Merge branch 'STABLE-BRANCH-2-2' into master

Signed-off-by: Werner Koch <wk@gnupg.org>
2025-01-03 12:11:33 +01:00 · 2018-01-25 16:48:07 +01:00 · 2018-01-25 16:48:07 +01:00 · 149369a92b
commit 149369a92b
parent db7661b5a2 91a3d15cee
48 changed files with 1221 additions and 1090 deletions
--- a/5
+++ b/5
@ -47,6 +47,9 @@ Noteworthy changes in version 2.3.0 (unreleased)
  * agent: Improve robustness of the shutdown pending
    state. [Git#7ffedfab89]
  See-also: gnupg-announce/2017q4/000417.html
  Changes also found in 2.2.2:
  * gpg: Avoid duplicate key imports by concurrently running gpg
@ -88,6 +91,8 @@ Noteworthy changes in version 2.3.0 (unreleased)
  * Add configure option --enable-werror.  [#2423]
  See-also: gnupg-announce/2017q4/000416.html
  Changes also found in 2.2.1:
  * gpg: Fix formatting of the user id in batch mode key generation
--- a/common/homedir.c
+++ b/common/homedir.c
@ -554,7 +554,7 @@ _gnupg_socketdir_internal (int skip_checks, unsigned *r_info)
  };
  int i;
  struct stat sb;
-  char prefix[13 + 1 + 20 + 6 + 1];
+  char prefix[19 + 1 + 20 + 6 + 1];
  const char *s;
  char *name = NULL;
--- a/common/logging.h
+++ b/common/logging.h
@ -150,4 +150,31 @@ void log_printhex (const void *buffer, size_t length, const char *text);
 void log_clock (const char *fmt, ...) GPGRT_ATTR_PRINTF(1,2);
 #endif /* Use gnupg internal logging functions.  */
 /* Some handy assertion macros which don't abort.  */
 #define return_if_fail(expr) do {                        \
    if (!(expr)) {                                       \
        log_debug ("%s:%d: assertion '%s' failed\n",     \
                   __FILE__, __LINE__, #expr );          \
        return;	                                         \
    } } while (0)
 #define return_null_if_fail(expr) do {                   \
    if (!(expr)) {                                       \
        log_debug ("%s:%d: assertion '%s' failed\n",     \
                   __FILE__, __LINE__, #expr );          \
        return NULL;	                                 \
    } } while (0)
 #define return_val_if_fail(expr,val) do {                \
    if (!(expr)) {                                       \
        log_debug ("%s:%d: assertion '%s' failed\n",     \
                   __FILE__, __LINE__, #expr );          \
        return (val);	                                 \
    } } while (0)
 #define never_reached() do {                             \
    log_debug ("%s:%d: oops - should never get here\n",  \
               __FILE__, __LINE__ );                     \
    } while (0)
 #endif /*GNUPG_COMMON_LOGGING_H*/
--- a/configure.ac
+++ b/configure.ac
@ -59,7 +59,7 @@ NEED_LIBGCRYPT_API=1
 NEED_LIBGCRYPT_VERSION=1.7.0
 NEED_LIBASSUAN_API=2
-NEED_LIBASSUAN_VERSION=2.4.3
+NEED_LIBASSUAN_VERSION=2.5.0
 NEED_KSBA_API=1
 NEED_KSBA_VERSION=1.3.4
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@ -622,7 +622,9 @@ This section explains the main commands for key management.
@table @gnupgtabopt
@item --quick-generate-key @var{user-id} [@var{algo} [@var{usage} [@var{expire}]]]
@itemx --quick-gen-key
@opindex quick-generate-key
@opindex quick-gen-key
 This is a simple command to generate a standard key with one user id.
 In contrast to @option{--generate-key} the key is generated directly
 without the need to answer a bunch of prompts.  Unless the option
@ -3130,8 +3132,9 @@ will be read from file descriptor @var{n}. If you use 0 for @var{n},
 the passphrase will be read from STDIN. This can only be used if only
 one passphrase is supplied.
-Note that this passphrase is only used if the option @option{--batch}
+Note that since Version 2.0 this passphrase is only used if the
-has also been given.  This is different from GnuPG version 1.x.
+option @option{--batch} has also been given. Since Version 2.1
 the @option{--pinentry-mode} also needs to be set to @code{loopback}.
@item --passphrase-file @var{file}
@opindex passphrase-file
@ -3140,8 +3143,10 @@ be read from file @var{file}. This can only be used if only one
 passphrase is supplied. Obviously, a passphrase stored in a file is
 of questionable security if other users can read this file. Don't use
 this option if you can avoid it.
-Note that this passphrase is only used if the option @option{--batch}
+
-has also been given.  This is different from GnuPG version 1.x.
+Note that since Version 2.0 this passphrase is only used if the
 option @option{--batch} has also been given. Since Version 2.1
 the @option{--pinentry-mode} also needs to be set to @code{loopback}.
@item --passphrase @var{string}
@opindex passphrase
@ -3149,8 +3154,10 @@ Use @var{string} as the passphrase. This can only be used if only one
 passphrase is supplied. Obviously, this is of very questionable
 security on a multi-user system. Don't use this option if you can
 avoid it.
-Note that this passphrase is only used if the option @option{--batch}
+
-has also been given.  This is different from GnuPG version 1.x.
+Note that since Version 2.0 this passphrase is only used if the
 option @option{--batch} has also been given. Since Version 2.1
 the @option{--pinentry-mode} also needs to be set to @code{loopback}.
@item --pinentry-mode @var{mode}
@opindex pinentry-mode
--- a/doc/tools.texi
+++ b/doc/tools.texi
@ -407,6 +407,14 @@ changing.
 This means that the changes will take effect at run-time, as far as
 this is possible.  Otherwise, they will take effect at the next start
 of the respective backend programs.
@item --status-fd @var{n}
@opindex status-fd
 Write special status strings to the file descriptor @var{n}.  This
 program returns the status messages SUCCESS or FAILURE which are
 helpful when the caller uses a double fork approach and can't easily
 get the return code of the process.
@manpause
@end table
--- a/doc/wks.texi
+++ b/doc/wks.texi
@ -174,18 +174,23 @@ Display a brief help page and exit.
 .br
 .B gpg-wks-server
 .RI [ options ]
 .B \-\-check-key
 .I user-id
 .br
 .B gpg-wks-server
 .RI [ options ]
 .B \-\-install-key
 .I file
 .br
 .B gpg-wks-server
 .RI [ options ]
 .B \-\-remove-key
-.I mailaddr
+.I user-id
 .br
 .B gpg-wks-server
 .RI [ options ]
 .B \-\-revoke-key
-.I mailaddr
+.I user-id
@end ifset
@mansect description
@ -208,8 +213,22 @@ The command @option{--list-domains} prints all configured domains.
 Further it creates missing directories for the configuration and
 prints warnings pertaining to problems in the configuration.
-The commands @option{--install-key}, @option{--remove-key}, and
+The command @option{--check-key} (or just @option{--check}) checks
-@option{--revoke-key} are not yet functional.
+whether a key with the given user-id is installed.  The process return
 success in this case; to also print a diagnostic, use option
@option{-v}.  If the key is not installed a diagnostics is printed and
 the process returns failure; to suppress the diagnostic, use option
@option{-q}.  More than one user-id can be given; see also option
@option{with-file}.
 The command @option{--remove-key} uninstalls a key from the WKD.  The
 process return success in this case; to also print a diagnostic, use
 option @option{-v}.  If the key is not installed a diagnostics is
 printed and the process returns failure; to suppress the diagnostic,
 use option @option{-q}.
 The commands @option{--install-key} and @option{--revoke-key} are not
 yet functional.
@mansect options
@ -237,6 +256,16 @@ Requires installation of that command.
 Write the created mail also to @var{file}. Note that the value
@code{-} for @var{file} would write it to stdout.
@item --with-dir
@opindex with-dir
 Also print the directory name for each domain listed by command
@option{--list-domains}.
@item --with-file
@opindex with-file
 With command @option{--check-key} print for each user-id, the address,
 'i' for installed key or 'n' for not installed key, and the filename.
@item --verbose
@opindex verbose
 Enable extra informational output.
--- a/g10/keygen.c
+++ b/g10/keygen.c
@ -1684,6 +1684,13 @@ gen_ecc (int algo, const char *curve, kbnode_t pub_root,
  if (!curve || !*curve)
    return gpg_error (GPG_ERR_UNKNOWN_CURVE);
  /* Map the displayed short forms of some curves to their canonical
   * names. */
  if (!ascii_strcasecmp (curve, "cv25519"))
    curve = "Curve25519";
  else if (!ascii_strcasecmp (curve, "ed25519"))
    curve = "Ed25519";
  /* Note that we use the "comp" flag with EdDSA to request the use of
     a 0x40 compression prefix octet.  */
  if (algo == PUBKEY_ALGO_EDDSA)
@ -2991,9 +2998,11 @@ generate_user_id (KBNODE keyblock, const char *uidstr)
 * success is returned.  On error an error code is returned.  Note
 * that STRING may be modified by this function.  NULL may be passed
 * for any parameter.  FOR_SUBKEY shall be true if this is used as a
 * subkey.  If CLEAR_CERT is set a default CERT usage will be cleared;
 * this is useful if for example the default algorithm is used for a
 * subkey.  */
 static gpg_error_t
-parse_key_parameter_part (char *string, int for_subkey,
+parse_key_parameter_part (char *string, int for_subkey, int clear_cert,
                          int *r_algo, unsigned int *r_size,
                          unsigned int *r_keyuse,
                          char const **r_curve)
@ -3144,6 +3153,10 @@ parse_key_parameter_part (char *string, int for_subkey,
  if (!for_subkey)
    keyuse |= PUBKEY_USAGE_CERT;
  /* But if requested remove th cert usage.  */
  if (clear_cert)
    keyuse &= ~PUBKEY_USAGE_CERT;
  /* Check that usage is actually possible.  */
  if (/**/((keyuse & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH|PUBKEY_USAGE_CERT))
           && !pubkey_get_nsig (algo))
@ -3215,14 +3228,16 @@ parse_key_parameter_part (char *string, int for_subkey,
 *   -1 := Both parts
 *    0 := Only the part of the primary key
 *    1 := If there is one part parse that one, if there are
- *         two parts parse the second part.  Always return
+ *         two parts parse the part which best matches the
- *         in the args for the primary key (R_ALGO,....).
+ *         SUGGESTED_USE or in case that can't be evaluated the second part.
 *         Always return using the args for the primary key (R_ALGO,....).
 *
 */
 gpg_error_t
 parse_key_parameter_string (const char *string, int part,
                            unsigned int suggested_use,
                            int *r_algo, unsigned int *r_size,
-                            unsigned *r_keyuse,
+                            unsigned int *r_keyuse,
                            char const **r_curve,
                            int *r_subalgo, unsigned int *r_subsize,
                            unsigned *r_subkeyuse,
@ -3249,9 +3264,10 @@ parse_key_parameter_string (const char *string, int part,
    *r_subcurve = NULL;
  if (!string || !*string
-      || !strcmp (string, "default") || !strcmp (string, "-"))
+      || !ascii_strcasecmp (string, "default") || !strcmp (string, "-"))
    string = get_default_pubkey_algo ();
-  else if (!strcmp (string, "future-default"))
+  else if (!ascii_strcasecmp (string, "future-default")
           || !ascii_strcasecmp (string, "futuredefault"))
    string = FUTURE_STD_KEY_PARAM;
  primary = xstrdup (string);
@ -3260,17 +3276,30 @@ parse_key_parameter_string (const char *string, int part,
    *secondary++ = 0;
  if (part == -1 || part == 0)
    {
-      err = parse_key_parameter_part (primary, 0, r_algo, r_size,
+      err = parse_key_parameter_part (primary, 0, 0, r_algo, r_size,
                                      r_keyuse, r_curve);
      if (!err && part == -1)
-        err = parse_key_parameter_part (secondary, 1, r_subalgo, r_subsize,
+        err = parse_key_parameter_part (secondary, 1, 0, r_subalgo, r_subsize,
                                        r_subkeyuse, r_subcurve);
    }
  else if (part == 1)
    {
      /* If we have SECONDARY, use that part.  If there is only one
-       * part consider this to be the subkey algo.  */
+       * part consider this to be the subkey algo.  In case a
-      err = parse_key_parameter_part (secondary? secondary : primary, 1,
+       * SUGGESTED_USE has been given and the usage of the secondary
       * part does not match SUGGESTED_USE try again using the primary
       * part.  Noet thar when falling back to the primary key we need
       * to force clearing the cert usage. */
      if (secondary)
        {
          err = parse_key_parameter_part (secondary, 1, 0,
                                          r_algo, r_size, r_keyuse, r_curve);
          if (!err && suggested_use && r_keyuse && !(suggested_use & *r_keyuse))
            err = parse_key_parameter_part (primary, 1, 1 /*(clear cert)*/,
                                            r_algo, r_size, r_keyuse, r_curve);
        }
      else
        err = parse_key_parameter_part (primary, 1, 0,
                                        r_algo, r_size, r_keyuse, r_curve);
    }
@ -3358,7 +3387,7 @@ get_parameter_algo( struct para_data_s *para, enum para_name key,
       * for the curve etc.  That is a ugly but demanded for backward
       * compatibility with the batch key generation.  It would be
       * better to make full use of parse_key_parameter_string.  */
-      parse_key_parameter_string (NULL, 0,
+      parse_key_parameter_string (NULL, 0, 0,
                                  &i, NULL, NULL, NULL,
                                  NULL, NULL, NULL, NULL);
@ -4080,9 +4109,10 @@ quick_generate_keypair (ctrl_t ctrl, const char *uid, const char *algostr,
  if (!*expirestr || strcmp (expirestr, "-") == 0)
    expirestr = default_expiration_interval;
-  if ((!*algostr || !strcmp (algostr, "default")
+  if ((!*algostr || !ascii_strcasecmp (algostr, "default")
-       || !strcmp (algostr, "future-default"))
+       || !ascii_strcasecmp (algostr, "future-default")
-      && (!*usagestr || !strcmp (usagestr, "default")
+       || !ascii_strcasecmp (algostr, "futuredefault"))
      && (!*usagestr || !ascii_strcasecmp (usagestr, "default")
          || !strcmp (usagestr, "-")))
    {
      /* Use default key parameters.  */
@ -4091,7 +4121,7 @@ quick_generate_keypair (ctrl_t ctrl, const char *uid, const char *algostr,
      unsigned int keyuse, subkeyuse;
      const char *curve, *subcurve;
-      err = parse_key_parameter_string (algostr, -1,
+      err = parse_key_parameter_string (algostr, -1, 0,
                                        &algo, &size, &keyuse, &curve,
                                        &subalgo, &subsize, &subkeyuse,
                                        &subcurve);
@ -4470,7 +4500,7 @@ generate_keypair (ctrl_t ctrl, int full, const char *fname,
 #endif
                   , "--full-generate-key" );
-      err = parse_key_parameter_string (NULL, -1,
+      err = parse_key_parameter_string (NULL, -1, 0,
                                        &algo, &size, &keyuse, &curve,
                                        &subalgo, &subsize,
                                        &subkeyuse, &subcurve);
@ -5017,6 +5047,7 @@ parse_algo_usage_expire (ctrl_t ctrl, int for_subkey,
    }
  err = parse_key_parameter_string (algostr, for_subkey? 1 : 0,
                                    usagestr? parse_usagestr (usagestr):0,
                                    &algo, &nbits, &use, &curve,
                                    NULL, NULL, NULL, NULL);
  if (err)
@ -5024,7 +5055,7 @@ parse_algo_usage_expire (ctrl_t ctrl, int for_subkey,
  /* Parse the usage string.  */
  if (!usagestr || !*usagestr
-      || !strcmp (usagestr, "default") || !strcmp (usagestr, "-"))
+      || !ascii_strcasecmp (usagestr, "default") || !strcmp (usagestr, "-"))
    ; /* Keep usage from parse_key_parameter_string.  */
  else if ((wantuse = parse_usagestr (usagestr)) != -1)
    use = wantuse;
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@ -495,7 +495,7 @@ proc_pubkey_enc (ctrl_t ctrl, CTX c, PACKET *pkt)
                       || have_secret_key_with_kid (enc->keyid)))
        {
          if(opt.list_only)
-            result = -1;
+            result = GPG_ERR_MISSING_ACTION; /* fixme: Use better error code. */
          else
            {
              c->dek = xmalloc_secure_clear (sizeof *c->dek);
@ -513,9 +513,7 @@ proc_pubkey_enc (ctrl_t ctrl, CTX c, PACKET *pkt)
  else
    result = GPG_ERR_PUBKEY_ALGO;
-  if (result == -1)
+  if (1)
    ;
  else
    {
      /* Store it for later display.  */
      struct kidlist_item *x = xmalloc (sizeof *x);
@ -583,6 +581,10 @@ print_pkenc_list (ctrl_t ctrl, struct kidlist_item *list, int failed)
              write_status_text (STATUS_NO_SECKEY, buf);
 	    }
 	}
      else if (gpg_err_code (list->reason) == GPG_ERR_MISSING_ACTION)
        {
          /* Not tested for secret key due to --list-only mode.  */
        }
      else if (list->reason)
        {
          log_info (_("public key decryption failed: %s\n"),
--- a/kbx/kbxutil.c
+++ b/kbx/kbxutil.c
@ -464,7 +464,6 @@ main( int argc, char **argv )
  /*create_dotlock(NULL); register locking cleanup */
  /* We need to use the gcry malloc function because jnlib uses them.  */
  keybox_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free);
  ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free );
--- a/kbx/keybox-defs.h
+++ b/kbx/keybox-defs.h
@ -33,16 +33,7 @@
 #include <sys/types.h> /* off_t */
-/* We include the type definitions from jnlib instead of defining our
+#include "../common/util.h"
   owns here.  This will not allow us build KBX in a standalone way
   but there is currently no need for it anyway.  Same goes for
   stringhelp.h which for example provides a replacement for stpcpy -
   fixme: Better use the LIBOBJ mechnism. */
 #include "../common/types.h"
 #include "../common/stringhelp.h"
 #include "../common/dotlock.h"
 #include "../common/logging.h"
 #include "keybox.h"
@ -209,64 +200,10 @@ int _keybox_dump_cut_records (const char *filename, unsigned long from,
 /*-- keybox-util.c --*/
 void *_keybox_malloc (size_t n);
 void *_keybox_calloc (size_t n, size_t m);
 void *_keybox_realloc (void *p, size_t n);
 void  _keybox_free (void *p);
 #define xtrymalloc(a)    _keybox_malloc ((a))
 #define xtrycalloc(a,b)  _keybox_calloc ((a),(b))
 #define xtryrealloc(a,b) _keybox_realloc((a),(b))
 #define xfree(a)         _keybox_free ((a))
 #define DIM(v) (sizeof(v)/sizeof((v)[0]))
 #define DIMof(type,member)   DIM(((type *)0)->member)
 #ifndef STR
 #  define STR(v) #v
 #endif
 #define STR2(v) STR(v)
 /*
-  a couple of handy macros
+ * A couple of handy macros
-*/
+ */
 #define return_if_fail(expr) do {                        \
    if (!(expr)) {                                       \
        fprintf (stderr, "%s:%d: assertion '%s' failed\n", \
                 __FILE__, __LINE__, #expr );            \
        return;	                                         \
    } } while (0)
 #define return_null_if_fail(expr) do {                   \
    if (!(expr)) {                                       \
        fprintf (stderr, "%s:%d: assertion '%s' failed\n", \
                 __FILE__, __LINE__, #expr );            \
        return NULL;	                                 \
    } } while (0)
 #define return_val_if_fail(expr,val) do {                \
    if (!(expr)) {                                       \
        fprintf (stderr, "%s:%d: assertion '%s' failed\n", \
                 __FILE__, __LINE__, #expr );            \
        return (val);	                                 \
    } } while (0)
 #define never_reached() do {                                   \
        fprintf (stderr, "%s:%d: oops; should never get here\n", \
                 __FILE__, __LINE__ );                         \
    } while (0)
 /* some macros to replace ctype ones and avoid locale problems */
 #define digitp(p)   (*(p) >= '0' && *(p) <= '9')
 #define hexdigitp(a) (digitp (a)                     \
                      || (*(a) >= 'A' && *(a) <= 'F')  \
                      || (*(a) >= 'a' && *(a) <= 'f'))
 /* the atoi macros assume that the buffer has only valid digits */
 #define atoi_1(p)   (*(p) - '0' )
 #define atoi_2(p)   ((atoi_1(p) * 10) + atoi_1((p)+1))
 #define atoi_4(p)   ((atoi_2(p) * 100) + atoi_2((p)+2))
 #define xtoi_1(p)   (*(p) <= '9'? (*(p)- '0'): \
                     *(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10))
 #define xtoi_2(p)   ((xtoi_1(p) * 16) + xtoi_1((p)+1))
 #endif /*KEYBOX_DEFS_H*/
--- a/kbx/keybox-util.c
+++ b/kbx/keybox-util.c
@ -27,52 +27,6 @@
 #endif
 #include "keybox-defs.h"
 #include "../common/utilproto.h"
 static void *(*alloc_func)(size_t n) = malloc;
 static void *(*realloc_func)(void *p, size_t n) = realloc;
 static void (*free_func)(void*) = free;
 void
 keybox_set_malloc_hooks ( void *(*new_alloc_func)(size_t n),
                          void *(*new_realloc_func)(void *p, size_t n),
                          void (*new_free_func)(void*) )
 {
  alloc_func	    = new_alloc_func;
  realloc_func      = new_realloc_func;
  free_func	    = new_free_func;
 }
 void *
 _keybox_malloc (size_t n)
 {
  return alloc_func (n);
 }
 void *
 _keybox_realloc (void *a, size_t n)
 {
  return realloc_func (a, n);
 }
 void *
 _keybox_calloc (size_t n, size_t m)
 {
  void *p = _keybox_malloc (n*m);
  if (p)
    memset (p, 0, n* m);
  return p;
 }
 void
 _keybox_free (void *p)
 {
  if (p)
    free_func (p);
 }
 /* Store the two malloced temporary file names used for keybox updates
@ -146,10 +100,3 @@ keybox_tmp_names (const char *filename, int for_keyring,
  *r_tmpname = tmp_name;
  return 0;
 }
 gpg_error_t
 keybox_file_rename (const char *oldname, const char *newname,
                    int *block_signals)
 {
  return gnupg_rename_file (oldname, newname, block_signals);
 }
--- a/kbx/keybox.h
+++ b/kbx/keybox.h
@ -127,10 +127,6 @@ int keybox_rebuild_cache (void *);
 /*-- keybox-util.c --*/
 void keybox_set_malloc_hooks ( void *(*new_alloc_func)(size_t n),
                               void *(*new_realloc_func)(void *p, size_t n),
                               void (*new_free_func)(void*) );
 gpg_error_t keybox_tmp_names (const char *filename, int for_keyring,
                              char **r_bakname, char **r_tmpname);
--- a/po/ca.po
+++ b/po/ca.po
@ -495,10 +495,6 @@ msgstr "error mentre s'enviava a «%s»: %s\n"
 msgid "can't set permissions of '%s': %s\n"
 msgstr "AVÍS: els permissos són insegurs en %s «%s»\n"
 #, fuzzy, c-format
 msgid "listen() failed: %s\n"
 msgstr "ha fallat l'actualització: %s\n"
 #, fuzzy, c-format
 msgid "listening on socket '%s'\n"
 msgstr "s'està escrivint la clau secreta a «%s»\n"
@ -9153,6 +9149,10 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 #, fuzzy
 #~ msgid "listen() failed: %s\n"
 #~ msgstr "ha fallat l'actualització: %s\n"
 #, fuzzy
 #~ msgid ""
 #~ "can't check signature with unsupported public-key algorithm (%d): %s.\n"
--- a/po/cs.po
+++ b/po/cs.po
--- a/po/da.po
+++ b/po/da.po
@ -505,10 +505,6 @@ msgstr "fejl ved binding af sokkel til »%s«: %s\n"
 msgid "can't set permissions of '%s': %s\n"
 msgstr "Advarsel: usikre rettigheder på %s »%s«\n"
 #, c-format
 msgid "listen() failed: %s\n"
 msgstr "listen() mislykkedes: %s\n"
 #, fuzzy, c-format
 #| msgid "listening on socket `%s'\n"
 msgid "listening on socket '%s'\n"
@ -9213,6 +9209,9 @@ msgstr ""
 "Syntaks: gpg-check-pattern [tilvalg] mønsterfil\n"
 "Kontroller en adgangsfrase angivet på stdin mod mønsterfilen\n"
 #~ msgid "listen() failed: %s\n"
 #~ msgstr "listen() mislykkedes: %s\n"
 #~ msgid "do not grab keyboard and mouse"
 #~ msgstr "fang ikke tastatur og mus"
--- a/po/de.po
+++ b/po/de.po
@ -9,7 +9,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: gnupg-2.1.0\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"PO-Revision-Date: 2017-11-02 17:36+0100\n"
+"PO-Revision-Date: 2017-12-19 12:28+0100\n"
 "Last-Translator: Werner Koch <wk@gnupg.org>\n"
 "Language-Team: German <de@li.org>\n"
 "Language: de\n"
@ -452,10 +452,6 @@ msgstr "Der Socket kann nicht an `%s' gebunden werden: %s\n"
 msgid "can't set permissions of '%s': %s\n"
 msgstr "Zugriffsrechte für '%s' können nicht gesetzt werden: %s\n"
 #, c-format
 msgid "listen() failed: %s\n"
 msgstr "Der listen()-Aufruf ist fehlgeschlagen: %s\n"
 #, c-format
 msgid "listening on socket '%s'\n"
 msgstr "Es wird auf Socket `%s' gehört\n"
@ -955,7 +951,7 @@ msgid "Data decryption succeeded"
 msgstr "Entschlüsselung der Daten erfolgreich"
 msgid "Encryption algorithm supported"
-msgstr "Verschlüsselungsverfahren %d%s wird nicht unterstützt"
+msgstr "Verschlüsselungsverfahren wird unterstützt"
 msgid "Data verification succeeded"
 msgstr "Prüfung der Signatur erfolgreich"
@ -8759,6 +8755,9 @@ msgstr ""
 "Syntax: gpg-check-pattern [optionen] Musterdatei\n"
 "Die von stdin gelesene Passphrase gegen die Musterdatei prüfen\n"
 #~ msgid "listen() failed: %s\n"
 #~ msgstr "Der listen()-Aufruf ist fehlgeschlagen: %s\n"
 #~ msgid "do not grab keyboard and mouse"
 #~ msgstr "Tastatur und Maus nicht \"grabben\""
--- a/po/el.po
+++ b/po/el.po
@ -466,10 +466,6 @@ msgstr "σφάλμα στη αποστολή προς το `%s': %s\n"
 msgid "can't set permissions of '%s': %s\n"
 msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: μη ασφαλείς άδειες στο %s \"%s\"\n"
 #, fuzzy, c-format
 msgid "listen() failed: %s\n"
 msgstr "η ενημέρωση απέτυχε: %s\n"
 #, fuzzy, c-format
 msgid "listening on socket '%s'\n"
 msgstr "εγγραφή του μυστικού κλειδιού στο `%s'\n"
@ -8979,6 +8975,10 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 #, fuzzy
 #~ msgid "listen() failed: %s\n"
 #~ msgstr "η ενημέρωση απέτυχε: %s\n"
 #, fuzzy
 #~ msgid ""
 #~ "can't check signature with unsupported public-key algorithm (%d): %s.\n"
--- a/po/eo.po
+++ b/po/eo.po
@ -466,10 +466,6 @@ msgstr "eraro dum sendo al '%s': %s\n"
 msgid "can't set permissions of '%s': %s\n"
 msgstr "Averto: malsekuraj permesoj sur %s \"%s\"\n"
 #, fuzzy, c-format
 msgid "listen() failed: %s\n"
 msgstr "aktualigo malsukcesis: %s\n"
 #, fuzzy, c-format
 msgid "listening on socket '%s'\n"
 msgstr "skribas sekretan ŝlosilon al '%s'\n"
@ -8920,6 +8916,10 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 #, fuzzy
 #~ msgid "listen() failed: %s\n"
 #~ msgstr "aktualigo malsukcesis: %s\n"
 #, fuzzy
 #~ msgid ""
 #~ "can't check signature with unsupported public-key algorithm (%d): %s.\n"
--- a/po/es.po
+++ b/po/es.po
@ -521,10 +521,6 @@ msgstr "error enlazando el socket con `%s': %s\n"
 msgid "can't set permissions of '%s': %s\n"
 msgstr "Aviso: permisos inseguros en %s \"%s\"\n"
 #, c-format
 msgid "listen() failed: %s\n"
 msgstr "listen() falló: %s\n"
 #, fuzzy, c-format
 #| msgid "listening on socket `%s'\n"
 msgid "listening on socket '%s'\n"
@ -9252,6 +9248,9 @@ msgstr ""
 "Compara frase contraseña dada en entrada estándar con un fichero de "
 "patrones\n"
 #~ msgid "listen() failed: %s\n"
 #~ msgstr "listen() falló: %s\n"
 #~ msgid "do not grab keyboard and mouse"
 #~ msgstr "no acaparar teclado y ratón"
--- a/po/et.po
+++ b/po/et.po
@ -463,10 +463,6 @@ msgstr "viga teate saatmisel serverile `%s': %s\n"
 msgid "can't set permissions of '%s': %s\n"
 msgstr "HOIATUS: ebaturvalised õigused %s \"%s\"\n"
 #, fuzzy, c-format
 msgid "listen() failed: %s\n"
 msgstr "uuendamine ebaõnnestus: %s\n"
 #, fuzzy, c-format
 msgid "listening on socket '%s'\n"
 msgstr "kirjutan salajase võtme faili `%s'\n"
@ -8895,6 +8891,10 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 #, fuzzy
 #~ msgid "listen() failed: %s\n"
 #~ msgstr "uuendamine ebaõnnestus: %s\n"
 #, fuzzy
 #~ msgid ""
 #~ "can't check signature with unsupported public-key algorithm (%d): %s.\n"
--- a/po/fi.po
+++ b/po/fi.po
@ -480,10 +480,6 @@ msgstr "virhe lähettäessä kohteeseen \"%s\": %s\n"
 msgid "can't set permissions of '%s': %s\n"
 msgstr "VAROITUS: oikeudet kohteessa %s \"%s\" eivät ole turvallisia\"\n"
 #, fuzzy, c-format
 msgid "listen() failed: %s\n"
 msgstr "päivitys epäonnistui: %s\n"
 #, fuzzy, c-format
 msgid "listening on socket '%s'\n"
 msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
@ -8957,6 +8953,10 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 #, fuzzy
 #~ msgid "listen() failed: %s\n"
 #~ msgstr "päivitys epäonnistui: %s\n"
 #, fuzzy
 #~ msgid ""
 #~ "can't check signature with unsupported public-key algorithm (%d): %s.\n"
--- a/po/fr.po
+++ b/po/fr.po
@ -467,10 +467,6 @@ msgstr "erreur de lien de la socket à « %s » : %s\n"
 msgid "can't set permissions of '%s': %s\n"
 msgstr "Avertissement : les droits de %s ne sont pas sûrs « %s »\n"
 #, c-format
 msgid "listen() failed: %s\n"
 msgstr "échec de listen() : %s\n"
 #, c-format
 msgid "listening on socket '%s'\n"
 msgstr "écoute sur la socket « %s »\n"
@ -8935,6 +8931,9 @@ msgstr ""
 "Vérifier une phrase secrète donnée sur l'entrée standard par rapport à "
 "ficmotif\n"
 #~ msgid "listen() failed: %s\n"
 #~ msgstr "échec de listen() : %s\n"
 #~ msgid "do not grab keyboard and mouse"
 #~ msgstr "ne pas capturer le clavier et la souris"
--- a/po/gl.po
+++ b/po/gl.po
@ -467,10 +467,6 @@ msgstr "erro ao enviar a `%s': %s\n"
 msgid "can't set permissions of '%s': %s\n"
 msgstr "AVISO: permisos inseguros en %s \"%s\"\n"
 #, fuzzy, c-format
 msgid "listen() failed: %s\n"
 msgstr "a actualización fallou: %s\n"
 #, fuzzy, c-format
 msgid "listening on socket '%s'\n"
 msgstr "gravando a chave secreta en `%s'\n"
@ -8986,6 +8982,10 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 #, fuzzy
 #~ msgid "listen() failed: %s\n"
 #~ msgstr "a actualización fallou: %s\n"
 #, fuzzy
 #~ msgid ""
 #~ "can't check signature with unsupported public-key algorithm (%d): %s.\n"
--- a/po/hu.po
+++ b/po/hu.po
@ -463,10 +463,6 @@ msgstr "Hiba %s-ra/-re küldéskor: %s\n"
 msgid "can't set permissions of '%s': %s\n"
 msgstr "FIGYELEM: nem biztonságos engedélyek: %s \"%s\"\n"
 #, fuzzy, c-format
 msgid "listen() failed: %s\n"
 msgstr "Frissítés sikertelen: %s.\n"
 #, fuzzy, c-format
 msgid "listening on socket '%s'\n"
 msgstr "Írom a titkos kulcsot a %s állományba.\n"
@ -8925,6 +8921,10 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 #, fuzzy
 #~ msgid "listen() failed: %s\n"
 #~ msgstr "Frissítés sikertelen: %s.\n"
 #, fuzzy
 #~ msgid ""
 #~ "can't check signature with unsupported public-key algorithm (%d): %s.\n"
--- a/po/id.po
+++ b/po/id.po
@ -468,10 +468,6 @@ msgstr "kesalahan mengirim ke `%s': %s\n"
 msgid "can't set permissions of '%s': %s\n"
 msgstr "Peringatan: permisi tidak aman pada %s \"%s\"\n"
 #, fuzzy, c-format
 msgid "listen() failed: %s\n"
 msgstr "gagal memperbarui: %s\n"
 #, fuzzy, c-format
 msgid "listening on socket '%s'\n"
 msgstr "menulis kunci rahasia ke `%s'\n"
@ -8918,6 +8914,10 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 #, fuzzy
 #~ msgid "listen() failed: %s\n"
 #~ msgstr "gagal memperbarui: %s\n"
 #, fuzzy
 #~ msgid ""
 #~ "can't check signature with unsupported public-key algorithm (%d): %s.\n"
--- a/po/it.po
+++ b/po/it.po
@ -463,10 +463,6 @@ msgstr "errore leggendo `%s': %s\n"
 msgid "can't set permissions of '%s': %s\n"
 msgstr "ATTENZIONE: i permessi \"%s\" di %s sono insicuri\n"
 #, fuzzy, c-format
 msgid "listen() failed: %s\n"
 msgstr "aggiornamento fallito: %s\n"
 #, fuzzy, c-format
 msgid "listening on socket '%s'\n"
 msgstr "scrittura della chiave segreta in `%s'\n"
@ -8959,6 +8955,10 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 #, fuzzy
 #~ msgid "listen() failed: %s\n"
 #~ msgstr "aggiornamento fallito: %s\n"
 #, fuzzy
 #~ msgid ""
 #~ "can't check signature with unsupported public-key algorithm (%d): %s.\n"
--- a/po/ja.po
+++ b/po/ja.po
@ -433,10 +433,6 @@ msgstr "'%s'でソケットのバインドのエラー: %s\n"
 msgid "can't set permissions of '%s': %s\n"
 msgstr "'%s'の許可が設定できません: %s\n"
 #, c-format
 msgid "listen() failed: %s\n"
 msgstr "listen() に失敗しました: %s\n"
 #, c-format
 msgid "listening on socket '%s'\n"
 msgstr "ソケット'%s'でlisten\n"
@ -1342,7 +1338,8 @@ msgstr "認証鍵の鍵長は? (%u) "
 #, c-format
 msgid "The card will now be re-configured to generate a key of type: %s\n"
-msgstr "カードは、今、こちらのタイプの鍵を生成するように再コンフィグされました: %s\n"
+msgstr ""
 "カードは、今、こちらのタイプの鍵を生成するように再コンフィグされました: %s\n"
 #, c-format
 msgid "rounded up to %u bits\n"
@ -8322,6 +8319,9 @@ msgstr ""
 "形式: gpg-check-pattern [オプション] パターンファイル\n"
 "パターンファイルに対して標準入力のパスフレーズを確認する\n"
 #~ msgid "listen() failed: %s\n"
 #~ msgstr "listen() に失敗しました: %s\n"
 #~ msgid "do not grab keyboard and mouse"
 #~ msgstr "キーボードとマウスを占有しない"
--- a/po/nb.po
+++ b/po/nb.po
@ -437,10 +437,6 @@ msgstr "feil under knytning av sokkel til «%s»: %s\n"
 msgid "can't set permissions of '%s': %s\n"
 msgstr "klarte ikke å endre tillatelser til «%s»: %s\n"
 #, c-format
 msgid "listen() failed: %s\n"
 msgstr "listen() mislyktes: %s\n"
 #, c-format
 msgid "listening on socket '%s'\n"
 msgstr "lytter på sokkel «%s»\n"
@ -8440,6 +8436,9 @@ msgstr ""
 "Syntaks: gpg-check-pattern [valg] mønsterfil\n"
 "Kontroller passordfrase oppgitt på standard innkanal mot valgt mønsterfil\n"
 #~ msgid "listen() failed: %s\n"
 #~ msgstr "listen() mislyktes: %s\n"
 #~ msgid "do not grab keyboard and mouse"
 #~ msgstr "ikke bruk tastatur og mus"
--- a/po/nl.po
+++ b/po/nl.po
@ -30,7 +30,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: gnupg 2.0.28\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"PO-Revision-Date: 2015-06-07 16:56+0200\n"
+"PO-Revision-Date: 2017-12-19 12:28+0100\n"
 "Last-Translator: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>\n"
 "Language-Team: Debian Dutch l10n Team <debian-l10n-dutch@lists.debian.org>\n"
 "Language: nl\n"
@ -6501,7 +6501,7 @@ msgid "keybox `%s' created\n"
 msgstr "sleuteldoosje `%s' is aangemaakt\n"
 msgid "failed to get the fingerprint\n"
-msgstr "opvragen van de vingerafdruk is mislukt: %s\n"
+msgstr "opvragen van de vingerafdruk is mislukt\n"
 #, c-format
 msgid "problem looking for existing certificate: %s\n"
--- a/po/pl.po
+++ b/po/pl.po
@ -494,10 +494,6 @@ msgstr "błąd podczas przypisywania gniazda do ,,%s'': %s\n"
 msgid "can't set permissions of '%s': %s\n"
 msgstr "Ostrzeżenie: niebezpieczne prawa dostępu do %s ,,%s''\n"
 #, c-format
 msgid "listen() failed: %s\n"
 msgstr "listen() nie powiodło się: %s\n"
 #, fuzzy, c-format
 #| msgid "listening on socket `%s'\n"
 msgid "listening on socket '%s'\n"
@ -9281,6 +9277,9 @@ msgstr ""
 "Składnia: gpg-check-pattern [opcje] plik-wzorców\n"
 "Sprawdzanie hasła ze standardowego wejścia względem pliku wzorców\n"
 #~ msgid "listen() failed: %s\n"
 #~ msgstr "listen() nie powiodło się: %s\n"
 #~ msgid "do not grab keyboard and mouse"
 #~ msgstr "nie przechwytywanie klawiatury i myszy"
--- a/po/pt.po
+++ b/po/pt.po
@ -468,10 +468,6 @@ msgstr "erro ao enviar para `%s': %s\n"
 msgid "can't set permissions of '%s': %s\n"
 msgstr "AVISO: permissões pouco seguras em %s \"%s\"\n"
 #, fuzzy, c-format
 msgid "listen() failed: %s\n"
 msgstr "actualização falhou: %s\n"
 #, fuzzy, c-format
 msgid "listening on socket '%s'\n"
 msgstr "a escrever chave privada para `%s'\n"
@ -8927,6 +8923,10 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 #, fuzzy
 #~ msgid "listen() failed: %s\n"
 #~ msgstr "actualização falhou: %s\n"
 #, fuzzy
 #~ msgid ""
 #~ "can't check signature with unsupported public-key algorithm (%d): %s.\n"
--- a/po/ro.po
+++ b/po/ro.po
@ -9,7 +9,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: gnupg 1.4.2rc1\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"PO-Revision-Date: 2005-05-31 22:00-0500\n"
+"PO-Revision-Date: 2017-12-19 12:30+0100\n"
 "Last-Translator: Laurentiu Buzdugan <lbuz@rolix.org>\n"
 "Language-Team: Romanian <translation-team-ro@lists.sourceforge.net>\n"
 "Language: ro\n"
@ -478,10 +478,6 @@ msgstr "eroare trimitere la `%s': %s\n"
 msgid "can't set permissions of '%s': %s\n"
 msgstr "AVERTISMENT: permisiuni nesigure (unsafe) pentru extensia `%s'\n"
 #, fuzzy, c-format
 msgid "listen() failed: %s\n"
 msgstr "actualizarea a eşuat: %s\n"
 #, fuzzy, c-format
 msgid "listening on socket '%s'\n"
 msgstr "scriu cheia secretă în `%s'\n"
@ -3078,8 +3074,9 @@ msgstr ""
 msgid "User ID \"%s\" is revoked."
 msgstr "ID utilizator \"%s\" a fost revocat."
 #, fuzzy
 msgid "Are you sure you still want to sign it? (y/N) "
-msgstr "Sunteţi sigur(ă) că doriţi să ştergeţi permanent \"%s\"? (d/N)"
+msgstr "Sunteţi sigur(ă) că doriţi să ştergeţi permanent? (d/N)"
 msgid "  Unable to sign.\n"
 msgstr "  Nu pot semna.\n"
@ -9002,6 +8999,10 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 #, fuzzy
 #~ msgid "listen() failed: %s\n"
 #~ msgstr "actualizarea a eşuat: %s\n"
 #~ msgid "Error: URL too long (limit is %d characters).\n"
 #~ msgstr "Eroare: URL prea lung (limita este de %d caractere).\n"
--- a/po/ru.po
+++ b/po/ru.po
@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: GnuPG 2.2.0\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"PO-Revision-Date: 2017-11-02 17:41+0100\n"
+"PO-Revision-Date: 2017-12-13 17:41+0100\n"
 "Last-Translator: Ineiev <ineiev@gnu.org>\n"
 "Language-Team: Russian <gnupg-ru@gnupg.org>\n"
 "Language: ru\n"
@ -444,10 +444,6 @@ msgstr "ошибка связывания сокета с '%s': %s\n"
 msgid "can't set permissions of '%s': %s\n"
 msgstr "не удалось задать права доступа для '%s': %s\n"
 #, c-format
 msgid "listen() failed: %s\n"
 msgstr "сбой listen(): %s\n"
 #, c-format
 msgid "listening on socket '%s'\n"
 msgstr "слушаем сокет '%s'\n"
@ -1349,10 +1345,9 @@ msgstr "Какой Вам нужен размер ключа для шифров
 msgid "What keysize do you want for the Authentication key? (%u) "
 msgstr "Какой Вам нужен размер ключа для удостоверения личности? (%u) "
-#, fuzzy, c-format
+#, c-format
 #| msgid "The card will now be re-configured to generate a key of %u bits\n"
 msgid "The card will now be re-configured to generate a key of type: %s\n"
-msgstr "Теперь карта будет перенастроена на генерацию ключа длиной %u бит\n"
+msgstr "Теперь карта будет перенастроена на генерацию ключа типа %s\n"
 #, c-format
 msgid "rounded up to %u bits\n"
@ -8583,6 +8578,9 @@ msgstr ""
 "Синтаксис: gpg-check-pattern [параметры] файл_образцов\n"
 "Проверить фразу-пароль, поступающую из stdin, по файлу образцов\n"
 #~ msgid "listen() failed: %s\n"
 #~ msgstr "сбой listen(): %s\n"
 #~ msgid "do not grab keyboard and mouse"
 #~ msgstr "не захватывать клавиатуру и мышь"
--- a/po/sk.po
+++ b/po/sk.po
@ -468,10 +468,6 @@ msgstr "chyba pri posielaní na `%s': %s\n"
 msgid "can't set permissions of '%s': %s\n"
 msgstr "VAROVANIE: prístupové práva pre %s nie sú nastavené bezpečne \"%s\"\n"
 #, fuzzy, c-format
 msgid "listen() failed: %s\n"
 msgstr "aktualizácia zlyhala: %s\n"
 #, fuzzy, c-format
 msgid "listening on socket '%s'\n"
 msgstr "zapisujem tajný kľúč do `%s'\n"
@ -4951,6 +4947,7 @@ msgstr "\"%s\" nie je súbor JPEG\n"
 msgid "Is this photo correct (y/N/q)? "
 msgstr "Je táto fotografia správna (a/N/u)? "
 #, fuzzy
 msgid "unable to display photo ID!\n"
 msgstr "nemožno nastaviť exec-path na %s\n"
@ -8949,6 +8946,10 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 #, fuzzy
 #~ msgid "listen() failed: %s\n"
 #~ msgstr "aktualizácia zlyhala: %s\n"
 #, fuzzy
 #~ msgid ""
 #~ "can't check signature with unsupported public-key algorithm (%d): %s.\n"
--- a/po/sv.po
+++ b/po/sv.po
@ -523,10 +523,6 @@ msgstr "fel när \"%s\" bands till uttag: %s\n"
 msgid "can't set permissions of '%s': %s\n"
 msgstr "Varning: osäkra rättigheter på %s \"%s\"\n"
 #, c-format
 msgid "listen() failed: %s\n"
 msgstr "listen() misslyckades: %s\n"
 #, fuzzy, c-format
 #| msgid "listening on socket `%s'\n"
 msgid "listening on socket '%s'\n"
@ -9359,6 +9355,9 @@ msgstr ""
 "Syntax: gpg-check-pattern [flaggor] mönsterfil\n"
 "Kontrollera en lösenfras angiven på standard in mot mönsterfilen\n"
 #~ msgid "listen() failed: %s\n"
 #~ msgstr "listen() misslyckades: %s\n"
 #~ msgid "do not grab keyboard and mouse"
 #~ msgstr "fånga inte tangentbord och mus"
--- a/po/tr.po
+++ b/po/tr.po
@ -489,10 +489,6 @@ msgstr "soket `%s'e bağlanırken hata: %s\n"
 msgid "can't set permissions of '%s': %s\n"
 msgstr "UYARI: %s üzerinde izinler güvensiz: \"%s\"\n"
 #, c-format
 msgid "listen() failed: %s\n"
 msgstr "soket dinleme başarısız: %s\n"
 #, fuzzy, c-format
 #| msgid "listening on socket `%s'\n"
 msgid "listening on socket '%s'\n"
@ -9265,6 +9261,9 @@ msgstr ""
 "Standart girdiden verilen anahtar parolasını örüntü dosyasıyla "
 "karşılaştırır\n"
 #~ msgid "listen() failed: %s\n"
 #~ msgstr "soket dinleme başarısız: %s\n"
 #~ msgid "do not grab keyboard and mouse"
 #~ msgstr "klavye ve fare gaspedilmez"
--- a/po/uk.po
+++ b/po/uk.po
@ -439,10 +439,6 @@ msgstr "помилка під час спроби прив’язування с
 msgid "can't set permissions of '%s': %s\n"
 msgstr "не вдалося встановити права доступу до «%s»: %s\n"
 #, c-format
 msgid "listen() failed: %s\n"
 msgstr "помилка listen(): %s\n"
 #, c-format
 msgid "listening on socket '%s'\n"
 msgstr "очікування даних на сокеті «%s»\n"
@ -8693,6 +8689,9 @@ msgstr ""
 "Синтаксис: gpg-check-pattern [параметри] файл_шаблонів\n"
 "Перевірити пароль, вказаний у stdin, за допомогою файла_шаблонів\n"
 #~ msgid "listen() failed: %s\n"
 #~ msgstr "помилка listen(): %s\n"
 #~ msgid "do not grab keyboard and mouse"
 #~ msgstr "не захоплювати керування клавіатурою і мишею"
--- a/po/zh_CN.po
+++ b/po/zh_CN.po
@ -476,10 +476,6 @@ msgstr "在‘%s’中寻找信任度记录时出错：%s\n"
 msgid "can't set permissions of '%s': %s\n"
 msgstr "警告：扩展模块‘%s’权限不安全\n"
 #, fuzzy, c-format
 msgid "listen() failed: %s\n"
 msgstr "更新失败：%s\n"
 #, fuzzy, c-format
 msgid "listening on socket '%s'\n"
 msgstr "正在将私钥写至`%s'\n"
@ -8826,6 +8822,10 @@ msgid ""
 "Check a passphrase given on stdin against the patternfile\n"
 msgstr ""
 #, fuzzy
 #~ msgid "listen() failed: %s\n"
 #~ msgstr "更新失败：%s\n"
 #~ msgid "Error: URL too long (limit is %d characters).\n"
 #~ msgstr "错误：URL 太长(至多 %d 个字符)\n"
--- a/po/zh_TW.po
+++ b/po/zh_TW.po
@ -446,10 +446,6 @@ msgstr "綁定 socket 至 '%s' 時出錯: %s\n"
 msgid "can't set permissions of '%s': %s\n"
 msgstr "警告: %s 的權限 \"%s\" 並不安全\n"
 #, c-format
 msgid "listen() failed: %s\n"
 msgstr "listen() 失敗: %s\n"
 #, c-format
 msgid "listening on socket '%s'\n"
 msgstr "正在候聽 socket '%s'\n"
@ -8476,6 +8472,9 @@ msgstr ""
 "語法: gpg-check-pattern [選項] 樣式檔案\n"
 "用樣式檔案來檢查由標準輸入給定的密語\n"
 #~ msgid "listen() failed: %s\n"
 #~ msgstr "listen() 失敗: %s\n"
 #~ msgid "do not grab keyboard and mouse"
 #~ msgstr "不要奪取鍵盤及滑鼠"
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@ -121,6 +121,7 @@ static struct {
  /* V3.0 */
  { 0x7F74, 0,    0, 1, 0, 0, 0, 0, "General Feature Management"},
  { 0x00D5, 0,    0, 1, 0, 0, 0, 0, "AES key data"},
  { 0x00F9, 0,    0, 1, 0, 0, 0, 0, "KDF data object"},
  { 0 }
 };
@ -199,7 +200,7 @@ struct app_local_s {
    unsigned int private_dos:1;
    unsigned int algo_attr_change:1;   /* Algorithm attributes changeable.  */
    unsigned int has_decrypt:1;        /* Support symmetric decryption.     */
-    unsigned int kdf_do:1;                /* Support KDF DOs.               */
+    unsigned int kdf_do:1;                /* Support KDF DO.                */
    unsigned int sm_algo:2;            /* Symmetric crypto algo for SM.     */
    unsigned int pin_blk2:1;           /* PIN block 2 format supported.     */
@ -980,6 +981,7 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
    { "PRIVATE-DO-4", 0x0104 },
    { "$AUTHKEYID",   0x0000, -3 },
    { "$DISPSERIALNO",0x0000, -4 },
    { "KDF",          0x00F9 },
    { NULL, 0 }
  };
  int idx, i, rc;
@ -2054,6 +2056,47 @@ get_prompt_info (app_t app, int chvno, unsigned long sigcount, int remaining)
  return result;
 }
 /* Compute hash if KDF-DO is available.  CHVNO must be 0 for reset
   code, 1 or 2 for user pin and 3 for admin pin.
 */
 static gpg_error_t
 pin2hash_if_kdf (app_t app, int chvno, char *pinvalue, int *r_pinlen)
 {
  gpg_error_t err = 0;
  void *relptr;
  unsigned char *buffer;
  size_t buflen;
  if (app->app_local->extcap.kdf_do
      && (relptr = get_one_do (app, 0x00F9, &buffer, &buflen, NULL)))
    {
      char *salt;
      unsigned long s2k_count;
      char dek[32];
      salt = &buffer[(chvno==3 ? 34 : (chvno==0 ? 24 : 14))];
      s2k_count = (((unsigned int)buffer[8] << 24)
                   | (buffer[9] << 16) | (buffer[10] << 8) | buffer[11]);
      err = gcry_kdf_derive (pinvalue, strlen (pinvalue),
                             GCRY_KDF_ITERSALTED_S2K,
                             DIGEST_ALGO_SHA256, salt, 8,
                             s2k_count, sizeof (dek), dek);
      if (!err)
        {
          /* pinvalue has a buffer of MAXLEN_PIN+1, 32 is OK.  */
          *r_pinlen = 32;
          memcpy (pinvalue, dek, *r_pinlen);
          wipememory (dek, *r_pinlen);
        }
      xfree (relptr);
    }
  else
    *r_pinlen = strlen (pinvalue);
  return err;
 }
 /* Verify a CHV either using the pinentry or if possible by
   using a pinpad.  PINCB and PINCB_ARG describe the usual callback
@ -2068,8 +2111,8 @@ get_prompt_info (app_t app, int chvno, unsigned long sigcount, int remaining)
 static gpg_error_t
 verify_a_chv (app_t app,
              gpg_error_t (*pincb)(void*, const char *, char **),
-              void *pincb_arg,
+              void *pincb_arg, int chvno, unsigned long sigcount,
-              int chvno, unsigned long sigcount, char **pinvalue)
+              char **pinvalue, int *pinlen)
 {
  int rc = 0;
  char *prompt_buffer = NULL;
@ -2081,6 +2124,7 @@ verify_a_chv (app_t app,
  log_assert (chvno == 1 || chvno == 2);
  *pinvalue = NULL;
  *pinlen = 0;
  remaining = get_remaining_tries (app, 0);
  if (remaining == -1)
@ -2169,8 +2213,9 @@ verify_a_chv (app_t app,
          return gpg_error (GPG_ERR_BAD_PIN);
        }
-      rc = iso7816_verify (app->slot, 0x80+chvno,
+      rc = pin2hash_if_kdf (app, chvno, *pinvalue, pinlen);
-                           *pinvalue, strlen (*pinvalue));
+      if (!rc)
        rc = iso7816_verify (app->slot, 0x80+chvno, *pinvalue, *pinlen);
    }
  if (rc)
@ -2194,11 +2239,12 @@ verify_chv2 (app_t app,
 {
  int rc;
  char *pinvalue;
  int pinlen;
  if (app->did_chv2)
    return 0;  /* We already verified CHV2.  */
-  rc = verify_a_chv (app, pincb, pincb_arg, 2, 0, &pinvalue);
+  rc = verify_a_chv (app, pincb, pincb_arg, 2, 0, &pinvalue, &pinlen);
  if (rc)
    return rc;
  app->did_chv2 = 1;
@ -2209,7 +2255,7 @@ verify_chv2 (app_t app,
         the card is not configured to require a verification before
         each CHV1 controlled operation (force_chv1) and if we are not
         using the pinpad (PINVALUE == NULL). */
-      rc = iso7816_verify (app->slot, 0x81, pinvalue, strlen (pinvalue));
+      rc = iso7816_verify (app->slot, 0x81, pinvalue, pinlen);
      if (gpg_err_code (rc) == GPG_ERR_BAD_PIN)
        rc = gpg_error (GPG_ERR_PIN_NOT_SYNCED);
      if (rc)
@ -2319,6 +2365,7 @@ verify_chv3 (app_t app,
      else
        {
          char *pinvalue;
          int pinlen;
          rc = pincb (pincb_arg, prompt, &pinvalue);
          xfree (prompt);
@ -2338,7 +2385,9 @@ verify_chv3 (app_t app,
              return gpg_error (GPG_ERR_BAD_PIN);
            }
-          rc = iso7816_verify (app->slot, 0x83, pinvalue, strlen (pinvalue));
+          rc = pin2hash_if_kdf (app, 3, pinvalue, &pinlen);
          if (!rc)
            rc = iso7816_verify (app->slot, 0x83, pinvalue, pinlen);
          xfree (pinvalue);
        }
@ -2389,6 +2438,7 @@ do_setattr (app_t app, const char *name,
    { "SM-KEY-MAC",   0x00D2, 3, 0, 1 },
    { "KEY-ATTR",     0,      0, 3, 1 },
    { "AESKEY",       0x00D5, 3, 0, 1 },
    { "KDF",          0x00F9, 3, 0, 1 },
    { NULL, 0 }
  };
  int exmode;
@ -2501,6 +2551,8 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
  pininfo_t pininfo;
  int use_pinpad = 0;
  int minlen = 6;
  int pinlen0 = 0;
  int pinlen = 0;
  (void)ctrl;
  memset (&pininfo, 0, sizeof pininfo);
@ -2685,10 +2737,17 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
        rc = gpg_error_from_syserror ();
      else
        {
-          strcpy (stpcpy (buffer, resetcode), pinvalue);
+          strcpy (buffer, resetcode);
          rc = pin2hash_if_kdf (app, 0, buffer, &pinlen0);
          if (!rc)
            {
              strcpy (buffer+pinlen0, pinvalue);
              rc = pin2hash_if_kdf (app, 0, buffer+pinlen0, &pinlen);
            }
          if (!rc)
            rc = iso7816_reset_retry_counter_with_rc (app->slot, 0x81,
-                                                    buffer, strlen (buffer));
+                                                      buffer, pinlen0+pinlen);
-          wipememory (buffer, strlen (buffer));
+          wipememory (buffer, pinlen0 + pinlen);
          xfree (buffer);
        }
    }
@ -2700,16 +2759,19 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
          rc = gpg_error (GPG_ERR_BAD_PIN);
        }
      else
-        rc = iso7816_put_data (app->slot, 0, 0xD3,
+        {
-                               pinvalue, strlen (pinvalue));
+          rc = pin2hash_if_kdf (app, 0, pinvalue, &pinlen);
          if (!rc)
            rc = iso7816_put_data (app->slot, 0, 0xD3, pinvalue, pinlen);
        }
    }
  else if (reset_mode)
    {
-      rc = iso7816_reset_retry_counter (app->slot, 0x81,
+      rc = pin2hash_if_kdf (app, 1, pinvalue, &pinlen);
-                                        pinvalue, strlen (pinvalue));
+      if (!rc)
        rc = iso7816_reset_retry_counter (app->slot, 0x81, pinvalue, pinlen);
      if (!rc && !app->app_local->extcap.is_v2)
-        rc = iso7816_reset_retry_counter (app->slot, 0x82,
+        rc = iso7816_reset_retry_counter (app->slot, 0x82, pinvalue, pinlen);
                                          pinvalue, strlen (pinvalue));
    }
  else if (!app->app_local->extcap.is_v2)
    {
@ -2750,14 +2812,20 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
          pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */
        }
      else
 	{
          rc = pin2hash_if_kdf (app, chvno, oldpinvalue, &pinlen0);
          if (!rc)
 	    rc = pin2hash_if_kdf (app, chvno, pinvalue, &pinlen);
          if (!rc)
            rc = iso7816_change_reference_data (app->slot, 0x80 + chvno,
-                                            oldpinvalue, strlen (oldpinvalue),
+                                                oldpinvalue, pinlen0,
-                                            pinvalue, strlen (pinvalue));
+                                                pinvalue, pinlen);
        }
    }
  if (pinvalue)
    {
-      wipememory (pinvalue, strlen (pinvalue));
+      wipememory (pinvalue, pinlen);
      xfree (pinvalue);
    }
  if (rc)
@ -2771,7 +2839,7 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
    }
  if (oldpinvalue)
    {
-      wipememory (oldpinvalue, strlen (oldpinvalue));
+      wipememory (oldpinvalue, pinlen0);
      xfree (oldpinvalue);
    }
  return rc;
@ -4277,8 +4345,9 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
  if (!app->did_chv1 || app->force_chv1 )
    {
      char *pinvalue;
      int pinlen;
-      rc = verify_a_chv (app, pincb, pincb_arg, 1, sigcount, &pinvalue);
+      rc = verify_a_chv (app, pincb, pincb_arg, 1, sigcount, &pinvalue, &pinlen);
      if (rc)
        return rc;
@ -4291,7 +4360,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
         pinpad has been used. */
      if (!app->did_chv2 && pinvalue && !app->app_local->extcap.is_v2)
        {
-          rc = iso7816_verify (app->slot, 0x82, pinvalue, strlen (pinvalue));
+          rc = iso7816_verify (app->slot, 0x82, pinvalue, pinlen);
          if (gpg_err_code (rc) == GPG_ERR_BAD_PIN)
            rc = gpg_error (GPG_ERR_PIN_NOT_SYNCED);
          if (rc)
--- a/scd/ccid-driver.c
+++ b/scd/ccid-driver.c
@ -1778,6 +1778,7 @@ do_close_reader (ccid_driver_t handle)
        }
      libusb_free_transfer (handle->transfer);
      handle->transfer = NULL;
    }
  libusb_release_interface (handle->idev, handle->ifc_no);
  --ccid_usb_thread_is_alive;
@ -2038,10 +2039,14 @@ bulk_in (ccid_driver_t handle, unsigned char *buffer, size_t length,
      /*
       * Communication failure by device side.
       * Possibly, it was forcibly suspended and resumed.
       *
       * Only detect this kind of failure when interrupt transfer is
       * not supported.  For card reader with interrupt transfer
       * support removal is detected by intr_cb.
       */
-      DEBUGOUT ("CCID: card inactive/removed\n");
+      if (handle->ep_intr < 0)
      if (handle->transfer == NULL)
        {
          DEBUGOUT ("CCID: card inactive/removed\n");
          handle->powered_off = 1;
          scd_kick_the_loop ();
        }
@ -2539,6 +2544,14 @@ ccid_get_atr (ccid_driver_t handle,
  if (statusbits == 2)
    return CCID_DRIVER_ERR_NO_CARD;
  /*
   * In the first invocation of ccid_slot_status, card reader may
   * return CCID_DRIVER_ERR_CARD_INACTIVE and handle->powered_off may
   * become 1.  Because inactive card is no problem (we are turning it
   * ON here), clear the flag.
   */
  handle->powered_off = 0;
  /* For an inactive and also for an active card, issue the PowerOn
     command to get the ATR.  */
 again:
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@ -1009,8 +1009,6 @@ main ( int argc, char **argv)
  assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
  setup_libassuan_logging (&opt.debug, NULL);
  keybox_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free);
  /* Setup a default control structure for command line mode */
  memset (&ctrl, 0, sizeof ctrl);
  gpgsm_init_default_ctrl (&ctrl);
--- a/tools/applygnupgdefaults
+++ b/tools/applygnupgdefaults
@ -1,5 +1,5 @@
 #!/bin/sh
-# Apply defaults from /etc/gnupg/gpg.conf to all users             -*- sh -*-
+# Apply defaults from /etc/gnupg/gpgconf.conf to all users       -*- sh -*-
 #
 # Copyright 2007 Free Software Foundation, Inc.
 #
--- a/tools/gpg-wks-server.c
+++ b/tools/gpg-wks-server.c
@ -66,11 +66,14 @@ enum cmd_and_opt_values
    aInstallKey,
    aRevokeKey,
    aRemoveKey,
    aCheck,
    oGpgProgram,
    oSend,
    oFrom,
    oHeader,
    oWithDir,
    oWithFile,
    oDummy
  };
@ -86,12 +89,15 @@ static ARGPARSE_OPTS opts[] = {
              ("run regular jobs")),
  ARGPARSE_c (aListDomains, "list-domains",
              ("list configured domains")),
  ARGPARSE_c (aCheck, "check",
              ("check whether a key is installed")),
  ARGPARSE_c (aCheck, "check-key", "@"),
  ARGPARSE_c (aInstallKey, "install-key",
-              "|FILE|install a key from FILE into the WKD"),
+              "install a key from FILE into the WKD"),
  ARGPARSE_c (aRemoveKey, "remove-key",
-              "|ADDR|remove the key ADDR from the WKD"),
+              "remove a key from the WKD"),
  ARGPARSE_c (aRevokeKey, "revoke-key",
-              "|ADDR|mark the key ADDR in the WKD as revoked"),
+              "mark a key as revoked"),
  ARGPARSE_group (301, ("@\nOptions:\n ")),
@ -104,6 +110,8 @@ static ARGPARSE_OPTS opts[] = {
  ARGPARSE_s_s (oFrom, "from", "|ADDR|use ADDR as the default sender"),
  ARGPARSE_s_s (oHeader, "header" ,
                "|NAME=VALUE|add \"NAME: VALUE\" as header to all mails"),
  ARGPARSE_s_n (oWithDir, "with-dir", "@"),
  ARGPARSE_s_n (oWithFile, "with-file", "@"),
  ARGPARSE_end ()
 };
@ -132,6 +140,13 @@ struct server_ctx_s
 };
 typedef struct server_ctx_s *server_ctx_t;
 /* Flag for --with-dir.  */
 static int opt_with_dir;
 /* Flag for --with-file.  */
 static int opt_with_file;
 /* Prototypes.  */
 static gpg_error_t get_domain_list (strlist_t *r_list);
@ -142,6 +157,7 @@ static gpg_error_t command_list_domains (void);
 static gpg_error_t command_install_key (const char *fname);
 static gpg_error_t command_remove_key (const char *mailaddr);
 static gpg_error_t command_revoke_key (const char *mailaddr);
 static gpg_error_t command_check_key (const char *mailaddr);
 static gpg_error_t command_cron (void);
@ -220,10 +236,17 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts)
        case oOutput:
          opt.output = pargs->r.ret_str;
          break;
        case oWithDir:
          opt_with_dir = 1;
          break;
        case oWithFile:
          opt_with_file = 1;
          break;
 	case aReceive:
        case aCron:
        case aListDomains:
        case aCheck:
        case aInstallKey:
        case aRemoveKey:
        case aRevokeKey:
@ -243,7 +266,7 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts)
 int
 main (int argc, char **argv)
 {
-  gpg_error_t err;
+  gpg_error_t err, firsterr;
  ARGPARSE_ARGS pargs;
  enum cmd_and_opt_values cmd;
@ -360,16 +383,29 @@ main (int argc, char **argv)
    case aRemoveKey:
      if (argc != 1)
-        wrong_args ("--remove-key MAILADDR");
+        wrong_args ("--remove-key USER-ID");
      err = command_remove_key (*argv);
      break;
    case aRevokeKey:
      if (argc != 1)
-        wrong_args ("--revoke-key MAILADDR");
+        wrong_args ("--revoke-key USER-ID");
      err = command_revoke_key (*argv);
      break;
    case aCheck:
      if (!argc)
        wrong_args ("--check USER-IDs");
      firsterr = 0;
      for (; argc; argc--, argv++)
        {
          err = command_check_key (*argv);
          if (!firsterr)
            firsterr = err;
        }
      err = firsterr;
      break;
    default:
      usage (1);
      err = gpg_error (GPG_ERR_BUG);
@ -1776,8 +1812,12 @@ command_list_domains (void)
      domain = strrchr (sl->d, '/');
      log_assert (domain);
      domain++;
      if (opt_with_dir)
        es_printf ("%s %s\n", domain, sl->d);
      else
        es_printf ("%s\n", domain);
      /* Check that the required directories are there.  */
      for (i=0; i < DIM (requireddirs); i++)
        {
@ -1900,12 +1940,140 @@ command_install_key (const char *fname)
 }
-/* Remove the key with mail address MAILADDR.  */
+/* Return the filename and optioanlly the addrspec for USERID at
 * R_FNAME and R_ADDRSPEC.  R_ADDRSPEC might also be set on error.  */
 static gpg_error_t
-command_remove_key (const char *mailaddr)
+fname_from_userid (const char *userid, char **r_fname, char **r_addrspec)
 {
-  (void)mailaddr;
+  gpg_error_t err;
-  return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+  char *addrspec = NULL;
  const char *domain;
  char *hash = NULL;
  const char *s;
  char shaxbuf[32]; /* Used for SHA-1 and SHA-256 */
  *r_fname = NULL;
  if (r_addrspec)
    *r_addrspec = NULL;
  addrspec = mailbox_from_userid (userid);
  if (!addrspec)
    {
      if (opt.verbose)
        log_info ("\"%s\" is not a proper mail address\n", userid);
      err = gpg_error (GPG_ERR_INV_USER_ID);
      goto leave;
    }
  domain = strchr (addrspec, '@');
  log_assert (domain);
  domain++;
  /* Hash user ID and create filename.  */
  s = strchr (addrspec, '@');
  log_assert (s);
  gcry_md_hash_buffer (GCRY_MD_SHA1, shaxbuf, addrspec, s - addrspec);
  hash = zb32_encode (shaxbuf, 8*20);
  if (!hash)
    {
      err = gpg_error_from_syserror ();
      goto leave;
    }
  *r_fname = make_filename_try (opt.directory, domain, "hu", hash, NULL);
  if (!*r_fname)
    err = gpg_error_from_syserror ();
  else
    err = 0;
 leave:
  if (r_addrspec && addrspec)
    *r_addrspec = addrspec;
  else
    xfree (addrspec);
  xfree (hash);
  return err;
 }
 /* Check whether the key with USER_ID is installed.  */
 static gpg_error_t
 command_check_key (const char *userid)
 {
  gpg_error_t err;
  char *addrspec = NULL;
  char *fname = NULL;
  err = fname_from_userid (userid, &fname, &addrspec);
  if (err)
    goto leave;
  if (access (fname, R_OK))
    {
      err = gpg_error_from_syserror ();
      if (opt_with_file)
        es_printf ("%s n %s\n", addrspec, fname);
      if (gpg_err_code (err) == GPG_ERR_ENOENT)
        {
          if (!opt.quiet)
            log_info ("key for '%s' is NOT installed\n", addrspec);
          log_inc_errorcount ();
          err = 0;
        }
      else
        log_error ("error stating '%s': %s\n", fname, gpg_strerror (err));
      goto leave;
    }
  if (opt_with_file)
    es_printf ("%s i %s\n", addrspec, fname);
  if (opt.verbose)
    log_info ("key for '%s' is installed\n", addrspec);
  err = 0;
 leave:
  xfree (fname);
  xfree (addrspec);
  return err;
 }
 /* Remove the key with mail address in USERID.  */
 static gpg_error_t
 command_remove_key (const char *userid)
 {
  gpg_error_t err;
  char *addrspec = NULL;
  char *fname = NULL;
  err = fname_from_userid (userid, &fname, &addrspec);
  if (err)
    goto leave;
  if (gnupg_remove (fname))
    {
      err = gpg_error_from_syserror ();
      if (gpg_err_code (err) == GPG_ERR_ENOENT)
        {
          if (!opt.quiet)
            log_info ("key for '%s' is not installed\n", addrspec);
          log_inc_errorcount ();
          err = 0;
        }
      else
        log_error ("error removing '%s': %s\n", fname, gpg_strerror (err));
      goto leave;
    }
  if (opt.verbose)
    log_info ("key for '%s' removed\n", addrspec);
  err = 0;
 leave:
  xfree (fname);
  xfree (addrspec);
  return err;
 }
@ -1913,6 +2081,7 @@ command_remove_key (const char *mailaddr)
 static gpg_error_t
 command_revoke_key (const char *mailaddr)
 {
-  (void)mailaddr;
+  /* Remove should be different from removing but we have not yet
-  return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+   * defined a suitable way to do this.  */
  return command_remove_key (mailaddr);
 }
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@ -48,6 +48,7 @@
 #include "../common/i18n.h"
 #include "../common/exechelp.h"
 #include "../common/sysutils.h"
 #include "../common/status.h"
 #include "../common/gc-opt-flags.h"
 #include "gpgconf.h"
@ -99,7 +100,7 @@ gc_error (int status, int errnum, const char *fmt, ...)
    {
      log_printf (NULL);
      log_printf ("fatal error (exit status %i)\n", status);
-      exit (status);
+      gpgconf_failure (gpg_error_from_errno (errnum));
    }
 }
@ -1310,7 +1311,7 @@ gc_component_launch (int component)
    {
      es_fputs (_("Component not suitable for launching"), es_stderr);
      es_putc ('\n', es_stderr);
-      exit (1);
+      gpgconf_failure (0);
    }
  pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
@ -3757,6 +3758,10 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
            {
              gc_error (0, 0, "missing rule at '%s', line %d", fname, lineno);
              result = -1;
              gpgconf_write_status (STATUS_WARNING,
                                    "gpgconf.conf %d file '%s' line %d "
                                    "missing rule",
                                    GPG_ERR_SYNTAX, fname, lineno);
              continue;
            }
          *p++ = 0;
@ -3786,6 +3791,10 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
        {
          gc_error (0, 0, "missing component at '%s', line %d",
                    fname, lineno);
          gpgconf_write_status (STATUS_WARNING,
                                "gpgconf.conf %d file '%s' line %d "
                                " missing component",
                                GPG_ERR_NO_NAME, fname, lineno);
          result = -1;
          continue;
        }
@ -3797,6 +3806,10 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
        {
          gc_error (0, 0, "unknown component at '%s', line %d",
                    fname, lineno);
          gpgconf_write_status (STATUS_WARNING,
                                "gpgconf.conf %d file '%s' line %d "
                                "unknown component",
                                GPG_ERR_UNKNOWN_NAME, fname, lineno);
          result = -1;
        }
@ -3809,6 +3822,10 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
        {
          gc_error (0, 0, "missing option at '%s', line %d",
                    fname, lineno);
          gpgconf_write_status (STATUS_WARNING,
                                "gpgconf.conf %d file '%s' line %d "
                                "missing option",
                                GPG_ERR_INV_NAME, fname, lineno);
          result = -1;
          continue;
        }
@ -3821,6 +3838,10 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
            {
              gc_error (0, 0, "unknown option at '%s', line %d",
                        fname, lineno);
              gpgconf_write_status (STATUS_WARNING,
                                    "gpgconf.conf %d file '%s' line %d "
                                    "unknown option",
                                    GPG_ERR_UNKNOWN_OPTION, fname, lineno);
              result = -1;
            }
        }
@ -3837,6 +3858,10 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
            {
              gc_error (0, 0, "syntax error in rule at '%s', line %d",
                        fname, lineno);
              gpgconf_write_status (STATUS_WARNING,
                                    "gpgconf.conf %d file '%s' line %d "
                                    "syntax error in rule",
                                    GPG_ERR_SYNTAX, fname, lineno);
              result = -1;
              continue;
            }
--- a/tools/gpgconf.c
+++ b/tools/gpgconf.c
@ -29,6 +29,7 @@
 #include "../common/i18n.h"
 #include "../common/sysutils.h"
 #include "../common/init.h"
 #include "../common/status.h"
 /* Constants to identify the commands and options. */
@ -45,6 +46,7 @@ enum cmd_and_opt_values
    oNoVerbose	= 500,
    oHomedir,
    oBuilddir,
    oStatusFD,
    aListComponents,
    aCheckPrograms,
@ -100,6 +102,7 @@ static ARGPARSE_OPTS opts[] =
    { oQuiet, "quiet",      0, N_("quiet") },
    { oDryRun, "dry-run",   0, N_("do not make any changes") },
    { oRuntime, "runtime",  0, N_("activate changes at runtime, if possible") },
  ARGPARSE_s_i (oStatusFD, "status-fd", N_("|FD|write status info to this FD")),
    /* hidden options */
    { oHomedir, "homedir", 2, "@" },
    { oBuilddir, "build-prefix", 2, "@" },
@ -110,6 +113,11 @@ static ARGPARSE_OPTS opts[] =
  };
 /* The stream to output the status information.  Status Output is disabled if
 * this is NULL.  */
 static estream_t statusfp;
 /* Print usage information and provide strings for help. */
 static const char *
 my_strusage( int level )
@ -159,6 +167,60 @@ get_outfp (estream_t *fp)
 }
 /* Set the status FD.  */
 static void
 set_status_fd (int fd)
 {
  static int last_fd = -1;
  if (fd != -1 && last_fd == fd)
    return;
  if (statusfp && statusfp != es_stdout && statusfp != es_stderr)
    es_fclose (statusfp);
  statusfp = NULL;
  if (fd == -1)
    return;
  if (fd == 1)
    statusfp = es_stdout;
  else if (fd == 2)
    statusfp = es_stderr;
  else
    statusfp = es_fdopen (fd, "w");
  if (!statusfp)
    {
      log_fatal ("can't open fd %d for status output: %s\n",
                 fd, gpg_strerror (gpg_error_from_syserror ()));
    }
  last_fd = fd;
 }
 /* Write a status line with code NO followed by the output of the
 * printf style FORMAT.  The caller needs to make sure that LFs and
 * CRs are not printed.  */
 void
 gpgconf_write_status (int no, const char *format, ...)
 {
  va_list arg_ptr;
  if (!statusfp)
    return;  /* Not enabled.  */
  es_fputs ("[GNUPG:] ", statusfp);
  es_fputs (get_status_string (no), statusfp);
  if (format)
    {
      es_putc (' ', statusfp);
      va_start (arg_ptr, format);
      es_vfprintf (statusfp, format, arg_ptr);
      va_end (arg_ptr);
    }
  es_putc ('\n', statusfp);
 }
 static void
 list_dirs (estream_t fp, char **names)
 {
@ -493,6 +555,9 @@ main (int argc, char **argv)
        case oHomedir:   gnupg_set_homedir (pargs.r.ret_str); break;
        case oBuilddir:  gnupg_set_builddir (pargs.r.ret_str); break;
        case oNull:      opt.null = 1; break;
        case oStatusFD:
          set_status_fd (translate_sys2libc_fd_int (pargs.r.ret_int, 1));
          break;
 	case aListDirs:
        case aListComponents:
@ -518,7 +583,7 @@ main (int argc, char **argv)
    }
  if (log_get_errorcount (0))
-    exit (2);
+    gpgconf_failure (GPG_ERR_USER_2);
  /* Print a warning if an argument looks like an option.  */
  if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN))
@ -554,7 +619,7 @@ main (int argc, char **argv)
 	  es_putc ('\n', es_stderr);
 	  es_fputs (_("Need one component argument"), es_stderr);
 	  es_putc ('\n', es_stderr);
-	  exit (2);
+	  gpgconf_failure (GPG_ERR_USER_2);
 	}
      else
 	{
@ -563,7 +628,7 @@ main (int argc, char **argv)
 	    {
 	      es_fputs (_("Component not found"), es_stderr);
 	      es_putc ('\n', es_stderr);
-	      exit (1);
+	      gpgconf_failure (0);
 	    }
          if (cmd == aCheckOptions)
 	    gc_component_check_options (idx, get_outfp (&outfp), NULL);
@ -571,7 +636,7 @@ main (int argc, char **argv)
            {
              gc_component_retrieve_options (idx);
              if (gc_process_gpgconf_conf (NULL, 1, 0, NULL))
-                exit (1);
+                gpgconf_failure (0);
              if (cmd == aListOptions)
                gc_component_list_options (idx, get_outfp (&outfp));
              else if (cmd == aChangeOptions)
@ -589,14 +654,14 @@ main (int argc, char **argv)
 	  es_putc ('\n', es_stderr);
 	  es_fputs (_("Need one component argument"), es_stderr);
 	  es_putc ('\n', es_stderr);
-	  exit (2);
+	  gpgconf_failure (GPG_ERR_USER_2);
 	}
      else if (!strcmp (fname, "all"))
        {
          if (cmd == aLaunch)
            {
              if (gc_component_launch (-1))
-                exit (1);
+                gpgconf_failure (0);
            }
          else
            {
@ -613,12 +678,12 @@ main (int argc, char **argv)
            {
              es_fputs (_("Component not found"), es_stderr);
              es_putc ('\n', es_stderr);
-              exit (1);
+              gpgconf_failure (0);
            }
          else if (cmd == aLaunch)
            {
              if (gc_component_launch (idx))
-                exit (1);
+                gpgconf_failure (0);
            }
          else
            {
@ -646,7 +711,7 @@ main (int argc, char **argv)
            {
              es_fputs (_("Component not found"), es_stderr);
              es_putc ('\n', es_stderr);
-              exit (1);
+              gpgconf_failure (0);
            }
          else
            {
@ -657,12 +722,12 @@ main (int argc, char **argv)
    case aListConfig:
      if (gc_process_gpgconf_conf (fname, 0, 0, get_outfp (&outfp)))
-        exit (1);
+        gpgconf_failure (0);
      break;
    case aCheckConfig:
      if (gc_process_gpgconf_conf (fname, 0, 0, NULL))
-        exit (1);
+        gpgconf_failure (0);
      break;
    case aApplyDefaults:
@ -672,17 +737,17 @@ main (int argc, char **argv)
 	  es_putc ('\n', es_stderr);
 	  es_fputs (_("No argument allowed"), es_stderr);
 	  es_putc ('\n', es_stderr);
-	  exit (2);
+	  gpgconf_failure (GPG_ERR_USER_2);
 	}
      gc_component_retrieve_options (-1);
      if (gc_process_gpgconf_conf (NULL, 1, 1, NULL))
-        exit (1);
+        gpgconf_failure (0);
      break;
    case aApplyProfile:
      gc_component_retrieve_options (-1);
      if (gc_apply_profile (fname))
-        exit (1);
+        gpgconf_failure (0);
      break;
    case aListDirs:
@ -697,7 +762,7 @@ main (int argc, char **argv)
 	{
 	  es_fprintf (es_stderr, "usage: %s --query-swdb NAME [VERSION]\n",
                      GPGCONF_NAME);
-	  exit (2);
+	  gpgconf_failure (GPG_ERR_USER_2);
 	}
      get_outfp (&outfp);
      query_swdb (outfp, fname, argc > 1? argv[1] : NULL);
@ -804,5 +869,22 @@ main (int argc, char **argv)
    if (es_fclose (outfp))
      gc_error (1, errno, "error closing '%s'", opt.outfile);
  if (log_get_errorcount (0))
    gpgconf_failure (0);
  else
    gpgconf_write_status (STATUS_SUCCESS, NULL);
  return 0;
 }
 void
 gpgconf_failure (gpg_error_t err)
 {
  if (!err)
    err = gpg_error (GPG_ERR_GENERAL);
  gpgconf_write_status
    (STATUS_FAILURE, "- %u",
     gpg_err_code (err) == GPG_ERR_USER_2? GPG_ERR_EINVAL : err);
  exit (gpg_err_code (err) == GPG_ERR_USER_2? 2 : 1);
 }
--- a/tools/gpgconf.h
+++ b/tools/gpgconf.h
@ -36,6 +36,10 @@ struct
 } opt;
 /*-- gpgconf.c --*/
 void gpgconf_write_status (int no, const char *format,
                           ...) GPGRT_ATTR_PRINTF(2,3);
 void gpgconf_failure (gpg_error_t err) GPGRT_ATTR_NORETURN;
 /*-- gpgconf-comp.c --*/