Video des Tages: Meik Michalke - Cultural Commons Collecting Society +

Video des Tages: Sheera Frenkel + BuzzFeed News + (Now with The New York Times) +

diff --git a/web/donate/index.fr.org b/web/donate/index.fr.org index 0545db6..e0e29c7 100644 --- a/web/donate/index.fr.org +++ b/web/donate/index.fr.org @@ -215,8 +215,10 @@

Clip du jour?: Meik Michalke - Cultural Commons Collecting Society +

Clip du jour?: Sheera Frenkel + BuzzFeed News + (Now with The New York Times) +

diff --git a/web/donate/index.ja.org b/web/donate/index.ja.org index 822a259..5c01d1a 100644 --- a/web/donate/index.ja.org +++ b/web/donate/index.ja.org @@ -202,8 +202,10 @@

?????: Meik Michalke - Cultural Commons Collecting Society +

?????: Sheera Frenkel + BuzzFeed News + (Now with The New York Times) +

diff --git a/web/donate/index.org b/web/donate/index.org index 7341888..ad5be56 100644 --- a/web/donate/index.org +++ b/web/donate/index.org @@ -217,8 +217,10 @@

Video of the Day: Meik Michalke - Cultural Commons Collecting Society +

Video of the Day: Sheera Frenkel + BuzzFeed News + (Now with The New York Times) +

diff --git a/web/share/campaign/campaign.js b/web/share/campaign/campaign.js index 160900d..48ed06d 100644 --- a/web/share/campaign/campaign.js +++ b/web/share/campaign/campaign.js @@ -89,12 +89,11 @@ function get_param_from_url(name) { $(document).ready(function() { // VOTD: Update VOTD here. - let VIDLIST = "meik,seamus,andrew,geoffrey,hernani,leez,noah,c5,jochim,john,jason,sze,rysiek,ksenia,cindy,matt,thenmozhi,alex,andre,benjamin"; + let VIDLIST = "sheera,meik,seamus,andrew,geoffrey,hernani,leez,noah,c5,jochim,john,jason,sze,rysiek,ksenia,cindy,matt,thenmozhi,alex,andre,benjamin"; let YTID = { "main": "wNHhkntqklg", "thenmozhi": "sQMj332dgIE", "sze": "OpeFuKRYGVA", - "sheera": "zwPaVA4vhDM", "noah": "xB6AvoeCWro", "michael": "w4PY1ihLm0w", "matt": "5MCGTd8pOG4", @@ -115,7 +114,8 @@ $(document).ready(function() { "geoffrey": "K8-pmUyegYk", "andrew": "l1ByJCSvQKk", "seamus": "6dreAkVxmpg", - "meik": "j0Zd0wZyLP8" + "meik": "j0Zd0wZyLP8", + "sheera": "mak22hXcslg" }; /* For the video preview, we use this for devices without hover events. */ ----------------------------------------------------------------------- Summary of changes: web/donate/index.de.org | 6 ++++-- web/donate/index.fr.org | 6 ++++-- web/donate/index.ja.org | 6 ++++-- web/donate/index.org | 6 ++++-- web/share/campaign/campaign.js | 6 +++--- 5 files changed, 19 insertions(+), 11 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jul 3 11:03:48 2017 From: cvs at cvs.gnupg.org (by Marcus Brinkmann) Date: Mon, 03 Jul 2017 11:03:48 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.21-7-g7b045f5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via 7b045f539e5f67c937c18157c26fb3a767c1c7e6 (commit) from 2c2121ff3c2b90f21b75dd56c981b4d9e6d1c0e2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7b045f539e5f67c937c18157c26fb3a767c1c7e6 Author: Marcus Brinkmann Date: Mon Jul 3 11:02:42 2017 +0200 doc: Fix typo. Signed-off-by: Marcus Brinkmann GnuPG-bug-id: 3243 diff --git a/doc/gpg.texi b/doc/gpg.texi index e9935c3..00ed828 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -204,7 +204,7 @@ read from STDIN. If only a one argument is given, it is expected to be a complete signature. With more than 1 argument, the first should be a detached signature -and the remaining files ake up the the signed data. To read the signed +and the remaining files make up the the signed data. To read the signed data from STDIN, use @samp{-} as the second filename. For security reasons a detached signature cannot read the signed material from STDIN without denoting it in the above way. ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jul 3 14:16:16 2017 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Mon, 03 Jul 2017 14:16:16 +0200 Subject: [git] gnupg-doc - branch, master, updated. 2780f8908b7b58f9590ed1f544610916b11c06b1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 2780f8908b7b58f9590ed1f544610916b11c06b1 (commit) from 8f26c705b1e424c606a55f02852148a1ba4bf0e4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2780f8908b7b58f9590ed1f544610916b11c06b1 Author: Neal H. Walfield Date: Mon Jul 3 13:40:19 2017 +0200 campaign: Update image for Sheera Frenkel. diff --git a/web/share/campaign/img/thumbs/sheera.jpg b/web/share/campaign/img/thumbs/sheera.jpg index 79eaedb..e397303 100644 Binary files a/web/share/campaign/img/thumbs/sheera.jpg and b/web/share/campaign/img/thumbs/sheera.jpg differ ----------------------------------------------------------------------- Summary of changes: web/share/campaign/img/thumbs/sheera.jpg | Bin 62228 -> 110396 bytes 1 file changed, 0 insertions(+), 0 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jul 4 02:43:57 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 04 Jul 2017 02:43:57 +0200 Subject: [git] GCRYPT - branch, LIBGCRYPT-1-7-BRANCH, updated. libgcrypt-1.7.8-2-ga195d73 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, LIBGCRYPT-1-7-BRANCH has been updated via a195d7346a8006f3b6fb77ccd6df8e91833d2b5a (commit) from e57ce62112a017706a38b86ad2d079b59ec2130a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a195d7346a8006f3b6fb77ccd6df8e91833d2b5a Author: NIIBE Yutaka Date: Tue Jul 4 09:33:46 2017 +0900 mpi: Fix mpi_set_secure. * mpi/mpiutil.c (mpi_set_secure): Allocate by ->alloced. -- The code was simply wrong. The question is if (1) it allocates (possibly) more or (2) modifi ->alloced. The choice is (1). Because we have routines of mpi_set_cond and mpi_swap_cond which assume no change for the allocated length of limbs, no surprise is better. See _gcry_mpi_ec_mul_point for concrete example for those routines. That's for constant-time computation. Debian-bug-id: 866964 Suggested-by: Mark Wooding Signed-off-by: NIIBE Yutaka (backport from master commit: 5feaf1cc8f22c1f8d19a34850d86fe190f1432e2) diff --git a/mpi/mpiutil.c b/mpi/mpiutil.c index 6dee0b9..3ae84c3 100644 --- a/mpi/mpiutil.c +++ b/mpi/mpiutil.c @@ -256,7 +256,7 @@ mpi_set_secure( gcry_mpi_t a ) gcry_assert (!ap); return; } - bp = mpi_alloc_limb_space (a->nlimbs, 1); + bp = mpi_alloc_limb_space (a->alloced, 1); MPN_COPY( bp, ap, a->nlimbs ); a->d = bp; _gcry_mpi_free_limb_space (ap, a->alloced); ----------------------------------------------------------------------- Summary of changes: mpi/mpiutil.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jul 4 02:44:10 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 04 Jul 2017 02:44:10 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.3-112-g5feaf1c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 5feaf1cc8f22c1f8d19a34850d86fe190f1432e2 (commit) from 8725c99ffa41778f382ca97233183bcd687bb0ce (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5feaf1cc8f22c1f8d19a34850d86fe190f1432e2 Author: NIIBE Yutaka Date: Tue Jul 4 09:33:46 2017 +0900 mpi: Fix mpi_set_secure. * mpi/mpiutil.c (mpi_set_secure): Allocate by ->alloced. -- The code was simply wrong. The question is if (1) it allocates (possibly) more or (2) modifi ->alloced. The choice is (1). Because we have routines of mpi_set_cond and mpi_swap_cond which assume no change for the allocated length of limbs, no surprise is better. See _gcry_mpi_ec_mul_point for concrete example for those routines. That's for constant-time computation. Debian-bug-id: 866964 Suggested-by: Mark Wooding Signed-off-by: NIIBE Yutaka diff --git a/mpi/mpiutil.c b/mpi/mpiutil.c index 6dee0b9..3ae84c3 100644 --- a/mpi/mpiutil.c +++ b/mpi/mpiutil.c @@ -256,7 +256,7 @@ mpi_set_secure( gcry_mpi_t a ) gcry_assert (!ap); return; } - bp = mpi_alloc_limb_space (a->nlimbs, 1); + bp = mpi_alloc_limb_space (a->alloced, 1); MPN_COPY( bp, ap, a->nlimbs ); a->d = bp; _gcry_mpi_free_limb_space (ap, a->alloced); ----------------------------------------------------------------------- Summary of changes: mpi/mpiutil.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jul 4 14:27:23 2017 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Tue, 04 Jul 2017 14:27:23 +0200 Subject: [git] gnupg-doc - branch, master, updated. 5b13524415476be7351190c1ea5be403f361d0ff Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 5b13524415476be7351190c1ea5be403f361d0ff (commit) from 2780f8908b7b58f9590ed1f544610916b11c06b1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5b13524415476be7351190c1ea5be403f361d0ff Author: Neal H. Walfield Date: Tue Jul 4 14:26:26 2017 +0200 campaign: Change video of the day to Michael Stehmann. diff --git a/web/donate/index.de.org b/web/donate/index.de.org index 3ec48cf..3823fd1 100644 --- a/web/donate/index.de.org +++ b/web/donate/index.de.org @@ -222,10 +222,8 @@ href="/cgi-bin/procdonate.cgi?mode=preset&lang=de"

Video des Tages: Sheera Frenkel - BuzzFeed News - (Now with The New York Times) - +

Video des Tages: Michael Stehmann + Lawyer

diff --git a/web/donate/index.fr.org b/web/donate/index.fr.org index e0e29c7..a3a1e96 100644 --- a/web/donate/index.fr.org +++ b/web/donate/index.fr.org @@ -215,10 +215,8 @@

Clip du jour?: Sheera Frenkel - BuzzFeed News - (Now with The New York Times) - +

Clip du jour?: Michael Stehmann + Lawyer

diff --git a/web/donate/index.ja.org b/web/donate/index.ja.org index 5c01d1a..5a185ef 100644 --- a/web/donate/index.ja.org +++ b/web/donate/index.ja.org @@ -202,10 +202,8 @@

?????: Sheera Frenkel - BuzzFeed News - (Now with The New York Times) - +

?????: Michael Stehmann + Lawyer

diff --git a/web/donate/index.org b/web/donate/index.org index ad5be56..92518f8 100644 --- a/web/donate/index.org +++ b/web/donate/index.org @@ -217,10 +217,8 @@

Video of the Day: Sheera Frenkel - BuzzFeed News - (Now with The New York Times) - +

Video of the Day: Michael Stehmann + Lawyer

diff --git a/web/share/campaign/campaign.js b/web/share/campaign/campaign.js index 48ed06d..4f852d2 100644 --- a/web/share/campaign/campaign.js +++ b/web/share/campaign/campaign.js @@ -89,13 +89,12 @@ function get_param_from_url(name) { $(document).ready(function() { // VOTD: Update VOTD here. - let VIDLIST = "sheera,meik,seamus,andrew,geoffrey,hernani,leez,noah,c5,jochim,john,jason,sze,rysiek,ksenia,cindy,matt,thenmozhi,alex,andre,benjamin"; + let VIDLIST = "michael,sheera,meik,seamus,andrew,geoffrey,hernani,leez,noah,c5,jochim,john,jason,sze,rysiek,ksenia,cindy,matt,thenmozhi,alex,andre,benjamin"; let YTID = { "main": "wNHhkntqklg", "thenmozhi": "sQMj332dgIE", "sze": "OpeFuKRYGVA", "noah": "xB6AvoeCWro", - "michael": "w4PY1ihLm0w", "matt": "5MCGTd8pOG4", "john": "iRuo57Hzask", "jason": "oQvP9SXm-ek", @@ -115,7 +114,8 @@ $(document).ready(function() { "andrew": "l1ByJCSvQKk", "seamus": "6dreAkVxmpg", "meik": "j0Zd0wZyLP8", - "sheera": "mak22hXcslg" + "sheera": "mak22hXcslg", + "michael": "MSu_FF49MtU" }; /* For the video preview, we use this for devices without hover events. */ ----------------------------------------------------------------------- Summary of changes: web/donate/index.de.org | 6 ++---- web/donate/index.fr.org | 6 ++---- web/donate/index.ja.org | 6 ++---- web/donate/index.org | 6 ++---- web/share/campaign/campaign.js | 6 +++--- 5 files changed, 11 insertions(+), 19 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jul 4 19:00:10 2017 From: cvs at cvs.gnupg.org (by Marcus Brinkmann) Date: Tue, 04 Jul 2017 19:00:10 +0200 Subject: [git] gnupg-doc - branch, master, updated. 54da0b03d0bd95519bf123392483916e89dfdd8a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 54da0b03d0bd95519bf123392483916e89dfdd8a (commit) from 5b13524415476be7351190c1ea5be403f361d0ff (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 54da0b03d0bd95519bf123392483916e89dfdd8a Author: Marcus Brinkmann Date: Tue Jul 4 18:59:10 2017 +0200 web: Restore obsolete manpage with out-of-date notice. Signed-off-by: Marcus Brinkmann GnuPG-bug-id: 1337 diff --git a/web/documentation/manpage.org b/web/documentation/manpage.org new file mode 100644 index 0000000..de5dcab --- /dev/null +++ b/web/documentation/manpage.org @@ -0,0 +1,795 @@ +#+TITLE: GnuPG - gpg man page +#+STARTUP: showall +#+SETUPFILE: "../share/setup.inc" +#+OPTIONS: -:nil + +* Old Man Page + +This is a very old version of the gpg man page. Please see the latest +release or software package for your operating system to find an up to +date version ("man gpg2"). + +* gpg + +** Name + +gpg?--?encryption and signing tool + +** Synopsis + +#+BEGIN_EXAMPLE + gpg + [--homedir name] + [--options file] + [options] + command + [args] + +#+END_EXAMPLE + +** DESCRIPTION + +*gpg* is the main program for the GnuPG system. + +This man page does only list the commands and options available. For a +more verbose documentation get the GNU Privacy Handbook (GPH), which is +available at https://www.gnupg.org/gph/ . You will find a list of HOWTO +documents at https://www.gnupg.org/docs.html . + +** COMMANDS + +*gpg* recognizes these commands: + +- -s, --sign :: Make a signature. This command may be combined with + --encrypt. + +- --clearsign :: Make a clear text signature. + +- -b, --detach-sign :: Make a detached signature. + +- -e, --encrypt :: Encrypt data. This option may be combined with + --sign. + +- -c, --symmetric :: Encrypt with symmetric cipher only This command + asks for a passphrase. + +- --store :: Store only (make a simple RFC1991 packet). + +- --decrypt [ =file= ] :: Decrypt =file= (or stdin if no file is + specified) and write it to stdout (or the file specified with + --output). If the decrypted file is signed, the signature is also + verified. This command differs from the default operation, as it + never writes to the filename which is included in the file and it + rejects files which don't begin with an encrypted message. + +- --verify [[ =sigfile= ] [ =signed-files= ]] :: Assume that =sigfile= is a + signature and verify it without generating any output. With no + arguments, the signature packet is read from stdin (it may be a + detached signature when not used in batch mode). If only a sigfile is + given, it may be a complete signature or a detached signature, in + which case the signed stuff is expected in a file without the ".sig" + or ".asc" extension (if such a file does not exist it is expected at + stdin; use a single dash ("-") as filename to force a read from + stdin). With more than 1 argument, the first should be a detached + signature and the remaining files are the signed stuff. + +- --verify-files [ =files= ] :: This is a special version of the --verify + command which does not work with detached signatures. The command + expects the files to bee verified either on the commandline or reads + the filenames from stdin; each anem muts be on separate line. The + command is intended for quick checking of many files. + +- --list-keys [ =names= ], --list-public-keys [ =names= ] :: List all keys + from the public keyrings, or just the ones given on the command line. + +- --list-secret-keys [ =names= ] :: List all keys from the secret + keyrings, or just the ones given on the command line. + +- --list-sigs [ =names= ] :: Same as --list-keys, but the signatures are + listed too. + +- --check-sigs [ =names= ] :: Same as --list-sigs, but the signatures are + verified. + +- --fingerprint [ =names= ] :: List all keys with their fingerprints. + This is the same output as --list-keys but with the additional output + of a line with the fingerprint. May also be combined with --list-sigs + or --check-sigs. If this command is given twice, the fingerprints of + all secondary keys are listed too. + +- --list-packets :: List only the sequence of packets. This is mainly + useful for debugging. + +- --gen-key :: Generate a new key pair. This command is normally only + used interactive. + + There is an experimental feature which allows to create keys in batch + mode. See the file =doc/DETAILS= in the source distribution on how to + use this. + +- --edit-key =name= :: Present a menu which enables you to do all key + related tasks: + + - sign :: Make a signature on key of user =name= If the key is not + yet signed by the default user (or the users given with -u), the + program displays the information of the key again, together with + its fingerprint and asks whether it should be signed. This + question is repeated for all users specified with -u. + + - lsign :: Same as --sign but the signature is marked as + non-exportable and will therefore never be used by others. This + may be used to make keys valid only in the local environment. + + - revsig :: Revoke a signature. GnuPG asks for every signature which + has been done by one of the secret keys, whether a revocation + certificate should be generated. + + - trust :: Change the owner trust value. This updates the trust-db + immediately and no save is required. + + - disable, enable :: Disable or enable an entire key. A disabled key + can normally not be used for encryption. + + - adduid :: Create an alternate user id. + + - deluid :: Delete an user id. + + - addkey :: Add a subkey to this key. + + - delkey :: Remove a subkey. + + - revkey :: Revoke a subkey. + + - expire :: Change the key expiration time. If a key is selected, + the time of this key will be changed. With no selection the key + expiration of the primary key is changed. + + - passwd :: Change the passphrase of the secret key. + + - uid =n= :: Toggle selection of user id with index =n=. Use 0 to + deselect all. + + - key =n= :: Toggle selection of subkey with index =n=. Use 0 to + deselect all. + + - check :: Check all selected user ids. + + - pref :: List preferences. + + - toggle :: Toggle between public and secret key listing. + + - save :: Save all changes to the key rings and quit. + + - quit :: Quit the program without updating the key rings. + + The listing shows you the key with its secondary keys and all user + ids. Selected keys or user ids are indicated by an asterisk. The + trust value is displayed with the primary key: the first is the + assigned owner trust and the second is the calculated trust value. + Letters are used for the values: + + - - :: No ownertrust assigned / not yet calculated. + + - e :: Trust calculation has failed. + + - q :: Not enough information for calculation. + + - n :: Never trust this key. + + - m :: Marginally trusted. + + - f :: Fully trusted. + + - u :: Ultimately trusted. + +- --sign-key =name= :: Sign a public key with you secret key. This is a + shortcut version of the subcommand "sign" from --edit. + +- --lsign-key =name= :: Sign a public key with you secret key but mark + it as non-exportable. This is a shortcut version of the subcommand + "lsign" from --edit. + +- --trusted-key =long key ID= :: Assume that the specified key (which + must be given as a full 8 byte key ID) is as trustworthy as one of + your own secret keys. This option is useful if you don't want to keep + your secret keys (or one of them) online but still be able to check + the validity of a given recipient's or signator's key. + +- --delete-key =name= :: Remove key from the public keyring + +- --delete-secret-key =name= :: Remove key from the secret and public + keyring + +- --gen-revoke :: Generate a revocation certificate for the complete + key. To revoke a subkey or a signature, use the --edit command. + +- --export [ =names= ] :: Either export all keys from all keyrings + (default keyrings and those registered via option --keyring), or if + at least one name is given, those of the given name. The new keyring + is written to stdout or to the file given with option "output". Use + together with --armor to mail those keys. + +- --send-keys [ =names= ] :: Same as --export but sends the keys to a + keyserver. Option --keyserver must be used to give the name of this + keyserver. Don't send your complete keyring to a keyserver - select + only those keys which are new or changed by you. + +- --export-all [ =names= ] :: Same as --export, but does also export keys + which are not compatible to OpenPGP. + +- --export-secret-keys [ =names= ], --export-secret-subkeys + [ =names= ] :: Same as --export, but does export the secret keys. This + is normally not very useful and a security risk. the second form of + the command has the special property to render the secret part of the + primary key useless; this is a GNU extension to OpenPGP and other + implementations can not be expected to successful import such a key. + +- --import [ =files= ], --fast-import [ =files= ] :: Import/merge keys. + This adds the given keys to the keyring. The fast version does not + build the trustdb; this can be done at any time with the command + --update-trustdb. + + There are a few other options which control how this command works. + Most notable here is the --merge-only options which does not insert + new keys but does only the merging of new signatures, user-IDs and + subkeys. + +- --recv-keys =key IDs= :: Import the keys with the given key IDs from + a HKP keyserver. Option --keyserver must be used to give the name of + this keyserver. + +- --export-ownertrust :: List the assigned ownertrust values in ASCII + format for backup purposes + +- --import-ownertrust [ =files= ] :: Update the trustdb with the + ownertrust values stored in =files= (or stdin if not given); existing + values will be overwritten. + +- --print-md =algo= [ =files= ] :: Print message digest of algorithm ALGO + for all given files of stdin. If "*" is used for the algorithm, + digests for all available algorithms are printed. + +- --gen-random =0|1|2= [ =count= ] :: Emit COUNT random bytes of the + given quality level. If count is not given or zero, an endless + sequence of random bytes will be emitted. PLEASE, don't use this + command unless you know what you are doing, it may remove precious + entropy from the system! + +- --gen-prime =mode= =bits= [ =qbits= ] :: Use the source, Luke :-). The + output format is still subject to change. + +- --version :: Print version information along with a list of supported + algorithms. + +- --warranty :: Print warranty information. + +- -h, --help :: Print usage information. This is a really long list + even it does list not all options. + +** OPTIONS + +Long options can be put in an options file (default "~/.gnupg/options"). +Do not write the 2 dashes, but simply the name of the option and any +required arguments. Lines with a hash as the first non-white-space +character are ignored. Commands may be put in this file too, but that +does not make sense. + +*gpg* recognizes these options: + +- -a, --armor :: Create ASCII armored output. + +- -o, --output =file= :: Write output to =file=. + +- -u, --local-user =name= :: Use =name= as the user ID to sign. This + option is silently ignored for the list commands, so that it can be + used in an options file. + +- --default-key =name= :: Use =name= as default user ID for signatures. + If this is not used the default user ID is the first user ID found in + the secret keyring. + +- -r, --recipient =name=, :: Encrypt for user id =name=. If this + option is not specified, GnuPG asks for the user-id unless + --default-recipient is given + +- --default-recipient =name= :: Use =name= as default recipient if + option --recipient is not used and don't ask if this is a valid one. + =name= must be a non empty. + +- --default-recipient-self :: Use the default key as default recipient + if option --recipient is not used and don't ask if this is a valid + one. The default key is the first one from the secret keyring or the + one set with --default-key. + +- --no-default-recipient :: Reset --default-recipient and + --default-recipient-self. + +- --encrypt-to =name= :: Same as --recipient but this one is intended + for in the options file and may be used together with an own user-id + as an "encrypt-to-self". These keys are only used when there are + other recipients given either by use of --recipient or by the asked + user id. No trust checking is performed for these user ids and even + disabled keys can be used. + +- --no-encrypt-to :: Disable the use of all --encrypt-to keys. + +- -v, --verbose :: Give more information during processing. If used + twice, the input data is listed in detail. + +- -q, --quiet :: Try to be as quiet as possible. + +- -z =n= :: Set compression level to =n=. A value of 0 for =n= disables + compression. Default is to use the default compression level of zlib + (normally 6). + +- -t, --textmode :: Use canonical text mode. If -t (but not --textmode) + is used together with armoring and signing, this enables clearsigned + messages. This kludge is needed for PGP compatibility; normally you + would use --sign or --clearsign to selected the type of the + signature. + +- -n, --dry-run :: Don't make any changes (this is not completely + implemented). + +- -i, --interactive :: Prompt before overwriting any files. + +- --batch :: Use batch mode. Never ask, do not allow interactive + commands. + +- --no-tty :: Make sure that the TTY (terminal) is never used for any + output. This option is needed in some cases because GnuPG sometimes + prints warnings to the TTY if if --batch is used. + +- --no-batch :: Disable batch mode. This may be of use if --batch is + enabled from an options file. + +- --yes :: Assume "yes" on most questions. + +- --no :: Assume "no" on most questions. + +- --always-trust :: Skip key validation and assume that used keys are + always fully trusted. You won't use this unless you have installed + some external validation scheme. + +- --keyserver =name= :: Use =name= to lookup keys which are not yet in + your keyring. This is only done while verifying messages with + signatures. The option is also required for the command --send-keys + to specify the keyserver to where the keys should be send. All + keyservers synchronize with each other - so there is no need to send + keys to more than one server. Using the command "host -l pgp.net | + grep wwwkeys" gives you a list of keyservers. Because there is load + balancing using round-robin DNS you may notice that you get different + key servers. + +- --no-auto-key-retrieve :: This option disables the automatic + retrieving of keys from a keyserver while verifying signatures. This + option allows to keep a keyserver in the options file or the + --send-keys and --recv-keys commands. + +- --honor-http-proxy :: Try to access the keyserver over the proxy set + with the variable "http\_proxy". + +- --keyring =file= :: Add =file= to the list of keyrings. If =file= + begins with a tilde and a slash, these are replaced by the HOME + directory. If the filename does not contain a slash, it is assumed to + be in the home-directory ("~/.gnupg" if --homedir is not used). The + filename may be prefixed with a scheme: + + "gnupg-ring:" is the default one. + + "gnupg-gdbm:" may be used for a GDBM ring. Note that GDBM is + experimental and likely to be removed in future versions. + + It might make sense to use it together with --no-default-keyring. + +- --secret-keyring =file= :: Same as --keyring but for the secret + keyrings. + +- --homedir =directory= :: Set the name of the home directory to + =directory= If this option is not used it defaults to "~/.gnupg". It + does not make sense to use this in a options file. This also + overrides the environment variable "GNUPGHOME". + +- --charset =name= :: Set the name of the native character set. This is + used to convert some strings to proper UTF-8 encoding. Valid values + for =name= are: + + - iso-8859-1 :: This is the default Latin 1 set. + + - iso-8859-2 :: The Latin 2 set. + + - koi8-r :: The usual Russian set (rfc1489). + +- --utf8-strings, --no-utf8-strings :: Assume that the arguments are + already given as UTF8 strings. The default (--no-utf8-strings) is to + assume that arguments are encoded in the character set as specified + by --charset. These options effects all following arguments. Both + options may used multiple times. + +- --options =file= :: Read options from =file= and do not try to read + them from the default options file in the homedir (see --homedir). + This option is ignored if used in an options file. + +- --no-options :: Shortcut for "--options /dev/null". This option is + detected before an attempt to open an option file. + +- --load-extension =name= :: Load an extension module. If =name= does + not contain a slash it is searched in "/usr/local/lib/gnupg" See the + manual for more information about extensions. + +- --debug =flags= :: Set debugging flags. All flags are or-ed and + =flags= may be given in C syntax (e.g. 0x0042). + +- --debug-all :: Set all useful debugging flags. + +- --status-fd =n= :: Write special status strings to the file + descriptor =n=. See the file DETAILS in the documentation for a + listing of them. + +- --logger-fd =n= :: Write log output to file descriptor =n= and not to + stderr. + +- --no-comment :: Do not write comment packets. This option affects + only the generation of secret keys. Please note, that this has + nothing to do with the comments in clear text signatures. + +- --comment =string= :: Use =string= as comment string in clear text + signatures. To suppress those comment strings entirely, use an empty + string here. + +- --default-comment :: Force to write the standard comment string in + clear text signatures. Use this to overwrite a --comment from a + config file. + +- --no-version :: Omit the version string in clear text signatures. + +- --emit-version :: Force to write the version string in clear text + signatures. Use this to overwrite a previous --no-version from a + config file. + +- -N, --notation-data =name=value= :: Put the name value pair into the + signature as notation data. =name= must consists only of alphanumeric + characters, digits or the underscore; the first character must not be + a digit. =value= may be any printable string; it will encoded in + UTF8, so sou should have check that your --charset is set right. If + you prefix =name= with an exclamation mark, the notation data will be + flagged as critical (rfc2440:5.2.3.15). + +- --set-policy-url =string= :: Use =string= as Policy URL for + signatures (rfc2440:5.2.3.19). If you prefix it with an exclamation + mark, the policy URL packet will be flagged as critical. + +- --set-filename =string= :: Use =string= as the name of file which is + stored in messages. + +- --use-embedded-filename :: Try to create a file with a name as + embedded in the data. This can be a dangerous option as it allows to + overwrite files. + +- --completes-needed =n= :: Number of completely trusted users to + introduce a new key signer (defaults to 1). + +- --marginals-needed =n= :: Number of marginally trusted users to + introduce a new key signer (defaults to 3) + +- --max-cert-depth =n= :: Maximum depth of a certification chain + (default is 5). + +- --cipher-algo =name= :: Use =name= as cipher algorithm. Running the + program with the command --version yields a list of supported + algorithms. If this is not used the cipher algorithm is selected from + the preferences stored with the key. + +- --digest-algo =name= :: Use =name= as message digest algorithm. + Running the program with the command --version yields a list of + supported algorithms. Please note that using this option may violate + the OpenPGP requirement, that a 160 bit hash is to be used for DSA. + +- --s2k-cipher-algo =name= :: Use =name= as the cipher algorithm used + to protect secret keys. The default cipher is BLOWFISH. This cipher + is also used for conventional encryption if --cipher-algo is not + given. + +- --s2k-digest-algo =name= :: Use =name= as the digest algorithm used + to mangle the passphrases. The default algorithm is RIPE-MD-160. This + digest algorithm is also used for conventional encryption if + --digest-algo is not given. + +- --s2k-mode =n= :: Selects how passphrases are mangled. If =n= is 0 a + plain passphrase (which is not recommended) will be used, a 1 + (default) adds a salt to the passphrase and a 3 iterates the whole + process a couple of times. Unless --rfc1991 is used, this mode is + also used for conventional encryption. + +- --compress-algo =n= :: Use compress algorithm =n=. Default is 2 which + is RFC1950 compression. You may use 1 to use the old zlib version + (RFC1951) which is used by PGP. The default algorithm may give better + results because the window size is not limited to 8K. If this is not + used the OpenPGP behavior is used, i.e. the compression algorithm is + selected from the preferences; note, that this can't be done if you + do not encrypt the data. + +- --disable-cipher-algo =name= :: Never allow the use of =name= as + cipher algorithm. The given name will not be checked so that a later + loaded algorithm will still get disabled. + +- --disable-pubkey-algo =name= :: Never allow the use of =name= as + public key algorithm. The given name will not be checked so that a + later loaded algorithm will still get disabled. + +- --throw-keyid :: Do not put the keyid into encrypted packets. This + option hides the receiver of the message and is a countermeasure + against traffic analysis. It may slow down the decryption process + because all available secret keys are tried. + +- --not-dash-escaped :: This option changes the behavior of cleartext + signatures so that they can be used for patch files. You should not + send such an armored file via email because all spaces and line + endings are hashed too. You can not use this option for data which + has 5 dashes at the beginning of a line, patch files don't have this. + A special armor header line tells GnuPG about this cleartext + signature option. + +- --escape-from-lines :: Because some mailers change lines starting + with "From " to " :: Using an exact to + match string. The equal sign indicates this. + +- :: Using the email address part which + must match exactly. The left angle bracket indicates this email + address mode. + +- +Heinrich Heine duesseldorf :: All words must match exactly (not case + sensitive) but can appear in any order in the user ID. Words are any + sequences of letters, digits, the underscore and all characters with + bit 7 set. + +- #34 :: Using the Local ID. This is a very low level method and should + only be used by applications which really need it. The hash character + indicates this method. An application should not assume that this is + only a number. + +- Heine, *Heine :: By case insensitive substring matching. This is the + default mode but applications may want to explicitely indicate this + by putting the asterisk in front. + +** RETURN VALUE + +The program returns 0 if everything was fine, 1 if at least a signature +was bad, and other error codes for fatal errors. + +** EXAMPLES + +- gpg -se -r =Bob= =file= :: sign and encrypt for user Bob + +- gpg --clearsign =file= :: make a clear text signature + +- gpg -sb =file= :: make a detached signature + +- gpg --list-keys =user_ID= :: show keys + +- gpg --fingerprint =user_ID= :: show fingerprint + +- gpg --verify =pgpfile=, gpg --verify =sigfile= [ =files= ] :: Verify + the signature of the file but do not output the data. The second form + is used for detached signatures, where =sigfile= is the detached + signature (either ASCII armored of binary) and [ =files= ] are the + signed data; if this is not given the name of the file holding the + signed data is constructed by cutting off the extension (".asc" or + ".sig") of =sigfile= or by asking the user for the filename. + +** ENVIRONMENT + +- HOME :: Used to locate the default home directory. + +- GNUPGHOME :: If set directory used instead of "~/.gnupg". + +- http\_proxy :: Only honored when the option --honor-http-proxy is + set. + +** FILES + +- ~/.gnupg/secring.gpg :: The secret keyring + +- ~/.gnupg/secring.gpg.lock :: and the lock file + +- ~/.gnupg/pubring.gpg :: The public keyring + +- ~/.gnupg/pubring.gpg.lock :: and the lock file + +- ~/.gnupg/trustdb.gpg :: The trust database + +- ~/.gnupg/trustdb.gpg.lock :: and the lock file + +- ~/.gnupg/random\_seed :: used to preserve the internal random pool + +- ~/.gnupg/options :: May contain options + +- /usr[/local]/share/gnupg/options.skel :: Skeleton options file + +- /usr[/local]/lib/gnupg/ :: Default location for extensions + +** WARNINGS + +Use a *good* password for your user account and a *good* passphrase to +protect your secret key. This passphrase is the weakest part of the +whole system. Programs to do dictionary attacks on your secret keyring +are very easy to write and so you should protect your "~/.gnupg/" +directory very well. + +Keep in mind that, if this program is used over a network (telnet), it +is *very* easy to spy out your passphrase! + +** BUGS + +On many systems this program should be installed as setuid(root). This +is necessary to lock memory pages. Locking memory pages prevents the +operating system from writing memory pages to disk. If you get no +warning message about insecure memory 3our operating system supports +locking without being root. The program drops root privileges as soon as +locked memory is allocated. ----------------------------------------------------------------------- Summary of changes: web/documentation/manpage.org | 795 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 795 insertions(+) create mode 100644 web/documentation/manpage.org hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jul 4 23:23:06 2017 From: cvs at cvs.gnupg.org (by Marcus Brinkmann) Date: Tue, 04 Jul 2017 23:23:06 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.21-8-g782f804 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via 782f804765b6f4226fd77843e59f57dcca61b6fb (commit) from 7b045f539e5f67c937c18157c26fb3a767c1c7e6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 782f804765b6f4226fd77843e59f57dcca61b6fb Author: Marcus Brinkmann Date: Tue Jul 4 23:19:51 2017 +0200 mpi: Fix ARM assembler in longlong.h. * mpi/longlong.h [__arm__] (add_ssaaaa, sub_ddmmss): Add __CLOBBER_CC. [__arm__][__ARM_ARCH <= 3] (umul_ppmm): Add __AND_CLOBBER_CC. -- This is a backport of libgcrypt 8aa4f2161 and 3b1cc9e6c. Signed-off-by: Marcus Brinkmann GnuPG-bug-id: 3182 diff --git a/mpi/longlong.h b/mpi/longlong.h index 4905268..0a28c67 100644 --- a/mpi/longlong.h +++ b/mpi/longlong.h @@ -189,7 +189,7 @@ extern UDItype __udiv_qrnnd (); : "%r" ((USItype)(ah)), \ "rI" ((USItype)(bh)), \ "%r" ((USItype)(al)), \ - "rI" ((USItype)(bl))) + "rI" ((USItype)(bl)) __CLOBBER_CC) #define sub_ddmmss(sh, sl, ah, al, bh, bl) \ __asm__ ("subs %1, %4, %5\n" \ "sbc %0, %2, %3" \ @@ -198,7 +198,7 @@ extern UDItype __udiv_qrnnd (); : "r" ((USItype)(ah)), \ "rI" ((USItype)(bh)), \ "r" ((USItype)(al)), \ - "rI" ((USItype)(bl))) + "rI" ((USItype)(bl)) __CLOBBER_CC) #if defined __ARM_ARCH_2__ || defined __ARM_ARCH_3__ #define umul_ppmm(xh, xl, a, b) \ __asm__ ("%@ Inlined umul_ppmm\n" \ @@ -218,7 +218,7 @@ extern UDItype __udiv_qrnnd (); "=r" ((USItype)(xl)) \ : "r" ((USItype)(a)), \ "r" ((USItype)(b)) \ - : "r0", "r1", "r2") + : "r0", "r1", "r2" __AND_CLOBBER_CC) #else #define umul_ppmm(xh, xl, a, b) \ __asm__ ("%@ Inlined umul_ppmm\n" \ ----------------------------------------------------------------------- Summary of changes: mpi/longlong.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jul 4 23:40:08 2017 From: cvs at cvs.gnupg.org (by Marcus Brinkmann) Date: Tue, 04 Jul 2017 23:40:08 +0200 Subject: [git] gnupg-doc - branch, master, updated. 1143a81c46915184313775cde2b46ba59f2a518a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 1143a81c46915184313775cde2b46ba59f2a518a (commit) from 54da0b03d0bd95519bf123392483916e89dfdd8a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1143a81c46915184313775cde2b46ba59f2a518a Author: Marcus Brinkmann Date: Tue Jul 4 23:39:39 2017 +0200 web: Fix link to vn howto. Signed-off-by: Marcus Brinkmann GnuPG-bug-id: 1004 diff --git a/web/documentation/howtos.org b/web/documentation/howtos.org index f79425c..5be52f8 100644 --- a/web/documentation/howtos.org +++ b/web/documentation/howtos.org @@ -20,7 +20,7 @@ [[../howtos/fr/index.html][fr]] ? [[../howtos/it/GPGMiniHowto.html][it]] ? [[../howtos/tr/GPGMinikNasil.html][tr]] ? - [[../howtos/vn/index.html][vn]] . + [[../howtos/vn/index.htm][vn]] ? [[../howtos/zh/index.html][zh]] ) - as one big HTML file ( [[../howtos/ca/GPGMiniHowto_big.html][ca]] ? ----------------------------------------------------------------------- Summary of changes: web/documentation/howtos.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jul 5 10:19:21 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 05 Jul 2017 10:19:21 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.27-14-g0148ea8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 0148ea8d5acde2ad5d0376fb7eaa2221e88f258a (commit) via d81b1379edbc6007a89c3b2fff1b51c8dfe2e868 (commit) via 5494a5728418938d2e42158bb646b07124184e64 (commit) via d2aa2204cc7fc6b481412ed8ba9f65dfc64c6627 (commit) via 187e2ad24fb92210587beb779a1cc746821a169c (commit) via 55d560358f7ee4a8b68f98e051021a05d4c0bb1f (commit) from 4a9857a2b6d8a8e847638416d35398508b3291fd (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0148ea8d5acde2ad5d0376fb7eaa2221e88f258a Author: Werner Koch Date: Wed Jul 5 10:14:00 2017 +0200 yat2m: Use version from libgpg-error. * doc/yat2m.c (VERSION): Define as PACKAGE_VERSION. * doc/Makefile.am (yat2m): Pass PACKAGE_VERSION with -D. Signed-off-by: Werner Koch diff --git a/doc/Makefile.am b/doc/Makefile.am index 849c661..d052283 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -35,7 +35,8 @@ myman_pages = gpg-error-config.1 man_MANS = $(myman_pages) yat2m: yat2m.c - $(CC_FOR_BUILD) -o $@ $(srcdir)/yat2m.c + $(CC_FOR_BUILD) -DPACKAGE_VERSION="\"$(PACKAGE_VERSION)\"" \ + -o $@ $(srcdir)/yat2m.c yat2m-stamp: $(myman_sources) diff --git a/doc/yat2m.c b/doc/yat2m.c index 184d27b..27db491 100644 --- a/doc/yat2m.c +++ b/doc/yat2m.c @@ -128,7 +128,11 @@ #define PGM "yat2m" -#define VERSION "1.0" +#ifdef PACKAGE_VERSION +# define VERSION PACKAGE_VERSION +#else +# define VERSION "1.0" +#endif /* The maximum length of a line including the linefeed and one extra character. */ commit d81b1379edbc6007a89c3b2fff1b51c8dfe2e868 Author: Werner Koch Date: Wed Jul 5 10:08:13 2017 +0200 build: Install yat2m. * doc/Makefile.am (install-exec-hook): New. (uninstall-local): Uninstall yat2m. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index bfea6e0..687e185 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,9 @@ Noteworthy changes in version 1.28 (unreleased) [C22/A22/R_] ----------------------------------------------- + * The formerly internal yat2m tool is now installed during a native + build. + * Interface changes relative to the 1.27 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/doc/Makefile.am b/doc/Makefile.am index 565bb09..849c661 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -71,9 +71,22 @@ errorref.txt.x : errorref.txt sed '/^##/ d' $< >$@ echo "# Installed by $(PACKAGE_NAME) $(PACKAGE_VERSION)" >>$@ +install-exec-hook: +if CROSS_COMPILING + @echo "not install yat2m while cross-compiling" +else + @echo "installing yat2m on the build system"; \ + $(MKDIR_P) "$(DESTDIR)$(bindir)"; \ + $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) \ + yat2m "$(DESTDIR)$(bindir)/yat2m" +endif + install-data-local: errorref.txt.x $(mkinstalldirs) $(DESTDIR)$(pkgdatadir) $(INSTALL_DATA) errorref.txt.x $(DESTDIR)$(pkgdatadir)/errorref.txt uninstall-local: - at rm $(DESTDIR)$(pkgdatadir)/errorref.txt +if !CROSS_COMPILING + - at rm $(DESTDIR)$(bindir)/yat2m +endif commit 5494a5728418938d2e42158bb646b07124184e64 Author: Werner Koch Date: Wed Jul 5 09:14:38 2017 +0200 yat2m: Take care of SOURCE_DATE_EPOCH. * doc/yat2m.c (main): Set a default for OPT_DATE. Signed-off-by: Werner Koch diff --git a/doc/yat2m.c b/doc/yat2m.c index 23fc6ba..184d27b 100644 --- a/doc/yat2m.c +++ b/doc/yat2m.c @@ -1,5 +1,5 @@ /* yat2m.c - Yet Another Texi 2 Man converter - * Copyright (C) 2005, 2013, 2015, 2016 g10 Code GmbH + * Copyright (C) 2005, 2013, 2015, 2016, 2017 g10 Code GmbH * Copyright (C) 2006, 2008, 2011 Free Software Foundation, Inc. * * This program is free software; you can redistribute it and/or modify @@ -1478,6 +1478,7 @@ int main (int argc, char **argv) { int last_argc = -1; + const char *s; opt_source = "GNU"; opt_release = ""; @@ -1611,6 +1612,11 @@ main (int argc, char **argv) if (argc > 1) die ("usage: " PGM " [OPTION] [FILE] (try --help for more information)\n"); + /* Take care of supplied timestamp for reproducible builds. See + * https://reproducible-builds.org/specs/source-date-epoch/ */ + if (!opt_date && (s = getenv ("SOURCE_DATE_EPOCH")) && *s) + opt_date = s; + /* Start processing. */ if (argc && strcmp (*argv, "-")) { commit d2aa2204cc7fc6b481412ed8ba9f65dfc64c6627 Author: Werner Koch Date: Wed Jul 5 09:01:59 2017 +0200 doc: Typo fix -- diff --git a/src/init.c b/src/init.c index a1ee505..b01e089 100644 --- a/src/init.c +++ b/src/init.c @@ -214,7 +214,7 @@ _gpg_err_set_errno (int err) -/* Internal tracing functions. Except for TARCE_FP we use flockfile +/* Internal tracing functions. Except for TRACE_FP we use flockfile * and funlockfile to protect their use. */ static FILE *trace_fp; static int trace_save_errno; commit 187e2ad24fb92210587beb779a1cc746821a169c Author: NIIBE Yutaka Date: Tue Sep 20 15:41:36 2016 +0900 doc: minor fix for @xref. * doc/yat2m.c (proc_texi_cmd): Captalize "see" for xref. diff --git a/doc/yat2m.c b/doc/yat2m.c index a63260b..23fc6ba 100644 --- a/doc/yat2m.c +++ b/doc/yat2m.c @@ -730,7 +730,7 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, { "anchor", 7 }, { "cartouche", 1 }, { "ref", 0, "[", "]" }, - { "xref", 0, "see: [", "]" }, + { "xref", 0, "See: [", "]" }, { "pxref", 0, "see: [", "]" }, { "uref", 0, "(\\fB", "\\fR)" }, { "footnote",0, " ([", "])" }, commit 55d560358f7ee4a8b68f98e051021a05d4c0bb1f Author: Justus Winter Date: Mon Sep 19 15:25:01 2016 +0200 doc: Implement simple '@ref'erences. * doc/yat2m.c (proc_texi_cmd): Handle '@ref'. Signed-off-by: Justus Winter diff --git a/doc/yat2m.c b/doc/yat2m.c index 9b76f19..a63260b 100644 --- a/doc/yat2m.c +++ b/doc/yat2m.c @@ -729,6 +729,7 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, { "asis", 7 }, { "anchor", 7 }, { "cartouche", 1 }, + { "ref", 0, "[", "]" }, { "xref", 0, "see: [", "]" }, { "pxref", 0, "see: [", "]" }, { "uref", 0, "(\\fB", "\\fR)" }, ----------------------------------------------------------------------- Summary of changes: NEWS | 3 +++ doc/Makefile.am | 16 +++++++++++++++- doc/yat2m.c | 17 ++++++++++++++--- src/init.c | 2 +- 4 files changed, 33 insertions(+), 5 deletions(-) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jul 5 11:06:05 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 05 Jul 2017 11:06:05 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.21-81-g139de02 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 139de02b93773615bdd95e04a7f0c1ad73b4f6fb (commit) via f6faa058749846de18cb34f1cc79867bb0029922 (commit) from 7fb724c61655c6f75c61572d65a46e21ae112574 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 139de02b93773615bdd95e04a7f0c1ad73b4f6fb Author: Werner Koch Date: Wed Jul 5 09:14:38 2017 +0200 doc: Update yat2m to take care of SOURCE_DATE_EPOCH. * doc/yat2m.c (main): Set a default for OPT_DATE. Signed-off-by: Werner Koch diff --git a/doc/yat2m.c b/doc/yat2m.c index 23fc6ba..c7bec33 100644 --- a/doc/yat2m.c +++ b/doc/yat2m.c @@ -1,5 +1,5 @@ /* yat2m.c - Yet Another Texi 2 Man converter - * Copyright (C) 2005, 2013, 2015, 2016 g10 Code GmbH + * Copyright (C) 2005, 2013, 2015, 2016, 2017 g10 Code GmbH * Copyright (C) 2006, 2008, 2011 Free Software Foundation, Inc. * * This program is free software; you can redistribute it and/or modify @@ -16,6 +16,12 @@ * along with this program; if not, see . */ +/********************************************** + * Note: The canonical source of this tool ** + * is part of libgpg-error and it ** + * installs yat2m on the build system. ** + **********************************************/ + /* This is a simple texinfo to man page converter. It needs some special markup in th e texinfo and tries best to get a create man @@ -1478,6 +1484,7 @@ int main (int argc, char **argv) { int last_argc = -1; + const char *s; opt_source = "GNU"; opt_release = ""; @@ -1611,6 +1618,11 @@ main (int argc, char **argv) if (argc > 1) die ("usage: " PGM " [OPTION] [FILE] (try --help for more information)\n"); + /* Take care of supplied timestamp for reproducible builds. See + * https://reproducible-builds.org/specs/source-date-epoch/ */ + if (!opt_date && (s = getenv ("SOURCE_DATE_EPOCH")) && *s) + opt_date = s; + /* Start processing. */ if (argc && strcmp (*argv, "-")) { commit f6faa058749846de18cb34f1cc79867bb0029922 Author: Werner Koch Date: Wed Jul 5 10:49:13 2017 +0200 doc: Prefer an installed version of yat2m * configure.ac (YAT2M): Check for tool. * doc/Makefile.am (yat2m-stamp): Use installed tool if possible. -- diff --git a/configure.ac b/configure.ac index 5ab8a53..56cb78e 100644 --- a/configure.ac +++ b/configure.ac @@ -605,6 +605,8 @@ AC_PROG_RANLIB AC_CHECK_TOOL(AR, ar, :) AC_PATH_PROG(PERL,"perl") AC_CHECK_TOOL(WINDRES, windres, :) +AC_PATH_PROG(YAT2M, "yat2m", "./yat2m" ) +AC_ARG_VAR(YAT2M, [tool to convert texi to man pages]) AC_ISC_POSIX AC_SYS_LARGEFILE GNUPG_CHECK_USTAR diff --git a/doc/Makefile.am b/doc/Makefile.am index 0c78284..1fa04b4 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -146,12 +146,12 @@ yat2m-stamp: $(myman_sources) defs.inc @touch yat2m-stamp.tmp incd="`test -f defsincdate || echo '$(srcdir)/'`defsincdate"; \ for file in $(myman_sources) ; do \ - ./yat2m $(YAT2M_OPTIONS) --store \ + $(YAT2M) $(YAT2M_OPTIONS) --store \ --date "`cat $$incd 2>/dev/null`" \ `test -f '$$file' || echo '$(srcdir)/'`$$file ; done @mv -f yat2m-stamp.tmp $@ -yat2m-stamp: yat2m +yat2m-stamp: $(YAT2M) $(myman_pages) gnupg.7 : yat2m-stamp defs.inc @if test -f $@; then :; else \ ----------------------------------------------------------------------- Summary of changes: configure.ac | 2 ++ doc/Makefile.am | 4 ++-- doc/yat2m.c | 14 +++++++++++++- 3 files changed, 17 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jul 5 11:59:34 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 05 Jul 2017 11:59:34 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.21-82-g3681ee7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 3681ee7dc1e9d8c94fdb046d7be0bbcfeba1cfe9 (commit) from 139de02b93773615bdd95e04a7f0c1ad73b4f6fb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3681ee7dc1e9d8c94fdb046d7be0bbcfeba1cfe9 Author: Werner Koch Date: Wed Jul 5 11:54:45 2017 +0200 agent: Use MAX_PASSPHRASE_LEN (255) also for the loopback. * agent/call-pinentry.c (agent_get_passphrase): Reduce maximum passphrase length as conveyed to the loopback to MAX_PASSPHRASE_LEN. * agent/genkey.c (agent_ask_new_passphrase): Extend the maximum passphrase as conveyed to the loopback to MAX_PASSPHRASE_LEN. -- Note that in genkey() max_length is set to MAX_PASSPHRASE_LEN + 1 because in agent_askpin() decrements that value before conveying it to the loopback. GnuPG-bug-id: 3254 Signed-off-by: Werner Koch diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index 9d8e7f6..cb7997f 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -964,8 +964,8 @@ agent_askpin (ctrl_t ctrl, size_t size; *pininfo->pin = 0; /* Reset the PIN. */ - rc = pinentry_loopback(ctrl, "PASSPHRASE", &passphrase, &size, - pininfo->max_length - 1); + rc = pinentry_loopback (ctrl, "PASSPHRASE", &passphrase, &size, + pininfo->max_length - 1); if (rc) return rc; @@ -1192,10 +1192,10 @@ agent_get_passphrase (ctrl_t ctrl, if (ctrl->pinentry_mode == PINENTRY_MODE_LOOPBACK) { size_t size; - size_t len = ASSUAN_LINELENGTH/2; return pinentry_loopback (ctrl, "PASSPHRASE", - (unsigned char **)retpass, &size, len); + (unsigned char **)retpass, &size, + MAX_PASSPHRASE_LEN); } return gpg_error (GPG_ERR_NO_PIN_ENTRY); } diff --git a/agent/genkey.c b/agent/genkey.c index 31742a1..a3e37ee 100644 --- a/agent/genkey.c +++ b/agent/genkey.c @@ -357,10 +357,10 @@ agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt, if (ctrl->pinentry_mode == PINENTRY_MODE_LOOPBACK) { size_t size; - size_t len = 100; unsigned char *buffer; - err = pinentry_loopback(ctrl, "NEW_PASSPHRASE", &buffer, &size, len); + err = pinentry_loopback (ctrl, "NEW_PASSPHRASE", &buffer, &size, + MAX_PASSPHRASE_LEN); if (!err) { if (size) ----------------------------------------------------------------------- Summary of changes: agent/call-pinentry.c | 8 ++++---- agent/genkey.c | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jul 5 12:14:30 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 05 Jul 2017 12:14:30 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.27-16-g0f5c3f6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 0f5c3f67946fb5389df5b9963e6976b462bf5726 (commit) via 9de27cbabed8062bfb4eafffba9ff38108f5377e (commit) from 0148ea8d5acde2ad5d0376fb7eaa2221e88f258a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0f5c3f67946fb5389df5b9963e6976b462bf5726 Author: Werner Koch Date: Wed Jul 5 12:08:26 2017 +0200 syscfg: Add lock-obj-pub file for ia64-unknown-linux-gnu. * src/syscfg/lock-obj-pub.ia64-unknown-linux-gnu.h: new. * src/Makefile.am (lock_obj_pub): Add it. -- GnuPG-bug-id: 3242 Signed-off-by: Werner Koch diff --git a/src/Makefile.am b/src/Makefile.am index 398ec5e..e4ebb6a 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -73,6 +73,7 @@ lock_obj_pub = \ syscfg/lock-obj-pub.x86_64-pc-linux-gnux32.h \ syscfg/lock-obj-pub.x86_64-pc-linux-musl.h \ syscfg/lock-obj-pub.tilegx-unknown-linux-gnu.h \ + syscfg/lock-obj-pub.ia64-unknown-linux-gnu.h \ syscfg/lock-obj-pub.mingw32.h diff --git a/src/syscfg/lock-obj-pub.ia64-unknown-linux-gnu.h b/src/syscfg/lock-obj-pub.ia64-unknown-linux-gnu.h new file mode 100644 index 0000000..7cf980a --- /dev/null +++ b/src/syscfg/lock-obj-pub.ia64-unknown-linux-gnu.h @@ -0,0 +1,25 @@ +## lock-obj-pub.ia64-unknown-linux-gnu.h +## File created by gen-posix-lock-obj - DO NOT EDIT +## To be included by mkheader into gpg-error.h + +typedef struct +{ + long _vers; + union { + volatile char _priv[40]; + long _x_align; + long *_xp_align; + } u; +} gpgrt_lock_t; + +#define GPGRT_LOCK_INITIALIZER {1,{{0,0,0,0,0,0,0,0, \ + 0,0,0,0,0,0,0,0, \ + 0,0,0,0,0,0,0,0, \ + 0,0,0,0,0,0,0,0, \ + 0,0,0,0,0,0,0,0}}} +## +## Local Variables: +## mode: c +## buffer-read-only: t +## End: +## commit 9de27cbabed8062bfb4eafffba9ff38108f5377e Author: Werner Koch Date: Wed Jul 5 10:18:53 2017 +0200 yat2m: Change bug report address. -- diff --git a/doc/yat2m.c b/doc/yat2m.c index 27db491..8c6319c 100644 --- a/doc/yat2m.c +++ b/doc/yat2m.c @@ -1521,13 +1521,13 @@ main (int argc, char **argv) " -I DIR also search in include DIR\n" " -D gpgone the only usable define\n\n" "With no FILE, or when FILE is -, read standard input.\n\n" - "Report bugs to ."); + "Report bugs to ."); exit (0); } else if (!strcmp (*argv, "--version")) { puts (PGM " " VERSION "\n" - "Copyright (C) 2005 g10 Code GmbH\n" + "Copyright (C) 2005, 2017 g10 Code GmbH\n" "This program comes with ABSOLUTELY NO WARRANTY.\n" "This is free software, and you are welcome to redistribute it\n" "under certain conditions. See the file COPYING for details."); ----------------------------------------------------------------------- Summary of changes: doc/yat2m.c | 4 ++-- src/Makefile.am | 1 + ...ub.s390x-ibm-linux-gnu.h => lock-obj-pub.ia64-unknown-linux-gnu.h} | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) copy src/syscfg/{lock-obj-pub.s390x-ibm-linux-gnu.h => lock-obj-pub.ia64-unknown-linux-gnu.h} (93%) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jul 5 15:20:18 2017 From: cvs at cvs.gnupg.org (by Damien Goutte-Gattat) Date: Wed, 05 Jul 2017 15:20:18 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-1.0.0-22-gf69dadc Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via f69dadc6ccea7672869436291ab5c1f58d545466 (commit) via 8fbdf99d3a4f72d59b7cda7149793044635a1655 (commit) from 4101806bf73caf25c8ce4e455b154901da1fe788 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f69dadc6ccea7672869436291ab5c1f58d545466 Author: Damien Goutte-Gattat Date: Wed Jul 5 11:22:46 2017 +0200 gtk: Always set the window as transient. * gtk+-2/pinentry-gtk-2.c (create_window): Setup the make_transient callback whether we ask for a passphrase or not. -- Making the window transient seems necessary for (at least some) tiling window managers to make sure the dialog is floating. GnuPG-bug-id: 3253 Signed-off-by: Damien Goutte-Gattat diff --git a/gtk+-2/pinentry-gtk-2.c b/gtk+-2/pinentry-gtk-2.c index dee0360..d467ec5 100644 --- a/gtk+-2/pinentry-gtk-2.c +++ b/gtk+-2/pinentry-gtk-2.c @@ -113,9 +113,9 @@ constrain_size (GtkWidget *win, GtkRequisition *req, gpointer data) } -/* Realize the window as transient if we grab the keyboard. This - makes the window a modal dialog to the root window, which helps the - window manager. See the following quote from: +/* Realize the window as transient. This makes the window a modal + dialog to the root window, which helps the window manager. + See the following quote from: https://standards.freedesktop.org/wm-spec/wm-spec-1.4.html#id2512420 Implementing enhanced support for application transient windows @@ -586,12 +586,12 @@ create_window (pinentry_t ctx) #endif g_signal_connect (G_OBJECT (win), "size-request", G_CALLBACK (constrain_size), NULL); + + g_signal_connect (G_OBJECT (win), + "realize", G_CALLBACK (make_transient), NULL); + if (!confirm_mode) { - if (pinentry->grab) - g_signal_connect (G_OBJECT (win), - "realize", G_CALLBACK (make_transient), NULL); - /* We need to grab the keyboard when its visible! not when its mapped (there is a difference) */ g_object_set (G_OBJECT(win), "events", commit 8fbdf99d3a4f72d59b7cda7149793044635a1655 Author: Werner Koch Date: Wed Feb 22 18:43:50 2017 +0100 core: Add example on how to print a FEATURES line. -- diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c index 517a033..0d889a6 100644 --- a/pinentry/pinentry.c +++ b/pinentry/pinentry.c @@ -1624,6 +1624,8 @@ cmd_getinfo (assuan_context_t ctx, char *line) flavor_flag? flavor_flag : ""); buffer[sizeof buffer -1] = 0; rc = assuan_send_data (ctx, buffer, strlen (buffer)); + /* if (!rc) */ + /* rc = assuan_write_status (ctx, "FEATURES", "tabbing foo bar"); */ } else if (!strcmp (line, "ttyinfo")) { ----------------------------------------------------------------------- Summary of changes: gtk+-2/pinentry-gtk-2.c | 14 +++++++------- pinentry/pinentry.c | 2 ++ 2 files changed, 9 insertions(+), 7 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jul 5 20:16:38 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 05 Jul 2017 20:16:38 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.3-114-g85a9a91 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 85a9a913da9ecc6b2cd6f743e90e49983251d706 (commit) via 0d30a4a9791d20c8881b5b12bd44611d9f4274cd (commit) from 5feaf1cc8f22c1f8d19a34850d86fe190f1432e2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 85a9a913da9ecc6b2cd6f743e90e49983251d706 Author: Werner Koch Date: Wed Jul 5 20:10:56 2017 +0200 build: Minor API fixes to fix build problems on AIX. * src/gcrypt.h.in (gcry_error_from_errno): Fix return type. * src/visibility.c (gcry_md_extract): Change return type to match the prototype. -- IBM compiler optimize enums and thus enums may be shorter than an unsigned int. Thus an assert (sizeof (gpg_error_t) == sizeof (gpg_err_code_t) would fail. The deatils seem to depend on the passed compiler options which explains that it has been only reported now. GnuPG-bug-id: 3256 Signed-off-by: Werner Koch diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 8d20c83..9a9acc4 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -189,7 +189,7 @@ int gcry_err_code_to_errno (gcry_err_code_t code); gcry_error_t gcry_err_make_from_errno (gcry_err_source_t source, int err); /* Return an error value with the system error ERR. */ -gcry_err_code_t gcry_error_from_errno (int err); +gcry_error_t gcry_error_from_errno (int err); /* NOTE: Since Libgcrypt 1.6 the thread callbacks are not anymore diff --git a/src/visibility.c b/src/visibility.c index 7bf3d57..fe46c82 100644 --- a/src/visibility.c +++ b/src/visibility.c @@ -1174,10 +1174,10 @@ gcry_md_read (gcry_md_hd_t hd, int algo) return _gcry_md_read (hd, algo); } -gcry_err_code_t +gcry_error_t gcry_md_extract (gcry_md_hd_t hd, int algo, void *buffer, size_t length) { - return _gcry_md_extract(hd, algo, buffer, length); + return gpg_error (_gcry_md_extract(hd, algo, buffer, length)); } void commit 0d30a4a9791d20c8881b5b12bd44611d9f4274cd Author: Werner Koch Date: Wed Jul 5 20:05:41 2017 +0200 tools: Add left shift to mpicalc. * src/mpicalc.c (do_lshift): New. (main): Handle '<'. Signed-off-by: Werner Koch diff --git a/src/mpicalc.c b/src/mpicalc.c index ebd1bbb..11246f3 100644 --- a/src/mpicalc.c +++ b/src/mpicalc.c @@ -232,6 +232,17 @@ do_gcd (void) } static void +do_lshift (void) +{ + if (stackidx < 1) + { + fputs ("stack underflow\n", stderr); + return; + } + mpi_lshift (stack[stackidx - 1], stack[stackidx - 1], 1); +} + +static void do_rshift (void) { if (stackidx < 1) @@ -242,7 +253,6 @@ do_rshift (void) mpi_rshift (stack[stackidx - 1], stack[stackidx - 1], 1); } - static void do_nbits (void) { @@ -305,6 +315,7 @@ print_help (void) "* multiply [0] := [1] * [0] {-1}\n" "/ divide [0] := [1] - [0] {-1}\n" "% modulo [0] := [1] % [0] {-1}\n" + "< left shift [0] := [0] << 1 {0}\n" "> right shift [0] := [0] >> 1 {0}\n" "++ increment [0] := [0]++ {0}\n" "-- decrement [0] := [0]-- {0}\n" @@ -487,6 +498,9 @@ main (int argc, char **argv) case '^': do_powm (); break; + case '<': + do_lshift (); + break; case '>': do_rshift (); break; ----------------------------------------------------------------------- Summary of changes: src/gcrypt.h.in | 2 +- src/mpicalc.c | 16 +++++++++++++++- src/visibility.c | 4 ++-- 3 files changed, 18 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jul 5 20:18:03 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 05 Jul 2017 20:18:03 +0200 Subject: [git] GCRYPT - branch, LIBGCRYPT-1-7-BRANCH, updated. libgcrypt-1.7.8-4-g23f473d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, LIBGCRYPT-1-7-BRANCH has been updated via 23f473d04d16a2ec8dbd2537719c782ae233e7d8 (commit) via a9091d7f72cd9fec1d0f9ac6a56565d9cb3fc518 (commit) from a195d7346a8006f3b6fb77ccd6df8e91833d2b5a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 23f473d04d16a2ec8dbd2537719c782ae233e7d8 Author: Werner Koch Date: Wed Jul 5 20:10:56 2017 +0200 build: Minor API fixes to fix build problems on AIX. * src/gcrypt.h.in (gcry_error_from_errno): Fix return type. * src/visibility.c (gcry_md_extract): Change return type to match the prototype. -- IBM compiler optimize enums and thus enums may be shorter than an unsigned int. Thus an assert (sizeof (gpg_error_t) == sizeof (gpg_err_code_t) would fail. The deatils seem to depend on the passed compiler options which explains that it has been only reported now. GnuPG-bug-id: 3256 Signed-off-by: Werner Koch diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 34a3cb7..f71e362 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -189,7 +189,7 @@ int gcry_err_code_to_errno (gcry_err_code_t code); gcry_error_t gcry_err_make_from_errno (gcry_err_source_t source, int err); /* Return an error value with the system error ERR. */ -gcry_err_code_t gcry_error_from_errno (int err); +gcry_error_t gcry_error_from_errno (int err); /* NOTE: Since Libgcrypt 1.6 the thread callbacks are not anymore diff --git a/src/visibility.c b/src/visibility.c index 3abbd37..28edaf7 100644 --- a/src/visibility.c +++ b/src/visibility.c @@ -1174,10 +1174,10 @@ gcry_md_read (gcry_md_hd_t hd, int algo) return _gcry_md_read (hd, algo); } -gcry_err_code_t +gcry_error_t gcry_md_extract (gcry_md_hd_t hd, int algo, void *buffer, size_t length) { - return _gcry_md_extract(hd, algo, buffer, length); + return gpg_error (_gcry_md_extract(hd, algo, buffer, length)); } void commit a9091d7f72cd9fec1d0f9ac6a56565d9cb3fc518 Author: Werner Koch Date: Wed Jul 5 20:05:41 2017 +0200 tools: Add left shift to mpicalc. * src/mpicalc.c (do_lshift): New. (main): Handle '<'. Signed-off-by: Werner Koch diff --git a/src/mpicalc.c b/src/mpicalc.c index ebd1bbb..11246f3 100644 --- a/src/mpicalc.c +++ b/src/mpicalc.c @@ -232,6 +232,17 @@ do_gcd (void) } static void +do_lshift (void) +{ + if (stackidx < 1) + { + fputs ("stack underflow\n", stderr); + return; + } + mpi_lshift (stack[stackidx - 1], stack[stackidx - 1], 1); +} + +static void do_rshift (void) { if (stackidx < 1) @@ -242,7 +253,6 @@ do_rshift (void) mpi_rshift (stack[stackidx - 1], stack[stackidx - 1], 1); } - static void do_nbits (void) { @@ -305,6 +315,7 @@ print_help (void) "* multiply [0] := [1] * [0] {-1}\n" "/ divide [0] := [1] - [0] {-1}\n" "% modulo [0] := [1] % [0] {-1}\n" + "< left shift [0] := [0] << 1 {0}\n" "> right shift [0] := [0] >> 1 {0}\n" "++ increment [0] := [0]++ {0}\n" "-- decrement [0] := [0]-- {0}\n" @@ -487,6 +498,9 @@ main (int argc, char **argv) case '^': do_powm (); break; + case '<': + do_lshift (); + break; case '>': do_rshift (); break; ----------------------------------------------------------------------- Summary of changes: src/gcrypt.h.in | 2 +- src/mpicalc.c | 16 +++++++++++++++- src/visibility.c | 4 ++-- 3 files changed, 18 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jul 5 22:58:35 2017 From: cvs at cvs.gnupg.org (by Daniel Shahaf) Date: Wed, 05 Jul 2017 22:58:35 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.21-83-g4538f3c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 4538f3cf8d7a0a7477b3e0258de5b743830ae20c (commit) from 3681ee7dc1e9d8c94fdb046d7be0bbcfeba1cfe9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4538f3cf8d7a0a7477b3e0258de5b743830ae20c Author: Daniel Shahaf Date: Wed Jul 5 16:55:53 2017 -0400 doc: minor clarification --- Signed-off-by: Daniel Kahn Gillmor diff --git a/doc/gpg.texi b/doc/gpg.texi index 1933ad8..7a40f5a 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1224,7 +1224,7 @@ do not want to feed data via STDIN, you should connect STDIN to g at file{/dev/null}. It is highly recommended to use this option along with the options - at option{--status-fd} and @option{--with-colons} for any unattended of + at option{--status-fd} and @option{--with-colons} for any unattended use of @command{gpg}. @item --no-tty ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jul 6 10:31:13 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 06 Jul 2017 10:31:13 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.3-116-ge235f6a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via e235f6a62f6268538c784154c2d1470ff073b6a8 (commit) via 208aba6f9a0475ba049f5a66fe02cf9a6214a887 (commit) from 85a9a913da9ecc6b2cd6f743e90e49983251d706 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e235f6a62f6268538c784154c2d1470ff073b6a8 Author: Werner Koch Date: Thu Jul 6 10:26:24 2017 +0200 Update NEWS -- Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index c97f425..b29bb89 100644 --- a/NEWS +++ b/NEWS @@ -63,6 +63,10 @@ Noteworthy changes in version 1.8.0 (unreleased) [C21/A1/R_] - Fix long standing bug in secure memory implementation which could lead to a segv on free. [bug#3027] [also in 1.7.7] + - Mitigate a flush+reload side-channel attack on RSA secret keys + dubbed "Sliding right into disaster". For details see + . [CVE-2017-7526] [also in 1.7.8] + * Interface changes relative to the 1.7.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -73,6 +77,7 @@ Noteworthy changes in version 1.8.0 (unreleased) [C21/A1/R_] * Release dates of 1.7.x versions: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + Version 1.7.8 (2017-06-29) [C21/A1/R8] Version 1.7.7 (2017-06-02) [C21/A1/R7] Version 1.7.6 (2017-01-18) [C21/A1/R6] Version 1.7.5 (2016-12-15) [C21/A1/R5] commit 208aba6f9a0475ba049f5a66fe02cf9a6214a887 Author: Werner Koch Date: Thu Jun 29 08:31:27 2017 +0200 rsa: Use modern MPI allocation function. * cipher/rsa.c (secret_core_crt): Use modern function _gcry_mpi_snew. -- Eventually we want to get rid of the notion of limb sizes in mpi using code. Thus it is better to use the modern function/macro. Signed-off-by: Werner Koch diff --git a/cipher/rsa.c b/cipher/rsa.c index ce73f10..575ea94 100644 --- a/cipher/rsa.c +++ b/cipher/rsa.c @@ -1026,7 +1026,7 @@ secret_core_crt (gcry_mpi_t M, gcry_mpi_t C, r_nbits = mpi_get_nbits (P) / 4; if (r_nbits < 96) r_nbits = 96; - r = mpi_alloc_secure ( (r_nbits + BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB ); + r = mpi_secure_new (r_nbits); /* d_blind = (d mod (p-1)) + (p-1) * r */ /* m1 = c ^ d_blind mod p */ ----------------------------------------------------------------------- Summary of changes: NEWS | 5 +++++ cipher/rsa.c | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jul 6 10:34:12 2017 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Thu, 06 Jul 2017 10:34:12 +0200 Subject: [git] gnupg-doc - branch, master, updated. a69e5c0c1415829c5fa082e2951565ad2e1afb98 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via a69e5c0c1415829c5fa082e2951565ad2e1afb98 (commit) from 1143a81c46915184313775cde2b46ba59f2a518a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a69e5c0c1415829c5fa082e2951565ad2e1afb98 Author: Neal H. Walfield Date: Thu Jul 6 10:33:14 2017 +0200 campaign: Change video of the day to Cedric Laurant (SonTusDatos) diff --git a/web/donate/index.de.org b/web/donate/index.de.org index 3823fd1..7b624e4 100644 --- a/web/donate/index.de.org +++ b/web/donate/index.de.org @@ -222,8 +222,8 @@ href="/cgi-bin/procdonate.cgi?mode=preset&lang=de"

Video des Tages: Michael Stehmann - Lawyer +

Video des Tages: C?dric Laurant + SonTusDatos

diff --git a/web/donate/index.fr.org b/web/donate/index.fr.org index a3a1e96..cf93053 100644 --- a/web/donate/index.fr.org +++ b/web/donate/index.fr.org @@ -215,8 +215,8 @@

Clip du jour?: Michael Stehmann - Lawyer +

Clip du jour?: C?dric Laurant + SonTusDatos

diff --git a/web/donate/index.ja.org b/web/donate/index.ja.org index 5a185ef..cd9ddd0 100644 --- a/web/donate/index.ja.org +++ b/web/donate/index.ja.org @@ -202,8 +202,8 @@

?????: Michael Stehmann - Lawyer +

?????: C?dric Laurant + SonTusDatos

diff --git a/web/donate/index.org b/web/donate/index.org index 92518f8..8e498e7 100644 --- a/web/donate/index.org +++ b/web/donate/index.org @@ -217,8 +217,8 @@

Video of the Day: Michael Stehmann - Lawyer +

Video of the Day: C?dric Laurant + SonTusDatos

diff --git a/web/share/campaign/campaign.js b/web/share/campaign/campaign.js index 4f852d2..28453ca 100644 --- a/web/share/campaign/campaign.js +++ b/web/share/campaign/campaign.js @@ -89,7 +89,7 @@ function get_param_from_url(name) { $(document).ready(function() { // VOTD: Update VOTD here. - let VIDLIST = "michael,sheera,meik,seamus,andrew,geoffrey,hernani,leez,noah,c5,jochim,john,jason,sze,rysiek,ksenia,cindy,matt,thenmozhi,alex,andre,benjamin"; + let VIDLIST = "cedric,michael,sheera,meik,seamus,andrew,geoffrey,hernani,leez,noah,c5,jochim,john,jason,sze,rysiek,ksenia,cindy,matt,thenmozhi,alex,andre,benjamin"; let YTID = { "main": "wNHhkntqklg", "thenmozhi": "sQMj332dgIE", @@ -115,7 +115,8 @@ $(document).ready(function() { "seamus": "6dreAkVxmpg", "meik": "j0Zd0wZyLP8", "sheera": "mak22hXcslg", - "michael": "MSu_FF49MtU" + "michael": "MSu_FF49MtU", + "cedric": "-Rkrf9GIw8M" }; /* For the video preview, we use this for devices without hover events. */ diff --git a/web/share/campaign/img/thumbs/cedric.jpg b/web/share/campaign/img/thumbs/cedric.jpg new file mode 100644 index 0000000..b4816ae Binary files /dev/null and b/web/share/campaign/img/thumbs/cedric.jpg differ ----------------------------------------------------------------------- Summary of changes: web/donate/index.de.org | 4 ++-- web/donate/index.fr.org | 4 ++-- web/donate/index.ja.org | 4 ++-- web/donate/index.org | 4 ++-- web/share/campaign/campaign.js | 5 +++-- web/share/campaign/img/thumbs/cedric.jpg | Bin 0 -> 113184 bytes 6 files changed, 11 insertions(+), 10 deletions(-) create mode 100644 web/share/campaign/img/thumbs/cedric.jpg hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jul 6 12:58:53 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Thu, 06 Jul 2017 12:58:53 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.21-84-g4c3a59e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 4c3a59e9c0a4902f96b9f199b9821573ffb7c628 (commit) from 4538f3cf8d7a0a7477b3e0258de5b743830ae20c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4c3a59e9c0a4902f96b9f199b9821573ffb7c628 Author: Justus Winter Date: Thu Jul 6 12:56:06 2017 +0200 doc: Fix typo. -- Signed-off-by: Justus Winter diff --git a/doc/gpg.texi b/doc/gpg.texi index 7a40f5a..9dceed9 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -3865,7 +3865,7 @@ follows: @item Text only, line length is limited to about 1000 characters. @item UTF-8 encoding must be used to specify non-ASCII characters. @item Empty lines are ignored. - @item Leading and trailing while space is ignored. + @item Leading and trailing white space is ignored. @item A hash sign as the first non white space character indicates a comment line. @item Control statements are indicated by a leading percent sign, the ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jul 6 20:52:59 2017 From: cvs at cvs.gnupg.org (by Damien Goutte-Gattat) Date: Thu, 06 Jul 2017 20:52:59 +0200 Subject: [git] Scute - branch, master, updated. scute-1.3.0-71-g5ef976c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "PKCS#11 token on top of gpg-agent". The branch, master has been updated via 5ef976c40007ba2b062e9bd63e35bca894c3d9a0 (commit) via ab5025ab91db937b80427bf7385b4c689e7fa9a6 (commit) via 1be7674fea72aff49eb13ef96089c766a09239cb (commit) via a8bfa6306a0114d1e4c3eeaecd15fb07439cb648 (commit) from 10a19467bc2a95b4aa91176924a91be427d3157a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5ef976c40007ba2b062e9bd63e35bca894c3d9a0 Author: Damien Goutte-Gattat Date: Wed Jul 5 21:52:25 2017 +0200 Update documentation files. * AUTHORS: Update bug report submission URL. * doc/website/contact.xhtml: Likewise. * NEWS: Update for upcoming release. * README: Replace libscute.so by scute.so. Indicate that GnuPG 2.1 is required for some features. * doc/manual/scute.texi: Likewise. Signed-off-by: Damien Goutte-Gattat diff --git a/AUTHORS b/AUTHORS index 39ab03a..1eba0f1 100644 --- a/AUTHORS +++ b/AUTHORS @@ -1,6 +1,6 @@ Package: scute Maintainer: Marcus Brinkmann -Bug reports: bug-scute at g10code.com +Bug reports: https://dev.gnupg.org/ Security related bug reports: security at gnupg.org License: GPLv2+ with exception for Mozilla diff --git a/NEWS b/NEWS index dc84747..e6608bb 100644 --- a/NEWS +++ b/NEWS @@ -1,4 +1,16 @@ -Noteworthy changes in version 1.3.0 (2010-04-21) +Noteworthy changes in version 1.5.0 (unreleased) +------------------------------------------------ + + * Support for TLS 1.2 client authentication and S/MIME signing. + + * Support for 4096 bit keys. + + * Support for GnuPG 2.1. + + * C_GenerateRandom is implemented. + + +Noteworthy changes in version 1.4.0 (2010-04-21) ------------------------------------------------ * Update to libassuan 2.0.0 interface. diff --git a/README b/README index 7064b29..4cd9a12 100644 --- a/README +++ b/README @@ -42,6 +42,9 @@ At runtime: * GnuPG 2.0, in particular: gpg-agent, scdaemon * Pinentry +Note that client authentication with TLS 1.2 and S/MIME signing +require GnuPG 2.1. + Installation ============ @@ -52,7 +55,7 @@ instructions in the file INSTALL that accompanies this software. After installation, you can configure Mozilla to use Scute by visiting the preferences dialog in the "advanced" category, under "Security Devices". There you can "load" the module from its -installed path, e.g. "/usr/lib/libscute.so". +installed path, e.g. "/usr/lib/scute.so". Client Authentication @@ -161,7 +164,7 @@ ask when establishing the initial connection). To actually perform the client authentication, the client needs to set up the web browser for use with Scute. The Scute PKCS #11 module, -installed under /usr/lib/libscute.so by default, needs to be loaded as +installed under /usr/lib/scute.so by default, needs to be loaded as a security device in Firefox under Preferences->Advanced->Security->Certificates->Security Devices->Load When the security device is loaded, card insertion should cause the diff --git a/doc/manual/scute.texi b/doc/manual/scute.texi index 7199edf..392cc98 100644 --- a/doc/manual/scute.texi +++ b/doc/manual/scute.texi @@ -262,7 +262,9 @@ configured: @table @asis @item GnuPG Scute uses the GnuPG 2.0 framework to access the OpenPGP card and for -certificate management. The minimum version required is 2.0.0. +certificate management. The minimum version required is 2.0.0 for +client authentication with TLS 1.0 and 1.1. Client authentication +with TLS 1.2, email and document signing require GnuPG 2.1.0. @item Pinentry Pinentry is a dependency of GnuPG 2.0, so it also needs to be installed diff --git a/doc/website/contact.xhtml b/doc/website/contact.xhtml index 2e070d7..7fbe731 100644 --- a/doc/website/contact.xhtml +++ b/doc/website/contact.xhtml @@ -61,7 +61,7 @@

Bug Reports

All bug reports should be submitted to our bug tracking system or + href="https://dev.gnupg.org/">bug tracking system or sent via e-mail to the GnuPG development mailing list. Sensitive information can also commit ab5025ab91db937b80427bf7385b4c689e7fa9a6 Author: Damien Goutte-Gattat Date: Tue Jun 6 12:39:08 2017 +0200 Add safety check against bad card certificate. * src/agent.c (scute_agent_get_cert): Reject card certificate if it does not start with an ASN.1 sequence tag. Signed-off-by: Damien Goutte-Gattat diff --git a/src/agent.c b/src/agent.c index cecf570..cfc9a56 100644 --- a/src/agent.c +++ b/src/agent.c @@ -1043,7 +1043,7 @@ scute_agent_get_cert (int no, struct cert *cert) err = assuan_transact (agent_ctx, cmd, get_cert_data_cb, &cert_s, NULL, NULL, NULL, NULL); /* Just to be safe... */ - if (!err && cert_s.cert_der_len <= 16) + if (!err && (cert_s.cert_der_len <= 16 || cert_s.cert_der[0] != 0x30)) { DEBUG (DBG_INFO, "bad card certificate rejected"); err = gpg_error (GPG_ERR_BAD_CERT); commit 1be7674fea72aff49eb13ef96089c766a09239cb Author: Damien Goutte-Gattat Date: Mon Jan 16 11:32:45 2017 +0100 Cleanup now unused code. * src/agent.c (build_w32_commandline_copy): Removed. (build_w32_commandline): Removed. (spawn_process_detached): Removed. * src/get-path.c (get_gpg_agent_path): Removed. (standard_homedir): Removed. (default_homedir): Removed. (make_filename): Removed. * src/support.h: Removed corresponding prototypes. * configure.ac: Removed --with-gpg-agent option. -- This patch removes functions that were only used to find the socket for GnuPG Agent and that are not needed anymore. Signed-off-by: Damien Goutte-Gattat diff --git a/configure.ac b/configure.ac index 8567a3a..d05785e 100644 --- a/configure.ac +++ b/configure.ac @@ -231,14 +231,12 @@ esac AM_CONDITIONAL(HAVE_LD_VERSION_SCRIPT, test "$have_ld_version_script" = "yes") GPGSM_DEFAULT=no -GPG_AGENT_DEFAULT=no GPG_CONNECT_AGENT_DEFAULT=no have_w32_system=no case "${host}" in *-mingw32*) # special stuff for Windoze NT GPGSM_DEFAULT='c:\\gnupg\\gpgsm.exe' - GPG_AGENT_DEFAULT='c:\\gnupg\\gpg-agent.exe' GPG_CONNECT_AGENT_DEFAULT='c:\\gnupg\\gpg-connect-agent.exe' have_w32_system=yes ;; @@ -373,41 +371,6 @@ if test "$ok" = "maybe"; then fi gpgsm_ok="$ok" -# GPG_AGENT -NO_OVERRIDE=no -AC_ARG_WITH(gpg-agent, - AC_HELP_STRING([--with-gpg-agent=PATH], [use GPG Agent binary at PATH]), - GPG_AGENT=$withval, NO_OVERRIDE=yes) -if test "$NO_OVERRIDE" = "yes" || test "$GPG_AGENT" = "yes"; then - GPG_AGENT= - NO_OVERRIDE=yes - if test "$cross_compiling" != "yes"; then - AC_PATH_PROG(GPG_AGENT, gpg-agent) - fi - if test -z "$GPG_AGENT"; then - GPG_AGENT="$GPG_AGENT_DEFAULT" - fi -fi -if test "$GPG_AGENT" = no; then - if test "$NO_OVERRIDE" = "yes"; then - if test "$cross_compiling" != "yes"; then - AC_MSG_WARN([ -*** -*** Could not find GPG Agent, install GPG Agent or use --with-gpg-agent=PATH to enable it -***]) - else - AC_MSG_ERROR([ -*** -*** Can not determine path to GPG Agent when cross-compiling, use --with-gpg-agent=PATH -***]) - fi - fi -else - AC_DEFINE_UNQUOTED(GPG_AGENT_PATH, "$GPG_AGENT", [Path to the GPG_AGENT binary.]) - AC_DEFINE(ENABLE_GPG_AGENT,1, [Whether GPG Agent support is enabled]) -fi -AM_CONDITIONAL(HAVE_GPG_AGENT, test "$GPG_AGENT" != "no") - # GPG_CONNECT_AGENT NO_OVERRIDE=no AC_ARG_WITH(gpg-connect-agent, diff --git a/src/agent.c b/src/agent.c index 6ee106c..cecf570 100644 --- a/src/agent.c +++ b/src/agent.c @@ -79,155 +79,6 @@ gnupg_allow_set_foregound_window (pid_t pid) } -#ifdef HAVE_W32_SYSTEM -/* Helper function to build_w32_commandline. */ -static char * -build_w32_commandline_copy (char *buffer, const char *string) -{ - char *p = buffer; - const char *s; - - if (!*string) /* Empty string. */ - p = stpcpy (p, "\"\""); - else if (strpbrk (string, " \t\n\v\f\"")) - { - /* Need top do some kind of quoting. */ - p = stpcpy (p, "\""); - for (s=string; *s; s++) - { - *p++ = *s; - if (*s == '\"') - *p++ = *s; - } - *p++ = '\"'; - *p = 0; - } - else - p = stpcpy (p, string); - - return p; -} - - -/* Build a command line for use with W32's CreateProcess. On success - CMDLINE gets the address of a newly allocated string. */ -static gpg_error_t -build_w32_commandline (const char *pgmname, const char * const *argv, - char **cmdline) -{ - int i, n; - const char *s; - char *buf, *p; - - *cmdline = NULL; - n = 0; - s = pgmname; - n += strlen (s) + 1 + 2; /* (1 space, 2 quoting */ - for (; *s; s++) - if (*s == '\"') - n++; /* Need to double inner quotes. */ - for (i=0; (s=argv[i]); i++) - { - n += strlen (s) + 1 + 2; /* (1 space, 2 quoting */ - for (; *s; s++) - if (*s == '\"') - n++; /* Need to double inner quotes. */ - } - n++; - - buf = p = malloc (n); - if (!buf) - return gpg_error_from_syserror (); - - p = build_w32_commandline_copy (p, pgmname); - for (i=0; argv[i]; i++) - { - *p++ = ' '; - p = build_w32_commandline_copy (p, argv[i]); - } - - *cmdline= buf; - return 0; -} - - -/* Spawn a new process and immediately detach from it. The name of - the program to exec is PGMNAME and its arguments are in ARGV (the - programname is automatically passed as first argument). An error - is returned if pgmname is not executable; to make this work it is - necessary to provide an absolute file name. All standard file - descriptors are connected to /dev/null. */ -static gpg_error_t -spawn_process_detached (const char *pgmname, const char *argv[]) -{ - gpg_error_t err; - SECURITY_ATTRIBUTES sec_attr; - PROCESS_INFORMATION pi = - { - NULL, /* Returns process handle. */ - 0, /* Returns primary thread handle. */ - 0, /* Returns pid. */ - 0 /* Returns tid. */ - }; - STARTUPINFO si; - int cr_flags; - char *cmdline; - - if (access (pgmname, X_OK)) - return gpg_error_from_syserror (); - - /* Prepare security attributes. */ - memset (&sec_attr, 0, sizeof sec_attr ); - sec_attr.nLength = sizeof sec_attr; - sec_attr.bInheritHandle = FALSE; - - /* Build the command line. */ - err = build_w32_commandline (pgmname, argv, &cmdline); - if (err) - return err; - - /* Start the process. */ - memset (&si, 0, sizeof si); - si.cb = sizeof (si); - si.dwFlags = STARTF_USESHOWWINDOW; - si.wShowWindow = SW_MINIMIZE; - - cr_flags = (CREATE_DEFAULT_ERROR_MODE - | GetPriorityClass (GetCurrentProcess ()) - | CREATE_NEW_PROCESS_GROUP - | DETACHED_PROCESS); - DEBUG (DBG_INFO, "CreateProcess(detached), path=`%s' cmdline=`%s'\n", - pgmname, cmdline); - if (!CreateProcess (pgmname, /* Program to start. */ - cmdline, /* Command line arguments. */ - &sec_attr, /* Process security attributes. */ - &sec_attr, /* Thread security attributes. */ - FALSE, /* Inherit handles. */ - cr_flags, /* Creation flags. */ - NULL, /* Environment. */ - NULL, /* Use current drive/directory. */ - &si, /* Startup information. */ - &pi /* Returns process information. */ - )) - { - DEBUG (DBG_CRIT, "CreateProcess(detached) failed: %i\n", - GetLastError ()); - free (cmdline); - return gpg_error (GPG_ERR_GENERAL); - } - free (cmdline); - cmdline = NULL; - - DEBUG (DBG_INFO, "CreateProcess(detached) ready: hProcess=%p hThread=%p" - " dwProcessID=%d dwThreadId=%d\n", pi.hProcess, pi.hThread, - (int) pi.dwProcessId, (int) pi.dwThreadId); - - CloseHandle (pi.hThread); - - return 0; -} -#endif - /* Establish a connection to a running GPG agent. */ static gpg_error_t diff --git a/src/get-path.c b/src/get-path.c index cb0a136..bb24b12 100644 --- a/src/get-path.c +++ b/src/get-path.c @@ -33,13 +33,6 @@ #include #include #include -#include -#include -#include -#include -#include -#include -#include #ifdef HAVE_W32_SYSTEM #include #include @@ -49,23 +42,6 @@ #include "support.h" #ifdef HAVE_W32_SYSTEM -#define GNUPG_DEFAULT_HOMEDIR "c:/gnupg" -#elif defined(__VMS) -#define GNUPG_DEFAULT_HOMEDIR "/SYS\$LOGIN/gnupg" -#else -#define GNUPG_DEFAULT_HOMEDIR "~/.gnupg" -#endif - -#ifdef HAVE_DOSISH_SYSTEM -#define DIRSEP_C '\\' -#define DIRSEP_S "\\" -#else -#define DIRSEP_C '/' -#define DIRSEP_S "/" -#endif - - -#ifdef HAVE_W32_SYSTEM #define RTLD_LAZY 0 static __inline__ void * @@ -319,23 +295,6 @@ get_gpgsm_path (void) const char * -get_gpg_agent_path (void) -{ - static const char *pgmname; - -#ifdef HAVE_W32_SYSTEM - if (!pgmname) - pgmname = find_program_in_inst_dir ("gpg-agent.exe"); - if (!pgmname) - pgmname = find_program_at_standard_place ("GNU\\GnuPG\\gpg-agent.exe"); -#endif - if (!pgmname) - pgmname = GPG_AGENT_PATH; - return pgmname; -} - - -const char * get_gpg_connect_agent_path (void) { static const char *pgmname; @@ -350,161 +309,3 @@ get_gpg_connect_agent_path (void) pgmname = GPG_CONNECT_AGENT_PATH; return pgmname; } - - - -/* Home directory. */ - -#ifdef HAVE_W32_SYSTEM -#ifndef CSIDL_APPDATA -#define CSIDL_APPDATA 0x001a -#endif -#ifndef CSIDL_LOCAL_APPDATA -#define CSIDL_LOCAL_APPDATA 0x001c -#endif -#ifndef CSIDL_COMMON_APPDATA -#define CSIDL_COMMON_APPDATA 0x0023 -#endif -#ifndef CSIDL_FLAG_CREATE -#define CSIDL_FLAG_CREATE 0x8000 -#endif -#endif /*HAVE_W32_SYSTEM*/ - -/* Get the standard home directory. In general this function should - not be used as it does not consider a registry value (under W32) or - the GNUPGHOME environment variable. It is better to use - default_homedir(). */ -const char * -standard_homedir (void) -{ -#ifdef HAVE_W32_SYSTEM - static const char *dir; - - if (!dir) - { - char path[MAX_PATH]; - - /* It might be better to use LOCAL_APPDATA because this is - defined as "non roaming" and thus more likely to be kept - locally. For private keys this is desired. However, given - that many users copy private keys anyway forth and back, - using a system roaming services might be better than to let - them do it manually. A security conscious user will anyway - use the registry entry to have better control. */ - if (w32_shgetfolderpath (NULL, CSIDL_APPDATA|CSIDL_FLAG_CREATE, - NULL, 0, path) >= 0) - { - char *tmp = malloc (strlen (path) + 6 +1); - if (tmp) - { - strcpy (stpcpy (tmp, path), "\\gnupg"); - dir = tmp; - - /* Try to create the directory if it does not yet exists. */ - if (access (dir, F_OK)) - CreateDirectory (dir, NULL); - } - } - - if (!dir) - dir = GNUPG_DEFAULT_HOMEDIR; - } - return dir; -#else/*!HAVE_W32_SYSTEM*/ - return GNUPG_DEFAULT_HOMEDIR; -#endif /*!HAVE_W32_SYSTEM*/ -} - -/* Set up the default home directory. The usual --homedir option - should be parsed later. */ -const char * -default_homedir (void) -{ - const char *dir; - - dir = getenv ("GNUPGHOME"); -#ifdef HAVE_W32_SYSTEM - if (!dir || !*dir) - { - static const char *saved_dir; - - if (!saved_dir) - { - if (!dir || !*dir) - { - char *tmp; - - tmp = read_w32_registry_string (NULL, "Software\\GNU\\GnuPG", - "HomeDir"); - if (tmp && *tmp) - { - free (tmp); - tmp = NULL; - } - if (tmp) - saved_dir = tmp; - } - - if (!saved_dir) - saved_dir = standard_homedir (); - } - dir = saved_dir; - } -#endif /*HAVE_W32_SYSTEM*/ - if (!dir || !*dir) - dir = GNUPG_DEFAULT_HOMEDIR; - - return dir; -} - - -/* Construct a filename from the NULL terminated list of parts. Tilde - expansion is done here. */ -char * -make_filename (const char *first_part, ...) -{ - va_list arg_ptr; - size_t n; - const char *s; - char *name; - char *home; - char *p; - - va_start (arg_ptr, first_part); - n = strlen (first_part) + 1; - while ((s = va_arg (arg_ptr, const char *))) - n += strlen (s) + 1; - va_end (arg_ptr); - - home = NULL; - if (*first_part == '~' && first_part[1] == '/' - && (home = getenv("HOME")) && *home) - n += strlen (home); - - name = malloc (n); - if (! name) - return NULL; - p = (home - ? stpcpy (stpcpy (name,home), first_part + 1) - : stpcpy (name, first_part)); - - va_start (arg_ptr, first_part); - while ((s = va_arg(arg_ptr, const char *))) - p = stpcpy (stpcpy (p,"/"), s); - va_end (arg_ptr); - -#ifdef HAVE_W32_SYSTEM - /* We better avoid mixing slashes and backslashes and prefer - backslashes. There is usual no problem with mixing them, however - a very few W32 API calls can't grok plain slashes. Printing - filenames with mixed slashes also looks a bit strange. */ - if (strchr (name, '\\')) - { - for (p = name; *p; p++) - if (*p == '/') - *p = '\\'; - } -#endif - - return name; -} diff --git a/src/support.h b/src/support.h index 739d124..38149ad 100644 --- a/src/support.h +++ b/src/support.h @@ -84,17 +84,8 @@ stpcpy (char *a, const char *b) const char *get_gpgsm_path (void); -const char *get_gpg_agent_path (void); const char *get_gpg_connect_agent_path (void); -/* Set up the default home directory. The usual --homedir option - should be parsed later. */ -const char *default_homedir (void); - -/* Construct a filename from the NULL terminated list of parts. Tilde - expansion is done here. */ -char *make_filename (const char *first_part, ...); - #endif /* !SUPPORT_H */ commit a8bfa6306a0114d1e4c3eeaecd15fb07439cb648 Author: Damien Goutte-Gattat Date: Mon Jan 16 11:49:18 2017 +0100 Get GPG Agent's socket directly from the agent. * src/agent.c (agent_connect): Call gpg-connect-agent to get the socket for a running agent. * src/get-path.c (get_gpg_connect_agent_path): New function. * src/support.h (get_gpg_connect_agent_path): New prototype. * configure.ac: New option --with-gpg-connect-agent-path. -- This patch replaces all the logic needed to find the socket for a running GnuPG Agent by a single call to gpg-connect-agent. This will ensure we will always be able to find the agent, without having to duplicate the logic already implemented in GnuPG. Gpg-connect-agent will also take care of starting the agent if it's not already running. GnuPG-bug-id: 3195 Signed-off-by: Damien Goutte-Gattat diff --git a/configure.ac b/configure.ac index 1e4137d..8567a3a 100644 --- a/configure.ac +++ b/configure.ac @@ -232,12 +232,14 @@ AM_CONDITIONAL(HAVE_LD_VERSION_SCRIPT, test "$have_ld_version_script" = "yes") GPGSM_DEFAULT=no GPG_AGENT_DEFAULT=no +GPG_CONNECT_AGENT_DEFAULT=no have_w32_system=no case "${host}" in *-mingw32*) # special stuff for Windoze NT GPGSM_DEFAULT='c:\\gnupg\\gpgsm.exe' GPG_AGENT_DEFAULT='c:\\gnupg\\gpg-agent.exe' + GPG_CONNECT_AGENT_DEFAULT='c:\\gnupg\\gpg-connect-agent.exe' have_w32_system=yes ;; *) @@ -406,6 +408,41 @@ else fi AM_CONDITIONAL(HAVE_GPG_AGENT, test "$GPG_AGENT" != "no") +# GPG_CONNECT_AGENT +NO_OVERRIDE=no +AC_ARG_WITH(gpg-connect-agent, + AC_HELP_STRING([--with-gpg-connect-agent=PATH], + [use gpg-connect-agent binary at PATH]), + GPG_CONNECT_AGENT=$withval, NO_OVERRIDE=yes) +if test "$NO_OVERRIDE" = "yes" || test "$GPG_CONNECT_AGENT" = "yes"; then + GPG_CONNECT_AGENT= + NO_OVERRIDE=yes + if test "$cross_compiling" != "yes"; then + AC_PATH_PROG(GPG_CONNECT_AGENT, gpg-connect-agent) + fi + if test -z "$GPG_CONNECT_AGENT"; then + GPG_CONNECT_AGENT="$GPG_CONNECT_AGENT_DEFAULT" + fi +fi +if test "$GPG_CONNECT_AGENT" = no; then + if test "$NO_OVERRIDE" = "yes"; then + if test "$cross_compiling" != "yes"; then + AC_MSG_WARN([ +*** +*** Could not find gpg-connect-agent, use --with-gpg-connect-agent=PATH to enable it +***]) + else + AC_MSG_WARN([ +*** +*** Can not determine path to gpg-connect-agent when cross-compiling, use --with-gpg-connect-agent=PATH +***]) + fi + fi +else + AC_DEFINE_UNQUOTED(GPG_CONNECT_AGENT_PATH, "$GPG_CONNECT_AGENT", + [Path to the GPG_CONNECT_AGENT binary.]) +fi + # Checks for header files. AC_HEADER_STDC diff --git a/src/agent.c b/src/agent.c index 75d4933..6ee106c 100644 --- a/src/agent.c +++ b/src/agent.c @@ -233,151 +233,59 @@ spawn_process_detached (const char *pgmname, const char *argv[]) static gpg_error_t agent_connect (assuan_context_t *ctx_r) { - /* If we ever failed to connect via a socket we will force the use - of the pipe based server for the lifetime of the process. */ - static int force_pipe_server = 0; - gpg_error_t err = 0; - char *infostr; - char *ptr; assuan_context_t ctx = NULL; + char buffer[255]; + FILE *p; - err = assuan_new (&ctx); - if (err) - return err; - - restart: - - infostr = force_pipe_server ? NULL : getenv ("GPG_AGENT_INFO"); - if (!infostr || !*infostr) - { - char *sockname; - - /* First check whether we can connect at the standard - socket. */ - sockname = make_filename (default_homedir (), "S.gpg-agent", NULL); - if (! sockname) - return gpg_error_from_errno (errno); - - err = assuan_socket_connect (ctx, sockname, 0, 0); - if (err) - { - const char *agent_program; - - /* With no success start a new server. */ - DEBUG (DBG_INFO, "no running GPG agent at %s, starting one\n", - sockname); - - agent_program = get_gpg_agent_path (); - + /* Use gpg-connect-agent to obtain the socket name + * directly from the agent itself. */ + snprintf (buffer, sizeof buffer, "%s 'GETINFO socket_name' /bye", + get_gpg_connect_agent_path ()); #ifdef HAVE_W32_SYSTEM - { - /* Under Windows we start the server in daemon mode. This - is because the default is to use the standard socket - and thus there is no need for the GPG_AGENT_INFO - envvar. This is possible as we don't have a real unix - domain socket but use a plain file and thus there is no - need to care about non-local file systems. */ - const char *argv[3]; - - argv[0] = "--daemon"; - argv[1] = "--use-standard-socket"; - argv[2] = NULL; - - err = spawn_process_detached (agent_program, argv); - if (err) - DEBUG (DBG_CRIT, "failed to start agent `%s': %s\n", - agent_program, gpg_strerror (err)); - else - { - /* Give the agent some time to prepare itself. */ - Sleep (3 * 1000); - /* Now try again to connect the agent. */ - err = assuan_socket_connect (ctx_r, sockname, 0, 0); - } - } -#else /*!HAVE_W32_SYSTEM*/ - { - const char *pgmname; - const char *argv[3]; - int no_close_list[3]; - int i; - - if ( !(pgmname = strrchr (agent_program, '/'))) - pgmname = agent_program; - else - pgmname++; - - argv[0] = pgmname; - argv[1] = "--server"; - argv[2] = NULL; - - i=0; - no_close_list[i++] = assuan_fd_from_posix_fd (fileno (stderr)); - no_close_list[i] = -1; - - /* Connect to the agent and perform initial handshaking. */ - err = assuan_pipe_connect (ctx, agent_program, argv, - no_close_list, NULL, NULL, 0); - } -#endif /*!HAVE_W32_SYSTEM*/ - } - free (sockname); - } - else + p = _popen (buffer, "r"); +#else + p = popen (buffer, "r"); +#endif + if (p) { - int pid; - int protocol_version; + int ret; - infostr = strdup (infostr); - if (!infostr) - return gpg_error_from_errno (errno); - - if (!(ptr = strchr (infostr, PATHSEP_C)) || ptr == infostr) - { - DEBUG (DBG_CRIT, "malformed GPG_AGENT_INFO environment variable"); - free (infostr); - force_pipe_server = 1; - goto restart; - } - - *(ptr++) = 0; - pid = atoi (ptr); - while (*ptr && *ptr != PATHSEP_C) - ptr++; - protocol_version = *ptr ? atoi (ptr + 1) : 0; - if (protocol_version != 1) - { - DEBUG (DBG_CRIT, "GPG agent protocol version '%d' not supported", - protocol_version); - free (infostr); - force_pipe_server = 1; - goto restart; - } + ret = fscanf (p, "D %254s\nOK\n", buffer); + if (ret == EOF) /* I/O error? */ + err = gpg_error_from_errno (errno); + else if (ret != 1) /* Unexpected reply */ + err = gpg_error (GPG_ERR_NO_AGENT); - err = assuan_socket_connect (ctx, infostr, pid, 0); - free (infostr); - if (err) - { - DEBUG (DBG_CRIT, "cannot connect to GPG agent: %s", gpg_strerror (err)); - force_pipe_server = 1; - goto restart; - } + pclose (p); } + else + err = gpg_error_from_errno (errno); - if (err) + /* Then connect to the socket we got. */ + if (!err) { - assuan_release (ctx); - DEBUG (DBG_CRIT, "cannot connect to GPG agent: %s", gpg_strerror (err)); - return gpg_error (GPG_ERR_NO_AGENT); + err = assuan_new (&ctx); + if (!err) + { + err = assuan_socket_connect (ctx, buffer, 0, 0); + if (!err) + { + *ctx_r = ctx; + if (_scute_debug_flags & DBG_ASSUAN) + assuan_set_log_stream (*ctx_r, _scute_debug_stream); + } + else + assuan_release (ctx); + } } - if (_scute_debug_flags & DBG_ASSUAN) - assuan_set_log_stream (*ctx_r, _scute_debug_stream); - - *ctx_r = ctx; + /* We do not try any harder. If gpg-connect-agent somehow failed + * to give us a suitable socket, we probably cannot do better. */ + if (err) + DEBUG (DBG_CRIT, "cannot connect to GPG agent: %s", gpg_strerror (err)); - return 0; + return err; } diff --git a/src/get-path.c b/src/get-path.c index 0abd863..cb0a136 100644 --- a/src/get-path.c +++ b/src/get-path.c @@ -335,6 +335,23 @@ get_gpg_agent_path (void) } +const char * +get_gpg_connect_agent_path (void) +{ + static const char *pgmname; + +#ifdef HAVE_W32_SYSTEM + if (!pgmname) + pgmname = find_program_in_inst_dir ("gpg-connect-agent.exe"); + if (!pgmname) + pgmname = find_program_at_standard_place ("GNU\\GnuPG\\gpg-connect-agent.exe"); +#endif + if (!pgmname) + pgmname = GPG_CONNECT_AGENT_PATH; + return pgmname; +} + + /* Home directory. */ diff --git a/src/support.h b/src/support.h index 3356224..739d124 100644 --- a/src/support.h +++ b/src/support.h @@ -85,6 +85,7 @@ stpcpy (char *a, const char *b) const char *get_gpgsm_path (void); const char *get_gpg_agent_path (void); +const char *get_gpg_connect_agent_path (void); /* Set up the default home directory. The usual --homedir option should be parsed later. */ ----------------------------------------------------------------------- Summary of changes: AUTHORS | 2 +- NEWS | 14 +- README | 7 +- configure.ac | 36 +++--- doc/manual/scute.texi | 4 +- doc/website/contact.xhtml | 2 +- src/agent.c | 323 ++++++---------------------------------------- src/get-path.c | 190 +-------------------------- src/support.h | 10 +- 9 files changed, 87 insertions(+), 501 deletions(-) hooks/post-receive -- PKCS#11 token on top of gpg-agent http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jul 6 21:18:31 2017 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Thu, 06 Jul 2017 21:18:31 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.21-85-g243b2a5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 243b2a570c30586e19b8c88e43b282d62d8eb77c (commit) from 4c3a59e9c0a4902f96b9f199b9821573ffb7c628 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 243b2a570c30586e19b8c88e43b282d62d8eb77c Author: Neal H. Walfield Date: Thu Jul 6 21:15:45 2017 +0200 doc: Improve TOFU documentation. * doc/gpg.texi: Improve TOFU documentation. Signed-off-by: Neal H. Walfield Suggested-by: Teemu Likonen diff --git a/doc/gpg.texi b/doc/gpg.texi index 9dceed9..bc83eff 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1633,10 +1633,14 @@ Set what trust model GnuPG should follow. The models are: @opindex trust-model:tofu @anchor{trust-model-tofu} TOFU stands for Trust On First Use. In this trust model, the first - time a key is seen, it is memorized. If later another key is seen - with a user id with the same email address, a warning is displayed - indicating that there is a conflict and that the key might be a - forgery and an attempt at a man-in-the-middle attack. + time a key is seen, it is memorized. If later another key with a + user id with the same email address is seen, both keys are marked as + suspect. In that case, the next time either is used, a warning is + displayed describing the conflict, why it might have occured + (either the user generated a new key and failed to cross sign the + old and new keys, the key is forgery, or a man-in-the-middle attack + is being attempted), and the user is prompted to manually confirm + the validity of the key in question. Because a potential attacker is able to control the email address and thereby circumvent the conflict detection algorithm by using an ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jul 7 05:02:46 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Fri, 07 Jul 2017 05:02:46 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.3-118-g66ed4d5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 66ed4d53789892def7b237756d8a0ab28df9d222 (commit) via 619ebae9847831f43314a95cc3180f4b329b4d3b (commit) from e235f6a62f6268538c784154c2d1470ff073b6a8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 66ed4d53789892def7b237756d8a0ab28df9d222 Author: NIIBE Yutaka Date: Fri Jul 7 12:00:03 2017 +0900 mpi: Fix mpi_pow alternative implementation. * mpi/mpi-pow.c [USE_ALGORITHM_SIMPLE_EXPONENTIATION] (_gcry_mpi_powm): Use mpi_set_cond. -- Limbs of RES may be allocated more before the call of mpi_pow, but it only uses the space of SIZE. Signed-off-by: NIIBE Yutaka diff --git a/mpi/mpi-pow.c b/mpi/mpi-pow.c index 3d6d68c..54f477b 100644 --- a/mpi/mpi-pow.c +++ b/mpi/mpi-pow.c @@ -188,10 +188,16 @@ _gcry_mpi_powm (gcry_mpi_t res, mpi_limb_t e; mpi_limb_t carry_limb; struct karatsuba_ctx karactx; + struct gcry_mpi w, u; xp_nlimbs = msec? size:0; xp = xp_marker = mpi_alloc_limb_space( size, msec ); + w.sign = u.sign = 0; + w.flags = u.flags = 0; + w.alloced = w.nlimbs = size; /* RES->alloc may be longer. */ + u.alloced = u.nlimbs = size; + memset( &karactx, 0, sizeof karactx ); negative_result = (ep[0] & 1) && bsign; @@ -267,11 +273,11 @@ _gcry_mpi_powm (gcry_mpi_t res, xsize = msize; } } - if ( (mpi_limb_signed_t)e < 0 ) - { - tp = rp; rp = xp; xp = tp; - rsize = xsize; - } + + w.d = rp; + u.d = xp; + mpi_set_cond (&w, &u, ((mpi_limb_signed_t)e < 0)); + e <<= 1; c--; } commit 619ebae9847831f43314a95cc3180f4b329b4d3b Author: NIIBE Yutaka Date: Fri Jul 7 11:39:09 2017 +0900 Fix mpi_pow alternative implementation. * mpi/mpi-pow.c [USE_ALGORITHM_SIMPLE_EXPONENTIATION] (_gcry_mpi_powm): Allocate size fix. Signed-off-by: NIIBE Yutaka diff --git a/mpi/mpi-pow.c b/mpi/mpi-pow.c index 3cba690..3d6d68c 100644 --- a/mpi/mpi-pow.c +++ b/mpi/mpi-pow.c @@ -189,8 +189,8 @@ _gcry_mpi_powm (gcry_mpi_t res, mpi_limb_t carry_limb; struct karatsuba_ctx karactx; - xp_nlimbs = msec? (2 * (msize + 1)):0; - xp = xp_marker = mpi_alloc_limb_space( 2 * (msize + 1), msec ); + xp_nlimbs = msec? size:0; + xp = xp_marker = mpi_alloc_limb_space( size, msec ); memset( &karactx, 0, sizeof karactx ); negative_result = (ep[0] & 1) && bsign; ----------------------------------------------------------------------- Summary of changes: mpi/mpi-pow.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jul 7 07:57:42 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Fri, 07 Jul 2017 07:57:42 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.3-119-g61b0f52 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 61b0f52c1cc85bf8c3cac9aba40e28682e4e1b8b (commit) from 66ed4d53789892def7b237756d8a0ab28df9d222 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 61b0f52c1cc85bf8c3cac9aba40e28682e4e1b8b Author: NIIBE Yutaka Date: Fri Jul 7 14:48:17 2017 +0900 mpi: Minor fix of mpi_pow. * mpi/mpi-pow.c (_gcry_mpi_powm): Allocate size fix. -- Same thing of 619ebae9847831f43314a95cc3180f4b329b4d3b applied. Signed-off-by: NIIBE Yutaka diff --git a/mpi/mpi-pow.c b/mpi/mpi-pow.c index 54f477b..62b4a80 100644 --- a/mpi/mpi-pow.c +++ b/mpi/mpi-pow.c @@ -552,8 +552,8 @@ _gcry_mpi_powm (gcry_mpi_t res, struct karatsuba_ctx karactx; mpi_ptr_t tp; - xp_nlimbs = msec? (2 * (msize + 1)):0; - xp = xp_marker = mpi_alloc_limb_space( 2 * (msize + 1), msec ); + xp_nlimbs = msec? size:0; + xp = xp_marker = mpi_alloc_limb_space( size, msec ); memset( &karactx, 0, sizeof karactx ); negative_result = (ep[0] & 1) && bsign; ----------------------------------------------------------------------- Summary of changes: mpi/mpi-pow.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jul 7 08:13:15 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Fri, 07 Jul 2017 08:13:15 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.21-11-g554ded4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via 554ded4854758bf6ca268432fa087f946932a409 (commit) via 12029f83fd0ab3e8ad524f6c9135854662fddfd1 (commit) via b38f4489f75e6e435886aa885807738a22c7ff60 (commit) from 782f804765b6f4226fd77843e59f57dcca61b6fb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 554ded4854758bf6ca268432fa087f946932a409 Author: NIIBE Yutaka Date: Fri Jul 7 15:12:00 2017 +0900 mpi: Minor fix for mpi_pow. * mpi/mpi-pow.c (mpi_powm): Fix allocation size. Signed-off-by: NIIBE Yutaka diff --git a/mpi/mpi-pow.c b/mpi/mpi-pow.c index acddca9..0078b84 100644 --- a/mpi/mpi-pow.c +++ b/mpi/mpi-pow.c @@ -162,7 +162,7 @@ mpi_powm( MPI res, MPI base, MPI exponent, MPI mod) { mpi_size_t i; - mpi_ptr_t xp = xp_marker = mpi_alloc_limb_space( 2 * (msize + 1), msec ); + mpi_ptr_t xp = xp_marker = mpi_alloc_limb_space( size, msec ); int c; mpi_limb_t e; mpi_limb_t carry_limb; @@ -499,7 +499,7 @@ mpi_powm (MPI res, MPI base, MPI expo, MPI mod) struct karatsuba_ctx karactx; mpi_ptr_t tp; - xp = xp_marker = mpi_alloc_limb_space( 2 * (msize + 1), msec ); + xp = xp_marker = mpi_alloc_limb_space( size, msec ); memset( &karactx, 0, sizeof karactx ); negative_result = (ep[0] & 1) && bsign; commit 12029f83fd0ab3e8ad524f6c9135854662fddfd1 Author: NIIBE Yutaka Date: Fri Jul 7 14:38:19 2017 +0900 mpi: Same computation for square and multiply for mpi_pow. * mpi/mpi-pow.c (_gcry_mpi_powm): Compare msize for max_u_size. Move the assignment to base_u into the loop. Copy content refered by RP to BASE_U except the last of the loop. -- Signed-off-by: NIIBE Yutaka (backport commit of libgcrypt master: 78130828e9a140a9de4dafadbc844dbb64cb709a) diff --git a/mpi/mpi-pow.c b/mpi/mpi-pow.c index 76ddf95..acddca9 100644 --- a/mpi/mpi-pow.c +++ b/mpi/mpi-pow.c @@ -387,6 +387,9 @@ mpi_powm (MPI res, MPI base, MPI expo, MPI mod) size = 2 * msize; msign = mod->sign; + ep = expo->d; + MPN_NORMALIZE(ep, esize); + if (esize * BITS_PER_MPI_LIMB > 512) W = 5; else if (esize * BITS_PER_MPI_LIMB > 256) @@ -403,10 +406,9 @@ mpi_powm (MPI res, MPI base, MPI expo, MPI mod) bsec = mpi_is_secure(base); rp = res->d; - ep = expo->d; if (!msize) - msize = 1 / msize; /* provoke a signal */ + msize = 1 / msize; /* provoke a signal */ if (!esize) { @@ -463,7 +465,8 @@ mpi_powm (MPI res, MPI base, MPI expo, MPI mod) } - /* Make BASE, EXPO and MOD not overlap with RES. */ + /* Make BASE, EXPO not overlap with RES. We don't need to check MOD + because that has already been copied to the MP var. */ if ( rp == bp ) { /* RES and BASE are identical. Allocate temp. space for BASE. */ @@ -477,13 +480,6 @@ mpi_powm (MPI res, MPI base, MPI expo, MPI mod) ep = ep_marker = mpi_alloc_limb_space( esize, esec ); MPN_COPY(ep, rp, esize); } - if ( rp == mp ) - { - /* RES and MOD are identical. Allocate temporary space for MOD.*/ - assert (!mp_marker); - mp = mp_marker = mpi_alloc_limb_space( msize, msec ); - MPN_COPY(mp, rp, msize); - } /* Copy base to the result. */ if (res->alloced < size) @@ -529,7 +525,10 @@ mpi_powm (MPI res, MPI base, MPI expo, MPI mod) MPN_COPY (precomp[i], rp, rsize); } + if (msize > max_u_size) + max_u_size = msize; base_u = mpi_alloc_limb_space (max_u_size, esec); + MPN_ZERO (base_u, max_u_size); i = esize - 1; @@ -574,6 +573,10 @@ mpi_powm (MPI res, MPI base, MPI expo, MPI mod) { int c0; mpi_limb_t e0; + struct gcry_mpi w, u; + w.sign = u.sign = 0; + w.flags = u.flags = 0; + w.d = base_u; count_leading_zeros (c0, e); e = (e << c0); @@ -582,7 +585,7 @@ mpi_powm (MPI res, MPI base, MPI expo, MPI mod) e0 = (e >> (BITS_PER_MPI_LIMB - W)); if (c >= W) - c0 =0; + c0 = 0; else { if ( --i < 0 ) @@ -597,7 +600,7 @@ mpi_powm (MPI res, MPI base, MPI expo, MPI mod) e = ep[i]; c = BITS_PER_MPI_LIMB; e0 |= (e >> (BITS_PER_MPI_LIMB - (W - c0))); - } + } } e = e << (W - c0); @@ -607,30 +610,31 @@ mpi_powm (MPI res, MPI base, MPI expo, MPI mod) count_trailing_zeros (c0, e0); e0 = (e0 >> c0) >> 1; - /* - * base_u <= precomp[e0] - * base_u_size <= precomp_size[e0]; - */ - base_u_size = 0; - for (k = 0; k < (1<< (W - 1)); k++) - { - struct gcry_mpi w, u; - w.alloced = w.nlimbs = precomp_size[k]; - u.alloced = u.nlimbs = precomp_size[k]; - w.nbits = w.nlimbs * BITS_PER_MPI_LIMB; - u.nbits = u.nlimbs * BITS_PER_MPI_LIMB; - w.sign = u.sign = 0; - w.flags = u.flags = 0; - w.d = base_u; - u.d = precomp[k]; - - mpi_set_cond (&w, &u, k == e0); - base_u_size |= ( precomp_size[k] & ((mpi_size_t)0 - (k == e0)) ); - } for (j += W - c0; j >= 0; j--) { - mul_mod (xp, &xsize, rp, rsize, - j == 0 ? base_u : rp, j == 0 ? base_u_size : rsize, + + /* + * base_u <= precomp[e0] + * base_u_size <= precomp_size[e0] + */ + base_u_size = 0; + for (k = 0; k < (1<< (W - 1)); k++) + { + w.alloced = w.nlimbs = precomp_size[k]; + u.alloced = u.nlimbs = precomp_size[k]; + u.d = precomp[k]; + + mpi_set_cond (&w, &u, k == e0); + base_u_size |= ( precomp_size[k] & (0UL - (k == e0)) ); + } + + w.alloced = w.nlimbs = rsize; + u.alloced = u.nlimbs = rsize; + u.d = rp; + mpi_set_cond (&w, &u, j != 0); + base_u_size ^= ((base_u_size ^ rsize) & (0UL - (j != 0))); + + mul_mod (xp, &xsize, rp, rsize, base_u, base_u_size, mp, msize, &karactx); tp = rp; rp = xp; xp = tp; rsize = xsize; commit b38f4489f75e6e435886aa885807738a22c7ff60 Author: NIIBE Yutaka Date: Fri Jul 7 14:26:39 2017 +0900 mpi: Simplify mpi_powm. * mpi/mpi-pow.c (_gcry_mpi_powm): Simplify the loop. -- (backport of libgcrypt master commit: 719468e53133d3bdf12156c5bfdea2bf15f9f6f1) Signed-off-by: NIIBE Yutaka diff --git a/mpi/mpi-pow.c b/mpi/mpi-pow.c index 7f23a5a..76ddf95 100644 --- a/mpi/mpi-pow.c +++ b/mpi/mpi-pow.c @@ -564,12 +564,8 @@ mpi_powm (MPI res, MPI base, MPI expo, MPI mod) if (e == 0) { j += c; - i--; - if ( i < 0 ) - { - c = 0; - break; - } + if ( --i < 0 ) + break; e = ep[i]; c = BITS_PER_MPI_LIMB; @@ -584,38 +580,33 @@ mpi_powm (MPI res, MPI base, MPI expo, MPI mod) c -= c0; j += c0; + e0 = (e >> (BITS_PER_MPI_LIMB - W)); if (c >= W) - { - e0 = (e >> (BITS_PER_MPI_LIMB - W)); - e = (e << W); - c -= W; - } + c0 =0; else { - i--; - if ( i < 0 ) + if ( --i < 0 ) { - e = (e >> (BITS_PER_MPI_LIMB - c)); - break; + e0 = (e >> (BITS_PER_MPI_LIMB - c)); + j += c - W; + goto last_step; } - - c0 = c; - e0 = (e >> (BITS_PER_MPI_LIMB - W)) - | (ep[i] >> (BITS_PER_MPI_LIMB - W + c0)); - e = (ep[i] << (W - c0)); - c = BITS_PER_MPI_LIMB - W + c0; + else + { + c0 = c; + e = ep[i]; + c = BITS_PER_MPI_LIMB; + e0 |= (e >> (BITS_PER_MPI_LIMB - (W - c0))); + } } + e = e << (W - c0); + c -= (W - c0); + + last_step: count_trailing_zeros (c0, e0); e0 = (e0 >> c0) >> 1; - for (j += W - c0; j; j--) - { - mul_mod (xp, &xsize, rp, rsize, rp, rsize, mp, msize, &karactx); - tp = rp; rp = xp; xp = tp; - rsize = xsize; - } - /* * base_u <= precomp[e0] * base_u_size <= precomp_size[e0]; @@ -634,24 +625,22 @@ mpi_powm (MPI res, MPI base, MPI expo, MPI mod) u.d = precomp[k]; mpi_set_cond (&w, &u, k == e0); - base_u_size |= (precomp_size[k] & ((mpi_size_t)0 - (k == e0)) ); + base_u_size |= ( precomp_size[k] & ((mpi_size_t)0 - (k == e0)) ); + } + for (j += W - c0; j >= 0; j--) + { + mul_mod (xp, &xsize, rp, rsize, + j == 0 ? base_u : rp, j == 0 ? base_u_size : rsize, + mp, msize, &karactx); + tp = rp; rp = xp; xp = tp; + rsize = xsize; } - mul_mod (xp, &xsize, rp, rsize, base_u, base_u_size, - mp, msize, &karactx); - tp = rp; rp = xp; xp = tp; - rsize = xsize; j = c0; + if ( i < 0 ) + break; } - if (c != 0) - { - j += c; - count_trailing_zeros (c, e); - e = (e >> c); - j -= c; - } - while (j--) { mul_mod (xp, &xsize, rp, rsize, rp, rsize, mp, msize, &karactx); @@ -659,38 +648,6 @@ mpi_powm (MPI res, MPI base, MPI expo, MPI mod) rsize = xsize; } - if (e != 0) - { - base_u_size = 0; - for (k = 0; k < (1<< (W - 1)); k++) - { - struct gcry_mpi w, u; - w.alloced = w.nlimbs = precomp_size[k]; - u.alloced = u.nlimbs = precomp_size[k]; - w.nbits = w.nlimbs * BITS_PER_MPI_LIMB; - u.nbits = u.nlimbs * BITS_PER_MPI_LIMB; - w.sign = u.sign = 0; - w.flags = u.flags = 0; - w.d = base_u; - u.d = precomp[k]; - - mpi_set_cond (&w, &u, k == (e>>1)); - base_u_size |= (precomp_size[k] & ((mpi_size_t)0 - (k == (e>>1))) ); - } - - mul_mod (xp, &xsize, rp, rsize, base_u, base_u_size, - mp, msize, &karactx); - tp = rp; rp = xp; xp = tp; - rsize = xsize; - - for (; c; c--) - { - mul_mod (xp, &xsize, rp, rsize, rp, rsize, mp, msize, &karactx); - tp = rp; rp = xp; xp = tp; - rsize = xsize; - } - } - /* We shifted MOD, the modulo reduction argument, left MOD_SHIFT_CNT steps. Adjust the result by reducing it with the original MOD. ----------------------------------------------------------------------- Summary of changes: mpi/mpi-pow.c | 161 ++++++++++++++++++++++------------------------------------ 1 file changed, 61 insertions(+), 100 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jul 7 10:04:46 2017 From: cvs at cvs.gnupg.org (by Nicole Faerber) Date: Fri, 07 Jul 2017 10:04:46 +0200 Subject: [git] gnupg-doc - branch, master, updated. d83aebe0b394e1da677976fe0e92094e58f50900 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via d83aebe0b394e1da677976fe0e92094e58f50900 (commit) from a69e5c0c1415829c5fa082e2951565ad2e1afb98 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d83aebe0b394e1da677976fe0e92094e58f50900 Author: Nicole Faerber Date: Wed Jun 28 16:54:31 2017 +0200 Updated links and contact info for ordering OpenPGP smartcards and readers Signed-off-by: Nicole Faerber diff --git a/misc/howtos.gnupg.org/card-howto/en/apa.html b/misc/howtos.gnupg.org/card-howto/en/apa.html index c6ada87..fa4b0fe 100644 --- a/misc/howtos.gnupg.org/card-howto/en/apa.html +++ b/misc/howtos.gnupg.org/card-howto/en/apa.html @@ -108,15 +108,15 @@

Currently we know that you may order card - readers from kernelconcepts. The + readers from FLOSS-Shop. The website is only in German, but you can order the "USB Chip-Karten Lesegeraet SCM SCR-335" for 29,00 EUR from all over Europe; either by prepayment via bank transfer or paypal. You have to sent your orders via email to - <order at kernelconcepts.de>. If you + <order at floss-shop.de>. If you have questions considering the order you can - contact <info at kernelconcepts.de> in + contact <info at floss-shop.de> in English or German.

In the UK, SCM card readers can be purchased online from http://www.crownhill.co.uk/. diff --git a/misc/howtos.gnupg.org/card-howto/en/ch02s02.html b/misc/howtos.gnupg.org/card-howto/en/ch02s02.html index b340c94..8250b9b 100644 --- a/misc/howtos.gnupg.org/card-howto/en/ch02s02.html +++ b/misc/howtos.gnupg.org/card-howto/en/ch02s02.html @@ -34,7 +34,7 @@

First you need an OpenPGP compatible smart card which can, for example, be obtained by becoming a fellow of the Free Software Foundation Europe.

Card readers (NOT those used for flash memory cards) can be obtained from computer stores (e.g. http://www.kernelconcepts.de/products/security-en.shtml).

Card readers (NOT those used for flash memory cards) can be obtained from computer stores (e.g. https://www.floss-shop.de/en/security-privacy/).

diff --git a/misc/howtos.gnupg.org/card-howto/en/smartcard-howto-single.html b/misc/howtos.gnupg.org/card-howto/en/smartcard-howto-single.html index dea3cde..1065d90 100644 --- a/misc/howtos.gnupg.org/card-howto/en/smartcard-howto-single.html +++ b/misc/howtos.gnupg.org/card-howto/en/smartcard-howto-single.html @@ -9,7 +9,7 @@

3 independent 1024 bit RSA keys (signing,encryption,authentication).
Key generation on card or import of existing keys.
Signature counter.
Data object to store an URL to access the full OpenPGP public key.
Data objects for card holder name etc.
Data object for login specific data.
Length of PIN between 6 and 254 characters; not restricted to numbers.
T=1 protocol; compatible with most readers.
Specification freely available and usable without any constraints.
Reasonably priced.

Chapter?2.?Installation for GNU/Linux

Table of Contents

2.1. Prerequisites

2.1.1. Installation of GnuPG

2.2. Required Hardware

2.2.1. A List of tested Readers

2.3. Installation of Card Reader

2.3.1. CCID (Chip Card Interface Description)
2.3.2. PC/SC (Personal computer/Smart Card)

Since version 1.3.90 GnuPG supports smart cards by default.

2.1.?Prerequisites

Please make sure that libusb is available prior to building GnuPG. It can be obtained from http://prdownloads.sourceforge.net/libusb. On Debian GNU/Linux a simple apt-get install libusb-dev should be sufficient.

If you are not using an USB reader please also install libpcsclite and libpcsclite-dev. On Debian GNU/Linux a simple apt-get install libpcsclite libpcsclite-dev should be sufficient.

If your reader is a native USB device and supports the CCID (Chip Card Interface Description) specification it is directly supported by GnuPG.

Most USB readers today still behave like serial readers. In this case you need the kernel module pl2303 to access the reader. This module is a "USB Serial Driver" which can be found under Device Drivers->USB-Support->USB Serial Converter Support->USB Prolitic 2303 - in the 2.6 kernel configuration. This module makes sure that the proprietary reader protocol is translated to a standard protocol.

2.1.1.?Installation of GnuPG

Without an installation of GnuPG the OpenPGP card will be of little use. So, please, go ahead and install it.

GnuPG can be downloaded from http://www.gnupg.org/download/index.html. Please use the recent stable version.

After downloading and patching the sources GnuPG is installed with the usual ./configure, make, make install. For further information please refer to the installation instructions shipped with GnuPG.

Note

If you are running Debian GNU/Linux you can also build your own Debian package with dh_make and debuild in the source directory. After that you can install it the usual way with dpkg -i gnupg-version.deb

If you are using the 1.9 branch of GnuPG and plan to use the PC/SC driver you should now install the software to make sure that the pcsc wrapper binary will be available at the right place.

2.2.?Required Hardware

First you need an OpenPGP compatible smart card which can, for example, be obtained by becoming a fellow of the Free Software Foundation Europe.

Card readers (NOT those used for flash memory cards) can be obtained from computer stores (e.g. http://www.kernelconcepts.de/products/security-en.shtml).

2.2.1.?A List of tested Readers

Please note that the USB device class for USB readers is 11 (or 0x0B in hex).

SCM Microsystems SCR335

This is a small USB reader (CCID; 65*45*8mm) + in the 2.6 kernel configuration. This module makes sure that the proprietary reader protocol is translated to a standard protocol.

2.1.1.?Installation of GnuPG

Without an installation of GnuPG the OpenPGP card will be of little use. So, please, go ahead and install it.

GnuPG can be downloaded from http://www.gnupg.org/download/index.html. Please use the recent stable version.

Note

If you are using the 1.9 branch of GnuPG and plan to use the PC/SC driver you should now install the software to make sure that the pcsc wrapper binary will be available at the right place.

2.2.?Required Hardware

First you need an OpenPGP compatible smart card which can, for example, be obtained by becoming a fellow of the Free Software Foundation Europe.

Card readers (NOT those used for flash memory cards) can be obtained from computer stores (e.g. https://www.floss-shop.de/en/security-privacy/).

2.2.1.?A List of tested Readers

Please note that the USB device class for USB readers is 11 (or 0x0B in hex).

SCM Microsystems SCR335

This is a small USB reader (CCID; 65*45*8mm) supported by GnuPG directly as well as by pcsclite. This very device is actually the first reader supported by GnuPG and the reason for the internal @@ -389,15 +389,15 @@ sub 1024R/F6518D6B created: 2005-03-05 expires: never usage: E [ultimate] (1). Archibald Goodwin (The Tester) <archi at foobar.example>

First create a signing key. If this kind of key already exists on the card, a security question has to be answered. Run save to commit the changes to the card. The key on the card will not be removed if you do not save the changes. You can create another subkey by again calling addcardkey. Choose the encryption key and proceed as explained.

Note

gpg will always use the latest created key of a given type.

There is no direct way to create a backup key of the card's decryption key like it is done with the generate command.

Note

Make a copy of your secret key before running the following commands. Otherwise the whole procedure will be pointless.

A few steps more will help you to achieve this goal. First create a regular RSA subkey of 1024 bit length using the addkey command. Then select this new key and run keytocard. gpg transfers the key to the card and replaces the existing secret key with a stub.

Appendix?A.?Appendix

Table of Contents

A.1. A small OpenPGP card FAQ
Glossary
Further resources

A.1.?A small OpenPGP card FAQ

A.1.1. If I'm correctly informed GnuPG and smartcards use 1024 Bit RSA. Some say the security level of RSA-1024 is comparable too about 80 Bit symmetric key and cannot be regarded as highly secure.
A.1.2. Where do I get a reader?
A.1.3. How do I use the cryptocard on MacOSX?
A.1.4. I am having problems, where do I get further help?

A.1.1.	If I'm correctly informed GnuPG and smartcards use 1024 Bit RSA. Some say the security level of RSA-1024 is comparable too about 80 Bit symmetric key and cannot be regarded as highly secure.
	The quality and security of the implementation and the entire environment and not the length of the key protect the secret key against a compromise by any non-physical attack. 2048 bit RSA is possible but at the moment far too expensive. The specification allows for 2048 Bit RSA cards. Feel free to build one.
A.1.2.	Where do I get a reader?
	Currently we know that you may order card - readers from kernelconcepts. The + readers from FLOSS-Shop. The website is only in German, but you can order the "USB Chip-Karten Lesegeraet SCM SCR-335" for 29,00 EUR from all over Europe; either by prepayment via bank transfer or paypal. You have to sent your orders via email to - `<order at kernelconcepts.de>`. If you + `<order at floss-shop.de>`. If you have questions considering the order you can - contact `<info at kernelconcepts.de>` in + contact `<info at floss-shop.de>` in English or German. In the UK, SCM card readers can be purchased online from http://www.crownhill.co.uk/.
A.1.3.	How do I use the cryptocard on MacOSX?
	There is a description on http://www.py-soft.co.uk/~benjamin/download/mac-gpg/.
A.1.4.	I am having problems, where do I get further diff --git a/misc/howtos.gnupg.org/card-howto/en/smartcard-howto.txt b/misc/howtos.gnupg.org/card-howto/en/smartcard-howto.txt index fd62399..0723ea9 100644 --- a/misc/howtos.gnupg.org/card-howto/en/smartcard-howto.txt +++ b/misc/howtos.gnupg.org/card-howto/en/smartcard-howto.txt @@ -189,7 +189,7 @@ Note Card readers (NOT those used for flash memory cards) can be obtained from computer stores (e.g. - [47]http://www.kernelconcepts.de/products/security-en.shtml). + [47]https://www.floss-shop.de/en/security-privacy/). 2.2.1. A List of tested Readers @@ -1148,12 +1148,12 @@ A.1. A small OpenPGP card FAQ Where do I get a reader? Currently we know that you may order card readers from - [73]kernelconcepts. The website is only in German, but you can order + [73]FLOSS-Shop. The website is only in German, but you can order the "USB Chip-Karten Lesegeraet SCM SCR-335" for 29,00 EUR from all over Europe; either by prepayment via bank transfer or paypal. You - have to sent your orders via email to <[74]order at kernelconcepts.de>. + have to sent your orders via email to <[74]order at floss-shop.de>. If you have questions considering the order you can contact - <[75]info at kernelconcepts.de> in English or German. + <[75]info at floss-shop.de> in English or German. In the UK, SCM card readers can be purchased online from [76]http://www.crownhill.co.uk/. @@ -1256,7 +1256,7 @@ References 44. http://www.gnupg.org/download/index.html 45. https://www.fsfe.org/join_us/ 46. http://www.fsfeurope.org/ - 47. http://www.kernelconcepts.de/products/security-en.shtml + 47. https://www.floss-shop.de/en/security-privacy/ 48. http://www.fsfe.org/en/content/download/17665/125518/file/gnupg-ccid.rules 49. file://localhost/home/wk/w/card-howto/build/smartcard-howto-single.html 50. file://localhost/home/wk/w/card-howto/build/smartcard-howto-single.html#features @@ -1282,9 +1282,9 @@ References 70. file://localhost/home/wk/w/card-howto/build/smartcard-howto-single.html#id2507324 71. file://localhost/home/wk/w/card-howto/build/smartcard-howto-single.html#id2508313 72. file://localhost/home/wk/w/card-howto/build/smartcard-howto-single.html#id2508338 - 73. http://www.kernelconcepts.de/products/security.shtml - 74. mailto:order at kernelconcepts.de - 75. mailto:info at kernelconcepts.de + 73. https://www.floss-shop.de/en/security-privacy/ + 74. mailto:order at floss-shop.de + 75. mailto:info at floss-shop.de 76. file://localhost/home/wk/w/card-howto/build/smartcard-howto-single.html 77. http://www.py-soft.co.uk/~benjamin/download/mac-gpg/ 78. http://www.gnupg.org/documentation/mailing-lists.html ----------------------------------------------------------------------- Summary of changes: misc/howtos.gnupg.org/card-howto/en/apa.html \| 6 +++--- misc/howtos.gnupg.org/card-howto/en/ch02s02.html \| 2 +- .../card-howto/en/smartcard-howto-single.html \| 8 ++++---- misc/howtos.gnupg.org/card-howto/en/smartcard-howto.txt \| 16 ++++++++-------- 4 files changed, 16 insertions(+), 16 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jul 7 14:56:56 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Fri, 07 Jul 2017 14:56:56 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.21-15-g6b4abf1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via 6b4abf1d491d30a6bdaeb2c425c780cacd65bab4 (commit) via 1b1f44846b5f21a80ed101f2284ce5f6e8849ee7 (commit) via 994d5b707559a800a650dc7f273372f509d74780 (commit) via 8fd9f72e1b2e578e45c98c978cab4f6d47683d2c (commit) from 554ded4854758bf6ca268432fa087f946932a409 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6b4abf1d491d30a6bdaeb2c425c780cacd65bab4 Author: NIIBE Yutaka Date: Fri Jul 7 21:53:12 2017 +0900 gpg: Fix memory leak. * g10/textfilter.c (copy_clearsig_text): Free the buffer. -- Signed-off-by: NIIBE Yutaka (backport from master commit: 6b9a89e4c7d6f19de62e0a908a8d80c98bf99819) diff --git a/g10/textfilter.c b/g10/textfilter.c index 79f2f67..a92a53d 100644 --- a/g10/textfilter.c +++ b/g10/textfilter.c @@ -245,5 +245,6 @@ copy_clearsig_text( IOBUF out, IOBUF inp, MD_HANDLE md, if( truncated ) log_info(_("input line longer than %d characters\n"), MAX_LINELEN ); + xfree (buffer); return 0; /* okay / } commit 1b1f44846b5f21a80ed101f2284ce5f6e8849ee7 Author: NIIBE Yutaka Date: Fri Jul 7 21:51:42 2017 +0900 rsa: Reduce secmem pressure. cipher/rsa.c (secret): Don't keep secmem. Signed-off-by: NIIBE Yutaka diff --git a/cipher/rsa.c b/cipher/rsa.c index 84a1af0..51b7640 100644 --- a/cipher/rsa.c +++ b/cipher/rsa.c @@ -341,22 +341,29 @@ secret(MPI output, MPI input, RSA_secret_key skey ) mpi_set_highbit (rr, rr_nbits - 1); mpi_sub_ui( h, skey->p, 1 ); mpi_mul ( D_blind, h, rr ); + mpi_free ( rr ); mpi_fdiv_r( h, skey->d, h ); mpi_add ( D_blind, D_blind, h ); + mpi_free ( h ); mpi_powm ( m1, input, D_blind, skey->p ); + h = mpi_alloc_secure (nlimbs); + rr = mpi_alloc_secure ( (rr_nbits + BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB ); + / d_blind = (d mod (q-1)) + (q-1) * r / / m2 = c ^ d_blind mod q / randomize_mpi (rr, rr_nbits, 0); mpi_set_highbit (rr, rr_nbits - 1); mpi_sub_ui( h, skey->q, 1 ); mpi_mul ( D_blind, h, rr ); + mpi_free ( rr ); mpi_fdiv_r( h, skey->d, h ); mpi_add ( D_blind, D_blind, h ); + mpi_free ( h ); mpi_powm ( m2, input, D_blind, skey->q ); - mpi_free ( rr ); mpi_free ( D_blind ); + h = mpi_alloc_secure (nlimbs); / h = u * ( m2 - m1 ) mod q / mpi_sub( h, m2, m1 ); commit 994d5b707559a800a650dc7f273372f509d74780 Author: NIIBE Yutaka Date: Fri Jul 7 21:20:56 2017 +0900 rsa: Allow different build directory. cipher/Makefile.am (AM_CPPFLAGS): Add mpi dirs. * cipher/rsa.c: Change include file. Signed-off-by: NIIBE Yutaka diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 6b923b2..bd79fbc 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -17,7 +17,7 @@ # along with this program; if not, see . ## Process this file with automake to produce Makefile.in -AM_CPPFLAGS = -I.. -I$(top_srcdir)/include -I$(top_srcdir)/intl +AM_CPPFLAGS = -I.. -I$(top_srcdir)/include -I$(top_srcdir)/intl -I$(top_srcdir)/mpi -I../mpi if ! HAVE_DOSISH_SYSTEM AM_CPPFLAGS += -DGNUPG_LIBDIR="\"$(libdir)/@PACKAGE@\"" diff --git a/cipher/rsa.c b/cipher/rsa.c index 5d7b4f7..84a1af0 100644 --- a/cipher/rsa.c +++ b/cipher/rsa.c @@ -29,7 +29,7 @@ #include #include "util.h" #include "mpi.h" -#include "../mpi/mpi-internal.h" +#include "mpi-internal.h" #include "cipher.h" #include "rsa.h" commit 8fd9f72e1b2e578e45c98c978cab4f6d47683d2c Author: Marcus Brinkmann Date: Fri Jul 7 21:03:10 2017 +0900 rsa: Add exponent blinding. * cipher/rsa.c (secret_core_crt): Blind secret D with randomized nonce R for mpi_powm computation. -- Backport of libgcrypt 8725c99ffa41778f382ca97233183bcd687bb0ce. Signed-off-by: Marcus Brinkmann diff --git a/cipher/rsa.c b/cipher/rsa.c index 5efab1d..5d7b4f7 100644 --- a/cipher/rsa.c +++ b/cipher/rsa.c @@ -29,6 +29,7 @@ #include #include "util.h" #include "mpi.h" +#include "../mpi/mpi-internal.h" #include "cipher.h" #include "rsa.h" @@ -325,14 +326,38 @@ secret(MPI output, MPI input, RSA_secret_key skey ) # endif / USE_BLINDING / / RSA secret operation: / - / m1 = c ^ (d mod (p-1)) mod p / + MPI D_blind = mpi_alloc_secure (nlimbs); + MPI rr; + unsigned int rr_nbits; + + rr_nbits = mpi_get_nbits (skey->p) / 4; + if (rr_nbits < 96) + rr_nbits = 96; + rr = mpi_alloc_secure ( (rr_nbits + BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB ); + + / d_blind = (d mod (p-1)) + (p-1) * r / + / m1 = c ^ d_blind mod p / + randomize_mpi (rr, rr_nbits, 0); + mpi_set_highbit (rr, rr_nbits - 1); mpi_sub_ui( h, skey->p, 1 ); + mpi_mul ( D_blind, h, rr ); mpi_fdiv_r( h, skey->d, h ); - mpi_powm( m1, input, h, skey->p ); - / m2 = c ^ (d mod (q-1)) mod q / + mpi_add ( D_blind, D_blind, h ); + mpi_powm ( m1, input, D_blind, skey->p ); + + / d_blind = (d mod (q-1)) + (q-1) * r / + / m2 = c ^ d_blind mod q / + randomize_mpi (rr, rr_nbits, 0); + mpi_set_highbit (rr, rr_nbits - 1); mpi_sub_ui( h, skey->q, 1 ); + mpi_mul ( D_blind, h, rr ); mpi_fdiv_r( h, skey->d, h ); - mpi_powm( m2, input, h, skey->q ); + mpi_add ( D_blind, D_blind, h ); + mpi_powm ( m2, input, D_blind, skey->q ); + + mpi_free ( rr ); + mpi_free ( D_blind ); + / h = u * ( m2 - m1 ) mod q / mpi_sub( h, m2, m1 ); if ( mpi_is_neg( h ) ) ----------------------------------------------------------------------- Summary of changes: cipher/Makefile.am \| 2 +- cipher/rsa.c \| 40 ++++++++++++++++++++++++++++++++++++---- g10/textfilter.c \| 1 + 3 files changed, 38 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sat Jul 8 21:42:38 2017 From: cvs at cvs.gnupg.org (by Yuri Chornoivan) Date: Sat, 08 Jul 2017 21:42:38 +0200 Subject: [git] Scute - branch, master, updated. scute-1.3.0-72-g4553ff2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "PKCS#11 token on top of gpg-agent". The branch, master has been updated via 4553ff2027fdc494c56bb0fa6bdc1df0779ec13c (commit) from 5ef976c40007ba2b062e9bd63e35bca894c3d9a0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4553ff2027fdc494c56bb0fa6bdc1df0779ec13c Author: Yuri Chornoivan Date: Sat Jul 8 21:15:42 2017 +0200 Fix minor typos in doc and comments. -- Signed-off-by: Damien Goutte-Gattat diff --git a/doc/manual/scute.texi b/doc/manual/scute.texi index 392cc98..523a6da 100644 --- a/doc/manual/scute.texi +++ b/doc/manual/scute.texi @@ -201,7 +201,7 @@ of Scute into the application is seamless. Scute is a security device that implements the PKCS #11 interface for security tokens. Applications which know how to use the PKCS #11 -interface to access security tokens for crytpographic operations can use +interface to access security tokens for cryptographic operations can use Scute to access the OpenPGP smart card. An important example of such an application is the Firefox web browser by the Mozilla project, which uses the Mozilla Network Security Services library (NSS). diff --git a/src/agent.c b/src/agent.c index cfc9a56..108e1ea 100644 --- a/src/agent.c +++ b/src/agent.c @@ -395,7 +395,7 @@ unescape_status_string (const unsigned char src) } -/* Take a 20 byte hexencoded string and put it into the the provided +/* Take a 20 byte hexencoded string and put it into the provided 20 byte buffer FPR in binary format. Returns true if successful, and false otherwise. / static int diff --git a/src/sexp-parse.h b/src/sexp-parse.h index f68c552..f2edafa 100644 --- a/src/sexp-parse.h +++ b/src/sexp-parse.h @@ -89,7 +89,7 @@ sskip (unsigned char const buf, int depth) } -/* Check whether the the string at the address BUF points to matches +/* Check whether the string at the address BUF points to matches the token. Return true on match and update BUF to point behind the token. Return false and do not update the buffer if it does not match. / ----------------------------------------------------------------------- Summary of changes: doc/manual/scute.texi \| 2 +- src/agent.c \| 2 +- src/sexp-parse.h \| 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) hooks/post-receive -- PKCS#11 token on top of gpg-agent http://git.gnupg.org From cvs at cvs.gnupg.org Sun Jul 9 22:46:39 2017 From: cvs at cvs.gnupg.org (by Damien Goutte-Gattat) Date: Sun, 09 Jul 2017 22:46:39 +0200 Subject: [git] Scute - branch, master, updated. scute-1.3.0-73-g21baad8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "PKCS#11 token on top of gpg-agent". The branch, master has been updated via 21baad873862352833fc54eb85fb490522955e6f (commit) from 4553ff2027fdc494c56bb0fa6bdc1df0779ec13c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 21baad873862352833fc54eb85fb490522955e6f Author: Damien Goutte-Gattat Date: Sun Jul 9 22:40:51 2017 +0200 Update manual. doc/manual/scute.texi: Update some links. Refer to GnuPG 2 instead of GnuPG 2.0. Signed-off-by: Damien Goutte-Gattat diff --git a/doc/manual/scute.texi b/doc/manual/scute.texi index 523a6da..705935c 100644 --- a/doc/manual/scute.texi +++ b/doc/manual/scute.texi @@ -191,7 +191,7 @@ in the future. @item it's easy Building and installing Scute is easy, and preparing smart cards for use -with Scute is a snatch using the GnuPG 2.0 framework. The integration +with Scute is a snatch using the GnuPG 2 framework. The integration of Scute into the application is seamless. @end table @@ -207,9 +207,9 @@ application is the Firefox web browser by the Mozilla project, which uses the Mozilla Network Security Services library (NSS). Scute itself does not include a driver for the smart card itself. -Instead, it uses the GnuPG 2.0 framework to access the smart cards and +Instead, it uses the GnuPG 2 framework to access the smart cards and associated data like certificates. Scute acts as the glue between the -application and GnuPG 2.0. +application and GnuPG 2. Currently supported usages are client authentication over HTTPS with Firefox (allowing users to authenticate themselves to a remote web @@ -246,11 +246,11 @@ following packages at build time: @table @code @item libgpg-error -Scute uses the GnuPG 2.0 framework for error handling, so it depends on +Scute uses the GnuPG 2 framework for error handling, so it depends on the GPG error library. The minimum version required is 1.14. @item libassuan -Scute uses the GnuPG 2.0 framework for communication with the GPG Agent, +Scute uses the GnuPG 2 framework for communication with the GPG Agent, so it depends on the Assuan library. The minimum version required is 2.0.0. @end table @@ -261,13 +261,13 @@ configured: @table @asis @item GnuPG -Scute uses the GnuPG 2.0 framework to access the OpenPGP card and for +Scute uses the GnuPG 2 framework to access the OpenPGP card and for certificate management. The minimum version required is 2.0.0 for client authentication with TLS 1.0 and 1.1. Client authentication with TLS 1.2, email and document signing require GnuPG 2.1.0. @item Pinentry -Pinentry is a dependency of GnuPG 2.0, so it also needs to be installed +Pinentry is a dependency of GnuPG 2, so it also needs to be installed with it. @item Firefox et al. @@ -617,8 +617,9 @@ prompted for your User PIN when you will click the @code{Export} button. device manager of Firefox fails with "Unable to load module". @strong{Solution:} Make sure that Scute is correctly installed, and that -all libraries and executables are available. Make sure that the GPG -Agent is running and can be found via the environment variable +all libraries and executables are available. If you are using GnuPG +2.0 (instead of 2.1), you may need to make sure that the GPG Agent is +running and can be found via the environment variable @code{GPG_AGENT_INFO}. @xref{Invoking GPG-AGENT, , , gnupg, Using the GNU Privacy Guard}, for details on how to run the GPG Agent. @@ -661,7 +662,7 @@ its scope and potential compatibility issues with applications. @section Features and Limitations Scute implements version 2.20 of the - at uref{http://www.rsasecurity.com/rsalabs/node.asp?id=2133, PKCS #11} + at uref{https://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs-11-cryptographic-token-interface-standard.htm, PKCS #11} specification. The @uref{http://www.g10code.com/p-card.html,OpenPGP smart card} @@ -787,24 +788,19 @@ There is a different, probably more powerful way to debug Mozilla PKCS #11 libraries. However, to be able to use it, you need to configure and compile the Mozilla NSS sources with @code{--enable-debug}. Instructions can be found at: - at uref{http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn2.html} + at uref{https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/nss_tech_notes} Here are a couple of links to more information about implementing a PKCS #11 module for Mozilla: @table @uref - at item http://docs.sun.com/source/816-6150-10/index.htm - at itemx http://docs.sun.com/source/816-6150-10/pkcs.htm -Implementing PKCS #11 for the Netscape Security Library (Caution: The -content may be out of date) + at item https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/PKCS11_Implement +Guidelines for implementors of PKCS #11 modules targeting Mozilla - at item http://www.mozilla.org/projects/security/pki/pkcs11/netscape/problems.html -Common PKCS #11 Implementation Problems - - at item http://www.mozilla.org/projects/security/pki/pkcs11/ + at item http://www-archive.mozilla.org/projects/security/pki/pkcs11/ PKCS #11 Conformance Testing - at item http://www.mozilla.org/projects/security/pki/nss/ + at item https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS The Mozilla NSS web page @end table ----------------------------------------------------------------------- Summary of changes: doc/manual/scute.texi \| 36 ++++++++++++++++-------------------- 1 file changed, 16 insertions(+), 20 deletions(-) hooks/post-receive -- PKCS#11 token on top of gpg-agent http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jul 10 09:08:00 2017 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Mon, 10 Jul 2017 09:08:00 +0200 Subject: [git] gnupg-doc - branch, master, updated. eb1300cb8d13bee8df32e3856f37056cb50107e2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via eb1300cb8d13bee8df32e3856f37056cb50107e2 (commit) from d83aebe0b394e1da677976fe0e92094e58f50900 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit eb1300cb8d13bee8df32e3856f37056cb50107e2 Author: Neal H. Walfield Date: Thu Jul 6 12:09:16 2017 +0200 campaign: Change video of the day to DKG. diff --git a/web/donate/index.de.org b/web/donate/index.de.org index 7b624e4..fea3335 100644 --- a/web/donate/index.de.org +++ b/web/donate/index.de.org @@ -222,8 +222,9 @@ href="/cgi-bin/procdonate.cgi?mode=preset&lang=de" - Video des Tages: C?dric Laurant - SonTusDatos + Video des Tages: Daniel Kahn Gillmor + Debian and the + American Civil Liberties Union diff --git a/web/donate/index.fr.org b/web/donate/index.fr.org index cf93053..4289738 100644 --- a/web/donate/index.fr.org +++ b/web/donate/index.fr.org @@ -215,8 +215,9 @@ - Clip du jour?: C?dric Laurant - SonTusDatos + Clip du jour?: Daniel Kahn Gillmor + Debian and the + American Civil Liberties Union diff --git a/web/donate/index.ja.org b/web/donate/index.ja.org index cd9ddd0..45661a0 100644 --- a/web/donate/index.ja.org +++ b/web/donate/index.ja.org @@ -202,8 +202,9 @@ - ?????: C?dric Laurant - SonTusDatos + ?????: Daniel Kahn Gillmor + Debian and the + American Civil Liberties Union diff --git a/web/donate/index.org b/web/donate/index.org index 8e498e7..192052d 100644 --- a/web/donate/index.org +++ b/web/donate/index.org @@ -217,8 +217,9 @@ - Video of the Day: C?dric Laurant - SonTusDatos + Video of the Day: Daniel Kahn Gillmor + Debian and the + American Civil Liberties Union diff --git a/web/share/campaign/campaign.js b/web/share/campaign/campaign.js index 28453ca..ecde921 100644 --- a/web/share/campaign/campaign.js +++ b/web/share/campaign/campaign.js @@ -89,7 +89,7 @@ function get_param_from_url(name) { $(document).ready(function() { // VOTD: Update VOTD here. - let VIDLIST = "cedric,michael,sheera,meik,seamus,andrew,geoffrey,hernani,leez,noah,c5,jochim,john,jason,sze,rysiek,ksenia,cindy,matt,thenmozhi,alex,andre,benjamin"; + let VIDLIST = "daniel,cedric,michael,sheera,meik,seamus,andrew,geoffrey,hernani,leez,noah,c5,jochim,john,jason,sze,rysiek,ksenia,cindy,matt,thenmozhi,alex,andre,benjamin"; let YTID = { "main": "wNHhkntqklg", "thenmozhi": "sQMj332dgIE", @@ -98,7 +98,6 @@ $(document).ready(function() { "matt": "5MCGTd8pOG4", "john": "iRuo57Hzask", "jason": "oQvP9SXm-ek", - "daniel": "coFFCJlMRjk", "cindy": "IdCiJMc3q80", "benjamin": "atFz16nInIs", "arthur": "Js_OqRLm9F4", @@ -116,7 +115,8 @@ $(document).ready(function() { "meik": "j0Zd0wZyLP8", "sheera": "mak22hXcslg", "michael": "MSu_FF49MtU", - "cedric": "-Rkrf9GIw8M" + "cedric": "-Rkrf9GIw8M", + "daniel": "SdlnauJ5XWM" }; /* For the video preview, we use this for devices without hover events. / diff --git a/web/share/campaign/img/thumbs/daniel.jpg b/web/share/campaign/img/thumbs/daniel.jpg index ae1fd09..4c2ce60 100644 Binary files a/web/share/campaign/img/thumbs/daniel.jpg and b/web/share/campaign/img/thumbs/daniel.jpg differ ----------------------------------------------------------------------- Summary of changes: web/donate/index.de.org \| 5 +++-- web/donate/index.fr.org \| 5 +++-- web/donate/index.ja.org \| 5 +++-- web/donate/index.org \| 5 +++-- web/share/campaign/campaign.js \| 6 +++--- web/share/campaign/img/thumbs/daniel.jpg \| Bin 76314 -> 118827 bytes 6 files changed, 15 insertions(+), 11 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jul 10 14:27:40 2017 From: cvs at cvs.gnupg.org (by Marcus Brinkmann) Date: Mon, 10 Jul 2017 14:27:40 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.21-86-g1455b40 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 1455b406e63dd262938e49da5f83c05c17c60a8d (commit) from 243b2a570c30586e19b8c88e43b282d62d8eb77c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1455b406e63dd262938e49da5f83c05c17c60a8d Author: Marcus Brinkmann Date: Mon Jul 10 14:25:59 2017 +0200 speedo: Provide a vagrantfile to test speedo in an isolated VM. build-aux/Vagrantfile: New file. Signed-off-by: Marcus Brinkmann diff --git a/build-aux/Vagrantfile b/build-aux/Vagrantfile new file mode 100644 index 0000000..e4252aa --- /dev/null +++ b/build-aux/Vagrantfile @@ -0,0 +1,36 @@ +# -- mode: ruby -- +# vi: set ft=ruby : + +# This Vagrantfile installs all build dependencies for speedo and runs it to compile all of gnupg. + +$script = <

Video des Tages: Meik Michalke - Cultural Commons Collecting Society +

Video des Tages: Sheera Frenkel + BuzzFeed News + (Now with The New York Times) +

Clip du jour?: Meik Michalke - Cultural Commons Collecting Society +

Clip du jour?: Sheera Frenkel + BuzzFeed News + (Now with The New York Times) +

?????: Meik Michalke - Cultural Commons Collecting Society +

?????: Sheera Frenkel + BuzzFeed News + (Now with The New York Times) +

Video of the Day: Meik Michalke - Cultural Commons Collecting Society +

Video of the Day: Sheera Frenkel + BuzzFeed News + (Now with The New York Times) +

Video des Tages: Sheera Frenkel - BuzzFeed News - (Now with The New York Times) - +

Video des Tages: Michael Stehmann + Lawyer

Clip du jour?: Sheera Frenkel - BuzzFeed News - (Now with The New York Times) - +

Clip du jour?: Michael Stehmann + Lawyer

?????: Sheera Frenkel - BuzzFeed News - (Now with The New York Times) - +

?????: Michael Stehmann + Lawyer

Video of the Day: Sheera Frenkel - BuzzFeed News - (Now with The New York Times) - +

Video of the Day: Michael Stehmann + Lawyer

Video des Tages: Michael Stehmann - Lawyer +

Video des Tages: C?dric Laurant + SonTusDatos

Clip du jour?: Michael Stehmann - Lawyer +

Clip du jour?: C?dric Laurant + SonTusDatos

?????: Michael Stehmann - Lawyer +

?????: C?dric Laurant + SonTusDatos

Video of the Day: Michael Stehmann - Lawyer +

Video of the Day: C?dric Laurant + SonTusDatos

Bug Reports

Chapter?2.?Installation for GNU/Linux

2.1.?Prerequisites

2.1.1.?Installation of GnuPG

Note

2.2.?Required Hardware

2.2.1.?A List of tested Readers

SCM Microsystems SCR335

2.1.1.?Installation of GnuPG

Note

2.2.?Required Hardware

2.2.1.?A List of tested Readers

SCM Microsystems SCR335

Note

Note

Appendix?A.?Appendix

A.1.?A small OpenPGP card FAQ

Video des Tages: C?dric Laurant - SonTusDatos +

Video des Tages: Daniel Kahn Gillmor + Debian and the + American Civil Liberties Union

Clip du jour?: C?dric Laurant - SonTusDatos +

Clip du jour?: Daniel Kahn Gillmor + Debian and the + American Civil Liberties Union

?????: C?dric Laurant - SonTusDatos +

?????: Daniel Kahn Gillmor + Debian and the + American Civil Liberties Union

Video of the Day: C?dric Laurant - SonTusDatos +

Video of the Day: Daniel Kahn Gillmor + Debian and the + American Civil Liberties Union