[git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.10-27-g5075692
by Werner Koch
cvs at cvs.gnupg.org
Mon Nov 5 09:27:58 CET 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-2 has been updated
via 50756927ce6247abc2fadefbc76c58b75c8a7586 (commit)
via d5f540e7a9b3a723ba787e3a587fcd1b0948f105 (commit)
via 82cd7556fdce989aaacf91e0d369a62e4652f224 (commit)
via e486fb2495cf5a7506463b4e42144fb8d6a1f42d (commit)
via ab7a907a184f37ddafaa0dc7200c76b735ba4853 (commit)
from 5ab58d3001b0342aecaf691b1af70b1f76426f55 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 50756927ce6247abc2fadefbc76c58b75c8a7586
Author: Werner Koch <wk at gnupg.org>
Date: Mon Oct 22 14:23:11 2018 +0200
dirmngr: In verbose mode print the OCSP responder id.
* dirmngr/ocsp.c (ocsp_isvalid): Print the responder id.
Signed-off-by: Werner Koch <wk at gnupg.org>
(cherry picked from commit 0a7f446c189201ca6e527af08b44da756b343209)
diff --git a/dirmngr/ocsp.c b/dirmngr/ocsp.c
index 22391c3..2067b7b 100644
--- a/dirmngr/ocsp.c
+++ b/dirmngr/ocsp.c
@@ -653,6 +653,33 @@ ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr,
if (err)
goto leave;
+ /* It is sometimes useful to know the responder ID. */
+ if (opt.verbose)
+ {
+ char *resp_name;
+ ksba_sexp_t resp_keyid;
+
+ err = ksba_ocsp_get_responder_id (ocsp, &resp_name, &resp_keyid);
+ if (err)
+ log_info (_("error getting responder ID: %s\n"), gpg_strerror (err));
+ else
+ {
+ log_info ("responder id: ");
+ if (resp_name)
+ log_printf ("'/%s' ", resp_name);
+ if (resp_keyid)
+ {
+ log_printf ("{");
+ dump_serial (resp_keyid);
+ log_printf ("} ");
+ }
+ log_printf ("\n");
+ }
+ ksba_free (resp_name);
+ ksba_free (resp_keyid);
+ err = 0;
+ }
+
/* We got a useful answer, check that the answer has a valid signature. */
sigval = ksba_ocsp_get_sig_val (ocsp, produced_at);
if (!sigval || !*produced_at)
commit d5f540e7a9b3a723ba787e3a587fcd1b0948f105
Author: Werner Koch <wk at gnupg.org>
Date: Mon Oct 15 11:32:19 2018 +0200
tools: Replace duplicated code in mime-maker.
* tools/rfc822parse.c (HEADER_NAME_CHARS): New. Taken from
mime-maker.c.
(rfc822_valid_header_name_p): New. Based on code from mime-maker.c.
(rfc822_capitalize_header_name): New. Copied from mime-maker.c.
(capitalize_header_name): Remove. Replace calls by new func.
(my_toupper, my_strcasecmp): New.
* tools/mime-maker.c: Include rfc822parse.h.
(HEADER_NAME_CHARS, capitalize_header_name): Remove.
(add_header): Replace check and capitalization by new functions.
--
This is a straightforward change with two minor chnages:
- In rfc822parse.c the capitalization handles MIME-Version special.
- The check in mime-maker bow detects a zero-length name as invalid.
my_toupper and my_strcasecmp are introduced to allow standalone use
of that file.
Signed-off-by: Werner Koch <wk at gnupg.org>
(cherry picked from commit f03928b16c4fb00077d22d8ec141575ef6d26913)
diff --git a/tools/mime-maker.c b/tools/mime-maker.c
index 0edc14d..91eab82 100644
--- a/tools/mime-maker.c
+++ b/tools/mime-maker.c
@@ -25,14 +25,10 @@
#include "../common/util.h"
#include "../common/zb32.h"
+#include "rfc822parse.h"
#include "mime-maker.h"
-/* All valid characters in a header name. */
-#define HEADER_NAME_CHARS ("abcdefghijklmnopqrstuvwxyz" \
- "ABCDEFGHIJKLMNOPQRSTUVWXYZ" \
- "-01234567890")
-
/* An object to store an header. Also used for a list of headers. */
struct header_s
{
@@ -269,38 +265,6 @@ ensure_part (mime_maker_t ctx, part_t *r_parent)
}
-/* Transform a header name into a standard capitalized format.
- * "Content-Type". Conversion stops at the colon. */
-static void
-capitalize_header_name (char *name)
-{
- unsigned char *p = name;
- int first = 1;
-
- /* Special cases first. */
- if (!ascii_strcasecmp (name, "MIME-Version"))
- {
- strcpy (name, "MIME-Version");
- return;
- }
-
- /* Regular cases. */
- for (; *p && *p != ':'; p++)
- {
- if (*p == '-')
- first = 1;
- else if (first)
- {
- if (*p >= 'a' && *p <= 'z')
- *p = *p - 'a' + 'A';
- first = 0;
- }
- else if (*p >= 'A' && *p <= 'Z')
- *p = *p - 'A' + 'a';
- }
-}
-
-
/* Check whether a header with NAME has already been set into PART.
* NAME must be in canonical capitalized format. Return true or
* false. */
@@ -344,17 +308,14 @@ add_header (part_t part, const char *name, const char *value)
memcpy (hdr->name, name, namelen);
hdr->name[namelen] = 0;
- /* Check that the header name is valid. We allow all lower and
- * uppercase letters and, except for the first character, digits and
- * the dash. */
- if (strspn (hdr->name, HEADER_NAME_CHARS) != namelen
- || strchr ("-0123456789", *hdr->name))
+ /* Check that the header name is valid. */
+ if (!rfc822_valid_header_name_p (hdr->name))
{
xfree (hdr);
return gpg_error (GPG_ERR_INV_NAME);
}
- capitalize_header_name (hdr->name);
+ rfc822_capitalize_header_name (hdr->name);
hdr->value = xtrystrdup (value);
if (!hdr->value)
{
diff --git a/tools/rfc822parse.c b/tools/rfc822parse.c
index e8cdb02..0a4e2bc 100644
--- a/tools/rfc822parse.c
+++ b/tools/rfc822parse.c
@@ -41,6 +41,12 @@
#include "rfc822parse.h"
+/* All valid characters in a header name. */
+#define HEADER_NAME_CHARS ("abcdefghijklmnopqrstuvwxyz" \
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ" \
+ "-01234567890")
+
+
enum token_type
{
tSPACE,
@@ -131,28 +137,31 @@ lowercase_string (unsigned char *string)
*string = *string - 'A' + 'a';
}
-/* Transform a header name into a standard capitalized format; i.e
- "Content-Type". Conversion stops at the colon. As usual we don't
- use the localized versions of ctype.h.
- */
-static void
-capitalize_header_name (unsigned char *name)
+
+static int
+my_toupper (int c)
{
- int first = 1;
+ if (c >= 'a' && c <= 'z')
+ c &= ~0x20;
+ return c;
+}
+
+/* This is the same as ascii_strcasecmp. */
+static int
+my_strcasecmp (const char *a, const char *b)
+{
+ if (a == b)
+ return 0;
- for (; *name && *name != ':'; name++)
- if (*name == '-')
- first = 1;
- else if (first)
- {
- if (*name >= 'a' && *name <= 'z')
- *name = *name - 'a' + 'A';
- first = 0;
- }
- else if (*name >= 'A' && *name <= 'Z')
- *name = *name - 'A' + 'a';
+ for (; *a && *b; a++, b++)
+ {
+ if (*a != *b && my_toupper(*a) != my_toupper(*b))
+ break;
+ }
+ return *a == *b? 0 : (my_toupper (*a) - my_toupper (*b));
}
+
#ifndef HAVE_STPCPY
static char *
my_stpcpy (char *a,const char *b)
@@ -228,6 +237,62 @@ release_handle_data (rfc822parse_t msg)
}
+/* Check that the header name is valid. We allow all lower and
+ * uppercase letters and, except for the first character, digits and
+ * the dash. The check stops at the first colon or at string end.
+ * Returns true if the name is valid. */
+int
+rfc822_valid_header_name_p (const char *name)
+{
+ const char *s;
+ size_t namelen;
+
+ if ((s=strchr (name, ':')))
+ namelen = s - name;
+ else
+ namelen = strlen (name);
+
+ if (!namelen
+ || strspn (name, HEADER_NAME_CHARS) != namelen
+ || strchr ("-0123456789", *name))
+ return 0;
+ return 1;
+}
+
+
+/* Transform a header NAME into a standard capitalized format.
+ * Conversion stops at the colon. */
+void
+rfc822_capitalize_header_name (char *name)
+{
+ unsigned char *p = name;
+ int first = 1;
+
+ /* Special cases first. */
+ if (!my_strcasecmp (name, "MIME-Version"))
+ {
+ strcpy (name, "MIME-Version");
+ return;
+ }
+
+ /* Regular cases. */
+ for (; *p && *p != ':'; p++)
+ {
+ if (*p == '-')
+ first = 1;
+ else if (first)
+ {
+ if (*p >= 'a' && *p <= 'z')
+ *p = *p - 'a' + 'A';
+ first = 0;
+ }
+ else if (*p >= 'A' && *p <= 'Z')
+ *p = *p - 'A' + 'a';
+ }
+}
+
+
+
/* Create a new parsing context for an entire rfc822 message and
return it. CB and CB_VALUE may be given to callback for certain
events. NULL is returned on error with errno set appropriately. */
@@ -432,7 +497,7 @@ insert_header (rfc822parse_t msg, const unsigned char *line, size_t length)
/* Transform a field name into canonical format. */
if (!hdr->cont && strchr (line, ':'))
- capitalize_header_name (hdr->line);
+ rfc822_capitalize_header_name (hdr->line);
*msg->current_part->hdr_lines_tail = hdr;
msg->current_part->hdr_lines_tail = &hdr->next;
diff --git a/tools/rfc822parse.h b/tools/rfc822parse.h
index 177d827..e2f2bed 100644
--- a/tools/rfc822parse.h
+++ b/tools/rfc822parse.h
@@ -48,6 +48,8 @@ typedef int (*rfc822parse_cb_t) (void *opaque,
rfc822parse_event_t event,
rfc822parse_t msg);
+int rfc822_valid_header_name_p (const char *name);
+void rfc822_capitalize_header_name (char *name);
rfc822parse_t rfc822parse_open (rfc822parse_cb_t cb, void *opaque_value);
commit 82cd7556fdce989aaacf91e0d369a62e4652f224
Author: Werner Koch <wk at gnupg.org>
Date: Wed Oct 10 11:46:16 2018 +0200
gpg: Don't take the a TOFU trust model from the trustdb,
* g10/tdbio.c (tdbio_update_version_record): Never store a TOFU model.
(create_version_record): Don't init as TOFU.
(tdbio_db_matches_options): Don't indicate a change in case TOFU is
stored in an old trustdb file.
--
This change allows to switch between a tofu and pgp or tofu+pgp trust
model without an auto rebuild of the trustdb. This also requires that
the tofu trust model is requested on the command line. If TOFU will
ever be the default we need to tweak the model detection via TM_AUTO
by also looking into the TOFU data base,
GnuPG-bug-id: 4134
(cherry picked from commit 150a33df41944d764621f037038683f3d605aa3f)
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 3f8f6b9..ffcdaf2 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1724,7 +1724,8 @@ Set what trust model GnuPG should follow. The models are:
@opindex trust-model:auto
Select the trust model depending on whatever the internal trust
database says. This is the default model if such a database already
- exists.
+ exists. Note that a tofu trust model is not considered here and
+ must be enabled explicitly.
@end table
@item --auto-key-locate @var{mechanisms}
diff --git a/g10/tdbio.c b/g10/tdbio.c
index fed0cf5..8f75306 100644
--- a/g10/tdbio.c
+++ b/g10/tdbio.c
@@ -562,6 +562,12 @@ tdbio_update_version_record (ctrl_t ctrl)
{
TRUSTREC rec;
int rc;
+ int opt_tm;
+
+ /* Never store a TOFU trust model in the trustdb. Use PGP instead. */
+ opt_tm = opt.trust_model;
+ if (opt_tm == TM_TOFU || opt_tm == TM_TOFU_PGP)
+ opt_tm = TM_PGP;
memset (&rec, 0, sizeof rec);
@@ -572,7 +578,7 @@ tdbio_update_version_record (ctrl_t ctrl)
rec.r.ver.marginals = opt.marginals_needed;
rec.r.ver.completes = opt.completes_needed;
rec.r.ver.cert_depth = opt.max_cert_depth;
- rec.r.ver.trust_model = opt.trust_model;
+ rec.r.ver.trust_model = opt_tm;
rec.r.ver.min_cert_level = opt.min_cert_level;
rc = tdbio_write_record (ctrl, &rec);
}
@@ -591,6 +597,12 @@ create_version_record (ctrl_t ctrl)
{
TRUSTREC rec;
int rc;
+ int opt_tm;
+
+ /* Never store a TOFU trust model in the trustdb. Use PGP instead. */
+ opt_tm = opt.trust_model;
+ if (opt_tm == TM_TOFU || opt_tm == TM_TOFU_PGP)
+ opt_tm = TM_PGP;
memset (&rec, 0, sizeof rec);
rec.r.ver.version = 3;
@@ -598,8 +610,8 @@ create_version_record (ctrl_t ctrl)
rec.r.ver.marginals = opt.marginals_needed;
rec.r.ver.completes = opt.completes_needed;
rec.r.ver.cert_depth = opt.max_cert_depth;
- if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC)
- rec.r.ver.trust_model = opt.trust_model;
+ if (opt_tm == TM_PGP || opt_tm == TM_CLASSIC)
+ rec.r.ver.trust_model = opt_tm;
else
rec.r.ver.trust_model = TM_PGP;
rec.r.ver.min_cert_level = opt.min_cert_level;
@@ -883,16 +895,25 @@ tdbio_db_matches_options()
{
TRUSTREC vr;
int rc;
+ int opt_tm, tm;
rc = tdbio_read_record (0, &vr, RECTYPE_VER);
if( rc )
log_fatal( _("%s: error reading version record: %s\n"),
db_name, gpg_strerror (rc) );
+ /* Consider tofu and pgp the same. */
+ tm = vr.r.ver.trust_model;
+ if (tm == TM_TOFU || tm == TM_TOFU_PGP)
+ tm = TM_PGP;
+ opt_tm = opt.trust_model;
+ if (opt_tm == TM_TOFU || opt_tm == TM_TOFU_PGP)
+ opt_tm = TM_PGP;
+
yes_no = vr.r.ver.marginals == opt.marginals_needed
&& vr.r.ver.completes == opt.completes_needed
&& vr.r.ver.cert_depth == opt.max_cert_depth
- && vr.r.ver.trust_model == opt.trust_model
+ && tm == opt_tm
&& vr.r.ver.min_cert_level == opt.min_cert_level;
}
commit e486fb2495cf5a7506463b4e42144fb8d6a1f42d
Author: Werner Koch <wk at gnupg.org>
Date: Thu Oct 4 09:57:03 2018 +0200
gpg: Add new card vendor
--
(cherry picked from commit 3c2ffd27f36dfe77005aa01005145904761d8743)
diff --git a/g10/card-util.c b/g10/card-util.c
index 3148de0..397a8d6 100644
--- a/g10/card-util.c
+++ b/g10/card-util.c
@@ -216,6 +216,7 @@ get_manufacturer (unsigned int no)
case 0x1337: return "Warsaw Hackerspace";
case 0x2342: return "warpzone"; /* hackerspace Muenster. */
+ case 0x4354: return "Confidential Technologies"; /* cotech.de */
case 0x63AF: return "Trustica";
case 0xBD0E: return "Paranoidlabs";
case 0xF517: return "FSIJ";
commit ab7a907a184f37ddafaa0dc7200c76b735ba4853
Author: Werner Koch <wk at gnupg.org>
Date: Fri Sep 7 11:48:18 2018 +0200
dirmngr: Emit SOURCE status also on NO_DATA.
* dirmngr/ks-engine-hkp.c (ks_hkp_search): Send SOURCE status also on
NO DATA error.
(ks_hkp_get): Ditto.
* g10/call-dirmngr.c (gpg_dirmngr_ks_search): Print "data source" info
also on error.
(gpg_dirmngr_ks_get): Ditto.
--
If a keyserver does not return any data it can be useful to know which
keyserver out of the pool answered.
Signed-off-by: Werner Koch <wk at gnupg.org>
(cherry picked from commit bee65edfbc8cc2c369e5941cc9d1a01a0519b388)
diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index 32840e6..7c2836c 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -1493,7 +1493,11 @@ ks_hkp_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
goto again;
}
if (err)
- goto leave;
+ {
+ if (gpg_err_code (err) == GPG_ERR_NO_DATA)
+ dirmngr_status (ctrl, "SOURCE", hostport, NULL);
+ goto leave;
+ }
err = dirmngr_status (ctrl, "SOURCE", hostport, NULL);
if (err)
@@ -1628,7 +1632,11 @@ ks_hkp_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec, estream_t *r_fp)
goto again;
}
if (err)
- goto leave;
+ {
+ if (gpg_err_code (err) == GPG_ERR_NO_DATA)
+ dirmngr_status (ctrl, "SOURCE", hostport, NULL);
+ goto leave;
+ }
err = dirmngr_status (ctrl, "SOURCE", hostport, NULL);
if (err)
diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c
index d086cef..8896f27 100644
--- a/g10/call-dirmngr.c
+++ b/g10/call-dirmngr.c
@@ -606,6 +606,12 @@ gpg_dirmngr_ks_search (ctrl_t ctrl, const char *searchstr,
NULL, NULL, ks_status_cb, &stparm);
if (!err)
err = cb (cb_value, 0, NULL); /* Send EOF. */
+ else if (parm.stparm->source)
+ {
+ /* Error but we received a SOURCE status. Tell via callback but
+ * ignore errors. */
+ parm.data_cb (parm.data_cb_value, 1, parm.stparm->source);
+ }
xfree (get_membuf (&parm.saveddata, NULL));
xfree (parm.helpbuf);
@@ -648,6 +654,7 @@ ks_get_data_cb (void *opaque, const void *data, size_t datalen)
If R_SOURCE is not NULL the source of the data is stored as a
malloced string there. If a source is not known NULL is stored.
+ Note that this may even be returned after an error.
If there are too many patterns the function returns an error. That
could be fixed by issuing several search commands or by
@@ -735,13 +742,13 @@ gpg_dirmngr_ks_get (ctrl_t ctrl, char **pattern,
*r_fp = parm.memfp;
parm.memfp = NULL;
- if (r_source)
+
+ leave:
+ if (r_source && stparm.source)
{
*r_source = stparm.source;
stparm.source = NULL;
}
-
- leave:
es_fclose (parm.memfp);
xfree (stparm.source);
xfree (line);
-----------------------------------------------------------------------
Summary of changes:
dirmngr/ks-engine-hkp.c | 12 +++++-
dirmngr/ocsp.c | 27 +++++++++++++
doc/gpg.texi | 3 +-
g10/call-dirmngr.c | 13 ++++--
g10/card-util.c | 1 +
g10/tdbio.c | 29 ++++++++++++--
tools/mime-maker.c | 47 ++--------------------
tools/rfc822parse.c | 103 +++++++++++++++++++++++++++++++++++++++---------
tools/rfc822parse.h | 2 +
9 files changed, 165 insertions(+), 72 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list