1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

Preparing for a release candidate

This commit is contained in:
Werner Koch 2009-08-13 08:45:23 +00:00
parent 00310b1aa8
commit 1e1b57a294
39 changed files with 25699 additions and 22071 deletions

View File

@ -9,6 +9,7 @@ for ciph in `all_cipher_algos`; do
# *BSD's dd can't cope with a count of 0 # *BSD's dd can't cope with a count of 0
if test "$i" = "0"; then if test "$i" = "0"; then
: >z : >z
my_chtag z
else else
dd if=data-80000 of=z bs=1 count=$i 2>/dev/null dd if=data-80000 of=z bs=1 count=$i 2>/dev/null
fi fi

View File

@ -112,6 +112,17 @@ echo_n () {
# cleanup_files="$cleanup_files $*" # cleanup_files="$cleanup_files $*"
#} #}
# Special function for zOS.
my_chtag () {
#FIXME: Is there an envvar to test for the OS or do we
# need to resort to a configure test
#if test "$FOO" = "bar"; then
# chtag -tc ISO8859-1 $1
#fi
:
}
have_pubkey_algo () { have_pubkey_algo () {
if ../g10/gpg --homedir . --version | grep "Pubkey:.*$1" >/dev/null if ../g10/gpg --homedir . --version | grep "Pubkey:.*$1" >/dev/null
then then

View File

@ -1,3 +1,7 @@
2009-08-13 Werner Koch <wk@g10code.com>
* gpgv.texi, gpg.texi: Udpate from GnuPG-2.
2008-04-30 David Shaw <dshaw@jabberwocky.com> 2008-04-30 David Shaw <dshaw@jabberwocky.com>
* gpg-zip.1: Add man page thanks to Colin Tuckley and Daniel * gpg-zip.1: Add man page thanks to Colin Tuckley and Daniel

View File

@ -1,5 +1,5 @@
@c Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, @c Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
@c 2007 Free Software Foundation, Inc. @c 2008, 2009 Free Software Foundation, Inc.
@c This is part of the GnuPG manual. @c This is part of the GnuPG manual.
@c For copying conditions, see the file gnupg.texi. @c For copying conditions, see the file gnupg.texi.
@ -149,7 +149,7 @@ cannot abbreviate this command.
@itemx -h @itemx -h
@opindex help @opindex help
Print a usage message summarizing the most useful command line options. Print a usage message summarizing the most useful command line options.
Not that you cannot abbreviate this command. Note that you cannot abbreviate this command.
@item --warranty @item --warranty
@opindex warranty @opindex warranty
@ -175,18 +175,23 @@ abbreviate this command.
@itemx -s @itemx -s
@opindex sign @opindex sign
Make a signature. This command may be combined with @option{--encrypt} Make a signature. This command may be combined with @option{--encrypt}
(for a signed and encrypted message), @option{--symmetric} (for a signed (for a signed and encrypted message), @option{--symmetric} (for a
and symmetrically encrypted message), or @option{--encrypt} and signed and symmetrically encrypted message), or @option{--encrypt} and
@option{--symmetric} together (for a signed message that may be @option{--symmetric} together (for a signed message that may be
decrypted via a secret key or a passphrase). decrypted via a secret key or a passphrase). The key to be used for
signing is chosen by default or can be set with the
@option{--local-user} and @option{--default-key} options.
@item --clearsign @item --clearsign
@opindex clearsign @opindex clearsign
Make a clear text signature. The content in a clear text signature is Make a clear text signature. The content in a clear text signature is
readable without any special software. OpenPGP software is only readable without any special software. OpenPGP software is only needed
needed to verify the signature. Clear text signatures may modify to verify the signature. Clear text signatures may modify end-of-line
end-of-line whitespace for platform independence and are not intended whitespace for platform independence and are not intended to be
to be reversible. reversible. The key to be used for signing is chosen by default or
can be set with the @option{--local-user} and @option{--default-key}
options.
@item --detach-sign @item --detach-sign
@itemx -b @itemx -b
@ -221,8 +226,8 @@ Store only (make a simple RFC1991 literal data packet).
@item --decrypt @item --decrypt
@itemx -d @itemx -d
@opindex decrypt @opindex decrypt
Decrypt the file given on the command line (or @code{stdin} if no file Decrypt the file given on the command line (or STDIN if no file
is specified) and write it to stdout (or the file specified with is specified) and write it to STDOUT (or the file specified with
@option{--output}). If the decrypted file is signed, the signature is also @option{--output}). If the decrypted file is signed, the signature is also
verified. This command differs from the default operation, as it never verified. This command differs from the default operation, as it never
writes to the filename which is included in the file and it rejects writes to the filename which is included in the file and it rejects
@ -232,19 +237,19 @@ files which don't begin with an encrypted message.
@opindex verify @opindex verify
Assume that the first argument is a signed file or a detached signature Assume that the first argument is a signed file or a detached signature
and verify it without generating any output. With no arguments, the and verify it without generating any output. With no arguments, the
signature packet is read from stdin. If only a sigfile is given, it may signature packet is read from STDIN. If only a sigfile is given, it may
be a complete signature or a detached signature, in which case the be a complete signature or a detached signature, in which case the
signed stuff is expected in a file without the ".sig" or ".asc" signed stuff is expected in a file without the ".sig" or ".asc"
extension. With more than 1 argument, the first should be a detached extension. With more than 1 argument, the first should be a detached
signature and the remaining files are the signed stuff. To read the signature and the remaining files are the signed stuff. To read the
signed stuff from stdin, use @samp{-} as the second filename. For signed stuff from STDIN, use @samp{-} as the second filename. For
security reasons a detached signature cannot read the signed material security reasons a detached signature cannot read the signed material
from stdin without denoting it in the above way. from STDIN without denoting it in the above way.
@item --multifile @item --multifile
@opindex multifile @opindex multifile
This modifies certain other commands to accept multiple files for This modifies certain other commands to accept multiple files for
processing on the command line or read from stdin with each filename on processing on the command line or read from STDIN with each filename on
a separate line. This allows for many files to be processed at a separate line. This allows for many files to be processed at
once. @option{--multifile} may currently be used along with once. @option{--multifile} may currently be used along with
@option{--verify}, @option{--encrypt}, and @option{--decrypt}. Note that @option{--verify}, @option{--encrypt}, and @option{--decrypt}. Note that
@ -291,6 +296,10 @@ secret key is not usable (for example, if it was created via
@item --list-sigs @item --list-sigs
@opindex list-sigs @opindex list-sigs
Same as @option{--list-keys}, but the signatures are listed too. Same as @option{--list-keys}, but the signatures are listed too.
@ifclear gpgone
This command has the same effect as
using @option{--list-keys} with @option{--with-sig-list}.
@end ifclear
For each signature listed, there are several flags in between the "sig" For each signature listed, there are several flags in between the "sig"
tag and keyid. These flags give additional information about each tag and keyid. These flags give additional information about each
@ -307,15 +316,31 @@ command "tsign").
@item --check-sigs @item --check-sigs
@opindex check-sigs @opindex check-sigs
Same as @option{--list-sigs}, but the signatures are verified. Same as @option{--list-sigs}, but the signatures are verified. Note
that for performance reasons the revocation status of a signing key is
not shown.
@ifclear gpgone
This command has the same effect as
using @option{--list-keys} with @option{--with-sig-check}.
@end ifclear
The status of the verification is indicated by a flag directly following The status of the verification is indicated by a flag directly following
the "sig" tag (and thus before the flags described above for the "sig" tag (and thus before the flags described above for
@option{--list-sigs}). A "!" indicates that the signature has been @option{--list-sigs}). A "!" indicates that the signature has been
successfully verified, a "-" denotes a bad signature and a "%" is used successfully verified, a "-" denotes a bad signature and a "%" is used
if an error occured while checking the signature (e.g. a non supported if an error occurred while checking the signature (e.g. a non supported
algorithm). algorithm).
@ifclear gpgone
@item --locate-keys
@opindex locate-keys
Locate the keys given as arguments. This command basically uses the
same algorithm as used when locating keys for encryption or signing and
may thus be used to see what keys @command{@gpgname} might use. In
particular external methods as defined by @option{--auto-key-locate} may
be used to locate a key. Only public keys are listed.
@end ifclear
@item --fingerprint @item --fingerprint
@opindex fingerprint @opindex fingerprint
@ -369,7 +394,7 @@ removed first. In batch mode the key must be specified by fingerprint.
@opindex export @opindex export
Either export all keys from all keyrings (default keyrings and those Either export all keys from all keyrings (default keyrings and those
registered via option @option{--keyring}), or if at least one name is given, registered via option @option{--keyring}), or if at least one name is given,
those of the given name. The new keyring is written to stdout or to the those of the given name. The new keyring is written to STDOUT or to the
file given with option @option{--output}. Use together with file given with option @option{--output}. Use together with
@option{--armor} to mail those keys. @option{--armor} to mail those keys.
@ -379,7 +404,7 @@ Similar to @option{--export} but sends the keys to a keyserver.
Fingerprints may be used instead of key IDs. Option @option{--keyserver} Fingerprints may be used instead of key IDs. Option @option{--keyserver}
must be used to give the name of this keyserver. Don't send your must be used to give the name of this keyserver. Don't send your
complete keyring to a keyserver --- select only those keys which are new complete keyring to a keyserver --- select only those keys which are new
or changed by you. or changed by you. If no key IDs are given, @command{gpg} does nothing.
@item --export-secret-keys @item --export-secret-keys
@itemx --export-secret-subkeys @itemx --export-secret-subkeys
@ -400,7 +425,7 @@ Import/merge keys. This adds the given keys to the
keyring. The fast version is currently just a synonym. keyring. The fast version is currently just a synonym.
There are a few other options which control how this command works. There are a few other options which control how this command works.
Most notable here is the @option{--keyserver-options merge-only} option Most notable here is the @option{--import-options merge-only} option
which does not insert new keys but does only the merging of new which does not insert new keys but does only the merging of new
signatures, user-IDs and subkeys. signatures, user-IDs and subkeys.
@ -460,16 +485,34 @@ For use with cron jobs, this command can be used together with
a check is needed. To force a run even in batch mode add the option a check is needed. To force a run even in batch mode add the option
@option{--yes}. @option{--yes}.
@anchor{option --export-ownertrust}
@item --export-ownertrust @item --export-ownertrust
@opindex export-ownertrust @opindex export-ownertrust
Send the ownertrust values to stdout. This is useful for backup purposes Send the ownertrust values to STDOUT. This is useful for backup purposes
as these values are the only ones which can't be re-created from a as these values are the only ones which can't be re-created from a
corrupted trust DB. corrupted trustdb. Example:
@c man:.RS
@example
@gpgname{} --export-ownertrust > otrust.txt
@end example
@c man:.RE
@item --import-ownertrust @item --import-ownertrust
@opindex import-ownertrust @opindex import-ownertrust
Update the trustdb with the ownertrust values stored in @code{files} (or Update the trustdb with the ownertrust values stored in @code{files} (or
stdin if not given); existing values will be overwritten. STDIN if not given); existing values will be overwritten. In case of a
severely damaged trustdb and if you have a recent backup of the
ownertrust values (e.g. in the file @file{otrust.txt}, you may re-create
the trustdb using these commands:
@c man:.RS
@example
cd ~/.gnupg
rm trustdb.gpg
@gpgname{} --import-ownertrust < otrust.txt
@end example
@c man:.RE
@item --rebuild-keydb-caches @item --rebuild-keydb-caches
@opindex rebuild-keydb-caches @opindex rebuild-keydb-caches
@ -480,7 +523,7 @@ situations too.
@item --print-md @code{algo} @item --print-md @code{algo}
@itemx --print-mds @itemx --print-mds
@opindex print-md @opindex print-md
Print message digest of algorithm ALGO for all given files or stdin. Print message digest of algorithm ALGO for all given files or STDIN.
With the second form (or a deprecated "*" as algo) digests for all With the second form (or a deprecated "*" as algo) digests for all
available algorithms are printed. available algorithms are printed.
@ -729,13 +772,24 @@ preferred keyserver and signature notations (if any) are shown.
Set the list of user ID preferences to @code{string} for all (or just Set the list of user ID preferences to @code{string} for all (or just
the selected) user IDs. Calling setpref with no arguments sets the the selected) user IDs. Calling setpref with no arguments sets the
preference list to the default (either built-in or set via preference list to the default (either built-in or set via
@option{--default-preference-list}), and calling setpref with "none" as @option{--default-preference-list}), and calling setpref with "none"
the argument sets an empty preference list. Use @command{@gpgname as the argument sets an empty preference list. Use @command{@gpgname
--version} to get a list of available algorithms. Note that while you --version} to get a list of available algorithms. Note that while you
can change the preferences on an attribute user ID (aka "photo ID"), can change the preferences on an attribute user ID (aka "photo ID"),
GnuPG does not select keys via attribute user IDs so these preferences GnuPG does not select keys via attribute user IDs so these preferences
will not be used by GnuPG. will not be used by GnuPG.
When setting preferences, you should list the algorithms in the order
which you'd like to see them used by someone else when encrypting a
message to your key. If you don't include 3DES, it will be
automatically added at the end. Note that there are many factors that
go into choosing an algorithm (for example, your key may not be the
only recipient), and so the remote OpenPGP application being used to
send to you may or may not follow your exact chosen order for a given
message. It will, however, only choose an algorithm that is present
on the preference list of every recipient key. See also the
INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS section below.
@item keyserver @item keyserver
@opindex keyedit:keyserver @opindex keyedit:keyserver
Set a preferred keyserver for the specified user ID(s). This allows Set a preferred keyserver for the specified user ID(s). This allows
@ -921,7 +975,12 @@ Try to be as quiet as possible.
@opindex batch @opindex batch
@opindex no-batch @opindex no-batch
Use batch mode. Never ask, do not allow interactive commands. Use batch mode. Never ask, do not allow interactive commands.
@option{--no-batch} disables this option. @option{--no-batch} disables this option. Note that even with a
filename given on the command line, gpg might still need to read from
STDIN (in particular if gpg figures that the input is a
detached signature and no data file has been specified). Thus if you
do not want to feed data via STDIN, you should connect STDIN to
@file{/dev/null}.
@item --no-tty @item --no-tty
@opindex no-tty @opindex no-tty
@ -1052,10 +1111,10 @@ validation. This option is only meaningful if pka-lookups is set.
@item --enable-dsa2 @item --enable-dsa2
@itemx --disable-dsa2 @itemx --disable-dsa2
Enables new-style DSA keys which (unlike the old style) may be larger Enable hash truncation for all DSA keys even for old DSA Keys up to
than 1024 bit and use hashes other than SHA-1 and RIPEMD/160. Note 1024 bit. This is also the default with @option{--openpgp}. Note
that very few programs currently support these keys and signatures that older versions of GnuPG also required this flag to allow the
from them. generation of DSA larger than 1024 bit.
@item --photo-viewer @code{string} @item --photo-viewer @code{string}
This is the command line that should be run to view a photo ID. "%i" This is the command line that should be run to view a photo ID. "%i"
@ -1068,7 +1127,7 @@ and "%%" for an actual percent sign. If neither %i or %I are present,
then the photo will be supplied to the viewer on standard input. then the photo will be supplied to the viewer on standard input.
The default viewer is "xloadimage -fork -quiet -title 'KeyID 0x%k' The default viewer is "xloadimage -fork -quiet -title 'KeyID 0x%k'
stdin". Note that if your image viewer program is not secure, then STDIN". Note that if your image viewer program is not secure, then
executing it from GnuPG does not make it secure. executing it from GnuPG does not make it secure.
@item --exec-path @code{string} @item --exec-path @code{string}
@ -1305,29 +1364,42 @@ exists.
GnuPG can automatically locate and retrieve keys as needed using this GnuPG can automatically locate and retrieve keys as needed using this
option. This happens when encrypting to an email address (in the option. This happens when encrypting to an email address (in the
"user@@example.com" form), and there are no user@@example.com keys on "user@@example.com" form), and there are no user@@example.com keys on
the local keyring. This option takes any number of the following the local keyring. This option takes any number of the following
arguments, in the order they are to be tried: mechanisms, in the order they are to be tried:
@table @asis @table @asis
@item cert @item cert
locate a key using DNS CERT, as specified in 2538bis (currently in Locate a key using DNS CERT, as specified in rfc4398.
draft): http://www.josefsson.org/rfc2538bis/
@item pka @item pka
locate a key using DNS PKA. Locate a key using DNS PKA.
@item ldap @item ldap
locate a key using the PGP Universal method of checking Using DNS Service Discovery, check the domain in question for any LDAP
"ldap://keys.(thedomain)". keyservers to use. If this fails, attempt to locate the key using the
PGP Universal method of checking @samp{ldap://keys.(thedomain)}.
@item keyserver @item keyserver
locate a key using whatever keyserver is defined using the Locate a key using whatever keyserver is defined using the
@option{--keyserver} option. @option{--keyserver} option.
@item (keyserver URL) @item keyserver-URL
In addition, a keyserver URL as used in the @option{--keyserver} option may be In addition, a keyserver URL as used in the @option{--keyserver} option
used here to query that particular keyserver. may be used here to query that particular keyserver.
@item local
Locate the key using the local keyrings. This mechanism allows to
select the order a local key lookup is done. Thus using
@samp{--auto-key-locate local} is identical to
@option{--no-auto-key-locate}.
@item nodefault
This flag disables the standard local key lookup, done before any of the
mechanisms defined by the @option{--auto-key-locate} are tried. The
position of this mechanism in the list does not matter. It is not
required if @code{local} is also used.
@end table @end table
@item --keyid-format @code{short|0xshort|long|0xlong} @item --keyid-format @code{short|0xshort|long|0xlong}
@ -1352,7 +1424,7 @@ from below, but apply only to this particular keyserver.
Most keyservers synchronize with each other, so there is generally no Most keyservers synchronize with each other, so there is generally no
need to send keys to more than one server. The keyserver need to send keys to more than one server. The keyserver
@code{hkp://subkeys.pgp.net} uses round robin DNS to give a different @code{hkp://keys.gnupg.net} uses round robin DNS to give a different
keyserver each time you use it. keyserver each time you use it.
@item --keyserver-options @code{name=value1 } @item --keyserver-options @code{name=value1 }
@ -1437,6 +1509,12 @@ Set the proxy to use for HTTP and HKP keyservers. This overrides the
@item max-cert-size @item max-cert-size
When retrieving a key via DNS CERT, only accept keys up to this size. When retrieving a key via DNS CERT, only accept keys up to this size.
Defaults to 16384 bytes. Defaults to 16384 bytes.
@item debug
Turn on debug output in the keyserver helper program. Note that the
details of debug output depends on which keyserver helper program is
being used, and in turn, on any libraries that the keyserver helper
program uses internally (libcurl, openldap, etc).
@end table @end table
@item --completes-needed @code{n} @item --completes-needed @code{n}
@ -1809,6 +1887,10 @@ source distribution.
@opindex fixed-list-mode @opindex fixed-list-mode
Do not merge primary user ID and primary key in @option{--with-colon} Do not merge primary user ID and primary key in @option{--with-colon}
listing mode and print all timestamps as seconds since 1970-01-01. listing mode and print all timestamps as seconds since 1970-01-01.
@ifclear gpgone
Since GnuPG 2.0.10, this mode is always used and thus this option is
obsolete; it does not harm to use it though.
@end ifclear
@item --with-fingerprint @item --with-fingerprint
@opindex with-fingerprint @opindex with-fingerprint
@ -1886,7 +1968,7 @@ Set the list of personal digest preferences to @code{string}. Use
and use @code{none} to set no preference at all. This allows the user and use @code{none} to set no preference at all. This allows the user
to factor in their own preferred algorithms when algorithms are chosen to factor in their own preferred algorithms when algorithms are chosen
via recipient key preferences. The most highly ranked digest via recipient key preferences. The most highly ranked digest
algorithm in this list is algo used when signing without encryption algorithm in this list is also used when signing without encryption
(e.g. @option{--clearsign} or @option{--sign}). The default value is (e.g. @option{--clearsign} or @option{--sign}). The default value is
SHA-1. SHA-1.
@ -1896,7 +1978,7 @@ Use @command{@gpgname --version} to get a list of available
algorithms, and use @code{none} to set no preference at all. This algorithms, and use @code{none} to set no preference at all. This
allows the user to factor in their own preferred algorithms when allows the user to factor in their own preferred algorithms when
algorithms are chosen via recipient key preferences. The most highly algorithms are chosen via recipient key preferences. The most highly
ranked compression algorithm in this list is algo used when there are ranked compression algorithm in this list is also used when there are
no recipient keys to consider (e.g. @option{--symmetric}). no recipient keys to consider (e.g. @option{--symmetric}).
@item --s2k-cipher-algo @code{name} @item --s2k-cipher-algo @code{name}
@ -1980,9 +2062,9 @@ a message that PGP 2.x will not be able to handle. Note that `PGP
available, but the MIT release is a good common baseline. available, but the MIT release is a good common baseline.
This option implies @option{--rfc1991 --disable-mdc This option implies @option{--rfc1991 --disable-mdc
--no-force-v4-certs --no-sk-comment --escape-from-lines --no-force-v4-certs --escape-from-lines --force-v3-sigs --cipher-algo
--force-v3-sigs --cipher-algo IDEA --digest-algo MD5 --compress-algo IDEA --digest-algo MD5 --compress-algo ZIP}. It also disables
ZIP}. It also disables @option{--textmode} when encrypting. @option{--textmode} when encrypting.
@item --pgp6 @item --pgp6
@opindex pgp6 @opindex pgp6
@ -1993,8 +2075,8 @@ compression algorithms none and ZIP. This also disables
--throw-keyids, and making signatures with signing subkeys as PGP 6 --throw-keyids, and making signatures with signing subkeys as PGP 6
does not understand signatures made by signing subkeys. does not understand signatures made by signing subkeys.
This option implies @option{--disable-mdc --no-sk-comment This option implies @option{--disable-mdc --escape-from-lines
--escape-from-lines --force-v3-sigs}. --force-v3-sigs}.
@item --pgp7 @item --pgp7
@opindex pgp7 @opindex pgp7
@ -2066,11 +2148,13 @@ Same as @option{--status-fd}, except the status data is written to file
@code{file}. @code{file}.
@item --logger-fd @code{n} @item --logger-fd @code{n}
Write log output to file descriptor @code{n} and not to stderr. Write log output to file descriptor @code{n} and not to STDERR.
@item --logger-file @code{file} @item --log-file @code{file}
@itemx --logger-file @code{file}
Same as @option{--logger-fd}, except the logger data is written to file Same as @option{--logger-fd}, except the logger data is written to file
@code{file}. @code{file}. Note that @option{--log-file} is only implemented for
GnuPG-2.
@item --attribute-fd @code{n} @item --attribute-fd @code{n}
Write attribute subpackets to the file descriptor @code{n}. This is most Write attribute subpackets to the file descriptor @code{n}. This is most
@ -2152,10 +2236,10 @@ file being encrypted.
@item --for-your-eyes-only @item --for-your-eyes-only
@itemx --no-for-your-eyes-only @itemx --no-for-your-eyes-only
Set the `for your eyes only' flag in the message. This causes GnuPG Set the `for your eyes only' flag in the message. This causes GnuPG to
to refuse to save the file unless the @option{--output} option is given, and refuse to save the file unless the @option{--output} option is given,
PGP to use the "secure viewer" with a Tempest-resistant font to and PGP to use a "secure viewer" with a claimed Tempest-resistant font
display the message. This option overrides @option{--set-filename}. to display the message. This option overrides @option{--set-filename}.
@option{--no-for-your-eyes-only} disables this option. @option{--no-for-your-eyes-only} disables this option.
@item --use-embedded-filename @item --use-embedded-filename
@ -2221,12 +2305,15 @@ will still get disabled.
@item --throw-keyids @item --throw-keyids
@itemx --no-throw-keyids @itemx --no-throw-keyids
Do not put the recipient key IDs into encrypted messages. This helps Do not put the recipient key IDs into encrypted messages. This helps to
to hide the receivers of the message and is a limited countermeasure hide the receivers of the message and is a limited countermeasure
against traffic analysis. On the receiving side, it may slow down the against traffic analysis.@footnote{Using a little social engineering
decryption process because all available secret keys must be tried. anyone who is able to decrypt the message can check whether one of the
@option{--no-throw-keyids} disables this option. This option is essentially other recipients is the one he suspects.} On the receiving side, it may
the same as using @option{--hidden-recipient} for all recipients. slow down the decryption process because all available secret keys must
be tried. @option{--no-throw-keyids} disables this option. This option
is essentially the same as using @option{--hidden-recipient} for all
recipients.
@item --not-dash-escaped @item --not-dash-escaped
This option changes the behavior of cleartext signatures This option changes the behavior of cleartext signatures
@ -2253,7 +2340,7 @@ passphrase. Defaults to 1 repetition.
@item --passphrase-fd @code{n} @item --passphrase-fd @code{n}
Read the passphrase from file descriptor @code{n}. Only the first line Read the passphrase from file descriptor @code{n}. Only the first line
will be read from file descriptor @code{n}. If you use 0 for @code{n}, will be read from file descriptor @code{n}. If you use 0 for @code{n},
the passphrase will be read from stdin. This can only be used if only the passphrase will be read from STDIN. This can only be used if only
one passphrase is supplied. one passphrase is supplied.
@ifclear gpgone @ifclear gpgone
Note that this passphrase is only used if the option @option{--batch} Note that this passphrase is only used if the option @option{--batch}
@ -2415,11 +2502,15 @@ This is an obsolete option and is not used anywhere.
@item --allow-multiple-messages @item --allow-multiple-messages
@item --no-allow-multiple-messages @item --no-allow-multiple-messages
Allow processing of multiple OpenPGP messages contained in a single Allow processing of multiple OpenPGP messages contained in a single file
file or stream. Some programs that call GPG are not prepared to deal or stream. Some programs that call GPG are not prepared to deal with
with multiple messages being processed together, so this option multiple messages being processed together, so this option defaults to
defaults to no. Note that versions of GPG prior to 1.4.7 always no. Note that versions of GPG prior to 1.4.7 always allowed multiple
allowed multiple messages. messages.
Warning: Do not use this option unless you need it as a temporary
workaround!
@item --enable-special-filenames @item --enable-special-filenames
This options enables a mode in which filenames of the form This options enables a mode in which filenames of the form
@ -2542,12 +2633,12 @@ current home directory (@pxref{option --homedir}).
@table @file @table @file
@item gpg.conf @item gpg.conf
@cindex gpgsm.conf @cindex gpg.conf
This is the standard configuration file read by @command{@gpgname} on This is the standard configuration file read by @command{@gpgname} on
startup. It may contain any valid long option; the leading two dashes startup. It may contain any valid long option; the leading two dashes
may not be entered and the option may not be abbreviated. This default may not be entered and the option may not be abbreviated. This default
name may be changed on the command line (@pxref{option name may be changed on the command line (@pxref{option --options}).
--options}). You should backup this file.
@end table @end table
@ -2567,31 +2658,32 @@ files; They all live in in the current home directory (@pxref{option
@table @file @table @file
@item ~/.gnupg/secring.gpg @item ~/.gnupg/secring.gpg
The secret keyring. The secret keyring. You should backup this file.
@item ~/.gnupg/secring.gpg.lock @item ~/.gnupg/secring.gpg.lock
and the lock file The lock file for the secret keyring.
@item ~/.gnupg/pubring.gpg @item ~/.gnupg/pubring.gpg
The public keyring The public keyring. You should backup this file.
@item ~/.gnupg/pubring.gpg.lock @item ~/.gnupg/pubring.gpg.lock
and the lock file The lock file for the public keyring.
@item ~/.gnupg/trustdb.gpg @item ~/.gnupg/trustdb.gpg
The trust database The trust database. There is no need to backup this file; it is better
to backup the ownertrust values (@pxref{option --export-ownertrust}).
@item ~/.gnupg/trustdb.gpg.lock @item ~/.gnupg/trustdb.gpg.lock
and the lock file The lock file for the trust database.
@item ~/.gnupg/random_seed @item ~/.gnupg/random_seed
used to preserve the internal random pool A file used to preserve the state of the internal random pool.
@item /usr[/local]/share/gnupg/options.skel @item /usr[/local]/share/gnupg/options.skel
Skeleton options file The skeleton options file.
@item /usr[/local]/lib/gnupg/ @item /usr[/local]/lib/gnupg/
Default location for extensions Default location for extensions.
@end table @end table
@ -2619,7 +2711,7 @@ value. The option @option{--gpg-agent-info} can be used to override it.
@item PINENTRY_USER_DATA @item PINENTRY_USER_DATA
This value is passed via gpg-agent to pinentry. It is useful to convey This value is passed via gpg-agent to pinentry. It is useful to convey
extra information to a custom pinentry extra information to a custom pinentry.
@item COLUMNS @item COLUMNS
@itemx LINES @itemx LINES
@ -2628,12 +2720,13 @@ Used to size some displays to the full size of the screen.
@item LANGUAGE @item LANGUAGE
Apart from its use by GNU, it is used in the W32 version to override the Apart from its use by GNU, it is used in the W32 version to override the
language selection done through the Registry. If used and set to a a language selection done through the Registry. If used and set to a
valid and available language name (@var{langid}), the file with the valid and available language name (@var{langid}), the file with the
translation is loaded from translation is loaded from
@code{@var{gpgdir}/gnupg.nls/@var{langid}.mo}. Here @var{gpgdir} is the @code{@var{gpgdir}/gnupg.nls/@var{langid}.mo}. Here @var{gpgdir} is the
directory out of which the gpg binary has been laoded. If it can't be directory out of which the gpg binary has been loaded. If it can't be
loaded the Registry is tried as a fallback. loaded the Registry is tried and as last resort the native Windows
locale system is used.
@end table @end table
@ -2658,6 +2751,9 @@ make a clear text signature
@item gpg -sb @code{file} @item gpg -sb @code{file}
make a detached signature make a detached signature
@item gpg -u 0x12345678 -sb @code{file}
make a detached signature with the key 0x12345678
@item gpg --list-keys @code{user_ID} @item gpg --list-keys @code{user_ID}
show keys show keys
@ -2706,7 +2802,7 @@ is *very* easy to spy out your passphrase!
If you are going to verify detached signatures, make sure that the If you are going to verify detached signatures, make sure that the
program knows about it; either give both filenames on the command line program knows about it; either give both filenames on the command line
or use @samp{-} to specify stdin. or use @samp{-} to specify STDIN.
@mansect interoperability @mansect interoperability
@chapheading INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS @chapheading INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS

View File

@ -123,13 +123,14 @@ one signature was bad, and other error codes for fatal errors.
@table @asis @table @asis
@item @gpgvname @code{pgpfile} @item @gpgvname @code{pgpfile}
@itemx @gpgvname @code{sigfile} @itemx @gpgvname @code{sigfile} [@code{datafile}]
Verify the signature of the file. The second form Verify the signature of the file. The second form is used for detached
is used for detached signatures, where @code{sigfile} is the detached signatures, where @code{sigfile} is the detached signature (either
signature (either ASCII-armored or binary) and are the signed ASCII-armored or binary) and @code{datafile} contains the signed data;
data; if this is not given the name of the file holding the signed data is if @code{datafile} is "-" the signed data is expected on
constructed by cutting off the extension (".asc", ".sig" or ".sign") from @code{stdin}; if @code{datafile} is not given the name of the file
@code{sigfile}. holding the signed data is constructed by cutting off the extension
(".asc", ".sig" or ".sign") from @code{sigfile}.
@end table @end table

View File

@ -1,3 +1,19 @@
2009-08-13 Werner Koch <wk@g10code.com>
* cardglue.h: Add new error code mappings.
From GnuPG-2:
* app-openpgp.c (change_keyattr_from_string): New.
(do_setattr): Support KEY-ATTR.
* ccid-driver.c (print_pr_data): Fix 64 bit compat problem.
* ccid-driver.c (parse_ccid_descriptor): Enable hack for SCR 3320.
* card-util.c (generate_card_keys): Remove special case for
GnuPG-2. Ask for the keysize and change it.
(card_generate_subkey): Ask for the keysize and change it.
(get_info_for_key_operation): Read KEY-ATTR.
(show_keysize_warning, ask_card_keysize): New.
(do_change_keysize): New.
2009-08-11 David Shaw <dshaw@jabberwocky.com> 2009-08-11 David Shaw <dshaw@jabberwocky.com>
* keyserver.c (keyserver_spawn): Try and detect mis-coded Latin1 * keyserver.c (keyserver_spawn): Try and detect mis-coded Latin1

View File

@ -214,6 +214,11 @@ static gpg_error_t do_auth (app_t app, const char *keyidstr,
const void *indata, size_t indatalen, const void *indata, size_t indatalen,
unsigned char **outdata, size_t *outdatalen); unsigned char **outdata, size_t *outdatalen);
static void parse_algorithm_attribute (app_t app, int keyno); static void parse_algorithm_attribute (app_t app, int keyno);
static gpg_error_t change_keyattr_from_string
(app_t app,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const void *value, size_t valuelen);
@ -1793,6 +1798,7 @@ do_setattr (app_t app, const char *name,
{ "CERT-3", 0x7F21, 3, 0, 1 }, { "CERT-3", 0x7F21, 3, 0, 1 },
{ "SM-KEY-ENC", 0x00D1, 3, 0, 1 }, { "SM-KEY-ENC", 0x00D1, 3, 0, 1 },
{ "SM-KEY-MAC", 0x00D2, 3, 0, 1 }, { "SM-KEY-MAC", 0x00D2, 3, 0, 1 },
{ "KEY-ATTR", 0, 0, 3, 1 },
{ NULL, 0 } { NULL, 0 }
}; };
int exmode; int exmode;
@ -1804,6 +1810,9 @@ do_setattr (app_t app, const char *name,
if (table[idx].need_v2 && !app->app_local->extcap.is_v2) if (table[idx].need_v2 && !app->app_local->extcap.is_v2)
return gpg_error (GPG_ERR_NOT_SUPPORTED); /* Not yet supported. */ return gpg_error (GPG_ERR_NOT_SUPPORTED); /* Not yet supported. */
if (table[idx].special == 3)
return change_keyattr_from_string (app, pincb, pincb_arg, value, valuelen);
switch (table[idx].need_chv) switch (table[idx].need_chv)
{ {
case 2: case 2:
@ -2404,6 +2413,45 @@ change_keyattr (app_t app, int keyno, unsigned int nbits,
} }
/* Helper to process an setattr command for name KEY-ATTR. It expects
a string "--force <keyno> <algo> <nbits>" in (VALUE,VALUELEN). */
static gpg_error_t
change_keyattr_from_string (app_t app,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
const void *value, size_t valuelen)
{
gpg_error_t err;
char *string;
int keyno, algo;
unsigned int nbits;
/* VALUE is expected to be a string but not guaranteed to be
terminated. Thus copy it to an allocated buffer first. */
string = xtrymalloc (valuelen+1);
if (!string)
return gpg_error_from_syserror ();
memcpy (string, value, valuelen);
string[valuelen] = 0;
/* Because this function deletes the key we require the string
"--force" in the data to make clear that something serious might
happen. */
if (sscanf (string, " --force %d %d %u", &keyno, &algo, &nbits) != 3)
err = gpg_error (GPG_ERR_INV_DATA);
else if (keyno < 1 || keyno > 3)
err = gpg_error (GPG_ERR_INV_ID);
else if (algo != 1)
err = gpg_error (GPG_ERR_PUBKEY_ALGO); /* Not RSA. */
else if (nbits < 1024)
err = gpg_error (GPG_ERR_TOO_SHORT);
else
err = change_keyattr (app, keyno-1, nbits, pincb, pincb_arg);
xfree (string);
return err;
}
/* Handle the WRITEKEY command for OpenPGP. This function expects a /* Handle the WRITEKEY command for OpenPGP. This function expects a
canonical encoded S-expression with the secret key in KEYDATA and canonical encoded S-expression with the secret key in KEYDATA and

View File

@ -23,6 +23,10 @@
#include <string.h> #include <string.h>
#include <errno.h> #include <errno.h>
#include <assert.h> #include <assert.h>
#ifdef HAVE_LIBREADLINE
# define GNUPG_LIBREADLINE_H_INCLUDED
# include <readline/readline.h>
#endif /*HAVE_LIBREADLINE*/
#if GNUPG_MAJOR_VERSION != 1 #if GNUPG_MAJOR_VERSION != 1
# include "gpg.h" # include "gpg.h"
@ -34,12 +38,8 @@
#include "options.h" #include "options.h"
#include "main.h" #include "main.h"
#include "keyserver-internal.h" #include "keyserver-internal.h"
#if GNUPG_MAJOR_VERSION == 1 #if GNUPG_MAJOR_VERSION == 1
# ifdef HAVE_LIBREADLINE
# define GNUPG_LIBREADLINE_H_INCLUDED
# include <stdio.h>
# include <readline/readline.h>
# endif /*HAVE_LIBREADLINE*/
# include "cardglue.h" # include "cardglue.h"
#else /*GNUPG_MAJOR_VERSION!=1*/ #else /*GNUPG_MAJOR_VERSION!=1*/
# include "call-agent.h" # include "call-agent.h"
@ -1158,6 +1158,8 @@ get_info_for_key_operation (struct agent_card_info_s *info)
rc = agent_scd_getattr ("DISP-NAME", info); rc = agent_scd_getattr ("DISP-NAME", info);
if (!rc) if (!rc)
rc = agent_scd_getattr ("EXTCAP", info); rc = agent_scd_getattr ("EXTCAP", info);
if (!rc)
rc = agent_scd_getattr ("KEY-ATTR", info);
if (rc) if (rc)
log_error (_("error getting current key info: %s\n"), gpg_strerror (rc)); log_error (_("error getting current key info: %s\n"), gpg_strerror (rc));
return rc; return rc;
@ -1253,34 +1255,114 @@ replace_existing_key_p (struct agent_card_info_s *info, int keyno)
} }
static void
show_keysize_warning (void)
{
static int shown;
if (shown)
return;
shown = 1;
tty_printf
(_("NOTE: There is no guarantee that the card "
"supports the requested size.\n"
" If the key generation does not succeed, "
"please check the\n"
" documentation of your card to see what "
"sizes are allowed.\n"));
}
/* Ask for the size of a card key. NBITS is the current size
configured for the card. KEYNO is the number of the key used to
select the prompt. Returns 0 to use the default size (i.e. NBITS)
or the selected size. */
static unsigned int
ask_card_keysize (int keyno, unsigned int nbits)
{
unsigned int min_nbits = 1024;
unsigned int max_nbits = 3072; /* GnuPG limit due to Assuan. */
char *prompt, *answer;
unsigned int req_nbits;
for (;;)
{
prompt = xasprintf
(keyno == 0?
_("What keysize do you want for the Signature key? (%u) "):
keyno == 1?
_("What keysize do you want for the Encryption key? (%u) "):
_("What keysize do you want for the Authentication key? (%u) "),
nbits);
answer = cpr_get ("cardedit.genkeys.size", prompt);
cpr_kill_prompt ();
req_nbits = *answer? atoi (answer): nbits;
xfree (prompt);
xfree (answer);
if (req_nbits != nbits && (req_nbits % 32) )
{
req_nbits = ((req_nbits + 31) / 32) * 32;
tty_printf (_("rounded up to %u bits\n"), req_nbits);
}
if (req_nbits == nbits)
return 0; /* Use default. */
if (req_nbits < min_nbits || req_nbits > max_nbits)
{
tty_printf (_("%s keysizes must be in the range %u-%u\n"),
"RSA", min_nbits, max_nbits);
}
else
{
tty_printf (_("The card will now be re-configured "
"to generate a key of %u bits\n"), req_nbits);
show_keysize_warning ();
return req_nbits;
}
}
}
/* Change the size of key KEYNO (0..2) to NBITS and show an error
message if that fails. */
static gpg_error_t
do_change_keysize (int keyno, unsigned int nbits)
{
gpg_error_t err;
char args[100];
snprintf (args, sizeof args, "--force %d 1 %u", keyno+1, nbits);
err = agent_scd_setattr ("KEY-ATTR", args, strlen (args), NULL);
if (err)
log_error (_("error changing size of key %d to %u bits: %s\n"),
keyno+1, nbits, gpg_strerror (err));
return err;
}
static void static void
generate_card_keys (void) generate_card_keys (void)
{ {
struct agent_card_info_s info; struct agent_card_info_s info;
int forced_chv1; int forced_chv1;
int want_backup; int want_backup;
int keyno;
if (get_info_for_key_operation (&info)) if (get_info_for_key_operation (&info))
return; return;
if (info.extcap.ki) if (info.extcap.ki)
{ {
#if GNUPG_MAJOR_VERSION == 1
char *answer; char *answer;
answer = cpr_get ("cardedit.genkeys.backup_enc", answer = cpr_get ("cardedit.genkeys.backup_enc",
_("Make off-card backup of encryption key? (Y/n) ")); _("Make off-card backup of encryption key? (Y/n) "));
want_backup=answer_is_yes_no_default(answer,1); want_backup = answer_is_yes_no_default (answer, 1/*(default to Yes)*/);
cpr_kill_prompt(); cpr_kill_prompt ();
xfree(answer); xfree (answer);
#else
want_backup = cpr_get_answer_is_yes
( "cardedit.genkeys.backup_enc",
_("Make off-card backup of encryption key? (Y/n) "));
/*FIXME: we need answer_is_yes_no_default()*/
#endif
} }
else else
want_backup = 0; want_backup = 0;
@ -1290,16 +1372,19 @@ generate_card_keys (void)
|| (info.fpr3valid && !fpr_is_zero (info.fpr3))) || (info.fpr3valid && !fpr_is_zero (info.fpr3)))
{ {
tty_printf ("\n"); tty_printf ("\n");
log_info ("NOTE: keys are already stored on the card!\n"); log_info (_("NOTE: keys are already stored on the card!\n"));
tty_printf ("\n"); tty_printf ("\n");
if ( !cpr_get_answer_is_yes( "cardedit.genkeys.replace_keys", if ( !cpr_get_answer_is_yes ("cardedit.genkeys.replace_keys",
_("Replace existing keys? (y/N) "))) _("Replace existing keys? (y/N) ")))
{ {
agent_release_card_info (&info); agent_release_card_info (&info);
return; return;
} }
} }
else if (!info.disp_name || !*info.disp_name)
/* If no displayed name has been set, we assume that this is a fresh
card and print a hint about the default PINs. */
if (!info.disp_name || !*info.disp_name)
{ {
tty_printf ("\n"); tty_printf ("\n");
tty_printf (_("Please note that the factory settings of the PINs are\n" tty_printf (_("Please note that the factory settings of the PINs are\n"
@ -1312,8 +1397,30 @@ generate_card_keys (void)
if (check_pin_for_key_operation (&info, &forced_chv1)) if (check_pin_for_key_operation (&info, &forced_chv1))
goto leave; goto leave;
generate_keypair (NULL, info.serialno, /* If the cards features changeable key attributes, we ask for the
want_backup? opt.homedir:NULL); key size. */
if (info.is_v2 && info.extcap.aac)
{
unsigned int nbits;
for (keyno = 0; keyno < DIM (info.key_attr); keyno++)
{
nbits = ask_card_keysize (keyno, info.key_attr[keyno].nbits);
if (nbits && do_change_keysize (keyno, nbits))
{
/* Error: Better read the default key size again. */
agent_release_card_info (&info);
if (get_info_for_key_operation (&info))
goto leave;
/* Ask again for this key size. */
keyno--;
}
}
/* Note that INFO has not be synced. However we will only use
the serialnumber and thus it won't harm. */
}
generate_keypair (NULL, info.serialno, want_backup? opt.homedir:NULL);
leave: leave:
agent_release_card_info (&info); agent_release_card_info (&info);
@ -1365,6 +1472,26 @@ card_generate_subkey (KBNODE pub_keyblock, KBNODE sec_keyblock)
if (check_pin_for_key_operation (&info, &forced_chv1)) if (check_pin_for_key_operation (&info, &forced_chv1))
goto leave; goto leave;
/* If the cards features changeable key attributes, we ask for the
key size. */
if (info.is_v2 && info.extcap.aac)
{
unsigned int nbits;
ask_again:
nbits = ask_card_keysize (keyno-1, info.key_attr[keyno-1].nbits);
if (nbits && do_change_keysize (keyno-1, nbits))
{
/* Error: Better read the default key size again. */
agent_release_card_info (&info);
if (get_info_for_key_operation (&info))
goto leave;
goto ask_again;
}
/* Note that INFO has not be synced. However we will only use
the serialnumber and thus it won't harm. */
}
okay = generate_card_subkeypair (pub_keyblock, sec_keyblock, okay = generate_card_subkeypair (pub_keyblock, sec_keyblock,
keyno, info.serialno); keyno, info.serialno);
@ -1577,7 +1704,7 @@ static struct
}; };
#if GNUPG_MAJOR_VERSION == 1 && defined (HAVE_LIBREADLINE) #ifdef HAVE_LIBREADLINE
/* These two functions are used by readline for command completion. */ /* These two functions are used by readline for command completion. */
@ -1610,6 +1737,7 @@ command_generator(const char *text,int state)
static char ** static char **
card_edit_completion(const char *text, int start, int end) card_edit_completion(const char *text, int start, int end)
{ {
(void)end;
/* If we are at the start of a line, we try and command-complete. /* If we are at the start of a line, we try and command-complete.
If not, just do nothing for now. */ If not, just do nothing for now. */
@ -1620,7 +1748,7 @@ card_edit_completion(const char *text, int start, int end)
return NULL; return NULL;
} }
#endif /* GNUPG_MAJOR_VERSION == 1 && HAVE_LIBREADLINE */ #endif /*HAVE_LIBREADLINE*/
/* Menu to edit all user changeable values on an OpenPGP card. Only /* Menu to edit all user changeable values on an OpenPGP card. Only
Key creation is not handled here. */ Key creation is not handled here. */
@ -1688,15 +1816,11 @@ card_edit (strlist_t commands)
if (!have_commands) if (!have_commands)
{ {
#if GNUPG_MAJOR_VERSION == 1
tty_enable_completion (card_edit_completion); tty_enable_completion (card_edit_completion);
#endif
answer = cpr_get_no_help("cardedit.prompt", _("Command> ")); answer = cpr_get_no_help("cardedit.prompt", _("Command> "));
cpr_kill_prompt(); cpr_kill_prompt();
#if GNUPG_MAJOR_VERSION == 1
tty_disable_completion (); tty_disable_completion ();
#endif }
}
trim_spaces(answer); trim_spaces(answer);
} }
while ( *answer == '#' ); while ( *answer == '#' );

View File

@ -134,6 +134,11 @@ typedef struct ctrl_ctx_s *ctrl_t;
#define GPG_ERR_ENODEV G10ERR_GENERAL #define GPG_ERR_ENODEV G10ERR_GENERAL
#define GPG_ERR_CANCELED G10ERR_CANCELED #define GPG_ERR_CANCELED G10ERR_CANCELED
#define GPG_ERR_INV_DATA G10ERR_GENERAL
#define GPG_ERR_PUBKEY_ALGO G10ERR_PUBKEY_ALGO
#define GPG_ERR_TOO_SHORT G10ERR_INV_ARG
typedef int gpg_error_t; typedef int gpg_error_t;
typedef int gpg_err_code_t; typedef int gpg_err_code_t;

View File

@ -413,7 +413,7 @@ print_pr_data (const unsigned char *data, size_t datalen, size_t off)
{ {
if (any) if (any)
DEBUGOUT_LF (); DEBUGOUT_LF ();
DEBUGOUT_1 (" [%04d] ", off); DEBUGOUT_1 (" [%04lu] ", (unsigned long) off);
} }
DEBUGOUT_CONT_1 (" %02X", data[off]); DEBUGOUT_CONT_1 (" %02X", data[off]);
any = 1; any = 1;
@ -944,6 +944,11 @@ parse_ccid_descriptor (ccid_driver_t handle,
0x5111 - SCR 331-DI 0x5111 - SCR 331-DI
0x5115 - SCR 335 0x5115 - SCR 335
0xe003 - SPR 532 0xe003 - SPR 532
The
0x5117 - SCR 3320 USB ID-000 reader
seems to be very slow but enabling this workaround boosts the
performance to a a more or less acceptable level (tested by David).
*/ */
if (handle->id_vendor == VENDOR_SCM if (handle->id_vendor == VENDOR_SCM
&& handle->max_ifsd > 48 && handle->max_ifsd > 48
@ -951,6 +956,7 @@ parse_ccid_descriptor (ccid_driver_t handle,
||(handle->id_product == 0x5111 && handle->bcd_device < 0x0620) ||(handle->id_product == 0x5111 && handle->bcd_device < 0x0620)
||(handle->id_product == 0x5115 && handle->bcd_device < 0x0514) ||(handle->id_product == 0x5115 && handle->bcd_device < 0x0514)
||(handle->id_product == 0xe003 && handle->bcd_device < 0x0504) ||(handle->id_product == 0xe003 && handle->bcd_device < 0x0504)
||(handle->id_product == 0x5117 && handle->bcd_device < 0x0522)
)) ))
{ {
DEBUGOUT ("enabling workaround for buggy SCM readers\n"); DEBUGOUT ("enabling workaround for buggy SCM readers\n");

View File

@ -1,3 +1,8 @@
2009-07-14 Werner Koch <wk@g10code.com>
* de.po: s/nicht-exportfähig/unwiderrufbar/. Reported by Simon
Richter.
2009-07-13 Werner Koch <wk@g10code.com> 2009-07-13 Werner Koch <wk@g10code.com>
* nl.po: Applied a small fix by Jeroen Leeuwestein. Fixes bug#1085. * nl.po: Applied a small fix by Jeroen Leeuwestein. Fixes bug#1085.

1647
po/be.po

File diff suppressed because it is too large Load Diff

1685
po/ca.po

File diff suppressed because it is too large Load Diff

1522
po/cs.po

File diff suppressed because it is too large Load Diff

1506
po/da.po

File diff suppressed because it is too large Load Diff

1336
po/de.po

File diff suppressed because it is too large Load Diff

1682
po/el.po

File diff suppressed because it is too large Load Diff

1680
po/eo.po

File diff suppressed because it is too large Load Diff

1531
po/es.po

File diff suppressed because it is too large Load Diff

1681
po/et.po

File diff suppressed because it is too large Load Diff

1683
po/fi.po

File diff suppressed because it is too large Load Diff

1140
po/fr.po

File diff suppressed because it is too large Load Diff

1686
po/gl.po

File diff suppressed because it is too large Load Diff

1681
po/hu.po

File diff suppressed because it is too large Load Diff

1679
po/id.po

File diff suppressed because it is too large Load Diff

1681
po/it.po

File diff suppressed because it is too large Load Diff

1683
po/ja.po

File diff suppressed because it is too large Load Diff

1651
po/nb.po

File diff suppressed because it is too large Load Diff

1138
po/nl.po

File diff suppressed because it is too large Load Diff

1509
po/pl.po

File diff suppressed because it is too large Load Diff

1684
po/pt.po

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

1679
po/ro.po

File diff suppressed because it is too large Load Diff

1521
po/ru.po

File diff suppressed because it is too large Load Diff

1682
po/sk.po

File diff suppressed because it is too large Load Diff

3747
po/sv.po

File diff suppressed because it is too large Load Diff

1523
po/tr.po

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff