[git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.2-17-ge0140c0
by Werner Koch
cvs at cvs.gnupg.org
Mon Nov 20 13:40:51 CET 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-2 has been updated
via e0140c0a6abcb07207234857e0a8ba6b2e60ed51 (commit)
via 97f4feaaca8da4dcf1ca09a2016693155016f06b (commit)
via 04d9833e71cc9d0c087faec091c29b0b6cf69488 (commit)
via 7ffedfab8909a45a4b0347a5f7b52222e8439f1d (commit)
via 760aa8aadafb747f33a1461ab0c2570b5ae43716 (commit)
from 3ecd1a41be7c880976987d13e88342c98f37e064 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e0140c0a6abcb07207234857e0a8ba6b2e60ed51
Author: Werner Koch <wk at gnupg.org>
Date: Mon Nov 20 13:35:36 2017 +0100
Post release updates
--
diff --git a/NEWS b/NEWS
index 38a8da1..f59b9cd 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,7 @@
+Noteworthy changes in version 2.2.4 (unreleased)
+------------------------------------------------
+
+
Noteworthy changes in version 2.2.3 (2017-11-20)
------------------------------------------------
diff --git a/configure.ac b/configure.ac
index fb6f0da..a9b7a05 100644
--- a/configure.ac
+++ b/configure.ac
@@ -28,7 +28,7 @@ min_automake_version="1.14"
m4_define([mym4_package],[gnupg])
m4_define([mym4_major], [2])
m4_define([mym4_minor], [2])
-m4_define([mym4_micro], [3])
+m4_define([mym4_micro], [4])
# To start a new development series, i.e a new major or minor number
# you need to mark an arbitrary commit before the first beta release
commit 97f4feaaca8da4dcf1ca09a2016693155016f06b
Author: Werner Koch <wk at gnupg.org>
Date: Mon Nov 20 12:39:16 2017 +0100
Release 2.2.3
diff --git a/NEWS b/NEWS
index ce6c5d7..38a8da1 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,21 @@
-Noteworthy changes in version 2.2.3 (unreleased)
+Noteworthy changes in version 2.2.3 (2017-11-20)
------------------------------------------------
+ * gpgsm: Fix initial keybox creation on Windows. [#3507]
+
+ * dirmngr: Fix crash in case of a CRL loading error. [#3510]
+
+ * Fix the name of the Windows registry key. [Git#4f5afaf1fd]
+
+ * gpgtar: Fix wrong behaviour of --set-filename. [#3500]
+
+ * gpg: Silence AKL retrieval messages. [#3504]
+
+ * agent: Use clock or clock_gettime for calibration. [#3056]
+
+ * agent: Improve robustness of the shutdown pending
+ state. [Git#7ffedfab89]
+
Noteworthy changes in version 2.2.2 (2017-11-07)
------------------------------------------------
@@ -44,6 +59,8 @@ Noteworthy changes in version 2.2.2 (2017-11-07)
* Add configure option --enable-werror. [#2423]
+ See-also: gnupg-announce/2017q4/000416.html
+
Noteworthy changes in version 2.2.1 (2017-09-19)
------------------------------------------------
diff --git a/README b/README
index dd66dab..23f705a 100644
--- a/README
+++ b/README
@@ -33,11 +33,11 @@
GnuPG 2.2 depends on the following GnuPG related packages:
- npth (ftp://ftp.gnupg.org/gcrypt/npth/)
- libgpg-error (ftp://ftp.gnupg.org/gcrypt/libgpg-error/)
- libgcrypt (ftp://ftp.gnupg.org/gcrypt/libgcrypt/)
- libksba (ftp://ftp.gnupg.org/gcrypt/libksba/)
- libassuan (ftp://ftp.gnupg.org/gcrypt/libassuan/)
+ npth (https://gnupg.org/ftp/gcrypt/npth/)
+ libgpg-error (https://gnupg.org/ftp/gcrypt/libgpg-error/)
+ libgcrypt (https://gnupg.org/ftp/gcrypt/libgcrypt/)
+ libksba (https://gnupg.org/ftp/gcrypt/libksba/)
+ libassuan (https://gnupg.org/ftp/gcrypt/libassuan/)
You should get the latest versions of course, the GnuPG configure
script complains if a version is not sufficient.
@@ -48,7 +48,7 @@
You also need the Pinentry package for most functions of GnuPG;
however it is not a build requirement. Pinentry is available at
- ftp://ftp.gnupg.org/gcrypt/pinentry/ .
+ https://gnupg.org/ftp/gcrypt/pinentry/ .
After building and installing the above packages in the order as
given above, you may continue with GnuPG installation (you may also
@@ -228,7 +228,7 @@
You subscribe to one of the list by sending mail with a subject of
"subscribe" to x-request at gnupg.org, where x is the name of the
mailing list (gnupg-announce, gnupg-users, etc.). See
- https://www.gnupg.org/documentation/mailing-lists.html for archives
+ https://gnupg.org/documentation/mailing-lists.html for archives
of the mailing lists.
Please direct bug reports to [[https://bugs.gnupg.org]] or post them
@@ -241,7 +241,7 @@
authors and we try to answer questions when time allows us.
Commercial grade support for GnuPG is available; for a listing of
- offers see https://www.gnupg.org/service.html . Maintaining and
+ offers see https://gnupg.org/service.html . Maintaining and
improving GnuPG requires a lot of time. Since 2001, g10 Code GmbH,
a German company owned and headed by GnuPG's principal author Werner
Koch, is bearing the majority of these costs. To keep GnuPG in a
commit 04d9833e71cc9d0c087faec091c29b0b6cf69488
Author: Werner Koch <wk at gnupg.org>
Date: Mon Nov 20 12:32:31 2017 +0100
build: Use -Werror only for the check.
* configure.ac: Do not add -Werror to mycflags.
--
On Windows and possible also on other platforms we expect to a get a
few errors or warnins. Thus we can't use -Werror by default. This is
why we have a separate configure options --enable-werror ;-).
Fixes-commit: 3ecd1a41be7c880976987d13e88342c98f37e064
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/configure.ac b/configure.ac
index 3d3a136..fb6f0da 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1617,7 +1617,7 @@ if test "$GCC" = yes; then
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no)
AC_MSG_RESULT($_gcc_wopt)
if test x"$_gcc_wopt" = xyes ; then
- mycflags="$mycflags -Wlogical-op -Werror"
+ mycflags="$mycflags -Wlogical-op"
fi
AC_MSG_CHECKING([if gcc supports -Wvla])
commit 7ffedfab8909a45a4b0347a5f7b52222e8439f1d
Author: Werner Koch <wk at gnupg.org>
Date: Mon Nov 13 10:52:36 2017 +0100
gpg-agent: Avoid getting stuck in shutdown pending state.
* agent/gpg-agent.c (handle_connections): Always check inotify fds.
--
I noticed a gpg-agent processed, probably in shutdown_pending state,
which was selecting on only these two inotify fds. The select
returned immediately but because we did not handle the fds in
shutdown_pending state they were not read and the next select call
returned one of them immediately again. Actually that should not
hanppen because the
if (active_connections == 0)
break; /* ready */
should have terminated the loop. For unknown reasons (maybe be just a
connection thread terminated in a gdb session) that did not happen.
By moving the check outside of the shutdown_pending condition and
closing the fd after they have been triggered the code should be more
robust.
Signed-off-by: Werner Koch <wk at gnupg.org>
(cherry picked from commit 5d83eb9226c0ce608ec284d8c9bc22ce84a00c25)
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index 2e19d19..0b2b982 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -3000,27 +3000,34 @@ handle_connections (gnupg_fd_t listen_fd,
next timeout. */
continue;
+ /* The inotify fds are set even when a shutdown is pending (see
+ * above). So we must handle them in any case. To avoid that
+ * they trigger a second time we close them immediately. */
+ if (sock_inotify_fd != -1
+ && FD_ISSET (sock_inotify_fd, &read_fdset)
+ && gnupg_inotify_has_name (sock_inotify_fd, GPG_AGENT_SOCK_NAME))
+ {
+ shutdown_pending = 1;
+ close (sock_inotify_fd);
+ sock_inotify_fd = -1;
+ log_info ("socket file has been removed - shutting down\n");
+ }
+
+ if (home_inotify_fd != -1
+ && FD_ISSET (home_inotify_fd, &read_fdset))
+ {
+ shutdown_pending = 1;
+ close (home_inotify_fd);
+ home_inotify_fd = -1;
+ log_info ("homedir has been removed - shutting down\n");
+ }
+
if (!shutdown_pending)
{
int idx;
ctrl_t ctrl;
npth_t thread;
- if (sock_inotify_fd != -1
- && FD_ISSET (sock_inotify_fd, &read_fdset)
- && gnupg_inotify_has_name (sock_inotify_fd, GPG_AGENT_SOCK_NAME))
- {
- shutdown_pending = 1;
- log_info ("socket file has been removed - shutting down\n");
- }
-
- if (home_inotify_fd != -1
- && FD_ISSET (home_inotify_fd, &read_fdset))
- {
- shutdown_pending = 1;
- log_info ("homedir has been removed - shutting down\n");
- }
-
for (idx=0; idx < DIM(listentbl); idx++)
{
if (listentbl[idx].l_fd == GNUPG_INVALID_FD)
commit 760aa8aadafb747f33a1461ab0c2570b5ae43716
Author: NIIBE Yutaka <gniibe at fsij.org>
Date: Tue Nov 7 10:49:36 2017 +0900
agent: Use clock or clock_gettime for calibration.
* agent/protect.c (calibrate_get_time): Use clock or clock_gettime.
--
For calibration, clock(3) is better than times(3) among UNIXen.
Tested on NetBSD 7.1 and FreeBSD 11.1, using QEMU.
Thanks to Damien Goutte-Gattat for the information of use of
CLOCKS_PER_SEC; The old code with times(3) is not 100% correct,
in terms of POSIX. It should have used sysconf (_SC_CLK_TCK) instead
of CLOCKS_PER_SEC. CLOCKS_PER_SEC is specifically for clock(3).
GnuPG-bug-id: 3056, 3276, 3472
Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
(cherry picked from commit 380bce13d94ff03c96e39ac1d834f382c5c730a1)
diff --git a/agent/protect.c b/agent/protect.c
index 3073fc4..9bb2da6 100644
--- a/agent/protect.c
+++ b/agent/protect.c
@@ -23,6 +23,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <time.h>
#include <ctype.h>
#include <assert.h>
#include <unistd.h>
@@ -104,11 +105,14 @@ calibrate_get_time (struct calibrate_time_s *data)
&data->creation_time, &data->exit_time,
&data->kernel_time, &data->user_time);
# endif
-#else
- struct tms tmp;
+#elif defined (CLOCK_THREAD_CPUTIME_ID)
+ struct timespec tmp;
- times (&tmp);
- data->ticks = tmp.tms_utime;
+ clock_gettime (CLOCK_THREAD_CPUTIME_ID, &tmp);
+ data->ticks = (clock_t)(((unsigned long long)tmp.tv_sec * 1000000000 +
+ tmp.tv_nsec) * CLOCKS_PER_SEC / 1000000000);
+#else
+ data->ticks = clock ();
#endif
}
@@ -135,7 +139,7 @@ calibrate_elapsed_time (struct calibrate_time_s *starttime)
}
#else
return (unsigned long)((((double) (stoptime.ticks - starttime->ticks))
- /CLOCKS_PER_SEC)*10000000);
+ /CLOCKS_PER_SEC)*1000);
#endif
}
diff --git a/agent/t-protect.c b/agent/t-protect.c
index 1d3c8ec..92d312c 100644
--- a/agent/t-protect.c
+++ b/agent/t-protect.c
@@ -322,9 +322,9 @@ test_agent_protect_shared_secret (void)
int
main (int argc, char **argv)
{
- (void)argc;
(void)argv;
+ opt.verbose = argc - 1; /* We can do "./t-protect -v -v" */
gcry_control (GCRYCTL_DISABLE_SECMEM);
test_agent_protect ();
-----------------------------------------------------------------------
Summary of changes:
NEWS | 23 ++++++++++++++++++++++-
README | 16 ++++++++--------
agent/gpg-agent.c | 37 ++++++++++++++++++++++---------------
agent/protect.c | 14 +++++++++-----
agent/t-protect.c | 2 +-
configure.ac | 4 ++--
6 files changed, 64 insertions(+), 32 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list