security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Activity

About to do a new release

This commit is contained in:
Werner Koch 2006-06-25 12:03:38 +00:00
parent bb97576ea0
commit a3883eb71d
12 changed files with 87 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -1,3 +1,7 @@
2006-06-25 Werner Koch <wk@g10code.com>
Released 1.4.4.
2006-05-23 David Shaw <dshaw@jabberwocky.com> 2006-05-23 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Add --disable-optimization. This is handy for * configure.ac: Add --disable-optimization. This is handy for

5
NEWS
View File

@ -1,6 +1,9 @@
Noteworthy changes in version 1.4.4 Noteworthy changes in version 1.4.4 (2006-06-25)
------------------------------------------------ ------------------------------------------------
* User IDs are now capped 2048 byte. This avoids a memory
allocation attack (see CVE-2006-3082).
* Added support for the SHA-224 hash. Like the SHA-384 hash, it * Added support for the SHA-224 hash. Like the SHA-384 hash, it
is mainly useful when DSS (the US Digital Signature Standard) is mainly useful when DSS (the US Digital Signature Standard)
compatibility is desired. compatibility is desired.

2
THANKS
View File

@ -58,6 +58,7 @@ Edmund GRIMLEY EVANS edmundo@rano.org
Edwin Woudt edwin@woudt.nl Edwin Woudt edwin@woudt.nl
Enzo Michelangeli em@MailAndNews.com Enzo Michelangeli em@MailAndNews.com
Ernst Molitor ernst.molitor@uni-bonn.de Ernst Molitor ernst.molitor@uni-bonn.de
Evgeny Legerov
Fabio Coatti cova@ferrara.linux.it Fabio Coatti cova@ferrara.linux.it
Felix von Leitner leitner@amdiv.de Felix von Leitner leitner@amdiv.de
fish stiqz fish@analog.org fish stiqz fish@analog.org
@ -103,6 +104,7 @@ Jim Bauer jfbauer@home.com
Jim Small cavenewt@my-deja.com Jim Small cavenewt@my-deja.com
Joachim Backes backes@rhrk.uni-kl.de Joachim Backes backes@rhrk.uni-kl.de
Joe Rhett jrhett@isite.net Joe Rhett jrhett@isite.net
Joerg Honegger Joerg.Honegger@hp.com
John A. Martin jam@jamux.com John A. Martin jam@jamux.com
John Clizbe JPClizbe@comcast.net John Clizbe JPClizbe@comcast.net
John R. Shannon john@johnrshannon.com John R. Shannon john@johnrshannon.com

2
configure.ac
View File

@ -28,7 +28,7 @@ min_automake_version="1.9.3"
# Set my_issvn to "yes" for non-released code. Remember to run an # Set my_issvn to "yes" for non-released code. Remember to run an
# "svn up" and "autogen.sh" right before creating a distribution. # "svn up" and "autogen.sh" right before creating a distribution.
m4_define([my_version], [1.4.4]) m4_define([my_version], [1.4.4])
m4_define([my_issvn], [yes]) m4_define([my_issvn], [no])
m4_define([svn_revision], m4_esyscmd([echo -n $((svn info 2>/dev/null \ m4_define([svn_revision], m4_esyscmd([echo -n $((svn info 2>/dev/null \
|| echo 'Revision: 0')|sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)])) || echo 'Revision: 0')|sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)]))

70
doc/gpg.texi
View File

@ -51,7 +51,11 @@ together (for a signed message that may be decrypted via a secret key
or a passphrase). or a passphrase).
@item --clearsign @item --clearsign
Make a clear text signature. Make a clear text signature. The content in a clear text signature is
readable without any special software. OpenPGP software is only
needed to verify the signature. Clear text signatures may modify
end-of-line whitespace for platform independence and are not intended
to be reversible.
@item -b, --detach-sign @item -b, --detach-sign
Make a detached signature. Make a detached signature.
@ -355,7 +359,7 @@ Compact (by removing all signatures except the selfsig) any user ID
that is no longer usable (e.g. revoked, or expired). Then, remove any that is no longer usable (e.g. revoked, or expired). Then, remove any
signatures that are not usable by the trust calculations. signatures that are not usable by the trust calculations.
Specifically, this removes any signature that does not validate, any Specifically, this removes any signature that does not validate, any
signature that is superceded by a later signature, revoked signatures, signature that is superseded by a later signature, revoked signatures,
and signatures issued by keys that are not present on the keyring. and signatures issued by keys that are not present on the keyring.
@item minimize @item minimize
@ -1140,6 +1144,13 @@ Raise the trust in a signature to full if the signature passes PKA
validation. This option is only meaningful if pka-lookups is set. validation. This option is only meaningful if pka-lookups is set.
@end table @end table
@item --enable-dsa2
@itemx --disable-dsa2
Enables new-style DSA keys which (unlike the old style) may be larger
than 1024 bit and use hashes other than SHA-1 and RIPEMD/160. Note
that very few programs currently support these keys and signatures
from them.
@item --show-photos @item --show-photos
@itemx --no-show-photos @itemx --no-show-photos
Causes --list-keys, --list-sigs, --list-public-keys, Causes --list-keys, --list-sigs, --list-public-keys,
@ -1434,14 +1445,20 @@ key signer (defaults to 3)
Maximum depth of a certification chain (default is 5). Maximum depth of a certification chain (default is 5).
@item --cipher-algo @code{name} @item --cipher-algo @code{name}
Use @code{name} as cipher algorithm. Running the program Use @code{name} as cipher algorithm. Running the program with the
with the command --version yields a list of supported command --version yields a list of supported algorithms. If this is
algorithms. If this is not used the cipher algorithm is not used the cipher algorithm is selected from the preferences stored
selected from the preferences stored with the key. with the key. In general, you do not want to use this option as it
allows you to violate the OpenPGP standard.
--personal-cipher-preferences is the safe way to accomplish the same
thing.
@item --digest-algo @code{name} @item --digest-algo @code{name}
Use @code{name} as the message digest algorithm. Running the program Use @code{name} as the message digest algorithm. Running the program
with the command --version yields a list of supported algorithms. with the command --version yields a list of supported algorithms. In
general, you do not want to use this option as it allows you to
violate the OpenPGP standard. --personal-digest-preferences is the
safe way to accomplish the same thing.
@item --compress-algo @code{name} @item --compress-algo @code{name}
Use compression algorithm @code{name}. "zlib" is RFC-1950 ZLIB Use compression algorithm @code{name}. "zlib" is RFC-1950 ZLIB
@ -1460,7 +1477,10 @@ compression results than that, but will use a significantly larger
amount of memory while compressing and decompressing. This may be amount of memory while compressing and decompressing. This may be
significant in low memory situations. Note, however, that PGP (all significant in low memory situations. Note, however, that PGP (all
versions) only supports ZIP compression. Using any algorithm other versions) only supports ZIP compression. Using any algorithm other
than ZIP or "none" will make the message unreadable with PGP. than ZIP or "none" will make the message unreadable with PGP. In
general, you do not want to use this option as it allows you to
violate the OpenPGP standard. --personal-compress-preferences is the
safe way to accomplish the same thing.
@item --cert-digest-algo @code{name} @item --cert-digest-algo @code{name}
Use @code{name} as the message digest algorithm used when signing a Use @code{name} as the message digest algorithm used when signing a
@ -1558,15 +1578,17 @@ signature. Note that all other PGP versions do it this way too.
Enabled by default. --no-escape-from-lines disables this option. Enabled by default. --no-escape-from-lines disables this option.
@item --passphrase-fd @code{n} @item --passphrase-fd @code{n}
Read the passphrase from file descriptor @code{n}. If you use 0 for Read the passphrase from file descriptor @code{n}. Only the first line
@code{n}, the passphrase will be read from stdin. This can only be will be read from file descriptor @code{n}. If you use 0 for @code{n},
used if only one passphrase is supplied. the passphrase will be read from stdin. This can only be used if only
one passphrase is supplied.
@item --passphrase-file @code{file} @item --passphrase-file @code{file}
Read the passphrase from file @code{file}. This can only be used if Read the passphrase from file @code{file}. Only the first line will
only one passphrase is supplied. Obviously, a passphrase stored in a be read from file @code{file}. This can only be used if only one
file is of questionable security if other users can read this file. passphrase is supplied. Obviously, a passphrase stored in a file is
Don't use this option if you can avoid it. of questionable security if other users can read this file. Don't use
this option if you can avoid it.
@item --passphrase @code{string} @item --passphrase @code{string}
Use @code{string} as the passphrase. This can only be used if only one Use @code{string} as the passphrase. This can only be used if only one
@ -1660,7 +1682,8 @@ TWOFISH.
Set up all options to be as PGP 8 compliant as possible. PGP 8 is a Set up all options to be as PGP 8 compliant as possible. PGP 8 is a
lot closer to the OpenPGP standard than previous versions of PGP, so lot closer to the OpenPGP standard than previous versions of PGP, so
all this does is disable --throw-keyids and set --escape-from-lines. all this does is disable --throw-keyids and set --escape-from-lines.
All algorithms are allowed except for the SHA384 and SHA512 digests. All algorithms are allowed except for the SHA224, SHA384, and SHA512
digests.
@end table @end table
@item --force-v3-sigs @item --force-v3-sigs
@ -1785,10 +1808,10 @@ certain common permission problems. Do not assume that the lack of a
warning means that your system is secure. warning means that your system is secure.
Note that the warning for unsafe --homedir permissions cannot be Note that the warning for unsafe --homedir permissions cannot be
supressed in the gpg.conf file, as this would allow an attacker to suppressed in the gpg.conf file, as this would allow an attacker to
place an unsafe gpg.conf file in place, and use this file to supress place an unsafe gpg.conf file in place, and use this file to suppress
warnings about itself. The --homedir permissions warning may only be warnings about itself. The --homedir permissions warning may only be
supressed on the command line. suppressed on the command line.
@item --no-mdc-warning @item --no-mdc-warning
Suppress the warning about missing MDC integrity protection. Suppress the warning about missing MDC integrity protection.
@ -1929,8 +1952,8 @@ message contains a bogus key ID.
@item --allow-multisig-verification @item --allow-multisig-verification
Allow verification of concatenated signed messages. This will run a Allow verification of concatenated signed messages. This will run a
signature verification for each data+signature block. There are some signature verification for each data+signature block. There are some
security issues with this option thus it is off by default. Note that security issues with this option and thus it is off by default. Note
versions of gpg rpior to version 1.4.3 implicityly allowed for this. that versions of GPG prior to version 1.4.3 implicitly allowed this.
@item --enable-special-filenames @item --enable-special-filenames
This options enables a mode in which filenames of the form This options enables a mode in which filenames of the form
@ -1994,6 +2017,11 @@ Set the list of default preferences to @code{string}. This preference
list is used for new keys and becomes the default for "setpref" in the list is used for new keys and becomes the default for "setpref" in the
edit menu. edit menu.
@item --default-keyserver-url @code{name}
Set the default keyserver URL to @code{name}. This keyserver will be
used as the keyserver URL when writing a new self-signature on a key,
which includes key generation and changing preferences.
@item --list-config @item --list-config
Display various internal configuration parameters of GnuPG. This Display various internal configuration parameters of GnuPG. This
option is intended for external programs that call GnuPG to perform option is intended for external programs that call GnuPG to perform

4
g10/ChangeLog
View File

@ -582,8 +582,8 @@
2005-12-08 David Shaw <dshaw@jabberwocky.com> 2005-12-08 David Shaw <dshaw@jabberwocky.com>
* options.h, keyserver.c (curl_cant_handle, keyserver_spawn, * options.h, keyserver.c (curl_cant_handle, keyserver_spawn)
keyserver_fetch): Set a flag to indicate that we're doing a direct (keyserver_fetch): Set a flag to indicate that we're doing a direct
URI fetch so we can differentiate between a keyserver operation URI fetch so we can differentiate between a keyserver operation
and a URI fetch for protocols like LDAP that can do either. and a URI fetch for protocols like LDAP that can do either.

2
g10/encr-data.c
View File

@ -99,7 +99,7 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
log_error("key setup failed: %s\n", g10_errstr(rc) ); log_error("key setup failed: %s\n", g10_errstr(rc) );
goto leave; goto leave;
} }
if (!ed->buf) { if (!ed->buf) {
log_error(_("problem handling encrypted packet\n")); log_error(_("problem handling encrypted packet\n"));
goto leave; goto leave;

4
m4/ChangeLog
View File

@ -1,3 +1,7 @@
2006-06-25 Werner Koch <wk@g10code.com>
* Makefile.am: Added noexecstack.m4 and ldap.m4
2006-05-22 Marcus Brinkmann <marcus@g10code.de> 2006-05-22 Marcus Brinkmann <marcus@g10code.de>
* noexecstack.m4: New file. * noexecstack.m4: New file.

11
m4/Makefile.am
View File

@ -1 +1,10 @@
EXTRA_DIST = intmax.m4 longdouble.m4 longlong.m4 printf-posix.m4 signed.m4 size_max.m4 wchar_t.m4 wint_t.m4 xsize.m4 codeset.m4 gettext.m4 glibc21.m4 iconv.m4 intdiv0.m4 inttypes.m4 inttypes_h.m4 inttypes-pri.m4 isc-posix.m4 lcmessage.m4 lib-ld.m4 lib-link.m4 lib-prefix.m4 nls.m4 po.m4 progtest.m4 stdint_h.m4 uintmax_t.m4 ulonglong.m4 readline.m4 libcurl.m4 libusb.m4 tar-ustar.m4 EXTRA_DIST = intmax.m4 longdouble.m4 longlong.m4 printf-posix.m4 \
signed.m4 size_max.m4 wchar_t.m4 wint_t.m4 xsize.m4 \
codeset.m4 gettext.m4 glibc21.m4 iconv.m4 intdiv0.m4 \
inttypes.m4 inttypes_h.m4 inttypes-pri.m4 isc-posix.m4 \
lcmessage.m4 lib-ld.m4 lib-link.m4 lib-prefix.m4 nls.m4 \
po.m4 progtest.m4 stdint_h.m4 uintmax_t.m4 ulonglong.m4 \
readline.m4 libcurl.m4 libusb.m4 tar-ustar.m4 \
ldap.m4 \
noexecstack.m4

4
po/de.po
View File

@ -8,7 +8,7 @@ msgstr ""
"Project-Id-Version: gnupg-1.4.1\n" "Project-Id-Version: gnupg-1.4.1\n"
"Report-Msgid-Bugs-To: gnupg-i18n@gnupg.org\n" "Report-Msgid-Bugs-To: gnupg-i18n@gnupg.org\n"
"POT-Creation-Date: 2006-04-03 11:40+0200\n" "POT-Creation-Date: 2006-04-03 11:40+0200\n"
"PO-Revision-Date: 2006-04-03 11:40+0200\n" "PO-Revision-Date: 2006-05-12 12:13+0200\n"
"Last-Translator: Walter Koch <koch@u32.de>\n" "Last-Translator: Walter Koch <koch@u32.de>\n"
"Language-Team: German <de@li.org>\n" "Language-Team: German <de@li.org>\n"
"MIME-Version: 1.0\n" "MIME-Version: 1.0\n"
@ -6113,7 +6113,7 @@ msgstr ""
#: g10/trustdb.c:2197 #: g10/trustdb.c:2197
#, c-format #, c-format
msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n" msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
msgstr "%d marignal-needed, %d complete-needed, %s Trust-Modell\n" msgstr "%d marginal-needed, %d complete-needed, %s Vertrauensmodell\n"
#: g10/trustdb.c:2283 #: g10/trustdb.c:2283
#, c-format #, c-format

2
util/ChangeLog
View File

@ -10,7 +10,7 @@
2006-04-11 Werner Koch <wk@g10code.com> 2006-04-11 Werner Koch <wk@g10code.com>
* iobuf.c (IOBUF_BUFFER_SIZE): New to repalce hardwired 8192. * iobuf.c (IOBUF_BUFFER_SIZE): New to replace hardwired 8192.
2006-04-06 David Shaw <dshaw@jabberwocky.com> 2006-04-06 David Shaw <dshaw@jabberwocky.com>

14
util/miscutil.c
View File

@ -326,10 +326,10 @@ make_printable_string( const byte *p, size_t n, int delim )
int int
answer_is_yes_no_default( const char *s, int def_answer ) answer_is_yes_no_default( const char *s, int def_answer )
{ {
/* NOTE TO TRANSLATOR: See doc/TRANSLATE about this string. */ /* TRANSLATORS: See doc/TRANSLATE about this string. */
const char *long_yes = _("yes"); const char *long_yes = _("yes");
const char *short_yes = _("yY"); const char *short_yes = _("yY");
/* NOTE TO TRANSLATOR: See doc/TRANSLATE about this string. */ /* TRANSLATORS: See doc/TRANSLATE about this string. */
const char *long_no = _("no"); const char *long_no = _("no");
const char *short_no = _("nN"); const char *short_no = _("nN");
@ -363,11 +363,11 @@ answer_is_yes( const char *s )
int int
answer_is_yes_no_quit( const char *s ) answer_is_yes_no_quit( const char *s )
{ {
/* NOTE TO TRANSLATOR: See doc/TRANSLATE about this string. */ /* TRANSLATORS: See doc/TRANSLATE about this string. */
const char *long_yes = _("yes"); const char *long_yes = _("yes");
/* NOTE TO TRANSLATOR: See doc/TRANSLATE about this string. */ /* TRANSLATORS: See doc/TRANSLATE about this string. */
const char *long_no = _("no"); const char *long_no = _("no");
/* NOTE TO TRANSLATOR: See doc/TRANSLATE about this string. */ /* TRANSLATORS: See doc/TRANSLATE about this string. */
const char *long_quit = _("quit"); const char *long_quit = _("quit");
const char *short_yes = _("yY"); const char *short_yes = _("yY");
const char *short_no = _("nN"); const char *short_no = _("nN");
@ -403,9 +403,9 @@ answer_is_yes_no_quit( const char *s )
int int
answer_is_okay_cancel (const char *s, int def_answer) answer_is_okay_cancel (const char *s, int def_answer)
{ {
/* NOTE TO TRANSLATOR: See doc/TRANSLATE about this string. */ /* TRANSLATORS: See doc/TRANSLATE about this string. */
const char *long_okay = _("okay|okay"); const char *long_okay = _("okay|okay");
/* NOTE TO TRANSLATOR: See doc/TRANSLATE about this string. */ /* TRANSLATORS: See doc/TRANSLATE about this string. */
const char *long_cancel = _("cancel|cancel"); const char *long_cancel = _("cancel|cancel");
const char *short_okay = _("oO"); const char *short_okay = _("oO");
const char *short_cancel = _("cC"); const char *short_cancel = _("cC");