From cvs at cvs.gnupg.org  Tue Aug  1 05:31:11 2017
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Tue, 01 Aug 2017 05:31:11 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.22-5-gfde9a8c
Message-ID: <E1dcNto-0001KM-OZ@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  fde9a8cc6c849fb21f3e6782dbd5c6bc863357eb (commit)
       via  02b571947b9442604faa7509478cd8577c2c0b9c (commit)
      from  482fd5758c1b7e1b33c4cb50656e586a3ae16815 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit fde9a8cc6c849fb21f3e6782dbd5c6bc863357eb
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Tue Aug 1 11:44:52 2017 +0900

    Simple typo fix.
    
    * tools/rfc822parse.c: Fix.
    
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/tools/rfc822parse.c b/tools/rfc822parse.c
index ab692bd..e8cdb02 100644
--- a/tools/rfc822parse.c
+++ b/tools/rfc822parse.c
@@ -14,7 +14,7 @@
  *
  * You should have received a copy of the GNU Lesser General Public License
  * along with this program; if not, see <https://www.gnu.org/licenses/>.
-g */
+ */
 
 
 /* According to RFC822 binary zeroes are allowed at many places. We do

commit 02b571947b9442604faa7509478cd8577c2c0b9c
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Tue Aug 1 11:43:56 2017 +0900

    po: Update Japanese translation

diff --git a/po/ja.po b/po/ja.po
index 32bc34d..61fe790 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -8,9 +8,9 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: gnupg 2.1.20\n"
+"Project-Id-Version: gnupg 2.1.22\n"
 "Report-Msgid-Bugs-To: translations at gnupg.org\n"
-"PO-Revision-Date: 2017-04-04 10:45+0900\n"
+"PO-Revision-Date: 2017-08-01 11:34+0900\n"
 "Last-Translator: NIIBE Yutaka <gniibe at fsij.org>\n"
 "Language-Team: none\n"
 "Language: ja\n"
@@ -370,7 +370,7 @@ msgid "enable ssh support"
 msgstr "ssh??????????"
 
 msgid "|ALGO|use ALGO to show ssh fingerprints"
-msgstr ""
+msgstr "|ALGO|ssh??????ALGO???"
 
 msgid "enable putty support"
 msgstr "putty??????????"
@@ -1200,10 +1200,9 @@ msgstr "???'%s'??????????(%s < %s)"
 msgid "WARNING: %s\n"
 msgstr "*??*: %s\n"
 
-#, fuzzy, c-format
-#| msgid "%s does not yet work with %s\n"
+#, c-format
 msgid "%s is not compliant with %s mode\n"
-msgstr "%s?%s??????????\n"
+msgstr "%s?%s??????????\n"
 
 #, c-format
 msgid "OpenPGP card not available: %s\n"
@@ -1554,16 +1553,14 @@ msgid ""
 msgstr ""
 "*??*: ??????? %s (%d) ???????????????????\n"
 
-#, fuzzy, c-format
-#| msgid "you may not use cipher algorithm '%s' while in %s mode\n"
+#, c-format
 msgid "cipher algorithm '%s' may not be used in %s mode\n"
 msgstr "????????'%s'?%s??????????????\n"
 
-#, fuzzy, c-format
-#| msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
+#, c-format
 msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
 msgstr ""
-"*??*: \"%s%s\"????????????????? - ???????????\n"
+"*??*: ?%s??%s???????????????\n"
 
 #, c-format
 msgid ""
@@ -1580,10 +1577,9 @@ msgstr "??????? %s (%d) ??????????????
 msgid "%s/%s encrypted for: \"%s\"\n"
 msgstr "%s/%s??? ???:\"%s\"\n"
 
-#, fuzzy, c-format
-#| msgid "you may not use %s while in %s mode\n"
+#, c-format
 msgid "option '%s' may not be used in %s mode\n"
-msgstr "%s?%s??????????????\n"
+msgstr "?????'%s'?%s??????????????\n"
 
 #, c-format
 msgid "%s encrypted data\n"
@@ -2236,13 +2232,11 @@ msgstr "?????????????\n"
 msgid "%s does not yet work with %s\n"
 msgstr "%s?%s??????????\n"
 
-#, fuzzy, c-format
-#| msgid "you may not use digest algorithm '%s' while in %s mode\n"
+#, c-format
 msgid "digest algorithm '%s' may not be used in %s mode\n"
 msgstr "?????????????'%s'?%s??????????????\n"
 
-#, fuzzy, c-format
-#| msgid "you may not use compression algorithm '%s' while in %s mode\n"
+#, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
 msgstr "????????'%s'?%s??????????????\n"
 
@@ -2260,16 +2254,14 @@ msgstr "'%s'?????????????: %s\n"
 msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 msgstr "--symmetric --encrypt?--s2k-mode 0???????????\n"
 
-#, fuzzy, c-format
-#| msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+#, c-format
 msgid "you cannot use --symmetric --encrypt in %s mode\n"
 msgstr "--symmetric --encrypt?%s??????????????\n"
 
 msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 msgstr "--symmetric --sign --encrypt?--s2k-mode 0???????????\n"
 
-#, fuzzy, c-format
-#| msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+#, c-format
 msgid "you cannot use --symmetric --sign --encrypt in %s mode\n"
 msgstr "--symmetric --sign --encrypt?%s??????????????\n"
 
@@ -2392,10 +2384,8 @@ msgstr "????????????????????????
 msgid "assume the GnuPG key backup format"
 msgstr "GnuPG?????????????????????"
 
-#, fuzzy
-#| msgid "show key during import"
 msgid "repair keys on import"
-msgstr "????????????"
+msgstr "??????????????"
 
 #, c-format
 msgid "skipping block of type %d\n"
@@ -3235,15 +3225,13 @@ msgstr "?????????????\n"
 msgid "'%s' is not a valid expiration time\n"
 msgstr "'%s'????????????????\n"
 
-#, fuzzy, c-format
-#| msgid "\"%s\" is not a fingerprint\n"
+#, c-format
 msgid "\"%s\" is not a proper fingerprint\n"
-msgstr "\"%s\"?????????????????\n"
+msgstr "\"%s\"????????????????????\n"
 
-#, fuzzy, c-format
-#| msgid "key \"%s\" not found\n"
+#, c-format
 msgid "subkey \"%s\" not found\n"
-msgstr "?\"%s\"????????\n"
+msgstr "??\"%s\"????????\n"
 
 msgid "Digest: "
 msgstr "??????: "
@@ -4288,10 +4276,9 @@ msgstr "[???]"
 msgid "                aka \"%s\""
 msgstr "                ??\"%s\""
 
-#, fuzzy, c-format
-#| msgid "WARNING: This key is not certified with a trusted signature!\n"
+#, c-format
 msgid "WARNING: This key is not suitable for signing in %s mode\n"
-msgstr "*??*: ?????????????????????!\n"
+msgstr "*??*: ????%s?????????????!\n"
 
 #, c-format
 msgid "Signature expired %s\n"
@@ -4821,10 +4808,9 @@ msgstr "????????'%s'??????\n"
 msgid "can't open signed data fd=%d: %s\n"
 msgstr "???????? fd=%d ??????: %s\n"
 
-#, fuzzy, c-format
-#| msgid "certificate is not usable for encryption\n"
+#, c-format
 msgid "Note: key %s is not suitable for encryption in %s mode\n"
-msgstr "????????????????\n"
+msgstr "?: ?%s?%s?????????????????\n"
 
 #, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
@@ -5002,10 +4988,9 @@ msgstr ""
 msgid "WARNING: signature digest conflict in message\n"
 msgstr "*??*: ??????????????????????\n"
 
-#, fuzzy, c-format
-#| msgid "you may not use %s while in %s mode\n"
+#, c-format
 msgid "key %s may not be used for signing in %s mode\n"
-msgstr "%s?%s??????????????\n"
+msgstr "?%s???????%s??????????????\n"
 
 #, c-format
 msgid "WARNING: signing subkey %s is not cross-certified\n"

-----------------------------------------------------------------------

Summary of changes:
 po/ja.po            | 65 +++++++++++++++++++++--------------------------------
 tools/rfc822parse.c |  2 +-
 2 files changed, 26 insertions(+), 41 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Aug  1 09:01:41 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 01 Aug 2017 09:01:41 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.22-7-g4e117f2
Message-ID: <E1dcRBX-0008TH-AL@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  4e117f206beb38287ddcd3251fb7baabadfbddbb (commit)
       via  a21ca77988cee6987c4aca91a8e1c3ffd5c32c10 (commit)
      from  fde9a8cc6c849fb21f3e6782dbd5c6bc863357eb (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 4e117f206beb38287ddcd3251fb7baabadfbddbb
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Aug 1 08:41:47 2017 +0200

    gpg,sm: Error out on compliance mismatch while decrypting.
    
    * g10/pubkey-enc.c (get_session_key): Bail out if the algo is not
    allowed in the current compliance mode.
    * sm/decrypt.c (gpgsm_decrypt): Ditto.
    --
    
    The idea here is that the owner of the key created a non-compliant key
    and later receives a mail encrypted to that key.  The sender should
    have checked this key too but we can't guarantee that.  By hard
    failing here the owner of the key will notice that he had created a
    non-compliant key and thus has a chance to generate a new compliant
    key.  In case the compliant criteria changes and the owner wants to
    decrypt an old message he can still switch gpg to another compliant
    mode.
    
    Fixes-commit: a0d0cbee7654ad7582400efaa92d493cd8e669e9
    GnuPG-bug-id: 3308
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index 272562b..d7ba953 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -90,16 +90,19 @@ get_session_key (ctrl_t ctrl, PKT_pubkey_enc * k, DEK * dek)
       sk->pubkey_algo = k->pubkey_algo; /* We want a pubkey with this algo.  */
       if (!(rc = get_seckey (ctrl, sk, k->keyid)))
         {
-          /* Print compliance warning.  */
-          if (!gnupg_pk_is_compliant (opt.compliance,
-                                      sk->pubkey_algo,
-                                      sk->pkey, nbits_from_pk (sk), NULL))
-            log_info (_("Note: key %s is not suitable for encryption"
-                        " in %s mode\n"),
-                      keystr_from_pk (sk),
-                      gnupg_compliance_option_string (opt.compliance));
-
-          rc = get_it (ctrl, k, dek, sk, k->keyid);
+          /* Check compliance.  */
+          if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_DECRYPTION,
+                                     sk->pubkey_algo,
+                                     sk->pkey, nbits_from_pk (sk), NULL))
+            {
+              log_info (_("key %s is not suitable for decryption"
+                          " in %s mode\n"),
+                        keystr_from_pk (sk),
+                        gnupg_compliance_option_string (opt.compliance));
+              rc = gpg_error (GPG_ERR_PUBKEY_ALGO);
+            }
+          else
+            rc = get_it (ctrl, k, dek, sk, k->keyid);
         }
     }
   else if (opt.skip_hidden_recipients)
@@ -128,14 +131,17 @@ get_session_key (ctrl_t ctrl, PKT_pubkey_enc * k, DEK * dek)
             log_info (_("anonymous recipient; trying secret key %s ...\n"),
                       keystr (keyid));
 
-          /* Print compliance warning.  */
-          if (!gnupg_pk_is_compliant (opt.compliance,
-                                      sk->pubkey_algo,
-                                      sk->pkey, nbits_from_pk (sk), NULL))
-            log_info (_("Note: key %s is not suitable for encryption"
-                        " in %s mode\n"),
-                      keystr_from_pk (sk),
-                      gnupg_compliance_option_string (opt.compliance));
+          /* Check compliance.  */
+          if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_DECRYPTION,
+                                     sk->pubkey_algo,
+                                     sk->pkey, nbits_from_pk (sk), NULL))
+            {
+              log_info (_("key %s is not suitable for decryption"
+                          " in %s mode\n"),
+                          keystr_from_pk (sk),
+                          gnupg_compliance_option_string (opt.compliance));
+              continue;
+            }
 
           rc = get_it (ctrl, k, dek, sk, keyid);
           if (!rc)
diff --git a/sm/decrypt.c b/sm/decrypt.c
index cdce1d4..60ed14a 100644
--- a/sm/decrypt.c
+++ b/sm/decrypt.c
@@ -480,19 +480,22 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
                     unsigned int nbits;
                     int pk_algo = gpgsm_get_key_algo_info (cert, &nbits);
 
-                    /* Print compliance warning.  */
-                    if (! gnupg_pk_is_compliant (opt.compliance,
-                                                 pk_algo, NULL, nbits, NULL))
+                    /* Check compliance.  */
+                    if (!gnupg_pk_is_allowed (opt.compliance,
+                                              PK_USE_DECRYPTION,
+                                              pk_algo, NULL, nbits, NULL))
                       {
                         char  kidstr[10+1];
 
                         snprintf (kidstr, sizeof kidstr, "0x%08lX",
                                   gpgsm_get_short_fingerprint (cert, NULL));
                         log_info
-                          (_("Note: key %s is not suitable for encryption"
+                          (_("key %s is not suitable for decryption"
                              " in %s mode\n"),
                            kidstr,
                            gnupg_compliance_option_string (opt.compliance));
+                        rc = gpg_error (GPG_ERR_PUBKEY_ALGO);
+                        goto oops;
                       }
 
                     /* Check that all certs are compliant with CO_DE_VS.  */
@@ -504,9 +507,11 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
 
                 oops:
                   if (rc)
-                    /* We cannot check compliance of certs that we
-                     * don't have.  */
-                    is_de_vs = 0;
+                    {
+                      /* We cannot check compliance of certs that we
+                       * don't have.  */
+                      is_de_vs = 0;
+                    }
                   xfree (issuer);
                   xfree (serial);
                   ksba_cert_release (cert);

commit a21ca77988cee6987c4aca91a8e1c3ffd5c32c10
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Aug 1 08:28:01 2017 +0200

    indent: Wrap overlong lines in argparse.c
    
    --

diff --git a/common/argparse.c b/common/argparse.c
index 590e6e9..f5e4ceb 100644
--- a/common/argparse.c
+++ b/common/argparse.c
@@ -918,11 +918,16 @@ arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts)
   char *s, *s2;
   int i;
 
-  /* Fill in missing standard options: help, version, warranty and dump-options.  */
-  ARGPARSE_OPTS help_opt = ARGPARSE_s_n(ARGPARSE_SHORTOPT_HELP, "help", "@");
-  ARGPARSE_OPTS version_opt = ARGPARSE_s_n(ARGPARSE_SHORTOPT_VERSION, "version", "@");
-  ARGPARSE_OPTS warranty_opt = ARGPARSE_s_n(ARGPARSE_SHORTOPT_WARRANTY, "warranty", "@");
-  ARGPARSE_OPTS dump_options_opt = ARGPARSE_s_n(ARGPARSE_SHORTOPT_DUMP_OPTIONS, "dump-options", "@");
+  /* Fill in missing standard options: help, version, warranty and
+   * dump-options.  */
+  ARGPARSE_OPTS help_opt
+    = ARGPARSE_s_n (ARGPARSE_SHORTOPT_HELP, "help", "@");
+  ARGPARSE_OPTS version_opt
+    = ARGPARSE_s_n (ARGPARSE_SHORTOPT_VERSION, "version", "@");
+  ARGPARSE_OPTS warranty_opt
+    = ARGPARSE_s_n (ARGPARSE_SHORTOPT_WARRANTY, "warranty", "@");
+  ARGPARSE_OPTS dump_options_opt
+    = ARGPARSE_s_n(ARGPARSE_SHORTOPT_DUMP_OPTIONS, "dump-options", "@");
   int seen_help = 0;
   int seen_version = 0;
   int seen_warranty = 0;

-----------------------------------------------------------------------

Summary of changes:
 common/argparse.c | 15 ++++++++++-----
 g10/pubkey-enc.c  | 42 ++++++++++++++++++++++++------------------
 sm/decrypt.c      | 19 ++++++++++++-------
 3 files changed, 46 insertions(+), 30 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Aug  1 14:21:33 2017
From: cvs at cvs.gnupg.org (by Kai Michaelis)
Date: Tue, 01 Aug 2017 14:21:33 +0200
Subject: [git] gnupg-doc - branch, preview,
 updated. 541cbcfea631a722644d289dc701d235281e4b23
Message-ID: <E1dcWB4-00062A-4B@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, preview has been updated
       via  541cbcfea631a722644d289dc701d235281e4b23 (commit)
      from  7cfa1520d7a4169e2524ac912cca3714e79abba0 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 541cbcfea631a722644d289dc701d235281e4b23
Author: Kai Michaelis <kai at gnupg.org>
Date:   Tue Aug 1 14:19:27 2017 +0200

    blog: Web Key in Engimail

diff --git a/misc/blog.gnupg.org/20170807-web-key-in-engimail.org b/misc/blog.gnupg.org/20170807-web-key-in-engimail.org
new file mode 100644
index 0000000..7c9c3ba
--- /dev/null
+++ b/misc/blog.gnupg.org/20170807-web-key-in-engimail.org
@@ -0,0 +1,20 @@
+# Using the Web Key Service with Enigmail
+#+STARTUP: showall
+#+AUTHOR: Kai
+#+DATE: August 7, 2017
+
+** Using the Web Key Service with Enigmail
+
+   Obtaining the key of someone has always being a major pain point of using GnuPG. OpenPGP doesn't "outsource" trust management by using a PKI. Instead it allows each user to decide whom to trust. This has the downside that we need to evaluate whenever we can trust a new key for each novel communication partner. Until recently there wasn't an automatic way to get the key of someone you never communicated with.
+
+   The [[Web Key Service]](https://tools.ietf.org/id/draft-koch-openpgp-webkey-service-03.html) and the new ~--auto-key-retrieve~ & ~--auto-key-locate~ available in recent versions of GnuPG.
+
+*** Web Key Service
+
+    The Web Key Service is a protocol to publish OpenPGP keys via mail and retrieve others keys using HTTPS. The advatage over HKPS is that every email provider maintains its own key server (called Web Key Directory, WKD) that is authorative for all its users. This means that,
+
+		1. There exists only one key server for a given email address. No need to ask multiple servers as with HKPS.
+
+		2. When publishing a key using mail, WKD makes sure the sender is in possesion of the secret key.
+
+		3. Mail providers can (and should) make sure

-----------------------------------------------------------------------

Summary of changes:
 misc/blog.gnupg.org/20170807-web-key-in-engimail.org | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 misc/blog.gnupg.org/20170807-web-key-in-engimail.org


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Aug  1 16:36:24 2017
From: cvs at cvs.gnupg.org (by Marcus Brinkmann)
Date: Tue, 01 Aug 2017 16:36:24 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.22-8-ga8d0b8d
Message-ID: <E1dcYHZ-0000bu-89@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  a8d0b8d2333ddab703d1e346e06c106eeeedfd53 (commit)
      from  4e117f206beb38287ddcd3251fb7baabadfbddbb (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit a8d0b8d2333ddab703d1e346e06c106eeeedfd53
Author: Marcus Brinkmann <marcus.brinkmann at ruhr-uni-bochum.de>
Date:   Tue Aug 1 16:28:23 2017 +0200

    artwork: Add icons.
    
    * artwork/icons/index.css: New file.
    * artwork/icons/index.html: New file.
    * artwork/icons/lock-12.png: New file.
    * artwork/icons/lock-128.png: New file.
    * artwork/icons/lock-16.png: New file.
    * artwork/icons/lock-24.png: New file.
    * artwork/icons/lock-256.png: New file.
    * artwork/icons/lock-32.png: New file.
    * artwork/icons/lock-48.png: New file.
    * artwork/icons/lock-64.png: New file.
    * artwork/icons/lock-wing-12.png: New file.
    * artwork/icons/lock-wing-128.png: New file.
    * artwork/icons/lock-wing-16.png: New file.
    * artwork/icons/lock-wing-24.png: New file.
    * artwork/icons/lock-wing-256.png: New file.
    * artwork/icons/lock-wing-32.png: New file.
    * artwork/icons/lock-wing-48.png: New file.
    * artwork/icons/lock-wing-64.png: New file.
    * artwork/icons/lock-wing.svg: New file.
    * artwork/icons/lock.svg: New file.
    * artwork/icons/wing-12.png: New file.
    * artwork/icons/wing-128.png: New file.
    * artwork/icons/wing-16.png: New file.
    * artwork/icons/wing-24.png: New file.
    * artwork/icons/wing-256.png: New file.
    * artwork/icons/wing-32.png: New file.
    * artwork/icons/wing-48.png: New file.
    * artwork/icons/wing-64.png: New file.
    * artwork/icons/wing.svg: New file.
    
    Signed-off-by: Marcus Brinkmann <mb at g10code.com>
    GnuPG-bug-id: 3019

diff --git a/artwork/icons/index.css b/artwork/icons/index.css
new file mode 100644
index 0000000..1010039
--- /dev/null
+++ b/artwork/icons/index.css
@@ -0,0 +1,59 @@
+body {
+      font-family: Sans-Serif;
+      color: #333;
+      background-color: #fcfcfc;
+}
+
+img {
+    padding-right: 0.1em;
+}
+
+/* Factor 0.72 */
+
+.fpr {
+    text-overflow: ellipsis;
+    white-space: nowrap;
+    overflow: hidden;
+}
+
+.fpr12 {
+    font-size: 17px;
+}
+
+.fpr16 {
+    font-size: 22px;
+}
+
+.fpr24 {
+    font-size: 33px;
+}
+
+.fpr32 {
+    font-size: 44px;
+}
+
+.fpr48 {
+    font-size: 67px;
+}
+
+.fpr64 {
+    font-size: 89px;
+}
+
+.fpr128 {
+    font-size: 178px;
+}
+
+.fpr256 {
+    font-size: 356px;
+}
+
+.text {
+    column-count: 3;
+    column-gap: 40px;
+}
+
+h2 {
+    padding-top: 0px;
+    margin-top: 0px;
+}
diff --git a/artwork/icons/index.html b/artwork/icons/index.html
new file mode 100644
index 0000000..41b168c
--- /dev/null
+++ b/artwork/icons/index.html
@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta charset="UTF-8">
+    <title>GnuPG Icon Test</title>
+    <link rel="stylesheet" type="text/css" href="index.css">
+  </head>
+  <body>
+    <h1>GnuPG Icon Test</h1>
+    <div class="text">
+      <div class="column">
+	<h2>lock-*.png</h2>
+	<span class="fpr fpr12"><img src="lock-12.png">D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6</span><br/>
+	<span class="fpr fpr16"><img src="lock-16.png">D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6</span><br/>
+	<span class="fpr fpr24"><img src="lock-24.png">D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6</span><br/>
+	<span class="fpr fpr32"><img src="lock-32.png">D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6</span><br/>
+	<span class="fpr fpr48"><img src="lock-48.png">D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6</span><br/>
+	<span class="fpr fpr64"><img src="lock-64.png">D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6</span><br/>
+	<span class="fpr fpr128"><img src="lock-128.png">D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6</span><br/>
+	<span class="fpr fpr256"><img src="lock-256.png">D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6</span><br/>
+      </div>
+      <div class="column">
+	<h2>lock-wing-*.png</h2>
+	<span class="fpr fpr12"><img src="lock-wing-12.png">D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6</span><br/>
+	<span class="fpr fpr16"><img src="lock-wing-16.png">D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6</span><br/>
+	<span class="fpr fpr24"><img src="lock-wing-24.png">D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6</span><br/>
+	<span class="fpr fpr32"><img src="lock-wing-32.png">D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6</span><br/>
+	<span class="fpr fpr48"><img src="lock-wing-48.png">D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6</span><br/>
+	<span class="fpr fpr64"><img src="lock-wing-64.png">D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6</span><br/>
+	<span class="fpr fpr128"><img src="lock-wing-128.png">D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6</span><br/>
+	<span class="fpr fpr256"><img src="lock-wing-256.png">D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6</span><br/>
+      </div>
+      <div class="column">
+	<h2>wing-*.png</h2>
+	<span class="fpr fpr12"><img src="wing-12.png">D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6</span><br/>
+	<span class="fpr fpr16"><img src="wing-16.png">D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6</span><br/>
+	<span class="fpr fpr24"><img src="wing-24.png">D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6</span><br/>
+	<span class="fpr fpr32"><img src="wing-32.png">D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6</span><br/>
+	<span class="fpr fpr48"><img src="wing-48.png">D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6</span><br/>
+	<span class="fpr fpr64"><img src="wing-64.png">D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6</span><br/>
+	<span class="fpr fpr128"><img src="wing-128.png">D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6</span><br/>
+	<span class="fpr fpr256"><img src="wing-256.png">D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6</span><br/>
+      </div>
+    </div>
+  </body>
+</html>
diff --git a/artwork/icons/lock-12.png b/artwork/icons/lock-12.png
new file mode 100644
index 0000000..cde80bc
Binary files /dev/null and b/artwork/icons/lock-12.png differ
diff --git a/artwork/icons/lock-128.png b/artwork/icons/lock-128.png
new file mode 100644
index 0000000..3f5e36e
Binary files /dev/null and b/artwork/icons/lock-128.png differ
diff --git a/artwork/icons/lock-16.png b/artwork/icons/lock-16.png
new file mode 100644
index 0000000..fbe9cbb
Binary files /dev/null and b/artwork/icons/lock-16.png differ
diff --git a/artwork/icons/lock-24.png b/artwork/icons/lock-24.png
new file mode 100644
index 0000000..a1939cf
Binary files /dev/null and b/artwork/icons/lock-24.png differ
diff --git a/artwork/icons/lock-256.png b/artwork/icons/lock-256.png
new file mode 100644
index 0000000..b8d7c25
Binary files /dev/null and b/artwork/icons/lock-256.png differ
diff --git a/artwork/icons/lock-32.png b/artwork/icons/lock-32.png
new file mode 100644
index 0000000..f0e0055
Binary files /dev/null and b/artwork/icons/lock-32.png differ
diff --git a/artwork/icons/lock-48.png b/artwork/icons/lock-48.png
new file mode 100644
index 0000000..db57d87
Binary files /dev/null and b/artwork/icons/lock-48.png differ
diff --git a/artwork/icons/lock-64.png b/artwork/icons/lock-64.png
new file mode 100644
index 0000000..c5162d8
Binary files /dev/null and b/artwork/icons/lock-64.png differ
diff --git a/artwork/icons/lock-wing-12.png b/artwork/icons/lock-wing-12.png
new file mode 100644
index 0000000..bd35866
Binary files /dev/null and b/artwork/icons/lock-wing-12.png differ
diff --git a/artwork/icons/lock-wing-128.png b/artwork/icons/lock-wing-128.png
new file mode 100644
index 0000000..2308af6
Binary files /dev/null and b/artwork/icons/lock-wing-128.png differ
diff --git a/artwork/icons/lock-wing-16.png b/artwork/icons/lock-wing-16.png
new file mode 100644
index 0000000..8e9f295
Binary files /dev/null and b/artwork/icons/lock-wing-16.png differ
diff --git a/artwork/icons/lock-wing-24.png b/artwork/icons/lock-wing-24.png
new file mode 100644
index 0000000..9fa4668
Binary files /dev/null and b/artwork/icons/lock-wing-24.png differ
diff --git a/artwork/icons/lock-wing-256.png b/artwork/icons/lock-wing-256.png
new file mode 100644
index 0000000..924d31c
Binary files /dev/null and b/artwork/icons/lock-wing-256.png differ
diff --git a/artwork/icons/lock-wing-32.png b/artwork/icons/lock-wing-32.png
new file mode 100644
index 0000000..3fa3c97
Binary files /dev/null and b/artwork/icons/lock-wing-32.png differ
diff --git a/artwork/icons/lock-wing-48.png b/artwork/icons/lock-wing-48.png
new file mode 100644
index 0000000..9728e78
Binary files /dev/null and b/artwork/icons/lock-wing-48.png differ
diff --git a/artwork/icons/lock-wing-64.png b/artwork/icons/lock-wing-64.png
new file mode 100644
index 0000000..ee9dcff
Binary files /dev/null and b/artwork/icons/lock-wing-64.png differ
diff --git a/artwork/icons/lock-wing.svg b/artwork/icons/lock-wing.svg
new file mode 100644
index 0000000..7380167
--- /dev/null
+++ b/artwork/icons/lock-wing.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="243" height="256" viewBox="0 0 243 256"><g transform="translate(0 -142.26666)"><path class="fil0" d="m24.2 266h13.6v-40.8c0-45.8 37.1-82.9 82.9-82.9 45.8 0 82.9 37.1 82.9 82.9v40.4c-0.2 0.1-0.4 0.3-0.6 0.4h0l-0.1 0.1 0 0 0 0 0 0-0.1 0.1 0 0 0 0 0 0 0 0 0 0 0 0-0.1 0 0 0 0 0 0 0-0.1 0.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0-0.1 0.1-0.1 0 0 0 0 0 0 0-0.1 0 0 0-0.1 0 0 0 0 0 0 0 0 0 0 0-0.2 0.2-0.1 0 0 0 0 0 0 0-0.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0-0.2 0.1 0 0-0.1 0 0 0-0.1 0.1 0 0 0 0 0 0 0 0-0.1 0.1 0 0 0 0 0 0 0 0 0 0-0.1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0-0.1 0.1-0.1 0.1-0.1 0.1-0.1 0.1 0 0-0.3 0.2 0 0-0.2 0.1-0.3 0.2-0.2 0.1-0.2 0.1-0.3 0.2-0.2 0.1-0.1 0.1 0 0 0 0-0.3 0.2-0.2 0.1-0.5 0.3-0.2 0.1-0.2 0.1 0 0-0.2 0.1 0 0-0.1 0 0 0-0.6 0.3 0 0-0.1 0-0.1 0c-0.2 0.1-0.4 0.2-0.7 0.4l-0.1 0-0.1 0.1-0.3 0.2-0.2 0.1 0 0-0.3 0.2 0 0-0.2 0.1-0.1 0-0.3 0.2-0.2 0.1-0.2 0.1c-0.2 0.1-0.5 0.2-0.7 0.3l-0.2 0.1 0 0-0.2 0.1-0.4 0.2-0.4 0.2-0.5 0.2-0.5 0.2 0 0-0.2 0.1 0 0-0.4 0.2-0.2 0.1 0 0v0c-16.5 7.9-42.9 16.2-93 19.8-35.9 2.6-57.7 18.4-71.8 37.4zm51.7 0h89.4v-40.8c0-24.7-20-44.7-44.7-44.7-24.7 0-44.7 20-44.7 44.7zM217.1 281.6V398.6H52c18.2-10.1 31.7-9.1 54.2-8.4 30.6 1 64.4-11.8 81-28.8 16.6-17-1.5-4-20.3 0.8-18.8 4.8-55.2 5.3-79.6-1.1 76.6 1 106.5-23.7 123.4-46 16.9-22.2-7.3-3.9-23 3.8-15.7 7.7-43.1 13.1-73.3 9.1 45.6-0.1 80.3-22.9 102.6-46.4z" style="fill:#0093dd;stroke-width:6"/></g></svg>
diff --git a/artwork/icons/lock.svg b/artwork/icons/lock.svg
new file mode 100644
index 0000000..00670aa
--- /dev/null
+++ b/artwork/icons/lock.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="243" height="256" viewBox="0 0 243 256"><g transform="translate(0 -142.26666)"><g transform="matrix(6.98915 0 0 6.98915 -82.447767 -238.10999)"><rect class="fil0" x="15.3" y="72.1" width="27.5" height="18.9" style="fill:#0093dd"/><path class="fil0" d="m40.9 73.2v-6.9c0-6.5-5.3-11.8-11.8-11.8-6.5 0-11.8 5.3-11.8 11.8v6.9h5.4v-6.9c0-3.5 2.9-6.4 6.4-6.4 3.5 0 6.4 2.9 6.4 6.4v6.9z" style="fill:#0093dd"/></g></g></svg>
diff --git a/artwork/icons/wing-12.png b/artwork/icons/wing-12.png
new file mode 100644
index 0000000..d02e331
Binary files /dev/null and b/artwork/icons/wing-12.png differ
diff --git a/artwork/icons/wing-128.png b/artwork/icons/wing-128.png
new file mode 100644
index 0000000..0083380
Binary files /dev/null and b/artwork/icons/wing-128.png differ
diff --git a/artwork/icons/wing-16.png b/artwork/icons/wing-16.png
new file mode 100644
index 0000000..990f2e7
Binary files /dev/null and b/artwork/icons/wing-16.png differ
diff --git a/artwork/icons/wing-24.png b/artwork/icons/wing-24.png
new file mode 100644
index 0000000..2c70dd5
Binary files /dev/null and b/artwork/icons/wing-24.png differ
diff --git a/artwork/icons/wing-256.png b/artwork/icons/wing-256.png
new file mode 100644
index 0000000..c44ddda
Binary files /dev/null and b/artwork/icons/wing-256.png differ
diff --git a/artwork/icons/wing-32.png b/artwork/icons/wing-32.png
new file mode 100644
index 0000000..50f61d9
Binary files /dev/null and b/artwork/icons/wing-32.png differ
diff --git a/artwork/icons/wing-48.png b/artwork/icons/wing-48.png
new file mode 100644
index 0000000..2fd4672
Binary files /dev/null and b/artwork/icons/wing-48.png differ
diff --git a/artwork/icons/wing-64.png b/artwork/icons/wing-64.png
new file mode 100644
index 0000000..0f21031
Binary files /dev/null and b/artwork/icons/wing-64.png differ
diff --git a/artwork/icons/wing.svg b/artwork/icons/wing.svg
new file mode 100644
index 0000000..74213fc
--- /dev/null
+++ b/artwork/icons/wing.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="243" height="256" viewBox="0 0 243 256"><g transform="matrix(0.80225518,0,0,1,-0.01977448,-142.26666)"><path d="M 27.5,397.9 -0.1,341.4 C 11.3,295 30.7,229.7 93.5,223.2 c 62.8,-6.5 88.2,-23.9 103.6,-37.1 15.4,-13.2 54.9,-69.9 41.4,-29.5 -13.5,40.3 -57.6,116.2 -126.7,116.4 30.1,5.8 57.4,-2.1 73.1,-13.2 15.7,-11.1 39.9,-37.6 23,-5.5 -16.9,32.1 -46.6,67.9 -123.1,66.4 24.3,9.2 60.6,8.5 79.4,1.6 18.8,-6.9 36.8,-25.6 20.3,-1.1 -16.6,24.5 -50.3,43 -80.8,41.6 -30.5,-1.4 -44.5,-3.7 -76.2,35.1 z" style="fill:#0093dd;stroke-width:6" /></g></svg>

-----------------------------------------------------------------------

Summary of changes:
 artwork/icons/index.css         |  59 ++++++++++++++++++++++++++++++++++++++++
 artwork/icons/index.html        |  46 +++++++++++++++++++++++++++++++
 artwork/icons/lock-12.png       | Bin 0 -> 195 bytes
 artwork/icons/lock-128.png      | Bin 0 -> 743 bytes
 artwork/icons/lock-16.png       | Bin 0 -> 235 bytes
 artwork/icons/lock-24.png       | Bin 0 -> 273 bytes
 artwork/icons/lock-256.png      | Bin 0 -> 1294 bytes
 artwork/icons/lock-32.png       | Bin 0 -> 332 bytes
 artwork/icons/lock-48.png       | Bin 0 -> 414 bytes
 artwork/icons/lock-64.png       | Bin 0 -> 478 bytes
 artwork/icons/lock-wing-12.png  | Bin 0 -> 292 bytes
 artwork/icons/lock-wing-128.png | Bin 0 -> 1349 bytes
 artwork/icons/lock-wing-16.png  | Bin 0 -> 324 bytes
 artwork/icons/lock-wing-24.png  | Bin 0 -> 441 bytes
 artwork/icons/lock-wing-256.png | Bin 0 -> 2535 bytes
 artwork/icons/lock-wing-32.png  | Bin 0 -> 508 bytes
 artwork/icons/lock-wing-48.png  | Bin 0 -> 674 bytes
 artwork/icons/lock-wing-64.png  | Bin 0 -> 833 bytes
 artwork/icons/lock-wing.svg     |   1 +
 artwork/icons/lock.svg          |   1 +
 artwork/icons/wing-12.png       | Bin 0 -> 256 bytes
 artwork/icons/wing-128.png      | Bin 0 -> 1243 bytes
 artwork/icons/wing-16.png       | Bin 0 -> 295 bytes
 artwork/icons/wing-24.png       | Bin 0 -> 414 bytes
 artwork/icons/wing-256.png      | Bin 0 -> 2326 bytes
 artwork/icons/wing-32.png       | Bin 0 -> 478 bytes
 artwork/icons/wing-48.png       | Bin 0 -> 638 bytes
 artwork/icons/wing-64.png       | Bin 0 -> 755 bytes
 artwork/icons/wing.svg          |   1 +
 29 files changed, 108 insertions(+)
 create mode 100644 artwork/icons/index.css
 create mode 100644 artwork/icons/index.html
 create mode 100644 artwork/icons/lock-12.png
 create mode 100644 artwork/icons/lock-128.png
 create mode 100644 artwork/icons/lock-16.png
 create mode 100644 artwork/icons/lock-24.png
 create mode 100644 artwork/icons/lock-256.png
 create mode 100644 artwork/icons/lock-32.png
 create mode 100644 artwork/icons/lock-48.png
 create mode 100644 artwork/icons/lock-64.png
 create mode 100644 artwork/icons/lock-wing-12.png
 create mode 100644 artwork/icons/lock-wing-128.png
 create mode 100644 artwork/icons/lock-wing-16.png
 create mode 100644 artwork/icons/lock-wing-24.png
 create mode 100644 artwork/icons/lock-wing-256.png
 create mode 100644 artwork/icons/lock-wing-32.png
 create mode 100644 artwork/icons/lock-wing-48.png
 create mode 100644 artwork/icons/lock-wing-64.png
 create mode 100644 artwork/icons/lock-wing.svg
 create mode 100644 artwork/icons/lock.svg
 create mode 100644 artwork/icons/wing-12.png
 create mode 100644 artwork/icons/wing-128.png
 create mode 100644 artwork/icons/wing-16.png
 create mode 100644 artwork/icons/wing-24.png
 create mode 100644 artwork/icons/wing-256.png
 create mode 100644 artwork/icons/wing-32.png
 create mode 100644 artwork/icons/wing-48.png
 create mode 100644 artwork/icons/wing-64.png
 create mode 100644 artwork/icons/wing.svg


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Aug  1 17:46:46 2017
From: cvs at cvs.gnupg.org (by Marcus Brinkmann)
Date: Tue, 01 Aug 2017 17:46:46 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.22-9-gebc65ff
Message-ID: <E1dcZNe-0003tY-TR@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  ebc65ff459e6c228fb7406e375819a9fe5637abe (commit)
      from  a8d0b8d2333ddab703d1e346e06c106eeeedfd53 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ebc65ff459e6c228fb7406e375819a9fe5637abe
Author: Marcus Brinkmann <marcus.brinkmann at ruhr-uni-bochum.de>
Date:   Tue Aug 1 17:41:03 2017 +0200

    g10: Always save standard revocation certificate in file.
    
    * g10/main.h (open_outfile): New parameter NO_OUTFILE.
    * g10/openfile.c (open_outfile): New parameter NO_OUTFILE.  If given,
    never use opt.outfile.
    * g10/revoke.c (create_revocation): If FILENAME is true, also set
    NO_OUTFILE to true (for standard revocation certificates).
    * g10/dearmor.c, g10/encrypt.c, g10/export.c, g10/revoke.c,
    g10/sign.c: Adjust all other callers.
    
    Signed-off-by: Marcus Brinkmann <mb at g10code.com>
    GnuPG-bug-id: 3015

diff --git a/g10/dearmor.c b/g10/dearmor.c
index 92239cc..839227a 100644
--- a/g10/dearmor.c
+++ b/g10/dearmor.c
@@ -63,7 +63,7 @@ dearmor_file( const char *fname )
 
     push_armor_filter ( afx, inp );
 
-    if( (rc = open_outfile (-1, fname, 0, 0, &out)) )
+    if( (rc = open_outfile (-1, fname, 0, 0, &out, 0)) )
 	goto leave;
 
     while( (c = iobuf_get(inp)) != -1 )
@@ -109,7 +109,7 @@ enarmor_file( const char *fname )
     }
 
 
-    if( (rc = open_outfile (-1, fname, 1, 0, &out )) )
+    if( (rc = open_outfile (-1, fname, 1, 0, &out, 0 )) )
 	goto leave;
 
     afx->what = 4;
diff --git a/g10/encrypt.c b/g10/encrypt.c
index c68d6d5..6495280 100644
--- a/g10/encrypt.c
+++ b/g10/encrypt.c
@@ -276,7 +276,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
       do_compress = 0;
     }
 
-  if ( rc || (rc = open_outfile (-1, filename, opt.armor? 1:0, 0, &out )))
+  if ( rc || (rc = open_outfile (-1, filename, opt.armor? 1:0, 0, &out, 0 )))
     {
       iobuf_cancel (inp);
       xfree (cfx.dek);
@@ -574,7 +574,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
   if (opt.textmode)
     iobuf_push_filter (inp, text_filter, &tfx);
 
-  rc = open_outfile (outputfd, filename, opt.armor? 1:0, 0, &out);
+  rc = open_outfile (outputfd, filename, opt.armor? 1:0, 0, &out, 0);
   if (rc)
     goto leave;
 
diff --git a/g10/export.c b/g10/export.c
index 8f6371b..b194a2a 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -352,7 +352,7 @@ do_export (ctrl_t ctrl, strlist_t users, int secret, unsigned int options,
 
   memset( &zfx, 0, sizeof zfx);
 
-  rc = open_outfile (-1, NULL, 0, !!secret, &out );
+  rc = open_outfile (-1, NULL, 0, !!secret, &out, 0 );
   if (rc)
     return rc;
 
diff --git a/g10/main.h b/g10/main.h
index 87417ee..5862cdf 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -324,7 +324,7 @@ int overwrite_filep( const char *fname );
 char *make_outfile_name( const char *iname );
 char *ask_outfile_name( const char *name, size_t namelen );
 int open_outfile (int inp_fd, const char *iname, int mode,
-                  int restrictedperm, iobuf_t *a);
+                  int restrictedperm, iobuf_t *a, int no_outfile);
 char *get_matching_datafile (const char *sigfilename);
 iobuf_t open_sigfile (const char *sigfilename, progress_filter_context_t *pfx);
 void try_make_homedir( const char *fname );
diff --git a/g10/openfile.c b/g10/openfile.c
index 78f4dbb..03b114d 100644
--- a/g10/openfile.c
+++ b/g10/openfile.c
@@ -174,13 +174,15 @@ ask_outfile_name( const char *name, size_t namelen )
  * If INP_FD is not -1 the function simply creates an IOBUF for that
  * file descriptor and ignore INAME and MODE.  Note that INP_FD won't
  * be closed if the returned IOBUF is closed.  With RESTRICTEDPERM a
- * file will be created with mode 700 if possible.
+ * file will be created with mode 700 if possible.  If NO_OUTFILE is
+ * true, don't use the outfile option even if it is set.
  */
 int
 open_outfile (int inp_fd, const char *iname, int mode, int restrictedperm,
-              iobuf_t *a)
+              iobuf_t *a, int no_outfile)
 {
   int rc = 0;
+  const char outfile = no_outfile ? NULL : opt.outfile;
 
   *a = NULL;
   if (inp_fd != -1)
@@ -200,7 +202,7 @@ open_outfile (int inp_fd, const char *iname, int mode, int restrictedperm,
           log_info (_("writing to '%s'\n"), xname);
         }
     }
-  else if (iobuf_is_pipe_filename (iname) && !opt.outfile)
+  else if (iobuf_is_pipe_filename (iname) && !outfile)
     {
       *a = iobuf_create (NULL, 0);
       if ( !*a )
@@ -218,8 +220,8 @@ open_outfile (int inp_fd, const char *iname, int mode, int restrictedperm,
 
       if (opt.dry_run)
         name = NAME_OF_DEV_NULL;
-      else if (opt.outfile)
-        name = opt.outfile;
+      else if (outfile)
+        name = outfile;
       else
         {
 #ifdef USE_ONLY_8DOT3
diff --git a/g10/revoke.c b/g10/revoke.c
index 1dea6ae..db3c495 100644
--- a/g10/revoke.c
+++ b/g10/revoke.c
@@ -334,7 +334,7 @@ gen_desig_revoke (ctrl_t ctrl, const char *uname, strlist_t locusr)
 	    if( !opt.armor )
 	      tty_printf(_("ASCII armored output forced.\n"));
 
-	    if( (rc = open_outfile (-1, NULL, 0, 1, &out )) )
+	    if( (rc = open_outfile (-1, NULL, 0, 1, &out, 0 )) )
 	      goto leave;
 
 	    afx->what = 1;
@@ -461,7 +461,7 @@ create_revocation (ctrl_t ctrl,
 
   afx = new_armor_context ();
 
-  if ((rc = open_outfile (-1, filename, suffix, 1, &out)))
+  if ((rc = open_outfile (-1, filename, suffix, 1, &out, !!filename)))
     goto leave;
 
   if (leadintext )
diff --git a/g10/sign.c b/g10/sign.c
index 4cf0cd3..0e379bc 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -889,7 +889,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
 	    log_info(_("writing to '%s'\n"), outfile );
     }
     else if( (rc = open_outfile (-1, fname,
-                                 opt.armor? 1: detached? 2:0, 0, &out)))
+                                 opt.armor? 1: detached? 2:0, 0, &out, 0)))
 	goto leave;
 
     /* prepare to calculate the MD over the input */
@@ -1191,7 +1191,7 @@ clearsign_file (ctrl_t ctrl,
 	else if( opt.verbose )
 	    log_info(_("writing to '%s'\n"), outfile );
     }
-    else if ((rc = open_outfile (-1, fname, 1, 0, &out)))
+    else if ((rc = open_outfile (-1, fname, 1, 0, &out, 0)))
 	goto leave;
 
     iobuf_writestr(out, "-----BEGIN PGP SIGNED MESSAGE-----" LF );
@@ -1340,7 +1340,7 @@ sign_symencrypt_file (ctrl_t ctrl, const char *fname, strlist_t locusr)
     cfx.dek->use_mdc = use_mdc (NULL, cfx.dek->algo);
 
     /* now create the outfile */
-    rc = open_outfile (-1, fname, opt.armor? 1:0, 0, &out);
+    rc = open_outfile (-1, fname, opt.armor? 1:0, 0, &out, 0);
     if (rc)
 	goto leave;
 

-----------------------------------------------------------------------

Summary of changes:
 g10/dearmor.c  |  4 ++--
 g10/encrypt.c  |  4 ++--
 g10/export.c   |  2 +-
 g10/main.h     |  2 +-
 g10/openfile.c | 12 +++++++-----
 g10/revoke.c   |  4 ++--
 g10/sign.c     |  6 +++---
 7 files changed, 18 insertions(+), 16 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Aug  1 18:47:59 2017
From: cvs at cvs.gnupg.org (by Manuel Venturi Porras Peralta)
Date: Tue, 01 Aug 2017 18:47:59 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4,
 updated. gnupg-1.4.22-2-g7623935
Message-ID: <E1dcaKt-0004jw-Sf@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-1-4 has been updated
       via  76239356bcb3bfeec5327637ed87429594868fef (commit)
      from  84603a026957b2c3320490a0bce34faf228e6e67 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 76239356bcb3bfeec5327637ed87429594868fef
Author: Manuel Venturi Porras Peralta <venturi at openmailbox.org>
Date:   Tue Aug 1 12:45:41 2017 -0400

    po: Update Spanish translation
    
    Debian-Bug-Id: 814541
    Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>

diff --git a/po/es.po b/po/es.po
index ba65dd1..dfc876b 100644
--- a/po/es.po
+++ b/po/es.po
@@ -5,13 +5,13 @@
 #  <armando at clerval.org> in his PGP 2.3.6i translation.
 #  I also got inspiration from it.po by Marco d'Itri <md at linux.it>
 # Jaime Su?rez <jsuarez at ono.com>, 2001-2004.
-# Manuel "Venturi" Porras Peralta <venturi at openmailbox.org>, 2014.
+# Manuel "Venturi" Porras Peralta <venturi at openmailbox.org>, 2014, 2016.
 #
 msgid ""
 msgstr ""
 "Project-Id-Version: GnuPG 1.4.1\n"
 "Report-Msgid-Bugs-To: translations at gnupg.org\n"
-"PO-Revision-Date: 2014-11-23 01:52+0100\n"
+"PO-Revision-Date: 2016-01-22 21:28+0100\n"
 "Last-Translator: Manuel \"Venturi\" Porras Peralta <venturi at openmailbox."
 "org>\n"
 "Language-Team: Espa?ol; Castellano <debian-l10n-spanish at lists.debian.org>\n"
@@ -20,7 +20,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Gtranslator 2.91.6\n"
+"X-Generator: Gtranslator 2.91.7\n"
 
 #, c-format
 msgid "can't gen prime with pbits=%u qbits=%u\n"
@@ -2868,12 +2868,10 @@ msgstr ""
 "distinto.\n"
 
 msgid "WARNING: Your encryption subkey expires soon.\n"
-msgstr ""
+msgstr "ATENCI?N: Su sub-clave de cifrado expirar? pronto.\n"
 
-#, fuzzy
-#| msgid "You can't change the expiration date of a v3 key\n"
 msgid "You may want to change its expiration date too.\n"
-msgstr "No puede cambiar la fecha de caducidad de una clave v3\n"
+msgstr "Quiz?s tambi?n desee cambiar su fecha de expiraci?n.\n"
 
 msgid ""
 "WARNING: This is a PGP2-style key.  Adding a photo ID may cause some "
@@ -3943,10 +3941,9 @@ msgstr "opci?n ambigua `%s'\n"
 msgid "unknown option `%s'\n"
 msgstr "opci?n desconocida `%s'\n"
 
-#, fuzzy, c-format
-#| msgid "Unknown signature type `%s'\n"
+#, c-format
 msgid "Unknown weak digest '%s'\n"
-msgstr "Clase de firma desconocida `%s'\n"
+msgstr "Resumen d?bil desconocido '%s'\n"
 
 #, c-format
 msgid "File `%s' exists. "
@@ -4543,10 +4540,9 @@ msgstr ""
 msgid "NOTE: signature key %s expired %s\n"
 msgstr "NOTA: clave de la firma %s caducada el %s\n"
 
-#, fuzzy, c-format
-#| msgid "%s signature, digest algorithm %s\n"
+#, c-format
 msgid "Note: signatures using the %s algorithm are rejected\n"
-msgstr "firma %s, algoritmo de resumen %s\n"
+msgstr "Nota: se rechazar?n las firmas que usan el algoritmo %s\n"
 
 #, c-format
 msgid "assuming bad signature from key %s due to an unknown critical bit\n"

-----------------------------------------------------------------------

Summary of changes:
 po/es.po | 22 +++++++++-------------
 1 file changed, 9 insertions(+), 13 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Aug  1 19:08:57 2017
From: cvs at cvs.gnupg.org (by Marcus Brinkmann)
Date: Tue, 01 Aug 2017 19:08:57 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.22-10-g624cd2d
Message-ID: <E1dcafB-0008CQ-RV@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  624cd2d0bf6cc6dd1b79654295dc76f5b2d6d70b (commit)
      from  ebc65ff459e6c228fb7406e375819a9fe5637abe (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 624cd2d0bf6cc6dd1b79654295dc76f5b2d6d70b
Author: Marcus Brinkmann <marcus.brinkmann at ruhr-uni-bochum.de>
Date:   Tue Aug 1 19:08:16 2017 +0200

    Revert "g10: Always save standard revocation certificate in file."
    
    This reverts commit ebc65ff459e6c228fb7406e375819a9fe5637abe.

diff --git a/g10/dearmor.c b/g10/dearmor.c
index 839227a..92239cc 100644
--- a/g10/dearmor.c
+++ b/g10/dearmor.c
@@ -63,7 +63,7 @@ dearmor_file( const char *fname )
 
     push_armor_filter ( afx, inp );
 
-    if( (rc = open_outfile (-1, fname, 0, 0, &out, 0)) )
+    if( (rc = open_outfile (-1, fname, 0, 0, &out)) )
 	goto leave;
 
     while( (c = iobuf_get(inp)) != -1 )
@@ -109,7 +109,7 @@ enarmor_file( const char *fname )
     }
 
 
-    if( (rc = open_outfile (-1, fname, 1, 0, &out, 0 )) )
+    if( (rc = open_outfile (-1, fname, 1, 0, &out )) )
 	goto leave;
 
     afx->what = 4;
diff --git a/g10/encrypt.c b/g10/encrypt.c
index 6495280..c68d6d5 100644
--- a/g10/encrypt.c
+++ b/g10/encrypt.c
@@ -276,7 +276,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
       do_compress = 0;
     }
 
-  if ( rc || (rc = open_outfile (-1, filename, opt.armor? 1:0, 0, &out, 0 )))
+  if ( rc || (rc = open_outfile (-1, filename, opt.armor? 1:0, 0, &out )))
     {
       iobuf_cancel (inp);
       xfree (cfx.dek);
@@ -574,7 +574,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
   if (opt.textmode)
     iobuf_push_filter (inp, text_filter, &tfx);
 
-  rc = open_outfile (outputfd, filename, opt.armor? 1:0, 0, &out, 0);
+  rc = open_outfile (outputfd, filename, opt.armor? 1:0, 0, &out);
   if (rc)
     goto leave;
 
diff --git a/g10/export.c b/g10/export.c
index b194a2a..8f6371b 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -352,7 +352,7 @@ do_export (ctrl_t ctrl, strlist_t users, int secret, unsigned int options,
 
   memset( &zfx, 0, sizeof zfx);
 
-  rc = open_outfile (-1, NULL, 0, !!secret, &out, 0 );
+  rc = open_outfile (-1, NULL, 0, !!secret, &out );
   if (rc)
     return rc;
 
diff --git a/g10/main.h b/g10/main.h
index 5862cdf..87417ee 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -324,7 +324,7 @@ int overwrite_filep( const char *fname );
 char *make_outfile_name( const char *iname );
 char *ask_outfile_name( const char *name, size_t namelen );
 int open_outfile (int inp_fd, const char *iname, int mode,
-                  int restrictedperm, iobuf_t *a, int no_outfile);
+                  int restrictedperm, iobuf_t *a);
 char *get_matching_datafile (const char *sigfilename);
 iobuf_t open_sigfile (const char *sigfilename, progress_filter_context_t *pfx);
 void try_make_homedir( const char *fname );
diff --git a/g10/openfile.c b/g10/openfile.c
index 03b114d..78f4dbb 100644
--- a/g10/openfile.c
+++ b/g10/openfile.c
@@ -174,15 +174,13 @@ ask_outfile_name( const char *name, size_t namelen )
  * If INP_FD is not -1 the function simply creates an IOBUF for that
  * file descriptor and ignore INAME and MODE.  Note that INP_FD won't
  * be closed if the returned IOBUF is closed.  With RESTRICTEDPERM a
- * file will be created with mode 700 if possible.  If NO_OUTFILE is
- * true, don't use the outfile option even if it is set.
+ * file will be created with mode 700 if possible.
  */
 int
 open_outfile (int inp_fd, const char *iname, int mode, int restrictedperm,
-              iobuf_t *a, int no_outfile)
+              iobuf_t *a)
 {
   int rc = 0;
-  const char outfile = no_outfile ? NULL : opt.outfile;
 
   *a = NULL;
   if (inp_fd != -1)
@@ -202,7 +200,7 @@ open_outfile (int inp_fd, const char *iname, int mode, int restrictedperm,
           log_info (_("writing to '%s'\n"), xname);
         }
     }
-  else if (iobuf_is_pipe_filename (iname) && !outfile)
+  else if (iobuf_is_pipe_filename (iname) && !opt.outfile)
     {
       *a = iobuf_create (NULL, 0);
       if ( !*a )
@@ -220,8 +218,8 @@ open_outfile (int inp_fd, const char *iname, int mode, int restrictedperm,
 
       if (opt.dry_run)
         name = NAME_OF_DEV_NULL;
-      else if (outfile)
-        name = outfile;
+      else if (opt.outfile)
+        name = opt.outfile;
       else
         {
 #ifdef USE_ONLY_8DOT3
diff --git a/g10/revoke.c b/g10/revoke.c
index db3c495..1dea6ae 100644
--- a/g10/revoke.c
+++ b/g10/revoke.c
@@ -334,7 +334,7 @@ gen_desig_revoke (ctrl_t ctrl, const char *uname, strlist_t locusr)
 	    if( !opt.armor )
 	      tty_printf(_("ASCII armored output forced.\n"));
 
-	    if( (rc = open_outfile (-1, NULL, 0, 1, &out, 0 )) )
+	    if( (rc = open_outfile (-1, NULL, 0, 1, &out )) )
 	      goto leave;
 
 	    afx->what = 1;
@@ -461,7 +461,7 @@ create_revocation (ctrl_t ctrl,
 
   afx = new_armor_context ();
 
-  if ((rc = open_outfile (-1, filename, suffix, 1, &out, !!filename)))
+  if ((rc = open_outfile (-1, filename, suffix, 1, &out)))
     goto leave;
 
   if (leadintext )
diff --git a/g10/sign.c b/g10/sign.c
index 0e379bc..4cf0cd3 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -889,7 +889,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
 	    log_info(_("writing to '%s'\n"), outfile );
     }
     else if( (rc = open_outfile (-1, fname,
-                                 opt.armor? 1: detached? 2:0, 0, &out, 0)))
+                                 opt.armor? 1: detached? 2:0, 0, &out)))
 	goto leave;
 
     /* prepare to calculate the MD over the input */
@@ -1191,7 +1191,7 @@ clearsign_file (ctrl_t ctrl,
 	else if( opt.verbose )
 	    log_info(_("writing to '%s'\n"), outfile );
     }
-    else if ((rc = open_outfile (-1, fname, 1, 0, &out, 0)))
+    else if ((rc = open_outfile (-1, fname, 1, 0, &out)))
 	goto leave;
 
     iobuf_writestr(out, "-----BEGIN PGP SIGNED MESSAGE-----" LF );
@@ -1340,7 +1340,7 @@ sign_symencrypt_file (ctrl_t ctrl, const char *fname, strlist_t locusr)
     cfx.dek->use_mdc = use_mdc (NULL, cfx.dek->algo);
 
     /* now create the outfile */
-    rc = open_outfile (-1, fname, opt.armor? 1:0, 0, &out, 0);
+    rc = open_outfile (-1, fname, opt.armor? 1:0, 0, &out);
     if (rc)
 	goto leave;
 

-----------------------------------------------------------------------

Summary of changes:
 g10/dearmor.c  |  4 ++--
 g10/encrypt.c  |  4 ++--
 g10/export.c   |  2 +-
 g10/main.h     |  2 +-
 g10/openfile.c | 12 +++++-------
 g10/revoke.c   |  4 ++--
 g10/sign.c     |  6 +++---
 7 files changed, 16 insertions(+), 18 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Aug  1 20:36:46 2017
From: cvs at cvs.gnupg.org (by Jussi Kivilinna)
Date: Tue, 01 Aug 2017 20:36:46 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.8.0-7-gcf1528e
Message-ID: <E1dcc2A-0005BQ-6q@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  cf1528e7f2761774d06ace0de48f39c96b52dc4f (commit)
       via  4a7aa30ae9f3ce798dd886c2f2d4164c43027748 (commit)
      from  b7cd44335d9cde43be6f693dca6399ed0762649c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit cf1528e7f2761774d06ace0de48f39c96b52dc4f
Author: Jussi Kivilinna <jussi.kivilinna at iki.fi>
Date:   Sat Jul 29 14:34:23 2017 +0300

    Fix return value type for _gcry_md_extract
    
    * src/gcrypt-int.h (_gcry_md_extract): Use gpg_err_code_t instead of
    gpg_error_t for internal function return type.
    --
    
    GnuPG-bug-id: 3314
    Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>

diff --git a/src/gcrypt-int.h b/src/gcrypt-int.h
index ddcafa5..ad719be 100644
--- a/src/gcrypt-int.h
+++ b/src/gcrypt-int.h
@@ -39,7 +39,7 @@ typedef struct mpi_ec_ctx_s *mpi_ec_t;
 
 

 /* Underscore prefixed internal versions of the public functions.
-   They return gpg_err_code and not gpg_error_t.  Some macros also
+   They return gpg_err_code_t and not gpg_error_t.  Some macros also
    need an underscore prefixed internal version.
 
    Note that the memory allocation functions and macros (xmalloc etc.)
@@ -120,8 +120,8 @@ gpg_err_code_t _gcry_md_ctl (gcry_md_hd_t hd, int cmd,
                           void *buffer, size_t buflen);
 void _gcry_md_write (gcry_md_hd_t hd, const void *buffer, size_t length);
 unsigned char *_gcry_md_read (gcry_md_hd_t hd, int algo);
-gpg_error_t _gcry_md_extract (gcry_md_hd_t hd, int algo, void *buffer,
-                              size_t length);
+gpg_err_code_t _gcry_md_extract (gcry_md_hd_t hd, int algo, void *buffer,
+                                 size_t length);
 void _gcry_md_hash_buffer (int algo, void *digest,
                            const void *buffer, size_t length);
 gpg_err_code_t _gcry_md_hash_buffers (int algo, unsigned int flags,

commit 4a7aa30ae9f3ce798dd886c2f2d4164c43027748
Author: Jussi Kivilinna <jussi.kivilinna at iki.fi>
Date:   Sat Jul 29 14:34:23 2017 +0300

    Fix building AArch32 CE implementations when target is ARMv6 arch
    
    * cipher/cipher-gcm-armv8-aarch32-ce.S: Select ARMv8 architecure.
    * cipher/rijndael-armv8-aarch32-ce.S: Ditto.
    * cipher/sha1-armv8-aarch32-ce.S: Ditto.
    * cipher/sha256-armv8-aarch32-ce.S: Ditto.
    * configure.ac (gcry_cv_gcc_inline_asm_aarch32_crypto): Ditto.
    --
    
    Raspbian distribution defaults to ARMv6 architecture thus 'rbit'
    instruction is not available with default compiler flags. Patch
    adds explicit architecture selection for ARMv8 to enable 'rbit'
    usage with ARMv8/AArch32-CE assembly implementations of SHA,
    GHASH and AES.
    
    Reported-by: Chris Horry <zerbey at gmail.com>
    Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>

diff --git a/cipher/cipher-gcm-armv8-aarch32-ce.S b/cipher/cipher-gcm-armv8-aarch32-ce.S
index b61a787..1de66a1 100644
--- a/cipher/cipher-gcm-armv8-aarch32-ce.S
+++ b/cipher/cipher-gcm-armv8-aarch32-ce.S
@@ -24,6 +24,7 @@
     defined(HAVE_GCC_INLINE_ASM_AARCH32_CRYPTO)
 
 .syntax unified
+.arch armv8-a
 .fpu crypto-neon-fp-armv8
 .arm
 
diff --git a/cipher/rijndael-armv8-aarch32-ce.S b/cipher/rijndael-armv8-aarch32-ce.S
index f375f67..5c8fa3c 100644
--- a/cipher/rijndael-armv8-aarch32-ce.S
+++ b/cipher/rijndael-armv8-aarch32-ce.S
@@ -24,6 +24,7 @@
     defined(HAVE_GCC_INLINE_ASM_AARCH32_CRYPTO)
 
 .syntax unified
+.arch armv8-a
 .fpu crypto-neon-fp-armv8
 .arm
 
diff --git a/cipher/sha1-armv8-aarch32-ce.S b/cipher/sha1-armv8-aarch32-ce.S
index b0bc5ff..bf2b233 100644
--- a/cipher/sha1-armv8-aarch32-ce.S
+++ b/cipher/sha1-armv8-aarch32-ce.S
@@ -24,6 +24,7 @@
     defined(HAVE_GCC_INLINE_ASM_AARCH32_CRYPTO) && defined(USE_SHA1)
 
 .syntax unified
+.arch armv8-a
 .fpu crypto-neon-fp-armv8
 .arm
 
diff --git a/cipher/sha256-armv8-aarch32-ce.S b/cipher/sha256-armv8-aarch32-ce.S
index 2041a23..2b17ab1 100644
--- a/cipher/sha256-armv8-aarch32-ce.S
+++ b/cipher/sha256-armv8-aarch32-ce.S
@@ -24,6 +24,7 @@
     defined(HAVE_GCC_INLINE_ASM_AARCH32_CRYPTO) && defined(USE_SHA256)
 
 .syntax unified
+.arch armv8-a
 .fpu crypto-neon-fp-armv8
 .arm
 
diff --git a/configure.ac b/configure.ac
index 27faa7f..66e7cd6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1619,6 +1619,7 @@ AC_CACHE_CHECK([whether GCC inline assembler supports AArch32 Crypto Extension i
           AC_COMPILE_IFELSE([AC_LANG_SOURCE(
           [[__asm__(
                 ".syntax unified\n\t"
+                ".arch armv8-a\n\t"
                 ".arm\n\t"
                 ".fpu crypto-neon-fp-armv8\n\t"
 

-----------------------------------------------------------------------

Summary of changes:
 cipher/cipher-gcm-armv8-aarch32-ce.S | 1 +
 cipher/rijndael-armv8-aarch32-ce.S   | 1 +
 cipher/sha1-armv8-aarch32-ce.S       | 1 +
 cipher/sha256-armv8-aarch32-ce.S     | 1 +
 configure.ac                         | 1 +
 src/gcrypt-int.h                     | 6 +++---
 6 files changed, 8 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Aug  1 21:09:12 2017
From: cvs at cvs.gnupg.org (by Jussi Kivilinna)
Date: Tue, 01 Aug 2017 21:09:12 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.8.0-8-g94a92a3
Message-ID: <E1dccXY-0002Bt-C3@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  94a92a3db909aef0ebcc009c2d7f5a2663e99004 (commit)
      from  cf1528e7f2761774d06ace0de48f39c96b52dc4f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 94a92a3db909aef0ebcc009c2d7f5a2663e99004
Author: Jussi Kivilinna <jussi.kivilinna at iki.fi>
Date:   Tue Aug 1 21:05:31 2017 +0300

    Add script to run basic tests with all supported HWF combinations
    
    * tests/basic_all_hwfeature_combinations.sh: New.
    * tests/Makefile.am: Add basic_all_hwfeature_combinations.sh.
    --
    
    Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>

diff --git a/tests/Makefile.am b/tests/Makefile.am
index 1744ea7..eee24fa 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -60,7 +60,7 @@ EXTRA_DIST = README rsa-16k.key cavs_tests.sh cavs_driver.pl \
 	     t-ed25519.inp stopwatch.h hashtest-256g.in \
 	     sha3-224.h sha3-256.h sha3-384.h sha3-512.h \
 	     blake2b.h blake2s.h \
-	     basic-disable-all-hwf.in
+	     basic-disable-all-hwf.in basic_all_hwfeature_combinations.sh
 
 LDADD = $(standard_ldadd) $(GPG_ERROR_LIBS)
 t_lock_LDADD = $(standard_ldadd) $(GPG_ERROR_MT_LIBS)
diff --git a/tests/basic_all_hwfeature_combinations.sh b/tests/basic_all_hwfeature_combinations.sh
new file mode 100755
index 0000000..8ec97bf
--- /dev/null
+++ b/tests/basic_all_hwfeature_combinations.sh
@@ -0,0 +1,111 @@
+#!/bin/bash
+# Run basic tests with all HW feature combinations
+# Copyright 2017 Jussi Kivilinna <jussi.kivilinna at iki.fi>
+#
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+#
+# This file is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+#
+
+# Use BINEXT to set executable extension
+#  For example for Windows executables: BINEXT=.exe
+if [ "x$BINEXT" != "x" ] && [ -e "tests/version$BINEXT" ]; then
+	binext="$BINEXT"
+else
+	binext=""
+fi
+
+# Use BINPRE to set executable prefix
+#  For example to run Windows executable with WINE: BINPRE="wine "
+if [ "x$BINPRE" != "x" ]; then
+	binpre="$BINPRE"
+else
+	binpre=""
+fi
+
+# Use NJOBS to define number of parallel tasks
+if [ "x$NJOBS" != "x" ]; then
+	njobs="$NJOBS"
+else
+	# default to cpu count
+	ncpus=$(nproc --all)
+	if [ "x at cpus" != "x" ]; then
+		njobs=$ncpus
+	else
+		# could not get cpu count, use 4 parallel tasks instead
+		njobs=4
+	fi
+fi
+
+get_supported_hwfeatures() {
+	$binpre "tests/version$binext" 2>&1 | \
+		grep "hwflist" | \
+		sed -e 's/hwflist://' -e 's/:/ /g' -e 's/\x0d/\x0a/g'
+}
+
+hwfs=($(get_supported_hwfeatures))
+retcodes=()
+optslist=()
+echo "Total HW-feature combinations: $((1<<${#hwfs[@]}))"
+for ((cbits=0; cbits < (1<<${#hwfs[@]}); cbits++)); do
+  for ((mask=0; mask < ${#hwfs[@]}; mask++)); do
+    match=$(((1<<mask) & cbits))
+    if [ "x$match" != "x0" ]; then
+      echo -n "--disable-hwf ${hwfs[$mask]} "
+    fi
+  done
+  echo ""
+done | sort | (
+  # Run all combinations
+  nbasic=0
+  nwait=0
+  failed=0
+  output=""
+  while read opts; do
+    currn=$nbasic
+    curr_jobs=($(jobs -p))
+    while [ "${#curr_jobs[@]}" -ge "8" ]; do
+      # Wait for one job to complete
+      wait ${retcodes[$nwait]}
+      retval=$?
+      if [ "x$retval" != "x0" ]; then
+        output="$output\nERROR: HWF disable failed: [${optslist[$nwait]}]"
+        failed=1
+      else
+        output="$output\nSUCCESS: HWF disable OK: [${optslist[$nwait]}]"
+      fi
+      nwait=$((nwait+1))
+      curr_jobs=($(jobs -p))
+      if [ $failed != 0 ]; then
+        break
+      fi
+    done
+    if [ $failed != 0 ]; then
+      break
+    fi
+    nbasic=$((nbasic+1))
+    echo "[$nbasic/$((1<<${#hwfs[@]}))] Basic test with '$opts'"
+    optslist[$currn]="$opts"
+    nice nice $binpre "tests/basic$binext" $opts & retcodes[$currn]=$!
+  done
+
+  # Fetch remaining return codes
+  for ((; nwait < nbasic; nwait++)); do
+    # Wait for one job to complete
+    wait ${retcodes[$nwait]}
+    retval=$?
+    if [ "x$retval" != "x0" ]; then
+      output="$output\nERROR: HWF disable failed: [${optslist[$nwait]}]"
+      failed=1
+    else
+      output="$output\nSUCCESS: HWF disable OK: [${optslist[$nwait]}]"
+    fi
+  done
+
+  echo -e "$output"
+  exit $failed
+)

-----------------------------------------------------------------------

Summary of changes:
 tests/Makefile.am                         |   2 +-
 tests/basic_all_hwfeature_combinations.sh | 111 ++++++++++++++++++++++++++++++
 2 files changed, 112 insertions(+), 1 deletion(-)
 create mode 100755 tests/basic_all_hwfeature_combinations.sh


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Aug  2 09:08:38 2017
From: cvs at cvs.gnupg.org (by Frans Spiesschaert)
Date: Wed, 02 Aug 2017 09:08:38 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4,
 updated. gnupg-1.4.22-3-g6d5c520
Message-ID: <E1dcnlm-0003IN-Qy@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-1-4 has been updated
       via  6d5c5204d79fa9d01981c0076d3acde18534640a (commit)
      from  76239356bcb3bfeec5327637ed87429594868fef (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 6d5c5204d79fa9d01981c0076d3acde18534640a
Author: Frans Spiesschaert <Frans.Spiesschaert at yucom.be>
Date:   Wed Aug 2 02:07:48 2017 -0400

    po: Update Dutch translation
    
    Debian-Bug-Id: 845695
    Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>

diff --git a/po/nl.po b/po/nl.po
index b24ce55..e47fd96 100644
--- a/po/nl.po
+++ b/po/nl.po
@@ -24,13 +24,13 @@
 # When output to an ASCII terminal, the single quotation marks are
 # transliterated to apostrophes, and the double quotation marks are
 # transliterated to 0x22.
-# Frans Spiesschaert <Frans.Spiesschaert at yucom.be>, 2014.
+# Frans Spiesschaert <Frans.Spiesschaert at yucom.be>, 2014, 2016.
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: gnupg 1.4.6\n"
+"Project-Id-Version: gnupg 1.4.21\n"
 "Report-Msgid-Bugs-To: translations at gnupg.org\n"
-"PO-Revision-Date: 2014-11-24 12:23+0100\n"
+"PO-Revision-Date: 2016-11-08 20:05+0100\n"
 "Last-Translator: Frans Spiesschaert <Frans.Spiesschaert at yucom.be>\n"
 "Language-Team: Debian Dutch l10n Team <debian-l10n-dutch at lists.debian.org>\n"
 "Language: nl\n"
@@ -38,6 +38,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Gtranslator 2.91.6\n"
 
 #, c-format
 msgid "can't gen prime with pbits=%u qbits=%u\n"
@@ -2943,12 +2944,10 @@ msgstr ""
 "              de veronderstelde primaire ID worden.\n"
 
 msgid "WARNING: Your encryption subkey expires soon.\n"
-msgstr ""
+msgstr "WAARSCHUWING: Binnenkort vervalt uw encryptie-subsleutel.\n"
 
-#, fuzzy
-#| msgid "You can't change the expiration date of a v3 key\n"
 msgid "You may want to change its expiration date too.\n"
-msgstr "U kunt de vervaldatum van een v3-sleutel niet veranderen\n"
+msgstr "Misschien wilt u ook zijn vervaldatum wijzigen.\n"
 
 msgid ""
 "WARNING: This is a PGP2-style key.  Adding a photo ID may cause some "
@@ -4054,10 +4053,9 @@ msgstr "dubbelzinnige optie `%s'\n"
 msgid "unknown option `%s'\n"
 msgstr "onbekende optie `%s'\n"
 
-#, fuzzy, c-format
-#| msgid "Unknown signature type `%s'\n"
+#, c-format
 msgid "Unknown weak digest '%s'\n"
-msgstr "Onbekend ondertekeningstype ?%s?\n"
+msgstr "Onbekende zwakke hash ?%s?\n"
 
 #, c-format
 msgid "File `%s' exists. "
@@ -4680,10 +4678,10 @@ msgstr ""
 msgid "NOTE: signature key %s expired %s\n"
 msgstr "NOOT: ondertekeningssleutel %s verviel op %s\n"
 
-#, fuzzy, c-format
-#| msgid "%s signature, digest algorithm %s\n"
+#, c-format
 msgid "Note: signatures using the %s algorithm are rejected\n"
-msgstr "%s handtekening, hashalgoritme %s\n"
+msgstr ""
+"Opmerking: handtekeningen die het algoritme %s gebruiken worden verworpen\n"
 
 #, c-format
 msgid "assuming bad signature from key %s due to an unknown critical bit\n"

-----------------------------------------------------------------------

Summary of changes:
 po/nl.po | 24 +++++++++++-------------
 1 file changed, 11 insertions(+), 13 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Aug  2 09:13:45 2017
From: cvs at cvs.gnupg.org (by Joe Hansen)
Date: Wed, 02 Aug 2017 09:13:45 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4,
 updated. gnupg-1.4.22-4-g12afc37
Message-ID: <E1dcnqj-0004Lm-OH@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-1-4 has been updated
       via  12afc37a946477692257d725acac513f271c4e9e (commit)
      from  6d5c5204d79fa9d01981c0076d3acde18534640a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 12afc37a946477692257d725acac513f271c4e9e
Author: Joe Hansen <joedalton2 at yahoo.dk>
Date:   Thu May 28 01:50:54 2015 -0400

    po: Update Danish translation
    
    Originally reported at:
    http://lists.gnupg.org/pipermail/gnupg-i18n/2014-November/000308.html
    
    Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>

diff --git a/po/da.po b/po/da.po
index 8f3af6f..99d2ed2 100644
--- a/po/da.po
+++ b/po/da.po
@@ -2,7 +2,7 @@
 # Copyright (C) 2012 Free Software Foundation, Inc.
 # Birger Langkjer, <birger.langkjer at image.dk>, 2000.
 # Kenneth Christiansen, kenneth at ripen.dk, 2000.
-# Joe Hansen, <joedalton2 at yahoo.dk>, 2012.
+# Joe Hansen, <joedalton2 at yahoo.dk>, 2012, 2014.
 #
 # deadlock -> bagl?s
 # ownertrust -> ejertrov?rdighed (p?lidelighed, tillid)
@@ -1841,7 +1841,7 @@ msgstr "reparer skade fra pks-n?gleserveren under import"
 #, fuzzy
 #| msgid "do not update the trustdb after import"
 msgid "do not clear the ownertrust values during import"
-msgstr "opdater ikke trustdb efter import"
+msgstr "ryd ikke ejerskabsv?rdierne under import"
 
 msgid "do not update the trustdb after import"
 msgstr "opdater ikke trustdb efter import"
@@ -1966,10 +1966,10 @@ msgstr "n?gle %s: ingen bruger-id\n"
 #, fuzzy, c-format
 #| msgid "skipped \"%s\": %s\n"
 msgid "key %s: %s\n"
-msgstr "udelod ?%s?: %s\n"
+msgstr "n?gle %s: %s\n"
 
 msgid "rejected by import filter"
-msgstr ""
+msgstr "afvist af importfilter"
 
 #, c-format
 msgid "key %s: PKS subkey corruption repaired\n"
@@ -2069,7 +2069,7 @@ msgstr "n?gle %s: ?%s? ikke ?ndret\n"
 #, fuzzy, c-format
 #| msgid "secret key \"%s\" not found: %s\n"
 msgid "secret key %s: %s\n"
-msgstr "hemmelig n?gle ?%s? blev ikke fundet: %s\n"
+msgstr "hemmelig n?gle %s: %s\n"
 
 msgid "importing secret keys not allowed\n"
 msgstr "import af hemmelige n?gler er ikke tilladt\n"
@@ -3802,7 +3802,7 @@ msgstr "ukendt"
 
 #, c-format
 msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n"
-msgstr ""
+msgstr "ADVARSEL: Ikke en frakoblet underskrift; filen ?%s? blev IKKE verificeret!\n"
 
 #, c-format
 msgid "Can't check signature: %s\n"

-----------------------------------------------------------------------

Summary of changes:
 po/da.po | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Aug  2 14:39:19 2017
From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor)
Date: Wed, 02 Aug 2017 14:39:19 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4,
 updated. gnupg-1.4.22-5-g9832a4b
Message-ID: <E1dcsvn-0003wU-Vm@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-1-4 has been updated
       via  9832a4bacfa5232534f2c7fe7655bd0677a41f6e (commit)
      from  12afc37a946477692257d725acac513f271c4e9e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 9832a4bacfa5232534f2c7fe7655bd0677a41f6e
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date:   Wed Aug 2 08:37:09 2017 -0400

    debian: Remove packaging from upstream repository.
    
    Debian packaging for GnuPG is handled in debian git repositories, and
    doesn't belong here in the upstream repository.  The packaging was
    significantly out of date anyway.
    
    If you're looking for debian packaging for the 1.4 branch of GnuPG,
    please use the following git remote:
    
        https://anonscm.debian.org/git/pkg-gnupg/gnupg1.git
    
    Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>

diff --git a/debian/README.Debian b/debian/README.Debian
deleted file mode 100644
index 854a2e4..0000000
--- a/debian/README.Debian
+++ /dev/null
@@ -1,28 +0,0 @@
-GDBM keyring support
---------------------
-
-GDBM-based keyring support is (and always) was an experimental feature
-which is likely to be removed in future versions.  For that reason it
-is not compiled into the Debian package and won't be until and unless
-GDBM support stabilises.
-
-Upgrading from old (<= 0.3.3) versions GnuPG
---------------------------------------------
-
-Due to a bug in the way secret keys were encrypted in versions prior
-to 0.3.3, later version of GnuPG are not backwards compatible and you
-will have to convert your secret keys before using old secret keys
-with recent versions of GnuPG.
-
-The upgrade strategy is described in /usr/doc/gnupg/NEWS.gz, please
-refer to it for more details, but it requires an old copy of the gpg
-and gpgm binaries.  They may be on your system as gpg.old and
-gpgm.old, but if they're not you can find gnupg 0.3.2 source and
-binaries for i386, m68k, alpha, powerpc and hurd-i386 at:
-
-  <URL:http://people.debian.org/~troup/gnupg/>
-
--- 
-James Troup <james at nocrew.org>, Horsforth, UK
-Sun,  1 Oct 2000 13:53:12 +0100
-
diff --git a/debian/changelog b/debian/changelog
deleted file mode 100644
index 8d33a87..0000000
--- a/debian/changelog
+++ /dev/null
@@ -1,402 +0,0 @@
-gnupg (1.0.5-1) unstable; urgency=low
-
-  * New upstream version.
-  * debian/README.Debian: fix spelling and update URL.
-  * debian/rules (binary): remove the new info files.
-  * scripts/config.{guess,sub}: sync with subversions, closes: #95729.
-
- -- James Troup <james at nocrew.org>  Mon, 30 Apr 2001 02:12:38 +0100
-
-gnupg (1.0.4-4) unstable; urgency=low
-
-  * po/ru.po: patch by Ilya Martynov <m_ilya at agava.com> to replace German
-    entries and add missing translations, closes: #93987.
-  * g10/revoke.c (ask_revocation_reason): typo fix (s/non longer/no
-    longer/g); noticed by Colin Watson <cjw44 at flatline.org.uk>, closes:
-    #93664.
-
-  * Deprecated depreciated; noticed by Vincent Broman
-    <broman at spawar.navy.mil>.
-
-  * Following two patches are from Vincent Broman.
-  * g10/mainproc.c (proc_tree): use iobuf_get_real_fname() in preference
-    to iobuf_get_fname().
-  * g10/openfile.c (open_sigfile): handle .sign prefixed files correctly.
-
- -- James Troup <james at nocrew.org>  Fri, 20 Apr 2001 23:32:44 +0100
-
-gnupg (1.0.4-3) unstable; urgency=medium
-
-  * debian/rules (binary): make gpg binary suid, closes: #86433.
-  * debian/postinst: don't use suidregister.
-  * debian/postrm: removed (only called suidunregister).
-  * debian/control: conflict with suidmanager << 0.50.
-  * mpi/longlong.h: apply fix for ARM long long artimetic from Philip
-    Blundell <philb at gnu.org>, closes: #87487.
-  * debian/preinst: the old GnuPG debs have moved to people.debian.org.
-  * cipher/random.c: #include <time.h> as well as <sys/time.h>
-  * g10/misc.c: likewise.
-  * debian/rules: define a strip alias which removes the .comment and
-    .note sections.
-  * debian/rules (binary-arch): use it.
-  * debian/lintian.override: new file; override the SUID warning from
-    lintian.
-  * debian/rules (binary-arch): install it.
-
- -- James Troup <james at nocrew.org>  Sun, 25 Feb 2001 05:24:58 +0000
-
-gnupg (1.0.4-2) stable unstable; urgency=high
-
-  * Apply security fix patch from Werner.
-  * Apply another patch from Werner to fix bogus warning on Rijndael
-    usage.
-  * Change section to 'non-US'.
-
- -- James Troup <james at nocrew.org>  Mon, 12 Feb 2001 07:47:02 +0000
-
-gnupg (1.0.4-1) stable unstable; urgency=high
-
-  * New upstream version.
-  * Fixes a serious bug which could lead to false signature verification
-    results when more than one signature is fed to gpg.
-
- -- James Troup <james at nocrew.org>  Tue, 17 Oct 2000 17:26:17 +0100
-
-gnupg (1.0.3b-1) unstable; urgency=low
-
-  * New upstream snapshot version.
-
- -- James Troup <james at nocrew.org>  Fri, 13 Oct 2000 18:08:14 +0100
-
-gnupg (1.0.3-2) unstable; urgency=low
-
-  * debian/control: Conflict, Replace and Provide gpg-rsa & gpg-rsaref.
-    Fix long description to reflect the fact that RSA is no longer
-    patented and now included. [#72177]
-  * debian/rules: move faq.html to /usr/share/doc/gnupg/ and remove FAQ
-    from /usr/share/gnupg/.  Thanks to Robert Luberda
-    <robert at pingu.ii.uj.edu.pl> for noticing. [#72151]
-  * debian/control: Suggest new package gnupg-doc. [#64323, #65560]
-  * utils/secmem.c (lock_pool): don't bomb out if mlock() returns ENOMEM,
-    as Linux will do this if resource limits (or other reasons) prevent
-    memory from being locked, instead treat it like permission was denied
-    and warn but continue.  Thanks to Topi Miettinen
-    <Topi.Miettinen at nic.fi>. [#70446]
-  * g10/hkp.c (not_implemented): s/ist/is/ in error message.
-  * debian/README.Debian: add a note about GDBM support and why it is
-    disabled.  Upstream already fixed the manpage.  [#65913]
-  * debian/rules (binary-arch): fix the Spanish translation to be 'es' not
-    'es_ES' at Nicol?s Lichtmaier <nick at debian.org>'s request. [#57314]
-
- -- James Troup <james at nocrew.org>  Sun,  1 Oct 2000 14:55:03 +0100
-
-gnupg (1.0.3-1) unstable; urgency=low
-
-  * New upstream version.
-
- -- James Troup <james at nocrew.org>  Mon, 18 Sep 2000 15:56:54 +0100
-
-gnupg (1.0.2-1) unstable; urgency=low
-
-  * New upstream version.
-
- -- James Troup <james at nocrew.org>  Thu, 13 Jul 2000 20:26:50 +0100
-
-gnupg (1.0.1-2) unstable; urgency=low
-
-  * debian/control (Build-Depends): added.
-  * debian/copyright: corrected location of copyright file.  Removed
-    references to Linux.  Removed warnings about beta nature of GnuPG.
-  * debian/rules (binary-arch): install documentation into
-    /usr/share/doc/gnupg/ and pass mandir to make install to ensure the
-    manpages go to /usr/share/man/.
-  * debian/postinst: create /usr/doc/gnupg symlink.
-  * debian/prerm: new file; remove /usr/doc/gnupg symlink.
-  * debian/rules (binary-arch): install prerm.
-  * debian/control (Standards-Version): updated to 3.1.1.1.
-
- -- James Troup <james at nocrew.org>  Thu, 30 Dec 1999 16:16:49 +0000
-
-gnupg (1.0.1-1) unstable; urgency=low
-
-  * New upstream version.
-  * doc/gpg.1: updated to something usable from
-    ftp://ftp.gnupg.org/pub/gcrypt/gnupg/gpg.1.gz.
-
- -- James Troup <james at nocrew.org>  Sun, 19 Dec 1999 23:47:10 +0000
-
-gnupg (1.0.0-3) unstable; urgency=low
-
-  * debian/rules (build): remove the stunningly ill-advised --host option
-    to configure.  [#44698, #48212, #48281]
-
- -- James Troup <james at nocrew.org>  Tue, 26 Oct 1999 01:12:59 +0100
-
-gnupg (1.0.0-2) unstable; urgency=low
-
-  * debian/rules (binary-arch): fix the permissions on the
-    modules. [#47280]
-  * debian/postinst, debian/postrm: fix the package name passed to
-    suidregister. [#45013]
-  * debian/control: update long description. [#44636]
-  * debian/rules (build): pass the host explicitly to configure to avoid
-    problems on sparc64. [(Should fix) #44698].
-
- -- James Troup <james at nocrew.org>  Wed, 20 Oct 1999 23:39:05 +0100
-
-gnupg (1.0.0-1) unstable; urgency=low
-
-  * New upstream release. [#44545]
-
- -- James Troup <james at nocrew.org>  Wed,  8 Sep 1999 00:53:02 +0100
-
-gnupg (0.9.10-2) unstable; urgency=low
-
-  * debian/rules (binary-arch): install lspgpot.  Requested by Kai
-    Henningsen <kai at khms.westfalen.de>. [#42288]
-  * debian/rules (binary-arch): correct the path where modules are looked
-    for.  Reported by Karl M. Hegbloom <karlheg at odin.cc.pdx.edu>. [#40881]
-  * debian/postinst, debian/postrm: under protest, register gpg the
-    package with suidmanager and make it suid by default.
-    [#29780,#32590,#40391]
-
- -- James Troup <james at nocrew.org>  Tue, 10 Aug 1999 00:12:40 +0100
-
-gnupg (0.9.10-1) unstable; urgency=low
-
-  * New upstream version.
-
- -- James Troup <james at nocrew.org>  Fri,  6 Aug 1999 01:16:21 +0100
-
-gnupg (0.9.9-1) unstable; urgency=low
-
-  * New upstream version.
-
- -- James Troup <james at nocrew.org>  Sun, 25 Jul 1999 01:06:31 +0100
-
-gnupg (0.9.8-1) unstable; urgency=low
-
-  * New upstream version.  
-  * debian/rules (binary-arch): don't create a gpgm manpage as the binary
-    no longer exists.  Noticed by Wichert Akkerman
-    <wichert at cs.leidenuniv.nl>. [#38864]
-
- -- James Troup <james at nocrew.org>  Sun, 27 Jun 1999 01:07:58 +0100
-
-gnupg (0.9.7-1) unstable; urgency=low
-
-  * New upstream version.
-
- -- James Troup <james at nocrew.org>  Tue, 25 May 1999 13:23:24 +0100
-
-gnupg (0.9.6-1) unstable; urgency=low
-
-  * New upstream version.
-  * debian/copyright: update version number, noticed by Lazarus Long
-    <lazarus at frontiernet.net>.
-  * debian/control (Depends): depend on makedev (>= 2.3.1-13) to ensure
-    that /dev/urandom exists; reported by Steffen Markert
-    <smort at rz.tu-ilmenau.de>. [#32076]
-
- -- James Troup <james at nocrew.org>  Tue, 11 May 1999 21:06:27 +0100
-
-gnupg (0.9.5-1) unstable; urgency=low
-
-  * New upstream version.
-  * debian/control (Description): no tabs.  [Lintian]
-
- -- James Troup <james at nocrew.org>  Wed, 24 Mar 1999 22:37:40 +0000
-
-gnupg (0.9.4-1) unstable; urgency=low
-
-  * New version.
-  * debian/control: s/GNUPG/GnuPG/
-
- -- Werner Koch <wk at isil.d.suttle.de>  Mon, 8 Mar 1999 19:58:28 +0100
-
-gnupg (0.9.3-1) unstable; urgency=low
-
-  * New upstream version.
-
- -- James Troup <james at nocrew.org>  Mon, 22 Feb 1999 22:55:04 +0000
-
-gnupg (0.9.2-1) unstable; urgency=low
-
-  * New version.
-  * debian/rules (build): Removed CFLAGS as the default is now sufficient.
-  * debian/rules (clean): remove special handling cleanup in intl.
-
- -- Werner Koch <wk at isil.d.suttle.de>  Wed, 20 Jan 1999 21:23:11 +0100
-
-gnupg (0.9.1-1) unstable; urgency=low
-
-  * New upstream version.
-
- -- James Troup <james at nocrew.org>  Sat,  9 Jan 1999 22:29:11 +0000
-
-gnupg (0.9.0-1) unstable; urgency=low
-
-  * New upstream version.
-  * g10/armor.c (armor_filter): add missing new line in comment string; as
-    noticed by Stainless Steel Rat <ratinox at peorth.gweep.net>.
-
- -- James Troup <james at nocrew.org>  Tue, 29 Dec 1998 20:22:43 +0000
-
-gnupg (0.4.5-1) unstable; urgency=low
-
-  * New upstream version.
-  * debian/rules (clean): force removal of intl/libintl.h which the
-    Makefiles fail to remove properly.
-
- -- James Troup <james at nocrew.org>  Tue,  8 Dec 1998 22:40:23 +0000
-
-gnupg (0.4.4-1) unstable; urgency=low
-
-  * New upstream version.
-
- -- James Troup <james at nocrew.org>  Sat, 21 Nov 1998 01:34:29 +0000
-
-gnupg (0.4.3-1) unstable; urgency=low
-
-  * New upstream version.
-  * debian/README.Debian: new file; contains same information as is in the
-    preinst.  Suggested by Wichert Akkerman <wichert at cs.leidenuniv.nl>.
-  * debian/rules (binary-arch): install `README.Debian'
-  * debian/control (Standards-Version): updated to 2.5.0.0.
-
- -- James Troup <james at nocrew.org>  Sun,  8 Nov 1998 19:08:12 +0000
-
-gnupg (0.4.2-1) unstable; urgency=low
-
-  * New upstream version.
-  * debian/preinst: improve message about the NEWS file which isn't
-    actually installed when it's referred to, thanks to Martin Mitchell
-    <martin at debian.org>.
-  * debian/rules (binary-arch): don't install the now non-existent `rfcs',
-    but do install `OpenPGP'.
-
- -- James Troup <james at nocrew.org>  Sun, 18 Oct 1998 22:48:34 +0100
-
-gnupg (0.4.1-1) unstable; urgency=low
-
-  * New upstream version.
-  * debian/rules (binary-arch): fix the gpgm manpage symlink now installed
-    by `make install'.
-
- -- James Troup <james at nocrew.org>  Sun, 11 Oct 1998 17:01:21 +0100
-
-gnupg (0.4.0-1) unstable; urgency=high
-
-  * New upstream version. [#26717]
-  * debian/copyright: tone down warning about alpha nature of gnupg.
-  * debian/copyright: new maintainer address.
-  * debian/control: update extended description.
-  * debian/rules (binary-arch): install FAQ and all ChangeLogs.
-  * debian/preinst: new; check for upgrade from (<= 0.3.2-1) and warn about
-    incompatibilities in keyring format and offer to move old copy out of
-    gpg out of the way for transition strategy and inform the user about
-    the old copies of gnupg available on my web page.
-  * debian/rules (binary-arch) install preinst.
-  * debian/rules (binary-arch): don't depend on the test target as it is
-    now partially interactive (tries to generate a key, which requires
-    someone else to be using the computer).
-
- -- James Troup <james at nocrew.org>  Thu,  8 Oct 1998 00:47:07 +0100
-
-gnupg (0.3.2-1) unstable; urgency=low
-
-  * New upstream version.
-  * debian/control (Maintainer): new address.
-  * debian/copyright: updated list of changes.
-
- -- James Troup <james at nocrew.org>  Thu,  9 Jul 1998 21:06:07 +0200
-
-gnupg (0.3.1-1) unstable; urgency=low
-
-  * New upstream version.
-
- -- James Troup <james at nocrew.org>  Tue,  7 Jul 1998 00:26:21 +0200
-
-gnupg (0.3.0-2) unstable; urgency=low
-
-  * Applied bug-fix patch from Werner.
-
- -- James Troup <jjtroup at comp.brad.ac.uk>  Fri, 26 Jun 1998 12:18:29 +0200
-
-gnupg (0.3.0-1) unstable; urgency=low
-
-  * New upstream version.
-  * debian/control: rewrote short and long description.
-  * cipher/Makefile.am: link tiger with -lc.
-  * debian/rules (binary-arch): strip loadable modules.
-  * util/secmem.c (lock_pool): get rid of errant test code; fix from
-    Werner Koch <wk at isil.d.shuttle.de>.
-  * debian/rules (test): new target which runs gnupg's test suite.
-    binary-arch depends on it, to ensure it's run whenever the package is
-    built.
-
- -- James Troup <jjtroup at comp.brad.ac.uk>  Thu, 25 Jun 1998 16:04:57 +0200
-
-gnupg (0.2.19-1) unstable; urgency=low
-
-  * New upstream version.
-  * debian/control: Updated long description.
-
- -- James Troup <jjtroup at comp.brad.ac.uk>  Sat, 30 May 1998 12:12:35 +0200
-
-gnupg (0.2.18-1) unstable; urgency=low
-
-  * New upstream version.
-
- -- James Troup <J.J.Troup at comp.brad.ac.uk>  Sat, 16 May 1998 11:52:47 +0200
-
-gnupg (0.2.17-1) unstable; urgency=high
-
-  * New upstream version.
-  * debian/control (Standards-Version): updated to 2.4.1.0.
-  * debian/control: tone down warning about alpha nature of gnupg, as per
-    README.
-  * debian/copyright: ditto.
-
- -- James Troup <jjtroup at comp.brad.ac.uk>  Mon,  4 May 1998 22:36:51 +0200
-
-gnupg (0.2.15-1) unstable; urgency=high
-
-  * New upstream version.
-
- -- James Troup <jjtroup at comp.brad.ac.uk>  Fri, 10 Apr 1998 01:12:20 +0100
-
-gnupg (0.2.13-1) unstable; urgency=high
-
-  * New upstream version.
-
- -- James Troup <jjtroup at comp.brad.ac.uk>  Wed, 11 Mar 1998 01:52:51 +0000
-
-gnupg (0.2.12-1) unstable; urgency=low
-
-  * New upstream version.
-
- -- James Troup <jjtroup at comp.brad.ac.uk>  Sat,  7 Mar 1998 13:52:40 +0000
-
-gnupg (0.2.11-1) unstable; urgency=low
-
-  * New upstream version.
-
- -- James Troup <jjtroup at comp.brad.ac.uk>  Wed,  4 Mar 1998 01:32:12 +0000
-
-gnupg (0.2.10-1) unstable; urgency=low
-
-  * New upstream version.
-  * Name changed upstream.
-
- -- James Troup <jjtroup at comp.brad.ac.uk>  Mon,  2 Mar 1998 07:32:05 +0000
-
-g10 (0.2.7-1) unstable; urgency=low
-
-  * Initial release.
-
- -- James Troup <jjtroup at comp.brad.ac.uk>  Fri, 20 Feb 1998 02:05:34 +0000
-
-Local variables:
-mode: debian-changelog
-End:
diff --git a/debian/control b/debian/control
deleted file mode 100644
index 5b158da..0000000
--- a/debian/control
+++ /dev/null
@@ -1,24 +0,0 @@
-Source: gnupg
-Section: non-US
-Priority: optional
-Maintainer: James Troup <james at nocrew.org>
-Standards-Version: 3.1.1.1
-Build-Depends: gettext, libgdbmg1-dev, libz-dev
-
-Package: gnupg
-Architecture: any
-Depends: ${shlibs:Depends}, makedev (>= 2.3.1-13)
-Suggests: gnupg-doc
-Conflicts: gpg-rsa, gpg-rsaref, suidmanager (<< 0.50)
-Replaces: gpg-rsa, gpg-rsaref
-Provides: gpg-rsa, gpg-rsaref
-Description: GNU privacy guard - a free PGP replacement.
- GnuPG is GNU's tool for secure communication and data storage.
- It can be used to encrypt data and to create digital signatures.
- It includes an advanced key management facility and is compliant
- with the proposed OpenPGP Internet standard as described in RFC2440.
- .
- GnuPG does not use use any patented algorithms so it cannot be
- compatible with PGP2 because it uses IDEA (which is patented
- worldwide) and RSA.  RSA's patent expired on the 20th September 2000,
- and it is now included in GnuPG.
diff --git a/debian/copyright b/debian/copyright
deleted file mode 100644
index e5d99f6..0000000
--- a/debian/copyright
+++ /dev/null
@@ -1,29 +0,0 @@
-This is Debian GNU's prepackaged version of GnuPG, a free PGP
-replacement.
-
-This package was put together by me, James Troup <james at nocrew.org>,
-from the sources, which I obtained from
-ftp://ftp.gnupg.org/pub/gcrypt/gnupg/gnupg-1.0.5.tar.gz.  The changes
-were minimal, namely:
-
-- adding support for the Debian package maintenance scheme, by adding
-  various debian/* files.
-
-Program Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
-Modifications for Debian Copyright (C) 1998, 1999, 2000, 2001 James Troup.
-
-GnuPG is free software; you can redistribute it and/or modify it under
-the terms of the GNU General Public License as published by the Free
-Software Foundation; either version 2, or (at your option) any later
-version.
-
-GnuPG is distributed in the hope that it will be useful, but WITHOUT
-ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-for more details.
-
-You should have received a copy of the GNU General Public License with
-your Debian GNU system, in /usr/share/common-licenses/GPL, or with the
-Debian GNU gnupg source package as the file COPYING.  If not, write to
-the Free Software Foundation, Inc., 59 Temple Place, Suite 330,
-Boston, MA 02111-1307, USA.
diff --git a/debian/distfiles b/debian/distfiles
deleted file mode 100644
index f7f2261..0000000
--- a/debian/distfiles
+++ /dev/null
@@ -1,6 +0,0 @@
-README.Debian
-changelog
-control
-copyright
-preinst
-rules
diff --git a/debian/lintian.override b/debian/lintian.override
deleted file mode 100644
index c35ed27..0000000
--- a/debian/lintian.override
+++ /dev/null
@@ -1 +0,0 @@
-gnupg: setuid-binary usr/bin/gpg 4755 root/root
diff --git a/debian/preinst b/debian/preinst
deleted file mode 100644
index 607944c..0000000
--- a/debian/preinst
+++ /dev/null
@@ -1,47 +0,0 @@
-#!/bin/sh
-
-set -e
-
-case "$1" in
-    upgrade|install)
-	# Try to gracefully handle upgrades from a pre-0.3.3 version
-
-	if [ ! -z $2 ]; then
-	    set +e
-	    dpkg --compare-versions $2 \<= 0.3.2-1
-	    result=$?
-	    set -e
-	    if [ $result = 0 ]; then
-		cat <<EOF
-Due to a bug in the way secret keys were encrypted in versions prior
-to 0.3.3, this version of gnupg is not backwards compatible with $2
-which you have (had) installed on your system.  
-
-There is an upgrade strategy (see /usr/doc/gnupg/NEWS.gz after this
-version is installed), but it requires an old copy of the gpg and gpgm
-EOF
-		echo -n "binaries; shall I make copies of them for you (Y/n)? "
-		read answer
-		if [ ! "$answer" = "n" -a ! "$answer" = "N" ]; then
-		    cp /usr/bin/gpg /usr/bin/gpg.old
-		    cp /usr/bin/gpgm /usr/bin/gpgm.old
-		    echo "Okay, done.  The old versions are /usr/bin/gpg*.old"
-		else
-		    echo "Okay, I haven't made backups."
-		fi;	
-		cat <<EOF
-
-If at any stage you need a pre-0.3.3 gnupg, you can find source and
-binaries for i386, m68k, alpha, powerpc and hurd-i386 at 
-
-   http://people.debian.org/~troup/gnupg/
-
-Press return to continue
-EOF
-		read foo
-	    fi;
-	fi;
-	;;
-    abort-upgrade)
-	;;
-esac
diff --git a/debian/rules b/debian/rules
deleted file mode 100644
index 400472e..0000000
--- a/debian/rules
+++ /dev/null
@@ -1,85 +0,0 @@
-#!/usr/bin/make -f
-# debian/rules file - for GNUPG (1.0.5)
-# Based on sample debian/rules file - for GNU Hello (1.3).
-# Copyright 1994,1995 by Ian Jackson.
-# Copyright 1998 James Troup
-# I hereby give you perpetual unlimited permission to copy,
-# modify and relicense this file, provided that you do not remove
-# my name from the file itself.  (I assert my moral right of
-# paternity under the Copyright, Designs and Patents Act 1988.)
-# This file may have to be extensively modified
-
-STRIP=strip --remove-section=.comment --remove-section=.note
-
-build:
-	$(checkdir)
-	./configure --prefix=/usr --with-included-gettext
-	$(MAKE)
-	touch build
-
-test: build
-	$(checkdir)
-	make -C checks check || exit 127
-	touch test
-
-clean:
-	$(checkdir)
-	-rm -f build
-	-$(MAKE) -i distclean || $(MAKE) -f Makefile.in distclean
-	-rm -rf debian/tmp debian/*~ debian/files* debian/substvars
-
-binary-indep:
-
-binary-arch:	checkroot build # test
-	$(checkdir)
-	-rm -rf debian/tmp
-	install -d debian/tmp/DEBIAN/
-	install -m 755 debian/preinst debian/prerm debian/postinst debian/tmp/DEBIAN/
-	$(MAKE) prefix=`pwd`/debian/tmp/usr mandir=`pwd`/debian/tmp/usr/share/man install
-	# copies of the manpage which can't be grokked by install-info
-	rm debian/tmp/usr/info/*
-	$(STRIP) debian/tmp/usr/bin/*
-	chmod 4755 debian/tmp/usr/bin/gpg
-	chmod 644 debian/tmp/usr/lib/gnupg/*
-	sed -e "s#../g10/gpg#gpg#" < tools/lspgpot > debian/tmp/usr/bin/lspgpot
-	chmod 755 debian/tmp/usr/bin/lspgpot
-	$(STRIP) --strip-unneeded debian/tmp/usr/lib/gnupg/*
-	# In response to #53714... no idea if it's correct, will check with upstream
-	mv debian/tmp/usr/share/locale/es_ES debian/tmp/usr/share/locale/es
-	sed -e "s#/usr/local/#/usr/#" < debian/tmp/usr/share/man/man1/gpg.1 \
-	    > debian/tmp/usr/share/man/man1/gpg.1.new
-	mv debian/tmp/usr/share/man/man1/gpg.1.new debian/tmp/usr/share/man/man1/gpg.1
-	gzip -9v debian/tmp/usr/share/man/man1/*
-	# Remove from /usr/share/gnupg that we install into /usr/share/doc/gnupg/
-	rm debian/tmp/usr/share/gnupg/FAQ debian/tmp/usr/share/gnupg/faq.html
-	install -d debian/tmp/usr/share/doc/gnupg/
-	install -m 644 debian/changelog debian/tmp/usr/share/doc/gnupg/changelog.Debian
-	install -m 644 debian/README.Debian README NEWS THANKS TODO doc/DETAILS \
-		doc/FAQ doc/faq.html doc/OpenPGP debian/tmp/usr/share/doc/gnupg/
-	for i in po util mpi cipher tools g10 checks include; do \
-		install -m 644 $$i/ChangeLog debian/tmp/usr/share/doc/gnupg/changelog.$$i; done
-	install -m 644 ChangeLog debian/tmp/usr/share/doc/gnupg/changelog.toplevel
-	gzip -9v debian/tmp/usr/share/doc/gnupg/*
-	ln -s changelog.g10.gz debian/tmp/usr/share/doc/gnupg/changelog.gz
-	install -m 644 debian/copyright debian/tmp/usr/share/doc/gnupg/
-	install -d debian/tmp/usr/share/lintian/overrides/
-	install -m 644 debian/lintian.override debian/tmp/usr/share/lintian/overrides/gnupg
-	dpkg-shlibdeps g10/gpg
-	dpkg-gencontrol -isp
-	chown -R root.root debian/tmp
-	chmod -R go=rX debian/tmp
-	dpkg --build debian/tmp ..
-
-define checkdir
-	test -f g10/g10.c -a -f debian/rules
-endef
-
-# Below here is fairly generic really
-
-binary: 	binary-indep binary-arch
-
-checkroot:
-	$(checkdir)
-	test root = "`whoami`"
-
-.PHONY: binary binary-arch binary-indep clean checkroot

-----------------------------------------------------------------------

Summary of changes:
 debian/README.Debian    |  28 ----
 debian/changelog        | 402 ------------------------------------------------
 debian/control          |  24 ---
 debian/copyright        |  29 ----
 debian/distfiles        |   6 -
 debian/lintian.override |   1 -
 debian/preinst          |  47 ------
 debian/rules            |  85 ----------
 8 files changed, 622 deletions(-)
 delete mode 100644 debian/README.Debian
 delete mode 100644 debian/changelog
 delete mode 100644 debian/control
 delete mode 100644 debian/copyright
 delete mode 100644 debian/distfiles
 delete mode 100644 debian/lintian.override
 delete mode 100644 debian/preinst
 delete mode 100644 debian/rules


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Aug  2 16:15:27 2017
From: cvs at cvs.gnupg.org (by Marcus Brinkmann)
Date: Wed, 02 Aug 2017 16:15:27 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.22-11-gdcfb019
Message-ID: <E1dcuQq-0001ks-V7@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  dcfb01959802b27869528dda1d9a4f5e79574bb5 (commit)
      from  624cd2d0bf6cc6dd1b79654295dc76f5b2d6d70b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit dcfb01959802b27869528dda1d9a4f5e79574bb5
Author: Marcus Brinkmann <marcus.brinkmann at ruhr-uni-bochum.de>
Date:   Wed Aug 2 15:19:04 2017 +0200

    g10: Always save standard revocation certificate in file.
    
    * g10/revoke.c (gen_standard_revocation): Set opt.outfile to NULL
    temporarily to create certificate in right place.
    
    Signed-off-by: Marcus Brinkmann <mb at g10code.com>
    GnuPG-bug-id: 3015

diff --git a/g10/revoke.c b/g10/revoke.c
index 1dea6ae..4578700 100644
--- a/g10/revoke.c
+++ b/g10/revoke.c
@@ -532,6 +532,7 @@ gen_standard_revoke (ctrl_t ctrl, PKT_public_key *psk, const char *cache_nonce)
   u32 keyid[2];
   int kl;
   char *orig_codeset;
+  char *old_outfile;
 
   dir = get_openpgp_revocdir (gnupg_homedir ());
   tmpstr = hexfingerprint (psk, NULL, 0);
@@ -586,8 +587,11 @@ gen_standard_revoke (ctrl_t ctrl, PKT_public_key *psk, const char *cache_nonce)
 
   reason.code = 0x00; /* No particular reason.  */
   reason.desc = NULL;
+  old_outfile = opt.outfile;
+  opt.outfile = NULL;
   rc = create_revocation (ctrl,
                           fname, &reason, psk, NULL, leadin, 3, cache_nonce);
+  opt.outfile = old_outfile;
   if (!rc && !opt.quiet)
     log_info (_("revocation certificate stored as '%s.rev'\n"), fname);
 

-----------------------------------------------------------------------

Summary of changes:
 g10/revoke.c | 4 ++++
 1 file changed, 4 insertions(+)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Aug  2 18:57:08 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 02 Aug 2017 18:57:08 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.8.0-11-gdf1e221
Message-ID: <E1dcwxI-0002As-GD@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  df1e221b3012e96bbffbc7d5fd70836a9ae1cc19 (commit)
       via  21d0f068a721c022f955084c28304934fd198c5e (commit)
       via  eea36574f37830a6a80b4fad884825e815b2912f (commit)
      from  94a92a3db909aef0ebcc009c2d7f5a2663e99004 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit df1e221b3012e96bbffbc7d5fd70836a9ae1cc19
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Aug 2 18:45:51 2017 +0200

    tests: Fix a printf glitch for a Windows test.
    
    * tests/t-convert.c (check_formats): Fix print format glitch on
    Windows.
    * tests/t-ed25519.c: Typo fix.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/tests/t-convert.c b/tests/t-convert.c
index ec56677..121039c 100644
--- a/tests/t-convert.c
+++ b/tests/t-convert.c
@@ -435,7 +435,8 @@ check_formats (void)
           if (gcry_mpi_cmp (a, b) || data[idx].a.stdlen != buflen)
             {
               fail ("error scanning value %d from %s: %s (%lu)\n",
-                    data[idx].value, "STD", "wrong result", buflen);
+                    data[idx].value, "STD", "wrong result",
+                    (long unsigned int)buflen);
               showmpi ("expected:", a);
               showmpi ("     got:", b);
             }
@@ -452,7 +453,8 @@ check_formats (void)
           if (gcry_mpi_cmp (a, b) || data[idx].a.sshlen != buflen)
             {
               fail ("error scanning value %d from %s: %s (%lu)\n",
-                    data[idx].value, "SSH", "wrong result", buflen);
+                    data[idx].value, "SSH", "wrong result",
+                    (long unsigned int)buflen);
               showmpi ("expected:", a);
               showmpi ("     got:", b);
             }
@@ -471,7 +473,8 @@ check_formats (void)
           if (gcry_mpi_cmp (a, b) || data[idx].a.usglen != buflen)
             {
               fail ("error scanning value %d from %s: %s (%lu)\n",
-                    data[idx].value, "USG", "wrong result", buflen);
+                    data[idx].value, "USG", "wrong result",
+                    (long unsigned int)buflen);
               showmpi ("expected:", a);
               showmpi ("     got:", b);
             }
@@ -492,7 +495,8 @@ check_formats (void)
               if (gcry_mpi_cmp (a, b) || data[idx].a.pgplen != buflen)
                 {
                   fail ("error scanning value %d from %s: %s (%lu)\n",
-                        data[idx].value, "PGP", "wrong result", buflen);
+                        data[idx].value, "PGP", "wrong result",
+                        (long unsigned int)buflen);
                   showmpi ("expected:", a);
                   showmpi ("     got:", b);
                 }
diff --git a/tests/t-ed25519.c b/tests/t-ed25519.c
index 2f59a89..73628a8 100644
--- a/tests/t-ed25519.c
+++ b/tests/t-ed25519.c
@@ -74,7 +74,7 @@ show_sexp (const char *prefix, gcry_sexp_t a)
 
 
 /* Prepend FNAME with the srcdir environment variable's value and
-   retrun an allocated filename. */
+ * return an allocated filename.  */
 char *
 prepend_srcdir (const char *fname)
 {

commit 21d0f068a721c022f955084c28304934fd198c5e
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Aug 2 18:44:14 2017 +0200

    tests: Add benchmarking option to tests/random.
    
    * tests/random.c: Always include unistd.h.
    (prepend_srcdir): New.
    (run_benchmark): New.
    (main): Add options --benchmark and --with-seed-file.  Print whetehr
    JENT has been used.
    * tests/t-common.h (split_fields_colon): New. Taken from GnuPG.
    License of that code changed to LGPLv2.1.
    
    --
    
    Running these tests on a KVM hosted Windows Vista using a statically
    compiled tests/random and modifying the extra random added in
    read_seed_file gave these results:
    
      | Seed | Jent | Bytes | Bits | Time (ms)  |
      |------+------+-------+------+------------|
      | yes  | yes  |    32 |  256 |  46 ..  62 |
      | yes  | yes  |    64 |  512 |  62 ..  78 |
      | yes  | yes  |   128 | 1024 |  78 ..  93 |
      | yes  | yes  |   256 | 2048 | 124 .. 156 |
      | yes  | yes  |   384 | 3072 | 171 .. 202 |
      | yes  | yes  |   512 | 4096 | 234 .. 249 |
      | yes  | no   |    32 |  256 |  15 ..  31 |
      | yes  | no   |    64 |  512 |  15 ..  31 |
      | yes  | no   |   128 | 1024 |  15        |
      | no   | yes  |     - |    - |  78 .. 93  |
      | no   | no   |     - |    - |  15        |
    
     Seed: Whether a seed file is used.
     Jent: Whether JENT was working.
    Bytes: The number bytes mixed into the pool after reading
           the seed file.
     Bits: 8 * Bytes
     Time: Measured time including the time to read the seed file.
           Mimimun and maximum values are given.  Granularity of
           the used timer is quite large.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/tests/random.c b/tests/random.c
index 8a85429..2f48323 100644
--- a/tests/random.c
+++ b/tests/random.c
@@ -24,18 +24,41 @@
 #include <string.h>
 #include <stdlib.h>
 #include <errno.h>
+#include <unistd.h>
 #ifndef HAVE_W32_SYSTEM
 # include <signal.h>
-# include <unistd.h>
 # include <sys/wait.h>
 #endif
 
+#include "stopwatch.h"
+
+
 #define PGM "random"
+#define NEED_EXTRA_TEST_SUPPORT 1
 #include "t-common.h"
 
 static int with_progress;
 
 
+/* Prepend FNAME with the srcdir environment variable's value and
+ * return an allocated filename.  */
+static char *
+prepend_srcdir (const char *fname)
+{
+  static const char *srcdir;
+  char *result;
+
+  if (!srcdir && !(srcdir = getenv ("srcdir")))
+    srcdir = ".";
+
+  result = xmalloc (strlen (srcdir) + 1 + strlen (fname) + 1);
+  strcpy (result, srcdir);
+  strcat (result, "/");
+  strcat (result, fname);
+  return result;
+}
+
+
 static void
 print_hex (const char *text, const void *buf, size_t n)
 {
@@ -537,12 +560,43 @@ run_all_rng_tests (const char *program)
   free (cmdline);
 }
 
+
+static void
+run_benchmark (void)
+{
+  char rndbuf[32];
+  int i, j;
+
+  if (verbose)
+    info ("benchmarking GCRY_STRONG_RANDOM (/dev/urandom)\n");
+
+  start_timer ();
+  gcry_randomize (rndbuf, sizeof rndbuf, GCRY_STRONG_RANDOM);
+  stop_timer ();
+
+  info ("getting first 256 bits: %s", elapsed_time (1));
+
+  for (j=0; j < 5; j++)
+    {
+      start_timer ();
+      for (i=0; i < 100; i++)
+        gcry_randomize (rndbuf, sizeof rndbuf, GCRY_STRONG_RANDOM);
+      stop_timer ();
+
+      info ("100 calls of 256 bits each: %s", elapsed_time (100));
+    }
+
+}
+
+
 int
 main (int argc, char **argv)
 {
   int last_argc = -1;
   int early_rng = 0;
   int in_recursion = 0;
+  int benchmark = 0;
+  int with_seed_file = 0;
   const char *program = NULL;
 
   if (argc)
@@ -586,16 +640,27 @@ main (int argc, char **argv)
           in_recursion = 1;
           argc--; argv++;
         }
+      else if (!strcmp (*argv, "--benchmark"))
+        {
+          benchmark = 1;
+          argc--; argv++;
+        }
       else if (!strcmp (*argv, "--early-rng-check"))
         {
           early_rng = 1;
           argc--; argv++;
         }
+      else if (!strcmp (*argv, "--with-seed-file"))
+        {
+          with_seed_file = 1;
+          argc--; argv++;
+        }
       else if (!strcmp (*argv, "--prefer-standard-rng"))
         {
           /* This is anyway the default, but we may want to use it for
              debugging. */
-          xgcry_control (GCRYCTL_SET_PREFERRED_RNG_TYPE, GCRY_RNG_TYPE_STANDARD);
+          xgcry_control (GCRYCTL_SET_PREFERRED_RNG_TYPE,
+                         GCRY_RNG_TYPE_STANDARD);
           argc--; argv++;
         }
       else if (!strcmp (*argv, "--prefer-fips-rng"))
@@ -608,12 +673,27 @@ main (int argc, char **argv)
           xgcry_control (GCRYCTL_SET_PREFERRED_RNG_TYPE, GCRY_RNG_TYPE_SYSTEM);
           argc--; argv++;
         }
+      else if (!strcmp (*argv, "--disable-hwf"))
+        {
+          argc--;
+          argv++;
+          if (argc)
+            {
+              if (gcry_control (GCRYCTL_DISABLE_HWF, *argv, NULL))
+                die ("unknown hardware feature `%s'\n", *argv);
+              argc--;
+              argv++;
+            }
+        }
     }
 
 #ifndef HAVE_W32_SYSTEM
   signal (SIGPIPE, SIG_IGN);
 #endif
 
+  if (benchmark && !verbose)
+    verbose = 1;
+
   if (early_rng)
     {
       /* Don't switch RNG in fips mode. */
@@ -628,11 +708,25 @@ main (int argc, char **argv)
   if (with_progress)
     gcry_set_progress_handler (progress_cb, NULL);
 
+  if (with_seed_file)
+    {
+      char *fname = prepend_srcdir ("random.seed");
+
+      if (access (fname, F_OK))
+        info ("random seed file '%s' not found\n", fname);
+      gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE, fname);
+      xfree (fname);
+    }
+
   xgcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
   if (debug)
     xgcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0);
 
-  if (!in_recursion)
+  if (benchmark)
+    {
+      run_benchmark ();
+    }
+  else if (!in_recursion)
     {
       check_forking ();
       check_nonce_forking ();
@@ -640,16 +734,31 @@ main (int argc, char **argv)
     }
   /* For now we do not run the drgb_reinit check from "make check" due
      to its high requirement for entropy.  */
-  if (!getenv ("GCRYPT_IN_REGRESSION_TEST"))
+  if (!benchmark && !getenv ("GCRYPT_IN_REGRESSION_TEST"))
     check_drbg_reinit ();
 
   /* Don't switch RNG in fips mode.  */
-  if (!gcry_fips_mode_active())
+  if (!benchmark && !gcry_fips_mode_active())
     check_rng_type_switching ();
 
-  if (!in_recursion)
+  if (!in_recursion && !benchmark)
     run_all_rng_tests (program);
 
+  /* Print this info last so that it does not influence the
+   * initialization and thus the benchmarking.  */
+  if (!in_recursion && verbose)
+    {
+      char *buf;
+      char *fields[5];
+
+      buf = gcry_get_config (0, "rng-type");
+      if (buf
+          && split_fields_colon (buf, fields, DIM (fields)) >= 5
+          && atoi (fields[4]) > 0)
+        info ("The JENT RNG was active\n");
+      gcry_free (buf);
+    }
+
   if (debug)
     xgcry_control (GCRYCTL_DUMP_RANDOM_STATS);
 
diff --git a/tests/t-common.h b/tests/t-common.h
index 8466ac1..2040f09 100644
--- a/tests/t-common.h
+++ b/tests/t-common.h
@@ -158,3 +158,41 @@ info (const char *format, ...)
       die ("line %d: gcry_control (%s) failed: %s",             \
            __LINE__, #cmd, gcry_strerror (err__));              \
   } while (0)
+
+
+/* Split a string into colon delimited fields A pointer to each field
+ * is stored in ARRAY.  Stop splitting at ARRAYSIZE fields.  The
+ * function modifies STRING.  The number of parsed fields is returned.
+ * Note that leading and trailing spaces are not removed from the fields.
+ * Example:
+ *
+ *   char *fields[2];
+ *   if (split_fields (string, fields, DIM (fields)) < 2)
+ *     return  // Not enough args.
+ *   foo (fields[0]);
+ *   foo (fields[1]);
+ */
+#ifdef NEED_EXTRA_TEST_SUPPORT
+static int
+split_fields_colon (char *string, char **array, int arraysize)
+{
+  int n = 0;
+  char *p, *pend;
+
+  p = string;
+  do
+    {
+      if (n == arraysize)
+        break;
+      array[n++] = p;
+      pend = strchr (p, ':');
+      if (!pend)
+        break;
+      *pend++ = 0;
+      p = pend;
+    }
+  while (*p);
+
+  return n;
+}
+#endif /*NEED_EXTRA_TEST_SUPPORT*/

commit eea36574f37830a6a80b4fad884825e815b2912f
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Jul 28 15:31:03 2017 +0200

    random: Add more bytes to the pool in addition to the seed file.
    
    * random/random-csprng.c (read_seed_file): Read 128 or 32 butes
    depending on whether we have the Jitter RNG.
    --
    
    These are actually 3 changes:
    
    - We use GCRY_STRONG_RANDOM instead GCRY_WEAK_RANDOM, which we used
      for historical reasons.  However the entropy gather modules handle
      both identical; that is reading from /dev/urandom.  Only
      GCRY_VERY_STRONG_RANDOM would use a blocking read from /dev/random.
    
    - We increase the number of extra buts from 128 or 256.
    
    - If the Jitter RNG is available we assume that a fast entropy source
      is available and thus we read 4 times more entropy (1024 bits).
    
    Note that on Windows GnuPG tests in DE-VS mode that the Jitter RNG is
    available and properly working.  Thus we will add 1024 bits in
    addition to the state read from the seed file.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/random/random-csprng.c b/random/random-csprng.c
index 5a771c2..650c438 100644
--- a/random/random-csprng.c
+++ b/random/random-csprng.c
@@ -717,12 +717,12 @@ lock_seed_file (int fd, const char *fname, int for_write)
    out the same pool and then race for updating it (the last update
    overwrites earlier updates).  They will differentiate only by the
    weak entropy that is added in read_seed_file based on the PID and
-   clock, and up to 16 bytes of weak random non-blockingly.  The
+   clock, and up to 32 bytes from a non-blocking entropy source.  The
    consequence is that the output of these different instances is
    correlated to some extent.  In the perfect scenario, the attacker
    can control (or at least guess) the PID and clock of the
    application, and drain the system's entropy pool to reduce the "up
-   to 16 bytes" above to 0.  Then the dependencies of the initial
+   to 32 bytes" above to 0.  Then the dependencies of the initial
    states of the pools are completely known.  */
 static int
 read_seed_file (void)
@@ -814,12 +814,16 @@ read_seed_file (void)
     add_randomness( &x, sizeof(x), RANDOM_ORIGIN_INIT );
   }
 
-  /* And read a few bytes from our entropy source.  By using a level
-   * of 0 this will not block and might not return anything with some
-   * entropy drivers, however the rndlinux driver will use
-   * /dev/urandom and return some stuff - Do not read too much as we
-   * want to be friendly to the scare system entropy resource. */
-  read_random_source ( RANDOM_ORIGIN_INIT, 16, GCRY_WEAK_RANDOM );
+  /* And read a few bytes from our entropy source.  If we have the
+   * Jitter RNG we can fast get a lot of entropy.  Thus we read 1024
+   * bits from that source.
+   *
+   * Without the Jitter RNG we keep the old method of reading only a
+   * few bytes usually from /dev/urandom which won't block.  */
+  if (_gcry_rndjent_get_version (NULL))
+    read_random_source (RANDOM_ORIGIN_INIT, 128, GCRY_STRONG_RANDOM);
+  else
+    read_random_source (RANDOM_ORIGIN_INIT, 32, GCRY_STRONG_RANDOM);
 
   allow_seed_file_update = 1;
   return 1;

-----------------------------------------------------------------------

Summary of changes:
 random/random-csprng.c |  20 ++++----
 tests/random.c         | 121 ++++++++++++++++++++++++++++++++++++++++++++++---
 tests/t-common.h       |  38 ++++++++++++++++
 tests/t-convert.c      |  12 +++--
 tests/t-ed25519.c      |   2 +-
 5 files changed, 174 insertions(+), 19 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Aug  3 17:00:34 2017
From: cvs at cvs.gnupg.org (by Kai Michaelis)
Date: Thu, 03 Aug 2017 17:00:34 +0200
Subject: [git] gnupg-doc - branch, preview,
 updated. c62cd8cf4a9967314e4167af7f8ff0a9be58d003
Message-ID: <E1ddHc3-0002Nq-5q@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, preview has been updated
       via  c62cd8cf4a9967314e4167af7f8ff0a9be58d003 (commit)
       via  5fd2885035e2bff7994ffcfd62046c801b5e050a (commit)
      from  541cbcfea631a722644d289dc701d235281e4b23 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit c62cd8cf4a9967314e4167af7f8ff0a9be58d003
Author: Kai Michaelis <kai at gnupg.org>
Date:   Thu Aug 3 17:00:54 2017 +0200

    blog: add imgs & finish blog post

diff --git a/misc/blog.gnupg.org/20170807-web-key-in-enigmail.org b/misc/blog.gnupg.org/20170807-web-key-in-enigmail.org
index a762c41..7cecf15 100644
--- a/misc/blog.gnupg.org/20170807-web-key-in-enigmail.org
+++ b/misc/blog.gnupg.org/20170807-web-key-in-enigmail.org
@@ -5,47 +5,84 @@
 
 ** Using the Web Key Service with Enigmail
 
-   Obtaining the public key of someone has always being a major pain point of using GnuPG. OpenPGP doesn't "outsource" trust management by using a PKI. Instead it allows each user to decide whom to trust. This has the downside that we need to evaluate whenever we can trust a new public key for each new communication partner. Until recently there wasn't an automatic way to get the public key of someone you never communicated with.
+Obtaining the public key of someone has always being a major pain point of
+using GnuPG. OpenPGP doesn't "outsource" trust management by using a PKI.
+Instead it allows each user to decide whom to trust. This has the downside
+that we need to evaluate whenever we can trust a new public key for each
+new communication partner. Until recently there wasn't an automatic way to
+get the public key of someone you never communicated with.
 
-   The [[Web Key Service]](https://tools.ietf.org/id/draft-koch-openpgp-webkey-service-03.html) and the new ~--auto-key-retrieve~ & ~--auto-key-locate~ available in recent versions of GnuPG.
+The [[https://tools.ietf.org/id/draft-koch-openpgp-webkey-service-03.html][Web Key Service]]
+and the new ~--auto-key-retrieve~ & ~--auto-key-locate~ available in recent
+versions of GnuPG.
 
 *** Web Key Service
 
-    The Web Key Service is a protocol to publish public OpenPGP keys via mail and retrieve others public keys using HTTPS. The advantage over HKPS is that every email provider maintains its own key server (called Web Key Directory, WKD) that is authoritative for all its users. This means that,
+The Web Key Service is a protocol to publish public OpenPGP keys via email
+and retrieve others public keys using HTTPS. The advantage over HKPS is that
+every email provider maintains its own key server (called Web Key Directory,
+WKD) that is authoritative for all its users. This means that,
 
-		1. There exists only one key server for a given email address. No need to ask multiple servers as with HKPS.
+1. there exists only one key server for a given email address. No need to ask
+   multiple servers as with HKPS,
 
-		2. When publishing a public key using mail, WKD makes sure the sender is in possession of the secret key.
+2. when publishing a public key using mail, WKD makes sure the sender is in
+   possession of the secret key,
 
-		3. Mail providers can (and should) make sure that only the owner of the mail account is able to publish a public key for it.
+3. email providers can (and should) make sure that only the owner of the
+   email account is able to publish a public key for it.
 
-		Point three helps us with trust management. In case we trust the email provider of our communication partner we can trust the key retrieved by WKD more than one from an HKPS based key server.
+Point three helps us with trust management. In case we trust the email
+provider of our communication partner we can trust the key retrieved by WKD
+more than one from an HKPS based key server.
 
-		TODO: more detail & image
+#+CAPTION: Web key service protocol overview
+#+ATTR_HTML: :style max-width: 600px
+[[file:img/wks-schema.png]]
 
 *** Publish your public key to a Web Key Directory
 
-		In order to use WKS you need a provider who supports it. After you configured the email account in Thunderbird you need to enable OpenPGP for it and generate a key pair.
-		TODO: image: enable opepgp & key gen
+In order to use WKS you need a provider who supports it. After you configured
+the email account in Thunderbird you need to enable OpenPGP for it and
+generate a key pair.
 
-		Then, open the key management window and find your public key. Right clicking it opens the context menu. There, select the option to upload the public key to your providers WKD.
+#+CAPTION: Enable the OpenPGP checkbox in the account settings.
+#+ATTR_HTML: :style max-width: 600px
+[[file:img/wks-account-settings.png]]
 
-		TODO: image: key management context menu
+Then, open the key management window and find your public key. Right clicking
+it opens the context menu. There, select the option to upload the public key
+to your providers WKD.
 
-		After submission the WKD will send a mail to you asking to confirm the publication request. The subject line and body copy can be defined by the WKD but Enigmail will display a yellow bar above the message announcing it is a confirmation request. Clicking the button on the right will send to confirmation mail to WKD.
+#+CAPTION: Context menu of the key management dialog.
+#+ATTR_HTML: :style max-width: 600px
+[[file:img/wks-key-mng.png]]
 
-		TODO: image: confirmation req.
+After submission the WKD will send a email to you asking to confirm the
+publication request. The subject line and body copy can be defined by the WKD
+but Enigmail will display a yellow bar above the message announcing it is a
+confirmation request. Clicking the button on the right will send to
+confirmation email to WKD.
 
-		After the mail has been sent, your public key will be accessible to everybody.
+#+CAPTION: Enigmail adds a yellow bar to the confirmation request.
+#+ATTR_HTML: :style max-width: 600px
+[[file:img/wks-confirm-req.png]]
+
+After the email has been sent, your public key will be accessible to
+everybody.
 
 *** Receive others public key from a Web Key Directory
 
-		Recent version of Enigmail receive missing public keys automatically form multiple sources, including WKD. Everybody who wants to send you an encrypted mail will be able to do so without finding you public key first.
+Recent version of Enigmail receive missing public keys automatically form
+multiple sources, including WKD. Everybody who wants to send you an encrypted
+email will be able to do so without finding you public key first.
 
-		Because this is a bit anticlimactic but you can use the ~--auto-key-locate~ option to retrieve your own public key from the WKD to see whenever it worked.
+Because this is a bit anticlimactic but you can use the ~--auto-key-locate~
+option to retrieve your own public key from the WKD to see whenever it worked.
 
-		~HOME=`mktemp -d` gpg2 --auto-key-locate wkd -e -r <your email address>~
+~HOME=`mktemp -d` gpg2 --auto-key-locate wkd -e -r <your email address>~
 
-		If GnuPG is able to retrieve the public key you will see a line that looks like that:
+If GnuPG is able to retrieve the public key you will see a line that looks
+like that:
 
-    ~gpg: automatically retrieved '<your email address>' via WKD~
+~gpg: automatically retrieved '<your email address>' via WKD~
diff --git a/misc/blog.gnupg.org/img/wks-account-settings.png b/misc/blog.gnupg.org/img/wks-account-settings.png
new file mode 100644
index 0000000..4a6d47f
Binary files /dev/null and b/misc/blog.gnupg.org/img/wks-account-settings.png differ
diff --git a/misc/blog.gnupg.org/img/wks-confirm-req.png b/misc/blog.gnupg.org/img/wks-confirm-req.png
new file mode 100644
index 0000000..248a856
Binary files /dev/null and b/misc/blog.gnupg.org/img/wks-confirm-req.png differ
diff --git a/misc/blog.gnupg.org/img/wks-schema.png b/misc/blog.gnupg.org/img/wks-schema.png
new file mode 100644
index 0000000..b344903
Binary files /dev/null and b/misc/blog.gnupg.org/img/wks-schema.png differ

commit 5fd2885035e2bff7994ffcfd62046c801b5e050a
Author: Kai Michaelis <kai at gnupg.org>
Date:   Tue Aug 1 17:37:40 2017 +0200

    blog: WKS w/ Enigmail, 1st ver

diff --git a/misc/blog.gnupg.org/20170807-web-key-in-engimail.org b/misc/blog.gnupg.org/20170807-web-key-in-engimail.org
deleted file mode 100644
index 7c9c3ba..0000000
--- a/misc/blog.gnupg.org/20170807-web-key-in-engimail.org
+++ /dev/null
@@ -1,20 +0,0 @@
-# Using the Web Key Service with Enigmail
-#+STARTUP: showall
-#+AUTHOR: Kai
-#+DATE: August 7, 2017
-
-** Using the Web Key Service with Enigmail
-
-   Obtaining the key of someone has always being a major pain point of using GnuPG. OpenPGP doesn't "outsource" trust management by using a PKI. Instead it allows each user to decide whom to trust. This has the downside that we need to evaluate whenever we can trust a new key for each novel communication partner. Until recently there wasn't an automatic way to get the key of someone you never communicated with.
-
-   The [[Web Key Service]](https://tools.ietf.org/id/draft-koch-openpgp-webkey-service-03.html) and the new ~--auto-key-retrieve~ & ~--auto-key-locate~ available in recent versions of GnuPG.
-
-*** Web Key Service
-
-    The Web Key Service is a protocol to publish OpenPGP keys via mail and retrieve others keys using HTTPS. The advatage over HKPS is that every email provider maintains its own key server (called Web Key Directory, WKD) that is authorative for all its users. This means that,
-
-		1. There exists only one key server for a given email address. No need to ask multiple servers as with HKPS.
-
-		2. When publishing a key using mail, WKD makes sure the sender is in possesion of the secret key.
-
-		3. Mail providers can (and should) make sure
diff --git a/misc/blog.gnupg.org/20170807-web-key-in-enigmail.org b/misc/blog.gnupg.org/20170807-web-key-in-enigmail.org
new file mode 100644
index 0000000..a762c41
--- /dev/null
+++ b/misc/blog.gnupg.org/20170807-web-key-in-enigmail.org
@@ -0,0 +1,51 @@
+# Using the Web Key Service with Enigmail
+#+STARTUP: showall
+#+AUTHOR: Kai
+#+DATE: August 7, 2017
+
+** Using the Web Key Service with Enigmail
+
+   Obtaining the public key of someone has always being a major pain point of using GnuPG. OpenPGP doesn't "outsource" trust management by using a PKI. Instead it allows each user to decide whom to trust. This has the downside that we need to evaluate whenever we can trust a new public key for each new communication partner. Until recently there wasn't an automatic way to get the public key of someone you never communicated with.
+
+   The [[Web Key Service]](https://tools.ietf.org/id/draft-koch-openpgp-webkey-service-03.html) and the new ~--auto-key-retrieve~ & ~--auto-key-locate~ available in recent versions of GnuPG.
+
+*** Web Key Service
+
+    The Web Key Service is a protocol to publish public OpenPGP keys via mail and retrieve others public keys using HTTPS. The advantage over HKPS is that every email provider maintains its own key server (called Web Key Directory, WKD) that is authoritative for all its users. This means that,
+
+		1. There exists only one key server for a given email address. No need to ask multiple servers as with HKPS.
+
+		2. When publishing a public key using mail, WKD makes sure the sender is in possession of the secret key.
+
+		3. Mail providers can (and should) make sure that only the owner of the mail account is able to publish a public key for it.
+
+		Point three helps us with trust management. In case we trust the email provider of our communication partner we can trust the key retrieved by WKD more than one from an HKPS based key server.
+
+		TODO: more detail & image
+
+*** Publish your public key to a Web Key Directory
+
+		In order to use WKS you need a provider who supports it. After you configured the email account in Thunderbird you need to enable OpenPGP for it and generate a key pair.
+		TODO: image: enable opepgp & key gen
+
+		Then, open the key management window and find your public key. Right clicking it opens the context menu. There, select the option to upload the public key to your providers WKD.
+
+		TODO: image: key management context menu
+
+		After submission the WKD will send a mail to you asking to confirm the publication request. The subject line and body copy can be defined by the WKD but Enigmail will display a yellow bar above the message announcing it is a confirmation request. Clicking the button on the right will send to confirmation mail to WKD.
+
+		TODO: image: confirmation req.
+
+		After the mail has been sent, your public key will be accessible to everybody.
+
+*** Receive others public key from a Web Key Directory
+
+		Recent version of Enigmail receive missing public keys automatically form multiple sources, including WKD. Everybody who wants to send you an encrypted mail will be able to do so without finding you public key first.
+
+		Because this is a bit anticlimactic but you can use the ~--auto-key-locate~ option to retrieve your own public key from the WKD to see whenever it worked.
+
+		~HOME=`mktemp -d` gpg2 --auto-key-locate wkd -e -r <your email address>~
+
+		If GnuPG is able to retrieve the public key you will see a line that looks like that:
+
+    ~gpg: automatically retrieved '<your email address>' via WKD~

-----------------------------------------------------------------------

Summary of changes:
 .../20170807-web-key-in-engimail.org               |  20 -----
 .../20170807-web-key-in-enigmail.org               |  88 +++++++++++++++++++++
 misc/blog.gnupg.org/img/wks-account-settings.png   | Bin 0 -> 39786 bytes
 misc/blog.gnupg.org/img/wks-confirm-req.png        | Bin 0 -> 25065 bytes
 misc/blog.gnupg.org/img/wks-schema.png             | Bin 0 -> 28318 bytes
 5 files changed, 88 insertions(+), 20 deletions(-)
 delete mode 100644 misc/blog.gnupg.org/20170807-web-key-in-engimail.org
 create mode 100644 misc/blog.gnupg.org/20170807-web-key-in-enigmail.org
 create mode 100644 misc/blog.gnupg.org/img/wks-account-settings.png
 create mode 100644 misc/blog.gnupg.org/img/wks-confirm-req.png
 create mode 100644 misc/blog.gnupg.org/img/wks-schema.png


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Aug  3 18:28:47 2017
From: cvs at cvs.gnupg.org (by Marcus Brinkmann)
Date: Thu, 03 Aug 2017 18:28:47 +0200
Subject: [git] gnupg-doc - branch, preview,
 updated. 556339a8fcbd4b491d4b47bdd48a30409b482a02
Message-ID: <E1ddIzP-00080T-Mi@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, preview has been updated
       via  556339a8fcbd4b491d4b47bdd48a30409b482a02 (commit)
      from  c62cd8cf4a9967314e4167af7f8ff0a9be58d003 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 556339a8fcbd4b491d4b47bdd48a30409b482a02
Author: Marcus Brinkmann <marcus.brinkmann at ruhr-uni-bochum.de>
Date:   Thu Aug 3 18:28:40 2017 +0200

    blog: proof-read latest blog entry.

diff --git a/misc/blog.gnupg.org/20170807-web-key-in-enigmail.org b/misc/blog.gnupg.org/20170807-web-key-in-enigmail.org
index 7cecf15..7e6d25f 100644
--- a/misc/blog.gnupg.org/20170807-web-key-in-enigmail.org
+++ b/misc/blog.gnupg.org/20170807-web-key-in-enigmail.org
@@ -7,33 +7,33 @@
 
 Obtaining the public key of someone has always being a major pain point of
 using GnuPG. OpenPGP doesn't "outsource" trust management by using a PKI.
-Instead it allows each user to decide whom to trust. This has the downside
-that we need to evaluate whenever we can trust a new public key for each
-new communication partner. Until recently there wasn't an automatic way to
-get the public key of someone you never communicated with.
+Instead, it allows each user to decide whom to trust. This has the downside
+that we need to evaluate whether we can trust a new public key for each
+new communication partner. Until recently, there wasn't an automatic way to
+securely get the public key of someone you never communicated with.
 
-The [[https://tools.ietf.org/id/draft-koch-openpgp-webkey-service-03.html][Web Key Service]]
-and the new ~--auto-key-retrieve~ & ~--auto-key-locate~ available in recent
-versions of GnuPG.
+The [[https://tools.ietf.org/id/draft-koch-openpgp-webkey-service-03.html][Web Key Service]] and the new ~--auto-key-retrieve~ &
+~--auto-key-locate~ available in GnuPG 2.1.19 and beyond.
 
 *** Web Key Service
 
-The Web Key Service is a protocol to publish public OpenPGP keys via email
-and retrieve others public keys using HTTPS. The advantage over HKPS is that
-every email provider maintains its own key server (called Web Key Directory,
-WKD) that is authoritative for all its users. This means that,
+The Web Key Service is a protocol to publish public OpenPGP keys via
+email and retrieve others' public keys using HTTPS. The advantage over
+HKPS is that every email provider maintains its own key
+server (called Web Key Directory, WKD) that is authoritative for all
+its users. This means that:
 
-1. there exists only one key server for a given email address. No need to ask
-   multiple servers as with HKPS,
+1. There exists only one key server for a given email address. No need to ask
+   multiple servers as with HKPS.
 
-2. when publishing a public key using mail, WKD makes sure the sender is in
-   possession of the secret key,
+2. When publishing a public key using mail, WKD makes sure the sender is in
+   possession of the secret key.
 
-3. email providers can (and should) make sure that only the owner of the
+3. Email providers can (and should) make sure that only the owner of the
    email account is able to publish a public key for it.
 
 Point three helps us with trust management. In case we trust the email
-provider of our communication partner we can trust the key retrieved by WKD
+provider of our communication partner, we can trust the key retrieved by WKD
 more than one from an HKPS based key server.
 
 #+CAPTION: Web key service protocol overview
@@ -52,16 +52,16 @@ generate a key pair.
 
 Then, open the key management window and find your public key. Right clicking
 it opens the context menu. There, select the option to upload the public key
-to your providers WKD.
+to your provider's WKD.
 
 #+CAPTION: Context menu of the key management dialog.
 #+ATTR_HTML: :style max-width: 600px
 [[file:img/wks-key-mng.png]]
 
-After submission the WKD will send a email to you asking to confirm the
+After submission, the WKD will send an email to you asking to confirm the
 publication request. The subject line and body copy can be defined by the WKD
 but Enigmail will display a yellow bar above the message announcing it is a
-confirmation request. Clicking the button on the right will send to
+confirmation request. Clicking the button on the right will send the
 confirmation email to WKD.
 
 #+CAPTION: Enigmail adds a yellow bar to the confirmation request.
@@ -75,10 +75,10 @@ everybody.
 
 Recent version of Enigmail receive missing public keys automatically form
 multiple sources, including WKD. Everybody who wants to send you an encrypted
-email will be able to do so without finding you public key first.
+email will be able to do so without finding your public key manually first.
 
-Because this is a bit anticlimactic but you can use the ~--auto-key-locate~
-option to retrieve your own public key from the WKD to see whenever it worked.
+This is a bit anticlimactic, but you can use the ~--auto-key-locate~
+option to retrieve your own public key from the WKD to see if it worked.
 
 ~HOME=`mktemp -d` gpg2 --auto-key-locate wkd -e -r <your email address>~
 

-----------------------------------------------------------------------

Summary of changes:
 .../20170807-web-key-in-enigmail.org               | 46 +++++++++++-----------
 1 file changed, 23 insertions(+), 23 deletions(-)


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Aug  3 18:34:07 2017
From: cvs at cvs.gnupg.org (by Kai Michaelis)
Date: Thu, 03 Aug 2017 18:34:07 +0200
Subject: [git] gnupg-doc - branch, preview,
 updated. 1507fb3dac0c88cc73630588ccda8a04b68de481
Message-ID: <E1ddJ4Z-0000VR-Kf@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, preview has been updated
       via  1507fb3dac0c88cc73630588ccda8a04b68de481 (commit)
       via  511eb826cf3eda6891ae4e33cc0f5c58dddd5174 (commit)
      from  556339a8fcbd4b491d4b47bdd48a30409b482a02 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 1507fb3dac0c88cc73630588ccda8a04b68de481
Author: Kai Michaelis <kai at gnupg.org>
Date:   Thu Aug 3 18:34:29 2017 +0200

    blog: fix posteo link

diff --git a/misc/blog.gnupg.org/20170807-web-key-in-enigmail.org b/misc/blog.gnupg.org/20170807-web-key-in-enigmail.org
index a818251..b7aa65c 100644
--- a/misc/blog.gnupg.org/20170807-web-key-in-enigmail.org
+++ b/misc/blog.gnupg.org/20170807-web-key-in-enigmail.org
@@ -87,5 +87,5 @@ like that:
 
 ~gpg: automatically retrieved '<your email address>' via WKD~
 
-[fn:1] As the time of writing only [[Posteo][https://posteo.de/en]] supports
+[fn:1] As the time of writing only [[https://posteo.de/en][Posteo]] supports
        WKS.

commit 511eb826cf3eda6891ae4e33cc0f5c58dddd5174
Author: Kai Michaelis <kai at gnupg.org>
Date:   Thu Aug 3 18:30:12 2017 +0200

    blog: missing file, footnote.

diff --git a/misc/blog.gnupg.org/20170807-web-key-in-enigmail.org b/misc/blog.gnupg.org/20170807-web-key-in-enigmail.org
index 7e6d25f..a818251 100644
--- a/misc/blog.gnupg.org/20170807-web-key-in-enigmail.org
+++ b/misc/blog.gnupg.org/20170807-web-key-in-enigmail.org
@@ -42,9 +42,9 @@ more than one from an HKPS based key server.
 
 *** Publish your public key to a Web Key Directory
 
-In order to use WKS you need a provider who supports it. After you configured
-the email account in Thunderbird you need to enable OpenPGP for it and
-generate a key pair.
+In order to use WKS you need a provider who supports it [fn:1]. After you
+configured the email account in Thunderbird you need to enable OpenPGP for
+it and generate a key pair.
 
 #+CAPTION: Enable the OpenPGP checkbox in the account settings.
 #+ATTR_HTML: :style max-width: 600px
@@ -86,3 +86,6 @@ If GnuPG is able to retrieve the public key you will see a line that looks
 like that:
 
 ~gpg: automatically retrieved '<your email address>' via WKD~
+
+[fn:1] As the time of writing only [[Posteo][https://posteo.de/en]] supports
+       WKS.
diff --git a/misc/blog.gnupg.org/img/wks-key-mng.png b/misc/blog.gnupg.org/img/wks-key-mng.png
new file mode 100644
index 0000000..002defe
Binary files /dev/null and b/misc/blog.gnupg.org/img/wks-key-mng.png differ

-----------------------------------------------------------------------

Summary of changes:
 misc/blog.gnupg.org/20170807-web-key-in-enigmail.org |   9 ++++++---
 misc/blog.gnupg.org/img/wks-key-mng.png              | Bin 0 -> 26685 bytes
 2 files changed, 6 insertions(+), 3 deletions(-)
 create mode 100644 misc/blog.gnupg.org/img/wks-key-mng.png


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Aug  3 18:42:33 2017
From: cvs at cvs.gnupg.org (by Kai Michaelis)
Date: Thu, 03 Aug 2017 18:42:33 +0200
Subject: [git] gnupg-doc - branch, master,
 updated. 0faf164596568dd0129e86c52dbe3aacee5175c9
Message-ID: <E1ddJCj-0001Va-QS@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, master has been updated
       via  0faf164596568dd0129e86c52dbe3aacee5175c9 (commit)
      from  ddb59c1fb16aeeb177561dae785450d52ae9107e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 0faf164596568dd0129e86c52dbe3aacee5175c9
Author: Kai Michaelis <kai at gnupg.org>
Date:   Thu Aug 3 18:42:25 2017 +0200

    blog: wks with enigmail.

diff --git a/misc/blog.gnupg.org/20170803-web-key-in-enigmail.org b/misc/blog.gnupg.org/20170803-web-key-in-enigmail.org
new file mode 100644
index 0000000..c0a2f46
--- /dev/null
+++ b/misc/blog.gnupg.org/20170803-web-key-in-enigmail.org
@@ -0,0 +1,91 @@
+# Using the Web Key Service with Enigmail
+#+STARTUP: showall
+#+AUTHOR: Kai
+#+DATE: August 3, 2017
+
+** Using the Web Key Service with Enigmail
+
+Obtaining the public key of someone has always being a major pain point of
+using GnuPG. OpenPGP doesn't "outsource" trust management by using a PKI.
+Instead, it allows each user to decide whom to trust. This has the downside
+that we need to evaluate whether we can trust a new public key for each
+new communication partner. Until recently, there wasn't an automatic way to
+securely get the public key of someone you never communicated with.
+
+The [[https://tools.ietf.org/id/draft-koch-openpgp-webkey-service-03.html][Web Key Service]] and the new ~--auto-key-retrieve~ &
+~--auto-key-locate~ available in GnuPG 2.1.19 and beyond.
+
+*** Web Key Service
+
+The Web Key Service is a protocol to publish public OpenPGP keys via
+email and retrieve others' public keys using HTTPS. The advantage over
+HKPS is that every email provider maintains its own key
+server (called Web Key Directory, WKD) that is authoritative for all
+its users. This means that:
+
+1. There exists only one key server for a given email address. No need to ask
+   multiple servers as with HKPS.
+
+2. When publishing a public key using mail, WKD makes sure the sender is in
+   possession of the secret key.
+
+3. Email providers can (and should) make sure that only the owner of the
+   email account is able to publish a public key for it.
+
+Point three helps us with trust management. In case we trust the email
+provider of our communication partner, we can trust the key retrieved by WKD
+more than one from an HKPS based key server.
+
+#+CAPTION: Web key service protocol overview
+#+ATTR_HTML: :style max-width: 600px
+[[file:img/wks-schema.png]]
+
+*** Publish your public key to a Web Key Directory
+
+In order to use WKS you need a provider who supports it [fn:1]. After you
+configured the email account in Thunderbird you need to enable OpenPGP for
+it and generate a key pair.
+
+#+CAPTION: Enable the OpenPGP checkbox in the account settings.
+#+ATTR_HTML: :style max-width: 600px
+[[file:img/wks-account-settings.png]]
+
+Then, open the key management window and find your public key. Right clicking
+it opens the context menu. There, select the option to upload the public key
+to your provider's WKD.
+
+#+CAPTION: Context menu of the key management dialog.
+#+ATTR_HTML: :style max-width: 600px
+[[file:img/wks-key-mng.png]]
+
+After submission, the WKD will send an email to you asking to confirm the
+publication request. The subject line and body copy can be defined by the WKD
+but Enigmail will display a yellow bar above the message announcing it is a
+confirmation request. Clicking the button on the right will send the
+confirmation email to WKD.
+
+#+CAPTION: Enigmail adds a yellow bar to the confirmation request.
+#+ATTR_HTML: :style max-width: 600px
+[[file:img/wks-confirm-req.png]]
+
+After the email has been sent, your public key will be accessible to
+everybody.
+
+*** Receive others public key from a Web Key Directory
+
+Recent version of Enigmail receive missing public keys automatically form
+multiple sources, including WKD. Everybody who wants to send you an encrypted
+email will be able to do so without finding your public key manually first.
+
+This is a bit anticlimactic, but you can use the ~--auto-key-locate~
+option to retrieve your own public key from the WKD to see if it worked.
+
+~HOME=`mktemp -d` gpg2 --auto-key-locate wkd -e -r <your email address>~
+
+If GnuPG is able to retrieve the public key you will see a line that looks
+like that:
+
+~gpg: automatically retrieved '<your email address>' via WKD~
+
+[fn:1] As the time of writing only [[https://posteo.de/en][Posteo]] supports
+       WKS.
diff --git a/misc/blog.gnupg.org/img/wks-account-settings.png b/misc/blog.gnupg.org/img/wks-account-settings.png
new file mode 100644
index 0000000..4a6d47f
Binary files /dev/null and b/misc/blog.gnupg.org/img/wks-account-settings.png differ
diff --git a/misc/blog.gnupg.org/img/wks-confirm-req.png b/misc/blog.gnupg.org/img/wks-confirm-req.png
new file mode 100644
index 0000000..248a856
Binary files /dev/null and b/misc/blog.gnupg.org/img/wks-confirm-req.png differ
diff --git a/misc/blog.gnupg.org/img/wks-key-mng.png b/misc/blog.gnupg.org/img/wks-key-mng.png
new file mode 100644
index 0000000..002defe
Binary files /dev/null and b/misc/blog.gnupg.org/img/wks-key-mng.png differ
diff --git a/misc/blog.gnupg.org/img/wks-schema.png b/misc/blog.gnupg.org/img/wks-schema.png
new file mode 100644
index 0000000..b344903
Binary files /dev/null and b/misc/blog.gnupg.org/img/wks-schema.png differ

-----------------------------------------------------------------------

Summary of changes:
 .../20170803-web-key-in-enigmail.org               |  91 +++++++++++++++++++++
 misc/blog.gnupg.org/img/wks-account-settings.png   | Bin 0 -> 39786 bytes
 misc/blog.gnupg.org/img/wks-confirm-req.png        | Bin 0 -> 25065 bytes
 misc/blog.gnupg.org/img/wks-key-mng.png            | Bin 0 -> 26685 bytes
 misc/blog.gnupg.org/img/wks-schema.png             | Bin 0 -> 28318 bytes
 5 files changed, 91 insertions(+)
 create mode 100644 misc/blog.gnupg.org/20170803-web-key-in-enigmail.org
 create mode 100644 misc/blog.gnupg.org/img/wks-account-settings.png
 create mode 100644 misc/blog.gnupg.org/img/wks-confirm-req.png
 create mode 100644 misc/blog.gnupg.org/img/wks-key-mng.png
 create mode 100644 misc/blog.gnupg.org/img/wks-schema.png


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Aug  3 20:41:01 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 03 Aug 2017 20:41:01 +0200
Subject: [git] gnupg-doc - branch, master,
 updated. ac33d6f76550973f2cc559e601cff1e53126b4f6
Message-ID: <E1ddL3N-00031i-Ni@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, master has been updated
       via  ac33d6f76550973f2cc559e601cff1e53126b4f6 (commit)
      from  0faf164596568dd0129e86c52dbe3aacee5175c9 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ac33d6f76550973f2cc559e601cff1e53126b4f6
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Aug 3 20:35:49 2017 +0200

    blog: Remove images attributes and correct gpg version
    
    The images are too large to float (and class="right") was not used
    either.  Thus see whether it looks better without.
    
    --auto-key-locate wkd is available since 2.16 - fixed that,

diff --git a/misc/blog.gnupg.org/20170803-web-key-in-enigmail.org b/misc/blog.gnupg.org/20170803-web-key-in-enigmail.org
index c0a2f46..ebc3c9a 100644
--- a/misc/blog.gnupg.org/20170803-web-key-in-enigmail.org
+++ b/misc/blog.gnupg.org/20170803-web-key-in-enigmail.org
@@ -12,8 +12,8 @@ that we need to evaluate whether we can trust a new public key for each
 new communication partner. Until recently, there wasn't an automatic way to
 securely get the public key of someone you never communicated with.
 
-The [[https://tools.ietf.org/id/draft-koch-openpgp-webkey-service-03.html][Web Key Service]] and the new ~--auto-key-retrieve~ &
-~--auto-key-locate~ available in GnuPG 2.1.19 and beyond.
+The [[https://tools.ietf.org/id/draft-koch-openpgp-webkey-service-03.html][Web Key Service]] and the ~--auto-key-retrieve~ &
+~--auto-key-locate~ enhancements available in GnuPG 2.1.16 and beyond.
 
 *** Web Key Service
 
@@ -37,9 +37,10 @@ provider of our communication partner, we can trust the key retrieved by WKD
 more than one from an HKPS based key server.
 
 #+CAPTION: Web key service protocol overview
-#+ATTR_HTML: :style max-width: 600px
 [[file:img/wks-schema.png]]
 
+
+
 *** Publish your public key to a Web Key Directory
 
 In order to use WKS you need a provider who supports it [fn:1]. After you
@@ -47,7 +48,6 @@ configured the email account in Thunderbird you need to enable OpenPGP for
 it and generate a key pair.
 
 #+CAPTION: Enable the OpenPGP checkbox in the account settings.
-#+ATTR_HTML: :style max-width: 600px
 [[file:img/wks-account-settings.png]]
 
 Then, open the key management window and find your public key. Right clicking
@@ -55,7 +55,6 @@ it opens the context menu. There, select the option to upload the public key
 to your provider's WKD.
 
 #+CAPTION: Context menu of the key management dialog.
-#+ATTR_HTML: :style max-width: 600px
 [[file:img/wks-key-mng.png]]
 
 After submission, the WKD will send an email to you asking to confirm the
@@ -65,7 +64,6 @@ confirmation request. Clicking the button on the right will send the
 confirmation email to WKD.
 
 #+CAPTION: Enigmail adds a yellow bar to the confirmation request.
-#+ATTR_HTML: :style max-width: 600px
 [[file:img/wks-confirm-req.png]]
 
 After the email has been sent, your public key will be accessible to

-----------------------------------------------------------------------

Summary of changes:
 misc/blog.gnupg.org/20170803-web-key-in-enigmail.org | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Aug  3 20:49:38 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 03 Aug 2017 20:49:38 +0200
Subject: [git] gnupg-doc - branch, master,
 updated. f6e5f1572ecb7cb880c28a56450421a31341b760
Message-ID: <E1ddLBi-0004hr-LJ@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, master has been updated
       via  f6e5f1572ecb7cb880c28a56450421a31341b760 (commit)
       via  cdad5f0bc9d0b853e779214654618d52c5dc46f7 (commit)
      from  ac33d6f76550973f2cc559e601cff1e53126b4f6 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit f6e5f1572ecb7cb880c28a56450421a31341b760
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Aug 3 20:44:27 2017 +0200

    blog: Okay, max-width attrib looked better.

diff --git a/misc/blog.gnupg.org/20170803-web-key-in-enigmail.org b/misc/blog.gnupg.org/20170803-web-key-in-enigmail.org
index ebc3c9a..e811018 100644
--- a/misc/blog.gnupg.org/20170803-web-key-in-enigmail.org
+++ b/misc/blog.gnupg.org/20170803-web-key-in-enigmail.org
@@ -37,6 +37,7 @@ provider of our communication partner, we can trust the key retrieved by WKD
 more than one from an HKPS based key server.
 
 #+CAPTION: Web key service protocol overview
+#+ATTR_HTML: :class right :style max-width: 400px
 [[file:img/wks-schema.png]]
 
 
@@ -48,6 +49,7 @@ configured the email account in Thunderbird you need to enable OpenPGP for
 it and generate a key pair.
 
 #+CAPTION: Enable the OpenPGP checkbox in the account settings.
+#+ATTR_HTML: :class right :style max-width: 400px
 [[file:img/wks-account-settings.png]]
 
 Then, open the key management window and find your public key. Right clicking
@@ -55,6 +57,7 @@ it opens the context menu. There, select the option to upload the public key
 to your provider's WKD.
 
 #+CAPTION: Context menu of the key management dialog.
+#+ATTR_HTML: :class right :style max-width: 400px
 [[file:img/wks-key-mng.png]]
 
 After submission, the WKD will send an email to you asking to confirm the
@@ -64,7 +67,8 @@ confirmation request. Clicking the button on the right will send the
 confirmation email to WKD.
 
 #+CAPTION: Enigmail adds a yellow bar to the confirmation request.
-[[file:img/wks-confirm-req.png]]
+[[#+ATTR_HTML: :class right :style max-width: 400px
+file:img/wks-confirm-req.png]]
 
 After the email has been sent, your public key will be accessible to
 everybody.

commit cdad5f0bc9d0b853e779214654618d52c5dc46f7
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Aug 3 20:37:20 2017 +0200

    tools: Also sync the img and data dirs of the blog

diff --git a/tools/build-website.sh b/tools/build-website.sh
index afb61a9..2f8ceb9 100755
--- a/tools/build-website.sh
+++ b/tools/build-website.sh
@@ -299,6 +299,9 @@ if [ -n "$sync_blog" ]; then
   cd "$sync_blog"
   rsync -rt --links --exclude '*~' --exclude '*.sh' \
         --exclude '*tmp' --exclude '*.org' . ${htdocs_blog}/
+  cd "$root_dir/misc/blog.gnupg.org"
+  rsync -rt --links --exclude '*~' --exclude '*.sh' \
+        --exclude '*tmp' --exclude '*.org' img data  ${htdocs_blog}/
   any_sync=yes
 fi
 

-----------------------------------------------------------------------

Summary of changes:
 misc/blog.gnupg.org/20170803-web-key-in-enigmail.org | 6 +++++-
 tools/build-website.sh                               | 3 +++
 2 files changed, 8 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Aug  3 21:02:13 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 03 Aug 2017 21:02:13 +0200
Subject: [git] gnupg-doc - branch, master,
 updated. 196c591f4dd7bd2889007bff1192bafef52f56ab
Message-ID: <E1ddLNt-0006iO-Nc@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, master has been updated
       via  196c591f4dd7bd2889007bff1192bafef52f56ab (commit)
      from  f6e5f1572ecb7cb880c28a56450421a31341b760 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 196c591f4dd7bd2889007bff1192bafef52f56ab
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Aug 3 20:57:03 2017 +0200

    blog: Fix a typo in a link I introduced.

diff --git a/misc/blog.gnupg.org/20170803-web-key-in-enigmail.org b/misc/blog.gnupg.org/20170803-web-key-in-enigmail.org
index e811018..f32c0e6 100644
--- a/misc/blog.gnupg.org/20170803-web-key-in-enigmail.org
+++ b/misc/blog.gnupg.org/20170803-web-key-in-enigmail.org
@@ -17,6 +17,10 @@ The [[https://tools.ietf.org/id/draft-koch-openpgp-webkey-service-03.html][Web K
 
 *** Web Key Service
 
+#+CAPTION: Web key service protocol overview
+#+ATTR_HTML: :class right :style max-width: 400px
+[[file:img/wks-schema.png]]
+
 The Web Key Service is a protocol to publish public OpenPGP keys via
 email and retrieve others' public keys using HTTPS. The advantage over
 HKPS is that every email provider maintains its own key
@@ -36,10 +40,7 @@ Point three helps us with trust management. In case we trust the email
 provider of our communication partner, we can trust the key retrieved by WKD
 more than one from an HKPS based key server.
 
-#+CAPTION: Web key service protocol overview
-#+ATTR_HTML: :class right :style max-width: 400px
-[[file:img/wks-schema.png]]
-
+#+HTML: <p style="clear: both"/>
 
 
 *** Publish your public key to a Web Key Directory
@@ -67,12 +68,14 @@ confirmation request. Clicking the button on the right will send the
 confirmation email to WKD.
 
 #+CAPTION: Enigmail adds a yellow bar to the confirmation request.
-[[#+ATTR_HTML: :class right :style max-width: 400px
-file:img/wks-confirm-req.png]]
+#+ATTR_HTML: :class right :style max-width: 400px
+[[file:img/wks-confirm-req.png]]
 
 After the email has been sent, your public key will be accessible to
 everybody.
 
+#+HTML: <p style="clear: both"/>
+
 *** Receive others public key from a Web Key Directory
 
 Recent version of Enigmail receive missing public keys automatically form

-----------------------------------------------------------------------

Summary of changes:
 misc/blog.gnupg.org/20170803-web-key-in-enigmail.org | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Aug  3 21:21:50 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 03 Aug 2017 21:21:50 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.22-12-g6cba56d
Message-ID: <E1ddLgt-0001H3-88@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  6cba56d436b56ea5e60042144a8a75a2e80007c8 (commit)
      from  dcfb01959802b27869528dda1d9a4f5e79574bb5 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 6cba56d436b56ea5e60042144a8a75a2e80007c8
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Aug 3 21:16:22 2017 +0200

    wks: Allow gpg-wks-client --supported with just the domain name
    
    * tools/gpg-wks-client.c (command_supported): Hack for missing local
    part.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c
index 746aa53..594f28a 100644
--- a/tools/gpg-wks-client.c
+++ b/tools/gpg-wks-client.c
@@ -551,7 +551,14 @@ command_supported (char *userid)
   char *addrspec = NULL;
   char *submission_to = NULL;
 
-  addrspec = mailbox_from_userid (userid);
+  if (!strchr (userid, '@'))
+    {
+      char *tmp = xstrconcat ("foo@", userid, NULL);
+      addrspec = mailbox_from_userid (tmp);
+      xfree (tmp);
+    }
+  else
+    addrspec = mailbox_from_userid (userid);
   if (!addrspec)
     {
       log_error (_("\"%s\" is not a proper mail address\n"), userid);

-----------------------------------------------------------------------

Summary of changes:
 tools/gpg-wks-client.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Aug  4 15:09:16 2017
From: cvs at cvs.gnupg.org (by Damien Goutte-Gattat)
Date: Fri, 04 Aug 2017 15:09:16 +0200
Subject: [git] Pinentry - branch, master, updated. pinentry-1.0.0-27-g1590b66
Message-ID: <E1ddcLs-0000YI-EE@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The standard pinentry collection".

The branch, master has been updated
       via  1590b664d88be8386a4664c2994b685187d1eb25 (commit)
      from  ebfa54e6044420ae12a090cdef9df7e7b0d961d2 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 1590b664d88be8386a4664c2994b685187d1eb25
Author: Damien Goutte-Gattat <dgouttegattat at incenp.org>
Date:   Thu Aug 3 22:56:49 2017 +0200

    gtk: Disable tooltips in keyboard-grabbing mode.
    
    * gtk+-2:/pinentry-gtk-2.c (show_hide_button): Do not show the
    tooltip if we attempt to grab the keyboard.
    (create_window): Likewise.
    --
    
    For unclear reasons, those tooltips may interfere with grabbing
    under some tiling window managers.
    
    GnuPG-bug-id: 3297
    Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>

diff --git a/gtk+-2/pinentry-gtk-2.c b/gtk+-2/pinentry-gtk-2.c
index d467ec5..f17a702 100644
--- a/gtk+-2/pinentry-gtk-2.c
+++ b/gtk+-2/pinentry-gtk-2.c
@@ -516,7 +516,10 @@ show_hide_button_toggled (GtkWidget *widget, gpointer data)
     }
 
   gtk_label_set_markup (GTK_LABEL(label), text);
-  gtk_widget_set_tooltip_text (GTK_WIDGET(button), tooltip);
+  if (!pinentry->grab)
+    {
+      gtk_widget_set_tooltip_text (GTK_WIDGET(button), tooltip);
+    }
   g_free (tooltip);
 }
 
@@ -736,7 +739,7 @@ create_window (pinentry_t ctx)
 	  gtk_progress_bar_set_text (GTK_PROGRESS_BAR (qualitybar),
 				     QUALITYBAR_EMPTY_TEXT);
 	  gtk_progress_bar_set_fraction (GTK_PROGRESS_BAR (qualitybar), 0.0);
-          if (pinentry->quality_bar_tt)
+          if (pinentry->quality_bar_tt && !pinentry->grab)
 	    {
 #if !GTK_CHECK_VERSION (2, 12, 0)
 	      gtk_tooltips_set_tip (GTK_TOOLTIPS (tooltips), qualitybar,

-----------------------------------------------------------------------

Summary of changes:
 gtk+-2/pinentry-gtk-2.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
The standard pinentry collection
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Aug  4 17:15:16 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 04 Aug 2017 17:15:16 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.22-14-gb54d75f
Message-ID: <E1ddeJq-0005Fv-8f@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  b54d75fb1dcfa2cebb3a2497b81ffb49acac2056 (commit)
       via  d9fabcc1989d7235ea0294874803295a30f8711b (commit)
      from  6cba56d436b56ea5e60042144a8a75a2e80007c8 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b54d75fb1dcfa2cebb3a2497b81ffb49acac2056
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Aug 4 17:09:17 2017 +0200

    gpg: Avoid double fingerprint printing with import-show.
    
    * g10/import.c (import_one) <IMPORT_SHOW>: Take care of fingerprint
    options.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/import.c b/g10/import.c
index b1b8e0f..5b55f8f 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -1778,7 +1778,8 @@ import_one (ctrl_t ctrl,
       merge_keys_done = 1;
       /* Note that we do not want to show the validity because the key
        * has not yet imported.  */
-      list_keyblock_direct (ctrl, keyblock, 0, 0, 1, 1);
+      list_keyblock_direct (ctrl, keyblock, 0, 0,
+                            opt.fingerprint || opt.with_fingerprint, 1);
       es_fflush (es_stdout);
     }
 

commit d9fabcc1989d7235ea0294874803295a30f8711b
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Aug 4 17:03:03 2017 +0200

    gpg: New import option show-only.
    
    * g10/options.h (IMPORT_DRY_RUN): New.
    * g10/import.c (parse_import_options): Add "show-only".
    (import_one): use that as alternative to opt.dry_run.
    --
    
    This is just a convenience thing for
    
      --import-options import-show --dry-run
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/doc/gpg.texi b/doc/gpg.texi
index 1984445..01dfeb7 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -2302,9 +2302,11 @@ opposite meaning. The options are:
   keyserver @option{--receive-keys}.
 
   @item import-show
+  @itemx show-only
   Show a listing of the key as imported right before it is stored.
   This can be combined with the option @option{--dry-run} to only look
-  at keys.
+  at keys; the option @option{show-only} is a shortcut for this
+  combination.
 
   @item import-export
   Run the entire import code but instead of storing the key to the
diff --git a/g10/import.c b/g10/import.c
index 8136625..b1b8e0f 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -190,6 +190,10 @@ parse_import_options(char *str,unsigned int *options,int noisy)
       {"repair-keys", IMPORT_REPAIR_KEYS, NULL,
        N_("repair keys on import")},
 
+      /* No description to avoid string change: Fixme for 2.3 */
+      {"show-only", (IMPORT_SHOW | IMPORT_DRY_RUN), NULL,
+       NULL},
+
       /* Aliases for backward compatibility */
       {"allow-local-sigs",IMPORT_LOCAL_SIGS,NULL,NULL},
       {"repair-hkp-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL,NULL},
@@ -1790,7 +1794,7 @@ import_one (ctrl_t ctrl,
       goto leave;
     }
 
-  if (opt.dry_run)
+  if (opt.dry_run || (options & IMPORT_DRY_RUN))
     goto leave;
 
   /* Do we have this key already in one of our pubrings ? */
diff --git a/g10/options.h b/g10/options.h
index 83f4028..8431f75 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -352,6 +352,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
 #define IMPORT_EXPORT                    (1<<9)
 #define IMPORT_RESTORE                   (1<<10)
 #define IMPORT_REPAIR_KEYS               (1<<11)
+#define IMPORT_DRY_RUN                   (1<<12)
 
 #define EXPORT_LOCAL_SIGS                (1<<0)
 #define EXPORT_ATTRIBUTES                (1<<1)

-----------------------------------------------------------------------

Summary of changes:
 doc/gpg.texi  | 4 +++-
 g10/import.c  | 9 +++++++--
 g10/options.h | 1 +
 3 files changed, 11 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Aug  4 18:45:46 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 04 Aug 2017 18:45:46 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.22-15-g3d78ae4
Message-ID: <E1ddfjO-00035z-QU@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  3d78ae4d3de08398fabae5821045a3a1da6dadbe (commit)
      from  b54d75fb1dcfa2cebb3a2497b81ffb49acac2056 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 3d78ae4d3de08398fabae5821045a3a1da6dadbe
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Aug 4 18:34:03 2017 +0200

    agent: Make --no-grab the default.
    
    * agent/gpg-agent.c (oGrab): New const.
    (opts): New option --grab.  Remove description for --no-grab.
    (parse_rereadable_options): Make --no-grab the default.
    (finalize_rereadable_options): Allow --grab to override --no-grab.
    (main) <gpgconflist>: Add "grab".
    * tools/gpgconf-comp.c (gc_options_gpg_agent): Add "grab".
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index 603f707..841e4e3 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -83,6 +83,7 @@ enum cmd_and_opt_values
   oNoOptions,
   oHomedir,
   oNoDetach,
+  oGrab,
   oNoGrab,
   oLogFile,
   oServer,
@@ -169,7 +170,10 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oDebugPinentry, "debug-pinentry", "@"),
 
   ARGPARSE_s_n (oNoDetach,  "no-detach", N_("do not detach from the console")),
-  ARGPARSE_s_n (oNoGrab,    "no-grab",   N_("do not grab keyboard and mouse")),
+  ARGPARSE_s_n (oGrab,      "grab",      "@"),
+                /* FIXME: Add the below string for 2.3 */
+                /* N_("let PIN-Entry grab keyboard and mouse")), */
+  ARGPARSE_s_n (oNoGrab,    "no-grab",   "@"),
   ARGPARSE_s_s (oLogFile,   "log-file",  N_("use a log file for the server")),
   ARGPARSE_s_s (oPinentryProgram, "pinentry-program",
                 /* */             N_("|PGM|use PGM as the PIN-Entry program")),
@@ -787,7 +791,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
       opt.quiet = 0;
       opt.verbose = 0;
       opt.debug = 0;
-      opt.no_grab = 0;
+      opt.no_grab = 1;
       opt.debug_pinentry = 0;
       opt.pinentry_program = NULL;
       opt.pinentry_touch_file = NULL;
@@ -842,7 +846,8 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
         }
       break;
 
-    case oNoGrab: opt.no_grab = 1; break;
+    case oNoGrab: opt.no_grab |= 1; break;
+    case oGrab: opt.no_grab |= 2; break;
 
     case oPinentryProgram: opt.pinentry_program = pargs->r.ret_str; break;
     case oPinentryTouchFile: opt.pinentry_touch_file = pargs->r.ret_str; break;
@@ -917,6 +922,9 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
 static void
 finalize_rereadable_options (void)
 {
+  /* Hack to allow --grab to override --no-grab.  */
+  if ((opt.no_grab & 2))
+    opt.no_grab = 0;
 }
 
 
@@ -1406,6 +1414,8 @@ main (int argc, char **argv )
                  GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME);
       es_printf ("enable-extended-key-format:%lu:\n",
                  GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
+      es_printf ("grab:%lu:\n",
+                 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
 
       agent_exit (0);
     }
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index d61dc85..d7a562a 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -325,10 +325,14 @@ the environment variable @code{SHELL} which is correct in almost all
 cases.
 
 
- at item --no-grab
+ at item --grab
+ at itemx --no-grab
+ at opindex grab
 @opindex no-grab
-Tell the pinentry not to grab the keyboard and mouse.  This option
-should in general not be used to avoid X-sniffing attacks.
+Tell the pinentry to grab the keyboard and mouse.  This option should
+be used on X-Servers to avoid X-sniffing attacks. Any use of the
+option @option{--grab} overrides an used option @option{--no-grab}.
+The default is @option{--no-grab}.
 
 @anchor{option --log-file}
 @item --log-file @var{file}
diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index cfc9fa3..527815c 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -550,6 +550,9 @@ static gc_option_t gc_options_gpg_agent[] =
      GC_LEVEL_ADVANCED,
      "gnupg", "allow passphrase to be prompted through Emacs",
      GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
+   { "grab", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
+     "gnupg", NULL,
+     GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
    { "no-allow-external-cache", GC_OPT_FLAG_RUNTIME,
      GC_LEVEL_BASIC, "gnupg", "disallow the use of an external password cache",
      GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
@@ -559,9 +562,6 @@ static gc_option_t gc_options_gpg_agent[] =
    { "no-allow-loopback-pinentry", GC_OPT_FLAG_RUNTIME,
      GC_LEVEL_EXPERT, "gnupg", "disallow caller to override the pinentry",
      GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
-   { "no-grab", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
-     "gnupg", "do not grab keyboard and mouse",
-     GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
 
    { "Passphrase policy",
      GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,

-----------------------------------------------------------------------

Summary of changes:
 agent/gpg-agent.c    | 16 +++++++++++++---
 doc/gpg-agent.texi   | 10 +++++++---
 tools/gpgconf-comp.c |  6 +++---
 3 files changed, 23 insertions(+), 9 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Aug  4 20:26:12 2017
From: cvs at cvs.gnupg.org (by Marcus Brinkmann)
Date: Fri, 04 Aug 2017 20:26:12 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4,
 updated. gnupg-1.4.22-6-geb15d5e
Message-ID: <E1ddhIa-0002Io-TB@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-1-4 has been updated
       via  eb15d5ed8e4a765998e9de7698bdc65328bcaaa3 (commit)
      from  9832a4bacfa5232534f2c7fe7655bd0677a41f6e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit eb15d5ed8e4a765998e9de7698bdc65328bcaaa3
Author: Marcus Brinkmann <marcus.brinkmann at ruhr-uni-bochum.de>
Date:   Fri Aug 4 20:24:27 2017 +0200

    doc: Remove documentation for future option --faked-system-time.
    
    doc/gpg.texi: Remove documentation for --faked-system-time.
    
    Signed-off-by: Marcus Brinkmann <mb at g10code.com>
    GnuPG-bug-id: 3329

diff --git a/doc/gpg.texi b/doc/gpg.texi
index 00ed828..42658c9 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -2275,13 +2275,6 @@ Set all useful debugging flags.
 Enable debug output from the included CCID driver for smartcards.
 Note that this option is only available on some system.
 
- at item --faked-system-time @var{epoch}
- at opindex faked-system-time
-This option is only useful for testing; it sets the system time back or
-forth to @var{epoch} which is the number of seconds elapsed since the year
-1970.  Alternatively @var{epoch} may be given as a full ISO time string
-(e.g. "20070924T154812").
-
 @item --enable-progress-filter
 @opindex enable-progress-filter
 Enable certain PROGRESS status outputs. This option allows frontends

-----------------------------------------------------------------------

Summary of changes:
 doc/gpg.texi | 7 -------
 1 file changed, 7 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Aug  4 22:14:23 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 04 Aug 2017 22:14:23 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.22-16-g7e1fe79
Message-ID: <E1ddizH-00023w-SB@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  7e1fe791d188b078398bf83c9af992cb1bd2a4b3 (commit)
      from  3d78ae4d3de08398fabae5821045a3a1da6dadbe (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 7e1fe791d188b078398bf83c9af992cb1bd2a4b3
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Aug 4 21:58:46 2017 +0200

    gpg: Default to --auto-key-locate "local,wkd" and --auto-key-retrieve.
    
    * g10/gpg.c (main): Add KEYSERVER_AUTO_KEY_RETRIEVE to the default
    keyserver options.  Set the default for --auto-key-locate to
    "local,wkd".  Reset that default iff --auto-key-locate has been given
    in the option file or in the commandline.
    * g10/getkey.c (parse_auto_key_locate): Work on a copy of the arg.
    --
    
    GnuPG-bug-id: 3324
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/doc/gpg.texi b/doc/gpg.texi
index 01dfeb7..19398e6 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1726,14 +1726,18 @@ Set what trust model GnuPG should follow. The models are:
   exists.
 @end table
 
- at item --auto-key-locate @var{parameters}
+ at item --auto-key-locate @var{mechanisms}
 @itemx --no-auto-key-locate
 @opindex auto-key-locate
 GnuPG can automatically locate and retrieve keys as needed using this
-option. This happens when encrypting to an email address (in the
-"user@@example.com" form), and there are no user@@example.com keys on
-the local keyring.  This option takes any number of the following
-mechanisms, in the order they are to be tried:
+option.  This happens when encrypting to an email address (in the
+"user@@example.com" form), and there are no "user@@example.com" keys
+on the local keyring.  This option takes any number of the mechanisms
+listed below, in the order they are to be tried.  Instead of listing
+the mechanisms as comma delimited arguments, the option may also be
+given several times to add more mechanism.  The option
+ at option{--no-auto-key-locate} or the mechanism "clear" resets the
+list.  The default is "local,wkd".
 
 @table @asis
 
@@ -1749,7 +1753,6 @@ mechanisms, in the order they are to be tried:
 
   @item wkd
   Locate a key using the Web Key Directory protocol.
-  This is an experimental method and semantics may change.
 
   @item ldap
   Using DNS Service Discovery, check the domain in question for any LDAP
@@ -1782,13 +1785,14 @@ mechanisms, in the order they are to be tried:
 
 @end table
 
+
 @item --auto-key-retrieve
 @itemx --no-auto-key-retrieve
 @opindex auto-key-retrieve
 @opindex no-auto-key-retrieve
-This option enables the automatic retrieving of keys from a keyserver
-when verifying signatures made by keys that are not on the local
-keyring.
+These options enable or disable the automatic retrieving of keys from
+a keyserver when verifying signatures made by keys that are not on the
+local keyring.  The default is @option{--auto-key-retrieve}.
 
 If the method "wkd" is included in the list of methods given to
 @option{auto-key-locate}, the signer's user ID is part of the
diff --git a/g10/getkey.c b/g10/getkey.c
index 79bce61..5b7aff9 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -4229,9 +4229,10 @@ release_akl (void)
 
 /* Returns false on error. */
 int
-parse_auto_key_locate (char *options)
+parse_auto_key_locate (const char *options_arg)
 {
   char *tok;
+  char *options = xstrdup (options_arg);
 
   while ((tok = optsep (&options)))
     {
@@ -4271,6 +4272,7 @@ parse_auto_key_locate (char *options)
       else
 	{
 	  free_akl (akl);
+          xfree (options);
 	  return 0;
 	}
 
@@ -4299,6 +4301,7 @@ parse_auto_key_locate (char *options)
 	}
     }
 
+  xfree (options);
   return 1;
 }
 
diff --git a/g10/gpg.c b/g10/gpg.c
index d2227b3..39f52eb 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -2292,6 +2292,7 @@ main (int argc, char **argv)
     int ovrseskeyfd = -1;
     int fpr_maybe_cmd = 0; /* --fingerprint maybe a command.  */
     int any_explicit_recipient = 0;
+    int default_akl = 1;
     int require_secmem = 0;
     int got_secmem = 0;
     struct assuan_malloc_hooks malloc_hooks;
@@ -2362,7 +2363,8 @@ main (int argc, char **argv)
     opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS
 					    | IMPORT_REPAIR_PKS_SUBKEY_BUG);
     opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
-    opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
+    opt.keyserver_options.options = (KEYSERVER_HONOR_PKA_RECORD
+                                     | KEYSERVER_AUTO_KEY_RETRIEVE);
     opt.verify_options = (LIST_SHOW_UID_VALIDITY
                           | VERIFY_SHOW_POLICY_URLS
                           | VERIFY_SHOW_STD_NOTATIONS
@@ -2385,7 +2387,6 @@ main (int argc, char **argv)
     opt.passphrase_repeat = 1;
     opt.emit_version = 0;
     opt.weak_digests = NULL;
-    additional_weak_digest("MD5");
 
     /* Check whether we have a config file on the command line.  */
     orig_argc = argc;
@@ -2461,6 +2462,10 @@ main (int argc, char **argv)
     assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
     setup_libassuan_logging (&opt.debug, NULL);
 
+    /* Set default options which require that malloc stuff is ready.  */
+    additional_weak_digest ("MD5");
+    parse_auto_key_locate ("local,wkd");
+
     /* Try for a version specific config file first */
     default_configname = get_default_configname ();
     if (default_config)
@@ -3457,6 +3462,13 @@ main (int argc, char **argv)
 	  case oNoRequireCrossCert: opt.flags.require_cross_cert=0; break;
 
 	  case oAutoKeyLocate:
+            if (default_akl)
+              {
+                /* This is the first time --aito-key-locate is seen.
+                 * We need to reset the default akl.  */
+                default_akl = 0;
+                release_akl();
+              }
 	    if(!parse_auto_key_locate(pargs.r.ret_str))
 	      {
 		if(configname)
diff --git a/g10/keydb.h b/g10/keydb.h
index f793ada..f503c99 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -396,7 +396,7 @@ char *get_user_id_byfpr (ctrl_t ctrl, const byte *fpr, size_t *rn);
 char *get_user_id_byfpr_native (ctrl_t ctrl, const byte *fpr);
 
 void release_akl(void);
-int parse_auto_key_locate(char *options);
+int parse_auto_key_locate(const char *options);
 int parse_key_origin (char *string);
 const char *key_origin_string (int origin);
 

-----------------------------------------------------------------------

Summary of changes:
 doc/gpg.texi | 22 +++++++++++++---------
 g10/getkey.c |  5 ++++-
 g10/gpg.c    | 16 ++++++++++++++--
 g10/keydb.h  |  2 +-
 4 files changed, 32 insertions(+), 13 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Aug  4 22:25:02 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 04 Aug 2017 22:25:02 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.22-17-g9bb13a0
Message-ID: <E1ddj9b-0003uL-BM@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  9bb13a0e819334681caca38c9074bd7bfc04e45e (commit)
      from  7e1fe791d188b078398bf83c9af992cb1bd2a4b3 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 9bb13a0e819334681caca38c9074bd7bfc04e45e
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Aug 4 22:19:37 2017 +0200

    gpg: Make --no-auto-key-retrieve gpgconf-igurable.
    
    * g10/gpg.c (gpgconf_list): Print no-auto-key-retrieve instead of
    auto-key-retrieve.
    * tools/gpgconf-comp.c (gc_options_gpg): Replace auto-key-retrieve by
    no-auto-key-retrieve and chnage level from invisible to advanced.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/gpg.c b/g10/gpg.c
index 39f52eb..4658a9f 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -1850,7 +1850,7 @@ gpgconf_list (const char *configfile)
   es_printf ("encrypt-to:%lu:\n", GC_OPT_FLAG_NONE);
   es_printf ("try-secret-key:%lu:\n", GC_OPT_FLAG_NONE);
   es_printf ("auto-key-locate:%lu:\n", GC_OPT_FLAG_NONE);
-  es_printf ("auto-key-retrieve:%lu:\n", GC_OPT_FLAG_NONE);
+  es_printf ("no-auto-key-retrieve:%lu:\n", GC_OPT_FLAG_NONE);
   es_printf ("log-file:%lu:\n", GC_OPT_FLAG_NONE);
   es_printf ("debug-level:%lu:\"none:\n", GC_OPT_FLAG_DEFAULT);
   es_printf ("group:%lu:\n", GC_OPT_FLAG_NONE);
diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index 527815c..e78633f 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -755,7 +755,7 @@ static gc_option_t gc_options_gpg[] =
    { "auto-key-locate", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
      "gnupg", N_("|MECHANISMS|use MECHANISMS to locate keys by mail address"),
      GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
-   { "auto-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
+   { "no-auto-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
      NULL, NULL, GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
 
 

-----------------------------------------------------------------------

Summary of changes:
 g10/gpg.c            | 2 +-
 tools/gpgconf-comp.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Aug  4 22:34:53 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 04 Aug 2017 22:34:53 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.22-18-g0767ead
Message-ID: <E1ddjJ7-00057Z-UE@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  0767eada1479c0fa9d4b75781a8c2afb67bdbf90 (commit)
      from  9bb13a0e819334681caca38c9074bd7bfc04e45e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 0767eada1479c0fa9d4b75781a8c2afb67bdbf90
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Aug 4 22:28:13 2017 +0200

    tests: Adjust tests for changed --auto-key-locate default.
    
    * tests/openpgp/defs.scm (create-gpghome): Disable new defaults.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/tests/openpgp/defs.scm b/tests/openpgp/defs.scm
index b5e3078..358efa6 100644
--- a/tests/openpgp/defs.scm
+++ b/tests/openpgp/defs.scm
@@ -338,6 +338,8 @@
 	       "no-secmem-warning"
 	       "no-permission-warning"
 	       "batch"
+               "no-auto-key-retrieve"
+               "no-auto-key-locate"
 	       "allow-weak-digest-algos"
 	       (if have-opt-always-trust
 		   "no-auto-check-trustdb" "#no-auto-check-trustdb")

-----------------------------------------------------------------------

Summary of changes:
 tests/openpgp/defs.scm | 2 ++
 1 file changed, 2 insertions(+)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Aug  4 22:51:58 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 04 Aug 2017 22:51:58 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.22-19-gb70e86f
Message-ID: <E1ddjZf-0007sY-4P@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  b70e86fd1050fc6da07a177ed142ae9882b4dd0d (commit)
      from  0767eada1479c0fa9d4b75781a8c2afb67bdbf90 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b70e86fd1050fc6da07a177ed142ae9882b4dd0d
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Aug 4 22:46:40 2017 +0200

    gpg: Fix memory leak in parse_auto_key_locate.
    
    * g10/getkey.c (parse_auto_key_locate): Fix freeing of OPTIONS.
    --
    
    It was probably too late for me to hack.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/getkey.c b/g10/getkey.c
index 5b7aff9..852c532 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -4232,8 +4232,9 @@ int
 parse_auto_key_locate (const char *options_arg)
 {
   char *tok;
-  char *options = xstrdup (options_arg);
+  char *options, *options_buf;
 
+  options = options_buf = xstrdup (options_arg);
   while ((tok = optsep (&options)))
     {
       struct akl *akl, *check, *last = NULL;
@@ -4272,7 +4273,7 @@ parse_auto_key_locate (const char *options_arg)
       else
 	{
 	  free_akl (akl);
-          xfree (options);
+          xfree (options_buf);
 	  return 0;
 	}
 
@@ -4301,7 +4302,7 @@ parse_auto_key_locate (const char *options_arg)
 	}
     }
 
-  xfree (options);
+  xfree (options_buf);
   return 1;
 }
 

-----------------------------------------------------------------------

Summary of changes:
 g10/getkey.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Sat Aug  5 14:46:59 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Sat, 05 Aug 2017 14:46:59 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.22-21-ga69464b
Message-ID: <E1ddyTt-0007FC-8Y@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  a69464b0b6dac88b360a13d3faf19dd7f2a0e02b (commit)
       via  69e97d909d586160cc0631c9a6f4d3f24bb0c682 (commit)
      from  b70e86fd1050fc6da07a177ed142ae9882b4dd0d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit a69464b0b6dac88b360a13d3faf19dd7f2a0e02b
Author: Werner Koch <wk at gnupg.org>
Date:   Sat Aug 5 14:39:32 2017 +0200

    gpg: Install gpg by default under the name gpg.
    
    * configure.ac: Remove option --enable-gpg2-is-gpg.  Add option
    --enable-gpg-is-gpg2.
    * build-aux/speedo.mk (speedo_pkg_gnupg_configure): Remove
    --enable-gpg2-is-gpg.
    --
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/README b/README
index aaf347c..9ade9fd 100644
--- a/README
+++ b/README
@@ -177,16 +177,15 @@
   is at [[https://gnupg.org/documentation/manuals/gnupg-devel/]] .
 
 
-* GnuPG 1.4 and GnuPG 2.0
-
-  GnuPG 2.0 is a newer version of GnuPG with additional support for
-  S/MIME.  It has a different design philosophy that splits
-  functionality up into several modules.  Both versions may be
-  installed simultaneously without any conflict (gpg is called gpg2 in
-  GnuPG 2).  In fact, the gpg version from GnuPG 1.4 is able to make
-  use of the gpg-agent as included in GnuPG 2 and allows for seamless
-  passphrase caching.  The advantage of GnuPG 1.4 is its smaller size
-  and no dependency on other modules at run and build time.
+* Installing GnuPG 2.2. and GnuPG 1.4
+
+  GnuPG 2.2 is a current version of GnuPG with state of the art
+  security design and many more features.  To install both versions
+  alongside, it is suggested to rename the 1.4 version of "gpg" to
+  "gpg1" as well as the corresponding man page.  Newer releases of the
+  1.4 branch will likely do this by default.  In case this is not
+  possible, the 2.2 version can be installed under the name "gpg2"
+  using the configure option --enable-gpg-is-gpg2.
 
 
 * HOW TO GET MORE INFORMATION
diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk
index 76f712f..f1ec653 100644
--- a/build-aux/speedo.mk
+++ b/build-aux/speedo.mk
@@ -476,7 +476,7 @@ speedo_pkg_ntbtls_configure = --enable-static --disable-shared
 
 ifeq ($(TARGETOS),w32)
 speedo_pkg_gnupg_configure = \
-        --enable-gpg2-is-gpg --disable-g13 --enable-ntbtls \
+        --disable-g13 --enable-ntbtls \
         --enable-build-timestamp
 else
 speedo_pkg_gnupg_configure = --disable-g13
diff --git a/configure.ac b/configure.ac
index 7d50274..18e6c09 100644
--- a/configure.ac
+++ b/configure.ac
@@ -208,20 +208,18 @@ show_gnupg_dirmngr_ldap_pgm="(default)"
 test -n "$GNUPG_DIRMNGR_LDAP_PGM" \
       && show_gnupg_dirmngr_ldap_pgm="$GNUPG_DIRMNGR_LDAP_PGM"
 
+
 #
-# On some platforms gpg2 is usually installed as gpg without using a
-# symlink.  For correct operation of gpgconf it needs to know the
-# installed name of gpg.  This option sets "gpg2"'s installed name to
-# just "gpg".  Note that it might be required to rename gpg2 to gpg
-# manually after the build process.
+# For a long time gpg 2.x was installed as gpg2.  This changed with
+# 2.2.  This option can be used to install gpg under the name gpg2.
 #
-AC_ARG_ENABLE(gpg2-is-gpg,
-    AC_HELP_STRING([--enable-gpg2-is-gpg],[Set installed name of gpg2 to gpg]),
-    gpg2_is_gpg=$enableval)
-if test "$gpg2_is_gpg" != "yes"; then
+AC_ARG_ENABLE(gpg-is-gpg2,
+    AC_HELP_STRING([--enable-gpg-is-gpg2],[Set installed name of gpg to gpg2]),
+    gpg_is_gpg2=$enableval)
+if test "$gpg_is_gpg2" = "yes"; then
    AC_DEFINE(USE_GPG2_HACK, 1, [Define to install gpg as gpg2])
 fi
-AM_CONDITIONAL(USE_GPG2_HACK, test "$gpg2_is_gpg" != "yes")
+AM_CONDITIONAL(USE_GPG2_HACK, test "$gpg_is_gpg2" = "yes")
 
 
 # SELinux support includes tracking of sensitive files to avoid

commit 69e97d909d586160cc0631c9a6f4d3f24bb0c682
Author: Werner Koch <wk at gnupg.org>
Date:   Sat Aug 5 14:26:22 2017 +0200

    gpg: gpgconf needs to support the now default --auto-key-retrieve.
    
    * tools/gpgconf-comp.c (gc_options_gpg): Re-add "auto-key_retrieve".
    --
    
    Although this option is invisible, it might be in use by gpgconf
    profiles.  We don't want to break them.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index e78633f..59a6398 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -755,6 +755,8 @@ static gc_option_t gc_options_gpg[] =
    { "auto-key-locate", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
      "gnupg", N_("|MECHANISMS|use MECHANISMS to locate keys by mail address"),
      GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
+   { "auto-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
+     NULL, NULL, GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
    { "no-auto-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
      NULL, NULL, GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
 

-----------------------------------------------------------------------

Summary of changes:
 README               | 19 +++++++++----------
 build-aux/speedo.mk  |  2 +-
 configure.ac         | 18 ++++++++----------
 tools/gpgconf-comp.c |  2 ++
 4 files changed, 20 insertions(+), 21 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Aug  7 07:05:04 2017
From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor)
Date: Mon, 07 Aug 2017 07:05:04 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.22-22-gf011d87
Message-ID: <E1deaDx-0007Yw-Ar@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  f011d8763a009612c858a287cf7cc6a1f1a6d32a (commit)
      from  a69464b0b6dac88b360a13d3faf19dd7f2a0e02b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit f011d8763a009612c858a287cf7cc6a1f1a6d32a
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date:   Mon Aug 7 01:03:52 2017 -0400

    Simple typo fix.
    
    * agent/gpg-agent.c: Correct spelling in comment.
    
    Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>

diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index 841e4e3..030d1da 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -2407,7 +2407,7 @@ agent_sigusr2_action (void)
 
 #ifndef HAVE_W32_SYSTEM
 /* The signal handler for this program.  It is expected to be run in
-   its own trhead and not in the context of a signal handler.  */
+   its own thread and not in the context of a signal handler.  */
 static void
 handle_signal (int signo)
 {

-----------------------------------------------------------------------

Summary of changes:
 agent/gpg-agent.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Aug  7 09:36:22 2017
From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor)
Date: Mon, 07 Aug 2017 09:36:22 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.22-23-ga611cba
Message-ID: <E1decaN-0005tI-DB@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  a611cba142470c52f3303c512f77ae7d195cc41f (commit)
      from  f011d8763a009612c858a287cf7cc6a1f1a6d32a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit a611cba142470c52f3303c512f77ae7d195cc41f
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date:   Mon Aug 7 03:34:03 2017 -0400

    Fix spelling.
    
    * doc/gpg.texi: s/occured/occurred/
    
    Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>

diff --git a/doc/gpg.texi b/doc/gpg.texi
index 19398e6..ba7f5a5 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1644,7 +1644,7 @@ Set what trust model GnuPG should follow. The models are:
   time a key is seen, it is memorized.  If later another key with a
   user id with the same email address is seen, both keys are marked as
   suspect.  In that case, the next time either is used, a warning is
-  displayed describing the conflict, why it might have occured
+  displayed describing the conflict, why it might have occurred
   (either the user generated a new key and failed to cross sign the
   old and new keys, the key is forgery, or a man-in-the-middle attack
   is being attempted), and the user is prompted to manually confirm

-----------------------------------------------------------------------

Summary of changes:
 doc/gpg.texi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Aug  7 11:21:04 2017
From: cvs at cvs.gnupg.org (by Justus Winter)
Date: Mon, 07 Aug 2017 11:21:04 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.22-24-gb0112db
Message-ID: <E1deeDh-0006GO-GA@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  b0112dbca91e720a4ff622ad0e88d99eba56203a (commit)
      from  a611cba142470c52f3303c512f77ae7d195cc41f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b0112dbca91e720a4ff622ad0e88d99eba56203a
Author: Justus Winter <justus at g10code.com>
Date:   Mon Aug 7 11:15:56 2017 +0200

    tests: Do not run all tests unless in maintainer mode.
    
    * configure.ac: Leak the maintainer mode flag into 'config.h'.
    * tests/gpgscm/ffi.c: Pass it into the scheme environment.
    * tests/openpgp/all-tests.scm: Only run tests against non-default
    configurations (keyring, extended-key-format) in maintainer mode.
    --
    
    Werner is concerned that the tests do take up too much time and asked
    me to reduce the runtime of the tests for normal users.
    
    Signed-off-by: Justus Winter <justus at g10code.com>

diff --git a/configure.ac b/configure.ac
index 18e6c09..20a6ed6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1541,6 +1541,11 @@ if test "$development_version" = yes; then
             [Defined if this is not a regular release])
 fi
 
+if test "$USE_MAINTAINER_MODE" = "yes"; then
+    AC_DEFINE(MAINTAINER_MODE,1,
+            [Defined if this build is in maintainer mode])
+fi
+
 AM_CONDITIONAL(CROSS_COMPILING, test x$cross_compiling = xyes)
 
 GNUPG_CHECK_GNUMAKE
diff --git a/tests/gpgscm/ffi.c b/tests/gpgscm/ffi.c
index 4c03ba6..4c2148a 100644
--- a/tests/gpgscm/ffi.c
+++ b/tests/gpgscm/ffi.c
@@ -1442,6 +1442,14 @@ ffi_init (scheme *sc, const char *argv0, const char *scriptname,
 #endif
               );
 
+  ffi_define (sc, "*maintainer-mode*",
+#if MAINTAINER_MODE
+              sc->T
+#else
+              sc->F
+#endif
+              );
+
 
   ffi_define (sc, "*stdin*",
               sc->vptr->mk_port_from_file (sc, stdin, port_input));
diff --git a/tests/openpgp/all-tests.scm b/tests/openpgp/all-tests.scm
index 4dd6d6f..e65d527 100644
--- a/tests/openpgp/all-tests.scm
+++ b/tests/openpgp/all-tests.scm
@@ -51,18 +51,28 @@
    (parse-makefile-expand (in-srcdir "tests" "openpgp" "Makefile.am")
 			  (lambda (filename port key) (parse-makefile port key))
 			  "XTESTS"))
- (append
-  (map (lambda (name)
-	 (test::scm setup
-		    (path-join "tests" "openpgp" name)
-		    (in-srcdir "tests" "openpgp" name))) all-tests)
-  (map (lambda (name)
-	 (test::scm setup-use-keyring
-		    (qualify (path-join "tests" "openpgp" name) "use-keyring")
-		    (in-srcdir "tests" "openpgp" name)
-		    "--use-keyring")) all-tests)
-  (map (lambda (name)
-	 (test::scm setup-extended-key-format
-		    (qualify (path-join "tests" "openpgp" name) "extended-key-format")
-		    (in-srcdir "tests" "openpgp" name)
-		    "--extended-key-format")) all-tests)))
+
+ (define tests
+   (map (lambda (name)
+	  (test::scm setup
+		     (path-join "tests" "openpgp" name)
+		     (in-srcdir "tests" "openpgp" name))) all-tests))
+
+ (when *maintainer-mode*
+       (set! tests
+	     (append
+	      tests
+	      (map (lambda (name)
+		     (test::scm setup-use-keyring
+				(qualify (path-join "tests" "openpgp" name)
+					 "use-keyring")
+				(in-srcdir "tests" "openpgp" name)
+				"--use-keyring")) all-tests)
+	      (map (lambda (name)
+		     (test::scm setup-extended-key-format
+				(qualify (path-join "tests" "openpgp" name)
+					 "extended-key-format")
+				(in-srcdir "tests" "openpgp" name)
+				"--extended-key-format")) all-tests))))
+
+ tests)

-----------------------------------------------------------------------

Summary of changes:
 configure.ac                |  5 +++++
 tests/gpgscm/ffi.c          |  8 ++++++++
 tests/openpgp/all-tests.scm | 40 +++++++++++++++++++++++++---------------
 3 files changed, 38 insertions(+), 15 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Aug  7 14:01:25 2017
From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor)
Date: Mon, 07 Aug 2017 14:01:25 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.22-26-g81074c3
Message-ID: <E1degit-00071w-7N@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  81074c3b0211854a2dc94600dc892224201536f5 (commit)
       via  407da18254dfebcacfaee16952ef0b617b1626ea (commit)
      from  b0112dbca91e720a4ff622ad0e88d99eba56203a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 81074c3b0211854a2dc94600dc892224201536f5
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date:   Mon Aug 7 04:14:02 2017 -0400

    systemd-user: Drop redundant After=*.socket.
    
    * doc/examples/systemd-user/*.service: Drop redundant After=*.socket
    directive.
    
    --
    
    systemd.socket(5) says:
    
       Socket units will have a Before= dependency on the service which
       they trigger added implicitly.
    
    Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>

diff --git a/doc/examples/systemd-user/dirmngr.service b/doc/examples/systemd-user/dirmngr.service
index 2a7c76e..3c060cd 100644
--- a/doc/examples/systemd-user/dirmngr.service
+++ b/doc/examples/systemd-user/dirmngr.service
@@ -2,7 +2,6 @@
 Description=GnuPG network certificate management daemon
 Documentation=man:dirmngr(8)
 Requires=dirmngr.socket
-After=dirmngr.socket
 
 [Service]
 ExecStart=/usr/bin/dirmngr --supervised
diff --git a/doc/examples/systemd-user/gpg-agent.service b/doc/examples/systemd-user/gpg-agent.service
index a909f0b..a050fcc 100644
--- a/doc/examples/systemd-user/gpg-agent.service
+++ b/doc/examples/systemd-user/gpg-agent.service
@@ -2,7 +2,6 @@
 Description=GnuPG cryptographic agent and passphrase cache
 Documentation=man:gpg-agent(1)
 Requires=gpg-agent.socket
-After=gpg-agent.socket
 
 [Service]
 ExecStart=/usr/bin/gpg-agent --supervised

commit 407da18254dfebcacfaee16952ef0b617b1626ea
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date:   Mon Aug 7 04:11:51 2017 -0400

    systemd-user: Drop RefuseManualStart=true.
    
    * doc/examples/systemd-user/*.service: drop RefuseManualStart=true
    
    --
    
    These user services can be safely started manually as long as at least
    their primary sockets are available.  They'll just start with nothing
    to do, which should be fine.
    
    Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>

diff --git a/doc/examples/systemd-user/dirmngr.service b/doc/examples/systemd-user/dirmngr.service
index ded533b..2a7c76e 100644
--- a/doc/examples/systemd-user/dirmngr.service
+++ b/doc/examples/systemd-user/dirmngr.service
@@ -3,8 +3,6 @@ Description=GnuPG network certificate management daemon
 Documentation=man:dirmngr(8)
 Requires=dirmngr.socket
 After=dirmngr.socket
-## This is a socket-activated service:
-RefuseManualStart=true
 
 [Service]
 ExecStart=/usr/bin/dirmngr --supervised
diff --git a/doc/examples/systemd-user/gpg-agent.service b/doc/examples/systemd-user/gpg-agent.service
index e88dc7f..a909f0b 100644
--- a/doc/examples/systemd-user/gpg-agent.service
+++ b/doc/examples/systemd-user/gpg-agent.service
@@ -3,8 +3,6 @@ Description=GnuPG cryptographic agent and passphrase cache
 Documentation=man:gpg-agent(1)
 Requires=gpg-agent.socket
 After=gpg-agent.socket
-## This is a socket-activated service:
-RefuseManualStart=true
 
 [Service]
 ExecStart=/usr/bin/gpg-agent --supervised

-----------------------------------------------------------------------

Summary of changes:
 doc/examples/systemd-user/dirmngr.service   | 3 ---
 doc/examples/systemd-user/gpg-agent.service | 3 ---
 2 files changed, 6 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Aug  7 19:27:31 2017
From: cvs at cvs.gnupg.org (by Marcus Brinkmann)
Date: Mon, 07 Aug 2017 19:27:31 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.8.0-12-ga7bd2cb
Message-ID: <E1deloR-0000en-L4@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  a7bd2cbd3eabda88fb3cac5cbc13c21c97a7b315 (commit)
      from  df1e221b3012e96bbffbc7d5fd70836a9ae1cc19 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit a7bd2cbd3eabda88fb3cac5cbc13c21c97a7b315
Author: Marcus Brinkmann <marcus.brinkmann at ruhr-uni-bochum.de>
Date:   Mon Aug 7 19:26:26 2017 +0200

    cipher: Add OID for SHA384WithECDSA.
    
    * cipher/sha512.c (oid_spec_sha384): Add SHA384WithECDSA.
    
    Signed-off-by: Marcus Brinkmann <mb at g10code.com>
    Suggested-by: Sven Fischer <sven at leiderfischer.de>
    GnuPG-bug-id: 3336

diff --git a/cipher/sha512.c b/cipher/sha512.c
index 2ddc485..06e8a2b 100644
--- a/cipher/sha512.c
+++ b/cipher/sha512.c
@@ -943,6 +943,9 @@ static gcry_md_oid_spec_t oid_spec_sha384[] =
     /* PKCS#1 sha384WithRSAEncryption */
     { "1.2.840.113549.1.1.12" },
 
+    /* SHA384WithECDSA: RFC 7427 (A.3.3.) */
+    { "1.2.840.10045.4.3.3" },
+
     { NULL },
   };
 

-----------------------------------------------------------------------

Summary of changes:
 cipher/sha512.c | 3 +++
 1 file changed, 3 insertions(+)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Aug  8 11:48:38 2017
From: cvs at cvs.gnupg.org (by Justus Winter)
Date: Tue, 08 Aug 2017 11:48:38 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.22-27-gc4506f6
Message-ID: <E1df17u-0004e3-Vt@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  c4506f624ed6854aa0ba1629aa2d1d43eb26900d (commit)
      from  81074c3b0211854a2dc94600dc892224201536f5 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit c4506f624ed6854aa0ba1629aa2d1d43eb26900d
Author: Justus Winter <justus at g10code.com>
Date:   Tue Aug 8 11:43:22 2017 +0200

    gpg: Add option '--disable-dirmngr'.
    
    * doc/gpg.texi: Document new option.
    * g10/call-dirmngr.c (create_context): Fail if option is given.
    * g10/gpg.c (cmd_and_opt_values): New value.
    (opts): New option.
    (gpgconf_list): Add new option.
    (main): Handle new option.
    * g10/options.h (struct opt): New field 'disable_dirmngr'.
    * tools/gpgconf-comp.c (gc_options_gpg): New option.
    
    GnuPG-bug-id: 3334
    Signed-off-by: Justus Winter <justus at g10code.com>

diff --git a/doc/gpg.texi b/doc/gpg.texi
index ba7f5a5..c71126a 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1976,6 +1976,9 @@ file name.
 Specify a dirmngr program to be used for keyserver access.  The
 default value is @file{@value{BINDIR}/dirmngr}.
 
+ at item --disable-dirmngr
+Entirely disable the use of the Dirmngr.
+
 @item --no-autostart
 @opindex no-autostart
 Do not start the gpg-agent or the dirmngr if it has not yet been
diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c
index 362731e..9bc90fb 100644
--- a/g10/call-dirmngr.c
+++ b/g10/call-dirmngr.c
@@ -184,6 +184,10 @@ create_context (ctrl_t ctrl, assuan_context_t *r_ctx)
   assuan_context_t ctx;
 
   *r_ctx = NULL;
+
+  if (opt.disable_dirmngr)
+    return gpg_error (GPG_ERR_NO_DIRMNGR);
+
   err = start_new_dirmngr (&ctx,
                            GPG_ERR_SOURCE_DEFAULT,
                            opt.dirmngr_program,
diff --git a/g10/gpg.c b/g10/gpg.c
index 4658a9f..c721cdc 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -374,6 +374,7 @@ enum cmd_and_opt_values
     oPersonalCompressPreferences,
     oAgentProgram,
     oDirmngrProgram,
+    oDisableDirmngr,
     oDisplay,
     oTTYname,
     oTTYtype,
@@ -837,6 +838,7 @@ static ARGPARSE_OPTS opts[] = {
 
   ARGPARSE_s_s (oAgentProgram, "agent-program", "@"),
   ARGPARSE_s_s (oDirmngrProgram, "dirmngr-program", "@"),
+  ARGPARSE_s_n (oDisableDirmngr, "disable-dirmngr", "@"),
   ARGPARSE_s_s (oDisplay,    "display",    "@"),
   ARGPARSE_s_s (oTTYname,    "ttyname",    "@"),
   ARGPARSE_s_s (oTTYtype,    "ttytype",    "@"),
@@ -1857,6 +1859,7 @@ gpgconf_list (const char *configfile)
   es_printf ("compliance:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT, "gnupg");
   es_printf ("default-new-key-algo:%lu:\n", GC_OPT_FLAG_NONE);
   es_printf ("trust-model:%lu:\n", GC_OPT_FLAG_NONE);
+  es_printf ("disable-dirmngr:%lu:\n", GC_OPT_FLAG_NONE);
 
   /* The next one is an info only item and should match the macros at
      the top of keygen.c  */
@@ -3388,6 +3391,7 @@ main (int argc, char **argv)
 	    break;
           case oAgentProgram: opt.agent_program = pargs.r.ret_str;  break;
           case oDirmngrProgram: opt.dirmngr_program = pargs.r.ret_str; break;
+	  case oDisableDirmngr: opt.disable_dirmngr = 1;  break;
           case oWeakDigest:
 	    additional_weak_digest(pargs.r.ret_str);
 	    break;
diff --git a/g10/options.h b/g10/options.h
index 8431f75..130bec8 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -121,6 +121,7 @@ struct
   int max_cert_depth;
   const char *agent_program;
   const char *dirmngr_program;
+  int disable_dirmngr;
 
   const char *def_new_key_algo;
 
diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index 59a6398..b066dad 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -759,6 +759,9 @@ static gc_option_t gc_options_gpg[] =
      NULL, NULL, GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
    { "no-auto-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
      NULL, NULL, GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
+   { "disable-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
+     "gnupg", N_("disable all access to the dirmngr"),
+     GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
 
 
    GC_OPTION_NULL

-----------------------------------------------------------------------

Summary of changes:
 doc/gpg.texi         | 3 +++
 g10/call-dirmngr.c   | 4 ++++
 g10/gpg.c            | 4 ++++
 g10/options.h        | 1 +
 tools/gpgconf-comp.c | 3 +++
 5 files changed, 15 insertions(+)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Aug  8 13:53:04 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 08 Aug 2017 13:53:04 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.22-29-g0bd19da
Message-ID: <E1df34L-0007Vs-IN@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  0bd19dae1161a71053d794e4f75e66f70445f9f0 (commit)
       via  0a8e20c4c639f0c491e2af5ac5fb97005196422b (commit)
      from  c4506f624ed6854aa0ba1629aa2d1d43eb26900d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 0bd19dae1161a71053d794e4f75e66f70445f9f0
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Aug 8 13:47:00 2017 +0200

    gpgscm: Make the test summary stand out
    
    * tests/gpgscm/tests.scm (test-pool): Add delimiter lines.
    --
    
    This is to make those summaries a bit more simlar to those from
    automake.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/tests/gpgscm/tests.scm b/tests/gpgscm/tests.scm
index 40ba7e3..5141002 100644
--- a/tests/gpgscm/tests.scm
+++ b/tests/gpgscm/tests.scm
@@ -613,6 +613,7 @@
 	      (xfailed (filter-tests 'XFAIL))
 	      (xpassed (filter-tests 'XPASS))
 	      (skipped (filter-tests 'SKIP)))
+          (echo "===================")
 	  (echo (length procs) "tests run,"
 		(length (filter-tests 'PASS)) "succeeded,"
 		(length failed) "failed,"
@@ -623,6 +624,7 @@
 	  (print-tests xfailed "Expectedly failed tests:")
 	  (print-tests xpassed "Unexpectedly passed tests:")
 	  (print-tests skipped "Skipped tests:")
+          (echo "===================")
 	  (+ (length failed) (length xpassed))))
 
       (define (xml)

commit 0a8e20c4c639f0c491e2af5ac5fb97005196422b
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Aug 8 13:04:12 2017 +0200

    sm: Always print the keygrip in colon mode.
    
    * sm/keylist.c (list_cert_colon): Always print the keygrip as
    described in the manual.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/doc/tools.texi b/doc/tools.texi
index d05018b..332fb01 100644
--- a/doc/tools.texi
+++ b/doc/tools.texi
@@ -1189,10 +1189,12 @@ gpg-preset-passphrase [options] [command] @var{cacheid}
 @var{cacheid} is either a 40 character keygrip of hexadecimal
 characters identifying the key for which the passphrase should be set
 or cleared.  The keygrip is listed along with the key when running the
-command: @code{gpgsm --dump-secret-keys}.  Alternatively an arbitrary
-string may be used to identify a passphrase; it is suggested that such
-a string is prefixed with the name of the application (e.g
- at code{foo:12346}).
+command: @code{gpgsm --with-keygrip --list-secret-keys}.
+Alternatively an arbitrary string may be used to identify a
+passphrase; it is suggested that such a string is prefixed with the
+name of the application (e.g @code{foo:12346}).  Scripts should always
+use the option @option{--with-colons}, which provides the keygrip in a
+"grp" line (cf. @file{doc/DETAILS})/
 
 @noindent
 One of the following command options must be given:
diff --git a/sm/keylist.c b/sm/keylist.c
index abec049..24c86e1 100644
--- a/sm/keylist.c
+++ b/sm/keylist.c
@@ -541,16 +541,16 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
   xfree (fpr); fpr = NULL; chain_id = NULL;
   xfree (chain_id_buffer); chain_id_buffer = NULL;
 
-  if (opt.with_key_data)
+  /* Always print the keygrip.  */
+  if ( (p = gpgsm_get_keygrip_hexstring (cert)))
     {
-      if ( (p = gpgsm_get_keygrip_hexstring (cert)))
-        {
-          es_fprintf (fp, "grp:::::::::%s:\n", p);
-          xfree (p);
-        }
-      print_key_data (cert, fp);
+      es_fprintf (fp, "grp:::::::::%s:\n", p);
+      xfree (p);
     }
 
+  if (opt.with_key_data)
+    print_key_data (cert, fp);
+
   kludge_uid = NULL;
   for (idx=0; (p = ksba_cert_get_subject (cert,idx)); idx++)
     {

-----------------------------------------------------------------------

Summary of changes:
 doc/tools.texi         | 10 ++++++----
 sm/keylist.c           | 14 +++++++-------
 tests/gpgscm/tests.scm |  2 ++
 3 files changed, 15 insertions(+), 11 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Aug  8 15:01:51 2017
From: cvs at cvs.gnupg.org (by Marcus Brinkmann)
Date: Tue, 08 Aug 2017 15:01:51 +0200
Subject: [git] gnupg-doc - branch, preview,
 updated. 9b52acd75d6cfe229cd52ddc8d423e6d958b91c8
Message-ID: <E1df48t-0002au-IL@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, preview has been updated
       via  9b52acd75d6cfe229cd52ddc8d423e6d958b91c8 (commit)
      from  1507fb3dac0c88cc73630588ccda8a04b68de481 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 9b52acd75d6cfe229cd52ddc8d423e6d958b91c8
Author: Marcus Brinkmann <marcus.brinkmann at ruhr-uni-bochum.de>
Date:   Tue Aug 8 15:01:35 2017 +0200

    web: Update release_notes.org.

diff --git a/web/download/release_notes.org b/web/download/release_notes.org
index b581bf0..73111d2 100644
--- a/web/download/release_notes.org
+++ b/web/download/release_notes.org
@@ -13,6 +13,244 @@
   Note that this page will soon be restructed.  The URLs pointing to
   specific releases will thus also change.
 
+** GnuPG [[https://lists.gnupg.org/pipermail/gnupg-announce/2017q3/000411.html][2.1.22]] released  (2017-07-28)
+    :PROPERTIES:
+    :CUSTOM_ID: gnupg-2.1.22
+    :END:
+
+  - gpg: Extend command --quick-set-expire to allow for setting the
+    expiration time of subkeys.
+
+  - gpg: By default try to repair keys during import.  New sub-option
+    no-repair-keys for --import-options.
+
+  - gpg,gpgsm: Improved checking and reporting of DE-VS compliance.
+
+  - gpg: New options --key-origin and --with-key-origin.  Store the
+    time of the last key update from keyservers, WKD, or DANE.
+
+  - agent: New option --ssh-fingerprint-digest.
+
+  - dimngr: Lower timeouts on keyserver connection attempts and made
+    it configurable.
+
+  - dirmngr: Tor will now automatically be detected and used.  The
+    option --no-use-tor disables Tor detection.
+
+  - dirmngr: Now detects a changed /etc/resolv.conf.
+
+  - agent,dirmngr: Initiate shutdown on removal of the GnuPG home
+    directory.
+
+  - gpg: Avoid caching passphrase for failed symmetric encryption.
+
+  - agent: Support for unprotected ssh keys.
+
+  - dirmngr: Fixed name resolving on systems using only v6
+    nameservers.
+
+  - dirmngr: Allow the use of TLS over http proxies.
+
+  - w32: Change directory of the daemons after startup.
+
+  - wks: New man pages for client and server.
+
+  - Many other bug fixes.
+
+
+** GnuPG [[https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000405.html][2.1.21]] released  (2017-05-15)
+    :PROPERTIES:
+    :CUSTOM_ID: gnupg-2.1.21
+    :END:
+
+  - gpg,gpgsm: Fix corruption of old style keyring.gpg files.  This
+    bug was introduced with version 2.1.20.  Note that the default
+    pubring.kbx format was not affected.
+
+  - gpg,dirmngr: Removed the skeleton config file support.  The
+    system's standard methods for providing default configuration
+    files should be used instead.
+
+  - w32: The Windows installer now allows installation of GnuPG
+    without Administrator permissions.
+
+  - gpg: Fixed import filter property match bug.
+
+  - scd: Removed Linux support for Cardman 4040 PCMCIA reader.
+
+  - scd: Fixed some corner case bugs in resume/suspend handling.
+
+  - Many minor bug fixes and code cleanup.
+
+
+** GnuPG [[https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000404.html][2.1.20]] released  (2017-04-03)
+    :PROPERTIES:
+    :CUSTOM_ID: gnupg-2.1.20
+    :END:
+
+  - gpg: New properties 'expired', 'revoked', and 'disabled' for the
+    import and export filters.
+
+  - gpg: New command --quick-set-primary-uid.
+
+  - gpg: New compliance field for the --with-colon key listing.
+
+  - gpg: Changed the key parser to generalize the processing of local
+    meta data packets.
+
+  - gpg: Fixed assertion failure in the TOFU trust model.
+
+  - gpg: Fixed exporting of zero length user ID packets.
+
+  - scd: Improved support for multiple readers.
+
+  - scd: Fixed timeout handling for key generation.
+
+  - agent: New option --enable-extended-key-format.
+
+  - dirmngr: Do not add a keyserver to a new dirmngr.conf.  Dirmngr
+    uses a default keyserver.
+
+  - dimngr: Do not treat TLS warning alerts as severe error when
+    building with GNUTLS.
+
+  - dirmngr: Actually take /etc/hosts in account.
+
+  - wks: Fixed client problems on Windows.  Published keys are now set
+    to world-readable.
+
+  - tests: Fixed creation of temporary directories.
+
+  - A socket directory for a non standard GNUGHOME is now created on
+    the fly under /run/user.  Thus "gpgconf --create-socketdir" is now
+    optional.  The use of "gpgconf --remove-socketdir" to clean up
+    obsolete socket directories is however recommended to avoid
+    cluttering /run/user with useless directories.
+
+  - Fixed build problems on some platforms.
+
+
+
+** GnuPG [[https://lists.gnupg.org/pipermail/gnupg-announce/2017q1/000402.html][2.1.19]] released  (2017-03-01)
+    :PROPERTIES:
+    :CUSTOM_ID: gnupg-2.1.19
+    :END:
+
+  - gpg: Print a warning if Tor mode is requested but the Tor daemon
+    is not running.
+
+  - gpg: New status code DECRYPTION_KEY to print the actual private
+    key used for decryption.
+
+  - gpgv: New options --log-file and --debug.
+
+  - gpg-agent: Revamp the prompts to ask for card PINs.
+
+  - scd: Support for multiple card readers.
+
+  - scd: Removed option --debug-disable-ticker.  Ticker is used
+    only when it is required to watch removal of device/card.
+
+  - scd: Improved detection of card inserting and removal.
+
+  - dirmngr: New option --disable-ipv4.
+
+  - dirmngr: New option --no-use-tor to explicitly disable the use of
+    Tor.
+
+  - dirmngr: The option --allow-version-check is now required even if
+    the option --use-tor is also used.
+
+  - dirmngr: Handle a missing nsswitch.conf gracefully.
+
+  - dirmngr: Avoid PTR lookups for keyserver pools.  The are only done
+    for the debug command "keyserver --hosttable".
+
+  - dirmngr: Rework the internal certificate cache to support classes
+    of certificates.  Load system provided certificates on startup.
+    Add options --tls, --no-crl, and --systrust to the "VALIDATE"
+    command.
+
+  - dirmngr: Add support for the ntbtls library.
+
+  - wks: Create mails with a "WKS-Phase" header.  Fix detection of
+    Draft-2 mode.
+
+  - The Windows installer is now build with limited TLS support.
+
+  - Many other bug fixes and new regression tests.
+
+
+
+
+** GnuPG [[https://lists.gnupg.org/pipermail/gnupg-announce/2017q1/000401.html][2.1.18]] released  (2017-01-23)
+    :PROPERTIES:
+    :CUSTOM_ID: gnupg-2.1.18
+    :END:
+
+  - gpg: Remove bogus subkey signature while cleaning a key (with
+    export-clean, import-clean, or --edit-key's sub-command clean)
+
+  - gpg: Allow freezing the clock with --faked-system-time.
+
+  - gpg: New --export-option flag "backup", new --import-option flag
+    "restore".
+
+  - gpg-agent: Fixed long delay due to a regression in the progress
+    callback code.
+
+  - scd: Lots of code cleanup and internal changes.
+
+  - scd: Improved the internal CCID driver.
+
+  - dirmngr: Fixed problem with the DNS glue code (removal of the
+    trailing dot in domain names).
+
+  - dirmngr: Make sure that Tor is actually enabled after changing the
+    conf file and sending SIGHUP or "gpgconf --reload dirmngr".
+
+  - dirmngr: Fixed Tor access to IPv6 addresses.  Note that current
+    versions of Tor may require that the flag "IPv6Traffic" is used
+    with the option "SocksPort" in torrc to actually allow IPv6
+    traffic.
+
+  - dirmngr: Fixed HKP for literally given IPv6 addresses.
+
+  - dirmngr: Enabled reverse DNS lookups via Tor.
+
+  - dirmngr: Added experimental SRV record lookup for WKD.
+    See commit 88dc3af3d4ae1afe1d5e136bc4c38bc4e7d4cd10 for details.
+
+  - dirmngr: For HKP use "pgpkey-hkps" and "pgpkey-hkp" in SRV record
+    lookups.  Avoid SRV record lookup when a port is explicitly
+    specified.  This fixes a regression from the 1.4 and 2.0 behavior.
+
+  - dirmngr: Gracefully handle a missing /etc/nsswitch.conf.  Ignore
+    negation terms (e.g. "[!UNAVAIL=return]" instead of bailing out.
+
+  - dirmngr: Better debug output for flags "dns" and "network".
+
+  - dirmngr: On reload mark all known HKP servers alive.
+
+  - gpgconf: Allow keyword "all" for --launch, --kill, and --reload.
+
+  - tools: gpg-wks-client now ignores a missing policy file on the
+    server.
+
+  - Avoid unnecessary ambiguity error message in the option parsing.
+
+  - Further improvements of the regression test suite.
+
+  - Fixed building with --disable-libdns configure option.
+
+  - Fixed a crash running the tests on 32 bit architectures.
+
+  - Fixed spurious failures on BSD system in the spawn functions.
+    This affected for example gpg-wks-client and gpgconf.
+
+
+
+
 ** GnuPG [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q4/000400.html][2.1.17]] released  (2016-12-20)
     :PROPERTIES:
     :CUSTOM_ID: gnupg-2.1.17

-----------------------------------------------------------------------

Summary of changes:
 web/download/release_notes.org | 238 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 238 insertions(+)


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Aug  8 15:06:15 2017
From: cvs at cvs.gnupg.org (by Marcus Brinkmann)
Date: Tue, 08 Aug 2017 15:06:15 +0200
Subject: [git] gnupg-doc - branch, master,
 updated. 3aba49f2b1dfcd76db5a8d6c41a5c6570b7a3f2c
Message-ID: <E1df4D9-0002xF-VM@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, master has been updated
       via  3aba49f2b1dfcd76db5a8d6c41a5c6570b7a3f2c (commit)
      from  196c591f4dd7bd2889007bff1192bafef52f56ab (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 3aba49f2b1dfcd76db5a8d6c41a5c6570b7a3f2c
Author: Marcus Brinkmann <marcus.brinkmann at ruhr-uni-bochum.de>
Date:   Tue Aug 8 15:01:35 2017 +0200

    web: Update release_notes.org.
    
    GnuPG-bug-id: 3332

diff --git a/web/download/release_notes.org b/web/download/release_notes.org
index b581bf0..73111d2 100644
--- a/web/download/release_notes.org
+++ b/web/download/release_notes.org
@@ -13,6 +13,244 @@
   Note that this page will soon be restructed.  The URLs pointing to
   specific releases will thus also change.
 
+** GnuPG [[https://lists.gnupg.org/pipermail/gnupg-announce/2017q3/000411.html][2.1.22]] released  (2017-07-28)
+    :PROPERTIES:
+    :CUSTOM_ID: gnupg-2.1.22
+    :END:
+
+  - gpg: Extend command --quick-set-expire to allow for setting the
+    expiration time of subkeys.
+
+  - gpg: By default try to repair keys during import.  New sub-option
+    no-repair-keys for --import-options.
+
+  - gpg,gpgsm: Improved checking and reporting of DE-VS compliance.
+
+  - gpg: New options --key-origin and --with-key-origin.  Store the
+    time of the last key update from keyservers, WKD, or DANE.
+
+  - agent: New option --ssh-fingerprint-digest.
+
+  - dimngr: Lower timeouts on keyserver connection attempts and made
+    it configurable.
+
+  - dirmngr: Tor will now automatically be detected and used.  The
+    option --no-use-tor disables Tor detection.
+
+  - dirmngr: Now detects a changed /etc/resolv.conf.
+
+  - agent,dirmngr: Initiate shutdown on removal of the GnuPG home
+    directory.
+
+  - gpg: Avoid caching passphrase for failed symmetric encryption.
+
+  - agent: Support for unprotected ssh keys.
+
+  - dirmngr: Fixed name resolving on systems using only v6
+    nameservers.
+
+  - dirmngr: Allow the use of TLS over http proxies.
+
+  - w32: Change directory of the daemons after startup.
+
+  - wks: New man pages for client and server.
+
+  - Many other bug fixes.
+
+
+** GnuPG [[https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000405.html][2.1.21]] released  (2017-05-15)
+    :PROPERTIES:
+    :CUSTOM_ID: gnupg-2.1.21
+    :END:
+
+  - gpg,gpgsm: Fix corruption of old style keyring.gpg files.  This
+    bug was introduced with version 2.1.20.  Note that the default
+    pubring.kbx format was not affected.
+
+  - gpg,dirmngr: Removed the skeleton config file support.  The
+    system's standard methods for providing default configuration
+    files should be used instead.
+
+  - w32: The Windows installer now allows installation of GnuPG
+    without Administrator permissions.
+
+  - gpg: Fixed import filter property match bug.
+
+  - scd: Removed Linux support for Cardman 4040 PCMCIA reader.
+
+  - scd: Fixed some corner case bugs in resume/suspend handling.
+
+  - Many minor bug fixes and code cleanup.
+
+
+** GnuPG [[https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000404.html][2.1.20]] released  (2017-04-03)
+    :PROPERTIES:
+    :CUSTOM_ID: gnupg-2.1.20
+    :END:
+
+  - gpg: New properties 'expired', 'revoked', and 'disabled' for the
+    import and export filters.
+
+  - gpg: New command --quick-set-primary-uid.
+
+  - gpg: New compliance field for the --with-colon key listing.
+
+  - gpg: Changed the key parser to generalize the processing of local
+    meta data packets.
+
+  - gpg: Fixed assertion failure in the TOFU trust model.
+
+  - gpg: Fixed exporting of zero length user ID packets.
+
+  - scd: Improved support for multiple readers.
+
+  - scd: Fixed timeout handling for key generation.
+
+  - agent: New option --enable-extended-key-format.
+
+  - dirmngr: Do not add a keyserver to a new dirmngr.conf.  Dirmngr
+    uses a default keyserver.
+
+  - dimngr: Do not treat TLS warning alerts as severe error when
+    building with GNUTLS.
+
+  - dirmngr: Actually take /etc/hosts in account.
+
+  - wks: Fixed client problems on Windows.  Published keys are now set
+    to world-readable.
+
+  - tests: Fixed creation of temporary directories.
+
+  - A socket directory for a non standard GNUGHOME is now created on
+    the fly under /run/user.  Thus "gpgconf --create-socketdir" is now
+    optional.  The use of "gpgconf --remove-socketdir" to clean up
+    obsolete socket directories is however recommended to avoid
+    cluttering /run/user with useless directories.
+
+  - Fixed build problems on some platforms.
+
+
+
+** GnuPG [[https://lists.gnupg.org/pipermail/gnupg-announce/2017q1/000402.html][2.1.19]] released  (2017-03-01)
+    :PROPERTIES:
+    :CUSTOM_ID: gnupg-2.1.19
+    :END:
+
+  - gpg: Print a warning if Tor mode is requested but the Tor daemon
+    is not running.
+
+  - gpg: New status code DECRYPTION_KEY to print the actual private
+    key used for decryption.
+
+  - gpgv: New options --log-file and --debug.
+
+  - gpg-agent: Revamp the prompts to ask for card PINs.
+
+  - scd: Support for multiple card readers.
+
+  - scd: Removed option --debug-disable-ticker.  Ticker is used
+    only when it is required to watch removal of device/card.
+
+  - scd: Improved detection of card inserting and removal.
+
+  - dirmngr: New option --disable-ipv4.
+
+  - dirmngr: New option --no-use-tor to explicitly disable the use of
+    Tor.
+
+  - dirmngr: The option --allow-version-check is now required even if
+    the option --use-tor is also used.
+
+  - dirmngr: Handle a missing nsswitch.conf gracefully.
+
+  - dirmngr: Avoid PTR lookups for keyserver pools.  The are only done
+    for the debug command "keyserver --hosttable".
+
+  - dirmngr: Rework the internal certificate cache to support classes
+    of certificates.  Load system provided certificates on startup.
+    Add options --tls, --no-crl, and --systrust to the "VALIDATE"
+    command.
+
+  - dirmngr: Add support for the ntbtls library.
+
+  - wks: Create mails with a "WKS-Phase" header.  Fix detection of
+    Draft-2 mode.
+
+  - The Windows installer is now build with limited TLS support.
+
+  - Many other bug fixes and new regression tests.
+
+
+
+
+** GnuPG [[https://lists.gnupg.org/pipermail/gnupg-announce/2017q1/000401.html][2.1.18]] released  (2017-01-23)
+    :PROPERTIES:
+    :CUSTOM_ID: gnupg-2.1.18
+    :END:
+
+  - gpg: Remove bogus subkey signature while cleaning a key (with
+    export-clean, import-clean, or --edit-key's sub-command clean)
+
+  - gpg: Allow freezing the clock with --faked-system-time.
+
+  - gpg: New --export-option flag "backup", new --import-option flag
+    "restore".
+
+  - gpg-agent: Fixed long delay due to a regression in the progress
+    callback code.
+
+  - scd: Lots of code cleanup and internal changes.
+
+  - scd: Improved the internal CCID driver.
+
+  - dirmngr: Fixed problem with the DNS glue code (removal of the
+    trailing dot in domain names).
+
+  - dirmngr: Make sure that Tor is actually enabled after changing the
+    conf file and sending SIGHUP or "gpgconf --reload dirmngr".
+
+  - dirmngr: Fixed Tor access to IPv6 addresses.  Note that current
+    versions of Tor may require that the flag "IPv6Traffic" is used
+    with the option "SocksPort" in torrc to actually allow IPv6
+    traffic.
+
+  - dirmngr: Fixed HKP for literally given IPv6 addresses.
+
+  - dirmngr: Enabled reverse DNS lookups via Tor.
+
+  - dirmngr: Added experimental SRV record lookup for WKD.
+    See commit 88dc3af3d4ae1afe1d5e136bc4c38bc4e7d4cd10 for details.
+
+  - dirmngr: For HKP use "pgpkey-hkps" and "pgpkey-hkp" in SRV record
+    lookups.  Avoid SRV record lookup when a port is explicitly
+    specified.  This fixes a regression from the 1.4 and 2.0 behavior.
+
+  - dirmngr: Gracefully handle a missing /etc/nsswitch.conf.  Ignore
+    negation terms (e.g. "[!UNAVAIL=return]" instead of bailing out.
+
+  - dirmngr: Better debug output for flags "dns" and "network".
+
+  - dirmngr: On reload mark all known HKP servers alive.
+
+  - gpgconf: Allow keyword "all" for --launch, --kill, and --reload.
+
+  - tools: gpg-wks-client now ignores a missing policy file on the
+    server.
+
+  - Avoid unnecessary ambiguity error message in the option parsing.
+
+  - Further improvements of the regression test suite.
+
+  - Fixed building with --disable-libdns configure option.
+
+  - Fixed a crash running the tests on 32 bit architectures.
+
+  - Fixed spurious failures on BSD system in the spawn functions.
+    This affected for example gpg-wks-client and gpgconf.
+
+
+
+
 ** GnuPG [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q4/000400.html][2.1.17]] released  (2016-12-20)
     :PROPERTIES:
     :CUSTOM_ID: gnupg-2.1.17

-----------------------------------------------------------------------

Summary of changes:
 web/download/release_notes.org | 238 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 238 insertions(+)


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Aug  8 17:55:48 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 08 Aug 2017 17:55:48 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.22-30-gfb21aa8
Message-ID: <E1df6rE-00061I-Vn@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  fb21aa8b50367e2afa13bad73fc21d6f01a97e18 (commit)
      from  0bd19dae1161a71053d794e4f75e66f70445f9f0 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit fb21aa8b50367e2afa13bad73fc21d6f01a97e18
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Aug 8 17:28:25 2017 +0200

    build: New configure option --enable-all-tests.
    
    * configure.ac: New option --enable-all-tests.
    * tests/gpgscm/ffi.c (ffi_init): New gloabl var *run-all-tests*.
    * tests/openpgp/all-tests.scm (all-tests): Use that var instead
    of *maintainer-mode*.
    * Makefile.am (AM_DISTCHECK_CONFIGURE_FLAGS): Add --enable-all-tests.
    --
    
    It is better to have a separate option to run all tests than to put
    this on top of --enable-maintainer-mode.  This way we can also make
    sure to run all tests during "make distcheck".
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/Makefile.am b/Makefile.am
index e31d67a..b972cff 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -20,7 +20,7 @@
 
 ACLOCAL_AMFLAGS = -I m4
 AM_DISTCHECK_CONFIGURE_FLAGS = --enable-gnupg-builddir-envvar \
-  --enable-symcryptrun --enable-g13 \
+  --enable-all-tests --enable-symcryptrun --enable-g13 \
   --enable-gpg2-is-gpg --enable-gpgtar --enable-wks-tools --disable-ntbtls
 
 GITLOG_TO_CHANGELOG=gitlog-to-changelog
diff --git a/README b/README
index 9ade9fd..a9a3eb0 100644
--- a/README
+++ b/README
@@ -60,9 +60,12 @@
 
     ./configure
     make
+    make check
     make install
 
-  (Before doing install you might need to become root.)
+  The "make check" is optional but highly recommended.  To run even
+  more tests you may add "--enable-all-tests" to the configure run.
+  Before running the "make install" you might need to become root.
 
   If everything succeeds, you have a working GnuPG with support for
   OpenPGP, S/MIME, ssh-agent, and smartcards.  Note that there is no
diff --git a/configure.ac b/configure.ac
index 20a6ed6..3ff5865 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1668,6 +1668,20 @@ AC_ARG_ENABLE(optimization,
                    fi])
 
 #
+# Configure option --enable-all-tests
+#
+AC_MSG_CHECKING([whether "make check" shall run all tests])
+AC_ARG_ENABLE(all-tests,
+              AC_HELP_STRING([--enable-all-tests],
+                             [let "make check" run all tests]),
+              run_all_tests=$enableval, run_all_tests=no)
+AC_MSG_RESULT($run_all_tests)
+if test "$run_all_tests" = "yes"; then
+    AC_DEFINE(RUN_ALL_TESTS,1,
+            [Defined if "make check" shall run all tests])
+fi
+
+#
 # We do not want support for the GNUPG_BUILDDIR environment variable
 # in a released version.  However, our regression tests suite requires
 # this and thus we build with support for it during "make distcheck".
diff --git a/tests/gpgscm/ffi.c b/tests/gpgscm/ffi.c
index 4c2148a..dde5b52 100644
--- a/tests/gpgscm/ffi.c
+++ b/tests/gpgscm/ffi.c
@@ -1450,6 +1450,14 @@ ffi_init (scheme *sc, const char *argv0, const char *scriptname,
 #endif
               );
 
+  ffi_define (sc, "*run-all-tests*",
+#if RUN_ALL_TESTS
+              sc->T
+#else
+              sc->F
+#endif
+              );
+
 
   ffi_define (sc, "*stdin*",
               sc->vptr->mk_port_from_file (sc, stdin, port_input));
diff --git a/tests/openpgp/all-tests.scm b/tests/openpgp/all-tests.scm
index e65d527..d687fe4 100644
--- a/tests/openpgp/all-tests.scm
+++ b/tests/openpgp/all-tests.scm
@@ -58,7 +58,7 @@
 		     (path-join "tests" "openpgp" name)
 		     (in-srcdir "tests" "openpgp" name))) all-tests))
 
- (when *maintainer-mode*
+ (when *run-all-tests*
        (set! tests
 	     (append
 	      tests

-----------------------------------------------------------------------

Summary of changes:
 Makefile.am                 |  2 +-
 README                      |  5 ++++-
 configure.ac                | 14 ++++++++++++++
 tests/gpgscm/ffi.c          |  8 ++++++++
 tests/openpgp/all-tests.scm |  2 +-
 5 files changed, 28 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Aug  9 12:56:11 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 09 Aug 2017 12:56:11 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.22-31-g2059dbf
Message-ID: <E1dfOer-0001P3-4g@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  2059dbf201963c6f229698ae80c6c774b1f686c8 (commit)
      from  fb21aa8b50367e2afa13bad73fc21d6f01a97e18 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 2059dbf201963c6f229698ae80c6c774b1f686c8
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Aug 9 12:50:44 2017 +0200

    po: Update German translation

diff --git a/po/de.po b/po/de.po
index f71602d..515efcc 100644
--- a/po/de.po
+++ b/po/de.po
@@ -9,7 +9,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: gnupg-2.1.0\n"
 "Report-Msgid-Bugs-To: translations at gnupg.org\n"
-"PO-Revision-Date: 2017-07-28 18:50+0200\n"
+"PO-Revision-Date: 2017-08-09 12:49+0200\n"
 "Last-Translator: Werner Koch <wk at gnupg.org>\n"
 "Language-Team: German <de at li.org>\n"
 "Language: de\n"
@@ -338,9 +338,6 @@ msgstr "|DATEI|Konfigurationsoptionen aus DATEI lesen"
 msgid "do not detach from the console"
 msgstr "Im Vordergrund laufen lassen"
 
-msgid "do not grab keyboard and mouse"
-msgstr "Tastatur und Maus nicht \"grabben\""
-
 msgid "use a log file for the server"
 msgstr "Logausgaben in eine Datei umlenken"
 
@@ -1233,6 +1230,13 @@ msgstr "Der Server '%s' is ?lter als wir selbst (Version %s < %s)"
 msgid "WARNING: %s\n"
 msgstr "WARNUNG: %s\n"
 
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr "Hinweis: Wichtige Sicherheits-Fixes k?nnen in veralteten Servern fehlen.\n"
+
+#, c-format
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Hinweis: Der Befehl \"%s\" startet diese Server neu.\n"
+
 #, c-format
 msgid "%s is not compliant with %s mode\n"
 msgstr "%s is nicht konform mit dem %s Modus\n"
@@ -5003,9 +5007,8 @@ msgid "can't open signed data fd=%d: %s\n"
 msgstr "kann signierte Daten auf fd=%d nicht ?ffnen: %s\n"
 
 #, c-format
-msgid "Note: key %s is not suitable for encryption in %s mode\n"
-msgstr ""
-"Hinweis: Schl?ssel \"%s\" ist zum Verschl?sseln im %s Modus nicht geeignet.\n"
+msgid "key %s is not suitable for decryption in %s mode\n"
+msgstr "Schl?ssel \"%s\" ist zum Entschl?sseln im %s Modus nicht geeignet.\n"
 
 #, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
@@ -5566,10 +5569,8 @@ msgstr ""
 msgid "error gathering other user IDs: %s\n"
 msgstr "Fehler beim Einsammeln der ?brigen User-IDs: %s\n"
 
-#, fuzzy
-#| msgid "list key and user IDs"
 msgid "This key's user IDs:\n"
-msgstr "Schl?ssel und User-IDs auflisten"
+msgstr "Die User-IDs dieses Schl?ssels sind:\n"
 
 #, c-format
 msgid "policy: %s"
@@ -8752,6 +8753,9 @@ msgstr ""
 "Syntax: gpg-check-pattern [optionen] Musterdatei\n"
 "Die von stdin gelesene Passphrase gegen die Musterdatei pr?fen\n"
 
+#~ msgid "do not grab keyboard and mouse"
+#~ msgstr "Tastatur und Maus nicht \"grabben\""
+
 #~ msgid "Error: URL too long (limit is %d characters).\n"
 #~ msgstr "Fehler: URL ist zu lang (Grenze betr?gt %d Zeichen).\n"
 
@@ -9203,9 +9207,6 @@ msgstr ""
 #~ msgstr ""
 #~ "Umschalten zwischen dem Auflisten geheimer und ?ffentlicher Schl?ssel"
 
-#~ msgid "Please use the command \"toggle\" first.\n"
-#~ msgstr "Bitte verwenden sie zun?chst den Befehl \"toggle\"\n"
-
 #~ msgid "Passphrase"
 #~ msgstr "Passphrase"
 

-----------------------------------------------------------------------

Summary of changes:
 po/de.po | 27 ++++++++++++++-------------
 1 file changed, 14 insertions(+), 13 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Aug  9 14:02:44 2017
From: cvs at cvs.gnupg.org (by Justus Winter)
Date: Wed, 09 Aug 2017 14:02:44 +0200
Subject: [git] gnupg-doc - branch, master,
 updated. ab8ed2d2161eed95342fc2c495b71a7d83deda6f
Message-ID: <E1dfPhE-0002yP-LZ@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, master has been updated
       via  ab8ed2d2161eed95342fc2c495b71a7d83deda6f (commit)
      from  3aba49f2b1dfcd76db5a8d6c41a5c6570b7a3f2c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ab8ed2d2161eed95342fc2c495b71a7d83deda6f
Author: Justus Winter <justus at g10code.com>
Date:   Wed Aug 9 14:02:31 2017 +0200

    jenkins: improve documentation

diff --git a/misc/jenkins/README.org b/misc/jenkins/README.org
index 3cb7b84..4555109 100644
--- a/misc/jenkins/README.org
+++ b/misc/jenkins/README.org
@@ -1,10 +1,43 @@
 * Notes
+** Overview
+|----------------------+--------+---------+-----------+-----+-----------|
+| Configuration Matrix | native | in-tree | sanitizer | w32 | distcheck |
+|----------------------+--------+---------+-----------+-----+-----------|
+| arch                 | x      |         |           |     |           |
+| debian               | x      |         |           |     |           |
+| macos                | x      |         |           |     |           |
+| master               |        | x       | x         | x   | x         |
+| openbsd60            | x      |         |           |     |           |
+|----------------------+--------+---------+-----------+-----+-----------|
+
+There are two dimensions, build host ("label") and build profile
+("XTARGET").  The build hosts are described below.  The "debian" label
+is the same configuration as "master".
+
+bin/build.bash is the build script.  It creates a suitable build
+environment, builds, tests, and installs all our packages.  The
+different build profiles are implemented there.
+*** Build profiles
+**** native
+A straight forward out-of-tree build.
+**** in-tree
+A straight forward in-tree build.
+**** sanitizer
+A build with -fsanitize=undefined -fsanitize=address.  This catches
+many memory errors by instrumenting the code and running the test
+suites.
+**** w32
+Cross-compile the package for Windows, run the tests using a virtual
+machine.
+**** distcheck
+Executes 'make distcheck'.  Makes sure that we can always create
+releases.
 ** Setting up a Jenkins build slave
  - on soro, create an entry in /etc/hosts
  - copy root at soro's ssh key to /root/.ssh/authorized_keys
  - install a jre, make, autoconf, automake, libtool, gcc, git, bison,
    fig2dev, ghostscript, gnutls, sqlite3, pkg-config, imagemagick,
-   rngd, python2/3, SWIG, Qt5 base
+   rngd, python2/3, SWIG, Qt5 base, ccache
  - setup rngd (test suites will consume quite a bit of entropy)
  - create a user jenkins
  - clone gnupg-doc
@@ -13,6 +46,9 @@
    $ ln -s gnupg-doc/misc/jenkins/bin
  - download slave.jar
    $ wget https://jenkins.gnupg.org/jnlpJars/slave.jar -O bin/slave.jar
+   Note:
+   The jar should be updated from time to time, but the documentation
+   says that the protocol changes rarely.
  - copy and adapt launcher
    $ cp bin/jenkins-slave.dist bin/jenkins-slave
  - make sure that jenkins at soro can ssh to the new node
@@ -60,13 +96,16 @@ and a w32 build tree at
   $HOME/src/gpgme-for-gnupgs-tests/obj.w32
 
 The tests from there are executed in GnuPG's test suite.
-* Virtual machines
-** openbsd60
+* Build hosts
+** zygalski
+Werner manages this box.
+** Virtual machines
+*** openbsd60
 Packages installed:
 
   # pkg_add zile zsh git autoconf-2.69p2 automake-1.15p0 gettext-tools \
     gmake xfig bison readline libusb-compat ImageMagick makeinfo \
-    gcc-4.9.3p9 g++-4.9.3p9 qt5
+    gcc-4.9.3p9 g++-4.9.3p9 qt5 python swig ccache
 
 Add some compatibility links to PATH:
 
@@ -87,3 +126,83 @@ Tweak limits:
         :tc=pbuild:
 ' >> /etc/login.conf
   # user mod -L jenkins jenkins
+*** win8.1
+Configuration: One user "gpg", disabled Windows update (cpu hog),
+disable animations ("make computer easier to see again").
+
+Installed applications: https://github.com/PowerShell/Win32-OpenSSH/releases/latest
+**** How tests are executed
+To run the test suite, the machine is reverted to the snapshot
+'tests', and the tests are executed in-place from an ISO image.
+
+See:
+ - bin/run-tests-w32.bash
+ - bin/run-tests.bat
+ - bin/make-windows-cd.sh
+**** Win32-OpenSSH
+The implementation seems a bit brittle at the moment.  Often, the ssh
+server will stop responding to requests, I do not know why.
+
+To update the ssh server, follow
+https://github.com/PowerShell/Win32-OpenSSH/wiki/Install-Win32-OpenSSH
+first uninstall the old one, then install the new one.
+
+**** Updating & maintenance
+Get a lock on bin/run-tests-w32.bash to avoid it stomping over your
+changes:
+
+ jenkins at soro:~$ flock /var/lib/jenkins/bin/run-tests-w32.bash bash
+
+Start the machine using
+
+ jenkins at soro:~$ virsh -c qemu:///system snapshot-revert --snapshotname tests --force --running win8.1
+
+Connect to the machine from your desktop machine:
+
+ you at home $ virt-viewer -c qemu+ssh://jenkins at soro.g10code.com/system win8.1
+
+Do whatever maintenance work is necessary.  Shutdown the machine.
+Create a new snapshot 'test-new':
+
+ jenkins at soro:~$ virsh -c qemu:///system snapshot-create-as win8.1 --name "tests-new" --description "Updated OpenSSH to xxx"
+
+Archive the current snapshot:
+
+ jenkins at soro:~$ virsh -c qemu:///system snapshot-edit win8.1 --snapshotname "tests" --rename
+ [... editor pops open, change "<name>tests</name>"
+  to "<name>tests YYY-MM-DD</name>", save, exit ...]
+
+Note: The snapshots creation times can be found using:
+
+ jenkins at soro:~$ virsh -c qemu:///system snapshot-list win8.1 | grep tests
+  tests                2017-03-15 14:21:17 +0100 shutoff
+  tests 2017-01-31     2017-01-31 11:05:17 +0100 shutoff
+
+Rename the new snapshot:
+
+ jenkins at soro:~$ virsh -c qemu:///system snapshot-edit win8.1 --snapshotname "tests-new" --rename
+ [... editor pops open, change "<name>tests-new</name>"
+  to "<name>tests</name>", save, exit ...]
+
+Exit the shell to release the lock:
+
+ jenkins at soro:~$ exit
+ exit
+
+Voila.
+**** Ideas
+ - Build the installer, put it on the ISO image, and test that as well.
+*** openindiana20161030
+So I wanted the most alien UNIX I could get my hands on.  I never
+configured the build environment though, so this machine lies dormant.
+**** Packages installed
+pkg install pkg://openindiana.org/runtime/java/openjdk8 top git autoconf automake libtool bison readline
+*** archlinux
+**** Packages installed
+pacman --sync zile bind-tools openssh zsh jre8-openjdk-headless git autoconf automake libtool make wget gcc bison fig2dev ghostscript gnutls sqlite3 pkg-config imagemagick librsvg rng-tools python swig qt5-base
+**** Upgrading packages
+Note: Some breakage can happen when upgrading the system.  Arch users
+deal with that by reading the website and following instructions
+there.
+
+pacman -Syu

-----------------------------------------------------------------------

Summary of changes:
 misc/jenkins/README.org | 127 ++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 123 insertions(+), 4 deletions(-)


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Aug  9 15:32:24 2017
From: cvs at cvs.gnupg.org (by Kai Michaelis)
Date: Wed, 09 Aug 2017 15:32:24 +0200
Subject: [git] KSBA - branch, master, updated. libksba-1.3.5-6-gc7f4ef5
Message-ID: <E1dfR60-0008NU-LA@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "KSBA is a library to access X.509 certificates and CMS data.".

The branch, master has been updated
       via  c7f4ef5b5ebc8d6be2c56f14da999a36735a2eba (commit)
      from  ab23f39a91b5c16eda2d9d581f9bf2ab2da39cf2 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit c7f4ef5b5ebc8d6be2c56f14da999a36735a2eba
Author: Kai Michaelis <kai at gnupg.org>
Date:   Wed Aug 9 15:29:11 2017 +0200

    Add missing fd support to ksba_reader_t.
    
    * src/reader.c: add branches for READER_TYPE_FD
    * tests/t-reader.c: tests for above
    
    GnuPG-bug-id: 3072

diff --git a/src/reader.c b/src/reader.c
index c59978d..e117896 100644
--- a/src/reader.c
+++ b/src/reader.c
@@ -407,6 +407,41 @@ ksba_reader_read (ksba_reader_t r, char *buffer, size_t length, size_t *nread)
         }
       r->nread += *nread;
     }
+  else if (r->type == READER_TYPE_FD)
+    {
+      ssize_t n;
+
+      if (r->eof)
+        return gpg_error (GPG_ERR_EOF);
+
+      if (!length)
+        {
+          *nread = 0;
+          return 0;
+        }
+
+      n = read (r->u.fd, buffer, length);
+      if (n > 0)
+        {
+          r->nread += n;
+          *nread = n;
+        }
+      else
+        {
+          *nread = 0;
+
+          if (n < 0)
+            {
+              r->error = errno;
+              return gpg_error_from_errno (errno);
+            }
+          else
+            {
+              r->eof = 1;
+              return gpg_error (GPG_ERR_EOF);
+            }
+        }
+    }
   else
     return gpg_error (GPG_ERR_BUG);
 
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 759b626..949a812 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -39,7 +39,7 @@ EXTRA_DIST = $(test_certs) samples/README mkoidtbl.awk
 BUILT_SOURCES = oidtranstbl.h
 CLEANFILES = oidtranstbl.h
 
-TESTS = cert-basic t-crl-parser t-dnparser t-oid
+TESTS = cert-basic t-crl-parser t-dnparser t-oid t-reader
 
 AM_CFLAGS = $(GPG_ERROR_CFLAGS)
 AM_LDFLAGS = -no-install
diff --git a/tests/t-reader.c b/tests/t-reader.c
new file mode 100644
index 0000000..53118b5
--- /dev/null
+++ b/tests/t-reader.c
@@ -0,0 +1,207 @@
+/* t-reader.c - basic tests for the reader object
+ *      Copyright (C) 2017 g10 Code GmbH
+ *
+ * This file is part of KSBA.
+ *
+ * KSBA is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * KSBA is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <time.h>
+#include <errno.h>
+
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <gpg-error.h>
+
+#include "../src/ksba.h"
+#include "t-common.h"
+
+void
+test_fd(const char* path)
+{
+  int fd = open (path, O_RDONLY);
+  gpg_error_t err = 0;
+  ksba_reader_t reader;
+  ksba_cert_t cert;
+
+  if (fd < 0)
+    {
+      perror ("open() failed");
+      exit (1);
+    }
+
+  if ((err = ksba_reader_new (&reader)))
+    {
+      fprintf (stderr, "ksba_reader_new() failed: %s\n", gpg_strerror (err));
+      exit (1);
+    }
+
+  if ((err = ksba_reader_set_fd (reader, fd)))
+    {
+      fprintf (stderr, "ksba_reader_set_fd() failed: %s\n", gpg_strerror (err));
+      exit (1);
+    }
+
+  if ((err = ksba_cert_new (&cert)))
+    {
+      fprintf (stderr, "ksba_cert_new() failed: %s\n", gpg_strerror (err));
+      exit (1);
+    }
+
+  if ((err = ksba_cert_read_der (cert, reader)))
+    {
+      fprintf(stderr, "ksba_cert_read_der() failed: %s\n", gpg_strerror (err));
+      exit (1);
+    }
+
+  ksba_cert_release (cert);
+  ksba_reader_release (reader);
+  close (fd);
+}
+
+void
+test_file(const char* path)
+{
+  FILE* fp = fopen (path, "r");
+  gpg_error_t err = 0;
+  ksba_reader_t reader;
+  ksba_cert_t cert;
+
+  if (!fp)
+    {
+      perror ("fopen() failed");
+      exit (1);
+    }
+
+  if ((err = ksba_reader_new (&reader)))
+    {
+      fprintf (stderr, "ksba_reader_new() failed: %s\n", gpg_strerror (err));
+      exit (1);
+    }
+
+  if ((err = ksba_reader_set_file (reader, fp)))
+    {
+      fprintf (stderr, "ksba_reader_set_fd() failed: %s\n", gpg_strerror (err));
+      exit (1);
+    }
+
+  if ((err = ksba_cert_new (&cert)))
+    {
+      fprintf (stderr, "ksba_cert_new() failed: %s\n", gpg_strerror (err));
+      exit (1);
+    }
+
+  if ((err = ksba_cert_read_der (cert, reader)))
+    {
+      fprintf(stderr, "ksba_cert_read_der() failed: %s\n", gpg_strerror (err));
+      exit (1);
+    }
+
+  ksba_cert_release (cert);
+  ksba_reader_release (reader);
+  fclose (fp);
+}
+
+void
+test_mem(const char* path)
+{
+  int fd = open (path, O_RDONLY);
+  gpg_error_t err = 0;
+  ksba_reader_t reader;
+  ksba_cert_t cert;
+  char *mem = NULL;
+  ssize_t ret = 0;
+  size_t p = 0;
+  struct stat st;
+
+  if (fd < 0)
+    {
+      perror ("fopen() failed");
+      exit (1);
+    }
+
+  if (fstat (fd, &st))
+    {
+      fprintf (stderr, "fstat() failed: %s\n", gpg_strerror (err));
+      exit (1);
+    }
+
+  mem = xmalloc(st.st_size);
+
+  while (p < st.st_size && (ret = read(fd, mem + p, st.st_size - p)))
+    {
+      if (ret < 0)
+        {
+          fprintf (stderr, "read() failed: %s\n", gpg_strerror (err));
+          exit (1);
+        }
+      p += ret;
+    }
+
+  if ((err = ksba_reader_new (&reader)))
+    {
+      exit (1);
+    }
+
+  if ((err = ksba_reader_set_mem (reader, mem, st.st_size)))
+    {
+      fprintf (stderr, "ksba_reader_set_mem() failed: %s\n", gpg_strerror (err));
+      exit (1);
+    }
+
+  if ((err = ksba_cert_new (&cert)))
+    {
+      fprintf (stderr, "ksba_cert_new() failed: %s\n", gpg_strerror (err));
+      exit (1);
+    }
+
+  if ((err = ksba_cert_read_der (cert, reader)))
+    {
+      fprintf(stderr, "ksba_cert_read_der() failed: %s\n", gpg_strerror (err));
+      exit (1);
+    }
+
+  ksba_cert_release (cert);
+  ksba_reader_release (reader);
+  xfree (mem);
+  close (fd);
+}
+
+int
+main (int argc, char **argv)
+{
+  if (argc == 1)
+    {
+      test_fd (prepend_srcdir ("cert_g10code_test1.der"));
+      test_file (prepend_srcdir ("cert_g10code_test1.der"));
+      test_mem (prepend_srcdir ("cert_g10code_test1.der"));
+    }
+  else
+    {
+      for (int i = 1; i < argc; ++i)
+        {
+          test_fd (argv[i]);
+          test_file (argv[i]);
+          test_mem (argv[i]);
+        }
+    }
+
+  return 0;
+}

-----------------------------------------------------------------------

Summary of changes:
 src/reader.c      |  35 +++++++++
 tests/Makefile.am |   2 +-
 tests/t-reader.c  | 207 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 243 insertions(+), 1 deletion(-)
 create mode 100644 tests/t-reader.c


hooks/post-receive
-- 
KSBA is a library to access X.509 certificates and CMS data.
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Aug  9 15:44:56 2017
From: cvs at cvs.gnupg.org (by Kai Michaelis)
Date: Wed, 09 Aug 2017 15:44:56 +0200
Subject: [git] KSBA - branch, master, updated. libksba-1.3.5-7-g707862a
Message-ID: <E1dfRI8-0001hw-Jc@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "KSBA is a library to access X.509 certificates and CMS data.".

The branch, master has been updated
       via  707862ab44fb6cca79dacbf866a7066d941b92fc (commit)
      from  c7f4ef5b5ebc8d6be2c56f14da999a36735a2eba (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 707862ab44fb6cca79dacbf866a7066d941b92fc
Author: Kai Michaelis <kai at gnupg.org>
Date:   Wed Aug 9 15:40:53 2017 +0200

    Don't use decls in for-loop headers.
    
    libksba compiles w/ C90

diff --git a/tests/t-reader.c b/tests/t-reader.c
index 53118b5..2b6a40c 100644
--- a/tests/t-reader.c
+++ b/tests/t-reader.c
@@ -195,7 +195,8 @@ main (int argc, char **argv)
     }
   else
     {
-      for (int i = 1; i < argc; ++i)
+      int i;
+      for (i = 1; i < argc; ++i)
         {
           test_fd (argv[i]);
           test_file (argv[i]);

-----------------------------------------------------------------------

Summary of changes:
 tests/t-reader.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
KSBA is a library to access X.509 certificates and CMS data.
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Aug  9 15:51:53 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 09 Aug 2017 15:51:53 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2,
 updated. gnupg-2.1.22-32-g31a9973
Message-ID: <E1dfROr-0002lg-Jc@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-2 has been updated
       via  31a99733639ae91a9e091a6646a8eb809874af7c (commit)
       via  2059dbf201963c6f229698ae80c6c774b1f686c8 (commit)
       via  fb21aa8b50367e2afa13bad73fc21d6f01a97e18 (commit)
       via  0bd19dae1161a71053d794e4f75e66f70445f9f0 (commit)
       via  0a8e20c4c639f0c491e2af5ac5fb97005196422b (commit)
       via  c4506f624ed6854aa0ba1629aa2d1d43eb26900d (commit)
       via  81074c3b0211854a2dc94600dc892224201536f5 (commit)
       via  407da18254dfebcacfaee16952ef0b617b1626ea (commit)
       via  b0112dbca91e720a4ff622ad0e88d99eba56203a (commit)
       via  a611cba142470c52f3303c512f77ae7d195cc41f (commit)
       via  f011d8763a009612c858a287cf7cc6a1f1a6d32a (commit)
       via  a69464b0b6dac88b360a13d3faf19dd7f2a0e02b (commit)
       via  69e97d909d586160cc0631c9a6f4d3f24bb0c682 (commit)
       via  b70e86fd1050fc6da07a177ed142ae9882b4dd0d (commit)
       via  0767eada1479c0fa9d4b75781a8c2afb67bdbf90 (commit)
       via  9bb13a0e819334681caca38c9074bd7bfc04e45e (commit)
       via  7e1fe791d188b078398bf83c9af992cb1bd2a4b3 (commit)
       via  3d78ae4d3de08398fabae5821045a3a1da6dadbe (commit)
       via  b54d75fb1dcfa2cebb3a2497b81ffb49acac2056 (commit)
       via  d9fabcc1989d7235ea0294874803295a30f8711b (commit)
       via  6cba56d436b56ea5e60042144a8a75a2e80007c8 (commit)
       via  dcfb01959802b27869528dda1d9a4f5e79574bb5 (commit)
       via  624cd2d0bf6cc6dd1b79654295dc76f5b2d6d70b (commit)
       via  ebc65ff459e6c228fb7406e375819a9fe5637abe (commit)
       via  a8d0b8d2333ddab703d1e346e06c106eeeedfd53 (commit)
       via  4e117f206beb38287ddcd3251fb7baabadfbddbb (commit)
       via  a21ca77988cee6987c4aca91a8e1c3ffd5c32c10 (commit)
       via  fde9a8cc6c849fb21f3e6782dbd5c6bc863357eb (commit)
       via  02b571947b9442604faa7509478cd8577c2c0b9c (commit)
       via  482fd5758c1b7e1b33c4cb50656e586a3ae16815 (commit)
       via  4ad5bc1b6d72483123963c894ee1412b2ceb99b4 (commit)
      from  dd56bc411e40f31ee42effa0d6496bfdc3bef59e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 31a99733639ae91a9e091a6646a8eb809874af7c
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Aug 9 15:45:40 2017 +0200

    po: Auto-update
    
    --

diff --git a/po/ca.po b/po/ca.po
index 3f8f601..738c5f7 100644
--- a/po/ca.po
+++ b/po/ca.po
@@ -361,9 +361,6 @@ msgstr "|FITXER|carrega el m?dul d'extensi? especificat"
 msgid "do not detach from the console"
 msgstr ""
 
-msgid "do not grab keyboard and mouse"
-msgstr ""
-
 #, fuzzy
 msgid "use a log file for the server"
 msgstr "cerca claus en un servidor de claus"
@@ -1348,6 +1345,14 @@ msgstr ""
 msgid "WARNING: %s\n"
 msgstr "AV?S: %s t? prefer?ncia sobre %s\n"
 
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Useu l'ordre ?toggle? abans.\n"
+
 #, fuzzy, c-format
 #| msgid "%s does not yet work with %s\n"
 msgid "%s is not compliant with %s mode\n"
@@ -5367,7 +5372,7 @@ msgid "can't open signed data fd=%d: %s\n"
 msgstr "no s'han pogut obrir les dades signades `%s'\n"
 
 #, fuzzy, c-format
-msgid "Note: key %s is not suitable for encryption in %s mode\n"
+msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "clau %08lX: sense ID\n"
 
 # Indi? ivb
@@ -9434,9 +9439,6 @@ msgstr ""
 #~ msgid "toggle between the secret and public key listings"
 #~ msgstr "canvia entre el llistat de claus secretes i p?bliques"
 
-#~ msgid "Please use the command \"toggle\" first.\n"
-#~ msgstr "Useu l'ordre ?toggle? abans.\n"
-
 #, fuzzy
 #~ msgid "Passphrase"
 #~ msgstr "la contrasenya ?s err?nia"
diff --git a/po/cs.po b/po/cs.po
index 487ccce..17bff35 100644
--- a/po/cs.po
+++ b/po/cs.po
@@ -352,9 +352,6 @@ msgstr "|SOUBOR|na??st volby ze SOUBORU"
 msgid "do not detach from the console"
 msgstr "neodpojovat se od konzole"
 
-msgid "do not grab keyboard and mouse"
-msgstr "neuzurpovat si kl?vesnici a my?"
-
 msgid "use a log file for the server"
 msgstr "pou??t pro server soubor s?protokolem"
 
@@ -1252,6 +1249,14 @@ msgstr ""
 msgid "WARNING: %s\n"
 msgstr "VAROV?N?: "
 
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Pros?m, nejd??ve pou?ijte p??kaz ?toggle? (p?epnout).\n"
+
 #, fuzzy, c-format
 #| msgid "%s does not yet work with %s\n"
 msgid "%s is not compliant with %s mode\n"
@@ -5021,7 +5026,7 @@ msgstr "nelze otev??t podepsan? data na deskriptoru=%d: %s\n"
 
 #, fuzzy, c-format
 #| msgid "certificate is not usable for encryption\n"
-msgid "Note: key %s is not suitable for encryption in %s mode\n"
+msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "certifik?t nen? pou?iteln? pro ?ifrov?n?\n"
 
 #, c-format
@@ -8695,6 +8700,9 @@ msgstr ""
 "Syntaxe: gpg-check-pattern [volby] soubor_se_vzorem\n"
 "Prov??? heslo zadan? na vstupu proti souboru se vzory\n"
 
+#~ msgid "do not grab keyboard and mouse"
+#~ msgstr "neuzurpovat si kl?vesnici a my?"
+
 #~ msgid "Error: URL too long (limit is %d characters).\n"
 #~ msgstr "Chyba: URL je p??li? dlouh? (limit je %d znak?).\n"
 
@@ -8992,9 +9000,6 @@ msgstr ""
 #~ msgid "toggle between the secret and public key listings"
 #~ msgstr "p?epnout mezi v?pisem seznamu tajn?ch a ve?ejn?ch kl???"
 
-#~ msgid "Please use the command \"toggle\" first.\n"
-#~ msgstr "Pros?m, nejd??ve pou?ijte p??kaz ?toggle? (p?epnout).\n"
-
 #~ msgid "Please select at most one subkey.\n"
 #~ msgstr "Pros?m, vyberte nejv??e jeden podkl??.\n"
 
diff --git a/po/da.po b/po/da.po
index 3d42b7c..e124de5 100644
--- a/po/da.po
+++ b/po/da.po
@@ -371,9 +371,6 @@ msgstr "|FIL|l?s tilvalg fra FIL"
 msgid "do not detach from the console"
 msgstr "frakobl ikke fra konsollen"
 
-msgid "do not grab keyboard and mouse"
-msgstr "fang ikke tastatur og mus"
-
 msgid "use a log file for the server"
 msgstr "brug en logfil for serveren"
 
@@ -1330,6 +1327,14 @@ msgstr ""
 msgid "WARNING: %s\n"
 msgstr "ADVARSEL: %s overskriver %s\n"
 
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Brug venligst kommandoen ?toggle? f?rst.\n"
+
 #, fuzzy, c-format
 #| msgid "%s does not yet work with %s\n"
 msgid "%s is not compliant with %s mode\n"
@@ -5273,7 +5278,7 @@ msgstr "kan ikke ?bne underskrevne data fd=%d: %s\n"
 
 #, fuzzy, c-format
 #| msgid "certificate is not usable for encryption\n"
-msgid "Note: key %s is not suitable for encryption in %s mode\n"
+msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "certifikat kan ikke bruges til kryptering\n"
 
 #, c-format
@@ -9203,6 +9208,9 @@ msgstr ""
 "Syntaks: gpg-check-pattern [tilvalg] m?nsterfil\n"
 "Kontroller en adgangsfrase angivet p? stdin mod m?nsterfilen\n"
 
+#~ msgid "do not grab keyboard and mouse"
+#~ msgstr "fang ikke tastatur og mus"
+
 #~ msgid "Error: URL too long (limit is %d characters).\n"
 #~ msgstr "Fejl: Adresse er for lang (begr?nsningen er %d tegn).\n"
 
@@ -9524,9 +9532,6 @@ msgstr ""
 #~ msgid "toggle between the secret and public key listings"
 #~ msgstr "skift mellem hemmelig og offentlig n?glevisning"
 
-#~ msgid "Please use the command \"toggle\" first.\n"
-#~ msgstr "Brug venligst kommandoen ?toggle? f?rst.\n"
-
 #~ msgid "Passphrase"
 #~ msgstr "Adgangsfrase"
 
diff --git a/po/de.po b/po/de.po
index 515efcc..8174b34 100644
--- a/po/de.po
+++ b/po/de.po
@@ -1231,7 +1231,8 @@ msgid "WARNING: %s\n"
 msgstr "WARNUNG: %s\n"
 
 msgid "Note: Outdated servers may lack important security fixes.\n"
-msgstr "Hinweis: Wichtige Sicherheits-Fixes k?nnen in veralteten Servern fehlen.\n"
+msgstr ""
+"Hinweis: Wichtige Sicherheits-Fixes k?nnen in veralteten Servern fehlen.\n"
 
 #, c-format
 msgid "Note: Use the command \"%s\" to restart them.\n"
diff --git a/po/el.po b/po/el.po
index b8a505b..dd690a4 100644
--- a/po/el.po
+++ b/po/el.po
@@ -337,9 +337,6 @@ msgstr "|??????|??????? ??? ?????????? ???????
 msgid "do not detach from the console"
 msgstr ""
 
-msgid "do not grab keyboard and mouse"
-msgstr ""
-
 #, fuzzy
 msgid "use a log file for the server"
 msgstr "????????? ???????? ?? ??? ?????????? ????????"
@@ -1285,6 +1282,14 @@ msgstr ""
 msgid "WARNING: %s\n"
 msgstr "?????????????: ?? %s ??????????? ?? %s\n"
 
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "???????? ??????????????? ??? ?????? \"toggle\" ?????.\n"
+
 #, fuzzy, c-format
 #| msgid "%s does not yet work with %s\n"
 msgid "%s is not compliant with %s mode\n"
@@ -5253,7 +5258,7 @@ msgid "can't open signed data fd=%d: %s\n"
 msgstr "???????? ????????? ?????????????? ????????? `%s'\n"
 
 #, fuzzy, c-format
-msgid "Note: key %s is not suitable for encryption in %s mode\n"
+msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "?????? %08lX: ??? ??????? ???? ?? user ID\n"
 
 #, fuzzy, c-format
@@ -9249,9 +9254,6 @@ msgstr ""
 #~ msgid "toggle between the secret and public key listings"
 #~ msgstr "?????? ?????? ??? ??????????? ???????? ??? ???????? ????????"
 
-#~ msgid "Please use the command \"toggle\" first.\n"
-#~ msgstr "???????? ??????????????? ??? ?????? \"toggle\" ?????.\n"
-
 #, fuzzy
 #~ msgid "Passphrase"
 #~ msgstr "???? ????? ??????"
diff --git a/po/eo.po b/po/eo.po
index c52dbad..3c49698 100644
--- a/po/eo.po
+++ b/po/eo.po
@@ -339,9 +339,6 @@ msgstr "|DOSIERO|legi aldonan bibliotekon DOSIERO"
 msgid "do not detach from the console"
 msgstr ""
 
-msgid "do not grab keyboard and mouse"
-msgstr ""
-
 #, fuzzy
 msgid "use a log file for the server"
 msgstr "ser?i ?losilojn ?e ?losilservilo"
@@ -1289,6 +1286,14 @@ msgstr ""
 msgid "WARNING: %s\n"
 msgstr "AVERTO: %s nuligas %s\n"
 
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Bonvolu uzi la komandon \"toggle\" unue.\n"
+
 #, fuzzy, c-format
 msgid "%s is not compliant with %s mode\n"
 msgstr "%s ne havas sencon kun %s!\n"
@@ -5220,7 +5225,7 @@ msgid "can't open signed data fd=%d: %s\n"
 msgstr "ne povas malfermi subskribitan dosieron '%s'\n"
 
 #, fuzzy, c-format
-msgid "Note: key %s is not suitable for encryption in %s mode\n"
+msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "?losilo %08lX: mankas uzantidentigilo\n"
 
 #, fuzzy, c-format
@@ -9177,9 +9182,6 @@ msgstr ""
 #~ msgid "toggle between the secret and public key listings"
 #~ msgstr "de sekreta a? publika listo iri al la alia"
 
-#~ msgid "Please use the command \"toggle\" first.\n"
-#~ msgstr "Bonvolu uzi la komandon \"toggle\" unue.\n"
-
 #, fuzzy
 #~ msgid "Passphrase"
 #~ msgstr "malbona pasfrazo"
diff --git a/po/es.po b/po/es.po
index a9eb67b..95a2589 100644
--- a/po/es.po
+++ b/po/es.po
@@ -385,9 +385,6 @@ msgstr "|FICHERO|lee opciones desde FICHERO"
 msgid "do not detach from the console"
 msgstr "no independizarse de la consola"
 
-msgid "do not grab keyboard and mouse"
-msgstr "no acaparar teclado y rat?n"
-
 msgid "use a log file for the server"
 msgstr "usar un fichero log para el servidor"
 
@@ -1348,6 +1345,14 @@ msgstr ""
 msgid "WARNING: %s\n"
 msgstr "ATENCION: "
 
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Por favor use la orden \"cambia\" primero.\n"
+
 #, fuzzy, c-format
 #| msgid "%s does not yet work with %s\n"
 msgid "%s is not compliant with %s mode\n"
@@ -5266,7 +5271,7 @@ msgstr "imposible abrir datos firmados fd=%d: %s\n"
 
 #, fuzzy, c-format
 #| msgid "certificate is not usable for encryption\n"
-msgid "Note: key %s is not suitable for encryption in %s mode\n"
+msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "el certificado no es utilizable para cifrar\n"
 
 #, c-format
@@ -9242,6 +9247,9 @@ msgstr ""
 "Compara frase contrase?a dada en entrada est?ndar con un fichero de "
 "patrones\n"
 
+#~ msgid "do not grab keyboard and mouse"
+#~ msgstr "no acaparar teclado y rat?n"
+
 #~ msgid "Error: URL too long (limit is %d characters).\n"
 #~ msgstr "Error: URL demasiado larga (el m?ximo son %d caracteres).\n"
 
@@ -9587,9 +9595,6 @@ msgstr ""
 #~ msgid "toggle between the secret and public key listings"
 #~ msgstr "cambiar entre lista de claves secretas y p?blicas"
 
-#~ msgid "Please use the command \"toggle\" first.\n"
-#~ msgstr "Por favor use la orden \"cambia\" primero.\n"
-
 # ?Por qu? no frase de paso?
 # Porque todo el mundo sabe lo que es una contrase?a
 # y una "frase de paso" no. Soy consciente de que se
diff --git a/po/et.po b/po/et.po
index d9381bd..f852a29 100644
--- a/po/et.po
+++ b/po/et.po
@@ -335,9 +335,6 @@ msgstr "|FAIL|lae laiendusmoodul FAIL"
 msgid "do not detach from the console"
 msgstr ""
 
-msgid "do not grab keyboard and mouse"
-msgstr ""
-
 #, fuzzy
 msgid "use a log file for the server"
 msgstr "otsi v?tmeid v?tmeserverist"
@@ -1282,6 +1279,14 @@ msgstr ""
 msgid "WARNING: %s\n"
 msgstr "HOIATUS: %s m??rab ?le %s\n"
 
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Palun kasutage k?igepealt k?sku \"toggle\".\n"
+
 #, fuzzy, c-format
 #| msgid "%s does not yet work with %s\n"
 msgid "%s is not compliant with %s mode\n"
@@ -5192,7 +5197,7 @@ msgid "can't open signed data fd=%d: %s\n"
 msgstr "allkirjastatud andmete avamine eba?nnestus `%s'\n"
 
 #, fuzzy, c-format
-msgid "Note: key %s is not suitable for encryption in %s mode\n"
+msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "v?ti %08lX: kasutaja ID puudub\n"
 
 #, fuzzy, c-format
@@ -9160,9 +9165,6 @@ msgstr ""
 #~ msgid "toggle between the secret and public key listings"
 #~ msgstr "l?lita salajaste v?i avalike v?tmete loendi vahel"
 
-#~ msgid "Please use the command \"toggle\" first.\n"
-#~ msgstr "Palun kasutage k?igepealt k?sku \"toggle\".\n"
-
 #, fuzzy
 #~ msgid "Passphrase"
 #~ msgstr "halb parool"
diff --git a/po/fi.po b/po/fi.po
index 6b145e4..ea38194 100644
--- a/po/fi.po
+++ b/po/fi.po
@@ -351,9 +351,6 @@ msgstr "|TIEDOSTO|lataa laajennusmoduuli TIEDOSTO"
 msgid "do not detach from the console"
 msgstr ""
 
-msgid "do not grab keyboard and mouse"
-msgstr ""
-
 #, fuzzy
 msgid "use a log file for the server"
 msgstr "etsi avaimia avainpalvelimelta"
@@ -1301,6 +1298,14 @@ msgstr ""
 msgid "WARNING: %s\n"
 msgstr "VAROITUS: %s korvaa %s:n\n"
 
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "K?yt? ensin komentoa \"toggle\".\n"
+
 #, fuzzy, c-format
 #| msgid "%s does not yet work with %s\n"
 msgid "%s is not compliant with %s mode\n"
@@ -5240,7 +5245,7 @@ msgid "can't open signed data fd=%d: %s\n"
 msgstr "allekirjoitetun datan \"%s\" avaaminen ei onnistu\n"
 
 #, fuzzy, c-format
-msgid "Note: key %s is not suitable for encryption in %s mode\n"
+msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "avain %08lX: ei k?ytt?j?tunnusta\n"
 
 #, fuzzy, c-format
@@ -9230,9 +9235,6 @@ msgstr ""
 #~ msgid "toggle between the secret and public key listings"
 #~ msgstr "vaihda salaisten ja julkisten avainten luettelon v?lill?"
 
-#~ msgid "Please use the command \"toggle\" first.\n"
-#~ msgstr "K?yt? ensin komentoa \"toggle\".\n"
-
 #, fuzzy
 #~ msgid "Passphrase"
 #~ msgstr "v??r? salasana"
diff --git a/po/fr.po b/po/fr.po
index 375ccc8..916aef7 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -345,9 +345,6 @@ msgstr "|FICHIER|lire les options depuis le FICHIER"
 msgid "do not detach from the console"
 msgstr "ne pas d?tacher de la console"
 
-msgid "do not grab keyboard and mouse"
-msgstr "ne pas capturer le clavier et la souris"
-
 msgid "use a log file for the server"
 msgstr "utiliser un fichier journal pour le serveur"
 
@@ -1260,6 +1257,14 @@ msgstr ""
 msgid "WARNING: %s\n"
 msgstr "Attention?: "
 
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Veuillez d'abord utiliser la commande ??toggle??.\n"
+
 #, fuzzy, c-format
 #| msgid "%s does not yet work with %s\n"
 msgid "%s is not compliant with %s mode\n"
@@ -5136,7 +5141,7 @@ msgstr "impossible d'ouvrir les donn?es sign?es fd=%d?: %s\n"
 
 #, fuzzy, c-format
 #| msgid "certificate is not usable for encryption\n"
-msgid "Note: key %s is not suitable for encryption in %s mode\n"
+msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "le certificat n'est pas utilisable pour le chiffrement\n"
 
 #, c-format
@@ -8919,6 +8924,9 @@ msgstr ""
 "V?rifier une phrase secr?te donn?e sur l'entr?e standard par rapport ? "
 "ficmotif\n"
 
+#~ msgid "do not grab keyboard and mouse"
+#~ msgstr "ne pas capturer le clavier et la souris"
+
 #~ msgid "Error: URL too long (limit is %d characters).\n"
 #~ msgstr "Erreur?: URL trop longue (limit?e ? %d?caract?res).\n"
 
@@ -9258,9 +9266,6 @@ msgstr ""
 #~ "passer de la liste de clefs secr?tes ? celle de clefs priv?es ou vice "
 #~ "versa"
 
-#~ msgid "Please use the command \"toggle\" first.\n"
-#~ msgstr "Veuillez d'abord utiliser la commande ??toggle??.\n"
-
 #~ msgid "Passphrase"
 #~ msgstr "Phrase secr?te"
 
diff --git a/po/gl.po b/po/gl.po
index 6f2790e..d8434f6 100644
--- a/po/gl.po
+++ b/po/gl.po
@@ -337,9 +337,6 @@ msgstr "|FICHEIRO|carga-lo m?dulo de extensi?n FICHEIRO"
 msgid "do not detach from the console"
 msgstr ""
 
-msgid "do not grab keyboard and mouse"
-msgstr ""
-
 #, fuzzy
 msgid "use a log file for the server"
 msgstr "buscar chaves nun servidor de chaves"
@@ -1291,6 +1288,14 @@ msgstr ""
 msgid "WARNING: %s\n"
 msgstr "AVISO: %s fai que se ignore %s\n"
 
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Por favor, empregue o comando \"toggle\" antes.\n"
+
 #, fuzzy, c-format
 #| msgid "%s does not yet work with %s\n"
 msgid "%s is not compliant with %s mode\n"
@@ -5251,7 +5256,7 @@ msgid "can't open signed data fd=%d: %s\n"
 msgstr "non foi posible abri-los datos asinados `%s'\n"
 
 #, fuzzy, c-format
-msgid "Note: key %s is not suitable for encryption in %s mode\n"
+msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "chave %08lX: non hai ID de usuario\n"
 
 #, fuzzy, c-format
@@ -9253,9 +9258,6 @@ msgstr ""
 #~ msgid "toggle between the secret and public key listings"
 #~ msgstr "cambiar entre o listado de chaves p?blicas e secretas"
 
-#~ msgid "Please use the command \"toggle\" first.\n"
-#~ msgstr "Por favor, empregue o comando \"toggle\" antes.\n"
-
 #, fuzzy
 #~ msgid "Passphrase"
 #~ msgstr "contrasinal err?neo"
diff --git a/po/hu.po b/po/hu.po
index fcdc9b7..49bef6c 100644
--- a/po/hu.po
+++ b/po/hu.po
@@ -335,9 +335,6 @@ msgstr "|f?jl|b?v?t? modul bet?lt?se"
 msgid "do not detach from the console"
 msgstr ""
 
-msgid "do not grab keyboard and mouse"
-msgstr ""
-
 #, fuzzy
 msgid "use a log file for the server"
 msgstr "kulcsok keres?se kulcsszerveren"
@@ -1282,6 +1279,14 @@ msgstr ""
 msgid "WARNING: %s\n"
 msgstr "FIGYELEM: %s hat?stalan?tja %s-t!\n"
 
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "K?rem, haszn?lja el?bb a \"toggle\" parancsot!\n"
+
 #, fuzzy, c-format
 #| msgid "%s does not yet work with %s\n"
 msgid "%s is not compliant with %s mode\n"
@@ -5215,7 +5220,7 @@ msgid "can't open signed data fd=%d: %s\n"
 msgstr "Nem tudom megnyitni a(z) \"%s\" al??rt adatot!\n"
 
 #, fuzzy, c-format
-msgid "Note: key %s is not suitable for encryption in %s mode\n"
+msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "%08lX kulcs: Nincs felhaszn?l?i azonos?t?.\n"
 
 #, fuzzy, c-format
@@ -9195,9 +9200,6 @@ msgstr ""
 #~ msgid "toggle between the secret and public key listings"
 #~ msgstr "v?lt?s a titkos ?s a nyilv?nos kulcs list?z?sa k?z?tt"
 
-#~ msgid "Please use the command \"toggle\" first.\n"
-#~ msgstr "K?rem, haszn?lja el?bb a \"toggle\" parancsot!\n"
-
 #, fuzzy
 #~ msgid "Passphrase"
 #~ msgstr "rossz jelsz?"
diff --git a/po/id.po b/po/id.po
index cf0f261..786dc42 100644
--- a/po/id.po
+++ b/po/id.po
@@ -340,9 +340,6 @@ msgstr "|FILE|muat modul ekstensi FILE"
 msgid "do not detach from the console"
 msgstr ""
 
-msgid "do not grab keyboard and mouse"
-msgstr ""
-
 #, fuzzy
 msgid "use a log file for the server"
 msgstr "cari kunci di keyserver"
@@ -1288,6 +1285,14 @@ msgstr ""
 msgid "WARNING: %s\n"
 msgstr "PERINGATAN: %s menimpa %s\n"
 
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Silakan gunakan dulu perintah \"toogle\".\n"
+
 #, fuzzy, c-format
 #| msgid "%s does not yet work with %s\n"
 msgid "%s is not compliant with %s mode\n"
@@ -5209,7 +5214,7 @@ msgid "can't open signed data fd=%d: %s\n"
 msgstr "tidak dapat membuka data tertandai `%s'\n"
 
 #, fuzzy, c-format
-msgid "Note: key %s is not suitable for encryption in %s mode\n"
+msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "kunci %08lX: tidak ada ID user\n"
 
 #, fuzzy, c-format
@@ -9186,9 +9191,6 @@ msgstr ""
 #~ msgid "toggle between the secret and public key listings"
 #~ msgstr "ubah tampilan kunci rahasia dan publik"
 
-#~ msgid "Please use the command \"toggle\" first.\n"
-#~ msgstr "Silakan gunakan dulu perintah \"toogle\".\n"
-
 #, fuzzy
 #~ msgid "Passphrase"
 #~ msgstr "passphrase yang buruk"
diff --git a/po/it.po b/po/it.po
index b2aaec2..1bcc8b8 100644
--- a/po/it.po
+++ b/po/it.po
@@ -335,9 +335,6 @@ msgstr "|FILE|carica il modulo di estensione FILE"
 msgid "do not detach from the console"
 msgstr ""
 
-msgid "do not grab keyboard and mouse"
-msgstr ""
-
 #, fuzzy
 msgid "use a log file for the server"
 msgstr "cerca delle chiavi su un keyserver"
@@ -1285,6 +1282,14 @@ msgstr ""
 msgid "WARNING: %s\n"
 msgstr "ATTENZIONE: %s ha la precedenza su %s\n"
 
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Per favore usa prima il comando \"toggle\".\n"
+
 #, fuzzy, c-format
 #| msgid "%s does not yet work with %s\n"
 msgid "%s is not compliant with %s mode\n"
@@ -5233,7 +5238,7 @@ msgid "can't open signed data fd=%d: %s\n"
 msgstr "impossibile aprire i dati firmati `%s'\n"
 
 #, fuzzy, c-format
-msgid "Note: key %s is not suitable for encryption in %s mode\n"
+msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "chiave %08lX: nessun user ID\n"
 
 #, fuzzy, c-format
@@ -9230,9 +9235,6 @@ msgstr ""
 #~ msgid "toggle between the secret and public key listings"
 #~ msgstr "cambia tra visualizzare la chiave segreta e la chiave pubblica"
 
-#~ msgid "Please use the command \"toggle\" first.\n"
-#~ msgstr "Per favore usa prima il comando \"toggle\".\n"
-
 #, fuzzy
 #~ msgid "Passphrase"
 #~ msgstr "passphrase errata"
diff --git a/po/ja.po b/po/ja.po
index 61fe790..7d4f002 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -321,9 +321,6 @@ msgstr "|FILE|FILE??????????????"
 msgid "do not detach from the console"
 msgstr "??????????????"
 
-msgid "do not grab keyboard and mouse"
-msgstr "???????????????"
-
 msgid "use a log file for the server"
 msgstr "??????????????"
 
@@ -1200,6 +1197,14 @@ msgstr "???'%s'??????????(%s < %s)"
 msgid "WARNING: %s\n"
 msgstr "*??*: %s\n"
 
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "??\"toggle\"?????????????\n"
+
 #, c-format
 msgid "%s is not compliant with %s mode\n"
 msgstr "%s?%s??????????\n"
@@ -1559,8 +1564,7 @@ msgstr "????????'%s'?%s?????????????
 
 #, c-format
 msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
-msgstr ""
-"*??*: ?%s??%s???????????????\n"
+msgstr "*??*: ?%s??%s???????????????\n"
 
 #, c-format
 msgid ""
@@ -4808,8 +4812,9 @@ msgstr "????????'%s'??????\n"
 msgid "can't open signed data fd=%d: %s\n"
 msgstr "???????? fd=%d ??????: %s\n"
 
-#, c-format
-msgid "Note: key %s is not suitable for encryption in %s mode\n"
+#, fuzzy, c-format
+#| msgid "Note: key %s is not suitable for encryption in %s mode\n"
+msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "?: ?%s?%s?????????????????\n"
 
 #, c-format
@@ -8310,6 +8315,9 @@ msgstr ""
 "??: gpg-check-pattern [?????] ????????\n"
 "????????????????????????????\n"
 
+#~ msgid "do not grab keyboard and mouse"
+#~ msgstr "???????????????"
+
 #~ msgid "Error: URL too long (limit is %d characters).\n"
 #~ msgstr "???: URL?????? (??%d??)?\n"
 
@@ -8652,9 +8660,6 @@ msgstr ""
 #~ msgid "toggle between the secret and public key listings"
 #~ msgstr "?????????????"
 
-#~ msgid "Please use the command \"toggle\" first.\n"
-#~ msgstr "??\"toggle\"?????????????\n"
-
 #~ msgid "Passphrase"
 #~ msgstr "??????"
 
diff --git a/po/nb.po b/po/nb.po
index 09e8fc2..01de1b0 100644
--- a/po/nb.po
+++ b/po/nb.po
@@ -328,9 +328,6 @@ msgstr "|FIL|les valg fra valgt FIL"
 msgid "do not detach from the console"
 msgstr "ikke l?sne fra konsoll"
 
-msgid "do not grab keyboard and mouse"
-msgstr "ikke bruk tastatur og mus"
-
 msgid "use a log file for the server"
 msgstr "bruk loggfil for tjeneren"
 
@@ -1210,6 +1207,14 @@ msgstr "tjener ?%s? er eldre enn oss (%s < %s)"
 msgid "WARNING: %s\n"
 msgstr "ADVARSEL: %s\n"
 
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Bruk kommandoen ?toggle? f?rst.\n"
+
 #, fuzzy, c-format
 #| msgid "%s does not yet work with %s\n"
 msgid "%s is not compliant with %s mode\n"
@@ -4921,7 +4926,7 @@ msgstr "klarte ikke ? ?pne signert data fd=%d: ?%s?\n"
 
 #, fuzzy, c-format
 #| msgid "certificate is not usable for encryption\n"
-msgid "Note: key %s is not suitable for encryption in %s mode\n"
+msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "sertifikatet egner seg ikke til kryptering\n"
 
 #, c-format
@@ -8600,6 +8605,9 @@ msgstr ""
 "Syntaks: gpg-check-pattern [valg] m?nsterfil\n"
 "Kontroller passordfrase oppgitt p? standard innkanal mot valgt m?nsterfil\n"
 
+#~ msgid "do not grab keyboard and mouse"
+#~ msgstr "ikke bruk tastatur og mus"
+
 #~ msgid "Error: URL too long (limit is %d characters).\n"
 #~ msgstr "Feil: Adressen er for lang (grensa er %d tegn).\n"
 
@@ -9349,9 +9357,6 @@ msgstr ""
 #~ msgid "error reading secret keyblock \"%s\": %s\n"
 #~ msgstr "feil under lesing av hemmelig n?kkelblokk ?%s?: %s\n"
 
-#~ msgid "Please use the command \"toggle\" first.\n"
-#~ msgstr "Bruk kommandoen ?toggle? f?rst.\n"
-
 #~ msgid "User ID \"%s\": %d signatures removed\n"
 #~ msgstr "Bruker-ID ?%s?: %d signaturer fjernet\n"
 
diff --git a/po/pl.po b/po/pl.po
index 4df8e68..c4e2d07 100644
--- a/po/pl.po
+++ b/po/pl.po
@@ -362,9 +362,6 @@ msgstr "|PLIK|odczyt opcji z PLIKU"
 msgid "do not detach from the console"
 msgstr "nie odczepianie od konsoli"
 
-msgid "do not grab keyboard and mouse"
-msgstr "nie przechwytywanie klawiatury i myszy"
-
 msgid "use a log file for the server"
 msgstr "u?ycie pliku loga dla serwera"
 
@@ -1317,6 +1314,14 @@ msgstr ""
 msgid "WARNING: %s\n"
 msgstr "OSTRZE?ENIE: %s powoduje obej?cie %s\n"
 
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Najpierw trzeba u?y? polecenia \"prze?\".\n"
+
 #, fuzzy, c-format
 #| msgid "%s does not yet work with %s\n"
 msgid "%s is not compliant with %s mode\n"
@@ -5291,7 +5296,7 @@ msgstr "nie mo?na otworzy? podpisanych danych z fd=%d: %s\n"
 
 #, fuzzy, c-format
 #| msgid "certificate is not usable for encryption\n"
-msgid "Note: key %s is not suitable for encryption in %s mode\n"
+msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "certyfikat nie nadaje si? do szyfrowania\n"
 
 #, c-format
@@ -9271,6 +9276,9 @@ msgstr ""
 "Sk?adnia: gpg-check-pattern [opcje] plik-wzorc?w\n"
 "Sprawdzanie has?a ze standardowego wej?cia wzgl?dem pliku wzorc?w\n"
 
+#~ msgid "do not grab keyboard and mouse"
+#~ msgstr "nie przechwytywanie klawiatury i myszy"
+
 #~ msgid "Error: URL too long (limit is %d characters).\n"
 #~ msgstr "B??d: URL zbyt d?ugi (limit to %d znak?w).\n"
 
@@ -9597,9 +9605,6 @@ msgstr ""
 #~ msgid "toggle between the secret and public key listings"
 #~ msgstr "prze??czenie pomi?dzy listami kluczy tajnych i publicznych"
 
-#~ msgid "Please use the command \"toggle\" first.\n"
-#~ msgstr "Najpierw trzeba u?y? polecenia \"prze?\".\n"
-
 #~ msgid "Passphrase"
 #~ msgstr "Has?o"
 
diff --git a/po/pt.po b/po/pt.po
index b905742..e95b887 100644
--- a/po/pt.po
+++ b/po/pt.po
@@ -338,9 +338,6 @@ msgstr "|FICHEIRO|carregar m?dulo de extens?o FICHEIRO"
 msgid "do not detach from the console"
 msgstr ""
 
-msgid "do not grab keyboard and mouse"
-msgstr ""
-
 #, fuzzy
 msgid "use a log file for the server"
 msgstr "procurar chaves num servidor de chaves"
@@ -1288,6 +1285,14 @@ msgstr ""
 msgid "WARNING: %s\n"
 msgstr "AVISO: %s sobrep?e %s\n"
 
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Por favor utilize o comando \"toggle\" primeiro.\n"
+
 #, fuzzy, c-format
 msgid "%s is not compliant with %s mode\n"
 msgstr "%s n?o faz sentido com %s!\n"
@@ -5219,7 +5224,7 @@ msgid "can't open signed data fd=%d: %s\n"
 msgstr "imposs?vel abrir dados assinados `%s'\n"
 
 #, fuzzy, c-format
-msgid "Note: key %s is not suitable for encryption in %s mode\n"
+msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "chave %08lX: sem ID de utilizador\n"
 
 #, fuzzy, c-format
@@ -9196,9 +9201,6 @@ msgstr ""
 #~ msgid "toggle between the secret and public key listings"
 #~ msgstr "alterna entre listagem de chave secreta e p?blica"
 
-#~ msgid "Please use the command \"toggle\" first.\n"
-#~ msgstr "Por favor utilize o comando \"toggle\" primeiro.\n"
-
 #, fuzzy
 #~ msgid "Passphrase"
 #~ msgstr "frase secreta incorrecta"
diff --git a/po/ro.po b/po/ro.po
index 0cf134b..d938da7 100644
--- a/po/ro.po
+++ b/po/ro.po
@@ -350,9 +350,6 @@ msgstr "|FI?IER|?ncarc? modulul extensie FI?IER"
 msgid "do not detach from the console"
 msgstr ""
 
-msgid "do not grab keyboard and mouse"
-msgstr ""
-
 #, fuzzy
 msgid "use a log file for the server"
 msgstr "caut? pentru chei pe un server de chei"
@@ -1305,6 +1302,14 @@ msgstr ""
 msgid "WARNING: %s\n"
 msgstr "AVERTISMENT: "
 
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "V? rug?m folosi?i mai ?nt?i comanda \"toggle\".\n"
+
 #, fuzzy, c-format
 #| msgid "%s does not yet work with %s\n"
 msgid "%s is not compliant with %s mode\n"
@@ -5238,7 +5243,7 @@ msgid "can't open signed data fd=%d: %s\n"
 msgstr "nu pot deschide date semnate `%s'\n"
 
 #, fuzzy, c-format
-msgid "Note: key %s is not suitable for encryption in %s mode\n"
+msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "cheia %s nu are nici un ID utilizator\n"
 
 #, c-format
@@ -9283,9 +9288,6 @@ msgstr ""
 #~ msgid "toggle between the secret and public key listings"
 #~ msgstr "comut? ?ntre listele de chei secrete ?i publice"
 
-#~ msgid "Please use the command \"toggle\" first.\n"
-#~ msgstr "V? rug?m folosi?i mai ?nt?i comanda \"toggle\".\n"
-
 #, fuzzy
 #~ msgid "Passphrase"
 #~ msgstr "fraz?-parol? incorect?"
diff --git a/po/ru.po b/po/ru.po
index 8cca5f2..652803e 100644
--- a/po/ru.po
+++ b/po/ru.po
@@ -331,9 +331,6 @@ msgstr "|FILE|????? ????????? ?? ????? FILE"
 msgid "do not detach from the console"
 msgstr "?? ????????????? ?? ???????"
 
-msgid "do not grab keyboard and mouse"
-msgstr "?? ??????????? ?????????? ? ????"
-
 msgid "use a log file for the server"
 msgstr "???????????? ???? ??????? ??? ???????"
 
@@ -1210,6 +1207,13 @@ msgstr "?????? '%s' ?????? ??? (%s < %s)"
 msgid "WARNING: %s\n"
 msgstr "????????: %s\n"
 
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+
+#, c-format
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr ""
+
 #, fuzzy, c-format
 #| msgid "%s does not yet work with %s\n"
 msgid "%s is not compliant with %s mode\n"
@@ -4935,7 +4939,7 @@ msgstr "?? ???? ??????? ??????????? ?????? fd=%d:
 
 #, fuzzy, c-format
 #| msgid "certificate is not usable for encryption\n"
-msgid "Note: key %s is not suitable for encryption in %s mode\n"
+msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "?????????? ?? ???????? ??? ??????????\n"
 
 #, c-format
@@ -8591,6 +8595,9 @@ msgstr ""
 "?????????: gpg-check-pattern [?????????] ????_????????\n"
 "????????? ?????-??????, ??????????? ?? stdin, ?? ????? ????????\n"
 
+#~ msgid "do not grab keyboard and mouse"
+#~ msgstr "?? ??????????? ?????????? ? ????"
+
 #~ msgid "Error: URL too long (limit is %d characters).\n"
 #~ msgstr "??????: ??????? ??????? URL (?????? - %d ????????).\n"
 
diff --git a/po/sk.po b/po/sk.po
index 6aaf628..d8b898c 100644
--- a/po/sk.po
+++ b/po/sk.po
@@ -338,9 +338,6 @@ msgstr "|S?BOR|nahra? roz?iruj?ci modul S?BOR"
 msgid "do not detach from the console"
 msgstr ""
 
-msgid "do not grab keyboard and mouse"
-msgstr ""
-
 #, fuzzy
 msgid "use a log file for the server"
 msgstr "vyh?ada? k???e na serveri k???ov"
@@ -1288,6 +1285,14 @@ msgstr ""
 msgid "WARNING: %s\n"
 msgstr "VAROVANIE: %s prep??e %s\n"
 
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Pros?m, najsk?r pou?ite pr?kaz \"toggle\" (prepn??).\n"
+
 #, fuzzy, c-format
 #| msgid "%s does not yet work with %s\n"
 msgid "%s is not compliant with %s mode\n"
@@ -5229,7 +5234,7 @@ msgid "can't open signed data fd=%d: %s\n"
 msgstr "nem??em otvori? podp?san? d?ta '%s'\n"
 
 #, fuzzy, c-format
-msgid "Note: key %s is not suitable for encryption in %s mode\n"
+msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "k??? %08lX: chyba identifik?tor u??vate?a\n"
 
 #, fuzzy, c-format
@@ -9219,9 +9224,6 @@ msgstr ""
 #~ msgid "toggle between the secret and public key listings"
 #~ msgstr "prepn?? medzi vyp?san?m zoznamu tajn?ch a verejn?ch k???ov"
 
-#~ msgid "Please use the command \"toggle\" first.\n"
-#~ msgstr "Pros?m, najsk?r pou?ite pr?kaz \"toggle\" (prepn??).\n"
-
 #, fuzzy
 #~ msgid "Passphrase"
 #~ msgstr "nespr?vne heslo"
diff --git a/po/sv.po b/po/sv.po
index dcd53d1..ca7ba7e 100644
--- a/po/sv.po
+++ b/po/sv.po
@@ -384,9 +384,6 @@ msgstr "|FIL|l?s inst?llningar fr?n FIL"
 msgid "do not detach from the console"
 msgstr "frig?r inte fr?n konsollen"
 
-msgid "do not grab keyboard and mouse"
-msgstr "f?nga inte tangentbord och mus"
-
 msgid "use a log file for the server"
 msgstr "anv?nd en loggfil f?r servern"
 
@@ -1358,6 +1355,14 @@ msgstr ""
 msgid "WARNING: %s\n"
 msgstr "VARNING: %s g?ller ist?llet f?r %s\n"
 
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "Anv?nd kommandot \"toggle\" f?rst.\n"
+
 #, fuzzy, c-format
 #| msgid "%s does not yet work with %s\n"
 msgid "%s is not compliant with %s mode\n"
@@ -5355,7 +5360,7 @@ msgstr "kan inte ?ppna signerad data fd=%d: %s\n"
 
 #, fuzzy, c-format
 #| msgid "certificate is not usable for encryption\n"
-msgid "Note: key %s is not suitable for encryption in %s mode\n"
+msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "certifikatet ?r inte anv?ndbart f?r kryptering\n"
 
 #, c-format
@@ -9347,6 +9352,9 @@ msgstr ""
 "Syntax: gpg-check-pattern [flaggor] m?nsterfil\n"
 "Kontrollera en l?senfras angiven p? standard in mot m?nsterfilen\n"
 
+#~ msgid "do not grab keyboard and mouse"
+#~ msgstr "f?nga inte tangentbord och mus"
+
 #~ msgid "Error: URL too long (limit is %d characters).\n"
 #~ msgstr "Fel: URL:en ?r f?r l?ng (gr?nsen ?r %d tecken).\n"
 
@@ -9668,9 +9676,6 @@ msgstr ""
 #~ msgid "toggle between the secret and public key listings"
 #~ msgstr "v?xla mellan att lista hemliga och publika nycklar"
 
-#~ msgid "Please use the command \"toggle\" first.\n"
-#~ msgstr "Anv?nd kommandot \"toggle\" f?rst.\n"
-
 #~ msgid "Passphrase"
 #~ msgstr "L?senfras"
 
diff --git a/po/tr.po b/po/tr.po
index 0fa3c40..c1743f3 100644
--- a/po/tr.po
+++ b/po/tr.po
@@ -354,9 +354,6 @@ msgstr "|DOSYA|se?enekler DOSYAdan okunur"
 msgid "do not detach from the console"
 msgstr "konsoldan kopulmaz"
 
-msgid "do not grab keyboard and mouse"
-msgstr "klavye ve fare gaspedilmez"
-
 msgid "use a log file for the server"
 msgstr "sunucu i?in bir g?nl?k dosyas? kullan?l?r"
 
@@ -1322,6 +1319,14 @@ msgstr ""
 msgid "WARNING: %s\n"
 msgstr "UYARI: %s %s'i a??yor\n"
 
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "l?tfen ?nce \"se?mece\" komutunu kullan?n.\n"
+
 #, fuzzy, c-format
 #| msgid "%s does not yet work with %s\n"
 msgid "%s is not compliant with %s mode\n"
@@ -5292,7 +5297,7 @@ msgstr "imzal? veri fd=%d a??lamad?: %s\n"
 
 #, fuzzy, c-format
 #| msgid "certificate is not usable for encryption\n"
-msgid "Note: key %s is not suitable for encryption in %s mode\n"
+msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "sertifika ?ifreleme i?in elveri?li de?il\n"
 
 #, c-format
@@ -9251,6 +9256,9 @@ msgstr ""
 "Standart girdiden verilen anahtar parolas?n? ?r?nt? dosyas?yla "
 "kar??la?t?r?r\n"
 
+#~ msgid "do not grab keyboard and mouse"
+#~ msgstr "klavye ve fare gaspedilmez"
+
 #~ msgid "Error: URL too long (limit is %d characters).\n"
 #~ msgstr "Hata: URL ?ok uzun (s?n?r: %d karakter).\n"
 
@@ -9574,9 +9582,6 @@ msgstr ""
 #~ msgid "toggle between the secret and public key listings"
 #~ msgstr "genel ve gizli anahtar listeleri aras?nda yer de?i?tirir"
 
-#~ msgid "Please use the command \"toggle\" first.\n"
-#~ msgstr "l?tfen ?nce \"se?mece\" komutunu kullan?n.\n"
-
 #~ msgid "Passphrase"
 #~ msgstr "Anahtar Parolas?"
 
diff --git a/po/uk.po b/po/uk.po
index 818b731..abbe116 100644
--- a/po/uk.po
+++ b/po/uk.po
@@ -327,9 +327,6 @@ msgstr "|FILE|????????? ????????? ? ????????? ???
 msgid "do not detach from the console"
 msgstr "?? ???????????? ??? ???????"
 
-msgid "do not grab keyboard and mouse"
-msgstr "?? ??????????? ????????? ??????????? ? ?????"
-
 msgid "use a log file for the server"
 msgstr "??????????????? ???? ??????? ??? ???????"
 
@@ -1214,6 +1211,14 @@ msgstr "?????? ?%s? ??? ??????, ??????? ?? ???? (%
 msgid "WARNING: %s\n"
 msgstr "?????: %s\n"
 
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "????????????? ???????? ???????? ?toggle?.\n"
+
 #, fuzzy, c-format
 #| msgid "%s does not yet work with %s\n"
 msgid "%s is not compliant with %s mode\n"
@@ -4994,7 +4999,7 @@ msgstr "?? ??????? ???????? ????????? ???? fd=%d:
 
 #, fuzzy, c-format
 #| msgid "certificate is not usable for encryption\n"
-msgid "Note: key %s is not suitable for encryption in %s mode\n"
+msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "?????????? ??????????? ??? ??????????\n"
 
 #, c-format
@@ -8677,6 +8682,9 @@ msgstr ""
 "?????????: gpg-check-pattern [?????????] ????_????????\n"
 "?????????? ??????, ???????? ? stdin, ?? ????????? ?????_????????\n"
 
+#~ msgid "do not grab keyboard and mouse"
+#~ msgstr "?? ??????????? ????????? ??????????? ? ?????"
+
 #~ msgid "Error: URL too long (limit is %d characters).\n"
 #~ msgstr "???????: ?????? ? ??????? ?????? (???????? ? %d ????????).\n"
 
@@ -9060,9 +9068,6 @@ msgstr ""
 #~ msgid "toggle between the secret and public key listings"
 #~ msgstr "???????????? ??? ???????? ???????? ? ????????? ??????"
 
-#~ msgid "Please use the command \"toggle\" first.\n"
-#~ msgstr "????????????? ???????? ???????? ?toggle?.\n"
-
 #~ msgid "Passphrase"
 #~ msgstr "??????"
 
diff --git a/po/zh_CN.po b/po/zh_CN.po
index acee43b..0cf93cb 100644
--- a/po/zh_CN.po
+++ b/po/zh_CN.po
@@ -348,9 +348,6 @@ msgstr "??%s?????\n"
 msgid "do not detach from the console"
 msgstr ""
 
-msgid "do not grab keyboard and mouse"
-msgstr ""
-
 #, fuzzy
 msgid "use a log file for the server"
 msgstr "???????????"
@@ -1286,6 +1283,14 @@ msgstr ""
 msgid "WARNING: %s\n"
 msgstr "???"
 
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "?????toggle????\n"
+
 #, fuzzy, c-format
 #| msgid "%s does not yet work with %s\n"
 msgid "%s is not compliant with %s mode\n"
@@ -5108,7 +5113,7 @@ msgid "can't open signed data fd=%d: %s\n"
 msgstr "???????????%s?\n"
 
 #, fuzzy, c-format
-msgid "Note: key %s is not suitable for encryption in %s mode\n"
+msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "?? %s??????????\n"
 
 #, c-format
@@ -9095,9 +9100,6 @@ msgstr ""
 #~ msgid "toggle between the secret and public key listings"
 #~ msgstr "???????????"
 
-#~ msgid "Please use the command \"toggle\" first.\n"
-#~ msgstr "?????toggle????\n"
-
 #, fuzzy
 #~ msgid "Passphrase"
 #~ msgstr "?????"
diff --git a/po/zh_TW.po b/po/zh_TW.po
index 83f9ca9..a3f29b6 100644
--- a/po/zh_TW.po
+++ b/po/zh_TW.po
@@ -329,9 +329,6 @@ msgstr "|??|??????????"
 msgid "do not detach from the console"
 msgstr "??? console ??"
 
-msgid "do not grab keyboard and mouse"
-msgstr "?????????"
-
 msgid "use a log file for the server"
 msgstr "?????????"
 
@@ -1215,6 +1212,14 @@ msgstr ""
 msgid "WARNING: %s\n"
 msgstr "??: %s ??? %s\n"
 
+msgid "Note: Outdated servers may lack important security fixes.\n"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "Please use the command \"toggle\" first.\n"
+msgid "Note: Use the command \"%s\" to restart them.\n"
+msgstr "???? \"toggle\" ??.\n"
+
 #, fuzzy, c-format
 #| msgid "%s does not yet work with %s\n"
 msgid "%s is not compliant with %s mode\n"
@@ -4908,7 +4913,7 @@ msgstr "??????????? fd=%d: %s\n"
 
 #, fuzzy, c-format
 #| msgid "certificate is not usable for encryption\n"
-msgid "Note: key %s is not suitable for encryption in %s mode\n"
+msgid "key %s is not suitable for decryption in %s mode\n"
 msgstr "????????\n"
 
 #, c-format
@@ -8461,6 +8466,9 @@ msgstr ""
 "??: gpg-check-pattern [??] ????\n"
 "??????????????????\n"
 
+#~ msgid "do not grab keyboard and mouse"
+#~ msgstr "?????????"
+
 #~ msgid "Error: URL too long (limit is %d characters).\n"
 #~ msgstr "??: URL ?? (??? %d ???).\n"
 
@@ -8774,9 +8782,6 @@ msgstr ""
 #~ msgid "toggle between the secret and public key listings"
 #~ msgstr "?????????????"
 
-#~ msgid "Please use the command \"toggle\" first.\n"
-#~ msgstr "???? \"toggle\" ??.\n"
-
 #~ msgid "Passphrase"
 #~ msgstr "??"
 

-----------------------------------------------------------------------

Summary of changes:
 Makefile.am                                 |   2 +-
 README                                      |  22 ++++----
 agent/gpg-agent.c                           |  18 ++++--
 artwork/icons/index.css                     |  59 ++++++++++++++++++++
 artwork/icons/index.html                    |  46 ++++++++++++++++
 artwork/icons/lock-12.png                   | Bin 0 -> 195 bytes
 artwork/icons/lock-128.png                  | Bin 0 -> 743 bytes
 artwork/icons/lock-16.png                   | Bin 0 -> 235 bytes
 artwork/icons/lock-24.png                   | Bin 0 -> 273 bytes
 artwork/icons/lock-256.png                  | Bin 0 -> 1294 bytes
 artwork/icons/lock-32.png                   | Bin 0 -> 332 bytes
 artwork/icons/lock-48.png                   | Bin 0 -> 414 bytes
 artwork/icons/lock-64.png                   | Bin 0 -> 478 bytes
 artwork/icons/lock-wing-12.png              | Bin 0 -> 292 bytes
 artwork/icons/lock-wing-128.png             | Bin 0 -> 1349 bytes
 artwork/icons/lock-wing-16.png              | Bin 0 -> 324 bytes
 artwork/icons/lock-wing-24.png              | Bin 0 -> 441 bytes
 artwork/icons/lock-wing-256.png             | Bin 0 -> 2535 bytes
 artwork/icons/lock-wing-32.png              | Bin 0 -> 508 bytes
 artwork/icons/lock-wing-48.png              | Bin 0 -> 674 bytes
 artwork/icons/lock-wing-64.png              | Bin 0 -> 833 bytes
 artwork/icons/lock-wing.svg                 |   1 +
 artwork/icons/lock.svg                      |   1 +
 artwork/icons/wing-12.png                   | Bin 0 -> 256 bytes
 artwork/icons/wing-128.png                  | Bin 0 -> 1243 bytes
 artwork/icons/wing-16.png                   | Bin 0 -> 295 bytes
 artwork/icons/wing-24.png                   | Bin 0 -> 414 bytes
 artwork/icons/wing-256.png                  | Bin 0 -> 2326 bytes
 artwork/icons/wing-32.png                   | Bin 0 -> 478 bytes
 artwork/icons/wing-48.png                   | Bin 0 -> 638 bytes
 artwork/icons/wing-64.png                   | Bin 0 -> 755 bytes
 artwork/icons/wing.svg                      |   1 +
 build-aux/speedo.mk                         |   2 +-
 common/argparse.c                           |  15 +++--
 configure.ac                                |  37 +++++++++----
 dirmngr/http.c                              |   6 +-
 doc/examples/systemd-user/dirmngr.service   |   3 -
 doc/examples/systemd-user/gpg-agent.service |   3 -
 doc/gpg-agent.texi                          |  10 +++-
 doc/gpg.texi                                |  31 +++++++----
 doc/tools.texi                              |  10 ++--
 g10/call-agent.c                            |   7 +++
 g10/call-dirmngr.c                          |  12 ++++
 g10/getkey.c                                |   6 +-
 g10/gpg.c                                   |  22 +++++++-
 g10/import.c                                |   9 ++-
 g10/keydb.h                                 |   2 +-
 g10/options.h                               |   2 +
 g10/pubkey-enc.c                            |  42 ++++++++------
 g10/revoke.c                                |   4 ++
 po/ca.po                                    |  16 +++---
 po/cs.po                                    |  19 ++++---
 po/da.po                                    |  19 ++++---
 po/de.po                                    |  28 +++++-----
 po/el.po                                    |  16 +++---
 po/eo.po                                    |  16 +++---
 po/es.po                                    |  19 ++++---
 po/et.po                                    |  16 +++---
 po/fi.po                                    |  16 +++---
 po/fr.po                                    |  19 ++++---
 po/gl.po                                    |  16 +++---
 po/hu.po                                    |  16 +++---
 po/id.po                                    |  16 +++---
 po/it.po                                    |  16 +++---
 po/ja.po                                    |  82 ++++++++++++----------------
 po/nb.po                                    |  19 ++++---
 po/pl.po                                    |  19 ++++---
 po/pt.po                                    |  16 +++---
 po/ro.po                                    |  16 +++---
 po/ru.po                                    |  15 +++--
 po/sk.po                                    |  16 +++---
 po/sv.po                                    |  19 ++++---
 po/tr.po                                    |  19 ++++---
 po/uk.po                                    |  19 ++++---
 po/zh_CN.po                                 |  16 +++---
 po/zh_TW.po                                 |  19 ++++---
 sm/call-agent.c                             |   7 +++
 sm/call-dirmngr.c                           |   7 +++
 sm/decrypt.c                                |  19 ++++---
 sm/keylist.c                                |  14 ++---
 tests/gpgscm/ffi.c                          |  16 ++++++
 tests/gpgscm/tests.scm                      |   2 +
 tests/openpgp/all-tests.scm                 |  40 +++++++++-----
 tests/openpgp/defs.scm                      |   2 +
 tools/gpg-wks-client.c                      |   9 ++-
 tools/gpgconf-comp.c                        |  11 +++-
 tools/rfc822parse.c                         |   2 +-
 87 files changed, 686 insertions(+), 339 deletions(-)
 create mode 100644 artwork/icons/index.css
 create mode 100644 artwork/icons/index.html
 create mode 100644 artwork/icons/lock-12.png
 create mode 100644 artwork/icons/lock-128.png
 create mode 100644 artwork/icons/lock-16.png
 create mode 100644 artwork/icons/lock-24.png
 create mode 100644 artwork/icons/lock-256.png
 create mode 100644 artwork/icons/lock-32.png
 create mode 100644 artwork/icons/lock-48.png
 create mode 100644 artwork/icons/lock-64.png
 create mode 100644 artwork/icons/lock-wing-12.png
 create mode 100644 artwork/icons/lock-wing-128.png
 create mode 100644 artwork/icons/lock-wing-16.png
 create mode 100644 artwork/icons/lock-wing-24.png
 create mode 100644 artwork/icons/lock-wing-256.png
 create mode 100644 artwork/icons/lock-wing-32.png
 create mode 100644 artwork/icons/lock-wing-48.png
 create mode 100644 artwork/icons/lock-wing-64.png
 create mode 100644 artwork/icons/lock-wing.svg
 create mode 100644 artwork/icons/lock.svg
 create mode 100644 artwork/icons/wing-12.png
 create mode 100644 artwork/icons/wing-128.png
 create mode 100644 artwork/icons/wing-16.png
 create mode 100644 artwork/icons/wing-24.png
 create mode 100644 artwork/icons/wing-256.png
 create mode 100644 artwork/icons/wing-32.png
 create mode 100644 artwork/icons/wing-48.png
 create mode 100644 artwork/icons/wing-64.png
 create mode 100644 artwork/icons/wing.svg


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Aug  9 15:54:46 2017
From: cvs at cvs.gnupg.org (by Kai Michaelis)
Date: Wed, 09 Aug 2017 15:54:46 +0200
Subject: [git] KSBA - branch, master, updated. libksba-1.3.5-8-gad36a28
Message-ID: <E1dfRRe-0002pp-82@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "KSBA is a library to access X.509 certificates and CMS data.".

The branch, master has been updated
       via  ad36a28e3a0580c1a9547843c03e1af172681efc (commit)
      from  707862ab44fb6cca79dacbf866a7066d941b92fc (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ad36a28e3a0580c1a9547843c03e1af172681efc
Author: Kai Michaelis <kai at gnupg.org>
Date:   Wed Aug 9 15:52:36 2017 +0200

    Add missing include.
    
    * src/reader.c: include unistd.h

diff --git a/src/reader.c b/src/reader.c
index e117896..1ae8810 100644
--- a/src/reader.c
+++ b/src/reader.c
@@ -31,6 +31,7 @@
 #include <config.h>
 #include <stdio.h>
 #include <stdlib.h>
+#include <unistd.h>
 #include <string.h>
 #include <assert.h>
 #include <errno.h>

-----------------------------------------------------------------------

Summary of changes:
 src/reader.c | 1 +
 1 file changed, 1 insertion(+)


hooks/post-receive
-- 
KSBA is a library to access X.509 certificates and CMS data.
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Aug  9 17:04:20 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 09 Aug 2017 17:04:20 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2,
 updated. gnupg-2.1.22-34-gd6b40a9
Message-ID: <E1dfSWy-0005G5-65@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-2 has been updated
       via  d6b40a9c866a8495d6a2c0bc3eac158ddd2928c7 (commit)
       via  e8ffa9a6ca5d76660b67207cd1157068e48483de (commit)
      from  31a99733639ae91a9e091a6646a8eb809874af7c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit d6b40a9c866a8495d6a2c0bc3eac158ddd2928c7
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Aug 9 16:58:47 2017 +0200

    Post release updates
    
    --

diff --git a/NEWS b/NEWS
index c3a7853..3b4e008 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,7 @@
+Noteworthy changes in version 2.2.0 (unreleased)
+-------------------------------------------------
+
+
 Noteworthy changes in version 2.1.23 (2017-08-09)
 -------------------------------------------------
 
diff --git a/configure.ac b/configure.ac
index 3ff5865..b52c86d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -27,8 +27,8 @@ min_automake_version="1.14"
 # another commit and push so that the git magic is able to work.
 m4_define([mym4_package],[gnupg])
 m4_define([mym4_major], [2])
-m4_define([mym4_minor], [1])
-m4_define([mym4_micro], [23])
+m4_define([mym4_minor], [2])
+m4_define([mym4_micro], [0])
 
 # To start a new development series, i.e a new major or minor number
 # you need to mark an arbitrary commit before the first beta release

commit e8ffa9a6ca5d76660b67207cd1157068e48483de
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Aug 9 15:52:48 2017 +0200

    Release 2.1.23
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/NEWS b/NEWS
index 70bef2e..c3a7853 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,39 @@
-Noteworthy changes in version 2.1.23 (unreleased)
+Noteworthy changes in version 2.1.23 (2017-08-09)
 -------------------------------------------------
 
+  * gpg: "gpg" is now installed as "gpg" and not anymore as "gpg2".
+    If needed, the new configure option --enable-gpg-is-gpg2 can be
+    used to revert this.
+
+  * gpg: Options --auto-key-retrieve and --auto-key-locate "local,wkd"
+    are now used by default.  Note: this enables keyserver and Web Key
+    Directory operators to notice when a signature from a locally
+    non-available key is being verified for the first time or when
+    you intend to encrypt to a mail address without having the key
+    locally.  This new behaviour will eventually make key discovery
+    much easier and mostly automatic.  Disable this by adding
+      no-auto-key-retrieve
+      auto-key-locate local
+    to your gpg.conf.
+
+  * agent: Option --no-grab is now the default.  The new option --grab
+    allows to revert this.
+
+  * gpg: New import option "show-only".
+
+  * gpg: New option --disable-dirmngr to entirely disable network
+    access for gpg.
+
+  * gpg,gpgsm: Tweaked DE-VS compliance behaviour.
+
+  * New configure flag --enable-all-tests to run more extensive tests
+    during "make check".
+
+  * gpgsm: The keygrip is now always printed in colon mode as
+    documented in the man page.
+
+  * Fixed connection timeout problem under Windows.
+
 
 Noteworthy changes in version 2.1.22 (2017-07-28)
 -------------------------------------------------
@@ -44,6 +77,8 @@ Noteworthy changes in version 2.1.22 (2017-07-28)
 
   * Many other bug fixes.
 
+  See-also: gnupg-announce/2017q3/000411.html
+
 
 Noteworthy changes in version 2.1.21 (2017-05-15)
 -------------------------------------------------
@@ -67,6 +102,8 @@ Noteworthy changes in version 2.1.21 (2017-05-15)
 
   * Many minor bug fixes and code cleanup.
 
+  See-also: gnupg-announce/2017q2/000405.html
+
 
 Noteworthy changes in version 2.1.20 (2017-04-03)
 -------------------------------------------------
@@ -112,6 +149,7 @@ Noteworthy changes in version 2.1.20 (2017-04-03)
 
   * Fixed build problems on some platforms.
 
+  See-also: gnupg-announce/2017q2/000404.html
 
 
 Noteworthy changes in version 2.1.19 (2017-03-01)

-----------------------------------------------------------------------

Summary of changes:
 NEWS         | 44 +++++++++++++++++++++++++++++++++++++++++++-
 configure.ac |  4 ++--
 2 files changed, 45 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Aug  9 17:07:42 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 09 Aug 2017 17:07:42 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.23-1-gd6b40a9
Message-ID: <E1dfSaF-00064q-DD@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  d6b40a9c866a8495d6a2c0bc3eac158ddd2928c7 (commit)
       via  e8ffa9a6ca5d76660b67207cd1157068e48483de (commit)
       via  31a99733639ae91a9e091a6646a8eb809874af7c (commit)
      from  2059dbf201963c6f229698ae80c6c774b1f686c8 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 NEWS         | 44 +++++++++++++++++++++++++++++++++++++++++++-
 configure.ac |  4 ++--
 po/ca.po     | 16 +++++++++-------
 po/cs.po     | 19 ++++++++++++-------
 po/da.po     | 19 ++++++++++++-------
 po/de.po     |  3 ++-
 po/el.po     | 16 +++++++++-------
 po/eo.po     | 16 +++++++++-------
 po/es.po     | 19 ++++++++++++-------
 po/et.po     | 16 +++++++++-------
 po/fi.po     | 16 +++++++++-------
 po/fr.po     | 19 ++++++++++++-------
 po/gl.po     | 16 +++++++++-------
 po/hu.po     | 16 +++++++++-------
 po/id.po     | 16 +++++++++-------
 po/it.po     | 16 +++++++++-------
 po/ja.po     | 25 +++++++++++++++----------
 po/nb.po     | 19 ++++++++++++-------
 po/pl.po     | 19 ++++++++++++-------
 po/pt.po     | 16 +++++++++-------
 po/ro.po     | 16 +++++++++-------
 po/ru.po     | 15 +++++++++++----
 po/sk.po     | 16 +++++++++-------
 po/sv.po     | 19 ++++++++++++-------
 po/tr.po     | 19 ++++++++++++-------
 po/uk.po     | 19 ++++++++++++-------
 po/zh_CN.po  | 16 +++++++++-------
 po/zh_TW.po  | 19 ++++++++++++-------
 28 files changed, 310 insertions(+), 179 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Aug  9 17:30:08 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 09 Aug 2017 17:30:08 +0200
Subject: [git] gnupg-doc - branch, master,
 updated. 077bca1a74fabaf835e61d5d6d42111c8a88e337
Message-ID: <E1dfSvw-0001Oq-AK@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, master has been updated
       via  077bca1a74fabaf835e61d5d6d42111c8a88e337 (commit)
      from  ab8ed2d2161eed95342fc2c495b71a7d83deda6f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 077bca1a74fabaf835e61d5d6d42111c8a88e337
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Aug 9 17:21:32 2017 +0200

    swdb: Release GnuPG 2.1.23

diff --git a/web/index.org b/web/index.org
index 0b92c52..c507efe 100644
--- a/web/index.org
+++ b/web/index.org
@@ -88,6 +88,12 @@ The latest release news:\\
 # GnuPG's latest news are available as [[http://feedvalidator.org/check.cgi?url%3Dhttps://www.gnupg.org/news.en.rss][RSS 2.0 compliant]] feed.  Just
 # point or paste the [[news.en.rss][RSS file]] into your aggregator.
 
+** GnuPG 2.1.23 released (2017-08-09)
+
+A new version of GnuPG has been released.  Please read the full
+[[https://lists.gnupg.org/pipermail/gnupg-announce/2017q3/000412.html][announcement mail]] for details.  This version is intended as a release
+candidate for 2.2.0 which will mark a new long term stable branch.
+
 ** GnuPG 2.1.22 released (2017-07-28)
 
 A new version of GnuPG has been released.  Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2017q3/000411.html][announcement
diff --git a/web/swdb.mac b/web/swdb.mac
index 2e05b52..f3393ae 100644
--- a/web/swdb.mac
+++ b/web/swdb.mac
@@ -21,16 +21,16 @@
 #
 # GnuPG-2.1
 #
-#+macro: gnupg21_ver  2.1.22
-#+macro: gnupg21_date 2017-07-28
-#+macro: gnupg21_size 6377k
-#+macro: gnupg21_sha1 706b806f7d8d328b4ffa67954c613fdd3dfed1b9
-#+macro: gnupg21_sha2 46716faf9e1b92cfca86609f3bfffbf5bb4b6804df90dc853ff7061cfcfb4ad7
-#+macro: gnupg21_w32_ver  2.1.22_20170731
-#+macro: gnupg21_w32_date 2017-07-31
-#+macro: gnupg21_w32_size 3791k
-#+macro: gnupg21_w32_sha1 9f3cf4aa96aedbc9411107e47c7f893691deb365
-#+macro: gnupg21_w32_sha2 0b5f30ab359478f2f3b7210cda926506e69f8dd0a3a6e4e9711b92f19f72a895
+#+macro: gnupg21_ver  2.1.23
+#+macro: gnupg21_date 2017-08-09
+#+macro: gnupg21_size 6373k
+#+macro: gnupg21_sha1 c470777eaa9657ef3258068507065c9a7caef9eb
+#+macro: gnupg21_sha2 a94476391595e9351f219188767a9d6ea128e83be5ed3226a7890f49aa2d0d77
+#+macro: gnupg21_w32_ver  2.1.23_20170809
+#+macro: gnupg21_w32_date 2017-08-09
+#+macro: gnupg21_w32_size 3794k
+#+macro: gnupg21_w32_sha1 c95f1c2dc3aa06dda2a58ba5aefb362511f666e3
+#+macro: gnupg21_w32_sha2 42045473336c0f20a2d4a2b6f4be5be263a55ccd3eb1f682976d94e9a3cff43f
 
 
 #

-----------------------------------------------------------------------

Summary of changes:
 web/index.org |  6 ++++++
 web/swdb.mac  | 20 ++++++++++----------
 2 files changed, 16 insertions(+), 10 deletions(-)


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Aug  9 18:38:00 2017
From: cvs at cvs.gnupg.org (by Marcus Brinkmann)
Date: Wed, 09 Aug 2017 18:38:00 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.23-2-g977fc5f
Message-ID: <E1dfTzd-00052D-Bd@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  977fc5f0eb9fdee19e66bea8cd2eb5414789b485 (commit)
      from  d6b40a9c866a8495d6a2c0bc3eac158ddd2928c7 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 977fc5f0eb9fdee19e66bea8cd2eb5414789b485
Author: Marcus Brinkmann <marcus.brinkmann at ruhr-uni-bochum.de>
Date:   Wed Aug 9 18:35:56 2017 +0200

    g10:?Write status error on error of --quick-revoke-uid.
    
    * g10/keyedit.c (keyedit_quick_revuid): Write status error on error.
    
    Signed-off-by: Marcus Brinkmann <mb at g10code.com>
    GnuPG-bug-id: 2963

diff --git a/g10/keyedit.c b/g10/keyedit.c
index e221b32..38cdbce 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -2455,7 +2455,10 @@ keyedit_quick_revuid (ctrl_t ctrl, const char *username, const char *uidtorev)
 
  leave:
   if (err)
-    log_error (_("revoking the user ID failed: %s\n"), gpg_strerror (err));
+    {
+      log_error (_("revoking the user ID failed: %s\n"), gpg_strerror (err));
+      write_status_error ("keyedit.revoke.uid", err);
+    }
   release_kbnode (keyblock);
   keydb_release (kdbhd);
 }

-----------------------------------------------------------------------

Summary of changes:
 g10/keyedit.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Aug 10 11:41:16 2017
From: cvs at cvs.gnupg.org (by Justus Winter)
Date: Thu, 10 Aug 2017 11:41:16 +0200
Subject: [git] gnupg-doc - branch, master,
 updated. 904ba293ec7ee27f4636b04cc7ca8bc94bbc0f14
Message-ID: <E1dfjxs-00032F-VV@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, master has been updated
       via  904ba293ec7ee27f4636b04cc7ca8bc94bbc0f14 (commit)
       via  dae1c1897fa2b47b055748192c1bba59aa288af2 (commit)
      from  077bca1a74fabaf835e61d5d6d42111c8a88e337 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 904ba293ec7ee27f4636b04cc7ca8bc94bbc0f14
Author: Justus Winter <justus at g10code.com>
Date:   Thu Aug 10 11:41:05 2017 +0200

    jenkins: increase timeout for w32 tests

diff --git a/misc/jenkins/bin/run-tests-w32.bash b/misc/jenkins/bin/run-tests-w32.bash
index 799f7fa..43a8b38 100755
--- a/misc/jenkins/bin/run-tests-w32.bash
+++ b/misc/jenkins/bin/run-tests-w32.bash
@@ -15,6 +15,7 @@ URI="qemu:///system"
 GUEST="win8.1"
 GUEST_CDROM="sda"
 SSH="gpg at 192.168.122.117"
+SSH_COMMAND_TIMEOUT="60m"
 
 function vdo() {
     virsh -c "$URI" "$@"
@@ -22,7 +23,7 @@ function vdo() {
 
 function vssh() {
     # OpenSSH on Windows does not cope well with a closed stdin.
-    timeout </dev/zero 10m ssh "$SSH" "$@"
+    timeout </dev/zero "$SSH_COMMAND_TIMEOUT" ssh "$SSH" "$@"
 }
 
 function vping() {

commit dae1c1897fa2b47b055748192c1bba59aa288af2
Author: Justus Winter <justus at g10code.com>
Date:   Thu Aug 10 11:40:42 2017 +0200

    jenkins: add powershell hints

diff --git a/misc/jenkins/README.org b/misc/jenkins/README.org
index 4555109..e484893 100644
--- a/misc/jenkins/README.org
+++ b/misc/jenkins/README.org
@@ -161,8 +161,16 @@ Connect to the machine from your desktop machine:
 
  you at home $ virt-viewer -c qemu+ssh://jenkins at soro.g10code.com/system win8.1
 
-Do whatever maintenance work is necessary.  Shutdown the machine.
-Create a new snapshot 'test-new':
+Do whatever maintenance work is necessary.
+
+Hints:
+ - Start a powershell:
+   Open the file explorer, enter 'powershell' into the location bar (ctrl-l).
+ - Right mouse button pastes in powershell.
+ - Elevate privileges in powershell:
+    > Start-Process powershell -verb runAs
+
+Shutdown the machine.  Create a new snapshot 'test-new':
 
  jenkins at soro:~$ virsh -c qemu:///system snapshot-create-as win8.1 --name "tests-new" --description "Updated OpenSSH to xxx"
 

-----------------------------------------------------------------------

Summary of changes:
 misc/jenkins/README.org             | 12 ++++++++++--
 misc/jenkins/bin/run-tests-w32.bash |  3 ++-
 2 files changed, 12 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Aug 10 12:07:16 2017
From: cvs at cvs.gnupg.org (by Justus Winter)
Date: Thu, 10 Aug 2017 12:07:16 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.23-3-g23107ba
Message-ID: <E1dfkN3-0007ao-GI@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  23107ba20f8b4eb5482b480ad6a8af6b39d2bfeb (commit)
      from  977fc5f0eb9fdee19e66bea8cd2eb5414789b485 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 23107ba20f8b4eb5482b480ad6a8af6b39d2bfeb
Author: Justus Winter <justus at g10code.com>
Date:   Thu Aug 10 12:04:43 2017 +0200

    tests: Improve documentation.
    
    * tests/openpgp/README: Add quickstart instructions, how to use
    shell.scm, remove no longer used MKDATA.
    
    Signed-off-by: Justus Winter <justus at g10code.com>

diff --git a/tests/openpgp/README b/tests/openpgp/README
index 42e78ae..94a00fa 100644
--- a/tests/openpgp/README
+++ b/tests/openpgp/README
@@ -1,6 +1,15 @@
 #                                   Emacs, this is an -*- org -*- file.
 
 * How to run the test suite
+** tldr: How to run all tests fast.
+
+ obj $ make check-all TESTFLAGS=--parallel
+
+You can use --parallel=N to request N parallel jobs.  Hint: Tuck
+TESTFLAGS=--parallel in your environment.
+
+** Running individual test suites or tests
+
 From your build directory, run
 
   obj $ make -C tests/openpgp check
@@ -16,6 +25,34 @@ spawned programs to their standard error stream, verbose=2 to see what
 programs are executed, or verbose=3 to see even more program output
 and exit codes.
 
+** Inspecting the test environment
+
+To inspect the environment in which tests are running, or to quickly
+create keys for debugging or testing, you can start a shell.  There is
+one test that doese just that:
+
+  obj $ make -C tests/openpgp check TESTS=shell.scm
+  PASS: tests/openpgp/setup.scm
+  Load legacy test environment? [Y/n] y
+  Drop 'batch' from gpg.conf? [Y/n] y
+
+  Enjoy your test environment.  Type 'exit' to exit it, it will be cleaned up after you.
+
+  ... $ gpg -k Alfa
+  gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
+  gpg: It is only intended for test purposes and should NOT be
+  gpg: used in a production environment or with production keys!
+  gpg: /tmp/gpgscm-20170809T144032-run-tests-PFfybw/trustdb.gpg: trustdb created
+  pub   dsa1024 1999-03-08 [SCA]
+        A0FF4590BB6122EDEF6E3C542D727CC768697734
+  uid           [ unknown] Alfa Test (demo key) <alfa at example.net>
+  uid           [ unknown] Alpha Test (demo key) <alpha at example.net>
+  uid           [ unknown] Alice (demo key)
+  sub   elg1024 1999-03-08 [E]
+
+PATH is adjusted so that you will use the tools from the build tree.
+Note that the directory is removed when you exit the shell.
+
 ** Passing options to the test driver
 
 You can set TESTFLAGS to pass flags to 'run-tests.scm'.  For example,
@@ -58,9 +95,9 @@ suite.
 The test suite does not hardcode any paths to tools.  If set it is
 used to locate the tools to test, otherwise the test suite assumes to
 be run from the build directory.
-**** MKTDATA and GPG_PRESET_PASSPHRASE
-These two tools are not installed by 'make install', hence we need to
-explicitly override their position.  In fact, the location of any tool
+**** GPG_PRESET_PASSPHRASE
+This tool is not installed by 'make install', hence we need to
+explicitly override its position.  In fact, the location of any tool
 used by the test suite can be overridden this way.  See defs.scm.
 **** argv[0]
 run-tests.scm depends on being able to re-exec gpgscm.  It uses

-----------------------------------------------------------------------

Summary of changes:
 tests/openpgp/README | 43 ++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 40 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Aug 10 12:45:36 2017
From: cvs at cvs.gnupg.org (by Ineiev)
Date: Thu, 10 Aug 2017 12:45:36 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.23-4-g2d6832a
Message-ID: <E1dfky9-0004iL-Fl@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  2d6832aa83ebdf3fe422c7c7d5411d1b44a6ac34 (commit)
      from  23107ba20f8b4eb5482b480ad6a8af6b39d2bfeb (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 2d6832aa83ebdf3fe422c7c7d5411d1b44a6ac34
Author: Ineiev <ineiev at gnu.org>
Date:   Sat Aug 5 12:27:44 2017 +0000

    po: Update Russian translation
    
    --
    
    There was a small merge conflict.  I hope I did not mess it up. -wk

diff --git a/po/ru.po b/po/ru.po
index 652803e..a7fb60c 100644
--- a/po/ru.po
+++ b/po/ru.po
@@ -1,4 +1,4 @@
-# Copyright (C) 2015 Free Software Foundation, Inc.
+# Copyright (C) 2017 Free Software Foundation, Inc.
 # This file is distributed under the same license as the GnuPG package.
 # Maxim Britov <maxim.britov at gmail.com>, 2006.
 #              !-- no such user (2011-01-11)
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: GnuPG 2.1.0\n"
 "Report-Msgid-Bugs-To: translations at gnupg.org\n"
-"PO-Revision-Date: 2017-03-01 17:17+0000\n"
+"PO-Revision-Date: 2017-08-05 17:17+0000\n"
 "Last-Translator: Ineiev <ineiev at gnu.org>\n"
 "Language-Team: Russian <gnupg-ru at gnupg.org>\n"
 "Language: ru\n"
@@ -378,7 +378,7 @@ msgid "enable ssh support"
 msgstr "???????? ????????? ssh"
 
 msgid "|ALGO|use ALGO to show ssh fingerprints"
-msgstr ""
+msgstr "|ALGO|???????????? ???????? ALGO ??? ??????????? ??????????"
 
 msgid "enable putty support"
 msgstr "???????? ????????? putty"
@@ -1209,15 +1209,16 @@ msgstr "????????: %s\n"
 
 msgid "Note: Outdated servers may lack important security fixes.\n"
 msgstr ""
+"?????????: ?? ?????? ???????? ????? ???? ?????????? ??????, "
+"????????? ??? ????????????.\n"
 
 #, c-format
 msgid "Note: Use the command \"%s\" to restart them.\n"
-msgstr ""
+msgstr "?????????: ??? ?? ???????????? ?????????????? ???????? \"%s\".\n"
 
-#, fuzzy, c-format
-#| msgid "%s does not yet work with %s\n"
+#, c-format
 msgid "%s is not compliant with %s mode\n"
-msgstr "%s ???? ?? ???????? ????????? ? %s!\n"
+msgstr "%s ?? ????????? ? ??????? %s\n"
 
 #, c-format
 msgid "OpenPGP card not available: %s\n"
@@ -1569,15 +1570,13 @@ msgstr ""
 "????????: ?????????????? ????????????? ????????????? ????? %s (%d)\n"
 "          ???????? ???????????? ??????????\n"
 
-#, fuzzy, c-format
-#| msgid "you may not use cipher algorithm '%s' while in %s mode\n"
+#, c-format
 msgid "cipher algorithm '%s' may not be used in %s mode\n"
-msgstr "?????????? '%s' ? ?????? %s ???????????? ??????\n"
+msgstr "???????? ?????????? '%s' ?????? ???????????? ? ?????? %s\n"
 
-#, fuzzy, c-format
-#| msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
+#, c-format
 msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
-msgstr "????????: ???????? \"%s%s\" ??????? - ?? ????????????\n"
+msgstr "????????: ???? %s ?? ???????? ??? ?????????? ? ?????? %s\n"
 
 #, c-format
 msgid ""
@@ -1595,10 +1594,9 @@ msgstr ""
 msgid "%s/%s encrypted for: \"%s\"\n"
 msgstr "%s/%s ??????????? ??? ???????????? \"%s\"\n"
 
-#, fuzzy, c-format
-#| msgid "you may not use %s while in %s mode\n"
+#, c-format
 msgid "option '%s' may not be used in %s mode\n"
-msgstr "?????? ???????????? %s ? ?????? %s\n"
+msgstr "???????? '%s' ?????? ???????????? ? ?????? %s\n"
 
 #, c-format
 msgid "%s encrypted data\n"
@@ -2274,15 +2272,13 @@ msgstr "???????????? ?????? ???????????? ????
 msgid "%s does not yet work with %s\n"
 msgstr "%s ???? ?? ???????? ????????? ? %s!\n"
 
-#, fuzzy, c-format
-#| msgid "you may not use digest algorithm '%s' while in %s mode\n"
+#, c-format
 msgid "digest algorithm '%s' may not be used in %s mode\n"
-msgstr "???-??????? '%s' ? ?????? %s ???????????? ??????\n"
+msgstr "???-??????? '%s' ?????? ???????????? ? ?????? %s\n"
 
-#, fuzzy, c-format
-#| msgid "you may not use compression algorithm '%s' while in %s mode\n"
+#, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
-msgstr "?????? '%s' ? ?????? %s ???????????? ??????\n"
+msgstr "???????? ?????? '%s' ?????? ???????????? ? ?????? %s\n"
 
 #, c-format
 msgid "failed to initialize the TrustDB: %s\n"
@@ -2300,8 +2296,7 @@ msgstr "???? ????????????? ?????????? '%s': %s\n"
 msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 msgstr "--symmetric --encrypt ?????? ???????????? ????????? ? --s2k-mode 0\n"
 
-#, fuzzy, c-format
-#| msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+#, c-format
 msgid "you cannot use --symmetric --encrypt in %s mode\n"
 msgstr "? ?????? %s ?????? ???????????? --symmetric --encrypt\n"
 
@@ -2309,8 +2304,7 @@ msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 msgstr ""
 "?????? ???????????? --symmetric --sign --encrypt ????????? ? --s2k-mode 0\n"
 
-#, fuzzy, c-format
-#| msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+#, c-format
 msgid "you cannot use --symmetric --sign --encrypt in %s mode\n"
 msgstr "? ?????? %s ?????? ???????????? --symmetric --sign --encrypt\n"
 
@@ -2432,10 +2426,8 @@ msgstr "????????? ??????? ??????? ? ??????????
 msgid "assume the GnuPG key backup format"
 msgstr "??????? ????? ? ???????? ??????? GnuPG"
 
-#, fuzzy
-#| msgid "show key during import"
 msgid "repair keys on import"
-msgstr "?????????? ???? ?? ????? ???????"
+msgstr "?????????? ????? ??? ???????"
 
 #, c-format
 msgid "skipping block of type %d\n"
@@ -3268,20 +3260,16 @@ msgstr "???? ??? ??????????: %s\n"
 msgid "Key not changed so no update needed.\n"
 msgstr "???? ?? ????????? - ?????????? ?? ?????.\n"
 
-#, fuzzy
-#| msgid "You can't delete the last user ID!\n"
 msgid "cannot revoke the last valid user ID.\n"
-msgstr "?? ?? ?????? ??????? ????????? ????????????? ????????????!\n"
+msgstr "?????? ??????? ????????? ?????????????? ????????????? ????????????.\n"
 
-#, fuzzy, c-format
-#| msgid "checking the trust list failed: %s\n"
+#, c-format
 msgid "revoking the user ID failed: %s\n"
-msgstr "???? ???????? ?????? ???????: %s\n"
+msgstr "???? ?????? ?????????????? ????????????: %s\n"
 
-#, fuzzy, c-format
-#| msgid "checking the trust list failed: %s\n"
+#, c-format
 msgid "setting the primary user ID failed: %s\n"
-msgstr "???? ???????? ?????? ???????: %s\n"
+msgstr "???? ????????? ?????????? ?????????????? ????????????: %s\n"
 
 #, c-format
 msgid "\"%s\" is not a fingerprint\n"
@@ -3305,15 +3293,13 @@ msgstr "??????????? ??????.\n"
 msgid "'%s' is not a valid expiration time\n"
 msgstr "'%s' - ?? ?????????? ???? ????????\n"
 
-#, fuzzy, c-format
-#| msgid "\"%s\" is not a fingerprint\n"
+#, c-format
 msgid "\"%s\" is not a proper fingerprint\n"
-msgstr "\"%s\" - ?? ?????????\n"
+msgstr "\"%s\" - ?? ?????????? ?????????\n"
 
-#, fuzzy, c-format
-#| msgid "key \"%s\" not found\n"
+#, c-format
 msgid "subkey \"%s\" not found\n"
-msgstr "???? \"%s\" ?? ??????\n"
+msgstr "??????? \"%s\" ?? ??????\n"
 
 msgid "Digest: "
 msgstr "???: "
@@ -3621,10 +3607,8 @@ msgstr ""
 "????????: ??????? ?????????????? ???????????? ?????????? %d ????????? ? "
 "???????\n"
 
-#, fuzzy
-#| msgid "You can't delete the last user ID!\n"
 msgid "Cannot revoke the last valid user ID.\n"
-msgstr "?? ?? ?????? ??????? ????????? ????????????? ????????????!\n"
+msgstr "?????? ??????? ????????? ?????????????? ????????????? ????????????.\n"
 
 #, c-format
 msgid "Key %s is already revoked.\n"
@@ -4398,10 +4382,9 @@ msgstr "[???????????]"
 msgid "                aka \"%s\""
 msgstr "                ??? \"%s\""
 
-#, fuzzy, c-format
-#| msgid "WARNING: This key is not certified with a trusted signature!\n"
+#, c-format
 msgid "WARNING: This key is not suitable for signing in %s mode\n"
-msgstr "????????: ?????? ???? ?? ??????? ?????????? ????????!\n"
+msgstr "????????: ?????? ???? ?? ???????? ??? ??????? ? ?????? %s\n"
 
 #, c-format
 msgid "Signature expired %s\n"
@@ -4937,10 +4920,9 @@ msgstr "?? ???? ??????? ??????????? ?????? '%s'\n"
 msgid "can't open signed data fd=%d: %s\n"
 msgstr "?? ???? ??????? ??????????? ?????? fd=%d: %s\n"
 
-#, fuzzy, c-format
-#| msgid "certificate is not usable for encryption\n"
+#, c-format
 msgid "key %s is not suitable for decryption in %s mode\n"
-msgstr "?????????? ?? ???????? ??? ??????????\n"
+msgstr "???? %s ?? ???????? ??? ????????????? ? ?????? %s\n"
 
 #, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
@@ -5117,10 +5099,9 @@ msgstr "???? %s %s ??????? %zu-??????? ??? ????? ??
 msgid "WARNING: signature digest conflict in message\n"
 msgstr "????????: ???????? ????? ???????? ? ?????????\n"
 
-#, fuzzy, c-format
-#| msgid "you may not use %s while in %s mode\n"
+#, c-format
 msgid "key %s may not be used for signing in %s mode\n"
-msgstr "?????? ???????????? %s ? ?????? %s\n"
+msgstr "???? %s ?????? ???????????? ??? ??????? ? ?????? %s\n"
 
 #, c-format
 msgid "WARNING: signing subkey %s is not cross-certified\n"

-----------------------------------------------------------------------

Summary of changes:
 po/ru.po | 93 ++++++++++++++++++++++++++--------------------------------------
 1 file changed, 37 insertions(+), 56 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Aug 10 15:59:45 2017
From: cvs at cvs.gnupg.org (by Kai Michaelis)
Date: Thu, 10 Aug 2017 15:59:45 +0200
Subject: [git] KSBA - branch, master, updated. libksba-1.3.5-9-g3e029a4
Message-ID: <E1dfo01-00010U-9C@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "KSBA is a library to access X.509 certificates and CMS data.".

The branch, master has been updated
       via  3e029a4ed0059116febe05924a14009ca622e3c5 (commit)
      from  ad36a28e3a0580c1a9547843c03e1af172681efc (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 3e029a4ed0059116febe05924a14009ca622e3c5
Author: Kai Michaelis <kai at gnupg.org>
Date:   Wed Aug 9 18:02:06 2017 +0200

    Generate coverage information.
    
    * autogen.sh: add options --coverage and --report to help w/ coverage
    info collection and reporting.
    * m4/gcov.m4: new file. Boilerplate for locating gcov et.al.
    * Makefile.am: add coverage-report target
    
    GnuPG-Bud-Id: 3050
    --
    To measure test coverage gcov and lcov needs to be installed and
    ./configure called w/ --enable-gcov. The coverage-html make target will
    then create a HTML report.

diff --git a/Makefile.am b/Makefile.am
index a19c382..f188cda 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -79,3 +79,25 @@ gen-ChangeLog:
 
 stowinstall:
 	$(MAKE) $(AM_MAKEFLAGS) install prefix=/usr/local/stow/libksba
+
+# Coverage targets
+if HAVE_GCOV
+
+.PHONY: clean-coverage
+clean-coverage:
+	@echo Removing old coverage results
+	-find -name '*.gcda' -print | xargs -r rm
+	-find -name '*.gcno' -print | xargs -r rm
+	-rm -rf coverage.info coveragereport
+
+.PHONY: coverage-html clean-coverage
+coverage-html: check
+	@echo Collecting coverage data with lcov
+	$(top_srcdir)/autogen.sh --coverage $(LCOV) $(GCOV) $(abs_builddir) \
+		tests src
+	$(top_srcdir)/autogen.sh --report $(LCOV) $(GENHTML) $(abs_builddir) \
+		'*/tests/*' '*/asn1-parse.c' '*/asn1-parse.y'
+
+clean-local: clean-coverage
+
+endif # HAVE_GCOV
diff --git a/autogen.sh b/autogen.sh
index 7effd56..3771c58 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -171,6 +171,14 @@ case "$1" in
         fatal "**Error**: invalid build option $1"
         shift
         ;;
+    --coverage)
+        myhost="coverage"
+        shift
+        ;;
+    --report)
+        myhost="report"
+        shift
+        ;;
     *)
         ;;
 esac
@@ -239,6 +247,62 @@ if [ "$myhost" = "find-version" ]; then
 fi
 # **** end FIND VERSION ****
 
+# **** COVERAGE ****
+# This is a helper for the code coverage collection
+# Called
+#   ./autogen.sh --coverage lcov gcov [dirs...]
+if [ "$myhost" = "coverage" ]; then
+  LCOV="$1"
+  GCOV="$2"
+  BASE=`realpath "$3"`
+  COVINFO=""
+
+  shift 3
+
+  while [ x"$1" != "x" ]; do
+    P="$1"
+    $LCOV --gcov-tool $GCOV \
+          --base-directory "$BASE"/"$P" \
+          --directory "$P" \
+          --output-file coverage.info.`basename "$P"` \
+          --capture --no-checksum --compat-libtool \
+          --rc lcov_branch_coverage=1
+    COVINFO="$COVINFO -a coverage.info."`basename "$P"`
+    shift
+  done
+
+  $LCOV $COVINFO --base-directory "$BASE" --output-file coverage.info \
+          --no-checksum \
+          --rc lcov_branch_coverage=1
+
+  exit 0
+fi
+# **** end COVERAGE ****
+
+# **** COVERAGE_REPORT ****
+# This is a helper for the code coverage report
+# Called
+#   ./autogen.sh --report lcov genhtml [exclude...]
+if [ "$myhost" = "report" ]; then
+  LCOV="$1"
+  GENHTML="$2"
+
+  shift 2
+
+  while [ x"$1" != "x" ]; do
+    P="$1"
+    $LCOV --remove coverage.info "$P" -o coverage.info \
+          --rc lcov_branch_coverage=1
+    shift
+  done
+
+  LANG=C $GENHTML --output-directory coveragereport --title "Code Coverage" \
+                  --legend --show-details coverage.info \
+                  --rc lcov_branch_coverage=1
+
+  exit 0
+fi
+# **** end COVERAGE_REPORT ****
 
 if [ ! -f "$tsdir/build-aux/config.guess" ]; then
     fatal "$tsdir/build-aux/config.guess not found"
diff --git a/configure.ac b/configure.ac
index d3a0fd6..d66e270 100644
--- a/configure.ac
+++ b/configure.ac
@@ -127,6 +127,14 @@ gl_EARLY
 AC_PROG_YACC
 AX_PROG_BISON([have_bison=yes],[have_bison=no])
 
+if test "$USE_MAINTAINER_MODE" = "yes"; then
+	# gcov coverage reporting
+	AC_CHECK_PROGS(GCOV, [gcov], gcov)
+	AC_TDD_GCOV
+	AC_SUBST(COVERAGE_CFLAGS)
+	AC_SUBST(COVERAGE_LDFLAGS)
+fi
+
 AC_C_INLINE
 
 # We need to compile and run a program on the build machine.
diff --git a/m4/Makefile.am b/m4/Makefile.am
index 6078d25..fdbffdd 100644
--- a/m4/Makefile.am
+++ b/m4/Makefile.am
@@ -1,5 +1,5 @@
 
 EXTRA_DIST = autobuild.m4  gnupg-typedef.m4  gpg-error.m4  libgcrypt.m4 \
-             libtool.m4 ax_prog_bison.m4
+             libtool.m4 ax_prog_bison.m4 gcov.m4
 
 
diff --git a/m4/gcov.m4 b/m4/gcov.m4
new file mode 100644
index 0000000..ad1d3ec
--- /dev/null
+++ b/m4/gcov.m4
@@ -0,0 +1,93 @@
+# Copyright 2012 Canonical Ltd.
+#
+# This program is free software: you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 3, as published
+# by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranties of
+# MERCHANTABILITY, SATISFACTORY QUALITY, or FITNESS FOR A PARTICULAR
+# PURPOSE.  See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# Checks for existence of coverage tools:
+#  * gcov
+#  * lcov
+#  * genhtml
+#  * gcovr
+#
+# Sets ac_cv_check_gcov to yes if tooling is present
+# and reports the executables to the variables LCOV, GCOVR and GENHTML.
+AC_DEFUN([AC_TDD_GCOV],
+[
+  AC_ARG_ENABLE(gcov,
+  AS_HELP_STRING([--enable-gcov],
+		 [enable coverage testing with gcov]),
+  [use_gcov=yes], [use_gcov=no])
+
+  AM_CONDITIONAL(HAVE_GCOV, test "x$use_gcov" = "xyes")
+
+  if test "x$use_gcov" = "xyes"; then
+  # we need gcc:
+  if test "$GCC" != "yes"; then
+    AC_MSG_ERROR([GCC is required for --enable-gcov])
+  fi
+
+  # Check if ccache is being used
+  AC_CHECK_PROG(SHTOOL, shtool, shtool)
+  if test "$SHTOOL"; then
+    AS_CASE([`$SHTOOL path $CC`],
+                [*ccache*], [gcc_ccache=yes],
+                [gcc_ccache=no])
+  fi
+
+  if test "$gcc_ccache" = "yes" && (test -z "$CCACHE_DISABLE" || test "$CCACHE_DISABLE" != "1"); then
+    AC_MSG_ERROR([ccache must be disabled when --enable-gcov option is used. You can disable ccache by setting environment variable CCACHE_DISABLE=1.])
+  fi
+
+  lcov_version_list="1.6 1.7 1.8 1.9 1.10 1.11 1.12 1.13"
+  AC_CHECK_PROG(LCOV, lcov, lcov)
+  AC_CHECK_PROG(GENHTML, genhtml, genhtml)
+
+  if test "$LCOV"; then
+    AC_CACHE_CHECK([for lcov version], glib_cv_lcov_version, [
+      glib_cv_lcov_version=invalid
+      lcov_version=`$LCOV -v 2>/dev/null | $SED -e 's/^.* //'`
+      for lcov_check_version in $lcov_version_list; do
+        if test "$lcov_version" = "$lcov_check_version"; then
+          glib_cv_lcov_version="$lcov_check_version (ok)"
+        fi
+      done
+    ])
+  else
+    lcov_msg="To enable code coverage reporting you must have one of the following lcov versions installed: $lcov_version_list"
+    AC_MSG_ERROR([$lcov_msg])
+  fi
+
+  case $glib_cv_lcov_version in
+    ""|invalid[)]
+      lcov_msg="You must have one of the following versions of lcov: $lcov_version_list (found: $lcov_version)."
+      AC_MSG_ERROR([$lcov_msg])
+      LCOV="exit 0;"
+      ;;
+  esac
+
+  if test -z "$GENHTML"; then
+    AC_MSG_ERROR([Could not find genhtml from the lcov package])
+  fi
+
+  # Remove all optimization flags from CFLAGS
+  changequote({,})
+  CFLAGS=`echo "$CFLAGS" | $SED -e 's/-O[0-9]*//g'`
+  CPPFLAGS=`echo "$CPPFLAGS" | $SED -e 's/-O[0-9]*//g'`
+  changequote([,])
+
+  # Add the special gcc flags
+  COVERAGE_CFLAGS="--coverage -DDEBUG"
+  COVERAGE_CXXFLAGS="--coverage -DDEBUG"
+  COVERAGE_LDFLAGS="--coverage -lgcov"
+
+fi
+]) # AC_TDD_GCOV
diff --git a/src/Makefile.am b/src/Makefile.am
index 7e3f06b..e8a5692 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -36,7 +36,7 @@ CLEANFILES = asn1-gentables
 DISTCLEANFILES = asn1-tables.c
 
 AM_CPPFLAGS =  -I$(top_builddir)/gl -I$(top_srcdir)/gl
-AM_CFLAGS = $(GPG_ERROR_CFLAGS)
+AM_CFLAGS = $(GPG_ERROR_CFLAGS) $(COVERAGE_CFLAGS)
 
 
 if HAVE_LD_VERSION_SCRIPT
@@ -82,7 +82,8 @@ endif !HAVE_W32_SYSTEM
 
 libksba_la_LDFLAGS = $(no_undefined) $(export_symbols) $(extra_ltoptions) \
       $(libksba_version_script_cmd) -version-info \
-      @LIBKSBA_LT_CURRENT@:@LIBKSBA_LT_REVISION@:@LIBKSBA_LT_AGE@
+      @LIBKSBA_LT_CURRENT@:@LIBKSBA_LT_REVISION@:@LIBKSBA_LT_AGE@ \
+      $(COVERAGE_LDFLAGS)
 libksba_la_INCLUDES = -I$(top_srcdir)/lib
 libksba_la_DEPENDENCIES = $(srcdir)/libksba.vers $(ksba_deps)
 libksba_la_LIBADD = $(ksba_res) @LTLIBOBJS@ @GPG_ERROR_LIBS@
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 949a812..9652674 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -41,8 +41,8 @@ CLEANFILES = oidtranstbl.h
 
 TESTS = cert-basic t-crl-parser t-dnparser t-oid t-reader
 
-AM_CFLAGS = $(GPG_ERROR_CFLAGS)
-AM_LDFLAGS = -no-install
+AM_CFLAGS = $(GPG_ERROR_CFLAGS) $(COVERAGE_CFLAGS)
+AM_LDFLAGS = -no-install $(COVERAGE_LDFLAGS)
 
 noinst_HEADERS = t-common.h
 noinst_PROGRAMS = $(TESTS) t-cms-parser t-crl-parser t-dnparser t-ocsp

-----------------------------------------------------------------------

Summary of changes:
 Makefile.am       | 22 +++++++++++++
 autogen.sh        | 64 ++++++++++++++++++++++++++++++++++++++
 configure.ac      |  8 +++++
 m4/Makefile.am    |  2 +-
 m4/gcov.m4        | 93 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 src/Makefile.am   |  5 +--
 tests/Makefile.am |  4 +--
 7 files changed, 193 insertions(+), 5 deletions(-)
 create mode 100644 m4/gcov.m4


hooks/post-receive
-- 
KSBA is a library to access X.509 certificates and CMS data.
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Aug 10 16:11:58 2017
From: cvs at cvs.gnupg.org (by Marcus Brinkmann)
Date: Thu, 10 Aug 2017 16:11:58 +0200
Subject: [git] GPGME - branch, master, updated. gpgme-1.9.0-58-g274609b
Message-ID: <E1dfoBq-00032W-8H@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".

The branch, master has been updated
       via  274609baceda3378b21f84c3ae6a44806dad2dba (commit)
      from  d3796e4504a2b4f422de17d78f3acfe8dd199c9c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 274609baceda3378b21f84c3ae6a44806dad2dba
Author: Marcus Brinkmann <marcus.brinkmann at ruhr-uni-bochum.de>
Date:   Thu Aug 10 16:10:40 2017 +0200

    doc: Add more tofu documentation.
    
    * doc/gpgme.texi (gpgme_tofu_info_t): Document structure.
    (gpgme_sigsum_t): Document GPGME_SIGSUM_TOFU_CONFLICT.
    
    Signed-off-by: Marcus Brinkmann <mb at g10code.com>
    GnuPG-bug-id: 2816

diff --git a/doc/gpgme.texi b/doc/gpgme.texi
index 31929d3..37760af 100644
--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@@ -3276,6 +3276,75 @@ Reserved for the time of the last update of this user ID.
 @end deftp
 
 
+ at deftp {Data type} gpgme_tofu_info_t
+
+The @code{gpgme_tofu_info_t} type is a pointer to a tofu info
+structure.  Tofu info structures are one component of a
+ at code{gpgme_user_id_t} object, and provide information from the TOFU
+database pertaining to the user ID.
+
+The tofu info structure has the following members:
+
+ at table @code
+ at item gpgme_key_sig_t next
+This is a pointer to the next tofu info structure in the linked
+list, or @code{NULL} if this is the last element.
+
+ at item unsigned int validity : 3
+This is the TOFU validity.  It can have the following values:
+
+ at table @code
+ at item 0
+The value @code{0} indicates a conflict.
+
+ at item 1
+The value @code{1} indicates a key without history.
+
+ at item 2
+The value @code{2} indicates a key with too little history.
+
+ at item 3
+The value @code{3} indicates a key with enough history for basic trust.
+
+ at item 4
+The value @code{4} indicates a key with a lot of history.
+
+ at end table
+
+ at item unsigned int policy : 4
+This is the TOFU policy, see @code{gpgme_tofu_policy_t}.
+
+ at item unsigned short signcount
+This is the number of signatures seen for this binding (or
+ at code{USHRT_MAX} if there are more than that).
+
+ at item unsigned short encrcount
+This is the number of encryptions done with this binding (or
+ at code{USHRT_MAX} if there are more than that).
+
+ at item unsigned long signfirst
+Number of seconds since Epoch when the first signature was seen with
+this binding.
+
+ at item unsigned long signlast
+Number of seconds since Epoch when the last signature was seen with
+this binding.
+
+ at item unsigned long encrfirst
+Number of seconds since Epoch when the first encryption was done with
+this binding.
+
+ at item unsigned long encrlast
+Number of seconds since Epoch when the last encryption was done with
+this binding.
+
+ at item char *description
+A human-readable string summarizing the TOFU data (or NULL).
+
+ at end table
+ at end deftp
+
+
 @deftp {Data type} gpgme_key_sig_t
 
 The @code{gpgme_key_sig_t} type is a pointer to a key signature structure.
@@ -5196,6 +5265,9 @@ The defined bits are:
 
   @item GPGME_SIGSUM_SYS_ERROR
   A system error occured.
+
+  @item GPGME_SIGSUM_TOFU_CONFLICT
+  A TOFU conflict was detected.
   @end table
 
 @item char *fpr

-----------------------------------------------------------------------

Summary of changes:
 doc/gpgme.texi | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 72 insertions(+)


hooks/post-receive
-- 
GnuPG Made Easy
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Aug 10 16:51:32 2017
From: cvs at cvs.gnupg.org (by Marcus Brinkmann)
Date: Thu, 10 Aug 2017 16:51:32 +0200
Subject: [git] GPGME - branch, master, updated. gpgme-1.9.0-59-gdfb3ca8
Message-ID: <E1dfoo8-00015Z-7c@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".

The branch, master has been updated
       via  dfb3ca85680534b3885ab04d3fba4752c5a6f998 (commit)
      from  274609baceda3378b21f84c3ae6a44806dad2dba (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit dfb3ca85680534b3885ab04d3fba4752c5a6f998
Author: Marcus Brinkmann <marcus.brinkmann at ruhr-uni-bochum.de>
Date:   Thu Aug 10 16:50:11 2017 +0200

    doc: Clarify import keys operation.
    
    * doc/gpgme.texi (gpgme_op_import_start): Fix grammar.
    (gpgme_op_import_keys): Clarify some wording and fix result.
    * src/import.c (gpgme_op_import_keys): Clarify comment.
    
    Signed-off-by: Marcus Brinkmann <mb at g10code.com>
    GnuPG-bug-id: 3215

diff --git a/doc/gpgme.texi b/doc/gpgme.texi
index 37760af..bf84629 100644
--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@@ -4449,34 +4449,32 @@ The function @code{gpgme_op_import_start} initiates a
 
 The function returns the error code @code{GPG_ERR_NO_ERROR} if the
 import could be started successfully, @code{GPG_ERR_INV_VALUE} if
- at var{keydata} if @var{ctx} or @var{keydata} is not a valid pointer,
-and @code{GPG_ERR_NO_DATA} if @var{keydata} is an empty data buffer.
+ at var{ctx} or @var{keydata} is not a valid pointer, and
+ at code{GPG_ERR_NO_DATA} if @var{keydata} is an empty data buffer.
 @end deftypefun
 
 @deftypefun gpgme_error_t gpgme_op_import_keys (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_key_t *@var{keys}})
-The function @code{gpgme_op_import_keys} adds the keys described by the
- at code{NULL} terminated array @var{keys} to the key ring of the crypto
-engine used by @var{ctx}.  This function is the general interface to
-move a key from one crypto engine to another as long as they are
-compatible.  In particular it is used to actually import and make keys
-permanent which have been retrieved from an external source (i.e. using
- at code{GPGME_KEYLIST_MODE_EXTERN}).  @footnote{Thus it is a replacement
-for the usual workaround of exporting and then importing a key to make
-an X.509 key permanent.}
+The function @code{gpgme_op_import_keys} adds the keys described by
+the @code{NULL} terminated array @var{keys} to the key ring of the
+crypto engine used by @var{ctx}.  It is used to actually import and
+make keys permanent which have been retrieved from an external source
+(i.e. using @code{GPGME_KEYLIST_MODE_EXTERN}).  @footnote{Thus it is a
+replacement for the usual workaround of exporting and then importing a
+key to make an X.509 key permanent.}
 
 Only keys of the currently selected protocol of @var{ctx} are
 considered for import.  Other keys specified by the @var{keys} are
 ignored.  As of now all considered keys must have been retrieved using
-the same method, that is the used key listing mode must be identical.
+the same method, i.e. the used key listing mode must be identical.
 
 After the operation completed successfully, the result can be
 retrieved with @code{gpgme_op_import_result}.
 
 The function returns the error code @code{GPG_ERR_NO_ERROR} if the
 import was completed successfully, @code{GPG_ERR_INV_VALUE} if
- at var{keydata} if @var{ctx} or @var{keydata} is not a valid pointer,
- at code{GPG_ERR_CONFLICT} if the key listing mode does not match, and
- at code{GPG_ERR_NO_DATA} if no keys are considered for export.
+ at var{ctx} is not a valid pointer, @code{GPG_ERR_CONFLICT} if the key
+listing mode does not match, and @code{GPG_ERR_NO_DATA} if no keys are
+considered for export.
 @end deftypefun
 
 @deftypefun gpgme_error_t gpgme_op_import_keys_start (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_key_t *@var{keys}})
diff --git a/src/import.c b/src/import.c
index 4173fe9..386ca72 100644
--- a/src/import.c
+++ b/src/import.c
@@ -392,13 +392,12 @@ gpgme_op_import_keys_start (gpgme_ctx_t ctx, gpgme_key_t *keys)
 }
 
 
-/* Import the keys from the array KEYS into the keyring.  This
-   function allows to move a key from one engine to another as long as
-   they are compatible.  In particular it is used to actually import
-   keys retrieved from an external source (i.e. using
-   GPGME_KEYLIST_MODE_EXTERN).  It replaces the old workaround of
-   exporting and then importing a key as used to make an X.509 key
-   permanent.  This function automagically does the right thing.
+/* Import the keys from the array KEYS into the keyring.  In
+   particular it is used to actually import keys retrieved from an
+   external source (i.e. using GPGME_KEYLIST_MODE_EXTERN).  It
+   replaces the old workaround of exporting and then importing a key
+   as used to make an X.509 key permanent.  This function
+   automagically does the right thing.
 
    KEYS is a NULL terminated array of gpgme key objects.  The result
    is the usual import result structure.  Only keys matching the

-----------------------------------------------------------------------

Summary of changes:
 doc/gpgme.texi | 28 +++++++++++++---------------
 src/import.c   | 13 ++++++-------
 2 files changed, 19 insertions(+), 22 deletions(-)


hooks/post-receive
-- 
GnuPG Made Easy
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Aug 10 17:38:36 2017
From: cvs at cvs.gnupg.org (by Kai Michaelis)
Date: Thu, 10 Aug 2017 17:38:36 +0200
Subject: [git] KSBA - branch, master, updated. libksba-1.3.5-10-g39e633d
Message-ID: <E1dfpXg-0000EG-OX@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "KSBA is a library to access X.509 certificates and CMS data.".

The branch, master has been updated
       via  39e633d6d224cafa83d884865ac4e372709d91b7 (commit)
      from  3e029a4ed0059116febe05924a14009ca622e3c5 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 39e633d6d224cafa83d884865ac4e372709d91b7
Author: Kai Michaelis <kai at gnupg.org>
Date:   Thu Aug 10 17:17:30 2017 +0200

    Enable CMS parser test.
    
    * tests/Makefile.am: add t-cms-parser to the list of tests.
    * tests/t-cms-parser.c: change default test file to something that
      exists.

diff --git a/tests/Makefile.am b/tests/Makefile.am
index 9652674..f6436df 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -39,13 +39,13 @@ EXTRA_DIST = $(test_certs) samples/README mkoidtbl.awk
 BUILT_SOURCES = oidtranstbl.h
 CLEANFILES = oidtranstbl.h
 
-TESTS = cert-basic t-crl-parser t-dnparser t-oid t-reader
+TESTS = cert-basic t-crl-parser t-dnparser t-oid t-reader t-cms-parser
 
 AM_CFLAGS = $(GPG_ERROR_CFLAGS) $(COVERAGE_CFLAGS)
 AM_LDFLAGS = -no-install $(COVERAGE_LDFLAGS)
 
 noinst_HEADERS = t-common.h
-noinst_PROGRAMS = $(TESTS) t-cms-parser t-crl-parser t-dnparser t-ocsp
+noinst_PROGRAMS = $(TESTS) t-ocsp
 LDADD = ../src/libksba.la $(GPG_ERROR_LIBS)
 
 t_ocsp_SOURCES = t-ocsp.c sha1.c
diff --git a/tests/t-cms-parser.c b/tests/t-cms-parser.c
index e912aea..6ece100 100644
--- a/tests/t-cms-parser.c
+++ b/tests/t-cms-parser.c
@@ -233,7 +233,7 @@ main (int argc, char **argv)
   if (argc > 1)
     one_file (argv[1]);
   else
-    one_file ("x.ber");
+    one_file (prepend_srcdir ("extra/dsig-with-id-aa-encrypKeyPref-1.cms"));
   /*one_file ("pkcs7-1.ber");*/
   /*one_file ("root-cert-2.der");  should fail */
 

-----------------------------------------------------------------------

Summary of changes:
 tests/Makefile.am    | 4 ++--
 tests/t-cms-parser.c | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
KSBA is a library to access X.509 certificates and CMS data.
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Aug 11 15:44:32 2017
From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor)
Date: Fri, 11 Aug 2017 15:44:32 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.23-5-ge6f8411
Message-ID: <E1dgAEr-0002kK-NW@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  e6f84116abca2ed49bf14b2e28c3c811a3717227 (commit)
      from  2d6832aa83ebdf3fe422c7c7d5411d1b44a6ac34 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e6f84116abca2ed49bf14b2e28c3c811a3717227
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date:   Fri Aug 11 02:26:52 2017 -0400

    gpg: default to --no-auto-key-retrieve.
    
    * g10/gpg.c (main): remove KEYSERVER_AUTO_KEY_RETRIEVE from the
    default keyserver options.
    * doc/gpg.texi: document this change.
    --
    
    This is a partial reversion of
    7e1fe791d188b078398bf83c9af992cb1bd2a4b3.  Werner and i discussed it
    earlier today, and came to the conclusion that:
    
     * the risk of metadata leakage represented by a default
       --auto-key-retrieve, both in e-mail (as a "web bug") and in other
       contexts where GnuPG is used to verified signatures, is quite high.
    
     * the advantages of --auto-key-retrieve (in terms of signature
       verification) can sometimes be achieved in other ways, such as when
       a signed message includes a copy of its own key.
    
     * when those other ways are not useful, a graphical, user-facing
       application can still offer the user the opportunity to choose to
       fetch the key; or it can apply its own policy about when to set
       --auto-key-retrieve, without needing to affect the defaults.
    
    Note that --auto-key-retrieve is specifically about signature
    verification.  Decisions about how and whether to look up a key during
    message encryption are governed by --auto-key-locate.  This change
    does not touch the --auto-key-locate default of "local,wkd".  The user
    deliberately asking gpg to encrypt to an e-mail address is a different
    scenario than having an incoming e-mail trigger a potentially unique
    network request.
    
    Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>

diff --git a/doc/gpg.texi b/doc/gpg.texi
index c71126a..b6a9b2d 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1792,7 +1792,7 @@ list.  The default is "local,wkd".
 @opindex no-auto-key-retrieve
 These options enable or disable the automatic retrieving of keys from
 a keyserver when verifying signatures made by keys that are not on the
-local keyring.  The default is @option{--auto-key-retrieve}.
+local keyring.  The default is @option{--no-auto-key-retrieve}.
 
 If the method "wkd" is included in the list of methods given to
 @option{auto-key-locate}, the signer's user ID is part of the
diff --git a/g10/gpg.c b/g10/gpg.c
index c721cdc..c9fa7ae 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -2366,8 +2366,7 @@ main (int argc, char **argv)
     opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS
 					    | IMPORT_REPAIR_PKS_SUBKEY_BUG);
     opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
-    opt.keyserver_options.options = (KEYSERVER_HONOR_PKA_RECORD
-                                     | KEYSERVER_AUTO_KEY_RETRIEVE);
+    opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
     opt.verify_options = (LIST_SHOW_UID_VALIDITY
                           | VERIFY_SHOW_POLICY_URLS
                           | VERIFY_SHOW_STD_NOTATIONS

-----------------------------------------------------------------------

Summary of changes:
 doc/gpg.texi | 2 +-
 g10/gpg.c    | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Aug 11 19:33:13 2017
From: cvs at cvs.gnupg.org (by Marcus Brinkmann)
Date: Fri, 11 Aug 2017 19:33:13 +0200
Subject: [git] GPGME - branch, master, updated. gpgme-1.9.0-60-ga0cc6e0
Message-ID: <E1dgDo9-00076s-9i@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".

The branch, master has been updated
       via  a0cc6e01a8900b34cf231d8b5335ef3f85d01fdf (commit)
      from  dfb3ca85680534b3885ab04d3fba4752c5a6f998 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit a0cc6e01a8900b34cf231d8b5335ef3f85d01fdf
Author: Marcus Brinkmann <marcus.brinkmann at ruhr-uni-bochum.de>
Date:   Fri Aug 11 19:13:44 2017 +0200

    g10: Add new delete operations that allow more flags.
    
    * NEWS: Document new interfaces.
    * doc/gpgme.texi: Document new interfaces.
    * src/gpgme.h.in (GPGME_DELETE_ALLOW_SECRET, GPGME_DELETE_FORCE,
    gpgme_op_delete_ext_start, gpgme_op_delete_ext): New.
    * src/delete.c (delete_start): Change allow_secret argument to flags.
    (gpgme_op_delete_ext, gpgme_op_delete_ext_start): New functions.
    * src/engine-backend.h (delete): Change allow_secret argument to flags.
    * src/engine.c (_gpgme_engine_op_delete): Likewise.
    * src/engine.h (_gpgme_engine_op_delete): Likewise (for prototype).
    * src/engine-gpgsm.c (gpgsm_delete): Likewise.
    * src/engine-gpg.c (gpg_delete): Likewise.  Implement GPGME_DELETE_FORCE.
    * src/gpgme.def (gpgme_op_delete_ext, gpgme_op_delete_ext_start): New.
    * src/libgpgme.vers (gpgme_op_delete_ext, gpgme_op_delete_ext_start): New.
    
    Signed-off-by: Marcus Brinkmann <mb at g10code.com>
    GnuPG-bug-id: 2916

diff --git a/NEWS b/NEWS
index e193e00..24cf483 100644
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,10 @@ Noteworthy changes in version 1.9.1 (unreleased)
 
  gpgme_decrypt_result_t EXTENDED: New field 'is_de_vs'.
  gpgme_signature_t      EXTENDED: New field 'is_de_vs'.
+ gpgme_op_delete_ext    NEW
+ gpgme_op_delete_ext_start NEW
+ GPGME_DELETE_ALLOW_SECRET NEW
+ GPGME_DELETE_FORCE     NEW
  cpp: DecryptionResult::isDeVs NEW.
  cpp: Signature::isDeVs        NEW.
  py: DecryptResult EXTENDED: New boolean field 'is_de_vs'.
diff --git a/doc/gpgme.texi b/doc/gpgme.texi
index bf84629..78859cd 100644
--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@@ -4600,11 +4600,20 @@ operation is started on the context.
 @cindex key, delete
 @cindex key ring, delete from
 
- at deftypefun gpgme_error_t gpgme_op_delete (@w{gpgme_ctx_t @var{ctx}}, @w{const gpgme_key_t @var{key}}, @w{int @var{allow_secret}})
-The function @code{gpgme_op_delete} deletes the key @var{key} from the
-key ring of the crypto engine used by @var{ctx}.  If
- at var{allow_secret} is @code{0}, only public keys are deleted,
-otherwise secret keys are deleted as well, if that is supported.
+ at deftypefun gpgme_error_t gpgme_op_delete_ext (@w{gpgme_ctx_t @var{ctx}}, @w{const gpgme_key_t @var{key}}, @w{unsigned int @var{flags}})
+The function @code{gpgme_op_delete_ext} deletes the key @var{key} from
+the key ring of the crypto engine used by @var{ctx}.
+
+ at var{flags} can be set to the bit-wise OR of the following flags:
+
+ at table @code
+ at item GPGME_DELETE_ALLOW_SECRET
+If not set, only public keys are deleted. If set, secret keys are
+deleted as well, if that is supported.
+
+ at item GPGME_DELETE_FORCE
+If set, the user is not asked to confirm the deletion.
+ at end table
 
 The function returns the error code @code{GPG_ERR_NO_ERROR} if the key
 was deleted successfully, @code{GPG_ERR_INV_VALUE} if @var{ctx} or
@@ -4615,8 +4624,8 @@ unambiguously, and @code{GPG_ERR_CONFLICT} if the secret key for
 @var{key} is available, but @var{allow_secret} is zero.
 @end deftypefun
 
- at deftypefun gpgme_error_t gpgme_op_delete_start (@w{gpgme_ctx_t @var{ctx}}, @w{const gpgme_key_t @var{key}}, @w{int @var{allow_secret}})
-The function @code{gpgme_op_delete_start} initiates a
+ at deftypefun gpgme_error_t gpgme_op_delete_ext_start (@w{gpgme_ctx_t @var{ctx}}, @w{const gpgme_key_t @var{key}}, @w{unsigned int @var{flags}})
+The function @code{gpgme_op_delete_ext_start} initiates a
 @code{gpgme_op_delete} operation.  It can be completed by calling
 @code{gpgme_wait} on the context.  @xref{Waiting For Completion}.
 
@@ -4625,6 +4634,18 @@ operation was started successfully, and @code{GPG_ERR_INV_VALUE} if
 @var{ctx} or @var{key} is not a valid pointer.
 @end deftypefun
 
+The following functions allow only to use one particular flag.
+
+ at deftypefun gpgme_error_t gpgme_op_delete (@w{gpgme_ctx_t @var{ctx}}, @w{const gpgme_key_t @var{key}}, @w{int @var{allow_secret}})
+Similar to @code{gpgme_op_delete_ext}, but only the flag
+ at code{GPGME_DELETE_ALLOW_SECRET} can be provided.
+ at end deftypefun
+
+ at deftypefun gpgme_error_t gpgme_op_delete_start (@w{gpgme_ctx_t @var{ctx}}, @w{const gpgme_key_t @var{key}}, @w{int @var{allow_secret}})
+Similar to @code{gpgme_op_delete_ext_start}, but only the flag
+ at code{GPGME_DELETE_ALLOW_SECRET} can be provided.
+ at end deftypefun
+
 
 @node Changing Passphrases
 @subsection Changing Passphrases
diff --git a/src/delete.c b/src/delete.c
index fc99aac..1bf1cb4 100644
--- a/src/delete.c
+++ b/src/delete.c
@@ -108,7 +108,7 @@ delete_status_handler (void *priv, gpgme_status_code_t code, char *args)
 
 static gpgme_error_t
 delete_start (gpgme_ctx_t ctx, int synchronous, const gpgme_key_t key,
-	      int allow_secret)
+	      unsigned int flags)
 {
   gpgme_error_t err;
 
@@ -118,7 +118,7 @@ delete_start (gpgme_ctx_t ctx, int synchronous, const gpgme_key_t key,
 
   _gpgme_engine_set_status_handler (ctx->engine, delete_status_handler, ctx);
 
-  return _gpgme_engine_op_delete (ctx->engine, key, allow_secret);
+  return _gpgme_engine_op_delete (ctx->engine, key, flags);
 }
 
 
@@ -130,7 +130,7 @@ gpgme_op_delete_start (gpgme_ctx_t ctx, const gpgme_key_t key,
 {
   gpgme_error_t err;
 
-  TRACE_BEG3 (DEBUG_CTX, "gpgme_op_delete", ctx,
+  TRACE_BEG3 (DEBUG_CTX, "gpgme_op_delete_start", ctx,
 	      "key=%p (%s), allow_secret=%i", key,
 	      (key->subkeys && key->subkeys->fpr) ?
 	      key->subkeys->fpr : "invalid", allow_secret);
@@ -138,7 +138,8 @@ gpgme_op_delete_start (gpgme_ctx_t ctx, const gpgme_key_t key,
   if (!ctx)
     return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE));
 
-  err = delete_start (ctx, 0, key, allow_secret);
+  err = delete_start (ctx, 0, key,
+		      allow_secret ? GPGME_DELETE_ALLOW_SECRET : 0);
   return TRACE_ERR (err);
 }
 
@@ -158,7 +159,50 @@ gpgme_op_delete (gpgme_ctx_t ctx, const gpgme_key_t key, int allow_secret)
   if (!ctx)
     return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE));
 
-  err = delete_start (ctx, 1, key, allow_secret);
+  err = delete_start (ctx, 1, key,
+		      allow_secret ? GPGME_DELETE_ALLOW_SECRET : 0);
+  if (!err)
+    err = _gpgme_wait_one (ctx);
+  return err;
+}
+
+
+/* Delete KEY from the keyring.  */
+gpgme_error_t
+gpgme_op_delete_ext_start (gpgme_ctx_t ctx, const gpgme_key_t key,
+			   unsigned int flags)
+{
+  gpgme_error_t err;
+
+  TRACE_BEG3 (DEBUG_CTX, "gpgme_op_delete_ext_start", ctx,
+	      "key=%p (%s), flags=0x%x", key,
+	      (key->subkeys && key->subkeys->fpr) ?
+	      key->subkeys->fpr : "invalid", flags);
+
+  if (!ctx)
+    return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE));
+
+  err = delete_start (ctx, 0, key, flags);
+  return TRACE_ERR (err);
+}
+
+
+/* Delete KEY from the keyring.  */
+gpgme_error_t
+gpgme_op_delete_ext (gpgme_ctx_t ctx, const gpgme_key_t key,
+		     unsigned int flags)
+{
+  gpgme_error_t err;
+
+  TRACE_BEG3 (DEBUG_CTX, "gpgme_op_delete_ext", ctx,
+	      "key=%p (%s), flags=0x%x", key,
+	      (key->subkeys && key->subkeys->fpr) ?
+	      key->subkeys->fpr : "invalid", flags);
+
+  if (!ctx)
+    return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE));
+
+  err = delete_start (ctx, 1, key, flags);
   if (!err)
     err = _gpgme_wait_one (ctx);
   return err;
diff --git a/src/engine-backend.h b/src/engine-backend.h
index 53af662..90328ec 100644
--- a/src/engine-backend.h
+++ b/src/engine-backend.h
@@ -66,7 +66,7 @@ struct engine_ops
                             gpgme_data_t ciph,
 			    gpgme_data_t plain, int export_session_key,
                             const char *override_session_key);
-  gpgme_error_t (*delete) (void *engine, gpgme_key_t key, int allow_secret);
+  gpgme_error_t (*delete) (void *engine, gpgme_key_t key, unsigned int flags);
   gpgme_error_t (*edit) (void *engine, int type, gpgme_key_t key,
 			 gpgme_data_t out, gpgme_ctx_t ctx /* FIXME */);
   gpgme_error_t (*encrypt) (void *engine, gpgme_key_t recp[],
diff --git a/src/engine-gpg.c b/src/engine-gpg.c
index 0c3a63e..c749c97 100644
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@@ -1628,13 +1628,18 @@ gpg_decrypt (void *engine,
 }
 
 static gpgme_error_t
-gpg_delete (void *engine, gpgme_key_t key, int allow_secret)
+gpg_delete (void *engine, gpgme_key_t key, unsigned int flags)
 {
   engine_gpg_t gpg = engine;
-  gpgme_error_t err;
+  gpgme_error_t err = 0;
+  int allow_secret = flags & GPGME_DELETE_ALLOW_SECRET;
+  int force = flags & GPGME_DELETE_FORCE;
 
-  err = add_arg (gpg, allow_secret ? "--delete-secret-and-public-key"
-		 : "--delete-key");
+  if (force)
+    err = add_arg (gpg, "--yes");
+  if (!err)
+    err = add_arg (gpg, allow_secret ? "--delete-secret-and-public-key"
+		   : "--delete-key");
   if (!err)
     err = add_arg (gpg, "--");
   if (!err)
diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c
index c3d5427..a0fcb1f 100644
--- a/src/engine-gpgsm.c
+++ b/src/engine-gpgsm.c
@@ -1162,7 +1162,7 @@ gpgsm_decrypt (void *engine,
 
 
 static gpgme_error_t
-gpgsm_delete (void *engine, gpgme_key_t key, int allow_secret)
+gpgsm_delete (void *engine, gpgme_key_t key, unsigned int flags)
 {
   engine_gpgsm_t gpgsm = engine;
   gpgme_error_t err;
@@ -1171,7 +1171,7 @@ gpgsm_delete (void *engine, gpgme_key_t key, int allow_secret)
   char *line;
   int length = 8;	/* "DELKEYS " */
 
-  (void)allow_secret;
+  (void)flags;
 
   if (!fpr)
     return gpg_error (GPG_ERR_INV_VALUE);
diff --git a/src/engine.c b/src/engine.c
index 278916d..89a8552 100644
--- a/src/engine.c
+++ b/src/engine.c
@@ -671,7 +671,7 @@ _gpgme_engine_op_decrypt (engine_t engine,
 
 gpgme_error_t
 _gpgme_engine_op_delete (engine_t engine, gpgme_key_t key,
-			 int allow_secret)
+			 unsigned int flags)
 {
   if (!engine)
     return gpg_error (GPG_ERR_INV_VALUE);
@@ -679,7 +679,7 @@ _gpgme_engine_op_delete (engine_t engine, gpgme_key_t key,
   if (!engine->ops->delete)
     return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
 
-  return (*engine->ops->delete) (engine->engine, key, allow_secret);
+  return (*engine->ops->delete) (engine->engine, key, flags);
 }
 
 
diff --git a/src/engine.h b/src/engine.h
index dd0ef9c..d25c1fa 100644
--- a/src/engine.h
+++ b/src/engine.h
@@ -90,7 +90,7 @@ gpgme_error_t _gpgme_engine_op_decrypt (engine_t engine,
                                         int export_session_key,
                                         const char *override_session_key);
 gpgme_error_t _gpgme_engine_op_delete (engine_t engine, gpgme_key_t key,
-				       int allow_secret);
+				       unsigned int flags);
 gpgme_error_t _gpgme_engine_op_edit (engine_t engine, int type,
 				     gpgme_key_t key, gpgme_data_t out,
 				     gpgme_ctx_t ctx /* FIXME */);
diff --git a/src/gpgme.def b/src/gpgme.def
index 51053cd..a891812 100644
--- a/src/gpgme.def
+++ b/src/gpgme.def
@@ -262,5 +262,8 @@ EXPORTS
     gpgme_op_decrypt_ext                  @195
     gpgme_op_decrypt_ext_start            @196
 
+    gpgme_op_delete_ext                   @197
+    gpgme_op_delete_ext_start             @198
+
 ; END
 
diff --git a/src/gpgme.h.in b/src/gpgme.h.in
index 867219a..29cda2c 100644
--- a/src/gpgme.h.in
+++ b/src/gpgme.h.in
@@ -1788,6 +1788,15 @@ gpgme_error_t gpgme_op_delete_start (gpgme_ctx_t ctx, const gpgme_key_t key,
 gpgme_error_t gpgme_op_delete (gpgme_ctx_t ctx, const gpgme_key_t key,
 			       int allow_secret);
 
+/* Flags for the key delete functions.  */
+#define GPGME_DELETE_ALLOW_SECRET (1 << 0)  /* Also delete secret key.     */
+#define GPGME_DELETE_FORCE        (1 << 1)  /* Do not ask user to confirm.  */
+
+gpgme_error_t gpgme_op_delete_ext_start (gpgme_ctx_t ctx, const gpgme_key_t key,
+					 unsigned int flags);
+gpgme_error_t gpgme_op_delete_ext (gpgme_ctx_t ctx, const gpgme_key_t key,
+				   unsigned int flags);
+
 

 /*
  * Key signing interface
diff --git a/src/libgpgme.vers b/src/libgpgme.vers
index adc8d7d..9a74b76 100644
--- a/src/libgpgme.vers
+++ b/src/libgpgme.vers
@@ -209,6 +209,8 @@ GPGME_1.0 {
     gpgme_op_decrypt_verify_start;
     gpgme_op_delete;
     gpgme_op_delete_start;
+    gpgme_op_delete_ext;
+    gpgme_op_delete_ext_start;
     gpgme_op_edit;
     gpgme_op_edit_start;
     gpgme_op_encrypt;

-----------------------------------------------------------------------

Summary of changes:
 NEWS                 |  4 ++++
 doc/gpgme.texi       | 35 +++++++++++++++++++++++++++-------
 src/delete.c         | 54 +++++++++++++++++++++++++++++++++++++++++++++++-----
 src/engine-backend.h |  2 +-
 src/engine-gpg.c     | 13 +++++++++----
 src/engine-gpgsm.c   |  4 ++--
 src/engine.c         |  4 ++--
 src/engine.h         |  2 +-
 src/gpgme.def        |  3 +++
 src/gpgme.h.in       |  9 +++++++++
 src/libgpgme.vers    |  2 ++
 11 files changed, 110 insertions(+), 22 deletions(-)


hooks/post-receive
-- 
GnuPG Made Easy
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Aug 15 16:33:01 2017
From: cvs at cvs.gnupg.org (by Kai Michaelis)
Date: Tue, 15 Aug 2017 16:33:01 +0200
Subject: [git] KSBA - branch, master, updated. libksba-1.3.5-11-ga1d9b04
Message-ID: <E1dhctx-0003zO-OA@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "KSBA is a library to access X.509 certificates and CMS data.".

The branch, master has been updated
       via  a1d9b046aec8cedda16a9e24eb8d2ed021f68d5d (commit)
      from  39e633d6d224cafa83d884865ac4e372709d91b7 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit a1d9b046aec8cedda16a9e24eb8d2ed021f68d5d
Author: Kai Michaelis <kai at gnupg.org>
Date:   Tue Aug 15 16:30:04 2017 +0200

    Fix memory leaks in ksba_cms_identify and tests.
    
    * tests/t-reader.c: free prepend_srcdir() result.
    * tests/t-cms-parser: ditto & release writer instance.
    * src/cms.c: fix mem leak in ksba_cms_identify().

diff --git a/src/cms.c b/src/cms.c
index 57927a3..8d80464 100644
--- a/src/cms.c
+++ b/src/cms.c
@@ -435,6 +435,7 @@ ksba_cms_identify (ksba_reader_t reader)
       if (!strcmp (content_handlers[i].oid, oid))
         break;
     }
+  ksba_free(oid);
   if (!content_handlers[i].oid)
     return KSBA_CT_NONE; /* unknown */
   if (maybe_p12 && (content_handlers[i].ct == KSBA_CT_DATA
diff --git a/tests/t-cms-parser.c b/tests/t-cms-parser.c
index 6ece100..4b83dd7 100644
--- a/tests/t-cms-parser.c
+++ b/tests/t-cms-parser.c
@@ -220,6 +220,7 @@ one_file (const char *fname)
     }
 
   ksba_cms_release (cms);
+  ksba_writer_release (w);
   ksba_reader_release (r);
   fclose (fp);
 }
@@ -233,7 +234,12 @@ main (int argc, char **argv)
   if (argc > 1)
     one_file (argv[1]);
   else
-    one_file (prepend_srcdir ("extra/dsig-with-id-aa-encrypKeyPref-1.cms"));
+    {
+      char *fname = prepend_srcdir ("extra/dsig-with-id-aa-encrypKeyPref-1.cms");
+
+      one_file (fname);
+      free(fname);
+    }
   /*one_file ("pkcs7-1.ber");*/
   /*one_file ("root-cert-2.der");  should fail */
 
diff --git a/tests/t-reader.c b/tests/t-reader.c
index 2b6a40c..c4e7765 100644
--- a/tests/t-reader.c
+++ b/tests/t-reader.c
@@ -189,9 +189,12 @@ main (int argc, char **argv)
 {
   if (argc == 1)
     {
-      test_fd (prepend_srcdir ("cert_g10code_test1.der"));
-      test_file (prepend_srcdir ("cert_g10code_test1.der"));
-      test_mem (prepend_srcdir ("cert_g10code_test1.der"));
+      char *fname = prepend_srcdir ("cert_g10code_test1.der");
+
+      test_fd (fname);
+      test_file (fname);
+      test_mem (fname);
+      free(fname);
     }
   else
     {

-----------------------------------------------------------------------

Summary of changes:
 src/cms.c            | 1 +
 tests/t-cms-parser.c | 8 +++++++-
 tests/t-reader.c     | 9 ++++++---
 3 files changed, 14 insertions(+), 4 deletions(-)


hooks/post-receive
-- 
KSBA is a library to access X.509 certificates and CMS data.
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Aug 15 19:52:36 2017
From: cvs at cvs.gnupg.org (by Marcus Brinkmann)
Date: Tue, 15 Aug 2017 19:52:36 +0200
Subject: [git] GPGME - branch, master, updated. gpgme-1.9.0-61-g9f24e6c
Message-ID: <E1dhg16-0004Ez-Bn@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".

The branch, master has been updated
       via  9f24e6c9010e171fd11c5cdac797cb8ce2e501dd (commit)
      from  a0cc6e01a8900b34cf231d8b5335ef3f85d01fdf (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 9f24e6c9010e171fd11c5cdac797cb8ce2e501dd
Author: Marcus Brinkmann <marcus.brinkmann at ruhr-uni-bochum.de>
Date:   Tue Aug 15 19:40:12 2017 +0200

    gpgconf: Add access to --list-dirs for non-default engine.
    
    * src/engine-assuan.c (_gpgme_engine_ops_assuan): Add conf_dir.
    * src/engine-g13.c (_gpgme_engine_ops_g13): Likewise.
    * src/engine-gpg.c (_gpgme_engine_ops_gpg): Likewise.
    * src/engine-gpgsm.c (_gpgme_engine_ops_gpgsm): Likewise.
    * src/engine-spawn.c (_gpgme_engine_ops_spawn): Likewise.
    * src/engine-uiserver.c (_gpgme_engine_ops_uiserver): Likewise.
    * src/engine-backend.h (struct engine_ops): Likewise.
    * src/engine-gpgconf.c (gpgconf_config_dir_cb, gpgconf_conf_dir):
    New functions.
    (struct engine_ops): Add gpgconf_conf_dir.
    * src/engine.c (_gpgme_engine_op_conf_dir): New function.
    * src/engine.h (_gpgme_engine_op_conf_dir): New prototype.
    * src/gpgconf.c (gpgme_op_conf_dir): New function.
    * src/gpgme.def (gpgme_op_conf_save): New symbol.
    * src/gpgme.h.in (gpgme_op_conf_dir): New prototype.
    * src/libgpgme.vers (gpgme_op_conf_dir): New symbol.
    * tests/gpg/t-gpgconf.c (main): Test gpgme_op_conf_dir.
    
    Signed-off-by: Marcus Brinkmann <mb at g10code.com>
    GnuPG-bug-id: 3018

diff --git a/src/engine-assuan.c b/src/engine-assuan.c
index 68bdaa6..bb2290a 100644
--- a/src/engine-assuan.c
+++ b/src/engine-assuan.c
@@ -796,6 +796,7 @@ struct engine_ops _gpgme_engine_ops_assuan =
     llass_transact,     /* opassuan_transact */
     NULL,		/* conf_load */
     NULL,		/* conf_save */
+    NULL,		/* conf_dir */
     NULL,               /* query_swdb */
     llass_set_io_cbs,
     llass_io_event,
diff --git a/src/engine-backend.h b/src/engine-backend.h
index 90328ec..f41aaeb 100644
--- a/src/engine-backend.h
+++ b/src/engine-backend.h
@@ -128,6 +128,7 @@ struct engine_ops
 
   gpgme_error_t  (*conf_load) (void *engine, gpgme_conf_comp_t *conf_p);
   gpgme_error_t  (*conf_save) (void *engine, gpgme_conf_comp_t conf);
+  gpgme_error_t  (*conf_dir) (void *engine, const char *what, char **result);
 
   gpgme_error_t  (*query_swdb) (void *engine,
                                 const char *name, const char *iversion,
diff --git a/src/engine-g13.c b/src/engine-g13.c
index 02951e8..f8f3178 100644
--- a/src/engine-g13.c
+++ b/src/engine-g13.c
@@ -811,6 +811,7 @@ struct engine_ops _gpgme_engine_ops_g13 =
     g13_transact,
     NULL,		/* conf_load */
     NULL,		/* conf_save */
+    NULL,		/* conf_dir */
     NULL,               /* query_swdb */
     g13_set_io_cbs,
     g13_io_event,
diff --git a/src/engine-gpg.c b/src/engine-gpg.c
index c749c97..bc60d82 100644
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@@ -3093,6 +3093,7 @@ struct engine_ops _gpgme_engine_ops_gpg =
     NULL,               /* opassuan_transact */
     NULL,		/* conf_load */
     NULL,		/* conf_save */
+    NULL,		/* conf_dir */
     NULL,               /* query_swdb */
     gpg_set_io_cbs,
     gpg_io_event,
diff --git a/src/engine-gpgconf.c b/src/engine-gpgconf.c
index af5f110..2b0f448 100644
--- a/src/engine-gpgconf.c
+++ b/src/engine-gpgconf.c
@@ -986,6 +986,48 @@ gpgconf_conf_save (void *engine, gpgme_conf_comp_t comp)
 }
 
 
+static gpgme_error_t
+gpgconf_config_dir_cb (void *hook, char *line)
+{
+  /* This is an input- and output-parameter.  */
+  char **str_p = (char **) hook;
+  char *what = *str_p;
+  int len = strlen(what);
+
+  if (!strncmp(line, what, len) && line[len] == ':')
+    {
+      char *result = strdup(&line[len + 1]);
+      if (!result)
+	return gpg_error_from_syserror ();
+      *str_p = result;
+      return gpg_error(GPG_ERR_USER_1);
+    }
+  return 0;
+}
+
+
+static gpgme_error_t
+gpgconf_conf_dir (void *engine, const char *what, char **result)
+{
+  gpgme_error_t err;
+  char *res = what;
+
+  *result = NULL;
+  err = gpgconf_read (engine, "--list-dirs", NULL,
+		      gpgconf_config_dir_cb, &res);
+  if (gpg_err_code (err) == GPG_ERR_USER_1)
+    {
+      /* This signals to use that a result was found.  */
+      *result = res;
+      return 0;
+    }
+
+  if (!err)
+    err = gpg_error(GPG_ERR_NOT_FOUND);
+  return 0;
+}
+
+
 /* Parse a line received from gpgconf --query-swdb.  This function may
  * modify LINE.  The result is stored at RESUL.  */
 static gpg_error_t
@@ -1254,6 +1296,7 @@ struct engine_ops _gpgme_engine_ops_gpgconf =
     NULL,               /* opassuan_transact */
     gpgconf_conf_load,
     gpgconf_conf_save,
+    gpgconf_conf_dir,
     gpgconf_query_swdb,
     gpgconf_set_io_cbs,
     NULL,		/* io_event */
diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c
index a0fcb1f..f23b0bf 100644
--- a/src/engine-gpgsm.c
+++ b/src/engine-gpgsm.c
@@ -2119,6 +2119,7 @@ struct engine_ops _gpgme_engine_ops_gpgsm =
     NULL,               /* opassuan_transact */
     NULL,		/* conf_load */
     NULL,		/* conf_save */
+    NULL,		/* conf_dir */
     NULL,               /* query_swdb */
     gpgsm_set_io_cbs,
     gpgsm_io_event,
diff --git a/src/engine-spawn.c b/src/engine-spawn.c
index 9d587cc..7044781 100644
--- a/src/engine-spawn.c
+++ b/src/engine-spawn.c
@@ -469,6 +469,7 @@ struct engine_ops _gpgme_engine_ops_spawn =
     NULL,               /* opassuan_transact */
     NULL,		/* conf_load */
     NULL,		/* conf_save */
+    NULL,		/* conf_dir */
     NULL,               /* query_swdb */
     engspawn_set_io_cbs,
     engspawn_io_event,	/* io_event */
diff --git a/src/engine-uiserver.c b/src/engine-uiserver.c
index 20a8abf..3db705d 100644
--- a/src/engine-uiserver.c
+++ b/src/engine-uiserver.c
@@ -1386,6 +1386,7 @@ struct engine_ops _gpgme_engine_ops_uiserver =
     NULL,               /* opassuan_transact */
     NULL,		/* conf_load */
     NULL,		/* conf_save */
+    NULL,		/* conf_dir */
     NULL,               /* query_swdb */
     uiserver_set_io_cbs,
     uiserver_io_event,
diff --git a/src/engine.c b/src/engine.c
index 89a8552..2c7e625 100644
--- a/src/engine.c
+++ b/src/engine.c
@@ -984,6 +984,19 @@ _gpgme_engine_op_conf_save (engine_t engine, gpgme_conf_comp_t conf)
 
 
 gpgme_error_t
+_gpgme_engine_op_conf_dir (engine_t engine, const char *what, char **result)
+{
+  if (!engine)
+    return gpg_error (GPG_ERR_INV_VALUE);
+
+  if (!engine->ops->conf_dir)
+    return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+
+  return (*engine->ops->conf_dir) (engine->engine, what, result);
+}
+
+
+gpgme_error_t
 _gpgme_engine_op_query_swdb (engine_t engine,
                              const char *name, const char *iversion,
                              gpgme_query_swdb_result_t result)
diff --git a/src/engine.h b/src/engine.h
index d25c1fa..b71b7e2 100644
--- a/src/engine.h
+++ b/src/engine.h
@@ -176,6 +176,9 @@ gpgme_error_t _gpgme_engine_op_conf_load (engine_t engine,
 					  gpgme_conf_comp_t *conf_p);
 gpgme_error_t _gpgme_engine_op_conf_save (engine_t engine,
 					  gpgme_conf_comp_t conf);
+gpgme_error_t _gpgme_engine_op_conf_dir (engine_t engine,
+					 const char *what,
+					 char **result);
 
 gpgme_error_t _gpgme_engine_op_query_swdb (engine_t engine,
                                            const char *name,
diff --git a/src/gpgconf.c b/src/gpgconf.c
index b1b84a6..ce6ace4 100644
--- a/src/gpgconf.c
+++ b/src/gpgconf.c
@@ -108,3 +108,24 @@ gpgme_op_conf_save (gpgme_ctx_t ctx, gpgme_conf_comp_t comp)
   ctx->protocol = proto;
   return err;
 }
+
+
+gpgme_error_t
+gpgme_op_conf_dir (gpgme_ctx_t ctx, const char *what, char **result)
+{
+  gpgme_error_t err;
+  gpgme_protocol_t proto;
+
+  if (!ctx)
+    return gpg_error (GPG_ERR_INV_VALUE);
+
+  proto = ctx->protocol;
+  ctx->protocol = GPGME_PROTOCOL_GPGCONF;
+  err = _gpgme_op_reset (ctx, 1);
+  if (err)
+    return err;
+
+  err = _gpgme_engine_op_conf_dir (ctx->engine, what, result);
+  ctx->protocol = proto;
+  return err;
+}
diff --git a/src/gpgme.def b/src/gpgme.def
index a891812..dd8e532 100644
--- a/src/gpgme.def
+++ b/src/gpgme.def
@@ -265,5 +265,7 @@ EXPORTS
     gpgme_op_delete_ext                   @197
     gpgme_op_delete_ext_start             @198
 
+    gpgme_op_conf_save			  @199
+
 ; END
 
diff --git a/src/gpgme.h.in b/src/gpgme.h.in
index 29cda2c..8afc276 100644
--- a/src/gpgme.h.in
+++ b/src/gpgme.h.in
@@ -2240,6 +2240,10 @@ gpgme_error_t gpgme_op_conf_load (gpgme_ctx_t ctx, gpgme_conf_comp_t *conf_p);
    follow chained components!  */
 gpgme_error_t gpgme_op_conf_save (gpgme_ctx_t ctx, gpgme_conf_comp_t comp);
 
+/* Retrieve the configured directory.  */
+gpgme_error_t gpgme_op_conf_dir(gpgme_ctx_t ctx, const char *what,
+				char **result);
+
 
 /* Information about software versions.
  * This structure shall be considered read-only and an application
diff --git a/src/libgpgme.vers b/src/libgpgme.vers
index 9a74b76..a95befb 100644
--- a/src/libgpgme.vers
+++ b/src/libgpgme.vers
@@ -46,6 +46,7 @@ GPGME_1.1 {
     gpgme_conf_opt_change;
     gpgme_op_conf_load;
     gpgme_op_conf_save;
+    gpgme_op_conf_dir;
 
     gpgme_cancel_async;
 
diff --git a/tests/gpg/t-gpgconf.c b/tests/gpg/t-gpgconf.c
index 67bb886..8c81de6 100644
--- a/tests/gpg/t-gpgconf.c
+++ b/tests/gpg/t-gpgconf.c
@@ -263,6 +263,23 @@ main (void)
   err = gpgme_new (&ctx);
   fail_if_err (err);
 
+  /* Let's check getting the agent-socket directory for different homedirs.  */
+  char *result1 = NULL;
+  err = gpgme_ctx_set_engine_info (ctx, GPGME_PROTOCOL_GPGCONF, NULL, "/tmp/foo");
+  fail_if_err (err);
+  err = gpgme_op_conf_dir (ctx, "agent-socket", &result1);
+  fail_if_err (err);
+
+  char *result2 = NULL;
+  err = gpgme_ctx_set_engine_info (ctx, GPGME_PROTOCOL_GPGCONF, NULL, NULL);
+  fail_if_err (err);
+  err = gpgme_op_conf_dir (ctx, "agent-socket", &result2);
+  fail_if_err (err);
+
+  /* They have to be different.  */
+  test (strcmp(result1, result2));
+
+
   err = gpgme_op_conf_load (ctx, &conf);
   fail_if_err (err);
 

-----------------------------------------------------------------------

Summary of changes:
 src/engine-assuan.c   |  1 +
 src/engine-backend.h  |  1 +
 src/engine-g13.c      |  1 +
 src/engine-gpg.c      |  1 +
 src/engine-gpgconf.c  | 43 +++++++++++++++++++++++++++++++++++++++++++
 src/engine-gpgsm.c    |  1 +
 src/engine-spawn.c    |  1 +
 src/engine-uiserver.c |  1 +
 src/engine.c          | 13 +++++++++++++
 src/engine.h          |  3 +++
 src/gpgconf.c         | 21 +++++++++++++++++++++
 src/gpgme.def         |  2 ++
 src/gpgme.h.in        |  4 ++++
 src/libgpgme.vers     |  1 +
 tests/gpg/t-gpgconf.c | 17 +++++++++++++++++
 15 files changed, 111 insertions(+)


hooks/post-receive
-- 
GnuPG Made Easy
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Aug 15 20:00:34 2017
From: cvs at cvs.gnupg.org (by Marcus Brinkmann)
Date: Tue, 15 Aug 2017 20:00:34 +0200
Subject: [git] GPGME - branch, master, updated. gpgme-1.9.0-62-gfa39185
Message-ID: <E1dhg8o-0005LC-QL@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".

The branch, master has been updated
       via  fa3918598de35fef0bf626035d59ea36c53832b9 (commit)
      from  9f24e6c9010e171fd11c5cdac797cb8ce2e501dd (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit fa3918598de35fef0bf626035d59ea36c53832b9
Author: Marcus Brinkmann <marcus.brinkmann at ruhr-uni-bochum.de>
Date:   Tue Aug 15 20:00:26 2017 +0200

    NEWS: Add missing entry.

diff --git a/NEWS b/NEWS
index 24cf483..f3394a2 100644
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,7 @@ Noteworthy changes in version 1.9.1 (unreleased)
  gpgme_op_delete_ext_start NEW
  GPGME_DELETE_ALLOW_SECRET NEW
  GPGME_DELETE_FORCE     NEW
+ gpgme_op_conf_dir      NEW
  cpp: DecryptionResult::isDeVs NEW.
  cpp: Signature::isDeVs        NEW.
  py: DecryptResult EXTENDED: New boolean field 'is_de_vs'.

-----------------------------------------------------------------------

Summary of changes:
 NEWS | 1 +
 1 file changed, 1 insertion(+)


hooks/post-receive
-- 
GnuPG Made Easy
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Aug 16 01:02:15 2017
From: cvs at cvs.gnupg.org (by Marcus Brinkmann)
Date: Wed, 16 Aug 2017 01:02:15 +0200
Subject: [git] GPGME - branch, master, updated. gpgme-1.9.0-63-g97a1abe
Message-ID: <E1dhkqm-0006r5-1a@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".

The branch, master has been updated
       via  97a1abe72e73f85bbf922fa588d002a226db5459 (commit)
      from  fa3918598de35fef0bf626035d59ea36c53832b9 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 97a1abe72e73f85bbf922fa588d002a226db5459
Author: Marcus Brinkmann <marcus.brinkmann at ruhr-uni-bochum.de>
Date:   Wed Aug 16 00:59:35 2017 +0200

    gpgconf: Fix symbol export.
    
    * gpgme.def: Fix last change.
    (gpgme_op_conf_save): Replace duplicate from c&p ...
    (gpgme_op_conf_dir): ... with this.
    
    Signed-off-by: Marcus Brinkmann <mb at g10code.com>
    Fixes-commit: 9cd2b58dfb2c21cce64520cf4c726859b583d14e

diff --git a/src/gpgme.def b/src/gpgme.def
index dd8e532..cad30f6 100644
--- a/src/gpgme.def
+++ b/src/gpgme.def
@@ -265,7 +265,7 @@ EXPORTS
     gpgme_op_delete_ext                   @197
     gpgme_op_delete_ext_start             @198
 
-    gpgme_op_conf_save			  @199
+    gpgme_op_conf_dir			  @199
 
 ; END
 

-----------------------------------------------------------------------

Summary of changes:
 src/gpgme.def | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


hooks/post-receive
-- 
GnuPG Made Easy
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Aug 16 01:52:03 2017
From: cvs at cvs.gnupg.org (by Marcus Brinkmann)
Date: Wed, 16 Aug 2017 01:52:03 +0200
Subject: [git] GPGME - branch, master, updated. gpgme-1.9.0-64-g3244d4d
Message-ID: <E1dhlcx-0006ue-L4@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".

The branch, master has been updated
       via  3244d4daff892d5d3c39e78f4eb0934379beda2c (commit)
      from  97a1abe72e73f85bbf922fa588d002a226db5459 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 3244d4daff892d5d3c39e78f4eb0934379beda2c
Author: Marcus Brinkmann <marcus.brinkmann at ruhr-uni-bochum.de>
Date:   Wed Aug 16 01:50:00 2017 +0200

    gpgconf: Fix some warnings.
    
    * tests/gpg/t-gpgconf.c (main): Fix warnings.
    * src/engine-gpgconf.c (struct gpgconf_config_dir_s): New struct.
    (gpgconf_config_dir_cb, gpgconf_conf_dir) Use it to fix warning.
    
    Signed-off-by: Marcus Brinkmann <mb at g10code.com>

diff --git a/src/engine-gpgconf.c b/src/engine-gpgconf.c
index 2b0f448..84d8df7 100644
--- a/src/engine-gpgconf.c
+++ b/src/engine-gpgconf.c
@@ -986,20 +986,25 @@ gpgconf_conf_save (void *engine, gpgme_conf_comp_t comp)
 }
 
 
+struct gpgconf_config_dir_s
+{
+  const char *what;
+  char *result;
+};
+
 static gpgme_error_t
 gpgconf_config_dir_cb (void *hook, char *line)
 {
   /* This is an input- and output-parameter.  */
-  char **str_p = (char **) hook;
-  char *what = *str_p;
-  int len = strlen(what);
+  struct gpgconf_config_dir_s *data = (char **) hook;
+  int len = strlen(data->what);
 
-  if (!strncmp(line, what, len) && line[len] == ':')
+  if (!strncmp(line, data->what, len) && line[len] == ':')
     {
       char *result = strdup(&line[len + 1]);
       if (!result)
 	return gpg_error_from_syserror ();
-      *str_p = result;
+      data->result = result;
       return gpg_error(GPG_ERR_USER_1);
     }
   return 0;
@@ -1010,15 +1015,16 @@ static gpgme_error_t
 gpgconf_conf_dir (void *engine, const char *what, char **result)
 {
   gpgme_error_t err;
-  char *res = what;
+  struct gpgconf_config_dir_s data;
 
-  *result = NULL;
+  data.what = what;
+  data.result = NULL;
   err = gpgconf_read (engine, "--list-dirs", NULL,
-		      gpgconf_config_dir_cb, &res);
+		      gpgconf_config_dir_cb, &data);
   if (gpg_err_code (err) == GPG_ERR_USER_1)
     {
       /* This signals to use that a result was found.  */
-      *result = res;
+      *result = data.result;
       return 0;
     }
 
diff --git a/tests/gpg/t-gpgconf.c b/tests/gpg/t-gpgconf.c
index 8c81de6..5eccede 100644
--- a/tests/gpg/t-gpgconf.c
+++ b/tests/gpg/t-gpgconf.c
@@ -263,22 +263,25 @@ main (void)
   err = gpgme_new (&ctx);
   fail_if_err (err);
 
-  /* Let's check getting the agent-socket directory for different homedirs.  */
-  char *result1 = NULL;
-  err = gpgme_ctx_set_engine_info (ctx, GPGME_PROTOCOL_GPGCONF, NULL, "/tmp/foo");
-  fail_if_err (err);
-  err = gpgme_op_conf_dir (ctx, "agent-socket", &result1);
-  fail_if_err (err);
-
-  char *result2 = NULL;
-  err = gpgme_ctx_set_engine_info (ctx, GPGME_PROTOCOL_GPGCONF, NULL, NULL);
-  fail_if_err (err);
-  err = gpgme_op_conf_dir (ctx, "agent-socket", &result2);
-  fail_if_err (err);
+  {
+    /* Let's check getting the agent-socket directory for different homedirs.  */
+    char *result1 = NULL;
+    char *result2 = NULL;
+    err = gpgme_ctx_set_engine_info (ctx, GPGME_PROTOCOL_GPGCONF, NULL, "/tmp/foo");
+    fail_if_err (err);
+    err = gpgme_op_conf_dir (ctx, "agent-socket", &result1);
+    fail_if_err (err);
 
-  /* They have to be different.  */
-  test (strcmp(result1, result2));
+    err = gpgme_ctx_set_engine_info (ctx, GPGME_PROTOCOL_GPGCONF, NULL, NULL);
+    fail_if_err (err);
+    err = gpgme_op_conf_dir (ctx, "agent-socket", &result2);
+    fail_if_err (err);
 
+    /* They have to be different.  */
+    test (strcmp(result1, result2));
+    gpgme_free (result1);
+    gpgme_free (result2);
+  }
 
   err = gpgme_op_conf_load (ctx, &conf);
   fail_if_err (err);

-----------------------------------------------------------------------

Summary of changes:
 src/engine-gpgconf.c  | 24 +++++++++++++++---------
 tests/gpg/t-gpgconf.c | 31 +++++++++++++++++--------------
 2 files changed, 32 insertions(+), 23 deletions(-)


hooks/post-receive
-- 
GnuPG Made Easy
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Aug 16 15:41:48 2017
From: cvs at cvs.gnupg.org (by Marcus Brinkmann)
Date: Wed, 16 Aug 2017 15:41:48 +0200
Subject: [git] GPGME - branch, master, updated. gpgme-1.9.0-65-g0ee7f4f
Message-ID: <E1dhyZw-0006lZ-Cw@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".

The branch, master has been updated
       via  0ee7f4f178284dae153a59be710bc994820369e5 (commit)
      from  3244d4daff892d5d3c39e78f4eb0934379beda2c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 0ee7f4f178284dae153a59be710bc994820369e5
Author: Marcus Brinkmann <marcus.brinkmann at ruhr-uni-bochum.de>
Date:   Wed Aug 16 15:39:17 2017 +0200

    doc: Clarify import keys operation further.
    
    * doc/gpgme.texi (gpgme_op_import_keys): Further clarifications.
    
    Signed-off-by: Marcus Brinkmann <mb at g10code.com>
    GnuPG-bug-id: 3215

diff --git a/doc/gpgme.texi b/doc/gpgme.texi
index 78859cd..5ea16b9 100644
--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@@ -4458,9 +4458,12 @@ The function @code{gpgme_op_import_keys} adds the keys described by
 the @code{NULL} terminated array @var{keys} to the key ring of the
 crypto engine used by @var{ctx}.  It is used to actually import and
 make keys permanent which have been retrieved from an external source
-(i.e. using @code{GPGME_KEYLIST_MODE_EXTERN}).  @footnote{Thus it is a
+(i.e. using @code{GPGME_KEYLIST_MODE_EXTERN}) earlier.  The external
+keylisting must have been made with the same context configuration (in
+particular the same home directory).  @footnote{Thus it is a
 replacement for the usual workaround of exporting and then importing a
-key to make an X.509 key permanent.}
+key to make an X.509 key permanent.}  Note that for OpenPGP this may
+require another access to the keyserver over the network.
 
 Only keys of the currently selected protocol of @var{ctx} are
 considered for import.  Other keys specified by the @var{keys} are
@@ -4470,6 +4473,9 @@ the same method, i.e. the used key listing mode must be identical.
 After the operation completed successfully, the result can be
 retrieved with @code{gpgme_op_import_result}.
 
+To move keys from one home directory to another, export and import the
+keydata using @code{gpgme_op_export} and @code{gpgme_op_import}.
+
 The function returns the error code @code{GPG_ERR_NO_ERROR} if the
 import was completed successfully, @code{GPG_ERR_INV_VALUE} if
 @var{ctx} is not a valid pointer, @code{GPG_ERR_CONFLICT} if the key

-----------------------------------------------------------------------

Summary of changes:
 doc/gpgme.texi | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
GnuPG Made Easy
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Aug 16 23:12:49 2017
From: cvs at cvs.gnupg.org (by Marcus Brinkmann)
Date: Wed, 16 Aug 2017 23:12:49 +0200
Subject: [git] GPGME - branch, master, updated. gpgme-1.9.0-66-gb9b08e4
Message-ID: <E1di5cP-0007yD-Rd@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".

The branch, master has been updated
       via  b9b08e46934eea9083afb2eaf4bffa23d6c27801 (commit)
      from  0ee7f4f178284dae153a59be710bc994820369e5 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b9b08e46934eea9083afb2eaf4bffa23d6c27801
Author: Marcus Brinkmann <marcus.brinkmann at ruhr-uni-bochum.de>
Date:   Wed Aug 16 22:52:29 2017 +0200

    doc: Add version information.
    
    * doc/gpgme.texi (since): New macro.  Use it to add version
    information to those APIs that are mentioned in the NEWS file.
    
    Signed-off-by: Marcus Brinkmann <mb at g10code.com>
    GnuPG-bug-id: 3137

diff --git a/doc/gpgme.texi b/doc/gpgme.texi
index 5ea16b9..5df54f5 100644
--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@@ -38,6 +38,11 @@ General Public License for more details.
   @sc{s:} \string\
 @end macro
 
+ at c API version.
+ at macro since{string}
+  @sc{Since:} \string\
+ at end macro
+
 
 @c
 @c  T I T L E  P A G E
@@ -688,6 +693,8 @@ does not return a detailed error code).
             (@w{const char *@var{name}}, @
             @w{const char *@var{value}})
 
+ at since{1.4.0}
+
 On some systems it is not easy to set environment variables and thus
 hard to use @acronym{GPGME}'s internal trace facility for debugging.
 This function has been introduced as an alternative way to enable
@@ -875,6 +882,7 @@ are supported:
 
 @table @code
 @item GPGME_PROTOCOL_OpenPGP
+ at itemx GPGME_PROTOCOL_OPENPGP
 This specifies the OpenPGP protocol.
 
 @item GPGME_PROTOCOL_CMS
@@ -884,15 +892,21 @@ This specifies the Cryptographic Message Syntax.
 Under development.  Please ask on @email{gnupg-devel@@gnupg.org} for help.
 
 @item GPGME_PROTOCOL_ASSUAN
+ at since{1.2.0}
+
 This specifies the raw Assuan protocol.
 
 @item GPGME_PROTOCOL_G13
+ at since{1.3.0}
+
 Under development.  Please ask on @email{gnupg-devel@@gnupg.org} for help.
 
 @item GPGME_PROTOCOL_UISERVER
 Under development.  Please ask on @email{gnupg-devel@@gnupg.org} for help.
 
 @item GPGME_PROTOCOL_SPAWN
+ at since{1.5.0}
+
 Special protocol for use with @code{gpgme_op_spawn}.
 
 @item GPGME_PROTOCOL_UNKNOWN
@@ -925,6 +939,8 @@ allocated string describing the protocol @var{protocol}, or
 @cindex version check, of the engines
 
 @deftypefun @w{const char *} gpgme_get_dirinfo (@w{cons char *@var{what}})
+ at since{1.5.0}
+
 The function @code{gpgme_get_dirinfo} returns a statically allocated
 string with the value associated to @var{what}.  The returned values
 are the defaults and won't change even after
@@ -1100,6 +1116,8 @@ can make these changes the default or set them for some contexts
 individually.
 
 @deftypefun gpgme_error_t gpgme_set_engine_info (@w{gpgme_protocol_t @var{proto}}, @w{const char *@var{file_name}}, @w{const char *@var{home_dir}})
+ at since{1.1.0}
+
 The function @code{gpgme_set_engine_info} changes the default
 configuration of the crypto engine implementing the protocol
 @var{proto}.
@@ -1215,17 +1233,25 @@ This value indicates ElGamal.
 This value also indicates ElGamal and is used specifically in GnuPG.
 
 @item GPGME_PK_ECC
+ at since{1.5.0}
+
 This value is a generic indicator for ellipic curve algorithms.
 
 @item GPGME_PK_ECDSA
+ at since{1.3.0}
+
 This value indicates ECDSA, the Elliptic Curve Digital Signature
 Algorithm as defined by FIPS 186-2 and RFC-6637.
 
 @item GPGME_PK_ECDH
+ at since{1.3.0}
+
 This value indicates ECDH, the Eliptic Curve Diffie-Hellmann
 encryption algorithm as defined by RFC-6637.
 
 @item GPGME_PK_EDDSA
+ at since{1.7.0}
+
 This value indicates the EdDSA algorithm.
 
 @end table
@@ -1242,6 +1268,8 @@ returned.
 @end deftypefun
 
 @deftypefun {char *} gpgme_pubkey_algo_string (@w{gpgme_subkey_t @var{key}})
+ at since{1.7.0}
+
 The function @code{gpgme_pubkey_algo_string} is a convenience function
 to build and return an algorithm string in the same way GnuPG does
 (e.g. ``rsa2048'' or ``ed25519'').  The caller must free the result
@@ -1276,6 +1304,8 @@ that are supported by @acronym{GPGME}.  Possible values are:
 @item GPGME_MD_SHA384
 @item GPGME_MD_SHA512
 @item GPGME_MD_SHA224
+ at since{1.5.0}
+
 @item GPGME_MD_MD4
 @item GPGME_MD_CRC32
 @item GPGME_MD_CRC32_RFC1510
@@ -1724,6 +1754,8 @@ might be relevant, for example, if the external event loop mechanism
 is used.
 
 @deftp {Data type} {gpgme_off_t}
+ at since{1.4.1}
+
 On POSIX platforms the @code{gpgme_off_t} type is an alias for
 @code{off_t}; it may be used interchangeable.  On Windows platforms
 @code{gpgme_off_t} is defined as a long (i.e. 32 bit) for 32 bit
@@ -2001,6 +2033,8 @@ case, the data object @var{dh} is destroyed.
 
 
 @deftypefun void gpgme_free (@w{void *@var{buffer}})
+ at since{1.1.1}
+
 The function @code{gpgme_free} releases the memory returned by
 @code{gpgme_data_release_and_get_mem} and
 @code{gpgme_pubkey_algo_string}.  It should be used instead of the
@@ -2093,6 +2127,8 @@ If the function fails, -1 is returned and @var{errno} is set.
 @cindex data buffer, encoding
 
 @deftypefun {char *} gpgme_data_get_file_name (@w{gpgme_data_t @var{dh}})
+ at since{1.1.0}
+
 The function @code{gpgme_data_get_file_name} returns a pointer to a
 string containing the file name associated with the data object.  The
 file name will be stored in the output when encrypting or signing the
@@ -2105,6 +2141,8 @@ Otherwise, @code{NULL} will be returned.
 
 
 @deftypefun gpgme_error_t gpgme_data_set_file_name (@w{gpgme_data_t @var{dh}}, @w{const char *@var{file_name}})
+ at since{1.1.0}
+
 The function @code{gpgme_data_set_file_name} sets the file name
 associated with the data object.  The file name will be stored in the
 output when encrypting or signing the data and will be returned to the
@@ -2144,17 +2182,25 @@ This specifies that the data is encoded in an armored form as used by
 OpenPGP and PEM.
 
 @item GPGME_DATA_ENCODING_MIME
+ at since{1.7.0}
+
 This specifies that the data is encoded as a MIME part.
 
 @item GPGME_DATA_ENCODING_URL
+ at since{1.2.0}
+
 The data is a list of linefeed delimited URLs.  This is only useful with
 @code{gpgme_op_import}.
 
 @item GPGME_DATA_ENCODING_URL0
+ at since{1.2.0}
+
 The data is a list of binary zero delimited URLs.  This is only useful
 with @code{gpgme_op_import}.
 
 @item GPGME_DATA_ENCODING_URLESC
+ at since{1.2.0}
+
 The data is a list of linefeed delimited URLs with all control and space
 characters percent escaped.  This mode is is not yet implemented.
 
@@ -2178,6 +2224,8 @@ the data object with the handle @var{dh} to @var{enc}.
             @w{const char *@var{name}}, @
             @w{const char *@var{value}})
 
+ at since{1.7.0}
+
 Some minor properties of the data object can be controlled with flags
 set by this function.  The properties are identified by the following
 values for @var{name}:
@@ -2205,6 +2253,8 @@ This function returns @code{0} on success.
 
 @deftp {Data type} {enum gpgme_data_type_t}
 @tindex gpgme_data_type_t
+ at since{1.4.3}
+
 The @code{gpgme_data_type_t} type is used to return the detected type
 of the content of a data buffer.
 @end deftp
@@ -2219,6 +2269,14 @@ The type of the data is not known.
 @item GPGME_DATA_TYPE_PGP_SIGNED
 The data is an OpenPGP signed message.  This may be a binary
 signature, a detached one or a cleartext signature.
+ at item GPGME_DATA_TYPE_PGP_ENCRYPTED
+ at since{1.7.0}
+
+The data is an OpenPGP encrypted message.
+ at item GPGME_DATA_TYPE_PGP_SIGNATURE
+ at since{1.7.0}
+
+The data is an OpenPGP detached signature.
 @item GPGME_DATA_TYPE_PGP_OTHER
 This is a generic OpenPGP message.  In most cases this will be
 encrypted data.
@@ -2238,6 +2296,8 @@ private keys for X.509.
 @end table
 
 @deftypefun gpgme_data_type_t gpgme_data_identify (@w{gpgme_data_t @var{dh}})
+ at since{1.4.3}
+
 The function @code{gpgme_data_identify} returns the type of the data
 with the handle @var{dh}.  If it is not possible to perform the
 identification, the function returns zero
@@ -2324,6 +2384,8 @@ and give it a lifetime beyond that of the current operation or
 context.
 
 @deftypefun void gpgme_result_ref (@w{void *@var{result}})
+ at since{1.2.0}
+
 The function @code{gpgme_result_ref} acquires an additional reference
 for the result @var{result}, which may be of any type
 @code{gpgme_*_result_t}.  As long as the user holds a reference, the
@@ -2331,6 +2393,8 @@ result structure is guaranteed to be valid and unmodified.
 @end deftypefun
 
 @deftypefun void gpgme_result_unref (@w{void *@var{result}})
+ at since{1.2.0}
+
 The function @code{gpgme_result_unref} releases a reference for the
 result @var{result}.  If this was the last reference, the result
 structure will be destroyed and all resources associated to it will be
@@ -2402,6 +2466,8 @@ default can also be retrieved without any particular context.
 @xref{Engine Configuration}.
 
 @deftypefun gpgme_engine_info_t gpgme_ctx_get_engine_info (@w{gpgme_ctx_t @var{ctx}})
+ at since{1.1.0}
+
 The function @code{gpgme_ctx_get_engine_info} returns a linked list of
 engine info structures.  Each info structure describes the
 configuration of one configured backend, as used by the context
@@ -2414,6 +2480,8 @@ This function can not fail.
 @end deftypefun
 
 @deftypefun gpgme_error_t gpgme_ctx_set_engine_info (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_protocol_t @var{proto}}, @w{const char *@var{file_name}}, @w{const char *@var{home_dir}})
+ at since{1.1.0}
+
 The function @code{gpgme_ctx_set_engine_info} changes the
 configuration of the crypto engine implementing the protocol
 @var{proto} for the context @var{ctx}.
@@ -2450,6 +2518,8 @@ addresses is not supported.
       (@w{gpgme_ctx_t @var{ctx}}, @
        @w{int @var{address}})
 
+ at since{1.8.0}
+
 The function @code{gpgme_set_sender} specifies the sender address for
 use in sign and verify operations.  @var{address} is expected to be
 the ``addr-spec'' part of an address but my also be a complete mailbox
@@ -2465,6 +2535,8 @@ most likely failure is that no valid ``addr-spec'' was found in
 @deftypefun @w{const char *} gpgme_get_sender @
       (@w{gpgme_ctx_t @var{ctx}})
 
+ at since{1.8.0}
+
 The function @code{gpgme_get_sender} returns the current sender
 address from the context, or NULL if none was set.  The returned
 value is valid as long as the @var{ctx} is valid and
@@ -2531,6 +2603,8 @@ valid pointer.
 @cindex offline mode
 
 @deftypefun void gpgme_set_offline (@w{gpgme_ctx_t @var{ctx}}, @w{int @var{yes}})
+ at since{1.6.0}
+
 The function @code{gpgme_set_offline} specifies if offline mode
 should be used.  By default, offline mode is not used.
 
@@ -2550,6 +2624,8 @@ otherwise.
 @end deftypefun
 
 @deftypefun int gpgme_get_offline (@w{gpgme_ctx_t @var{ctx}})
+ at since{1.6.0}
+
 The function @code{gpgme_get_offline} returns 1 if offline
 mode is enabled, and @code{0} if it is not, or if @var{ctx} is not a
 valid pointer.
@@ -2563,6 +2639,9 @@ valid pointer.
 
 @deftypefun gpgme_error_t gpgme_set_pinentry_mode (@w{gpgme_ctx_t @var{ctx}},
 @w{gpgme_pinentry_mode_t @var{mode}})
+
+ at since{1.4.0}
+
 The function @code{gpgme_set_pinentry_mode} specifies the pinentry mode
 to be used.
 
@@ -2572,30 +2651,44 @@ mechanism in GPGME through @code{gpgme_set_passphrase_cb}.
 @end deftypefun
 
 @deftypefun gpgme_pinentry_mode_t gpgme_get_pinentry_mode (@w{gpgme_ctx_t @var{ctx}})
+ at since{1.4.0}
+
 The function @code{gpgme_get_pinenty_mode} returns the
 mode set for the context.
 @end deftypefun
 
 @deftp {Data type} {enum gpgme_pinentry_mode_t}
 @tindex gpgme_pinentry_mode_t
+ at since{1.4.0}
+
 The @code{gpgme_minentry_mode_t} type specifies the set of possible pinentry
 modes that are supported by @acronym{GPGME} if GnuPG >= 2.1 is used.
 The following modes are supported:
 
 @table @code
 @item GPGME_PINENTRY_MODE_DEFAULT
+ at since{1.4.0}
+
 Use the default of the agent, which is ask.
 
 @item GPGME_PINENTRY_MODE_ASK
+ at since{1.4.0}
+
 Force the use of the Pinentry.
 
 @item GPGME_PINENTRY_MODE_CANCEL
+ at since{1.4.0}
+
 Emulate use of Pinentry's cancel button.
 
 @item GPGME_PINENTRY_MODE_ERROR
+ at since{1.4.0}
+
 Return a Pinentry error @code{No Pinentry}.
 
 @item GPGME_PINENTRY_MODE_LOOPBACK
+ at since{1.4.0}
+
 Redirect Pinentry queries to the caller.
 This enables the use of @code{gpgme_set_passphrase_cb} because pinentry
 queries are redirected to gpgme.
@@ -2619,6 +2712,8 @@ values of @var{nr_of_certs} are:
 
 @table @code
 @item GPGME_INCLUDE_CERTS_DEFAULT
+ at since{1.0.3}
+
 Fall back to the default of the crypto backend.  This is the default
 for GPGME.
 @item -2
@@ -2674,17 +2769,23 @@ The @code{GPGME_KEYLIST_MODE_SIGS} symbol specifies that the key
 signatures should be included in the listed keys.
 
 @item GPGME_KEYLIST_MODE_SIG_NOTATIONS
+ at since{1.1.1}
+
 The @code{GPGME_KEYLIST_MODE_SIG_NOTATIONS} symbol specifies that the
 signature notations on key signatures should be included in the listed
 keys.  This only works if @code{GPGME_KEYLIST_MODE_SIGS} is also
 enabled.
 
 @item GPGME_KEYLIST_MODE_WITH_TOFU
+ at since{1.7.0}
+
 The @code{GPGME_KEYLIST_MODE_WITH_TOFU} symbol specifies that
 information pertaining to the TOFU trust model should be included in
 the listed keys.
 
 @item GPGME_KEYLIST_MODE_WITH_SECRET
+ at since{1.5.1}
+
 The @code{GPGME_KEYLIST_MODE_WITH_SECRET} returns information about
 the presence of a corresponding secret key in a public key listing.  A
 public key listing with this mode is slower than a standard listing
@@ -2692,10 +2793,14 @@ but can be used instead of a second run to list the secret keys.  This
 is only supported for GnuPG versions >= 2.1.
 
 @item GPGME_KEYLIST_MODE_EPHEMERAL
+ at since{1.2.0}
+
 The @code{GPGME_KEYLIST_MODE_EPHEMERAL} symbol specifies that keys
 flagged as ephemeral are included in the listing.
 
 @item GPGME_KEYLIST_MODE_VALIDATE
+ at since{0.4.5}
+
 The @code{GPGME_KEYLIST_MODE_VALIDATE} symbol specifies that the
 backend should do key or certificate validation and not just get the
 validity information from an internal cache.  This might be an
@@ -2867,6 +2972,8 @@ value. Otherwise, return @code{0}.
 @end deftp
 
 @deftypefun void gpgme_set_status_cb (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_status_cb_t @var{statusfunc}}, @w{void *@var{hook_value}})
+ at since{1.6.0}
+
 The function @code{gpgme_set_status_cb} sets the function that is used when a
 status message is received from gpg to @var{statusfunc}. The function
 @var{statusfunc} needs to be implemented by the user, and whenever it is
@@ -2878,6 +2985,8 @@ The user can disable the use of a status message callback function by calling
 @end deftypefun
 
 @deftypefun void gpgme_get_status_cb (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_status_cb_t *@var{statusfunc}}, @w{void **@var{hook_value}})
+ at since{1.6.0}
+
 The function @code{gpgme_get_status_cb} returns the function that is used to
 process status messages from gpg in @var{*statusfunc}, and the first argument
 for this function in @var{*hook_value}.  If no status message callback is set,
@@ -2890,6 +2999,8 @@ variables.
             @w{const char *@var{name}}, @
             @w{const char *@var{value}})
 
+ at since{1.7.0}
+
 Some minor properties of the context can be controlled with flags set
 by this function.  The properties are identified by the following
 values for @var{name}:
@@ -2954,6 +3065,8 @@ This function returns @code{0} on success.
             (@w{gpgme_ctx_t @var{ctx}}, @
             @w{const char *@var{name}})
 
+ at since{1.8.0}
+
 The value of flags settable by @code{gpgme_set_ctx_flag} can be
 retrieved by this function.  If @var{name} is unknown the function
 returns @code{NULL}.  For boolean flags an empty string is returned
@@ -2977,6 +3090,8 @@ The default locale is used to initialize the locale setting of all
 contexts created afterwards.
 
 @deftypefun gpgme_error_t gpgme_set_locale (@w{gpgme_ctx_t @var{ctx}}, @w{int @var{category}}, @w{const char *@var{value}})
+ at since{0.4.3}
+
 The function @code{gpgme_set_locale} sets the locale of the context
 @var{ctx}, or the default locale if @var{ctx} is a null pointer.
 
@@ -3039,6 +3154,8 @@ following members:
 
 @table @code
 @item gpgme_keylist_mode_t keylist_mode
+ at since{0.9.0}
+
 The keylist mode that was active when the key was retrieved.
 
 @item unsigned int revoked : 1
@@ -3069,10 +3186,14 @@ This is true if the key (ie one of its subkeys) can be used to create
 key certificates.
 
 @item unsigned int can_authenticate : 1
+ at since{0.4.5}
+
 This is true if the key (ie one of its subkeys) can be used for
 authentication.
 
 @item unsigned int is_qualified : 1
+ at since{1.1.0}
+
 This is true if the key can be used for qualified signatures according
 to local government regulations.
 
@@ -3083,6 +3204,8 @@ be true even if the corresponding subkey flag may be false
 been requested or if @code{GPGME_KEYLIST_MODE_WITH_SECRET} is active.
 
 @item unsigned int origin : 5
+ at since{1.8.0}
+
 Reserved for the origin of this key.
 
 @item gpgme_protocol_t protocol
@@ -3113,12 +3236,16 @@ This is a linked list with the user IDs of the key.  The first user ID
 in the list is the main (or primary) user ID.
 
 @item char *fpr
+ at since{1.7.0}
+
 This field gives the fingerprint of the primary key.  Note that
 this is a copy of the fingerprint of the first subkey.  For an
 incomplete key (for example from a verification result) a subkey may
 be missing but this field may be set nevertheless.
 
 @item unsigned long last_update
+ at since{1.8.0}
+
 Reserved for the time of the last update of this key.
 
 @end table
@@ -3126,6 +3253,7 @@ Reserved for the time of the last update of this key.
 
 
 @deftp {Data type} gpgme_subkey_t
+ at since{1.5.0}
 
 The @code{gpgme_subkey_t} type is a pointer to a subkey structure.
 Subkeys are one component of a @code{gpgme_key_t} object.  In fact,
@@ -3163,13 +3291,19 @@ This is true if the subkey can be used to create data signatures.
 This is true if the subkey can be used to create key certificates.
 
 @item unsigned int can_authenticate : 1
+ at since{0.4.5}
+
 This is true if the subkey can be used for authentication.
 
 @item unsigned int is_qualified : 1
+ at since{1.1.0}
+
 This is true if the subkey can be used for qualified signatures
 according to local government regulations.
 
 @item unsigned int is_de_vs : 1
+ at since{1.8.0}
+
 This is true if the subkey complies with the rules for classified
 information in Germany at the restricted level (VS-NfD).  This are
 currently RSA keys of at least 2048 bits or ECDH/ECDSA keys using a
@@ -3196,6 +3330,8 @@ This is the fingerprint of the subkey in hexadecimal digits, if
 available.
 
 @item char *keygrip
+ at since{1.7.0}
+
 The keygrip of the subkey in hex digit form or @code{NULL} if not
 availabale.
 
@@ -3208,9 +3344,13 @@ This is the expiration timestamp of the subkey, or 0 if the subkey
 does not expire.
 
 @item unsigned int is_cardkey : 1
+ at since{1.2.0}
+
 True if the secret key is stored on a smart card.
 
 @item char *card_number
+ at since{1.2.0}
+
 The serial number of a smart card holding this key or @code{NULL}.
 
 @item char *curve
@@ -3260,6 +3400,8 @@ but might be slightly different.  If no mail address is available
 @code{NULL} is stored.
 
 @item gpgme_tofu_info_t tofu
+ at since{1.7.0}
+
 If not @code{NULL} information from the TOFU database pertaining to
 this user id.
 
@@ -3267,9 +3409,13 @@ this user id.
 This is a linked list with the signatures on this user ID.
 
 @item unsigned int origin : 5
+ at since{1.8.0}
+
 Reserved for the origin of this user ID.
 
 @item unsigned long last_update
+ at since{1.8.0}
+
 Reserved for the time of the last update of this user ID.
 
 @end table
@@ -3278,6 +3424,8 @@ Reserved for the time of the last update of this user ID.
 
 @deftp {Data type} gpgme_tofu_info_t
 
+ at since{1.7.0}
+
 The @code{gpgme_tofu_info_t} type is a pointer to a tofu info
 structure.  Tofu info structures are one component of a
 @code{gpgme_user_id_t} object, and provide information from the TOFU
@@ -3490,11 +3638,13 @@ The function returns the error code @code{GPG_ERR_INV_VALUE} if
 are reported by the crypto engine support routines.
 @end deftypefun
 
- at deftypefun gpgme_error_t gpgme_op_keylist_from_data @
+ at deftypefun gpgme_error_t gpgme_op_keylist_from_data_start @
             (@w{gpgme_ctx_t @var{ctx}}, @
              @w{gpgme_data_t @var{data}}, @
              @w{int @var{reserved}})
 
+ at since{1.8.0}
+
 The function @code{gpgme_op_keylist_from_data_start} initiates a key
 listing operation inside the context @var{ctx}.  In contrast to the
 other key listing operation the keys are read from the supplied
@@ -3714,6 +3864,8 @@ first and provide a fallback to the old function if the error code
        @w{gpgme_key_t @var{extrakey}}, @
        @w{unsigned int @var{flags}});
 
+ at since{1.7.0}
+
 The function @code{gpgme_op_createkey} generates a new key for the
 procotol active in the context @var{ctx}.  As of now this function
 does only work for OpenPGP and requires at least version 2.1.13 of
@@ -3758,6 +3910,8 @@ A future version of GPGME may use this parameter to create X.509 keys.
 @itemx GPGME_CREATE_ENCR
 @itemx GPGME_CREATE_CERT
 @itemx GPGME_CREATE_AUTH
+ at since{1.7.0}
+
 Do not create the key with the default capabilities (key usage) of the
 requested algorithm but use those explicitly given by these flags:
 ``signing'', ``encryption'', ``certification'', or ``authentication''.
@@ -3768,27 +3922,39 @@ selected only one key is created in the case of the OpenPGP
 protocol.
 
 @item GPGME_CREATE_NOPASSWD
+ at since{1.7.0}
+
 Request generation of the key without password protection.
 
 @item GPGME_CREATE_SELFSIGNED
+ at since{1.7.0}
+
 For an X.509 key do not create a CSR but a self-signed certificate.
 This has not yet been implemented.
 
 @item GPGME_CREATE_NOSTORE
+ at since{1.7.0}
+
 Do not store the created key in the local key database.
 This has not yet been implemented.
 
 @item GPGME_CREATE_WANTPUB
 @itemx GPGME_CREATE_WANTSEC
+ at since{1.7.0}
+
 Return the public or secret key as part of the result structure.
 This has not yet been implemented.
 
 @item GPGME_CREATE_FORCE
+ at since{1.7.0}
+
 The engine does not allow the creation of a key with a user ID
 already existing in the local key database.  This flag can be used to
 override this check.
 
 @item GPGME_CREATE_NOEXPIRE
+ at since{1.8.0}
+
 Request generation of keys that do not expire.
 
 @end table
@@ -3812,6 +3978,8 @@ codes.
        @w{gpgme_key_t @var{extrakey}}, @
        @w{unsigned int @var{flags}});
 
+ at since{1.7.0}
+
 The function @code{gpgme_op_createkey_start} initiates a
 @code{gpgme_op_createkey} operation; see there for details.  It must
 be completed by calling @code{gpgme_wait} on the context.
@@ -3830,6 +3998,8 @@ be completed by calling @code{gpgme_wait} on the context.
        @w{unsigned long @var{expires}}, @
        @w{unsigned int @var{flags}});
 
+ at since{1.7.0}
+
 The function @code{gpgme_op_createsubkey} creates and adds a new
 subkey to the primary OpenPGP key given by @var{KEY}.  The only
 allowed protocol in @var{ctx} is @code{GPGME_PROTOCOL_OPENPGP}.
@@ -3880,6 +4050,8 @@ codes.
        @w{unsigned long @var{expires}}, @
        @w{unsigned int @var{flags}});
 
+ at since{1.7.0}
+
 The function @code{gpgme_op_createsubkey_start} initiates a
 @code{gpgme_op_createsubkey} operation; see there for details.  It must
 be completed by calling @code{gpgme_wait} on the context.
@@ -3897,6 +4069,8 @@ be completed by calling @code{gpgme_wait} on the context.
        @w{const char *@var{userid}}, @
        @w{unsigned int @var{flags}});
 
+ at since{1.7.0}
+
 The function @code{gpgme_op_adduid} adds a new user ID to the OpenPGP
 key given by @var{KEY}.  Adding additional user IDs after key creation
 is a feature of the OpenPGP protocol and thus the protocol for the
@@ -3926,6 +4100,8 @@ codes.
        @w{const char *@var{userid}}, @
        @w{unsigned int @var{flags}});
 
+ at since{1.7.0}
+
 The function @code{gpgme_op_adduid_start} initiates a
 @code{gpgme_op_adduid} operation; see there for details.  It must
 be completed by calling @code{gpgme_wait} on the context.
@@ -3943,6 +4119,8 @@ be completed by calling @code{gpgme_wait} on the context.
        @w{const char *@var{userid}}, @
        @w{unsigned int @var{flags}});
 
+ at since{1.7.0}
+
 The function @code{gpgme_op_revuid} revokes a user ID from the OpenPGP
 key given by @var{KEY}.  Revoking user IDs after key creation is a
 feature of the OpenPGP protocol and thus the protocol for the context
@@ -3974,6 +4152,8 @@ codes.
        @w{const char *@var{userid}}, @
        @w{unsigned int @var{flags}});
 
+ at since{1.7.0}
+
 The function @code{gpgme_op_revuid_start} initiates a
 @code{gpgme_op_revuid} operation; see there for details.  It must
 be completed by calling @code{gpgme_wait} on the context.
@@ -3992,6 +4172,8 @@ be completed by calling @code{gpgme_wait} on the context.
        @w{cons char * @var{name}}, @
        @w{cons char * @var{value}});
 
+ at since{1.8.0}
+
 The function @code{gpgme_op_set_uid_flag} is used to set flags on a
 user ID from the OpenPGP key given by @var{KEY}.  Setting flags on
 user IDs after key creation is a feature of the OpenPGP protocol and
@@ -4030,6 +4212,8 @@ codes.
        @w{cons char * @var{name}}, @
        @w{cons char * @var{value}});
 
+ at since{1.8.0}
+
 The function @code{gpgme_op_set_uid_flag_start} initiates a
 @code{gpgme_op_set_uid_flag} operation; see there for details.  It must
 be completed by calling @code{gpgme_wait} on the context.
@@ -4157,10 +4341,14 @@ key will be returned.  If the crypto engine does not provide the
 fingerprint, @code{fpr} will be a null pointer.
 
 @item gpgme_data_t pubkey
+ at since{1.7.0}
+
 This will eventually be used to return the public key.  It is
 currently not used.
 
 @item gpgme_data_t seckey
+ at since{1.7.0}
+
 This will eventually be used to return the secret key.  It is
 currently not used.
 
@@ -4205,6 +4393,8 @@ versions.
        @w{unsigned long @var{expires}}, @
        @w{unsigned int @var{flags}});
 
+ at since{1.7.0}
+
 The function @code{gpgme_op_keysign} adds a new key signature to the
 public key @var{KEY}.   This function requires at least version 2.1.12 of
 GnuPG.
@@ -4240,10 +4430,14 @@ only encode dates up to the year 2106.
 
 @table @code
 @item GPGME_KEYSIGN_LOCAL
+ at since{1.7.0}
+
 Instead of creating an exportable key signature, create a key
 signature which is is marked as non-exportable.
 
 @item GPGME_KEYSIGN_LFSEP
+ at since{1.7.0}
+
 Although linefeeds are uncommon in user IDs this flag is required to
 explicitly declare that @var{userid} may contain several linefeed
 separated user IDs.
@@ -4268,6 +4462,8 @@ codes.
        @w{unsigned long @var{expires}}, @
        @w{unsigned int @var{flags}});
 
+ at since{1.7.0}
+
 The function @code{gpgme_op_keysign_start} initiates a
 @code{gpgme_op_keysign} operation; see there for details.  It must
 be completed by calling @code{gpgme_wait} on the context.
@@ -4299,22 +4495,30 @@ time.  Using this flag requires that the @var{keydata} argument of the
 export function is set to @code{NULL}.
 
 @item GPGME_EXPORT_MODE_MINIMAL
+ at since{1.3.1}
+
 If this bit is set, the smallest possible key is exported.  For OpenPGP
 keys it removes all signatures except for the latest self-signatures.
 For X.509 keys it has no effect.
 
 
 @item GPGME_EXPORT_MODE_SECRET
+ at since{1.6.0}
+
 Instead of exporting the public key, the secret key is exported.  This
 may not be combined with @code{GPGME_EXPORT_MODE_EXTERN}.  For X.509
 the export format is PKCS#8.
 
 @item GPGME_EXPORT_MODE_RAW
+ at since{1.6.0}
+
 If this flag is used with @code{GPGME_EXPORT_MODE_SECRET} for an X.509
 key the export format will be changed to PKCS#1.  This flag may not be
 used with OpenPGP.
 
 @item GPGME_EXPORT_MODE_PKCS12
+ at since{1.6.0}
+
 If this flag is used with @code{GPGME_EXPORT_MODE_SECRET} for an X.509
 key the export format will be changed to PKCS#12 which also includes
 the certificate.  This flag may not be used with OpenPGP.
@@ -4384,6 +4588,8 @@ if @var{keydata} is not a valid empty data buffer.
 
 
 @deftypefun gpgme_error_t gpgme_op_export_keys (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_key_t keys[]}, @w{gpgme_export_mode_t @var{mode}}, @w{gpgme_data_t @var{keydata}})
+ at since{1.2.0}
+
 The function @code{gpgme_op_export_keys} extracts public keys and returns
 them in the data buffer @var{keydata}.  The output format of the key
 data returned is determined by the @acronym{ASCII} armor attribute set
@@ -4406,6 +4612,8 @@ are reported by the crypto engine support routines.
 @end deftypefun
 
 @deftypefun gpgme_error_t gpgme_op_export_keys_start (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_key_t @var{keys}[]}, @w{gpgme_export_mode_t @var{mode}}, @w{gpgme_data_t @var{keydata}})
+ at since{1.2.0}
+
 The function @code{gpgme_op_export_keys_start} initiates a
 @code{gpgme_op_export_ext} operation.  It can be completed by calling
 @code{gpgme_wait} on the context.  @xref{Waiting For Completion}.
@@ -4454,6 +4662,8 @@ import could be started successfully, @code{GPG_ERR_INV_VALUE} if
 @end deftypefun
 
 @deftypefun gpgme_error_t gpgme_op_import_keys (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_key_t *@var{keys}})
+ at since{1.2.0}
+
 The function @code{gpgme_op_import_keys} adds the keys described by
 the @code{NULL} terminated array @var{keys} to the key ring of the
 crypto engine used by @var{ctx}.  It is used to actually import and
@@ -4484,6 +4694,8 @@ considered for export.
 @end deftypefun
 
 @deftypefun gpgme_error_t gpgme_op_import_keys_start (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_key_t *@var{keys}})
+ at since{1.2.0}
+
 The function @code{gpgme_op_import_keys_start} initiates a
 @code{gpgme_op_import_keys} operation.  It can be completed by calling
 @code{gpgme_wait} on the context.  @xref{Waiting For Completion}.
@@ -4607,6 +4819,8 @@ operation is started on the context.
 @cindex key ring, delete from
 
 @deftypefun gpgme_error_t gpgme_op_delete_ext (@w{gpgme_ctx_t @var{ctx}}, @w{const gpgme_key_t @var{key}}, @w{unsigned int @var{flags}})
+ at since{1.9.1}
+
 The function @code{gpgme_op_delete_ext} deletes the key @var{key} from
 the key ring of the crypto engine used by @var{ctx}.
 
@@ -4614,10 +4828,14 @@ the key ring of the crypto engine used by @var{ctx}.
 
 @table @code
 @item GPGME_DELETE_ALLOW_SECRET
+ at since{1.9.1}
+
 If not set, only public keys are deleted. If set, secret keys are
 deleted as well, if that is supported.
 
 @item GPGME_DELETE_FORCE
+ at since{1.9.1}
+
 If set, the user is not asked to confirm the deletion.
 @end table
 
@@ -4631,6 +4849,8 @@ unambiguously, and @code{GPG_ERR_CONFLICT} if the secret key for
 @end deftypefun
 
 @deftypefun gpgme_error_t gpgme_op_delete_ext_start (@w{gpgme_ctx_t @var{ctx}}, @w{const gpgme_key_t @var{key}}, @w{unsigned int @var{flags}})
+ at since{1.9.1}
+
 The function @code{gpgme_op_delete_ext_start} initiates a
 @code{gpgme_op_delete} operation.  It can be completed by calling
 @code{gpgme_wait} on the context.  @xref{Waiting For Completion}.
@@ -4662,6 +4882,8 @@ Similar to @code{gpgme_op_delete_ext_start}, but only the flag
               @w{const gpgme_key_t @var{key}}, @
               @w{unsigned int @var{flags}})
 
+ at since{1.3.0}
+
 The function @code{gpgme_op_passwd} changes the passphrase of the
 private key associated with @var{key}.  The only allowed value for
 @var{flags} is @code{0}.  The backend engine will usually popup a window
@@ -4678,6 +4900,8 @@ this command and will silently ignore it.
               @w{const gpgme_key_t @var{key}}, @
               @w{unsigned int @var{flags}})
 
+ at since{1.3.0}
+
 The function @code{gpgme_op_passwd_start} initiates a
 @code{gpgme_op_passwd} operation.    It can be completed by calling
 @code{gpgme_wait} on the context.  @xref{Waiting For Completion}.
@@ -4701,6 +4925,8 @@ for a key.  See the GnuPG manual for details on the TOFU
 implementation.
 
 @deftp {Data type} {enum gpgme_tofu_policy_t}
+ at since{1.7.0}
+
 @tindex gpgme_tofu_policy_t
 The @code{gpgme_tofu_policy_t} type specifies the set of possible
 policy values that are supported by @acronym{GPGME}:
@@ -4727,6 +4953,8 @@ To change the policy for a key the following functions can be used:
               @w{const gpgme_key_t @var{key}}, @
               @w{gpgme_tofu_policy_t @var{policy}})
 
+ at since{1.7.0}
+
 The function @code{gpgme_op_tofu_policy} changes the TOFU policy of
 @var{key}.  The valid values for @var{policy} are listed above.  As of
 now this function does only work for OpenPGP and requires at least
@@ -4743,6 +4971,8 @@ codes.
               @w{const gpgme_key_t @var{key}}, @
               @w{gpgme_tofu_policy_t @var{policy}})
 
+ at since{1.7.0}
+
 The function @code{gpgme_op_tofu_policy_start} initiates a
 @code{gpgme_op_tofu_policy} operation.    It can be completed by calling
 @code{gpgme_wait} on the context.  @xref{Waiting For Completion}.
@@ -4763,6 +4993,9 @@ could not be started.
     @w{const char *@var{status}}, @
     @w{const char *@var{args}}, @
     @w{int @var{fd}})}
+
+ at since{1.7.0}
+
 @tindex gpgme_interact_cb_t
 The @code{gpgme_interact_cb_t} type is the type of functions which
 @acronym{GPGME} calls if it a key interact operation is on-going.  The
@@ -4784,6 +5017,9 @@ the status code, @code{0} for success, or any other error value.
    @w{gpgme_interact_cb_t @var{fnc}}, @
    @w{void *@var{handle}}, @
    @w{gpgme_data_t @var{out}})
+
+ at since{1.7.0}
+
 The function @code{gpgme_op_interact} processes the key @var{KEY}
 interactively, using the interact callback function @var{FNC} with the
 handle @var{HANDLE}.  The callback is invoked for every status and
@@ -4799,6 +5035,8 @@ bit value is:
 
 @table @code
 @item GPGME_INTERACT_CARD
+ at since{1.7.0}
+
 This is used for smartcard based keys and uses gpg?s
 @code{--card-edit} command.
 
@@ -4817,6 +5055,9 @@ the edit callback handler.
    @w{gpgme_interact_cb_t @var{fnc}}, @
    @w{void *@var{handle}}, @
    @w{gpgme_data_t @var{out}})
+
+ at since{1.7.0}
+
 The function @code{gpgme_op_interact_start} initiates a
 @code{gpgme_op_interact} operation.  It can be completed by calling
 @code{gpgme_wait} on the context.  @xref{Waiting For Completion}.
@@ -5008,6 +5249,8 @@ if @var{cipher} or @var{plain} is not a valid pointer.
             @w{gpgme_data_t @var{cipher}}, @
             @w{gpgme_data_t @var{plain}})
 
+ at since{1.8.0}
+
 The function @code{gpgme_op_decrypt_ext} is the same as
 @code{gpgme_op_decrypt_ext} but has an additional argument
 @var{flags}.  If @var{flags} is 0 both function behave identically.
@@ -5017,10 +5260,14 @@ multiple of the following bit values:
 
 @table @code
 @item GPGME_DECRYPT_VERIFY
+ at since{1.8.0}
+
 The @code{GPGME_DECRYPT_VERIFY} symbol specifies that this function
 shall exacty act as @code{gpgme_op_decrypt_verify}.
 
 @item GPGME_DECRYPT_UNWRAP
+ at since{1.8.0}
+
 The @code{GPGME_DECRYPT_UNWRAP} symbol specifies that the output shall
 be an OpenPGP message with only the encryption layer removed.  This
 requires GnuPG 2.1.12 and works only for OpenPGP.  This is the
@@ -5038,6 +5285,8 @@ The function returns the error codes as descriped for
             @w{gpgme_data_t @var{cipher}}, @
             @w{gpgme_data_t @var{plain}})
 
+ at since{1.8.0}
+
 The function @code{gpgme_op_decrypt_ext_start} initiates a
 @code{gpgme_op_decrypt_ext} operation.  It can be completed by calling
 @code{gpgme_wait} on the context.  @xref{Waiting For Completion}.
@@ -5049,6 +5298,8 @@ if @var{cipher} or @var{plain} is not a valid pointer.
 
 
 @deftp {Data type} {gpgme_recipient_t}
+ at since{1.1.0}
+
 This is a pointer to a structure used to store information about the
 recipient of an encrypted text which is decrypted in a
 @code{gpgme_op_decrypt} operation.  This information (except for the
@@ -5089,9 +5340,13 @@ If an unsupported algorithm was encountered, this string describes the
 algorithm that is not supported.
 
 @item unsigned int wrong_key_usage : 1
+ at since{0.9.0}
+
 This is true if the key was not used according to its policy.
 
 @item gpgme_recipient_t recipients
+ at since{1.1.0}
+
 This is a linked list of recipients to which this message was encrypted.
 
 @item char *file_name
@@ -5099,6 +5354,8 @@ This is the filename of the original plaintext message file if it is
 known, otherwise this is a null pointer.
 
 @item char *session_key
+ at since{1.8.0}
+
 A textual representation (nul-terminated string) of the session key
 used in symmetric encryption of the message, if the context has been
 set to export session keys (see @code{gpgme_set_ctx_flag,
@@ -5202,10 +5459,14 @@ following bit values:
 
 @table @code
 @item GPGME_SIG_NOTATION_HUMAN_READABLE
+ at since{1.1.0}
+
 The @code{GPGME_SIG_NOTATION_HUMAN_READABLE} symbol specifies that the
 notation data is in human readable form
 
 @item GPGME_SIG_NOTATION_CRITICAL
+ at since{1.1.0}
+
 The @code{GPGME_SIG_NOTATION_CRITICAL} symbol specifies that the
 notation data is critical.
 
@@ -5367,6 +5628,8 @@ Depending on the configuration of the engine, this metric may also be
 reflected by the validity of the signature.
 
 @item unsigned int chain_model : 1
+ at since{1.1.6}
+
 This is true if the validity of the signature has been checked using the
 chain model.  In the chain model the time the signature has been created
 must be within the validity period of the certificate and the time the
@@ -5392,6 +5655,8 @@ The hash algorithm used to create this signature.
 The mailbox from the PKA information or @code{NULL}.
 
 @item gpgme_key_t key
+ at since{1.7.0}
+
 An object describing the key used to create the signature.  This key
 object may be incomplete in that it only conveys information
 availabale directly with a signature.  It may also be @code{NULL} if
@@ -5485,6 +5750,8 @@ functions in GPGME and GnuPG:
 
 @deftypefun @w{char *} gpgme_addrspec_from_uid (@w{const char *@var{uid}})
 
+ at since{1.7.1}
+
 Return the mail address (called ``addr-spec'' in RFC-5322) from the
 string @var{uid} which is assumed to be a user id (called ``address''
 in RFC-5322).  All plain ASCII characters (i.e. those with bit 7
@@ -5540,6 +5807,8 @@ Calling this function acquires an additional reference for the key.
 @end deftypefun
 
 @deftypefun @w{unsigned int} gpgme_signers_count (@w{const gpgme_ctx_t @var{ctx}})
+ at since{1.4.3}
+
 The function @code{gpgme_signers_count} returns the number of signer keys in
 the context @var{ctx}.
 @end deftypefun
@@ -5681,6 +5950,8 @@ to a signature.  This information is then available to the user when
 the signature is verified.
 
 @deftypefun void gpgme_sig_notation_clear (@w{gpgme_ctx_t @var{ctx}})
+ at since{1.1.0}
+
 The function @code{gpgme_sig_notation_clear} removes the notation data
 from the context @var{ctx}.  Subsequent signing operations from this
 context will not include any notation data.
@@ -5689,6 +5960,8 @@ Every context starts with an empty notation data list.
 @end deftypefun
 
 @deftypefun gpgme_error_t gpgme_sig_notation_add (@w{gpgme_ctx_t @var{ctx}}, @w{const char *@var{name}}, @w{const char *@var{value}}, @w{gpgme_sig_notation_flags_t @var{flags}})
+ at since{1.1.0}
+
 The function @code{gpgme_sig_notation_add} adds the notation data with
 the name @var{name} and the value @var{value} to the context
 @var{ctx}.
@@ -5714,6 +5987,8 @@ reported by the crypto engine support routines.
 @end deftypefun
 
 @deftypefun gpgme_sig_notation_t gpgme_sig_notation_get (@w{const gpgme_ctx_t @var{ctx}})
+ at since{1.1.0}
+
 The function @code{gpgme_sig_notation_get} returns the linked list of
 notation data structures that are contained in the context @var{ctx}.
 
@@ -5763,12 +6038,16 @@ have a high enough validity in the keyring.  This flag should be used
 with care; in general it is not a good idea to use any untrusted keys.
 
 @item GPGME_ENCRYPT_NO_ENCRYPT_TO
+ at since{1.2.0}
+
 The @code{GPGME_ENCRYPT_NO_ENCRYPT_TO} symbol specifies that no
 default or hidden default recipients as configured in the crypto
 backend should be included.  This can be useful for managing different
 user profiles.
 
 @item GPGME_ENCRYPT_NO_COMPRESS
+ at since{1.5.0}
+
 The @code{GPGME_ENCRYPT_NO_COMPRESS} symbol specifies that the
 plaintext shall not be compressed before it is encrypted.  This is
 in some cases useful if the length of the encrypted message
@@ -5783,12 +6062,16 @@ protocol to prepare an encryption (i.e. sending the
 also expect a sign command.
 
 @item GPGME_ENCRYPT_SYMMETRIC
+ at since{1.7.0}
+
 The @code{GPGME_ENCRYPT_SYMMETRIC} symbol specifies that the
 output should be additionally encrypted symmetrically even
 if recipients are provided. This feature is only supported for
 for the OpenPGP crypto engine.
 
 @item GPGME_ENCRYPT_THROW_KEYIDS
+ at since{1.8.0}
+
 The @code{GPGME_ENCRYPT_THROW_KEYIDS} symbols requests that the
 identifiers for the decrption keys are not included in the ciphertext.
 On the receiving side, the use of this flag may slow down the
@@ -5796,6 +6079,8 @@ decryption process because all available secret keys must be tried.
 This flag is only honored for OpenPGP encryption.
 
 @item GPGME_ENCRYPT_WRAP
+ at since{1.8.0}
+
 The @code{GPGME_ENCRYPT_WRAP} symbol specifies that the input is an
 OpenPGP message and not a plain data.  This is the counterpart to
 @code{GPGME_DECRYPT_UNWRAP}.
@@ -5920,6 +6205,8 @@ with the GPGME API.
              @w{gpgme_data_t @var{dataout}}, @w{gpgme_data_t @var{dataerr}}, @
              @w{unsigned int @var{flags}})
 
+ at since{1.5.0}
+
 The function @code{gpgme_op_spawn} runs the program @var{file} with
 the arguments taken from the NULL terminated array @var{argv}.  If no
 arguments are required @var{argv} may be given as @code{NULL}.  In the
@@ -5935,10 +6222,15 @@ multiple of the following bit values:
 
 @table @code
 @item GPGME_SPAWN_DETACHED
+ at since{1.5.0}
+
 Under Windows this flag inhibits the allocation of a new console for
 the program.  This is useful for a GUI application which needs to call
 a command line helper tool.
+
 @item GPGME_SPAWN_ALLOW_SET_FG
+ at since{1.5.0}
+
 Under Windows this flag allows the called program to put itself into
 the foreground.
 @end table
@@ -5950,6 +6242,8 @@ the foreground.
              @w{gpgme_data_t @var{dataout}}, @w{gpgme_data_t @var{dataerr}}, @
              @w{unsigned int @var{flags}})
 
+ at since{1.5.0}
+
 This is the asynchronous variant of @code{gpgme_op_spawn}.
 @end deftypefun
 
@@ -5970,6 +6264,8 @@ data:
        (@w{void *@var{opaque}}, @w{const void *@var{data}}, @
         @w{size_t @var{datalen}})}
 
+ at since{1.2.0}
+
 This callback receives any data sent by the server.  @var{opaque} is
 the pointer passed to @code{gpgme_op_assuan_transact_start},
 @var{data} of length @var{datalen} refers to the data sent.
@@ -5979,6 +6275,8 @@ the pointer passed to @code{gpgme_op_assuan_transact_start},
        (@w{void *@var{opaque}}, @w{const char *@var{name}}, @
         @w{const char *@var{args}}, @w{gpgme_data_t *@var{r_data}})}
 
+ at since{1.2.0}
+
 This callback is used to provide additional data to the Assuan server.
 @var{opaque} is the pointer passed to
 @code{gpgme_op_assuan_transact_start}, @var{name} and @var{args}
@@ -5992,6 +6290,8 @@ Note: Returning data is currently not implemented in @acronym{GPGME}.
        (@w{void *@var{opaque}}, @w{const char *@var{status}}, @
         @w{const char *@var{args}})}
 
+ at since{1.2.0}
+
 This callback receives any status lines sent by the server.
 @var{opaque} is the pointer passed to
 @code{gpgme_op_assuan_transact_start}, @var{status} and @var{args}
@@ -6007,6 +6307,8 @@ denote the status update sent.
              @w{gpgme_assuan_status_cb_t @var{status_cb}}, @
              @w{void * @var{status_cb_value}})
 
+ at since{1.2.0}
+
 Send the Assuan @var{command} and return results via the callbacks.
 Any callback may be @code{NULL}.  The result of the operation may be
 retrieved using @code{gpgme_wait_ext}.
@@ -6040,6 +6342,8 @@ access this online database and check whether a new version of a
 software package is available.
 
 @deftp {Data type} {gpgme_query_swdb_result_t}
+ at since{1.8.0}
+
 This is a pointer to a structure used to store the result of a
 @code{gpgme_op_query_swdb} operation.  After success full call to that
 function, you can retrieve the pointer to the result with
@@ -6101,6 +6405,8 @@ The release date of the latest released version.
              @w{const char *@var{iversion}},  @
              @w{gpgme_data_t @var{reserved}})
 
+ at since{1.8.0}
+
 Query the software version database for software package @var{name}
 and check against the installed version given by @var{iversion}.  If
 @var{iversion} is given as @code{NULL} a check is only done if GPGME
@@ -6113,6 +6419,8 @@ current gpgme version is checked.  @var{reserved} must be set to 0.
 @deftypefun gpgme_query_swdb_result_t gpgme_op_query_swdb_result @
             (@w{gpgme_ctx_t @var{ctx}})
 
+ at since{1.8.0}
+
 The function @code{gpgme_op_query_swdb_result} returns a
 @code{gpgme_query_swdb_result_t} pointer to a structure holding the
 result of a @code{gpgme_op_query_swdb} operation.  The pointer is only
@@ -6875,6 +7183,8 @@ immediately.  Instead, cancellation occurs at the next possible time
 (typically the next time I/O occurs in the target context).
 
 @deftypefun gpgme_ctx_t gpgme_cancel (@w{gpgme_ctx_t @var{ctx}})
+ at since{0.4.5}
+
 The function @code{gpgme_cancel} attempts to cancel a pending
 operation in the context @var{ctx}.  This only works if you use the
 global event loop or your own event loop.
@@ -6897,6 +7207,8 @@ case the state of @var{ctx} is not modified).
 
 
 @deftypefun gpgme_ctx_t gpgme_cancel_async (@w{gpgme_ctx_t @var{ctx}})
+ at since{1.1.7}
+
 The function @code{gpgme_cancel_async} attempts to cancel a pending
 operation in the context @var{ctx}.  This can be called by any thread
 at any time after starting an operation on the context, but will not
@@ -6979,6 +7291,8 @@ The function @code{gpgme_trust_item_release} is an alias for
 
 
 @deftypefun gpgme_error_t gpgme_op_import_ext (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_data_t @var{keydata}}, @w{int *@var{nr}})
+ at since{0.3.9}
+
 The function @code{gpgme_op_import_ext} is equivalent to:
 
 @example
@@ -7012,6 +7326,8 @@ the status code, @code{0} for success, or any other error value.
 @end deftp
 
 @deftypefun gpgme_error_t gpgme_op_edit (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_key_t @var{key}}, @w{gpgme_edit_cb_t @var{fnc}}, @w{void *@var{handle}}, @w{gpgme_data_t @var{out}})
+ at since{0.3.9}
+
 Note: This function is deprecated, please use
 @code{gpgme_op_interact} instead.
 
@@ -7032,6 +7348,9 @@ by the crypto engine or the edit callback handler.
 @end deftypefun
 
 @deftypefun gpgme_error_t gpgme_op_edit_start (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_key_t @var{key}}, @w{gpgme_edit_cb_t @var{fnc}}, @w{void *@var{handle}}, @w{gpgme_data_t @var{out}})
+
+ at since{0.3.9}
+
 Note: This function is deprecated, please use
 @code{gpgme_op_interact_start} instead.
 

-----------------------------------------------------------------------

Summary of changes:
 doc/gpgme.texi | 321 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 320 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
GnuPG Made Easy
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Aug 18 20:13:49 2017
From: cvs at cvs.gnupg.org (by Marcus Brinkmann)
Date: Fri, 18 Aug 2017 20:13:49 +0200
Subject: [git] KSBA - branch, master, updated. libksba-1.3.5-13-g457d2f0
Message-ID: <E1dilmH-0000C7-FR@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "KSBA is a library to access X.509 certificates and CMS data.".

The branch, master has been updated
       via  457d2f0c6a1fea394de6d48afb1c1c0189c52878 (commit)
       via  982faa2c354a2d23ffd4a0bad584e145faf809bc (commit)
      from  a1d9b046aec8cedda16a9e24eb8d2ed021f68d5d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 457d2f0c6a1fea394de6d48afb1c1c0189c52878
Author: Marcus Brinkmann <marcus.brinkmann at ruhr-uni-bochum.de>
Date:   Fri Aug 18 20:05:41 2017 +0200

    Fix non-maintainer build.
    
    * configure.ac: Always check for gcov program to make sure
    the automake variable is defined.
    
    Signed-off-by: Marcus Brinkmann <mb at g10code.com>

diff --git a/configure.ac b/configure.ac
index d66e270..54d4787 100644
--- a/configure.ac
+++ b/configure.ac
@@ -127,9 +127,9 @@ gl_EARLY
 AC_PROG_YACC
 AX_PROG_BISON([have_bison=yes],[have_bison=no])
 
+AC_CHECK_PROGS(GCOV, [gcov], gcov)
 if test "$USE_MAINTAINER_MODE" = "yes"; then
 	# gcov coverage reporting
-	AC_CHECK_PROGS(GCOV, [gcov], gcov)
 	AC_TDD_GCOV
 	AC_SUBST(COVERAGE_CFLAGS)
 	AC_SUBST(COVERAGE_LDFLAGS)

commit 982faa2c354a2d23ffd4a0bad584e145faf809bc
Author: Marcus Brinkmann <marcus.brinkmann at ruhr-uni-bochum.de>
Date:   Fri Aug 18 20:02:04 2017 +0200

    Fix all compiler warnings.
    
    * src/asn1-parse.y (import_defs, identifier_list): Comment out unused part
    of the grammar that causes a shift-reduce conflict.
    * src/cms-parser.c (_ksba_cms_parse_enveloped_data_part_1): Initialize
    some variables to help suppress uninitialized use warning.
    * src/crl.c (oidstr_issuingDistributionPoint): Comment out unused OID.
    * src/gen-help.h (ksba_asn_parse_file, ksba_asn_tree_dump): Add declarations.
    
    Signed-off-by: Marcus Brinkmann <mb at g10code.com>

diff --git a/src/asn1-parse.y b/src/asn1-parse.y
index 3336c43..5bff15c 100755
--- a/src/asn1-parse.y
+++ b/src/asn1-parse.y
@@ -92,7 +92,7 @@ struct parser_control_s {
 %param  {void *parm}
 %define api.pure full
 %define parse.error verbose
-%expect 1
+ //%expect 1
 
 %union {
   unsigned int constant;
@@ -170,7 +170,7 @@ static void yyerror (void *parm, const char *s);
 %type <node> boolean_def any_def size_def2 obj_constant obj_constant_list
 %type <node> constant_def type_constant type_constant_list definitions
 %type <node> definitions_id Time bit_element bit_element_list set_def
-%type <node> identifier_list imports_def tag_type tag type_assig_right_tag
+%type <node> /* identifier_list */ imports_def tag_type tag type_assig_right_tag
 %type <node> type_assig_right_tag_default enumerated_def string_def
 %type <node> utf8_string_def numeric_string_def printable_string_def
 %type <node> teletex_string_def ia5_string_def universal_string_def
@@ -229,6 +229,7 @@ constant_list:  constant   { $$=$1; }
                   }
 ;
 
+/*
 identifier_list  :  IDENTIFIER
                         {
                           $$ = NEW_NODE (TYPE_IDENTIFIER);
@@ -244,6 +245,7 @@ identifier_list  :  IDENTIFIER
                           append_right ($$, node);
                         }
 ;
+*/
 
 obj_constant:  num_identifier
                  {
@@ -704,7 +706,8 @@ definitions_id : IDENTIFIER  '{' obj_constant_list '}'
 
 imports_def :  /* empty */
                 { $$=NULL;}
-            | IMPORTS identifier_list FROM IDENTIFIER obj_constant_list
+/*
+            | IMPORTS identifier_list FROM IDENTIFIER
                 {
                   AsnNode node;
 
@@ -715,6 +718,7 @@ imports_def :  /* empty */
                   set_down ($$, node);
                   set_right ($$, $2);
                 }
+*/
 ;
 
 explicit_implicit :  EXPLICIT  { $$ = CONST_EXPLICIT; }
diff --git a/src/cms-parser.c b/src/cms-parser.c
index e4da08c..9c0f836 100644
--- a/src/cms-parser.c
+++ b/src/cms-parser.c
@@ -823,14 +823,14 @@ _ksba_cms_parse_enveloped_data_part_1 (ksba_cms_t cms)
   gpg_error_t err;
   int env_data_ndef;
   unsigned long env_data_len;
-  int encr_cont_ndef;
-  unsigned long encr_cont_len;
-  int has_content;
+  int encr_cont_ndef = 0;
+  unsigned long encr_cont_len = 0;
+  int has_content = 0;
   unsigned long off, len;
   char *cont_oid = NULL;
   char *algo_oid = NULL;
   char *algo_parm = NULL;
-  size_t algo_parmlen;
+  size_t algo_parmlen = 0;
   struct value_tree_s *vt, **vtend;
 
   /* get the version */
diff --git a/src/crl.c b/src/crl.c
index 87a3fa3..daeb222 100644
--- a/src/crl.c
+++ b/src/crl.c
@@ -47,7 +47,9 @@
 
 static const char oidstr_crlNumber[] = "2.5.29.20";
 static const char oidstr_crlReason[] = "2.5.29.21";
+#if 0
 static const char oidstr_issuingDistributionPoint[] = "2.5.29.28";
+#endif
 static const char oidstr_certificateIssuer[] = "2.5.29.29";
 static const char oidstr_authorityKeyIdentifier[] = "2.5.29.35";
 
diff --git a/src/gen-help.h b/src/gen-help.h
index c0a3776..05641f9 100644
--- a/src/gen-help.h
+++ b/src/gen-help.h
@@ -90,6 +90,8 @@ const char *gpg_strerror (int err);
 
 /* Duplicated type definitions from ksba.h.  */
 typedef struct ksba_asn_tree_s *ksba_asn_tree_t;
-
+int ksba_asn_parse_file (const char *filename, ksba_asn_tree_t *result,
+			 int debug);
+void ksba_asn_tree_dump (ksba_asn_tree_t tree, const char *name, FILE *fp);
 
 #endif /*GEN_HELP_H*/
diff --git a/tests/t-dnparser.c b/tests/t-dnparser.c
index ef4ab5d..f100888 100644
--- a/tests/t-dnparser.c
+++ b/tests/t-dnparser.c
@@ -139,7 +139,7 @@ main (int argc, char **argv)
 
   if (argc == 2 && !strcmp (argv[1], "--to-str") )
     { /* Read the DER encoded DN from stdin write the string to stdout */
-      fread (inputbuf, 1, sizeof inputbuf, stdin);
+      len = fread (inputbuf, 1, sizeof inputbuf, stdin);
       if (!feof (stdin))
         fail ("read error or input too large");
 
@@ -148,7 +148,7 @@ main (int argc, char **argv)
     }
   else if (argc == 2 && !strcmp (argv[1], "--to-der") )
     { /* Read the String from stdin write the DER encoding to stdout */
-      fread (inputbuf, 1, sizeof inputbuf, stdin);
+      len = fread (inputbuf, 1, sizeof inputbuf, stdin);
       if (!feof (stdin))
         fail ("read error or input too large");
 

-----------------------------------------------------------------------

Summary of changes:
 configure.ac       |  2 +-
 src/asn1-parse.y   | 10 +++++++---
 src/cms-parser.c   |  8 ++++----
 src/crl.c          |  2 ++
 src/gen-help.h     |  4 +++-
 tests/t-dnparser.c |  4 ++--
 6 files changed, 19 insertions(+), 11 deletions(-)


hooks/post-receive
-- 
KSBA is a library to access X.509 certificates and CMS data.
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Aug 21 07:34:35 2017
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Mon, 21 Aug 2017 07:34:35 +0200
Subject: [git] GCRYPT - branch, gniibe-T3358,
 created. libgcrypt-1.8.0-13-g9e8f322
Message-ID: <E1djfMB-0004Iv-La@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, gniibe-T3358 has been created
        at  9e8f3224135898ee8c562f5f974becd1b680ec06 (commit)

- Log -----------------------------------------------------------------
commit 9e8f3224135898ee8c562f5f974becd1b680ec06
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Mon Aug 21 14:32:08 2017 +0900

    ecc: Add field specific computation methods.
    
    * src/ec-context.h (struct mpi_ec_ctx_s): Add methods.
    * mpi/ec.c (ec_p_init): Initialize the default methods.
    (montgomery_ladder): Use the methods.
    
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/mpi/ec.c b/mpi/ec.c
index a0f7357..4bb9050 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -438,6 +438,13 @@ ec_p_init (mpi_ec_t ctx, enum gcry_mpi_ec_models model,
   for (i=0; i< DIM(ctx->t.scratch); i++)
     ctx->t.scratch[i] = mpi_alloc_like (ctx->p);
 
+  ctx->mod = ec_mod;
+  ctx->addm = ec_addm;
+  ctx->subm = ec_subm;
+  ctx->mulm = ec_mulm;
+  ctx->pow2 = ec_pow2;
+  ctx->mul2 = ec_mul2;
+
   /* Prepare for fast reduction.  */
   /* FIXME: need a test for NIST values.  However it does not gain us
      any real advantage, for 384 bits it is actually slower than using
@@ -1146,24 +1153,24 @@ montgomery_ladder (mpi_point_t prd, mpi_point_t sum,
                    mpi_point_t p1, mpi_point_t p2, gcry_mpi_t dif_x,
                    mpi_ec_t ctx)
 {
-  ec_addm (sum->x, p2->x, p2->z, ctx);
-  ec_subm (p2->z, p2->x, p2->z, ctx);
-  ec_addm (prd->x, p1->x, p1->z, ctx);
-  ec_subm (p1->z, p1->x, p1->z, ctx);
-  ec_mulm (p2->x, p1->z, sum->x, ctx);
-  ec_mulm (p2->z, prd->x, p2->z, ctx);
-  ec_pow2 (p1->x, prd->x, ctx);
-  ec_pow2 (p1->z, p1->z, ctx);
-  ec_addm (sum->x, p2->x, p2->z, ctx);
-  ec_subm (p2->z, p2->x, p2->z, ctx);
-  ec_mulm (prd->x, p1->x, p1->z, ctx);
-  ec_subm (p1->z, p1->x, p1->z, ctx);
-  ec_pow2 (sum->x, sum->x, ctx);
-  ec_pow2 (sum->z, p2->z, ctx);
-  ec_mulm (prd->z, p1->z, ctx->a, ctx); /* CTX->A: (a-2)/4 */
-  ec_mulm (sum->z, sum->z, dif_x, ctx);
-  ec_addm (prd->z, p1->x, prd->z, ctx);
-  ec_mulm (prd->z, prd->z, p1->z, ctx);
+  ctx->addm (sum->x, p2->x, p2->z, ctx);
+  ctx->subm (p2->z, p2->x, p2->z, ctx);
+  ctx->addm (prd->x, p1->x, p1->z, ctx);
+  ctx->subm (p1->z, p1->x, p1->z, ctx);
+  ctx->mulm (p2->x, p1->z, sum->x, ctx);
+  ctx->mulm (p2->z, prd->x, p2->z, ctx);
+  ctx->pow2 (p1->x, prd->x, ctx);
+  ctx->pow2 (p1->z, p1->z, ctx);
+  ctx->addm (sum->x, p2->x, p2->z, ctx);
+  ctx->subm (p2->z, p2->x, p2->z, ctx);
+  ctx->mulm (prd->x, p1->x, p1->z, ctx);
+  ctx->subm (p1->z, p1->x, p1->z, ctx);
+  ctx->pow2 (sum->x, sum->x, ctx);
+  ctx->pow2 (sum->z, p2->z, ctx);
+  ctx->mulm (prd->z, p1->z, ctx->a, ctx); /* CTX->A: (a-2)/4 */
+  ctx->mulm (sum->z, sum->z, dif_x, ctx);
+  ctx->addm (prd->z, p1->x, prd->z, ctx);
+  ctx->mulm (prd->z, prd->z, p1->z, ctx);
 }
 
 
diff --git a/src/ec-context.h b/src/ec-context.h
index d74fb69..18b26a5 100644
--- a/src/ec-context.h
+++ b/src/ec-context.h
@@ -66,6 +66,14 @@ struct mpi_ec_ctx_s
     /*   gcry_mpi_t s[10]; */
     /*   gcry_mpi_t c; */
   } t;
+
+  /* Curve specific computation routines for the field.  */
+  void (* mod) (gcry_mpi_t w, mpi_ec_t ec);
+  void (* addm) (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx);
+  void (* subm) (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ec);
+  void (* mulm) (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx);
+  void (* pow2) (gcry_mpi_t w, const gcry_mpi_t b, mpi_ec_t ctx);
+  void (* mul2) (gcry_mpi_t w, gcry_mpi_t u, mpi_ec_t ctx);
 };
 
 

-----------------------------------------------------------------------


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Aug 21 11:15:36 2017
From: cvs at cvs.gnupg.org (by Alon Bar-Lev)
Date: Mon, 21 Aug 2017 11:15:36 +0200
Subject: [git] GPGME - branch, master, updated. gpgme-1.9.0-68-g57c1259
Message-ID: <E1djio5-0002yL-1D@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".

The branch, master has been updated
       via  57c12593082e4ad302041269f1c35f2fe7d2fb1a (commit)
       via  70c8be9efe8de40bec0f0673589f3c9be7136674 (commit)
      from  b9b08e46934eea9083afb2eaf4bffa23d6c27801 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 57c12593082e4ad302041269f1c35f2fe7d2fb1a
Author: Alon Bar-Lev <alon.barlev at gmail.com>
Date:   Thu Aug 3 21:41:35 2017 +0300

    python: Support parallel build in tests
    
    * lang/python/tests/Makefile.am: Depend xcheck with all which was lost
    due to the check hack.
    
    Signed-off-by: Alon Bar-Lev <alon.barlev at gmail.com>

diff --git a/lang/python/tests/Makefile.am b/lang/python/tests/Makefile.am
index d0dde1d..beb5a30 100644
--- a/lang/python/tests/Makefile.am
+++ b/lang/python/tests/Makefile.am
@@ -71,7 +71,7 @@ check: xcheck
 
 .PHONY: xcheck
 
-xcheck:
+xcheck:	all
 	$(TESTS_ENVIRONMENT) $(PYTHON) $(srcdir)/run-tests.py \
 	  --interpreters="$(PYTHONS)" --srcdir=$(srcdir) $(TESTFLAGS) \
 	  $(XTESTS)

commit 70c8be9efe8de40bec0f0673589f3c9be7136674
Author: Justus Winter <justus at g10code.com>
Date:   Mon Aug 21 10:54:10 2017 +0200

    python: Improve keylist test.
    
    * lang/python/tests/t-keylist.py: Check a keylist matching no keys.
    
    Signed-off-by: Justus Winter <justus at g10code.com>

diff --git a/lang/python/tests/t-keylist.py b/lang/python/tests/t-keylist.py
index 76c793e..4505d3c 100755
--- a/lang/python/tests/t-keylist.py
+++ b/lang/python/tests/t-keylist.py
@@ -229,6 +229,9 @@ alpha_keys = list(c.op_keylist_all(b"Alpha"))
 assert len(alpha_keys) == 1, "Expected only one key for 'Alpha', got %r" % len(alpha_keys)
 
 
+# Check negative result.
+assert len(list(c.keylist("no such key in sight"))) == 0
+
 
 for i, key in enumerate(c.keylist()):
     try:

-----------------------------------------------------------------------

Summary of changes:
 lang/python/tests/Makefile.am  | 2 +-
 lang/python/tests/t-keylist.py | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
GnuPG Made Easy
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Aug 21 12:06:32 2017
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Mon, 21 Aug 2017 12:06:32 +0200
Subject: [git] GpgOL - branch, master, updated. gpgol-1.4.0-278-g1a7f63c
Message-ID: <E1djjbM-0003Zx-EO@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".

The branch, master has been updated
       via  1a7f63cc4d9089e9f4a36b78b52e62f20a17364a (commit)
       via  6c777017d2171af2a4e8ddbcaacb9e35373eb575 (commit)
       via  0bbee29ac7054b9e570654cc358ad34c6c47db1f (commit)
      from  11f337486e24cb49cb8074d15794ec037b627567 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 1a7f63cc4d9089e9f4a36b78b52e62f20a17364a
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Mon Aug 21 12:05:58 2017 +0200

    Improve formatting if VS-NFD is active
    
    * src/mail.cpp (Mail::get_crypto_details): Add a linefeed.

diff --git a/src/mail.cpp b/src/mail.cpp
index a4c21e5..e819434 100644
--- a/src/mail.cpp
+++ b/src/mail.cpp
@@ -1991,6 +1991,10 @@ Mail::get_crypto_details()
              }
            message += "\n\n";
          }
+       else
+         {
+           message += "\n";
+         }
      }
    if (hasConflict)
     {

commit 6c777017d2171af2a4e8ddbcaacb9e35373eb575
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Mon Aug 21 12:05:24 2017 +0200

    Fix message for unsigned mails
    
    * src/mail.cpp (Mail::get_crypto_details): Return earlier.

diff --git a/src/mail.cpp b/src/mail.cpp
index 2dc0389..a4c21e5 100644
--- a/src/mail.cpp
+++ b/src/mail.cpp
@@ -1769,9 +1769,10 @@ Mail::get_crypto_details()
              message += _("The encryption was not VS-NfD-compliant.");
            }
         }
-      message += "\n";
+      message += "\n\n";
       message += _("You cannot be sure who sent the message because "
                    "it is not signed.");
+      return message;
     }
 
   bool keyFound = true;

commit 0bbee29ac7054b9e570654cc358ad34c6c47db1f
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Mon Aug 21 12:04:22 2017 +0200

    Handle Symmetric encryption
    
    * src/mail.cpp (Mail::parsing_done, Mail::update_categories)
    (Mail::is_encrypted): Use decryptResult.isNull instead of numRecp.
    
    --
    For symmetric encryption we have no recipients.

diff --git a/src/mail.cpp b/src/mail.cpp
index 77d5f29..2dc0389 100644
--- a/src/mail.cpp
+++ b/src/mail.cpp
@@ -847,7 +847,7 @@ Mail::parsing_done()
   m_verify_result = m_parser->verify_result ();
 
   m_crypto_flags = 0;
-  if (m_decrypt_result.numRecipients())
+  if (!m_decrypt_result.isNull())
     {
       m_crypto_flags |= 1;
     }
@@ -1507,10 +1507,8 @@ Mail::update_categories ()
       remove_category (m_mailitem, verifyCategory);
     }
 
-  if (m_decrypt_result.numRecipients())
+  if (!m_decrypt_result.isNull())
     {
-      /* We use the number of recipients as we don't care
-         if decryption was successful or not for this category */
       add_category (m_mailitem, decCategory);
     }
   else
@@ -1534,7 +1532,7 @@ Mail::is_signed() const
 bool
 Mail::is_encrypted() const
 {
-  return m_decrypt_result.numRecipients() > 0;
+  return !m_decrypt_result.isNull();
 }
 
 int

-----------------------------------------------------------------------

Summary of changes:
 src/mail.cpp | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)


hooks/post-receive
-- 
GnuPG extension for MS Outlook
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Aug 21 13:22:56 2017
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Mon, 21 Aug 2017 13:22:56 +0200
Subject: [git] GpgOL - branch, master, updated. gpgol-1.4.0-281-g4a702e6
Message-ID: <E1djknI-00019a-9h@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".

The branch, master has been updated
       via  4a702e68616dd6f07f309dd721db4154f3333f9c (commit)
       via  790d4251054dadbe6c9d1578399386273cdf847d (commit)
       via  1a77fc1ccab8a93b654e5adea005727cb4518a8d (commit)
      from  1a7f63cc4d9089e9f4a36b78b52e62f20a17364a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 4a702e68616dd6f07f309dd721db4154f3333f9c
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Mon Aug 21 13:21:15 2017 +0200

    Be more relaxed if something is before PGP Marker
    
    * src/mapihelp.cpp (get_msgcls_from_pgp_lines): Remove abort
    statement for text before message.
    
    --
    This might cause problems in case somone does something
    like:
    
    Hey here is your password encrypted:
    -----BEGIN PGP MESSAGE-----
    
    But meh. It's more robutst this way in case we have an
    MTA that modifies the body.

diff --git a/src/mapihelp.cpp b/src/mapihelp.cpp
index b4c025f..5c29b6c 100644
--- a/src/mapihelp.cpp
+++ b/src/mapihelp.cpp
@@ -703,11 +703,16 @@ get_msgcls_from_pgp_lines (LPMESSAGE message)
             msgcls = xstrdup ("IPM.Note.GpgOL.PGPMessage");
           break;
         }
+
+#if 0
+      This might be too strict for some broken implementations. Lets
+      look anywhere in the first 1k.
       else if (!trailing_ws_p (p))
         break;  /* Text before the PGP message - don't take this as a
                    proper message.  */
+#endif
     }
-  
+
 
   xfree (body);
   return msgcls;

commit 790d4251054dadbe6c9d1578399386273cdf847d
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Mon Aug 21 13:20:05 2017 +0200

    Accept more inline PGP Messages
    
    * src/mapihelp.cpp (change_message_class_ipm_note): Accept
    html only and multipart/related to check for pgp lines.

diff --git a/src/mapihelp.cpp b/src/mapihelp.cpp
index 908c9c6..b4c025f 100644
--- a/src/mapihelp.cpp
+++ b/src/mapihelp.cpp
@@ -981,7 +981,9 @@ change_message_class_ipm_note (LPMESSAGE message)
     }
   else if (!ct || !strcmp (ct, "text/plain") ||
            !strcmp (ct, "multipart/mixed") ||
-           !strcmp (ct, "multipart/alternative"))
+           !strcmp (ct, "multipart/alternative") ||
+           !strcmp (ct, "multipart/related") ||
+           !strcmp (ct, "text/html"))
     {
       /* It is quite common to have a multipart/mixed or alternative
          mail with separate encrypted PGP parts.  Look at the body to

commit 1a77fc1ccab8a93b654e5adea005727cb4518a8d
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Mon Aug 21 13:04:55 2017 +0200

    Add hack to replace doubled linefeeds
    
    * src/mail.cpp (Mail::update_body): Replace doubled linefeeds before
    a newline.
    (find_and_replace): New helper.

diff --git a/src/mail.cpp b/src/mail.cpp
index e819434..1f65f44 100644
--- a/src/mail.cpp
+++ b/src/mail.cpp
@@ -760,6 +760,16 @@ Mail::decrypt_verify()
   return 0;
 }
 
+void find_and_replace(std::string& source, const std::string &find,
+                      const std::string &replace)
+{
+  for(std::string::size_type i = 0; (i = source.find(find, i)) != std::string::npos;)
+    {
+      source.replace(i, find.length(), replace);
+      i += replace.length();
+    }
+}
+
 void
 Mail::update_body()
 {
@@ -786,7 +796,10 @@ Mail::update_body()
         }
       return;
     }
-  const auto html = m_parser->get_html_body();
+  auto html = m_parser->get_html_body ();
+  /** Outlook does not show newlines if \r\r\n is a newline. We replace
+    these as apparently some other buggy MUA sends this. */
+  find_and_replace (html, "\r\r\n", "\r\n");
   if (opt.prefer_html && !html.empty())
     {
       char *converted = ansi_charset_to_utf8 (m_parser->get_html_charset().c_str(),
@@ -800,7 +813,8 @@ Mail::update_body()
         }
       return;
     }
-  const auto body = m_parser->get_body();
+  auto body = m_parser->get_body ();
+  find_and_replace (body, "\r\r\n", "\r\n");
   char *converted = ansi_charset_to_utf8 (m_parser->get_body_charset().c_str(),
                                           body.c_str(), body.size());
   int ret = put_oom_string (m_mailitem, "Body", converted ? converted : "");

-----------------------------------------------------------------------

Summary of changes:
 src/mail.cpp     | 18 ++++++++++++++++--
 src/mapihelp.cpp | 11 +++++++++--
 2 files changed, 25 insertions(+), 4 deletions(-)


hooks/post-receive
-- 
GnuPG extension for MS Outlook
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Aug 21 13:32:19 2017
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Mon, 21 Aug 2017 13:32:19 +0200
Subject: [git] GpgOL - branch, master, updated. gpgol-1.4.0-282-g92672a4
Message-ID: <E1djkwN-0003Vp-Aj@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".

The branch, master has been updated
       via  92672a4b10b1ebe7188caefc78bc6025bee8114d (commit)
      from  4a702e68616dd6f07f309dd721db4154f3333f9c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 92672a4b10b1ebe7188caefc78bc6025bee8114d
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Mon Aug 21 13:31:50 2017 +0200

    Fix encoding error for unsigned / unencrypted
    
    * src/ribbon-callbacks.cpp (get_sig_stip): Use utf8-gettext.

diff --git a/src/ribbon-callbacks.cpp b/src/ribbon-callbacks.cpp
index 68b5134..4e69d8e 100644
--- a/src/ribbon-callbacks.cpp
+++ b/src/ribbon-callbacks.cpp
@@ -1613,7 +1613,7 @@ HRESULT get_sig_stip (LPDISPATCH ctrl, VARIANT *result)
   if (!mail || (!mail->is_signed () && !mail->is_encrypted ()))
     {
       wchar_t *w_result;
-      w_result = utf8_to_wchar (_("You cannot be sure who sent, "
+      w_result = utf8_to_wchar (utf8_gettext ("You cannot be sure who sent, "
                                   "modified and read the message in transit.\n\n"
                                   "Click here to learn more."));
       result->bstrVal = SysAllocString (w_result);

-----------------------------------------------------------------------

Summary of changes:
 src/ribbon-callbacks.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


hooks/post-receive
-- 
GnuPG extension for MS Outlook
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Aug 21 14:57:32 2017
From: cvs at cvs.gnupg.org (by Justus Winter)
Date: Mon, 21 Aug 2017 14:57:32 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.23-6-g6e596b2
Message-ID: <E1djmGr-0002AG-Q5@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  6e596b2a745ae7a75a69038cf00ab4bbae1cebaa (commit)
      from  e6f84116abca2ed49bf14b2e28c3c811a3717227 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 6e596b2a745ae7a75a69038cf00ab4bbae1cebaa
Author: Justus Winter <justus at g10code.com>
Date:   Mon Aug 21 14:49:29 2017 +0200

    gpgscm: Fix -Wimplicit-fallthrough warnings.
    
    * tests/gpgscm/scheme.c (CASE): Rearrange so that the case statement
    is at the front.
    (Eval_Cycle): Improve fallthrough annotations.
    
    Signed-off-by: Justus Winter <justus at g10code.com>

diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c
index f5e52fc..4384841 100644
--- a/tests/gpgscm/scheme.c
+++ b/tests/gpgscm/scheme.c
@@ -2990,7 +2990,7 @@ _Error_1(scheme *sc, const char *s, pointer a) {
 /* Define a label OP and emit a case statement for OP.  For use in the
  * dispatch function.  The slightly peculiar goto that is never
  * executed avoids warnings about unused labels.  */
-#define CASE(OP)	if (0) goto OP; OP: case OP
+#define CASE(OP)	case OP: if (0) goto OP; OP
 
 #else	/* USE_THREADED_CODE */
 #define s_thread_to(sc, a)	s_goto(sc, a)
@@ -3727,7 +3727,7 @@ Eval_Cycle(scheme *sc, enum scheme_opcodes op) {
                     s_thread_to(sc,OP_APPLY);
                }
           }
-
+	  /* Fallthrough. */
 #else
      CASE(OP_LAMBDA):     /* lambda */
 	  sc->value = sc->code;
@@ -4655,9 +4655,13 @@ Eval_Cycle(scheme *sc, enum scheme_opcodes op) {
      CASE(OP_NULLP):       /* null? */
           s_retbool(car(sc->args) == sc->NIL);
      CASE(OP_NUMEQ):      /* = */
+	  /* Fallthrough.  */
      CASE(OP_LESS):       /* < */
+	  /* Fallthrough.  */
      CASE(OP_GRE):        /* > */
+	  /* Fallthrough.  */
      CASE(OP_LEQ):        /* <= */
+	  /* Fallthrough.  */
      CASE(OP_GEQ):        /* >= */
           switch(op) {
                case OP_NUMEQ: comp_func=num_eq; break;
@@ -4746,7 +4750,9 @@ Eval_Cycle(scheme *sc, enum scheme_opcodes op) {
           s_return(sc,sc->value);
 
      CASE(OP_WRITE):      /* write */
+	  /* Fallthrough.  */
      CASE(OP_DISPLAY):    /* display */
+	  /* Fallthrough.  */
      CASE(OP_WRITE_CHAR): /* write-char */
           if(is_pair(cdr(sc->args))) {
                if(cadr(sc->args)!=sc->outport) {
@@ -4894,7 +4900,9 @@ Eval_Cycle(scheme *sc, enum scheme_opcodes op) {
           s_return(sc,sc->outport);
 
      CASE(OP_OPEN_INFILE): /* open-input-file */
+	  /* Fallthrough.  */
      CASE(OP_OPEN_OUTFILE): /* open-output-file */
+	  /* Fallthrough.  */
      CASE(OP_OPEN_INOUTFILE): /* open-input-output-file */ {
           int prop=0;
           pointer p;
@@ -4914,6 +4922,7 @@ Eval_Cycle(scheme *sc, enum scheme_opcodes op) {
 
 #if USE_STRING_PORTS
      CASE(OP_OPEN_INSTRING): /* open-input-string */
+	  /* Fallthrough.  */
      CASE(OP_OPEN_INOUTSTRING): /* open-input-output-string */ {
           int prop=0;
           pointer p;
@@ -4994,6 +5003,7 @@ Eval_Cycle(scheme *sc, enum scheme_opcodes op) {
           s_thread_to(sc,OP_READ_INTERNAL);
 
      CASE(OP_READ_CHAR): /* read-char */
+	  /* Fallthrough.  */
      CASE(OP_PEEK_CHAR): /* peek-char */ {
           int c;
           if(is_pair(sc->args)) {

-----------------------------------------------------------------------

Summary of changes:
 tests/gpgscm/scheme.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Aug 21 17:13:37 2017
From: cvs at cvs.gnupg.org (by Damien Goutte-Gattat)
Date: Mon, 21 Aug 2017 17:13:37 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.23-9-gc23a699
Message-ID: <E1djoOZ-0002H3-6a@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  c23a69970ba38edae9d3b2603825d18fbb732423 (commit)
       via  cbe54b28bf3610204e12c50c0606df37337a1156 (commit)
       via  0161225457e0609509d0d5f4b80a60a1071b4b48 (commit)
      from  6e596b2a745ae7a75a69038cf00ab4bbae1cebaa (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit c23a69970ba38edae9d3b2603825d18fbb732423
Author: Damien Goutte-Gattat <dgouttegattat at incenp.org>
Date:   Wed Jul 19 22:17:29 2017 +0200

    tests: Add tests for the PGP trust model.
    
    * tests/openpgp/trust-pgp-1.scm: New file.
    * tests/openpgp/trust-pgp-2.scm: New file.
    * tests/openpgp/trust-pgp-3.scm: New file.
    * tests/openpgp/trust-pgp-4.scm: New file.
    * tests/openpgp/trust-pgp/common.scm: New file.
    * tests/openpgp/trust-pgp/scenario1.asc: New file.
    * tests/openpgp/trust-pgp/scenario2.asc: New file.
    * tests/openpgp/trust-pgp/scenario3.asc: New file.
    * tests/openpgp/trust-pgp/scenario4.asc: New file.
    * tests/openpgp/trust-pgp/alice.sec.asc: New file.
    * tests/openpgp/trust-pgp/bobby.sec.asc: New file.
    * tests/openpgp/trust-pgp/carol.sec.asc: New file.
    * tests/openpgp/trust-pgp/david.sec.asc: New file.
    * tests/openpgp/trust-pgp/frank.sec.asc: New file.
    * tests/openpgp/trust-pgp/grace.sec.asc: New file.
    * tests/openpgp/trust-pgp/heidi.sec.asc: New file.
    * tests/openpgp/Makefile.am (XTESTS): Add new tests.
    (TEST_FILES): Add new files.
    (EXTRA_DIST): Add new common file.
    
    Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>

diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am
index 506bce5..c87dd0a 100644
--- a/tests/openpgp/Makefile.am
+++ b/tests/openpgp/Makefile.am
@@ -82,6 +82,10 @@ XTESTS = \
 	ecc.scm \
 	4gb-packet.scm \
 	tofu.scm \
+	trust-pgp-1.scm \
+	trust-pgp-2.scm \
+	trust-pgp-3.scm \
+	trust-pgp-4.scm! \
 	gpgtar.scm \
 	use-exact-key.scm \
 	default-key.scm \
@@ -158,7 +162,18 @@ TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \
 	     key-selection/1.asc \
 	     key-selection/2.asc \
 	     key-selection/3.asc \
-	     key-selection/4.asc
+	     key-selection/4.asc \
+	     trust-pgp/scenario1.asc \
+	     trust-pgp/scenario2.asc \
+	     trust-pgp/scenario3.asc \
+	     trust-pgp/scenario4.asc \
+	     trust-pgp/alice.sec.asc \
+	     trust-pgp/bobby.sec.asc \
+	     trust-pgp/carol.sec.asc \
+	     trust-pgp/david.sec.asc \
+	     trust-pgp/frank.sec.asc \
+	     trust-pgp/grace.sec.asc \
+	     trust-pgp/heidi.sec.asc
 
 data_files = data-500 data-9000 data-32000 data-80000 plain-large
 
@@ -248,7 +263,7 @@ sample_msgs = samplemsgs/clearsig-1-key-1.asc \
 	      samplemsgs/signed-2-keys-1.asc \
 	      samplemsgs/signed-2-keys-2.asc
 
-EXTRA_DIST = defs.scm $(XTESTS) $(TEST_FILES) \
+EXTRA_DIST = defs.scm trust-pgp/common.scm $(XTESTS) $(TEST_FILES) \
 	     mkdemodirs signdemokey $(priv_keys) $(sample_keys)   \
 	     $(sample_msgs) ChangeLog-2011 run-tests.scm \
 	     setup.scm shell.scm all-tests.scm signed-messages.scm
diff --git a/tests/openpgp/trust-pgp-1.scm b/tests/openpgp/trust-pgp-1.scm
new file mode 100755
index 0000000..235cb55
--- /dev/null
+++ b/tests/openpgp/trust-pgp-1.scm
@@ -0,0 +1,76 @@
+#!/usr/bin/env gpgscm
+
+;; Copyright (C) 2017 Damien Goutte-Gattat
+;;
+;; This file is part of GnuPG.
+;;
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+(load (in-srcdir "tests" "openpgp" "trust-pgp" "common.scm"))
+
+(display "Checking basic WoT (classic trust model)...\n")
+
+(initscenario "scenario1")
+
+;; Check initial state.
+(checktrust BOBBY "f")	;; Directly signed by Alice's key.
+(checktrust CAROL "q")	;; Signed by Bobby, whose key has
+			;; no explicit ownertrust.
+(checktrust DAVID "q")	;; Likewise.
+(checktrust FRANK "q")	;; Likewise.
+(checktrust GRACE "-")	;; Signed by the previous three keys;
+			;; not evaluated since they are not valid.
+
+;; Let's trust Bobby.
+;; This should make Carol's, David's, and Frank's keys valid.
+(setownertrust BOBBY FULLTRUST)
+(updatetrustdb)
+(checktrust CAROL "f")
+(checktrust DAVID "f")
+(checktrust FRANK "f")
+(checktrust GRACE "q")	;; Now evaluated, but validity still unknown.
+
+;; Let's trust (marginally) Carol and David.
+;; This should not be enough to make Grace's key fully valid
+;; since marginals-needed defaults to 3.
+(setownertrust CAROL MARGINALTRUST)
+(setownertrust DAVID MARGINALTRUST)
+(updatetrustdb)
+(checktrust GRACE "m")
+
+;; Add marginal ownertrust to Frank's key.
+;; This should make Grace's key fully valid.
+(setownertrust FRANK MARGINALTRUST)
+(updatetrustdb)
+(checktrust GRACE "f")
+
+;; Now let's play with the length of certification chains.
+;; Setting max-cert-length to 2 should put Grace's key
+;; one step too far from Alice's key.
+(let ((max-cert-depth (gpg-config 'gpg "max-cert-depth")))
+  (max-cert-depth::update 2))
+(updatetrustdb)
+(checktrust GRACE "-")
+
+;; Raise the bar for assigning full validity.
+;; Bobby's key should be the only one retaining full validity.
+(let ((completes-needed (gpg-config 'gpg "completes-needed")))
+  (completes-needed::update 2))
+(updatetrustdb)
+(checktrust BOBBY "f")
+(checktrust CAROL "m")
+(checktrust DAVID "m")
+(checktrust FRANK "m")
+(checktrust GRACE "-")
diff --git a/tests/openpgp/trust-pgp-2.scm b/tests/openpgp/trust-pgp-2.scm
new file mode 100755
index 0000000..a56d0a9
--- /dev/null
+++ b/tests/openpgp/trust-pgp-2.scm
@@ -0,0 +1,39 @@
+#!/usr/bin/env gpgscm
+
+;; Copyright (C) 2017 Damien Goutte-Gattat
+;;
+;; This file is part of GnuPG.
+;;
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+(load (in-srcdir "tests" "openpgp" "trust-pgp" "common.scm"))
+
+(display "Checking WoT with trust signatures (PGP trust model)...\n")
+
+(initscenario "scenario2")
+
+(checktrust BOBBY "f")	;; Tsigned by Alice with trust=120.
+(checktrust CAROL "f")	;; Signed by Bobby, whose key should have full
+			;; ownertrust due to the tsig.
+(checktrust DAVID "f")	;; Signed by Alice.
+(checktrust FRANK "q")	;; Tsigned by David, whose key has no ownertrust.
+(checktrust GRACE "-")	;; Signed by Frank.
+
+(setownertrust DAVID FULLTRUST)
+(updatetrustdb)
+(checktrust FRANK "f")	;; David's key has now full ownertrust.
+(checktrust GRACE "q")	;; David is not authorized to emit tsigs,
+			;; so his tsig on Frank's key should be treated
+			;; like a normal sig (confering no ownertrust).
diff --git a/tests/openpgp/trust-pgp-3.scm b/tests/openpgp/trust-pgp-3.scm
new file mode 100755
index 0000000..33832db
--- /dev/null
+++ b/tests/openpgp/trust-pgp-3.scm
@@ -0,0 +1,31 @@
+#!/usr/bin/env gpgscm
+
+;; Copyright (C) 2017 Damien Goutte-Gattat
+;;
+;; This file is part of GnuPG.
+;;
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+(load (in-srcdir "tests" "openpgp" "trust-pgp" "common.scm"))
+
+(display "Checking max depth of trust signature chains...\n")
+
+(initscenario "scenario3")
+
+(checktrust BOBBY "f")	;; Tsigned by Alice (level=2, trust=120).
+(checktrust CAROL "f")	;; Tsigned by Bobby (level=2, trust=120).
+(checktrust DAVID "f")	;; Tsigned by Carol (level=2, trust=120).
+(checktrust FRANK "q")	;; The tsig from Carol does not confer
+			;; ownertrust to David's key (too deep).
diff --git a/tests/openpgp/trust-pgp-4.scm b/tests/openpgp/trust-pgp-4.scm
new file mode 100755
index 0000000..17746a5
--- /dev/null
+++ b/tests/openpgp/trust-pgp-4.scm
@@ -0,0 +1,37 @@
+#!/usr/bin/env gpgscm
+
+;; Copyright (C) 2017 Damien Goutte-Gattat
+;;
+;; This file is part of GnuPG.
+;;
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+(load (in-srcdir "tests" "openpgp" "trust-pgp" "common.scm"))
+
+(display "Checking trust signature with domain restrictions...\n")
+
+(initscenario "scenario4")
+
+(checktrust BOBBY "f")	;; Tsigned by Alice, allowed to sign for example.com.
+(checktrust CAROL "-")	;; Signed by Bobby, but the signature should be
+			;; ignored since Carol has an address in example.net.
+
+(checktrust DAVID "f")	;; Tsigned by Alice, allowed to sign for example.net.
+(checktrust FRANK "-")	;; Tsignature from David should be ignored because
+			;; Frank has an address in example.com.
+
+(checktrust HEIDI "f")	;; Tsigned by David, should be valid since Heidi
+			;; has an address in example.org.
+(checktrust GRACE "f")	;; Signed by Heidi.
diff --git a/tests/openpgp/trust-pgp/alice.sec.asc b/tests/openpgp/trust-pgp/alice.sec.asc
new file mode 100644
index 0000000..1cdde46
--- /dev/null
+++ b/tests/openpgp/trust-pgp/alice.sec.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lHcEWW2+WxMIKoZIzj0DAQcCAwQnUnqiwvOPU7gGepFTew8Fk5kmVexr+PvaqXgv
+9wKxNzZrs4GvamULk9pl2euwJGKPBRJRz8RSNpW6HIIzAPoOAAEAgOZk+WDjrmum
+0OygJdb6qJp27qsyXvMVZ8AGlsdYtUgS37QZQWxpY2UgPGFsaWNlQGV4YW1wbGUu
+b3JnPoiQBBMTCAA4FiEE/Zsg3TyYEj7ur4zFG6QVONLmVrUFAlltvlsCGwMFCwkI
+BwIGFQgJCgsCBBYCAwECHgECF4AACgkQG6QVONLmVrU7PAEAvOqeIRMiJ8Ne0tz+
+K1aRz/np/umCQxO8ddm9mnr4M7EA/1z4YdD06wJXp4RXUI0G2QOHTY+QXMShCFrp
+ySArWQqN
+=3+Iz
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/openpgp/trust-pgp/bobby.sec.asc b/tests/openpgp/trust-pgp/bobby.sec.asc
new file mode 100644
index 0000000..2164b5d
--- /dev/null
+++ b/tests/openpgp/trust-pgp/bobby.sec.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lHcEWW3WihMIKoZIzj0DAQcCAwTtUYI84wfNPCwa/r2ke7tXz0uv/En9LQZbW0QE
+nzHigEvMXLfyjfjCf5tQ2eVbKLbABxtKwDtC2bv8dMcmgqd/AAEA6EzyQYtLOL9v
+4SErBRic7MmQfxFbEJIQSu2vtbWos/0QFLQZQm9iYnkgPGJvYmJ5QGV4YW1wbGUu
+Y29tPoiQBBMTCAA4FiEETT9Z9NgDD9LYRK/rpbrD7RJcyuUFAllt1ooCGwMFCwkI
+BwIGFQgJCgsCBBYCAwECHgECF4AACgkQpbrD7RJcyuWUjgEA9UreuOxgDzhSCGAQ
+5GtxBiXkmp/IuH/rvNI8qZaVnoIBAPs/VUgy3eySjF6g9wf/UzvqwUdtoaYvkyC2
+a25O7Lxc
+=76RO
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/openpgp/trust-pgp/carol.sec.asc b/tests/openpgp/trust-pgp/carol.sec.asc
new file mode 100644
index 0000000..d366f3f
--- /dev/null
+++ b/tests/openpgp/trust-pgp/carol.sec.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lHcEWW3WrxMIKoZIzj0DAQcCAwS4HzEJ0YwXZ1SWciHOmWdfnESTvwC3Zb/sWRu8
+zdIeZzxAwu8lYQaDq/eOgKeXQVW5gxkQG5rCWUazbG+gCBEIAAEA2QzHlkxFJkTg
+QvZuimqU0AySYsleRUaO9B9UARiUbOYOwrQZQ2Fyb2wgPGNhcm9sQGV4YW1wbGUu
+bmV0PoiQBBMTCAA4FiEEbGJzXkVMzdefpspgEHkROuwSgv0FAllt1q8CGwMFCwkI
+BwIGFQgJCgsCBBYCAwECHgECF4AACgkQEHkROuwSgv3MygD+KdusoDvz7WZbsjjB
+WI/HLhWfWfXsoAR9mN/5rZ94HDgA/1VqbvUcM+vPU62g7/0qoGqWCda3SURB6263
+Kirbk6hY
+=wkQ4
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/openpgp/trust-pgp/common.scm b/tests/openpgp/trust-pgp/common.scm
new file mode 100644
index 0000000..2a545e8
--- /dev/null
+++ b/tests/openpgp/trust-pgp/common.scm
@@ -0,0 +1,66 @@
+#!/usr/bin/env gpgscm
+
+;; Copyright (C) 2017 Damien Goutte-Gattat
+;;
+;; This file is part of GnuPG.
+;;
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+(load (in-srcdir "tests" "openpgp" "defs.scm"))
+
+;; Redefine GPG without --always-trust.
+(define GPG `(,(tool 'gpg)))
+
+;; Helper constants for setownertrust.
+(define MARGINALTRUST "4")
+(define FULLTRUST "5")
+(define ULTIMATETRUST "6")
+
+;; Assign OWNERTRUST to the key identified by the provided
+;; fingerprint KEYFPR.
+(define (setownertrust keyfpr ownertrust)
+  (pipe:do
+    (pipe:echo (string-append keyfpr ":" ownertrust ":\n"))
+    (pipe:gpg `(--import-ownertrust))))
+
+;; Force a trustdb update.
+(define (updatetrustdb)
+  (call-check `(, at GPG --check-trustdb --yes)))
+
+;; IDs of all the keys involved in those tests.
+(define ALICE "FD9B20DD3C98123EEEAF8CC51BA41538D2E656B5")
+(define BOBBY "4D3F59F4D8030FD2D844AFEBA5BAC3ED125CCAE5")
+(define CAROL "6C62735E454CCDD79FA6CA601079113AEC1282FD")
+(define DAVID "A0607635198CABA2C467FAA64CE5BB42E3984000")
+(define FRANK "CE1A0E07CF8A20CBF8DC47D6DB9017DBAE6CD0EF")
+(define GRACE "B935F4B8DA009AFBCCDD41386653A183007F8345")
+(define HEIDI "0389C0B7990E10520B334F23756F1571EDA9184B")
+
+;; Initialize a given scenario.
+;; NAME should be the basename of the scenario file
+;; in this directory.
+(define (initscenario name)
+  (setup-environment)
+  ;; Make sure we are using the PGP trust model. This may no
+  ;; be the default model in the future.
+  (let ((trust-model (gpg-config 'gpg "trust-model")))
+    (trust-model::update "pgp"))
+  ;; Load the scenario's public keys.
+  (call-check `(, at GPG --import
+		      ,(in-srcdir "tests" "openpgp" "trust-pgp"
+				  (string-append name ".asc"))))
+  ;; Use Alice's key as root for all trust evaluations.
+  (setownertrust ALICE ULTIMATETRUST)
+  (updatetrustdb))
diff --git a/tests/openpgp/trust-pgp/david.sec.asc b/tests/openpgp/trust-pgp/david.sec.asc
new file mode 100644
index 0000000..06c4e83
--- /dev/null
+++ b/tests/openpgp/trust-pgp/david.sec.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lHcEWW3WzRMIKoZIzj0DAQcCAwQrTeILyHVpkkDsAyAlY7wz0PYjG48ShCYeTX2z
+5f2bLxZGeepQeMiOXznPvCwRNMNpr63048+LGqu34Q9di5tvAAD9HITG0iG5SzeW
+cGMfhzGuXEn2P+9arb0OttTUcj+eGBIP8bQZRGF2aWQgPGRhdmlkQGV4YW1wbGUu
+b3JnPoiQBBMTCAA4FiEEoGB2NRmMq6LEZ/qmTOW7QuOYQAAFAllt1s0CGwMFCwkI
+BwIGFQgJCgsCBBYCAwECHgECF4AACgkQTOW7QuOYQAAJtAD+JxiDZttAb51FjB5o
+J1BksmzIrgL6ouorbLLRjVyk7rkA/0JqyLhh1K3vn4rYDbuKtvQAcfQbCndzwF9X
+uGQ/7gbS
+=EC4L
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/openpgp/trust-pgp/frank.sec.asc b/tests/openpgp/trust-pgp/frank.sec.asc
new file mode 100644
index 0000000..50235de
--- /dev/null
+++ b/tests/openpgp/trust-pgp/frank.sec.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lHcEWW3W3RMIKoZIzj0DAQcCAwQs0QS2PEUXhpmsPlaTFOsXd8AoYqpa6xcc0+AE
+Mck1EzlqRlxeibvYeh/+yxjl18Ouww/BERB+PcoABXp00zXzAAD+Oybk8/6x5nc8
+ZNHkRIbfHW8oKh7jxbpob9X7QIfBpf8TcbQZRnJhbmsgPGZyYW5rQGV4YW1wbGUu
+Y29tPoiQBBMTCAA4FiEEzhoOB8+KIMv43EfW25AX265s0O8FAllt1t0CGwMFCwkI
+BwIGFQgJCgsCBBYCAwECHgECF4AACgkQ25AX265s0O+nDQD/RplCmAPQgMejhs2/
+YmOqWrekyd4IWNj9zyI2n228WXYBAJ1/Wf1vBviOEqzs7t+C0iBExxJXViPlG0nN
+Z9aoiX1G
+=vnHF
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/openpgp/trust-pgp/grace.sec.asc b/tests/openpgp/trust-pgp/grace.sec.asc
new file mode 100644
index 0000000..23ebd71
--- /dev/null
+++ b/tests/openpgp/trust-pgp/grace.sec.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lHcEWW3W8RMIKoZIzj0DAQcCAwRTGb7wRrdPa+mXxUNJoYgWbKfMDQH9M1H366PQ
+ga8L32TYccFzyCD8DuRYOQxzhnCtSHtdzK4QAwwGLaJV6GRjAAEAzBLT+dB5ga7S
+Lh7PepOB9yObDHrHAvXGXg9AUvEm3ZkQ6bQZR3JhY2UgPGdyYWNlQGV4YW1wbGUu
+bmV0PoiQBBMTCAA4FiEEuTX0uNoAmvvM3UE4ZlOhgwB/g0UFAllt1vECGwMFCwkI
+BwIGFQgJCgsCBBYCAwECHgECF4AACgkQZlOhgwB/g0W2AAD+KmW2DQALWTnsVnL/
+QKdJ1J8DsaR1l+y2h7FUYuFttQsBALZYs2vUwOVBnAYyqbHogqgbPSxKRXeAxNqo
+epx6csv+
+=05c1
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/openpgp/trust-pgp/heidi.sec.asc b/tests/openpgp/trust-pgp/heidi.sec.asc
new file mode 100644
index 0000000..f650d1a
--- /dev/null
+++ b/tests/openpgp/trust-pgp/heidi.sec.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lHcEWW3XBxMIKoZIzj0DAQcCAwSINFpTZUYnxDDj3k16ljZIt58rh3cuUNIvUcqR
+zR9kdlmudQTaf1zUsW6F3r+t91t88kaA2Fcci3wkU0CAob0WAAD/eTlMM3JTEF6K
+yh8gxk1+mXRVUAmcGwr+1PzC3nzJAkgPALQZSGVpZGkgPGhlaWRpQGV4YW1wbGUu
+b3JnPoiQBBMTCAA4FiEEA4nAt5kOEFILM08jdW8Vce2pGEsFAllt1wcCGwMFCwkI
+BwIGFQgJCgsCBBYCAwECHgECF4AACgkQdW8Vce2pGEtwXAD/SVyIRiGnYPkqBVqG
+fI2MlTgN8+uirur2JdkcPoylCEMA/j3OeLRRT1docnEnvST1srmlXxZTbNUclnAl
+a2OZd7ME
+=1goe
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/openpgp/trust-pgp/scenario1.asc b/tests/openpgp/trust-pgp/scenario1.asc
new file mode 100644
index 0000000..82fee76
--- /dev/null
+++ b/tests/openpgp/trust-pgp/scenario1.asc
@@ -0,0 +1,75 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW2+WxMIKoZIzj0DAQcCAwQnUnqiwvOPU7gGepFTew8Fk5kmVexr+PvaqXgv
+9wKxNzZrs4GvamULk9pl2euwJGKPBRJRz8RSNpW6HIIzAPoOtBlBbGljZSA8YWxp
+Y2VAZXhhbXBsZS5vcmc+iJAEExMIADgWIQT9myDdPJgSPu6vjMUbpBU40uZWtQUC
+WW2+WwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAbpBU40uZWtTs8AQC8
+6p4hEyInw17S3P4rVpHP+en+6YJDE7x12b2aevgzsQD/XPhh0PTrAlenhFdQjQbZ
+A4dNj5BcxKEIWunJICtZCo0=
+=rf4w
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WihMIKoZIzj0DAQcCAwTtUYI84wfNPCwa/r2ke7tXz0uv/En9LQZbW0QE
+nzHigEvMXLfyjfjCf5tQ2eVbKLbABxtKwDtC2bv8dMcmgqd/tBlCb2JieSA8Ym9i
+YnlAZXhhbXBsZS5jb20+iJAEExMIADgWIQRNP1n02AMP0thEr+ulusPtElzK5QUC
+WW3WigIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRClusPtElzK5ZSOAQD1
+St647GAPOFIIYBDka3EGJeSan8i4f+u80jyplpWeggEA+z9VSDLd7JKMXqD3B/9T
+O+rBR22hpi+TILZrbk7svFyIdQQQEwgAHRYhBP2bIN08mBI+7q+MxRukFTjS5la1
+BQJZbhAyAAoJEBukFTjS5la10+gA/2wr/lG67+xA1n3+2tQkIf1254lnwr8NXhwg
+w4UAAbajAP9hOXzltmmHV4BaBm35GEv/A2iAABV6lzgvApmM9c445A==
+=i2Va
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WrxMIKoZIzj0DAQcCAwS4HzEJ0YwXZ1SWciHOmWdfnESTvwC3Zb/sWRu8
+zdIeZzxAwu8lYQaDq/eOgKeXQVW5gxkQG5rCWUazbG+gCBEItBlDYXJvbCA8Y2Fy
+b2xAZXhhbXBsZS5uZXQ+iJAEExMIADgWIQRsYnNeRUzN15+mymAQeRE67BKC/QUC
+WW3WrwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAQeRE67BKC/czKAP4p
+26ygO/PtZluyOMFYj8cuFZ9Z9eygBH2Y3/mtn3gcOAD/VWpu9Rwz689TraDv/Sqg
+apYJ1rdJREHrbrcqKtuTqFiIdQQQEwgAHRYhBE0/WfTYAw/S2ESv66W6w+0SXMrl
+BQJZbhBhAAoJEKW6w+0SXMrlPYgA/21rYq9iItnLASDCdt4ZX6gPKEZVBFDk6850
+Gyvg3TrEAP9/9bjKEFCSbo6vFKONOEpKqA/9B85Ff+2jq1lvfafV4Q==
+=mwVS
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WzRMIKoZIzj0DAQcCAwQrTeILyHVpkkDsAyAlY7wz0PYjG48ShCYeTX2z
+5f2bLxZGeepQeMiOXznPvCwRNMNpr63048+LGqu34Q9di5tvtBlEYXZpZCA8ZGF2
+aWRAZXhhbXBsZS5vcmc+iJAEExMIADgWIQSgYHY1GYyrosRn+qZM5btC45hAAAUC
+WW3WzQIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBM5btC45hAAAm0AP4n
+GINm20BvnUWMHmgnUGSybMiuAvqi6itsstGNXKTuuQD/QmrIuGHUre+fitgNu4q2
+9ABx9BsKd3PAX1e4ZD/uBtKIdQQQEwgAHRYhBE0/WfTYAw/S2ESv66W6w+0SXMrl
+BQJZbhB0AAoJEKW6w+0SXMrlARwA/RiqKRh4rYtW5gP20PoQNYfS1qh+lDRTlhfp
+SSF5aKKFAP90s5/fp6n382IjbOhmQiEB9N4gv4pZT3YP13NQwAABbg==
+=bLxR
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3W3RMIKoZIzj0DAQcCAwQs0QS2PEUXhpmsPlaTFOsXd8AoYqpa6xcc0+AE
+Mck1EzlqRlxeibvYeh/+yxjl18Ouww/BERB+PcoABXp00zXztBlGcmFuayA8ZnJh
+bmtAZXhhbXBsZS5jb20+iJAEExMIADgWIQTOGg4Hz4ogy/jcR9bbkBfbrmzQ7wUC
+WW3W3QIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRDbkBfbrmzQ76cNAP9G
+mUKYA9CAx6OGzb9iY6pat6TJ3ghY2P3PIjafbbxZdgEAnX9Z/W8G+I4SrOzu34LS
+IETHEldWI+UbSc1n1qiJfUaIdQQQEwgAHRYhBE0/WfTYAw/S2ESv66W6w+0SXMrl
+BQJZbhCEAAoJEKW6w+0SXMrlepAA/3+AAaRQVfsU+zQtGg43VxAcfW+ezuUVCYUY
+IW2Lv+GkAP0WF7Nh5N4nDo/gC3WBW2zdWArlRaWa5NxcCquEUaE7Tg==
+=SWmz
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3W8RMIKoZIzj0DAQcCAwRTGb7wRrdPa+mXxUNJoYgWbKfMDQH9M1H366PQ
+ga8L32TYccFzyCD8DuRYOQxzhnCtSHtdzK4QAwwGLaJV6GRjtBlHcmFjZSA8Z3Jh
+Y2VAZXhhbXBsZS5uZXQ+iJAEExMIADgWIQS5NfS42gCa+8zdQThmU6GDAH+DRQUC
+WW3W8QIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBmU6GDAH+DRbYAAP4q
+ZbYNAAtZOexWcv9Ap0nUnwOxpHWX7LaHsVRi4W21CwEAtliza9TA5UGcBjKpseiC
+qBs9LEpFd4DE2qh6nHpyy/6IdQQQEwgAHRYhBGxic15FTM3Xn6bKYBB5ETrsEoL9
+BQJZbhCyAAoJEBB5ETrsEoL9pVoBAPGc50vXiWmSAx8U573pqAyBsVPPMUlfrrgc
+tVZZQ9DyAP9LCpG1kJOnB1Fia1M6M/37FAwVjUerWTrp6XoG1888PYh1BBATCAAd
+FiEEoGB2NRmMq6LEZ/qmTOW7QuOYQAAFAlluEM4ACgkQTOW7QuOYQAB3HgD+Kw+R
+WbH8RcSlNbwlGWCWYwKvik7ukIMcTXXYD5azTYoBANF5Ym2n5RExmEd8nTrWu9MR
+TUlOgAXfzm/iH4+TNj2yiHUEEBMIAB0WIQTOGg4Hz4ogy/jcR9bbkBfbrmzQ7wUC
+WW4Q7AAKCRDbkBfbrmzQ7weXAP9OyFxzdpbq1R+V6T5WEckR5OtE6Va/7CHRPRW+
+kMNVjwD/YQZVbOCRxKybVbvPuF+29w7sWp4iAmmrmCFnKfgxZsQ=
+=r9Ly
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/trust-pgp/scenario2.asc b/tests/openpgp/trust-pgp/scenario2.asc
new file mode 100644
index 0000000..3a98621
--- /dev/null
+++ b/tests/openpgp/trust-pgp/scenario2.asc
@@ -0,0 +1,70 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW2+WxMIKoZIzj0DAQcCAwQnUnqiwvOPU7gGepFTew8Fk5kmVexr+PvaqXgv
+9wKxNzZrs4GvamULk9pl2euwJGKPBRJRz8RSNpW6HIIzAPoOtBlBbGljZSA8YWxp
+Y2VAZXhhbXBsZS5vcmc+iJAEExMIADgWIQT9myDdPJgSPu6vjMUbpBU40uZWtQUC
+WW2+WwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAbpBU40uZWtTs8AQC8
+6p4hEyInw17S3P4rVpHP+en+6YJDE7x12b2aevgzsQD/XPhh0PTrAlenhFdQjQbZ
+A4dNj5BcxKEIWunJICtZCo0=
+=rf4w
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WihMIKoZIzj0DAQcCAwTtUYI84wfNPCwa/r2ke7tXz0uv/En9LQZbW0QE
+nzHigEvMXLfyjfjCf5tQ2eVbKLbABxtKwDtC2bv8dMcmgqd/tBlCb2JieSA8Ym9i
+YnlAZXhhbXBsZS5jb20+iJAEExMIADgWIQRNP1n02AMP0thEr+ulusPtElzK5QUC
+WW3WigIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRClusPtElzK5ZSOAQD1
+St647GAPOFIIYBDka3EGJeSan8i4f+u80jyplpWeggEA+z9VSDLd7JKMXqD3B/9T
+O+rBR22hpi+TILZrbk7svFyIeQQQEwgAIRYhBP2bIN08mBI+7q+MxRukFTjS5la1
+BQJZbjsoAwUBeAAKCRAbpBU40uZWtVGlAQCgHkwmJSATJbrqV7+h/1ByLDi4+thQ
+ApW8nRinGuwkxQD+NgjOVmkPGZtpvaBzLXJS/IdPAYBWAriAzDZEV2GchWM=
+=4Xcm
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WrxMIKoZIzj0DAQcCAwS4HzEJ0YwXZ1SWciHOmWdfnESTvwC3Zb/sWRu8
+zdIeZzxAwu8lYQaDq/eOgKeXQVW5gxkQG5rCWUazbG+gCBEItBlDYXJvbCA8Y2Fy
+b2xAZXhhbXBsZS5uZXQ+iJAEExMIADgWIQRsYnNeRUzN15+mymAQeRE67BKC/QUC
+WW3WrwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAQeRE67BKC/czKAP4p
+26ygO/PtZluyOMFYj8cuFZ9Z9eygBH2Y3/mtn3gcOAD/VWpu9Rwz689TraDv/Sqg
+apYJ1rdJREHrbrcqKtuTqFiIdQQQEwgAHRYhBE0/WfTYAw/S2ESv66W6w+0SXMrl
+BQJZbjteAAoJEKW6w+0SXMrlkJQBAO19erLoHXOqUI01Wl0tcaKIwEB5HkIHLh0w
+cCTOG4bDAQCCG8a8D1mg9jVPukBzTBUZGpDZmg/U3JGW3XE6rKlKXQ==
+=Df0N
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WzRMIKoZIzj0DAQcCAwQrTeILyHVpkkDsAyAlY7wz0PYjG48ShCYeTX2z
+5f2bLxZGeepQeMiOXznPvCwRNMNpr63048+LGqu34Q9di5tvtBlEYXZpZCA8ZGF2
+aWRAZXhhbXBsZS5vcmc+iJAEExMIADgWIQSgYHY1GYyrosRn+qZM5btC45hAAAUC
+WW3WzQIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBM5btC45hAAAm0AP4n
+GINm20BvnUWMHmgnUGSybMiuAvqi6itsstGNXKTuuQD/QmrIuGHUre+fitgNu4q2
+9ABx9BsKd3PAX1e4ZD/uBtKIdQQQEwgAHRYhBP2bIN08mBI+7q+MxRukFTjS5la1
+BQJZbkUBAAoJEBukFTjS5la1zSgA/A6ei6bus+VtQtL1rsJfovwoxnyAq+QzCcJL
+ZheUUK3LAQCK+rVE1Yn9QsFoNYZUgLHrnQDtSVq9ClJvNw/Wuz7DpQ==
+=No85
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3W3RMIKoZIzj0DAQcCAwQs0QS2PEUXhpmsPlaTFOsXd8AoYqpa6xcc0+AE
+Mck1EzlqRlxeibvYeh/+yxjl18Ouww/BERB+PcoABXp00zXztBlGcmFuayA8ZnJh
+bmtAZXhhbXBsZS5jb20+iJAEExMIADgWIQTOGg4Hz4ogy/jcR9bbkBfbrmzQ7wUC
+WW3W3QIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRDbkBfbrmzQ76cNAP9G
+mUKYA9CAx6OGzb9iY6pat6TJ3ghY2P3PIjafbbxZdgEAnX9Z/W8G+I4SrOzu34LS
+IETHEldWI+UbSc1n1qiJfUaIeQQQEwgAIRYhBKBgdjUZjKuixGf6pkzlu0LjmEAA
+BQJZbkUwAwUBeAAKCRBM5btC45hAAJF0AQD3lBQszLXrlSnCLuHfQxbS/p05DURZ
+HRi8MbTqkrcgrQD8Cs3gwQCBkPUrx8boAyjcuX1BK/TYZ1Gg8hWkozNr1lI=
+=HwV/
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3W8RMIKoZIzj0DAQcCAwRTGb7wRrdPa+mXxUNJoYgWbKfMDQH9M1H366PQ
+ga8L32TYccFzyCD8DuRYOQxzhnCtSHtdzK4QAwwGLaJV6GRjtBlHcmFjZSA8Z3Jh
+Y2VAZXhhbXBsZS5uZXQ+iJAEExMIADgWIQS5NfS42gCa+8zdQThmU6GDAH+DRQUC
+WW3W8QIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBmU6GDAH+DRbYAAP4q
+ZbYNAAtZOexWcv9Ap0nUnwOxpHWX7LaHsVRi4W21CwEAtliza9TA5UGcBjKpseiC
+qBs9LEpFd4DE2qh6nHpyy/6IdQQQEwgAHRYhBM4aDgfPiiDL+NxH1tuQF9uubNDv
+BQJZbkVQAAoJENuQF9uubNDvyrkBAICiFq2dTFzLrXNsItwpPrB20trzEPM/JAxa
+lzSyknJMAQDBCj8nyEtlpkYh9t9ovy/x75D1OUBFFYHOQXCMy0QyRA==
+=yoqI
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/trust-pgp/scenario3.asc b/tests/openpgp/trust-pgp/scenario3.asc
new file mode 100644
index 0000000..240afd5
--- /dev/null
+++ b/tests/openpgp/trust-pgp/scenario3.asc
@@ -0,0 +1,58 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW2+WxMIKoZIzj0DAQcCAwQnUnqiwvOPU7gGepFTew8Fk5kmVexr+PvaqXgv
+9wKxNzZrs4GvamULk9pl2euwJGKPBRJRz8RSNpW6HIIzAPoOtBlBbGljZSA8YWxp
+Y2VAZXhhbXBsZS5vcmc+iJAEExMIADgWIQT9myDdPJgSPu6vjMUbpBU40uZWtQUC
+WW2+WwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAbpBU40uZWtTs8AQC8
+6p4hEyInw17S3P4rVpHP+en+6YJDE7x12b2aevgzsQD/XPhh0PTrAlenhFdQjQbZ
+A4dNj5BcxKEIWunJICtZCo0=
+=rf4w
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WihMIKoZIzj0DAQcCAwTtUYI84wfNPCwa/r2ke7tXz0uv/En9LQZbW0QE
+nzHigEvMXLfyjfjCf5tQ2eVbKLbABxtKwDtC2bv8dMcmgqd/tBlCb2JieSA8Ym9i
+YnlAZXhhbXBsZS5jb20+iJAEExMIADgWIQRNP1n02AMP0thEr+ulusPtElzK5QUC
+WW3WigIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRClusPtElzK5ZSOAQD1
+St647GAPOFIIYBDka3EGJeSan8i4f+u80jyplpWeggEA+z9VSDLd7JKMXqD3B/9T
+O+rBR22hpi+TILZrbk7svFyIeQQQEwgAIRYhBP2bIN08mBI+7q+MxRukFTjS5la1
+BQJZbmYmAwUCeAAKCRAbpBU40uZWtSQhAQD2HLi7PUipgcO9N+KEJLKl2T9ralzj
+O1PMy8IbxnG86AD/Ya541TcH9oxZUWm5dsHd/eoBnSu2WwWkLPNHirRkzwE=
+=R1uZ
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WrxMIKoZIzj0DAQcCAwS4HzEJ0YwXZ1SWciHOmWdfnESTvwC3Zb/sWRu8
+zdIeZzxAwu8lYQaDq/eOgKeXQVW5gxkQG5rCWUazbG+gCBEItBlDYXJvbCA8Y2Fy
+b2xAZXhhbXBsZS5uZXQ+iJAEExMIADgWIQRsYnNeRUzN15+mymAQeRE67BKC/QUC
+WW3WrwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAQeRE67BKC/czKAP4p
+26ygO/PtZluyOMFYj8cuFZ9Z9eygBH2Y3/mtn3gcOAD/VWpu9Rwz689TraDv/Sqg
+apYJ1rdJREHrbrcqKtuTqFiIeQQQEwgAIRYhBE0/WfTYAw/S2ESv66W6w+0SXMrl
+BQJZbmZIAwUCeAAKCRClusPtElzK5YuLAP0b5nCuz6p6DDrHB0rtwfhEfJQgvsEc
+zGE2Hh5P5fXP/AEA2Gt8LEWiHYNGWu6ZN02oyCoNUEfZZFva59IIPrzPDHU=
+=S6Nc
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WzRMIKoZIzj0DAQcCAwQrTeILyHVpkkDsAyAlY7wz0PYjG48ShCYeTX2z
+5f2bLxZGeepQeMiOXznPvCwRNMNpr63048+LGqu34Q9di5tvtBlEYXZpZCA8ZGF2
+aWRAZXhhbXBsZS5vcmc+iJAEExMIADgWIQSgYHY1GYyrosRn+qZM5btC45hAAAUC
+WW3WzQIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBM5btC45hAAAm0AP4n
+GINm20BvnUWMHmgnUGSybMiuAvqi6itsstGNXKTuuQD/QmrIuGHUre+fitgNu4q2
+9ABx9BsKd3PAX1e4ZD/uBtKIeQQQEwgAIRYhBGxic15FTM3Xn6bKYBB5ETrsEoL9
+BQJZbmZ0AwUCeAAKCRAQeRE67BKC/eFYAQDaKoyQZYnNH/62hydWITZ1nOYM/h6i
+6L/b+XqB9DD0ewD9FAbO1wzassj6FmZMZDaraqdljTX+94JY5E3GJ8EQXo4=
+=kaec
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3W3RMIKoZIzj0DAQcCAwQs0QS2PEUXhpmsPlaTFOsXd8AoYqpa6xcc0+AE
+Mck1EzlqRlxeibvYeh/+yxjl18Ouww/BERB+PcoABXp00zXztBlGcmFuayA8ZnJh
+bmtAZXhhbXBsZS5jb20+iJAEExMIADgWIQTOGg4Hz4ogy/jcR9bbkBfbrmzQ7wUC
+WW3W3QIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRDbkBfbrmzQ76cNAP9G
+mUKYA9CAx6OGzb9iY6pat6TJ3ghY2P3PIjafbbxZdgEAnX9Z/W8G+I4SrOzu34LS
+IETHEldWI+UbSc1n1qiJfUaIeQQQEwgAIRYhBKBgdjUZjKuixGf6pkzlu0LjmEAA
+BQJZbmaiAwUCeAAKCRBM5btC45hAAMcRAP9dcKO3ETB52AsFdBp2iJVjqJ5JiftN
+B/2FZBxPtSjXpAD/YdDzs+zNaAUlFIFmXzP9EmIqmXhC6XSiASrNd5EW33A=
+=DXNa
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/trust-pgp/scenario4.asc b/tests/openpgp/trust-pgp/scenario4.asc
new file mode 100644
index 0000000..7860c95
--- /dev/null
+++ b/tests/openpgp/trust-pgp/scenario4.asc
@@ -0,0 +1,84 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW2+WxMIKoZIzj0DAQcCAwQnUnqiwvOPU7gGepFTew8Fk5kmVexr+PvaqXgv
+9wKxNzZrs4GvamULk9pl2euwJGKPBRJRz8RSNpW6HIIzAPoOtBlBbGljZSA8YWxp
+Y2VAZXhhbXBsZS5vcmc+iJAEExMIADgWIQT9myDdPJgSPu6vjMUbpBU40uZWtQUC
+WW2+WwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAbpBU40uZWtTs8AQC8
+6p4hEyInw17S3P4rVpHP+en+6YJDE7x12b2aevgzsQD/XPhh0PTrAlenhFdQjQbZ
+A4dNj5BcxKEIWunJICtZCo0=
+=rf4w
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WihMIKoZIzj0DAQcCAwTtUYI84wfNPCwa/r2ke7tXz0uv/En9LQZbW0QE
+nzHigEvMXLfyjfjCf5tQ2eVbKLbABxtKwDtC2bv8dMcmgqd/tBlCb2JieSA8Ym9i
+YnlAZXhhbXBsZS5jb20+iJAEExMIADgWIQRNP1n02AMP0thEr+ulusPtElzK5QUC
+WW3WigIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRClusPtElzK5ZSOAQD1
+St647GAPOFIIYBDka3EGJeSan8i4f+u80jyplpWeggEA+z9VSDLd7JKMXqD3B/9T
+O+rBR22hpi+TILZrbk7svFyIlAQQEwgAPBYhBP2bIN08mBI+7q+MxRukFTjS5la1
+BQJZbm5IAwUCeBqGPFtePl0rW0AuXWV4YW1wbGVcLmNvbT4kAAAKCRAbpBU40uZW
+tb+2APsFKgWxiLtSbpcekarOlPrw014LVinLGah3VE1Izay+tAEA+0INHdcNoz64
+kRE/2siUnx1ksrWcWvJbvNMteknXhzY=
+=UQni
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WrxMIKoZIzj0DAQcCAwS4HzEJ0YwXZ1SWciHOmWdfnESTvwC3Zb/sWRu8
+zdIeZzxAwu8lYQaDq/eOgKeXQVW5gxkQG5rCWUazbG+gCBEItBlDYXJvbCA8Y2Fy
+b2xAZXhhbXBsZS5uZXQ+iJAEExMIADgWIQRsYnNeRUzN15+mymAQeRE67BKC/QUC
+WW3WrwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAQeRE67BKC/czKAP4p
+26ygO/PtZluyOMFYj8cuFZ9Z9eygBH2Y3/mtn3gcOAD/VWpu9Rwz689TraDv/Sqg
+apYJ1rdJREHrbrcqKtuTqFiIdQQQEwgAHRYhBE0/WfTYAw/S2ESv66W6w+0SXMrl
+BQJZbm6PAAoJEKW6w+0SXMrlWj8A/2UdgyhbV+tLjyFb87iBiaWxSIVfiVyjhLZN
+htPTrKb2AP4yIRxJ3x0LmRSDLkZ/QIQmgahlAXRmKCXSRAB8x2KRsQ==
+=Zbpr
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3WzRMIKoZIzj0DAQcCAwQrTeILyHVpkkDsAyAlY7wz0PYjG48ShCYeTX2z
+5f2bLxZGeepQeMiOXznPvCwRNMNpr63048+LGqu34Q9di5tvtBlEYXZpZCA8ZGF2
+aWRAZXhhbXBsZS5vcmc+iJAEExMIADgWIQSgYHY1GYyrosRn+qZM5btC45hAAAUC
+WW3WzQIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBM5btC45hAAAm0AP4n
+GINm20BvnUWMHmgnUGSybMiuAvqi6itsstGNXKTuuQD/QmrIuGHUre+fitgNu4q2
+9ABx9BsKd3PAX1e4ZD/uBtKIlAQQEwgAPBYhBP2bIN08mBI+7q+MxRukFTjS5la1
+BQJZbm5uAwUCeBqGPFtePl0rW0AuXWV4YW1wbGVcLm9yZz4kAAAKCRAbpBU40uZW
+tYGkAQDcxaTENxUFCcwyuv/pOpNr51Q7bhCcWVPd3Zn1t3yurQD+KDre0hsrR0Rf
+kiq5JYhqh8sEejmFQ1EtcCNI2x8CvHg=
+=W5g4
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3W3RMIKoZIzj0DAQcCAwQs0QS2PEUXhpmsPlaTFOsXd8AoYqpa6xcc0+AE
+Mck1EzlqRlxeibvYeh/+yxjl18Ouww/BERB+PcoABXp00zXztBlGcmFuayA8ZnJh
+bmtAZXhhbXBsZS5jb20+iJAEExMIADgWIQTOGg4Hz4ogy/jcR9bbkBfbrmzQ7wUC
+WW3W3QIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRDbkBfbrmzQ76cNAP9G
+mUKYA9CAx6OGzb9iY6pat6TJ3ghY2P3PIjafbbxZdgEAnX9Z/W8G+I4SrOzu34LS
+IETHEldWI+UbSc1n1qiJfUaIdQQQEwgAHRYhBKBgdjUZjKuixGf6pkzlu0LjmEAA
+BQJZbm7vAAoJEEzlu0LjmEAAmT0A/3kZ3vms9aDuS2OD9yE/KoluBQi1UWR59V/2
+JHomhTiRAP9GI/01N3pRty986m4dVBbrXpT39ZkEj4q+zkn1uNeQHA==
+=UqlD
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3W8RMIKoZIzj0DAQcCAwRTGb7wRrdPa+mXxUNJoYgWbKfMDQH9M1H366PQ
+ga8L32TYccFzyCD8DuRYOQxzhnCtSHtdzK4QAwwGLaJV6GRjtBlHcmFjZSA8Z3Jh
+Y2VAZXhhbXBsZS5uZXQ+iJAEExMIADgWIQS5NfS42gCa+8zdQThmU6GDAH+DRQUC
+WW3W8QIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBmU6GDAH+DRbYAAP4q
+ZbYNAAtZOexWcv9Ap0nUnwOxpHWX7LaHsVRi4W21CwEAtliza9TA5UGcBjKpseiC
+qBs9LEpFd4DE2qh6nHpyy/6IdQQQEwgAHRYhBAOJwLeZDhBSCzNPI3VvFXHtqRhL
+BQJZbm85AAoJEHVvFXHtqRhL6N0BAPjsViTQhc/t9zbC7Jf3bRLQTYjwR5EtW4Wu
+IZZeByYXAQDw0Wofsq945J5oRLoTPdc264dBv8ojBr0/1uFWOvci/w==
+=q1yC
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEWW3XBxMIKoZIzj0DAQcCAwSINFpTZUYnxDDj3k16ljZIt58rh3cuUNIvUcqR
+zR9kdlmudQTaf1zUsW6F3r+t91t88kaA2Fcci3wkU0CAob0WtBlIZWlkaSA8aGVp
+ZGlAZXhhbXBsZS5vcmc+iJAEExMIADgWIQQDicC3mQ4QUgszTyN1bxVx7akYSwUC
+WW3XBwIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRB1bxVx7akYS3BcAP9J
+XIhGIadg+SoFWoZ8jYyVOA3z66Ku6vYl2Rw+jKUIQwD+Pc54tFFPV2hycSe9JPWy
+uaVfFlNs1RyWcCVrY5l3swSIeQQQEwgAIRYhBKBgdjUZjKuixGf6pkzlu0LjmEAA
+BQJZbm8aAwUCeAAKCRBM5btC45hAAPABAPwLtRtV1gnk6qbyb9DvvHbG1kd2sqQ5
+mBM7cw6rPmf2EgEA3V3J9D7/4hbF/tulACVEpW9yvZq3wnEj0GSMpF6qQDE=
+=7uOj
+-----END PGP PUBLIC KEY BLOCK-----

commit cbe54b28bf3610204e12c50c0606df37337a1156
Author: Damien Goutte-Gattat <dgouttegattat at incenp.org>
Date:   Wed Jul 19 22:17:28 2017 +0200

    tests: Move some functions into a common module.
    
    * tests/openpgp/tofu.scm (gettrust): Moved to the common defs.scm
    module.
    (checktrust): Likewise.
    * tests/openpgp/defs.scm (gettrust): New function.
    (checktrust): Likewise.
    --
    
    These functions will be re-used by the tests for the PGP trust
    model.
    
    Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>

diff --git a/tests/openpgp/defs.scm b/tests/openpgp/defs.scm
index 358efa6..f52f316 100644
--- a/tests/openpgp/defs.scm
+++ b/tests/openpgp/defs.scm
@@ -466,5 +466,29 @@
   (catch (log "Warning: Removing socket directory failed.")
 	 (gpg-conf '--remove-socketdir)))
 
+;; Get the trust level for KEYID.  Any remaining arguments are simply
+;; passed to GPG.
+;;
+;; This function only supports keys with a single user id.
+(define (gettrust keyid . args)
+  (let ((trust
+	  (list-ref (assoc "pub" (gpg-with-colons
+				   `(, at args
+				      --list-keys ,keyid))) 1)))
+    (unless (and (= 1 (string-length trust))
+		 (member (string-ref trust 0) (string->list "oidreqnmfuws-")))
+	    (fail "Bad trust value:" trust))
+    trust))
+
+;; Check that KEYID's trust level matches EXPECTED-TRUST.  Any
+;; remaining arguments are simply passed to GPG.
+;;
+;; This function only supports keys with a single user id.
+(define (checktrust keyid expected-trust . args)
+  (let ((trust (apply gettrust `(,keyid , at args))))
+    (unless (string=? trust expected-trust)
+	    (fail keyid ": Expected trust to be" expected-trust
+		   "but got" trust))))
+
 
 ;; end
diff --git a/tests/openpgp/tofu.scm b/tests/openpgp/tofu.scm
index 58b2a03..cd4b4c7 100755
--- a/tests/openpgp/tofu.scm
+++ b/tests/openpgp/tofu.scm
@@ -71,30 +71,6 @@
 	    (fail keyid ": Expected policy to be" expected-policy
 		   "but got" policy))))
 
-;; Get the trust level for KEYID.  Any remaining arguments are simply
-;; passed to GPG.
-;;
-;; This function only supports keys with a single user id.
-(define (gettrust keyid . args)
-  (let ((trust
-	 (list-ref (assoc "pub" (gpg-with-colons
-				 `(, at args
-				   --list-keys ,keyid))) 1)))
-    (unless (and (= 1 (string-length trust))
-		 (member (string-ref trust 0) (string->list "oidreqnmfuws-")))
-	    (fail "Bad trust value:" trust))
-    trust))
-
-;; Check that KEYID's trust level matches EXPECTED-TRUST.  Any
-;; remaining arguments are simply passed to GPG.
-;;
-;; This function only supports keys with a single user id.
-(define (checktrust keyid expected-trust . args)
-  (let ((trust (apply gettrust `(,keyid , at args))))
-    (unless (string=? trust expected-trust)
-	    (fail keyid ": Expected trust to be" expected-trust
-		   "but got" trust))))
-
 ;; Set key KEYID's policy to POLICY.  Any remaining arguments are
 ;; passed as options to gpg.
 (define (setpolicy keyid policy . args)

commit 0161225457e0609509d0d5f4b80a60a1071b4b48
Author: Damien Goutte-Gattat <dgouttegattat at incenp.org>
Date:   Mon Aug 21 16:48:11 2017 +0200

    gpgconf: Make WoT settings configurable by gpgconf.
    
    * tools/gpgconf-comp.c (gc_options_gpg): Add max-cert-depth,
    completes-needed, and marginals-needed options.
    * g10/gpg.c (gpgconf_list): Likewise.
    --
    
    Some tests to come for the PGP trust model will need to manipulate
    these parameters.
    
    Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>

diff --git a/g10/gpg.c b/g10/gpg.c
index c9fa7ae..31b1fca 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -1860,6 +1860,9 @@ gpgconf_list (const char *configfile)
   es_printf ("default-new-key-algo:%lu:\n", GC_OPT_FLAG_NONE);
   es_printf ("trust-model:%lu:\n", GC_OPT_FLAG_NONE);
   es_printf ("disable-dirmngr:%lu:\n", GC_OPT_FLAG_NONE);
+  es_printf ("max-cert-depth:%lu:\n", GC_OPT_FLAG_NONE);
+  es_printf ("completes-needed:%lu:\n", GC_OPT_FLAG_NONE);
+  es_printf ("marginals-needed:%lu:\n", GC_OPT_FLAG_NONE);
 
   /* The next one is an info only item and should match the macros at
      the top of keygen.c  */
diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index b066dad..e9d4ca8 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -762,6 +762,18 @@ static gc_option_t gc_options_gpg[] =
    { "disable-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
      "gnupg", N_("disable all access to the dirmngr"),
      GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
+   { "max-cert-depth",
+     GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
+     NULL, NULL,
+     GC_ARG_TYPE_UINT32, GC_BACKEND_GPG },
+   { "completes-needed",
+     GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
+     NULL, NULL,
+     GC_ARG_TYPE_UINT32, GC_BACKEND_GPG },
+   { "marginals-needed",
+     GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
+     NULL, NULL,
+     GC_ARG_TYPE_UINT32, GC_BACKEND_GPG },
 
 
    GC_OPTION_NULL

-----------------------------------------------------------------------

Summary of changes:
 g10/gpg.c                                          |  3 +
 tests/openpgp/Makefile.am                          | 19 ++++-
 tests/openpgp/defs.scm                             | 24 +++++++
 tests/openpgp/tofu.scm                             | 24 -------
 tests/openpgp/trust-pgp-1.scm                      | 76 ++++++++++++++++++++
 tests/openpgp/trust-pgp-2.scm                      | 39 ++++++++++
 tests/{gpgsm/shell.scm => openpgp/trust-pgp-3.scm} | 21 +++---
 tests/openpgp/trust-pgp-4.scm                      | 37 ++++++++++
 tests/openpgp/trust-pgp/alice.sec.asc              | 11 +++
 tests/openpgp/trust-pgp/bobby.sec.asc              | 11 +++
 tests/openpgp/trust-pgp/carol.sec.asc              | 11 +++
 tests/openpgp/trust-pgp/common.scm                 | 66 +++++++++++++++++
 tests/openpgp/trust-pgp/david.sec.asc              | 11 +++
 tests/openpgp/trust-pgp/frank.sec.asc              | 11 +++
 tests/openpgp/trust-pgp/grace.sec.asc              | 11 +++
 tests/openpgp/trust-pgp/heidi.sec.asc              | 11 +++
 tests/openpgp/trust-pgp/scenario1.asc              | 75 +++++++++++++++++++
 tests/openpgp/trust-pgp/scenario2.asc              | 70 ++++++++++++++++++
 tests/openpgp/trust-pgp/scenario3.asc              | 58 +++++++++++++++
 tests/openpgp/trust-pgp/scenario4.asc              | 84 ++++++++++++++++++++++
 tools/gpgconf-comp.c                               | 12 ++++
 21 files changed, 649 insertions(+), 36 deletions(-)
 create mode 100755 tests/openpgp/trust-pgp-1.scm
 create mode 100755 tests/openpgp/trust-pgp-2.scm
 copy tests/{gpgsm/shell.scm => openpgp/trust-pgp-3.scm} (58%)
 mode change 100644 => 100755
 create mode 100755 tests/openpgp/trust-pgp-4.scm
 create mode 100644 tests/openpgp/trust-pgp/alice.sec.asc
 create mode 100644 tests/openpgp/trust-pgp/bobby.sec.asc
 create mode 100644 tests/openpgp/trust-pgp/carol.sec.asc
 create mode 100644 tests/openpgp/trust-pgp/common.scm
 create mode 100644 tests/openpgp/trust-pgp/david.sec.asc
 create mode 100644 tests/openpgp/trust-pgp/frank.sec.asc
 create mode 100644 tests/openpgp/trust-pgp/grace.sec.asc
 create mode 100644 tests/openpgp/trust-pgp/heidi.sec.asc
 create mode 100644 tests/openpgp/trust-pgp/scenario1.asc
 create mode 100644 tests/openpgp/trust-pgp/scenario2.asc
 create mode 100644 tests/openpgp/trust-pgp/scenario3.asc
 create mode 100644 tests/openpgp/trust-pgp/scenario4.asc


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Aug 22 04:24:44 2017
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Tue, 22 Aug 2017 04:24:44 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.23-10-ge6fa6b0
Message-ID: <E1djys1-0000IO-7m@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  e6fa6b0ce823effd721c807b2b292287af91c642 (commit)
      from  c23a69970ba38edae9d3b2603825d18fbb732423 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e6fa6b0ce823effd721c807b2b292287af91c642
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Tue Aug 22 11:24:31 2017 +0900

    po: Update Japanese translation

diff --git a/po/ja.po b/po/ja.po
index 7d4f002..dcfbc68 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -8,9 +8,9 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: gnupg 2.1.22\n"
+"Project-Id-Version: gnupg 2.1.23\n"
 "Report-Msgid-Bugs-To: translations at gnupg.org\n"
-"PO-Revision-Date: 2017-08-01 11:34+0900\n"
+"PO-Revision-Date: 2017-08-22 11:22+0900\n"
 "Last-Translator: NIIBE Yutaka <gniibe at fsij.org>\n"
 "Language-Team: none\n"
 "Language: ja\n"
@@ -630,7 +630,7 @@ msgstr "??"
 
 #, c-format
 msgid "Note: This passphrase has never been changed.%0APlease change it now."
-msgstr "??: ?????????????????%0A???????????"
+msgstr "*??*: ?????????????????%0A???????????"
 
 #, c-format
 msgid ""
@@ -1198,12 +1198,11 @@ msgid "WARNING: %s\n"
 msgstr "*??*: %s\n"
 
 msgid "Note: Outdated servers may lack important security fixes.\n"
-msgstr ""
+msgstr "*??*: ??????????????????????????????????\n"
 
-#, fuzzy, c-format
-#| msgid "Please use the command \"toggle\" first.\n"
+#, c-format
 msgid "Note: Use the command \"%s\" to restart them.\n"
-msgstr "??\"toggle\"?????????????\n"
+msgstr "*??*: \"%s\"??????????????????\n"
 
 #, c-format
 msgid "%s is not compliant with %s mode\n"
@@ -4360,7 +4359,7 @@ msgstr "*??*: ????????????? %s ??????
 
 #, c-format
 msgid "Note: signatures using the %s algorithm are rejected\n"
-msgstr "??: ?????? %s ??????????????\n"
+msgstr "*??*: ?????? %s ??????????????\n"
 
 #, c-format
 msgid "(reported error: %s)\n"
@@ -4684,15 +4683,15 @@ msgid "WARNING: This subkey has been revoked by its owner!\n"
 msgstr "*??*: ????????????????????!\n"
 
 msgid "Note: This key has been disabled.\n"
-msgstr "??: ??????????????????\n"
+msgstr "*??*: ??????????????????\n"
 
 #, c-format
 msgid "Note: Verified signer's address is '%s'\n"
-msgstr "??: ??????????????'%s'??\n"
+msgstr "*??*: ??????????????'%s'??\n"
 
 #, c-format
 msgid "Note: Signer's address '%s' does not match DNS entry\n"
-msgstr "??: ????????'%s'?DNS????????????\n"
+msgstr "*??*: ????????'%s'?DNS????????????\n"
 
 msgid "trustlevel adjusted to FULL due to valid PKA info\n"
 msgstr "PKA???????????????FULL????????\n"
@@ -4701,7 +4700,7 @@ msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
 msgstr "PKA???????????????NEVER????????\n"
 
 msgid "Note: This key has expired!\n"
-msgstr "??: ??????????!\n"
+msgstr "*??*: ??????????!\n"
 
 msgid "WARNING: This key is not certified with a trusted signature!\n"
 msgstr "*??*: ?????????????????????!\n"
@@ -4782,11 +4781,11 @@ msgstr "???????????\n"
 
 #, c-format
 msgid "Note: key %s has no %s feature\n"
-msgstr "??: ?%s?? %s ?????????\n"
+msgstr "*??*: ?%s?? %s ?????????\n"
 
 #, c-format
 msgid "Note: key %s has no preference for %s\n"
-msgstr "??: ?%s??%s??????????????\n"
+msgstr "*??*: ?%s??%s??????????????\n"
 
 msgid "data not saved; use option \"--output\" to save it\n"
 msgstr ""
@@ -4812,10 +4811,9 @@ msgstr "????????'%s'??????\n"
 msgid "can't open signed data fd=%d: %s\n"
 msgstr "???????? fd=%d ??????: %s\n"
 
-#, fuzzy, c-format
-#| msgid "Note: key %s is not suitable for encryption in %s mode\n"
+#, c-format
 msgid "key %s is not suitable for decryption in %s mode\n"
-msgstr "?: ?%s?%s?????????????????\n"
+msgstr "?%s?%s?????????????????\n"
 
 #, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
@@ -6044,7 +6042,7 @@ msgid "failed to open '%s': %s\n"
 msgstr "'%s'??????: %s\n"
 
 msgid "Note: non-critical certificate policy not allowed"
-msgstr "??: ????????????????????????"
+msgstr "*??*: ????????????????????????"
 
 msgid "certificate policy not allowed"
 msgstr "???????????????"

-----------------------------------------------------------------------

Summary of changes:
 po/ja.po | 34 ++++++++++++++++------------------
 1 file changed, 16 insertions(+), 18 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Aug 22 15:18:08 2017
From: cvs at cvs.gnupg.org (by Marcus Brinkmann)
Date: Tue, 22 Aug 2017 15:18:08 +0200
Subject: [git] KSBA - branch, master, updated. libksba-1.3.5-14-gaf99234
Message-ID: <E1dk94K-0003mS-JG@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "KSBA is a library to access X.509 certificates and CMS data.".

The branch, master has been updated
       via  af99234b21c98ad1a4eaf2b72fb52de67beba9d3 (commit)
      from  457d2f0c6a1fea394de6d48afb1c1c0189c52878 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit af99234b21c98ad1a4eaf2b72fb52de67beba9d3
Author: Marcus Brinkmann <marcus.brinkmann at ruhr-uni-bochum.de>
Date:   Tue Aug 22 15:08:24 2017 +0200

    Fix make distcheck.
    
    * configure.ac: Revert last change and define HAVE_GCOV if not
    in maintainer mode.
    * tests/detached-sig.csm: New file.
    * tests/Makefile.am (EXTRA_DIST): Add detached-sig.csm.
    * tests/t-cms-parser.c (main): Use detached-sig.csm as test file.
    
    Signed-off-by: Marcus Brinkmann <mb at g10code.com>

diff --git a/configure.ac b/configure.ac
index 54d4787..4f8928d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -127,12 +127,14 @@ gl_EARLY
 AC_PROG_YACC
 AX_PROG_BISON([have_bison=yes],[have_bison=no])
 
-AC_CHECK_PROGS(GCOV, [gcov], gcov)
 if test "$USE_MAINTAINER_MODE" = "yes"; then
+	AC_CHECK_PROGS(GCOV, [gcov], gcov)
 	# gcov coverage reporting
 	AC_TDD_GCOV
 	AC_SUBST(COVERAGE_CFLAGS)
 	AC_SUBST(COVERAGE_LDFLAGS)
+else
+	AM_CONDITIONAL(HAVE_GCOV, false)
 fi
 
 AC_C_INLINE
diff --git a/tests/Makefile.am b/tests/Makefile.am
index f6436df..fd590ba 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -34,7 +34,7 @@ test_crls = samples/ov-test-crl.crl
 test_keys = samples/ov-server.p12  samples/ov-userrev.p12 \
              samples/ov-serverrev.p12  samples/ov-user.p12
 
-EXTRA_DIST = $(test_certs) samples/README mkoidtbl.awk
+EXTRA_DIST = $(test_certs) samples/README mkoidtbl.awk detached-sig.cms
 
 BUILT_SOURCES = oidtranstbl.h
 CLEANFILES = oidtranstbl.h
diff --git a/tests/detached-sig.cms b/tests/detached-sig.cms
new file mode 100644
index 0000000..9b31d88
Binary files /dev/null and b/tests/detached-sig.cms differ
diff --git a/tests/t-cms-parser.c b/tests/t-cms-parser.c
index 4b83dd7..6739b71 100644
--- a/tests/t-cms-parser.c
+++ b/tests/t-cms-parser.c
@@ -235,7 +235,7 @@ main (int argc, char **argv)
     one_file (argv[1]);
   else
     {
-      char *fname = prepend_srcdir ("extra/dsig-with-id-aa-encrypKeyPref-1.cms");
+      char *fname = prepend_srcdir ("detached-sig.cms");
 
       one_file (fname);
       free(fname);

-----------------------------------------------------------------------

Summary of changes:
 configure.ac           |   4 +++-
 tests/Makefile.am      |   2 +-
 tests/detached-sig.cms | Bin 0 -> 556 bytes
 tests/t-cms-parser.c   |   2 +-
 4 files changed, 5 insertions(+), 3 deletions(-)
 create mode 100644 tests/detached-sig.cms


hooks/post-receive
-- 
KSBA is a library to access X.509 certificates and CMS data.
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Aug 23 01:51:34 2017
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Wed, 23 Aug 2017 01:51:34 +0200
Subject: [git] GCRYPT - branch, gniibe-T3358,
 updated. libgcrypt-1.8.0-14-g02444ab
Message-ID: <E1dkIxK-0003hp-IM@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, gniibe-T3358 has been updated
       via  02444ab2addeaf9b41aa1bed82cfc7b1ca67404f (commit)
      from  9e8f3224135898ee8c562f5f974becd1b680ec06 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 02444ab2addeaf9b41aa1bed82cfc7b1ca67404f
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Wed Aug 23 08:48:53 2017 +0900

    ecc: field specific routines for 25519.
    
    * mpi/ec.c (point_resize): Improve for X25519.
    (mpih_set_cond): New.
    (ec_mod_25519, ec_addm_25519, ec_subm_25519, ec_mulm_25519)
    (ec_mul2_25519, ec_pow2_25519): New.
    (ec_p_init): Fill by FIELD_TABLE.
    
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/mpi/ec.c b/mpi/ec.c
index 4bb9050..6f7df27 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -156,17 +156,29 @@ _gcry_mpi_point_copy (gcry_mpi_point_t point)
 static void
 point_resize (mpi_point_t p, mpi_ec_t ctx)
 {
-  /*
-   * For now, we allocate enough limbs for our EC computation of ec_*.
-   * Once we will improve ec_* to be constant size (and constant
-   * time), NLIMBS can be ctx->p->nlimbs.
-   */
-  size_t nlimbs = 2*ctx->p->nlimbs+1;
-
-  mpi_resize (p->x, nlimbs);
-  if (ctx->model != MPI_EC_MONTGOMERY)
-    mpi_resize (p->y, nlimbs);
-  mpi_resize (p->z, nlimbs);
+  size_t nlimbs;
+
+  if (ctx->model == MPI_EC_MONTGOMERY)
+    {
+      nlimbs = ctx->p->nlimbs;
+
+      mpi_resize (p->x, nlimbs);
+      mpi_resize (p->z, nlimbs);
+      p->x->nlimbs = nlimbs;
+      p->z->nlimbs = nlimbs;
+    }
+  else
+    {
+      /*
+       * For now, we allocate enough limbs for our EC computation of ec_*.
+       * Once we will improve ec_* to be constant size (and constant
+       * time), NLIMBS can be ctx->p->nlimbs.
+       */
+      nlimbs = 2*ctx->p->nlimbs+1;
+      mpi_resize (p->x, nlimbs);
+      mpi_resize (p->y, nlimbs);
+      mpi_resize (p->z, nlimbs);
+    }
 }
 
 
@@ -351,8 +363,161 @@ ec_invm (gcry_mpi_t x, gcry_mpi_t a, mpi_ec_t ctx)
       log_mpidump ("  p", ctx->p);
     }
 }
+

+static void
+mpih_set_cond (mpi_ptr_t wp, mpi_ptr_t up, mpi_size_t usize, unsigned long set)
+{
+  mpi_size_t i;
+  mpi_limb_t mask = ((mpi_limb_t)0) - set;
+  mpi_limb_t x;
+
+  for (i = 0; i < usize; i++)
+    {
+      x = mask & (wp[i] ^ up[i]);
+      wp[i] = wp[i] ^ x;
+    }
+}
+
+/* Routines for 2^255 - 19.  */
+
+static void
+ec_mod_25519 (gcry_mpi_t w, mpi_ec_t ec)
+{
+  _gcry_mpi_mod (w, w, ec->p);
+}
+
+#define LIMB_SIZE_25519 ((256+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB)
+
+static void
+ec_addm_25519 (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx)
+{
+  mpi_ptr_t wp, up, vp;
+  mpi_size_t wsize = LIMB_SIZE_25519;
+  mpi_limb_t n[LIMB_SIZE_25519];
+  mpi_limb_t borrow;
+
+  if (w->alloced != wsize || u->alloced != wsize || v->alloced != wsize)
+    log_bug ("addm_25519: different sizes\n");
+
+  memset (n, 0, sizeof n);
+  up = u->d;
+  vp = v->d;
+  wp = w->d;
+
+  _gcry_mpih_add_n (wp, up, vp, wsize);
+  borrow = _gcry_mpih_sub_n (wp, wp, ctx->p->d, wsize);
+  mpih_set_cond (n, ctx->p->d, wsize, (borrow != 0UL));
+  _gcry_mpih_add_n (wp, wp, n, wsize);
+  wp[LIMB_SIZE_25519-1] &= ~(1UL << (255 % BITS_PER_MPI_LIMB));
+}
+
+static void
+ec_subm_25519 (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx)
+{
+  mpi_ptr_t wp, up, vp;
+  mpi_size_t wsize = LIMB_SIZE_25519;
+  mpi_limb_t n[LIMB_SIZE_25519];
+  mpi_limb_t borrow;
+
+  if (w->alloced != wsize || u->alloced != wsize || v->alloced != wsize)
+    log_bug ("subm_25519: different sizes\n");
+
+  memset (n, 0, sizeof n);
+  up = u->d;
+  vp = v->d;
+  wp = w->d;
+
+  borrow = _gcry_mpih_sub_n (wp, up, vp, wsize);
+  mpih_set_cond (n, ctx->p->d, wsize, (borrow != 0UL));
+  _gcry_mpih_add_n (wp, wp, n, wsize);
+  wp[LIMB_SIZE_25519-1] &= ~(1UL << (255 % BITS_PER_MPI_LIMB));
+}
+
+static void
+ec_mulm_25519 (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx)
+{
+  mpi_ptr_t wp, up, vp;
+  mpi_size_t wsize = LIMB_SIZE_25519;
+  mpi_limb_t n[LIMB_SIZE_25519*2];
+  mpi_limb_t m[LIMB_SIZE_25519+1];
+  mpi_limb_t cy;
+  int msb;
+
+  (void)ctx;
+  if (w->alloced != wsize || u->alloced != wsize || v->alloced != wsize)
+    log_bug ("mulm_25519: different sizes\n");
+
+  up = u->d;
+  vp = v->d;
+  wp = w->d;
+
+  _gcry_mpih_mul_n (n, up, vp, wsize);
+  memcpy (wp, n, wsize * BYTES_PER_MPI_LIMB);
+  wp[LIMB_SIZE_25519-1] &= ~(1UL << (255 % BITS_PER_MPI_LIMB));
+
+  memcpy (m, n+LIMB_SIZE_25519-1, (wsize+1) * BYTES_PER_MPI_LIMB);
+  _gcry_mpih_rshift (m, m, LIMB_SIZE_25519+1, (255 % BITS_PER_MPI_LIMB));
+
+  memcpy (n, m, wsize * BYTES_PER_MPI_LIMB);
+  cy = _gcry_mpih_lshift (m, m, LIMB_SIZE_25519, 4);
+  m[LIMB_SIZE_25519] = cy;
+  cy = _gcry_mpih_add_n (m, m, n, wsize);
+  m[LIMB_SIZE_25519] += cy;
+  cy = _gcry_mpih_add_n (m, m, n, wsize);
+  m[LIMB_SIZE_25519] += cy;
+  cy = _gcry_mpih_add_n (m, m, n, wsize);
+  m[LIMB_SIZE_25519] += cy;
+
+  cy = _gcry_mpih_add_n (wp, wp, m, wsize);
+  m[LIMB_SIZE_25519] += cy;
+
+  memset (m, 0, wsize * BYTES_PER_MPI_LIMB);
+  m[0] = m[LIMB_SIZE_25519] * 2 * 19;
+  cy = _gcry_mpih_add_n (wp, wp, m, wsize);
+
+  msb = (wp[LIMB_SIZE_25519-1] >> (255 % BITS_PER_MPI_LIMB));
+  m[0] = (cy * 2 + msb) * 19;
+  _gcry_mpih_add_n (wp, wp, m, wsize);
+  wp[LIMB_SIZE_25519-1] &= ~(1UL << (255 % BITS_PER_MPI_LIMB));
+}
 
+static void
+ec_mul2_25519 (gcry_mpi_t w, gcry_mpi_t u, mpi_ec_t ctx)
+{
+  ec_addm_25519 (w, u, u, ctx);
+}
 
+static void
+ec_pow2_25519 (gcry_mpi_t w, const gcry_mpi_t b, mpi_ec_t ctx)
+{
+  ec_mulm_25519 (w, b, b, ctx);
+}
+
+struct field_table {
+  const char *p;
+
+  /* computation routines for the field.  */
+  void (* mod) (gcry_mpi_t w, mpi_ec_t ctx);
+  void (* addm) (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx);
+  void (* subm) (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx);
+  void (* mulm) (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx);
+  void (* mul2) (gcry_mpi_t w, gcry_mpi_t u, mpi_ec_t ctx);
+  void (* pow2) (gcry_mpi_t w, const gcry_mpi_t b, mpi_ec_t ctx);
+};
+
+static const struct field_table field_table[] = {
+  {
+    "0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED",
+    ec_mod_25519,
+    ec_addm_25519,
+    ec_subm_25519,
+    ec_mulm_25519,
+    ec_mul2_25519,
+    ec_pow2_25519
+  },
+  { NULL, NULL, NULL, NULL, NULL, NULL, NULL },
+};
+

 /* Force recomputation of all helper variables.  */
 void
 _gcry_mpi_ec_get_reset (mpi_ec_t ec)
@@ -442,8 +607,35 @@ ec_p_init (mpi_ec_t ctx, enum gcry_mpi_ec_models model,
   ctx->addm = ec_addm;
   ctx->subm = ec_subm;
   ctx->mulm = ec_mulm;
-  ctx->pow2 = ec_pow2;
   ctx->mul2 = ec_mul2;
+  ctx->pow2 = ec_pow2;
+
+  for (i=0; field_table[i].p; i++)
+    {
+      gcry_mpi_t f_p;
+      gpg_err_code_t rc;
+
+      rc = _gcry_mpi_scan (&f_p, GCRYMPI_FMT_HEX, field_table[i].p, 0, NULL);
+      if (rc)
+        log_fatal ("scanning ECC parameter failed: %s\n", gpg_strerror (rc));
+
+      if (!mpi_cmp (p, f_p))
+        {
+          ctx->mod = field_table[i].mod;
+          ctx->addm = field_table[i].addm;
+          ctx->subm = field_table[i].subm;
+          ctx->mulm = field_table[i].mulm;
+          ctx->mul2 = field_table[i].mul2;
+          ctx->pow2 = field_table[i].pow2;
+          _gcry_mpi_release (f_p);
+
+          mpi_resize (ctx->a, ctx->p->nlimbs);
+          ctx->a->nlimbs = ctx->p->nlimbs;
+          break;
+        }
+
+      _gcry_mpi_release (f_p);
+    }
 
   /* Prepare for fast reduction.  */
   /* FIXME: need a test for NIST values.  However it does not gain us
@@ -1334,6 +1526,7 @@ _gcry_mpi_ec_mul_point (mpi_point_t result,
       mpi_point_struct p1_, p2_;
       mpi_point_t q1, q2, prd, sum;
       unsigned long sw;
+      mpi_size_t rsize;
 
       /* Compute scalar point multiplication with Montgomery Ladder.
          Note that we don't use Y-coordinate in the points at all.
@@ -1354,6 +1547,9 @@ _gcry_mpi_ec_mul_point (mpi_point_t result,
       point_resize (&p1_, ctx);
       point_resize (&p2_, ctx);
 
+      mpi_resize (point->x, ctx->p->nlimbs);
+      point->x->nlimbs = ctx->p->nlimbs;
+
       q1 = &p1;
       q2 = &p2;
       prd = &p1_;
@@ -1375,7 +1571,9 @@ _gcry_mpi_ec_mul_point (mpi_point_t result,
       sw = (nbits & 1);
       point_swap_cond (&p1, &p1_, sw, ctx);
 
-      if (p1.z->nlimbs == 0)
+      rsize = p1.z->nlimbs;
+      MPN_NORMALIZE (p1.z->d, rsize);
+      if (rsize == 0)
         {
           mpi_set_ui (result->x, 1);
           mpi_set_ui (result->z, 0);

-----------------------------------------------------------------------

Summary of changes:
 mpi/ec.c | 224 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 211 insertions(+), 13 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Aug 23 03:24:18 2017
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Wed, 23 Aug 2017 03:24:18 +0200
Subject: [git] GCRYPT - branch, gniibe-T3358,
 updated. libgcrypt-1.8.0-15-gaeca1f0
Message-ID: <E1dkKP4-0004Ae-Vd@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, gniibe-T3358 has been updated
       via  aeca1f0afc9091dab9fe1f018ea600064531ccf0 (commit)
      from  02444ab2addeaf9b41aa1bed82cfc7b1ca67404f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit aeca1f0afc9091dab9fe1f018ea600064531ccf0
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Wed Aug 23 10:22:21 2017 +0900

    ecc: Fix ec_mulm_25519.
    
    * mpi/ec.c (ec_mulm_25519): Fix the cases of 0 to 18.
    
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/mpi/ec.c b/mpi/ec.c
index 6f7df27..21cf78b 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -479,6 +479,11 @@ ec_mulm_25519 (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx)
   m[0] = (cy * 2 + msb) * 19;
   _gcry_mpih_add_n (wp, wp, m, wsize);
   wp[LIMB_SIZE_25519-1] &= ~(1UL << (255 % BITS_PER_MPI_LIMB));
+
+  m[0] = 0;
+  cy = _gcry_mpih_sub_n (wp, wp, ctx->p->d, wsize);
+  mpih_set_cond (m, ctx->p->d, wsize, (cy != 0UL));
+  _gcry_mpih_add_n (wp, wp, m, wsize);
 }
 
 static void

-----------------------------------------------------------------------

Summary of changes:
 mpi/ec.c | 5 +++++
 1 file changed, 5 insertions(+)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Aug 23 04:12:51 2017
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Wed, 23 Aug 2017 04:12:51 +0200
Subject: [git] GCRYPT - branch, gniibe-T3358,
 updated. libgcrypt-1.8.0-16-g2b1ba75
Message-ID: <E1dkLA3-00059h-EE@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, gniibe-T3358 has been updated
       via  2b1ba75e108c90d69bbf7cf161def06763d22e48 (commit)
      from  aeca1f0afc9091dab9fe1f018ea600064531ccf0 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 2b1ba75e108c90d69bbf7cf161def06763d22e48
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Wed Aug 23 11:11:17 2017 +0900

    ecc: Relax condition for 25519 computations.
    
    * mpi/ec.c (ec_addm_25519, ec_subm_25519, ec_mulm_25519): Check number
    of limbs, allocated more is OK.
    
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/mpi/ec.c b/mpi/ec.c
index 21cf78b..c6419ba 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -396,7 +396,7 @@ ec_addm_25519 (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx)
   mpi_limb_t n[LIMB_SIZE_25519];
   mpi_limb_t borrow;
 
-  if (w->alloced != wsize || u->alloced != wsize || v->alloced != wsize)
+  if (w->nlimbs != wsize || u->nlimbs != wsize || v->nlimbs != wsize)
     log_bug ("addm_25519: different sizes\n");
 
   memset (n, 0, sizeof n);
@@ -419,7 +419,7 @@ ec_subm_25519 (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx)
   mpi_limb_t n[LIMB_SIZE_25519];
   mpi_limb_t borrow;
 
-  if (w->alloced != wsize || u->alloced != wsize || v->alloced != wsize)
+  if (w->nlimbs != wsize || u->nlimbs != wsize || v->nlimbs != wsize)
     log_bug ("subm_25519: different sizes\n");
 
   memset (n, 0, sizeof n);
@@ -444,7 +444,7 @@ ec_mulm_25519 (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx)
   int msb;
 
   (void)ctx;
-  if (w->alloced != wsize || u->alloced != wsize || v->alloced != wsize)
+  if (w->nlimbs != wsize || u->nlimbs != wsize || v->nlimbs != wsize)
     log_bug ("mulm_25519: different sizes\n");
 
   up = u->d;

-----------------------------------------------------------------------

Summary of changes:
 mpi/ec.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Aug 23 05:45:24 2017
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Wed, 23 Aug 2017 05:45:24 +0200
Subject: [git] GCRYPT - branch, gniibe-T3358,
 updated. libgcrypt-1.8.0-17-gf6a34d8
Message-ID: <E1dkMbc-0005yu-Co@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, gniibe-T3358 has been updated
       via  f6a34d84aeb2c93802de5ca9cc488014a6e8eb1e (commit)
      from  2b1ba75e108c90d69bbf7cf161def06763d22e48 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit f6a34d84aeb2c93802de5ca9cc488014a6e8eb1e
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Wed Aug 23 12:43:38 2017 +0900

    ecc: Clean up curve specific method support.
    
    * src/ec-context.h (struct mpi_ec_ctx_s): Remove MOD method.
    * mpi/ec.c (ec_mod_25519): Remove.
    (ec_p_init): Follow the removal of the MOD method.
    
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/mpi/ec.c b/mpi/ec.c
index c6419ba..fac369b 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -380,12 +380,6 @@ mpih_set_cond (mpi_ptr_t wp, mpi_ptr_t up, mpi_size_t usize, unsigned long set)
 
 /* Routines for 2^255 - 19.  */
 
-static void
-ec_mod_25519 (gcry_mpi_t w, mpi_ec_t ec)
-{
-  _gcry_mpi_mod (w, w, ec->p);
-}
-
 #define LIMB_SIZE_25519 ((256+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB)
 
 static void
@@ -502,7 +496,6 @@ struct field_table {
   const char *p;
 
   /* computation routines for the field.  */
-  void (* mod) (gcry_mpi_t w, mpi_ec_t ctx);
   void (* addm) (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx);
   void (* subm) (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx);
   void (* mulm) (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx);
@@ -513,14 +506,13 @@ struct field_table {
 static const struct field_table field_table[] = {
   {
     "0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED",
-    ec_mod_25519,
     ec_addm_25519,
     ec_subm_25519,
     ec_mulm_25519,
     ec_mul2_25519,
     ec_pow2_25519
   },
-  { NULL, NULL, NULL, NULL, NULL, NULL, NULL },
+  { NULL, NULL, NULL, NULL, NULL, NULL },
 };
 

 /* Force recomputation of all helper variables.  */
@@ -608,7 +600,6 @@ ec_p_init (mpi_ec_t ctx, enum gcry_mpi_ec_models model,
   for (i=0; i< DIM(ctx->t.scratch); i++)
     ctx->t.scratch[i] = mpi_alloc_like (ctx->p);
 
-  ctx->mod = ec_mod;
   ctx->addm = ec_addm;
   ctx->subm = ec_subm;
   ctx->mulm = ec_mulm;
@@ -626,7 +617,6 @@ ec_p_init (mpi_ec_t ctx, enum gcry_mpi_ec_models model,
 
       if (!mpi_cmp (p, f_p))
         {
-          ctx->mod = field_table[i].mod;
           ctx->addm = field_table[i].addm;
           ctx->subm = field_table[i].subm;
           ctx->mulm = field_table[i].mulm;
diff --git a/src/ec-context.h b/src/ec-context.h
index 18b26a5..e48ef6f 100644
--- a/src/ec-context.h
+++ b/src/ec-context.h
@@ -68,7 +68,6 @@ struct mpi_ec_ctx_s
   } t;
 
   /* Curve specific computation routines for the field.  */
-  void (* mod) (gcry_mpi_t w, mpi_ec_t ec);
   void (* addm) (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx);
   void (* subm) (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ec);
   void (* mulm) (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx);

-----------------------------------------------------------------------

Summary of changes:
 mpi/ec.c         | 12 +-----------
 src/ec-context.h |  1 -
 2 files changed, 1 insertion(+), 12 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Aug 23 05:51:31 2017
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Wed, 23 Aug 2017 05:51:31 +0200
Subject: [git] GCRYPT - branch, gniibe-T3358,
 updated. libgcrypt-1.8.0-18-g5bbe5e9
Message-ID: <E1dkMhX-0007UK-B7@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, gniibe-T3358 has been updated
       via  5bbe5e9505b93e7fac94cbaa8464b94a634faf5b (commit)
      from  f6a34d84aeb2c93802de5ca9cc488014a6e8eb1e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 5bbe5e9505b93e7fac94cbaa8464b94a634faf5b
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Wed Aug 23 12:46:20 2017 +0900

    ecc: Use 25519 method also for ed25519.
    
    * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Don't use mpi_add
    since it resizes to have more limbs.
    * mpi/ec.c (point_resize): Fix for Edwards curve.
    (ec_p_init): Support Edwards curve.
    (_gcry_mpi_ec_get_affine): Use the methods.
    (dup_point_edwards, add_points_edwards, sub_points_edwards): Ditto.
    (_gcry_mpi_ec_mul_point): Resize MPIs of point to fixed size.
    (_gcry_mpi_ec_curve_point): Use the methods.
    
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/cipher/Makefile.am b/cipher/Makefile.am
index 95c4510..ee99262 100644
--- a/cipher/Makefile.am
+++ b/cipher/Makefile.am
@@ -21,7 +21,7 @@
 
 # Need to include ../src in addition to top_srcdir because gcrypt.h is
 # a built header.
-AM_CPPFLAGS = -I../src -I$(top_srcdir)/src
+AM_CPPFLAGS = -I../src -I$(top_srcdir)/src -I../mpi -I$(top_srcdir)/mpi
 AM_CFLAGS = $(GPG_ERROR_CFLAGS)
 
 AM_CCASFLAGS = $(NOEXECSTACK_FLAGS)
diff --git a/cipher/ecc-curves.c b/cipher/ecc-curves.c
index 3488ed3..86d0b4e 100644
--- a/cipher/ecc-curves.c
+++ b/cipher/ecc-curves.c
@@ -26,6 +26,7 @@
 
 #include "g10lib.h"
 #include "mpi.h"
+#include "mpi-internal.h"
 #include "cipher.h"
 #include "context.h"
 #include "ec-context.h"
@@ -563,13 +564,25 @@ _gcry_ecc_fill_in_curve (unsigned int nbits, const char *name,
         {
           curve->a = scanval (domain_parms[idx].a);
           if (curve->a->sign)
-            mpi_add (curve->a, curve->p, curve->a);
+            {
+              mpi_resize (curve->a, curve->p->nlimbs);
+              _gcry_mpih_sub_n (curve->a->d, curve->p->d,
+                                curve->a->d, curve->p->nlimbs);
+              curve->a->nlimbs = curve->p->nlimbs;
+              curve->a->sign = 0;
+            }
         }
       if (!curve->b)
         {
           curve->b = scanval (domain_parms[idx].b);
           if (curve->b->sign)
-            mpi_add (curve->b, curve->p, curve->b);
+            {
+              mpi_resize (curve->b, curve->p->nlimbs);
+              _gcry_mpih_sub_n (curve->b->d, curve->p->d,
+                                curve->b->d, curve->p->nlimbs);
+              curve->b->nlimbs = curve->p->nlimbs;
+              curve->b->sign = 0;
+            }
         }
       if (!curve->n)
         curve->n = scanval (domain_parms[idx].n);
diff --git a/mpi/ec.c b/mpi/ec.c
index fac369b..7a56112 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -156,28 +156,17 @@ _gcry_mpi_point_copy (gcry_mpi_point_t point)
 static void
 point_resize (mpi_point_t p, mpi_ec_t ctx)
 {
-  size_t nlimbs;
+  size_t nlimbs = ctx->p->nlimbs;
 
-  if (ctx->model == MPI_EC_MONTGOMERY)
-    {
-      nlimbs = ctx->p->nlimbs;
+  mpi_resize (p->x, nlimbs);
+  p->x->nlimbs = nlimbs;
+  mpi_resize (p->z, nlimbs);
+  p->z->nlimbs = nlimbs;
 
-      mpi_resize (p->x, nlimbs);
-      mpi_resize (p->z, nlimbs);
-      p->x->nlimbs = nlimbs;
-      p->z->nlimbs = nlimbs;
-    }
-  else
+  if (ctx->model != MPI_EC_MONTGOMERY)
     {
-      /*
-       * For now, we allocate enough limbs for our EC computation of ec_*.
-       * Once we will improve ec_* to be constant size (and constant
-       * time), NLIMBS can be ctx->p->nlimbs.
-       */
-      nlimbs = 2*ctx->p->nlimbs+1;
-      mpi_resize (p->x, nlimbs);
       mpi_resize (p->y, nlimbs);
-      mpi_resize (p->z, nlimbs);
+      p->y->nlimbs = nlimbs;
     }
 }
 
@@ -626,6 +615,13 @@ ec_p_init (mpi_ec_t ctx, enum gcry_mpi_ec_models model,
 
           mpi_resize (ctx->a, ctx->p->nlimbs);
           ctx->a->nlimbs = ctx->p->nlimbs;
+
+          mpi_resize (ctx->b, ctx->p->nlimbs);
+          ctx->b->nlimbs = ctx->p->nlimbs;
+
+          for (i=0; i< DIM(ctx->t.scratch); i++)
+            ctx->t.scratch[i]->nlimbs = ctx->p->nlimbs;
+
           break;
         }
 
@@ -878,10 +874,21 @@ _gcry_mpi_ec_get_affine (gcry_mpi_t x, gcry_mpi_t y, mpi_point_t point,
         z = mpi_new (0);
         ec_invm (z, point->z, ctx);
 
+        mpi_resize (z, ctx->p->nlimbs);
+        z->nlimbs = ctx->p->nlimbs;
+
         if (x)
-          ec_mulm (x, point->x, z, ctx);
+          {
+            mpi_resize (x, ctx->p->nlimbs);
+            x->nlimbs = ctx->p->nlimbs;
+            ctx->mulm (x, point->x, z, ctx);
+          }
         if (y)
-          ec_mulm (y, point->y, z, ctx);
+          {
+            mpi_resize (y, ctx->p->nlimbs);
+            y->nlimbs = ctx->p->nlimbs;
+            ctx->mulm (y, point->y, z, ctx);
+          }
 
         _gcry_mpi_release (z);
       }
@@ -1010,41 +1017,41 @@ dup_point_edwards (mpi_point_t result, mpi_point_t point, mpi_ec_t ctx)
   /* Compute: (X_3 : Y_3 : Z_3) = 2( X_1 : Y_1 : Z_1 ) */
 
   /* B = (X_1 + Y_1)^2  */
-  ec_addm (B, X1, Y1, ctx);
-  ec_pow2 (B, B, ctx);
+  ctx->addm (B, X1, Y1, ctx);
+  ctx->pow2 (B, B, ctx);
 
   /* C = X_1^2 */
   /* D = Y_1^2 */
-  ec_pow2 (C, X1, ctx);
-  ec_pow2 (D, Y1, ctx);
+  ctx->pow2 (C, X1, ctx);
+  ctx->pow2 (D, Y1, ctx);
 
   /* E = aC */
   if (ctx->dialect == ECC_DIALECT_ED25519)
-    mpi_sub (E, ctx->p, C);
+    ctx->subm (E, ctx->p, C, ctx);
   else
-    ec_mulm (E, ctx->a, C, ctx);
+    ctx->mulm (E, ctx->a, C, ctx);
 
   /* F = E + D */
-  ec_addm (F, E, D, ctx);
+  ctx->addm (F, E, D, ctx);
 
   /* H = Z_1^2 */
-  ec_pow2 (H, Z1, ctx);
+  ctx->pow2 (H, Z1, ctx);
 
   /* J = F - 2H */
-  ec_mul2 (J, H, ctx);
-  ec_subm (J, F, J, ctx);
+  ctx->mul2 (J, H, ctx);
+  ctx->subm (J, F, J, ctx);
 
   /* X_3 = (B - C - D) ? J */
-  ec_subm (X3, B, C, ctx);
-  ec_subm (X3, X3, D, ctx);
-  ec_mulm (X3, X3, J, ctx);
+  ctx->subm (X3, B, C, ctx);
+  ctx->subm (X3, X3, D, ctx);
+  ctx->mulm (X3, X3, J, ctx);
 
   /* Y_3 = F ? (E - D) */
-  ec_subm (Y3, E, D, ctx);
-  ec_mulm (Y3, Y3, F, ctx);
+  ctx->subm (Y3, E, D, ctx);
+  ctx->mulm (Y3, Y3, F, ctx);
 
   /* Z_3 = F ? J */
-  ec_mulm (Z3, F, J, ctx);
+  ctx->mulm (Z3, F, J, ctx);
 
 #undef X1
 #undef Y1
@@ -1262,54 +1269,56 @@ add_points_edwards (mpi_point_t result,
 #define G (ctx->t.scratch[6])
 #define tmp (ctx->t.scratch[7])
 
+  point_resize (result, ctx);
+
   /* Compute: (X_3 : Y_3 : Z_3) = (X_1 : Y_1 : Z_1) + (X_2 : Y_2 : Z_3)  */
 
   /* A = Z1 ? Z2 */
-  ec_mulm (A, Z1, Z2, ctx);
+  ctx->mulm (A, Z1, Z2, ctx);
 
   /* B = A^2 */
-  ec_pow2 (B, A, ctx);
+  ctx->pow2 (B, A, ctx);
 
   /* C = X1 ? X2 */
-  ec_mulm (C, X1, X2, ctx);
+  ctx->mulm (C, X1, X2, ctx);
 
   /* D = Y1 ? Y2 */
-  ec_mulm (D, Y1, Y2, ctx);
+  ctx->mulm (D, Y1, Y2, ctx);
 
   /* E = d ? C ? D */
-  ec_mulm (E, ctx->b, C, ctx);
-  ec_mulm (E, E, D, ctx);
+  ctx->mulm (E, ctx->b, C, ctx);
+  ctx->mulm (E, E, D, ctx);
 
   /* F = B - E */
-  ec_subm (F, B, E, ctx);
+  ctx->subm (F, B, E, ctx);
 
   /* G = B + E */
-  ec_addm (G, B, E, ctx);
+  ctx->addm (G, B, E, ctx);
 
   /* X_3 = A ? F ? ((X_1 + Y_1) ? (X_2 + Y_2) - C - D) */
-  ec_addm (tmp, X1, Y1, ctx);
-  ec_addm (X3, X2, Y2, ctx);
-  ec_mulm (X3, X3, tmp, ctx);
-  ec_subm (X3, X3, C, ctx);
-  ec_subm (X3, X3, D, ctx);
-  ec_mulm (X3, X3, F, ctx);
-  ec_mulm (X3, X3, A, ctx);
+  ctx->addm (tmp, X1, Y1, ctx);
+  ctx->addm (X3, X2, Y2, ctx);
+  ctx->mulm (X3, X3, tmp, ctx);
+  ctx->subm (X3, X3, C, ctx);
+  ctx->subm (X3, X3, D, ctx);
+  ctx->mulm (X3, X3, F, ctx);
+  ctx->mulm (X3, X3, A, ctx);
 
   /* Y_3 = A ? G ? (D - aC) */
   if (ctx->dialect == ECC_DIALECT_ED25519)
     {
-      ec_addm (Y3, D, C, ctx);
+      ctx->addm (Y3, D, C, ctx);
     }
   else
     {
-      ec_mulm (Y3, ctx->a, C, ctx);
-      ec_subm (Y3, D, Y3, ctx);
+      ctx->mulm (Y3, ctx->a, C, ctx);
+      ctx->subm (Y3, D, Y3, ctx);
     }
-  ec_mulm (Y3, Y3, G, ctx);
-  ec_mulm (Y3, Y3, A, ctx);
+  ctx->mulm (Y3, Y3, G, ctx);
+  ctx->mulm (Y3, Y3, A, ctx);
 
   /* Z_3 = F ? G */
-  ec_mulm (Z3, F, G, ctx);
+  ctx->mulm (Z3, F, G, ctx);
 
 
 #undef X1
@@ -1420,7 +1429,7 @@ sub_points_edwards (mpi_point_t result,
 {
   mpi_point_t p2i = _gcry_mpi_point_new (0);
   point_set (p2i, p2);
-  mpi_sub (p2i->x, ctx->p, p2i->x);
+  ctx->subm (p2i->x, ctx->p, p2i->x, ctx);
   add_points_edwards (result, p1, p2i, ctx);
   _gcry_mpi_point_release (p2i);
 }
@@ -1484,6 +1493,7 @@ _gcry_mpi_ec_mul_point (mpi_point_t result,
           mpi_set_ui (result->x, 0);
           mpi_set_ui (result->y, 1);
           mpi_set_ui (result->z, 1);
+          point_resize (point, ctx);
         }
 
       if (mpi_is_secure (scalar))
@@ -1505,6 +1515,12 @@ _gcry_mpi_ec_mul_point (mpi_point_t result,
         }
       else
         {
+          if (ctx->model == MPI_EC_EDWARDS)
+            {
+              point_resize (result, ctx);
+              point_resize (point, ctx);
+            }
+
           for (j=nbits-1; j >= 0; j--)
             {
               _gcry_mpi_ec_dup_point (result, result, ctx);
@@ -1747,19 +1763,21 @@ _gcry_mpi_ec_curve_point (gcry_mpi_point_t point, mpi_ec_t ctx)
         if (_gcry_mpi_ec_get_affine (x, y, point, ctx))
           goto leave;
 
+        mpi_resize (w, ctx->p->nlimbs);
+        w->nlimbs = ctx->p->nlimbs;
+
         /* a ? x^2 + y^2 - 1 - b ? x^2 ? y^2 == 0 */
-        ec_pow2 (x, x, ctx);
-        ec_pow2 (y, y, ctx);
+        ctx->pow2 (x, x, ctx);
+        ctx->pow2 (y, y, ctx);
         if (ctx->dialect == ECC_DIALECT_ED25519)
-          mpi_sub (w, ctx->p, x);
+          ctx->subm (w, ctx->p, x, ctx);
         else
-          ec_mulm (w, ctx->a, x, ctx);
-        ec_addm (w, w, y, ctx);
-        ec_subm (w, w, mpi_const (MPI_C_ONE), ctx);
-        ec_mulm (x, x, y, ctx);
-        ec_mulm (x, x, ctx->b, ctx);
-        ec_subm (w, w, x, ctx);
-        if (!mpi_cmp_ui (w, 0))
+          ctx->mulm (w, ctx->a, x, ctx);
+        ctx->addm (w, w, y, ctx);
+        ctx->mulm (x, x, y, ctx);
+        ctx->mulm (x, x, ctx->b, ctx);
+        ctx->subm (w, w, x, ctx);
+        if (!mpi_cmp_ui (w, 1))
           res = 1;
       }
       break;

-----------------------------------------------------------------------

Summary of changes:
 cipher/Makefile.am  |   2 +-
 cipher/ecc-curves.c |  17 +++++-
 mpi/ec.c            | 154 +++++++++++++++++++++++++++++-----------------------
 3 files changed, 102 insertions(+), 71 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Aug 23 06:04:21 2017
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Wed, 23 Aug 2017 06:04:21 +0200
Subject: [git] GCRYPT - branch, gniibe-T3358,
 updated. libgcrypt-1.8.0-19-g8728d5e
Message-ID: <E1dkMtx-0000wA-K1@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, gniibe-T3358 has been updated
       via  8728d5e6cb18cc15f24d7188e7c4175913031977 (commit)
      from  5bbe5e9505b93e7fac94cbaa8464b94a634faf5b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 8728d5e6cb18cc15f24d7188e7c4175913031977
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Wed Aug 23 13:03:07 2017 +0900

    ecc: Fix ec_mulm_25519.
    
    * mpi/ec.c (ec_mulm_25519): Improve reduction to 25519.
    
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/mpi/ec.c b/mpi/ec.c
index 7a56112..eb71a63 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -455,13 +455,10 @@ ec_mulm_25519 (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx)
   m[LIMB_SIZE_25519] += cy;
 
   memset (m, 0, wsize * BYTES_PER_MPI_LIMB);
-  m[0] = m[LIMB_SIZE_25519] * 2 * 19;
-  cy = _gcry_mpih_add_n (wp, wp, m, wsize);
-
   msb = (wp[LIMB_SIZE_25519-1] >> (255 % BITS_PER_MPI_LIMB));
-  m[0] = (cy * 2 + msb) * 19;
-  _gcry_mpih_add_n (wp, wp, m, wsize);
+  m[0] = (m[LIMB_SIZE_25519] * 2 + msb) * 19;
   wp[LIMB_SIZE_25519-1] &= ~(1UL << (255 % BITS_PER_MPI_LIMB));
+  _gcry_mpih_add_n (wp, wp, m, wsize);
 
   m[0] = 0;
   cy = _gcry_mpih_sub_n (wp, wp, ctx->p->d, wsize);

-----------------------------------------------------------------------

Summary of changes:
 mpi/ec.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Aug 23 11:12:07 2017
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Wed, 23 Aug 2017 11:12:07 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.23-11-g6158811
Message-ID: <E1dkRhp-00060d-4v@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  6158811304937b592601ef30c29c5a5cdbaa88ea (commit)
      from  e6fa6b0ce823effd721c807b2b292287af91c642 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 6158811304937b592601ef30c29c5a5cdbaa88ea
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Wed Aug 23 11:02:28 2017 +0200

    agent: Fix string translation for Windows
    
    * agent/agent.h (L_): Define agent_Lunderscore when simple
    gettext is used.
    
    --
    This fixes a regression introduced by b3286af3 ENABLE_NLS
    is not defined if we use simple gettext and not gettext.
    
    GnuPG-Bug-Id: T3364
    Signed-off-by: Andre Heinecke <aheinecke at intevation.de>

diff --git a/agent/agent.h b/agent/agent.h
index 815d9a5..f5df75e 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -320,7 +320,7 @@ typedef int (*lookup_ttl_t)(const char *hexgrip);
    and uses that to translate a string according to the locale set for
    the connection.  The macro LunderscoreIMPL is used by i18n to
    actually define the inline function when needed.  */
-#ifdef ENABLE_NLS
+#if defined (ENABLE_NLS) || defined (USE_SIMPLE_GETTEXT)
 #define L_(a) agent_Lunderscore (ctrl, (a))
 #define LunderscorePROTO                                            \
   static inline const char *agent_Lunderscore (ctrl_t ctrl,         \

-----------------------------------------------------------------------

Summary of changes:
 agent/agent.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Aug 23 14:24:01 2017
From: cvs at cvs.gnupg.org (by Åka Sikrom)
Date: Wed, 23 Aug 2017 14:24:01 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.23-12-gfd0e5b6
Message-ID: <E1dkUhV-0006oX-Lo@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  fd0e5b60bed1cfc2aed7b2e13cc449f355eac051 (commit)
      from  6158811304937b592601ef30c29c5a5cdbaa88ea (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit fd0e5b60bed1cfc2aed7b2e13cc449f355eac051
Author: ?ka Sikrom <a4 at hush.com>
Date:   Wed Aug 23 14:19:01 2017 +0200

    po: Update Norwegian translation
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/po/nb.po b/po/nb.po
index 01de1b0..7a72323 100644
--- a/po/nb.po
+++ b/po/nb.po
@@ -1,25 +1,25 @@
 # Norwegian (bokm?l) translation of Gnu Privacy Guard.
-# Copyright (C) 2016 Free Software Foundation, Inc.
+# Copyright (C) 1998-2017 Free Software Foundation, Inc.
 # This file is distributed under the same license as the GnuPG package.
 # Trond Endrest?l <Trond.Endrestol at fagskolen.gjovik.no>, 2004.
-# ?ka Sikrom <a4 -at- hush -dot- com>, 2016.
+# ?ka Sikrom <a4 at hush.com>, 2016-2017.
 #
 # Send this file to:
 # translations at gnupg.org
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: GNU gnupg 2.1.14\n"
+"Project-Id-Version: GNU gnupg 2.1\n"
 "Report-Msgid-Bugs-To: translations at gnupg.org\n"
-"PO-Revision-Date: 2016-07-15 10:27+0100\n"
-"Last-Translator: ?ka Sikrom <a4 ?t hush d?t com>\n"
+"PO-Revision-Date: 2017-08-15 10:19+0200\n"
+"Last-Translator: ?ka Sikrom <a4 at hush.com>\n"
 "Language-Team: Norwegian Bokm?l <i18n-nb at lister.ping.uio.no>\n"
 "Language: nb\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "X-Launchpad-Export-Date: 2016-06-15 11:29+0000\n"
-"X-Generator: Poedit 1.5.4\n"
+"X-Generator: Poedit 1.8.7.1\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
 #, c-format
@@ -153,10 +153,9 @@ msgstr "ingen ssh-autentiseringn?kkel p? kort: %s\n"
 msgid "no suitable card key found: %s\n"
 msgstr "fant ingen passende kortn?kkel: %s\n"
 
-#, fuzzy, c-format
-#| msgid "error getting stored flags: %s\n"
+#, c-format
 msgid "error getting list of cards: %s\n"
-msgstr "feil under henting av lagrede valg: %s\n"
+msgstr "feil under henting av kortliste: %s\n"
 
 #, c-format
 msgid ""
@@ -305,10 +304,8 @@ msgstr "kj?r som bakgrunnsprosess (?daemon?)"
 msgid "run in server mode (foreground)"
 msgstr "kj?r i tjenermodus (forgrunn)"
 
-#, fuzzy
-#| msgid "run in server mode"
 msgid "run in supervised mode"
-msgstr "kj?r i tjenermodus"
+msgstr "kj?r i ?supervised? modus"
 
 msgid "verbose"
 msgstr "detaljert utskrift"
@@ -374,7 +371,7 @@ msgid "enable ssh support"
 msgstr "sl? p? ssh-st?tte"
 
 msgid "|ALGO|use ALGO to show ssh fingerprints"
-msgstr ""
+msgstr "|ALGO|bruk valgt ALGOritme til ? vise ssh-fingeravtrykk"
 
 msgid "enable putty support"
 msgstr "sl? p? st?tte for putty"
@@ -756,13 +753,11 @@ msgstr "Advarsel: utrygt eierskap til %s ?%s?\n"
 msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgstr "Advarsel: utrygge tillatelser til %s ?%s?\n"
 
-#, fuzzy, c-format
-#| msgid "waiting for the agent to come up ... (%ds)\n"
+#, c-format
 msgid "waiting for file '%s' to become accessible ...\n"
-msgstr "venter p? at agent skal dukke opp ? (%ds)\n"
+msgstr "venter p? at fila ?%s? skal bli tilgjengelig ?\n"
 
-#, fuzzy, c-format
-#| msgid "error renaming '%s' to '%s': %s\n"
+#, c-format
 msgid "renaming '%s' to '%s' failed: %s\n"
 msgstr "klarte ikke ? gi ?%s? det nye navnet ?%s?: %s\n"
 
@@ -1208,17 +1203,15 @@ msgid "WARNING: %s\n"
 msgstr "ADVARSEL: %s\n"
 
 msgid "Note: Outdated servers may lack important security fixes.\n"
-msgstr ""
+msgstr "Merk: Utdaterte tjenere kan mangle viktige sikkerhetsfunksjoner.\n"
 
-#, fuzzy, c-format
-#| msgid "Please use the command \"toggle\" first.\n"
+#, c-format
 msgid "Note: Use the command \"%s\" to restart them.\n"
-msgstr "Bruk kommandoen ?toggle? f?rst.\n"
+msgstr "Merk: Bruk kommandoen ?%s? for ? starte dem p? nytt.\n"
 
-#, fuzzy, c-format
-#| msgid "%s does not yet work with %s\n"
+#, c-format
 msgid "%s is not compliant with %s mode\n"
-msgstr "%s virker ikke enda med %s\n"
+msgstr "%s kan ikke brukes i %s-modus\n"
 
 #, c-format
 msgid "OpenPGP card not available: %s\n"
@@ -1571,15 +1564,13 @@ msgstr ""
 "ADVARSEL: tvungen bruk av symmetrisk krypt.metode %s (%d) bryter med "
 "mottakers oppsett\n"
 
-#, fuzzy, c-format
-#| msgid "you may not use cipher algorithm '%s' while in %s mode\n"
+#, c-format
 msgid "cipher algorithm '%s' may not be used in %s mode\n"
-msgstr "du kan ikke bruke krypteringsalgoritme ?%s? i %s-modus\n"
+msgstr "du kan ikke bruke algoritme ?%s? i %s-modus\n"
 
-#, fuzzy, c-format
-#| msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
+#, c-format
 msgid "WARNING: key %s is not suitable for encryption in %s mode\n"
-msgstr "ADVARSEL: valget ?%s%s? er utg?tt, og har ingen effekt\n"
+msgstr "ADVARSEL: n?kkel %s egner seg ikke for kryptering i %s-modus\n"
 
 #, c-format
 msgid ""
@@ -1597,10 +1588,9 @@ msgstr "tvungen bruk av krypt.metode %s (%d) bryter med mottakers oppsett\n"
 msgid "%s/%s encrypted for: \"%s\"\n"
 msgstr "%s/%s kryptert for: ?%s?\n"
 
-#, fuzzy, c-format
-#| msgid "you may not use %s while in %s mode\n"
+#, c-format
 msgid "option '%s' may not be used in %s mode\n"
-msgstr "du kan ikke bruke ?%s? i ?%s?-modus\n"
+msgstr "du kan ikke bruke valget ?%s? i %s-modus\n"
 
 #, c-format
 msgid "%s encrypted data\n"
@@ -1678,7 +1668,7 @@ msgid "remove as much as possible from key during export"
 msgstr "fjern s? mye som mulig fra n?kkelen under eksportering"
 
 msgid "use the GnuPG key backup format"
-msgstr ""
+msgstr "bruk GnuPG-format til sikkerhetskopiering av n?kkel"
 
 msgid " - skipped"
 msgstr ". Hoppet over"
@@ -1759,10 +1749,9 @@ msgstr "Ugyldig n?kkel %s gjort gyldig av --allow-non-selfsigned-uid\n"
 msgid "using subkey %s instead of primary key %s\n"
 msgstr "bruker undern?kkel %s i stedet for prim?rn?kkel %s\n"
 
-#, fuzzy, c-format
-#| msgid "invalid argument for option \"%.50s\"\n"
+#, c-format
 msgid "valid values for option '%s':\n"
-msgstr "ugyldig argument for valget ?%.50s?\n"
+msgstr "f?lgende verdier er gyldige for ?%s?:\n"
 
 msgid "make a signature"
 msgstr "lag signatur"
@@ -1812,10 +1801,8 @@ msgstr "legg til en ny bruker-ID raskt"
 msgid "quickly revoke a user-id"
 msgstr "opphev bruker-ID raskt"
 
-#, fuzzy
-#| msgid "quickly generate a new key pair"
 msgid "quickly set a new expiration date"
-msgstr "lag nytt n?kkelpar raskt"
+msgstr "endre utl?psdato raskt"
 
 msgid "full featured key pair generation"
 msgstr "fullverdig generering av n?kkelpar"
@@ -1920,16 +1907,6 @@ msgstr ""
 "@\n"
 "(Se bruksanvisning for en fullstendig liste over alle kommandoer og valg)\n"
 
-#, fuzzy
-#| msgid ""
-#| "@\n"
-#| "Examples:\n"
-#| "\n"
-#| " -se -r Bob [file]          sign and encrypt for user Bob\n"
-#| " --clear-sign [file]         make a clear text signature\n"
-#| " --detach-sign [file]       make a detached signature\n"
-#| " --list-keys [names]        show keys\n"
-#| " --fingerprint [names]      show fingerprints\n"
 msgid ""
 "@\n"
 "Examples:\n"
@@ -2100,10 +2077,9 @@ msgstr "Merk: %s er ikke ment for vanlig bruk.\n"
 msgid "'%s' is not a valid signature expiration\n"
 msgstr "?%s? er en ugyldig signatur-utl?pstid\n"
 
-#, fuzzy, c-format
-#| msgid "line %d: not a valid email address\n"
+#, c-format
 msgid "\"%s\" is not a proper mail address\n"
-msgstr "linje %d: ugyldig e-postadresse\n"
+msgstr "?%s? er en ugyldig e-postadresse\n"
 
 #, c-format
 msgid "invalid pinentry mode '%s'\n"
@@ -2267,15 +2243,13 @@ msgstr "ugyldig personlig oppsett av komprimeringsmetode\n"
 msgid "%s does not yet work with %s\n"
 msgstr "%s virker ikke enda med %s\n"
 
-#, fuzzy, c-format
-#| msgid "you may not use digest algorithm '%s' while in %s mode\n"
+#, c-format
 msgid "digest algorithm '%s' may not be used in %s mode\n"
-msgstr "du kan ikke bruke summeringsalgoritme ?%s? i %s-modus\n"
+msgstr "du kan ikke bruke algoritme ?%s? i %s-modus\n"
 
-#, fuzzy, c-format
-#| msgid "you may not use compression algorithm '%s' while in %s mode\n"
+#, c-format
 msgid "compression algorithm '%s' may not be used in %s mode\n"
-msgstr "du kan ikke bruke komprimeringsalgoritme ?%s? i ?%s?-modus\n"
+msgstr "du kan ikke bruke komprimeringsalgoritme ?%s? i %s-modus\n"
 
 #, c-format
 msgid "failed to initialize the TrustDB: %s\n"
@@ -2291,19 +2265,17 @@ msgstr "symmetrisk kryptering av ?%s? mislyktes: %s\n"
 msgid "you cannot use --symmetric --encrypt with --s2k-mode 0\n"
 msgstr "du kan ikke bruke ?--symmetric --encrypt? og ?--s2k-mode 0? samtidig\n"
 
-#, fuzzy, c-format
-#| msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+#, c-format
 msgid "you cannot use --symmetric --encrypt in %s mode\n"
-msgstr "du kan ikke velge ?--symmtric? og ?--encrypt? i ?%s?-modus\n"
+msgstr "du kan ikke velge --symmetric --encrypt i %s-modus\n"
 
 msgid "you cannot use --symmetric --sign --encrypt with --s2k-mode 0\n"
 msgstr ""
 "du kan ikke bruke ?--symmetric --sign --encrypt? og ?--s2k-mode 0? samtidig\n"
 
-#, fuzzy, c-format
-#| msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+#, c-format
 msgid "you cannot use --symmetric --sign --encrypt in %s mode\n"
-msgstr "du kan ikke velge ?--symmtric?, ?--sign? og ?--encrypt? i ?%s?-modus\n"
+msgstr "du kan ikke velge --symmetric --sign --encrypt i %s-modus\n"
 
 #, c-format
 msgid "keyserver send failed: %s\n"
@@ -2352,7 +2324,7 @@ msgstr ""
 "n?kkelgrep\n"
 
 msgid "WARNING: no command supplied.  Trying to guess what you mean ...\n"
-msgstr ""
+msgstr "ADVARSEL: ingen kommando valgt. Pr?ver ? gjette hva du mener ?\n"
 
 msgid "Go ahead and type your message ...\n"
 msgstr "Skriv inn melding ?\n"
@@ -2422,15 +2394,11 @@ msgstr "fjern s? mye som mulig fra n?kkel etter importering"
 msgid "run import filters and export key immediately"
 msgstr "kj?r importeringsfiltre og eksporter n?kkel umiddelbart"
 
-#, fuzzy
-#| msgid "assume input is in binary format"
 msgid "assume the GnuPG key backup format"
-msgstr "forvent inndata i bin?rformat"
+msgstr "forvent GnuPG-format p? sikkerhetskopierte n?kler"
 
-#, fuzzy
-#| msgid "show key during import"
 msgid "repair keys on import"
-msgstr "vis n?kkel under importering"
+msgstr "reparer n?kler under importering"
 
 #, c-format
 msgid "skipping block of type %d\n"
@@ -3257,20 +3225,16 @@ msgstr "oppdatering mislyktes: %s\n"
 msgid "Key not changed so no update needed.\n"
 msgstr "N?kkelen ble ikke endret, s? ingen oppdatering er n?dvendig.\n"
 
-#, fuzzy
-#| msgid "You can't delete the last user ID!\n"
 msgid "cannot revoke the last valid user ID.\n"
-msgstr "Du kan ikke slette siste bruker-ID.\n"
+msgstr "klarte ikke ? oppheve siste gyldige bruker-ID.\n"
 
-#, fuzzy, c-format
-#| msgid "checking the trust list failed: %s\n"
+#, c-format
 msgid "revoking the user ID failed: %s\n"
-msgstr "kontroll av tillitsliste mislyktes: %s\n"
+msgstr "opphevelse av bruker-id mislyktes: %s\n"
 
-#, fuzzy, c-format
-#| msgid "checking the trust list failed: %s\n"
+#, c-format
 msgid "setting the primary user ID failed: %s\n"
-msgstr "kontroll av tillitsliste mislyktes: %s\n"
+msgstr "endring av prim?r bruker-ID mislyktes: %s\n"
 
 #, c-format
 msgid "\"%s\" is not a fingerprint\n"
@@ -3290,20 +3254,17 @@ msgstr "Ingen treff p? bruker-id-er."
 msgid "Nothing to sign.\n"
 msgstr "Ingenting ? signere.\n"
 
-#, fuzzy, c-format
-#| msgid "'%s' is not a valid signature expiration\n"
+#, c-format
 msgid "'%s' is not a valid expiration time\n"
-msgstr "?%s? er en ugyldig signatur-utl?pstid\n"
+msgstr "?%s? er en ugyldig utl?pstid\n"
 
-#, fuzzy, c-format
-#| msgid "\"%s\" is not a fingerprint\n"
+#, c-format
 msgid "\"%s\" is not a proper fingerprint\n"
-msgstr "?%s? er ikke et fingeravtrykk\n"
+msgstr "?%s? er et ugyldig fingeravtrykk\n"
 
-#, fuzzy, c-format
-#| msgid "key \"%s\" not found\n"
+#, c-format
 msgid "subkey \"%s\" not found\n"
-msgstr "fant ikke n?kkelen ?%s?\n"
+msgstr "fant ikke undern?kkel ?%s?\n"
 
 msgid "Digest: "
 msgstr "Kontrollsum: "
@@ -3602,12 +3563,10 @@ msgstr "bruker-ID ?%s? er allerede opphevet\n"
 
 #, c-format
 msgid "WARNING: a user ID signature is dated %d seconds in the future\n"
-msgstr "ADVARSEL: en bruker-id-signatur er datert %d sekunder i fremtiden\n"
+msgstr "ADVARSEL: en bruker-id-signatur er datert %d sekunder i framtiden\n"
 
-#, fuzzy
-#| msgid "You can't delete the last user ID!\n"
 msgid "Cannot revoke the last valid user ID.\n"
-msgstr "Du kan ikke slette siste bruker-ID.\n"
+msgstr "Klarte ikke ? oppheve siste gyldige bruker-ID.\n"
 
 #, c-format
 msgid "Key %s is already revoked.\n"
@@ -3621,10 +3580,9 @@ msgstr "Undern?kkel %s er allerede opphevet.\n"
 msgid "Displaying %s photo ID of size %ld for key %s (uid %d)\n"
 msgstr "Viser %s foto-ID av st?rrelsen %ld for n?kkel %s (uid %d)\n"
 
-#, fuzzy, c-format
-#| msgid "invalid argument for option \"%.50s\"\n"
+#, c-format
 msgid "invalid value for option '%s'\n"
-msgstr "ugyldig argument for valget ?%.50s?\n"
+msgstr "ugyldig verdi for valg ?%s?\n"
 
 #, c-format
 msgid "preference '%s' duplicated\n"
@@ -3864,7 +3822,7 @@ msgid ""
 "However, it will be correctly handled up to 2106.\n"
 msgstr ""
 "Systemet ditt klarer ikke ? h?ndtere datoer etter 2038.\n"
-"Likevel h?ndteres det korrekt frem til 2106.\n"
+"Likevel h?ndteres det korrekt fram til 2106.\n"
 
 msgid "Is this correct? (y/N) "
 msgstr "Er dette korrekt (j/N)? "
@@ -4052,14 +4010,14 @@ msgstr ""
 msgid ""
 "key has been created %lu second in future (time warp or clock problem)\n"
 msgstr ""
-"n?kkel har blitt opprettet %lu sekund i fremtiden (time warp- eller "
+"n?kkel har blitt opprettet %lu sekund i framtiden (time warp- eller "
 "klokkeproblem)\n"
 
 #, c-format
 msgid ""
 "key has been created %lu seconds in future (time warp or clock problem)\n"
 msgstr ""
-"n?kkel har blitt opprettet %lu sekunder i fremtiden (time warp- eller "
+"n?kkel har blitt opprettet %lu sekunder i framtiden (time warp- eller "
 "klokkeproblem)\n"
 
 msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
@@ -4365,10 +4323,9 @@ msgstr "               bruker %s n?kkel %s\n"
 msgid "Signature made %s using %s key ID %s\n"
 msgstr "Signatur laget %s ved hjelp av %s-n?kkel ID %s\n"
 
-#, fuzzy, c-format
-#| msgid "                aka \"%s\""
+#, c-format
 msgid "               issuer \"%s\"\n"
-msgstr "                aka ?%s?"
+msgstr "                utsteder ?%s?\n"
 
 msgid "Key available at: "
 msgstr "N?kkel tilgjengelig ved: "
@@ -4380,11 +4337,9 @@ msgstr "[usikker]"
 msgid "                aka \"%s\""
 msgstr "                aka ?%s?"
 
-#, fuzzy, c-format
-#| msgid "WARNING: This key is not certified with a trusted signature!\n"
+#, c-format
 msgid "WARNING: This key is not suitable for signing in %s mode\n"
-msgstr ""
-"ADVARSEL: denne n?kkelen er ikke sertifisert med en tillitsverdig signatur.\n"
+msgstr "ADVARSEL: Denne n?kkelen egner seg ikke for signering i %s-modus\n"
 
 #, c-format
 msgid "Signature expired %s\n"
@@ -4744,24 +4699,18 @@ msgstr "Denne n?kkelen tilh?rer sannsynligvis navngitt bruker\n"
 msgid "This key belongs to us\n"
 msgstr "denne n?kkelen tilh?rer oss\n"
 
-#, fuzzy, c-format
-#| msgid "root certificate has now been marked as trusted\n"
+#, c-format
 msgid "%s: This key is bad!  It has been marked as untrusted!\n"
-msgstr "rotsertifikat er n? merket som troverdig\n"
+msgstr "%s: Denne n?kkelen er markert som up?litelig, og b?r ikke brukes.\n"
 
-#, fuzzy
-#| msgid ""
-#| "It is NOT certain that the key belongs to the person named\n"
-#| "in the user ID.  If you *really* know what you are doing,\n"
-#| "you may answer the next question with yes.\n"
 msgid ""
 "This key is bad!  It has been marked as untrusted!  If you\n"
 "*really* know what you are doing, you may answer the next\n"
 "question with yes.\n"
 msgstr ""
-"Det er IKKE sikkert at n?kkelen tilh?rer personen som er navngitt i\n"
-"bruker-id-en.  Hvis du *virkelig* vet hva du gj?r, kan du svare ja\n"
-"p? neste sp?rsm?l.\n"
+"Denne n?kkelen er markert som up?litelig, og b?r ikke brukes.\n"
+"Ikke svar ja p? neste sp?rsm?l med mindre du *virkelig* vet\n"
+"hva det inneb?rer.\n"
 
 msgid ""
 "It is NOT certain that the key belongs to the person named\n"
@@ -4924,10 +4873,9 @@ msgstr "klarte ikke ? ?pne signert data ?%s?\n"
 msgid "can't open signed data fd=%d: %s\n"
 msgstr "klarte ikke ? ?pne signert data fd=%d: ?%s?\n"
 
-#, fuzzy, c-format
-#| msgid "certificate is not usable for encryption\n"
+#, c-format
 msgid "key %s is not suitable for decryption in %s mode\n"
-msgstr "sertifikatet egner seg ikke til kryptering\n"
+msgstr "n?kkel %s egner seg ikke for dekryptering i %s-modus\n"
 
 #, c-format
 msgid "anonymous recipient; trying secret key %s ...\n"
@@ -5110,10 +5058,9 @@ msgstr ""
 msgid "WARNING: signature digest conflict in message\n"
 msgstr "ADVARSEL: konflikt med signatur-kontrollsum i melding\n"
 
-#, fuzzy, c-format
-#| msgid "you may not use %s while in %s mode\n"
+#, c-format
 msgid "key %s may not be used for signing in %s mode\n"
-msgstr "du kan ikke bruke ?%s? i ?%s?-modus\n"
+msgstr "du kan ikke bruke n?kkel %s til signering i %s-modus\n"
 
 #, c-format
 msgid "WARNING: signing subkey %s is not cross-certified\n"
@@ -5147,10 +5094,10 @@ msgid ""
 msgid_plural ""
 "key %s was created %lu seconds in the future (time warp or clock problem)\n"
 msgstr[0] ""
-"n?kkel %s ble opprettet %lu sekund i fremtiden (tidsforskyvnings- eller "
+"n?kkel %s ble opprettet %lu sekund i framtiden (tidsforskyvnings- eller "
 "klokkeproblem)\n"
 msgstr[1] ""
-"n?kkel %s ble opprettet %lu sekunder i fremtiden (tidsforskyvnings- eller "
+"n?kkel %s ble opprettet %lu sekunder i framtiden (tidsforskyvnings- eller "
 "klokkeproblem)\n"
 
 #, c-format
@@ -5158,10 +5105,10 @@ msgid "key %s was created %lu day in the future (time warp or clock problem)\n"
 msgid_plural ""
 "key %s was created %lu days in the future (time warp or clock problem)\n"
 msgstr[0] ""
-"n?kkel %s ble opprettet %lu dag i fremtiden (tidsforskyvnings- eller "
+"n?kkel %s ble opprettet %lu dag i framtiden (tidsforskyvnings- eller "
 "klokkeproblem)\n"
 msgstr[1] ""
-"n?kkel %s ble opprettet %lu dager i fremtiden (tidsforskyvnings- eller "
+"n?kkel %s ble opprettet %lu dager i framtiden (tidsforskyvnings- eller "
 "klokkeproblem)\n"
 
 #, c-format
@@ -5396,13 +5343,12 @@ msgstr "feil under reversering av transaksjon i TOFU-database: %s\n"
 msgid "unsupported TOFU database version: %s\n"
 msgstr "TOFU-databaseversjon st?ttes ikke: %s\n"
 
-#, fuzzy, c-format
-#| msgid "error creating temporary file: %s\n"
+#, c-format
 msgid "error creating 'ultimately_trusted_keys' TOFU table: %s\n"
-msgstr "feil under oppretting av midlertidig fil: %s\n"
+msgstr "feil under oppretting av TOFU-tabell ?ultimately_trusted_keys?: %s\n"
 
 msgid "TOFU DB error"
-msgstr ""
+msgstr "TOFU DB-feil"
 
 #, c-format
 msgid "error reading TOFU database: %s\n"
@@ -5416,14 +5362,13 @@ msgstr "klarte ikke ? kontrollere versjon av TOFU-database: %s\n"
 msgid "error initializing TOFU database: %s\n"
 msgstr "feil under oppstart av TOFU-database: %s\n"
 
-#, fuzzy, c-format
-#| msgid "error reading TOFU database: %s\n"
+#, c-format
 msgid "error creating 'encryptions' TOFU table: %s\n"
-msgstr "feil under lesing av TOFU-database: %s\n"
+msgstr "feil under oppretting av TOFU-tabell ?encryptions?: %s\n"
 
 #, c-format
 msgid "adding column effective_policy to bindings DB: %s\n"
-msgstr ""
+msgstr "legger til kolonne ?effective_policy? i tilknytningsdatabase: %s\n"
 
 #, c-format
 msgid "error opening TOFU database '%s': %s\n"
@@ -5433,44 +5378,35 @@ msgstr "feil under ?pning av TOFU-database ?%s?: %s\n"
 msgid "error updating TOFU database: %s\n"
 msgstr "feil under oppdatering av TOFU-database: %s\n"
 
-#, fuzzy, c-format
-#| msgid "The email address \"%s\" is associated with %d key:\n"
-#| msgid_plural "The email address \"%s\" is associated with %d keys:\n"
+#, c-format
 msgid ""
 "This is the first time the email address \"%s\" is being used with key %s."
-msgstr "E-postadressen ?%s? er tilknyttet %d n?kkel:\n"
+msgstr "Dette er f?rste gang e-postadressen ?%s? brukes med n?kkel %s."
 
-#, fuzzy, c-format
-#| msgid "The email address \"%s\" is associated with %d key:\n"
-#| msgid_plural "The email address \"%s\" is associated with %d keys:\n"
+#, c-format
 msgid "The email address \"%s\" is associated with %d key!"
 msgid_plural "The email address \"%s\" is associated with %d keys!"
-msgstr[0] "E-postadressen ?%s? er tilknyttet %d n?kkel:\n"
-msgstr[1] "E-postadressen ?%s? er tilknyttet %d n?kkel:\n"
+msgstr[0] "E-postadressen ?%s? er tilknyttet %d n?kkel."
+msgstr[1] "E-postadressen ?%s? er tilknyttet %d n?kler."
 
-#, fuzzy
-#| msgid ""
-#| "The key with fingerprint %s raised a conflict with the binding %s.  Since "
-#| "this binding's policy was 'auto', it was changed to 'ask'."
 msgid "  Since this binding's policy was 'auto', it has been changed to 'ask'."
 msgstr ""
-"N?kkel med fingeravtrykk %s for?rsaket konflikt med tilknytning %s. Siden "
-"regelen var ?auto? er den n? endret til ?ask? (sp?r)."
+"  Denne tilknytningsregelen var ?auto?, og er n? endret til ?ask? (sp?r)."
 
 #, c-format
 msgid ""
 "Please indicate whether this email address should be associated with key %s "
 "or whether you think someone is impersonating \"%s\"."
 msgstr ""
+"Velg om gjeldende e-postadresse skal knyttes til n?kkel %s eller om du tror "
+"noen pr?ver ? etterlikne ?%s?."
 
 #, c-format
 msgid "error gathering other user IDs: %s\n"
 msgstr "feil under henting av andre bruker-id-er: %s\n"
 
-#, fuzzy
-#| msgid "list key and user IDs"
 msgid "This key's user IDs:\n"
-msgstr "vis n?kler og bruker-id-er"
+msgstr "Bruker-id-er tilknyttet denne n?kkelen:\n"
 
 #, c-format
 msgid "policy: %s"
@@ -5493,101 +5429,73 @@ msgstr "Statistikk for n?kler med e-postadresse ?%s?:\n"
 msgid "this key"
 msgstr "denne n?kkelen"
 
-#, fuzzy, c-format
-#| msgid "Verified %ld messages signed by \"%s\"."
+#, c-format
 msgid "Verified %d message."
 msgid_plural "Verified %d messages."
-msgstr[0] "Bekreftet %ld meldinger signert av ?%s?."
-msgstr[1] "Bekreftet %ld meldinger signert av ?%s?."
+msgstr[0] "Bekreftet %d melding."
+msgstr[1] "Bekreftet %d meldinger."
 
-#, fuzzy, c-format
-#| msgid "encrypted with %lu passphrases\n"
+#, c-format
 msgid "Encrypted %d message."
 msgid_plural "Encrypted %d messages."
-msgstr[0] "kryptert med %lu passordfraser\n"
-msgstr[1] "kryptert med %lu passordfraser\n"
+msgstr[0] "Kryptert %d melding."
+msgstr[1] "Kryptert %d meldinger."
 
-#, fuzzy, c-format
-#| msgid "%ld message signed in the future."
-#| msgid_plural "%ld messages signed in the future."
+#, c-format
 msgid "Verified %d message in the future."
 msgid_plural "Verified %d messages in the future."
-msgstr[0] "%ld melding signert i fremtid."
-msgstr[1] "%ld meldinger signert i fremtid."
+msgstr[0] "Bekreftet %d melding i framtid."
+msgstr[1] "Bekreftet %d meldinger i framtid."
 
-#, fuzzy, c-format
-#| msgid "%ld message signed in the future."
-#| msgid_plural "%ld messages signed in the future."
+#, c-format
 msgid "Encrypted %d message in the future."
 msgid_plural "Encrypted %d messages in the future."
-msgstr[0] "%ld melding signert i fremtid."
-msgstr[1] "%ld meldinger signert i fremtid."
+msgstr[0] "Kryptert %d melding i framtid."
+msgstr[1] "%d meldinger signert i framtid."
 
-#, fuzzy, c-format
-#| msgid " over the past %ld day."
-#| msgid_plural " over the past %ld days."
+#, c-format
 msgid "Messages verified over the past %d day: %d."
 msgid_plural "Messages verified over the past %d days: %d."
-msgstr[0] " i l?pet av g?rsdagen (%ld)."
-msgstr[1] " i l?pet av de %ld siste dagene."
+msgstr[0] "Bekreftede meldinger i l?pet av siste %d dag: %d."
+msgstr[1] "Bekreftede meldinger i l?pet av siste %d dager: %d."
 
-#, fuzzy, c-format
-#| msgid " over the past %ld day."
-#| msgid_plural " over the past %ld days."
+#, c-format
 msgid "Messages encrypted over the past %d day: %d."
 msgid_plural "Messages encrypted over the past %d days: %d."
-msgstr[0] " i l?pet av g?rsdagen (%ld)."
-msgstr[1] " i l?pet av de %ld siste dagene."
+msgstr[0] "Krypterte meldinger i l?pet av siste %d dag: %d."
+msgstr[1] "Krypterte meldinger i l?pet av siste %d dager: %d."
 
-#, fuzzy, c-format
-#| msgid " over the past %ld month."
-#| msgid_plural " over the past %ld months."
+#, c-format
 msgid "Messages verified over the past %d month: %d."
 msgid_plural "Messages verified over the past %d months: %d."
-msgstr[0] " i l?pet av den siste m?neden (%ld)."
-msgstr[1] " i l?pet av de siste %ld m?nedene."
+msgstr[0] "Bekreftede meldinger i l?pet av siste %d m?ned: %d."
+msgstr[1] "Bekreftede meldinger i l?pet av siste %d m?neder: %d."
 
-#, fuzzy, c-format
-#| msgid " over the past %ld month."
-#| msgid_plural " over the past %ld months."
+#, c-format
 msgid "Messages encrypted over the past %d month: %d."
 msgid_plural "Messages encrypted over the past %d months: %d."
-msgstr[0] " i l?pet av den siste m?neden (%ld)."
-msgstr[1] " i l?pet av de siste %ld m?nedene."
+msgstr[0] "Krypterte meldinger i l?pet av siste %d m?ned: %d."
+msgstr[1] "Krypterte meldinger i l?pet av siste %d m?neder: %d."
 
-#, fuzzy, c-format
-#| msgid " over the past %ld day."
-#| msgid_plural " over the past %ld days."
+#, c-format
 msgid "Messages verified over the past %d year: %d."
 msgid_plural "Messages verified over the past %d years: %d."
-msgstr[0] " i l?pet av g?rsdagen (%ld)."
-msgstr[1] " i l?pet av de %ld siste dagene."
+msgstr[0] "Bekreftede meldinger i l?pet av siste %d ?r: %d."
+msgstr[1] "Bekreftede meldinger i l?pet av siste %d ?r: %d."
 
-#, fuzzy, c-format
-#| msgid " over the past %ld day."
-#| msgid_plural " over the past %ld days."
+#, c-format
 msgid "Messages encrypted over the past %d year: %d."
 msgid_plural "Messages encrypted over the past %d years: %d."
-msgstr[0] " i l?pet av g?rsdagen (%ld)."
-msgstr[1] " i l?pet av de %ld siste dagene."
+msgstr[0] "Krypterte meldinger i l?pet av siste %d ?r: %d."
+msgstr[1] "Krypterte meldinger i l?pet av siste %d ?r: %d."
 
-#, fuzzy, c-format
-#| msgid " over the past %ld day."
-#| msgid_plural " over the past %ld days."
+#, c-format
 msgid "Messages verified in the past: %d."
-msgstr " i l?pet av g?rsdagen (%ld)."
-
-#, fuzzy, c-format
-#| msgid ""
-#| "Verified %ld message signed by \"%s\"\n"
-#| "in the past %s."
-#| msgid_plural ""
-#| "Verified %ld messages signed by \"%s\"\n"
-#| "in the past %s."
+msgstr "Meldinger bekreftet f?r dette: %d."
+
+#, c-format
 msgid "Messages encrypted in the past: %d."
-msgstr ""
-"Bekreftet %ld melding signert av ?%s?\n"
-"siste %s."
+msgstr "Meldinger kryptert f?r dette: %d."
 
 #. TRANSLATORS: Please translate the text found in the source
 #. * file below.  We don't directly internationalize that text so
@@ -5605,173 +5513,111 @@ msgid "(G)ood, (A)ccept once, (U)nknown, (R)eject once, (B)ad? "
 msgstr "(G)od, (A)ksepter ?n gang, (U)kjent, (N)ekt ?n gang, (D)?rlig? "
 
 msgid "Defaulting to unknown.\n"
-msgstr ""
+msgstr "Bruker standardverdi (ukjent).\n"
 
 msgid "TOFU db corruption detected.\n"
-msgstr ""
+msgstr "Oppdaget ?delagt del av TOFU-database.\n"
 
-#, fuzzy, c-format
-#| msgid "error writing key: %s\n"
+#, c-format
 msgid "resetting keydb: %s\n"
-msgstr "feil under skriving av n?kkel: %s\n"
+msgstr "tilbakestiller n?kkeldatabase: %s\n"
 
-#, fuzzy, c-format
-#| msgid "error setting TOFU binding's trust level to %s\n"
+#, c-format
 msgid "error setting TOFU binding's policy to %s\n"
-msgstr "feil under endring av tillitsniv? for TOFU-tilknytning til %s\n"
+msgstr "feil under endring av regel for TOFU-tilknytning til %s\n"
 
 #, c-format
 msgid "error changing TOFU policy: %s\n"
 msgstr "feil under endring av TOFU-regler: %s\n"
 
-#, fuzzy, c-format
-#| msgid "%d~year"
-#| msgid_plural "%d~years"
+#, c-format
 msgid "%lld~year"
 msgid_plural "%lld~years"
-msgstr[0] "%d~?r"
-msgstr[1] "%d~?r"
+msgstr[0] "%lld~?r"
+msgstr[1] "%lld~?r"
 
-#, fuzzy, c-format
-#| msgid "%d~month"
-#| msgid_plural "%d~months"
+#, c-format
 msgid "%lld~month"
 msgid_plural "%lld~months"
-msgstr[0] "%d~m?ned"
-msgstr[1] "%d~m?neder"
+msgstr[0] "%lld~m?ned"
+msgstr[1] "%lld~m?neder"
 
 #, c-format
 msgid "%lld~week"
 msgid_plural "%lld~weeks"
-msgstr[0] ""
-msgstr[1] ""
+msgstr[0] "%lld~uke"
+msgstr[1] "%lld~uker"
 
-#, fuzzy, c-format
-#| msgid "%d~day"
-#| msgid_plural "%d~days"
+#, c-format
 msgid "%lld~day"
 msgid_plural "%lld~days"
-msgstr[0] "%d~dag"
-msgstr[1] "%d~dager"
+msgstr[0] "%lld~dag"
+msgstr[1] "%lld~dager"
 
-#, fuzzy, c-format
-#| msgid "%d~hour"
-#| msgid_plural "%d~hours"
+#, c-format
 msgid "%lld~hour"
 msgid_plural "%lld~hours"
-msgstr[0] "%d~time"
-msgstr[1] "%d~timer"
+msgstr[0] "%lld~time"
+msgstr[1] "%lld~timer"
 
-#, fuzzy, c-format
-#| msgid "%d~minute"
-#| msgid_plural "%d~minutes"
+#, c-format
 msgid "%lld~minute"
 msgid_plural "%lld~minutes"
-msgstr[0] "%d~minutt"
-msgstr[1] "%d~minutter"
+msgstr[0] "%lld~minutt"
+msgstr[1] "%lld~minutter"
 
-#, fuzzy, c-format
-#| msgid "%d~second"
-#| msgid_plural "%d~seconds"
+#, c-format
 msgid "%lld~second"
 msgid_plural "%lld~seconds"
-msgstr[0] "%d~sekund"
-msgstr[1] "%d~sekunder"
+msgstr[0] "%lld~sekund"
+msgstr[1] "%lld~sekunder"
 
-#, fuzzy, c-format
-#| msgid "TOFU: few signatures %d message %s"
-#| msgid_plural "TOFU: few signatures %d messages %s"
+#, c-format
 msgid "%s: Verified 0~signatures and encrypted 0~messages."
-msgstr "TOFU: f? signaturer %d melding %s"
+msgstr "%s: Bekreftet 0~signaturer og kryptert 0~meldinger."
 
-#, fuzzy, c-format
-#| msgid "Deleted %d signatures.\n"
+#, c-format
 msgid "%s: Verified 0 signatures."
-msgstr "Slettet %d signaturer.\n"
-
-#, fuzzy, c-format
-#| msgid ""
-#| "Verified %ld message signed by \"%s\"\n"
-#| "in the past %s."
-#| msgid_plural ""
-#| "Verified %ld messages signed by \"%s\"\n"
-#| "in the past %s."
+msgstr "%s: Bekreftet 0 signaturer."
+
+#, c-format
 msgid "%s: Verified %ld~signature in the past %s."
 msgid_plural "%s: Verified %ld~signatures in the past %s."
-msgstr[0] ""
-"Bekreftet %ld melding signert av ?%s?\n"
-"siste %s."
-msgstr[1] ""
-"Bekreftet %ld meldinger signert av ?%s?\n"
-"siste %s."
+msgstr[0] "%s: Bekreftet %ld~signatur i l?pet av siste %s."
+msgstr[1] "%s: Bekreftet %ld~signatur i l?pet av siste %s."
 
-#, fuzzy
-#| msgid "encrypted with %lu passphrases\n"
 msgid "Encrypted 0 messages."
-msgstr "kryptert med %lu passordfraser\n"
+msgstr "Kryptert 0 meldinger."
 
-#, fuzzy, c-format
-#| msgid ""
-#| "Verified %ld message signed by \"%s\"\n"
-#| "in the past %s."
-#| msgid_plural ""
-#| "Verified %ld messages signed by \"%s\"\n"
-#| "in the past %s."
+#, c-format
 msgid "Encrypted %ld~message in the past %s."
 msgid_plural "Encrypted %ld~messages in the past %s."
-msgstr[0] ""
-"Bekreftet %ld melding signert av ?%s?\n"
-"siste %s."
-msgstr[1] ""
-"Bekreftet %ld meldinger signert av ?%s?\n"
-"siste %s."
+msgstr[0] "Kryptert %ld~melding i l?pet av siste %s."
+msgstr[1] "Kryptert %ld~meldinger i l?pet av siste %s."
 
-#, fuzzy, c-format
-#| msgid "policy: %s"
+#, c-format
 msgid "(policy: %s)"
-msgstr "regelverk: %s"
+msgstr "(regelsett: %s)"
 
-#, fuzzy
-#| msgid "Warning: we've have yet to see a message signed by this key!\n"
 msgid ""
 "Warning: we have yet to see a message signed using this key and user id!\n"
 msgstr ""
-"Advarsel: vi har enda ikke sett en melding som er signert av denne "
-"n?kkelen.\n"
+"Advarsel: vi har enda ikke sett en melding som er signert med gjeldende "
+"n?kkel og bruker-ID.\n"
 
-#, fuzzy
-#| msgid "Warning: we've only seen a single message signed by this key!\n"
 msgid ""
 "Warning: we've only seen one message signed using this key and user id!\n"
 msgstr ""
-"Advarsel: vi har bare sett ?n melding som er signert av denne n?kkelen.\n"
+"Advarsel: vi har hittil bare sett ?n melding som er signert med gjeldende "
+"n?kkel og bruker-ID.\n"
 
-#, fuzzy
-#| msgid "Warning: we've have yet to see a message signed by this key!\n"
 msgid "Warning: you have yet to encrypt a message to this key!\n"
-msgstr ""
-"Advarsel: vi har enda ikke sett en melding som er signert av denne "
-"n?kkelen.\n"
+msgstr "Advarsel: du har enda ikke kryptert en melding til denne n?kkelen.\n"
 
-#, fuzzy
-#| msgid "Warning: we've only seen a single message signed by this key!\n"
 msgid "Warning: you have only encrypted one message to this key!\n"
-msgstr ""
-"Advarsel: vi har bare sett ?n melding som er signert av denne n?kkelen.\n"
-
-#, fuzzy, c-format
-#| msgid ""
-#| "Warning: if you think you've seen more than %ld message signed by this "
-#| "key, then this key might be a forgery!  Carefully examine the email "
-#| "address for small variations.  If the key is suspect, then use\n"
-#| "  %s\n"
-#| "to mark it as being bad.\n"
-#| msgid_plural ""
-#| "Warning: if you think you've seen more than %ld messages signed by this "
-#| "key, then this key might be a forgery!  Carefully examine the email "
-#| "address for small variations.  If the key is suspect, then use\n"
-#| "  %s\n"
-#| "to mark it as being bad.\n"
+msgstr "Advarsel: du har bare kryptert ?n melding til denne n?kkelen.\n"
+
+#, c-format
 msgid ""
 "Warning: if you think you've seen more signatures by this key and user id, "
 "then this key might be a forgery!  Carefully examine the email address for "
@@ -5785,17 +5631,18 @@ msgid_plural ""
 "  %s\n"
 "to mark it as being bad.\n"
 msgstr[0] ""
-"Warning: if you think you've seen more than %ld message signed by this key, "
-"then this key might be a forgery!  Carefully examine the email address for "
-"small variations.  If the key is suspect, then use\n"
+"Warning: hvis du tror du har sett flere signaturer fra denne n?kkelen og "
+"bruker-id-en, kan det bety at n?kkelen er forfalsket. Kontroller e-"
+"postadressen n?ye og se etter sm? variasjoner. Hvis noe ser galt ut, b?r du "
+"bruke\n"
 "  %s\n"
-"to mark it as being bad.\n"
+"for ? markere den som up?litelig.\n"
 msgstr[1] ""
-"Advarsel: hvis du tror du har sett flere enn %ld meldinger som er signert av "
-"denne n?kkelen, kan det bety at den er forfalsket!  Unders?k e-postadressen "
-"n?ye og se etter sm? variasjoner i navnet.\n"
-"Bruk %s \n"
-"for ? markere n?kkelen som ugyldig hvis den virker mistenkelig.\n"
+"Warning: if you think you've seen more signatures by this key and these user "
+"ids, then this key might be a forgery!  Carefully examine the email "
+"addresses for small variations.  If the key is suspect, then use\n"
+"  %s\n"
+"to mark it as being bad.\n"
 
 #, c-format
 msgid "error opening TOFU database: %s\n"
@@ -5804,11 +5651,12 @@ msgstr "feil under ?pning av TOFU-database: %s\n"
 #, c-format
 msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n"
 msgstr ""
+"ADVARSEL: krypterer til %s. Denne har ingen bruker-id-er som ikke er "
+"opphevet\n"
 
-#, fuzzy, c-format
-#| msgid "error writing public keyring '%s': %s\n"
+#, c-format
 msgid "error setting policy for key %s, user id \"%s\": %s"
-msgstr "feil under skriving av offentlig n?kkelknippe ?%s?: %s\n"
+msgstr "feil under endring av regel for n?kkel %s, bruker-id ?%s?: %s"
 
 #, c-format
 msgid "'%s' is not a valid long keyID\n"
@@ -6057,10 +5905,8 @@ msgstr "svar inneholder ikke RSA-modulus\n"
 msgid "response does not contain the RSA public exponent\n"
 msgstr "svar inneholder ikke offentlig RSA-eksponent\n"
 
-#, fuzzy
-#| msgid "response does not contain the EC public point\n"
 msgid "response does not contain the EC public key\n"
-msgstr "svar inneholder ikke offentlig EC-punkt\n"
+msgstr "svar inneholder ikke offentlig EC-n?kkel\n"
 
 msgid "response does not contain the public key data\n"
 msgstr "svar inneholder ikke offentlig n?kkeldata\n"
@@ -6074,17 +5920,17 @@ msgstr "lesing av offentlig n?kkel mislyktes: %s\n"
 #. * the %s at the start and end of the string.
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s"
-msgstr ""
+msgstr "%sNummer\\x1f: %s%%0AHolder\\x1f: %s%%0ATeller\\x1f: %lu%s"
 
 #, c-format
 msgid "%sNumber: %s%%0AHolder: %s%s"
-msgstr ""
+msgstr "%sNummer\\x1f: %s%%0AHolder\\x1f: %s%s"
 
 #. TRANSLATORS: This is the number of remaining attempts to
 #. * enter a PIN.  Use %%0A (double-percent,0A) for a linefeed.
 #, c-format
 msgid "Remaining attempts: %d"
-msgstr ""
+msgstr "Gjenst?ende fors?k: %d"
 
 #, c-format
 msgid "using default PIN as %s\n"
@@ -6096,10 +5942,8 @@ msgstr ""
 "klarte ikke ? bruke forvalgt PIN som %s: %s. Lar v?re ? bruke forvalgt PIN "
 "senere\n"
 
-#, fuzzy
-#| msgid "||Please enter the PIN"
 msgid "||Please unlock the card"
-msgstr "||Skriv inn PIN-kode"
+msgstr "||L?s opp kort"
 
 #, c-format
 msgid "PIN for CHV%d is too short; minimum length is %d\n"
@@ -7053,10 +6897,9 @@ msgstr "permanent innlastede sertifikater: %u\n"
 msgid "    runtime cached certificates: %u\n"
 msgstr "    hurtiglagrede sertifikater: %u\n"
 
-#, fuzzy, c-format
-#| msgid "    runtime cached certificates: %u\n"
+#, c-format
 msgid "           trusted certificates: %u (%u,%u,%u,%u)\n"
-msgstr "    hurtiglagrede sertifikater: %u\n"
+msgstr "           p?litelige sertifikater: %u (%u,%u,%u,%u)\n"
 
 msgid "certificate already cached\n"
 msgstr "sertifikat allerede hurtiglagret\n"
@@ -7631,7 +7474,7 @@ msgid "allow sending OCSP requests"
 msgstr "tillat sending av OCSP-foresp?rsler"
 
 msgid "allow online software version check"
-msgstr ""
+msgstr "tillat kontroll av programvare-versjon over nett"
 
 msgid "inhibit the use of HTTP"
 msgstr "hindre bruk av HTTP"
@@ -8079,7 +7922,7 @@ msgid "certificate has been revoked at: %s due to: %s\n"
 msgstr "sertifikat opphevet %s med f?lgende begrunnelse: %s\n"
 
 msgid "OCSP responder returned a status in the future\n"
-msgstr "OCSP-svartjeneste sendte status datert i fremtid\n"
+msgstr "OCSP-svartjeneste sendte status datert i framtiden\n"
 
 msgid "OCSP responder returned a non-current status\n"
 msgstr "OCSP-svartjeneste sendte status som ikke er datert i n?tid\n"
@@ -8265,10 +8108,8 @@ msgstr "|N|endre maksimal livstid for SSH-n?kler til N antall sekunder"
 msgid "Options enforcing a passphrase policy"
 msgstr "Valg som h?ndhever passordfrase-regler"
 
-#, fuzzy
-#| msgid "do not allow to bypass the passphrase policy"
 msgid "do not allow bypassing the passphrase policy"
-msgstr "ikke tillat overstyring av passordfrase-regler"
+msgstr "ikke tillat avvik fra passordregler"
 
 msgid "|N|set minimal required length for new passphrases to N"
 msgstr "|N|endre minimal passordfrase-lengde til N"
@@ -8342,33 +8183,23 @@ msgstr "LDAP-tjenerliste"
 msgid "Configuration for OCSP"
 msgstr "Oppsett for OCSP"
 
-#, fuzzy
-#| msgid "GPG for OpenPGP"
 msgid "OpenPGP"
-msgstr "GPG for OpenPGP"
+msgstr "OpenPGP"
 
 msgid "Private Keys"
-msgstr ""
+msgstr "Privatn?kler"
 
-#, fuzzy
-#| msgid "Smartcard Daemon"
 msgid "Smartcards"
-msgstr "Smartcard-bakgrunnsprosess"
+msgstr "Smartkort"
 
-#, fuzzy
-#| msgid "GPG for S/MIME"
 msgid "S/MIME"
-msgstr "GPG for S/MIME"
+msgstr "S/MIME"
 
-#, fuzzy
-#| msgid "network error"
 msgid "Network"
-msgstr "nettverksfeil"
+msgstr "Nettverk"
 
-#, fuzzy
-#| msgid "PIN and Passphrase Entry"
 msgid "Passphrase Entry"
-msgstr "Skriving av PIN og passordfrase"
+msgstr "Skriving av passordfrase"
 
 msgid "Component not suitable for launching"
 msgstr "Komponent egner seg ikke for oppstart"
@@ -8380,15 +8211,13 @@ msgstr "Ekstern bekreftelse av komponent %s mislyktes"
 msgid "Note that group specifications are ignored\n"
 msgstr "Merk at gruppespesifikasjoner blir ignorert\n"
 
-#, fuzzy, c-format
-#| msgid "error closing '%s': %s\n"
+#, c-format
 msgid "error closing '%s'\n"
-msgstr "feil under lukking av ?%s?: %s\n"
+msgstr "feil under lukking av ?%s?\n"
 
-#, fuzzy, c-format
-#| msgid "error hashing '%s': %s\n"
+#, c-format
 msgid "error parsing '%s'\n"
-msgstr "feil under summering av ?%s?: %s\n"
+msgstr "feil under tolkning av ?%s?\n"
 
 msgid "list all components"
 msgstr "vis alle komponenter"
@@ -8408,10 +8237,8 @@ msgstr "|KOMPONENT|kontroller valg"
 msgid "apply global default values"
 msgstr "bruk globale standardverdier"
 
-#, fuzzy
-#| msgid "|FILE|take policy information from FILE"
 msgid "|FILE|update configuration files using FILE"
-msgstr "|FIL|hent regler fra valgt FIL"
+msgstr "|FIL|oppdater oppsettsfiler ved bruk av valgt FIL"
 
 msgid "get the configuration directories for @GPGCONF@"
 msgstr "hent oppsettsmapper for @GPGCONF@"
@@ -8422,10 +8249,8 @@ msgstr "vis global oppsettsfil"
 msgid "check global configuration file"
 msgstr "kontroller global oppsettsfil"
 
-#, fuzzy
-#| msgid "update the trust database"
 msgid "query the software version database"
-msgstr "oppdater tillitsdatabase"
+msgstr "s?k i versjonsdatabase"
 
 msgid "reload all or a given component"
 msgstr "last inn ?n eller alle komponenter p? nytt"
@@ -8617,6 +8442,25 @@ msgstr ""
 #~ msgid "Error: Private DO too long (limit is %d characters).\n"
 #~ msgstr "Feil: Privat DO for lang (grensa g?r ved %d tegn).\n"
 
+#~ msgid "you may not use %s while in %s mode\n"
+#~ msgstr "du kan ikke bruke ?%s? i ?%s?-modus\n"
+
+#~ msgid "you may not use cipher algorithm '%s' while in %s mode\n"
+#~ msgstr "du kan ikke bruke krypteringsalgoritme ?%s? i %s-modus\n"
+
+#~ msgid "you may not use digest algorithm '%s' while in %s mode\n"
+#~ msgstr "du kan ikke bruke summeringsalgoritme ?%s? i %s-modus\n"
+
+#~ msgid "you may not use compression algorithm '%s' while in %s mode\n"
+#~ msgstr "du kan ikke bruke komprimeringsalgoritme ?%s? i ?%s?-modus\n"
+
+#~ msgid "you cannot use --symmetric --encrypt while in %s mode\n"
+#~ msgstr "du kan ikke velge ?--symmtric? og ?--encrypt? i ?%s?-modus\n"
+
+#~ msgid "you cannot use --symmetric --sign --encrypt while in %s mode\n"
+#~ msgstr ""
+#~ "du kan ikke velge ?--symmtric?, ?--sign? og ?--encrypt? i ?%s?-modus\n"
+
 #~ msgid ""
 #~ "can't check signature with unsupported public-key algorithm (%d): %s.\n"
 #~ msgstr ""
@@ -8652,6 +8496,9 @@ msgstr ""
 #~ "Advarsel: fant feil og kontrollerte bare selvsignaturer. Kj?r ?%s? for ? "
 #~ "kontrollere alle signaturer.\n"
 
+#~ msgid "User ID revocation failed: %s\n"
+#~ msgstr "oppheving av bruker-ID mislyktes: %s\n"
+
 #~ msgid "new configuration file '%s' created\n"
 #~ msgstr "ny oppsettsfil ?%s? opprettet\n"
 
@@ -8659,8 +8506,8 @@ msgstr ""
 #~ msgstr ""
 #~ "ADVARSEL: valgene i ?%s? trer ikke i kraft for gjeldende program?kt\n"
 
-#~ msgid "User ID revocation failed: %s\n"
-#~ msgstr "oppheving av bruker-ID mislyktes: %s\n"
+#~ msgid ", "
+#~ msgstr ", "
 
 #~ msgid "||Please enter the PIN%%0A[sigs done: %lu]"
 #~ msgstr "||Skriv inn PIN%%0A[signaturer utf?rt: %lu]"
@@ -8671,6 +8518,12 @@ msgstr ""
 #~ msgid "DSA requires the use of a 160 bit hash algorithm\n"
 #~ msgstr "DSA krever kontrollsum p? 160 bit\n"
 
+#~ msgid "Defaulting to unknown."
+#~ msgstr "Bruker standardverdi (ukjent)."
+
+#~ msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n"
+#~ msgstr "ADVARSEL: %s har ingen bruker-id-er som ikke er tilbakekalt.\n"
+
 #~ msgid "--store [filename]"
 #~ msgstr "--store [filnavn]"
 
@@ -8715,952 +8568,3 @@ msgstr ""
 
 #~ msgid "[filename]"
 #~ msgstr "[filnavn]"
-
-#, fuzzy
-#~| msgid " over the past %ld day."
-#~| msgid_plural " over the past %ld days."
-#~ msgid " in the past."
-#~ msgstr " i l?pet av g?rsdagen (%ld)."
-
-#~ msgid "shadowing the key failed: %s\n"
-#~ msgstr "skyggelegging av n?kkel mislyktes: %s\n"
-
-#~ msgid "available TOFU policies:\n"
-#~ msgstr "tilgjengelige TOFU-regler:\n"
-
-#~ msgid "The binding %s is NOT known."
-#~ msgstr "Tilknytning %s er ukjent."
-
-#~ msgid ""
-#~ "Please indicate whether you believe the binding %s%sis legitimate (the "
-#~ "key belongs to the stated owner) or a forgery (bad)."
-#~ msgstr ""
-#~ "Oppgi hvorvidt du tror tilknytninga %s%ser sannferdig (dvs.: at n?kkelen "
-#~ "tilh?rer personen som hevder ? eie den) eller falsk."
-
-#~ msgid "Known user IDs associated with this key:\n"
-#~ msgstr "Kjente bruker-id-er tilknyttet denne n?kkelen:\n"
-
-#~ msgid "%ld message signed"
-#~ msgid_plural "%ld messages signed"
-#~ msgstr[0] "%ld melding signert"
-#~ msgstr[1] "%ld meldinger signert"
-
-#~ msgid " over the past %ld week."
-#~ msgid_plural " over the past %ld weeks."
-#~ msgstr[0] " i l?pet av den siste uka (%ld)."
-#~ msgstr[1] " i l?pet av de siste %ld ukene."
-
-#~ msgid "Have never verified a message signed by key %s!\n"
-#~ msgstr "Har aldri bekreftet en melding som er signert av n?kkel %s.\n"
-
-#~ msgid ""
-#~ "Failed to collect signature statistics for \"%s\"\n"
-#~ "(key %s)\n"
-#~ msgstr ""
-#~ "Klarte ikke ? samle inn signaturstatistikk for ?%s?\n"
-#~ "(n?kkel %s)\n"
-
-#~ msgid "The most recent message was verified %s ago."
-#~ msgstr "Nyeste melding ble bekreftet for %s siden."
-
-#~ msgid "GPG Agent"
-#~ msgstr "GPG Agent"
-
-#~ msgid "Key Acquirer"
-#~ msgstr "N?kkelhenter"
-
-#~ msgid "communication problem with gpg-agent\n"
-#~ msgstr "kommunikasjonsproblemer med gpg-agent\n"
-
-#~ msgid "canceled by user\n"
-#~ msgstr "avbrutt av bruker\n"
-
-#~ msgid "problem with the agent\n"
-#~ msgstr "problemer med agent\n"
-
-#~ msgid "problem with the agent (unexpected response \"%s\")\n"
-#~ msgstr "problemer med agent (uventet svar: ?%s?)\n"
-
-#~ msgid "unknown TOFU DB format '%s'\n"
-#~ msgstr "?%s? er et ukjent TOFU DB-format\n"
-
-#~ msgid "libgcrypt is too old (need %s, have %s)\n"
-#~ msgstr "libgcrypt er for gammelt (krever %s, har %s)\n"
-
-#~ msgid ""
-#~ "Please enter the passphrase to unlock the secret key for the OpenPGP "
-#~ "certificate:\n"
-#~ "\"%.*s\"\n"
-#~ "%u-bit %s key, ID %s,\n"
-#~ "created %s%s.\n"
-#~ msgstr ""
-#~ "Skriv inn passordfrase for ? l?se opp hemmelig n?kkel til OpenPGP-"
-#~ "sertifikat:\n"
-#~ "?%.*s?\n"
-#~ "%u-bit %s-n?kkel, ID %s,\n"
-#~ "opprettet %s%s.\n"
-
-#~ msgid ""
-#~ "You need a passphrase to unlock the secret key for\n"
-#~ "user: \"%s\"\n"
-#~ msgstr ""
-#~ "Du trenger en passordfrase for ? l?se opp hemmelig n?kkel for\n"
-#~ "brukeren ?%s?\n"
-
-#~ msgid "%u-bit %s key, ID %s, created %s"
-#~ msgstr "%u-bit %s-n?kkel, ID %s, opprettet %s"
-
-#~ msgid "         (subkey on main key ID %s)"
-#~ msgstr "         (undern?kkel av hovedn?kkel-ID %s)"
-
-#~ msgid "Warning: Home directory contains both tofu.db and tofu.d.\n"
-#~ msgstr "Advarsel: Hjemmemappe inneholder b?de ?tofu.db? og ?tofu.d?.\n"
-
-#~ msgid "Using split format for TOFU database\n"
-#~ msgstr "Bruker splittformat for TOFU-database\n"
-
-#~ msgid "can't access directory '%s': %s\n"
-#~ msgstr "fikk ikke tilgang til mappa ?%s?: %s\n"
-
-#~ msgid "run as windows service (background)"
-#~ msgstr "kj?r som windows-tjeneste (i bakgrunnen)"
-
-#~ msgid "running in compatibility mode - certificate chain not checked!\n"
-#~ msgstr "kj?rer i kompatiblitetsmodus. Sertifikatkjede ikke kontrollert.\n"
-
-#~ msgid "you found a bug ... (%s:%d)\n"
-#~ msgstr "du fant en feil ? (%s:%d)\n"
-
-#~ msgid "%d user ID without valid self-signature detected\n"
-#~ msgid_plural "%d user IDs without valid self-signatures detected\n"
-#~ msgstr[0] "oppdaget %d bruker-ID uten gyldig selvsignatur\n"
-#~ msgstr[1] "oppdaget %d bruker-id-er uten gyldige selvsignaturer\n"
-
-#~ msgid "moving a key signature to the correct place\n"
-#~ msgstr "flytter en n?kkelsignatur til den rette plassen\n"
-
-#~ msgid "%d day"
-#~ msgid_plural "%d days"
-#~ msgstr[0] "%d dag"
-#~ msgstr[1] "%d dager"
-
-#~ msgid "can't gen prime with pbits=%u qbits=%u\n"
-#~ msgstr "du kan ikke lage primtall med pbits=%u qbits=%u\n"
-
-#~ msgid "can't generate a prime with less than %d bits\n"
-#~ msgstr "du kan ikke lage primtall med f?rre enn %d bit\n"
-
-#~ msgid "no entropy gathering module detected\n"
-#~ msgstr "fant ingen innsamlingsmodul for vilk?rlighetsdata\n"
-
-#~ msgid "can't lock `%s': %s\n"
-#~ msgstr "klarte ikke ? l?se ?%s?: %s\n"
-
-#~ msgid "`%s' is not a regular file - ignored\n"
-#~ msgstr "?%s? er ikke en vanlig fil, og blir ignorert\n"
-
-#~ msgid "note: random_seed file is empty\n"
-#~ msgstr "merk: random_seed-fila er tom\n"
-
-#~ msgid "can't read `%s': %s\n"
-#~ msgstr "klarte ikke ? lese ?%s?: %s\n"
-
-#~ msgid "note: random_seed file not updated\n"
-#~ msgstr "merk: random_seed-fila ble ikke oppdatert\n"
-
-#~ msgid "can't write `%s': %s\n"
-#~ msgstr "klarte ikke ? skrive ?%s?: %s\n"
-
-#~ msgid "can't close `%s': %s\n"
-#~ msgstr "klarte ikke ? lukke ?%s?: %s\n"
-
-#~ msgid "WARNING: using insecure random number generator!!\n"
-#~ msgstr "ADVARSEL: bruker usikker vik?rlighetsgenerator.\n"
-
-#~ msgid ""
-#~ "The random number generator is only a kludge to let\n"
-#~ "it run - it is in no way a strong RNG!\n"
-#~ "\n"
-#~ "DON'T USE ANY DATA GENERATED BY THIS PROGRAM!!\n"
-#~ "\n"
-#~ msgstr ""
-#~ "Denne vilk?rlighetsgeneratoren er bare en omvei for ? f? programmet\n"
-#~ "til ? kj?re. Den er p? ingen m?te en sterk RNG.\n"
-#~ "\n"
-#~ "IKKE BRUK DATA SOM ER GENERERT AV DETTE PROGRAMMET.\n"
-#~ "\n"
-
-#~ msgid ""
-#~ "Please wait, entropy is being gathered. Do some work if it would\n"
-#~ "keep you from getting bored, because it will improve the quality\n"
-#~ "of the entropy.\n"
-#~ msgstr ""
-#~ "Vent mens programmet samler inn vilk?rlighetsdata. Gj?r gjerne noe annet "
-#~ "p? maskinen\n"
-#~ "imens da aktivitet kan forbedre kvaliteten p? vilk?rlighetsdataene.\n"
-
-#~ msgid ""
-#~ "\n"
-#~ "Not enough random bytes available.  Please do some other work to give\n"
-#~ "the OS a chance to collect more entropy! (Need %d more bytes)\n"
-#~ msgstr ""
-#~ "\n"
-#~ "Ikke nok vilk?rlighetsdata tilgjengelig. Gj?r noe annet p? datamaskinen\n"
-#~ "for ? gi operativsystemet en sjanse til ? samle mer vilk?rlighet.\n"
-#~ "(%d byte mangler)\n"
-
-#~ msgid "unknown key protection algorithm\n"
-#~ msgstr "ukjent n?kkelbeskyttelsesalgoritme\n"
-
-#~ msgid "secret parts of key are not available\n"
-#~ msgstr "hemmelige deler av n?kkelen er ikke tilgjengelig.\n"
-
-#~ msgid "secret key already stored on a card\n"
-#~ msgstr "hemmelig n?kkel er allerede lagret p? et kort\n"
-
-#~ msgid "card reader not available\n"
-#~ msgstr "kortleser er ikke tilgjengelig\n"
-
-#~ msgid "Please insert the card and hit return or enter 'c' to cancel: "
-#~ msgstr "Sett inn kortet og trykk enter, eller trykk ?c? for ? avbryte: "
-
-#~ msgid "Hit return when ready or enter 'c' to cancel: "
-#~ msgstr "Trykk enter n?r du er klar, eller trykk ?c? for ? avbryte: "
-
-#~ msgid "Enter New Admin PIN: "
-#~ msgstr "Tast ny Admin-PIN: "
-
-#~ msgid "Enter New PIN: "
-#~ msgstr "Tast ny PIN: "
-
-#~ msgid "Enter Admin PIN: "
-#~ msgstr "Tast Admin-PIN: "
-
-#~ msgid ""
-#~ "you can only encrypt to RSA keys of 2048 bits or less in --pgp2 mode\n"
-#~ msgstr ""
-#~ "du kan bare kryptere med RSA-n?kler som er 2048 bit eller kortere i ?--"
-#~ "pgp2?-modus\n"
-
-#~ msgid ""
-#~ "unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
-#~ msgstr ""
-#~ "klarte ikke ? bruke IDEA-algoritmen for alle n?klene du krypterer til.\n"
-
-#~ msgid "key %s: not protected - skipped\n"
-#~ msgstr "n?kkel %s: ikke beskyttet - hoppet over\n"
-
-#~ msgid "about to export an unprotected subkey\n"
-#~ msgstr "du er i ferd med ? eksportere en undern?kkel uten beskyttelse\n"
-
-#~ msgid "failed to unprotect the subkey: %s\n"
-#~ msgstr "klarte ikke ? fjerne beskyttelsen p? undern?kkelen: %s\n"
-
-#~ msgid "WARNING: secret key %s does not have a simple SK checksum\n"
-#~ msgstr "ADVARSEL: hemmelig n?kkel %s har ikke en enkel SK-sjekksum\n"
-
-#~ msgid "generate PGP 2.x compatible messages"
-#~ msgstr "lag meldinger som fungerer med PGP 2.x"
-
-#~ msgid "NOTE: %s is not available in this version\n"
-#~ msgstr "MERK: %s er ikke tilgjengelig i denne versjonen\n"
-
-#~ msgid ""
-#~ "you can only make detached or clear signatures while in --pgp2 mode\n"
-#~ msgstr "du kan bare lage adskilte eller klare signaturer i --pgp2-modus\n"
-
-#~ msgid "you can't sign and encrypt at the same time while in --pgp2 mode\n"
-#~ msgstr "du kan ikke signere og kryptere samtidig i ?--pgp2?-modus\n"
-
-#~ msgid ""
-#~ "you must use files (and not a pipe) when working with --pgp2 enabled.\n"
-#~ msgstr "du m? bruke filer (og ikke en pipe) n?r --pgp2 er p?sl?tt\n"
-
-#~ msgid "encrypting a message in --pgp2 mode requires the IDEA cipher\n"
-#~ msgstr "kryptering en melding i --pgp2-modus krever IDEA-algoritmen\n"
-
-#~ msgid "-k[v][v][v][c] [user-id] [keyring]"
-#~ msgstr "-k[v][v][v][c] [bruker-ID] [n?kkelknippe]"
-
-#~ msgid "too many entries in pk cache - disabled\n"
-#~ msgstr "for mange elementer i pk-hurtiglager. Sl?tt av\n"
-
-#~ msgid "key %s: secret key without public key - skipped\n"
-#~ msgstr "n?kkel %s: hemmelig n?kkel uten offentlig n?kkel - hoppet over\n"
-
-#~ msgid "no secret subkey for public subkey %s - ignoring\n"
-#~ msgstr ""
-#~ "ingen hemmelig undern?kkel for offentlig undern?kkel %s - ignorerer\n"
-
-#~ msgid ""
-#~ "It's up to you to assign a value here; this value will never be exported\n"
-#~ "to any 3rd party.  We need it to implement the web-of-trust; it has "
-#~ "nothing\n"
-#~ "to do with the (implicitly created) web-of-certificates."
-#~ msgstr ""
-#~ "Det er opptil deg ? tildele dette en verdi. Verdien blir aldri sendt\n"
-#~ "til en tredjepart. Den brukes bare til ? implementere et "
-#~ "troverdighetsnett, og har\n"
-#~ "ingenting med (det implisitte) sertifikatnettet ? gj?re."
-
-#~ msgid ""
-#~ "To build the Web-of-Trust, GnuPG needs to know which keys are\n"
-#~ "ultimately trusted - those are usually the keys for which you have\n"
-#~ "access to the secret key.  Answer \"yes\" to set this key to\n"
-#~ "ultimately trusted\n"
-#~ msgstr ""
-#~ "GnuPG m? vite hvilke n?kler du stoler fullstendig p?\n"
-#~ "for ? kunne bygge troverdighetsnettet. N?kler du har tilgang til\n"
-#~ "den hemmelige n?kkelen for inng?r vanligvis her. Svar ?ja?\n"
-#~ "for ? merke denne n?kkelen som absolutt troverdig.\n"
-
-#~ msgid "If you want to use this untrusted key anyway, answer \"yes\"."
-#~ msgstr "Svar ?ja? hvis du vil bruke denne usikre n?kkelen likevel."
-
-#~ msgid ""
-#~ "Enter the user ID of the addressee to whom you want to send the message."
-#~ msgstr "Skriv inn bruker-ID for mottakeren du vil sende meldinga til."
-
-#~ msgid ""
-#~ "Select the algorithm to use.\n"
-#~ "\n"
-#~ "DSA (aka DSS) is the Digital Signature Algorithm and can only be used\n"
-#~ "for signatures.\n"
-#~ "\n"
-#~ "Elgamal is an encrypt-only algorithm.\n"
-#~ "\n"
-#~ "RSA may be used for signatures or encryption.\n"
-#~ "\n"
-#~ "The first (primary) key must always be a key which is capable of signing."
-#~ msgstr ""
-#~ "Velg algoritme.\n"
-#~ "\n"
-#~ "DSA (evt. DSS) - digital signaturalgoritme - kan bare brukes\n"
-#~ "til signering.\n"
-#~ "\n"
-#~ "Elgamal kan bare brukes til kryptering.\n"
-#~ "\n"
-#~ "RSA kan brukes til b?de signering og kryptering.\n"
-#~ "\n"
-#~ "F?rste n?kkel (prim?rn?kkel) m? alltid v?re en n?kkel som\n"
-#~ "kan brukes til signering."
-
-#~ msgid ""
-#~ "In general it is not a good idea to use the same key for signing and\n"
-#~ "encryption.  This algorithm should only be used in certain domains.\n"
-#~ "Please consult your security expert first."
-#~ msgstr ""
-#~ "Du b?r generelt ikke signere og kryptere med samme n?kkel.\n"
-#~ "Denne algoritmen b?r bare brukes til bestemte form?l.\n"
-#~ "H?r med din lokale sikkerhetsekspert hvis du er i tvil."
-
-#~ msgid "Enter the size of the key"
-#~ msgstr "Skriv inn n?kkelst?rrelse"
-
-#~ msgid "Answer \"yes\" or \"no\""
-#~ msgstr "Svar ?ja? eller ?nei?"
-
-#~ msgid ""
-#~ "Enter the required value as shown in the prompt.\n"
-#~ "It is possible to enter a ISO date (YYYY-MM-DD) but you won't\n"
-#~ "get a good error response - instead the system tries to interpret\n"
-#~ "the given value as an interval."
-#~ msgstr ""
-#~ "Skriv inn p?krevet verdi som forespurt.\n"
-#~ "Du kan bruke ISO-datoformat (????-MM-DD), men dette gir\n"
-#~ "ingen nyttige feilmeldinger. Systemet pr?ver i stedet ? tolke\n"
-#~ "verdien som et intervall."
-
-#~ msgid "Enter the name of the key holder"
-#~ msgstr "Skriv inn navnet p? n?kkelholderen"
-
-#~ msgid "please enter an optional but highly suggested email address"
-#~ msgstr "skriv inn en valgfri men anbefalt e-postadresse"
-
-#~ msgid "Please enter an optional comment"
-#~ msgstr "Skriv inn en valgfri kommentar"
-
-#~ msgid ""
-#~ "N  to change the name.\n"
-#~ "C  to change the comment.\n"
-#~ "E  to change the email address.\n"
-#~ "O  to continue with key generation.\n"
-#~ "Q  to quit the key generation."
-#~ msgstr ""
-#~ "N  for ? endre navn.\n"
-#~ "C  for ? endre kommentar.\n"
-#~ "E  for ? endre e-postadresse.\n"
-#~ "O  for ? fortsette ? lage n?kkel.\n"
-#~ "Q  for ? avbryte n?kkel."
-
-#~ msgid ""
-#~ "Answer \"yes\" (or just \"y\") if it is okay to generate the sub key."
-#~ msgstr "Svar ?ja? (eller bare ?j?) for ? fortsette ? lage undern?kkel."
-
-#~ msgid ""
-#~ "When you sign a user ID on a key, you should first verify that the key\n"
-#~ "belongs to the person named in the user ID.  It is useful for others to\n"
-#~ "know how carefully you verified this.\n"
-#~ "\n"
-#~ "\"0\" means you make no particular claim as to how carefully you verified "
-#~ "the\n"
-#~ "    key.\n"
-#~ "\n"
-#~ "\"1\" means you believe the key is owned by the person who claims to own "
-#~ "it\n"
-#~ "    but you could not, or did not verify the key at all.  This is useful "
-#~ "for\n"
-#~ "    a \"persona\" verification, where you sign the key of a pseudonymous "
-#~ "user.\n"
-#~ "\n"
-#~ "\"2\" means you did casual verification of the key.  For example, this "
-#~ "could\n"
-#~ "    mean that you verified the key fingerprint and checked the user ID on "
-#~ "the\n"
-#~ "    key against a photo ID.\n"
-#~ "\n"
-#~ "\"3\" means you did extensive verification of the key.  For example, this "
-#~ "could\n"
-#~ "    mean that you verified the key fingerprint with the owner of the key "
-#~ "in\n"
-#~ "    person, and that you checked, by means of a hard to forge document "
-#~ "with a\n"
-#~ "    photo ID (such as a passport) that the name of the key owner matches "
-#~ "the\n"
-#~ "    name in the user ID on the key, and finally that you verified (by "
-#~ "exchange\n"
-#~ "    of email) that the email address on the key belongs to the key "
-#~ "owner.\n"
-#~ "\n"
-#~ "Note that the examples given above for levels 2 and 3 are *only* "
-#~ "examples.\n"
-#~ "In the end, it is up to you to decide just what \"casual\" and \"extensive"
-#~ "\"\n"
-#~ "mean to you when you sign other keys.\n"
-#~ "\n"
-#~ "If you don't know what the right answer is, answer \"0\"."
-#~ msgstr ""
-#~ "N?r du signerer en bruker-ID p? en n?kkel, b?r du f?rst bekrefte at\n"
-#~ "n?kkelen tilh?rer personen som er valgt i bruker-id-en.  Det er\n"
-#~ "nyttig for andre ? vite hvor n?yaktig du kontrollerte dette.\n"
-#~ "\n"
-#~ "?0? betyr at du ikke forteller noe om hvor n?ye du har kontrollert "
-#~ "n?kkelen.\n"
-#~ "\n"
-#~ "?1? betyr at du tror at n?kkelen eies av personen som p?st?r ? eie\n"
-#~ "    den, men du har ikke kontrollert selve n?kkelen i det hele\n"
-#~ "    tatt.  Dette er nyttig ved identitetskontroll hvor du signerer\n"
-#~ "    n?kkelen til et pseudonym.\n"
-#~ "\n"
-#~ "?2? betyr at du har tatt en enkel kontroll av n?kkelen. For eksempel\n"
-#~ "    kan dette bety at du sjekket n?kkelens fingeravtrykk og\n"
-#~ "    bruker-id-en mot et foto-ID.\n"
-#~ "\n"
-#~ "?3? betyr at du har kontrollert n?kkelen grundig, for eksempel ved at    "
-#~ "du og n?kkeleieren personlig har bekreftet n?kkelens fingeravtrykk,\n"
-#~ "    n?kkelens bruker-ID mot et dokument med med bilde og navn som er\n"
-#~ "    vanskelig ? forfalske. og at e-postadressen i n?kkelen tilh?rer "
-#~ "n?kkeleieren.\n"
-#~ "\n"
-#~ "V?r obs p? at eksemplene gitt over for niv?ene 2 og 3 *bare* er\n"
-#~ "eksempler. Det er opp til deg ? bestemme hva ?enkel? og\n"
-#~ "?grundig? skal bety n?r du signerer andres n?kler.\n"
-#~ "\n"
-#~ "Svar ?0? hvis du ikke vet hva som er riktig svar."
-
-#~ msgid "Answer \"yes\" if you want to sign ALL the user IDs"
-#~ msgstr "Svar ?ja? hvis du vil signere *alle* bruker-id-ene"
-
-#~ msgid ""
-#~ "Answer \"yes\" if you really want to delete this user ID.\n"
-#~ "All certificates are then also lost!"
-#~ msgstr ""
-#~ "Svar ?ja? hvis du er sikker p? at du vil slette bruker-id-en.\n"
-#~ "Alle sertifikater g?r i s? fall ogs? tapt."
-
-#~ msgid "Answer \"yes\" if it is okay to delete the subkey"
-#~ msgstr "Svar ?ja? hvis du er sikker p? at du vil slette undern?kkelen"
-
-#~ msgid ""
-#~ "This is a valid signature on the key; you normally don't want\n"
-#~ "to delete this signature because it may be important to establish a\n"
-#~ "trust connection to the key or another key certified by this key."
-#~ msgstr ""
-#~ "Dette er en gyldig n?kkelsignatur. Du b?r normalt\n"
-#~ "ikke slette signaturen, fordi den kan brukes til ? koble\n"
-#~ "en troverdighet til enten selve n?kkelen eller en \n"
-#~ "annen n?kkel som denne n?kkelen g?r god for."
-
-#~ msgid ""
-#~ "This signature can't be checked because you don't have the\n"
-#~ "corresponding key.  You should postpone its deletion until you\n"
-#~ "know which key was used because this signing key might establish\n"
-#~ "a trust connection through another already certified key."
-#~ msgstr ""
-#~ "Du mangler n?kkelen som h?rer til denne signaturen, og\n"
-#~ "kan derfor ikke kontrollere den. Du b?r vente med ? slette den\n"
-#~ "til du vet hvilken n?kkel som ble brukt, fordi denne signeringsn?kkelen\n"
-#~ "kan v?re en troverdighetskobling til en annen n?kkel som allerede\n"
-#~ "er bekreftet."
-
-#~ msgid ""
-#~ "The signature is not valid.  It does make sense to remove it from\n"
-#~ "your keyring."
-#~ msgstr ""
-#~ "Signaturen er ugyldig. Du b?r vurdere ? fjerne den\n"
-#~ "fra n?kkelknippet."
-
-#~ msgid ""
-#~ "This is a signature which binds the user ID to the key. It is\n"
-#~ "usually not a good idea to remove such a signature.  Actually\n"
-#~ "GnuPG might not be able to use this key anymore.  So do this\n"
-#~ "only if this self-signature is for some reason not valid and\n"
-#~ "a second one is available."
-#~ msgstr ""
-#~ "Dette er en signatur som kobler bruker-id-en til n?kkelen.\n"
-#~ "Du b?r vanligvis ikke fjerne slike signaturer, fordi GnuPG\n"
-#~ "i s? fall ikke kan bruke n?kkelen lenger. Bare gj?r dette hvis\n"
-#~ "selvsigneringa er ugyldig av en eller annen grunn, og du\n"
-#~ "har en annen signering tilgjengelig."
-
-#~ msgid ""
-#~ "Change the preferences of all user IDs (or just of the selected ones)\n"
-#~ "to the current list of preferences.  The timestamp of all affected\n"
-#~ "self-signatures will be advanced by one second.\n"
-#~ msgstr ""
-#~ "Endre innstillinger for alle bruker-id-er (eller bare valgte)\n"
-#~ "til gjeldende oppsettsliste. Tidsstempler for alle selvsigneringer\n"
-#~ "blir rykket ett sekund fremover.\n"
-
-#~ msgid ""
-#~ "Please repeat the last passphrase, so you are sure what you typed in."
-#~ msgstr "Gjenta siste passordfrase slik at du er sikker p? hva du skrev inn."
-
-#~ msgid "Give the name of the file to which the signature applies"
-#~ msgstr "Oppgi navn p? fila som signaturen gjelder for"
-
-#~ msgid "Answer \"yes\" if it is okay to overwrite the file"
-#~ msgstr "Svar ?ja? hvis du er sikker p? at du vil overskrive fila"
-
-#~ msgid ""
-#~ "Please enter a new filename. If you just hit RETURN the default\n"
-#~ "file (which is shown in brackets) will be used."
-#~ msgstr ""
-#~ "Skriv inn nytt filnavn. Hvis du bare trykker RETUR, brukes\n"
-#~ "forvalgt filnavn (vist i parentes)."
-
-#~ msgid ""
-#~ "You should specify a reason for the certification.  Depending on the\n"
-#~ "context you have the ability to choose from this list:\n"
-#~ "  \"Key has been compromised\"\n"
-#~ "      Use this if you have a reason to believe that unauthorized persons\n"
-#~ "      got access to your secret key.\n"
-#~ "  \"Key is superseded\"\n"
-#~ "      Use this if you have replaced this key with a newer one.\n"
-#~ "  \"Key is no longer used\"\n"
-#~ "      Use this if you have retired this key.\n"
-#~ "  \"User ID is no longer valid\"\n"
-#~ "      Use this to state that the user ID should not longer be used;\n"
-#~ "      this is normally used to mark an email address invalid.\n"
-#~ msgstr ""
-#~ "Du b?r oppgi en anledning for sertifiseringa.\n"
-#~ "Velg en passende anledning fra denne lista:\n"
-#~ "  ?N?kkelen er komprommitert?\n"
-#~ "      Velg dette hvis du tror at uautoriserte personer\n"
-#~ "      har f?tt tilgang til en hemmelige n?kkel.\n"
-#~ "  ?N?kkelen er erstattet?\n"
-#~ "      Velg dette hvis du har erstattet n?kkelen med en ny.\n"
-#~ "  ?N?kkelen er ikke lenger i bruk?\n"
-#~ "      Velg dette hvis du ikke lenger bruker n?kkelen.\n"
-#~ "  ?Bruker-ID er ikke lenger gyldig?\n"
-#~ "      Velg dette for ? vise at bruker-id-en ikke lenger skal brukes.\n"
-#~ "      Dette brukes vanligvis til ? markere en e-postadresse som ugyldig.\n"
-
-#~ msgid ""
-#~ "If you like, you can enter a text describing why you issue this\n"
-#~ "revocation certificate.  Please keep this text concise.\n"
-#~ "An empty line ends the text.\n"
-#~ msgstr ""
-#~ "Hvis du vil, kan du skrive inn en tekst som forklarer hvorfor du\n"
-#~ "utsteder dette opphevelsessertifikatet. Pr?v ? holde teksten kort.\n"
-#~ "Avslutt med en tom linje.\n"
-
-#~ msgid "create a public key when importing a secret key"
-#~ msgstr "lag en offentlig n?kkel ved importering av hemmelig n?kkel"
-
-#~ msgid "         algorithms on these user IDs:\n"
-#~ msgstr "         algoritmer p? f?lgende bruker-id-er:\n"
-
-#~ msgid "key %s: already in secret keyring\n"
-#~ msgstr "n?kkel %s: finnes allerede i hemmelig n?kkelknippe\n"
-
-#~ msgid "NOTE: a key's S/N does not match the card's one\n"
-#~ msgstr "MERK: serienummer for en n?kkel samsvarer ikke med nummer p? kort\n"
-
-#~ msgid "NOTE: primary key is online and stored on card\n"
-#~ msgstr "MERK: prim?rn?kkel er p? nett og lagret p? kort\n"
-
-#~ msgid "NOTE: secondary key is online and stored on card\n"
-#~ msgstr "MERK: sekund?rn?kkel er p? nett og lagret p? kort\n"
-
-#~ msgid "%d signatures not checked due to missing keys\n"
-#~ msgstr "%d signaturer ble ikke sjekket p? grunn av manglende n?kler\n"
-
-#~ msgid "%d signatures not checked due to errors\n"
-#~ msgstr "%d signaturer ble ikke sjekket p? grunn av feil\n"
-
-#~ msgid "1 user ID without valid self-signature detected\n"
-#~ msgstr "oppdaget 1 bruker-ID uten gyldig selvsignatur\n"
-
-#~ msgid ""
-#~ "You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
-#~ "mode.\n"
-#~ msgstr ""
-#~ "Du kan ikke lage OpenPGP-signatur p? en PGP-2.x-n?kkel i ?--pgp2?-modus.\n"
-
-#~ msgid "This would make the key unusable in PGP 2.x.\n"
-#~ msgstr "Dette ville gj?re n?kkelen ubrukelig i PGP 2.x.\n"
-
-#~ msgid "This key is not protected.\n"
-#~ msgstr "Denne n?kkelen er ikke beskyttet.\n"
-
-#~ msgid "Key is protected.\n"
-#~ msgstr "N?kkelen er beskyttet.\n"
-
-#~ msgid "Can't edit this key: %s\n"
-#~ msgstr "Klarte ikke ? redigere denne n?kkelen: %s\n"
-
-#~ msgid ""
-#~ "Enter the new passphrase for this secret key.\n"
-#~ "\n"
-#~ msgstr ""
-#~ "Skriv inn ny passordfrase for denne hemmelige n?kklen.\n"
-#~ "\n"
-
-#~ msgid "passphrase not correctly repeated; try again"
-#~ msgstr "passordfrasen ble ikke gjentatt korrekt. Pr?v igjen"
-
-#~ msgid ""
-#~ "You don't want a passphrase - this is probably a *bad* idea!\n"
-#~ "\n"
-#~ msgstr ""
-#~ "Du har ikke valgt en passordfrase. Dette er sannsynligvis *ikke* lurt.\n"
-#~ "\n"
-
-#~ msgid "Do you really want to do this? (y/N) "
-#~ msgstr "Er du sikker p? at du vil gj?re dette? (j/N) "
-
-#~ msgid "toggle between the secret and public key listings"
-#~ msgstr "veksle mellom hemmelig og offentlig n?kkellisting"
-
-#~ msgid "error reading secret keyblock \"%s\": %s\n"
-#~ msgstr "feil under lesing av hemmelig n?kkelblokk ?%s?: %s\n"
-
-#~ msgid "User ID \"%s\": %d signatures removed\n"
-#~ msgstr "Bruker-ID ?%s?: %d signaturer fjernet\n"
-
-#~ msgid "Please remove selections from the secret keys.\n"
-#~ msgstr "Fjern utvalget fra de hemmelige n?klene.\n"
-
-#~ msgid "Please select at most one subkey.\n"
-#~ msgstr "Velg minst ?n undern?kkel.\n"
-
-#~ msgid "No corresponding signature in secret ring\n"
-#~ msgstr "Ingen samsvarende signatur p? hemmelig n?kkelknippe\n"
-
-#~ msgid "%s.\n"
-#~ msgstr "%s.\n"
-
-#~ msgid ""
-#~ "You don't want a passphrase - this is probably a *bad* idea!\n"
-#~ "I will do it anyway.  You can change your passphrase at any time,\n"
-#~ "using this program with the option \"--edit-key\".\n"
-#~ "\n"
-#~ msgstr ""
-#~ "Du har ikke valgt en passordfrase. Dette er sannsynligvis *ikke* lurt.\n"
-#~ "Jeg fortsetter likevel. Du kan endre passordfrasen n?r som helst ved\n"
-#~ "? bruke valget ?--edit-key?.\n"
-#~ "\n"
-
-#~ msgid "writing secret key stub to `%s'\n"
-#~ msgstr "skriver forel?pig hemmelig n?kkel til ?%s?\n"
-
-#~ msgid "storing key onto card failed: %s\n"
-#~ msgstr "lagring av n?kkel p? kort mislyktes: %s\n"
-
-#~ msgid "WARNING: 2 files with confidential information exists.\n"
-#~ msgstr "ADVARSEL: 2 filer med konfidensiell informasjon finnes.\n"
-
-#~ msgid "%s is the unchanged one\n"
-#~ msgstr "%s er uendret\n"
-
-#~ msgid "%s is the new one\n"
-#~ msgstr "%s er ny\n"
-
-#~ msgid "Please fix this possible security flaw\n"
-#~ msgstr "Du b?r fikse denne potensielle sikkerhetsrisikoen\n"
-
-#~ msgid "%lu keys cached (%lu signatures)\n"
-#~ msgstr "%lu n?kler hurtiglagret (%lu signaturer)\n"
-
-#~ msgid "use temporary files to pass data to keyserver helpers"
-#~ msgstr ""
-#~ "bruk midlertidige filer for ? overf?re data til n?kkeltjener-hjelpere"
-
-#~ msgid "do not delete temporary files after using them"
-#~ msgstr "ikke slett midlertidige filer etter ? ha brukt dem"
-
-#~ msgid "WARNING: keyserver option `%s' is not used on this platform\n"
-#~ msgstr ""
-#~ "ADVARSEL: n?kkeltjener-valget ?%s? er ikke i bruk p? denne plattformen\n"
-
-#~ msgid "searching for names from %s server %s\n"
-#~ msgstr "s?ker etter navn fra %s tjener %s\n"
-
-#~ msgid "searching for names from %s\n"
-#~ msgstr "s?ker etter navn fra %s\n"
-
-#~ msgid "searching for \"%s\" from %s server %s\n"
-#~ msgstr "s?ker etter ?%s? fra %s tjener %s\n"
-
-#~ msgid "searching for \"%s\" from %s\n"
-#~ msgstr "s?ker etter ?%s? fra %s\n"
-
-#~ msgid "WARNING: keyserver handler from a different version of GnuPG (%s)\n"
-#~ msgstr ""
-#~ "ADVARSEL: n?kkeltjener-behandler er av en annen GnuPG-versjon (%s)\n"
-
-#~ msgid "keyserver did not send VERSION\n"
-#~ msgstr "n?kkeltjener sendte ikke ?VERSION?\n"
-
-#~ msgid "keyserver communications error: %s\n"
-#~ msgstr "kommunikasjonsfeil med n?kkeltjener: %s\n"
-
-#~ msgid "external keyserver calls are not supported in this build\n"
-#~ msgstr ""
-#~ "eksterne n?kkeltjener-kall st?ttes ikke av denne programinstallasjonen\n"
-
-#~ msgid "no handler for keyserver scheme `%s'\n"
-#~ msgstr "ingen behandler for n?kkeltjener-skjema ?%s?\n"
-
-#~ msgid "action `%s' not supported with keyserver scheme `%s'\n"
-#~ msgstr "handlinga ?%s? st?ttes ikke med n?kkeltjener-skjema ?%s?\n"
-
-#~ msgid "%s does not support handler version %d\n"
-#~ msgstr "%s st?tter ikke behandlerversjon %d\n"
-
-#~ msgid "keyserver timed out\n"
-#~ msgstr "tidsavbrudd for n?kkeltjener\n"
-
-#~ msgid "keyserver internal error\n"
-#~ msgstr "intern feil p? n?kkeltjener\n"
-
-#~ msgid "refreshing 1 key from %s\n"
-#~ msgstr "oppfrisker 1 n?kkel fra %s\n"
-
-#~ msgid "WARNING: unable to parse URI %s\n"
-#~ msgstr "ADVARSEL: klarte ikke ? tolke adressen %s\n"
-
-#~ msgid "invalid root packet detected in proc_tree()\n"
-#~ msgstr "fant ugyldig rotpakke i proc_tree()\n"
-
-#~ msgid "NOTE: This feature is not available in %s\n"
-#~ msgstr "MERK: Denne funksjonen er ikke tilgjengelig i %s\n"
-
-#~ msgid "malformed GPG_AGENT_INFO environment variable\n"
-#~ msgstr "milj?variabelen ?GPG_AGENT_INFO? er feilformatert\n"
-
-#~ msgid "Repeat passphrase\n"
-#~ msgstr "Gjenta passordfrase\n"
-
-#~ msgid "can't query passphrase in batch mode\n"
-#~ msgstr "du kan ikke sp?rre om passordfrase i buntmodus\n"
-
-#~ msgid "Repeat passphrase: "
-#~ msgstr "Gjenta passordfrase: "
-
-#~ msgid "no photo viewer set\n"
-#~ msgstr "ingen bildefremviser valgt\n"
-
-#~ msgid "no corresponding public key: %s\n"
-#~ msgstr "ingen motsvarende offentlig n?kkel: %s\n"
-
-#~ msgid "public key does not match secret key!\n"
-#~ msgstr "offentlig n?kkel samsvarer ikke med hemmelig n?kkel.\n"
-
-#~ msgid "unknown protection algorithm\n"
-#~ msgstr "ukjent beskyttelsesalgoritme\n"
-
-#~ msgid "NOTE: This key is not protected!\n"
-#~ msgstr "MERK: denne n?kkelen er ikke beskyttet.\n"
-
-#~ msgid "Invalid passphrase; please try again"
-#~ msgstr "Ugyldig passordfrase. Pr?v igjen"
-
-#~ msgid "%s ...\n"
-#~ msgstr "%s ?\n"
-
-#~ msgid "WARNING: Weak key detected - please change passphrase again.\n"
-#~ msgstr "ADVARSEL: Oppdaget svak n?kkel. Du b?r endre passordfrasen igjen.\n"
-
-#~ msgid ""
-#~ "generating the deprecated 16-bit checksum for secret key protection\n"
-#~ msgstr ""
-#~ "lager utg?tt 16-bit-kontrollsum for beskyttelse av hemmelig n?kkel\n"
-
-#~ msgid "public key %s is %lu seconds newer than the signature\n"
-#~ msgstr "offentlig n?kkel %s er %lu sekunder nyere enn signaturen\n"
-
-#~ msgid ""
-#~ "key %s was created %lu seconds in the future (time warp or clock "
-#~ "problem)\n"
-#~ msgstr ""
-#~ "n?kkel %s ble opprettet %lu sekunder i fremtiden (tidsforskyvnings- eller "
-#~ "klokkeproblem)\n"
-
-#~ msgid ""
-#~ "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
-#~ msgstr ""
-#~ "du m? bruke ?--pgp2?-modus for ? signere adskilt med PGP 2.x-n?kler\n"
-
-#~ msgid ""
-#~ "you can only clearsign with PGP 2.x style keys while in --pgp2 mode\n"
-#~ msgstr ""
-#~ "du m? bruke ?--pgp2?-modus for ? signere i klartekst med PGP 2.x-n?kler\n"
-
-#~ msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
-#~ msgstr ""
-#~ "%d marginal(er) n?dvendig, %d fullstendig(e) n?dvendig, tillitsmodell %s\n"
-
-#~ msgid "general error"
-#~ msgstr "generell feil"
-
-#~ msgid "unknown packet type"
-#~ msgstr "ukjent pakketype"
-
-#~ msgid "unknown digest algorithm"
-#~ msgstr "ukjent kontrollsum-algoritme"
-
-#~ msgid "bad public key"
-#~ msgstr "ugyldig offentlig n?kkel"
-
-#~ msgid "bad secret key"
-#~ msgstr "ugyldig hemmelig n?kkel"
-
-#~ msgid "bad signature"
-#~ msgstr "ugyldig signatur"
-
-#~ msgid "checksum error"
-#~ msgstr "sjekksumfeil"
-
-#~ msgid "can't open the keyring"
-#~ msgstr "klarte ikke ? ?pne n?kkelknippe"
-
-#~ msgid "invalid packet"
-#~ msgstr "ugyldig pakke"
-
-#~ msgid "invalid armor"
-#~ msgstr "ugyldig beskyttelse"
-
-#~ msgid "no such user id"
-#~ msgstr "bruker-id-en finnes ikke"
-
-#~ msgid "wrong secret key used"
-#~ msgstr "feil hemmelig n?kkel ble brukt"
-
-#~ msgid "file write error"
-#~ msgstr "feil under skriving av fil"
-
-#~ msgid "unknown compress algorithm"
-#~ msgstr "ukjent komprimeringsalgoritme"
-
-#~ msgid "file open error"
-#~ msgstr "feil under ?pning av fil"
-
-#~ msgid "file create error"
-#~ msgstr "feil under opprettelse av fil"
-
-#~ msgid "unimplemented pubkey algorithm"
-#~ msgstr "uimplementert pubkey-algoritme"
-
-#~ msgid "unimplemented cipher algorithm"
-#~ msgstr "uimplementert krypteringsalgoritme"
-
-#~ msgid "unknown signature class"
-#~ msgstr "ukjent signaturklasse"
-
-#~ msgid "trust database error"
-#~ msgstr "feil med tillitsdatabase"
-
-#~ msgid "resource limit"
-#~ msgstr "ressursgrense"
-
-#~ msgid "invalid keyring"
-#~ msgstr "ugyldig n?kkelknippe"
-
-#~ msgid "malformed user id"
-#~ msgstr "feilformatert bruker-ID"
-
-#~ msgid "file close error"
-#~ msgstr "feil under lukking av fil"
-
-#~ msgid "file rename error"
-#~ msgstr "feil under fil-navnebytte"
-
-#~ msgid "file delete error"
-#~ msgstr "feil under sletting av fil"
-
-#~ msgid "unexpected data"
-#~ msgstr "uforventet data"
-
-#~ msgid "timestamp conflict"
-#~ msgstr "konflikt mellom tidsstempler"
-
-#~ msgid "unusable pubkey algorithm"
-#~ msgstr "ubrukelig pubkey algoritme"
-
-#~ msgid "file exists"
-#~ msgstr "fila finnes fra f?r av"
-
-#~ msgid "weak key"
-#~ msgstr "svak n?kkel"
-
-#~ msgid "bad URI"
-#~ msgstr "ugyldig URI"
-
-#~ msgid "not processed"
-#~ msgstr "ikke behandlet"
-
-#~ msgid "unusable public key"
-#~ msgstr "ubrukelig offentlig n?kkel"
-
-#~ msgid "unusable secret key"
-#~ msgstr "ubrukelig hemmelig n?kkel"
-
-#~ msgid "keyserver error"
-#~ msgstr "feil p? n?kkeltjener"
-
-#~ msgid "no card"
-#~ msgstr "ingen kort"
-
-#~ msgid "no data"
-#~ msgstr "ingen data"
-
-#~ msgid "ERROR: "
-#~ msgstr "FEIL: "
-
-#~ msgid "... this is a bug (%s:%d:%s)\n"
-#~ msgstr "? dette er en feil (%s:%d:%s)\n"
-
-#~ msgid ""
-#~ "please see http://www.gnupg.org/documentation/faqs.html for more "
-#~ "information\n"
-#~ msgstr ""
-#~ "se http://www.gnupg.org/documentation/faqs.html for mer informasjon\n"
-
-#~ msgid "operation is not possible without initialized secure memory\n"
-#~ msgstr "handlinga kan ikke utf?res uten sikkert minne\n"
-
-#~ msgid "(you may have used the wrong program for this task)\n"
-#~ msgstr "(du kan ha brukt feil program til denne oppgaven)\n"

-----------------------------------------------------------------------

Summary of changes:
 po/nb.po | 1576 ++++++++++----------------------------------------------------
 1 file changed, 240 insertions(+), 1336 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Aug 23 14:43:43 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 23 Aug 2017 14:43:43 +0200
Subject: [git] gnupg-doc - branch, master,
 updated. d2ac7df3fb9fcaf2f45f6a8e226c14a8500cee23
Message-ID: <E1dkV0a-0002SB-1i@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, master has been updated
       via  d2ac7df3fb9fcaf2f45f6a8e226c14a8500cee23 (commit)
      from  904ba293ec7ee27f4636b04cc7ca8bc94bbc0f14 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit d2ac7df3fb9fcaf2f45f6a8e226c14a8500cee23
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Aug 23 14:40:16 2017 +0200

    swdb: Rename some tags.
    
    We now use the tag "gnupg22" instead of "gnupg21" for the 2.2 branch.
    The next development branch 2.3.x will then be availabale under the
    tag "gnupg24" so that there is always a fixed tag for each stable
    branch.  For backward compatibility we keep the "gnupg21" for a while.
    
    Also rename "gnupg" to "gnupg20" for the old-stable branch.  We keep
    "gnupg" as a duplicate until the release of 2.2.
    
    Adjusted all references on the website.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/web/download/git.org b/web/download/git.org
index 399edb0..c39bbef 100644
--- a/web/download/git.org
+++ b/web/download/git.org
@@ -34,8 +34,8 @@
   required files which are not stored in the repository. =autogen.sh=
   also checks that you have all required tools installed. Please read
   the GIT manual pages before doing so. The =master= revision is the
-  development branch; the stable 2.0 version (currently version
-  {{{gnupg_ver}}}) is known as =STABLE-BRANCH-2-0=; the old 1.4
+  development branch; the stable 2.2 version (currently version
+  {{{gnupg22_ver}}}) is known as =STABLE-BRANCH-2-2=; the old 1.4
   version of GnuPG ({{{gnupg1_ver}}}) is known as =STABLE-BRANCH-1-4=.
 
   Bug reports should go to the developers mailing list. See the page
diff --git a/web/download/index.org b/web/download/index.org
index ce3194f..148243f 100644
--- a/web/download/index.org
+++ b/web/download/index.org
@@ -45,7 +45,7 @@
    | Name         | Version                | Date                    |                    Size | Tarball                                                                                                | Signature                                                                                                  |
    |--------------+------------------------+-------------------------+-------------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------|
    |              | <l>                    |                         |                     <r> |                                                                                                        |                                                                                                            |
-   | [[../software/index.org][GnuPG]]        | {{{gnupg21_ver}}}      | {{{gnupg21_date}}}      |      {{{gnupg21_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg21_ver}}}.tar.bz2{{{ftpclose}}}                    | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg21_ver}}}.tar.bz2.sig{{{ftpclose}}}                    |
+   | [[../software/index.org][GnuPG]]        | {{{gnupg22_ver}}}      | {{{gnupg22_date}}}      |      {{{gnupg22_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg22_ver}}}.tar.bz2{{{ftpclose}}}                    | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg22_ver}}}.tar.bz2.sig{{{ftpclose}}}                    |
    |--------------+------------------------+-------------------------+-------------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------|
    | [[../software/libgpg-error/index.org][Libgpg-error]] | {{{libgpg_error_ver}}} | {{{libgpg_error_date}}} | {{{libgpg_error_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2.sig{{{ftpclose}}} |
    | [[../software/libgcrypt/index.org][Libgcrypt]]    | {{{libgcrypt_ver}}}    | {{{libgcrypt_date}}}    |    {{{libgcrypt_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2{{{ftpclose}}}          | {{{ftpopen}}}{{{ftp_loc_base}}}/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2.sig{{{ftpclose}}}          |
@@ -59,7 +59,7 @@
    | [[../software/gpgme/index.org][GPGME]]        | {{{gpgme_ver}}}        | {{{gpgme_date}}}        |        {{{gpgme_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gpgme/gpgme-{{{gpgme_ver}}}.tar.bz2{{{ftpclose}}}                      | {{{ftpopen}}}{{{ftp_loc_base}}}/gpgme/gpgme-{{{gpgme_ver}}}.tar.bz2.sig{{{ftpclose}}}                      |
    | [[../software/gpa/index.org][GPA]]          | {{{gpa_ver}}}          | {{{gpa_date}}}          |          {{{gpa_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gpa/gpa-{{{gpa_ver}}}.tar.bz2{{{ftpclose}}}                            | {{{ftpopen}}}{{{ftp_loc_base}}}/gpa/gpa-{{{gpa_ver}}}.tar.bz2.sig{{{ftpclose}}}                            |
    |--------------+------------------------+-------------------------+-------------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------|
-   | GnuPG 2.0    | {{{gnupg_ver}}}        | {{{gnupg_date}}}        |        {{{gnupg_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg_ver}}}.tar.bz2{{{ftpclose}}}                      | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg_ver}}}.tar.bz2.sig{{{ftpclose}}}                      |
+   | GnuPG 2.0    | {{{gnupg20_ver}}}      | {{{gnupg20_date}}}      |        {{{gnupg20_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg20_ver}}}.tar.bz2{{{ftpclose}}}                    | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg20_ver}}}.tar.bz2.sig{{{ftpclose}}}                    |
    | GnuPG 1.4    | {{{gnupg1_ver}}}       | {{{gnupg1_date}}}       |       {{{gnupg1_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg1_ver}}}.tar.bz2{{{ftpclose}}}                     | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg1_ver}}}.tar.bz2.sig{{{ftpclose}}}                     |
    | Dirmngr 1    | {{{dirmngr_ver}}}      | {{{dirmngr_date}}}      |      {{{dirmngr_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2{{{ftpclose}}}                | {{{ftpopen}}}{{{ftp_loc_base}}}/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2.sig{{{ftpclose}}}                |
    |--------------+------------------------+-------------------------+-------------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------|
@@ -102,20 +102,20 @@
    also that some of them apply security patches on top of the
    standard versions but keep the original version number.
 
-   | OS      | Where              | Description                                 |
-   |---------+--------------------+---------------------------------------------|
-   |         | <18>               |                                             |
-   | Windows | [[http://gpg4win.org/download.html][Gpg4win]]            | Installers for /GnuPG 2.0/                  |
-   |         | {{{ftpopen}}}{{{ftp_loc_base}}}/binary/gnupg-w32-{{{gnupg21_w32_ver}}}.exe{{{ftpclose}}} {{{ftpopen}}}{{{ftp_loc_base}}}/binary/gnupg-w32-{{{gnupg21_w32_ver}}}.exe.sig{{{ftpcloseS}}} | Simple installer for the current /GnuPG/    |
-   |         | {{{ftpopen}}}{{{ftp_loc_base}}}/binary/gnupg-w32cli-{{{gnupg1_w32cli_ver}}}.exe{{{ftpclose}}} {{{ftpopen}}}{{{ftp_loc_base}}}/binary/gnupg-w32cli-{{{gnupg1_w32cli_ver}}}.exe.sig{{{ftpcloseS}}} | Simple installer for /GnuPG 1.4/            |
-   | OS X    | [[http://gpgtools.org][Mac GPG]]            | Installer from the gpgtools project         |
-   |         | [[https://sourceforge.net/p/gpgosx/docu/Download/][GnuPG for OS X]]     | Installer for /GnuPG 2.1/                   |
-   | Debian  | [[https://www.debian.org][Debian site]]        | GnuPG is part of Debian                       |
-   | RPM     | [[http://rpmfind.net/][rpmfind]]            | RPM packages for different OS               |
-   | Android | [[https://guardianproject.info/code/gnupg/][Guardian project]]   | Provides a GnuPG framework                  |
-   | VMS     | [[http://www.antinode.info/dec/sw/gnupg.html][antinode.info]]      | A port of GnuPG 1.4 to OpenVMS              |
-   | RISC OS | [[http://www.sbellon.de/gnupg.html][home page]]          | A port of GnuPG to RISC OS                  |
-   |---------+--------------------+---------------------------------------------|
+   | OS      | Where              | Description                              |
+   |---------+--------------------+------------------------------------------|
+   |         | <18>               |                                          |
+   | Windows | [[http://gpg4win.org/download.html][Gpg4win]]            | Installers for /GnuPG 2.0/               |
+   |         | {{{ftpopen}}}{{{ftp_loc_base}}}/binary/gnupg-w32-{{{gnupg22_w32_ver}}}.exe{{{ftpclose}}} {{{ftpopen}}}{{{ftp_loc_base}}}/binary/gnupg-w32-{{{gnupg22_w32_ver}}}.exe.sig{{{ftpcloseS}}} | Simple installer for the current /GnuPG/ |
+   |         | {{{ftpopen}}}{{{ftp_loc_base}}}/binary/gnupg-w32cli-{{{gnupg1_w32cli_ver}}}.exe{{{ftpclose}}} {{{ftpopen}}}{{{ftp_loc_base}}}/binary/gnupg-w32cli-{{{gnupg1_w32cli_ver}}}.exe.sig{{{ftpcloseS}}} | Simple installer for /GnuPG 1.4/         |
+   | OS X    | [[http://gpgtools.org][Mac GPG]]            | Installer from the gpgtools project      |
+   |         | [[https://sourceforge.net/p/gpgosx/docu/Download/][GnuPG for OS X]]     | Installer for /GnuPG 2.1/                |
+   | Debian  | [[https://www.debian.org][Debian site]]        | GnuPG is part of Debian                  |
+   | RPM     | [[http://rpmfind.net/][rpmfind]]            | RPM packages for different OS            |
+   | Android | [[https://guardianproject.info/code/gnupg/][Guardian project]]   | Provides a GnuPG framework               |
+   | VMS     | [[http://www.antinode.info/dec/sw/gnupg.html][antinode.info]]      | A port of GnuPG 1.4 to OpenVMS           |
+   | RISC OS | [[http://www.sbellon.de/gnupg.html][home page]]          | A port of GnuPG to RISC OS               |
+   |---------+--------------------+------------------------------------------|
 
 
 # eof #
diff --git a/web/download/integrity_check.org b/web/download/integrity_check.org
index 573b871..b0f4cb6 100644
--- a/web/download/integrity_check.org
+++ b/web/download/integrity_check.org
@@ -16,10 +16,10 @@
 
   If you already have a trusted version of GnuPG installed, you can
   check the supplied signature.  For example, to check the signature
-  of the file gnupg-{{{gnupg_ver}}}.tar.bz2, you can use this command:
+  of the file gnupg-{{{gnupg22_ver}}}.tar.bz2, you can use this command:
 
   {{{begin_example}}}
-  $ gpg {{{twodashes}}}verify gnupg-{{{gnupg_ver}}}.tar.bz2.sig gnupg-{{{gnupg_ver}}}.tar.bz2
+  $ gpg {{{twodashes}}}verify gnupg-{{{gnupg22_ver}}}.tar.bz2.sig gnupg-{{{gnupg22_ver}}}.tar.bz2
   {{{end_example}}}
 
   *Note: you should never use a GnuPG version you just downloaded to
@@ -86,18 +86,18 @@
    for an attacker to trick you into installing a modified version of
    the software.
 
-   Assuming you downloaded the file gnupg-{{{gnupg_ver}}}.tar.bz2, you
+   Assuming you downloaded the file gnupg-{{{gnupg22_ver}}}.tar.bz2, you
    can run the =sha1sum= command like this:
 
    {{{begin_chksum}}}
-   sha1sum gnupg-{{{gnupg_ver}}}.tar.bz2
+   sha1sum gnupg-{{{gnupg22_ver}}}.tar.bz2
    {{{end_chksum}}}
 
    and check that the output matches the SHA-1 checksum reported on
    this site. An example of a =sha1sum= output is:
 
    {{{begin_chksum}}}
-   {{{gnupg_sha1}}}  gnupg-{{{gnupg_ver}}}.tar.bz2
+   {{{gnupg22_sha1}}}  gnupg-{{{gnupg22_ver}}}.tar.bz2
    {{{end_chksum}}}
 
 ** List of SHA-1 check-sums
@@ -106,8 +106,8 @@
    that can be downloaded from [[ftp://ftp.gnupg.org/][our site]], have been gathered below.
 
    {{{begin_chksum}}}
-   {{{gnupg21_sha1}}}  gnupg-{{{gnupg21_ver}}}.tar.bz2
-   {{{gnupg21_w32_sha1}}}  gnupg-w32-{{{gnupg21_w32_ver}}}.exe
+   {{{gnupg22_sha1}}}  gnupg-{{{gnupg21_ver}}}.tar.bz2
+   {{{gnupg22_w32_sha1}}}  gnupg-w32-{{{gnupg21_w32_ver}}}.exe
    {{{libgpg_error_sha1}}}  libgpg-error-{{{libgpg_error_ver}}}.tar.bz2
    {{{libgcrypt_sha1}}}  libgcrypt-{{{libgcrypt_ver}}}.tar.bz2
    {{{libksba_sha1}}}  libksba-{{{libksba_ver}}}.tar.bz2
@@ -118,7 +118,7 @@
    {{{gpgme_sha1}}}  gpgme-{{{gpgme_ver}}}.tar.bz2
    {{{gpa_sha1}}}  gpa-{{{gpa_ver}}}.tar.bz2
    {{{dirmngr_sha1}}}  dirmngr-{{{dirmngr_ver}}}.tar.bz2
-   {{{gnupg_sha1}}}  gnupg-{{{gnupg_ver}}}.tar.bz2
+   {{{gnupg20_sha1}}}  gnupg-{{{gnupg20_ver}}}.tar.bz2
    {{{gnupg1_sha1}}}  gnupg-{{{gnupg1_ver}}}.tar.bz2
    {{{gnupg1_w32cli_sha1}}}  gnupg-w32cli-{{{gnupg1_w32cli_ver}}}.exe
    {{{end_chksum}}}
diff --git a/web/download/release_notes.org b/web/download/release_notes.org
index 73111d2..6792da1 100644
--- a/web/download/release_notes.org
+++ b/web/download/release_notes.org
@@ -7,7 +7,7 @@
 
 * Release Notes for GnuPG
 
-  Please read the NEWS file for a more complete list. {{{gnupg21_ver}}}
+  Please read the NEWS file for a more complete list. {{{gnupg22_ver}}}
   is the current version of GnuPG.
 
   Note that this page will soon be restructed.  The URLs pointing to
diff --git a/web/index.org b/web/index.org
index c507efe..edce9f3 100644
--- a/web/index.org
+++ b/web/index.org
@@ -22,7 +22,7 @@ GnuPG is [[https://www.gnu.org/philosophy/free-sw.html][Free Software]] (meaning
 be freely used, modified and distributed under the terms of the
 [[https://www.gnu.org/copyleft/gpl.html][GNU General Public License]] .
 
-The current version of GnuPG is {{{gnupg21_ver}}}.  See the [[file:download/index.org][download]]
+The current version of GnuPG is {{{gnupg22_ver}}}.  See the [[file:download/index.org][download]]
 page for other maintained versions.
 
 [[https://www.gpg4win.org][Gpg4win]] provides a Windows version of the older GnuPG 2.0 branch.  It
diff --git a/web/swdb.mac b/web/swdb.mac
index f3393ae..5fdbb5e 100644
--- a/web/swdb.mac
+++ b/web/swdb.mac
@@ -8,19 +8,21 @@
 #+macro: ftp_loc_base  /ftp/gcrypt
 
 #
-# GnuPG
-#
-#+macro: gnupg_ver  2.0.30
-#+macro: gnupg_date 2016-03-31
-#+macro: gnupg_size 4311k
-#+macro: gnupg_sha1 a9f024588c356a55e2fd413574bfb55b2e18794a
-#+macro: gnupg_sha2 e329785a4f366ba5d72c2c678a7e388b0892ac8440c2f4e6810042123c235d71
-#+macro: gnupg_branch  STABLE-BRANCH-2-0
-
-
-#
-# GnuPG-2.1
-#
+# GnuPG-2.2
+#
+#+macro: gnupg22_ver  2.1.23
+#+macro: gnupg22_date 2017-08-09
+#+macro: gnupg22_size 6373k
+#+macro: gnupg22_sha1 c470777eaa9657ef3258068507065c9a7caef9eb
+#+macro: gnupg22_sha2 a94476391595e9351f219188767a9d6ea128e83be5ed3226a7890f49aa2d0d77
+#+macro: gnupg22_w32_ver  2.1.23_20170809
+#+macro: gnupg22_w32_date 2017-08-09
+#+macro: gnupg22_w32_size 3794k
+#+macro: gnupg22_w32_sha1 c95f1c2dc3aa06dda2a58ba5aefb362511f666e3
+#+macro: gnupg22_w32_sha2 42045473336c0f20a2d4a2b6f4be5be263a55ccd3eb1f682976d94e9a3cff43f
+
+# temporary keep it as "gnupg21".  In the future we will use the name of
+# the stable branch even for the development versions.
 #+macro: gnupg21_ver  2.1.23
 #+macro: gnupg21_date 2017-08-09
 #+macro: gnupg21_size 6373k
@@ -34,6 +36,25 @@
 
 
 #
+# GnuPG 2.0
+#
+#+macro: gnupg20_ver  2.0.30
+#+macro: gnupg20_date 2016-03-31
+#+macro: gnupg20_size 4311k
+#+macro: gnupg20_sha1 a9f024588c356a55e2fd413574bfb55b2e18794a
+#+macro: gnupg20_sha2 e329785a4f366ba5d72c2c678a7e388b0892ac8440c2f4e6810042123c235d71
+#+macro: gnupg20_branch  STABLE-BRANCH-2-0
+
+# temporary keep it as "gnupg"
+#+macro: gnupg_ver  2.0.30
+#+macro: gnupg_date 2016-03-31
+#+macro: gnupg_size 4311k
+#+macro: gnupg_sha1 a9f024588c356a55e2fd413574bfb55b2e18794a
+#+macro: gnupg_sha2 e329785a4f366ba5d72c2c678a7e388b0892ac8440c2f4e6810042123c235d71
+#+macro: gnupg_branch  STABLE-BRANCH-2-0
+
+
+#
 # GnuPG-1
 #
 #+macro: gnupg1_ver  1.4.22

-----------------------------------------------------------------------

Summary of changes:
 web/download/git.org             |  4 ++--
 web/download/index.org           | 32 +++++++++++++--------------
 web/download/integrity_check.org | 16 +++++++-------
 web/download/release_notes.org   |  2 +-
 web/index.org                    |  2 +-
 web/swdb.mac                     | 47 +++++++++++++++++++++++++++++-----------
 6 files changed, 62 insertions(+), 41 deletions(-)


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Aug 23 15:40:35 2017
From: cvs at cvs.gnupg.org (by Marcus Brinkmann)
Date: Wed, 23 Aug 2017 15:40:35 +0200
Subject: [git] GPGME - branch, master, updated. gpgme-1.9.0-69-gbfb3a01
Message-ID: <E1dkVtb-00042G-5Z@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".

The branch, master has been updated
       via  bfb3a01a0c55aa327dcab061fa808672362cb09d (commit)
      from  57c12593082e4ad302041269f1c35f2fe7d2fb1a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit bfb3a01a0c55aa327dcab061fa808672362cb09d
Author: Marcus Brinkmann <marcus.brinkmann at ruhr-uni-bochum.de>
Date:   Wed Aug 23 15:38:11 2017 +0200

    Fix a couple of bugs pointed out by clang compiler warnings.
    
    * src/engine-gpgconf.c (gpgconf_config_dir_cb): Fix cast.
    * src/key.c (_gpgme_key_add_sig): Fix pointer reference.
    
    Signed-off-by: Marcus Brinkmann <mb at g10code.com>

diff --git a/src/engine-gpgconf.c b/src/engine-gpgconf.c
index 84d8df7..ba5a73d 100644
--- a/src/engine-gpgconf.c
+++ b/src/engine-gpgconf.c
@@ -996,7 +996,7 @@ static gpgme_error_t
 gpgconf_config_dir_cb (void *hook, char *line)
 {
   /* This is an input- and output-parameter.  */
-  struct gpgconf_config_dir_s *data = (char **) hook;
+  struct gpgconf_config_dir_s *data = (struct gpgconf_config_dir_s *) hook;
   int len = strlen(data->what);
 
   if (!strncmp(line, data->what, len) && line[len] == ':')
diff --git a/src/key.c b/src/key.c
index e2e30db..bb4d5fd 100644
--- a/src/key.c
+++ b/src/key.c
@@ -292,7 +292,7 @@ _gpgme_key_add_sig (gpgme_key_t key, char *src)
 		       &sig->comment, dst);
     }
   else
-    sig->uid = '\0';
+    sig->uid[0] = '\0';
 
   if (!uid->signatures)
     uid->signatures = sig;

-----------------------------------------------------------------------

Summary of changes:
 src/engine-gpgconf.c | 2 +-
 src/key.c            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
GnuPG Made Easy
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Aug 23 15:49:09 2017
From: cvs at cvs.gnupg.org (by Marcus Brinkmann)
Date: Wed, 23 Aug 2017 15:49:09 +0200
Subject: [git] Pinentry - branch, master, updated. pinentry-1.0.0-28-g858bde1
Message-ID: <E1dkW1t-0006DK-ET@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The standard pinentry collection".

The branch, master has been updated
       via  858bde1fbbc5e14f2d6410da05869188bdc36ee3 (commit)
      from  1590b664d88be8386a4664c2994b685187d1eb25 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 858bde1fbbc5e14f2d6410da05869188bdc36ee3
Author: Marcus Brinkmann <marcus.brinkmann at ruhr-uni-bochum.de>
Date:   Wed Aug 23 15:46:17 2017 +0200

    core: Supress compiler warnings.
    
    * pinentry/password-cache.c (password_cache_save, password_cache_lookup,
    password_cache_clear) [!HAVE_LIBSECRET]: Suppress unused parameter
    warnings.
    
    Signed-off-by: Marcus Brinkmann <mb at g10code.com>

diff --git a/pinentry/password-cache.c b/pinentry/password-cache.c
index 6778386..06c48b4 100644
--- a/pinentry/password-cache.c
+++ b/pinentry/password-cache.c
@@ -91,6 +91,8 @@ password_cache_save (const char *keygrip, const char *password)
 
   free (label);
 #else
+  (void) keygrip;
+  (void) password;
   return;
 #endif
 }
@@ -135,6 +137,7 @@ password_cache_lookup (const char *keygrip, int *fatal_error)
 
   return password2;
 #else
+  (void) keygrip;
   return NULL;
 #endif
 }
@@ -161,6 +164,7 @@ password_cache_clear (const char *keygrip)
     return 1;
   return 0;
 #else
+  (void) keygrip;
   return -1;
 #endif
 }

-----------------------------------------------------------------------

Summary of changes:
 pinentry/password-cache.c | 4 ++++
 1 file changed, 4 insertions(+)


hooks/post-receive
-- 
The standard pinentry collection
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Aug 23 16:14:31 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 23 Aug 2017 16:14:31 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.2-base-13-gb917cb6
Message-ID: <E1dkWQS-0002CS-RN@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  b917cb66b79597520788cd9264889942247a3377 (commit)
       via  008ae0bd868cb49ad4d67fc8c71707cd2a162137 (commit)
      from  fd0e5b60bed1cfc2aed7b2e13cc449f355eac051 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b917cb66b79597520788cd9264889942247a3377
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Aug 23 15:16:52 2017 +0200

    tests: Do not run trust-pgp-4.scm
    
    * tests/openpgp/Makefile.am (XTESTS): Remove test.
    (EXTRA_DIST): Add test file.
    --
    
    There are two problems with this test: First a syntax error in the
    file name so that the test was not used at all.  Second the test
    currently returns FAIL.
    
    Fixes-commit: c23a69970ba38edae9d3b2603825d18fbb732423
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am
index c87dd0a..f6014c9 100644
--- a/tests/openpgp/Makefile.am
+++ b/tests/openpgp/Makefile.am
@@ -85,7 +85,6 @@ XTESTS = \
 	trust-pgp-1.scm \
 	trust-pgp-2.scm \
 	trust-pgp-3.scm \
-	trust-pgp-4.scm! \
 	gpgtar.scm \
 	use-exact-key.scm \
 	default-key.scm \
@@ -103,6 +102,10 @@ XTESTS = \
 	issue2929.scm \
 	issue2941.scm
 
+# Temporary removed tests:
+#	trust-pgp-4.scm
+
+
 # XXX: Currently, one cannot override automake's 'check' target.  As a
 # workaround, we avoid defining 'TESTS', thus automake will not emit
 # the 'check' target.  For extra robustness, we merely define a
@@ -265,7 +268,7 @@ sample_msgs = samplemsgs/clearsig-1-key-1.asc \
 
 EXTRA_DIST = defs.scm trust-pgp/common.scm $(XTESTS) $(TEST_FILES) \
 	     mkdemodirs signdemokey $(priv_keys) $(sample_keys)   \
-	     $(sample_msgs) ChangeLog-2011 run-tests.scm \
+	     $(sample_msgs) ChangeLog-2011 run-tests.scm trust-pgp-4.scm \
 	     setup.scm shell.scm all-tests.scm signed-messages.scm
 
 CLEANFILES = prepared.stamp x y yy z out err  $(data_files) \

commit 008ae0bd868cb49ad4d67fc8c71707cd2a162137
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Aug 23 14:50:03 2017 +0200

    build: Change SWDB tag "gnupg21" to "gnupg22".
    
    * configure.ac (GNUPG_SWDB_TAG): New ac_define.  Set it to "gnupg22".
    * tools/gpgconf.c (query_swdb): Use it.
    * build-aux/speedo.mk: Change tag "gnupg21" to "gnupg22".
    * Makefile.am (distcheck-hook): Ditto.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/Makefile.am b/Makefile.am
index b972cff..c01c0a8 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -99,7 +99,7 @@ dist-hook: gen-ChangeLog
 
 distcheck-hook:
 	set -e; ( \
-	pref="#+macro: gnupg21_" ;\
+	pref="#+macro: gnupg22_" ;\
 	reldate="$$(date -u +%Y-%m-%d)" ;\
         echo "$${pref}ver  $(PACKAGE_VERSION)"  ;\
         echo "$${pref}date $${reldate}" ;\
diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk
index f1ec653..b1c6ef8 100644
--- a/build-aux/speedo.mk
+++ b/build-aux/speedo.mk
@@ -276,7 +276,7 @@ endif
 # Version numbers of the released packages
 gnupg_ver_this = $(shell cat $(topsrc)/VERSION)
 
-gnupg_ver        := $(shell awk '$$1=="gnupg21_ver" {print $$2}' swdb.lst)
+gnupg_ver        := $(shell awk '$$1=="gnupg22_ver" {print $$2}' swdb.lst)
 
 libgpg_error_ver := $(shell awk '$$1=="libgpg_error_ver" {print $$2}' swdb.lst)
 libgpg_error_sha1:= $(shell awk '$$1=="libgpg_error_sha1" {print $$2}' swdb.lst)
@@ -1187,7 +1187,7 @@ installer: all w32_insthelpers $(w32src)/inst-options.ini $(bdir)/README.txt
 
 
 define MKSWDB_commands
- ( pref="#+macro: gnupg21_w32_" ;\
+ ( pref="#+macro: gnupg22_w32_" ;\
    echo "$${pref}ver  $(INST_VERSION)_$(BUILD_DATESTR)"  ;\
    echo "$${pref}date $(2)" ;\
    echo "$${pref}size $$(wc -c <$(1)|awk '{print int($$1/1024)}')k";\
diff --git a/configure.ac b/configure.ac
index b52c86d..33c88d2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -49,6 +49,10 @@ m4_define([mym4_revision_dec], m4_argn(8, mym4_verslist))
 m4_esyscmd([echo ]mym4_version[>VERSION])
 AC_INIT([mym4_package],[mym4_version], [https://bugs.gnupg.org])
 
+# When changing the SWDB tag please also adjust the hard coded tags in
+# build-aux/speedo.mk and Makefile.am
+AC_DEFINE_UNQUOTED(GNUPG_SWDB_TAG, "gnupg22", [swdb tag for this branch])
+
 NEED_GPG_ERROR_VERSION=1.24
 
 NEED_LIBGCRYPT_API=1
diff --git a/tools/gpgconf.c b/tools/gpgconf.c
index fefa2ff..09b2a76 100644
--- a/tools/gpgconf.c
+++ b/tools/gpgconf.c
@@ -292,7 +292,7 @@ query_swdb (estream_t out, const char *name, const char *current_version)
       goto leave;
     }
   if (!strcmp (name, "gnupg"))
-    search_name = "gnupg21";
+    search_name = GNUPG_SWDB_TAG;
   else if (!strcmp (name, "gnupg1"))
     search_name = "gnupg1";
   else

-----------------------------------------------------------------------

Summary of changes:
 Makefile.am               | 2 +-
 build-aux/speedo.mk       | 4 ++--
 configure.ac              | 4 ++++
 tests/openpgp/Makefile.am | 7 +++++--
 tools/gpgconf.c           | 2 +-
 5 files changed, 13 insertions(+), 6 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Aug 23 16:52:36 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 23 Aug 2017 16:52:36 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.2-base-14-g565e486
Message-ID: <E1dkX1J-0000pR-5I@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  565e486b8028f9e3cc51ebc5202666b598042175 (commit)
      from  b917cb66b79597520788cd9264889942247a3377 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 565e486b8028f9e3cc51ebc5202666b598042175
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Aug 23 16:45:20 2017 +0200

    gpgconf: Swap "auto-key-retrieve" and "no-auto-key-retrieve".
    
    * g10/gpg.c (gpgconf_list): Announce "auto-key-retrieve".
    (main): Simplify setting of KEYSERVER_AUTO_KEY_RETRIEVE.
    * tools/gpgconf-comp.c: Make "no-auto-key-retrieve" invisible.  Make
    "auto-key-retrieve" an expert option.
    --
    
    This basically reverts 9bb13a0e819334681caca38c9074bd7bfc04e45e
    because --no-auto-key-retrieve is again the default.  Note that we
    allow both options for the sake of profiles.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/gpg.c b/g10/gpg.c
index 31b1fca..62d6131 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -1852,7 +1852,7 @@ gpgconf_list (const char *configfile)
   es_printf ("encrypt-to:%lu:\n", GC_OPT_FLAG_NONE);
   es_printf ("try-secret-key:%lu:\n", GC_OPT_FLAG_NONE);
   es_printf ("auto-key-locate:%lu:\n", GC_OPT_FLAG_NONE);
-  es_printf ("no-auto-key-retrieve:%lu:\n", GC_OPT_FLAG_NONE);
+  es_printf ("auto-key-retrieve:%lu:\n", GC_OPT_FLAG_NONE);
   es_printf ("log-file:%lu:\n", GC_OPT_FLAG_NONE);
   es_printf ("debug-level:%lu:\"none:\n", GC_OPT_FLAG_DEFAULT);
   es_printf ("group:%lu:\n", GC_OPT_FLAG_NONE);
@@ -3336,13 +3336,14 @@ main (int argc, char **argv)
 	  case oIgnoreCrcError: opt.ignore_crc_error = 1; break;
 	  case oIgnoreMDCError: opt.ignore_mdc_error = 1; break;
 	  case oNoRandomSeedFile: use_random_seed = 0; break;
+
 	  case oAutoKeyRetrieve:
+            opt.keyserver_options.options |= KEYSERVER_AUTO_KEY_RETRIEVE;
+            break;
 	  case oNoAutoKeyRetrieve:
-	        if(pargs.r_opt==oAutoKeyRetrieve)
-		  opt.keyserver_options.options|=KEYSERVER_AUTO_KEY_RETRIEVE;
-		else
-		  opt.keyserver_options.options&=~KEYSERVER_AUTO_KEY_RETRIEVE;
-		break;
+            opt.keyserver_options.options &= ~KEYSERVER_AUTO_KEY_RETRIEVE;
+            break;
+
 	  case oShowSessionKey: opt.show_session_key = 1; break;
 	  case oOverrideSessionKey:
 		opt.override_session_key = pargs.r.ret_str;
diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index e9d4ca8..e6ef4f4 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -755,9 +755,9 @@ static gc_option_t gc_options_gpg[] =
    { "auto-key-locate", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
      "gnupg", N_("|MECHANISMS|use MECHANISMS to locate keys by mail address"),
      GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
-   { "auto-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
+   { "auto-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
      NULL, NULL, GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
-   { "no-auto-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+   { "no-auto-key-retrieve", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
      NULL, NULL, GC_ARG_TYPE_NONE, GC_BACKEND_GPG },
    { "disable-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
      "gnupg", N_("disable all access to the dirmngr"),

-----------------------------------------------------------------------

Summary of changes:
 g10/gpg.c            | 13 +++++++------
 tools/gpgconf-comp.c |  4 ++--
 2 files changed, 9 insertions(+), 8 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Aug 23 22:26:15 2017
From: cvs at cvs.gnupg.org (by Damien Goutte-Gattat)
Date: Wed, 23 Aug 2017 22:26:15 +0200
Subject: [git] Pinentry - branch, master, updated. pinentry-1.0.0-29-g2b1fb2f
Message-ID: <E1dkcEB-00017H-HC@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The standard pinentry collection".

The branch, master has been updated
       via  2b1fb2f30a94a967dacec298e3c7d8a80b4c3194 (commit)
      from  858bde1fbbc5e14f2d6410da05869188bdc36ee3 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 2b1fb2f30a94a967dacec298e3c7d8a80b4c3194
Author: Damien Goutte-Gattat <dgouttegattat at incenp.org>
Date:   Wed Aug 23 21:46:22 2017 +0200

    gtk: Really always set the window as transient.
    
    * gtk+-2/pinentry-gtk-2.c (make_transient): Set the window as
    transient even if we do not grab the keyboard.
    --
    
    In the previous commit attempting to fix issue 3253, the window
    was set as transient only in grabbing mode. The window should
    actually always be set as transient, independently of whether
    we grab the keyboard or not. This is especially important now
    that --no-grab is the default behavior of GnuPG Agent.
    
    GnuPG-bug-id: 3253
    Fixes-commit: f69dadc6ccea7672869436291ab5c1f58d545466
    Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>

diff --git a/gtk+-2/pinentry-gtk-2.c b/gtk+-2/pinentry-gtk-2.c
index f17a702..89728c4 100644
--- a/gtk+-2/pinentry-gtk-2.c
+++ b/gtk+-2/pinentry-gtk-2.c
@@ -136,9 +136,6 @@ make_transient (GtkWidget *win, GdkEvent *event, gpointer data)
   (void)event;
   (void)data;
 
-  if (! pinentry->grab)
-    return;
-
   /* Make window transient for the root window.  */
   screen = gdk_screen_get_default ();
   root = gdk_screen_get_root_window (screen);

-----------------------------------------------------------------------

Summary of changes:
 gtk+-2/pinentry-gtk-2.c | 3 ---
 1 file changed, 3 deletions(-)


hooks/post-receive
-- 
The standard pinentry collection
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Aug 24 15:52:12 2017
From: cvs at cvs.gnupg.org (by Marcus Brinkmann)
Date: Thu, 24 Aug 2017 15:52:12 +0200
Subject: [git] GPGME - branch, master, updated. gpgme-1.9.0-70-g91e47d7
Message-ID: <E1dksYO-0002hI-P3@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".

The branch, master has been updated
       via  91e47d71652bd0f83b51089c343c3c4836bdfa8a (commit)
      from  bfb3a01a0c55aa327dcab061fa808672362cb09d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 91e47d71652bd0f83b51089c343c3c4836bdfa8a
Author: Marcus Brinkmann <marcus.brinkmann at ruhr-uni-bochum.de>
Date:   Thu Aug 24 15:50:16 2017 +0200

    gpgconf: Add more comments.
    
    * src/engine-gpgconf.c (gpgconf_config_dir_cb, gpgconf_conf_dir):
    Add comments.
    
    Signed-off-by: Marcus Brinkmann <mb at g10code.com>
    GnuPG-bug-id: 3018

diff --git a/src/engine-gpgconf.c b/src/engine-gpgconf.c
index ba5a73d..94ae67f 100644
--- a/src/engine-gpgconf.c
+++ b/src/engine-gpgconf.c
@@ -992,6 +992,10 @@ struct gpgconf_config_dir_s
   char *result;
 };
 
+/* Called for each line in the gpgconf --list-dirs output.  Searches
+   for the desired line and returns the result, indicating success by
+   a special error value GPG_ERR_USER_1 (which terminates the
+   operation immediately).  */
 static gpgme_error_t
 gpgconf_config_dir_cb (void *hook, char *line)
 {
@@ -1011,6 +1015,8 @@ gpgconf_config_dir_cb (void *hook, char *line)
 }
 
 
+/* Like gpgme_get_dirinfo, but uses the home directory of ENGINE and
+   does not cache the result.  */
 static gpgme_error_t
 gpgconf_conf_dir (void *engine, const char *what, char **result)
 {
@@ -1023,7 +1029,7 @@ gpgconf_conf_dir (void *engine, const char *what, char **result)
 		      gpgconf_config_dir_cb, &data);
   if (gpg_err_code (err) == GPG_ERR_USER_1)
     {
-      /* This signals to use that a result was found.  */
+      /* This signals to us that a result was found.  */
       *result = data.result;
       return 0;
     }

-----------------------------------------------------------------------

Summary of changes:
 src/engine-gpgconf.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
GnuPG Made Easy
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Aug 24 16:27:08 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 24 Aug 2017 16:27:08 +0200
Subject: [git] GPGME - branch, master, updated. gpgme-1.9.0-72-g6745eb6
Message-ID: <E1dkt6C-0000HX-OX@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".

The branch, master has been updated
       via  6745eb69e27bc73fece88c5e4e0b0bca13fa8b11 (commit)
       via  9bde9144f0c2d0087799511e9b041dc945a4cfa8 (commit)
      from  91e47d71652bd0f83b51089c343c3c4836bdfa8a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 6745eb69e27bc73fece88c5e4e0b0bca13fa8b11
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Aug 24 16:19:54 2017 +0200

    Set next version to 1.10.0
    
    --

diff --git a/NEWS b/NEWS
index f3394a2..25552ad 100644
--- a/NEWS
+++ b/NEWS
@@ -1,21 +1,22 @@
-Noteworthy changes in version 1.9.1 (unreleased)
-------------------------------------------------
+Noteworthy changes in version 1.10.0 (unreleased)
+-------------------------------------------------
 
  * Interface changes relative to the 1.9.0 release:
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
- gpgme_decrypt_result_t EXTENDED: New field 'is_de_vs'.
- gpgme_signature_t      EXTENDED: New field 'is_de_vs'.
- gpgme_op_delete_ext    NEW
- gpgme_op_delete_ext_start NEW
- GPGME_DELETE_ALLOW_SECRET NEW
- GPGME_DELETE_FORCE     NEW
- gpgme_op_conf_dir      NEW
+ gpgme_decrypt_result_t      EXTENDED: New field 'is_de_vs'.
+ gpgme_signature_t           EXTENDED: New field 'is_de_vs'.
+ gpgme_keyorg_t              NEW.
+ gpgme_op_delete_ext         NEW.
+ gpgme_op_delete_ext_start   NEW.
+ GPGME_DELETE_ALLOW_SECRET   NEW.
+ GPGME_DELETE_FORCE          NEW.
+ gpgme_op_conf_dir           NEW.
  cpp: DecryptionResult::isDeVs NEW.
  cpp: Signature::isDeVs        NEW.
- py: DecryptResult EXTENDED: New boolean field 'is_de_vs'.
- py: Signature     EXTENDED: New boolean field 'is_de_vs'.
- py: GpgError      EXTENDED: Partial results in 'results'.
+ py: DecryptResult           EXTENDED: New boolean field 'is_de_vs'.
+ py: Signature               EXTENDED: New boolean field 'is_de_vs'.
+ py: GpgError                EXTENDED: Partial results in 'results'.
+
 
 Noteworthy changes in version 1.9.0 (2017-03-28)
 ------------------------------------------------
@@ -44,7 +45,6 @@ Noteworthy changes in version 1.9.0 (2017-03-28)
 
  * Many smaller bug fixes.
 
-
  * Interface changes relative to the 1.8.0 release:
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  gpgme_op_createkey          CHANGED: Meaning of 'expire' parameter.
diff --git a/configure.ac b/configure.ac
index b4878cc..1284317 100644
--- a/configure.ac
+++ b/configure.ac
@@ -28,8 +28,8 @@ min_automake_version="1.14"
 # commit and push so that the git magic is able to work.  See below
 # for the LT versions.
 m4_define(mym4_version_major, [1])
-m4_define(mym4_version_minor, [9])
-m4_define(mym4_version_micro, [1])
+m4_define(mym4_version_minor, [10])
+m4_define(mym4_version_micro, [0])
 
 # Below is m4 magic to extract and compute the revision number, the
 # decimalized short revision number, a beta version string, and a flag
diff --git a/src/engine-gpg.c b/src/engine-gpg.c
index bc60d82..9c0d7f7 100644
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@@ -1874,7 +1874,7 @@ gpg_encrypt (void *engine, gpgme_key_t recp[], gpgme_encrypt_flags_t flags,
 
   if (!err && (flags & GPGME_ENCRYPT_WRAP))
     {
-      /* gpg is current not abale to detect already compressed
+      /* gpg is current not able to detect already compressed
        * packets.  Thus when using
        *   gpg --unwrap -d | gpg --no-literal -e
        * the encryption would add an additional compression layer.

commit 9bde9144f0c2d0087799511e9b041dc945a4cfa8
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Aug 24 14:21:15 2017 +0200

    core: New public enum gpgme_keyorg_t.
    
    * src/gpgme.h.in (gpgme_keyorg_t): New.
    * src/keylist.c (parse_keyorg): New.
    (keylist_colon_handler): Set key->ORIGIN.
    --
    
    This finally set the key origin value form data supplied by recent gpg
    versions.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/src/gpgme.h.in b/src/gpgme.h.in
index 8afc276..31a9060 100644
--- a/src/gpgme.h.in
+++ b/src/gpgme.h.in
@@ -330,6 +330,21 @@ typedef enum
 gpgme_tofu_policy_t;
 
 
+/* The key origin values. */
+typedef enum
+  {
+    GPGME_KEYORG_UNKNOWN      = 0,
+    GPGME_KEYORG_KS           = 1,
+    GPGME_KEYORG_DANE         = 3,
+    GPGME_KEYORG_WKD          = 4,
+    GPGME_KEYORG_URL          = 5,
+    GPGME_KEYORG_FILE         = 6,
+    GPGME_KEYORG_SELF         = 7,
+    GPGME_KEYORG_OTHER        = 31
+  }
+gpgme_keyorg_t;
+
+
 /* The available protocols.  */
 typedef enum
   {
@@ -697,7 +712,7 @@ struct _gpgme_user_id
   /* The malloced TOFU information or NULL.  */
   gpgme_tofu_info_t tofu;
 
-  /* Time of the last refresh of thsi user id.  0 if unknown.  */
+  /* Time of the last refresh of this user id.  0 if unknown.  */
   unsigned long last_update;
 };
 typedef struct _gpgme_user_id *gpgme_user_id_t;
diff --git a/src/keylist.c b/src/keylist.c
index 5e1c61e..24a9b0b 100644
--- a/src/keylist.c
+++ b/src/keylist.c
@@ -376,6 +376,25 @@ set_ownertrust (gpgme_key_t key, const char *src)
 }
 
 
+static gpgme_keyorg_t
+parse_keyorg (const char *string)
+{
+  switch (atoi (string))
+    {
+    case 0: return GPGME_KEYORG_UNKNOWN;
+    case 1:
+    case 2:
+      return GPGME_KEYORG_KS;
+    case 3: return GPGME_KEYORG_DANE;
+    case 4: return GPGME_KEYORG_WKD;
+    case 5: return GPGME_KEYORG_URL;
+    case 6: return GPGME_KEYORG_FILE;
+    case 7: return GPGME_KEYORG_SELF;
+    default: return GPGME_KEYORG_OTHER;
+    }
+}
+
+
 /* Parse field 15 of a secret key or subkey.  This fields holds a
    reference to smartcards.  FIELD is the content of the field and we
    are allowed to modify it.  */
@@ -719,7 +738,7 @@ keylist_colon_handler (void *priv, char *line)
       if (fields >= 20)
         {
           key->last_update = _gpgme_parse_timestamp_ul (field[18]);
-          key->origin = 0; /* Fixme: Not yet defined in gpg.  */
+          key->origin = parse_keyorg (field[19]);
         }
 
       break;
@@ -814,7 +833,7 @@ keylist_colon_handler (void *priv, char *line)
           if (fields >= 20)
             {
               opd->tmp_uid->last_update = _gpgme_parse_timestamp_ul (field[18]);
-              opd->tmp_uid->origin = 0; /* Fixme: Not yet defined in gpg.  */
+              opd->tmp_uid->origin = parse_keyorg (field[19]);
             }
 	}
       break;

-----------------------------------------------------------------------

Summary of changes:
 NEWS             | 28 ++++++++++++++--------------
 configure.ac     |  4 ++--
 src/engine-gpg.c |  2 +-
 src/gpgme.h.in   | 17 ++++++++++++++++-
 src/keylist.c    | 23 +++++++++++++++++++++--
 5 files changed, 54 insertions(+), 20 deletions(-)


hooks/post-receive
-- 
GnuPG Made Easy
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Aug 24 17:22:36 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 24 Aug 2017 17:22:36 +0200
Subject: [git] GPGME - branch, master, updated. gpgme-1.9.0-73-g47f61df
Message-ID: <E1dktxs-0001kS-SZ@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".

The branch, master has been updated
       via  47f61df0704485b8165c9cf2a27ad57bcd864239 (commit)
      from  6745eb69e27bc73fece88c5e4e0b0bca13fa8b11 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 47f61df0704485b8165c9cf2a27ad57bcd864239
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Aug 24 17:17:11 2017 +0200

    core: New context flag "auto-key-retrieve"
    
    * src/gpgme.c (gpgme_set_ctx_flag, gpgme_get_ctx_flag): New flag
    "auto-key-retrieve".
    * src/context.h (gpgme_context): New field auto_key_retrieve.
    * src/engine-backend.h (struct engine_ops): Add arg auto_key_retrieve
    to field 'decrypt'.
    * src/engine-gpg.c (gpg_decrypt): Add arg auto_key_retrieve and pass
    option --auto-key-retrieve to gpg.  Adjust all callers.
    (gpg_verify): Ditto.
    * src/engine-gpgsm.c (gpgsm_decrypt): Add dummy arg auto_key_retrieve.
    * src/engine-uiserver.c (uiserver_decrypt): Ditto.
    * tests/run-verify.c (main): Add option --auto-key-retrieve.
    --
    
    This makes the --auto-key-retrieve option available in the GPGME API.
    
    Test plan:
    Run
    
      GPGME_DEBUG=9:out tests/run-verify SIGNEDFILE
    
    with and without its new option --auto-key-retrieve and check in the
    trace stored in "out" whether --auto-key-retrieve was passed to gpg.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/NEWS b/NEWS
index 25552ad..71d9600 100644
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,7 @@ Noteworthy changes in version 1.10.0 (unreleased)
  GPGME_DELETE_ALLOW_SECRET   NEW.
  GPGME_DELETE_FORCE          NEW.
  gpgme_op_conf_dir           NEW.
+ gpgme_set_ctx_flag          EXTENDED: New flag 'auto-key-retrieve'.
  cpp: DecryptionResult::isDeVs NEW.
  cpp: Signature::isDeVs        NEW.
  py: DecryptResult           EXTENDED: New boolean field 'is_de_vs'.
diff --git a/doc/gpgme.texi b/doc/gpgme.texi
index 5df54f5..8dcc86e 100644
--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@@ -3055,6 +3055,16 @@ the context flag "export-session-key" is enabled.  Please be aware that
 using this feature with GnuPG < 2.1.16 will leak the session key on
 many platforms via ps(1).
 
+ at item "auto-key-retrieve"
+Setting the @var{value} to "1" asks the backend to automatically
+retrieve a key for signature verification if possible.  Note that this
+option makes a "web bug" like behavior possible.  Keyserver or Web Key
+Directory operators can see which keys you request, so by sending you
+a message signed by a brand new key (which you naturally will not have
+on your local keyring), the operator can tell both your IP address and
+the time when you verified the signature.
+
+
 @end table
 
 This function returns @code{0} on success.
diff --git a/src/context.h b/src/context.h
index d0542d9..1e763d2 100644
--- a/src/context.h
+++ b/src/context.h
@@ -118,6 +118,9 @@ struct gpgme_context
    * flag is cleared with each operation.  */
   unsigned int redraw_suggested : 1;
 
+  /* True if the option --auto-key-retrieve shall be passed to gpg.  */
+  unsigned int auto_key_retrieve : 1;
+
   /* Flags for keylist mode.  */
   gpgme_keylist_mode_t keylist_mode;
 
diff --git a/src/decrypt-verify.c b/src/decrypt-verify.c
index 66cfe94..17f79ac 100644
--- a/src/decrypt-verify.c
+++ b/src/decrypt-verify.c
@@ -86,7 +86,8 @@ decrypt_verify_start (gpgme_ctx_t ctx, int synchronous,
                                    flags,
                                    cipher, plain,
                                    ctx->export_session_keys,
-                                   ctx->override_session_key);
+                                   ctx->override_session_key,
+                                   ctx->auto_key_retrieve);
 }
 
 
diff --git a/src/decrypt.c b/src/decrypt.c
index eb7ec4d..8c2cd4d 100644
--- a/src/decrypt.c
+++ b/src/decrypt.c
@@ -452,7 +452,8 @@ _gpgme_decrypt_start (gpgme_ctx_t ctx, int synchronous,
                                    flags,
                                    cipher, plain,
                                    ctx->export_session_keys,
-                                   ctx->override_session_key);
+                                   ctx->override_session_key,
+                                   ctx->auto_key_retrieve);
 }
 
 
diff --git a/src/engine-backend.h b/src/engine-backend.h
index f41aaeb..421eb16 100644
--- a/src/engine-backend.h
+++ b/src/engine-backend.h
@@ -65,7 +65,8 @@ struct engine_ops
                             gpgme_decrypt_flags_t flags,
                             gpgme_data_t ciph,
 			    gpgme_data_t plain, int export_session_key,
-                            const char *override_session_key);
+                            const char *override_session_key,
+                            int auto_key_retrieve);
   gpgme_error_t (*delete) (void *engine, gpgme_key_t key, unsigned int flags);
   gpgme_error_t (*edit) (void *engine, int type, gpgme_key_t key,
 			 gpgme_data_t out, gpgme_ctx_t ctx /* FIXME */);
diff --git a/src/engine-gpg.c b/src/engine-gpg.c
index 9c0d7f7..5ce04f0 100644
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@@ -1562,7 +1562,8 @@ static gpgme_error_t
 gpg_decrypt (void *engine,
              gpgme_decrypt_flags_t flags,
              gpgme_data_t ciph, gpgme_data_t plain,
-             int export_session_key, const char *override_session_key)
+             int export_session_key, const char *override_session_key,
+             int auto_key_retrieve)
 {
   engine_gpg_t gpg = engine;
   gpgme_error_t err;
@@ -1580,6 +1581,9 @@ gpg_decrypt (void *engine,
   if (!err && export_session_key)
     err = add_arg (gpg, "--show-session-key");
 
+  if (!err && auto_key_retrieve)
+    err = add_arg (gpg, "--auto-key-retrieve");
+
   if (!err && override_session_key && *override_session_key)
     {
       if (have_gpg_version (gpg, "2.1.16"))
@@ -2997,6 +3001,9 @@ gpg_verify (void *engine, gpgme_data_t sig, gpgme_data_t signed_text,
   gpgme_error_t err;
 
   err = append_args_from_sender (gpg, ctx);
+  if (!err && ctx->auto_key_retrieve)
+    err = add_arg (gpg, "--auto-key-retrieve");
+
   if (err)
     ;
   else if (plaintext)
diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c
index f23b0bf..e337fed 100644
--- a/src/engine-gpgsm.c
+++ b/src/engine-gpgsm.c
@@ -1130,7 +1130,8 @@ static gpgme_error_t
 gpgsm_decrypt (void *engine,
                gpgme_decrypt_flags_t flags,
                gpgme_data_t ciph, gpgme_data_t plain,
-               int export_session_key, const char *override_session_key)
+               int export_session_key, const char *override_session_key,
+               int auto_key_retrieve)
 {
   engine_gpgsm_t gpgsm = engine;
   gpgme_error_t err;
@@ -1142,6 +1143,9 @@ gpgsm_decrypt (void *engine,
   (void)export_session_key;
   (void)override_session_key;
 
+  /* --auto-key-retrieve is also not supported.  */
+  (void)auto_key_retrieve;
+
   if (!gpgsm)
     return gpg_error (GPG_ERR_INV_VALUE);
 
diff --git a/src/engine-uiserver.c b/src/engine-uiserver.c
index 3db705d..bc3f3fb 100644
--- a/src/engine-uiserver.c
+++ b/src/engine-uiserver.c
@@ -962,7 +962,8 @@ static gpgme_error_t
 uiserver_decrypt (void *engine,
                   gpgme_decrypt_flags_t flags,
                   gpgme_data_t ciph, gpgme_data_t plain,
-                  int export_session_key, const char *override_session_key)
+                  int export_session_key, const char *override_session_key,
+                  int auto_key_retrieve)
 {
   engine_uiserver_t uiserver = engine;
   gpgme_error_t err;
@@ -972,6 +973,8 @@ uiserver_decrypt (void *engine,
 
   (void)override_session_key; /* Fixme: We need to see now to add this
                                * to the UI server protocol  */
+  (void)auto_key_retrieve;    /* Not yet supported.  */
+
 
   if (!uiserver)
     return gpg_error (GPG_ERR_INV_VALUE);
diff --git a/src/engine.c b/src/engine.c
index 2c7e625..28ba9fd 100644
--- a/src/engine.c
+++ b/src/engine.c
@@ -656,7 +656,8 @@ _gpgme_engine_op_decrypt (engine_t engine,
                           gpgme_decrypt_flags_t flags,
                           gpgme_data_t ciph,
 			  gpgme_data_t plain, int export_session_key,
-                          const char *override_session_key)
+                          const char *override_session_key,
+                          int auto_key_retrieve)
 {
   if (!engine)
     return gpg_error (GPG_ERR_INV_VALUE);
@@ -665,7 +666,8 @@ _gpgme_engine_op_decrypt (engine_t engine,
     return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
 
   return (*engine->ops->decrypt) (engine->engine, flags, ciph, plain,
-                                  export_session_key, override_session_key);
+                                  export_session_key, override_session_key,
+                                  auto_key_retrieve);
 }
 
 
diff --git a/src/engine.h b/src/engine.h
index b71b7e2..0bf1bb2 100644
--- a/src/engine.h
+++ b/src/engine.h
@@ -88,7 +88,8 @@ gpgme_error_t _gpgme_engine_op_decrypt (engine_t engine,
                                         gpgme_data_t ciph,
 					gpgme_data_t plain,
                                         int export_session_key,
-                                        const char *override_session_key);
+                                        const char *override_session_key,
+                                        int auto_key_retrieve);
 gpgme_error_t _gpgme_engine_op_delete (engine_t engine, gpgme_key_t key,
 				       unsigned int flags);
 gpgme_error_t _gpgme_engine_op_edit (engine_t engine, int type,
diff --git a/src/gpgme.c b/src/gpgme.c
index 2b196a2..d0a5afe 100644
--- a/src/gpgme.c
+++ b/src/gpgme.c
@@ -531,6 +531,10 @@ gpgme_set_ctx_flag (gpgme_ctx_t ctx, const char *name, const char *value)
       if (!ctx->override_session_key)
         err = gpg_error_from_syserror ();
     }
+  else if (!strcmp (name, "auto-key-retrieve"))
+    {
+      ctx->auto_key_retrieve = abool;
+    }
   else
     err = gpg_error (GPG_ERR_UNKNOWN_NAME);
 
@@ -568,6 +572,10 @@ gpgme_get_ctx_flag (gpgme_ctx_t ctx, const char *name)
     {
       return ctx->override_session_key? ctx->override_session_key : "";
     }
+  else if (!strcmp (name, "auto-key-retrieve"))
+    {
+      return ctx->auto_key_retrieve? "1":"";
+    }
   else
     return NULL;
 }
diff --git a/tests/run-verify.c b/tests/run-verify.c
index 3abc572..b22e644 100644
--- a/tests/run-verify.c
+++ b/tests/run-verify.c
@@ -222,6 +222,7 @@ show_usage (int ex)
          "  --openpgp        use the OpenPGP protocol (default)\n"
          "  --cms            use the CMS protocol\n"
          "  --sender MBOX    use MBOX as sender address\n"
+         "  --auto-key-retrieve\n"
          , stderr);
   exit (ex);
 }
@@ -231,6 +232,7 @@ int
 main (int argc, char **argv)
 {
   int last_argc = -1;
+  const char *s;
   gpgme_error_t err;
   gpgme_ctx_t ctx;
   gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP;
@@ -241,6 +243,7 @@ main (int argc, char **argv)
   gpgme_verify_result_t result;
   int print_status = 0;
   const char *sender = NULL;
+  int auto_key_retrieve = 0;
 
   if (argc)
     { argc--; argv++; }
@@ -283,6 +286,12 @@ main (int argc, char **argv)
           sender = *argv;
           argc--; argv++;
         }
+      else if (!strcmp (*argv, "--auto-key-retrieve"))
+        {
+          auto_key_retrieve = 1;
+          argc--; argv++;
+        }
+
       else if (!strncmp (*argv, "--", 2))
         show_usage (1);
 
@@ -323,6 +332,18 @@ main (int argc, char **argv)
     }
   /* gpgme_set_ctx_flag (ctx, "raw-description", "1"); */
 
+  if (auto_key_retrieve)
+    {
+      gpgme_set_ctx_flag (ctx, "auto-key-retrieve", "1");
+      s = gpgme_get_ctx_flag (ctx, "auto-key-retrieve");
+      if (!s || strcmp (s, "1"))
+        {
+          fprintf (stderr, PGM ": gpgme_get_ctx_flag failed for '%s'\n",
+                   "auto-key-retrieve");
+          exit (1);
+        }
+    }
+
   if (sender)
     {
       err = gpgme_set_sender (ctx, sender);

-----------------------------------------------------------------------

Summary of changes:
 NEWS                  |  1 +
 doc/gpgme.texi        | 10 ++++++++++
 src/context.h         |  3 +++
 src/decrypt-verify.c  |  3 ++-
 src/decrypt.c         |  3 ++-
 src/engine-backend.h  |  3 ++-
 src/engine-gpg.c      |  9 ++++++++-
 src/engine-gpgsm.c    |  6 +++++-
 src/engine-uiserver.c |  5 ++++-
 src/engine.c          |  6 ++++--
 src/engine.h          |  3 ++-
 src/gpgme.c           |  8 ++++++++
 tests/run-verify.c    | 21 +++++++++++++++++++++
 13 files changed, 72 insertions(+), 9 deletions(-)


hooks/post-receive
-- 
GnuPG Made Easy
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Aug 24 17:47:52 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 24 Aug 2017 17:47:52 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.2-base-15-g02a5df6
Message-ID: <E1dkuMM-0005tP-3N@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  02a5df614a369519ad7781f95dc977e24a0d4277 (commit)
      from  565e486b8028f9e3cc51ebc5202666b598042175 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 02a5df614a369519ad7781f95dc977e24a0d4277
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Aug 24 17:44:02 2017 +0200

    build: Remove obsolete option from autogen.rc
    
    * autogen.rc: Remove --enable-gpg2-is-gpg.
    --
    
    This option is now the default.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/autogen.rc b/autogen.rc
index 3694817..6835929 100644
--- a/autogen.rc
+++ b/autogen.rc
@@ -5,10 +5,10 @@
 case "$myhost:$myhostsub" in
   w32:ce)
     extraoptions="--enable-dirmngr-auto-start --disable-scdaemon "
-    extraoptions="$extraoptions --disable-zip --enable-gpg2-is-gpg"
+    extraoptions="$extraoptions --disable-zip"
     ;;
   w32:)
-    extraoptions="--enable-gpgtar --enable-gpg2-is-gpg"
+    extraoptions="--enable-gpgtar"
     ;;
 esac
 

-----------------------------------------------------------------------

Summary of changes:
 autogen.rc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Aug 24 20:30:41 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 24 Aug 2017 20:30:41 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.2-base-17-gb065a69
Message-ID: <E1dkwtu-0001VC-FX@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  b065a696344eac3007dbd5642143ecaaeebab43a (commit)
       via  757302cc7a94633cd9bda5eb4dbe5c6e804b957b (commit)
      from  02a5df614a369519ad7781f95dc977e24a0d4277 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b065a696344eac3007dbd5642143ecaaeebab43a
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Aug 24 20:26:19 2017 +0200

    gpg: Fix memory leak in sig-check.
    
    * g10/sig-check.c (check_signature_over_key_or_uid): Remove useless
    condition.  Actually free when SIGNER was allocated by us.
    --
    
    SIGNER_ALLOCATED never received a value of -1 but that was tested.
    
    IF SIGNER_ALLOCATED was 2 the memory was never freed:
    
      if (signer_allocated == 1)
        if (signer_allocated == 2)
          free()
    
    Fixes-commit: 44cdb9d73f1a0b7d2c8483a119b9c4d6caabc1ec
    
    This function needs to be audited more thoroughly.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/sig-check.c b/g10/sig-check.c
index a4ef142..23af12b 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -878,6 +878,9 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
               if (ret_pk)
                 {
                   signer = ret_pk;
+                  /* FIXME: Using memset here is probematic because it
+                   * assumes that there are no allocated fields in
+                   * SIGNER.  */
                   memset (signer, 0, sizeof (*signer));
                   signer_alloced = 1;
                 }
@@ -956,10 +959,10 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
   gcry_md_close (md);
 
  leave:
-  if (! rc && ret_pk && (signer_alloced == -1 || ret_pk != signer))
+  if (! rc && ret_pk && ret_pk != signer)
     copy_public_key (ret_pk, signer);
 
-  if (signer_alloced == 1)
+  if (signer_alloced)
     {
       /* We looked up SIGNER; it is not a pointer into KB.  */
       release_public_key_parts (signer);

commit 757302cc7a94633cd9bda5eb4dbe5c6e804b957b
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Aug 24 19:19:23 2017 +0200

    indent: Change comment style on two functions
    
    --
    
    This is to make those function better readable.
    
      if (foo)
         /* Comment */
         {
    
         }
    
    is bad style because it requires extra time to notice the begin of the
    block and vice versa when noticing the block it is not clear whether
    this is an conditioned or unconditioned block.
    
    Having asterisks on the left is better for view impaired people and
    for b/w printouts.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/sig-check.c b/g10/sig-check.c
index 60e988e..a4ef142 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -738,38 +738,38 @@ check_key_signature (ctrl_t ctrl, kbnode_t root, kbnode_t node,
 
 
 /* Returns whether SIGNER generated the signature SIG over the packet
-   PACKET, which is a key, subkey or uid, and comes from the key block
-   KB.  (KB is PACKET's corresponding keyblock; we don't assume that
-   SIG has been added to the keyblock.)
-
-   If SIGNER is set, then checks whether SIGNER generated the
-   signature.  Otherwise, uses SIG->KEYID to find the alleged signer.
-   This parameter can be used to effectively override the alleged
-   signer that is stored in SIG.
-
-   KB may be NULL if SIGNER is set.
-
-   Unlike check_key_signature, this function ignores any cached
-   results!  That is, it does not consider SIG->FLAGS.CHECKED and
-   SIG->FLAGS.VALID nor does it set them.
-
-   This doesn't check the signature's semantic mean.  Concretely, it
-   doesn't check whether a non-self signed revocation signature was
-   created by a designated revoker.  In fact, it doesn't return an
-   error for a binding generated by a completely different key!
-
-   Returns 0 if the signature is valid.  Returns GPG_ERR_SIG_CLASS if
-   this signature can't be over PACKET.  Returns GPG_ERR_NOT_FOUND if
-   the key that generated the signature (according to SIG) could not
-   be found.  Returns GPG_ERR_BAD_SIGNATURE if the signature is bad.
-   Other errors codes may be returned if something else goes wrong.
-
-   IF IS_SELFSIG is not NULL, sets *IS_SELFSIG to 1 if this is a
-   self-signature (by the key's primary key) or 0 if not.
-
-   If RET_PK is not NULL, returns a copy of the public key that
-   generated the signature (i.e., the signer) on success.  This must
-   be released by the caller using release_public_key_parts ().  */
+ * PACKET, which is a key, subkey or uid, and comes from the key block
+ * KB.  (KB is PACKET's corresponding keyblock; we don't assume that
+ * SIG has been added to the keyblock.)
+ *
+ * If SIGNER is set, then checks whether SIGNER generated the
+ * signature.  Otherwise, uses SIG->KEYID to find the alleged signer.
+ * This parameter can be used to effectively override the alleged
+ * signer that is stored in SIG.
+ *
+ * KB may be NULL if SIGNER is set.
+ *
+ * Unlike check_key_signature, this function ignores any cached
+ * results!  That is, it does not consider SIG->FLAGS.CHECKED and
+ * SIG->FLAGS.VALID nor does it set them.
+ *
+ * This doesn't check the signature's semantic mean.  Concretely, it
+ * doesn't check whether a non-self signed revocation signature was
+ * created by a designated revoker.  In fact, it doesn't return an
+ * error for a binding generated by a completely different key!
+ *
+ * Returns 0 if the signature is valid.  Returns GPG_ERR_SIG_CLASS if
+ * this signature can't be over PACKET.  Returns GPG_ERR_NOT_FOUND if
+ * the key that generated the signature (according to SIG) could not
+ * be found.  Returns GPG_ERR_BAD_SIGNATURE if the signature is bad.
+ * Other errors codes may be returned if something else goes wrong.
+ *
+ * IF IS_SELFSIG is not NULL, sets *IS_SELFSIG to 1 if this is a
+ * self-signature (by the key's primary key) or 0 if not.
+ *
+ * If RET_PK is not NULL, returns a copy of the public key that
+ * generated the signature (i.e., the signer) on success.  This must
+ * be released by the caller using release_public_key_parts ().  */
 gpg_error_t
 check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
                                  PKT_signature *sig, KBNODE kb, PACKET *packet,
@@ -796,8 +796,8 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
       /* Primary key revocation.  */
       || sig->sig_class == 0x20)
     {
+      /* Key revocations can only be over primary keys.  */
       if (packet->pkttype != PKT_PUBLIC_KEY)
-        /* Key revocations can only be over primary keys.  */
         return gpg_error (GPG_ERR_SIG_CLASS);
     }
   else if (/* Subkey binding.  */
@@ -840,19 +840,19 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
       /* Get the signer.  If possible, avoid a look up.  */
       if (sig->keyid[0] == pripk->keyid[0]
           && sig->keyid[1] == pripk->keyid[1])
-        /* Issued by the primary key.  */
         {
+          /* Issued by the primary key.  */
           signer = pripk;
           if (is_selfsig)
             *is_selfsig = 1;
         }
       else
         {
+          /* See if one of the subkeys was the signer (although this
+             is extremely unlikely).  */
           kbnode_t ctx = NULL;
           kbnode_t n;
 
-          /* See if one of the subkeys was the signer (although this
-             is extremely unlikely).  */
           while ((n = walk_kbnode (kb, &ctx, 0)))
             {
               PKT_public_key *subk;
@@ -863,16 +863,16 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
               subk = n->pkt->pkt.public_key;
               if (sig->keyid[0] == subk->keyid[0]
                   && sig->keyid[1] == subk->keyid[1])
-                /* Issued by a subkey.  */
                 {
+                  /* Issued by a subkey.  */
                   signer = subk;
                   break;
                 }
             }
 
           if (! signer)
-            /* Signer by some other key.  */
             {
+              /* Signer by some other key.  */
               if (is_selfsig)
                 *is_selfsig = 0;
               if (ret_pk)
@@ -893,14 +893,14 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
                   xfree (signer);
                   signer = NULL;
                   signer_alloced = 0;
-                  goto out;
+                  goto leave;
                 }
             }
         }
     }
 
   /* We checked above that we supported this algo, so an error here is
-     a bug.  */
+   * a bug.  */
   if (gcry_md_open (&md, sig->digest_algo, 0))
     BUG ();
 
@@ -916,7 +916,7 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
       rc = check_signature_end_simple (signer, sig, md);
     }
   else if (/* Primary key binding (made by a subkey).  */
-      sig->sig_class == 0x19)
+           sig->sig_class == 0x19)
     {
       log_assert (packet->pkttype == PKT_PUBLIC_KEY);
       hash_public_key (md, packet->pkt.public_key);
@@ -947,27 +947,31 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
       rc = check_signature_end_simple (signer, sig, md);
     }
   else
-    /* We should never get here.  (The first if above should have
-       already caught this error.)  */
-    BUG ();
+    {
+      /* We should never get here.  (The first if above should have
+       * already caught this error.)  */
+      BUG ();
+    }
 
   gcry_md_close (md);
 
- out:
+ leave:
   if (! rc && ret_pk && (signer_alloced == -1 || ret_pk != signer))
     copy_public_key (ret_pk, signer);
+
   if (signer_alloced == 1)
-    /* We looked up SIGNER; it is not a pointer into KB.  */
     {
+      /* We looked up SIGNER; it is not a pointer into KB.  */
       release_public_key_parts (signer);
+      /* Free if we also allocated the memory.  */
       if (signer_alloced == 2)
-        /* We also allocated the memory.  */
         xfree (signer);
     }
 
   return rc;
 }
 
+
 /* Check that a signature over a key (e.g., a key revocation, key
  * binding, user id certification, etc.) is valid.  If the function
  * detects a self-signature, it uses the public key from the specified
@@ -1027,9 +1031,9 @@ check_key_signature2 (ctrl_t ctrl,
   algo = sig->digest_algo;
 
   /* Check whether we have cached the result of a previous signature
-     check.  Note that we may no longer have the pubkey or hash
-     needed to verify a sig, but can still use the cached value.  A
-     cache refresh detects and clears these cases. */
+   * check.  Note that we may no longer have the pubkey or hash
+   * needed to verify a sig, but can still use the cached value.  A
+   * cache refresh detects and clears these cases. */
   if ( !opt.no_sig_cache )
     {
       cache_stats.total++;
@@ -1045,7 +1049,7 @@ check_key_signature2 (ctrl_t ctrl,
                 *is_selfsig = 1;
 	    }
           /* BUG: This is wrong for non-self-sigs... needs to be the
-             actual pk.  */
+           * actual pk.  */
           rc = check_signature_metadata_validity (pk, sig, r_expired, NULL);
           if (rc)
             return rc;
@@ -1094,13 +1098,15 @@ check_key_signature2 (ctrl_t ctrl,
           rc = check_signature_metadata_validity (pk, sig,
                                                   r_expired, NULL);
           if (! rc)
-            /* 0x28 must be a self-sig, but 0x18 needn't be.  */
-            rc = check_signature_over_key_or_uid (ctrl,
-                                                  sig->sig_class == 0x18
-                                                  ? NULL : pk,
-                                                  sig, root, snode->pkt,
-                                                  is_selfsig, ret_pk);
-	}
+            {
+              /* 0x28 must be a self-sig, but 0x18 needn't be.  */
+              rc = check_signature_over_key_or_uid (ctrl,
+                                                    sig->sig_class == 0x18
+                                                    ? NULL : pk,
+                                                    sig, root, snode->pkt,
+                                                    is_selfsig, ret_pk);
+            }
+        }
       else
         {
           if (opt.verbose)
@@ -1137,11 +1143,13 @@ check_key_signature2 (ctrl_t ctrl,
           {
             rc = check_signature_metadata_validity (pk, sig, r_expired, NULL);
             if (! rc)
-              /* If this is a self-sig, ignore check_pk.  */
-              rc = check_signature_over_key_or_uid
-                (ctrl,
-                 keyid_cmp (pk_keyid (pk), sig->keyid) == 0 ? pk : check_pk,
-                 sig, root, unode->pkt, NULL, ret_pk);
+              {
+                /* If this is a self-sig, ignore check_pk.  */
+                rc = check_signature_over_key_or_uid
+                  (ctrl,
+                   keyid_cmp (pk_keyid (pk), sig->keyid) == 0 ? pk : check_pk,
+                   sig, root, unode->pkt, NULL, ret_pk);
+              }
           }
 	else
 	  {

-----------------------------------------------------------------------

Summary of changes:
 g10/sig-check.c | 141 ++++++++++++++++++++++++++++++--------------------------
 1 file changed, 76 insertions(+), 65 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Aug 24 22:14:50 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 24 Aug 2017 22:14:50 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.2-base-18-g13821e1
Message-ID: <E1dkyWh-0003FZ-IT@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  13821e15fb9bdddfce79d88731c0f151724b2371 (commit)
      from  b065a696344eac3007dbd5642143ecaaeebab43a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 13821e15fb9bdddfce79d88731c0f151724b2371
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Aug 24 22:06:59 2017 +0200

    gpg: Fix memory leak while running --check-trustdb.
    
    * g10/trustdb.c (update_min_ownertrust): Free PK.
    --
    
    This bug was revealed by the new trust-pgp-2.scm test.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/trustdb.c b/g10/trustdb.c
index e2c3bda..92c1ca5 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -797,6 +797,7 @@ update_min_ownertrust (ctrl_t ctrl, u32 *kid, unsigned int new_trust)
     {
       log_error (_("public key %s not found: %s\n"),
                  keystr (kid), gpg_strerror (err));
+      xfree (pk);
       return;
     }
 
@@ -836,6 +837,8 @@ update_min_ownertrust (ctrl_t ctrl, u32 *kid, unsigned int new_trust)
     {
       tdbio_invalid ();
     }
+
+  free_public_key (pk);
 }
 
 

-----------------------------------------------------------------------

Summary of changes:
 g10/trustdb.c | 3 +++
 1 file changed, 3 insertions(+)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Aug 25 10:24:44 2017
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Fri, 25 Aug 2017 10:24:44 +0200
Subject: [git] GpgOL - branch, master, updated. gpgol-1.4.0-283-gef038f2
Message-ID: <E1dl9v3-00048w-6b@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".

The branch, master has been updated
       via  ef038f2d1db15ef14c238137c1c42a99bbe25f42 (commit)
      from  92672a4b10b1ebe7188caefc78bc6025bee8114d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ef038f2d1db15ef14c238137c1c42a99bbe25f42
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Fri Aug 25 10:22:08 2017 +0200

    Fix handling of inline PGP Mails with attachment
    
    * src/mapihelp.cpp (mapi_mark_or_create_moss_attach): Repeat check
    after attachment creation.
    
    --
    The created MOSS attachment does not neccessary has position 1
    it might change depending on the attachment count so the wrong
    attachment may be picked up. Repeat the check for our newly
    created attachment in that case.
    
    GnuPG-Bug-Id: T3365

diff --git a/src/mapihelp.cpp b/src/mapihelp.cpp
index 5c29b6c..02a6556 100644
--- a/src/mapihelp.cpp
+++ b/src/mapihelp.cpp
@@ -3657,7 +3657,12 @@ mapi_mark_or_create_moss_attach (LPMESSAGE message, msgtype_t msgtype)
                      SRCNAME, __func__);
           return 0;
         }
-      return 1;
+      log_debug ("%s:%s: Created body attachment. Repeating lookup.",
+                 SRCNAME, __func__);
+      /* The position of the MOSS attach might change depending on
+         the attachment count of the mail. So repeat the check to get
+         the right position. */
+      return mapi_mark_or_create_moss_attach (message, msgtype);
     }
   if (!table)
     {

-----------------------------------------------------------------------

Summary of changes:
 src/mapihelp.cpp | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
GnuPG extension for MS Outlook
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Aug 25 11:11:11 2017
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Fri, 25 Aug 2017 11:11:11 +0200
Subject: [git] GpgOL - branch, master, updated. gpgol-1.4.0-285-g030907d
Message-ID: <E1dlAe0-0004Hn-0n@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".

The branch, master has been updated
       via  030907daeb75774b67ffe9d8a36a481c8fed4673 (commit)
       via  62e48a46f8573361ac51fa0ca69c1b9fdec12a20 (commit)
      from  ef038f2d1db15ef14c238137c1c42a99bbe25f42 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 030907daeb75774b67ffe9d8a36a481c8fed4673
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Fri Aug 25 11:10:02 2017 +0200

    Add more debug output during parsing
    
    * src/mail.cpp (Mail::decrypt_verify): Put out parser + subject.
    * src/parsecontroller.cpp (ParseController::parse): Add more debug.
    
    --
    This should show it better where we hand of control to gpgme / gnupg.

diff --git a/src/mail.cpp b/src/mail.cpp
index 8881223..e7a2a51 100644
--- a/src/mail.cpp
+++ b/src/mail.cpp
@@ -745,6 +745,8 @@ Mail::decrypt_verify()
 
   m_parser = std::shared_ptr <ParseController> (new ParseController (cipherstream, m_type));
   m_parser->setSender(GpgME::UserID::addrSpecFromString(get_sender().c_str()));
+  log_mime_parser ("%s:%s: Parser for \"%s\" is %p",
+                   SRCNAME, __func__, get_subject ().c_str(), m_parser.get());
   gpgol_release (cipherstream);
 
   HANDLE parser_thread = CreateThread (NULL, 0, do_parsing, (LPVOID) this, 0,
diff --git a/src/parsecontroller.cpp b/src/parsecontroller.cpp
index 4fcedb7..25cdc5e 100644
--- a/src/parsecontroller.cpp
+++ b/src/parsecontroller.cpp
@@ -276,8 +276,8 @@ ParseController::parse()
     }
 
   Data output (m_outputprovider);
-  log_debug ("%s:%s: decrypt: %i verify: %i with protocol: %s sender: %s",
-             SRCNAME, __func__,
+  log_debug ("%s:%s:%p decrypt: %i verify: %i with protocol: %s sender: %s",
+             SRCNAME, __func__, this,
              decrypt, verify,
              protocol == OpenPGP ? "OpenPGP" :
              protocol == CMS ? "CMS" : "Unknown",
@@ -286,6 +286,8 @@ ParseController::parse()
     {
       input.seek (0, SEEK_SET);
       auto combined_result = ctx->decryptAndVerify(input, output);
+      log_debug ("%s:%s:%p decrypt / verify done.",
+                 SRCNAME, __func__, this);
       m_decrypt_result = combined_result.first;
       m_verify_result = combined_result.second;
 
@@ -321,6 +323,8 @@ ParseController::parse()
         {
           sig->seek (0, SEEK_SET);
           m_verify_result = ctx->verifyDetachedSignature(*sig, input);
+          log_debug ("%s:%s:%p verify done.",
+                     SRCNAME, __func__, this);
           /* Copy the input to output to do a mime parsing. */
           char buf[4096];
           input.seek (0, SEEK_SET);
@@ -337,8 +341,8 @@ ParseController::parse()
         }
     }
   delete ctx;
-  log_debug ("%s:%s: decrypt err: %i verify err: %i",
-             SRCNAME, __func__, m_decrypt_result.error().code(),
+  log_debug ("%s:%s:%p: decrypt err: %i verify err: %i",
+             SRCNAME, __func__, this, m_decrypt_result.error().code(),
              m_verify_result.error().code());
 
   TRACEPOINT;

commit 62e48a46f8573361ac51fa0ca69c1b9fdec12a20
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Fri Aug 25 10:53:59 2017 +0200

    Fix compliance mode check
    
    * src/mail.cpp (in_de_vs_mode): Fix logic.
    
    --
    Yeah it shows that I coded too little C in the last year...

diff --git a/src/mail.cpp b/src/mail.cpp
index 1f65f44..8881223 100644
--- a/src/mail.cpp
+++ b/src/mail.cpp
@@ -91,9 +91,9 @@ in_de_vs_mode()
         {
           for (const auto &option: component.options ())
             {
-              if (option.name () && strcmp (option.name (), "compliance") &&
+              if (option.name () && !strcmp (option.name (), "compliance") &&
                   option.currentValue ().stringValue () &&
-                  stricmp (option.currentValue ().stringValue (), "de-vs"))
+                  !stricmp (option.currentValue ().stringValue (), "de-vs"))
                 {
                   log_debug ("%s:%s: Detected de-vs mode",
                              SRCNAME, __func__);

-----------------------------------------------------------------------

Summary of changes:
 src/mail.cpp            |  6 ++++--
 src/parsecontroller.cpp | 12 ++++++++----
 2 files changed, 12 insertions(+), 6 deletions(-)


hooks/post-receive
-- 
GnuPG extension for MS Outlook
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Aug 25 13:14:20 2017
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Fri, 25 Aug 2017 13:14:20 +0200
Subject: [git] GpgOL - branch, master, updated. gpgol-1.4.0-286-g5b76bd7
Message-ID: <E1dlCZB-000156-1B@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".

The branch, master has been updated
       via  5b76bd71f39d8730fdb56b761072d7be99050a5c (commit)
      from  030907daeb75774b67ffe9d8a36a481c8fed4673 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 5b76bd71f39d8730fdb56b761072d7be99050a5c
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Fri Aug 25 13:12:06 2017 +0200

    Delete Body MAPI Props after MIME creation
    
    * src/mimemaker.cpp (finalize_message): Delete Body Props.
    
    --
    
    Somehow this is now required. For outgoing mails over SMTP
    the body is removed when the mime structure of our mime attachment
    is used. But for exchange <> exchange or in the sent mail
    folder this no longer happens. Causing a plain text leak.
    
    We now explicitly delete the MAPI Body after our attachment
    is created.
    
    GnuPG-Bug-Id: T3369

diff --git a/src/mimemaker.cpp b/src/mimemaker.cpp
index 000d075..4bc6079 100644
--- a/src/mimemaker.cpp
+++ b/src/mimemaker.cpp
@@ -1142,6 +1142,7 @@ finalize_message (LPMESSAGE message, mapi_attach_item_t *att_table,
 {
   HRESULT hr;
   SPropValue prop;
+  SPropTagArray proparray;
 
   /* Set the message class.  */
   prop.ulPropTag = PR_MESSAGE_CLASS_A;
@@ -1196,6 +1197,24 @@ finalize_message (LPMESSAGE message, mapi_attach_item_t *att_table,
       return -1;
     }
 
+  proparray.cValues = 1;
+  proparray.aulPropTag[0] = PR_BODY;
+  hr = message->DeleteProps (&proparray, NULL);
+  if (hr)
+    {
+      log_debug_w32 (hr, "%s:%s: deleting PR_BODY failed",
+                     SRCNAME, __func__);
+    }
+
+  proparray.cValues = 1;
+  proparray.aulPropTag[0] = PR_BODY_HTML;
+  hr = message->DeleteProps (&proparray, NULL);
+  if (hr)
+    {
+      log_debug_w32 (hr, "%s:%s: deleting PR_BODY_HTML failed",
+                     SRCNAME, __func__);
+    }
+
   /* Remove the draft info so that we don't leak the information on
      whether the message has been signed etc.  */
   mapi_set_gpgol_draft_info (message, NULL);

-----------------------------------------------------------------------

Summary of changes:
 src/mimemaker.cpp | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)


hooks/post-receive
-- 
GnuPG extension for MS Outlook
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Aug 25 13:52:03 2017
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Fri, 25 Aug 2017 13:52:03 +0200
Subject: [git] GpgOL - branch, master, updated. gpgol-1.4.0-287-g184b78e
Message-ID: <E1dlD9g-0007eX-2T@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".

The branch, master has been updated
       via  184b78e3b865bf00006c3e02928452de0cae6d9c (commit)
      from  5b76bd71f39d8730fdb56b761072d7be99050a5c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 184b78e3b865bf00006c3e02928452de0cae6d9c
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Fri Aug 25 13:51:09 2017 +0200

    Only do debug output if enableDebug is set
    
    * src/common_indep.c (do_log): Abort if enable_debug is
    not set.
    
    --
    This is more in line with what users expect.

diff --git a/src/common_indep.c b/src/common_indep.c
index a3009c7..7f4415f 100644
--- a/src/common_indep.c
+++ b/src/common_indep.c
@@ -530,6 +530,9 @@ do_log (const char *fmt, va_list a, int w32err, int err,
     return;
 
 #ifdef HAVE_W32_SYSTEM
+  if (!opt.enable_debug)
+    return;
+
   if (lock_log ())
     return;
 #endif

-----------------------------------------------------------------------

Summary of changes:
 src/common_indep.c | 3 +++
 1 file changed, 3 insertions(+)


hooks/post-receive
-- 
GnuPG extension for MS Outlook
http://git.gnupg.org



From cvs at cvs.gnupg.org  Sun Aug 27 09:40:13 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Sun, 27 Aug 2017 09:40:13 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.8.0-16-geb8f352
Message-ID: <E1dlsB3-0005ZK-JU@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  eb8f35243916132e10125e9e9edb066e8f1edd08 (commit)
       via  80fd8615048c3897b91a315cca22ab139b056ccd (commit)
       via  bf76acbf0da6b0f245e491bec12c0f0a1b5be7c9 (commit)
       via  5417a29336426d310c3e012b148bcb20ef9ca85c (commit)
      from  a7bd2cbd3eabda88fb3cac5cbc13c21c97a7b315 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit eb8f35243916132e10125e9e9edb066e8f1edd08
Author: Werner Koch <wk at gnupg.org>
Date:   Sun Aug 27 09:36:37 2017 +0200

    Post release updates
    
    --

diff --git a/NEWS b/NEWS
index 39f70a3..8ae0d12 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,7 @@
+Noteworthy changes in version 1.8.2 (unreleased)  [C22/A2/R2]
+------------------------------------------------
+
+
 Noteworthy changes in version 1.8.1 (2017-08-27)  [C22/A2/R1]
 ------------------------------------------------
 
diff --git a/configure.ac b/configure.ac
index 7a78e30..e24e710 100644
--- a/configure.ac
+++ b/configure.ac
@@ -30,7 +30,7 @@ min_automake_version="1.14"
 # for the LT versions.
 m4_define(mym4_version_major, [1])
 m4_define(mym4_version_minor, [8])
-m4_define(mym4_version_micro, [1])
+m4_define(mym4_version_micro, [2])
 
 # Below is m4 magic to extract and compute the revision number, the
 # decimalized short revision number, a beta version string, and a flag

commit 80fd8615048c3897b91a315cca22ab139b056ccd
Author: Werner Koch <wk at gnupg.org>
Date:   Sun Aug 27 09:22:09 2017 +0200

    Release 1.8.1
    
    * configure.ac: Set LT version to C22/A2/R1.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/NEWS b/NEWS
index 4ca8bc2..39f70a3 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,19 @@
-Noteworthy changes in version 1.8.1 (unreleased)  [C22/A2/R_]
+Noteworthy changes in version 1.8.1 (2017-08-27)  [C22/A2/R1]
 ------------------------------------------------
 
+ * Bug fixes:
+
+   - Mitigate a local side-channel attack on Curve25519 dubbed "May
+     the Fourth be With You".  [CVE-2017-0379] [also in 1.7.9]
+
+   - Add more extra bytes to the pool after reading a seed file.
+
+   - Add the OID SHA384WithECDSA from RFC-7427 to SHA-384.
+
+   - Fix build problems with the Jitter RNG
+
+   - Fix assembler code build problems on Rasbian (ARMv8/AArch32-CE).
+
 
 Noteworthy changes in version 1.8.0 (2017-07-18)  [C22/A2/R0]
 ------------------------------------------------
diff --git a/configure.ac b/configure.ac
index 66e7cd6..7a78e30 100644
--- a/configure.ac
+++ b/configure.ac
@@ -56,7 +56,7 @@ AC_INIT([libgcrypt],[mym4_full_version],[http://bugs.gnupg.org])
 #   (No interfaces changed:                   REVISION++)
 LIBGCRYPT_LT_CURRENT=22
 LIBGCRYPT_LT_AGE=2
-LIBGCRYPT_LT_REVISION=0
+LIBGCRYPT_LT_REVISION=1
 
 
 # If the API is changed in an incompatible way: increment the next counter.

commit bf76acbf0da6b0f245e491bec12c0f0a1b5be7c9
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Fri Aug 25 18:13:28 2017 +0900

    ecc: Add input validation for X25519.
    
    * cipher/ecc.c (ecc_decrypt_raw): Add input validation.
    * mpi/ec.c (ec_p_init): Use scratch buffer for bad points.
    (_gcry_mpi_ec_bad_point): New.
    
    --
    
    Following is the paper describing the attack:
    
        May the Fourth Be With You: A Microarchitectural Side Channel Attack
        on Real-World Applications of Curve25519
        by Daniel Genkin, Luke Valenta, and Yuval Yarom
    
    In the current implementation, we do output checking and it results an
    error for those bad points.  However, when attacked, the computation
    will done with leak of private key, even it will results errors.  To
    mitigate leak, we added input validation.
    
    Note that we only list bad points with MSB=0.  By X25519, MSB is
    always cleared.
    
    In future, we should implement constant-time field computation.  Then,
    this input validation could be removed, if performance is important
    and we are sure for no leak.
    
    CVE-id: CVE-2017-0379
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/cipher/ecc.c b/cipher/ecc.c
index e25bf09..4e3e5b1 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -1628,9 +1628,22 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms)
   if (DBG_CIPHER)
     log_printpnt ("ecc_decrypt    kG", &kG, NULL);
 
-  if (!(flags & PUBKEY_FLAG_DJB_TWEAK)
+  if ((flags & PUBKEY_FLAG_DJB_TWEAK))
+    {
       /* For X25519, by its definition, validation should not be done.  */
-      && !_gcry_mpi_ec_curve_point (&kG, ec))
+      /* (Instead, we do output check.)
+       *
+       * However, to mitigate secret key leak from our implementation,
+       * we also do input validation here.  For constant-time
+       * implementation, we can remove this input validation.
+       */
+      if (_gcry_mpi_ec_bad_point (&kG, ec))
+        {
+          rc = GPG_ERR_INV_DATA;
+          goto leave;
+        }
+    }
+  else if (!_gcry_mpi_ec_curve_point (&kG, ec))
     {
       rc = GPG_ERR_INV_DATA;
       goto leave;
diff --git a/mpi/ec.c b/mpi/ec.c
index a0f7357..4c16603 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -396,6 +396,29 @@ ec_get_two_inv_p (mpi_ec_t ec)
 }
 
 
+static const char *curve25519_bad_points[] = {
+  "0x0000000000000000000000000000000000000000000000000000000000000000",
+  "0x0000000000000000000000000000000000000000000000000000000000000001",
+  "0x00b8495f16056286fdb1329ceb8d09da6ac49ff1fae35616aeb8413b7c7aebe0",
+  "0x57119fd0dd4e22d8868e1c58c45c44045bef839c55b1d0b1248c50a3bc959c5f",
+  "0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec",
+  "0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed",
+  "0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffee",
+  NULL
+};
+
+static gcry_mpi_t
+scanval (const char *string)
+{
+  gpg_err_code_t rc;
+  gcry_mpi_t val;
+
+  rc = _gcry_mpi_scan (&val, GCRYMPI_FMT_HEX, string, 0, NULL);
+  if (rc)
+    log_fatal ("scanning ECC parameter failed: %s\n", gpg_strerror (rc));
+  return val;
+}
+
 
 /* This function initialized a context for elliptic curve based on the
    field GF(p).  P is the prime specifying this field, A is the first
@@ -434,9 +457,17 @@ ec_p_init (mpi_ec_t ctx, enum gcry_mpi_ec_models model,
 
   _gcry_mpi_ec_get_reset (ctx);
 
-  /* Allocate scratch variables.  */
-  for (i=0; i< DIM(ctx->t.scratch); i++)
-    ctx->t.scratch[i] = mpi_alloc_like (ctx->p);
+  if (model == MPI_EC_MONTGOMERY)
+    {
+      for (i=0; i< DIM(ctx->t.scratch) && curve25519_bad_points[i]; i++)
+        ctx->t.scratch[i] = scanval (curve25519_bad_points[i]);
+    }
+  else
+    {
+      /* Allocate scratch variables.  */
+      for (i=0; i< DIM(ctx->t.scratch); i++)
+        ctx->t.scratch[i] = mpi_alloc_like (ctx->p);
+    }
 
   /* Prepare for fast reduction.  */
   /* FIXME: need a test for NIST values.  However it does not gain us
@@ -1572,3 +1603,17 @@ _gcry_mpi_ec_curve_point (gcry_mpi_point_t point, mpi_ec_t ctx)
 
   return res;
 }
+
+
+int
+_gcry_mpi_ec_bad_point (gcry_mpi_point_t point, mpi_ec_t ctx)
+{
+  int i;
+  gcry_mpi_t x_bad;
+
+  for (i = 0; (x_bad = ctx->t.scratch[i]); i++)
+    if (!mpi_cmp (point->x, x_bad))
+      return 1;
+
+  return 0;
+}
diff --git a/src/mpi.h b/src/mpi.h
index b5385b5..aeba7f8 100644
--- a/src/mpi.h
+++ b/src/mpi.h
@@ -296,6 +296,7 @@ void _gcry_mpi_ec_mul_point (mpi_point_t result,
                              gcry_mpi_t scalar, mpi_point_t point,
                              mpi_ec_t ctx);
 int  _gcry_mpi_ec_curve_point (gcry_mpi_point_t point, mpi_ec_t ctx);
+int _gcry_mpi_ec_bad_point (gcry_mpi_point_t point, mpi_ec_t ctx);
 
 gcry_mpi_t _gcry_mpi_ec_ec2os (gcry_mpi_point_t point, mpi_ec_t ectx);
 

commit 5417a29336426d310c3e012b148bcb20ef9ca85c
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Aug 24 11:43:05 2017 +0200

    indent: Typo fix.
    
    --

diff --git a/random/random-csprng.c b/random/random-csprng.c
index 650c438..8cb35e7 100644
--- a/random/random-csprng.c
+++ b/random/random-csprng.c
@@ -115,7 +115,7 @@ static size_t pool_writepos;
 static size_t pool_readpos;
 
 /* This flag is set to true as soon as the pool has been completely
-   filled the first time.  This may happen either by rereading a seed
+   filled the first time.  This may happen either by reading a seed
    file or by adding enough entropy.  */
 static int pool_filled;
 

-----------------------------------------------------------------------

Summary of changes:
 NEWS                   | 19 ++++++++++++++++++-
 cipher/ecc.c           | 17 +++++++++++++++--
 configure.ac           |  4 ++--
 mpi/ec.c               | 51 +++++++++++++++++++++++++++++++++++++++++++++++---
 random/random-csprng.c |  2 +-
 src/mpi.h              |  1 +
 6 files changed, 85 insertions(+), 9 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Sun Aug 27 10:00:50 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Sun, 27 Aug 2017 10:00:50 +0200
Subject: [git] GCRYPT - branch, LIBGCRYPT-1-7-BRANCH,
 updated. libgcrypt-1.7.8-8-ge16a71c
Message-ID: <E1dlsV0-0000Us-GX@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, LIBGCRYPT-1-7-BRANCH has been updated
       via  e16a71c777b7c4ea62be06de5b3cecd3a701a10b (commit)
       via  436fd3b91669583915ead9b466e1968e192d6686 (commit)
       via  da780c8183cccc8f533c8ace8211ac2cb2bdee7b (commit)
      from  cd271dce4cd8479567d1e3c8b65f04abb9445fdf (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e16a71c777b7c4ea62be06de5b3cecd3a701a10b
Author: Werner Koch <wk at gnupg.org>
Date:   Sun Aug 27 09:57:20 2017 +0200

    Post release updates
    
    --

diff --git a/NEWS b/NEWS
index d701a25..14c5ee8 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,7 @@
+Noteworthy changes in version 1.7.10 (unreleased)  [C21/A1/R10]
+-------------------------------------------------
+
+
 Noteworthy changes in version 1.7.9 (2017-08-27)  [C21/A1/R9]
 ------------------------------------------------
 
diff --git a/configure.ac b/configure.ac
index c3567eb..76e25d6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -30,7 +30,7 @@ min_automake_version="1.14"
 # for the LT versions.
 m4_define(mym4_version_major, [1])
 m4_define(mym4_version_minor, [7])
-m4_define(mym4_version_micro, [9])
+m4_define(mym4_version_micro, [10])
 
 # Below is m4 magic to extract and compute the revision number, the
 # decimalized short revision number, a beta version string, and a flag
@@ -56,7 +56,7 @@ AC_INIT([libgcrypt],[mym4_full_version],[http://bugs.gnupg.org])
 #   (No interfaces changed:                   REVISION++)
 LIBGCRYPT_LT_CURRENT=21
 LIBGCRYPT_LT_AGE=1
-LIBGCRYPT_LT_REVISION=9
+LIBGCRYPT_LT_REVISION=10
 
 
 # If the API is changed in an incompatible way: increment the next counter.

commit 436fd3b91669583915ead9b466e1968e192d6686
Author: Werner Koch <wk at gnupg.org>
Date:   Sun Aug 27 09:49:27 2017 +0200

    Release 1.7.9
    
    * configure.ac: Set LT version to C21/A1/R9.

diff --git a/NEWS b/NEWS
index 79c91d6..d701a25 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,11 @@
-Noteworthy changes in version 1.7.9 (unreleased)  [C21/A1/R9]
+Noteworthy changes in version 1.7.9 (2017-08-27)  [C21/A1/R9]
 ------------------------------------------------
 
+ * Bug fixes:
+
+   - Mitigate a local side-channel attack on Curve25519 dubbed "May
+     the Fourth be With You".  [CVE-2017-0379]
+
 
 Noteworthy changes in version 1.7.8 (2017-06-29)  [C21/A1/R8]
 ------------------------------------------------
diff --git a/configure.ac b/configure.ac
index f5d2e5b..c3567eb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -56,7 +56,7 @@ AC_INIT([libgcrypt],[mym4_full_version],[http://bugs.gnupg.org])
 #   (No interfaces changed:                   REVISION++)
 LIBGCRYPT_LT_CURRENT=21
 LIBGCRYPT_LT_AGE=1
-LIBGCRYPT_LT_REVISION=8
+LIBGCRYPT_LT_REVISION=9
 
 
 # If the API is changed in an incompatible way: increment the next counter.

commit da780c8183cccc8f533c8ace8211ac2cb2bdee7b
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Fri Aug 25 18:13:28 2017 +0900

    ecc: Add input validation for X25519.
    
    * cipher/ecc.c (ecc_decrypt_raw): Add input validation.
    * mpi/ec.c (ec_p_init): Use scratch buffer for bad points.
    (_gcry_mpi_ec_bad_point): New.
    
    --
    
    Following is the paper describing the attack:
    
        May the Fourth Be With You: A Microarchitectural Side Channel Attack
        on Real-World Applications of Curve25519
        by Daniel Genkin, Luke Valenta, and Yuval Yarom
    
    In the current implementation, we do output checking and it results an
    error for those bad points.  However, when attacked, the computation
    will done with leak of private key, even it will results errors.  To
    mitigate leak, we added input validation.
    
    Note that we only list bad points with MSB=0.  By X25519, MSB is
    always cleared.
    
    In future, we should implement constant-time field computation.  Then,
    this input validation could be removed, if performance is important
    and we are sure for no leak.
    
    CVE-id: CVE-2017-0379
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
    (cherry picked from commit bf76acbf0da6b0f245e491bec12c0f0a1b5be7c9)

diff --git a/cipher/ecc.c b/cipher/ecc.c
index e25bf09..4e3e5b1 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -1628,9 +1628,22 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms)
   if (DBG_CIPHER)
     log_printpnt ("ecc_decrypt    kG", &kG, NULL);
 
-  if (!(flags & PUBKEY_FLAG_DJB_TWEAK)
+  if ((flags & PUBKEY_FLAG_DJB_TWEAK))
+    {
       /* For X25519, by its definition, validation should not be done.  */
-      && !_gcry_mpi_ec_curve_point (&kG, ec))
+      /* (Instead, we do output check.)
+       *
+       * However, to mitigate secret key leak from our implementation,
+       * we also do input validation here.  For constant-time
+       * implementation, we can remove this input validation.
+       */
+      if (_gcry_mpi_ec_bad_point (&kG, ec))
+        {
+          rc = GPG_ERR_INV_DATA;
+          goto leave;
+        }
+    }
+  else if (!_gcry_mpi_ec_curve_point (&kG, ec))
     {
       rc = GPG_ERR_INV_DATA;
       goto leave;
diff --git a/mpi/ec.c b/mpi/ec.c
index 3ac0547..1469339 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -382,6 +382,29 @@ ec_get_two_inv_p (mpi_ec_t ec)
 }
 
 
+static const char *curve25519_bad_points[] = {
+  "0x0000000000000000000000000000000000000000000000000000000000000000",
+  "0x0000000000000000000000000000000000000000000000000000000000000001",
+  "0x00b8495f16056286fdb1329ceb8d09da6ac49ff1fae35616aeb8413b7c7aebe0",
+  "0x57119fd0dd4e22d8868e1c58c45c44045bef839c55b1d0b1248c50a3bc959c5f",
+  "0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec",
+  "0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed",
+  "0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffee",
+  NULL
+};
+
+static gcry_mpi_t
+scanval (const char *string)
+{
+  gpg_err_code_t rc;
+  gcry_mpi_t val;
+
+  rc = _gcry_mpi_scan (&val, GCRYMPI_FMT_HEX, string, 0, NULL);
+  if (rc)
+    log_fatal ("scanning ECC parameter failed: %s\n", gpg_strerror (rc));
+  return val;
+}
+
 
 /* This function initialized a context for elliptic curve based on the
    field GF(p).  P is the prime specifying this field, A is the first
@@ -420,9 +443,17 @@ ec_p_init (mpi_ec_t ctx, enum gcry_mpi_ec_models model,
 
   _gcry_mpi_ec_get_reset (ctx);
 
-  /* Allocate scratch variables.  */
-  for (i=0; i< DIM(ctx->t.scratch); i++)
-    ctx->t.scratch[i] = mpi_alloc_like (ctx->p);
+  if (model == MPI_EC_MONTGOMERY)
+    {
+      for (i=0; i< DIM(ctx->t.scratch) && curve25519_bad_points[i]; i++)
+        ctx->t.scratch[i] = scanval (curve25519_bad_points[i]);
+    }
+  else
+    {
+      /* Allocate scratch variables.  */
+      for (i=0; i< DIM(ctx->t.scratch); i++)
+        ctx->t.scratch[i] = mpi_alloc_like (ctx->p);
+    }
 
   /* Prepare for fast reduction.  */
   /* FIXME: need a test for NIST values.  However it does not gain us
@@ -1558,3 +1589,17 @@ _gcry_mpi_ec_curve_point (gcry_mpi_point_t point, mpi_ec_t ctx)
 
   return res;
 }
+
+
+int
+_gcry_mpi_ec_bad_point (gcry_mpi_point_t point, mpi_ec_t ctx)
+{
+  int i;
+  gcry_mpi_t x_bad;
+
+  for (i = 0; (x_bad = ctx->t.scratch[i]); i++)
+    if (!mpi_cmp (point->x, x_bad))
+      return 1;
+
+  return 0;
+}
diff --git a/src/mpi.h b/src/mpi.h
index cd539f5..ea2a4cb 100644
--- a/src/mpi.h
+++ b/src/mpi.h
@@ -296,6 +296,7 @@ void _gcry_mpi_ec_mul_point (mpi_point_t result,
                              gcry_mpi_t scalar, mpi_point_t point,
                              mpi_ec_t ctx);
 int  _gcry_mpi_ec_curve_point (gcry_mpi_point_t point, mpi_ec_t ctx);
+int _gcry_mpi_ec_bad_point (gcry_mpi_point_t point, mpi_ec_t ctx);
 
 gcry_mpi_t _gcry_mpi_ec_ec2os (gcry_mpi_point_t point, mpi_ec_t ectx);
 

-----------------------------------------------------------------------

Summary of changes:
 NEWS         | 11 ++++++++++-
 cipher/ecc.c | 17 +++++++++++++++--
 configure.ac |  4 ++--
 mpi/ec.c     | 51 ++++++++++++++++++++++++++++++++++++++++++++++++---
 src/mpi.h    |  1 +
 5 files changed, 76 insertions(+), 8 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Sun Aug 27 10:06:11 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Sun, 27 Aug 2017 10:06:11 +0200
Subject: [git] GCRYPT - branch, LIBGCRYPT-1.8-BRANCH,
 created. libgcrypt-1.8.1-1-geb8f352
Message-ID: <E1dlsaC-0001M9-0P@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, LIBGCRYPT-1.8-BRANCH has been created
        at  eb8f35243916132e10125e9e9edb066e8f1edd08 (commit)

- Log -----------------------------------------------------------------
-----------------------------------------------------------------------


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Sun Aug 27 10:12:30 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Sun, 27 Aug 2017 10:12:30 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.8.1-2-g566c8ef
Message-ID: <E1dlsgJ-0002ow-1o@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  566c8efd585ce6941449c76da13eae597dbabddb (commit)
      from  eb8f35243916132e10125e9e9edb066e8f1edd08 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 566c8efd585ce6941449c76da13eae597dbabddb
Author: Werner Koch <wk at gnupg.org>
Date:   Sun Aug 27 10:08:58 2017 +0200

    Prepare for the 1.9 branch
    
    --
    
    We need to bump the LT Age even if there won't be compatible interface
    change.  This is so that we can keep on updating the Revision in the
    1.8 branch.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/NEWS b/NEWS
index 8ae0d12..3e07a94 100644
--- a/NEWS
+++ b/NEWS
@@ -1,4 +1,4 @@
-Noteworthy changes in version 1.8.2 (unreleased)  [C22/A2/R2]
+Noteworthy changes in version 1.9.0 (unreleased)  [C22/A3/R0]
 ------------------------------------------------
 
 
diff --git a/configure.ac b/configure.ac
index e24e710..52e0f5e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -29,8 +29,8 @@ min_automake_version="1.14"
 # commit and push so that the git magic is able to work.  See below
 # for the LT versions.
 m4_define(mym4_version_major, [1])
-m4_define(mym4_version_minor, [8])
-m4_define(mym4_version_micro, [2])
+m4_define(mym4_version_minor, [9])
+m4_define(mym4_version_micro, [0])
 
 # Below is m4 magic to extract and compute the revision number, the
 # decimalized short revision number, a beta version string, and a flag
@@ -55,8 +55,8 @@ AC_INIT([libgcrypt],[mym4_full_version],[http://bugs.gnupg.org])
 #   (Interfaces added:      CURRENT++, AGE++, REVISION=0)
 #   (No interfaces changed:                   REVISION++)
 LIBGCRYPT_LT_CURRENT=22
-LIBGCRYPT_LT_AGE=2
-LIBGCRYPT_LT_REVISION=1
+LIBGCRYPT_LT_AGE=3
+LIBGCRYPT_LT_REVISION=0
 
 
 # If the API is changed in an incompatible way: increment the next counter.

-----------------------------------------------------------------------

Summary of changes:
 NEWS         | 2 +-
 configure.ac | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Sun Aug 27 10:17:24 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Sun, 27 Aug 2017 10:17:24 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.8.1-3-g52af575
Message-ID: <E1dlsl3-0003fv-4W@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  52af575ae4d6961edf459d5ba7f7a8057ed4cb80 (commit)
      from  566c8efd585ce6941449c76da13eae597dbabddb (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 52af575ae4d6961edf459d5ba7f7a8057ed4cb80
Author: Werner Koch <wk at gnupg.org>
Date:   Sun Aug 27 10:13:53 2017 +0200

    Also bump the LT Current value.
    
    --

diff --git a/configure.ac b/configure.ac
index 52e0f5e..a2ac9ce 100644
--- a/configure.ac
+++ b/configure.ac
@@ -54,7 +54,7 @@ AC_INIT([libgcrypt],[mym4_full_version],[http://bugs.gnupg.org])
 #   (Interfaces removed:    CURRENT++, AGE=0, REVISION=0)
 #   (Interfaces added:      CURRENT++, AGE++, REVISION=0)
 #   (No interfaces changed:                   REVISION++)
-LIBGCRYPT_LT_CURRENT=22
+LIBGCRYPT_LT_CURRENT=23
 LIBGCRYPT_LT_AGE=3
 LIBGCRYPT_LT_REVISION=0
 

-----------------------------------------------------------------------

Summary of changes:
 configure.ac | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Sun Aug 27 16:53:53 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Sun, 27 Aug 2017 16:53:53 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.2-base-19-g45d5f58
Message-ID: <E1dlywk-0006SU-DR@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  45d5f5800afe6613f338a26f361cb5e03e861129 (commit)
      from  13821e15fb9bdddfce79d88731c0f151724b2371 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 45d5f5800afe6613f338a26f361cb5e03e861129
Author: Werner Koch <wk at gnupg.org>
Date:   Sun Aug 27 16:42:52 2017 +0200

    scd: Convey the correct length for Le
    
    * scd/app-openpgp.c (determine_rsa_response): Round bits up.
    --
    
    Co-authored-by: Arnaud Fontaine <arnaud.fontaine at ssi.gouv.fr>
    
    Arnaud wrote:
    
      Actually, when the incorrect expected response length (i.e. Le
      field) is transmitted to the card, the card's answer is missing a
      byte (i.e. ...  6101) so an additional command has to be sent to the
      card to retrieve the last byte. Using the correct length avoids to
      send the additional command to retrieve the missing byte, when the
      computed length is wrong.
    
    Note that an value of 65537 for E is pretty standard and thus we can
    avoid the 6101 return code inmost cases.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index 365f246..f9d07ac 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -943,8 +943,8 @@ determine_rsa_response (app_t app, int keyno)
   int size;
 
   size = 2 + 3 /* header */
-    + 4 /* tag+len */ + app->app_local->keyattr[keyno].rsa.n_bits/8
-    + 2 /* tag+len */ + app->app_local->keyattr[keyno].rsa.e_bits/8;
+    + 4 /* tag+len */ + (app->app_local->keyattr[keyno].rsa.n_bits+7)/8
+    + 2 /* tag+len */ + (app->app_local->keyattr[keyno].rsa.e_bits+7)/8;
 
   return size;
 }

-----------------------------------------------------------------------

Summary of changes:
 scd/app-openpgp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Aug 28 12:09:15 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 28 Aug 2017 12:09:15 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2,
 updated. gnupg-2.2-base-22-g9e3d41b
Message-ID: <E1dmGyp-0005g9-Iz@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-2 has been updated
       via  9e3d41bf727fcf12f7cf05926890c687125c2902 (commit)
       via  9d80fb8e000189e61c173c39f1e1ca417566a7fc (commit)
       via  24462fea508f0dfe1192d47e14dcb9527565655f (commit)
       via  45d5f5800afe6613f338a26f361cb5e03e861129 (commit)
       via  13821e15fb9bdddfce79d88731c0f151724b2371 (commit)
       via  b065a696344eac3007dbd5642143ecaaeebab43a (commit)
       via  757302cc7a94633cd9bda5eb4dbe5c6e804b957b (commit)
       via  02a5df614a369519ad7781f95dc977e24a0d4277 (commit)
       via  565e486b8028f9e3cc51ebc5202666b598042175 (commit)
       via  b917cb66b79597520788cd9264889942247a3377 (commit)
       via  008ae0bd868cb49ad4d67fc8c71707cd2a162137 (commit)
       via  fd0e5b60bed1cfc2aed7b2e13cc449f355eac051 (commit)
       via  6158811304937b592601ef30c29c5a5cdbaa88ea (commit)
       via  e6fa6b0ce823effd721c807b2b292287af91c642 (commit)
       via  c23a69970ba38edae9d3b2603825d18fbb732423 (commit)
       via  cbe54b28bf3610204e12c50c0606df37337a1156 (commit)
       via  0161225457e0609509d0d5f4b80a60a1071b4b48 (commit)
       via  6e596b2a745ae7a75a69038cf00ab4bbae1cebaa (commit)
       via  e6f84116abca2ed49bf14b2e28c3c811a3717227 (commit)
       via  2d6832aa83ebdf3fe422c7c7d5411d1b44a6ac34 (commit)
       via  23107ba20f8b4eb5482b480ad6a8af6b39d2bfeb (commit)
       via  977fc5f0eb9fdee19e66bea8cd2eb5414789b485 (commit)
      from  d6b40a9c866a8495d6a2c0bc3eac158ddd2928c7 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 9e3d41bf727fcf12f7cf05926890c687125c2902
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Aug 28 11:57:17 2017 +0200

    Post release updates
    
    --

diff --git a/NEWS b/NEWS
index 345fe23..7510ff4 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,7 @@
+Noteworthy changes in version 2.2.1 (unreleased)
+------------------------------------------------
+
+
 Noteworthy changes in version 2.2.0 (2017-08-28)
 ------------------------------------------------
 
diff --git a/configure.ac b/configure.ac
index 6f945bd..fbd5c18 100644
--- a/configure.ac
+++ b/configure.ac
@@ -28,7 +28,7 @@ min_automake_version="1.14"
 m4_define([mym4_package],[gnupg])
 m4_define([mym4_major], [2])
 m4_define([mym4_minor], [2])
-m4_define([mym4_micro], [0])
+m4_define([mym4_micro], [1])
 
 # To start a new development series, i.e a new major or minor number
 # you need to mark an arbitrary commit before the first beta release

commit 9d80fb8e000189e61c173c39f1e1ca417566a7fc
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Aug 28 11:18:26 2017 +0200

    Release 2.2.0

diff --git a/NEWS b/NEWS
index 3b4e008..345fe23 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,13 @@
-Noteworthy changes in version 2.2.0 (unreleased)
--------------------------------------------------
+Noteworthy changes in version 2.2.0 (2017-08-28)
+------------------------------------------------
+
+  This is the new long term stable branch.  This branch will only see
+  bug fixes and no new features.
+
+  * gpg: Reverted change in 2.1.23 so that --no-auto-key-retrieve is
+    again the default.
+
+  * Fixed a few minor bugs.
 
 
 Noteworthy changes in version 2.1.23 (2017-08-09)
@@ -38,6 +46,8 @@ Noteworthy changes in version 2.1.23 (2017-08-09)
 
   * Fixed connection timeout problem under Windows.
 
+  See-also: gnupg-announce/2017q3/000412.html
+
 
 Noteworthy changes in version 2.1.22 (2017-07-28)
 -------------------------------------------------
diff --git a/README b/README
index a9a3eb0..6cd4ddb 100644
--- a/README
+++ b/README
@@ -1,6 +1,6 @@
                        The GNU Privacy Guard 2
                       =========================
-                             Version 2.1
+                             Version 2.2
 
           Copyright 1997-2017 Werner Koch
           Copyright 1998-2017 Free Software Foundation, Inc.
@@ -25,14 +25,14 @@
   GNU General Public License.
 
   Note that the 2.0 series of GnuPG will reach end-of-life on
-  2017-12-31.  It is not possible to install a 2.1.x version along
+  2017-12-31.  It is not possible to install a 2.2.x version along
   with any 2.0.x version.  However, it is possible to install GnuPG
-  1.4 along with a 2.x version.
+  1.4 along with any 2.x version.
 
 
 * BUILD INSTRUCTIONS
 
-  GnuPG 2.1 depends on the following GnuPG related packages:
+  GnuPG 2.2 depends on the following GnuPG related packages:
 
     npth         (ftp://ftp.gnupg.org/gcrypt/npth/)
     libgpg-error (ftp://ftp.gnupg.org/gcrypt/libgpg-error/)
@@ -122,9 +122,9 @@
   Add other options as needed.
 
 
-* MIGRATION from 1.4 or 2.0 to 2.1
+* MIGRATION from 1.4 or 2.0 to 2.2
 
-  The major change in 2.1 is gpg-agent taking care of the OpenPGP
+  The major change in 2.2 is gpg-agent taking care of the OpenPGP
   secret keys (those managed by GPG).  The former file "secring.gpg"
   will not be used anymore.  Newly generated keys are stored in the
   agent's key store directory "~/.gnupg/private-keys-v1.d/".  The
@@ -134,7 +134,7 @@
 
   Note that gpg-agent now uses a fixed socket.  All tools will start
   the gpg-agent as needed.  The formerly used environment variable
-  GPG_AGENT_INFO is ignored by 2.1.  The SSH_AUTH_SOCK environment
+  GPG_AGENT_INFO is ignored by 2.2.  The SSH_AUTH_SOCK environment
   variable should be set to a fixed value.
 
   The Dirmngr is now part of GnuPG proper and also used to access
@@ -142,6 +142,9 @@
   use of the GnuPG directories.  Dirmngr is started by gpg or gpgsm as
   needed. There is no more need to install a separate Dirmngr package.
 
+  All changes introduced with GnuPG 2.2 have been developed in the 2.1
+  series of releases.  See the respective entries in the file NEWS.
+
 * RECOMMENDATIONS
 
 ** Socket directory
@@ -193,13 +196,13 @@
 
 * HOW TO GET MORE INFORMATION
 
-  A description of new features and changes in version 2.1 can be
+  A description of new features and changes since version 2.1 can be
   found in the file "doc/whats-new-in-2.1.txt" and online at
   "https://gnupg.org/faq/whats-new-in-2.1.html" .
 
-  The primary WWW page is "https://www.gnupg.org"
+  The primary WWW page is "https://gnupg.org"
              or using Tor "http://ic6au7wa3f6naxjq.onion"
-  The primary FTP site is "ftp://ftp.gnupg.org/gcrypt/"
+  The primary FTP site is "https://gnupg.org/ftp/gcrypt/"
 
   See [[https://gnupg.org/download/mirrors.html]] for a list of
   mirrors and use them if possible.  You may also find GnuPG mirrored
@@ -229,7 +232,7 @@
   https://www.gnupg.org/documentation/mailing-lists.html for archives
   of the mailing lists.
 
-  Please direct bug reports to [[http://bugs.gnupg.org]] or post them
+  Please direct bug reports to [[https://bugs.gnupg.org]] or post them
   direct to the mailing list <gnupg-devel at gnupg.org>.
 
   Please direct questions about GnuPG to the users mailing list or one
diff --git a/configure.ac b/configure.ac
index 33c88d2..6f945bd 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1864,7 +1864,7 @@ if test "$have_gpg_error" = "no"; then
 ***
 *** You need libgpg-error to build this program.
 **  This library is for example available at
-***   ftp://ftp.gnupg.org/gcrypt/libgpg-error
+***   https://gnupg.org/ftp/gcrypt/libgpg-error
 *** (at least version $NEED_GPG_ERROR_VERSION is required.)
 ***]])
 fi
@@ -1874,7 +1874,7 @@ if test "$have_libgcrypt" = "no"; then
 ***
 *** You need libgcrypt to build this program.
 **  This library is for example available at
-***   ftp://ftp.gnupg.org/gcrypt/libgcrypt/
+***   https://gnupg.org/ftp/gcrypt/libgcrypt/
 *** (at least version $NEED_LIBGCRYPT_VERSION (API $NEED_LIBGCRYPT_API) is required.)
 ***]])
 fi
@@ -1884,7 +1884,7 @@ if test "$have_libassuan" = "no"; then
 ***
 *** You need libassuan to build this program.
 *** This library is for example available at
-***   ftp://ftp.gnupg.org/gcrypt/libassuan/
+***   https://gnupg.org/ftp/gcrypt/libassuan/
 *** (at least version $NEED_LIBASSUAN_VERSION (API $NEED_LIBASSUAN_API) is required).
 ***]])
 fi
@@ -1894,7 +1894,7 @@ if test "$have_ksba" = "no"; then
 ***
 *** You need libksba to build this program.
 *** This library is for example available at
-***   ftp://ftp.gnupg.org/gcrypt/libksba/
+***   https://gnupg.org/ftp/gcrypt/libksba/
 *** (at least version $NEED_KSBA_VERSION using API $NEED_KSBA_API is required).
 ***]])
 fi
@@ -1915,7 +1915,7 @@ if test "$have_npth" = "no"; then
 *** It is now required to build with support for the
 *** New Portable Threads Library (nPth). Please install this
 *** library first.  The library is for example available at
-***   ftp://ftp.gnupg.org/gcrypt/npth/
+***   https://gnupg.org/ftp/gcrypt/npth/
 *** (at least version $NEED_NPTH_VERSION (API $NEED_NPTH_API) is required).
 ***]])
 fi
@@ -1928,7 +1928,7 @@ if test "$require_iconv" = yes; then
 *** The system does not provide a working iconv function.  Please
 *** install a suitable library; for example GNU Libiconv which is
 *** available at:
-***   http://ftp.gnu.org/gnu/libiconv/
+***   https://ftp.gnu.org/gnu/libiconv/
 ***]])
   fi
 fi
diff --git a/doc/whats-new-in-2.1.txt b/doc/whats-new-in-2.1.txt
index 4b7349a..ef8b233 100644
--- a/doc/whats-new-in-2.1.txt
+++ b/doc/whats-new-in-2.1.txt
@@ -6,7 +6,7 @@
                       ???????????????????????????
 
 
-                               2016-07-14
+                               2017-08-28
 
 
 Table of Contents
@@ -42,11 +42,11 @@ https://gnupg.org/faq/whats-new-in-2.1.html
 1 What?s new in GnuPG 2.1
 ?????????????????????????
 
-  GnuPG version 2.1 comes with a bag of new features which changes some
-  things old-timers are used to.  This page explains the more important
-  ones.  It expects that the reader is familiar with GnuPG version 2.0
-  and aware that GnuPG consists of /gpg/, /gpgsm/, and /gpg-agent/ as
-  its main components.
+  GnuPG version 2.1 (now known as 2.2) comes with a bag of new features
+  which changes some things old-timers are used to.  This page explains
+  the more important ones.  It expects that the reader is familiar with
+  GnuPG version 2.0 and aware that GnuPG consists of /gpg/, /gpgsm/, and
+  /gpg-agent/ as its main components.
 
   ? The file /secring.gpg/ is not anymore used to store the secret keys.
     Merging of secret keys is now supported.
@@ -103,8 +103,8 @@ https://gnupg.org/faq/whats-new-in-2.1.html
   ? The scripts to create a Windows installer are now part of GnuPG.
 
   Now for the detailed description of these new features.  Note that the
-  examples assume that /gpg/ is installed as /gpg/.  Your
-  installation may have it installed under the name /gpg2/.
+  examples assume that /gpg/ is installed as /gpg/.  Your installation
+  may have it installed under the name /gpg2/.
 
 
 1.1 Removal of the secret keyring
@@ -477,6 +477,25 @@ https://gnupg.org/faq/whats-new-in-2.1.html
   ? uid               [ unknown] Sample 2 <me at example.org>
   ?????
 
+  Since version 2.1.17 the expiration date of the primary key can be
+  changed directly:
+
+  ?????
+  ? $ gpg --quick-set-expire 5B83120DB1E3A65AE5A8DCF6AA43F1DCC7FED1B7 2017-12-31
+  ? $ gpg -K 5B83120DB1E3A65AE5A8DCF6AA43F1DCC7FED1B7
+  ? sec   rsa2048 2016-06-22 [SC] [expires: 2017-12-31]
+  ?       5B83120DB1E3A65AE5A8DCF6AA43F1DCC7FED1B7
+  ? uid           [ultimate] steve.biko at example.net
+  ? ssb   rsa2048 2016-06-22 [E]
+  ?
+  ? $ gpg --quick-set-expire 5B83120DB1E3A65AE5A8DCF6AA43F1DCC7FED1B7 none
+  ? $ gpg -K 5B83120DB1E3A65AE5A8DCF6AA43F1DCC7FED1B7
+  ? sec   rsa2048 2016-06-22 [SC]
+  ?       5B83120DB1E3A65AE5A8DCF6AA43F1DCC7FED1B7
+  ? uid           [ultimate] steve.biko at example.net
+  ? ssb   rsa2048 2016-06-22 [E]
+  ?????
+
 
 1.6 Improved Pinentry support
 ?????????????????????????????
@@ -510,9 +529,9 @@ https://gnupg.org/faq/whats-new-in-2.1.html
   at login time and use an environment variable (`GPG_AGENT_INFO') to
   tell the other GnuPG modules how to connect to the agent.  However,
   correctly managing the start up and this environment variable is
-  cumbersome so that an easier method is required.  Since GnuPG
-  2.0.16 the `--use-standard-socket' option already allowed to start the
-  agent on the fly; however the environment variable was still required.
+  cumbersome so that an easier method is required.  Since GnuPG 2.0.16
+  the `--use-standard-socket' option already allowed to start the agent
+  on the fly; however the environment variable was still required.
 
   With GnuPG 2.1 the need of `GPG_AGENT_INFO' has been completely
   removed and the variable is ignored.  Instead a fixed Unix domain
@@ -668,6 +687,10 @@ https://gnupg.org/faq/whats-new-in-2.1.html
   pad are supported.  The internal CCID driver does now also work with
   certain non-auto-configuration equipped readers.
 
+  Since version 2.1.19 multiple card readers are support and the format
+  of the Pinentry prompts has been changed to show more information on
+  the requested card.
+
 
   [gnuk] http://www.fsij.org/doc-gnuk/
 
@@ -713,7 +736,7 @@ https://gnupg.org/faq/whats-new-in-2.1.html
   makes writing of key manager software easier.
 
 
-  [GPGME] https://gnupg.org/related_software/gpgme/
+  [GPGME] https://gnupg.org/software/gpgme/
 
 
 1.15 Recipient key from file
@@ -836,7 +859,7 @@ https://gnupg.org/faq/whats-new-in-2.1.html
 
 
 
-  # Copyright 2014--2016 The GnuPG Project.
+  # Copyright 2014--2017 The GnuPG Project.
   # This work is licensed under the Creative Commons
   # Attribution-ShareAlike 4.0 International License.  To view a copy of
   # this license, visit http://creativecommons.org/licenses/by-sa/4.0/

commit 24462fea508f0dfe1192d47e14dcb9527565655f
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Aug 28 11:17:39 2017 +0200

    po: Auto update
    
    --

diff --git a/po/ja.po b/po/ja.po
index dcfbc68..6567ab3 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -1198,7 +1198,9 @@ msgid "WARNING: %s\n"
 msgstr "*??*: %s\n"
 
 msgid "Note: Outdated servers may lack important security fixes.\n"
-msgstr "*??*: ??????????????????????????????????\n"
+msgstr ""
+"*??*: ????????????????????????????????"
+"??\n"
 
 #, c-format
 msgid "Note: Use the command \"%s\" to restart them.\n"
diff --git a/po/ru.po b/po/ru.po
index a7fb60c..f995349 100644
--- a/po/ru.po
+++ b/po/ru.po
@@ -1209,8 +1209,8 @@ msgstr "????????: %s\n"
 
 msgid "Note: Outdated servers may lack important security fixes.\n"
 msgstr ""
-"?????????: ?? ?????? ???????? ????? ???? ?????????? ??????, "
-"????????? ??? ????????????.\n"
+"?????????: ?? ?????? ???????? ????? ???? ?????????? ??????, ????????? ??? "
+"????????????.\n"
 
 #, c-format
 msgid "Note: Use the command \"%s\" to restart them.\n"

-----------------------------------------------------------------------

Summary of changes:
 Makefile.am                                        |    2 +-
 NEWS                                               |   18 +-
 README                                             |   25 +-
 agent/agent.h                                      |    2 +-
 autogen.rc                                         |    4 +-
 build-aux/speedo.mk                                |    4 +-
 configure.ac                                       |   18 +-
 doc/gpg.texi                                       |    2 +-
 doc/whats-new-in-2.1.txt                           |   49 +-
 g10/gpg.c                                          |   19 +-
 g10/keyedit.c                                      |    5 +-
 g10/sig-check.c                                    |  141 +-
 g10/trustdb.c                                      |    3 +
 po/ja.po                                           |   34 +-
 po/nb.po                                           | 1576 +++-----------------
 po/ru.po                                           |   93 +-
 scd/app-openpgp.c                                  |    4 +-
 tests/gpgscm/scheme.c                              |   14 +-
 tests/openpgp/Makefile.am                          |   24 +-
 tests/openpgp/README                               |   43 +-
 tests/openpgp/defs.scm                             |   24 +
 tests/openpgp/tofu.scm                             |   24 -
 tests/openpgp/trust-pgp-1.scm                      |   76 +
 tests/openpgp/trust-pgp-2.scm                      |   39 +
 tests/{gpgsm/shell.scm => openpgp/trust-pgp-3.scm} |   21 +-
 tests/openpgp/trust-pgp-4.scm                      |   37 +
 tests/openpgp/trust-pgp/alice.sec.asc              |   11 +
 tests/openpgp/trust-pgp/bobby.sec.asc              |   11 +
 tests/openpgp/trust-pgp/carol.sec.asc              |   11 +
 tests/openpgp/trust-pgp/common.scm                 |   66 +
 tests/openpgp/trust-pgp/david.sec.asc              |   11 +
 tests/openpgp/trust-pgp/frank.sec.asc              |   11 +
 tests/openpgp/trust-pgp/grace.sec.asc              |   11 +
 tests/openpgp/trust-pgp/heidi.sec.asc              |   11 +
 tests/openpgp/trust-pgp/scenario1.asc              |   75 +
 tests/openpgp/trust-pgp/scenario2.asc              |   70 +
 tests/openpgp/trust-pgp/scenario3.asc              |   58 +
 tests/openpgp/trust-pgp/scenario4.asc              |   84 ++
 tools/gpgconf-comp.c                               |   16 +-
 tools/gpgconf.c                                    |    2 +-
 40 files changed, 1179 insertions(+), 1570 deletions(-)
 create mode 100755 tests/openpgp/trust-pgp-1.scm
 create mode 100755 tests/openpgp/trust-pgp-2.scm
 copy tests/{gpgsm/shell.scm => openpgp/trust-pgp-3.scm} (58%)
 mode change 100644 => 100755
 create mode 100755 tests/openpgp/trust-pgp-4.scm
 create mode 100644 tests/openpgp/trust-pgp/alice.sec.asc
 create mode 100644 tests/openpgp/trust-pgp/bobby.sec.asc
 create mode 100644 tests/openpgp/trust-pgp/carol.sec.asc
 create mode 100644 tests/openpgp/trust-pgp/common.scm
 create mode 100644 tests/openpgp/trust-pgp/david.sec.asc
 create mode 100644 tests/openpgp/trust-pgp/frank.sec.asc
 create mode 100644 tests/openpgp/trust-pgp/grace.sec.asc
 create mode 100644 tests/openpgp/trust-pgp/heidi.sec.asc
 create mode 100644 tests/openpgp/trust-pgp/scenario1.asc
 create mode 100644 tests/openpgp/trust-pgp/scenario2.asc
 create mode 100644 tests/openpgp/trust-pgp/scenario3.asc
 create mode 100644 tests/openpgp/trust-pgp/scenario4.asc


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Aug 28 12:09:31 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 28 Aug 2017 12:09:31 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.2-base-22-g82d9a20
Message-ID: <E1dmGz6-0005hL-3N@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  82d9a201dd7c85b1f27528fece5cc77b2555442b (commit)
       via  9d80fb8e000189e61c173c39f1e1ca417566a7fc (commit)
       via  24462fea508f0dfe1192d47e14dcb9527565655f (commit)
      from  45d5f5800afe6613f338a26f361cb5e03e861129 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 82d9a201dd7c85b1f27528fece5cc77b2555442b
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Aug 28 11:56:14 2017 +0200

    Post release updates
    
    --

diff --git a/NEWS b/NEWS
index 345fe23..37ebd3f 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,12 @@
+Noteworthy changes in version 2.3.0 (unreleased)
+------------------------------------------------
+
+
+ * Release dates of 2.2.x versions:
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+   Version 2.2.1 (unreleased)
+
+
 Noteworthy changes in version 2.2.0 (2017-08-28)
 ------------------------------------------------
 
diff --git a/configure.ac b/configure.ac
index 6f945bd..ee3aac6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -27,7 +27,7 @@ min_automake_version="1.14"
 # another commit and push so that the git magic is able to work.
 m4_define([mym4_package],[gnupg])
 m4_define([mym4_major], [2])
-m4_define([mym4_minor], [2])
+m4_define([mym4_minor], [3])
 m4_define([mym4_micro], [0])
 
 # To start a new development series, i.e a new major or minor number

-----------------------------------------------------------------------

Summary of changes:
 NEWS                     | 23 +++++++++++++++++++++--
 README                   | 25 +++++++++++++-----------
 configure.ac             | 14 +++++++-------
 doc/whats-new-in-2.1.txt | 49 +++++++++++++++++++++++++++++++++++-------------
 po/ja.po                 |  4 +++-
 po/ru.po                 |  4 ++--
 6 files changed, 83 insertions(+), 36 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Aug 28 12:13:33 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 28 Aug 2017 12:13:33 +0200
Subject: [git] gnupg-doc - branch, master,
 updated. 4cd6b84cfef859cf13d669ade779d2927743f6ac
Message-ID: <E1dmH2z-0006iU-P2@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, master has been updated
       via  4cd6b84cfef859cf13d669ade779d2927743f6ac (commit)
      from  d2ac7df3fb9fcaf2f45f6a8e226c14a8500cee23 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 4cd6b84cfef859cf13d669ade779d2927743f6ac
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Aug 28 12:10:04 2017 +0200

    swdb: Release gnupg 2.2.0.

diff --git a/web/faq/whats-new-in-2.1.org b/web/faq/whats-new-in-2.1.org
index 2991978..2396398 100644
--- a/web/faq/whats-new-in-2.1.org
+++ b/web/faq/whats-new-in-2.1.org
@@ -1,7 +1,7 @@
 #+TITLE: GnuPG - What?s new in 2.1
 #+STARTUP: showall indent
 #+SETUPFILE: "share/setup.inc"
-#+DATE: 2016-07-14
+#+DATE: 2017-08-28
 #+macro: more  @@html:<a href="#$1"><span class="morelink">&nbsp;&rArr;</a>@@
 
 #+BEGIN_ASCII
@@ -11,11 +11,11 @@ https://gnupg.org/faq/whats-new-in-2.1.html
 
 * What?s new in GnuPG 2.1
 
-GnuPG version 2.1 comes with a bag of new features which changes some
-things old-timers are used to.  This page explains the more important
-ones.  It expects that the reader is familiar with GnuPG version 2.0
-and aware that GnuPG consists of /gpg/, /gpgsm/, and /gpg-agent/ as
-its main components.
+GnuPG version 2.1 (now known as 2.2) comes with a bag of new features
+which changes some things old-timers are used to.  This page explains
+the more important ones.  It expects that the reader is familiar with
+GnuPG version 2.0 and aware that GnuPG consists of /gpg/, /gpgsm/, and
+/gpg-agent/ as its main components.
 
 #+html: <div style="width: 80%">
 - The file /secring.gpg/ is not anymore used to store the secret keys.
@@ -84,7 +84,7 @@ its main components.
 #+html: </div>
 
 Now for the detailed description of these new features.  Note that the
-examples assume that that /gpg/ is installed as /gpg/.  Your
+examples assume that /gpg/ is installed as /gpg/.  Your
 installation may have it installed under the name /gpg2/.
 
 ** Removal of the secret keyring
@@ -507,7 +507,7 @@ The classic way to run /gpg-agent/ on Unix systems is by launching it
 at login time and use an environment variable (=GPG_AGENT_INFO=) to
 tell the other GnuPG modules how to connect to the agent.  However,
 correctly managing the start up and this environment variable is
-cumbersome so that that an easier method is required.  Since GnuPG
+cumbersome so that an easier method is required.  Since GnuPG
 2.0.16 the =--use-standard-socket= option already allowed to start the
 agent on the fly; however the environment variable was still required.
 
@@ -533,12 +533,12 @@ gpg-agent= to explicitly start it if not yet done.
 A deficit of the OpenPGP protocol is that signatures carry only a
 limited indication on which public key has been used to create a
 signature.  Thus a verification engine may only use this ?long key id?
-to look up the the key in its own store or from a public keyserver.
+to look up the key in its own store or from a public keyserver.
 Unfortunately it has now become possible to create a key with a long
 key id matching the key id of another key.  Importing a key with a
 long key id already used by another key in gpg?s local key store was
 not possible due to checks done on import.  Now, if the ?wrong? key
-has been imported first /gpg/ would not allow to later import the
+has been imported first /gpg/ would not allow later import of the
 second ?correct? key.  This problem has been fixed in 2.1 by allowing
 the import and by doing trial verification against all matching keys.
 
diff --git a/web/swdb.mac b/web/swdb.mac
index 5fdbb5e..041f193 100644
--- a/web/swdb.mac
+++ b/web/swdb.mac
@@ -10,29 +10,31 @@
 #
 # GnuPG-2.2
 #
-#+macro: gnupg22_ver  2.1.23
-#+macro: gnupg22_date 2017-08-09
-#+macro: gnupg22_size 6373k
-#+macro: gnupg22_sha1 c470777eaa9657ef3258068507065c9a7caef9eb
-#+macro: gnupg22_sha2 a94476391595e9351f219188767a9d6ea128e83be5ed3226a7890f49aa2d0d77
-#+macro: gnupg22_w32_ver  2.1.23_20170809
-#+macro: gnupg22_w32_date 2017-08-09
-#+macro: gnupg22_w32_size 3794k
-#+macro: gnupg22_w32_sha1 c95f1c2dc3aa06dda2a58ba5aefb362511f666e3
-#+macro: gnupg22_w32_sha2 42045473336c0f20a2d4a2b6f4be5be263a55ccd3eb1f682976d94e9a3cff43f
+#+macro: gnupg22_ver  2.2.0
+#+macro: gnupg22_date 2017-08-28
+#+macro: gnupg22_size 6379k
+#+macro: gnupg22_sha1 36ee693d0b2ec529ecf53dd6d397cc38ba71c0a7
+#+macro: gnupg22_sha2 d4514a0be0f7a1ff263193330019eb4b53c82f0f5e230af3c14df371271a45e6
+#+macro: gnupg22_branch  STABLE-BRANCH-2-2
+#+macro: gnupg22_w32_ver  2.2.0_20170828
+#+macro: gnupg22_w32_date 2017-08-28
+#+macro: gnupg22_w32_size 3797k
+#+macro: gnupg22_w32_sha1 7b0cf3912b86a6bd7655026276984a34a248e625
+#+macro: gnupg22_w32_sha2 e614d00bf84f68094af6cdcfbff5423b74340885c4034d407c81d5d92272127c
+
 
 # temporary keep it as "gnupg21".  In the future we will use the name of
 # the stable branch even for the development versions.
-#+macro: gnupg21_ver  2.1.23
-#+macro: gnupg21_date 2017-08-09
-#+macro: gnupg21_size 6373k
-#+macro: gnupg21_sha1 c470777eaa9657ef3258068507065c9a7caef9eb
-#+macro: gnupg21_sha2 a94476391595e9351f219188767a9d6ea128e83be5ed3226a7890f49aa2d0d77
-#+macro: gnupg21_w32_ver  2.1.23_20170809
-#+macro: gnupg21_w32_date 2017-08-09
-#+macro: gnupg21_w32_size 3794k
-#+macro: gnupg21_w32_sha1 c95f1c2dc3aa06dda2a58ba5aefb362511f666e3
-#+macro: gnupg21_w32_sha2 42045473336c0f20a2d4a2b6f4be5be263a55ccd3eb1f682976d94e9a3cff43f
+#+macro: gnupg21_ver  2.2.0
+#+macro: gnupg21_date 2017-08-28
+#+macro: gnupg21_size 6379k
+#+macro: gnupg21_sha1 36ee693d0b2ec529ecf53dd6d397cc38ba71c0a7
+#+macro: gnupg21_sha2 d4514a0be0f7a1ff263193330019eb4b53c82f0f5e230af3c14df371271a45e6
+#+macro: gnupg21_w32_ver  2.2.0_20170828
+#+macro: gnupg21_w32_date 2017-08-28
+#+macro: gnupg21_w32_size 3797k
+#+macro: gnupg21_w32_sha1 7b0cf3912b86a6bd7655026276984a34a248e625
+#+macro: gnupg21_w32_sha2 e614d00bf84f68094af6cdcfbff5423b74340885c4034d407c81d5d92272127c
 
 
 #
@@ -101,11 +103,11 @@
 #
 # LIBGCRYPT
 #
-#+macro: libgcrypt_ver  1.8.0
-#+macro: libgcrypt_date 2017-07-18
-#+macro: libgcrypt_size 2893k
-#+macro: libgcrypt_sha1 b4ffb20369f2ab8249d5cc0fb8b3b31371f6b112
-#+macro: libgcrypt_sha2 23e49697b87cc4173b03b4757c8df4314e3149058fa18bdc4f82098f103d891b
+#+macro: libgcrypt_ver  1.8.1
+#+macro: libgcrypt_date 2017-08-27
+#+macro: libgcrypt_size 2897k
+#+macro: libgcrypt_sha1 dd35f00da45602afe81e01f4d60c40bbdd826fe6
+#+macro: libgcrypt_sha2 7a2875f8b1ae0301732e878c0cca2c9664ff09ef71408f085c50e332656a78b3
 
 
 #

-----------------------------------------------------------------------

Summary of changes:
 web/faq/whats-new-in-2.1.org | 20 ++++++++---------
 web/swdb.mac                 | 52 +++++++++++++++++++++++---------------------
 2 files changed, 37 insertions(+), 35 deletions(-)


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Aug 28 13:17:54 2017
From: cvs at cvs.gnupg.org (by Jochen Saalfeld)
Date: Mon, 28 Aug 2017 13:17:54 +0200
Subject: [git] GpgOL - branch, master, updated. gpgol-1.4.0-288-g5423527
Message-ID: <E1dmI3G-0001KU-Ce@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".

The branch, master has been updated
       via  542352760827393803b12ad099d540f6c0b6fb5f (commit)
      from  184b78e3b865bf00006c3e02928452de0cae6d9c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 542352760827393803b12ad099d540f6c0b6fb5f
Author: Jochen Saalfeld <privat at jochen-saalfeld.de>
Date:   Mon Aug 28 13:17:29 2017 +0200

    Update Portugese translations
    
    * po/pt.po: Update
    
    --
    Translation provided by Marco A.G. Pinto.

diff --git a/po/pt.po b/po/pt.po
index 6fe3d65..6bbffc6 100644
--- a/po/pt.po
+++ b/po/pt.po
@@ -1,5 +1,5 @@
 # pt.po - Portuguese translation for GpgOL
-# Copyright (C) 2005, 2007 g10 Code GmbH
+# Copyright (C) 2017 g10 Code GmbH
 # This file is distributed under the same license as the GpgOL package.
 # Werner Koch <wk at gnupg.org>, 2005, 2007.
 #
@@ -8,7 +8,7 @@ msgstr ""
 "Project-Id-Version: GpgOL 1.1.1\n"
 "Report-Msgid-Bugs-To: bug-gpgol at g10code.com\n"
 "POT-Creation-Date: 2017-07-27 09:17+0200\n"
-"PO-Revision-Date: 2016-02-02 17:33+0000\n"
+"PO-Revision-Date: 2017-08-26 07:52+0100\n"
 "Last-Translator: Marco A.G.Pinto <marcoagpinto at mail.telepac.pt>\n"
 "Language-Team: Portuguese <marcoagpinto at mail.telepac.pt>\n"
 "Language: pt\n"
@@ -16,7 +16,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "X-Poedit-SourceCharset: UTF-8\n"
-"X-Generator: Poedit 1.8.6\n"
+"X-Generator: Poedit 2.0.3\n"
 
 #: src/addin-options.cpp:37 src/gpgoladdin.cpp:1139 src/gpgoladdin.cpp:1222
 #: src/gpgoladdin.cpp:1301 src/olflange-dlgs.cpp:43
@@ -25,11 +25,11 @@ msgstr "Geral"
 
 #: src/addin-options.cpp:38 src/olflange-dlgs.cpp:44
 msgid "Enable the S/MIME support"
-msgstr "Activar o suporte S/MIME"
+msgstr "Ativar o suporte S/MIME"
 
 #: src/addin-options.cpp:40
 msgid "Enable simplified interface (experimental)"
-msgstr ""
+msgstr "Ativar a interface simplificada (experimental)"
 
 #: src/addin-options.cpp:43 src/olflange-dlgs.cpp:46
 msgid "Message sending"
@@ -37,7 +37,7 @@ msgstr "Envio de mensagem"
 
 #: src/addin-options.cpp:44 src/olflange-dlgs.cpp:47
 msgid "&Encrypt new messages by default"
-msgstr "&Encriptar novas mensagens por defeito"
+msgstr "Encriptar novas mensagens por defeito"
 
 #: src/addin-options.cpp:45 src/olflange-dlgs.cpp:48
 msgid "&Sign new messages by default"
@@ -45,31 +45,33 @@ msgstr "Assinar novas mensagens por defeito"
 
 #: src/addin-options.cpp:46
 msgid "&Send OpenPGP mails without attachments as PGP/Inline"
-msgstr ""
+msgstr "Enviar mails OpenPGP sem anexos como PGP/Inline"
 
 #: src/addin-options.cpp:48
 msgid "S&elect crypto settings automatically for reply and foward."
 msgstr ""
+"Seleciona as defini??es de criptografia automaticamente para responder e "
+"encaminhar."
 
 #: src/addin-options.cpp:50
 msgid "&Search for OpenPGP keys automatically when encrypting"
-msgstr ""
+msgstr "Procurar as chaves OpenPGP automaticamente ao encriptar"
 
 #: src/addin-options.cpp:53
 msgid "Debug..."
-msgstr ""
+msgstr "Debug..."
 
 #: src/addin-options.cpp:54
 msgid "Configure GnuPG"
-msgstr ""
+msgstr "Configurar o GnuPG"
 
 #: src/addin-options.cpp:55
 msgid "Version "
-msgstr ""
+msgstr "Vers?o"
 
 #: src/addin-options.cpp:133
 msgid "Changing the interface requires a restart of Outlook."
-msgstr ""
+msgstr "Mudar a interface requer reiniciar o Outlook."
 
 #: src/addin-options.cpp:134 src/cmdbarcontrols.cpp:105 src/engine.c:377
 #: src/explorers.cpp:204 src/explorers.cpp:209 src/gpgoladdin.cpp:314
@@ -115,7 +117,7 @@ msgstr ""
 
 #: src/cmdbarcontrols.cpp:104
 msgid "Could not start certificate manager"
-msgstr "Die Zertifikatsverwaltung konnte nicht aufgerufen werden"
+msgstr "N?o foi poss?vel iniciar o gestor de certificados"
 
 #: src/common.c:237
 msgid "GpgOL - Save attachment"
@@ -139,7 +141,7 @@ msgstr "GnuPG Gestor de Certificados"
 
 #: src/explorers.cpp:140
 msgid "Remove GpgOL flags from this folder"
-msgstr "Remover as flags GpgOL desta pasta"
+msgstr "Remover as sinaliza??es GpgOL desta pasta"
 
 #: src/explorers.cpp:167
 msgid "Open the certificate manager"
@@ -157,9 +159,9 @@ msgid ""
 "Note that if you start Outlook again with GpgOL still being installed, GpgOL "
 "will again process messages."
 msgstr ""
-"Est?s prestes a iniciar o processo de reverter mensagens criadas pelo GpgOL "
-"para preparar a desinstala??o do GpgOL. Executar este comando colocar? o "
-"GpgOL num estado desactivado para que as mensagens n?o sejam mais "
+"Est?s prestes a iniciar o processo de reverter as mensagens criadas pelo "
+"GpgOL para preparar a desinstala??o do GpgOL. Executar este comando colocar? "
+"o GpgOL num estado desativado para que as mensagens n?o sejam mais "
 "processadas pelo GpgOL.\n"
 "\n"
 "Deves converter todas as pastas uma ap?s a outra com este comando, fechar o "
@@ -173,38 +175,32 @@ msgid "Do you want to revert this folder?"
 msgstr "Queres reverter esta pasta?"
 
 #: src/gpgoladdin.cpp:446 src/mail.cpp:1428 src/mail.cpp:1499
-#, fuzzy
 msgid "GpgOL: Encrypted Message"
-msgstr "Encriptar a mensagem."
+msgstr "GpgOL: Mensagem Encriptada"
 
 #: src/gpgoladdin.cpp:447 src/mail.cpp:1429 src/mail.cpp:1500
 msgid "GpgOL: Trusted Sender Address"
-msgstr ""
+msgstr "GpgOL: Endere?o de Remetente Confi?vel"
 
 #: src/gpgoladdin.cpp:800
-#, fuzzy
 msgid "Encrypt the message"
-msgstr "Encriptar a mensagem."
+msgstr "Encriptar a mensagem"
 
 #: src/gpgoladdin.cpp:802
-#, fuzzy
 msgid "Encrypts the message and all attachments before sending"
-msgstr "Encripta a mensagem e todos os anexos antes de enviar."
+msgstr "Encripta a mensagem e todos os anexos antes de enviar"
 
 #: src/gpgoladdin.cpp:804
-#, fuzzy
 msgid "Sign the message"
-msgstr "Assinar a mensagem."
+msgstr "Assinar a mensagem"
 
 #: src/gpgoladdin.cpp:806
-#, fuzzy
 msgid "Sign the message and all attachments before sending"
-msgstr "Assinar a mensagem e todos os anexos antes de enviar."
+msgstr "Assinar a mensagem e todos os anexos antes de enviar"
 
 #: src/gpgoladdin.cpp:809
-#, fuzzy
 msgid "Sign and encrypt the message"
-msgstr "Desencriptar a mensagem"
+msgstr "Assinar e encriptar a mensagem"
 
 #: src/gpgoladdin.cpp:811
 msgid ""
@@ -212,14 +208,17 @@ msgid ""
 "can be sure that no one modified the message and only the recipients can "
 "read it"
 msgstr ""
+"Encriptar e assinar criptograficamente uma mensagem significa que os "
+"destinat?rios podem ter a certeza que ningu?m modificou a mensagem e apenas "
+"os destinat?rios podem l?-la"
 
 #: src/gpgoladdin.cpp:815
 msgid "Open the settings dialog for GpgOL"
-msgstr ""
+msgstr "Abre o di?logo de defini??es para o GpgOL"
 
 #: src/gpgoladdin.cpp:865 src/gpgoladdin.cpp:983
 msgid "Secure"
-msgstr ""
+msgstr "Seguro"
 
 #: src/gpgoladdin.cpp:866 src/gpgoladdin.cpp:984 src/gpgoladdin.cpp:1145
 msgid "Sign"
@@ -256,8 +255,8 @@ msgid ""
 "Choose the certificates for which the message should be encrypted and "
 "replace the text with the encrypted message."
 msgstr ""
-"Escolhe os certificados para que a mensagem deve ser encriptada e substitui "
-"o texto com a mensagem encriptada."
+"Escolher os certificados para quem a mensagem deve ser encriptada e "
+"substitui o texto com a mensagem encriptada."
 
 #: src/gpgoladdin.cpp:1023
 msgid "Add a file as an encrypted attachment"
@@ -309,7 +308,7 @@ msgstr ""
 
 #: src/gpgoladdin.cpp:1047
 msgid "Open the settings dialog for GpgOL."
-msgstr ""
+msgstr "Abre o di?logo de defini??es para o GpgOL"
 
 #: src/gpgoladdin.cpp:1140 src/gpgoladdin.cpp:1223 src/gpgoladdin.cpp:1302
 msgid "Start Certificate Manager"
@@ -333,7 +332,7 @@ msgstr "Ficheiro encriptado"
 
 #: src/gpgoladdin.cpp:1149
 msgid "Encrypted file and Signature"
-msgstr "Ficheiro encriptado e assinatura"
+msgstr "Ficheiro encriptado e Assinatura"
 
 #: src/gpgoladdin.cpp:1228 src/gpgoladdin.cpp:1305 src/gpgoladdin.cpp:1306
 msgid "Save and decrypt"
@@ -341,11 +340,11 @@ msgstr "Gravar e desencriptar"
 
 #: src/inspectors.cpp:690
 msgid "&encrypt message with GnuPG"
-msgstr "Encriptar mensagem com GnuPG"
+msgstr "Encriptar mensagem com o GnuPG"
 
 #: src/inspectors.cpp:704
 msgid "&sign message with GnuPG"
-msgstr "Assinar mensagem com GnuPG"
+msgstr "Assinar mensagem com o GnuPG"
 
 #: src/inspectors.cpp:730
 msgid "GpgOL Decrypt/Verify"
@@ -353,11 +352,11 @@ msgstr "GpgOL Desencriptar/Verificar"
 
 #: src/inspectors.cpp:791
 msgid "Encrypt message with GnuPG"
-msgstr "Encriptar mensagem com GnuPG"
+msgstr "Encriptar mensagem com o GnuPG"
 
 #: src/inspectors.cpp:807
 msgid "Sign message with GnuPG"
-msgstr "Assinar mensagem com GnuPG"
+msgstr "Assinar mensagem com o GnuPG"
 
 #: src/inspectors.cpp:924
 msgid ""
@@ -373,7 +372,7 @@ msgid ""
 "Click for more information. "
 msgstr ""
 "Esta ? uma mensagem assinada.\n"
-"Clica para mais informa??o. "
+"Clica para mais informa??o."
 
 #: src/inspectors.cpp:936
 msgid ""
@@ -381,7 +380,7 @@ msgid ""
 "Click for more information. "
 msgstr ""
 "Esta ? uma mensagem encriptada.\n"
-"Clica para mais informa??o. "
+"Clica para mais informa??o."
 
 #: src/mail.cpp:338
 msgid ""
@@ -389,6 +388,9 @@ msgid ""
 "The unsigned / unencrypted attachments are:\n"
 "\n"
 msgstr ""
+"Nem todos os anexos foram encriptados ou assinados.\n"
+"Os anexos n?o-assinados / n?o-encriptados s?o:\n"
+"\n"
 
 #: src/mail.cpp:343
 msgid ""
@@ -396,6 +398,9 @@ msgid ""
 "The unsigned attachments are:\n"
 "\n"
 msgstr ""
+"Nem todos os anexos foram assinados.\n"
+"Os anexos n?o-assinados s?o:\n"
+"\n"
 
 #: src/mail.cpp:348
 msgid ""
@@ -403,108 +408,110 @@ msgid ""
 "The unencrypted attachments are:\n"
 "\n"
 msgstr ""
+"Nem todos os anexos foram encriptados.\n"
+"Os anexos n?o-encriptados s?o:\n"
+"\n"
 
 #: src/mail.cpp:386
 msgid ""
 "Note: The attachments may be encrypted or signed on a file level but the "
 "GpgOL status does not apply to them."
 msgstr ""
+"Nota: Os anexos podem ser encriptados ou assinados a n?vel de ficheiro, mas "
+"o status do GpgOL n?o se aplica a eles."
 
 #: src/mail.cpp:389
 msgid "GpgOL Warning"
-msgstr ""
+msgstr "Aviso do GpgOL"
 
 #: src/mail.cpp:710 src/mail.cpp:1745
-#, fuzzy
 msgid "Encrypted message"
-msgstr "Encriptar a mensagem."
+msgstr "Mensagem encriptada"
 
 #: src/mail.cpp:711
 msgid "Please wait while the message is being decrypted / verified..."
 msgstr ""
+"Por favor aguarda enquanto a mensagem est? a ser desencriptada / "
+"verificada..."
 
 #: src/mail.cpp:1690
 msgid "Security Level 4"
-msgstr ""
+msgstr "N?vel de seguran?a 4"
 
 #: src/mail.cpp:1694
 msgid "Trust Level 4"
-msgstr ""
+msgstr "N?vel de Confian?a 4"
 
 #: src/mail.cpp:1698
 msgid "Security Level 3"
-msgstr ""
+msgstr "N?vel de Seguran?a 3"
 
 #: src/mail.cpp:1702
 msgid "Trust Level 3"
-msgstr ""
+msgstr "N?vel de Confian?a 3"
 
 #: src/mail.cpp:1706
 msgid "Security Level 2"
-msgstr ""
+msgstr "N?vel de Seguran?a 2"
 
 #: src/mail.cpp:1710
 msgid "Trust Level 2"
-msgstr ""
+msgstr "N?vel de Confian?a 2"
 
 #: src/mail.cpp:1714
-#, fuzzy
 msgid "Encrypted"
-msgstr "Encriptar"
+msgstr "Encriptada"
 
 #: src/mail.cpp:1723 src/mail.cpp:1725 src/ribbon-callbacks.cpp:1569
 msgid "Insecure"
-msgstr ""
+msgstr "Insegura"
 
 #: src/mail.cpp:1737
-#, fuzzy
 msgid "Signed and encrypted message"
-msgstr "Encriptar a mensagem."
+msgstr "Mensagem assinada e encriptada"
 
 #: src/mail.cpp:1741
-#, fuzzy
 msgid "Signed message"
-msgstr "Assinar a mensagem."
+msgstr "Mensagem assinada"
 
 #: src/mail.cpp:1748 src/ribbon-callbacks.cpp:1592
-#, fuzzy
 msgid "Insecure message"
-msgstr "Encriptar a mensagem."
+msgstr "Mensagem insegura"
 
 #: src/mail.cpp:1758
 msgid "You cannot be sure who sent, modified and read the message in transit."
 msgstr ""
+"N?o podes ter certeza quem enviou, modificou e leu a mensagem em tr?nsito."
 
 #: src/mail.cpp:1767
-#, fuzzy
 msgid "The encryption was VS-NfD-compliant."
-msgstr "Esta assinatura ? v?lida\n"
+msgstr "A encripta??o foi em conformidade com VS-NfD."
 
 #: src/mail.cpp:1771
-#, fuzzy
 msgid "The encryption was not VS-NfD-compliant."
-msgstr "Esta assinatura ? v?lida\n"
+msgstr "A encripta??o n?o foi em conformidade com VS-NfD."
 
 #: src/mail.cpp:1775
 msgid "You cannot be sure who sent the message because it is not signed."
 msgstr ""
+"N?o podes ter certeza de quem enviou a mensagem, porque n?o est? assinada."
 
 #: src/mail.cpp:1797
-#, fuzzy
 msgid "You signed this message."
-msgstr "Assinar a mensagem."
+msgstr "Assinaste esta mensagem."
 
 #: src/mail.cpp:1801
 msgid "The senders identity was certified by yourself."
-msgstr ""
+msgstr "A identidade dos remetentes foi certificada por ti pr?prio."
 
 #: src/mail.cpp:1805
 msgid "The sender is allowed to certify identities for you."
-msgstr ""
+msgstr "O remetente pode certificar identidades para ti."
 
 #: src/mail.cpp:1818
 msgid "The senders identity was certified by several trusted people."
 msgstr ""
+"A identidade dos remetentes foi certificada por v?rias pessoas confi?veis."
 
 #: src/mail.cpp:1823
 #, c-format
@@ -512,10 +519,12 @@ msgid ""
 "The senders identity is certified by the trusted issuer:\n"
 "'%s'\n"
 msgstr ""
+"A identidade dos remetentes ? certificada pelo emissor confi?vel:\n"
+"'%s'\n"
 
 #: src/mail.cpp:1831
 msgid "Some trusted people have certified the senders identity."
-msgstr ""
+msgstr "Algumas pessoas confi?veis certificaram a identidade dos remetentes."
 
 #: src/mail.cpp:1841
 #, c-format
@@ -524,10 +533,13 @@ msgid ""
 "history with this address starting on %s.\n"
 "You encrypted %i and verified %i messages since."
 msgstr ""
+"O endere?o dos remetentes ? confi?vel, porque estabeleceste um hist?rico de "
+"comunica??o com este endere?o a partir de %s.\n"
+"Encriptaste %i e verificaste %i mensagens desde ent?o."
 
 #: src/mail.cpp:1857
 msgid "The senders signature was verified for the first time."
-msgstr ""
+msgstr "A assinatura dos remetentes foi verificada pela primeira vez."
 
 #: src/mail.cpp:1864
 #, c-format
@@ -535,125 +547,123 @@ msgid ""
 "The senders address is not trustworthy yet because you only verified %i "
 "messages and encrypted %i messages to it since %s."
 msgstr ""
+"O endere?o dos remetentes ainda n?o ? confi?vel porque apenas verificaste %i "
+"mensagens e encriptaste %i mensagens a eles desde %s."
 
 #: src/mail.cpp:1878
 msgid "But the sender address is not trustworthy because:"
-msgstr ""
+msgstr "Mas o endere?o do remetente n?o ? confi?vel porque:"
 
 #: src/mail.cpp:1879
 msgid "The sender address is not trustworthy because:"
-msgstr ""
+msgstr "O endere?o do remetente n?o ? confi?vel porque:"
 
 #: src/mail.cpp:1887
-#, fuzzy
 msgid "The signature is invalid: \n"
-msgstr "Esta assinatura ? v?lida\n"
+msgstr "A assinatura ? inv?lida: \n"
 
 #: src/mail.cpp:1892
 msgid "There was an error verifying the signature.\n"
-msgstr ""
+msgstr "Houve um erro ao verificar a assinatura.\n"
 
 #: src/mail.cpp:1896
-#, fuzzy
 msgid "The signature is expired.\n"
-msgstr "Esta assinatura ? v?lida\n"
+msgstr "A assinatura expirou.\n"
 
 #: src/mail.cpp:1900
 msgid "The used key"
-msgstr ""
+msgstr "A chave usada"
 
 #: src/mail.cpp:1900
-#, fuzzy
 msgid "The used certificate"
-msgstr "?berpr?fung"
+msgstr "O certificado usado"
 
 #: src/mail.cpp:1908
-#, fuzzy
 msgid "is not available."
-msgstr "O CRL n?o est? dispon?vel\n"
+msgstr "n?o est? dispon?vel."
 
 #: src/mail.cpp:1912
 msgid "is revoked."
-msgstr ""
+msgstr "est? revogado."
 
 #: src/mail.cpp:1916
 msgid "is expired."
-msgstr ""
+msgstr "expirou."
 
 #: src/mail.cpp:1920
 msgid "is not meant for signing."
-msgstr ""
+msgstr "n?o ? destinado a assinar."
 
 #: src/mail.cpp:1924 src/mail.cpp:1928
 msgid "could not be checked for revocation."
-msgstr ""
+msgstr "n?o pode ser verificado para revoga??o."
 
 #: src/mail.cpp:1933
 msgid "is not the same as the key that was used for this address in the past."
-msgstr ""
+msgstr "n?o ? o mesmo que a chave usada para este endere?o no passado."
 
 #: src/mail.cpp:1939
 #, c-format
 msgid "does not claim the address: \"%s\"."
-msgstr ""
+msgstr "n?o reivindica o endere?o: \"%s\"."
 
 #: src/mail.cpp:1952
 msgid "is not certified by any trustworthy key."
-msgstr ""
+msgstr "n?o ? certificado por qualquer chave confi?vel."
 
 #: src/mail.cpp:1956
 msgid ""
 "is not certified by a trustworthy Certificate Authority or the Certificate "
 "Authority is unknown."
 msgstr ""
+"n?o est? certificado por uma Autoridade de Certifica??o confi?vel ou a "
+"Autoridade de Certifica??o ? desconhecida."
 
 #: src/mail.cpp:1961
 msgid "The sender marked this address as revoked."
-msgstr ""
+msgstr "O remetente marcou este endere?o como revogado."
 
 #: src/mail.cpp:1965
 msgid "is marked as not trustworthy."
-msgstr ""
+msgstr "est? marcado como n?o confi?vel."
 
 #: src/mail.cpp:1975
-#, fuzzy
 msgid "The signature is VS-NfD-compliant."
-msgstr "Esta assinatura ? v?lida\n"
+msgstr "A assinatura est? em conformidade com VS-NfD."
 
 #: src/mail.cpp:1979
-#, fuzzy
 msgid "The signature is not VS-NfD-compliant."
-msgstr "Esta assinatura ? v?lida\n"
+msgstr "A assinatura n?o est? em conformidade com VS-NfD."
 
 #: src/mail.cpp:1987
-#, fuzzy
 msgid "The encryption is VS-NfD-compliant."
-msgstr "Esta assinatura ? v?lida\n"
+msgstr "A encripta??o est? em conformidade com VS-NfD."
 
 #: src/mail.cpp:1991
-#, fuzzy
 msgid "The encryption is not VS-NfD-compliant."
-msgstr "Esta assinatura ? v?lida\n"
+msgstr "A encripta??o n?o est? em conformidade com VS-NfD."
 
 #: src/mail.cpp:1998
 msgid "Click here to change the key used for this address."
-msgstr ""
+msgstr "Clica aqui para alterar a chave usada para este endere?o."
 
 #: src/mail.cpp:2002
 msgid "Click here for details about the key."
-msgstr ""
+msgstr "Clica aqui para obter detalhes sobre a chave."
 
 #: src/mail.cpp:2003
 msgid "Click here for details about the certificate."
-msgstr ""
+msgstr "Clica aqui para obter detalhes sobre o certificado."
 
 #: src/mail.cpp:2007
 msgid "Click here to search the key on the configured keyserver."
-msgstr ""
+msgstr "Clica aqui para localizar a chave no servidor de chaves configurado."
 
 #: src/mail.cpp:2008
 msgid "Click here to search the certificate on the configured X509 keyserver."
 msgstr ""
+"Clica aqui para localizar o certificado X509 no servidor de chaves "
+"configurado."
 
 #: src/mailitem.cpp:160 src/message-events.cpp:279
 msgid ""
@@ -663,11 +673,11 @@ msgid ""
 msgstr ""
 "Desculpa, s? podemos encriptar mensagens de texto simples e\n"
 "n?o mensagens RTF. Por favor certifica-te que apenas o formato\n"
-"de texto foi seleccionado."
+"de texto foi selecionado."
 
 #: src/mailitem-events.cpp:285
 msgid "Sorry, that's not possible, yet"
-msgstr ""
+msgstr "Desculpa, isso n?o ? poss?vel, ainda"
 
 #: src/mailitem-events.cpp:287
 #, c-format
@@ -680,11 +690,21 @@ msgid ""
 "\n"
 "For example by right clicking but not selecting the message.\n"
 msgstr ""
+"O GpgOL impediu a mudan?a para a propriedade \"%s\".\n"
+"As altera??es de propriedade n?o s?o ainda manejadas para mensagens de "
+"criptografia.\n"
+"\n"
+"Para contornar esta limita??o, por favor altera a propriedade quando a "
+"mensagem n?o est? aberta em qualquer janela e n?o est? selecionada na lista "
+"de mensagens.\n"
+"\n"
+"Por exemplo, ao clicar com o bot?o direito do rato, mas n?o selecionar a "
+"mensagem.\n"
 
 #: src/main.c:466
 #, c-format
 msgid "Note: Using compatibility flags: %s"
-msgstr "Nota: A usar flags de compatibilidade: %s"
+msgstr "Nota: A usar sinalizadores de compatibilidade: %s"
 
 #: src/mapihelp.cpp:1707 src/mapihelp.cpp:1715 src/mapihelp.cpp:1723
 msgid "[no subject]"
@@ -711,7 +731,8 @@ msgstr ""
 #: src/message.cpp:178
 msgid "[Crypto operation failed - can't show the body of the message]"
 msgstr ""
-"[A opera??o Crypto falhou - N?o ? poss?vel mostrar o corpo da mensagem]"
+"[A opera??o criptogr?fica falhou - n?o ? poss?vel mostrar o corpo da "
+"mensagem]"
 
 #: src/message.cpp:280
 #, c-format
@@ -722,8 +743,8 @@ msgid ""
 "%s"
 msgstr ""
 "Status da assinatura: %s\n"
-"Classe da mensagem: %s\n"
-"Estrutura MIME.......:\n"
+"Classe da mensagem: ..: %s\n"
+"Estrutura MIME .:\n"
 "%s"
 
 #: src/message.cpp:288
@@ -744,7 +765,7 @@ msgid ""
 "that S/MIME processing has been enabled."
 msgstr ""
 "A verifica??o da assinatura desta mensagem S/MIME n?o ? poss?vel. Por favor "
-"verifica se o processamento S/MIME foi activado."
+"verifica se o processamento S/MIME foi ativado."
 
 #: src/message.cpp:538
 msgid "This message has no signature."
@@ -765,11 +786,11 @@ msgstr ""
 
 #: src/message.cpp:1094
 msgid "No recipients to encrypt to are given"
-msgstr "N?o foram seleccionados destinat?rios para a encripta??o"
+msgstr "N?o foram selecionados destinat?rios para a encripta??o"
 
 #: src/message.cpp:1109 src/message.cpp:1136
 msgid "Encrypting or signing an empty message is not possible."
-msgstr "Encriptar ou assinar uma mensagem vazia n?o ? poss?vel."
+msgstr "Encriptar ou assinar uma mensagem em branco n?o ? poss?vel."
 
 #: src/message.cpp:1117
 #, c-format
@@ -816,7 +837,7 @@ msgstr ""
 "\n"
 "Embora test?mos este software extensivamente, n?o podemos dar qualquer "
 "garantia que funcione da forma esperada. A interface de programa??o em uso "
-"n?o foi propriamente documentada pela Microsoft e da? a funcionalidade do "
+"n?o foi devidamente documentada pela Microsoft e da? a funcionalidade do "
 "GpgOL pode cessar com uma actualiza??o do teu sistema Windows.\n"
 "\n"
 "ACONSELHAMOS FORTEMENTE A EXECUTAR TESTES DE ENCRIPTA??O ANTES DE COME?AR A "
@@ -824,7 +845,7 @@ msgstr ""
 "\n"
 "Existem alguns problemas conhecidos, sendo os mais graves o n?o "
 "funcionamento em enviar e-mails encriptados ou assinados usando uma conta "
-"com base no Exchange. Usar o GpgOL com outros plugins do Outlook poder? n?o "
+"com base no Exchange. Usar o GpgOL com outros plug-ins do Outlook poder? n?o "
 "funcionar em alguns casos.\n"
 
 #: src/olflange.cpp:595
@@ -838,7 +859,7 @@ msgstr ""
 "Instalaste uma vers?o nova do GpgOL.\n"
 "\n"
 "Por favor abre o di?logo de op??es e confirma se as defini??es est?o "
-"correctas para as tuas necessidades. O di?logo de op??es pode ser encontrado "
+"corretas para as tuas necessidades. O di?logo de op??es pode ser encontrado "
 "em: Extras->Op??es->GpgOL\n"
 
 #: src/olflange.cpp:796
@@ -855,7 +876,7 @@ msgstr ""
 "Pelo menos as vers?es do Outlook 2003 mais antigas que o SP2 exibem crashes "
 "ao enviar as mensagens e estas podem ficar presas na fila de sa?da.\n"
 "\n"
-"Por favor actualiza pelo menos para o SP2 antes de tentares enviar uma "
+"Por favor atualiza pelo menos para o SP2 antes de tentares enviar uma "
 "mensagem."
 
 #: src/olflange.cpp:811
@@ -864,6 +885,10 @@ msgid ""
 "\n"
 "Please note that any support may be removed in a future version."
 msgstr ""
+"O GpgOL para o Outlook 2003 / 2007 n?o ? mais mantido.\n"
+"\n"
+"Por favor, nota que qualquer tipo de suporte pode ser removido numa vers?o "
+"futura."
 
 #: src/olflange-dlgs.cpp:50
 msgid "Message receiving"
@@ -879,7 +904,7 @@ msgstr "Apresentar mensagem encriptada como anexo"
 
 #: src/olflange-dlgs.cpp:56
 msgid "Crypto Engine"
-msgstr "Motor Crypto"
+msgstr "Motor Criptogr?fico"
 
 #. TRANSLATORS: See the source for the full english text.
 #: src/olflange-dlgs.cpp:256
@@ -910,64 +935,67 @@ msgstr "Esta ? a vers?o do GpgOL %s"
 
 #: src/parsecontroller.cpp:162
 msgid "Unknown Key:"
-msgstr ""
+msgstr "Chave Desconhecida:"
 
 #: src/parsecontroller.cpp:177
 msgid "Decryption canceled or timed out."
-msgstr ""
+msgstr "Desencripta??o cancelada ou expirou."
 
 #: src/parsecontroller.cpp:190
 msgid ""
 "No secret key found to decrypt the message. It is encrypted to the following "
 "keys:"
 msgstr ""
+"Nenhuma chave secreta encontrada para desencriptar a mensagem. Est? "
+"encriptada para as seguintes chaves:"
 
 #: src/parsecontroller.cpp:196
 msgid "Could not decrypt the data: "
-msgstr ""
+msgstr "N?o foi poss?vel desencriptar os dados:"
 
 #: src/parsecontroller.cpp:203 src/parsecontroller.cpp:258
-#, fuzzy
 msgid "Encrypted message (decryption not possible)"
-msgstr "Encriptar ou assinar uma mensagem vazia n?o ? poss?vel."
+msgstr "Mensagem encriptada (desencripta??o n?o poss?vel)"
 
 #: src/parsecontroller.cpp:259
 msgid ""
 "Failed to find GnuPG please ensure that GnuPG or Gpg4win is properly "
 "installed."
 msgstr ""
+"Falha ao localizar o GnuPG, por favor certifica-te que o GnuPG ou o Gpg4win "
+"est? corretamente instalado."
 
 #: src/pgpmime.c:358
-#, fuzzy
 msgid ""
 "Error creating file\n"
 "Please select another one"
-msgstr "Erro ao criar ficheiro para anexo."
+msgstr ""
+"Erro ao criar ficheiro\n"
+"Por favor seleciona outro"
 
 #: src/pgpmime.c:510
-#, fuzzy
 msgid "Error writing file"
-msgstr "Erro ao escrever no stream"
+msgstr "Erro ao gravar o ficheiro"
 
 #: src/pgpmime.c:586
 msgid "[PGP/MIME message]"
-msgstr "[PGP/MIME Nachricht]"
+msgstr "[Mensagem PGP/MIME]"
 
 #: src/pgpmime.c:607
 msgid "[PGP/MIME message without plain text body]"
-msgstr "[PGP/MIME Nachricht ohne reinen Textk?rper]"
+msgstr "[Mensagem PGP/MIME sem corpo de texto simples]"
 
 #: src/pgpmime.c:682
 msgid "[PGP/MIME signed message without a plain text body]"
-msgstr "[PGP/MIME signierte Nachricht ohne reinen Textk?rper]"
+msgstr "[Mensagem PGP/MIME assinada sem corpo de texto simples]"
 
 #: src/pgpmime.c:694
 msgid "[PGP/MIME signature]"
-msgstr "[PGP/MIME Signatur]"
+msgstr "[Assinatura PGP/MIME]"
 
 #: src/ribbon-callbacks.cpp:262
 msgid "Please select text to encrypt."
-msgstr "Por favor selecciona texto a encriptar."
+msgstr "Por favor seleciona o texto a encriptar."
 
 #: src/ribbon-callbacks.cpp:274
 msgid "Textbody empty."
@@ -979,11 +1007,11 @@ msgstr "Por favor adiciona pelo menos um destinat?rio."
 
 #: src/ribbon-callbacks.cpp:685
 msgid "Please select a Mail."
-msgstr "Por favor selecciona um mail."
+msgstr "Por favor seleciona um mail."
 
 #: src/ribbon-callbacks.cpp:699
 msgid "Please select the data you wish to decrypt."
-msgstr "Por favor selecciona os dados que desejas desencriptar."
+msgstr "Por favor seleciona os dados que desejas desencriptar."
 
 #: src/ribbon-callbacks.cpp:712
 msgid "Nothing to decrypt."
@@ -999,12 +1027,11 @@ msgstr "Texto assinado"
 
 #: src/ribbon-callbacks.cpp:1084
 msgid "Select file to encrypt"
-msgstr "Selecciona ficheiro a encriptar"
+msgstr "Seleciona ficheiro a encriptar"
 
 #: src/ribbon-callbacks.cpp:1596
-#, fuzzy
 msgid "No message selected"
-msgstr "Esta mensagem n?o est? encriptada."
+msgstr "Nenhuma mensagem selecionada"
 
 #: src/ribbon-callbacks.cpp:1616
 msgid ""
@@ -1012,6 +1039,9 @@ msgid ""
 "\n"
 "Click here to learn more."
 msgstr ""
+"N?o podes ter certeza quem enviou, modificou e leu a mensagem em tr?nsito.\n"
+"\n"
+"Clica aqui para saber mais."
 
 #: src/ribbon-callbacks.cpp:1653
 #, c-format
@@ -1020,12 +1050,17 @@ msgid ""
 "There is no additional information available if it was actually sent by '%s' "
 "or if someone faked the sender address."
 msgstr ""
+"A mensagem n?o foi assinada criptograficamente.\n"
+"N?o h? nenhuma informa??o adicional dispon?vel se ela realmente foi enviada "
+"por '%s' ou se algu?m falsificou o endere?o do remetente."
 
 #: src/ribbon-callbacks.cpp:1704
 msgid ""
 "Could not find Kleopatra.\n"
 "Please reinstall Gpg4win with the Kleopatra component enabled."
 msgstr ""
+"N?o foi poss?vel encontrar Kleopatra.\n"
+"Por favor reinstala o Gpg4win com o componente Kleopatra ativado."
 
 #, fuzzy
 #~ msgid "This message is not signed.\n"

-----------------------------------------------------------------------

Summary of changes:
 po/pt.po | 307 +++++++++++++++++++++++++++++++++++----------------------------
 1 file changed, 171 insertions(+), 136 deletions(-)


hooks/post-receive
-- 
GnuPG extension for MS Outlook
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Aug 28 13:19:11 2017
From: cvs at cvs.gnupg.org (by Jochen Saalfeld)
Date: Mon, 28 Aug 2017 13:19:11 +0200
Subject: [git] GpgEX - branch, master, updated. gpgex-1.0.4-8-g4965492
Message-ID: <E1dmI4V-0002DR-9h@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnupG extension for the Windows Explorer".

The branch, master has been updated
       via  4965492e8b6aaf41cb380f1a0e0dea8753d9e8d5 (commit)
      from  8c3c8dbd7b5c3b527e1af459ba608f5cdb06d8a1 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 4965492e8b6aaf41cb380f1a0e0dea8753d9e8d5
Author: Jochen Saalfeld <privat at jochen-saalfeld.de>
Date:   Mon Aug 28 13:18:47 2017 +0200

    Update Portugese translations
    
    * po/pt.po: Update
    
    --
    Translation provided by Marco A.G. Pinto.

diff --git a/po/pt.po b/po/pt.po
index 9e25777..0ccf5bb 100644
--- a/po/pt.po
+++ b/po/pt.po
@@ -1,5 +1,5 @@
 # Translation of GPGex.
-# Copyright (C) 2013 g10 Code GmbH
+# Copyright (C) 2017 g10 Code GmbH
 # This file is distributed under the same license as the FIXME:GPGex package.
 # Diego Escalante Urrelo <diegoe at gnome.org>, 2008.
 #
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: GpgEX\n"
 "Report-Msgid-Bugs-To: http://bugs.gnupg.org\n"
-"PO-Revision-Date: 2016-02-02 17:33+0000\n"
+"PO-Revision-Date: 2017-08-26 07:52+0100\n"
 "Last-Translator: Marco A.G.Pinto <marcoagpinto at mail.telepac.pt>\n"
 "Language-Team: Portuguese <marcoagpinto at mail.telepac.pt>\n"
 "Language: pt\n"
@@ -16,7 +16,8 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "X-Poedit-SourceCharset: UTF-8\n"
-"X-Generator: Poedit 1.8.6\n"
+"X-Generator: Poedit 2.0.3\n"
+"POT-Creation-Date: \n"
 
 #, c-format
 msgid ""
@@ -31,7 +32,7 @@ msgid ""
 "Error returned by the GnuPG user interface%s%s%s:\r\n"
 "%s"
 msgstr ""
-"Erro devolvido pela interface de utilizador do GnuPG%s%s%s:\r\n"
+"Erro retornado pela interface de utilizador do GnuPG%s%s%s:\r\n"
 "%s"
 
 msgid "Help on GpgEX"
@@ -109,13 +110,13 @@ msgstr "Mostrar mais op??es do GpgEX."
 #. TRANSLATORS: See the source for the full english text.
 msgid "-#GpgEXFullHelpText#-"
 msgstr ""
-"O GpgEX ? um plugin Explorer para encripta??o e assinar dados.\n"
+"O GpgEX ? um plug-in Explorer para encripta??o e assinar dados.\n"
 "Ele usa o software GnuPG (http://www.gnupg.org).\n"
 "\n"
 "O GpgEX ? software livre; podes redistribu?-lo e/ou\n"
 "modific?-lo nos termos da GNU Lesser General Public\n"
 "License, como est? publicado pela Free Software Foundation; quer\n"
-"a vers?o 2.1 da Licen?a,  ou (? tua escolha) qualquer vers?o posterior.\n"
+"a vers?o 2.1 da Licen?a, ou (? tua escolha) qualquer vers?o posterior.\n"
 "\n"
 "O GpgEX ? distribu?do na esperan?a que possa ser ?til,\n"
 "mas SEM QUALQUER GARANTIA; nem mesmo a garantia impl?cita de\n"

-----------------------------------------------------------------------

Summary of changes:
 po/pt.po | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)


hooks/post-receive
-- 
GnupG extension for the Windows Explorer
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Aug 28 14:01:26 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 28 Aug 2017 14:01:26 +0200
Subject: [git] gnupg-doc - branch, master,
 updated. 2d68f648fbe95021ea090df64a7d3902a516dc0d
Message-ID: <E1dmIjO-0001Qd-AS@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, master has been updated
       via  2d68f648fbe95021ea090df64a7d3902a516dc0d (commit)
      from  4cd6b84cfef859cf13d669ade779d2927743f6ac (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 2d68f648fbe95021ea090df64a7d3902a516dc0d
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Aug 28 13:57:35 2017 +0200

    web: Announce 2.2.0

diff --git a/web/index.org b/web/index.org
index edce9f3..b8b16f9 100644
--- a/web/index.org
+++ b/web/index.org
@@ -48,28 +48,6 @@ Please visit the [[https://emailselfdefense.fsf.org][Email Self-Defense]] site t
 should use GnuPG for your electronic communication.  If you need
 printed leaflets check out [[https://fsfe.org/contribute/spreadtheword.html#gnupg-leaflet][FSFE?s GnuPG leaflet]].
 
-* GnuPG needs your support to help protect online privacy.
-
-Please consider [[file:donate/index.org][donating]] to ensure that this critical piece of
-software continues to work for everyone.
-
-#+begin_html
- <div class="left" style="font-size: 150%">
- <p>
-  <!--CMPGN-RECUR-EURO-->
-  a month <br/>
-  <small>of
-  <!--CMPGN-RECUR-EURO-GOAL-->
-  needed.<br/>
-  <!--CMPGN-RECUR-COUNT-->
-  Supporters.<br/>
-  <!--CMPGN-ONCE-EURO-->
-  in one-time donations.</small><br/>
- </p>
- <p><a href="donate/index.html">Continue to campaign page</a></p>
- </div>
-#+end_html
-
 
 * News
 #+index: News
@@ -88,6 +66,15 @@ The latest release news:\\
 # GnuPG's latest news are available as [[http://feedvalidator.org/check.cgi?url%3Dhttps://www.gnupg.org/news.en.rss][RSS 2.0 compliant]] feed.  Just
 # point or paste the [[news.en.rss][RSS file]] into your aggregator.
 
+** GnuPG 2.2.0 released (2017-08-28)
+
+The GnuPG team is pleased to announce the availability of a new
+GnuPG release: version 2.2.0. Read {[[https://lists.gnupg.org/pipermail/gnupg-announce/2017q3/000413.html][more]]} for details.
+
+This release marks the start of a new long term support series to
+replace the 2.0.x series which will reach end-of-life on 2017-12-31.
+
+
 ** GnuPG 2.1.23 released (2017-08-09)
 
 A new version of GnuPG has been released.  Please read the full

-----------------------------------------------------------------------

Summary of changes:
 web/index.org | 31 +++++++++----------------------
 1 file changed, 9 insertions(+), 22 deletions(-)


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Aug 29 03:14:54 2017
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Tue, 29 Aug 2017 03:14:54 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.8.1-10-g1d5f726
Message-ID: <E1dmV7H-0000Ie-6E@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  1d5f726668b9cc32d6bb601f2329987058146c6c (commit)
       via  fab712d654b2ccd24696ed90bc239860a128ad5b (commit)
       via  1ac3d3637dd80013b78e03b9b9f582091710d908 (commit)
       via  e9be23c4ad9f42c9d3198c706f912b7e27f574bc (commit)
       via  449459a2770d3aecb1f36502bf1903e0cbd2873e (commit)
       via  9ed0fb37bd637d1a2e9498c24097cfeadec682ec (commit)
       via  d4cd381defe5b37dda19bbda0986bdd38065bd31 (commit)
      from  52af575ae4d6961edf459d5ba7f7a8057ed4cb80 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 1d5f726668b9cc32d6bb601f2329987058146c6c
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Wed Aug 23 13:03:07 2017 +0900

    ecc: Fix ec_mulm_25519.
    
    * mpi/ec.c (ec_mulm_25519): Improve reduction to 25519.
    
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/mpi/ec.c b/mpi/ec.c
index ffdf3d1..88e2fab 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -455,13 +455,10 @@ ec_mulm_25519 (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx)
   m[LIMB_SIZE_25519] += cy;
 
   memset (m, 0, wsize * BYTES_PER_MPI_LIMB);
-  m[0] = m[LIMB_SIZE_25519] * 2 * 19;
-  cy = _gcry_mpih_add_n (wp, wp, m, wsize);
-
   msb = (wp[LIMB_SIZE_25519-1] >> (255 % BITS_PER_MPI_LIMB));
-  m[0] = (cy * 2 + msb) * 19;
-  _gcry_mpih_add_n (wp, wp, m, wsize);
+  m[0] = (m[LIMB_SIZE_25519] * 2 + msb) * 19;
   wp[LIMB_SIZE_25519-1] &= ~(1UL << (255 % BITS_PER_MPI_LIMB));
+  _gcry_mpih_add_n (wp, wp, m, wsize);
 
   m[0] = 0;
   cy = _gcry_mpih_sub_n (wp, wp, ctx->p->d, wsize);

commit fab712d654b2ccd24696ed90bc239860a128ad5b
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Wed Aug 23 12:46:20 2017 +0900

    ecc: Use 25519 method also for ed25519.
    
    * cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Don't use mpi_add
    since it resizes to have more limbs.
    * mpi/ec.c (point_resize): Fix for Edwards curve.
    (ec_p_init): Support Edwards curve.
    (_gcry_mpi_ec_get_affine): Use the methods.
    (dup_point_edwards, add_points_edwards, sub_points_edwards): Ditto.
    (_gcry_mpi_ec_mul_point): Resize MPIs of point to fixed size.
    (_gcry_mpi_ec_curve_point): Use the methods.
    
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/cipher/Makefile.am b/cipher/Makefile.am
index 95c4510..ee99262 100644
--- a/cipher/Makefile.am
+++ b/cipher/Makefile.am
@@ -21,7 +21,7 @@
 
 # Need to include ../src in addition to top_srcdir because gcrypt.h is
 # a built header.
-AM_CPPFLAGS = -I../src -I$(top_srcdir)/src
+AM_CPPFLAGS = -I../src -I$(top_srcdir)/src -I../mpi -I$(top_srcdir)/mpi
 AM_CFLAGS = $(GPG_ERROR_CFLAGS)
 
 AM_CCASFLAGS = $(NOEXECSTACK_FLAGS)
diff --git a/cipher/ecc-curves.c b/cipher/ecc-curves.c
index 3488ed3..86d0b4e 100644
--- a/cipher/ecc-curves.c
+++ b/cipher/ecc-curves.c
@@ -26,6 +26,7 @@
 
 #include "g10lib.h"
 #include "mpi.h"
+#include "mpi-internal.h"
 #include "cipher.h"
 #include "context.h"
 #include "ec-context.h"
@@ -563,13 +564,25 @@ _gcry_ecc_fill_in_curve (unsigned int nbits, const char *name,
         {
           curve->a = scanval (domain_parms[idx].a);
           if (curve->a->sign)
-            mpi_add (curve->a, curve->p, curve->a);
+            {
+              mpi_resize (curve->a, curve->p->nlimbs);
+              _gcry_mpih_sub_n (curve->a->d, curve->p->d,
+                                curve->a->d, curve->p->nlimbs);
+              curve->a->nlimbs = curve->p->nlimbs;
+              curve->a->sign = 0;
+            }
         }
       if (!curve->b)
         {
           curve->b = scanval (domain_parms[idx].b);
           if (curve->b->sign)
-            mpi_add (curve->b, curve->p, curve->b);
+            {
+              mpi_resize (curve->b, curve->p->nlimbs);
+              _gcry_mpih_sub_n (curve->b->d, curve->p->d,
+                                curve->b->d, curve->p->nlimbs);
+              curve->b->nlimbs = curve->p->nlimbs;
+              curve->b->sign = 0;
+            }
         }
       if (!curve->n)
         curve->n = scanval (domain_parms[idx].n);
diff --git a/mpi/ec.c b/mpi/ec.c
index a47e223..ffdf3d1 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -156,28 +156,17 @@ _gcry_mpi_point_copy (gcry_mpi_point_t point)
 static void
 point_resize (mpi_point_t p, mpi_ec_t ctx)
 {
-  size_t nlimbs;
+  size_t nlimbs = ctx->p->nlimbs;
 
-  if (ctx->model == MPI_EC_MONTGOMERY)
-    {
-      nlimbs = ctx->p->nlimbs;
+  mpi_resize (p->x, nlimbs);
+  p->x->nlimbs = nlimbs;
+  mpi_resize (p->z, nlimbs);
+  p->z->nlimbs = nlimbs;
 
-      mpi_resize (p->x, nlimbs);
-      mpi_resize (p->z, nlimbs);
-      p->x->nlimbs = nlimbs;
-      p->z->nlimbs = nlimbs;
-    }
-  else
+  if (ctx->model != MPI_EC_MONTGOMERY)
     {
-      /*
-       * For now, we allocate enough limbs for our EC computation of ec_*.
-       * Once we will improve ec_* to be constant size (and constant
-       * time), NLIMBS can be ctx->p->nlimbs.
-       */
-      nlimbs = 2*ctx->p->nlimbs+1;
-      mpi_resize (p->x, nlimbs);
       mpi_resize (p->y, nlimbs);
-      mpi_resize (p->z, nlimbs);
+      p->y->nlimbs = nlimbs;
     }
 }
 
@@ -657,6 +646,13 @@ ec_p_init (mpi_ec_t ctx, enum gcry_mpi_ec_models model,
 
           mpi_resize (ctx->a, ctx->p->nlimbs);
           ctx->a->nlimbs = ctx->p->nlimbs;
+
+          mpi_resize (ctx->b, ctx->p->nlimbs);
+          ctx->b->nlimbs = ctx->p->nlimbs;
+
+          for (i=0; i< DIM(ctx->t.scratch); i++)
+            ctx->t.scratch[i]->nlimbs = ctx->p->nlimbs;
+
           break;
         }
 
@@ -909,10 +905,21 @@ _gcry_mpi_ec_get_affine (gcry_mpi_t x, gcry_mpi_t y, mpi_point_t point,
         z = mpi_new (0);
         ec_invm (z, point->z, ctx);
 
+        mpi_resize (z, ctx->p->nlimbs);
+        z->nlimbs = ctx->p->nlimbs;
+
         if (x)
-          ec_mulm (x, point->x, z, ctx);
+          {
+            mpi_resize (x, ctx->p->nlimbs);
+            x->nlimbs = ctx->p->nlimbs;
+            ctx->mulm (x, point->x, z, ctx);
+          }
         if (y)
-          ec_mulm (y, point->y, z, ctx);
+          {
+            mpi_resize (y, ctx->p->nlimbs);
+            y->nlimbs = ctx->p->nlimbs;
+            ctx->mulm (y, point->y, z, ctx);
+          }
 
         _gcry_mpi_release (z);
       }
@@ -1041,41 +1048,41 @@ dup_point_edwards (mpi_point_t result, mpi_point_t point, mpi_ec_t ctx)
   /* Compute: (X_3 : Y_3 : Z_3) = 2( X_1 : Y_1 : Z_1 ) */
 
   /* B = (X_1 + Y_1)^2  */
-  ec_addm (B, X1, Y1, ctx);
-  ec_pow2 (B, B, ctx);
+  ctx->addm (B, X1, Y1, ctx);
+  ctx->pow2 (B, B, ctx);
 
   /* C = X_1^2 */
   /* D = Y_1^2 */
-  ec_pow2 (C, X1, ctx);
-  ec_pow2 (D, Y1, ctx);
+  ctx->pow2 (C, X1, ctx);
+  ctx->pow2 (D, Y1, ctx);
 
   /* E = aC */
   if (ctx->dialect == ECC_DIALECT_ED25519)
-    mpi_sub (E, ctx->p, C);
+    ctx->subm (E, ctx->p, C, ctx);
   else
-    ec_mulm (E, ctx->a, C, ctx);
+    ctx->mulm (E, ctx->a, C, ctx);
 
   /* F = E + D */
-  ec_addm (F, E, D, ctx);
+  ctx->addm (F, E, D, ctx);
 
   /* H = Z_1^2 */
-  ec_pow2 (H, Z1, ctx);
+  ctx->pow2 (H, Z1, ctx);
 
   /* J = F - 2H */
-  ec_mul2 (J, H, ctx);
-  ec_subm (J, F, J, ctx);
+  ctx->mul2 (J, H, ctx);
+  ctx->subm (J, F, J, ctx);
 
   /* X_3 = (B - C - D) ? J */
-  ec_subm (X3, B, C, ctx);
-  ec_subm (X3, X3, D, ctx);
-  ec_mulm (X3, X3, J, ctx);
+  ctx->subm (X3, B, C, ctx);
+  ctx->subm (X3, X3, D, ctx);
+  ctx->mulm (X3, X3, J, ctx);
 
   /* Y_3 = F ? (E - D) */
-  ec_subm (Y3, E, D, ctx);
-  ec_mulm (Y3, Y3, F, ctx);
+  ctx->subm (Y3, E, D, ctx);
+  ctx->mulm (Y3, Y3, F, ctx);
 
   /* Z_3 = F ? J */
-  ec_mulm (Z3, F, J, ctx);
+  ctx->mulm (Z3, F, J, ctx);
 
 #undef X1
 #undef Y1
@@ -1293,54 +1300,56 @@ add_points_edwards (mpi_point_t result,
 #define G (ctx->t.scratch[6])
 #define tmp (ctx->t.scratch[7])
 
+  point_resize (result, ctx);
+
   /* Compute: (X_3 : Y_3 : Z_3) = (X_1 : Y_1 : Z_1) + (X_2 : Y_2 : Z_3)  */
 
   /* A = Z1 ? Z2 */
-  ec_mulm (A, Z1, Z2, ctx);
+  ctx->mulm (A, Z1, Z2, ctx);
 
   /* B = A^2 */
-  ec_pow2 (B, A, ctx);
+  ctx->pow2 (B, A, ctx);
 
   /* C = X1 ? X2 */
-  ec_mulm (C, X1, X2, ctx);
+  ctx->mulm (C, X1, X2, ctx);
 
   /* D = Y1 ? Y2 */
-  ec_mulm (D, Y1, Y2, ctx);
+  ctx->mulm (D, Y1, Y2, ctx);
 
   /* E = d ? C ? D */
-  ec_mulm (E, ctx->b, C, ctx);
-  ec_mulm (E, E, D, ctx);
+  ctx->mulm (E, ctx->b, C, ctx);
+  ctx->mulm (E, E, D, ctx);
 
   /* F = B - E */
-  ec_subm (F, B, E, ctx);
+  ctx->subm (F, B, E, ctx);
 
   /* G = B + E */
-  ec_addm (G, B, E, ctx);
+  ctx->addm (G, B, E, ctx);
 
   /* X_3 = A ? F ? ((X_1 + Y_1) ? (X_2 + Y_2) - C - D) */
-  ec_addm (tmp, X1, Y1, ctx);
-  ec_addm (X3, X2, Y2, ctx);
-  ec_mulm (X3, X3, tmp, ctx);
-  ec_subm (X3, X3, C, ctx);
-  ec_subm (X3, X3, D, ctx);
-  ec_mulm (X3, X3, F, ctx);
-  ec_mulm (X3, X3, A, ctx);
+  ctx->addm (tmp, X1, Y1, ctx);
+  ctx->addm (X3, X2, Y2, ctx);
+  ctx->mulm (X3, X3, tmp, ctx);
+  ctx->subm (X3, X3, C, ctx);
+  ctx->subm (X3, X3, D, ctx);
+  ctx->mulm (X3, X3, F, ctx);
+  ctx->mulm (X3, X3, A, ctx);
 
   /* Y_3 = A ? G ? (D - aC) */
   if (ctx->dialect == ECC_DIALECT_ED25519)
     {
-      ec_addm (Y3, D, C, ctx);
+      ctx->addm (Y3, D, C, ctx);
     }
   else
     {
-      ec_mulm (Y3, ctx->a, C, ctx);
-      ec_subm (Y3, D, Y3, ctx);
+      ctx->mulm (Y3, ctx->a, C, ctx);
+      ctx->subm (Y3, D, Y3, ctx);
     }
-  ec_mulm (Y3, Y3, G, ctx);
-  ec_mulm (Y3, Y3, A, ctx);
+  ctx->mulm (Y3, Y3, G, ctx);
+  ctx->mulm (Y3, Y3, A, ctx);
 
   /* Z_3 = F ? G */
-  ec_mulm (Z3, F, G, ctx);
+  ctx->mulm (Z3, F, G, ctx);
 
 
 #undef X1
@@ -1451,7 +1460,7 @@ sub_points_edwards (mpi_point_t result,
 {
   mpi_point_t p2i = _gcry_mpi_point_new (0);
   point_set (p2i, p2);
-  mpi_sub (p2i->x, ctx->p, p2i->x);
+  ctx->subm (p2i->x, ctx->p, p2i->x, ctx);
   add_points_edwards (result, p1, p2i, ctx);
   _gcry_mpi_point_release (p2i);
 }
@@ -1515,6 +1524,7 @@ _gcry_mpi_ec_mul_point (mpi_point_t result,
           mpi_set_ui (result->x, 0);
           mpi_set_ui (result->y, 1);
           mpi_set_ui (result->z, 1);
+          point_resize (point, ctx);
         }
 
       if (mpi_is_secure (scalar))
@@ -1536,6 +1546,12 @@ _gcry_mpi_ec_mul_point (mpi_point_t result,
         }
       else
         {
+          if (ctx->model == MPI_EC_EDWARDS)
+            {
+              point_resize (result, ctx);
+              point_resize (point, ctx);
+            }
+
           for (j=nbits-1; j >= 0; j--)
             {
               _gcry_mpi_ec_dup_point (result, result, ctx);
@@ -1778,19 +1794,21 @@ _gcry_mpi_ec_curve_point (gcry_mpi_point_t point, mpi_ec_t ctx)
         if (_gcry_mpi_ec_get_affine (x, y, point, ctx))
           goto leave;
 
+        mpi_resize (w, ctx->p->nlimbs);
+        w->nlimbs = ctx->p->nlimbs;
+
         /* a ? x^2 + y^2 - 1 - b ? x^2 ? y^2 == 0 */
-        ec_pow2 (x, x, ctx);
-        ec_pow2 (y, y, ctx);
+        ctx->pow2 (x, x, ctx);
+        ctx->pow2 (y, y, ctx);
         if (ctx->dialect == ECC_DIALECT_ED25519)
-          mpi_sub (w, ctx->p, x);
+          ctx->subm (w, ctx->p, x, ctx);
         else
-          ec_mulm (w, ctx->a, x, ctx);
-        ec_addm (w, w, y, ctx);
-        ec_subm (w, w, mpi_const (MPI_C_ONE), ctx);
-        ec_mulm (x, x, y, ctx);
-        ec_mulm (x, x, ctx->b, ctx);
-        ec_subm (w, w, x, ctx);
-        if (!mpi_cmp_ui (w, 0))
+          ctx->mulm (w, ctx->a, x, ctx);
+        ctx->addm (w, w, y, ctx);
+        ctx->mulm (x, x, y, ctx);
+        ctx->mulm (x, x, ctx->b, ctx);
+        ctx->subm (w, w, x, ctx);
+        if (!mpi_cmp_ui (w, 1))
           res = 1;
       }
       break;

commit 1ac3d3637dd80013b78e03b9b9f582091710d908
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Wed Aug 23 12:43:38 2017 +0900

    ecc: Clean up curve specific method support.
    
    * src/ec-context.h (struct mpi_ec_ctx_s): Remove MOD method.
    * mpi/ec.c (ec_mod_25519): Remove.
    (ec_p_init): Follow the removal of the MOD method.
    
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/mpi/ec.c b/mpi/ec.c
index 06536be..a47e223 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -380,12 +380,6 @@ mpih_set_cond (mpi_ptr_t wp, mpi_ptr_t up, mpi_size_t usize, unsigned long set)
 
 /* Routines for 2^255 - 19.  */
 
-static void
-ec_mod_25519 (gcry_mpi_t w, mpi_ec_t ec)
-{
-  _gcry_mpi_mod (w, w, ec->p);
-}
-
 #define LIMB_SIZE_25519 ((256+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB)
 
 static void
@@ -502,7 +496,6 @@ struct field_table {
   const char *p;
 
   /* computation routines for the field.  */
-  void (* mod) (gcry_mpi_t w, mpi_ec_t ctx);
   void (* addm) (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx);
   void (* subm) (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx);
   void (* mulm) (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx);
@@ -513,14 +506,13 @@ struct field_table {
 static const struct field_table field_table[] = {
   {
     "0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED",
-    ec_mod_25519,
     ec_addm_25519,
     ec_subm_25519,
     ec_mulm_25519,
     ec_mul2_25519,
     ec_pow2_25519
   },
-  { NULL, NULL, NULL, NULL, NULL, NULL, NULL },
+  { NULL, NULL, NULL, NULL, NULL, NULL },
 };
 

 /* Force recomputation of all helper variables.  */
@@ -639,7 +631,6 @@ ec_p_init (mpi_ec_t ctx, enum gcry_mpi_ec_models model,
         ctx->t.scratch[i] = mpi_alloc_like (ctx->p);
     }
 
-  ctx->mod = ec_mod;
   ctx->addm = ec_addm;
   ctx->subm = ec_subm;
   ctx->mulm = ec_mulm;
@@ -657,7 +648,6 @@ ec_p_init (mpi_ec_t ctx, enum gcry_mpi_ec_models model,
 
       if (!mpi_cmp (p, f_p))
         {
-          ctx->mod = field_table[i].mod;
           ctx->addm = field_table[i].addm;
           ctx->subm = field_table[i].subm;
           ctx->mulm = field_table[i].mulm;
diff --git a/src/ec-context.h b/src/ec-context.h
index 18b26a5..e48ef6f 100644
--- a/src/ec-context.h
+++ b/src/ec-context.h
@@ -68,7 +68,6 @@ struct mpi_ec_ctx_s
   } t;
 
   /* Curve specific computation routines for the field.  */
-  void (* mod) (gcry_mpi_t w, mpi_ec_t ec);
   void (* addm) (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx);
   void (* subm) (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ec);
   void (* mulm) (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx);

commit e9be23c4ad9f42c9d3198c706f912b7e27f574bc
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Wed Aug 23 11:11:17 2017 +0900

    ecc: Relax condition for 25519 computations.
    
    * mpi/ec.c (ec_addm_25519, ec_subm_25519, ec_mulm_25519): Check number
    of limbs, allocated more is OK.
    
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/mpi/ec.c b/mpi/ec.c
index b0eed97..06536be 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -396,7 +396,7 @@ ec_addm_25519 (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx)
   mpi_limb_t n[LIMB_SIZE_25519];
   mpi_limb_t borrow;
 
-  if (w->alloced != wsize || u->alloced != wsize || v->alloced != wsize)
+  if (w->nlimbs != wsize || u->nlimbs != wsize || v->nlimbs != wsize)
     log_bug ("addm_25519: different sizes\n");
 
   memset (n, 0, sizeof n);
@@ -419,7 +419,7 @@ ec_subm_25519 (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx)
   mpi_limb_t n[LIMB_SIZE_25519];
   mpi_limb_t borrow;
 
-  if (w->alloced != wsize || u->alloced != wsize || v->alloced != wsize)
+  if (w->nlimbs != wsize || u->nlimbs != wsize || v->nlimbs != wsize)
     log_bug ("subm_25519: different sizes\n");
 
   memset (n, 0, sizeof n);
@@ -444,7 +444,7 @@ ec_mulm_25519 (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx)
   int msb;
 
   (void)ctx;
-  if (w->alloced != wsize || u->alloced != wsize || v->alloced != wsize)
+  if (w->nlimbs != wsize || u->nlimbs != wsize || v->nlimbs != wsize)
     log_bug ("mulm_25519: different sizes\n");
 
   up = u->d;

commit 449459a2770d3aecb1f36502bf1903e0cbd2873e
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Wed Aug 23 10:22:21 2017 +0900

    ecc: Fix ec_mulm_25519.
    
    * mpi/ec.c (ec_mulm_25519): Fix the cases of 0 to 18.
    
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/mpi/ec.c b/mpi/ec.c
index d51be20..b0eed97 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -479,6 +479,11 @@ ec_mulm_25519 (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx)
   m[0] = (cy * 2 + msb) * 19;
   _gcry_mpih_add_n (wp, wp, m, wsize);
   wp[LIMB_SIZE_25519-1] &= ~(1UL << (255 % BITS_PER_MPI_LIMB));
+
+  m[0] = 0;
+  cy = _gcry_mpih_sub_n (wp, wp, ctx->p->d, wsize);
+  mpih_set_cond (m, ctx->p->d, wsize, (cy != 0UL));
+  _gcry_mpih_add_n (wp, wp, m, wsize);
 }
 
 static void

commit 9ed0fb37bd637d1a2e9498c24097cfeadec682ec
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Wed Aug 23 08:48:53 2017 +0900

    ecc: field specific routines for 25519.
    
    * mpi/ec.c (point_resize): Improve for X25519.
    (mpih_set_cond): New.
    (ec_mod_25519, ec_addm_25519, ec_subm_25519, ec_mulm_25519)
    (ec_mul2_25519, ec_pow2_25519): New.
    (ec_p_init): Fill by FIELD_TABLE.
    
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/mpi/ec.c b/mpi/ec.c
index 74ee11d..d51be20 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -156,17 +156,29 @@ _gcry_mpi_point_copy (gcry_mpi_point_t point)
 static void
 point_resize (mpi_point_t p, mpi_ec_t ctx)
 {
-  /*
-   * For now, we allocate enough limbs for our EC computation of ec_*.
-   * Once we will improve ec_* to be constant size (and constant
-   * time), NLIMBS can be ctx->p->nlimbs.
-   */
-  size_t nlimbs = 2*ctx->p->nlimbs+1;
-
-  mpi_resize (p->x, nlimbs);
-  if (ctx->model != MPI_EC_MONTGOMERY)
-    mpi_resize (p->y, nlimbs);
-  mpi_resize (p->z, nlimbs);
+  size_t nlimbs;
+
+  if (ctx->model == MPI_EC_MONTGOMERY)
+    {
+      nlimbs = ctx->p->nlimbs;
+
+      mpi_resize (p->x, nlimbs);
+      mpi_resize (p->z, nlimbs);
+      p->x->nlimbs = nlimbs;
+      p->z->nlimbs = nlimbs;
+    }
+  else
+    {
+      /*
+       * For now, we allocate enough limbs for our EC computation of ec_*.
+       * Once we will improve ec_* to be constant size (and constant
+       * time), NLIMBS can be ctx->p->nlimbs.
+       */
+      nlimbs = 2*ctx->p->nlimbs+1;
+      mpi_resize (p->x, nlimbs);
+      mpi_resize (p->y, nlimbs);
+      mpi_resize (p->z, nlimbs);
+    }
 }
 
 
@@ -351,8 +363,161 @@ ec_invm (gcry_mpi_t x, gcry_mpi_t a, mpi_ec_t ctx)
       log_mpidump ("  p", ctx->p);
     }
 }
+

+static void
+mpih_set_cond (mpi_ptr_t wp, mpi_ptr_t up, mpi_size_t usize, unsigned long set)
+{
+  mpi_size_t i;
+  mpi_limb_t mask = ((mpi_limb_t)0) - set;
+  mpi_limb_t x;
+
+  for (i = 0; i < usize; i++)
+    {
+      x = mask & (wp[i] ^ up[i]);
+      wp[i] = wp[i] ^ x;
+    }
+}
+
+/* Routines for 2^255 - 19.  */
+
+static void
+ec_mod_25519 (gcry_mpi_t w, mpi_ec_t ec)
+{
+  _gcry_mpi_mod (w, w, ec->p);
+}
+
+#define LIMB_SIZE_25519 ((256+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB)
+
+static void
+ec_addm_25519 (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx)
+{
+  mpi_ptr_t wp, up, vp;
+  mpi_size_t wsize = LIMB_SIZE_25519;
+  mpi_limb_t n[LIMB_SIZE_25519];
+  mpi_limb_t borrow;
+
+  if (w->alloced != wsize || u->alloced != wsize || v->alloced != wsize)
+    log_bug ("addm_25519: different sizes\n");
+
+  memset (n, 0, sizeof n);
+  up = u->d;
+  vp = v->d;
+  wp = w->d;
+
+  _gcry_mpih_add_n (wp, up, vp, wsize);
+  borrow = _gcry_mpih_sub_n (wp, wp, ctx->p->d, wsize);
+  mpih_set_cond (n, ctx->p->d, wsize, (borrow != 0UL));
+  _gcry_mpih_add_n (wp, wp, n, wsize);
+  wp[LIMB_SIZE_25519-1] &= ~(1UL << (255 % BITS_PER_MPI_LIMB));
+}
+
+static void
+ec_subm_25519 (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx)
+{
+  mpi_ptr_t wp, up, vp;
+  mpi_size_t wsize = LIMB_SIZE_25519;
+  mpi_limb_t n[LIMB_SIZE_25519];
+  mpi_limb_t borrow;
+
+  if (w->alloced != wsize || u->alloced != wsize || v->alloced != wsize)
+    log_bug ("subm_25519: different sizes\n");
+
+  memset (n, 0, sizeof n);
+  up = u->d;
+  vp = v->d;
+  wp = w->d;
+
+  borrow = _gcry_mpih_sub_n (wp, up, vp, wsize);
+  mpih_set_cond (n, ctx->p->d, wsize, (borrow != 0UL));
+  _gcry_mpih_add_n (wp, wp, n, wsize);
+  wp[LIMB_SIZE_25519-1] &= ~(1UL << (255 % BITS_PER_MPI_LIMB));
+}
 
+static void
+ec_mulm_25519 (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx)
+{
+  mpi_ptr_t wp, up, vp;
+  mpi_size_t wsize = LIMB_SIZE_25519;
+  mpi_limb_t n[LIMB_SIZE_25519*2];
+  mpi_limb_t m[LIMB_SIZE_25519+1];
+  mpi_limb_t cy;
+  int msb;
+
+  (void)ctx;
+  if (w->alloced != wsize || u->alloced != wsize || v->alloced != wsize)
+    log_bug ("mulm_25519: different sizes\n");
+
+  up = u->d;
+  vp = v->d;
+  wp = w->d;
+
+  _gcry_mpih_mul_n (n, up, vp, wsize);
+  memcpy (wp, n, wsize * BYTES_PER_MPI_LIMB);
+  wp[LIMB_SIZE_25519-1] &= ~(1UL << (255 % BITS_PER_MPI_LIMB));
+
+  memcpy (m, n+LIMB_SIZE_25519-1, (wsize+1) * BYTES_PER_MPI_LIMB);
+  _gcry_mpih_rshift (m, m, LIMB_SIZE_25519+1, (255 % BITS_PER_MPI_LIMB));
+
+  memcpy (n, m, wsize * BYTES_PER_MPI_LIMB);
+  cy = _gcry_mpih_lshift (m, m, LIMB_SIZE_25519, 4);
+  m[LIMB_SIZE_25519] = cy;
+  cy = _gcry_mpih_add_n (m, m, n, wsize);
+  m[LIMB_SIZE_25519] += cy;
+  cy = _gcry_mpih_add_n (m, m, n, wsize);
+  m[LIMB_SIZE_25519] += cy;
+  cy = _gcry_mpih_add_n (m, m, n, wsize);
+  m[LIMB_SIZE_25519] += cy;
+
+  cy = _gcry_mpih_add_n (wp, wp, m, wsize);
+  m[LIMB_SIZE_25519] += cy;
+
+  memset (m, 0, wsize * BYTES_PER_MPI_LIMB);
+  m[0] = m[LIMB_SIZE_25519] * 2 * 19;
+  cy = _gcry_mpih_add_n (wp, wp, m, wsize);
+
+  msb = (wp[LIMB_SIZE_25519-1] >> (255 % BITS_PER_MPI_LIMB));
+  m[0] = (cy * 2 + msb) * 19;
+  _gcry_mpih_add_n (wp, wp, m, wsize);
+  wp[LIMB_SIZE_25519-1] &= ~(1UL << (255 % BITS_PER_MPI_LIMB));
+}
 
+static void
+ec_mul2_25519 (gcry_mpi_t w, gcry_mpi_t u, mpi_ec_t ctx)
+{
+  ec_addm_25519 (w, u, u, ctx);
+}
+
+static void
+ec_pow2_25519 (gcry_mpi_t w, const gcry_mpi_t b, mpi_ec_t ctx)
+{
+  ec_mulm_25519 (w, b, b, ctx);
+}
+
+struct field_table {
+  const char *p;
+
+  /* computation routines for the field.  */
+  void (* mod) (gcry_mpi_t w, mpi_ec_t ctx);
+  void (* addm) (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx);
+  void (* subm) (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx);
+  void (* mulm) (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx);
+  void (* mul2) (gcry_mpi_t w, gcry_mpi_t u, mpi_ec_t ctx);
+  void (* pow2) (gcry_mpi_t w, const gcry_mpi_t b, mpi_ec_t ctx);
+};
+
+static const struct field_table field_table[] = {
+  {
+    "0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED",
+    ec_mod_25519,
+    ec_addm_25519,
+    ec_subm_25519,
+    ec_mulm_25519,
+    ec_mul2_25519,
+    ec_pow2_25519
+  },
+  { NULL, NULL, NULL, NULL, NULL, NULL, NULL },
+};
+

 /* Force recomputation of all helper variables.  */
 void
 _gcry_mpi_ec_get_reset (mpi_ec_t ec)
@@ -473,8 +638,35 @@ ec_p_init (mpi_ec_t ctx, enum gcry_mpi_ec_models model,
   ctx->addm = ec_addm;
   ctx->subm = ec_subm;
   ctx->mulm = ec_mulm;
-  ctx->pow2 = ec_pow2;
   ctx->mul2 = ec_mul2;
+  ctx->pow2 = ec_pow2;
+
+  for (i=0; field_table[i].p; i++)
+    {
+      gcry_mpi_t f_p;
+      gpg_err_code_t rc;
+
+      rc = _gcry_mpi_scan (&f_p, GCRYMPI_FMT_HEX, field_table[i].p, 0, NULL);
+      if (rc)
+        log_fatal ("scanning ECC parameter failed: %s\n", gpg_strerror (rc));
+
+      if (!mpi_cmp (p, f_p))
+        {
+          ctx->mod = field_table[i].mod;
+          ctx->addm = field_table[i].addm;
+          ctx->subm = field_table[i].subm;
+          ctx->mulm = field_table[i].mulm;
+          ctx->mul2 = field_table[i].mul2;
+          ctx->pow2 = field_table[i].pow2;
+          _gcry_mpi_release (f_p);
+
+          mpi_resize (ctx->a, ctx->p->nlimbs);
+          ctx->a->nlimbs = ctx->p->nlimbs;
+          break;
+        }
+
+      _gcry_mpi_release (f_p);
+    }
 
   /* Prepare for fast reduction.  */
   /* FIXME: need a test for NIST values.  However it does not gain us
@@ -1365,6 +1557,7 @@ _gcry_mpi_ec_mul_point (mpi_point_t result,
       mpi_point_struct p1_, p2_;
       mpi_point_t q1, q2, prd, sum;
       unsigned long sw;
+      mpi_size_t rsize;
 
       /* Compute scalar point multiplication with Montgomery Ladder.
          Note that we don't use Y-coordinate in the points at all.
@@ -1385,6 +1578,9 @@ _gcry_mpi_ec_mul_point (mpi_point_t result,
       point_resize (&p1_, ctx);
       point_resize (&p2_, ctx);
 
+      mpi_resize (point->x, ctx->p->nlimbs);
+      point->x->nlimbs = ctx->p->nlimbs;
+
       q1 = &p1;
       q2 = &p2;
       prd = &p1_;
@@ -1406,7 +1602,9 @@ _gcry_mpi_ec_mul_point (mpi_point_t result,
       sw = (nbits & 1);
       point_swap_cond (&p1, &p1_, sw, ctx);
 
-      if (p1.z->nlimbs == 0)
+      rsize = p1.z->nlimbs;
+      MPN_NORMALIZE (p1.z->d, rsize);
+      if (rsize == 0)
         {
           mpi_set_ui (result->x, 1);
           mpi_set_ui (result->z, 0);

commit d4cd381defe5b37dda19bbda0986bdd38065bd31
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Mon Aug 21 14:32:08 2017 +0900

    ecc: Add field specific computation methods.
    
    * src/ec-context.h (struct mpi_ec_ctx_s): Add methods.
    * mpi/ec.c (ec_p_init): Initialize the default methods.
    (montgomery_ladder): Use the methods.
    
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/mpi/ec.c b/mpi/ec.c
index 4c16603..74ee11d 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -469,6 +469,13 @@ ec_p_init (mpi_ec_t ctx, enum gcry_mpi_ec_models model,
         ctx->t.scratch[i] = mpi_alloc_like (ctx->p);
     }
 
+  ctx->mod = ec_mod;
+  ctx->addm = ec_addm;
+  ctx->subm = ec_subm;
+  ctx->mulm = ec_mulm;
+  ctx->pow2 = ec_pow2;
+  ctx->mul2 = ec_mul2;
+
   /* Prepare for fast reduction.  */
   /* FIXME: need a test for NIST values.  However it does not gain us
      any real advantage, for 384 bits it is actually slower than using
@@ -1177,24 +1184,24 @@ montgomery_ladder (mpi_point_t prd, mpi_point_t sum,
                    mpi_point_t p1, mpi_point_t p2, gcry_mpi_t dif_x,
                    mpi_ec_t ctx)
 {
-  ec_addm (sum->x, p2->x, p2->z, ctx);
-  ec_subm (p2->z, p2->x, p2->z, ctx);
-  ec_addm (prd->x, p1->x, p1->z, ctx);
-  ec_subm (p1->z, p1->x, p1->z, ctx);
-  ec_mulm (p2->x, p1->z, sum->x, ctx);
-  ec_mulm (p2->z, prd->x, p2->z, ctx);
-  ec_pow2 (p1->x, prd->x, ctx);
-  ec_pow2 (p1->z, p1->z, ctx);
-  ec_addm (sum->x, p2->x, p2->z, ctx);
-  ec_subm (p2->z, p2->x, p2->z, ctx);
-  ec_mulm (prd->x, p1->x, p1->z, ctx);
-  ec_subm (p1->z, p1->x, p1->z, ctx);
-  ec_pow2 (sum->x, sum->x, ctx);
-  ec_pow2 (sum->z, p2->z, ctx);
-  ec_mulm (prd->z, p1->z, ctx->a, ctx); /* CTX->A: (a-2)/4 */
-  ec_mulm (sum->z, sum->z, dif_x, ctx);
-  ec_addm (prd->z, p1->x, prd->z, ctx);
-  ec_mulm (prd->z, prd->z, p1->z, ctx);
+  ctx->addm (sum->x, p2->x, p2->z, ctx);
+  ctx->subm (p2->z, p2->x, p2->z, ctx);
+  ctx->addm (prd->x, p1->x, p1->z, ctx);
+  ctx->subm (p1->z, p1->x, p1->z, ctx);
+  ctx->mulm (p2->x, p1->z, sum->x, ctx);
+  ctx->mulm (p2->z, prd->x, p2->z, ctx);
+  ctx->pow2 (p1->x, prd->x, ctx);
+  ctx->pow2 (p1->z, p1->z, ctx);
+  ctx->addm (sum->x, p2->x, p2->z, ctx);
+  ctx->subm (p2->z, p2->x, p2->z, ctx);
+  ctx->mulm (prd->x, p1->x, p1->z, ctx);
+  ctx->subm (p1->z, p1->x, p1->z, ctx);
+  ctx->pow2 (sum->x, sum->x, ctx);
+  ctx->pow2 (sum->z, p2->z, ctx);
+  ctx->mulm (prd->z, p1->z, ctx->a, ctx); /* CTX->A: (a-2)/4 */
+  ctx->mulm (sum->z, sum->z, dif_x, ctx);
+  ctx->addm (prd->z, p1->x, prd->z, ctx);
+  ctx->mulm (prd->z, prd->z, p1->z, ctx);
 }
 
 
diff --git a/src/ec-context.h b/src/ec-context.h
index d74fb69..18b26a5 100644
--- a/src/ec-context.h
+++ b/src/ec-context.h
@@ -66,6 +66,14 @@ struct mpi_ec_ctx_s
     /*   gcry_mpi_t s[10]; */
     /*   gcry_mpi_t c; */
   } t;
+
+  /* Curve specific computation routines for the field.  */
+  void (* mod) (gcry_mpi_t w, mpi_ec_t ec);
+  void (* addm) (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx);
+  void (* subm) (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ec);
+  void (* mulm) (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx);
+  void (* pow2) (gcry_mpi_t w, const gcry_mpi_t b, mpi_ec_t ctx);
+  void (* mul2) (gcry_mpi_t w, gcry_mpi_t u, mpi_ec_t ctx);
 };
 
 

-----------------------------------------------------------------------

Summary of changes:
 cipher/Makefile.am  |   2 +-
 cipher/ecc-curves.c |  17 ++-
 mpi/ec.c            | 369 +++++++++++++++++++++++++++++++++++++++++-----------
 src/ec-context.h    |   7 +
 4 files changed, 315 insertions(+), 80 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Aug 29 03:36:15 2017
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Tue, 29 Aug 2017 03:36:15 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.8.1-11-gdb3a8d6
Message-ID: <E1dmVRv-0003oe-6D@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  db3a8d6890fb4a6436e082b49378c0bd891563ca (commit)
      from  1d5f726668b9cc32d6bb601f2329987058146c6c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit db3a8d6890fb4a6436e082b49378c0bd891563ca
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Tue Aug 29 10:33:08 2017 +0900

    ecc: Fix scratch MPI.
    
    * mpi/ec.c (ec_p_init): Check if scratch MPI is allocated.
    
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/mpi/ec.c b/mpi/ec.c
index 88e2fab..ca293ca 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -647,7 +647,7 @@ ec_p_init (mpi_ec_t ctx, enum gcry_mpi_ec_models model,
           mpi_resize (ctx->b, ctx->p->nlimbs);
           ctx->b->nlimbs = ctx->p->nlimbs;
 
-          for (i=0; i< DIM(ctx->t.scratch); i++)
+          for (i=0; i< DIM(ctx->t.scratch) && ctx->t.scratch[i]; i++)
             ctx->t.scratch[i]->nlimbs = ctx->p->nlimbs;
 
           break;

-----------------------------------------------------------------------

Summary of changes:
 mpi/ec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Aug 29 07:40:48 2017
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Tue, 29 Aug 2017 07:40:48 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.2.0-2-gff7ccd2
Message-ID: <E1dmZGa-0005Zt-PG@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  ff7ccd284c327a5b1c89603f157089177dac9d13 (commit)
      from  82d9a201dd7c85b1f27528fece5cc77b2555442b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ff7ccd284c327a5b1c89603f157089177dac9d13
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Tue Aug 29 14:35:47 2017 +0900

    scd: Fix for large ECC keys.
    
    * scd/app-openpgp.c (do_decipher): Support larger length.
    
    --
    
    Reported-by: Achim Pietig <achim at pietig.com>
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index f9d07ac..6fcec3e 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -4575,19 +4575,43 @@ do_decipher (app_t app, const char *keyidstr,
             }
         }
 
-      fixuplen = 7;
+      n = 0;
+      if (indatalen < 128)
+        fixuplen = 7;
+      else
+        fixuplen = 10;
+
       fixbuf = xtrymalloc (fixuplen + indatalen);
       if (!fixbuf)
         return gpg_error_from_syserror ();
 
       /* Build 'Cipher DO' */
-      fixbuf[0] = '\xa6';
-      fixbuf[1] = (char)(indatalen+5);
-      fixbuf[2] = '\x7f';
-      fixbuf[3] = '\x49';
-      fixbuf[4] = (char)(indatalen+2);
-      fixbuf[5] = '\x86';
-      fixbuf[6] = (char)indatalen;
+      fixbuf[n++] = '\xa6';
+      if (indatalen < 128)
+        fixbuf[n++] = (char)(indatalen+5);
+      else
+        {
+          fixbuf[n++] = 0x81;
+          fixbuf[n++] = (char)(indatalen+7);
+        }
+      fixbuf[n++] = '\x7f';
+      fixbuf[n++] = '\x49';
+      if (indatalen < 128)
+        fixbuf[n++] = (char)(indatalen+2);
+      else
+        {
+          fixbuf[n++] = 0x81;
+          fixbuf[n++] = (char)(indatalen+3);
+        }
+      fixbuf[n++] = '\x86';
+      if (indatalen < 128)
+        fixbuf[n++] = (char)indatalen;
+      else
+        {
+          fixbuf[n++] = 0x81;
+          fixbuf[n++] = (char)indatalen;
+        }
+
       if (old_format_len)
         {
           memset (fixbuf+fixuplen, 0, 32 - old_format_len);

-----------------------------------------------------------------------

Summary of changes:
 scd/app-openpgp.c | 40 ++++++++++++++++++++++++++++++++--------
 1 file changed, 32 insertions(+), 8 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Aug 29 09:13:48 2017
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Tue, 29 Aug 2017 09:13:48 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.8.1-14-ge4dc458
Message-ID: <E1dmaib-0006TZ-6L@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  e4dc458b0b7dc9b8417a2177ef17822d9b9064ec (commit)
       via  8126a6717c80d4fc1766d7f975e872bee2f9f203 (commit)
       via  a848ef44470a524c05624afb54b92cf25595acd2 (commit)
      from  db3a8d6890fb4a6436e082b49378c0bd891563ca (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e4dc458b0b7dc9b8417a2177ef17822d9b9064ec
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Tue Aug 29 16:11:42 2017 +0900

    Tweak GCC version check.
    
    * src/global.c (_gcry_vcontrol): It's GCC 4.2 which started to support
    diagnostic pragma.
    
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/src/global.c b/src/global.c
index 4e2e274..ad9ab1d 100644
--- a/src/global.c
+++ b/src/global.c
@@ -705,7 +705,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
       rc = _gcry_fips_run_selftests (1);
       break;
 
-#if _GCRY_GCC_VERSION >= 40600
+#if _GCRY_GCC_VERSION >= 40200
 # pragma GCC diagnostic push
 # pragma GCC diagnostic ignored "-Wswitch"
 #endif
@@ -733,7 +733,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
     case PRIV_CTL_DUMP_SECMEM_STATS:
       _gcry_secmem_dump_stats (1);
       break;
-#if _GCRY_GCC_VERSION >= 40600
+#if _GCRY_GCC_VERSION >= 40200
 # pragma GCC diagnostic pop
 #endif
 

commit 8126a6717c80d4fc1766d7f975e872bee2f9f203
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Tue Aug 29 16:10:54 2017 +0900

    random: Fix warnings on Windows.
    
    * random/random-csprng.c (lock_seed_file): Vars with no use.
    
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/random/random-csprng.c b/random/random-csprng.c
index 8cb35e7..b06810a 100644
--- a/random/random-csprng.c
+++ b/random/random-csprng.c
@@ -704,6 +704,10 @@ lock_seed_file (int fd, const char *fname, int for_write)
       if (backoff < 10)
         backoff++ ;
     }
+#else
+  (void)fd;
+  (void)fname;
+  (void)for_write;
 #endif /*!LOCK_SEED_FILE*/
   return 0;
 }

commit a848ef44470a524c05624afb54b92cf25595acd2
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Tue Aug 29 16:09:39 2017 +0900

    tests: Fix warnings on Windows.
    
    * tests/fipsdrv.c (print_dsa_domain_parameters, print_ecdsa_dq): Fix.
    
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/tests/fipsdrv.c b/tests/fipsdrv.c
index f9d9c45..71554e2 100644
--- a/tests/fipsdrv.c
+++ b/tests/fipsdrv.c
@@ -1835,7 +1835,7 @@ print_dsa_domain_parameters (gcry_sexp_t key)
   /* Extract the parameters from the S-expression and print them to stdout.  */
   for (idx=0; "pqg"[idx]; idx++)
     {
-      l2 = gcry_sexp_find_token (l1, "pqg"+idx, 1);
+      l2 = gcry_sexp_find_token (l1, &"pqg"[idx], 1);
       if (!l2)
         die ("no %c parameter in returned public key\n", "pqg"[idx]);
       mpi = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
@@ -1923,7 +1923,7 @@ print_ecdsa_dq (gcry_sexp_t key)
   /* Extract the parameters from the S-expression and print them to stdout.  */
   for (idx=0; "dq"[idx]; idx++)
     {
-      l2 = gcry_sexp_find_token (l1, "dq"+idx, 1);
+      l2 = gcry_sexp_find_token (l1, &"dq"[idx], 1);
       if (!l2)
         die ("no %c parameter in returned public key\n", "dq"[idx]);
       mpi = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);

-----------------------------------------------------------------------

Summary of changes:
 random/random-csprng.c | 4 ++++
 src/global.c           | 4 ++--
 tests/fipsdrv.c        | 4 ++--
 3 files changed, 8 insertions(+), 4 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Aug 31 16:02:18 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 31 Aug 2017 16:02:18 +0200
Subject: [git] gnupg-doc - branch, master,
 updated. dca25cfbfa3e80fed891a98929734b6dbb80d1cb
Message-ID: <E1dnQ31-0002ja-DT@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, master has been updated
       via  dca25cfbfa3e80fed891a98929734b6dbb80d1cb (commit)
      from  2d68f648fbe95021ea090df64a7d3902a516dc0d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit dca25cfbfa3e80fed891a98929734b6dbb80d1cb
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Aug 31 15:58:12 2017 +0200

    web: Announce Libgcrypt 1.7.9 and 1.8.1

diff --git a/web/index.org b/web/index.org
index b8b16f9..bf1cdd1 100644
--- a/web/index.org
+++ b/web/index.org
@@ -66,6 +66,13 @@ The latest release news:\\
 # GnuPG's latest news are available as [[http://feedvalidator.org/check.cgi?url%3Dhttps://www.gnupg.org/news.en.rss][RSS 2.0 compliant]] feed.  Just
 # point or paste the [[news.en.rss][RSS file]] into your aggregator.
 
+** Libgcrypt 1.8.1 released (2017-08-31)                          :important:
+
+We are pleased to announce the availability of [[file:software/libgcrypt/index.org][Libgcrypt]] version 1.8.1
+and 1.7.9.  These releases fix a local side-channel attack on
+Curve25519 encryption dubbed "May the Fourth be With You"
+[CVE-2017-0379].  Read {[[https://lists.gnupg.org/pipermail/gnupg-announce/2017q3/000414.html][more]]}...
+
 ** GnuPG 2.2.0 released (2017-08-28)
 
 The GnuPG team is pleased to announce the availability of a new

-----------------------------------------------------------------------

Summary of changes:
 web/index.org | 7 +++++++
 1 file changed, 7 insertions(+)


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Aug 31 19:11:49 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 31 Aug 2017 19:11:49 +0200
Subject: [git] gnupg-doc - branch, master,
 updated. 5f7892bc53e103f27625e5f5269502f5544335ca
Message-ID: <E1dnT0P-0002bg-Nm@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, master has been updated
       via  5f7892bc53e103f27625e5f5269502f5544335ca (commit)
      from  dca25cfbfa3e80fed891a98929734b6dbb80d1cb (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 5f7892bc53e103f27625e5f5269502f5544335ca
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Aug 31 19:08:13 2017 +0200

    web: Remove the main campaign video

diff --git a/web/donate/index.de.org b/web/donate/index.de.org
index 84891ad..8145614 100644
--- a/web/donate/index.de.org
+++ b/web/donate/index.de.org
@@ -97,19 +97,6 @@
 	<div class="col-lg-12 visible-lg-block">
 	  <h1>GnuPG Spendenkampagne</h1>
 	</div>
-	<div class="col-xs-12 col-lg-8">
-	  <div class="embed-responsive embed-responsive-16by9 camp-video" data-embed="main">
-	    <img src="/share/campaign/img/thumbs/main.jpg">
-	    <div class="play-button"></div>
-	    <div class="video-text">Klicken um das Video zu starten
-              <noscript><br />
-                <span style="font-size: 60%"
-                      >(erfordert JavaScript von YouTube).
-                </span>
-              </noscript>
-            </div>
-          </div>
-	</div>
 
 	<div class="col-xs-12 hidden-lg">
 	  <h1>GnuPG Spendenkampagne</h1>
@@ -1717,102 +1704,6 @@ src="https://www.gnupg.org/ftp/media/openpgp.conf/2016/gnupg-team-smaller.jpg"
     </div>
     <!-- End of testimonials.  -->
 
-    <div id="team" class="camp-gutter container">
-      <div class="row">
-	<div class="col-xs-12">
-	  <h2>Wer wir sind</h2>
-	</div>
-      </div>
-
-      <div class="row">
-	<!-- Werner -->
-	<div class="camp-who col-md-6">
-	  <div class="media">
-	    <div class="media-left">
-	      <img class="media-object" src="/share/campaign/img/team/werner.jpg" alt="Bild von Werner">
-	    </div>
-	    <div class="media-body">
-	      <strong>Werner</strong> gr?ndete GnuPG im Jahr 1997.  Werner
-	      ist seit langem ein Unterst?tzer von Freier Software und
-	      ein Mitbegr?nder der FSFE.
-	    </div>
-	  </div>
-	</div>
-
-	<!-- Neal -->
-	<div class="camp-who col-md-6">
-	  <div class="media">
-	    <div class="media-left">
-	      <img class="media-object" src="/share/campaign/img/team/neal.jpg" alt="Bild von Neal">
-	    </div>
-	    <div class="media-body">
-	      <strong>Neal</strong> begann im Jahr 2015 an GnuPG zu
-	      arbeiten und unterst?tzt Wartung und Entwicklung in
-	      allen Gebieten.
-	    </div>
-	  </div>
-	</div>
-      </div>
-
-      <div class="row">
-	<!-- Justus -->
-	<div class="camp-who col-md-6">
-	  <div class="media">
-	    <div class="media-left">
-	      <img class="media-object" src="/share/campaign/img/team/justus.jpg" alt="Bild von Justus">
-	    </div>
-	    <div class="media-body">
-	      <strong>Justus</strong> begann im Jahr 2015 an GnuPG zu
-	      arbeiten und unterst?tzt Wartung und Entwicklung in
-	      allen Gebieten.
-	    </div>
-	  </div>
-	</div>
-
-	<!-- Marcus -->
-	<div class="camp-who col-md-6">
-	  <div class="media">
-	    <div class="media-left">
-	      <img class="media-object" src="/share/campaign/img/team/marcus.jpg" alt="Bild von Marcus">
-	    </div>
-	    <div class="media-body">
-	      <strong>Marcus</strong> hat im Zeitraum von 2001 bis
-	      2012 an GnuPG gearbeitet und ist seit 2017 wieder
-	      eingestiegen um GnuPG auf allen Gebieten zu
-	      unterst?tzen.
-	    </div>
-	  </div>
-	</div>
-      </div>
-
-      <div class="row">
-	<!-- Kai -->
-	<div class="camp-who col-md-6">
-	  <div class="media">
-	    <div class="media-left">
-	      <img class="media-object" src="/share/campaign/img/team/kai.jpg" alt="Bild von Kai">
-	    </div>
-	    <div class="media-body">
-	      <strong>Kai</strong> arbeitet seit dem Jahr 2015 an dem Enigmail Projekt.
-	    </div>
-	  </div>
-	</div>
-
-	<!-- Gniibe -->
-	<div class="camp-who col-md-6">
-	  <div class="media">
-	    <div class="media-left">
-	      <img class="media-object" src="/share/campaign/img/team/gniibe.jpg" alt="Bild von Niibe">
-	    </div>
-	    <div class="media-body">
-	      <strong>Niibe</strong> ist seit langem ein Hacker von
-	      Freier Software und kam im Jahr 2011 zu dem GnuPG
-	      Projekt um an Smart Cards und dem Gnuk Sicherheitstoken
-	      zu arbeiten.
-	    </div>
-	  </div>
-	</div>
-      </div>
       <div class="camp-final-pitch row">
 	<div class="col">
 	  <center>
diff --git a/web/donate/index.fr.org b/web/donate/index.fr.org
index 558214e..b8ccc16 100644
--- a/web/donate/index.fr.org
+++ b/web/donate/index.fr.org
@@ -94,19 +94,6 @@
 	<div class="col-lg-12 visible-lg-block">
 	  <h1>Campagne de financement pour GnuPG</h1>
 	</div>
-	<div class="col-xs-12 col-lg-8">
-	  <div class="embed-responsive embed-responsive-16by9 camp-video" data-embed="main">
-	    <img src="/share/campaign/img/thumbs/main.jpg">
-	    <div class="play-button"></div>
-	    <div class="video-text">Cliquez pour lancer la vid?o
-              <noscript><br />
-                <span style="font-size: 60%"
-                      >(n?cessite JavaScript depuis YouTube.)
-                </span>
-              </noscript>
-            </div>
-          </div>
-	</div>
 
 	<div class="col-xs-12 hidden-lg">
 	  <h1>Campagne de financement pour GnuPG</h1>
@@ -1630,101 +1617,6 @@ src="https://www.gnupg.org/ftp/media/openpgp.conf/2016/gnupg-team-smaller.jpg"
     </div>
     <!-- End of testimonials.  -->
 
-<div id="team" class="camp-gutter container">
-<div class="row">
-	<div class="col-xs-12">
-	  <h2>Qui nous sommes</h2>
-	</div>
-</div>
-
-<div class="row">
-	<!-- Werner -->
-	<div class="camp-who col-md-6">
-	  <div class="media">
-	    <div class="media-left">
-	      <img class="media-object" src="/share/campaign/img/team/werner.jpg" alt="Photo de Werner">
-	    </div>
-	    <div class="media-body">
-	      <strong>Werner</strong> a fond? GnuPG en 1997.  Werner
-	      milite pour le logiciel libre depuis longtemps, et est en
-	      particulier co-fondateur de la FSFE.
-	    </div>
-	  </div>
-	</div>
-
-	<!-- Neal -->
-	<div class="camp-who col-md-6">
-	  <div class="media">
-	    <div class="media-left">
-	      <img class="media-object" src="/share/campaign/img/team/neal.jpg" alt="Photo de Neal">
-	    </div>
-	    <div class="media-body">
-	      <strong>Neal</strong> travaille sur GnuPG depuis 2015,
-	      contribuant ? la maintenance et au d?veloppement de toutes les
-	      composantes du projet.
-	    </div>
-	  </div>
-	</div>
-</div>
-
-<div class="row">
-	<!-- Justus -->
-	<div class="camp-who col-md-6">
-	  <div class="media">
-	    <div class="media-left">
-	      <img class="media-object" src="/share/campaign/img/team/justus.jpg" alt="Photo de Justus">
-	    </div>
-	    <div class="media-body">
-	      <strong>Justus</strong> travaille sur GnuPG depuis 2015,
-	      contribuant ? la maintenance et au d?veloppement de toutes les
-	      composantes du projet.
-	    </div>
-	  </div>
-	</div>
-
-	<!-- Marcus -->
-	<div class="camp-who col-md-6">
-	  <div class="media">
-	    <div class="media-left">
-	      <img class="media-object" src="/share/campaign/img/team/marcus.jpg" alt="Photo de Marcus">
-	    </div>
-	    <div class="media-body">
-	      <strong>Marcus</strong> a travaill? sur GnuPG entre 2001 et
-	      2012, puis de nouveau depuis 2017 pour contribuer ?
-	      la maintenance et au d?veloppement de toutes les
-	      composantes du projet.
-	    </div>
-	  </div>
-	</div>
-</div>
-
-<div class="row">
-	<!-- Kai -->
-	<div class="camp-who col-md-6">
-	  <div class="media">
-	    <div class="media-left">
-	      <img class="media-object" src="/share/campaign/img/team/kai.jpg" alt="Photo de Kai">
-	    </div>
-	    <div class="media-body">
-	      <strong>Kai</strong> travaille sur le projet Enigmail depuis 2015.
-	    </div>
-	  </div>
-	</div>
-
-	<!-- Gniibe -->
-	<div class="camp-who col-md-6">
-	  <div class="media">
-	    <div class="media-left">
-	      <img class="media-object" src="/share/campaign/img/team/gniibe.jpg" alt="Photo de Niibe">
-	    </div>
-	    <div class="media-body">
-	      <strong>Niibe</strong> est un militant du logiciel libre
-	      qui a rejoint le projet GnuPG en 2011 pour travailler sur les
-	      cartes ? puce et le jeton de s?curit? Gnuk.
-	    </div>
-	  </div>
-	</div>
-</div>
 
 <div class="camp-final-pitch row">
   <div class="col">
diff --git a/web/donate/index.ja.org b/web/donate/index.ja.org
index ca4f793..7912562 100644
--- a/web/donate/index.ja.org
+++ b/web/donate/index.ja.org
@@ -94,19 +94,6 @@
 	<div class="col-lg-12 visible-lg-block">
 	  <h1>GnuPG ?????????</h1>
 	</div>
-	<div class="col-xs-12 col-lg-8">
-	  <div class="embed-responsive embed-responsive-16by9 camp-video" data-embed="main">
-	    <img src="/share/campaign/img/thumbs/main.jpg">
-	    <div class="play-button"></div>
-	    <div class="video-text">?????????????
-              <noscript><br />
-                <span style="font-size: 60%"
-                      >(YouTube???JavaScript?????????)
-                </span>
-              </noscript>
-            </div>
-          </div>
-	</div>
 
 	<div class="col-xs-12 hidden-lg">
 	  <h1>GnuPG ?????????</h1>
@@ -1405,94 +1392,6 @@ src="https://www.gnupg.org/ftp/media/openpgp.conf/2016/gnupg-team-smaller.jpg"
     </div>
     <!-- End of testimonials.  -->
 
-<div id="team" class="camp-gutter container">
-<div class="row">
-	<div class="col-xs-12">
-	  <h2>???????</h2>
-	</div>
-</div>
-
-<div class="row">
-	<!-- Werner -->
-	<div class="camp-who col-md-6">
-	  <div class="media">
-	    <div class="media-left">
-	      <img class="media-object" src="/share/campaign/img/team/werner.jpg" alt="Picture of Werner">
-	    </div>
-	    <div class="media-body">
-	      <strong>Werner</strong>?1997??GnuPG???????
-	      Werner??????????????????FSFE??????????
-	    </div>
-	  </div>
-	</div>
-
-	<!-- Neal -->
-	<div class="camp-who col-md-6">
-	  <div class="media">
-	    <div class="media-left">
-	      <img class="media-object" src="/share/campaign/img/team/neal.jpg" alt="Picture of Neal">
-	    </div>
-	    <div class="media-body">
-	      <strong>Neal</strong>?2015??GnuPG??????????????????????????????????
-	    </div>
-	  </div>
-	</div>
-</div>
-
-<div class="row">
-	<!-- Justus -->
-	<div class="camp-who col-md-6">
-	  <div class="media">
-	    <div class="media-left">
-	      <img class="media-object" src="/share/campaign/img/team/justus.jpg" alt="Picture of Justus">
-	    </div>
-	    <div class="media-body">
-	      <strong>Justus</strong>?2015??GnuPG??????????????????????????????????
-	    </div>
-	  </div>
-	</div>
-
-	<!-- Marcus -->
-	<div class="camp-who col-md-6">
-	  <div class="media">
-	    <div class="media-left">
-	      <img class="media-object" src="/share/campaign/img/team/marcus.jpg" alt="Picture of Marcus">
-	    </div>
-	    <div class="media-body">
-	      <strong>Marcus</strong>?2001???2012??GnuPG????????????
-	      2017?????????????????????????
-	    </div>
-	  </div>
-	</div>
-</div>
-
-<div class="row">
-	<!-- Kai -->
-	<div class="camp-who col-md-6">
-	  <div class="media">
-	    <div class="media-left">
-	      <img class="media-object" src="/share/campaign/img/team/kai.jpg" alt="Picture of Kai">
-	    </div>
-	    <div class="media-body">
-	      <strong>Kai</strong>?2015???Enigmail???????????????
-	    </div>
-	  </div>
-	</div>
-
-	<!-- Gniibe -->
-	<div class="camp-who col-md-6">
-	  <div class="media">
-	    <div class="media-left">
-	      <img class="media-object" src="/share/campaign/img/team/gniibe.jpg" alt="Picture of Niibe">
-	    </div>
-	    <div class="media-body">
-	      <strong>g??</strong>?????????????????
-	      GnuPG???????2011????????????????Gnuk????????????????
-	    </div>
-	  </div>
-	</div>
-</div>
-
 <div class="camp-final-pitch row">
   <div class="col">
       <center>
diff --git a/web/donate/index.org b/web/donate/index.org
index 9502892..a7b47df 100644
--- a/web/donate/index.org
+++ b/web/donate/index.org
@@ -99,19 +99,6 @@
 	<div class="col-lg-12 visible-lg-block">
 	  <h1>GnuPG Fundraising Rally</h1>
 	</div>
-	<div class="col-xs-12 col-lg-8">
-	  <div class="embed-responsive embed-responsive-16by9 camp-video" data-embed="main">
-	    <img src="/share/campaign/img/thumbs/main.jpg">
-	    <div class="play-button"></div>
-	    <div class="video-text">Click to start the video
-              <noscript><br />
-                <span style="font-size: 60%"
-                      >(requires JavaScript from YouTube.)
-                </span>
-              </noscript>
-            </div>
-          </div>
-	</div>
 
 	<div class="col-xs-12 hidden-lg">
 	  <h1>GnuPG Fundraising Rally</h1>
@@ -1617,98 +1604,6 @@ src="https://www.gnupg.org/ftp/media/openpgp.conf/2016/gnupg-team-smaller.jpg"
     </div>
     <!-- End of testimonials.  -->
 
-<div id="team" class="camp-gutter container">
-<div class="row">
-	<div class="col-xs-12">
-	  <h2>Who we are</h2>
-	</div>
-</div>
-
-<div class="row">
-	<!-- Werner -->
-	<div class="camp-who col-md-6">
-	  <div class="media">
-	    <div class="media-left">
-	      <img class="media-object" src="/share/campaign/img/team/werner.jpg" alt="Picture of Werner">
-	    </div>
-	    <div class="media-body">
-	      <strong>Werner</strong> started GnuPG in 1997.  Werner
-	      is a long time free software supporter and co-founder of
-	      the FSFE.
-	    </div>
-	  </div>
-	</div>
-
-	<!-- Neal -->
-	<div class="camp-who col-md-6">
-	  <div class="media">
-	    <div class="media-left">
-	      <img class="media-object" src="/share/campaign/img/team/neal.jpg" alt="Picture of Neal">
-	    </div>
-	    <div class="media-body">
-	      <strong>Neal</strong> started to work on GnuPG in 2015
-	      to support maintenance and development in all areas.
-	    </div>
-	  </div>
-	</div>
-</div>
-
-<div class="row">
-	<!-- Justus -->
-	<div class="camp-who col-md-6">
-	  <div class="media">
-	    <div class="media-left">
-	      <img class="media-object" src="/share/campaign/img/team/justus.jpg" alt="Picture of Justus">
-	    </div>
-	    <div class="media-body">
-	      <strong>Justus</strong> started to work on GnuPG in 2015
-	      to support maintenance and development in all areas.
-	    </div>
-	  </div>
-	</div>
-
-	<!-- Marcus -->
-	<div class="camp-who col-md-6">
-	  <div class="media">
-	    <div class="media-left">
-	      <img class="media-object" src="/share/campaign/img/team/marcus.jpg" alt="Picture of Marcus">
-	    </div>
-	    <div class="media-body">
-	      <strong>Marcus</strong> worked on GnuPG from 2001 to
-	      2012 and rejoined the project in 2017 to work in all
-	      areas.
-	    </div>
-	  </div>
-	</div>
-</div>
-
-<div class="row">
-	<!-- Kai -->
-	<div class="camp-who col-md-6">
-	  <div class="media">
-	    <div class="media-left">
-	      <img class="media-object" src="/share/campaign/img/team/kai.jpg" alt="Picture of Kai">
-	    </div>
-	    <div class="media-body">
-	      <strong>Kai</strong> is working on the Enigmail project since 2015.
-	    </div>
-	  </div>
-	</div>
-
-	<!-- Gniibe -->
-	<div class="camp-who col-md-6">
-	  <div class="media">
-	    <div class="media-left">
-	      <img class="media-object" src="/share/campaign/img/team/gniibe.jpg" alt="Picture of Niibe">
-	    </div>
-	    <div class="media-body">
-	      <strong>Niibe</strong> is a long time free software
-	      hacker who joined the GnuPG project in 2011 to work on
-	      smart cards and the Gnuk Token.
-	    </div>
-	  </div>
-	</div>
-</div>
 
 <div class="camp-final-pitch row">
   <div class="col">

-----------------------------------------------------------------------

Summary of changes:
 web/donate/index.de.org | 109 ------------------------------------------------
 web/donate/index.fr.org | 108 -----------------------------------------------
 web/donate/index.ja.org | 101 --------------------------------------------
 web/donate/index.org    | 105 ----------------------------------------------
 4 files changed, 423 deletions(-)


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Aug 31 19:17:03 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 31 Aug 2017 19:17:03 +0200
Subject: [git] gnupg-doc - branch, master,
 updated. 0550ee5a2657d13e37d8906c447d0270de157f83
Message-ID: <E1dnT5T-0003cb-To@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, master has been updated
       via  0550ee5a2657d13e37d8906c447d0270de157f83 (commit)
      from  5f7892bc53e103f27625e5f5269502f5544335ca (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 0550ee5a2657d13e37d8906c447d0270de157f83
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Aug 31 19:13:29 2017 +0200

    web: Remove Neal as employee of g10 code
    
    Neal quit his job as of today.

diff --git a/web/people/index.org b/web/people/index.org
index 4cbfde2..1e1e215 100644
--- a/web/people/index.org
+++ b/web/people/index.org
@@ -103,7 +103,7 @@
    /Core components hacker/
 
    Neal started to work on GnuPG in 2015 to support maintenance and
-   development in all areas.  He is full time employed by g10^code.
+   development in all areas.
 
    #+HTML: <p style="clear: both"/>
 

-----------------------------------------------------------------------

Summary of changes:
 web/people/index.org | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Aug 31 19:23:38 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 31 Aug 2017 19:23:38 +0200
Subject: [git] gnupg-doc - branch, master,
 updated. c4c57f90c345f7510f71de6f02f46b323b4d0a74
Message-ID: <E1dnTBq-0004oG-8o@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, master has been updated
       via  c4c57f90c345f7510f71de6f02f46b323b4d0a74 (commit)
      from  0550ee5a2657d13e37d8906c447d0270de157f83 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit c4c57f90c345f7510f71de6f02f46b323b4d0a74
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Aug 31 19:20:03 2017 +0200

    web: Move the list of Videos of the day to the bottom of the page.

diff --git a/web/donate/index.de.org b/web/donate/index.de.org
index 8145614..5d792f9 100644
--- a/web/donate/index.de.org
+++ b/web/donate/index.de.org
@@ -191,70 +191,6 @@ href="/cgi-bin/procdonate.cgi?mode=preset&lang=de"
       </div>
     </div>
 
-    <div id="dailyvideo" class="camp-gutter camp-gutter-clump container">
-      <div class="row">
-	<div class="col-sm-10 col-sm-offset-1">
-	  <h2>Videos</h2>
-	  <div class="row">
-	    <div class="col-lg-10 col-lg-offset-0">
-              <ul>
-                <li> <a href="https://youtu.be/1OMJWpdl0DA?t=9s">Alex Abdo</a>
-                  from the <a href="https://aclu.org">ACLU</a>
-                <li> <a href="https://youtu.be/bcNLlWqZ9d0?t=9s">Andre Meister</a>
-                  from <a href="https://netzpolitik.org">netzpolitik.org</a>
-                <li> <a href="https://www.youtube.com/watch?v=atFz16nInIs&t=10s">Benjamin Isma?l</a>
-                  from <a href="https://rsf.org/">Reporters without Borders</a>
-                <li> <a href="https://youtu.be/sQMj332dgIE?t=10s">Thenmozhi Soundararajan</a>
-                  from <a href="https://www.equalitylabs.org/">Equality Labs</a>
-                <li> <a href="https://youtu.be/5MCGTd8pOG4?t=10s">Matt Mitchell</a>
-                  from <a href="http://www.meetup.com/New-York-Cryptoparty-Network/">CryptoHarlem</a>
-                <li> <a href="https://youtu.be/IdCiJMc3q80?t=8s">Cindy Cohn</a>
-                  from <a href="https://eff.org">EFF</a>
-                <li> <a href="https://youtu.be/Qqg3_a72aEw?t=9s">Ksenia Ermoshina</a>,
-                  Researcher at <a href="https://nextleap.eu/">nextleap.eu</a>
-                <li> <a href="https://youtu.be/6DqfWz-KHSI?t=8s">Micha? 'Rysiek' Wo?niak</a>
-                  from <a href="https://www.occrp.org/">OCCRP</a>
-                <li> <a href="https://youtu.be/OpeFuKRYGVA?t=8s">Sze Ming</a>
-                  from the <a href="https://sinarproject.org/">Sinar Project</a>
-                <li> <a href="https://youtu.be/oQvP9SXm-ek?t=8s">Jason Reich</a>
-                  from <a href="https://www.buzzfeed.com/">BuzzFeed</a>
-                <li> <a href="https://youtu.be/iRuo57Hzask?t=9s">John Pershing</a>
-                  from <a href="https://1010data.com">1010data</a>
-                <li> <a href="https://youtu.be/sX0lncD0VCM?t=10s">Jochim Selzer</a>
-                  from <a href="https://koeln.ccc.de/">CCC K?ln</a>
-                <li> <a href="https://youtu.be/Z0h_uPWFp7o?t=8s">C5</a>,
-                  Digital Security Trainer from the Philippines
-                <li> <a href="https://youtu.be/xB6AvoeCWro?t=9s">Noah Vesely</a>
-                  from <a href="https://securedrop.org/">SecureDrop</a>
-                <li> <a href="https://youtu.be/_aJPaR9Cfmk?t=9s">Lisa 'Leez' Wright</a>
-                  from the <a href="https://eff.org">EFF</a>
-                <li> <a href="https://youtu.be/VJIR5zzpUr8?t=8s">Hern?ni Marques</a>
-                  from <a href="https://www.ccc-ch.ch/">CCC Switzerland</a>
-                <li> <a href="https://youtu.be/K8-pmUyegYk?t=9s">Geoffrey King</a>,
-                  <a href="https://geoffreyking.org/">Lawyer and Journalist</a>
-                <li> <a href="https://youtu.be/l1ByJCSvQKk?t=9s">Andrew Ford Lyons</a>
-                  from <a href="http://www.internews.org/">Internews Europe</a>
-                <li> <a href="https://youtu.be/6dreAkVxmpg?t=8s">Seamus Tuohy</a>,
-                  <a href="http://prudentinnovation.org/">Digital Security Trainer</a>
-                <li> <a href="https://youtu.be/j0Zd0wZyLP8?t=10s">Meik Michalke</a>
-                  from <a href="https://www.c3s.cc/">C3S</a>
-                <li> <a href="https://youtu.be/mak22hXcslg?t=8s">Sheera Frenkel</a>
-                  from <a href="https://www.buzzfeed.com/news">BuzzFeed News</a>
-                <li> <a href=" https://youtu.be/MSu_FF49MtU?t=9s">Michael Stehmann</a>,
-                  <a href="http://www.rechtsanwalt-stehmann.de/">Lawyer</a>
-                <li> <a href="https://youtu.be/-Rkrf9GIw8M?t=9s">C?dric Laurant</a>
-                  from <a href="https://sontusdatos.org/">SonTusDatos</a>
-                <li> <a href="https://youtu.be/SdlnauJ5XWM?t=9s">Daniel Kahn Gillmor</a>
-                  from <a href="https://debian.org">Debian</a> and the <a href="https://aclu.org">ACLU</a>
-                <li> <a href="https://youtu.be/g9a_snLWRxE?t=8s">Arthur Jordan</a>
-                  from <a href="https://2u.com/">2U</a>
-              </ul>
-	    </div>
-	  </div>
-	</div>
-      </div>
-    </div>
-
     <div id="about" class="camp-gutter container">
       <div class="row">
 	<div class="col-sm-10 col-sm-offset-1">
@@ -1704,17 +1640,72 @@ src="https://www.gnupg.org/ftp/media/openpgp.conf/2016/gnupg-team-smaller.jpg"
     </div>
     <!-- End of testimonials.  -->
 
-      <div class="camp-final-pitch row">
-	<div class="col">
-	  <center>
-	    <a class="btn btn-primary btn-lg"
-               href="/donate/donate.de.html"
-               role="button">Spenden!</a>
-	  </center>
+    <div id="dailyvideo" class="camp-gutter camp-gutter-clump container">
+      <div class="row">
+	<div class="col-sm-10 col-sm-offset-1">
+	  <h2>Videos</h2>
+	  <div class="row">
+	    <div class="col-lg-10 col-lg-offset-0">
+              <ul>
+                <li> <a href="https://youtu.be/1OMJWpdl0DA?t=9s">Alex Abdo</a>
+                  from the <a href="https://aclu.org">ACLU</a>
+                <li> <a href="https://youtu.be/bcNLlWqZ9d0?t=9s">Andre Meister</a>
+                  from <a href="https://netzpolitik.org">netzpolitik.org</a>
+                <li> <a href="https://www.youtube.com/watch?v=atFz16nInIs&t=10s">Benjamin Isma?l</a>
+                  from <a href="https://rsf.org/">Reporters without Borders</a>
+                <li> <a href="https://youtu.be/sQMj332dgIE?t=10s">Thenmozhi Soundararajan</a>
+                  from <a href="https://www.equalitylabs.org/">Equality Labs</a>
+                <li> <a href="https://youtu.be/5MCGTd8pOG4?t=10s">Matt Mitchell</a>
+                  from <a href="http://www.meetup.com/New-York-Cryptoparty-Network/">CryptoHarlem</a>
+                <li> <a href="https://youtu.be/IdCiJMc3q80?t=8s">Cindy Cohn</a>
+                  from <a href="https://eff.org">EFF</a>
+                <li> <a href="https://youtu.be/Qqg3_a72aEw?t=9s">Ksenia Ermoshina</a>,
+                  Researcher at <a href="https://nextleap.eu/">nextleap.eu</a>
+                <li> <a href="https://youtu.be/6DqfWz-KHSI?t=8s">Micha? 'Rysiek' Wo?niak</a>
+                  from <a href="https://www.occrp.org/">OCCRP</a>
+                <li> <a href="https://youtu.be/OpeFuKRYGVA?t=8s">Sze Ming</a>
+                  from the <a href="https://sinarproject.org/">Sinar Project</a>
+                <li> <a href="https://youtu.be/oQvP9SXm-ek?t=8s">Jason Reich</a>
+                  from <a href="https://www.buzzfeed.com/">BuzzFeed</a>
+                <li> <a href="https://youtu.be/iRuo57Hzask?t=9s">John Pershing</a>
+                  from <a href="https://1010data.com">1010data</a>
+                <li> <a href="https://youtu.be/sX0lncD0VCM?t=10s">Jochim Selzer</a>
+                  from <a href="https://koeln.ccc.de/">CCC K?ln</a>
+                <li> <a href="https://youtu.be/Z0h_uPWFp7o?t=8s">C5</a>,
+                  Digital Security Trainer from the Philippines
+                <li> <a href="https://youtu.be/xB6AvoeCWro?t=9s">Noah Vesely</a>
+                  from <a href="https://securedrop.org/">SecureDrop</a>
+                <li> <a href="https://youtu.be/_aJPaR9Cfmk?t=9s">Lisa 'Leez' Wright</a>
+                  from the <a href="https://eff.org">EFF</a>
+                <li> <a href="https://youtu.be/VJIR5zzpUr8?t=8s">Hern?ni Marques</a>
+                  from <a href="https://www.ccc-ch.ch/">CCC Switzerland</a>
+                <li> <a href="https://youtu.be/K8-pmUyegYk?t=9s">Geoffrey King</a>,
+                  <a href="https://geoffreyking.org/">Lawyer and Journalist</a>
+                <li> <a href="https://youtu.be/l1ByJCSvQKk?t=9s">Andrew Ford Lyons</a>
+                  from <a href="http://www.internews.org/">Internews Europe</a>
+                <li> <a href="https://youtu.be/6dreAkVxmpg?t=8s">Seamus Tuohy</a>,
+                  <a href="http://prudentinnovation.org/">Digital Security Trainer</a>
+                <li> <a href="https://youtu.be/j0Zd0wZyLP8?t=10s">Meik Michalke</a>
+                  from <a href="https://www.c3s.cc/">C3S</a>
+                <li> <a href="https://youtu.be/mak22hXcslg?t=8s">Sheera Frenkel</a>
+                  from <a href="https://www.buzzfeed.com/news">BuzzFeed News</a>
+                <li> <a href=" https://youtu.be/MSu_FF49MtU?t=9s">Michael Stehmann</a>,
+                  <a href="http://www.rechtsanwalt-stehmann.de/">Lawyer</a>
+                <li> <a href="https://youtu.be/-Rkrf9GIw8M?t=9s">C?dric Laurant</a>
+                  from <a href="https://sontusdatos.org/">SonTusDatos</a>
+                <li> <a href="https://youtu.be/SdlnauJ5XWM?t=9s">Daniel Kahn Gillmor</a>
+                  from <a href="https://debian.org">Debian</a> and the <a href="https://aclu.org">ACLU</a>
+                <li> <a href="https://youtu.be/g9a_snLWRxE?t=8s">Arthur Jordan</a>
+                  from <a href="https://2u.com/">2U</a>
+              </ul>
+	    </div>
+	  </div>
 	</div>
       </div>
     </div>
-  </div>
+
+</div>
+</div>
 
 <div class="camp-gutter container-fluid" id="camp-footer">
   <div class="container">
diff --git a/web/donate/index.fr.org b/web/donate/index.fr.org
index b8ccc16..8f52e06 100644
--- a/web/donate/index.fr.org
+++ b/web/donate/index.fr.org
@@ -184,68 +184,6 @@
       </div>
     </div>
 
-    <div id="dailyvideo" class="camp-gutter camp-gutter-clump container">
-      <div class="row">
-	<div class="col-sm-10 col-sm-offset-1">
-	  <h2>Clips</h2>
-	  <div class="row">
-	    <div class="col-lg-10 col-lg-offset-0">
-              <ul>
-                <li> <a href="https://youtu.be/1OMJWpdl0DA?t=9s">Alex Abdo</a>
-                  from the <a href="https://aclu.org">ACLU</a>
-                <li> <a href="https://youtu.be/bcNLlWqZ9d0?t=9s">Andre Meister</a>
-                  from <a href="https://netzpolitik.org">netzpolitik.org</a>
-                <li> <a href="https://www.youtube.com/watch?v=atFz16nInIs&t=10s">Benjamin Isma?l</a>
-                  from <a href="https://rsf.org/">Reporters without Borders</a>
-                <li> <a href="https://youtu.be/sQMj332dgIE?t=10s">Thenmozhi Soundararajan</a>
-                  from <a href="https://www.equalitylabs.org/">Equality Labs</a>
-                <li> <a href="https://youtu.be/5MCGTd8pOG4?t=10s">Matt Mitchell</a>
-                  from <a href="http://www.meetup.com/New-York-Cryptoparty-Network/">CryptoHarlem</a>
-                <li> <a href="https://youtu.be/IdCiJMc3q80?t=8s">Cindy Cohn</a>
-                  from <a href="https://eff.org">EFF</a>
-                <li> <a href="https://youtu.be/Qqg3_a72aEw?t=9s">Ksenia Ermoshina</a>,
-                  Researcher at <a href="https://nextleap.eu/">nextleap.eu</a>
-                <li> <a href="https://youtu.be/6DqfWz-KHSI?t=8s">Micha? 'Rysiek' Wo?niak</a>
-                  from <a href="https://www.occrp.org/">OCCRP</a>
-                <li> <a href="https://youtu.be/OpeFuKRYGVA?t=8s">Sze Ming</a>
-                  from the <a href="https://sinarproject.org/">Sinar Project</a>
-                <li> <a href="https://youtu.be/oQvP9SXm-ek?t=8s">Jason Reich</a>
-                  from <a href="https://www.buzzfeed.com/">BuzzFeed</a>
-                <li> <a href="https://youtu.be/iRuo57Hzask?t=9s">John Pershing</a>
-                  from <a href="https://1010data.com">1010data</a>
-                <li> <a href="https://youtu.be/sX0lncD0VCM?t=10s">Jochim Selzer</a>
-                  from <a href="https://koeln.ccc.de/">CCC K?ln</a>
-                <li> <a href="https://youtu.be/Z0h_uPWFp7o?t=8s">C5</a>,
-                  Digital Security Trainer from the Philippines
-                <li> <a href="https://youtu.be/xB6AvoeCWro?t=9s">Noah Vesely</a>
-                  from <a href="https://securedrop.org/">SecureDrop</a>
-                <li> <a href="https://youtu.be/_aJPaR9Cfmk?t=9s">Lisa 'Leez' Wright</a>
-                  from the <a href="https://eff.org">EFF</a>
-                <li> <a href="https://youtu.be/VJIR5zzpUr8?t=8s">Hern?ni Marques</a>
-                  from <a href="https://www.ccc-ch.ch/">CCC Switzerland</a>
-                <li> <a href="https://youtu.be/K8-pmUyegYk?t=9s">Geoffrey King</a>,
-                  <a href="https://geoffreyking.org/">Lawyer and Journalist</a>
-                <li> <a href="https://youtu.be/l1ByJCSvQKk?t=9s">Andrew Ford Lyons</a>
-                  from <a href="http://www.internews.org/">Internews Europe</a>
-                <li> <a href="https://youtu.be/6dreAkVxmpg?t=8s">Seamus Tuohy</a>,
-                  <a href="http://prudentinnovation.org/">Digital Security Trainer</a>
-                <li> <a href="https://youtu.be/j0Zd0wZyLP8?t=10s">Meik Michalke</a>
-                  from <a href="https://www.c3s.cc/">C3S</a>
-                <li> <a href="https://youtu.be/mak22hXcslg?t=8s">Sheera Frenkel</a>
-                  from <a href="https://www.buzzfeed.com/news">BuzzFeed News</a>
-                <li> <a href=" https://youtu.be/MSu_FF49MtU?t=9s">Michael Stehmann</a>,
-                  <a href="http://www.rechtsanwalt-stehmann.de/">Lawyer</a>
-                <li> <a href="https://youtu.be/-Rkrf9GIw8M?t=9s">C?dric Laurant</a>
-                  from <a href="https://sontusdatos.org/">SonTusDatos</a>
-                <li> <a href="https://youtu.be/SdlnauJ5XWM?t=9s">Daniel Kahn Gillmor</a>
-                  from <a href="https://debian.org">Debian</a> and the <a href="https://aclu.org">ACLU</a>
-                <li> <a href="https://youtu.be/g9a_snLWRxE?t=8s">Arthur Jordan</a>
-                  from <a href="https://2u.com/">2U</a>
-              </ul>
-	    </div>
-	</div>
-      </div>
-    </div>
 
     <div id="about" class="camp-gutter container">
       <div class="row">
@@ -1617,14 +1555,69 @@ src="https://www.gnupg.org/ftp/media/openpgp.conf/2016/gnupg-team-smaller.jpg"
     </div>
     <!-- End of testimonials.  -->
 
-
-<div class="camp-final-pitch row">
-  <div class="col">
-      <center>
-        <a class="btn btn-primary btn-lg" href="/donate/donate.fr.html" role="button">Soutenez GnuPG!</a>
-      </center>
+    <div id="dailyvideo" class="camp-gutter camp-gutter-clump container">
+      <div class="row">
+	<div class="col-sm-10 col-sm-offset-1">
+	  <h2>Clips</h2>
+	  <div class="row">
+	    <div class="col-lg-10 col-lg-offset-0">
+              <ul>
+                <li> <a href="https://youtu.be/1OMJWpdl0DA?t=9s">Alex Abdo</a>
+                  from the <a href="https://aclu.org">ACLU</a>
+                <li> <a href="https://youtu.be/bcNLlWqZ9d0?t=9s">Andre Meister</a>
+                  from <a href="https://netzpolitik.org">netzpolitik.org</a>
+                <li> <a href="https://www.youtube.com/watch?v=atFz16nInIs&t=10s">Benjamin Isma?l</a>
+                  from <a href="https://rsf.org/">Reporters without Borders</a>
+                <li> <a href="https://youtu.be/sQMj332dgIE?t=10s">Thenmozhi Soundararajan</a>
+                  from <a href="https://www.equalitylabs.org/">Equality Labs</a>
+                <li> <a href="https://youtu.be/5MCGTd8pOG4?t=10s">Matt Mitchell</a>
+                  from <a href="http://www.meetup.com/New-York-Cryptoparty-Network/">CryptoHarlem</a>
+                <li> <a href="https://youtu.be/IdCiJMc3q80?t=8s">Cindy Cohn</a>
+                  from <a href="https://eff.org">EFF</a>
+                <li> <a href="https://youtu.be/Qqg3_a72aEw?t=9s">Ksenia Ermoshina</a>,
+                  Researcher at <a href="https://nextleap.eu/">nextleap.eu</a>
+                <li> <a href="https://youtu.be/6DqfWz-KHSI?t=8s">Micha? 'Rysiek' Wo?niak</a>
+                  from <a href="https://www.occrp.org/">OCCRP</a>
+                <li> <a href="https://youtu.be/OpeFuKRYGVA?t=8s">Sze Ming</a>
+                  from the <a href="https://sinarproject.org/">Sinar Project</a>
+                <li> <a href="https://youtu.be/oQvP9SXm-ek?t=8s">Jason Reich</a>
+                  from <a href="https://www.buzzfeed.com/">BuzzFeed</a>
+                <li> <a href="https://youtu.be/iRuo57Hzask?t=9s">John Pershing</a>
+                  from <a href="https://1010data.com">1010data</a>
+                <li> <a href="https://youtu.be/sX0lncD0VCM?t=10s">Jochim Selzer</a>
+                  from <a href="https://koeln.ccc.de/">CCC K?ln</a>
+                <li> <a href="https://youtu.be/Z0h_uPWFp7o?t=8s">C5</a>,
+                  Digital Security Trainer from the Philippines
+                <li> <a href="https://youtu.be/xB6AvoeCWro?t=9s">Noah Vesely</a>
+                  from <a href="https://securedrop.org/">SecureDrop</a>
+                <li> <a href="https://youtu.be/_aJPaR9Cfmk?t=9s">Lisa 'Leez' Wright</a>
+                  from the <a href="https://eff.org">EFF</a>
+                <li> <a href="https://youtu.be/VJIR5zzpUr8?t=8s">Hern?ni Marques</a>
+                  from <a href="https://www.ccc-ch.ch/">CCC Switzerland</a>
+                <li> <a href="https://youtu.be/K8-pmUyegYk?t=9s">Geoffrey King</a>,
+                  <a href="https://geoffreyking.org/">Lawyer and Journalist</a>
+                <li> <a href="https://youtu.be/l1ByJCSvQKk?t=9s">Andrew Ford Lyons</a>
+                  from <a href="http://www.internews.org/">Internews Europe</a>
+                <li> <a href="https://youtu.be/6dreAkVxmpg?t=8s">Seamus Tuohy</a>,
+                  <a href="http://prudentinnovation.org/">Digital Security Trainer</a>
+                <li> <a href="https://youtu.be/j0Zd0wZyLP8?t=10s">Meik Michalke</a>
+                  from <a href="https://www.c3s.cc/">C3S</a>
+                <li> <a href="https://youtu.be/mak22hXcslg?t=8s">Sheera Frenkel</a>
+                  from <a href="https://www.buzzfeed.com/news">BuzzFeed News</a>
+                <li> <a href=" https://youtu.be/MSu_FF49MtU?t=9s">Michael Stehmann</a>,
+                  <a href="http://www.rechtsanwalt-stehmann.de/">Lawyer</a>
+                <li> <a href="https://youtu.be/-Rkrf9GIw8M?t=9s">C?dric Laurant</a>
+                  from <a href="https://sontusdatos.org/">SonTusDatos</a>
+                <li> <a href="https://youtu.be/SdlnauJ5XWM?t=9s">Daniel Kahn Gillmor</a>
+                  from <a href="https://debian.org">Debian</a> and the <a href="https://aclu.org">ACLU</a>
+                <li> <a href="https://youtu.be/g9a_snLWRxE?t=8s">Arthur Jordan</a>
+                  from <a href="https://2u.com/">2U</a>
+              </ul>
+	    </div>
+	</div>
+      </div>
     </div>
-  </div>
+
 </div>
 </div>
 
diff --git a/web/donate/index.ja.org b/web/donate/index.ja.org
index 7912562..f890c80 100644
--- a/web/donate/index.ja.org
+++ b/web/donate/index.ja.org
@@ -174,69 +174,6 @@
       </div>
     </div>
 
-    <div id="dailyvideo" class="camp-gutter camp-gutter-clump container">
-      <div class="row">
-	<div class="col-sm-10 col-sm-offset-1">
-	  <h2>??????</h2>
-	  <div class="row">
-	    <div class="col-lg-10 col-lg-offset-0">
-              <ul>
-                <li> <a href="https://youtu.be/1OMJWpdl0DA?t=9s">Alex Abdo</a>
-                  from the <a href="https://aclu.org">ACLU</a>
-                <li> <a href="https://youtu.be/bcNLlWqZ9d0?t=9s">Andre Meister</a>
-                  from <a href="https://netzpolitik.org">netzpolitik.org</a>
-                <li> <a href="https://www.youtube.com/watch?v=atFz16nInIs&t=10s">Benjamin Isma?l</a>
-                  from <a href="https://rsf.org/">Reporters without Borders</a>
-                <li> <a href="https://youtu.be/sQMj332dgIE?t=10s">Thenmozhi Soundararajan</a>
-                  from <a href="https://www.equalitylabs.org/">Equality Labs</a>
-                <li> <a href="https://youtu.be/5MCGTd8pOG4?t=10s">Matt Mitchell</a>
-                  from <a href="http://www.meetup.com/New-York-Cryptoparty-Network/">CryptoHarlem</a>
-                <li> <a href="https://youtu.be/IdCiJMc3q80?t=8s">Cindy Cohn</a>
-                  from <a href="https://eff.org">EFF</a>
-                <li> <a href="https://youtu.be/Qqg3_a72aEw?t=9s">Ksenia Ermoshina</a>,
-                  Researcher at <a href="https://nextleap.eu/">nextleap.eu</a>
-                <li> <a href="https://youtu.be/6DqfWz-KHSI?t=8s">Micha? 'Rysiek' Wo?niak</a>
-                  from <a href="https://www.occrp.org/">OCCRP</a>
-                <li> <a href="https://youtu.be/OpeFuKRYGVA?t=8s">Sze Ming</a>
-                  from the <a href="https://sinarproject.org/">Sinar Project</a>
-                <li> <a href="https://youtu.be/oQvP9SXm-ek?t=8s">Jason Reich</a>
-                  from <a href="https://www.buzzfeed.com/">BuzzFeed</a>
-                <li> <a href="https://youtu.be/iRuo57Hzask?t=9s">John Pershing</a>
-                  from <a href="https://1010data.com">1010data</a>
-                <li> <a href="https://youtu.be/sX0lncD0VCM?t=10s">Jochim Selzer</a>
-                  from <a href="https://koeln.ccc.de/">CCC K?ln</a>
-                <li> <a href="https://youtu.be/Z0h_uPWFp7o?t=8s">C5</a>,
-                  Digital Security Trainer from the Philippines
-                <li> <a href="https://youtu.be/xB6AvoeCWro?t=9s">Noah Vesely</a>
-                  from <a href="https://securedrop.org/">SecureDrop</a>
-                <li> <a href="https://youtu.be/_aJPaR9Cfmk?t=9s">Lisa 'Leez' Wright</a>
-                  from the <a href="https://eff.org">EFF</a>
-                <li> <a href="https://youtu.be/VJIR5zzpUr8?t=8s">Hern?ni Marques</a>
-                  from <a href="https://www.ccc-ch.ch/">CCC Switzerland</a>
-                <li> <a href="https://youtu.be/K8-pmUyegYk?t=9s">Geoffrey King</a>,
-                  <a href="https://geoffreyking.org/">Lawyer and Journalist</a>
-                <li> <a href="https://youtu.be/l1ByJCSvQKk?t=9s">Andrew Ford Lyons</a>
-                  from <a href="http://www.internews.org/">Internews Europe</a>
-                <li> <a href="https://youtu.be/6dreAkVxmpg?t=8s">Seamus Tuohy</a>,
-                  <a href="http://prudentinnovation.org/">Digital Security Trainer</a>
-                <li> <a href="https://youtu.be/j0Zd0wZyLP8?t=10s">Meik Michalke</a>
-                  from <a href="https://www.c3s.cc/">C3S</a>
-                <li> <a href="https://youtu.be/mak22hXcslg?t=8s">Sheera Frenkel</a>
-                  from <a href="https://www.buzzfeed.com/news">BuzzFeed News</a>
-                <li> <a href=" https://youtu.be/MSu_FF49MtU?t=9s">Michael Stehmann</a>,
-                  <a href="http://www.rechtsanwalt-stehmann.de/">Lawyer</a>
-                <li> <a href="https://youtu.be/-Rkrf9GIw8M?t=9s">C?dric Laurant</a>
-                  from <a href="https://sontusdatos.org/">SonTusDatos</a>
-                <li> <a href="https://youtu.be/SdlnauJ5XWM?t=9s">Daniel Kahn Gillmor</a>
-                  from <a href="https://debian.org">Debian</a> and the <a href="https://aclu.org">ACLU</a>
-                <li> <a href="https://youtu.be/g9a_snLWRxE?t=8s">Arthur Jordan</a>
-                  from <a href="https://2u.com/">2U</a>
-              </ul>
-	    </div>
-	  </div>
-	</div>
-      </div>
-    </div>
 
     <div id="about" class="camp-gutter container">
       <div class="row">
@@ -1383,8 +1320,6 @@ src="https://www.gnupg.org/ftp/media/openpgp.conf/2016/gnupg-team-smaller.jpg"
 	    </div><!-- /.carousel -->
 
 
-
-
 	  </div>
 	</div>
       </div>
@@ -1392,13 +1327,71 @@ src="https://www.gnupg.org/ftp/media/openpgp.conf/2016/gnupg-team-smaller.jpg"
     </div>
     <!-- End of testimonials.  -->
 
-<div class="camp-final-pitch row">
-  <div class="col">
-      <center>
-        <a class="btn btn-primary btn-lg" href="/donate/donate.ja.html" role="button">????!</a>
-      </center>
+    <div id="dailyvideo" class="camp-gutter camp-gutter-clump container">
+      <div class="row">
+	<div class="col-sm-10 col-sm-offset-1">
+	  <h2>??????</h2>
+	  <div class="row">
+	    <div class="col-lg-10 col-lg-offset-0">
+              <ul>
+                <li> <a href="https://youtu.be/1OMJWpdl0DA?t=9s">Alex Abdo</a>
+                  from the <a href="https://aclu.org">ACLU</a>
+                <li> <a href="https://youtu.be/bcNLlWqZ9d0?t=9s">Andre Meister</a>
+                  from <a href="https://netzpolitik.org">netzpolitik.org</a>
+                <li> <a href="https://www.youtube.com/watch?v=atFz16nInIs&t=10s">Benjamin Isma?l</a>
+                  from <a href="https://rsf.org/">Reporters without Borders</a>
+                <li> <a href="https://youtu.be/sQMj332dgIE?t=10s">Thenmozhi Soundararajan</a>
+                  from <a href="https://www.equalitylabs.org/">Equality Labs</a>
+                <li> <a href="https://youtu.be/5MCGTd8pOG4?t=10s">Matt Mitchell</a>
+                  from <a href="http://www.meetup.com/New-York-Cryptoparty-Network/">CryptoHarlem</a>
+                <li> <a href="https://youtu.be/IdCiJMc3q80?t=8s">Cindy Cohn</a>
+                  from <a href="https://eff.org">EFF</a>
+                <li> <a href="https://youtu.be/Qqg3_a72aEw?t=9s">Ksenia Ermoshina</a>,
+                  Researcher at <a href="https://nextleap.eu/">nextleap.eu</a>
+                <li> <a href="https://youtu.be/6DqfWz-KHSI?t=8s">Micha? 'Rysiek' Wo?niak</a>
+                  from <a href="https://www.occrp.org/">OCCRP</a>
+                <li> <a href="https://youtu.be/OpeFuKRYGVA?t=8s">Sze Ming</a>
+                  from the <a href="https://sinarproject.org/">Sinar Project</a>
+                <li> <a href="https://youtu.be/oQvP9SXm-ek?t=8s">Jason Reich</a>
+                  from <a href="https://www.buzzfeed.com/">BuzzFeed</a>
+                <li> <a href="https://youtu.be/iRuo57Hzask?t=9s">John Pershing</a>
+                  from <a href="https://1010data.com">1010data</a>
+                <li> <a href="https://youtu.be/sX0lncD0VCM?t=10s">Jochim Selzer</a>
+                  from <a href="https://koeln.ccc.de/">CCC K?ln</a>
+                <li> <a href="https://youtu.be/Z0h_uPWFp7o?t=8s">C5</a>,
+                  Digital Security Trainer from the Philippines
+                <li> <a href="https://youtu.be/xB6AvoeCWro?t=9s">Noah Vesely</a>
+                  from <a href="https://securedrop.org/">SecureDrop</a>
+                <li> <a href="https://youtu.be/_aJPaR9Cfmk?t=9s">Lisa 'Leez' Wright</a>
+                  from the <a href="https://eff.org">EFF</a>
+                <li> <a href="https://youtu.be/VJIR5zzpUr8?t=8s">Hern?ni Marques</a>
+                  from <a href="https://www.ccc-ch.ch/">CCC Switzerland</a>
+                <li> <a href="https://youtu.be/K8-pmUyegYk?t=9s">Geoffrey King</a>,
+                  <a href="https://geoffreyking.org/">Lawyer and Journalist</a>
+                <li> <a href="https://youtu.be/l1ByJCSvQKk?t=9s">Andrew Ford Lyons</a>
+                  from <a href="http://www.internews.org/">Internews Europe</a>
+                <li> <a href="https://youtu.be/6dreAkVxmpg?t=8s">Seamus Tuohy</a>,
+                  <a href="http://prudentinnovation.org/">Digital Security Trainer</a>
+                <li> <a href="https://youtu.be/j0Zd0wZyLP8?t=10s">Meik Michalke</a>
+                  from <a href="https://www.c3s.cc/">C3S</a>
+                <li> <a href="https://youtu.be/mak22hXcslg?t=8s">Sheera Frenkel</a>
+                  from <a href="https://www.buzzfeed.com/news">BuzzFeed News</a>
+                <li> <a href=" https://youtu.be/MSu_FF49MtU?t=9s">Michael Stehmann</a>,
+                  <a href="http://www.rechtsanwalt-stehmann.de/">Lawyer</a>
+                <li> <a href="https://youtu.be/-Rkrf9GIw8M?t=9s">C?dric Laurant</a>
+                  from <a href="https://sontusdatos.org/">SonTusDatos</a>
+                <li> <a href="https://youtu.be/SdlnauJ5XWM?t=9s">Daniel Kahn Gillmor</a>
+                  from <a href="https://debian.org">Debian</a> and the <a href="https://aclu.org">ACLU</a>
+                <li> <a href="https://youtu.be/g9a_snLWRxE?t=8s">Arthur Jordan</a>
+                  from <a href="https://2u.com/">2U</a>
+              </ul>
+	    </div>
+	  </div>
+	</div>
+      </div>
     </div>
-  </div>
+
+
 </div>
 </div>
 
diff --git a/web/donate/index.org b/web/donate/index.org
index a7b47df..be867bc 100644
--- a/web/donate/index.org
+++ b/web/donate/index.org
@@ -188,69 +188,6 @@
       </div>
     </div>
 
-    <div id="dailyvideo" class="camp-gutter camp-gutter-clump container">
-      <div class="row">
-	<div class="col-sm-10 col-sm-offset-1">
-	  <h2>Videos of the Day</h2>
-	  <div class="row">
-	    <div class="col-lg-10 col-lg-offset-0">
-              <ul>
-                <li> <a href="https://youtu.be/1OMJWpdl0DA?t=9s">Alex Abdo</a>
-                  from the <a href="https://aclu.org">ACLU</a>
-                <li> <a href="https://youtu.be/bcNLlWqZ9d0?t=9s">Andre Meister</a>
-                  from <a href="https://netzpolitik.org">netzpolitik.org</a>
-                <li> <a href="https://www.youtube.com/watch?v=atFz16nInIs&t=10s">Benjamin Isma?l</a>
-                  from <a href="https://rsf.org/">Reporters without Borders</a>
-                <li> <a href="https://youtu.be/sQMj332dgIE?t=10s">Thenmozhi Soundararajan</a>
-                  from <a href="https://www.equalitylabs.org/">Equality Labs</a>
-                <li> <a href="https://youtu.be/5MCGTd8pOG4?t=10s">Matt Mitchell</a>
-                  from <a href="http://www.meetup.com/New-York-Cryptoparty-Network/">CryptoHarlem</a>
-                <li> <a href="https://youtu.be/IdCiJMc3q80?t=8s">Cindy Cohn</a>
-                  from <a href="https://eff.org">EFF</a>
-                <li> <a href="https://youtu.be/Qqg3_a72aEw?t=9s">Ksenia Ermoshina</a>,
-                  Researcher at <a href="https://nextleap.eu/">nextleap.eu</a>
-                <li> <a href="https://youtu.be/6DqfWz-KHSI?t=8s">Micha? 'Rysiek' Wo?niak</a>
-                  from <a href="https://www.occrp.org/">OCCRP</a>
-                <li> <a href="https://youtu.be/OpeFuKRYGVA?t=8s">Sze Ming</a>
-                  from the <a href="https://sinarproject.org/">Sinar Project</a>
-                <li> <a href="https://youtu.be/oQvP9SXm-ek?t=8s">Jason Reich</a>
-                  from <a href="https://www.buzzfeed.com/">BuzzFeed</a>
-                <li> <a href="https://youtu.be/iRuo57Hzask?t=9s">John Pershing</a>
-                  from <a href="https://1010data.com">1010data</a>
-                <li> <a href="https://youtu.be/sX0lncD0VCM?t=10s">Jochim Selzer</a>
-                  from <a href="https://koeln.ccc.de/">CCC K?ln</a>
-                <li> <a href="https://youtu.be/Z0h_uPWFp7o?t=8s">C5</a>,
-                  Digital Security Trainer from the Philippines
-                <li> <a href="https://youtu.be/xB6AvoeCWro?t=9s">Noah Vesely</a>
-                  from <a href="https://securedrop.org/">SecureDrop</a>
-                <li> <a href="https://youtu.be/_aJPaR9Cfmk?t=9s">Lisa 'Leez' Wright</a>
-                  from the <a href="https://eff.org">EFF</a>
-                <li> <a href="https://youtu.be/VJIR5zzpUr8?t=8s">Hern?ni Marques</a>
-                  from <a href="https://www.ccc-ch.ch/">CCC Switzerland</a>
-                <li> <a href="https://youtu.be/K8-pmUyegYk?t=9s">Geoffrey King</a>,
-                  <a href="https://geoffreyking.org/">Lawyer and Journalist</a>
-                <li> <a href="https://youtu.be/l1ByJCSvQKk?t=9s">Andrew Ford Lyons</a>
-                  from <a href="http://www.internews.org/">Internews Europe</a>
-                <li> <a href="https://youtu.be/6dreAkVxmpg?t=8s">Seamus Tuohy</a>,
-                  <a href="http://prudentinnovation.org/">Digital Security Trainer</a>
-                <li> <a href="https://youtu.be/j0Zd0wZyLP8?t=10s">Meik Michalke</a>
-                  from <a href="https://www.c3s.cc/">C3S</a>
-                <li> <a href="https://youtu.be/mak22hXcslg?t=8s">Sheera Frenkel</a>
-                  from <a href="https://www.buzzfeed.com/news">BuzzFeed News</a>
-                <li> <a href=" https://youtu.be/MSu_FF49MtU?t=9s">Michael Stehmann</a>,
-                  <a href="http://www.rechtsanwalt-stehmann.de/">Lawyer</a>
-                <li> <a href="https://youtu.be/-Rkrf9GIw8M?t=9s">C?dric Laurant</a>
-                  from <a href="https://sontusdatos.org/">SonTusDatos</a>
-                <li> <a href="https://youtu.be/SdlnauJ5XWM?t=9s">Daniel Kahn Gillmor</a>
-                  from <a href="https://debian.org">Debian</a> and the <a href="https://aclu.org">ACLU</a>
-                <li> <a href="https://youtu.be/g9a_snLWRxE?t=8s">Arthur Jordan</a>
-                  from <a href="https://2u.com/">2U</a>
-              </ul>
-	    </div>
-	  </div>
-	</div>
-      </div>
-    </div>
 
     <div id="about" class="camp-gutter container">
       <div class="row">
@@ -1604,14 +1541,70 @@ src="https://www.gnupg.org/ftp/media/openpgp.conf/2016/gnupg-team-smaller.jpg"
     </div>
     <!-- End of testimonials.  -->
 
-
-<div class="camp-final-pitch row">
-  <div class="col">
-      <center>
-        <a class="btn btn-primary btn-lg" href="/donate/donate.html" role="button">Donate now!</a>
-      </center>
+    <div id="dailyvideo" class="camp-gutter camp-gutter-clump container">
+      <div class="row">
+	<div class="col-sm-10 col-sm-offset-1">
+	  <h2>Videos of the Day</h2>
+	  <div class="row">
+	    <div class="col-lg-10 col-lg-offset-0">
+              <ul>
+                <li> <a href="https://youtu.be/1OMJWpdl0DA?t=9s">Alex Abdo</a>
+                  from the <a href="https://aclu.org">ACLU</a>
+                <li> <a href="https://youtu.be/bcNLlWqZ9d0?t=9s">Andre Meister</a>
+                  from <a href="https://netzpolitik.org">netzpolitik.org</a>
+                <li> <a href="https://www.youtube.com/watch?v=atFz16nInIs&t=10s">Benjamin Isma?l</a>
+                  from <a href="https://rsf.org/">Reporters without Borders</a>
+                <li> <a href="https://youtu.be/sQMj332dgIE?t=10s">Thenmozhi Soundararajan</a>
+                  from <a href="https://www.equalitylabs.org/">Equality Labs</a>
+                <li> <a href="https://youtu.be/5MCGTd8pOG4?t=10s">Matt Mitchell</a>
+                  from <a href="http://www.meetup.com/New-York-Cryptoparty-Network/">CryptoHarlem</a>
+                <li> <a href="https://youtu.be/IdCiJMc3q80?t=8s">Cindy Cohn</a>
+                  from <a href="https://eff.org">EFF</a>
+                <li> <a href="https://youtu.be/Qqg3_a72aEw?t=9s">Ksenia Ermoshina</a>,
+                  Researcher at <a href="https://nextleap.eu/">nextleap.eu</a>
+                <li> <a href="https://youtu.be/6DqfWz-KHSI?t=8s">Micha? 'Rysiek' Wo?niak</a>
+                  from <a href="https://www.occrp.org/">OCCRP</a>
+                <li> <a href="https://youtu.be/OpeFuKRYGVA?t=8s">Sze Ming</a>
+                  from the <a href="https://sinarproject.org/">Sinar Project</a>
+                <li> <a href="https://youtu.be/oQvP9SXm-ek?t=8s">Jason Reich</a>
+                  from <a href="https://www.buzzfeed.com/">BuzzFeed</a>
+                <li> <a href="https://youtu.be/iRuo57Hzask?t=9s">John Pershing</a>
+                  from <a href="https://1010data.com">1010data</a>
+                <li> <a href="https://youtu.be/sX0lncD0VCM?t=10s">Jochim Selzer</a>
+                  from <a href="https://koeln.ccc.de/">CCC K?ln</a>
+                <li> <a href="https://youtu.be/Z0h_uPWFp7o?t=8s">C5</a>,
+                  Digital Security Trainer from the Philippines
+                <li> <a href="https://youtu.be/xB6AvoeCWro?t=9s">Noah Vesely</a>
+                  from <a href="https://securedrop.org/">SecureDrop</a>
+                <li> <a href="https://youtu.be/_aJPaR9Cfmk?t=9s">Lisa 'Leez' Wright</a>
+                  from the <a href="https://eff.org">EFF</a>
+                <li> <a href="https://youtu.be/VJIR5zzpUr8?t=8s">Hern?ni Marques</a>
+                  from <a href="https://www.ccc-ch.ch/">CCC Switzerland</a>
+                <li> <a href="https://youtu.be/K8-pmUyegYk?t=9s">Geoffrey King</a>,
+                  <a href="https://geoffreyking.org/">Lawyer and Journalist</a>
+                <li> <a href="https://youtu.be/l1ByJCSvQKk?t=9s">Andrew Ford Lyons</a>
+                  from <a href="http://www.internews.org/">Internews Europe</a>
+                <li> <a href="https://youtu.be/6dreAkVxmpg?t=8s">Seamus Tuohy</a>,
+                  <a href="http://prudentinnovation.org/">Digital Security Trainer</a>
+                <li> <a href="https://youtu.be/j0Zd0wZyLP8?t=10s">Meik Michalke</a>
+                  from <a href="https://www.c3s.cc/">C3S</a>
+                <li> <a href="https://youtu.be/mak22hXcslg?t=8s">Sheera Frenkel</a>
+                  from <a href="https://www.buzzfeed.com/news">BuzzFeed News</a>
+                <li> <a href=" https://youtu.be/MSu_FF49MtU?t=9s">Michael Stehmann</a>,
+                  <a href="http://www.rechtsanwalt-stehmann.de/">Lawyer</a>
+                <li> <a href="https://youtu.be/-Rkrf9GIw8M?t=9s">C?dric Laurant</a>
+                  from <a href="https://sontusdatos.org/">SonTusDatos</a>
+                <li> <a href="https://youtu.be/SdlnauJ5XWM?t=9s">Daniel Kahn Gillmor</a>
+                  from <a href="https://debian.org">Debian</a> and the <a href="https://aclu.org">ACLU</a>
+                <li> <a href="https://youtu.be/g9a_snLWRxE?t=8s">Arthur Jordan</a>
+                  from <a href="https://2u.com/">2U</a>
+              </ul>
+	    </div>
+	  </div>
+	</div>
+      </div>
     </div>
-  </div>
+
 </div>
 </div>
 

-----------------------------------------------------------------------

Summary of changes:
 web/donate/index.de.org | 135 ++++++++++++++++++++++--------------------------
 web/donate/index.fr.org | 131 ++++++++++++++++++++++------------------------
 web/donate/index.ja.org | 135 +++++++++++++++++++++++-------------------------
 web/donate/index.org    | 133 ++++++++++++++++++++++-------------------------
 4 files changed, 252 insertions(+), 282 deletions(-)


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Aug 31 19:26:51 2017
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 31 Aug 2017 19:26:51 +0200
Subject: [git] gnupg-doc - branch, master,
 updated. d641749d033eebc2a61ee5e826313ade7f437291
Message-ID: <E1dnTEx-0005mf-I6@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, master has been updated
       via  d641749d033eebc2a61ee5e826313ade7f437291 (commit)
      from  c4c57f90c345f7510f71de6f02f46b323b4d0a74 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit d641749d033eebc2a61ee5e826313ade7f437291
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Aug 31 19:23:17 2017 +0200

    web: Adjust the menu of the campaign page

diff --git a/web/donate/index.de.org b/web/donate/index.de.org
index 5d792f9..5504753 100644
--- a/web/donate/index.de.org
+++ b/web/donate/index.de.org
@@ -63,11 +63,10 @@
 
         <div id="navbar" class="navbar-collapse collapse">
           <ul class="nav navbar-nav">
-            <li><a href="#dailyvideo">T?gliches Video</a></li>
 	    <li><a href="#about">?ber</a></li>
             <li><a href="#goals">Ziele</a></li>
             <li><a href="#testimonials">Referenzen</a></li>
-            <li><a href="#team">Team</a></li>
+            <li><a href="#dailyvideo">Videos</a></li>
           </ul>
 	  <ul class="nav navbar-nav navbar-right hidden-xs lang-chooser">
 	    <li class="dropdown">
diff --git a/web/donate/index.fr.org b/web/donate/index.fr.org
index 8f52e06..4e190b1 100644
--- a/web/donate/index.fr.org
+++ b/web/donate/index.fr.org
@@ -60,11 +60,10 @@
 
         <div id="navbar" class="navbar-collapse collapse">
           <ul class="nav navbar-nav">
-            <li><a href="#dailyvideo">Vid?o quotienne</a></li>
             <li><a href="#about">? propos</a></li>
             <li><a href="#goals">Objectifs</a></li>
             <li><a href="#testimonials">T?moignages</a></li>
-            <li><a href="#team">Notre ?quipe</a></li>
+            <li><a href="#dailyvideo">Vid?o quotienne</a></li>
           </ul>
 	  <ul class="nav navbar-nav navbar-right hidden-xs lang-chooser">
 	    <li class="dropdown">
diff --git a/web/donate/index.ja.org b/web/donate/index.ja.org
index f890c80..1193529 100644
--- a/web/donate/index.ja.org
+++ b/web/donate/index.ja.org
@@ -60,11 +60,10 @@
 
         <div id="navbar" class="navbar-collapse collapse">
           <ul class="nav navbar-nav">
-            <li><a href="#dailyvideo">?????</a></li>
             <li><a href="#about">GnuPG????????</a></li>
             <li><a href="#goals">??</a></li>
             <li><a href="#testimonials">???</a></li>
-            <li><a href="#team">???</a></li>
+            <li><a href="#dailyvideo">?????</a></li>
           </ul>
 	  <ul class="nav navbar-nav navbar-right hidden-xs lang-chooser">
 	    <li class="dropdown">
diff --git a/web/donate/index.org b/web/donate/index.org
index be867bc..8d32f37 100644
--- a/web/donate/index.org
+++ b/web/donate/index.org
@@ -65,11 +65,10 @@
 
         <div id="navbar" class="navbar-collapse collapse">
           <ul class="nav navbar-nav">
-            <li><a href="#dailyvideo">Daily Video</a></li>
             <li><a href="#about">About</a></li>
             <li><a href="#goals">Goals</a></li>
             <li><a href="#testimonials">Testimonials</a></li>
-            <li><a href="#team">Team</a></li>
+            <li><a href="#dailyvideo">Videos</a></li>
           </ul>
 	  <ul class="nav navbar-nav navbar-right hidden-xs lang-chooser">
 	    <li class="dropdown">

-----------------------------------------------------------------------

Summary of changes:
 web/donate/index.de.org | 3 +--
 web/donate/index.fr.org | 3 +--
 web/donate/index.ja.org | 3 +--
 web/donate/index.org    | 3 +--
 4 files changed, 4 insertions(+), 8 deletions(-)


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org