security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

Merge branch 'STABLE-BRANCH-2-4' into master

This commit is contained in:
Werner Koch 2023-07-04 17:37:54 +02:00
parent b5efb52d43 2378ccf97c
commit 334f5d95c8
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
89 changed files with 3260 additions and 1400 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Makefile.am
View File

@ -18,8 +18,8 @@
## Process this file with automake to produce Makefile.in
# To include the wixlibs for building an MSI installer in a release use
# make release WITH_MSI=1
# We want to also build the wixlib for use by GnuPG Desktop
WITH_MSI=1
# Location of the released tarball archives. This is prefixed by
# the variable RELEASE_ARCHIVE in ~/.gnupg-autogen.rc. For example:

66
NEWS
View File

@ -2,9 +2,75 @@ Noteworthy changes in version 2.5.0 (unreleased)
------------------------------------------------
Changes also found in 2.4.3:
* gpg: Set default expiration date to 3 years. [T2701]
* gpg: Add --list-filter properties "key_expires" and
"key_expires_d". [T6529]
* gpg: Emit status line and proper diagnostics for write errors.
[T6528]
* gpg: Make progress work for large files on Windows. [T6534]
* gpg: New option --no-compress as alias for -z0.
* gpgsm: Print PROGRESS status lines. Add new --input-size-hint.
[T6534]
* gpgsm: Support SENDCERT_SKI for --call-dirmngr. [rG701a8b30f0]
* gpgsm: Major rewrite of the PKCS#12 parser. [T6536]
* gpgtar: New option --no-compress.
* dirmngr: Extend the AD_QUERY command. [rG207c99567c]
* dirmngr: Disable the HTTP redirect rewriting. [T6477]
* dirmngr: New option --compatibility-flags. [rGbf04b07327]
* dirmngr: New option --ignore-crl-extensions. [T6545]
* wkd: Use export-clean for gpg-wks-client's --mirror and --create
commands. [rG2c7f7a5a27]
* wkd: Make --add-revocs the default in gpg-wks-client. New option
--no-add-revocs. [rG10c937ee68]
* scd: Make signing work for Nexus cards. [rGb83d86b988]
* scd: Fix authentication with Administration Key for PIV.
[rG25b59cf6ce]
Changes also found in 2.4.2:
* gpg: Print a warning if no more encryption subkeys are left over
after changing the expiration date. [rGef2c3d50fa]
* gpg: Fix searching for the ADSK key when adding an ADSK. [T6504]
* gpgsm: Speed up key listings on Windows. [rG08ff55bd44]
* gpgsm: Reduce the number of "failed to open policy file"
diagnostics. [rG68613a6a9d]
* agent: Make updating of private key files more robust and track
display S/N. [T6135]
* keyboxd: Avoid longish delays on Windows when listing keys.
[rG6944aefa3c]
* gpgtar: Emit extra status lines to help GPGME. [T6497]
* w32: Avoid using the VirtualStore. [T6403]
Release dates of 2.4 versions
-----------------------------
Version 2.4.3 (2023-07-04) https://dev.gnupg.org/T6509
Version 2.4.2 (2023-05-30) https://dev.gnupg.org/T6506
Version 2.4.1 (2023-04-28) https://dev.gnupg.org/T6454
Version 2.4.0 (2022-12-16) https://dev.gnupg.org/T6302

4
agent/call-daemon.c
View File

@ -153,6 +153,8 @@ wait_child_thread (void *arg)
name, WSTOPSIG (wstatus));
goto again;
}
assuan_set_flag (g->primary_ctx, ASSUAN_NO_WAITPID, 1);
}
#endif /*!HAVE_W32_SYSTEM*/
@ -166,8 +168,6 @@ wait_child_thread (void *arg)
}
else
{
assuan_set_flag (g->primary_ctx, ASSUAN_NO_WAITPID, 1);
for (sl = g->local_list; sl; sl = sl->next_local)
{
sl->invalid = 1;

6
build-aux/speedo.mk
View File

@ -1543,10 +1543,8 @@ sign-installer:
if [ -f "$${msifile}" ]; then \
$(call MKSWDB_commands,$${msifile},$${reldate},"wixlib_"); \
fi; \
echo "speedo: /*" ;\
echo "speedo: * Verification result" ;\
echo "speedo: */" ;\
osslsigncode verify $${exefile} \
echo "speedo: /* (osslsigncode verify disabled) */" ;\
echo osslsigncode verify $${exefile} \
)

77
common/iobuf.c
View File

@ -505,7 +505,8 @@ file_filter (void *opaque, int control, iobuf_t chain, byte * buf,
if (ec != ERROR_BROKEN_PIPE)
{
rc = gpg_error_from_errno (ec);
log_error ("%s: read error: ec=%d\n", a->fname, ec);
log_error ("%s: read error: %s (ec=%d)\n",
a->fname, gpg_strerror (rc), ec);
}
}
else if (!nread)
@ -573,9 +574,10 @@ file_filter (void *opaque, int control, iobuf_t chain, byte * buf,
{
if (size && !WriteFile (f, p, nbytes, &n, NULL))
{
int ec = (int) GetLastError ();
rc = gpg_error_from_errno (ec);
log_error ("%s: write error: ec=%d\n", a->fname, ec);
int ec = gnupg_w32_set_errno (-1);
rc = gpg_error_from_syserror ();
log_error ("%s: write error: %s (ec=%d)\n",
a->fname, gpg_strerror (rc), ec);
break;
}
p += n;
@ -634,7 +636,8 @@ file_filter (void *opaque, int control, iobuf_t chain, byte * buf,
if (ec != ERROR_BROKEN_PIPE)
{
rc = gpg_error_from_errno (ec);
log_error ("%s: read error: ec=%d\n", a->fname, ec);
log_error ("%s: read error: %s (ec=%d)\n",
a->fname, gpg_strerror (rc), ec);
}
a->npeeked = 0;
}
@ -883,7 +886,8 @@ sock_filter (void *opaque, int control, iobuf_t chain, byte * buf,
if (n == SOCKET_ERROR)
{
int ec = (int) WSAGetLastError ();
rc = gpg_error_from_errno (ec);
gnupg_w32_set_errno (ec);
rc = gpg_error_from_syserror ();
log_error ("socket write error: ec=%d\n", ec);
break;
}
@ -2606,13 +2610,10 @@ iobuf_set_limit (iobuf_t a, off_t nlimit)
}
off_t
iobuf_get_filelength (iobuf_t a, int *overflow)
/* Return the length of the file behind A. If there is no file, return 0. */
uint64_t
iobuf_get_filelength (iobuf_t a)
{
if (overflow)
*overflow = 0;
/* Hmmm: file_filter may have already been removed */
for ( ; a->chain; a = a->chain )
;
@ -2625,56 +2626,18 @@ iobuf_get_filelength (iobuf_t a, int *overflow)
gnupg_fd_t fp = b->fp;
#if defined(HAVE_W32_SYSTEM)
ulong size;
static int (* __stdcall get_file_size_ex) (void *handle,
LARGE_INTEGER *r_size);
static int get_file_size_ex_initialized;
LARGE_INTEGER exsize;
if (!get_file_size_ex_initialized)
{
void *handle;
handle = dlopen ("kernel32.dll", RTLD_LAZY);
if (handle)
{
get_file_size_ex = dlsym (handle, "GetFileSizeEx");
if (!get_file_size_ex)
dlclose (handle);
}
get_file_size_ex_initialized = 1;
}
if (get_file_size_ex)
{
/* This is a newer system with GetFileSizeEx; we use this
then because it seem that GetFileSize won't return a
proper error in case a file is larger than 4GB. */
LARGE_INTEGER exsize;
if (get_file_size_ex (fp, &exsize))
{
if (!exsize.u.HighPart)
return exsize.u.LowPart;
if (overflow)
*overflow = 1;
return 0;
}
}
else
{
if ((size=GetFileSize (fp, NULL)) != 0xffffffff)
return size;
}
if (GetFileSizeEx (fp, &exsize))
return exsize.QuadPart;
log_error ("GetFileSize for handle %p failed: %s\n",
fp, w32_strerror (-1));
#else /*!HAVE_W32_SYSTEM*/
{
struct stat st;
struct stat st;
if ( !fstat (fp, &st) )
return st.st_size;
log_error("fstat() failed: %s\n", strerror(errno) );
}
if ( !fstat (fp, &st) )
return st.st_size;
log_error("fstat() failed: %s\n", strerror(errno) );
#endif /*!HAVE_W32_SYSTEM*/
}

8
common/iobuf.h
View File

@ -584,12 +584,8 @@ size_t iobuf_temp_to_buffer (iobuf_t a, byte * buffer, size_t buflen);
size_t iobuf_copy (iobuf_t dest, iobuf_t source);
/* Return the size of any underlying file. This only works with
file_filter based pipelines.
On Win32, it is sometimes not possible to determine the size of
files larger than 4GB. In this case, *OVERFLOW (if not NULL) is
set to 1. Otherwise, *OVERFLOW is set to 0. */
off_t iobuf_get_filelength (iobuf_t a, int *overflow);
file_filter based pipelines. */
uint64_t iobuf_get_filelength (iobuf_t a);
#define IOBUF_FILELENGTH_LIMIT 0xffffffff
/* Return the file descriptor designating the underlying file. This

98
common/ksba-io-support.c
View File

@ -1,6 +1,6 @@
/* kska-io-support.c - Supporting functions for ksba reader and writer
* Copyright (C) 2001-2005, 2007, 2010-2011, 2017 Werner Koch
* Copyright (C) 2006 g10 Code GmbH
* Copyright (C) 2006, 2023 g10 Code GmbH
*
* This file is part of GnuPG.
*
@ -26,6 +26,7 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <https://www.gnu.org/licenses/>.
* SPDX-License-Identifier: (LGPL-3.0-or-later OR GPL-2.0-or-later)
*/
#include <config.h>
@ -96,6 +97,15 @@ struct writer_cb_parm_s
char *pem_name; /* Malloced. */
struct {
gnupg_ksba_progress_cb_t cb;
ctrl_t ctrl;
u32 last_time; /* last time reported */
uint64_t last; /* last amount reported */
uint64_t current; /* current amount */
uint64_t total; /* total amount */
} progress;
int wrote_begin;
int did_finish;
@ -110,6 +120,7 @@ struct writer_cb_parm_s
/* Context for this module's functions. */
struct gnupg_ksba_io_s {
int is_writer; /* True if this context refers a writer object. */
union {
struct reader_cb_parm_s rparm;
struct writer_cb_parm_s wparm;
@ -527,6 +538,33 @@ simple_reader_cb (void *cb_value, char *buffer, size_t count, size_t *nread)
/* Call the progress callback if its time. We do this very 2 seconds
* or if FORCE is set. However, we also require that at least 64KiB
* have been written to avoid unnecessary progress lines for small
* files. */
static gpg_error_t
update_write_progress (struct writer_cb_parm_s *parm, size_t count, int force)
{
gpg_error_t err = 0;
u32 timestamp;
parm->progress.current += count;
if (parm->progress.current >= (64*1024))
{
timestamp = make_timestamp ();
if (force || (timestamp - parm->progress.last_time > 1))
{
parm->progress.last = parm->progress.current;
parm->progress.last_time = timestamp;
err = parm->progress.cb (parm->progress.ctrl,
parm->progress.current,
parm->progress.total);
}
}
return err;
}
static int
base64_writer_cb (void *cb_value, const void *buffer, size_t count)
{
@ -535,6 +573,8 @@ base64_writer_cb (void *cb_value, const void *buffer, size_t count)
int i, c, idx, quad_count;
const unsigned char *p;
estream_t stream = parm->stream;
int rc;
size_t nleft;
if (!count)
return 0;
@ -557,7 +597,7 @@ base64_writer_cb (void *cb_value, const void *buffer, size_t count)
for (i=0; i < idx; i++)
radbuf[i] = parm->base64.radbuf[i];
for (p=buffer; count; p++, count--)
for (p=buffer, nleft = count; nleft; p++, nleft--)
{
radbuf[idx++] = *p;
if (idx > 2)
@ -583,7 +623,11 @@ base64_writer_cb (void *cb_value, const void *buffer, size_t count)
parm->base64.idx = idx;
parm->base64.quad_count = quad_count;
return es_ferror (stream)? gpg_error_from_syserror () : 0;
rc = es_ferror (stream)? gpg_error_from_syserror () : 0;
/* Note that we use the unencoded count for the progress. */
if (!rc && parm->progress.cb)
rc = update_write_progress (parm, count, 0);
return rc;
}
@ -594,13 +638,16 @@ plain_writer_cb (void *cb_value, const void *buffer, size_t count)
{
struct writer_cb_parm_s *parm = cb_value;
estream_t stream = parm->stream;
int rc;
if (!count)
return 0;
es_write (stream, buffer, count, NULL);
return es_ferror (stream)? gpg_error_from_syserror () : 0;
rc = es_ferror (stream)? gpg_error_from_syserror () : 0;
if (!rc && parm->progress.cb)
rc = update_write_progress (parm, count, 0);
return rc;
}
@ -610,6 +657,7 @@ base64_finish_write (struct writer_cb_parm_s *parm)
unsigned char *radbuf;
int c, idx, quad_count;
estream_t stream = parm->stream;
int rc;
if (!parm->wrote_begin)
return 0; /* Nothing written or we are not called in base-64 mode. */
@ -656,7 +704,10 @@ base64_finish_write (struct writer_cb_parm_s *parm)
es_fputs ("-----\n", stream);
}
return es_ferror (stream)? gpg_error_from_syserror () : 0;
rc = es_ferror (stream)? gpg_error_from_syserror () : 0;
if (!rc && parm->progress.cb)
rc = update_write_progress (parm, 0, 1);
return rc;
}
@ -788,6 +839,7 @@ gnupg_ksba_create_writer (gnupg_ksba_io_t *ctx, unsigned int flags,
*ctx = xtrycalloc (1, sizeof **ctx);
if (!*ctx)
return gpg_error_from_syserror ();
(*ctx)->is_writer = 1;
rc = ksba_writer_new (&w);
if (rc)
@ -865,3 +917,37 @@ gnupg_ksba_destroy_writer (gnupg_ksba_io_t ctx)
xfree (ctx->u.wparm.pem_name);
xfree (ctx);
}
/* Set a callback to the writer object. CTRL will be bassed to the
* callback. */
void
gnupg_ksba_set_progress_cb (gnupg_ksba_io_t ctx,
gnupg_ksba_progress_cb_t cb, ctrl_t ctrl)
{
struct writer_cb_parm_s *parm;
if (!ctx || !ctx->is_writer)
return; /* Currently only supported for writer objects. */
parm = &ctx->u.wparm;
parm->progress.cb = cb;
parm->progress.ctrl = ctrl;
parm->progress.last_time = 0;
parm->progress.last = 0;
parm->progress.current = 0;
parm->progress.total = 0;
}
/* Update the total count for the progress thingy. */
void
gnupg_ksba_set_total (gnupg_ksba_io_t ctx, uint64_t total)
{
struct writer_cb_parm_s *parm;
if (!ctx || !ctx->is_writer)
return; /* Currently only supported for writer objects. */
parm = &ctx->u.wparm;
parm->progress.total = total;
}

10
common/ksba-io-support.h
View File

@ -25,6 +25,7 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <https://www.gnu.org/licenses/>.
* SPDX-License-Identifier: (LGPL-3.0-or-later OR GPL-2.0-or-later)
*/
#ifndef GNUPG_KSBA_IO_SUPPORT_H
@ -42,6 +43,10 @@
/* Context object. */
typedef struct gnupg_ksba_io_s *gnupg_ksba_io_t;
/* Progress callback type. */
typedef gpg_error_t (*gnupg_ksba_progress_cb_t)(ctrl_t ctrl,
uint64_t current,
uint64_t total);
gpg_error_t gnupg_ksba_create_reader (gnupg_ksba_io_t *ctx,
@ -57,10 +62,13 @@ gpg_error_t gnupg_ksba_create_writer (gnupg_ksba_io_t *ctx,
const char *pem_name,
estream_t stream,
ksba_writer_t *r_writer);
gpg_error_t gnupg_ksba_finish_writer (gnupg_ksba_io_t ctx);
void gnupg_ksba_destroy_writer (gnupg_ksba_io_t ctx);
void gnupg_ksba_set_progress_cb (gnupg_ksba_io_t ctx,
gnupg_ksba_progress_cb_t cb, ctrl_t ctrl);
void gnupg_ksba_set_total (gnupg_ksba_io_t ctx, uint64_t total);

2
common/name-value.c
View File

@ -616,7 +616,7 @@ nve_next_value (nve_t entry, const char *name)
/* Return the string for the first entry in NVC with NAME. If an
* entry with NAME is missing in NVC or its value is the empty string
* NULL is returned. Note that the The returned string is a pointer
* NULL is returned. Note that the the returned string is a pointer
* into NVC. */
const char *
nvc_get_string (nvc_t nvc, const char *name)

44
common/stringhelp.c
View File

@ -1689,10 +1689,16 @@ format_text (const char *text_in, int target_cols, int max_cols)
}
/* Substitute environment variables in STRING and return a new string.
* On error the function returns NULL. */
/* Substitute variables in STRING and return a new string. GETVAL is
* a function which maps NAME to its value; that value is a string
* which may not change during the execution time of this function.
* If GETVAL returns NULL substitute_vars returns NULL and the caller
* may inspect ERRNO for the reason. In all other error cases this
* function also returns NULL. Caller must free the returned string. */
char *
substitute_envvars (const char *string)
substitute_vars (const char *string,
const char *(*getval)(void *cookie, const char *name),
void *cookie)
{
char *line, *p, *pend;
const char *value;
@ -1743,19 +1749,22 @@ substitute_envvars (const char *string)
{
int save = *pend;
*pend = 0;
value = getenv (p+2);
value = getval (cookie, p+2);
*pend++ = save;
}
else
{
int save = *pend;
*pend = 0;
value = getenv (p+1);
value = getval (cookie, p+1);
*pend = save;
}
if (!value)
value = "";
{
xfree (result);
return NULL;
}
valuelen = strlen (value);
if (valuelen <= pend - p)
{
@ -1791,3 +1800,26 @@ substitute_envvars (const char *string)
leave:
return result;
}
/* Helper for substitute_envvars. */
static const char *
subst_getenv (void *cookie, const char *name)
{
const char *s;
(void)cookie;
s = getenv (name);
return s? s : "";
}
/* Substitute environment variables in STRING and return a new string.
* On error the function returns NULL. */
char *
substitute_envvars (const char *string)
{
return substitute_vars (string, subst_getenv, NULL);
}

5
common/stringhelp.h
View File

@ -169,7 +169,10 @@ int compare_version_strings (const char *my_version, const char *req_version);
/* Format a string so that it fits within about TARGET_COLS columns. */
char *format_text (const char *text, int target_cols, int max_cols);
/* Substitute environmen variabales in STRING. */
/* Substitute variables in STRING. */
char *substitute_vars (const char *string,
const char *(*getval)(void *cookie, const char *name),
void *cookie);
char *substitute_envvars (const char *string);

5
common/sysutils.c
View File

@ -327,9 +327,10 @@ map_w32_to_errno (DWORD w32_err)
#endif /*HAVE_W32_SYSTEM*/
/* Set ERRNO from the Windows error. EC may be -1 to use the last error. */
/* Set ERRNO from the Windows error. EC may be -1 to use the last
* error. Returns the Windows error code. */
#ifdef HAVE_W32_SYSTEM
void
int
gnupg_w32_set_errno (int ec)
{
/* FIXME: Replace by gpgrt_w32_set_errno. */

2
common/sysutils.h
View File

@ -111,7 +111,7 @@ int gnupg_inotify_has_name (int fd, const char *name);
#ifdef HAVE_W32_SYSTEM
void gnupg_w32_set_errno (int ec);
int gnupg_w32_set_errno (int ec);
void *w32_get_user_sid (void);
#include "../common/w32help.h"

9
common/tlv.c
View File

@ -150,13 +150,16 @@ find_tlv_unchecked (const unsigned char *buffer, size_t length,
/* ASN.1 BER parser: Parse BUFFER of length SIZE and return the tag
and the length part from the TLV triplet. Update BUFFER and SIZE
on success. */
* and the length part from the TLV triplet. Update BUFFER and SIZE
* on success. Note that this function does not check that the value
* fits into the provided buffer; this allows to work on the TL part
* of a TLV. */
gpg_error_t
parse_ber_header (unsigned char const **buffer, size_t *size,
int *r_class, int *r_tag,
int *r_constructed, int *r_ndef,
size_t *r_length, size_t *r_nhdr){
size_t *r_length, size_t *r_nhdr)
{
int c;
unsigned long tag;
const unsigned char *buf = *buffer;

10
dirmngr/crlcache.c
View File

@ -2356,11 +2356,21 @@ crl_cache_insert (ctrl_t ctrl, const char *url, ksba_reader_t reader)
for (idx=0; !(err=ksba_crl_get_extension (crl, idx, &oid, &critical,
NULL, NULL)); idx++)
{
strlist_t sl;
if (!critical
|| !strcmp (oid, oidstr_authorityKeyIdentifier)
|| !strcmp (oid, oidstr_crlNumber) )
continue;
for (sl=opt.ignored_crl_extensions;
sl && strcmp (sl->d, oid); sl = sl->next)
;
if (sl)
continue; /* Is in ignored list. */
log_error (_("unknown critical CRL extension %s\n"), oid);
log_info ("(CRL='%s')\n", url);
if (!err2)
err2 = gpg_error (GPG_ERR_INV_CRL);
invalidate_crl |= INVCRL_UNKNOWN_EXTN;

27
dirmngr/dirmngr.c
View File

@ -147,6 +147,7 @@ enum cmd_and_opt_values {
oHTTPWrapperProgram,
oIgnoreCert,
oIgnoreCertExtension,
oIgnoreCRLExtension,
oUseTor,
oNoUseTor,
oKeyServer,
@ -159,6 +160,7 @@ enum cmd_and_opt_values {
oConnectQuickTimeout,
oListenBacklog,
oFakeCRL,
oCompatibilityFlags,
aTest
};
@ -223,6 +225,7 @@ static gpgrt_opt_t opts[] = {
ARGPARSE_s_n (oDisableCheckOwnSocket, "disable-check-own-socket", "@"),
ARGPARSE_s_s (oIgnoreCert,"ignore-cert", "@"),
ARGPARSE_s_s (oIgnoreCertExtension,"ignore-cert-extension", "@"),
ARGPARSE_s_s (oIgnoreCRLExtension,"ignore-crl-extension", "@"),
ARGPARSE_header ("Network", N_("Network related options")),
@ -297,6 +300,7 @@ static gpgrt_opt_t opts[] = {
ARGPARSE_s_s (oSocketName, "socket-name", "@"), /* Only for debugging. */
ARGPARSE_s_n (oDebugCacheExpiredCerts, "debug-cache-expired-certs", "@"),
ARGPARSE_s_s (oCompatibilityFlags, "compatibility-flags", "@"),
ARGPARSE_header (NULL, ""), /* Stop the header group. */
@ -329,6 +333,14 @@ static struct debug_flags_s debug_flags [] =
{ 77, NULL } /* 77 := Do not exit on "help" or "?". */
};
/* The list of compatibility flags. */
static struct compatibility_flags_s compatibility_flags [] =
{
{ COMPAT_RESTRICT_HTTP_REDIR, "restrict-http-redir" },
{ 0, NULL }
};
#define DEFAULT_MAX_REPLIES 10
#define DEFAULT_LDAP_TIMEOUT 15 /* seconds */
@ -699,6 +711,7 @@ parse_rereadable_options (gpgrt_argparse_t *pargs, int reread)
opt.ignored_certs = tmp;
}
FREE_STRLIST (opt.ignored_cert_extensions);
FREE_STRLIST (opt.ignored_crl_extensions);
http_register_tls_ca (NULL);
FREE_STRLIST (hkp_cacert_filenames);
FREE_STRLIST (opt.keyserver);
@ -715,6 +728,7 @@ parse_rereadable_options (gpgrt_argparse_t *pargs, int reread)
opt.debug_cache_expired_certs = 0;
xfree (opt.fake_crl);
opt.fake_crl = NULL;
opt.compat_flags = 0;
return 1;
}
@ -811,6 +825,10 @@ parse_rereadable_options (gpgrt_argparse_t *pargs, int reread)
add_to_strlist (&opt.ignored_cert_extensions, pargs->r.ret_str);
break;
case oIgnoreCRLExtension:
add_to_strlist (&opt.ignored_crl_extensions, pargs->r.ret_str);
break;
case oUseTor:
tor_mode = TOR_MODE_FORCE;
break;
@ -882,6 +900,15 @@ parse_rereadable_options (gpgrt_argparse_t *pargs, int reread)
opt.fake_crl = *pargs->r.ret_str? xstrdup (pargs->r.ret_str) : NULL;
break;
case oCompatibilityFlags:
if (parse_compatibility_flags (pargs->r.ret_str, &opt.compat_flags,
compatibility_flags))
{
pargs->r_opt = ARGPARSE_INVALID_ARG;
pargs->err = ARGPARSE_PRINT_WARNING;
}
break;
default:
return 0; /* Not handled. */
}

20
dirmngr/dirmngr.h
View File

@ -132,6 +132,11 @@ struct
OID per string. */
strlist_t ignored_cert_extensions;
/* A list of CRL extension OIDs which are ignored so that one can
* claim that a critical extension has been handled. One OID per
* string. */
strlist_t ignored_crl_extensions;
/* Allow expired certificates in the cache. */
int debug_cache_expired_certs;
@ -154,6 +159,9 @@ struct
current after nextUpdate. */
strlist_t keyserver; /* List of default keyservers. */
/* Compatibility flags (COMPAT_FLAG_xxxx). */
unsigned int compat_flags;
} opt;
@ -182,6 +190,18 @@ struct
#define DBG_EXTPROG (opt.debug & DBG_EXTPROG_VALUE)
#define DBG_KEEPTMP (opt.debug & DBG_KEEPTMP_VALUE)
/* Compatibility flags */
/* Since version 2.2.12 dirmngr restricted HTTP redirection in an
* attempt to mitigate certain CSRF attacks. It turned out that this
* breaks too many WKD deployments and that the attack scenario is not
* due to gnupg's redirecting but due to insecure configured systems.
* Thus from 2.4.3 on we disable this restriction but allow to use the
* old behaviour by using this compatibility flag. For details see
* https://dev.gnupg.org/T6477. */
#define COMPAT_RESTRICT_HTTP_REDIR 1
/* A simple list of certificate references. FIXME: Better use
certlist_t also for references (Store NULL at .cert) */
struct cert_ref_s

9
dirmngr/http.c
View File

@ -3741,10 +3741,11 @@ http_prepare_redirect (http_redir_info_t *info, unsigned int status_code,
http_release_parsed_uri (locuri);
return err;
}
else if (same_host_p (origuri, locuri))
else if (!info->restrict_redir || same_host_p (origuri, locuri))
{
/* The host is the same or on an exception list and thus we can
* take the location verbatim. */
/* Take the syntactically correct location or if restrict_redir
* is set the host is the same or on an exception list and thus
* we can take the location verbatim. */
http_release_parsed_uri (origuri);
http_release_parsed_uri (locuri);
newurl = xtrystrdup (location);
@ -3754,7 +3755,7 @@ http_prepare_redirect (http_redir_info_t *info, unsigned int status_code,
return err;
}
}
else
else /* Strictly rectricted redirection which we used in the past. */
{
/* We take only the host and port from the URL given in the
* Location. This limits the effects of redirection attacks by

1
dirmngr/http.h
View File

@ -117,6 +117,7 @@ struct http_redir_info_s
unsigned int silent:1; /* No diagnostics. */
unsigned int allow_downgrade:1;/* Allow a downgrade from https to http. */
unsigned int trust_location:1; /* Trust the received Location header. */
unsigned int restrict_redir:1; /* Use legacy restricted redirection. */
};
typedef struct http_redir_info_s http_redir_info_t;

5
dirmngr/ks-engine-hkp.c
View File

@ -1242,8 +1242,9 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
redirinfo.orig_url = request;
redirinfo.orig_onion = uri->onion;
redirinfo.allow_downgrade = 1;
/* FIXME: I am not sure whey we allow a downgrade for hkp requests.
* Needs at least an explanation here.. */
/* FIXME: I am not sure why we allow a downgrade for hkp requests.
* Needs at least an explanation here. */
redirinfo.restrict_redir = !!(opt.compat_flags & COMPAT_RESTRICT_HTTP_REDIR);
once_more:
err = http_session_new (&session, httphost,

1
dirmngr/ks-engine-http.c
View File

@ -88,6 +88,7 @@ ks_http_fetch (ctrl_t ctrl, const char *url, unsigned int flags,
redirinfo.orig_onion = uri->onion;
redirinfo.orig_https = uri->use_tls;
redirinfo.allow_downgrade = !!(flags & KS_HTTP_FETCH_ALLOW_DOWNGRADE);
redirinfo.restrict_redir = !!(opt.compat_flags & COMPAT_RESTRICT_HTTP_REDIR);
/* By default we only use the system provided certificates with this
* fetch command. */

191
dirmngr/ks-engine-ldap.c
View File

@ -26,6 +26,13 @@
#include <unistd.h>
#include <stdlib.h>
#include <npth.h>
#ifdef HAVE_W32_SYSTEM
# ifndef WINVER
# define WINVER 0x0500 /* Same as in common/sysutils.c */
# endif
# include <winsock2.h>
# include <sddl.h>
#endif
#include "dirmngr.h"
@ -73,6 +80,9 @@ struct ks_engine_ldap_local_s
int more_pages; /* More pages announced by server. */
};
/*-- prototypes --*/
static char *map_rid_to_dn (ctrl_t ctrl, const char *rid);
static char *basedn_from_rootdse (ctrl_t ctrl, parsed_uri_t uri);
@ -150,6 +160,114 @@ my_ldap_value_free (char **vals)
}
/* Print a description of supported variables. */
void
ks_ldap_help_variables (ctrl_t ctrl)
{
const char data[] =
"Supported variables in LDAP filter expressions:\n"
"\n"
"domain - The defaultNamingContext.\n"
"domain_admins - Group of domain admins.\n"
"domain_users - Group with all user accounts.\n"
"domain_guests - Group with the builtin gues account.\n"
"domain_computers - Group with all clients and servers.\n"
"cert_publishers - Group with all cert issuing computers.\n"
"protected_users - Group of users with extra protection.\n"
"key_admins - Group for delegated access to msdsKeyCredentialLink.\n"
"enterprise_key_admins - Similar to key_admins.\n"
"domain_domain_controllers - Group with all domain controllers.\n"
"sid_domain - SubAuthority numbers.\n";
ks_print_help (ctrl, data);
}
/* Helper function for substitute_vars. */
static const char *
getval_for_filter (void *cookie, const char *name)
{
ctrl_t ctrl = cookie;
const char *result = NULL;
if (!strcmp (name, "sid_domain"))
{
#ifdef HAVE_W32_SYSTEM
PSID mysid;
static char *sidstr;
char *s, *s0;
int i;
if (!sidstr)
{
mysid = w32_get_user_sid ();
if (!mysid)
{
gpg_err_set_errno (ENOENT);
goto leave;
}
if (!ConvertSidToStringSid (mysid, &sidstr))
{
gpg_err_set_errno (EINVAL);
goto leave;
}
/* Example for SIDSTR:
* S-1-5-21-3636969917-2569447256-918939550-1127 */
for (s0=NULL,s=sidstr,i=0; (s=strchr (s, '-')); i++)
{
s++;
if (i == 3)
s0 = s;
else if (i==6)
{
s[-1] = 0;
break;
}
}
if (!s0)
{
log_error ("oops: invalid SID received from OS");
gpg_err_set_errno (EINVAL);
LocalFree (sidstr);
goto leave;
}
sidstr = s0; /* (We never release SIDSTR thus no memmove.) */
}
result = sidstr;
#else
gpg_err_set_errno (ENOSYS);
goto leave;
#endif
}
else if (!strcmp (name, "domain"))
result = basedn_from_rootdse (ctrl, NULL);
else if (!strcmp (name, "domain_admins"))
result = map_rid_to_dn (ctrl, "512");
else if (!strcmp (name, "domain_users"))
result = map_rid_to_dn (ctrl, "513");
else if (!strcmp (name, "domain_guests"))
result = map_rid_to_dn (ctrl, "514");
else if (!strcmp (name, "domain_computers"))
result = map_rid_to_dn (ctrl, "515");
else if (!strcmp (name, "domain_domain_controllers"))
result = map_rid_to_dn (ctrl, "516");
else if (!strcmp (name, "cert_publishers"))
result = map_rid_to_dn (ctrl, "517");
else if (!strcmp (name, "protected_users"))
result = map_rid_to_dn (ctrl, "525");
else if (!strcmp (name, "key_admins"))
result = map_rid_to_dn (ctrl, "526");
else if (!strcmp (name, "enterprise_key_admins"))
result = map_rid_to_dn (ctrl, "527");
else
result = ""; /* Unknown variables are empty. */
leave:
return result;
}
/* Print a help output for the schemata supported by this module. */
gpg_error_t
@ -1396,6 +1514,63 @@ fetch_rootdse (ctrl_t ctrl, parsed_uri_t uri)
}
/* Return the DN for the given RID. This is used with the Active
* Directory. */
static char *
map_rid_to_dn (ctrl_t ctrl, const char *rid)
{
gpg_error_t err;
char *result = NULL;
estream_t infp = NULL;
uri_item_t puri; /* The broken down URI. */
nvc_t nvc = NULL;
char *filter = NULL;
const char *s;
char *attr[2] = {"dn", NULL};
err = ks_action_parse_uri ("ldap:///", &puri);
if (err)
return NULL;
filter = strconcat ("(objectSid=S-1-5-21-$sid_domain-", rid, ")", NULL);
if (!filter)
goto leave;
err = ks_ldap_query (ctrl, puri->parsed_uri, KS_GET_FLAG_SUBST,
filter, attr, NULL, &infp);
if (err)
{
log_error ("ldap: AD query '%s' failed: %s\n", filter,gpg_strerror (err));
goto leave;
}
if ((err = nvc_parse (&nvc, NULL, infp)))
{
log_error ("ldap: parsing the result failed: %s\n",gpg_strerror (err));
goto leave;
}
if (!(s = nvc_get_string (nvc, "Dn:")))
{
err = gpg_error (GPG_ERR_NOT_FOUND);
log_error ("ldap: mapping rid '%s'failed: %s\n", rid, gpg_strerror (err));
goto leave;
}
result = xtrystrdup (s);
if (!result)
{
err = gpg_error_from_syserror ();
log_error ("ldap: strdup failed: %s\n", gpg_strerror (err));
goto leave;
}
leave:
es_fclose (infp);
release_uri_item_list (puri);
xfree (filter);
nvc_release (nvc);
return result;
}
/* Return the baseDN for URI which might have already been cached for
* this session. */
static char *
@ -2824,6 +2999,7 @@ ks_ldap_query (ctrl_t ctrl, parsed_uri_t uri, unsigned int ks_get_flags,
LDAP *ldap_conn = NULL;
char *basedn = NULL;
estream_t fp = NULL;
char *filter_arg_buffer = NULL;
char *filter = NULL;
int scope = LDAP_SCOPE_SUBTREE;
LDAPMessage *message = NULL;
@ -2839,6 +3015,20 @@ ks_ldap_query (ctrl_t ctrl, parsed_uri_t uri, unsigned int ks_get_flags,
if ((!filter_arg || !*filter_arg) && (ks_get_flags & KS_GET_FLAG_ROOTDSE))
filter_arg = "^&base&(objectclass=*)";
if ((ks_get_flags & KS_GET_FLAG_SUBST)
&& filter_arg && strchr (filter_arg, '$'))
{
filter_arg_buffer = substitute_vars (filter_arg, getval_for_filter, ctrl);
if (!filter_arg_buffer)
{
err = gpg_error_from_syserror ();
log_error ("substituting filter variables failed: %s\n",
gpg_strerror (err));
goto leave;
}
filter_arg = filter_arg_buffer;
}
err = ks_ldap_prepare_my_state (ctrl, ks_get_flags, &first_mode, &next_mode);
if (err)
goto leave;
@ -3048,6 +3238,7 @@ ks_ldap_query (ctrl_t ctrl, parsed_uri_t uri, unsigned int ks_get_flags,
ldap_unbind (ldap_conn);
xfree (filter);
xfree (filter_arg_buffer);
return err;
}

2
dirmngr/ks-engine.h
View File

@ -29,6 +29,7 @@
#define KS_GET_FLAG_NEXT 4
#define KS_GET_FLAG_ONLY_AD 8 /* Do this only if we have an AD. */
#define KS_GET_FLAG_ROOTDSE 16 /* Get the rootDSE. */
#define KS_GET_FLAG_SUBST 32 /* Substiture variables. */
/*-- ks-action.c --*/
@ -70,6 +71,7 @@ gpg_error_t ks_kdns_help (ctrl_t ctrl, parsed_uri_t uri);
gpg_error_t ks_kdns_fetch (ctrl_t ctrl, parsed_uri_t uri, estream_t *r_fp);
/*-- ks-engine-ldap.c --*/
void ks_ldap_help_variables (ctrl_t ctrl);
gpg_error_t ks_ldap_help (ctrl_t ctrl, parsed_uri_t uri);
void ks_ldap_free_state (struct ks_engine_ldap_local_s *state);
gpg_error_t ks_ldap_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,

66
dirmngr/server.c
View File

@ -32,6 +32,13 @@
#include <sys/stat.h>
#include <unistd.h>
#include <errno.h>
#ifdef HAVE_W32_SYSTEM
# ifndef WINVER
# define WINVER 0x0500 /* Same as in common/sysutils.c */
# endif
# include <winsock2.h>
# include <sddl.h>
#endif
#include "dirmngr.h"
#include <assuan.h>
@ -2701,15 +2708,21 @@ cmd_ks_put (assuan_context_t ctx, char *line)
static const char hlp_ad_query[] =
"AD_QUERY [--first|--next] [--] <filter_expression> \n"
"AD_QUERY [--first|--next] [--] <filter> \n"
"\n"
"Query properties from a Windows Active Directory.\n"
"Our extended filter syntax may be used for the filter\n"
"expression; see gnupg/dirmngr/ldap-misc.c. There are\n"
"a couple of other options available:\n\n"
" --rootdse - Query the root using serverless binding,\n"
"Options:\n"
"\n"
" --rootdse - Query the root using serverless binding,\n"
" --subst - Substitute variables in the filter\n"
" --attr=<attribs> - Comma delimited list of attributes\n"
" to return.\n"
" --help - List supported variables\n"
"\n"
"Extended filter syntax is allowed:\n"
" ^[<base>][&<scope>]&[<filter>]\n"
"Usual escaping rules apply. An ampersand in <base> must\n"
"doubled. <scope> may be \"base\", \"one\", or \"sub\"."
;
static gpg_error_t
cmd_ad_query (assuan_context_t ctx, char *line)
@ -2723,6 +2736,7 @@ cmd_ad_query (assuan_context_t ctx, char *line)
char **opt_attr = NULL;
const char *s;
gnupg_isotime_t opt_newer;
int opt_help = 0;
*opt_newer = 0;
@ -2733,6 +2747,10 @@ cmd_ad_query (assuan_context_t ctx, char *line)
flags |= KS_GET_FLAG_NEXT;
if (has_option (line, "--rootdse"))
flags |= KS_GET_FLAG_ROOTDSE;
if (has_option (line, "--subst"))
flags |= KS_GET_FLAG_SUBST;
if (has_option (line, "--help"))
opt_help = 1;
if ((s = option_value (line, "--newer"))
&& !string2isotime (opt_newer, s))
{
@ -2756,6 +2774,13 @@ cmd_ad_query (assuan_context_t ctx, char *line)
line = skip_options (line);
filter = line;
if (opt_help)
{
ks_ldap_help_variables (ctrl);
err = 0;
goto leave;
}
if ((flags & KS_GET_FLAG_NEXT))
{
if (*filter || (flags & ~KS_GET_FLAG_NEXT))
@ -2907,14 +2932,39 @@ cmd_getinfo (assuan_context_t ctx, char *line)
{
const char *s = getenv (line);
if (!s)
err = set_error (GPG_ERR_NOT_FOUND, "No such envvar");
else
err = assuan_send_data (ctx, s, strlen (s));
{
err = set_error (GPG_ERR_NOT_FOUND, "No such envvar");
goto leave;
}
err = assuan_send_data (ctx, s, strlen (s));
}
}
#ifdef HAVE_W32_SYSTEM
else if (!strcmp (line, "sid"))
{
PSID mysid;
char *sidstr;
mysid = w32_get_user_sid ();
if (!mysid)
{
err = set_error (GPG_ERR_NOT_FOUND, "Error getting my SID");
goto leave;
}
if (!ConvertSidToStringSid (mysid, &sidstr))
{
err = set_error (GPG_ERR_BUG, "Error converting SID to a string");
goto leave;
}
err = assuan_send_data (ctx, sidstr, strlen (sidstr));
LocalFree (sidstr);
}
#endif /*HAVE_W32_SYSTEM*/
else
err = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT");
leave:
return leave_cmd (ctx, err);
}

1
dirmngr/t-http-basic.c
View File

@ -165,6 +165,7 @@ test_http_prepare_redirect (void)
ri.silent = 1;
ri.redirects_left = 1;
ri.orig_url = tests[tidx].url;
ri.restrict_redir = 1; /* This is what we used to test here. */
err = http_prepare_redirect (&ri, 301, tests[tidx].location, &newurl);
if (err && newurl)

17
doc/dirmngr.texi
View File

@ -167,6 +167,14 @@ Append all logging output to @var{file}. This is very helpful in
seeing what the agent actually does. Use @file{socket://} to log to
socket.
@item --compatibility-flags @var{flags}
@opindex compatibility-flags
Set compatibility flags to work around certain problems or to emulate
bugs. The @var{flags} are given as a comma separated list of flag
names and are OR-ed together. The special flag "none" clears the list
and allows to start over with an empty list. To get a list of
available flags the sole word "help" can be used.
@item --debug-level @var{level}
@opindex debug-level
Select the debug level for investigating problems. @var{level} may be a
@ -590,6 +598,15 @@ won't be rejected due to an unknown critical extension. Use this
option with care because extensions are usually flagged as critical
for a reason.
@item --ignore-crl-extension @var{oid}
@opindex ignore-crl-extension
Add @var{oid} to the list of ignored CRL extensions. The @var{oid} is
expected to be in dotted decimal form. Critical flagged CRL
extensions matching one of the OIDs in the list are treated as if they
are actually handled and thus the certificate won't be rejected due to
an unknown critical extension. Use this option with care because
extensions are usually flagged as critical for a reason.
@item --ignore-cert @var{fpr}|@var{file}
@opindex ignore-cert
Entirely ignore certificates with the fingerprint @var{fpr}. As an

25
doc/gpg.texi
View File

@ -1675,24 +1675,29 @@ prevent the creation of a @file{~/.gnupg} homedir.
@item -z @var{n}
@itemx --compress-level @var{n}
@itemx --bzip2-compress-level @var{n}
@itemx --no-compress
@opindex compress-level
@opindex bzip2-compress-level
@opindex no-compress
Set compression level to @var{n} for the ZIP and ZLIB compression
algorithms. The default is to use the default compression level of zlib
(normally 6). @option{--bzip2-compress-level} sets the compression level
for the BZIP2 compression algorithm (defaulting to 6 as well). This is a
different option from @option{--compress-level} since BZIP2 uses a
significant amount of memory for each additional compression level.
@option{-z} sets both. A value of 0 for @var{n} disables compression.
A value of -1 forces compression using the default level.
Option @option{-z} sets both. A value of 0 for @var{n} disables
compression. A value of -1 forces compression using the default
level. Option @option{--no-compress} is identical to @option{-z0}.
Except for the @option{--store} command compression is always used
unless @command{gpg} detects that the input is already compressed. To
inhibit the use of compression use @option{-z0}; to force compression
use @option{-z-1} or option @option{z} with another compression level
than the default as indicated by -1. Note that this overriding of the
default deection works only with @option{z} and not with the long
variant of this option.
inhibit the use of compression use @option{-z0} or
@option{--no-compress}; to force compression use @option{-z-1} or
option @option{z} with another compression level than the default as
indicated by -1. Note that this overriding of the default deection
works only with @option{z} and not with the long variant of this
option.
@item --bzip2-decompress-lowmem
@ -2671,6 +2676,12 @@ The available properties are:
created. The second is the same but given as an ISO string,
e.g. "2016-08-17". (drop-subkey)
@item key_expires
@itemx key_expires_d
The expiration time of a public key or subkey or 0 if it does not
expire. The second is the same but given as an ISO date string or
an empty string e.g. "2038-01-19".
@item fpr
The hexified fingerprint of the current subkey or primary key.
(drop-subkey)

10
doc/gpgsm.texi
View File

@ -554,6 +554,13 @@ Assume the input data is plain base-64 encoded.
@opindex assume-binary
Assume the input data is binary encoded.
@item --input-size-hint @var{n}
@opindex input-size-hint
This option can be used to tell GPGSM the size of the input data in
bytes. @var{n} must be a positive base-10 number. It is used by the
@option{--status-fd} line ``PROGRESS'' to provide a value for
``total'' if that is not available by other means.
@anchor{option --p12-charset}
@item --p12-charset @var{name}
@opindex p12-charset
@ -1721,6 +1728,9 @@ If @var{value} is true or @var{value} is not given all network access
is disabled for this session. This is the same as the command line
option @option{--disable-dirmngr}.
@item input-size-hint
This is the same as the @option{--input-size-hint} command line option.
@end table
@mansect see also

6
doc/tools.texi
View File

@ -2049,6 +2049,12 @@ default is to take the directory name from the input filename. If no
input filename is known a directory named @file{GPGARCH} is used.
This option is deprecated in favor of option @option{--directory}.
@item --no-compress
@opindex no-compress
This option tells gpg to disable compression (i.e. using option -z0).
It is useful for archiving only large files which are are already
compressed (e.g. a set of videos).
@item --gpg @var{gpgcmd}
@opindex gpg
Use the specified command @var{gpgcmd} instead of @command{gpg}.

4
doc/wks.texi
View File

@ -216,12 +216,14 @@ addrspec, e.g. "postel@@isi.edu") per line. Empty lines and lines
starting with a '#' are ignored.
@item --add-revocs
@itemx --no-add-revocs
@opindex add-revocs
@opindex no-add-revocs
If enabled append revocation certificates for the same addrspec as
used in the WKD to the key. Modern gpg version are able to import and
apply them for existing keys. Note that when used with the
@option{--mirror} command the revocation are searched in the local
keyring and not in an LDAP directory.
keyring and not in an LDAP directory. The default is @option{--add-revocs}.
@item --verbose
@opindex verbose

14
g10/build-packet.c
View File

@ -991,12 +991,20 @@ do_plaintext( IOBUF out, int ctb, PKT_plaintext *pt )
if (nbytes == (size_t)(-1)
&& (iobuf_error (out) || iobuf_error (pt->buf)))
return iobuf_error (out)? iobuf_error (out):iobuf_error (pt->buf);
/* Always get the error to catch write errors because
* iobuf_copy does not reliable return (-1) in that case. */
rc = iobuf_error (out);
if(ctb_new_format_p (ctb) && !pt->len)
/* Turn off partial body length mode. */
iobuf_set_partial_body_length_mode (out, 0);
if( pt->len && nbytes != pt->len )
log_error("do_plaintext(): wrote %lu bytes but expected %lu bytes\n",
(ulong)nbytes, (ulong)pt->len );
if (pt->len && nbytes != pt->len)
{
log_error ("do_plaintext(): wrote %lu bytes"
" but expected %lu bytes\n",
(ulong)nbytes, (ulong)pt->len );
if (!rc) /* Just in case no error was set */
rc = gpg_error (GPG_ERR_EIO);
}
}
return rc;

15
g10/encrypt.c
View File

@ -559,12 +559,12 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
if ( !iobuf_is_pipe_filename (filename) && *filename && !opt.textmode )
{
off_t tmpsize;
int overflow;
uint64_t tmpsize;
if ( !(tmpsize = iobuf_get_filelength(inp, &overflow))
&& !overflow && opt.verbose)
tmpsize = iobuf_get_filelength(inp);
if (!tmpsize && opt.verbose)
log_info(_("WARNING: '%s' is an empty file\n"), filename );
/* We can't encode the length of very large files because
OpenPGP uses only 32 bit for file sizes. So if the
size of a file is larger than 2^32 minus some bytes for
@ -903,11 +903,10 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
if (filename && *filename
&& !iobuf_is_pipe_filename (filename) && !opt.textmode )
{
off_t tmpsize;
int overflow;
uint64_t tmpsize;
if ( !(tmpsize = iobuf_get_filelength(inp, &overflow))
&& !overflow && opt.verbose)
tmpsize = iobuf_get_filelength (inp);
if (!tmpsize && opt.verbose)
log_info(_("WARNING: '%s' is an empty file\n"), filename );
/* We can't encode the length of very large files because
OpenPGP uses only 32 bit for file sizes. So if the size

6
g10/filter.h
View File

@ -155,9 +155,9 @@ typedef struct {
typedef struct {
char *what; /* description */
u32 last_time; /* last time reported */
unsigned long last; /* last amount reported */
unsigned long offset; /* current amount */
unsigned long total; /* total amount */
uint64_t last; /* last amount reported */
uint64_t offset; /* current amount */
uint64_t total; /* total amount */
int refcount;
} progress_filter_context_t;

15
g10/gpg.c
View File

@ -259,6 +259,7 @@ enum cmd_and_opt_values
oCipherAlgo,
oDigestAlgo,
oCertDigestAlgo,
oNoCompress,
oCompressAlgo,
oCompressLevel,
oBZ2CompressLevel,
@ -697,6 +698,7 @@ static gpgrt_opt_t opts[] = {
ARGPARSE_s_n (oLockOnce, "lock-once", "@"),
ARGPARSE_s_n (oLockMultiple, "lock-multiple", "@"),
ARGPARSE_s_n (oLockNever, "lock-never", "@"),
ARGPARSE_s_n (oNoCompress, "no-compress", "@"),
ARGPARSE_s_s (oCompressAlgo,"compress-algo", "@"),
ARGPARSE_s_s (oCompressAlgo, "compression-algo", "@"), /* Alias */
ARGPARSE_s_n (oBZ2DecompressLowmem, "bzip2-decompress-lowmem", "@"),
@ -3238,6 +3240,11 @@ main (int argc, char **argv)
opt.compress_level = opt.bz2_compress_level = pargs.r.ret_int;
opt.explicit_compress_option = 1;
break;
case oNoCompress:
/* --no-compress is the same as -z0 */
opt.compress_level = opt.bz2_compress_level = 0;
opt.explicit_compress_option = 1;
break;
case oCompressLevel: opt.compress_level = pargs.r.ret_int; break;
case oBZ2CompressLevel: opt.bz2_compress_level = pargs.r.ret_int; break;
case oBZ2DecompressLowmem: opt.bz2_decompress_lowmem=1; break;
@ -3499,7 +3506,13 @@ main (int argc, char **argv)
case oAllowFreeformUID: opt.allow_freeform_uid = 1; break;
case oNoAllowFreeformUID: opt.allow_freeform_uid = 0; break;
case oNoLiteral: opt.no_literal = 1; break;
case oSetFilesize: opt.set_filesize = pargs.r.ret_ulong; break;
case oSetFilesize:
/* There are restricts on the value (e.g. < 2^32); you
* need to check the entire code to understand this. */
opt.set_filesize = pargs.r.ret_ulong;
break;
case oFastListMode: opt.fast_list_mode = 1; break;
case oFixedListMode: /* Dummy */ break;
case oLegacyListMode: opt.legacy_list_mode = 1; break;

14
g10/import.c
View File

@ -1564,6 +1564,20 @@ impex_filter_getval (void *cookie, const char *propname)
{
result = dateonlystr_from_pk (pk);
}
else if (!strcmp (propname, "key_expires"))
{
snprintf (numbuf, sizeof numbuf, "%lu", (ulong)pk->expiredate);
result = numbuf;
}
else if (!strcmp (propname, "key_expires_d"))
{
static char exdatestr[MK_DATESTR_SIZE];
if (pk->expiredate)
result = mk_datestr (exdatestr, sizeof exdatestr, pk->expiredate);
else
result = "";
}
else if (!strcmp (propname, "expired"))
{
result = pk->has_expired? "1":"0";

2
g10/keygen.c
View File

@ -56,7 +56,7 @@
/* When generating keys using the streamlined key generation dialog,
use this as a default expiration interval. */
const char *default_expiration_interval = "2y";
const char *default_expiration_interval = "3y";
/* Flag bits used during key generation. */
#define KEYGEN_FLAG_NO_PROTECTION 1

18
g10/photoid.c
View File

@ -164,12 +164,11 @@ generate_photo_id (ctrl_t ctrl, PKT_public_key *pk,const char *photo_name)
{
PKT_user_id *uid;
int error=1,i;
unsigned int len;
uint64_t len;
char *filename;
byte *photo=NULL;
byte header[16];
IOBUF file;
int overflow;
header[0]=0x10; /* little side of photo header length */
header[1]=0; /* big side of photo header length */
@ -237,11 +236,18 @@ generate_photo_id (ctrl_t ctrl, PKT_public_key *pk,const char *photo_name)
}
len=iobuf_get_filelength(file, &overflow);
if(len>6144 || overflow)
len = iobuf_get_filelength(file);
if(len>6144)
{
tty_printf( _("This JPEG is really large (%d bytes) !\n"),len);
if(!cpr_get_answer_is_yes("photoid.jpeg.size",
/* We silently skip JPEGs larger than 1MiB because we have a
* 2MiB limit on the user ID packets and we need some limit
* anyway because the returned u64 is larger than the u32 or
* OpenPGP. Note that the diagnostic may print a wrong
* value if the value is really large; we don't fix this to
* avoid a string change. */
tty_printf( _("This JPEG is really large (%d bytes) !\n"), (int)len);
if(len > 1024*1024
|| !cpr_get_answer_is_yes("photoid.jpeg.size",
_("Are you sure you want to use it? (y/N) ")))
{
iobuf_close(file);

15
g10/progress.c
View File

@ -72,13 +72,11 @@ release_progress_context (progress_filter_context_t *pfx)
static void
write_status_progress (const char *what,
unsigned long current, unsigned long total_arg)
write_status_progress (const char *what, uint64_t current, uint64_t total)
{
char buffer[60];
char units[] = "BKMGTPEZY?";
int unitidx = 0;
uint64_t total = total_arg;
/* Although we use an unsigned long for the values, 32 bit
* applications using GPGME will use an "int" and thus are limited
@ -91,7 +89,10 @@ write_status_progress (const char *what,
* to display how many percent of the operation has been done and
* thus scaling CURRENT and TOTAL down before they get to large,
* should not have a noticeable effect except for rounding
* imprecision. */
* imprecision.
* Update 2023-06-13: We now use uint64_t but to keep the API stable
* we still do the scaling.
*/
if (!total && opt.input_size_hint)
total = opt.input_size_hint;
@ -121,7 +122,7 @@ write_status_progress (const char *what,
unitidx = 9;
snprintf (buffer, sizeof buffer, "%.20s ? %lu %lu %c%s",
what? what : "?", current, (unsigned long)total,
what? what : "?", (unsigned long)current, (unsigned long)total,
units[unitidx],
unitidx? "iB" : "");
write_status_text (STATUS_PROGRESS, buffer);
@ -181,7 +182,7 @@ progress_filter (void *opaque, int control,
void
handle_progress (progress_filter_context_t *pfx, IOBUF inp, const char *name)
{
off_t filesize = 0;
uint64_t filesize = 0;
if (!pfx)
return;
@ -190,7 +191,7 @@ handle_progress (progress_filter_context_t *pfx, IOBUF inp, const char *name)
log_assert (is_status_enabled ());
if ( !iobuf_is_pipe_filename (name) && *name )
filesize = iobuf_get_filelength (inp, NULL);
filesize = iobuf_get_filelength (inp);
else if (opt.set_filesize)
filesize = opt.set_filesize;

7
g10/sign.c
View File

@ -823,11 +823,10 @@ write_plaintext_packet (iobuf_t out, iobuf_t inp,
/* Try to calculate the length of the data. */
if ( !iobuf_is_pipe_filename (fname) && *fname)
{
off_t tmpsize;
int overflow;
uint64_t tmpsize;
if (!(tmpsize = iobuf_get_filelength (inp, &overflow))
&& !overflow && opt.verbose)
tmpsize = iobuf_get_filelength (inp);
if (!tmpsize && opt.verbose)
log_info (_("WARNING: '%s' is an empty file\n"), fname);
/* We can't encode the length of very large files because

8
kbx/kbxserver.c
View File

@ -946,9 +946,15 @@ kbxd_start_command_handler (ctrl_t ctrl, gnupg_fd_t fd, unsigned int session_id)
}
else
{
/* The fd-passing does not work reliable on Windows, and even it
* it is not used by gpg and gpgsm the current libassuan slows
* down things if it is allowed for the server.*/
rc = assuan_init_socket_server (ctx, fd,
(ASSUAN_SOCKET_SERVER_ACCEPTED
|ASSUAN_SOCKET_SERVER_FDPASSING));
#ifndef HAVE_W32_SYSTEM
|ASSUAN_SOCKET_SERVER_FDPASSING
#endif
));
}
if (rc)

14
po/ca.po
View File

@ -784,11 +784,6 @@ msgstr ""
msgid "Wrong"
msgstr ""
#, fuzzy, c-format
#| msgid "error reading `%s': %s\n"
msgid "error renaming '%s' to '%s': %s\n"
msgstr "error en la lectura de «%s»: %s\n"
#, c-format
msgid "Note: This passphrase has never been changed.%0APlease change it now."
msgstr ""
@ -4116,6 +4111,10 @@ msgstr ""
msgid "You may want to change its expiration date too.\n"
msgstr "No podeu canviar la data de caducitat de les claus v3\n"
#, c-format
msgid "WARNING: No valid encryption subkey left over.\n"
msgstr ""
# Photo ID com abans. ivb
msgid ""
"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
@ -8289,6 +8288,11 @@ msgstr ""
msgid "failed to create temporary cache dir file '%s': %s\n"
msgstr "no es pot crear el directori «%s»: %s\n"
#, fuzzy, c-format
#| msgid "error reading `%s': %s\n"
msgid "error renaming '%s' to '%s': %s\n"
msgstr "error en la lectura de «%s»: %s\n"
# No em passe! ;) ivb
#, fuzzy, c-format
msgid "can't hash '%s': %s\n"

83
po/cs.po
View File

@ -4,7 +4,7 @@
# Magda Procházková <magda@math.muni.cz> 2001,
# Roman Pavlik <rp@tns.cz> 2001, 2002, 2003, 2004, 2005.
# Petr Pisar <petr.pisar@atlas.cz>, 2009, 2010, 2011, 2013, 2014, 2015, 2016.
# Petr Pisar <petr.pisar@atlas.cz>, 2017, 2018, 2019, 2020, 2021, 2022.
# Petr Pisar <petr.pisar@atlas.cz>, 2017, 2018, 2019, 2020, 2021, 2022, 2023.
#
# A "%%0A" is used by Pinentry to insert a line break. The double percent
# sign is actually needed because it is also a printf format string. If you
@ -26,6 +26,7 @@
# kvalifikovaný certifikát/podpis
#
# action → způsob užití (klíče)
# additional decryption subkey → dodatečný dešifrovací klíč
# administrator → správce
# cache → keš
# compliance rules → pravidla normy
@ -38,9 +39,9 @@
#
msgid ""
msgstr ""
"Project-Id-Version: gnupg2 2.3.8\n"
"Project-Id-Version: gnupg2 2.4.2\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"PO-Revision-Date: 2022-11-13 14:21+01:00\n"
"PO-Revision-Date: 2023-06-03 15:45+02:00\n"
"Last-Translator: Petr Pisar <petr.pisar@atlas.cz>\n"
"Language-Team: Czech <gnupg-i18n@gnupg.org>\n"
"Language: cs\n"
@ -153,11 +154,10 @@ msgstr "Heslo:"
msgid "does not match - try again"
msgstr "neshodují se  zkuste to znovu"
#, fuzzy
#| msgid "Passphrase"
msgid "Passphrases match."
msgstr "Heslo"
msgstr "Heslo se shoduje."
# TODO: Pluralize
#. TRANSLATORS: The string is appended to an error message in
#. the pinentry. The %s is the actual error message, the
#. two %d give the current and maximum number of tries.
@ -423,7 +423,7 @@ msgid "enable putty support"
msgstr "zapnout podporu pro PuTTY"
msgid "enable Win32-OpenSSH support"
msgstr "zapnout podporu pro Win32-OpenSSH"
msgstr "zapnout podporu Win32-OpenSSH"
msgid "Options controlling the security"
msgstr "Volby ovlivňující bezpečnost"
@ -761,10 +761,6 @@ msgstr "V pořádku"
msgid "Wrong"
msgstr "Špatně"
#, c-format
msgid "error renaming '%s' to '%s': %s\n"
msgstr "chyba při přejmenování „%s“ na „%s“: %s\n"
#, c-format
msgid "Note: This passphrase has never been changed.%0APlease change it now."
msgstr "Poznámka: Toto heslo nikdy nebylo změněno.%0AProsím, nyní jej změňte."
@ -1435,7 +1431,7 @@ msgstr "vyžadováno"
#, c-format
msgid "Please try command \"%s\" if the listing does not look correct\n"
msgstr ""
msgstr "Pokud výpis nevypadá v pořádku, zkuste příkaz „%s“\n"
msgid "Error: Only plain ASCII is currently allowed.\n"
msgstr "Chyba: V současné verzi je povolenou pouze plain ASCII.\n"
@ -1701,7 +1697,7 @@ msgid "change the User Interaction Flag"
msgstr "změní příznak interakce uživatele (UIF)"
msgid "switch to the OpenPGP app"
msgstr ""
msgstr "přepne do aplikace OpenPGP"
msgid "gpg/card> "
msgstr "gpg/karta> "
@ -1829,7 +1825,7 @@ msgstr "chyba při vytváření hesla: %s\n"
#, c-format
msgid "can't use a SKESK packet due to the S2K mode\n"
msgstr "v režimu S2K nelze použít symetrický ESK paket\n"
msgstr "v režimu S2K nelze použít SKESK paket\n"
#, c-format
msgid "using cipher %s.%s\n"
@ -1899,18 +1895,14 @@ msgstr "odstranit nepoužitelné části z klíče při exportu"
msgid "remove as much as possible from key during export"
msgstr "odstranit při exportu z klíče vše, co lze"
#, fuzzy
#| msgid "generate a revocation certificate"
msgid "export only revocation certificates"
msgstr "vytvořit revokační certifikát"
msgstr "exportovat pouze revokační certifikáty"
msgid "use the GnuPG key backup format"
msgstr "použít záložní formát klíče GnuPG"
#, fuzzy
#| msgid "exporting secret keys not allowed\n"
msgid "export secret keys using the GnuPG format"
msgstr "exportování tajného klíče není povoleno\n"
msgstr "exportovat tajné klíče do formátu GnuPG"
msgid " - skipped"
msgstr "  přeskočeno"
@ -2346,10 +2338,8 @@ msgstr "ukazovat odvolané a prošlé ID uživatelů při výpisu klíčů"
msgid "show revoked and expired subkeys in key listings"
msgstr "ukazovat odvolané a prošlé podklíče při výpisu klíčů"
#, fuzzy
#| msgid "show expiration dates during signature listings"
msgid "show signatures with invalid algorithms during signature listings"
msgstr "ukazovat data expirace během výpisu podpisů"
msgstr "ukazovat podpisy s neplatnými algoritmy během výpisu podpisů"
msgid "show the keyring name in key listings"
msgstr "ukazovat název souboru s klíči při výpisu klíčů"
@ -2357,10 +2347,8 @@ msgstr "ukazovat název souboru s klíči při výpisu klíčů"
msgid "show expiration dates during signature listings"
msgstr "ukazovat data expirace během výpisu podpisů"
#, fuzzy
#| msgid "list preferences (expert)"
msgid "show preferences"
msgstr "vypsat seznam předvoleb (pro experty)"
msgstr "vypsat předvolby"
#, c-format
msgid "unknown TOFU policy '%s'\n"
@ -2968,7 +2956,7 @@ msgstr "klíč %s: chyba při odesílání dat agentovi: %s\n"
#, c-format
msgid "key %s: card reference is overridden by key material\n"
msgstr ""
msgstr "klíč %s: odkaz na kartu je přebit hodnotou klíče\n"
#. TRANSLATORS: For a smartcard, each private key on host has a
#. * reference (stub) to a smartcard and actual private key data
@ -3485,10 +3473,8 @@ msgstr "smazat vybrané podklíče"
msgid "add a revocation key"
msgstr "přidat revokační klíč"
#, fuzzy
#| msgid "Data decryption succeeded"
msgid "add an additional decryption subkey"
msgstr "Dešifrování dat uspělo"
msgstr "přidat dodatečný dešifrovací podklíč"
msgid "delete signatures from the selected user IDs"
msgstr "smazat podpisy z vybraných uživatelských ID"
@ -3551,11 +3537,10 @@ msgstr "Tajný klíč je dostupný.\n"
msgid "Secret subkeys are available.\n"
msgstr "Tajné podklíče jsou dostupné.\n"
#, fuzzy
#| msgid "Note: Only the secret part of the shown subkey will be deleted.\n"
msgid ""
"Note: the local copy of the secret key will only be deleted with \"save\".\n"
msgstr "Poznámka: Smazána bude pouze tajná část zobrazeného podklíče.\n"
msgstr ""
"Poznámka: Místní kopie tajného klíče bude smazána až s příkazem „save“.\n"
msgid "Need the secret key to do this.\n"
msgstr "Pro provedení této operace je potřeba tajný klíč.\n"
@ -3665,11 +3650,9 @@ msgstr "Uložit změny? (a/N) "
msgid "Quit without saving? (y/N) "
msgstr "Ukončit bez uložení? (a/N) "
# The first argument is a "key" or "subkey"
#, fuzzy, c-format
#| msgid "deleting secret %s failed: %s\n"
#, c-format
msgid "deleting copy of secret key failed: %s\n"
msgstr "smazání tajného %s se nezdařilo: %s\n"
msgstr "smazání kopie tajného klíče se nezdařilo: %s\n"
#, c-format
msgid "Key not changed so no update needed.\n"
@ -3809,6 +3792,10 @@ msgstr "POZOR: Vašemu šifrovacímu podklíči brzy vyprší platnost.\n"
msgid "You may want to change its expiration date too.\n"
msgstr "Dobu platnosti také můžete změnit.\n"
#, c-format
msgid "WARNING: No valid encryption subkey left over.\n"
msgstr "POZOR: Nezbyl žádný platný šifrovací podklíč.\n"
msgid ""
"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
"versions\n"
@ -3904,17 +3891,15 @@ msgid ""
msgstr "Jste si jistí, že tento klíč chcete pověřit odvoláním? (a/N) "
msgid "Enter the fingerprint of the additional decryption subkey: "
msgstr ""
msgstr "Zadejte otisk dodatečného dešifrovacího podklíče: "
#, fuzzy, c-format
#| msgid "(unless you specify the key by fingerprint)\n"
#, c-format
msgid "Did you specify the fingerprint of a subkey?\n"
msgstr "(dokud neurčíte klíč jeho otiskem)\n"
msgstr "Zadali jste otisk podklíče?\n"
#, fuzzy, c-format
#| msgid "Subkey %s is already revoked.\n"
#, c-format
msgid "key \"%s\" is already on this keyblock\n"
msgstr "Podklíč %s je již odvolán.\n"
msgstr "klíč „%s“ je již v tomto bloku klíče.\n"
msgid ""
"Are you sure you want to change the expiration time for multiple subkeys? (y/"
@ -7831,6 +7816,10 @@ msgstr "prosím, zjistěte příčinu a soubor ručně smažte\n"
msgid "failed to create temporary cache dir file '%s': %s\n"
msgstr "vytvoření dočasného kešového dir souboru „%s“ selhalo: %s\n"
#, c-format
msgid "error renaming '%s' to '%s': %s\n"
msgstr "chyba při přejmenování „%s“ na „%s“: %s\n"
#, c-format
msgid "can't hash '%s': %s\n"
msgstr "nelze vypočítat haš „%s“: %s\n"
@ -8991,9 +8980,6 @@ msgstr "Příkazy pro správu Yubikey"
msgid "manage the command history"
msgstr "spravuje historii příkazů"
#~ msgid "continuing verification anyway due to option %s\n"
#~ msgstr "přesto se pokračuje v ověřování kvůli volbě %s\n"
#~ msgid "selected AEAD algorithm is invalid\n"
#~ msgstr "vybraný algoritmus AEAD je neplatný\n"
@ -9003,6 +8989,9 @@ msgstr "spravuje historii příkazů"
#~ msgid "AEAD algorithm '%s' may not be used in %s mode\n"
#~ msgstr "AEAD algoritmus „%s“ se nesmí používat v režimu %s\n"
#~ msgid "continuing verification anyway due to option %s\n"
#~ msgstr "přesto se pokračuje v ověřování kvůli volbě %s\n"
#~ msgid "error writing to temporary file: %s\n"
#~ msgstr "chyba při zápisu do dočasného souboru: %s\n"

14
po/da.po
View File

@ -835,11 +835,6 @@ msgstr "Korrekt"
msgid "Wrong"
msgstr "Forkert"
#, fuzzy, c-format
#| msgid "error reading `%s': %s\n"
msgid "error renaming '%s' to '%s': %s\n"
msgstr "fejl ved læsning af »%s«: %s\n"
#, c-format
msgid "Note: This passphrase has never been changed.%0APlease change it now."
msgstr "Bemærk: Denne adgangsfrase er aldrig blevet ændret.%0AÆndr den nu."
@ -4129,6 +4124,10 @@ msgstr ""
msgid "You may want to change its expiration date too.\n"
msgstr "Du kan ikke ændre udløbsdatoen for en v3-nøgle\n"
#, c-format
msgid "WARNING: No valid encryption subkey left over.\n"
msgstr ""
msgid ""
"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
"versions\n"
@ -8372,6 +8371,11 @@ msgstr ""
msgid "failed to create temporary cache dir file '%s': %s\n"
msgstr "kunne ikke oprette midlertidig fil »%s«: %s\n"
#, fuzzy, c-format
#| msgid "error reading `%s': %s\n"
msgid "error renaming '%s' to '%s': %s\n"
msgstr "fejl ved læsning af »%s«: %s\n"
#, fuzzy, c-format
#| msgid "can't access `%s': %s\n"
msgid "can't hash '%s': %s\n"

15
po/de.po
View File

@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg-2.4.1\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"PO-Revision-Date: 2023-03-21 09:31+0100\n"
"PO-Revision-Date: 2023-05-30 13:46+0200\n"
"Last-Translator: Werner Koch <wk@gnupg.org>\n"
"Language-Team: German\n"
"Language: de\n"
@ -745,10 +745,6 @@ msgstr "Korrekt"
msgid "Wrong"
msgstr "Falsch"
#, c-format
msgid "error renaming '%s' to '%s': %s\n"
msgstr "Fehler beim Umbenennen von `%s` nach `%s': %s\n"
#, c-format
msgid "Note: This passphrase has never been changed.%0APlease change it now."
msgstr ""
@ -3834,6 +3830,11 @@ msgstr "WARNUNG: Ihr Unterschlüssel zum Verschlüsseln wird bald verfallen.\n"
msgid "You may want to change its expiration date too.\n"
msgstr "Bitte erwägen Sie, dessen Verfallsdatum auch zu ändern.\n"
#, c-format
msgid "WARNING: No valid encryption subkey left over.\n"
msgstr ""
"WARNUNG: Es sind keine Unterschlüssel zum Verschlüsseln mehr vorhanden.\n"
msgid ""
"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
"versions\n"
@ -7934,6 +7935,10 @@ msgstr ""
"Die temporäre Zwischenspeicherverzeichnisdatei `%s' konnte nicht erzeugt "
"werden: %s\n"
#, c-format
msgid "error renaming '%s' to '%s': %s\n"
msgstr "Fehler beim Umbenennen von `%s` nach `%s': %s\n"
#, c-format
msgid "can't hash '%s': %s\n"
msgstr "Hashwert von `%s' kann nicht gebildet werden: %s\n"

14
po/el.po
View File

@ -751,11 +751,6 @@ msgstr ""
msgid "Wrong"
msgstr ""
#, fuzzy, c-format
#| msgid "error reading `%s': %s\n"
msgid "error renaming '%s' to '%s': %s\n"
msgstr "σφάλμα κατά την ανάγνωση του `%s': %s\n"
#, c-format
msgid "Note: This passphrase has never been changed.%0APlease change it now."
msgstr ""
@ -4013,6 +4008,10 @@ msgstr ""
msgid "You may want to change its expiration date too.\n"
msgstr "Δεν μπορείτε να αλλάξετε την ημερομηνία λήξης σε ένα v3 κλειδί\n"
#, c-format
msgid "WARNING: No valid encryption subkey left over.\n"
msgstr ""
msgid ""
"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
"versions\n"
@ -8127,6 +8126,11 @@ msgstr ""
msgid "failed to create temporary cache dir file '%s': %s\n"
msgstr "αδυναμία δημιουργίας καταλόγου `%s': %s\n"
#, fuzzy, c-format
#| msgid "error reading `%s': %s\n"
msgid "error renaming '%s' to '%s': %s\n"
msgstr "σφάλμα κατά την ανάγνωση του `%s': %s\n"
#, fuzzy, c-format
msgid "can't hash '%s': %s\n"
msgstr "αδυναμία κλεισίματος του `%s': %s\n"

14
po/eo.po
View File

@ -750,11 +750,6 @@ msgstr ""
msgid "Wrong"
msgstr ""
#, fuzzy, c-format
#| msgid "error reading `%s': %s\n"
msgid "error renaming '%s' to '%s': %s\n"
msgstr "eraro dum legado de '%s': %s\n"
#, c-format
msgid "Note: This passphrase has never been changed.%0APlease change it now."
msgstr ""
@ -3986,6 +3981,10 @@ msgstr ""
msgid "You may want to change its expiration date too.\n"
msgstr "Vi ne povas ŝanĝi la daton de eksvalidiĝo de v3-ŝlosilo\n"
#, c-format
msgid "WARNING: No valid encryption subkey left over.\n"
msgstr ""
msgid ""
"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
"versions\n"
@ -8038,6 +8037,11 @@ msgstr ""
msgid "failed to create temporary cache dir file '%s': %s\n"
msgstr "%s: ne povas krei dosierujon: %s\n"
#, fuzzy, c-format
#| msgid "error reading `%s': %s\n"
msgid "error renaming '%s' to '%s': %s\n"
msgstr "eraro dum legado de '%s': %s\n"
#, fuzzy, c-format
msgid "can't hash '%s': %s\n"
msgstr "ne povas fermi '%s': %s\n"

13
po/es.po
View File

@ -788,10 +788,6 @@ msgstr "Correcto"
msgid "Wrong"
msgstr "Incorrecto"
#, c-format
msgid "error renaming '%s' to '%s': %s\n"
msgstr "error al renombrar '%s' a '%s': %s\n"
#, c-format
msgid "Note: This passphrase has never been changed.%0APlease change it now."
msgstr ""
@ -3886,6 +3882,11 @@ msgstr "AVISO: Tu subclave de cifrado caduca pronto.\n"
msgid "You may want to change its expiration date too.\n"
msgstr "Puede que también quieras cambiar su fecha de caducidad.\n"
#, fuzzy, c-format
#| msgid "WARNING: Your encryption subkey expires soon.\n"
msgid "WARNING: No valid encryption subkey left over.\n"
msgstr "AVISO: Tu subclave de cifrado caduca pronto.\n"
msgid ""
"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
"versions\n"
@ -7954,6 +7955,10 @@ msgstr "chequea el problema y borra este archivo manualmente\n"
msgid "failed to create temporary cache dir file '%s': %s\n"
msgstr "no se puede crear el fichero de cache '%s': %s\n"
#, c-format
msgid "error renaming '%s' to '%s': %s\n"
msgstr "error al renombrar '%s' a '%s': %s\n"
#, c-format
msgid "can't hash '%s': %s\n"
msgstr "no se puede hacer el hash de '%s': %s\n"

14
po/et.po
View File

@ -748,11 +748,6 @@ msgstr ""
msgid "Wrong"
msgstr ""
#, fuzzy, c-format
#| msgid "error reading `%s': %s\n"
msgid "error renaming '%s' to '%s': %s\n"
msgstr "viga `%s' lugemisel: %s\n"
#, c-format
msgid "Note: This passphrase has never been changed.%0APlease change it now."
msgstr ""
@ -3985,6 +3980,10 @@ msgstr ""
msgid "You may want to change its expiration date too.\n"
msgstr "v3 võtme aegumise aega ei saa muuta.\n"
#, c-format
msgid "WARNING: No valid encryption subkey left over.\n"
msgstr ""
msgid ""
"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
"versions\n"
@ -8044,6 +8043,11 @@ msgstr ""
msgid "failed to create temporary cache dir file '%s': %s\n"
msgstr "kataloogi `%s' ei õnnestu luua: %s\n"
#, fuzzy, c-format
#| msgid "error reading `%s': %s\n"
msgid "error renaming '%s' to '%s': %s\n"
msgstr "viga `%s' lugemisel: %s\n"
#, fuzzy, c-format
msgid "can't hash '%s': %s\n"
msgstr "`%s' ei õnnestu sulgeda: %s\n"

14
po/fi.po
View File

@ -765,11 +765,6 @@ msgstr ""
msgid "Wrong"
msgstr ""
#, fuzzy, c-format
#| msgid "error reading `%s': %s\n"
msgid "error renaming '%s' to '%s': %s\n"
msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
#, c-format
msgid "Note: This passphrase has never been changed.%0APlease change it now."
msgstr ""
@ -4009,6 +4004,10 @@ msgstr ""
msgid "You may want to change its expiration date too.\n"
msgstr "Et voi muuttaa v3-avainten vanhentumispäivää\n"
#, c-format
msgid "WARNING: No valid encryption subkey left over.\n"
msgstr ""
msgid ""
"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
"versions\n"
@ -8110,6 +8109,11 @@ msgstr ""
msgid "failed to create temporary cache dir file '%s': %s\n"
msgstr "hakemiston \"%s\" luominen ei onnistu: %s\n"
#, fuzzy, c-format
#| msgid "error reading `%s': %s\n"
msgid "error renaming '%s' to '%s': %s\n"
msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
#, fuzzy, c-format
msgid "can't hash '%s': %s\n"
msgstr "tiedostoa \"%s\" ei voi sulkea: %s\n"

13
po/fr.po
View File

@ -789,10 +789,6 @@ msgstr "Exact"
msgid "Wrong"
msgstr "Faux"
#, c-format
msgid "error renaming '%s' to '%s': %s\n"
msgstr "erreur en renommant « %s » en « %s » : %s\n"
#, c-format
msgid "Note: This passphrase has never been changed.%0APlease change it now."
msgstr ""
@ -4015,6 +4011,11 @@ msgstr "Attention : votre sous-clef de chiffrement expire bientôt.\n"
msgid "You may want to change its expiration date too.\n"
msgstr "Vous pourriez modifier aussi sa date dexpiration.\n"
#, fuzzy, c-format
#| msgid "WARNING: Your encryption subkey expires soon.\n"
msgid "WARNING: No valid encryption subkey left over.\n"
msgstr "Attention : votre sous-clef de chiffrement expire bientôt.\n"
msgid ""
"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
"versions\n"
@ -8258,6 +8259,10 @@ msgstr "veuillez vérifier la raison et effacer vous-même ce fichier\n"
msgid "failed to create temporary cache dir file '%s': %s\n"
msgstr "impossible de créer le répertoire de cache temporaire « %s » : %s\n"
#, c-format
msgid "error renaming '%s' to '%s': %s\n"
msgstr "erreur en renommant « %s » en « %s » : %s\n"
#, c-format
msgid "can't hash '%s': %s\n"
msgstr "impossible de hacher « %s » : %s\n"

14
po/gl.po
View File

@ -753,11 +753,6 @@ msgstr ""
msgid "Wrong"
msgstr ""
#, fuzzy, c-format
#| msgid "error reading `%s': %s\n"
msgid "error renaming '%s' to '%s': %s\n"
msgstr "erro lendo `%s': %s\n"
#, c-format
msgid "Note: This passphrase has never been changed.%0APlease change it now."
msgstr ""
@ -4009,6 +4004,10 @@ msgstr ""
msgid "You may want to change its expiration date too.\n"
msgstr "Non pode cambia-la data de expiración dunha chave v3\n"
#, c-format
msgid "WARNING: No valid encryption subkey left over.\n"
msgstr ""
msgid ""
"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
"versions\n"
@ -8118,6 +8117,11 @@ msgstr ""
msgid "failed to create temporary cache dir file '%s': %s\n"
msgstr "non se pode crea-lo directorio `%s': %s\n"
#, fuzzy, c-format
#| msgid "error reading `%s': %s\n"
msgid "error renaming '%s' to '%s': %s\n"
msgstr "erro lendo `%s': %s\n"
#, fuzzy, c-format
msgid "can't hash '%s': %s\n"
msgstr "non se pode pechar `%s': %s\n"

14
po/hu.po
View File

@ -748,11 +748,6 @@ msgstr ""
msgid "Wrong"
msgstr ""
#, fuzzy, c-format
#| msgid "error reading `%s': %s\n"
msgid "error renaming '%s' to '%s': %s\n"
msgstr "Hiba \"%s\" olvasásakor: %s\n"
#, c-format
msgid "Note: This passphrase has never been changed.%0APlease change it now."
msgstr ""
@ -3986,6 +3981,10 @@ msgstr ""
msgid "You may want to change its expiration date too.\n"
msgstr "Nem változtathatja meg egy v3 kulcs lejárati dátumát!\n"
#, c-format
msgid "WARNING: No valid encryption subkey left over.\n"
msgstr ""
msgid ""
"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
"versions\n"
@ -8071,6 +8070,11 @@ msgstr ""
msgid "failed to create temporary cache dir file '%s': %s\n"
msgstr "Nem tudom a \"%s\" könyvtárat létrehozni: %s.\n"
#, fuzzy, c-format
#| msgid "error reading `%s': %s\n"
msgid "error renaming '%s' to '%s': %s\n"
msgstr "Hiba \"%s\" olvasásakor: %s\n"
#, fuzzy, c-format
msgid "can't hash '%s': %s\n"
msgstr "Nem tudom bezárni a(z) \"%s\" állományt: %s.\n"

14
po/id.po
View File

@ -753,11 +753,6 @@ msgstr ""
msgid "Wrong"
msgstr ""
#, fuzzy, c-format
#| msgid "error reading `%s': %s\n"
msgid "error renaming '%s' to '%s': %s\n"
msgstr "kesalahan membaca `%s': %s\n"
#, c-format
msgid "Note: This passphrase has never been changed.%0APlease change it now."
msgstr ""
@ -3992,6 +3987,10 @@ msgstr ""
msgid "You may want to change its expiration date too.\n"
msgstr "Anda tidak dapat merubah batas waktu kunci v3\n"
#, c-format
msgid "WARNING: No valid encryption subkey left over.\n"
msgstr ""
msgid ""
"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
"versions\n"
@ -8070,6 +8069,11 @@ msgstr ""
msgid "failed to create temporary cache dir file '%s': %s\n"
msgstr "tidak dapat membuat direktori `%s': %s\n"
#, fuzzy, c-format
#| msgid "error reading `%s': %s\n"
msgid "error renaming '%s' to '%s': %s\n"
msgstr "kesalahan membaca `%s': %s\n"
#, fuzzy, c-format
msgid "can't hash '%s': %s\n"
msgstr "tidak dapat menutup `%s': %s\n"

13
po/it.po
View File

@ -737,10 +737,6 @@ msgstr "Corretto"
msgid "Wrong"
msgstr "Sbagliato"
#, c-format
msgid "error renaming '%s' to '%s': %s\n"
msgstr "errore durante la ridenominazione di '%s' in '%s': %s\n"
#, c-format
msgid "Note: This passphrase has never been changed.%0APlease change it now."
msgstr ""
@ -3826,6 +3822,11 @@ msgstr "AVVISO: la sottochiave di crittografia scade a breve.\n"
msgid "You may want to change its expiration date too.\n"
msgstr "Si consiglia di modificare anche la sua data di scadenza.\n"
#, fuzzy, c-format
#| msgid "WARNING: Your encryption subkey expires soon.\n"
msgid "WARNING: No valid encryption subkey left over.\n"
msgstr "AVVISO: la sottochiave di crittografia scade a breve.\n"
msgid ""
"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
"versions\n"
@ -7883,6 +7884,10 @@ msgstr "si prega di controllare il motivo ed eliminare manualmente quel file\n"
msgid "failed to create temporary cache dir file '%s': %s\n"
msgstr "impossibile creare il file dir della cache temporanea '%s': %s\n"
#, c-format
msgid "error renaming '%s' to '%s': %s\n"
msgstr "errore durante la ridenominazione di '%s' in '%s': %s\n"
#, c-format
msgid "can't hash '%s': %s\n"
msgstr "impossibile eseguire l'hashing '%s': %s\n"

8
po/ja.po
View File

@ -727,10 +727,6 @@ msgstr "正しい"
msgid "Wrong"
msgstr "誤り"
#, c-format
msgid "error renaming '%s' to '%s': %s\n"
msgstr "'%s'から'%s'へ名前変更のエラー: %s\n"
#, c-format
msgid "Note: This passphrase has never been changed.%0APlease change it now."
msgstr "注意: パスフレーズは変更されていません。%0A今、変更してください。"
@ -7588,6 +7584,10 @@ msgstr "理由を確認し、手動でそのファイルを削除してくださ
msgid "failed to create temporary cache dir file '%s': %s\n"
msgstr "一時キャッシュ・ディレクトリ・ファイル'%s'が作成できません: %s\n"
#, c-format
msgid "error renaming '%s' to '%s': %s\n"
msgstr "'%s'から'%s'へ名前変更のエラー: %s\n"
#, c-format
msgid "can't hash '%s': %s\n"
msgstr "'%s'をハッシュできません: %s\n"

13
po/nb.po
View File

@ -749,10 +749,6 @@ msgstr "Riktig"
msgid "Wrong"
msgstr "Feil"
#, c-format
msgid "error renaming '%s' to '%s': %s\n"
msgstr "klarte ikke å gi «%s» det nye navnet «%s»: %s\n"
#, c-format
msgid "Note: This passphrase has never been changed.%0APlease change it now."
msgstr ""
@ -3849,6 +3845,11 @@ msgstr "ADVARSEL: Undernøkkel for kryptering utløper snart.\n"
msgid "You may want to change its expiration date too.\n"
msgstr "Du bør vurdere å endre utløpsdato samtidig.\n"
#, fuzzy, c-format
#| msgid "WARNING: Your encryption subkey expires soon.\n"
msgid "WARNING: No valid encryption subkey left over.\n"
msgstr "ADVARSEL: Undernøkkel for kryptering utløper snart.\n"
msgid ""
"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
"versions\n"
@ -7873,6 +7874,10 @@ msgstr "kontroller årsaken og slett fila manuelt\n"
msgid "failed to create temporary cache dir file '%s': %s\n"
msgstr "klarte ikke å lage midlertidig hurtiglagermappe-fil «%s»: %s\n"
#, c-format
msgid "error renaming '%s' to '%s': %s\n"
msgstr "klarte ikke å gi «%s» det nye navnet «%s»: %s\n"
#, c-format
msgid "can't hash '%s': %s\n"
msgstr "klarte ikke å summere «%s»: %s\n"

13
po/pl.po
View File

@ -744,10 +744,6 @@ msgstr "Akceptuj"
msgid "Wrong"
msgstr "Odrzuć"
#, c-format
msgid "error renaming '%s' to '%s': %s\n"
msgstr "błąd zmiany nazwy ,,%s'' na ,,%s'': %s\n"
#, c-format
msgid "Note: This passphrase has never been changed.%0APlease change it now."
msgstr "Uwaga: To hasło nie było nigdy zmieniane.%0AProszę zmienić je teraz."
@ -3862,6 +3858,11 @@ msgstr "OSTRZEŻENIE: podklucz do szyfrowania wkrótce wygaśnie.\n"
msgid "You may want to change its expiration date too.\n"
msgstr "Może warto także zmienić jego datę ważności.\n"
#, fuzzy, c-format
#| msgid "WARNING: Your encryption subkey expires soon.\n"
msgid "WARNING: No valid encryption subkey left over.\n"
msgstr "OSTRZEŻENIE: podklucz do szyfrowania wkrótce wygaśnie.\n"
msgid ""
"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
"versions\n"
@ -7982,6 +7983,10 @@ msgstr ""
"nie udało się utworzyć pliku tymczasowego katalogu pamięci podręcznej ,,"
"%s'': %s\n"
#, c-format
msgid "error renaming '%s' to '%s': %s\n"
msgstr "błąd zmiany nazwy ,,%s'' na ,,%s'': %s\n"
#, c-format
msgid "can't hash '%s': %s\n"
msgstr "nie można policzyć skrótu ,,%s'': %s\n"

14
po/pt.po
View File

@ -752,11 +752,6 @@ msgstr ""
msgid "Wrong"
msgstr ""
#, fuzzy, c-format
#| msgid "error reading `%s': %s\n"
msgid "error renaming '%s' to '%s': %s\n"
msgstr "erro na leitura de `%s': %s\n"
#, c-format
msgid "Note: This passphrase has never been changed.%0APlease change it now."
msgstr ""
@ -3996,6 +3991,10 @@ msgstr ""
msgid "You may want to change its expiration date too.\n"
msgstr "Você não pode modificar a data de validade de uma chave v3\n"
#, c-format
msgid "WARNING: No valid encryption subkey left over.\n"
msgstr ""
msgid ""
"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
"versions\n"
@ -8067,6 +8066,11 @@ msgstr ""
msgid "failed to create temporary cache dir file '%s': %s\n"
msgstr "%s: impossível criar directoria: %s\n"
#, fuzzy, c-format
#| msgid "error reading `%s': %s\n"
msgid "error renaming '%s' to '%s': %s\n"
msgstr "erro na leitura de `%s': %s\n"
#, fuzzy, c-format
msgid "can't hash '%s': %s\n"
msgstr "impossível fechar `%s': %s\n"

14
po/ro.po
View File

@ -762,11 +762,6 @@ msgstr ""
msgid "Wrong"
msgstr ""
#, fuzzy, c-format
#| msgid "error reading `%s': %s\n"
msgid "error renaming '%s' to '%s': %s\n"
msgstr "eroare la citire `%s': %s\n"
#, c-format
msgid "Note: This passphrase has never been changed.%0APlease change it now."
msgstr ""
@ -4044,6 +4039,10 @@ msgstr ""
msgid "You may want to change its expiration date too.\n"
msgstr "Nu puteţi schimba data de expirare a unei chei v3\n"
#, c-format
msgid "WARNING: No valid encryption subkey left over.\n"
msgstr ""
msgid ""
"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
"versions\n"
@ -8193,6 +8192,11 @@ msgstr ""
msgid "failed to create temporary cache dir file '%s': %s\n"
msgstr "nu pot crea directorul `%s': %s\n"
#, fuzzy, c-format
#| msgid "error reading `%s': %s\n"
msgid "error renaming '%s' to '%s': %s\n"
msgstr "eroare la citire `%s': %s\n"
#, fuzzy, c-format
#| msgid "can't access `%s': %s\n"
msgid "can't hash '%s': %s\n"

13
po/ru.po
View File

@ -754,10 +754,6 @@ msgstr "Подтверждаю"
msgid "Wrong"
msgstr "Неверно"
#, c-format
msgid "error renaming '%s' to '%s': %s\n"
msgstr "ошибка переименования '%s' в '%s': %s\n"
#, c-format
msgid "Note: This passphrase has never been changed.%0APlease change it now."
msgstr ""
@ -3866,6 +3862,11 @@ msgstr "Внимание: Срок действия Вашего подключ
msgid "You may want to change its expiration date too.\n"
msgstr "Возможно, надо поменять также срок действия.\n"
#, fuzzy, c-format
#| msgid "WARNING: Your encryption subkey expires soon.\n"
msgid "WARNING: No valid encryption subkey left over.\n"
msgstr "Внимание: Срок действия Вашего подключа для шифрования истекает.\n"
msgid ""
"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
"versions\n"
@ -7942,6 +7943,10 @@ msgstr "выясните причину и удалите этот файл вр
msgid "failed to create temporary cache dir file '%s': %s\n"
msgstr "невозможно создание временного файла '%s': %s\n"
#, c-format
msgid "error renaming '%s' to '%s': %s\n"
msgstr "ошибка переименования '%s' в '%s': %s\n"
#, c-format
msgid "can't hash '%s': %s\n"
msgstr "невозможно получить хеш '%s': %s\n"

14
po/sk.po
View File

@ -753,11 +753,6 @@ msgstr ""
msgid "Wrong"
msgstr ""
#, fuzzy, c-format
#| msgid "error reading `%s': %s\n"
msgid "error renaming '%s' to '%s': %s\n"
msgstr "chyba pri čítaní `%s': %s\n"
#, c-format
msgid "Note: This passphrase has never been changed.%0APlease change it now."
msgstr ""
@ -4012,6 +4007,10 @@ msgstr ""
msgid "You may want to change its expiration date too.\n"
msgstr "Nemôžete zmeniť dobu platnosti kľúča verzie 3\n"
#, c-format
msgid "WARNING: No valid encryption subkey left over.\n"
msgstr ""
msgid ""
"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
"versions\n"
@ -8101,6 +8100,11 @@ msgstr ""
msgid "failed to create temporary cache dir file '%s': %s\n"
msgstr "nemôžem vytvoriť adresár `%s': %s\n"
#, fuzzy, c-format
#| msgid "error reading `%s': %s\n"
msgid "error renaming '%s' to '%s': %s\n"
msgstr "chyba pri čítaní `%s': %s\n"
#, fuzzy, c-format
msgid "can't hash '%s': %s\n"
msgstr "nemôžem zavrieť `%s': %s\n"

14
po/sv.po
View File

@ -851,11 +851,6 @@ msgstr "Korrekt"
msgid "Wrong"
msgstr "Fel"
#, fuzzy, c-format
#| msgid "error reading `%s': %s\n"
msgid "error renaming '%s' to '%s': %s\n"
msgstr "fel vid läsning av \"%s\": %s\n"
#, c-format
msgid "Note: This passphrase has never been changed.%0APlease change it now."
msgstr ""
@ -4194,6 +4189,10 @@ msgstr ""
msgid "You may want to change its expiration date too.\n"
msgstr "Du kan inte ändra giltighetsdatum för en v3-nyckel\n"
#, c-format
msgid "WARNING: No valid encryption subkey left over.\n"
msgstr ""
msgid ""
"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
"versions\n"
@ -8506,6 +8505,11 @@ msgstr ""
msgid "failed to create temporary cache dir file '%s': %s\n"
msgstr "misslyckades med att skapa temporärfilen \"%s\": %s\n"
#, fuzzy, c-format
#| msgid "error reading `%s': %s\n"
msgid "error renaming '%s' to '%s': %s\n"
msgstr "fel vid läsning av \"%s\": %s\n"
#, fuzzy, c-format
#| msgid "can't access `%s': %s\n"
msgid "can't hash '%s': %s\n"

147
po/tr.po
View File

@ -1,12 +1,12 @@
# Turkish translations for GnuPG messages.
# Nilgün Belma Bugüner <nilgun@belgeler.gen.tr>, 2001-2008,
# Emir SARI <emir_sari@icloud.com>, 2022
# Emir SARI <emir_sari@icloud.com>, 2022, 2023
#
msgid ""
msgstr ""
"Project-Id-Version: gnupg 2.3.4\n"
"Project-Id-Version: gnupg 2.4.0\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"PO-Revision-Date: 2022-04-23 15:00+0300\n"
"PO-Revision-Date: 2023-05-30 23:45+0300\n"
"Last-Translator: Emir SARI <emir_sari@icloud.com>\n"
"Language-Team: Turkish\n"
"Language: tr\n"
@ -14,7 +14,6 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
"X-Generator: KBabel 1.11.4\n"
#, c-format
msgid "failed to acquire the pinentry lock: %s\n"
@ -124,10 +123,8 @@ msgstr "Anahtar Parolası:"
msgid "does not match - try again"
msgstr "eşleşmiyor - yeniden deneyin"
#, fuzzy
#| msgid "Passphrase Entry"
msgid "Passphrases match."
msgstr "Anahtar Parolası Girişi"
msgstr "Anahtar parolaları eşleşiyor."
#. TRANSLATORS: The string is appended to an error message in
#. the pinentry. The %s is the actual error message, the
@ -325,7 +322,7 @@ msgstr "Yine de bunu kullan"
#, c-format
msgid "Please enter the passphrase to%0Aprotect your new key"
msgstr "Yeni anahtarınızı korumak için lütfen%0Aanahtar parolanızı girin"
msgstr "Yeni anahtarınızı korumak için lütfen anahtar%0Aparolanızı girin"
msgid "Please enter the new passphrase"
msgstr "Lütfen yeni anahtar parolasını girin"
@ -393,10 +390,8 @@ msgstr "|ALGO|ssh parmak izlerini göstermek için ALGO kullan"
msgid "enable putty support"
msgstr "putty desteğini etkinleştir"
#, fuzzy
#| msgid "enable putty support"
msgid "enable Win32-OpenSSH support"
msgstr "putty desteğini etkinleştir"
msgstr "Win32-OpenSSH desteğini etkinleştir"
msgid "Options controlling the security"
msgstr "Güvenliği denetleyen seçenekler"
@ -736,10 +731,6 @@ msgstr "Doğru"
msgid "Wrong"
msgstr "Yanlış"
#, c-format
msgid "error renaming '%s' to '%s': %s\n"
msgstr "'%s > '%s' olarak yeniden adlandırırken hata: %s\n"
#, c-format
msgid "Note: This passphrase has never been changed.%0APlease change it now."
msgstr ""
@ -763,22 +754,19 @@ msgid "Please insert the card with serial number"
msgstr "Lütfen seri numarayı içeren kartı takın"
# Check
#, fuzzy, c-format
#| msgid ""
#| "An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want "
#| "to allow this?"
#, c-format
msgid "Requested the use of key%%0A %s%%0A %s%%0ADo you want to allow this?"
msgstr ""
"Bir ssh işlemi,%%0A %s%%A (%s)%%0Aanahtarının kullanımı için istekte "
"bulundu. Buna izin vermek istiyor musunuz?"
"%%0A %s%%0A %s%%0Aanahtarının kullanımı için istekte bulunuldu. Buna izin "
"vermek istiyor musunuz?"
#, c-format
msgid ""
"Do you really want to delete the key identified by keygrip%%0A %s%%0A %%C"
"%%0A?"
msgstr ""
"Anahtar maşası tarafından tanımlanan şu anahtarı silmek istediğnizden emin "
"misiniz:%%0A %s%%0A %%C%%0A?"
"%%0A %s%%0A %%C%%0A anahtar maşası tarafından tanımlanan anahtarı silmek "
"istediğnizden emin misiniz?"
msgid "Delete key"
msgstr "Anahtarı sil"
@ -1419,7 +1407,7 @@ msgstr "zorlandı"
#, c-format
msgid "Please try command \"%s\" if the listing does not look correct\n"
msgstr ""
msgstr "Listeleme doğru görünmüyorsa lütfen \"%s\" komutunu deneyin\n"
msgid "Error: Only plain ASCII is currently allowed.\n"
msgstr "Hata: Şimdilik yalnızca US-ASCII mümkün.\n"
@ -1516,7 +1504,7 @@ msgstr "%u bite yuvarlandı\n"
#, c-format
msgid "%s keysizes must be in the range %u-%u\n"
msgstr "%s anahtar uzunlukları %u-%u eriminde olmalı\n"
msgstr "%s anahtar uzunlukları %u-%u eriminde olmalıdır\n"
msgid "Changing card key attribute for: "
msgstr "Şunun için anahtar özniteliği değiştiriliyor: "
@ -1531,7 +1519,7 @@ msgid "Authentication key\n"
msgstr "Kimlik doğrulama anahtarı\n"
msgid "Please select what kind of key you want:\n"
msgstr "Lütfen istediğiniz anahtar türünü seçiniz:\n"
msgstr "Lütfen istediğiniz anahtar türünü seçin:\n"
#, c-format
msgid " (%d) RSA\n"
@ -1574,7 +1562,7 @@ msgid "Note: keys are already stored on the card!\n"
msgstr "Not: Anahtarlar halihazırda kart üzerinde depolanıyor!\n"
msgid "Replace existing keys? (y/N) "
msgstr "Mevcut anahtarlar başkalarıyla değiştirilsin mi? (e/H) "
msgstr "Var olan anahtarlar başkalarıyla değiştirilsin mi? (e/H) "
#, c-format
msgid ""
@ -1587,7 +1575,7 @@ msgstr ""
"Bunları --change-pin komutunu kullanarak değiştirmelisiniz\n"
msgid "Please select the type of key to generate:\n"
msgstr "Lütfen üretilecek anahtar türünü seçiniz:\n"
msgstr "Lütfen üretilecek anahtar türünü seçin:\n"
msgid " (1) Signature key\n"
msgstr " (1) İmzalama anahtarı\n"
@ -1599,7 +1587,7 @@ msgid " (3) Authentication key\n"
msgstr " (3) Kimlik doğrulama anahtarı\n"
msgid "Please select where to store the key:\n"
msgstr "Lütfen anahtarın depolanacağı yeri seçiniz:\n"
msgstr "Lütfen anahtarın depolanacağı yeri seçin:\n"
#, c-format
msgid "KEYTOCARD failed: %s\n"
@ -1684,7 +1672,7 @@ msgid "change the User Interaction Flag"
msgstr "Kullanıcı etkileşim bayrağını değiştir"
msgid "switch to the OpenPGP app"
msgstr ""
msgstr "OpenPGP uygulamasına geç"
msgid "gpg/card> "
msgstr "gpg/card> "
@ -1803,10 +1791,9 @@ msgstr "UYARI: %s anahtarı, %s kipinde şifreleme için uygun değil\n"
msgid "error creating passphrase: %s\n"
msgstr "anahtar parolası oluşturulurken hata: %s\n"
#, fuzzy, c-format
#| msgid "can't use a symmetric ESK packet due to the S2K mode\n"
#, c-format
msgid "can't use a SKESK packet due to the S2K mode\n"
msgstr "S2K kipi sayesinde bir simetrik ESK paketi kullanılamıyor\n"
msgstr "S2K kipi nedeniyle bir SKESK paketi kullanılamıyor\n"
#, c-format
msgid "using cipher %s.%s\n"
@ -1877,18 +1864,14 @@ msgstr "dışa aktarım sırasında anahtardan kullanışsız parçaları kaldı
msgid "remove as much as possible from key during export"
msgstr "dışa aktarım sırasında anahtardan olabildiğince çok şey kaldır"
#, fuzzy
#| msgid "generate a revocation certificate"
msgid "export only revocation certificates"
msgstr "bir yürürlükten kaldırma sertifikası üret"
msgstr "yalnızca yürürlükten kaldırma sertifikalarını dışa aktar"
msgid "use the GnuPG key backup format"
msgstr "GnuPG yedekleme biçimini kullan"
#, fuzzy
#| msgid "exporting secret keys not allowed\n"
msgid "export secret keys using the GnuPG format"
msgstr "gizli anahtarların dışa aktarımına izin verilmez\n"
msgstr "GnuPG biçimini kullanan gizli anahtarları dışa aktar"
msgid " - skipped"
msgstr " - atlandı"
@ -2319,10 +2302,8 @@ msgstr ""
"anahtar listelerinde yürürlükten kaldırılmış ve zaman aşımına uğramış "
"yardımcı anahtarlar göster"
#, fuzzy
#| msgid "show expiration dates during signature listings"
msgid "show signatures with invalid algorithms during signature listings"
msgstr "imza listelemesi sırasında zaman aşımı tarihleri göster"
msgstr "imza listelemesi sırasında geçersiz algoritmalı imzaları göster"
msgid "show the keyring name in key listings"
msgstr "anahtar zinciri adını anahtar listelerinde göster"
@ -2330,10 +2311,8 @@ msgstr "anahtar zinciri adını anahtar listelerinde göster"
msgid "show expiration dates during signature listings"
msgstr "imza listelemesi sırasında zaman aşımı tarihleri göster"
#, fuzzy
#| msgid "list preferences (expert)"
msgid "show preferences"
msgstr "tercihleri listele (uzman)"
msgstr "tercihleri göster"
#, c-format
msgid "unknown TOFU policy '%s'\n"
@ -2503,23 +2482,23 @@ msgstr "seçili sertifikalama özet algoritması geçersiz\n"
#, c-format
msgid "completes-needed must be greater than 0\n"
msgstr "\"completes-needed\" 0'dan büyük olmalı\n"
msgstr "\"completes-needed\" 0'dan büyük olmalıdır\n"
#, c-format
msgid "marginals-needed must be greater than 1\n"
msgstr "\"marginals-needed\" 1'den büyük olmalı\n"
msgstr "\"marginals-needed\" 1'den büyük olmalıdır\n"
#, c-format
msgid "max-cert-depth must be in the range from 1 to 255\n"
msgstr "\"max-cert-depth\" 1-255 arasında olmalı\n"
msgstr "\"max-cert-depth\" 1-255 arasında olmalıdır\n"
#, c-format
msgid "invalid default-cert-level; must be 0, 1, 2, or 3\n"
msgstr "öntanımlı sertifika düzeyi geçersiz; 0, 1, 2 veya 3 olmalı\n"
msgstr "öntanımlı sertifika düzeyi geçersiz; 0, 1, 2 veya 3 olmalıdır\n"
#, c-format
msgid "invalid min-cert-level; must be 1, 2, or 3\n"
msgstr "asgari sertifika düzeyi geçersiz; 1, 2 veya 3 olmalı\n"
msgstr "en küçük sertifika düzeyi geçersiz; 1, 2 veya 3 olmalıdır\n"
#, c-format
msgid "Note: simple S2K mode (0) is strongly discouraged\n"
@ -2527,7 +2506,7 @@ msgstr "Not: Basit S2K kipi (0) kesinlikle tavsiye edilmez\n"
#, c-format
msgid "invalid S2K mode; must be 0, 1 or 3\n"
msgstr "geçersiz S2K kipi; 0, 1 veya 3 olmalı\n"
msgstr "geçersiz S2K kipi; 0, 1 veya 3 olmalıdır\n"
#, c-format
msgid "invalid default preferences\n"
@ -2944,6 +2923,7 @@ msgstr "%s anahtarı: Aracıya gönderirken hata: %s\n"
#, c-format
msgid "key %s: card reference is overridden by key material\n"
msgstr ""
"%s anahtarı: Kart başvurusu, anahtar malzemesi tarafından geçersiz kılındı\n"
#. TRANSLATORS: For a smartcard, each private key on host has a
#. * reference (stub) to a smartcard and actual private key data
@ -3466,10 +3446,8 @@ msgstr "seçili yardımcı anahtarları sil"
msgid "add a revocation key"
msgstr "bir yürürlükten kaldırma anahtarı ekle"
#, fuzzy
#| msgid "Data decryption succeeded"
msgid "add an additional decryption subkey"
msgstr "Veri şifresi çözülmesi başarılı"
msgstr "ek bir şifre çözümü alt anahtarı ekle"
msgid "delete signatures from the selected user IDs"
msgstr "seçili kullanıcı kimliklerinden imzaları sile"
@ -3536,11 +3514,9 @@ msgstr "Gizli anahtar mevcut.\n"
msgid "Secret subkeys are available.\n"
msgstr "Gizli yardımcı anahtarlar mevcut.\n"
#, fuzzy
#| msgid "Note: Only the secret part of the shown subkey will be deleted.\n"
msgid ""
"Note: the local copy of the secret key will only be deleted with \"save\".\n"
msgstr "Not: Yalnızca gösterilen yardımcı anahtarın gizli kısmı silinecek.\n"
msgstr "Not: Gizli anahtarın yerel kopyası yalnızca \"save\" ile silinir.\n"
msgid "Need the secret key to do this.\n"
msgstr "Bunu yapmak için gizli anahtar gerekli.\n"
@ -3656,10 +3632,9 @@ msgstr "Değişiklikler kaydedilsin mi? (e/H) "
msgid "Quit without saving? (y/N) "
msgstr "Kaydetmeden çıkılsın mı? (e/H) "
#, fuzzy, c-format
#| msgid "deleting secret %s failed: %s\n"
#, c-format
msgid "deleting copy of secret key failed: %s\n"
msgstr "gizli %s silinmesi başarısız: %s\n"
msgstr "gizli anahtarın kopyasının silinmesi başarısız: %s\n"
#, c-format
msgid "Key not changed so no update needed.\n"
@ -3800,6 +3775,11 @@ msgstr "UYARI: Şifreleme yardımcı anahtarının yakın zamanda süresi dolaca
msgid "You may want to change its expiration date too.\n"
msgstr "Son kullanma tarihini de değiştirmek isteyebilirsiniz.\n"
#, fuzzy, c-format
#| msgid "WARNING: Your encryption subkey expires soon.\n"
msgid "WARNING: No valid encryption subkey left over.\n"
msgstr "UYARI: Şifreleme yardımcı anahtarının yakın zamanda süresi dolacak.\n"
msgid ""
"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
"versions\n"
@ -3906,17 +3886,15 @@ msgstr ""
"misiniz? (e/H) "
msgid "Enter the fingerprint of the additional decryption subkey: "
msgstr ""
msgstr "Ek şifre çözümü alt anahtarının parmak izini gir: "
#, fuzzy, c-format
#| msgid "(unless you specify the key by fingerprint)\n"
#, c-format
msgid "Did you specify the fingerprint of a subkey?\n"
msgstr "(anahtar parmak izi ile belirtilmedikçe)\n"
msgstr "Bir alt anahtarın parmak izini mi belirttiniz?\n"
#, fuzzy, c-format
#| msgid "Subkey %s is already revoked.\n"
#, c-format
msgid "key \"%s\" is already on this keyblock\n"
msgstr "%s yardımcı anahtarı zaten yürürlükten kaldırılmış.\n"
msgstr "\"%s\" anahtarı halihazırda bu anahtar blokunda\n"
msgid ""
"Are you sure you want to change the expiration time for multiple subkeys? (y/"
@ -4249,7 +4227,7 @@ msgstr "%u bite yuvarlandı\n"
#, c-format
msgid "%s keys may be between %u and %u bits long.\n"
msgstr "%s anahtarları %u bit ile %u bit arasında olmalı.\n"
msgstr "%s anahtarları %u bit ile %u bit arasında olmalıdır.\n"
#, c-format
msgid "What keysize do you want for the subkey? (%u) "
@ -4303,10 +4281,10 @@ msgid "invalid value\n"
msgstr "geçersiz değer\n"
msgid "Key does not expire at all\n"
msgstr "Anahtar hep geçerli olacak\n"
msgstr "Anahtarın geçerliliği hiçbir zaman bitmeyecek\n"
msgid "Signature does not expire at all\n"
msgstr "İmza hep geçerli olacak\n"
msgstr "İmzanın geçerliliği hiçbir zaman bitmeyecek\n"
#, c-format
msgid "Key expires at %s\n"
@ -5248,7 +5226,7 @@ msgid ""
"The minimum trust level for this key is: %s\n"
"\n"
msgstr ""
"Bu anahtar için asgari güvence düzeyi: %s\n"
"Bu anahtar için en düşük güvence düzeyi: %s\n"
"\n"
msgid "Your decision? "
@ -6662,7 +6640,7 @@ msgstr "||Lütfen kart kilidini açın"
#, c-format
msgid "PIN for CHV%d is too short; minimum length is %d\n"
msgstr "CHV%d için PIN çok kısa; asgari uzunluk: %d\n"
msgstr "CHV%d için PIN çok kısa; gereken en kısa uzunluk %d\n"
#, c-format
msgid "verify CHV%d failed: %s\n"
@ -6693,7 +6671,7 @@ msgstr "||Lütfen kart için Sıfırlama Kodunu giriniz"
#, c-format
msgid "Reset Code is too short; minimum length is %d\n"
msgstr "Sıfırlama Kodu çok kısa; asgari uzunluk: %d\n"
msgstr "Sıfırlama Kodu çok kısa; gereken en kısa uzunluk %d\n"
#. TRANSLATORS: Do not translate the "|*|" prefixes but
#. keep it at the start of the string. We need this elsewhere
@ -7782,6 +7760,10 @@ msgstr "lütfen nedenini denetleyin ve o dosyayı el ile silin\n"
msgid "failed to create temporary cache dir file '%s': %s\n"
msgstr "geçici önbellek dizin dosyası '%s' oluşturulamadı: %s\n"
#, c-format
msgid "error renaming '%s' to '%s': %s\n"
msgstr "'%s > '%s' olarak yeniden adlandırırken hata: %s\n"
#, c-format
msgid "can't hash '%s': %s\n"
msgstr "'%s' sağlaması yapılamıyor: %s\n"
@ -8933,22 +8915,3 @@ msgstr "Yubikey yönetim konsolu"
msgid "manage the command history"
msgstr "komut geçmişini yönet"
#~ msgid "continuing verification anyway due to option %s\n"
#~ msgstr "%s seçeneğinden dolayı doğrulama yine de sürdürülüyor\n"
#~ msgid "selected AEAD algorithm is invalid\n"
#~ msgstr "seçili AEAD algoritması geçersiz\n"
#~ msgid "invalid personal AEAD preferences\n"
#~ msgstr "geçersiz kişisel AEAD tercihler\n"
#~ msgid "AEAD algorithm '%s' may not be used in %s mode\n"
#~ msgstr "'%s' AEAD algoritması, %s kipinde kullanılamayabilir\n"
#~ msgid "run in supervised mode"
#~ msgstr "yönetilen kipte çalıştır"
#~ msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n"
#~ msgstr ""
#~ "simetrik şifreleme %s (%d) zorlamak alıcı tercihlerine karşı geliyor\n"

13
po/uk.po
View File

@ -754,10 +754,6 @@ msgstr "Підтверджую"
msgid "Wrong"
msgstr "Не підтверджую"
#, c-format
msgid "error renaming '%s' to '%s': %s\n"
msgstr "помилка під час спроби перейменування «%s» на «%s»: %s\n"
#, c-format
msgid "Note: This passphrase has never been changed.%0APlease change it now."
msgstr ""
@ -3905,6 +3901,11 @@ msgstr "УВАГА: строк дії вашого підключа імпорт
msgid "You may want to change its expiration date too.\n"
msgstr "Ймовірно, вам варто змінити також і його строк дії.\n"
#, fuzzy, c-format
#| msgid "WARNING: Your encryption subkey expires soon.\n"
msgid "WARNING: No valid encryption subkey left over.\n"
msgstr "УВАГА: строк дії вашого підключа імпортування невдовзі завершиться.\n"
msgid ""
"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
"versions\n"
@ -8052,6 +8053,10 @@ msgstr "будь ласка, перевірте причину і вилучіт
msgid "failed to create temporary cache dir file '%s': %s\n"
msgstr "не вдалося створити тимчасовий файл каталогу кешу «%s»: %s\n"
#, c-format
msgid "error renaming '%s' to '%s': %s\n"
msgstr "помилка під час спроби перейменування «%s» на «%s»: %s\n"
#, c-format
msgid "can't hash '%s': %s\n"
msgstr "не вдалося хешувати «%s»: %s\n"

13
po/zh_CN.po
View File

@ -717,10 +717,6 @@ msgstr "正确"
msgid "Wrong"
msgstr "错误"
#, c-format
msgid "error renaming '%s' to '%s': %s\n"
msgstr "将‘%s重命名为%s时出现错误%s\n"
#, c-format
msgid "Note: This passphrase has never been changed.%0APlease change it now."
msgstr "注意:此密码从未被修改过。%0A请立即修改。"
@ -3692,6 +3688,11 @@ msgstr "警告: 您的加密用子密钥将在不久后过期。\n"
msgid "You may want to change its expiration date too.\n"
msgstr "您可能也想要变更它的过期日期。\n"
#, fuzzy, c-format
#| msgid "WARNING: Your encryption subkey expires soon.\n"
msgid "WARNING: No valid encryption subkey left over.\n"
msgstr "警告: 您的加密用子密钥将在不久后过期。\n"
msgid ""
"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
"versions\n"
@ -7528,6 +7529,10 @@ msgstr "请检查理由并手动删除那个文件\n"
msgid "failed to create temporary cache dir file '%s': %s\n"
msgstr "创建临时缓存目录文件‘%s时失败%s\n"
#, c-format
msgid "error renaming '%s' to '%s': %s\n"
msgstr "将‘%s重命名为%s时出现错误%s\n"
#, c-format
msgid "can't hash '%s': %s\n"
msgstr "无法取‘%s的散列%s\n"

13
po/zh_TW.po
View File

@ -753,10 +753,6 @@ msgstr "正確"
msgid "Wrong"
msgstr "錯了"
#, c-format
msgid "error renaming '%s' to '%s': %s\n"
msgstr "把 '%s' 重新命名成 '%s' 時出錯: %s\n"
#, c-format
msgid "Note: This passphrase has never been changed.%0APlease change it now."
msgstr "請注意: 密語從未變更過.%0A請現在就變更."
@ -3882,6 +3878,11 @@ msgstr "警告: 你的加密子鑰很快將到期.\n"
msgid "You may want to change its expiration date too.\n"
msgstr "你可能也會想變更其使用期限.\n"
#, fuzzy, c-format
#| msgid "WARNING: Your encryption subkey expires soon.\n"
msgid "WARNING: No valid encryption subkey left over.\n"
msgstr "警告: 你的加密子鑰很快將到期.\n"
msgid ""
"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
"versions\n"
@ -7871,6 +7872,10 @@ msgstr "請檢查其原因並手動刪除該檔案\n"
msgid "failed to create temporary cache dir file '%s': %s\n"
msgstr "建立暫存快取目錄檔案 '%s' 失敗: %s\n"
#, c-format
msgid "error renaming '%s' to '%s': %s\n"
msgstr "把 '%s' 重新命名成 '%s' 時出錯: %s\n"
#, c-format
msgid "can't hash '%s': %s\n"
msgstr "無法計算 '%s' 的雜湊: %s\n"

31
scd/app-p15.c
View File

@ -87,7 +87,8 @@ typedef enum
CARD_PRODUCT_UNKNOWN,
CARD_PRODUCT_RSCS, /* Rohde&Schwarz Cybersecurity */
CARD_PRODUCT_DTRUST, /* D-Trust GmbH (bundesdruckerei.de) */
CARD_PRODUCT_GENUA /* GeNUA mbH */
CARD_PRODUCT_GENUA, /* GeNUA mbH */
CARD_PRODUCT_NEXUS /* Technology Nexus */
}
card_product_t;
@ -550,6 +551,7 @@ cardproduct2str (card_product_t cardproduct)
case CARD_PRODUCT_RSCS: return "R&S";
case CARD_PRODUCT_DTRUST: return "D-Trust";
case CARD_PRODUCT_GENUA: return "GeNUA";
case CARD_PRODUCT_NEXUS: return "Nexus";
}
return "";
}
@ -3605,14 +3607,20 @@ read_p15_info (app_t app)
release_lists (app);
if (IS_CARDOS_5 (app)
&& app->app_local->manufacturer_id
&& !ascii_strcasecmp (app->app_local->manufacturer_id, "GeNUA mbH"))
/* Set a product type from the manufacturer_id. */
if (IS_CARDOS_5 (app) && app->app_local->manufacturer_id)
{
if (!app->app_local->card_product)
const char *manu = app->app_local->manufacturer_id;
if (app->app_local->card_product)
; /* Already set. */
else if (!ascii_strcasecmp (manu, "GeNUA mbH"))
app->app_local->card_product = CARD_PRODUCT_GENUA;
else if (!ascii_strcasecmp (manu, "Technology Nexus"))
app->app_local->card_product = CARD_PRODUCT_NEXUS;
}
/* Read the ODF so that we know the location of all directory
files. */
/* Fixme: We might need to get a non-standard ODF FID from TokenInfo. */
@ -5079,9 +5087,7 @@ get_dispserialno (app_t app, prkdf_object_t prkdf)
if (serial && (n=strlen (serial)) > 8)
memmove (serial, serial + n - 8, 9);
}
else if (IS_CARDOS_5 (app) && app->app_local->manufacturer_id
&& !ascii_strcasecmp (app->app_local->manufacturer_id,
"Technology Nexus")
else if (app->app_local->card_product == CARD_PRODUCT_NEXUS
&& APP_CARD(app)->serialno && APP_CARD(app)->serialnolen == 4+9
&& !memcmp (APP_CARD(app)->serialno, "\xff\x00\x00\xff", 4)
&& !any_control_or_space_mem (APP_CARD(app)->serialno + 4, 9))
@ -5615,11 +5621,12 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
err = gpg_error_from_syserror ();
goto leave;
}
if (app->app_local->card_type == CARD_TYPE_BELPIC)
if (app->app_local->card_type == CARD_TYPE_BELPIC
|| app->app_local->card_product == CARD_PRODUCT_NEXUS)
{
/* This card wants only the plain hash w/o any prefix. */
/* FIXME: We may want to remove this code because it is unlikely
* that such cards are still in use. */
/* The default for these cards is to use a plain hash. We
* assume that due to the used certificate the correct hash
* algo is used. */
memcpy (frame, indata, indatalen);
framelen = indatalen;
}

4
sm/Makefile.am
View File

@ -77,8 +77,8 @@ gpgsm_LDFLAGS =
gpgsm_DEPENDENCIES = $(resource_objs)
module_tests =
module_maint_tests = t-minip12
module_tests = t-minip12
module_maint_tests =
t_common_src =
t_common_ldadd = $(libcommon) $(LIBGCRYPT_LIBS) $(KSBA_LIBS) \

45
sm/call-dirmngr.c
View File

@ -1001,16 +1001,17 @@ static gpg_error_t
run_command_inq_cb (void *opaque, const char *line)
{
struct run_command_parm_s *parm = opaque;
gpg_error_t err;
const char *s;
int rc = 0;
ksba_cert_t cert = NULL;
ksba_sexp_t ski = NULL;
const unsigned char *der;
size_t derlen, n;
if ((s = has_leading_keyword (line, "SENDCERT")))
{ /* send the given certificate */
int err;
ksba_cert_t cert;
const unsigned char *der;
size_t derlen;
{
/* Send the given certificate. */
line = s;
if (!*line)
return gpg_error (GPG_ERR_ASS_PARAMETER);
@ -1029,11 +1030,36 @@ run_command_inq_cb (void *opaque, const char *line)
rc = gpg_error (GPG_ERR_INV_CERT_OBJ);
else
rc = assuan_send_data (parm->ctx, der, derlen);
ksba_cert_release (cert);
}
}
else if ((s = has_leading_keyword (line, "SENDCERT_SKI")))
{
/* Send a certificate where a sourceKeyIdentifier is included. */
line = s;
ski = make_simple_sexp_from_hexstr (line, &n);
line += n;
while (*line == ' ')
line++;
err = gpgsm_find_cert (parm->ctrl, line, ski, &cert,
FIND_CERT_ALLOW_AMBIG|FIND_CERT_WITH_EPHEM);
if (err)
{
log_error ("certificate not found: %s\n", gpg_strerror (err));
rc = gpg_error (GPG_ERR_NOT_FOUND);
}
else
{
der = ksba_cert_get_image (cert, &derlen);
if (!der)
rc = gpg_error (GPG_ERR_INV_CERT_OBJ);
else
rc = assuan_send_data (parm->ctx, der, derlen);
}
}
else if ((s = has_leading_keyword (line, "PRINTINFO")))
{ /* Simply show the message given in the argument. */
{
/* Simply show the message given in the argument. */
line = s;
log_info ("dirmngr: %s\n", line);
}
@ -1043,7 +1069,6 @@ run_command_inq_cb (void *opaque, const char *line)
root certificate. */
char fpr[41];
struct rootca_flags_s rootca_flags;
int n;
line = s;
@ -1067,6 +1092,8 @@ run_command_inq_cb (void *opaque, const char *line)
rc = gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
}
ksba_cert_release (cert);
xfree (ski);
return rc;
}

4
sm/decrypt.c
View File

@ -1107,6 +1107,10 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
goto leave;
}
gnupg_ksba_set_progress_cb (b64writer, gpgsm_progress_cb, ctrl);
if (ctrl->input_size_hint)
gnupg_ksba_set_total (b64writer, ctrl->input_size_hint);
rc = ksba_cms_new (&cms);
if (rc)
goto leave;

6
sm/encrypt.c
View File

@ -653,6 +653,10 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
goto leave;
}
gnupg_ksba_set_progress_cb (b64writer, gpgsm_progress_cb, ctrl);
if (ctrl->input_size_hint)
gnupg_ksba_set_total (b64writer, ctrl->input_size_hint);
err = ksba_cms_new (&cms);
if (err)
{
@ -828,7 +832,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
err = ksba_cms_build (cms, &stopreason);
if (err)
{
log_debug ("ksba_cms_build failed: %s\n", gpg_strerror (err));
log_error ("creating CMS object failed: %s\n", gpg_strerror (err));
rc = err;
goto leave;
}

8
sm/gpgsm.c
View File

@ -139,6 +139,7 @@ enum cmd_and_opt_values {
oAssumeArmor,
oAssumeBase64,
oAssumeBinary,
oInputSizeHint,
oBase64,
oNoArmor,
@ -326,6 +327,7 @@ static gpgrt_opt_t opts[] = {
N_("assume input is in base-64 format")),
ARGPARSE_s_n (oAssumeBinary, "assume-binary",
N_("assume input is in binary format")),
ARGPARSE_s_s (oInputSizeHint, "input-size-hint", "@"),
ARGPARSE_header ("Output", N_("Options controlling the output")),
@ -802,7 +804,7 @@ set_debug (void)
/* minip12.c may be used outside of GnuPG, thus we don't have the
* opt structure over there. */
p12_set_verbosity (opt.verbose);
p12_set_verbosity (opt.verbose, opt.debug);
}
@ -1188,6 +1190,10 @@ main ( int argc, char **argv)
ctrl.is_base64 = 0;
break;
case oInputSizeHint:
ctrl.input_size_hint = string_to_u64 (pargs.r.ret_str);
break;
case oDisableCRLChecks:
opt.no_crl_check = 1;
break;

6
sm/gpgsm.h
View File

@ -250,6 +250,11 @@ struct server_control_s
int is_pem; /* Is in PEM format */
int is_base64; /* is in plain base-64 format */
/* If > 0 a hint with the expected number of input data bytes. This
* is not necessary an exact number but intended to be used for
* progress info and to decide on how to allocate buffers. */
uint64_t input_size_hint;
int create_base64; /* Create base64 encoded output */
int create_pem; /* create PEM output */
const char *pem_name; /* PEM name to use */
@ -316,6 +321,7 @@ gpg_error_t gpgsm_status_with_err_code (ctrl_t ctrl, int no, const char *text,
gpg_err_code_t ec);
gpg_error_t gpgsm_status_with_error (ctrl_t ctrl, int no, const char *text,
gpg_error_t err);
gpg_error_t gpgsm_progress_cb (ctrl_t ctrl, uint64_t current, uint64_t total);
gpg_error_t gpgsm_proxy_pinentry_notify (ctrl_t ctrl,
const unsigned char *line);

2266
sm/minip12.c
View File

File diff suppressed because it is too large Load Diff

2
sm/minip12.h
View File

@ -23,7 +23,7 @@
#include <gcrypt.h>
void p12_set_verbosity (int verbose);
void p12_set_verbosity (int verbose, int debug);
gcry_mpi_t *p12_parse (const unsigned char *buffer, size_t length,
const char *pw,

52
sm/server.c
View File

@ -298,6 +298,10 @@ option_handler (assuan_context_t ctx, const char *key, const char *value)
opt.request_origin = i;
}
}
else if (!strcmp (key, "input-size-hint"))
{
ctrl->input_size_hint = string_to_u64 (value);
}
else
err = gpg_error (GPG_ERR_UNKNOWN_OPTION);
@ -1506,7 +1510,14 @@ gpgsm_status2 (ctrl_t ctrl, int no, ...)
}
}
putc ('\n', statusfp);
fflush (statusfp);
if (ferror (statusfp))
err = gpg_error_from_syserror ();
else
{
fflush (statusfp);
if (ferror (statusfp))
err = gpg_error_from_syserror ();
}
}
else
{
@ -1551,6 +1562,45 @@ gpgsm_status_with_error (ctrl_t ctrl, int no, const char *text,
}
/* This callback is used to emit progress status lines. */
gpg_error_t
gpgsm_progress_cb (ctrl_t ctrl, uint64_t current, uint64_t total)
{
char buffer[60];
char units[] = "BKMGTPEZY?";
int unitidx = 0;
if (total)
{
if (current > total)
current = total;
while (total > 1024*1024)
{
total /= 1024;
current /= 1024;
unitidx++;
}
}
else
{
while (current > 1024*1024)
{
current /= 1024;
unitidx++;
}
}
if (unitidx > 9)
unitidx = 9;
snprintf (buffer, sizeof buffer, "? %lu %lu %c%s",
(unsigned long)current, (unsigned long)total,
units[unitidx], unitidx? "iB" : "");
return gpgsm_status2 (ctrl, STATUS_PROGRESS, "?", buffer, NULL);
}
/* Helper to notify the client about Pinentry events. Because that
might disturb some older clients, this is only done when enabled
via an option. Returns an gpg error code. */

6
sm/sign.c
View File

@ -687,6 +687,10 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
goto leave;
}
gnupg_ksba_set_progress_cb (b64writer, gpgsm_progress_cb, ctrl);
if (ctrl->input_size_hint)
gnupg_ksba_set_total (b64writer, ctrl->input_size_hint);
err = ksba_cms_new (&cms);
if (err)
{
@ -1027,7 +1031,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
err = ksba_cms_build (cms, &stopreason);
if (err)
{
log_debug ("ksba_cms_build failed: %s\n", gpg_strerror (err));
log_error ("creating CMS object failed: %s\n", gpg_strerror (err));
rc = err;
goto leave;
}

756
sm/t-minip12.c
View File

@ -1,5 +1,5 @@
/* t-minip12.c - Test driver for minip12.c
* Copyright (C) 2020 g10 Code GmbH
* Copyright (C) 2020, 2023 g10 Code GmbH
*
* This file is part of GnuPG.
*
@ -15,6 +15,7 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <https://www.gnu.org/licenses/>.
* SPDX-License-Identifier: GPL-3.0-or-later
*/
#include <config.h>
@ -22,6 +23,8 @@
#include <stdlib.h>
#include <sys/stat.h>
#include <unistd.h>
#include <stdarg.h>
#include <ctype.h>
#include "../common/util.h"
#include "minip12.h"
@ -31,7 +34,336 @@
static int verbose;
static int debug;
static int any_error;
static void die (const char *format, ...) GPGRT_ATTR_NR_PRINTF(1,2);
static void err (const char *format, ...) GPGRT_ATTR_PRINTF(1,2);
static void inf (const char *format, ...) GPGRT_ATTR_PRINTF(1,2);
/* static void dbg (const char *format, ...) GPGRT_ATTR_PRINTF(1,2); */
static void printresult (const char *format, ...) GPGRT_ATTR_PRINTF(1,2);
static char *my_xstrconcat (const char *s1, ...) GPGRT_ATTR_SENTINEL(0);
#define xstrconcat my_xstrconcat
#define trim_spaces(a) my_trim_spaces ((a))
#define my_isascii(c) (!((c) & 0x80))
/* Print diagnostic message and exit with failure. */
static void
die (const char *format, ...)
{
va_list arg_ptr;
fflush (stdout);
fprintf (stderr, "%s: ", PGM);
va_start (arg_ptr, format);
vfprintf (stderr, format, arg_ptr);
va_end (arg_ptr);
if (!*format || format[strlen(format)-1] != '\n')
putc ('\n', stderr);
exit (1);
}
/* Print diagnostic message. */
static void
err (const char *format, ...)
{
va_list arg_ptr;
any_error = 1;
fflush (stdout);
fprintf (stderr, "%s: ", PGM);
va_start (arg_ptr, format);
vfprintf (stderr, format, arg_ptr);
va_end (arg_ptr);
if (!*format || format[strlen(format)-1] != '\n')
putc ('\n', stderr);
}
/* Print an info message. */
static void
inf (const char *format, ...)
{
va_list arg_ptr;
if (verbose)
{
fprintf (stderr, "%s: ", PGM);
va_start (arg_ptr, format);
vfprintf (stderr, format, arg_ptr);
va_end (arg_ptr);
if (!*format || format[strlen(format)-1] != '\n')
putc ('\n', stderr);
}
}
/* Print a debug message. */
/* static void */
/* dbg (const char *format, ...) */
/* { */
/* va_list arg_ptr; */
/* if (debug) */
/* { */
/* fprintf (stderr, "%s: DBG: ", PGM); */
/* va_start (arg_ptr, format); */
/* vfprintf (stderr, format, arg_ptr); */
/* va_end (arg_ptr); */
/* if (!*format || format[strlen(format)-1] != '\n') */
/* putc ('\n', stderr); */
/* } */
/* } */
/* Print a result line to stdout. */
static void
printresult (const char *format, ...)
{
va_list arg_ptr;
fflush (stdout);
#ifdef HAVE_FLOCKFILE
flockfile (stdout);
#endif
va_start (arg_ptr, format);
vfprintf (stdout, format, arg_ptr);
if (*format && format[strlen(format)-1] != '\n')
putc ('\n', stdout);
va_end (arg_ptr);
fflush (stdout);
#ifdef HAVE_FLOCKFILE
funlockfile (stdout);
#endif
}
/* Helper for xstrconcat and strconcat. */
static char *
do_strconcat (int xmode, const char *s1, va_list arg_ptr)
{
const char *argv[48];
size_t argc;
size_t needed;
char *buffer, *p;
argc = 0;
argv[argc++] = s1;
needed = strlen (s1);
while (((argv[argc] = va_arg (arg_ptr, const char *))))
{
needed += strlen (argv[argc]);
if (argc >= DIM (argv)-1)
die ("too may args for strconcat\n");
argc++;
}
needed++;
buffer = xmode? xmalloc (needed) : malloc (needed);
for (p = buffer, argc=0; argv[argc]; argc++)
p = stpcpy (p, argv[argc]);
return buffer;
}
/* Concatenate the string S1 with all the following strings up to a
NULL. Returns a malloced buffer with the new string or dies on error. */
static char *
my_xstrconcat (const char *s1, ...)
{
va_list arg_ptr;
char *result;
if (!s1)
result = xstrdup ("");
else
{
va_start (arg_ptr, s1);
result = do_strconcat (1, s1, arg_ptr);
va_end (arg_ptr);
}
return result;
}
static char *
my_trim_spaces (char *str )
{
char *string, *p, *mark;
string = str;
for (p=string; *p && isspace (*(unsigned char *)p) ; p++)
;
for (mark=NULL; (*string = *p); string++, p++ )
if (isspace (*(unsigned char *)p))
{
if (!mark)
mark = string;
}
else
mark = NULL;
if (mark)
*mark = '\0';
return str ;
}
/* Prepend FNAME with the srcdir environment variable's value and
* return an allocated filename. */
static char *
prepend_srcdir (const char *fname)
{
static const char *srcdir;
if (!srcdir && !(srcdir = getenv ("srcdir")))
return xstrdup (fname);
else
return xstrconcat (srcdir, "/", fname, NULL);
}
/* (BUFFER,BUFLEN) and return a malloced hexstring. */
static char *
hash_buffer (const void *buffer, size_t buflen)
{
unsigned char hash[20];
char *result;
int i;
gcry_md_hash_buffer (GCRY_MD_SHA1, hash, buffer, buflen);
result = xmalloc (41);
for (i=0; i < 20; i++)
snprintf (result + 2*i, 3, "%02x", hash[i]);
return result;
}
/* Read next line but skip over empty and comment lines. Caller must
xfree the result. */
static char *
read_textline (FILE *fp, int *lineno)
{
char line[4096];
char *p;
do
{
if (!fgets (line, sizeof line, fp))
{
if (feof (fp))
return NULL;
die ("error reading input line: %s\n", strerror (errno));
}
++*lineno;
p = strchr (line, '\n');
if (!p)
die ("input line %d not terminated or too long\n", *lineno);
*p = 0;
for (p--;p > line && my_isascii (*p) && isspace (*p); p--)
*p = 0;
}
while (!*line || *line == '#');
return xstrdup (line);
}
/* Copy the data after the tag to BUFFER. BUFFER will be allocated as
needed. */
static void
copy_data (char **buffer, const char *line, int lineno)
{
const char *s;
xfree (*buffer);
*buffer = NULL;
s = strchr (line, ':');
if (!s)
{
err ("syntax error at input line %d", lineno);
return;
}
for (s++; my_isascii (*s) && isspace (*s); s++)
;
*buffer = xstrdup (s);
}
static void
hexdowncase (char *string)
{
char *p;
if (string)
for (p=string; *p; p++)
if (my_isascii (*p))
*p = tolower (*p);
}
/* Return the value of the variable VARNAME from ~/.gnupg-autogen.rc
* or NULL if it does not exists or is empty. */
static char *
value_from_gnupg_autogen_rc (const char *varname)
{
const char *home;
char *fname;
FILE *fp;
char *line = NULL;
char *p;
int lineno = 0;
if (!(home = getenv ("HOME")))
home = "";
fname = xstrconcat (home, "/.gnupg-autogen.rc", NULL);
fp = fopen (fname, "r");
if (!fp)
goto leave;
while ((line = read_textline (fp, &lineno)))
{
p = strchr (line, '=');
if (p)
{
*p++ = 0;
trim_spaces (line);
if (!strcmp (line, varname))
{
trim_spaces (p);
if (*p)
{
memmove (line, p, strlen (p)+1);
if (*line == '~' && line[1] == '/')
{
p = xstrconcat (home, line+1, NULL);
xfree (line);
line = p;
}
break; /* found. */
}
}
}
xfree (line);
}
leave:
if (fp)
fclose (fp);
xfree (fname);
return line;
}
static void
@ -45,13 +377,10 @@ cert_cb (void *opaque, const unsigned char *cert, size_t certlen)
}
int
main (int argc, char **argv)
/* Parse one PKCS#12 file. Returns zero on success. */
static int
one_file (const char *name, const char *pass)
{
int last_argc = -1;
char const *name = NULL;
char const *pass = NULL;
FILE *fp;
struct stat st;
unsigned char *buf;
@ -60,63 +389,6 @@ main (int argc, char **argv)
int badpass;
char *curve = NULL;
if (argc)
{ argc--; argv++; }
while (argc && last_argc != argc )
{
last_argc = argc;
if (!strcmp (*argv, "--"))
{
argc--; argv++;
break;
}
else if (!strcmp (*argv, "--help"))
{
fputs ("usage: " PGM " <pkcs12file> [<passphrase>]\n"
"Options:\n"
" --verbose print timings etc.\n"
" --debug flyswatter\n"
, stdout);
exit (0);
}
else if (!strcmp (*argv, "--verbose"))
{
verbose++;
argc--; argv++;
}
else if (!strcmp (*argv, "--debug"))
{
verbose += 2;
debug++;
argc--; argv++;
}
else if (!strncmp (*argv, "--", 2))
{
fprintf (stderr, PGM ": unknown option '%s'\n", *argv);
exit (1);
}
}
if (argc == 1)
{
name = argv[0];
pass = "";
}
else if (argc == 2)
{
name = argv[0];
pass = argv[1];
}
else
{
fprintf (stderr, "usage: " PGM " <file> [<passphrase>]\n");
exit (1);
}
gcry_control (GCRYCTL_DISABLE_SECMEM, NULL);
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, NULL);
fp = fopen (name, "rb");
if (!fp)
{
@ -131,8 +403,8 @@ main (int argc, char **argv)
}
buflen = st.st_size;
buf = gcry_malloc (buflen+1);
if (!buf || fread (buf, buflen, 1, fp) != 1)
buf = xmalloc (buflen+1);
if (fread (buf, buflen, 1, fp) != 1)
{
fprintf (stderr, "error reading '%s': %s\n", name, strerror (errno));
return 1;
@ -160,6 +432,358 @@ main (int argc, char **argv)
}
}
}
if (badpass)
log_error ("Bad password given?\n");
xfree (buf);
return 0;
}
static void
cert_collect_cb (void *opaque, const unsigned char *cert, size_t certlen)
{
char **certstr = opaque;
char *hash, *save;
hash = hash_buffer (cert, certlen);
if (*certstr)
{
save = *certstr;
*certstr = xstrconcat (save, ",", hash, NULL);
xfree (save);
xfree (hash);
}
else
*certstr = hash;
}
static int
run_one_test (const char *name, const char *desc, const char *pass,
const char *certexpected, const char *keyexpected)
{
FILE *fp;
struct stat st;
unsigned char *buf;
size_t buflen;
gcry_mpi_t *result;
int badpass;
char *curve = NULL;
char *resulthash = NULL;
char *p;
char *certstr = NULL;
int ret;
inf ("testing '%s' (%s)", name , desc? desc:"");
fp = fopen (name, "rb");
if (!fp)
{
err ("can't open '%s': %s\n", name, strerror (errno));
printresult ("FAIL: %s - test file not found\n", name);
return 1;
}
if (fstat (fileno (fp), &st))
{
err ("can't stat '%s': %s\n", name, strerror (errno));
printresult ("FAIL: %s - error stating test file\n", name);
fclose (fp);
return 1;
}
buflen = st.st_size;
buf = xmalloc (buflen+1);
if (fread (buf, buflen, 1, fp) != 1)
{
err ("error reading '%s': %s\n", name, strerror (errno));
printresult ("FAIL: %s - error reading test file\n", name);
fclose (fp);
xfree (buf);
return 1;
}
fclose (fp);
result = p12_parse (buf, buflen, pass? pass:"", cert_collect_cb, &certstr,
&badpass, &curve);
if (result)
{
int i, rc;
char *tmpstring;
unsigned char *tmpbuf;
char numbuf[20];
if (curve)
{
if (verbose > 1)
inf ("curve: %s\n", curve);
tmpstring = xstrconcat ("curve:", curve, "\n", NULL);
}
else
tmpstring = xstrdup ("\n");
for (i=0; result[i]; i++)
{
rc = gcry_mpi_aprint (GCRYMPI_FMT_HEX, &tmpbuf, NULL, result[i]);
if (rc)
die ("result %d: [error printing number: %s]\n",
i, gpg_strerror (rc));
else
{
if (verbose > 1)
inf ("result %d: %s\n", i, tmpbuf);
snprintf (numbuf, sizeof numbuf, "%d:", i);
p = xstrconcat (tmpstring, numbuf, tmpbuf, "\n", NULL);
xfree (tmpstring);
tmpstring = p;
gcry_free (tmpbuf);
}
}
resulthash = hash_buffer (tmpstring, strlen (tmpstring));
xfree (tmpstring);
}
if (verbose > 1)
{
inf ("cert(exp)=%s", certexpected);
inf ("cert(got)=%s", certstr? certstr:"[null]");
inf ("key(exp)=%s", keyexpected);
inf ("key(got)=%s", resulthash? resulthash:"[null]");
}
ret = 1;
if (!result)
printresult ("FAIL: %s - error from parser\n", name);
else if (certexpected && !certstr)
printresult ("FAIL: %s - expected certs but got none\n", name);
else if (!certexpected && certstr)
printresult ("FAIL: %s - no certs expected but got one\n", name);
else if (certexpected && certstr && strcmp (certexpected, certstr))
printresult ("FAIL: %s - certs not as expected\n", name);
else if (keyexpected && !resulthash)
printresult ("FAIL: %s - expected key but got none\n", name);
else if (!keyexpected && resulthash)
printresult ("FAIL: %s - key not expected but got one\n", name);
else if (keyexpected && resulthash && strcmp (keyexpected, resulthash))
printresult ("FAIL: %s - keys not as expected\n", name);
else
{
printresult ("PASS: %s\n", name);
ret = 0;
}
if (result)
{
int i;
for (i=0; result[i]; i++)
gcry_mpi_release (result[i]);
gcry_free (result);
}
xfree (certstr);
xfree (resulthash);
xfree (curve);
xfree (buf);
return ret;
}
/* Run a regression test using the Info take from DESCFNAME. */
static int
run_tests_from_file (const char *descfname)
{
FILE *fp;
char *descdir;
int lineno, ntests;
char *line;
char *name = NULL;
char *desc = NULL;
char *pass = NULL;
char *cert = NULL;
char *key = NULL;
int ret = 0;
char *p;
inf ("Running tests from '%s'", descfname);
descdir = xstrdup (descfname);
p = strrchr (descdir, '/');
if (p)
*p = 0;
else
{
xfree (descdir);
descdir = xstrdup (".");
}
fp = fopen (descfname, "r");
if (!fp)
die ("error opening '%s': %s\n", descfname, strerror (errno));
lineno = ntests = 0;
while ((line = read_textline (fp, &lineno)))
{
if (!strncmp (line, "Name:", 5))
{
if (name)
ret |= run_one_test (name, desc, pass, cert, key);
xfree (cert); cert = NULL;
xfree (desc); desc = NULL;
xfree (pass); pass = NULL;
xfree (key); key = NULL;
copy_data (&name, line, lineno);
if (name)
{
p = xstrconcat (descdir, "/", name, NULL);
xfree (name);
name = p;
}
}
else if (!strncmp (line, "Desc:", 5))
copy_data (&desc, line, lineno);
else if (!strncmp (line, "Pass:", 5))
copy_data (&pass, line, lineno);
else if (!strncmp (line, "Cert:", 5))
{
p = NULL;
copy_data (&p, line, lineno);
hexdowncase (p);
if (p && cert)
{
char *save = cert;
cert = xstrconcat (save, ",", p, NULL);
xfree (save);
xfree (p);
}
else
cert = p;
}
else if (!strncmp (line, "Key:", 4))
{
copy_data (&key, line, lineno);
hexdowncase (key);
}
else
inf ("%s:%d: unknown tag ignored", descfname, lineno);
xfree (line);
}
if (name)
ret |= run_one_test (name, desc, pass, cert, key);
xfree (name);
xfree (desc);
xfree (pass);
xfree (cert);
xfree (key);
fclose (fp);
xfree (descdir);
return ret;
}
int
main (int argc, char **argv)
{
int last_argc = -1;
char const *name = NULL;
char const *pass = NULL;
int ret;
int no_extra = 0;
if (argc)
{ argc--; argv++; }
while (argc && last_argc != argc )
{
last_argc = argc;
if (!strcmp (*argv, "--"))
{
argc--; argv++;
break;
}
else if (!strcmp (*argv, "--help"))
{
fputs ("usage: " PGM " <pkcs12file> [<passphrase>]\n"
"Without <pkcs12file> a regression test is run\n"
"Options:\n"
" --no-extra do not run extra tests\n"
" --verbose print timings etc.\n"
" given twice shows more\n"
" --debug flyswatter\n"
, stdout);
exit (0);
}
else if (!strcmp (*argv, "--no-extra"))
{
no_extra = 1;
argc--; argv++;
}
else if (!strcmp (*argv, "--verbose"))
{
verbose++;
argc--; argv++;
}
else if (!strcmp (*argv, "--debug"))
{
verbose += 2;
debug++;
argc--; argv++;
}
else if (!strncmp (*argv, "--", 2))
{
fprintf (stderr, PGM ": unknown option '%s'\n", *argv);
exit (1);
}
}
if (!argc)
{
name = NULL;
pass = NULL;
}
else if (argc == 1)
{
name = argv[0];
pass = "";
}
else if (argc == 2)
{
name = argv[0];
pass = argv[1];
}
else
{
fprintf (stderr, "usage: " PGM " [<file> [<passphrase>]]\n");
exit (1);
}
gcry_control (GCRYCTL_DISABLE_SECMEM, NULL);
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, NULL);
if (name)
{
p12_set_verbosity (verbose, debug);
ret = one_file (name, pass);
}
else
{
char *descfname, *p;
if (verbose > 1)
p12_set_verbosity (verbose > 1? (verbose - 1):0, debug);
descfname = prepend_srcdir ("../tests/cms/samplekeys/Description-p12");
ret = run_tests_from_file (descfname);
xfree (descfname);
/* Check whether we have non-public regression test cases. */
p = no_extra? NULL:value_from_gnupg_autogen_rc ("GNUPG_EXTRA_TESTS_DIR");
if (p)
{
descfname = xstrconcat (p, "/pkcs12/Description", NULL);
xfree (p);
ret |= run_tests_from_file (descfname);
xfree (descfname);
}
}
return ret;
}

4
sm/verify.c
View File

@ -158,6 +158,10 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
}
}
gnupg_ksba_set_progress_cb (b64writer, gpgsm_progress_cb, ctrl);
if (ctrl->input_size_hint)
gnupg_ksba_set_total (b64writer, ctrl->input_size_hint);
rc = ksba_cms_new (&cms);
if (rc)
goto leave;

8
tests/cms/Makefile.am
View File

@ -86,13 +86,19 @@ TEST_FILES = plain-1.cms.asc \
testscripts = sm-sign+verify sm-verify
EXTRA_DIST = $(XTESTS) $(KEYS) $(CERTS) $(TEST_FILES) \
samplemsgs/README \
samplekeys/Description-p12 \
samplekeys/steed-self-signing-nonthority.pem \
samplekeys/68A638998DFABAC510EA645CE34F9686B2EDF7EA.key \
samplekeys/32100C27173EF6E9C4E9A25D3D69F86D37A4F939.key \
samplekeys/cert_g10code_pete1.pem \
samplekeys/cert_g10code_test1.pem \
samplekeys/cert_g10code_theo1.pem \
samplemsgs/README \
samplekeys/ov-user.p12 \
samplekeys/ov-server.p12 \
samplekeys/opensc-test.p12 \
samplekeys/t5793-openssl.pfx \
samplekeys/t5793-test.pfx \
samplemsgs/pwri-sample.cbc.p7m \
samplemsgs/pwri-sample.cbc-2.p7m \
samplemsgs/pwri-sample.gcm.p7m \

32
tests/cms/samplekeys/Description-p12 Normal file
View File

@ -0,0 +1,32 @@
# Description-p12 - Machine readable description of our P12 test vectors
Name: ov-user.p12
Desc: Private test key from www.openvalidation.org
Pass: start
Cert: 4753a910e0c8b4caa8663ca0e4273a884eb5397d
Key: 93be89edd11214ab74280d988a665b6beef876c5
Name: ov-server.p12
Desc: Private test key from www.openvalidation.org
Pass: start
Cert: 1997fadf6cc1af03e4845c4cba38fb2397315143
Key: 63b1d7233e75c3a462cb4b8ea3ad285e8ecba91c
Name: opensc-test.p12
Desc: PKCS#12 key and certificates taken from OpenSC (RC2+3DES,PKCS#8)
Pass: password
Cert: 115abfc3ae554092a57ade74177fedf9459af5d2
Cert: a0d6d318952c313ff8c33cd3f629647ff1de76b3
Key: 5a36c61706367ecdb52e8779e3a32bbac1069fa1
Name: t5793-openssl.pfx
Desc: self-signed key issued keys
Pass: test
Cert: 80348a438e4b803b99e708da0b7fdd0659dedd15
Key: c271e44ab4fb19ca1aae71102ea4d7292ccc981d
Name: t5793-test.pfx
Desc: QuaVadis format of t5793-openssl
Pass: test
Cert: 80348a438e4b803b99e708da0b7fdd0659dedd15
Key: c271e44ab4fb19ca1aae71102ea4d7292ccc981d

8
tests/cms/samplekeys/README
View File

@ -1,10 +1,5 @@
This is a collection of keys we use with the regression tests.
opensc-tests.p12 PKCS#12 key and certificates taken from OpenSC.
Passphrase is "password"
ov-user.p12 Private tests keys from www.openvalidation.org.
ov-server.p12 Passphrase for both is "start"
For the *.p12 files see Description-p12
ossl-rentec-user.pem An OpenSSL generated user certificate using a
bunch of attributes and DC RDNs.
@ -21,4 +16,3 @@ steed-self-signing-nonthority.pem
The STEED Self-Signing Nonthority.
68A638998DFABAC510EA645CE34F9686B2EDF7EA.key
The private Key of The STEED Self-Signing Nonthority.

BIN
tests/cms/samplekeys/t5793-openssl.pfx Normal file
View File

Binary file not shown.

BIN
tests/cms/samplekeys/t5793-test.pfx Normal file
View File

Binary file not shown.

13
tools/gpg-wks-client.c
View File

@ -77,6 +77,7 @@ enum cmd_and_opt_values
oBlacklist,
oNoAutostart,
oAddRevocs,
oNoAddRevocs,
oDummy
};
@ -121,6 +122,7 @@ static gpgrt_opt_t opts[] = {
ARGPARSE_s_s (oBlacklist, "blacklist", "@"),
ARGPARSE_s_s (oDirectory, "directory", "@"),
ARGPARSE_s_n (oAddRevocs, "add-revocs", "add revocation certificates"),
ARGPARSE_s_n (oNoAddRevocs, "no-add-revocs", "do not add revocation certificates"),
ARGPARSE_s_s (oFakeSubmissionAddr, "fake-submission-addr", "@"),
@ -158,7 +160,7 @@ static gpg_error_t proc_userid_from_stdin (gpg_error_t (*func)(const char *),
const char *text);
static gpg_error_t command_supported (char *userid);
static gpg_error_t command_check (char *userid);
static gpg_error_t command_send (const char *fingerprint, const char *userid);
static gpg_error_t command_create (const char *fingerprint, const char *userid);
static gpg_error_t encrypt_response (estream_t *r_output, estream_t input,
const char *addrspec,
const char *fingerprint);
@ -262,6 +264,9 @@ parse_arguments (gpgrt_argparse_t *pargs, gpgrt_opt_t *popts)
case oAddRevocs:
opt.add_revocs = 1;
break;
case oNoAddRevocs:
opt.add_revocs = 0;
break;
case aSupported:
case aCreate:
@ -304,6 +309,8 @@ main (int argc, char **argv)
assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
setup_libassuan_logging (&opt.debug, NULL);
opt.add_revocs = 1; /* Default add revocation certs. */
/* Parse the command line. */
pargs.argc = &argc;
pargs.argv = &argv;
@ -397,7 +404,7 @@ main (int argc, char **argv)
case aCreate:
if (argc != 2)
wrong_args ("--create FINGERPRINT USER-ID");
err = command_send (argv[0], argv[1]);
err = command_create (argv[0], argv[1]);
if (err)
log_error ("creating request failed: %s\n", gpg_strerror (err));
break;
@ -1153,7 +1160,7 @@ command_check (char *userid)
/* Locate the key by fingerprint and userid and send a publication
* request. */
static gpg_error_t
command_send (const char *fingerprint, const char *userid)
command_create (const char *fingerprint, const char *userid)
{
gpg_error_t err;
KEYDB_SEARCH_DESC desc;

2
tools/gpgtar-create.c
View File

@ -1283,6 +1283,8 @@ gpgtar_create (char **inpattern, const char *files_from, int null_names,
ccparray_put (&ccp, "--recipient");
ccparray_put (&ccp, arg->d);
}
if (opt.no_compress)
ccparray_put (&ccp, "-z0");
for (arg = opt.gpg_arguments; arg; arg = arg->next)
ccparray_put (&ccp, arg->d);

3
tools/gpgtar.c
View File

@ -76,6 +76,7 @@ enum cmd_and_opt_values
oSetFilename,
oNull,
oUtf8Strings,
oNoCompress,
oBatch,
oAnswerYes,
@ -121,6 +122,7 @@ static gpgrt_opt_t opts[] = {
ARGPARSE_s_s (oSetFilename, "set-filename", "@"),
ARGPARSE_s_n (oOpenPGP, "openpgp", "@"),
ARGPARSE_s_n (oCMS, "cms", "@"),
ARGPARSE_s_n (oNoCompress, "no-compress", "@"),
ARGPARSE_s_n (oBatch, "batch", "@"),
ARGPARSE_s_n (oAnswerYes, "yes", "@"),
@ -350,6 +352,7 @@ parse_arguments (gpgrt_argparse_t *pargs, gpgrt_opt_t *popts)
case oFilesFrom: files_from = pargs->r.ret_str; break;
case oNull: null_names = 1; break;
case oUtf8Strings: opt.utf8strings = 1; break;
case oNoCompress: opt.no_compress = 1; break;
case aList:
case aDecrypt:

1
tools/gpgtar.h
View File

@ -33,6 +33,7 @@ struct
int quiet;
int dry_run;
int utf8strings;
int no_compress;
const char *gpg_program;
strlist_t gpg_arguments;
const char *outfile;

2
tools/wks-util.c
View File

@ -246,7 +246,7 @@ wks_get_key (estream_t *r_key, const char *fingerprint, const char *addrspec,
ccparray_put (&ccp, "--always-trust");
if (!binary)
ccparray_put (&ccp, "--armor");
ccparray_put (&ccp, "--export-options=export-minimal");
ccparray_put (&ccp, "--export-options=export-clean");
ccparray_put (&ccp, "--export-filter");
ccparray_put (&ccp, filterexp);
ccparray_put (&ccp, "--export");