[git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.8-23-g833738a
by Werner Koch
cvs at cvs.gnupg.org
Thu Jul 5 21:54:15 CEST 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-2 has been updated
via 833738a316977ee774399bd658d535216dff22e9 (commit)
via 221af19351addcdc28a1cd533c8628cfa3841671 (commit)
from 063cf45c142f33815bc0f31d0fb3e1b25ca57b8c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 833738a316977ee774399bd658d535216dff22e9
Author: Werner Koch <wk at gnupg.org>
Date: Thu Jul 5 21:43:25 2018 +0200
po: Add flag options for xgettext.
* po/Makevars (XGETTEXT_OPTIONS): Add --flag options.
--
GnuPG-bug-id: 4053, 4054
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/po/Makevars b/po/Makevars
index 485c72c..b538f19 100644
--- a/po/Makevars
+++ b/po/Makevars
@@ -8,7 +8,61 @@ subdir = po
top_builddir = ..
# These options get passed to xgettext.
-XGETTEXT_OPTIONS = --keyword=_ --keyword=N_ --keyword=L_
+XGETTEXT_OPTIONS = \
+ --keyword=_ --keyword=N_ --keyword=L_ \
+ --flag=gcry_log_debug:1:c-format \
+ --flag=gpgrt_fprintf:2:c-format \
+ --flag=gpgrt_fprintf_unlocked:2:c-format \
+ --flag=gpgrt_printf:1:c-format \
+ --flag=gpgrt_printf_unlocked:1:c-format \
+ --flag=gpgrt_vfprintf:2:c-format \
+ --flag=gpgrt_vfprintf_unlocked:2:c-format \
+ --flag=gpgrt_asprintf:2:c-format \
+ --flag=gpgrt_vasprintf:2:c-format \
+ --flag=gpgrt_bsprintf:1:c-format \
+ --flag=gpgrt_vbsprintf:1:c-format \
+ --flag=gpgrt_snprintf:3:c-format \
+ --flag=gpgrt_vsnprintf:3:c-format \
+ --flag=gpgrt_log:2:c-format \
+ --flag=gpgrt_log_bug:1:c-format \
+ --flag=gpgrt_log_fatal:1:c-format \
+ --flag=gpgrt_log_error:1:c-format \
+ --flag=gpgrt_log_info:1:c-format \
+ --flag=gpgrt_log_debug:1:c-format \
+ --flag=gpgrt_log_debug_string:2:c-format \
+ --flag=gpgrt_log_printf:1:c-format \
+ --flag=gpgrt_log_printhex:3:c-format \
+ --flag=gpgrt_log_clock:1:c-format \
+ --flag=log_log:2:c-format \
+ --flag=log_bug:1:c-format \
+ --flag=log_fatal:1:c-format \
+ --flag=log_error:1:c-format \
+ --flag=log_info:1:c-format \
+ --flag=log_debug:1:c-format \
+ --flag=log_debug_string:2:c-format \
+ --flag=log_printf:1:c-format \
+ --flag=log_printhex:3:c-format \
+ --flag=log_clock:1:c-format
+ --flag=put_membuf_printf:2:c-format \
+ --flag=tty_printf:1:c-format \
+ --flag=tty_fprintf:2:c-format \
+ --flag=tty_getf:1:c-format \
+ --flag=writeout_para:2:c-format \
+ --flag=writeout_li:3:c-format \
+ --flag=writeout_rem:2:c-format \
+ --flag=xasprintf:1:c-format \
+ --flag=xtryasprintf:1:c-format \
+ --flag=log_debug_with_string:2:c-format \
+ --flag=print_assuan_status:3:c-format \
+ --flag=vprint_assuan_status:3:c-format \
+ --flag=agent_print_status:3:c-format \
+ --flag=dirmngr_status_helpf:2:c-format \
+ --flag=dirmngr_status_printf:3:c-format \
+ --flag=ks_printf_help:2:c-format \
+ --flag=print_further_info:1:c-format \
+ --flag=write_status_printf:2:c-format \
+ --flag=gpgconf_write_status:2:c-format \
+ --flag=wks_write_status:2:c-format
# This is the copyright holder that gets inserted into the header of the
# $(DOMAIN).pot file. Set this to the copyright holder of the surrounding
commit 221af19351addcdc28a1cd533c8628cfa3841671
Author: Werner Koch <wk at gnupg.org>
Date: Thu Jul 5 20:55:32 2018 +0200
gpg: Prepare for signatures with ISSUER_FPR but without ISSUER.
* g10/getkey.c (get_pubkey_for_sig): New.
(get_pubkeyblock_for_sig): New.
* g10/mainproc.c (issuer_fpr_raw): Give global scope.
(check_sig_and_print): Use get_pubkeyblock_for_sig.
* g10/pkclist.c (check_signatures_trust): Use get_pubkey_for_sig.
* g10/sig-check.c (check_signature2): Ditto.
(check_signature_over_key_or_uid): Ditto.
--
GnuPG-bug-id: 4046
The whole getkey stuff is still a mess with way to much duplication
and missing caching of already fetched data.
Signed-off-by: Werner Koch <wk at gnupg.org>
(cherry picked from commit f7526c7bc754acf68bde0b79c785e875a9365d60)
diff --git a/g10/getkey.c b/g10/getkey.c
index 7c407dd..d76e7cc 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -677,6 +677,24 @@ pk_from_block (PKT_public_key *pk, kbnode_t keyblock, kbnode_t found_key)
}
+/* Specialized version of get_pubkey which retrieves the key based on
+ * information in SIG. In contrast to get_pubkey PK is required. */
+gpg_error_t
+get_pubkey_for_sig (ctrl_t ctrl, PKT_public_key *pk, PKT_signature *sig)
+{
+ const byte *fpr;
+ size_t fprlen;
+
+ /* First try the new ISSUER_FPR info. */
+ fpr = issuer_fpr_raw (sig, &fprlen);
+ if (fpr && !get_pubkey_byfprint (ctrl, pk, NULL, fpr, fprlen))
+ return 0;
+
+ /* Fallback to use the ISSUER_KEYID. */
+ return get_pubkey (ctrl, pk, sig->keyid);
+}
+
+
/* Return the public key with the key id KEYID and store it at PK.
* The resources in *PK should be released using
* release_public_key_parts(). This function also stores a copy of
@@ -739,8 +757,9 @@ get_pubkey (ctrl_t ctrl, PKT_public_key * pk, u32 * keyid)
/* Do a lookup. */
{
struct getkey_ctx_s ctx;
- KBNODE kb = NULL;
- KBNODE found_key = NULL;
+ kbnode_t kb = NULL;
+ kbnode_t found_key = NULL;
+
memset (&ctx, 0, sizeof ctx);
ctx.exact = 1; /* Use the key ID exactly as given. */
ctx.not_allocated = 1;
@@ -863,6 +882,28 @@ get_pubkey_fast (PKT_public_key * pk, u32 * keyid)
}
+/* Return the entire keyblock used to create SIG. This is a
+ * specialized version of get_pubkeyblock.
+ *
+ * FIXME: This is a hack because get_pubkey_for_sig was already called
+ * and it could have used a cache to hold the key. */
+kbnode_t
+get_pubkeyblock_for_sig (ctrl_t ctrl, PKT_signature *sig)
+{
+ const byte *fpr;
+ size_t fprlen;
+ kbnode_t keyblock;
+
+ /* First try the new ISSUER_FPR info. */
+ fpr = issuer_fpr_raw (sig, &fprlen);
+ if (fpr && !get_pubkey_byfprint (ctrl, NULL, &keyblock, fpr, fprlen))
+ return keyblock;
+
+ /* Fallback to use the ISSUER_KEYID. */
+ return get_pubkeyblock (ctrl, sig->keyid);
+}
+
+
/* Return the key block for the key with key id KEYID or NULL, if an
* error occurs. Use release_kbnode() to release the key block.
*
@@ -1802,6 +1843,8 @@ get_pubkey_byfprint (ctrl_t ctrl, PKT_public_key *pk, kbnode_t *r_keyblock,
memset (&ctx, 0, sizeof ctx);
ctx.exact = 1;
ctx.not_allocated = 1;
+ /* FIXME: We should get the handle from the cache like we do in
+ * get_pubkey. */
ctx.kr_handle = keydb_new ();
if (!ctx.kr_handle)
return gpg_error_from_syserror ();
diff --git a/g10/keydb.h b/g10/keydb.h
index c5671d6..70949e4 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -282,6 +282,10 @@ void cache_public_key( PKT_public_key *pk );
/* Disable and drop the public key cache. */
void getkey_disable_caches(void);
+/* Return the public key used for signature SIG and store it at PK. */
+gpg_error_t get_pubkey_for_sig (ctrl_t ctrl,
+ PKT_public_key *pk, PKT_signature *sig);
+
/* Return the public key with the key id KEYID and store it at PK. */
int get_pubkey (ctrl_t ctrl, PKT_public_key *pk, u32 *keyid);
@@ -290,6 +294,10 @@ int get_pubkey (ctrl_t ctrl, PKT_public_key *pk, u32 *keyid);
also only considers primary keys. */
int get_pubkey_fast (PKT_public_key *pk, u32 *keyid);
+/* Return the entire keyblock used to create SIG. This is a
+ * specialized version of get_pubkeyblock. */
+kbnode_t get_pubkeyblock_for_sig (ctrl_t ctrl, PKT_signature *sig);
+
/* Return the key block for the key with KEYID. */
kbnode_t get_pubkeyblock (ctrl_t ctrl, u32 *keyid);
diff --git a/g10/mainproc.c b/g10/mainproc.c
index f5cc453..5fea867 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -1657,7 +1657,7 @@ akl_has_wkd_method (void)
/* Return the ISSUER fingerprint buffer and its lenbgth at R_LEN.
* Returns NULL if not available. The returned buffer is valid as
* long as SIG is not modified. */
-static const byte *
+const byte *
issuer_fpr_raw (PKT_signature *sig, size_t *r_len)
{
const byte *p;
@@ -1674,7 +1674,7 @@ issuer_fpr_raw (PKT_signature *sig, size_t *r_len)
}
-/* Return the ISSUER fingerprint string in human readbale format if
+/* Return the ISSUER fingerprint string in human readable format if
* available. Caller must release the string. */
/* FIXME: Move to another file. */
char *
@@ -2042,7 +2042,7 @@ check_sig_and_print (CTX c, kbnode_t node)
* keyblock has already been fetched. Thus we could use the
* fingerprint or PK itself to lookup the entire keyblock. That
* would best be done with a cache. */
- keyblock = get_pubkeyblock (c->ctrl, sig->keyid);
+ keyblock = get_pubkeyblock_for_sig (c->ctrl, sig);
snprintf (keyid_str, sizeof keyid_str, "%08lX%08lX [uncertain] ",
(ulong)sig->keyid[0], (ulong)sig->keyid[1]);
diff --git a/g10/packet.h b/g10/packet.h
index dc4ce5f..e76e6af 100644
--- a/g10/packet.h
+++ b/g10/packet.h
@@ -605,6 +605,7 @@ int proc_signature_packets_by_fd (ctrl_t ctrl,
int proc_encryption_packets (ctrl_t ctrl, void *ctx, iobuf_t a);
int list_packets( iobuf_t a );
+const byte *issuer_fpr_raw (PKT_signature *sig, size_t *r_len);
char *issuer_fpr_string (PKT_signature *sig);
/*-- parse-packet.c --*/
diff --git a/g10/pkclist.c b/g10/pkclist.c
index 03ad4c8..6f04249 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -548,7 +548,7 @@ check_signatures_trust (ctrl_t ctrl, PKT_signature *sig)
unsigned int trustlevel = TRUST_UNKNOWN;
int rc=0;
- rc = get_pubkey (ctrl, pk, sig->keyid );
+ rc = get_pubkey_for_sig (ctrl, pk, sig);
if (rc)
{ /* this should not happen */
log_error("Ooops; the key vanished - can't check the trust\n");
diff --git a/g10/sig-check.c b/g10/sig-check.c
index 6b9feeb..e59e0c9 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -156,7 +156,7 @@ check_signature2 (ctrl_t ctrl,
log_info(_("WARNING: signature digest conflict in message\n"));
rc = gpg_error (GPG_ERR_GENERAL);
}
- else if (get_pubkey (ctrl, pk, sig->keyid))
+ else if (get_pubkey_for_sig (ctrl, pk, sig))
rc = gpg_error (GPG_ERR_NO_PUBKEY);
else if (!gnupg_pk_is_allowed (opt.compliance, PK_USE_VERIFICATION,
pk->pubkey_algo, pk->pkey,
@@ -923,7 +923,7 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
if (IS_CERT (sig))
signer->req_usage = PUBKEY_USAGE_CERT;
- rc = get_pubkey (ctrl, signer, sig->keyid);
+ rc = get_pubkey_for_sig (ctrl, signer, sig);
if (rc)
{
xfree (signer);
-----------------------------------------------------------------------
Summary of changes:
g10/getkey.c | 47 +++++++++++++++++++++++++++++++++++++++++++++--
g10/keydb.h | 8 ++++++++
g10/mainproc.c | 6 +++---
g10/packet.h | 1 +
g10/pkclist.c | 2 +-
g10/sig-check.c | 4 ++--
po/Makevars | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-
7 files changed, 115 insertions(+), 9 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list