[git] GnuPG - branch, master, updated. gnupg-2.1.12-78-g8d0ff5c
by Werner Koch
cvs at cvs.gnupg.org
Mon Jun 13 11:35:58 CEST 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 8d0ff5c2c23f556c8c88a8f7f0ab1555f8a17e74 (commit)
via 9e126af215143fddbdc3949681abb9ffdb9153bb (commit)
via 61e7fd68c05ed185728e9da45f7a44a2323065ad (commit)
via 08c82b1b55d28ffd09b859205b7686bcefae5011 (commit)
via 18b03e756b0f16a055a4bc5b919bd911f571d74f (commit)
via 2494ce190bff85e94146ce960bde89fde1596a6e (commit)
from 334e993a71d3abb7d30cb5ee05d578cecf0c3f67 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 8d0ff5c2c23f556c8c88a8f7f0ab1555f8a17e74
Author: Werner Koch <wk at gnupg.org>
Date: Mon Jun 13 11:34:16 2016 +0200
speedo,w32: Add gpg-preset-passphrase also to the uninstaller.
--
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/build-aux/speedo/w32/inst.nsi b/build-aux/speedo/w32/inst.nsi
index 44696e8..c8a09ae 100644
--- a/build-aux/speedo/w32/inst.nsi
+++ b/build-aux/speedo/w32/inst.nsi
@@ -1276,6 +1276,7 @@ Section "-un.gnupg"
Delete "$INSTDIR\bin\gpgconf.exe"
Delete "$INSTDIR\bin\gpg-connect-agent.exe"
Delete "$INSTDIR\bin\gpgtar.exe"
+ Delete "$INSTDIR\bin\gpg-preset-passphrase.exe"
Delete "$INSTDIR\share\gnupg\dirmngr-conf.skel"
Delete "$INSTDIR\share\gnupg\distsigkey.gpg"
commit 9e126af215143fddbdc3949681abb9ffdb9153bb
Author: Werner Koch <wk at gnupg.org>
Date: Mon Jun 13 11:32:38 2016 +0200
gpg: Un-deprecate option --auto-key-retrieve.
* g10/gpg.c (main): Remove deprecation warning.
--
Most options for the keyserver have been moved to dirmngr and thus it
does not make sense to favor "--keyserver-options auto-key-retrieve"
over the direct options --auto-key-retrieve and --no-auto-key-retrieve.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 182abb1..0f5a181 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1292,8 +1292,8 @@ the opposite meaning. The options are:
Enable PKA lookups to verify sender addresses. Note that PKA is based
on DNS, and so enabling this option may disclose information on when
and what signatures are verified or to whom data is encrypted. This
- is similar to the "web bug" described for the auto-key-retrieve
- feature.
+ is similar to the "web bug" described for the @option{--auto-key-retrieve}
+ option.
@item pka-trust-increase
@opindex verify-options:pka-trust-increase
@@ -1680,6 +1680,26 @@ mechanisms, in the order they are to be tried:
@end table
+ at item --auto-key-retrieve
+ at itemx --no-auto-key-retrieve
+ at opindex auto-key-retrieve
+ at opindex no-auto-key-retrieve
+This option enables the automatic retrieving of keys from a keyserver
+when verifying signatures made by keys that are not on the local
+keyring.
+
+If the method "wkd" is included in the list of methods given to
+ at option{auto-key-locate}, the Signer's User ID is part of the
+signature, and the option @option{--disable-signer-uid} is not used,
+the "wkd" method may also be used to retrieve a key.
+
+Note that this option makes a "web bug" like behavior possible.
+Keyserver or Web Key Directory operators can see which keys you
+request, so by sending you a message signed by a brand new key (which
+you naturally will not have on your local keyring), the operator can
+tell both your IP address and the time when you verified the
+signature.
+
@item --keyid-format @code{none|short|0xshort|long|0xlong}
@opindex keyid-format
Select how to display key IDs. "none" does not show the key ID at all
@@ -1738,19 +1758,7 @@ are available for all keyserver types, some common options are:
used with HKP keyservers.
@item auto-key-retrieve
- This option enables the automatic retrieving of keys from a keyserver
- when verifying signatures made by keys that are not on the local
- keyring. If the method "wkd" is included in the list of methods
- given to @option{auto-key-locate}, the Signer's User ID is part of
- the signature, and the option @option{--disable-signer-uid} is not used,
- the "wkd" method may also be used to retrieve a key.
-
- Note that this option makes a "web bug" like behavior possible.
- Keyserver or Web Key Directory operators can see which keys you
- request, so by sending you a message signed by a brand new key (which
- you naturally will not have on your local keyring), the operator can
- tell both your IP address and the time when you verified the
- signature.
+ This is the same as the option @option{auto-key-retrieve}.
@item honor-keyserver-url
When using @option{--refresh-keys}, if the key in question has a preferred
@@ -1762,9 +1770,9 @@ are available for all keyserver types, some common options are:
refreshed. Thus this option is not enabled by default.
@item honor-pka-record
- If auto-key-retrieve is set, and the signature being verified has a
- PKA record, then use the PKA information to fetch the key. Defaults
- to "yes".
+ If @option{--auto-key-retrieve} is used, and the signature being
+ verified has a PKA record, then use the PKA information to fetch
+ the key. Defaults to "yes".
@item include-subkeys
When receiving a key, include subkeys as potential targets. Note that
@@ -2354,7 +2362,7 @@ By default the user ID of the signing key is embedded in the data
signature. As of now this is only done if the signing key has been
specified with @option{local-user} using a mail address. This
information can be helpful for verifier to locate the key; see
- at option{--auto-key-retrieve}.
+option @option{--auto-key-retrieve}.
@item --personal-cipher-preferences @code{string}
@opindex personal-cipher-preferences
diff --git a/g10/gpg.c b/g10/gpg.c
index f6088f0..62e3227 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -3150,12 +3150,6 @@ main (int argc, char **argv)
opt.keyserver_options.options|=KEYSERVER_AUTO_KEY_RETRIEVE;
else
opt.keyserver_options.options&=~KEYSERVER_AUTO_KEY_RETRIEVE;
-
- deprecated_warning(configname,configlineno,
- pargs.r_opt==oAutoKeyRetrieve?"--auto-key-retrieve":
- "--no-auto-key-retrieve","--keyserver-options ",
- pargs.r_opt==oAutoKeyRetrieve?"auto-key-retrieve":
- "no-auto-key-retrieve");
break;
case oShowSessionKey: opt.show_session_key = 1; break;
case oOverrideSessionKey:
commit 61e7fd68c05ed185728e9da45f7a44a2323065ad
Author: Werner Koch <wk at gnupg.org>
Date: Mon Jun 13 11:24:09 2016 +0200
gpg: New option --disable-signer-uid, create Signer's UID sub-packet.
* g10/gpg.c (oDisableSignerUID): New.
(opts): New option '--disable-signer-uid'.
(main): Set option.
* g10/options.h (opt): Add field flags.disable_signer_uid.
* g10/sign.c: Include mbox-util.h.
(mk_notation_policy_etc): Embed the signer's uid.
* g10/mainproc.c (check_sig_and_print): Do not use WKD for auto key
retrieval if --disable-signer-uid is used.
--
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/doc/gpg.texi b/doc/gpg.texi
index f092b27..182abb1 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1740,13 +1740,17 @@ are available for all keyserver types, some common options are:
@item auto-key-retrieve
This option enables the automatic retrieving of keys from a keyserver
when verifying signatures made by keys that are not on the local
- keyring.
+ keyring. If the method "wkd" is included in the list of methods
+ given to @option{auto-key-locate}, the Signer's User ID is part of
+ the signature, and the option @option{--disable-signer-uid} is not used,
+ the "wkd" method may also be used to retrieve a key.
Note that this option makes a "web bug" like behavior possible.
- Keyserver operators can see which keys you request, so by sending you
- a message signed by a brand new key (which you naturally will not have
- on your local keyring), the operator can tell both your IP address and
- the time when you verified the signature.
+ Keyserver or Web Key Directory operators can see which keys you
+ request, so by sending you a message signed by a brand new key (which
+ you naturally will not have on your local keyring), the operator can
+ tell both your IP address and the time when you verified the
+ signature.
@item honor-keyserver-url
When using @option{--refresh-keys}, if the key in question has a preferred
@@ -2344,6 +2348,14 @@ Disable the use of the modification detection code. Note that by
using this option, the encrypted message becomes vulnerable to a
message modification attack.
+ at item --disable-signer-uid
+ at opindex disable-signer-uid
+By default the user ID of the signing key is embedded in the data
+signature. As of now this is only done if the signing key has been
+specified with @option{local-user} using a mail address. This
+information can be helpful for verifier to locate the key; see
+ at option{--auto-key-retrieve}.
+
@item --personal-cipher-preferences @code{string}
@opindex personal-cipher-preferences
Set the list of personal cipher preferences to @code{string}. Use
diff --git a/g10/gpg.c b/g10/gpg.c
index 87d06af..f6088f0 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -396,6 +396,7 @@ enum cmd_and_opt_values
oWeakDigest,
oUnwrap,
oOnlySignTextIDs,
+ oDisableSignerUID,
oNoop
};
@@ -550,6 +551,8 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oDisableMDC, "disable-mdc", "@"),
ARGPARSE_s_n (oNoDisableMDC, "no-disable-mdc", "@"),
+ ARGPARSE_s_n (oDisableSignerUID, "disable-signer-uid", "@"),
+
ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")),
ARGPARSE_s_n (oInteractive, "interactive", N_("prompt before overwriting")),
@@ -2799,6 +2802,9 @@ main (int argc, char **argv)
case oNoForceMDC: opt.force_mdc = 0; break;
case oDisableMDC: opt.disable_mdc = 1; break;
case oNoDisableMDC: opt.disable_mdc = 0; break;
+
+ case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break;
+
case oS2KMode: opt.s2k_mode = pargs.r.ret_int; break;
case oS2KDigest: s2k_digest_string = xstrdup(pargs.r.ret_str); break;
case oS2KCipher: s2k_cipher_string = xstrdup(pargs.r.ret_str); break;
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 7033de7..453d1b0 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -1823,6 +1823,7 @@ check_sig_and_print (CTX c, kbnode_t node)
* key from the WKD. */
if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
&& (opt.keyserver_options.options & KEYSERVER_AUTO_KEY_RETRIEVE)
+ && !opt.flags.disable_signer_uid
&& akl_has_wkd_method ()
&& sig->signers_uid)
{
diff --git a/g10/options.h b/g10/options.h
index bf5831d..0a87b90 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -234,6 +234,7 @@ struct
unsigned int allow_multiple_messages:1;
unsigned int allow_weak_digest_algos:1;
unsigned int large_rsa:1;
+ unsigned int disable_signer_uid:1;
} flags;
/* Linked list of ways to find a key if the key isn't on the local
@@ -290,7 +291,7 @@ struct {
#define DBG_IPC_VALUE 1024 /* debug assuan communication */
#define DBG_CARD_IO_VALUE 2048 /* debug smart card I/O. */
#define DBG_CLOCK_VALUE 4096
-#define DBG_LOOKUP_VALUE 8192 /* debug the kety lookup */
+#define DBG_LOOKUP_VALUE 8192 /* debug the key lookup */
#define DBG_EXTPROG_VALUE 16384 /* debug external program calls */
/* Tests for the debugging flags. */
diff --git a/g10/sign.c b/g10/sign.c
index 833b6ef..a4974be 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -40,7 +40,7 @@
#include "pkglue.h"
#include "sysutils.h"
#include "call-agent.h"
-
+#include "mbox-util.h"
#ifdef HAVE_DOSISH_SYSTEM
#define LF "\r\n"
@@ -144,6 +144,20 @@ mk_notation_policy_etc (PKT_signature *sig,
p, strlen (p));
xfree (p);
}
+
+ /* Set signer's user id. */
+ if (IS_SIG (sig) && !opt.flags.disable_signer_uid)
+ {
+ char *mbox;
+
+ /* For now we use the uid which was used to locate the key. */
+ if (pksk->user_id && (mbox = mailbox_from_userid (pksk->user_id->name)))
+ {
+ if (DBG_LOOKUP)
+ log_debug ("setting Signer's UID to '%s'\n", mbox);
+ build_sig_subpkt (sig, SIGSUBPKT_SIGNERS_UID, mbox, strlen (mbox));
+ }
+ }
}
commit 08c82b1b55d28ffd09b859205b7686bcefae5011
Author: Werner Koch <wk at gnupg.org>
Date: Mon Jun 13 10:40:34 2016 +0200
gpg: Try Signer's User ID sub-packet with --auto-key-retrieve.
* g10/packet.h (PKT_signature): Add field 'signers_uid'.
* g10/parse-packet.c (parse_signature): Set this field.
* g10/free-packet.c (free_seckey_enc): Free field.
(copy_signature): Copy field.
* g10/mainproc.c (akl_has_wkd_method): New.
(check_sig_and_print): Extend NEWSIG status. If WKD is enabled try to
locate a missing key via the signature's Signer's User ID sub-packet.
Do this right before trying a keyserver lookup.
--
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/doc/DETAILS b/doc/DETAILS
index d2df9ac..2fcdb28 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -341,10 +341,12 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
arguments in future versions.
** General status codes
-*** NEWSIG
+*** NEWSIG [<signers_uid>]
Is issued right before a signature verification starts. This is
- useful to define a context for parsing ERROR status messages. No
- arguments are currently defined.
+ useful to define a context for parsing ERROR status messages.
+ arguments are currently defined. If SIGNERS_UID is given and is
+ not "-" this is the percent escape value of the OpenPGP Signer's
+ User ID signature sub-packet.
*** GOODSIG <long_keyid_or_fpr> <username>
The signature with the keyid is good. For each signature only one
diff --git a/g10/free-packet.c b/g10/free-packet.c
index 8176e36..3883f87 100644
--- a/g10/free-packet.c
+++ b/g10/free-packet.c
@@ -82,6 +82,7 @@ free_seckey_enc( PKT_signature *sig )
xfree (sig->pka_info->uri);
xfree (sig->pka_info);
}
+ xfree (sig->signers_uid);
xfree(sig);
}
@@ -258,6 +259,8 @@ copy_signature( PKT_signature *d, PKT_signature *s )
d->pka_info = s->pka_info? cp_pka_info (s->pka_info) : NULL;
d->hashed = cp_subpktarea (s->hashed);
d->unhashed = cp_subpktarea (s->unhashed);
+ if (s->signers_uid)
+ d->signers_uid = xstrdup (s->signers_uid);
if(s->numrevkeys)
{
d->revkey=NULL;
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 15dc4b9..7033de7 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -1541,6 +1541,19 @@ pka_uri_from_sig (CTX c, PKT_signature *sig)
}
+/* Return true if the AKL has the WKD method specified. */
+static int
+akl_has_wkd_method (void)
+{
+ struct akl *akl;
+
+ for (akl = opt.auto_key_locate; akl; akl = akl->next)
+ if (akl->type == AKL_WKD)
+ return 1;
+ return 0;
+}
+
+
static void
print_good_bad_signature (int statno, const char *keyid_str, kbnode_t un,
PKT_signature *sig, int rc)
@@ -1697,7 +1710,11 @@ check_sig_and_print (CTX c, kbnode_t node)
}
}
- write_status_text (STATUS_NEWSIG, NULL);
+ if (sig->signers_uid)
+ write_status_buffer (STATUS_NEWSIG,
+ sig->signers_uid, strlen (sig->signers_uid), 0);
+ else
+ write_status_text (STATUS_NEWSIG, NULL);
astr = openpgp_pk_algo_name ( sig->pubkey_algo );
if (keystrlen () > 8)
@@ -1713,8 +1730,7 @@ check_sig_and_print (CTX c, kbnode_t node)
rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey );
- /* If the key isn't found, check for a preferred keyserver */
-
+ /* If the key isn't found, check for a preferred keyserver. */
if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY && sig->flags.pref_ks)
{
const byte *p;
@@ -1755,8 +1771,8 @@ check_sig_and_print (CTX c, kbnode_t node)
}
}
- /* If the preferred keyserver thing above didn't work, our second
- try is to use the URI from a DNS PKA record. */
+ /* If the avove methods didn't work, our next try is to use the URI
+ * from a DNS PKA record. */
if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
&& (opt.keyserver_options.options & KEYSERVER_AUTO_KEY_RETRIEVE)
&& (opt.keyserver_options.options & KEYSERVER_HONOR_PKA_RECORD))
@@ -1775,17 +1791,54 @@ check_sig_and_print (CTX c, kbnode_t node)
{
glo_ctrl.in_auto_key_retrieve++;
res = keyserver_import_keyid (c->ctrl, sig->keyid, spec);
- glo_ctrl.in_auto_key_retrieve--;
- free_keyserver_spec (spec);
- if (!res)
- rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey );
+ glo_ctrl.in_auto_key_retrieve--;
+ free_keyserver_spec (spec);
+ if (!res)
+ rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey );
}
}
}
- /* If the preferred keyserver thing above didn't work and we got
- no information from the DNS PKA, this is a third try. */
+ /* If the above methods didn't work, our next try is to use locate
+ * the key via its fingerprint from a keyserver. This requires
+ * that the signers fingerprint is encoded in the signature. We
+ * favor this over the WKD method (to be tried next), because an
+ * arbitrary keyserver is less subject to web bug like
+ * monitoring. */
+ /* if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY */
+ /* && signature_hash_full_fingerprint (sig) */
+ /* && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE) */
+ /* && keyserver_any_configured (c->ctrl)) */
+ /* { */
+ /* int res; */
+
+ /* glo_ctrl.in_auto_key_retrieve++; */
+ /* res = keyserver_import_keyid (c->ctrl, sig->keyid, opt.keyserver ); */
+ /* glo_ctrl.in_auto_key_retrieve--; */
+ /* if (!res) */
+ /* rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey ); */
+ /* } */
+
+ /* If the above methods didn't work, our next try is to retrieve the
+ * key from the WKD. */
+ if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
+ && (opt.keyserver_options.options & KEYSERVER_AUTO_KEY_RETRIEVE)
+ && akl_has_wkd_method ()
+ && sig->signers_uid)
+ {
+ int res;
+
+ glo_ctrl.in_auto_key_retrieve++;
+ res = keyserver_import_wkd (c->ctrl, sig->signers_uid, NULL, NULL);
+ glo_ctrl.in_auto_key_retrieve--;
+ /* Fixme: If the fingerprint is embedded in the signature,
+ * compare it to the fingerprint of the returned key. */
+ if (!res)
+ rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey );
+ }
+ /* If the above methods did't work, our next try is to use a
+ * keyserver. */
if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
&& (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
&& keyserver_any_configured (c->ctrl))
@@ -1793,7 +1846,7 @@ check_sig_and_print (CTX c, kbnode_t node)
int res;
glo_ctrl.in_auto_key_retrieve++;
- res=keyserver_import_keyid (c->ctrl, sig->keyid, opt.keyserver );
+ res = keyserver_import_keyid (c->ctrl, sig->keyid, opt.keyserver );
glo_ctrl.in_auto_key_retrieve--;
if (!res)
rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey );
diff --git a/g10/packet.h b/g10/packet.h
index 6ea2f83..8fb6fc4 100644
--- a/g10/packet.h
+++ b/g10/packet.h
@@ -230,6 +230,8 @@ typedef struct
int numrevkeys;
pka_info_t *pka_info; /* Malloced PKA data or NULL if not
available. See also flags.pka_tried. */
+ char *signers_uid; /* Malloced value of the SIGNERS_UID
+ * subpacket. */
subpktarea_t *hashed; /* All subpackets with hashed data (v4 only). */
subpktarea_t *unhashed; /* Ditto for unhashed data. */
/* First 2 bytes of the digest. (Serialized. Note: this is not
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index c77e409..c30abcb 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -1915,6 +1915,20 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
if (p)
sig->flags.pref_ks = 1;
+ p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIGNERS_UID, &len);
+ if (p && len)
+ {
+ sig->signers_uid = xtrymalloc (len+1);
+ if (!sig->signers_uid)
+ {
+ rc = gpg_error_from_syserror ();
+ goto leave;
+ }
+ /* Note that we don't care about binary zeroes in the value. */
+ memcpy (sig->signers_uid, p, len);
+ sig->signers_uid[len] = 0;
+ }
+
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_NOTATION, NULL);
if (p)
sig->flags.notation = 1;
commit 18b03e756b0f16a055a4bc5b919bd911f571d74f
Author: Werner Koch <wk at gnupg.org>
Date: Mon Jun 13 09:37:53 2016 +0200
gpg,indent: Re-indent and chnage var names in sign.c
--
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/g10/sign.c b/g10/sign.c
index 15c18ee..833b6ef 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -59,92 +59,91 @@ static void
mk_notation_policy_etc (PKT_signature *sig,
PKT_public_key *pk, PKT_public_key *pksk)
{
- const char *string;
- char *s=NULL;
- strlist_t pu=NULL;
- struct notation *nd=NULL;
- struct expando_args args;
+ const char *string;
+ char *p = NULL;
+ strlist_t pu = NULL;
+ struct notation *nd = NULL;
+ struct expando_args args;
- log_assert(sig->version>=4);
+ log_assert (sig->version >= 4);
- memset(&args,0,sizeof(args));
- args.pk=pk;
- args.pksk=pksk;
+ memset (&args, 0, sizeof(args));
+ args.pk = pk;
+ args.pksk = pksk;
- /* notation data */
- if(IS_SIG(sig) && opt.sig_notations)
- nd=opt.sig_notations;
- else if( IS_CERT(sig) && opt.cert_notations )
- nd=opt.cert_notations;
+ /* Notation data. */
+ if (IS_SIG(sig) && opt.sig_notations)
+ nd = opt.sig_notations;
+ else if (IS_CERT(sig) && opt.cert_notations)
+ nd = opt.cert_notations;
- if(nd)
- {
- struct notation *i;
+ if (nd)
+ {
+ struct notation *item;
- for(i=nd;i;i=i->next)
- {
- i->altvalue=pct_expando(i->value,&args);
- if(!i->altvalue)
- log_error(_("WARNING: unable to %%-expand notation "
- "(too large). Using unexpanded.\n"));
- }
+ for (item = nd; item; item = item->next)
+ {
+ item->altvalue = pct_expando (item->value,&args);
+ if (!item->altvalue)
+ log_error (_("WARNING: unable to %%-expand notation "
+ "(too large). Using unexpanded.\n"));
+ }
- keygen_add_notations(sig,nd);
+ keygen_add_notations (sig, nd);
- for(i=nd;i;i=i->next)
- {
- xfree(i->altvalue);
- i->altvalue=NULL;
- }
- }
-
- /* set policy URL */
- if( IS_SIG(sig) && opt.sig_policy_url )
- pu=opt.sig_policy_url;
- else if( IS_CERT(sig) && opt.cert_policy_url )
- pu=opt.cert_policy_url;
+ for (item = nd; item; item = item->next)
+ {
+ xfree (item->altvalue);
+ item->altvalue = NULL;
+ }
+ }
- for(;pu;pu=pu->next)
- {
- string = pu->d;
+ /* Set policy URL. */
+ if (IS_SIG(sig) && opt.sig_policy_url)
+ pu = opt.sig_policy_url;
+ else if (IS_CERT(sig) && opt.cert_policy_url)
+ pu = opt.cert_policy_url;
- s=pct_expando(string,&args);
- if(!s)
- {
- log_error(_("WARNING: unable to %%-expand policy URL "
- "(too large). Using unexpanded.\n"));
- s=xstrdup(string);
- }
+ for (; pu; pu = pu->next)
+ {
+ string = pu->d;
- build_sig_subpkt(sig,SIGSUBPKT_POLICY|
- ((pu->flags & 1)?SIGSUBPKT_FLAG_CRITICAL:0),
- s,strlen(s));
+ p = pct_expando (string, &args);
+ if (!p)
+ {
+ log_error(_("WARNING: unable to %%-expand policy URL "
+ "(too large). Using unexpanded.\n"));
+ p = xstrdup(string);
+ }
- xfree(s);
- }
+ build_sig_subpkt (sig, (SIGSUBPKT_POLICY
+ | ((pu->flags & 1)?SIGSUBPKT_FLAG_CRITICAL:0)),
+ p, strlen (p));
- /* preferred keyserver URL */
- if( IS_SIG(sig) && opt.sig_keyserver_url )
- pu=opt.sig_keyserver_url;
+ xfree (p);
+ }
- for(;pu;pu=pu->next)
- {
- string = pu->d;
+ /* Preferred keyserver URL. */
+ if (IS_SIG(sig) && opt.sig_keyserver_url)
+ pu = opt.sig_keyserver_url;
- s=pct_expando(string,&args);
- if(!s)
- {
- log_error(_("WARNING: unable to %%-expand preferred keyserver URL"
- " (too large). Using unexpanded.\n"));
- s=xstrdup(string);
- }
+ for (; pu; pu = pu->next)
+ {
+ string = pu->d;
- build_sig_subpkt(sig,SIGSUBPKT_PREF_KS|
- ((pu->flags & 1)?SIGSUBPKT_FLAG_CRITICAL:0),
- s,strlen(s));
+ p = pct_expando (string, &args);
+ if (!p)
+ {
+ log_error (_("WARNING: unable to %%-expand preferred keyserver URL"
+ " (too large). Using unexpanded.\n"));
+ p = xstrdup (string);
+ }
- xfree(s);
- }
+ build_sig_subpkt (sig, (SIGSUBPKT_PREF_KS
+ | ((pu->flags & 1)?SIGSUBPKT_FLAG_CRITICAL:0)),
+ p, strlen (p));
+ xfree (p);
+ }
}
commit 2494ce190bff85e94146ce960bde89fde1596a6e
Author: Werner Koch <wk at gnupg.org>
Date: Sun Jun 12 13:43:55 2016 +0200
common: Fix bad printf format in t-stringhelp.c
--
diff --git a/common/t-stringhelp.c b/common/t-stringhelp.c
index db0e811..4f4555e 100644
--- a/common/t-stringhelp.c
+++ b/common/t-stringhelp.c
@@ -733,7 +733,7 @@ test_split_fields (void)
if (field_count != field_count_expected)
{
printf ("%s: tidx %d: expected %d, got %d\n",
- __func__, tidx, i, field_count_expected, field_count);
+ __func__, tidx, field_count_expected, field_count);
fail (tidx * 1000);
}
else
-----------------------------------------------------------------------
Summary of changes:
build-aux/speedo/w32/inst.nsi | 1 +
common/t-stringhelp.c | 2 +-
doc/DETAILS | 8 ++-
doc/gpg.texi | 48 +++++++++----
g10/free-packet.c | 3 +
g10/gpg.c | 12 ++--
g10/mainproc.c | 78 +++++++++++++++++----
g10/options.h | 3 +-
g10/packet.h | 2 +
g10/parse-packet.c | 14 ++++
g10/sign.c | 153 +++++++++++++++++++++++-------------------
11 files changed, 217 insertions(+), 107 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list