[git] GnuPG - branch, master, updated. gnupg-2.1.19-117-g3533b85
by Werner Koch
cvs at cvs.gnupg.org
Mon Apr 3 20:59:56 CEST 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 3533b854408fa93734742b2ee12b62aa0d55ff28 (commit)
via fce36d7ec87be14b874813db277781c87a64ea87 (commit)
via cc32ddbcba8c53d3e2cad952d72f62dc73911042 (commit)
via 35c843c815306f36d1efbc52f5e2f6bac3f67aec (commit)
from 5d873f288e86edfb684f4dd57ac36466b06494a4 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 3533b854408fa93734742b2ee12b62aa0d55ff28
Author: Werner Koch <wk at gnupg.org>
Date: Mon Apr 3 20:56:12 2017 +0200
dirmngr: New option --disable-ipv6
* dirmngr/dirmngr.h (struct opt): Add field 'disable_ipv6'.
* dirmngr/dirmngr.c (oDisableIPv6): New const.
(opts): New option --disable-ipv6.
(parse_rereadable_options): Set that option.
* dirmngr/dns-stuff.c (opt_disable_ipv6): New var.
(set_dns_disable_ipv6): New.
(resolve_name_standard): Make use of it.
* dirmngr/ks-engine-finger.c (ks_finger_fetch): Take care of
OPT.DISABLE_IPV6.
* dirmngr/ks-engine-hkp.c (map_host): Ditto.
(send_request): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/dirmngr/crlfetch.c b/dirmngr/crlfetch.c
index f7a23ff..0892421 100644
--- a/dirmngr/crlfetch.c
+++ b/dirmngr/crlfetch.c
@@ -201,6 +201,7 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
|(DBG_LOOKUP? HTTP_FLAG_LOG_RESP:0)
|(dirmngr_use_tor()? HTTP_FLAG_FORCE_TOR:0)
|(opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4:0)
+ |(opt.disable_ipv6? HTTP_FLAG_IGNORE_IPv6:0)
),
ctrl->http_proxy, NULL, NULL, NULL);
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index e3e02fe..07b3b91 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -113,6 +113,7 @@ enum cmd_and_opt_values {
oDisableHTTP,
oDisableLDAP,
oDisableIPv4,
+ oDisableIPv6,
oIgnoreLDAPDP,
oIgnoreHTTPDP,
oIgnoreOCSPSvcUrl,
@@ -229,6 +230,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oNoUseTor, "no-use-tor", "@"),
ARGPARSE_s_n (oDisableIPv4, "disable-ipv4", "@"),
+ ARGPARSE_s_n (oDisableIPv6, "disable-ipv6", "@"),
ARGPARSE_s_s (oSocketName, "socket-name", "@"), /* Only for debugging. */
@@ -638,6 +640,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
case oDisableHTTP: opt.disable_http = 1; break;
case oDisableLDAP: opt.disable_ldap = 1; break;
case oDisableIPv4: opt.disable_ipv4 = 1; break;
+ case oDisableIPv6: opt.disable_ipv6 = 1; break;
case oHonorHTTPProxy: opt.honor_http_proxy = 1; break;
case oHTTPProxy: opt.http_proxy = pargs->r.ret_str; break;
case oLDAPProxy: opt.ldap_proxy = pargs->r.ret_str; break;
@@ -707,6 +710,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
set_dns_verbose (opt.verbose, !!DBG_DNS);
http_set_verbose (opt.verbose, !!DBG_NETWORK);
set_dns_disable_ipv4 (opt.disable_ipv4);
+ set_dns_disable_ipv6 (opt.disable_ipv6);
return 1; /* Handled. */
}
diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h
index b269865..e10de09 100644
--- a/dirmngr/dirmngr.h
+++ b/dirmngr/dirmngr.h
@@ -97,7 +97,8 @@ struct
int disable_http; /* Do not use HTTP at all. */
int disable_ldap; /* Do not use LDAP at all. */
- int disable_ipv4; /* Do not use leagacy IP addresses. */
+ int disable_ipv4; /* Do not use legacy IP addresses. */
+ int disable_ipv6; /* Do not use standard IP addresses. */
int honor_http_proxy; /* Honor the http_proxy env variable. */
const char *http_proxy; /* The default HTTP proxy. */
const char *ldap_proxy; /* Use given LDAP proxy. */
diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
index c9ce40a..728f662 100644
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@@ -123,6 +123,10 @@ static int opt_timeout;
* returned A records. */
static int opt_disable_ipv4;
+/* The flag to disable IPv6 access - right now this only skips
+ * returned AAAA records. */
+static int opt_disable_ipv6;
+
/* If set force the use of the standard resolver. */
static int standard_resolver;
@@ -248,6 +252,15 @@ set_dns_disable_ipv4 (int yes)
}
+/* Set the Disable-IPv6 flag so that the name resolver does not return
+ * AAAA addresses. */
+void
+set_dns_disable_ipv6 (int yes)
+{
+ opt_disable_ipv6 = !!yes;
+}
+
+
/* Set the timeout for libdns requests to SECONDS. A value of 0 sets
* the default timeout and values are capped at 10 minutes. */
void
@@ -953,6 +966,8 @@ resolve_name_standard (const char *name, unsigned short port,
continue;
if (opt_disable_ipv4 && ai->ai_family == AF_INET)
continue;
+ if (opt_disable_ipv6 && ai->ai_family == AF_INET6)
+ continue;
dai = xtrymalloc (sizeof *dai + ai->ai_addrlen - 1);
dai->family = ai->ai_family;
diff --git a/dirmngr/dns-stuff.h b/dirmngr/dns-stuff.h
index 9b8303c..71605b7 100644
--- a/dirmngr/dns-stuff.h
+++ b/dirmngr/dns-stuff.h
@@ -99,6 +99,10 @@ void set_dns_verbose (int verbose, int debug);
* A addresses. */
void set_dns_disable_ipv4 (int yes);
+/* Set the Disable-IPv6 flag so that the name resolver does not return
+ * AAAA addresses. */
+void set_dns_disable_ipv6 (int yes);
+
/* Set the timeout for libdns requests to SECONDS. */
void set_dns_timeout (int seconds);
diff --git a/dirmngr/ks-engine-finger.c b/dirmngr/ks-engine-finger.c
index 82ef7a5..f56a9ff 100644
--- a/dirmngr/ks-engine-finger.c
+++ b/dirmngr/ks-engine-finger.c
@@ -84,7 +84,8 @@ ks_finger_fetch (ctrl_t ctrl, parsed_uri_t uri, estream_t *r_fp)
err = http_raw_connect (&http, server, 79,
((dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR : 0)
- | (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)),
+ | (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)
+ | (opt.disable_ipv6? HTTP_FLAG_IGNORE_IPv6 : 0)),
NULL);
if (err)
{
diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index 4428c12..1592fab 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -512,6 +512,8 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect,
continue;
if (opt.disable_ipv4 && ai->family == AF_INET)
continue;
+ if (opt.disable_ipv6 && ai->family == AF_INET6)
+ continue;
dirmngr_tick (ctrl);
add_host (name, is_pool, ai, 0, reftbl, reftblsize, &refidx);
@@ -592,7 +594,7 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect,
{
for (ai = aibuf; ai; ai = ai->next)
{
- if (ai->family == AF_INET6
+ if ((!opt.disable_ipv6 && ai->family == AF_INET6)
|| (!opt.disable_ipv4 && ai->family == AF_INET))
{
err = resolve_dns_addr (ai->addr, ai->addrlen, 0, &host);
@@ -1140,7 +1142,8 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
(httpflags
|(opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
|(dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR:0)
- |(opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)),
+ |(opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)
+ |(opt.disable_ipv6? HTTP_FLAG_IGNORE_IPv6 : 0)),
ctrl->http_proxy,
session,
NULL,
diff --git a/dirmngr/ks-engine-http.c b/dirmngr/ks-engine-http.c
index d4a6c8a..02269da 100644
--- a/dirmngr/ks-engine-http.c
+++ b/dirmngr/ks-engine-http.c
@@ -92,7 +92,8 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
/* fixme: AUTH */ NULL,
((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
| (dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR:0)
- | (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)),
+ | (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)
+ | (opt.disable_ipv6? HTTP_FLAG_IGNORE_IPv6 : 0)),
ctrl->http_proxy,
session,
NULL,
diff --git a/dirmngr/ocsp.c b/dirmngr/ocsp.c
index aff8e32..22391c3 100644
--- a/dirmngr/ocsp.c
+++ b/dirmngr/ocsp.c
@@ -175,7 +175,8 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md,
err = http_open (&http, HTTP_REQ_POST, url, NULL, NULL,
((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
| (dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR:0)
- | (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)),
+ | (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)
+ | (opt.disable_ipv6? HTTP_FLAG_IGNORE_IPv6 : 0)),
ctrl->http_proxy, NULL, NULL, NULL);
if (err)
{
diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
index 7a6ba47..027bb94 100644
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@@ -314,9 +314,10 @@ a numerical IP address must be given (IPv6 or IPv4) and that no error
checking is done for @var{ipaddr}.
@item --disable-ipv4
+ at item --disable-ipv6
@opindex disable-ipv4
-Disable the use of all IPv4 addresses. This option is mainly useful
-for debugging.
+ at opindex disable-ipv6
+Disable the use of all IPv4 or IPv6 addresses.
@item --disable-ldap
@opindex disable-ldap
commit fce36d7ec87be14b874813db277781c87a64ea87
Author: Werner Koch <wk at gnupg.org>
Date: Mon Apr 3 20:34:13 2017 +0200
dirmngr,w32: Silence the 'certificate already cached' message.
* dirmngr/certcache.c (load_certs_from_w32_store): Silenece an info
message.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/dirmngr/certcache.c b/dirmngr/certcache.c
index 3284ff2..c3f3427 100644
--- a/dirmngr/certcache.c
+++ b/dirmngr/certcache.c
@@ -612,7 +612,10 @@ load_certs_from_w32_store (const char *storename)
if (!err)
count++;
if (gpg_err_code (err) == GPG_ERR_DUP_VALUE)
- log_info (_("certificate '%s' already cached\n"), storename);
+ {
+ if (DBG_X509)
+ log_debug (_("certificate '%s' already cached\n"), storename);
+ }
else if (err)
log_error (_("error loading certificate '%s': %s\n"),
storename, gpg_strerror (err));
commit cc32ddbcba8c53d3e2cad952d72f62dc73911042
Author: Werner Koch <wk at gnupg.org>
Date: Mon Apr 3 20:23:18 2017 +0200
dirmngr: Handle EIO which is sometimes returned by cookie functions.
* dirmngr/ks-engine-hkp.c (handle_send_request_error): Handle EIO.
--
Suggested-by: Andre Heinecke
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index ee7d506..4428c12 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -1283,6 +1283,7 @@ handle_send_request_error (ctrl_t ctrl, gpg_error_t err, const char *request,
case GPG_ERR_ENETDOWN:
case GPG_ERR_UNKNOWN_HOST:
case GPG_ERR_NETWORK:
+ case GPG_ERR_EIO: /* Sometimes used by estream cookie functions. */
if (mark_host_dead (request) && *tries_left)
retry = 1;
break;
commit 35c843c815306f36d1efbc52f5e2f6bac3f67aec
Author: Werner Koch <wk at gnupg.org>
Date: Mon Apr 3 20:20:27 2017 +0200
dirmngr: Always print a warning for a missing /etc/hosts.
* dirmngr/dns-stuff.c (libdns_init): No Windows specific handling of a
missing /etc/hosts.
--
My last comment on this was flawed. Windows seems to always have its
version of /etc/hosts. Only the en passant fixed bad escaping led me
assume that this was the case. Thanks to Andre for complaining about
my comment remark.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
index a88e833..c9ce40a 100644
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@@ -550,24 +550,15 @@ libdns_init (void)
derr = dns_hosts_loadpath (ld.hosts, hosts_path);
xfree (hosts_path);
- if (derr)
- {
- err = libdns_error_to_gpg_error (derr);
- /* Most Windows systems don't have a hosts files. So do not
- * report in this case. */
- if (gpg_err_code (err) != GPG_ERR_ENOENT)
- log_error ("failed to load hosts file: %s\n", gpg_strerror (err));
- err = 0; /* Do not bail out. */
- }
#else
derr = dns_hosts_loadpath (ld.hosts, "/etc/hosts");
+#endif
if (derr)
{
err = libdns_error_to_gpg_error (derr);
log_error ("failed to load hosts file: %s\n", gpg_strerror (err));
err = 0; /* Do not bail out - having no /etc/hosts is legal. */
}
-#endif
}
/* dns_hints_local for stub mode, dns_hints_root for recursive. */
-----------------------------------------------------------------------
Summary of changes:
dirmngr/certcache.c | 5 ++++-
dirmngr/crlfetch.c | 1 +
dirmngr/dirmngr.c | 4 ++++
dirmngr/dirmngr.h | 3 ++-
dirmngr/dns-stuff.c | 26 ++++++++++++++++----------
dirmngr/dns-stuff.h | 4 ++++
dirmngr/ks-engine-finger.c | 3 ++-
dirmngr/ks-engine-hkp.c | 8 ++++++--
dirmngr/ks-engine-http.c | 3 ++-
dirmngr/ocsp.c | 3 ++-
doc/dirmngr.texi | 5 +++--
11 files changed, 46 insertions(+), 19 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list