See ChangeLog: Tue Jun 29 21:44:25 CEST 1999 Werner Koch

ChangeLog

@@ -1,6 +1,15 @@
-Sat Jun 26 12:15:59 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+Tue Jun 29 21:44:25 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
 
 
+	* configure.in (use_local_zlib): The lost dollar is back.
+
+	* acinclude.m4 (GNUPG_SYS_SYMBOL_UNDERSCORE): Add EMX case.
+	* configure.in: Another variant of the MX vendor string
+
+	* configure.in (--with-capabilities): Some test code (Remi).
+
+Sat Jun 26 12:15:59 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
 	* acinclude.m4 (GNUPG_CHECK_RDYNAMIC): Support for HPUX and IRIX.
 	* configure.in (HAVE_DL_SHL_LOAD): New for HPUX (Dave Dykstra).
 

Makefile.am

@@ -1,10 +1,10 @@
 ## Process this file with automake to produce Makefile.in
 
-#if COMPILE_LIBGCRYPT
-#gcrypt = gcrypt
-#else
+if COMPILE_LIBGCRYPT
+gcrypt = gcrypt
+else
 gcrypt =
-#endif
+endif
 
 SUBDIRS = intl zlib util mpi cipher tools g10 po doc checks ${gcrypt}
 EXTRA_DIST = VERSION  PROJECTS BUGS

NEWS

@@ -1,3 +1,7 @@
+
+    *
+
+
 Noteworthy changes in version 0.9.8
 -----------------------------------
 

TODO

@@ -6,16 +6,10 @@
 
   * Speed up calculation of key validity.
 
-  * See why we always get this "Hmmm, public key not anymore available"
-    Rewrite that stuff.
-
   * print a warning when a revoked/expired _secret_ key is used.
 
   * remove more "Fixmes"
 
-  * Use capabilities if available.  glibc2 does not support it yet?
-    What about 2.2 or should we use the system calls directly?
-
   * when decryptiong multiple key: print a warning only if no usable pubkey
     encrypt package was found.	Extension: display a list of all recipients.
 
@@ -29,8 +23,6 @@
 
   * convert the given user ID to UTF-8 and add an option to suppress this.
 
-  * A way to disable keys.
-
 
 Nice to have
 ------------

VERSION

@@ -1 +1 @@
-0.9.8
+0.9.8a

acconfig.h

@@ -92,6 +92,7 @@
  * with special properties like no file modes */
 #undef HAVE_DOSISH_SYSTEM
 
+#undef USE_CAPABILITIES
 
 
 @BOTTOM@

acinclude.m4

@@ -560,11 +560,20 @@ AC_CHECK_TOOL(AS, as, false)
 # GNUPG_SYS_SYMBOL_UNDERSCORE - does the compiler prefix global symbols
 #                              with an underscore?
 AC_DEFUN(GNUPG_SYS_SYMBOL_UNDERSCORE,
-[if test "$cross_compiling" = yes; then
-    AC_MSG_CHECKING([for _ prefix in compiled symbols])
-    ac_cv_sys_symbol_underscore=yes
-    AC_MSG_RESULT(assume yes)
-else
+[ac_cv_sys_symbol_underscore="check"
+case "${target}" in
+    i386-emx-os2 | i[3456]86-pc-os2*emx )
+        ac_cv_sys_symbol_underscore=yes
+        ;;
+    *)
+      if test "$cross_compiling" = yes; then
+         ac_cv_sys_symbol_underscore=yes
+      fi
+       ;;
+esac
+
+if test "$ac_cv_sys_symbol_underscore" = "check"; then
+ac_cv_sys_symbol_underscore=""
 AC_REQUIRE([GNUPG_PROG_NM])dnl
 AC_REQUIRE([GNUPG_SYS_NM_PARSE])dnl
 AC_MSG_CHECKING([for _ prefix in compiled symbols])
@@ -597,8 +606,10 @@ else
 fi
 rm -rf conftest*
 ])
-AC_MSG_RESULT($ac_cv_sys_symbol_underscore)
+else
+AC_MSG_CHECKING([for _ prefix in compiled symbols])
 fi
+AC_MSG_RESULT($ac_cv_sys_symbol_underscore)
 if test x$ac_cv_sys_symbol_underscore = xyes; then
   AC_DEFINE(WITH_SYMBOL_UNDERSCORE,1,
   [define if compiled symbols have a leading underscore])

configure.in

@@ -102,16 +102,25 @@ AC_ARG_WITH(included-zlib,
 [g10_force_zlib=yes], [g10_force_zlib=no] )
 AC_MSG_RESULT($g10_force_zlib)
 
-dnl This does not work because automakes install tareget still needs libtool
-dnl dnl
-dnl dnl Check wether we want to compile libgcrypt
-dnl dnl
-dnl AC_MSG_CHECKING([whether compilation of libgcrypt is requested])
-dnl AC_ARG_ENABLE(libgcrypt,
-dnl     [  --enable-libgcrypt      compile the libgcrypt [default=no]],
-dnl [compile_libgcrypt="$enableval"],[compile_libgcrypt=no])
-dnl AM_CONDITIONAL(COMPILE_LIBGCRYPT, test x$compile_libgcrypt = xyes)
-dnl AC_MSG_RESULT($compile_libgcrypt)
+dnl
+dnl Check wether we want to compile libgcrypt
+dnl
+AC_MSG_CHECKING([whether compilation of libgcrypt is requested])
+AC_ARG_ENABLE(libgcrypt,
+    [  --enable-libgcrypt      compile the libgcrypt [default=no]],
+[compile_libgcrypt="$enableval"],[compile_libgcrypt=no])
+AM_CONDITIONAL(COMPILE_LIBGCRYPT, test x$compile_libgcrypt = xyes)
+AC_MSG_RESULT($compile_libgcrypt)
+
+
+dnl
+dnl Check whether we want to use Linux capabilities
+dnl
+AC_MSG_CHECKING([whether use of capabilities is requested])
+AC_ARG_WITH(capabilities,
+    [  --with-capabilities     use linux capabilities [default=no]],
+[use_capabilities="$withval"],[use_capabilities=no])
+AC_MSG_RESULT($use_capabilities)
 
 
 dnl Checks for programs.
@@ -135,12 +144,11 @@ AC_CHECK_PROG(DOCBOOK_TO_MAN, docbook-to-man, yes, no)
 AM_CONDITIONAL(HAVE_DOCBOOK_TO_MAN, test "$ac_cv_prog_DOCBOOK_TO_MAN" = yes)
 
 
-
-dnl if test x$compile_libgcrypt = xyes; then
-dnl    dnl Don't default to build shared libs
-dnl    AM_DISABLE_SHARED
-dnl    AM_PROG_LIBTOOL
-dnl fi
+dnl
+dnl Don't default to build shared libs
+dnl
+AM_DISABLE_SHARED
+AM_PROG_LIBTOOL
 
 
 MPI_OPT_FLAGS=""
@@ -165,7 +173,7 @@ case "${target}" in
         try_gettext="no"
         try_gdbm="no"
         ;;
-    i386-emx-os2 | i[3456]86-pc-os2emx )
+    i386-emx-os2 | i[3456]86-pc-os2*emx )
         # OS/2 with the EMX environment
         ac_cv_have_dev_random=no
         AC_DEFINE(HAVE_DRIVE_LETTERS)
@@ -173,6 +181,7 @@ case "${target}" in
         try_gettext="no"
         try_gdbm="no"
         ;;
+
     *-*-hpux*)
         if test -z "$GCC" ; then
             CFLAGS="$CFLAGS -Ae -D_HPUX_SOURCE"
@@ -204,7 +213,7 @@ case "${target}" in
     i386--mingw32)
         PRINTABLE_OS_NAME="MingW32"
         ;;
-    i386-emx-os2 | i[3456]86-pc-os2emx)
+    i386-emx-os2 | i[3456]86-pc-os2*emx )
         PRINTABLE_OS_NAME="OS/2"
         ;;
     *-linux*)
@@ -356,12 +365,38 @@ fi
 
 dnl Checks for library functions.
 AC_FUNC_VPRINTF
-AC_CHECK_FUNCS(strerror stpcpy strlwr tcgetattr rand strtoul mmap)
+AC_CHECK_FUNCS(strerror stpcpy strlwr stricmp tcgetattr rand strtoul mmap)
 AC_CHECK_FUNCS(memmove gettimeofday getrusage gethrtime setrlimit)
 AC_CHECK_FUNCS(memicmp atexit raise getpagesize strftime nl_langinfo)
 
 GNUPG_CHECK_MLOCK
 
+dnl
+dnl Check whether we can use Linux capabilities as requested
+dnl
+if test "$use_capabilities" = "yes" ; then
+use_capabilities=no
+AC_CHECK_HEADERS(sys/capability.h)
+if test "$ac_cv_header_sys_capability_h" = "yes" ; then
+  AC_CHECK_LIB(cap, cap_init, ac_need_libcap=1)
+  if test "$ac_cv_lib_cap_cap_init" = "yes"; then
+     AC_DEFINE(USE_CAPABILITIES)
+     use_capabilities=yes
+  fi
+fi
+if test "$use_capabilities" = "no" ; then
+    AC_MSG_WARN([[
+*** The use of capabilities on this system is not possible.
+*** You need a recent Linux kernel and some patches:
+***   fcaps-2.2.9-990610.patch      (kernel patch for 2.2.9)
+***   fcap-module-990613.tar.gz     (kernel module)
+***   libcap-1.92.tar.gz            (user mode library and utilities)
+*** And you have to configure the kernel with CONFIG_VFS_CAP_PLUGIN
+*** set (filesystems menu). Be warned: This code is *really* ALPHA.]])
+fi
+fi
+
+
 GNUPG_CHECK_IPC
 if test "$ac_cv_header_sys_shm_h" = "yes"; then
   AC_DEFINE(USE_SHM_COPROCESSING)
@@ -415,7 +450,7 @@ if test "$use_static_rnd" = default; then
           i386--mingw32)
               static_modules="$static_modules rndw32"
               ;;
-          i386-emx-os2|i[3456]86-pc-os2emx)
+          i386-emx-os2|i[3456]86-pc-os2*emx)
               static_modules="$static_modules rndos2"
               ;;
           m68k-atari-mint)
@@ -541,7 +576,7 @@ else
   fi
 fi
 
-if test "use_local_zlib" = yes ; then
+if test "$use_local_zlib" = yes ; then
     AM_CONDITIONAL(ENABLE_LOCAL_ZLIB, true)
     GNUPG_LINK_FILES(zlib/zlib.h, zlib.h )
     GNUPG_LINK_FILES(zlib/zconf.h, zconf.h )

debian/changelog

@@ -1,3 +1,29 @@
+gnupg (0.9.8-1) unstable; urgency=low
+
+  * New upstream version.  
+  * debian/rules (binary-arch): don't create a gpgm manpage as the binary
+    no longer exists.  Noticed by Wichert Akkerman
+    <wichert@cs.leidenuniv.nl>. [#38864]
+
+ -- James Troup <james@nocrew.org>  Sun, 27 Jun 1999 01:07:58 +0100
+
+gnupg (0.9.7-1) unstable; urgency=low
+
+  * New upstream version.
+
+ -- James Troup <james@nocrew.org>  Tue, 25 May 1999 13:23:24 +0100
+
+gnupg (0.9.6-1) unstable; urgency=low
+
+  * New upstream version.
+  * debian/copyright: update version number, noticed by Lazarus Long
+    <lazarus@frontiernet.net>.
+  * debian/control (Depends): depend on makedev (>= 2.3.1-13) to ensure
+    that /dev/urandom exists; reported by Steffen Markert
+    <smort@rz.tu-ilmenau.de>. [#32076]
+
+ -- James Troup <james@nocrew.org>  Tue, 11 May 1999 21:06:27 +0100
+
 gnupg (0.9.5-1) unstable; urgency=low
 
   * New upstream version.

debian/control

@@ -6,7 +6,7 @@ Standards-Version: 2.5.0.0
 
 Package: gnupg
 Architecture: any
-Depends: ${shlibs:Depends}
+Depends: ${shlibs:Depends}, makedev (>= 2.3.1-13)
 Description: GNU privacy guard - a free PGP replacement.
  GnuPG is the GNU encryption and signing tool.  As you can see from the
  version number, the program may have some bugs and some features may not

debian/copyright

@@ -4,14 +4,14 @@ have some bugs and some features may not work at all.
 
 This package was put together by me, James Troup
 <james@nocrew.org>, from the sources, which I obtained from
-ftp://ftp.gnupg.org/pub/gcrypt/gnupg-0.9.2.tar.gz.  The changes were
+ftp://ftp.gnupg.org/pub/gcrypt/gnupg-0.9.8.tar.gz.  The changes were
 minimal, namely:
 
 - adding support for the Debian package maintenance scheme, by adding
   various debian/* files.
 
 Program Copyright (C) 1998, 1999 Free Software Foundation, Inc.
-Modifications for Debian Copyright (C) 1998 James Troup.
+Modifications for Debian Copyright (C) 1998,1999 James Troup.
 
 GNUPG is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by

debian/rules

@@ -1,5 +1,5 @@
 #!/usr/bin/make -f
-# debian/rules file - for GNUPG (0.9.4)
+# debian/rules file - for GNUPG (0.9.8)
 # Based on sample debian/rules file - for GNU Hello (1.3).
 # Copyright 1994,1995 by Ian Jackson.
 # Copyright 1998 James Troup
@@ -34,9 +34,7 @@ binary-arch:	checkroot build # test
 	install -d debian/tmp/DEBIAN/
 	install -m 755 debian/preinst debian/tmp/DEBIAN/preinst
 	$(MAKE) prefix=`pwd`/debian/tmp/usr install
-	rm debian/tmp/usr/man/man1/gpgm.1
 	gzip -9v debian/tmp/usr/man/man1/*
-	ln -s gpg.1.gz debian/tmp/usr/man/man1/gpgm.1.gz
 	strip debian/tmp/usr/bin/*
 	strip --strip-unneeded debian/tmp/usr/lib/gnupg/*
 	install -d debian/tmp/usr/doc/gnupg/

doc/DETAILS

@@ -238,8 +238,9 @@ the DB is always of type 2 and this is the only record of this type.
      1 byte  ownertrust
      1 byte  dirflag
      1 byte  maximum validity of all the user ids
-     4 byte  time of last validity check.
-    15 byte reserved
+     1 u32   time of last validity check.
+     1 u32   Must check when this time has been reached.
+	     (0 = no check required)
 
 
   Record type 3:  (key record)

doc/FAQ

@@ -191,6 +191,8 @@
      u = The key is ultimately trusted; this
 	 is only used for keys for which
 	 the secret key is also available.
+     r = The key has been revoked
+     d = The key has been disabled
 
   The value in the "pub" record is the best one of all "uid" records.
 

g10/ChangeLog

@@ -1,3 +1,20 @@
+Tue Jun 29 21:44:25 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+
+	* trustdb.h (TRUST_FLAG_DISABLED): New.
+
+	* status.c (USE_CAPABILITIES): Capabilities support (Remi).
+
+	* tdbio.c : Added new fields to the DIR record.
+	(tdbio_write_record): Fixed the update of the hash tables.
+	(tdbio_delete_record): Drop the record from the hash tables.
+	(drop_from_hashtbl): New.
+
+	* status.c (cpr_get): Special online help mode.
+	* helptext.c ("keyedit.cmd"): Removed.
+	* keyedit.c (keyedit_menu): Use only help system.
+	(enable_disable_key): New bit doies not yet work.
+
 Sat Jun 26 12:15:59 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
 
 

g10/helptext.c

@@ -146,10 +146,6 @@ static struct helptexts { const char *key; const char *help; } helptexts[] = {
 },
 
 
-{ N_("keyedit.cmd"),
- "Please enter \"help\" to see the list of commands."
-},
-
 { N_("keyedit.save.okay"),
  "Answer \"yes\" or \"no\""
 },

g10/keyedit.c

@@ -59,6 +59,7 @@ static int count_selected_uids( KBNODE keyblock );
 static int count_selected_keys( KBNODE keyblock );
 static int menu_revsig( KBNODE keyblock );
 static int menu_revkey( KBNODE pub_keyblock, KBNODE sec_keyblock );
+static int enable_disable_key( KBNODE keyblock, int disable );
 
 #define CONTROL_D ('D' - 'A' + 1)
 
@@ -550,6 +551,7 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands )
 	   cmdLSIGN, cmdREVSIG, cmdREVKEY, cmdDELSIG,
 	   cmdDEBUG, cmdSAVE, cmdADDUID, cmdDELUID, cmdADDKEY, cmdDELKEY,
 	   cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST, cmdPREF, cmdEXPIRE,
+	   cmdENABLEKEY, cmdDISABLEKEY,
 	   cmdNOP };
     static struct { const char *name;
 		    enum cmdids id;
@@ -586,6 +588,8 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands )
 	{ N_("trust")   , cmdTRUST , 0, N_("change the ownertrust") },
 	{ N_("revsig")  , cmdREVSIG , 0, N_("revoke signatures") },
 	{ N_("revkey")  , cmdREVKEY , 1, N_("revoke a secondary key") },
+	{ N_("disable") , cmdDISABLEKEY , 0, N_("disable a key") },
+	{ N_("enable")  , cmdENABLEKEY , 0, N_("enable a key") },
 
     { NULL, cmdNONE } };
     enum cmdids cmd;
@@ -662,7 +666,7 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands )
 		    have_commands = 0;
 	    }
 	    if( !have_commands ) {
-		answer = cpr_get("keyedit.cmd", _("Command> "));
+		answer = cpr_get("", _("Command> "));
 		cpr_kill_prompt();
 	    }
 	    trim_spaces(answer);
@@ -842,12 +846,10 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands )
 	    break;
 
 	  case cmdADDKEY:
-	secmem_dump_stats();
 	    if( generate_subkeypair( keyblock, sec_keyblock ) ) {
 		redisplay = 1;
 		sec_modified = modified = 1;
 	    }
-	secmem_dump_stats();
 	    break;
 
 
@@ -934,6 +936,14 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands )
 	    }
 	    break;
 
+	  case cmdENABLEKEY:
+	  case cmdDISABLEKEY:
+	    if( enable_disable_key( keyblock, cmd == cmdDISABLEKEY ) ) {
+		redisplay = 1;
+		modified = 1;
+	    }
+	    break;
+
 	  default:
 	    tty_printf("\n");
 	    tty_printf(_("Invalid command  (try \"help\")\n"));
@@ -1859,3 +1869,15 @@ menu_revkey( KBNODE pub_keyblock, KBNODE sec_keyblock )
 }
 
 
+static int
+enable_disable_key( KBNODE keyblock, int disable )
+{
+    int entire;
+    int changed = 0;
+
+
+    entire = !count_selected_keys( keyblock );
+
+    return changed;
+}
+

g10/status.c

@@ -25,6 +25,9 @@
 #include <errno.h>
 #include <unistd.h>
 #ifdef USE_SHM_COPROCESSING
+  #ifdef USE_CAPABILITIES
+    #include <sys/capability.h>
+  #endif
   #ifdef HAVE_SYS_IPC_H
     #include <sys/ipc.h>
   #endif
@@ -165,6 +168,9 @@ init_shm_coprocessing ( ulong requested_shm_size, int lock_mem )
     log_debug("mapped %uk shared memory at %p, id=%d\n",
 			    (unsigned)shm_size/1024, shm_area, shm_id );
     if( lock_mem ) {
+      #ifdef USE_CAPABILITIES
+	cap_set_proc( cap_from_text("cap_ipc_lock+ep") );
+      #endif
       #ifdef IPC_HAVE_SHM_LOCK
 	if ( shmctl (shm_id, SHM_LOCK, 0) )
 	    log_info("locking shared memory %d failed: %s\n",
@@ -181,6 +187,9 @@ init_shm_coprocessing ( ulong requested_shm_size, int lock_mem )
       #else
 	log_info("Locking shared memory %d failed: No way to do it\n", shm_id );
       #endif
+      #ifdef USE_CAPABILITIES
+	cap_set_proc( cap_from_text("cap_ipc_lock+p") );
+      #endif
     }
 
 
@@ -279,7 +288,7 @@ cpr_get( const char *keyword, const char *prompt )
   #endif
     for(;;) {
 	p = tty_get( prompt );
-	if( *p == '?' && !p[1] ) {
+	if( *p=='?' && !p[1] && !(keyword && !*keyword)) {
 	    m_free(p);
 	    display_online_help( keyword );
 	}

g10/tdbio.c

@@ -69,8 +69,8 @@ struct cmp_krec_fpr_struct {
     int fprlen;
 };
 
-/* a type used to pass infomation to cmp_sdir */
-struct cmp_sdir_struct {
+/* a type used to pass infomation to cmp_[s]dir */
+struct cmp_xdir_struct {
     int pubkey_algo;
     u32 keyid[2];
 };
@@ -852,8 +852,9 @@ upd_hashtable( ulong table, byte *key, int keylen, ulong newrecnum )
 	    return rc; /* ready */
 	}
 	else {
-	    log_error( "hashtbl %lu points to an invalid record\n",
-								    item);
+	    log_error( "hashtbl %lu: %lu/%d points to an invalid record %lu\n",
+		       table, hashrec, (msb % ITEMS_PER_HTBL_RECORD), item);
+	    list_trustdb(NULL);
 	    return G10ERR_TRUSTDB;
 	}
     }
@@ -862,6 +863,92 @@ upd_hashtable( ulong table, byte *key, int keylen, ulong newrecnum )
 }
 
 
+/****************
+ * Drop an entry from a hashtable
+ * table gives the start of the table, key and keylen is the key,
+ */
+static int
+drop_from_hashtable( ulong table, byte *key, int keylen, ulong recnum )
+{
+    TRUSTREC rec;
+    ulong hashrec, item;
+    int msb;
+    int level=0;
+    int rc, i;
+
+    hashrec = table;
+  next_level:
+    msb = key[level];
+    hashrec += msb / ITEMS_PER_HTBL_RECORD;
+    rc = tdbio_read_record( hashrec, &rec, RECTYPE_HTBL );
+    if( rc ) {
+	log_error( db_name, "drop_from_hashtable: read failed: %s\n",
+							g10_errstr(rc) );
+	return rc;
+    }
+
+    item = rec.r.htbl.item[msb % ITEMS_PER_HTBL_RECORD];
+    if( !item )  /* not found - forget about it  */
+	return 0;
+
+    if( item == recnum ) {  /* tables points direct to the record */
+	rec.r.htbl.item[msb % ITEMS_PER_HTBL_RECORD] = 0;
+	rc = tdbio_write_record( &rec );
+	if( rc )
+	    log_error( db_name, "drop_from_hashtable: write htbl failed: %s\n",
+							    g10_errstr(rc) );
+	return rc;
+    }
+
+    rc = tdbio_read_record( item, &rec, 0 );
+    if( rc ) {
+	log_error( "drop_from_hashtable: read item failed: %s\n",
+							g10_errstr(rc) );
+	return rc;
+    }
+
+    if( rec.rectype == RECTYPE_HTBL ) {
+	hashrec = item;
+	level++;
+	if( level >= keylen ) {
+	    log_error( "hashtable has invalid indirections.\n");
+	    return G10ERR_TRUSTDB;
+	}
+	goto next_level;
+    }
+
+    if( rec.rectype == RECTYPE_HLST ) {
+	for(;;) {
+	    for(i=0; i < ITEMS_PER_HLST_RECORD; i++ ) {
+		if( rec.r.hlst.rnum[i] == recnum ) {
+		    rec.r.hlst.rnum[i] = 0; /* drop */
+		    rc = tdbio_write_record( &rec );
+		    if( rc )
+			log_error( db_name, "drop_from_hashtable: write htbl failed: %s\n",
+									g10_errstr(rc) );
+		    return rc;
+		}
+	    }
+	    if( rec.r.hlst.next ) {
+		rc = tdbio_read_record( rec.r.hlst.next,
+						   &rec, RECTYPE_HLST);
+		if( rc ) {
+		    log_error( "scan keyhashtbl read hlst failed: %s\n",
+							 g10_errstr(rc) );
+		    return rc;
+		}
+	    }
+	    else
+		return 0; /* key not in table */
+	}
+    }
+
+    log_error( "hashtbl %lu: %lu/%d points to wrong record %lu\n",
+		    table, hashrec, (msb % ITEMS_PER_HTBL_RECORD), item);
+    return G10ERR_TRUSTDB;
+}
+
+
 
 /****************
  * Lookup a record via the hashtable tablewith key/keylen and return the
@@ -973,6 +1060,30 @@ update_sdirhashtbl( TRUSTREC *sr )
     return upd_hashtable( get_sdirhashrec(), key, 8, sr->recnum );
 }
 
+/****************
+ * Drop the records from the key-hashtbl
+ */
+static int
+drop_from_keyhashtbl( TRUSTREC *kr )
+{
+    return drop_from_hashtable( get_keyhashrec(),
+				kr->r.key.fingerprint,
+				kr->r.key.fingerprint_len, kr->recnum );
+}
+
+/****************
+ * Drop record drom the shadow dir hashtbl
+ */
+static int
+drop_from_sdirhashtbl( TRUSTREC *sr )
+{
+    byte key[8];
+
+    u32tobuf( key   , sr->r.sdir.keyid[0] );
+    u32tobuf( key+4 , sr->r.sdir.keyid[1] );
+    return drop_from_hashtable( get_sdirhashrec(), key, 8, sr->recnum );
+}
+
 
 
 
@@ -1009,6 +1120,8 @@ tdbio_dump_record( TRUSTREC *rec, FILE *fp  )
 	if( rec->r.dir.valcheck )
 	    fprintf( fp, ", v=%02x/%s", rec->r.dir.validity,
 					strtimestamp(rec->r.dir.valcheck) );
+	if( rec->r.dir.checkat )
+	    fprintf( fp, ", a=%s", strtimestamp(rec->r.dir.checkat) );
 	if( rec->r.dir.dirflags & DIRF_CHECKED ) {
 	    if( rec->r.dir.dirflags & DIRF_VALID )
 		fputs(", valid", fp );
@@ -1071,7 +1184,8 @@ tdbio_dump_record( TRUSTREC *rec, FILE *fp  )
 		fprintf(fp, " %lu:", rec->r.sig.sig[i].lid );
 		if( rec->r.sig.sig[i].flag & SIGF_CHECKED ) {
 		    fprintf(fp,"%c%c%c",
-		       (rec->r.sig.sig[i].flag & SIGF_VALID)   ? 'V':'-',
+		       (rec->r.sig.sig[i].flag & SIGF_VALID)   ? 'V':
+		       (rec->r.sig.sig[i].flag & SIGF_IGNORED) ? 'I':'-',
 		       (rec->r.sig.sig[i].flag & SIGF_EXPIRED) ? 'E':'-',
 		       (rec->r.sig.sig[i].flag & SIGF_REVOKED) ? 'R':'-');
 		}
@@ -1196,6 +1310,7 @@ tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected )
 	rec->r.dir.dirflags   = *p++;
 	rec->r.dir.validity   = *p++;
 	rec->r.dir.valcheck   = buftoulong(p); p += 4;
+	rec->r.dir.checkat    = buftoulong(p); p += 4;
 	switch( rec->r.dir.validity ) {
 	  case 0:
 	  case TRUST_UNDEFINED:
@@ -1346,6 +1461,7 @@ tdbio_write_record( TRUSTREC *rec )
 	*p++ = rec->r.dir.dirflags;
 	*p++ = rec->r.dir.validity;
 	ulongtobuf(p, rec->r.dir.valcheck); p += 4;
+	ulongtobuf(p, rec->r.dir.checkat); p += 4;
 	assert( rec->r.dir.lid == recnum );
 	break;
 
@@ -1419,7 +1535,7 @@ tdbio_write_record( TRUSTREC *rec )
     rc = put_record_into_cache( recnum, buf );
     if( rc )
 	;
-    if( rec->rectype == RECTYPE_KEY )
+    else if( rec->rectype == RECTYPE_KEY )
 	rc = update_keyhashtbl( rec );
     else if( rec->rectype == RECTYPE_SDIR )
 	rc = update_sdirhashtbl( rec );
@@ -1433,6 +1549,19 @@ tdbio_delete_record( ulong recnum )
     TRUSTREC vr, rec;
     int rc;
 
+    /* Must read the record fist, so we can drop it from the hash tables */
+    rc = tdbio_read_record( recnum, &rec, 0 );
+    if( rc )
+	;
+    else if( rec.rectype == RECTYPE_KEY )
+	rc = drop_from_keyhashtbl( &rec );
+    else if( rec.rectype == RECTYPE_SDIR )
+	rc = drop_from_sdirhashtbl( &rec );
+
+    if( rc )
+	return rc;
+
+    /* now we can chnage it to a free record */
     rc = tdbio_read_record( 0, &vr, RECTYPE_VER );
     if( rc )
 	log_fatal( _("%s: error reading version record: %s\n"),
@@ -1595,7 +1724,7 @@ tdbio_search_dir_byfpr( const byte *fingerprint, size_t fingerlen,
 static int
 cmp_sdir( void *dataptr, const TRUSTREC *rec )
 {
-    const struct cmp_sdir_struct *d = dataptr;
+    const struct cmp_xdir_struct *d = dataptr;
 
     return rec->rectype == RECTYPE_SDIR
 	   && ( !d->pubkey_algo || rec->r.sdir.pubkey_algo == d->pubkey_algo )
@@ -1607,7 +1736,7 @@ cmp_sdir( void *dataptr, const TRUSTREC *rec )
 int
 tdbio_search_sdir( u32 *keyid, int pubkey_algo, TRUSTREC *rec )
 {
-    struct cmp_sdir_struct cmpdata;
+    struct cmp_xdir_struct cmpdata;
     int rc;
     byte key[8];
 

g10/tdbio.h

@@ -66,6 +66,7 @@
 #define SIGF_VALID    2 /* the signature is valid */
 #define SIGF_EXPIRED  4 /* the key of this signature has expired */
 #define SIGF_REVOKED  8 /* this signature has been revoked */
+#define SIGF_IGNORED  64  /* this signature is ignored by the system */
 #define SIGF_NOPUBKEY 128 /* there is no pubkey for this sig */
 
 struct trust_record {
@@ -97,8 +98,9 @@ struct trust_record {
 	    ulong cacherec; /* the cache record */
 	    byte ownertrust;
 	    byte dirflags;
-	    byte validity;  /* calculated trustlevel over all uids */
-	    ulong valcheck; /* timestamp of last validation check */
+	    byte validity;   /* calculated trustlevel over all uids */
+	    ulong valcheck;  /* timestamp of last validation check */
+	    ulong checkat;   /* Check key when this time has been reached*/
 	} dir;
 	struct {	    /* primary public key record */
 	    ulong lid;
@@ -187,6 +189,7 @@ ulong tdbio_new_recnum(void);
 int tdbio_search_dir_bypk( PKT_public_key *pk, TRUSTREC *rec );
 int tdbio_search_dir_byfpr( const byte *fingerprint, size_t fingerlen,
 					int pubkey_algo, TRUSTREC *rec );
+int tdbio_search_dir(  u32 *keyid, int pubkey_algo, TRUSTREC *rec );
 int tdbio_search_sdir( u32 *keyid, int pubkey_algo, TRUSTREC *rec );
 
 void tdbio_invalid(void);

g10/trustdb.h

@@ -34,6 +34,7 @@
 /* trust values not covered by the mask */
 #define TRUST_FLAG_REVOKED 32 /* r: revoked */
 #define TRUST_FLAG_SUB_REVOKED 64
+#define TRUST_FLAG_DISABLED 128 /* d: key/uid disabled */
 
 
 #define PREFTYPE_SYM	  1

include/ChangeLog

@@ -1,3 +1,8 @@
+Tue Jun 29 21:44:25 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+
+	* util.h (stricmp): Use strcasecmp as replacement.
+
 Sat Jun 26 12:15:59 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
 
 

include/util.h

@@ -175,8 +175,6 @@ char *native_to_utf8( const char *string );
 char *utf8_to_native( const char *string );
 int  check_utf8_string( const char *string );
 
-#define stricmp(a,b) strcasecmp((a),(b))
-
 #ifndef HAVE_MEMICMP
 int memicmp( const char *a, const char *b, size_t n );
 #endif
@@ -192,7 +190,9 @@ char *strlwr(char *a);
 #ifndef HAVE_MEMMOVE
   #define memmove(d, s, n) bcopy((s), (d), (n))
 #endif
-
+#ifndef HAVE_STRICMP
+  #define stricmp(a,b)	 strcasecmp( (a), (b) )
+#endif
 
 /**** other missing stuff ****/
 #ifndef HAVE_ATEXIT  /* For SunOS */

mpi/mpi-mul.c

@@ -189,6 +189,7 @@ mpi_mul( MPI w, MPI u, MPI v)
 }
 
 
+
 void
 mpi_mulm( MPI w, MPI u, MPI v, MPI m)
 {

po/ChangeLog

@@ -1,6 +1,10 @@
-Sat Jun 26 12:15:59 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+Tue Jun 29 21:44:25 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
 
 
+	* it.po: Updated (Marco).
+
+Sat Jun 26 12:15:59 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
 	* pt_BR.po: Updated (Thiago).
 
 Thu Jun 10 14:18:23 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>

po/it.po

@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: gnupg-0.9.7\n"
 "POT-Creation-Date: 1999-06-26 11:22+0200\n"
-"PO-Revision-Date: 1999-05-15 18:09+02:00\n"
+"PO-Revision-Date: 1999-06-28 19:49+02:00\n"
 "Last-Translator: Marco d'Itri <md@linux.it>\n"
 "Language-Team: Italian <it@li.org>\n"
 "MIME-Version: 1.0\n"
@@ -38,9 +38,8 @@ msgid "quit"
 msgstr "quit"
 
 #: util/miscutil.c:176
-#, fuzzy
 msgid "qQ"
-msgstr "q"
+msgstr "qQ"
 
 #: util/errors.c:54
 msgid "general error"
@@ -448,7 +447,7 @@ msgstr "meno prolisso"
 
 #: g10/g10.c:234
 msgid "don't use the terminal at all"
-msgstr ""
+msgstr "non usa per niente il terminale"
 
 #: g10/g10.c:235
 msgid "force v3 signatures"
@@ -533,7 +532,7 @@ msgstr "emula il modo descritto in RFC 1991"
 
 #: g10/g10.c:258
 msgid "set all packet, cipher and digest options to OpenPGP behavior"
-msgstr ""
+msgstr "imposta per OpenPGP le opzioni di pacchetto, cifrario e digest"
 
 #: g10/g10.c:259
 msgid "|N|use passphrase mode N"
@@ -565,7 +564,7 @@ msgstr "elimina il campo keyid dei pacchetti cifrati"
 
 #: g10/g10.c:268
 msgid "|NAME=VALUE|use this notation data"
-msgstr ""
+msgstr "|NOME=VALORE|usa questi dati per una nota"
 
 #: g10/g10.c:270
 msgid ""
@@ -651,7 +650,7 @@ msgstr "l'algoritmo di digest selezionato non
 
 #: g10/g10.c:849
 msgid "the given policy URL is invalid\n"
-msgstr ""
+msgstr "L'URL della policy indicato non è valido\n"
 
 #: g10/g10.c:852
 #, c-format
@@ -764,20 +763,24 @@ msgstr "impossibile aprire `%s'\n"
 msgid ""
 "the first character of a notation name must be a letter or an underscore\n"
 msgstr ""
+"il primo carattere del nome di una nota deve essere una lettera o un\n"
+"underscore\n"
 
 #: g10/g10.c:1463
 msgid ""
 "a notation name must have only letters, digits, dots or underscores and end "
 "with an '='\n"
 msgstr ""
+"il nome di una nota deve essere formato solo da lettere, numeri, punti o\n"
+"underscore e deve finire con `='\n"
 
 #: g10/g10.c:1469
 msgid "dots in a notation name must be surrounded by other characters\n"
-msgstr ""
+msgstr "nel nome di una nota i punti devono avere altri caratteri intorno\n"
 
 #: g10/g10.c:1477
 msgid "a notation value must not use any control characters\n"
-msgstr ""
+msgstr "il valore di una nota non deve usare caratteri di controllo\n"
 
 #: g10/armor.c:296
 #, c-format
@@ -1052,9 +1055,9 @@ msgid "%s: skipped: %s\n"
 msgstr "%s: saltata: %s\n"
 
 #: g10/pkclist.c:588 g10/pkclist.c:687
-#, fuzzy, c-format
+#, c-format
 msgid "%s: skipped: public key already present\n"
-msgstr "%s: il keyblock ha problemi di lettura: %s\n"
+msgstr "%s: saltato: chiave pubblica già presente\n"
 
 #: g10/pkclist.c:611
 msgid ""
@@ -1356,7 +1359,6 @@ msgid "DSA keypair will have 1024 bits.\n"
 msgstr "La coppia DSA avrà 1024 bit.\n"
 
 #: g10/keygen.c:859
-#, fuzzy
 msgid "Key generation canceled.\n"
 msgstr "Generazione della chiave annullata.\n"
 
@@ -1467,7 +1469,7 @@ msgid "using secondary key %08lX instead of primary key %08lX\n"
 msgstr "uso la chiave secondaria %08lX invece della chiave primaria %08lX\n"
 
 #: g10/import.c:116
-#, fuzzy, c-format
+#, c-format
 msgid "can't open `%s': %s\n"
 msgstr "impossibile aprire `%s': %s\n"
 
@@ -1482,9 +1484,9 @@ msgid "%lu keys so far processed\n"
 msgstr "Per ora sono state esaminate %lu chiavi\n"
 
 #: g10/import.c:172
-#, fuzzy, c-format
+#, c-format
 msgid "error reading `%s': %s\n"
-msgstr "errore nella creazione della passhprase: %s\n"
+msgstr "errore leggendo `%s': %s\n"
 
 #: g10/import.c:175
 #, c-format
@@ -1570,14 +1572,14 @@ msgid "writing to `%s'\n"
 msgstr "scrittura in `%s'\n"
 
 #: g10/import.c:379 g10/import.c:435 g10/import.c:544 g10/import.c:645
-#, fuzzy, c-format
+#, c-format
 msgid "can't lock keyring `%s': %s\n"
-msgstr "impossibile bloccare il portachiavi pubblico: %s\n"
+msgstr "impossibile fare il lock del portachiavi `%s': %s\n"
 
 #: g10/import.c:382 g10/import.c:438 g10/import.c:547 g10/import.c:648
-#, fuzzy, c-format
+#, c-format
 msgid "error writing keyring `%s': %s\n"
-msgstr "%s: errore durante la scrittura del record di versione: %s\n"
+msgstr "errore scrivendo il portachiavi `%s': %s\n"
 
 #: g10/import.c:387
 #, c-format
@@ -1724,7 +1726,7 @@ msgstr "chiave %08lX: certificato di revoca non valido: %s - saltato\n"
 #: g10/import.c:915
 #, c-format
 msgid "key %08lX: duplicated user ID detected - merged\n"
-msgstr ""
+msgstr "chiave %08lX: trovato un user ID duplicato - unito\n"
 
 #: g10/import.c:966
 #, c-format
@@ -1988,14 +1990,12 @@ msgid "delete a secondary key"
 msgstr "cancella una chiave secondaria"
 
 #: g10/keyedit.c:579
-#, fuzzy
 msgid "delsig"
-msgstr "lsign"
+msgstr "delsign"
 
 #: g10/keyedit.c:579
-#, fuzzy
 msgid "delete signatures"
-msgstr "elenca le firme"
+msgstr "cancella le firme"
 
 #: g10/keyedit.c:580
 msgid "expire"
@@ -2152,35 +2152,33 @@ msgstr "Comando non valido  (prova \"help\")\n"
 
 #: g10/keyedit.c:1294
 msgid "Delete this good signature? (y/N/q)"
-msgstr ""
+msgstr "Cancellare questa firma corretta? (s/N/q)"
 
 #: g10/keyedit.c:1298
 msgid "Delete this invalid signature? (y/N/q)"
-msgstr ""
+msgstr "Cancellare questa firma non valida? (s/N/q)"
 
 #: g10/keyedit.c:1302
 msgid "Delete this unknown signature? (y/N/q)"
-msgstr ""
+msgstr "Cancellare questa firma sconosciuta? (s/N/q)"
 
 #: g10/keyedit.c:1308
-#, fuzzy
 msgid "Really delete this self-signature? (y/N)"
-msgstr "Creare davvero i certificati di revoca? (s/N)"
+msgstr "Cancellare davvero questa autofirma? (s/N)"
 
 #: g10/keyedit.c:1322
-#, fuzzy, c-format
+#, c-format
 msgid "Deleted %d signature.\n"
-msgstr "%d firme non corrette\n"
+msgstr "Cancellata %d firma.\n"
 
 #: g10/keyedit.c:1323
-#, fuzzy, c-format
+#, c-format
 msgid "Deleted %d signatures.\n"
-msgstr "%d firme non corrette\n"
+msgstr "Cancellate %d firme.\n"
 
 #: g10/keyedit.c:1326
-#, fuzzy
 msgid "Nothing deleted.\n"
-msgstr "ATTENZIONE: non è stato esportato nulla\n"
+msgstr "Non è stato cancellato nulla.\n"
 
 #: g10/keyedit.c:1395
 msgid "Please remove selections from the secret keys.\n"
@@ -2191,14 +2189,12 @@ msgid "Please select at most one secondary key.\n"
 msgstr "Seleziona al massimo una chiave secondaria.\n"
 
 #: g10/keyedit.c:1405
-#, fuzzy
 msgid "Changing expiration time for a secondary key.\n"
-msgstr "Modifico il tempo di scadenza per una chiave secondaria.\n"
+msgstr "Cambio la data di scadenza per una chiave secondaria.\n"
 
 #: g10/keyedit.c:1407
-#, fuzzy
 msgid "Changing expiration time for the primary key.\n"
-msgstr "Modifico il tempo di scadenza per la chiave primaria.\n"
+msgstr "Cambio la data di scadenza per la chiave primaria.\n"
 
 #: g10/keyedit.c:1448
 msgid "You can't change the expiration date of a v3 key\n"
@@ -2285,17 +2281,16 @@ msgid "original file name='%.*s'\n"
 msgstr "nome del file originale='%.*s'\n"
 
 #: g10/mainproc.c:505 g10/mainproc.c:514
-#, fuzzy
 msgid "WARNING: invalid notation data found\n"
-msgstr "Non sono stati trovati dati OpenPGP validi.\n"
+msgstr "ATTENZIONE: trovati dati di una nota non validi\n"
 
 #: g10/mainproc.c:517
 msgid "Notation: "
-msgstr ""
+msgstr "Nota: "
 
 #: g10/mainproc.c:524
 msgid "Policy: "
-msgstr ""
+msgstr "Policy: "
 
 #: g10/mainproc.c:929
 msgid "signature verification suppressed\n"
@@ -2638,9 +2633,8 @@ msgid "%s: failed to append a record: %s\n"
 msgstr "%s: accodatura a un record fallita: %s\n"
 
 #: g10/tdbio.c:1630
-#, fuzzy
 msgid "the trustdb is corrupted; please run \"gpg --fix-trustdb\".\n"
-msgstr "Il trustdb è danneggiato; eseguire \"gpgm --fix-trust-db\".\n"
+msgstr "Il trustdb è danneggiato; eseguire \"gpg --fix-trust-db\".\n"
 
 #: g10/trustdb.c:163
 #, c-format
@@ -3099,7 +3093,7 @@ msgstr "Sovrascrivo (s/N)? "
 #: g10/openfile.c:97
 #, c-format
 msgid "%s: unknown suffix\n"
-msgstr ""
+msgstr "%s: suffisso sconosciuto\n"
 
 #: g10/openfile.c:122
 msgid "writing to stdout\n"
@@ -3241,23 +3235,20 @@ msgid "keyedit.remove.subkey.okay"
 msgstr "keyedit.remove.subkey.okay"
 
 #: g10/helptext.c:176
-#, fuzzy
 msgid "keyedit.delsig.valid"
-msgstr "keyedit.sign_all.okay"
+msgstr "keyedit.delsig.valid"
 
 #: g10/helptext.c:181
-#, fuzzy
 msgid "keyedit.delsig.unknown"
-msgstr "keyedit.sign_all.okay"
+msgstr "keyedit.delsig.unknown"
 
 #: g10/helptext.c:187
-#, fuzzy
 msgid "keyedit.delsig.invalid"
-msgstr "keyedit.sign_all.okay"
+msgstr "keyedit.delsig.invalid"
 
 #: g10/helptext.c:191
 msgid "keyedit.delsig.selfsig"
-msgstr ""
+msgstr "keyedit.delsig.selfsig<"
 
 #: g10/helptext.c:200
 msgid "passphrase.enter"
@@ -3283,30 +3274,3 @@ msgstr "Non
 #, c-format
 msgid "No help available for `%s'"
 msgstr "Non è disponibile un aiuto per `%s'"
-
-#~ msgid "can't open file: %s\n"
-#~ msgstr "impossibile aprire il file: %s\n"
-
-#~ msgid "read error: %s\n"
-#~ msgstr "errore di lettura: %s\n"
-
-#~ msgid "can't write to keyring: %s\n"
-#~ msgstr "impossibile scrivere sul portachiavi pubblico: %s\n"
-
-#~ msgid "writing keyblock\n"
-#~ msgstr "scrittura del keyblock\n"
-
-#~ msgid "can't write keyblock: %s\n"
-#~ msgstr "impossibile aprire il keyblock: %s\n"
-
-#~ msgid "can't lock secret keyring: %s\n"
-#~ msgstr "impossibile bloccare il portachiavi segreto: %s\n"
-
-#~ msgid "can't write keyring: %s\n"
-#~ msgstr "impossibile scrivere il portachiavi: %s\n"
-
-#~ msgid "encrypted message is valid\n"
-#~ msgstr "il messaggio cifrato è valido\n"
-
-#~ msgid "Can't check MDC: %s\n"
-#~ msgstr "Impossibile controllare il MDC: %s\n"

util/ChangeLog

@@ -1,3 +1,8 @@
+Tue Jun 29 21:44:25 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+
+	* secmem.c (USE_CAPABILITIES): Capabilities support (Remi).
+
 Sat Jun 26 12:15:59 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
 
 

util/secmem.c

@@ -29,6 +29,9 @@
   #include <sys/mman.h>
   #include <sys/types.h>
   #include <fcntl.h>
+  #ifdef USE_CAPABILITIES
+    #include <sys/capability.h>
+  #endif
 #endif
 
 #include "types.h"
@@ -80,7 +83,26 @@ print_warn(void)
 static void
 lock_pool( void *p, size_t n )
 {
-  #ifdef HAVE_MLOCK
+  #if defined(USE_CAPABILITIES) && defined(HAVE_MLOCK)
+    int err;
+
+    cap_set_proc( cap_from_text("cap_ipc_lock+ep") );
+    err = mlock( p, n );
+    if( err && errno )
+	err = errno;
+    cap_set_proc( cap_from_text("cap_ipc_lock+p") );
+
+    if( err ) {
+	if( errno != EPERM
+	  #ifdef EAGAIN  /* OpenBSD returns this */
+	    && errno != EAGAIN
+	  #endif
+	  )
+	    log_error("can´t lock memory: %s\n", strerror(err));
+	show_warning = 1;
+    }
+
+  #elif defined(HAVE_MLOCK)
     uid_t uid;
     int err;
 
@@ -216,7 +238,11 @@ void
 secmem_init( size_t n )
 {
     if( !n ) {
-      #ifndef HAVE_DOSISH_SYSTEM
+      #ifdef USE_CAPABILITIES
+	/* drop all capabilities */
+	cap_set_proc( cap_from_text("all-eip") );
+
+      #elif !defined(HAVE_DOSISH_SYSTEM)
 	uid_t uid;
 
 	disable_secmem=1;