security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-21 10:09:57 +01:00
Code Activity

* acinclude.m4 (GNUPG_PTH_VERSION_CHECK): Link a simple test

Browse Source 
program to see whether the installation is sane.

* certreqgen.c (proc_parameters): Cast printf arg.
This commit is contained in:
Werner Koch 2005-01-13 18:00:46 +00:00
parent 902a775ada
commit 444c93043d
16 changed files with 176 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
ChangeLog
View File

@ -1,3 +1,19 @@
2005-01-13 Werner Koch <wk@g10code.com>
Released 1.9.15.
* acinclude.m4 (GNUPG_PTH_VERSION_CHECK): Link a simple test
program to see whether the installation is sane.
2005-01-07 Werner Koch <wk@g10code.com>
* configure.ac: Require gpg-error 1.0.
2005-01-04 Werner Koch <wk@g10code.com>
* configure.ac: Remove hack not to build gpg2 for W32.
* autogen.sh <build-w32>: Pass option --disable-gpg instead.
2004-12-22 Werner Koch <wk@g10code.com>
Released 1.9.14.

7
NEWS
View File

@ -1,6 +1,11 @@
Noteworthy changes in version 1.9.15
Noteworthy changes in version 1.9.15 (2005-01-13)
-------------------------------------------------
* Fixed passphrase caching bug.
* Better support for CCID readers; the reader from Cherry RS 6700 USB
does now work.
Noteworthy changes in version 1.9.14 (2004-12-22)
-------------------------------------------------

10
TODO
View File

@ -67,16 +67,14 @@ might want to have an agent context for each service request
* Move pkcs-1 encoding into libgcrypt.
* Use a MAC to protect some files.
* Use a MAC to protect sensitive files.
The problem here is that we need yet another key and it is unlikely
that users are willing to remember that key too. It is possible to
do this with a smartcard, though.
* sm/export.c
** Return an error code or a status info per user ID.
* Where is http.c, regcomp.c, srv.c, w32reg.c ?
* scd/sc-investigate
** Enhance with card compatibility check
* tests
** Makefile.am
We use printf(1) to setup the library path, this is not portable.

35
acinclude.m4
View File

@ -214,6 +214,8 @@ AC_DEFUN([GNUPG_PTH_VERSION_CHECK],
[
_pth_version=`$PTH_CONFIG --version | awk 'NR==1 {print [$]3}'`
_req_version="ifelse([$1],,1.2.0,$1)"
AC_MSG_CHECKING(for PTH - version >= $_req_version)
for _var in _pth_version _req_version; do
eval "_val=\"\$${_var}\""
_major=`echo $_val | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\([[ab.]]\)\([[0-9]]*\)/\1/'`
@ -237,16 +239,37 @@ AC_DEFUN([GNUPG_PTH_VERSION_CHECK],
fi
fi
fi
if test $have_pth = no; then
AC_MSG_WARN([[
***
*** Found Pth version $_pth_version, but require at least
*** version $_req_version. Please upgrade Pth first.
***]])
if test $have_pth = yes; then
AC_MSG_RESULT(yes)
AC_MSG_CHECKING([whether PTH installation is sane])
AC_CACHE_VAL(gnupg_cv_pth_is_sane,[
_gnupg_pth_save_cflags=$CFLAGS
_gnupg_pth_save_ldflags=$LDFLAGS
_gnupg_pth_save_libs=$LIBS
CFLAGS="$CFLAGS `$PTH_CONFIG --ldflags`"
LDFLAGS="$LDFLAGS `$PTH_CONFIG --ldflags`"
LIBS="$LIBS `$PTH_CONFIG --libs`"
AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <pth.h>
],
[[ pth_init ();]])],
gnupg_cv_pth_is_sane=yes,
gnupg_cv_pth_is_sane=no)
CFLAGS=$_gnupg_pth_save_cflags
LDFLAGS=$_gnupg_pth_save_ldflags
LIBS=$_gnupg_pth_save_libs
])
if test $gnupg_cv_pth_is_sane != yes; then
have_pth=no
fi
AC_MSG_RESULT($gnupg_cv_pth_is_sane)
else
AC_MSG_RESULT(no)
fi
])
# Check whether mlock is broken (hpux 10.20 raises a SIGBUS if mlock
# is not called from uid 0 (not tested whether uid 0 works)
# For DECs Tru64 we have also to check whether mlock is in librt

3
agent/ChangeLog
View File

@ -1,5 +1,8 @@
2005-01-04 Werner Koch <wk@g10code.com>
* trustlist.c (agent_marktrusted): Use "Cancel" for the first
confirmation and made the strings translatable.
* cache.c (agent_put_cache): Fix the test for using the default
TTL.

42
agent/trustlist.c
View File

@ -30,6 +30,7 @@
#include "agent.h"
#include <assuan.h> /* fixme: need a way to avoid assuan calls here */
#include "i18n.h"
static const char headerblurb[] =
"# This is the list of trusted keys. Comment lines, like this one, as\n"
@ -290,17 +291,30 @@ agent_marktrusted (CTRL ctrl, const char *name, const char *fpr, int flag)
return gpg_error (GPG_ERR_NOT_SUPPORTED);
}
/* insert a new one */
/* Insert a new one. */
if (asprintf (&desc,
"Please verify that the certificate identified as:%%0A"
" \"%s\"%%0A"
"has the fingerprint:%%0A"
" %s", name, fpr) < 0 )
/* TRANSLATORS: This prompt is shown by the Pinentry
and has one special property: A "%%0A" is used by
Pinentry to insert a line break. The double
percent sign is actually needed because it is also
a printf format string. If you need to insert a
plain % sign, you need to encode it as "%%25". The
second "%s" gets replaced by a hexdecimal
fingerprint string whereas the first one receives
the name as store in the certificate. */
_("Please verify that the certificate identified as:%%0A"
" \"%s\"%%0A"
"has the fingerprint:%%0A"
" %s"), name, fpr) < 0 )
{
trustfp_used--;
return out_of_core ();
}
rc = agent_get_confirmation (ctrl, desc, "Correct", "No");
/* TRANSLATORS: "Correct" is the label of a button and intended to
be hit if the fingerprint matches the one of the CA. The other
button is "the default "Cancel" of the Pinentry. */
rc = agent_get_confirmation (ctrl, desc, _("Correct"), NULL);
free (desc);
if (rc)
{
@ -309,15 +323,23 @@ agent_marktrusted (CTRL ctrl, const char *name, const char *fpr, int flag)
}
if (asprintf (&desc,
"Do you ultimately trust%%0A"
" \"%s\"%%0A"
"to correctly certify user certificates?",
/* TRANSLATORS: This prompt is shown by the Pinentry
and has one special property: A "%%0A" is used by
Pinentry to insert a line break. The double
percent sign is actually needed because it is also
a printf format string. If you need to insert a
plain % sign, you need to encode it as "%%25". The
"%s" gets replaced by the name as store in the
certificate. */
_("Do you ultimately trust%%0A"
" \"%s\"%%0A"
"to correctly certify user certificates?"),
name) < 0 )
{
trustfp_used--;
return out_of_core ();
}
rc = agent_get_confirmation (ctrl, desc, "Yes", "No");
rc = agent_get_confirmation (ctrl, desc, _("Yes"), _("No"));
free (desc);
if (rc)
{

3
autogen.sh
View File

@ -90,7 +90,8 @@ if test "$1" = "--build-w32"; then
--with-libgcrypt-prefix=${w32root} \
--with-libassuan-prefix=${w32root} \
--with-zlib=${w32root} \
--with-pth-prefix=${w32root}
--with-pth-prefix=${w32root} \
--disable-gpg
rc=$?
# Ugly hack to overcome a gettext problem. Someone should look into
# gettext to figure out why the po directory is not ignored as it used

18
configure.ac
View File

@ -24,12 +24,12 @@ min_automake_version="1.9.3"
# Version number: Remember to change it immediately *after* a release.
# Add a "-cvs" prefix for non-released code.
AC_INIT(gnupg, 1.9.15-cvs, gnupg-devel@gnupg.org)
AC_INIT(gnupg, 1.9.15, gnupg-devel@gnupg.org)
# Set development_version to yes if the minor number is odd or you
# feel that the default check for a development version is not
# sufficient.
development_version=yes
NEED_GPG_ERROR_VERSION=0.7
NEED_GPG_ERROR_VERSION=1.0
NEED_LIBGCRYPT_API=1
NEED_LIBGCRYPT_VERSION=1.1.94
@ -133,6 +133,7 @@ test -n "$GNUPG_PROTECT_TOOL_PGM" \
&& show_gnupg_protect_tool_pgm="$GNUPG_PROTECT_TOOL_PGM"
# Some folks want to use only the agent form this packet. Make it
# easier for them by providing the configure option
# --enable-only-agent.
@ -528,9 +529,8 @@ AC_SUBST(PTH_CFLAGS)
AC_SUBST(PTH_LIBS)
AC_ARG_ENABLE(threads,
AC_HELP_STRING([--disable-threads],[allow building without Pth support]);
)
AC_HELP_STRING([--disable-threads],[allow building without Pth support])
)
dnl Must check for network library requirements before doing link tests
@ -1034,19 +1034,13 @@ if test "$build_scdaemon" = "yes"; then
fi
fi
if test "$build_agent_only" = "yes" ; then
build_gpg=no
build_gpgsm=no
build_scdaemon=no
fi
# We don't yet want to build some parts for W32
case "${host}" in
*-mingw32*)
build_gpg=no
;;
esac
AM_CONDITIONAL(BUILD_GPG, test "$build_gpg" = "yes")
AM_CONDITIONAL(BUILD_GPGSM, test "$build_gpgsm" = "yes")

4
doc/ChangeLog
View File

@ -1,3 +1,7 @@
2005-01-04 Werner Koch <wk@g10code.com>
* gnupg.texi: Updated to use @copying.
2004-12-22 Werner Koch <wk@g10code.com>
* gnupg.texi: Reordered.

96
doc/gnupg.texi
View File

@ -1,23 +1,8 @@
\input texinfo @c -*-texinfo-*-
@c %**start of header
@setfilename gnupg.info
@include version.texi
@macro copyrightnotice
Copyright @copyright{} 2002, 2004 Free Software Foundation, Inc.
@end macro
@macro permissionnotice
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU General Public License as published by the
Free Software Foundation; either version 2 of the License, or (at your
option) any later version. The text of the license can be found in the
section entitled ``Copying''.
@end macro
@settitle Using the GNU Privacy Guard
@c Create a separate index for command line options.
@defcodeindex op
@c Merge the standard indexes into a single one.
@ -26,8 +11,39 @@ section entitled ``Copying''.
@syncodeindex ky cp
@syncodeindex pg cp
@syncodeindex tp cp
@c %**end of header
@copying
This is the @cite{The GNU Privacy Guard Manual}
(version @value{VERSION}, @value{UPDATED}).
@c printing stuff taken from gcc.
@iftex
Published by the Free Software Foundation@*
59 Temple Place - Suite 330@*
Boston, MA 02111-1307 USA
@end iftex
Copyright @copyright{} 2002, 2004 Free Software Foundation, Inc.
@quotation
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU General Public License as published by the
Free Software Foundation; either version 2 of the License, or (at your
option) any later version. The text of the license can be found in the
section entitled ``Copying''.
@end quotation
@end copying
@dircategory GNU Utilities
@direntry
* gpg: (gnupg). OpenPGP encryption and signing tool.
* gpgsm: (gnupg). S/MIME encryption and signing tool.
@end direntry
@c
@c Printing stuff taken from gcc.
@c
@macro gnupgtabopt{body}
@code{\body\}
@end macro
@ -48,36 +64,10 @@ section entitled ``Copying''.
@end ifnottex
@c Change the font used for @def... commands, since the default
@c proportional one used is bad for names starting __.
@tex
\global\setfont\defbf\ttbshape{10}{\magstep1}
@end tex
@c %**end of header
@ifnottex
@dircategory GNU Utilities
@direntry
* gpg: (gnupg). OpenPGP encryption and signing tool.
* gpgsm: (gnupg). S/MIME encryption and signing tool.
@end direntry
This file documents the use and the internals of the GNU Privacy Guard.
This is Edition @value{EDITION}, last updated @value{UPDATED}, of
@cite{The `GNU Privacy Guard' Manual}, for Version @value{VERSION}.
@sp 1
Published by the Free Software Foundation@*
59 Temple Place - Suite 330@*
Boston, MA 02111-1307 USA
@sp 1
@copyrightnotice{}
@sp 1
@permissionnotice{}
@end ifnottex
@c
@c Titlepage
@c
@setchapternewpage odd
@titlepage
@title Using the GNU Privacy Guard
@subtitle Version @value{VERSION}
@ -89,26 +79,26 @@ Boston, MA 02111-1307 USA
@sp 6
@author Werner Koch @code{(wk@@gnupg.org)}
@author Werner Koch (@email{wk@@gnupg.org})
@page
@vskip 0pt plus 1filll
@copyrightnotice{}
@sp 2
@permissionnotice{}
@insertcopying
@end titlepage
@summarycontents
@contents
@page
@ifnottex
@node Top
@top Introduction
@cindex introduction
@top The GNU Privacy Guard
@insertcopying
This manual documents how to use the GNU Privacy Guard system as well as
the administration and the architecture.
@end ifnottex
@menu
* Invoking GPG:: Using the OpenPGP protocol.

8
po/de.po
View File

@ -317,7 +317,9 @@ msgstr "Mantra"
msgid ""
"Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the "
"fingerprint:%%0A %s"
msgstr "Bitte prüfen Sie, daß das Zertifikat mit dem Namen:%%0A \"%s\"%%0Afolgenden Fingerabdruck hat:%%0A %s"
msgstr ""
"Bitte prüfen Sie, daß das Zertifikat mit dem Namen:%%0A \"%s\"%%0Afolgenden "
"Fingerabdruck hat:%%0A %s"
#. TRANSLATORS: "Correct" is the label of a button and intended to
#. be hit if the fingerprint matches the one of the CA. The other
@ -339,7 +341,9 @@ msgstr "Korrekt"
msgid ""
"Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user "
"certificates?"
msgstr "Wenn Sie vollständiges Vertrauen haben, daß%%0A \"%s\"%%0ABenutzerzertifikate verläßlich zertifiziert, so antworten Sie mit \"Ja\""
msgstr ""
"Wenn Sie vollständiges Vertrauen haben, daß%%0A \"%s\"%%"
"0ABenutzerzertifikate verläßlich zertifiziert, so antworten Sie mit \"Ja\""
#: agent/trustlist.c:342
msgid "Yes"

1
scd/ChangeLog
View File

@ -9,6 +9,7 @@
(ccid_transceive_apdu_level): New.
(ccid_transceive): Divert to above.
(parse_ccid_descriptor): Allow APDU level exchange mode.
(do_close_reader): Pass the interface number to usb_release_interface.
2004-12-21 Werner Koch <wk@g10code.com>

23
scd/ccid-driver.c
View File

@ -198,6 +198,7 @@ struct ccid_driver_s
unsigned short id_vendor;
unsigned short id_product;
unsigned short bcd_device;
int ifc_no;
int ep_bulk_out;
int ep_bulk_in;
int ep_intr;
@ -914,6 +915,7 @@ ccid_open_reader (ccid_driver_t *handle, const char *readerid)
(*handle)->id_vendor = dev->descriptor.idVendor;
(*handle)->id_product = dev->descriptor.idProduct;
(*handle)->bcd_device = dev->descriptor.bcdDevice;
(*handle)->ifc_no = ifc_no;
(*handle)->ep_bulk_out = ep_bulk_out;
(*handle)->ep_bulk_in = ep_bulk_in;
(*handle)->ep_intr = ep_intr;
@ -977,7 +979,7 @@ do_close_reader (ccid_driver_t handle)
}
if (handle->idev)
{
usb_release_interface (handle->idev, 0);
usb_release_interface (handle->idev, handle->ifc_no);
usb_close (handle->idev);
handle->idev = NULL;
}
@ -1018,6 +1020,7 @@ ccid_shutdown_reader (ccid_driver_t handle)
handle->idev = idev;
handle->ifc_no = ifc_no;
handle->ep_bulk_out = ep_bulk_out;
handle->ep_bulk_in = ep_bulk_in;
handle->ep_intr = ep_intr;
@ -2115,6 +2118,7 @@ main (int argc, char **argv)
int no_pinpad = 0;
int verify_123456 = 0;
int did_verify = 0;
int no_poll = 0;
if (argc)
{
@ -2139,6 +2143,11 @@ main (int argc, char **argv)
ccid_set_debug_level (1);
argc--; argv++;
}
else if ( !strcmp (*argv, "--no-poll"))
{
no_poll = 1;
argc--; argv++;
}
else if ( !strcmp (*argv, "--no-pinpad"))
{
no_pinpad = 1;
@ -2157,7 +2166,8 @@ main (int argc, char **argv)
if (rc)
return 1;
ccid_poll (ccid);
if (!no_poll)
ccid_poll (ccid);
fputs ("getting ATR ...\n", stderr);
rc = ccid_get_atr (ccid, NULL, 0, NULL);
if (rc)
@ -2166,7 +2176,8 @@ main (int argc, char **argv)
return 1;
}
ccid_poll (ccid);
if (!no_poll)
ccid_poll (ccid);
fputs ("getting slot status ...\n", stderr);
rc = ccid_slot_status (ccid, &slotstat);
if (rc)
@ -2175,7 +2186,8 @@ main (int argc, char **argv)
return 1;
}
ccid_poll (ccid);
if (!no_poll)
ccid_poll (ccid);
fputs ("selecting application OpenPGP ....\n", stderr);
{
@ -2188,7 +2200,8 @@ main (int argc, char **argv)
}
ccid_poll (ccid);
if (!no_poll)
ccid_poll (ccid);
fputs ("getting OpenPGP DO 0x65 ....\n", stderr);
{

4
sm/ChangeLog
View File

@ -1,3 +1,7 @@
2005-01-13 Werner Koch <wk@g10code.com>
* certreqgen.c (proc_parameters): Cast printf arg.
2004-12-22 Werner Koch <wk@g10code.com>
* gpgsm.c (set_binary): New.

2
sm/certreqgen.c
View File

@ -493,7 +493,7 @@ proc_parameters (ctrl_t ctrl,
sprintf (numbuf, "%u", nbits);
snprintf (keyparms, DIM (keyparms)-1,
"(6:genkey(3:rsa(5:nbits%d:%s)))", strlen (numbuf), numbuf);
"(6:genkey(3:rsa(5:nbits%d:%s)))", (int)strlen (numbuf), numbuf);
rc = gpgsm_agent_genkey (ctrl, keyparms, &public);
if (rc)
{

2
sm/decrypt.c
View File

@ -333,7 +333,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp)
numbuf, algoid?algoid:"?", NULL);
}
/* If it seems that this is not an ecrypted message we
/* If it seems that this is not an encrypted message we
return a more sensible error code. */
if (!algoid)
rc = gpg_error (GPG_ERR_NO_DATA);