From 07e51ec069de73e221fa6d29dc675306be690594 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 14 Jun 2000 10:12:10 +0000 Subject: [PATCH] See ChangeLog: Wed Jun 14 12:27:09 CEST 2000 Werner Koch --- THANKS | 1 + TODO | 2 ++ g10/ChangeLog | 10 ++++++++ g10/cipher.c | 2 ++ g10/encr-data.c | 3 +++ g10/status.c | 64 +++++++++++++++++++++++++++++++++++++++---------- po/ChangeLog | 4 ++++ po/de.glo | 8 ++++++- po/de.po | 31 ++++++++++-------------- 9 files changed, 92 insertions(+), 33 deletions(-) diff --git a/THANKS b/THANKS index 2868209ef..da12c729e 100644 --- a/THANKS +++ b/THANKS @@ -28,6 +28,7 @@ Detlef Lannert lannert@lannert.rz.uni-duesseldorf.de Dave Dykstra dwd@bell-labs.com David Ellement ellement@sdd.hp.com David Hallinan hallinan@rtd.com +Dimitri dmitri@advantrix.com Dirk Lattermann dlatt@t-online.de Ed Boraas ecxjo@esperanto.org Edmund GRIMLEY EVANS edmundo@rano.org diff --git a/TODO b/TODO index 9c70318f8..afb4c41f0 100644 --- a/TODO +++ b/TODO @@ -1,4 +1,6 @@ + * check that --allow0non-selfsigned does really work + * g10/trustdb.c (make_sig_records): fix the fixme. * at least an option to prefer DSA keys over RSA when selecting the key to diff --git a/g10/ChangeLog b/g10/ChangeLog index f684a2075..0a538b4f6 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,13 @@ +Wed Jun 14 12:27:09 CEST 2000 Werner Koch + + * status.c (init_shm_coprocessing): Changed the sequence of the get,attach + to cope with the changes in newer Linux kernels. This bug has been found + by who also proposed this solution. Hopefully + this does not break gpg on to many systems. + + * cipher.c (write_header): Protect the IV with the MDC too. + * encr-data.c (decrypt_data): Likewise. + Fri Jun 9 10:09:52 CEST 2000 Werner Koch * g10.c: New options --no-auto-key-retrieve diff --git a/g10/cipher.c b/g10/cipher.c index 344e2b7b6..e2972297d 100644 --- a/g10/cipher.c +++ b/g10/cipher.c @@ -82,6 +82,8 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) cipher_setkey( cfx->cipher_hd, cfx->dek->key, cfx->dek->keylen ); cipher_setiv( cfx->cipher_hd, NULL, 0 ); /* log_hexdump( "prefix", temp, nprefix+2 ); */ + if( cfx->mdc_hash ) /* hash the "IV" */ + md_write( cfx->mdc_hash, temp, nprefix+2 ); cipher_encrypt( cfx->cipher_hd, temp, temp, nprefix+2); cipher_sync( cfx->cipher_hd ); iobuf_write(a, temp, nprefix+2); diff --git a/g10/encr-data.c b/g10/encr-data.c index 3d43c5752..1ee2bbed8 100644 --- a/g10/encr-data.c +++ b/g10/encr-data.c @@ -119,6 +119,9 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek ) goto leave; } + if( dfx.mdc_hash ) + md_write( dfx.mdc_hash, temp, nprefix+2 ); + if( ed->mdc_method ) iobuf_push_filter( ed->buf, mdc_decode_filter, &dfx ); else diff --git a/g10/status.c b/g10/status.c index 38f2c145f..b42265961 100644 --- a/g10/status.c +++ b/g10/status.c @@ -196,6 +196,10 @@ init_shm_coprocessing ( ulong requested_shm_size, int lock_mem ) if ( shm_id == -1 ) log_fatal("can't get %uk of shared memory: %s\n", (unsigned)shm_size/1024, strerror(errno)); + + #if !defined(IPC_HAVE_SHM_LOCK) \ + && defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) + /* part of the old code which uses mlock */ shm_area = shmat( shm_id, 0, 0 ); if ( shm_area == (char*)-1 ) log_fatal("can't attach %uk shared memory: %s\n", @@ -206,29 +210,17 @@ init_shm_coprocessing ( ulong requested_shm_size, int lock_mem ) #ifdef USE_CAPABILITIES cap_set_proc( cap_from_text("cap_ipc_lock+ep") ); #endif - #ifdef IPC_HAVE_SHM_LOCK - if ( shmctl (shm_id, SHM_LOCK, 0) ) - log_info("locking shared memory %d failed: %s\n", - shm_id, strerror(errno)); - else - shm_is_locked = 1; - #elif defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) /* (need the cast for Solaris with Sun's workshop compilers) */ if ( mlock ( (char*)shm_area, shm_size) ) log_info("locking shared memory %d failed: %s\n", shm_id, strerror(errno)); else shm_is_locked = 1; - #else - log_info("Locking shared memory %d failed: No way to do it\n", shm_id ); - #endif #ifdef USE_CAPABILITIES cap_set_proc( cap_from_text("cap_ipc_lock+p") ); #endif } - - #ifdef IPC_RMID_DEFERRED_RELEASE if( shmctl( shm_id, IPC_RMID, 0) ) log_fatal("shmctl IPC_RMDID of %d failed: %s\n", @@ -245,13 +237,59 @@ init_shm_coprocessing ( ulong requested_shm_size, int lock_mem ) shm_id, strerror(errno)); } + #else /* this is the new code which handles the changes in the SHM semantics + * introduced with Linux 2.4. The changes is that we now change the + * permissions and then attach to the memory. + */ + + if( lock_mem ) { + #ifdef USE_CAPABILITIES + cap_set_proc( cap_from_text("cap_ipc_lock+ep") ); + #endif + #ifdef IPC_HAVE_SHM_LOCK + if ( shmctl (shm_id, SHM_LOCK, 0) ) + log_info("locking shared memory %d failed: %s\n", + shm_id, strerror(errno)); + else + shm_is_locked = 1; + #else + log_info("Locking shared memory %d failed: No way to do it\n", shm_id ); + #endif + #ifdef USE_CAPABILITIES + cap_set_proc( cap_from_text("cap_ipc_lock+p") ); + #endif + } + + if( shmctl( shm_id, IPC_STAT, &shmds ) ) + log_fatal("shmctl IPC_STAT of %d failed: %s\n", + shm_id, strerror(errno)); + if( shmds.shm_perm.uid != getuid() ) { + shmds.shm_perm.uid = getuid(); + if( shmctl( shm_id, IPC_SET, &shmds ) ) + log_fatal("shmctl IPC_SET of %d failed: %s\n", + shm_id, strerror(errno)); + } + + shm_area = shmat( shm_id, 0, 0 ); + if ( shm_area == (char*)-1 ) + log_fatal("can't attach %uk shared memory: %s\n", + (unsigned)shm_size/1024, strerror(errno)); + log_debug("mapped %uk shared memory at %p, id=%d\n", + (unsigned)shm_size/1024, shm_area, shm_id ); + + #ifdef IPC_RMID_DEFERRED_RELEASE + if( shmctl( shm_id, IPC_RMID, 0) ) + log_fatal("shmctl IPC_RMDID of %d failed: %s\n", + shm_id, strerror(errno)); + #endif + + #endif /* write info; Protocol version, id, size, locked size */ sprintf( buf, "pv=1 pid=%d shmid=%d sz=%u lz=%u", (int)getpid(), shm_id, (unsigned)shm_size, shm_is_locked? (unsigned)shm_size:0 ); write_status_text( STATUS_SHM_INFO, buf ); } - /**************** * Request a string from client * If bool, returns static string on true (do not free) or NULL for false diff --git a/po/ChangeLog b/po/ChangeLog index 4fd1983fb..2b596d90f 100644 --- a/po/ChangeLog +++ b/po/ChangeLog @@ -1,3 +1,7 @@ +Wed Jun 14 12:27:09 CEST 2000 Werner Koch + + * de.po, de.glo: Updated. + 2000-06-07 18:26:58 Werner Koch (wk@habibti.openit.de) * fr.po: New version from Gaël diff --git a/po/de.glo b/po/de.glo index fbf5e21c4..a7ef4f35c 100644 --- a/po/de.glo +++ b/po/de.glo @@ -20,7 +20,6 @@ # 7. Die erste genannte Übersetzung ist die in de.po verwendete - aka alias algorithm Verfahren anonymous ungenannter @@ -37,17 +36,20 @@ cache Lager *Zwischenspeicher can't read nicht lesbar casual >zufällig, >gelegentlich >unregelmäßig certificate Zertifikat +, (Urkunde) character set Zeichensatz check (verb) pr|fen, gepr|ft checksum Prüfsumme cipher algorithm Verschlüsselungsverfahren clearsig header Klartextsignatur-Einleitung command Befehl +comment Bemerkung compress algorithm Komprimierverfahren,*Komprimierungsverfahren ? compromised nicht mehr sicher core dump core-dump-Datei , (Speicherauszug?) core function behandeln, Unterschreiben Universalschlüssel , Generalschlüssel +match Treffer MDC Manipulation detection code (Siegel ?) merge (to) >zusammenführen, >vermischen ?? message Botschaft @@ -126,6 +129,7 @@ quit *(Programm) verlassen, beenden radix64 radix64 random Zufall random bytes Zufallswerte +reason Grund (für revocation) regular file normale Datei retry ???? (Wiederholung?, Wiederaufnahme?) reveal auch: anderen zeigen @@ -164,6 +168,8 @@ user ID User-ID user IDs User-IDs user interface >Benutzer-Schnittstelle username Username, *besser authentisieren ?? So im Wörterbuch der neuen Rechtschreibung) validation -- >Authentisierung diff --git a/po/de.po b/po/de.po index 493f44e07..74d38ffee 100644 --- a/po/de.po +++ b/po/de.po @@ -1,11 +1,11 @@ # GnuPG german translation -# Copyright (C) 1998 Free Software Foundation, Inc. -# Walter Koch , 1998 +# Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. +# Walter Koch , 1998, 1999, 2000 msgid "" msgstr "" "Project-Id-Version: gnupg 1.0.0h\n" -"POT-Creation-Date: 2000-06-08 23:11+0200\n" -"PO-Revision-Date: 2000-04-22 21:50+0200\n" +"POT-Creation-Date: 2000-06-12 01:30+0000\n" +"PO-Revision-Date: 2000-06-12 12:50+0200\n" "Last-Translator: Walter Koch \n" "Language-Team: German \n" "MIME-Version: 1.0\n" @@ -969,7 +969,7 @@ msgstr "" #. * data is properly aligned with the user ID #: g10/pkclist.c:53 msgid " Fingerprint:" -msgstr " Fingerabdruck:" +msgstr " Fingerabdruck:" #: g10/pkclist.c:80 msgid "Fingerprint:" @@ -980,7 +980,6 @@ msgid "No reason specified" msgstr "Kein Grund angegeben" #: g10/pkclist.c:118 -#, fuzzy msgid "Key is superseeded" msgstr "Schlüssel ist überholt" @@ -993,7 +992,6 @@ msgid "Key is no longer used" msgstr "Schlüssel wird nicht mehr benutzt" #: g10/pkclist.c:124 -#, fuzzy msgid "User ID is no longer valid" msgstr "User-ID ist nicht mehr gültig" @@ -1563,7 +1561,7 @@ msgstr "" #: g10/keygen.c:1325 msgid "DSA keypair will have 1024 bits.\n" -msgstr "Der DSA Schlüssel wird 1024 Bits haben.\n" +msgstr "Der DSA Schlüssel wird 1024 Bit haben.\n" #: g10/keygen.c:1368 msgid "Key generation canceled.\n" @@ -1694,9 +1692,8 @@ msgstr "" "der Zweitschlüssel %08lX wird anstelle des Hauptschlüssels %08lX verwendet\n" #: g10/getkey.c:2017 -#, fuzzy msgid "[User id not found]" -msgstr "%s: Benutzer nicht gefunden\n" +msgstr "[User-ID nicht gefunden]" #: g10/import.c:181 #, c-format @@ -2501,7 +2498,7 @@ msgstr "Sie haben folgende User-IDs beglaubigt:\n" #: g10/keyedit.c:1785 g10/keyedit.c:1820 #, c-format msgid " signed by %08lX at %s\n" -msgstr " beglaubiigt durch %08lX um %s\n" +msgstr " beglaubigt durch %08lX um %s\n" #: g10/keyedit.c:1790 #, c-format @@ -2581,8 +2578,7 @@ msgstr "Urspr #: g10/mainproc.c:525 msgid "standalone revocation - use \"gpg --import\" to apply\n" -msgstr "" -"Einzelner Widerruf - verwenden Sie \"gpg --import\" um ihn anzuwenden\n" +msgstr "Einzelner Widerruf - verwenden Sie \"gpg --import\" um ihn anzuwenden\n" #: g10/mainproc.c:612 g10/mainproc.c:621 msgid "WARNING: invalid notation data found\n" @@ -2759,7 +2755,7 @@ msgstr "Hinweis: geheimer Schl #: g10/hkp.c:62 #, c-format msgid "requesting key %08lX from %s ...\n" -msgstr "Schlüssels %08lX von %s wird angefordert ...\n" +msgstr "Schlüssel %08lX von %s wird angefordert ...\n" #: g10/hkp.c:75 #, c-format @@ -3700,7 +3696,6 @@ msgstr "" "verwendet." #: g10/helptext.c:229 -#, fuzzy msgid "" "You should specify a reason for the certification. Depending on the\n" "context you have the ability to choose from this list:\n" @@ -3719,16 +3714,14 @@ msgstr "" "Zusammenhang können Sie aus dieser Liste auswählen:\n" " \"Schlüssel wurde kompromitiert\"\n" " Falls Sie Grund zu der Annahme haben, daß nicht berechtigte Personen\n" -" Zugriff zu Ihrem geheimen Schlüssel hatten, so wählen sie diesen " -"Punkt\n" +" Zugriff zu Ihrem geheimen Schlüssel hatten\n" " \"Schlüssel ist überholt\"\n" " Falls Sie diesen Schlüssel durch einem neuen ersetzt haben.\n" " \"Schlüssel wird nicht mehr benutzt\"\n" " Falls Sie diesen Schlüssel zurückgezogen haben.\n" " \"User-ID ist nicht mehr gültig\"\n" " Um bekanntzugeben, daß die User-ID nicht mehr benutzt werden soll.\n" -" Üblicherweise zeigt man so an, daß eine E-Mailadresse nicht mehr " -"gilt.\n" +" So weist man normalerweise auf eine ungültige E-Mailadresse hin.\n" #: g10/helptext.c:245 msgid ""