diff --git a/ChangeLog b/ChangeLog index ac2784365..237999e8a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,19 @@ +2005-01-13 Werner Koch + + Released 1.9.15. + + * acinclude.m4 (GNUPG_PTH_VERSION_CHECK): Link a simple test + program to see whether the installation is sane. + +2005-01-07 Werner Koch + + * configure.ac: Require gpg-error 1.0. + +2005-01-04 Werner Koch + + * configure.ac: Remove hack not to build gpg2 for W32. + * autogen.sh : Pass option --disable-gpg instead. + 2004-12-22 Werner Koch Released 1.9.14. diff --git a/NEWS b/NEWS index 3fae5417e..afb519487 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,11 @@ -Noteworthy changes in version 1.9.15 +Noteworthy changes in version 1.9.15 (2005-01-13) ------------------------------------------------- + * Fixed passphrase caching bug. + + * Better support for CCID readers; the reader from Cherry RS 6700 USB + does now work. + Noteworthy changes in version 1.9.14 (2004-12-22) ------------------------------------------------- diff --git a/TODO b/TODO index 16311a204..7a2292bd6 100644 --- a/TODO +++ b/TODO @@ -67,16 +67,14 @@ might want to have an agent context for each service request * Move pkcs-1 encoding into libgcrypt. -* Use a MAC to protect some files. +* Use a MAC to protect sensitive files. + The problem here is that we need yet another key and it is unlikely + that users are willing to remember that key too. It is possible to + do this with a smartcard, though. * sm/export.c ** Return an error code or a status info per user ID. -* Where is http.c, regcomp.c, srv.c, w32reg.c ? - -* scd/sc-investigate -** Enhance with card compatibility check - * tests ** Makefile.am We use printf(1) to setup the library path, this is not portable. diff --git a/acinclude.m4 b/acinclude.m4 index 5f742b279..31f540640 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -214,6 +214,8 @@ AC_DEFUN([GNUPG_PTH_VERSION_CHECK], [ _pth_version=`$PTH_CONFIG --version | awk 'NR==1 {print [$]3}'` _req_version="ifelse([$1],,1.2.0,$1)" + + AC_MSG_CHECKING(for PTH - version >= $_req_version) for _var in _pth_version _req_version; do eval "_val=\"\$${_var}\"" _major=`echo $_val | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\([[ab.]]\)\([[0-9]]*\)/\1/'` @@ -237,16 +239,37 @@ AC_DEFUN([GNUPG_PTH_VERSION_CHECK], fi fi fi - if test $have_pth = no; then - AC_MSG_WARN([[ -*** -*** Found Pth version $_pth_version, but require at least -*** version $_req_version. Please upgrade Pth first. -***]]) + if test $have_pth = yes; then + AC_MSG_RESULT(yes) + AC_MSG_CHECKING([whether PTH installation is sane]) + AC_CACHE_VAL(gnupg_cv_pth_is_sane,[ + _gnupg_pth_save_cflags=$CFLAGS + _gnupg_pth_save_ldflags=$LDFLAGS + _gnupg_pth_save_libs=$LIBS + CFLAGS="$CFLAGS `$PTH_CONFIG --ldflags`" + LDFLAGS="$LDFLAGS `$PTH_CONFIG --ldflags`" + LIBS="$LIBS `$PTH_CONFIG --libs`" + AC_LINK_IFELSE([AC_LANG_PROGRAM([#include + ], + [[ pth_init ();]])], + gnupg_cv_pth_is_sane=yes, + gnupg_cv_pth_is_sane=no) + CFLAGS=$_gnupg_pth_save_cflags + LDFLAGS=$_gnupg_pth_save_ldflags + LIBS=$_gnupg_pth_save_libs + ]) + if test $gnupg_cv_pth_is_sane != yes; then + have_pth=no + fi + AC_MSG_RESULT($gnupg_cv_pth_is_sane) + else + AC_MSG_RESULT(no) fi ]) + + # Check whether mlock is broken (hpux 10.20 raises a SIGBUS if mlock # is not called from uid 0 (not tested whether uid 0 works) # For DECs Tru64 we have also to check whether mlock is in librt diff --git a/agent/ChangeLog b/agent/ChangeLog index fa450dfdb..c790482b4 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,5 +1,8 @@ 2005-01-04 Werner Koch + * trustlist.c (agent_marktrusted): Use "Cancel" for the first + confirmation and made the strings translatable. + * cache.c (agent_put_cache): Fix the test for using the default TTL. diff --git a/agent/trustlist.c b/agent/trustlist.c index a0b6b9861..edb00650d 100644 --- a/agent/trustlist.c +++ b/agent/trustlist.c @@ -30,6 +30,7 @@ #include "agent.h" #include /* fixme: need a way to avoid assuan calls here */ +#include "i18n.h" static const char headerblurb[] = "# This is the list of trusted keys. Comment lines, like this one, as\n" @@ -290,17 +291,30 @@ agent_marktrusted (CTRL ctrl, const char *name, const char *fpr, int flag) return gpg_error (GPG_ERR_NOT_SUPPORTED); } - /* insert a new one */ + /* Insert a new one. */ if (asprintf (&desc, - "Please verify that the certificate identified as:%%0A" - " \"%s\"%%0A" - "has the fingerprint:%%0A" - " %s", name, fpr) < 0 ) + /* TRANSLATORS: This prompt is shown by the Pinentry + and has one special property: A "%%0A" is used by + Pinentry to insert a line break. The double + percent sign is actually needed because it is also + a printf format string. If you need to insert a + plain % sign, you need to encode it as "%%25". The + second "%s" gets replaced by a hexdecimal + fingerprint string whereas the first one receives + the name as store in the certificate. */ + _("Please verify that the certificate identified as:%%0A" + " \"%s\"%%0A" + "has the fingerprint:%%0A" + " %s"), name, fpr) < 0 ) { trustfp_used--; return out_of_core (); } - rc = agent_get_confirmation (ctrl, desc, "Correct", "No"); + + /* TRANSLATORS: "Correct" is the label of a button and intended to + be hit if the fingerprint matches the one of the CA. The other + button is "the default "Cancel" of the Pinentry. */ + rc = agent_get_confirmation (ctrl, desc, _("Correct"), NULL); free (desc); if (rc) { @@ -309,15 +323,23 @@ agent_marktrusted (CTRL ctrl, const char *name, const char *fpr, int flag) } if (asprintf (&desc, - "Do you ultimately trust%%0A" - " \"%s\"%%0A" - "to correctly certify user certificates?", + /* TRANSLATORS: This prompt is shown by the Pinentry + and has one special property: A "%%0A" is used by + Pinentry to insert a line break. The double + percent sign is actually needed because it is also + a printf format string. If you need to insert a + plain % sign, you need to encode it as "%%25". The + "%s" gets replaced by the name as store in the + certificate. */ + _("Do you ultimately trust%%0A" + " \"%s\"%%0A" + "to correctly certify user certificates?"), name) < 0 ) { trustfp_used--; return out_of_core (); } - rc = agent_get_confirmation (ctrl, desc, "Yes", "No"); + rc = agent_get_confirmation (ctrl, desc, _("Yes"), _("No")); free (desc); if (rc) { diff --git a/autogen.sh b/autogen.sh index 87ddc6369..67d28ed38 100755 --- a/autogen.sh +++ b/autogen.sh @@ -90,7 +90,8 @@ if test "$1" = "--build-w32"; then --with-libgcrypt-prefix=${w32root} \ --with-libassuan-prefix=${w32root} \ --with-zlib=${w32root} \ - --with-pth-prefix=${w32root} + --with-pth-prefix=${w32root} \ + --disable-gpg rc=$? # Ugly hack to overcome a gettext problem. Someone should look into # gettext to figure out why the po directory is not ignored as it used diff --git a/configure.ac b/configure.ac index 35886dfa6..041a4d1b8 100644 --- a/configure.ac +++ b/configure.ac @@ -24,12 +24,12 @@ min_automake_version="1.9.3" # Version number: Remember to change it immediately *after* a release. # Add a "-cvs" prefix for non-released code. -AC_INIT(gnupg, 1.9.15-cvs, gnupg-devel@gnupg.org) +AC_INIT(gnupg, 1.9.15, gnupg-devel@gnupg.org) # Set development_version to yes if the minor number is odd or you # feel that the default check for a development version is not # sufficient. development_version=yes -NEED_GPG_ERROR_VERSION=0.7 +NEED_GPG_ERROR_VERSION=1.0 NEED_LIBGCRYPT_API=1 NEED_LIBGCRYPT_VERSION=1.1.94 @@ -133,6 +133,7 @@ test -n "$GNUPG_PROTECT_TOOL_PGM" \ && show_gnupg_protect_tool_pgm="$GNUPG_PROTECT_TOOL_PGM" + # Some folks want to use only the agent form this packet. Make it # easier for them by providing the configure option # --enable-only-agent. @@ -528,9 +529,8 @@ AC_SUBST(PTH_CFLAGS) AC_SUBST(PTH_LIBS) AC_ARG_ENABLE(threads, - AC_HELP_STRING([--disable-threads],[allow building without Pth support]); - -) + AC_HELP_STRING([--disable-threads],[allow building without Pth support]) + ) dnl Must check for network library requirements before doing link tests @@ -1034,19 +1034,13 @@ if test "$build_scdaemon" = "yes"; then fi fi + if test "$build_agent_only" = "yes" ; then build_gpg=no build_gpgsm=no build_scdaemon=no fi -# We don't yet want to build some parts for W32 -case "${host}" in - *-mingw32*) - build_gpg=no - ;; -esac - AM_CONDITIONAL(BUILD_GPG, test "$build_gpg" = "yes") AM_CONDITIONAL(BUILD_GPGSM, test "$build_gpgsm" = "yes") diff --git a/doc/ChangeLog b/doc/ChangeLog index 407b706b0..855c3ca38 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,7 @@ +2005-01-04 Werner Koch + + * gnupg.texi: Updated to use @copying. + 2004-12-22 Werner Koch * gnupg.texi: Reordered. diff --git a/doc/gnupg.texi b/doc/gnupg.texi index 006e604a0..5c6925260 100644 --- a/doc/gnupg.texi +++ b/doc/gnupg.texi @@ -1,23 +1,8 @@ \input texinfo @c -*-texinfo-*- @c %**start of header @setfilename gnupg.info - @include version.texi - -@macro copyrightnotice -Copyright @copyright{} 2002, 2004 Free Software Foundation, Inc. -@end macro -@macro permissionnotice -Permission is granted to copy, distribute and/or modify this document -under the terms of the GNU General Public License as published by the -Free Software Foundation; either version 2 of the License, or (at your -option) any later version. The text of the license can be found in the -section entitled ``Copying''. -@end macro - - @settitle Using the GNU Privacy Guard - @c Create a separate index for command line options. @defcodeindex op @c Merge the standard indexes into a single one. @@ -26,8 +11,39 @@ section entitled ``Copying''. @syncodeindex ky cp @syncodeindex pg cp @syncodeindex tp cp +@c %**end of header +@copying +This is the @cite{The GNU Privacy Guard Manual} +(version @value{VERSION}, @value{UPDATED}). -@c printing stuff taken from gcc. +@iftex +Published by the Free Software Foundation@* +59 Temple Place - Suite 330@* +Boston, MA 02111-1307 USA +@end iftex + +Copyright @copyright{} 2002, 2004 Free Software Foundation, Inc. + +@quotation +Permission is granted to copy, distribute and/or modify this document +under the terms of the GNU General Public License as published by the +Free Software Foundation; either version 2 of the License, or (at your +option) any later version. The text of the license can be found in the +section entitled ``Copying''. +@end quotation +@end copying + + +@dircategory GNU Utilities +@direntry +* gpg: (gnupg). OpenPGP encryption and signing tool. +* gpgsm: (gnupg). S/MIME encryption and signing tool. +@end direntry + + +@c +@c Printing stuff taken from gcc. +@c @macro gnupgtabopt{body} @code{\body\} @end macro @@ -48,36 +64,10 @@ section entitled ``Copying''. @end ifnottex -@c Change the font used for @def... commands, since the default -@c proportional one used is bad for names starting __. -@tex -\global\setfont\defbf\ttbshape{10}{\magstep1} -@end tex - -@c %**end of header - -@ifnottex -@dircategory GNU Utilities -@direntry -* gpg: (gnupg). OpenPGP encryption and signing tool. -* gpgsm: (gnupg). S/MIME encryption and signing tool. -@end direntry -This file documents the use and the internals of the GNU Privacy Guard. - -This is Edition @value{EDITION}, last updated @value{UPDATED}, of -@cite{The `GNU Privacy Guard' Manual}, for Version @value{VERSION}. -@sp 1 -Published by the Free Software Foundation@* -59 Temple Place - Suite 330@* -Boston, MA 02111-1307 USA -@sp 1 -@copyrightnotice{} -@sp 1 -@permissionnotice{} -@end ifnottex - +@c +@c Titlepage +@c @setchapternewpage odd - @titlepage @title Using the GNU Privacy Guard @subtitle Version @value{VERSION} @@ -89,26 +79,26 @@ Boston, MA 02111-1307 USA @sp 6 -@author Werner Koch @code{(wk@@gnupg.org)} - +@author Werner Koch (@email{wk@@gnupg.org}) @page @vskip 0pt plus 1filll -@copyrightnotice{} -@sp 2 -@permissionnotice{} +@insertcopying @end titlepage + + @summarycontents @contents @page - +@ifnottex @node Top -@top Introduction -@cindex introduction +@top The GNU Privacy Guard +@insertcopying This manual documents how to use the GNU Privacy Guard system as well as the administration and the architecture. +@end ifnottex @menu * Invoking GPG:: Using the OpenPGP protocol. diff --git a/po/de.po b/po/de.po index e7227df59..bfcf40d67 100644 --- a/po/de.po +++ b/po/de.po @@ -317,7 +317,9 @@ msgstr "Mantra" msgid "" "Please verify that the certificate identified as:%%0A \"%s\"%%0Ahas the " "fingerprint:%%0A %s" -msgstr "Bitte prüfen Sie, daß das Zertifikat mit dem Namen:%%0A \"%s\"%%0Afolgenden Fingerabdruck hat:%%0A %s" +msgstr "" +"Bitte prüfen Sie, daß das Zertifikat mit dem Namen:%%0A \"%s\"%%0Afolgenden " +"Fingerabdruck hat:%%0A %s" #. TRANSLATORS: "Correct" is the label of a button and intended to #. be hit if the fingerprint matches the one of the CA. The other @@ -339,7 +341,9 @@ msgstr "Korrekt" msgid "" "Do you ultimately trust%%0A \"%s\"%%0Ato correctly certify user " "certificates?" -msgstr "Wenn Sie vollständiges Vertrauen haben, daß%%0A \"%s\"%%0ABenutzerzertifikate verläßlich zertifiziert, so antworten Sie mit \"Ja\"" +msgstr "" +"Wenn Sie vollständiges Vertrauen haben, daß%%0A \"%s\"%%" +"0ABenutzerzertifikate verläßlich zertifiziert, so antworten Sie mit \"Ja\"" #: agent/trustlist.c:342 msgid "Yes" diff --git a/scd/ChangeLog b/scd/ChangeLog index 4aae08536..e85c8d81c 100644 --- a/scd/ChangeLog +++ b/scd/ChangeLog @@ -9,6 +9,7 @@ (ccid_transceive_apdu_level): New. (ccid_transceive): Divert to above. (parse_ccid_descriptor): Allow APDU level exchange mode. + (do_close_reader): Pass the interface number to usb_release_interface. 2004-12-21 Werner Koch diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index eeea651a9..0694fe762 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -198,6 +198,7 @@ struct ccid_driver_s unsigned short id_vendor; unsigned short id_product; unsigned short bcd_device; + int ifc_no; int ep_bulk_out; int ep_bulk_in; int ep_intr; @@ -914,6 +915,7 @@ ccid_open_reader (ccid_driver_t *handle, const char *readerid) (*handle)->id_vendor = dev->descriptor.idVendor; (*handle)->id_product = dev->descriptor.idProduct; (*handle)->bcd_device = dev->descriptor.bcdDevice; + (*handle)->ifc_no = ifc_no; (*handle)->ep_bulk_out = ep_bulk_out; (*handle)->ep_bulk_in = ep_bulk_in; (*handle)->ep_intr = ep_intr; @@ -977,7 +979,7 @@ do_close_reader (ccid_driver_t handle) } if (handle->idev) { - usb_release_interface (handle->idev, 0); + usb_release_interface (handle->idev, handle->ifc_no); usb_close (handle->idev); handle->idev = NULL; } @@ -1018,6 +1020,7 @@ ccid_shutdown_reader (ccid_driver_t handle) handle->idev = idev; + handle->ifc_no = ifc_no; handle->ep_bulk_out = ep_bulk_out; handle->ep_bulk_in = ep_bulk_in; handle->ep_intr = ep_intr; @@ -2115,6 +2118,7 @@ main (int argc, char **argv) int no_pinpad = 0; int verify_123456 = 0; int did_verify = 0; + int no_poll = 0; if (argc) { @@ -2139,6 +2143,11 @@ main (int argc, char **argv) ccid_set_debug_level (1); argc--; argv++; } + else if ( !strcmp (*argv, "--no-poll")) + { + no_poll = 1; + argc--; argv++; + } else if ( !strcmp (*argv, "--no-pinpad")) { no_pinpad = 1; @@ -2157,7 +2166,8 @@ main (int argc, char **argv) if (rc) return 1; - ccid_poll (ccid); + if (!no_poll) + ccid_poll (ccid); fputs ("getting ATR ...\n", stderr); rc = ccid_get_atr (ccid, NULL, 0, NULL); if (rc) @@ -2166,7 +2176,8 @@ main (int argc, char **argv) return 1; } - ccid_poll (ccid); + if (!no_poll) + ccid_poll (ccid); fputs ("getting slot status ...\n", stderr); rc = ccid_slot_status (ccid, &slotstat); if (rc) @@ -2175,7 +2186,8 @@ main (int argc, char **argv) return 1; } - ccid_poll (ccid); + if (!no_poll) + ccid_poll (ccid); fputs ("selecting application OpenPGP ....\n", stderr); { @@ -2188,7 +2200,8 @@ main (int argc, char **argv) } - ccid_poll (ccid); + if (!no_poll) + ccid_poll (ccid); fputs ("getting OpenPGP DO 0x65 ....\n", stderr); { diff --git a/sm/ChangeLog b/sm/ChangeLog index df1670082..a4f07b048 100644 --- a/sm/ChangeLog +++ b/sm/ChangeLog @@ -1,3 +1,7 @@ +2005-01-13 Werner Koch + + * certreqgen.c (proc_parameters): Cast printf arg. + 2004-12-22 Werner Koch * gpgsm.c (set_binary): New. diff --git a/sm/certreqgen.c b/sm/certreqgen.c index bbc7c98e9..7b29a5b8d 100644 --- a/sm/certreqgen.c +++ b/sm/certreqgen.c @@ -493,7 +493,7 @@ proc_parameters (ctrl_t ctrl, sprintf (numbuf, "%u", nbits); snprintf (keyparms, DIM (keyparms)-1, - "(6:genkey(3:rsa(5:nbits%d:%s)))", strlen (numbuf), numbuf); + "(6:genkey(3:rsa(5:nbits%d:%s)))", (int)strlen (numbuf), numbuf); rc = gpgsm_agent_genkey (ctrl, keyparms, &public); if (rc) { diff --git a/sm/decrypt.c b/sm/decrypt.c index 8ac2e23fe..9e5518b0f 100644 --- a/sm/decrypt.c +++ b/sm/decrypt.c @@ -333,7 +333,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp) numbuf, algoid?algoid:"?", NULL); } - /* If it seems that this is not an ecrypted message we + /* If it seems that this is not an encrypted message we return a more sensible error code. */ if (!algoid) rc = gpg_error (GPG_ERR_NO_DATA);