - Q_ASSERT(!tofu.fingerprint()); - Q_ASSERT(!tofu.address()); Q_ASSERT(!tofu.description()); Q_ASSERT(!tofu.signCount()); Q_ASSERT(!tofu.lastSeen()); @@ -124,6 +134,9 @@ private /* FIXME Disabled until GnuPG-Bug-Id 2405 is fixed Q_SLOTS */: void testTofuInfo() { + if (!testSupported()) { + return; + } auto *job = openpgp()->verifyOpaqueJob(true); const QByteArray data1(testMsg1); QByteArray plaintext; @@ -139,20 +152,17 @@ private /* FIXME Disabled until GnuPG-Bug-Id 2405 is fixed Q_SLOTS */: /* TOFU is always marginal */ Q_ASSERT(sig.validity() == Signature::Marginal); - Q_ASSERT(!sig.tofuInfo().empty()); - Q_FOREACH(const TofuInfo stats, sig.tofuInfo()) { - Q_ASSERT(!stats.isNull()); - Q_ASSERT(!strcmp(stats.fingerprint(), sig.fingerprint())); - Q_ASSERT(stats.firstSeen() == stats.lastSeen()); - Q_ASSERT(!stats.signCount()); - Q_ASSERT(stats.address()); - /* See issue2405 Comment back in when resolved - Q_ASSERT(stats.policy() == TofuInfo::PolicyAuto); */ - Q_ASSERT(stats.validity() == TofuInfo::NoHistory); - } + auto stats = sig.key().userID(0).tofuInfo(); + Q_ASSERT(!stats.isNull()); + Q_ASSERT(sig.key().primaryFingerprint()); + Q_ASSERT(sig.fingerprint()); + Q_ASSERT(!strcmp(sig.key().primaryFingerprint(), sig.fingerprint())); + Q_ASSERT(stats.firstSeen() == stats.lastSeen()); + Q_ASSERT(stats.signCount() == 1); + Q_ASSERT(stats.policy() == TofuInfo::PolicyAuto); + Q_ASSERT(stats.validity() == TofuInfo::LittleHistory); - const TofuInfo first = sig.tofuInfo()[0]; - testTofuCopy(first, first); + testTofuCopy(stats, stats); /* Another verify */ @@ -167,15 +177,13 @@ private /* FIXME Disabled until GnuPG-Bug-Id 2405 is fixed Q_SLOTS */: /* TOFU is always marginal */ Q_ASSERT(sig.validity() == Signature::Marginal); - Q_ASSERT(!sig.tofuInfo().empty()); - Q_FOREACH(const TofuInfo stats, sig.tofuInfo()) { - Q_ASSERT(!stats.isNull()); - Q_ASSERT(!strcmp(stats.fingerprint(), sig.fingerprint())); - Q_ASSERT(stats.signCount() == 1); - Q_ASSERT(stats.address()); - Q_ASSERT(stats.policy() == TofuInfo::PolicyAuto); - Q_ASSERT(stats.validity() == TofuInfo::LittleHistory); - } + stats = sig.key().userID(0).tofuInfo(); + Q_ASSERT(!stats.isNull()); + Q_ASSERT(!strcmp(sig.key().primaryFingerprint(), sig.fingerprint())); + Q_ASSERT(stats.firstSeen() == stats.lastSeen()); + Q_ASSERT(stats.signCount() == 1); + Q_ASSERT(stats.policy() == TofuInfo::PolicyAuto); + Q_ASSERT(stats.validity() == TofuInfo::LittleHistory); /* Verify that another call yields the same result */ job = openpgp()->verifyOpaqueJob(true); @@ -189,19 +197,20 @@ private /* FIXME Disabled until GnuPG-Bug-Id 2405 is fixed Q_SLOTS */: /* TOFU is always marginal */ Q_ASSERT(sig.validity() == Signature::Marginal); - Q_ASSERT(!sig.tofuInfo().empty()); - Q_FOREACH(const TofuInfo stats, sig.tofuInfo()) { - Q_ASSERT(!stats.isNull()); - Q_ASSERT(!strcmp(stats.fingerprint(), sig.fingerprint())); - Q_ASSERT(stats.signCount() == 1); - Q_ASSERT(stats.address()); - Q_ASSERT(stats.policy() == TofuInfo::PolicyAuto); - Q_ASSERT(stats.validity() == TofuInfo::LittleHistory); - } + stats = sig.key().userID(0).tofuInfo(); + Q_ASSERT(!stats.isNull()); + Q_ASSERT(!strcmp(sig.key().primaryFingerprint(), sig.fingerprint())); + Q_ASSERT(stats.firstSeen() == stats.lastSeen()); + Q_ASSERT(stats.signCount() == 1); + Q_ASSERT(stats.policy() == TofuInfo::PolicyAuto); + Q_ASSERT(stats.validity() == TofuInfo::LittleHistory); } void testTofuSignCount() { + if (!testSupported()) { + return; + } auto *job = openpgp()->keyListJob(false, false, false); std::vector keys; GpgME::KeyListResult result = job->exec(QStringList() << QStringLiteral("zulu at example.net"), @@ -210,10 +219,10 @@ private /* FIXME Disabled until GnuPG-Bug-Id 2405 is fixed Q_SLOTS */: Key key = keys[0]; Q_ASSERT(!key.isNull()); - signAndVerify(QStringLiteral("Hello"), key, 0); - signAndVerify(QStringLiteral("Hello2"), key, 1); - signAndVerify(QStringLiteral("Hello3"), key, 2); - signAndVerify(QStringLiteral("Hello4"), key, 3); + signAndVerify(QStringLiteral("Hello"), key, 1); + signAndVerify(QStringLiteral("Hello2"), key, 2); + signAndVerify(QStringLiteral("Hello3"), key, 3); + signAndVerify(QStringLiteral("Hello4"), key, 4); } void initTestCase() @@ -236,7 +245,9 @@ private /* FIXME Disabled until GnuPG-Bug-Id 2405 is fixed Q_SLOTS */: mDir.path() + QStringLiteral("/secring.gpg"))); } -#endif +private: + QTemporaryDir mDir; + }; QTEST_MAIN(TofuInfoTest) commit 7c5a4974b71c30e824cbfcb3a0a70064e5ed5adb Author: Andre Heinecke Date: Wed Aug 24 13:59:37 2016 +0200 Cpp: Add Key to signature * lang/cpp/src/verificationresult.cpp, lang/cpp/src/verificationresult.h (Signature::key): New. diff --git a/lang/cpp/src/verificationresult.cpp b/lang/cpp/src/verificationresult.cpp index c32c896..c62625d 100644 --- a/lang/cpp/src/verificationresult.cpp +++ b/lang/cpp/src/verificationresult.cpp @@ -24,6 +24,7 @@ #include #include "result_p.h" #include "util.h" +#include "key.h" #include @@ -64,6 +65,10 @@ public: # endif scopy->next = 0; sigs.push_back(scopy); + // copy keys + if (scopy->key) { + keys.push_back(Key(scopy->key, true)); + } // copy notations: nota.push_back(std::vector()); purls.push_back(0); @@ -107,6 +112,7 @@ public: std::vector sigs; std::vector< std::vector > nota; + std::vector keys; std::vector purls; std::string file_name; }; @@ -366,6 +372,14 @@ std::vector GpgME::Signature::notations() const return result; } +GpgME::Key GpgME::Signature::key() const +{ + if (isNull()) { + return Key(); + } + return d->keys[idx]; +} + class GpgME::Notation::Private { public: diff --git a/lang/cpp/src/verificationresult.h b/lang/cpp/src/verificationresult.h index 3394a47..93288af 100644 --- a/lang/cpp/src/verificationresult.h +++ b/lang/cpp/src/verificationresult.h @@ -40,6 +40,7 @@ namespace GpgME class Error; class Signature; class Notation; +class Key; class GPGMEPP_EXPORT VerificationResult : public Result { @@ -157,6 +158,11 @@ public: GpgME::Notation notation(unsigned int index) const; std::vector notations() const; + /** Returns the key object associated with this signature. + * May be incomplete but will have at least the fingerprint + * set or the associated TOFU Information if applicable. */ + GpgME::Key key() const; + private: std::shared_ptr d; unsigned int idx; commit 40ea1c85773cbe324557c34b3a4282f609fcdaf6 Author: Andre Heinecke Date: Wed Aug 24 13:57:49 2016 +0200 Cpp: Use fpr field for primaryFingerprint * lang/cpp/src/key.cpp (Key::primaryFingerprint): Return fpr value if available. -- Should not be necessary but we might have an incomplete key without subkeys but the fingerprint already set in gpgme's data type. diff --git a/lang/cpp/src/key.cpp b/lang/cpp/src/key.cpp index 68d7685..6f40f66 100644 --- a/lang/cpp/src/key.cpp +++ b/lang/cpp/src/key.cpp @@ -259,11 +259,16 @@ const char *Key::shortKeyID() const const char *Key::primaryFingerprint() const { - const char *fpr = key && key->subkeys ? key->subkeys->fpr : 0 ; - if (fpr) { - return fpr; - } else { - return keyID(); + if (!key) { + return nullptr; + } + if (key->fpr) { + /* Return what gpgme thinks is the primary fingerprint */ + return key->fpr; + } + if (key->subkeys) { + /* Return the first subkeys fingerprint */ + return key->subkeys->fpr; } } ----------------------------------------------------------------------- Summary of changes: lang/cpp/src/key.cpp | 15 +++-- lang/cpp/src/verificationresult.cpp | 14 +++++ lang/cpp/src/verificationresult.h | 6 ++ lang/qt/tests/t-tofuinfo.cpp | 109 ++++++++++++++++++++---------------- 4 files changed, 90 insertions(+), 54 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Aug 24 14:17:35 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 24 Aug 2016 14:17:35 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-303-ge20b0f0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via e20b0f0201543834f15c5d50cd3b2ece69a35d70 (commit) from d2e40fb7adf667f3e2d2457ee4c646ea4d4d88b3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e20b0f0201543834f15c5d50cd3b2ece69a35d70 Author: Werner Koch Date: Tue Aug 23 19:50:01 2016 +0200 cpp: Get rid of AssuanResult due to its deprecation. * lang/cpp/src/assuanresult.cpp: Remove. * lang/cpp/src/assuanresult.h: Remove. * lang/cpp/src/Makefile.am: Remove these files. * lang/cpp/src/context.cpp: Remove header assuanresult.h (assuanTransact): Change return type to Error. Use gpgme_op_assuan_transact_ext. (startAssuanTransaction): Change return type to Error. (assuanResult): Remove * lang/cpp/src/context.h (assuanResult): Adjust for changes. Signed-off-by: Werner Koch diff --git a/lang/cpp/src/Makefile.am b/lang/cpp/src/Makefile.am index 188585a..e65a875 100644 --- a/lang/cpp/src/Makefile.am +++ b/lang/cpp/src/Makefile.am @@ -25,7 +25,7 @@ lib_LTLIBRARIES = libgpgmepp.la main_sources = \ exception.cpp context.cpp key.cpp trustitem.cpp data.cpp callbacks.cpp \ - eventloopinteractor.cpp editinteractor.cpp assuanresult.cpp \ + eventloopinteractor.cpp editinteractor.cpp \ keylistresult.cpp keygenerationresult.cpp importresult.cpp \ decryptionresult.cpp verificationresult.cpp \ signingresult.cpp encryptionresult.cpp \ @@ -36,7 +36,7 @@ main_sources = \ vfsmountresult.cpp configuration.cpp tofuinfo.cpp gpgmepp_headers = \ - assuanresult.h configuration.h context.h data.h decryptionresult.h \ + configuration.h context.h data.h decryptionresult.h \ defaultassuantransaction.h editinteractor.h encryptionresult.h \ engineinfo.h error.h eventloopinteractor.h exception.h global.h \ gpgadduserideditinteractor.h gpgagentgetinfoassuantransaction.h \ diff --git a/lang/cpp/src/assuanresult.cpp b/lang/cpp/src/assuanresult.cpp deleted file mode 100644 index 3d6d0a3..0000000 --- a/lang/cpp/src/assuanresult.cpp +++ /dev/null @@ -1,90 +0,0 @@ -/* - assuanresult.cpp - wraps a gpgme assuan result - Copyright (C) 2009 Klar?lvdalens Datakonsult AB - - This file is part of GPGME++. - - GPGME++ is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - GPGME++ is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU Library General Public License for more details. - - You should have received a copy of the GNU Library General Public License - along with GPGME++; see the file COPYING.LIB. If not, write to the - Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301, USA. -*/ - -#include -#include "result_p.h" - -#include - -#include - -using namespace GpgME; - -class AssuanResult::Private -{ -public: - explicit Private(const gpgme_assuan_result_t r) - { - if (!r) { - return; - } - error = r->err; - } - - gpgme_error_t error; -}; - -AssuanResult::AssuanResult(gpgme_ctx_t ctx, int error) - : Result(error), d() -{ - init(ctx); -} - -AssuanResult::AssuanResult(gpgme_ctx_t ctx, const Error &error) - : Result(error), d() -{ - init(ctx); -} - -void AssuanResult::init(gpgme_ctx_t ctx) -{ - (void)ctx; - if (!ctx) { - return; - } - gpgme_assuan_result_t res = gpgme_op_assuan_result(ctx); - if (!res) { - return; - } - d.reset(new Private(res)); -} - -make_standard_stuff(AssuanResult) - -Error AssuanResult::assuanError() const -{ - if (d) { - return Error(d->error); - } - return Error(); -} - -std::ostream &GpgME::operator<<(std::ostream &os, const AssuanResult &result) -{ - os << "GpgME::AssuanResult("; - if (!result.isNull()) { - os << "\n error: " << result.error() - << "\n assuanError: " << result.assuanError() - << "\n"; - } - return os << ')'; -} diff --git a/lang/cpp/src/assuanresult.h b/lang/cpp/src/assuanresult.h deleted file mode 100644 index e59b5ac..0000000 --- a/lang/cpp/src/assuanresult.h +++ /dev/null @@ -1,79 +0,0 @@ -/* - assuanresult.h - wraps a gpgme assuan result - Copyright (C) 2009 Klar?lvdalens Datakonsult AB - Author: Marc Mutz - - This file is part of GPGME++. - - GPGME++ is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - GPGME++ is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU Library General Public License for more details. - - You should have received a copy of the GNU Library General Public License - along with GPGME++; see the file COPYING.LIB. If not, write to the - Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301, USA. -*/ - -#ifndef __GPGMEPP_ASSUANRESULT_H__ -#define __GPGMEPP_ASSUANRESULT_H__ - -#include "gpgmefw.h" -#include "result.h" -#include "gpgmepp_export.h" - -#include - -#include -#include -#include - -namespace GpgME -{ - -class Error; - -class GPGMEPP_EXPORT AssuanResult : public Result -{ -public: - AssuanResult(); - AssuanResult(gpgme_ctx_t ctx, int error); - AssuanResult(gpgme_ctx_t ctx, const Error &error); - explicit AssuanResult(const Error &err); - - const AssuanResult &operator=(AssuanResult other) - { - swap(other); - return *this; - } - - void swap(AssuanResult &other) - { - Result::swap(other); - using std::swap; - swap(this->d, other.d); - } - - bool isNull() const; - - Error assuanError() const; - - class Private; -private: - void init(gpgme_ctx_t ctx); - std::shared_ptr d; -}; - -GPGMEPP_EXPORT std::ostream &operator<<(std::ostream &os, const AssuanResult &result); - -} - -GPGMEPP_MAKE_STD_SWAP_SPECIALIZATION(AssuanResult) - -#endif // __GPGMEPP_ASSUANRESULT_H__ diff --git a/lang/cpp/src/context.cpp b/lang/cpp/src/context.cpp index 11080cf..4e66d3b 100644 --- a/lang/cpp/src/context.cpp +++ b/lang/cpp/src/context.cpp @@ -23,7 +23,6 @@ #include #include #include -#include #include #include #include @@ -801,26 +800,36 @@ static gpgme_error_t assuan_transaction_status_callback(void *opaque, const char return t->status(status, a.c_str()).encodedError(); } -AssuanResult Context::assuanTransact(const char *command) +Error Context::assuanTransact(const char *command) { return assuanTransact(command, std::unique_ptr(new DefaultAssuanTransaction)); } -AssuanResult Context::assuanTransact(const char *command, std::unique_ptr transaction) +Error Context::assuanTransact(const char *command, std::unique_ptr transaction) { + gpgme_error_t err, operr; + d->lastop = Private::AssuanTransact; d->lastAssuanTransaction = std::move(transaction); if (!d->lastAssuanTransaction.get()) { - return AssuanResult(Error(d->lasterr = make_error(GPG_ERR_INV_ARG))); + return Error(d->lasterr = make_error(GPG_ERR_INV_ARG)); } - d->lasterr = gpgme_op_assuan_transact(d->ctx, command, - assuan_transaction_data_callback, - d->lastAssuanTransaction.get(), - assuan_transaction_inquire_callback, - d, // sic! - assuan_transaction_status_callback, - d->lastAssuanTransaction.get()); - return AssuanResult(d->ctx, d->lasterr); + err = gpgme_op_assuan_transact_ext + (d->ctx, + command, + assuan_transaction_data_callback, + d->lastAssuanTransaction.get(), + assuan_transaction_inquire_callback, + d, + assuan_transaction_status_callback, + d->lastAssuanTransaction.get(), + &operr); + + if (!err) + err = operr; + d->lasterr = err; + + return Error(d->lasterr); } Error Context::startAssuanTransaction(const char *command) @@ -830,27 +839,26 @@ Error Context::startAssuanTransaction(const char *command) Error Context::startAssuanTransaction(const char *command, std::unique_ptr transaction) { + gpgme_error_t err; + d->lastop = Private::AssuanTransact; d->lastAssuanTransaction = std::move(transaction); if (!d->lastAssuanTransaction.get()) { return Error(d->lasterr = make_error(GPG_ERR_INV_ARG)); } - return Error(d->lasterr = gpgme_op_assuan_transact_start(d->ctx, command, - assuan_transaction_data_callback, - d->lastAssuanTransaction.get(), - assuan_transaction_inquire_callback, - d, // sic! - assuan_transaction_status_callback, - d->lastAssuanTransaction.get())); -} + err = gpgme_op_assuan_transact_start + (d->ctx, + command, + assuan_transaction_data_callback, + d->lastAssuanTransaction.get(), + assuan_transaction_inquire_callback, + d, + assuan_transaction_status_callback, + d->lastAssuanTransaction.get()); -AssuanResult Context::assuanResult() const -{ - if (d->lastop & Private::AssuanTransact) { - return AssuanResult(d->ctx, d->lasterr); - } else { - return AssuanResult(); - } + d->lasterr = err; + + return Error(d->lasterr); } AssuanTransaction *Context::lastAssuanTransaction() const diff --git a/lang/cpp/src/context.h b/lang/cpp/src/context.h index 29eba91..6518d4c 100644 --- a/lang/cpp/src/context.h +++ b/lang/cpp/src/context.h @@ -46,7 +46,6 @@ class EventLoopInteractor; class EditInteractor; class AssuanTransaction; -class AssuanResult; class KeyListResult; class KeyGenerationResult; class ImportResult; @@ -240,11 +239,10 @@ public: // Assuan Transactions // - AssuanResult assuanTransact(const char *command, std::unique_ptr transaction); - AssuanResult assuanTransact(const char *command); + GpgME::Error assuanTransact(const char *command, std::unique_ptr transaction); + GpgME::Error assuanTransact(const char *command); GpgME::Error startAssuanTransaction(const char *command, std::unique_ptr transaction); GpgME::Error startAssuanTransaction(const char *command); - AssuanResult assuanResult() const; AssuanTransaction *lastAssuanTransaction() const; std::unique_ptr takeLastAssuanTransaction(); diff --git a/lang/cpp/src/vfsmountresult.h b/lang/cpp/src/vfsmountresult.h index abdd655..b46eeb1 100644 --- a/lang/cpp/src/vfsmountresult.h +++ b/lang/cpp/src/vfsmountresult.h @@ -73,4 +73,4 @@ GPGMEPP_EXPORT std::ostream &operator<<(std::ostream &os, const VfsMountResult & GPGMEPP_MAKE_STD_SWAP_SPECIALIZATION(VfsMountResult) -#endif // __GPGMEPP_ASSUANRESULT_H__ +#endif // __GPGMEPP_VFSMOUNTRESULT_H__ ----------------------------------------------------------------------- Summary of changes: lang/cpp/src/Makefile.am | 4 +- lang/cpp/src/assuanresult.cpp | 90 ------------------------------------------- lang/cpp/src/assuanresult.h | 79 ------------------------------------- lang/cpp/src/context.cpp | 62 ++++++++++++++++------------- lang/cpp/src/context.h | 6 +-- lang/cpp/src/vfsmountresult.h | 2 +- 6 files changed, 40 insertions(+), 203 deletions(-) delete mode 100644 lang/cpp/src/assuanresult.cpp delete mode 100644 lang/cpp/src/assuanresult.h hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Aug 24 15:51:32 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 24 Aug 2016 15:51:32 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-6-g460568d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 460568d341851ac79dd100e00e4eafcac1318148 (commit) via 95e9a97b32623eeab03cb8e86a00f810c18bcd5f (commit) from 54245979e691129ed9d3a6c642087fb8d3227449 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 460568d341851ac79dd100e00e4eafcac1318148 Author: Werner Koch Date: Wed Aug 24 15:48:21 2016 +0200 wks: Add command --supported to gpg-wks-client. * tools/gpg-wks-client.c (aSupported): New. (opts): Add --supported. (parse_arguments): Ditto. (main): Call command_supported. (command_supported): New. Signed-off-by: Werner Koch diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c index 2c9cc4f..34b26ea 100644 --- a/tools/gpg-wks-client.c +++ b/tools/gpg-wks-client.c @@ -49,6 +49,7 @@ enum cmd_and_opt_values oDebug = 500, + aSupported, aCreate, aReceive, aRead, @@ -64,6 +65,8 @@ enum cmd_and_opt_values static ARGPARSE_OPTS opts[] = { ARGPARSE_group (300, ("@Commands:\n ")), + ARGPARSE_c (aSupported, "supported", + ("check whether provider supports WKS")), ARGPARSE_c (aCreate, "create", ("create a publication request")), ARGPARSE_c (aReceive, "receive", @@ -98,6 +101,7 @@ static struct debug_flags_s debug_flags [] = static void wrong_args (const char *text) GPGRT_ATTR_NORETURN; +static gpg_error_t command_supported (char *userid); static gpg_error_t command_send (const char *fingerprint, char *userid); static gpg_error_t process_confirmation_request (estream_t msg); static gpg_error_t command_receive_cb (void *opaque, @@ -174,6 +178,7 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts) opt.output = pargs->r.ret_str; break; + case aSupported: case aCreate: case aReceive: case aRead: @@ -237,6 +242,14 @@ main (int argc, char **argv) /* Run the selected command. */ switch (cmd) { + case aSupported: + if (argc != 1) + wrong_args ("--supported USER-ID"); + err = command_supported (argv[0]); + if (err && gpg_err_code (err) != GPG_ERR_FALSE) + log_error ("checking support failed: %s\n", gpg_strerror (err)); + break; + case aCreate: if (argc != 2) wrong_args ("--create FINGERPRINT USER-ID"); @@ -381,6 +394,48 @@ get_key (estream_t *r_key, const char *fingerprint, const char *addrspec) +/* Check whether the provider supports the WKS protocol. */ +static gpg_error_t +command_supported (char *userid) +{ + gpg_error_t err; + char *addrspec = NULL; + char *submission_to = NULL; + + addrspec = mailbox_from_userid (userid); + if (!addrspec) + { + log_error (_("\"%s\" is not a proper mail address\n"), userid); + err = gpg_error (GPG_ERR_INV_USER_ID); + goto leave; + } + + /* Get the submission address. */ + err = wkd_get_submission_address (addrspec, &submission_to); + if (err) + { + if (gpg_err_code (err) == GPG_ERR_NO_DATA + || gpg_err_code (err) == GPG_ERR_UNKNOWN_HOST) + { + if (opt.verbose) + log_info ("provider for '%s' does NOT support WKS (%s)\n", + addrspec, gpg_strerror (err)); + err = gpg_error (GPG_ERR_FALSE); + log_inc_errorcount (); + } + goto leave; + } + if (opt.verbose) + log_info ("provider for '%s' supports WKS\n", addrspec); + + leave: + xfree (submission_to); + xfree (addrspec); + return err; +} + + + /* Locate the key by fingerprint and userid and send a publication * request. */ static gpg_error_t commit 95e9a97b32623eeab03cb8e86a00f810c18bcd5f Author: Werner Koch Date: Wed Aug 24 15:31:44 2016 +0200 doc: Some additional source comments -- diff --git a/common/mbox-util.c b/common/mbox-util.c index c451198..9072275 100644 --- a/common/mbox-util.c +++ b/common/mbox-util.c @@ -18,6 +18,10 @@ * along with this program; if not, see . */ +/* NB: GPGME uses the same code to reflect our idea on how to extract + * a mail address from a user id. + */ + #include #include #include diff --git a/doc/DETAILS b/doc/DETAILS index dc8ba1f..332e686 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -701,7 +701,8 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB: This status identifies the key and the userid for all following Tofu information. The fingerprint is the fingerprint of the primary key and the mbox is in general the addr-spec part of the - userid encoded in UTF-8 and percent escaped. + userid encoded in UTF-8 and percent escaped. The fingerprint is + indentical for all TOFU_USER lines up to a NEWSIG line. *** TOFU_STATS

0 [ [ ]] ----------------------------------------------------------------------- Summary of changes: common/mbox-util.c | 4 ++++ doc/DETAILS | 3 ++- tools/gpg-wks-client.c | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 61 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Aug 24 16:07:57 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 24 Aug 2016 16:07:57 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-304-g1eefc2d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 1eefc2d43c0adb2ce516f8e3509ace2fb562e401 (commit) from e20b0f0201543834f15c5d50cd3b2ece69a35d70 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1eefc2d43c0adb2ce516f8e3509ace2fb562e401 Author: Werner Koch Date: Wed Aug 24 16:04:54 2016 +0200 core: Set the 'encrcount' field in gpgme_tofu_info_t. * src/verify.c (parse_tofu_stats): Set ENCRCOUNT field. Signed-off-by: Werner Koch diff --git a/src/verify.c b/src/verify.c index 075f1d6..e573b01 100644 --- a/src/verify.c +++ b/src/verify.c @@ -755,7 +755,7 @@ parse_tofu_user (gpgme_signature_t sig, char *args, gpgme_protocol_t protocol) /* Parse a TOFU_STATS line and store it in the last tofu info of SIG. * - * TOFU_STATS

0 [ [ ]] + * TOFU_STATS

[ [ ]] */ static gpgme_error_t parse_tofu_stats (gpgme_signature_t sig, char *args) @@ -790,7 +790,13 @@ parse_tofu_stats (gpgme_signature_t sig, char *args) uval = USHRT_MAX; ti->signcount = uval; - /* We skip the 0, which is RFU. */ + /* Parse the encr-count. */ + err = _gpgme_strtoul_field (field[2], &uval); + if (err) + return trace_gpg_error (GPG_ERR_INV_ENGINE); + if (uval > USHRT_MAX) + uval = USHRT_MAX; + ti->encrcount = uval; if (nfields == 3) return 0; /* All mandatory fields parsed. */ ----------------------------------------------------------------------- Summary of changes: src/verify.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Aug 24 19:59:21 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 24 Aug 2016 19:59:21 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-8-g0f1f02a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 0f1f02acc1cdcc2cf74a97b05507bb1f062f8af2 (commit) via 5eb2682686b32bd82096924eeabd0c5bd347adfd (commit) from 460568d341851ac79dd100e00e4eafcac1318148 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0f1f02acc1cdcc2cf74a97b05507bb1f062f8af2 Author: Werner Koch Date: Wed Aug 24 19:56:14 2016 +0200 gpg: Change TOFU_STATS to return timestamps. * g10/tofu.c (write_stats_status): Add arg FP to print a colon formated line. Adjust for changed TOFU_STATS interface. (show_statistics): Let the query return timestamps and use gnupg_get-time to compute the "time ago" values. Signed-off-by: Werner Koch diff --git a/doc/DETAILS b/doc/DETAILS index 332e686..454f2e3 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -60,6 +60,7 @@ described here. - pkd :: Public key data [*] - grp :: Keygrip - rvk :: Revocation key + - tfs :: TOFU statistics [*] - tru :: Trust database information [*] - spk :: Signature subpacket [*] - cfg :: Configuration data [*] @@ -230,6 +231,20 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB: !--------- index (eg. DSA goes from 0 to 3: p,q,g,y) #+end_example +*** TFS - TOFU statistics + + This field may follows a UID record to convey information about + the TOFU database. The information is similar to a TOFU_STATS + status line. + + - Field 2 :: tfs record version (must be 1) + - Field 3 :: validity - A number with validity code. + - Field 4 :: signcount - The number of signatures seen. + - Field 5 :: encrcount - The number of encryptions done. + - Field 6 :: policy - A string with the policy + - Field 7 :: first-seen - a timestamp or 0 if not known. + - Field 8 :: most-recent-seen - a timestamp or 0 if not known. + *** TRU - Trust database information Example for a "tru" trust base record: #+begin_example @@ -723,9 +738,9 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB: - ask :: Policy is "ask" - unknown :: Policy is not known. - TM1 gives the number of seconds since the the first messages was - verified. TM2 gives the number of seconds since the most recent - message was verified. + TM1 ist the time the first messages was verified. TM2 is the time + the most recent message was verified. Both may either be seconds + since Epoch or an ISO time string (yyyymmddThhmmss). *** TOFU_STATS_SHORT diff --git a/g10/tofu.c b/g10/tofu.c index ef14e85..29318c7 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -1872,14 +1872,13 @@ time_ago_str (long long int t) } -/* Write TOFU_STATS status line. */ +/* If FP is NULL, write TOFU_STATS status line. If FP is not NULL + * write a "tfs" record to that stream. */ static void -write_stats_status (long messages, enum tofu_policy policy, - long first_seen_ago, long most_recent_seen_ago) +write_stats_status (estream_t fp, long messages, enum tofu_policy policy, + unsigned long first_seen, + unsigned long most_recent_seen) { - char numbuf1[35]; - char numbuf2[35]; - char numbuf3[35]; const char *validity; if (messages < 1) @@ -1891,19 +1890,33 @@ write_stats_status (long messages, enum tofu_policy policy, else validity = "4"; /* Key with a lot of history. */ - snprintf (numbuf1, sizeof numbuf1, " %ld", messages); - *numbuf2 = *numbuf3 = 0; - if (first_seen_ago >= 0 && most_recent_seen_ago >= 0) + if (fp) { - snprintf (numbuf2, sizeof numbuf2, " %ld", first_seen_ago); - snprintf (numbuf3, sizeof numbuf3, " %ld", most_recent_seen_ago); + es_fprintf (fp, "tfs:1:%s:%ld:0:%s:%lu:%lu:\n", + validity, messages, + tofu_policy_str (policy), + first_seen, most_recent_seen); } + else + { + char numbuf1[35]; + char numbuf2[35]; + char numbuf3[35]; + + snprintf (numbuf1, sizeof numbuf1, " %ld", messages); + *numbuf2 = *numbuf3 = 0; + if (first_seen && most_recent_seen) + { + snprintf (numbuf2, sizeof numbuf2, " %lu", first_seen); + snprintf (numbuf3, sizeof numbuf3, " %lu", most_recent_seen); + } - write_status_strings (STATUS_TOFU_STATS, - validity, numbuf1, " 0", - " ", tofu_policy_str (policy), - numbuf2, numbuf3, - NULL); + write_status_strings (STATUS_TOFU_STATS, + validity, numbuf1, " 0", + " ", tofu_policy_str (policy), + numbuf2, numbuf3, + NULL); + } } static void @@ -1920,8 +1933,7 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint, rc = gpgsql_exec_printf (dbs->db, strings_collect_cb, &strlist, &err, - "select count (*), strftime('%%s','now') - min (signatures.time),\n" - " strftime('%%s','now') - max (signatures.time)\n" + "select count (*), min (signatures.time), max (signatures.time)\n" " from signatures\n" " left join bindings on signatures.binding = bindings.oid\n" " where fingerprint = %Q and email = %Q and sig_digest %s%s%s;", @@ -1939,6 +1951,7 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint, goto out; } + write_status_text_and_buffer (STATUS_TOFU_USER, fingerprint, email, strlen (email), 0); @@ -1946,13 +1959,14 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint, { log_info (_("Have never verified a message signed by key %s!\n"), fingerprint_pp); - write_stats_status (0, TOFU_POLICY_NONE, -1, -1); + write_stats_status (NULL, 0, TOFU_POLICY_NONE, 0, 0); } else { + unsigned long now = gnupg_get_time (); signed long messages; - signed long first_seen_ago; - signed long most_recent_seen_ago; + unsigned long first_seen; + unsigned long most_recent_seen; log_assert (strlist_length (strlist) == 3); @@ -1960,19 +1974,32 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint, if (messages == 0 && *strlist->next->d == '\0') { /* min(NULL) => NULL => "". */ - first_seen_ago = -1; - most_recent_seen_ago = -1; + first_seen = 0; + most_recent_seen = 0; } else { - string_to_long (&first_seen_ago, strlist->next->d, -1, __LINE__); - string_to_long (&most_recent_seen_ago, strlist->next->next->d, -1, - __LINE__); + string_to_ulong (&first_seen, strlist->next->d, -1, __LINE__); + if (first_seen > now) + { + log_debug ("time-warp - tofu DB has a future value (%lu, %lu)\n", + first_seen, now); + first_seen = now; + } + string_to_ulong (&most_recent_seen, strlist->next->next->d, -1, + __LINE__); + if (most_recent_seen > now) + { + log_debug ("time-warp - tofu DB has a future value (%lu, %lu)\n", + most_recent_seen, now); + most_recent_seen = now; + } + } - if (messages == -1 || first_seen_ago == -1) + if (messages == -1 || !first_seen) { - write_stats_status (0, TOFU_POLICY_NONE, -1, -1); + write_stats_status (NULL, 0, TOFU_POLICY_NONE, 0, 0); log_info (_("Failed to collect signature statistics for \"%s\"\n" "(key %s)\n"), user_id, fingerprint_pp); @@ -1983,8 +2010,8 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint, estream_t fp; char *msg; - write_stats_status (messages, policy, - first_seen_ago, most_recent_seen_ago); + write_stats_status (NULL, messages, policy, + first_seen, most_recent_seen); fp = es_fopenmem (0, "rw,samethread"); if (! fp) @@ -1999,7 +2026,7 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint, } else { - char *first_seen_ago_str = time_ago_str (first_seen_ago); + char *first_seen_ago_str = time_ago_str (now - first_seen); /* TRANSLATORS: The final %s is replaced by a string like "7 months, 1 day, 5 minutes, 0 seconds". */ @@ -2013,7 +2040,7 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint, if (messages > 1) { - char *tmpstr = time_ago_str (most_recent_seen_ago); + char *tmpstr = time_ago_str (now - most_recent_seen); es_fputs (" ", fp); es_fprintf (fp, _("The most recent message was" " verified %s ago."), tmpstr); commit 5eb2682686b32bd82096924eeabd0c5bd347adfd Author: Werner Koch Date: Wed Aug 24 18:37:55 2016 +0200 common: Guarantee that gnupg_get_time does not return an error. * common/gettime.c (gnupg_get_time): Abor if time() failed. (gnupg_get_isotime): Remove now useless check. (make_timestamp): Remove check becuase we already checked this modulo the faked time thing. -- In reality a call foo = time (NULL) can never fail because the only defined error is EFAULT, but we don't provide a buffer. Signed-off-by: Werner Koch diff --git a/common/gettime.c b/common/gettime.c index dd9c196..9702bbc 100644 --- a/common/gettime.c +++ b/common/gettime.c @@ -60,6 +60,9 @@ time_t gnupg_get_time () { time_t current = time (NULL); + if (current == (time_t)(-1)) + log_fatal ("time() failed\n"); + if (timemode == NORMAL) return current; else if (timemode == FROZEN) @@ -99,22 +102,16 @@ void gnupg_get_isotime (gnupg_isotime_t timebuf) { time_t atime = gnupg_get_time (); + struct tm *tp; + struct tm tmbuf; - if (atime == (time_t)(-1)) + tp = gnupg_gmtime (&atime, &tmbuf); + if (!tp) *timebuf = 0; else - { - struct tm *tp; - struct tm tmbuf; - - tp = gnupg_gmtime (&atime, &tmbuf); - if (!tp) - *timebuf = 0; - else - snprintf (timebuf, 16, "%04d%02d%02dT%02d%02d%02d", - 1900 + tp->tm_year, tp->tm_mon+1, tp->tm_mday, - tp->tm_hour, tp->tm_min, tp->tm_sec); - } + snprintf (timebuf, 16, "%04d%02d%02dT%02d%02d%02d", + 1900 + tp->tm_year, tp->tm_mon+1, tp->tm_mday, + tp->tm_hour, tp->tm_min, tp->tm_sec); } @@ -164,9 +161,6 @@ u32 make_timestamp (void) { time_t t = gnupg_get_time (); - - if (t == (time_t)-1) - log_fatal ("gnupg_get_time() failed\n"); return (u32)t; } ----------------------------------------------------------------------- Summary of changes: common/gettime.c | 26 +++++++--------- doc/DETAILS | 21 +++++++++++-- g10/tofu.c | 91 ++++++++++++++++++++++++++++++++++++-------------------- 3 files changed, 87 insertions(+), 51 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Aug 24 20:13:38 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 24 Aug 2016 20:13:38 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-305-g38798fe Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 38798fee5b539d6153a8a7856152959412ee59b5 (commit) from 1eefc2d43c0adb2ce516f8e3509ace2fb562e401 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 38798fee5b539d6153a8a7856152959412ee59b5 Author: Werner Koch Date: Wed Aug 24 20:10:36 2016 +0200 core: Adjust for TOFU_STATS change in gnupg 2.1.16. * src/gpgme.h.in (_gpgme_tofu_info): Change 'firstseen' and 'lastseen' to a timestamp value. * src/verify.c (parse_tofu_stats): Do not cap these values at UINT_MAX. -- Using an unsigned long here is okay: We will never get an error and even on machines where unsigned long is 32 bit (e.g. Windows64) this allows us to operate until 2106. By then Windows will be a footnote in history or Windows128 has changed that type to something larger than 32 bit ;-) Signed-off-by: Werner Koch diff --git a/src/gpgme.h.in b/src/gpgme.h.in index c07cac8..79a7b9f 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -648,10 +648,10 @@ struct _gpgme_tofu_info /* Number of encryptions done with this binding. Capped at USHRT_MAX. */ unsigned short encrcount; - /* Number of seconds since the first and the most recently seen - * message was verified. */ - unsigned int firstseen; - unsigned int lastseen; + /* Number of seconds since Epoch when the first and the most + * recently seen message were verified. 0 means unknown. */ + unsigned long firstseen; + unsigned long lastseen; /* If non-NULL a human readable string summarizing the TOFU data. */ char *description; diff --git a/src/verify.c b/src/verify.c index e573b01..92eb333 100644 --- a/src/verify.c +++ b/src/verify.c @@ -818,20 +818,16 @@ parse_tofu_stats (gpgme_signature_t sig, char *args) if (nfields == 4) return 0; /* No more optional fields. */ - /* Parse first and last seen (none or both are required). */ + /* Parse first and last seen timestamps (none or both are required). */ if (nfields < 6) return trace_gpg_error (GPG_ERR_INV_ENGINE); /* "tm2" missing. */ err = _gpgme_strtoul_field (field[4], &uval); if (err) return trace_gpg_error (GPG_ERR_INV_ENGINE); - if (uval > UINT_MAX) - uval = UINT_MAX; ti->firstseen = uval; err = _gpgme_strtoul_field (field[5], &uval); if (err) return trace_gpg_error (GPG_ERR_INV_ENGINE); - if (uval > UINT_MAX) - uval = UINT_MAX; ti->lastseen = uval; return 0; ----------------------------------------------------------------------- Summary of changes: src/gpgme.h.in | 8 ++++---- src/verify.c | 6 +----- 2 files changed, 5 insertions(+), 9 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Aug 25 09:40:50 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 25 Aug 2016 09:40:50 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.15-9-g19d12be Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 19d12be3cea5b4ee8153287a2f2442913a5e07a1 (commit) from 0f1f02acc1cdcc2cf74a97b05507bb1f062f8af2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 19d12be3cea5b4ee8153287a2f2442913a5e07a1 Author: Werner Koch Date: Thu Aug 25 09:26:36 2016 +0200 gpg: New option --with-tofu-info. * g10/gpg.c (oWithTofuInfo): New. (opts): Add --with-tofu-info. (main): Set opt.with_tofu_info. * g10/options.h (struct opt): Add field WITH_TOFU_INFO. * g10/tofu.c (show_statistics): Add optional arg OUTFP and enter special mode if not NULL. Change all callers. (tofu_write_tfs_record): New. * g10/keylist.c (list_keyblock_colon): Do not print the tofu policy as part of the "uid" record. Print a new "tfs" record if the new option is set. * tests/openpgp/tofu.scm (getpolicy): Change from UID to TFS record. -- A separate option is required to avoid slowing down key listings. Foer example the current code takes for a keylisting in tofu+pgp mode 17 seconds while it takes more than 5 minutes if the option is used. Signed-off-by: Werner Koch diff --git a/doc/DETAILS b/doc/DETAILS index 454f2e3..cf779d2 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -52,7 +52,7 @@ described here. - sub :: Subkey (secondary key) - sec :: Secret key - ssb :: Secret subkey (secondary key) - - uid :: User id (only field 10 is used). + - uid :: User id - uat :: User attribute (same as user id except for field 10). - sig :: Signature - rev :: Revocation signature @@ -214,10 +214,6 @@ described here. For pub, sub, sec, and ssb records this field is used for the ECC curve name. -*** Field 18 - TOFU Policy - - This is the TOFU policy. It is either good, bad, unknown, ask or - auto. This is only shows for uid records. ** Special fields diff --git a/g10/gpg.c b/g10/gpg.c index e02efe4..3193e74 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -193,6 +193,11 @@ enum cmd_and_opt_values oWithKeygrip, oWithSecret, oWithWKDHash, + oWithColons, + oWithKeyData, + oWithTofuInfo, + oWithSigList, + oWithSigCheck, oAnswerYes, oAnswerNo, oKeyring, @@ -259,10 +264,6 @@ enum cmd_and_opt_values oNoOptions, oNoBatch, oHomedir, - oWithColons, - oWithKeyData, - oWithSigList, - oWithSigCheck, oSkipVerify, oSkipHiddenRecipients, oNoSkipHiddenRecipients, @@ -699,6 +700,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oHomedir, "homedir", "@"), ARGPARSE_s_n (oNoBatch, "no-batch", "@"), ARGPARSE_s_n (oWithColons, "with-colons", "@"), + ARGPARSE_s_n (oWithTofuInfo,"with-tofu-info", "@"), ARGPARSE_s_n (oWithKeyData,"with-key-data", "@"), ARGPARSE_s_n (oWithSigList,"with-sig-list", "@"), ARGPARSE_s_n (oWithSigCheck,"with-sig-check", "@"), @@ -2650,6 +2652,8 @@ main (int argc, char **argv) case oHomedir: break; case oNoBatch: opt.batch = 0; break; + case oWithTofuInfo: opt.with_tofu_info = 1; break; + case oWithKeyData: opt.with_key_data=1; /*FALLTHRU*/ case oWithColons: opt.with_colons=':'; break; diff --git a/g10/gpgv.c b/g10/gpgv.c index 4ef3e8b..1f2cecb 100644 --- a/g10/gpgv.c +++ b/g10/gpgv.c @@ -661,6 +661,17 @@ export_pubkey_buffer (ctrl_t ctrl, const char *keyspec, unsigned int options, } gpg_error_t +tofu_write_tfs_record (ctrl_t ctrl, estream_t fp, + PKT_public_key *pk, const char *user_id) +{ + (void)ctrl; + (void)fp; + (void)pk; + (void)user_id; + return gpg_error (GPG_ERR_GENERAL); +} + +gpg_error_t tofu_get_policy (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *user_id, enum tofu_policy *policy) { diff --git a/g10/keylist.c b/g10/keylist.c index 59344b2..a34ef64 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -1289,8 +1289,8 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock, char *str; PKT_user_id *uid = node->pkt->pkt.user_id; - if (attrib_fp && node->pkt->pkt.user_id->attrib_data != NULL) - dump_attribs (node->pkt->pkt.user_id, pk); + if (attrib_fp && uid->attrib_data != NULL) + dump_attribs (uid, pk); /* * Fixme: We need a valid flag here too */ @@ -1326,18 +1326,16 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock, es_fprintf (es_stdout, "%u %lu", uid->numattribs, uid->attrib_len); else es_write_sanitized (es_stdout, uid->name, uid->len, ":", NULL); - es_fprintf (es_stdout, "::::::::"); - if (opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP) - { -#ifdef USE_TOFU - enum tofu_policy policy; - if (! tofu_get_policy (ctrl, pk, uid, &policy) - && policy != TOFU_POLICY_NONE) - es_fprintf (es_stdout, "%s", tofu_policy_str (policy)); -#endif /*USE_TOFU*/ - } es_putc (':', es_stdout); es_putc ('\n', es_stdout); +#ifdef USE_TOFU + if (!uid->attrib_data && opt.with_tofu_info + && (opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP)) + { + /* Print a "tfs" record. */ + tofu_write_tfs_record (ctrl, es_stdout, pk, uid->name); + } +#endif /*USE_TOFU*/ } else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) { diff --git a/g10/options.h b/g10/options.h index 6b8f649..544be60 100644 --- a/g10/options.h +++ b/g10/options.h @@ -81,6 +81,7 @@ struct int with_fingerprint; /* Option --with-fingerprint active. */ int with_subkey_fingerprint; /* Option --with-subkey-fingerprint active. */ int with_keygrip; /* Option --with-keygrip active. */ + int with_tofu_info; /* Option --with-tofu_info active. */ int with_secret; /* Option --with-secret active. */ int with_wkd_hash; /* Option --with-wkd-hash. */ int fingerprint; /* list fingerprints */ diff --git a/g10/test-stubs.c b/g10/test-stubs.c index c5f2f79..55351b8 100644 --- a/g10/test-stubs.c +++ b/g10/test-stubs.c @@ -474,6 +474,17 @@ export_pubkey_buffer (ctrl_t ctrl, const char *keyspec, unsigned int options, } gpg_error_t +tofu_write_tfs_record (ctrl_t ctrl, estream_t fp, + PKT_public_key *pk, const char *user_id) +{ + (void)ctrl; + (void)fp; + (void)pk; + (void)user_id; + return gpg_error (GPG_ERR_GENERAL); +} + +gpg_error_t tofu_get_policy (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *user_id, enum tofu_policy *policy) { diff --git a/g10/tofu.c b/g10/tofu.c index 29318c7..9d562c2 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -1919,10 +1919,13 @@ write_stats_status (estream_t fp, long messages, enum tofu_policy policy, } } + +/* Note: If OUTFP is not NULL, this function merely prints a "tfs" record + * to OUTFP. In this case USER_ID is not required. */ static void show_statistics (tofu_dbs_t dbs, const char *fingerprint, const char *email, const char *user_id, - const char *sig_exclude) + const char *sig_exclude, estream_t outfp) { char *fingerprint_pp; int rc; @@ -1951,15 +1954,16 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint, goto out; } - - write_status_text_and_buffer (STATUS_TOFU_USER, fingerprint, - email, strlen (email), 0); + if (!outfp) + write_status_text_and_buffer (STATUS_TOFU_USER, fingerprint, + email, strlen (email), 0); if (! strlist) { - log_info (_("Have never verified a message signed by key %s!\n"), - fingerprint_pp); - write_stats_status (NULL, 0, TOFU_POLICY_NONE, 0, 0); + if (!outfp) + log_info (_("Have never verified a message signed by key %s!\n"), + fingerprint_pp); + write_stats_status (outfp, 0, TOFU_POLICY_NONE, 0, 0); } else { @@ -1999,10 +2003,17 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint, if (messages == -1 || !first_seen) { - write_stats_status (NULL, 0, TOFU_POLICY_NONE, 0, 0); - log_info (_("Failed to collect signature statistics for \"%s\"\n" - "(key %s)\n"), - user_id, fingerprint_pp); + write_stats_status (outfp, 0, TOFU_POLICY_NONE, 0, 0); + if (!outfp) + log_info (_("Failed to collect signature statistics for \"%s\"\n" + "(key %s)\n"), + user_id, fingerprint_pp); + } + else if (outfp) + { + write_stats_status (outfp, messages, + get_policy (dbs, fingerprint, email, NULL), + first_seen, most_recent_seen); } else { @@ -2010,7 +2021,8 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint, estream_t fp; char *msg; - write_stats_status (NULL, messages, policy, + write_stats_status (NULL, messages, + policy, first_seen, most_recent_seen); fp = es_fopenmem (0, "rw,samethread"); @@ -2313,7 +2325,7 @@ tofu_register (ctrl_t ctrl, PKT_public_key *pk, const char *user_id, /* It's only appropriate to show the statistics in an interactive context. */ show_statistics (dbs, fingerprint, email, user_id, - already_verified ? NULL : sig_digest); + already_verified ? NULL : sig_digest, NULL); xfree (email); xfree (fingerprint); @@ -2385,6 +2397,38 @@ tofu_wot_trust_combine (int tofu_base, int wot_base) } +/* Write a "tfs" record for a --with-colons listing. */ +gpg_error_t +tofu_write_tfs_record (ctrl_t ctrl, estream_t fp, + PKT_public_key *pk, const char *user_id) +{ + gpg_error_t err; + tofu_dbs_t dbs; + char *fingerprint; + char *email; + + if (!*user_id) + return 0; /* No TOFU stats possible for an empty ID. */ + + dbs = opendbs (ctrl); + if (!dbs) + { + err = gpg_error (GPG_ERR_GENERAL); + log_error (_("error opening TOFU database: %s\n"), gpg_strerror (err)); + return err; + } + + fingerprint = hexfingerprint (pk, NULL, 0); + email = email_from_user_id (user_id); + + show_statistics (dbs, fingerprint, email, user_id, NULL, fp); + + xfree (email); + xfree (fingerprint); + return 0; +} + + /* Return the validity (TRUST_NEVER, etc.) of the binding . @@ -2429,7 +2473,7 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, const char *user_id, trust_level = TRUST_UNDEFINED; if (may_ask && trust_level != TRUST_ULTIMATE) - show_statistics (dbs, fingerprint, email, user_id, NULL); + show_statistics (dbs, fingerprint, email, user_id, NULL, NULL); die: xfree (email); diff --git a/g10/tofu.h b/g10/tofu.h index e3ec819..d6854e9 100644 --- a/g10/tofu.h +++ b/g10/tofu.h @@ -88,6 +88,10 @@ int tofu_register (ctrl_t ctrl, PKT_public_key *pk, const char *user_id, interest when the trust model is tofu+pgp (TM_TOFU_PGP). */ int tofu_wot_trust_combine (int tofu, int wot); +/* Write a "tfs" record for a --with-colons listing. */ +gpg_error_t tofu_write_tfs_record (ctrl_t ctrl, estream_t fp, + PKT_public_key *pk, const char *user_id); + /* Determine the validity (TRUST_NEVER, etc.) of the binding . If MAY_ASK is 1, then this function may interact with the user. If not, TRUST_UNKNOWN is returned. If an diff --git a/tests/openpgp/tofu.scm b/tests/openpgp/tofu.scm index 2b302ba..448c253 100755 --- a/tests/openpgp/tofu.scm +++ b/tests/openpgp/tofu.scm @@ -46,11 +46,11 @@ ;; This function only supports keys with a single user id. (define (getpolicy keyid format . args) (let ((policy - (list-ref (assoc "uid" (gpg-with-colons + (list-ref (assoc "tfs" (gpg-with-colons `(--tofu-db-format ,format - --trust-model=tofu + --trust-model=tofu --with-tofu-info , at args - --list-keys ,keyid))) 17))) + --list-keys ,keyid))) 5))) (unless (member policy '("auto" "good" "unknown" "bad" "ask")) (error "Bad policy:" policy)) policy)) ----------------------------------------------------------------------- Summary of changes: doc/DETAILS | 6 +---- g10/gpg.c | 12 ++++++--- g10/gpgv.c | 11 ++++++++ g10/keylist.c | 22 +++++++-------- g10/options.h | 1 + g10/test-stubs.c | 11 ++++++++ g10/tofu.c | 72 ++++++++++++++++++++++++++++++++++++++++---------- g10/tofu.h | 4 +++ tests/openpgp/tofu.scm | 6 ++--- 9 files changed, 107 insertions(+), 38 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Aug 25 11:41:33 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 25 Aug 2016 11:41:33 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-306-g9ee1039 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 9ee103957e4136337b92d238283f8ef30fd4a7c5 (commit) from 38798fee5b539d6153a8a7856152959412ee59b5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9ee103957e4136337b92d238283f8ef30fd4a7c5 Author: Werner Koch Date: Thu Aug 25 11:38:03 2016 +0200 core: Add GPGME_KEYLIST_MODE_WITH_TOFU. * src/gpgme.h.in (GPGME_KEYLIST_MODE_WITH_TOFU): New. * src/engine-gpg.c (gpg_keylist_build_options): Use that. * src/keylist.c: Include limits.h. (parse_tfs_record): New. (keylist_colon_handler): Support TFS record. * tests/run-keylist.c: Include time.h. (isotimestr): New. (main): Add option --tofu. Print TOFU info. * tests/run-verify.c: Include time.h. (isotimestr): New. (print_result): Use isotimestr for TOFU dates. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index 1294e0b..da331b4 100644 --- a/NEWS +++ b/NEWS @@ -26,6 +26,7 @@ Noteworthy changes in version 1.7.0 (unreleased) [C25/A14/R_] GPGME_STATUS_TOFU_STATS NEW. GPGME_STATUS_TOFU_STATS_LONG NEW. GPGME_STATUS_NOTATION_FLAGS NEW. + GPGME_KEYLIST_MODE_WITH_TOFU NEW. GPGME_DATA_TYPE_PGP_ENCRYPTED NEW. GPGME_DATA_TYPE_PGP_SIGNATURE NEW. GPGME_DATA_ENCODING_MIME NEW. diff --git a/doc/gpgme.texi b/doc/gpgme.texi index 02551d9..dfc9548 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -2683,6 +2683,11 @@ signature notations on key signatures should be included in the listed keys. This only works if @code{GPGME_KEYLIST_MODE_SIGS} is also enabled. + at item GPGME_KEYLIST_MODE_WITH_TOFU +The @code{GPGME_KEYLIST_MODE_WITH_TOFU} symbol specifies that +information pertaining to the TOFU trust model should be included in +the listed keys. + @item GPGME_KEYLIST_MODE_WITH_SECRET The @code{GPGME_KEYLIST_MODE_WITH_SECRET} returns information about the presence of a corresponding secret key in a public key listing. A diff --git a/src/engine-gpg.c b/src/engine-gpg.c index 3edac6c..7036ee0 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -2338,8 +2338,13 @@ gpg_keylist_build_options (engine_gpg_t gpg, int secret_only, err = add_arg (gpg, "--with-fingerprint"); } + if (!err && (mode & GPGME_KEYLIST_MODE_WITH_TOFU) + && have_gpg_version (gpg, "2.1.16")) + err = add_arg (gpg, "--with-tofu-info"); + if (!err && (mode & GPGME_KEYLIST_MODE_WITH_SECRET)) err = add_arg (gpg, "--with-secret"); + if (!err && (mode & GPGME_KEYLIST_MODE_SIGS) && (mode & GPGME_KEYLIST_MODE_SIG_NOTATIONS)) @@ -2348,6 +2353,7 @@ gpg_keylist_build_options (engine_gpg_t gpg, int secret_only, if (!err) err = add_arg (gpg, "show-sig-subpackets=\"20,26\""); } + if (!err) { if ( (mode & GPGME_KEYLIST_MODE_EXTERN) ) @@ -2379,6 +2385,7 @@ gpg_keylist_build_options (engine_gpg_t gpg, int secret_only, ? "--check-sigs" : "--list-keys")); } } + if (!err) err = add_arg (gpg, "--"); diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 79a7b9f..57f3446 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -411,6 +411,7 @@ gpgme_protocol_t; #define GPGME_KEYLIST_MODE_SIGS 4 #define GPGME_KEYLIST_MODE_SIG_NOTATIONS 8 #define GPGME_KEYLIST_MODE_WITH_SECRET 16 +#define GPGME_KEYLIST_MODE_WITH_TOFU 32 #define GPGME_KEYLIST_MODE_EPHEMERAL 128 #define GPGME_KEYLIST_MODE_VALIDATE 256 @@ -843,7 +844,7 @@ struct _gpgme_user_id * NULL is stored. */ char *address; - /* The malloced tofo information or NULL. */ + /* The malloced TOFU information or NULL. */ gpgme_tofu_info_t tofu; }; typedef struct _gpgme_user_id *gpgme_user_id_t; diff --git a/src/keylist.c b/src/keylist.c index 38ddd0c..9f1e68d 100644 --- a/src/keylist.c +++ b/src/keylist.c @@ -33,6 +33,7 @@ #include #include #include +#include /* Suppress warning for accessing deprecated member "class". */ #define _GPGME_IN_GPGME @@ -403,6 +404,84 @@ parse_sec_field15 (gpgme_key_t key, gpgme_subkey_t subkey, char *field) } +/* Parse a tfs record. */ +static gpg_error_t +parse_tfs_record (gpgme_user_id_t uid, char **field, int nfield) +{ + gpg_error_t err; + gpgme_tofu_info_t ti; + unsigned long uval; + + /* We add only the first TOFU record in case future versions emit + * several. */ + if (uid->tofu) + return 0; + + /* Check that we have enough fields and that the version is supported. */ + if (nfield < 8 || atoi(field[1]) != 1) + return trace_gpg_error (GPG_ERR_INV_ENGINE); + + ti = calloc (1, sizeof *ti); + if (!ti) + return gpg_error_from_syserror (); + + /* Note that we allow a value of up to 7 which is what we can store + * in the ti->validity. */ + err = _gpgme_strtoul_field (field[2], &uval); + if (err || uval > 7) + goto inv_engine; + ti->validity = uval; + + /* Parse the sign-count. */ + err = _gpgme_strtoul_field (field[3], &uval); + if (err) + goto inv_engine; + if (uval > USHRT_MAX) + uval = USHRT_MAX; + ti->signcount = uval; + + /* Parse the encr-count. */ + err = _gpgme_strtoul_field (field[4], &uval); + if (err) + goto inv_engine; + if (uval > USHRT_MAX) + uval = USHRT_MAX; + ti->encrcount = uval; + + /* Parse the policy. */ + if (!strcmp (field[5], "none")) + ti->policy = GPGME_TOFU_POLICY_NONE; + else if (!strcmp (field[5], "auto")) + ti->policy = GPGME_TOFU_POLICY_AUTO; + else if (!strcmp (field[5], "good")) + ti->policy = GPGME_TOFU_POLICY_GOOD; + else if (!strcmp (field[5], "bad")) + ti->policy = GPGME_TOFU_POLICY_BAD; + else if (!strcmp (field[5], "ask")) + ti->policy = GPGME_TOFU_POLICY_ASK; + else /* "unknown" and invalid policy strings. */ + ti->policy = GPGME_TOFU_POLICY_UNKNOWN; + + /* Parse first and last seen timestamps. */ + err = _gpgme_strtoul_field (field[6], &uval); + if (err) + goto inv_engine; + ti->firstseen = uval; + err = _gpgme_strtoul_field (field[7], &uval); + if (err) + goto inv_engine; + ti->lastseen = uval; + + /* Ready. */ + uid->tofu = ti; + return 0; + + inv_engine: + free (ti); + return trace_gpg_error (GPG_ERR_INV_ENGINE); +} + + /* We have read an entire key into tmp_key and should now finish it. It is assumed that this releases tmp_key. */ static void @@ -426,7 +505,7 @@ keylist_colon_handler (void *priv, char *line) gpgme_ctx_t ctx = (gpgme_ctx_t) priv; enum { - RT_NONE, RT_SIG, RT_UID, RT_SUB, RT_PUB, RT_FPR, RT_GRP, + RT_NONE, RT_SIG, RT_UID, RT_TFS, RT_SUB, RT_PUB, RT_FPR, RT_GRP, RT_SSB, RT_SEC, RT_CRT, RT_CRS, RT_REV, RT_SPK } rectype = RT_NONE; @@ -483,6 +562,8 @@ keylist_colon_handler (void *priv, char *line) rectype = RT_GRP; else if (!strcmp (field[0], "uid") && key) rectype = RT_UID; + else if (!strcmp (field[0], "tfs") && key) + rectype = RT_TFS; else if (!strcmp (field[0], "sub") && key) rectype = RT_SUB; else if (!strcmp (field[0], "ssb") && key) @@ -492,10 +573,10 @@ keylist_colon_handler (void *priv, char *line) else rectype = RT_NONE; - /* Only look at signatures immediately following a user ID. For - this, clear the user ID pointer when encountering anything but a - signature. */ - if (rectype != RT_SIG && rectype != RT_REV) + /* Only look at signature and trust info records immediately + following a user ID. For this, clear the user ID pointer when + encountering anything but a signature or trust record. */ + if (rectype != RT_SIG && rectype != RT_REV && rectype != RT_TFS) opd->tmp_uid = NULL; /* Only look at subpackets immediately following a signature. For @@ -695,6 +776,15 @@ keylist_colon_handler (void *priv, char *line) } break; + case RT_TFS: + if (opd->tmp_uid) + { + err = parse_tfs_record (opd->tmp_uid, field, fields); + if (err) + return err; + } + break; + case RT_FPR: /* Field 10 has the fingerprint (take only the first one). */ if (fields >= 10 && field[9] && *field[9]) diff --git a/tests/run-keylist.c b/tests/run-keylist.c index bae2dbb..00f874d 100644 --- a/tests/run-keylist.c +++ b/tests/run-keylist.c @@ -26,6 +26,7 @@ #include #include #include +#include #include @@ -49,6 +50,7 @@ show_usage (int ex) " --local use GPGME_KEYLIST_MODE_LOCAL\n" " --extern use GPGME_KEYLIST_MODE_EXTERN\n" " --sigs use GPGME_KEYLIST_MODE_SIGS\n" + " --tofu use GPGME_KEYLIST_MODE_TOFU\n" " --sig-notations use GPGME_KEYLIST_MODE_SIG_NOTATIONS\n" " --ephemeral use GPGME_KEYLIST_MODE_EPHEMERAL\n" " --validate use GPGME_KEYLIST_MODE_VALIDATE\n" @@ -60,6 +62,26 @@ show_usage (int ex) } +static const char * +isotimestr (unsigned long value) +{ + time_t t; + static char buffer[25+5]; + struct tm *tp; + + if (!value) + return "none"; + t = value; + + tp = gmtime (&t); + snprintf (buffer, sizeof buffer, "%04d-%02d-%02d %02d:%02d:%02d", + 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday, + tp->tm_hour, tp->tm_min, tp->tm_sec); + return buffer; +} + + + int main (int argc, char **argv) { @@ -120,6 +142,11 @@ main (int argc, char **argv) mode |= GPGME_KEYLIST_MODE_EXTERN; argc--; argv++; } + else if (!strcmp (*argv, "--tofu")) + { + mode |= GPGME_KEYLIST_MODE_WITH_TOFU; + argc--; argv++; + } else if (!strcmp (*argv, "--sigs")) { mode |= GPGME_KEYLIST_MODE_SIGS; @@ -181,6 +208,7 @@ main (int argc, char **argv) while (!(err = gpgme_op_keylist_next (ctx, &key))) { gpgme_user_id_t uid; + gpgme_tofu_info_t ti; int nuids; int nsub; @@ -233,24 +261,42 @@ main (int argc, char **argv) for (nuids=0, uid=key->uids; uid; uid = uid->next, nuids++) { printf ("userid %d: %s\n", nuids, nonnull(uid->uid)); - printf (" mbox %d: %s\n", nuids, nonnull(uid->address)); + printf (" mbox: %s\n", nonnull(uid->address)); if (uid->email && uid->email != uid->address) - printf (" email %d: %s\n", nuids, uid->email); + printf (" email: %s\n", uid->email); if (uid->name) - printf (" name %d: %s\n", nuids, uid->name); + printf (" name: %s\n", uid->name); if (uid->comment) - printf (" cmmnt %d: %s\n", nuids, uid->comment); - printf (" valid %d: %s\n", nuids, + printf (" cmmnt: %s\n", uid->comment); + printf (" valid: %s\n", uid->validity == GPGME_VALIDITY_UNKNOWN? "unknown": uid->validity == GPGME_VALIDITY_UNDEFINED? "undefined": uid->validity == GPGME_VALIDITY_NEVER? "never": uid->validity == GPGME_VALIDITY_MARGINAL? "marginal": uid->validity == GPGME_VALIDITY_FULL? "full": uid->validity == GPGME_VALIDITY_ULTIMATE? "ultimate": "[?]"); + if ((ti = uid->tofu)) + { + printf (" tofu: %u (%s)\n", ti->validity, + ti->validity == 0? "conflict" : + ti->validity == 1? "no history" : + ti->validity == 2? "little history" : + ti->validity == 3? "enough history" : + ti->validity == 4? "lot of history" : "?"); + printf (" policy: %u (%s)\n", ti->policy, + ti->policy == GPGME_TOFU_POLICY_NONE? "none" : + ti->policy == GPGME_TOFU_POLICY_AUTO? "auto" : + ti->policy == GPGME_TOFU_POLICY_GOOD? "good" : + ti->policy == GPGME_TOFU_POLICY_UNKNOWN? "unknown" : + ti->policy == GPGME_TOFU_POLICY_BAD? "bad" : + ti->policy == GPGME_TOFU_POLICY_ASK? "ask" : "?"); + printf (" nsigs: %hu\n", ti->signcount); + printf (" nencr: %hu\n", ti->encrcount); + printf (" first: %s\n", isotimestr (ti->firstseen)); + printf (" last: %s\n", isotimestr (ti->lastseen)); + } } - - putchar ('\n'); if (import) diff --git a/tests/run-verify.c b/tests/run-verify.c index ef4dd32..3c18d3b 100644 --- a/tests/run-verify.c +++ b/tests/run-verify.c @@ -26,6 +26,7 @@ #include #include #include +#include #include @@ -36,6 +37,26 @@ static int verbose; + +static const char * +isotimestr (unsigned long value) +{ + time_t t; + static char buffer[25+5]; + struct tm *tp; + + if (!value) + return "none"; + t = value; + + tp = gmtime (&t); + snprintf (buffer, sizeof buffer, "%04d-%02d-%02d %02d:%02d:%02d", + 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday, + tp->tm_hour, tp->tm_min, tp->tm_sec); + return buffer; +} + + static gpg_error_t status_cb (void *opaque, const char *keyword, const char *value) { @@ -177,8 +198,8 @@ print_result (gpgme_verify_result_t result) ti->policy == GPGME_TOFU_POLICY_BAD? "bad" : ti->policy == GPGME_TOFU_POLICY_ASK? "ask" : "?"); printf (" sigcount : %hu\n", ti->signcount); - printf (" firstseen: %u\n", ti->firstseen); - printf (" lastseen : %u\n", ti->lastseen); + printf (" firstseen: %s\n", isotimestr (ti->firstseen)); + printf (" lastseen : %s\n", isotimestr (ti->lastseen)); printf (" desc ....: "); print_description (nonnull (ti->description), 15); } ----------------------------------------------------------------------- Summary of changes: NEWS | 1 + doc/gpgme.texi | 5 +++ src/engine-gpg.c | 7 ++++ src/gpgme.h.in | 3 +- src/keylist.c | 100 +++++++++++++++++++++++++++++++++++++++++++++++++--- tests/run-keylist.c | 60 +++++++++++++++++++++++++++---- tests/run-verify.c | 25 +++++++++++-- 7 files changed, 186 insertions(+), 15 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Aug 25 11:42:06 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Thu, 25 Aug 2016 11:42:06 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-309-gde7b67f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via de7b67f9b2e6bd43a036fa0bcc6a8ca4f5b10986 (commit) via abcd9a283ee8f81870622c8e1dbdc7aad38c0358 (commit) via ece8b02a839d6fc566fea7b6e59fabff164f6cf5 (commit) from 9ee103957e4136337b92d238283f8ef30fd4a7c5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit de7b67f9b2e6bd43a036fa0bcc6a8ca4f5b10986 Author: Andre Heinecke Date: Thu Aug 25 10:46:17 2016 +0200 Cpp: Change firstSeen / lastSeen return values * lang/cpp/src/tofuinfo.cpp, lang/cpp/src/tofuinfo.h (TofuInfo::firstSeen, TofuInfo::lastSeen): Change return values to unsigned long and update doc. diff --git a/lang/cpp/src/tofuinfo.cpp b/lang/cpp/src/tofuinfo.cpp index fe8f051..ade262b 100644 --- a/lang/cpp/src/tofuinfo.cpp +++ b/lang/cpp/src/tofuinfo.cpp @@ -123,12 +123,12 @@ unsigned short GpgME::TofuInfo::signCount() const return isNull() ? 0 : d->mInfo->signcount; } -unsigned int GpgME::TofuInfo::firstSeen() const +unsigned long GpgME::TofuInfo::firstSeen() const { return isNull() ? 0 : d->mInfo->firstseen; } -unsigned int GpgME::TofuInfo::lastSeen() const +unsigned long GpgME::TofuInfo::lastSeen() const { return isNull() ? 0 : d->mInfo->lastseen; } diff --git a/lang/cpp/src/tofuinfo.h b/lang/cpp/src/tofuinfo.h index 4835120..eb5dbcc 100644 --- a/lang/cpp/src/tofuinfo.h +++ b/lang/cpp/src/tofuinfo.h @@ -93,11 +93,11 @@ public: /* Number of signatures seen for this binding. Capped at USHRT_MAX. */ unsigned short signCount() const; - /* Number of seconds since the first message was verified. */ - unsigned int firstSeen() const; + /** Number of seconds since epoch when the first message was verified */ + unsigned long firstSeen() const; - /* Number of seconds since the last message was verified. */ - unsigned int lastSeen() const; + /** Number of seconds since epoch when the last message was verified */ + unsigned long lastSeen() const; /* If non-NULL a human readable string summarizing the TOFU data. */ const char *description() const; commit abcd9a283ee8f81870622c8e1dbdc7aad38c0358 Author: Andre Heinecke Date: Thu Aug 25 10:45:24 2016 +0200 Cpp: Add wrapper for gpgme_get_dirinfo * lang/cpp/src/context.cpp (dirInfo): New. * lang/cpp/src/global.h (dirInfo): New. diff --git a/lang/cpp/src/context.cpp b/lang/cpp/src/context.cpp index 2619084..62cad20 100644 --- a/lang/cpp/src/context.cpp +++ b/lang/cpp/src/context.cpp @@ -1489,6 +1489,11 @@ GpgME::EngineInfo GpgME::engineInfo(GpgME::Protocol proto) return EngineInfo(); } +const char *GpgME::dirInfo(const char *what) +{ + return gpgme_get_dirinfo(what); +} + GpgME::Error GpgME::checkEngine(GpgME::Protocol proto) { const gpgme_protocol_t p = proto == CMS ? GPGME_PROTOCOL_CMS : GPGME_PROTOCOL_OpenPGP ; diff --git a/lang/cpp/src/global.h b/lang/cpp/src/global.h index fc01d1e..3f12323 100644 --- a/lang/cpp/src/global.h +++ b/lang/cpp/src/global.h @@ -81,6 +81,15 @@ typedef void (*IOCallback)(void *data, int fd); GPGMEPP_EXPORT EngineInfo engineInfo(Protocol proto); GPGMEPP_EXPORT EngineInfo engineInfo(Engine engine); +/** Wrapper around gpgme_get_dirinfo. What can be: +homedir, sysconfdir, bindir, libexecdir, libdir, +datadir, localedir, agent-socket, agent-ssh-socket, +dirmngr-socket, uiserver-socket, gpgconf-name, gpg-name, +gpgsm-name, g13-name + +This may be extended in the future. +*/ +GPGMEPP_EXPORT const char *dirInfo(const char *what); GPGMEPP_EXPORT Error checkEngine(Protocol proto); GPGMEPP_EXPORT Error checkEngine(Engine engine); commit ece8b02a839d6fc566fea7b6e59fabff164f6cf5 Author: Andre Heinecke Date: Thu Aug 25 10:42:49 2016 +0200 Cpp: Add support for spawn engine * lang/cpp/src/context.cpp (Context::spawn, Context::spawnAsync): New. * lang/cpp/src/context.h: Add prototypes. (SpawnFlags): New. * lang/cpp/src/global.h (SpawnEngine): Added. diff --git a/lang/cpp/src/context.cpp b/lang/cpp/src/context.cpp index 4e66d3b..2619084 100644 --- a/lang/cpp/src/context.cpp +++ b/lang/cpp/src/context.cpp @@ -252,6 +252,15 @@ std::unique_ptr Context::createForEngine(Engine eng, Error *error) return std::unique_ptr(); } break; + case SpawnEngine: + if (const gpgme_error_t err = gpgme_set_protocol(ctx, GPGME_PROTOCOL_SPAWN)) { + gpgme_release(ctx); + if (error) { + *error = Error(err); + } + return std::unique_ptr(); + } + break; default: if (error) { *error = Error::fromCode(GPG_ERR_INV_ARG); @@ -1311,6 +1320,29 @@ Error Context::setPinentryMode(PinentryMode which) return Error(d->lasterr = gpgme_set_pinentry_mode(d->ctx, mode)); } +// Engine Spawn stuff +Error Context::spawn(const char *file, const char *argv[], + Data &input, Data &output, Data &err, + SpawnFlags flags) +{ + return Error(d->lasterr = gpgme_op_spawn (d->ctx, file, argv, + input.impl() ? input.impl()->data : nullptr, + output.impl() ? output.impl()->data : nullptr, + err.impl() ? err.impl()->data : nullptr, + static_cast(flags))); +} + +Error Context::spawnAsync(const char *file, const char *argv[], + Data &input, Data &output, Data &err, + SpawnFlags flags) +{ + return Error(d->lasterr = gpgme_op_spawn_start (d->ctx, file, argv, + input.impl() ? input.impl()->data : nullptr, + output.impl() ? output.impl()->data : nullptr, + err.impl() ? err.impl()->data : nullptr, + static_cast(flags))); +} + std::ostream &operator<<(std::ostream &os, Protocol proto) { os << "GpgME::Protocol("; @@ -1345,6 +1377,9 @@ std::ostream &operator<<(std::ostream &os, Engine eng) case AssuanEngine: os << "AssuanEngine"; break; + case SpawnEngine: + os << "SpawnEngine"; + break; default: case UnknownEngine: os << "UnknownEngine"; @@ -1474,6 +1509,8 @@ static gpgme_protocol_t engine2protocol(const GpgME::Engine engine) return GPGME_PROTOCOL_ASSUAN; case GpgME::G13Engine: return GPGME_PROTOCOL_G13; + case GpgME::SpawnEngine: + return GPGME_PROTOCOL_SPAWN; case GpgME::UnknownEngine: ; } diff --git a/lang/cpp/src/context.h b/lang/cpp/src/context.h index 6518d4c..f5e2b95 100644 --- a/lang/cpp/src/context.h +++ b/lang/cpp/src/context.h @@ -346,6 +346,34 @@ public: GpgME::Error createVFS(const char *containerFile, const std::vector &recipients); VfsMountResult mountVFS(const char *containerFile, const char *mountDir); + // Spawn Engine + enum SpawnFlags { + SpawnNone = 0, + SpawnDetached = 1, + SpawnAllowSetFg = 2 + }; + /** Spwan the process \a file with arguments \a argv. + * + * If a data parameter is null the /dev/null will be + * used. (Or other platform stuff). + * + * @param file The executable to start. + * @param argv list of arguments file should be argv[0]. + * @param input The data to be sent through stdin. + * @param output The data to be recieve the stdout. + * @param err The data to recieve stderr. + * @param flags Additional flags. + * + * @returns An error or empty error. + */ + GpgME::Error spawn(const char *file, const char *argv[], + Data &input, Data &output, Data &err, + SpawnFlags flags); + /** Async variant of spawn. Immediately returns after starting the + * process. */ + GpgME::Error spawnAsync(const char *file, const char *argv[], + Data &input, Data &output, + Data &err, SpawnFlags flags); // // // Run Control diff --git a/lang/cpp/src/global.h b/lang/cpp/src/global.h index 508e1d7..fc01d1e 100644 --- a/lang/cpp/src/global.h +++ b/lang/cpp/src/global.h @@ -53,7 +53,7 @@ GPGMEPP_EXPORT Error initializeLibrary(int); enum Protocol { OpenPGP, CMS, UnknownProtocol }; -enum Engine { GpgEngine, GpgSMEngine, GpgConfEngine, UnknownEngine, AssuanEngine, G13Engine }; +enum Engine { GpgEngine, GpgSMEngine, GpgConfEngine, UnknownEngine, AssuanEngine, G13Engine, SpawnEngine }; enum KeyListMode { Local = 0x1, ----------------------------------------------------------------------- Summary of changes: lang/cpp/src/context.cpp | 42 ++++++++++++++++++++++++++++++++++++++++++ lang/cpp/src/context.h | 28 ++++++++++++++++++++++++++++ lang/cpp/src/global.h | 11 ++++++++++- lang/cpp/src/tofuinfo.cpp | 4 ++-- lang/cpp/src/tofuinfo.h | 8 ++++---- 5 files changed, 86 insertions(+), 7 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Aug 25 14:40:35 2016 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Thu, 25 Aug 2016 14:40:35 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-311-gdf04b23 Message-ID: