From cvs at cvs.gnupg.org Wed Mar 1 07:20:23 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 01 Mar 2017 07:20:23 +0100 Subject: [git] gnupg-doc - branch, master, updated. 615025b52ac8ab7130240266439b4a6a678ed69f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 615025b52ac8ab7130240266439b4a6a678ed69f (commit) from 2adb2557b87eb05afe307c2acd6a245501f26f87 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 615025b52ac8ab7130240266439b4a6a678ed69f Author: Werner Koch Date: Wed Mar 1 07:17:43 2017 +0100 web: Marcus is back diff --git a/web/people/index.org b/web/people/index.org index 6952043..341e613 100644 --- a/web/people/index.org +++ b/web/people/index.org @@ -56,13 +56,13 @@ #+HTML:

#+HTML: - /Hacker emeritus/ + /Hacker/ Marcus is part of the free software community since 1997, when he joined the [[http://www.debian.org][Debian]] project. Probably best known for his past work - on GNU/Hurd, he also has a diploma degree in mathematics, and was + on GNU/Hurd, he also has a diploma degree in mathematics, and is employed by [[https://g10code.com][g10^code]] to work on the GnuPG and related software from - 2001 to 2012. + 2001 to 2012 and again since 2017. #+HTML:

----------------------------------------------------------------------- Summary of changes: web/people/index.org | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 1 11:20:35 2017 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Wed, 01 Mar 2017 11:20:35 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.8.0-88-gd632580 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via d63258066d008de113ed1170f1b0e787a5bdaba1 (commit) via fbafb5474d8898ba1b267f4b4dfbefe39f04e72f (commit) from 5b49095b89b07591c69827df3973ffabfb3e97b8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d63258066d008de113ed1170f1b0e787a5bdaba1 Author: Andre Heinecke Date: Wed Mar 1 11:17:27 2017 +0100 cpp: Add interactor to generate keys on smartcard * lang/cpp/src/editinteractor.cpp (EditInteractor::needsNoResponse): Handle new states. * lang/cpp/src/gpggencardkeyinteractor.cpp, lang/cpp/src/gpggencardkeyinteractor.h: New. * lang/cpp/src/Makefile.am: Update accordingly. diff --git a/NEWS b/NEWS index d1042c6..4ad1cea 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,8 @@ Noteworthy changes in version 1.8.1 (unreleased) * cpp: Support for adduid and revuid operations. + * cpp: Support for smartcard key generation. + * Interface changes relative to the 1.8.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gpgme_strerror_r CHANGED: Use gpgme_error_t (compatible type). @@ -16,6 +18,7 @@ Noteworthy changes in version 1.8.1 (unreleased) cpp: Context::startAddUid(const Key&, const char*) NEW. cpp: Key::UserID::revoke() NEW. cpp: Key::addUid() NEW. + cpp: GpgGenCardKeyInteractor NEW. qt: CryptoConfig::stringValueList() NEW. gpgme_data_rewind UN-DEPRECATE. py: Context.__init__ EXTENDED: New keyword arg home_dir. diff --git a/lang/cpp/src/Makefile.am b/lang/cpp/src/Makefile.am index c62bd6c..4028b3d 100644 --- a/lang/cpp/src/Makefile.am +++ b/lang/cpp/src/Makefile.am @@ -31,7 +31,8 @@ main_sources = \ signingresult.cpp encryptionresult.cpp \ engineinfo.cpp gpgsetexpirytimeeditinteractor.cpp \ gpgsetownertrusteditinteractor.cpp gpgsignkeyeditinteractor.cpp \ - gpgadduserideditinteractor.cpp defaultassuantransaction.cpp \ + gpgadduserideditinteractor.cpp gpggencardkeyinteractor.cpp \ + defaultassuantransaction.cpp \ scdgetinfoassuantransaction.cpp gpgagentgetinfoassuantransaction.cpp \ vfsmountresult.cpp configuration.cpp tofuinfo.cpp swdbresult.cpp @@ -42,6 +43,7 @@ gpgmepp_headers = \ gpgadduserideditinteractor.h gpgagentgetinfoassuantransaction.h \ gpgmefw.h gpgsetexpirytimeeditinteractor.h \ gpgsetownertrusteditinteractor.h gpgsignkeyeditinteractor.h \ + gpggencardkeyinteractor.h \ importresult.h keygenerationresult.h key.h keylistresult.h \ notation.h result.h scdgetinfoassuantransaction.h signingresult.h \ trustitem.h verificationresult.h vfsmountresult.h gpgmepp_export.h \ diff --git a/lang/cpp/src/editinteractor.cpp b/lang/cpp/src/editinteractor.cpp index 31591fa..b652bda 100644 --- a/lang/cpp/src/editinteractor.cpp +++ b/lang/cpp/src/editinteractor.cpp @@ -212,6 +212,8 @@ bool EditInteractor::needsNoResponse(unsigned int status) const case GPGME_STATUS_KEY_CREATED: case GPGME_STATUS_NEED_PASSPHRASE_SYM: case GPGME_STATUS_SC_OP_FAILURE: + case GPGME_STATUS_CARDCTRL: + case GPGME_STATUS_BACKUP_KEY_CREATED: return false; default: return true; diff --git a/lang/cpp/src/gpggencardkeyinteractor.cpp b/lang/cpp/src/gpggencardkeyinteractor.cpp new file mode 100644 index 0000000..90329e2 --- /dev/null +++ b/lang/cpp/src/gpggencardkeyinteractor.cpp @@ -0,0 +1,332 @@ +/* + gpggencardkeyinteractor.cpp - Edit Interactor to generate a key on a card + Copyright (C) 2017 Intevation GmbH + + This file is part of GPGME++. + + GPGME++ is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + GPGME++ is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Library General Public License for more details. + + You should have received a copy of the GNU Library General Public License + along with GPGME++; see the file COPYING.LIB. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. +*/ + +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + +#include "gpggencardkeyinteractor.h" + +#include "error.h" + +#include + +using namespace GpgME; + +class GpgGenCardKeyInteractor::Private +{ +public: + Private() : keysize(2048), backup(false) + { + + } + std::string name, email, backupFileName, expiry, serial; + int keysize; + bool backup; +}; + +GpgGenCardKeyInteractor::~GpgGenCardKeyInteractor() {} + +GpgGenCardKeyInteractor::GpgGenCardKeyInteractor(const std::string &serial): + d(new Private) +{ + d->serial = serial; +} + +void GpgGenCardKeyInteractor::setNameUtf8(const std::string &name) +{ + d->name = name; +} + +void GpgGenCardKeyInteractor::setEmailUtf8(const std::string &email) +{ + d->email = email; +} + +void GpgGenCardKeyInteractor::setDoBackup(bool value) +{ + d->backup = value; +} + +void GpgGenCardKeyInteractor::setKeySize(int value) +{ + d->keysize = value; +} + +void GpgGenCardKeyInteractor::setExpiry(const std::string &timeStr) +{ + d->expiry = timeStr; +} + +std::string GpgGenCardKeyInteractor::backupFileName() const +{ + return d->backupFileName; +} + +namespace GpgGenCardKeyInteractor_Private +{ +enum { + START = EditInteractor::StartState, + DO_ADMIN, + EXPIRE, + + GOT_SERIAL, + COMMAND, + NAME, + EMAIL, + COMMENT, + BACKUP, + REPLACE, + SIZE, + SIZE2, + SIZE3, + BACKUP_KEY_CREATED, + KEY_CREATED, + QUIT, + SAVE, + + ERROR = EditInteractor::ErrorState +}; +} + +const char *GpgGenCardKeyInteractor::action(Error &err) const +{ + + using namespace GpgGenCardKeyInteractor_Private; + + switch (state()) { + case DO_ADMIN: + return "admin"; + case COMMAND: + return "generate"; + case NAME: + return d->name.c_str(); + case EMAIL: + return d->email.c_str(); + case EXPIRE: + return d->expiry.c_str(); + case BACKUP: + return d->backup ? "Y" : "N"; + case REPLACE: + return "Y"; + case SIZE: + case SIZE2: + case SIZE3: + return std::to_string(d->keysize).c_str(); + case COMMENT: + return ""; + case SAVE: + return "Y"; + case QUIT: + return "quit"; + case KEY_CREATED: + case START: + case GOT_SERIAL: + case BACKUP_KEY_CREATED: + case ERROR: + return 0; + default: + err = Error::fromCode(GPG_ERR_GENERAL); + return 0; + } +} + +unsigned int GpgGenCardKeyInteractor::nextState(unsigned int status, const char *args, Error &err) const +{ + + static const Error GENERAL_ERROR = Error::fromCode(GPG_ERR_GENERAL); + static const Error INV_NAME_ERROR = Error::fromCode(GPG_ERR_INV_NAME); + static const Error INV_EMAIL_ERROR = Error::fromCode(GPG_ERR_INV_USER_ID); + static const Error INV_COMMENT_ERROR = Error::fromCode(GPG_ERR_INV_USER_ID); + + if (needsNoResponse(status)) { + return state(); + } + + using namespace GpgGenCardKeyInteractor_Private; + + switch (state()) { + case START: + if (status == GPGME_STATUS_CARDCTRL && + !d->serial.empty()) { + const std::string sArgs = args; + if (sArgs.find(d->serial) == std::string::npos) { + // Wrong smartcard + err = Error::fromCode(GPG_ERR_WRONG_CARD); + return ERROR; + } else { + printf("EditInteractor: Confirmed S/N: %s %s\n", + d->serial.c_str(), sArgs.c_str()); + } + return GOT_SERIAL; + } else if (d->serial.empty()) { + return GOT_SERIAL; + } + err = GENERAL_ERROR; + return ERROR; + case GOT_SERIAL: + if (status == GPGME_STATUS_GET_LINE && + strcmp(args, "cardedit.prompt") == 0) { + return DO_ADMIN; + } + err = GENERAL_ERROR; + return ERROR; + case DO_ADMIN: + if (status == GPGME_STATUS_GET_LINE && + strcmp(args, "cardedit.prompt") == 0) { + return COMMAND; + } + err = GENERAL_ERROR; + return ERROR; + case COMMAND: + if (status == GPGME_STATUS_GET_LINE && + strcmp(args, "cardedit.genkeys.backup_enc") == 0) { + return BACKUP; + } + err = GENERAL_ERROR; + return ERROR; + case BACKUP: + if (status == GPGME_STATUS_GET_BOOL && + strcmp(args, "cardedit.genkeys.replace_keys") == 0) { + return REPLACE; + } + if (status == GPGME_STATUS_GET_LINE && + strcmp(args, "cardedit.genkeys.size") == 0) { + return SIZE; + } + err = GENERAL_ERROR; + return ERROR; + case REPLACE: + if (status == GPGME_STATUS_GET_LINE && + strcmp(args, "cardedit.genkeys.size") == 0) { + printf("Moving to SIZE\n"); + return SIZE; + } + err = GENERAL_ERROR; + return ERROR; + case SIZE: + if (status == GPGME_STATUS_GET_LINE && + strcmp(args, "cardedit.genkeys.size") == 0) { + return SIZE2; + } + if (status == GPGME_STATUS_GET_LINE && + strcmp(args, "keygen.valid") == 0) { + return EXPIRE; + } + err = GENERAL_ERROR; + return ERROR; + case SIZE2: + if (status == GPGME_STATUS_GET_LINE && + strcmp(args, "cardedit.genkeys.size") == 0) { + return SIZE3; + } + if (status == GPGME_STATUS_GET_LINE && + strcmp(args, "keygen.valid") == 0) { + return EXPIRE; + } + err = GENERAL_ERROR; + return ERROR; + case SIZE3: + if (status == GPGME_STATUS_GET_LINE && + strcmp(args, "keygen.valid") == 0) { + return EXPIRE; + } + err = GENERAL_ERROR; + return ERROR; + case EXPIRE: + if (status == GPGME_STATUS_GET_LINE && + strcmp(args, "keygen.name") == 0) { + return NAME; + } + err = GENERAL_ERROR; + return ERROR; + case NAME: + if (status == GPGME_STATUS_GET_LINE && + strcmp(args, "keygen.email") == 0) { + return EMAIL; + } + err = GENERAL_ERROR; + if (status == GPGME_STATUS_GET_LINE && + strcmp(args, "keygen.name") == 0) { + err = INV_NAME_ERROR; + } + return ERROR; + case EMAIL: + if (status == GPGME_STATUS_GET_LINE && + strcmp(args, "keygen.comment") == 0) { + return COMMENT; + } + err = GENERAL_ERROR; + if (status == GPGME_STATUS_GET_LINE && + strcmp(args, "keygen.email") == 0) { + err = INV_EMAIL_ERROR; + } + return ERROR; + case COMMENT: + if (status == GPGME_STATUS_BACKUP_KEY_CREATED) { + std::string sArgs = args; + const auto pos = sArgs.rfind(" "); + if (pos != std::string::npos) { + d->backupFileName = sArgs.substr(pos + 1); + return BACKUP_KEY_CREATED; + } + } + if (status == GPGME_STATUS_KEY_CREATED) { + return KEY_CREATED; + } + if (status == GPGME_STATUS_GET_LINE && + strcmp(args, "keyedit.prompt") == 0) { + return QUIT; + } + err = GENERAL_ERROR; + if (status == GPGME_STATUS_GET_LINE && + strcmp(args, "keygen.comment") == 0) { + err = INV_COMMENT_ERROR; + } + return ERROR; + case BACKUP_KEY_CREATED: + if (status == GPGME_STATUS_KEY_CREATED) { + return KEY_CREATED; + } + err = GENERAL_ERROR; + return ERROR; + case KEY_CREATED: + return QUIT; + case QUIT: + if (status == GPGME_STATUS_GET_LINE && + strcmp(args, "cardedit.prompt") == 0) { + return QUIT; + } + err = GENERAL_ERROR; + return ERROR; + case ERROR: + if (status == GPGME_STATUS_GET_LINE && + strcmp(args, "keyedit.prompt") == 0) { + return QUIT; + } + err = lastError(); + return ERROR; + default: + err = GENERAL_ERROR; + return ERROR; + } +} diff --git a/lang/cpp/src/gpggencardkeyinteractor.h b/lang/cpp/src/gpggencardkeyinteractor.h new file mode 100644 index 0000000..c6b17d1 --- /dev/null +++ b/lang/cpp/src/gpggencardkeyinteractor.h @@ -0,0 +1,71 @@ +/* + gpggencardkeyinteractor.h - Edit Interactor to generate a key on a card + Copyright (C) 2017 Intevation GmbH + + This file is part of GPGME++. + + GPGME++ is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + GPGME++ is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Library General Public License for more details. + + You should have received a copy of the GNU Library General Public License + along with GPGME++; see the file COPYING.LIB. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. +*/ + +#ifndef __GPGMEPP_GPGGENCARDKEYEDITINTERACTOR_H__ +#define __GPGMEPP_GPGGENCARDKEYEDITINTERACTOR_H__ + +#include + +#include +#include + +namespace GpgME +{ + +class GPGMEPP_EXPORT GpgGenCardKeyInteractor: public EditInteractor +{ +public: + /** Edit interactor to generate a key on a smartcard. + * + * The \a serialnumber argument is intended to safeguard + * against accidentally working on the wrong smartcard. + * + * The edit interactor will fail if the card did not match. + * + * @param serialnumber: Serialnumber of the intended card. + **/ + explicit GpgGenCardKeyInteractor(const std::string &serialnumber); + ~GpgGenCardKeyInteractor(); + + /** Set the key sizes for the subkeys (default 2048) */ + void setKeySize(int size); + + void setNameUtf8(const std::string &name); + void setEmailUtf8(const std::string &email); + + void setDoBackup(bool value); + void setExpiry(const std::string &timeString); + + std::string backupFileName() const; + +private: + /* reimp */ const char *action(Error &err) const; + /* reimp */ unsigned int nextState(unsigned int statusCode, const char *args, Error &err) const; + +private: + class Private; + std::shared_ptr d; +}; + +} // namespace GpgME + +#endif // __GPGMEPP_GPGGENCARDKEYEDITINTERACTOR_H__ commit fbafb5474d8898ba1b267f4b4dfbefe39f04e72f Author: Andre Heinecke Date: Wed Mar 1 11:14:07 2017 +0100 qt: Allow creation of default keys without name * lang/qt/src/defaultkeygenerationjob.cpp (DefaultKeyGenerationJob::start): Handle empty name and email. diff --git a/lang/qt/src/defaultkeygenerationjob.cpp b/lang/qt/src/defaultkeygenerationjob.cpp index 020f4d2..f589384 100644 --- a/lang/qt/src/defaultkeygenerationjob.cpp +++ b/lang/qt/src/defaultkeygenerationjob.cpp @@ -91,6 +91,11 @@ void DefaultKeyGenerationJob::slotCancel() GpgME::Error DefaultKeyGenerationJob::start(const QString &email, const QString &name) { + const QString namePart = name.isEmpty() ? QString() : + QStringLiteral("name-real: %1\n").arg(name); + const QString mailPart = email.isEmpty() ? QString() : + QStringLiteral("name-email: %1\n").arg(email); + const QString args = QStringLiteral("\n" "%ask-passphrase\n" "key-type: RSA\n" @@ -99,9 +104,9 @@ GpgME::Error DefaultKeyGenerationJob::start(const QString &email, const QString "subkey-type: RSA\n" "subkey-length: 2048\n" "subkey-usage: encrypt\n" - "name-email: %1\n" - "name-real: %2\n" - "").arg(email, name); + "%1" + "%2" + "").arg(mailPart, namePart); d->job = openpgp()->keyGenerationJob(); d->job->installEventFilter(this); ----------------------------------------------------------------------- Summary of changes: NEWS | 3 + lang/cpp/src/Makefile.am | 4 +- lang/cpp/src/editinteractor.cpp | 2 + lang/cpp/src/gpggencardkeyinteractor.cpp | 332 +++++++++++++++++++++ ...deditinteractor.h => gpggencardkeyinteractor.h} | 50 ++-- lang/qt/src/defaultkeygenerationjob.cpp | 11 +- 6 files changed, 375 insertions(+), 27 deletions(-) create mode 100644 lang/cpp/src/gpggencardkeyinteractor.cpp copy lang/cpp/src/{gpgadduserideditinteractor.h => gpggencardkeyinteractor.h} (52%) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 1 13:39:23 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 01 Mar 2017 13:39:23 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.18-152-g2bbdeb8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 2bbdeb8ee87a6c7ec211be16391a11b7c6030bed (commit) via 19f8d5319120a18efada26f793274b3eaaee2b45 (commit) from e182542e90cbeff4f2ac6c8d71061356d7cdcdea (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2bbdeb8ee87a6c7ec211be16391a11b7c6030bed Author: Werner Koch Date: Wed Mar 1 13:36:01 2017 +0100 gpg: Allow creating keys using an existing ECC key. * common/sexputil.c (get_pk_algo_from_canon_sexp): Remove arg R_ALGO. Change to return the algo id. Reimplement using get_pk_algo_from_key. * g10/keygen.c (check_keygrip): Adjust for change. * sm/certreqgen-ui.c (check_keygrip): Ditto. -- GnuPG-bug-id: 2976 Signed-off-by: Werner Koch diff --git a/common/sexputil.c b/common/sexputil.c index 0c5c730..a8dc1a5 100644 --- a/common/sexputil.c +++ b/common/sexputil.c @@ -512,53 +512,6 @@ get_rsa_pk_from_canon_sexp (const unsigned char *keydata, size_t keydatalen, } -/* Return the algo of a public RSA expressed as an canonical encoded - S-expression. The return value is a statically allocated - string. On error that string is set to NULL. */ -gpg_error_t -get_pk_algo_from_canon_sexp (const unsigned char *keydata, size_t keydatalen, - const char **r_algo) -{ - gpg_error_t err; - const unsigned char *buf, *tok; - size_t buflen, toklen; - int depth; - - *r_algo = NULL; - - buf = keydata; - buflen = keydatalen; - depth = 0; - if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))) - return err; - if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))) - return err; - if (!tok || toklen != 10 || memcmp ("public-key", tok, toklen)) - return gpg_error (GPG_ERR_BAD_PUBKEY); - if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))) - return err; - if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))) - return err; - if (!tok) - return gpg_error (GPG_ERR_BAD_PUBKEY); - - if (toklen == 3 && !memcmp ("rsa", tok, toklen)) - *r_algo = "rsa"; - else if (toklen == 3 && !memcmp ("dsa", tok, toklen)) - *r_algo = "dsa"; - else if (toklen == 3 && !memcmp ("elg", tok, toklen)) - *r_algo = "elg"; - else if (toklen == 5 && !memcmp ("ecdsa", tok, toklen)) - *r_algo = "ecdsa"; - else if (toklen == 5 && !memcmp ("eddsa", tok, toklen)) - *r_algo = "eddsa"; - else - return gpg_error (GPG_ERR_PUBKEY_ALGO); - - return 0; -} - - /* Return the algo of a public KEY of SEXP. */ int get_pk_algo_from_key (gcry_sexp_t key) @@ -606,3 +559,21 @@ get_pk_algo_from_key (gcry_sexp_t key) return algo; } + + +/* This is a variant of get_pk_algo_from_key but takes an canonical + * encoded S-expression as input. Returns a GCRYPT public key + * identiier or 0 on error. */ +int +get_pk_algo_from_canon_sexp (const unsigned char *keydata, size_t keydatalen) +{ + gcry_sexp_t sexp; + int algo; + + if (gcry_sexp_sscan (&sexp, NULL, keydata, keydatalen)) + return 0; + + algo = get_pk_algo_from_key (sexp); + gcry_sexp_release (sexp); + return algo; +} diff --git a/common/util.h b/common/util.h index 4e871d2..c0aa57a 100644 --- a/common/util.h +++ b/common/util.h @@ -195,10 +195,10 @@ gpg_error_t get_rsa_pk_from_canon_sexp (const unsigned char *keydata, size_t *r_nlen, unsigned char const **r_e, size_t *r_elen); -gpg_error_t get_pk_algo_from_canon_sexp (const unsigned char *keydata, - size_t keydatalen, - const char **r_algo); + int get_pk_algo_from_key (gcry_sexp_t key); +int get_pk_algo_from_canon_sexp (const unsigned char *keydata, + size_t keydatalen); /*-- convert.c --*/ int hex2bin (const char *string, void *buffer, size_t length); diff --git a/g10/keygen.c b/g10/keygen.c index 226cabd..24cf93c 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -1839,7 +1839,7 @@ check_keygrip (ctrl_t ctrl, const char *hexgrip) gpg_error_t err; unsigned char *public; size_t publiclen; - const char *algostr; + int algo; if (hexgrip[0] == '&') hexgrip++; @@ -1849,26 +1849,10 @@ check_keygrip (ctrl_t ctrl, const char *hexgrip) return 0; publiclen = gcry_sexp_canon_len (public, 0, NULL, NULL); - get_pk_algo_from_canon_sexp (public, publiclen, &algostr); + algo = get_pk_algo_from_canon_sexp (public, publiclen); xfree (public); - /* FIXME: Mapping of ECC algorithms is probably not correct. */ - if (!algostr) - return 0; - else if (!strcmp (algostr, "rsa")) - return PUBKEY_ALGO_RSA; - else if (!strcmp (algostr, "dsa")) - return PUBKEY_ALGO_DSA; - else if (!strcmp (algostr, "elg")) - return PUBKEY_ALGO_ELGAMAL_E; - else if (!strcmp (algostr, "ecc")) - return PUBKEY_ALGO_ECDH; - else if (!strcmp (algostr, "ecdsa")) - return PUBKEY_ALGO_ECDSA; - else if (!strcmp (algostr, "eddsa")) - return PUBKEY_ALGO_EDDSA; - else - return 0; + return map_pk_gcry_to_openpgp (algo); } diff --git a/sm/certreqgen-ui.c b/sm/certreqgen-ui.c index ece8668..b50d338 100644 --- a/sm/certreqgen-ui.c +++ b/sm/certreqgen-ui.c @@ -95,7 +95,7 @@ check_keygrip (ctrl_t ctrl, const char *hexgrip) gpg_error_t err; ksba_sexp_t public; size_t publiclen; - const char *algostr; + int algo; if (hexgrip[0] == '&') hexgrip++; @@ -105,21 +105,17 @@ check_keygrip (ctrl_t ctrl, const char *hexgrip) return NULL; publiclen = gcry_sexp_canon_len (public, 0, NULL, NULL); - get_pk_algo_from_canon_sexp (public, publiclen, &algostr); + algo = get_pk_algo_from_canon_sexp (public, publiclen); xfree (public); - if (!algostr) - return NULL; - else if (!strcmp (algostr, "rsa")) - return "RSA"; - else if (!strcmp (algostr, "dsa")) - return "DSA"; - else if (!strcmp (algostr, "elg")) - return "ELG"; - else if (!strcmp (algostr, "ecdsa")) - return "ECDSA"; - else - return NULL; + switch (algo) + { + case GCRY_PK_RSA: return "RSA"; + case GCRY_PK_DSA: return "DSA"; + case GCRY_PK_ELG: return "ELG"; + case GCRY_PK_EDDSA: return "ECDSA"; + default: return NULL; + } } commit 19f8d5319120a18efada26f793274b3eaaee2b45 Author: Werner Koch Date: Wed Mar 1 12:22:19 2017 +0100 speedo,w32: Install sks-keyservers.netCA.pem. -- Signed-off-by: Werner Koch diff --git a/build-aux/speedo/w32/inst.nsi b/build-aux/speedo/w32/inst.nsi index fa4be56..b4d6994 100644 --- a/build-aux/speedo/w32/inst.nsi +++ b/build-aux/speedo/w32/inst.nsi @@ -611,6 +611,7 @@ Section "GnuPG" SEC_gnupg File "share/gnupg/gpg-conf.skel" File "share/gnupg/dirmngr-conf.skel" File "share/gnupg/distsigkey.gpg" + File "share/gnupg/sks-keyservers.netCA.pem" SetOutPath "$INSTDIR\share\locale\ca\LC_MESSAGES" File share/locale/ca/LC_MESSAGES/gnupg2.mo @@ -1266,6 +1267,7 @@ Section "-un.gnupg" Delete "$INSTDIR\bin\gpg-preset-passphrase.exe" Delete "$INSTDIR\bin\gpg-wks-client.exe" + Delete "$INSTDIR\share\gnupg\sks-keyservers.netCA.pem" Delete "$INSTDIR\share\gnupg\dirmngr-conf.skel" Delete "$INSTDIR\share\gnupg\distsigkey.gpg" Delete "$INSTDIR\share\gnupg\gpg-conf.skel" ----------------------------------------------------------------------- Summary of changes: build-aux/speedo/w32/inst.nsi | 2 ++ common/sexputil.c | 65 ++++++++++++------------------------------- common/util.h | 6 ++-- g10/keygen.c | 22 ++------------- sm/certreqgen-ui.c | 24 +++++++--------- 5 files changed, 36 insertions(+), 83 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 1 14:07:34 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 01 Mar 2017 14:07:34 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.1.18-152-g2bbdeb8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via 2bbdeb8ee87a6c7ec211be16391a11b7c6030bed (commit) via 19f8d5319120a18efada26f793274b3eaaee2b45 (commit) via e182542e90cbeff4f2ac6c8d71061356d7cdcdea (commit) via e4583ae14e52482ab390c102d071755f91ab211d (commit) via 058c97f9fc485405246b1adfcc905c1891550652 (commit) via d379a0174cca595204b32da9a66c513a1304e6d0 (commit) via 41900175cf046dd9abe3d7a6805f6a403d68df15 (commit) via ebeccd73eb85f9027f0985d77dfe901266c6ddef (commit) via 7cc57e2c63d0fa97569736419db5c76117e7685b (commit) via 8a67dc4c4324b617b5a3fea51c59c674488544d6 (commit) via 1192449207f41b26be8950b04df84a52c8a2a886 (commit) via f5782e11a560fd590221042391254c810a42e45f (commit) via ddf01a67d6388d988f1db50a06facb21c14d9426 (commit) via 64ec21bebd3f136722e608649906b59c6add6947 (commit) via 55b6c2595a97346895ed42bcc8b72151792f5bd8 (commit) via 7af5d61c6e210210c777be9e6e87720dd4a055d9 (commit) via 49b4a676148523b51beca3ae929e9d78ed7ba110 (commit) via 22b69b9edfdf6e6172239cbd1075ffe29077d339 (commit) via d30e17ac62dea8913b7f353971d546b6b1a09bd5 (commit) via a2090250829fe8989be2afc8cf41ba2a022072fc (commit) via effa80e0b5fd8cf9e31a984afe391c2406edee8b (commit) via c2f02ea4ff1b74be66b4221e3ec83ab0351c2746 (commit) via a42bf00b4edce789999aa3bdfce235cf726463ae (commit) via fd9cb9f8152158b81c2aaef6e9c65cfdd763a0d1 (commit) via f98c8cb013033c08e98ebedcc0e084fbd2a85b0c (commit) via 7ccabbc26a2fd0d18fef4f4f15731377b514c97d (commit) via 468dbc74d2a07a095911f334213bb82d97fc1ff6 (commit) via 143ca039e1e81140ae520cc1025f8e25c01acc80 (commit) via aa61cb5bbaba6797cf0d6d89ba39fe0c9b393724 (commit) via 6d50eeb5072475eb74e65064743fbec6b8fa9c37 (commit) via e3944f34e3220f96fb1be449eb6f3d7360bc2d0b (commit) via 6488ffb767733a2cf92ca5ba3e61fc0c53e0f673 (commit) via 78d875a0f83bc046279b951aea76cd74f3c44fd8 (commit) via ef424353f342f80ca6d18ede8b63c1b02215d105 (commit) via 774245508920eccb6a28b719a5cde26861800c60 (commit) via ccb420380b2f23f1bd28b17e6a4233c86291887d (commit) via 24cf0606b43038c7ce5e9c6ccb921895619c04f0 (commit) via 831d014550863026dfefa774c961a21bd20c1e48 (commit) via d1625a9a82b1e5d96bbbf2132c49c53108565ae1 (commit) via 9741aa24d9056b56cd5366ff5379bd8a3e6118df (commit) via 50b9828eacc39c1ca75cb8313db896e4bdc8b270 (commit) via 493c142e582ff5ef1b5fdfcb9653715ef43e83e9 (commit) via 39c745038181edd097e188434b3f9c971ed3987f (commit) via 3fc69224b7b22ad1df1395ebcb21549384839cd1 (commit) via a022baa4a487eec769411255a64088450c4c8a49 (commit) via 3e9512e557d95c7dc36835365b127b25f6a5cdd9 (commit) via e174893262d8de0f52faa8abe4fc0402719a35d8 (commit) via 81ea24b8637ac08e44e9e44816689413c2ae7e08 (commit) via f923873863fd863d71349f20f5568f80aecc020b (commit) via 74c04fcf2b5713e4001e27ca0989a81cbae0744b (commit) via 64fffd0ce2a4fd9cba152cf07497b585410cc652 (commit) via a74902cccde539ee2bd216caec0da6eb54b67c1b (commit) via cd32ebd152a522e362469ab969d91f8d49f28a60 (commit) via f07811ee2c0a8044551e2ec063eda61cff7f6e39 (commit) via 070211eb990f5ea41271eba432b6a6b485cef7c7 (commit) via ed99af030d19305dd7cd41c41ac581306cb91fd5 (commit) via dea4b3c742acbd195d6ab12b279b4dda315f2582 (commit) via 3f4f64b6ac0d7160fd9e1301f95820894b219c3f (commit) via aab6ba0bb60528b9e816e430be51170cf39611b0 (commit) via 99d4dfe83661d05ef3a20ed04e6cec5647536738 (commit) via 7006352da773d82c47797bbf11e570ecafac6501 (commit) via 9a1a5ca0bc2cfb17ccf632de3e134b6d789c6855 (commit) via 09d71de4d4f0a813ba3e584540f899bfd6c568cd (commit) via e1dfd862367cf91b66abe86bd73664409354bb14 (commit) via 28c31524be84f20b34573c78bd3a94a81e4b1d61 (commit) via 919e76b407ac557b0f518ec03f3cc59e9e5740c9 (commit) via 04bfa6fe6597b8ffcec61cbcacdc7eb137444e80 (commit) via 5c4e67afd6385b48065de6a0f2dd0bfd936ab90b (commit) via 1af733f37bf6fd55ccac787a7e34c3b3ca002126 (commit) via aef60abe6a1772e18634984a94bd70f57d57ccdd (commit) via 7a666ccb44f43c4efbaa51c1ca16fc0b37c3399d (commit) via a3509e12b6626a585ce7da6ceed8cfddcba2460f (commit) via a75325faf163275674a91971e75f1018035ca348 (commit) via da2ba20868093e3054d18adc2b1bc56cb23e4ba7 (commit) via 2f7b6cb279ea0ee27364fbb2b12df47e76166a39 (commit) via 90d383f1eb07fc823518dea10eb15ca390f5cf8e (commit) via 127e1e532da4083ccd3c307555b6177fab16f408 (commit) via e2792813a55e091c51be7b1b089a71beb6466f1d (commit) via b456e5be91dc064fc9509ea86edab113721ed299 (commit) via dee026d761ae3d7594c3dbc5b3fa842df53cc189 (commit) via 30dac0486b6357e84fbe79c612eea940b654e4d1 (commit) via 810adfd47801fc01e45fb71af9f05c91f7890cdb (commit) via f8ce31a7bf1ee85e5010b628a66e6f69486e5213 (commit) via da4c132cca2c6df81243c9660b7348268a848f88 (commit) via 5996c7bf99f3a681393fd9589276399ebc956cff (commit) via 8810314e377a9cb6612150a57cf99260ed0bb9f6 (commit) via 6823ed46584e753de3aba48a00ab738ab009a860 (commit) via 56aa85f88f6b35fb03a2dc1a95882d49a74290e3 (commit) via b30ac663cec82c89ca9a3e87e65b36d2552f1533 (commit) via aa3f08794bfc809821e2fc30a09a5ae23925c645 (commit) via 8a9d4b55b09d04482b46055f0a60f01b86738df3 (commit) via f31120a5aa40b6e4e89d41d1d5d34e0f7da173b4 (commit) via f2b276dffbe2435b17abf2b3c51684d3636f3f11 (commit) via 042fe711c76f6377cedb8f83a73ba386cee34bb7 (commit) via 309f464a5952c7d7504b875bf4853914b1242346 (commit) via 7052a0d77cf8f3a445b252a809d29be445788625 (commit) via 407f5f9baea5591f148974240a87dfb43e5efef3 (commit) via 64be8e1e8607944687f3ae45ec64aa30bf4fdf6f (commit) via e596b21f4b78dd27489e677699cc4ba648051b3f (commit) via 769272ba87f282a69e8d5f9bb27c86e6bec4496b (commit) via a08c781739e7561093f32b732c4991f2bd817ec2 (commit) via 027b81b35fe36692005b8dba22d9eb2db05e8c80 (commit) via 74268180e5a3acc827f3a369f1fe5971f3bbe285 (commit) via 6f9d8a956b2ca0f5a0eb7acc656fc17af2f2de47 (commit) via 7440119e729d3fdedda8a9b44b70f8959beea8d7 (commit) via f518196ca6202ae97a1e8494afe25e5fbb0e9d47 (commit) via 8ddc9268f6aedef0e178b174b89245c33d8189dd (commit) via 2e78aa6ff770849415f8eb71ca70c8886e9564c8 (commit) via b85d509a8f5c2e6200b8051ca1593c019abce90b (commit) via 874424ee3cc795eae9972b6259a2cc4dcdbb868e (commit) via cea6d114b60deaecfbc2eb1aedbdfb7e6700922f (commit) via 8f0ecb16cbb3798ad18be5f05b826db2aa1aaa00 (commit) via 2076cdaf6b93bc73223819895cc7a67323d8cee7 (commit) via b0e8376e19072ec3c590273c69ab3e8e5edfdaca (commit) via e17fa5c75d76af4d4684ee810cb446ecd5110560 (commit) via f08d37af049bf1718b301644020658dd2bb07638 (commit) via 49e2ae65e892f93be7f87cfaae3392b50a99e4b1 (commit) via e343984fc50e87830905614dc87f83f810551ad1 (commit) via d27a4435bd8c0f0971d51ddf454422fc77d48271 (commit) via 489edf84c9a9c2122cef1b4e678154521525b54a (commit) via 59048b0f1aa77313573a1004cd3a9f02692a7521 (commit) via 1ec7dc4e55a9eb84161ce42797924c2f928e2a8e (commit) via 2a025039c1817c7f75c35a898884849a8e5dc926 (commit) via 7c8eee4d396a751d41fd1ee1e1b87b851fca172a (commit) via 216afba0d99582d0fbae1d6e925f4ddb349d9de3 (commit) via f3d9b2582bcaa1936b4fed5ec42a889b02df2f42 (commit) via f92fe33f11c44f14fd31682259fcd231e8fa9e75 (commit) via 25cc8575da9a9b8bf60c64c8059cb5f73cc52e1d (commit) via 031e3fa7b9a6770a4de1a184555250feeba0d26f (commit) via 881dcdfd84ebad36bff20c895e629025bed9d94e (commit) via 9b06633c811e8815c07d744f20b45405cb082367 (commit) via bb5ceb78c333129a44c0144f2cf49b17ede898f1 (commit) via 3f4f20ee6eff052c88647b820d9ecfdbd8df0f40 (commit) via 02a39f0d1ed717f6fc33392e6ce4ab421c3bcbba (commit) via 7d5a0ed792133d875fcedb6e23a9a3682f1a23f9 (commit) via e175152ef7515921635bf1e00383e812668d13fc (commit) via 5f2da5d439debf44615a97de788d8f720b517972 (commit) via 6ecd8b3e71632bbcca524ad735c83bdc2a4c4a4a (commit) via 770b75a746836773909af25ccb9b480e61cea677 (commit) via 51e5a5e5a46279809848b4ab4419f35045336010 (commit) via 72736af86a501592d974d46ff754a63959e183bd (commit) via 73d6572bd0f260c5aa1e191a1ba4859ec6fa262c (commit) via 77b8aff4e1bb641f497e63230a5006ab70e6c3a8 (commit) via bfd75e9492fc4edd86f4049a62304943a7b2a29a (commit) via 82e309ad06884e54693f4856412984331febdda0 (commit) via b0348fdb26637b0bcbd68a96c1746a1613b309af (commit) via 5b28f025085b386e0ec49535d4cd3f875a414eb0 (commit) via 5aafa56dffefe3fac55b9d0555c7c86e8a07f072 (commit) via 628ff843466b42309f850b8d65b13cf5f586b81f (commit) via c0234462dce17766e1844ad7f6219eb5b5372a05 (commit) via 9d45a20ece78ece3eede95e94f5cfbe1d4906dac (commit) from 14bc2fa43e9ee26a6940a7552e8f892a79223617 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: NEWS | 5 + agent/agent.h | 22 +- agent/cache.c | 27 +- agent/call-pinentry.c | 103 +- agent/call-scd.c | 159 +- agent/command-ssh.c | 128 +- agent/command.c | 15 +- agent/divert-scd.c | 125 +- agent/findkey.c | 40 +- agent/genkey.c | 2 +- agent/gpg-agent.c | 2 +- agent/keyformat.txt | 6 +- agent/pkdecrypt.c | 2 +- agent/pksign.c | 19 +- agent/preset-passphrase.c | 2 +- agent/protect.c | 2 +- build-aux/speedo.mk | 35 +- build-aux/speedo/w32/inst.nsi | 19 +- common/Makefile.am | 4 +- common/argparse.c | 8 +- common/argparse.h | 4 +- common/asshelp.c | 2 +- common/dotlock.c | 10 +- common/dotlock.h | 4 +- common/dynload.h | 4 +- common/exechelp-w32.c | 12 +- common/exectool.c | 5 + common/iobuf.c | 2 +- sm/base64.c => common/ksba-io-support.c | 153 +- common/ksba-io-support.h | 66 + common/logging.c | 44 +- common/logging.h | 6 +- common/membuf.c | 2 +- common/mischelp.c | 4 +- common/mischelp.h | 4 +- common/name-value.c | 2 +- common/session-env.c | 2 +- common/sexp-parse.h | 2 +- common/sexputil.c | 65 +- common/simple-pwquery.c | 2 +- common/simple-pwquery.h | 2 +- common/status.h | 1 + common/stringhelp.c | 4 +- common/stringhelp.h | 4 +- common/strlist.c | 4 +- common/strlist.h | 4 +- common/sysutils.c | 11 + common/sysutils.h | 1 + common/t-stringhelp.c | 4 +- common/t-strlist.c | 4 +- common/t-support.c | 4 +- common/t-support.h | 4 +- common/t-timestuff.c | 4 +- common/t-w32-reg.c | 4 +- common/ttyio.c | 2 +- common/types.h | 4 +- common/utf8conv.c | 6 +- common/utf8conv.h | 4 +- common/util.h | 10 +- common/w32-reg.c | 4 +- common/w32help.h | 4 +- common/yesno.c | 2 +- configure.ac | 63 + dirmngr/ChangeLog-2011 | 4 +- dirmngr/Makefile.am | 7 +- dirmngr/certcache.c | 597 +- dirmngr/certcache.h | 32 +- dirmngr/crlcache.c | 6 +- dirmngr/crlfetch.c | 31 +- dirmngr/dirmngr.c | 101 +- dirmngr/dirmngr.h | 34 +- dirmngr/dns-stuff.c | 81 +- dirmngr/dns-stuff.h | 5 + dirmngr/http-ntbtls.c | 124 + dirmngr/http.c | 433 +- dirmngr/http.h | 17 +- dirmngr/ks-engine-finger.c | 4 +- dirmngr/ks-engine-hkp.c | 207 +- dirmngr/ks-engine-http.c | 8 +- dirmngr/ks-engine-ldap.c | 8 +- dirmngr/ldap.c | 22 +- dirmngr/loadswdb.c | 7 + dirmngr/misc.c | 2 + dirmngr/ocsp.c | 5 +- dirmngr/server.c | 166 +- dirmngr/t-http.c | 84 +- dirmngr/validate.c | 235 +- dirmngr/validate.h | 43 +- doc/DETAILS | 12 +- doc/TRANSLATE | 2 +- doc/dirmngr.texi | 15 +- doc/faq.org | 4 +- doc/gpg-agent.texi | 6 +- doc/gpg.texi | 37 +- doc/gpgsm.texi | 2 +- doc/gpgv.texi | 5 + doc/scdaemon.texi | 2 +- doc/vuln-announce-2007-multiple-message.txt | 2 +- doc/whats-new-in-2.1.txt | 6 +- g10/armor.c | 2 +- g10/build-packet.c | 2 +- g10/call-agent.c | 2 +- g10/call-dirmngr.c | 26 +- g10/card-util.c | 2 +- g10/compress.c | 2 +- g10/cpr.c | 3 + g10/encrypt.c | 6 +- g10/export.c | 44 +- g10/getkey.c | 2 +- g10/gpg.c | 19 +- g10/gpgv.c | 44 +- g10/import.c | 2 +- g10/keydb.c | 2 +- g10/keyedit.c | 8 +- g10/keygen.c | 284 +- g10/keyid.c | 2 +- g10/keylist.c | 5 +- g10/keyring.c | 24 +- g10/mainproc.c | 6 +- g10/misc.c | 2 +- g10/passphrase.c | 3 + g10/pkclist.c | 4 +- g10/pubkey-enc.c | 36 +- g10/revoke.c | 2 +- g10/rmd160.c | 2 +- g10/server.c | 19 +- g10/sign.c | 11 +- g10/tdbdump.c | 22 +- g10/test-stubs.c | 3 +- g10/tofu.c | 114 +- g10/trust.c | 32 +- g10/trustdb.c | 87 +- g10/trustdb.h | 10 +- g13/Makefile.am | 2 +- g13/g13-syshelp.h | 2 +- g13/server.c | 2 +- g13/sh-cmd.c | 2 +- kbx/keybox-blob.c | 4 +- m4/autobuild.m4 | 2 +- m4/gettext.m4 | 4 +- m4/intl.m4 | 4 +- m4/intldir.m4 | 4 +- m4/lcmessage.m4 | 4 +- m4/nls.m4 | 4 +- m4/po.m4 | 4 +- m4/progtest.m4 | 4 +- po/POTFILES.in | 2 +- po/de.po | 80 +- po/nl.po | 7647 ++++++++++++++++++++ po/pl.po | 83 +- scd/apdu.c | 99 +- scd/apdu.h | 2 +- scd/app-common.h | 7 +- scd/app-dinsig.c | 2 +- scd/app-geldkarte.c | 2 +- scd/app-nks.c | 2 +- scd/app-openpgp.c | 235 +- scd/app.c | 160 +- scd/ccid-driver.c | 271 +- scd/ccid-driver.h | 4 +- scd/command.c | 66 +- scd/scdaemon.c | 206 +- scd/scdaemon.h | 5 +- sm/Makefile.am | 1 - sm/call-dirmngr.c | 2 +- sm/certchain.c | 2 +- sm/certdump.c | 4 +- sm/certlist.c | 2 +- sm/certreqgen-ui.c | 24 +- sm/certreqgen.c | 12 +- sm/decrypt.c | 21 +- sm/encrypt.c | 11 +- sm/export.c | 28 +- sm/gpgsm.h | 18 +- sm/import.c | 13 +- sm/keydb.c | 2 +- sm/keylist.c | 2 +- sm/sign.c | 11 +- sm/verify.c | 21 +- tests/gpgme/gpgme-defs.scm | 6 +- tests/gpgme/run-tests.scm | 2 +- tests/gpgme/wrap.scm | 7 +- tests/gpgscm/Makefile.am | 3 +- tests/gpgscm/ffi.c | 9 + tests/gpgscm/ffi.scm | 3 + tests/gpgscm/init.scm | 10 +- tests/gpgscm/lib.scm | 2 +- tests/gpgscm/main.c | 2 +- tests/gpgscm/scheme-private.h | 12 +- tests/gpgscm/scheme.c | 582 +- tests/gpgscm/time.scm | 42 + tests/gpgsm/verify.scm | 8 +- tests/openpgp/Makefile.am | 9 +- tests/openpgp/defs.scm | 27 +- tests/openpgp/gpgconf.scm | 17 +- tests/openpgp/{issue2015.scm => issue2929.scm} | 19 +- .../{encrypt-multifile.scm => issue2941.scm} | 27 +- tests/openpgp/quick-key-manipulation.scm | 57 +- tests/openpgp/samplekeys/README | 2 + .../samplekeys/rsa-primary-auth-only.pub.asc | 23 + .../samplekeys/rsa-primary-auth-only.sec.asc | 38 + tests/openpgp/ssh-import.scm | 33 +- tests/openpgp/tofu.scm | 51 +- tests/openpgp/verify.scm | 3 + tools/gpg-connect-agent.c | 22 +- tools/gpg-wks-client.c | 90 +- tools/gpg-wks-server.c | 27 +- tools/gpg-wks.h | 4 + tools/gpgconf-comp.c | 275 +- tools/gpgconf.c | 2 +- tools/gpgparsemail.c | 2 +- tools/gpgtar.c | 4 +- tools/mail-signed-keys | 2 +- tools/mime-parser.c | 25 + tools/mime-parser.h | 2 + tools/symcryptrun.c | 4 +- tools/wks-receive.c | 49 +- 217 files changed, 12882 insertions(+), 2173 deletions(-) rename sm/base64.c => common/ksba-io-support.c (79%) create mode 100644 common/ksba-io-support.h create mode 100644 dirmngr/http-ntbtls.c create mode 100644 po/nl.po create mode 100644 tests/gpgscm/time.scm copy tests/openpgp/{issue2015.scm => issue2929.scm} (60%) mode change 100755 => 100644 copy tests/openpgp/{encrypt-multifile.scm => issue2941.scm} (61%) create mode 100644 tests/openpgp/samplekeys/rsa-primary-auth-only.pub.asc create mode 100644 tests/openpgp/samplekeys/rsa-primary-auth-only.sec.asc hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 1 14:44:53 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 01 Mar 2017 14:44:53 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.18-153-g891ab23 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 891ab23411b7f20ef37d8bde81d9857b083235df (commit) from 2bbdeb8ee87a6c7ec211be16391a11b7c6030bed (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 891ab23411b7f20ef37d8bde81d9857b083235df Author: Werner Koch Date: Wed Mar 1 14:41:47 2017 +0100 gpg: Make --export-options work with --export-secret-keys. * g10/export.c (export_seckeys): Add arg OPTIONS and pass it to do_export. (export_secsubkeys): Ditto. * g10/gpg.c (main): Pass opt.export_options to export_seckeys and export_secsubkeys -- Back in the old days we did not used the export options for secret keys export because of a lot of duplicated code and that the old secring.gpg was anyway smaller that the pubring.gpg. With 2.1 it was pretty easy to enable it. Reported-by: Peter Lebbing GnuPG-bug-id: 2973 diff --git a/doc/gpg.texi b/doc/gpg.texi index 78dd651..20a2d12 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1832,7 +1832,8 @@ are available for all keyserver types, some common options are: used with HKP keyservers. @item auto-key-retrieve - This is the same as the option @option{auto-key-retrieve}. + This is an obsolete alias for the option @option{auto-key-retrieve}. + Please do not use it; it will be removed in future versions.. @item honor-keyserver-url When using @option{--refresh-keys}, if the key in question has a preferred @@ -2379,8 +2380,8 @@ The available properties are: @item --export-options @code{parameters} @opindex export-options This is a space or comma delimited string that gives options for -exporting keys. Options can be prepended with a `no-' to give the -opposite meaning. The options are: +exporting keys. Options can be prepended with a `no-' to give the +opposite meaning. The options are: @table @asis diff --git a/g10/export.c b/g10/export.c index 025b936..4138261 100644 --- a/g10/export.c +++ b/g10/export.c @@ -247,16 +247,17 @@ export_pubkeys (ctrl_t ctrl, strlist_t users, unsigned int options, /* * Export secret keys (to stdout or to --output FILE). * - * Depending on opt.armor the output is armored. If USERS is NULL, - * all secret keys will be exported. STATS is either an export stats - * object for update or NULL. + * Depending on opt.armor the output is armored. OPTIONS are defined + * in main.h. If USERS is NULL, all secret keys will be exported. + * STATS is either an export stats object for update or NULL. * * This function is the core of "gpg --export-secret-keys". */ int -export_seckeys (ctrl_t ctrl, strlist_t users, export_stats_t stats) +export_seckeys (ctrl_t ctrl, strlist_t users, unsigned int options, + export_stats_t stats) { - return do_export (ctrl, users, 1, 0, stats); + return do_export (ctrl, users, 1, options, stats); } @@ -264,16 +265,18 @@ export_seckeys (ctrl_t ctrl, strlist_t users, export_stats_t stats) * Export secret sub keys (to stdout or to --output FILE). * * This is the same as export_seckeys but replaces the primary key by - * a stub key. Depending on opt.armor the output is armored. If - * USERS is NULL, all secret subkeys will be exported. STATS is - * either an export stats object for update or NULL. + * a stub key. Depending on opt.armor the output is armored. OPTIONS + * are defined in main.h. If USERS is NULL, all secret subkeys will + * be exported. STATS is either an export stats object for update or + * NULL. * * This function is the core of "gpg --export-secret-subkeys". */ int -export_secsubkeys (ctrl_t ctrl, strlist_t users, export_stats_t stats) +export_secsubkeys (ctrl_t ctrl, strlist_t users, unsigned int options, + export_stats_t stats) { - return do_export (ctrl, users, 2, 0, stats); + return do_export (ctrl, users, 2, options, stats); } @@ -1969,11 +1972,9 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, } /* Always do the cleaning on the public key part if requested. - Note that we don't yet set this option if we are exporting - secret keys. Note that both export-clean and export-minimal - only apply to UID sigs (0x10, 0x11, 0x12, and 0x13). A - designated revocation is never stripped, even with - export-minimal set. */ + * Note that both export-clean and export-minimal only apply to + * UID sigs (0x10, 0x11, 0x12, and 0x13). A designated + * revocation is never stripped, even with export-minimal set. */ if ((options & EXPORT_CLEAN)) clean_key (keyblock, opt.verbose, (options&EXPORT_MINIMAL), NULL, NULL); diff --git a/g10/gpg.c b/g10/gpg.c index 2a4a0ad..5a880fd 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -4546,7 +4546,7 @@ main (int argc, char **argv) add_to_strlist2( &sl, *argv, utf8_strings ); { export_stats_t stats = export_new_stats (); - export_seckeys (ctrl, sl, stats); + export_seckeys (ctrl, sl, opt.export_options, stats); export_print_stats (stats); export_release_stats (stats); } @@ -4559,7 +4559,7 @@ main (int argc, char **argv) add_to_strlist2( &sl, *argv, utf8_strings ); { export_stats_t stats = export_new_stats (); - export_secsubkeys (ctrl, sl, stats); + export_secsubkeys (ctrl, sl, opt.export_options, stats); export_print_stats (stats); export_release_stats (stats); } diff --git a/g10/main.h b/g10/main.h index 5ed501b..6837e98 100644 --- a/g10/main.h +++ b/g10/main.h @@ -397,8 +397,10 @@ gpg_error_t parse_and_set_export_filter (const char *string); int export_pubkeys (ctrl_t ctrl, strlist_t users, unsigned int options, export_stats_t stats); -int export_seckeys (ctrl_t ctrl, strlist_t users, export_stats_t stats); -int export_secsubkeys (ctrl_t ctrl, strlist_t users, export_stats_t stats); +int export_seckeys (ctrl_t ctrl, strlist_t users, unsigned int options, + export_stats_t stats); +int export_secsubkeys (ctrl_t ctrl, strlist_t users, unsigned int options, + export_stats_t stats); gpg_error_t export_pubkey_buffer (ctrl_t ctrl, const char *keyspec, unsigned int options, ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 7 ++++--- g10/export.c | 31 ++++++++++++++++--------------- g10/gpg.c | 4 ++-- g10/main.h | 6 ++++-- 4 files changed, 26 insertions(+), 22 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 1 14:49:31 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 01 Mar 2017 14:49:31 +0100 Subject: [git] gnupg-doc - branch, master, updated. 7f63a22a714932368e970d084621e2679e37d56b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 7f63a22a714932368e970d084621e2679e37d56b (commit) from 615025b52ac8ab7130240266439b4a6a678ed69f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7f63a22a714932368e970d084621e2679e37d56b Author: Justus Winter Date: Wed Mar 1 14:49:27 2017 +0100 drafts,openpgp-webkey-service: Fix domain. diff --git a/misc/id/openpgp-webkey-service/draft.org b/misc/id/openpgp-webkey-service/draft.org index 44d9fb0..a422204 100644 --- a/misc/id/openpgp-webkey-service/draft.org +++ b/misc/id/openpgp-webkey-service/draft.org @@ -175,7 +175,7 @@ _openpgpkey._tcp.example.org. IN SRV 0 0 8443 wkd.example.org. #+END_EXAMPLE changes the above to query the host "wkd.example.org" at port -8443 instead of the host "gnupg.org" at port 443. The target (in the +8443 instead of the host "example.org" at port 443. The target (in the example "wkd.example.org") MUST be a sub-domain of the domain-part (here "example.org"). If the target is not a sub-domain, the SRV RR MUST be be ignored. The recommended name for the sub-domain is "wkd". ----------------------------------------------------------------------- Summary of changes: misc/id/openpgp-webkey-service/draft.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 1 19:29:07 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 01 Mar 2017 19:29:07 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.1.18-159-g3cdb792 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via 3cdb7920076be4fc6f7600dfaaa504935104dac9 (commit) via 4a28c212b35739ce951bd41cfc6ef1a215846b2e (commit) via 246b27921b5dc34f367d879402725784aaee2494 (commit) via c405f2e8ff39a008c6f0b3188da4085b92dda270 (commit) via c7f2a59833728e99e00449da2ddb10cf66693e7e (commit) via 280c724fe26bfd861ac74abc71e221795d8947f0 (commit) via 891ab23411b7f20ef37d8bde81d9857b083235df (commit) from 2bbdeb8ee87a6c7ec211be16391a11b7c6030bed (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3cdb7920076be4fc6f7600dfaaa504935104dac9 Author: Werner Koch Date: Wed Mar 1 19:26:16 2017 +0100 Post release updates. -- diff --git a/NEWS b/NEWS index 18923b4..a19ac89 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 2.1.20 (unreleased) +------------------------------------------------- + + Noteworthy changes in version 2.1.19 (2017-03-01) ------------------------------------------------- diff --git a/configure.ac b/configure.ac index 4b9ceca..bec7428 100644 --- a/configure.ac +++ b/configure.ac @@ -28,7 +28,7 @@ min_automake_version="1.14" m4_define([mym4_package],[gnupg]) m4_define([mym4_major], [2]) m4_define([mym4_minor], [1]) -m4_define([mym4_micro], [19]) +m4_define([mym4_micro], [20]) # To start a new development series, i.e a new major or minor number # you need to mark an arbitrary commit before the first beta release commit 4a28c212b35739ce951bd41cfc6ef1a215846b2e Author: Werner Koch Date: Wed Mar 1 18:40:33 2017 +0100 Release 2.1.19 Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index 67b1cad..18923b4 100644 --- a/NEWS +++ b/NEWS @@ -1,9 +1,50 @@ -Noteworthy changes in version 2.1.19 (unreleased) +Noteworthy changes in version 2.1.19 (2017-03-01) ------------------------------------------------- + * gpg: Print a warning if Tor mode is requested but the Tor daemon + is not running. + + * gpg: New status code DECRYPTION_KEY to print the actual private + key used for decryption. + + * gpgv: New options --log-file and --debug. + + * gpg-agent: Revamp the prompts to ask for card PINs. + + * scd: Support for multiple card readers. + * scd: Removed option --debug-disable-ticker. Ticker is used only when it is required to watch removal of device/card. + * scd: Improved detection of card inserting and removal. + + * dirmngr: New option --disable-ipv4. + + * dirmngr: New option --no-use-tor to explicitly disable the use of + Tor. + + * dirmngr: The option --allow-version-check is now required even if + the option --use-tor is also used. + + * dirmngr: Handle a missing nsswitch.conf gracefully. + + * dirmngr: Avoid PTR lookups for keyserver pools. The are only done + for the debug command "keyserver --hosttable". + + * dirmngr: Rework the internal certificate cache to support classes + of certificates. Load system provided certificates on startup. + Add options --tls, --no-crl, and --systrust to the "VALIDATE" + command. + + * dirmngr: Add support for the ntbtls library. + + * wks: Create mails with a "WKS-Phase" header. Fix detection of + Draft-2 mode. + + * The Windows installer is now build with limited TLS support. + + * Many other bug fixes and new regression tests. + Noteworthy changes in version 2.1.18 (2017-01-23) ------------------------------------------------- commit 246b27921b5dc34f367d879402725784aaee2494 Author: Werner Koch Date: Wed Mar 1 18:40:05 2017 +0100 build: Add kludge for "make distcheck" in a release build. * configure.ac: New option --enable-gnupg-builddir-envvar. (ENABLE_GNUPG_BUILDDIR_ENVVAR): New ac_define. * common/homedir.c (gnupg_set_builddir_from_env): Consider ENABLE_GNUPG_BUILDDIR_ENVVAR. * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Rename to ... (AM_DISTCHECK_CONFIGURE_FLAGS): this to be future proof. Add option --enable-gnupg-builddir-envvar. -- Our regression test suite makes use of the envvar GNUPG_BUILDDIR. Now the code in gnupg for evaluating this envvar is only included in a development version (that is one with a "-betaNNN" suffix). For a real release the envvar is not considered. However during a "make distcheck" a "make check" is done for the build directory. Without defining that envar we would try to run binaries in the install directory ("_inst" sub-directory) which are not yet installed at that time. Signed-off-by: Werner Koch diff --git a/Makefile.am b/Makefile.am index e220f8b..71e691a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -19,7 +19,8 @@ ## Process this file with automake to produce Makefile.in ACLOCAL_AMFLAGS = -I m4 -DISTCHECK_CONFIGURE_FLAGS = --enable-symcryptrun --enable-g13 \ +AM_DISTCHECK_CONFIGURE_FLAGS = --enable-gnupg-builddir-envvar \ + --enable-symcryptrun --enable-g13 \ --enable-gpg2-is-gpg --enable-gpgtar --enable-wks-tools --disable-ntbtls GITLOG_TO_CHANGELOG=gitlog-to-changelog diff --git a/common/homedir.c b/common/homedir.c index 6b40bb6..3055a32 100644 --- a/common/homedir.c +++ b/common/homedir.c @@ -914,7 +914,7 @@ gnupg_set_builddir (const char *newdir) static void gnupg_set_builddir_from_env (void) { -#ifdef IS_DEVELOPMENT_VERSION +#if defined(IS_DEVELOPMENT_VERSION) || defined(ENABLE_GNUPG_BUILDDIR_ENVVAR) if (gnupg_build_directory) return; diff --git a/configure.ac b/configure.ac index 1733c5a..4b9ceca 100644 --- a/configure.ac +++ b/configure.ac @@ -1693,6 +1693,21 @@ AC_ARG_ENABLE(optimization, fi]) # +# We do not want support for the GNUPG_BUILDDIR environment variable +# in a released version. However, our regression tests suite requires +# this and thus we build with support for it during "make distcheck". +# This configure option implements this along with the top Makefile's +# AM_DISTCHECK_CONFIGURE_FLAGS. +# +gnupg_builddir_envvar=no +AC_ARG_ENABLE(gnupg-builddir-envvar,, + gnupg_builddir_envvar=$enableval) +if test x"$gnupg_builddir_envvar" = x"yes"; then + AC_DEFINE(ENABLE_GNUPG_BUILDDIR_ENVVAR, 1, + [This is only used with "make distcheck"]) +fi + +# # Add user CFLAGS. # CFLAGS="$CFLAGS $CFLAGS_orig" ----------------------------------------------------------------------- Summary of changes: Makefile.am | 3 +- NEWS | 47 +++- common/homedir.c | 2 +- configure.ac | 17 +- doc/gpg.texi | 7 +- g10/export.c | 31 +-- g10/gpg.c | 4 +- g10/main.h | 6 +- po/ca.po | 70 ++++-- po/cs.po | 78 ++++-- po/da.po | 74 ++++-- po/el.po | 70 ++++-- po/eo.po | 67 +++-- po/es.po | 77 ++++-- po/et.po | 70 ++++-- po/fi.po | 70 ++++-- po/fr.po | 82 +++++-- po/gl.po | 70 ++++-- po/hu.po | 70 ++++-- po/id.po | 70 ++++-- po/it.po | 70 ++++-- po/ja.po | 82 +++++-- po/nb.po | 77 ++++-- po/pl.po | 7 +- po/pt.po | 71 ++++-- po/ro.po | 75 ++++-- po/ru.po | 737 ++++++++++++++++++++++++------------------------------- po/sk.po | 70 ++++-- po/sv.po | 76 ++++-- po/tr.po | 79 ++++-- po/uk.po | 570 ++++++++++++++++++------------------------ po/zh_CN.po | 75 ++++-- po/zh_TW.po | 77 ++++-- 33 files changed, 1798 insertions(+), 1253 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 1 19:29:41 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 01 Mar 2017 19:29:41 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.18-159-g3cdb792 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 3cdb7920076be4fc6f7600dfaaa504935104dac9 (commit) via 4a28c212b35739ce951bd41cfc6ef1a215846b2e (commit) via 246b27921b5dc34f367d879402725784aaee2494 (commit) from c405f2e8ff39a008c6f0b3188da4085b92dda270 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: Makefile.am | 3 ++- NEWS | 47 ++++++++++++++++++++++++++++++++++++++++++++++- common/homedir.c | 2 +- configure.ac | 17 ++++++++++++++++- 4 files changed, 65 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 1 19:38:19 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 01 Mar 2017 19:38:19 +0100 Subject: [git] gnupg-doc - branch, master, updated. fe0abbee3c7e7de6fb9b4daafcb2f38807728a55 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via fe0abbee3c7e7de6fb9b4daafcb2f38807728a55 (commit) from 7f63a22a714932368e970d084621e2679e37d56b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fe0abbee3c7e7de6fb9b4daafcb2f38807728a55 Author: Werner Koch Date: Wed Mar 1 19:35:43 2017 +0100 swdb: Released GnuPG 2.1.19 diff --git a/web/swdb.mac b/web/swdb.mac index 15877d3..94dbb6a 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -21,16 +21,16 @@ # # GnuPG-2.1 # -#+macro: gnupg21_ver 2.1.18 -#+macro: gnupg21_date 2017-01-23 -#+macro: gnupg21_size 6160k -#+macro: gnupg21_sha1 b698012cc2d77c2652afd168a15e679d1394fa89 -#+macro: gnupg21_sha2 d04c6fab7e5562ce4b915b22020e34d4c1a256847690cf149842264fc7cef994 -#+macro: gnupg21_w32_ver 2.1.18_20170123 -#+macro: gnupg21_w32_date 2017-01-23 -#+macro: gnupg21_w32_size 3670k -#+macro: gnupg21_w32_sha1 8d068811acef74619ca435b8bb7e77135bc4277b -#+macro: gnupg21_w32_sha2 1fd01e24f65465dfd075b8ad55a58eaee13e79c02c42096c325a7ccf5a1eb283 +#+macro: gnupg21_ver 2.1.19 +#+macro: gnupg21_date 2017-03-01 +#+macro: gnupg21_size 6254k +#+macro: gnupg21_sha1 10a088a6716789ac5c5cce2776952d8f4a5c57fc +#+macro: gnupg21_sha2 46cced1f5641ce29cc28250f52fadf6e417e649b3bfdec49a5a0d0b22a639bf0 +#+macro: gnupg21_w32_ver 2.1.19_20170301 +#+macro: gnupg21_w32_date 2017-03-01 +#+macro: gnupg21_w32_size 3747k +#+macro: gnupg21_w32_sha1 2614462170937abae1293cf227cacfb1028a11d3 +#+macro: gnupg21_w32_sha2 c59014bc9087831688129f1367360c92552274fd4bfdc2000e23436db75344fc # ----------------------------------------------------------------------- Summary of changes: web/swdb.mac | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 1 20:42:00 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 01 Mar 2017 20:42:00 +0100 Subject: [git] gnupg-doc - branch, master, updated. 89c8055e4d71dab22fdd4737c5ffc68d5730da5d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 89c8055e4d71dab22fdd4737c5ffc68d5730da5d (commit) from fe0abbee3c7e7de6fb9b4daafcb2f38807728a55 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 89c8055e4d71dab22fdd4737c5ffc68d5730da5d Author: Werner Koch Date: Wed Mar 1 20:33:27 2017 +0100 web: Release info for gnupg 2.1.19 Also moved some news to the old news page. diff --git a/web/index.org b/web/index.org index 640e3cb..711965c 100644 --- a/web/index.org +++ b/web/index.org @@ -66,6 +66,11 @@ The latest release news:\\ # point or paste the [[news.en.rss][RSS file]] into your aggregator. +** GnuPG 2.1.19 released (2017-03-01) + +A new version of GnuPG has been released. Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2017q1/000402.html][announcement +mail]] for details. + ** GnuPG 2.1.18 released (2017-01-23) A new version of GnuPG has been released. Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2017q1/000401.html][announcement @@ -125,61 +130,6 @@ been found. Updating the software is highly suggested. Please read this [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html][mail]] for details. Note that the CVE id in that mail is not correct, the correct one is CVE-2016-6313. -** GnuPG 2.1.14 released (2016-07-14) - -A new version of the /modern/ branch of GnuPG has been released. -Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000393.html][announcement mail]] for details. - -** Libgcrypt 1.7.2 released (2016-07-14) - -We are pleased to announce the availability of Libgcrypt version -1.7.2. This is a maintenance release for the stable version of -[[file:related_software/libgcrypt/index.org][Libgcrypt]] with a few bug fixes. [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000392.html][{more}]] - -** GnuPG 2.1.13 released (2016-06-16) - -A new version of the /modern/ branch of GnuPG has been released. -Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q2/000390.html][announcement mail]] for details. - -** Libgcrypt 1.7.1 released (2016-06-15) - -We are pleased to announce the availability of Libgcrypt version -1.7.1. This is a maintenance release for the stable version of -[[file:related_software/libgcrypt/index.org][Libgcrypt]] with a few bug fixes. [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q2/000389.html][{more}]] - -** First OpenPGP conference (2016-05-20) - -If you are a user or implementer of OpenPGP related software, you may -join us at [[https://gnupg.org/conf/][OpenPGP.conf]] in Cologne on September 8 and 9, 2016. - -** GnuPG 2.1.12 released (2016-05-04) - -A new version of the /modern/ branch of GnuPG has been released. -Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q2/000387.html][announcement mail]] for details. - -** Libgcrypt 1.7.0 released (2016-04-15) - -We are pleased to announce the availability of Libgcrypt version -1.7.0. This is a new stable version of [[file:related_software/libgcrypt/index.org][Libgcrypt]] with full API and -ABI compatibiliy to the 1.6 series. Its main features are new -algorithms, curves, and performance improvements. [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q2/000386.html][{more}]] - -** GnuPG 2.0.30 released (2016-03-31) - -GnuPG 2.0.30 is now available. This release fixes a few minor bugs; -users of GnuPG 2.0.x may want to update to this version. [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000385.html][{more}]] - -** Libgcrypt 1.6.5 released (2016-02-09) :important: - -Libgcrypt version 1.6.5 and an updated Windows installer for GnuPG -2.1.11 has been released to mitigate a new side-channel attack. -[[https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000384.html][{more}]] - -** GnuPG 2.1.11 released (2016-01-26) - -A new version of the /modern/ branch of GnuPG has been released. -Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000383.html][announcement mail]] for details. - * A big Thanks to all supporters diff --git a/web/news.org b/web/news.org index 449faea..48c60ed 100644 --- a/web/news.org +++ b/web/news.org @@ -7,6 +7,61 @@ On this page you'll find all the news of previous years in reverse chronological order. News for the current year are found at the [[index][main page]]. +** GnuPG 2.1.14 released (2016-07-14) + +A new version of the /modern/ branch of GnuPG has been released. +Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000393.html][announcement mail]] for details. + +** Libgcrypt 1.7.2 released (2016-07-14) + +We are pleased to announce the availability of Libgcrypt version +1.7.2. This is a maintenance release for the stable version of +[[file:related_software/libgcrypt/index.org][Libgcrypt]] with a few bug fixes. [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000392.html][{more}]] + +** GnuPG 2.1.13 released (2016-06-16) + +A new version of the /modern/ branch of GnuPG has been released. +Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q2/000390.html][announcement mail]] for details. + +** Libgcrypt 1.7.1 released (2016-06-15) + +We are pleased to announce the availability of Libgcrypt version +1.7.1. This is a maintenance release for the stable version of +[[file:related_software/libgcrypt/index.org][Libgcrypt]] with a few bug fixes. [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q2/000389.html][{more}]] + +** First OpenPGP conference (2016-05-20) + +If you are a user or implementer of OpenPGP related software, you may +join us at [[https://gnupg.org/conf/][OpenPGP.conf]] in Cologne on September 8 and 9, 2016. + +** GnuPG 2.1.12 released (2016-05-04) + +A new version of the /modern/ branch of GnuPG has been released. +Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q2/000387.html][announcement mail]] for details. + +** Libgcrypt 1.7.0 released (2016-04-15) + +We are pleased to announce the availability of Libgcrypt version +1.7.0. This is a new stable version of [[file:related_software/libgcrypt/index.org][Libgcrypt]] with full API and +ABI compatibiliy to the 1.6 series. Its main features are new +algorithms, curves, and performance improvements. [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q2/000386.html][{more}]] + +** GnuPG 2.0.30 released (2016-03-31) + +GnuPG 2.0.30 is now available. This release fixes a few minor bugs; +users of GnuPG 2.0.x may want to update to this version. [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000385.html][{more}]] + +** Libgcrypt 1.6.5 released (2016-02-09) :important: + +Libgcrypt version 1.6.5 and an updated Windows installer for GnuPG +2.1.11 has been released to mitigate a new side-channel attack. +[[https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000384.html][{more}]] + +** GnuPG 2.1.11 released (2016-01-26) + +A new version of the /modern/ branch of GnuPG has been released. +Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000383.html][announcement mail]] for details. + ** GnuPG 1.4.20 released (2015-12-20) ----------------------------------------------------------------------- Summary of changes: web/index.org | 60 +++++------------------------------------------------------ web/news.org | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+), 55 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 2 09:34:54 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Thu, 02 Mar 2017 09:34:54 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-2-ge064c75 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via e064c75b08a523f738108428fe0c417a46e66238 (commit) from 3cdb7920076be4fc6f7600dfaaa504935104dac9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e064c75b08a523f738108428fe0c417a46e66238 Author: Justus Winter Date: Wed Mar 1 17:47:47 2017 +0100 common,tools: Always escape newlines when escaping data. * common/stringhelp.c (do_percent_escape): Always escape newlines. * tools/gpgconf-comp.c (gc_percent_escape): Likewise. -- Newlines always pose a problem for a line-based communication format. GnuPG-bug-id: 2387 Signed-off-by: Justus Winter diff --git a/common/stringhelp.c b/common/stringhelp.c index 341dd52..bea1466 100644 --- a/common/stringhelp.c +++ b/common/stringhelp.c @@ -1052,7 +1052,8 @@ do_percent_escape (const char *str, const char *extra, int die) return NULL; for (i=j=0; str[i]; i++) - if (str[i] == ':' || str[i] == '%' || (extra && strchr (extra, str[i]))) + if (str[i] == ':' || str[i] == '%' || str[i] == '\n' + || (extra && strchr (extra, str[i]))) j++; if (die) ptr = xmalloc (i + 2 * j + 1); @@ -1077,6 +1078,13 @@ do_percent_escape (const char *str, const char *extra, int die) ptr[i++] = '2'; ptr[i++] = '5'; } + else if (*str == '\n') + { + /* The newline is problematic in a line-based format. */ + ptr[i++] = '%'; + ptr[i++] = '0'; + ptr[i++] = 'a'; + } else if (extra && strchr (extra, *str)) { ptr[i++] = '%'; diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c index d53947e..0c939e5 100644 --- a/tools/gpgconf-comp.c +++ b/tools/gpgconf-comp.c @@ -1491,6 +1491,13 @@ gc_percent_escape (const char *src) *(dst++) = '2'; *(dst++) = 'c'; } + else if (*src == '\n') + { + /* The newline is problematic in a line-based format. */ + *(dst++) = '%'; + *(dst++) = '0'; + *(dst++) = 'a'; + } else *(dst++) = *(src); src++; ----------------------------------------------------------------------- Summary of changes: common/stringhelp.c | 10 +++++++++- tools/gpgconf-comp.c | 7 +++++++ 2 files changed, 16 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 2 09:38:46 2017 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Thu, 02 Mar 2017 09:38:46 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.8.0-89-g8071a6b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 8071a6b2ca33c2a46ed1d50ae7283241daaafcd3 (commit) from d63258066d008de113ed1170f1b0e787a5bdaba1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8071a6b2ca33c2a46ed1d50ae7283241daaafcd3 Author: Andre Heinecke Date: Thu Mar 2 09:35:05 2017 +0100 cpp: Add subkey keygrip to API * lang/cpp/src/key.cpp (Subkey::keyGrip): New. * lang/cpp/src/key.h: Update accordingly. diff --git a/NEWS b/NEWS index 4ad1cea..7899522 100644 --- a/NEWS +++ b/NEWS @@ -19,6 +19,7 @@ Noteworthy changes in version 1.8.1 (unreleased) cpp: Key::UserID::revoke() NEW. cpp: Key::addUid() NEW. cpp: GpgGenCardKeyInteractor NEW. + cpp: Subkey::keyGrip NEW. qt: CryptoConfig::stringValueList() NEW. gpgme_data_rewind UN-DEPRECATE. py: Context.__init__ EXTENDED: New keyword arg home_dir. diff --git a/lang/cpp/src/key.cpp b/lang/cpp/src/key.cpp index 3cc26a7..9eebbf0 100644 --- a/lang/cpp/src/key.cpp +++ b/lang/cpp/src/key.cpp @@ -476,7 +476,12 @@ bool Subkey::isCardKey() const const char *Subkey::cardSerialNumber() const { - return subkey ? subkey->card_number : 0 ; + return subkey ? subkey->card_number : nullptr; +} + +const char *Subkey::keyGrip() const +{ + return subkey ? subkey->keygrip : nullptr; } bool Subkey::isSecret() const diff --git a/lang/cpp/src/key.h b/lang/cpp/src/key.h index b0599c7..8c11a9d 100644 --- a/lang/cpp/src/key.h +++ b/lang/cpp/src/key.h @@ -270,6 +270,8 @@ public: const char *cardSerialNumber() const; + const char *keyGrip() const; + private: shared_gpgme_key_t key; gpgme_sub_key_t subkey; ----------------------------------------------------------------------- Summary of changes: NEWS | 1 + lang/cpp/src/key.cpp | 7 ++++++- lang/cpp/src/key.h | 2 ++ 3 files changed, 9 insertions(+), 1 deletion(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 2 10:46:18 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Thu, 02 Mar 2017 10:46:18 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-3-g74cb3b2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 74cb3b230c1f99afc5fd09bccc24186a63b154b0 (commit) from e064c75b08a523f738108428fe0c417a46e66238 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 74cb3b230c1f99afc5fd09bccc24186a63b154b0 Author: Justus Winter Date: Thu Mar 2 10:41:03 2017 +0100 tests: Log information about ssh, add comments to test. * tests/openpgp/ssh-import.scm (ssh-version-string): New variable, and log the binary and version used in the test. (ssh-supports?): Document how we test what algorithms are supported by ssh, and log ssh-keygen's replies. -- We have some trouble with this test on macOS, and adding some more information in verbose mode will hopefully make tracking down these problems easier in the future. GnuPG-bug-id: 2980 Signed-off-by: Justus Winter diff --git a/tests/openpgp/ssh-import.scm b/tests/openpgp/ssh-import.scm index 7a4364c..d210056 100755 --- a/tests/openpgp/ssh-import.scm +++ b/tests/openpgp/ssh-import.scm @@ -36,8 +36,13 @@ (catch (skip "ssh-keygen not found") (set! ssh-keygen (path-expand "ssh-keygen" path))) +(define ssh-version-string + (:stderr (call-with-io `(,ssh "-V") ""))) + +(log "Using" ssh "version:" ssh-version-string) + (define ssh-version - (let ((tmp (:stderr (call-with-io `(,ssh "-V") ""))) + (let ((tmp ssh-version-string) (prefix "OpenSSH_")) (unless (string-prefix? tmp prefix) (skip "This doesn't look like OpenSSH:" tmp)) @@ -45,14 +50,22 @@ (+ 3 (string-length prefix)))))) (define (ssh-supports? algorithm) + ;; We exploit ssh-keygen as an oracle to test what algorithms ssh + ;; supports. (cond ((equal? algorithm "ed25519") + ;; Unfortunately, our oracle does not work for ed25519 because + ;; this is a specific curve and not a family, so the key size + ;; parameter is ignored. (>= ssh-version 6.5)) (else - (not (string-contains? (:stderr (call-with-io `(,ssh-keygen - -t ,algorithm - -b "1009") "")) - "unknown key type"))))) + ;; We call ssh-keygen with the algorithm to test, specify an + ;; invalid key size, and observe the error message. + (let ((output (:stderr (call-with-io `(,ssh-keygen + -t ,algorithm + -b "1009") "")))) + (log "(ssh-supports?" algorithm "), ssh algorithm oracle replied:" output) + (not (string-contains? output "unknown key type")))))) (define keys '(("dsa" "9a:e1:f1:5f:46:ea:a5:06:e1:e2:f8:38:8e:06:54:58") ----------------------------------------------------------------------- Summary of changes: tests/openpgp/ssh-import.scm | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 2 11:41:40 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Thu, 02 Mar 2017 11:41:40 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-4-g62d21a4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 62d21a4ab4029b32ea129f1cf3a0e1f22e2fb7b0 (commit) from 74cb3b230c1f99afc5fd09bccc24186a63b154b0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 62d21a4ab4029b32ea129f1cf3a0e1f22e2fb7b0 Author: Justus Winter Date: Thu Mar 2 11:39:00 2017 +0100 g10: Signal an error when trying to revoke non-existant UID. * g10/keyedit.c (keyedit_quick_revuid): Signal an error when trying to revoke non-existant UID. * tests/openpgp/quick-key-manipulation.scm: Test that. GnuPG-bug-id: 2962 Signed-off-by: Justus Winter diff --git a/g10/keyedit.c b/g10/keyedit.c index 892da1a..c591600 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -3053,6 +3053,8 @@ keyedit_quick_revuid (ctrl_t ctrl, const char *username, const char *uidtorev) } } + log_error (_("User ID revocation failed: %s\n"), gpg_strerror (GPG_ERR_NOT_FOUND)); + leave: release_kbnode (keyblock); keydb_release (kdbhd); diff --git a/tests/openpgp/quick-key-manipulation.scm b/tests/openpgp/quick-key-manipulation.scm index 7ede5e9..8ceb035 100755 --- a/tests/openpgp/quick-key-manipulation.scm +++ b/tests/openpgp/quick-key-manipulation.scm @@ -37,6 +37,7 @@ (define alpha "Alpha ") (define bravo "Bravo ") +(define charlie "Charlie ") (define (key-data key) (filter (lambda (x) (or (string=? (car x) "pub") @@ -79,6 +80,11 @@ (info "Checking that we can revoke a user ID...") (call-check `(, at GPG --quick-revoke-uid ,(exact bravo) ,alpha)) +(info "Checking that we get an error revoking a non-existant user ID.") +(catch '() + (call-check `(, at GPG --quick-revoke-uid ,(exact bravo) ,charlie)) + (error "Expected an error, but get none.")) + (assert (= 1 (count-uids-of-secret-key bravo))) (info "Checking that we can change the expiration time.") ----------------------------------------------------------------------- Summary of changes: g10/keyedit.c | 2 ++ tests/openpgp/quick-key-manipulation.scm | 6 ++++++ 2 files changed, 8 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 2 12:12:02 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 02 Mar 2017 12:12:02 +0100 Subject: [git] gnupg-doc - branch, master, updated. 5369c27b4cdca0a1909c77ed4acb91f35f9d86c9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 5369c27b4cdca0a1909c77ed4acb91f35f9d86c9 (commit) from 89c8055e4d71dab22fdd4737c5ffc68d5730da5d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5369c27b4cdca0a1909c77ed4acb91f35f9d86c9 Author: Werner Koch Date: Thu Mar 2 12:09:23 2017 +0100 web: Change hardware sponsor from OpenIT to PlusServer OpenIT was acquired last year by PlusServer. Signed-off-by: Werner Koch diff --git a/web/donate/kudos.org b/web/donate/kudos.org index 7ecb0cd..f8d3b1a 100644 --- a/web/donate/kudos.org +++ b/web/donate/kudos.org @@ -77,9 +77,9 @@ The [[https://gnupg.org/blog/20140512-rewards-sent.html][Goteo crowdfunding]] ca * Hardware and service donations - We have to thank [[https://www.openit.de][OpenIT]] for their long time support of GnuPG. They - provide rack space, connectivity, and are fast in fixing problems - with the machines. + We have to thank [[https://www.plusserver.com][PlusServer]] for their long time support of GnuPG. + They provide rack space, connectivity, and are fast in fixing + problems with the machines. # Without doing this in HTML we get an extra div figure around the # link which messes up the rendering. Funnily this does not happen @@ -87,7 +87,7 @@ The [[https://gnupg.org/blog/20140512-rewards-sent.html][Goteo crowdfunding]] ca # #+HTML:

#+HTML:

-#+HTML: Logo OpenIT +#+HTML: Logo PlusServer #+HTML:

#+HTML:
diff --git a/web/share/logo-sponsor.png b/web/share/logo-sponsor.png index fc7abfc..e01ada7 100644 Binary files a/web/share/logo-sponsor.png and b/web/share/logo-sponsor.png differ ----------------------------------------------------------------------- Summary of changes: web/donate/kudos.org | 10 +++++----- web/share/logo-sponsor.png | Bin 7708 -> 4796 bytes 2 files changed, 5 insertions(+), 5 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 2 12:36:25 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 02 Mar 2017 12:36:25 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-5-gd6f0f36 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via d6f0f368763006abf08818bfefcd32ecedb5c20a (commit) from 62d21a4ab4029b32ea129f1cf3a0e1f22e2fb7b0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d6f0f368763006abf08818bfefcd32ecedb5c20a Author: Werner Koch Date: Thu Mar 2 12:29:31 2017 +0100 agent: Improve error message for the KEYTOCARD command. * agent/command.c (cmd_keytocard): Always use leave_cmd. Simplify timestamp checking and do an early test with an appropriate error message. Signed-off-by: Werner Koch diff --git a/agent/command.c b/agent/command.c index ec38649..acc3877 100644 --- a/agent/command.c +++ b/agent/command.c @@ -2486,7 +2486,7 @@ cmd_keytocard (assuan_context_t ctx, char *line) unsigned char grip[20]; gcry_sexp_t s_skey = NULL; unsigned char *keydata; - size_t keydatalen, timestamplen; + size_t keydatalen; const char *serialno, *timestamp_str, *id; unsigned char *shadow_info = NULL; time_t timestamp; @@ -2499,11 +2499,15 @@ cmd_keytocard (assuan_context_t ctx, char *line) err = parse_keygrip (ctx, line, grip); if (err) - return err; + goto leave; if (agent_key_available (grip)) - return gpg_error (GPG_ERR_NO_SECKEY); + { + err =gpg_error (GPG_ERR_NO_SECKEY); + goto leave; + } + /* Fixme: Replace the parsing code by split_fields(). */ line += 40; while (*line && (*line == ' ' || *line == '\t')) line++; @@ -2511,7 +2515,10 @@ cmd_keytocard (assuan_context_t ctx, char *line) while (*line && (*line != ' ' && *line != '\t')) line++; if (!*line) - return gpg_error (GPG_ERR_MISSING_VALUE); + { + err = gpg_error (GPG_ERR_MISSING_VALUE); + goto leave; + } *line = '\0'; line++; while (*line && (*line == ' ' || *line == '\t')) @@ -2520,7 +2527,10 @@ cmd_keytocard (assuan_context_t ctx, char *line) while (*line && (*line != ' ' && *line != '\t')) line++; if (!*line) - return gpg_error (GPG_ERR_MISSING_VALUE); + { + err = gpg_error (GPG_ERR_MISSING_VALUE); + goto leave; + } *line = '\0'; line++; while (*line && (*line == ' ' || *line == '\t')) @@ -2530,9 +2540,12 @@ cmd_keytocard (assuan_context_t ctx, char *line) line++; if (*line) *line = '\0'; - timestamplen = line - timestamp_str; - if (timestamplen != 15) - return gpg_error (GPG_ERR_INV_VALUE); + + if ((timestamp = isotime2epoch (timestamp_str)) == (time_t)(-1)) + { + err = gpg_error (GPG_ERR_INV_TIME); + goto leave; + } err = agent_key_from_file (ctrl, NULL, ctrl->server_local->keydesc, grip, &shadow_info, CACHE_MODE_IGNORE, NULL, @@ -2540,34 +2553,36 @@ cmd_keytocard (assuan_context_t ctx, char *line) if (err) { xfree (shadow_info); - return err; + goto leave; } if (shadow_info) { /* Key is on a smartcard already. */ xfree (shadow_info); gcry_sexp_release (s_skey); - return gpg_error (GPG_ERR_UNUSABLE_SECKEY); + err = gpg_error (GPG_ERR_UNUSABLE_SECKEY); + goto leave; } keydatalen = gcry_sexp_sprint (s_skey, GCRYSEXP_FMT_CANON, NULL, 0); keydata = xtrymalloc_secure (keydatalen + 30); if (keydata == NULL) { + err = gpg_error_from_syserror (); gcry_sexp_release (s_skey); - return gpg_error_from_syserror (); + goto leave; } gcry_sexp_sprint (s_skey, GCRYSEXP_FMT_CANON, keydata, keydatalen); gcry_sexp_release (s_skey); keydatalen--; /* Decrement for last '\0'. */ /* Add timestamp "created-at" in the private key */ - timestamp = isotime2epoch (timestamp_str); snprintf (keydata+keydatalen-1, 30, "(10:created-at10:%010lu))", timestamp); keydatalen += 10 + 19 - 1; err = divert_writekey (ctrl, force, serialno, id, keydata, keydatalen); xfree (keydata); + leave: return leave_cmd (ctx, err); } ----------------------------------------------------------------------- Summary of changes: agent/command.c | 39 +++++++++++++++++++++++++++------------ 1 file changed, 27 insertions(+), 12 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 2 14:51:37 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Thu, 02 Mar 2017 14:51:37 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-6-g4735ab9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 4735ab96aa5577d40ba7b3f72d863057198cc6a7 (commit) from d6f0f368763006abf08818bfefcd32ecedb5c20a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4735ab96aa5577d40ba7b3f72d863057198cc6a7 Author: Justus Winter Date: Thu Mar 2 14:35:09 2017 +0100 gpg: Fix (quick) key generation with --always-trust. * g10/keygen.c (do_generate_keypair): Only update the ownertrust if we do have a trust database. * g10/trustdb.c (have_trustdb): New function. * g10/trustdb.h (have_trustdb): New prototype. * tests/openpgp/quick-key-manipulation.scm: Remove workaround. GnuPG-bug-id: 2695 Signed-off-by: Justus Winter diff --git a/g10/keygen.c b/g10/keygen.c index 24cf93c..f044257 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -4791,8 +4791,9 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para, keyid_from_pk (pk, pk->main_keyid); register_trusted_keyid (pk->main_keyid); - update_ownertrust (pk, ((get_ownertrust (pk) & ~TRUST_MASK) - | TRUST_ULTIMATE )); + if (have_trustdb ()) + update_ownertrust (pk, ((get_ownertrust (pk) & ~TRUST_MASK) + | TRUST_ULTIMATE )); gen_standard_revoke (pk, cache_nonce); diff --git a/g10/trustdb.c b/g10/trustdb.c index f4df4c8..7443051 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -511,6 +511,16 @@ init_trustdb (int no_create) } +/* Check whether we have a trust database, initializing it if + necessary if the trust model is not 'always trust'. Returns true + if we do have a usable trust database. */ +int +have_trustdb (void) +{ + return init_trustdb (opt.trust_model == TM_ALWAYS) == 0; +} + + /**************** * Recreate the WoT but do not ask for new ownertrusts. Special * feature: In batch mode and without a forced yes, this is only done diff --git a/g10/trustdb.h b/g10/trustdb.h index 3088063..00be4df 100644 --- a/g10/trustdb.h +++ b/g10/trustdb.h @@ -128,6 +128,7 @@ int setup_trustdb( int level, const char *dbname ); void how_to_fix_the_trustdb (void); const char *trust_model_string (int model); gpg_error_t init_trustdb (int no_create); +int have_trustdb (void); void tdb_check_trustdb_stale (ctrl_t ctrl); void sync_trustdb( void ); diff --git a/tests/openpgp/quick-key-manipulation.scm b/tests/openpgp/quick-key-manipulation.scm index 8ceb035..10f0bfe 100755 --- a/tests/openpgp/quick-key-manipulation.scm +++ b/tests/openpgp/quick-key-manipulation.scm @@ -21,10 +21,6 @@ (load (with-path "time.scm")) (setup-environment) - ;; XXX because of --always-trust, the trustdb is not created. - ;; Therefore, we redefine GPG without --always-trust. -(define GPG `(,(tool 'gpg) --no-permission-warning)) - (define (exact id) (string-append "=" id)) ----------------------------------------------------------------------- Summary of changes: g10/keygen.c | 5 +++-- g10/trustdb.c | 10 ++++++++++ g10/trustdb.h | 1 + tests/openpgp/quick-key-manipulation.scm | 4 ---- 4 files changed, 14 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 2 15:53:50 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 02 Mar 2017 15:53:50 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.8.0-91-gef035f0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via ef035f079fb067f207e5477d5ed6c5a68fb41f59 (commit) via 2486d0073b59790decb34333be6283490e818b65 (commit) from 8071a6b2ca33c2a46ed1d50ae7283241daaafcd3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ef035f079fb067f207e5477d5ed6c5a68fb41f59 Author: Werner Koch Date: Thu Mar 2 14:52:52 2017 +0100 core: Fix minor code style thing. * src/engine-gpg.c (gpg_add_algo_usage_expire): Use double parenthesis for bit tests. Signed-off-by: Werner Koch diff --git a/src/engine-gpg.c b/src/engine-gpg.c index 3443600..59cf405 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -2093,7 +2093,7 @@ gpg_add_algo_usage_expire (engine_gpg_t gpg, } if (!err) { - if (flags & GPGME_CREATE_NOEXPIRE) + if ((flags & GPGME_CREATE_NOEXPIRE)) err = add_arg (gpg, "never"); else if (expires == 0) err = add_arg (gpg, "-"); commit 2486d0073b59790decb34333be6283490e818b65 Author: Werner Koch Date: Thu Mar 2 14:47:51 2017 +0100 Revert "core: Fix error types." -- This reverts commit 6df6e01ed5a581765d245bf7303cda4497d0eb22. gpgme_error_t et al are from a time where we had no hard dependency on libgpg-error. Now libgpg-error is a required and thus it does not make sense to have these surrogates. In fact we should ventually completely remove them. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index 7899522..a270af7 100644 --- a/NEWS +++ b/NEWS @@ -7,8 +7,6 @@ Noteworthy changes in version 1.8.1 (unreleased) * Interface changes relative to the 1.8.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - gpgme_strerror_r CHANGED: Use gpgme_error_t (compatible type). - gpgme_data_set_flag CHANGED: Return gpgme_error_t (compatible type). gpgme_op_createkey CHANGED: Meaning of 'expire' parameter. gpgme_op_createsubkey CHANGED: Meaning of 'expire' parameter. GPGME_CREATE_NOEXPIRE NEW. diff --git a/src/data.c b/src/data.c index 6fe7e71..e4e9ee3 100644 --- a/src/data.c +++ b/src/data.c @@ -259,7 +259,7 @@ gpgme_data_get_file_name (gpgme_data_t dh) /* Set a flag for the data object DH. See the manual for details. */ -gpgme_error_t +gpg_error_t gpgme_data_set_flag (gpgme_data_t dh, const char *name, const char *value) { TRACE_BEG2 (DEBUG_DATA, "gpgme_data_set_flag", dh, diff --git a/src/error.c b/src/error.c index d9c5fd0..a84b867 100644 --- a/src/error.c +++ b/src/error.c @@ -41,7 +41,7 @@ gpgme_strerror (gpgme_error_t err) large enough, ERANGE is returned and BUF contains as much of the beginning of the error string as fits into the buffer. */ int -gpgme_strerror_r (gpgme_error_t err, char *buf, size_t buflen) +gpgme_strerror_r (gpg_error_t err, char *buf, size_t buflen) { return gpg_strerror_r (err, buf, buflen); } diff --git a/src/gpgme.h.in b/src/gpgme.h.in index f76689e..032a205 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -177,7 +177,7 @@ const char *gpgme_strerror (gpgme_error_t err); contains the string describing the error. If the buffer was not large enough, ERANGE is returned and BUF contains as much of the beginning of the error string as fits into the buffer. */ -int gpgme_strerror_r (gpgme_error_t err, char *buf, size_t buflen); +int gpgme_strerror_r (gpg_error_t err, char *buf, size_t buflen); /* Return a pointer to a string containing a description of the error source in the error value ERR. */ @@ -1161,8 +1161,8 @@ gpgme_error_t gpgme_data_set_file_name (gpgme_data_t dh, const char *file_name); /* Set a flag for the data object DH. See the manual for details. */ -gpgme_error_t gpgme_data_set_flag (gpgme_data_t dh, - const char *name, const char *value); +gpg_error_t gpgme_data_set_flag (gpgme_data_t dh, + const char *name, const char *value); /* Try to identify the type of the data in DH. */ gpgme_data_type_t gpgme_data_identify (gpgme_data_t dh, int reserved); ----------------------------------------------------------------------- Summary of changes: NEWS | 2 -- src/data.c | 2 +- src/engine-gpg.c | 2 +- src/error.c | 2 +- src/gpgme.h.in | 6 +++--- 5 files changed, 6 insertions(+), 8 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 2 16:07:49 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Thu, 02 Mar 2017 16:07:49 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.8.0-92-g4139877 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 41398779abbcb1ec2d7491e141469a752fc706ff (commit) from ef035f079fb067f207e5477d5ed6c5a68fb41f59 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 41398779abbcb1ec2d7491e141469a752fc706ff Author: Justus Winter Date: Thu Mar 2 16:06:29 2017 +0100 python: Print path of the Python module used during tests. * lang/python/tests/initial.py: Print path of the Python module used during tests. Useful to detect if by any mistake the wrong module is picked up. Signed-off-by: Justus Winter diff --git a/lang/python/tests/initial.py b/lang/python/tests/initial.py index ebe7f8a..4a02762 100755 --- a/lang/python/tests/initial.py +++ b/lang/python/tests/initial.py @@ -24,6 +24,9 @@ import os import subprocess import gpg import support + +print("Using gpg module from {0!r}.".format(os.path.dirname(gpg.__file__))) + support.init_gpgme(gpg.constants.protocol.OpenPGP) subprocess.check_call([os.path.join(os.getenv('top_srcdir'), ----------------------------------------------------------------------- Summary of changes: lang/python/tests/initial.py | 3 +++ 1 file changed, 3 insertions(+) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 2 16:28:14 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Thu, 02 Mar 2017 16:28:14 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-7-g0c4d062 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 0c4d0620d327e8a2069532a5519afefe867a47d6 (commit) from 4735ab96aa5577d40ba7b3f72d863057198cc6a7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0c4d0620d327e8a2069532a5519afefe867a47d6 Author: Justus Winter Date: Thu Mar 2 16:25:20 2017 +0100 gpg: Always initialize the trust db when generating keys. * g10/gpg.c (main): Always initialize the trust db when generating keys. * g10/keygen.c (do_generate_keypair): We can now assume that there is a trust db. -- It is important to mark keys we create as ultimately trusted. Fixes-commit: 4735ab96aa5577d40ba7b3f72d863057198cc6a7 GnuPG-bug-id: 2695 Signed-off-by: Justus Winter diff --git a/g10/gpg.c b/g10/gpg.c index 5a880fd..654dcb9 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -3949,6 +3949,11 @@ main (int argc, char **argv) case aListTrustDB: rc = setup_trustdb (argc? 1:0, trustdb_name); break; + case aKeygen: + case aFullKeygen: + case aQuickKeygen: + rc = setup_trustdb (1, trustdb_name); + break; default: /* If we are using TM_ALWAYS, we do not need to create the trustdb. */ diff --git a/g10/keygen.c b/g10/keygen.c index f044257..201ebaa 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -4791,9 +4791,8 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para, keyid_from_pk (pk, pk->main_keyid); register_trusted_keyid (pk->main_keyid); - if (have_trustdb ()) - update_ownertrust (pk, ((get_ownertrust (pk) & ~TRUST_MASK) - | TRUST_ULTIMATE )); + update_ownertrust (pk, ((get_ownertrust (pk) & ~TRUST_MASK) + | TRUST_ULTIMATE )); gen_standard_revoke (pk, cache_nonce); ----------------------------------------------------------------------- Summary of changes: g10/gpg.c | 5 +++++ g10/keygen.c | 5 ++--- 2 files changed, 7 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 2 18:03:25 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 02 Mar 2017 18:03:25 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-8-gde6d831 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via de6d8313f6df32aaa151bee74e1db269ac1e0fed (commit) from 0c4d0620d327e8a2069532a5519afefe867a47d6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit de6d8313f6df32aaa151bee74e1db269ac1e0fed Author: Werner Koch Date: Thu Mar 2 17:58:00 2017 +0100 dirmngr: Let --gpgconf-list return the default keyserver. * dirmngr/misc.c (get_default_keyserver): New. * dirmngr/http.c: Include misc.h (http_session_new): Use get_default_keyserver instead of hardwired "hkps.pool.sks-keyservers.net". * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto. * dirmngr/dirmngr.c (main) : Return default keyserver. Signed-off-by: Werner Koch diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c index c877a9b..75e8523 100644 --- a/dirmngr/dirmngr.c +++ b/dirmngr/dirmngr.c @@ -1454,7 +1454,13 @@ main (int argc, char **argv) es_printf ("ignore-ocsp-servic-url:%lu:\n", flags | GC_OPT_FLAG_NONE); es_printf ("use-tor:%lu:\n", flags | GC_OPT_FLAG_NONE); - es_printf ("keyserver:%lu:\n", flags | GC_OPT_FLAG_NONE); + + filename_esc = percent_escape (get_default_keyserver (0), NULL); + es_printf ("keyserver:%lu:\"%s:\n", flags | GC_OPT_FLAG_DEFAULT, + filename_esc); + xfree (filename_esc); + + es_printf ("nameserver:%lu:\n", flags | GC_OPT_FLAG_NONE); es_printf ("resolver-timeout:%lu:%u\n", flags | GC_OPT_FLAG_DEFAULT, 0); diff --git a/dirmngr/http-ntbtls.c b/dirmngr/http-ntbtls.c index 00d6a58..d44b779 100644 --- a/dirmngr/http-ntbtls.c +++ b/dirmngr/http-ntbtls.c @@ -26,12 +26,12 @@ #include "dirmngr.h" #include "certcache.h" #include "validate.h" +#include "misc.h" #ifdef HTTP_USE_NTBTLS # include - /* The callback used to verify the peer's certificate. */ gpg_error_t gnupg_http_tls_verify_cb (void *opaque, @@ -77,11 +77,11 @@ gnupg_http_tls_verify_cb (void *opaque, validate_flags = VALIDATE_FLAG_TLS; - /* Are we using the standard hkps:// pool use the dedicated + /* If we are using the standard hkps:// pool use the dedicated * root certificate. */ hostname = ntbtls_get_hostname (tls); if (hostname - && !ascii_strcasecmp (hostname, "hkps.pool.sks-keyservers.net")) + && !ascii_strcasecmp (hostname, get_default_keyserver (1))) { validate_flags |= VALIDATE_FLAG_TRUST_HKPSPOOL; } diff --git a/dirmngr/http.c b/dirmngr/http.c index 890f5f6..fc82924 100644 --- a/dirmngr/http.c +++ b/dirmngr/http.c @@ -100,6 +100,7 @@ #include "i18n.h" #include "dns-stuff.h" #include "http.h" +#include "misc.h" #ifdef USE_NPTH @@ -726,7 +727,7 @@ http_session_new (http_session_t *r_session, is_hkps_pool = (intended_hostname && !ascii_strcasecmp (intended_hostname, - "hkps.pool.sks-keyservers.net")); + get_default_keyserver (1))); /* If the user has not specified a CA list, and they are looking * for the hkps pool from sks-keyservers.net, then default to diff --git a/dirmngr/misc.c b/dirmngr/misc.c index 6d7c963..d2f1c69 100644 --- a/dirmngr/misc.c +++ b/dirmngr/misc.c @@ -30,6 +30,29 @@ #include "util.h" #include "misc.h" +/* Return a static string with the default keyserver. If NAME_ONLY is + * given only the name part is returned. */ +const char * +get_default_keyserver (int name_only) +{ + static const char *result; + + if (!name_only) + return DIRMNGR_DEFAULT_KEYSERVER; + + if (!result) + { + /* Strip the scheme from the constant. */ + result = strstr (DIRMNGR_DEFAULT_KEYSERVER, "://"); + log_assert (result && strlen (result) > 3); + result += 3; + /* Assert that there is no port given. */ + log_assert (strchr (result, ':')); + } + return result; +} + + /* Convert the hex encoded STRING back into binary and store the result into the provided buffer RESULT. The actual size of that diff --git a/dirmngr/misc.h b/dirmngr/misc.h index be4049e..f25574f 100644 --- a/dirmngr/misc.h +++ b/dirmngr/misc.h @@ -21,6 +21,8 @@ #ifndef MISC_H #define MISC_H +const char *get_default_keyserver (int name_only); + /* Convert hex encoded string back to binary. */ size_t unhexify (unsigned char *result, const char *string); ----------------------------------------------------------------------- Summary of changes: dirmngr/dirmngr.c | 8 +++++++- dirmngr/http-ntbtls.c | 6 +++--- dirmngr/http.c | 3 ++- dirmngr/misc.c | 23 +++++++++++++++++++++++ dirmngr/misc.h | 2 ++ 5 files changed, 37 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 2 18:37:59 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 02 Mar 2017 18:37:59 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-9-g1890896 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 1890896fe698c55d15160a53aa6c5c22dc424031 (commit) from de6d8313f6df32aaa151bee74e1db269ac1e0fed (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1890896fe698c55d15160a53aa6c5c22dc424031 Author: Werner Koch Date: Thu Mar 2 18:17:58 2017 +0100 dirmngr: Rearrange files to fix de6d831. * dirmngr/http-common.c: New. * dirmngr/http-common.h: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add them. (t_http_SOURCES): Add them. (t_ldap_parse_uri_SOURCES): Add them. * dirmngr/misc.c (get_default_keyserver): Move to ... * dirmngr/http-common.c: here. * dirmngr/http.c: Include http-common.h instead of misc.h. * dirmngr/http-ntbtls.c: Ditto. Signed-off-by: Werner Koch diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am index 8d22cc4..93880f8 100644 --- a/dirmngr/Makefile.am +++ b/dirmngr/Makefile.am @@ -61,8 +61,7 @@ dirmngr_SOURCES = dirmngr.c dirmngr.h server.c crlcache.c crlfetch.c \ cdb.h cdblib.c misc.c dirmngr-err.h \ ocsp.c ocsp.h validate.c validate.h \ dns-stuff.c dns-stuff.h \ - http.c http.h \ - http-ntbtls.c \ + http.c http.h http-common.c http-common.h http-ntbtls.c \ ks-action.c ks-action.h ks-engine.h \ ks-engine-hkp.c ks-engine-http.c ks-engine-finger.c ks-engine-kdns.c @@ -141,7 +140,7 @@ endif # http tests # We need to add the KSBA flags in case we are building against GNUTLS. # In that case NTBTLS flags are empty, but we need ksba anyway. -t_http_SOURCES = $(t_common_src) t-http.c http.c dns-stuff.c +t_http_SOURCES = $(t_common_src) t-http.c http.c dns-stuff.c http-common.c t_http_CFLAGS = -DWITHOUT_NPTH=1 $(USE_C99_CFLAGS) \ $(LIBGCRYPT_CFLAGS) $(NTBTLS_CFLAGS) $(LIBGNUTLS_CFLAGS) \ $(GPG_ERROR_CFLAGS) $(KSBA_CFLAGS) @@ -150,7 +149,7 @@ t_http_LDADD = $(t_common_ldadd) \ t_ldap_parse_uri_SOURCES = \ t-ldap-parse-uri.c ldap-parse-uri.c ldap-parse-uri.h \ - http.c dns-stuff.c \ + http.c http-common.c dns-stuff.c \ $(ldap_url) $(t_common_src) t_ldap_parse_uri_CFLAGS = -DWITHOUT_NPTH=1 $(USE_C99_CFLAGS) \ $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c index 75e8523..f05bdd1 100644 --- a/dirmngr/dirmngr.c +++ b/dirmngr/dirmngr.c @@ -72,6 +72,7 @@ #include "../common/init.h" #include "gc-opt-flags.h" #include "dns-stuff.h" +#include "http-common.h" #ifndef ENAMETOOLONG # define ENAMETOOLONG EINVAL diff --git a/dirmngr/http-common.c b/dirmngr/http-common.c new file mode 100644 index 0000000..6013669 --- /dev/null +++ b/dirmngr/http-common.c @@ -0,0 +1,50 @@ +/* http-common.c - Common support for TLS implementations. + * Copyright (C) 2017 Werner Koch + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#include + +#include +#include +#include + +#include "dirmngr.h" +#include "http-common.h" + + +/* Return a static string with the default keyserver. If NAME_ONLY is + * given only the name part is returned. */ +const char * +get_default_keyserver (int name_only) +{ + static const char *result; + + if (!name_only) + return DIRMNGR_DEFAULT_KEYSERVER; + + if (!result) + { + /* Strip the scheme from the constant. */ + result = strstr (DIRMNGR_DEFAULT_KEYSERVER, "://"); + log_assert (result && strlen (result) > 3); + result += 3; + /* Assert that there is no port given. */ + log_assert (strchr (result, ':')); + } + return result; +} diff --git a/dirmngr/http-common.h b/dirmngr/http-common.h new file mode 100644 index 0000000..5e6657b --- /dev/null +++ b/dirmngr/http-common.h @@ -0,0 +1,25 @@ +/* http-common.h - Defs for common support for TLS implementations. + * Copyright (C) 2017 Werner Koch + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#ifndef HTTP_COMMON_H +#define HTTP_COMMON_H + +const char *get_default_keyserver (int name_only); + +#endif /* HTTP_COMMON_H */ diff --git a/dirmngr/http-ntbtls.c b/dirmngr/http-ntbtls.c index d44b779..250db55 100644 --- a/dirmngr/http-ntbtls.c +++ b/dirmngr/http-ntbtls.c @@ -26,7 +26,7 @@ #include "dirmngr.h" #include "certcache.h" #include "validate.h" -#include "misc.h" +#include "http-common.h" #ifdef HTTP_USE_NTBTLS # include diff --git a/dirmngr/http.c b/dirmngr/http.c index fc82924..0f11af7 100644 --- a/dirmngr/http.c +++ b/dirmngr/http.c @@ -100,7 +100,7 @@ #include "i18n.h" #include "dns-stuff.h" #include "http.h" -#include "misc.h" +#include "http-common.h" #ifdef USE_NPTH diff --git a/dirmngr/misc.c b/dirmngr/misc.c index d2f1c69..6d7c963 100644 --- a/dirmngr/misc.c +++ b/dirmngr/misc.c @@ -30,29 +30,6 @@ #include "util.h" #include "misc.h" -/* Return a static string with the default keyserver. If NAME_ONLY is - * given only the name part is returned. */ -const char * -get_default_keyserver (int name_only) -{ - static const char *result; - - if (!name_only) - return DIRMNGR_DEFAULT_KEYSERVER; - - if (!result) - { - /* Strip the scheme from the constant. */ - result = strstr (DIRMNGR_DEFAULT_KEYSERVER, "://"); - log_assert (result && strlen (result) > 3); - result += 3; - /* Assert that there is no port given. */ - log_assert (strchr (result, ':')); - } - return result; -} - - /* Convert the hex encoded STRING back into binary and store the result into the provided buffer RESULT. The actual size of that diff --git a/dirmngr/misc.h b/dirmngr/misc.h index f25574f..be4049e 100644 --- a/dirmngr/misc.h +++ b/dirmngr/misc.h @@ -21,8 +21,6 @@ #ifndef MISC_H #define MISC_H -const char *get_default_keyserver (int name_only); - /* Convert hex encoded string back to binary. */ size_t unhexify (unsigned char *result, const char *string); ----------------------------------------------------------------------- Summary of changes: dirmngr/Makefile.am | 7 +++--- dirmngr/dirmngr.c | 1 + agent/trans.c => dirmngr/http-common.c | 39 +++++++++++++++++++++------------- scd/atr.h => dirmngr/http-common.h | 14 ++++++------ dirmngr/http-ntbtls.c | 2 +- dirmngr/http.c | 2 +- dirmngr/misc.c | 23 -------------------- dirmngr/misc.h | 2 -- 8 files changed, 36 insertions(+), 54 deletions(-) copy agent/trans.c => dirmngr/http-common.c (52%) copy scd/atr.h => dirmngr/http-common.h (75%) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 2 20:09:57 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 02 Mar 2017 20:09:57 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-10-gb1f48da Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via b1f48da02b474e985161aa2778d7b602a13c4292 (commit) from 1890896fe698c55d15160a53aa6c5c22dc424031 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b1f48da02b474e985161aa2778d7b602a13c4292 Author: Werner Koch Date: Thu Mar 2 20:07:12 2017 +0100 tools: Fix compile error with older gcc versions. * tools/mime-parser.h: Include rfc822parse.h. (struct rfc822parse_context): Remove duplicate definition. -- GnuPG-bug-id: 2851 Signed-off-by: Werner Koch diff --git a/tools/mime-parser.h b/tools/mime-parser.h index b9bb465..5dc0492 100644 --- a/tools/mime-parser.h +++ b/tools/mime-parser.h @@ -20,6 +20,8 @@ #ifndef GNUPG_MIME_PARSER_H #define GNUPG_MIME_PARSER_H +#include "rfc822parse.h" + struct mime_parser_context_s; typedef struct mime_parser_context_s *mime_parser_t; @@ -50,10 +52,6 @@ void mime_parser_set_collect_signature (mime_parser_t ctx, gpg_error_t mime_parser_parse (mime_parser_t ctx, estream_t fp); -/* Duplicated declaration of the RFC822 parser context. */ -struct rfc822parse_context; -typedef struct rfc822parse_context *rfc822parse_t; - rfc822parse_t mime_parser_rfc822parser (mime_parser_t ctx); ----------------------------------------------------------------------- Summary of changes: tools/mime-parser.h | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 2 20:26:14 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 02 Mar 2017 20:26:14 +0100 Subject: [git] gnupg-doc - branch, master, updated. ccf2438cb38c4bfec17e9bce097582523ff609d4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via ccf2438cb38c4bfec17e9bce097582523ff609d4 (commit) from 5369c27b4cdca0a1909c77ed4acb91f35f9d86c9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ccf2438cb38c4bfec17e9bce097582523ff609d4 Author: Werner Koch Date: Thu Mar 2 20:13:44 2017 +0100 faq: Add a link to the wiki to the wkd FAQ. GnuPG-bug-id: 2888 diff --git a/web/faq/wkd.org b/web/faq/wkd.org index 702b469..53e19fd 100644 --- a/web/faq/wkd.org +++ b/web/faq/wkd.org @@ -10,4 +10,4 @@ discovery. That is, it returns a public key for a supplied mail address. It is a distrubuted system in the same way email is distributed. -FIXME: Write a detailed description. +Please [[https://wiki.gnupg.org/WKD][the wiki]] for latest information on this key discovery system. ----------------------------------------------------------------------- Summary of changes: web/faq/wkd.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri Mar 3 09:38:39 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 03 Mar 2017 09:38:39 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-11-g1813f3b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 1813f3be23bdab5a42070424c47cb8daa9d9e6b7 (commit) from b1f48da02b474e985161aa2778d7b602a13c4292 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1813f3be23bdab5a42070424c47cb8daa9d9e6b7 Author: Werner Koch Date: Fri Mar 3 09:22:40 2017 +0100 gpg: Add new variables to the import and export filters. * g10/import.c (impex_filter_getval): Add new variables "expired", "revoked", and "disabled". Signed-off-by: Werner Koch diff --git a/doc/gpg.texi b/doc/gpg.texi index 20a2d12..55482b1 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2359,14 +2359,25 @@ The available properties are: @item primary Boolean indicating whether the user id is the primary one. (keep-uid) + @item expired + Boolean indicating whether a user id (keep-uid), a key (drop-subkey), or a + signature (drop-sig) expired. + + @item revoked + Boolean indicating whether a user id (keep-uid) or a key (drop-subkey) has + been revoked. + + @item disabled + Boolean indicating whether a primary key is disabled. (not used) + @item secret Boolean indicating whether a key or subkey is a secret one. - drop-subkey) + (drop-subkey) @item sig_created @itemx sig_created_d The first is the timestamp a signature packet was created. The - second is the same but given as an ISO string, + second is the same but given as an ISO date string, e.g. "2016-08-17". (drop-sig) @item sig_algo diff --git a/g10/export.c b/g10/export.c index 4138261..323bf17 100644 --- a/g10/export.c +++ b/g10/export.c @@ -1377,7 +1377,7 @@ apply_drop_subkey_filter (kbnode_t keyblock, recsel_expr_t selector) { if (recsel_select (selector, impex_filter_getval, node)) { - log_debug ("drop-subkey: deleting a key\n"); + /*log_debug ("drop-subkey: deleting a key\n");*/ /* The subkey packet and all following packets up to the * next subkey. */ delete_kbnode (node); diff --git a/g10/import.c b/g10/import.c index 45ec07a..9fd16c8 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1164,7 +1164,7 @@ check_prefs (ctrl_t ctrl, kbnode_t keyblock) } -/* Helper for apply_*_filter in im,port.c and export.c. */ +/* Helper for apply_*_filter in import.c and export.c. */ const char * impex_filter_getval (void *cookie, const char *propname) { @@ -1175,19 +1175,30 @@ impex_filter_getval (void *cookie, const char *propname) if (node->pkt->pkttype == PKT_USER_ID) { + PKT_user_id *uid = node->pkt->pkt.user_id; + if (!strcmp (propname, "uid")) - result = node->pkt->pkt.user_id->name; + result = uid->name; else if (!strcmp (propname, "mbox")) { - if (!node->pkt->pkt.user_id->mbox) + if (!uid->mbox) { - node->pkt->pkt.user_id->mbox - = mailbox_from_userid (node->pkt->pkt.user_id->name); + uid->mbox = mailbox_from_userid (uid->name); } - result = node->pkt->pkt.user_id->mbox; + result = uid->mbox; } else if (!strcmp (propname, "primary")) - result = node->pkt->pkt.user_id->is_primary? "1":"0"; + { + result = uid->is_primary? "1":"0"; + } + else if (!strcmp (propname, "expired")) + { + result = uid->is_expired? "1":"0"; + } + else if (!strcmp (propname, "revoked")) + { + result = uid->is_revoked? "1":"0"; + } else result = NULL; } @@ -1215,6 +1226,10 @@ impex_filter_getval (void *cookie, const char *propname) snprintf (numbuf, sizeof numbuf, "%d", sig->digest_algo); result = numbuf; } + else if (!strcmp (propname, "expired")) + { + result = sig->flags.expired? "1":"0"; + } else result = NULL; } @@ -1244,6 +1259,18 @@ impex_filter_getval (void *cookie, const char *propname) { result = datestr_from_pk (pk); } + else if (!strcmp (propname, "expired")) + { + result = pk->has_expired? "1":"0"; + } + else if (!strcmp (propname, "revoked")) + { + result = pk->flags.revoked? "1":"0"; + } + else if (!strcmp (propname, "disabled")) + { + result = pk_is_disabled (pk)? "1":"0"; + } else result = NULL; } ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 15 +++++++++++++-- g10/export.c | 2 +- g10/import.c | 41 ++++++++++++++++++++++++++++++++++------- 3 files changed, 48 insertions(+), 10 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Mar 3 09:53:31 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 03 Mar 2017 09:53:31 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-12-g5f6f3f5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 5f6f3f5cae8a95ed469129f9677782c17951dab3 (commit) from 1813f3be23bdab5a42070424c47cb8daa9d9e6b7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5f6f3f5cae8a95ed469129f9677782c17951dab3 Author: Werner Koch Date: Fri Mar 3 09:50:40 2017 +0100 gpg: Fix possible segv when attribute packets are filtered. * g10/import.c (impex_filter_getval): Handle PKT_ATTRIBUTE the same as PKT_USER_ID (apply_drop_sig_filter): Ditto. -- The old code was plainly wrong in that it considered PKT_ATTRIBUTE to use a PKT_signature object. Signed-off-by: Werner Koch diff --git a/g10/import.c b/g10/import.c index 9fd16c8..6383d70 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1173,7 +1173,8 @@ impex_filter_getval (void *cookie, const char *propname) static char numbuf[20]; const char *result; - if (node->pkt->pkttype == PKT_USER_ID) + if (node->pkt->pkttype == PKT_USER_ID + || node->pkt->pkttype == PKT_ATTRIBUTE) { PKT_user_id *uid = node->pkt->pkt.user_id; @@ -1202,8 +1203,7 @@ impex_filter_getval (void *cookie, const char *propname) else result = NULL; } - else if (node->pkt->pkttype == PKT_SIGNATURE - || node->pkt->pkttype == PKT_ATTRIBUTE) + else if (node->pkt->pkttype == PKT_SIGNATURE) { PKT_signature *sig = node->pkt->pkt.signature; @@ -1340,12 +1340,12 @@ apply_drop_sig_filter (kbnode_t keyblock, recsel_expr_t selector) if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY || node->pkt->pkttype == PKT_SECRET_SUBKEY) break; /* ready. */ - if (node->pkt->pkttype == PKT_USER_ID) + if (node->pkt->pkttype == PKT_USER_ID + || node->pkt->pkttype == PKT_ATTRIBUTE) active = 1; if (!active) continue; - if (node->pkt->pkttype != PKT_SIGNATURE - && node->pkt->pkttype != PKT_ATTRIBUTE) + if (node->pkt->pkttype != PKT_SIGNATURE) continue; sig = node->pkt->pkt.signature; ----------------------------------------------------------------------- Summary of changes: g10/import.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Mar 3 12:40:18 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Fri, 03 Mar 2017 12:40:18 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-13-gf9acc7d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via f9acc7d18bb90f47dafe7e32ae92f567756d6b12 (commit) from 5f6f3f5cae8a95ed469129f9677782c17951dab3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f9acc7d18bb90f47dafe7e32ae92f567756d6b12 Author: NIIBE Yutaka Date: Fri Mar 3 20:30:56 2017 +0900 scd: Fix scd_kick_the_loop. * scd/scdaemon.c (notify_fd): Remove. (the_event) [W32]: New. (main_thread_pid) [!W32]: New. (handle_signal): Handle SIGCONT. (scd_kick_the_loop): Use signal on UNIX and event on Windows. (handle_connections): Likewise. -- Code with CreateEvent is copied from gpg-agent.c. Code for signal is copied from dkg's gpg-agent-idling in Debian. GnuPG-bug-id: 2982 Signed-off-by: NIIBE Yutaka diff --git a/scd/scdaemon.c b/scd/scdaemon.c index f7e9f83..4b63c9b 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -224,8 +224,12 @@ static char *redir_socket_name; POSIX systems). */ static assuan_sock_nonce_t socket_nonce; -/* FD to notify update of usb devices. */ -static int notify_fd; +#ifdef HAVE_W32_SYSTEM +static HANDLE the_event; +#else +/* PID to notify update of usb devices. */ +static pid_t main_thread_pid; +#endif static char *create_socket_name (char *standard_name); static gnupg_fd_t create_server_socket (const char *name, @@ -996,6 +1000,10 @@ handle_signal (int signo) log_info ("SIGUSR2 received - no action defined\n"); break; + case SIGCONT: + /* Nothing. */ + break; + case SIGTERM: if (!shutdown_pending) log_info ("SIGTERM received - shutting down ...\n"); @@ -1185,8 +1193,17 @@ scd_kick_the_loop (void) int ret; /* Kick the select loop. */ - ret = write (notify_fd, "", 1); - (void)ret; +#ifdef HAVE_W32_SYSTEM + ret = SetEvent (the_event); + if (ret == 0) + log_error ("SetEvent for scd_kick_the_loop failed: %s\n", + w32_strerror (-1)); +#else + ret = kill (main_thread_pid, SIGCONT); + if (ret < 0) + log_error ("SetEvent for scd_kick_the_loop failed: %s\n", + gpg_strerror (gpg_error_from_syserror ())); +#endif } /* Connection handler loop. Wait for connection requests and spawn a @@ -1206,18 +1223,12 @@ handle_connections (int listen_fd) struct timespec timeout; struct timespec *t; int saved_errno; -#ifndef HAVE_W32_SYSTEM +#ifdef HAVE_W32_SYSTEM + HANDLE events[2]; + unsigned int events_set; +#else int signo; #endif - int pipe_fd[2]; - - ret = gnupg_create_pipe (pipe_fd); - if (ret) - { - log_error ("pipe creation failed: %s\n", gpg_strerror (ret)); - return; - } - notify_fd = pipe_fd[1]; ret = npth_attr_init(&tattr); if (ret) @@ -1228,14 +1239,40 @@ handle_connections (int listen_fd) npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED); -#ifndef HAVE_W32_SYSTEM +#ifdef HAVE_W32_SYSTEM + { + HANDLE h, h2; + SECURITY_ATTRIBUTES sa = { sizeof (SECURITY_ATTRIBUTES), NULL, TRUE}; + + events[0] = the_event = INVALID_HANDLE_VALUE; + events[1] = INVALID_HANDLE_VALUE; + h = CreateEvent (&sa, TRUE, FALSE, NULL); + if (!h) + log_error ("can't create scd event: %s\n", w32_strerror (-1) ); + else if (!DuplicateHandle (GetCurrentProcess(), h, + GetCurrentProcess(), &h2, + EVENT_MODIFY_STATE|SYNCHRONIZE, TRUE, 0)) + { + log_error ("setting synchronize for scd_kick_the_loop failed: %s\n", + w32_strerror (-1) ); + CloseHandle (h); + } + else + { + CloseHandle (h); + events[0] = the_event = h2; + } + } +#else npth_sigev_init (); npth_sigev_add (SIGHUP); npth_sigev_add (SIGUSR1); npth_sigev_add (SIGUSR2); npth_sigev_add (SIGINT); + npth_sigev_add (SIGCONT); npth_sigev_add (SIGTERM); npth_sigev_fini (); + main_thread_pid = getpid (); #endif FD_ZERO (&fdset); @@ -1246,10 +1283,6 @@ handle_connections (int listen_fd) nfd = listen_fd; } - FD_SET (pipe_fd[0], &fdset); - if (nfd < pipe_fd[0]) - nfd = pipe_fd[0]; - for (;;) { int periodical_check; @@ -1264,8 +1297,6 @@ handle_connections (int listen_fd) file descriptors to wait for, so that the select will be used to just wait on a signal or timeout event. */ FD_ZERO (&fdset); - FD_SET (pipe_fd[0], &fdset); - nfd = pipe_fd[0]; listen_fd = -1; } @@ -1291,8 +1322,11 @@ handle_connections (int listen_fd) while (npth_sigev_get_pending(&signo)) handle_signal (signo); #else - ret = npth_eselect (nfd+1, &read_fdset, NULL, NULL, t, NULL, NULL); + ret = npth_eselect (nfd+1, &read_fdset, NULL, NULL, t, + events, &events_set); saved_errno = errno; + if (events_set & 1) + continue; #endif if (ret == -1 && saved_errno != EINTR) @@ -1307,13 +1341,6 @@ handle_connections (int listen_fd) /* Timeout. Will be handled when calculating the next timeout. */ continue; - if (FD_ISSET (pipe_fd[0], &read_fdset)) - { - char buf[256]; - - ret = read (pipe_fd[0], buf, sizeof buf); - } - if (listen_fd != -1 && FD_ISSET (listen_fd, &read_fdset)) { ctrl_t ctrl; @@ -1351,8 +1378,6 @@ handle_connections (int listen_fd) } } - close (pipe_fd[0]); - close (pipe_fd[1]); cleanup (); log_info (_("%s %s stopped\n"), strusage(11), strusage(13)); npth_attr_destroy (&tattr); ----------------------------------------------------------------------- Summary of changes: scd/scdaemon.c | 87 +++++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 56 insertions(+), 31 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Mar 3 15:15:31 2017 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Fri, 03 Mar 2017 15:15:31 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-1.4.0-258-g6019c7a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via 6019c7a06701db965e25ddc78483157606679e3d (commit) from 866ba9958d862f906cdd22aacd11a39a6413a3f4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6019c7a06701db965e25ddc78483157606679e3d Author: Andre Heinecke Date: Fri Mar 3 15:14:56 2017 +0100 Improve german translation -- diff --git a/po/de.po b/po/de.po index 2be8a89..c9058f6 100644 --- a/po/de.po +++ b/po/de.po @@ -214,7 +214,7 @@ msgstr "Die Einstellungen von GpgOL ?ffnen" #: src/gpgoladdin.cpp:863 src/gpgoladdin.cpp:981 msgid "Secure" -msgstr "Sicher" +msgstr "Absichern" #: src/gpgoladdin.cpp:864 src/gpgoladdin.cpp:982 src/gpgoladdin.cpp:1143 msgid "Sign" ----------------------------------------------------------------------- Summary of changes: po/de.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Fri Mar 3 15:42:20 2017 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Fri, 03 Mar 2017 15:42:20 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-1.4.0-259-g3442972 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via 3442972cba2ddf88a88ff3d10421debf0fc07c06 (commit) from 6019c7a06701db965e25ddc78483157606679e3d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3442972cba2ddf88a88ff3d10421debf0fc07c06 Author: Andre Heinecke Date: Fri Mar 3 15:41:18 2017 +0100 Add locate-keys option again * src/addin-options.cpp: Uncomment autoresolve. * src/dialogs.rc: Update accordingly. -- To properly work this still requires auto-key-locate to be configured in the gpg.conf diff --git a/src/addin-options.cpp b/src/addin-options.cpp index 20d2128..0fccd6f 100644 --- a/src/addin-options.cpp +++ b/src/addin-options.cpp @@ -46,7 +46,7 @@ set_labels (HWND dlg) "attachments as PGP/Inline")}, { IDC_REPLYCRYPT, N_("S&elect crypto settings automatically " "for reply and foward.")}, -// { IDC_AUTORRESOLVE, N_("&Search for OpenPGP keys automatically when encrypting")}, + { IDC_AUTORRESOLVE, N_("&Search for OpenPGP keys automatically when encrypting")}, { IDC_GPG_OPTIONS, N_("Debug...")}, @@ -98,8 +98,8 @@ options_window_proc (HWND hDlg, UINT uMsg, WPARAM wParam, LPARAM lParam) !!opt.inline_pgp, 0L); SendDlgItemMessage (hDlg, IDC_REPLYCRYPT, BM_SETCHECK, !!opt.reply_crypt, 0L); -// SendDlgItemMessage (hDlg, IDC_AUTORRESOLVE, BM_SETCHECK, -// !!opt.autoresolve, 0L); + SendDlgItemMessage (hDlg, IDC_AUTORRESOLVE, BM_SETCHECK, + !!opt.autoresolve, 0L); enable_disable_opts (hDlg); set_labels (hDlg); ShowWindow (GetDlgItem (hDlg, IDC_GPG_OPTIONS), @@ -140,8 +140,8 @@ options_window_proc (HWND hDlg, UINT uMsg, WPARAM wParam, LPARAM lParam) opt.reply_crypt = !!SendDlgItemMessage (hDlg, IDC_REPLYCRYPT, BM_GETCHECK, 0, 0L); -// opt.autoresolve = !!SendDlgItemMessage -//// (hDlg, IDC_AUTORRESOLVE, BM_GETCHECK, 0, 0L); + opt.autoresolve = !!SendDlgItemMessage + (hDlg, IDC_AUTORRESOLVE, BM_GETCHECK, 0, 0L); write_options (); EndDialog (hDlg, TRUE); diff --git a/src/dialogs.rc b/src/dialogs.rc index 3d27293..99a4f13 100644 --- a/src/dialogs.rc +++ b/src/dialogs.rc @@ -309,7 +309,7 @@ BEGIN 198, 96, 50, 14 END -IDD_ADDIN_OPTIONS DIALOGEX DISCARDABLE 300, 300, 266, 180 +IDD_ADDIN_OPTIONS DIALOGEX DISCARDABLE 300, 300, 266, 190 STYLE DS_MODALFRAME | WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU | DS_SHELLFONT | DS_SETFONT CAPTION "GpgOL" FONT 8, "MS Shell Dlg" @@ -333,7 +333,7 @@ BEGIN /* Send options box. */ GROUPBOX "send-options", IDC_G_SEND, - 9, 50, 250, 57 + 9, 50, 250, 67 CONTROL "encrypt-by-default", IDC_ENCRYPT_DEFAULT, "Button", BS_AUTOCHECKBOX | WS_TABSTOP, @@ -351,25 +351,25 @@ BEGIN "Button", BS_AUTOCHECKBOX | WS_TABSTOP, 24, 93, 215, 10 -// CONTROL "autoresolve", IDC_AUTORRESOLVE, -// "Button", BS_AUTOCHECKBOX | WS_TABSTOP, -// 24, 93, 215, 10 + CONTROL "autoresolve", IDC_AUTORRESOLVE, + "Button", BS_AUTOCHECKBOX | WS_TABSTOP, + 24, 104, 215, 10 /* Stuff at the lower left corner. */ CONTROL IDB_LOGO, IDC_BITMAP, "Static", SS_BITMAP | SS_REALSIZEIMAGE, - 10, 115, 128, 80 + 10, 125, 128, 80 LTEXT "Version x ", IDC_VERSION_INFO, - 10, 165, 100, 9 + 10, 175, 100, 9 PUSHBUTTON "advanced", IDC_GPG_OPTIONS, - 180, 130, 70, 14 + 180, 140, 70, 14 PUSHBUTTON "gpgconf", IDC_GPG_CONF, - 180, 145, 70, 14 + 180, 155, 70, 14 DEFPUSHBUTTON "&OK", IDOK, - 180, 160, 70, 14 + 180, 170, 70, 14 END ----------------------------------------------------------------------- Summary of changes: src/addin-options.cpp | 10 +++++----- src/dialogs.rc | 20 ++++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Fri Mar 3 17:20:05 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 03 Mar 2017 17:20:05 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-14-g67c203b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 67c203b6bf8d6dd489ceef3391f609986e7b7a49 (commit) from f9acc7d18bb90f47dafe7e32ae92f567756d6b12 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 67c203b6bf8d6dd489ceef3391f609986e7b7a49 Author: Werner Koch Date: Fri Mar 3 17:17:08 2017 +0100 dirmngr: Fix commit de6d8313 * dirmngr/http-common.c (get_default_keyserver): Fix assert. -- Fixes-commit: de6d8313f6df32aaa151bee74e1db269ac1e0fed Signed-off-by: Werner Koch diff --git a/dirmngr/http-common.c b/dirmngr/http-common.c index 6013669..3b6cd44 100644 --- a/dirmngr/http-common.c +++ b/dirmngr/http-common.c @@ -44,7 +44,7 @@ get_default_keyserver (int name_only) log_assert (result && strlen (result) > 3); result += 3; /* Assert that there is no port given. */ - log_assert (strchr (result, ':')); + log_assert (!strchr (result, ':')); } return result; } ----------------------------------------------------------------------- Summary of changes: dirmngr/http-common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Mar 6 02:35:05 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Mon, 06 Mar 2017 02:35:05 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-15-g4ce4f2f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 4ce4f2f683a17be3ddb93729f3f25014a97934ad (commit) from 67c203b6bf8d6dd489ceef3391f609986e7b7a49 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4ce4f2f683a17be3ddb93729f3f25014a97934ad Author: NIIBE Yutaka Date: Mon Mar 6 10:26:11 2017 +0900 agent: For SSH, robustly handling scdaemon's errors. * agent/command-ssh.c (card_key_list): Return 0 when agent_card_serialno returns an error. (ssh_handler_request_identities): Handle errors for card listing and proceed to other cases. -- GnuPG-bug-id: 2980 Signed-off-by: NIIBE Yutaka diff --git a/agent/command-ssh.c b/agent/command-ssh.c index 79b8f85..3ab41cf 100644 --- a/agent/command-ssh.c +++ b/agent/command-ssh.c @@ -2393,13 +2393,12 @@ card_key_list (ctrl_t ctrl, char **r_serialno, strlist_t *result) err = agent_card_serialno (ctrl, r_serialno, NULL); if (err) { - if (gpg_err_code (err) == GPG_ERR_ENODEV) - return 0; /* Nothing available. */ - - if (opt.verbose) + if (gpg_err_code (err) != GPG_ERR_ENODEV && opt.verbose) log_info (_("error getting serial number of card: %s\n"), gpg_strerror (err)); - return err; + + /* Nothing available. */ + return 0; } err = agent_card_cardlist (ctrl, result); @@ -2568,7 +2567,6 @@ ssh_handler_request_identities (ctrl_t ctrl, gpg_error_t err; int ret; ssh_control_file_t cf = NULL; - char *cardsn; gpg_error_t ret_err; (void)request; @@ -2601,21 +2599,21 @@ ssh_handler_request_identities (ctrl_t ctrl, if (opt.verbose) log_info (_("error getting list of cards: %s\n"), gpg_strerror (err)); - goto out; + goto scd_out; } for (sl = card_list; sl; sl = sl->next) { char *serialno0; + char *cardsn; + err = agent_card_serialno (ctrl, &serialno0, sl->d); if (err) { if (opt.verbose) log_info (_("error getting serial number of card: %s\n"), gpg_strerror (err)); - xfree (serialno); - free_strlist (card_list); - goto out; + continue; } xfree (serialno0); @@ -2640,6 +2638,7 @@ ssh_handler_request_identities (ctrl_t ctrl, free_strlist (card_list); } + scd_out: /* Then look at all the registered and non-disabled keys. */ err = open_control_file (&cf, 0); if (err) ----------------------------------------------------------------------- Summary of changes: agent/command-ssh.c | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Mar 6 03:36:09 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Mon, 06 Mar 2017 03:36:09 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-16-g6d1e16d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 6d1e16d96802a0585537cf80728195f8ab028c11 (commit) from 4ce4f2f683a17be3ddb93729f3f25014a97934ad (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6d1e16d96802a0585537cf80728195f8ab028c11 Author: NIIBE Yutaka Date: Mon Mar 6 11:34:03 2017 +0900 po: Update Japanese translation. -- Signed-off-by: NIIBE Yutaka diff --git a/po/ja.po b/po/ja.po index c8a21d3..6cbb371 100644 --- a/po/ja.po +++ b/po/ja.po @@ -4,7 +4,7 @@ # IIDA Yosiaki , 1999, 2000, 2002, 2003, 2004. # Yoshihiro Kajiki , 1999. # Takashi P.KATOH, 2002. -# NIIBE Yutaka , 2013, 2014, 2015, 2016. +# NIIBE Yutaka , 2013, 2014, 2015, 2016, 2017. # msgid "" msgstr "" @@ -149,10 +149,9 @@ msgstr "????ssh??????????: %s\n" msgid "no suitable card key found: %s\n" msgstr "????????????????: %s\n" -#, fuzzy, c-format -#| msgid "error getting stored flags: %s\n" +#, c-format msgid "error getting list of cards: %s\n" -msgstr "??????????????: %s\n" +msgstr "??????? ??????: %s\n" #, c-format msgid "" @@ -1649,7 +1648,7 @@ msgid "remove as much as possible from key during export" msgstr "??????????????????" msgid "use the GnuPG key backup format" -msgstr "" +msgstr "GnuPG????????????????????" msgid " - skipped" msgstr " - ?????????" @@ -2315,7 +2314,7 @@ msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n" msgstr "'%s'?????ID, ??????????keygrip?????????\n" msgid "WARNING: no command supplied. Trying to guess what you mean ...\n" -msgstr "" +msgstr "??: ???????????????????????????????? ...\n" msgid "Go ahead and type your message ...\n" msgstr "??????????????????? ...\n" @@ -2385,10 +2384,8 @@ msgstr "?????????????????" msgid "run import filters and export key immediately" msgstr "????????????????????????????" -#, fuzzy -#| msgid "assume input is in binary format" msgid "assume the GnuPG key backup format" -msgstr "???????????????????" +msgstr "GnuPG?????????????????????" #, c-format msgid "skipping block of type %d\n" @@ -5438,10 +5435,8 @@ msgstr "" "(G)ood-?, (A)ccept once-???????, (U)nknown-??, (R)eject once-???" "??, (B)ad-??? " -#, fuzzy -#| msgid "Defaulting to unknown." msgid "Defaulting to unknown.\n" -msgstr "???????????" +msgstr "?????????????\n" msgid "TOFU db corruption detected.\n" msgstr "TOFU db?????????????????\n" @@ -5556,11 +5551,10 @@ msgstr[0] "" msgid "error opening TOFU database: %s\n" msgstr "TOFU???????????????: %s\n" -#, fuzzy, c-format -#| msgid "WARNING: Encrypting to %s, which has no non-revoked user ids.\n" +#, c-format msgid "WARNING: Encrypting to %s, which has no non-revoked user ids\n" msgstr "" -"*??*: %s ??????????????????ID???????????\n" +"*??*: %s ??????????????????ID??????????\n" #, c-format msgid "error setting policy for key %s, user id \"%s\": %s" @@ -5825,17 +5819,17 @@ msgstr "???????????????: %s\n" #. * the %s at the start and end of the string. #, c-format msgid "%sNumber: %s%%0AHolder: %s%%0ACounter: %lu%s" -msgstr "" +msgstr "%s??: %s%%0A???: %s%%0A????: %lu%s" #, c-format msgid "%sNumber: %s%%0AHolder: %s%s" -msgstr "" +msgstr "%s??: %s%%0A???: %s%s" #. TRANSLATORS: This is the number of remaining attempts to #. * enter a PIN. Use %%0A (double-percent,0A) for a linefeed. #, c-format msgid "Remaining attempts: %d" -msgstr "" +msgstr "????????: %d" #, c-format msgid "using default PIN as %s\n" @@ -5847,10 +5841,8 @@ msgstr "" "??????PIN %s ???????????: %s - ??????????????" "????????\n" -#, fuzzy -#| msgid "||Please enter the PIN" msgid "||Please unlock the card" -msgstr "||PIN?????????" +msgstr "||???????????????" #, c-format msgid "PIN for CHV%d is too short; minimum length is %d\n" @@ -6803,10 +6795,9 @@ msgstr "?????????????: %u\n" msgid " runtime cached certificates: %u\n" msgstr "?????????????: %u\n" -#, fuzzy, c-format -#| msgid " runtime cached certificates: %u\n" +#, c-format msgid " trusted certificates: %u (%u,%u,%u,%u)\n" -msgstr "?????????????: %u\n" +msgstr " ??????????: %u (%u,%u,%u,%u)\n" msgid "certificate already cached\n" msgstr " ??????????????\n" ----------------------------------------------------------------------- Summary of changes: po/ja.po | 39 +++++++++++++++------------------------ 1 file changed, 15 insertions(+), 24 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Mar 6 06:25:59 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Mon, 06 Mar 2017 06:25:59 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-18-gcb63373 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via cb6337329d3c858c695a7e56e2fc31d9d50ca3fe (commit) via 0703de01c8fbc417a99ecf8e950fc306b8c8ac9c (commit) from 6d1e16d96802a0585537cf80728195f8ab028c11 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cb6337329d3c858c695a7e56e2fc31d9d50ca3fe Author: NIIBE Yutaka Date: Mon Mar 6 14:18:06 2017 +0900 scd: Clean up old code. * scd/apdu.c (CT_init, CT_data, CT_close): Remove. (ct_error_string, ct_activate_card, close_ct_reader, reset_ct_reader) (ct_get_status, ct_send_apdu, open_ct_reader): Remove. (new_reader_slot) [NEED_PCSC_WRAPPER]: Remove fd and pid handling. (writen, readn): Remove. (pcsc_get_status, pcsc_send_apdu, control_pcsc, close_pcsc_reader) (reset_pcsc_reader, open_pcsc_reader): Only DIRECT version. (apdu_open_one_reader): Remove CT_api handling. (apdu_get_status_internal, send_le): Fix to stop warnings. Signed-off-by: NIIBE Yutaka diff --git a/scd/apdu.c b/scd/apdu.c index 9df1572..c8ce684 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -73,16 +73,6 @@ struct dev_list { int idx_max; }; -/* Due to conflicting use of threading libraries we usually can't link - against libpcsclite if we are using Pth. Instead we use a wrapper - program. Note that with nPth there is no need for a wrapper. */ -#ifdef USE_PTH /* Right, plain old Pth. */ -#if !defined(HAVE_W32_SYSTEM) && !defined(__CYGWIN__) -#define NEED_PCSC_WRAPPER 1 -#endif -#endif - - #define MAX_READER 4 /* Number of readers we support concurrently. */ @@ -129,11 +119,6 @@ struct reader_table_s { pcsc_dword_t modify_ioctl; int pinmin; int pinmax; -#ifdef NEED_PCSC_WRAPPER - int req_fd; - int rsp_fd; - pid_t pid; -#endif /*NEED_PCSC_WRAPPER*/ } pcsc; #ifdef USE_G10CODE_RAPDU struct { @@ -165,14 +150,6 @@ static npth_mutex_t reader_table_lock; #endif -/* ct API function pointer. */ -static char (* DLSTDCALL CT_init) (unsigned short ctn, unsigned short Pn); -static char (* DLSTDCALL CT_data) (unsigned short ctn, unsigned char *dad, - unsigned char *sad, unsigned short lc, - unsigned char *cmd, unsigned short *lr, - unsigned char *rsp); -static char (* DLSTDCALL CT_close) (unsigned short ctn); - /* PC/SC constants and function pointer. */ #define PCSC_SCOPE_USER 0 #define PCSC_SCOPE_TERMINAL 1 @@ -472,11 +449,6 @@ new_reader_slot (void) reader_table[reader].is_spr532 = 0; reader_table[reader].pinpad_varlen_supported = 0; reader_table[reader].require_get_status = 1; -#ifdef NEED_PCSC_WRAPPER - reader_table[reader].pcsc.req_fd = -1; - reader_table[reader].pcsc.rsp_fd = -1; - reader_table[reader].pcsc.pid = (pid_t)(-1); -#endif reader_table[reader].pcsc.verify_ioctl = 0; reader_table[reader].pcsc.modify_ioctl = 0; reader_table[reader].pcsc.pinmin = -1; @@ -562,268 +534,11 @@ apdu_strerror (int rc) return "unknown status error"; } } - - - -/* - ct API Interface - */ - -static const char * -ct_error_string (long err) -{ - switch (err) - { - case 0: return "okay"; - case -1: return "invalid data"; - case -8: return "ct error"; - case -10: return "transmission error"; - case -11: return "memory allocation error"; - case -128: return "HTSI error"; - default: return "unknown CT-API error"; - } -} - - -/* Wait for the card in SLOT and activate it. Return a status word - error or 0 on success. */ -static int -ct_activate_card (int slot) -{ - int rc; - unsigned char dad[1], sad[1], cmd[11], buf[256]; - unsigned short buflen; - - /* Check whether card has been inserted. */ - dad[0] = 1; /* Destination address: CT. */ - sad[0] = 2; /* Source address: Host. */ - - cmd[0] = 0x20; /* Class byte. */ - cmd[1] = 0x13; /* Request status. */ - cmd[2] = 0x00; /* From kernel. */ - cmd[3] = 0x80; /* Return card's DO. */ - cmd[4] = 0x00; - - buflen = DIM(buf); - - rc = CT_data (slot, dad, sad, 5, cmd, &buflen, buf); - if (rc || buflen < 2 || buf[buflen-2] != 0x90) - { - log_error ("ct_activate_card: can't get status of reader %d: %s\n", - slot, ct_error_string (rc)); - return SW_HOST_CARD_IO_ERROR; - } - - /* Connected, now activate the card. */ - dad[0] = 1; /* Destination address: CT. */ - sad[0] = 2; /* Source address: Host. */ - - cmd[0] = 0x20; /* Class byte. */ - cmd[1] = 0x12; /* Request ICC. */ - cmd[2] = 0x01; /* From first interface. */ - cmd[3] = 0x01; /* Return card's ATR. */ - cmd[4] = 0x00; - - buflen = DIM(buf); - - rc = CT_data (slot, dad, sad, 5, cmd, &buflen, buf); - if (rc || buflen < 2 || buf[buflen-2] != 0x90) - { - log_error ("ct_activate_card(%d): activation failed: %s\n", - slot, ct_error_string (rc)); - if (!rc) - log_printhex (" received data:", buf, buflen); - return SW_HOST_CARD_IO_ERROR; - } - - /* Store the type and the ATR. */ - if (buflen - 2 > DIM (reader_table[0].atr)) - { - log_error ("ct_activate_card(%d): ATR too long\n", slot); - return SW_HOST_CARD_IO_ERROR; - } - - memcpy (reader_table[slot].atr, buf, buflen - 2); - reader_table[slot].atrlen = buflen - 2; - return 0; -} - - -static int -close_ct_reader (int slot) -{ - CT_close (slot); - return 0; -} - -static int -reset_ct_reader (int slot) -{ - /* FIXME: Check is this is sufficient do do a reset. */ - return ct_activate_card (slot); -} - - -static int -ct_get_status (int slot, unsigned int *status, int on_wire) -{ - (void)slot; - (void)on_wire; - /* The status we returned is wrong but we don't care because ctAPI - is not anymore required. */ - *status = APDU_CARD_USABLE|APDU_CARD_PRESENT|APDU_CARD_ACTIVE; - return 0; -} - -/* Actually send the APDU of length APDULEN to SLOT and return a - maximum of *BUFLEN data in BUFFER, the actual returned size will be - set to BUFLEN. Returns: CT API error code. */ -static int -ct_send_apdu (int slot, unsigned char *apdu, size_t apdulen, - unsigned char *buffer, size_t *buflen, pininfo_t *pininfo) -{ - int rc; - unsigned char dad[1], sad[1]; - unsigned short ctbuflen; - - (void)pininfo; - - /* If we don't have an ATR, we need to reset the reader first. */ - if (!reader_table[slot].atrlen - && (rc = reset_ct_reader (slot))) - return rc; - - dad[0] = 0; /* Destination address: Card. */ - sad[0] = 2; /* Source address: Host. */ - ctbuflen = *buflen; - if (DBG_CARD_IO) - log_printhex (" CT_data:", apdu, apdulen); - rc = CT_data (slot, dad, sad, apdulen, apdu, &ctbuflen, buffer); - *buflen = ctbuflen; - - return rc? SW_HOST_CARD_IO_ERROR: 0; -} - - - -/* Open a reader and return an internal handle for it. PORT is a - non-negative value with the port number of the reader. USB readers - do have port numbers starting at 32769. */ -static int -open_ct_reader (int port) -{ - int rc, reader; - - if (port < 0 || port > 0xffff) - { - log_error ("open_ct_reader: invalid port %d requested\n", port); - return -1; - } - reader = new_reader_slot (); - if (reader == -1) - return reader; - reader_table[reader].port = port; - - rc = CT_init (reader, (unsigned short)port); - if (rc) - { - log_error ("apdu_open_ct_reader failed on port %d: %s\n", - port, ct_error_string (rc)); - reader_table[reader].used = 0; - unlock_slot (reader); - return -1; - } - - /* Only try to activate the card. */ - rc = ct_activate_card (reader); - if (rc) - { - reader_table[reader].atrlen = 0; - rc = 0; - } - - reader_table[reader].close_reader = close_ct_reader; - reader_table[reader].reset_reader = reset_ct_reader; - reader_table[reader].get_status_reader = ct_get_status; - reader_table[reader].send_apdu_reader = ct_send_apdu; - reader_table[reader].check_pinpad = NULL; - reader_table[reader].dump_status_reader = NULL; - reader_table[reader].pinpad_verify = NULL; - reader_table[reader].pinpad_modify = NULL; - - dump_reader_status (reader); - unlock_slot (reader); - return reader; -} - /* PC/SC Interface */ -#ifdef NEED_PCSC_WRAPPER -static int -writen (int fd, const void *buf, size_t nbytes) -{ - size_t nleft = nbytes; - int nwritten; - -/* log_printhex (" writen:", buf, nbytes); */ - - while (nleft > 0) - { -#ifdef USE_NPTH - nwritten = npth_write (fd, buf, nleft); -#else - nwritten = write (fd, buf, nleft); -#endif - if (nwritten < 0 && errno == EINTR) - continue; - if (nwritten < 0) - return -1; - nleft -= nwritten; - buf = (const char*)buf + nwritten; - } - return 0; -} - -/* Read up to BUFLEN bytes from FD and return the number of bytes - actually read in NREAD. Returns -1 on error or 0 on success. */ -static int -readn (int fd, void *buf, size_t buflen, size_t *nread) -{ - size_t nleft = buflen; - int n; -/* void *orig_buf = buf; */ - - while (nleft > 0) - { -#ifdef USE_NPTH -# ifdef HAVE_W32_SYSTEM -# error Cannot use npth_read here because it expects a system HANDLE. -# endif - n = npth_read (fd, buf, nleft); -#else - n = read (fd, buf, nleft); -#endif - if (n < 0 && errno == EINTR) - continue; - if (n < 0) - return -1; /* read error. */ - if (!n) - break; /* EOF */ - nleft -= n; - buf = (char*)buf + n; - } - if (nread) - *nread = buflen - nleft; - -/* log_printhex (" readn:", orig_buf, *nread); */ - - return 0; -} -#endif /*NEED_PCSC_WRAPPER*/ - static const char * pcsc_error_string (long err) { @@ -928,9 +643,8 @@ dump_pcsc_reader_status (int slot) } -#ifndef NEED_PCSC_WRAPPER static int -pcsc_get_status_direct (int slot, unsigned int *status, int on_wire) +pcsc_get_status (int slot, unsigned int *status, int on_wire) { long err; struct pcsc_readerstate_s rdrstates[1]; @@ -989,136 +703,15 @@ pcsc_get_status_direct (int slot, unsigned int *status, int on_wire) return 0; } -#endif /*!NEED_PCSC_WRAPPER*/ - - -#ifdef NEED_PCSC_WRAPPER -static int -pcsc_get_status_wrapped (int slot, unsigned int *status, int on_wire) -{ - long err; - reader_table_t slotp; - size_t len, full_len; - int i, n; - unsigned char msgbuf[9]; - unsigned char buffer[16]; - int sw = SW_HOST_CARD_IO_ERROR; - - (void)on_wire; - slotp = reader_table + slot; - - if (slotp->pcsc.req_fd == -1 - || slotp->pcsc.rsp_fd == -1 - || slotp->pcsc.pid == (pid_t)(-1) ) - { - log_error ("pcsc_get_status: pcsc-wrapper not running\n"); - return sw; - } - - msgbuf[0] = 0x04; /* STATUS command. */ - len = 0; - msgbuf[1] = (len >> 24); - msgbuf[2] = (len >> 16); - msgbuf[3] = (len >> 8); - msgbuf[4] = (len ); - if ( writen (slotp->pcsc.req_fd, msgbuf, 5) ) - { - log_error ("error sending PC/SC STATUS request: %s\n", - strerror (errno)); - goto command_failed; - } - - /* Read the response. */ - if ((i=readn (slotp->pcsc.rsp_fd, msgbuf, 9, &len)) || len != 9) - { - log_error ("error receiving PC/SC STATUS response: %s\n", - i? strerror (errno) : "premature EOF"); - goto command_failed; - } - len = buf_to_size_t (msgbuf+1); - if (msgbuf[0] != 0x81 || len < 4) - { - log_error ("invalid response header from PC/SC received\n"); - goto command_failed; - } - len -= 4; /* Already read the error code. */ - err = PCSC_ERR_MASK (buf32_to_ulong (msgbuf+5)); - if (err) - { - log_error ("pcsc_status failed: %s (0x%lx)\n", - pcsc_error_string (err), err); - /* This is a proper error code, so return immediately. */ - return pcsc_error_to_sw (err); - } - - full_len = len; - - /* The current version returns 3 words but we allow also for old - versions returning only 2 words. */ - n = 12 < len ? 12 : len; - if ((i=readn (slotp->pcsc.rsp_fd, buffer, n, &len)) - || (len != 8 && len != 12)) - { - log_error ("error receiving PC/SC STATUS response: %s\n", - i? strerror (errno) : "premature EOF"); - goto command_failed; - } - - slotp->is_t0 = (len == 12 && !!(buffer[11] & PCSC_PROTOCOL_T0)); - - - full_len -= len; - /* Newer versions of the wrapper might send more status bytes. - Read them. */ - while (full_len) - { - unsigned char dummybuf[128]; - - n = full_len < DIM (dummybuf) ? full_len : DIM (dummybuf); - if ((i=readn (slotp->pcsc.rsp_fd, dummybuf, n, &len)) || len != n) - { - log_error ("error receiving PC/SC TRANSMIT response: %s\n", - i? strerror (errno) : "premature EOF"); - goto command_failed; - } - full_len -= n; - } - - /* We are lucky: The wrapper already returns the data in the - required format. */ - *status = buffer[3]; - return 0; - - command_failed: - close (slotp->pcsc.req_fd); - close (slotp->pcsc.rsp_fd); - slotp->pcsc.req_fd = -1; - slotp->pcsc.rsp_fd = -1; - if (slotp->pcsc.pid != -1) - kill (slotp->pcsc.pid, SIGTERM); - slotp->pcsc.pid = (pid_t)(-1); - slotp->used = 0; - return sw; -} -#endif /*NEED_PCSC_WRAPPER*/ +/* Send the APDU of length APDULEN to SLOT and return a maximum of + *BUFLEN data in BUFFER, the actual returned size will be stored at + BUFLEN. Returns: A status word. */ static int -pcsc_get_status (int slot, unsigned int *status, int on_wire) -{ -#ifdef NEED_PCSC_WRAPPER - return pcsc_get_status_wrapped (slot, status, on_wire); -#else - return pcsc_get_status_direct (slot, status, on_wire); -#endif -} - - -#ifndef NEED_PCSC_WRAPPER -static int -pcsc_send_apdu_direct (int slot, unsigned char *apdu, size_t apdulen, - unsigned char *buffer, size_t *buflen, - pininfo_t *pininfo) +pcsc_send_apdu (int slot, unsigned char *apdu, size_t apdulen, + unsigned char *buffer, size_t *buflen, + pininfo_t *pininfo) { long err; struct pcsc_io_request_s send_pci; @@ -1149,270 +742,6 @@ pcsc_send_apdu_direct (int slot, unsigned char *apdu, size_t apdulen, return pcsc_error_to_sw (err); } -#endif /*!NEED_PCSC_WRAPPER*/ - - -#ifdef NEED_PCSC_WRAPPER -static int -pcsc_send_apdu_wrapped (int slot, unsigned char *apdu, size_t apdulen, - unsigned char *buffer, size_t *buflen, - pininfo_t *pininfo) -{ - long err; - reader_table_t slotp; - size_t len, full_len; - int i, n; - unsigned char msgbuf[9]; - int sw = SW_HOST_CARD_IO_ERROR; - - (void)pininfo; - - if (!reader_table[slot].atrlen - && (err = reset_pcsc_reader (slot))) - return err; - - if (DBG_CARD_IO) - log_printhex (" PCSC_data:", apdu, apdulen); - - slotp = reader_table + slot; - - if (slotp->pcsc.req_fd == -1 - || slotp->pcsc.rsp_fd == -1 - || slotp->pcsc.pid == (pid_t)(-1) ) - { - log_error ("pcsc_send_apdu: pcsc-wrapper not running\n"); - return sw; - } - - msgbuf[0] = 0x03; /* TRANSMIT command. */ - len = apdulen; - msgbuf[1] = (len >> 24); - msgbuf[2] = (len >> 16); - msgbuf[3] = (len >> 8); - msgbuf[4] = (len ); - if ( writen (slotp->pcsc.req_fd, msgbuf, 5) - || writen (slotp->pcsc.req_fd, apdu, len)) - { - log_error ("error sending PC/SC TRANSMIT request: %s\n", - strerror (errno)); - goto command_failed; - } - - /* Read the response. */ - if ((i=readn (slotp->pcsc.rsp_fd, msgbuf, 9, &len)) || len != 9) - { - log_error ("error receiving PC/SC TRANSMIT response: %s\n", - i? strerror (errno) : "premature EOF"); - goto command_failed; - } - len = buf_to_size_t (msgbuf+1); - if (msgbuf[0] != 0x81 || len < 4) - { - log_error ("invalid response header from PC/SC received\n"); - goto command_failed; - } - len -= 4; /* Already read the error code. */ - err = PCSC_ERR_MASK (buf32_to_ulong (msgbuf+5)); - if (err) - { - log_error ("pcsc_transmit failed: %s (0x%lx)\n", - pcsc_error_string (err), err); - return pcsc_error_to_sw (err); - } - - full_len = len; - - n = *buflen < len ? *buflen : len; - if ((i=readn (slotp->pcsc.rsp_fd, buffer, n, &len)) || len != n) - { - log_error ("error receiving PC/SC TRANSMIT response: %s\n", - i? strerror (errno) : "premature EOF"); - goto command_failed; - } - *buflen = n; - - full_len -= len; - if (full_len) - { - log_error ("pcsc_send_apdu: provided buffer too short - truncated\n"); - err = SW_HOST_INV_VALUE; - } - /* We need to read any rest of the response, to keep the - protocol running. */ - while (full_len) - { - unsigned char dummybuf[128]; - - n = full_len < DIM (dummybuf) ? full_len : DIM (dummybuf); - if ((i=readn (slotp->pcsc.rsp_fd, dummybuf, n, &len)) || len != n) - { - log_error ("error receiving PC/SC TRANSMIT response: %s\n", - i? strerror (errno) : "premature EOF"); - goto command_failed; - } - full_len -= n; - } - - return err; - - command_failed: - close (slotp->pcsc.req_fd); - close (slotp->pcsc.rsp_fd); - slotp->pcsc.req_fd = -1; - slotp->pcsc.rsp_fd = -1; - if (slotp->pcsc.pid != -1) - kill (slotp->pcsc.pid, SIGTERM); - slotp->pcsc.pid = (pid_t)(-1); - slotp->used = 0; - return sw; -} -#endif /*NEED_PCSC_WRAPPER*/ - - -/* Send the APDU of length APDULEN to SLOT and return a maximum of - *BUFLEN data in BUFFER, the actual returned size will be stored at - BUFLEN. Returns: A status word. */ -static int -pcsc_send_apdu (int slot, unsigned char *apdu, size_t apdulen, - unsigned char *buffer, size_t *buflen, - pininfo_t *pininfo) -{ -#ifdef NEED_PCSC_WRAPPER - return pcsc_send_apdu_wrapped (slot, apdu, apdulen, buffer, buflen, pininfo); -#else - return pcsc_send_apdu_direct (slot, apdu, apdulen, buffer, buflen, pininfo); -#endif -} - - -#ifndef NEED_PCSC_WRAPPER -static int -control_pcsc_direct (int slot, pcsc_dword_t ioctl_code, - const unsigned char *cntlbuf, size_t len, - unsigned char *buffer, pcsc_dword_t *buflen) -{ - long err; - - err = pcsc_control (reader_table[slot].pcsc.card, ioctl_code, - cntlbuf, len, buffer, buflen? *buflen:0, buflen); - if (err) - { - log_error ("pcsc_control failed: %s (0x%lx)\n", - pcsc_error_string (err), err); - return pcsc_error_to_sw (err); - } - - return 0; -} -#endif /*!NEED_PCSC_WRAPPER*/ - - -#ifdef NEED_PCSC_WRAPPER -static int -control_pcsc_wrapped (int slot, pcsc_dword_t ioctl_code, - const unsigned char *cntlbuf, size_t len, - unsigned char *buffer, pcsc_dword_t *buflen) -{ - long err = PCSC_E_NOT_TRANSACTED; - reader_table_t slotp; - unsigned char msgbuf[9]; - int i, n; - size_t full_len; - - slotp = reader_table + slot; - - msgbuf[0] = 0x06; /* CONTROL command. */ - msgbuf[1] = ((len + 4) >> 24); - msgbuf[2] = ((len + 4) >> 16); - msgbuf[3] = ((len + 4) >> 8); - msgbuf[4] = ((len + 4) ); - msgbuf[5] = (ioctl_code >> 24); - msgbuf[6] = (ioctl_code >> 16); - msgbuf[7] = (ioctl_code >> 8); - msgbuf[8] = (ioctl_code ); - if ( writen (slotp->pcsc.req_fd, msgbuf, 9) - || writen (slotp->pcsc.req_fd, cntlbuf, len)) - { - log_error ("error sending PC/SC CONTROL request: %s\n", - strerror (errno)); - goto command_failed; - } - - /* Read the response. */ - if ((i=readn (slotp->pcsc.rsp_fd, msgbuf, 9, &len)) || len != 9) - { - log_error ("error receiving PC/SC CONTROL response: %s\n", - i? strerror (errno) : "premature EOF"); - goto command_failed; - } - len = buf32_to_size_t (msgbuf+1); - if (msgbuf[0] != 0x81 || len < 4) - { - log_error ("invalid response header from PC/SC received\n"); - goto command_failed; - } - len -= 4; /* Already read the error code. */ - err = PCSC_ERR_MASK (buf32_to_ulong (msgbuf+5)); - if (err) - { - log_error ("pcsc_control failed: %s (0x%lx)\n", - pcsc_error_string (err), err); - return pcsc_error_to_sw (err); - } - - full_len = len; - - if (buflen) - n = *buflen < len ? *buflen : len; - else - n = 0; - if ((i=readn (slotp->pcsc.rsp_fd, buffer, n, &len)) || len != n) - { - log_error ("error receiving PC/SC CONTROL response: %s\n", - i? strerror (errno) : "premature EOF"); - goto command_failed; - } - if (buflen) - *buflen = n; - - full_len -= len; - if (full_len) - { - log_error ("pcsc_send_apdu: provided buffer too short - truncated\n"); - err = PCSC_E_INVALID_VALUE; - } - /* We need to read any rest of the response, to keep the - protocol running. */ - while (full_len) - { - unsigned char dummybuf[128]; - - n = full_len < DIM (dummybuf) ? full_len : DIM (dummybuf); - if ((i=readn (slotp->pcsc.rsp_fd, dummybuf, n, &len)) || len != n) - { - log_error ("error receiving PC/SC CONTROL response: %s\n", - i? strerror (errno) : "premature EOF"); - goto command_failed; - } - full_len -= n; - } - - if (!err) - return 0; - - command_failed: - close (slotp->pcsc.req_fd); - close (slotp->pcsc.rsp_fd); - slotp->pcsc.req_fd = -1; - slotp->pcsc.rsp_fd = -1; - if (slotp->pcsc.pid != -1) - kill (slotp->pcsc.pid, SIGTERM); - slotp->pcsc.pid = (pid_t)(-1); - slotp->used = 0; - return pcsc_error_to_sw (err); -} -#endif /*NEED_PCSC_WRAPPER*/ - /* Do some control with the value of IOCTL_CODE to the card inserted @@ -1425,106 +754,30 @@ control_pcsc (int slot, pcsc_dword_t ioctl_code, const unsigned char *cntlbuf, size_t len, unsigned char *buffer, pcsc_dword_t *buflen) { -#ifdef NEED_PCSC_WRAPPER - return control_pcsc_wrapped (slot, ioctl_code, cntlbuf, len, buffer, buflen); -#else - return control_pcsc_direct (slot, ioctl_code, cntlbuf, len, buffer, buflen); -#endif -} - - -#ifndef NEED_PCSC_WRAPPER -static int -close_pcsc_reader_direct (int slot) -{ - pcsc_release_context (reader_table[slot].pcsc.context); - return 0; -} -#endif /*!NEED_PCSC_WRAPPER*/ - - -#ifdef NEED_PCSC_WRAPPER -static int -close_pcsc_reader_wrapped (int slot) -{ long err; - reader_table_t slotp; - size_t len; - int i; - unsigned char msgbuf[9]; - - slotp = reader_table + slot; - if (slotp->pcsc.req_fd == -1 - || slotp->pcsc.rsp_fd == -1 - || slotp->pcsc.pid == (pid_t)(-1) ) - { - log_error ("close_pcsc_reader: pcsc-wrapper not running\n"); - return 0; - } - - msgbuf[0] = 0x02; /* CLOSE command. */ - len = 0; - msgbuf[1] = (len >> 24); - msgbuf[2] = (len >> 16); - msgbuf[3] = (len >> 8); - msgbuf[4] = (len ); - if ( writen (slotp->pcsc.req_fd, msgbuf, 5) ) - { - log_error ("error sending PC/SC CLOSE request: %s\n", - strerror (errno)); - goto command_failed; - } - - /* Read the response. */ - if ((i=readn (slotp->pcsc.rsp_fd, msgbuf, 9, &len)) || len != 9) - { - log_error ("error receiving PC/SC CLOSE response: %s\n", - i? strerror (errno) : "premature EOF"); - goto command_failed; - } - len = buf32_to_size_t (msgbuf+1); - if (msgbuf[0] != 0x81 || len < 4) + err = pcsc_control (reader_table[slot].pcsc.card, ioctl_code, + cntlbuf, len, buffer, buflen? *buflen:0, buflen); + if (err) { - log_error ("invalid response header from PC/SC received\n"); - goto command_failed; + log_error ("pcsc_control failed: %s (0x%lx)\n", + pcsc_error_string (err), err); + return pcsc_error_to_sw (err); } - len -= 4; /* Already read the error code. */ - err = PCSC_ERR_MASK (buf32_to_ulong (msgbuf+5)); - if (err) - log_error ("pcsc_close failed: %s (0x%lx)\n", - pcsc_error_string (err), err); - /* We will close the wrapper in any case - errors are merely - informational. */ - - command_failed: - close (slotp->pcsc.req_fd); - close (slotp->pcsc.rsp_fd); - slotp->pcsc.req_fd = -1; - slotp->pcsc.rsp_fd = -1; - if (slotp->pcsc.pid != -1) - kill (slotp->pcsc.pid, SIGTERM); - slotp->pcsc.pid = (pid_t)(-1); - slotp->used = 0; return 0; } -#endif /*NEED_PCSC_WRAPPER*/ static int close_pcsc_reader (int slot) { -#ifdef NEED_PCSC_WRAPPER - return close_pcsc_reader_wrapped (slot); -#else - return close_pcsc_reader_direct (slot); -#endif + pcsc_release_context (reader_table[slot].pcsc.context); + return 0; } /* Connect a PC/SC card. */ -#ifndef NEED_PCSC_WRAPPER static int connect_pcsc_card (int slot) { @@ -1580,12 +833,8 @@ connect_pcsc_card (int slot) dump_reader_status (slot); return pcsc_error_to_sw (err); } -#endif /*!NEED_PCSC_WRAPPER*/ -/* Disconnect a PC/SC card. Note that this succeeds even if the card - is not connected. */ -#ifndef NEED_PCSC_WRAPPER static int disconnect_pcsc_card (int slot) { @@ -1606,12 +855,12 @@ disconnect_pcsc_card (int slot) reader_table[slot].pcsc.card = 0; return 0; } -#endif /*!NEED_PCSC_WRAPPER*/ -#ifndef NEED_PCSC_WRAPPER +/* Send an PC/SC reset command and return a status word on error or 0 + on success. */ static int -reset_pcsc_reader_direct (int slot) +reset_pcsc_reader (int slot) { int sw; @@ -1621,122 +870,6 @@ reset_pcsc_reader_direct (int slot) return sw; } -#endif /*NEED_PCSC_WRAPPER*/ - - -#ifdef NEED_PCSC_WRAPPER -static int -reset_pcsc_reader_wrapped (int slot) -{ - long err; - reader_table_t slotp; - size_t len; - int i, n; - unsigned char msgbuf[9]; - unsigned int dummy_status; - int sw = SW_HOST_CARD_IO_ERROR; - - slotp = reader_table + slot; - - if (slotp->pcsc.req_fd == -1 - || slotp->pcsc.rsp_fd == -1 - || slotp->pcsc.pid == (pid_t)(-1) ) - { - log_error ("pcsc_get_status: pcsc-wrapper not running\n"); - return sw; - } - - msgbuf[0] = 0x05; /* RESET command. */ - len = 0; - msgbuf[1] = (len >> 24); - msgbuf[2] = (len >> 16); - msgbuf[3] = (len >> 8); - msgbuf[4] = (len ); - if ( writen (slotp->pcsc.req_fd, msgbuf, 5) ) - { - log_error ("error sending PC/SC RESET request: %s\n", - strerror (errno)); - goto command_failed; - } - - /* Read the response. */ - if ((i=readn (slotp->pcsc.rsp_fd, msgbuf, 9, &len)) || len != 9) - { - log_error ("error receiving PC/SC RESET response: %s\n", - i? strerror (errno) : "premature EOF"); - goto command_failed; - } - len = buf32_to_size_t (msgbuf+1); - if (msgbuf[0] != 0x81 || len < 4) - { - log_error ("invalid response header from PC/SC received\n"); - goto command_failed; - } - len -= 4; /* Already read the error code. */ - if (len > DIM (slotp->atr)) - { - log_error ("PC/SC returned a too large ATR (len=%lx)\n", - (unsigned long)len); - sw = SW_HOST_GENERAL_ERROR; - goto command_failed; - } - err = PCSC_ERR_MASK (buf32_to_ulong (msgbuf+5)); - if (err) - { - log_error ("PC/SC RESET failed: %s (0x%lx)\n", - pcsc_error_string (err), err); - /* If the error code is no smart card, we should not considere - this a major error and close the wrapper. */ - sw = pcsc_error_to_sw (err); - if (err == PCSC_E_NO_SMARTCARD) - return sw; - goto command_failed; - } - - /* The open function may return a zero for the ATR length to - indicate that no card is present. */ - n = len; - if (n) - { - if ((i=readn (slotp->pcsc.rsp_fd, slotp->atr, n, &len)) || len != n) - { - log_error ("error receiving PC/SC RESET response: %s\n", - i? strerror (errno) : "premature EOF"); - goto command_failed; - } - } - slotp->atrlen = len; - - /* Read the status so that IS_T0 will be set. */ - pcsc_get_status (slot, &dummy_status, 1); - - return 0; - - command_failed: - close (slotp->pcsc.req_fd); - close (slotp->pcsc.rsp_fd); - slotp->pcsc.req_fd = -1; - slotp->pcsc.rsp_fd = -1; - if (slotp->pcsc.pid != -1) - kill (slotp->pcsc.pid, SIGTERM); - slotp->pcsc.pid = (pid_t)(-1); - slotp->used = 0; - return sw; -} -#endif /* !NEED_PCSC_WRAPPER */ - - -/* Send an PC/SC reset command and return a status word on error or 0 - on success. */ -static int -reset_pcsc_reader (int slot) -{ -#ifdef NEED_PCSC_WRAPPER - return reset_pcsc_reader_wrapped (slot); -#else - return reset_pcsc_reader_direct (slot); -#endif -} /* Examine reader specific parameters and initialize. This is mostly @@ -1894,9 +1027,8 @@ pcsc_vendor_specific_init (int slot) /* Open the PC/SC reader without using the wrapper. Returns -1 on error or a slot number for the reader. */ -#ifndef NEED_PCSC_WRAPPER static int -open_pcsc_reader_direct (const char *portstr) +open_pcsc_reader (const char *portstr) { long err; int slot; @@ -1996,229 +1128,6 @@ open_pcsc_reader_direct (const char *portstr) unlock_slot (slot); return slot; } -#endif /*!NEED_PCSC_WRAPPER */ - - -/* Open the PC/SC reader using the pcsc_wrapper program. This is - needed to cope with different thread models and other peculiarities - of libpcsclite. */ -#ifdef NEED_PCSC_WRAPPER -static int -open_pcsc_reader_wrapped (const char *portstr) -{ - int slot; - reader_table_t slotp; - int fd, rp[2], wp[2]; - int n, i; - pid_t pid; - size_t len; - unsigned char msgbuf[9]; - int err; - unsigned int dummy_status; - - /* Note that we use the constant and not the function because this - code won't be used under Windows. */ - const char *wrapperpgm = GNUPG_LIBEXECDIR "/gnupg-pcsc-wrapper"; - - if (access (wrapperpgm, X_OK)) - { - log_error ("can't run PC/SC access module '%s': %s\n", - wrapperpgm, strerror (errno)); - return -1; - } - - slot = new_reader_slot (); - if (slot == -1) - return -1; - slotp = reader_table + slot; - - /* Fire up the PC/SCc wrapper. We don't use any fork/exec code from - the common directy but implement it directly so that this file - may still be source copied. */ - - if (pipe (rp) == -1) - { - log_error ("error creating a pipe: %s\n", strerror (errno)); - slotp->used = 0; - unlock_slot (slot); - return -1; - } - if (pipe (wp) == -1) - { - log_error ("error creating a pipe: %s\n", strerror (errno)); - close (rp[0]); - close (rp[1]); - slotp->used = 0; - unlock_slot (slot); - return -1; - } - - pid = fork (); - if (pid == -1) - { - log_error ("error forking process: %s\n", strerror (errno)); - close (rp[0]); - close (rp[1]); - close (wp[0]); - close (wp[1]); - slotp->used = 0; - unlock_slot (slot); - return -1; - } - slotp->pcsc.pid = pid; - - if (!pid) - { /* - === Child === - */ - - /* Double fork. */ - pid = fork (); - if (pid == -1) - _exit (31); - if (pid) - _exit (0); /* Immediate exit this parent, so that the child - gets cleaned up by the init process. */ - - /* Connect our pipes. */ - if (wp[0] != 0 && dup2 (wp[0], 0) == -1) - log_fatal ("dup2 stdin failed: %s\n", strerror (errno)); - if (rp[1] != 1 && dup2 (rp[1], 1) == -1) - log_fatal ("dup2 stdout failed: %s\n", strerror (errno)); - - /* Send stderr to the bit bucket. */ - fd = open ("/dev/null", O_WRONLY); - if (fd == -1) - log_fatal ("can't open '/dev/null': %s", strerror (errno)); - if (fd != 2 && dup2 (fd, 2) == -1) - log_fatal ("dup2 stderr failed: %s\n", strerror (errno)); - - /* Close all other files. */ - close_all_fds (3, NULL); - - execl (wrapperpgm, - "pcsc-wrapper", - "--", - "1", /* API version */ - opt.pcsc_driver, /* Name of the PC/SC library. */ - NULL); - _exit (31); - } - - /* - === Parent === - */ - close (wp[0]); - close (rp[1]); - slotp->pcsc.req_fd = wp[1]; - slotp->pcsc.rsp_fd = rp[0]; - - /* Wait for the intermediate child to terminate. */ -#ifdef USE_NPTH -#define WAIT npth_waitpid -#else -#define WAIT waitpid -#endif - while ( (i=WAIT (pid, NULL, 0)) == -1 && errno == EINTR) - ; -#undef WAIT - - /* Now send the open request. */ - msgbuf[0] = 0x01; /* OPEN command. */ - len = portstr? strlen (portstr):0; - msgbuf[1] = (len >> 24); - msgbuf[2] = (len >> 16); - msgbuf[3] = (len >> 8); - msgbuf[4] = (len ); - if ( writen (slotp->pcsc.req_fd, msgbuf, 5) - || (portstr && writen (slotp->pcsc.req_fd, portstr, len))) - { - log_error ("error sending PC/SC OPEN request: %s\n", - strerror (errno)); - goto command_failed; - } - /* Read the response. */ - if ((i=readn (slotp->pcsc.rsp_fd, msgbuf, 9, &len)) || len != 9) - { - log_error ("error receiving PC/SC OPEN response: %s\n", - i? strerror (errno) : "premature EOF"); - goto command_failed; - } - len = buf32_to_size_t (msgbuf+1); - if (msgbuf[0] != 0x81 || len < 4) - { - log_error ("invalid response header from PC/SC received\n"); - goto command_failed; - } - len -= 4; /* Already read the error code. */ - if (len > DIM (slotp->atr)) - { - log_error ("PC/SC returned a too large ATR (len=%lx)\n", - (unsigned long)len); - goto command_failed; - } - err = PCSC_ERR_MASK (buf32_to_ulong (msgbuf+5)); - if (err) - { - log_error ("PC/SC OPEN failed: %s\n", pcsc_error_string (err)); - goto command_failed; - } - - /* The open request may return a zero for the ATR length to - indicate that no card is present. */ - n = len; - if (n) - { - if ((i=readn (slotp->pcsc.rsp_fd, slotp->atr, n, &len)) || len != n) - { - log_error ("error receiving PC/SC OPEN response: %s\n", - i? strerror (errno) : "premature EOF"); - goto command_failed; - } - } - slotp->atrlen = len; - - reader_table[slot].close_reader = close_pcsc_reader; - reader_table[slot].reset_reader = reset_pcsc_reader; - reader_table[slot].get_status_reader = pcsc_get_status; - reader_table[slot].send_apdu_reader = pcsc_send_apdu; - reader_table[slot].dump_status_reader = dump_pcsc_reader_status; - - pcsc_vendor_specific_init (slot); - - /* Read the status so that IS_T0 will be set. */ - pcsc_get_status (slot, &dummy_status, 1); - - dump_reader_status (slot); - unlock_slot (slot); - return slot; - - command_failed: - close (slotp->pcsc.req_fd); - close (slotp->pcsc.rsp_fd); - slotp->pcsc.req_fd = -1; - slotp->pcsc.rsp_fd = -1; - if (slotp->pcsc.pid != -1) - kill (slotp->pcsc.pid, SIGTERM); - slotp->pcsc.pid = (pid_t)(-1); - slotp->used = 0; - unlock_slot (slot); - /* There is no way to return SW. */ - return -1; - -} -#endif /*NEED_PCSC_WRAPPER*/ - - -static int -open_pcsc_reader (const char *portstr) -{ -#ifdef NEED_PCSC_WRAPPER - return open_pcsc_reader_wrapped (portstr); -#else - return open_pcsc_reader_direct (portstr); -#endif -} /* Check whether the reader supports the ISO command code COMMAND @@ -2998,45 +1907,15 @@ apdu_dev_list_finish (struct dev_list *dl) static int apdu_open_one_reader (const char *portstr) { - static int pcsc_api_loaded, ct_api_loaded; + static int pcsc_api_loaded; int slot; if (DBG_READER) log_debug ("enter: apdu_open_reader: portstr=%s\n", portstr); - if (opt.ctapi_driver && *opt.ctapi_driver) - { - int port = portstr? atoi (portstr) : 32768; - - if (!ct_api_loaded) - { - void *handle; - - handle = dlopen (opt.ctapi_driver, RTLD_LAZY); - if (!handle) - { - log_error ("apdu_open_reader: failed to open driver: %s\n", - dlerror ()); - return -1; - } - CT_init = dlsym (handle, "CT_init"); - CT_data = dlsym (handle, "CT_data"); - CT_close = dlsym (handle, "CT_close"); - if (!CT_init || !CT_data || !CT_close) - { - log_error ("apdu_open_reader: invalid CT-API driver\n"); - dlclose (handle); - return -1; - } - ct_api_loaded = 1; - } - return open_ct_reader (port); - } - - /* No ctAPI configured, so lets try the PC/SC API */ + /* Lets try the PC/SC API */ if (!pcsc_api_loaded) { -#ifndef NEED_PCSC_WRAPPER void *handle; handle = dlopen (opt.pcsc_driver, RTLD_LAZY); @@ -3115,7 +1994,6 @@ apdu_open_one_reader (const char *portstr) dlclose (handle); return -1; } -#endif /*!NEED_PCSC_WRAPPER*/ pcsc_api_loaded = 1; } @@ -3569,7 +2447,7 @@ static int apdu_get_status_internal (int slot, int hang, unsigned int *status, int on_wire) { int sw; - unsigned int s; + unsigned int s = 0; if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; @@ -3935,7 +2813,6 @@ send_le (int slot, int class, int ins, int p0, int p1, { xfree (apdu_buffer); apdu_buffer = NULL; - apdu_buffer_size = 0; } /* Store away the returned data but strip the statusword. */ commit 0703de01c8fbc417a99ecf8e950fc306b8c8ac9c Author: NIIBE Yutaka Date: Mon Mar 6 13:39:46 2017 +0900 scd: Fix API of select_file/_path. * scd/iso7816.c (iso7816_select_file, iso7816_select_path): Remove unused arguments. * scd/app-dinsig.c (do_readcert): Follow the change. * scd/app-help.c (app_help_read_length_of_cert): Likewise. * scd/app-nks.c (keygripstr_from_pk_file, do_readcert, do_readkey) (switch_application): Likewise. * scd/app-p15.c (select_and_read_binary, select_ef_by_path) (micardo_mse, app_select_p15): Likewise. * scd/app.c (app_new_register): Likewise. -- Signed-off-by: NIIBE Yutaka diff --git a/scd/app-dinsig.c b/scd/app-dinsig.c index 99e4f00..5d65845 100644 --- a/scd/app-dinsig.c +++ b/scd/app-dinsig.c @@ -193,7 +193,7 @@ do_readcert (app_t app, const char *certid, /* Read the entire file. fixme: This could be optimized by first reading the header to figure out how long the certificate actually is. */ - err = iso7816_select_file (app->slot, fid, 0, NULL, NULL); + err = iso7816_select_file (app->slot, fid, 0); if (err) { log_error ("error selecting FID 0x%04X: %s\n", fid, gpg_strerror (err)); diff --git a/scd/app-help.c b/scd/app-help.c index 1cc86b1..85bcc66 100644 --- a/scd/app-help.c +++ b/scd/app-help.c @@ -106,7 +106,7 @@ app_help_read_length_of_cert (int slot, int fid, size_t *r_certoff) int class, tag, constructed, ndef; size_t resultlen, objlen, hdrlen; - err = iso7816_select_file (slot, fid, 0, NULL, NULL); + err = iso7816_select_file (slot, fid, 0); if (err) { log_info ("error selecting FID 0x%04X: %s\n", fid, gpg_strerror (err)); diff --git a/scd/app-nks.c b/scd/app-nks.c index 4442a10..98dd588 100644 --- a/scd/app-nks.c +++ b/scd/app-nks.c @@ -151,7 +151,7 @@ keygripstr_from_pk_file (app_t app, int fid, char *r_gripstr) int i; int offset[2] = { 0, 0 }; - err = iso7816_select_file (app->slot, fid, 0, NULL, NULL); + err = iso7816_select_file (app->slot, fid, 0); if (err) return err; err = iso7816_read_record (app->slot, 1, 1, 0, &buffer[0], &buflen[0]); @@ -528,7 +528,7 @@ do_readcert (app_t app, const char *certid, /* Read the entire file. fixme: This could be optimized by first reading the header to figure out how long the certificate actually is. */ - err = iso7816_select_file (app->slot, fid, 0, NULL, NULL); + err = iso7816_select_file (app->slot, fid, 0); if (err) { log_error ("error selecting FID 0x%04X: %s\n", fid, gpg_strerror (err)); @@ -636,7 +636,7 @@ do_readkey (app_t app, int advanced, const char *keyid, return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); /* Access the KEYD file which is always in the master directory. */ - err = iso7816_select_path (app->slot, path, DIM (path), NULL, NULL); + err = iso7816_select_path (app->slot, path, DIM (path)); if (err) return err; /* Due to the above select we need to re-select our application. */ @@ -1354,7 +1354,7 @@ switch_application (app_t app, int enable_sigg) app->app_local->sigg_msig_checked = 1; app->app_local->sigg_is_msig = 1; - err = iso7816_select_file (app->slot, 0x5349, 0, NULL, NULL); + err = iso7816_select_file (app->slot, 0x5349, 0); if (!err) err = iso7816_read_record (app->slot, 1, 1, 0, &buffer, &buflen); if (!err) diff --git a/scd/app-p15.c b/scd/app-p15.c index 3def55b..db8c38e 100644 --- a/scd/app-p15.c +++ b/scd/app-p15.c @@ -409,7 +409,7 @@ select_and_read_binary (int slot, unsigned short efid, const char *efid_desc, { gpg_error_t err; - err = iso7816_select_file (slot, efid, 0, NULL, NULL); + err = iso7816_select_file (slot, efid, 0); if (err) { log_error ("error selecting %s (0x%04X): %s\n", @@ -443,7 +443,7 @@ select_ef_by_path (app_t app, const unsigned short *path, size_t pathlen) if (app->app_local->direct_path_selection) { - err = iso7816_select_path (app->slot, path+1, pathlen-1, NULL, NULL); + err = iso7816_select_path (app->slot, path+1, pathlen-1); if (err) { log_error ("error selecting path "); @@ -461,8 +461,7 @@ select_ef_by_path (app_t app, const unsigned short *path, size_t pathlen) supported by the card. */ for (i=0; i < pathlen; i++) { - err = iso7816_select_file (app->slot, path[i], - !(i+1 == pathlen), NULL, NULL); + err = iso7816_select_file (app->slot, path[i], !(i+1 == pathlen)); if (err) { log_error ("error selecting part %d from path ", i); @@ -2761,7 +2760,7 @@ micardo_mse (app_t app, unsigned short fid) unsigned char msebuf[10]; /* Read the KeyD file containing extra information on keys. */ - err = iso7816_select_file (app->slot, 0x0013, 0, NULL, NULL); + err = iso7816_select_file (app->slot, 0x0013, 0); if (err) { log_error ("error reading EF_keyD: %s\n", gpg_strerror (err)); @@ -3301,7 +3300,7 @@ app_select_p15 (app_t app) Using the 2f02 just works. */ unsigned short path[1] = { 0x2f00 }; - rc = iso7816_select_path (app->slot, path, 1, NULL, NULL); + rc = iso7816_select_path (app->slot, path, 1); if (!rc) { direct = 1; @@ -3309,14 +3308,14 @@ app_select_p15 (app_t app) if (def_home_df) { path[0] = def_home_df; - rc = iso7816_select_path (app->slot, path, 1, NULL, NULL); + rc = iso7816_select_path (app->slot, path, 1); } } } if (rc) { /* Still not found: Try the default DF. */ def_home_df = 0x5015; - rc = iso7816_select_file (slot, def_home_df, 1, NULL, NULL); + rc = iso7816_select_file (slot, def_home_df, 1); } if (!rc) { diff --git a/scd/app.c b/scd/app.c index 1d81631..e1c4e10 100644 --- a/scd/app.c +++ b/scd/app.c @@ -208,9 +208,9 @@ app_new_register (int slot, ctrl_t ctrl, const char *name, We skip this if the undefined application has been requested. */ if (!want_undefined) { - err = iso7816_select_file (slot, 0x3F00, 1, NULL, NULL); + err = iso7816_select_file (slot, 0x3F00, 1); if (!err) - err = iso7816_select_file (slot, 0x2F02, 0, NULL, NULL); + err = iso7816_select_file (slot, 0x2F02, 0); if (!err) err = iso7816_read_binary (slot, 0, 0, &result, &resultlen); if (!err) diff --git a/scd/iso7816.c b/scd/iso7816.c index 6cfa6b6..8f79698 100644 --- a/scd/iso7816.c +++ b/scd/iso7816.c @@ -138,8 +138,7 @@ iso7816_select_application (int slot, const char *aid, size_t aidlen, gpg_error_t -iso7816_select_file (int slot, int tag, int is_dir, - unsigned char **result, size_t *resultlen) +iso7816_select_file (int slot, int tag, int is_dir) { int sw, p0, p1; unsigned char tagbuf[2]; @@ -147,41 +146,22 @@ iso7816_select_file (int slot, int tag, int is_dir, tagbuf[0] = (tag >> 8) & 0xff; tagbuf[1] = tag & 0xff; - if (result || resultlen) - { - *result = NULL; - *resultlen = 0; - return gpg_error (GPG_ERR_NOT_IMPLEMENTED); - } - else - { - p0 = (tag == 0x3F00)? 0: is_dir? 1:2; - p1 = 0x0c; /* No FC return. */ - sw = apdu_send_simple (slot, 0, 0x00, CMD_SELECT_FILE, - p0, p1, 2, (char*)tagbuf ); - return map_sw (sw); - } - - return 0; + p0 = (tag == 0x3F00)? 0: is_dir? 1:2; + p1 = 0x0c; /* No FC return. */ + sw = apdu_send_simple (slot, 0, 0x00, CMD_SELECT_FILE, + p0, p1, 2, (char*)tagbuf ); + return map_sw (sw); } /* Do a select file command with a direct path. */ gpg_error_t -iso7816_select_path (int slot, const unsigned short *path, size_t pathlen, - unsigned char **result, size_t *resultlen) +iso7816_select_path (int slot, const unsigned short *path, size_t pathlen) { int sw, p0, p1; unsigned char buffer[100]; int buflen; - if (result || resultlen) - { - *result = NULL; - *resultlen = 0; - return gpg_error (GPG_ERR_NOT_IMPLEMENTED); - } - if (pathlen/2 >= sizeof buffer) return gpg_error (GPG_ERR_TOO_LARGE); diff --git a/scd/iso7816.h b/scd/iso7816.h index bcef473..4c71bbd 100644 --- a/scd/iso7816.h +++ b/scd/iso7816.h @@ -51,11 +51,9 @@ gpg_error_t iso7816_map_sw (int sw); gpg_error_t iso7816_select_application (int slot, const char *aid, size_t aidlen, unsigned int flags); -gpg_error_t iso7816_select_file (int slot, int tag, int is_dir, - unsigned char **result, size_t *resultlen); +gpg_error_t iso7816_select_file (int slot, int tag, int is_dir); gpg_error_t iso7816_select_path (int slot, - const unsigned short *path, size_t pathlen, - unsigned char **result, size_t *resultlen); + const unsigned short *path, size_t pathlen); gpg_error_t iso7816_list_directory (int slot, int list_dirs, unsigned char **result, size_t *resultlen); gpg_error_t iso7816_apdu_direct (int slot, @@ -71,7 +69,7 @@ gpg_error_t iso7816_change_reference_data (int slot, int chvno, const char *oldchv, size_t oldchvlen, const char *newchv, size_t newchvlen); gpg_error_t iso7816_change_reference_data_kp (int slot, int chvno, - int is_exchange, + int is_exchange, pininfo_t *pininfo); gpg_error_t iso7816_reset_retry_counter (int slot, int chvno, const char *newchv, size_t newchvlen); ----------------------------------------------------------------------- Summary of changes: scd/apdu.c | 1167 +----------------------------------------------------- scd/app-dinsig.c | 2 +- scd/app-help.c | 2 +- scd/app-nks.c | 8 +- scd/app-p15.c | 15 +- scd/app.c | 4 +- scd/iso7816.c | 34 +- scd/iso7816.h | 8 +- 8 files changed, 47 insertions(+), 1193 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Mar 6 07:02:47 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Mon, 06 Mar 2017 07:02:47 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-19-g9bf39ed Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 9bf39ed75ddbd35908bcd0996f55325ff801619a (commit) from cb6337329d3c858c695a7e56e2fc31d9d50ca3fe (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9bf39ed75ddbd35908bcd0996f55325ff801619a Author: NIIBE Yutaka Date: Mon Mar 6 14:59:02 2017 +0900 scd: More cleanup of old code. * scd/app-dinsig.c (do_sign): Remove assignment to HASHALGO. * scd/app-p15.c (parse_keyusage_flags): Remove assign to MASK. (read_ef_aodf): Likewise. (read_ef_cdf): Change the control to parse_error. * scd/app-sc-hsm.c (parse_keyusage_flags): Remove assign to MASK. (read_ef_prkd): Remove assign to S. (read_ef_prkd): Check if PRKDF is not null. (read_ef_cd): Likewise for CDF. Signed-off-by: NIIBE Yutaka diff --git a/scd/app-dinsig.c b/scd/app-dinsig.c index 5d65845..f7ecc4b 100644 --- a/scd/app-dinsig.c +++ b/scd/app-dinsig.c @@ -456,7 +456,6 @@ do_sign (app_t app, const char *keyidstr, int hashalgo, /* Fixme: This is a kludge. A better solution is not to use SHA1 as default but use an autodetection. However this needs changes in all app-*.c */ - hashalgo = GCRY_MD_SHA256; datalen = indatalen; } else diff --git a/scd/app-p15.c b/scd/app-p15.c index db8c38e..4072fb7 100644 --- a/scd/app-p15.c +++ b/scd/app-p15.c @@ -752,7 +752,6 @@ parse_keyusage_flags (const unsigned char *der, size_t derlen, else { bits &= ~mask; - mask = 0; } } else @@ -1388,7 +1387,7 @@ read_ef_cdf (app_t app, unsigned short fid, cdf_object_t *result) if (class != CLASS_UNIVERSAL || tag != TAG_SEQUENCE) { errstr = "unsupported reference type"; - continue; + goto parse_error; } nn = objlen; @@ -1801,7 +1800,6 @@ read_ef_aodf (app_t app, unsigned short fid, aodf_object_t *result) else { bits &= ~mask; - mask = 0; } } if ((bits & 0x80)) diff --git a/scd/app-sc-hsm.c b/scd/app-sc-hsm.c index c582734..dddc8dc 100644 --- a/scd/app-sc-hsm.c +++ b/scd/app-sc-hsm.c @@ -414,7 +414,6 @@ parse_keyusage_flags (const unsigned char *der, size_t derlen, else { bits &= ~mask; - mask = 0; } } else @@ -827,7 +826,6 @@ read_ef_prkd (app_t app, unsigned short fid, prkdf_object_t *prkdresult, if (prkdf->usageflags.non_repudiation) { log_printf ("%snon_repudiation", s); - s = ","; } log_printf ("\n"); @@ -891,7 +889,8 @@ read_ef_prkd (app_t app, unsigned short fid, prkdf_object_t *prkdresult, } else { - prkdf->next = *prkdresult; + if (prkdf) + prkdf->next = *prkdresult; *prkdresult = prkdf; if (cdf) { @@ -1112,7 +1111,8 @@ read_ef_cd (app_t app, unsigned short fid, cdf_object_t *result) } else { - cdf->next = *result; + if (cdf) + cdf->next = *result; *result = cdf; } return err; ----------------------------------------------------------------------- Summary of changes: scd/app-dinsig.c | 1 - scd/app-p15.c | 4 +--- scd/app-sc-hsm.c | 8 ++++---- 3 files changed, 5 insertions(+), 8 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Mar 6 07:16:20 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Mon, 06 Mar 2017 07:16:20 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-20-ge6ca015 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via e6ca015ae182a6dbb0466441efc17c99683e9375 (commit) from 9bf39ed75ddbd35908bcd0996f55325ff801619a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e6ca015ae182a6dbb0466441efc17c99683e9375 Author: NIIBE Yutaka Date: Mon Mar 6 15:14:18 2017 +0900 scd: Fix compiler warnings for app-openpgp.c. * scd/app-openpgp.c (retrieve_key_material): Remove touching I. (do_change_pin): Make sure going to leave if PINVALUE == 0. (rsa_writekey): Emit simpler log. Signed-off-by: NIIBE Yutaka diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 5e75d4b..af81dce 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -1280,7 +1280,6 @@ retrieve_key_material (FILE *fp, const char *hexkeyid, if ( strcmp (fields[0], "pkd") ) continue; /* Not a key data record. */ - i = 0; /* Avoid erroneous compiler warning. */ if ( nfields < 4 || (i = atoi (fields[1])) < 0 || i > 1 || (!i && m_new) || (i && e_new)) { @@ -2652,7 +2651,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, rc = pincb (pincb_arg, set_resetcode? _("|RN|New Reset Code") : chvno == 3? _("|AN|New Admin PIN") : _("|N|New PIN"), &pinvalue); - if (rc) + if (rc || pinvalue == NULL) { log_error (_("error getting new PIN: %s\n"), gpg_strerror (rc)); goto leave; @@ -3352,8 +3351,7 @@ rsa_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), maxbits = app->app_local->keyattr[keyno].rsa.n_bits; nbits = rsa_n? count_bits (rsa_n, rsa_n_len) : 0; if (opt.verbose) - log_info ("RSA modulus size is %u bits (%u bytes)\n", - nbits, (unsigned int)rsa_n_len); + log_info ("RSA modulus size is %u bits\n", nbits); if (nbits && nbits != maxbits && app->app_local->extcap.algo_attr_change) { ----------------------------------------------------------------------- Summary of changes: scd/app-openpgp.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Mar 6 08:00:15 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 06 Mar 2017 08:00:15 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-21-g4a130bb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 4a130bbc2c2f4be6e8c6357512a943f435ade28f (commit) from e6ca015ae182a6dbb0466441efc17c99683e9375 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4a130bbc2c2f4be6e8c6357512a943f435ade28f Author: Werner Koch Date: Sun Mar 5 23:24:15 2017 +0100 gpg: Fix attempt to double free an UID structure. * g10/getkey.c (get_best_pubkey_byname): Set released .UID to NULL. -- Phil Pennock reported an assertion failure when doing % gpg --auto-key-locate dane --locate-keys someone gpg: Ohhhh jeeee: Assertion "uid->ref > 0" in \ free_user_id failed (free-packet.c:310) on his keyring. This patch is not tested but a good guess. Signed-off-by: Werner Koch diff --git a/g10/getkey.c b/g10/getkey.c index 163ab80..be7367f 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -1592,8 +1592,10 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retctx, PKT_public_key *pk, if (is_valid_mailbox (name) && ctx) { /* Rank results and return only the most relevant key. */ - struct pubkey_cmp_cookie best = { 0 }, new; - KBNODE new_keyblock; + struct pubkey_cmp_cookie best = { 0 }; + struct pubkey_cmp_cookie new; + kbnode_t new_keyblock; + while (getkey_next (ctx, &new.key, &new_keyblock) == 0) { int diff = pubkey_cmp (ctrl, name, &best, &new, new_keyblock); @@ -1610,17 +1612,20 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retctx, PKT_public_key *pk, /* Old key is better. */ release_public_key_parts (&new.key); free_user_id (new.uid); + new.uid = NULL; } else { /* A tie. Keep the old key. */ release_public_key_parts (&new.key); free_user_id (new.uid); + new.uid = NULL; } } getkey_end (ctx); ctx = NULL; free_user_id (best.uid); + best.uid = NULL; if (best.valid) { ----------------------------------------------------------------------- Summary of changes: g10/getkey.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Mar 6 12:27:58 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Mon, 06 Mar 2017 12:27:58 +0100 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.27-2-gc49c412 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via c49c4124900b7691581b40bee72c36d2f6128998 (commit) from 2f4ccc1c179110de67ca38c48b489f71c175ea67 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c49c4124900b7691581b40bee72c36d2f6128998 Author: NIIBE Yutaka Date: Mon Mar 6 20:27:37 2017 +0900 po: Update Japanese translation. -- Signed-off-by: NIIBE Yutaka diff --git a/po/ja.po b/po/ja.po index 17f2a55..63f390a 100644 --- a/po/ja.po +++ b/po/ja.po @@ -3,12 +3,12 @@ # This file is distributed under the same license as the libgpg-error package. # Yasuaki Taniguchi , 2010. # Takeshi Hamasaki , 2012. -# NIIBE Yutaka , 2014, 2015, 2016. +# NIIBE Yutaka , 2014, 2015, 2016, 2017. msgid "" msgstr "" -"Project-Id-Version: libgpg-error 1.26\n" +"Project-Id-Version: libgpg-error 1.27\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2016-12-22 08:12+0900\n" +"PO-Revision-Date: 2017-03-06 20:25+0900\n" "Last-Translator: NIIBE Yutaka \n" "Language-Team: none\n" "Language: ja\n" @@ -126,7 +126,7 @@ msgid "Invalid cipher algorithm" msgstr "?????????????" msgid "Cannot open keyring" -msgstr "" +msgstr "??????????" msgid "Invalid packet" msgstr "?????????" @@ -729,7 +729,7 @@ msgid "Bad octal character in S-expression" msgstr "S??????8???????????" msgid "All subkeys are expired or revoked" -msgstr "" +msgstr "???????????????????" msgid "Database is corrupted" msgstr "????????????????" @@ -920,104 +920,74 @@ msgstr "IPC??????????" msgid "Unknown IPC inquire" msgstr "???IPC???????" -#, fuzzy -#| msgid "No crypto engine" msgid "Crypto engine too old" -msgstr "????????????" +msgstr "????????????" msgid "Screen or window too small" -msgstr "" +msgstr "????????????????????" msgid "Screen or window too large" -msgstr "" +msgstr "????????????????????" msgid "Required environment variable not set" -msgstr "" +msgstr "?????????????????" -#, fuzzy -#| msgid "Already exists (LDAP)" msgid "User ID already exists" -msgstr "??????? (LDAP)" +msgstr "User ID????????" -#, fuzzy -#| msgid "Already exists (LDAP)" msgid "Name already exists" -msgstr "??????? (LDAP)" +msgstr "??????????" -#, fuzzy -#| msgid "Duplicated value" msgid "Duplicated name" -msgstr "???????" +msgstr "????????" -#, fuzzy -#| msgid "Certificate too young" msgid "Object is too young" -msgstr "?????????" +msgstr "????????????" -#, fuzzy -#| msgid "Provided object is too short" msgid "Object is too old" -msgstr "??????????????????" +msgstr "????????????" -#, fuzzy -#| msgid "Unknown name" msgid "Unknown flag" -msgstr "???????" +msgstr "????????" -#, fuzzy -#| msgid "Invalid operation code" msgid "Invalid execution order" -msgstr "??????????" +msgstr "????????" msgid "Already fetched" -msgstr "" +msgstr "????????????" msgid "Try again later" -msgstr "" +msgstr "???????????" -#, fuzzy -#| msgid "No name" msgid "Wrong name" -msgstr "????????" +msgstr "????????" msgid "System bug detected" -msgstr "" +msgstr "???????????????" -#, fuzzy -#| msgid "Unknown system error" msgid "Unknown DNS error" -msgstr "??????????" +msgstr "???DNS???" -#, fuzzy -#| msgid "Invalid OID string" msgid "Invalid DNS section" -msgstr "??? OID ?????" +msgstr "??? DNS ???????" -#, fuzzy -#| msgid "Invalid S-expression" msgid "Invalid textual address form" -msgstr "??? S-???" +msgstr "????????????????" -#, fuzzy -#| msgid "Missing issuer certificate" msgid "Missing DNS query packet" -msgstr "????????????" +msgstr "DNS??????????????" msgid "Missing DNS answer packet" -msgstr "" +msgstr "DNS???????????????" msgid "Connection closed in DNS" -msgstr "" +msgstr "DNS???????????" -#, fuzzy -#| msgid "Decryption failed" msgid "Verification failed in DNS" -msgstr "?????????" +msgstr "DNS??????????" -#, fuzzy -#| msgid "Timeout" msgid "DNS Timeout" -msgstr "????????" +msgstr "DNS????????" msgid "General LDAP error" msgstr "??LDAP?????" ----------------------------------------------------------------------- Summary of changes: po/ja.po | 86 +++++++++++++++++++++------------------------------------------- 1 file changed, 28 insertions(+), 58 deletions(-) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Mon Mar 6 13:25:34 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 06 Mar 2017 13:25:34 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-22-ge358911 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via e3589110e01dc6ad04463351ec2ce17201556d09 (commit) from 4a130bbc2c2f4be6e8c6357512a943f435ade28f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e3589110e01dc6ad04463351ec2ce17201556d09 Author: Werner Koch Date: Mon Mar 6 13:21:50 2017 +0100 wks: Set published keys world-readable. * tools/gpg-wks-server.c (check_and_publish): Set the permissions. Signed-off-by: Werner Koch diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c index 0376cce..fc021c5 100644 --- a/tools/gpg-wks-server.c +++ b/tools/gpg-wks-server.c @@ -1374,6 +1374,11 @@ check_and_publish (server_ctx_t ctx, const char *address, const char *nonce) goto leave; } + /* Make sure it is world readable. */ + if (gnupg_chmod (fnewname, "-rwxr--r--")) + log_error ("can't set permissions of '%s': %s\n", + fnewname, gpg_strerror (gpg_err_code_from_syserror())); + log_info ("key %s published for '%s'\n", ctx->fpr, address); send_congratulation_message (address, fnewname); ----------------------------------------------------------------------- Summary of changes: tools/gpg-wks-server.c | 5 +++++ 1 file changed, 5 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Mar 6 18:10:36 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Mon, 06 Mar 2017 18:10:36 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-24-g7e19786 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 7e19786a5ddef637d1d9d21593fecf5a36b6f372 (commit) via 171e4314ebd3ff74af3dcdc8bd68e1100e8910ea (commit) from e3589110e01dc6ad04463351ec2ce17201556d09 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7e19786a5ddef637d1d9d21593fecf5a36b6f372 Author: Justus Winter Date: Mon Mar 6 17:16:41 2017 +0100 tests: Harmonize temporary and socket directory handling. * tests/gpgscm/tests.scm (mkdtemp): Do not magically obey the environment variable 'TMP', make sure to always return an absolute path. * tests/gpgme/Makefile.am (TMP): Drop variable. (TESTS_ENVIRONMENT): Drop 'TMP'. * tests/gpgme/gpgme-defs.scm (create-gpgmehome): Start the agent. Do not create private key store, the agent does that for us. * tests/gpgsm/Makefile.am (TMP): Drop variable. (TESTS_ENVIRONMENT): Drop 'TMP'. * tests/gpgme/gpgme-defs.scm (create-gpgsmhome): Start the agent. Do not create private key store, the agent does that for us. * tests/migrations/Makefile.am (TMP): Drop variable. (TESTS_ENVIRONMENT): Drop 'TMP'. * tests/migrations/common.scm (gpgconf): New variable. (run-test): Create and remove socket directory. * tests/migrations/extended-pkf.scm (src-tarball): Remove variable. (setup): Remove function. (trigger-migration): Likewise. Use 'run-test' to execute the test. * tests/migrations/from-classic.scm (src-tarball): Remove variable. (setup): Remove function. Use 'run-test' to execute the tests. * tests/openpgp/Makefile.am (TMP): Drop variable. (TESTS_ENVIRONMENT): Drop 'TMP'. * tests/openpgp/README: Do not mention 'TMP'. * tests/openpgp/defs.scm (with-home-directory): New macro. (create-legacy-gpghome): Do not create private key store, the agent does that for us. (start-agent): Make sure to terminate the right agent with 'atexit'. -- Previously, the test suite relied upon creating home directories in '/tmp'. This has been problematic in some build environments, although POSIX mandates that '/tmp' must be available. We now rely on 'gpgconf --create-socketdir' to create a suitable socket directory for us. This allows us to get rid of some cruft. It also aligns the environment the tests are run in closer with the environment that we intend that GnuPG runs in. Signed-off-by: Justus Winter diff --git a/tests/gpgme/Makefile.am b/tests/gpgme/Makefile.am index d7fd87c..0d0edc0 100644 --- a/tests/gpgme/Makefile.am +++ b/tests/gpgme/Makefile.am @@ -28,12 +28,9 @@ include $(top_srcdir)/am/cmacros.am AM_CFLAGS = -TMP ?= /tmp - TESTS_ENVIRONMENT = LC_ALL=C \ EXEEXT=$(EXEEXT) \ PATH=../gpgscm:$(PATH) \ - TMP=$(TMP) \ srcdir=$(abs_srcdir) \ objdir=$(abs_top_builddir) \ GPGSCM_PATH=$(abs_top_srcdir)/tests/gpgscm:$(abs_top_srcdir)/tests/openpgp:$(abs_top_srcdir)/tests/gpgme diff --git a/tests/gpgme/gpgme-defs.scm b/tests/gpgme/gpgme-defs.scm index c102c93..7a7166c 100644 --- a/tests/gpgme/gpgme-defs.scm +++ b/tests/gpgme/gpgme-defs.scm @@ -54,7 +54,8 @@ (create-file "gpg-agent.conf" (string-append "pinentry-program " (tool 'pinentry))) - (mkdir "private-keys-v1.d" "-rwx") + + (start-agent) (log "Storing private keys") (for-each diff --git a/tests/gpgscm/tests.scm b/tests/gpgscm/tests.scm index e5858d9..b3da919 100644 --- a/tests/gpgscm/tests.scm +++ b/tests/gpgscm/tests.scm @@ -268,14 +268,13 @@ ;; Make a temporary directory. If arguments are given, they are ;; joined using path-join, and must end in a component ending in ;; "XXXXXX". If no arguments are given, a suitable location and -;; generic name is used. +;; generic name is used. Returns an absolute path. (define (mkdtemp . components) - (_mkdtemp (if (null? components) - (path-join (getenv "TMP") - (string-append "gpgscm-" (get-isotime) "-" - (basename-suffix *scriptname* ".scm") - "-XXXXXX")) - (apply path-join components)))) + (canonical-path (_mkdtemp (if (null? components) + (string-append "gpgscm-" (get-isotime) "-" + (basename-suffix *scriptname* ".scm") + "-XXXXXX") + (apply path-join components))))) (define-macro (with-temporary-working-directory . expressions) (let ((tmp-sym (gensym))) diff --git a/tests/gpgsm/Makefile.am b/tests/gpgsm/Makefile.am index aad328b..28db501 100644 --- a/tests/gpgsm/Makefile.am +++ b/tests/gpgsm/Makefile.am @@ -28,12 +28,9 @@ include $(top_srcdir)/am/cmacros.am AM_CFLAGS = -TMP ?= /tmp - TESTS_ENVIRONMENT = LC_ALL=C \ EXEEXT=$(EXEEXT) \ PATH=../gpgscm:$(PATH) \ - TMP=$(TMP) \ srcdir=$(abs_srcdir) \ objdir=$(abs_top_builddir) \ GPGSCM_PATH=$(abs_top_srcdir)/tests/gpgscm:$(abs_top_srcdir)/tests/openpgp:$(abs_top_srcdir)/tests/gpgsm diff --git a/tests/gpgsm/gpgsm-defs.scm b/tests/gpgsm/gpgsm-defs.scm index aa5af3d..5f9be7f 100644 --- a/tests/gpgsm/gpgsm-defs.scm +++ b/tests/gpgsm/gpgsm-defs.scm @@ -73,6 +73,7 @@ "faked-system-time 1008241200") (create-file "gpg-agent.conf" (string-append "pinentry-program " (tool 'pinentry))) + (start-agent) (create-file "trustlist.txt" "32100C27173EF6E9C4E9A25D3D69F86D37A4F939" @@ -80,7 +81,6 @@ "3CF405464F66ED4A7DF45BBDD1E4282E33BDB76E S") (log "Storing private keys") - (mkdir "private-keys-v1.d" "-rwx") (for-each (lambda (name) (file-copy (in-srcdir name) diff --git a/tests/migrations/Makefile.am b/tests/migrations/Makefile.am index d0cd9ee..0895aff 100644 --- a/tests/migrations/Makefile.am +++ b/tests/migrations/Makefile.am @@ -28,12 +28,9 @@ include $(top_srcdir)/am/cmacros.am AM_CFLAGS = -TMP ?= /tmp - TESTS_ENVIRONMENT = GPG_AGENT_INFO= LC_ALL=C \ EXEEXT=$(EXEEXT) \ PATH=../gpgscm:$(PATH) \ - TMP=$(TMP) \ srcdir=$(abs_srcdir) \ objdir=$(abs_top_builddir) \ GPGSCM_PATH=$(abs_top_srcdir)/tests/gpgscm:$(abs_top_srcdir)/tests/migrations diff --git a/tests/migrations/common.scm b/tests/migrations/common.scm index 30ac62b..fa8f129 100644 --- a/tests/migrations/common.scm +++ b/tests/migrations/common.scm @@ -26,6 +26,7 @@ (string-append executable (getenv "EXEEXT"))) ;; We may not use a relative name for gpg-agent. +(define gpgconf (path-join (getenv "objdir") "tools" (qualify "gpgconf"))) (define GPG-AGENT (path-join (getenv "objdir") "agent" (qualify "gpg-agent"))) (define GPG `(,(path-join (getenv "objdir") "g10" (qualify "gpg")) --no-permission-warning --no-greeting @@ -51,4 +52,9 @@ (info message) (untar-armored src-tarball) (setenv "GNUPGHOME" (getcwd) #t) - (test (getcwd)))) + + (catch (log "Warning: Creating socket directory failed:" (car *error*)) + (call-popen `(,gpgconf --create-socketdir) "")) + (test (getcwd)) + (catch (log "Warning: Removing socket directory failed.") + (call-popen `(,gpgconf --remove-socketdir) "")))) diff --git a/tests/migrations/extended-pkf.scm b/tests/migrations/extended-pkf.scm index bf2c49e..1317cd4 100755 --- a/tests/migrations/extended-pkf.scm +++ b/tests/migrations/extended-pkf.scm @@ -22,15 +22,6 @@ (catch (skip "gpgtar not built") (call-check `(,GPGTAR --help))) -(define src-tarball (in-srcdir "extended-pkf.tar.asc")) - -(define (setup) - (untar-armored src-tarball) - (setenv "GNUPGHOME" (getcwd) #t)) - -(define (trigger-migration) - (call-check `(, at GPG --list-secret-keys))) - (define (assert-keys-usable) (for-each (lambda (keyid) @@ -38,9 +29,10 @@ (call-check `(, at GPG --list-secret-keys ,keyid)))) '("C40FDECF" "ECABF51D"))) -(info "Testing the extended private key format ...") -(with-temporary-working-directory - (setup) - (assert-keys-usable)) +(run-test + "Testing the extended private key format ..." + (in-srcdir "extended-pkf.tar.asc") + (lambda (gpghome) + (assert-keys-usable))) ;; XXX try changing a key, and check that the format is not changed. diff --git a/tests/migrations/from-classic.scm b/tests/migrations/from-classic.scm index d540470..ace458e 100755 --- a/tests/migrations/from-classic.scm +++ b/tests/migrations/from-classic.scm @@ -22,12 +22,6 @@ (catch (skip "gpgtar not built") (call-check `(,GPGTAR --help))) -(define src-tarball (in-srcdir "from-classic.tar.asc")) - -(define (setup) - (untar-armored src-tarball) - (setenv "GNUPGHOME" (getcwd) #t)) - (define (trigger-migration) (call-check `(, at GPG --list-secret-keys))) @@ -41,24 +35,27 @@ (call-check `(, at GPG --list-secret-keys ,keyid)))) '("D74C5F22" "C40FDECF" "ECABF51D"))) -(info "Testing a clean migration ...") -(with-temporary-working-directory - (setup) - (trigger-migration) - (assert-migrated)) - -(info "Testing a migration with existing private-keys-v1.d ...") -(with-temporary-working-directory - (setup) - (mkdir "private-keys-v1.d" "-rwx") - (trigger-migration) - (assert-migrated)) - -(info "Testing a migration with existing but weird private-keys-v1.d ...") -(with-temporary-working-directory - (setup) - (mkdir "private-keys-v1.d" "") - (trigger-migration) - (assert-migrated)) +(run-test + "Testing a clean migration ..." + (in-srcdir "from-classic.tar.asc") + (lambda (gpghome) + (trigger-migration) + (assert-migrated))) + +(run-test + "Testing a migration with existing private-keys-v1.d ..." + (in-srcdir "from-classic.tar.asc") + (lambda (gpghome) + (mkdir "private-keys-v1.d" "-rwx") + (trigger-migration) + (assert-migrated))) + +(run-test + "Testing a migration with existing but weird private-keys-v1.d ..." + (in-srcdir "from-classic.tar.asc") + (lambda (gpghome) + (mkdir "private-keys-v1.d" "") + (trigger-migration) + (assert-migrated))) ;; XXX Check a case where the migration fails. diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am index afac58f..518af20 100644 --- a/tests/openpgp/Makefile.am +++ b/tests/openpgp/Makefile.am @@ -33,12 +33,9 @@ noinst_PROGRAMS = fake-pinentry fake_pinentry_SOURCES = fake-pinentry.c -TMP ?= /tmp - TESTS_ENVIRONMENT = LC_ALL=C \ EXEEXT=$(EXEEXT) \ PATH=../gpgscm:$(PATH) \ - TMP=$(TMP) \ srcdir=$(abs_srcdir) \ objdir=$(abs_top_builddir) \ GPGSCM_PATH=$(abs_top_srcdir)/tests/gpgscm:$(abs_top_srcdir)/tests/openpgp diff --git a/tests/openpgp/README b/tests/openpgp/README index eba77b1..b9d5607 100644 --- a/tests/openpgp/README +++ b/tests/openpgp/README @@ -30,7 +30,7 @@ This is a bit tricky because one needs to manually set some environment variables. We should make that easier. See discussion below. From your build directory, do: - obj $ TMP=/tmp srcdir=/tests/openpgp \ + obj $ srcdir=/tests/openpgp \ GPGSCM_PATH=/tests/gpgscm:/tests/openpgp \ $(pwd)/tests/gpgscm/gpgscm [gpgscm args] \ run-tests.scm [test suite runner args] diff --git a/tests/openpgp/defs.scm b/tests/openpgp/defs.scm index a06a570..568ffab 100644 --- a/tests/openpgp/defs.scm +++ b/tests/openpgp/defs.scm @@ -278,6 +278,15 @@ ;; GnuPG helper. ;; +;; Evaluate a sequence of expressions with the given home directory. +(define-macro (with-home-directory gnupghome . expressions) + (let ((original-home-directory (gensym))) + `(let ((,original-home-directory (getenv "GNUPGHOME"))) + (dynamic-wind + (lambda () (setenv "GNUPGHOME" ,gnupghome #t)) + (lambda () , at expressions) + (lambda () (setenv "GNUPGHOME" ,original-home-directory #t)))))) + ;; Evaluate a sequence of expressions with an ephemeral home ;; directory. (define-macro (with-ephemeral-home-directory . expressions) @@ -364,7 +373,6 @@ (define (create-legacy-gpghome) (create-sample-files) - (mkdir "private-keys-v1.d" "-rwx") (log "Storing private keys") (for-each @@ -434,7 +442,10 @@ ;; Create the socket dir and start the agent. (define (start-agent) (log "Starting gpg-agent...") - (atexit stop-agent) + (let ((gnupghome (getenv "GNUPGHOME"))) + (atexit (lambda () + (with-home-directory gnupghome + (stop-agent))))) (catch (log "Warning: Creating socket directory failed:" (car *error*)) (call-popen `(,(tool 'gpgconf) --create-socketdir) "")) (call-check `(,(tool 'gpg-connect-agent) --verbose diff --git a/tests/openpgp/setup.scm b/tests/openpgp/setup.scm index d13799d..bf1876e 100755 --- a/tests/openpgp/setup.scm +++ b/tests/openpgp/setup.scm @@ -25,6 +25,7 @@ (with-ephemeral-home-directory (chdir (getenv "GNUPGHOME")) (create-gpghome) + (start-agent) (create-legacy-gpghome) (stop-agent) (call-check `(,(tool 'gpgtar) --create --output ,(cadr *args*) "."))) commit 171e4314ebd3ff74af3dcdc8bd68e1100e8910ea Author: Justus Winter Date: Mon Mar 6 17:14:58 2017 +0100 gpgscm: Fix creation of temporary directories. * tests/gpgscm/ffi.c (do_mkdtemp): Use a larger buffer for the template. Signed-off-by: Justus Winter diff --git a/tests/gpgscm/ffi.c b/tests/gpgscm/ffi.c index 42facee..34e573f 100644 --- a/tests/gpgscm/ffi.c +++ b/tests/gpgscm/ffi.c @@ -26,6 +26,7 @@ #include #include #include +#include #include #include #include @@ -345,7 +346,11 @@ do_mkdtemp (scheme *sc, pointer args) { FFI_PROLOG (); char *template; - char buffer[128]; +#ifdef PATH_MAX + char buffer[PATH_MAX]; +#else + char buffer[1024]; +#endif char *name; FFI_ARG_OR_RETURN (sc, char *, template, string, args); FFI_ARGS_DONE_OR_RETURN (sc, args); ----------------------------------------------------------------------- Summary of changes: tests/gpgme/Makefile.am | 3 --- tests/gpgme/gpgme-defs.scm | 3 ++- tests/gpgscm/ffi.c | 7 +++++- tests/gpgscm/tests.scm | 13 +++++------ tests/gpgsm/Makefile.am | 3 --- tests/gpgsm/gpgsm-defs.scm | 2 +- tests/migrations/Makefile.am | 3 --- tests/migrations/common.scm | 8 ++++++- tests/migrations/extended-pkf.scm | 18 +++++---------- tests/migrations/from-classic.scm | 47 ++++++++++++++++++--------------------- tests/openpgp/Makefile.am | 3 --- tests/openpgp/README | 2 +- tests/openpgp/defs.scm | 15 +++++++++++-- tests/openpgp/setup.scm | 1 + 14 files changed, 64 insertions(+), 64 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 7 01:59:06 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 07 Mar 2017 01:59:06 +0100 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.27-3-g1126c4c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 1126c4c117a47c8ea8435ac11561d51b13f538dd (commit) from c49c4124900b7691581b40bee72c36d2f6128998 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1126c4c117a47c8ea8435ac11561d51b13f538dd Author: NIIBE Yutaka Date: Tue Mar 7 09:57:16 2017 +0900 w32: Conditionalize ISO 2022 definitions. * src/w32-iconv.c (iso2022_SI_seq, iso2022_SO_seq) [USE_MLANG_DLL]: Only for USE_MLANG_DLL. -- Signed-off-by: NIIBE Yutaka diff --git a/src/w32-iconv.c b/src/w32-iconv.c index c10bb32..888b722 100644 --- a/src/w32-iconv.c +++ b/src/w32-iconv.c @@ -1475,6 +1475,7 @@ utf32_wctomb(csconv_t *cv, ushort *wbuf, int wbufsize, uchar *buf, int bufsize) #define ISO2022_SI 0 #define ISO2022_SO 1 +#if USE_MLANG_DLL /* shift in */ static const char iso2022_SI_seq[] = "\x0F"; /* shift out */ @@ -1487,6 +1488,7 @@ struct iso2022_esc_t { int len; int cs; }; +#endif #define ISO2022JP_CS_ASCII 0 #define ISO2022JP_CS_JISX0201_ROMAN 1 ----------------------------------------------------------------------- Summary of changes: src/w32-iconv.c | 2 ++ 1 file changed, 2 insertions(+) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 7 02:44:06 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 07 Mar 2017 02:44:06 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-27-gb9ab733 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via b9ab733fc0dd2ca2a7eaac0bde3a817c07af36c5 (commit) via ce37ada87139ef418401f9f35439007a8c04a856 (commit) via cc933a96f8e83bc66fb69ed33d9593acdd60c929 (commit) from 7e19786a5ddef637d1d9d21593fecf5a36b6f372 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b9ab733fc0dd2ca2a7eaac0bde3a817c07af36c5 Author: NIIBE Yutaka Date: Tue Mar 7 10:42:46 2017 +0900 common: Fix warning for portability. * common/localename.c (do_nl_locale_name): We don't use CATEGORY. -- Signed-off-by: NIIBE Yutaka diff --git a/common/localename.c b/common/localename.c index 2650ea7..b620a74 100644 --- a/common/localename.c +++ b/common/localename.c @@ -79,6 +79,7 @@ do_nl_locale_name (int category, const char *categoryname) (void)categoryname; retval = setlocale (category, NULL); # else + (void)category; /* Setting of LC_ALL overwrites all other. */ retval = getenv ("LC_ALL"); if (retval == NULL || retval[0] == '\0') commit ce37ada87139ef418401f9f35439007a8c04a856 Author: NIIBE Yutaka Date: Tue Mar 7 10:29:37 2017 +0900 tools: More portable for openpty use. * configure.ac (AC_CHECK_HEADERS): Add util.h libutil.h and termios.h. * tools/symcryptrun.c: Include those headers. -- This is for OpenBSD and FreeBSD. Signed-off-by: NIIBE Yutaka diff --git a/configure.ac b/configure.ac index bec7428..5fc2b85 100644 --- a/configure.ac +++ b/configure.ac @@ -1274,7 +1274,8 @@ AC_MSG_NOTICE([checking for header files]) AC_HEADER_STDC AC_CHECK_HEADERS([string.h unistd.h langinfo.h termio.h locale.h getopt.h \ pty.h utmp.h pwd.h inttypes.h signal.h sys/select.h \ - stdint.h signal.h]) + stdint.h signal.h util.h libutil.h termios.h]) + AC_HEADER_TIME diff --git a/tools/symcryptrun.c b/tools/symcryptrun.c index a72b9cf..b32d43a 100644 --- a/tools/symcryptrun.c +++ b/tools/symcryptrun.c @@ -71,9 +71,21 @@ #include #include #include + #ifdef HAVE_PTY_H #include +#else +#ifdef HAVE_TERMIOS_H +#include +#endif +#ifdef HAVE_UTIL_H +#include +#endif +#ifdef HAVE_LIBUTIL_H +#include #endif +#endif + #ifdef HAVE_UTMP_H #include #endif commit cc933a96f8e83bc66fb69ed33d9593acdd60c929 Author: NIIBE Yutaka Date: Tue Mar 7 10:19:40 2017 +0900 scd: Close THE_EVENT handle. * scd/scdaemon.c (handle_connections): Close the handle. -- Signed-off-by: NIIBE Yutaka diff --git a/scd/scdaemon.c b/scd/scdaemon.c index 4b63c9b..13cf2e6 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -1378,6 +1378,10 @@ handle_connections (int listen_fd) } } +#ifdef HAVE_W32_SYSTEM + if (the_event != INVALID_HANDLE_VALUE) + CloseHandle (the_event); +#endif cleanup (); log_info (_("%s %s stopped\n"), strusage(11), strusage(13)); npth_attr_destroy (&tattr); ----------------------------------------------------------------------- Summary of changes: common/localename.c | 1 + configure.ac | 3 ++- scd/scdaemon.c | 4 ++++ tools/symcryptrun.c | 12 ++++++++++++ 4 files changed, 19 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 7 06:08:25 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 07 Mar 2017 06:08:25 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-28-gf7f806a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via f7f806afa5083617f4aba02fc3b285b06a7d73d4 (commit) from b9ab733fc0dd2ca2a7eaac0bde3a817c07af36c5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f7f806afa5083617f4aba02fc3b285b06a7d73d4 Author: NIIBE Yutaka Date: Tue Mar 7 14:01:17 2017 +0900 agent: Fix get_client_pid for portability. * configure.ac: Simply check getpeerucred and ucred.h, and structure members. * agent/command-ssh.c: Include ucred.h. (get_client_pid) [HAVE_STRUCT_SOCKPEERCRED_PID]: Use sockpeercred structure for OpenBSD. [LOCAL_PEERPID]: Use LOCAL_PEERPID for macOS. [LOCAL_PEEREID]: Use LOCAL_PEEREID for NetBSD. [HAVE_GETPEERUCRED]: Use getpeerucred for OpenSolaris. -- This change also addresses following bug. GnuPG-bug-id: 2981. Signed-off-by: NIIBE Yutaka diff --git a/agent/command-ssh.c b/agent/command-ssh.c index 3ab41cf..c7afe3b 100644 --- a/agent/command-ssh.c +++ b/agent/command-ssh.c @@ -40,6 +40,9 @@ #include #include #include +#ifdef HAVE_UCRED_H +#include +#endif #include "agent.h" @@ -3556,31 +3559,39 @@ ssh_request_process (ctrl_t ctrl, estream_t stream_sock) } -/* Return the peer's pid. Stripped down code from libassuan. */ +/* Return the peer's pid. */ static unsigned long get_client_pid (int fd) { pid_t client_pid = (pid_t)(-1); -#ifdef HAVE_SO_PEERCRED +#ifdef SO_PEERCRED { +#ifdef HAVE_STRUCT_SOCKPEERCRED_PID + struct sockpeercred cr; +#else struct ucred cr; +#endif socklen_t cl = sizeof cr; if ( !getsockopt (fd, SOL_SOCKET, SO_PEERCRED, &cr, &cl)) - client_pid = cr.pid; + { +#if defined (HAVE_STRUCT_SOCKPEERCRED_PID) || defined (HAVE_STRUCT_UCRED_PID) + client_pid = cr.pid; +#elif defined (HAVE_STRUCT_UCRED_CR_PID) + client_pid = cr.cr_pid; +#else +#error "Unknown SO_PEERCRED struct" +#endif + } } -#elif defined (HAVE_GETPEERUCRED) +#elif defined (LOCAL_PEERPID) { - ucred_t *ucred = NULL; + socklen_t len = sizeof (pid_t); - if (getpeerucred (fd, &ucred) != -1) - { - client_pid= ucred_getpid (ucred); - ucred_free (ucred); - } + getsockopt(fd, SOL_LOCAL, LOCAL_PEERPID, &client_pid, &len); } -#elif defined (HAVE_LOCAL_PEEREID) +#elif defined (LOCAL_PEEREID) { struct unpcbid unp; socklen_t unpl = sizeof unp; @@ -3588,6 +3599,16 @@ get_client_pid (int fd) if (getsockopt (fd, 0, LOCAL_PEEREID, &unp, &unpl) != -1) client_pid = unp.unp_pid; } +#elif defined (HAVE_GETPEERUCRED) + { + ucred_t *ucred = NULL; + + if (getpeerucred (fd, &ucred) != -1) + { + client_pid= ucred_getpid (ucred); + ucred_free (ucred); + } + } #endif return client_pid == (pid_t)(-1)? 0 : (unsigned long)client_pid; diff --git a/configure.ac b/configure.ac index 5fc2b85..6d35450 100644 --- a/configure.ac +++ b/configure.ac @@ -1274,7 +1274,8 @@ AC_MSG_NOTICE([checking for header files]) AC_HEADER_STDC AC_CHECK_HEADERS([string.h unistd.h langinfo.h termio.h locale.h getopt.h \ pty.h utmp.h pwd.h inttypes.h signal.h sys/select.h \ - stdint.h signal.h util.h libutil.h termios.h]) + stdint.h signal.h util.h libutil.h termios.h \ + ucred.h]) AC_HEADER_TIME @@ -1394,49 +1395,13 @@ fi # -# Check for the getsockopt SO_PEERCRED -# (This has been copied from libassuan) +# Check for the getsockopt SO_PEERCRED, etc. # -AC_MSG_CHECKING(for SO_PEERCRED) -AC_CACHE_VAL(gnupg_cv_sys_so_peercred, - [AC_TRY_COMPILE([#include ], - [struct ucred cr; - int cl = sizeof cr; - getsockopt (1, SOL_SOCKET, SO_PEERCRED, &cr, &cl);], - gnupg_cv_sys_so_peercred=yes, - gnupg_cv_sys_so_peercred=no) - ]) -AC_MSG_RESULT($gnupg_cv_sys_so_peercred) +AC_CHECK_MEMBERS([struct ucred.pid, struct ucred.cr_pid, struct sockpeercred.pid], [], [], [#include +#include ]) -if test $gnupg_cv_sys_so_peercred = yes; then - AC_DEFINE(HAVE_SO_PEERCRED, 1, - [Defined if SO_PEERCRED is supported (Linux specific)]) -else - # Check for the getsockopt LOCAL_PEEREID (NetBSD) - AC_MSG_CHECKING(for LOCAL_PEEREID) - AC_CACHE_VAL(gnupg_cv_sys_so_local_peereid, - [AC_TRY_COMPILE([#include - #include ], - [struct unpcbid unp; - int unpl = sizeof unp; - getsockopt (1, SOL_SOCKET, LOCAL_PEEREID, &unp, &unpl);], - gnupg_cv_sys_so_local_peereid=yes, - gnupg_cv_sys_so_local_peereid=no) - ]) - AC_MSG_RESULT($gnupg_cv_sys_so_local_peereid) - - if test $gnupg_cv_sys_so_local_peereid = yes; then - AC_DEFINE(HAVE_LOCAL_PEEREID, 1, - [Defined if LOCAL_PEEREID is supported (NetBSD specific)]) - else - # (Open)Solaris - AC_CHECK_FUNCS([getpeerucred], AC_CHECK_HEADERS([ucred.h])) - if test $ac_cv_func_getpeerucred != yes; then - # FreeBSD - AC_CHECK_FUNCS([getpeereid]) - fi - fi -fi +# (Open)Solaris +AC_CHECK_FUNCS([getpeerucred]) # ----------------------------------------------------------------------- Summary of changes: agent/command-ssh.c | 43 ++++++++++++++++++++++++++++++++----------- configure.ac | 49 +++++++------------------------------------------ 2 files changed, 39 insertions(+), 53 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 7 06:23:48 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 07 Mar 2017 06:23:48 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-29-gbf03925 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via bf03925751abb739f2fd9d631694d3dd33decf92 (commit) from f7f806afa5083617f4aba02fc3b285b06a7d73d4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit bf03925751abb739f2fd9d631694d3dd33decf92 Author: NIIBE Yutaka Date: Tue Mar 7 14:22:34 2017 +0900 agent: Add include files. * agent/command-ssh.c: Add sys/socket.h and sys/un.h. Signed-off-by: NIIBE Yutaka diff --git a/agent/command-ssh.c b/agent/command-ssh.c index c7afe3b..382f9e6 100644 --- a/agent/command-ssh.c +++ b/agent/command-ssh.c @@ -40,6 +40,10 @@ #include #include #include +#ifndef HAVE_W32_SYSTEM +#include +#include +#endif /*!HAVE_W32_SYSTEM*/ #ifdef HAVE_UCRED_H #include #endif ----------------------------------------------------------------------- Summary of changes: agent/command-ssh.c | 4 ++++ 1 file changed, 4 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 7 10:31:21 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 07 Mar 2017 10:31:21 +0100 Subject: [git] gnupg-doc - branch, master, updated. b6077011f81ac9ae87fc070c29c5c64d1a25982a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via b6077011f81ac9ae87fc070c29c5c64d1a25982a (commit) from ccf2438cb38c4bfec17e9bce097582523ff609d4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b6077011f81ac9ae87fc070c29c5c64d1a25982a Author: Werner Koch Date: Tue Mar 7 10:28:36 2017 +0100 web: Add a devel/ section with one file for now. creating-a-release.org is a slightly updated README.maint from tyhe gnupg repo. It needs more work. Signed-off-by: Werner Koch diff --git a/web/devel/creating-a-release.org b/web/devel/creating-a-release.org new file mode 100644 index 0000000..a7a48cf --- /dev/null +++ b/web/devel/creating-a-release.org @@ -0,0 +1,209 @@ +#+TITLE: GnuPG Hacking - Creating a Release +#+STARTUP: showall indent +#+SETUPFILE: "share/setup.inc" + +* Creating a Release + +This is a description of the steps necessary to build a software +release of GnuPG and related software. + + +** Overview of the Build System + +FIXME + +** Stuff required + +A Unix system, preferable Debian because that is what we use for our +development. + + +** Release Planning + +If you are planning a new release and strings have changed you should +send a notification to all translators, so that they have time to +update their translations. The script ~build-aux/mail-to-translators~ +in the gnupg-repo might be useful for this. You need to edit it to +actually send out something. + +** Step by Step + +*** Make sure that all new PO files are checked in. + +*** Decide whether you want to update the automake standard files + +These are mainly the files ~config.guess~ and ~config.sub~. In +general these files should be the same for all package. Do not update +them for each release because having consistent files in all packages +can avoid bug reports due to different cpu-vendor-os strings + +Commit these changes. + +*** Update the translation files + +Run: + +: make -C po update-po + +This merges the latest changes into the po files and disable entries +which do not anymore match. The latter is important for example to +avoid mismatches in printf format strings. + +You should then commit the changes using a subject of "po: Auto +update". + +*** Update the LT version + +This affects only library packages. The libtool version (LT version) +is updated only right before a release. The configure.ac file has +comments on how to update them. Note that libraries which come with +language bindings may have several independent LT version. + +FIXME: Describe why and how they are to be updated. + +*** Write NEWS entries + +Remember to set the release date in the NEWS file. For libraries it +is suggested to note the LT version as well. Use the format +"Cz/Ay/Rz" to give the Current/Age/Release numbers. + +*** Check README and doc files + +You may for example want to update the version information and make +sure that they still have correct information. Files you should look +at are for example: + +- README +- AUTHORS +- src/versioninfo.rc.in (Windows) + +*** Commit all changes with a subject of "Release m.n.o." + +This is the final commit which has all changes for the version. + +Do not push this commit. + +*** Create a signed tag with the name "foo-m.n.o". + +The git tag needs to be signed. We use hardware tokens to hold the +signing key. The command to do this is + +: git tag -u KEYID foo-m.n.o + +You will be asked for a message. Put a funny message or better the +main feature of this release into the commit log message. + +Do not push this tag. + +In case you need to restart the release process, you should first +remove the tag (=git tag -d foo-m.n.o=) and then also revert the last +commit. + +*** Recreate the configure script + +: ./autogen.sh --force + +The option =--force= is required for the git magic in configure.ac to +work properly. + +This calls autoconf and automake and does some M4 magic to encode the +the version number and information from Git into the new configure +script. Note that the created =configure= script may not be tracked +by Git. + +*** Build a release tarball + +This is easy: + + : ./configure --enable-maintainer-mode + + : make distcheck + +it is suggested to run the latter inside Emacs so that the compile log +can be viewed for errors. + +FIXME: Explain why and how to use a VPATH build. + +*** Build and test the release + +This is best done on a different machine. Make sure to also build the +Windows version so that you won't run into a surprise when building a +Windows versions later. + +Keep a test build available for later. + + + +*** Sign the tarball + +Also store the created .swdb file away. + +*** Copy the tarball to a staging area + +*** Update the webpages + +At least the file swdb.mac needs an update. This is done using the +saved swdb. + +*** Prepare for the next release + + - Add a new headline to NEWS. + + - Bump the version number in configure.ac up (Do not bump the LT + version, though) + + - Commit with a subject "Post release updates" or similar. + +*** Push all changes + +Do not forget to push also the tags. + +In case you run into a conflict you need to start from scratch. That +is removing the last two commits from your local copy, removing the +tag, merge the changes, and to to the first step. Make sure that the +version and LT version numbers are correct for the second try. To +avoid this problem it is often better to work on a release branch and +later merge the changes back to master. + +*** Copy the files from the staging area to the FTP server + +*** Update the online docs + +Using the final test build run a "make -C doc online". + +*** Write an announcement. + + +** Notes on some packages + +Here are some gotchas for certain packages + +*** GnuPG + +- Check that https://savannah.gnu.org/projects/gnupg is up to date. + This is a simple page which merely points to gnupg.org, though. + + +*** GnuPG Windows Installer + + +*** Libgcrypt + + + + +** Pitfalls + +Sometimes you may run into problems without seeing the actual +problem. Here is a list of such things + +*** Permission problem moving "xx.new.po" to "xx.po" + +If during "make distcheck" you get an error about a permission problem +moving foo.new.po to foo.po; this is caused by a check whether the po +files can be re-created. Now if the first tarball has been created in +a different top directory and if there exists a no distributed file +with the string "GNU gnupg" (e.g. a log file from running make) you +end up with different comments in the po files. Check out +/usr/lib/gettext/project-id for that silliness. As a hack we added +this string into configure.ac. diff --git a/web/devel/index.org b/web/devel/index.org new file mode 100644 index 0000000..dce2156 --- /dev/null +++ b/web/devel/index.org @@ -0,0 +1,7 @@ +#+TITLE: GnuPG Hacking Resources +#+STARTUP: showall indent +#+SETUPFILE: "share/setup.inc" + +* Resources for Developers + + - [[file:creating-a-release.org][How to create a release]]. ----------------------------------------------------------------------- Summary of changes: web/devel/creating-a-release.org | 209 +++++++++++++++++++++++++++++++++++++++ web/devel/index.org | 7 ++ 2 files changed, 216 insertions(+) create mode 100644 web/devel/creating-a-release.org create mode 100644 web/devel/index.org hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 7 10:36:58 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 07 Mar 2017 10:36:58 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-30-g8f0bf64 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 8f0bf644bc693647805251732b90cc505c4b5f71 (commit) from bf03925751abb739f2fd9d631694d3dd33decf92 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8f0bf644bc693647805251732b90cc505c4b5f71 Author: Werner Koch Date: Tue Mar 7 10:30:13 2017 +0100 doc: Replace README.maint content. -- diff --git a/README.maint b/README.maint index 9af6029..f2207c5 100644 --- a/README.maint +++ b/README.maint @@ -1,85 +1,5 @@ Notes for the GnuPG maintainer (GIT only) ============================================ -Here are some notes on how to maintain GnuPG. - -Release Planning: -================= - -If you are planning a new release and strings have changed you should -send a notification to all translators, so that they have time to -update their translations. scripts/mail-to-translators is useful for -this. It might need some tweaking and it needs to be armored for -actual sending. Running it as is to see what will happen is a good -idea, though. - - - -Release process: -================ - - * Make sure that all new PO files are checked in. - - * Decide whether you want to update the automake standard files - (Mainly config.guess and config.sub). - - * [2.0] Copy needed texinfo files from master: - make -C doc update-source - - * Run: - make -C po update-po - - * Write NEWS entries and set the release date in NEWS. - - * Commit all changes to GIT with a message of "Release n.m.o." - - * Create a signed tag with the name "gnupg-x.y.z". - - * Run "./autogen.sh --force" - (--force is required for the git magic in configure.ac and a good - idea in any case) - - * Run "configure --enable-maintainer-mode". - - * Run "make distcheck". - - * Build and test the new tarball (best on a different machine). - - * Build and test the W32 version. - - * [2.x only] Using the final test build run a "make -C doc online". - - * Sign the tarball - - * Get the previous tarball and run "mkdiff gnupg". - You might need to set a different signature key than mine. mkdiff - has an option for this. - - * Push the git changes and the tag. - - * Copy the files to the FTP server - - * Update the webpages - at least the file swdb.mac needs an update. - - * Add a new headline to NEWS. - - * Bump the version number in configure.ac up, add an empty NEWS - entry, commit, and push that. - - * Write an announcement. - - * Update https://savannah.gnu.org/projects/gnupg . - - - -Gotchas -======= - -- If during "make distcheck" you get an error about a permission - problem moving foo.new.po to foo.po; this is caused by a check - whether the po files can be re-created. Now if the first tarball - has been created in a different top directory and if there exists a - no distributed file with the string "GNU gnupg" (e.g. a log file - from running make) you end up with different comments in the po - files. Check out /usr/lib/gettext/project-id for that silliness. - As a hack we added this string into configure.ac. +Please see https://gnupg.org/devel/creating-a-release.html or the +corresponding .org file in the gnupg-doc repo. diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c index d72d1c7..57b3b7e 100644 --- a/dirmngr/dns-stuff.c +++ b/dirmngr/dns-stuff.c @@ -511,7 +511,7 @@ libdns_init (void) } else if (!strchr (ld.resolv_conf->lookup, 'b')) { - /* No DNS resulution type found in the list. This might be + /* No DNS resolution type found in the list. This might be * due to systemd based systems which allow for custom * keywords which are not known to us and thus we do not * know whether DNS is wanted or not. Becuase DNS is ----------------------------------------------------------------------- Summary of changes: README.maint | 84 ++--------------------------------------------------- dirmngr/dns-stuff.c | 2 +- 2 files changed, 3 insertions(+), 83 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 7 11:30:18 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 07 Mar 2017 11:30:18 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-31-g176e07c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 176e07ce10d892fa7c7b96725b38b2fec9a1f916 (commit) from 8f0bf644bc693647805251732b90cc505c4b5f71 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 176e07ce10d892fa7c7b96725b38b2fec9a1f916 Author: NIIBE Yutaka Date: Tue Mar 7 19:22:48 2017 +0900 agent: Resolve conflict of util.h. * agent/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common. * agent/call-pinentry.c, agent/call-scd.c: Follow the change. * agent/command-ssh.c, agent/command.c, agent/cvt-openpgp.c: Ditto. * agent/divert-scd.c, agent/findkey.c, agent/genkey.c: Ditto. * agent/gpg-agent.c, agent/pksign.c, agent/preset-passphrase.c: Ditto. * agent/protect-tool.c, agent/protect.c, agent/trustlist.c: Ditto. * agent/w32main.c: Ditto. -- For openpty function, we need to include util.h on some OS. We also have util.h in common/, so this change is needed. Signed-off-by: NIIBE Yutaka diff --git a/agent/Makefile.am b/agent/Makefile.am index 045566e..668de2a 100644 --- a/agent/Makefile.am +++ b/agent/Makefile.am @@ -28,7 +28,7 @@ noinst_PROGRAMS = $(TESTS) EXTRA_DIST = ChangeLog-2011 gpg-agent-w32info.rc -AM_CPPFLAGS = -I$(top_srcdir)/common +AM_CPPFLAGS = include $(top_srcdir)/am/cmacros.am diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index 0af1854..a35a3fb 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -37,8 +37,8 @@ #include "agent.h" #include -#include "sysutils.h" -#include "i18n.h" +#include "../common/sysutils.h" +#include "../common/i18n.h" #ifdef _POSIX_OPEN_MAX #define MAX_OPEN_FDS _POSIX_OPEN_MAX diff --git a/agent/call-scd.c b/agent/call-scd.c index c86eb74..09ec4fd 100644 --- a/agent/call-scd.c +++ b/agent/call-scd.c @@ -39,7 +39,7 @@ #include "agent.h" #include -#include "strlist.h" +#include "../common/strlist.h" #ifdef _POSIX_OPEN_MAX #define MAX_OPEN_FDS _POSIX_OPEN_MAX diff --git a/agent/command-ssh.c b/agent/command-ssh.c index 382f9e6..5a02542 100644 --- a/agent/command-ssh.c +++ b/agent/command-ssh.c @@ -50,9 +50,9 @@ #include "agent.h" -#include "i18n.h" -#include "util.h" -#include "ssh-utils.h" +#include "../common/i18n.h" +#include "../common/util.h" +#include "../common/ssh-utils.h" diff --git a/agent/command.c b/agent/command.c index acc3877..79fb0ce 100644 --- a/agent/command.c +++ b/agent/command.c @@ -37,7 +37,7 @@ #include "agent.h" #include -#include "i18n.h" +#include "../common/i18n.h" #include "cvt-openpgp.h" #include "../common/ssh-utils.h" #include "../common/asshelp.h" diff --git a/agent/cvt-openpgp.c b/agent/cvt-openpgp.c index 510b6ff..ee12221 100644 --- a/agent/cvt-openpgp.c +++ b/agent/cvt-openpgp.c @@ -25,9 +25,9 @@ #include #include "agent.h" -#include "i18n.h" +#include "../common/i18n.h" #include "cvt-openpgp.h" -#include "host2net.h" +#include "../common/host2net.h" /* Helper to pass data via the callback to do_unprotect. */ diff --git a/agent/divert-scd.c b/agent/divert-scd.c index d9d734c..153119b 100644 --- a/agent/divert-scd.c +++ b/agent/divert-scd.c @@ -28,8 +28,8 @@ #include #include "agent.h" -#include "i18n.h" -#include "sexp-parse.h" +#include "../common/i18n.h" +#include "../common/sexp-parse.h" static int diff --git a/agent/findkey.c b/agent/findkey.c index ac74fa9..a196fdc 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -33,7 +33,7 @@ #include /* (we use pth_sleep) */ #include "agent.h" -#include "i18n.h" +#include "../common/i18n.h" #include "../common/ssh-utils.h" #include "../common/name-value.h" diff --git a/agent/genkey.c b/agent/genkey.c index 7fb0139..31742a1 100644 --- a/agent/genkey.c +++ b/agent/genkey.c @@ -27,9 +27,9 @@ #include #include "agent.h" -#include "i18n.h" -#include "exechelp.h" -#include "sysutils.h" +#include "../common/i18n.h" +#include "../common/exechelp.h" +#include "../common/sysutils.h" static int store_key (gcry_sexp_t private, const char *passphrase, int force, diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 5a5b55b..c84dce7 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -53,11 +53,11 @@ #include "agent.h" #include /* Malloc hooks and socket wrappers. */ -#include "i18n.h" -#include "sysutils.h" -#include "gc-opt-flags.h" -#include "exechelp.h" -#include "asshelp.h" +#include "../common/i18n.h" +#include "../common/sysutils.h" +#include "../common/gc-opt-flags.h" +#include "../common/exechelp.h" +#include "../common/asshelp.h" #include "../common/init.h" diff --git a/agent/pksign.c b/agent/pksign.c index 3b2fcc4..f0b10e6 100644 --- a/agent/pksign.c +++ b/agent/pksign.c @@ -29,7 +29,7 @@ #include #include "agent.h" -#include "i18n.h" +#include "../common/i18n.h" static int diff --git a/agent/preset-passphrase.c b/agent/preset-passphrase.c index b8d2aaa..3d240b9 100644 --- a/agent/preset-passphrase.c +++ b/agent/preset-passphrase.c @@ -45,9 +45,9 @@ #endif #include "agent.h" -#include "simple-pwquery.h" -#include "i18n.h" -#include "sysutils.h" +#include "../common/simple-pwquery.h" +#include "../common/i18n.h" +#include "../common/sysutils.h" #include "../common/init.h" diff --git a/agent/protect-tool.c b/agent/protect-tool.c index 2312744..a193e49 100644 --- a/agent/protect-tool.c +++ b/agent/protect-tool.c @@ -39,9 +39,9 @@ #endif #include "agent.h" -#include "i18n.h" -#include "get-passphrase.h" -#include "sysutils.h" +#include "../common/i18n.h" +#include "../common/get-passphrase.h" +#include "../common/sysutils.h" #include "../common/init.h" diff --git a/agent/protect.c b/agent/protect.c index 7ae7e64..09aa503 100644 --- a/agent/protect.c +++ b/agent/protect.c @@ -39,7 +39,7 @@ #include "agent.h" #include "cvt-openpgp.h" -#include "sexp-parse.h" +#include "../common/sexp-parse.h" /* To use the openpgp-s2k3-ocb-aes scheme by default set the value of diff --git a/agent/trustlist.c b/agent/trustlist.c index 9d33259..5554485 100644 --- a/agent/trustlist.c +++ b/agent/trustlist.c @@ -31,7 +31,7 @@ #include "agent.h" #include /* fixme: need a way to avoid assuan calls here */ -#include "i18n.h" +#include "../common/i18n.h" /* A structure to store the information from the trust file. */ diff --git a/agent/w32main.c b/agent/w32main.c index 375bbdf..0e3927a 100644 --- a/agent/w32main.c +++ b/agent/w32main.c @@ -28,7 +28,7 @@ #include #include -#include "util.h" +#include "../common/util.h" #include "w32main.h" /* The instance handle has received by WinMain. */ ----------------------------------------------------------------------- Summary of changes: agent/Makefile.am | 2 +- agent/call-pinentry.c | 4 ++-- agent/call-scd.c | 2 +- agent/command-ssh.c | 6 +++--- agent/command.c | 2 +- agent/cvt-openpgp.c | 4 ++-- agent/divert-scd.c | 4 ++-- agent/findkey.c | 2 +- agent/genkey.c | 6 +++--- agent/gpg-agent.c | 10 +++++----- agent/pksign.c | 2 +- agent/preset-passphrase.c | 6 +++--- agent/protect-tool.c | 6 +++--- agent/protect.c | 2 +- agent/trustlist.c | 2 +- agent/w32main.c | 2 +- 16 files changed, 31 insertions(+), 31 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 7 12:24:28 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 07 Mar 2017 12:24:28 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-32-gde38383 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via de3838372ae3cdecbd83eea2c53c8e2656d93052 (commit) from 176e07ce10d892fa7c7b96725b38b2fec9a1f916 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit de3838372ae3cdecbd83eea2c53c8e2656d93052 Author: Justus Winter Date: Tue Mar 7 12:18:59 2017 +0100 tests: Avoid overflowing signed 32 bit time_t. * tests/openpgp/quick-key-manipulation.scm: Use expiration times in the year 2038 instead of 2105 to avoid overflowing 32 bit time_t. time_t is used internally to parse the expiraton time from the iso timestamp. GnuPG-bug-id: 2988 Signed-off-by: Justus Winter diff --git a/tests/openpgp/quick-key-manipulation.scm b/tests/openpgp/quick-key-manipulation.scm index 10f0bfe..08ef626 100755 --- a/tests/openpgp/quick-key-manipulation.scm +++ b/tests/openpgp/quick-key-manipulation.scm @@ -125,8 +125,13 @@ (default default never) (rsa "sign auth encr" "seconds=600") ;; GPGME uses this (rsa "auth,encr" "2") ;; "without a letter, days is assumed" - (rsa "sign" "2105-01-01") ;; "last year GnuPG can represent is 2105" - (rsa "sign" "21050101T115500") ;; "last year GnuPG can represent is 2105" + ;; Sadly, the timestamp is truncated by the use of time_t on + ;; systems where time_t is a signed 32 bit value. + (rsa "sign" "2038-01-01") ;; unix millennium + (rsa "sign" "20380101T115500") ;; unix millennium + ;; Once fixed, we can use later timestamps: + ;; (rsa "sign" "2105-01-01") ;; "last year GnuPG can represent is 2105" + ;; (rsa "sign" "21050101T115500") ;; "last year GnuPG can represent is 2105" (rsa sign "2d") (rsa1024 sign "2w") (rsa2048 encr "2m") @@ -157,7 +162,8 @@ (lambda (subkey) (assert (= 1 (:alg subkey))) (assert (string-contains? (:cap subkey) "s")) - (assert (time-matches? 4260207600 ;; 2105-01-01 + (assert (time-matches? 2145916800 ;; 2038-01-01 + ;; 4260207600 ;; 2105-01-01 (string->number (:expire subkey)) ;; This is off by 12h, but I guess it just ;; choses the middle of the day. @@ -165,7 +171,8 @@ (lambda (subkey) (assert (= 1 (:alg subkey))) (assert (string-contains? (:cap subkey) "s")) - (assert (time-matches? 4260254100 ;; UTC 2105-01-01 11:55:00 + (assert (time-matches? 2145959700 ;; UTC 2038-01-01 11:55:00 + ;; 4260254100 ;; UTC 2105-01-01 11:55:00 (string->number (:expire subkey)) (minutes->seconds 5)))) (lambda (subkey) ----------------------------------------------------------------------- Summary of changes: tests/openpgp/quick-key-manipulation.scm | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 7 12:26:08 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 07 Mar 2017 12:26:08 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-33-g70aca95 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 70aca95d6816082b289fceca8eabfcf718a6b701 (commit) from de3838372ae3cdecbd83eea2c53c8e2656d93052 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 70aca95d6816082b289fceca8eabfcf718a6b701 Author: NIIBE Yutaka Date: Tue Mar 7 20:21:23 2017 +0900 Remove -I option to common. * dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common. * g10/Makefile.am (AM_CPPFLAGS): Ditto. * g13/Makefile.am (AM_CPPFLAGS): Ditto. * kbx/Makefile.am (AM_CPPFLAGS): Ditto. * scd/Makefile.am (AM_CPPFLAGS): Ditto. * sm/Makefile.am (AM_CPPFLAGS): Ditto. * tools/Makefile.am (AM_CPPFLAGS): Ditto. * Throughout: Follow the change. Signed-off-by: NIIBE Yutaka diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am index 93880f8..34f2c5d 100644 --- a/dirmngr/Makefile.am +++ b/dirmngr/Makefile.am @@ -31,7 +31,7 @@ endif noinst_PROGRAMS = $(module_tests) $(module_net_tests) $(module_maint_tests) TESTS = $(module_tests) $(module_net_tests) -AM_CPPFLAGS = -I$(top_srcdir)/common +AM_CPPFLAGS = include $(top_srcdir)/am/cmacros.am diff --git a/dirmngr/dirmngr-client.c b/dirmngr/dirmngr-client.c index 01cface..c1ff635 100644 --- a/dirmngr/dirmngr-client.c +++ b/dirmngr/dirmngr-client.c @@ -38,9 +38,9 @@ #include "../common/strlist.h" #include "../common/asshelp.h" -#include "i18n.h" -#include "util.h" -#include "init.h" +#include "../common/i18n.h" +#include "../common/util.h" +#include "../common/init.h" /* Constants for the options. */ diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c index f05bdd1..e3e02fe 100644 --- a/dirmngr/dirmngr.c +++ b/dirmngr/dirmngr.c @@ -65,12 +65,12 @@ #if USE_LDAP # include "ldapserver.h" #endif -#include "asshelp.h" +#include "../common/asshelp.h" #if USE_LDAP # include "ldap-wrapper.h" #endif #include "../common/init.h" -#include "gc-opt-flags.h" +#include "../common/gc-opt-flags.h" #include "dns-stuff.h" #include "http-common.h" diff --git a/dirmngr/dirmngr_ldap.c b/dirmngr/dirmngr_ldap.c index a0acb8e..836ced0 100644 --- a/dirmngr/dirmngr_ldap.c +++ b/dirmngr/dirmngr_ldap.c @@ -56,8 +56,8 @@ #include "../common/mischelp.h" #include "../common/strlist.h" -#include "i18n.h" -#include "util.h" +#include "../common/i18n.h" +#include "../common/util.h" #include "../common/init.h" /* With the ldap wrapper, there is no need for the npth_unprotect and leave diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c index 57b3b7e..ec9a095 100644 --- a/dirmngr/dns-stuff.c +++ b/dirmngr/dns-stuff.c @@ -68,8 +68,8 @@ #endif #include "./dirmngr-err.h" -#include "util.h" -#include "host2net.h" +#include "../common/util.h" +#include "../common/host2net.h" #include "dns-stuff.h" #ifdef USE_NPTH diff --git a/dirmngr/http.c b/dirmngr/http.c index 0f11af7..3adf6e5 100644 --- a/dirmngr/http.c +++ b/dirmngr/http.c @@ -96,8 +96,8 @@ #include /* We need the socket wrapper. */ -#include "util.h" -#include "i18n.h" +#include "../common/util.h" +#include "../common/i18n.h" #include "dns-stuff.h" #include "http.h" #include "http-common.h" diff --git a/dirmngr/ks-engine-finger.c b/dirmngr/ks-engine-finger.c index 811b72d..82ef7a5 100644 --- a/dirmngr/ks-engine-finger.c +++ b/dirmngr/ks-engine-finger.c @@ -26,7 +26,7 @@ #include "dirmngr.h" #include "misc.h" -#include "userids.h" +#include "../common/userids.h" #include "ks-engine.h" /* Print a help output for the schemata supported by this module. */ diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c index b6a0675..ee7d506 100644 --- a/dirmngr/ks-engine-hkp.c +++ b/dirmngr/ks-engine-hkp.c @@ -37,7 +37,7 @@ #include "dirmngr.h" #include "misc.h" -#include "userids.h" +#include "../common/userids.h" #include "dns-stuff.h" #include "ks-engine.h" diff --git a/dirmngr/ks-engine-kdns.c b/dirmngr/ks-engine-kdns.c index 9bb0d42..71463fe 100644 --- a/dirmngr/ks-engine-kdns.c +++ b/dirmngr/ks-engine-kdns.c @@ -26,7 +26,7 @@ #include "dirmngr.h" #include "misc.h" -#include "userids.h" +#include "../common/userids.h" #include "ks-engine.h" /* Print a help output for the schemata supported by this module. */ diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c index f664655..f50ba50 100644 --- a/dirmngr/ks-engine-ldap.c +++ b/dirmngr/ks-engine-ldap.c @@ -45,7 +45,7 @@ #include "dirmngr.h" #include "misc.h" -#include "userids.h" +#include "../common/userids.h" #include "ks-engine.h" #include "ldap-parse-uri.h" diff --git a/dirmngr/ldap-parse-uri.c b/dirmngr/ldap-parse-uri.c index 9671496..94d4efd 100644 --- a/dirmngr/ldap-parse-uri.c +++ b/dirmngr/ldap-parse-uri.c @@ -27,7 +27,7 @@ # include #endif -#include "util.h" +#include "../common/util.h" #include "http.h" /* Returns 1 if the string is an LDAP URL (begins with ldap:, ldaps: diff --git a/dirmngr/ldap-parse-uri.h b/dirmngr/ldap-parse-uri.h index bdbb6c3..e9a3f95 100644 --- a/dirmngr/ldap-parse-uri.h +++ b/dirmngr/ldap-parse-uri.h @@ -20,7 +20,7 @@ #ifndef DIRMNGR_LDAP_PARSE_URI_H #define DIRMNGR_LDAP_PARSE_URI_H -#include "util.h" +#include "../common/util.h" #include "http.h" extern int ldap_uri_p (const char *url); diff --git a/dirmngr/ldap-wrapper.c b/dirmngr/ldap-wrapper.c index b313848..ac4964a 100644 --- a/dirmngr/ldap-wrapper.c +++ b/dirmngr/ldap-wrapper.c @@ -58,7 +58,7 @@ #include #include "dirmngr.h" -#include "exechelp.h" +#include "../common/exechelp.h" #include "misc.h" #include "ldap-wrapper.h" diff --git a/dirmngr/ldap.c b/dirmngr/ldap.c index a037f5d..d661a68 100644 --- a/dirmngr/ldap.c +++ b/dirmngr/ldap.c @@ -31,12 +31,12 @@ #include #include "dirmngr.h" -#include "exechelp.h" +#include "../common/exechelp.h" #include "crlfetch.h" #include "ldapserver.h" #include "misc.h" #include "ldap-wrapper.h" -#include "host2net.h" +#include "../common/host2net.h" #define UNENCODED_URL_CHARS "abcdefghijklmnopqrstuvwxyz" \ diff --git a/dirmngr/misc.c b/dirmngr/misc.c index 6d7c963..1716141 100644 --- a/dirmngr/misc.c +++ b/dirmngr/misc.c @@ -27,7 +27,7 @@ #include #include "dirmngr.h" -#include "util.h" +#include "../common/util.h" #include "misc.h" diff --git a/dirmngr/server.c b/dirmngr/server.c index 9fa8229..f4aeadb 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -51,9 +51,9 @@ # include "ldap-parse-uri.h" #endif #include "dns-stuff.h" -#include "mbox-util.h" -#include "zb32.h" -#include "server-help.h" +#include "../common/mbox-util.h" +#include "../common/zb32.h" +#include "../common/server-help.h" /* To avoid DoS attacks we limit the size of a certificate to something reasonable. The DoS was actually only an issue back when diff --git a/dirmngr/t-dns-stuff.c b/dirmngr/t-dns-stuff.c index 23c0c6a..5a3ede1 100644 --- a/dirmngr/t-dns-stuff.c +++ b/dirmngr/t-dns-stuff.c @@ -24,7 +24,7 @@ #include -#include "util.h" +#include "../common/util.h" #include "dns-stuff.h" #define PGM "t-dns-stuff" diff --git a/dirmngr/t-http.c b/dirmngr/t-http.c index 35f5947..622dce5 100644 --- a/dirmngr/t-http.c +++ b/dirmngr/t-http.c @@ -38,8 +38,8 @@ #include #include -#include "util.h" -#include "logging.h" +#include "../common/util.h" +#include "../common/logging.h" #include "http.h" #include diff --git a/g10/Makefile.am b/g10/Makefile.am index 604be93..f1d2d17 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -23,7 +23,7 @@ EXTRA_DIST = options.skel dirmngr-conf.skel distsigkey.gpg \ gpg.w32-manifest.in test.c t-keydb-keyring.kbx \ t-keydb-get-keyblock.gpg t-stutter-data.asc -AM_CPPFLAGS = -I$(top_srcdir)/common +AM_CPPFLAGS = include $(top_srcdir)/am/cmacros.am diff --git a/g10/armor.c b/g10/armor.c index 6b7c3f7..7fb9a89 100644 --- a/g10/armor.c +++ b/g10/armor.c @@ -26,15 +26,14 @@ #include #include "gpg.h" -#include "status.h" -#include "iobuf.h" -#include "util.h" +#include "../common/status.h" +#include "../common/iobuf.h" +#include "../common/util.h" #include "filter.h" #include "packet.h" #include "options.h" #include "main.h" -#include "status.h" -#include "i18n.h" +#include "../common/i18n.h" #define MAX_LINELEN 20000 diff --git a/g10/build-packet.c b/g10/build-packet.c index 489fadd..c81c1ab 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -25,13 +25,13 @@ #include #include "gpg.h" -#include "util.h" +#include "../common/util.h" #include "packet.h" -#include "status.h" -#include "iobuf.h" -#include "i18n.h" +#include "../common/status.h" +#include "../common/iobuf.h" +#include "../common/i18n.h" #include "options.h" -#include "host2net.h" +#include "../common/host2net.h" static int do_user_id( IOBUF out, int ctb, PKT_user_id *uid ); static int do_key (iobuf_t out, int ctb, PKT_public_key *pk); diff --git a/g10/call-agent.c b/g10/call-agent.c index 7c30bdb..7d627bb 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -31,16 +31,16 @@ #include "gpg.h" #include -#include "util.h" -#include "membuf.h" +#include "../common/util.h" +#include "../common/membuf.h" #include "options.h" -#include "i18n.h" -#include "asshelp.h" -#include "sysutils.h" +#include "../common/i18n.h" +#include "../common/asshelp.h" +#include "../common/sysutils.h" #include "call-agent.h" -#include "status.h" +#include "../common/status.h" #include "../common/shareddefs.h" -#include "host2net.h" +#include "../common/host2net.h" #define CONTROL_D ('D' - 'A' + 1) diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c index 2f2ba98..a33cdc7 100644 --- a/g10/call-dirmngr.c +++ b/g10/call-dirmngr.c @@ -31,13 +31,13 @@ #include "gpg.h" #include -#include "util.h" -#include "membuf.h" +#include "../common/util.h" +#include "../common/membuf.h" #include "options.h" -#include "i18n.h" -#include "asshelp.h" -#include "keyserver.h" -#include "status.h" +#include "../common/i18n.h" +#include "../common/asshelp.h" +#include "../common/keyserver.h" +#include "../common/status.h" #include "call-dirmngr.h" diff --git a/g10/card-util.c b/g10/card-util.c index 969f6c9..9bc3e25 100644 --- a/g10/card-util.c +++ b/g10/card-util.c @@ -31,10 +31,10 @@ #if GNUPG_MAJOR_VERSION != 1 # include "gpg.h" #endif /*GNUPG_MAJOR_VERSION != 1*/ -#include "util.h" -#include "i18n.h" -#include "ttyio.h" -#include "status.h" +#include "../common/util.h" +#include "../common/i18n.h" +#include "../common/ttyio.h" +#include "../common/status.h" #include "options.h" #include "main.h" #include "keyserver-internal.h" diff --git a/g10/cipher.c b/g10/cipher.c index 98f398e..655937f 100644 --- a/g10/cipher.c +++ b/g10/cipher.c @@ -25,14 +25,14 @@ #include #include "gpg.h" -#include "status.h" -#include "iobuf.h" -#include "util.h" +#include "../common/status.h" +#include "../common/iobuf.h" +#include "../common/util.h" #include "filter.h" #include "packet.h" #include "options.h" #include "main.h" -#include "status.h" +#include "../common/status.h" #define MIN_PARTIAL_SIZE 512 diff --git a/g10/compress-bz2.c b/g10/compress-bz2.c index 22cefd9..4adca9b 100644 --- a/g10/compress-bz2.c +++ b/g10/compress-bz2.c @@ -23,7 +23,7 @@ #include #include "gpg.h" -#include "util.h" +#include "../common/util.h" #include "packet.h" #include "filter.h" #include "main.h" diff --git a/g10/compress.c b/g10/compress.c index a14d107..61bb756 100644 --- a/g10/compress.c +++ b/g10/compress.c @@ -38,7 +38,7 @@ #endif #include "gpg.h" -#include "util.h" +#include "../common/util.h" #include "packet.h" #include "filter.h" #include "main.h" diff --git a/g10/cpr.c b/g10/cpr.c index 4984e89..3391071 100644 --- a/g10/cpr.c +++ b/g10/cpr.c @@ -29,12 +29,12 @@ #endif #include "gpg.h" -#include "util.h" -#include "status.h" -#include "ttyio.h" +#include "../common/util.h" +#include "../common/status.h" +#include "../common/ttyio.h" #include "options.h" #include "main.h" -#include "i18n.h" +#include "../common/i18n.h" #define CONTROL_D ('D' - 'A' + 1) diff --git a/g10/dearmor.c b/g10/dearmor.c index 6217dda..92239cc 100644 --- a/g10/dearmor.c +++ b/g10/dearmor.c @@ -24,14 +24,14 @@ #include #include "gpg.h" -#include "status.h" -#include "iobuf.h" -#include "util.h" +#include "../common/status.h" +#include "../common/iobuf.h" +#include "../common/util.h" #include "filter.h" #include "packet.h" #include "options.h" #include "main.h" -#include "i18n.h" +#include "../common/i18n.h" /**************** * Take an armor file and write it out without armor diff --git a/g10/decrypt-data.c b/g10/decrypt-data.c index 585b150..11a253f 100644 --- a/g10/decrypt-data.c +++ b/g10/decrypt-data.c @@ -24,11 +24,11 @@ #include #include "gpg.h" -#include "util.h" +#include "../common/util.h" #include "packet.h" #include "options.h" -#include "i18n.h" -#include "status.h" +#include "../common/i18n.h" +#include "../common/status.h" static int mdc_decode_filter ( void *opaque, int control, IOBUF a, diff --git a/g10/decrypt.c b/g10/decrypt.c index c99f064..4d6734d 100644 --- a/g10/decrypt.c +++ b/g10/decrypt.c @@ -27,13 +27,13 @@ #include "gpg.h" #include "options.h" #include "packet.h" -#include "status.h" -#include "iobuf.h" +#include "../common/status.h" +#include "../common/iobuf.h" #include "keydb.h" -#include "util.h" +#include "../common/util.h" #include "main.h" -#include "status.h" -#include "i18n.h" +#include "../common/status.h" +#include "../common/i18n.h" /* Assume that the input is an encrypted message and decrypt * (and if signed, verify the signature on) it. diff --git a/g10/delkey.c b/g10/delkey.c index 06aca9e..547b40d 100644 --- a/g10/delkey.c +++ b/g10/delkey.c @@ -29,16 +29,15 @@ #include "gpg.h" #include "options.h" #include "packet.h" -#include "status.h" -#include "iobuf.h" +#include "../common/status.h" +#include "../common/iobuf.h" #include "keydb.h" -#include "util.h" +#include "../common/util.h" #include "main.h" #include "trustdb.h" #include "filter.h" -#include "ttyio.h" -#include "status.h" -#include "i18n.h" +#include "../common/ttyio.h" +#include "../common/i18n.h" #include "call-agent.h" diff --git a/g10/ecdh.c b/g10/ecdh.c index 89e8cf1..6c2a56b 100644 --- a/g10/ecdh.c +++ b/g10/ecdh.c @@ -24,7 +24,7 @@ #include #include "gpg.h" -#include "util.h" +#include "../common/util.h" #include "pkglue.h" #include "main.h" #include "options.h" diff --git a/g10/encrypt.c b/g10/encrypt.c index 6130ba0..0a892c2 100644 --- a/g10/encrypt.c +++ b/g10/encrypt.c @@ -28,15 +28,15 @@ #include "gpg.h" #include "options.h" #include "packet.h" -#include "status.h" -#include "iobuf.h" +#include "../common/status.h" +#include "../common/iobuf.h" #include "keydb.h" -#include "util.h" +#include "../common/util.h" #include "main.h" #include "filter.h" #include "trustdb.h" -#include "i18n.h" -#include "status.h" +#include "../common/i18n.h" +#include "../common/status.h" #include "pkglue.h" diff --git a/g10/exec.c b/g10/exec.c index b868a1f..74a8397 100644 --- a/g10/exec.c +++ b/g10/exec.c @@ -45,11 +45,11 @@ #include "gpg.h" #include "options.h" -#include "i18n.h" -#include "iobuf.h" -#include "util.h" -#include "membuf.h" -#include "sysutils.h" +#include "../common/i18n.h" +#include "../common/iobuf.h" +#include "../common/util.h" +#include "../common/membuf.h" +#include "../common/sysutils.h" #include "exec.h" #ifdef NO_EXEC diff --git a/g10/export.c b/g10/export.c index 323bf17..2da5309 100644 --- a/g10/export.c +++ b/g10/export.c @@ -28,17 +28,17 @@ #include "gpg.h" #include "options.h" #include "packet.h" -#include "status.h" +#include "../common/status.h" #include "keydb.h" -#include "util.h" +#include "../common/util.h" #include "main.h" -#include "i18n.h" -#include "membuf.h" -#include "host2net.h" -#include "zb32.h" -#include "recsel.h" -#include "mbox-util.h" -#include "init.h" +#include "../common/i18n.h" +#include "../common/membuf.h" +#include "../common/host2net.h" +#include "../common/zb32.h" +#include "../common/recsel.h" +#include "../common/mbox-util.h" +#include "../common/init.h" #include "trustdb.h" #include "call-agent.h" diff --git a/g10/filter.h b/g10/filter.h index 7accd7d..275608d 100644 --- a/g10/filter.h +++ b/g10/filter.h @@ -20,7 +20,7 @@ #ifndef G10_FILTER_H #define G10_FILTER_H -#include "types.h" +#include "../common/types.h" #include "dek.h" typedef struct { diff --git a/g10/free-packet.c b/g10/free-packet.c index 6038d26..01db2a0 100644 --- a/g10/free-packet.c +++ b/g10/free-packet.c @@ -24,7 +24,7 @@ #include #include "gpg.h" -#include "util.h" +#include "../common/util.h" #include "packet.h" #include "../common/iobuf.h" #include "options.h" diff --git a/g10/getkey.c b/g10/getkey.c index be7367f..548f8bf 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -26,19 +26,19 @@ #include #include "gpg.h" -#include "util.h" +#include "../common/util.h" #include "packet.h" -#include "iobuf.h" +#include "../common/iobuf.h" #include "keydb.h" #include "options.h" #include "main.h" #include "trustdb.h" -#include "i18n.h" +#include "../common/i18n.h" #include "keyserver-internal.h" #include "call-agent.h" -#include "host2net.h" -#include "mbox-util.h" -#include "status.h" +#include "../common/host2net.h" +#include "../common/mbox-util.h" +#include "../common/status.h" #define MAX_PK_CACHE_ENTRIES PK_UID_CACHE_SIZE #define MAX_UID_CACHE_ENTRIES PK_UID_CACHE_SIZE diff --git a/g10/gpg.c b/g10/gpg.c index 654dcb9..eeda60f 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -41,22 +41,22 @@ #include "gpg.h" #include #include "../common/iobuf.h" -#include "util.h" +#include "../common/util.h" #include "packet.h" -#include "membuf.h" +#include "../common/membuf.h" #include "main.h" #include "options.h" #include "keydb.h" #include "trustdb.h" #include "filter.h" -#include "ttyio.h" -#include "i18n.h" -#include "sysutils.h" -#include "status.h" +#include "../common/ttyio.h" +#include "../common/i18n.h" +#include "../common/sysutils.h" +#include "../common/status.h" #include "keyserver-internal.h" #include "exec.h" -#include "gc-opt-flags.h" -#include "asshelp.h" +#include "../common/gc-opt-flags.h" +#include "../common/asshelp.h" #include "call-dirmngr.h" #include "tofu.h" #include "../common/init.h" diff --git a/g10/gpgsql.c b/g10/gpgsql.c index 661bd35..5b75569 100644 --- a/g10/gpgsql.c +++ b/g10/gpgsql.c @@ -23,8 +23,8 @@ #include #include "gpg.h" -#include "util.h" -#include "logging.h" +#include "../common/util.h" +#include "../common/logging.h" #include "gpgsql.h" diff --git a/g10/gpgv.c b/g10/gpgv.c index a6d1add..5ee26b4 100644 --- a/g10/gpgv.c +++ b/g10/gpgv.c @@ -35,18 +35,18 @@ #define INCLUDED_BY_MAIN_MODULE 1 #include "gpg.h" -#include "util.h" +#include "../common/util.h" #include "packet.h" -#include "iobuf.h" +#include "../common/iobuf.h" #include "main.h" #include "options.h" #include "keydb.h" #include "trustdb.h" #include "filter.h" -#include "ttyio.h" -#include "i18n.h" -#include "sysutils.h" -#include "status.h" +#include "../common/ttyio.h" +#include "../common/i18n.h" +#include "../common/sysutils.h" +#include "../common/status.h" #include "call-agent.h" #include "../common/init.h" diff --git a/g10/helptext.c b/g10/helptext.c index 730f699..8b85101 100644 --- a/g10/helptext.c +++ b/g10/helptext.c @@ -24,10 +24,10 @@ #include #include "gpg.h" -#include "util.h" -#include "ttyio.h" +#include "../common/util.h" +#include "../common/ttyio.h" #include "main.h" -#include "i18n.h" +#include "../common/i18n.h" diff --git a/g10/import.c b/g10/import.c index 6383d70..640618a 100644 --- a/g10/import.c +++ b/g10/import.c @@ -27,15 +27,14 @@ #include "gpg.h" #include "options.h" #include "packet.h" -#include "status.h" +#include "../common/status.h" #include "keydb.h" -#include "util.h" +#include "../common/util.h" #include "trustdb.h" #include "main.h" -#include "i18n.h" -#include "ttyio.h" -#include "status.h" -#include "recsel.h" +#include "../common/i18n.h" +#include "../common/ttyio.h" +#include "../common/recsel.h" #include "keyserver-internal.h" #include "call-agent.h" #include "../common/membuf.h" diff --git a/g10/kbnode.c b/g10/kbnode.c index 6700dc0..153dce2 100644 --- a/g10/kbnode.c +++ b/g10/kbnode.c @@ -24,7 +24,7 @@ #include #include "gpg.h" -#include "util.h" +#include "../common/util.h" #include "../common/init.h" #include "packet.h" #include "keydb.h" diff --git a/g10/keydb.c b/g10/keydb.c index 4c5149d..27dacf2 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -28,14 +28,14 @@ #include #include "gpg.h" -#include "util.h" +#include "../common/util.h" #include "options.h" #include "main.h" /*try_make_homedir ()*/ #include "packet.h" #include "keyring.h" #include "../kbx/keybox.h" #include "keydb.h" -#include "i18n.h" +#include "../common/i18n.h" static int active_handles; diff --git a/g10/keydb.h b/g10/keydb.h index c9f5b1c..6f57583 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -22,8 +22,8 @@ #ifndef G10_KEYDB_H #define G10_KEYDB_H -#include "types.h" -#include "util.h" +#include "../common/types.h" +#include "../common/util.h" #include "packet.h" /* What qualifies as a certification (rather than a signature?) */ diff --git a/g10/keyedit.c b/g10/keyedit.c index c591600..c10a011 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -33,20 +33,20 @@ #include "gpg.h" #include "options.h" #include "packet.h" -#include "status.h" -#include "iobuf.h" +#include "../common/status.h" +#include "../common/iobuf.h" #include "keydb.h" #include "photoid.h" -#include "util.h" +#include "../common/util.h" #include "main.h" #include "trustdb.h" #include "filter.h" -#include "ttyio.h" -#include "status.h" -#include "i18n.h" +#include "../common/ttyio.h" +#include "../common/status.h" +#include "../common/i18n.h" #include "keyserver-internal.h" #include "call-agent.h" -#include "host2net.h" +#include "../common/host2net.h" #include "tofu.h" static void show_prefs (PKT_user_id * uid, PKT_signature * selfsig, diff --git a/g10/keygen.c b/g10/keygen.c index 201ebaa..44f139a 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -29,21 +29,21 @@ #include #include "gpg.h" -#include "util.h" +#include "../common/util.h" #include "main.h" #include "packet.h" -#include "ttyio.h" +#include "../common/ttyio.h" #include "options.h" #include "keydb.h" #include "trustdb.h" -#include "status.h" -#include "i18n.h" +#include "../common/status.h" +#include "../common/i18n.h" #include "keyserver-internal.h" #include "call-agent.h" #include "pkglue.h" #include "../common/shareddefs.h" -#include "host2net.h" -#include "mbox-util.h" +#include "../common/host2net.h" +#include "../common/mbox-util.h" /* The default algorithms. If you change them remember to change them diff --git a/g10/keyid.c b/g10/keyid.c index 6e8d97f..1d3f46c 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -28,14 +28,14 @@ #include #include "gpg.h" -#include "util.h" +#include "../common/util.h" #include "main.h" #include "packet.h" #include "options.h" #include "keydb.h" -#include "i18n.h" +#include "../common/i18n.h" #include "rmd160.h" -#include "host2net.h" +#include "../common/host2net.h" #define KEYID_STR_SIZE 19 diff --git a/g10/keylist.c b/g10/keylist.c index 2684f59..93b5ee6 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -31,18 +31,18 @@ #include "gpg.h" #include "options.h" #include "packet.h" -#include "status.h" +#include "../common/status.h" #include "keydb.h" #include "photoid.h" -#include "util.h" -#include "ttyio.h" +#include "../common/util.h" +#include "../common/ttyio.h" #include "trustdb.h" #include "main.h" -#include "i18n.h" -#include "status.h" +#include "../common/i18n.h" +#include "../common/status.h" #include "call-agent.h" -#include "mbox-util.h" -#include "zb32.h" +#include "../common/mbox-util.h" +#include "../common/zb32.h" #include "tofu.h" diff --git a/g10/keyring.c b/g10/keyring.c index 9b7b5fd..31f60f9 100644 --- a/g10/keyring.c +++ b/g10/keyring.c @@ -28,13 +28,13 @@ #include #include "gpg.h" -#include "util.h" +#include "../common/util.h" #include "keyring.h" #include "packet.h" #include "keydb.h" #include "options.h" #include "main.h" /*for check_key_signature()*/ -#include "i18n.h" +#include "../common/i18n.h" #include "../kbx/keybox.h" diff --git a/g10/keyserver-internal.h b/g10/keyserver-internal.h index 77b362e..02452e8 100644 --- a/g10/keyserver-internal.h +++ b/g10/keyserver-internal.h @@ -23,7 +23,7 @@ #include #include "../common/keyserver.h" #include "../common/iobuf.h" -#include "types.h" +#include "../common/types.h" int parse_keyserver_options(char *options); void free_keyserver_spec(struct keyserver_spec *keyserver); diff --git a/g10/keyserver.c b/g10/keyserver.c index c7363c9..0794527 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -27,21 +27,21 @@ #include #include "gpg.h" -#include "iobuf.h" +#include "../common/iobuf.h" #include "filter.h" #include "keydb.h" -#include "status.h" +#include "../common/status.h" #include "exec.h" #include "main.h" -#include "i18n.h" -#include "ttyio.h" +#include "../common/i18n.h" +#include "../common/ttyio.h" #include "options.h" #include "packet.h" #include "trustdb.h" #include "keyserver-internal.h" -#include "util.h" -#include "membuf.h" -#include "mbox-util.h" +#include "../common/util.h" +#include "../common/membuf.h" +#include "../common/mbox-util.h" #include "call-dirmngr.h" #ifdef HAVE_W32_SYSTEM diff --git a/g10/main.h b/g10/main.h index 6837e98..f58f041 100644 --- a/g10/main.h +++ b/g10/main.h @@ -20,10 +20,10 @@ #ifndef G10_MAIN_H #define G10_MAIN_H -#include "types.h" -#include "iobuf.h" +#include "../common/types.h" +#include "../common/iobuf.h" #include "keydb.h" -#include "util.h" +#include "../common/util.h" /* It could be argued that the default cipher should be 3DES rather than AES128, and the default compression should be 0 diff --git a/g10/mainproc.c b/g10/mainproc.c index 4f8d0be..2acd51e 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -25,19 +25,19 @@ #include #include "gpg.h" -#include "util.h" +#include "../common/util.h" #include "packet.h" -#include "iobuf.h" +#include "../common/iobuf.h" #include "options.h" #include "keydb.h" #include "filter.h" #include "main.h" -#include "status.h" -#include "i18n.h" +#include "../common/status.h" +#include "../common/i18n.h" #include "trustdb.h" #include "keyserver-internal.h" #include "photoid.h" -#include "mbox-util.h" +#include "../common/mbox-util.h" #include "call-dirmngr.h" /* Put an upper limit on nested packets. The 32 is an arbitrary diff --git a/g10/mdfilter.c b/g10/mdfilter.c index 69b226c..f3318f1 100644 --- a/g10/mdfilter.c +++ b/g10/mdfilter.c @@ -24,9 +24,9 @@ #include #include "gpg.h" -#include "status.h" -#include "iobuf.h" -#include "util.h" +#include "../common/status.h" +#include "../common/iobuf.h" +#include "../common/util.h" #include "filter.h" diff --git a/g10/migrate.c b/g10/migrate.c index 6ff1014..c52c67a 100644 --- a/g10/migrate.c +++ b/g10/migrate.c @@ -27,7 +27,7 @@ #include "gpg.h" #include "options.h" #include "keydb.h" -#include "util.h" +#include "../common/util.h" #include "main.h" #include "call-agent.h" diff --git a/g10/misc.c b/g10/misc.c index ac00009..c69f994 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -59,15 +59,15 @@ #include "gpg.h" #ifdef HAVE_W32_SYSTEM -# include "status.h" +# include "../common/status.h" #endif /*HAVE_W32_SYSTEM*/ -#include "util.h" +#include "../common/util.h" #include "main.h" #include "photoid.h" #include "options.h" #include "call-agent.h" -#include "i18n.h" -#include "zb32.h" +#include "../common/i18n.h" +#include "../common/zb32.h" #ifdef ENABLE_SELINUX_HACKS diff --git a/g10/openfile.c b/g10/openfile.c index f62deec..2257107 100644 --- a/g10/openfile.c +++ b/g10/openfile.c @@ -29,12 +29,12 @@ #include #include "gpg.h" -#include "util.h" -#include "ttyio.h" +#include "../common/util.h" +#include "../common/ttyio.h" #include "options.h" #include "main.h" -#include "status.h" -#include "i18n.h" +#include "../common/status.h" +#include "../common/i18n.h" #ifdef USE_ONLY_8DOT3 #define SKELEXT ".skl" diff --git a/g10/options.h b/g10/options.h index 88a8f32..def6385 100644 --- a/g10/options.h +++ b/g10/options.h @@ -22,7 +22,7 @@ #define G10_OPTIONS_H #include -#include +#include "../common/types.h" #include #include "main.h" #include "packet.h" diff --git a/g10/packet.h b/g10/packet.h index 9780d93..3457f53 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -22,14 +22,14 @@ #ifndef G10_PACKET_H #define G10_PACKET_H -#include "types.h" +#include "../common/types.h" #include "../common/iobuf.h" #include "../common/strlist.h" #include "dek.h" #include "filter.h" #include "../common/openpgpdefs.h" #include "../common/userids.h" -#include "util.h" +#include "../common/util.h" #define DEBUG_PARSE_PACKET 1 diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 7f44ce5..06b286b 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -26,15 +26,15 @@ #include #include "gpg.h" -#include "util.h" +#include "../common/util.h" #include "packet.h" -#include "iobuf.h" +#include "../common/iobuf.h" #include "filter.h" #include "photoid.h" #include "options.h" #include "main.h" -#include "i18n.h" -#include "host2net.h" +#include "../common/i18n.h" +#include "../common/host2net.h" /* Maximum length of packets to avoid excessive memory allocation. */ diff --git a/g10/passphrase.c b/g10/passphrase.c index 37abc0f..02371fe 100644 --- a/g10/passphrase.c +++ b/g10/passphrase.c @@ -33,13 +33,13 @@ #endif #include "gpg.h" -#include "util.h" +#include "../common/util.h" #include "options.h" -#include "ttyio.h" +#include "../common/ttyio.h" #include "keydb.h" #include "main.h" -#include "i18n.h" -#include "status.h" +#include "../common/i18n.h" +#include "../common/status.h" #include "call-agent.h" #include "../common/shareddefs.h" diff --git a/g10/photoid.c b/g10/photoid.c index 8b193b3..bcea64f 100644 --- a/g10/photoid.c +++ b/g10/photoid.c @@ -32,17 +32,17 @@ #endif #include "gpg.h" -#include "util.h" +#include "../common/util.h" #include "packet.h" -#include "status.h" +#include "../common/status.h" #include "exec.h" #include "keydb.h" -#include "i18n.h" -#include "iobuf.h" +#include "../common/i18n.h" +#include "../common/iobuf.h" #include "options.h" #include "main.h" #include "photoid.h" -#include "ttyio.h" +#include "../common/ttyio.h" #include "trustdb.h" /* Generate a new photo id packet, or return NULL if canceled. diff --git a/g10/pkclist.c b/g10/pkclist.c index 012f751..698794e 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -27,15 +27,15 @@ #include "gpg.h" #include "options.h" #include "packet.h" -#include "status.h" +#include "../common/status.h" #include "keydb.h" -#include "util.h" +#include "../common/util.h" #include "main.h" #include "trustdb.h" -#include "ttyio.h" -#include "status.h" +#include "../common/ttyio.h" +#include "../common/status.h" #include "photoid.h" -#include "i18n.h" +#include "../common/i18n.h" #include "tofu.h" #define CONTROL_D ('D' - 'A' + 1) diff --git a/g10/pkglue.c b/g10/pkglue.c index ce24a2e..8021a94 100644 --- a/g10/pkglue.c +++ b/g10/pkglue.c @@ -25,7 +25,7 @@ #include #include "gpg.h" -#include "util.h" +#include "../common/util.h" #include "pkglue.h" #include "main.h" #include "options.h" diff --git a/g10/plaintext.c b/g10/plaintext.c index 40ce603..c5d1ddb 100644 --- a/g10/plaintext.c +++ b/g10/plaintext.c @@ -29,14 +29,14 @@ #endif #include "gpg.h" -#include "util.h" +#include "../common/util.h" #include "options.h" #include "packet.h" -#include "ttyio.h" +#include "../common/ttyio.h" #include "filter.h" #include "main.h" -#include "status.h" -#include "i18n.h" +#include "../common/status.h" +#include "../common/i18n.h" /* Get the output filename. On success, the actual filename that is diff --git a/g10/progress.c b/g10/progress.c index feb639e..7e777d4 100644 --- a/g10/progress.c +++ b/g10/progress.c @@ -21,10 +21,10 @@ #include #include "gpg.h" -#include "iobuf.h" +#include "../common/iobuf.h" #include "filter.h" -#include "status.h" -#include "util.h" +#include "../common/status.h" +#include "../common/util.h" #include "options.h" /* Create a new context for use with the progress filter. We need to diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index e037c12..cc962cf 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -24,17 +24,17 @@ #include #include "gpg.h" -#include "util.h" +#include "../common/util.h" #include "packet.h" #include "keydb.h" #include "trustdb.h" -#include "status.h" +#include "../common/status.h" #include "options.h" #include "main.h" -#include "i18n.h" +#include "../common/i18n.h" #include "pkglue.h" #include "call-agent.h" -#include "host2net.h" +#include "../common/host2net.h" static gpg_error_t get_it (PKT_pubkey_enc *k, diff --git a/g10/revoke.c b/g10/revoke.c index 3a2b068..122699f 100644 --- a/g10/revoke.c +++ b/g10/revoke.c @@ -28,13 +28,12 @@ #include "gpg.h" #include "options.h" #include "packet.h" -#include "status.h" +#include "../common/status.h" #include "keydb.h" -#include "util.h" +#include "../common/util.h" #include "main.h" -#include "ttyio.h" -#include "status.h" -#include "i18n.h" +#include "../common/ttyio.h" +#include "../common/i18n.h" #include "call-agent.h" struct revocation_reason_info { diff --git a/g10/server.c b/g10/server.c index e3a3bad..60b447c 100644 --- a/g10/server.c +++ b/g10/server.c @@ -29,12 +29,12 @@ #include "gpg.h" #include -#include "util.h" -#include "i18n.h" +#include "../common/util.h" +#include "../common/i18n.h" #include "options.h" #include "../common/server-help.h" #include "../common/sysutils.h" -#include "status.h" +#include "../common/status.h" #define set_error(e,t) assuan_set_error (ctx, gpg_error (e), (t)) diff --git a/g10/seskey.c b/g10/seskey.c index b2f7169..8617938 100644 --- a/g10/seskey.c +++ b/g10/seskey.c @@ -24,10 +24,10 @@ #include #include "gpg.h" -#include "util.h" +#include "../common/util.h" #include "options.h" #include "main.h" -#include "i18n.h" +#include "../common/i18n.h" /* Generate a new session key in *DEK that is appropriate for the diff --git a/g10/sig-check.c b/g10/sig-check.c index 4df29af..4e6ca43 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -25,12 +25,12 @@ #include #include "gpg.h" -#include "util.h" +#include "../common/util.h" #include "packet.h" #include "keydb.h" #include "main.h" -#include "status.h" -#include "i18n.h" +#include "../common/status.h" +#include "../common/i18n.h" #include "options.h" #include "pkglue.h" diff --git a/g10/sign.c b/g10/sign.c index ff099b3..801c809 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -27,20 +27,20 @@ #include "gpg.h" #include "options.h" #include "packet.h" -#include "status.h" -#include "iobuf.h" +#include "../common/status.h" +#include "../common/iobuf.h" #include "keydb.h" -#include "util.h" +#include "../common/util.h" #include "main.h" #include "filter.h" -#include "ttyio.h" +#include "../common/ttyio.h" #include "trustdb.h" -#include "status.h" -#include "i18n.h" +#include "../common/status.h" +#include "../common/i18n.h" #include "pkglue.h" -#include "sysutils.h" +#include "../common/sysutils.h" #include "call-agent.h" -#include "mbox-util.h" +#include "../common/mbox-util.h" #ifdef HAVE_DOSISH_SYSTEM #define LF "\r\n" diff --git a/g10/skclist.c b/g10/skclist.c index cedbce7..7a791b3 100644 --- a/g10/skclist.c +++ b/g10/skclist.c @@ -27,10 +27,10 @@ #include "gpg.h" #include "options.h" #include "packet.h" -#include "status.h" +#include "../common/status.h" #include "keydb.h" -#include "util.h" -#include "i18n.h" +#include "../common/util.h" +#include "../common/i18n.h" /* Return true if Libgcrypt's RNG is in faked mode. */ diff --git a/g10/t-stutter.c b/g10/t-stutter.c index 359cdf6..f4a9a59 100644 --- a/g10/t-stutter.c +++ b/g10/t-stutter.c @@ -54,7 +54,7 @@ #include "gpg.h" #include "main.h" #include "../common/types.h" -#include "util.h" +#include "../common/util.h" #include "dek.h" #include "../common/logging.h" diff --git a/g10/tdbdump.c b/g10/tdbdump.c index ab2f072..a5ad32d 100644 --- a/g10/tdbdump.c +++ b/g10/tdbdump.c @@ -29,15 +29,15 @@ #include #include "gpg.h" -#include "status.h" -#include "iobuf.h" +#include "../common/status.h" +#include "../common/iobuf.h" #include "keydb.h" -#include "util.h" +#include "../common/util.h" #include "trustdb.h" #include "options.h" #include "packet.h" #include "main.h" -#include "i18n.h" +#include "../common/i18n.h" #include "tdbio.h" diff --git a/g10/tdbio.c b/g10/tdbio.c index c1cb312..a7b7412 100644 --- a/g10/tdbio.c +++ b/g10/tdbio.c @@ -29,12 +29,12 @@ #include #include "gpg.h" -#include "status.h" -#include "iobuf.h" -#include "util.h" +#include "../common/status.h" +#include "../common/iobuf.h" +#include "../common/util.h" #include "options.h" #include "main.h" -#include "i18n.h" +#include "../common/i18n.h" #include "trustdb.h" #include "tdbio.h" diff --git a/g10/tdbio.h b/g10/tdbio.h index 1f66b03..e2cbbff 100644 --- a/g10/tdbio.h +++ b/g10/tdbio.h @@ -20,7 +20,7 @@ #ifndef G10_TDBIO_H #define G10_TDBIO_H -#include "host2net.h" +#include "../common/host2net.h" #define TRUST_RECORD_LEN 40 #define SIGS_PER_RECORD ((TRUST_RECORD_LEN-10)/5) diff --git a/g10/test-stubs.c b/g10/test-stubs.c index a74df20..d541e0d 100644 --- a/g10/test-stubs.c +++ b/g10/test-stubs.c @@ -28,18 +28,18 @@ #define INCLUDED_BY_MAIN_MODULE 1 #include "gpg.h" -#include "util.h" +#include "../common/util.h" #include "packet.h" -#include "iobuf.h" +#include "../common/iobuf.h" #include "main.h" #include "options.h" #include "keydb.h" #include "trustdb.h" #include "filter.h" -#include "ttyio.h" -#include "i18n.h" -#include "sysutils.h" -#include "status.h" +#include "../common/ttyio.h" +#include "../common/i18n.h" +#include "../common/sysutils.h" +#include "../common/status.h" #include "call-agent.h" int g10_errors_seen; diff --git a/g10/textfilter.c b/g10/textfilter.c index cb5d444..96666cf 100644 --- a/g10/textfilter.c +++ b/g10/textfilter.c @@ -24,13 +24,13 @@ #include #include "gpg.h" -#include "status.h" -#include "iobuf.h" -#include "util.h" +#include "../common/status.h" +#include "../common/iobuf.h" +#include "../common/util.h" #include "filter.h" -#include "i18n.h" +#include "../common/i18n.h" #include "options.h" -#include "status.h" +#include "../common/status.h" #ifdef HAVE_DOSISH_SYSTEM #define LF "\r\n" diff --git a/g10/tofu.c b/g10/tofu.c index 8c41ad7..9d6a457 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -31,17 +31,17 @@ #include #include "gpg.h" -#include "types.h" -#include "logging.h" -#include "stringhelp.h" +#include "../common/types.h" +#include "../common/logging.h" +#include "../common/stringhelp.h" #include "options.h" -#include "mbox-util.h" -#include "i18n.h" -#include "ttyio.h" +#include "../common/mbox-util.h" +#include "../common/i18n.h" +#include "../common/ttyio.h" #include "trustdb.h" -#include "mkdir_p.h" +#include "../common/mkdir_p.h" #include "gpgsql.h" -#include "status.h" +#include "../common/status.h" #include "sqrtu32.h" #include "tofu.h" diff --git a/g10/trust.c b/g10/trust.c index d0ea77e..77fde4c 100644 --- a/g10/trust.c +++ b/g10/trust.c @@ -26,13 +26,13 @@ #include "gpg.h" #include "keydb.h" -#include "util.h" +#include "../common/util.h" #include "options.h" #include "packet.h" #include "main.h" -#include "i18n.h" +#include "../common/i18n.h" #include "trustdb.h" -#include "host2net.h" +#include "../common/host2net.h" /* Return true if key is disabled. Note that this is usually used via diff --git a/g10/trustdb.c b/g10/trustdb.c index 7443051..a0b9d5f 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -29,15 +29,15 @@ #endif /* !DISABLE_REGEX */ #include "gpg.h" -#include "status.h" -#include "iobuf.h" +#include "../common/status.h" +#include "../common/iobuf.h" #include "keydb.h" -#include "util.h" +#include "../common/util.h" #include "options.h" #include "packet.h" #include "main.h" -#include "mbox-util.h" -#include "i18n.h" +#include "../common/mbox-util.h" +#include "../common/i18n.h" #include "tdbio.h" #include "trustdb.h" #include "tofu.h" diff --git a/g10/verify.c b/g10/verify.c index 7327e85..4399f71 100644 --- a/g10/verify.c +++ b/g10/verify.c @@ -27,15 +27,14 @@ #include "gpg.h" #include "options.h" #include "packet.h" -#include "status.h" -#include "iobuf.h" +#include "../common/status.h" +#include "../common/iobuf.h" #include "keydb.h" -#include "util.h" +#include "../common/util.h" #include "main.h" -#include "status.h" #include "filter.h" -#include "ttyio.h" -#include "i18n.h" +#include "../common/ttyio.h" +#include "../common/i18n.h" /**************** diff --git a/g13/Makefile.am b/g13/Makefile.am index cc0e6a8..dfacc99 100644 --- a/g13/Makefile.am +++ b/g13/Makefile.am @@ -26,7 +26,7 @@ sbin_PROGRAMS = g13-syshelp noinst_PROGRAMS = $(module_tests) TESTS = $(module_tests) -AM_CPPFLAGS = -I$(top_srcdir)/common +AM_CPPFLAGS = include $(top_srcdir)/am/cmacros.am diff --git a/g13/backend.c b/g13/backend.c index a495f8a..0123b45 100644 --- a/g13/backend.c +++ b/g13/backend.c @@ -26,7 +26,7 @@ #include #include "g13.h" -#include "i18n.h" +#include "../common/i18n.h" #include "keyblob.h" #include "backend.h" #include "be-encfs.h" diff --git a/g13/be-dmcrypt.c b/g13/be-dmcrypt.c index e048b99..59b586d 100644 --- a/g13/be-dmcrypt.c +++ b/g13/be-dmcrypt.c @@ -25,7 +25,7 @@ #include #include "g13.h" -#include "i18n.h" +#include "../common/i18n.h" #include "keyblob.h" #include "call-syshelp.h" #include "be-dmcrypt.h" diff --git a/g13/be-encfs.c b/g13/be-encfs.c index 6c648ab..0e2c68b 100644 --- a/g13/be-encfs.c +++ b/g13/be-encfs.c @@ -26,7 +26,7 @@ #include #include "g13.h" -#include "i18n.h" +#include "../common/i18n.h" #include "keyblob.h" #include "be-encfs.h" #include "runner.h" diff --git a/g13/be-truecrypt.c b/g13/be-truecrypt.c index e75b936..1ce992f 100644 --- a/g13/be-truecrypt.c +++ b/g13/be-truecrypt.c @@ -25,7 +25,7 @@ #include #include "g13.h" -#include "i18n.h" +#include "../common/i18n.h" #include "be-truecrypt.h" diff --git a/g13/call-syshelp.c b/g13/call-syshelp.c index adffc6e..8a50c3f 100644 --- a/g13/call-syshelp.c +++ b/g13/call-syshelp.c @@ -28,10 +28,10 @@ #include "g13.h" #include -#include "i18n.h" +#include "../common/i18n.h" #include "g13tuple.h" #include "keyblob.h" -#include "membuf.h" +#include "../common/membuf.h" #include "create.h" #include "call-syshelp.h" diff --git a/g13/create.c b/g13/create.c index 573039d..d55b859 100644 --- a/g13/create.c +++ b/g13/create.c @@ -27,7 +27,7 @@ #include #include "g13.h" -#include "i18n.h" +#include "../common/i18n.h" #include "create.h" #include "keyblob.h" diff --git a/g13/g13-common.c b/g13/g13-common.c index 8370907..35cb131 100644 --- a/g13/g13-common.c +++ b/g13/g13-common.c @@ -29,8 +29,8 @@ #include "g13-common.h" #include #include -#include "i18n.h" -#include "sysutils.h" +#include "../common/i18n.h" +#include "../common/sysutils.h" diff --git a/g13/g13-syshelp.c b/g13/g13-syshelp.c index 8b8a4a7..bf71ac2 100644 --- a/g13/g13-syshelp.c +++ b/g13/g13-syshelp.c @@ -36,9 +36,9 @@ #include #include -#include "i18n.h" -#include "sysutils.h" -#include "asshelp.h" +#include "../common/i18n.h" +#include "../common/sysutils.h" +#include "../common/asshelp.h" #include "../common/init.h" #include "keyblob.h" diff --git a/g13/g13.c b/g13/g13.c index 0553c85..4b925ed 100644 --- a/g13/g13.c +++ b/g13/g13.c @@ -32,10 +32,10 @@ #include #include -#include "i18n.h" -#include "sysutils.h" -#include "gc-opt-flags.h" -#include "asshelp.h" +#include "../common/i18n.h" +#include "../common/sysutils.h" +#include "../common/gc-opt-flags.h" +#include "../common/asshelp.h" #include "../common/init.h" #include "keyblob.h" #include "server.h" diff --git a/g13/keyblob.c b/g13/keyblob.c index 81863bb..1fb9be7 100644 --- a/g13/keyblob.c +++ b/g13/keyblob.c @@ -32,7 +32,7 @@ #include "keyblob.h" #include "../common/sysutils.h" -#include "host2net.h" +#include "../common/host2net.h" /* Parse the header prefix and return the length of the entire header. */ diff --git a/g13/mount.c b/g13/mount.c index 7814d5c..dc415b1 100644 --- a/g13/mount.c +++ b/g13/mount.c @@ -27,7 +27,7 @@ #include #include "g13.h" -#include "i18n.h" +#include "../common/i18n.h" #include "mount.h" #include "keyblob.h" @@ -35,7 +35,7 @@ #include "g13tuple.h" #include "mountinfo.h" #include "runner.h" -#include "host2net.h" +#include "../common/host2net.h" #include "server.h" /*(g13_keyblob_decrypt)*/ #include "../common/sysutils.h" #include "call-syshelp.h" diff --git a/g13/mountinfo.c b/g13/mountinfo.c index 26eca0c..ed898b8 100644 --- a/g13/mountinfo.c +++ b/g13/mountinfo.c @@ -27,7 +27,7 @@ #include #include "g13.h" -#include "i18n.h" +#include "../common/i18n.h" #include "mountinfo.h" #include "keyblob.h" diff --git a/g13/runner.c b/g13/runner.c index af2e836..138269d 100644 --- a/g13/runner.c +++ b/g13/runner.c @@ -27,7 +27,7 @@ #include #include "g13.h" -#include "i18n.h" +#include "../common/i18n.h" #include "keyblob.h" #include "runner.h" #include "../common/exechelp.h" diff --git a/g13/server.c b/g13/server.c index e3cb313..bbe42d4 100644 --- a/g13/server.c +++ b/g13/server.c @@ -27,7 +27,7 @@ #include "g13.h" #include -#include "i18n.h" +#include "../common/i18n.h" #include "keyblob.h" #include "server.h" #include "create.h" diff --git a/g13/sh-blockdev.c b/g13/sh-blockdev.c index 6c12dde..a477a67 100644 --- a/g13/sh-blockdev.c +++ b/g13/sh-blockdev.c @@ -28,8 +28,8 @@ #include "g13-syshelp.h" #include -#include "i18n.h" -#include "exectool.h" +#include "../common/i18n.h" +#include "../common/exectool.h" #include "keyblob.h" #ifndef HAVE_STRTOULL diff --git a/g13/sh-cmd.c b/g13/sh-cmd.c index 523ec56..b57369d 100644 --- a/g13/sh-cmd.c +++ b/g13/sh-cmd.c @@ -27,7 +27,7 @@ #include "g13-syshelp.h" #include -#include "i18n.h" +#include "../common/i18n.h" #include "keyblob.h" diff --git a/g13/sh-dmcrypt.c b/g13/sh-dmcrypt.c index bbeab65..f7ec797 100644 --- a/g13/sh-dmcrypt.c +++ b/g13/sh-dmcrypt.c @@ -32,9 +32,9 @@ #include "g13-syshelp.h" #include -#include "i18n.h" +#include "../common/i18n.h" #include "g13tuple.h" -#include "exectool.h" +#include "../common/exectool.h" #include "keyblob.h" /* The standard disk block size (logical). */ diff --git a/g13/suspend.c b/g13/suspend.c index 7bdf738..0aa20f0 100644 --- a/g13/suspend.c +++ b/g13/suspend.c @@ -27,7 +27,7 @@ #include #include "g13.h" -#include "i18n.h" +#include "../common/i18n.h" #include "suspend.h" #include "keyblob.h" diff --git a/g13/t-g13tuple.c b/g13/t-g13tuple.c index bbd9898..2809d23 100644 --- a/g13/t-g13tuple.c +++ b/g13/t-g13tuple.c @@ -23,7 +23,7 @@ #include -#include "util.h" +#include "../common/util.h" #include "keyblob.h" #include "g13tuple.h" diff --git a/kbx/Makefile.am b/kbx/Makefile.am index fe7da1b..8fca24a 100644 --- a/kbx/Makefile.am +++ b/kbx/Makefile.am @@ -20,7 +20,7 @@ EXTRA_DIST = mkerrors -AM_CPPFLAGS = -I$(top_srcdir)/common +AM_CPPFLAGS = include $(top_srcdir)/am/cmacros.am diff --git a/kbx/kbxutil.c b/kbx/kbxutil.c index dd8477c..6094298 100644 --- a/kbx/kbxutil.c +++ b/kbx/kbxutil.c @@ -33,7 +33,7 @@ #include "../common/argparse.h" #include "../common/stringhelp.h" #include "../common/utf8conv.h" -#include "i18n.h" +#include "../common/i18n.h" #include "keybox-defs.h" #include "../common/init.h" #include diff --git a/kbx/keybox-dump.c b/kbx/keybox-dump.c index 0e8f63a..d24f117 100644 --- a/kbx/keybox-dump.c +++ b/kbx/keybox-dump.c @@ -25,7 +25,7 @@ #include "keybox-defs.h" #include -#include "host2net.h" +#include "../common/host2net.h" /* Argg, we can't include ../common/util.h */ char *bin2hexcolon (const void *buffer, size_t length, char *stringbuf); diff --git a/kbx/keybox-openpgp.c b/kbx/keybox-openpgp.c index 6885e05..d82c2cb 100644 --- a/kbx/keybox-openpgp.c +++ b/kbx/keybox-openpgp.c @@ -36,7 +36,7 @@ #include #include "../common/openpgpdefs.h" -#include "host2net.h" +#include "../common/host2net.h" /* Assume a valid OpenPGP packet at the address pointed to by BUFBTR which has a maximum length as stored at BUFLEN. Return the header diff --git a/kbx/keybox-search.c b/kbx/keybox-search.c index ec5aad1..cc114c6 100644 --- a/kbx/keybox-search.c +++ b/kbx/keybox-search.c @@ -27,8 +27,8 @@ #include "keybox-defs.h" #include -#include "host2net.h" -#include "mbox-util.h" +#include "../common/host2net.h" +#include "../common/mbox-util.h" #define xtoi_1(p) (*(p) <= '9'? (*(p)- '0'): \ *(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10)) diff --git a/kbx/keybox-util.c b/kbx/keybox-util.c index 486753c..b71335b 100644 --- a/kbx/keybox-util.c +++ b/kbx/keybox-util.c @@ -27,7 +27,7 @@ #endif #include "keybox-defs.h" -#include "utilproto.h" +#include "../common/utilproto.h" static void *(*alloc_func)(size_t n) = malloc; diff --git a/scd/Makefile.am b/scd/Makefile.am index db096f6..cbd1f9f 100644 --- a/scd/Makefile.am +++ b/scd/Makefile.am @@ -21,7 +21,7 @@ EXTRA_DIST = ChangeLog-2011 scdaemon-w32info.rc libexec_PROGRAMS = scdaemon -AM_CPPFLAGS = -I$(top_srcdir)/common $(LIBUSB_CPPFLAGS) +AM_CPPFLAGS = $(LIBUSB_CPPFLAGS) include $(top_srcdir)/am/cmacros.am diff --git a/scd/apdu.c b/scd/apdu.c index c8ce684..147bf73 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -48,18 +48,18 @@ /* This is used with GnuPG version < 1.9. The code has been source copied from the current GnuPG >= 1.9 and is maintained over there. */ -#include "options.h" +#include "../common/options.h" #include "errors.h" #include "memory.h" -#include "util.h" -#include "i18n.h" +#include "../common/util.h" +#include "../common/i18n.h" #include "dynload.h" #include "cardglue.h" #else /* GNUPG_MAJOR_VERSION != 1 */ #include "scdaemon.h" -#include "exechelp.h" +#include "../common/exechelp.h" #endif /* GNUPG_MAJOR_VERSION != 1 */ -#include "host2net.h" +#include "../common/host2net.h" #include "iso7816.h" #include "apdu.h" diff --git a/scd/app-dinsig.c b/scd/app-dinsig.c index f7ecc4b..bea2856 100644 --- a/scd/app-dinsig.c +++ b/scd/app-dinsig.c @@ -79,10 +79,10 @@ #include "scdaemon.h" -#include "i18n.h" +#include "../common/i18n.h" #include "iso7816.h" #include "app-common.h" -#include "tlv.h" +#include "../common/tlv.h" static gpg_error_t diff --git a/scd/app-geldkarte.c b/scd/app-geldkarte.c index c277171..510beb5 100644 --- a/scd/app-geldkarte.c +++ b/scd/app-geldkarte.c @@ -37,10 +37,10 @@ #include "scdaemon.h" -#include "i18n.h" +#include "../common/i18n.h" #include "iso7816.h" #include "app-common.h" -#include "tlv.h" +#include "../common/tlv.h" diff --git a/scd/app-help.c b/scd/app-help.c index 85bcc66..842a73d 100644 --- a/scd/app-help.c +++ b/scd/app-help.c @@ -26,7 +26,7 @@ #include "scdaemon.h" #include "app-common.h" #include "iso7816.h" -#include "tlv.h" +#include "../common/tlv.h" /* Count the number of bits, assuming the A represents an unsigned big diff --git a/scd/app-nks.c b/scd/app-nks.c index 98dd588..9e720f0 100644 --- a/scd/app-nks.c +++ b/scd/app-nks.c @@ -51,12 +51,12 @@ #include #include "scdaemon.h" -#include "i18n.h" +#include "../common/i18n.h" #include "iso7816.h" #include "app-common.h" -#include "tlv.h" +#include "../common/tlv.h" #include "apdu.h" -#include "host2net.h" +#include "../common/host2net.h" static char const aid_nks[] = { 0xD2, 0x76, 0x00, 0x00, 0x03, 0x01, 0x02 }; static char const aid_sigg[] = { 0xD2, 0x76, 0x00, 0x00, 0x66, 0x01 }; diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index af81dce..66b235d 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -62,13 +62,13 @@ #include "scdaemon.h" #endif /* GNUPG_MAJOR_VERSION != 1 */ -#include "util.h" -#include "i18n.h" +#include "../common/util.h" +#include "../common/i18n.h" #include "iso7816.h" #include "app-common.h" -#include "tlv.h" -#include "host2net.h" -#include "openpgpdefs.h" +#include "../common/tlv.h" +#include "../common/host2net.h" +#include "../common/openpgpdefs.h" /* A table describing the DOs of the card. */ diff --git a/scd/app-p15.c b/scd/app-p15.c index 4072fb7..68e8c4f 100644 --- a/scd/app-p15.c +++ b/scd/app-p15.c @@ -39,7 +39,7 @@ #include "iso7816.h" #include "app-common.h" -#include "tlv.h" +#include "../common/tlv.h" #include "apdu.h" /* fixme: we should move the card detection to a separate file */ diff --git a/scd/app-sc-hsm.c b/scd/app-sc-hsm.c index dddc8dc..8094b24 100644 --- a/scd/app-sc-hsm.c +++ b/scd/app-sc-hsm.c @@ -34,7 +34,7 @@ #include "iso7816.h" #include "app-common.h" -#include "tlv.h" +#include "../common/tlv.h" #include "apdu.h" diff --git a/scd/app.c b/scd/app.c index e1c4e10..472adc7 100644 --- a/scd/app.c +++ b/scd/app.c @@ -25,11 +25,11 @@ #include #include "scdaemon.h" -#include "exechelp.h" +#include "../common/exechelp.h" #include "app-common.h" #include "iso7816.h" #include "apdu.h" -#include "tlv.h" +#include "../common/tlv.h" static npth_mutex_t app_list_lock; static app_t app_top; diff --git a/scd/command.c b/scd/command.c index b1d5539..56fdf74 100644 --- a/scd/command.c +++ b/scd/command.c @@ -40,8 +40,8 @@ #ifdef HAVE_LIBUSB #include "ccid-driver.h" #endif -#include "asshelp.h" -#include "server-help.h" +#include "../common/asshelp.h" +#include "../common/server-help.h" /* Maximum length allowed as a PIN; used for INQUIRE NEEDPIN */ #define MAXLEN_PIN 100 diff --git a/scd/scdaemon.c b/scd/scdaemon.c index 13cf2e6..26e89dd 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -44,15 +44,15 @@ #include /* malloc hooks */ -#include "i18n.h" -#include "sysutils.h" +#include "../common/i18n.h" +#include "../common/sysutils.h" #include "app-common.h" #include "iso7816.h" #include "apdu.h" #include "ccid-driver.h" -#include "gc-opt-flags.h" -#include "asshelp.h" -#include "exechelp.h" +#include "../common/gc-opt-flags.h" +#include "../common/asshelp.h" +#include "../common/exechelp.h" #include "../common/init.h" #ifndef ENAMETOOLONG diff --git a/sm/Makefile.am b/sm/Makefile.am index 4cfb246..ddc2e22 100644 --- a/sm/Makefile.am +++ b/sm/Makefile.am @@ -23,7 +23,7 @@ bin_PROGRAMS = gpgsm AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS) -AM_CPPFLAGS = -I$(top_srcdir)/common -DKEYBOX_WITH_X509=1 +AM_CPPFLAGS = -DKEYBOX_WITH_X509=1 include $(top_srcdir)/am/cmacros.am if HAVE_W32_SYSTEM diff --git a/sm/call-agent.c b/sm/call-agent.c index 16a2497..0e47c14 100644 --- a/sm/call-agent.c +++ b/sm/call-agent.c @@ -33,11 +33,11 @@ #include "gpgsm.h" #include #include -#include "i18n.h" -#include "asshelp.h" +#include "../common/i18n.h" +#include "../common/asshelp.h" #include "keydb.h" /* fixme: Move this to import.c */ -#include "membuf.h" -#include "shareddefs.h" +#include "../common/membuf.h" +#include "../common/shareddefs.h" #include "passphrase.h" diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c index 45303e8..5ee15b7 100644 --- a/sm/call-dirmngr.c +++ b/sm/call-dirmngr.c @@ -32,9 +32,9 @@ #include #include -#include "i18n.h" +#include "../common/i18n.h" #include "keydb.h" -#include "asshelp.h" +#include "../common/asshelp.h" struct membuf { diff --git a/sm/certchain.c b/sm/certchain.c index b3e8656..a361aca 100644 --- a/sm/certchain.c +++ b/sm/certchain.c @@ -34,8 +34,8 @@ #include "keydb.h" #include "../kbx/keybox.h" /* for KEYBOX_FLAG_* */ -#include "i18n.h" -#include "tlv.h" +#include "../common/i18n.h" +#include "../common/tlv.h" /* Object to keep track of certain root certificates. */ diff --git a/sm/certcheck.c b/sm/certcheck.c index 04b3917..1102bcc 100644 --- a/sm/certcheck.c +++ b/sm/certcheck.c @@ -31,7 +31,7 @@ #include #include "keydb.h" -#include "i18n.h" +#include "../common/i18n.h" /* Return the number of bits of the Q parameter from the DSA key diff --git a/sm/certdump.c b/sm/certdump.c index bd37da4..edee76f 100644 --- a/sm/certdump.c +++ b/sm/certdump.c @@ -37,7 +37,7 @@ #include #include "keydb.h" -#include "i18n.h" +#include "../common/i18n.h" struct dn_array_s { diff --git a/sm/certlist.c b/sm/certlist.c index bfc35ce..e493cda 100644 --- a/sm/certlist.c +++ b/sm/certlist.c @@ -32,7 +32,7 @@ #include #include "keydb.h" -#include "i18n.h" +#include "../common/i18n.h" static const char oid_kp_serverAuth[] = "1.3.6.1.5.5.7.3.1"; diff --git a/sm/certreqgen-ui.c b/sm/certreqgen-ui.c index b50d338..9772a3b 100644 --- a/sm/certreqgen-ui.c +++ b/sm/certreqgen-ui.c @@ -29,9 +29,9 @@ #include "gpgsm.h" #include -#include "i18n.h" -#include "ttyio.h" -#include "membuf.h" +#include "../common/i18n.h" +#include "../common/ttyio.h" +#include "../common/membuf.h" /* Prompt for lines and append them to MB. */ diff --git a/sm/certreqgen.c b/sm/certreqgen.c index fe35ea8..4431870 100644 --- a/sm/certreqgen.c +++ b/sm/certreqgen.c @@ -66,7 +66,7 @@ #include #include "keydb.h" -#include "i18n.h" +#include "../common/i18n.h" enum para_name diff --git a/sm/decrypt.c b/sm/decrypt.c index cda4d29..976bd12 100644 --- a/sm/decrypt.c +++ b/sm/decrypt.c @@ -31,7 +31,7 @@ #include #include "keydb.h" -#include "i18n.h" +#include "../common/i18n.h" struct decrypt_filter_parm_s { diff --git a/sm/delete.c b/sm/delete.c index 3536968..56d5b1f 100644 --- a/sm/delete.c +++ b/sm/delete.c @@ -31,7 +31,7 @@ #include #include "keydb.h" -#include "i18n.h" +#include "../common/i18n.h" /* Delete a certificate or an secret key from a key database. */ diff --git a/sm/encrypt.c b/sm/encrypt.c index 3a7d4bb..c43a9e6 100644 --- a/sm/encrypt.c +++ b/sm/encrypt.c @@ -32,7 +32,7 @@ #include #include "keydb.h" -#include "i18n.h" +#include "../common/i18n.h" struct dek_s { diff --git a/sm/export.c b/sm/export.c index d721d52..29a5ac3 100644 --- a/sm/export.c +++ b/sm/export.c @@ -31,9 +31,9 @@ #include #include "keydb.h" -#include "exechelp.h" -#include "i18n.h" -#include "sysutils.h" +#include "../common/exechelp.h" +#include "../common/i18n.h" +#include "../common/sysutils.h" #include "minip12.h" /* A table to store a fingerprint as used in a duplicates table. We diff --git a/sm/fingerprint.c b/sm/fingerprint.c index d8e8405..fbcec58 100644 --- a/sm/fingerprint.c +++ b/sm/fingerprint.c @@ -31,7 +31,7 @@ #include #include -#include "host2net.h" +#include "../common/host2net.h" /* Return the fingerprint of the certificate (we can't put this into diff --git a/sm/gpgsm.c b/sm/gpgsm.c index 34a9b96..bcf479a 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -35,11 +35,11 @@ #include "passphrase.h" #include "../common/shareddefs.h" #include "../kbx/keybox.h" /* malloc hooks */ -#include "i18n.h" +#include "../common/i18n.h" #include "keydb.h" -#include "sysutils.h" -#include "gc-opt-flags.h" -#include "asshelp.h" +#include "../common/sysutils.h" +#include "../common/gc-opt-flags.h" +#include "../common/asshelp.h" #include "../common/init.h" diff --git a/sm/import.c b/sm/import.c index b284b51..c7b65ad 100644 --- a/sm/import.c +++ b/sm/import.c @@ -31,9 +31,9 @@ #include #include "keydb.h" -#include "exechelp.h" -#include "i18n.h" -#include "sysutils.h" +#include "../common/exechelp.h" +#include "../common/i18n.h" +#include "../common/sysutils.h" #include "../kbx/keybox.h" /* for KEYBOX_FLAG_* */ #include "../common/membuf.h" #include "minip12.h" diff --git a/sm/keydb.c b/sm/keydb.c index 75f83ee..87fc12d 100644 --- a/sm/keydb.c +++ b/sm/keydb.c @@ -31,7 +31,7 @@ #include "gpgsm.h" #include "../kbx/keybox.h" #include "keydb.h" -#include "i18n.h" +#include "../common/i18n.h" static int active_handles; diff --git a/sm/keylist.c b/sm/keylist.c index 6db42e3..d27d4f4 100644 --- a/sm/keylist.c +++ b/sm/keylist.c @@ -34,8 +34,8 @@ #include "keydb.h" #include "../kbx/keybox.h" /* for KEYBOX_FLAG_* */ -#include "i18n.h" -#include "tlv.h" +#include "../common/i18n.h" +#include "../common/tlv.h" struct list_external_parm_s { diff --git a/sm/misc.c b/sm/misc.c index 40e989f..1e2465f 100644 --- a/sm/misc.c +++ b/sm/misc.c @@ -29,8 +29,8 @@ #endif #include "gpgsm.h" -#include "i18n.h" -#include "sysutils.h" +#include "../common/i18n.h" +#include "../common/sysutils.h" #include "../common/tlv.h" #include "../common/sexp-parse.h" diff --git a/sm/qualified.c b/sm/qualified.c index 61b071c..718141e 100644 --- a/sm/qualified.c +++ b/sm/qualified.c @@ -26,7 +26,7 @@ #include #include "gpgsm.h" -#include "i18n.h" +#include "../common/i18n.h" #include diff --git a/sm/server.c b/sm/server.c index 0fadcad..37d66e2 100644 --- a/sm/server.c +++ b/sm/server.c @@ -29,8 +29,8 @@ #include "gpgsm.h" #include -#include "sysutils.h" -#include "server-help.h" +#include "../common/sysutils.h" +#include "../common/server-help.h" #define set_error(e,t) assuan_set_error (ctx, gpg_error (e), (t)) diff --git a/sm/sign.c b/sm/sign.c index 0ca575b..a153b51 100644 --- a/sm/sign.c +++ b/sm/sign.c @@ -32,7 +32,7 @@ #include #include "keydb.h" -#include "i18n.h" +#include "../common/i18n.h" /* Hash the data and return if something was hashed. Return -1 on error. */ diff --git a/sm/verify.c b/sm/verify.c index 1ac97cb..6c034e6 100644 --- a/sm/verify.c +++ b/sm/verify.c @@ -32,7 +32,7 @@ #include #include "keydb.h" -#include "i18n.h" +#include "../common/i18n.h" static char * strtimestamp_r (ksba_isotime_t atime) diff --git a/tools/Makefile.am b/tools/Makefile.am index 38abd7c..0c828a7 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -23,7 +23,7 @@ EXTRA_DIST = \ ccidmon.c ChangeLog-2011 gpg-connect-agent-w32info.rc -AM_CPPFLAGS = -I$(top_srcdir)/common +AM_CPPFLAGS = include $(top_srcdir)/am/cmacros.am if HAVE_W32_SYSTEM diff --git a/tools/call-dirmngr.c b/tools/call-dirmngr.c index 51f1fa1..9e3e493 100644 --- a/tools/call-dirmngr.c +++ b/tools/call-dirmngr.c @@ -29,10 +29,10 @@ #endif #include -#include "util.h" -#include "i18n.h" -#include "asshelp.h" -#include "mbox-util.h" +#include "../common/util.h" +#include "../common/i18n.h" +#include "../common/asshelp.h" +#include "../common/mbox-util.h" #include "./call-dirmngr.h" static struct diff --git a/tools/gpg-check-pattern.c b/tools/gpg-check-pattern.c index a3224ab..7197340 100644 --- a/tools/gpg-check-pattern.c +++ b/tools/gpg-check-pattern.c @@ -40,9 +40,9 @@ #include #include -#include "util.h" -#include "i18n.h" -#include "sysutils.h" +#include "../common/util.h" +#include "../common/i18n.h" +#include "../common/sysutils.h" #include "../common/init.h" diff --git a/tools/gpg-connect-agent.c b/tools/gpg-connect-agent.c index 59e2192..ef71d27 100644 --- a/tools/gpg-connect-agent.c +++ b/tools/gpg-connect-agent.c @@ -29,7 +29,7 @@ #include #include -#include "i18n.h" +#include "../common/i18n.h" #include "../common/util.h" #include "../common/asshelp.h" #include "../common/sysutils.h" diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c index c31e3a1..c578105 100644 --- a/tools/gpg-wks-client.c +++ b/tools/gpg-wks-client.c @@ -22,17 +22,17 @@ #include #include -#include "util.h" -#include "status.h" -#include "i18n.h" -#include "sysutils.h" -#include "init.h" -#include "asshelp.h" -#include "userids.h" -#include "ccparray.h" -#include "exectool.h" -#include "mbox-util.h" -#include "name-value.h" +#include "../common/util.h" +#include "../common/status.h" +#include "../common/i18n.h" +#include "../common/sysutils.h" +#include "../common/init.h" +#include "../common/asshelp.h" +#include "../common/userids.h" +#include "../common/ccparray.h" +#include "../common/exectool.h" +#include "../common/mbox-util.h" +#include "../common/name-value.h" #include "call-dirmngr.h" #include "mime-maker.h" #include "send-mail.h" diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c index 0c939e5..1055212 100644 --- a/tools/gpgconf-comp.c +++ b/tools/gpgconf-comp.c @@ -44,12 +44,12 @@ #endif /* For log_logv(), asctimestamp(), gnupg_get_time (). */ -#include "util.h" -#include "i18n.h" -#include "exechelp.h" -#include "sysutils.h" +#include "../common/util.h" +#include "../common/i18n.h" +#include "../common/exechelp.h" +#include "../common/sysutils.h" -#include "gc-opt-flags.h" +#include "../common/gc-opt-flags.h" #include "gpgconf.h" /* There is a problem with gpg 1.4 under Windows: --gpgconf-list diff --git a/tools/gpgconf.c b/tools/gpgconf.c index a9f4607..c6fb24e 100644 --- a/tools/gpgconf.c +++ b/tools/gpgconf.c @@ -26,8 +26,8 @@ #include #include "gpgconf.h" -#include "i18n.h" -#include "sysutils.h" +#include "../common/i18n.h" +#include "../common/sysutils.h" #include "../common/init.h" diff --git a/tools/gpgsplit.c b/tools/gpgsplit.c index 3b4bb15..ce2777d 100644 --- a/tools/gpgsplit.c +++ b/tools/gpgsplit.c @@ -40,8 +40,8 @@ #endif #define INCLUDED_BY_MAIN_MODULE 1 -#include "util.h" -#include "openpgpdefs.h" +#include "../common/util.h" +#include "../common/openpgpdefs.h" static int opt_verbose; static const char *opt_prefix = ""; diff --git a/tools/gpgtar-create.c b/tools/gpgtar-create.c index ffd239f..c622a66 100644 --- a/tools/gpgtar-create.c +++ b/tools/gpgtar-create.c @@ -35,7 +35,7 @@ #endif /*!HAVE_W32_SYSTEM*/ #include -#include "i18n.h" +#include "../common/i18n.h" #include "../common/exectool.h" #include "../common/sysutils.h" #include "../common/ccparray.h" diff --git a/tools/gpgtar-extract.c b/tools/gpgtar-extract.c index f9a50e7..b0e17cb 100644 --- a/tools/gpgtar-extract.c +++ b/tools/gpgtar-extract.c @@ -27,7 +27,7 @@ #include #include -#include "i18n.h" +#include "../common/i18n.h" #include "../common/exectool.h" #include "../common/sysutils.h" #include "../common/ccparray.h" diff --git a/tools/gpgtar-list.c b/tools/gpgtar-list.c index 8286d08..0e10be8 100644 --- a/tools/gpgtar-list.c +++ b/tools/gpgtar-list.c @@ -24,7 +24,7 @@ #include #include -#include "i18n.h" +#include "../common/i18n.h" #include "gpgtar.h" #include "../common/exectool.h" #include "../common/ccparray.h" diff --git a/tools/gpgtar.c b/tools/gpgtar.c index 3dff176..2757ab0 100644 --- a/tools/gpgtar.c +++ b/tools/gpgtar.c @@ -34,9 +34,9 @@ #include #include -#include "util.h" -#include "i18n.h" -#include "sysutils.h" +#include "../common/util.h" +#include "../common/i18n.h" +#include "../common/sysutils.h" #include "../common/openpgpdefs.h" #include "../common/init.h" #include "../common/strlist.h" diff --git a/tools/mime-maker.c b/tools/mime-maker.c index 2e32069..0332f31 100644 --- a/tools/mime-maker.c +++ b/tools/mime-maker.c @@ -22,8 +22,8 @@ #include #include -#include "util.h" -#include "zb32.h" +#include "../common/util.h" +#include "../common/zb32.h" #include "mime-maker.h" diff --git a/tools/mime-parser.c b/tools/mime-parser.c index 169ea2b..08b0219 100644 --- a/tools/mime-parser.c +++ b/tools/mime-parser.c @@ -22,7 +22,7 @@ #include #include -#include "util.h" +#include "../common/util.h" #include "rfc822parse.h" #include "mime-parser.h" diff --git a/tools/send-mail.c b/tools/send-mail.c index 56f2500..34d47c1 100644 --- a/tools/send-mail.c +++ b/tools/send-mail.c @@ -22,9 +22,9 @@ #include #include -#include "util.h" -#include "exectool.h" -#include "sysutils.h" +#include "../common/util.h" +#include "../common/exectool.h" +#include "../common/sysutils.h" #include "send-mail.h" diff --git a/tools/wks-receive.c b/tools/wks-receive.c index 94f8bc6..49a1517 100644 --- a/tools/wks-receive.c +++ b/tools/wks-receive.c @@ -22,9 +22,9 @@ #include #include -#include "util.h" -#include "ccparray.h" -#include "exectool.h" +#include "../common/util.h" +#include "../common/ccparray.h" +#include "../common/exectool.h" #include "gpg-wks.h" #include "rfc822parse.h" #include "mime-parser.h" diff --git a/tools/wks-util.c b/tools/wks-util.c index e6f6b7a..389d4a4 100644 --- a/tools/wks-util.c +++ b/tools/wks-util.c @@ -22,11 +22,11 @@ #include #include -#include "util.h" -#include "status.h" -#include "ccparray.h" -#include "exectool.h" -#include "mbox-util.h" +#include "../common/util.h" +#include "../common/status.h" +#include "../common/ccparray.h" +#include "../common/exectool.h" +#include "../common/mbox-util.h" #include "mime-maker.h" #include "send-mail.h" #include "gpg-wks.h" ----------------------------------------------------------------------- Summary of changes: dirmngr/Makefile.am | 2 +- dirmngr/dirmngr-client.c | 6 +++--- dirmngr/dirmngr.c | 4 ++-- dirmngr/dirmngr_ldap.c | 4 ++-- dirmngr/dns-stuff.c | 4 ++-- dirmngr/http.c | 4 ++-- dirmngr/ks-engine-finger.c | 2 +- dirmngr/ks-engine-hkp.c | 2 +- dirmngr/ks-engine-kdns.c | 2 +- dirmngr/ks-engine-ldap.c | 2 +- dirmngr/ldap-parse-uri.c | 2 +- dirmngr/ldap-parse-uri.h | 2 +- dirmngr/ldap-wrapper.c | 2 +- dirmngr/ldap.c | 4 ++-- dirmngr/misc.c | 2 +- dirmngr/server.c | 6 +++--- dirmngr/t-dns-stuff.c | 2 +- dirmngr/t-http.c | 4 ++-- g10/Makefile.am | 2 +- g10/armor.c | 9 ++++----- g10/build-packet.c | 10 +++++----- g10/call-agent.c | 14 +++++++------- g10/call-dirmngr.c | 12 ++++++------ g10/card-util.c | 8 ++++---- g10/cipher.c | 8 ++++---- g10/compress-bz2.c | 2 +- g10/compress.c | 2 +- g10/cpr.c | 8 ++++---- g10/dearmor.c | 8 ++++---- g10/decrypt-data.c | 6 +++--- g10/decrypt.c | 10 +++++----- g10/delkey.c | 11 +++++------ g10/ecdh.c | 2 +- g10/encrypt.c | 10 +++++----- g10/exec.c | 10 +++++----- g10/export.c | 18 +++++++++--------- g10/filter.h | 2 +- g10/free-packet.c | 2 +- g10/getkey.c | 12 ++++++------ g10/gpg.c | 16 ++++++++-------- g10/gpgsql.c | 4 ++-- g10/gpgv.c | 12 ++++++------ g10/helptext.c | 6 +++--- g10/import.c | 11 +++++------ g10/kbnode.c | 2 +- g10/keydb.c | 4 ++-- g10/keydb.h | 4 ++-- g10/keyedit.c | 14 +++++++------- g10/keygen.c | 12 ++++++------ g10/keyid.c | 6 +++--- g10/keylist.c | 14 +++++++------- g10/keyring.c | 4 ++-- g10/keyserver-internal.h | 2 +- g10/keyserver.c | 14 +++++++------- g10/main.h | 6 +++--- g10/mainproc.c | 10 +++++----- g10/mdfilter.c | 6 +++--- g10/migrate.c | 2 +- g10/misc.c | 8 ++++---- g10/openfile.c | 8 ++++---- g10/options.h | 2 +- g10/packet.h | 4 ++-- g10/parse-packet.c | 8 ++++---- g10/passphrase.c | 8 ++++---- g10/photoid.c | 10 +++++----- g10/pkclist.c | 10 +++++----- g10/pkglue.c | 2 +- g10/plaintext.c | 8 ++++---- g10/progress.c | 6 +++--- g10/pubkey-enc.c | 8 ++++---- g10/revoke.c | 9 ++++----- g10/server.c | 6 +++--- g10/seskey.c | 4 ++-- g10/sig-check.c | 6 +++--- g10/sign.c | 16 ++++++++-------- g10/skclist.c | 6 +++--- g10/t-stutter.c | 2 +- g10/tdbdump.c | 8 ++++---- g10/tdbio.c | 8 ++++---- g10/tdbio.h | 2 +- g10/test-stubs.c | 12 ++++++------ g10/textfilter.c | 10 +++++----- g10/tofu.c | 16 ++++++++-------- g10/trust.c | 6 +++--- g10/trustdb.c | 10 +++++----- g10/verify.c | 11 +++++------ g13/Makefile.am | 2 +- g13/backend.c | 2 +- g13/be-dmcrypt.c | 2 +- g13/be-encfs.c | 2 +- g13/be-truecrypt.c | 2 +- g13/call-syshelp.c | 4 ++-- g13/create.c | 2 +- g13/g13-common.c | 4 ++-- g13/g13-syshelp.c | 6 +++--- g13/g13.c | 8 ++++---- g13/keyblob.c | 2 +- g13/mount.c | 4 ++-- g13/mountinfo.c | 2 +- g13/runner.c | 2 +- g13/server.c | 2 +- g13/sh-blockdev.c | 4 ++-- g13/sh-cmd.c | 2 +- g13/sh-dmcrypt.c | 4 ++-- g13/suspend.c | 2 +- g13/t-g13tuple.c | 2 +- kbx/Makefile.am | 2 +- kbx/kbxutil.c | 2 +- kbx/keybox-dump.c | 2 +- kbx/keybox-openpgp.c | 2 +- kbx/keybox-search.c | 4 ++-- kbx/keybox-util.c | 2 +- scd/Makefile.am | 2 +- scd/apdu.c | 10 +++++----- scd/app-dinsig.c | 4 ++-- scd/app-geldkarte.c | 4 ++-- scd/app-help.c | 2 +- scd/app-nks.c | 6 +++--- scd/app-openpgp.c | 10 +++++----- scd/app-p15.c | 2 +- scd/app-sc-hsm.c | 2 +- scd/app.c | 4 ++-- scd/command.c | 4 ++-- scd/scdaemon.c | 10 +++++----- sm/Makefile.am | 2 +- sm/call-agent.c | 8 ++++---- sm/call-dirmngr.c | 4 ++-- sm/certchain.c | 4 ++-- sm/certcheck.c | 2 +- sm/certdump.c | 2 +- sm/certlist.c | 2 +- sm/certreqgen-ui.c | 6 +++--- sm/certreqgen.c | 2 +- sm/decrypt.c | 2 +- sm/delete.c | 2 +- sm/encrypt.c | 2 +- sm/export.c | 6 +++--- sm/fingerprint.c | 2 +- sm/gpgsm.c | 8 ++++---- sm/import.c | 6 +++--- sm/keydb.c | 2 +- sm/keylist.c | 4 ++-- sm/misc.c | 4 ++-- sm/qualified.c | 2 +- sm/server.c | 4 ++-- sm/sign.c | 2 +- sm/verify.c | 2 +- tools/Makefile.am | 2 +- tools/call-dirmngr.c | 8 ++++---- tools/gpg-check-pattern.c | 6 +++--- tools/gpg-connect-agent.c | 2 +- tools/gpg-wks-client.c | 22 +++++++++++----------- tools/gpgconf-comp.c | 10 +++++----- tools/gpgconf.c | 4 ++-- tools/gpgsplit.c | 4 ++-- tools/gpgtar-create.c | 2 +- tools/gpgtar-extract.c | 2 +- tools/gpgtar-list.c | 2 +- tools/gpgtar.c | 6 +++--- tools/mime-maker.c | 4 ++-- tools/mime-parser.c | 2 +- tools/send-mail.c | 6 +++--- tools/wks-receive.c | 6 +++--- tools/wks-util.c | 10 +++++----- 164 files changed, 446 insertions(+), 451 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 7 12:33:11 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 07 Mar 2017 12:33:11 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-34-gd6c7bf1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via d6c7bf1f8ab8899faba2fb81a35b096921c38f3c (commit) from 70aca95d6816082b289fceca8eabfcf718a6b701 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d6c7bf1f8ab8899faba2fb81a35b096921c38f3c Author: NIIBE Yutaka Date: Tue Mar 7 20:32:09 2017 +0900 More change for common. * g10, scd, test, tools: Follow the change of removal of -Icommon. Signed-off-by: NIIBE Yutaka diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c index 61cc2ea..a7a8739 100644 --- a/g10/seckey-cert.c +++ b/g10/seckey-cert.c @@ -26,14 +26,14 @@ #include #include "gpg.h" -#include "util.h" +#include "../common/util.h" #include "packet.h" #include "keydb.h" #include "cipher.h" #include "main.h" #include "options.h" -#include "i18n.h" -#include "status.h" +#include "../common/i18n.h" +#include "../common/status.h" #include "pkglue.h" static int diff --git a/scd/iso7816.c b/scd/iso7816.c index 8f79698..d146bd0 100644 --- a/scd/iso7816.c +++ b/scd/iso7816.c @@ -32,8 +32,8 @@ #include "options.h" #include "errors.h" #include "memory.h" -#include "util.h" -#include "i18n.h" +#include "../common/util.h" +#include "../common/i18n.h" #else /* GNUPG_MAJOR_VERSION != 1 */ #include "scdaemon.h" #endif /* GNUPG_MAJOR_VERSION != 1 */ diff --git a/tests/gpgscm/main.c b/tests/gpgscm/main.c index 3191e05..65929f0 100644 --- a/tests/gpgscm/main.c +++ b/tests/gpgscm/main.c @@ -34,7 +34,7 @@ #include "scheme.h" #include "scheme-private.h" #include "ffi.h" -#include "i18n.h" +#include "../common/i18n.h" #include "../../common/argparse.h" #include "../../common/init.h" #include "../../common/logging.h" diff --git a/tools/no-libgcrypt.c b/tools/no-libgcrypt.c index b56cc38..8739968 100644 --- a/tools/no-libgcrypt.c +++ b/tools/no-libgcrypt.c @@ -18,7 +18,7 @@ #include #include "../common/util.h" -#include "i18n.h" +#include "../common/i18n.h" /* Replace libgcrypt's malloc functions which are used by diff --git a/tools/symcryptrun.c b/tools/symcryptrun.c index b32d43a..563e56b 100644 --- a/tools/symcryptrun.c +++ b/tools/symcryptrun.c @@ -98,7 +98,7 @@ #endif #include -#include "i18n.h" +#include "../common/i18n.h" #include "../common/util.h" #include "../common/init.h" #include "../common/sysutils.h" ----------------------------------------------------------------------- Summary of changes: g10/seckey-cert.c | 6 +++--- scd/iso7816.c | 4 ++-- tests/gpgscm/main.c | 2 +- tools/no-libgcrypt.c | 2 +- tools/symcryptrun.c | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 7 12:39:23 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 07 Mar 2017 12:39:23 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-35-g80fb1a8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 80fb1a8a05b2194af16027555b09bbd5d48ec9ac (commit) from d6c7bf1f8ab8899faba2fb81a35b096921c38f3c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 80fb1a8a05b2194af16027555b09bbd5d48ec9ac Author: NIIBE Yutaka Date: Tue Mar 7 20:38:22 2017 +0900 tools: Removal of -Icommon. * tools/gpg-wks-server.c: Follow the change. Signed-off-by: NIIBE Yutaka diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c index fc021c5..4d3e24d 100644 --- a/tools/gpg-wks-server.c +++ b/tools/gpg-wks-server.c @@ -31,14 +31,14 @@ #include #include -#include "util.h" -#include "init.h" -#include "sysutils.h" -#include "ccparray.h" -#include "exectool.h" -#include "zb32.h" -#include "mbox-util.h" -#include "name-value.h" +#include "../common/util.h" +#include "../common/init.h" +#include "../common/sysutils.h" +#include "../common/ccparray.h" +#include "../common/exectool.h" +#include "../common/zb32.h" +#include "../common/mbox-util.h" +#include "../common/name-value.h" #include "mime-maker.h" #include "send-mail.h" #include "gpg-wks.h" ----------------------------------------------------------------------- Summary of changes: tools/gpg-wks-server.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 7 13:09:15 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 07 Mar 2017 13:09:15 +0100 Subject: [git] gnupg-doc - branch, master, updated. d82b1163a15cf474d6ca089c7f9a06e7301c0826 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via d82b1163a15cf474d6ca089c7f9a06e7301c0826 (commit) from b6077011f81ac9ae87fc070c29c5c64d1a25982a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d82b1163a15cf474d6ca089c7f9a06e7301c0826 Author: Werner Koch Date: Tue Mar 7 13:06:31 2017 +0100 web: Explain problems in gpgme release building. diff --git a/web/devel/creating-a-release.org b/web/devel/creating-a-release.org index a7a48cf..7fe8e79 100644 --- a/web/devel/creating-a-release.org +++ b/web/devel/creating-a-release.org @@ -189,6 +189,12 @@ Here are some gotchas for certain packages *** Libgcrypt +*** GPGME + +- As of version 1.9 build problems in "make distcheck" for the Python + bindings may turn up. The workaround is to use a fresh build + directory. + ----------------------------------------------------------------------- Summary of changes: web/devel/creating-a-release.org | 6 ++++++ 1 file changed, 6 insertions(+) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 7 13:55:56 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 07 Mar 2017 13:55:56 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-36-g591b6a9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 591b6a9d879cbcabb089d89a26d3c3e0306054e1 (commit) from 80fb1a8a05b2194af16027555b09bbd5d48ec9ac (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 591b6a9d879cbcabb089d89a26d3c3e0306054e1 Author: Justus Winter Date: Thu Mar 2 14:14:55 2017 +0100 gpg: Do not allow the user to revoke the last valid UID. * g10/keyedit.c (keyedit_quick_revuid): Merge self signatures, then make sure that we do not revoke the last valid UID. (menu_revuid): Make sure that we do not revoke the last valid UID. * tests/openpgp/quick-key-manipulation.scm: Demonstrate that '--quick-revoke-uid' can not be used to revoke the last valid UID. GnuPG-bug-id: 2960 Signed-off-by: Justus Winter diff --git a/g10/keyedit.c b/g10/keyedit.c index c10a011..660e8bf 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -2966,6 +2966,7 @@ keyedit_quick_revuid (ctrl_t ctrl, const char *username, const char *uidtorev) kbnode_t node; int modified = 0; size_t revlen; + size_t valid_uids; #ifdef HAVE_W32_SYSTEM /* See keyedit_menu for why we need this. */ @@ -3019,7 +3020,16 @@ keyedit_quick_revuid (ctrl_t ctrl, const char *username, const char *uidtorev) } fix_keyblock (&keyblock); - setup_main_keyids (keyblock); + merge_keys_and_selfsig (keyblock); + + /* Too make sure that we do not revoke the last valid UID, we first + count how many valid UIDs there are. */ + valid_uids = 0; + for (node = keyblock; node; node = node->next) + valid_uids += + node->pkt->pkttype == PKT_USER_ID + && ! node->pkt->pkt.user_id->is_revoked + && ! node->pkt->pkt.user_id->is_expired; revlen = strlen (uidtorev); /* find the right UID */ @@ -3031,6 +3041,15 @@ keyedit_quick_revuid (ctrl_t ctrl, const char *username, const char *uidtorev) { struct revocation_reason_info *reason; + /* Make sure that we do not revoke the last valid UID. */ + if (valid_uids == 1 + && ! node->pkt->pkt.user_id->is_revoked + && ! node->pkt->pkt.user_id->is_expired) + { + log_error (_("Cannot revoke the last valid user ID.\n")); + goto leave; + } + reason = get_default_uid_revocation_reason (); err = core_revuid (ctrl, keyblock, node, reason, &modified); release_revocation_reason_info (reason); @@ -6429,6 +6448,7 @@ menu_revuid (ctrl_t ctrl, kbnode_t pub_keyblock) int changed = 0; int rc; struct revocation_reason_info *reason = NULL; + size_t valid_uids; /* Note that this is correct as per the RFCs, but nevertheless somewhat meaningless in the real world. 1991 did define the 0x30 @@ -6445,11 +6465,30 @@ menu_revuid (ctrl_t ctrl, kbnode_t pub_keyblock) goto leave; } + /* Too make sure that we do not revoke the last valid UID, we first + count how many valid UIDs there are. */ + valid_uids = 0; + for (node = pub_keyblock; node; node = node->next) + valid_uids += + node->pkt->pkttype == PKT_USER_ID + && ! node->pkt->pkt.user_id->is_revoked + && ! node->pkt->pkt.user_id->is_expired; + reloop: /* (better this way because we are modifying the keyring) */ for (node = pub_keyblock; node; node = node->next) if (node->pkt->pkttype == PKT_USER_ID && (node->flag & NODFLG_SELUID)) { int modified = 0; + + /* Make sure that we do not revoke the last valid UID. */ + if (valid_uids == 1 + && ! node->pkt->pkt.user_id->is_revoked + && ! node->pkt->pkt.user_id->is_expired) + { + log_error (_("Cannot revoke the last valid user ID.\n")); + goto leave; + } + rc = core_revuid (ctrl, pub_keyblock, node, reason, &modified); if (rc) goto leave; diff --git a/tests/openpgp/quick-key-manipulation.scm b/tests/openpgp/quick-key-manipulation.scm index 08ef626..9fd5b6b 100755 --- a/tests/openpgp/quick-key-manipulation.scm +++ b/tests/openpgp/quick-key-manipulation.scm @@ -81,6 +81,11 @@ (call-check `(, at GPG --quick-revoke-uid ,(exact bravo) ,charlie)) (error "Expected an error, but get none.")) +(info "Checking that we get an error revoking the last valid user ID.") +(catch '() + (call-check `(, at GPG --quick-revoke-uid ,(exact bravo) ,bravo)) + (error "Expected an error, but get none.")) + (assert (= 1 (count-uids-of-secret-key bravo))) (info "Checking that we can change the expiration time.") ----------------------------------------------------------------------- Summary of changes: g10/keyedit.c | 41 +++++++++++++++++++++++++++++++- tests/openpgp/quick-key-manipulation.scm | 5 ++++ 2 files changed, 45 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 7 14:34:38 2017 From: cvs at cvs.gnupg.org (by Michael Haubenwallner) Date: Tue, 07 Mar 2017 14:34:38 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-37-gc22a2a8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via c22a2a89d3bd3d08b3abb8e4e33df32b480338ec (commit) from 591b6a9d879cbcabb089d89a26d3c3e0306054e1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c22a2a89d3bd3d08b3abb8e4e33df32b480338ec Author: Michael Haubenwallner Date: Tue Mar 7 13:54:49 2017 +0100 gpgscm: Use system strlwr if available. * tests/gpgscm/scheme.c: Define local strlwr only when HAVE_STRLWR is not defined in config.h. * tests/gpgscm/scheme-config.h: Remove hack. Signed-off-by: Justus Winter diff --git a/tests/gpgscm/scheme-config.h b/tests/gpgscm/scheme-config.h index 2003498..15ca969 100644 --- a/tests/gpgscm/scheme-config.h +++ b/tests/gpgscm/scheme-config.h @@ -30,7 +30,3 @@ #define USE_PLIST 0 #define USE_INTERFACE 1 #define SHOW_ERROR_LINE 1 - -#if __MINGW32__ -# define USE_STRLWR 0 -#endif /* __MINGW32__ */ diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c index b2ff721..af97c27 100644 --- a/tests/gpgscm/scheme.c +++ b/tests/gpgscm/scheme.c @@ -12,6 +12,10 @@ * */ +#ifdef HAVE_CONFIG_H +# include +#endif + #define _SCHEME_SOURCE #include "scheme-private.h" #ifndef WIN32 @@ -88,7 +92,7 @@ static int stricmp(const char *s1, const char *s2) } #endif /* __APPLE__ */ -#if USE_STRLWR +#if USE_STRLWR && !defined(HAVE_STRLWR) static const char *strlwr(char *s) { const char *p=s; while(*s) { ----------------------------------------------------------------------- Summary of changes: tests/gpgscm/scheme-config.h | 4 ---- tests/gpgscm/scheme.c | 6 +++++- 2 files changed, 5 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 7 15:27:54 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 07 Mar 2017 15:27:54 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-38-g4b57359 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 4b57359ef3ce0b87e15889e12ef0fcd23f62dcb4 (commit) from c22a2a89d3bd3d08b3abb8e4e33df32b480338ec (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4b57359ef3ce0b87e15889e12ef0fcd23f62dcb4 Author: Justus Winter Date: Tue Mar 7 15:20:19 2017 +0100 build: Improve CFLAGS handling. * configure.ac: Strip any flags matching '-Werror' from CFLAGS before running the tests, and add them back later on. -- Previously, the tests were run with empty CFLAGS. This caused problems, e.g. on Fedora mmap was not detected due to some missing CFLAGS while running the tests. GnuPG-bug-id: 2423 Fixes-commit: 02eb9fc9d5863abcfed6af704e618f8cac7cc2e8 Signed-off-by: Justus Winter diff --git a/configure.ac b/configure.ac index 6d35450..8e2fc43 100644 --- a/configure.ac +++ b/configure.ac @@ -85,12 +85,14 @@ AB_INIT AC_GNU_SOURCE -# Before we do anything with the C compiler, we first save the user's -# CFLAGS (they are restored at the end of the configure script). This -# is because some configure checks don't work with -Werror, but we'd -# like to use -Werror with our build. -CFLAGS_orig=$CFLAGS -CFLAGS= +# Before we do anything with the C compiler, we first split the user's +# CFLAGS into two lists, one containing all flags matching '-Werror', +# and the other one containing all remaing flags. They are recombined +# at the end of the configure script. This is because some configure +# checks don't work with -Werror, but we'd like to use -Werror with +# our build. +CFLAGS_werror="$(echo $CFLAGS | tr '[[:space:]]' '\n' | grep -e -Werror | tr '\n' ' ')" +CFLAGS="$(echo $CFLAGS | tr '[[:space:]]' '\n' | grep -v -e -Werror | tr '\n' ' ')" # Some status variables. have_gpg_error=no @@ -1676,7 +1678,7 @@ fi # # Add user CFLAGS. # -CFLAGS="$CFLAGS $CFLAGS_orig" +CFLAGS="$CFLAGS $CFLAGS_werror" # # Decide what to build ----------------------------------------------------------------------- Summary of changes: configure.ac | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 7 15:34:43 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 07 Mar 2017 15:34:43 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-39-gb71384c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via b71384c8054ce2f245ccfae02b8ee81e1adfc512 (commit) from 4b57359ef3ce0b87e15889e12ef0fcd23f62dcb4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b71384c8054ce2f245ccfae02b8ee81e1adfc512 Author: Justus Winter Date: Tue Mar 7 15:34:35 2017 +0100 Revert "build: Improve CFLAGS handling." This reverts commit 4b57359ef3ce0b87e15889e12ef0fcd23f62dcb4. diff --git a/configure.ac b/configure.ac index 8e2fc43..6d35450 100644 --- a/configure.ac +++ b/configure.ac @@ -85,14 +85,12 @@ AB_INIT AC_GNU_SOURCE -# Before we do anything with the C compiler, we first split the user's -# CFLAGS into two lists, one containing all flags matching '-Werror', -# and the other one containing all remaing flags. They are recombined -# at the end of the configure script. This is because some configure -# checks don't work with -Werror, but we'd like to use -Werror with -# our build. -CFLAGS_werror="$(echo $CFLAGS | tr '[[:space:]]' '\n' | grep -e -Werror | tr '\n' ' ')" -CFLAGS="$(echo $CFLAGS | tr '[[:space:]]' '\n' | grep -v -e -Werror | tr '\n' ' ')" +# Before we do anything with the C compiler, we first save the user's +# CFLAGS (they are restored at the end of the configure script). This +# is because some configure checks don't work with -Werror, but we'd +# like to use -Werror with our build. +CFLAGS_orig=$CFLAGS +CFLAGS= # Some status variables. have_gpg_error=no @@ -1678,7 +1676,7 @@ fi # # Add user CFLAGS. # -CFLAGS="$CFLAGS $CFLAGS_werror" +CFLAGS="$CFLAGS $CFLAGS_orig" # # Decide what to build ----------------------------------------------------------------------- Summary of changes: configure.ac | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 8 11:38:57 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 08 Mar 2017 11:38:57 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-41-g8f02864 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 8f028642239fa992c6c059e3c1b4421a1813c827 (commit) via f0257b4a86b73f5b956028e68590b6d2a23ea4da (commit) from b71384c8054ce2f245ccfae02b8ee81e1adfc512 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8f028642239fa992c6c059e3c1b4421a1813c827 Author: Werner Koch Date: Wed Mar 8 11:34:41 2017 +0100 dirmngr: Do not put a keyserver into a new dirmngr.conf * g10/dirmngr-conf.skel: Do not define keyservers. -- diff --git a/g10/dirmngr-conf.skel b/g10/dirmngr-conf.skel index fbb730b..e2885e6 100644 --- a/g10/dirmngr-conf.skel +++ b/g10/dirmngr-conf.skel @@ -42,20 +42,21 @@ # through the usual method: # hkp://keyserver.example.net:22742 # -# Most users just set the name and type of their preferred keyserver. # Note that most servers (with the notable exception of # ldap://keyserver.pgp.com) synchronize changes with each other. Note # also that a single server name may actually point to multiple -# servers via DNS round-robin. hkp://keys.gnupg.net is an example of -# such a "server", which spreads the load over a number of physical -# servers. +# servers via DNS round-robin or service records. # # If exactly two keyservers are configured and only one is a Tor hidden # service, Dirmngr selects the keyserver to use depending on whether -# Tor is locally running or not (on a per session base). +# Tor is locally running or not (on a per session base). Example: +# +# keyserver hkp://jirk5u4osbsr34t5.onion +# keyserver hkps://hkps.pool.sks-keyservers.net +# +# If no keyserver is specified GnuPG uses +# hkps://hkps.pool.sks-keyservers.net -keyserver hkp://jirk5u4osbsr34t5.onion -keyserver hkp://keys.gnupg.net # --hkp-cacert FILENAME # @@ -65,5 +66,8 @@ keyserver hkp://keys.gnupg.net # root certificates here. If that file is in PEM format a ".pem" # suffix is expected. This option may be given multiple times to add # more root certificates. Tilde expansion is supported. +# This is not required when the default server +# hkps://hkps.pool.sks-keyservers.net +# is used. #hkp-cacert /path/to/CA/sks-keyservers.netCA.pem commit f0257b4a86b73f5b956028e68590b6d2a23ea4da Author: Werner Koch Date: Wed Mar 8 10:46:09 2017 +0100 doc: Add a note to the trust model direct. * doc/gpg.texi (GPG Configuration Options): Add note. Chnage Index from trust-mode:foo to trust-model:foo. diff --git a/doc/gpg.texi b/doc/gpg.texi index 55482b1..0e107ec 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1608,17 +1608,17 @@ Set what trust model GnuPG should follow. The models are: @table @asis @item pgp - @opindex trust-mode:pgp + @opindex trust-model:pgp This is the Web of Trust combined with trust signatures as used in PGP 5.x and later. This is the default trust model when creating a new trust database. @item classic - @opindex trust-mode:classic + @opindex trust-model:classic This is the standard Web of Trust as introduced by PGP 2. @item tofu - @opindex trust-mode:tofu + @opindex trust-model:tofu @anchor{trust-model-tofu} TOFU stands for Trust On First Use. In this trust model, the first time a key is seen, it is memorized. If later another key is seen @@ -1664,7 +1664,7 @@ Set what trust model GnuPG should follow. The models are: @code{undefined} trust level is returned. @item tofu+pgp - @opindex trust-mode:tofu+pgp + @opindex trust-model:tofu+pgp This trust model combines TOFU with the Web of Trust. This is done by computing the trust level for each model and then taking the maximum trust level where the trust levels are ordered as follows: @@ -1677,12 +1677,16 @@ Set what trust model GnuPG should follow. The models are: which some security-conscious users don't like. @item direct - @opindex trust-mode:direct + @opindex trust-model:direct Key validity is set directly by the user and not calculated via the - Web of Trust. + Web of Trust. This model is soley based on the key and does + not distinguish user IDs. Note that when changing to another trust + model the trust values assigned to a key are transformed into + ownertrust values, which also indicate how you trust the owner of + the key to sign other keys. @item always - @opindex trust-mode:always + @opindex trust-model:always Skip key validation and assume that used keys are always fully valid. You generally won't use this unless you are using some external validation scheme. This option also suppresses the @@ -1692,7 +1696,7 @@ Set what trust model GnuPG should follow. The models are: disabled keys. @item auto - @opindex trust-mode:auto + @opindex trust-model:auto Select the trust model depending on whatever the internal trust database says. This is the default model if such a database already exists. ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 20 ++++++++++++-------- g10/dirmngr-conf.skel | 18 +++++++++++------- 2 files changed, 23 insertions(+), 15 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 8 11:44:42 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 08 Mar 2017 11:44:42 +0100 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.27-4-g5e51b64 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 5e51b642f747547c737a7abbc37e65b0f630d188 (commit) from 1126c4c117a47c8ea8435ac11561d51b13f538dd (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5e51b642f747547c737a7abbc37e65b0f630d188 Author: Justus Winter Date: Mon Feb 13 10:58:23 2017 +0100 build: Use macOS' compatibility macros to enable all features. * configure.ac: On macOS, use the compatibility macros to expose every feature of the libc. This is the equivalent of _GNU_SOURCE on GNU libc. -- Not defining this leads to compilation errors or superfluous warnings on macOS. GnuPG-bug-id: 2910 Signed-off-by: Justus Winter diff --git a/configure.ac b/configure.ac index a44f0c8..d5c6887 100644 --- a/configure.ac +++ b/configure.ac @@ -81,7 +81,7 @@ AC_PROG_AWK AC_CHECK_TOOL(AR, ar, :) AC_GNU_SOURCE -# Set some internal variables depending on the platform for later use. +# Set some variables depending on the platform for later use. have_w32_system=no have_w64_system=no have_w32ce_system=no @@ -97,6 +97,12 @@ case "${host}" in *-mingw32*) have_w32_system=yes ;; + *-apple-darwin*) + # This is the equivalent of the _GNU_SOURCE feature-test-macro + # on GNU libc systems. + AC_DEFINE(_DARWIN_C_SOURCE, 900000L, + Expose all libc features (__DARWIN_C_FULL).) + ;; *) ;; esac ----------------------------------------------------------------------- Summary of changes: configure.ac | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 8 12:30:21 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 08 Mar 2017 12:30:21 +0100 Subject: [git] Assuan - branch, master, updated. libassuan-2.4.3-3-gb26b73d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via b26b73d04bff10852382113ae361ea5726661510 (commit) from 8ab3b9273524bd344bdb90dd5d3bc8e5f53ead6e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b26b73d04bff10852382113ae361ea5726661510 Author: Justus Winter Date: Wed Mar 8 12:11:04 2017 +0100 build: Use macOS' compatibility macros to enable all features. * configure.ac: On macOS, use the compatibility macros to expose every feature of the libc. This is the equivalent of _GNU_SOURCE on GNU libc. -- Not defining this leads to compilation errors or superfluous warnings on macOS. GnuPG-bug-id: 2910 Signed-off-by: Justus Winter diff --git a/configure.ac b/configure.ac index dc987f7..963a76b 100644 --- a/configure.ac +++ b/configure.ac @@ -114,7 +114,8 @@ case "${host}" in ;; *-apple-darwin*) AC_DEFINE(_XOPEN_SOURCE, 500, Activate POSIX interface on MacOS X) - AC_DEFINE(_DARWIN_C_SOURCE, 1, Activate CMSG_LEN/CMSG_SPACE on MacOS X) + AC_DEFINE(_DARWIN_C_SOURCE, 900000L, + Expose all libc features (__DARWIN_C_FULL)) ;; esac ----------------------------------------------------------------------- Summary of changes: configure.ac | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 8 13:04:30 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 08 Mar 2017 13:04:30 +0100 Subject: [git] KSBA - branch, master, updated. libksba-1.3.5-3-g561d03a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "KSBA is a library to access X.509 certificates and CMS data.". The branch, master has been updated via 561d03a008150c201ece22b29c97b24a1f6bf590 (commit) from 100ed5092aec0afe16ca7a4fe660602745e92a36 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 561d03a008150c201ece22b29c97b24a1f6bf590 Author: Justus Winter Date: Wed Mar 8 12:59:09 2017 +0100 build: Use macOS' compatibility macros to enable all features. * configure.ac: On macOS, use the compatibility macros to expose every feature of the libc. This is the equivalent of _GNU_SOURCE on GNU libc. -- Not defining this leads to compilation errors or superfluous warnings on macOS. GnuPG-bug-id: 2910 Signed-off-by: Justus Winter diff --git a/configure.ac b/configure.ac index 1efb3ef..34e4eae 100644 --- a/configure.ac +++ b/configure.ac @@ -213,6 +213,10 @@ case "${host}" in *-*-mingw32*) have_w32_system=yes ;; + *-apple-darwin*) + AC_DEFINE(_DARWIN_C_SOURCE, 900000L, + Expose all libc features (__DARWIN_C_FULL).) + ;; *) ;; esac ----------------------------------------------------------------------- Summary of changes: configure.ac | 4 ++++ 1 file changed, 4 insertions(+) hooks/post-receive -- KSBA is a library to access X.509 certificates and CMS data. http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 8 13:10:40 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 08 Mar 2017 13:10:40 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.7.3-77-g6540240 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 654024081cfa103c87bb163b117ea3568171d408 (commit) from 5bd530b8a4624f101b8d42e68f1b28bcc13f4f76 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 654024081cfa103c87bb163b117ea3568171d408 Author: Justus Winter Date: Wed Mar 8 13:09:11 2017 +0100 build: Use macOS' compatibility macros to enable all features. * configure.ac: On macOS, use the compatibility macros to expose every feature of the libc. This is the equivalent of _GNU_SOURCE on GNU libc. -- Not defining this leads to compilation errors or superfluous warnings on macOS. GnuPG-bug-id: 2910 Signed-off-by: Justus Winter diff --git a/configure.ac b/configure.ac index 78508ec..2609b41 100644 --- a/configure.ac +++ b/configure.ac @@ -270,6 +270,10 @@ case "${host}" in ;; m68k-atari-mint) ;; + *-apple-darwin*) + AC_DEFINE(_DARWIN_C_SOURCE, 900000L, + Expose all libc features (__DARWIN_C_FULL).) + ;; *) ;; esac ----------------------------------------------------------------------- Summary of changes: configure.ac | 4 ++++ 1 file changed, 4 insertions(+) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 8 13:21:11 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 08 Mar 2017 13:21:11 +0100 Subject: [git] NTBTLS - branch, master, updated. e582e91e47a164816ac074b9078dbed8537601dc Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Not Too Bad TLS". The branch, master has been updated via e582e91e47a164816ac074b9078dbed8537601dc (commit) from 23670ada738071ec464c9a40f6b3528e23998655 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e582e91e47a164816ac074b9078dbed8537601dc Author: Justus Winter Date: Wed Mar 8 13:17:40 2017 +0100 build: Use macOS' compatibility macros to enable all features. * configure.ac: On macOS, use the compatibility macros to expose every feature of the libc. This is the equivalent of _GNU_SOURCE on GNU libc. -- Not defining this leads to compilation errors or superfluous warnings on macOS. GnuPG-bug-id: 2910 ed-off-by: Justus Winter diff --git a/configure.ac b/configure.ac index 9edb53f..80b958e 100644 --- a/configure.ac +++ b/configure.ac @@ -225,6 +225,10 @@ case "${host}" in have_android_system=yes run_tests=no ;; + *-apple-darwin*) + AC_DEFINE(_DARWIN_C_SOURCE, 900000L, + Expose all libc features (__DARWIN_C_FULL).) + ;; *) ;; esac ----------------------------------------------------------------------- Summary of changes: configure.ac | 4 ++++ 1 file changed, 4 insertions(+) hooks/post-receive -- Not Too Bad TLS http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 8 13:32:05 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 08 Mar 2017 13:32:05 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-43-gdd60e86 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via dd60e868d2bf649a33dc96e207ffd3b8ae4d35af (commit) via 2649fdfff5d9e227025956e015b67502fd4962c4 (commit) from 8f028642239fa992c6c059e3c1b4421a1813c827 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit dd60e868d2bf649a33dc96e207ffd3b8ae4d35af Author: Justus Winter Date: Wed Mar 8 13:29:39 2017 +0100 build: Use macOS' compatibility macros to enable all features. * configure.ac: On macOS, use the compatibility macros to expose every feature of the libc. This is the equivalent of _GNU_SOURCE on GNU libc. -- Not defining this leads to compilation errors or superfluous warnings on macOS. GnuPG-bug-id: 2910 Signed-off-by: Justus Winter diff --git a/configure.ac b/configure.ac index 6d35450..bd618e5 100644 --- a/configure.ac +++ b/configure.ac @@ -712,6 +712,10 @@ case "${host}" in # keeps things simple require_iconv=no ;; + *-apple-darwin*) + AC_DEFINE(_DARWIN_C_SOURCE, 900000L, + Expose all libc features (__DARWIN_C_FULL).) + ;; *) ;; esac commit 2649fdfff5d9e227025956e015b67502fd4962c4 Author: Justus Winter Date: Wed Mar 8 11:01:22 2017 +0100 g10: Move more flags into the flag bitfield. * g10/packet.h (PKT_user_id): Move 'is_primary', 'is_revoked', and 'is_expired' into the flags bitfield, and drop the prefix. * g10/call-dirmngr.c: Adapt accordingly. * g10/export.c: Likewise. * g10/getkey.c: Likewise. * g10/import.c: Likewise. * g10/kbnode.c: Likewise. * g10/keyedit.c: Likewise. * g10/keylist.c: Likewise. * g10/keyserver.c: Likewise. * g10/mainproc.c: Likewise. * g10/pkclist.c: Likewise. * g10/pubkey-enc.c: Likewise. * g10/tofu.c: Likewise. * g10/trust.c: Likewise. * g10/trustdb.c: Likewise. -- This patch has been created by applying the following semantic patch: @@ expression E; @@ -E->is_expired +E->flags.expired @@ expression E; @@ -E->is_primary +E->flags.primary @@ expression E; @@ -E->is_revoked +E->flags.revoked Signed-off-by: Justus Winter diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c index a33cdc7..aa39155 100644 --- a/g10/call-dirmngr.c +++ b/g10/call-dirmngr.c @@ -987,9 +987,9 @@ ks_put_inq_cb (void *opaque, const char *line) int i; i = 0; - if (uid->is_revoked) + if (uid->flags.revoked) validity[i ++] = 'r'; - if (uid->is_expired) + if (uid->flags.expired) validity[i ++] = 'e'; validity[i] = '\0'; diff --git a/g10/export.c b/g10/export.c index 2da5309..a7aecd6 100644 --- a/g10/export.c +++ b/g10/export.c @@ -1434,7 +1434,7 @@ print_pka_or_dane_records (iobuf_t out, kbnode_t keyblock, PKT_public_key *pk, continue; uid = node->pkt->pkt.user_id; - if (uid->is_expired || uid->is_revoked) + if (uid->flags.expired || uid->flags.revoked) continue; xfree (mbox); diff --git a/g10/getkey.c b/g10/getkey.c index 548f8bf..9c9d8b2 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -274,7 +274,7 @@ get_primary_uid (KBNODE keyblock, size_t * uidlen) { if (k->pkt->pkttype == PKT_USER_ID && !k->pkt->pkt.user_id->attrib_data - && k->pkt->pkt.user_id->is_primary) + && k->pkt->pkt.user_id->flags.primary) { *uidlen = k->pkt->pkt.user_id->len; return k->pkt->pkt.user_id->name; @@ -970,7 +970,7 @@ skip_unusable (void *dummy, u32 * keyid, int uid_no) if (uids_seen != uid_no) continue; - if (user_id->is_revoked || user_id->is_expired) + if (user_id->flags.revoked || user_id->flags.expired) unusable = 1; break; @@ -1494,7 +1494,7 @@ key_is_ok (const PKT_public_key *key) static int uid_is_ok (const PKT_public_key *key, const PKT_user_id *uid) { - return key_is_ok (key) && ! uid->is_revoked; + return key_is_ok (key) && ! uid->flags.revoked; } @@ -2347,26 +2347,26 @@ fixup_uidnode (KBNODE uidnode, KBNODE signode, u32 keycreated) uid->created = 0; /* Not created == invalid. */ if (IS_UID_REV (sig)) { - uid->is_revoked = 1; + uid->flags.revoked = 1; return; /* Has been revoked. */ } else - uid->is_revoked = 0; + uid->flags.revoked = 0; uid->expiredate = sig->expiredate; if (sig->flags.expired) { - uid->is_expired = 1; + uid->flags.expired = 1; return; /* Has expired. */ } else - uid->is_expired = 0; + uid->flags.expired = 0; uid->created = sig->timestamp; /* This one is okay. */ uid->selfsigversion = sig->version; /* If we got this far, it's not expired :) */ - uid->is_expired = 0; + uid->flags.expired = 0; /* Store the key flags in the helper variable for later processing. */ uid->help_key_usage = parse_key_usage (sig); @@ -2380,10 +2380,10 @@ fixup_uidnode (KBNODE uidnode, KBNODE signode, u32 keycreated) /* Set the primary user ID flag - we will later wipe out some * of them to only have one in our keyblock. */ - uid->is_primary = 0; + uid->flags.primary = 0; p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PRIMARY_UID, NULL); if (p && *p) - uid->is_primary = 2; + uid->flags.primary = 2; /* We could also query this from the unhashed area if it is not in * the hased area and then later try to decide which is the better @@ -2917,7 +2917,7 @@ merge_selfsigs_main (KBNODE keyblock, int *r_revoked, if (k->pkt->pkttype == PKT_USER_ID && !k->pkt->pkt.user_id->attrib_data) { PKT_user_id *uid = k->pkt->pkt.user_id; - if (uid->is_primary) + if (uid->flags.primary) { if (uid->created > uiddate) { @@ -2961,7 +2961,7 @@ merge_selfsigs_main (KBNODE keyblock, int *r_revoked, { PKT_user_id *uid = k->pkt->pkt.user_id; if (k != uidnode) - uid->is_primary = 0; + uid->flags.primary = 0; } } } @@ -2969,7 +2969,7 @@ merge_selfsigs_main (KBNODE keyblock, int *r_revoked, { /* None is flagged primary - use the latest user ID we have, and disambiguate with the arbitrary packet comparison. */ - uidnode2->pkt->pkt.user_id->is_primary = 1; + uidnode2->pkt->pkt.user_id->flags.primary = 1; } else { @@ -2988,7 +2988,7 @@ merge_selfsigs_main (KBNODE keyblock, int *r_revoked, if (!uidnode) { uidnode = k; - uidnode->pkt->pkt.user_id->is_primary = 1; + uidnode->pkt->pkt.user_id->flags.primary = 1; continue; } else @@ -2996,12 +2996,12 @@ merge_selfsigs_main (KBNODE keyblock, int *r_revoked, if (cmp_user_ids (k->pkt->pkt.user_id, uidnode->pkt->pkt.user_id) > 0) { - uidnode->pkt->pkt.user_id->is_primary = 0; + uidnode->pkt->pkt.user_id->flags.primary = 0; uidnode = k; - uidnode->pkt->pkt.user_id->is_primary = 1; + uidnode->pkt->pkt.user_id->flags.primary = 1; } else - k->pkt->pkt.user_id->is_primary = 0; /* just to be + k->pkt->pkt.user_id->flags.primary = 0; /* just to be safe */ } } @@ -3315,7 +3315,7 @@ merge_selfsigs (KBNODE keyblock) { if (k->pkt->pkttype == PKT_USER_ID && !k->pkt->pkt.user_id->attrib_data - && k->pkt->pkt.user_id->is_primary) + && k->pkt->pkt.user_id->flags.primary) { prefs = k->pkt->pkt.user_id->prefs; mdc_feature = k->pkt->pkt.user_id->flags.mdc; diff --git a/g10/import.c b/g10/import.c index 640618a..ea7a92f 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1189,15 +1189,15 @@ impex_filter_getval (void *cookie, const char *propname) } else if (!strcmp (propname, "primary")) { - result = uid->is_primary? "1":"0"; + result = uid->flags.primary? "1":"0"; } else if (!strcmp (propname, "expired")) { - result = uid->is_expired? "1":"0"; + result = uid->flags.expired? "1":"0"; } else if (!strcmp (propname, "revoked")) { - result = uid->is_revoked? "1":"0"; + result = uid->flags.revoked? "1":"0"; } else result = NULL; diff --git a/g10/kbnode.c b/g10/kbnode.c index 153dce2..b8c31b7 100644 --- a/g10/kbnode.c +++ b/g10/kbnode.c @@ -392,10 +392,10 @@ dump_kbnode (KBNODE node) es_write_sanitized (log_get_stream (), uid->name, uid->len, NULL, NULL); log_printf ("\" %c%c%c%c\n", - uid->is_expired? 'e':'.', - uid->is_revoked? 'r':'.', + uid->flags.expired? 'e':'.', + uid->flags.revoked? 'r':'.', uid->created? 'v':'.', - uid->is_primary? 'p':'.' ); + uid->flags.primary? 'p':'.' ); } else if (node->pkt->pkttype == PKT_SIGNATURE) { diff --git a/g10/keyedit.c b/g10/keyedit.c index 660e8bf..2b0f45e 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -1164,7 +1164,7 @@ sign_uids (ctrl_t ctrl, estream_t fp, uidnode->flag &= ~NODFLG_MARK_A; uidnode = NULL; } - else if (uidnode->pkt->pkt.user_id->is_revoked) + else if (uidnode->pkt->pkt.user_id->flags.revoked) { tty_fprintf (fp, _("User ID \"%s\" is revoked."), user); @@ -1192,7 +1192,7 @@ sign_uids (ctrl_t ctrl, estream_t fp, tty_fprintf (fp, _(" Unable to sign.\n")); } } - else if (uidnode->pkt->pkt.user_id->is_expired) + else if (uidnode->pkt->pkt.user_id->flags.expired) { tty_fprintf (fp, _("User ID \"%s\" is expired."), user); @@ -3028,8 +3028,8 @@ keyedit_quick_revuid (ctrl_t ctrl, const char *username, const char *uidtorev) for (node = keyblock; node; node = node->next) valid_uids += node->pkt->pkttype == PKT_USER_ID - && ! node->pkt->pkt.user_id->is_revoked - && ! node->pkt->pkt.user_id->is_expired; + && ! node->pkt->pkt.user_id->flags.revoked + && ! node->pkt->pkt.user_id->flags.expired; revlen = strlen (uidtorev); /* find the right UID */ @@ -3043,8 +3043,8 @@ keyedit_quick_revuid (ctrl_t ctrl, const char *username, const char *uidtorev) /* Make sure that we do not revoke the last valid UID. */ if (valid_uids == 1 - && ! node->pkt->pkt.user_id->is_revoked - && ! node->pkt->pkt.user_id->is_expired) + && ! node->pkt->pkt.user_id->flags.revoked + && ! node->pkt->pkt.user_id->flags.expired) { log_error (_("Cannot revoke the last valid user ID.\n")); goto leave; @@ -3735,9 +3735,9 @@ show_key_with_all_names_colon (ctrl_t ctrl, estream_t fp, kbnode_t keyblock) else es_fputs ("uid:", fp); - if (uid->is_revoked) + if (uid->flags.revoked) es_fputs ("r::::::::", fp); - else if (uid->is_expired) + else if (uid->flags.expired) es_fputs ("e::::::::", fp); else if (opt.fast_list_mode || opt.no_expensive_trust_checks) es_fputs ("::::::::", fp); @@ -3785,11 +3785,11 @@ show_key_with_all_names_colon (ctrl_t ctrl, estream_t fp, kbnode_t keyblock) es_putc (':', fp); /* flags */ es_fprintf (fp, "%d,", i); - if (uid->is_primary) + if (uid->flags.primary) es_putc ('p', fp); - if (uid->is_revoked) + if (uid->flags.revoked) es_putc ('r', fp); - if (uid->is_expired) + if (uid->flags.expired) es_putc ('e', fp); if ((node->flag & NODFLG_SELUID)) es_putc ('s', fp); @@ -3835,7 +3835,7 @@ show_names (ctrl_t ctrl, estream_t fp, tty_fprintf (fp, " "); else if (node->flag & NODFLG_SELUID) tty_fprintf (fp, "(%d)* ", i); - else if (uid->is_primary) + else if (uid->flags.primary) tty_fprintf (fp, "(%d). ", i); else tty_fprintf (fp, "(%d) ", i); @@ -4167,9 +4167,9 @@ show_basic_key_info (KBNODE keyblock) ++i; tty_printf (" "); - if (uid->is_revoked) + if (uid->flags.revoked) tty_printf ("[%s] ", _("revoked")); - else if (uid->is_expired) + else if (uid->flags.expired) tty_printf ("[%s] ", _("expired")); tty_print_utf8_string (uid->name, uid->len); tty_printf ("\n"); @@ -4277,7 +4277,7 @@ no_primary_warning (KBNODE keyblock) { uid_count++; - if (node->pkt->pkt.user_id->is_primary == 2) + if (node->pkt->pkt.user_id->flags.primary == 2) { have_primary = 1; break; @@ -4478,7 +4478,7 @@ menu_deluid (KBNODE pub_keyblock) { /* Only cause a trust update if we delete a non-revoked user id */ - if (!node->pkt->pkt.user_id->is_revoked) + if (!node->pkt->pkt.user_id->flags.revoked) update_trust = 1; delete_kbnode (node); } @@ -4598,9 +4598,9 @@ menu_clean (KBNODE keyblock, int self_only) { const char *reason; - if (uidnode->pkt->pkt.user_id->is_revoked) + if (uidnode->pkt->pkt.user_id->flags.revoked) reason = _("revoked"); - else if (uidnode->pkt->pkt.user_id->is_expired) + else if (uidnode->pkt->pkt.user_id->flags.expired) reason = _("expired"); else reason = _("invalid"); @@ -6335,7 +6335,7 @@ reloop: /* (must use this, because we are modifing the list) */ /* Are we revoking our own uid? */ if (primary_pk->keyid[0] == sig->keyid[0] && primary_pk->keyid[1] == sig->keyid[1]) - unode->pkt->pkt.user_id->is_revoked = 1; + unode->pkt->pkt.user_id->flags.revoked = 1; pkt = xmalloc_clear (sizeof *pkt); pkt->pkttype = PKT_SIGNATURE; pkt->pkt.signature = sig; @@ -6369,7 +6369,7 @@ core_revuid (ctrl_t ctrl, kbnode_t keyblock, KBNODE node, { PKT_user_id *uid = node->pkt->pkt.user_id; - if (uid->is_revoked) + if (uid->flags.revoked) { char *user = utf8_to_native (uid->name, uid->len, 0); log_info (_("user ID \"%s\" is already revoked\n"), user); @@ -6429,7 +6429,7 @@ core_revuid (ctrl_t ctrl, kbnode_t keyblock, KBNODE node, update_trust = 1; #endif /*!NO_TRUST_MODELS*/ - node->pkt->pkt.user_id->is_revoked = 1; + node->pkt->pkt.user_id->flags.revoked = 1; if (modified) *modified = 1; } @@ -6471,8 +6471,8 @@ menu_revuid (ctrl_t ctrl, kbnode_t pub_keyblock) for (node = pub_keyblock; node; node = node->next) valid_uids += node->pkt->pkttype == PKT_USER_ID - && ! node->pkt->pkt.user_id->is_revoked - && ! node->pkt->pkt.user_id->is_expired; + && ! node->pkt->pkt.user_id->flags.revoked + && ! node->pkt->pkt.user_id->flags.expired; reloop: /* (better this way because we are modifying the keyring) */ for (node = pub_keyblock; node; node = node->next) @@ -6482,8 +6482,8 @@ menu_revuid (ctrl_t ctrl, kbnode_t pub_keyblock) /* Make sure that we do not revoke the last valid UID. */ if (valid_uids == 1 - && ! node->pkt->pkt.user_id->is_revoked - && ! node->pkt->pkt.user_id->is_expired) + && ! node->pkt->pkt.user_id->flags.revoked + && ! node->pkt->pkt.user_id->flags.expired) { log_error (_("Cannot revoke the last valid user ID.\n")); goto leave; diff --git a/g10/keylist.c b/g10/keylist.c index 93b5ee6..3f9e313 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -849,9 +849,8 @@ dump_attribs (const PKT_user_id *uid, PKT_public_key *pk) (ulong) uid->attribs[i].len, uid->attribs[i].type, i + 1, uid->numattribs, (ulong) uid->created, (ulong) uid->expiredate, - ((uid->is_primary ? 0x01 : 0) | (uid-> - is_revoked ? 0x02 : 0) | - (uid->is_expired ? 0x04 : 0))); + ((uid->flags.primary ? 0x01 : 0) | (uid->flags.revoked ? 0x02 : 0) | + (uid->flags.expired ? 0x04 : 0))); write_status_text (STATUS_ATTRIBUTE, buf); } @@ -926,7 +925,7 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr, int indent; int kl = opt.keyid_format == KF_NONE? 10 : keystrlen (); - if ((uid->is_expired || uid->is_revoked) + if ((uid->flags.expired || uid->flags.revoked) && !(opt.list_options & LIST_SHOW_UNUSABLE_UIDS)) { skip_sigs = 1; @@ -938,7 +937,7 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr, if (attrib_fp && uid->attrib_data != NULL) dump_attribs (uid, pk); - if ((uid->is_revoked || uid->is_expired) + if ((uid->flags.revoked || uid->flags.expired) || ((opt.list_options & LIST_SHOW_UID_VALIDITY) && !listctx->no_validity)) { @@ -1297,9 +1296,9 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock, if (attrib_fp && uid->attrib_data != NULL) dump_attribs (uid, pk); - if (uid->is_revoked) + if (uid->flags.revoked) uid_validity = 'r'; - else if (uid->is_expired) + else if (uid->flags.expired) uid_validity = 'e'; else if (opt.no_expensive_trust_checks) uid_validity = 0; @@ -1556,7 +1555,7 @@ do_reorder_keyblock (KBNODE keyblock, int attr) if (node->pkt->pkttype == PKT_USER_ID && ((attr && node->pkt->pkt.user_id->attrib_data) || (!attr && !node->pkt->pkt.user_id->attrib_data)) && - node->pkt->pkt.user_id->is_primary) + node->pkt->pkt.user_id->flags.primary) { primary = primary2 = node; for (node = node->next; node; primary2 = node, node = node->next) diff --git a/g10/keyserver.c b/g10/keyserver.c index 0794527..1fe3ea8 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -1323,7 +1323,7 @@ keyidlist(strlist_t users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3) for(node=node->next;node;node=node->next) { if(node->pkt->pkttype==PKT_USER_ID - && node->pkt->pkt.user_id->is_primary) + && node->pkt->pkt.user_id->flags.primary) uid=node->pkt->pkt.user_id; else if(node->pkt->pkttype==PKT_SIGNATURE && node->pkt->pkt.signature-> diff --git a/g10/mainproc.c b/g10/mainproc.c index 2acd51e..4c5dce1 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1960,11 +1960,11 @@ check_sig_and_print (CTX c, kbnode_t node) continue; if (!un->pkt->pkt.user_id->created) continue; - if (un->pkt->pkt.user_id->is_revoked) + if (un->pkt->pkt.user_id->flags.revoked) continue; - if (un->pkt->pkt.user_id->is_expired) + if (un->pkt->pkt.user_id->flags.expired) continue; - if (!un->pkt->pkt.user_id->is_primary) + if (!un->pkt->pkt.user_id->flags.primary) continue; /* We want the textual primary user ID here */ if (un->pkt->pkt.user_id->attrib_data) @@ -2041,12 +2041,12 @@ check_sig_and_print (CTX c, kbnode_t node) { if (un->pkt->pkttype != PKT_USER_ID) continue; - if ((un->pkt->pkt.user_id->is_revoked - || un->pkt->pkt.user_id->is_expired) + if ((un->pkt->pkt.user_id->flags.revoked + || un->pkt->pkt.user_id->flags.expired) && !(opt.verify_options & VERIFY_SHOW_UNUSABLE_UIDS)) continue; /* Skip textual primary user ids which we printed above. */ - if (un->pkt->pkt.user_id->is_primary + if (un->pkt->pkt.user_id->flags.primary && !un->pkt->pkt.user_id->attrib_data ) continue; @@ -2071,9 +2071,9 @@ check_sig_and_print (CTX c, kbnode_t node) { const char *valid; - if (un->pkt->pkt.user_id->is_revoked) + if (un->pkt->pkt.user_id->flags.revoked) valid = _("revoked"); - else if (un->pkt->pkt.user_id->is_expired) + else if (un->pkt->pkt.user_id->flags.expired) valid = _("expired"); else /* Since this is just informational, don't diff --git a/g10/packet.h b/g10/packet.h index 3457f53..efccc76 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -280,19 +280,18 @@ typedef struct u32 help_key_expire; int help_full_count; int help_marginal_count; - int is_primary; /* 2 if set via the primary flag, 1 if calculated */ - int is_revoked; - int is_expired; u32 expiredate; /* expires at this date or 0 if not at all */ prefitem_t *prefs; /* list of preferences (may be NULL)*/ u32 created; /* according to the self-signature */ byte selfsigversion; struct { - /* TODO: Move more flags here */ unsigned int mdc:1; unsigned int ks_modify:1; unsigned int compacted:1; + unsigned int primary:2; /* 2 if set via the primary flag, 1 if calculated */ + unsigned int revoked:1; + unsigned int expired:1; } flags; char *mbox; /* NULL or the result of mailbox_from_userid. */ /* The text contained in the user id packet, which is normally the diff --git a/g10/pkclist.c b/g10/pkclist.c index 698794e..bf43d56 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -235,12 +235,12 @@ do_edit_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int mode, { if (un->pkt->pkttype != PKT_USER_ID ) continue; - if (un->pkt->pkt.user_id->is_revoked ) + if (un->pkt->pkt.user_id->flags.revoked) continue; - if (un->pkt->pkt.user_id->is_expired ) + if (un->pkt->pkt.user_id->flags.expired) continue; /* Only skip textual primaries */ - if (un->pkt->pkt.user_id->is_primary + if (un->pkt->pkt.user_id->flags.primary && !un->pkt->pkt.user_id->attrib_data ) continue; diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index cc962cf..d2261b0 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -54,7 +54,7 @@ is_algo_in_prefs (kbnode_t keyblock, preftype_t type, int algo) PKT_user_id *uid = k->pkt->pkt.user_id; prefitem_t *prefs = uid->prefs; - if (uid->created && prefs && !uid->is_revoked && !uid->is_expired) + if (uid->created && prefs && !uid->flags.revoked && !uid->flags.expired) { for (; prefs->type; prefs++) if (prefs->type == type && prefs->value == algo) diff --git a/g10/tofu.c b/g10/tofu.c index 9d6a457..9d9d8df 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -2209,9 +2209,9 @@ build_conflict_set (tofu_dbs_t dbs, { found_user_id = 1; - if (user_id2->is_revoked) + if (user_id2->flags.revoked) iter->flags |= BINDING_REVOKED; - if (user_id2->is_expired) + if (user_id2->flags.expired) iter->flags |= BINDING_EXPIRED; } @@ -3486,7 +3486,7 @@ tofu_register_encryption (ctrl_t ctrl, { PKT_user_id *uid = n->pkt->pkt.user_id; - if (uid->is_revoked) + if (uid->flags.revoked) continue; add_to_strlist (&user_id_list, uid->name); @@ -3871,7 +3871,7 @@ tofu_set_policy (ctrl_t ctrl, kbnode_t kb, enum tofu_policy policy) continue; user_id = kb->pkt->pkt.user_id; - if (user_id->is_revoked) + if (user_id->flags.revoked) /* Skip revoked user ids. (Don't skip expired user ids, the expiry can be changed.) */ continue; diff --git a/g10/trust.c b/g10/trust.c index 77fde4c..b1f6222 100644 --- a/g10/trust.c +++ b/g10/trust.c @@ -145,9 +145,9 @@ uid_trust_string_fixed (ctrl_t ctrl, PKT_public_key *key, PKT_user_id *uid) uid are both NULL, or neither are NULL. */ return _("10 translator see trust.c:uid_trust_string_fixed"); } - else if(uid->is_revoked || (key && key->flags.revoked)) + else if(uid->flags.revoked || (key && key->flags.revoked)) return _("[ revoked]"); - else if(uid->is_expired) + else if(uid->flags.expired) return _("[ expired]"); else if(key) { @@ -703,7 +703,7 @@ clean_uid_from_key (kbnode_t keyblock, kbnode_t uidnode, int noisy) IDs if --allow-non-selfsigned-uid is set. */ if (uid->created || uid->flags.compacted - || (!uid->is_expired && !uid->is_revoked && opt.allow_non_selfsigned_uid)) + || (!uid->flags.expired && !uid->flags.revoked && opt.allow_non_selfsigned_uid)) return 0; for (node=uidnode->next; @@ -723,9 +723,9 @@ clean_uid_from_key (kbnode_t keyblock, kbnode_t uidnode, int noisy) const char *reason; char *user = utf8_to_native (uid->name, uid->len, 0); - if (uid->is_revoked) + if (uid->flags.revoked) reason = _("revoked"); - else if (uid->is_expired) + else if (uid->flags.expired) reason = _("expired"); else reason = _("invalid"); diff --git a/g10/trustdb.c b/g10/trustdb.c index a0b9d5f..7b76ac8 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1140,14 +1140,14 @@ tdb_get_validity_core (ctrl_t ctrl, } /* If the user id is revoked or expired, then skip it. */ - if (user_id->is_revoked || user_id->is_expired) + if (user_id->flags.revoked || user_id->flags.expired) { if (DBG_TRUST) { char *s; - if (user_id->is_revoked && user_id->is_expired) + if (user_id->flags.revoked && user_id->flags.expired) s = "revoked and expired"; - else if (user_id->is_revoked) + else if (user_id->flags.revoked) s = "revoked"; else s = "expire"; @@ -1156,7 +1156,7 @@ tdb_get_validity_core (ctrl_t ctrl, s, user_id->name); } - if (user_id->is_revoked) + if (user_id->flags.revoked) continue; expired = 1; @@ -1645,8 +1645,8 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist, resigned. -dshaw */ if (node->pkt->pkttype == PKT_USER_ID - && !node->pkt->pkt.user_id->is_revoked - && !node->pkt->pkt.user_id->is_expired) + && !node->pkt->pkt.user_id->flags.revoked + && !node->pkt->pkt.user_id->flags.expired) { if (uidnode && issigned) { ----------------------------------------------------------------------- Summary of changes: configure.ac | 4 ++++ g10/call-dirmngr.c | 4 ++-- g10/export.c | 2 +- g10/getkey.c | 36 ++++++++++++++++++------------------ g10/import.c | 6 +++--- g10/kbnode.c | 6 +++--- g10/keyedit.c | 50 +++++++++++++++++++++++++------------------------- g10/keylist.c | 15 +++++++-------- g10/keyserver.c | 2 +- g10/mainproc.c | 16 ++++++++-------- g10/packet.h | 7 +++---- g10/pkclist.c | 6 +++--- g10/pubkey-enc.c | 2 +- g10/tofu.c | 8 ++++---- g10/trust.c | 10 +++++----- g10/trustdb.c | 12 ++++++------ 16 files changed, 94 insertions(+), 92 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 8 15:23:51 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 08 Mar 2017 15:23:51 +0100 Subject: [git] gnupg-doc - branch, master, updated. 278d47d9753e296ff8b88328f7cf957b8d8b95a4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 278d47d9753e296ff8b88328f7cf957b8d8b95a4 (commit) from d82b1163a15cf474d6ca089c7f9a06e7301c0826 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 278d47d9753e296ff8b88328f7cf957b8d8b95a4 Author: Justus Winter Date: Wed Mar 8 15:23:45 2017 +0100 git.gnupg.org: Use PlusServer logo + update link. diff --git a/misc/git.gnupg.org/index.html b/misc/git.gnupg.org/index.html index 67c2198..c6dcef7 100644 --- a/misc/git.gnupg.org/index.html +++ b/misc/git.gnupg.org/index.html @@ -178,8 +178,8 @@ Here is a list of projects now hosted on other servers:   - - OpenIT + Logo PlusServer   ----------------------------------------------------------------------- Summary of changes: misc/git.gnupg.org/index.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 8 17:29:18 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 08 Mar 2017 17:29:18 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-44-g5c83759 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 5c83759364272b19ceafbef46d057f0430a12698 (commit) from dd60e868d2bf649a33dc96e207ffd3b8ae4d35af (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5c83759364272b19ceafbef46d057f0430a12698 Author: Werner Koch Date: Wed Mar 8 17:23:31 2017 +0100 wks: Put stdout into binary mode for Windows. * tools/send-mail.c (send_mail_to_file): Call es_set_binary. -- Without that, output to stdout via --send is mangled: The "\r\n" is translated to "\r\r\n" which is bad because other software (e.g. Thunderbird) translates this again to "\n\n" and thus put all mail header liens after the first into the body. Signed-off-by: Werner Koch diff --git a/tools/send-mail.c b/tools/send-mail.c index 34d47c1..fb1a9d0 100644 --- a/tools/send-mail.c +++ b/tools/send-mail.c @@ -71,13 +71,23 @@ send_mail_to_file (estream_t fp, const char *fname) if (!buffer) return gpg_error_from_syserror (); - outfp = !strcmp (fname,"-")? es_stdout : es_fopen (fname, "wb"); - if (!outfp) + + if (!strcmp (fname,"-")) { - err = gpg_error_from_syserror (); - log_error ("error creating '%s': %s\n", fname, gpg_strerror (err)); - goto leave; + outfp = es_stdout; + es_set_binary (es_stdout); } + else + { + outfp = es_fopen (fname, "wb"); + if (!outfp) + { + err = gpg_error_from_syserror (); + log_error ("error creating '%s': %s\n", fname, gpg_strerror (err)); + goto leave; + } + } + for (;;) { if (es_read (fp, buffer, sizeof buffer, &nbytes)) ----------------------------------------------------------------------- Summary of changes: tools/send-mail.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 8 17:33:30 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 08 Mar 2017 17:33:30 +0100 Subject: [git] Pinentry - branch, master, updated. pinentry-1.0.0-18-g5c3f796 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 5c3f796798d655b5583257f9dfc81ae9c1427fb3 (commit) via 2b2bbc9f67115baf518514281d3911b727b1caf9 (commit) via 6c45eed62214b44fcc11e642b19df7b6ca0da0bd (commit) from cd7b35e8ff106993b9ce98ea99a5210d637f3452 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5c3f796798d655b5583257f9dfc81ae9c1427fb3 Author: Justus Winter Date: Wed Mar 8 16:49:44 2017 +0100 fltk: Remove commented-out code. * fltk/main.cxx: Remove commented-out code. Signed-off-by: Justus Winter diff --git a/fltk/main.cxx b/fltk/main.cxx index c2d9027..1a72c89 100644 --- a/fltk/main.cxx +++ b/fltk/main.cxx @@ -325,67 +325,3 @@ int main(int argc, char *argv[]) pinentry_parse_opts(argc, argv); return pinentry_loop() ?EXIT_FAILURE:EXIT_SUCCESS; } - -/* -int get_quality(const char *pass) -{ - size_t len = strlen(pass); - return len>4?(80+len):-len*10; -} - -int main(int argc, char *argv[]) -{ - std::auto_ptr window; - window.reset(QualityPassWindow::create(get_quality)); - -// window->message("Lorem ipsum dolor sit amet"); -// window->message("Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus porttitor nisi a fringilla porttitor. Phasellus tempor orci vel metus eleifend ultrices. Curabitur tempor euismod lorem"); - window->prompt("Lorem ipsum:"); - window->ok("YES!"); - window->cancel("OTMEHA"); -// window->error("Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus porttitor nisi a fringilla"); -// window->error("Some error ellus adipiscing elit portt text dolor sit amet, consectetur adipiscing elit. Phasellus porttitor a porttitor!"); - window->timeout(100); - window->title(PGMNAME); - window->showModal(argc, argv); - return 0; -} -// */ - -/* -int main(int argc, char *argv[]) -{ - Fl::args(argc, argv); - std::auto_ptr window; - window.reset(PinWindow::create()); -// window->message("PIN:"); -// window->message("Phasellus adipiscing elit porttitor nisi a fringilla porttitor:"); - window->ok("YES!"); - window->cancel("OTMEHA"); - window->timeout(100); - window->title(PGMNAME); - window->showModal(argc, argv); - return 0; -} -// */ - -/* -int main(int argc, char *argv[]) -{ - Fl::args(argc, argv); - std::auto_ptr window; - window.reset(PassWindow::create()); -// window->message("Descr&iption"); -// window->message("Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus porttitor nisi a fringilla porttitor:"); -// window->prompt("Prompt sit amet:"); - window->ok("YES!"); - window->cancel("OTMEHA"); -// window->error("Password is empty."); -// window->error("Some error text dolor sit amet, consectetur adipiscing elit. Phasellus porttitor nisi a fringilla porttitor!"); -// window->error("Some error ellus adipiscing elit portt text dolor sit amet, consectetur adipiscing elit. Phasellus porttitor nisi a fringilla porttitor!"); - window->timeout(100); - window->title(PGMNAME); - window->showModal(argc, argv); - return 0; -} -// */ commit 2b2bbc9f67115baf518514281d3911b727b1caf9 Author: Justus Winter Date: Wed Mar 8 16:49:21 2017 +0100 fltk: Fix warning. * fltk/main.cxx (fltk_cmd_handler): Use a 'std::unique_ptr' instead of a deprecated 'std::auto_ptr'. Signed-off-by: Justus Winter diff --git a/fltk/main.cxx b/fltk/main.cxx index 7526656..c2d9027 100644 --- a/fltk/main.cxx +++ b/fltk/main.cxx @@ -115,7 +115,7 @@ static int fltk_cmd_handler(pinentry_t pe) if (!!pe->pin) // password (or confirmation) { - std::auto_ptr window; + std::unique_ptr window; bool isSimple = (NULL == pe->quality_bar) && // pinenty.h: If this is not NULL ... is_empty(pe->error) && is_empty(pe->description) && commit 6c45eed62214b44fcc11e642b19df7b6ca0da0bd Author: Anatoly madRat L. Berenblit Date: Tue Feb 7 17:18:41 2017 +0100 fltk: Add a FLTK-based pinentry. * NEWS: Update. * Makefile.am: Add new subdirectory. * configure.ac: Add configuration for FLTK. * fltk/Makefile.am: New file. * fltk/encrypt.xpm: Likewise. * fltk/icon.xpm: Likewise. * fltk/main.cxx: Likewise. * fltk/passwindow.cxx: Likewise. * fltk/passwindow.h: Likewise. * fltk/pinwindow.cxx: Likewise. * fltk/pinwindow.h: Likewise. * fltk/qualitypasswindow.cxx: Likewise. * fltk/qualitypasswindow.h: Likewise. Signed-off-by: Justus Winter diff --git a/Makefile.am b/Makefile.am index ef80f6c..1f62939 100644 --- a/Makefile.am +++ b/Makefile.am @@ -70,9 +70,15 @@ else pinentry_w32 = endif +if BUILD_PINENTRY_FLTK +pinentry_fltk = fltk +else +pinentry_fltk = +endif + SUBDIRS = m4 secmem pinentry ${pinentry_curses} ${pinentry_tty} \ ${pinentry_emacs} ${pinentry_gtk_2} ${pinentry_gnome_3} \ - ${pinentry_qt} ${pinentry_w32} doc + ${pinentry_qt} ${pinentry_w32} ${pinentry_fltk} doc install-exec-local: diff --git a/NEWS b/NEWS index 16988fa..107a65d 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,7 @@ Noteworthy changes in version 1.0.1 (unreleased) ------------------------------------------------ + * A FLTK1.3-based pinentry has been contributed. Noteworthy changes in version 1.0.0 (2016-11-22) ------------------------------------------------ diff --git a/configure.ac b/configure.ac index 5119e4a..8b38149 100644 --- a/configure.ac +++ b/configure.ac @@ -588,6 +588,42 @@ pinentry_w32=no test $have_w32_system = yes && pinentry_w32=yes AM_CONDITIONAL(BUILD_PINENTRY_W32, test "$pinentry_w32" = "yes") +dnl +dnl Check for FLTK pinentry program. +dnl +AC_ARG_ENABLE(pinentry-fltk, + AC_HELP_STRING([--enable-pinentry-fltk], [build FLTK 1.3 pinentry]), + pinentry_fltk=$enableval, pinentry_fltk=maybe) + +dnl check for fltk-config +if test "$pinentry_fltk" != "no"; then + AC_PATH_PROG(FLTK_CONFIG, fltk-config, no) + if test x"${FLTK_CONFIG}" = xno ; then + AC_MSG_WARN([fltk-config is not found]) + pinentry_fltk=no + fi +fi + +dnl check for FLTK libraries and set flags +if test "$pinentry_fltk" != "no"; then + AC_MSG_CHECKING([for FLTK 1.3]) + FLTK_VERSION=`${FLTK_CONFIG} --api-version` + if test ${FLTK_VERSION} != "1.3" ; then + AC_MSG_RESULT([no]) + AC_MSG_WARN([FLTK 1.3 not found (available $FLTK_VERSION)]) + pinentry_fltk=no + else + AC_MSG_RESULT([yes]) + FLTKCFLAGS=`${FLTK_CONFIG} --cflags` + FLTKCXXFLAGS=`${FLTK_CONFIG} --cxxflags` + FLTKLIBS=`${FLTK_CONFIG} --ldflags` + AC_SUBST(FLTKCFLAGS) + AC_SUBST(FLTKCXXFLAGS) + AC_SUBST(FLTKLIBS) + pinentry_fltk=yes + fi +fi +AM_CONDITIONAL(BUILD_PINENTRY_FLTK, test "$pinentry_fltk" = "yes") # Figure out the default pinentry. We are very conservative here. # Please change the order only after verifying that the preferred @@ -611,7 +647,11 @@ else if test "$pinentry_w32" = "yes"; then PINENTRY_DEFAULT=pinentry-w32 else - AC_MSG_ERROR([[No pinentry enabled.]]) + if test "$pinentry_fltk" = "yes"; then + PINENTRY_DEFAULT=pinentry-fltk + else + AC_MSG_ERROR([[No pinentry enabled.]]) + fi fi fi fi @@ -690,6 +730,7 @@ gtk+-2/Makefile gnome3/Makefile qt/Makefile w32/Makefile +fltk/Makefile doc/Makefile Makefile ]) @@ -710,6 +751,7 @@ AC_MSG_NOTICE([ GNOME 3 Pinentry .: $pinentry_gnome_3 Qt Pinentry ......: $pinentry_qt $pinentry_qt_lib_version W32 Pinentry .....: $pinentry_w32 + FLTK Pinentry ....: $pinentry_fltk Fallback to Curses: $fallback_curses Emacs integration : $inside_emacs diff --git a/fltk/Makefile.am b/fltk/Makefile.am new file mode 100644 index 0000000..2c9338f --- /dev/null +++ b/fltk/Makefile.am @@ -0,0 +1,16 @@ +# Makefile.am - PIN entry FLTK frontend. + +bin_PROGRAMS = pinentry-fltk + +if FALLBACK_CURSES +ncurses_include = $(NCURSES_INCLUDE) +libcurses = ../pinentry/libpinentry-curses.a $(LIBCURSES) $(LIBICONV) +else +ncurses_include = +libcurses = +endif + +AM_CPPFLAGS = $(COMMON_CFLAGS) $(FLTKCXXFLAGS) $(ncurses_include) -I$(top_srcdir)/secmem -I$(top_srcdir)/pinentry +LDADD = ../pinentry/libpinentry.a ../secmem/libsecmem.a $(COMMON_LIBS) $(LIBCAP) $(FLTKLIBS) $(libcurses) + +pinentry_fltk_SOURCES = main.cxx pinwindow.cxx passwindow.cxx qualitypasswindow.cxx diff --git a/fltk/encrypt.xpm b/fltk/encrypt.xpm new file mode 100644 index 0000000..80402e3 --- /dev/null +++ b/fltk/encrypt.xpm @@ -0,0 +1,83 @@ +/* XPM */ +static const char * const encrypt_xpm[] = { +/* columns rows colors chars-per-pixel */ +"32 45 32 1 ", +" c #9B7738", +". c #B08830", +"X c #CA9703", +"o c #C99607", +"O c #CD9A02", +"+ c #D19D03", +"@ c #D4A002", +"# c #D7A305", +"$ c #D8A501", +"% c #DFAB01", +"& c #DCA803", +"* c #E3B103", +"= c #E7B702", +"- c #C39A31", +"; c #D4AC2F", +": c #E6BE26", +"> c #EFC002", +", c #F5CD06", +"< c #FEE21D", +"1 c #FCE01F", +"2 c #F6D424", +"3 c #B49A55", +"4 c #CAAC5F", +"5 c #FCE854", +"6 c #888887", +"7 c #9A9A9A", +"8 c #A7A7A7", +"9 c #B8B8B7", +"0 c #F3F08F", +"q c #C3C3C3", +"w c gray85", +"e c None", +/* pixels */ +"eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee", +"eeeeeeeeeee889qqqq987eeeeeeeeeee", +"eeeeeeeee89qwwwqqwwww88eeeeeeeee", +"eeeeeeee99qq877777669wq8eeeeeeee", +"eeeeeee99q888888888876ww9eeeeeee", +"eeeeee99q888888887778869q9eeeeee", +"eeeee89q8888eeeeeeee7786wq8eeeee", +"eeeee999888eeeeeeeeee7777wqeeeee", +"eeee899778eeeeeeeeeeee776wq8eeee", +"eeee8q977eeeeeeeeeeeeee779q9eeee", +"eeee8q977eeeeeeeeeeeeee777w9eeee", +"eeee8q867eeeeeeeeeeeeee776wqeeee", +"eeee8q768eeeeeeeeeeeeee766wqeeee", +"eeee8q768eeeeeeeeeeeeee766wqeeee", +"eeee8q778eeeeeeeeeeeeee776wqeeee", +"eeee8q778eeeeeeeeeeeeee776wqeeee", +"eeee8q888eeeeeeeeeeeeee786wqeeee", +"eeee8q888eeeeeeeeeeeeee786wqeeee", +"eeee8q898eeeeeeeeeeeeee796wqeeee", +"eeee8q898eeeeeeeeeeeeee896wqeeee", +"e45444443333 3333444003e", +"e4552::;;--... ...--;;:25003e", +"e4552,>>=&@OXXooXO+@$&*=>,15003e", +"e4552,>>*&#+ooooo++##&*=>,15003e", +"e4552,>>*&#+XXXXXO+@#&*=>,<5003e", +"e4552,>>=%$+OXXOO++##&*=>,15003e", +"e4552,>>=%$OooXXO+@@#&%=,,<5003e", +"e4552,>>=%$@OXXO+@@#&&*=>,15003e", +"e4552,>>*&$+XXXXOO++@#%=>,<5003e", +"e4552,>>=&$+OXXO++@@$&*=,,<5003e", +"e4552,>>=%$+XXXXOO+@#&*=>,<5003e", +"e4552,>>*&#+ooXO++@##&*>,,<5003e", +"e4552,>>=%$@OXXO++@$$%*>,,<5003e", +"e4552,>>=%$+OXXO++@#$&*=,,<5003e", +"e4552,>>=%$@OOOO++@$&%*=>,<5003e", +"e4552,>>=%$+OXXOO+@#&%=>,,<5003e", +"e4552,>>=%$+OXXOO+@##%*=>,<5003e", +"e4552,>>*&#+oooO++@#&&*>,,<5003e", +"e4552,>>=%$@OOOO+@$&%%*>,,<5003e", +"e4552,>>=%$@OOXO+@$&%%*>,,<5003e", +"e4552,>>=%$+OXXO+@$&&%*>,,<5003e", +"e4552,>>=%$@OOO+@@$&%%=>,,<5003e", +"e4552,>>=%$@OOO+@@$&%%=>,,<5003e", +"e4552,>>=%$@OOO+@@$&%%=>,,<5003e", +"eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee" +}; diff --git a/fltk/icon.xpm b/fltk/icon.xpm new file mode 100644 index 0000000..eed3cd6 --- /dev/null +++ b/fltk/icon.xpm @@ -0,0 +1,37 @@ +/* XPM */ +static const char *const icon_xpm[] = { +"31 29 3 1 ", +" c black", +". c yellow", +"X c None", + +"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", +"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", +"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", +"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", +"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", +"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", +"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", +"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", +" XXXXXXXXXXXXXXXXXX", +" ........... XXXXXXXXXXXXXXXXXX", +" ........... XXXXXXXXXXXXXXXXXX", +" ... ... XXXXXXXXXXXXXXXXXX", +" ... XXX ... ", +" ... XXX ... ................. ", +" ... XXX ... ................. ", +" ... XXX ... ... ... ", +" ... ... XXXXXXX ... X ... ", +" ........... XXXXXXX ... X ... ", +" ........... XXXXXXX X ... ", +" XXXXXXXXXXXXX ", +"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", +"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", +"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", +"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", +"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", +"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", +"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", +"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", +"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" +}; diff --git a/fltk/main.cxx b/fltk/main.cxx new file mode 100644 index 0000000..7526656 --- /dev/null +++ b/fltk/main.cxx @@ -0,0 +1,391 @@ +/* + main.cpp - A Fltk based dialog for PIN entry. + + Copyright (C) 2016 Anatoly madRat L. Berenblit + + Written by Anatoly madRat L. Berenblit . + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 2 of the + License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +*/ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#define PGMNAME (PACKAGE_NAME"-fltk") + +#include +#include +#include +#include +#include +#include + +#include "memory.h" +#include + +#include +#ifdef FALLBACK_CURSES +#include +#endif + +#include +#include +#include + + +#include +#include +#include + +#include "pinwindow.h" +#include "passwindow.h" +#include "qualitypasswindow.h" + +#define CONFIRM_STRING "Confirm" +#define REPEAT_ERROR_STRING "Texts do not match" +#define OK_STRING "OK" +#define CANCEL_STRING "Cancel" + +char *application = NULL; + +static std::string escape_accel_utf8(const char *s) +{ + std::string result; + if (NULL != s) + { + result.reserve(strlen(s)); + for (const char *p = s; *p; ++p) + { + if ('&' == *p) + result.push_back(*p); + result.push_back(*p); + } + } + return result; +} + +class cancel_exception +{ + +}; + +static int get_quality(const char *passwd, void *ptr) +{ + if (NULL == passwd || 0 == *passwd) + return 0; + + pinentry_t* pe = reinterpret_cast(ptr); + return pinentry_inq_quality(*pe, passwd, strlen(passwd)); +} + +bool is_short(const char *str) +{ + return fl_utf_nb_char(reinterpret_cast(str), strlen(str)) < 16; +} + +bool is_empty(const char *str) +{ + return (NULL == str) || (0 == *str); +} + +static int fltk_cmd_handler(pinentry_t pe) +{ + int ret = -1; + + try + { + // TODO: Add parent window to pinentry-fltk window + //if (pe->parent_wid){} + std::string title = !is_empty(pe->title)?pe->title:PGMNAME; + std::string ok = escape_accel_utf8(pe->ok?pe->ok:(pe->default_ok?pe->default_ok:OK_STRING)); + std::string cancel = escape_accel_utf8(pe->cancel?pe->cancel:(pe->default_cancel?pe->default_cancel:CANCEL_STRING)); + + if (!!pe->pin) // password (or confirmation) + { + std::auto_ptr window; + + bool isSimple = (NULL == pe->quality_bar) && // pinenty.h: If this is not NULL ... + is_empty(pe->error) && is_empty(pe->description) && + is_short(pe->prompt); + if (isSimple) + { + assert(NULL == pe->description); + window.reset(PinWindow::create()); + window->prompt(pe->prompt); + } + else + { + PassWindow *pass = NULL; + + if (pe->quality_bar) // pinenty.h: If this is not NULL ... + { + QualityPassWindow *p = QualityPassWindow::create(get_quality, &pe); + window.reset(p); + pass = p; + p->quality(pe->quality_bar); + } + else + { + pass = PassWindow::create(); + window.reset(pass); + } + + if (NULL == pe->description) + { + pass->description(pe->prompt); + pass->prompt(" "); + } + else + { + pass->description(pe->description); + pass->prompt(escape_accel_utf8(pe->prompt).c_str()); + } + pass->description(pe->description); + pass->prompt(escape_accel_utf8(pe->prompt).c_str()); + + + if (NULL != pe->error) + pass->error(pe->error); + } + + window->ok(ok.c_str()); + window->cancel(cancel.c_str()); + window->title(title.c_str()); + window->showModal((NULL != application)?1:0, &application); + + if (NULL == window->passwd()) + throw cancel_exception(); + + const std::string password = window->passwd(); + window.reset(); + + if (pe->repeat_passphrase) + { + const char *dont_match = NULL; + do + { + if (NULL == dont_match && is_short(pe->repeat_passphrase)) + { + window.reset(PinWindow::create()); + window->prompt(escape_accel_utf8(pe->repeat_passphrase).c_str()); + } + else + { + PassWindow *pass = PassWindow::create(); + window.reset(pass); + pass->description(pe->repeat_passphrase); + pass->prompt(" "); + pass->error(dont_match); + } + + window->ok(ok.c_str()); + window->cancel(cancel.c_str()); + window->title(title.c_str()); + window->showModal(); + + if (NULL == window->passwd()) + throw cancel_exception(); + + if (password == window->passwd()) + { + pe->repeat_okay = 1; + ret = 1; + break; + } + else + { + dont_match = (NULL!=pe->repeat_error_string)? pe->repeat_error_string:REPEAT_ERROR_STRING; + } + } while (true); + } + else + ret = 1; + + pinentry_setbufferlen(pe, password.size()+1); + if (pe->pin) + { + memcpy(pe->pin, password.c_str(), password.size()+1); + pe->result = password.size(); + ret = password.size(); + } + } + else + { + // Confirmation or Message Dialog title, desc + Fl_Window dummy(0,0, 1,1); + + dummy.border(0); + dummy.show((NULL != application)?1:0, &application); + dummy.hide(); + + fl_message_title(title.c_str()); + + int result = -1; + + const char *message = (NULL != pe->description)?pe->description:CONFIRM_STRING; + + if (pe->one_button) + { + fl_ok = ok.c_str(); + fl_message(message); + result = 1; // OK + } + else if (pe->notok) + { + switch (fl_choice(message, ok.c_str(), cancel.c_str(), pe->notok)) + { + case 0: result = 1; break; + case 2: result = 0; break; + default: + case 1: result = -1;break; + } + } + else + { + switch (fl_choice(message, ok.c_str(), cancel.c_str(), NULL)) + { + case 0: result = 1; break; + default: + case 1: result = -1;break; + } + } + + // cancel -> pe->canceled = true, 0 + // ok/y -> 1 + // no -> 0 + if (-1 == result) + pe->canceled = true; + ret = (1 == result); + } + Fl::check(); + } + catch (const cancel_exception&) + { + ret = -1; + } + catch (...) + { + ret = -1; + } + // do_touch_file(pe); only for NCURSES? + return ret; + } + +pinentry_cmd_handler_t pinentry_cmd_handler = fltk_cmd_handler; + +int main(int argc, char *argv[]) +{ + application = *argv; + pinentry_init(PGMNAME); + +#ifdef FALLBACK_CURSES + if (!pinentry_have_display(argc, argv)) + pinentry_cmd_handler = curses_cmd_handler; + else +#endif + { + //FLTK understood only -D (--display) + // and should be converted into -di[splay] + const static struct option long_options[] = + { + {"display", required_argument, 0, 'D' }, + {NULL, no_argument, 0, 0 } + }; + + for (int i = 0; i < argc-1; ++i) + { + switch (getopt_long(argc-i, argv+i, "D:", long_options, NULL)) + { + case 'D': + { + char* emul[] = {application, (char*)"-display", optarg}; + Fl::args(3, emul); + i = argc; + break; + } + default: + break; + } + } + } + + pinentry_parse_opts(argc, argv); + return pinentry_loop() ?EXIT_FAILURE:EXIT_SUCCESS; +} + +/* +int get_quality(const char *pass) +{ + size_t len = strlen(pass); + return len>4?(80+len):-len*10; +} + +int main(int argc, char *argv[]) +{ + std::auto_ptr window; + window.reset(QualityPassWindow::create(get_quality)); + +// window->message("Lorem ipsum dolor sit amet"); +// window->message("Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus porttitor nisi a fringilla porttitor. Phasellus tempor orci vel metus eleifend ultrices. Curabitur tempor euismod lorem"); + window->prompt("Lorem ipsum:"); + window->ok("YES!"); + window->cancel("OTMEHA"); +// window->error("Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus porttitor nisi a fringilla"); +// window->error("Some error ellus adipiscing elit portt text dolor sit amet, consectetur adipiscing elit. Phasellus porttitor a porttitor!"); + window->timeout(100); + window->title(PGMNAME); + window->showModal(argc, argv); + return 0; +} +// */ + +/* +int main(int argc, char *argv[]) +{ + Fl::args(argc, argv); + std::auto_ptr window; + window.reset(PinWindow::create()); +// window->message("PIN:"); +// window->message("Phasellus adipiscing elit porttitor nisi a fringilla porttitor:"); + window->ok("YES!"); + window->cancel("OTMEHA"); + window->timeout(100); + window->title(PGMNAME); + window->showModal(argc, argv); + return 0; +} +// */ + +/* +int main(int argc, char *argv[]) +{ + Fl::args(argc, argv); + std::auto_ptr window; + window.reset(PassWindow::create()); +// window->message("Descr&iption"); +// window->message("Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus porttitor nisi a fringilla porttitor:"); +// window->prompt("Prompt sit amet:"); + window->ok("YES!"); + window->cancel("OTMEHA"); +// window->error("Password is empty."); +// window->error("Some error text dolor sit amet, consectetur adipiscing elit. Phasellus porttitor nisi a fringilla porttitor!"); +// window->error("Some error ellus adipiscing elit portt text dolor sit amet, consectetur adipiscing elit. Phasellus porttitor nisi a fringilla porttitor!"); + window->timeout(100); + window->title(PGMNAME); + window->showModal(argc, argv); + return 0; +} +// */ diff --git a/fltk/passwindow.cxx b/fltk/passwindow.cxx new file mode 100644 index 0000000..78b3b2c --- /dev/null +++ b/fltk/passwindow.cxx @@ -0,0 +1,85 @@ +/* + passwindow.cxx - PassWindow is a more complex fltk dialog with more longer + desc field and possibility to show some error text. + if needed qualitybar - should be used QualityPassWindow. + + Copyright (C) 2016 Anatoly madRat L. Berenblit + + Written by Anatoly madRat L. Berenblit . + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 2 of the + License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +*/ + +#include "passwindow.h" + +#include +#include +#include + +const char *PassWindow::DESCRIPTION = "Please enter the passphrase:"; + +PassWindow::PassWindow() : error_(NULL) +{ +} + +void PassWindow::prompt(const char *name) +{ + set_label(input_, name, PROMPT); +} + +void PassWindow::description(const char *name) +{ + set_label(message_, name, DESCRIPTION); +} + +void PassWindow::error(const char *name) +{ + set_label(error_, name, ""); +} + +int PassWindow::init(const int cx, const int cy) +{ + int y = PinWindow::init(cx, cy); + + assert(window_ == Fl_Group::current()); // make_window should all add current + + y = icon_->y(); // move back to icon's + + const int mx = icon_->x()+icon_->w(); + message_->resize(mx, icon_->y(), cx-mx-10, icon_->h()); + message_->align(Fl_Align(FL_ALIGN_LEFT | FL_ALIGN_CLIP | FL_ALIGN_WRAP | FL_ALIGN_INSIDE)); + description(NULL); + y += icon_->h(); + + input_->resize(130, y+5, cx-150, 25); + input_->labeltype(FL_NORMAL_LABEL); + prompt(NULL); + y = input_->y()+input_->h(); + + error_ = new Fl_Box(20, y+5, cx-30, 30); + error_->labelcolor(FL_RED); + error_->align(Fl_Align(FL_ALIGN_CENTER | FL_ALIGN_WRAP | FL_ALIGN_INSIDE)); // if not fit - user can read + y = error_->y()+error_->h(); + return y; +} + +PassWindow* PassWindow::create() +{ + PassWindow* p = new PassWindow; + p->init(460, 185); + p->window_->end(); + p->input_->take_focus(); + return p; +} diff --git a/fltk/passwindow.h b/fltk/passwindow.h new file mode 100644 index 0000000..43813cd --- /dev/null +++ b/fltk/passwindow.h @@ -0,0 +1,50 @@ +/* + passwindow.h - PassWindow is a more complex fltk dialog with more longer + desc field and possibility to show some error text. + if needed qualitybar - should be used QualityPassWindow. + + Copyright (C) 2016 Anatoly madRat L. Berenblit + + Written by Anatoly madRat L. Berenblit . + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 2 of the + License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +*/ + +#ifndef __PASSWINDOW_H__ +#define __PASSWINDOW_H__ + +#include "pinwindow.h" + +class PassWindow : public PinWindow +{ +protected: + static const char *DESCRIPTION; + +protected: + Fl_Box *error_; + PassWindow(); + +public: + virtual void prompt(const char *message); + virtual void description(const char *desc); + virtual void error(const char *err); + + static PassWindow* create(); + +protected: + virtual int init(const int cx, const int cy); +}; + +#endif //#ifndef __PASSWINDOW_H__ diff --git a/fltk/pinwindow.cxx b/fltk/pinwindow.cxx new file mode 100644 index 0000000..ad11e91 --- /dev/null +++ b/fltk/pinwindow.cxx @@ -0,0 +1,250 @@ +/* + pinwindow.cxx - PinWindow is a simple fltk dialog for entring password + with timeout. if needed description (long text), error message, qualitybar + and etc should used PassWindow. + + Copyright (C) 2016 Anatoly madRat L. Berenblit + + Written by Anatoly madRat L. Berenblit . + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 2 of the + License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +*/ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "memory.h" + +#include "encrypt.xpm" +#include "icon.xpm" + +#include "pinwindow.h" + +const char *PinWindow::TITLE = "Password"; +const char *PinWindow::BUTTON_OK = "OK"; +const char *PinWindow::BUTTON_CANCEL = "Cancel"; +const char *PinWindow::PROMPT = "Passphrase:"; + +static const char *timeout_format = "%s(%d)"; + +static Fl_Pixmap encrypt(encrypt_xpm); +static Fl_Pixmap icon(icon_xpm); + +PinWindow::PinWindow() : window_(NULL) + ,message_(NULL) ,input_(NULL) ,ok_(NULL) ,cancel_(NULL) + ,cancel_name_(BUTTON_CANCEL) + ,passwd_(NULL) ,timeout_(0) +{ +} + +PinWindow::~PinWindow() +{ + wipe(); + release(); + delete window_; +} + +void PinWindow::release() +{ + if (NULL != passwd_) + { + memset(passwd_, 0, strlen(passwd_)); + secmem_free(passwd_); + } + passwd_ = NULL; +} + +void PinWindow::title(const char *name) +{ + set_label(window_, name, TITLE); +} + +void PinWindow::ok(const char* name) +{ + set_label(ok_, name, BUTTON_OK); +} + +void PinWindow::cancel(const char* label) +{ + if (NULL != label && 0 != *label) + cancel_name_ = label; + else + cancel_name_ = BUTTON_CANCEL; + + update_cancel_label(); +} + +void PinWindow::prompt(const char *name) +{ + set_label(message_, name, PROMPT); +} + +void PinWindow::timeout(unsigned int time) +{ + if (timeout_ == time) + return; + + // A xor B ~ A != B + if ( (time>0) != (timeout_>0)) + { + //enable or disable + if (time>0) + Fl::add_timeout(1.0, timeout_cb, this); + else + Fl::remove_timeout(timeout_cb, this); + } + + timeout_=time; + update_cancel_label(); + --timeout_; +} + +void PinWindow::showModal() +{ + if (NULL != window_) + { + window_->show(); + Fl::run(); + } + Fl::check(); +} + +void PinWindow::showModal(const int argc, char* argv[]) +{ + if (NULL != window_) + { + window_->show(argc, argv); + Fl::run(); + } + Fl::check(); +} + +int PinWindow::init(const int cx, const int cy) +{ + assert(NULL == window_); + window_ = new Fl_Window(cx, cy, TITLE); + + Fl_RGB_Image app(&icon); + window_->icon(&app); + + icon_ = new Fl_Box(10, 10, 64, 64); + icon_->image(encrypt); + + message_ = new Fl_Box(79, 5, cx-99, 44, PROMPT); + message_->align(Fl_Align(FL_ALIGN_LEFT_TOP | FL_ALIGN_WRAP | FL_ALIGN_INSIDE)); // left + + input_ = new Fl_Secret_Input(79, 59, cx-99, 25); + input_->labeltype(FL_NO_LABEL); + + + const int button_y = cy-40; + ok_ = new Fl_Return_Button(cx-300, button_y, 120, 25, BUTTON_OK); + ok_->callback(ok_cb, this); + + cancel_ = new Fl_Button(cx-160, button_y, 120, 25); + update_cancel_label(); + cancel_->callback(cancel_cb, this); + + window_->hotspot(input_); + window_->set_modal(); + + return 84; +}; + +void PinWindow::update_cancel_label() +{ + if (timeout_ == 0) + { + cancel_->label(cancel_name_.c_str()); + } + else + { + const size_t len = cancel_name_.size()+strlen(timeout_format)+10+1; + char *buf = new char[len]; + snprintf(buf, len, timeout_format, cancel_name_.c_str(), timeout_); + cancel_->copy_label(buf); + delete[] buf; // no way to attach label + } +} + +void PinWindow::timeout_cb(void* val) +{ + PinWindow *self = reinterpret_cast(val); + if (self->timeout_ == 0) + { + cancel_cb(self->cancel_, self); + } + else + { + self->update_cancel_label(); + --self->timeout_; + Fl::repeat_timeout(1.0, timeout_cb, val); + } +} + +void PinWindow::cancel_cb(Fl_Widget *button, void *val) +{ + PinWindow *self = reinterpret_cast(val); + + self->wipe(); + self->release(); + self->window_->hide(); +} + +void PinWindow::ok_cb(Fl_Widget *button, void *val) +{ + PinWindow *self = reinterpret_cast(val); + + self->release(); + + const char *passwd = self->input_->value(); + size_t len = strlen(passwd)+1; + self->passwd_ = reinterpret_cast(secmem_malloc(len)); + if (NULL != self->passwd_) + memcpy(self->passwd_, passwd, len); + + self->wipe(); + self->window_->hide(); +} + +void PinWindow::wipe() +{ + int len = input_->size(); + char* emul = new char[len+1]; + for (int i=0; ireplace(0, len, emul, len); + delete[] emul; + + input_->value(TITLE); // hide size too +} + +PinWindow* PinWindow::create() +{ + PinWindow* p = new PinWindow; + p->init(410, 140); + p->window_->end(); + p->input_->take_focus(); + return p; +} diff --git a/fltk/pinwindow.h b/fltk/pinwindow.h new file mode 100644 index 0000000..e1d009e --- /dev/null +++ b/fltk/pinwindow.h @@ -0,0 +1,108 @@ +/* + pinwindow.h - PinWindow is a simple fltk dialog for entring password + with timeout. if needed description (long text), error message, qualitybar + and etc should used PassWindow. + + Copyright (C) 2016 Anatoly madRat L. Berenblit + + Written by Anatoly madRat L. Berenblit . + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 2 of the + License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +*/ + +#ifndef __PINWINDOW_H__ +#define __PINWINDOW_H__ + +#include "config.h" + +class Fl_Window; +class Fl_Box; +class Fl_Input; +class Fl_Button; +class Fl_Widget; + +#include +#include + +class PinWindow +{ +protected: + static const char *TITLE; + static const char *BUTTON_OK; + static const char *BUTTON_CANCEL; + static const char *PROMPT; + +protected: + PinWindow(const PinWindow&); + PinWindow& operator=(const PinWindow&); + + Fl_Window *window_; + Fl_Box *icon_; + + Fl_Box *message_; + Fl_Input *input_; + + Fl_Button *ok_, *cancel_; + + std::string cancel_name_; + char *passwd_; // SECURE_MEMORY + unsigned int timeout_; // click cancel if timeout + +public: + virtual ~PinWindow(); + + static PinWindow* create(); + + inline const char* passwd() const { return passwd_; } + + virtual void timeout(unsigned int time); // 0 - infinity, seconds + virtual void title(const char *title); + virtual void ok(const char* ok); + virtual void cancel(const char* cancel); + virtual void prompt(const char *message); + + virtual void showModal(); + virtual void showModal(const int argc, char* argv[]); + +protected: + PinWindow(); + + void wipe(); // clear UI memory + void release(); // clear secure memory + void update_cancel_label(); + + virtual int init(const int cx, const int cy); + + //callbacks + static void cancel_cb(Fl_Widget *button, void *val); + static void ok_cb(Fl_Widget *button, void *val); + static void timeout_cb(void*); + + // ISSUE: Fl_Window component in tinycore works only as Fl_Window::label(...); not Fl_Widget + template void set_label(TWidget* widget, const char *label, const char *def) + { + assert(NULL != widget); // widget must be created + + if (NULL != widget) + { + if (NULL != label && 0 != *label) + widget->copy_label(label); + else + widget->label(def); + } + }; +}; + +#endif //#ifndef __PINWINDOW_H__ diff --git a/fltk/qualitypasswindow.cxx b/fltk/qualitypasswindow.cxx new file mode 100644 index 0000000..6d7f7cc --- /dev/null +++ b/fltk/qualitypasswindow.cxx @@ -0,0 +1,92 @@ +/* + qualitypasswindow.cxx - QualityPassWindow pin entry + with Password QualityBar and etc + + Copyright (C) 2016 Anatoly madRat L. Berenblit + + Written by Anatoly madRat L. Berenblit . + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 2 of the + License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +*/ + +#include +#include +#include +#include + +#include "qualitypasswindow.h" + +const char *QualityPassWindow::QUALITY = "Quality"; + +QualityPassWindow::QualityPassWindow(QualityPassWindow::GetQualityFn qualify, void* ptr) + : get_quality_(qualify) + ,get_quality_user_(ptr) + ,quality_(NULL) +{ + assert(NULL != qualify); +} + +void QualityPassWindow::input_changed(Fl_Widget *input, void *val) +{ + QualityPassWindow *self = reinterpret_cast(val); + + assert(NULL != self->get_quality_); // function should be assigned in ctor + assert(NULL != self->quality_); // quality progress bar must be created in init + + if (NULL != self->quality_ && NULL != self->get_quality_) + { + int result = self->get_quality_(self->input_->value(), self->get_quality_user_); + bool isErr = (result <= 0); + if (isErr) + result = -result; + self->quality_->selection_color(isErr?FL_RED:FL_GREEN); + self->quality_->value(std::min(result, 100)); + } +} + +QualityPassWindow* QualityPassWindow::create(QualityPassWindow::GetQualityFn qualify, void *user) +{ + QualityPassWindow *p = new QualityPassWindow(qualify, user); + p->init(460, 215); + p->window_->end(); + p->input_->take_focus(); + return p; +} + +void QualityPassWindow::quality(const char *name) +{ + set_label(quality_, name, QUALITY); +} + +int QualityPassWindow::init(const int cx, const int cy) +{ + int y = PassWindow::init(cx, cy); + assert(window_ == Fl_Group::current()); // make_window should all add current + + input_->when(FL_WHEN_CHANGED); + input_->callback(input_changed, this); + + y = input_->y() + input_->h(); + + quality_ = new Fl_Progress(input_->x(), y+5, input_->w(), 25, QUALITY); + quality_->align(Fl_Align(FL_ALIGN_LEFT | FL_ALIGN_CLIP | FL_ALIGN_WRAP)); + quality_->maximum(100.1); + quality_->minimum(0.0); + y = quality_->y() + quality_->h(); + + error_->position(error_->x(), y+5); + + return error_->y() + error_->h(); +} diff --git a/fltk/qualitypasswindow.h b/fltk/qualitypasswindow.h new file mode 100644 index 0000000..164c10d --- /dev/null +++ b/fltk/qualitypasswindow.h @@ -0,0 +1,54 @@ +/* + qualitypasswindow.h - QualityPassWindow pin entry with Password QualityBar + and etc + + Copyright (C) 2016 Anatoly madRat L. Berenblit + + Written by Anatoly madRat L. Berenblit . + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 2 of the + License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +*/ + +#ifndef __QUALITYPASSWINDOW_H__ +#define __QUALITYPASSWINDOW_H__ + +#include "passwindow.h" +class Fl_Progress; + +class QualityPassWindow : public PassWindow +{ +protected: + static const char *QUALITY; + +public: + typedef int (*GetQualityFn)(const char *passwd, void *ptr); + + static QualityPassWindow* create(GetQualityFn qualify, void* user); + + void quality(const char *name); + +protected: + QualityPassWindow(GetQualityFn qualify, void*); + + const GetQualityFn get_quality_; + void* const get_quality_user_; + + Fl_Progress *quality_; + virtual int init(const int cx, const int cy); + + static void input_changed(Fl_Widget *input, void *val); +}; + +#endif //#ifndef __QUALITYPASSWINDOW_H__ ----------------------------------------------------------------------- Summary of changes: Makefile.am | 8 +- NEWS | 1 + configure.ac | 44 +++++- fltk/Makefile.am | 16 +++ fltk/encrypt.xpm | 83 ++++++++++++ fltk/icon.xpm | 37 +++++ fltk/main.cxx | 327 +++++++++++++++++++++++++++++++++++++++++++++ fltk/passwindow.cxx | 85 ++++++++++++ fltk/passwindow.h | 50 +++++++ fltk/pinwindow.cxx | 250 ++++++++++++++++++++++++++++++++++ fltk/pinwindow.h | 108 +++++++++++++++ fltk/qualitypasswindow.cxx | 92 +++++++++++++ fltk/qualitypasswindow.h | 54 ++++++++ 13 files changed, 1153 insertions(+), 2 deletions(-) create mode 100644 fltk/Makefile.am create mode 100644 fltk/encrypt.xpm create mode 100644 fltk/icon.xpm create mode 100644 fltk/main.cxx create mode 100644 fltk/passwindow.cxx create mode 100644 fltk/passwindow.h create mode 100644 fltk/pinwindow.cxx create mode 100644 fltk/pinwindow.h create mode 100644 fltk/qualitypasswindow.cxx create mode 100644 fltk/qualitypasswindow.h hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 8 17:37:22 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 08 Mar 2017 17:37:22 +0100 Subject: [git] gnupg-doc - branch, master, updated. bfcc8bf7ce0c20c31d9da682ad5e24819e67c32f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via bfcc8bf7ce0c20c31d9da682ad5e24819e67c32f (commit) from 278d47d9753e296ff8b88328f7cf957b8d8b95a4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit bfcc8bf7ce0c20c31d9da682ad5e24819e67c32f Author: Justus Winter Date: Wed Mar 8 17:37:16 2017 +0100 jenkins: add notes about setting up a build slave diff --git a/misc/jenkins/README.org b/misc/jenkins/README.org index bda32a3..b6be452 100644 --- a/misc/jenkins/README.org +++ b/misc/jenkins/README.org @@ -1,4 +1,25 @@ * Notes +** Setting up a Jenkins build slave + - install a jre, make, autoconf, automake, libtool, gcc, git, bison, + fig2dev, ghostscript, gnutls, sqlite3, pkg-config, imagemagick + - create a user jenkins + - clone gnupg-doc + $ git clone git://git.gnupg.org/gnupg-doc.git + - link ~/bin + $ ln -s gnupg-doc/misc/jenkins/bin + - download slave.jar + $ wget https://jenkins.gnupg.org/jnlpJars/slave.jar -O bin/slave.jar + - copy and adapt launcher + $ cp bin/jenkins-slave.dist bin/jenkins-slave + - make sure that jenkins at soro can ssh to the new node + - go to https://jenkins.gnupg.org/computer/new and copy an existing + configuration, adapting it as needed + - setup 'GPGME tests for GnuPG' as described below + - for each project, add the new nodes distinct label to the + configuration matrix, and force a rebuild. Start with libgpg-error + and walk your way up the dependency chain: + - libgpg-error, libnpth, libassuan, libksba, libgcrypt, ntbtls, + gnupg, gpgme ** GPGME tests for GnuPG There is a reasonably up-to-date (but this is currently a manual process) GPGME source at diff --git a/misc/jenkins/bin/jenkins-slave.dist b/misc/jenkins/bin/jenkins-slave.dist new file mode 100755 index 0000000..1d9afad --- /dev/null +++ b/misc/jenkins/bin/jenkins-slave.dist @@ -0,0 +1,9 @@ +#!/bin/sh + +set -x + +[ -f ~/.profile ] && . ~/.profile +uname -a +env + +exec java -jar ~/bin/slave.jar ----------------------------------------------------------------------- Summary of changes: misc/jenkins/README.org | 21 +++++++++++++++++++++ misc/jenkins/bin/jenkins-slave.dist | 9 +++++++++ 2 files changed, 30 insertions(+) create mode 100755 misc/jenkins/bin/jenkins-slave.dist hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 8 17:58:34 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 08 Mar 2017 17:58:34 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-45-ged5575e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via ed5575ec550ff16b0b901a23c6aa3eb3d47b0575 (commit) from 5c83759364272b19ceafbef46d057f0430a12698 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ed5575ec550ff16b0b901a23c6aa3eb3d47b0575 Author: Werner Koch Date: Wed Mar 8 17:48:55 2017 +0100 wks: Put stdout into binary mode for Windows at another place. * tools/wks-util.c (wks_send_mime): Set stdout to binary. Signed-off-by: Werner Koch diff --git a/tools/wks-util.c b/tools/wks-util.c index 389d4a4..d78e01d 100644 --- a/tools/wks-util.c +++ b/tools/wks-util.c @@ -276,7 +276,11 @@ wks_send_mime (mime_maker_t mime) /* Without any option we take a short path. */ if (!opt.use_sendmail && !opt.output) - return mime_maker_make (mime, es_stdout); + { + es_set_binary (es_stdout); + return mime_maker_make (mime, es_stdout); + } + mail = es_fopenmem (0, "w+b"); if (!mail) ----------------------------------------------------------------------- Summary of changes: tools/wks-util.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 9 11:50:08 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 09 Mar 2017 11:50:08 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.8.0-93-gd2240a2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via d2240a2a1819874929bdab820bcbd3bee7f94407 (commit) from 41398779abbcb1ec2d7491e141469a752fc706ff (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d2240a2a1819874929bdab820bcbd3bee7f94407 Author: Werner Koch Date: Thu Mar 9 11:45:00 2017 +0100 core: Fix status error return for gpgsm. * src/engine-gpgsm.c (gpgsm_assuan_simple_command): Make sure CB_ERR is returned. * src/import.c (parse_import_res): Do not return an error for the last field. (import_status_handler): Actually return the error from parse_import_res. Signed-off-by: Werner Koch diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c index 20bd88f..d5d2901 100644 --- a/src/engine-gpgsm.c +++ b/src/engine-gpgsm.c @@ -593,7 +593,7 @@ gpgsm_assuan_simple_command (engine_gpgsm_t gpgsm, const char *cmd, { err = assuan_read_line (ctx, &line, &linelen); if (err) - return err; + break; if (*line == '#' || !linelen) continue; @@ -601,7 +601,7 @@ gpgsm_assuan_simple_command (engine_gpgsm_t gpgsm, const char *cmd, if (linelen >= 2 && line[0] == 'O' && line[1] == 'K' && (line[2] == '\0' || line[2] == ' ')) - return cb_err; + break; else if (linelen >= 4 && line[0] == 'E' && line[1] == 'R' && line[2] == 'R' && line[3] == ' ') @@ -610,6 +610,7 @@ gpgsm_assuan_simple_command (engine_gpgsm_t gpgsm, const char *cmd, more related to gpgme and thus probably more important than the error returned by the engine. */ err = cb_err? cb_err : atoi (&line[4]); + cb_err = 0; } else if (linelen >= 2 && line[0] == 'S' && line[1] == ' ') @@ -646,10 +647,16 @@ gpgsm_assuan_simple_command (engine_gpgsm_t gpgsm, const char *cmd, to stop. As with ERR we prefer a status callback generated error code, though. */ err = cb_err ? cb_err : gpg_error (GPG_ERR_GENERAL); + cb_err = 0; } } while (!err); + /* We only want the first error from the status handler, thus we + * take the one saved in CB_ERR. */ + if (!err && cb_err) + err = cb_err; + return err; } diff --git a/src/import.c b/src/import.c index 6233a15..4173fe9 100644 --- a/src/import.c +++ b/src/import.c @@ -193,7 +193,7 @@ parse_import_res (char *args, gpgme_import_result_t result) #define PARSE_NEXT(x) \ (x) = strtol (args, &tail, 0); \ - if (errno || args == tail || *tail != ' ') \ + if (errno || args == tail || !(*tail == ' ' || !*tail)) \ /* The crypto backend does not behave. */ \ return trace_gpg_error (GPG_ERR_INV_ENGINE); \ args = tail; @@ -249,7 +249,7 @@ import_status_handler (void *priv, gpgme_status_code_t code, char *args) default: break; } - return 0; + return err; } ----------------------------------------------------------------------- Summary of changes: src/engine-gpgsm.c | 11 +++++++++-- src/import.c | 4 ++-- 2 files changed, 11 insertions(+), 4 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 9 13:22:36 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Thu, 09 Mar 2017 13:22:36 +0100 Subject: [git] gnupg-doc - branch, master, updated. 2054b182be870fbe063ec400d49574a3b1511b47 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 2054b182be870fbe063ec400d49574a3b1511b47 (commit) via e53ea29c3cc1d8cb4568cea21b5db12353edeaae (commit) from bfcc8bf7ce0c20c31d9da682ad5e24819e67c32f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2054b182be870fbe063ec400d49574a3b1511b47 Author: Justus Winter Date: Thu Mar 9 13:22:29 2017 +0100 jenkins: extend notes about setting up GPGME tests for GnuPG diff --git a/misc/jenkins/README.org b/misc/jenkins/README.org index e0cdeab..d5bb144 100644 --- a/misc/jenkins/README.org +++ b/misc/jenkins/README.org @@ -28,11 +28,19 @@ There is a reasonably up-to-date (but this is currently a manual process) GPGME source at - $HOME/src/gpgme-for-gnupgs-tests + $ mkdir $HOME/src + $ git clone git://git.gnupg.org/gpgme.git $HOME/src/gpgme-for-gnupgs-tests + $ cd $HOME/src/gpgme-for-gnupgs-tests + $ ./autogen.sh and a build tree at - $HOME/src/gpgme-for-gnupgs-tests/obj + $ mkdir $HOME/src/gpgme-for-gnupgs-tests/obj + $ cd $HOME/src/gpgme-for-gnupgs-tests/obj + $ export PATH=$HOME/prefix/native/bin:$PATH + $ ../configure --enable-maintainer-mode + $ make + $ make check and a w32 build tree at commit e53ea29c3cc1d8cb4568cea21b5db12353edeaae Author: Justus Winter Date: Thu Mar 9 13:21:46 2017 +0100 jenkins: extend build slave notes diff --git a/misc/jenkins/README.org b/misc/jenkins/README.org index b6be452..e0cdeab 100644 --- a/misc/jenkins/README.org +++ b/misc/jenkins/README.org @@ -1,7 +1,11 @@ * Notes ** Setting up a Jenkins build slave + - on soro, create an entry in /etc/hosts + - copy root at soro's ssh key to /root/.ssh/authorized_keys - install a jre, make, autoconf, automake, libtool, gcc, git, bison, - fig2dev, ghostscript, gnutls, sqlite3, pkg-config, imagemagick + fig2dev, ghostscript, gnutls, sqlite3, pkg-config, imagemagick, + rngd, python2/3, SWIG, Qt5 base + - setup rngd (test suites will consume quite a bit of entropy) - create a user jenkins - clone gnupg-doc $ git clone git://git.gnupg.org/gnupg-doc.git ----------------------------------------------------------------------- Summary of changes: misc/jenkins/README.org | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 9 15:10:56 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Thu, 09 Mar 2017 15:10:56 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-47-g046a15a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 046a15a88c83b40a753b4ad7ecc1456efa5b527f (commit) via cca91a3f8f7e3e36b7149fc93f7b6df11d21eb1d (commit) from ed5575ec550ff16b0b901a23c6aa3eb3d47b0575 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 046a15a88c83b40a753b4ad7ecc1456efa5b527f Author: Justus Winter Date: Thu Mar 9 14:33:02 2017 +0100 tests: Run the tests for the Python bindings of GPGME. * tests/gpgme/gpgme-defs.scm (create-file): Write lines. (create-gpgmehome): Extend function to create the right environment for the Python tests. * tests/gpgme/run-tests.scm: Make an environment cache for the Python tests and enable them. * tests/gpgme/wrap.scm: Do not hardcode the path of the Python interpreter. Signed-off-by: Justus Winter diff --git a/tests/gpgme/gpgme-defs.scm b/tests/gpgme/gpgme-defs.scm index 7a7166c..12e033c 100644 --- a/tests/gpgme/gpgme-defs.scm +++ b/tests/gpgme/gpgme-defs.scm @@ -45,12 +45,25 @@ ;; The tests expect the pinentry to return the passphrase "abc". (setenv "PINENTRY_USER_DATA" "abc" #t) -(define (create-file name content) +(define (create-file name . lines) (letfd ((fd (open name (logior O_WRONLY O_CREAT O_BINARY) #o600))) - (display content (fdopen fd "wb")))) + (let ((port (fdopen fd "wb"))) + (for-each (lambda (line) (display line port) (newline port)) lines)))) (define (create-gpgmehome . path) - (create-file "gpg.conf" "no-force-v3-sigs\n") + ;; Support for various environments. + (define mode + (cond + ((equal? path '("lang" "python" "tests")) + (set! path '("tests" "gpg")) ;; Mostly uses files from tests/gpg. + 'python) + (else + 'gpg))) + + (create-file + "gpg.conf" + "no-force-v3-sigs" + (string-append "agent-program " (tool 'gpg-agent) "|--debug-quick-random\n")) (create-file "gpg-agent.conf" (string-append "pinentry-program " (tool 'pinentry))) @@ -75,6 +88,21 @@ (call-check `(, at GPG --yes --import ,(apply in-gpgme-srcdir `(, at path ,file))))) (list "pubdemo.asc" "secdemo.asc")) + + (when (equal? mode 'python) + (log "Importing extra keys for Python tests") + (for-each + (lambda (file) + (call-check `(, at GPG --yes --import + ,(apply in-gpgme-srcdir + `("lang" "python" "tests" ,file))))) + (list "encrypt-only.asc" "sign-only.asc")) + + (log "Marking key as trusted") + (pipe:do + (pipe:echo "A0FF4590BB6122EDEF6E3C542D727CC768697734:6:\n") + (pipe:spawn `(,(tool 'gpg) --import-ownertrust)))) + (stop-agent)) ;; Initialize the test environment, install appropriate configuration diff --git a/tests/gpgme/run-tests.scm b/tests/gpgme/run-tests.scm index 4d3a7e6..72de495 100644 --- a/tests/gpgme/run-tests.scm +++ b/tests/gpgme/run-tests.scm @@ -40,7 +40,11 @@ run-tests-parallel run-tests-sequential)) (setup-c (make-environment-cache - (test::scm #f "setup.scm" (in-srcdir "setup.scm") "--" "tests" "gpg"))) + (test::scm #f "setup.scm (tests/gpg)" (in-srcdir "setup.scm") + "--" "tests" "gpg"))) + (setup-py (make-environment-cache + (test::scm #f "setup.scm (lang/python/tests)" (in-srcdir "setup.scm") + "--" "lang" "python" "tests"))) (tests (filter (lambda (arg) (not (string-prefix? arg "--"))) *args*))) (runner (apply @@ -67,6 +71,5 @@ -- ,@(:path cmpnts)))) (if (null? tests) (all-tests makefile (:key cmpnts)) tests)))) `((("tests" "gpg") "c_tests" ,setup-c) - ;; XXX: Not yet. - ;; (("lang" "python" "tests") "py_tests") + (("lang" "python" "tests") "py_tests" ,setup-py) (("lang" "qt" "tests") "TESTS" ,setup-c)))))) diff --git a/tests/gpgme/wrap.scm b/tests/gpgme/wrap.scm index e8f2b1f..d338892 100644 --- a/tests/gpgme/wrap.scm +++ b/tests/gpgme/wrap.scm @@ -29,6 +29,9 @@ (setenv "top_srcdir" gpgme-srcdir #t) (setenv "srcdir" (path-join gpgme-srcdir "tests" "gpg") #t) +(define python (catch #f + (path-expand "python" (string-split (getenv "PATH") *pathsep*)))) + (define (run what) (if (string-suffix? (car what) ".py") (begin @@ -39,15 +42,17 @@ (getenv "LD_LIBRARY_PATH")) (path-join gpgme-builddir "src/.libs")) #t) - (call-with-fds - `("/usr/bin/python" - ,(in-gpgme-srcdir "lang" "python" "tests" "run-tests.py") - --quiet - --interpreters=/usr/bin/python - --builddir ,(path-join gpgme-builddir "lang" "python" "tests") - , at what) - STDIN_FILENO STDOUT_FILENO STDERR_FILENO)) - (if #f 77 (call-with-fds what STDIN_FILENO STDOUT_FILENO STDERR_FILENO)))) + (if python + (call-with-fds + `(,python + ,(in-gpgme-srcdir "lang" "python" "tests" "run-tests.py") + --quiet + ,(string-append "--interpreters=" python) + --builddir ,(path-join gpgme-builddir "lang" "python" "tests") + , at what) + STDIN_FILENO STDOUT_FILENO STDERR_FILENO) + 77)) + (call-with-fds what STDIN_FILENO STDOUT_FILENO STDERR_FILENO))) (let ((name (basename (car executable)))) (cond commit cca91a3f8f7e3e36b7149fc93f7b6df11d21eb1d Author: Justus Winter Date: Thu Mar 9 13:26:06 2017 +0100 tests: Rework environment setup. * tests/gpgscm/tests.scm (test::scm): Add a setup argument. (test::binary): Likewise. (run-tests-parallel): Remove setup parameter. (run-tests-sequential): Likewise. (make-environment-cache): New function that handles the cache protocol. * tests/gpgme/run-tests.scm: Adapt accordingly. * tests/gpgsm/run-tests.scm: Likewise. * tests/migrations/run-tests.scm: Likewise. * tests/openpgp/run-tests.scm: Likewise. -- This change allows us to have different environments for tests. This is needed to run more GPGME tests, and to increase concurrency while running all tests. Signed-off-by: Justus Winter diff --git a/tests/gpgme/run-tests.scm b/tests/gpgme/run-tests.scm index cb17977..4d3a7e6 100644 --- a/tests/gpgme/run-tests.scm +++ b/tests/gpgme/run-tests.scm @@ -39,9 +39,10 @@ (let* ((runner (if (member "--parallel" *args*) run-tests-parallel run-tests-sequential)) + (setup-c (make-environment-cache + (test::scm #f "setup.scm" (in-srcdir "setup.scm") "--" "tests" "gpg"))) (tests (filter (lambda (arg) (not (string-prefix? arg "--"))) *args*))) (runner - (test::scm "setup.scm" (in-srcdir "setup.scm") "--" "tests" "gpg") (apply append (map (lambda (cmpnts) @@ -50,6 +51,7 @@ (string-suffix? name ".test")))) (define :path car) (define :key cadr) + (define :setup caddr) (define (find-test name) (apply path-join `(,(if (compiled? name) @@ -59,11 +61,12 @@ "Makefile.am")))) (map (lambda (name) (apply test::scm - `(,name ,(in-srcdir "wrap.scm") --executable - ,(find-test name) - -- ,@(:path cmpnts)))) + `(,(:setup cmpnts) + ,name ,(in-srcdir "wrap.scm") --executable + ,(find-test name) + -- ,@(:path cmpnts)))) (if (null? tests) (all-tests makefile (:key cmpnts)) tests)))) - '((("tests" "gpg") "c_tests") + `((("tests" "gpg") "c_tests" ,setup-c) ;; XXX: Not yet. ;; (("lang" "python" "tests") "py_tests") - (("lang" "qt" "tests") "TESTS")))))) + (("lang" "qt" "tests") "TESTS" ,setup-c)))))) diff --git a/tests/gpgscm/tests.scm b/tests/gpgscm/tests.scm index b3da919..0c02c34 100644 --- a/tests/gpgscm/tests.scm +++ b/tests/gpgscm/tests.scm @@ -551,18 +551,20 @@ ;; A single test. (define test (package - (define (scm name path . args) + (define (scm setup name path . args) ;; Start the process. (define (spawn-scm args' in out err) (spawn-process-fd `(,*argv0* ,@(verbosity (*verbose*)) ,(locate-test path) + ,@(if setup (force setup) '()) , at args' , at args) in out err)) (new name #f spawn-scm #f #f CLOSED_FD)) - (define (binary name path . args) + (define (binary setup name path . args) ;; Start the process. (define (spawn-binary args' in out err) - (spawn-process-fd `(,path , at args' , at args) in out err)) + (spawn-process-fd `(,path ,@(if setup (force setup) '()) , at args' , at args) + in out err)) (new name #f spawn-binary #f #f CLOSED_FD)) (define (new name directory spawn pid retcode logfd) @@ -613,41 +615,47 @@ ;; Run the setup target to create an environment, then run all given ;; tests in parallel. -(define (run-tests-parallel setup tests) - (lettmp (gpghome-tar) - (setup::run-sync '--create-tarball gpghome-tar) - (let loop ((pool (test-pool::new '())) (tests' tests)) - (if (null? tests') - (let ((results (pool::wait))) - (for-each (lambda (t) - (catch (echo "Removing" t::directory "failed:" *error*) - (unlink-recursively t::directory)) - (t::report)) (reverse results::procs)) - (exit (results::report))) - (let* ((wd (mkdtemp)) - (test (car tests')) - (test' (test::set-directory wd))) - (loop (pool::add (test'::run-async '--unpack-tarball gpghome-tar)) - (cdr tests'))))))) +(define (run-tests-parallel tests) + (let loop ((pool (test-pool::new '())) (tests' tests)) + (if (null? tests') + (let ((results (pool::wait))) + (for-each (lambda (t) + (catch (echo "Removing" t::directory "failed:" *error*) + (unlink-recursively t::directory)) + (t::report)) (reverse results::procs)) + (exit (results::report))) + (let* ((wd (mkdtemp)) + (test (car tests')) + (test' (test::set-directory wd))) + (loop (pool::add (test'::run-async)) + (cdr tests')))))) ;; Run the setup target to create an environment, then run all given ;; tests in sequence. -(define (run-tests-sequential setup tests) - (lettmp (gpghome-tar) - (setup::run-sync '--create-tarball gpghome-tar) - (let loop ((pool (test-pool::new '())) (tests' tests)) - (if (null? tests') - (let ((results (pool::wait))) - (for-each (lambda (t) - (catch (echo "Removing" t::directory "failed:" *error*) - (unlink-recursively t::directory))) - results::procs) - (exit (results::report))) - (let* ((wd (mkdtemp)) - (test (car tests')) - (test' (test::set-directory wd))) - (loop (pool::add (test'::run-sync '--unpack-tarball gpghome-tar)) - (cdr tests'))))))) +(define (run-tests-sequential tests) + (let loop ((pool (test-pool::new '())) (tests' tests)) + (if (null? tests') + (let ((results (pool::wait))) + (for-each (lambda (t) + (catch (echo "Removing" t::directory "failed:" *error*) + (unlink-recursively t::directory))) + results::procs) + (exit (results::report))) + (let* ((wd (mkdtemp)) + (test (car tests')) + (test' (test::set-directory wd))) + (loop (pool::add (test'::run-sync)) + (cdr tests')))))) + +;; Helper to create environment caches from test functions. SETUP +;; must be a test implementing the producer side cache protocol. +;; Returns a promise containing the arguments that must be passed to a +;; test implementing the consumer side of the cache protocol. +(define (make-environment-cache setup) + (delay (let* ((tarball (make-temporary-file "environment-cache"))) + (atexit (lambda () (remove-temporary-file tarball))) + (setup::run-sync '--create-tarball tarball) + `(--unpack-tarball ,tarball)))) ;; Command line flag handling. Returns the elements following KEY in ;; ARGUMENTS up to the next argument, or #f if KEY is not in diff --git a/tests/gpgsm/run-tests.scm b/tests/gpgsm/run-tests.scm index dfd5b02..e444245 100644 --- a/tests/gpgsm/run-tests.scm +++ b/tests/gpgsm/run-tests.scm @@ -20,13 +20,13 @@ (if (string=? "" (getenv "srcdir")) (begin (echo "Environment variable 'srcdir' not set. Please point it to" - "tests/openpgp.") + "tests/gpgsm.") (exit 2))) (let* ((tests (filter (lambda (arg) (not (string-prefix? arg "--"))) *args*)) + (setup (make-environment-cache (test::scm #f "setup.scm" "setup.scm"))) (runner (if (and (member "--parallel" *args*) (> (length tests) 1)) run-tests-parallel run-tests-sequential))) - (runner (test::scm "setup.scm" "setup.scm") - (map (lambda (t) (test::scm t t)) tests))) + (runner (map (lambda (t) (test::scm setup t t)) tests))) diff --git a/tests/migrations/run-tests.scm b/tests/migrations/run-tests.scm index 069af5b..b4ad260 100644 --- a/tests/migrations/run-tests.scm +++ b/tests/migrations/run-tests.scm @@ -22,5 +22,4 @@ (> (length tests) 1)) run-tests-parallel run-tests-sequential))) - (runner (test::scm "setup.scm" "setup.scm") - (map (lambda (t) (test::scm t t)) tests))) + (runner (map (lambda (t) (test::scm #f t t)) tests))) diff --git a/tests/openpgp/run-tests.scm b/tests/openpgp/run-tests.scm index 546d7d4..139f618 100644 --- a/tests/openpgp/run-tests.scm +++ b/tests/openpgp/run-tests.scm @@ -27,9 +27,9 @@ (setenv "objdir" (getcwd) #f) (let* ((tests (filter (lambda (arg) (not (string-prefix? arg "--"))) *args*)) + (setup (make-environment-cache (test::scm #f "setup.scm" "setup.scm"))) (runner (if (and (member "--parallel" *args*) (> (length tests) 1)) run-tests-parallel run-tests-sequential))) - (runner (test::scm "setup.scm" "setup.scm") - (map (lambda (t) (test::scm t t)) tests))) + (runner (map (lambda (t) (test::scm setup t t)) tests)))) ----------------------------------------------------------------------- Summary of changes: tests/gpgme/gpgme-defs.scm | 34 ++++++++++++++++-- tests/gpgme/run-tests.scm | 22 +++++++----- tests/gpgme/wrap.scm | 23 ++++++++----- tests/gpgscm/tests.scm | 78 +++++++++++++++++++++++------------------- tests/gpgsm/run-tests.scm | 6 ++-- tests/migrations/run-tests.scm | 3 +- tests/openpgp/run-tests.scm | 4 +-- 7 files changed, 108 insertions(+), 62 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Mar 13 11:23:33 2017 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Mon, 13 Mar 2017 11:23:33 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.8.0-95-g43aa3ee Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 43aa3eed15dcc4f848915ceabeff35c29c1c57e4 (commit) via 9d5048d47446450a34cae4f27eb81c02ea5d4afc (commit) from d2240a2a1819874929bdab820bcbd3bee7f94407 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 43aa3eed15dcc4f848915ceabeff35c29c1c57e4 Author: Andre Heinecke Date: Mon Mar 13 11:16:41 2017 +0100 qt: Add test for DN parser * qt/tests/t-various.cpp (testDN): New. -- A simple test for the DN parser that would have caught the new / free mismatch fixed in 9d5048d4. diff --git a/lang/qt/tests/t-various.cpp b/lang/qt/tests/t-various.cpp index b4ba9f2..2b51fe6 100644 --- a/lang/qt/tests/t-various.cpp +++ b/lang/qt/tests/t-various.cpp @@ -42,6 +42,7 @@ #include "keylistresult.h" #include "context.h" #include "engineinfo.h" +#include "dn.h" #include "t-support.h" @@ -56,6 +57,15 @@ Q_SIGNALS: void asyncDone(); private Q_SLOTS: + void testDN() + { + DN dn(QStringLiteral("CN=Before\\0DAfter,OU=Test,DC=North America,DC=Fabrikam,DC=COM")); + QVERIFY(dn.dn() == QStringLiteral("CN=Before\rAfter,OU=Test,DC=North America,DC=Fabrikam,DC=COM")); + QStringList attrOrder; + attrOrder << QStringLiteral("DC") << QStringLiteral("OU") << QStringLiteral("CN"); + dn.setAttributeOrder(attrOrder); + QVERIFY(dn.prettyDN() == QStringLiteral("DC=North America,DC=Fabrikam,DC=COM,OU=Test,CN=Before\rAfter")); + } void testQuickUid() { commit 9d5048d47446450a34cae4f27eb81c02ea5d4afc Author: Andre Heinecke Date: Mon Mar 13 11:14:54 2017 +0100 qt: Use gpgrt_asprintf instead of qstrdup * lang/qt/src/dn.cpp (parse_dn_part): Use gpgrt_asprintf instead of qstrdup. -- This fixes a new / free mismatch because qstrdup uses new and the allocated parts are freed with free. Similar to: a09ed3f2 diff --git a/lang/qt/src/dn.cpp b/lang/qt/src/dn.cpp index 3376aef..f9fb2f6 100644 --- a/lang/qt/src/dn.cpp +++ b/lang/qt/src/dn.cpp @@ -37,7 +37,7 @@ #include "dn.h" -#include +#include static const struct { const char *name; @@ -167,7 +167,7 @@ parse_dn_part(DnPair *array, const unsigned char *string) for (unsigned int i = 0; i < numOidMaps; ++i) if (!strcasecmp((char *)p, oidmap[i].oid)) { free(p); - p = qstrdup(oidmap[i].name); + gpgrt_asprintf(&p, oidmap[i].name); break; } array->key = p; ----------------------------------------------------------------------- Summary of changes: lang/qt/src/dn.cpp | 4 ++-- lang/qt/tests/t-various.cpp | 10 ++++++++++ 2 files changed, 12 insertions(+), 2 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Mar 13 17:46:13 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 13 Mar 2017 17:46:13 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-48-g9a77b3b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 9a77b3b6e41f97b1209ad61c04b3dd33242ecae8 (commit) from 046a15a88c83b40a753b4ad7ecc1456efa5b527f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9a77b3b6e41f97b1209ad61c04b3dd33242ecae8 Author: Werner Koch Date: Mon Mar 13 17:42:08 2017 +0100 gpg: Flush stdout before printing stats with --check-sigs. * g10/keylist.c (print_signature_stats): Flush stdout. (list_keyblock_colon): Use es_flush instead of fflush. Signed-off-by: Werner Koch diff --git a/g10/keylist.c b/g10/keylist.c index 3f9e313..32cf1e8 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -465,6 +465,10 @@ print_signature_stats (struct keylist_context *s) if (!s->check_sigs) return; /* Signature checking was not requested. */ + /* Better flush stdout so that the stats are always printed after + * the output. */ + es_fflush (es_stdout); + if (s->good_sigs) log_info (ngettext("%d good signature\n", "%d good signatures\n", s->good_sigs), s->good_sigs); @@ -1446,7 +1450,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock, { PKT_public_key *signer_pk = NULL; - fflush (stdout); + es_fflush (es_stdout); if (opt.no_sig_cache) signer_pk = xmalloc_clear (sizeof (PKT_public_key)); ----------------------------------------------------------------------- Summary of changes: g10/keylist.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 14 12:12:35 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 14 Mar 2017 12:12:35 +0100 Subject: [git] gnupg-doc - branch, master, updated. d60fbd8f8c3c19dced975f7b707bbd10eadffe11 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via d60fbd8f8c3c19dced975f7b707bbd10eadffe11 (commit) from 2054b182be870fbe063ec400d49574a3b1511b47 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d60fbd8f8c3c19dced975f7b707bbd10eadffe11 Author: Justus Winter Date: Tue Mar 14 12:12:26 2017 +0100 jenkins: disable python bindings on macos for now diff --git a/misc/jenkins/bin/build.bash b/misc/jenkins/bin/build.bash index 9cb5f0d..7fefe93 100755 --- a/misc/jenkins/bin/build.bash +++ b/misc/jenkins/bin/build.bash @@ -87,6 +87,12 @@ case "$JOB_NAME" in if [ "$XTARGET" = sanitizer ]; then CONFIGUREFLAGS_0="--enable-languages=cpp qt" fi + + # Disable Python bindings on macOS. Something is not working + # there. + if [ "$NODE_NAME" = zygalski ]; then + CONFIGUREFLAGS_0="--enable-languages=cpp qt" + fi ;; *gnupg*) # Common configure options. ----------------------------------------------------------------------- Summary of changes: misc/jenkins/bin/build.bash | 6 ++++++ 1 file changed, 6 insertions(+) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 14 12:22:20 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 14 Mar 2017 12:22:20 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.8.0-101-g9d6825b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 9d6825be092f1590f28b5bab462eeb944d9b800c (commit) via ac4849953860547b06a167ca9612c4de369d02b6 (commit) via a4201035fdc050f337a6b9f520c8ddbb569e2eb4 (commit) via 6a371663886a7ba6073f385a3ab5f5a03de8e008 (commit) via 5189c08af9468cdeb6f16a6ecd0fee53e1e3aa0e (commit) via 067da472f919e78c95a0a01b68e79a8b7dff173b (commit) from 43aa3eed15dcc4f848915ceabeff35c29c1c57e4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9d6825be092f1590f28b5bab462eeb944d9b800c Author: Justus Winter Date: Tue Mar 14 11:10:21 2017 +0100 python: Make error message more helpful. * lang/python/tests/run-tests.py: Make the error message shown when we cannot locate the python module in the build tree more helpful. Signed-off-by: Justus Winter diff --git a/lang/python/tests/run-tests.py b/lang/python/tests/run-tests.py index e76acb2..c4af526 100644 --- a/lang/python/tests/run-tests.py +++ b/lang/python/tests/run-tests.py @@ -69,12 +69,17 @@ for interpreter in args.interpreters: version = subprocess.check_output( [interpreter, "-c", "import sys; print('{0}.{1}'.format(sys.version_info[0], sys.version_info[1]))"]).strip().decode() - builddirs = glob.glob(os.path.join(args.builddir, "..", - "python{0}-gpg".format(version), - "build", - "lib*"+version)) - assert len(builddirs) == 1, \ - "Expected one build directory, got {0}".format(builddirs) + pattern = os.path.join(args.builddir, "..", + "python{0}-gpg".format(version), + "build", + "lib*"+version) + builddirs = glob.glob(pattern) + if len(builddirs) == 0: + sys.exit("Build directory matching {0!r} not found.".format(pattern)) + elif len(builddirs) > 1: + sys.exit("Multiple build directories matching {0!r} found: {1}".format( + pattern, builddirs)) + env = dict(os.environ) env["PYTHONPATH"] = builddirs[0] commit ac4849953860547b06a167ca9612c4de369d02b6 Author: Justus Winter Date: Tue Mar 14 11:08:08 2017 +0100 python: Make tests more robust. * lang/python/tests/support.py (TemporaryDirectory): Always use our own version even if 'tempfile.TemporaryDirectory' is provided, because we need to use 'shutil.rmtree(..., ignore_errors=True)' to avoid it tripping over gpg-agent deleting its own sockets. Signed-off-by: Justus Winter diff --git a/lang/python/tests/support.py b/lang/python/tests/support.py index a381270..69aa7a4 100644 --- a/lang/python/tests/support.py +++ b/lang/python/tests/support.py @@ -78,17 +78,16 @@ def mark_key_trusted(ctx, key): ctx.op_edit(key, Editor().edit, sink, sink) -# Python2/3 compatibility -if hasattr(tempfile, "TemporaryDirectory"): - # Python3.2 and up - TemporaryDirectory = tempfile.TemporaryDirectory -else: - class TemporaryDirectory(object): - def __enter__(self): - self.path = tempfile.mkdtemp() - return self.path - def __exit__(self, *args): - shutil.rmtree(self.path) +# Python3.2 and up has tempfile.TemporaryDirectory, but we cannot use +# that, because there shutil.rmtree is used without +# ignore_errors=True, and that races against gpg-agent deleting its +# sockets. +class TemporaryDirectory(object): + def __enter__(self): + self.path = tempfile.mkdtemp() + return self.path + def __exit__(self, *args): + shutil.rmtree(self.path, ignore_errors=True) @contextlib.contextmanager def EphemeralContext(): commit a4201035fdc050f337a6b9f520c8ddbb569e2eb4 Author: Justus Winter Date: Tue Mar 14 11:22:28 2017 +0100 python: Improve build system integration. * lang/python/Makefile.am: Use 'set -e' when chaining shell commands together in rules. Signed-off-by: Justus Winter diff --git a/lang/python/Makefile.am b/lang/python/Makefile.am index 2724d86..d91ead9 100644 --- a/lang/python/Makefile.am +++ b/lang/python/Makefile.am @@ -47,20 +47,19 @@ COPY_FILES_GPG = \ # For VPATH builds we need to copy some files because Python's # distutils are not VPATH-aware. copystamp: $(COPY_FILES) $(COPY_FILES_GPG) - for F in $(COPY_FILES) $(COPY_FILES_GPG) ; do if [ $$F -nt $@ ]; then echo $F ; fi ; done - for VERSION in $(PYTHON_VERSIONS); do \ - $(MKDIR_P) python$${VERSION}-gpg/gpg && \ - cp -R $(COPY_FILES) python$${VERSION}-gpg && \ - cp setup.py python$${VERSION}-gpg && \ - cp gpg/version.py python$${VERSION}-gpg/gpg && \ - ln -sf "$(abs_top_srcdir)/src/data.h" python$${VERSION}-gpg && \ - ln -sf "$(abs_top_builddir)/config.h" python$${VERSION}-gpg && \ + set -e ; for VERSION in $(PYTHON_VERSIONS); do \ + $(MKDIR_P) python$${VERSION}-gpg/gpg ; \ + cp -R $(COPY_FILES) python$${VERSION}-gpg ; \ + cp setup.py python$${VERSION}-gpg ; \ + cp gpg/version.py python$${VERSION}-gpg/gpg ; \ + ln -sf "$(abs_top_srcdir)/src/data.h" python$${VERSION}-gpg ; \ + ln -sf "$(abs_top_builddir)/config.h" python$${VERSION}-gpg ; \ cp -R $(COPY_FILES_GPG) python$${VERSION}-gpg/gpg ; \ done touch $@ all-local: copystamp - set $(PYTHONS); for VERSION in $(PYTHON_VERSIONS); do \ + set -e ; set $(PYTHONS); for VERSION in $(PYTHON_VERSIONS); do \ PYTHON="$$1" ; shift ; \ cd python$${VERSION}-gpg && \ CFLAGS="$(CFLAGS)" \ @@ -102,9 +101,9 @@ clean-local: install-exec-local: rm -f install_files.txt - set $(PYTHONS); for VERSION in $(PYTHON_VERSIONS); do \ + set -e ; set $(PYTHONS); for VERSION in $(PYTHON_VERSIONS); do \ PYTHON="$$1" ; shift ; \ - cd python$${VERSION}-gpg && \ + cd python$${VERSION}-gpg ; \ $$PYTHON setup.py install \ --prefix $(DESTDIR)$(prefix) \ --record files.txt \ commit 6a371663886a7ba6073f385a3ab5f5a03de8e008 Author: Justus Winter Date: Mon Mar 13 15:37:15 2017 +0100 build: Improve Python detection. * configure.ac: Do not error out too early if we don't find a matching Python version. We handle this case later. Signed-off-by: Justus Winter diff --git a/configure.ac b/configure.ac index ba26901..2701d41 100644 --- a/configure.ac +++ b/configure.ac @@ -418,12 +418,13 @@ if test "$found_py" = "1" -o "$found_py2" = "1" -o "$found_py3" = "1"; then unset am_cv_python_pyexecdir if test "$found_py" = "1" -o "$found_py2" = "1"; then - AM_PATH_PYTHON([2.7]) - AX_PYTHON_DEVEL - if test "$PYTHON_VERSION"; then - PYTHONS="$(echo $PYTHONS $PYTHON)" - PYTHON_VERSIONS="$(echo $PYTHON_VERSIONS $PYTHON_VERSION)" - fi + AM_PATH_PYTHON([2.7], [ + AX_PYTHON_DEVEL + if test "$PYTHON_VERSION"; then + PYTHONS="$(echo $PYTHONS $PYTHON)" + PYTHON_VERSIONS="$(echo $PYTHON_VERSIONS $PYTHON_VERSION)" + fi + ], :) fi if test "$found_py" = "1" -o "$found_py3" = "1"; then @@ -441,17 +442,26 @@ if test "$found_py" = "1" -o "$found_py2" = "1" -o "$found_py3" = "1"; then unset am_cv_python_platform unset am_cv_python_pythondir unset am_cv_python_pyexecdir - AM_PATH_PYTHON([3.4]) - AX_PYTHON_DEVEL - if test "$PYTHON_VERSION"; then - PYTHONS="$(echo $PYTHONS $PYTHON)" - PYTHON_VERSIONS="$(echo $PYTHON_VERSIONS $PYTHON_VERSION)" - fi + AM_PATH_PYTHON([3.4], [ + AX_PYTHON_DEVEL + if test "$PYTHON_VERSION"; then + PYTHONS="$(echo $PYTHONS $PYTHON)" + PYTHON_VERSIONS="$(echo $PYTHON_VERSIONS $PYTHON_VERSION)" + fi + ], :) fi + # Recover some values lost in the second attempt to find Python. + PYTHON="$(echo $PYTHONS | cut -d ' ' -f 1)" + PYTHON_VERSION="$(echo $PYTHON_VERSIONS | cut -d ' ' -f 1)" + + # Remove duplicates. + PYTHONS="$(echo $PYTHONS | tr '[[:space:]]' '\n' | sort | uniq | tr '\n' ' ' | sed -e 's/ $//')" + PYTHON_VERSIONS="$(echo $PYTHON_VERSIONS | tr '[[:space:]]' '\n' | sort | uniq | tr '\n' ' ' | sed -e 's/ $//')" + if test "$PYTHON_VERSIONS"; then - enabled_languages_v=$(echo $enabled_languages | sed "s/python\([[23]]\)\?/python ($PYTHON_VERSIONS)/") - enabled_languages=$(echo $enabled_languages | sed "s/python\([[23]]\)\?/python/") + enabled_languages_v=$(echo $enabled_languages | sed -Ee "s/python[[23]]?/python ($PYTHON_VERSIONS)/") + enabled_languages=$(echo $enabled_languages | sed -Ee "s/python[[23]]?/python/") else if test "$explicit_languages" = "1"; then AC_MSG_ERROR([[ commit 5189c08af9468cdeb6f16a6ecd0fee53e1e3aa0e Author: Justus Winter Date: Thu Mar 9 16:55:18 2017 +0100 build: Tune M4 macros for our needs. * m4/ax_python_devel.m4: Do not emit 'HAVE_PYTHON'. * m4/python.m4 (_AM_PYTHON_INTERPRETER_LIST): Add newer Python versions, drop older ones. Also, sort the list with older versions at the front, newer and generic versions towards the end. This makes the algorithm pick the lowest version that meets the version requirement. Signed-off-by: Justus Winter diff --git a/m4/ax_python_devel.m4 b/m4/ax_python_devel.m4 index de992c8..b990d5b 100644 --- a/m4/ax_python_devel.m4 +++ b/m4/ax_python_devel.m4 @@ -195,8 +195,11 @@ EOD` fi # Make the versioning information available to the compiler - AC_DEFINE_UNQUOTED([HAVE_PYTHON], ["$ac_python_version"], - [If available, contains the Python version number currently in use.]) + + # JW: We don't need it and it interferes with the hack + # to detect multiple Pyhton versions + #AC_DEFINE_UNQUOTED([HAVE_PYTHON], ["$ac_python_version"], + # [If available, contains the Python version number currently in use.]) # First, the library directory: ac_python_libdir=`cat< Date: Thu Mar 9 16:54:35 2017 +0100 build: Add M4 macros for python. * m4/python.m4: New file. Signed-off-by: Justus Winter diff --git a/m4/python.m4 b/m4/python.m4 new file mode 100644 index 0000000..790e68b --- /dev/null +++ b/m4/python.m4 @@ -0,0 +1,239 @@ +## ------------------------ -*- Autoconf -*- +## Python file handling +## From Andrew Dalke +## Updated by James Henstridge +## ------------------------ +# Copyright (C) 1999-2017 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + + +# AM_PATH_PYTHON([MINIMUM-VERSION], [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) +# --------------------------------------------------------------------------- +# Adds support for distributing Python modules and packages. To +# install modules, copy them to $(pythondir), using the python_PYTHON +# automake variable. To install a package with the same name as the +# automake package, install to $(pkgpythondir), or use the +# pkgpython_PYTHON automake variable. +# +# The variables $(pyexecdir) and $(pkgpyexecdir) are provided as +# locations to install python extension modules (shared libraries). +# Another macro is required to find the appropriate flags to compile +# extension modules. +# +# If your package is configured with a different prefix to python, +# users will have to add the install directory to the PYTHONPATH +# environment variable, or create a .pth file (see the python +# documentation for details). +# +# If the MINIMUM-VERSION argument is passed, AM_PATH_PYTHON will +# cause an error if the version of python installed on the system +# doesn't meet the requirement. MINIMUM-VERSION should consist of +# numbers and dots only. +AC_DEFUN([AM_PATH_PYTHON], + [ + dnl Find a Python interpreter. Python versions prior to 2.0 are not + dnl supported. (2.0 was released on October 16, 2000). + m4_define_default([_AM_PYTHON_INTERPRETER_LIST], +[python python2 python3 python3.3 python3.2 python3.1 python3.0 python2.7 dnl + python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0]) + + AC_ARG_VAR([PYTHON], [the Python interpreter]) + + m4_if([$1],[],[ + dnl No version check is needed. + # Find any Python interpreter. + if test -z "$PYTHON"; then + AC_PATH_PROGS([PYTHON], _AM_PYTHON_INTERPRETER_LIST, :) + fi + am_display_PYTHON=python + ], [ + dnl A version check is needed. + if test -n "$PYTHON"; then + # If the user set $PYTHON, use it and don't search something else. + AC_MSG_CHECKING([whether $PYTHON version is >= $1]) + AM_PYTHON_CHECK_VERSION([$PYTHON], [$1], + [AC_MSG_RESULT([yes])], + [AC_MSG_RESULT([no]) + AC_MSG_ERROR([Python interpreter is too old])]) + am_display_PYTHON=$PYTHON + else + # Otherwise, try each interpreter until we find one that satisfies + # VERSION. + AC_CACHE_CHECK([for a Python interpreter with version >= $1], + [am_cv_pathless_PYTHON],[ + for am_cv_pathless_PYTHON in _AM_PYTHON_INTERPRETER_LIST none; do + test "$am_cv_pathless_PYTHON" = none && break + AM_PYTHON_CHECK_VERSION([$am_cv_pathless_PYTHON], [$1], [break]) + done]) + # Set $PYTHON to the absolute path of $am_cv_pathless_PYTHON. + if test "$am_cv_pathless_PYTHON" = none; then + PYTHON=: + else + AC_PATH_PROG([PYTHON], [$am_cv_pathless_PYTHON]) + fi + am_display_PYTHON=$am_cv_pathless_PYTHON + fi + ]) + + if test "$PYTHON" = :; then + dnl Run any user-specified action, or abort. + m4_default([$3], [AC_MSG_ERROR([no suitable Python interpreter found])]) + else + + dnl Query Python for its version number. Getting [:3] seems to be + dnl the best way to do this; it's what "site.py" does in the standard + dnl library. + + AC_CACHE_CHECK([for $am_display_PYTHON version], [am_cv_python_version], + [am_cv_python_version=`$PYTHON -c "import sys; sys.stdout.write(sys.version[[:3]])"`]) + AC_SUBST([PYTHON_VERSION], [$am_cv_python_version]) + + dnl Use the values of $prefix and $exec_prefix for the corresponding + dnl values of PYTHON_PREFIX and PYTHON_EXEC_PREFIX. These are made + dnl distinct variables so they can be overridden if need be. However, + dnl general consensus is that you shouldn't need this ability. + + AC_SUBST([PYTHON_PREFIX], ['${prefix}']) + AC_SUBST([PYTHON_EXEC_PREFIX], ['${exec_prefix}']) + + dnl At times (like when building shared libraries) you may want + dnl to know which OS platform Python thinks this is. + + AC_CACHE_CHECK([for $am_display_PYTHON platform], [am_cv_python_platform], + [am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"`]) + AC_SUBST([PYTHON_PLATFORM], [$am_cv_python_platform]) + + # Just factor out some code duplication. + am_python_setup_sysconfig="\ +import sys +# Prefer sysconfig over distutils.sysconfig, for better compatibility +# with python 3.x. See automake bug#10227. +try: + import sysconfig +except ImportError: + can_use_sysconfig = 0 +else: + can_use_sysconfig = 1 +# Can't use sysconfig in CPython 2.7, since it's broken in virtualenvs: +# +try: + from platform import python_implementation + if python_implementation() == 'CPython' and sys.version[[:3]] == '2.7': + can_use_sysconfig = 0 +except ImportError: + pass" + + dnl Set up 4 directories: + + dnl pythondir -- where to install python scripts. This is the + dnl site-packages directory, not the python standard library + dnl directory like in previous automake betas. This behavior + dnl is more consistent with lispdir.m4 for example. + dnl Query distutils for this directory. + AC_CACHE_CHECK([for $am_display_PYTHON script directory], + [am_cv_python_pythondir], + [if test "x$prefix" = xNONE + then + am_py_prefix=$ac_default_prefix + else + am_py_prefix=$prefix + fi + am_cv_python_pythondir=`$PYTHON -c " +$am_python_setup_sysconfig +if can_use_sysconfig: + sitedir = sysconfig.get_path('purelib', vars={'base':'$am_py_prefix'}) +else: + from distutils import sysconfig + sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix') +sys.stdout.write(sitedir)"` + case $am_cv_python_pythondir in + $am_py_prefix*) + am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'` + am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,$PYTHON_PREFIX,"` + ;; + *) + case $am_py_prefix in + /usr|/System*) ;; + *) + am_cv_python_pythondir=$PYTHON_PREFIX/lib/python$PYTHON_VERSION/site-packages + ;; + esac + ;; + esac + ]) + AC_SUBST([pythondir], [$am_cv_python_pythondir]) + + dnl pkgpythondir -- $PACKAGE directory under pythondir. Was + dnl PYTHON_SITE_PACKAGE in previous betas, but this naming is + dnl more consistent with the rest of automake. + + AC_SUBST([pkgpythondir], [\${pythondir}/$PACKAGE]) + + dnl pyexecdir -- directory for installing python extension modules + dnl (shared libraries) + dnl Query distutils for this directory. + AC_CACHE_CHECK([for $am_display_PYTHON extension module directory], + [am_cv_python_pyexecdir], + [if test "x$exec_prefix" = xNONE + then + am_py_exec_prefix=$am_py_prefix + else + am_py_exec_prefix=$exec_prefix + fi + am_cv_python_pyexecdir=`$PYTHON -c " +$am_python_setup_sysconfig +if can_use_sysconfig: + sitedir = sysconfig.get_path('platlib', vars={'platbase':'$am_py_prefix'}) +else: + from distutils import sysconfig + sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_prefix') +sys.stdout.write(sitedir)"` + case $am_cv_python_pyexecdir in + $am_py_exec_prefix*) + am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'` + am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,$PYTHON_EXEC_PREFIX,"` + ;; + *) + case $am_py_exec_prefix in + /usr|/System*) ;; + *) + am_cv_python_pyexecdir=$PYTHON_EXEC_PREFIX/lib/python$PYTHON_VERSION/site-packages + ;; + esac + ;; + esac + ]) + AC_SUBST([pyexecdir], [$am_cv_python_pyexecdir]) + + dnl pkgpyexecdir -- $(pyexecdir)/$(PACKAGE) + + AC_SUBST([pkgpyexecdir], [\${pyexecdir}/$PACKAGE]) + + dnl Run any user-specified action. + $2 + fi + +]) + + +# AM_PYTHON_CHECK_VERSION(PROG, VERSION, [ACTION-IF-TRUE], [ACTION-IF-FALSE]) +# --------------------------------------------------------------------------- +# Run ACTION-IF-TRUE if the Python interpreter PROG has version >= VERSION. +# Run ACTION-IF-FALSE otherwise. +# This test uses sys.hexversion instead of the string equivalent (first +# word of sys.version), in order to cope with versions such as 2.2c1. +# This supports Python 2.0 or higher. (2.0 was released on October 16, 2000). +AC_DEFUN([AM_PYTHON_CHECK_VERSION], + [prog="import sys +# split strings by '.' and convert to numeric. Append some zeros +# because we need at least 4 digits for the hex conversion. +# map returns an iterator in Python 3.0 and a list in 2.x +minver = list(map(int, '$2'.split('.'))) + [[0, 0, 0]] +minverhex = 0 +# xrange is not present in Python 3.0 and range returns an iterator +for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[[i]] +sys.exit(sys.hexversion < minverhex)" + AS_IF([AM_RUN_LOG([$1 -c "$prog"])], [$3], [$4])]) ----------------------------------------------------------------------- Summary of changes: configure.ac | 38 ++++--- lang/python/Makefile.am | 21 ++-- lang/python/tests/run-tests.py | 17 +-- lang/python/tests/support.py | 21 ++-- m4/ax_python_devel.m4 | 7 +- m4/python.m4 | 239 +++++++++++++++++++++++++++++++++++++++++ 6 files changed, 299 insertions(+), 44 deletions(-) create mode 100644 m4/python.m4 hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 14 12:38:56 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 14 Mar 2017 12:38:56 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-49-g40b7911 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 40b7911130a969677d6f0b5796236a29f10a9e69 (commit) from 9a77b3b6e41f97b1209ad61c04b3dd33242ecae8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 40b7911130a969677d6f0b5796236a29f10a9e69 Author: Werner Koch Date: Tue Mar 14 12:34:23 2017 +0100 doc: Explain in README how to create /run/user directories. -- Signed-off-by: Werner Koch diff --git a/README b/README index 4cb0b6c..0ff9099 100644 --- a/README +++ b/README @@ -148,6 +148,30 @@ use of the GnuPG directories. Dirmngr is started by gpg or gpgsm as needed. There is no more need to install a separate Dirmngr package. +* RECOMMENDATIONS + +** Socket directory + + GnuPG uses Unix domain sockets to connect its components (on Windows + an emulation of these sockets is used). Depending on the type of + the file system, it is sometimes not possible to use the GnuPG home + directory (i.e. ~/.gnupg) as the location for the sockets. To solve + this problem GnuPG prefers the use of a per-user directory below the + the /run (or /var/run) hierarchy for the the sockets. It is thus + suggested to create per-user directories on system or session + startup. For example the following snippet can be used in + /etc/rc.local to create these directories: + + [ ! -d /run/user ] && mkdir /run/user + awk -F: = 1000 && $3 < 65000 {print $3}' \ + | ( while read uid rest; do + if [ ! -d "/run/user/$uid" ]; then + mkdir /run/user/$uid + chown $uid /run/user/$uid + chmod 700 /run/user/$uid + fi + done ) + * DOCUMENTATION ----------------------------------------------------------------------- Summary of changes: README | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 14 13:00:45 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 14 Mar 2017 13:00:45 +0100 Subject: [git] gnupg-doc - branch, master, updated. fd06846e220ad3acb726d72e71580615cfbc24ca Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via fd06846e220ad3acb726d72e71580615cfbc24ca (commit) from d60fbd8f8c3c19dced975f7b707bbd10eadffe11 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fd06846e220ad3acb726d72e71580615cfbc24ca Author: Justus Winter Date: Tue Mar 14 13:00:40 2017 +0100 jenkins: specialized gpgme build directories for targets diff --git a/misc/jenkins/README.org b/misc/jenkins/README.org index d5bb144..3cb7b84 100644 --- a/misc/jenkins/README.org +++ b/misc/jenkins/README.org @@ -42,6 +42,19 @@ and a build tree at $ make $ make check +and specialized build trees, e.g. for the sanitizer target at + + $ mkdir $HOME/src/gpgme-for-gnupgs-tests/obj-sanitizer + $ cd $HOME/src/gpgme-for-gnupgs-tests/obj-sanitizer + $ export PATH=$HOME/prefix/sanitizer/bin:$PATH + $ ../configure --enable-maintainer-mode \ + --enable-languages="cpp qt" \ + CFLAGS="-fsanitize=undefined -fsanitize=address" \ + CXXFLAGS="-fsanitize=undefined -fsanitize=address" + $ make + $ make check + + and a w32 build tree at $HOME/src/gpgme-for-gnupgs-tests/obj.w32 diff --git a/misc/jenkins/bin/build.bash b/misc/jenkins/bin/build.bash index 7fefe93..e378704 100755 --- a/misc/jenkins/bin/build.bash +++ b/misc/jenkins/bin/build.bash @@ -140,7 +140,12 @@ test_environment="LD_LIBRARY_PATH=$(pwd)/obj/src/.libs:$ORIGINAL_PREFIX/lib" # See if we have a GPGME checkout for the tesets. xtest_gpgme_srcdir="$HOME/src/gpgme-for-gnupgs-tests" -if [ -d "$xtest_gpgme_srcdir/obj" ]; then +if [ -d "$xtest_gpgme_srcdir/obj-$XTARGET" ]; then + # Some targets, like the sanitizer target, require a custom + # version of GPGME. + export XTEST_GPGME_SRCDIR="$xtest_gpgme_srcdir" + export XTEST_GPGME_BUILDDIR="$xtest_gpgme_srcdir/obj-$XTARGET" +elif [ -d "$xtest_gpgme_srcdir/obj" ]; then export XTEST_GPGME_SRCDIR="$xtest_gpgme_srcdir" export XTEST_GPGME_BUILDDIR="$xtest_gpgme_srcdir/obj" fi ----------------------------------------------------------------------- Summary of changes: misc/jenkins/README.org | 13 +++++++++++++ misc/jenkins/bin/build.bash | 7 ++++++- 2 files changed, 19 insertions(+), 1 deletion(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 14 13:02:51 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 14 Mar 2017 13:02:51 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-50-gd82abbb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via d82abbb1b6e80d5980e6259ddcfc770e65a6b1b3 (commit) from 40b7911130a969677d6f0b5796236a29f10a9e69 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d82abbb1b6e80d5980e6259ddcfc770e65a6b1b3 Author: Justus Winter Date: Tue Mar 14 12:45:29 2017 +0100 tests: Skip Python tests if the bindings are not built. * tests/gpgme/wrap.scm (python): Move variable... * tests/gpgme/gpgme-defs.scm (python): ... here. (run-python-tests?): New function. * tests/gpgme/run-tests.scm: Only run Python tests if the bindings can be located in GPGME's build directory. Signed-off-by: Justus Winter diff --git a/tests/gpgme/gpgme-defs.scm b/tests/gpgme/gpgme-defs.scm index 12e033c..2b104f2 100644 --- a/tests/gpgme/gpgme-defs.scm +++ b/tests/gpgme/gpgme-defs.scm @@ -171,3 +171,13 @@ (else (expand-one (append acc (list (car v))) (cdr v)))))) values))) + +(define python (catch #f + (path-expand "python" (string-split (getenv "PATH") *pathsep*)))) +(define (run-python-tests?) + (let* ((python-version + (string-trim char-whitespace? + (call-popen `(,python -c "import sys; print('{0}.{1}'.format(sys.version_info[0], sys.version_info[1]))") ""))) + (build-path (path-join gpgme-builddir "lang" "python" + (string-append "python" python-version "-gpg")))) + (trace (file-exists? (trace build-path))))) diff --git a/tests/gpgme/run-tests.scm b/tests/gpgme/run-tests.scm index 72de495..be70f17 100644 --- a/tests/gpgme/run-tests.scm +++ b/tests/gpgme/run-tests.scm @@ -71,5 +71,7 @@ -- ,@(:path cmpnts)))) (if (null? tests) (all-tests makefile (:key cmpnts)) tests)))) `((("tests" "gpg") "c_tests" ,setup-c) - (("lang" "python" "tests") "py_tests" ,setup-py) + ,@(if (run-python-tests?) + `((("lang" "python" "tests") "py_tests" ,setup-py)) + '()) (("lang" "qt" "tests") "TESTS" ,setup-c)))))) diff --git a/tests/gpgme/wrap.scm b/tests/gpgme/wrap.scm index d338892..4c96a09 100644 --- a/tests/gpgme/wrap.scm +++ b/tests/gpgme/wrap.scm @@ -29,9 +29,6 @@ (setenv "top_srcdir" gpgme-srcdir #t) (setenv "srcdir" (path-join gpgme-srcdir "tests" "gpg") #t) -(define python (catch #f - (path-expand "python" (string-split (getenv "PATH") *pathsep*)))) - (define (run what) (if (string-suffix? (car what) ".py") (begin ----------------------------------------------------------------------- Summary of changes: tests/gpgme/gpgme-defs.scm | 10 ++++++++++ tests/gpgme/run-tests.scm | 4 +++- tests/gpgme/wrap.scm | 3 --- 3 files changed, 13 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 15 08:52:12 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Wed, 15 Mar 2017 08:52:12 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-53-g61785b6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 61785b679c542bbd789395fa632eb8b5133b01ad (commit) via ed3248219e921ee24f6f1b2985abb7e0945d70e9 (commit) via a672ddec03f96475866d712b28be18b3fab43aef (commit) from d82abbb1b6e80d5980e6259ddcfc770e65a6b1b3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 61785b679c542bbd789395fa632eb8b5133b01ad Author: NIIBE Yutaka Date: Wed Mar 15 16:50:48 2017 +0900 g10: Fix check of serialno. * g10/card-util.c (card_status): Fix. Signed-off-by: NIIBE Yutaka diff --git a/g10/card-util.c b/g10/card-util.c index 9bc3e25..d643724 100644 --- a/g10/card-util.c +++ b/g10/card-util.c @@ -435,7 +435,7 @@ card_status (estream_t fp, char *serialno, size_t serialnobuflen) if (!serialno) ; - else if (strlen (serialno)+1 > serialnobuflen) + else if (strlen (info.serialno)+1 > serialnobuflen) log_error ("serial number longer than expected\n"); else strcpy (serialno, info.serialno); commit ed3248219e921ee24f6f1b2985abb7e0945d70e9 Author: NIIBE Yutaka Date: Wed Mar 15 16:48:01 2017 +0900 g10: Remove unused function. * g10/call-agent.c (select_openpgp): Remove. -- By this change, the function get_serialno_cb will be also unused. But please don't remove the function, because it will be soon used. Signed-off-by: NIIBE Yutaka diff --git a/g10/call-agent.c b/g10/call-agent.c index 7d627bb..1606797 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -1028,98 +1028,6 @@ agent_scd_genkey (int keyno, int force, u32 *createtime) -/* Issue an SCD SERIALNO openpgp command and if SERIALNO is not NULL - ask the user to insert the requested card. */ -gpg_error_t -select_openpgp (const char *serialno) -{ - gpg_error_t err; - - /* Send the serialno command to initialize the connection. Without - a given S/N we don't care about the data returned. If the card - has already been initialized, this is a very fast command. We - request the openpgp card because that is what we expect. - - Note that an opt.limit_card_insert_tries of 1 means: No tries at - all whereas 0 means do not limit the number of tries. Due to the - sue of a pinentry prompt with a cancel option we use it here in a - boolean sense. */ - if (!serialno || opt.limit_card_insert_tries == 1) - err = assuan_transact (agent_ctx, "SCD SERIALNO openpgp", - NULL, NULL, NULL, NULL, NULL, NULL); - else - { - char *this_sn = NULL; - char *desc; - int ask; - char *want_sn; - char *p; - - want_sn = xtrystrdup (serialno); - if (!want_sn) - return gpg_error_from_syserror (); - p = strchr (want_sn, '/'); - if (p) - *p = 0; - - do - { - ask = 0; - err = assuan_transact (agent_ctx, "SCD SERIALNO openpgp", - NULL, NULL, NULL, NULL, - get_serialno_cb, &this_sn); - if (gpg_err_code (err) == GPG_ERR_CARD_NOT_PRESENT) - ask = 1; - else if (gpg_err_code (err) == GPG_ERR_NOT_SUPPORTED) - ask = 2; - else if (err) - ; - else if (this_sn) - { - if (strcmp (want_sn, this_sn)) - ask = 2; - } - - xfree (this_sn); - this_sn = NULL; - - if (ask) - { - char *formatted = NULL; - char *ocodeset = i18n_switchto_utf8 (); - - if (!strncmp (want_sn, "D27600012401", 12) - && strlen (want_sn) == 32 ) - formatted = xtryasprintf ("(%.4s) %.8s", - want_sn + 16, want_sn + 20); - - err = 0; - desc = xtryasprintf - ("%s:\n\n" - " \"%s\"", - ask == 1 - ? _("Please insert the card with serial number") - : _("Please remove the current card and " - "insert the one with serial number"), - formatted? formatted : want_sn); - if (!desc) - err = gpg_error_from_syserror (); - xfree (formatted); - i18n_switchback (ocodeset); - if (!err) - err = gpg_agent_get_confirmation (desc); - xfree (desc); - } - } - while (ask && !err); - xfree (want_sn); - } - - return err; -} - - - /* Send a READCERT command to the SCdaemon. */ int agent_scd_readcert (const char *certidstr, commit a672ddec03f96475866d712b28be18b3fab43aef Author: NIIBE Yutaka Date: Wed Mar 15 16:45:18 2017 +0900 tests: Fix running python condition. * tests/gpgme/gpgme-defs.scm (run-python-tests?): We need Python. Signed-off-by: NIIBE Yutaka diff --git a/tests/gpgme/gpgme-defs.scm b/tests/gpgme/gpgme-defs.scm index 2b104f2..0583774 100644 --- a/tests/gpgme/gpgme-defs.scm +++ b/tests/gpgme/gpgme-defs.scm @@ -175,9 +175,10 @@ (define python (catch #f (path-expand "python" (string-split (getenv "PATH") *pathsep*)))) (define (run-python-tests?) - (let* ((python-version - (string-trim char-whitespace? - (call-popen `(,python -c "import sys; print('{0}.{1}'.format(sys.version_info[0], sys.version_info[1]))") ""))) - (build-path (path-join gpgme-builddir "lang" "python" - (string-append "python" python-version "-gpg")))) - (trace (file-exists? (trace build-path))))) + (and python + (let* ((python-version + (string-trim char-whitespace? + (call-popen `(,python -c "import sys; print('{0}.{1}'.format(sys.version_info[0], sys.version_info[1]))") ""))) + (build-path (path-join gpgme-builddir "lang" "python" + (string-append "python" python-version "-gpg")))) + (trace (file-exists? (trace build-path)))))) ----------------------------------------------------------------------- Summary of changes: g10/call-agent.c | 92 ---------------------------------------------- g10/card-util.c | 2 +- tests/gpgme/gpgme-defs.scm | 13 ++++--- 3 files changed, 8 insertions(+), 99 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 15 10:55:00 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 15 Mar 2017 10:55:00 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-54-g6993e42 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 6993e42088c191f18468317ba2b5b8fbc8c3edff (commit) from 61785b679c542bbd789395fa632eb8b5133b01ad (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6993e42088c191f18468317ba2b5b8fbc8c3edff Author: Justus Winter Date: Wed Mar 15 10:51:03 2017 +0100 build: Remove '--disable-tools' configuration option. * Makefile.am (SUBDIRS): Unconditionally include 'tools'. * configure.ac: Remove '--disable-tools' configuration option. -- gpgconf is a core component nowadays and is always required. GnuPG-bug-id: 2993 Signed-off-by: Justus Winter diff --git a/Makefile.am b/Makefile.am index 71e691a..7d023c1 100644 --- a/Makefile.am +++ b/Makefile.am @@ -81,11 +81,6 @@ dirmngr = dirmngr else dirmngr = endif -if BUILD_TOOLS -tools = tools -else -tools = -endif if BUILD_DOC doc = doc else @@ -94,7 +89,7 @@ endif SUBDIRS = m4 common kbx \ ${gpg} ${sm} ${agent} ${scd} ${g13} ${dirmngr} \ - ${tools} po ${doc} tests + tools po ${doc} tests dist_doc_DATA = README diff --git a/configure.ac b/configure.ac index bd618e5..df7a059 100644 --- a/configure.ac +++ b/configure.ac @@ -126,7 +126,6 @@ build_agent=yes GNUPG_BUILD_PROGRAM(scdaemon, yes) GNUPG_BUILD_PROGRAM(g13, no) GNUPG_BUILD_PROGRAM(dirmngr, yes) -GNUPG_BUILD_PROGRAM(tools, yes) GNUPG_BUILD_PROGRAM(doc, yes) GNUPG_BUILD_PROGRAM(symcryptrun, no) # We use gpgtar to unpack test data, hence we always build it. If the @@ -1706,7 +1705,6 @@ AM_CONDITIONAL(BUILD_AGENT, test "$build_agent" = "yes") AM_CONDITIONAL(BUILD_SCDAEMON, test "$build_scdaemon" = "yes") AM_CONDITIONAL(BUILD_G13, test "$build_g13" = "yes") AM_CONDITIONAL(BUILD_DIRMNGR, test "$build_dirmngr" = "yes") -AM_CONDITIONAL(BUILD_TOOLS, test "$build_tools" = "yes") AM_CONDITIONAL(BUILD_DOC, test "$build_doc" = "yes") AM_CONDITIONAL(BUILD_SYMCRYPTRUN, test "$build_symcryptrun" = "yes") AM_CONDITIONAL(BUILD_GPGTAR, test "$build_gpgtar" = "yes") ----------------------------------------------------------------------- Summary of changes: Makefile.am | 7 +------ configure.ac | 2 -- 2 files changed, 1 insertion(+), 8 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 15 12:26:39 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 15 Mar 2017 12:26:39 +0100 Subject: [git] gnupg-doc - branch, master, updated. 3459d48039bbcae2c63a52191e45c33d21057efa Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 3459d48039bbcae2c63a52191e45c33d21057efa (commit) from fd06846e220ad3acb726d72e71580615cfbc24ca (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3459d48039bbcae2c63a52191e45c33d21057efa Author: Justus Winter Date: Wed Mar 15 12:26:28 2017 +0100 git.gnupg.org: Remove link to drm.info. diff --git a/misc/git.gnupg.org/index.html b/misc/git.gnupg.org/index.html index c6dcef7..c53c961 100644 --- a/misc/git.gnupg.org/index.html +++ b/misc/git.gnupg.org/index.html @@ -194,11 +194,6 @@ Here is a list of projects now hosted on other servers: alt="Valid XHTML 1.0!" height="31" width="88" />     - - Digital Respect for the Masses -     Peace! This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via c7833eca38fdb8d9ba7b59438ea87d651b8bf7ba (commit) from 6993e42088c191f18468317ba2b5b8fbc8c3edff (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c7833eca38fdb8d9ba7b59438ea87d651b8bf7ba Author: Justus Winter Date: Wed Mar 15 12:34:04 2017 +0100 tests: Dump the tools that the tests are going to use. * tests/openpgp/setup.scm: Dump the tools that the tests are going to use. This will help us diagnose problems with the tests picking the wrong paths in the future. GnuPG-bug-id: 2979 Signed-off-by: Justus Winter diff --git a/tests/openpgp/setup.scm b/tests/openpgp/setup.scm index bf1876e..4b3bfcb 100755 --- a/tests/openpgp/setup.scm +++ b/tests/openpgp/setup.scm @@ -22,6 +22,24 @@ (unless (member "--create-tarball" *args*) (fail "Usage: setup.scm --create-tarball ")) +(when (> (*verbose*) 0) + (define (pad symbol length) + (let loop ((cs (string->list (symbol->string symbol))) + (result (make-string length #\space)) + (i 0)) + (if (null? cs) + result + (begin + (string-set! result i (car cs)) + (loop (cdr cs) result (+ 1 i)))))) + (log " I am going to use these tools:\n" + "==============================") + (for-each + (lambda (t) + (log (pad t 25) (tool t))) + '(gpgconf gpg gpg-agent scdaemon gpgsm dirmngr gpg-connect-agent + gpg-preset-passphrase gpgtar pinentry))) + (with-ephemeral-home-directory (chdir (getenv "GNUPGHOME")) (create-gpghome) ----------------------------------------------------------------------- Summary of changes: tests/openpgp/setup.scm | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 15 15:13:06 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 15 Mar 2017 15:13:06 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-56-ga98459d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via a98459d3f4ec3d196fb0adb0e90dadf40abc8c81 (commit) from c7833eca38fdb8d9ba7b59438ea87d651b8bf7ba (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a98459d3f4ec3d196fb0adb0e90dadf40abc8c81 Author: Justus Winter Date: Wed Mar 15 14:36:27 2017 +0100 tests: Fix using tools from the build directory. * tests/openpgp/defs.scm (gpg-conf'): Explicitly pass the build prefix to gpgconf here... (gpg-components): ... instead of only here. -- Previously, gpgconf was not invoked with '--build-prefix' when changing the configuration. This made tests using this facility fail (e.g. the TOFU test). This only affected release builds, because in development builds gpgconf picks up the build prefix from the environment. GnuPG-bug-id: 2979 Signed-off-by: Justus Winter diff --git a/tests/openpgp/defs.scm b/tests/openpgp/defs.scm index 568ffab..7c8e10a 100644 --- a/tests/openpgp/defs.scm +++ b/tests/openpgp/defs.scm @@ -140,10 +140,16 @@ (define valgrind '("/usr/bin/valgrind" --leak-check=full --error-exitcode=154)) +(unless installed? + (setenv "GNUPG_BUILDDIR" (getenv "objdir") #t)) + (define (gpg-conf . args) (gpg-conf' "" args)) (define (gpg-conf' input args) - (let ((s (call-popen `(,(tool-hardcoded 'gpgconf) , at args) input))) + (let ((s (call-popen `(,(tool-hardcoded 'gpgconf) + ,@(if installed? '() + (list '--build-prefix (getenv "objdir"))) + , at args) input))) (map (lambda (line) (map percent-decode (string-split line #\:))) (string-split-newlines s)))) (define :gc:c:name car) @@ -180,13 +186,7 @@ (gpg-conf' (string-append key ":16:") `(--change-options ,component))))) - -(unless installed? - (setenv "GNUPG_BUILDDIR" (getenv "objdir") #t)) -(define gpg-components (apply gpg-conf - `(,@(if installed? '() - (list '--build-prefix (getenv "objdir"))) - --list-components))) +(define gpg-components (apply gpg-conf '(--list-components))) (define (tool which) (case which ----------------------------------------------------------------------- Summary of changes: tests/openpgp/defs.scm | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 16 06:37:45 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 16 Mar 2017 06:37:45 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-57-g8c8ce87 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 8c8ce8711d9c938fcb982b0341e6b052742cb887 (commit) from a98459d3f4ec3d196fb0adb0e90dadf40abc8c81 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8c8ce8711d9c938fcb982b0341e6b052742cb887 Author: NIIBE Yutaka Date: Thu Mar 16 14:32:51 2017 +0900 agent,g10: Remove redundant SERIALNO request. * agent/learncard.c (agent_handle_learn): Don't call agent_card_serialno. Get the serialno in status response. * g10/call-agent.c (agent_scd_learn): Don't request "SCD SERIALNO". (agent_scd_serialno): New. (card_cardlist_cb, agent_scd_cardlist): New. Signed-off-by: NIIBE Yutaka diff --git a/agent/learncard.c b/agent/learncard.c index cce9c3a..e0c882a 100644 --- a/agent/learncard.c +++ b/agent/learncard.c @@ -302,11 +302,10 @@ int agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context, int force) { int rc; - struct kpinfo_cb_parm_s parm; struct certinfo_cb_parm_s cparm; struct sinfo_cb_parm_s sparm; - char *serialno = NULL; + const char *serialno = NULL; KEYPAIR_INFO item; SINFO sitem; unsigned char grip[20]; @@ -329,11 +328,6 @@ agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context, int force) parm.ctrl = ctrl; cparm.ctrl = ctrl; - /* Check whether a card is present and get the serial number */ - rc = agent_card_serialno (ctrl, &serialno, NULL); - if (rc) - goto leave; - /* Now gather all the available info. */ rc = agent_card_learn (ctrl, kpinfo_cb, &parm, certinfo_cb, &cparm, sinfo_cb, &sparm); @@ -345,17 +339,25 @@ agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context, int force) goto leave; } - log_info ("card has S/N: %s\n", serialno); - /* Pass on all the collected status information. */ if (assuan_context) { for (sitem = sparm.info; sitem; sitem = sitem->next) { + if (!strcmp (sitem->keyword, "SERIALNO")) + serialno = sitem->data; assuan_write_status (assuan_context, sitem->keyword, sitem->data); } } + if (!serialno) + { + rc = GPG_ERR_NOT_FOUND; + goto leave; + } + + log_info ("card has S/N: %s\n", serialno); + /* Write out the certificates in a standard order. */ for (i=0; certtype_list[i] != -1; i++) { @@ -438,7 +440,6 @@ agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context, int force) leave: - xfree (serialno); release_keypair_info (parm.info); release_certinfo (cparm.info); release_sinfo (sparm.info); diff --git a/g10/call-agent.c b/g10/call-agent.c index 1606797..af06bf5 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -656,18 +656,6 @@ agent_scd_learn (struct agent_card_info_s *info, int force) if (rc) return rc; - /* Send the serialno command to initialize the connection. We don't - care about the data returned. If the card has already been - initialized, this is a very fast command. The main reason we - need to do this here is to handle a card removed case so that an - "l" command in --edit-card can be used to show ta newly inserted - card. We request the openpgp card because that is what we - expect. */ - rc = assuan_transact (agent_ctx, "SCD SERIALNO openpgp", - NULL, NULL, NULL, NULL, NULL, NULL); - if (rc) - return rc; - parm.ctx = agent_ctx; rc = assuan_transact (agent_ctx, force ? "LEARN --sendinfo --force" : "LEARN --sendinfo", @@ -1024,9 +1012,37 @@ agent_scd_genkey (int keyno, int force, u32 *createtime) status_sc_op_failure (rc); return rc; } + +/* Return the serial number of the card or an appropriate error. The + serial number is returned as a hexstring. */ +int +agent_scd_serialno (char **r_serialno, const char *demand) +{ + int err; + char *serialno = NULL; + char line[ASSUAN_LINELENGTH]; + err = start_agent (NULL, 1); + if (err) + return err; + if (!demand) + strcpy (line, "SCD SERIALNO"); + else + snprintf (line, DIM(line), "SCD SERIALNO --demand=%s", demand); + err = assuan_transact (agent_ctx, line, + NULL, NULL, NULL, NULL, + get_serialno_cb, &serialno); + if (err) + { + xfree (serialno); + return err; + } + + *r_serialno = serialno; + return 0; +} /* Send a READCERT command to the SCdaemon. */ int @@ -1066,8 +1082,72 @@ agent_scd_readcert (const char *certidstr, return 0; } + +struct card_cardlist_parm_s { + int error; + strlist_t list; +}; + +/* Callback function for agent_card_cardlist. */ +static gpg_error_t +card_cardlist_cb (void *opaque, const char *line) +{ + struct card_cardlist_parm_s *parm = opaque; + const char *keyword = line; + int keywordlen; + for (keywordlen=0; *line && !spacep (line); line++, keywordlen++) + ; + while (spacep (line)) + line++; + + if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen)) + { + const char *s; + int n; + + for (n=0,s=line; hexdigitp (s); s++, n++) + ; + + if (!n || (n&1) || *s) + parm->error = gpg_error (GPG_ERR_ASS_PARAMETER); + else + add_to_strlist (&parm->list, line); + } + + return 0; +} + +/* Return cardlist. */ +int +agent_scd_cardlist (strlist_t *result) +{ + int err; + char line[ASSUAN_LINELENGTH]; + struct card_cardlist_parm_s parm; + + memset (&parm, 0, sizeof parm); + *result = NULL; + err = start_agent (NULL, 1); + if (err) + return err; + + strcpy (line, "SCD GETINFO card_list"); + + err = assuan_transact (agent_ctx, line, + NULL, NULL, NULL, NULL, + card_cardlist_cb, &parm); + if (!err && parm.error) + err = parm.error; + + if (!err) + *result = parm.list; + else + free_strlist (parm.list); + + return 0; +} /* Change the PIN of an OpenPGP card or reset the retry counter. CHVNO 1: Change the PIN diff --git a/g10/call-agent.h b/g10/call-agent.h index e4fea57..a04fc73 100644 --- a/g10/call-agent.h +++ b/g10/call-agent.h @@ -76,6 +76,12 @@ void agent_release_card_info (struct agent_card_info_s *info); /* Return card info. */ int agent_scd_learn (struct agent_card_info_s *info, int force); +/* Return list of cards. */ +int agent_scd_cardlist (strlist_t *result); + +/* Return the serial number, possibly select by DEMAND. */ +int agent_scd_serialno (char **r_serialno, const char *demand); + /* Send an APDU to the card. */ gpg_error_t agent_scd_apdu (const char *hexapdu, unsigned int *r_sw); ----------------------------------------------------------------------- Summary of changes: agent/learncard.c | 21 +++++------ g10/call-agent.c | 104 +++++++++++++++++++++++++++++++++++++++++++++++------- g10/call-agent.h | 6 ++++ 3 files changed, 109 insertions(+), 22 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 16 11:34:33 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 16 Mar 2017 11:34:33 +0100 Subject: [git] NTBTLS - branch, master, updated. 06bb9a836981e48c2e6939fb21480d97253a4588 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Not Too Bad TLS". The branch, master has been updated via 06bb9a836981e48c2e6939fb21480d97253a4588 (commit) via 5de470fbeb7b6d92070206414d130dfb53d96e69 (commit) via 17efdd6202ed0901b51bfd1045e7e48e3a8a3ead (commit) via 1fc1669e037cfcc1cef1c1af58141d5aace2e9d2 (commit) from e582e91e47a164816ac074b9078dbed8537601dc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 06bb9a836981e48c2e6939fb21480d97253a4588 Author: Werner Koch Date: Thu Mar 16 11:31:36 2017 +0100 Post release updates. -- diff --git a/NEWS b/NEWS index d55531f..2a773c3 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 0.1.2 (unreleased) [C0/A0/R_] +------------------------------------------------ + + Noteworthy changes in version 0.1.1 (2017-03-16) [C0/A0/R1] ------------------------------------------------ diff --git a/configure.ac b/configure.ac index c76ccb1..71ee5ee 100644 --- a/configure.ac +++ b/configure.ac @@ -27,7 +27,7 @@ min_automake_version="1.14" m4_define([mym4_package],[ntbtls]) m4_define([mym4_major], [0]) m4_define([mym4_minor], [1]) -m4_define([mym4_micro], [1]) +m4_define([mym4_micro], [2]) # To start a new development series, i.e a new major or minor number # you need to mark an arbitrary commit before the first beta release commit 5de470fbeb7b6d92070206414d130dfb53d96e69 Author: Werner Koch Date: Thu Mar 16 11:24:55 2017 +0100 Release 0.1.1 Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index 4786e9a..d55531f 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,8 @@ -Noteworthy changes in version 0.1.1 (unreleased) [C0/A0/R_] +Noteworthy changes in version 0.1.1 (2017-03-16) [C0/A0/R1] ------------------------------------------------ + * Now supports ECDHE-RSA key exchange. + Noteworthy changes in version 0.1.0 (2017-02-21) [C0/A0/R0] ------------------------------------------------ diff --git a/configure.ac b/configure.ac index 80b958e..c76ccb1 100644 --- a/configure.ac +++ b/configure.ac @@ -54,7 +54,7 @@ AC_INIT([mym4_package],[mym4_version], [http://bugs.gnupg.org]) # (No interfaces changed: REVISION++) LIBNTBTLS_LT_CURRENT=0 LIBNTBTLS_LT_AGE=0 -LIBNTBTLS_LT_REVISION=0 +LIBNTBTLS_LT_REVISION=1 # If the API is changed in an incompatible way: increment the next counter. NTBTLS_CONFIG_API_VERSION=1 commit 17efdd6202ed0901b51bfd1045e7e48e3a8a3ead Author: Werner Koch Date: Thu Mar 16 10:40:19 2017 +0100 Implement ECDHE-RSA key exchange. * src/ecdh.c: New file. * src/Makefile.am (libntbtls_la_SOURCES): Add new file. * src/context.h (ecdh_context_t): New type. (_ntbtls_handshake_params_s): Use new type for 'ecdh_ctx'. * src/protocol.c (handshake_params_init): Init ECDH_CTX. (handshake_params_deinit): Deinit ECDH_CTX. (ssl_write_hello_request): Rename to write_hello_request. Change caller. * src/protocol-cli.c (write_supported_elliptic_curves_ext): Implement. (write_cli_supported_point_formats_ext): Implement. (write_client_hello): Call them. (parse_supported_point_formats_ext): Implement. (parse_server_ecdh_params): Implement. (parse_signature_algorithm): Fix debug output. (read_server_key_exchange): Improve debug output. (write_client_key_exchange): Implement ECDHE key exchange. * src/ciphersuites.c (_ntbtls_ciphersuite_list): Advertise ECDHE_RSA key exchange. Signed-off-by: Werner Koch diff --git a/doc/HACKING b/doc/HACKING index e034df3..5a56533 100644 --- a/doc/HACKING +++ b/doc/HACKING @@ -19,12 +19,29 @@ --port 8443 #+end_example + To test only a single ECDHDE cipher suite, this can be useful: + +#+begin_example + --priority SECURE128:+ECDHE-RSA:-RSA:-DHE-RSA:-PSK:-CAMELLIA-128-CBC:\ + -CAMELLIA-256-CBC:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-SHA1:\ + -AES-128-GCM:-AES-256-GCM:-SHA384 +#+end_example + + ** How to start an OpenSSL test server * Specs ** RFC Notes +*** 4492 - Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer + Security (TLS). S. Blake-Wilson, N. Bolyard, V. Gupta, C. Hawk, B. + Moeller. May 2006. (Format: TXT=72231 bytes) (Updated by RFC5246, + RFC7027) (Status: INFORMATIONAL) (DOI: 10.17487/RFC4492) + + - 5246 :: See A.7 for the changes. + - 7027 :: Brainpool curves + *** 5246 - The Transport Layer Security (TLS) Protocol Version 1.2. T. Dierks, E. Rescorla. August 2008. (Format: TXT=222395 bytes) (Obsoletes RFC3268, RFC4346, RFC4366) (Updates RFC4492) (Updated diff --git a/src/Makefile.am b/src/Makefile.am index d0fa8a2..23100d0 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -86,7 +86,7 @@ libntbtls_la_SOURCES = \ protocol.c \ protocol-cli.c \ ciphersuites.c ciphersuites.h \ - pkglue.c x509.c dhm.c \ + pkglue.c x509.c dhm.c ecdh.c \ debug.c # protocol-srv.c diff --git a/src/ciphersuites.c b/src/ciphersuites.c index 68c4108..bce0521 100644 --- a/src/ciphersuites.c +++ b/src/ciphersuites.c @@ -1305,7 +1305,6 @@ _ntbtls_ciphersuite_list (void) /*FIXME: GCM and CCM are not yet ready for us - disable. */ if (suite->ciphermode != GCRY_CIPHER_MODE_GCM && suite->ciphermode != GCRY_CIPHER_MODE_CCM - && suite->key_exchange != KEY_EXCHANGE_ECDHE_RSA && suite->key_exchange != KEY_EXCHANGE_ECDH_RSA && suite->key_exchange != KEY_EXCHANGE_ECDHE_ECDSA && suite->key_exchange != KEY_EXCHANGE_ECDH_ECDSA) diff --git a/src/context.h b/src/context.h index aac3017..93652b6 100644 --- a/src/context.h +++ b/src/context.h @@ -122,6 +122,13 @@ typedef struct dhm_context_s *dhm_context_t; /* + * Object to hold an ECDH context. + */ +struct ecdh_context_s; +typedef struct ecdh_context_s *ecdh_context_t; + + +/* * This structure is used for storing current session data. */ struct _ntbtls_session_s @@ -217,7 +224,7 @@ struct _ntbtls_handshake_params_s int cert_type; /*!< Requested cert type */ int verify_sig_alg; /*!< Signature algorithm for verify */ dhm_context_t dhm_ctx; /* DHM key exchange info. */ - /*ecdh_context*/void* ecdh_ctx; /*!< ECDH key exchange */ + ecdh_context_t ecdh_ctx; /* ECDH key exchange info. */ const /*ecp_curve_info*/void **curves;/*!< Supported elliptic curves */ /** * //FIXME: Better explain this diff --git a/src/ecdh.c b/src/ecdh.c new file mode 100644 index 0000000..da7e5a2 --- /dev/null +++ b/src/ecdh.c @@ -0,0 +1,316 @@ +/* ecdh.c - EC Diffie-Hellman key exchange + * Copyright (C) 2014, 2017 g10 Code GmbH + * + * This file is part of NTBTLS + * + * NTBTLS is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * NTBTLS is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#include +#include +#include +#include +#include + +#include "ntbtls-int.h" + + +/* While running the validation function we need to keep track of the + * certificates and the validation outcome of each. We use this type + * for it. */ +struct ecdh_context_s +{ + const char *curve_name; /* Only for display purposes. */ + gcry_ctx_t ecctx; /* The initialized context for the curve. + * This also holds the secre D and our + * public key Q. */ + gcry_mpi_point_t Qpeer; /* The peer's public value */ +}; + + + +/* Create a new ECDH context. */ +gpg_error_t +_ntbtls_ecdh_new (ecdh_context_t *r_ecdh) +{ + ecdh_context_t ecdh; + + *r_ecdh = NULL; + + ecdh = calloc (1, sizeof *ecdh); + if (!ecdh) + return gpg_error_from_syserror (); + + *r_ecdh = ecdh; + + return 0; +} + + +/* Release an ECDH context. */ +void +_ntbtls_ecdh_release (ecdh_context_t ecdh) +{ + if (!ecdh) + return; + gcry_ctx_release (ecdh->ecctx); + gcry_mpi_point_release (ecdh->Qpeer); + free (ecdh); +} + + +/* Parse the TLS ECDHE parameters and store them in ECDH. DER is the + * buffer with the params of length DERLEN. The number of actual + * parsed bytes is stored at R_NPARSED. */ +gpg_error_t +_ntbtls_ecdh_read_params (ecdh_context_t ecdh, + const void *_der, size_t derlen, + size_t *r_nparsed) +{ + gpg_error_t err; + const unsigned char *derstart = _der; + const unsigned char *der = _der; + size_t n; + gcry_mpi_t tmpmpi; + + if (r_nparsed) + *r_nparsed = 0; + + if (!ecdh || !der) + return gpg_error (GPG_ERR_INV_ARG); + + ecdh->curve_name = NULL; + gcry_ctx_release (ecdh->ecctx); ecdh->ecctx = NULL; + gcry_mpi_point_release (ecdh->Qpeer); ecdh->Qpeer = NULL; + + /* struct { + * ECParameters curve_params; + * ECPoint public; + * } ServerECDHParams; + */ + + /* Parse ECParameters. */ + if (derlen < 3) + return gpg_error (GPG_ERR_TOO_SHORT); + /* We only support named curves (3). */ + if (*der != 3) + return gpg_error (GPG_ERR_UNKNOWN_CURVE); + der++; + derlen--; + /* And only the secp256r1 curve (23). */ + if (buf16_to_uint (der) != 23) + return gpg_error (GPG_ERR_UNKNOWN_CURVE); + der += 2; + derlen -= 2; + + ecdh->curve_name = "secp256r1"; + err = gcry_mpi_ec_new (&ecdh->ecctx, NULL, ecdh->curve_name); + if (err) + return err; + + /* Parse ECPoint. */ + if (derlen < 2) + return gpg_error (GPG_ERR_TOO_SHORT); + n = *der++; derlen--; + if (!n) + return gpg_error (GPG_ERR_INV_OBJ); + if (n > derlen) + return gpg_error (GPG_ERR_TOO_LARGE); + + tmpmpi = gcry_mpi_set_opaque_copy (NULL, der, 8*n); + if (!tmpmpi) + return gpg_error_from_syserror (); + der += n; + derlen -= n; + + ecdh->Qpeer = gcry_mpi_point_new (0); + err = gcry_mpi_ec_decode_point (ecdh->Qpeer, tmpmpi, ecdh->ecctx); + gcry_mpi_release (tmpmpi); + if (err) + { + gcry_mpi_point_release (ecdh->Qpeer); + ecdh->Qpeer = NULL; + return err; + } + + if (r_nparsed) + *r_nparsed = (der - derstart); + + debug_msg (3, "ECDH curve: %s", ecdh->curve_name); + debug_pnt (3, "ECDH Qpeer", ecdh->Qpeer, ecdh->ecctx); + + return 0; +} + + +/* Generate the secret D with 0 < D < N. */ +static gcry_mpi_t +gen_d (ecdh_context_t ecdh) +{ + unsigned int nbits; + gcry_mpi_t n, d; + + n = gcry_mpi_ec_get_mpi ("n", ecdh->ecctx, 0); + if (!n) + return NULL; + nbits = gcry_mpi_get_nbits (n); + d = gcry_mpi_snew (nbits); + + for (;;) + { + /* FIXME: For the second and further iterations we use too much + * random. It would be better to get just a few bits and use + * set/clear_bit to insert that into the D. Or implement a + * suitable gen_d function in libgcrypt. */ + gcry_mpi_randomize (d, nbits, GCRY_STRONG_RANDOM); + + /* Make sure we have the requested number of bits. The code + * looks a bit weird but it is easy to understand if you + * consider that mpi_set_highbit clears all higher bits. */ + if (mpi_test_bit (d, nbits-1)) + mpi_set_highbit (d, nbits-1); + else + mpi_clear_highbit (d, nbits-1); + + if (mpi_cmp (d, n) < 0 /* check: D < N */ + && mpi_cmp_ui (d, 0) > 0) /* check: D > 0 */ + break; /* okay */ + } + + gcry_mpi_release (n); + return d; +} + + +/* Create our own private value D and a public key. Store the public + key in OUTBUF. OUTBUFSIZE is the available length of OUTBUF. On + success the actual length of OUTBUF is stored at R_OUTBUFLEN. */ +gpg_error_t +_ntbtls_ecdh_make_public (ecdh_context_t ecdh, + unsigned char *outbuf, size_t outbufsize, + size_t *r_outbuflen) +{ + gpg_error_t err; + size_t n; + + if (!ecdh || !outbuf || !r_outbuflen || outbufsize < 2) + return gpg_error (GPG_ERR_INV_ARG); + + *r_outbuflen = 0; + + if (!ecdh->curve_name || !ecdh->ecctx || !ecdh->Qpeer) + return gpg_error (GPG_ERR_NOT_INITIALIZED); + + /* Create a secret and store it in the context. */ + { + gcry_mpi_t d; + + d = gen_d (ecdh); + if (!d) + return gpg_error (GPG_ERR_INV_OBJ); + + gcry_mpi_ec_set_mpi ("d", d, ecdh->ecctx); + debug_mpi (3, "ECDH d ", d); + gcry_mpi_release (d); + } + + { + gcry_mpi_t Q; + + /* Note that "q" is computed by the get function and returned in + * uncompressed form. */ + Q = gcry_mpi_ec_get_mpi ("q", ecdh->ecctx, 0); + if (!Q) + { + return gpg_error (GPG_ERR_INTERNAL); + } + debug_mpi (3, "ECDH Qour ", Q); + + /* Write as an ECPoint, that is prefix it with a one octet length. */ + err = gcry_mpi_print (GCRYMPI_FMT_USG, outbuf+1, outbufsize-1, &n, Q); + gcry_mpi_release (Q); + if (err) + return err; + if (n > 255) + return gpg_error (GPG_ERR_INV_DATA); + outbuf[0] = n; + n++; + } + + *r_outbuflen = n; + + return 0; +} + + +/* Derive the shared secret Z and store it in OUTBUF. OUTBUFSIZE is + * the available length of OUTBUF. On success the actual length of + * OUTBUF is stored at R_OUTBUFLEN. */ +gpg_error_t +_ntbtls_ecdh_calc_secret (ecdh_context_t ecdh, + unsigned char *outbuf, size_t outbufsize, + size_t *r_outbuflen) +{ + gpg_error_t err; + gcry_mpi_point_t P = NULL; + gcry_mpi_t d = NULL; + gcry_mpi_t x = NULL; + size_t n; + + if (!ecdh || !outbuf || !r_outbuflen) + return gpg_error (GPG_ERR_INV_ARG); + + *r_outbuflen = 0; + + if (!ecdh->curve_name || !ecdh->ecctx || !ecdh->Qpeer) + return gpg_error (GPG_ERR_NOT_INITIALIZED); + + /* 1. Check that Q_peer is on the curve + * 2. Compute: P = d * Q_peer + * 2. Check that P is not the point at infinity. + * 3. Copy the x-coordinate of P to the output. + */ + + if (!gcry_mpi_ec_curve_point (ecdh->Qpeer, ecdh->ecctx)) + { + err = gpg_error (GPG_ERR_INV_DATA); + goto leave; + } + + d = gcry_mpi_ec_get_mpi ("d", ecdh->ecctx, 0); + if (!d) + return gpg_error (GPG_ERR_NOT_INITIALIZED); + + P = gcry_mpi_point_new (0); + gcry_mpi_ec_mul (P, d, ecdh->Qpeer, ecdh->ecctx); + + x = gcry_mpi_new (0); + if (gcry_mpi_ec_get_affine (x, NULL, P, ecdh->ecctx)) + { + err = gpg_error (GPG_ERR_INV_DATA); + goto leave; + } + + err = gcry_mpi_print (GCRYMPI_FMT_USG, outbuf, outbufsize, &n, x); + if (err) + goto leave; + + *r_outbuflen = n; + + leave: + gcry_mpi_release (d); + gcry_mpi_release (x); + gcry_mpi_point_release (P); + return err; +} diff --git a/src/ntbtls-int.h b/src/ntbtls-int.h index e12f592..cb20ccc 100644 --- a/src/ntbtls-int.h +++ b/src/ntbtls-int.h @@ -402,6 +402,18 @@ gpg_error_t _ntbtls_dhm_calc_secret (dhm_context_t dhm, unsigned char *outbuf, size_t outbufsize, size_t *r_outbuflen); +/*-- ecdh.c --*/ +gpg_error_t _ntbtls_ecdh_new (ecdh_context_t *r_ecdh); +void _ntbtls_ecdh_release (ecdh_context_t ecdh); +gpg_error_t _ntbtls_ecdh_read_params (ecdh_context_t ecdh, + const void *der, size_t derlen, + size_t *r_nparsed); +gpg_error_t _ntbtls_ecdh_make_public (ecdh_context_t ecdh, + unsigned char *outbuf, size_t outbufsize, + size_t *r_outbuflen); +gpg_error_t _ntbtls_ecdh_calc_secret (ecdh_context_t ecdh, + unsigned char *outbuf, size_t outbufsize, + size_t *r_outbuflen); diff --git a/src/protocol-cli.c b/src/protocol-cli.c index d341833..54e8244 100644 --- a/src/protocol-cli.c +++ b/src/protocol-cli.c @@ -183,67 +183,56 @@ write_signature_algorithms_ext (ntbtls_t ssl, } -/* static void */ -/* write_supported_elliptic_curves_ext (ntbtls_t ssl, */ -/* unsigned char *buf, size_t * olen) */ -/* { */ - //FIXME: - /* unsigned char *p = buf; */ - /* unsigned char *elliptic_curve_list = p + 6; */ - /* size_t elliptic_curve_len = 0; */ - /* const ecp_curve_info *info; */ - /* const ecp_group_id *grp_id; */ - - /* *olen = 0; */ +static void +write_supported_elliptic_curves_ext (ntbtls_t tls, + unsigned char *buf, size_t * olen) +{ + unsigned char *p = buf; + unsigned char *elliptic_curve_list = p + 6; + size_t elliptic_curve_len = 0; - /* debug_msg (3, "client hello, adding supported_elliptic_curves extension"); */ + (void)tls; - /* for (grp_id = ssl->curve_list; *grp_id != POLARSSL_ECP_DP_NONE; grp_id++) */ - /* { */ - /* info = ecp_curve_info_from_grp_id (*grp_id); */ - /* elliptic_curve_list[elliptic_curve_len++] = info->tls_id >> 8; */ - /* elliptic_curve_list[elliptic_curve_len++] = info->tls_id & 0xFF; */ - /* } */ + debug_msg (3, "client hello, adding supported_elliptic_curves extension"); - /* if (elliptic_curve_len == 0) */ - /* return; */ + /* We only support curve secp256r1 (23). */ + elliptic_curve_list[elliptic_curve_len++] = 0; + elliptic_curve_list[elliptic_curve_len++] = 23; - /* *p++ = (unsigned char) ((TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8) & 0xFF); */ - /* *p++ = (unsigned char) ((TLS_EXT_SUPPORTED_ELLIPTIC_CURVES) & 0xFF); */ + *p++ = (unsigned char) ((TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8) & 0xFF); + *p++ = (unsigned char) ((TLS_EXT_SUPPORTED_ELLIPTIC_CURVES) & 0xFF); - /* *p++ = (unsigned char) (((elliptic_curve_len + 2) >> 8) & 0xFF); */ - /* *p++ = (unsigned char) (((elliptic_curve_len + 2)) & 0xFF); */ + *p++ = (unsigned char) (((elliptic_curve_len + 2) >> 8) & 0xFF); + *p++ = (unsigned char) (((elliptic_curve_len + 2)) & 0xFF); - /* *p++ = (unsigned char) (((elliptic_curve_len) >> 8) & 0xFF); */ - /* *p++ = (unsigned char) (((elliptic_curve_len)) & 0xFF); */ + *p++ = (unsigned char) (((elliptic_curve_len) >> 8) & 0xFF); + *p++ = (unsigned char) (((elliptic_curve_len)) & 0xFF); - /* *olen = 6 + elliptic_curve_len; */ -/* } */ + *olen = 6 + elliptic_curve_len; +} -/* static void */ -/* write_cli_supported_point_formats_ext (ntbtls_t ssl, */ -/* unsigned char *buf, size_t * olen) */ -/* { */ - //FIXME: - /* unsigned char *p = buf; */ - /* ((void) ssl); */ +static void +write_cli_supported_point_formats_ext (ntbtls_t tls, + unsigned char *buf, size_t *olen) +{ + unsigned char *p = buf; - /* *olen = 0; */ + (void)tls; - /* debug_msg (3, "client hello, adding supported_point_formats extension"); */ + debug_msg (3, "client hello, adding supported_point_formats extension"); - /* *p++ = (unsigned char) ((TLS_EXT_SUPPORTED_POINT_FORMATS >> 8) & 0xFF); */ - /* *p++ = (unsigned char) ((TLS_EXT_SUPPORTED_POINT_FORMATS) & 0xFF); */ + *p++ = (unsigned char) ((TLS_EXT_SUPPORTED_POINT_FORMATS >> 8) & 0xFF); + *p++ = (unsigned char) ((TLS_EXT_SUPPORTED_POINT_FORMATS) & 0xFF); - /* *p++ = 0x00; */ - /* *p++ = 2; */ + *p++ = 0; + *p++ = 2; - /* *p++ = 1; */ - /* *p++ = POLARSSL_ECP_PF_UNCOMPRESSED; */ + *p++ = 1; /* One item. */ + *p++ = 0; /* Uncompressed. */ - /* *olen = 6; */ -/* } */ + *olen = 6; +} static void @@ -506,7 +495,7 @@ write_client_hello (ntbtls_t tls) tls->max_minor_ver)) continue; - debug_msg (3, "client_hello, add ciphersuite: %5d %s", + debug_msg (5, "client_hello, add ciphersuite: %5d %s", ciphersuites[i], _ntbtls_ciphersuite_get_name (ciphersuites[i])); @@ -539,11 +528,11 @@ write_client_hello (ntbtls_t tls) write_signature_algorithms_ext (tls, p + 2 + ext_len, &olen); ext_len += olen; - /* ssl_write_supported_elliptic_curves_ext (tls, p + 2 + ext_len, &olen); */ - /* ext_len += olen; */ + write_supported_elliptic_curves_ext (tls, p + 2 + ext_len, &olen); + ext_len += olen; - /* write_cli_supported_point_formats_ext (tls, p + 2 + ext_len, &olen); */ - /* ext_len += olen; */ + write_cli_supported_point_formats_ext (tls, p + 2 + ext_len, &olen); + ext_len += olen; write_cli_max_fragment_length_ext (tls, p + 2 + ext_len, &olen); ext_len += olen; @@ -680,33 +669,34 @@ static gpg_error_t parse_supported_point_formats_ext (ntbtls_t ssl, const unsigned char *buf, size_t len) { - //FIXME: - /* size_t list_size; */ - /* const unsigned char *p; */ + size_t list_size; + const unsigned char *p; - /* list_size = buf[0]; */ - /* if (list_size + 1 != len) */ - /* { */ - /* debug_msg (1, "bad server hello message"); */ - /* return gpg_error (GPG_ERR_BAD_HS_SERVER_HELLO); */ - /* } */ + list_size = buf[0]; + if (list_size + 1 != len) + { + debug_msg (1, "bad server hello message"); + return gpg_error (GPG_ERR_BAD_HS_SERVER_HELLO); + } - /* p = buf + 1; */ - /* while (list_size > 0) */ - /* { */ - /* if (p[0] == POLARSSL_ECP_PF_UNCOMPRESSED || */ - /* p[0] == POLARSSL_ECP_PF_COMPRESSED) */ - /* { */ - /* ssl->handshake->ecdh_ctx.point_format = p[0]; */ - /* debug_msg (4, "point format selected: %d", p[0]); */ - /* return (0); */ - /* } */ - - /* list_size--; */ - /* p++; */ - /* } */ + p = buf + 1; + while (list_size > 0) + { + if (p[0] == 0) + { + /* Fixme: Store the format - right now not required because + * we support only one format. */ + /* ssl->handshake->ecdh_ctx.point_format = p[0]; */ + (void)ssl; + debug_msg (4, "point format selected: %d", p[0]); + return 0; + } - /* debug_msg (1, "no point format in common"); */ + list_size--; + p++; + } + + debug_msg (1, "no point format in common"); return gpg_error (GPG_ERR_BAD_HS_SERVER_HELLO); } @@ -1089,58 +1079,21 @@ parse_server_dh_params (ntbtls_t tls, unsigned char **p, unsigned char *end) } -/* static int */ -/* ssl_check_server_ecdh_params (const ntbtls_t ssl) */ -/* { */ - //FIXME: - /* const ecp_curve_info *curve_info; */ - - /* curve_info = ecp_curve_info_from_grp_id (ssl->handshake->ecdh_ctx.grp.id); */ - /* if (curve_info == NULL) */ - /* { */ - /* debug_bug (); */ - /* return gpg_error (GPG_ERR_INTERNAL); */ - /* } */ - - /* debug_msg (2, "ECDH curve: %s", curve_info->name); */ - - /* if (!ssl_curve_is_acceptable (ssl, ssl->handshake->ecdh_ctx.grp.id)) */ - /* return (-1); */ - - /* SSL_DEBUG_ECP (3, "ECDH: Qp", &ssl->handshake->ecdh_ctx.Qp); */ - -/* return (0); */ -/* } */ - - static int -parse_server_ecdh_params (ntbtls_t ssl, unsigned char **p, unsigned char *end) +parse_server_ecdh_params (ntbtls_t tls, unsigned char **p, unsigned char *end) { - int ret = gpg_error (GPG_ERR_NOT_IMPLEMENTED); - - /* - * Ephemeral ECDH parameters: - * - * struct { - * ECParameters curve_params; - * ECPoint public; - * } ServerECDHParams; - */ - //FIXME: - /* if ((ret = ecdh_read_params (&ssl->handshake->ecdh_ctx, */ - /* (const unsigned char **) p, end)) != 0) */ - /* { */ - /* debug_ret (1, ("ecdh_read_params"), ret); */ - /* return (ret); */ - /* } */ + gpg_error_t err; + size_t n; - /* if (ssl_check_server_ecdh_params (ssl) != 0) */ - /* { */ - /* debug_msg (1, "bad server key exchange message (ECDHE curve)"); */ - /* return gpg_error (GPG_ERR_BAD_HS_SERVER_KEX); */ - /* } */ + if ((err = _ntbtls_ecdh_read_params (tls->handshake->ecdh_ctx, + *p, end - *p, &n))) + { + debug_ret (1, "ecdh_read_params", err); + return err; + } + *p += n; - return (ret); + return 0; } @@ -1273,10 +1226,10 @@ parse_signature_algorithm (ntbtls_t tls, unsigned char **p, unsigned char *end, return gpg_error (GPG_ERR_BAD_HS_SERVER_KEX); } - debug_msg (2, "Server used SignatureAlgorithm %s", - gcry_pk_algo_name ((*p)[1])); - debug_msg (2, "Server used HashAlgorithm %s", - gcry_md_algo_name ((*p)[0])); + debug_msg (2, "Server used HashAlgo %s", + gcry_md_algo_name (*md_alg)); + debug_msg (2, "Server used SignAlgo %s", + gcry_pk_algo_name (*pk_alg)); *p += 2; return 0; @@ -1445,13 +1398,15 @@ read_server_key_exchange (ntbtls_t tls) err = parse_signature_algorithm (tls, &p, end, &md_alg, &pk_alg); if (err) { - debug_msg (1, "bad server_key_exchange message (%d)", __LINE__); + debug_msg (1, "bad server_key_exchange message (%d): %s", + __LINE__, gpg_strerror (err)); return err; } if (pk_alg != _ntbtls_ciphersuite_get_sig_pk_alg (suite)) { - debug_msg (1, "bad server_key_exchange message (%d)", __LINE__); + debug_msg (1, "bad server_key_exchange message (%d): %s", + __LINE__, gpg_strerror (err)); return gpg_error (GPG_ERR_BAD_HS_SERVER_KEX); } //FIXME: Check that the ECC subtype matches. */ @@ -1754,29 +1709,24 @@ write_client_key_exchange (ntbtls_t tls) */ i = 4; - /* ret = ecdh_make_public (&tls->handshake->ecdh_ctx, */ - /* &n, &tls->out_msg[i], 1000); */ - err = gpg_error (GPG_ERR_NOT_IMPLEMENTED); + err = _ntbtls_ecdh_make_public (tls->handshake->ecdh_ctx, + tls->out_msg + i, 1000, &n); if (err) { debug_ret (1, "ecdh_make_public", err); return err; } - /* SSL_DEBUG_ECP (3, "ECDH: Q", &tls->handshake->ecdh_ctx.Q); */ - /* err = ecdh_calc_secret (&tls->handshake->ecdh_ctx, */ - /* &tls->handshake->pmslen, */ - /* tls->handshake->premaster, */ - /* POLARSSL_MPI_MAX_SIZE); */ - err = gpg_error (GPG_ERR_NOT_IMPLEMENTED); + err = _ntbtls_ecdh_calc_secret (tls->handshake->ecdh_ctx, + tls->handshake->premaster, + TLS_PREMASTER_SIZE, + &tls->handshake->pmslen); if (err) { debug_ret (1, "ecdh_calc_secret", err); return err; } - - /* SSL_DEBUG_MPI (3, "ECDH: z", &tls->handshake->ecdh_ctx.z); */ } else if (kex == KEY_EXCHANGE_PSK || kex == KEY_EXCHANGE_RSA_PSK diff --git a/src/protocol.c b/src/protocol.c index f736894..658cdbd 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -2482,12 +2482,21 @@ handshake_params_init (handshake_params_t handshake) return err; } - handshake->update_checksum = update_checksum_start; - handshake->sig_alg = TLS_HASH_SHA1; + err = _ntbtls_ecdh_new (&handshake->ecdh_ctx); + if (err) + { + _ntbtls_dhm_release (handshake->dhm_ctx); + handshake->dhm_ctx = NULL; + gcry_md_close (handshake->fin_sha256); + handshake->fin_sha256 = NULL; + gcry_md_close (handshake->fin_sha512); + handshake->fin_sha512 = NULL; + return err; + } + handshake->update_checksum = update_checksum_start; + handshake->sig_alg = TLS_HASH_SHA256; - //*FIXME: - /* ecdh_init (&handshake->ecdh_ctx); */ return 0; } @@ -2500,9 +2509,8 @@ handshake_params_deinit (handshake_params_t handshake) _ntbtls_dhm_release (handshake->dhm_ctx); handshake->dhm_ctx = NULL; - - //FIXME: - /* ecdh_free (&handshake->ecdh_ctx); */ + _ntbtls_ecdh_release (handshake->ecdh_ctx); + handshake->ecdh_ctx = NULL; free (handshake->curves); @@ -2800,7 +2808,7 @@ _ntbtls_release (ntbtls_t tls) /* Set the transport stream for the context TLS. This needs to be called right after init and may not be changed later. INBOUND and - OUTBOIUND are usually connected to the same socket. The caller + OUTBOUND are usually connected to the same socket. The caller must ensure that the streams are not closed as long as the context TLS is valid. However, after destroying the context the streams may be closed. This behavior allows to setup a TLS connection on @@ -3496,7 +3504,7 @@ _ntbtls_handshake (ntbtls_t tls) * Write HelloRequest to request renegotiation on server */ static int -ssl_write_hello_request (ntbtls_t ssl) +write_hello_request (ntbtls_t ssl) { int ret; @@ -3568,7 +3576,7 @@ ssl_renegotiate (ntbtls_t ssl) if (ssl->state != TLS_HANDSHAKE_OVER) return gpg_error (GPG_ERR_INV_ARG); - return (ssl_write_hello_request (ssl)); + return write_hello_request (ssl); } /* commit 1fc1669e037cfcc1cef1c1af58141d5aace2e9d2 Author: Werner Koch Date: Thu Mar 16 10:30:05 2017 +0100 New debug macro for print a point value. * src/debug.c (_ntbtls_debug_pnt): New. * src/util.h (debug_pnt): New macro. Signed-off-by: Werner Koch diff --git a/src/debug.c b/src/debug.c index 385953b..901b797 100644 --- a/src/debug.c +++ b/src/debug.c @@ -152,6 +152,17 @@ _ntbtls_debug_mpi (int level, const char *text, gcry_mpi_t a) void +_ntbtls_debug_pnt (int level, const char *text, + gcry_mpi_point_t a, gcry_ctx_t ctx) +{ + if (!debug_level || level > debug_level) + return; + + gcry_log_debugpnt (text, a, ctx); +} + + +void _ntbtls_debug_sxp (int level, const char *text, gcry_sexp_t a) { if (!debug_level || level > debug_level) diff --git a/src/util.h b/src/util.h index 4f37f3b..d9a0ebe 100644 --- a/src/util.h +++ b/src/util.h @@ -129,6 +129,8 @@ void _ntbtls_debug_buf (int level, const char *text, void _ntbtls_debug_bug (const char *file, int line); void _ntbtls_debug_ret (int level, const char *name, gpg_error_t err); void _ntbtls_debug_mpi (int level, const char *text, gcry_mpi_t a); +void _ntbtls_debug_pnt (int level, const char *text, + gcry_mpi_point_t a, gcry_ctx_t ctx); void _ntbtls_debug_sxp (int level, const char *text, gcry_sexp_t a); void _ntbtls_debug_crt (int level, const char *text, x509_cert_t chain); @@ -137,6 +139,7 @@ void _ntbtls_debug_crt (int level, const char *text, x509_cert_t chain); #define debug_bug() _ntbtls_debug_bug (__FILE__, __LINE__) #define debug_ret(l,n,e) _ntbtls_debug_ret ((l),(n),(e)) #define debug_mpi(l,t,a) _ntbtls_debug_mpi ((l),(t),(a)) +#define debug_pnt(l,t,a,c) _ntbtls_debug_pnt ((l),(t),(a),(c)) #define debug_sxp(l,t,a) _ntbtls_debug_sxp ((l),(t),(a)) #define debug_crt(l,t,a) _ntbtls_debug_crt ((l),(t),(a)) ----------------------------------------------------------------------- Summary of changes: NEWS | 8 +- configure.ac | 4 +- doc/HACKING | 17 +++ src/Makefile.am | 2 +- src/ciphersuites.c | 1 - src/context.h | 9 +- src/debug.c | 11 ++ src/ecdh.c | 316 +++++++++++++++++++++++++++++++++++++++++++++++++++++ src/ntbtls-int.h | 12 ++ src/protocol-cli.c | 230 +++++++++++++++----------------------- src/protocol.c | 28 +++-- src/util.h | 3 + 12 files changed, 485 insertions(+), 156 deletions(-) create mode 100644 src/ecdh.c hooks/post-receive -- Not Too Bad TLS http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 16 11:37:00 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 16 Mar 2017 11:37:00 +0100 Subject: [git] gnupg-doc - branch, master, updated. 791ed0a94772c653cfd3f64b9213a51d4e5dfb59 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 791ed0a94772c653cfd3f64b9213a51d4e5dfb59 (commit) from 3459d48039bbcae2c63a52191e45c33d21057efa (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 791ed0a94772c653cfd3f64b9213a51d4e5dfb59 Author: Werner Koch Date: Thu Mar 16 11:33:45 2017 +0100 swdb: Release info ntbtls 0.1.1 diff --git a/web/swdb.mac b/web/swdb.mac index 94dbb6a..921493d 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -130,11 +130,11 @@ # # NTBTLS # -#+macro: ntbtls_ver 0.1.0 -#+macro: ntbtls_date 2017-02-21 -#+macro: ntbtls_size 331k -#+macro: ntbtls_sha1 33cce3941e321b97f65b5e1f11b13fb25fb387b9 -#+macro: ntbtls_sha2 a9f99ba3af13e0b83818ce9581ebf7f82563ba30c418de37f1c53e85de1876ce +#+macro: ntbtls_ver 0.1.1 +#+macro: ntbtls_date 2017-03-16 +#+macro: ntbtls_size 333k +#+macro: ntbtls_sha1 6c0aacc43f7cd0695ad21463d94e7baf99215149 +#+macro: ntbtls_sha2 2d274ce64d2ac7613ed8f7ed7094332d50ac16916d1ebf1fc87b1018df146234 # ----------------------------------------------------------------------- Summary of changes: web/swdb.mac | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 16 11:56:30 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 16 Mar 2017 11:56:30 +0100 Subject: [git] gnupg-doc - branch, master, updated. 8fb348cca439d2bd1e6de497bada167dded7a1ea Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 8fb348cca439d2bd1e6de497bada167dded7a1ea (commit) from 791ed0a94772c653cfd3f64b9213a51d4e5dfb59 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8fb348cca439d2bd1e6de497bada167dded7a1ea Author: Werner Koch Date: Thu Mar 16 11:50:31 2017 +0100 web: New page and download link for ntbTLS. diff --git a/web/download/index.org b/web/download/index.org index a83479e..c0da554 100644 --- a/web/download/index.org +++ b/web/download/index.org @@ -41,24 +41,25 @@ The table lists the different GnuPG packages, followed by required libraries, required tools, and optional software. - | Name | Version | Date | Size | Tarball | Signature | - |---------------+------------------------+-------------------------+-------------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------| - | | | | | | | - | GnuPG modern | {{{gnupg21_ver}}} | {{{gnupg21_date}}} | {{{gnupg21_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg21_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg21_ver}}}.tar.bz2.sig{{{ftpclose}}} | - | GnuPG stable | {{{gnupg_ver}}} | {{{gnupg_date}}} | {{{gnupg_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg_ver}}}.tar.bz2.sig{{{ftpclose}}} | - |---------------+------------------------+-------------------------+-------------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------| - | [[../related_software/libgpg-error/index.org][Libgpg-error]] | {{{libgpg_error_ver}}} | {{{libgpg_error_date}}} | {{{libgpg_error_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2.sig{{{ftpclose}}} | - | [[../related_software/libgcrypt/index.org][Libgcrypt]] | {{{libgcrypt_ver}}} | {{{libgcrypt_date}}} | {{{libgcrypt_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2.sig{{{ftpclose}}} | - | [[../related_software/libksba/index.org][Libksba]] | {{{libksba_ver}}} | {{{libksba_date}}} | {{{libksba_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libksba/libksba-{{{libksba_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libksba/libksba-{{{libksba_ver}}}.tar.bz2.sig{{{ftpclose}}} | - | [[../related_software/libassuan/index.org][Libassuan]] | {{{libassuan_ver}}} | {{{libassuan_date}}} | {{{libassuan_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libassuan/libassuan-{{{libassuan_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libassuan/libassuan-{{{libassuan_ver}}}.tar.bz2.sig{{{ftpclose}}} | - | [[../related_software/npth/index.org][nPth]] | {{{npth_ver}}} | {{{npth_date}}} | {{{npth_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/npth/npth-{{{npth_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/npth/npth-{{{npth_ver}}}.tar.bz2.sig{{{ftpclose}}} | - |---------------+------------------------+-------------------------+-------------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------| - | Pinentry | {{{pinentry_ver}}} | {{{pinentry_date}}} | {{{pinentry_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/pinentry/pinentry-{{{pinentry_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/pinentry/pinentry-{{{pinentry_ver}}}.tar.bz2.sig{{{ftpclose}}} | - |---------------+------------------------+-------------------------+-------------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------| - | [[../related_software/gpgme/index.org][GPGME]] | {{{gpgme_ver}}} | {{{gpgme_date}}} | {{{gpgme_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gpgme/gpgme-{{{gpgme_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gpgme/gpgme-{{{gpgme_ver}}}.tar.bz2.sig{{{ftpclose}}} | - | [[../related_software/gpa/index.org][GPA]] | {{{gpa_ver}}} | {{{gpa_date}}} | {{{gpa_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gpa/gpa-{{{gpa_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gpa/gpa-{{{gpa_ver}}}.tar.bz2.sig{{{ftpclose}}} | - | Dirmngr | {{{dirmngr_ver}}} | {{{dirmngr_date}}} | {{{dirmngr_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2.sig{{{ftpclose}}} | - |---------------+------------------------+-------------------------+-------------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------| + | Name | Version | Date | Size | Tarball | Signature | + |--------------+------------------------+-------------------------+-------------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------| + | | | | | | | + | GnuPG modern | {{{gnupg21_ver}}} | {{{gnupg21_date}}} | {{{gnupg21_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg21_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg21_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | GnuPG stable | {{{gnupg_ver}}} | {{{gnupg_date}}} | {{{gnupg_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg_ver}}}.tar.bz2.sig{{{ftpclose}}} | + |--------------+------------------------+-------------------------+-------------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------| + | [[../related_software/libgpg-error/index.org][Libgpg-error]] | {{{libgpg_error_ver}}} | {{{libgpg_error_date}}} | {{{libgpg_error_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | [[../related_software/libgcrypt/index.org][Libgcrypt]] | {{{libgcrypt_ver}}} | {{{libgcrypt_date}}} | {{{libgcrypt_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | [[../related_software/libksba/index.org][Libksba]] | {{{libksba_ver}}} | {{{libksba_date}}} | {{{libksba_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libksba/libksba-{{{libksba_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libksba/libksba-{{{libksba_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | [[../related_software/libassuan/index.org][Libassuan]] | {{{libassuan_ver}}} | {{{libassuan_date}}} | {{{libassuan_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libassuan/libassuan-{{{libassuan_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libassuan/libassuan-{{{libassuan_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | [[../related_software/ntbtls/index.org][ntbTLS]] | {{{ntbtls_ver}}} | {{{ntbtls_date}}} | {{{ntbtls_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/ntbtls/ntbtls-{{{ntbtls_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/ntbtls/ntbtls-{{{ntbtls_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | [[../related_software/npth/index.org][nPth]] | {{{npth_ver}}} | {{{npth_date}}} | {{{npth_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/npth/npth-{{{npth_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/npth/npth-{{{npth_ver}}}.tar.bz2.sig{{{ftpclose}}} | + |--------------+------------------------+-------------------------+-------------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------| + | Pinentry | {{{pinentry_ver}}} | {{{pinentry_date}}} | {{{pinentry_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/pinentry/pinentry-{{{pinentry_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/pinentry/pinentry-{{{pinentry_ver}}}.tar.bz2.sig{{{ftpclose}}} | + |--------------+------------------------+-------------------------+-------------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------| + | [[../related_software/gpgme/index.org][GPGME]] | {{{gpgme_ver}}} | {{{gpgme_date}}} | {{{gpgme_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gpgme/gpgme-{{{gpgme_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gpgme/gpgme-{{{gpgme_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | [[../related_software/gpa/index.org][GPA]] | {{{gpa_ver}}} | {{{gpa_date}}} | {{{gpa_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gpa/gpa-{{{gpa_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gpa/gpa-{{{gpa_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | Dirmngr | {{{dirmngr_ver}}} | {{{dirmngr_date}}} | {{{dirmngr_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2.sig{{{ftpclose}}} | + |--------------+------------------------+-------------------------+-------------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------| {{{check_sig_note}}} diff --git a/web/download/integrity_check.org b/web/download/integrity_check.org index 9689ef6..35ae583 100644 --- a/web/download/integrity_check.org +++ b/web/download/integrity_check.org @@ -113,6 +113,7 @@ {{{libgcrypt_sha1}}} libgcrypt-{{{libgcrypt_ver}}}.tar.bz2 {{{libksba_sha1}}} libksba-{{{libksba_ver}}}.tar.bz2 {{{libassuan_sha1}}} libassuan-{{{libassuan_ver}}}.tar.bz2 + {{{ntbtls_sha1}}} ntbtls-{{{ntbtls_ver}}}.tar.bz2 {{{npth_sha1}}} npth-{{{npth_ver}}}.tar.bz2 {{{pinentry_sha1}}} pinentry-{{{pinentry_ver}}}.tar.bz2 {{{gpgme_sha1}}} gpgme-{{{gpgme_ver}}}.tar.bz2 diff --git a/web/related_software/libraries.org b/web/related_software/libraries.org index 6c963d0..1ed8b25 100644 --- a/web/related_software/libraries.org +++ b/web/related_software/libraries.org @@ -41,6 +41,7 @@ ** Other Libraries + - [[file:ntbtls/index.org][ntbTLS]] :: The Not Too Bad TLS Library. - [[file:swlist.org::#gnupg-for-java][gnupg-for-java]] :: Java binding for GPGME - [[file:swlist.org::#egd][EGD]] :: Entropy Gathering Daemon ----------------------------------------------------------------------- Summary of changes: web/download/index.org | 37 +++++++++++++++++++------------------ web/download/integrity_check.org | 1 + web/related_software/libraries.org | 1 + 3 files changed, 21 insertions(+), 18 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri Mar 17 10:36:04 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Fri, 17 Mar 2017 10:36:04 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-59-g6a3f857 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 6a3f857224eab108ae38e6259194b01b0ffdad8b (commit) via 38c955599f7c6c20faeec57d8e1df7d2c0eeba18 (commit) from 8c8ce8711d9c938fcb982b0341e6b052742cb887 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6a3f857224eab108ae38e6259194b01b0ffdad8b Author: Justus Winter Date: Thu Mar 16 17:18:01 2017 +0100 gpgscm: Simplify hash tables. * tests/gpgscm/scheme.c (oblist_add_by_name): We now always get a slot. Simplify accordingly. (oblist_find_by_name): Always return the slot. (vector_elem_slot): New function. (new_slot_spec_in_env): We now always get a slot. Remove parameter 'env'. Simplify accordingly. (find_slot_spec_in_env): Always return a slot. (new_slot_in_env): Adapt callsite. (opexe_0): Likewise. (opexe_1): Likewise. (scheme_define): Likewise. -- Now that the ill-devised immediate values framework is gone, there is no need to tag the pointers in vectors anymore. Therefore, we can always return a pointer to the slot in the hash table lookup functions. Signed-off-by: Justus Winter diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c index ff91fc0..b76e83c 100644 --- a/tests/gpgscm/scheme.c +++ b/tests/gpgscm/scheme.c @@ -224,6 +224,7 @@ INTERFACE INLINE int is_vector(pointer p) { return (type(p)==T_VECTOR); } * represent it. */ #define vector_size(len) (1 + ((len) - 1 + 2) / 3) INTERFACE static void fill_vector(pointer vec, pointer obj); +INTERFACE static pointer *vector_elem_slot(pointer vec, int ielem); INTERFACE static pointer vector_elem(pointer vec, int ielem); INTERFACE static pointer set_vector_elem(pointer vec, int ielem, pointer a); INTERFACE INLINE int is_number(pointer p) { return (type(p)==T_NUMBER); } @@ -1073,39 +1074,24 @@ static pointer oblist_initial_value(scheme *sc) /* Add a new symbol NAME at SLOT. SLOT must be obtained using * oblist_find_by_name, and no insertion must be done between * obtaining the SLOT and calling this function. Returns the new - * symbol. - * - * If SLOT is NULL, the new symbol is be placed at the appropriate - * place in the vector. */ + * symbol. */ static pointer oblist_add_by_name(scheme *sc, const char *name, pointer *slot) { #define oblist_add_by_name_allocates 3 pointer x; - int location; gc_disable(sc, gc_reservations (oblist_add_by_name)); x = immutable_cons(sc, mk_string(sc, name), sc->NIL); typeflag(x) = T_SYMBOL; setimmutable(car(x)); - - if (slot == NULL) { - location = hash_fn(name, vector_length(sc->oblist)); - set_vector_elem(sc->oblist, location, - immutable_cons(sc, x, vector_elem(sc->oblist, location))); - } else { - *slot = immutable_cons(sc, x, *slot); - } - + *slot = immutable_cons(sc, x, *slot); gc_enable(sc); return x; } /* Lookup the symbol NAME. Returns the symbol, or NIL if it does not * exist. In that case, SLOT points to the point where the new symbol - * is to be inserted. - * - * SLOT may be set to NULL if the new symbol should be placed at the - * appropriate place in the vector. */ + * is to be inserted. */ static INLINE pointer oblist_find_by_name(scheme *sc, const char *name, pointer **slot) { @@ -1115,7 +1101,7 @@ oblist_find_by_name(scheme *sc, const char *name, pointer **slot) int d; location = hash_fn(name, vector_length(sc->oblist)); - for (*slot = NULL, x = vector_elem(sc->oblist, location); + for (*slot = vector_elem_slot(sc->oblist, location), x = **slot; x != sc->NIL; *slot = &cdr(x), x = **slot) { s = symname(car(x)); /* case-insensitive, per R5RS section 2. */ @@ -1353,6 +1339,12 @@ INTERFACE static void fill_vector(pointer vec, pointer obj) { } } +INTERFACE static pointer *vector_elem_slot(pointer vec, int ielem) { + assert (is_vector (vec)); + assert (ielem < vector_length(vec)); + return &vec->_object._vector._elements[ielem]; +} + INTERFACE static pointer vector_elem(pointer vec, int ielem) { assert (is_vector (vec)); assert (ielem < vector_length(vec)); @@ -2636,11 +2628,8 @@ static void new_frame_in_env(scheme *sc, pointer old_env) /* Insert (VARIABLE, VALUE) at SSLOT. SSLOT must be obtained using * find_slot_spec_in_env, and no insertion must be done between - * obtaining SSLOT and the call to this function. - * - * If SSLOT is NULL, the new slot is put into the appropriate place in - * the environment vector. */ -static INLINE void new_slot_spec_in_env(scheme *sc, pointer env, + * obtaining SSLOT and the call to this function. */ +static INLINE void new_slot_spec_in_env(scheme *sc, pointer variable, pointer value, pointer *sslot) { @@ -2648,27 +2637,14 @@ static INLINE void new_slot_spec_in_env(scheme *sc, pointer env, pointer slot; gc_disable(sc, gc_reservations (new_slot_spec_in_env)); slot = immutable_cons(sc, variable, value); - - if (sslot == NULL) { - int location; - assert(is_vector(car(env))); - location = hash_fn(symname(variable), vector_length(car(env))); - - set_vector_elem(car(env), location, - immutable_cons(sc, slot, vector_elem(car(env), location))); - } else { - *sslot = immutable_cons(sc, slot, *sslot); - } + *sslot = immutable_cons(sc, slot, *sslot); gc_enable(sc); } /* Find the slot in ENV under the key HDL. If ALL is given, look in * all environments enclosing ENV. If the lookup fails, and SSLOT is * given, the position where the new slot has to be inserted is stored - * at SSLOT. - * - * SSLOT may be set to NULL if the new symbol should be placed at the - * appropriate place in the vector. */ + * at SSLOT. */ static pointer find_slot_spec_in_env(scheme *sc, pointer env, pointer hdl, int all, pointer **sslot) { @@ -2681,13 +2657,11 @@ find_slot_spec_in_env(scheme *sc, pointer env, pointer hdl, int all, pointer **s for (x = env; x != sc->NIL; x = cdr(x)) { if (is_vector(car(x))) { location = hash_fn(symname(hdl), vector_length(car(x))); - sl = NULL; - y = vector_elem(car(x), location); + sl = vector_elem_slot(car(x), location); } else { sl = &car(x); - y = *sl; } - for ( ; y != sc->NIL; sl = &cdr(y), y = *sl) { + for (y = *sl ; y != sc->NIL; sl = &cdr(y), y = *sl) { d = pointercmp(caar(y), hdl); if (d == 0) return car(y); /* Hit. */ @@ -2716,12 +2690,11 @@ static INLINE void new_frame_in_env(scheme *sc, pointer old_env) /* Insert (VARIABLE, VALUE) at SSLOT. SSLOT must be obtained using * find_slot_spec_in_env, and no insertion must be done between * obtaining SSLOT and the call to this function. */ -static INLINE void new_slot_spec_in_env(scheme *sc, pointer env, +static INLINE void new_slot_spec_in_env(scheme *sc, pointer variable, pointer value, pointer *sslot) { #define new_slot_spec_in_env_allocates 2 - (void) env; assert(is_symbol(variable)); *sslot = immutable_cons(sc, immutable_cons(sc, variable, value), *sslot); } @@ -2772,7 +2745,7 @@ static INLINE void new_slot_in_env(scheme *sc, pointer variable, pointer value) assert(is_symbol(variable)); slot = find_slot_spec_in_env(sc, sc->envir, variable, 0, &sslot); assert(slot == sc->NIL); - new_slot_spec_in_env(sc, sc->envir, variable, value, sslot); + new_slot_spec_in_env(sc, variable, value, sslot); } static INLINE void set_slot_in_env(scheme *sc, pointer slot, pointer value) @@ -3534,7 +3507,7 @@ static pointer opexe_0(scheme *sc, enum scheme_opcodes op) { if (x != sc->NIL) { set_slot_in_env(sc, x, sc->value); } else { - new_slot_spec_in_env(sc, sc->envir, sc->code, sc->value, sslot); + new_slot_spec_in_env(sc, sc->code, sc->value, sslot); } s_return(sc,sc->code); } @@ -3856,7 +3829,7 @@ static pointer opexe_1(scheme *sc, enum scheme_opcodes op) { if (x != sc->NIL) { set_slot_in_env(sc, x, sc->value); } else { - new_slot_spec_in_env(sc, sc->envir, sc->code, sc->value, sslot); + new_slot_spec_in_env(sc, sc->code, sc->value, sslot); } s_return(sc,sc->code); } @@ -5811,7 +5784,7 @@ void scheme_define(scheme *sc, pointer envir, pointer symbol, pointer value) { if (x != sc->NIL) { set_slot_in_env(sc, x, value); } else { - new_slot_spec_in_env(sc, envir, symbol, value, sslot); + new_slot_spec_in_env(sc, symbol, value, sslot); } } commit 38c955599f7c6c20faeec57d8e1df7d2c0eeba18 Author: Justus Winter Date: Thu Mar 16 16:58:00 2017 +0100 gpgscm: Remove framework for immediate values. * tests/gpgscm/scheme.c (IMMEDIATE_TAG): Remove macro. (is_immediate): Likewise. (set_immediate): Likewise. (clr_immediate): Likewise. (enum scheme_types): Set the LSB in every value. (fill_vector): Adapt. (vector_elem): Likewise. (set_vector_elem): Likewise. (mark): Likewise. (gc): Test for the LSB to tell typeflags apart from pointers stored in the same memory location. -- Supporting immediate values would require invasive changes to the interpreter and is likely not worth the trouble. On the other hand, tagging pointers in vectors complicated the hash table implementation needlessly. Therefore, I remove this again. This fixes a crash on big endian architectures. GnuPG-bug-id: 2996 Signed-off-by: Justus Winter diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c index af97c27..ff91fc0 100644 --- a/tests/gpgscm/scheme.c +++ b/tests/gpgscm/scheme.c @@ -117,41 +117,29 @@ static const char *strlwr(char *s) { -/* Support for immediate values. - * - * Immediate values are tagged with IMMEDIATE_TAG, which is neither - * used in types, nor in pointer values. - * - * XXX: Currently, we only use this to tag pointers in vectors. */ -#define IMMEDIATE_TAG 1 -#define is_immediate(p) ((pointer) ((uintptr_t) (p) & IMMEDIATE_TAG)) -#define set_immediate(p) ((pointer) ((uintptr_t) (p) | IMMEDIATE_TAG)) -#define clr_immediate(p) ((pointer) ((uintptr_t) (p) & ~IMMEDIATE_TAG)) - - - +/* All types have the LSB set. The garbage collector takes advantage + * of that to identify types. */ enum scheme_types { - T_STRING=1 << 1, /* Do not use the lsb, it is used for - * immediate values. */ - T_NUMBER=2 << 1, - T_SYMBOL=3 << 1, - T_PROC=4 << 1, - T_PAIR=5 << 1, - T_CLOSURE=6 << 1, - T_CONTINUATION=7 << 1, - T_FOREIGN=8 << 1, - T_CHARACTER=9 << 1, - T_PORT=10 << 1, - T_VECTOR=11 << 1, - T_MACRO=12 << 1, - T_PROMISE=13 << 1, - T_ENVIRONMENT=14 << 1, - T_FOREIGN_OBJECT=15 << 1, - T_BOOLEAN=16 << 1, - T_NIL=17 << 1, - T_EOF_OBJ=18 << 1, - T_SINK=19 << 1, - T_LAST_SYSTEM_TYPE=19 << 1 + T_STRING = 1 << 1 | 1, + T_NUMBER = 2 << 1 | 1, + T_SYMBOL = 3 << 1 | 1, + T_PROC = 4 << 1 | 1, + T_PAIR = 5 << 1 | 1, + T_CLOSURE = 6 << 1 | 1, + T_CONTINUATION = 7 << 1 | 1, + T_FOREIGN = 8 << 1 | 1, + T_CHARACTER = 9 << 1 | 1, + T_PORT = 10 << 1 | 1, + T_VECTOR = 11 << 1 | 1, + T_MACRO = 12 << 1 | 1, + T_PROMISE = 13 << 1 | 1, + T_ENVIRONMENT = 14 << 1 | 1, + T_FOREIGN_OBJECT = 15 << 1 | 1, + T_BOOLEAN = 16 << 1 | 1, + T_NIL = 17 << 1 | 1, + T_EOF_OBJ = 18 << 1 | 1, + T_SINK = 19 << 1 | 1, + T_LAST_SYSTEM_TYPE = 19 << 1 | 1 }; static const char * @@ -1361,20 +1349,20 @@ INTERFACE static void fill_vector(pointer vec, pointer obj) { size_t i; assert (is_vector (vec)); for(i = 0; i < vector_length(vec); i++) { - vec->_object._vector._elements[i] = set_immediate(obj); + vec->_object._vector._elements[i] = obj; } } INTERFACE static pointer vector_elem(pointer vec, int ielem) { assert (is_vector (vec)); assert (ielem < vector_length(vec)); - return clr_immediate(vec->_object._vector._elements[ielem]); + return vec->_object._vector._elements[ielem]; } INTERFACE static pointer set_vector_elem(pointer vec, int ielem, pointer a) { assert (is_vector (vec)); assert (ielem < vector_length(vec)); - vec->_object._vector._elements[ielem] = set_immediate(a); + vec->_object._vector._elements[ielem] = a; return a; } @@ -1576,7 +1564,7 @@ E2: setmark(p); if(is_vector(p)) { int i; for (i = 0; i < vector_length(p); i++) { - mark(clr_immediate(p->_object._vector._elements[i])); + mark(p->_object._vector._elements[i]); } } #if SHOW_ERROR_LINE @@ -1677,8 +1665,9 @@ static void gc(scheme *sc, pointer a, pointer b) { for (i = sc->last_cell_seg; i >= 0; i--) { p = sc->cell_seg[i] + CELL_SEGSIZE; while (--p >= sc->cell_seg[i]) { - if (typeflag(p) & IMMEDIATE_TAG) - continue; + if ((typeflag(p) & 1) == 0) + /* All types have the LSB set. This is not a typeflag. */ + continue; if (is_mark(p)) { clrmark(p); } else { ----------------------------------------------------------------------- Summary of changes: tests/gpgscm/scheme.c | 140 ++++++++++++++++++-------------------------------- 1 file changed, 51 insertions(+), 89 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Mar 17 12:56:20 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 17 Mar 2017 12:56:20 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-60-g69c521d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 69c521df422a6c9a6b0a93e45c9373a8b6ceb28e (commit) from 6a3f857224eab108ae38e6259194b01b0ffdad8b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 69c521df422a6c9a6b0a93e45c9373a8b6ceb28e Author: Werner Koch Date: Fri Mar 17 12:46:09 2017 +0100 dirmngr: Ignore warning alerts in the GNUTLS handshake. * dirmngr/http.c (send_request) [GNUTLS]: Don't bail out on warning alerts. -- GnuPG-bug-id: 2833 Signed-off-by: Werner Koch diff --git a/dirmngr/http.c b/dirmngr/http.c index 3adf6e5..04a30d6 100644 --- a/dirmngr/http.c +++ b/dirmngr/http.c @@ -1903,6 +1903,7 @@ send_request (http_t hd, const char *httphost, const char *auth, gnutls_transport_set_push_function (hd->session->tls_session, my_gnutls_write); + handshake_again: do { rc = gnutls_handshake (hd->session->tls_session); @@ -1918,10 +1919,15 @@ send_request (http_t hd, const char *httphost, const char *auth, alertno = gnutls_alert_get (hd->session->tls_session); alertstr = gnutls_alert_get_name (alertno); - log_info ("TLS handshake failed: %s (alert %d)\n", + log_info ("TLS handshake %s: %s (alert %d)\n", + rc == GNUTLS_E_WARNING_ALERT_RECEIVED + ? "warning" : "failed", alertstr, (int)alertno); if (alertno == GNUTLS_A_UNRECOGNIZED_NAME && server) log_info (" (sent server name '%s')\n", server); + + if (rc == GNUTLS_E_WARNING_ALERT_RECEIVED) + goto handshake_again; } else log_info ("TLS handshake failed: %s\n", gnutls_strerror (rc)); ----------------------------------------------------------------------- Summary of changes: dirmngr/http.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Mar 17 14:45:34 2017 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Fri, 17 Mar 2017 14:45:34 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-61-gb1106b4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via b1106b4d640325c60a7212a4a44e4f67c0e3312d (commit) from 69c521df422a6c9a6b0a93e45c9373a8b6ceb28e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b1106b4d640325c60a7212a4a44e4f67c0e3312d Author: Neal H. Walfield Date: Fri Mar 17 13:36:51 2017 +0100 gpg: Make sure the conflict set includes the current key. * g10/tofu.c (get_trust): Sanity check CONFLICT_SET after calling get_policy. If POLICY is 'auto' and the default policy is 'ask', make sure CONFLICT_SET includes the current key. -- Signed-off-by: Neal H. Walfield GnuPG-bug-id: 2959 Debian-bug-id: 854829 Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index 9d9d8df..f2bd0c5 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -2304,9 +2304,14 @@ build_conflict_set (tofu_dbs_t dbs, /* Return the effective policy for the binding - * (email has already been normalized) and any conflict information in - * *CONFLICT_SETP, if CONFLICT_SETP is not NULL. Returns - * _tofu_GET_POLICY_ERROR if an error occurs. + * (email has already been normalized). Returns + * _tofu_GET_POLICY_ERROR if an error occurs. Returns any conflict + * information in *CONFLICT_SETP if CONFLICT_SETP is not NULL and the + * returned policy is TOFU_POLICY_ASK (consequently, if there is a + * conflict, but the user set the policy to good *CONFLICT_SETP will + * empty). Note: as per build_conflict_set, which is used to build + * the conflict information, the conflict information includes the + * current user id as the first element of the linked list. * * This function registers the binding in the bindings table if it has * not yet been registered. @@ -2689,6 +2694,15 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk, policy = get_policy (dbs, pk, fingerprint, user_id, email, &conflict_set, now); + if (policy == TOFU_POLICY_ASK) + /* The conflict set should always contain at least one element: + * the current key. */ + log_assert (conflict_set); + else + /* If the policy is not TOFU_POLICY_ASK, then conflict_set will be + * NULL. */ + log_assert (! conflict_set); + /* If the key is ultimately trusted, there is nothing to do. */ { u32 kid[2]; @@ -2710,6 +2724,14 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk, " auto (default: %s).\n", fingerprint, email, tofu_policy_str (opt.tofu_default_policy)); + + if (policy == TOFU_POLICY_ASK) + /* The default policy is ASK, but there is no conflict (policy + * was 'auto'). In this case, we need to make sure the + * conflict set includes at least the current user id. */ + { + add_to_strlist (&conflict_set, fingerprint); + } } switch (policy) { ----------------------------------------------------------------------- Summary of changes: g10/tofu.c | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Mar 17 16:24:35 2017 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Fri, 17 Mar 2017 16:24:35 +0100 Subject: [git] NTBTLS - branch, master, updated. ntbtls-0.1.1-2-g455fbea Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Not Too Bad TLS". The branch, master has been updated via 455fbea598c528c17f6a961dbe52414fc845c0d9 (commit) from 06bb9a836981e48c2e6939fb21480d97253a4588 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 455fbea598c528c17f6a961dbe52414fc845c0d9 Author: Andre Heinecke Date: Fri Mar 17 16:21:34 2017 +0100 Include KSBA includedir while compiling * src/Makefile.am (AM_CFLAGS): Include libksba -- This fixes the build if libksba's prefix differs from gpg-error's. Signed-off-by: Andre Heinecke diff --git a/src/Makefile.am b/src/Makefile.am index 23100d0..8e8b63d 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -29,7 +29,7 @@ m4datadir = $(datadir)/aclocal m4data_DATA = ntbtls.m4 AM_CPPFLAGS = -AM_CFLAGS = $(GPG_ERROR_CFLAGS) +AM_CFLAGS = $(GPG_ERROR_CFLAGS) $(KSBA_CFLAGS) if HAVE_LD_VERSION_SCRIPT libntbtls_version_script_cmd = -Wl,--version-script=$(srcdir)/libntbtls.vers ----------------------------------------------------------------------- Summary of changes: src/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- Not Too Bad TLS http://git.gnupg.org From cvs at cvs.gnupg.org Fri Mar 17 16:50:42 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 17 Mar 2017 16:50:42 +0100 Subject: [git] gnupg-doc - branch, master, updated. 25d26636a349ade08fbdcd49e43d932f6d3cd421 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 25d26636a349ade08fbdcd49e43d932f6d3cd421 (commit) from 8fb348cca439d2bd1e6de497bada167dded7a1ea (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 25d26636a349ade08fbdcd49e43d932f6d3cd421 Author: Werner Koch Date: Fri Mar 17 16:47:28 2017 +0100 web: Prepare gpgweb.el for emacs24 and use with webbuilder diff --git a/web/share/gpgweb.el b/web/share/gpgweb.el index fb62267..920df25 100644 --- a/web/share/gpgweb.el +++ b/web/share/gpgweb.el @@ -1,6 +1,7 @@ ;;; gpgweb.el --- elisp helper code for the GnuPG web pages -(require 'org-exp) +(if (< (string-to-number emacs-version) 24) + (require 'org-exp)) ;; makeindex disabled because the generated file is created in the ;; source directory. @@ -296,7 +297,7 @@ HTMLFILE is HTML file name and COMMITTED-AT is the commit date string of the source file or nil if not available." (let ((srcfile (concat "https://git.gnupg.org/cgi-bin/gitweb.cgi?" "p=gnupg-doc.git;a=blob;f=" - (if blogmode "misc/blog.gnupg.org" "web") + (if blogmode "misc/blog.gnupg.org/" "web/") ;; The replace below is a hack to cope with ;; blogmode where HTMLFILE is like "./foo.html". (replace-regexp-in-string @@ -364,7 +365,7 @@ string of the source file or nil if not available." (prog1 (with-current-buffer work-buffer (let ((fname (file-name-nondirectory htmlfile)) (fname-2 (replace-regexp-in-string - ".*/gpgweb-stage\\(/.*\\)$" "\\1" htmlfile t)) + ".*/gpgweb-stage/\\(.*\\)$" "\\1" htmlfile t)) (title (org-publish-find-title orgfile))) ;; Insert header, menu, and footer. (gpgweb-insert-header title committed-at) ----------------------------------------------------------------------- Summary of changes: web/share/gpgweb.el | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri Mar 17 19:35:25 2017 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Fri, 17 Mar 2017 19:35:25 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-62-gfb9d68d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via fb9d68d636490ca88925051f48b08963c324aed1 (commit) from b1106b4d640325c60a7212a4a44e4f67c0e3312d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fb9d68d636490ca88925051f48b08963c324aed1 Author: Neal H. Walfield Date: Fri Mar 17 19:31:09 2017 +0100 tests: Add test for issue 2959. * tests/openpgp/tofu.scm: Add test for --tofu-default-policy=ask. Signed-off-by: Neal H. Walfield diff --git a/tests/openpgp/tofu.scm b/tests/openpgp/tofu.scm index f4eab41..aeeef07 100755 --- a/tests/openpgp/tofu.scm +++ b/tests/openpgp/tofu.scm @@ -120,6 +120,7 @@ (checktrust "1C005AF3" "f" '--tofu-default-policy=good) (checktrust "1C005AF3" "-" '--tofu-default-policy=unknown) (checktrust "1C005AF3" "n" '--tofu-default-policy=bad) +(checktrust "1C005AF3" "q" '--tofu-default-policy=ask) ;; Change the policy to something other than auto and make sure the ;; policy and the trust are correct. ----------------------------------------------------------------------- Summary of changes: tests/openpgp/tofu.scm | 1 + 1 file changed, 1 insertion(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Mar 17 20:50:26 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 17 Mar 2017 20:50:26 +0100 Subject: [git] gnupg-doc - branch, master, updated. 0ef14cc5af1cdd690b77f98f2087e71ed44979a0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 0ef14cc5af1cdd690b77f98f2087e71ed44979a0 (commit) from 25d26636a349ade08fbdcd49e43d932f6d3cd421 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0ef14cc5af1cdd690b77f98f2087e71ed44979a0 Author: Werner Koch Date: Fri Mar 17 20:47:06 2017 +0100 web: Allow building from a read-only git working dir. * web/share/gpgweb.el (gpgweb-publish-find-title): New. (gpgweb-postprocess-html): Use it here. diff --git a/web/share/gpgweb.el b/web/share/gpgweb.el index 920df25..03f9e8f 100644 --- a/web/share/gpgweb.el +++ b/web/share/gpgweb.el @@ -347,17 +347,43 @@ string of the source file or nil if not available." "))) -;;; Post-process the generated HTML file: -;;; -;;; - Insert header and footer -;;; - Insert "class=selected" into the active menu entry -;;; - Fixup sitemap. -;;; -;;; If blogmode is not nil the output is rendered as a blog. BLOGMODE -;;; may then contain an ordered list of org file names which are used -;;; to create the previous and Next links for an entry. -;;; +(defun gpgweb-publish-find-title (file &optional reset) + "Find the title of FILE in project. +This is a copy of org-publish-find-title which switches the +buffer into read-write mode so that it works with read-only files." + (or + (and (not reset) (org-publish-cache-get-file-property file :title nil t)) + (let* ((org-inhibit-startup t) + (visiting (find-buffer-visiting file)) + (buffer (or visiting (find-file-noselect file)))) + (with-current-buffer buffer + (toggle-read-only 0) + (let ((title + (let ((property + (plist-get + ;; protect local variables in open buffers + (if visiting + (org-export-with-buffer-copy (org-export-get-environment)) + (org-export-get-environment)) + :title))) + (if property + (org-no-properties (org-element-interpret-data property)) + (file-name-nondirectory (file-name-sans-extension file)))))) + (unless visiting (kill-buffer buffer)) + (org-publish-cache-set-file-property file :title title) + title))))) + + (defun gpgweb-postprocess-html (plist orgfile htmlfile blogmode) + "Post-process the generated HTML file + + - Insert header and footer + - Insert \"class=selected\" into the active menu entry + - Fixup sitemap. + +If blogmode is not nil the output is rendered as a blog. BLOGMODE +may then contain an ordered list of org file names which are used +to create the previous and Next links for an entry." (let* ((visitingp (find-buffer-visiting htmlfile)) (work-buffer (or visitingp (find-file-noselect htmlfile))) (committed-at (shell-command-to-string @@ -366,7 +392,7 @@ string of the source file or nil if not available." (let ((fname (file-name-nondirectory htmlfile)) (fname-2 (replace-regexp-in-string ".*/gpgweb-stage/\\(.*\\)$" "\\1" htmlfile t)) - (title (org-publish-find-title orgfile))) + (title (gpgweb-publish-find-title orgfile))) ;; Insert header, menu, and footer. (gpgweb-insert-header title committed-at) (gpgweb-insert-menu fname-2) @@ -406,21 +432,17 @@ string of the source file or nil if not available." (unless visitingp (kill-buffer work-buffer)))))) -;;; -;;; The publishing function used by the HTML exporter -;;; (defun gpgweb-org-to-html (plist filename pub-dir) + "The publishing function used by the HTML exporter" (gpgweb-postprocess-html plist filename (org-gpgweb-publish-to-html plist filename pub-dir) nil)) -;;; -;;; Turn the current buffer which has an org-mode blog entry into its -;;; rendered form and save it with the suffix .html. -;;; (defun gpgweb-render-blog (&optional filelist) + "Turn the current buffer which has an org-mode blog entry into its +rendered form and save it with the suffix .html." (interactive) (let* ((extplist '(:language "en" :section-numbers nil @@ -432,10 +454,8 @@ string of the source file or nil if not available." (gpgweb-postprocess-html plist orgfile htmlfile (if filelist filelist t)))) -;;; -;;; Publish all blog entries in the current directory -;;; (defun gpgweb-publish-blogs () + "Publish all blog entries in the current directory" (interactive) (let ((orgfiles (directory-files "." nil "^2[0-9]+-.*\.org$"))) (dolist (file (cons "index.org" orgfiles)) @@ -448,11 +468,9 @@ string of the source file or nil if not available." (kill-buffer work-buffer)))))) -;;; -;;; We don't do an upload directly. Instead we only print the -;;; commands to do that. In reality a cron jobs syncs the stage dir. -;;; (defun gpgweb-upload () + "We don't do an upload directly. Instead we only print the +commands to do that. In reality a cron jobs syncs the stage dir." (let ((stagedir (plist-get project-plist :publishing-directory))) (message "gpgweb rootdir '%s'" gpgweb-root-dir) (message "gpgweb stagedir '%s'" stagedir) ----------------------------------------------------------------------- Summary of changes: web/share/gpgweb.el | 68 +++++++++++++++++++++++++++++++++-------------------- 1 file changed, 43 insertions(+), 25 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri Mar 17 21:14:04 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 17 Mar 2017 21:14:04 +0100 Subject: [git] gnupg-doc - branch, master, updated. cbd32ab27da9d5841dcc4007fe6078024ce9446a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via cbd32ab27da9d5841dcc4007fe6078024ce9446a (commit) from 0ef14cc5af1cdd690b77f98f2087e71ed44979a0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cbd32ab27da9d5841dcc4007fe6078024ce9446a Author: Werner Koch Date: Fri Mar 17 21:10:26 2017 +0100 tools: Update the web build tools. diff --git a/tools/build-website.sh b/tools/build-website.sh index 805970a..3bdaa7f 100755 --- a/tools/build-website.sh +++ b/tools/build-website.sh @@ -1,19 +1,84 @@ #!/bin/sh +# Build the gnupg.org website from a git working directory. +# This script requires two users +# webbuilder - the user to run this script +# webbuild-x - the user used by this script to run emacs +# A certain directory layout is required with permissions setup +# so that the webbuild-x has only write access to the stage area +# and to its own home directory. The scripts checks the permissions. +# +# These cronjobs are required: +# --8<---------------cut here---------------start------------->8--- +# # Pull the master branch of the web pages +# */20 * * * * cd /home/webbuilder/gnupg-doc && git pull -q origin master +# +# # In case of race conditions we try to build every few ours again. +# 35 */7 * * * /home/webbuilder/bin/build-website.sh --cron +# --8<---------------cut here---------------end--------------->8--- +# set -e pgm=build-website.sh -root_dir="$(pwd)/gnupg-doc/web" -stage_dir="$(pwd)/gpgweb-stage" +mainuser=webbuilder +workuser=webbuild-x -if [ ! -d "${root_dir}" ]; then - echo "$pgm: directory '${root_dir}' missing" >&2; +# We use a fixed HOME so that this script can be run here from other +# accounts. +HOME=$(awk &2; exit 1 fi -if [ ! -d "${stage_dir}" ]; then - echo "$pgm: directory '${stage_dir}' missing" >&2; + +reponame=gnupg-doc + +workuser_dir=$HOME/${workuser} +log_dir="$HOME/log" +root_dir="$HOME/${reponame}/web" +stage_dir="$HOME/gpgweb-stage" +LOCKFILE="${log_dir}/${reponame}.lock" + +if [ x"$1" = x"--git" ]; then + shift + exec >>${log_dir}/"$reponame".log 2>&1 + echo "$(date -u -Iseconds) gpgweb site build was git triggered" +elif [ x"$1" = x"--cron" ]; then + shift + exec >>${log_dir}/"$reponame".log 2>&1 + echo "$(date -u -Iseconds) gpgweb site build was cron triggered" +fi + +if ! id $workuser >/dev/null 2>&1 ; then + echo "$pgm: sudo user '${workuser}' not available" >&2; exit 1 fi + +# Check directories +for f in "${workuser_dir}" "${root_dir}" "${stage_dir}"; do + if [ ! -d "$f" ]; then + echo "$pgm: directory '$f' missing" >&2; + exit 1 + fi +done +want="2775:${workuser}:${mainuser}" +for f in "${workuser_dir}" "${stage_dir}"; do + x=$(stat -c '%a:%U:%G' "$f") + if [ x"$x" != x"$want" ]; then + echo "$pgm: directory '$f' has wrong permissions" >&2 + echo "$pgm: want: $want" >&2 + echo "$pgm: have: $x" >&2 + exit 1 + fi +done + +# Take a lock +if ! lockfile -l 7200 -r 2 $LOCKFILE; then + echo "$pgm: another instance is still running" >&2 + exit 0 +fi +trap "rm -f $LOCKFILE" 0 + cd "${root_dir}" rev="$(git rev-parse --verify HEAD)" @@ -21,22 +86,20 @@ if [ -z "$rev" ]; then echo "$pgm: No git revision found" >&2; exit 1 fi -revlast="$(head -1 ${stage_dir}/.revlast 2>/dev/null || true)" +revlast="$(head -1 ${log_dir}/${reponame}.revlast 2>/dev/null || true)" if [ x"$rev" = x"$revlast" ]; then echo "$pgm: No need to build" >&2; exit 0 fi -echo "========================================================" -echo "gpgweb site building started on $(date -u -Iseconds)" -echo "========================================================" +echo "$(date -u -Iseconds) gpgweb site build started" +echo "==================================================" -emacs23 -q --batch \ +sudo -u webbuild-x emacs24 -q --batch \ --eval "(require 'assoc)" \ --eval "(require 'org)" \ --eval "(setq make-backup-files nil)" \ - --eval "(setq vc-handled-backends nil)" \ --eval "(setq gpgweb-root-dir \"${root_dir}/\")" \ --eval "(setq gpgweb-stage-dir \"${stage_dir}/\")" \ --eval "(require 'gpgweb (concat gpgweb-root-dir \"share/gpgweb.el\"))" \ @@ -45,11 +108,10 @@ emacs23 -q --batch \ --eval "(setq org-export-html-coding-system 'utf-8)" \ --eval "(gpgweb-setup-project)" \ --eval "(org-publish-initialize-cache \"gpgweb\")" \ - --eval "(setq debug-on-error nil)" \ + --eval "(message \"root=(%s)\" gpgweb-root-dir)" \ --eval "(org-publish \"gpgweb\" t nil)" -echo "$rev" > ${stage_dir}/.revlast +echo "$rev" > ${log_dir}/${reponame}.revlast -echo "=========================================================" -echo "gpgweb site building finished on $(date -u -Iseconds)" -echo "=========================================================" +echo "===================================================" +echo "$(date -u -Iseconds) gpgweb site build finished" diff --git a/tools/trigger-website-build b/tools/trigger-website-build new file mode 100644 index 0000000..b0c5ae2 --- /dev/null +++ b/tools/trigger-website-build @@ -0,0 +1,12 @@ +#!/bin/sh +# This is a post-merge hook to trigger building +# gnupg.org + +reponame=$(git rev-parse --show-toplevel | sed s,.*/,,) + +unset $(git rev-parse --local-env-vars) + +if [ x"$reponame" = x"gnupg-doc" ]; then + exec $HOME/bin/build-website.sh --git & +fi +exit 0 ----------------------------------------------------------------------- Summary of changes: tools/build-website.sh | 96 +++++++++++++++++++++++++++++++++++++-------- tools/trigger-website-build | 12 ++++++ 2 files changed, 91 insertions(+), 17 deletions(-) create mode 100644 tools/trigger-website-build hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Sat Mar 18 13:34:13 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 18 Mar 2017 13:34:13 +0100 Subject: [git] gnupg-doc - branch, master, updated. bff6c6ef52207b013e6966564f4845ffc31e4085 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via bff6c6ef52207b013e6966564f4845ffc31e4085 (commit) from cbd32ab27da9d5841dcc4007fe6078024ce9446a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit bff6c6ef52207b013e6966564f4845ffc31e4085 Author: Werner Koch Date: Sat Mar 18 13:29:41 2017 +0100 web: Let build-website.sh also update the blogs diff --git a/misc/blog.gnupg.org/update-index.sh b/misc/blog.gnupg.org/update-index.sh new file mode 100644 index 0000000..7e48dc6 --- /dev/null +++ b/misc/blog.gnupg.org/update-index.sh @@ -0,0 +1,67 @@ +#!/bin/sh +# Insert the ctual index into index.html + +pgm=update-index.sh + +if [ ! -f index.html ]; then + echo "$pgm: blog.gnupg.org/index.html has not been build" >&2 + exit 1 +fi + +# Find all rendered HTML files but skip possible translated versions. +find . -maxdepth 1 -type f -name "20*.html" -print \ + | grep -v '\.[a-z][a-z].html$' | sort -r >index.tmp +newest=$(head -1 index.tmp) + +# Extract the head lines +: >index.headlines.tmp +cat index.tmp | while read fname; do + echo -n "${fname#./}|" >>index.headlines.tmp + sed -n '/^

]*>\(.*\)

,\1,p;q}' \ + $fname >>index.headlines.tmp +done + +# Update the index file +awk -F: index.tmp \ + -v newest=${newest#./} ' + // {indon=1; print; insertnewest() } + // {indon=0} + // {indon=1; print; insertindex() } + // {indon=0} + !indon { print } + + function insertnewest () { + inblog = 0 + while (getline < newest) { + if (match ($0, /^
/)) { inblog = 1; continue; } + if (match ($0, /^<\/main>/)) { inblog = 0; break; } + if (! inblog) { continue } + if (match ($0, /^
/)) { continue; } + if (match ($0, /^<\/div>/)) { continue; } + print $0 + } + close(newest) + } + + function insertindex (tag) { + file = "index.headlines.tmp"; + print "" + close (file) + } + ' +if ! mv index.tmp index.html ; then + echo "$pgm: error updating blog index" >&2 + exit 1 +fi + +# FIXME: Create a feed file + +# Rename headlines file +mv index.headlines.tmp headlines.txt + +exit 0 diff --git a/misc/blog.gnupg.org/upload b/misc/blog.gnupg.org/upload deleted file mode 100755 index e72979f..0000000 --- a/misc/blog.gnupg.org/upload +++ /dev/null @@ -1,101 +0,0 @@ -#!/bin/sh - -set -e - -opt_upload=yes -if [ x"$1" = x"--no-upload" ]; then - opt_upload=no -fi - - -if [ "$(pwd | awk -F/ '{print $NF}')" != "blog.gnupg.org" ]; then - echo "upload: not invoked from the blog.gnupg.org directory" >&2; - exit 1 -fi - -echo "upload: Rendering entries" >&2 -# We need to initialize that org cache to use our own publish function -# despite that we do not use any org-publish feature -emacs23 --batch \ - --eval "(require 'assoc)" \ - --eval "(require 'org)" \ - --eval "(setq gpgweb-root-dir \"$(cd ../../web && pwd)/\")" \ - --eval "(setq gpgweb-stage-dir \"$(cd ../../stage && pwd)/\")" \ - --eval "(require 'gpgweb (concat gpgweb-root-dir \"share/gpgweb.el\"))" \ - --eval "(setq org-publish-use-timestamps-flag nil)" \ - --eval "(setq org-export-html-toplevel-hlevel 1)" \ - --eval "(setq org-export-html-coding-system 'utf-8)" \ - --eval "(gpgweb-setup-project)" \ - --eval "(org-publish-initialize-cache \"gpgweb\")" \ - --eval "(gpgweb-publish-blogs)" - -if [ ! -f index.html ]; then - echo "upload: index.html has not yet been build" >&2; - exit 1 -fi - -# Find all rendered HTML files but skip possible translated versions. -find . -maxdepth 1 -type f -name "20*.html" -print \ - | grep -v '\.[a-z][a-z].html$' | sort -r >index.tmp -newest=$(head -1 index.tmp) - -# Extract the head lines -: >index.headlines.tmp -cat index.tmp | while read fname; do - echo -n "${fname#./}|" >>index.headlines.tmp - sed -n '/^

]*>\(.*\)

,\1,p;q}' \ - $fname >>index.headlines.tmp -done - -# Update the index file -echo "upload: Updating index.html" >&2 -awk -F: index.tmp \ - -v newest=${newest#./} ' - // {indon=1; print; insertnewest() } - // {indon=0} - // {indon=1; print; insertindex() } - // {indon=0} - !indon { print } - - function insertnewest () { - inblog = 0 - while (getline < newest) { - if (match ($0, /^
/)) { inblog = 1; continue; } - if (match ($0, /^<\/main>/)) { inblog = 0; break; } - if (! inblog) { continue } - if (match ($0, /^
/)) { continue; } - if (match ($0, /^<\/div>/)) { continue; } - print $0 - } - close(newest) - } - - function insertindex (tag) { - file = "index.headlines.tmp"; - print "
    " - while (getline < file) { - split($0, a, "|") - printf "
  • %s\n", a[1], a[2]; - } - print "
" - close (file) - } - ' -mv index.tmp index.html || echo "upload: error updating index.html" >&2 - -# Update the feed file -echo "upload: Updating feed file" >&2 - - - -# Rename headlines file -mv index.headlines.tmp headlines.txt - -if [ $opt_upload = yes ]; then - echo "upload: Uploading files" >&2 - rsync -vr --links --exclude '*~' --exclude upload --exclude '*tmp' \ - --exclude '*.org' \ - . werner at trithemius.gnupg.org:/var/www/www/www.gnupg.org/misc/blog/ -fi - -#eof diff --git a/tools/build-website.sh b/tools/build-website.sh index 3bdaa7f..521ae46 100755 --- a/tools/build-website.sh +++ b/tools/build-website.sh @@ -1,13 +1,19 @@ #!/bin/sh # Build the gnupg.org website from a git working directory. +# # This script requires two users +# # webbuilder - the user to run this script # webbuild-x - the user used by this script to run emacs +# # A certain directory layout is required with permissions setup # so that the webbuild-x has only write access to the stage area -# and to its own home directory. The scripts checks the permissions. +# and to its own home directory. The script checks the permissions. +# +# The trigger-website-build scripts is expected to be installed +# as git post-merge hook. # -# These cronjobs are required: +# These cronjobs are required for user webbuilder: # --8<---------------cut here---------------start------------->8--- # # Pull the master branch of the web pages # */20 * * * * cd /home/webbuilder/gnupg-doc && git pull -q origin master @@ -16,6 +22,12 @@ # 35 */7 * * * /home/webbuilder/bin/build-website.sh --cron # --8<---------------cut here---------------end--------------->8--- # +# /etc/sudoers needs this: +# --8<---------------cut here---------------start------------->8--- +# # Let webbuilder run any command as user webbuild-x +# webbuilder ALL = (webbuild-x) NOPASSWD: ALL +# --8<---------------cut here---------------end--------------->8--- +# set -e @@ -35,8 +47,8 @@ reponame=gnupg-doc workuser_dir=$HOME/${workuser} log_dir="$HOME/log" -root_dir="$HOME/${reponame}/web" -stage_dir="$HOME/gpgweb-stage" +root_dir="$HOME/${reponame}" +stage_dir="$HOME/${reponame}-stage" LOCKFILE="${log_dir}/${reponame}.lock" if [ x"$1" = x"--git" ]; then @@ -72,36 +84,47 @@ for f in "${workuser_dir}" "${stage_dir}"; do fi done -# Take a lock +cd "${root_dir}" + +# +# Take a lock so that only one instacne of this script runs. +# if ! lockfile -l 7200 -r 2 $LOCKFILE; then echo "$pgm: another instance is still running" >&2 exit 0 fi trap "rm -f $LOCKFILE" 0 -cd "${root_dir}" -rev="$(git rev-parse --verify HEAD)" +# +# Build main part +# +subdir=web + +revlastfile="${log_dir}/${reponame}.$(echo $subdir | tr / _).revlast" +buildlog="${log_dir}/${reponame}.$(echo $subdir | tr / _).log" +rev="$(git rev-parse --verify HEAD:$subdir)" if [ -z "$rev" ]; then echo "$pgm: No git revision found" >&2; exit 1 fi -revlast="$(head -1 ${log_dir}/${reponame}.revlast 2>/dev/null || true)" +revlast="$(head -1 ${revlastfile} 2>/dev/null || true)" if [ x"$rev" = x"$revlast" ]; then - echo "$pgm: No need to build" >&2; - exit 0 -fi + echo "$pgm: No need to build $subdir" >&2; +else + echo "$(date -u -Iseconds) build started for $subdir" | tee ${buildlog} -echo "$(date -u -Iseconds) gpgweb site build started" -echo "==================================================" + if [ ! -d ${stage_dir}/${subdir} ]; then + sudo -u webbuild-x mkdir ${stage_dir}/${subdir} + fi -sudo -u webbuild-x emacs24 -q --batch \ + sudo 2>>${buildlog} -u webbuild-x emacs24 -q --batch \ --eval "(require 'assoc)" \ --eval "(require 'org)" \ --eval "(setq make-backup-files nil)" \ - --eval "(setq gpgweb-root-dir \"${root_dir}/\")" \ - --eval "(setq gpgweb-stage-dir \"${stage_dir}/\")" \ + --eval "(setq gpgweb-root-dir \"${root_dir}/${subdir}/\")" \ + --eval "(setq gpgweb-stage-dir \"${stage_dir}/${subdir}/\")" \ --eval "(require 'gpgweb (concat gpgweb-root-dir \"share/gpgweb.el\"))" \ --eval "(setq org-publish-use-timestamps-flag nil)" \ --eval "(setq org-export-html-toplevel-hlevel 1)" \ @@ -111,7 +134,83 @@ sudo -u webbuild-x emacs24 -q --batch \ --eval "(message \"root=(%s)\" gpgweb-root-dir)" \ --eval "(org-publish \"gpgweb\" t nil)" -echo "$rev" > ${log_dir}/${reponame}.revlast + echo "$rev" > ${revlastfile} + + echo "$(date -u -Iseconds) build finished for $subdir" | tee -a ${buildlog} +fi + + +# +# Build blogs +# +subdir=misc/blog.gnupg.org + +revlastfile="${log_dir}/${reponame}.$(echo $subdir | tr / _).revlast" +buildlog="${log_dir}/${reponame}.$(echo $subdir | tr / _).log" +rev="$(git rev-parse --verify HEAD:$subdir)" +if [ -z "$rev" ]; then + echo "$pgm: No git revision found" >&2; + exit 1 +fi +revlast="$(head -1 ${revlastfile} 2>/dev/null || true)" +if [ x"$rev" = x"$revlast" ]; then + echo "$pgm: No need to build $subdir" >&2; +else + + echo "$(date -u -Iseconds) build started for $subdir" | tee ${buildlog} + + if [ ! -d ${stage_dir}/${subdir} ]; then + sudo -u webbuild-x mkdir -p ${stage_dir}/${subdir} + fi + cd ${stage_dir}/${subdir} + + # We need to initialize that org cache to use our own publish function + # despite that we do not use any org-publish feature + echo "$pgm: Rendering blogs" >&2 + sudo 2>>${buildlog} -u webbuild-x emacs24 -q --batch \ + --eval "(require 'assoc)" \ + --eval "(require 'org)" \ + --eval "(setq gpgweb-root-dir \"${root_dir}/web/\")" \ + --eval "(setq gpgweb-blog-dir \"${root_dir}/${subdir}/\")" \ + --eval "(setq gpgweb-stage-dir \"${stage_dir}/${subdir}/\")" \ + --eval "(require 'gpgweb (concat gpgweb-root-dir \"share/gpgweb.el\"))" \ + --eval "(setq org-publish-use-timestamps-flag nil)" \ + --eval "(setq org-export-html-toplevel-hlevel 1)" \ + --eval "(setq org-export-html-coding-system 'utf-8)" \ + --eval "(gpgweb-setup-project)" \ + --eval "(org-publish-initialize-cache \"gpgweb\")" \ + --eval "(message \"root=(%s)\" gpgweb-root-dir)" \ + --eval "(gpgweb-publish-blogs)" + + echo "$pgm: Updating blog index" >&2 + indexcreator="${root_dir}/${subdir}/update-index.sh" + if [ ! -f $indexcreator ]; then + echo "$pgm: $indexcreator not found" >&2 + exit 1 + fi + sudo -u webbuild-x ${indexcreator} + + echo "$rev" > ${revlastfile} + + echo "$(date -u -Iseconds) build finished for $subdir" | tee -a ${buildlog} + +fi + + +# +# Sync to the webspace +# +cd "${root_dir}" + + +# +# Print warnings when the scripts are out of date +# (For security reasons the scripts need to be installed manually.) +# +for f in trigger-website-build build-website.sh ; do + if cmp -s tools/$f ${HOME}/bin/$f ; then + echo "$pgm: Warning: A newer version of $f is available" >&2; + fi +done -echo "===================================================" -echo "$(date -u -Iseconds) gpgweb site build finished" +exit 0 diff --git a/web/share/gpgweb.el b/web/share/gpgweb.el index 03f9e8f..cd6163a 100644 --- a/web/share/gpgweb.el +++ b/web/share/gpgweb.el @@ -297,7 +297,7 @@ HTMLFILE is HTML file name and COMMITTED-AT is the commit date string of the source file or nil if not available." (let ((srcfile (concat "https://git.gnupg.org/cgi-bin/gitweb.cgi?" "p=gnupg-doc.git;a=blob;f=" - (if blogmode "misc/blog.gnupg.org/" "web/") + (if blogmode "misc/blog.gnupg.org" "web/") ;; The replace below is a hack to cope with ;; blogmode where HTMLFILE is like "./foo.html". (replace-regexp-in-string @@ -334,7 +334,7 @@ string of the source file or nil if not available." >\"CC-BY-SA  These web pages are - Copyright 1998--2015 The GnuPG Project and licensed under a + Copyright 1998--2017 The GnuPG Project and licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License. See copying for details. @@ -387,11 +387,14 @@ to create the previous and Next links for an entry." (let* ((visitingp (find-buffer-visiting htmlfile)) (work-buffer (or visitingp (find-file-noselect htmlfile))) (committed-at (shell-command-to-string - (concat "git log -1 --format='%ci' -- " orgfile)))) + (concat "git" + (if blogmode (concat " -C " gpgweb-blog-dir)) + " log -1 --format='%ci' -- " orgfile)))) (prog1 (with-current-buffer work-buffer (let ((fname (file-name-nondirectory htmlfile)) (fname-2 (replace-regexp-in-string - ".*/gpgweb-stage/\\(.*\\)$" "\\1" htmlfile t)) + ".*/gnupg-doc-stage/web/\\(.*\\)$" "\\1" + htmlfile t)) (title (gpgweb-publish-find-title orgfile))) ;; Insert header, menu, and footer. (gpgweb-insert-header title committed-at) @@ -457,11 +460,14 @@ rendered form and save it with the suffix .html." (defun gpgweb-publish-blogs () "Publish all blog entries in the current directory" (interactive) - (let ((orgfiles (directory-files "." nil "^2[0-9]+-.*\.org$"))) + (let ((orgfiles (directory-files gpgweb-blog-dir nil "^2[0-9]+-.*\.org$"))) (dolist (file (cons "index.org" orgfiles)) - (let* ((visitingp (find-buffer-visiting file)) - (work-buffer (or visitingp (find-file-noselect file)))) + (let* ((file2 (concat gpgweb-blog-dir file)) + (visitingp (find-buffer-visiting file2)) + (work-buffer (or visitingp (find-file-noselect file2)))) (with-current-buffer work-buffer + (setq default-directory gpgweb-stage-dir) + (toggle-read-only 0) (gpgweb-render-blog orgfiles) (basic-save-buffer)) (unless visitingp ----------------------------------------------------------------------- Summary of changes: misc/blog.gnupg.org/update-index.sh | 67 ++++++++++++++++++ misc/blog.gnupg.org/upload | 101 -------------------------- tools/build-website.sh | 137 +++++++++++++++++++++++++++++++----- web/share/gpgweb.el | 20 ++++-- 4 files changed, 198 insertions(+), 127 deletions(-) create mode 100644 misc/blog.gnupg.org/update-index.sh delete mode 100755 misc/blog.gnupg.org/upload hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Sat Mar 18 13:48:27 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 18 Mar 2017 13:48:27 +0100 Subject: [git] gnupg-doc - branch, master, updated. 3d21081d17122deaf510e124cce71479dee8acf0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 3d21081d17122deaf510e124cce71479dee8acf0 (commit) from bff6c6ef52207b013e6966564f4845ffc31e4085 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3d21081d17122deaf510e124cce71479dee8acf0 Author: Werner Koch Date: Sat Mar 18 13:43:38 2017 +0100 blog: Make update-index.sh executable diff --git a/misc/blog.gnupg.org/update-index.sh b/misc/blog.gnupg.org/update-index.sh old mode 100644 new mode 100755 ----------------------------------------------------------------------- Summary of changes: misc/blog.gnupg.org/update-index.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 misc/blog.gnupg.org/update-index.sh hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Sat Mar 18 14:34:19 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 18 Mar 2017 14:34:19 +0100 Subject: [git] gnupg-doc - branch, master, updated. 3c8973d06cd0977c6c2710976773e07575c15952 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 3c8973d06cd0977c6c2710976773e07575c15952 (commit) from 3d21081d17122deaf510e124cce71479dee8acf0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3c8973d06cd0977c6c2710976773e07575c15952 Author: Werner Koch Date: Sat Mar 18 14:31:23 2017 +0100 tools: Improve build-website.sh. Update mkkudos.sh. diff --git a/tools/build-website.sh b/tools/build-website.sh index 521ae46..dbe20ab 100755 --- a/tools/build-website.sh +++ b/tools/build-website.sh @@ -44,6 +44,8 @@ if [ ! -d "$HOME" ]; then fi reponame=gnupg-doc +htdocs_web="/var/www/www/www.gnupg.org/htdocs" +htdocs_blog="/var/www/www/www.gnupg.org/misc/blog" workuser_dir=$HOME/${workuser} log_dir="$HOME/log" @@ -96,6 +98,10 @@ fi trap "rm -f $LOCKFILE" 0 +# These flags are set to the stage directory iof a sync is required +sync_web= +sync_blog= + # # Build main part # @@ -135,7 +141,7 @@ else --eval "(org-publish \"gpgweb\" t nil)" echo "$rev" > ${revlastfile} - + sync_web=${stage_dir}/${subdir} echo "$(date -u -Iseconds) build finished for $subdir" | tee -a ${buildlog} fi @@ -155,6 +161,7 @@ fi revlast="$(head -1 ${revlastfile} 2>/dev/null || true)" if [ x"$rev" = x"$revlast" ]; then echo "$pgm: No need to build $subdir" >&2; + sync_blog=${stage_dir}/${subdir} else echo "$(date -u -Iseconds) build started for $subdir" | tee ${buildlog} @@ -191,7 +198,7 @@ else sudo -u webbuild-x ${indexcreator} echo "$rev" > ${revlastfile} - + sync_blog=${stage_dir}/${subdir} echo "$(date -u -Iseconds) build finished for $subdir" | tee -a ${buildlog} fi @@ -201,14 +208,35 @@ fi # Sync to the webspace # cd "${root_dir}" +any_sync= + +if [ -n "$sync_web" ]; then + cd "$sync_web" + rsync -rlt --exclude '*~' --exclude '*.tmp' \ + . ${htdocs_web}/ + touch ${htdocs_web}/donate/donors.dat + any_sync=yes +fi + +if [ -n "$sync_blog" ]; then + cd "$sync_blog" + rsync -vr --links --exclude '*~' --exclude '*.sh' \ + --exclude '*tmp' --exclude '*.org' --exclude headlines.txt \ + . ${htdocs_blog}/ + any_sync=yes +fi + +if [ "$any_sync" = yes ]; then + $HOME/bin/mkkudos.sh --verbose --force +fi # # Print warnings when the scripts are out of date # (For security reasons the scripts need to be installed manually.) # -for f in trigger-website-build build-website.sh ; do - if cmp -s tools/$f ${HOME}/bin/$f ; then +for f in trigger-website-build build-website.sh mkkudos.sh ; do + if ! cmp -s ${HOME}/bin/$f tools/$f ; then echo "$pgm: Warning: A newer version of $f is available" >&2; fi done diff --git a/tools/mkkudos.sh b/tools/mkkudos.sh index 032958f..e2b7e92 100755 --- a/tools/mkkudos.sh +++ b/tools/mkkudos.sh @@ -27,6 +27,10 @@ set -e +LD_LIBRARY_PATH=/usr/local/lib +export LD_LIBRARY_PATH + + usage() { cat <&2 [ -f "$file.tmp" ] && rm "$file.tmp" - awk -F: -v year="$year" -v donors="$donors" -v dontable="$dontable" \ + awk -F: -v year=$year -v donors="$donors" -v dontable="$dontable" \ -v monyear="$monyear" -v thisyear="$thisyear" \ -v euro="$euro" -v euroyr="$euroyr" \ -v nyr="$nyr" -v goal="$goal" -v percent="$percent" \ ----------------------------------------------------------------------- Summary of changes: tools/build-website.sh | 36 ++++++++++++++++++++++++++++++++---- tools/mkkudos.sh | 8 ++++++-- 2 files changed, 38 insertions(+), 6 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Sat Mar 18 14:36:48 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 18 Mar 2017 14:36:48 +0100 Subject: [git] gnupg-doc - branch, master, updated. b14f59186ce977da720ba5b3e78ecb28d82c3828 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via b14f59186ce977da720ba5b3e78ecb28d82c3828 (commit) from 3c8973d06cd0977c6c2710976773e07575c15952 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b14f59186ce977da720ba5b3e78ecb28d82c3828 Author: Werner Koch Date: Sat Mar 18 14:33:49 2017 +0100 tools: Remove debug code from last commit diff --git a/tools/build-website.sh b/tools/build-website.sh index dbe20ab..e738491 100755 --- a/tools/build-website.sh +++ b/tools/build-website.sh @@ -161,7 +161,6 @@ fi revlast="$(head -1 ${revlastfile} 2>/dev/null || true)" if [ x"$rev" = x"$revlast" ]; then echo "$pgm: No need to build $subdir" >&2; - sync_blog=${stage_dir}/${subdir} else echo "$(date -u -Iseconds) build started for $subdir" | tee ${buildlog} ----------------------------------------------------------------------- Summary of changes: tools/build-website.sh | 1 - 1 file changed, 1 deletion(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Sat Mar 18 18:24:41 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 18 Mar 2017 18:24:41 +0100 Subject: [git] gnupg-doc - branch, master, updated. e0a846a50bd44c95c4331a4c24e049c21124a1c4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via e0a846a50bd44c95c4331a4c24e049c21124a1c4 (commit) from b14f59186ce977da720ba5b3e78ecb28d82c3828 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e0a846a50bd44c95c4331a4c24e049c21124a1c4 Author: Werner Koch Date: Sat Mar 18 18:21:42 2017 +0100 tools: Minor update to the scrips. diff --git a/tools/append-to-donors.sh b/tools/append-to-donors.sh index 6ce4e6b..cd87f43 100755 --- a/tools/append-to-donors.sh +++ b/tools/append-to-donors.sh @@ -79,7 +79,11 @@ send_thanks () { else xidnmail="" fi - xqpmail=$(mu-tool 2047 -c utf-8 "$xmail") + if [ x"$xidnmail" = x"$xmail" ]; then + xqpmail="$xmail" + else + xqpmail=$(mu-tool 2047 -c utf-8 "$xmail") + fi ( cat <&2; fi ----------------------------------------------------------------------- Summary of changes: tools/append-to-donors.sh | 6 +++++- tools/build-website.sh | 5 +++-- 2 files changed, 8 insertions(+), 3 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Mon Mar 20 10:16:48 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 20 Mar 2017 10:16:48 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-64-gfe0b37e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via fe0b37e123ded51cc5f4cb5e3547fdfbce37a43e (commit) via e2c63a13e2fa4ce39af8471a34c06d73ff3ee6f6 (commit) from fb9d68d636490ca88925051f48b08963c324aed1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fe0b37e123ded51cc5f4cb5e3547fdfbce37a43e Author: Werner Koch Date: Mon Mar 20 10:09:40 2017 +0100 gpg: Add new field no 18 to the colon listing. * g10/misc.c (gnupg_pk_is_compliant): New. * g10/keylist.c (print_compliance_flags): New. (list_keyblock_colon): Call it here. * sm/keylist.c (print_compliance_flags): New. (list_cert_colon): Call it here. -- This patch is to convey information about DE_VS compliant keys to the caller. The double digit value is used so that parsers do the right thing and don't just look for a single digit. Signed-off-by: Werner Koch diff --git a/doc/DETAILS b/doc/DETAILS index 8c11872..cfe70e1 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -218,6 +218,15 @@ described here. For pub, sub, sec, and ssb records this field is used for the ECC curve name. +*** Field 18 - Compliance flags + + Space separated list of asserted compliance modes for this key. + + Valid values are: + + - 8 :: The key is compliant with RFC4880bis + - 23 :: The key is compliant with compliance mode "de-vs". + ** Special fields *** PKD - Public key data diff --git a/g10/keylist.c b/g10/keylist.c index 32cf1e8..b8f32be 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -1170,6 +1170,29 @@ print_revokers (estream_t fp, PKT_public_key * pk) } +/* Print the compliance flags to field 18. PK is the public key. + * KEYLENGTH is the length of the key in bits and CURVENAME is either + * NULL or the name of the curve. The latter two args are here + * merely because the caller has already computed them. */ +static void +print_compliance_flags (PKT_public_key *pk, + unsigned int keylength, const char *curvename) +{ + int any = 0; + + if (pk->version == 5) + { + es_fputs ("8", es_stdout); + any++; + } + if (gnupg_pk_is_compliant (CO_DE_VS, pk, keylength, curvename)) + { + es_fputs (any? " 23":"23", es_stdout); + any++; + } +} + + /* List a key in colon mode. If SECRET is true this is a secret key record (i.e. requested via --list-secret-key). If HAS_SECRET a secret key is available even if SECRET is not set. */ @@ -1191,6 +1214,9 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock, const char *hexgrip = NULL; char *serialno = NULL; int stubkey; + unsigned int keylength; + char *curve = NULL; + const char *curvename = NULL; /* Get the keyid from the keyblock. */ node = find_kbnode (keyblock, PKT_PUBLIC_KEY); @@ -1239,14 +1265,16 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock, else ownertrust_print = 0; + keylength = nbits_from_pk (pk); + es_fputs (secret? "sec:":"pub:", es_stdout); if (trustletter_print) es_putc (trustletter_print, es_stdout); es_fprintf (es_stdout, ":%u:%d:%08lX%08lX:%s:%s::", - nbits_from_pk (pk), - pk->pubkey_algo, - (ulong) keyid[0], (ulong) keyid[1], - colon_datestr_from_pk (pk), colon_strtime (pk->expiredate)); + keylength, + pk->pubkey_algo, + (ulong) keyid[0], (ulong) keyid[1], + colon_datestr_from_pk (pk), colon_strtime (pk->expiredate)); if (ownertrust_print) es_putc (ownertrust_print, es_stdout); @@ -1272,14 +1300,14 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock, || pk->pubkey_algo == PUBKEY_ALGO_EDDSA || pk->pubkey_algo == PUBKEY_ALGO_ECDH) { - char *curve = openpgp_oid_to_str (pk->pkey[0]); - const char *name = openpgp_oid_to_curve (curve, 0); - if (!name) - name = curve; - es_fputs (name, es_stdout); - xfree (curve); + curve = openpgp_oid_to_str (pk->pkey[0]); + curvename = openpgp_oid_to_curve (curve, 0); + if (!curvename) + curvename = curve; + es_fputs (curvename, es_stdout); } es_putc (':', es_stdout); /* End of field 17. */ + print_compliance_flags (pk, keylength, curvename); es_putc (':', es_stdout); /* End of field 18. */ es_putc ('\n', es_stdout); @@ -1380,13 +1408,13 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock, if (trustletter) es_fprintf (es_stdout, "%c", trustletter); } + keylength = nbits_from_pk (pk2); es_fprintf (es_stdout, ":%u:%d:%08lX%08lX:%s:%s:::::", - nbits_from_pk (pk2), - pk2->pubkey_algo, - (ulong) keyid2[0], (ulong) keyid2[1], - colon_datestr_from_pk (pk2), colon_strtime (pk2->expiredate) - /* fixme: add LID and ownertrust here */ - ); + keylength, + pk2->pubkey_algo, + (ulong) keyid2[0], (ulong) keyid2[1], + colon_datestr_from_pk (pk2), + colon_strtime (pk2->expiredate)); print_capabilities (pk2, NULL); es_putc (':', es_stdout); /* End of field 13. */ es_putc (':', es_stdout); /* End of field 14. */ @@ -1405,14 +1433,16 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock, || pk2->pubkey_algo == PUBKEY_ALGO_EDDSA || pk2->pubkey_algo == PUBKEY_ALGO_ECDH) { - char *curve = openpgp_oid_to_str (pk2->pkey[0]); - const char *name = openpgp_oid_to_curve (curve, 0); - if (!name) - name = curve; - es_fputs (name, es_stdout); xfree (curve); + curve = openpgp_oid_to_str (pk2->pkey[0]); + curvename = openpgp_oid_to_curve (curve, 0); + if (!curvename) + curvename = curve; + es_fputs (curvename, es_stdout); } es_putc (':', es_stdout); /* End of field 17. */ + print_compliance_flags (pk2, keylength, curvename); + es_putc (':', es_stdout); /* End of field 18. */ es_putc ('\n', es_stdout); print_fingerprint (NULL, pk2, 0); if (hexgrip) @@ -1540,6 +1570,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock, } } + xfree (curve); xfree (hexgrip_buffer); xfree (serialno); } diff --git a/g10/main.h b/g10/main.h index f58f041..c9c3454 100644 --- a/g10/main.h +++ b/g10/main.h @@ -125,6 +125,9 @@ int openpgp_pk_test_algo2 (pubkey_algo_t algo, unsigned int use); int openpgp_pk_algo_usage ( int algo ); const char *openpgp_pk_algo_name (pubkey_algo_t algo); +int gnupg_pk_is_compliant (int compliance, PKT_public_key *pk, + unsigned int keylength, const char *curvename); + enum gcry_md_algos map_md_openpgp_to_gcry (digest_algo_t algo); int openpgp_md_test_algo (digest_algo_t algo); const char *openpgp_md_algo_name (int algo); diff --git a/g10/misc.c b/g10/misc.c index c69f994..0ecdb04 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -640,7 +640,7 @@ openpgp_pk_test_algo2 (pubkey_algo_t algo, unsigned int use) if (!ga) return gpg_error (GPG_ERR_PUBKEY_ALGO); - /* No check whether Libgcrypt has support for the algorithm. */ + /* Now check whether Libgcrypt has support for the algorithm. */ return gcry_pk_algo_info (ga, GCRYCTL_TEST_ALGO, NULL, &use_buf); } @@ -704,6 +704,94 @@ openpgp_pk_algo_name (pubkey_algo_t algo) } +/* Return true if PK is compliant to the give COMPLIANCE mode. If + * KEYLENGTH and CURVENAME are not 0/NULL the are assumed to be the + * already computed values from PK. */ +int +gnupg_pk_is_compliant (int compliance, PKT_public_key *pk, + unsigned int keylength, const char *curvename) +{ + enum { is_rsa, is_pgp5, is_elg_sign, is_ecc } algotype; + int result; + + switch (pk->pubkey_algo) + { + case PUBKEY_ALGO_RSA: + case PUBKEY_ALGO_RSA_E: + case PUBKEY_ALGO_RSA_S: + algotype = is_rsa; + break; + + case PUBKEY_ALGO_ELGAMAL_E: + case PUBKEY_ALGO_DSA: + algotype = is_pgp5; + break; + + case PUBKEY_ALGO_ECDH: + case PUBKEY_ALGO_ECDSA: + case PUBKEY_ALGO_EDDSA: + algotype = is_ecc; + break; + + case PUBKEY_ALGO_ELGAMAL: + algotype = is_elg_sign; + break; + + default: /* Unknown. */ + return 0; + } + + if (compliance == CO_DE_VS) + { + char *curve = NULL; + + switch (algotype) + { + case is_pgp5: + result = 0; + break; + + case is_rsa: + if (!keylength) + keylength = nbits_from_pk (pk); + result = (keylength >= 2048); + break; + + case is_ecc: + if (!curvename) + { + curve = openpgp_oid_to_str (pk->pkey[0]); + curvename = openpgp_oid_to_curve (curve, 0); + if (!curvename) + curvename = curve; + } + + result = (curvename + && pk->pubkey_algo != PUBKEY_ALGO_EDDSA + && (!strcmp (curvename, "brainpoolP256r1") + || !strcmp (curvename, "brainpoolP384r1") + || !strcmp (curvename, "brainpoolP512r1"))); + break; + + default: + result = 0; + } + xfree (curve); + } + else if (algotype == is_elg_sign) + { + /* An Elgamal signing key is only RFC-2440 compliant. */ + result = (compliance == RFC2440); + } + else + { + result = 1; /* Assume compliance. */ + } + + return result; +} + + /* Explicit mapping of OpenPGP digest algos to Libgcrypt. */ /* FIXME: We do not yes use it everywhere. */ enum gcry_md_algos diff --git a/sm/keylist.c b/sm/keylist.c index d27d4f4..1b1a261 100644 --- a/sm/keylist.c +++ b/sm/keylist.c @@ -346,6 +346,14 @@ email_kludge (const char *name) } +/* Print the compliance flags to field 18. ALGO is the gcrypt algo + * number. NBITS is the length of the key in bits. */ +static void +print_compliance_flags (int algo, unsigned int nbits, estream_t fp) +{ + if (algo == GCRY_PK_RSA && nbits >= 2048) + es_fputs ("23", fp); +} /* List one certificate in colon mode */ @@ -496,6 +504,8 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity, print_capabilities (cert, fp); /* Field 13, not used: */ es_putc (':', fp); + /* Field 14, not used: */ + es_putc (':', fp); if (have_secret || ctrl->with_secret) { char *cardsn; @@ -504,18 +514,20 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity, if (!gpgsm_agent_keyinfo (ctrl, p, &cardsn) && (cardsn || ctrl->with_secret)) { - /* Field 14, not used: */ - es_putc (':', fp); /* Field 15: Token serial number or secret key indicator. */ if (cardsn) es_fputs (cardsn, fp); else if (ctrl->with_secret) es_putc ('+', fp); - es_putc (':', fp); } xfree (cardsn); xfree (p); } + es_putc (':', fp); /* End of field 15. */ + es_putc (':', fp); /* End of field 16. */ + es_putc (':', fp); /* End of field 17. */ + print_compliance_flags (algo, nbits, fp); + es_putc (':', fp); /* End of field 18. */ es_putc ('\n', fp); /* FPR record */ commit e2c63a13e2fa4ce39af8471a34c06d73ff3ee6f6 Author: Werner Koch Date: Mon Mar 20 08:38:54 2017 +0100 gpg: Remove unused stuff. * g10/OPTIONS: Remove. * g10/options.h (struct opt): Remove 'shm_coprocess'. Signed-off-by: Werner Koch diff --git a/doc/HACKING b/doc/HACKING index e717479..fc0c3f4 100644 --- a/doc/HACKING +++ b/doc/HACKING @@ -168,13 +168,13 @@ Note that such a comment will be removed if the git commit option that the freed variable is not anymore used, explicitly set the variable to NULL. - New code shall in general use xtrymalloc or xtrycalloc and check - for an error (use gpg_error_from_errno()). + for an error (use gpg_error_from_syserror()). - Init function local variables only if needed so that the compiler can do a better job in detecting uninitialized variables which may indicate a problem with the code. - Never init static or file local variables to 0 to make sure they end up in BSS. - - But extra parenthesis around terms with binary operators to make + - Put extra parenthesis around terms with binary operators to make it clear that the binary operator was indeed intended. - Use --enable-maintainer-mode with configure so that all suitable warnings are enabled. diff --git a/g10/OPTIONS b/g10/OPTIONS deleted file mode 100644 index b1a49e2..0000000 --- a/g10/OPTIONS +++ /dev/null @@ -1,24 +0,0 @@ -# Some notes used by the maintainers - - -store -# simply packs the input data into a rfc1991 packet format - -check-trustdb - - -compress-keys -# compress exported key, compress level is still set with "-z" and -# algorithm with --compress-algo" - Default is to not compress keys, as -# this is better for interoperability. - -compress-sigs -# Normally, compressing of signatures does not make sense; so this -# is disabled for detached signatures unless this option is used. - -run-as-shm-coprocess [request-locked-shm-size] -# very special :-) -# You will have to use "--status-fd" too -# Note: This option does only work if given on the command line. - - diff --git a/g10/options.h b/g10/options.h index def6385..c634f0f 100644 --- a/g10/options.h +++ b/g10/options.h @@ -148,7 +148,6 @@ struct { KF_DEFAULT, KF_NONE, KF_SHORT, KF_LONG, KF_0xSHORT, KF_0xLONG } keyid_format; - int shm_coprocess; const char *set_filename; strlist_t comments; int throw_keyids; ----------------------------------------------------------------------- Summary of changes: doc/DETAILS | 9 ++++++ doc/HACKING | 4 +-- g10/OPTIONS | 24 ---------------- g10/keylist.c | 73 ++++++++++++++++++++++++++++++++++-------------- g10/main.h | 3 ++ g10/misc.c | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- g10/options.h | 1 - sm/keylist.c | 18 ++++++++++-- 8 files changed, 170 insertions(+), 52 deletions(-) delete mode 100644 g10/OPTIONS hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Mar 20 14:37:02 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Mon, 20 Mar 2017 14:37:02 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-66-gceb4b24 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via ceb4b245752bb1fb43fde7e99f8d904ab8a9b5e2 (commit) via d75d20909d9f60d33ffd210def92278c0f383aad (commit) from fe0b37e123ded51cc5f4cb5e3547fdfbce37a43e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ceb4b245752bb1fb43fde7e99f8d904ab8a9b5e2 Author: Justus Winter Date: Mon Mar 20 10:23:55 2017 +0100 tests: Remove debugging remnants. * tests/gpgme/gpgme-defs.scm (run-python-tests?): Remove 'trace's. Signed-off-by: Justus Winter diff --git a/tests/gpgme/gpgme-defs.scm b/tests/gpgme/gpgme-defs.scm index 0583774..486d1a1 100644 --- a/tests/gpgme/gpgme-defs.scm +++ b/tests/gpgme/gpgme-defs.scm @@ -181,4 +181,4 @@ (call-popen `(,python -c "import sys; print('{0}.{1}'.format(sys.version_info[0], sys.version_info[1]))") ""))) (build-path (path-join gpgme-builddir "lang" "python" (string-append "python" python-version "-gpg")))) - (trace (file-exists? (trace build-path)))))) + (file-exists? build-path)))) commit d75d20909d9f60d33ffd210def92278c0f383aad Author: Justus Winter Date: Mon Mar 20 12:21:43 2017 +0100 tests: Fail if we cannot create the socket directory. * tests/migrations/common.scm (run-test): Turn warning into an error. * tests/openpgp/defs.scm (start-agent): Likewise. -- We use separate directories to create the sockets in so that the absolute path to the every socket fits into sun_path. Fixes-commit: 7e19786a5ddef637d1d9d21593fecf5a36b6f372 Signed-off-by: Justus Winter diff --git a/tests/migrations/common.scm b/tests/migrations/common.scm index fa8f129..b1c90aa 100644 --- a/tests/migrations/common.scm +++ b/tests/migrations/common.scm @@ -53,7 +53,7 @@ (untar-armored src-tarball) (setenv "GNUPGHOME" (getcwd) #t) - (catch (log "Warning: Creating socket directory failed:" (car *error*)) + (catch (fail "Creating socket directory failed (see README):" (car *error*)) (call-popen `(,gpgconf --create-socketdir) "")) (test (getcwd)) (catch (log "Warning: Removing socket directory failed.") diff --git a/tests/openpgp/defs.scm b/tests/openpgp/defs.scm index 7c8e10a..64c086d 100644 --- a/tests/openpgp/defs.scm +++ b/tests/openpgp/defs.scm @@ -446,7 +446,7 @@ (atexit (lambda () (with-home-directory gnupghome (stop-agent))))) - (catch (log "Warning: Creating socket directory failed:" (car *error*)) + (catch (fail "Creating socket directory failed (see README):" (car *error*)) (call-popen `(,(tool 'gpgconf) --create-socketdir) "")) (call-check `(,(tool 'gpg-connect-agent) --verbose ,(string-append "--agent-program=" (tool 'gpg-agent) ----------------------------------------------------------------------- Summary of changes: tests/gpgme/gpgme-defs.scm | 2 +- tests/migrations/common.scm | 2 +- tests/openpgp/defs.scm | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Mar 20 16:43:21 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Mon, 20 Mar 2017 16:43:21 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.8.0-104-g16b202d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 16b202d9999591b71fb8bb49f6db10ef96d4cbe8 (commit) via e1cf8bab319ba1dea41ba5d711dbb66ffd8e6fd6 (commit) via 4572e8d2ac1d3b45e75ce71265c99e591fbf0e28 (commit) from 9d6825be092f1590f28b5bab462eeb944d9b800c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 16b202d9999591b71fb8bb49f6db10ef96d4cbe8 Author: Justus Winter Date: Mon Mar 20 16:36:27 2017 +0100 tests: Use 'gpg-agent --allow-loopback-pinentry' if applicable. * lang/python/tests/Makefile.am (gpg-agent.conf): Do not hard-code the option. This breaks gpg-agent from GnuPG 2.0. * tests/start-stop-agent: Rather, check if the option is supported and add it to the configuration if it is. GnuPG-bug-id: 3008 Fixes-commit: bbf19124bbec9eb6298cef2914baae7ac74382fe Signed-off-by: Justus Winter diff --git a/lang/python/tests/Makefile.am b/lang/python/tests/Makefile.am index 7251cd3..a935222 100644 --- a/lang/python/tests/Makefile.am +++ b/lang/python/tests/Makefile.am @@ -117,4 +117,3 @@ clean-local: ./gpg-agent.conf: # This is required for gpg2, which does not support command fd. echo pinentry-program $(abs_top_srcdir)/tests/gpg/pinentry >$@ - echo allow-loopback-pinentry >>$@ diff --git a/tests/start-stop-agent b/tests/start-stop-agent index e843ce5..457f70d 100755 --- a/tests/start-stop-agent +++ b/tests/start-stop-agent @@ -38,6 +38,14 @@ fi echo "starting gpg-agent.." >&2 +# GnuPG prior to 2.1.12 needs --allow-loopback-pinentry for the +# loopback entry to work. Old versions do not understand this though, +# so we need to be careful. +if "$GPG_AGENT" --gpgconf-test --allow-loopback-pinentry && + ! grep -q allow-loopback-pinentry "$GNUPGHOME/gpg-agent.conf"; then + echo allow-loopback-pinentry >> "$GNUPGHOME/gpg-agent.conf" +fi + gpg-connect-agent --agent-program="${GPG_AGENT}|--debug-quick-random" putval\ $token\ set /bye if [ $? -ne 0 -o "$(gpg-connect-agent getval\ $token /bye 2>/dev/null | head -1)" \ != "D set" ]; then commit e1cf8bab319ba1dea41ba5d711dbb66ffd8e6fd6 Author: Justus Winter Date: Mon Mar 20 16:00:13 2017 +0100 python: Skip tests if GnuPG is too old. * lang/python/tests/support.py (assert_gpg_version): New function. * lang/python/tests/t-callbacks.py: Use the new function to skip the test if GnuPG is too old. * lang/python/tests/t-edit.py: Likewise. * lang/python/tests/t-encrypt-sym.py: Likewise. * lang/python/tests/t-quick-key-creation.py: Likewise. * lang/python/tests/t-quick-key-manipulation.py: Likewise. * lang/python/tests/t-quick-key-signing.py: Likewise. GnuPG-bug-id: 3008 Signed-off-by: Justus Winter diff --git a/lang/python/tests/support.py b/lang/python/tests/support.py index 80c3a4b..8f9d645 100644 --- a/lang/python/tests/support.py +++ b/lang/python/tests/support.py @@ -26,6 +26,13 @@ import tempfile import time import gpg +def assert_gpg_version(version=(2, 1, 0)): + with gpg.Context() as c: + if tuple(map(int, c.engine_info.version.split('.'))) < version: + print("GnuPG too old: have {0}, need {1}.".format( + c.engine_info.version, '.'.join(version))) + sys.exit(77) + # known keys alpha = "A0FF4590BB6122EDEF6E3C542D727CC768697734" bob = "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2" diff --git a/lang/python/tests/t-callbacks.py b/lang/python/tests/t-callbacks.py index ae15787..94cf11e 100755 --- a/lang/python/tests/t-callbacks.py +++ b/lang/python/tests/t-callbacks.py @@ -24,6 +24,8 @@ import os import gpg import support +support.assert_gpg_version() + c = gpg.Context() c.set_pinentry_mode(gpg.constants.PINENTRY_MODE_LOOPBACK) diff --git a/lang/python/tests/t-edit.py b/lang/python/tests/t-edit.py index 7ac3626..ffc3296 100755 --- a/lang/python/tests/t-edit.py +++ b/lang/python/tests/t-edit.py @@ -26,6 +26,8 @@ import os import gpg import support +support.assert_gpg_version() + class KeyEditor(object): def __init__(self): self.steps = ["fpr", "expire", "1", "primary", "quit"] diff --git a/lang/python/tests/t-encrypt-sym.py b/lang/python/tests/t-encrypt-sym.py index c15955a..8ee9cd6 100755 --- a/lang/python/tests/t-encrypt-sym.py +++ b/lang/python/tests/t-encrypt-sym.py @@ -24,6 +24,8 @@ import os import gpg import support +support.assert_gpg_version() + for passphrase in ("abc", b"abc"): c = gpg.Context() c.set_armor(True) diff --git a/lang/python/tests/t-quick-key-creation.py b/lang/python/tests/t-quick-key-creation.py index c642c5b..8b7372e 100755 --- a/lang/python/tests/t-quick-key-creation.py +++ b/lang/python/tests/t-quick-key-creation.py @@ -25,6 +25,7 @@ import itertools import time import support +support.assert_gpg_version((2, 1, 2)) alpha = "Alpha " diff --git a/lang/python/tests/t-quick-key-manipulation.py b/lang/python/tests/t-quick-key-manipulation.py index 45e4c0e..0f47006 100755 --- a/lang/python/tests/t-quick-key-manipulation.py +++ b/lang/python/tests/t-quick-key-manipulation.py @@ -24,6 +24,7 @@ import os import gpg import support +support.assert_gpg_version((2, 1, 14)) alpha = "Alpha " bravo = "Bravo " diff --git a/lang/python/tests/t-quick-key-signing.py b/lang/python/tests/t-quick-key-signing.py index f9778a3..3d648c5 100755 --- a/lang/python/tests/t-quick-key-signing.py +++ b/lang/python/tests/t-quick-key-signing.py @@ -25,6 +25,7 @@ import itertools import time import support +support.assert_gpg_version((2, 1, 1)) with support.EphemeralContext() as ctx: uid_counter = 0 commit 4572e8d2ac1d3b45e75ce71265c99e591fbf0e28 Author: Justus Winter Date: Mon Mar 20 16:07:07 2017 +0100 python: Remove superfluous initialization. * lang/python/tests/support.py (init_gpgme): Remove. This is an remnant from the c tests. Nowadays, the Python bindings initialize GPGME automagically. * lang/python/tests/initial.py: Remove call to 'support.init_gpgme'. * lang/python/tests/t-callbacks.py: Likewise. * lang/python/tests/t-decrypt-verify.py: Likewise. * lang/python/tests/t-decrypt.py: Likewise. * lang/python/tests/t-edit.py: Likewise. * lang/python/tests/t-encrypt-large.py: Likewise. * lang/python/tests/t-encrypt-sign.py: Likewise. * lang/python/tests/t-encrypt-sym.py: Likewise. * lang/python/tests/t-encrypt.py: Likewise. * lang/python/tests/t-export.py: Likewise. * lang/python/tests/t-file-name.py: Likewise. * lang/python/tests/t-idiomatic.py: Likewise. * lang/python/tests/t-import.py: Likewise. * lang/python/tests/t-keylist.py: Likewise. * lang/python/tests/t-sig-notation.py: Likewise. * lang/python/tests/t-sign.py: Likewise. * lang/python/tests/t-signers.py: Likewise. * lang/python/tests/t-trustlist.py: Likewise. * lang/python/tests/t-verify.py: Likewise. * lang/python/tests/t-wait.py: Likewise. Signed-off-by: Justus Winter diff --git a/lang/python/tests/initial.py b/lang/python/tests/initial.py index 4a02762..49e4f82 100755 --- a/lang/python/tests/initial.py +++ b/lang/python/tests/initial.py @@ -27,8 +27,6 @@ import support print("Using gpg module from {0!r}.".format(os.path.dirname(gpg.__file__))) -support.init_gpgme(gpg.constants.protocol.OpenPGP) - subprocess.check_call([os.path.join(os.getenv('top_srcdir'), "tests", "start-stop-agent"), "--start"]) diff --git a/lang/python/tests/support.py b/lang/python/tests/support.py index 69aa7a4..80c3a4b 100644 --- a/lang/python/tests/support.py +++ b/lang/python/tests/support.py @@ -39,9 +39,6 @@ def make_filename(name): def in_srcdir(name): return os.path.join(os.environ['srcdir'], name) -def init_gpgme(proto): - gpg.core.engine_check_version(proto) - verbose = int(os.environ.get('verbose', 0)) > 1 def print_data(data): if verbose: diff --git a/lang/python/tests/t-callbacks.py b/lang/python/tests/t-callbacks.py index eed50bc..ae15787 100755 --- a/lang/python/tests/t-callbacks.py +++ b/lang/python/tests/t-callbacks.py @@ -24,8 +24,6 @@ import os import gpg import support -support.init_gpgme(gpg.constants.protocol.OpenPGP) - c = gpg.Context() c.set_pinentry_mode(gpg.constants.PINENTRY_MODE_LOOPBACK) diff --git a/lang/python/tests/t-decrypt-verify.py b/lang/python/tests/t-decrypt-verify.py index 6243167..03bbc4b 100755 --- a/lang/python/tests/t-decrypt-verify.py +++ b/lang/python/tests/t-decrypt-verify.py @@ -34,7 +34,6 @@ def check_verify_result(result, summary, fpr, status): assert sig.validity == gpg.constants.validity.FULL assert gpg.errors.GPGMEError(sig.validity_reason).getcode() == gpg.errors.NO_ERROR -support.init_gpgme(gpg.constants.protocol.OpenPGP) c = gpg.Context() source = gpg.Data(file=support.make_filename("cipher-2.asc")) diff --git a/lang/python/tests/t-decrypt.py b/lang/python/tests/t-decrypt.py index 1af0562..05b6d8b 100755 --- a/lang/python/tests/t-decrypt.py +++ b/lang/python/tests/t-decrypt.py @@ -23,7 +23,6 @@ del absolute_import, print_function, unicode_literals import gpg import support -support.init_gpgme(gpg.constants.protocol.OpenPGP) c = gpg.Context() source = gpg.Data(file=support.make_filename("cipher-1.asc")) diff --git a/lang/python/tests/t-edit.py b/lang/python/tests/t-edit.py index bd70e7e..7ac3626 100755 --- a/lang/python/tests/t-edit.py +++ b/lang/python/tests/t-edit.py @@ -51,8 +51,6 @@ class KeyEditor(object): return result -support.init_gpgme(gpg.constants.protocol.OpenPGP) - c = gpg.Context() c.set_pinentry_mode(gpg.constants.PINENTRY_MODE_LOOPBACK) c.set_passphrase_cb(lambda *args: "abc") diff --git a/lang/python/tests/t-encrypt-large.py b/lang/python/tests/t-encrypt-large.py index cdb4a32..5646085 100755 --- a/lang/python/tests/t-encrypt-large.py +++ b/lang/python/tests/t-encrypt-large.py @@ -30,7 +30,6 @@ if len(sys.argv) == 2: else: nbytes = 100000 -support.init_gpgme(gpg.constants.protocol.OpenPGP) c = gpg.Context() ntoread = nbytes diff --git a/lang/python/tests/t-encrypt-sign.py b/lang/python/tests/t-encrypt-sign.py index 094a2b0..f04783f 100755 --- a/lang/python/tests/t-encrypt-sign.py +++ b/lang/python/tests/t-encrypt-sign.py @@ -24,7 +24,6 @@ import sys import gpg import support -support.init_gpgme(gpg.constants.protocol.OpenPGP) c = gpg.Context() c.set_armor(True) diff --git a/lang/python/tests/t-encrypt-sym.py b/lang/python/tests/t-encrypt-sym.py index 07e6b62..c15955a 100755 --- a/lang/python/tests/t-encrypt-sym.py +++ b/lang/python/tests/t-encrypt-sym.py @@ -24,8 +24,6 @@ import os import gpg import support -support.init_gpgme(gpg.constants.protocol.OpenPGP) - for passphrase in ("abc", b"abc"): c = gpg.Context() c.set_armor(True) diff --git a/lang/python/tests/t-encrypt.py b/lang/python/tests/t-encrypt.py index 3cbe8f2..921502a 100755 --- a/lang/python/tests/t-encrypt.py +++ b/lang/python/tests/t-encrypt.py @@ -23,7 +23,6 @@ del absolute_import, print_function, unicode_literals import gpg import support -support.init_gpgme(gpg.constants.protocol.OpenPGP) c = gpg.Context() c.set_armor(True) diff --git a/lang/python/tests/t-export.py b/lang/python/tests/t-export.py index 4927beb..b9d5204 100755 --- a/lang/python/tests/t-export.py +++ b/lang/python/tests/t-export.py @@ -23,7 +23,6 @@ del absolute_import, print_function, unicode_literals import gpg import support -support.init_gpgme(gpg.constants.protocol.OpenPGP) c = gpg.Context() c.set_armor(True) diff --git a/lang/python/tests/t-file-name.py b/lang/python/tests/t-file-name.py index d12afb8..aab5680 100755 --- a/lang/python/tests/t-file-name.py +++ b/lang/python/tests/t-file-name.py @@ -26,7 +26,6 @@ import support testname = "abcde12345" -support.init_gpgme(gpg.constants.protocol.OpenPGP) c = gpg.Context() c.set_armor(True) diff --git a/lang/python/tests/t-idiomatic.py b/lang/python/tests/t-idiomatic.py index 485f048..826bc23 100755 --- a/lang/python/tests/t-idiomatic.py +++ b/lang/python/tests/t-idiomatic.py @@ -27,8 +27,6 @@ import tempfile import gpg import support -support.init_gpgme(gpg.constants.protocol.OpenPGP) - # Both Context and Data can be used as context manager: with gpg.Context() as c, gpg.Data() as d: c.get_engine_info() diff --git a/lang/python/tests/t-import.py b/lang/python/tests/t-import.py index 5b0576f..e2edf5a 100755 --- a/lang/python/tests/t-import.py +++ b/lang/python/tests/t-import.py @@ -67,7 +67,6 @@ def check_result(result, fpr, secret): assert len(result.imports) == 1 or fpr == result.imports[1].fpr assert result.imports[0].result == 0 -support.init_gpgme(gpg.constants.protocol.OpenPGP) c = gpg.Context() c.op_import(gpg.Data(file=support.make_filename("pubkey-1.asc"))) diff --git a/lang/python/tests/t-keylist.py b/lang/python/tests/t-keylist.py index 5077ca6..76c793e 100755 --- a/lang/python/tests/t-keylist.py +++ b/lang/python/tests/t-keylist.py @@ -23,7 +23,6 @@ del absolute_import, print_function, unicode_literals import gpg import support -support.init_gpgme(gpg.constants.protocol.OpenPGP) c = gpg.Context() # Check expration of keys. This test assumes three subkeys of which diff --git a/lang/python/tests/t-sig-notation.py b/lang/python/tests/t-sig-notation.py index f1342b1..2277497 100755 --- a/lang/python/tests/t-sig-notation.py +++ b/lang/python/tests/t-sig-notation.py @@ -62,8 +62,6 @@ def check_result(result): assert len(expected_notations) == 0 -support.init_gpgme(gpg.constants.protocol.OpenPGP) - source = gpg.Data("Hallo Leute\n") signed = gpg.Data() diff --git a/lang/python/tests/t-sign.py b/lang/python/tests/t-sign.py index 9418ed8..d375729 100755 --- a/lang/python/tests/t-sign.py +++ b/lang/python/tests/t-sign.py @@ -53,8 +53,6 @@ def check_result(r, typ): if signature.fpr != "A0FF4590BB6122EDEF6E3C542D727CC768697734": fail("Wrong fingerprint reported: {}".format(signature.fpr)) - -support.init_gpgme(gpg.constants.protocol.OpenPGP) c = gpg.Context() c.set_textmode(True) c.set_armor(True) diff --git a/lang/python/tests/t-signers.py b/lang/python/tests/t-signers.py index 80e797c..5864ee5 100755 --- a/lang/python/tests/t-signers.py +++ b/lang/python/tests/t-signers.py @@ -53,8 +53,6 @@ def check_result(r, typ): "23FD347A419429BACCD5E72D6BC4778054ACD246"): fail("Wrong fingerprint reported: {}".format(signature.fpr)) - -support.init_gpgme(gpg.constants.protocol.OpenPGP) c = gpg.Context() c.set_textmode(True) c.set_armor(True) diff --git a/lang/python/tests/t-trustlist.py b/lang/python/tests/t-trustlist.py index 8c5e214..8586596 100755 --- a/lang/python/tests/t-trustlist.py +++ b/lang/python/tests/t-trustlist.py @@ -23,7 +23,6 @@ del absolute_import, print_function, unicode_literals import gpg import support -support.init_gpgme(gpg.constants.protocol.OpenPGP) c = gpg.Context() def dump_item(item): diff --git a/lang/python/tests/t-verify.py b/lang/python/tests/t-verify.py index f18e1dd..0347638 100755 --- a/lang/python/tests/t-verify.py +++ b/lang/python/tests/t-verify.py @@ -97,8 +97,6 @@ def check_result(result, summary, validity, fpr, status, notation): sig.validity, validity) assert gpg.errors.GPGMEError(sig.validity_reason).getcode() == gpg.errors.NO_ERROR - -support.init_gpgme(gpg.constants.protocol.OpenPGP) c = gpg.Context() c.set_armor(True) diff --git a/lang/python/tests/t-wait.py b/lang/python/tests/t-wait.py index b1f2043..0c403fa 100755 --- a/lang/python/tests/t-wait.py +++ b/lang/python/tests/t-wait.py @@ -24,7 +24,6 @@ import time import gpg import support -support.init_gpgme(gpg.constants.protocol.OpenPGP) c = gpg.Context() c.set_armor(True) ----------------------------------------------------------------------- Summary of changes: lang/python/tests/Makefile.am | 1 - lang/python/tests/initial.py | 2 -- lang/python/tests/support.py | 10 +++++++--- lang/python/tests/t-callbacks.py | 2 +- lang/python/tests/t-decrypt-verify.py | 1 - lang/python/tests/t-decrypt.py | 1 - lang/python/tests/t-edit.py | 4 ++-- lang/python/tests/t-encrypt-large.py | 1 - lang/python/tests/t-encrypt-sign.py | 1 - lang/python/tests/t-encrypt-sym.py | 2 +- lang/python/tests/t-encrypt.py | 1 - lang/python/tests/t-export.py | 1 - lang/python/tests/t-file-name.py | 1 - lang/python/tests/t-idiomatic.py | 2 -- lang/python/tests/t-import.py | 1 - lang/python/tests/t-keylist.py | 1 - lang/python/tests/t-quick-key-creation.py | 1 + lang/python/tests/t-quick-key-manipulation.py | 1 + lang/python/tests/t-quick-key-signing.py | 1 + lang/python/tests/t-sig-notation.py | 2 -- lang/python/tests/t-sign.py | 2 -- lang/python/tests/t-signers.py | 2 -- lang/python/tests/t-trustlist.py | 1 - lang/python/tests/t-verify.py | 2 -- lang/python/tests/t-wait.py | 1 - tests/start-stop-agent | 8 ++++++++ 26 files changed, 22 insertions(+), 31 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Mar 20 16:55:34 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Mon, 20 Mar 2017 16:55:34 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.8.0-105-g57e64d0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 57e64d019d993fdeb4323def5352f8ecc98c6fd9 (commit) from 16b202d9999591b71fb8bb49f6db10ef96d4cbe8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 57e64d019d993fdeb4323def5352f8ecc98c6fd9 Author: Justus Winter Date: Mon Mar 20 16:53:29 2017 +0100 python: Fix version check. * lang/python/tests/support.py (assert_gpg_version): Cope with non-released versions. Fixes-commit: e1cf8bab319ba1dea41ba5d711dbb66ffd8e6fd6 Signed-off-by: Justus Winter diff --git a/lang/python/tests/support.py b/lang/python/tests/support.py index 8f9d645..611986b 100644 --- a/lang/python/tests/support.py +++ b/lang/python/tests/support.py @@ -22,13 +22,15 @@ import contextlib import shutil import sys import os +import re import tempfile import time import gpg def assert_gpg_version(version=(2, 1, 0)): with gpg.Context() as c: - if tuple(map(int, c.engine_info.version.split('.'))) < version: + clean_version = re.match(r'\d+\.\d+\.\d+', c.engine_info.version).group(0) + if tuple(map(int, clean_version.split('.'))) < version: print("GnuPG too old: have {0}, need {1}.".format( c.engine_info.version, '.'.join(version))) sys.exit(77) ----------------------------------------------------------------------- Summary of changes: lang/python/tests/support.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Mar 20 17:09:32 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Mon, 20 Mar 2017 17:09:32 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.8.0-106-g392e51d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 392e51dd1181d035c19918222da65d08fdb2ee6d (commit) from 57e64d019d993fdeb4323def5352f8ecc98c6fd9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 392e51dd1181d035c19918222da65d08fdb2ee6d Author: Justus Winter Date: Mon Mar 20 17:07:31 2017 +0100 tests: Fix distcheck. * tests/start-stop-agent: Do not create 'gpg-agent.conf' if it does not exist. Fixes-commit: 16b202d9999591b71fb8bb49f6db10ef96d4cbe8 Signed-off-by: Justus Winter diff --git a/tests/start-stop-agent b/tests/start-stop-agent index 457f70d..3ce6f22 100755 --- a/tests/start-stop-agent +++ b/tests/start-stop-agent @@ -42,7 +42,8 @@ echo "starting gpg-agent.." >&2 # loopback entry to work. Old versions do not understand this though, # so we need to be careful. if "$GPG_AGENT" --gpgconf-test --allow-loopback-pinentry && - ! grep -q allow-loopback-pinentry "$GNUPGHOME/gpg-agent.conf"; then + test -f "$GNUPGHOME/gpg-agent.conf" && + ! grep -q allow-loopback-pinentry "$GNUPGHOME/gpg-agent.conf"; then echo allow-loopback-pinentry >> "$GNUPGHOME/gpg-agent.conf" fi ----------------------------------------------------------------------- Summary of changes: tests/start-stop-agent | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Mar 20 20:11:39 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 20 Mar 2017 20:11:39 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.8.0-107-gea9686e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via ea9686ec71a2dd2225ce2b6d6d4038821d36205f (commit) from 392e51dd1181d035c19918222da65d08fdb2ee6d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ea9686ec71a2dd2225ce2b6d6d4038821d36205f Author: Werner Koch Date: Mon Mar 20 19:56:10 2017 +0100 core,cpp: New key flag 'is_de_vs'. * src/gpgme.h.in (_gpgme_subkey): New flag is_de_vs. * tests/run-keylist.c (main): Print that flag. * src/keylist.c (parse_pub_field18): New. (keylist_colon_handler): Parse compliance flags. * lang/cpp/src/key.cpp (Key::isDeVs): New. (Subkey::isDeVs): New. * lang/cpp/src/key.h (class Key): New method isDeVs. (class Subkey): New method isDeVs. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index a270af7..f2ab0bf 100644 --- a/NEWS +++ b/NEWS @@ -10,14 +10,17 @@ Noteworthy changes in version 1.8.1 (unreleased) gpgme_op_createkey CHANGED: Meaning of 'expire' parameter. gpgme_op_createsubkey CHANGED: Meaning of 'expire' parameter. GPGME_CREATE_NOEXPIRE NEW. + gpgme_subkey_t EXTENDED: New field is_de_vs. cpp: Context::revUid(const Key&, const char*) NEW. cpp: Context::startRevUid(const Key&, const char*) NEW. cpp: Context::addUid(const Key&, const char*) NEW. cpp: Context::startAddUid(const Key&, const char*) NEW. cpp: Key::UserID::revoke() NEW. cpp: Key::addUid() NEW. + cpp: Key::isDeVs NEW. cpp: GpgGenCardKeyInteractor NEW. cpp: Subkey::keyGrip NEW. + cpp: Subkey::isDeVs NEW. qt: CryptoConfig::stringValueList() NEW. gpgme_data_rewind UN-DEPRECATE. py: Context.__init__ EXTENDED: New keyword arg home_dir. diff --git a/doc/gpgme.texi b/doc/gpgme.texi index d32a124..337053f 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -3156,6 +3156,12 @@ This is true if the subkey can be used for authentication. This is true if the subkey can be used for qualified signatures according to local government regulations. + at item unsigned int is_de_vs : 1 +This is true if the subkey complies with the rules for classified +information in Germany at the restricted level (VS-NfD). This are +currently RSA keys of at least 2048 bits or ECDH/ECDSA keys using a +Brainpool curve. + @item unsigned int secret : 1 This is true if the subkey is a secret key. Note that it will be false if the key is actually a stub key; i.e. a secret key operation diff --git a/lang/cpp/src/key.cpp b/lang/cpp/src/key.cpp index 9eebbf0..31e59e1 100644 --- a/lang/cpp/src/key.cpp +++ b/lang/cpp/src/key.cpp @@ -234,6 +234,11 @@ bool Key::isQualified() const return key && key->is_qualified; } +bool Key::isDeVs() const +{ + return key && key->subkeys && key->subkeys->is_de_vs; +} + const char *Key::issuerSerial() const { return key ? key->issuer_serial : 0 ; @@ -469,6 +474,11 @@ bool Subkey::isQualified() const return subkey && subkey->is_qualified; } +bool Subkey::isDeVs() const +{ + return subkey && subkey->is_de_vs; +} + bool Subkey::isCardKey() const { return subkey && subkey->is_cardkey; diff --git a/lang/cpp/src/key.h b/lang/cpp/src/key.h index 8c11a9d..829bd26 100644 --- a/lang/cpp/src/key.h +++ b/lang/cpp/src/key.h @@ -112,6 +112,7 @@ public: bool canCertify() const; bool canAuthenticate() const; bool isQualified() const; + bool isDeVs() const; bool hasSecret() const; GPGMEPP_DEPRECATED bool isSecret() const @@ -219,6 +220,7 @@ public: bool canCertify() const; bool canAuthenticate() const; bool isQualified() const; + bool isDeVs() const; bool isCardKey() const; bool isSecret() const; diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 032a205..b660cb5 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -538,8 +538,11 @@ struct _gpgme_subkey /* True if the secret key is stored on a smart card. */ unsigned int is_cardkey : 1; + /* True if the key is compliant to the de-vs mode. */ + unsigned int is_de_vs : 1; + /* Internal to GPGME, do not use. */ - unsigned int _unused : 21; + unsigned int _unused : 20; /* Public key algorithm supported by this subkey. */ gpgme_pubkey_algo_t pubkey_algo; diff --git a/src/keylist.c b/src/keylist.c index 2ce0846..de9bbb2 100644 --- a/src/keylist.c +++ b/src/keylist.c @@ -416,6 +416,23 @@ parse_sec_field15 (gpgme_key_t key, gpgme_subkey_t subkey, char *field) } +/* Parse the compliance field. */ +static void +parse_pub_field18 (gpgme_subkey_t subkey, char *field) +{ + char *p, *endp; + unsigned long ul; + + for (p = field; p && (ul = strtoul (p, &endp, 10)) && p != endp; p = endp) + { + switch (ul) + { + case 23: subkey->is_de_vs = 1; break; + } + } +} + + /* Parse a tfs record. */ static gpg_error_t parse_tfs_record (gpgme_user_id_t uid, char **field, int nfield) @@ -535,7 +552,7 @@ keylist_colon_handler (void *priv, char *line) RT_SSB, RT_SEC, RT_CRT, RT_CRS, RT_REV, RT_SPK } rectype = RT_NONE; -#define NR_FIELDS 17 +#define NR_FIELDS 18 char *field[NR_FIELDS]; int fields = 0; void *hook; @@ -712,6 +729,10 @@ keylist_colon_handler (void *priv, char *line) return gpg_error_from_syserror (); } + /* Field 18 has the compliance flags. */ + if (fields >= 17 && *field[17]) + parse_pub_field18 (subkey, field[17]); + break; case RT_SUB: @@ -785,6 +806,10 @@ keylist_colon_handler (void *priv, char *line) return gpg_error_from_syserror (); } + /* Field 18 has the compliance flags. */ + if (fields >= 17 && *field[17]) + parse_pub_field18 (subkey, field[17]); + break; case RT_UID: diff --git a/tests/run-keylist.c b/tests/run-keylist.c index 93fbeb5..fd9c7c2 100644 --- a/tests/run-keylist.c +++ b/tests/run-keylist.c @@ -223,13 +223,14 @@ main (int argc, char **argv) key->can_sign? "s":"", key->can_certify? "c":"", key->can_authenticate? "a":""); - printf ("flags :%s%s%s%s%s%s%s\n", + printf ("flags :%s%s%s%s%s%s%s%s\n", key->secret? " secret":"", key->revoked? " revoked":"", key->expired? " expired":"", key->disabled? " disabled":"", key->invalid? " invalid":"", - key->is_qualified? " qualifid":"", + key->is_qualified? " qualified":"", + key->subkeys && key->subkeys->is_de_vs? " de-vs":"", key->subkeys && key->subkeys->is_cardkey? " cardkey":""); subkey = key->subkeys; @@ -248,14 +249,15 @@ main (int argc, char **argv) subkey->can_sign? "s":"", subkey->can_certify? "c":"", subkey->can_authenticate? "a":""); - printf ("flags %2d:%s%s%s%s%s%s%s\n", + printf ("flags %2d:%s%s%s%s%s%s%s%s\n", nsub, subkey->secret? " secret":"", subkey->revoked? " revoked":"", subkey->expired? " expired":"", subkey->disabled? " disabled":"", subkey->invalid? " invalid":"", - subkey->is_qualified? " qualifid":"", + subkey->is_qualified? " qualified":"", + subkey->is_de_vs? " de-vs":"", subkey->is_cardkey? " cardkey":""); } for (nuids=0, uid=key->uids; uid; uid = uid->next, nuids++) ----------------------------------------------------------------------- Summary of changes: NEWS | 3 +++ doc/gpgme.texi | 6 ++++++ lang/cpp/src/key.cpp | 10 ++++++++++ lang/cpp/src/key.h | 2 ++ src/gpgme.h.in | 5 ++++- src/keylist.c | 27 ++++++++++++++++++++++++++- tests/run-keylist.c | 10 ++++++---- 7 files changed, 57 insertions(+), 6 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 21 09:53:51 2017 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Tue, 21 Mar 2017 09:53:51 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.8.0-108-g35023f3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 35023f313622fb1b34108dd934e84831c58b81aa (commit) from ea9686ec71a2dd2225ce2b6d6d4038821d36205f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 35023f313622fb1b34108dd934e84831c58b81aa Author: Andre Heinecke Date: Tue Mar 21 09:38:11 2017 +0100 core: New public API gpgme_op_keylist_from_data_start. * src/gpgme.h.in: New API gpgme_op_keylist_from_data_start. * src/libgpgme.vers, src/gpgme.def: Add it. * src/keylist.c (gpgme_op_keylist_from_data_start): New. * src/engine-backend.h (engine_ops): Add field 'keylist_data'. Change all engines to pass NULL for it. * src/engine.c (_gpgme_engine_op_keylist_data): New. * src/engine-gpg.c (gpg_keylist_data): New. (_gpgme_engine_ops_gpg): Register gpg_keylist_data. * tests/run-keylist.c (main): New option --from-file. -- Co-authored-by: Werner Koch GnuPG-bug-id: 2819 diff --git a/NEWS b/NEWS index f2ab0bf..cf02fc2 100644 --- a/NEWS +++ b/NEWS @@ -11,6 +11,8 @@ Noteworthy changes in version 1.8.1 (unreleased) gpgme_op_createsubkey CHANGED: Meaning of 'expire' parameter. GPGME_CREATE_NOEXPIRE NEW. gpgme_subkey_t EXTENDED: New field is_de_vs. + gpgme_op_keylist_from_data_start NEW. + gpgme_data_rewind UN-DEPRECATE. cpp: Context::revUid(const Key&, const char*) NEW. cpp: Context::startRevUid(const Key&, const char*) NEW. cpp: Context::addUid(const Key&, const char*) NEW. @@ -22,7 +24,6 @@ Noteworthy changes in version 1.8.1 (unreleased) cpp: Subkey::keyGrip NEW. cpp: Subkey::isDeVs NEW. qt: CryptoConfig::stringValueList() NEW. - gpgme_data_rewind UN-DEPRECATE. py: Context.__init__ EXTENDED: New keyword arg home_dir. py: Context.home_dir NEW. py: Context.keylist EXTENDED: New keyword arg mode. diff --git a/doc/gpgme.texi b/doc/gpgme.texi index 337053f..edcbb98 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -3342,6 +3342,7 @@ This is a linked list with the notation data and policy URLs. @cindex key ring, search @deftypefun gpgme_error_t gpgme_op_keylist_start (@w{gpgme_ctx_t @var{ctx}}, @w{const char *@var{pattern}}, @w{int @var{secret_only}}) + The function @code{gpgme_op_keylist_start} initiates a key listing operation inside the context @var{ctx}. It sets everything up so that subsequent invocations of @code{gpgme_op_keylist_next} return the keys @@ -3369,6 +3370,7 @@ are reported by the crypto engine support routines. @end deftypefun @deftypefun gpgme_error_t gpgme_op_keylist_ext_start (@w{gpgme_ctx_t @var{ctx}}, @w{const char *@var{pattern}[]}, @w{int @var{secret_only}}, @w{int @var{reserved}}) + The function @code{gpgme_op_keylist_ext_start} initiates an extended key listing operation inside the context @var{ctx}. It sets everything up so that subsequent invocations of @@ -3399,7 +3401,36 @@ The function returns the error code @code{GPG_ERR_INV_VALUE} if are reported by the crypto engine support routines. @end deftypefun + at deftypefun gpgme_error_t gpgme_op_keylist_from_data @ + (@w{gpgme_ctx_t @var{ctx}}, @ + @w{gpgme_data_t @var{data}}, @ + @w{int @var{reserved}}) + +The function @code{gpgme_op_keylist_from_data_start} initiates a key +listing operation inside the context @var{ctx}. In contrast to the +other key listing operation the keys are read from the supplied + at var{data} and not from the local key database. The keys are also not +imported into the local ley database. The function sets everything up +so that subsequent invocations of @code{gpgme_op_keylist_next} return +the keys from @var{data}. + +The value of @var{reserved} must be @code{0}. + +This function requires at least GnuPG version 2.1.14 and currently +works only with OpenPGP keys. + +The context will be busy until either all keys are received (and + at code{gpgme_op_keylist_next} returns @code{GPG_ERR_EOF}), or + at code{gpgme_op_keylist_end} is called to finish the operation. +While the context is busy @var{data} may not be released. + +The function returns the error code @code{GPG_ERR_INV_VALUE} if + at var{ctx} is not a valid pointer, and passes through any errors that +are reported by the crypto engine support routines. + at end deftypefun + @deftypefun gpgme_error_t gpgme_op_keylist_next (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_key_t *@var{r_key}}) + The function @code{gpgme_op_keylist_next} returns the next key in the list created by a previous @code{gpgme_op_keylist_start} operation in the context @var{ctx}. The key will have one reference for the user. @@ -3417,6 +3448,7 @@ The function returns the error code @code{GPG_ERR_INV_VALUE} if @end deftypefun @deftypefun gpgme_error_t gpgme_op_keylist_end (@w{gpgme_ctx_t @var{ctx}}) + The function @code{gpgme_op_keylist_end} ends a pending key list operation in the context @var{ctx}. @@ -3431,7 +3463,7 @@ time during the operation there was not enough memory available. The following example illustrates how all keys containing a certain string (@code{g10code}) can be listed with their key ID and the name -and e-mail address of the main user ID: +and email address of the main user ID: @example gpgme_ctx_t ctx; diff --git a/src/engine-assuan.c b/src/engine-assuan.c index 78efb4c..4beb41d 100644 --- a/src/engine-assuan.c +++ b/src/engine-assuan.c @@ -787,6 +787,7 @@ struct engine_ops _gpgme_engine_ops_assuan = NULL, /* import */ NULL, /* keylist */ NULL, /* keylist_ext */ + NULL, /* keylist_data */ NULL, /* keysign */ NULL, /* tofu_policy */ NULL, /* sign */ diff --git a/src/engine-backend.h b/src/engine-backend.h index a8457af..635acb0 100644 --- a/src/engine-backend.h +++ b/src/engine-backend.h @@ -100,6 +100,7 @@ struct engine_ops int secret_only, int reserved, gpgme_keylist_mode_t mode, int engine_flags); + gpgme_error_t (*keylist_data) (void *engine, gpgme_data_t data); gpgme_error_t (*keysign) (void *engine, gpgme_key_t key, const char *userid, unsigned long expires, unsigned int flags, diff --git a/src/engine-g13.c b/src/engine-g13.c index bb06d35..593177c 100644 --- a/src/engine-g13.c +++ b/src/engine-g13.c @@ -802,6 +802,7 @@ struct engine_ops _gpgme_engine_ops_g13 = NULL, /* import */ NULL, /* keylist */ NULL, /* keylist_ext */ + NULL, /* keylist_data */ NULL, /* keysign */ NULL, /* tofu_policy */ NULL, /* sign */ diff --git a/src/engine-gpg.c b/src/engine-gpg.c index 59cf405..4b87a8a 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -2731,6 +2731,38 @@ gpg_keylist_ext (void *engine, const char *pattern[], int secret_only, static gpgme_error_t +gpg_keylist_data (void *engine, gpgme_data_t data) +{ + engine_gpg_t gpg = engine; + gpgme_error_t err; + + if (!have_gpg_version (gpg, "2.1.14")) + return gpg_error (GPG_ERR_NOT_SUPPORTED); + + err = add_arg (gpg, "--with-colons"); + if (!err) + err = add_arg (gpg, "--with-fingerprint"); + if (!err) + err = add_arg (gpg, "--import-options"); + if (!err) + err = add_arg (gpg, "import-show"); + if (!err) + err = add_arg (gpg, "--dry-run"); + if (!err) + err = add_arg (gpg, "--import"); + if (!err) + err = add_arg (gpg, "--"); + if (!err) + err = add_data (gpg, data, -1, 0); + + if (!err) + err = start (gpg); + + return err; +} + + +static gpgme_error_t gpg_keysign (void *engine, gpgme_key_t key, const char *userid, unsigned long expire, unsigned int flags, gpgme_ctx_t ctx) @@ -3013,6 +3045,7 @@ struct engine_ops _gpgme_engine_ops_gpg = gpg_import, gpg_keylist, gpg_keylist_ext, + gpg_keylist_data, gpg_keysign, gpg_tofu_policy, /* tofu_policy */ gpg_sign, diff --git a/src/engine-gpgconf.c b/src/engine-gpgconf.c index 3e46310..4891977 100644 --- a/src/engine-gpgconf.c +++ b/src/engine-gpgconf.c @@ -1244,6 +1244,7 @@ struct engine_ops _gpgme_engine_ops_gpgconf = NULL, /* import */ NULL, /* keylist */ NULL, /* keylist_ext */ + NULL, /* keylist_data */ NULL, /* keysign */ NULL, /* tofu_policy */ NULL, /* sign */ diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c index d5d2901..7652363 100644 --- a/src/engine-gpgsm.c +++ b/src/engine-gpgsm.c @@ -2106,6 +2106,7 @@ struct engine_ops _gpgme_engine_ops_gpgsm = gpgsm_import, gpgsm_keylist, gpgsm_keylist_ext, + NULL, /* keylist_data */ NULL, /* keysign */ NULL, /* tofu_policy */ gpgsm_sign, diff --git a/src/engine-spawn.c b/src/engine-spawn.c index 1cd4421..fa406d4 100644 --- a/src/engine-spawn.c +++ b/src/engine-spawn.c @@ -460,6 +460,7 @@ struct engine_ops _gpgme_engine_ops_spawn = NULL, /* import */ NULL, /* keylist */ NULL, /* keylist_ext */ + NULL, /* keylist_data */ NULL, /* keysign */ NULL, /* tofu_policy */ NULL, /* sign */ diff --git a/src/engine-uiserver.c b/src/engine-uiserver.c index ff5227e..12efd27 100644 --- a/src/engine-uiserver.c +++ b/src/engine-uiserver.c @@ -1394,6 +1394,7 @@ struct engine_ops _gpgme_engine_ops_uiserver = NULL, /* import */ NULL, /* keylist */ NULL, /* keylist_ext */ + NULL, /* keylist_data */ NULL, /* keysign */ NULL, /* tofu_policy */ uiserver_sign, diff --git a/src/engine.c b/src/engine.c index 75d9ff7..a918a50 100644 --- a/src/engine.c +++ b/src/engine.c @@ -876,6 +876,19 @@ _gpgme_engine_op_keylist_ext (engine_t engine, const char *pattern[], gpgme_error_t +_gpgme_engine_op_keylist_data (engine_t engine, gpgme_data_t data) +{ + if (!engine) + return gpg_error (GPG_ERR_INV_VALUE); + + if (!engine->ops->keylist_data) + return gpg_error (GPG_ERR_NOT_IMPLEMENTED); + + return (*engine->ops->keylist_data) (engine->engine, data); +} + + +gpgme_error_t _gpgme_engine_op_sign (engine_t engine, gpgme_data_t in, gpgme_data_t out, gpgme_sig_mode_t mode, int use_armor, int use_textmode, int include_certs, diff --git a/src/engine.h b/src/engine.h index 29d2f25..f456812 100644 --- a/src/engine.h +++ b/src/engine.h @@ -148,6 +148,8 @@ gpgme_error_t _gpgme_engine_op_keylist_ext (engine_t engine, int reserved, gpgme_keylist_mode_t mode, int engine_flags); +gpgme_error_t _gpgme_engine_op_keylist_data (engine_t engine, + gpgme_data_t data); gpgme_error_t _gpgme_engine_op_sign (engine_t engine, gpgme_data_t in, gpgme_data_t out, gpgme_sig_mode_t mode, int use_armor, int use_textmode, diff --git a/src/gpgme.def b/src/gpgme.def index 0d3ce74..ddd57d3 100644 --- a/src/gpgme.def +++ b/src/gpgme.def @@ -177,8 +177,8 @@ EXPORTS gpgme_io_read @136 gpgme_io_write @137 - gpgme_result_ref @138 - gpgme_result_unref @139 + gpgme_result_ref @138 + gpgme_result_unref @139 gpgme_op_import_keys @140 gpgme_op_import_keys_start @141 @@ -253,5 +253,8 @@ EXPORTS gpgme_op_query_swdb_result @190 gpgme_get_ctx_flag @191 + + gpgme_op_keylist_from_data_start @192 + ; END diff --git a/src/gpgme.h.in b/src/gpgme.h.in index b660cb5..2cf096b 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -1817,20 +1817,31 @@ typedef struct _gpgme_op_keylist_result *gpgme_keylist_result_t; gpgme_keylist_result_t gpgme_op_keylist_result (gpgme_ctx_t ctx); /* Start a keylist operation within CTX, searching for keys which - match PATTERN. If SECRET_ONLY is true, only secret keys are - returned. */ + * match PATTERN. If SECRET_ONLY is true, only secret keys are + * returned. */ gpgme_error_t gpgme_op_keylist_start (gpgme_ctx_t ctx, const char *pattern, int secret_only); gpgme_error_t gpgme_op_keylist_ext_start (gpgme_ctx_t ctx, const char *pattern[], int secret_only, int reserved); +/* List the keys contained in DATA. */ +gpgme_error_t gpgme_op_keylist_from_data_start (gpgme_ctx_t ctx, + gpgme_data_t data, + int reserved); + /* Return the next key from the keylist in R_KEY. */ gpgme_error_t gpgme_op_keylist_next (gpgme_ctx_t ctx, gpgme_key_t *r_key); /* Terminate a pending keylist operation within CTX. */ gpgme_error_t gpgme_op_keylist_end (gpgme_ctx_t ctx); + + +/* + * Protecting keys + */ + /* Change the passphrase for KEY. FLAGS is reserved for future use and must be passed as 0. */ gpgme_error_t gpgme_op_passwd_start (gpgme_ctx_t ctx, gpgme_key_t key, diff --git a/src/keylist.c b/src/keylist.c index de9bbb2..c88a7ca 100644 --- a/src/keylist.c +++ b/src/keylist.c @@ -1142,6 +1142,42 @@ gpgme_op_keylist_ext_start (gpgme_ctx_t ctx, const char *pattern[], } +/* Start a keylist operation within CTX to show keys contained + * in DATA. */ +gpgme_error_t +gpgme_op_keylist_from_data_start (gpgme_ctx_t ctx, gpgme_data_t data, + int reserved) +{ + gpgme_error_t err; + void *hook; + op_data_t opd; + + TRACE_BEG (DEBUG_CTX, "gpgme_op_keylist_from_data_start", ctx); + + if (!ctx || !data || reserved) + return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); + + err = _gpgme_op_reset (ctx, 2); + if (err) + return TRACE_ERR (err); + + err = _gpgme_op_data_lookup (ctx, OPDATA_KEYLIST, &hook, + sizeof (*opd), release_op_data); + opd = hook; + if (err) + return TRACE_ERR (err); + + _gpgme_engine_set_status_handler (ctx->engine, keylist_status_handler, ctx); + err = _gpgme_engine_set_colon_line_handler (ctx->engine, + keylist_colon_handler, ctx); + if (err) + return TRACE_ERR (err); + + err = _gpgme_engine_op_keylist_data (ctx->engine, data); + return TRACE_ERR (err); +} + + /* Return the next key from the keylist in R_KEY. */ gpgme_error_t gpgme_op_keylist_next (gpgme_ctx_t ctx, gpgme_key_t *r_key) diff --git a/src/libgpgme.vers b/src/libgpgme.vers index a55cd10..9344a75 100644 --- a/src/libgpgme.vers +++ b/src/libgpgme.vers @@ -223,6 +223,7 @@ GPGME_1.0 { gpgme_op_import_start; gpgme_op_keylist_end; gpgme_op_keylist_ext_start; + gpgme_op_keylist_from_data_start; gpgme_op_keylist_next; gpgme_op_keylist_result; gpgme_op_keylist_start; diff --git a/tests/run-keylist.c b/tests/run-keylist.c index fd9c7c2..aab4bb6 100644 --- a/tests/run-keylist.c +++ b/tests/run-keylist.c @@ -41,7 +41,7 @@ static int verbose; static int show_usage (int ex) { - fputs ("usage: " PGM " [options] [USERID]\n\n" + fputs ("usage: " PGM " [options] [USERID_or_FILE]\n\n" "Options:\n" " --verbose run in verbose mode\n" " --openpgp use the OpenPGP protocol (default)\n" @@ -56,6 +56,7 @@ show_usage (int ex) " --validate use GPGME_KEYLIST_MODE_VALIDATE\n" " --import import all keys\n" " --offline use offline mode\n" + " --from-file list all keys in the given file\n" " --require-gnupg required at least the given GnuPG version\n" , stderr); exit (ex); @@ -98,6 +99,9 @@ main (int argc, char **argv) gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP; int only_secret = 0; int offline = 0; + int from_file = 0; + gpgme_data_t data = NULL; + if (argc) { argc--; argv++; } @@ -177,6 +181,11 @@ main (int argc, char **argv) offline = 1; argc--; argv++; } + else if (!strcmp (*argv, "--from-file")) + { + from_file = 1; + argc--; argv++; + } else if (!strcmp (*argv, "--require-gnupg")) { argc--; argv++; @@ -191,6 +200,8 @@ main (int argc, char **argv) if (argc > 1) show_usage (1); + else if (from_file && !argc) + show_usage (1); init_gpgme (protocol); @@ -202,7 +213,15 @@ main (int argc, char **argv) gpgme_set_offline (ctx, offline); - err = gpgme_op_keylist_start (ctx, argc? argv[0]:NULL, only_secret); + if (from_file) + { + err = gpgme_data_new_from_file (&data, *argv, 1); + fail_if_err (err); + + err = gpgme_op_keylist_from_data_start (ctx, data, 0); + } + else + err = gpgme_op_keylist_start (ctx, argc? argv[0]:NULL, only_secret); fail_if_err (err); while (!(err = gpgme_op_keylist_next (ctx, &key))) @@ -322,6 +341,7 @@ main (int argc, char **argv) err = gpgme_op_keylist_end (ctx); fail_if_err (err); keyarray[keyidx] = NULL; + gpgme_data_release (data); result = gpgme_op_keylist_result (ctx); if (result->truncated) ----------------------------------------------------------------------- Summary of changes: NEWS | 3 ++- doc/gpgme.texi | 34 +++++++++++++++++++++++++++++++++- src/engine-assuan.c | 1 + src/engine-backend.h | 1 + src/engine-g13.c | 1 + src/engine-gpg.c | 33 +++++++++++++++++++++++++++++++++ src/engine-gpgconf.c | 1 + src/engine-gpgsm.c | 1 + src/engine-spawn.c | 1 + src/engine-uiserver.c | 1 + src/engine.c | 13 +++++++++++++ src/engine.h | 2 ++ src/gpgme.def | 7 +++++-- src/gpgme.h.in | 15 +++++++++++++-- src/keylist.c | 36 ++++++++++++++++++++++++++++++++++++ src/libgpgme.vers | 1 + tests/run-keylist.c | 24 ++++++++++++++++++++++-- 17 files changed, 167 insertions(+), 8 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 21 10:49:26 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 21 Mar 2017 10:49:26 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.8.0-109-gfab8b1a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via fab8b1a166fff7265d8a7a7acbbf5f30d26cc93c (commit) from 35023f313622fb1b34108dd934e84831c58b81aa (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fab8b1a166fff7265d8a7a7acbbf5f30d26cc93c Author: Werner Koch Date: Tue Mar 21 10:39:33 2017 +0100 core: New encryption flag GPGME_ENCRYPT_THROW_KEYIDS. * src/gpgme.h.in (GPGME_ENCRYPT_THROW_KEYIDS): New flag. * src/engine-gpg.c (gpg_encrypt): Implement flag (gpg_encrypt_sign): Implement flag. * tests/run-encrypt.c (main): New option --throw-keyids. -- It would be nice to also selectively hide recipients (that is gpg --hidden-recipient) but our API does not ye allow this because it is based on key objects. A possible way to implement that would be a API to set processing flags into a key but this is complicated due to the reference counting and thus the possibility that a key object is used by different context. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index cf02fc2..7ad1188 100644 --- a/NEWS +++ b/NEWS @@ -12,7 +12,8 @@ Noteworthy changes in version 1.8.1 (unreleased) GPGME_CREATE_NOEXPIRE NEW. gpgme_subkey_t EXTENDED: New field is_de_vs. gpgme_op_keylist_from_data_start NEW. - gpgme_data_rewind UN-DEPRECATE. + GPGME_ENCRYPT_THROW_KEYIDS NEW. + gpgme_data_rewind UN-DEPRECATE cpp: Context::revUid(const Key&, const char*) NEW. cpp: Context::startRevUid(const Key&, const char*) NEW. cpp: Context::addUid(const Key&, const char*) NEW. diff --git a/doc/gpgme.texi b/doc/gpgme.texi index edcbb98..a4ab5c4 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -5565,10 +5565,17 @@ also expect a sign command. @item GPGME_ENCRYPT_SYMMETRIC The @code{GPGME_ENCRYPT_SYMMETRIC} symbol specifies that the -output should be additionally encrypted symmetically even +output should be additionally encrypted symmetrically even if recipients are provided. This feature is only supported for for the OpenPGP crypto engine. + at item GPGME_ENCRYPT_THROW_KEYIDS +The @code{GPGME_ENCRYPT_THROW_KEYIDS} symbols requests that the +identifiers for the decrption keys are not included in the ciphertext. +On the receiving side, the use of this flag may slow down the +decryption process because all available secret keys must be tried. +This flag is only honored for OpenPGP encryption. + @end table If @code{GPG_ERR_UNUSABLE_PUBKEY} is returned, some recipients in diff --git a/src/engine-gpg.c b/src/engine-gpg.c index 4b87a8a..6024529 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -1860,6 +1860,9 @@ gpg_encrypt (void *engine, gpgme_key_t recp[], gpgme_encrypt_flags_t flags, if (!err && (flags & GPGME_ENCRYPT_NO_COMPRESS)) err = add_arg (gpg, "--compress-algo=none"); + if (!err && (flags & GPGME_ENCRYPT_THROW_KEYIDS)) + err = add_arg (gpg, "--throw-keyids"); + if (gpgme_data_get_encoding (plain) == GPGME_DATA_ENCODING_MIME && have_gpg_version (gpg, "2.1.14")) err = add_arg (gpg, "--mimemode"); @@ -1929,6 +1932,9 @@ gpg_encrypt_sign (void *engine, gpgme_key_t recp[], if (!err && (flags & GPGME_ENCRYPT_NO_COMPRESS)) err = add_arg (gpg, "--compress-algo=none"); + if (!err && (flags & GPGME_ENCRYPT_THROW_KEYIDS)) + err = add_arg (gpg, "--throw-keyids"); + if (gpgme_data_get_encoding (plain) == GPGME_DATA_ENCODING_MIME && have_gpg_version (gpg, "2.1.14")) err = add_arg (gpg, "--mimemode"); diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 2cf096b..16191eb 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -1237,7 +1237,8 @@ typedef enum GPGME_ENCRYPT_PREPARE = 4, GPGME_ENCRYPT_EXPECT_SIGN = 8, GPGME_ENCRYPT_NO_COMPRESS = 16, - GPGME_ENCRYPT_SYMMETRIC = 32 + GPGME_ENCRYPT_SYMMETRIC = 32, + GPGME_ENCRYPT_THROW_KEYIDS = 64 } gpgme_encrypt_flags_t; diff --git a/tests/run-encrypt.c b/tests/run-encrypt.c index fd86836..c148e93 100644 --- a/tests/run-encrypt.c +++ b/tests/run-encrypt.c @@ -88,6 +88,7 @@ show_usage (int ex) " --uiserver use the UI server\n" " --loopback use a loopback pinentry\n" " --key NAME encrypt to key NAME\n" + " --throw-keyids use this option\n" " --symmetric encrypt symmetric (OpenPGP only)\n" , stderr); exit (ex); @@ -170,6 +171,11 @@ main (int argc, char **argv) keyargs[keycount++] = *argv; argc--; argv++; } + else if (!strcmp (*argv, "--throw-keyids")) + { + flags |= GPGME_ENCRYPT_THROW_KEYIDS; + argc--; argv++; + } else if (!strcmp (*argv, "--loopback")) { use_loopback = 1; ----------------------------------------------------------------------- Summary of changes: NEWS | 3 ++- doc/gpgme.texi | 9 ++++++++- src/engine-gpg.c | 6 ++++++ src/gpgme.h.in | 3 ++- tests/run-encrypt.c | 6 ++++++ 5 files changed, 24 insertions(+), 3 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 21 11:19:39 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 21 Mar 2017 11:19:39 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.8.0-110-g55ac5ee Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 55ac5eed9f59081283d34098a9e0ada753d61d59 (commit) from fab8b1a166fff7265d8a7a7acbbf5f30d26cc93c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 55ac5eed9f59081283d34098a9e0ada753d61d59 Author: Werner Koch Date: Tue Mar 21 11:16:16 2017 +0100 core: Extend gpgme_get_dirinfo to return the gpg-wks-client name. * src/dirinfo.c (WANT_GPG_WKS_CLIENT_NAME): New const. (struct dirinfo): New field 'gpg_wks_client_name'. (get_gpgconf_item): Build it on demand. (gpgme_get_dirinfo): New value "gpg-wks-client-name" for WHAT. Signed-off-by: Werner Koch diff --git a/doc/gpgme.texi b/doc/gpgme.texi index a4ab5c4..9846299 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -979,6 +979,9 @@ Return the file name of the CMS engine. @item g13-name Return the name of the file container encryption engine. + at item gpg-wks-client-name +Return the name of the Web Key Service tool. + @end table @end deftypefun diff --git a/src/dirinfo.c b/src/dirinfo.c index a0cbc03..7374412 100644 --- a/src/dirinfo.c +++ b/src/dirinfo.c @@ -51,6 +51,7 @@ enum WANT_GPG_NAME, WANT_GPGSM_NAME, WANT_G13_NAME, + WANT_GPG_WKS_CLIENT_NAME, WANT_GPG_ONE_MODE }; @@ -73,6 +74,7 @@ static struct { char *gpg_name; char *gpgsm_name; char *g13_name; + char *gpg_wks_client_name; int gpg_one_mode; /* System is in gpg1 mode. */ } dirinfo; @@ -333,6 +335,14 @@ get_gpgconf_item (int what) case WANT_G13_NAME: result = dirinfo.g13_name; break; case WANT_UISRV_SOCKET: result = dirinfo.uisrv_socket; break; case WANT_GPG_ONE_MODE: result = dirinfo.gpg_one_mode? "1":NULL; break; + case WANT_GPG_WKS_CLIENT_NAME: + if (!dirinfo.gpg_wks_client_name && dirinfo.libexecdir) + dirinfo.gpg_wks_client_name = _gpgme_strconcat (dirinfo.libexecdir, + "/", + "gpg-wks-client", + NULL); + result = dirinfo.gpg_wks_client_name; + break; } UNLOCK (dirinfo_lock); return result; @@ -438,6 +448,8 @@ gpgme_get_dirinfo (const char *what) return get_gpgconf_item (WANT_GPGSM_NAME); else if (!strcmp (what, "g13-name")) return get_gpgconf_item (WANT_G13_NAME); + else if (!strcmp (what, "gpg-wks-client-name")) + return get_gpgconf_item (WANT_GPG_WKS_CLIENT_NAME); else if (!strcmp (what, "agent-ssh-socket")) return get_gpgconf_item (WANT_AGENT_SSH_SOCKET); else if (!strcmp (what, "dirmngr-socket")) diff --git a/tests/t-engine-info.c b/tests/t-engine-info.c index 8f617f9..43257eb 100644 --- a/tests/t-engine-info.c +++ b/tests/t-engine-info.c @@ -125,7 +125,9 @@ main (int argc, char **argv ) "gpgconf-name", "gpg-name", "gpgsm-name", - "g13-name", NULL }; + "g13-name", + "gpg-wks-client-name", + NULL }; const char *s; int i; ----------------------------------------------------------------------- Summary of changes: doc/gpgme.texi | 3 +++ src/dirinfo.c | 12 ++++++++++++ tests/t-engine-info.c | 4 +++- 3 files changed, 18 insertions(+), 1 deletion(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 21 12:56:33 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 21 Mar 2017 12:56:33 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.8.0-111-gf3e8d8a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via f3e8d8a4518de2768692e0b392262d0da6d0fd84 (commit) from 55ac5eed9f59081283d34098a9e0ada753d61d59 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f3e8d8a4518de2768692e0b392262d0da6d0fd84 Author: Justus Winter Date: Tue Mar 21 12:32:31 2017 +0100 python: Wrap 'gpgme_op_keylist_from_data_start'. * NEWS: Update. * lang/python/gpg/core.py (Context.keylist): New keyword argument 'source'. If given, list keys from 'source'. * lang/python/gpgme.i: Wrap the argument to 'gpgme_op_keylist_from_data_start'. * lang/python/tests/Makefile.am (py_tests): Add new test. * lang/python/tests/support.py (EphemeralContext): Do not throw an error if no agent has been started in the context. * lang/python/tests/t-keylist-from-data.py: New file. Signed-off-by: Justus Winter diff --git a/NEWS b/NEWS index 7ad1188..16e1550 100644 --- a/NEWS +++ b/NEWS @@ -28,6 +28,7 @@ Noteworthy changes in version 1.8.1 (unreleased) py: Context.__init__ EXTENDED: New keyword arg home_dir. py: Context.home_dir NEW. py: Context.keylist EXTENDED: New keyword arg mode. + py: Context.keylist EXTENDED: New keyword arg source. py: Context.create_key NEW. py: Context.create_subkey NEW. py: Context.key_add_uid NEW. diff --git a/lang/python/gpg/core.py b/lang/python/gpg/core.py index fe0ba81..632f4ca 100644 --- a/lang/python/gpg/core.py +++ b/lang/python/gpg/core.py @@ -484,13 +484,16 @@ class Context(GpgmeWrapper): return plainbytes, result def keylist(self, pattern=None, secret=False, - mode=constants.keylist.mode.LOCAL): + mode=constants.keylist.mode.LOCAL, + source=None): """List keys Keyword arguments: pattern -- return keys matching pattern (default: all keys) secret -- return only secret keys (default: False) mode -- keylist mode (default: list local keys) + source -- read keys from source instead from the keyring + (all other options are ignored in this case) Returns: -- an iterator returning key objects @@ -498,8 +501,22 @@ class Context(GpgmeWrapper): Raises: GPGMEError -- as signaled by the underlying library """ - self.set_keylist_mode(mode) - return self.op_keylist_all(pattern, secret) + if not source: + self.set_keylist_mode(mode) + self.op_keylist_start(pattern, secret) + else: + # Automatic wrapping of SOURCE is not possible here, + # because the object must not be deallocated until the + # iteration over the results ends. + if not isinstance(source, Data): + source = Data(file=source) + self.op_keylist_from_data_start(source, 0) + + key = self.op_keylist_next() + while key: + yield key + key = self.op_keylist_next() + self.op_keylist_end() def create_key(self, userid, algorithm=None, expires_in=0, expires=True, sign=False, encrypt=False, certify=False, authenticate=False, diff --git a/lang/python/gpgme.i b/lang/python/gpgme.i index fa9caf6..610b3d9 100644 --- a/lang/python/gpgme.i +++ b/lang/python/gpgme.i @@ -294,7 +294,7 @@ gpgme_data_t sig, gpgme_data_t signed_text, gpgme_data_t plaintext, gpgme_data_t keydata, gpgme_data_t pubkey, gpgme_data_t seckey, - gpgme_data_t out}; + gpgme_data_t out, gpgme_data_t data}; /* SWIG has problems interpreting ssize_t, off_t or gpgme_error_t in gpgme.h. */ diff --git a/lang/python/tests/Makefile.am b/lang/python/tests/Makefile.am index a935222..9c19a13 100644 --- a/lang/python/tests/Makefile.am +++ b/lang/python/tests/Makefile.am @@ -46,6 +46,7 @@ py_tests = t-wrapper.py \ t-trustlist.py \ t-edit.py \ t-keylist.py \ + t-keylist-from-data.py \ t-wait.py \ t-encrypt-large.py \ t-file-name.py \ diff --git a/lang/python/tests/support.py b/lang/python/tests/support.py index 611986b..680300c 100644 --- a/lang/python/tests/support.py +++ b/lang/python/tests/support.py @@ -109,7 +109,13 @@ def EphemeralContext(): agent_socket = os.path.join(tmp, "S.gpg-agent") ctx.protocol = gpg.constants.protocol.ASSUAN ctx.set_engine_info(ctx.protocol, file_name=agent_socket) - ctx.assuan_transact(["KILLAGENT"]) + try: + ctx.assuan_transact(["KILLAGENT"]) + except gpg.errors.GPGMEError as e: + if e.getcode() == gpg.errors.ASS_CONNECT_FAILED: + pass # the agent was not running + else: + raise # Block until it is really gone. while os.path.exists(agent_socket): diff --git a/lang/python/tests/t-keylist-from-data.py b/lang/python/tests/t-keylist-from-data.py new file mode 100755 index 0000000..6a26267 --- /dev/null +++ b/lang/python/tests/t-keylist-from-data.py @@ -0,0 +1,213 @@ +#!/usr/bin/env python + +# Copyright (C) 2016 g10 Code GmbH +# +# This file is part of GPGME. +# +# GPGME is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# GPGME is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General +# Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this program; if not, see . + +from __future__ import absolute_import, print_function, unicode_literals +del absolute_import, print_function, unicode_literals + +import os +import sys +import gpg +import support + +support.assert_gpg_version((2, 1, 14)) + +# Check expration of keys. This test assumes three subkeys of which +# 2 are expired; it is used with the "Whisky" test key. It has +# already been checked that these 3 subkeys are available. +def check_whisky(name, key): + sub1 = key.subkeys[2] + sub2 = key.subkeys[3] + + assert sub1.expired and sub2.expired, \ + "Subkey of `{}' not flagged as expired".format(name) + assert sub1.expires == 1129636886 and sub2.expires == 1129636939, \ + "Subkey of `{}' has wrong expiration date".format(name) + +keys = [ + [ "A0FF4590BB6122EDEF6E3C542D727CC768697734", "6AE6D7EE46A871F8", + [ [ "Alfa Test", "demo key", "alfa at example.net" ], + [ "Alpha Test", "demo key", "alpha at example.net" ], + [ "Alice", "demo key", "" ] ], 1 ], + [ "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2", "5381EA4EE29BA37F", + [ [ "Bob", "demo key", "" ], + [ "Bravo Test", "demo key", "bravo at example.net" ] ], 1 ], + [ "61EE841A2A27EB983B3B3C26413F4AF31AFDAB6C", "E71E72ACBC43DA60", + [ [ "Charlie Test", "demo key", "charlie at example.net" ] ], 1 ], + [ "6560C59C43D031C54D7C588EEBA9F240EB9DC9E6", "06F22880B0C45424", + [ [ "Delta Test", "demo key", "delta at example.net" ] ], 1 ], + [ "3531152DE293E26A07F504BC318C1FAEFAEF6D1B", "B5C79E1A7272144D", + [ [ "Echelon", "demo key", "" ], + [ "Echo Test", "demo key", "echo at example.net" ], + [ "Eve", "demo key", "" ] ], 1 ], + [ "56D33268F7FE693FBB594762D4BF57F37372E243", "0A32EE79EE45198E", + [ [ "Foxtrot Test", "demo key", "foxtrot at example.net" ] ], 1 ], + [ "C9C07DCC6621B9FB8D071B1D168410A48FC282E6", "247491CC9DCAD354", + [ [ "Golf Test", "demo key", "golf at example.net" ] ], 1 ], + [ "9E91CBB11E4D4135583EF90513DB965534C6E3F1", "76E26537D622AD0A", + [ [ "Hotel Test", "demo key", "hotel at example.net" ] ], 1 ], + [ "CD538D6CC9FB3D745ECDA5201FE8FC6F04259677", "C1C8EFDE61F76C73", + [ [ "India Test", "demo key", "india at example.net" ] ], 1 ], + [ "F8F1EDC73995AB739AD54B380C820C71D2699313", "BD0B108735F8F136", + [ [ "Juliet Test", "demo key", "juliet at example.net" ] ], 1 ], + [ "3FD11083779196C2ECDD9594AD1B0FAD43C2D0C7", "86CBB34A9AF64D02", + [ [ "Kilo Test", "demo key", "kilo at example.net" ] ], 1 ], + [ "1DDD28CEF714F5B03B8C246937CAB51FB79103F8", "0363B449FE56350C", + [ [ "Lima Test", "demo key", "lima at example.net" ] ], 1 ], + [ "2686AA191A278013992C72EBBE794852BE5CF886", "5F600A834F31EAE8", + [ [ "Mallory", "demo key", "" ], + [ "Mike Test", "demo key", "mike at example.net" ] ], 1 ], + [ "5AB9D6D7BAA1C95B3BAA3D9425B00FD430CEC684", "4C1D63308B70E472", + [ [ "November Test", "demo key", "november at example.net" ] ], 1 ], + [ "43929E89F8F79381678CAE515F6356BA6D9732AC", "FF0785712681619F", + [ [ "Oscar Test", "demo key", "oscar at example.net" ] ], 1 ], + [ "6FAA9C201E5E26DCBAEC39FD5D15E01D3FF13206", "2764E18263330D9C", + [ [ "Papa test", "demo key", "papa at example.net" ] ], 1 ], + [ "A7969DA1C3297AA96D49843F1C67EC133C661C84", "6CDCFC44A029ACF4", + [ [ "Quebec Test", "demo key", "quebec at example.net" ] ], 1 ], + [ "38FBE1E4BF6A5E1242C8F6A13BDBEDB1777FBED3", "9FAB805A11D102EA", + [ [ "Romeo Test", "demo key", "romeo at example.net" ] ], 1 ], + [ "045B2334ADD69FC221076841A5E67F7FA3AE3EA1", "93B88B0F0F1B50B4", + [ [ "Sierra Test", "demo key", "sierra at example.net" ] ], 1 ], + [ "ECAC774F4EEEB0620767044A58CB9A4C85A81F38", "97B60E01101C0402", + [ [ "Tango Test", "demo key", "tango at example.net" ] ], 1 ], + [ "0DBCAD3F08843B9557C6C4D4A94C0F75653244D6", "93079B915522BDB9", + [ [ "Uniform Test", "demo key", "uniform at example.net" ] ], 1 ], + [ "E8143C489C8D41124DC40D0B47AF4B6961F04784", "04071FB807287134", + [ [ "Victor Test", "demo key", "victor at example.org" ] ], 1 ], + [ "E8D6C90B683B0982BD557A99DEF0F7B8EC67DBDE", "D7FBB421FD6E27F6", + [ [ "Whisky Test", "demo key", "whisky at example.net" ] ], 3, + check_whisky ], + [ "04C1DF62EFA0EBB00519B06A8979A6C5567FB34A", "5CC6F87F41E408BE", + [ [ "XRay Test", "demo key", "xray at example.net" ] ], 1 ], + [ "ED9B316F78644A58D042655A9EEF34CD4B11B25F", "5ADFD255F7B080AD", + [ [ "Yankee Test", "demo key", "yankee at example.net" ] ], 1 ], + [ "23FD347A419429BACCD5E72D6BC4778054ACD246", "EF9DC276A172C881", + [ [ "Zulu Test", "demo key", "zulu at example.net" ] ], 1 ], +] + +def check_global(key, uids, n_subkeys): + assert not key.revoked, "Key unexpectedly revoked" + assert not key.expired, "Key unexpectedly expired" + assert not key.disabled, "Key unexpectedly disabled" + assert not key.invalid, "Key unexpectedly invalid" + assert key.can_sign, "Key unexpectedly unusable for signing" + assert key.can_certify, "Key unexpectedly unusable for certifications" + assert not key.secret, "Key unexpectedly secret" + assert not key.protocol != gpg.constants.protocol.OpenPGP, \ + "Key has unexpected protocol: {}".format(key.protocol) + assert not key.issuer_serial, \ + "Key unexpectedly carries issuer serial: {}".format(key.issuer_serial) + assert not key.issuer_name, \ + "Key unexpectedly carries issuer name: {}".format(key.issuer_name) + assert not key.chain_id, \ + "Key unexpectedly carries chain ID: {}".format(key.chain_id) + assert key.owner_trust == gpg.constants.validity.UNKNOWN, \ + "Key has unexpected owner trust: {}".format(key.owner_trust) + assert len(key.subkeys) - 1 == n_subkeys, \ + "Key `{}' has unexpected number of subkeys".format(uids[0][0]) + + +def check_subkey(fpr, which, subkey): + assert not subkey.revoked, which + " key unexpectedly revoked" + assert not subkey.expired, which + " key unexpectedly expired" + assert not subkey.disabled, which + " key unexpectedly disabled" + assert not subkey.invalid, which + " key unexpectedly invalid" + + if which == "Primary": + assert not subkey.can_encrypt, \ + which + " key unexpectedly usable for encryption" + assert subkey.can_sign, \ + which + " key unexpectedly unusable for signing" + assert subkey.can_certify, \ + which + " key unexpectedly unusable for certifications" + else: + assert subkey.can_encrypt, \ + which + " key unexpectedly unusable for encryption" + assert not subkey.can_sign, \ + which + " key unexpectedly usable for signing" + assert not subkey.can_certify, \ + which + " key unexpectedly usable for certifications" + + assert not subkey.secret, which + " key unexpectedly secret" + assert not subkey.is_cardkey, "Public key marked as card key" + assert not subkey.card_number, "Public key with card number set" + assert not subkey.pubkey_algo != (gpg.constants.pk.DSA if which == "Primary" + else gpg.constants.pk.ELG_E), \ + which + " key has unexpected public key algo: {}".\ + format(subkey.pubkey_algo) + assert subkey.length == 1024, \ + which + " key has unexpected length: {}".format(subkey.length) + assert fpr.endswith(subkey.keyid), \ + which + " key has unexpected key ID: {}".format(subkey.keyid) + assert which == "Secondary" or subkey.fpr == fpr, \ + which + " key has unexpected fingerprint: {}".format(subkey.fpr) + assert not subkey.expires, \ + which + " key unexpectedly expires: {}".format(subkey.expires) + +def check_uid(which, ref, uid): + assert not uid.revoked, which + " user ID unexpectedly revoked" + assert not uid.invalid, which + " user ID unexpectedly invalid" + assert uid.validity == gpg.constants.validity.UNKNOWN, \ + which + " user ID has unexpected validity: {}".format(uid.validity) + assert not uid.signatures, which + " user ID unexpectedly signed" + assert uid.name == ref[0], \ + "Unexpected name in {} user ID: {!r}".format(which.lower(), uid.name) + assert uid.comment == ref[1], \ + "Unexpected comment in {} user ID: {!r}".format(which.lower(), + uid.comment) + assert uid.email == ref[2], \ + "Unexpected email in {} user ID: {!r}".format(which.lower(), uid.email) + +# Export all the data from our keyring... +key_data = gpg.Data() +with gpg.Context() as c: + c.op_export_keys([c.get_key(k[0]) for k in keys], 0, key_data) + +# ... rewind the tape... +key_data.rewind() + +# ... and feed it into a keylist in an empty context. +with support.EphemeralContext() as c: + for i, key in enumerate(c.keylist(source=key_data)): + try: + if len(keys[i]) == 4: + fpr, sec_keyid, uids, n_subkeys = keys[i] + misc_check = None + else: + fpr, sec_keyid, uids, n_subkeys, misc_check = keys[i] + except IndexError: + # There are more keys. We don't check for that. + break + + # Global key flags. + check_global(key, uids, n_subkeys) + check_subkey(fpr, "Primary", key.subkeys[0]) + check_subkey(sec_keyid, "Secondary", key.subkeys[1]) + + assert len(key.uids) == len(uids) + check_uid("First", uids[0], key.uids[0]) + if len(key.uids) > 1: + check_uid("Second", uids[1], key.uids[1]) + if len(key.uids) > 2: + check_uid("Third", uids[2], key.uids[2]) + + if misc_check: + misc_check (uids[0][0], key) + + assert len(list(c.keylist())) == 0, "Keys were imported" ----------------------------------------------------------------------- Summary of changes: NEWS | 1 + lang/python/gpg/core.py | 23 +++- lang/python/gpgme.i | 2 +- lang/python/tests/Makefile.am | 1 + lang/python/tests/support.py | 8 +- .../tests/{t-keylist.py => t-keylist-from-data.py} | 150 ++++++--------------- 6 files changed, 72 insertions(+), 113 deletions(-) copy lang/python/tests/{t-keylist.py => t-keylist-from-data.py} (73%) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 21 13:18:28 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 21 Mar 2017 13:18:28 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-67-g06f1f16 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 06f1f163e96f1039304fd3cf565cf9de1ca45849 (commit) from ceb4b245752bb1fb43fde7e99f8d904ab8a9b5e2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 06f1f163e96f1039304fd3cf565cf9de1ca45849 Author: Justus Winter Date: Tue Mar 21 13:15:38 2017 +0100 tests: Create temporary directories in '/tmp'. * tests/gpgscm/tests.scm (mkdtemp): Create temporary directories in '/tmp' on UNIX, or in '%Temp' on Windows. * tests/migrations/common.scm (run-test): Turn error into a warning. * tests/openpgp/defs.scm (start-agent): Likewise. -- This fixes the problem of GnuPG components being unable to communicate because of too long GnuPG home directories in important build environments like the Debian build servers despite the use of socket directories. This reverts d75d20909d9f60d33ffd210def92278c0f383aad. Signed-off-by: Justus Winter diff --git a/tests/gpgscm/tests.scm b/tests/gpgscm/tests.scm index 0c02c34..329a31a 100644 --- a/tests/gpgscm/tests.scm +++ b/tests/gpgscm/tests.scm @@ -271,9 +271,11 @@ ;; generic name is used. Returns an absolute path. (define (mkdtemp . components) (canonical-path (_mkdtemp (if (null? components) - (string-append "gpgscm-" (get-isotime) "-" - (basename-suffix *scriptname* ".scm") - "-XXXXXX") + (path-join + (if *win32* (getenv "Temp") "/tmp") + (string-append "gpgscm-" (get-isotime) "-" + (basename-suffix *scriptname* ".scm") + "-XXXXXX")) (apply path-join components))))) (define-macro (with-temporary-working-directory . expressions) diff --git a/tests/migrations/common.scm b/tests/migrations/common.scm index b1c90aa..fa8f129 100644 --- a/tests/migrations/common.scm +++ b/tests/migrations/common.scm @@ -53,7 +53,7 @@ (untar-armored src-tarball) (setenv "GNUPGHOME" (getcwd) #t) - (catch (fail "Creating socket directory failed (see README):" (car *error*)) + (catch (log "Warning: Creating socket directory failed:" (car *error*)) (call-popen `(,gpgconf --create-socketdir) "")) (test (getcwd)) (catch (log "Warning: Removing socket directory failed.") diff --git a/tests/openpgp/defs.scm b/tests/openpgp/defs.scm index 64c086d..7c8e10a 100644 --- a/tests/openpgp/defs.scm +++ b/tests/openpgp/defs.scm @@ -446,7 +446,7 @@ (atexit (lambda () (with-home-directory gnupghome (stop-agent))))) - (catch (fail "Creating socket directory failed (see README):" (car *error*)) + (catch (log "Warning: Creating socket directory failed:" (car *error*)) (call-popen `(,(tool 'gpgconf) --create-socketdir) "")) (call-check `(,(tool 'gpg-connect-agent) --verbose ,(string-append "--agent-program=" (tool 'gpg-agent) ----------------------------------------------------------------------- Summary of changes: tests/gpgscm/tests.scm | 8 +++++--- tests/migrations/common.scm | 2 +- tests/openpgp/defs.scm | 2 +- 3 files changed, 7 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 21 14:23:31 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 21 Mar 2017 14:23:31 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-69-g483c128 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 483c1288a8f86dc6bf93d0d3f2865ecc246aecba (commit) via 88f1505f0613894d5544290a170119eb538921e5 (commit) from 06f1f163e96f1039304fd3cf565cf9de1ca45849 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 483c1288a8f86dc6bf93d0d3f2865ecc246aecba Author: Justus Winter Date: Tue Mar 21 14:22:13 2017 +0100 dirmngr: Fix error handling. * dirmngr/dns-stuff.c (libdns_init): Convert error before printing it. Signed-off-by: Justus Winter diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c index 78c70e1..1a80913 100644 --- a/dirmngr/dns-stuff.c +++ b/dirmngr/dns-stuff.c @@ -568,8 +568,8 @@ libdns_init (void) : dns_hints_local (ld.resolv_conf, &derr)); if (!ld.hints) { - log_error ("failed to load DNS hints: %s\n", gpg_strerror (err)); err = libdns_error_to_gpg_error (derr); + log_error ("failed to load DNS hints: %s\n", gpg_strerror (err)); goto leave; } commit 88f1505f0613894d5544290a170119eb538921e5 Author: Justus Winter Date: Tue Mar 21 14:18:25 2017 +0100 dirmngr: Load the hosts file into libdns. * dirmngr/dns-stuff.c (libdns_init): Actually load the hosts file into libdns. -- Previously, connecting to key servers specified in /etc/hosts was not possible because libdns' hosts structure was initialized, but not filled with the content of the hosts file. GnuPG-bug-id: 2977 Signed-off-by: Justus Winter diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c index ec9a095..78c70e1 100644 --- a/dirmngr/dns-stuff.c +++ b/dirmngr/dns-stuff.c @@ -533,11 +533,35 @@ libdns_init (void) ld.hosts = dns_hosts_open (&derr); if (!ld.hosts) { - log_error ("failed to load hosts file: %s\n", gpg_strerror (err)); err = libdns_error_to_gpg_error (derr); + log_error ("failed to initialize hosts file: %s\n", gpg_strerror (err)); goto leave; } + + { +#if HAVE_W32_SYSTEM + char *hosts_path = xtryasprintf ("%s\System32\drivers\etc\hosts", + getenv ("SystemRoot")); + if (! hosts_path) + { + err = gpg_error_from_syserror (); + goto leave; + } + + derr = dns_hosts_loadpath (ld.hosts, hosts_path); + xfree (hosts_path); +#else + derr = dns_hosts_loadpath (ld.hosts, "/etc/hosts"); +#endif + if (derr) + { + err = libdns_error_to_gpg_error (derr); + log_error ("failed to load hosts file: %s\n", gpg_strerror (err)); + goto leave; + } + } + /* dns_hints_local for stub mode, dns_hints_root for recursive. */ ld.hints = (recursive_resolver ? dns_hints_root (ld.resolv_conf, &derr) ----------------------------------------------------------------------- Summary of changes: dirmngr/dns-stuff.c | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 21 15:14:52 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 21 Mar 2017 15:14:52 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-70-g74c1f30 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 74c1f30ad6616186f0ab9dbaf34db6c17b1e40c4 (commit) from 483c1288a8f86dc6bf93d0d3f2865ecc246aecba (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 74c1f30ad6616186f0ab9dbaf34db6c17b1e40c4 Author: Werner Koch Date: Tue Mar 21 14:47:21 2017 +0100 gpg: New command --quick-set-primary-uid. * g10/gpg.c (aQuickSetPrimaryUid): New const. (opts): New command --quick-set-primary-uid. (main): Implement it. * g10/keyedit.c (keyedit_quick_adduid): Factor some code out to ... (quick_find_keyblock): new func. (keyedit_quick_revuid): Use quick_find_keyblock. (keyedit_quick_set_primary): New. Signed-off-by: Werner Koch diff --git a/doc/gpg.texi b/doc/gpg.texi index 0e107ec..37e1ff1 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1096,19 +1096,28 @@ on its form are applied. @item --quick-revoke-uid @var{user-id} @var{user-id-to-revoke} @opindex quick-revoke-uid -This command revokes a User ID on an existing key. It cannot be used -to revoke the last User ID on key (some non-revoked User ID must +This command revokes a user ID on an existing key. It cannot be used +to revoke the last user ID on key (some non-revoked user ID must remain), with revocation reason ``User ID is no longer valid''. If you want to specify a different revocation reason, or to supply supplementary revocation text, you should use the interactive sub-command @code{revuid} of @option{--edit-key}. - at item --change-passphrase @var{user_id} + at item --quick-set-primary-uid @var{user-id} @var{primary-user-id} + at opindex quick-set-primary-uid +This command sets or updates the primary user ID flag on an existing +key. @var{user-id} specifies the key and @var{primary-user-id} the +user ID which shall be flagged as the primary user ID. The primary +user ID flag is removed from all other user ids and the timestamp of +all affected self-signatures is set one second ahead. + + + at item --change-passphrase @var{user-id} @opindex change-passphrase - at itemx --passwd @var{user_id} + at itemx --passwd @var{user-id} @opindex passwd Change the passphrase of the secret key belonging to the certificate -specified as @var{user_id}. This is a shortcut for the sub-command +specified as @var{user-id}. This is a shortcut for the sub-command @code{passwd} of the edit key menu. @end table @@ -1767,7 +1776,7 @@ when verifying signatures made by keys that are not on the local keyring. If the method "wkd" is included in the list of methods given to - at option{auto-key-locate}, the Signer's User ID is part of the + at option{auto-key-locate}, the signer's user ID is part of the signature, and the option @option{--disable-signer-uid} is not used, the "wkd" method may also be used to retrieve a key. diff --git a/g10/gpg.c b/g10/gpg.c index eeda60f..b3d606b 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -1,7 +1,7 @@ /* gpg.c - The GnuPG utility (main for gpg) * Copyright (C) 1998-2011 Free Software Foundation, Inc. - * Copyright (C) 1997-2016 Werner Koch - * Copyright (C) 2015-2016 g10 Code GmbH + * Copyright (C) 1997-2017 Werner Koch + * Copyright (C) 2015-2017 g10 Code GmbH * * This file is part of GnuPG. * @@ -124,6 +124,7 @@ enum cmd_and_opt_values aQuickAddKey, aQuickRevUid, aQuickSetExpire, + aQuickSetPrimaryUid, aListConfig, aListGcryptConfig, aGPGConfList, @@ -460,6 +461,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_c (aQuickRevUid, "quick-revuid", "@"), ARGPARSE_c (aQuickSetExpire, "quick-set-expire", N_("quickly set a new expiration date")), + ARGPARSE_c (aQuickSetPrimaryUid, "quick-set-primary-uid", "@"), ARGPARSE_c (aFullKeygen, "full-generate-key" , N_("full featured key pair generation")), ARGPARSE_c (aFullKeygen, "full-gen-key", "@"), @@ -2581,6 +2583,7 @@ main (int argc, char **argv) case aQuickAddKey: case aQuickRevUid: case aQuickSetExpire: + case aQuickSetPrimaryUid: case aExportOwnerTrust: case aImportOwnerTrust: case aRebuildKeydbCaches: @@ -4002,6 +4005,7 @@ main (int argc, char **argv) case aQuickAddUid: case aQuickAddKey: case aQuickRevUid: + case aQuickSetPrimaryUid: case aFullKeygen: case aKeygen: case aImport: @@ -4445,6 +4449,18 @@ main (int argc, char **argv) } break; + case aQuickSetPrimaryUid: + { + const char *uid, *primaryuid; + + if (argc != 2) + wrong_args ("--quick-set-primary-uid USER-ID PRIMARY-USER-ID"); + uid = *argv++; argc--; + primaryuid = *argv++; argc--; + keyedit_quick_set_primary (ctrl, uid, primaryuid); + } + break; + case aFastImport: opt.import_options |= IMPORT_FAST; case aImport: diff --git a/g10/keyedit.c b/g10/keyedit.c index 2b0f45e..9a7fe13 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -1,6 +1,6 @@ /* keyedit.c - Edit properties of a key * Copyright (C) 1998-2010 Free Software Foundation, Inc. - * Copyright (C) 1998-2016 Werner Koch + * Copyright (C) 1998-2017 Werner Koch * Copyright (C) 2015, 2016 g10 Code GmbH * * This file is part of GnuPG. @@ -2860,36 +2860,28 @@ leave: } -/* Unattended adding of a new keyid. USERNAME specifies the - key. NEWUID is the new user id to add to the key. */ -void -keyedit_quick_adduid (ctrl_t ctrl, const char *username, const char *newuid) +/* Helper for quick commands to find the keyblock for USERNAME. + * Returns on success the key database handle at R_KDBHD and the + * keyblock at R_KEYBLOCK. */ +static gpg_error_t +quick_find_keyblock (ctrl_t ctrl, const char *username, + KEYDB_HANDLE *r_kdbhd, kbnode_t *r_keyblock) { gpg_error_t err; KEYDB_HANDLE kdbhd = NULL; - KEYDB_SEARCH_DESC desc; kbnode_t keyblock = NULL; + KEYDB_SEARCH_DESC desc; kbnode_t node; - char *uidstring = NULL; - uidstring = xstrdup (newuid); - trim_spaces (uidstring); - if (!*uidstring) - { - log_error ("%s\n", gpg_strerror (GPG_ERR_INV_USER_ID)); - goto leave; - } - -#ifdef HAVE_W32_SYSTEM - /* See keyedit_menu for why we need this. */ - check_trustdb_stale (ctrl); -#endif + *r_kdbhd = NULL; + *r_keyblock = NULL; /* Search the key; we don't want the whole getkey stuff here. */ kdbhd = keydb_new (); if (!kdbhd) { /* Note that keydb_new has already used log_error. */ + err = gpg_error_from_syserror (); goto leave; } @@ -2917,24 +2909,65 @@ keyedit_quick_adduid (ctrl_t ctrl, const char *username, const char *newuid) if (!err) { - /* We require the secret primary key to add a UID. */ + /* We require the secret primary key to set the primary UID. */ node = find_kbnode (keyblock, PKT_PUBLIC_KEY); - if (!node) - BUG (); + log_assert (node); err = agent_probe_secret_key (ctrl, node->pkt->pkt.public_key); } } + else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) + err = gpg_error (GPG_ERR_NO_PUBKEY); + if (err) { - log_error (_("secret key \"%s\" not found: %s\n"), + log_error (_("key \"%s\" not found: %s\n"), username, gpg_strerror (err)); goto leave; } fix_keyblock (&keyblock); - merge_keys_and_selfsig (keyblock); + *r_keyblock = keyblock; + keyblock = NULL; + *r_kdbhd = kdbhd; + kdbhd = NULL; + + leave: + release_kbnode (keyblock); + keydb_release (kdbhd); + return err; +} + + +/* Unattended adding of a new keyid. USERNAME specifies the + key. NEWUID is the new user id to add to the key. */ +void +keyedit_quick_adduid (ctrl_t ctrl, const char *username, const char *newuid) +{ + gpg_error_t err; + KEYDB_HANDLE kdbhd = NULL; + kbnode_t keyblock = NULL; + char *uidstring = NULL; + + uidstring = xstrdup (newuid); + trim_spaces (uidstring); + if (!*uidstring) + { + log_error ("%s\n", gpg_strerror (GPG_ERR_INV_USER_ID)); + goto leave; + } + +#ifdef HAVE_W32_SYSTEM + /* See keyedit_menu for why we need this. */ + check_trustdb_stale (ctrl); +#endif + + /* Search the key; we don't want the whole getkey stuff here. */ + err = quick_find_keyblock (ctrl, username, &kdbhd, &keyblock); + if (err) + goto leave; + if (menu_adduid (ctrl, keyblock, 0, NULL, uidstring)) { err = keydb_update_keyblock (ctrl, kdbhd, keyblock); @@ -2954,6 +2987,7 @@ keyedit_quick_adduid (ctrl_t ctrl, const char *username, const char *newuid) keydb_release (kdbhd); } + /* Unattended revocation of a keyid. USERNAME specifies the key. UIDTOREV is the user id revoke from the key. */ void @@ -2961,7 +2995,6 @@ keyedit_quick_revuid (ctrl_t ctrl, const char *username, const char *uidtorev) { gpg_error_t err; KEYDB_HANDLE kdbhd = NULL; - KEYDB_SEARCH_DESC desc; kbnode_t keyblock = NULL; kbnode_t node; int modified = 0; @@ -2974,65 +3007,20 @@ keyedit_quick_revuid (ctrl_t ctrl, const char *username, const char *uidtorev) #endif /* Search the key; we don't want the whole getkey stuff here. */ - kdbhd = keydb_new (); - if (!kdbhd) - { - /* Note that keydb_new has already used log_error. */ - goto leave; - } - - err = classify_user_id (username, &desc, 1); - if (!err) - err = keydb_search (kdbhd, &desc, 1, NULL); - if (!err) - { - err = keydb_get_keyblock (kdbhd, &keyblock); - if (err) - { - log_error (_("error reading keyblock: %s\n"), gpg_strerror (err)); - goto leave; - } - /* Now with the keyblock retrieved, search again to detect an - ambiguous specification. We need to save the found state so - that we can do an update later. */ - keydb_push_found_state (kdbhd); - err = keydb_search (kdbhd, &desc, 1, NULL); - if (!err) - err = gpg_error (GPG_ERR_AMBIGUOUS_NAME); - else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) - err = 0; - keydb_pop_found_state (kdbhd); - - if (!err) - { - /* We require the secret primary key to revoke a UID. */ - node = find_kbnode (keyblock, PKT_PUBLIC_KEY); - if (!node) - BUG (); - err = agent_probe_secret_key (ctrl, node->pkt->pkt.public_key); - } - } + err = quick_find_keyblock (ctrl, username, &kdbhd, &keyblock); if (err) - { - log_error (_("secret key \"%s\" not found: %s\n"), - username, gpg_strerror (err)); - goto leave; - } - - fix_keyblock (&keyblock); - merge_keys_and_selfsig (keyblock); + goto leave; /* Too make sure that we do not revoke the last valid UID, we first count how many valid UIDs there are. */ valid_uids = 0; for (node = keyblock; node; node = node->next) - valid_uids += - node->pkt->pkttype == PKT_USER_ID - && ! node->pkt->pkt.user_id->flags.revoked - && ! node->pkt->pkt.user_id->flags.expired; + valid_uids += (node->pkt->pkttype == PKT_USER_ID + && !node->pkt->pkt.user_id->flags.revoked + && !node->pkt->pkt.user_id->flags.expired); + /* Find the right UID. */ revlen = strlen (uidtorev); - /* find the right UID */ for (node = keyblock; node; node = node->next) { if (node->pkt->pkttype == PKT_USER_ID @@ -3046,7 +3034,8 @@ keyedit_quick_revuid (ctrl_t ctrl, const char *username, const char *uidtorev) && ! node->pkt->pkt.user_id->flags.revoked && ! node->pkt->pkt.user_id->flags.expired) { - log_error (_("Cannot revoke the last valid user ID.\n")); + log_error (_("cannot revoke the last valid user ID.\n")); + err = gpg_error (GPG_ERR_INV_USER_ID); goto leave; } @@ -3054,11 +3043,7 @@ keyedit_quick_revuid (ctrl_t ctrl, const char *username, const char *uidtorev) err = core_revuid (ctrl, keyblock, node, reason, &modified); release_revocation_reason_info (reason); if (err) - { - log_error (_("User ID revocation failed: %s\n"), - gpg_strerror (err)); - goto leave; - } + goto leave; err = keydb_update_keyblock (ctrl, kdbhd, keyblock); if (err) { @@ -3066,13 +3051,81 @@ keyedit_quick_revuid (ctrl_t ctrl, const char *username, const char *uidtorev) goto leave; } - if (update_trust) - revalidation_mark (); + revalidation_mark (); goto leave; } } + err = gpg_error (GPG_ERR_NO_USER_ID); - log_error (_("User ID revocation failed: %s\n"), gpg_strerror (GPG_ERR_NOT_FOUND)); + + leave: + if (err) + log_error (_("revoking the user ID failed: %s\n"), gpg_strerror (err)); + release_kbnode (keyblock); + keydb_release (kdbhd); +} + + +/* Unattended setting of the primary uid. USERNAME specifies the key. + PRIMARYUID is the user id which shall be primary. */ +void +keyedit_quick_set_primary (ctrl_t ctrl, const char *username, + const char *primaryuid) +{ + gpg_error_t err; + KEYDB_HANDLE kdbhd = NULL; + kbnode_t keyblock = NULL; + kbnode_t node; + size_t primaryuidlen; + int any; + +#ifdef HAVE_W32_SYSTEM + /* See keyedit_menu for why we need this. */ + check_trustdb_stale (ctrl); +#endif + + err = quick_find_keyblock (ctrl, username, &kdbhd, &keyblock); + if (err) + goto leave; + + /* Find and mark the UID - we mark only the first valid one. */ + primaryuidlen = strlen (primaryuid); + any = 0; + for (node = keyblock; node; node = node->next) + { + if (node->pkt->pkttype == PKT_USER_ID + && !any + && !node->pkt->pkt.user_id->flags.revoked + && !node->pkt->pkt.user_id->flags.expired + && primaryuidlen == node->pkt->pkt.user_id->len + && !memcmp (node->pkt->pkt.user_id->name, primaryuid, primaryuidlen)) + { + node->flag |= NODFLG_SELUID; + any = 1; + } + else + node->flag &= ~NODFLG_SELUID; + } + + if (!any) + err = gpg_error (GPG_ERR_NO_USER_ID); + else if (menu_set_primary_uid (keyblock)) + { + merge_keys_and_selfsig (keyblock); + err = keydb_update_keyblock (ctrl, kdbhd, keyblock); + if (err) + { + log_error (_("update failed: %s\n"), gpg_strerror (err)); + goto leave; + } + revalidation_mark (); + } + else + err = gpg_error (GPG_ERR_GENERAL); + + if (err) + log_error (_("setting the primary user ID failed: %s\n"), + gpg_strerror (err)); leave: release_kbnode (keyblock); @@ -5205,7 +5258,7 @@ change_primary_uid_cb (PKT_signature * sig, void *opaque) /* * Set the primary uid flag for the selected UID. We will also reset - * all other primary uid flags. For this to work with have to update + * all other primary uid flags. For this to work we have to update * all the signature timestamps. If we would do this with the current * time, we lose quite a lot of information, so we use a kludge to * do this: Just increment the timestamp by one second which is diff --git a/g10/main.h b/g10/main.h index c9c3454..32d323b 100644 --- a/g10/main.h +++ b/g10/main.h @@ -300,6 +300,8 @@ void keyedit_quick_sign (ctrl_t ctrl, const char *fpr, strlist_t uids, strlist_t locusr, int local); void keyedit_quick_set_expire (ctrl_t ctrl, const char *fpr, const char *expirestr); +void keyedit_quick_set_primary (ctrl_t ctrl, const char *username, + const char *primaryuid); void show_basic_key_info (KBNODE keyblock); /*-- keygen.c --*/ ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 21 ++++-- g10/gpg.c | 20 +++++- g10/keyedit.c | 225 ++++++++++++++++++++++++++++++++++++---------------------- g10/main.h | 2 + 4 files changed, 174 insertions(+), 94 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 21 15:55:39 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 21 Mar 2017 15:55:39 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-71-gd17840c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via d17840c3f40111beaf97d96ad3ca52047976e221 (commit) from 74c1f30ad6616186f0ab9dbaf34db6c17b1e40c4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d17840c3f40111beaf97d96ad3ca52047976e221 Author: Justus Winter Date: Tue Mar 21 15:52:47 2017 +0100 tests,w32: Use GetTempPath to get the path for temporary files. * tests/gpgscm/ffi.c (do_get_temp_path): New function. (ffi_init): Make function available. * tests/gpgscm/tests.scm (mkdtemp): Use the new function. Fixes-commit: 06f1f163e96f1039304fd3cf565cf9de1ca45849 Signed-off-by: Justus Winter diff --git a/tests/gpgscm/ffi.c b/tests/gpgscm/ffi.c index 34e573f..3af3328 100644 --- a/tests/gpgscm/ffi.c +++ b/tests/gpgscm/ffi.c @@ -342,6 +342,24 @@ do_seek (scheme *sc, pointer args) } static pointer +do_get_temp_path (scheme *sc, pointer args) +{ + FFI_PROLOG (); +#ifdef HAVE_W32_SYSTEM + char buffer[MAX_PATH+1]; +#endif + FFI_ARGS_DONE_OR_RETURN (sc, args); + +#ifdef HAVE_W32_SYSTEM + if (GetTempPath (MAX_PATH+1, buffer) == 0) + FFI_RETURN_STRING (sc, "/temp"); + FFI_RETURN_STRING (sc, buffer); +#else + FFI_RETURN_STRING (sc, "/tmp"); +#endif +} + +static pointer do_mkdtemp (scheme *sc, pointer args) { FFI_PROLOG (); @@ -1352,6 +1370,7 @@ ffi_init (scheme *sc, const char *argv0, const char *scriptname, ffi_define_function (sc, fdopen); ffi_define_function (sc, close); ffi_define_function (sc, seek); + ffi_define_function (sc, get_temp_path); ffi_define_function_name (sc, "_mkdtemp", mkdtemp); ffi_define_function (sc, unlink); ffi_define_function (sc, unlink_recursively); diff --git a/tests/gpgscm/tests.scm b/tests/gpgscm/tests.scm index 329a31a..a4339ca 100644 --- a/tests/gpgscm/tests.scm +++ b/tests/gpgscm/tests.scm @@ -272,7 +272,7 @@ (define (mkdtemp . components) (canonical-path (_mkdtemp (if (null? components) (path-join - (if *win32* (getenv "Temp") "/tmp") + (get-temp-path) (string-append "gpgscm-" (get-isotime) "-" (basename-suffix *scriptname* ".scm") "-XXXXXX")) ----------------------------------------------------------------------- Summary of changes: tests/gpgscm/ffi.c | 19 +++++++++++++++++++ tests/gpgscm/tests.scm | 2 +- 2 files changed, 20 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 21 16:22:50 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 21 Mar 2017 16:22:50 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-72-gfde885b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via fde885bbc47a4bf14a8570ac62e68adc8cf47a6e (commit) from d17840c3f40111beaf97d96ad3ca52047976e221 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fde885bbc47a4bf14a8570ac62e68adc8cf47a6e Author: Justus Winter Date: Tue Mar 21 16:21:49 2017 +0100 tests: Test '--quick-set-primary-uid'. * tests/openpgp/quick-key-manipulation.scm: Test '--quick-set-primary-uid'. Signed-off-by: Justus Winter diff --git a/tests/openpgp/quick-key-manipulation.scm b/tests/openpgp/quick-key-manipulation.scm index 9fd5b6b..85e56ca 100755 --- a/tests/openpgp/quick-key-manipulation.scm +++ b/tests/openpgp/quick-key-manipulation.scm @@ -73,6 +73,17 @@ (assert (= 2 (count-uids-of-secret-key alpha))) (assert (= 2 (count-uids-of-secret-key bravo))) +(info "Checking that we can mark an user ID as primary.") +(call-check `(, at gpg --quick-set-primary-uid ,(exact alpha) ,alpha)) +(call-check `(, at gpg --quick-set-primary-uid ,(exact alpha) ,bravo)) +;; XXX I don't know how to verify this. The keylisting does not seem +;; to indicate the primary UID. + +(info "Checking that we get an error making non-existant user ID the primary one.") +(catch '() + (call-check `(, at GPG --quick-set-primary-uid ,(exact alpha) ,charlie)) + (error "Expected an error, but get none.")) + (info "Checking that we can revoke a user ID...") (call-check `(, at GPG --quick-revoke-uid ,(exact bravo) ,alpha)) ----------------------------------------------------------------------- Summary of changes: tests/openpgp/quick-key-manipulation.scm | 11 +++++++++++ 1 file changed, 11 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 21 19:10:14 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 21 Mar 2017 19:10:14 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.8.0-112-g421ddd1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 421ddd1e6706046c5062417fd69a87e10c9fc0a9 (commit) from f3e8d8a4518de2768692e0b392262d0da6d0fd84 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 421ddd1e6706046c5062417fd69a87e10c9fc0a9 Author: Werner Koch Date: Tue Mar 21 19:02:20 2017 +0100 core: New API gpgme_op_set_uid_flag. * src/gpgme.h.in (gpgme_op_set_uid_flag_start): New. (gpgme_op_set_uid_flag_start): New. * src/gpgme.def, src/libgpgme.vers: Add them. * src/genkey.c (addrevuid_start): Change arg revoke to a flag. (gpgme_op_revuid_start): Pass GENKEY_EXTRAFLAG_REVOKE for the fomer revoke parameter. (gpgme_op_revuid): Ditto. (set_uid_flag): New. (gpgme_op_set_uid_flag_start): New. (gpgme_op_set_uid_flag): New. * src/engine.h (GENKEY_EXTRAFLAG_SETPRIMARY): new. * src/engine-gpg.c (gpg_adduid): Implement that flag. * tests/run-genkey.c (main): New command --set-primary. -- GnuPG-bug-id: 2931 Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index 16e1550..367b718 100644 --- a/NEWS +++ b/NEWS @@ -10,10 +10,12 @@ Noteworthy changes in version 1.8.1 (unreleased) gpgme_op_createkey CHANGED: Meaning of 'expire' parameter. gpgme_op_createsubkey CHANGED: Meaning of 'expire' parameter. GPGME_CREATE_NOEXPIRE NEW. - gpgme_subkey_t EXTENDED: New field is_de_vs. + gpgme_subkey_t EXTENDED: New field 'is_de_vs'. gpgme_op_keylist_from_data_start NEW. + gpgme_op_set_uid_flag_start NEW. + gpgme_op_set_uid_flag NEW. GPGME_ENCRYPT_THROW_KEYIDS NEW. - gpgme_data_rewind UN-DEPRECATE + gpgme_data_rewind UN-DEPRECATE. cpp: Context::revUid(const Key&, const char*) NEW. cpp: Context::startRevUid(const Key&, const char*) NEW. cpp: Context::addUid(const Key&, const char*) NEW. diff --git a/doc/gpgme.texi b/doc/gpgme.texi index 9846299..fd1f9bc 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -3897,6 +3897,61 @@ be completed by calling @code{gpgme_wait} on the context. @c + at c gpgme_op_set_uid_flag + at c + at deftypefun gpgme_error_t gpgme_op_set_ui_flag @ + (@w{gpgme_ctx_t @var{ctx}}, @ + @w{gpgme_key_t @var{key}}, @ + @w{const char *@var{userid}}, @ + @w{cons char * @var{name}}, @ + @w{cons char * @var{value}}); + +The function @code{gpgme_op_set_uid_flag} is used to set flags on a +user ID from the OpenPGP key given by @var{KEY}. Setting flags on +user IDs after key creation is a feature of the OpenPGP protocol and +thus the protocol for the context @var{ctx} must be set to OpenPGP. + + at var{key} specifies the key to operate on. This parameters is required. + + at var{userid} is the user ID of the key to be manipulated. This user ID +must be given verbatim because the engine does an exact and case +sensitive match. Thus the @code{uid} field from the user ID object +(@code{gpgme_user_id_t}) is to be used. This is a required parameter. + + at var{name} names the flag which is to be changed. The only currently +supported flag is: + + at table @code + at item primary +This sets the primary key flag on the given user ID. All other +primary key flag on other user IDs are removed. @var{value} must be +given as NULL. For technical reasons this functions bumps the +creation timestamp of all affected self-signatures up by one second. +At least GnuPG version 2.1.20 is required. + + at end table + +The function returns zero on success, @code{GPG_ERR_NOT_SUPPORTED} if +the engine does not support the command, or a bunch of other error +codes. + + at end deftypefun + + at deftypefun gpgme_error_t gpgme_op_set_uid_flag_start @ + (@w{gpgme_ctx_t @var{ctx}}, @ + @w{gpgme_key_t @var{key}}, @ + @w{const char *@var{userid}}, @ + @w{cons char * @var{name}}, @ + @w{cons char * @var{value}}); + +The function @code{gpgme_op_set_uid_flag_start} initiates a + at code{gpgme_op_set_uid_flag} operation; see there for details. It must +be completed by calling @code{gpgme_wait} on the context. + at xref{Waiting For Completion}. + + at end deftypefun + + at c @c gpgme_op_genkey @c @deftypefun gpgme_error_t gpgme_op_genkey @ diff --git a/src/engine-gpg.c b/src/engine-gpg.c index 6024529..6e4b833 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -2222,7 +2222,14 @@ gpg_adduid (engine_gpg_t gpg, if (!key || !key->fpr || !userid) return gpg_error (GPG_ERR_INV_ARG); - if ((extraflags & GENKEY_EXTRAFLAG_REVOKE)) + if ((extraflags & GENKEY_EXTRAFLAG_SETPRIMARY)) + { + if (!have_gpg_version (gpg, "2.1.20")) + err = gpg_error (GPG_ERR_NOT_SUPPORTED); + else + err = add_arg (gpg, "--quick-set-primary-uid"); + } + else if ((extraflags & GENKEY_EXTRAFLAG_REVOKE)) err = add_arg (gpg, "--quick-revuid"); else err = add_arg (gpg, "--quick-adduid"); @@ -2262,7 +2269,7 @@ gpg_genkey (void *engine, * USERID && !KEY - Create a new keyblock. * !USERID && KEY - Add a new subkey to KEY (gpg >= 2.1.14) * USERID && KEY && !ALGO - Add a new user id to KEY (gpg >= 2.1.14). - * + * or set a flag on a user id. */ if (help_data) { diff --git a/src/engine.h b/src/engine.h index f456812..1064f5e 100644 --- a/src/engine.h +++ b/src/engine.h @@ -25,8 +25,9 @@ #include "gpgme.h" /* Flags used by the EXTRAFLAGS arg of _gpgme_engine_op_genkey. */ -#define GENKEY_EXTRAFLAG_ARMOR 1 -#define GENKEY_EXTRAFLAG_REVOKE 2 +#define GENKEY_EXTRAFLAG_ARMOR 1 +#define GENKEY_EXTRAFLAG_REVOKE 2 +#define GENKEY_EXTRAFLAG_SETPRIMARY 4 struct engine; diff --git a/src/genkey.c b/src/genkey.c index ea3f1ea..710b58f 100644 --- a/src/genkey.c +++ b/src/genkey.c @@ -489,7 +489,7 @@ gpgme_op_createsubkey (gpgme_ctx_t ctx, gpgme_key_t key, const char *algo, static gpgme_error_t -addrevuid_start (gpgme_ctx_t ctx, int synchronous, int revoke, +addrevuid_start (gpgme_ctx_t ctx, int synchronous, int extraflags, gpgme_key_t key, const char *userid, unsigned int flags) { gpgme_error_t err; @@ -512,7 +512,7 @@ addrevuid_start (gpgme_ctx_t ctx, int synchronous, int revoke, if (err) return err; - opd->uidmode = revoke? 2 : 1; + opd->uidmode = extraflags? 2 : 1; _gpgme_engine_set_status_handler (ctx->engine, genkey_status_handler, ctx); @@ -528,7 +528,7 @@ addrevuid_start (gpgme_ctx_t ctx, int synchronous, int revoke, userid, NULL, 0, 0, key, flags, NULL, - revoke? GENKEY_EXTRAFLAG_REVOKE : 0, + extraflags, NULL, NULL); } @@ -584,7 +584,7 @@ gpgme_op_revuid_start (gpgme_ctx_t ctx, if (!ctx) return TRACE_ERR (gpg_error (GPG_ERR_INV_ARG)); - err = addrevuid_start (ctx, 0, 1, key, userid, flags); + err = addrevuid_start (ctx, 0, GENKEY_EXTRAFLAG_REVOKE, key, userid, flags); return TRACE_ERR (err); } @@ -601,8 +601,60 @@ gpgme_op_revuid (gpgme_ctx_t ctx, if (!ctx) return TRACE_ERR (gpg_error (GPG_ERR_INV_ARG)); - err = addrevuid_start (ctx, 1, 1, key, userid, flags); + err = addrevuid_start (ctx, 1, GENKEY_EXTRAFLAG_REVOKE, key, userid, flags); if (!err) err = _gpgme_wait_one (ctx); return TRACE_ERR (err); } + + +/* Set a flag on the USERID of KEY. The only supported flag right now + * is "primary" to mark the primary key. */ +static gpg_error_t +set_uid_flag (gpgme_ctx_t ctx, int synchronous, + gpgme_key_t key, const char *userid, + const char *name, const char *value) +{ + gpgme_error_t err; + + TRACE_BEG4 (DEBUG_CTX, "gpgme_op_set_uid_flag", ctx, + "%d uid='%s' '%s'='%s'", synchronous, userid, name, value); + + if (!ctx || !name || !key || !userid) + return TRACE_ERR (gpg_error (GPG_ERR_INV_ARG)); + + if (!strcmp (name, "primary")) + { + if (value) + err = gpg_error (GPG_ERR_INV_ARG); + else + err = addrevuid_start (ctx, synchronous, + GENKEY_EXTRAFLAG_SETPRIMARY, key, userid, 0); + } + else + return err = gpg_error (GPG_ERR_UNKNOWN_NAME); + + if (synchronous && !err) + err = _gpgme_wait_one (ctx); + return TRACE_ERR (err); +} + + +/* See set_uid_flag. */ +gpgme_error_t +gpgme_op_set_uid_flag_start (gpgme_ctx_t ctx, + gpgme_key_t key, const char *userid, + const char *name, const char *value) +{ + return set_uid_flag (ctx, 0, key, userid, name, value); +} + + +/* See set_uid_flag. Thsi is the synchronous variant. */ +gpgme_error_t +gpgme_op_set_uid_flag (gpgme_ctx_t ctx, + gpgme_key_t key, const char *userid, + const char *name, const char *value) +{ + return set_uid_flag (ctx, 1, key, userid, name, value); +} diff --git a/src/gpgme.def b/src/gpgme.def index ddd57d3..9faffb8 100644 --- a/src/gpgme.def +++ b/src/gpgme.def @@ -256,5 +256,8 @@ EXPORTS gpgme_op_keylist_from_data_start @192 + gpgme_op_set_uid_flag_start @193 + gpgme_op_set_uid_flag @194 + ; END diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 16191eb..e9ee6e2 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -1726,6 +1726,13 @@ gpgme_error_t gpgme_op_revuid (gpgme_ctx_t ctx, gpgme_key_t key, const char *userid, unsigned int reserved); +/* Set a flag on the USERID of KEY. See the manual for supported flags. */ +gpgme_error_t gpgme_op_set_uid_flag_start (gpgme_ctx_t ctx, + gpgme_key_t key, const char *userid, + const char *name, const char *value); +gpgme_error_t gpgme_op_set_uid_flag (gpgme_ctx_t ctx, + gpgme_key_t key, const char *userid, + const char *name, const char *value); /* Retrieve a pointer to the result of a genkey, createkey, or diff --git a/src/libgpgme.vers b/src/libgpgme.vers index 9344a75..037a6ae 100644 --- a/src/libgpgme.vers +++ b/src/libgpgme.vers @@ -126,6 +126,9 @@ GPGME_1.1 { gpgme_op_query_swdb; gpgme_op_query_swdb_result; + + gpgme_op_set_uid_flag_start; + gpgme_op_set_uid_flag; }; diff --git a/tests/run-genkey.c b/tests/run-genkey.c index c5abc42..91edb22 100644 --- a/tests/run-genkey.c +++ b/tests/run-genkey.c @@ -204,10 +204,12 @@ show_usage (int ex) " for addkey: FPR [ALGO [USAGE [EXPIRESECONDS]]]\n" " for adduid: FPR USERID\n" " for revuid: FPR USERID\n" + " for set-primary: FPR USERID\n" "Options:\n" " --addkey add a subkey to the key with FPR\n" " --adduid add a user id to the key with FPR\n" - " --revuid Revoke a user id from the key with FPR\n" + " --revuid revoke a user id from the key with FPR\n" + " --set-primary set the primary key flag on USERID\n" " --verbose run in verbose mode\n" " --status print status lines from the backend\n" " --progress print progress info\n" @@ -234,6 +236,7 @@ main (int argc, char **argv) int addkey = 0; int adduid = 0; int revuid = 0; + int setpri = 0; const char *userid; const char *algo = NULL; const char *newuserid = NULL; @@ -259,6 +262,7 @@ main (int argc, char **argv) addkey = 1; adduid = 0; revuid = 0; + setpri = 0; argc--; argv++; } else if (!strcmp (*argv, "--adduid")) @@ -266,6 +270,7 @@ main (int argc, char **argv) addkey = 0; adduid = 1; revuid = 0; + setpri = 0; argc--; argv++; } else if (!strcmp (*argv, "--revuid")) @@ -273,6 +278,15 @@ main (int argc, char **argv) addkey = 0; adduid = 0; revuid = 1; + setpri = 0; + argc--; argv++; + } + else if (!strcmp (*argv, "--set-primary")) + { + addkey = 0; + adduid = 0; + revuid = 0; + setpri = 1; argc--; argv++; } else if (!strcmp (*argv, "--verbose")) @@ -319,7 +333,7 @@ main (int argc, char **argv) show_usage (1); } - if (adduid || revuid) + if (adduid || revuid || setpri) { if (argc != 2) show_usage (1); @@ -358,7 +372,7 @@ main (int argc, char **argv) gpgme_set_passphrase_cb (ctx, passphrase_cb, NULL); } - if (addkey || adduid || revuid) + if (addkey || adduid || revuid || setpri) { gpgme_key_t akey; @@ -400,6 +414,16 @@ main (int argc, char **argv) exit (1); } } + else if (setpri) + { + err = gpgme_op_set_uid_flag (ctx, akey, newuserid, "primary", NULL); + if (err) + { + fprintf (stderr, PGM ": gpgme_op_set_uid_flag failed: %s\n", + gpg_strerror (err)); + exit (1); + } + } gpgme_key_unref (akey); } else @@ -413,26 +437,29 @@ main (int argc, char **argv) } } - result = gpgme_op_genkey_result (ctx); - if (!result) + if (!setpri) { - fprintf (stderr, PGM": gpgme_op_genkey_result returned NULL\n"); - exit (1); - } + result = gpgme_op_genkey_result (ctx); + if (!result) + { + fprintf (stderr, PGM": gpgme_op_genkey_result returned NULL\n"); + exit (1); + } - printf ("Generated key: %s (%s)\n", - result->fpr ? result->fpr : "none", - result->primary ? (result->sub ? "primary, sub" : "primary") - /**/ : (result->sub ? "sub" : "none")); - - if (result->fpr && strlen (result->fpr) < 40) - fprintf (stderr, PGM": generated key has unexpected fingerprint\n"); - if (!result->primary) - fprintf (stderr, PGM": primary key was not generated\n"); - if (!result->sub) - fprintf (stderr, PGM": sub key was not generated\n"); - if (!result->uid) - fprintf (stderr, PGM": uid was not generated\n"); + printf ("Generated key: %s (%s)\n", + result->fpr ? result->fpr : "none", + result->primary ? (result->sub ? "primary, sub" : "primary") + /**/ : (result->sub ? "sub" : "none")); + + if (result->fpr && strlen (result->fpr) < 40) + fprintf (stderr, PGM": generated key has unexpected fingerprint\n"); + if (!result->primary) + fprintf (stderr, PGM": primary key was not generated\n"); + if (!result->sub) + fprintf (stderr, PGM": sub key was not generated\n"); + if (!result->uid) + fprintf (stderr, PGM": uid was not generated\n"); + } gpgme_release (ctx); return 0; ----------------------------------------------------------------------- Summary of changes: NEWS | 6 +++-- doc/gpgme.texi | 55 +++++++++++++++++++++++++++++++++++++++++++ src/engine-gpg.c | 11 +++++++-- src/engine.h | 5 ++-- src/genkey.c | 62 ++++++++++++++++++++++++++++++++++++++++++++---- src/gpgme.def | 3 +++ src/gpgme.h.in | 7 ++++++ src/libgpgme.vers | 3 +++ tests/run-genkey.c | 69 +++++++++++++++++++++++++++++++++++++----------------- 9 files changed, 189 insertions(+), 32 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 22 13:04:08 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 22 Mar 2017 13:04:08 +0100 Subject: [git] gnupg-doc - branch, master, updated. cd30c85d4e9c65753809c096bfc0324146f1ebe7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via cd30c85d4e9c65753809c096bfc0324146f1ebe7 (commit) from e0a846a50bd44c95c4331a4c24e049c21124a1c4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cd30c85d4e9c65753809c096bfc0324146f1ebe7 Author: Werner Koch Date: Wed Mar 22 13:00:42 2017 +0100 faq: Minor addition to whats-new-in-2.1.org diff --git a/web/faq/whats-new-in-2.1.org b/web/faq/whats-new-in-2.1.org index b4782d4..392b57c 100644 --- a/web/faq/whats-new-in-2.1.org +++ b/web/faq/whats-new-in-2.1.org @@ -452,6 +452,25 @@ pub ed25519/8CFDE12197965A9A 2014-08-19 uid [ unknown] Sample 2 #+end_example +Since version 2.1.17 the expiration date of the primary key can be +changed directly: + +#+begin_example +$ gpg --quick-set-expire 5B83120DB1E3A65AE5A8DCF6AA43F1DCC7FED1B7 2017-12-31 +$ gpg -K 5B83120DB1E3A65AE5A8DCF6AA43F1DCC7FED1B7 +sec rsa2048 2016-06-22 [SC] [expires: 2017-12-31] + 5B83120DB1E3A65AE5A8DCF6AA43F1DCC7FED1B7 +uid [ultimate] steve.biko at example.net +ssb rsa2048 2016-06-22 [E] + +$ gpg --quick-set-expire 5B83120DB1E3A65AE5A8DCF6AA43F1DCC7FED1B7 none +$ gpg -K 5B83120DB1E3A65AE5A8DCF6AA43F1DCC7FED1B7 +sec rsa2048 2016-06-22 [SC] + 5B83120DB1E3A65AE5A8DCF6AA43F1DCC7FED1B7 +uid [ultimate] steve.biko at example.net +ssb rsa2048 2016-06-22 [E] +#+end_example + ** Improved Pinentry support :PROPERTIES: @@ -653,6 +672,10 @@ for the SmartCard-HSM has been added. More card readers with a PIN pad are supported. The internal CCID driver does now also work with certain non-auto-configuration equipped readers. +Since version 2.1.19 multiple card readers are support and the format +of the Pinentry prompts has been changed to show more information on +the requested card. + ** New format for key listings :PROPERTIES: :CUSTOM_ID: keylist @@ -822,7 +845,7 @@ will be added with one of the next point releases. #+BEGIN_ASCII -# Copyright 2014--2016 The GnuPG Project. +# Copyright 2014--2017 The GnuPG Project. # This work is licensed under the Creative Commons # Attribution-ShareAlike 4.0 International License. To view a copy of # this license, visit http://creativecommons.org/licenses/by-sa/4.0/ ----------------------------------------------------------------------- Summary of changes: web/faq/whats-new-in-2.1.org | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 22 15:38:43 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 22 Mar 2017 15:38:43 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.8.0-113-g104635e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 104635eb503ec764146731888a6975b4329660fd (commit) from 421ddd1e6706046c5062417fd69a87e10c9fc0a9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 104635eb503ec764146731888a6975b4329660fd Author: Justus Winter Date: Wed Mar 22 15:33:06 2017 +0100 python: Improve Python detection. * m4/python.m4 (_AM_PYTHON_INTERPRETER_LIST): Prefer the generic 'pythonX' over 'pythonX.Y'. This way we select the users preferred version for both flavors. Prefer 'python' over 'python3' but not over 'python2' so that the algorithm still finds a 'python2' even if 'python' is a Python3. Fixes-commit: 5189c08af9468cdeb6f16a6ecd0fee53e1e3aa0e Signed-off-by: Justus Winter diff --git a/m4/python.m4 b/m4/python.m4 index 13962f4..822b2dd 100644 --- a/m4/python.m4 +++ b/m4/python.m4 @@ -37,8 +37,10 @@ AC_DEFUN([AM_PATH_PYTHON], dnl Find a Python interpreter. Python versions prior to 2.0 are not dnl supported. (2.0 was released on October 16, 2000). m4_define_default([_AM_PYTHON_INTERPRETER_LIST], -[python2.7 python2 python3.0 python3.1 python3.2 python3.3 python3.4 dnl - python3.5 python3.6 python3.7 python3.8 python3 python]) +[python2 python2.7 dnl + python dnl + python3 python3.0 python3.1 python3.2 python3.3 dnl + python3.4 python3.5 python3.6 python3.7 python3.8]) AC_ARG_VAR([PYTHON], [the Python interpreter]) ----------------------------------------------------------------------- Summary of changes: m4/python.m4 | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 22 15:49:14 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 22 Mar 2017 15:49:14 +0100 Subject: [git] gnupg-doc - branch, master, updated. c696d1acc447bf3b7c8a21dd3ceab2ad3f9a0eca Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via c696d1acc447bf3b7c8a21dd3ceab2ad3f9a0eca (commit) from cd30c85d4e9c65753809c096bfc0324146f1ebe7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c696d1acc447bf3b7c8a21dd3ceab2ad3f9a0eca Author: Werner Koch Date: Wed Mar 22 15:46:11 2017 +0100 web: Explain a bit more what Libgpg-error is about. diff --git a/web/related_software/libgpg-error/index.org b/web/related_software/libgpg-error/index.org index f467f80..0749f5c 100644 --- a/web/related_software/libgpg-error/index.org +++ b/web/related_software/libgpg-error/index.org @@ -3,9 +3,27 @@ * Libgpg-error - /Libgpg-error/ is a small library that defines common error values - for all GnuPG components. Among these are GPG, GPGSM, GPGME, - GPG-Agent, libgcrypt, Libksba, DirMngr, Pinentry, SmartCard Daemon - and possibly more in the future. + /Libgpg-error/ is a small library that originally defined common + error values for all GnuPG components. Among these are GPG, GPGSM, + GPGME, GPG-Agent, libgcrypt, Libksba, DirMngr, Pinentry, SCdaemon. + Because /Libgpg-error/ is a common dependency all GnuPG components, + more features have been added to the library: + + - An extended stream library (estream) which for example allows the + use of memory or cookie based streams. + + - A printf implementation to provide a uniform interface on all + platforms. This also includes asprintf style functions. + + - An implementation of locks (mutexes). + + - A gettext implementation for use on Windows + + - A Base64 decoder + + This library will eventually be renamed to /Libgpgrt/ to reflect + that this is a runtime library for GnuPG and other software which + likes to use it. The latest version already comes with a header + file "gpgrt.h" which can be used instead of "gpg-error.h". See the [[file:../../download/index.org::libgpg-error][download]] section for the latest tarball. ----------------------------------------------------------------------- Summary of changes: web/related_software/libgpg-error/index.org | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 22 16:44:02 2017 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Wed, 22 Mar 2017 16:44:02 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.8.0-116-g66c3346 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 66c334650bd64fdb72c4bd5975e25b8659d320ec (commit) via 8ddb42ada46f00d8393f6c2df7d6b79a4a5878f0 (commit) via 121873b821636052c10d9e0bd885eb9013c52096 (commit) from 104635eb503ec764146731888a6975b4329660fd (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 66c334650bd64fdb72c4bd5975e25b8659d320ec Author: Andre Heinecke Date: Wed Mar 22 16:41:04 2017 +0100 qt: Add test for Data::toKeys * lang/qt/tests/t-various.cpp (TestVarious::testKeyFromFile): New. diff --git a/lang/qt/tests/t-various.cpp b/lang/qt/tests/t-various.cpp index 2b51fe6..35d8da9 100644 --- a/lang/qt/tests/t-various.cpp +++ b/lang/qt/tests/t-various.cpp @@ -43,12 +43,28 @@ #include "context.h" #include "engineinfo.h" #include "dn.h" +#include "data.h" +#include "dataprovider.h" #include "t-support.h" using namespace QGpgME; using namespace GpgME; +static const char aKey[] = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +"\n" +"mDMEWG+w/hYJKwYBBAHaRw8BAQdAiq1oStvDYg8ZfFs5DgisYJo8dJxD+C/AA21O\n" +"K/aif0O0GXRvZnVfY29uZmxpY3RAZXhhbXBsZS5jb22IlgQTFggAPhYhBHoJBLaV\n" +"DamYAgoa1L5BwMOl/x88BQJYb7D+AhsDBQkDwmcABQsJCAcCBhUICQoLAgQWAgMB\n" +"Ah4BAheAAAoJEL5BwMOl/x88GvwA/0SxkbLyAcshGm2PRrPsFQsSVAfwaSYFVmS2\n" +"cMVIw1PfAQDclRH1Z4MpufK07ju4qI33o4s0UFpVRBuSxt7A4P2ZD7g4BFhvsP4S\n" +"CisGAQQBl1UBBQEBB0AmVrgaDNJ7K2BSalsRo2EkRJjHGqnp5bBB0tapnF81CQMB\n" +"CAeIeAQYFggAIBYhBHoJBLaVDamYAgoa1L5BwMOl/x88BQJYb7D+AhsMAAoJEL5B\n" +"wMOl/x88OR0BAMq4/vmJUORRTmzjHcv/DDrQB030DSq666rlckGIKTShAPoDXM9N\n" +"0gZK+YzvrinSKZXHmn0aSwmC1/hyPybJPEljBw==\n" +"=p2Oj\n" +"-----END PGP PUBLIC KEY BLOCK-----\n"; + class TestVarious: public QGpgMETest { Q_OBJECT @@ -67,6 +83,20 @@ private Q_SLOTS: QVERIFY(dn.prettyDN() == QStringLiteral("DC=North America,DC=Fabrikam,DC=COM,OU=Test,CN=Before\rAfter")); } + void testKeyFromFile() + { + if (GpgME::engineInfo(GpgME::GpgEngine).engineVersion() < "2.1.14") { + return; + } + QGpgME::QByteArrayDataProvider dp(aKey); + Data data(&dp); + const auto keys = data.toKeys(); + QVERIFY(keys.size() == 1); + const auto key = keys[0]; + QVERIFY(!key.isNull()); + QVERIFY(key.primaryFingerprint() == QStringLiteral("7A0904B6950DA998020A1AD4BE41C0C3A5FF1F3C")); + } + void testQuickUid() { if (GpgME::engineInfo(GpgME::GpgEngine).engineVersion() < "2.1.13") { commit 8ddb42ada46f00d8393f6c2df7d6b79a4a5878f0 Author: Andre Heinecke Date: Wed Mar 22 16:38:35 2017 +0100 cpp: Wrap keylist_from_data * lang/cpp/data.h, lang/cpp/data.cpp (GpgME::Data::toKeys): New. -- Doing this in data instead of Context is a bit more idiomatic. But this could also be added to Context. diff --git a/NEWS b/NEWS index 367b718..d03fe80 100644 --- a/NEWS +++ b/NEWS @@ -26,6 +26,7 @@ Noteworthy changes in version 1.8.1 (unreleased) cpp: GpgGenCardKeyInteractor NEW. cpp: Subkey::keyGrip NEW. cpp: Subkey::isDeVs NEW. + cpp: Data::toKeys NEW. qt: CryptoConfig::stringValueList() NEW. py: Context.__init__ EXTENDED: New keyword arg home_dir. py: Context.home_dir NEW. diff --git a/lang/cpp/src/data.cpp b/lang/cpp/src/data.cpp index 2cb4fa8..32ca561 100644 --- a/lang/cpp/src/data.cpp +++ b/lang/cpp/src/data.cpp @@ -25,6 +25,7 @@ #endif #include "data_p.h" +#include "context_p.h" #include #include @@ -230,3 +231,26 @@ off_t GpgME::Data::seek(off_t offset, int whence) { return gpgme_data_seek(d->data, offset, whence); } + +std::vector GpgME::Data::toKeys(Protocol proto) const +{ + std::vector ret; + if (isNull()) { + return ret; + } + auto ctx = GpgME::Context::createForProtocol(proto); + if (!ctx) { + return ret; + } + + if (gpgme_op_keylist_from_data_start (ctx->impl()->ctx, d->data, 0)) { + return ret; + } + + gpgme_key_t key; + while (!gpgme_op_keylist_next (ctx->impl()->ctx, &key)) { + ret.push_back(GpgME::Key(key, false)); + } + delete ctx; + return ret; +} diff --git a/lang/cpp/src/data.h b/lang/cpp/src/data.h index 50bdf62..cc7906f 100644 --- a/lang/cpp/src/data.h +++ b/lang/cpp/src/data.h @@ -24,6 +24,7 @@ #define __GPGMEPP_DATA_H__ #include "global.h" +#include "key.h" #include // for size_t, off_t #include // FILE @@ -109,6 +110,10 @@ public: ssize_t write(const void *buffer, size_t length); off_t seek(off_t offset, int whence); + /** Try to parse the data to a key object using the + * Protocol proto. Returns an empty list on error.*/ + std::vector toKeys(const Protocol proto = Protocol::OpenPGP) const; + class Private; Private *impl() { commit 121873b821636052c10d9e0bd885eb9013c52096 Author: Andre Heinecke Date: Wed Mar 22 16:34:29 2017 +0100 qt: Initialize library first in tests * lang/qt/tests/t-support.cpp (QGpgMETest::initTestCase): Initialize library. diff --git a/lang/qt/tests/t-support.cpp b/lang/qt/tests/t-support.cpp index 857d0a3..b3a7a70 100644 --- a/lang/qt/tests/t-support.cpp +++ b/lang/qt/tests/t-support.cpp @@ -34,6 +34,7 @@ #endif #include "t-support.h" +#include "context.h" #include @@ -44,6 +45,7 @@ void QGpgMETest::initTestCase() { + GpgME::initializeLibrary(); const QString gpgHome = qgetenv("GNUPGHOME"); QVERIFY2(!gpgHome.isEmpty(), "GNUPGHOME environment variable is not set."); } ----------------------------------------------------------------------- Summary of changes: NEWS | 1 + lang/cpp/src/data.cpp | 24 ++++++++++++++++++++++++ lang/cpp/src/data.h | 5 +++++ lang/qt/tests/t-support.cpp | 2 ++ lang/qt/tests/t-various.cpp | 30 ++++++++++++++++++++++++++++++ 5 files changed, 62 insertions(+) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 22 16:52:41 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 22 Mar 2017 16:52:41 +0100 Subject: [git] gnupg-doc - branch, master, updated. 98a689003c8f05c25b865a50bc90c0425a2f0d88 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 98a689003c8f05c25b865a50bc90c0425a2f0d88 (commit) from c696d1acc447bf3b7c8a21dd3ceab2ad3f9a0eca (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 98a689003c8f05c25b865a50bc90c0425a2f0d88 Author: Werner Koch Date: Wed Mar 22 16:49:39 2017 +0100 web: Update service.org - Removed 3 entries from the listing - Divided listing up into techniucal and training. - Move entry from the Home menu to the Support menu. diff --git a/web/service.org b/web/service.org index 1ec6de8..ee061b1 100644 --- a/web/service.org +++ b/web/service.org @@ -5,10 +5,10 @@ * Commercial support As part of the GNU project, GnuPG is community developed, and everyone -is welcome to contribute under certain conditions. Some companies are -offering paid services to meet specific needs. This page contain links -to companies that wishes to announce their interest in working with -GnuPG and related software. +is welcome to contribute under certain conditions. Some companies are +offering paid services to meet specific needs. This page contains +links to companies that wishes to announce their interest in working +with GnuPG and related software. The information on this page comes from companies who asked to be listed; we do not include any information we know to be false, but we @@ -19,6 +19,19 @@ usually no information about the abilities of any specific person. We provide this list to enable you to contact service providers. +** Privacy training + + The companies listed here provide mainly non-technical training + and consulting on secure communication. + + /none so far/ + + +** Technical support + + The companies listed here provide mainly technical support and + consulting. + - [[http://g10code.com][g10 Code GmbH]], D?sseldorf, Germany :: Offers customized development, porting to new platforms, help with integrating GnuPG into your own projects, code audits, and more. g10 Code @@ -45,26 +58,32 @@ provide this list to enable you to contact service providers. testimony regarding the legal implications of PGP deployments and use in the context of European Union electronic signature legislation. - - [[https://www.encryptioncorp.com][EncryptionCorp]], Toronto, Canada :: EncryptionCorp located in - Ontario, Canada is both Toronto and Peterborough's leading-edge - encryption consulting firms. We train and consult for companies - as well as their employees on much more than just how to use - encryption. Our small yet powerful organization is able to - train staff on the safest and fastest ways to handle an - organization's data, without cross contamination. We teach - everything from the simplest methods of password management to - quantum encryption. We do all this in little more than 3 hours - (including 4 breaks) with our non-invasive easy to understand - media. - - [[http://lsupport.net][Linux Support LLC]], Kiev, Ukraine :: Linux Support LLC provides - consulting services using GnuPG and related tools, integrated - security for individuals, soho and enterprise in Ukraine. - - [[https://5coluna.com/][5? Coluna]], Portugal :: Offers GNU/Linux support and consulting for - helpdesk/ticketing software, discussion lists, backup and - small and medium sized companies, including GnuPG services like - disaster recovery using GnuPG and the OpenPGP card, as well as - general GnuPG implementations on Microsoft Windows and - Linux-based systems. +# Disabled 2017-03-22 (no connection for a long time): +# - [[https://www.encryptioncorp.com][EncryptionCorp]], Toronto, Canada :: EncryptionCorp located in +# Ontario, Canada is both Toronto and Peterborough's leading-edge +# encryption consulting firms. We train and consult for companies +# as well as their employees on much more than just how to use +# encryption. Our small yet powerful organization is able to +# train staff on the safest and fastest ways to handle an +# organization's data, without cross contamination. We teach +# everything from the simplest methods of password management to +# quantum encryption. We do all this in little more than 3 hours +# (including 4 breaks) with our non-invasive easy to understand +# media. +# Disabled 2017-03-22 (website points to a random github repo): +# - [[http://lsupport.net][Linux Support LLC]], Kiev, Ukraine :: Linux Support LLC provides +# consulting services using GnuPG and related tools, integrated +# security for individuals, soho and enterprise in Ukraine. +# Disabled 2017-03-22 (domain is for sale): +# - [[https://5coluna.com/][5? Coluna]], Portugal :: Offers GNU/Linux support and consulting for +# helpdesk/ticketing software, discussion lists, backup and +# small and medium sized companies, including GnuPG services like +# disaster recovery using GnuPG and the OpenPGP card, as well as +# general GnuPG implementations on Microsoft Windows and +# Linux-based systems. + + +** How to get listed Before we will list your name on this page, we ask that you agree informally to the following terms: @@ -72,17 +91,17 @@ informally to the following terms: 1. You will not restrict (except by copyleft) the use or distribution of any software, documentation, or other technical information you supply anyone in the course of modifying, - extending, or supporting free software. This includes any + extending, or supporting free software. This includes any information specifically designed to ameliorate the use of free software. 2. You will not take advantage of contact made through this page to - advertise an unrelated business (e.g., sales of proprietary - information). You may spontaneously mention your availability for - general consulting, but you should not promote a specific + advertise an unrelated business (e.g. sales of proprietary + information). You may spontaneously mention your availability + for general consulting, but you should not promote a specific unrelated business unless the client asks. -To have your information added to this list, please send a mail to the -webmaster. The information is listed in the order we receive requests. -We might eventually divide the list up by geographic location or type -of service. +To have your information added to this list, please send mail to +service-listing at gnupg.org. The entries are listed in the order +we receive requests. We might eventually divide the list up by +geographic location or type of service. diff --git a/web/share/gpgweb.el b/web/share/gpgweb.el index cd6163a..30ce07d 100644 --- a/web/share/gpgweb.el +++ b/web/share/gpgweb.el @@ -114,6 +114,7 @@ if not available." ("/documentation/guides.html" "Guides") ("/documentation/faqs.html" "FAQs") ("/documentation/mailing-lists.html" "Mailing Lists") + ("/service.html" "3rd Party Support") ("/documentation/bts.html" "Bug Tracker") ("/documentation/security.html" "Security"))) ("/related_software/index.html" ----------------------------------------------------------------------- Summary of changes: web/service.org | 83 ++++++++++++++++++++++++++++++++--------------------- web/share/gpgweb.el | 1 + 2 files changed, 52 insertions(+), 32 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 22 17:27:43 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 22 Mar 2017 17:27:43 +0100 Subject: [git] gnupg-doc - branch, master, updated. 4ce39482d0f52ea9205c4c7e099443c07fc2fd2d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 4ce39482d0f52ea9205c4c7e099443c07fc2fd2d (commit) from 98a689003c8f05c25b865a50bc90c0425a2f0d88 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4ce39482d0f52ea9205c4c7e099443c07fc2fd2d Author: Werner Koch Date: Wed Mar 22 17:24:38 2017 +0100 web: Update image of mine. diff --git a/web/people/werner.png b/web/people/werner.png index 3b0a8b8..303cd79 100644 Binary files a/web/people/werner.png and b/web/people/werner.png differ diff --git a/web/share/gpgweb.el b/web/share/gpgweb.el index 30ce07d..f7713e9 100644 --- a/web/share/gpgweb.el +++ b/web/share/gpgweb.el @@ -93,8 +93,7 @@ if not available." ("/features.html" "Features") ("/news.html" "News") ("/people/index.html" "People") - ("/documentation/sites.html" "Sites") - ("/service.html" "Service"))) + ("/documentation/sites.html" "Sites"))) ("/donate/index.html" "Donate" (("/donate/index.html" "Donate") ----------------------------------------------------------------------- Summary of changes: web/people/werner.png | Bin 22010 -> 33203 bytes web/share/gpgweb.el | 3 +-- 2 files changed, 1 insertion(+), 2 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 22 19:27:14 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 22 Mar 2017 19:27:14 +0100 Subject: [git] gnupg-doc - branch, master, updated. 40ee3849c94fd93fc990c4bff90e1f5c65d701df Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 40ee3849c94fd93fc990c4bff90e1f5c65d701df (commit) from 4ce39482d0f52ea9205c4c7e099443c07fc2fd2d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 40ee3849c94fd93fc990c4bff90e1f5c65d701df Author: Werner Koch Date: Wed Mar 22 19:24:06 2017 +0100 web: Make me transparent diff --git a/web/people/werner.png b/web/people/werner.png index 303cd79..7cb2bd4 100644 Binary files a/web/people/werner.png and b/web/people/werner.png differ ----------------------------------------------------------------------- Summary of changes: web/people/werner.png | Bin 33203 -> 34897 bytes 1 file changed, 0 insertions(+), 0 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 22 23:56:16 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 22 Mar 2017 23:56:16 +0100 Subject: [git] gnupg-doc - branch, master, updated. 5def56debc2a9b3f97c64d62227d9fd44d07decd Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 5def56debc2a9b3f97c64d62227d9fd44d07decd (commit) via 169a333729554cd63ae13dd099f87337d2ae47d4 (commit) via b90c7375a7dde61d0bdcad6ced19916639bfcb6a (commit) via b92814592facfe7d103e61e6d563db665e9dd0c1 (commit) from 40ee3849c94fd93fc990c4bff90e1f5c65d701df (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5def56debc2a9b3f97c64d62227d9fd44d07decd Author: Werner Koch Date: Wed Mar 22 23:53:04 2017 +0100 web: Document required symlink Also re-create the symlinks while building thge website. diff --git a/README b/README index e7e5d2b..ad2feed 100644 --- a/README +++ b/README @@ -75,8 +75,11 @@ The howtos are symlinked into the www.gnupg.org tree; see below. #+begin_example howtos -> ../../howtos.gnupg.org/htdocs +related_software -> software #+end_example +The website-build script assures that these symlinks exist + ** Cronjobs A cronjob needs to run mkkudos.sh to update the list of donors. diff --git a/tools/build-website.sh b/tools/build-website.sh index d4a5330..c885ab8 100755 --- a/tools/build-website.sh +++ b/tools/build-website.sh @@ -214,6 +214,10 @@ if [ -n "$sync_web" ]; then rsync -rlt --exclude '*~' --exclude '*.tmp' \ . ${htdocs_web}/ touch ${htdocs_web}/donate/donors.dat + cd ${htdocs_web} + ln -sf ../../howtos.gnupg.org/htdocs howtos + ln -sf software related_software + cd "$sync_web" any_sync=yes fi commit 169a333729554cd63ae13dd099f87337d2ae47d4 Author: Werner Koch Date: Wed Mar 22 23:40:35 2017 +0100 web: Rename related_software/ to just software/ diff --git a/web/related_software/frontends.org b/web/software/frontends.org similarity index 100% rename from web/related_software/frontends.org rename to web/software/frontends.org diff --git a/web/related_software/gpa/icons.org b/web/software/gpa/icons.org similarity index 100% rename from web/related_software/gpa/icons.org rename to web/software/gpa/icons.org diff --git a/web/related_software/gpa/icons/decrypt.png b/web/software/gpa/icons/decrypt.png similarity index 100% rename from web/related_software/gpa/icons/decrypt.png rename to web/software/gpa/icons/decrypt.png diff --git a/web/related_software/gpa/icons/dont_trust.png b/web/software/gpa/icons/dont_trust.png similarity index 100% rename from web/related_software/gpa/icons/dont_trust.png rename to web/software/gpa/icons/dont_trust.png diff --git a/web/related_software/gpa/icons/encrypt.png b/web/software/gpa/icons/encrypt.png similarity index 100% rename from web/related_software/gpa/icons/encrypt.png rename to web/software/gpa/icons/encrypt.png diff --git a/web/related_software/gpa/icons/keyring.png b/web/software/gpa/icons/keyring.png similarity index 100% rename from web/related_software/gpa/icons/keyring.png rename to web/software/gpa/icons/keyring.png diff --git a/web/related_software/gpa/icons/sign.png b/web/software/gpa/icons/sign.png similarity index 100% rename from web/related_software/gpa/icons/sign.png rename to web/software/gpa/icons/sign.png diff --git a/web/related_software/gpa/icons/trust_fully.png b/web/software/gpa/icons/trust_fully.png similarity index 100% rename from web/related_software/gpa/icons/trust_fully.png rename to web/software/gpa/icons/trust_fully.png diff --git a/web/related_software/gpa/icons/trust_marginally.png b/web/software/gpa/icons/trust_marginally.png similarity index 100% rename from web/related_software/gpa/icons/trust_marginally.png rename to web/software/gpa/icons/trust_marginally.png diff --git a/web/related_software/gpa/icons/trust_unknown.png b/web/software/gpa/icons/trust_unknown.png similarity index 100% rename from web/related_software/gpa/icons/trust_unknown.png rename to web/software/gpa/icons/trust_unknown.png diff --git a/web/related_software/gpa/index.org b/web/software/gpa/index.org similarity index 100% rename from web/related_software/gpa/index.org rename to web/software/gpa/index.org diff --git a/web/related_software/gpa/screenshots.org b/web/software/gpa/screenshots.org similarity index 100% rename from web/related_software/gpa/screenshots.org rename to web/software/gpa/screenshots.org diff --git a/web/related_software/gpa/screenshots/main_window.png b/web/software/gpa/screenshots/main_window.png similarity index 100% rename from web/related_software/gpa/screenshots/main_window.png rename to web/software/gpa/screenshots/main_window.png diff --git a/web/related_software/gpa/screenshots/public_keyring_dialog.png b/web/software/gpa/screenshots/public_keyring_dialog.png similarity index 100% rename from web/related_software/gpa/screenshots/public_keyring_dialog.png rename to web/software/gpa/screenshots/public_keyring_dialog.png diff --git a/web/related_software/gpgme/index.org b/web/software/gpgme/index.org similarity index 100% rename from web/related_software/gpgme/index.org rename to web/software/gpgme/index.org diff --git a/web/related_software/index.org b/web/software/index.org similarity index 100% rename from web/related_software/index.org rename to web/software/index.org diff --git a/web/related_software/libassuan/index.org b/web/software/libassuan/index.org similarity index 100% rename from web/related_software/libassuan/index.org rename to web/software/libassuan/index.org diff --git a/web/related_software/libgcrypt/index.org b/web/software/libgcrypt/index.org similarity index 100% rename from web/related_software/libgcrypt/index.org rename to web/software/libgcrypt/index.org diff --git a/web/related_software/libgpg-error/index.org b/web/software/libgpg-error/index.org similarity index 100% rename from web/related_software/libgpg-error/index.org rename to web/software/libgpg-error/index.org diff --git a/web/related_software/libksba/index.org b/web/software/libksba/index.org similarity index 100% rename from web/related_software/libksba/index.org rename to web/software/libksba/index.org diff --git a/web/related_software/libraries.org b/web/software/libraries.org similarity index 100% rename from web/related_software/libraries.org rename to web/software/libraries.org diff --git a/web/related_software/npth/index.org b/web/software/npth/index.org similarity index 100% rename from web/related_software/npth/index.org rename to web/software/npth/index.org diff --git a/web/related_software/ntbtls/index.org b/web/software/ntbtls/index.org similarity index 100% rename from web/related_software/ntbtls/index.org rename to web/software/ntbtls/index.org diff --git a/web/related_software/pinentry/index.org b/web/software/pinentry/index.org similarity index 100% rename from web/related_software/pinentry/index.org rename to web/software/pinentry/index.org diff --git a/web/related_software/swlist.org b/web/software/swlist.org similarity index 100% rename from web/related_software/swlist.org rename to web/software/swlist.org diff --git a/web/related_software/tools.org b/web/software/tools.org similarity index 100% rename from web/related_software/tools.org rename to web/software/tools.org commit b90c7375a7dde61d0bdcad6ced19916639bfcb6a Author: Werner Koch Date: Wed Mar 22 23:39:25 2017 +0100 web: Change links to related_software/ to just software/ A second patch will rename the directory. diff --git a/web/aegypten2/index.org b/web/aegypten2/index.org index 5eabafc..bba9c2e 100644 --- a/web/aegypten2/index.org +++ b/web/aegypten2/index.org @@ -113,11 +113,11 @@ First make sure you installed - [[https://www.gnupg.org][GnuPG]] >= 1.2.5 - - [[https://www.gnupg.org/related_software/libgpg-error/][libgpg-error]] + - [[https://www.gnupg.org/software/libgpg-error/][libgpg-error]] >= 1.0.0 - [[https://directory.fsf.org/security/libgcrypt.html][libgcrypt]] >= 1.2.0 - - [[https://www.gnupg.org/related_software/gpgme/index.html][GpgME]] + - [[https://www.gnupg.org/software/gpgme/index.html][GpgME]] >= 1.0.0 - [[http://www.kde.org][KDE]] >= 3.3.0 diff --git a/web/donate/index.org b/web/donate/index.org index 2953836..30b8552 100644 --- a/web/donate/index.org +++ b/web/donate/index.org @@ -16,7 +16,7 @@ GnuPG carries an [[https://www.fsf.org][FSF]] copyright notice, they never funded the development or hosting costs. - If you are using [[../index.org][GnuPG]], [[../related_software/libgcrypt/index.org][Libgcrypt]], [[../related_software/gpgme/index.org][GPGME]], or [[https://www.gpg4win.org][Gpg4win]] and would like + If you are using [[../index.org][GnuPG]], [[../software/libgcrypt/index.org][Libgcrypt]], [[../software/gpgme/index.org][GPGME]], or [[https://www.gpg4win.org][Gpg4win]] and would like to help with development and maintenance please consider to make a donation. diff --git a/web/download/index.org b/web/download/index.org index c0da554..df4a475 100644 --- a/web/download/index.org +++ b/web/download/index.org @@ -47,17 +47,17 @@ | GnuPG modern | {{{gnupg21_ver}}} | {{{gnupg21_date}}} | {{{gnupg21_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg21_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg21_ver}}}.tar.bz2.sig{{{ftpclose}}} | | GnuPG stable | {{{gnupg_ver}}} | {{{gnupg_date}}} | {{{gnupg_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg_ver}}}.tar.bz2.sig{{{ftpclose}}} | |--------------+------------------------+-------------------------+-------------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------| - | [[../related_software/libgpg-error/index.org][Libgpg-error]] | {{{libgpg_error_ver}}} | {{{libgpg_error_date}}} | {{{libgpg_error_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2.sig{{{ftpclose}}} | - | [[../related_software/libgcrypt/index.org][Libgcrypt]] | {{{libgcrypt_ver}}} | {{{libgcrypt_date}}} | {{{libgcrypt_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2.sig{{{ftpclose}}} | - | [[../related_software/libksba/index.org][Libksba]] | {{{libksba_ver}}} | {{{libksba_date}}} | {{{libksba_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libksba/libksba-{{{libksba_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libksba/libksba-{{{libksba_ver}}}.tar.bz2.sig{{{ftpclose}}} | - | [[../related_software/libassuan/index.org][Libassuan]] | {{{libassuan_ver}}} | {{{libassuan_date}}} | {{{libassuan_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libassuan/libassuan-{{{libassuan_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libassuan/libassuan-{{{libassuan_ver}}}.tar.bz2.sig{{{ftpclose}}} | - | [[../related_software/ntbtls/index.org][ntbTLS]] | {{{ntbtls_ver}}} | {{{ntbtls_date}}} | {{{ntbtls_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/ntbtls/ntbtls-{{{ntbtls_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/ntbtls/ntbtls-{{{ntbtls_ver}}}.tar.bz2.sig{{{ftpclose}}} | - | [[../related_software/npth/index.org][nPth]] | {{{npth_ver}}} | {{{npth_date}}} | {{{npth_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/npth/npth-{{{npth_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/npth/npth-{{{npth_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | [[../software/libgpg-error/index.org][Libgpg-error]] | {{{libgpg_error_ver}}} | {{{libgpg_error_date}}} | {{{libgpg_error_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | [[../software/libgcrypt/index.org][Libgcrypt]] | {{{libgcrypt_ver}}} | {{{libgcrypt_date}}} | {{{libgcrypt_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | [[../software/libksba/index.org][Libksba]] | {{{libksba_ver}}} | {{{libksba_date}}} | {{{libksba_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libksba/libksba-{{{libksba_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libksba/libksba-{{{libksba_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | [[../software/libassuan/index.org][Libassuan]] | {{{libassuan_ver}}} | {{{libassuan_date}}} | {{{libassuan_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libassuan/libassuan-{{{libassuan_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libassuan/libassuan-{{{libassuan_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | [[../software/ntbtls/index.org][ntbTLS]] | {{{ntbtls_ver}}} | {{{ntbtls_date}}} | {{{ntbtls_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/ntbtls/ntbtls-{{{ntbtls_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/ntbtls/ntbtls-{{{ntbtls_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | [[../software/npth/index.org][nPth]] | {{{npth_ver}}} | {{{npth_date}}} | {{{npth_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/npth/npth-{{{npth_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/npth/npth-{{{npth_ver}}}.tar.bz2.sig{{{ftpclose}}} | |--------------+------------------------+-------------------------+-------------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------| | Pinentry | {{{pinentry_ver}}} | {{{pinentry_date}}} | {{{pinentry_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/pinentry/pinentry-{{{pinentry_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/pinentry/pinentry-{{{pinentry_ver}}}.tar.bz2.sig{{{ftpclose}}} | |--------------+------------------------+-------------------------+-------------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------| - | [[../related_software/gpgme/index.org][GPGME]] | {{{gpgme_ver}}} | {{{gpgme_date}}} | {{{gpgme_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gpgme/gpgme-{{{gpgme_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gpgme/gpgme-{{{gpgme_ver}}}.tar.bz2.sig{{{ftpclose}}} | - | [[../related_software/gpa/index.org][GPA]] | {{{gpa_ver}}} | {{{gpa_date}}} | {{{gpa_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gpa/gpa-{{{gpa_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gpa/gpa-{{{gpa_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | [[../software/gpgme/index.org][GPGME]] | {{{gpgme_ver}}} | {{{gpgme_date}}} | {{{gpgme_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gpgme/gpgme-{{{gpgme_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gpgme/gpgme-{{{gpgme_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | [[../software/gpa/index.org][GPA]] | {{{gpa_ver}}} | {{{gpa_date}}} | {{{gpa_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gpa/gpa-{{{gpa_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gpa/gpa-{{{gpa_ver}}}.tar.bz2.sig{{{ftpclose}}} | | Dirmngr | {{{dirmngr_ver}}} | {{{dirmngr_date}}} | {{{dirmngr_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2.sig{{{ftpclose}}} | |--------------+------------------------+-------------------------+-------------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------| diff --git a/web/faq/gnupg-faq.org b/web/faq/gnupg-faq.org index c5c60a5..b298f94 100644 --- a/web/faq/gnupg-faq.org +++ b/web/faq/gnupg-faq.org @@ -4,7 +4,7 @@ #+AUTHOR: Robert J. Hansen et al. #+LANGUAGE: en #+LINK: gnupgweb https://www.gnupg.org/ -#+LINK: roundup https://bugs.g10code.com/gnupg/issue +#+LINK: roundup https://bugs.gnupg.org/gnupg/issue #+OPTIONS: H:3 num:2 toc:nil \n:nil @:t ::t |:t ^:{} -:t f:t *:t TeX:t LaTeX:t skip:nil d:nil tags:not-in-toc #+HTML_HEAD: #+STARTUP: overview indent @@ -1713,7 +1713,7 @@ follows. First, on a secure machine: :END: -Check out [[https://www.gnupg.org/related_software/gpgme/][GPGME (GnuPG Made Easy)]]. +Check out [[https://www.gnupg.org/software/gpgme/][GPGME (GnuPG Made Easy)]]. diff --git a/web/faq/whats-new-in-2.1.org b/web/faq/whats-new-in-2.1.org index 392b57c..2991978 100644 --- a/web/faq/whats-new-in-2.1.org +++ b/web/faq/whats-new-in-2.1.org @@ -715,7 +715,7 @@ The annotated key listing produced by the =--with-colons= options did not change. However a couple of new fields have been added, for example if the new option =--with-secret= is used the ?S/N of a token field? indicates the presence of a secret key even in a public key -listing. This option is supported by recent [[https://gnupg.org/related_software/gpgme/][GPGME]] versions and makes +listing. This option is supported by recent [[https://gnupg.org/software/gpgme/][GPGME]] versions and makes writing of key manager software easier. ** Recipient key from file diff --git a/web/index.org b/web/index.org index 711965c..056991c 100644 --- a/web/index.org +++ b/web/index.org @@ -15,7 +15,7 @@ sign your data and communication, features a versatile key management system as well as access modules for all kinds of public key directories. GnuPG, also known as /GPG/, is a command line tool with features for easy integration with other applications. A wealth of -[[file:related_software/frontends.html][frontend applications]] and [[file:related_software/libraries.html][libraries]] are available. Version 2 of GnuPG +[[file:software/frontends.html][frontend applications]] and [[file:software/libraries.html][libraries]] are available. Version 2 of GnuPG also provides support for S/MIME and Secure Shell (ssh). GnuPG is [[https://www.gnu.org/philosophy/free-sw.html][Free Software]] (meaning that it respects your freedom). It can @@ -80,7 +80,7 @@ mail]] for details. We are pleased to announce the availability of Libgcrypt version 1.7.6. This is a maintenance release for the stable version of -[[file:related_software/libgcrypt/index.org][Libgcrypt]] with a few bug fixes. +[[file:software/libgcrypt/index.org][Libgcrypt]] with a few bug fixes. ** GnuPG 2.1.17 released (2016-12-20) @@ -91,20 +91,20 @@ mail]] for details. We are pleased to announce the availability of Libgcrypt version 1.7.5. This is a maintenance release for the stable version of -[[file:related_software/libgcrypt/index.org][Libgcrypt]] with a few bug fixes. [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q4/000399.html][{more}]] +[[file:software/libgcrypt/index.org][Libgcrypt]] with a few bug fixes. [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q4/000399.html][{more}]] ** Pinentry 1.0.0 released (2016-11-22) -After 14 years is was time to bump up the version of [[file:related_software/pinentry/index.org][Pinentry]] to 1.0. +After 14 years is was time to bump up the version of [[file:software/pinentry/index.org][Pinentry]] to 1.0. This new release fixes a couple of minor bugs and introduces features to better diagnose problems. See the [[../../download/index.org::pinentry][download]] section on how to get Pinentry. ** GPA 0.9.10 released (2016-11-19) -A maintenance release of the [[file:related_software/gpa/index.org][GNU Privacy Assistant]] is now available. +A maintenance release of the [[file:software/gpa/index.org][GNU Privacy Assistant]] is now available. Note that some of the changes are only available when build with the -latest [[file:related_software/gpgme/index.org][GPGME]] version and used with GnuPG 2.1.16 or later. +latest [[file:software/gpgme/index.org][GPGME]] version and used with GnuPG 2.1.16 or later. ** GnuPG 2.1.16 released (2016-11-18) @@ -114,7 +114,7 @@ full [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q4/000398.html][anno ** GnuPG Made Easy (GPGME) 1.7.0 released (2016-09-21) -[[file:related_software/gpgme/index.org][GPGME]] is a library that allows to add support for cryptography to a +[[file:software/gpgme/index.org][GPGME]] is a library that allows to add support for cryptography to a program. Highlights in this release are Python and C++ language bindings as well as support for GnuPG 2.1 features. {[[https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000397.html][more]]} diff --git a/web/news.org b/web/news.org index 48c60ed..5f85932 100644 --- a/web/news.org +++ b/web/news.org @@ -16,7 +16,7 @@ Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000393.h We are pleased to announce the availability of Libgcrypt version 1.7.2. This is a maintenance release for the stable version of -[[file:related_software/libgcrypt/index.org][Libgcrypt]] with a few bug fixes. [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000392.html][{more}]] +[[file:software/libgcrypt/index.org][Libgcrypt]] with a few bug fixes. [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000392.html][{more}]] ** GnuPG 2.1.13 released (2016-06-16) @@ -27,7 +27,7 @@ Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q2/000390.h We are pleased to announce the availability of Libgcrypt version 1.7.1. This is a maintenance release for the stable version of -[[file:related_software/libgcrypt/index.org][Libgcrypt]] with a few bug fixes. [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q2/000389.html][{more}]] +[[file:software/libgcrypt/index.org][Libgcrypt]] with a few bug fixes. [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q2/000389.html][{more}]] ** First OpenPGP conference (2016-05-20) @@ -42,7 +42,7 @@ Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q2/000387.h ** Libgcrypt 1.7.0 released (2016-04-15) We are pleased to announce the availability of Libgcrypt version -1.7.0. This is a new stable version of [[file:related_software/libgcrypt/index.org][Libgcrypt]] with full API and +1.7.0. This is a new stable version of [[file:software/libgcrypt/index.org][Libgcrypt]] with full API and ABI compatibiliy to the 1.6 series. Its main features are new algorithms, curves, and performance improvements. [[https://lists.gnupg.org/pipermail/gnupg-announce/2016q2/000386.html][{more}]] @@ -88,7 +88,7 @@ Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q3/000379.h ** GPA 0.9.9 released (2015-09-09) -A new version of [[file:related_software/gpa/index.org][GPA]], the graphical frontend for GnuPG, is now +A new version of [[file:software/gpa/index.org][GPA]], the graphical frontend for GnuPG, is now available. This release fixes a couple of bugs and has been changed to show the clipboard view on startup. [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q3/000378.html][{more}]] @@ -104,7 +104,7 @@ a crash on newer Windows versions. [[https://lists.gnupg.org/pipermail/gnupg-ann ** Libassuan 2.3.0 released (2015-08-28) -[[file:related_software/libassuan/index.org][Libassuan]] is a generic [[https://en.wikipedia.org/wiki/Inter-process_communication][IPC]] library used by GnuPG, GPGME, and a few +[[file:software/libassuan/index.org][Libassuan]] is a generic [[https://en.wikipedia.org/wiki/Inter-process_communication][IPC]] library used by GnuPG, GPGME, and a few other packages. This release fixes two bugs and introduces new support functions for the socket wrappers. See [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q3/000374.html][here]] for details. @@ -1308,12 +1308,12 @@ Far too many enhancements to be listed here, please see the ** GPA 0.4.3 released (2002-01-14) -[[related_software/gpa/index.en.html][GPA]] 0.4.3 has been released. +[[software/gpa/index.en.html][GPA]] 0.4.3 has been released. ** GPA pages (2001-11-15) -[[related_software/gpa/index.en.html][GPA pages]] reflect latest released version (gpa-0.4.2) now. +[[software/gpa/index.en.html][GPA pages]] reflect latest released version (gpa-0.4.2) now. ** GnuPG 1.0.6 released (2001-05-29) @@ -1360,7 +1360,7 @@ Add a link to [[http://web.mit.edu/~prz][Phil Zimmermann]] 's homepage. ** New page about GPGME (2001-02-22) -Add a page about [[related_software/gpgme/index.en.html][GPGME]] . +Add a page about [[software/gpgme/index.en.html][GPGME]] . ** Patch for GnuPG 1.0.4 released (2000-11-30) @@ -1437,7 +1437,7 @@ A lot of fixes and enhancements. ** Pages about PGA (2000-06-29) -Add some pages about the [[related_software/gpa/][GPA]]. +Add some pages about the [[software/gpa/][GPA]]. ** Two new supported OSes (2000-03-20) diff --git a/web/share/gpgweb.el b/web/share/gpgweb.el index f7713e9..268d52b 100644 --- a/web/share/gpgweb.el +++ b/web/share/gpgweb.el @@ -98,6 +98,12 @@ if not available." "Donate" (("/donate/index.html" "Donate") ("/donate/kudos.html" "List of Donors"))) + ("/software/index.html" + "Software" + (("/software/frontends.html" "Frontends") + ("/software/tools.html" "Tools") + ("/software/libraries.html" "Libraries") + ("/software/swlist.html" "All"))) ("/download/index.html" "Download" (("/download/index.html" "Download") @@ -107,7 +113,7 @@ if not available." ("/download/mirrors.html" "Mirrors") ("/download/git.html" "GIT"))) ("/documentation/index.html" - "Support" + "Documentation" (("/documentation/howtos.html" "HOWTOs") ("/documentation/manuals.html" "Manuals") ("/documentation/guides.html" "Guides") @@ -116,12 +122,6 @@ if not available." ("/service.html" "3rd Party Support") ("/documentation/bts.html" "Bug Tracker") ("/documentation/security.html" "Security"))) - ("/related_software/index.html" - "Related software" - (("/related_software/frontends.html" "Frontends") - ("/related_software/tools.html" "Tools") - ("/related_software/libraries.html" "Libraries") - ("/related_software/swlist.html" "All"))) ("/blog/index.html" "Blog")) "The definition of the gnupg.org menu structure.") commit b92814592facfe7d103e61e6d563db665e9dd0c1 Author: Werner Koch Date: Wed Mar 22 23:38:32 2017 +0100 web: Add missing ntbtls page. diff --git a/web/related_software/ntbtls/index.org b/web/related_software/ntbtls/index.org new file mode 100644 index 0000000..77c756e --- /dev/null +++ b/web/related_software/ntbtls/index.org @@ -0,0 +1,16 @@ +#+STARTUP: showall +#+SETUPFILE: "../../share/setup.inc" + +* The Not Too Bad TLS Library + + /ntbTLS/ is a tiny TLS 1.2 only implementation designed to be used + with Libgcrypt and LibKSBA. In particular, this library has no + certificate verification code - this need to be done by the caller. + For example the GnuPG component /dirmngr/ already has code to verify + certificates (for CRL and OCSP checking) and thus /ntbTLS/ is a good + fit for accessing objects over the network. + + *WARNING:* Although this library is based on code from PolarSSL (now + known as [[https://tls.mbed.org/][mbedTLS]]) it is pretty young and NOT WELL TESTED. + + See the [[../../download/index.org::ntbtls][download]] section for the latest tarball. ----------------------------------------------------------------------- Summary of changes: README | 3 +++ tools/build-website.sh | 4 ++++ web/aegypten2/index.org | 4 ++-- web/donate/index.org | 2 +- web/download/index.org | 16 ++++++++-------- web/faq/gnupg-faq.org | 4 ++-- web/faq/whats-new-in-2.1.org | 2 +- web/index.org | 14 +++++++------- web/news.org | 18 +++++++++--------- web/share/gpgweb.el | 14 +++++++------- web/{related_software => software}/frontends.org | 0 web/{related_software => software}/gpa/icons.org | 0 .../gpa/icons/decrypt.png | Bin .../gpa/icons/dont_trust.png | Bin .../gpa/icons/encrypt.png | Bin .../gpa/icons/keyring.png | Bin web/{related_software => software}/gpa/icons/sign.png | Bin .../gpa/icons/trust_fully.png | Bin .../gpa/icons/trust_marginally.png | Bin .../gpa/icons/trust_unknown.png | Bin web/{related_software => software}/gpa/index.org | 0 .../gpa/screenshots.org | 0 .../gpa/screenshots/main_window.png | Bin .../gpa/screenshots/public_keyring_dialog.png | Bin web/{related_software => software}/gpgme/index.org | 0 web/{related_software => software}/index.org | 0 .../libassuan/index.org | 0 .../libgcrypt/index.org | 0 .../libgpg-error/index.org | 0 web/{related_software => software}/libksba/index.org | 0 web/{related_software => software}/libraries.org | 0 web/{related_software => software}/npth/index.org | 0 web/software/ntbtls/index.org | 16 ++++++++++++++++ web/{related_software => software}/pinentry/index.org | 0 web/{related_software => software}/swlist.org | 0 web/{related_software => software}/tools.org | 0 36 files changed, 60 insertions(+), 37 deletions(-) rename web/{related_software => software}/frontends.org (100%) rename web/{related_software => software}/gpa/icons.org (100%) rename web/{related_software => software}/gpa/icons/decrypt.png (100%) rename web/{related_software => software}/gpa/icons/dont_trust.png (100%) rename web/{related_software => software}/gpa/icons/encrypt.png (100%) rename web/{related_software => software}/gpa/icons/keyring.png (100%) rename web/{related_software => software}/gpa/icons/sign.png (100%) rename web/{related_software => software}/gpa/icons/trust_fully.png (100%) rename web/{related_software => software}/gpa/icons/trust_marginally.png (100%) rename web/{related_software => software}/gpa/icons/trust_unknown.png (100%) rename web/{related_software => software}/gpa/index.org (100%) rename web/{related_software => software}/gpa/screenshots.org (100%) rename web/{related_software => software}/gpa/screenshots/main_window.png (100%) rename web/{related_software => software}/gpa/screenshots/public_keyring_dialog.png (100%) rename web/{related_software => software}/gpgme/index.org (100%) rename web/{related_software => software}/index.org (100%) rename web/{related_software => software}/libassuan/index.org (100%) rename web/{related_software => software}/libgcrypt/index.org (100%) rename web/{related_software => software}/libgpg-error/index.org (100%) rename web/{related_software => software}/libksba/index.org (100%) rename web/{related_software => software}/libraries.org (100%) rename web/{related_software => software}/npth/index.org (100%) create mode 100644 web/software/ntbtls/index.org rename web/{related_software => software}/pinentry/index.org (100%) rename web/{related_software => software}/swlist.org (100%) rename web/{related_software => software}/tools.org (100%) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 23 00:24:55 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 23 Mar 2017 00:24:55 +0100 Subject: [git] gnupg-doc - branch, master, updated. 334d8bfb5d2722d69a601b7baf682dab125f8d66 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 334d8bfb5d2722d69a601b7baf682dab125f8d66 (commit) from 5def56debc2a9b3f97c64d62227d9fd44d07decd (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 334d8bfb5d2722d69a601b7baf682dab125f8d66 Author: Werner Koch Date: Thu Mar 23 00:21:20 2017 +0100 web: Merge features pages into software/index diff --git a/README b/README index ad2feed..d1bf219 100644 --- a/README +++ b/README @@ -76,6 +76,7 @@ The howtos are symlinked into the www.gnupg.org tree; see below. #+begin_example howtos -> ../../howtos.gnupg.org/htdocs related_software -> software +features.html -> software/index.html #+end_example The website-build script assures that these symlinks exist diff --git a/tools/build-website.sh b/tools/build-website.sh index c885ab8..68bf0df 100755 --- a/tools/build-website.sh +++ b/tools/build-website.sh @@ -217,6 +217,7 @@ if [ -n "$sync_web" ]; then cd ${htdocs_web} ln -sf ../../howtos.gnupg.org/htdocs howtos ln -sf software related_software + ln -sf software/index.html features.html cd "$sync_web" any_sync=yes fi diff --git a/web/features.org b/web/features.org deleted file mode 100644 index 2b6b90c..0000000 --- a/web/features.org +++ /dev/null @@ -1,37 +0,0 @@ -#+TITLE: GnuPG - Features -#+STARTUP: showall -#+SETUPFILE: "share/setup.inc" - -* Features - -GnuPG itself is a commandline tool without any graphical stuff. It is -the real crypto engine which can be used directly from a command prompt, -from shell scripts or by other programs. Therefore it can be considered -as a backend for other applications. - -However, even when used on the command line it provides all -functionality needed - this includes an interactive menu system. The set -of commands of this tool will always be a superset of those provided by -any frontends. - -- Full replacement of PGP. -- Does not use any patented algorithms. -- GPLed, written from scratch. -- Can be used as a filter program. -- Full OpenPGP implementation (see RFC4880 at [[http://www.rfc-editor.org/][RFC Editor]]). -- Better functionality than PGP and some security enhancements over - PGP 2. -- Decrypts and verifies PGP 5, 6 and 7 messages. -- Supports ElGamal, DSA, RSA, AES, 3DES, Blowfish, Twofish, CAST5, MD5, - SHA-1, RIPE-MD-160 and TIGER. -- Easy implementation of new algorithms using extension modules. -- The User ID is forced to be in a standard format. -- Supports key and signature expiration dates. -- English, Danish, Dutch, Esperanto, Estonian, French, German, - Japanese, Italian, Polish, Portuguese (Brazilian), Portuguese - (Portuguese), Russian, Spanish, Swedish and Turkish language support. -- Online help system. -- Optional anonymous message receivers. -- Integrated support for HKP keyservers (wwwkeys.pgp.net). -- Clears signed patch files which can still be processed by patch. -- and many more things.... diff --git a/web/share/gpgweb.el b/web/share/gpgweb.el index 268d52b..5c71fc3 100644 --- a/web/share/gpgweb.el +++ b/web/share/gpgweb.el @@ -90,7 +90,6 @@ if not available." '(("/index.html" "Home" (("/index.html" "Home") - ("/features.html" "Features") ("/news.html" "News") ("/people/index.html" "People") ("/documentation/sites.html" "Sites"))) diff --git a/web/software/index.org b/web/software/index.org index 913a086..7a18406 100644 --- a/web/software/index.org +++ b/web/software/index.org @@ -1,7 +1,39 @@ -#+TITLE: GnuPG - Related Software +#+TITLE: GnuPG - Software #+STARTUP: showall #+SETUPFILE: "../share/setup.inc" +* GnuPG --- The Universal Crypto Engine + + GnuPG is a command line tool without any graphical user interface. + It is an universal crypto engine which can be used directly from a + command line prompt, from shell scripts, or from other programs. + Therefore GnuPG is often used as the actual crypto backend of other + applications. + + Even when used on the command line it provides all functionality + needed - this includes an interactive menu system. The set of + commands of this tool will always be a superset of those provided by + any frontends. + + - Full OpenPGP implementation (see RFC4880 at [[http://www.rfc-editor.org/][RFC Editor]]). + - Full CMS/X.509 (S/MIME) implementation. + - Ssh-agent implementation + - Runs on all Unix platforms, Windows and macOS. + - A full replacement of PGP; written from scratch. + - Does not use any patented algorithms. + - Freely available under the GPL; + - Can be used as a filter program. + - Better functionality than PGP with state of the art security features. + - Decrypts and verifies PGP 5, 6 and 7 messages. + - Supports RSA, ECDH, ECDSA, EdDSA, Elgamal, DSA, AES, Camellia, + 3DES, Twofish, SHA2, and many more algorithms. + - Language support for a load of languages. + - Online help system. + - Optional anonymous message receivers. + - Integrated support for HKP keyservers (sks-keyservers.net). + - and many more things.... + + * Related Software Over the years, GnuPG has widly gained in popularity to become the ----------------------------------------------------------------------- Summary of changes: README | 1 + tools/build-website.sh | 1 + web/features.org | 37 ------------------------------------- web/share/gpgweb.el | 1 - web/software/index.org | 34 +++++++++++++++++++++++++++++++++- 5 files changed, 35 insertions(+), 39 deletions(-) delete mode 100644 web/features.org hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 23 00:37:16 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 23 Mar 2017 00:37:16 +0100 Subject: [git] gnupg-doc - branch, master, updated. 8f5e7d0cf241a96393e654708af06fad599ecba0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 8f5e7d0cf241a96393e654708af06fad599ecba0 (commit) from 334d8bfb5d2722d69a601b7baf682dab125f8d66 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8f5e7d0cf241a96393e654708af06fad599ecba0 Author: Werner Koch Date: Thu Mar 23 00:34:15 2017 +0100 web: Fix Marcus' employement status. diff --git a/tools/build-website.sh b/tools/build-website.sh index 68bf0df..22f235f 100755 --- a/tools/build-website.sh +++ b/tools/build-website.sh @@ -230,6 +230,8 @@ if [ -n "$sync_blog" ]; then any_sync=yes fi +cd "${root_dir}" + if [ "$any_sync" = yes ]; then $HOME/bin/mkkudos.sh --verbose --force fi diff --git a/web/people/index.org b/web/people/index.org index 341e613..4cbfde2 100644 --- a/web/people/index.org +++ b/web/people/index.org @@ -61,8 +61,8 @@ Marcus is part of the free software community since 1997, when he joined the [[http://www.debian.org][Debian]] project. Probably best known for his past work on GNU/Hurd, he also has a diploma degree in mathematics, and is - employed by [[https://g10code.com][g10^code]] to work on the GnuPG and related software from - 2001 to 2012 and again since 2017. + full time employed by [[https://g10code.com][g10^code]] to work on the GnuPG and related + software from 2001 to 2012 and again since 2017. #+HTML:

----------------------------------------------------------------------- Summary of changes: tools/build-website.sh | 2 ++ web/people/index.org | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 23 09:28:19 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 23 Mar 2017 09:28:19 +0100 Subject: [git] gnupg-doc - branch, master, updated. f6d6e19b8f0aa0136bce2d5455b3cd48feaef616 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via f6d6e19b8f0aa0136bce2d5455b3cd48feaef616 (commit) from 8f5e7d0cf241a96393e654708af06fad599ecba0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f6d6e19b8f0aa0136bce2d5455b3cd48feaef616 Author: Werner Koch Date: Thu Mar 23 09:25:16 2017 +0100 web: Add a submenu "GnuPG" below the topmenu "software" Right now this is the same as clicking directly on the the topmenu item but, similar to "Donate", we better make that clear. diff --git a/web/share/gpgweb.el b/web/share/gpgweb.el index 5c71fc3..f903e50 100644 --- a/web/share/gpgweb.el +++ b/web/share/gpgweb.el @@ -99,7 +99,8 @@ if not available." ("/donate/kudos.html" "List of Donors"))) ("/software/index.html" "Software" - (("/software/frontends.html" "Frontends") + (("/software/index.html" "GnuPG") + ("/software/frontends.html" "Frontends") ("/software/tools.html" "Tools") ("/software/libraries.html" "Libraries") ("/software/swlist.html" "All"))) ----------------------------------------------------------------------- Summary of changes: web/share/gpgweb.el | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 23 11:35:45 2017 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Thu, 23 Mar 2017 11:35:45 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-1.4.0-260-gc196eb9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via c196eb96af3eaa4be611b706739ae66ddcab1831 (commit) from 3442972cba2ddf88a88ff3d10421debf0fc07c06 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c196eb96af3eaa4be611b706739ae66ddcab1831 Author: Andre Heinecke Date: Thu Mar 23 11:33:52 2017 +0100 Set the sender on verify / decrypt * src/mail.cpp (Mail::decrypt_verify): Set sender on parser. * src/parsecontroller.cpp (ParseController::setSender): Add API -- This allows gnupg to use locate-key to locate a key not published on keyserver and also enables proper tofu handling. diff --git a/src/mail.cpp b/src/mail.cpp index 89219eb..5e0a167 100644 --- a/src/mail.cpp +++ b/src/mail.cpp @@ -690,6 +690,7 @@ Mail::decrypt_verify() } m_parser = std::shared_ptr (new ParseController (cipherstream, m_type)); + m_parser->setSender(GpgME::UserID::addrSpecFromString(get_sender().c_str())); gpgol_release (cipherstream); HANDLE parser_thread = CreateThread (NULL, 0, do_parsing, (LPVOID) this, 0, diff --git a/src/parsecontroller.cpp b/src/parsecontroller.cpp index 3342371..f15e741 100644 --- a/src/parsecontroller.cpp +++ b/src/parsecontroller.cpp @@ -210,6 +210,11 @@ format_error(GpgME::DecryptionResult result, Protocol protocol) return msg; } +void +ParseController::setSender(const std::string &sender) +{ + m_sender = sender; +} void ParseController::parse() @@ -264,12 +269,18 @@ ParseController::parse() } ctx->setArmor(true); + if (!m_sender.empty()) + { + ctx->setSender(m_sender.c_str()); + } + Data output (m_outputprovider); - log_debug ("%s:%s: decrypt: %i verify: %i with protocol: %s", + log_debug ("%s:%s: decrypt: %i verify: %i with protocol: %s sender: %s", SRCNAME, __func__, decrypt, verify, protocol == OpenPGP ? "OpenPGP" : - protocol == CMS ? "CMS" : "Unknown"); + protocol == CMS ? "CMS" : "Unknown", + m_sender.empty() ? "none" : m_sender.c_str()); if (decrypt) { input.seek (0, SEEK_SET); diff --git a/src/parsecontroller.h b/src/parsecontroller.h index ec45982..14a4878 100644 --- a/src/parsecontroller.h +++ b/src/parsecontroller.h @@ -99,6 +99,8 @@ public: const std::string get_formatted_error() const { return m_error; } + void setSender(const std::string &sender); + private: /* State variables */ MimeDataProvider *m_inputprovider; @@ -107,6 +109,7 @@ private: std::string m_error; GpgME::DecryptionResult m_decrypt_result; GpgME::VerificationResult m_verify_result; + std::string m_sender; }; #endif /* PARSECONTROLLER_H */ ----------------------------------------------------------------------- Summary of changes: src/mail.cpp | 1 + src/parsecontroller.cpp | 15 +++++++++++++-- src/parsecontroller.h | 3 +++ 3 files changed, 17 insertions(+), 2 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 23 16:03:37 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Thu, 23 Mar 2017 16:03:37 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-73-g178b631 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 178b6314ab2d2268873067314744c8af74dc331e (commit) from fde885bbc47a4bf14a8570ac62e68adc8cf47a6e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 178b6314ab2d2268873067314744c8af74dc331e Author: Justus Winter Date: Thu Mar 23 10:55:34 2017 +0100 gpgscm: Make test cleanup more robust. * tests/gpgscm/tests.scm (mkdtemp-autoremove): New function that cleans up at interpreter shutdown. (run-tests-parallel): Use the new function. (run-tests-sequential): Likewise. (make-environment-cache): Execute setup with an temporary working directory. -- Make sure to remove all resources created in the filesystem even if the test runner is interrupted. Make sure to remove anything that the setup script creates. Signed-off-by: Justus Winter diff --git a/tests/gpgscm/tests.scm b/tests/gpgscm/tests.scm index a4339ca..592b36f 100644 --- a/tests/gpgscm/tests.scm +++ b/tests/gpgscm/tests.scm @@ -278,6 +278,15 @@ "-XXXXXX")) (apply path-join components))))) +;; Make a temporary directory and remove it at interpreter shutdown. +;; Note that there are macros that limit the lifetime of temporary +;; directories and files to a lexical scope. Use those if possible. +;; Otherwise this works like mkdtemp. +(define (mkdtemp-autoremove . components) + (let ((dir (apply mkdtemp components))) + (atexit (lambda () (unlink-recursively dir))) + dir)) + (define-macro (with-temporary-working-directory . expressions) (let ((tmp-sym (gensym))) `(let* ((,tmp-sym (mkdtemp))) @@ -621,12 +630,9 @@ (let loop ((pool (test-pool::new '())) (tests' tests)) (if (null? tests') (let ((results (pool::wait))) - (for-each (lambda (t) - (catch (echo "Removing" t::directory "failed:" *error*) - (unlink-recursively t::directory)) - (t::report)) (reverse results::procs)) + (for-each (lambda (t) (t::report)) (reverse results::procs)) (exit (results::report))) - (let* ((wd (mkdtemp)) + (let* ((wd (mkdtemp-autoremove)) (test (car tests')) (test' (test::set-directory wd))) (loop (pool::add (test'::run-async)) @@ -638,12 +644,8 @@ (let loop ((pool (test-pool::new '())) (tests' tests)) (if (null? tests') (let ((results (pool::wait))) - (for-each (lambda (t) - (catch (echo "Removing" t::directory "failed:" *error*) - (unlink-recursively t::directory))) - results::procs) (exit (results::report))) - (let* ((wd (mkdtemp)) + (let* ((wd (mkdtemp-autoremove)) (test (car tests')) (test' (test::set-directory wd))) (loop (pool::add (test'::run-sync)) @@ -654,10 +656,11 @@ ;; Returns a promise containing the arguments that must be passed to a ;; test implementing the consumer side of the cache protocol. (define (make-environment-cache setup) - (delay (let* ((tarball (make-temporary-file "environment-cache"))) - (atexit (lambda () (remove-temporary-file tarball))) - (setup::run-sync '--create-tarball tarball) - `(--unpack-tarball ,tarball)))) + (delay (with-temporary-working-directory + (let ((tarball (make-temporary-file "environment-cache"))) + (atexit (lambda () (remove-temporary-file tarball))) + (setup::run-sync '--create-tarball tarball) + `(--unpack-tarball ,tarball))))) ;; Command line flag handling. Returns the elements following KEY in ;; ARGUMENTS up to the next argument, or #f if KEY is not in ----------------------------------------------------------------------- Summary of changes: tests/gpgscm/tests.scm | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 23 18:00:16 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 23 Mar 2017 18:00:16 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-74-g2c9d9ac Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 2c9d9ac55ea455a5ec26428989dced0311ed46cc (commit) from 178b6314ab2d2268873067314744c8af74dc331e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2c9d9ac55ea455a5ec26428989dced0311ed46cc Author: Werner Koch Date: Thu Mar 23 11:45:17 2017 +0100 tests: Use gpgconf to stop the agent. * tests/openpgp/defs.scm (stop-agent): Swap order of actions. Kill all daemons using gpgconf. * tools/gpgconf.c (main) : Try to remove known socketfails on rmdir failure. Do no fail for ENONET. -- Killing all daemons is not really required but it does not harm to be prepared for the future. Signed-off-by: Werner Koch diff --git a/tests/openpgp/defs.scm b/tests/openpgp/defs.scm index 7c8e10a..e8d06c0 100644 --- a/tests/openpgp/defs.scm +++ b/tests/openpgp/defs.scm @@ -453,10 +453,12 @@ "|--debug-quick-random") /bye))) -;; Stop the agent and remove the socket dir. +;; Stop the agent and other daemons and remove the socket dir. (define (stop-agent) (log "Stopping gpg-agent...") + (call-check `(,(tool 'gpgconf) --kill all)) (catch (log "Warning: Removing socket directory failed.") - (call-popen `(,(tool 'gpgconf) --remove-socketdir) "")) - (call-check `(,(tool 'gpg-connect-agent) --verbose --no-autostart - killagent /bye))) + (call-popen `(,(tool 'gpgconf) --remove-socketdir) ""))) + + +;; end diff --git a/tools/gpgconf.c b/tools/gpgconf.c index c6fb24e..d6bf9a2 100644 --- a/tools/gpgconf.c +++ b/tools/gpgconf.c @@ -456,6 +456,7 @@ query_swdb (estream_t out, const char *name, const char *current_version) int main (int argc, char **argv) { + gpg_error_t err; ARGPARSE_ARGS pargs; const char *fname; int no_more_options = 0; @@ -755,7 +756,42 @@ main (int argc, char **argv) else if (opt.dry_run) ; else if (rmdir (socketdir)) - gc_error (1, errno, "error removing '%s'", socketdir); + { + /* If the director is not empty we first try to delet + * socket files. */ + err = gpg_error_from_syserror (); + if (gpg_err_code (err) == GPG_ERR_ENOTEMPTY + || gpg_err_code (err) == GPG_ERR_EEXIST) + { + static const char * const names[] = { + GPG_AGENT_SOCK_NAME, + GPG_AGENT_EXTRA_SOCK_NAME, + GPG_AGENT_BROWSER_SOCK_NAME, + GPG_AGENT_SSH_SOCK_NAME, + SCDAEMON_SOCK_NAME, + DIRMNGR_SOCK_NAME + }; + int i; + char *p; + + for (i=0; i < DIM(names); i++) + { + p = strconcat (socketdir , "/", names[i], NULL); + if (p) + gnupg_remove (p); + xfree (p); + } + if (rmdir (socketdir)) + gc_error (1, 0, "error removing '%s': %s", + socketdir, gpg_strerror (err)); + } + else if (gpg_err_code (err) == GPG_ERR_ENOENT) + gc_error (0, 0, "warning: removing '%s' failed: %s", + socketdir, gpg_strerror (err)); + else + gc_error (1, 0, "error removing '%s': %s", + socketdir, gpg_strerror (err)); + } xfree (socketdir); } ----------------------------------------------------------------------- Summary of changes: tests/openpgp/defs.scm | 10 ++++++---- tools/gpgconf.c | 38 +++++++++++++++++++++++++++++++++++++- 2 files changed, 43 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Mar 24 15:17:20 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 24 Mar 2017 15:17:20 +0100 Subject: [git] gnupg-doc - branch, master, updated. a47208c8596596dfdba9fef78ffe9cb9652fef04 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via a47208c8596596dfdba9fef78ffe9cb9652fef04 (commit) from f6d6e19b8f0aa0136bce2d5455b3cd48feaef616 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a47208c8596596dfdba9fef78ffe9cb9652fef04 Author: Werner Koch Date: Fri Mar 24 15:14:11 2017 +0100 web: New submenu for the GnuPG e.V. diff --git a/web/share/gpgweb.el b/web/share/gpgweb.el index f903e50..d992d55 100644 --- a/web/share/gpgweb.el +++ b/web/share/gpgweb.el @@ -92,6 +92,7 @@ if not available." (("/index.html" "Home") ("/news.html" "News") ("/people/index.html" "People") + ("/verein/index.html" "Verein") ("/documentation/sites.html" "Sites"))) ("/donate/index.html" "Donate" diff --git a/web/verein/index.org b/web/verein/index.org new file mode 100644 index 0000000..80a6e00 --- /dev/null +++ b/web/verein/index.org @@ -0,0 +1,23 @@ +#+TITLE: GnuPG e.V. +#+STARTUP: showall indent +#+SETUPFILE: "share/setup.inc" + +* The GnuPG e.V. + +In February 2017 several GnuPG developer came together for a 3 day +hackathon. While having some beer in the [[http://www.bilkinfo.de/kneipen/tigges.html][Tigges]] on one evening the +lingering plan for setting up a legal entity was finally agreed upon. +Work on the constitution started right away and the founding assembly +commenced on the next day at 13:37. + +The 7 founding members are: + + - Andre Heinecke + - Justus Winter + - Kai Michaelis + - Marcus Brinkmann + - Neal Walfied + - Werner Koch + - Yutaka Niibe + + /More information about the Verein will soon be availabale here./ ----------------------------------------------------------------------- Summary of changes: web/share/gpgweb.el | 1 + web/verein/index.org | 23 +++++++++++++++++++++++ 2 files changed, 24 insertions(+) create mode 100644 web/verein/index.org hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri Mar 24 15:22:21 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 24 Mar 2017 15:22:21 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.8.0-117-g6ac1f2c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 6ac1f2cdedb085b4ac9372c1e591497e2e618de4 (commit) from 66c334650bd64fdb72c4bd5975e25b8659d320ec (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6ac1f2cdedb085b4ac9372c1e591497e2e618de4 Author: Werner Koch Date: Fri Mar 24 14:36:54 2017 +0100 core: New flags GPGME_DECRYPT_UNWRAP and GPGME_ENCRYPT_WRAP. * src/gpgme.h.in (GPGME_ENCRYPT_WRAP): New const. (gpgme_decrypt_flags_t): New enum. (GPGME_DECRYPT_VERIFY): New const (GPGME_DECRYPT_UNWRAP): New const (gpgme_op_decrypt_ext_start): New func. (gpgme_op_decrypt_ext): New func. * src/decrypt-verify.c (gpgme_op_decrypt_ext_start): New. (gpgme_op_decrypt_ext): New. (decrypt_verify_start): Add arg FLAGS. Replace call to engine_op_decrypt_verify by the plain decrypt with the flag set. (gpgme_op_decrypt_verify_start): Pass the flag. (gpgme_op_decrypt_verify): Pass the flag. * src/decrypt.c (decrypt_start): Rename to ... (_gpgme_decrypt_start): this. Add arg FLAGS. Pass FLAGS to engine_op_decrypt. (gpgme_op_decrypt_start): Adjust for chnage pass 0 for FLAG. (gpgme_op_decrypt_start): Ditto. * src/engine.c (_gpgme_engine_op_decrypt_verify): Remove. (_gpgme_engine_op_decrypt): Add arg FLAGS. * src/gpgme.def, src/libgpgme.vers: Add new functions. * src/engine-backend.h (struct engine_ops): Remove member 'decrypt_verify'. Add FLAGS to 'decrypt'. Adjust all initialization. * src/engine-uiserver.c (uiserver_decrypt): Remove. (uiserver_decrypt_verify): Remove. (_uiserver_decrypt): Rename to ... (uiserver_decrypt): this. Replace arg VERIFY by new arg FLAGS. * src/engine-gpg.c (gpg_decrypt): Support GPGME_DECRYPT_UNWRAP. (gpg_encrypt): Support GPGME_ENCRYPT_WRAP. * tests/run-decrypt.c (main): New option --unwrap. * tests/run-encrypt.c (main): New option --wrap. -- Manual testing of that wrap/unwrap feature can be done this way: ./run-encrypt --verbose --key Alice /etc/motd > x ./run-decrypt --verbose --unwrap x > y ./run-encrypt --verbose --key Bob --wrap y > z 1. The message was first encrypted to Alice. 2. Alice decrypts the message receiving a valid OpenPGP message. 3. Alice encrypt that message to Bob This will also work with encrypted and signed messages; the signature will be kept intact during re-encryption. Requires GnuPG 2.1.12. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index d03fe80..104d2b1 100644 --- a/NEWS +++ b/NEWS @@ -14,7 +14,12 @@ Noteworthy changes in version 1.8.1 (unreleased) gpgme_op_keylist_from_data_start NEW. gpgme_op_set_uid_flag_start NEW. gpgme_op_set_uid_flag NEW. + gpgme_op_decrypt_ext_start NEW. + gpgme_op_decrypt_ext NEW. GPGME_ENCRYPT_THROW_KEYIDS NEW. + GPGME_ENCRYPT_WRAP NEW. + GPGME_DECRYPT_VERIFY NEW. + GPGME_DECRYPT_UNWRAP NEW. gpgme_data_rewind UN-DEPRECATE. cpp: Context::revUid(const Key&, const char*) NEW. cpp: Context::startRevUid(const Key&, const char*) NEW. diff --git a/doc/gpgme.texi b/doc/gpgme.texi index fd1f9bc..d5969b7 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -4890,6 +4890,53 @@ operation could be started successfully, and @code{GPG_ERR_INV_VALUE} if @var{cipher} or @var{plain} is not a valid pointer. @end deftypefun + + at deftypefun gpgme_error_t gpgme_op_decrypt_ext ( @ + @w{gpgme_ctx_t @var{ctx}}, @ + @w{gpgme_decrypt_flags_t @var{flags}}, @ + @w{gpgme_data_t @var{cipher}}, @ + @w{gpgme_data_t @var{plain}}) + +The function @code{gpgme_op_decrypt_ext} is the same as + at code{gpgme_op_decrypt_ext} but has an additional argument + at var{flags}. If @var{flags} is 0 both function behave identically. + +The value in @var{flags} is a bitwise-or combination of one or +multiple of the following bit values: + + at table @code + at item GPGME_DECRYPT_VERIFY +The @code{GPGME_DECRYPT_VERIFY} symbol specifies that this function +shall exacty act as @code{gpgme_op_decrypt_verify}. + + at item GPGME_DECRYPT_UNWRAP +The @code{GPGME_DECRYPT_UNWRAP} symbol specifies that the output shall +be an OpenPGP message with only the encryption layer removed. This +requires GnuPG 2.1.12 and works only for OpenPGP. This is the +counterpart to @code{GPGME_ENCRYPT_WRAP}. + + at end table + +The function returns the error codes as descriped for + at code{gpgme_op_decrypt} respective @code{gpgme_op_encrypt}. + at end deftypefun + + at deftypefun gpgme_error_t gpgme_op_decrypt_ext_start ( @ + @w{gpgme_ctx_t @var{ctx}}, @ + @w{gpgme_decrypt_flags_t @var{flags}}, @ + @w{gpgme_data_t @var{cipher}}, @ + @w{gpgme_data_t @var{plain}}) + +The function @code{gpgme_op_decrypt_ext_start} initiates a + at code{gpgme_op_decrypt_ext} operation. It can be completed by calling + at code{gpgme_wait} on the context. @xref{Waiting For Completion}. + +The function returns the error code @code{GPG_ERR_NO_ERROR} if the +operation could be started successfully, and @code{GPG_ERR_INV_VALUE} +if @var{cipher} or @var{plain} is not a valid pointer. + at end deftypefun + + @deftp {Data type} {gpgme_recipient_t} This is a pointer to a structure used to store information about the recipient of an encrypted text which is decrypted in a @@ -5634,6 +5681,11 @@ On the receiving side, the use of this flag may slow down the decryption process because all available secret keys must be tried. This flag is only honored for OpenPGP encryption. + at item GPGME_ENCRYPT_WRAP +The @code{GPGME_ENCRYPT_WRAP} symbol specifies that the input is an +OpenPGP message and not a plain data. This is the counterpart to + at code{GPGME_DECRYPT_UNWRAP}. + @end table If @code{GPG_ERR_UNUSABLE_PUBKEY} is returned, some recipients in diff --git a/src/decrypt-verify.c b/src/decrypt-verify.c index e0aa8ea..66cfe94 100644 --- a/src/decrypt-verify.c +++ b/src/decrypt-verify.c @@ -23,6 +23,8 @@ #include #endif +#include + #include "debug.h" #include "gpgme.h" #include "ops.h" @@ -45,10 +47,13 @@ decrypt_verify_status_handler (void *priv, gpgme_status_code_t code, static gpgme_error_t decrypt_verify_start (gpgme_ctx_t ctx, int synchronous, + gpgme_decrypt_flags_t flags, gpgme_data_t cipher, gpgme_data_t plain) { gpgme_error_t err; + assert ((flags & GPGME_DECRYPT_VERIFY)); + err = _gpgme_op_reset (ctx, synchronous); if (err) return err; @@ -77,9 +82,11 @@ decrypt_verify_start (gpgme_ctx_t ctx, int synchronous, _gpgme_engine_set_status_handler (ctx->engine, decrypt_verify_status_handler, ctx); - return _gpgme_engine_op_decrypt_verify (ctx->engine, cipher, plain, - ctx->export_session_keys, - ctx->override_session_key); + return _gpgme_engine_op_decrypt (ctx->engine, + flags, + cipher, plain, + ctx->export_session_keys, + ctx->override_session_key); } @@ -97,7 +104,7 @@ gpgme_op_decrypt_verify_start (gpgme_ctx_t ctx, gpgme_data_t cipher, if (!ctx) return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); - err = decrypt_verify_start (ctx, 0, cipher, plain); + err = decrypt_verify_start (ctx, 0, GPGME_DECRYPT_VERIFY, cipher, plain); return TRACE_ERR (err); } @@ -116,7 +123,57 @@ gpgme_op_decrypt_verify (gpgme_ctx_t ctx, gpgme_data_t cipher, if (!ctx) return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); - err = decrypt_verify_start (ctx, 1, cipher, plain); + err = decrypt_verify_start (ctx, 1, GPGME_DECRYPT_VERIFY, cipher, plain); + if (!err) + err = _gpgme_wait_one (ctx); + return TRACE_ERR (err); +} + + +/* Decrypt ciphertext CIPHER within CTX and store the resulting + plaintext in PLAIN. */ +gpgme_error_t +gpgme_op_decrypt_ext_start (gpgme_ctx_t ctx, + gpgme_decrypt_flags_t flags, + gpgme_data_t cipher, + gpgme_data_t plain) +{ + gpgme_error_t err; + + TRACE_BEG2 (DEBUG_CTX, "gpgme_op_decrypt_ext_start", ctx, + "cipher=%p, plain=%p", cipher, plain); + + if (!ctx) + return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); + + if ((flags & GPGME_DECRYPT_VERIFY)) + err = decrypt_verify_start (ctx, 0, flags, cipher, plain); + else + err = _gpgme_decrypt_start (ctx, 0, flags, cipher, plain); + return TRACE_ERR (err); +} + + +/* Decrypt ciphertext CIPHER within CTX and store the resulting + plaintext in PLAIN. */ +gpgme_error_t +gpgme_op_decrypt_ext (gpgme_ctx_t ctx, + gpgme_decrypt_flags_t flags, + gpgme_data_t cipher, + gpgme_data_t plain) +{ + gpgme_error_t err; + + TRACE_BEG2 (DEBUG_CTX, "gpgme_op_decrypt_ext", ctx, + "cipher=%p, plain=%p", cipher, plain); + + if (!ctx) + return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); + + if ((flags & GPGME_DECRYPT_VERIFY)) + err = decrypt_verify_start (ctx, 1, flags, cipher, plain); + else + err = _gpgme_decrypt_start (ctx, 1, flags, cipher, plain); if (!err) err = _gpgme_wait_one (ctx); return TRACE_ERR (err); diff --git a/src/decrypt.c b/src/decrypt.c index 43717c0..f30f80f 100644 --- a/src/decrypt.c +++ b/src/decrypt.c @@ -25,6 +25,7 @@ #include #include #include +#include #include "debug.h" #include "gpgme.h" @@ -358,12 +359,15 @@ _gpgme_op_decrypt_init_result (gpgme_ctx_t ctx) } -static gpgme_error_t -decrypt_start (gpgme_ctx_t ctx, int synchronous, - gpgme_data_t cipher, gpgme_data_t plain) +gpgme_error_t +_gpgme_decrypt_start (gpgme_ctx_t ctx, int synchronous, + gpgme_decrypt_flags_t flags, + gpgme_data_t cipher, gpgme_data_t plain) { gpgme_error_t err; + assert (!(flags & GPGME_DECRYPT_VERIFY)); + err = _gpgme_op_reset (ctx, synchronous); if (err) return err; @@ -390,7 +394,9 @@ decrypt_start (gpgme_ctx_t ctx, int synchronous, _gpgme_engine_set_status_handler (ctx->engine, decrypt_status_handler, ctx); - return _gpgme_engine_op_decrypt (ctx->engine, cipher, plain, + return _gpgme_engine_op_decrypt (ctx->engine, + flags, + cipher, plain, ctx->export_session_keys, ctx->override_session_key); } @@ -408,7 +414,7 @@ gpgme_op_decrypt_start (gpgme_ctx_t ctx, gpgme_data_t cipher, if (!ctx) return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); - err = decrypt_start (ctx, 0, cipher, plain); + err = _gpgme_decrypt_start (ctx, 0, 0, cipher, plain); return TRACE_ERR (err); } @@ -426,7 +432,7 @@ gpgme_op_decrypt (gpgme_ctx_t ctx, gpgme_data_t cipher, gpgme_data_t plain) if (!ctx) return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE)); - err = decrypt_start (ctx, 1, cipher, plain); + err = _gpgme_decrypt_start (ctx, 1, 0, cipher, plain); if (!err) err = _gpgme_wait_one (ctx); return TRACE_ERR (err); diff --git a/src/engine-assuan.c b/src/engine-assuan.c index 4beb41d..68bdaa6 100644 --- a/src/engine-assuan.c +++ b/src/engine-assuan.c @@ -776,7 +776,6 @@ struct engine_ops _gpgme_engine_ops_assuan = llass_set_locale, NULL, /* set_protocol */ NULL, /* decrypt */ - NULL, /* decrypt_verify */ NULL, /* delete */ NULL, /* edit */ NULL, /* encrypt */ diff --git a/src/engine-backend.h b/src/engine-backend.h index 635acb0..53af662 100644 --- a/src/engine-backend.h +++ b/src/engine-backend.h @@ -61,12 +61,11 @@ struct engine_ops void *fnc_value); gpgme_error_t (*set_locale) (void *engine, int category, const char *value); gpgme_error_t (*set_protocol) (void *engine, gpgme_protocol_t protocol); - gpgme_error_t (*decrypt) (void *engine, gpgme_data_t ciph, + gpgme_error_t (*decrypt) (void *engine, + gpgme_decrypt_flags_t flags, + gpgme_data_t ciph, gpgme_data_t plain, int export_session_key, const char *override_session_key); - gpgme_error_t (*decrypt_verify) (void *engine, gpgme_data_t ciph, - gpgme_data_t plain, int export_session_key, - const char *override_session_key); gpgme_error_t (*delete) (void *engine, gpgme_key_t key, int allow_secret); gpgme_error_t (*edit) (void *engine, int type, gpgme_key_t key, gpgme_data_t out, gpgme_ctx_t ctx /* FIXME */); diff --git a/src/engine-g13.c b/src/engine-g13.c index 593177c..02951e8 100644 --- a/src/engine-g13.c +++ b/src/engine-g13.c @@ -791,7 +791,6 @@ struct engine_ops _gpgme_engine_ops_g13 = g13_set_locale, NULL, /* set_protocol */ NULL, /* decrypt */ - NULL, /* decrypt_verify */ NULL, /* delete */ NULL, /* edit */ NULL, /* encrypt */ diff --git a/src/engine-gpg.c b/src/engine-gpg.c index 6e4b833..0c3a63e 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -1559,7 +1559,9 @@ add_input_size_hint (engine_gpg_t gpg, gpgme_data_t data) static gpgme_error_t -gpg_decrypt (void *engine, gpgme_data_t ciph, gpgme_data_t plain, +gpg_decrypt (void *engine, + gpgme_decrypt_flags_t flags, + gpgme_data_t ciph, gpgme_data_t plain, int export_session_key, const char *override_session_key) { engine_gpg_t gpg = engine; @@ -1567,6 +1569,14 @@ gpg_decrypt (void *engine, gpgme_data_t ciph, gpgme_data_t plain, err = add_arg (gpg, "--decrypt"); + if (!err && (flags & GPGME_DECRYPT_UNWRAP)) + { + if (!have_gpg_version (gpg, "2.1.12")) + err = gpg_error (GPG_ERR_NOT_SUPPORTED); + else + err = add_arg (gpg, "--unwrap"); + } + if (!err && export_session_key) err = add_arg (gpg, "--show-session-key"); @@ -1857,6 +1867,17 @@ gpg_encrypt (void *engine, gpgme_key_t recp[], gpgme_encrypt_flags_t flags, if (!err && use_armor) err = add_arg (gpg, "--armor"); + if (!err && (flags & GPGME_ENCRYPT_WRAP)) + { + /* gpg is current not abale to detect already compressed + * packets. Thus when using + * gpg --unwrap -d | gpg --no-literal -e + * the encryption would add an additional compression layer. + * We better suppress that. */ + flags |= GPGME_ENCRYPT_NO_COMPRESS; + err = add_arg (gpg, "--no-literal"); + } + if (!err && (flags & GPGME_ENCRYPT_NO_COMPRESS)) err = add_arg (gpg, "--compress-algo=none"); @@ -3047,7 +3068,6 @@ struct engine_ops _gpgme_engine_ops_gpg = gpg_set_locale, NULL, /* set_protocol */ gpg_decrypt, - gpg_decrypt, /* decrypt_verify */ gpg_delete, gpg_edit, gpg_encrypt, diff --git a/src/engine-gpgconf.c b/src/engine-gpgconf.c index 4891977..6f7c8ac 100644 --- a/src/engine-gpgconf.c +++ b/src/engine-gpgconf.c @@ -1233,7 +1233,6 @@ struct engine_ops _gpgme_engine_ops_gpgconf = NULL, /* set_locale */ NULL, /* set_protocol */ NULL, /* decrypt */ - NULL, /* decrypt_verify */ NULL, /* delete */ NULL, /* edit */ NULL, /* encrypt */ diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c index 7652363..c3d5427 100644 --- a/src/engine-gpgsm.c +++ b/src/engine-gpgsm.c @@ -1127,12 +1127,16 @@ gpgsm_reset (void *engine) static gpgme_error_t -gpgsm_decrypt (void *engine, gpgme_data_t ciph, gpgme_data_t plain, +gpgsm_decrypt (void *engine, + gpgme_decrypt_flags_t flags, + gpgme_data_t ciph, gpgme_data_t plain, int export_session_key, const char *override_session_key) { engine_gpgsm_t gpgsm = engine; gpgme_error_t err; + (void)flags; + /* gpgsm is not capable of exporting session keys right now, so we * will ignore this if requested. */ (void)export_session_key; @@ -2095,7 +2099,6 @@ struct engine_ops _gpgme_engine_ops_gpgsm = gpgsm_set_locale, NULL, /* set_protocol */ gpgsm_decrypt, - gpgsm_decrypt, gpgsm_delete, /* decrypt_verify */ NULL, /* edit */ gpgsm_encrypt, diff --git a/src/engine-spawn.c b/src/engine-spawn.c index fa406d4..9d587cc 100644 --- a/src/engine-spawn.c +++ b/src/engine-spawn.c @@ -449,7 +449,6 @@ struct engine_ops _gpgme_engine_ops_spawn = NULL, /* set_locale */ NULL, /* set_protocol */ NULL, /* decrypt */ - NULL, /* decrypt_verify */ NULL, /* delete */ NULL, /* edit */ NULL, /* encrypt */ diff --git a/src/engine-uiserver.c b/src/engine-uiserver.c index 12efd27..20a8abf 100644 --- a/src/engine-uiserver.c +++ b/src/engine-uiserver.c @@ -959,14 +959,16 @@ uiserver_reset (void *engine) static gpgme_error_t -_uiserver_decrypt (void *engine, int verify, - gpgme_data_t ciph, gpgme_data_t plain, - int export_session_key, const char *override_session_key) +uiserver_decrypt (void *engine, + gpgme_decrypt_flags_t flags, + gpgme_data_t ciph, gpgme_data_t plain, + int export_session_key, const char *override_session_key) { engine_uiserver_t uiserver = engine; gpgme_error_t err; const char *protocol; char *cmd; + int verify = !!(flags & GPGME_DECRYPT_VERIFY); (void)override_session_key; /* Fixme: We need to see now to add this * to the UI server protocol */ @@ -1011,25 +1013,6 @@ _uiserver_decrypt (void *engine, int verify, static gpgme_error_t -uiserver_decrypt (void *engine, gpgme_data_t ciph, gpgme_data_t plain, - int export_session_key, const char *override_session_key) -{ - return _uiserver_decrypt (engine, 0, ciph, plain, - export_session_key, override_session_key); -} - - -static gpgme_error_t -uiserver_decrypt_verify (void *engine, gpgme_data_t ciph, gpgme_data_t plain, - int export_session_key, - const char *override_session_key) -{ - return _uiserver_decrypt (engine, 1, ciph, plain, - export_session_key, override_session_key); -} - - -static gpgme_error_t set_recipients (engine_uiserver_t uiserver, gpgme_key_t recp[]) { gpgme_error_t err = 0; @@ -1383,7 +1366,6 @@ struct engine_ops _gpgme_engine_ops_uiserver = uiserver_set_locale, uiserver_set_protocol, uiserver_decrypt, - uiserver_decrypt_verify, NULL, /* delete */ NULL, /* edit */ uiserver_encrypt, diff --git a/src/engine.c b/src/engine.c index a918a50..278916d 100644 --- a/src/engine.c +++ b/src/engine.c @@ -652,7 +652,9 @@ _gpgme_engine_set_protocol (engine_t engine, gpgme_protocol_t protocol) gpgme_error_t -_gpgme_engine_op_decrypt (engine_t engine, gpgme_data_t ciph, +_gpgme_engine_op_decrypt (engine_t engine, + gpgme_decrypt_flags_t flags, + gpgme_data_t ciph, gpgme_data_t plain, int export_session_key, const char *override_session_key) { @@ -662,29 +664,12 @@ _gpgme_engine_op_decrypt (engine_t engine, gpgme_data_t ciph, if (!engine->ops->decrypt) return gpg_error (GPG_ERR_NOT_IMPLEMENTED); - return (*engine->ops->decrypt) (engine->engine, ciph, plain, + return (*engine->ops->decrypt) (engine->engine, flags, ciph, plain, export_session_key, override_session_key); } gpgme_error_t -_gpgme_engine_op_decrypt_verify (engine_t engine, gpgme_data_t ciph, - gpgme_data_t plain, int export_session_key, - const char *override_session_key) -{ - if (!engine) - return gpg_error (GPG_ERR_INV_VALUE); - - if (!engine->ops->decrypt_verify) - return gpg_error (GPG_ERR_NOT_IMPLEMENTED); - - return (*engine->ops->decrypt_verify) (engine->engine, ciph, plain, - export_session_key, - override_session_key); -} - - -gpgme_error_t _gpgme_engine_op_delete (engine_t engine, gpgme_key_t key, int allow_secret) { diff --git a/src/engine.h b/src/engine.h index 1064f5e..dd0ef9c 100644 --- a/src/engine.h +++ b/src/engine.h @@ -83,16 +83,12 @@ gpgme_error_t _gpgme_engine_set_colon_line_handler (engine_t engine, engine_colon_line_handler_t fnc, void *fnc_value); -gpgme_error_t _gpgme_engine_op_decrypt (engine_t engine, gpgme_data_t ciph, +gpgme_error_t _gpgme_engine_op_decrypt (engine_t engine, + gpgme_decrypt_flags_t flags, + gpgme_data_t ciph, gpgme_data_t plain, int export_session_key, const char *override_session_key); -gpgme_error_t _gpgme_engine_op_decrypt_verify (engine_t engine, - gpgme_data_t ciph, - gpgme_data_t plain, - int export_session_key, - const char *override_session_key - ); gpgme_error_t _gpgme_engine_op_delete (engine_t engine, gpgme_key_t key, int allow_secret); gpgme_error_t _gpgme_engine_op_edit (engine_t engine, int type, diff --git a/src/gpgme.def b/src/gpgme.def index 9faffb8..51053cd 100644 --- a/src/gpgme.def +++ b/src/gpgme.def @@ -259,5 +259,8 @@ EXPORTS gpgme_op_set_uid_flag_start @193 gpgme_op_set_uid_flag @194 + gpgme_op_decrypt_ext @195 + gpgme_op_decrypt_ext_start @196 + ; END diff --git a/src/gpgme.h.in b/src/gpgme.h.in index e9ee6e2..b6c1406 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -1238,7 +1238,8 @@ typedef enum GPGME_ENCRYPT_EXPECT_SIGN = 8, GPGME_ENCRYPT_NO_COMPRESS = 16, GPGME_ENCRYPT_SYMMETRIC = 32, - GPGME_ENCRYPT_THROW_KEYIDS = 64 + GPGME_ENCRYPT_THROW_KEYIDS = 64, + GPGME_ENCRYPT_WRAP = 128 } gpgme_encrypt_flags_t; @@ -1317,6 +1318,14 @@ typedef struct _gpgme_op_decrypt_result *gpgme_decrypt_result_t; /* Retrieve a pointer to the result of the decrypt operation. */ gpgme_decrypt_result_t gpgme_op_decrypt_result (gpgme_ctx_t ctx); +/* The valid decryption flags. */ +typedef enum + { + GPGME_DECRYPT_VERIFY = 1, + GPGME_DECRYPT_UNWRAP = 128 + } +gpgme_decrypt_flags_t; + /* Decrypt ciphertext CIPHER within CTX and store the resulting plaintext in PLAIN. */ gpgme_error_t gpgme_op_decrypt_start (gpgme_ctx_t ctx, gpgme_data_t cipher, @@ -1332,6 +1341,19 @@ gpgme_error_t gpgme_op_decrypt_verify_start (gpgme_ctx_t ctx, gpgme_error_t gpgme_op_decrypt_verify (gpgme_ctx_t ctx, gpgme_data_t cipher, gpgme_data_t plain); +/* Decrypt ciphertext CIPHER within CTX and store the resulting + * plaintext in PLAIN. With the flag GPGME_DECRYPT_VERIFY also do a + * signature verification pn the plaintext. */ +gpgme_error_t gpgme_op_decrypt_ext_start (gpgme_ctx_t ctx, + gpgme_decrypt_flags_t flags, + gpgme_data_t cipher, + gpgme_data_t plain); +gpgme_error_t gpgme_op_decrypt_ext (gpgme_ctx_t ctx, + gpgme_decrypt_flags_t flags, + gpgme_data_t cipher, + gpgme_data_t plain); + + /* * Signing. diff --git a/src/libgpgme.vers b/src/libgpgme.vers index 037a6ae..adc8d7d 100644 --- a/src/libgpgme.vers +++ b/src/libgpgme.vers @@ -129,6 +129,9 @@ GPGME_1.1 { gpgme_op_set_uid_flag_start; gpgme_op_set_uid_flag; + + gpgme_op_decrypt_ext; + gpgme_op_decrypt_ext_start; }; diff --git a/src/ops.h b/src/ops.h index 97b1019..cc61dc4 100644 --- a/src/ops.h +++ b/src/ops.h @@ -89,6 +89,9 @@ gpgme_error_t _gpgme_op_decrypt_init_result (gpgme_ctx_t ctx); gpgme_error_t _gpgme_decrypt_status_handler (void *priv, gpgme_status_code_t code, char *args); +gpgme_error_t _gpgme_decrypt_start (gpgme_ctx_t ctx, int synchronous, + gpgme_decrypt_flags_t flags, + gpgme_data_t cipher, gpgme_data_t plain); /* From signers.c. */ diff --git a/tests/run-decrypt.c b/tests/run-decrypt.c index 8bcca0e..0fcacf8 100644 --- a/tests/run-decrypt.c +++ b/tests/run-decrypt.c @@ -80,6 +80,7 @@ show_usage (int ex) " --cms use the CMS protocol\n" " --export-session-key show the session key\n" " --override-session-key STRING use STRING as session key\n" + " --unwrap remove only the encryption layer\n" , stderr); exit (ex); } @@ -92,6 +93,7 @@ main (int argc, char **argv) gpgme_error_t err; gpgme_ctx_t ctx; gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP; + gpgme_decrypt_flags_t flags = 0; FILE *fp_in = NULL; gpgme_data_t in = NULL; gpgme_data_t out = NULL; @@ -99,6 +101,7 @@ main (int argc, char **argv) int print_status = 0; int export_session_key = 0; const char *override_session_key = NULL; + int raw_output = 0; if (argc) { argc--; argv++; } @@ -146,6 +149,12 @@ main (int argc, char **argv) override_session_key = *argv; argc--; argv++; } + else if (!strcmp (*argv, "--unwrap")) + { + flags |= GPGME_DECRYPT_UNWRAP; + raw_output = 1; + argc--; argv++; + } else if (!strncmp (*argv, "--", 2)) show_usage (1); @@ -211,7 +220,7 @@ main (int argc, char **argv) exit (1); } - err = gpgme_op_decrypt (ctx, in, out); + err = gpgme_op_decrypt_ext (ctx, flags, in, out); result = gpgme_op_decrypt_result (ctx); if (err) { @@ -220,8 +229,13 @@ main (int argc, char **argv) } if (result) { - print_result (result); + if (!raw_output) + print_result (result); + if (!raw_output) + fputs ("Begin Output:\n", stdout); print_data (out); + if (!raw_output) + fputs ("End Output.\n", stdout); } gpgme_data_release (out); diff --git a/tests/run-encrypt.c b/tests/run-encrypt.c index c148e93..e949d76 100644 --- a/tests/run-encrypt.c +++ b/tests/run-encrypt.c @@ -89,6 +89,7 @@ show_usage (int ex) " --loopback use a loopback pinentry\n" " --key NAME encrypt to key NAME\n" " --throw-keyids use this option\n" + " --wrap assume input is valid OpenPGP message\n" " --symmetric encrypt symmetric (OpenPGP only)\n" , stderr); exit (ex); @@ -176,6 +177,11 @@ main (int argc, char **argv) flags |= GPGME_ENCRYPT_THROW_KEYIDS; argc--; argv++; } + else if (!strcmp (*argv, "--wrap")) + { + flags |= GPGME_ENCRYPT_WRAP; + argc--; argv++; + } else if (!strcmp (*argv, "--loopback")) { use_loopback = 1; ----------------------------------------------------------------------- Summary of changes: NEWS | 5 ++++ doc/gpgme.texi | 52 +++++++++++++++++++++++++++++++++++++++ src/decrypt-verify.c | 67 +++++++++++++++++++++++++++++++++++++++++++++++---- src/decrypt.c | 18 +++++++++----- src/engine-assuan.c | 1 - src/engine-backend.h | 7 +++--- src/engine-g13.c | 1 - src/engine-gpg.c | 24 ++++++++++++++++-- src/engine-gpgconf.c | 1 - src/engine-gpgsm.c | 7 ++++-- src/engine-spawn.c | 1 - src/engine-uiserver.c | 28 ++++----------------- src/engine.c | 23 +++--------------- src/engine.h | 10 +++----- src/gpgme.def | 3 +++ src/gpgme.h.in | 24 +++++++++++++++++- src/libgpgme.vers | 3 +++ src/ops.h | 3 +++ tests/run-decrypt.c | 18 ++++++++++++-- tests/run-encrypt.c | 6 +++++ 20 files changed, 227 insertions(+), 75 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Fri Mar 24 17:02:46 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 24 Mar 2017 17:02:46 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-78-g0b3770c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 0b3770c421a35b64823a805fa8d49ddd5c653d50 (commit) via 2c237c13628a88ba23742da34ea18d3e205d7c53 (commit) via 6fab7bba879d7794e32112cf3eddd8d87130a5d7 (commit) via 26086b362ff47d21b1abefaf674a6464bf0a8921 (commit) from 2c9d9ac55ea455a5ec26428989dced0311ed46cc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0b3770c421a35b64823a805fa8d49ddd5c653d50 Author: Werner Koch Date: Fri Mar 24 11:51:44 2017 +0100 gpg: Improve check for already compressed packets. * common/miscellaneous.c (is_openpgp_compressed_packet): New. (is_file_compressed): Rerad 2 more bytes and call new function. -- Note that this does not yet allow to detect compressed data piped to gpg. This requires a proper read-ahead in iobuf.c which is complicated due to the auto-removal of filter functions. Thus such an read-ahead needs to be done in the I/O backend of iobuf. Signed-off-by: Werner Koch diff --git a/common/miscellaneous.c b/common/miscellaneous.c index c988975..c9c603d 100644 --- a/common/miscellaneous.c +++ b/common/miscellaneous.c @@ -318,6 +318,50 @@ make_printable_string (const void *p, size_t n, int delim ) } +/* Check whether (BUF,LEN) is valid header for an OpenPGP compressed + * packet. LEN should be at least 6. */ +static int +is_openpgp_compressed_packet (unsigned char *buf, size_t len) +{ + int c, ctb, pkttype; + int lenbytes; + + ctb = *buf++; len--; + if (!(ctb & 0x80)) + return 0; /* Invalid packet. */ + + if ((ctb & 0x40)) /* New style (OpenPGP) CTB. */ + { + pkttype = (ctb & 0x3f); + if (!len) + return 0; /* Expected first length octet missing. */ + c = *buf++; len--; + if (c < 192) + ; + else if (c < 224) + { + if (!len) + return 0; /* Expected second length octet missing. */ + } + else if (c == 255) + { + if (len < 4) + return 0; /* Expected length octets missing */ + } + } + else /* Old style CTB. */ + { + pkttype = (ctb>>2)&0xf; + lenbytes = ((ctb&3)==3)? 0 : (1<<(ctb & 3)); + if (len < lenbytes) + return 0; /* Not enough length bytes. */ + } + + return (pkttype == 8); +} + + + /* * Check if the file is compressed. */ @@ -325,8 +369,9 @@ int is_file_compressed (const char *s, int *ret_rc) { iobuf_t a; - byte buf[4]; - int i, rc = 0; + byte buf[6]; + int i; + int rc = 0; int overflow; struct magic_compress_s { @@ -347,12 +392,12 @@ is_file_compressed (const char *s, int *ret_rc) return 0; } - if ( iobuf_get_filelength( a, &overflow ) < 4 && !overflow) { + if ( iobuf_get_filelength( a, &overflow ) < 6 && !overflow) { *ret_rc = 0; goto leave; } - if ( iobuf_read( a, buf, 4 ) == -1 ) { + if ( iobuf_read( a, buf, 6 ) == -1 ) { *ret_rc = a->error; goto leave; } @@ -361,11 +406,17 @@ is_file_compressed (const char *s, int *ret_rc) if ( !memcmp( buf, magic[i].magic, magic[i].len ) ) { *ret_rc = 0; rc = 1; - break; + goto leave; } } -leave: + if (is_openpgp_compressed_packet (buf, 6)) + { + *ret_rc = 0; + rc = 1; + } + + leave: iobuf_close( a ); return rc; } commit 2c237c13628a88ba23742da34ea18d3e205d7c53 Author: Werner Koch Date: Fri Mar 24 10:30:17 2017 +0100 agent: New option --enable-extended-key-format. * agent/gpg-agent.c (oEnableExtendedKeyFormat): New const. (opts): New option --enable-extended-key-format. (parse_rereadable_options): Set option * agent/findkey.c (write_extended_private_key): Add arg 'update'. (agent_write_private_key): Implement new option. Signed-off-by: Werner Koch diff --git a/agent/agent.h b/agent/agent.h index 3b53ba4..01e675b 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -124,6 +124,9 @@ struct passphrase change. */ int enable_passphrase_history; + /* If set the extended key format is used for new keys. */ + int enable_extended_key_format; + int running_detached; /* We are running detached from the tty. */ /* If this global option is true, the passphrase cache is ignored diff --git a/agent/findkey.c b/agent/findkey.c index 4429b7a..0b2ddf1 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -52,23 +52,38 @@ struct try_unprotect_arg_s }; +/* Note: Ownership of FNAME and FP are moved to this function. */ static gpg_error_t -write_extended_private_key (char *fname, estream_t fp, +write_extended_private_key (char *fname, estream_t fp, int update, const void *buf, size_t len) { gpg_error_t err; nvc_t pk = NULL; gcry_sexp_t key = NULL; int remove = 0; - int line; - err = nvc_parse_private_key (&pk, &line, fp); - if (err) + if (update) { - log_error ("error parsing '%s' line %d: %s\n", - fname, line, gpg_strerror (err)); - goto leave; + int line; + + err = nvc_parse_private_key (&pk, &line, fp); + if (err && gpg_err_code (err) != GPG_ERR_ENOENT) + { + log_error ("error parsing '%s' line %d: %s\n", + fname, line, gpg_strerror (err)); + goto leave; + } } + else + { + pk = nvc_new_private_key (); + if (!pk) + { + err = gpg_error_from_syserror (); + goto leave; + } + } + es_clearerr (fp); err = gcry_sexp_sscan (&key, NULL, buf, len); if (err) @@ -111,8 +126,7 @@ write_extended_private_key (char *fname, estream_t fp, bump_key_eventcounter (); leave: - if (fp) - es_fclose (fp); + es_fclose (fp); if (remove) gnupg_remove (fname); xfree (fname); @@ -193,11 +207,19 @@ agent_write_private_key (const unsigned char *grip, if (first != '(') { - /* Key is in extended format. */ - return write_extended_private_key (fname, fp, buffer, length); + /* Key is already in the extended format. */ + return write_extended_private_key (fname, fp, 1, buffer, length); + } + if (first == '(' && opt.enable_extended_key_format) + { + /* Key is in the old format - but we want the extended format. */ + return write_extended_private_key (fname, fp, 0, buffer, length); } } + if (opt.enable_extended_key_format) + return write_extended_private_key (fname, fp, 0, buffer, length); + if (es_fwrite (buffer, length, 1, fp) != 1) { gpg_error_t tmperr = gpg_error_from_syserror (); diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index c84dce7..49b10c1 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -111,6 +111,7 @@ enum cmd_and_opt_values oCheckPassphrasePattern, oMaxPassphraseDays, oEnablePassphraseHistory, + oEnableExtendedKeyFormat, oUseStandardSocket, oNoUseStandardSocket, oExtraSocket, @@ -238,6 +239,7 @@ static ARGPARSE_OPTS opts[] = { /* */ "@" #endif ), + ARGPARSE_s_n (oEnableExtendedKeyFormat, "enable-extended-key-format", "@"), /* Dummy options for backward compatibility. */ ARGPARSE_o_s (oWriteEnvFile, "write-env-file", "@"), @@ -790,6 +792,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) opt.check_passphrase_pattern = NULL; opt.max_passphrase_days = MAX_PASSPHRASE_DAYS; opt.enable_passphrase_history = 0; + opt.enable_extended_key_format = 0; opt.ignore_cache_for_signing = 0; opt.allow_mark_trusted = 1; opt.allow_external_cache = 1; @@ -859,6 +862,10 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) opt.enable_passphrase_history = 1; break; + case oEnableExtendedKeyFormat: + opt.enable_extended_key_format = 1; + break; + case oIgnoreCacheForSigning: opt.ignore_cache_for_signing = 1; break; case oAllowMarkTrusted: opt.allow_mark_trusted = 1; break; diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index b72892c..ca9d469 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -571,6 +571,15 @@ local gpg-agent and use its private keys. This enables decrypting or signing data on a remote machine without exposing the private keys to the remote machine. + at anchor{option --enable-extended-key-format} + at item --enable-extended-key-format + at opindex enable-extended-key-format +This option creates keys in the extended private key format. Changing +the passphrase of a key will also convert the key to that new format. +Using this option makes the private keys unreadable for gpg-agent +versions before 2.1.12. The advantage of the extended private key +format is that it is text based and can carry additional meta data. + @anchor{option --enable-ssh-support} @item --enable-ssh-support commit 6fab7bba879d7794e32112cf3eddd8d87130a5d7 Author: Werner Koch Date: Fri Mar 24 09:02:02 2017 +0100 agent: New option --stub-only for DELETE_KEY * agent/findkey.c (agent_delete_key): Add arg 'only_stubs'. * agent/command.c (cmd_delete_key): Add option --stub-only. -- This option can be used to savely remove stub keys. diff --git a/agent/agent.h b/agent/agent.h index e98a246..3b53ba4 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -406,7 +406,8 @@ gpg_error_t agent_key_info_from_file (ctrl_t ctrl, const unsigned char *grip, int *r_keytype, unsigned char **r_shadow_info); gpg_error_t agent_delete_key (ctrl_t ctrl, const char *desc_text, - const unsigned char *grip, int force); + const unsigned char *grip, + int force, int only_stubs); /*-- call-pinentry.c --*/ void initialize_module_call_pinentry (void); diff --git a/agent/command.c b/agent/command.c index 79fb0ce..1f8f7c2 100644 --- a/agent/command.c +++ b/agent/command.c @@ -2433,23 +2433,25 @@ cmd_export_key (assuan_context_t ctx, char *line) static const char hlp_delete_key[] = - "DELETE_KEY [--force] \n" + "DELETE_KEY [--force|--stub-only] \n" "\n" "Delete a secret key from the key store. If --force is used\n" "and a loopback pinentry is allowed, the agent will not ask\n" - "the user for confirmation."; + "the user for confirmation. If --stub-only is used the key will\n" + "only be deleted if it is a reference to a token."; static gpg_error_t cmd_delete_key (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err; - int force; + int force, stub_only; unsigned char grip[20]; if (ctrl->restricted) return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); force = has_option (line, "--force"); + stub_only = has_option (line, "--stub-only"); line = skip_options (line); /* If the use of a loopback pinentry has been disabled, we assume @@ -2461,7 +2463,8 @@ cmd_delete_key (assuan_context_t ctx, char *line) if (err) goto leave; - err = agent_delete_key (ctrl, ctrl->server_local->keydesc, grip, force ); + err = agent_delete_key (ctrl, ctrl->server_local->keydesc, grip, + force, stub_only); if (err) goto leave; diff --git a/agent/findkey.c b/agent/findkey.c index a196fdc..4429b7a 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -1413,18 +1413,20 @@ agent_key_info_from_file (ctrl_t ctrl, const unsigned char *grip, /* Delete the key with GRIP from the disk after having asked for - confirmation using DESC_TEXT. If FORCE is set the function won't - require a confirmation via Pinentry or warns if the key is also - used by ssh. - - Common error codes are: - GPG_ERR_NO_SECKEY - GPG_ERR_KEY_ON_CARD - GPG_ERR_NOT_CONFIRMED -*/ + * confirmation using DESC_TEXT. If FORCE is set the function won't + * require a confirmation via Pinentry or warns if the key is also + * used by ssh. If ONLY_STUBS is set only stub keys (references to + * smartcards) will be affected. + * + * Common error codes are: + * GPG_ERR_NO_SECKEY + * GPG_ERR_KEY_ON_CARD + * GPG_ERR_NOT_CONFIRMED + * GPG_ERR_FORBIDDEN - Not a stub key and ONLY_STUBS requested. + */ gpg_error_t agent_delete_key (ctrl_t ctrl, const char *desc_text, - const unsigned char *grip, int force) + const unsigned char *grip, int force, int only_stubs) { gpg_error_t err; gcry_sexp_t s_skey = NULL; @@ -1435,6 +1437,7 @@ agent_delete_key (ctrl_t ctrl, const char *desc_text, ssh_control_file_t cf = NULL; char hexgrip[40+4+1]; char *default_desc = NULL; + int key_type; err = read_key_file (grip, &s_skey); if (gpg_err_code (err) == GPG_ERR_ENOENT) @@ -1446,7 +1449,14 @@ agent_delete_key (ctrl_t ctrl, const char *desc_text, if (err) goto leave; - switch (agent_private_key_type (buf)) + key_type = agent_private_key_type (buf); + if (only_stubs && key_type != PRIVATE_KEY_SHADOWED) + { + err = gpg_error (GPG_ERR_FORBIDDEN); + goto leave; + } + + switch (key_type) { case PRIVATE_KEY_CLEAR: case PRIVATE_KEY_OPENPGP_NONE: commit 26086b362ff47d21b1abefaf674a6464bf0a8921 Author: Werner Koch Date: Thu Mar 23 09:38:19 2017 +0100 common: Implicitly do a gpgconf --create-socketdir. * common/homedir.c (_gnupg_socketdir_internal): Create the sub-directory. -- Although there is no auto cleanup (yet) this should be helpful. Let's see whether possibly leaving stale directories around is better than running into trouble when --create-socketdir was not used. Signed-off-by: Werner Koch diff --git a/common/homedir.c b/common/homedir.c index 3055a32..ee4438c 100644 --- a/common/homedir.c +++ b/common/homedir.c @@ -542,7 +542,7 @@ _gnupg_socketdir_internal (int skip_checks, unsigned *r_info) /* If a non default homedir is used, we check whether an * corresponding sub directory below the socket dir is available - * and use that. We has the non default homedir to keep the new + * and use that. We hash the non default homedir to keep the new * subdir short enough. */ if (non_default_homedir) { @@ -566,16 +566,27 @@ _gnupg_socketdir_internal (int skip_checks, unsigned *r_info) goto leave; } - /* Stat that directory and check constraints. Note that we - * do not auto create such a directory because we would not - * have a way to remove it. Thus the directory needs to be - * pre-created. The command - * gpgconf --create-socketdir - * can be used tocreate that directory. */ + /* Stat that directory and check constraints. + * The command + * gpgconf --remove-socketdir + * can be used to remove that directory. */ if (stat (name, &sb)) { if (errno != ENOENT) *r_info |= 1; /* stat failed. */ + else if (!skip_checks) + { + /* Try to create the directory and check again. */ + if (gnupg_mkdir (name, "-rwx")) + *r_info |= 16; /* mkdir failed. */ + else if (stat (prefix, &sb)) + { + if (errno != ENOENT) + *r_info |= 1; /* stat failed. */ + else + *r_info |= 64; /* Subdir does not exist. */ + } + } else *r_info |= 64; /* Subdir does not exist. */ if (!skip_checks) ----------------------------------------------------------------------- Summary of changes: agent/agent.h | 6 +++- agent/command.c | 11 +++++--- agent/findkey.c | 76 +++++++++++++++++++++++++++++++++++--------------- agent/gpg-agent.c | 7 +++++ common/homedir.c | 25 ++++++++++++----- common/miscellaneous.c | 63 +++++++++++++++++++++++++++++++++++++---- doc/gpg-agent.texi | 9 ++++++ 7 files changed, 157 insertions(+), 40 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Mar 24 17:10:47 2017 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Fri, 24 Mar 2017 17:10:47 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.8.0-119-g5493164 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 5493164f8665fabf795f3b34a7084770a38ae940 (commit) via 8ad37ecc297f208d0a63783c1ffae33ad4c3c81a (commit) from 6ac1f2cdedb085b4ac9372c1e591497e2e618de4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5493164f8665fabf795f3b34a7084770a38ae940 Author: Andre Heinecke Date: Fri Mar 24 16:58:58 2017 +0100 qt: Add unittest for decrypt unwrap * lang/qt/tests/t-encrypt.cpp (EncryptTest::testEncryptDecryptNowrap): New. diff --git a/lang/qt/tests/t-encrypt.cpp b/lang/qt/tests/t-encrypt.cpp index ba4a1c5..199517f 100644 --- a/lang/qt/tests/t-encrypt.cpp +++ b/lang/qt/tests/t-encrypt.cpp @@ -39,6 +39,8 @@ #include #include "keylistjob.h" #include "encryptjob.h" +#include "signencryptjob.h" +#include "signingresult.h" #include "qgpgmeencryptjob.h" #include "encryptionresult.h" #include "decryptionresult.h" @@ -46,6 +48,7 @@ #include "qgpgmebackend.h" #include "keylistresult.h" #include "engineinfo.h" +#include "verifyopaquejob.h" #include "t-support.h" #define PROGRESS_TEST_SIZE 1 * 1024 * 1024 @@ -109,7 +112,7 @@ private Q_SLOTS: auto decJob = new QGpgMEDecryptJob(ctx); QByteArray plainText; auto decResult = decJob->exec(cipherText, plainText); - QVERIFY(!result.error()); + QVERIFY(!decResult.error()); QVERIFY(QString::fromUtf8(plainText) == QStringLiteral("Hello World")); delete decJob; } @@ -200,6 +203,68 @@ private Q_SLOTS: delete decJob; } + void testEncryptDecryptNowrap() + { + /* Now decrypt */ + if (!decryptSupported()) { + return; + } + auto listjob = openpgp()->keyListJob(false, false, false); + std::vector keys; + auto keylistresult = listjob->exec(QStringList() << QStringLiteral("alfa at example.net"), + false, keys); + QVERIFY(!keylistresult.error()); + QVERIFY(keys.size() == 1); + delete listjob; + + auto job = openpgp()->signEncryptJob(/*ASCII Armor */true, /* Textmode */ true); + + auto encSignCtx = Job::context(job); + TestPassphraseProvider provider1; + encSignCtx->setPassphraseProvider(&provider1); + encSignCtx->setPinentryMode(Context::PinentryLoopback); + + QVERIFY(job); + QByteArray cipherText; + auto result = job->exec(keys, keys, QStringLiteral("Hello World").toUtf8(), Context::AlwaysTrust, cipherText); + delete job; + QVERIFY(!result.first.error()); + QVERIFY(!result.second.error()); + const auto cipherString = QString::fromUtf8(cipherText); + QVERIFY(cipherString.startsWith("-----BEGIN PGP MESSAGE-----")); + + /* Now decrypt */ + if (!decryptSupported()) { + return; + } + auto ctx = Context::createForProtocol(OpenPGP); + TestPassphraseProvider provider; + ctx->setPassphraseProvider(&provider); + ctx->setPinentryMode(Context::PinentryLoopback); + ctx->setDecryptionFlags(Context::DecryptUnwrap); + + auto decJob = new QGpgMEDecryptJob(ctx); + QByteArray plainText; + auto decResult = decJob->exec(cipherText, plainText); + + QVERIFY(!decResult.error()); + + delete decJob; + + // Now verify the unwrapeped data. + auto verifyJob = openpgp()->verifyOpaqueJob(true); + QByteArray verified; + + auto verResult = verifyJob->exec(plainText, verified); + QVERIFY(!verResult.error()); + delete verifyJob; + + QVERIFY(verResult.numSignatures() == 1); + auto sig = verResult.signatures()[0]; + + QVERIFY(verified == QStringLiteral("Hello World")); + } + private: /* Loopback and passphrase provider don't work for mixed encryption. * So this test is disabled until gnupg(?) is fixed for this. */ commit 8ad37ecc297f208d0a63783c1ffae33ad4c3c81a Author: Andre Heinecke Date: Fri Mar 24 16:51:26 2017 +0100 cpp: Use gpgme_op_decrypt_ex and add new flags. * lang/cpp/src/context.cpp: New decrypt and decryptVerify functions that take flags as arguments. Use new variants in old functions. (Context::setDecryptionFlags): New helper. (Context::Private::Private): Initialize new member. * lang/cpp/src/context_p.h (Context::Private::decryptFlags): New. * lang/cpp/src/context.h (Context::DecryptFlags): New enum. (Context::EncryptionFlags): Extend for EncryptWrap. -- The setDecryptionFlags provides a generic way to set decryption flags for the whole context. This allows existing code to just keep using the old functions and modify the decryption behavior in a central place. diff --git a/lang/cpp/src/context.cpp b/lang/cpp/src/context.cpp index 040e8f3..c20e5a9 100644 --- a/lang/cpp/src/context.cpp +++ b/lang/cpp/src/context.cpp @@ -280,6 +280,11 @@ std::unique_ptr Context::createForEngine(Engine eng, Error *error) return std::unique_ptr(new Context(ctx)); } +void Context::setDecryptionFlags(DecryptionFlags flags) +{ + d->decryptFlags = flags; +} + // // // Context::Private @@ -294,7 +299,8 @@ Context::Private::Private(gpgme_ctx_t c) lastAssuanInquireData(Data::null), lastAssuanTransaction(), lastEditInteractor(), - lastCardEditInteractor() + lastCardEditInteractor(), + decryptFlags(DecryptNone) { } @@ -904,21 +910,32 @@ std::unique_ptr Context::takeLastAssuanTransaction() return std::move(d->lastAssuanTransaction); } -DecryptionResult Context::decrypt(const Data &cipherText, Data &plainText) +DecryptionResult Context::decrypt(const Data &cipherText, Data &plainText, const DecryptionFlags flags) { d->lastop = Private::Decrypt; const Data::Private *const cdp = cipherText.impl(); Data::Private *const pdp = plainText.impl(); - d->lasterr = gpgme_op_decrypt(d->ctx, cdp ? cdp->data : 0, pdp ? pdp->data : 0); + d->lasterr = gpgme_op_decrypt_ext(d->ctx, static_cast (d->decryptFlags), cdp ? cdp->data : 0, pdp ? pdp->data : 0); return DecryptionResult(d->ctx, Error(d->lasterr)); } -Error Context::startDecryption(const Data &cipherText, Data &plainText) +DecryptionResult Context::decrypt(const Data &cipherText, Data &plainText) +{ + return decrypt(cipherText, plainText, DecryptNone); +} + +Error Context::startDecryption(const Data &cipherText, Data &plainText, const DecryptionFlags flags) { d->lastop = Private::Decrypt; const Data::Private *const cdp = cipherText.impl(); Data::Private *const pdp = plainText.impl(); - return Error(d->lasterr = gpgme_op_decrypt_start(d->ctx, cdp ? cdp->data : 0, pdp ? pdp->data : 0)); + return Error(d->lasterr = gpgme_op_decrypt_ext_start(d->ctx, static_cast (d->decryptFlags), + cdp ? cdp->data : 0, pdp ? pdp->data : 0)); +} + +Error Context::startDecryption(const Data &cipherText, Data &plainText) +{ + return startDecryption(cipherText, plainText, DecryptNone); } DecryptionResult Context::decryptionResult() const @@ -973,22 +990,33 @@ VerificationResult Context::verificationResult() const } } -std::pair Context::decryptAndVerify(const Data &cipherText, Data &plainText) +std::pair Context::decryptAndVerify(const Data &cipherText, Data &plainText, DecryptionFlags flags) { d->lastop = Private::DecryptAndVerify; const Data::Private *const cdp = cipherText.impl(); Data::Private *const pdp = plainText.impl(); - d->lasterr = gpgme_op_decrypt_verify(d->ctx, cdp ? cdp->data : 0, pdp ? pdp->data : 0); + d->lasterr = gpgme_op_decrypt_ext(d->ctx, static_cast (d->decryptFlags | DecryptVerify), + cdp ? cdp->data : 0, pdp ? pdp->data : 0); return std::make_pair(DecryptionResult(d->ctx, Error(d->lasterr)), VerificationResult(d->ctx, Error(d->lasterr))); } -Error Context::startCombinedDecryptionAndVerification(const Data &cipherText, Data &plainText) +std::pair Context::decryptAndVerify(const Data &cipherText, Data &plainText) +{ + return decryptAndVerify(cipherText, plainText, DecryptNone); +} + +Error Context::startCombinedDecryptionAndVerification(const Data &cipherText, Data &plainText, DecryptionFlags flags) { d->lastop = Private::DecryptAndVerify; const Data::Private *const cdp = cipherText.impl(); Data::Private *const pdp = plainText.impl(); - return Error(d->lasterr = gpgme_op_decrypt_verify_start(d->ctx, cdp ? cdp->data : 0, pdp ? pdp->data : 0)); + return Error(d->lasterr = gpgme_op_decrypt_ext_start(d->ctx, static_cast (d->decryptFlags | DecryptVerify), cdp ? cdp->data : 0, pdp ? pdp->data : 0)); +} + +Error Context::startCombinedDecryptionAndVerification(const Data &cipherText, Data &plainText) +{ + return startCombinedDecryptionAndVerification(cipherText, plainText, DecryptNone); } unsigned int to_auditlog_flags(unsigned int flags) diff --git a/lang/cpp/src/context.h b/lang/cpp/src/context.h index b075bf1..bec4e39 100644 --- a/lang/cpp/src/context.h +++ b/lang/cpp/src/context.h @@ -261,14 +261,28 @@ public: // // Crypto Operations // - // + + enum DecryptionFlags { + // Keep in line with core's flags + DecryptNone = 0, + DecryptVerify = 1, + DecryptUnwrap = 128, + DecryptMaxValue = 0x80000000 + }; // // Decryption // + // Alternative way to set decryption flags as they were added only in + // 1.9.0 and so other API can still be used but with 1.9.0 additionally + // flags can be set. + void setDecryptionFlags (const DecryptionFlags flags); + DecryptionResult decrypt(const Data &cipherText, Data &plainText); GpgME::Error startDecryption(const Data &cipherText, Data &plainText); + DecryptionResult decrypt(const Data &cipherText, Data &plainText, const DecryptionFlags flags); + GpgME::Error startDecryption(const Data &cipherText, Data &plainText, const DecryptionFlags flags); DecryptionResult decryptionResult() const; // @@ -286,7 +300,9 @@ public: // std::pair decryptAndVerify(const Data &cipherText, Data &plainText); + std::pair decryptAndVerify(const Data &cipherText, Data &plainText, const DecryptionFlags flags); GpgME::Error startCombinedDecryptionAndVerification(const Data &cipherText, Data &plainText); + GpgME::Error startCombinedDecryptionAndVerification(const Data &cipherText, Data &plainText, const DecryptionFlags flags); // use verificationResult() and decryptionResult() to retrieve the result objects... // @@ -325,7 +341,9 @@ public: Prepare = 4, ExpectSign = 8, NoCompress = 16, - Symmetric = 32 + Symmetric = 32, + ThrowKeyIds = 64, + EncryptWrap = 128 }; EncryptionResult encrypt(const std::vector &recipients, const Data &plainText, Data &cipherText, EncryptionFlags flags); GpgME::Error encryptSymmetrically(const Data &plainText, Data &cipherText); diff --git a/lang/cpp/src/context_p.h b/lang/cpp/src/context_p.h index be34783..d53da0a 100644 --- a/lang/cpp/src/context_p.h +++ b/lang/cpp/src/context_p.h @@ -77,6 +77,7 @@ public: Data lastAssuanInquireData; std::unique_ptr lastAssuanTransaction; std::unique_ptr lastEditInteractor, lastCardEditInteractor; + DecryptionFlags decryptFlags; }; } // namespace GpgME ----------------------------------------------------------------------- Summary of changes: lang/cpp/src/context.cpp | 46 +++++++++++++++++++++++++------ lang/cpp/src/context.h | 22 +++++++++++++-- lang/cpp/src/context_p.h | 1 + lang/qt/tests/t-encrypt.cpp | 67 ++++++++++++++++++++++++++++++++++++++++++++- 4 files changed, 124 insertions(+), 12 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Fri Mar 24 17:25:04 2017 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Fri, 24 Mar 2017 17:25:04 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.8.0-120-g18b7906 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 18b7906078cf08962c54c1e711cf2d91a24fd4e5 (commit) from 5493164f8665fabf795f3b34a7084770a38ae940 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 18b7906078cf08962c54c1e711cf2d91a24fd4e5 Author: Andre Heinecke Date: Fri Mar 24 17:24:04 2017 +0100 cpp: Respect decrypt flags in new functions * lang/cpp/src/context.cpp: Respect directly provided flags in the new decrypt functions. -- Overlooked in the initial commit. Also fixed the according unused variable warnings. diff --git a/lang/cpp/src/context.cpp b/lang/cpp/src/context.cpp index c20e5a9..77962d8 100644 --- a/lang/cpp/src/context.cpp +++ b/lang/cpp/src/context.cpp @@ -915,7 +915,7 @@ DecryptionResult Context::decrypt(const Data &cipherText, Data &plainText, const d->lastop = Private::Decrypt; const Data::Private *const cdp = cipherText.impl(); Data::Private *const pdp = plainText.impl(); - d->lasterr = gpgme_op_decrypt_ext(d->ctx, static_cast (d->decryptFlags), cdp ? cdp->data : 0, pdp ? pdp->data : 0); + d->lasterr = gpgme_op_decrypt_ext(d->ctx, static_cast (d->decryptFlags | flags), cdp ? cdp->data : 0, pdp ? pdp->data : 0); return DecryptionResult(d->ctx, Error(d->lasterr)); } @@ -929,7 +929,7 @@ Error Context::startDecryption(const Data &cipherText, Data &plainText, const De d->lastop = Private::Decrypt; const Data::Private *const cdp = cipherText.impl(); Data::Private *const pdp = plainText.impl(); - return Error(d->lasterr = gpgme_op_decrypt_ext_start(d->ctx, static_cast (d->decryptFlags), + return Error(d->lasterr = gpgme_op_decrypt_ext_start(d->ctx, static_cast (d->decryptFlags | flags), cdp ? cdp->data : 0, pdp ? pdp->data : 0)); } @@ -995,7 +995,7 @@ std::pair Context::decryptAndVerify(const d->lastop = Private::DecryptAndVerify; const Data::Private *const cdp = cipherText.impl(); Data::Private *const pdp = plainText.impl(); - d->lasterr = gpgme_op_decrypt_ext(d->ctx, static_cast (d->decryptFlags | DecryptVerify), + d->lasterr = gpgme_op_decrypt_ext(d->ctx, static_cast (d->decryptFlags | flags | DecryptVerify), cdp ? cdp->data : 0, pdp ? pdp->data : 0); return std::make_pair(DecryptionResult(d->ctx, Error(d->lasterr)), VerificationResult(d->ctx, Error(d->lasterr))); @@ -1011,7 +1011,7 @@ Error Context::startCombinedDecryptionAndVerification(const Data &cipherText, Da d->lastop = Private::DecryptAndVerify; const Data::Private *const cdp = cipherText.impl(); Data::Private *const pdp = plainText.impl(); - return Error(d->lasterr = gpgme_op_decrypt_ext_start(d->ctx, static_cast (d->decryptFlags | DecryptVerify), cdp ? cdp->data : 0, pdp ? pdp->data : 0)); + return Error(d->lasterr = gpgme_op_decrypt_ext_start(d->ctx, static_cast (d->decryptFlags | flags | DecryptVerify), cdp ? cdp->data : 0, pdp ? pdp->data : 0)); } Error Context::startCombinedDecryptionAndVerification(const Data &cipherText, Data &plainText) ----------------------------------------------------------------------- Summary of changes: lang/cpp/src/context.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Fri Mar 24 17:27:20 2017 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Fri, 24 Mar 2017 17:27:20 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.8.0-121-gb6d5449 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via b6d544995047f9dce67316e4cdb12e9a6a9d04e4 (commit) from 18b7906078cf08962c54c1e711cf2d91a24fd4e5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b6d544995047f9dce67316e4cdb12e9a6a9d04e4 Author: Andre Heinecke Date: Fri Mar 24 17:25:26 2017 +0100 Mention new cpp changes in the NEWS -- Somone that calls a function startCombinedDecryptionAndVerification should be required to always type it without autocompletion. diff --git a/NEWS b/NEWS index 104d2b1..e119b9a 100644 --- a/NEWS +++ b/NEWS @@ -32,6 +32,12 @@ Noteworthy changes in version 1.8.1 (unreleased) cpp: Subkey::keyGrip NEW. cpp: Subkey::isDeVs NEW. cpp: Data::toKeys NEW. + cpp: Context::setDecryptFlags NEW. + cpp: Context::decrypt EXTENDED: Flags added. + cpp: Context::startDecrypt EXTENDED: Flags added. + cpp: Context::decryptAndVerify EXTENDED: Flags added. + cpp: Context::startCombinedDecryptionAndVerification EXTENDED: Flags. + cpp: Context::encryptFlags EXTENDED: New flags. qt: CryptoConfig::stringValueList() NEW. py: Context.__init__ EXTENDED: New keyword arg home_dir. py: Context.home_dir NEW. ----------------------------------------------------------------------- Summary of changes: NEWS | 6 ++++++ 1 file changed, 6 insertions(+) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Sat Mar 25 00:07:30 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 25 Mar 2017 00:07:30 +0100 Subject: [git] gnupg-doc - branch, master, updated. 10c01ab0a2e0fc366640fae342603bab4b5b9a0c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 10c01ab0a2e0fc366640fae342603bab4b5b9a0c (commit) from a47208c8596596dfdba9fef78ffe9cb9652fef04 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 10c01ab0a2e0fc366640fae342603bab4b5b9a0c Author: Werner Koch Date: Sat Mar 25 00:03:33 2017 +0100 web: Add more info about the Verein. diff --git a/web/verein/index.org b/web/verein/index.org index 80a6e00..0a0224a 100644 --- a/web/verein/index.org +++ b/web/verein/index.org @@ -10,14 +10,16 @@ lingering plan for setting up a legal entity was finally agreed upon. Work on the constitution started right away and the founding assembly commenced on the next day at 13:37. -The 7 founding members are: +The 7 founding members are: Andre Heinecke, Justus Winter, Kai + Michaelis, Marcus Brinkmann, Neal Walfied, Werner Koch, and Yutaka + Niibe. The elected chair is Werner, the vice Andre, and the cashier + Marcus. The registration number is /VR11482/ at /Amtsgericht + D?sseldorf/. - - Andre Heinecke - - Justus Winter - - Kai Michaelis - - Marcus Brinkmann - - Neal Walfied - - Werner Koch - - Yutaka Niibe +Our [[https://git.gnupg.org/cgi-bin/gitweb.cgi?p%3Dgnupg-project.git%3Ba%3Dblob_plain%3Bf%3Dlegal/constitution.de.pdf][constitution]] is written in German; a legally non-binding + [[https://git.gnupg.org/cgi-bin/gitweb.cgi?p%3Dgnupg-project.git%3Ba%3Dblob_plain%3Bf%3Dlegal/constitution.en.pdf][translation]] is available. The founding protocol can can be read + [[https://git.gnupg.org/cgi-bin/gitweb.cgi?p%3Dgnupg-project.git%3Ba%3Dblob_plain%3Bf%3Dlegal/founding-protocol-20170208.txt][here]]. - /More information about the Verein will soon be availabale here./ + The rules on how to apply for membership will soon be posted. We + will also soon apply for charitable status so that donations will be + tax exempted at least in Germany. ----------------------------------------------------------------------- Summary of changes: web/verein/index.org | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Sat Mar 25 00:42:52 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 25 Mar 2017 00:42:52 +0100 Subject: [git] gnupg-doc - branch, master, updated. 38285aa017893048e2ec661ed9b72617306bf330 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 38285aa017893048e2ec661ed9b72617306bf330 (commit) from 10c01ab0a2e0fc366640fae342603bab4b5b9a0c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 38285aa017893048e2ec661ed9b72617306bf330 Author: Werner Koch Date: Sat Mar 25 00:39:39 2017 +0100 web: Fix URLs in the verein page. org-mode did some double quoting. Using macros seems to help. diff --git a/web/verein/index.org b/web/verein/index.org index 0a0224a..41022be 100644 --- a/web/verein/index.org +++ b/web/verein/index.org @@ -1,6 +1,7 @@ #+TITLE: GnuPG e.V. #+STARTUP: showall indent #+SETUPFILE: "share/setup.inc" +#+macro: atgit [[https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg-project.git;a=blob_plain;f=$1][$2]] * The GnuPG e.V. @@ -11,15 +12,17 @@ Work on the constitution started right away and the founding assembly commenced on the next day at 13:37. The 7 founding members are: Andre Heinecke, Justus Winter, Kai - Michaelis, Marcus Brinkmann, Neal Walfied, Werner Koch, and Yutaka - Niibe. The elected chair is Werner, the vice Andre, and the cashier - Marcus. The registration number is /VR11482/ at /Amtsgericht - D?sseldorf/. +Michaelis, Marcus Brinkmann, Neal Walfied, Werner Koch, and Yutaka +Niibe. The elected chair is Werner, the vice Andre, and the cashier +Marcus. The registration number is /VR11482/ at /Amtsgericht +D?sseldorf/. -Our [[https://git.gnupg.org/cgi-bin/gitweb.cgi?p%3Dgnupg-project.git%3Ba%3Dblob_plain%3Bf%3Dlegal/constitution.de.pdf][constitution]] is written in German; a legally non-binding - [[https://git.gnupg.org/cgi-bin/gitweb.cgi?p%3Dgnupg-project.git%3Ba%3Dblob_plain%3Bf%3Dlegal/constitution.en.pdf][translation]] is available. The founding protocol can can be read - [[https://git.gnupg.org/cgi-bin/gitweb.cgi?p%3Dgnupg-project.git%3Ba%3Dblob_plain%3Bf%3Dlegal/founding-protocol-20170208.txt][here]]. +Our {{{atgit(legal/constitution.de.pdf,constitution)}}} is written in +German; a legally non-binding +{{{atgit(legal/constitution.en.pdf,translation)}}} is available. The +founding protocol can can be read +{{{atgit(legal/founding-protocol-20170208.txt,here)}}}. - The rules on how to apply for membership will soon be posted. We - will also soon apply for charitable status so that donations will be - tax exempted at least in Germany. +The rules on how to apply for membership will soon be posted. We will +also soon apply for charitable status so that donations will be tax +exempted at least in Germany. ----------------------------------------------------------------------- Summary of changes: web/verein/index.org | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Mon Mar 27 04:32:25 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Mon, 27 Mar 2017 04:32:25 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-79-g0848cfc Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 0848cfcce738150b53bfb65b78efc1e6dc9f3d26 (commit) from 0b3770c421a35b64823a805fa8d49ddd5c653d50 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0848cfcce738150b53bfb65b78efc1e6dc9f3d26 Author: NIIBE Yutaka Date: Mon Mar 27 11:25:00 2017 +0900 scd: Fix timeout handling for key generation. * scd/ccid-driver.c (CCID_CMD_TIMEOUT): Back to original value. (CCID_CMD_TIMEOUT_LONGER): New. (ccid_transceive): Add kludge for key generation. -- At key generation of longer key size, OpenPGP card sends back "time extension" with BWI=100, which is unusual value in the protocol and it actually requires host having longer timeout like 43 seconds. Reported-by: Szczepan Zalega Fixes-commit: 6510df3a7cd2b5bf44fac1e4d50ee54b8c897daa Signed-off-by: NIIBE Yutaka diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index 40b2599..a471adf 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -108,8 +108,10 @@ */ #define CCID_MAX_BUF (2048+7+10) -/* CCID command timeout. OpenPGPcard v2.1 requires timeout of 13 seconds. */ -#define CCID_CMD_TIMEOUT (13*1000) +/* CCID command timeout. */ +#define CCID_CMD_TIMEOUT (5*1000) +/* OpenPGPcard v2.1 requires huge timeout for key generation. */ +#define CCID_CMD_TIMEOUT_LONGER (60*1000) /* Depending on how this source is used we either define our error output to go to stderr or to the GnuPG based logging functions. We @@ -3394,6 +3396,7 @@ ccid_transceive (ccid_driver_t handle, int retries = 0; int resyncing = 0; int nad_byte; + int wait_more = 0; if (!nresp) nresp = &dummy_nresp; @@ -3407,7 +3410,7 @@ ccid_transceive (ccid_driver_t handle, but the Windows driver does it this way. Tested using a CM6121. This method works also for the Cherry XX44 keyboards; however there are problems with the - ccid_tranceive_secure which leads to a loss of sync on the + ccid_transceive_secure which leads to a loss of sync on the CCID level. If Cherry wants to make their keyboard work again, they should hand over some docs. */ if ((handle->id_vendor == VENDOR_OMNIKEY @@ -3503,8 +3506,8 @@ ccid_transceive (ccid_driver_t handle, msg = recv_buffer; rc = bulk_in (handle, msg, sizeof recv_buffer, &msglen, - via_escape? RDR_to_PC_Escape : RDR_to_PC_DataBlock, - seqno, CCID_CMD_TIMEOUT, 0); + via_escape? RDR_to_PC_Escape : RDR_to_PC_DataBlock, seqno, + wait_more? CCID_CMD_TIMEOUT_LONGER: CCID_CMD_TIMEOUT, 0); if (rc) return rc; @@ -3678,6 +3681,11 @@ ccid_transceive (ccid_driver_t handle, { /* Wait time extension request. */ unsigned char bwi = tpdu[3]; + + /* Check if it's unsual value which can't be expressed in ATR. */ + if (bwi > 15) + wait_more = 1; + msg = send_buffer; tpdu = msg + hdrlen; tpdu[0] = nad_byte; ----------------------------------------------------------------------- Summary of changes: scd/ccid-driver.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Mar 27 07:05:22 2017 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Mon, 27 Mar 2017 07:05:22 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-81-gc1e6302 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via c1e6302b347caf852a056b9c721469ccb51f44da (commit) via d58275703f035e8cfd58cd1c2d0d5ac7dc59e110 (commit) from 0848cfcce738150b53bfb65b78efc1e6dc9f3d26 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c1e6302b347caf852a056b9c721469ccb51f44da Author: NIIBE Yutaka Date: Mon Mar 27 14:02:01 2017 +0900 g10: Support specifying SERIALNO for --card-status. * g10/gpg.c (main): Allow an argument for --card-status. * g10/card-util.c (current_card_status): Rename from card_status. (card_status): New, which supports multiple cards. (get_one_name): Use current_card_status. Signed-off-by: NIIBE Yutaka diff --git a/g10/card-util.c b/g10/card-util.c index d643724..b88a9ed 100644 --- a/g10/card-util.c +++ b/g10/card-util.c @@ -361,8 +361,8 @@ fpr_is_ff (const char *fpr) /* Print all available information about the current card. */ -void -card_status (estream_t fp, char *serialno, size_t serialnobuflen) +static void +current_card_status (estream_t fp, char *serialno, size_t serialnobuflen) { struct agent_card_info_s info; PKT_public_key *pk = xcalloc (1, sizeof *pk); @@ -625,6 +625,70 @@ card_status (estream_t fp, char *serialno, size_t serialnobuflen) } +/* Print all available information for specific card with SERIALNO. + Print all available information for current card when SERIALNO is NULL. + Or print llfor all cards when SERIALNO is "all". */ +void +card_status (estream_t fp, const char *serialno) +{ + int err; + strlist_t card_list, sl; + char *serialno0; + int all_cards = 0; + + if (serialno == NULL) + { + current_card_status (fp, NULL, 0); + return; + } + + if (!strcmp (serialno, "all")) + all_cards = 1; + + err = agent_scd_serialno (&serialno0, NULL); + if (err) + { + if (gpg_err_code (err) != GPG_ERR_ENODEV && opt.verbose) + log_info (_("error getting serial number of card: %s\n"), + gpg_strerror (err)); + /* Nothing available. */ + return; + } + + err = agent_scd_cardlist (&card_list); + + for (sl = card_list; sl; sl = sl->next) + { + char *serialno1; + + if (!all_cards && strcmp (serialno, sl->d)) + continue; + + err = agent_scd_serialno (&serialno1, sl->d); + if (err) + { + if (opt.verbose) + log_info (_("error getting serial number of card: %s\n"), + gpg_strerror (err)); + continue; + } + + current_card_status (fp, NULL, 0); + xfree (serialno1); + + if (!all_cards) + goto leave; + } + + /* Select the original card again. */ + err = agent_scd_serialno (&serialno0, serialno0); + + leave: + xfree (serialno0); + free_strlist (card_list); +} + + static char * get_one_name (const char *prompt1, const char *prompt2) { @@ -1919,16 +1983,16 @@ card_edit (ctrl_t ctrl, strlist_t commands) int cmd_admin_only; tty_printf("\n"); - if (redisplay ) + if (redisplay) { if (opt.with_colons) { - card_status (es_stdout, serialnobuf, DIM (serialnobuf)); + current_card_status (es_stdout, serialnobuf, DIM (serialnobuf)); fflush (stdout); } else { - card_status (NULL, serialnobuf, DIM (serialnobuf)); + current_card_status (NULL, serialnobuf, DIM (serialnobuf)); tty_printf("\n"); } redisplay = 0; diff --git a/g10/gpg.c b/g10/gpg.c index b3d606b..507422c 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -4791,9 +4791,12 @@ main (int argc, char **argv) #ifdef ENABLE_CARD_SUPPORT case aCardStatus: - if (argc) - wrong_args ("--card-status"); - card_status (es_stdout, NULL, 0); + if (argc == 0) + card_status (es_stdout, NULL); + else if (argc == 1) + card_status (es_stdout, *argv); + else + wrong_args ("--card-status [serialno]"); break; case aCardEdit: diff --git a/g10/main.h b/g10/main.h index 32d323b..96e5562 100644 --- a/g10/main.h +++ b/g10/main.h @@ -485,7 +485,7 @@ gpg_error_t gpg_proxy_pinentry_notify (ctrl_t ctrl, #ifdef ENABLE_CARD_SUPPORT /*-- card-util.c --*/ void change_pin (int no, int allow_admin); -void card_status (estream_t fp, char *serialno, size_t serialnobuflen); +void card_status (estream_t fp, const char *serialno); void card_edit (ctrl_t ctrl, strlist_t commands); gpg_error_t card_generate_subkey (KBNODE pub_keyblock); int card_store_subkey (KBNODE node, int use); commit d58275703f035e8cfd58cd1c2d0d5ac7dc59e110 Author: NIIBE Yutaka Date: Mon Mar 27 13:56:02 2017 +0900 scd: Change the order of applications when accessed. * scd/app.c (select_application): Move the app to top. Signed-off-by: NIIBE Yutaka diff --git a/scd/app.c b/scd/app.c index 472adc7..044bb1d 100644 --- a/scd/app.c +++ b/scd/app.c @@ -316,7 +316,7 @@ select_application (ctrl_t ctrl, const char *name, app_t *r_app, size_t serialno_bin_len) { gpg_error_t err = 0; - app_t a; + app_t a, a_prev = NULL; *r_app = NULL; @@ -375,6 +375,7 @@ select_application (ctrl_t ctrl, const char *name, app_t *r_app, && !memcmp (a->serialno, serialno_bin, a->serialnolen)) break; unlock_app (a); + a_prev = a; } if (a) @@ -384,7 +385,13 @@ select_application (ctrl_t ctrl, const char *name, app_t *r_app, { a->ref_count++; *r_app = a; - } + if (a_prev) + { + a_prev->next = a->next; + a->next = app_top; + app_top = a; + } + } unlock_app (a); } else ----------------------------------------------------------------------- Summary of changes: g10/card-util.c | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++---- g10/gpg.c | 9 ++++--- g10/main.h | 2 +- scd/app.c | 11 +++++++-- 4 files changed, 85 insertions(+), 11 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Mar 27 11:34:25 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Mon, 27 Mar 2017 11:34:25 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.8.0-122-g348da58 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 348da58fe0c3656e6177c98fef6b4c4331326c8e (commit) from b6d544995047f9dce67316e4cdb12e9a6a9d04e4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 348da58fe0c3656e6177c98fef6b4c4331326c8e Author: Justus Winter Date: Mon Mar 27 11:11:47 2017 +0200 python: Skip tests if running with GnuPG < 2.1.12. * lang/python/tests/support.py (assert_gpg_version): Fix error message. Skip all tests when we use GnuPG older than 2.1.12. GnuPG-bug-id: 3008 Signed-off-by: Justus Winter diff --git a/lang/python/tests/support.py b/lang/python/tests/support.py index 680300c..fabd818 100644 --- a/lang/python/tests/support.py +++ b/lang/python/tests/support.py @@ -32,9 +32,14 @@ def assert_gpg_version(version=(2, 1, 0)): clean_version = re.match(r'\d+\.\d+\.\d+', c.engine_info.version).group(0) if tuple(map(int, clean_version.split('.'))) < version: print("GnuPG too old: have {0}, need {1}.".format( - c.engine_info.version, '.'.join(version))) + c.engine_info.version, '.'.join(map(str, version)))) sys.exit(77) +# Skip the Python tests for GnuPG < 2.1.12. Prior versions do not +# understand the command line flags that we assume exist. C.f. issue +# 3008. +assert_gpg_version((2, 1, 12)) + # known keys alpha = "A0FF4590BB6122EDEF6E3C542D727CC768697734" bob = "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2" ----------------------------------------------------------------------- Summary of changes: lang/python/tests/support.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Mar 27 14:18:38 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Mon, 27 Mar 2017 14:18:38 +0200 Subject: [git] gnupg-doc - branch, master, updated. 7376a79234e490dc45819ee876b1eeb9e256874c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 7376a79234e490dc45819ee876b1eeb9e256874c (commit) from 38285aa017893048e2ec661ed9b72617306bf330 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7376a79234e490dc45819ee876b1eeb9e256874c Author: Justus Winter Date: Mon Mar 27 14:17:10 2017 +0200 jenkins: make sure that the runtime linker uses gpgme from build dir diff --git a/misc/jenkins/bin/build.bash b/misc/jenkins/bin/build.bash index e378704..425bb1d 100755 --- a/misc/jenkins/bin/build.bash +++ b/misc/jenkins/bin/build.bash @@ -130,7 +130,14 @@ test_environment="LD_LIBRARY_PATH=$ORIGINAL_PREFIX/lib" # Because newer Debian toolchains prefer RUNPATH over RPATH, and # RUNPATH has lower precedence than LD_LIBRARY_PATH, we need to # explicitly add libtool's .libs directory: -test_environment="LD_LIBRARY_PATH=$(pwd)/obj/src/.libs:$ORIGINAL_PREFIX/lib" +case "$JOB_NAME" in + *gpgme*) + test_environment="LD_LIBRARY_PATH=$(pwd)/obj/src/.libs:$(pwd)/obj/lang/cpp/src/.libs:$(pwd)/obj/lang/qt/src/.libs:$ORIGINAL_PREFIX/lib" + ;; + *) + test_environment="LD_LIBRARY_PATH=$(pwd)/obj/src/.libs:$ORIGINAL_PREFIX/lib" + ;; +esac # # If we don't do this, the version tests fail because the runtime # linker will pick up the library from LD_LIBRARY_PATH. Also, testing @@ -267,7 +274,14 @@ case "$XTARGET" in # RUNPATH over RPATH, and RUNPATH has lower precedence than # LD_LIBRARY_PATH, we need to explicitly add libtool's .libs # directory: - test_environment="LD_LIBRARY_PATH=$(pwd)/${tarname}/_build/sub/src/.libs:$ORIGINAL_PREFIX/lib" + case "$JOB_NAME" in + *gpgme*) + test_environment="LD_LIBRARY_PATH=$(pwd)/${tarname}/_build/sub/src/.libs:$(pwd)/${tarname}/_build/sub/lang/cpp/src/.libs:$(pwd)/${tarname}/_build/sub/lang/qt/src/.libs:$ORIGINAL_PREFIX/lib" + ;; + *) + test_environment="LD_LIBRARY_PATH=$(pwd)/${tarname}/_build/sub/src/.libs:$ORIGINAL_PREFIX/lib" + ;; + esac # KCAHKCAHKCAH if ! env $test_environment $MAKE $MAKEFLAGS distcheck ; then ----------------------------------------------------------------------- Summary of changes: misc/jenkins/bin/build.bash | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Mon Mar 27 15:47:06 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 27 Mar 2017 15:47:06 +0200 Subject: [git] gnupg-doc - branch, master, updated. 5e04efa25c45ff311be080ed07c245ef67746216 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 5e04efa25c45ff311be080ed07c245ef67746216 (commit) from 7376a79234e490dc45819ee876b1eeb9e256874c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5e04efa25c45ff311be080ed07c245ef67746216 Author: Werner Koch Date: Mon Mar 27 15:43:39 2017 +0200 lists: Overhaul the lists.gnupg.org index.html Also add missing files to the repo. diff --git a/misc/git.gnupg.org/logo-gnupg-light-purple-bg.png b/misc/git.gnupg.org/logo-gnupg-light-purple-bg.png new file mode 100644 index 0000000..41264d9 Binary files /dev/null and b/misc/git.gnupg.org/logo-gnupg-light-purple-bg.png differ diff --git a/misc/git.gnupg.org/logo-sponsor.png b/misc/git.gnupg.org/logo-sponsor.png new file mode 100644 index 0000000..e01ada7 Binary files /dev/null and b/misc/git.gnupg.org/logo-sponsor.png differ diff --git a/misc/git.gnupg.org/pace.png b/misc/git.gnupg.org/pace.png new file mode 100644 index 0000000..d627c9a Binary files /dev/null and b/misc/git.gnupg.org/pace.png differ diff --git a/misc/git.gnupg.org/site.css b/misc/git.gnupg.org/site.css new file mode 100644 index 0000000..884dad5 --- /dev/null +++ b/misc/git.gnupg.org/site.css @@ -0,0 +1,209 @@ +A:link { + color: #784c6c; + font-weight: bold; + text-decoration: none; +} +A:hover { + background-color: #d0dce8; + font-weight: bold; + text-decoration: none; +} +A:visited { + color: #5c6064; + font-weight: bold; + text-decoration: none; +} +A.img:hover { + background-color: #f0f0fc; +} +BLOCKQUOTE { + border: 1px solid black; + padding: 1em; +} +BODY { + margin-left: 0px; + margin-right: 0px; + text-align: left; + color: black; + background-color: #f0f0fc; + font-family: sans-serif; + font-weight: normal; + text-decoration: none; +} +DD { + padding-bottom: 1em; +} +H1, +H2 { + font-size: large; +} +H1:first-letter, +H2:first-letter { + font-size: x-large; +} +H3:first-letter { + font-size: large; +} +H1, +H2, +H3 { + color: #5c6064; + font-weight: bold; + font-variant: small-caps; + letter-spacing: 0.1em; +} +H1:first-letter, +H2:first-letter, +H3:first-letter { + color: #784c6c; +} +IMG { + border: none; +} +LI.important { + color: red; +} +P.out-of-date { + font-style: italic; + font-size: small; +} +PRE, +DIV.samp { + background-color: #ebebf4; + margin: 1em; + border: 1px solid black; + padding: 1em; + font-size: small; +} +SPAN.important { + color: red; +} +DIV.urgent { + width: 85%; + text-align: center; + border: solid red; + font-weight: bold; +} +TABLE.layout { + background-color: transparent; + border-collapse: separate; + border: none; +} +TD.layout { + border: 1px none black; + padding: 0px; + text-align: right; + vertical-align: top; +} +TABLE.frame { + background-color: transparent; + border-collapse: collapse; + border: 1px none black; +} +TD.frame-right { + border-left: 2px solid #784c6c; +} +TD.frame-bottom, +TD.frame-bottom-lang, +TD.frame-bottom-mirror { + color: #5c6064; + border-top: 2px solid #5c6064; + text-align: left; + font-size: small; + font-weight: bold; +} +TD.frame-bottom-lang, +TD.frame-bottom-mirror { + font-size: x-small; +} +TD.frame-bottom-mirror { + text-align: right; +} +TD.frame-corner { + border-top: 2px solid #5c6064; + border-left: 2px solid #784c6c; +} +TD.frame-spacing { + border: none; + height: 30px; +} +TD.frame-head { + padding: 0px 0px 1em 0px; + border: none; + text-align: center; + vertical-align: middle; + font-size: large; + font-variant: small-caps; + font-weight: bold; + letter-spacing: 0.3em; +} +TD.frame-head-blockquote { + padding: 0px 1em 1em 1em; + border-bottom: 2px solid #5c6064; + vertical-align: middle; + font-family: sans-serif; + text-align: center; + text-decoration: none; + font-size: x-small; + font-variant: small-caps; + letter-spacing: 0.3em; +} +SPAN.g { + color: #784c6c; + font-size: x-large; +} +SPAN.nu { + color: #784c6c; +} +SPAN.pg { + color: #5c6064; + font-size: x-large; +} +A.lang { + font-size: x-small; +} +A.lang:visited { + color: #784c6c; +} +TD.frame-navb { + padding: 0px 0.3em 0.5em 0.3em; + text-align: left; + font-size: small; +} +UL.frame-navb { + margin: 0px; + margin-left: 1em; + padding-left: 1em; +} +UL.frame-navb:first-line { + margin: 0px; + padding-left: 1em; +} +LI.frame-navb { +} +TD.frame-cont { + padding: 0px 1em 1.5em 1em; + text-align: left; + vertical-align: top; +} +DIV.frame-foot { + text-align: center; + font-size: x-small; + color: #5c6064; +} +A.foot:link { + color: #5c6064; + font-size: x-small; + font-weight: normal; + text-decoration: underline; +} +A.foot:visited { + color: #5c6064; + font-size: x-small; + font-weight: normal; + text-decoration: underline; +} +A.foot:hover { + font-size: x-small; + font-weight: normal; +} diff --git a/misc/lists.gnupg.org/index.html b/misc/lists.gnupg.org/index.html new file mode 100644 index 0000000..2e4f648 --- /dev/null +++ b/misc/lists.gnupg.org/index.html @@ -0,0 +1,201 @@ + + + + + + + + GnuPG and GNUTLS Mailing List Archives + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + + + + + + + + + + + + + +
  + [GnuPG Logo] +   
+ · English ·   +    
+
+ + + + + + + + + + + + + + + +
Links + +  
  
 
+
+ + + + + + + + + + + + + + + +
+

GnuPG and GNUTLS Mailing List Archives

+ + +

+Please check the GnuPG FAQ before +you ask on one of the lists. +

+

+Please send questions about using, compiling, and installing GnuPG to +gnupg-users at gnupg.org and ask +to CC you in case you are not subscribed to this mailing list. +

+

+Please send questions about using, compiling, and installing GNUTLS to +gnutls-help at lists.gnutls.org +and ask to CC you in case you are not subscribed to this mailing list. +

+ + +

General

+ + + +

Users

+
    +
  • gnupg-users: Help and discussion among users of GnuPG
  • +
  • gnutls-help: Help and discussion among users of the GNUTLS library
  • +
+ +

Developers

+ + + +
 
  
 
+ +
  +
+ + + + + + + + + + + + + + + + + +
 Send comments on these web pages to + webmaster at gnupg.org + and make sure to include the URL to the GnuPG webpage + in the subject. + Copyright (C) 2012 the GnuPG and GNUTLS contributors. + Verbatim copying and distribution of this entire article is + permitted in any medium, provided this notice is preserved. 
 Technical resources for this
+ service are sponsered by
 
  + Logo PlusServer +  
+
+ +

+ + + Valid XHTML 1.0! +     + + Peace! +     + + Valid CSS! +

+ +
+
+ + diff --git a/misc/lists.gnupg.org/logo-gnupg-light-purple-bg.png b/misc/lists.gnupg.org/logo-gnupg-light-purple-bg.png new file mode 100644 index 0000000..41264d9 Binary files /dev/null and b/misc/lists.gnupg.org/logo-gnupg-light-purple-bg.png differ diff --git a/misc/lists.gnupg.org/logo-sponsor.png b/misc/lists.gnupg.org/logo-sponsor.png new file mode 100644 index 0000000..e01ada7 Binary files /dev/null and b/misc/lists.gnupg.org/logo-sponsor.png differ diff --git a/misc/lists.gnupg.org/pace.png b/misc/lists.gnupg.org/pace.png new file mode 100644 index 0000000..d627c9a Binary files /dev/null and b/misc/lists.gnupg.org/pace.png differ diff --git a/misc/lists.gnupg.org/robots.txt b/misc/lists.gnupg.org/robots.txt new file mode 100644 index 0000000..024ae7d --- /dev/null +++ b/misc/lists.gnupg.org/robots.txt @@ -0,0 +1,4 @@ +# +# Lists.gnupg.org's Robot Exclusion List +# +User-Agent: * diff --git a/misc/lists.gnupg.org/site.css b/misc/lists.gnupg.org/site.css new file mode 100644 index 0000000..884dad5 --- /dev/null +++ b/misc/lists.gnupg.org/site.css @@ -0,0 +1,209 @@ +A:link { + color: #784c6c; + font-weight: bold; + text-decoration: none; +} +A:hover { + background-color: #d0dce8; + font-weight: bold; + text-decoration: none; +} +A:visited { + color: #5c6064; + font-weight: bold; + text-decoration: none; +} +A.img:hover { + background-color: #f0f0fc; +} +BLOCKQUOTE { + border: 1px solid black; + padding: 1em; +} +BODY { + margin-left: 0px; + margin-right: 0px; + text-align: left; + color: black; + background-color: #f0f0fc; + font-family: sans-serif; + font-weight: normal; + text-decoration: none; +} +DD { + padding-bottom: 1em; +} +H1, +H2 { + font-size: large; +} +H1:first-letter, +H2:first-letter { + font-size: x-large; +} +H3:first-letter { + font-size: large; +} +H1, +H2, +H3 { + color: #5c6064; + font-weight: bold; + font-variant: small-caps; + letter-spacing: 0.1em; +} +H1:first-letter, +H2:first-letter, +H3:first-letter { + color: #784c6c; +} +IMG { + border: none; +} +LI.important { + color: red; +} +P.out-of-date { + font-style: italic; + font-size: small; +} +PRE, +DIV.samp { + background-color: #ebebf4; + margin: 1em; + border: 1px solid black; + padding: 1em; + font-size: small; +} +SPAN.important { + color: red; +} +DIV.urgent { + width: 85%; + text-align: center; + border: solid red; + font-weight: bold; +} +TABLE.layout { + background-color: transparent; + border-collapse: separate; + border: none; +} +TD.layout { + border: 1px none black; + padding: 0px; + text-align: right; + vertical-align: top; +} +TABLE.frame { + background-color: transparent; + border-collapse: collapse; + border: 1px none black; +} +TD.frame-right { + border-left: 2px solid #784c6c; +} +TD.frame-bottom, +TD.frame-bottom-lang, +TD.frame-bottom-mirror { + color: #5c6064; + border-top: 2px solid #5c6064; + text-align: left; + font-size: small; + font-weight: bold; +} +TD.frame-bottom-lang, +TD.frame-bottom-mirror { + font-size: x-small; +} +TD.frame-bottom-mirror { + text-align: right; +} +TD.frame-corner { + border-top: 2px solid #5c6064; + border-left: 2px solid #784c6c; +} +TD.frame-spacing { + border: none; + height: 30px; +} +TD.frame-head { + padding: 0px 0px 1em 0px; + border: none; + text-align: center; + vertical-align: middle; + font-size: large; + font-variant: small-caps; + font-weight: bold; + letter-spacing: 0.3em; +} +TD.frame-head-blockquote { + padding: 0px 1em 1em 1em; + border-bottom: 2px solid #5c6064; + vertical-align: middle; + font-family: sans-serif; + text-align: center; + text-decoration: none; + font-size: x-small; + font-variant: small-caps; + letter-spacing: 0.3em; +} +SPAN.g { + color: #784c6c; + font-size: x-large; +} +SPAN.nu { + color: #784c6c; +} +SPAN.pg { + color: #5c6064; + font-size: x-large; +} +A.lang { + font-size: x-small; +} +A.lang:visited { + color: #784c6c; +} +TD.frame-navb { + padding: 0px 0.3em 0.5em 0.3em; + text-align: left; + font-size: small; +} +UL.frame-navb { + margin: 0px; + margin-left: 1em; + padding-left: 1em; +} +UL.frame-navb:first-line { + margin: 0px; + padding-left: 1em; +} +LI.frame-navb { +} +TD.frame-cont { + padding: 0px 1em 1.5em 1em; + text-align: left; + vertical-align: top; +} +DIV.frame-foot { + text-align: center; + font-size: x-small; + color: #5c6064; +} +A.foot:link { + color: #5c6064; + font-size: x-small; + font-weight: normal; + text-decoration: underline; +} +A.foot:visited { + color: #5c6064; + font-size: x-small; + font-weight: normal; + text-decoration: underline; +} +A.foot:hover { + font-size: x-small; + font-weight: normal; +} ----------------------------------------------------------------------- Summary of changes: .../git.gnupg.org}/logo-gnupg-light-purple-bg.png | Bin {web/share => misc/git.gnupg.org}/logo-sponsor.png | Bin {web/share => misc/git.gnupg.org}/pace.png | Bin .../htdocs => git.gnupg.org}/site.css | 68 +----------- misc/{git.gnupg.org => lists.gnupg.org}/index.html | 115 +++++++++------------ .../logo-gnupg-light-purple-bg.png | Bin .../lists.gnupg.org}/logo-sponsor.png | Bin {web/share => misc/lists.gnupg.org}/pace.png | Bin misc/lists.gnupg.org/robots.txt | 4 + .../htdocs => lists.gnupg.org}/site.css | 68 +----------- 10 files changed, 59 insertions(+), 196 deletions(-) copy {web/share => misc/git.gnupg.org}/logo-gnupg-light-purple-bg.png (100%) copy {web/share => misc/git.gnupg.org}/logo-sponsor.png (100%) copy {web/share => misc/git.gnupg.org}/pace.png (100%) copy misc/{accounts.gnupg.net/htdocs => git.gnupg.org}/site.css (79%) copy misc/{git.gnupg.org => lists.gnupg.org}/index.html (63%) copy {web/share => misc/lists.gnupg.org}/logo-gnupg-light-purple-bg.png (100%) copy {web/share => misc/lists.gnupg.org}/logo-sponsor.png (100%) copy {web/share => misc/lists.gnupg.org}/pace.png (100%) create mode 100644 misc/lists.gnupg.org/robots.txt copy misc/{accounts.gnupg.net/htdocs => lists.gnupg.org}/site.css (79%) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Mon Mar 27 16:24:24 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Mon, 27 Mar 2017 16:24:24 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-82-gcaf0091 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via caf00915532e6e8e509738962964edcd14fb0654 (commit) from c1e6302b347caf852a056b9c721469ccb51f44da (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit caf00915532e6e8e509738962964edcd14fb0654 Author: Justus Winter Date: Mon Mar 27 16:14:20 2017 +0200 common: Fix connecting to the agent. * common/homedir.c (_gnupg_socketdir_internal): Fix error handling. -- Prior to 26086b36 the non-existance of the socket directory was considered an error if a non-default home directory is used. Since 26086b36 we now create the directory on demand, but the function still returned the fallback path. This made the agent bind the socket in the socket directory, and the client trying to connect to the socket in the home directory. Fixes-commit: 26086b362ff47d21b1abefaf674a6464bf0a8921 Signed-off-by: Justus Winter diff --git a/common/homedir.c b/common/homedir.c index ee4438c..fce6d44 100644 --- a/common/homedir.c +++ b/common/homedir.c @@ -586,6 +586,8 @@ _gnupg_socketdir_internal (int skip_checks, unsigned *r_info) else *r_info |= 64; /* Subdir does not exist. */ } + else + goto leave; /* Success! */ } else *r_info |= 64; /* Subdir does not exist. */ ----------------------------------------------------------------------- Summary of changes: common/homedir.c | 2 ++ 1 file changed, 2 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Mar 27 17:20:07 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Mon, 27 Mar 2017 17:20:07 +0200 Subject: [git] gnupg-doc - branch, master, updated. 511b98531376725925051257a82670365a444c2b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 511b98531376725925051257a82670365a444c2b (commit) from 5e04efa25c45ff311be080ed07c245ef67746216 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 511b98531376725925051257a82670365a444c2b Author: Justus Winter Date: Mon Mar 27 17:19:57 2017 +0200 jenkins: make sure the linker uses gpgme from build dir (take two) diff --git a/misc/jenkins/bin/build.bash b/misc/jenkins/bin/build.bash index 425bb1d..c5a7fda 100755 --- a/misc/jenkins/bin/build.bash +++ b/misc/jenkins/bin/build.bash @@ -120,6 +120,18 @@ case "$JOB_NAME" in ;; esac +# See if we have a GPGME checkout for the tesets. +xtest_gpgme_srcdir="$HOME/src/gpgme-for-gnupgs-tests" +if [ -d "$xtest_gpgme_srcdir/obj-$XTARGET" ]; then + # Some targets, like the sanitizer target, require a custom + # version of GPGME. + export XTEST_GPGME_SRCDIR="$xtest_gpgme_srcdir" + export XTEST_GPGME_BUILDDIR="$xtest_gpgme_srcdir/obj-$XTARGET" +elif [ -d "$xtest_gpgme_srcdir/obj" ]; then + export XTEST_GPGME_SRCDIR="$xtest_gpgme_srcdir" + export XTEST_GPGME_BUILDDIR="$xtest_gpgme_srcdir/obj" +fi + # The libraries use RUNPATH when linking the tests, so they locate # their dependencies that way. GnuPG, however, does not. Therefore, # we set LD_LIBRARY_PATH. @@ -131,6 +143,11 @@ test_environment="LD_LIBRARY_PATH=$ORIGINAL_PREFIX/lib" # RUNPATH has lower precedence than LD_LIBRARY_PATH, we need to # explicitly add libtool's .libs directory: case "$JOB_NAME" in + *gnupg*) + if [ "${XTEST_GPGME_BUILDDIR}" ]; then + test_environment="LD_LIBRARY_PATH=${XTEST_GPGME_BUILDDIR}/src/.libs:${XTEST_GPGME_BUILDDIR}/lang/cpp/src/.libs:${XTEST_GPGME_BUILDDIR}/lang/qt/src/.libs:$ORIGINAL_PREFIX/lib" + fi + ;; *gpgme*) test_environment="LD_LIBRARY_PATH=$(pwd)/obj/src/.libs:$(pwd)/obj/lang/cpp/src/.libs:$(pwd)/obj/lang/qt/src/.libs:$ORIGINAL_PREFIX/lib" ;; @@ -145,18 +162,6 @@ esac # # KCAHKCAHKCAH -# See if we have a GPGME checkout for the tesets. -xtest_gpgme_srcdir="$HOME/src/gpgme-for-gnupgs-tests" -if [ -d "$xtest_gpgme_srcdir/obj-$XTARGET" ]; then - # Some targets, like the sanitizer target, require a custom - # version of GPGME. - export XTEST_GPGME_SRCDIR="$xtest_gpgme_srcdir" - export XTEST_GPGME_BUILDDIR="$xtest_gpgme_srcdir/obj-$XTARGET" -elif [ -d "$xtest_gpgme_srcdir/obj" ]; then - export XTEST_GPGME_SRCDIR="$xtest_gpgme_srcdir" - export XTEST_GPGME_BUILDDIR="$xtest_gpgme_srcdir/obj" -fi - # We build on the "obj" subdir. abs_configure="$(pwd)/configure" mkdir -p obj @@ -275,6 +280,11 @@ case "$XTARGET" in # LD_LIBRARY_PATH, we need to explicitly add libtool's .libs # directory: case "$JOB_NAME" in + *gnupg*) + if [ "${XTEST_GPGME_BUILDDIR}" ]; then + test_environment="LD_LIBRARY_PATH=${XTEST_GPGME_BUILDDIR}/src/.libs:${XTEST_GPGME_BUILDDIR}/lang/cpp/src/.libs:${XTEST_GPGME_BUILDDIR}/lang/qt/src/.libs:$ORIGINAL_PREFIX/lib" + fi + ;; *gpgme*) test_environment="LD_LIBRARY_PATH=$(pwd)/${tarname}/_build/sub/src/.libs:$(pwd)/${tarname}/_build/sub/lang/cpp/src/.libs:$(pwd)/${tarname}/_build/sub/lang/qt/src/.libs:$ORIGINAL_PREFIX/lib" ;; ----------------------------------------------------------------------- Summary of changes: misc/jenkins/bin/build.bash | 34 ++++++++++++++++++++++------------ 1 file changed, 22 insertions(+), 12 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Mon Mar 27 18:11:08 2017 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Mon, 27 Mar 2017 18:11:08 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.8.0-123-g57d60b2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 57d60b20f16dd5f1bccbbcaa0a6ed75a554a6414 (commit) from 348da58fe0c3656e6177c98fef6b4c4331326c8e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 57d60b20f16dd5f1bccbbcaa0a6ed75a554a6414 Author: Andre Heinecke Date: Mon Mar 27 18:08:45 2017 +0200 qt: Disable testEncryptDecryptNowrap * lang/qt/tests/t-encrypt.cpp (EncryptTest::testEncryptDecryptNowrap): Disable test. -- This test produces failures under CI/ASAN conditions as the verify after the unwrap returns an error. As we currently don't have time to look into this more it's disabled for now. Similar to the testMixedEncryptDecrypt. diff --git a/lang/qt/tests/t-encrypt.cpp b/lang/qt/tests/t-encrypt.cpp index 199517f..a2d8dc4 100644 --- a/lang/qt/tests/t-encrypt.cpp +++ b/lang/qt/tests/t-encrypt.cpp @@ -203,6 +203,8 @@ private Q_SLOTS: delete decJob; } +private: + /* This apparently does not work under ASAN currently. TODO fix and reeanble */ void testEncryptDecryptNowrap() { /* Now decrypt */ ----------------------------------------------------------------------- Summary of changes: lang/qt/tests/t-encrypt.cpp | 2 ++ 1 file changed, 2 insertions(+) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Mar 27 19:20:10 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 27 Mar 2017 19:20:10 +0200 Subject: [git] gnupg-doc - branch, master, updated. 4bd34eec5d861fe44a76a4bb3ea741bb0ffe94e7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 4bd34eec5d861fe44a76a4bb3ea741bb0ffe94e7 (commit) from 511b98531376725925051257a82670365a444c2b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4bd34eec5d861fe44a76a4bb3ea741bb0ffe94e7 Author: Werner Koch Date: Mon Mar 27 19:16:20 2017 +0200 web: Adjust Git URLs in verein/ The Verein's repo was renamed sowe need to chnagebthe URLs. diff --git a/web/verein/index.org b/web/verein/index.org index 41022be..5842249 100644 --- a/web/verein/index.org +++ b/web/verein/index.org @@ -1,7 +1,7 @@ #+TITLE: GnuPG e.V. #+STARTUP: showall indent #+SETUPFILE: "share/setup.inc" -#+macro: atgit [[https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg-project.git;a=blob_plain;f=$1][$2]] +#+macro: atgit [[https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg-verein.git;a=blob_plain;f=$1][$2]] * The GnuPG e.V. @@ -23,6 +23,6 @@ German; a legally non-binding founding protocol can can be read {{{atgit(legal/founding-protocol-20170208.txt,here)}}}. -The rules on how to apply for membership will soon be posted. We will -also soon apply for charitable status so that donations will be tax -exempted at least in Germany. +The rules on how to apply for membership will soon be posted. We +applied on March 27 for charitable status with the goal to allow for +tax exempted donations at least in Germany. ----------------------------------------------------------------------- Summary of changes: web/verein/index.org | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 28 12:11:58 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 28 Mar 2017 12:11:58 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-84-g211d71f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 211d71f19c24da94f4c58014606125c1a29d86a2 (commit) via 6d3edfd972c1114f43f6b35773dc25e0256f48f4 (commit) from caf00915532e6e8e509738962964edcd14fb0654 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 211d71f19c24da94f4c58014606125c1a29d86a2 Author: Justus Winter Date: Tue Mar 28 12:07:32 2017 +0200 tests: Add test for '--decrypt --unwrap'. * tests/openpgp/Makefile.am (XTESTS): Add new test. * tests/openpgp/decrypt-unwrap-verify.scm: New file. Signed-off-by: Justus Winter diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am index 518af20..1a80bb6 100644 --- a/tests/openpgp/Makefile.am +++ b/tests/openpgp/Makefile.am @@ -48,6 +48,7 @@ XTESTS = \ decrypt-multifile.scm \ decrypt-dsa.scm \ decrypt-session-key.scm \ + decrypt-unwrap-verify.scm \ sigs.scm \ sigs-dsa.scm \ encrypt.scm \ diff --git a/tests/openpgp/decrypt-unwrap-verify.scm b/tests/openpgp/decrypt-unwrap-verify.scm new file mode 100755 index 0000000..97a72e4 --- /dev/null +++ b/tests/openpgp/decrypt-unwrap-verify.scm @@ -0,0 +1,41 @@ +#!/usr/bin/env gpgscm + +;; Copyright (C) 2017 g10 Code GmbH +;; +;; This file is part of GnuPG. +;; +;; GnuPG is free software; you can redistribute it and/or modify +;; it under the terms of the GNU General Public License as published by +;; the Free Software Foundation; either version 3 of the License, or +;; (at your option) any later version. +;; +;; GnuPG is distributed in the hope that it will be useful, +;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;; GNU General Public License for more details. +;; +;; You should have received a copy of the GNU General Public License +;; along with this program; if not, see . + +(load (with-path "defs.scm")) +(setup-legacy-environment) + +(lettmp (steve's-key) + (call-check `(, at gpg --output ,steve's-key --export "1D777619BE310D79")) + + (for-each-p + "Checking unwrapping the encryption." + (lambda (name) + ;; First, unwrap the encrypted message using Steve's secret key. + (lettmp (unwrapped) + (tr:do + (tr:open (in-srcdir "samplemsgs" (string-append name ".asc"))) + (tr:gpg "" `(--yes --decrypt --unwrap)) + (tr:write-to unwrapped)) + + ;; Then, verify the signature with a clean working directory + ;; containing only Steve's public key. + (with-ephemeral-home-directory + (call-check `(, at gpg --import ,steve's-key)) + (call-check `(, at gpg --verify ,unwrapped))))) + '("encsig-2-keys-3" "encsig-2-keys-4"))) commit 6d3edfd972c1114f43f6b35773dc25e0256f48f4 Author: Justus Winter Date: Tue Mar 28 12:10:28 2017 +0200 g10: Fix memory leak. * g10/decrypt-data.c (decrypt_data): Free 'filename'. Signed-off-by: Justus Winter diff --git a/g10/decrypt-data.c b/g10/decrypt-data.c index 11a253f..96e2487 100644 --- a/g10/decrypt-data.c +++ b/g10/decrypt-data.c @@ -222,7 +222,7 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek) if (opt.unwrap_encryption) { - char *filename; + char *filename = NULL; estream_t fp; rc = get_output_file ("", 0, ed->buf, &filename, &fp); if (! rc) @@ -248,6 +248,7 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek) if (afx) release_armor_context (afx); } + xfree (filename); } else proc_packets (ctrl, procctx, ed->buf ); ----------------------------------------------------------------------- Summary of changes: g10/decrypt-data.c | 3 ++- tests/openpgp/Makefile.am | 1 + .../{issue2941.scm => decrypt-unwrap-verify.scm} | 29 ++++++++++++++-------- 3 files changed, 21 insertions(+), 12 deletions(-) copy tests/openpgp/{issue2941.scm => decrypt-unwrap-verify.scm} (53%) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 28 12:28:54 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 28 Mar 2017 12:28:54 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-85-g5128cd7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 5128cd74c029d57491a79ca9e918c81facdf1b76 (commit) from 211d71f19c24da94f4c58014606125c1a29d86a2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5128cd74c029d57491a79ca9e918c81facdf1b76 Author: Justus Winter Date: Tue Mar 28 12:22:18 2017 +0200 tests: Fix distcheck. * tests/openpgp/Makefile.am (sample_msgs): Add all missing sample messages. Fixes-commit: 211d71f19c24da94f4c58014606125c1a29d86a2 Signed-off-by: Justus Winter diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am index 1a80bb6..40f947b 100644 --- a/tests/openpgp/Makefile.am +++ b/tests/openpgp/Makefile.am @@ -219,10 +219,34 @@ sample_keys = samplekeys/README \ samplekeys/authenticate-only.pub.asc \ samplekeys/authenticate-only.sec.asc -sample_msgs = samplemsgs/issue2419.asc \ - samplemsgs/clearsig-1-key-1.asc \ +sample_msgs = samplemsgs/clearsig-1-key-1.asc \ + samplemsgs/clearsig-2-keys-1.asc \ + samplemsgs/clearsig-2-keys-2.asc \ + samplemsgs/enc-1-key-1.asc \ + samplemsgs/enc-1-key-2.asc \ + samplemsgs/enc-2-keys-1.asc \ + samplemsgs/enc-2-keys-2.asc \ + samplemsgs/enc-2-keys-hh-1.asc \ + samplemsgs/enc-2-keys-hr-1.asc \ + samplemsgs/enc-2-keys-rh-1.asc \ + samplemsgs/encsig-2-2-keys-3.asc \ + samplemsgs/encsig-2-2-keys-4.asc \ + samplemsgs/encsig-2-keys-1.asc \ + samplemsgs/encsig-2-keys-2.asc \ + samplemsgs/encsig-2-keys-3.asc \ + samplemsgs/encsig-2-keys-4.asc \ + samplemsgs/encz0-1-key-1.asc \ + samplemsgs/encz0-1-key-2.asc \ + samplemsgs/issue2419.asc \ + samplemsgs/revoke-2D727CC768697734.asc \ + samplemsgs/sig-1-key-1.asc \ + samplemsgs/sig-1-key-2.asc \ + samplemsgs/sig-2-keys-1.asc \ + samplemsgs/sig-2-keys-2.asc \ samplemsgs/signed-1-key-1.asc \ - samplemsgs/revoke-2D727CC768697734.asc + samplemsgs/signed-1-key-2.asc \ + samplemsgs/signed-2-keys-1.asc \ + samplemsgs/signed-2-keys-2.asc EXTRA_DIST = defs.scm $(XTESTS) $(TEST_FILES) \ mkdemodirs signdemokey $(priv_keys) $(sample_keys) \ ----------------------------------------------------------------------- Summary of changes: tests/openpgp/Makefile.am | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 28 12:33:24 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 28 Mar 2017 12:33:24 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.8.0-124-g813ae5f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 813ae5fa2d712aa9679b791c67c9c1c43d36ffe4 (commit) from 57d60b20f16dd5f1bccbbcaa0a6ed75a554a6414 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 813ae5fa2d712aa9679b791c67c9c1c43d36ffe4 Author: Werner Koch Date: Tue Mar 28 11:40:44 2017 +0200 core: Prepare for new key listing data send by gpg. * src/gpgme.h.in (gpgme_user_id_t): New fields 'origin' and 'last_update'. (gpgme_key_t): New fields 'origin' and 'last_update'. * src/conversion.c (_gpgme_parse_timestamp_ul): New. * src/keylist.c (keylist_colon_handler): Parse fields 19 and 20. * tests/run-keylist.c (main): Print new fields. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index e119b9a..0005abe 100644 --- a/NEWS +++ b/NEWS @@ -10,7 +10,11 @@ Noteworthy changes in version 1.8.1 (unreleased) gpgme_op_createkey CHANGED: Meaning of 'expire' parameter. gpgme_op_createsubkey CHANGED: Meaning of 'expire' parameter. GPGME_CREATE_NOEXPIRE NEW. + gpgme_key_t EXTENDED: New field 'origin'. + gpgme_key_t EXTENDED: New field 'last_update'. gpgme_subkey_t EXTENDED: New field 'is_de_vs'. + gpgme_user_id_t EXTENDED: New field 'origin'. + gpgme_user_id_t EXTENDED: New field 'last_update'. gpgme_op_keylist_from_data_start NEW. gpgme_op_set_uid_flag_start NEW. gpgme_op_set_uid_flag NEW. diff --git a/doc/gpgme.texi b/doc/gpgme.texi index d5969b7..62004ae 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -3078,6 +3078,9 @@ be true even if the corresponding subkey flag may be false (offline/stub keys). This is only set if a listing of secret keys has been requested or if @code{GPGME_KEYLIST_MODE_WITH_SECRET} is active. + at item unsigned int origin : 5 +Reserved for the origin of this key. + @item gpgme_protocol_t protocol This is the protocol supported by this key. @@ -3111,6 +3114,9 @@ this is a copy of the fingerprint of the first subkey. For an incomplete key (for example from a verification result) a subkey may be missing but this field may be set nevertheless. + at item unsigned long last_update +Reserved for the time of the last update of this key. + @end table @end deftp @@ -3255,6 +3261,13 @@ this user id. @item gpgme_key_sig_t signatures This is a linked list with the signatures on this user ID. + + at item unsigned int origin : 5 +Reserved for the origin of this user ID. + + at item unsigned long last_update +Reserved for the time of the last update of this user ID. + @end table @end deftp diff --git a/src/conversion.c b/src/conversion.c index 6dfabe7..92dd214 100644 --- a/src/conversion.c +++ b/src/conversion.c @@ -536,6 +536,25 @@ _gpgme_parse_timestamp (const char *timestamp, char **endp) } +/* This function is similar to _gpgme_parse_timestamp but returns an + * unsigned long and 0 on error. */ +unsigned long +_gpgme_parse_timestamp_ul (const char *timestamp) +{ + time_t tim; + char *tail; + + if (!*timestamp) + return 0; /* Shortcut empty strings. */ + + tim = _gpgme_parse_timestamp (timestamp, &tail); + if (tim == -1 || timestamp == tail || (*tail && *tail != ' ')) + tim = 0; /* No time given or invalid engine. */ + + return (unsigned long)tim; +} + + /* The GPG backend uses OpenPGP algorithm numbers which we need to map to our algorithm numbers. This function MUST not change ERRNO. */ int diff --git a/src/gpgme.h.in b/src/gpgme.h.in index b6c1406..24b21e7 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -662,7 +662,10 @@ struct _gpgme_user_id unsigned int invalid : 1; /* Internal to GPGME, do not use. */ - unsigned int _unused : 30; + unsigned int _unused : 25; + + /* Origin of this user ID. */ + unsigned int origin : 5; /* The validity of the user ID. */ gpgme_validity_t validity; @@ -693,6 +696,9 @@ struct _gpgme_user_id /* The malloced TOFU information or NULL. */ gpgme_tofu_info_t tofu; + + /* Time of the last refresh of thsi user id. 0 if unknown. */ + unsigned long last_update; }; typedef struct _gpgme_user_id *gpgme_user_id_t; @@ -736,7 +742,10 @@ struct _gpgme_key unsigned int is_qualified : 1; /* Internal to GPGME, do not use. */ - unsigned int _unused : 22; + unsigned int _unused : 17; + + /* Origin of this key. */ + unsigned int origin : 5; /* This is the protocol supported by this key. */ gpgme_protocol_t protocol; @@ -776,6 +785,9 @@ struct _gpgme_key * this is a copy of the FPR of the first subkey. We need it here * to allow for an incomplete key object. */ char *fpr; + + /* Time of the last refresh of the entire key. 0 if unknown. */ + unsigned long last_update; }; typedef struct _gpgme_key *gpgme_key_t; diff --git a/src/keylist.c b/src/keylist.c index c88a7ca..e16ba4d 100644 --- a/src/keylist.c +++ b/src/keylist.c @@ -552,7 +552,7 @@ keylist_colon_handler (void *priv, char *line) RT_SSB, RT_SEC, RT_CRT, RT_CRS, RT_REV, RT_SPK } rectype = RT_NONE; -#define NR_FIELDS 18 +#define NR_FIELDS 20 char *field[NR_FIELDS]; int fields = 0; void *hook; @@ -733,6 +733,12 @@ keylist_colon_handler (void *priv, char *line) if (fields >= 17 && *field[17]) parse_pub_field18 (subkey, field[17]); + if (fields >= 20) + { + key->last_update = _gpgme_parse_timestamp_ul (field[18]); + key->origin = 0; /* Fixme: Not yet defined in gpg. */ + } + break; case RT_SUB: @@ -818,12 +824,15 @@ keylist_colon_handler (void *priv, char *line) { if (_gpgme_key_append_name (key, field[9], 1)) return gpg_error (GPG_ERR_ENOMEM); /* FIXME */ - else - { - if (field[1]) - set_userid_flags (key, field[1]); - opd->tmp_uid = key->_last_uid; - } + + if (field[1]) + set_userid_flags (key, field[1]); + opd->tmp_uid = key->_last_uid; + if (fields >= 20) + { + opd->tmp_uid->last_update = _gpgme_parse_timestamp_ul (field[18]); + opd->tmp_uid->origin = 0; /* Fixme: Not yet defined in gpg. */ + } } break; diff --git a/src/util.h b/src/util.h index b27c583..7b7924c 100644 --- a/src/util.h +++ b/src/util.h @@ -165,6 +165,9 @@ gpgme_off_t _gpgme_string_to_off (const char *string); point to the next non-parsed character in TIMESTRING. */ time_t _gpgme_parse_timestamp (const char *timestamp, char **endp); +/* Variant of _gpgme_parse_timestamp to return an unsigned long or 0 + * on error or missing timestamp. */ +unsigned long _gpgme_parse_timestamp_ul (const char *timestamp); gpgme_error_t _gpgme_map_gnupg_error (char *err); diff --git a/tests/run-keylist.c b/tests/run-keylist.c index aab4bb6..dd310e5 100644 --- a/tests/run-keylist.c +++ b/tests/run-keylist.c @@ -251,6 +251,7 @@ main (int argc, char **argv) key->is_qualified? " qualified":"", key->subkeys && key->subkeys->is_de_vs? " de-vs":"", key->subkeys && key->subkeys->is_cardkey? " cardkey":""); + printf ("upd : %lu (%u)\n", key->last_update, key->origin); subkey = key->subkeys; if (subkey) @@ -289,6 +290,7 @@ main (int argc, char **argv) printf (" name: %s\n", uid->name); if (uid->comment) printf (" cmmnt: %s\n", uid->comment); + printf (" upd: %lu (%u)\n", uid->last_update, uid->origin); printf (" valid: %s\n", uid->validity == GPGME_VALIDITY_UNKNOWN? "unknown": uid->validity == GPGME_VALIDITY_UNDEFINED? "undefined": ----------------------------------------------------------------------- Summary of changes: NEWS | 4 ++++ doc/gpgme.texi | 13 +++++++++++++ src/conversion.c | 19 +++++++++++++++++++ src/gpgme.h.in | 16 ++++++++++++++-- src/keylist.c | 23 ++++++++++++++++------- src/util.h | 3 +++ tests/run-keylist.c | 2 ++ 7 files changed, 71 insertions(+), 9 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 28 12:35:07 2017 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Tue, 28 Mar 2017 12:35:07 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.8.0-125-ga2ccb31 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via a2ccb3172896a90bc27c95964ef94bd7c0924802 (commit) from 813ae5fa2d712aa9679b791c67c9c1c43d36ffe4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a2ccb3172896a90bc27c95964ef94bd7c0924802 Author: Andre Heinecke Date: Tue Mar 28 12:34:28 2017 +0200 Revert "qt: Disable testEncryptDecryptNowrap" This reverts commit 57d60b20f16dd5f1bccbbcaa0a6ed75a554a6414. diff --git a/lang/qt/tests/t-encrypt.cpp b/lang/qt/tests/t-encrypt.cpp index a2d8dc4..199517f 100644 --- a/lang/qt/tests/t-encrypt.cpp +++ b/lang/qt/tests/t-encrypt.cpp @@ -203,8 +203,6 @@ private Q_SLOTS: delete decJob; } -private: - /* This apparently does not work under ASAN currently. TODO fix and reeanble */ void testEncryptDecryptNowrap() { /* Now decrypt */ ----------------------------------------------------------------------- Summary of changes: lang/qt/tests/t-encrypt.cpp | 2 -- 1 file changed, 2 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 28 12:35:53 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 28 Mar 2017 12:35:53 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-86-g4af389c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 4af389c9721fa534ed06a64b80705b631575c775 (commit) from 5128cd74c029d57491a79ca9e918c81facdf1b76 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4af389c9721fa534ed06a64b80705b631575c775 Author: Werner Koch Date: Tue Mar 28 09:37:18 2017 +0200 gpg: Prepare for listing last_update and key origin data. * g10/keylist.c (list_keyblock_colon): Add empty fields 19 and 20. -- We add them now to early catch error in parsers which arbitrary limit the number of fields in --with-colon listings. Signed-off-by: Werner Koch diff --git a/doc/DETAILS b/doc/DETAILS index cfe70e1..83d9fea 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -149,6 +149,7 @@ described here. the regular expression value, quoted as in field 10. *** Field 10 - User-ID + The value is quoted like a C string to avoid control characters (the colon is quoted =\x3a=). For a "pub" record this field is not used on --fixed-list-mode. A UAT record puts the attribute @@ -156,6 +157,7 @@ described here. subpacket size. In gpgsm the issuer name comes here. A FPR record stores the fingerprint here. The fingerprint of a revocation key is stored here. + *** Field 11 - Signature class Signature class as per RFC-4880. This is a 2 digit hexnumber @@ -227,6 +229,21 @@ described here. - 8 :: The key is compliant with RFC4880bis - 23 :: The key is compliant with compliance mode "de-vs". +*** Field 19 - Last update + + The timestamp of the last update of a key or user ID. The update + time of a key is defined a lookup of the key via its unique + identifier (fingerprint); the field is empty if not known. The + update time of a user ID is defined by a lookup of the key using a + trusted mapping from mail address to key. + +*** Field 20 - Origin + + The origin of the key or the user ID. This is an integer + optionally followed by a space and an URL. This goes along with + the previous field. The values are not yet defined. + + ** Special fields *** PKD - Public key data diff --git a/g10/keylist.c b/g10/keylist.c index b8f32be..e99e34b 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -1308,7 +1308,9 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock, } es_putc (':', es_stdout); /* End of field 17. */ print_compliance_flags (pk, keylength, curvename); - es_putc (':', es_stdout); /* End of field 18. */ + es_putc (':', es_stdout); /* End of field 18 (compliance). */ + es_putc (':', es_stdout); /* End of field 19 (last_update). */ + es_putc (':', es_stdout); /* End of field 20 (origin). */ es_putc ('\n', es_stdout); print_revokers (es_stdout, pk); @@ -1358,7 +1360,9 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock, es_fprintf (es_stdout, "%u %lu", uid->numattribs, uid->attrib_len); else es_write_sanitized (es_stdout, uid->name, uid->len, ":", NULL); - es_putc (':', es_stdout); + es_fputs (":::::::::", es_stdout); + es_putc (':', es_stdout); /* End of field 19 (last_update). */ + es_putc (':', es_stdout); /* End of field 20 (origin). */ es_putc ('\n', es_stdout); #ifdef USE_TOFU if (!uid->attrib_data && opt.with_tofu_info ----------------------------------------------------------------------- Summary of changes: doc/DETAILS | 17 +++++++++++++++++ g10/keylist.c | 8 ++++++-- 2 files changed, 23 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 28 16:42:35 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 28 Mar 2017 16:42:35 +0200 Subject: [git] GPGME - branch, gpgme-1.9-branch, created. gpgme-1.8.0-126-g38ad76e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, gpgme-1.9-branch has been created at 38ad76e96acf0a0565ffc4ef5d1bd6412e38e29a (commit) - Log ----------------------------------------------------------------- commit 38ad76e96acf0a0565ffc4ef5d1bd6412e38e29a Author: Werner Koch Date: Tue Mar 28 16:38:06 2017 +0200 Post release updates -- diff --git a/NEWS b/NEWS index f1c3290..a5cc1da 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 1.9.1 (unreleased) +------------------------------------------------ + + Noteworthy changes in version 1.9.0 (2017-03-28) ------------------------------------------------ @@ -45,7 +49,7 @@ Noteworthy changes in version 1.9.0 (2017-03-28) GPGME_ENCRYPT_WRAP NEW. GPGME_DECRYPT_VERIFY NEW. GPGME_DECRYPT_UNWRAP NEW. - gpgme_data_rewind UN-DEPRECATE. +o gpgme_data_rewind UN-DEPRECATE. cpp: Context::revUid(const Key&, const char*) NEW. cpp: Context::startRevUid(const Key&, const char*) NEW. cpp: Context::addUid(const Key&, const char*) NEW. diff --git a/configure.ac b/configure.ac index 0dac6ce..7ab94e7 100644 --- a/configure.ac +++ b/configure.ac @@ -29,7 +29,7 @@ min_automake_version="1.14" # for the LT versions. m4_define(mym4_version_major, [1]) m4_define(mym4_version_minor, [9]) -m4_define(mym4_version_micro, [0]) +m4_define(mym4_version_micro, [1]) # Below is m4 magic to extract and compute the revision number, the # decimalized short revision number, a beta version string, and a flag commit aa0390ec3b910bbbc323a15ec3c3351e77785a9a Author: Werner Koch Date: Tue Mar 28 16:21:37 2017 +0200 Release 1.9.0 * configure.ac : Bump LT version to C29/A18/R0. : Bump LT version to C10/A4/R0. : Bump LT version to C9/A2/R0. -- Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index 0005abe..f1c3290 100644 --- a/NEWS +++ b/NEWS @@ -1,9 +1,30 @@ -Noteworthy changes in version 1.8.1 (unreleased) +Noteworthy changes in version 1.9.0 (2017-03-28) ------------------------------------------------ - * cpp: Support for adduid and revuid operations. + * Clarified meaning of the 'expire' parameter of gpgme_op_createkey + and gpgme_op_createsubkey. New flag to force a key without an + expiration date. + + * New function gpgme_op_keylist_from_data_start to list keys from + data objects without importing them. + + * New function gpgme_op_set_uid_flag to flag a key as primary. + + * New function gpgme_op_decrypt_ext to run decryption with special + flags. This can for example be used to unwrap keys (remove only + the encryption layer). + + * New encryption flags to wrap a key (adding an encryption layer to + an OpenPGP message) or to create anonymously encrypted messages. + + * Support for adduid and revuid operations in the C++ bindings. + + * Support for smartcard key generation in the C++ bindings. + + * Several new functions for the Python binding. + + * Many smaller bug fixes. - * cpp: Support for smartcard key generation. * Interface changes relative to the 1.8.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -56,6 +77,8 @@ Noteworthy changes in version 1.8.1 (unreleased) py: core.pubkey_algo_string NEW. py: core.addrspec_from_uid NEW. + [c=C29/A18/R0 cpp=C10/A4/R0 qt=C9/A2/R0] + Noteworthy changes in version 1.8.0 (2016-11-16) ------------------------------------------------ diff --git a/README b/README index b7483b2..214ea87 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ GPGME - GnuPG Made Easy --------------------------- - Copyright 2001-2016 g10 Code GmbH +Copyright 2001-2017 g10 Code GmbH This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without @@ -70,7 +70,7 @@ a) If you have a trusted Version of GnuPG installed, you can simply check indeed a a signature of gpgme-x.y.z.tar.gz. The key used to create this signature is either of: - 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31] + rsa2048/4F25E3B6 2011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Werner Koch (dist sig) @@ -86,10 +86,14 @@ a) If you have a trusted Version of GnuPG installed, you can simply check Key fingerprint = D238 EA65 D64C 67ED 4C30 73F2 8A86 1B1C 7EFD 60D9 Werner Koch (Release Signing Key) + rsa3072/4B092E28 2017-03-17 [expires: 2027-03-15] + Key fingerprint = 5B80 C575 4298 F0CB 55D8 ED6A BCEF 7E29 4B09 2E28 + Andre Heinecke (Release Signing Key) + You may retrieve these files from the keyservers using this command gpg --recv-keys 249B39D24F25E3B6 04376F3EE0856959 \ - 2071B08A33BD3F06 8A861B1C7EFD60D9 + 2071B08A33BD3F06 8A861B1C7EFD60D9 BCEF7E294B092E28 The keys are also available at https://gnupg.org/signature_key.html and in released GnuPG tarballs in the file g10/distsigkey.gpg . diff --git a/configure.ac b/configure.ac index 2701d41..0dac6ce 100644 --- a/configure.ac +++ b/configure.ac @@ -28,8 +28,8 @@ min_automake_version="1.14" # commit and push so that the git magic is able to work. See below # for the LT versions. m4_define(mym4_version_major, [1]) -m4_define(mym4_version_minor, [8]) -m4_define(mym4_version_micro, [1]) +m4_define(mym4_version_minor, [9]) +m4_define(mym4_version_micro, [0]) # Below is m4 magic to extract and compute the revision number, the # decimalized short revision number, a beta version string, and a flag @@ -55,19 +55,19 @@ AC_INIT([gpgme],[mym4_full_version],[http://bugs.gnupg.org]) # (Interfaces added: AGE++) # (Interfaces removed/changed: AGE=0) # -LIBGPGME_LT_CURRENT=28 -LIBGPGME_LT_AGE=17 +LIBGPGME_LT_CURRENT=29 +LIBGPGME_LT_AGE=18 LIBGPGME_LT_REVISION=0 # If there is an ABI break in gpgmepp or qgpgme also bump the # version in IMPORTED_LOCATION in the GpgmeppConfig-w32.cmake.in.in -LIBGPGMEPP_LT_CURRENT=9 -LIBGPGMEPP_LT_AGE=3 +LIBGPGMEPP_LT_CURRENT=10 +LIBGPGMEPP_LT_AGE=4 LIBGPGMEPP_LT_REVISION=0 -LIBQGPGME_LT_CURRENT=8 -LIBQGPGME_LT_AGE=1 +LIBQGPGME_LT_CURRENT=9 +LIBQGPGME_LT_AGE=2 LIBQGPGME_LT_REVISION=0 # If the API is changed in an incompatible way: increment the next counter. @@ -789,7 +789,7 @@ AH_BOTTOM([ #define GPG_ERR_ENABLE_ERRNO_MACROS 1 #define CRIGHTBLURB "Copyright (C) 2000 Werner Koch\n" \ - "Copyright (C) 2001--2016 g10 Code GmbH\n" + "Copyright (C) 2001--2017 g10 Code GmbH\n" ]) diff --git a/doc/gpgme.texi b/doc/gpgme.texi index 62004ae..40423cf 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -14,7 +14,7 @@ @syncodeindex pg fn @copying -Copyright @copyright{} 2002--2008, 2010, 2012--2016 g10 Code GmbH. +Copyright @copyright{} 2002--2008, 2010, 2012--2017 g10 Code GmbH. @quotation Permission is granted to copy, distribute and/or modify this document @@ -3426,7 +3426,7 @@ The function @code{gpgme_op_keylist_from_data_start} initiates a key listing operation inside the context @var{ctx}. In contrast to the other key listing operation the keys are read from the supplied @var{data} and not from the local key database. The keys are also not -imported into the local ley database. The function sets everything up +imported into the local key database. The function sets everything up so that subsequent invocations of @code{gpgme_op_keylist_next} return the keys from @var{data}. diff --git a/src/versioninfo.rc.in b/src/versioninfo.rc.in index 3ce38f0..2b1cc81 100644 --- a/src/versioninfo.rc.in +++ b/src/versioninfo.rc.in @@ -39,7 +39,7 @@ BEGIN VALUE "FileDescription", "GPGME - GnuPG Made Easy\0" VALUE "FileVersion", "@LIBGPGME_LT_CURRENT at .@LIBGPGME_LT_AGE at .@LIBGPGME_LT_REVISION at .@BUILD_REVISION@\0" VALUE "InternalName", "gpgme\0" - VALUE "LegalCopyright", "Copyright ? 2001-2016 g10 Code GmbH\0" + VALUE "LegalCopyright", "Copyright ? 2001-2017 g10 Code GmbH\0" VALUE "LegalTrademarks", "\0" VALUE "OriginalFilename", "gpgme.dll\0" VALUE "PrivateBuild", "\0" ----------------------------------------------------------------------- hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 28 16:54:13 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 28 Mar 2017 16:54:13 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.9.0-3-g1b55e90 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 1b55e90d422983f303e1d243daeac15e6f916d20 (commit) via 38ad76e96acf0a0565ffc4ef5d1bd6412e38e29a (commit) via aa0390ec3b910bbbc323a15ec3c3351e77785a9a (commit) from a2ccb3172896a90bc27c95964ef94bd7c0924802 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1b55e90d422983f303e1d243daeac15e6f916d20 Merge: a2ccb31 38ad76e Author: Werner Koch Date: Tue Mar 28 16:49:42 2017 +0200 Merge branch 'gpgme-1.9-branch' -- ----------------------------------------------------------------------- Summary of changes: NEWS | 35 +++++++++++++++++++++++++++++++---- README | 10 +++++++--- configure.ac | 16 ++++++++-------- doc/gpgme.texi | 4 ++-- src/versioninfo.rc.in | 2 +- 5 files changed, 49 insertions(+), 18 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 28 16:56:06 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 28 Mar 2017 16:56:06 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-87-gb207806 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via b20780658ebb1e1245db18c04db3e815399cf706 (commit) from 4af389c9721fa534ed06a64b80705b631575c775 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b20780658ebb1e1245db18c04db3e815399cf706 Author: Justus Winter Date: Tue Mar 28 16:51:18 2017 +0200 tests,w32: Fix importing the extra key for GPGME's keylist test. * tests/gpgme/wrap.scm: Qualify the tests name with the extension for executables (if any). Signed-off-by: Justus Winter diff --git a/tests/gpgme/wrap.scm b/tests/gpgme/wrap.scm index 4c96a09..eb416f4 100644 --- a/tests/gpgme/wrap.scm +++ b/tests/gpgme/wrap.scm @@ -53,7 +53,7 @@ (let ((name (basename (car executable)))) (cond - ((string=? "t-keylist" name) + ((string=? (qualify "t-keylist") name) ;; This test assumes that 't-import' imported a key. (log "Importing extra key...") (call-check `(, at GPG --yes --import ,(in-srcdir "pubkey-1.asc")))))) ----------------------------------------------------------------------- Summary of changes: tests/gpgme/wrap.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 28 17:18:55 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 28 Mar 2017 17:18:55 +0200 Subject: [git] gnupg-doc - branch, master, updated. b6911ba1c8bbeba980e580f4301116864297d73d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via b6911ba1c8bbeba980e580f4301116864297d73d (commit) from 4bd34eec5d861fe44a76a4bb3ea741bb0ffe94e7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b6911ba1c8bbeba980e580f4301116864297d73d Author: Werner Koch Date: Tue Mar 28 17:15:49 2017 +0200 swdb: Release GPGME 1.9.0 diff --git a/web/Makefile b/web/Makefile index 17bf6e7..e53d091 100644 --- a/web/Makefile +++ b/web/Makefile @@ -13,6 +13,6 @@ swdb.lst.sig: swdb.lst upload: swdb.lst.sig scp swdb.lst.sig swdb.lst playfair.gnupg.org:/var/www/git/versions.gnupg.org/htdocs/ - scp swdb.lst.sig swdb.lst werner at trithemius.gnupg.org:/var/www/www/www.gnupg.org/htdocs/ + scp swdb.lst.sig swdb.lst webbuilder at trithemius.gnupg.org:/var/www/www/www.gnupg.org/htdocs/ .PHONY: upload all diff --git a/web/index.org b/web/index.org index 056991c..a3ad964 100644 --- a/web/index.org +++ b/web/index.org @@ -66,6 +66,12 @@ The latest release news:\\ # point or paste the [[news.en.rss][RSS file]] into your aggregator. +** GnuPG Made Easy 1.9.0 released (2017-03-28) + +[[file:software/gpgme/index.org][GPGME]] is a library that allows to add support for cryptography to a +program. {[[https://lists.gnupg.org/pipermail/gnupg-announce/2017q1/000403.html][more]]} + + ** GnuPG 2.1.19 released (2017-03-01) A new version of GnuPG has been released. Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2017q1/000402.html][announcement diff --git a/web/software/gpgme/index.org b/web/software/gpgme/index.org index d0a76a7..61a0e1d 100644 --- a/web/software/gpgme/index.org +++ b/web/software/gpgme/index.org @@ -1,10 +1,11 @@ #+STARTUP: showall +#+GPGWEB-NEED-SWDB #+SETUPFILE: "../../share/setup.inc" * GPGME /GnuPG Made Easy/ (GPGME) is a library designed to make access to - GnuPG easier for applications. It provides a High-Level Crypto API + GnuPG easier for applications. It provides a High-Level Crypto API for encryption, decryption, signing, signature verification and key management. Currently it uses GnuPG as its backend but the API isn't restricted to this engine; in fact we have already developed a @@ -12,11 +13,12 @@ Because the direct use of GnuPG from an application can be a complicated programming task, it is suggested that all software - should try to use GPGME instead. This way bug fixes or improvements + should try to use GPGME instead. This way bug fixes or improvements can be done at a central place and every application benefits from this. Especially authors of @@html:@@MUAs@@html:@@ should consider to use GPGME. - See [[../../download/index.org::#gpgme][download]] section to download the latest tarball. + See [[../../download/index.org::#gpgme][download]] section to download the latest tarball. The manual can + be read [[file:~/s/gnupg-doc/web/software/documentation/manuals/gpgme/][here]]. The current version is {{{gpgme_ver}}}. diff --git a/web/swdb.mac b/web/swdb.mac index 921493d..c1dee42 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -71,11 +71,11 @@ # # GPGME # -#+macro: gpgme_ver 1.8.0 -#+macro: gpgme_date 2016-11-16 -#+macro: gpgme_size 1267k -#+macro: gpgme_sha1 efa043064dbf675fd713228c6fcfcc4116feb221 -#+macro: gpgme_sha2 596097257c2ce22e747741f8ff3d7e24f6e26231fa198a41b2a072e62d1e5d33 +#+macro: gpgme_ver 1.9.0 +#+macro: gpgme_date 2017-03-28 +#+macro: gpgme_size 1312k +#+macro: gpgme_sha1 870719cd3d2ef6a7fcb1d6af9ce5446edba7bfc3 +#+macro: gpgme_sha2 1b29fedb8bfad775e70eafac5b0590621683b2d9869db994568e6401f4034ceb # ----------------------------------------------------------------------- Summary of changes: web/Makefile | 2 +- web/index.org | 6 ++++++ web/software/gpgme/index.org | 8 +++++--- web/swdb.mac | 10 +++++----- 4 files changed, 17 insertions(+), 9 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 28 17:40:17 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 28 Mar 2017 17:40:17 +0200 Subject: [git] gnupg-doc - branch, master, updated. f39226b2bbfc01d4d8286061ba04b704257373d7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via f39226b2bbfc01d4d8286061ba04b704257373d7 (commit) from b6911ba1c8bbeba980e580f4301116864297d73d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f39226b2bbfc01d4d8286061ba04b704257373d7 Author: Werner Koch Date: Tue Mar 28 17:37:11 2017 +0200 web: Remove the use of the modern/stable/classic flags. They are more confusing then helpful. diff --git a/web/download/index.org b/web/download/index.org index df4a475..302fcc9 100644 --- a/web/download/index.org +++ b/web/download/index.org @@ -13,7 +13,7 @@ #+index: GnuPG!download Note that you may also download the GNU Privacy Guard from a mirror - site close to you. See our [[file:mirrors.org][list of mirrors]]. The table below + site close to you. See our [[file:mirrors.org][list of mirrors]]. The table below provides links to the location of the files on the primary server only. @@ -39,13 +39,13 @@ knowledge on how to compile and install software is required. The table lists the different GnuPG packages, followed by required - libraries, required tools, and optional software. + libraries, required tools, optional software, and legacy versions + of GnuPG. | Name | Version | Date | Size | Tarball | Signature | |--------------+------------------------+-------------------------+-------------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------| | | | | | | | - | GnuPG modern | {{{gnupg21_ver}}} | {{{gnupg21_date}}} | {{{gnupg21_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg21_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg21_ver}}}.tar.bz2.sig{{{ftpclose}}} | - | GnuPG stable | {{{gnupg_ver}}} | {{{gnupg_date}}} | {{{gnupg_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | GnuPG | {{{gnupg21_ver}}} | {{{gnupg21_date}}} | {{{gnupg21_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg21_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg21_ver}}}.tar.bz2.sig{{{ftpclose}}} | |--------------+------------------------+-------------------------+-------------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------| | [[../software/libgpg-error/index.org][Libgpg-error]] | {{{libgpg_error_ver}}} | {{{libgpg_error_date}}} | {{{libgpg_error_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2.sig{{{ftpclose}}} | | [[../software/libgcrypt/index.org][Libgcrypt]] | {{{libgcrypt_ver}}} | {{{libgcrypt_date}}} | {{{libgcrypt_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2.sig{{{ftpclose}}} | @@ -58,35 +58,35 @@ |--------------+------------------------+-------------------------+-------------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------| | [[../software/gpgme/index.org][GPGME]] | {{{gpgme_ver}}} | {{{gpgme_date}}} | {{{gpgme_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gpgme/gpgme-{{{gpgme_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gpgme/gpgme-{{{gpgme_ver}}}.tar.bz2.sig{{{ftpclose}}} | | [[../software/gpa/index.org][GPA]] | {{{gpa_ver}}} | {{{gpa_date}}} | {{{gpa_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gpa/gpa-{{{gpa_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gpa/gpa-{{{gpa_ver}}}.tar.bz2.sig{{{ftpclose}}} | - | Dirmngr | {{{dirmngr_ver}}} | {{{dirmngr_date}}} | {{{dirmngr_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2.sig{{{ftpclose}}} | + |--------------+------------------------+-------------------------+-------------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------| + | GnuPG 2.0 | {{{gnupg_ver}}} | {{{gnupg_date}}} | {{{gnupg_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | GnuPG 1.4 | {{{gnupg1_ver}}} | {{{gnupg1_date}}} | {{{gnupg1_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg1_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg1_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | Dirmngr 1 | {{{dirmngr_ver}}} | {{{dirmngr_date}}} | {{{dirmngr_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2.sig{{{ftpclose}}} | |--------------+------------------------+-------------------------+-------------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------| {{{check_sig_note}}} Remarks: - - /GnuPG stable/ (2.0) is the modularized version of GnuPG supporting - OpenPGP, S/MIME, and Secure Shell. - - - /GnuPG modern/ (2.1) is the brand new version with enhanced - features like support for Elliptic Curve Cryptography. It will - eventually replace the current stable (2.0) - - - /GnuPG classic/ (1.4) is the old, single binary version which may - be build even on ancient Unix platforms. It has no dependencies - on the above listed libraries or the Pinnetry. However, it lacks - many modern features. - - /Pinentry/ is a collection of passphrase entry dialogs which is - required for almost all usages of GnuPG stable or modern (2.x). + required for almost all usages of GnuPG. - /GPGME/ is the standard library to access GnuPG functions from programming languages. - /GPA/ is a graphical frontend to GnuPG. - - /Dirmngr/ is an optional tool for use with /GnuPG stable/ (2.0). - A modernized version is included in /GnuPG modern/ (2.1) + - /GnuPG 2.0/ is an older branch of GnuPG. This branch will reach + end-of-life on 2017-12-31. + + - /GnuPG 1.4/ is the old, single binary version which still support + the unsafe PGP-2 keys. This branch has no dependencies on the + above listed libraries or the Pinnetry. However, it lacks many + features and will receive only important updates. + + - /Dirmngr/ is an optional tool for use with /GnuPG 2.0/. A + modernized version is included in the current GnuPG (2.1) + version. ** GnuPG binary releases @@ -105,16 +105,16 @@ | OS | Where | Description | |---------+--------------------+---------------------------------------------| | | <18> | | - | Windows | [[http://gpg4win.org/download.html][Gpg4win]] | Installers for /GnuPG stable/ | - | | {{{ftpopen}}}{{{ftp_loc_base}}}/binary/gnupg-w32-{{{gnupg21_w32_ver}}}.exe{{{ftpclose}}} {{{ftpopen}}}{{{ftp_loc_base}}}/binary/gnupg-w32-{{{gnupg21_w32_ver}}}.exe.sig{{{ftpcloseS}}} | Simple installer for /GnuPG modern/ | - | | {{{ftpopen}}}{{{ftp_loc_base}}}/binary/gnupg-w32cli-{{{gnupg1_w32cli_ver}}}.exe{{{ftpclose}}} {{{ftpopen}}}{{{ftp_loc_base}}}/binary/gnupg-w32cli-{{{gnupg1_w32cli_ver}}}.exe.sig{{{ftpcloseS}}} | Simple installer for /GnuPG classic/ | + | Windows | [[http://gpg4win.org/download.html][Gpg4win]] | Installers for /GnuPG 2.0/ | + | | {{{ftpopen}}}{{{ftp_loc_base}}}/binary/gnupg-w32-{{{gnupg21_w32_ver}}}.exe{{{ftpclose}}} {{{ftpopen}}}{{{ftp_loc_base}}}/binary/gnupg-w32-{{{gnupg21_w32_ver}}}.exe.sig{{{ftpcloseS}}} | Simple installer for the current /GnuPG/ | + | | {{{ftpopen}}}{{{ftp_loc_base}}}/binary/gnupg-w32cli-{{{gnupg1_w32cli_ver}}}.exe{{{ftpclose}}} {{{ftpopen}}}{{{ftp_loc_base}}}/binary/gnupg-w32cli-{{{gnupg1_w32cli_ver}}}.exe.sig{{{ftpcloseS}}} | Simple installer for /GnuPG 1.4/ | | OS X | [[http://gpgtools.org][Mac GPG]] | Installer from the gpgtools project | - | | [[https://sourceforge.net/p/gpgosx/docu/Download/][GnuPG for OS X]] | Installer for /GnuPG modern/ | - | Debian | [[https://www.debian.org][Debian site]] | GnuPG stable and classic are part of Debian | + | | [[https://sourceforge.net/p/gpgosx/docu/Download/][GnuPG for OS X]] | Installer for /GnuPG 2.1/ | + | Debian | [[https://www.debian.org][Debian site]] | GnuPG is part of Debian | | RPM | [[http://rpmfind.net/][rpmfind]] | RPM packages for different OS | - | Android | [[https://guardianproject.info/code/gnupg/][Guardian project]] | Provides a GnuPG 2.1 framework | - | VMS | [[http://www.antinode.info/dec/sw/gnupg.html][antinode.info]] | A port of GnuPG to OpenVMS | - | RISC OS | [[http://www.sbellon.de/gnupg.html][home page]] | Sources and binaries for RISC OS | + | Android | [[https://guardianproject.info/code/gnupg/][Guardian project]] | Provides a GnuPG framework | + | VMS | [[http://www.antinode.info/dec/sw/gnupg.html][antinode.info]] | A port of GnuPG 1.4 to OpenVMS | + | RISC OS | [[http://www.sbellon.de/gnupg.html][home page]] | A port of GnuPG to RISC OS | |---------+--------------------+---------------------------------------------| diff --git a/web/download/release_notes.org b/web/download/release_notes.org index 3a9efb4..b581bf0 100644 --- a/web/download/release_notes.org +++ b/web/download/release_notes.org @@ -8,9 +8,7 @@ * Release Notes for GnuPG Please read the NEWS file for a more complete list. {{{gnupg21_ver}}} - is the stable and modern version of GnuPG. (Version {{{gnupg1_ver}}} - is from the old GnuPG-1 series, which is useful to decrypt PGP-2 - encrypted data.) + is the current version of GnuPG. Note that this page will soon be restructed. The URLs pointing to specific releases will thus also change. diff --git a/web/index.org b/web/index.org index a3ad964..f5c8145 100644 --- a/web/index.org +++ b/web/index.org @@ -13,27 +13,22 @@ GnuPG is a complete and free implementation of the OpenPGP standard as defined by [[https://www.ietf.org/rfc/rfc4880.txt][RFC4880]] (also known as /PGP/). GnuPG allows to encrypt and sign your data and communication, features a versatile key management system as well as access modules for all kinds of public key -directories. GnuPG, also known as /GPG/, is a command line tool with +directories. GnuPG, also known as /GPG/, is a command line tool with features for easy integration with other applications. A wealth of -[[file:software/frontends.html][frontend applications]] and [[file:software/libraries.html][libraries]] are available. Version 2 of GnuPG -also provides support for S/MIME and Secure Shell (ssh). +[[file:software/frontends.html][frontend applications]] and [[file:software/libraries.html][libraries]] are available. GnuPG also +provides support for S/MIME and Secure Shell (ssh). GnuPG is [[https://www.gnu.org/philosophy/free-sw.html][Free Software]] (meaning that it respects your freedom). It can be freely used, modified and distributed under the terms of the [[https://www.gnu.org/copyleft/gpl.html][GNU General Public License]] . -There are two major flavours of GnuPG: +The current version of GnuPG is {{{gnupg21_ver}}}. See the [[file:download/index.org][download]] +page for other maintained versions. - - {{{gnupg21_ver}}} is the /modern/ version with support - for [[https://en.wikipedia.org/wiki/Elliptic_curve_cryptography][ECC]] and many other new features, +[[https://www.gpg4win.org][Gpg4win]] provides a Windows version of the older GnuPG 2.0 branch. It +is nicely integrated into an installer and features several frontends +as well as English and German manuals. - - {{{gnupg_ver}}} is the /stable/ version from an often used branch. - This branch will reach end-of-life on 2017-12-31. - -Project [[https://www.gpg4win.org][Gpg4win]] provides a Windows version of the old GnuPG /stable/. It is -nicely integrated into an installer and features several frontends as -well as English and German manuals. A simple Windows installer for the -/modern/ version is available at our [[file:download/index.org][download]] page. * Reconquer your privacy ----------------------------------------------------------------------- Summary of changes: web/download/index.org | 56 +++++++++++++++++++++--------------------- web/download/release_notes.org | 4 +-- web/index.org | 21 ++++++---------- 3 files changed, 37 insertions(+), 44 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 28 17:50:03 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 28 Mar 2017 17:50:03 +0200 Subject: [git] gnupg-doc - branch, master, updated. 1d5404a9815f0280690d18577f987ea0b2c09c46 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 1d5404a9815f0280690d18577f987ea0b2c09c46 (commit) from f39226b2bbfc01d4d8286061ba04b704257373d7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1d5404a9815f0280690d18577f987ea0b2c09c46 Author: Werner Koch Date: Tue Mar 28 17:46:56 2017 +0200 web: Fix URL and removes links to older manuals org-mode magic for the "file:" scheme does not work for manuals because they are only on the web server. Thus we use full URLs and let the build post processing make them relative again. diff --git a/web/documentation/manuals.org b/web/documentation/manuals.org index 3dee9ca..d72ff1a 100644 --- a/web/documentation/manuals.org +++ b/web/documentation/manuals.org @@ -7,10 +7,8 @@ This is a list of online available manuals. Those marked as "draft" may document features not yet available in the released software version. - - GnuPG (2.1) manual : [[file:manuals/gnupg/][HTML]], [[file:manuals/gnupg.pdf][PDF]] - - GnuPG (2.0) manual : [[file:manuals/gnupg-2.0/][HTML]], [[file:manuals/gnupg-2.0.pdf][PDF]] - - Libgcrypt manual : [[file:manuals/gcrypt/][HTML]], [[file:manuals/gcrypt.pdf][PDF]], [[file:manuals/gcrypt-devel/][HTML (draft)]]. - - Libksba manual : [[file:manuals/ksba/][HTML]], [[file:manuals/ksba.pdf][PDF]]. - - Libassuan manual : [[file:manuals/assuan/][HTML]], [[file:manuals/assuan.pdf][PDF]]. - - GPGME manual : [[file:manuals/gpgme/][HTML]], [[file:manuals/gpgme.pdf][PDF]]. - - Dirmngr manual : [[file:manuals/dirmngr/][HTML]], [[file:manuals/dirmngr.pdf][PDF]] (for GnuPG 2.0). + - GnuPG manual :: [[file:manuals/gnupg/][HTML]], [[file:manuals/gnupg.pdf][PDF]] + - Libgcrypt manual :: [[file:manuals/gcrypt/][HTML]], [[file:manuals/gcrypt.pdf][PDF]]. + - Libksba manual :: [[file:manuals/ksba/][HTML]], [[file:manuals/ksba.pdf][PDF]]. + - Libassuan manual :: [[file:manuals/assuan/][HTML]], [[file:manuals/assuan.pdf][PDF]]. + - GPGME manual :: [[file:manuals/gpgme/][HTML]], [[file:manuals/gpgme.pdf][PDF]]. diff --git a/web/software/gpgme/index.org b/web/software/gpgme/index.org index 61a0e1d..8f6af5e 100644 --- a/web/software/gpgme/index.org +++ b/web/software/gpgme/index.org @@ -21,4 +21,4 @@ reader">@@MUAs@@html:@@ should consider to use GPGME. See [[../../download/index.org::#gpgme][download]] section to download the latest tarball. The manual can - be read [[file:~/s/gnupg-doc/web/software/documentation/manuals/gpgme/][here]]. The current version is {{{gpgme_ver}}}. + be read [[https://www.gnupg.org/documentation/manuals/gpgme/][here]]. The current version is {{{gpgme_ver}}}. ----------------------------------------------------------------------- Summary of changes: web/documentation/manuals.org | 12 +++++------- web/software/gpgme/index.org | 2 +- 2 files changed, 6 insertions(+), 8 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 28 18:00:11 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 28 Mar 2017 18:00:11 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.9.0-5-g7e9f775 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 7e9f7752c992f957ccfde3b274865c633096e3bb (commit) via a13e4abe9463579ef23d1acea39a093abfc6528d (commit) from 1b55e90d422983f303e1d243daeac15e6f916d20 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7e9f7752c992f957ccfde3b274865c633096e3bb Author: Justus Winter Date: Tue Mar 28 16:32:09 2017 +0200 tests: Run the threading tests only on UNIX. * tests/gpg/Makefile.am (tests_unix): Add 't-thread-keylist' and 't-thread-keylist-verify'. (c_tests): Drop them here. -- The tests use pthreads and we suspect problems with MinGW's wrappers. Signed-off-by: Justus Winter diff --git a/tests/gpg/Makefile.am b/tests/gpg/Makefile.am index 8e26a92..9b74ba6 100644 --- a/tests/gpg/Makefile.am +++ b/tests/gpg/Makefile.am @@ -31,15 +31,15 @@ noinst_HEADERS = t-support.h if HAVE_W32_SYSTEM tests_unix = else -tests_unix = t-eventloop t-thread1 +tests_unix = t-eventloop t-thread1 t-thread-keylist t-thread-keylist-verify endif c_tests = \ t-encrypt t-encrypt-sym t-encrypt-sign t-sign t-signers \ t-decrypt t-verify t-decrypt-verify t-sig-notation t-export \ t-import t-trustlist t-edit t-keylist t-keylist-sig t-wait \ - t-encrypt-large t-file-name t-gpgconf t-encrypt-mixed $(tests_unix) \ - t-thread-keylist t-thread-keylist-verify + t-encrypt-large t-file-name t-gpgconf t-encrypt-mixed \ + $(tests_unix) TESTS = initial.test $(c_tests) final.test commit a13e4abe9463579ef23d1acea39a093abfc6528d Author: Justus Winter Date: Tue Mar 28 16:30:03 2017 +0200 tests: Make error message more helpful. * tests/gpg/t-keylist.c (main): Print number of returned and expected keys. Signed-off-by: Justus Winter diff --git a/tests/gpg/t-keylist.c b/tests/gpg/t-keylist.c index 6ee023c..8a32f9b 100644 --- a/tests/gpg/t-keylist.c +++ b/tests/gpg/t-keylist.c @@ -568,7 +568,8 @@ main (int argc, char **argv) if (keys[i].fpr) { - fprintf (stderr, "Less keys returned than expected\n"); + fprintf (stderr, "Less keys (%d) returned than expected (%d)\n", + i, DIM (keys) - 1); exit (1); } ----------------------------------------------------------------------- Summary of changes: tests/gpg/Makefile.am | 6 +++--- tests/gpg/t-keylist.c | 3 ++- 2 files changed, 5 insertions(+), 4 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 28 18:04:18 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 28 Mar 2017 18:04:18 +0200 Subject: [git] gnupg-doc - branch, master, updated. 2e13c1e4704e64554d8113b574ca461a8cfa3819 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 2e13c1e4704e64554d8113b574ca461a8cfa3819 (commit) from 1d5404a9815f0280690d18577f987ea0b2c09c46 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2e13c1e4704e64554d8113b574ca461a8cfa3819 Author: Werner Koch Date: Tue Mar 28 18:01:10 2017 +0200 web: Add a link to the GnuPG line of the download table diff --git a/web/download/index.org b/web/download/index.org index 302fcc9..ce3194f 100644 --- a/web/download/index.org +++ b/web/download/index.org @@ -45,7 +45,7 @@ | Name | Version | Date | Size | Tarball | Signature | |--------------+------------------------+-------------------------+-------------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------| | | | | | | | - | GnuPG | {{{gnupg21_ver}}} | {{{gnupg21_date}}} | {{{gnupg21_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg21_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg21_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | [[../software/index.org][GnuPG]] | {{{gnupg21_ver}}} | {{{gnupg21_date}}} | {{{gnupg21_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg21_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg21_ver}}}.tar.bz2.sig{{{ftpclose}}} | |--------------+------------------------+-------------------------+-------------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------| | [[../software/libgpg-error/index.org][Libgpg-error]] | {{{libgpg_error_ver}}} | {{{libgpg_error_date}}} | {{{libgpg_error_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2.sig{{{ftpclose}}} | | [[../software/libgcrypt/index.org][Libgcrypt]] | {{{libgcrypt_ver}}} | {{{libgcrypt_date}}} | {{{libgcrypt_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2.sig{{{ftpclose}}} | @@ -60,7 +60,7 @@ | [[../software/gpa/index.org][GPA]] | {{{gpa_ver}}} | {{{gpa_date}}} | {{{gpa_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gpa/gpa-{{{gpa_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gpa/gpa-{{{gpa_ver}}}.tar.bz2.sig{{{ftpclose}}} | |--------------+------------------------+-------------------------+-------------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------| | GnuPG 2.0 | {{{gnupg_ver}}} | {{{gnupg_date}}} | {{{gnupg_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg_ver}}}.tar.bz2.sig{{{ftpclose}}} | - | GnuPG 1.4 | {{{gnupg1_ver}}} | {{{gnupg1_date}}} | {{{gnupg1_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg1_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg1_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | GnuPG 1.4 | {{{gnupg1_ver}}} | {{{gnupg1_date}}} | {{{gnupg1_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg1_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg1_ver}}}.tar.bz2.sig{{{ftpclose}}} | | Dirmngr 1 | {{{dirmngr_ver}}} | {{{dirmngr_date}}} | {{{dirmngr_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2.sig{{{ftpclose}}} | |--------------+------------------------+-------------------------+-------------------------+--------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------| diff --git a/web/download/integrity_check.org b/web/download/integrity_check.org index 35ae583..573b871 100644 --- a/web/download/integrity_check.org +++ b/web/download/integrity_check.org @@ -108,7 +108,6 @@ {{{begin_chksum}}} {{{gnupg21_sha1}}} gnupg-{{{gnupg21_ver}}}.tar.bz2 {{{gnupg21_w32_sha1}}} gnupg-w32-{{{gnupg21_w32_ver}}}.exe - {{{gnupg_sha1}}} gnupg-{{{gnupg_ver}}}.tar.bz2 {{{libgpg_error_sha1}}} libgpg-error-{{{libgpg_error_ver}}}.tar.bz2 {{{libgcrypt_sha1}}} libgcrypt-{{{libgcrypt_ver}}}.tar.bz2 {{{libksba_sha1}}} libksba-{{{libksba_ver}}}.tar.bz2 @@ -119,6 +118,7 @@ {{{gpgme_sha1}}} gpgme-{{{gpgme_ver}}}.tar.bz2 {{{gpa_sha1}}} gpa-{{{gpa_ver}}}.tar.bz2 {{{dirmngr_sha1}}} dirmngr-{{{dirmngr_ver}}}.tar.bz2 + {{{gnupg_sha1}}} gnupg-{{{gnupg_ver}}}.tar.bz2 {{{gnupg1_sha1}}} gnupg-{{{gnupg1_ver}}}.tar.bz2 {{{gnupg1_w32cli_sha1}}} gnupg-w32cli-{{{gnupg1_w32cli_ver}}}.exe {{{end_chksum}}} ----------------------------------------------------------------------- Summary of changes: web/download/index.org | 4 ++-- web/download/integrity_check.org | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue Mar 28 19:14:27 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 28 Mar 2017 19:14:27 +0200 Subject: [git] gnupg-doc - branch, master, updated. c61e02c324cab09682f1d68dba22233544e1e883 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via c61e02c324cab09682f1d68dba22233544e1e883 (commit) from 2e13c1e4704e64554d8113b574ca461a8cfa3819 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c61e02c324cab09682f1d68dba22233544e1e883 Author: Werner Koch Date: Tue Mar 28 19:11:17 2017 +0200 swdb: Release updated Windows installer for 2.1.19 diff --git a/web/index.org b/web/index.org index f5c8145..53a693a 100644 --- a/web/index.org +++ b/web/index.org @@ -61,6 +61,12 @@ The latest release news:\\ # point or paste the [[news.en.rss][RSS file]] into your aggregator. +** New installer for GnuPG 2.1.19 (2017-03-28) + +An updated Windows [[https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.1.19_20170328.exe][installer]] for GnuPG 2.1.19 is now available. This +installer fixes problems retrieving keys for [[https://posteo.de][Posteo]] accounts and other +servers with limited set of TLS algorithms. + ** GnuPG Made Easy 1.9.0 released (2017-03-28) [[file:software/gpgme/index.org][GPGME]] is a library that allows to add support for cryptography to a diff --git a/web/swdb.mac b/web/swdb.mac index c1dee42..34a7799 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -26,11 +26,11 @@ #+macro: gnupg21_size 6254k #+macro: gnupg21_sha1 10a088a6716789ac5c5cce2776952d8f4a5c57fc #+macro: gnupg21_sha2 46cced1f5641ce29cc28250f52fadf6e417e649b3bfdec49a5a0d0b22a639bf0 -#+macro: gnupg21_w32_ver 2.1.19_20170301 -#+macro: gnupg21_w32_date 2017-03-01 +#+macro: gnupg21_w32_ver 2.1.19_20170328 +#+macro: gnupg21_w32_date 2017-03-28 #+macro: gnupg21_w32_size 3747k -#+macro: gnupg21_w32_sha1 2614462170937abae1293cf227cacfb1028a11d3 -#+macro: gnupg21_w32_sha2 c59014bc9087831688129f1367360c92552274fd4bfdc2000e23436db75344fc +#+macro: gnupg21_w32_sha1 0815f0661e24f5893ba90b088b29fbdef57aab7b +#+macro: gnupg21_w32_sha2 9e0086573c5362fdf41a379e24a2ba0ba4bbe56493811d831ae426a394565c56 # ----------------------------------------------------------------------- Summary of changes: web/index.org | 6 ++++++ web/swdb.mac | 8 ++++---- 2 files changed, 10 insertions(+), 4 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 29 10:09:41 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 29 Mar 2017 10:09:41 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-90-g0526c99 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 0526c99164d3531b5ec763ffc672407eb24b2296 (commit) via f5b565a5b8de3f2a3d98bc1a655e18333aee223b (commit) via 5b3523d3e055158cb9beb2c4a8419df52c764a18 (commit) from b20780658ebb1e1245db18c04db3e815399cf706 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0526c99164d3531b5ec763ffc672407eb24b2296 Author: Werner Koch Date: Wed Mar 29 10:02:40 2017 +0200 gpg: Change parse_packet to take a context. * g10/packet.h (struct parse_packet_ctx_s): New. (parse_packet_ctx_t): New type. (init_parse_packet): New macro. * g10/parse-packet.c (parse_packet, dbg_parse_packet): Change to take a parse context. Change all callers to provide a context instead of directly supplying the input stream. (search_packet, dbg_search_packet): Ditto. (copy_all_packets, dbg_copy_all_packets): Init an use a parse context. (copy_some_packets, dbg_copy_some_packets): Ditto. (skip_some_packets, dbg_skip_some_packets): Ditto. -- We will need this change to handle ring packets inside the parser. Signed-off-by: Werner Koch diff --git a/g10/import.c b/g10/import.c index ea7a92f..9aa6c8b 100644 --- a/g10/import.c +++ b/g10/import.c @@ -762,6 +762,7 @@ static int read_block( IOBUF a, PACKET **pending_pkt, kbnode_t *ret_root, int *r_v3keys) { int rc; + struct parse_packet_ctx_s parsectx; PACKET *pkt; kbnode_t root = NULL; int in_cert, in_v3key; @@ -779,8 +780,9 @@ read_block( IOBUF a, PACKET **pending_pkt, kbnode_t *ret_root, int *r_v3keys) pkt = xmalloc (sizeof *pkt); init_packet (pkt); + init_parse_packet (&parsectx, a); in_v3key = 0; - while ((rc=parse_packet(a, pkt)) != -1) + while ((rc=parse_packet (&parsectx, pkt)) != -1) { if (rc && (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY && (pkt->pkttype == PKT_PUBLIC_KEY diff --git a/g10/keydb.c b/g10/keydb.c index 27dacf2..c0bc9f5 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -1156,6 +1156,7 @@ parse_keyblock_image (iobuf_t iobuf, int pk_no, int uid_no, const u32 *sigstatus, kbnode_t *r_keyblock) { gpg_error_t err; + struct parse_packet_ctx_s parsectx; PACKET *pkt; kbnode_t keyblock = NULL; kbnode_t node, *tail; @@ -1169,12 +1170,13 @@ parse_keyblock_image (iobuf_t iobuf, int pk_no, int uid_no, if (!pkt) return gpg_error_from_syserror (); init_packet (pkt); + init_parse_packet (&parsectx, iobuf); save_mode = set_packet_list_mode (0); in_cert = 0; n_sigs = 0; tail = NULL; pk_count = uid_count = 0; - while ((err = parse_packet (iobuf, pkt)) != -1) + while ((err = parse_packet (&parsectx, pkt)) != -1) { if (gpg_err_code (err) == GPG_ERR_UNKNOWN_PACKET) { diff --git a/g10/keyedit.c b/g10/keyedit.c index 9a7fe13..76d1889 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -2431,6 +2431,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, char *fname; PACKET *pkt; IOBUF a; + struct parse_packet_ctx_s parsectx; if (!*arg_string) { @@ -2464,7 +2465,8 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, /* Parse and check that file. */ pkt = xmalloc (sizeof *pkt); init_packet (pkt); - err = parse_packet (a, pkt); + init_parse_packet (&parsectx, a); + err = parse_packet (&parsectx, pkt); iobuf_close (a); iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char *) fname); if (!err && pkt->pkttype != PKT_SECRET_KEY diff --git a/g10/keyring.c b/g10/keyring.c index 31f60f9..e4fc111 100644 --- a/g10/keyring.c +++ b/g10/keyring.c @@ -378,6 +378,7 @@ int keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb) { PACKET *pkt; + struct parse_packet_ctx_s parsectx; int rc; KBNODE keyblock = NULL, node, lastnode; IOBUF a; @@ -407,10 +408,11 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb) pkt = xmalloc (sizeof *pkt); init_packet (pkt); + init_parse_packet (&parsectx, a); hd->found.n_packets = 0;; lastnode = NULL; save_mode = set_packet_list_mode(0); - while ((rc=parse_packet (a, pkt)) != -1) { + while ((rc=parse_packet (&parsectx, pkt)) != -1) { hd->found.n_packets++; if (gpg_err_code (rc) == GPG_ERR_UNKNOWN_PACKET) { free_packet (pkt); @@ -985,6 +987,7 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc, { int rc; PACKET pkt; + struct parse_packet_ctx_s parsectx; int save_mode; off_t offset, main_offset; size_t n; @@ -1120,12 +1123,13 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc, if (DBG_LOOKUP) log_debug ("%s: %ssearching from start of resource.\n", __func__, scanned_from_start ? "" : "not "); + init_parse_packet (&parsectx, hd->current.iobuf); while (1) { byte afp[MAX_FINGERPRINT_LEN]; size_t an; - rc = search_packet (hd->current.iobuf, &pkt, &offset, need_uid); + rc = search_packet (&parsectx, &pkt, &offset, need_uid); if (ignore_legacy && gpg_err_code (rc) == GPG_ERR_LEGACY_KEY) { free_packet (&pkt); diff --git a/g10/mainproc.c b/g10/mainproc.c index 4c5dce1..30d9b18 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1330,6 +1330,7 @@ static int do_proc_packets (ctrl_t ctrl, CTX c, iobuf_t a) { PACKET *pkt; + struct parse_packet_ctx_s parsectx; int rc = 0; int any_data = 0; int newpkt; @@ -1341,7 +1342,8 @@ do_proc_packets (ctrl_t ctrl, CTX c, iobuf_t a) pkt = xmalloc( sizeof *pkt ); c->iobuf = a; init_packet(pkt); - while ((rc=parse_packet(a, pkt)) != -1) + init_parse_packet (&parsectx, a); + while ((rc=parse_packet (&parsectx, pkt)) != -1) { any_data = 1; if (rc) diff --git a/g10/packet.h b/g10/packet.h index efccc76..ffa1fe9 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -592,12 +592,26 @@ int list_packets( iobuf_t a ); */ int set_packet_list_mode( int mode ); + +/* A context used with parse_packet. */ +struct parse_packet_ctx_s +{ + iobuf_t inp; /* The input stream with the packets. */ +}; +typedef struct parse_packet_ctx_s *parse_packet_ctx_t; + +#define init_parse_packet(a,i) do { (a)->inp = (i); \ + /**/ } while (0) + + + #if DEBUG_PARSE_PACKET /* There are debug functions and should not be used directly. */ -int dbg_search_packet( iobuf_t inp, PACKET *pkt, off_t *retpos, int with_uid, +int dbg_search_packet (parse_packet_ctx_t ctx, PACKET *pkt, + off_t *retpos, int with_uid, const char* file, int lineno ); -int dbg_parse_packet( iobuf_t inp, PACKET *ret_pkt, - const char* file, int lineno ); +int dbg_parse_packet (parse_packet_ctx_t ctx, PACKET *ret_pkt, + const char *file, int lineno); int dbg_copy_all_packets( iobuf_t inp, iobuf_t out, const char* file, int lineno ); int dbg_copy_some_packets( iobuf_t inp, iobuf_t out, off_t stopoff, @@ -616,51 +630,53 @@ int dbg_skip_some_packets( iobuf_t inp, unsigned n, dbg_skip_some_packets((a),(b), __FILE__, __LINE__ ) #else /* Return the next valid OpenPGP packet in *PKT. (This function will - skip any packets whose type is 0.) - - Returns 0 on success, -1 if EOF is reached, and an error code - otherwise. In the case of an error, the packet in *PKT may be - partially constructed. As such, even if there is an error, it is - necessary to free *PKT to avoid a resource leak. To detect what - has been allocated, clear *PKT before calling this function. */ -int parse_packet( iobuf_t inp, PACKET *pkt); + * skip any packets whose type is 0.) CTX must have been setup prior to + * calling this function. + * + * Returns 0 on success, -1 if EOF is reached, and an error code + * otherwise. In the case of an error, the packet in *PKT may be + * partially constructed. As such, even if there is an error, it is + * necessary to free *PKT to avoid a resource leak. To detect what + * has been allocated, clear *PKT before calling this function. */ +int parse_packet (parse_packet_ctx_t ctx, PACKET *pkt); /* Return the first OpenPGP packet in *PKT that contains a key (either - a public subkey, a public key, a secret subkey or a secret key) or, - if WITH_UID is set, a user id. - - Saves the position in the pipeline of the start of the returned - packet (according to iobuf_tell) in RETPOS, if it is not NULL. - - The return semantics are the same as parse_packet. */ -int search_packet( iobuf_t inp, PACKET *pkt, off_t *retpos, int with_uid ); + * a public subkey, a public key, a secret subkey or a secret key) or, + * if WITH_UID is set, a user id. + * + * Saves the position in the pipeline of the start of the returned + * packet (according to iobuf_tell) in RETPOS, if it is not NULL. + * + * The return semantics are the same as parse_packet. */ +int search_packet (parse_packet_ctx_t ctx, PACKET *pkt, + off_t *retpos, int with_uid); /* Copy all packets (except invalid packets, i.e., those with a type - of 0) from INP to OUT until either an error occurs or EOF is - reached. - - Returns -1 when end of file is reached or an error code, if an - error occurred. (Note: this function never returns 0, because it - effectively keeps going until it gets an EOF.) */ -int copy_all_packets( iobuf_t inp, iobuf_t out ); + * of 0) from INP to OUT until either an error occurs or EOF is + * reached. + * + * Returns -1 when end of file is reached or an error code, if an + * error occurred. (Note: this function never returns 0, because it + * effectively keeps going until it gets an EOF.) */ +int copy_all_packets (iobuf_t inp, iobuf_t out ); /* Like copy_all_packets, but stops at the first packet that starts at - or after STOPOFF (as indicated by iobuf_tell). - - Example: if STOPOFF is 100, the first packet in INP goes from 0 to - 110 and the next packet starts at offset 111, then the packet - starting at offset 0 will be completely processed (even though it - extends beyond STOPOFF) and the packet starting at offset 111 will - not be processed at all. */ -int copy_some_packets( iobuf_t inp, iobuf_t out, off_t stopoff ); + * or after STOPOFF (as indicated by iobuf_tell). + * + * Example: if STOPOFF is 100, the first packet in INP goes from + * 0 to 110 and the next packet starts at offset 111, then the packet + * starting at offset 0 will be completely processed (even though it + * extends beyond STOPOFF) and the packet starting at offset 111 will + * not be processed at all. */ +int copy_some_packets (iobuf_t inp, iobuf_t out, off_t stopoff); /* Skips the next N packets from INP. - - If parsing a packet returns an error code, then the function stops - immediately and returns the error code. Note: in the case of an - error, this function does not indicate how many packets were - successfully processed. */ -int skip_some_packets( iobuf_t inp, unsigned n ); + * + * If parsing a packet returns an error code, then the function stops + * immediately and returns the error code. Note: in the case of an + * error, this function does not indicate how many packets were + * successfully processed. */ +int skip_some_packets (iobuf_t inp, unsigned int n); #endif /* Parse a signature packet and store it in *SIG. diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 06b286b..7766a45 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -48,7 +48,7 @@ static int mpi_print_mode; static int list_mode; static estream_t listfp; -static int parse (IOBUF inp, PACKET * pkt, int onlykeypkts, +static int parse (parse_packet_ctx_t ctx, PACKET *pkt, int onlykeypkts, off_t * retpos, int *skip, IOBUF out, int do_skip #ifdef DEBUG_PARSE_PACKET , const char *dbg_w, const char *dbg_f, int dbg_l @@ -263,26 +263,27 @@ unknown_pubkey_warning (int algo) #ifdef DEBUG_PARSE_PACKET int -dbg_parse_packet (IOBUF inp, PACKET *pkt, const char *dbg_f, int dbg_l) +dbg_parse_packet (parse_packet_ctx_t ctx, PACKET *pkt, + const char *dbg_f, int dbg_l) { int skip, rc; do { - rc = parse (inp, pkt, 0, NULL, &skip, NULL, 0, "parse", dbg_f, dbg_l); + rc = parse (ctx, pkt, 0, NULL, &skip, NULL, 0, "parse", dbg_f, dbg_l); } while (skip && ! rc); return rc; } #else /*!DEBUG_PARSE_PACKET*/ int -parse_packet (IOBUF inp, PACKET * pkt) +parse_packet (parse_packet_ctx_t ctx, PACKET *pkt) { int skip, rc; do { - rc = parse (inp, pkt, 0, NULL, &skip, NULL, 0); + rc = parse (ctx, pkt, 0, NULL, &skip, NULL, 0); } while (skip && ! rc); return rc; @@ -296,29 +297,30 @@ parse_packet (IOBUF inp, PACKET * pkt) */ #ifdef DEBUG_PARSE_PACKET int -dbg_search_packet (IOBUF inp, PACKET * pkt, off_t * retpos, int with_uid, +dbg_search_packet (parse_packet_ctx_t ctx, PACKET *pkt, + off_t * retpos, int with_uid, const char *dbg_f, int dbg_l) { int skip, rc; do { - rc = - parse (inp, pkt, with_uid ? 2 : 1, retpos, &skip, NULL, 0, "search", - dbg_f, dbg_l); + rc = parse (ctx, pkt, with_uid ? 2 : 1, retpos, &skip, NULL, 0, "search", + dbg_f, dbg_l); } while (skip && ! rc); return rc; } #else /*!DEBUG_PARSE_PACKET*/ int -search_packet (IOBUF inp, PACKET * pkt, off_t * retpos, int with_uid) +search_packet (parse_packet_ctx_t ctx, PACKET *pkt, + off_t * retpos, int with_uid) { int skip, rc; do { - rc = parse (inp, pkt, with_uid ? 2 : 1, retpos, &skip, NULL, 0); + rc = parse (ctx, pkt, with_uid ? 2 : 1, retpos, &skip, NULL, 0); } while (skip && ! rc); return rc; @@ -331,38 +333,45 @@ search_packet (IOBUF inp, PACKET * pkt, off_t * retpos, int with_uid) */ #ifdef DEBUG_PARSE_PACKET int -dbg_copy_all_packets (IOBUF inp, IOBUF out, const char *dbg_f, int dbg_l) +dbg_copy_all_packets (iobuf_t inp, iobuf_t out, const char *dbg_f, int dbg_l) { PACKET pkt; + struct parse_packet_ctx_s parsectx; int skip, rc = 0; if (! out) log_bug ("copy_all_packets: OUT may not be NULL.\n"); + init_parse_packet (&parsectx, inp); + do { init_packet (&pkt); } while (! (rc = - parse (inp, &pkt, 0, NULL, &skip, out, 0, "copy", dbg_f, dbg_l))); + parse (&parsectx, &pkt, 0, NULL, &skip, out, 0, "copy", + dbg_f, dbg_l))); return rc; } #else /*!DEBUG_PARSE_PACKET*/ int -copy_all_packets (IOBUF inp, IOBUF out) +copy_all_packets (iobuf_t inp, iobuf_t out) { PACKET pkt; + struct parse_packet_ctx_s parsectx; int skip, rc = 0; if (! out) log_bug ("copy_all_packets: OUT may not be NULL.\n"); + init_parse_packet (&parsectx, inp); + do { init_packet (&pkt); } - while (!(rc = parse (inp, &pkt, 0, NULL, &skip, out, 0))); + while (!(rc = parse (&parsectx, &pkt, 0, NULL, &skip, out, 0))); return rc; } #endif /*!DEBUG_PARSE_PACKET*/ @@ -375,34 +384,44 @@ copy_all_packets (IOBUF inp, IOBUF out) */ #ifdef DEBUG_PARSE_PACKET int -dbg_copy_some_packets (IOBUF inp, IOBUF out, off_t stopoff, +dbg_copy_some_packets (iobuf_t inp, iobuf_t out, off_t stopoff, const char *dbg_f, int dbg_l) { + int rc = 0; PACKET pkt; - int skip, rc = 0; + int skip; + struct parse_packet_ctx_s parsectx; + + init_parse_packet (&parsectx, inp); + do { if (iobuf_tell (inp) >= stopoff) return 0; init_packet (&pkt); } - while (!(rc = parse (inp, &pkt, 0, NULL, &skip, out, 0, + while (!(rc = parse (&parsectx, &pkt, 0, NULL, &skip, out, 0, "some", dbg_f, dbg_l))); return rc; } #else /*!DEBUG_PARSE_PACKET*/ int -copy_some_packets (IOBUF inp, IOBUF out, off_t stopoff) +copy_some_packets (iobuf_t inp, iobuf_t out, off_t stopoff) { + int rc = 0; PACKET pkt; - int skip, rc = 0; + struct parse_packet_ctx_s parsectx; + int skip; + + init_parse_packet (&parsectx, inp); + do { if (iobuf_tell (inp) >= stopoff) return 0; init_packet (&pkt); } - while (!(rc = parse (inp, &pkt, 0, NULL, &skip, out, 0))); + while (!(rc = parse (&parsectx, &pkt, 0, NULL, &skip, out, 0))); return rc; } #endif /*!DEBUG_PARSE_PACKET*/ @@ -413,29 +432,38 @@ copy_some_packets (IOBUF inp, IOBUF out, off_t stopoff) */ #ifdef DEBUG_PARSE_PACKET int -dbg_skip_some_packets (IOBUF inp, unsigned n, const char *dbg_f, int dbg_l) +dbg_skip_some_packets (iobuf_t inp, unsigned n, const char *dbg_f, int dbg_l) { - int skip, rc = 0; + int rc = 0; + int skip; PACKET pkt; + struct parse_packet_ctx_s parsectx; + + init_parse_packet (&parsectx, inp); for (; n && !rc; n--) { init_packet (&pkt); - rc = parse (inp, &pkt, 0, NULL, &skip, NULL, 1, "skip", dbg_f, dbg_l); + rc = parse (&parsectx, &pkt, 0, NULL, &skip, NULL, 1, "skip", + dbg_f, dbg_l); } return rc; } #else /*!DEBUG_PARSE_PACKET*/ int -skip_some_packets (IOBUF inp, unsigned n) +skip_some_packets (iobuf_t inp, unsigned int n) { - int skip, rc = 0; + int rc = 0; + int skip; PACKET pkt; + struct parse_packet_ctx_s parsectx; + + init_parse_packet (&parsectx, inp); for (; n && !rc; n--) { init_packet (&pkt); - rc = parse (inp, &pkt, 0, NULL, &skip, NULL, 1); + rc = parse (&parsectx, &pkt, 0, NULL, &skip, NULL, 1); } return rc; } @@ -466,18 +494,20 @@ skip_some_packets (IOBUF inp, unsigned n) Note: ONLYKEYPKTS and DO_SKIP are only respected if OUT is NULL, i.e., the packets are not simply being copied. - If RETPOS is not NULL, then the position of INP (as returned by - iobuf_tell) is saved there before any data is read from INP. + If RETPOS is not NULL, then the position of CTX->INP (as returned by + iobuf_tell) is saved there before any data is read from CTX->INP. */ static int -parse (IOBUF inp, PACKET * pkt, int onlykeypkts, off_t * retpos, +parse (parse_packet_ctx_t ctx, PACKET *pkt, int onlykeypkts, off_t * retpos, int *skip, IOBUF out, int do_skip #ifdef DEBUG_PARSE_PACKET , const char *dbg_w, const char *dbg_f, int dbg_l #endif ) { - int rc = 0, c, ctb, pkttype, lenbytes; + int rc = 0; + iobuf_t inp; + int c, ctb, pkttype, lenbytes; unsigned long pktlen; byte hdr[8]; int hdrlen; @@ -486,6 +516,8 @@ parse (IOBUF inp, PACKET * pkt, int onlykeypkts, off_t * retpos, off_t pos; *skip = 0; + inp = ctx->inp; + log_assert (!pkt->pkt.generic); if (retpos || list_mode) { commit f5b565a5b8de3f2a3d98bc1a655e18333aee223b Author: Werner Koch Date: Wed Mar 29 08:44:52 2017 +0200 gpg: Export ring trust packets in backup mode. * g10/export.c (write_keyblock_to_output): Export ring trust packets. Signed-off-by: Werner Koch diff --git a/g10/export.c b/g10/export.c index a7aecd6..5b0c81d 100644 --- a/g10/export.c +++ b/g10/export.c @@ -1282,8 +1282,11 @@ write_keyblock_to_output (kbnode_t keyblock, int with_armor, for (node = keyblock; node; node = node->next) { - if (is_deleted_kbnode (node) || node->pkt->pkttype == PKT_RING_TRUST) + if (is_deleted_kbnode (node)) continue; + if (node->pkt->pkttype == PKT_RING_TRUST && !(options & EXPORT_BACKUP)) + continue; + if (!pk && (node->pkt->pkttype == PKT_PUBLIC_KEY || node->pkt->pkttype == PKT_SECRET_KEY)) pk = node->pkt->pkt.public_key; commit 5b3523d3e055158cb9beb2c4a8419df52c764a18 Author: Werner Koch Date: Wed Mar 29 08:43:04 2017 +0200 indent: Re-indent parts of build-packet.c -- diff --git a/g10/build-packet.c b/g10/build-packet.c index c81c1ab..512e55c 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -85,93 +85,101 @@ ctb_pkttype (int ctb) int build_packet( IOBUF out, PACKET *pkt ) { - int new_ctb=0, rc=0, ctb; - int pkttype; + int rc = 0; + int new_ctb = 0; + int ctb, pkttype; - if( DBG_PACKET ) - log_debug("build_packet() type=%d\n", pkt->pkttype ); - log_assert( pkt->pkt.generic ); + if (DBG_PACKET) + log_debug ("build_packet() type=%d\n", pkt->pkttype); + log_assert (pkt->pkt.generic); - switch ((pkttype = pkt->pkttype)) - { - case PKT_PUBLIC_KEY: - if (pkt->pkt.public_key->seckey_info) - pkttype = PKT_SECRET_KEY; - break; - case PKT_PUBLIC_SUBKEY: - if (pkt->pkt.public_key->seckey_info) - pkttype = PKT_SECRET_SUBKEY; - break; - case PKT_PLAINTEXT: new_ctb = pkt->pkt.plaintext->new_ctb; break; - case PKT_ENCRYPTED: - case PKT_ENCRYPTED_MDC: new_ctb = pkt->pkt.encrypted->new_ctb; break; - case PKT_COMPRESSED:new_ctb = pkt->pkt.compressed->new_ctb; break; - case PKT_USER_ID: - if( pkt->pkt.user_id->attrib_data ) - pkttype = PKT_ATTRIBUTE; - break; - default: break; - } + switch ((pkttype = pkt->pkttype)) + { + case PKT_PUBLIC_KEY: + if (pkt->pkt.public_key->seckey_info) + pkttype = PKT_SECRET_KEY; + break; + case PKT_PUBLIC_SUBKEY: + if (pkt->pkt.public_key->seckey_info) + pkttype = PKT_SECRET_SUBKEY; + break; + case PKT_PLAINTEXT: + new_ctb = pkt->pkt.plaintext->new_ctb; + break; + case PKT_ENCRYPTED: + case PKT_ENCRYPTED_MDC: + new_ctb = pkt->pkt.encrypted->new_ctb; + break; + case PKT_COMPRESSED: + new_ctb = pkt->pkt.compressed->new_ctb; + break; + case PKT_USER_ID: + if (pkt->pkt.user_id->attrib_data) + pkttype = PKT_ATTRIBUTE; + break; + default: + break; + } - if( new_ctb || pkttype > 15 ) /* new format */ - ctb = 0xc0 | (pkttype & 0x3f); - else - ctb = 0x80 | ((pkttype & 15)<<2); - switch( pkttype ) - { - case PKT_ATTRIBUTE: - case PKT_USER_ID: - rc = do_user_id( out, ctb, pkt->pkt.user_id ); - break; - case PKT_OLD_COMMENT: - case PKT_COMMENT: - /* - Ignore these. Theoretically, this will never be called as - we have no way to output comment packets any longer, but - just in case there is some code path that would end up - outputting a comment that was written before comments were - dropped (in the public key?) this is a no-op. - */ - break; - case PKT_PUBLIC_SUBKEY: - case PKT_PUBLIC_KEY: - case PKT_SECRET_SUBKEY: - case PKT_SECRET_KEY: - rc = do_key (out, ctb, pkt->pkt.public_key); - break; - case PKT_SYMKEY_ENC: - rc = do_symkey_enc( out, ctb, pkt->pkt.symkey_enc ); - break; - case PKT_PUBKEY_ENC: - rc = do_pubkey_enc( out, ctb, pkt->pkt.pubkey_enc ); - break; - case PKT_PLAINTEXT: - rc = do_plaintext( out, ctb, pkt->pkt.plaintext ); - break; - case PKT_ENCRYPTED: - rc = do_encrypted( out, ctb, pkt->pkt.encrypted ); - break; - case PKT_ENCRYPTED_MDC: - rc = do_encrypted_mdc( out, ctb, pkt->pkt.encrypted ); - break; - case PKT_COMPRESSED: - rc = do_compressed( out, ctb, pkt->pkt.compressed ); - break; - case PKT_SIGNATURE: - rc = do_signature( out, ctb, pkt->pkt.signature ); - break; - case PKT_ONEPASS_SIG: - rc = do_onepass_sig( out, ctb, pkt->pkt.onepass_sig ); - break; - case PKT_RING_TRUST: - break; /* ignore it (keyring.c does write it directly)*/ - case PKT_MDC: /* we write it directly, so we should never see it here. */ - default: - log_bug("invalid packet type in build_packet()\n"); - break; - } + if (new_ctb || pkttype > 15) /* new format */ + ctb = (0xc0 | (pkttype & 0x3f)); + else + ctb = (0x80 | ((pkttype & 15)<<2)); + switch (pkttype) + { + case PKT_ATTRIBUTE: + case PKT_USER_ID: + rc = do_user_id (out, ctb, pkt->pkt.user_id); + break; + case PKT_OLD_COMMENT: + case PKT_COMMENT: + /* Ignore these. Theoretically, this will never be called as we + * have no way to output comment packets any longer, but just in + * case there is some code path that would end up outputting a + * comment that was written before comments were dropped (in the + * public key?) this is a no-op. */ + break; + case PKT_PUBLIC_SUBKEY: + case PKT_PUBLIC_KEY: + case PKT_SECRET_SUBKEY: + case PKT_SECRET_KEY: + rc = do_key (out, ctb, pkt->pkt.public_key); + break; + case PKT_SYMKEY_ENC: + rc = do_symkey_enc (out, ctb, pkt->pkt.symkey_enc); + break; + case PKT_PUBKEY_ENC: + rc = do_pubkey_enc (out, ctb, pkt->pkt.pubkey_enc); + break; + case PKT_PLAINTEXT: + rc = do_plaintext (out, ctb, pkt->pkt.plaintext); + break; + case PKT_ENCRYPTED: + rc = do_encrypted (out, ctb, pkt->pkt.encrypted); + break; + case PKT_ENCRYPTED_MDC: + rc = do_encrypted_mdc (out, ctb, pkt->pkt.encrypted); + break; + case PKT_COMPRESSED: + rc = do_compressed (out, ctb, pkt->pkt.compressed); + break; + case PKT_SIGNATURE: + rc = do_signature (out, ctb, pkt->pkt.signature); + break; + case PKT_ONEPASS_SIG: + rc = do_onepass_sig (out, ctb, pkt->pkt.onepass_sig); + break; + case PKT_RING_TRUST: + /* Ignore it (keyring.c does write it directly) */ + break; + case PKT_MDC: + /* We write it directly, so we should never see it here. */ + default: + log_bug ("invalid packet type in build_packet()\n"); + break; + } - return rc; + return rc; } @@ -262,34 +270,35 @@ gpg_mpi_write_nohdr (iobuf_t out, gcry_mpi_t a) u32 calc_packet_length( PACKET *pkt ) { - u32 n=0; - int new_ctb = 0; - - log_assert (pkt->pkt.generic); - switch( pkt->pkttype ) { - case PKT_PLAINTEXT: - n = calc_plaintext( pkt->pkt.plaintext ); - new_ctb = pkt->pkt.plaintext->new_ctb; - break; - case PKT_ATTRIBUTE: - case PKT_USER_ID: - case PKT_COMMENT: - case PKT_PUBLIC_KEY: - case PKT_SECRET_KEY: - case PKT_SYMKEY_ENC: - case PKT_PUBKEY_ENC: - case PKT_ENCRYPTED: - case PKT_SIGNATURE: - case PKT_ONEPASS_SIG: - case PKT_RING_TRUST: - case PKT_COMPRESSED: - default: - log_bug("invalid packet type in calc_packet_length()"); - break; + u32 n = 0; + int new_ctb = 0; + + log_assert (pkt->pkt.generic); + switch (pkt->pkttype) + { + case PKT_PLAINTEXT: + n = calc_plaintext (pkt->pkt.plaintext); + new_ctb = pkt->pkt.plaintext->new_ctb; + break; + case PKT_ATTRIBUTE: + case PKT_USER_ID: + case PKT_COMMENT: + case PKT_PUBLIC_KEY: + case PKT_SECRET_KEY: + case PKT_SYMKEY_ENC: + case PKT_PUBKEY_ENC: + case PKT_ENCRYPTED: + case PKT_SIGNATURE: + case PKT_ONEPASS_SIG: + case PKT_RING_TRUST: + case PKT_COMPRESSED: + default: + log_bug ("invalid packet type in calc_packet_length()"); + break; } - n += calc_header_length(n, new_ctb); - return n; + n += calc_header_length (n, new_ctb); + return n; } @@ -312,10 +321,10 @@ write_fake_data (IOBUF out, gcry_mpi_t a) /* Serialize the user id (RFC 4880, Section 5.11) or the user - attribute UID (Section 5.12) and write it to OUT. - - CTB is the serialization's CTB. It specifies the header format and - the packet's type. The header length must not be set. */ + * attribute UID (Section 5.12) and write it to OUT. + * + * CTB is the serialization's CTB. It specifies the header format and + * the packet's type. The header length must not be set. */ static int do_user_id( IOBUF out, int ctb, PKT_user_id *uid ) { @@ -339,17 +348,17 @@ do_user_id( IOBUF out, int ctb, PKT_user_id *uid ) /* Serialize the key (RFC 4880, Section 5.5) described by PK and write - it to OUT. - - This function serializes both primary keys and subkeys with or - without a secret part. - - CTB is the serialization's CTB. It specifies the header format and - the packet's type. The header length must not be set. - - PK->VERSION specifies the serialization format. A value of 0 means - to use the default version. Currently, only version 4 packets are - supported. + * it to OUT. + * + * This function serializes both primary keys and subkeys with or + * without a secret part. + * + * CTB is the serialization's CTB. It specifies the header format and + * the packet's type. The header length must not be set. + * + * PK->VERSION specifies the serialization format. A value of 0 means + * to use the default version. Currently, only version 4 packets are + * supported. */ static int do_key (iobuf_t out, int ctb, PKT_public_key *pk) @@ -496,36 +505,33 @@ do_key (iobuf_t out, int ctb, PKT_public_key *pk) return err; } -/* Serialize the symmetric-key encrypted session key packet (RFC 4880, - 5.3) described by ENC and write it to OUT. - CTB is the serialization's CTB. It specifies the header format and - the packet's type. The header length must not be set. */ +/* Serialize the symmetric-key encrypted session key packet (RFC 4880, + * 5.3) described by ENC and write it to OUT. + * + * CTB is the serialization's CTB. It specifies the header format and + * the packet's type. The header length must not be set. */ static int do_symkey_enc( IOBUF out, int ctb, PKT_symkey_enc *enc ) { - int rc = 0; - IOBUF a = iobuf_temp(); + int rc = 0; + IOBUF a = iobuf_temp(); - log_assert (ctb_pkttype (ctb) == PKT_SYMKEY_ENC); + log_assert (ctb_pkttype (ctb) == PKT_SYMKEY_ENC); - /* The only acceptable version. */ - log_assert( enc->version == 4 ); + /* The only acceptable version. */ + log_assert( enc->version == 4 ); - /* RFC 4880, Section 3.7. */ - switch( enc->s2k.mode ) - { - /* Simple S2K. */ - case 0: - /* Salted S2K. */ - case 1: - /* Iterated and salted S2K. */ - case 3: - /* Reasonable values. */ - break; + /* RFC 4880, Section 3.7. */ + switch (enc->s2k.mode) + { + case 0: /* Simple S2K. */ + case 1: /* Salted S2K. */ + case 3: /* Iterated and salted S2K. */ + break; /* Reasonable values. */ - default: - log_bug("do_symkey_enc: s2k=%d\n", enc->s2k.mode ); + default: + log_bug ("do_symkey_enc: s2k=%d\n", enc->s2k.mode); } iobuf_put( a, enc->version ); iobuf_put( a, enc->cipher_algo ); ----------------------------------------------------------------------- Summary of changes: g10/build-packet.c | 298 +++++++++++++++++++++++++++-------------------------- g10/export.c | 5 +- g10/import.c | 4 +- g10/keydb.c | 4 +- g10/keyedit.c | 4 +- g10/keyring.c | 8 +- g10/mainproc.c | 4 +- g10/packet.h | 96 ++++++++++------- g10/parse-packet.c | 94 +++++++++++------ 9 files changed, 293 insertions(+), 224 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Mar 29 11:33:23 2017 From: cvs at cvs.gnupg.org (by Alon Bar-Lev) Date: Wed, 29 Mar 2017 11:33:23 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.9.0-6-g9786e3a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 9786e3a96e6772166f3523e74a748b9db20fae7c (commit) from 7e9f7752c992f957ccfde3b274865c633096e3bb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9786e3a96e6772166f3523e74a748b9db20fae7c Author: Alon Bar-Lev Date: Tue Mar 28 21:55:59 2017 +0300 python,build: Reinstate prepare target. * lang/python/Makefile.am: Fix 'prepare' target. * lang/python/setup.py.in: Use 'abs_top_builddir' instead of guessing the path. -- 'prepare' will prepare target at PREPAREDIR. The automake integration will also make use of prepare target. Downstream distributors may also make use of prepare target. Signed-off-by: Alon Bar-Lev diff --git a/lang/python/Makefile.am b/lang/python/Makefile.am index d91ead9..a18a014 100644 --- a/lang/python/Makefile.am +++ b/lang/python/Makefile.am @@ -44,17 +44,22 @@ COPY_FILES_GPG = \ $(srcdir)/gpg/results.py \ $(srcdir)/gpg/util.py +.PHONY: prepare +prepare: + test -n "$(PREPAREDIR)" + $(MKDIR_P) "$(PREPAREDIR)/gpg" + cp -R $(COPY_FILES) "$(PREPAREDIR)" + cp setup.py "$(PREPAREDIR)" + cp gpg/version.py "$(PREPAREDIR)/gpg" + ln -sf "$(abs_top_srcdir)/src/data.h" "$(PREPAREDIR)" + ln -sf "$(abs_top_builddir)/config.h" "$(PREPAREDIR)" + cp -R $(COPY_FILES_GPG) "$(PREPAREDIR)/gpg" + # For VPATH builds we need to copy some files because Python's # distutils are not VPATH-aware. copystamp: $(COPY_FILES) $(COPY_FILES_GPG) set -e ; for VERSION in $(PYTHON_VERSIONS); do \ - $(MKDIR_P) python$${VERSION}-gpg/gpg ; \ - cp -R $(COPY_FILES) python$${VERSION}-gpg ; \ - cp setup.py python$${VERSION}-gpg ; \ - cp gpg/version.py python$${VERSION}-gpg/gpg ; \ - ln -sf "$(abs_top_srcdir)/src/data.h" python$${VERSION}-gpg ; \ - ln -sf "$(abs_top_builddir)/config.h" python$${VERSION}-gpg ; \ - cp -R $(COPY_FILES_GPG) python$${VERSION}-gpg/gpg ; \ + $(MAKE) PREPAREDIR=python$${VERSION}-gpg prepare; \ done touch $@ @@ -63,6 +68,7 @@ all-local: copystamp PYTHON="$$1" ; shift ; \ cd python$${VERSION}-gpg && \ CFLAGS="$(CFLAGS)" \ + abs_top_builddir="$(abs_top_builddir)" \ $$PYTHON setup.py build --verbose ; \ cd .. ; \ done @@ -71,12 +77,10 @@ python$(PYTHON_VERSION)-gpg/dist/gpg-$(VERSION).tar.gz \ python$(PYTHON_VERSION)-gpg/dist/gpg-$(VERSION).tar.gz.asc: copystamp cd python$(PYTHON_VERSION)-gpg && \ CFLAGS="$(CFLAGS)" \ + abs_top_builddir="$(abs_top_builddir)" \ $(PYTHON) setup.py sdist --verbose gpg2 --detach-sign --armor python$(PYTHON_VERSION)-gpg/dist/gpg-$(VERSION).tar.gz -.PHONY: prepare -prepare: copystamp - .PHONY: sdist sdist: python$(PYTHON_VERSION)-gpg/dist/gpg-$(VERSION).tar.gz \ python$(PYTHON_VERSION)-gpg/dist/gpg-$(VERSION).tar.gz.asc @@ -104,6 +108,7 @@ install-exec-local: set -e ; set $(PYTHONS); for VERSION in $(PYTHON_VERSIONS); do \ PYTHON="$$1" ; shift ; \ cd python$${VERSION}-gpg ; \ + abs_top_builddir="$(abs_top_builddir)" \ $$PYTHON setup.py install \ --prefix $(DESTDIR)$(prefix) \ --record files.txt \ diff --git a/lang/python/setup.py.in b/lang/python/setup.py.in index bf4efa3..8ddbf27 100755 --- a/lang/python/setup.py.in +++ b/lang/python/setup.py.in @@ -34,12 +34,13 @@ in_tree = False extra_swig_opts = [] extra_macros = dict() -if os.path.exists("../../../src/gpgme-config"): +abs_top_builddir = os.environ.get("abs_top_builddir") +if abs_top_builddir: # In-tree build. in_tree = True - gpgme_config = ["../../../src/gpgme-config"] + gpgme_config_flags - gpgme_h = "../../../src/gpgme.h" - library_dirs = ["../../../src/.libs"] # XXX uses libtool internals + gpgme_config = [os.path.join(abs_top_builddir, "src/gpgme-config")] + gpgme_config_flags + gpgme_h = os.path.join(abs_top_builddir, "src/gpgme.h") + library_dirs = [os.path.join(abs_top_builddir, "src/.libs")] # XXX uses libtool internals extra_macros.update( HAVE_CONFIG_H=1, HAVE_DATA_H=1, ----------------------------------------------------------------------- Summary of changes: lang/python/Makefile.am | 25 +++++++++++++++---------- lang/python/setup.py.in | 9 +++++---- 2 files changed, 20 insertions(+), 14 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 30 09:20:01 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 30 Mar 2017 09:20:01 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-93-ga8895c9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via a8895c99a7d0750132477d80cd66caaf3a709113 (commit) via afa86809087909a8ba2f9356588bf90cc923529c (commit) via ba57f8302a3ee12ff117b0243047241c44388179 (commit) from 0526c99164d3531b5ec763ffc672407eb24b2296 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a8895c99a7d0750132477d80cd66caaf3a709113 Author: Werner Koch Date: Thu Mar 30 09:07:02 2017 +0200 gpg: Revamp reading and writing of ring trust packets. * g10/parse-packet.c (parse_trust): Rename to ... (parse_ring_trust): this. Change args and implement new ring trust packet format. (parse): Add special ring trust packet handling. * g10/packet.h (PKT_user_id): New fields KEYUPDATE, UPDATEURL, and KEYSRC. (PKT_public_key): Ditto. (RING_TRUST_SIG, RING_TRUST_KEY, RING_TRUST_UID): New consts. (PKT_ring_trust): New. (struct packet_struct): Remove member RING_TRUST. (strcu parse_packet_ctx_s): Add field SKIP_META. (init_parse_packet): Init SKIPT_META. * g10/free-packet.c (release_public_key_parts): Free UDPATEURL. (free_user_id): Ditto. * g10/mainproc.c (list_node): Remove printing of non-documented "rtv" lines. * g10/build-packet.c (build_packet_and_meta): New. (do_ring_trust): New. * g10/export.c (write_keyblock_to_output): Use build_packet_and_meta in backup mode. (do_export_one_keyblock): Ditto. * g10/import.c (read_block): Add arg WITH_META. Skip ring trust packets if that ism not set. (import): Call read_block WITH_META in restore mode. * g10/keydb.h (KEYSRC_UNKNOWN, KEYSRC_FILE, KEYSRC_KS, KEYSRC_PREF_KS) (KEYSRC_WKD, KEYSRC_WKD_SD, KEYSRC_DANE): New constants. They are not yet used, though. * g10/keydb.c (parse_keyblock_image): Allow ring trust packets. (build_keyblock_image): Ditto. Use build_packet_and_meta. * g10/keyring.c (keyring_get_keyblock): Remove specila treatment of ring trust packets. (write_keyblock): Use build_packet_and_meta. Remove special treatment of ring trust packets and initialization of the signature caches. -- This patch introduced the framework to store meta data for keys and user ids in the keyrings/keyboxes. Ring trust packets are implementation defined and have always been used in gpg to cache the signature verification status. Ring trust packets are only exported with the export option "backup" and only imported with the import option "restore". The new code uses a cleaner way to handle the ring trust packets: When the parser reads a ring trust packet and the previously read packet matches the type of that ring trust packet, the information is stored in that previously read packet (signature, user id, or primary key) and the next packet is read immediately. Thus only the parser sees the ring trust packets. Ring trust packets are written by using the new function build_packet_and_meta instead of build_packet. That function writes a ring trust packet when the needed information is available. As a side-effect of this patch the signature status cache works again and "gpg --check-sigs" is thus much faster. Signed-off-by: Werner Koch diff --git a/doc/DETAILS b/doc/DETAILS index 83d9fea..1624315 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -1311,6 +1311,43 @@ CREATE TABLE signatures ( S2K Specifier with an offset of 1000. +* Format of the OpenPGP TRUST packet + + According to RFC4880 (5.10), the trust packet (aka ring trust) is + only used within keyrings and contains data that records the user's + specifications of which key holds trusted introducers. The RFC also + states that the format of this packet is implementation defined and + SHOULD NOT be emitted to output streams or should be ignored on + import. GnuPG uses this packet in several additional ways: + + - 1 octet :: Trust-Value (only used by Subtype SIG) + - 1 octet :: Signature-Cache (only used by Subtype SIG; value must + be less than 128) + - 3 octets :: Fixed value: "gpg" + - 1 octet :: Subtype + - 0 :: Signature cache (SIG) + - 1 :: Key source on the primary key (KEY) + - 2 :: Key source on a user id (UID) + - 1 octet :: Key Source; i.e. the origin of the key: + - 0 :: Unknown source. + - 1 :: Direct import from a file. + - 2 :: Public keyserver. + - 3 :: Preferred keysrver. + - 4 :: Web Key Directory. + - 5 :: Web Key Directory via sub-domain. + - 6 :: OpenPGP DANE. + - 4 octets :: Time of last update. This is a a four-octet scalar + with the seconds since Epoch. + - 1 octet :: Scalar with the length of the following field. + - N octets :: String with the URL of the source. This may be a + zero-length string. + + If the packets contains only two octets a Subtype of 0 is assumed; + this is the only format recognized by GnuPG versions < 2.1.18. + Trust-Value and Signature-Cache must be zero for all subtypes other + than SIG. + + * Keyserver helper message format *This information is obsolete* diff --git a/g10/build-packet.c b/g10/build-packet.c index 512e55c..60e7d45 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -33,6 +33,7 @@ #include "options.h" #include "../common/host2net.h" +static gpg_error_t do_ring_trust (iobuf_t out, PKT_ring_trust *rt); static int do_user_id( IOBUF out, int ctb, PKT_user_id *uid ); static int do_key (iobuf_t out, int ctb, PKT_public_key *pk); static int do_symkey_enc( IOBUF out, int ctb, PKT_symkey_enc *enc ); @@ -76,14 +77,11 @@ ctb_pkttype (int ctb) return (ctb & ((1 << 6) - 1)) >> 2; } -/**************** - * Build a packet and write it to INP - * Returns: 0 := okay - * >0 := error - * Note: Caller must free the packet - */ + +/* Build a packet and write it to the stream OUT. + * Returns: 0 on success or on an error code. */ int -build_packet( IOBUF out, PACKET *pkt ) +build_packet (IOBUF out, PACKET *pkt) { int rc = 0; int new_ctb = 0; @@ -170,7 +168,7 @@ build_packet( IOBUF out, PACKET *pkt ) rc = do_onepass_sig (out, ctb, pkt->pkt.onepass_sig); break; case PKT_RING_TRUST: - /* Ignore it (keyring.c does write it directly) */ + /* Ignore it (only written by build_packet_and_meta) */ break; case PKT_MDC: /* We write it directly, so we should never see it here. */ @@ -183,6 +181,62 @@ build_packet( IOBUF out, PACKET *pkt ) } +/* Build a packet and write it to the stream OUT. This variant also + * writes the meta data using ring tyrust packets. Returns: 0 on + * success or on aerror code. */ +gpg_error_t +build_packet_and_meta (iobuf_t out, PACKET *pkt) +{ + gpg_error_t err; + PKT_ring_trust rt = {0}; + + err = build_packet (out, pkt); + if (err) + ; + else if (pkt->pkttype == PKT_SIGNATURE) + { + PKT_signature *sig = pkt->pkt.signature; + + rt.subtype = RING_TRUST_SIG; + /* Note: trustval is not yet used. */ + if (sig->flags.checked) + { + rt.sigcache = 1; + if (sig->flags.valid) + rt.sigcache |= 2; + } + err = do_ring_trust (out, &rt); + } + else if (pkt->pkttype == PKT_USER_ID + || pkt->pkttype == PKT_ATTRIBUTE) + { + PKT_user_id *uid = pkt->pkt.user_id; + + rt.subtype = RING_TRUST_UID; + rt.keysrc = uid->keysrc; + rt.keyupdate = uid->keyupdate; + rt.url = uid->updateurl; + err = do_ring_trust (out, &rt); + rt.url = NULL; + } + else if (pkt->pkttype == PKT_PUBLIC_KEY + || pkt->pkttype == PKT_SECRET_KEY) + { + PKT_public_key *pk = pkt->pkt.public_key; + + rt.subtype = RING_TRUST_KEY; + rt.keysrc = pk->keysrc; + rt.keyupdate = pk->keyupdate; + rt.url = pk->updateurl; + err = do_ring_trust (out, &rt); + rt.url = NULL; + + } + + return err; +} + + /* * Write the mpi A to OUT. */ @@ -320,6 +374,38 @@ write_fake_data (IOBUF out, gcry_mpi_t a) } +/* Write a ring trust meta packet. */ +static gpg_error_t +do_ring_trust (iobuf_t out, PKT_ring_trust *rt) +{ + unsigned int namelen = 0; + unsigned int pktlen = 6; + + if (rt->subtype == RING_TRUST_KEY || rt->subtype == RING_TRUST_UID) + { + if (rt->url) + namelen = strlen (rt->url); + pktlen += 1 + 4 + 1 + namelen; + } + + write_header (out, (0x80 | ((PKT_RING_TRUST & 15)<<2)), pktlen); + iobuf_put (out, rt->trustval); + iobuf_put (out, rt->sigcache); + iobuf_write (out, "gpg", 3); + iobuf_put (out, rt->subtype); + if (rt->subtype == RING_TRUST_KEY || rt->subtype == RING_TRUST_UID) + { + iobuf_put (out, rt->keysrc); + write_32 (out, rt->keyupdate); + iobuf_put (out, namelen); + if (namelen) + iobuf_write (out, rt->url, namelen); + } + + return 0; +} + + /* Serialize the user id (RFC 4880, Section 5.11) or the user * attribute UID (Section 5.12) and write it to OUT. * diff --git a/g10/export.c b/g10/export.c index 5b0c81d..e2adcc4 100644 --- a/g10/export.c +++ b/g10/export.c @@ -1284,14 +1284,17 @@ write_keyblock_to_output (kbnode_t keyblock, int with_armor, { if (is_deleted_kbnode (node)) continue; - if (node->pkt->pkttype == PKT_RING_TRUST && !(options & EXPORT_BACKUP)) - continue; + if (node->pkt->pkttype == PKT_RING_TRUST) + continue; /* Skip - they should not be here anyway. */ if (!pk && (node->pkt->pkttype == PKT_PUBLIC_KEY || node->pkt->pkttype == PKT_SECRET_KEY)) pk = node->pkt->pkt.public_key; - err = build_packet (out_help? out_help : out, node->pkt); + if ((options & EXPORT_BACKUP)) + err = build_packet_and_meta (out_help? out_help : out, node->pkt); + else + err = build_packet (out_help? out_help : out, node->pkt); if (err) { log_error ("build_packet(%d) failed: %s\n", @@ -1555,9 +1558,8 @@ do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, if (node->pkt->pkttype == PKT_COMMENT) continue; - /* Make sure that ring_trust packets are only exported in backup - * mode. */ - if (node->pkt->pkttype == PKT_RING_TRUST && !(options & EXPORT_BACKUP)) + /* Skip ring trust packets - they should not ne here anyway. */ + if (node->pkt->pkttype == PKT_RING_TRUST) continue; /* If exact is set, then we only export what was requested @@ -1723,7 +1725,10 @@ do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, ski->iv[ski->ivlen] = xtoi_2 (s); } - err = build_packet (out, node->pkt); + if ((options & EXPORT_BACKUP)) + err = build_packet_and_meta (out, node->pkt); + else + err = build_packet (out, node->pkt); if (!err && node->pkt->pkttype == PKT_PUBLIC_KEY) { stats->exported++; @@ -1744,7 +1749,10 @@ do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, } else { - err = build_packet (out, node->pkt); + if ((options & EXPORT_BACKUP)) + err = build_packet_and_meta (out, node->pkt); + else + err = build_packet (out, node->pkt); if (node->pkt->pkttype == PKT_PUBLIC_KEY) { stats->exported++; @@ -1775,7 +1783,10 @@ do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, } else /* Not secret or common packets. */ { - err = build_packet (out, node->pkt); + if ((options & EXPORT_BACKUP)) + err = build_packet_and_meta (out, node->pkt); + else + err = build_packet (out, node->pkt); if (!err && node->pkt->pkttype == PKT_PUBLIC_KEY) { stats->exported++; diff --git a/g10/free-packet.c b/g10/free-packet.c index 535a17f..c144246 100644 --- a/g10/free-packet.c +++ b/g10/free-packet.c @@ -127,6 +127,11 @@ release_public_key_parts (PKT_public_key *pk) xfree (pk->serialno); pk->serialno = NULL; } + if (pk->updateurl) + { + xfree (pk->updateurl); + pk->updateurl = NULL; + } } @@ -314,6 +319,7 @@ free_user_id (PKT_user_id *uid) free_attributes(uid); xfree (uid->prefs); xfree (uid->namehash); + xfree (uid->updateurl); xfree (uid->mbox); xfree (uid); } diff --git a/g10/import.c b/g10/import.c index 3321a7e..d43b2a8 100644 --- a/g10/import.c +++ b/g10/import.c @@ -97,8 +97,8 @@ static int import (ctrl_t ctrl, IOBUF inp, const char* fname, struct import_stats_s *stats, unsigned char **fpr, size_t *fpr_len, unsigned int options, import_screener_t screener, void *screener_arg); -static int read_block (IOBUF a, PACKET **pending_pkt, kbnode_t *ret_root, - int *r_v3keys); +static int read_block (IOBUF a, int with_meta, + PACKET **pending_pkt, kbnode_t *ret_root, int *r_v3keys); static void revocation_present (ctrl_t ctrl, kbnode_t keyblock); static int import_one (ctrl_t ctrl, kbnode_t keyblock, @@ -333,7 +333,7 @@ read_key_from_file (ctrl_t ctrl, const char *fname, kbnode_t *r_keyblock) } /* Read the first non-v3 keyblock. */ - while (!(err = read_block (inp, &pending_pkt, &keyblock, &v3keys))) + while (!(err = read_block (inp, 0, &pending_pkt, &keyblock, &v3keys))) { if (keyblock->pkt->pkttype == PKT_PUBLIC_KEY) break; @@ -563,7 +563,8 @@ import (ctrl_t ctrl, IOBUF inp, const char* fname,struct import_stats_s *stats, release_armor_context (afx); } - while (!(rc = read_block (inp, &pending_pkt, &keyblock, &v3keys))) + while (!(rc = read_block (inp, !!(options & IMPORT_RESTORE), + &pending_pkt, &keyblock, &v3keys))) { stats->v3keys += v3keys; if (keyblock->pkt->pkttype == PKT_PUBLIC_KEY) @@ -637,7 +638,7 @@ import_old_secring (ctrl_t ctrl, const char *fname) getkey_disable_caches(); stats = import_new_stats_handle (); - while (!(err = read_block (inp, &pending_pkt, &keyblock, &v3keys))) + while (!(err = read_block (inp, 0, &pending_pkt, &keyblock, &v3keys))) { if (keyblock->pkt->pkttype == PKT_SECRET_KEY) err = import_secret_one (ctrl, keyblock, stats, 1, 0, 1, @@ -752,14 +753,15 @@ valid_keyblock_packet (int pkttype) /**************** * Read the next keyblock from stream A. - * PENDING_PKT should be initialzed to NULL - * and not changed by the caller. + * Meta data (ring trust packets) are only considered of WITH_META is set. + * PENDING_PKT should be initialzed to NULL and not changed by the caller. * Return: 0 = okay, -1 no more blocks or another errorcode. * The int at at R_V3KEY counts the number of unsupported v3 * keyblocks. */ static int -read_block( IOBUF a, PACKET **pending_pkt, kbnode_t *ret_root, int *r_v3keys) +read_block( IOBUF a, int with_meta, + PACKET **pending_pkt, kbnode_t *ret_root, int *r_v3keys) { int rc; struct parse_packet_ctx_s parsectx; @@ -781,6 +783,8 @@ read_block( IOBUF a, PACKET **pending_pkt, kbnode_t *ret_root, int *r_v3keys) pkt = xmalloc (sizeof *pkt); init_packet (pkt); init_parse_packet (&parsectx, a); + if (!with_meta) + parsectx.skip_meta = 1; in_v3key = 0; while ((rc=parse_packet (&parsectx, pkt)) != -1) { diff --git a/g10/keydb.c b/g10/keydb.c index 1bbda35..67957f8 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -1202,6 +1202,7 @@ parse_keyblock_image (iobuf_t iobuf, int pk_no, int uid_no, case PKT_USER_ID: case PKT_ATTRIBUTE: case PKT_SIGNATURE: + case PKT_RING_TRUST: break; /* Allowed per RFC. */ default: @@ -1458,14 +1459,13 @@ build_keyblock_image (kbnode_t keyblock, iobuf_t *r_iobuf, u32 **r_sigstatus) case PKT_SIGNATURE: case PKT_USER_ID: case PKT_ATTRIBUTE: - /* Note that we don't want the ring trust packets. They are - not useful. */ + case PKT_RING_TRUST: break; default: continue; } - err = build_packet (iobuf, node->pkt); + err = build_packet_and_meta (iobuf, node->pkt); if (err) { iobuf_close (iobuf); diff --git a/g10/keydb.h b/g10/keydb.h index 6f57583..2de52d5 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -119,6 +119,19 @@ union pref_hint }; +/* Constants to describe from where a key was fetched or updated. */ +enum + { + KEYSRC_UNKNOWN = 0, + KEYSRC_FILE = 1, /* Direct import from a file. */ + KEYSRC_KS = 2, /* Public keyserver. */ + KEYSRC_PREF_KS = 3, /* Preferred keysrver. */ + KEYSRC_WKD = 4, /* Web Key Directory. */ + KEYSRC_WKD_SD = 5, /* Web Key Directory but from a sub domain. */ + KEYSRC_DANE = 6 /* OpenPGP DANE. */ + }; + + /*-- keydb.c --*/ #define KEYDB_RESOURCE_FLAG_PRIMARY 2 /* The primary resource. */ diff --git a/g10/keyring.c b/g10/keyring.c index 2210df9..e7ebbb3 100644 --- a/g10/keyring.c +++ b/g10/keyring.c @@ -473,29 +473,6 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb) } in_cert = 1; - if (pkt->pkttype == PKT_RING_TRUST) - { - /*(this code is duplicated after the loop)*/ - if ( lastnode - && lastnode->pkt->pkttype == PKT_SIGNATURE - && (pkt->pkt.ring_trust->sigcache & 1) ) { - /* This is a ring trust packet with a checked signature - * status cache following directly a signature paket. - * Set the cache status into that signature packet. */ - PKT_signature *sig = lastnode->pkt->pkt.signature; - - sig->flags.checked = 1; - sig->flags.valid = !!(pkt->pkt.ring_trust->sigcache & 2); - } - /* Reset LASTNODE, so that we set the cache status only from - * the ring trust packet immediately following a signature. */ - lastnode = NULL; - free_packet(pkt, &parsectx); - init_packet(pkt); - continue; - } - - node = lastnode = new_kbnode (pkt); if (!keyblock) keyblock = node; @@ -531,16 +508,7 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb) if (rc || !ret_kb) release_kbnode (keyblock); else { - /*(duplicated from the loop body)*/ - if ( pkt && pkt->pkttype == PKT_RING_TRUST - && lastnode - && lastnode->pkt->pkttype == PKT_SIGNATURE - && (pkt->pkt.ring_trust->sigcache & 1) ) { - PKT_signature *sig = lastnode->pkt->pkt.signature; - sig->flags.checked = 1; - sig->flags.valid = !!(pkt->pkt.ring_trust->sigcache & 2); - } - *ret_kb = keyblock; + *ret_kb = keyblock; } free_packet (pkt, &parsectx); deinit_parse_packet (&parsectx); @@ -1420,36 +1388,12 @@ write_keyblock (IOBUF fp, KBNODE keyblock) while ( (node = walk_kbnode (keyblock, &kbctx, 0)) ) { - if (node->pkt->pkttype == PKT_RING_TRUST) - continue; /* we write it later on our own */ - - if ( (rc = build_packet (fp, node->pkt) )) + if ( (rc = build_packet_and_meta (fp, node->pkt) )) { log_error ("build_packet(%d) failed: %s\n", node->pkt->pkttype, gpg_strerror (rc) ); return rc; } - if (node->pkt->pkttype == PKT_SIGNATURE) - { /* always write a signature cache packet */ - PKT_signature *sig = node->pkt->pkt.signature; - unsigned int cacheval = 0; - - if (sig->flags.checked) - { - cacheval |= 1; - if (sig->flags.valid) - cacheval |= 2; - } - iobuf_put (fp, 0xb0); /* old style packet 12, 1 byte len*/ - iobuf_put (fp, 2); /* 2 bytes */ - iobuf_put (fp, 0); /* unused */ - if (iobuf_put (fp, cacheval)) - { - rc = gpg_error_from_syserror (); - log_error ("writing sigcache packet failed\n"); - return rc; - } - } } return 0; } @@ -1640,6 +1584,7 @@ keyring_rebuild_cache (void *token,int noisy) return rc; } + /**************** * Perform insert/delete/update operation. diff --git a/g10/mainproc.c b/g10/mainproc.c index 8581104..7b2c456 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1046,13 +1046,6 @@ list_node (CTX c, kbnode_t node) else if ((pk->flags.primary && opt.fingerprint) || opt.fingerprint > 1) print_fingerprint (NULL, pk, 0); - if (opt.with_colons) - { - if (node->next && node->next->pkt->pkttype == PKT_RING_TRUST) - es_printf ("rtv:1:%u:\n", - node->next->pkt->pkt.ring_trust->trustval); - } - if (pk->flags.primary) { int kl = opt.keyid_format == KF_NONE? 0 : keystrlen (); @@ -1077,14 +1070,6 @@ list_node (CTX c, kbnode_t node) if (opt.with_colons) es_putc (':', es_stdout); es_putc ('\n', es_stdout); - if (opt.with_colons - && node->next - && node->next->pkt->pkttype == PKT_RING_TRUST) - { - es_printf ("rtv:2:%u:\n", - node->next->pkt->pkt.ring_trust? - node->next->pkt->pkt.ring_trust->trustval : 0); - } } else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) { diff --git a/g10/packet.h b/g10/packet.h index ad6f317..b23298a 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -283,20 +283,25 @@ typedef struct u32 expiredate; /* expires at this date or 0 if not at all */ prefitem_t *prefs; /* list of preferences (may be NULL)*/ u32 created; /* according to the self-signature */ + u32 keyupdate; /* From the ring trust packet. */ + char *updateurl; /* NULL or the URL of the last update origin. */ + byte keysrc; /* From the ring trust packet. */ byte selfsigversion; struct { unsigned int mdc:1; unsigned int ks_modify:1; unsigned int compacted:1; - unsigned int primary:2; /* 2 if set via the primary flag, 1 if calculated */ + unsigned int primary:2; /* 2 if set via the primary flag, 1 if calculated */ unsigned int revoked:1; unsigned int expired:1; } flags; + char *mbox; /* NULL or the result of mailbox_from_userid. */ + /* The text contained in the user id packet, which is normally the - name and email address of the key holder (See RFC 4880 5.11). - (Serialized.). For convenience an extra Nul is always appended. */ + * name and email address of the key holder (See RFC 4880 5.11). + * (Serialized.). For convenience an extra Nul is always appended. */ char name[1]; } PKT_user_id; @@ -402,6 +407,9 @@ typedef struct u32 trust_timestamp; byte trust_depth; byte trust_value; + byte keysrc; /* From the ring trust packet. */ + u32 keyupdate; /* From the ring trust packet. */ + char *updateurl; /* NULL or the URL of the last update origin. */ const byte *trust_regexp; char *serialno; /* Malloced hex string or NULL if it is likely not on a card. See also @@ -474,11 +482,28 @@ typedef struct { byte hash[20]; } PKT_mdc; + +/* Subtypes for the ring trust packet. */ +#define RING_TRUST_SIG 0 /* The classical signature cache. */ +#define RING_TRUST_KEY 1 /* A KEYSRC on a primary key. */ +#define RING_TRUST_UID 2 /* A KEYSRC on a user id. */ + +/* The local only ring trust packet which OpenPGP declares as + * implementation defined. GnuPG uses this to cache signature + * verification status and since 2.1.18 also to convey information + * about the origin of a key. Note that this packet is not part + * struct packet_struct becuase we use it only local in the packet + * parser and builder. */ typedef struct { - unsigned int trustval; - unsigned int sigcache; + unsigned int trustval; + unsigned int sigcache; + unsigned char subtype; /* The subtype of this ring trust packet. */ + unsigned char keysrc; /* The origin of the key (KEYSRC_*). */ + u32 keyupdate; /* The wall time the key was last updated. */ + char *url; /* NULL or the URL of the source. */ } PKT_ring_trust; + /* A plaintext packet (see RFC 4880, 5.9). */ typedef struct { /* The length of data in BUF or 0 if unknown. */ @@ -519,7 +544,6 @@ struct packet_struct { PKT_compressed *compressed; /* PKT_COMPRESSED */ PKT_encrypted *encrypted; /* PKT_ENCRYPTED[_MDC] */ PKT_mdc *mdc; /* PKT_MDC */ - PKT_ring_trust *ring_trust; /* PKT_RING_TRUST */ PKT_plaintext *plaintext; /* PKT_PLAINTEXT */ PKT_gpg_control *gpg_control; /* PKT_GPG_CONTROL */ } pkt; @@ -599,6 +623,7 @@ struct parse_packet_ctx_s iobuf_t inp; /* The input stream with the packets. */ PACKET *last_pkt; /* The last parsed packet. */ int free_last_pkt; /* Indicates that LAST_PKT must be freed. */ + int skip_meta; /* Skip right trust packets. */ }; typedef struct parse_packet_ctx_s *parse_packet_ctx_t; @@ -606,6 +631,7 @@ typedef struct parse_packet_ctx_s *parse_packet_ctx_t; (a)->inp = (i); \ (a)->last_pkt = NULL; \ (a)->free_last_pkt = 0; \ + (a)->skip_meta = 0; \ } while (0) #define deinit_parse_packet(a) do { \ @@ -786,7 +812,8 @@ PACKET *create_gpg_control ( ctrlpkttype_t type, size_t datalen ); /*-- build-packet.c --*/ -int build_packet( iobuf_t inp, PACKET *pkt ); +int build_packet (iobuf_t out, PACKET *pkt); +gpg_error_t build_packet_and_meta (iobuf_t out, PACKET *pkt); gpg_error_t gpg_mpi_write (iobuf_t out, gcry_mpi_t a); gpg_error_t gpg_mpi_write_nohdr (iobuf_t out, gcry_mpi_t a); u32 calc_packet_length( PACKET *pkt ); diff --git a/g10/parse-packet.c b/g10/parse-packet.c index ab273a5..df04fbc 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -74,8 +74,8 @@ static int parse_attribute (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * packet); static int parse_comment (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * packet); -static void parse_trust (IOBUF inp, int pkttype, unsigned long pktlen, - PACKET * packet); +static gpg_error_t parse_ring_trust (parse_packet_ctx_t ctx, + unsigned long pktlen); static int parse_plaintext (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * packet, int new_ctb, int partial); static int parse_compressed (IOBUF inp, int pkttype, unsigned long pktlen, @@ -542,6 +542,7 @@ parse (parse_packet_ctx_t ctx, PACKET *pkt, int onlykeypkts, off_t * retpos, *skip = 0; inp = ctx->inp; + again: log_assert (!pkt->pkt.generic); if (retpos || list_mode) { @@ -800,8 +801,11 @@ parse (parse_packet_ctx_t ctx, PACKET *pkt, int onlykeypkts, off_t * retpos, rc = parse_comment (inp, pkttype, pktlen, pkt); break; case PKT_RING_TRUST: - parse_trust (inp, pkttype, pktlen, pkt); - rc = 0; + { + rc = parse_ring_trust (ctx, pktlen); + if (!rc) + goto again; /* Directly read the next packet. */ + } break; case PKT_PLAINTEXT: rc = parse_plaintext (inp, pkttype, pktlen, pkt, new_ctb, partial); @@ -2873,42 +2877,164 @@ parse_comment (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * packet) } -static void -parse_trust (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * pkt) +/* Parse a ring trust packet RFC4880 (5.10). + * + * This parser is special in that the packet is not stored as a packet + * but its content is merged into the previous packet. */ +static gpg_error_t +parse_ring_trust (parse_packet_ctx_t ctx, unsigned long pktlen) { + gpg_error_t err; + iobuf_t inp = ctx->inp; + PKT_ring_trust rt = {0}; int c; + int not_gpg = 0; - (void) pkttype; + if (!pktlen) + { + if (list_mode) + es_fprintf (listfp, ":trust packet: empty\n"); + err = 0; + goto leave; + } - pkt->pkt.ring_trust = xmalloc (sizeof *pkt->pkt.ring_trust); + c = iobuf_get_noeof (inp); + pktlen--; + rt.trustval = c; if (pktlen) { - c = iobuf_get_noeof (inp); + if (!c) + { + c = iobuf_get_noeof (inp); + /* We require that bit 7 of the sigcache is 0 (easier + * eof handling). */ + if (!(c & 0x80)) + rt.sigcache = c; + } + else + iobuf_get_noeof (inp); /* Dummy read. */ pktlen--; - pkt->pkt.ring_trust->trustval = c; - pkt->pkt.ring_trust->sigcache = 0; - if (!c && pktlen == 1) - { - c = iobuf_get_noeof (inp); - pktlen--; - /* We require that bit 7 of the sigcache is 0 (easier eof - handling). */ - if (!(c & 0x80)) - pkt->pkt.ring_trust->sigcache = c; - } - if (list_mode) - es_fprintf (listfp, ":trust packet: flag=%02x sigcache=%02x\n", - pkt->pkt.ring_trust->trustval, - pkt->pkt.ring_trust->sigcache); } - else + + /* Next is the optional subtype. */ + if (pktlen > 3) { - pkt->pkt.ring_trust->trustval = 0; - pkt->pkt.ring_trust->sigcache = 0; - if (list_mode) - es_fprintf (listfp, ":trust packet: empty\n"); + char tmp[4]; + tmp[0] = iobuf_get_noeof (inp); + tmp[1] = iobuf_get_noeof (inp); + tmp[2] = iobuf_get_noeof (inp); + tmp[3] = iobuf_get_noeof (inp); + pktlen -= 4; + if (!memcmp (tmp, "gpg", 3)) + rt.subtype = tmp[3]; + else + not_gpg = 1; } + /* If it is a key or uid subtype read the remaining data. */ + if ((rt.subtype == RING_TRUST_KEY || rt.subtype == RING_TRUST_UID) + && pktlen >= 6 ) + { + int i; + unsigned int namelen; + + rt.keysrc = iobuf_get_noeof (inp); + pktlen--; + rt.keyupdate = read_32 (inp); + pktlen -= 4; + namelen = iobuf_get_noeof (inp); + pktlen--; + if (namelen && pktlen) + { + rt.url = xtrymalloc (namelen + 1); + if (rt.url) + { + err = gpg_error_from_syserror (); + goto leave; + } + for (i = 0; pktlen && i < namelen; pktlen--, i++) + rt.url[i] = iobuf_get_noeof (inp); + rt.url[i] = 0; + } + } + + if (list_mode) + { + if (rt.subtype == RING_TRUST_SIG) + es_fprintf (listfp, ":trust packet: sig flag=%02x sigcache=%02x\n", + rt.trustval, rt.sigcache); + else if (rt.subtype == RING_TRUST_UID || rt.subtype == RING_TRUST_KEY) + { + unsigned char *p; + + es_fprintf (listfp, ":trust packet: %s upd=%lu src=%d%s", + (rt.subtype == RING_TRUST_UID? "uid" : "key"), + (unsigned long)rt.keyupdate, + rt.keysrc, + (rt.url? " url=":"")); + if (rt.url) + { + for (p = rt.url; *p; p++) + { + if (*p >= ' ' && *p <= 'z') + es_putc (*p, listfp); + else + es_fprintf (listfp, "\\x%02x", *p); + } + } + es_putc ('\n', listfp); + } + else if (not_gpg) + es_fprintf (listfp, ":trust packet: not created by gpg\n"); + else + es_fprintf (listfp, ":trust packet: subtype=%02x\n", + rt.subtype); + } + + /* Now transfer the data to the respective packet. Do not do this + * if SKIP_META is set. */ + if (!ctx->last_pkt || ctx->skip_meta) + ; + else if (rt.subtype == RING_TRUST_SIG + && ctx->last_pkt->pkttype == PKT_SIGNATURE) + { + PKT_signature *sig = ctx->last_pkt->pkt.signature; + + if ((rt.sigcache & 1)) + { + sig->flags.checked = 1; + sig->flags.valid = !!(rt.sigcache & 2); + } + } + else if (rt.subtype == RING_TRUST_UID + && (ctx->last_pkt->pkttype == PKT_USER_ID + || ctx->last_pkt->pkttype == PKT_ATTRIBUTE)) + { + PKT_user_id *uid = ctx->last_pkt->pkt.user_id; + + uid->keysrc = rt.keysrc; + uid->keyupdate = rt.keyupdate; + uid->updateurl = rt.url; + rt.url = NULL; + } + else if (rt.subtype == RING_TRUST_KEY + && (ctx->last_pkt->pkttype == PKT_PUBLIC_KEY + || ctx->last_pkt->pkttype == PKT_SECRET_KEY)) + { + PKT_public_key *pk = ctx->last_pkt->pkt.public_key; + + pk->keysrc = rt.keysrc; + pk->keyupdate = rt.keyupdate; + pk->updateurl = rt.url; + rt.url = NULL; + } + + err = 0; + + leave: + xfree (rt.url); + free_packet (NULL, ctx); /* This sets ctx->last_pkt to NULL. */ iobuf_skip_rest (inp, pktlen, 0); + return err; } commit afa86809087909a8ba2f9356588bf90cc923529c Author: Werner Koch Date: Wed Mar 29 11:57:40 2017 +0200 gpg: Extend free_packet to handle a packet parser context. * g10/packet.h (struct parse_packet_ctx_s): Add fields LAST_PKT and FREE_LAST_PKT. (init_parse_packet): Clear them. (deinit_parse_packet): New macro. Change all users if init_parse_packet to also call this macro. * g10/free-packet.c (free_packet): Add arg PARSECTX and handle shallow packet copies in the context. Change all callers. * g10/parse-packet.c (parse): Store certain packets in the parse context. -- Signed-off-by: Werner Koch diff --git a/g10/encrypt.c b/g10/encrypt.c index 0a892c2..a79a470 100644 --- a/g10/encrypt.c +++ b/g10/encrypt.c @@ -394,7 +394,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey) } if (pt) pt->buf = NULL; - free_packet (&pkt); + free_packet (&pkt, NULL); xfree (cfx.dek); xfree (s2k); release_armor_context (afx); @@ -755,7 +755,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, } if (pt) pt->buf = NULL; - free_packet (&pkt); + free_packet (&pkt, NULL); xfree (cfx.dek); xfree (symkey_dek); xfree (symkey_s2k); diff --git a/g10/free-packet.c b/g10/free-packet.c index 4cf80a4..535a17f 100644 --- a/g10/free-packet.c +++ b/g10/free-packet.c @@ -394,18 +394,40 @@ free_plaintext( PKT_plaintext *pt ) xfree (pt); } + /**************** * Free the packet in PKT. */ void -free_packet (PACKET *pkt) +free_packet (PACKET *pkt, parse_packet_ctx_t parsectx) { if (!pkt || !pkt->pkt.generic) - return; + { + if (parsectx && parsectx->last_pkt) + { + if (parsectx->free_last_pkt) + { + free_packet (parsectx->last_pkt, NULL); + parsectx->free_last_pkt = 0; + } + parsectx->last_pkt = NULL; + } + return; + } if (DBG_MEMORY) log_debug ("free_packet() type=%d\n", pkt->pkttype); + /* If we have a parser context holding PKT then do not free the + * packet but set a flag that the packet in the parser context is + * now a deep copy. */ + if (parsectx && parsectx->last_pkt == pkt && !parsectx->free_last_pkt) + { + parsectx->free_last_pkt = 1; + pkt->pkt.generic = NULL; + return; + } + switch (pkt->pkttype) { case PKT_SIGNATURE: diff --git a/g10/import.c b/g10/import.c index 9aa6c8b..3321a7e 100644 --- a/g10/import.c +++ b/g10/import.c @@ -790,7 +790,7 @@ read_block( IOBUF a, PACKET **pending_pkt, kbnode_t *ret_root, int *r_v3keys) { in_v3key = 1; ++*r_v3keys; - free_packet (pkt); + free_packet (pkt, &parsectx); init_packet (pkt); continue; } @@ -804,7 +804,7 @@ read_block( IOBUF a, PACKET **pending_pkt, kbnode_t *ret_root, int *r_v3keys) rc = GPG_ERR_INV_KEYRING; goto ready; } - free_packet( pkt ); + free_packet (pkt, &parsectx); init_packet(pkt); continue; } @@ -812,7 +812,7 @@ read_block( IOBUF a, PACKET **pending_pkt, kbnode_t *ret_root, int *r_v3keys) if (in_v3key && !(pkt->pkttype == PKT_PUBLIC_KEY || pkt->pkttype == PKT_SECRET_KEY)) { - free_packet( pkt ); + free_packet (pkt, &parsectx); init_packet(pkt); continue; } @@ -843,7 +843,7 @@ read_block( IOBUF a, PACKET **pending_pkt, kbnode_t *ret_root, int *r_v3keys) pkt->pkt.compressed->buf = NULL; push_compress_filter2(a,cfx,pkt->pkt.compressed->algorithm,1); } - free_packet( pkt ); + free_packet (pkt, &parsectx); init_packet(pkt); break; @@ -851,7 +851,7 @@ read_block( IOBUF a, PACKET **pending_pkt, kbnode_t *ret_root, int *r_v3keys) /* Skip those packets unless we are in restore mode. */ if ((opt.import_options & IMPORT_RESTORE)) goto x_default; - free_packet( pkt ); + free_packet (pkt, &parsectx); init_packet(pkt); break; @@ -887,7 +887,8 @@ read_block( IOBUF a, PACKET **pending_pkt, kbnode_t *ret_root, int *r_v3keys) release_kbnode( root ); else *ret_root = root; - free_packet( pkt ); + free_packet (pkt, &parsectx); + deinit_parse_packet (&parsectx); xfree( pkt ); return rc; } diff --git a/g10/kbnode.c b/g10/kbnode.c index b8c31b7..c2aaacd 100644 --- a/g10/kbnode.c +++ b/g10/kbnode.c @@ -117,8 +117,8 @@ release_kbnode( KBNODE n ) while( n ) { n2 = n->next; if( !is_cloned_kbnode(n) ) { - free_packet( n->pkt ); - xfree( n->pkt ); + free_packet (n->pkt, NULL); + xfree( n->pkt ); } free_node( n ); n = n2; @@ -288,7 +288,7 @@ commit_kbnode( KBNODE *root ) else nl->next = n->next; if( !is_cloned_kbnode(n) ) { - free_packet( n->pkt ); + free_packet (n->pkt, NULL); xfree( n->pkt ); } free_node( n ); @@ -312,7 +312,7 @@ remove_kbnode( KBNODE *root, KBNODE node ) else nl->next = n->next; if( !is_cloned_kbnode(n) ) { - free_packet( n->pkt ); + free_packet (n->pkt, NULL); xfree( n->pkt ); } free_node( n ); diff --git a/g10/keydb.c b/g10/keydb.c index c0bc9f5..1bbda35 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -1180,7 +1180,7 @@ parse_keyblock_image (iobuf_t iobuf, int pk_no, int uid_no, { if (gpg_err_code (err) == GPG_ERR_UNKNOWN_PACKET) { - free_packet (pkt); + free_packet (pkt, &parsectx); init_packet (pkt); continue; } @@ -1209,7 +1209,7 @@ parse_keyblock_image (iobuf_t iobuf, int pk_no, int uid_no, the other GPG specific packets don't make sense either. */ log_error ("skipped packet of type %d in keybox\n", (int)pkt->pkttype); - free_packet(pkt); + free_packet(pkt, &parsectx); init_packet(pkt); continue; } @@ -1311,7 +1311,8 @@ parse_keyblock_image (iobuf_t iobuf, int pk_no, int uid_no, release_kbnode (keyblock); else *r_keyblock = keyblock; - free_packet (pkt); + free_packet (pkt, &parsectx); + deinit_parse_packet (&parsectx); xfree (pkt); return err; } diff --git a/g10/keyedit.c b/g10/keyedit.c index 76d1889..9a61126 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -2467,7 +2467,8 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, init_packet (pkt); init_parse_packet (&parsectx, a); err = parse_packet (&parsectx, pkt); - iobuf_close (a); + deinit_parse_packet (&parsectx); + iobuf_close (a); iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char *) fname); if (!err && pkt->pkttype != PKT_SECRET_KEY && pkt->pkttype != PKT_SECRET_SUBKEY) @@ -2477,7 +2478,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, tty_printf (_("Error reading backup key from '%s': %s\n"), fname, gpg_strerror (err)); xfree (fname); - free_packet (pkt); + free_packet (pkt, NULL); xfree (pkt); break; } @@ -5008,7 +5009,7 @@ menu_expire (kbnode_t pub_keyblock, int force_mainkey, u32 newexpiration) newpkt = xmalloc_clear (sizeof *newpkt); newpkt->pkttype = PKT_SIGNATURE; newpkt->pkt.signature = newsig; - free_packet (node->pkt); + free_packet (node->pkt, NULL); xfree (node->pkt); node->pkt = newpkt; sub_pk = NULL; @@ -5114,7 +5115,7 @@ menu_changeusage (kbnode_t keyblock) newpkt = xmalloc_clear (sizeof *newpkt); newpkt->pkttype = PKT_SIGNATURE; newpkt->pkt.signature = newsig; - free_packet (node->pkt); + free_packet (node->pkt, NULL); xfree (node->pkt); node->pkt = newpkt; sub_pk = NULL; @@ -5213,7 +5214,7 @@ menu_backsign (KBNODE pub_keyblock) newpkt = xmalloc_clear (sizeof (*newpkt)); newpkt->pkttype = PKT_SIGNATURE; newpkt->pkt.signature = newsig; - free_packet (sig_pk->pkt); + free_packet (sig_pk->pkt, NULL); xfree (sig_pk->pkt); sig_pk->pkt = newpkt; @@ -5371,7 +5372,7 @@ menu_set_primary_uid (KBNODE pub_keyblock) newpkt = xmalloc_clear (sizeof *newpkt); newpkt->pkttype = PKT_SIGNATURE; newpkt->pkt.signature = newsig; - free_packet (node->pkt); + free_packet (node->pkt, NULL); xfree (node->pkt); node->pkt = newpkt; modified = 1; @@ -5460,7 +5461,7 @@ menu_set_preferences (KBNODE pub_keyblock) newpkt = xmalloc_clear (sizeof *newpkt); newpkt->pkttype = PKT_SIGNATURE; newpkt->pkt.signature = newsig; - free_packet (node->pkt); + free_packet (node->pkt, NULL); xfree (node->pkt); node->pkt = newpkt; modified = 1; @@ -5596,7 +5597,7 @@ menu_set_keyserver_url (const char *url, KBNODE pub_keyblock) newpkt = xmalloc_clear (sizeof *newpkt); newpkt->pkttype = PKT_SIGNATURE; newpkt->pkt.signature = newsig; - free_packet (node->pkt); + free_packet (node->pkt, NULL); xfree (node->pkt); node->pkt = newpkt; modified = 1; @@ -5797,7 +5798,7 @@ menu_set_notation (const char *string, KBNODE pub_keyblock) newpkt = xmalloc_clear (sizeof *newpkt); newpkt->pkttype = PKT_SIGNATURE; newpkt->pkt.signature = newsig; - free_packet (node->pkt); + free_packet (node->pkt, NULL); xfree (node->pkt); node->pkt = newpkt; modified = 1; diff --git a/g10/keygen.c b/g10/keygen.c index 44f139a..78c35a2 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -867,7 +867,7 @@ make_backsig (PKT_signature *sig, PKT_public_key *pk, backsig_pkt.pkttype = PKT_SIGNATURE; backsig_pkt.pkt.signature = backsig; err = build_packet (backsig_out, &backsig_pkt); - free_packet (&backsig_pkt); + free_packet (&backsig_pkt, NULL); if (err) log_error ("build_packet failed for backsig: %s\n", gpg_strerror (err)); else diff --git a/g10/keyring.c b/g10/keyring.c index e4fc111..2210df9 100644 --- a/g10/keyring.c +++ b/g10/keyring.c @@ -415,7 +415,7 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb) while ((rc=parse_packet (&parsectx, pkt)) != -1) { hd->found.n_packets++; if (gpg_err_code (rc) == GPG_ERR_UNKNOWN_PACKET) { - free_packet (pkt); + free_packet (pkt, &parsectx); init_packet (pkt); continue; } @@ -461,7 +461,7 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb) default: log_error ("skipped packet of type %d in keyring\n", (int)pkt->pkttype); - free_packet(pkt); + free_packet(pkt, &parsectx); init_packet(pkt); continue; } @@ -490,7 +490,7 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb) /* Reset LASTNODE, so that we set the cache status only from * the ring trust packet immediately following a signature. */ lastnode = NULL; - free_packet(pkt); + free_packet(pkt, &parsectx); init_packet(pkt); continue; } @@ -542,7 +542,8 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb) } *ret_kb = keyblock; } - free_packet (pkt); + free_packet (pkt, &parsectx); + deinit_parse_packet (&parsectx); xfree (pkt); iobuf_close(a); @@ -1132,7 +1133,7 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc, rc = search_packet (&parsectx, &pkt, &offset, need_uid); if (ignore_legacy && gpg_err_code (rc) == GPG_ERR_LEGACY_KEY) { - free_packet (&pkt); + free_packet (&pkt, &parsectx); continue; } if (rc) @@ -1146,7 +1147,7 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc, } if (initial_skip) { - free_packet (&pkt); + free_packet (&pkt, &parsectx); continue; } @@ -1228,7 +1229,7 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc, goto found; } } - free_packet (&pkt); + free_packet (&pkt, &parsectx); continue; found: if (rc) @@ -1255,7 +1256,7 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc, } if (n == ndesc) goto real_found; - free_packet (&pkt); + free_packet (&pkt, &parsectx); } real_found: if (!rc) @@ -1309,7 +1310,8 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc, hd->current.error = rc; } - free_packet(&pkt); + free_packet (&pkt, &parsectx); + deinit_parse_packet (&parsectx); set_packet_list_mode(save_mode); return rc; } diff --git a/g10/mainproc.c b/g10/mainproc.c index 30d9b18..8581104 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -358,7 +358,7 @@ proc_symkey_enc (CTX c, PACKET *pkt) leave: c->symkeys++; - free_packet (pkt); + free_packet (pkt, NULL); } @@ -456,7 +456,7 @@ proc_pubkey_enc (ctrl_t ctrl, CTX c, PACKET *pkt) log_info (_("public key encrypted data: good DEK\n")); } - free_packet(pkt); + free_packet(pkt, NULL); } @@ -657,7 +657,7 @@ proc_encrypted (CTX c, PACKET *pkt) xfree (c->dek); c->dek = NULL; - free_packet (pkt); + free_packet (pkt, NULL); c->last_was_session_key = 0; write_status (STATUS_END_DECRYPTION); } @@ -774,7 +774,7 @@ proc_plaintext( CTX c, PACKET *pkt ) if (rc) log_error ("handle plaintext failed: %s\n", gpg_strerror (rc)); - free_packet(pkt); + free_packet (pkt, NULL); c->last_was_session_key = 0; /* We add a marker control packet instead of the plaintext packet. @@ -837,7 +837,7 @@ proc_compressed (CTX c, PACKET *pkt) else if (rc) log_error ("uncompressing failed: %s\n", gpg_strerror (rc)); - free_packet(pkt); + free_packet (pkt, NULL); c->last_was_session_key = 0; return rc; } @@ -1348,7 +1348,7 @@ do_proc_packets (ctrl_t ctrl, CTX c, iobuf_t a) any_data = 1; if (rc) { - free_packet (pkt); + free_packet (pkt, &parsectx); /* Stop processing when an invalid packet has been encountered * but don't do so when we are doing a --list-packets. */ if (gpg_err_code (rc) == GPG_ERR_INV_PACKET @@ -1466,7 +1466,7 @@ do_proc_packets (ctrl_t ctrl, CTX c, iobuf_t a) init_packet (pkt); } else - free_packet(pkt); + free_packet (pkt, &parsectx); } if (rc == GPG_ERR_INV_PACKET) @@ -1481,7 +1481,8 @@ do_proc_packets (ctrl_t ctrl, CTX c, iobuf_t a) leave: release_list (c); xfree(c->dek); - free_packet (pkt); + free_packet (pkt, &parsectx); + deinit_parse_packet (&parsectx); xfree (pkt); free_md_filter_context (&c->mfx); return rc; diff --git a/g10/packet.h b/g10/packet.h index ffa1fe9..ad6f317 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -596,13 +596,22 @@ int set_packet_list_mode( int mode ); /* A context used with parse_packet. */ struct parse_packet_ctx_s { - iobuf_t inp; /* The input stream with the packets. */ + iobuf_t inp; /* The input stream with the packets. */ + PACKET *last_pkt; /* The last parsed packet. */ + int free_last_pkt; /* Indicates that LAST_PKT must be freed. */ }; typedef struct parse_packet_ctx_s *parse_packet_ctx_t; -#define init_parse_packet(a,i) do { (a)->inp = (i); \ - /**/ } while (0) +#define init_parse_packet(a,i) do { \ + (a)->inp = (i); \ + (a)->last_pkt = NULL; \ + (a)->free_last_pkt = 0; \ + } while (0) +#define deinit_parse_packet(a) do { \ + if ((a)->free_last_pkt) \ + free_packet (NULL, (a)); \ + } while (0) #if DEBUG_PARSE_PACKET @@ -803,7 +812,7 @@ void free_public_key( PKT_public_key *key ); void free_attributes(PKT_user_id *uid); void free_user_id( PKT_user_id *uid ); void free_comment( PKT_comment *rem ); -void free_packet( PACKET *pkt ); +void free_packet (PACKET *pkt, parse_packet_ctx_t parsectx); prefitem_t *copy_prefs (const prefitem_t *prefs); PKT_public_key *copy_public_key( PKT_public_key *d, PKT_public_key *s ); PKT_signature *copy_signature( PKT_signature *d, PKT_signature *s ); diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 7766a45..ab273a5 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -352,6 +352,9 @@ dbg_copy_all_packets (iobuf_t inp, iobuf_t out, const char *dbg_f, int dbg_l) (rc = parse (&parsectx, &pkt, 0, NULL, &skip, out, 0, "copy", dbg_f, dbg_l))); + + deinit_parse_packet (&parsectx); + return rc; } #else /*!DEBUG_PARSE_PACKET*/ @@ -372,6 +375,9 @@ copy_all_packets (iobuf_t inp, iobuf_t out) init_packet (&pkt); } while (!(rc = parse (&parsectx, &pkt, 0, NULL, &skip, out, 0))); + + deinit_parse_packet (&parsectx); + return rc; } #endif /*!DEBUG_PARSE_PACKET*/ @@ -397,11 +403,17 @@ dbg_copy_some_packets (iobuf_t inp, iobuf_t out, off_t stopoff, do { if (iobuf_tell (inp) >= stopoff) - return 0; + { + deinit_parse_packet (&parsectx); + return 0; + } init_packet (&pkt); } while (!(rc = parse (&parsectx, &pkt, 0, NULL, &skip, out, 0, "some", dbg_f, dbg_l))); + + deinit_parse_packet (&parsectx); + return rc; } #else /*!DEBUG_PARSE_PACKET*/ @@ -418,10 +430,16 @@ copy_some_packets (iobuf_t inp, iobuf_t out, off_t stopoff) do { if (iobuf_tell (inp) >= stopoff) - return 0; + { + deinit_parse_packet (&parsectx); + return 0; + } init_packet (&pkt); } while (!(rc = parse (&parsectx, &pkt, 0, NULL, &skip, out, 0))); + + deinit_parse_packet (&parsectx); + return rc; } #endif /*!DEBUG_PARSE_PACKET*/ @@ -447,6 +465,9 @@ dbg_skip_some_packets (iobuf_t inp, unsigned n, const char *dbg_f, int dbg_l) rc = parse (&parsectx, &pkt, 0, NULL, &skip, NULL, 1, "skip", dbg_f, dbg_l); } + + deinit_parse_packet (&parsectx); + return rc; } #else /*!DEBUG_PARSE_PACKET*/ @@ -465,6 +486,9 @@ skip_some_packets (iobuf_t inp, unsigned int n) init_packet (&pkt); rc = parse (&parsectx, &pkt, 0, NULL, &skip, NULL, 1); } + + deinit_parse_packet (&parsectx); + return rc; } #endif /*!DEBUG_PARSE_PACKET*/ @@ -804,6 +828,16 @@ parse (parse_packet_ctx_t ctx, PACKET *pkt, int onlykeypkts, off_t * retpos, break; } + /* Store a shallow copy of certain packets in the context. */ + if (!rc && (pkttype == PKT_PUBLIC_KEY + || pkttype == PKT_SECRET_KEY + || pkttype == PKT_USER_ID + || pkttype == PKT_ATTRIBUTE + || pkttype == PKT_SIGNATURE)) + ctx->last_pkt = pkt; + else + ctx->last_pkt = NULL; + leave: /* FIXME: We leak in case of an error (see the xmalloc's above). */ if (!rc && iobuf_error (inp)) diff --git a/g10/sign.c b/g10/sign.c index 801c809..9bb1f44 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -575,7 +575,7 @@ write_onepass_sig_packets (SK_LIST sk_list, IOBUF out, int sigclass ) pkt.pkttype = PKT_ONEPASS_SIG; pkt.pkt.onepass_sig = ops; rc = build_packet (out, &pkt); - free_packet (&pkt); + free_packet (&pkt, NULL); if (rc) { log_error ("build onepass_sig packet failed: %s\n", gpg_strerror (rc)); @@ -645,7 +645,7 @@ write_plaintext_packet (IOBUF out, IOBUF inp, const char *fname, int ptmode) log_error ("build_packet(PLAINTEXT) failed: %s\n", gpg_strerror (rc) ); pt->buf = NULL; - free_packet (&pkt); + free_packet (&pkt, NULL); } else { byte copy_buffer[4096]; @@ -732,7 +732,7 @@ write_signature_packets (SK_LIST sk_list, IOBUF out, gcry_md_hd_t hash, rc = build_packet (out, &pkt); if (!rc && is_status_enabled()) print_status_sig_created (pk, sig, status_letter); - free_packet (&pkt); + free_packet (&pkt, NULL); if (rc) log_error ("build signature packet failed: %s\n", gpg_strerror (rc)); commit ba57f8302a3ee12ff117b0243047241c44388179 Author: Werner Koch Date: Wed Mar 29 11:28:30 2017 +0200 indent: Re-indent function free-packet. -- Signed-off-by: Werner Koch diff --git a/g10/free-packet.c b/g10/free-packet.c index 01db2a0..4cf80a4 100644 --- a/g10/free-packet.c +++ b/g10/free-packet.c @@ -395,56 +395,59 @@ free_plaintext( PKT_plaintext *pt ) } /**************** - * Free the packet in pkt. + * Free the packet in PKT. */ void -free_packet( PACKET *pkt ) +free_packet (PACKET *pkt) { - if( !pkt || !pkt->pkt.generic ) - return; - - if( DBG_MEMORY ) - log_debug("free_packet() type=%d\n", pkt->pkttype ); - - switch( pkt->pkttype ) { - case PKT_SIGNATURE: - free_seckey_enc( pkt->pkt.signature ); - break; - case PKT_PUBKEY_ENC: - free_pubkey_enc( pkt->pkt.pubkey_enc ); - break; - case PKT_SYMKEY_ENC: - free_symkey_enc( pkt->pkt.symkey_enc ); - break; - case PKT_PUBLIC_KEY: - case PKT_PUBLIC_SUBKEY: - case PKT_SECRET_KEY: - case PKT_SECRET_SUBKEY: - free_public_key (pkt->pkt.public_key); - break; - case PKT_COMMENT: - free_comment( pkt->pkt.comment ); - break; - case PKT_USER_ID: - free_user_id( pkt->pkt.user_id ); - break; - case PKT_COMPRESSED: - free_compressed( pkt->pkt.compressed); - break; - case PKT_ENCRYPTED: - case PKT_ENCRYPTED_MDC: - free_encrypted( pkt->pkt.encrypted ); - break; - case PKT_PLAINTEXT: - free_plaintext( pkt->pkt.plaintext ); - break; - default: - xfree( pkt->pkt.generic ); - break; + if (!pkt || !pkt->pkt.generic) + return; + + if (DBG_MEMORY) + log_debug ("free_packet() type=%d\n", pkt->pkttype); + + switch (pkt->pkttype) + { + case PKT_SIGNATURE: + free_seckey_enc (pkt->pkt.signature); + break; + case PKT_PUBKEY_ENC: + free_pubkey_enc (pkt->pkt.pubkey_enc); + break; + case PKT_SYMKEY_ENC: + free_symkey_enc (pkt->pkt.symkey_enc); + break; + case PKT_PUBLIC_KEY: + case PKT_PUBLIC_SUBKEY: + case PKT_SECRET_KEY: + case PKT_SECRET_SUBKEY: + free_public_key (pkt->pkt.public_key); + break; + case PKT_COMMENT: + free_comment (pkt->pkt.comment); + break; + case PKT_USER_ID: + free_user_id (pkt->pkt.user_id); + break; + case PKT_COMPRESSED: + free_compressed (pkt->pkt.compressed); + break; + case PKT_ENCRYPTED: + case PKT_ENCRYPTED_MDC: + free_encrypted (pkt->pkt.encrypted); + break; + case PKT_PLAINTEXT: + free_plaintext (pkt->pkt.plaintext); + break; + default: + xfree (pkt->pkt.generic); + break; } - pkt->pkt.generic = NULL; + + pkt->pkt.generic = NULL; } + /**************** * returns 0 if they match. */ ----------------------------------------------------------------------- Summary of changes: doc/DETAILS | 37 +++++++++ g10/build-packet.c | 102 ++++++++++++++++++++++-- g10/encrypt.c | 4 +- g10/export.c | 29 ++++--- g10/free-packet.c | 119 +++++++++++++++++----------- g10/import.c | 33 ++++---- g10/kbnode.c | 8 +- g10/keydb.c | 13 ++-- g10/keydb.h | 13 ++++ g10/keyedit.c | 19 ++--- g10/keygen.c | 2 +- g10/keyring.c | 79 ++++--------------- g10/mainproc.c | 32 +++----- g10/packet.h | 58 +++++++++++--- g10/parse-packet.c | 222 +++++++++++++++++++++++++++++++++++++++++++++-------- g10/sign.c | 6 +- 16 files changed, 545 insertions(+), 231 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 30 10:38:46 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 30 Mar 2017 10:38:46 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-94-g6466540 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 64665404e43051fa50ee030766347e24b7d1e4d5 (commit) from a8895c99a7d0750132477d80cd66caaf3a709113 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 64665404e43051fa50ee030766347e24b7d1e4d5 Author: Werner Koch Date: Thu Mar 30 10:35:20 2017 +0200 gpg: Fix export porting of zero length user ID packets. * g10/build-packet.c (do_user_id): Avoid indeterminate length header. -- We are able to import such user ids but when exporting them the exported data could not be imported again because the parser bails out on invalid keyrings. This is now fixed and should be backported. Signed-off-by: Werner Koch diff --git a/g10/build-packet.c b/g10/build-packet.c index 60e7d45..1ee57e0 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -415,18 +415,26 @@ static int do_user_id( IOBUF out, int ctb, PKT_user_id *uid ) { int rc; + int hdrlen; log_assert (ctb_pkttype (ctb) == PKT_USER_ID || ctb_pkttype (ctb) == PKT_ATTRIBUTE); + /* We need to take special care that doe user ID with a length of 0: + * Without forcing HDRLEN to 2 in this case an indeterminate length + * packet would be written which is not allowed. Note that we are + * always called with a CTB indicating an old packet header format, + * so that forcing a 2 octet header works. */ if (uid->attrib_data) { - write_header(out, ctb, uid->attrib_len); + hdrlen = uid->attrib_len? 0 : 2; + write_header2 (out, ctb, uid->attrib_len, hdrlen); rc = iobuf_write( out, uid->attrib_data, uid->attrib_len ); } else { - write_header2( out, ctb, uid->len, 0 ); + hdrlen = uid->len? 0 : 2; + write_header2 (out, ctb, uid->len, hdrlen); rc = iobuf_write( out, uid->name, uid->len ); } return rc; ----------------------------------------------------------------------- Summary of changes: g10/build-packet.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 30 10:53:04 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 30 Mar 2017 10:53:04 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.30-29-g2975eee Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 2975eee420007557a138445d0505f1d590d88d7e (commit) from 5c599e4f6edd288f4759c9fc2bcf9fe87dee1836 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2975eee420007557a138445d0505f1d590d88d7e Author: Werner Koch Date: Thu Mar 30 10:35:20 2017 +0200 gpg: Fix export porting of zero length user ID packets. * g10/build-packet.c (do_user_id): Avoid indeterminate length header. -- We are able to import such user ids but when exporting them the exported data could not be imported again because the parser bails out on invalid keyrings. This is now fixed and should be backported. Note that in 2.0 this is only an issue for attribute packets. In 2.1 user IDs were also affected.a Signed-off-by: Werner Koch diff --git a/g10/build-packet.c b/g10/build-packet.c index 5cc03cf..d7f2291 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -233,12 +233,17 @@ do_user_id( IOBUF out, int ctb, PKT_user_id *uid ) if( uid->attrib_data ) { - write_header(out, ctb, uid->attrib_len); + /* We need to take special care of a user ID with a length of 0: + * Without forcing HDRLEN to 2 in this case an indeterminate length + * packet would be written which is not allowed. Note that we are + * always called with a CTB indicating an old packet header format, + * so that forcing a 2 octet header works. */ + write_header2 (out, ctb, uid->attrib_len, (uid->attrib_len? 0 : 2)); rc = iobuf_write( out, uid->attrib_data, uid->attrib_len ); } else { - write_header2( out, ctb, uid->len, 2 ); + write_header2 (out, ctb, uid->len, 2); rc = iobuf_write( out, uid->name, uid->len ); } return rc; ----------------------------------------------------------------------- Summary of changes: g10/build-packet.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 30 11:04:16 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 30 Mar 2017 11:04:16 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.21-5-gbb61191 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via bb61191aad98c3dbb487c1f76dd1552d44a52fe3 (commit) from 23944d0249b7a6dc854dcc8b0c7c74cd46b1341e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit bb61191aad98c3dbb487c1f76dd1552d44a52fe3 Author: Werner Koch Date: Thu Mar 30 10:35:20 2017 +0200 gpg: Fix exporting of zero length user ID packets. * g10/build-packet.c (do_user_id): Avoid indeterminate length header. -- We are able to import such user ids but when exporting them the exported data could not be imported again because the parser bails out on invalid keyrings. This is now fixed and should be backported. Note that in 1.4 and 2.0 this is only an issue for attribute packets. In 2.1 user IDs were also affected.a Signed-off-by: Werner Koch diff --git a/g10/build-packet.c b/g10/build-packet.c index 028d064..2e9dfa4 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -204,7 +204,12 @@ do_user_id( IOBUF out, int ctb, PKT_user_id *uid ) { if( uid->attrib_data ) { - write_header(out, ctb, uid->attrib_len); + /* We need to take special care of a user ID with a length of 0: + * Without forcing HDRLEN to 2 in this case an indeterminate length + * packet would be written which is not allowed. Note that we are + * always called with a CTB indicating an old packet header format, + * so that forcing a 2 octet header works. */ + write_header2(out, ctb, uid->attrib_len, (uid->attrib_len? 0 : 2)); if( iobuf_write( out, uid->attrib_data, uid->attrib_len ) ) return G10ERR_WRITE_FILE; } ----------------------------------------------------------------------- Summary of changes: g10/build-packet.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 30 14:45:10 2017 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Thu, 30 Mar 2017 14:45:10 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.9.0-7-g2c063a8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 2c063a8d60418ee59ae80da221420c6f3fa19abb (commit) from 9786e3a96e6772166f3523e74a748b9db20fae7c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2c063a8d60418ee59ae80da221420c6f3fa19abb Author: Andre Heinecke Date: Thu Mar 30 14:36:49 2017 +0200 qt: Handle if gpg does not support tofu in test * lang/qt/src/t-tofuinfo.cpp (TestTofuInfo::testSupported): Treat it as unsupported if secret keylisting already fails. -- The likely cause of this is that the agent can't be started because the trust model is unsupported. Other tests check that keylisting actually works. diff --git a/lang/qt/tests/t-tofuinfo.cpp b/lang/qt/tests/t-tofuinfo.cpp index e16b1fd..8d040bc 100644 --- a/lang/qt/tests/t-tofuinfo.cpp +++ b/lang/qt/tests/t-tofuinfo.cpp @@ -118,7 +118,24 @@ Q_SIGNALS: private: bool testSupported() { - return !(GpgME::engineInfo(GpgME::GpgEngine).engineVersion() < "2.1.16"); + static bool initialized, supported; + if (initialized) { + return supported; + } + initialized = true; + if (GpgME::engineInfo(GpgME::GpgEngine).engineVersion() < "2.1.16") { + return false; + } + // If the keylist fails here this means that gnupg does not + // support tofu at all. It can be disabled at compile time. So no + // tests. + auto *job = openpgp()->keyListJob(false, false, false); + job->addMode(GpgME::WithTofu); + std::vector keys; + job->exec(QStringList() << QStringLiteral("zulu at example.net"), true, keys); + delete job; + supported = !keys.empty(); + return supported; } void testTofuCopy(TofuInfo other, const TofuInfo &orig) @@ -402,6 +419,10 @@ private Q_SLOTS: void testTofuConflict() { + if (!testSupported()) { + return; + } + if (GpgME::engineInfo(GpgME::GpgEngine).engineVersion() < "2.1.19") { return; } ----------------------------------------------------------------------- Summary of changes: lang/qt/tests/t-tofuinfo.cpp | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 30 15:48:57 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Thu, 30 Mar 2017 15:48:57 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.9.0-8-g159505a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 159505a28864399cc5405d9f85f35ab011a3259e (commit) from 2c063a8d60418ee59ae80da221420c6f3fa19abb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 159505a28864399cc5405d9f85f35ab011a3259e Author: Justus Winter Date: Thu Mar 30 14:58:29 2017 +0200 python: Fix skipping tests if running with GnuPG < 2.1.12. * final.py: Import 'support.py' for the side-effect of checking the GnuPG version. * t-data.py: Likewise. * t-protocol-assuan.py: Likewise. * t-wrapper.py: Likewise. * t-callbacks.py: Avoid warning about 'support' being unused. * t-edit.py: Likewise. * t-encrypt-sym.py: Likewise. * t-file-name.py: Likewise. * t-idiomatic.py: Likewise. * t-sig-notation.py: Likewise. * t-trustlist.py: Likewise. * t-verify.py: Likewise. * t-wait.py: Likewise. * t-keylist-from-data.py: Trim unused imports. GnuPG-bug-id: 3008 Fixes-commit: 348da58fe0c3656e6177c98fef6b4c4331326c8e Signed-off-by: Justus Winter diff --git a/lang/python/tests/final.py b/lang/python/tests/final.py index 8e7ab33..65375cb 100755 --- a/lang/python/tests/final.py +++ b/lang/python/tests/final.py @@ -22,6 +22,8 @@ del absolute_import, print_function, unicode_literals import os import subprocess +import support +_ = support # to appease pyflakes. subprocess.check_call([os.path.join(os.getenv('top_srcdir'), "tests", "start-stop-agent"), "--stop"]) diff --git a/lang/python/tests/t-callbacks.py b/lang/python/tests/t-callbacks.py index 94cf11e..9a70cda 100755 --- a/lang/python/tests/t-callbacks.py +++ b/lang/python/tests/t-callbacks.py @@ -23,8 +23,7 @@ del absolute_import, print_function, unicode_literals import os import gpg import support - -support.assert_gpg_version() +_ = support # to appease pyflakes. c = gpg.Context() c.set_pinentry_mode(gpg.constants.PINENTRY_MODE_LOOPBACK) diff --git a/lang/python/tests/t-data.py b/lang/python/tests/t-data.py index d1facd4..3301319 100755 --- a/lang/python/tests/t-data.py +++ b/lang/python/tests/t-data.py @@ -24,6 +24,8 @@ import io import os import tempfile import gpg +import support +_ = support # to appease pyflakes. data = gpg.Data('Hello world!') assert data.read() == b'Hello world!' diff --git a/lang/python/tests/t-edit.py b/lang/python/tests/t-edit.py index ffc3296..b1075a9 100755 --- a/lang/python/tests/t-edit.py +++ b/lang/python/tests/t-edit.py @@ -25,8 +25,7 @@ import sys import os import gpg import support - -support.assert_gpg_version() +_ = support # to appease pyflakes. class KeyEditor(object): def __init__(self): diff --git a/lang/python/tests/t-encrypt-sym.py b/lang/python/tests/t-encrypt-sym.py index 8ee9cd6..8299293 100755 --- a/lang/python/tests/t-encrypt-sym.py +++ b/lang/python/tests/t-encrypt-sym.py @@ -23,8 +23,7 @@ del absolute_import, print_function, unicode_literals import os import gpg import support - -support.assert_gpg_version() +_ = support # to appease pyflakes. for passphrase in ("abc", b"abc"): c = gpg.Context() diff --git a/lang/python/tests/t-file-name.py b/lang/python/tests/t-file-name.py index aab5680..32fe84a 100755 --- a/lang/python/tests/t-file-name.py +++ b/lang/python/tests/t-file-name.py @@ -23,6 +23,7 @@ del absolute_import, print_function, unicode_literals import os import gpg import support +_ = support # to appease pyflakes. testname = "abcde12345" diff --git a/lang/python/tests/t-idiomatic.py b/lang/python/tests/t-idiomatic.py index 826bc23..b7ae4eb 100755 --- a/lang/python/tests/t-idiomatic.py +++ b/lang/python/tests/t-idiomatic.py @@ -26,6 +26,7 @@ import os import tempfile import gpg import support +_ = support # to appease pyflakes. # Both Context and Data can be used as context manager: with gpg.Context() as c, gpg.Data() as d: diff --git a/lang/python/tests/t-keylist-from-data.py b/lang/python/tests/t-keylist-from-data.py index 6a26267..6503eb7 100755 --- a/lang/python/tests/t-keylist-from-data.py +++ b/lang/python/tests/t-keylist-from-data.py @@ -20,8 +20,6 @@ from __future__ import absolute_import, print_function, unicode_literals del absolute_import, print_function, unicode_literals -import os -import sys import gpg import support diff --git a/lang/python/tests/t-protocol-assuan.py b/lang/python/tests/t-protocol-assuan.py index 27b28c7..8da5035 100755 --- a/lang/python/tests/t-protocol-assuan.py +++ b/lang/python/tests/t-protocol-assuan.py @@ -21,6 +21,8 @@ from __future__ import absolute_import, print_function, unicode_literals del absolute_import, print_function, unicode_literals import gpg +import support +_ = support # to appease pyflakes. with gpg.Context(protocol=gpg.constants.protocol.ASSUAN) as c: # Do nothing. diff --git a/lang/python/tests/t-sig-notation.py b/lang/python/tests/t-sig-notation.py index 2277497..bc8da2e 100755 --- a/lang/python/tests/t-sig-notation.py +++ b/lang/python/tests/t-sig-notation.py @@ -23,6 +23,7 @@ del absolute_import, print_function, unicode_literals import os import gpg import support +_ = support # to appease pyflakes. expected_notations = { "laughing at me": ("Just Squeeze Me", gpg.constants.sig.notation.HUMAN_READABLE), diff --git a/lang/python/tests/t-trustlist.py b/lang/python/tests/t-trustlist.py index 8586596..89524bb 100755 --- a/lang/python/tests/t-trustlist.py +++ b/lang/python/tests/t-trustlist.py @@ -22,6 +22,7 @@ del absolute_import, print_function, unicode_literals import gpg import support +_ = support # to appease pyflakes. c = gpg.Context() diff --git a/lang/python/tests/t-verify.py b/lang/python/tests/t-verify.py index 0347638..320dae6 100755 --- a/lang/python/tests/t-verify.py +++ b/lang/python/tests/t-verify.py @@ -24,6 +24,7 @@ import sys import os import gpg import support +_ = support # to appease pyflakes. test_text1 = b"Just GNU it!\n" test_text1f= b"Just GNU it?\n" diff --git a/lang/python/tests/t-wait.py b/lang/python/tests/t-wait.py index 0c403fa..3101301 100755 --- a/lang/python/tests/t-wait.py +++ b/lang/python/tests/t-wait.py @@ -23,6 +23,7 @@ del absolute_import, print_function, unicode_literals import time import gpg import support +_ = support # to appease pyflakes. c = gpg.Context() c.set_armor(True) diff --git a/lang/python/tests/t-wrapper.py b/lang/python/tests/t-wrapper.py index 79f047f..08a320d 100755 --- a/lang/python/tests/t-wrapper.py +++ b/lang/python/tests/t-wrapper.py @@ -18,6 +18,8 @@ # License along with this program; if not, see . import gpg +import support +_ = support # to appease pyflakes. d0 = gpg.Data() d0.seek # trigger on-demand-wrapping ----------------------------------------------------------------------- Summary of changes: lang/python/tests/final.py | 2 ++ lang/python/tests/t-callbacks.py | 3 +-- lang/python/tests/t-data.py | 2 ++ lang/python/tests/t-edit.py | 3 +-- lang/python/tests/t-encrypt-sym.py | 3 +-- lang/python/tests/t-file-name.py | 1 + lang/python/tests/t-idiomatic.py | 1 + lang/python/tests/t-keylist-from-data.py | 2 -- lang/python/tests/t-protocol-assuan.py | 2 ++ lang/python/tests/t-sig-notation.py | 1 + lang/python/tests/t-trustlist.py | 1 + lang/python/tests/t-verify.py | 1 + lang/python/tests/t-wait.py | 1 + lang/python/tests/t-wrapper.py | 2 ++ 14 files changed, 17 insertions(+), 8 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 30 16:06:07 2017 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 30 Mar 2017 16:06:07 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-96-ga6142db Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via a6142dbdbc5783043deb847dc64998c421860941 (commit) via 7bf24e8146116a30c4c9d7b6dbf8bbb27fc35971 (commit) from 64665404e43051fa50ee030766347e24b7d1e4d5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a6142dbdbc5783043deb847dc64998c421860941 Author: Werner Koch Date: Thu Mar 30 15:18:45 2017 +0200 gpg: Remove the use of the signature information from a KBX. * g10/keydb.c (keyblock_cache): Remove field SIGSTATUS. (keyblock_cache_clear): Adjust for that removal. (parse_keyblock_image): Remove arg SIGSTATUS. Remove the signature cache setting; this is now done in the parser. (keydb_get_keyblock): Do not set SIGSTATUS. (build_keyblock_image): Remove arg SIGSTATUS and simplify. Change caller. * kbx/keybox-blob.c: Explain that the signature information is not anymore used. (_keybox_create_openpgp_blob): Remove arg SIGSTATUS and change callers. * kbx/keybox-search.c (keybox_get_keyblock): Remove arg R_SIGSTATUS and change callers. * kbx/keybox-update.c (keybox_insert_keyblock): Likewise. -- This thing was too complicated and has been replaced by the new ring trust packet code. Signed-off-by: Werner Koch diff --git a/g10/keydb.c b/g10/keydb.c index 67957f8..b255c3f 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -82,7 +82,6 @@ struct keyblock_cache { enum keyblock_cache_states state; byte fpr[MAX_FINGERPRINT_LEN]; iobuf_t iobuf; /* Image of the keyblock. */ - u32 *sigstatus; int pk_no; int uid_no; /* Offset of the record in the keybox. */ @@ -248,8 +247,6 @@ static void keyblock_cache_clear (struct keydb_handle *hd) { hd->keyblock_cache.state = KEYBLOCK_CACHE_EMPTY; - xfree (hd->keyblock_cache.sigstatus); - hd->keyblock_cache.sigstatus = NULL; iobuf_close (hd->keyblock_cache.iobuf); hd->keyblock_cache.iobuf = NULL; hd->keyblock_cache.resource = -1; @@ -1153,7 +1150,7 @@ keydb_pop_found_state (KEYDB_HANDLE hd) static gpg_error_t parse_keyblock_image (iobuf_t iobuf, int pk_no, int uid_no, - const u32 *sigstatus, kbnode_t *r_keyblock) + kbnode_t *r_keyblock) { gpg_error_t err; struct parse_packet_ctx_s parsectx; @@ -1161,7 +1158,6 @@ parse_keyblock_image (iobuf_t iobuf, int pk_no, int uid_no, kbnode_t keyblock = NULL; kbnode_t node, *tail; int in_cert, save_mode; - u32 n_sigs; int pk_count, uid_count; *r_keyblock = NULL; @@ -1173,7 +1169,6 @@ parse_keyblock_image (iobuf_t iobuf, int pk_no, int uid_no, init_parse_packet (&parsectx, iobuf); save_mode = set_packet_list_mode (0); in_cert = 0; - n_sigs = 0; tail = NULL; pk_count = uid_count = 0; while ((err = parse_packet (&parsectx, pkt)) != -1) @@ -1233,36 +1228,6 @@ parse_keyblock_image (iobuf_t iobuf, int pk_no, int uid_no, } in_cert = 1; - if (pkt->pkttype == PKT_SIGNATURE && sigstatus) - { - PKT_signature *sig = pkt->pkt.signature; - - n_sigs++; - if (n_sigs > sigstatus[0]) - { - log_error ("parse_keyblock_image: " - "more signatures than found in the meta data\n"); - err = gpg_error (GPG_ERR_INV_KEYRING); - break; - - } - if (sigstatus[n_sigs]) - { - sig->flags.checked = 1; - if (sigstatus[n_sigs] == 1 ) - ; /* missing key */ - else if (sigstatus[n_sigs] == 2 ) - ; /* bad signature */ - else if (sigstatus[n_sigs] < 0x10000000) - ; /* bad flag */ - else - { - sig->flags.valid = 1; - /* Fixme: Shall we set the expired flag here? */ - } - } - } - node = new_kbnode (pkt); switch (pkt->pkttype) @@ -1302,12 +1267,6 @@ parse_keyblock_image (iobuf_t iobuf, int pk_no, int uid_no, if (err == -1 && keyblock) err = 0; /* Got the entire keyblock. */ - if (!err && sigstatus && n_sigs != sigstatus[0]) - { - log_error ("parse_keyblock_image: signature count does not match\n"); - err = gpg_error (GPG_ERR_INV_KEYRING); - } - if (err) release_kbnode (keyblock); else @@ -1354,7 +1313,6 @@ keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb) err = parse_keyblock_image (hd->keyblock_cache.iobuf, hd->keyblock_cache.pk_no, hd->keyblock_cache.uid_no, - hd->keyblock_cache.sigstatus, ret_kb); if (err) keyblock_cache_clear (hd); @@ -1379,26 +1337,22 @@ keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb) case KEYDB_RESOURCE_TYPE_KEYBOX: { iobuf_t iobuf; - u32 *sigstatus; int pk_no, uid_no; err = keybox_get_keyblock (hd->active[hd->found].u.kb, - &iobuf, &pk_no, &uid_no, &sigstatus); + &iobuf, &pk_no, &uid_no); if (!err) { - err = parse_keyblock_image (iobuf, pk_no, uid_no, sigstatus, - ret_kb); + err = parse_keyblock_image (iobuf, pk_no, uid_no, ret_kb); if (!err && hd->keyblock_cache.state == KEYBLOCK_CACHE_PREPARED) { hd->keyblock_cache.state = KEYBLOCK_CACHE_FILLED; - hd->keyblock_cache.sigstatus = sigstatus; hd->keyblock_cache.iobuf = iobuf; hd->keyblock_cache.pk_no = pk_no; hd->keyblock_cache.uid_no = uid_no; } else { - xfree (sigstatus); iobuf_close (iobuf); } } @@ -1417,39 +1371,18 @@ keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb) /* Build a keyblock image from KEYBLOCK. Returns 0 on success and - only then stores a new iobuf object at R_IOBUF and a signature - status vecotor at R_SIGSTATUS. */ + * only then stores a new iobuf object at R_IOBUF. */ static gpg_error_t -build_keyblock_image (kbnode_t keyblock, iobuf_t *r_iobuf, u32 **r_sigstatus) +build_keyblock_image (kbnode_t keyblock, iobuf_t *r_iobuf) { gpg_error_t err; iobuf_t iobuf; kbnode_t kbctx, node; - u32 n_sigs; - u32 *sigstatus; *r_iobuf = NULL; - if (r_sigstatus) - *r_sigstatus = NULL; - - /* Allocate a vector for the signature cache. This is an array of - u32 values with the first value giving the number of elements to - follow and each element descriping the cache status of the - signature. */ - if (r_sigstatus) - { - for (kbctx=NULL, n_sigs=0; (node = walk_kbnode (keyblock, &kbctx, 0));) - if (node->pkt->pkttype == PKT_SIGNATURE) - n_sigs++; - sigstatus = xtrycalloc (1+n_sigs, sizeof *sigstatus); - if (!sigstatus) - return gpg_error_from_syserror (); - } - else - sigstatus = NULL; iobuf = iobuf_temp (); - for (kbctx = NULL, n_sigs = 0; (node = walk_kbnode (keyblock, &kbctx, 0));) + for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));) { /* Make sure to use only packets valid on a keyblock. */ switch (node->pkt->pkttype) @@ -1471,36 +1404,9 @@ build_keyblock_image (kbnode_t keyblock, iobuf_t *r_iobuf, u32 **r_sigstatus) iobuf_close (iobuf); return err; } - - /* Build signature status vector. */ - if (node->pkt->pkttype == PKT_SIGNATURE) - { - PKT_signature *sig = node->pkt->pkt.signature; - - n_sigs++; - /* Fixme: Detect the "missing key" status. */ - if (sig->flags.checked && sigstatus) - { - if (sig->flags.valid) - { - if (!sig->expiredate) - sigstatus[n_sigs] = 0xffffffff; - else if (sig->expiredate < 0x1000000) - sigstatus[n_sigs] = 0x10000000; - else - sigstatus[n_sigs] = sig->expiredate; - } - else - sigstatus[n_sigs] = 0x00000002; /* Bad signature. */ - } - } } - if (sigstatus) - sigstatus[0] = n_sigs; *r_iobuf = iobuf; - if (r_sigstatus) - *r_sigstatus = sigstatus; return 0; } @@ -1574,7 +1480,7 @@ keydb_update_keyblock (ctrl_t ctrl, KEYDB_HANDLE hd, kbnode_t kb) { iobuf_t iobuf; - err = build_keyblock_image (kb, &iobuf, NULL); + err = build_keyblock_image (kb, &iobuf); if (!err) { err = keybox_update_keyblock (hd->active[hd->found].u.kb, @@ -1641,16 +1547,13 @@ keydb_insert_keyblock (KEYDB_HANDLE hd, kbnode_t kb) included in the keybox code. Eventually we can change this kludge to have the caller pass the image. */ iobuf_t iobuf; - u32 *sigstatus; - err = build_keyblock_image (kb, &iobuf, &sigstatus); + err = build_keyblock_image (kb, &iobuf); if (!err) { err = keybox_insert_keyblock (hd->active[idx].u.kb, iobuf_get_temp_buffer (iobuf), - iobuf_get_temp_length (iobuf), - sigstatus); - xfree (sigstatus); + iobuf_get_temp_length (iobuf)); iobuf_close (iobuf); } } diff --git a/kbx/kbxutil.c b/kbx/kbxutil.c index 6094298..0889231 100644 --- a/kbx/kbxutil.c +++ b/kbx/kbxutil.c @@ -411,8 +411,7 @@ import_openpgp (const char *filename, int dryrun) dump_openpgp_key (&info, p); else { - err = _keybox_create_openpgp_blob (&blob, &info, p, nparsed, - NULL, 0); + err = _keybox_create_openpgp_blob (&blob, &info, p, nparsed, 0); if (err) { fflush (stdout); diff --git a/kbx/keybox-blob.c b/kbx/keybox-blob.c index f3bdceb..82f1cfe 100644 --- a/kbx/keybox-blob.c +++ b/kbx/keybox-blob.c @@ -101,7 +101,9 @@ - u16 [NSIGS] Number of signatures - u16 Size of signature information (4) - NSIGS times: - - u32 Expiration time of signature with some special values: + - u32 Expiration time of signature with some special values. + Since version 2.1.20 these special valuesare not anymore + used for OpenPGP: - 0x00000000 = not checked - 0x00000001 = missing key - 0x00000002 = bad signature @@ -705,7 +707,6 @@ _keybox_create_openpgp_blob (KEYBOXBLOB *r_blob, keybox_openpgp_info_t info, const unsigned char *image, size_t imagelen, - u32 *sigstatus, int as_ephemeral) { gpg_error_t err; @@ -713,11 +714,6 @@ _keybox_create_openpgp_blob (KEYBOXBLOB *r_blob, *r_blob = NULL; - /* If we have a signature status vector, check that the number of - elements matches the actual number of signatures. */ - if (sigstatus && sigstatus[0] != info->nsigs) - return gpg_error (GPG_ERR_INTERNAL); - blob = xtrycalloc (1, sizeof *blob); if (!blob) return gpg_error_from_syserror (); @@ -756,7 +752,7 @@ _keybox_create_openpgp_blob (KEYBOXBLOB *r_blob, if (err) goto leave; pgp_create_uid_part (blob, info); - pgp_create_sig_part (blob, sigstatus); + pgp_create_sig_part (blob, NULL); init_membuf (&blob->bufbuf, 1024); blob->buf = &blob->bufbuf; diff --git a/kbx/keybox-defs.h b/kbx/keybox-defs.h index d9c3d3a..b8b8377 100644 --- a/kbx/keybox-defs.h +++ b/kbx/keybox-defs.h @@ -155,7 +155,6 @@ gpg_error_t _keybox_create_openpgp_blob (KEYBOXBLOB *r_blob, keybox_openpgp_info_t info, const unsigned char *image, size_t imagelen, - u32 *sigstatus, int as_ephemeral); #ifdef KEYBOX_WITH_X509 int _keybox_create_x509_blob (KEYBOXBLOB *r_blob, ksba_cert_t cert, diff --git a/kbx/keybox-search.c b/kbx/keybox-search.c index cc114c6..56515d1 100644 --- a/kbx/keybox-search.c +++ b/kbx/keybox-search.c @@ -1048,23 +1048,20 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc, /* Return the last found keyblock. Returns 0 on success and stores a - new iobuf at R_IOBUF and a signature status vector at R_SIGSTATUS - in that case. R_UID_NO and R_PK_NO are used to retun the number of - the key or user id which was matched the search criteria; if not - known they are set to 0. */ + * new iobuf at R_IOBUF. R_UID_NO and R_PK_NO are used to retun the + * number of the key or user id which was matched the search criteria; + * if not known they are set to 0. */ gpg_error_t keybox_get_keyblock (KEYBOX_HANDLE hd, iobuf_t *r_iobuf, - int *r_pk_no, int *r_uid_no, u32 **r_sigstatus) + int *r_pk_no, int *r_uid_no) { gpg_error_t err; - const unsigned char *buffer, *p; + const unsigned char *buffer; size_t length; size_t image_off, image_len; size_t siginfo_off, siginfo_len; - u32 *sigstatus, n, n_sigs, sigilen; *r_iobuf = NULL; - *r_sigstatus = NULL; if (!hd) return gpg_error (GPG_ERR_INV_VALUE); @@ -1086,19 +1083,9 @@ keybox_get_keyblock (KEYBOX_HANDLE hd, iobuf_t *r_iobuf, &siginfo_off, &siginfo_len); if (err) return err; - n_sigs = get16 (buffer + siginfo_off); - sigilen = get16 (buffer + siginfo_off + 2); - p = buffer + siginfo_off + 4; - sigstatus = xtrymalloc ((1+n_sigs) * sizeof *sigstatus); - if (!sigstatus) - return gpg_error_from_syserror (); - sigstatus[0] = n_sigs; - for (n=1; n <= n_sigs; n++, p += sigilen) - sigstatus[n] = get32 (p); *r_pk_no = hd->found.pk_no; *r_uid_no = hd->found.uid_no; - *r_sigstatus = sigstatus; *r_iobuf = iobuf_temp_with_content (buffer+image_off, image_len); return 0; } diff --git a/kbx/keybox-update.c b/kbx/keybox-update.c index 31171de..0b0f56b 100644 --- a/kbx/keybox-update.c +++ b/kbx/keybox-update.c @@ -353,12 +353,9 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob, } -/* Insert the OpenPGP keyblock {IMAGE,IMAGELEN} into HD. SIGSTATUS is - a vector describing the status of the signatures; its first element - gives the number of following elements. */ +/* Insert the OpenPGP keyblock {IMAGE,IMAGELEN} into HD. */ gpg_error_t -keybox_insert_keyblock (KEYBOX_HANDLE hd, const void *image, size_t imagelen, - u32 *sigstatus) +keybox_insert_keyblock (KEYBOX_HANDLE hd, const void *image, size_t imagelen) { gpg_error_t err; const char *fname; @@ -385,7 +382,7 @@ keybox_insert_keyblock (KEYBOX_HANDLE hd, const void *image, size_t imagelen, return err; assert (nparsed <= imagelen); err = _keybox_create_openpgp_blob (&blob, &info, image, imagelen, - sigstatus, hd->ephemeral); + hd->ephemeral); _keybox_destroy_openpgp_info (&info); if (!err) { @@ -436,7 +433,7 @@ keybox_update_keyblock (KEYBOX_HANDLE hd, const void *image, size_t imagelen) return err; assert (nparsed <= imagelen); err = _keybox_create_openpgp_blob (&blob, &info, image, imagelen, - NULL, hd->ephemeral); + hd->ephemeral); _keybox_destroy_openpgp_info (&info); /* Update the keyblock. */ diff --git a/kbx/keybox.h b/kbx/keybox.h index 5c2824a..29884b0 100644 --- a/kbx/keybox.h +++ b/kbx/keybox.h @@ -85,7 +85,7 @@ int _keybox_write_header_blob (FILE *fp, int openpgp_flag); /*-- keybox-search.c --*/ gpg_error_t keybox_get_keyblock (KEYBOX_HANDLE hd, iobuf_t *r_iobuf, - int *r_uid_no, int *r_pk_no, u32 **sigstatus); + int *r_uid_no, int *r_pk_no); #ifdef KEYBOX_WITH_X509 int keybox_get_cert (KEYBOX_HANDLE hd, ksba_cert_t *ret_cert); #endif /*KEYBOX_WITH_X509*/ @@ -102,8 +102,7 @@ gpg_error_t keybox_seek (KEYBOX_HANDLE hd, off_t offset); /*-- keybox-update.c --*/ gpg_error_t keybox_insert_keyblock (KEYBOX_HANDLE hd, - const void *image, size_t imagelen, - u32 *sigstatus); + const void *image, size_t imagelen); gpg_error_t keybox_update_keyblock (KEYBOX_HANDLE hd, const void *image, size_t imagelen); commit 7bf24e8146116a30c4c9d7b6dbf8bbb27fc35971 Author: Werner Koch Date: Thu Mar 30 16:01:52 2017 +0200 gpg: Fix actual leak and possible leaks in the packet parser. * g10/packet.h (struct parse_packet_ctx_s): Change LAST_PKT deom a pointer to its struct. (init_parse_packet): Adjust for LAST_PKT not being a pointer. * g10/parse-packet.c (parse): Ditto. Free the last packet before storing a new one in case of a deep link. (parse_ring_trust): Adjust for LAST_PKT not being a pointer. * g10/free-packet.c (free_packet): Ditto. * g10/t-keydb-get-keyblock.c (do_test): Release keyblock. -- Fixes-commit: afa86809087909a8ba2f9356588bf90cc923529c Signed-off-by: Werner Koch diff --git a/g10/build-packet.c b/g10/build-packet.c index 1ee57e0..fa2674b 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -420,7 +420,7 @@ do_user_id( IOBUF out, int ctb, PKT_user_id *uid ) log_assert (ctb_pkttype (ctb) == PKT_USER_ID || ctb_pkttype (ctb) == PKT_ATTRIBUTE); - /* We need to take special care that doe user ID with a length of 0: + /* We need to take special care of a user ID with a length of 0: * Without forcing HDRLEN to 2 in this case an indeterminate length * packet would be written which is not allowed. Note that we are * always called with a CTB indicating an old packet header format, diff --git a/g10/free-packet.c b/g10/free-packet.c index c144246..cd222a2 100644 --- a/g10/free-packet.c +++ b/g10/free-packet.c @@ -409,14 +409,15 @@ free_packet (PACKET *pkt, parse_packet_ctx_t parsectx) { if (!pkt || !pkt->pkt.generic) { - if (parsectx && parsectx->last_pkt) + if (parsectx && parsectx->last_pkt.pkt.generic) { if (parsectx->free_last_pkt) { - free_packet (parsectx->last_pkt, NULL); + free_packet (&parsectx->last_pkt, NULL); parsectx->free_last_pkt = 0; } - parsectx->last_pkt = NULL; + parsectx->last_pkt.pkttype = 0; + parsectx->last_pkt.pkt.generic = NULL; } return; } @@ -427,8 +428,11 @@ free_packet (PACKET *pkt, parse_packet_ctx_t parsectx) /* If we have a parser context holding PKT then do not free the * packet but set a flag that the packet in the parser context is * now a deep copy. */ - if (parsectx && parsectx->last_pkt == pkt && !parsectx->free_last_pkt) + if (parsectx && !parsectx->free_last_pkt + && parsectx->last_pkt.pkttype == pkt->pkttype + && parsectx->last_pkt.pkt.generic == pkt->pkt.generic) { + parsectx->last_pkt = *pkt; parsectx->free_last_pkt = 1; pkt->pkt.generic = NULL; return; diff --git a/g10/packet.h b/g10/packet.h index b23298a..f5f22b6 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -621,7 +621,7 @@ int set_packet_list_mode( int mode ); struct parse_packet_ctx_s { iobuf_t inp; /* The input stream with the packets. */ - PACKET *last_pkt; /* The last parsed packet. */ + struct packet_struct last_pkt; /* The last parsed packet. */ int free_last_pkt; /* Indicates that LAST_PKT must be freed. */ int skip_meta; /* Skip right trust packets. */ }; @@ -629,7 +629,8 @@ typedef struct parse_packet_ctx_s *parse_packet_ctx_t; #define init_parse_packet(a,i) do { \ (a)->inp = (i); \ - (a)->last_pkt = NULL; \ + (a)->last_pkt.pkttype = 0; \ + (a)->last_pkt.pkt.generic= NULL;\ (a)->free_last_pkt = 0; \ (a)->skip_meta = 0; \ } while (0) diff --git a/g10/parse-packet.c b/g10/parse-packet.c index df04fbc..793e198 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -833,14 +833,15 @@ parse (parse_packet_ctx_t ctx, PACKET *pkt, int onlykeypkts, off_t * retpos, } /* Store a shallow copy of certain packets in the context. */ + free_packet (NULL, ctx); if (!rc && (pkttype == PKT_PUBLIC_KEY || pkttype == PKT_SECRET_KEY || pkttype == PKT_USER_ID || pkttype == PKT_ATTRIBUTE || pkttype == PKT_SIGNATURE)) - ctx->last_pkt = pkt; - else - ctx->last_pkt = NULL; + { + ctx->last_pkt = *pkt; + } leave: /* FIXME: We leak in case of an error (see the xmalloc's above). */ @@ -2992,12 +2993,12 @@ parse_ring_trust (parse_packet_ctx_t ctx, unsigned long pktlen) /* Now transfer the data to the respective packet. Do not do this * if SKIP_META is set. */ - if (!ctx->last_pkt || ctx->skip_meta) + if (!ctx->last_pkt.pkt.generic || ctx->skip_meta) ; else if (rt.subtype == RING_TRUST_SIG - && ctx->last_pkt->pkttype == PKT_SIGNATURE) + && ctx->last_pkt.pkttype == PKT_SIGNATURE) { - PKT_signature *sig = ctx->last_pkt->pkt.signature; + PKT_signature *sig = ctx->last_pkt.pkt.signature; if ((rt.sigcache & 1)) { @@ -3006,10 +3007,10 @@ parse_ring_trust (parse_packet_ctx_t ctx, unsigned long pktlen) } } else if (rt.subtype == RING_TRUST_UID - && (ctx->last_pkt->pkttype == PKT_USER_ID - || ctx->last_pkt->pkttype == PKT_ATTRIBUTE)) + && (ctx->last_pkt.pkttype == PKT_USER_ID + || ctx->last_pkt.pkttype == PKT_ATTRIBUTE)) { - PKT_user_id *uid = ctx->last_pkt->pkt.user_id; + PKT_user_id *uid = ctx->last_pkt.pkt.user_id; uid->keysrc = rt.keysrc; uid->keyupdate = rt.keyupdate; @@ -3017,10 +3018,10 @@ parse_ring_trust (parse_packet_ctx_t ctx, unsigned long pktlen) rt.url = NULL; } else if (rt.subtype == RING_TRUST_KEY - && (ctx->last_pkt->pkttype == PKT_PUBLIC_KEY - || ctx->last_pkt->pkttype == PKT_SECRET_KEY)) + && (ctx->last_pkt.pkttype == PKT_PUBLIC_KEY + || ctx->last_pkt.pkttype == PKT_SECRET_KEY)) { - PKT_public_key *pk = ctx->last_pkt->pkt.public_key; + PKT_public_key *pk = ctx->last_pkt.pkt.public_key; pk->keysrc = rt.keysrc; pk->keyupdate = rt.keyupdate; diff --git a/g10/t-keydb-get-keyblock.c b/g10/t-keydb-get-keyblock.c index 993d879..167a9bb 100644 --- a/g10/t-keydb-get-keyblock.c +++ b/g10/t-keydb-get-keyblock.c @@ -61,4 +61,5 @@ do_test (int argc, char *argv[]) TEST_P ("", ! rc); keydb_release (hd1); + release_kbnode (kb1); } ----------------------------------------------------------------------- Summary of changes: g10/build-packet.c | 2 +- g10/free-packet.c | 12 +++-- g10/keydb.c | 115 ++++----------------------------------------- g10/packet.h | 5 +- g10/parse-packet.c | 25 +++++----- g10/t-keydb-get-keyblock.c | 1 + kbx/kbxutil.c | 3 +- kbx/keybox-blob.c | 12 ++--- kbx/keybox-defs.h | 1 - kbx/keybox-search.c | 23 ++------- kbx/keybox-update.c | 11 ++--- kbx/keybox.h | 5 +- 12 files changed, 51 insertions(+), 164 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 30 16:15:18 2017 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Thu, 30 Mar 2017 16:15:18 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.19-98-g5e89144 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 5e89144cbca36c1e7eb814b3aad4b7c46cd4efbf (commit) via 214fa9012296d796b78f1a3106d656639cf50aef (commit) from a6142dbdbc5783043deb847dc64998c421860941 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5e89144cbca36c1e7eb814b3aad4b7c46cd4efbf Author: Justus Winter Date: Thu Mar 30 12:35:18 2017 +0200 gpg: Consistent use of preprocessor conditionals. * g10/parse-packet.c: Use '#if' instead of '#ifdef' when checking DEBUG_PARSE_PACKET. This fixes the build with '#define DEBUG_PARSE_PACKET 0'. Signed-off-by: Justus Winter diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 793e198..ffed956 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -50,7 +50,7 @@ static estream_t listfp; static int parse (parse_packet_ctx_t ctx, PACKET *pkt, int onlykeypkts, off_t * retpos, int *skip, IOBUF out, int do_skip -#ifdef DEBUG_PARSE_PACKET +#if DEBUG_PARSE_PACKET , const char *dbg_w, const char *dbg_f, int dbg_l #endif ); @@ -261,7 +261,7 @@ unknown_pubkey_warning (int algo) } -#ifdef DEBUG_PARSE_PACKET +#if DEBUG_PARSE_PACKET int dbg_parse_packet (parse_packet_ctx_t ctx, PACKET *pkt, const char *dbg_f, int dbg_l) @@ -295,7 +295,7 @@ parse_packet (parse_packet_ctx_t ctx, PACKET *pkt) * Like parse packet, but only return secret or public (sub)key * packets. */ -#ifdef DEBUG_PARSE_PACKET +#if DEBUG_PARSE_PACKET int dbg_search_packet (parse_packet_ctx_t ctx, PACKET *pkt, off_t * retpos, int with_uid, @@ -331,7 +331,7 @@ search_packet (parse_packet_ctx_t ctx, PACKET *pkt, /* * Copy all packets from INP to OUT, thereby removing unused spaces. */ -#ifdef DEBUG_PARSE_PACKET +#if DEBUG_PARSE_PACKET int dbg_copy_all_packets (iobuf_t inp, iobuf_t out, const char *dbg_f, int dbg_l) { @@ -388,7 +388,7 @@ copy_all_packets (iobuf_t inp, iobuf_t out) * Stop at offset STOPoff (i.e. don't copy packets at this or later * offsets) */ -#ifdef DEBUG_PARSE_PACKET +#if DEBUG_PARSE_PACKET int dbg_copy_some_packets (iobuf_t inp, iobuf_t out, off_t stopoff, const char *dbg_f, int dbg_l) @@ -448,7 +448,7 @@ copy_some_packets (iobuf_t inp, iobuf_t out, off_t stopoff) /* * Skip over N packets */ -#ifdef DEBUG_PARSE_PACKET +#if DEBUG_PARSE_PACKET int dbg_skip_some_packets (iobuf_t inp, unsigned n, const char *dbg_f, int dbg_l) { @@ -524,7 +524,7 @@ skip_some_packets (iobuf_t inp, unsigned int n) static int parse (parse_packet_ctx_t ctx, PACKET *pkt, int onlykeypkts, off_t * retpos, int *skip, IOBUF out, int do_skip -#ifdef DEBUG_PARSE_PACKET +#if DEBUG_PARSE_PACKET , const char *dbg_w, const char *dbg_f, int dbg_l #endif ) @@ -747,7 +747,7 @@ parse (parse_packet_ctx_t ctx, PACKET *pkt, int onlykeypkts, off_t * retpos, if (DBG_PACKET) { -#ifdef DEBUG_PARSE_PACKET +#if DEBUG_PARSE_PACKET log_debug ("parse_packet(iob=%d): type=%d length=%lu%s (%s.%s.%d)\n", iobuf_id (inp), pkttype, pktlen, new_ctb ? " (new_ctb)" : "", dbg_w, dbg_f, dbg_l); commit 214fa9012296d796b78f1a3106d656639cf50aef Author: Justus Winter Date: Thu Mar 30 15:44:35 2017 +0200 common: Avoid undefined behavior. * common/iobuf.c (iobuf_read_line): Do not consider 'length' if 'buffer' is NULL. Signed-off-by: Justus Winter diff --git a/common/iobuf.c b/common/iobuf.c index db66a7f..5a9fd7c 100644 --- a/common/iobuf.c +++ b/common/iobuf.c @@ -2552,7 +2552,7 @@ iobuf_read_line (iobuf_t a, byte ** addr_of_buffer, NUL character in the buffer. This requires at least 2 bytes. We don't complicate the code by handling the stupid corner case, but simply assert that it can't happen. */ - assert (length >= 2 || maxlen >= 2); + assert (!buffer || length >= 2 || maxlen >= 2); if (!buffer || length <= 1) /* must allocate a new buffer */ ----------------------------------------------------------------------- Summary of changes: common/iobuf.c | 2 +- g10/parse-packet.c | 16 ++++++++-------- 2 files changed, 9 insertions(+), 9 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Mar 30 16:23:48 2017 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Thu, 30 Mar 2017 16:23:48 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.9.0-9-gf8a9ecc Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via f8a9ecc6290ebd73fa36647cdfca285fe4d94a62 (commit) from 159505a28864399cc5405d9f85f35ab011a3259e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f8a9ecc6290ebd73fa36647cdfca285fe4d94a62 Author: Andre Heinecke Date: Thu Mar 30 16:22:20 2017 +0200 python: Don't treat skipped tests as error * lang/python/tests/run-tests.py (failed): Don't count skipped tests for the return code. diff --git a/lang/python/tests/run-tests.py b/lang/python/tests/run-tests.py index c4af526..9e061d8 100644 --- a/lang/python/tests/run-tests.py +++ b/lang/python/tests/run-tests.py @@ -102,5 +102,5 @@ def failed(): if not args.quiet: print("{0} tests run, {1} succeeded, {2} failed, {3} skipped.".format( len(results), count(0), failed(), count(77))) - sys.exit(len(results) - count(0)) + sys.exit(len(results) - count(0) - count(77)) sys.exit(results[0]) ----------------------------------------------------------------------- Summary of changes: lang/python/tests/run-tests.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org