From 8e3a526323ffe6814b9d6757c4a196d0dde41b4b Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Sat, 29 Jun 2002 20:47:08 +0000 Subject: [PATCH] * configure.ac (development_version): New. (HAVE_DEV_RANDOM_IOCTL): Removed test for it; it was never used. * BUGS, AUTHORS: Add a note on how to send security related bug reports. --- AUTHORS | 5 +- BUGS | 4 + ChangeLog | 8 ++ INSTALL | 326 +++++++++++++++------------------------------------ configure.ac | 46 +++----- 5 files changed, 130 insertions(+), 259 deletions(-) diff --git a/AUTHORS b/AUTHORS index 6ebfa2cdf..4b367357a 100644 --- a/AUTHORS +++ b/AUTHORS @@ -1,5 +1,8 @@ Program: GnuPG Maintainer: Werner Koch +Bug reports: +Security related bug reports: + Authors ======= @@ -102,7 +105,7 @@ for GnuPG. The RPM specs file scripts/gnupg.spec has been contributed by several people. - Copyright 1998, 1999, 2000, 2001 Free Software Foundation, Inc. + Copyright 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without diff --git a/BUGS b/BUGS index baa6fc14c..9cfdcd98e 100644 --- a/BUGS +++ b/BUGS @@ -6,3 +6,7 @@ for a list of know bugs in GnuPG. We don't distribute this list anymore with the package because a more current one with notes in which version the bug is fixed can be found online. +For security related bugs, please contact which +directs mails only to the core developers. If you need to encrypt the +report you should use the public keys of the maintainer and of 2 or 3 +other active developers (consult the ChangeLog and AUTHORS). diff --git a/ChangeLog b/ChangeLog index 6eec96bb2..5235b7f38 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2002-06-29 Werner Koch + + * configure.ac (development_version): New. + (HAVE_DEV_RANDOM_IOCTL): Removed test for it; it was never used. + + * BUGS, AUTHORS: Add a note on how to send security related bug + reports. + 2002-06-20 David Shaw * NEWS: changes since 1.0.7. diff --git a/INSTALL b/INSTALL index 69115a758..62ea076c1 100644 --- a/INSTALL +++ b/INSTALL @@ -1,185 +1,8 @@ -Installation instructions for GnuPG -==================================== - Copyright 1998, 1999, 2000, 2001 Free Software Foundation, Inc. - - This file is free software; as a special exception the author gives - unlimited permission to copy and/or distribute it, with or without - modifications, as long as this notice is preserved. - - This file is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY, to the extent permitted by law; without even the - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - -Please read the Basic Installation section somewhere below. - -Configure options for GNUPG -=========================== - ---enable-static-rnd= Force the use of the random byte gathering - module . Default is either to use /dev/random - or the standard Uix module. Value for name: - egd - Use the module which accesses the - Entropy Gathering Daemon. See the webpages - for more information about it. - unix - Use the standard Unix module which does not - have a very good performance. - linux - Use the module which accesses /dev/random. - This is the first choice and the default one - for GNU/Linux or *BSD. - none - Do not linkl any module in but rely on - a dynmically loaded modules. - ---with-egd-socket= This is only used when EGD is used as random - gatherer. GnuPG uses by default "~/.gnupg/entropy" - as the socket to connect EGD. Using this option the - socket name can be changed. You may use any filename - here with 2 exceptions: a filename starting with - "~/" uses the socket in the homedirectory of the user - and one starting with a "=" uses a socket in the - GnuPG homedirectory which is bye default "~/.gnupg". - ---with-included-zlib Forces usage of the local zlib sources. Default is - to use the (shared) library of the system. - ---with-included-gettext Forces usage of the local gettext sources instead of - the one provided by your system. - ---disable-nls Disable NLS support (See the file ABOUT-NLS) - ---enable-m-guard Enable the integrated malloc checking code. Please - note that this feature does not work on all CPUs - (e.g. SunOS 5.7 on UltraSparc-2) and might give - you a Bus error. - ---disable-dynload If you have problems with dynamic loading, this option - disables all dynamic loading stuff. - ---disable-asm Do not use assembler modules. It is not possible to - use this on some CPU types. - - - -Problems -======== - -If you get unresolved externals "gettext" you should run configure again -with the option "--with-included-gettext"; this is version 0.10.35 which -is available at alpha.gnu.org. - -If you have other compile problems, try the configure options -"--with-included-zlib" or "--disable-nls" (See ABOUT-NLS) -or --disable-dynload. - -I can't check all assembler files, so if you have problems assembling them -(or the program crashes) use --disable-asm with ./configure. -The configure scripts may consider several subdirectories to get all -available assembler files; be sure to delete the correct ones. The -assembler replacements are in C and in mpi/generic; never delete udiv-qrnnd.S -in any CPU directory, because there may be no C substitute. -Don't forget to delete "config.cache" and run "./config.status --recheck". - -Some make tools are broken - the best solution is to use GNU's make. Try -gmake or grab the sources from a GNU archive and install them. - -On some OSF you may get unresolved externals. This is a libtool problem and -the workaround is to manually remove all the "-lc -lz" but the last one from -the linker line and execute them manually. - -On some architectures you get warnings like: - longlong.h:175: warning: function declaration isn't a prototype -or - http.c:647: warning: cast increases required alignment of target type -This doesn't matter and we know about it (actually it is due to the some -warning options which we have enabled for gcc) - - -Specific problems on some machines -================================== - - * IBM RS/6000 running AIX: - - Due to a change in gcc (since version 2.8) the MPI stuff may - not build. In this case try to run configure using: - CFLAGS="-g -O2 -mcpu=powerpc" ./configure - - * Compaq C V6.2 for alpha: - - You may want to use the option "-msg-disable ptrmismatch1" - to get rid of the sign/unsigned char mismatch warnings. - - * SVR4.2 (ESIX V4.2 cc) - - Due to problems with the ESIX as, you probably want to do - CFLAGS="-O -K pentium" ./configure --disable-asm - Reported by Reinhard Wobst. - - - -The Random Device -================= -Random devices are available in Linux, FreeBSD and OpenBSD. -The random device files may not exist on your system, please check whether -they do and create them if needed. - -The Linux files should look like this: - cr--r--r-- 1 root sys 1, 8 May 28 1997 /dev/random - cr--r--r-- 1 root sys 1, 9 Feb 16 08:23 /dev/urandom -You can create them with: - mknod /dev/random c 1 8 - mknod /dev/urandom c 1 9 - -The FreeBSD files [from the 970202 snapshot]: - crw-r--r-- 1 root wheel 2, 3 Feb 25 16:54 /dev/random - crw-r--r-- 1 root wheel 2, 4 Feb 25 16:54 /dev/urandom -You can create them with: - mknod /dev/random c 2 3 - mknod /dev/urandom c 2 4 - -Unices without a random devices must use another entropy collector. One -entropy collector called rndunix and available as an extension module. You -should put this in your ~/.gnupg/options file: -===8<==================== -load-extension rndunix -===>8==================== -This collector works by running a lot of commands that yield more or -less unpredictable output and feds this as entropy into the random -generator - It should work reliably but you should check whether -it produces good output for your version of Unix. There are some debug -options to help you (see cipher/rndunix.c). - - - -Installation -============ -gpg is not installed as suid:root; if you want to do that, do it manually. -We will use capabilities in the future. - -The ~/.gnupg directory will be created if it does not exist. Your first -action should be to create a key pair: "gpg --gen-key". - -Due to limitations in the automake system, the Info format versions of -the man pages are not installed. You have to convert the Texinfo -files by hand (use makeinfo) and copy them to the appropriate place. - - - -Creating a RPM package -====================== -The file scripts/gnupg.spec is used to build a RPM package (both -binary and src): - 1. copy the spec file into /usr/src/redhat/SPECS - 2. copy the tar file into /usr/src/redhat/SOURCES - 3. type: rpm -ba SPECS/gnupg.spec - -Or use the -t (--tarbuild) option of rpm: - 1. rpm -ta gnupg-x.x.x.tar.gz - -The binary rpm file can now be found in /usr/src/redhat/RPMS, source -rpm in /usr/src/redhat/SRPMS - -Please note that to install gnupg binary rpm you must be root, as -gnupg needs to be suid root, at least on Linux machines +Copyright 1994, 1995, 1996, 1999, 2000, 2001 Free Software Foundation, +Inc. + This file is free documentation; the Free Software Foundation gives +unlimited permission to copy, distribute and modify it. Basic Installation ================== @@ -191,20 +14,27 @@ various system-dependent variables used during compilation. It uses those values to create a `Makefile' in each directory of the package. It may also create one or more `.h' files containing system-dependent definitions. Finally, it creates a shell script `config.status' that -you can run in the future to recreate the current configuration, a file -`config.cache' that saves the results of its tests to speed up -reconfiguring, and a file `config.log' containing compiler output -(useful mainly for debugging `configure'). +you can run in the future to recreate the current configuration, and a +file `config.log' containing compiler output (useful mainly for +debugging `configure'). + + It can also use an optional file (typically called `config.cache' +and enabled with `--cache-file=config.cache' or simply `-C') that saves +the results of its tests to speed up reconfiguring. (Caching is +disabled by default to prevent problems with accidental use of stale +cache files.) If you need to do unusual things to compile the package, please try to figure out how `configure' could check whether to do them, and mail diffs or instructions to the address given in the `README' so they can -be considered for the next release. If at some point `config.cache' -contains results you don't want to keep, you may remove or edit it. +be considered for the next release. If you are using the cache, and at +some point `config.cache' contains results you don't want to keep, you +may remove or edit it. - The file `configure.in' is used by the program `autoconf' to create -`configure'. You only need `configure.in' if you want to change it or -regenerate `configure' using a newer version of `autoconf'. + The file `configure.ac' (or `configure.in') is used to create +`configure' by a program called `autoconf'. You only need +`configure.ac' if you want to change it or regenerate `configure' using +a newer version of `autoconf'. The simplest way to compile this package is: @@ -214,7 +44,7 @@ The simplest way to compile this package is: `sh ./configure' instead to prevent `csh' from trying to execute `configure' itself. - Running `configure' takes a while. While running, it prints some + Running `configure' takes awhile. While running, it prints some messages telling which features it is checking for. 2. Type `make' to compile the package. @@ -238,32 +68,32 @@ Compilers and Options ===================== Some systems require unusual options for compilation or linking that -the `configure' script does not know about. You can give `configure' -initial values for variables by setting them in the environment. Using -a Bourne-compatible shell, you can do that on the command line like -this: - CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure +the `configure' script does not know about. Run `./configure --help' +for details on some of the pertinent environment variables. -Or, on systems that have the `env' program, you can do it like this: - env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure + You can give `configure' initial values for variables by setting +them in the environment. You can do that on the command line like this: + + ./configure CC=c89 CFLAGS=-O2 LIBS=-lposix + + *Note Defining Variables::, for more details. Compiling For Multiple Architectures ==================================== - You can compile the package for more than one kind of computer at -the same time by placing the object files for each architecture in -their own directory. To do this, you must use a version of `make', -such as GNU `make', that supports the `VPATH' variable. `cd' to the -directory where you want the object files and executables to go and -run the `configure' script; please use a relative filename name to -invoke `configure'. `configure' automatically checks for the source -code in the directory that `configure' is in and in `..'. + You can compile the package for more than one kind of computer at the +same time, by placing the object files for each architecture in their +own directory. To do this, you must use a version of `make' that +supports the `VPATH' variable, such as GNU `make'. `cd' to the +directory where you want the object files and executables to go and run +the `configure' script. `configure' automatically checks for the +source code in the directory that `configure' is in and in `..'. - If you have to use a `make' that does not supports the `VPATH' -variable, you have to compile the package for one architecture at a time -in the source code directory. After you have installed the package for -one architecture, use `make distclean' before reconfiguring for another -architecture. + If you have to use a `make' that does not support the `VPATH' +variable, you have to compile the package for one architecture at a +time in the source code directory. After you have installed the +package for one architecture, use `make distclean' before reconfiguring +for another architecture. Installation Names ================== @@ -306,22 +136,35 @@ you can use the `configure' options `--x-includes=DIR' and Specifying the System Type ========================== - There may be some features `configure' can not figure out + There may be some features `configure' cannot figure out automatically, but needs to determine by the type of host the package will run on. Usually `configure' can figure that out, but if it prints -a message saying it can not guess the host type, give it the -`--host=TYPE' option. TYPE can either be a short name for the system -type, such as `sun4', or a canonical name with three fields: +a message saying it cannot guess the host type, give it the +`--build=TYPE' option. TYPE can either be a short name for the system +type, such as `sun4', or a canonical name which has the form: + CPU-COMPANY-SYSTEM -See the file `config.sub' for the possible values of each field. If +where SYSTEM can have one of these forms: + + OS KERNEL-OS + + See the file `config.sub' for the possible values of each field. If `config.sub' isn't included in this package, then this package doesn't need to know the host type. - If you are building compiler tools for cross-compiling, you can also + If you are _building_ compiler tools for cross-compiling, you should use the `--target=TYPE' option to select the type of system they will -produce code for and the `--build=TYPE' option to select the type of -system on which you are compiling the package. +produce code for. + + If you want to _use_ a cross compiler, that generates code for a +platform different from the build platform, you should specify the host +platform (i.e., that on which the generated programs will eventually be +run) with `--host=TYPE'. In this case, you should also specify the +build platform with `--build=TYPE', because, in this case, it may not +be possible to guess the build platform (it sometimes involves +compiling and running simple test programs, and this can't be done if +the compiler is a cross compiler). Sharing Defaults ================ @@ -334,24 +177,48 @@ default values for variables like `CC', `cache_file', and `prefix'. `CONFIG_SITE' environment variable to the location of the site script. A warning: not all `configure' scripts look for a site script. -Operation Controls +Defining Variables ================== + Variables not defined in a site shell script can be set in the +environment passed to `configure'. However, some packages may run +configure again during the build, and the customized values of these +variables may be lost. In order to avoid this problem, you should set +them in the `configure' command line, using `VAR=value'. For example: + + ./configure CC=/usr/local2/bin/gcc + +will cause the specified gcc to be used as the C compiler (unless it is +overridden in the site shell script). + +`configure' Invocation +====================== + `configure' recognizes the following options to control how it operates. -`--cache-file=FILE' - Use and save the results of the tests in FILE instead of - `./config.cache'. Set FILE to `/dev/null' to disable caching, for - debugging `configure'. - `--help' +`-h' Print a summary of the options to `configure', and exit. +`--version' +`-V' + Print the version of Autoconf used to generate the `configure' + script, and exit. + +`--cache-file=FILE' + Enable the cache: use and save the results of the tests in FILE, + traditionally `config.cache'. FILE defaults to `/dev/null' to + disable caching. + +`--config-cache' +`-C' + Alias for `--cache-file=config.cache'. + `--quiet' `--silent' `-q' - Do not print messages saying which checks are being made. To + Do not print messages saying which checks are being made. To suppress all normal output, redirect it to `/dev/null' (any error messages will still be shown). @@ -359,9 +226,6 @@ operates. Look for the package's source code in directory DIR. Usually `configure' can determine that directory automatically. -`--version' - Print the version of Autoconf used to generate the `configure' - script, and exit. - -`configure' also accepts some other, not widely useful, options. +`configure' also accepts some other, not widely useful, options. Run +`configure --help' for more details. diff --git a/configure.ac b/configure.ac index e3f2e3304..c816ab739 100644 --- a/configure.ac +++ b/configure.ac @@ -21,7 +21,13 @@ dnl (Process this file with autoconf to produce a configure script.) dnlAC_REVISION($Revision$)dnl AC_PREREQ(2.52) + +# Please enter the version number here and set development_version to +# yes if the minor number is odd or you feel that the default check +# for a development version is not sufficient. AC_INIT(gnupg, 1.1.90, bug-gnupg@gnu.org) +development_version=yes + ALL_LINGUAS="cs da de eo el es et fr gl id it ja nl pl pt_BR pt sv tr" static_modules="sha1 md5 rmd160" static_random_module="" @@ -651,25 +657,6 @@ else AC_MSG_RESULT(has been disabled) fi -dnl -dnl and whether this device supports ioctl -dnl (Note, that we should do a real test here) -dnl -if test "$ac_cv_have_dev_random" = yes ; then - AC_CHECK_HEADERS(linux/random.h) - AC_CACHE_CHECK(for random device ioctl, ac_cv_have_dev_random_ioctl, - [ if test "$ac_cv_header_linux_random_h" = yes ; then - ac_cv_have_dev_random_ioctl=yes; - else - ac_cv_have_dev_random_ioctl=no; - fi - ]) - if test "$ac_cv_have_dev_random_ioctl" = yes; then - AC_DEFINE(HAVE_DEV_RANDOM_IOCTL,1, - [defined if the random device supports some IOCTLs]) - fi -fi - dnl dnl Figure out the default linkage mode for random modules @@ -736,7 +723,7 @@ fi dnl dnl Parse the modules list and build the list -dnl of static and dymically linked modules +dnl of static and dynamically linked modules dnl dnl (We always need a static rmd160) static_modules="$static_modules rmd160 $static_random_module" @@ -873,13 +860,18 @@ AC_SUBST(ZLIBS) # Allow users to append something to the version string without # flagging it as development version. The user version parts is -# considered everything after a dash. -changequote(,)dnl -tmp_pat='[a-zA-Z]' -changequote([,])dnl -if echo "$VERSION" | sed 's/-.*//' | grep "$tmp_pat" >/dev/null ; then +# considered everything after a dash. +if test "$development_version" != yes; then + changequote(,)dnl + tmp_pat='[a-zA-Z]' + changequote([,])dnl + if echo "$VERSION" | sed 's/-.*//' | grep "$tmp_pat" >/dev/null ; then + development_version=yes + fi +fi +if test "$development_version" = yes; then AC_DEFINE(IS_DEVELOPMENT_VERSION,1, - [Defined if this is not a regular release]) + [Defined if this is not a regular release]) fi AM_CONDITIONAL(CROSS_COMPILING, test x$cross_compiling = xyes) @@ -887,7 +879,7 @@ AM_CONDITIONAL(CROSS_COMPILING, test x$cross_compiling = xyes) GNUPG_CHECK_GNUMAKE # add some extra libs here so that previous tests don't fail for -# mysterious reasons - the final link step shoudl bail out. +# mysterious reasons - the final link step should bail out. case "${target}" in *-*-mingw32*) LIBS="$LIBS -lws2_32"