* util/pka.c: Rewrite.
(get_pka_info): Add arg fprbuflen. Change callers to pass this.
* util/strgutil.c (ascii_strlwr): New.
* configure.ac: Remove option --disable-dns-pka.
(USE_DNS_PKA): Remove ac_define.
* g10/getkey.c (parse_auto_key_locate): Always include PKA.
--
Note that although PKA is now always build, it will only work if
support for looking up via DNS has not been disabled.
The new PKA only works with the IPGP DNS certtype and shall be used
only to retrieve the fingerprint and optional the key for the first
time. Due to the security problems with DNSSEC the former assumption
to validate the key using DNSSEC is not anymore justified. Instead an
additional layer (e.g. Trust-On-First-Use) needs to be implemented to
track change to the key. Having a solid way of getting a key matching
a mail address is however a must have.
More work needs to go into a redefinition of the --verify-options
pka-lookups and pka-trust-increase. The auto-key-locate mechanism
should also be able to continue key fetching with another method once
the fingerprint has been retrieved with PKA.
Signed-off-by: Werner Koch <wk@gnupg.org>
This is a backport from master.
(backported from commit 2fc27c8696)
* configure.ac: Added --enable-large-secmem option.
* g10/options.h: Add opt.flags.large_rsa.
* g10/gpg.c: Contingent on configure option: adjust secmem size,
add gpg --enable-large-rsa, bound to opt.flags.large_rsa.
* g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa
* doc/gpg.texi: Document --enable-large-rsa.
--
Some older implementations built and used RSA keys up to 16Kib, but
the larger secret keys now fail when used by more recent GnuPG, due to
secure memory limitations.
Building with ./configure --enable-large-secmem will make gpg
capable of working with those secret keys, as well as permitting the
use of a new gpg option --enable-large-rsa, which let gpg generate RSA
keys up to 8Kib when used with --batch --gen-key.
Debian-bug-id: 739424
Minor edits by wk.
GnuPG-bug-id: 1732
* configure.ac (DOCBOOK_TO_MAN): Remove.
* doc/gpg.ru.sgml: Remove.
* doc/Makefile.am: Remove all gpg.ru related code.
--
The man page is outdated and we do not use docbook for a long time
now. If someone wants to revive such a man page, it would be best to
translate the respective parts of the GnuPG manual in git master.
GnuPG-bug-id: 1652
* configure.ac: Check for inet_ntop.
* m4/libcurl.m4: Provide a #define for the version of the curl
library.
* keyserver/gpgkeys_hkp.c (main, srv_replace): Call getaddrinfo() on
each target. Once we find one that resolves to an address (whether
IPv4 or IPv6), pass it into libcurl via CURLOPT_RESOLVE using the
SRV name as the "host". Force the HTTP Host header to be the same.
Backported from 6b1f71055e
* keyserver/gpgkeys_hkp.c (main): Only default try-dns-srv to on if we
have SRV support in the first place.
Backported from 732f3d1d47
* configure.ac (AM_GNU_GETTEXT_VERSION): Bump to 0.18.
* po/Makefile.in.in: Upgrade to gettext-0.18. Keep option --previous
of msgmerge.
* intl/: Upgrade to gettext-0.18.
* m4/gettext.m4: Upgrade to gettext-0.18.1.
* m4/iconv.m4: Upgrade to gettext-0.18.1.
* m4/lib-ld.m4: Upgrade to gettext-0.18.1.
* m4/lib-link.m4: Upgrade to gettext-0.18.1.
* m4/lib-prefix.m4: Upgrade to gettext-0.18.1.
* m4/nls.m4: Upgrade to gettext-0.18.1.
* m4/po.m4: Upgrade to gettext-0.18.1.
* m4/progtest.m4: Upgrade to gettext-0.18.1.
* m4/codeset.m4: Upgrade to gettext-0.18.1.
* m4/fcntl-o.m4: New file, from gettext-0.18.1.
* m4/glibc2.m4: Upgrade to gettext-0.18.1.
* m4/glibc21.m4: Upgrade to gettext-0.18.1.
* m4/intdiv0.m4: Upgrade to gettext-0.18.1.
* m4/intl.m4: Upgrade to gettext-0.18.1.
* m4/intldir.m4: Upgrade to gettext-0.18.1.
* m4/intlmacosx.m4: Upgrade to gettext-0.18.1.
* m4/intmax.m4: Upgrade to gettext-0.18.1.
* m4/inttypes_h.m4: Upgrade to gettext-0.18.1.
* m4/inttypes-pri.m4: Upgrade to gettext-0.18.1.
* m4/lcmessage.m4: Upgrade to gettext-0.18.1.
* m4/lock.m4: Upgrade to gettext-0.18.1.
* m4/longlong.m4: Upgrade to gettext-0.18.1.
* m4/printf-posix.m4: Upgrade to gettext-0.18.1.
* m4/size_max.m4: Upgrade to gettext-0.18.1.
* m4/stdint_h.m4: Upgrade to gettext-0.18.1.
* m4/threadlib.m4: New file, from gettext-0.18.1.
* m4/uintmax_t.m4: Upgrade to gettext-0.18.1.
* m4/visibility.m4: Upgrade to gettext-0.18.1.
* m4/wchar_t.m4: Upgrade to gettext-0.18.1.
* m4/wint_t.m4: Upgrade to gettext-0.18.1.
* m4/xsize.m4: Upgrade to gettext-0.18.1.
* m4/Makefile.am (EXTRA_DIST): Add the new files.
* configure.ac (ENABLE_SELINUX_HACKS): New am_conditional.
* checks/Makefile.am (prepared.stamp): Replace by defs-config.inc.
(defs-config.inc): Create and set enable_selinux_hacks variable.
* checks/defs.inc: Include defs-config.inc.
* checks/armor.test: Do not run the last test in selinux mode.
GnuPG-bug-id: 1390
* cipher/idea.c: New. Take from Libgcrypt master and adjust for
direct use in GnuPG.
* cipher/idea-stub.c: Remove.
* cipher/Makefile.am: Add idea.c and remove idea-stub.c rules.
* configure.ac: Remove idea-stub code.
* g10/gpg.c (check_permissions): Remove code path for ITEM==2.
(main): Make --load-extension a dummy option.
* g10/keygen.c (keygen_set_std_prefs): Include IDEA only in PGP2
compatibility mode.
* g10/misc.c (idea_cipher_warn): Remove. Also remove all callers.
* g10/seckey-cert.c (do_check): Remove emitting of STATUS_RSA_OR_IDEA.
* g10/status.c (get_status_string): Remove STATUS_RSA_OR_IDEA.
* g10/status.h (STATUS_RSA_OR_IDEA): Remove.
--
To keep the number of actually used algorithms low, we support IDEA
only in a basically read-only way (unless --pgp2 is used during key
generation). It does not make sense to suggest the use of this old 64
bit blocksize algorithm. However, there is old data available where
it might be helpful to have IDEA available.
* bzlib/: Include bzip2 code.
* configure.ac [W32]: Force use of included bzip2 code.
* scripts/autogen.sh <--build-w32>: Do not pass --with-bzip option.
* Makefile.am (SUBDIRS): Add bzip. Use it only under W32.
--
In the past it happened that we forgot to build against bzip2 which is
a standard feature these days. Having the source included makes sure
that we will always build with bzip2 support.
* include/dotlock.h: New. From current gnupg master.
* util/dotlock.c: Ditto. Include util.h. The major changes done in
master are: Factor Unix and W32 specific code out into specific
functions. Define HAVE_POSIX_SYSTEM. Rearrange some functions.
(disable_dotlock): Rename to dotlock_disable.
(create_dotlock): Rename to dotlock_create and add a dummy arg.
(destroy_dotlock): Rename to dotlock_destroy.
(make_dotlock): Rename to dotlock_take.
(release_dotlock): Rename to dotlock_release.
(remove_lockfiles): Rename to dotlock_remove_lockfiles.
* configure.ac (AH_BOTTOM): Add GNUPG_GCC_VERSION macro.
* util/estream-printf.c (pr_float): Use new gcc pragma to ignore a
warning about a non-literal format.
* util/miscutil.c (asctimestamp): Ditto.
* cipher/md.c (md_stop_debug): Use new gcc pragme to ignore a warning
* about a set but unused variable.
Autoconf 2.68 is more picky about correct macro usage and thus I fixed
some wrong call conventions for AC_LANG_PROGRAM. Also factored an m4
conditional construct out from AC_INIT to avoid the "not a literal"
warning.
For compatibility reasons a few new files had to be added.
Also added estream-printf as this is now used in app-openpgp.c and provides
a better and generic asprintf implementation than the hack we used for the
W32 code in ttyio.c. Card code is not yet finished.