From 673a50de0f8873240bde53700789a1ba32a131c5 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 9 Feb 2000 14:35:37 +0000 Subject: See ChangeLog: Wed Feb 9 15:33:44 CET 2000 Werner Koch --- NEWS | 2 ++ THANKS | 2 ++ doc/ChangeLog | 6 ++++++ doc/gpg.sgml | 18 ++++++++++++++---- g10/ChangeLog | 11 +++++++++++ g10/encode.c | 2 +- g10/g10.c | 3 +++ g10/keygen.c | 6 ++++-- g10/options.h | 1 + g10/sig-check.c | 6 ++++-- g10/sign.c | 3 ++- g10/trustdb.c | 3 ++- scripts/commit | 2 +- 13 files changed, 53 insertions(+), 12 deletions(-) diff --git a/NEWS b/NEWS index 2cdcf6af7..fd5143873 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,8 @@ Noteworthy changes in the current test release ---------------------------------------------- + * New option --ignore-time-conflict. + * Some fixes for the W32 version * Encryption is now much faster: About 2 times for 1k bit keys diff --git a/THANKS b/THANKS index 8a00dbd6a..0f3ae84e9 100644 --- a/THANKS +++ b/THANKS @@ -40,7 +40,9 @@ Geoff Keating geoffk@ozemail.com.au Harald Denker harry@hal.westfalen.de Hendrik Buschkamp buschkamp@rheumanet.org Holger Schurig holger@d.om.org +Holger Trapp Holger.Trapp@informatik.tu-chemnitz.de Hugh Daniel hugh@toad.com +Huy Le huyle@ugcs.caltech.edu Ian McKellar imckellar@harvestroad.com.au Jan Krueger max@physics.otago.ac.nz Janusz A. Urbanowicz alex@bofh.torun.pl diff --git a/doc/ChangeLog b/doc/ChangeLog index 1d1346cf2..06008a3aa 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,9 @@ +Wed Feb 9 15:33:44 CET 2000 Werner Koch + + * gpg.sgml: Describe --ignore-time-conflict. + + * gpg.sgml: Fixed a few typos. Thanks to Holger Trapp. + Wed Jan 5 11:51:17 CET 2000 Werner Koch * FAQ: Enhanced answer for the 3des-s2k bug. diff --git a/doc/gpg.sgml b/doc/gpg.sgml index ec160679b..7a31a9d1e 100644 --- a/doc/gpg.sgml +++ b/doc/gpg.sgml @@ -1145,6 +1145,16 @@ and encryption keys. + +--ignore-time-conflict + +GnuPG normally checks that the timestamps associated with keys and +signatures have plausible values. However, sometimes a signature seems to +be older than the key due to clock problems. This option makes these +checks just a warning. + + + --lock-once @@ -1305,7 +1315,7 @@ Here the key ID is given in the long form as used by OpenPGP. The best way to specify a key ID is by using the fingerprint of the key. This avoids any ambiguities in case that there are duplicated -kez IDs (which are really rare for the long key IDs). +key IDs (which are really rare for the long key IDs). @@ -1348,7 +1358,7 @@ only a number. *Heine By case insensitive substring matching. This is the default mode but -applications maz want to explicitely indicate this bz putting the asterisk +applications may want to explicitely indicate this by putting the asterisk in front. @@ -1507,9 +1517,9 @@ is *very* easy to spy out your passphrase! On many systems this program should be installed as setuid(root). This is necessary to lock memory pages. Locking memory pages prevents the operating system from writing memory pages to disk. If you get no -warning message about insecure memory then your operating system supports +warning message about insecure memory 3our operating system supports locking without being root. The program drops root privileges as soon -as the locked memory is allocated. +as locked memory is allocated. diff --git a/g10/ChangeLog b/g10/ChangeLog index a428b72d5..c054268ca 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,14 @@ +Wed Feb 9 15:33:44 CET 2000 Werner Koch + + * gpg.c: New option --ignore-time-conflict + * sig-check.c (do_check): Implemented this option. + * trustdb.c (check_trust): Ditto. + * sign.c (do_sign): Ditto. + * keygen.c (generate_subkeypair): Ditto. + + * encode.c (encode_simple): use iobuf_cancel after open failure. + Reported by Huy Le. + Fri Jan 14 18:32:01 CET 2000 Werner Koch * packet.h (STRING2KEY): Changed mode from byte to int. diff --git a/g10/encode.c b/g10/encode.c index 50d696e2f..e1311f2d9 100644 --- a/g10/encode.c +++ b/g10/encode.c @@ -116,7 +116,7 @@ encode_simple( const char *filename, int mode ) } if( (rc = open_outfile( filename, opt.armor? 1:0, &out )) ) { - iobuf_close(inp); + iobuf_cancel(inp); m_free(cfx.dek); m_free(s2k); return rc; diff --git a/g10/g10.c b/g10/g10.c index ff50b7aeb..bfa75eff2 100644 --- a/g10/g10.c +++ b/g10/g10.c @@ -182,6 +182,7 @@ enum cmd_and_opt_values { aNull = 0, oHonorHttpProxy, oFastListMode, oListOnly, + oIgnoreTimeConflict, oEmu3DESS2KBug, /* will be removed in 1.1 */ aTest }; @@ -354,6 +355,7 @@ static ARGPARSE_OPTS opts[] = { { oHonorHttpProxy,"honor-http-proxy", 0, "@" }, { oFastListMode,"fast-list-mode", 0, "@" }, { oListOnly, "list-only", 0, "@"}, + { oIgnoreTimeConflict, "ignore-time-conflict", 0, "@" }, { oEmu3DESS2KBug, "emulate-3des-s2k-bug", 0, "@"}, {0} }; @@ -890,6 +892,7 @@ main( int argc, char **argv ) case oHonorHttpProxy: opt.honor_http_proxy = 1; break; case oFastListMode: opt.fast_list_mode = 1; break; case oListOnly: opt.list_only=1; break; + case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break; default : pargs.err = configfp? 1:2; break; } diff --git a/g10/keygen.c b/g10/keygen.c index 11d79d0fd..11c840786 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -1023,8 +1023,10 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock ) "in future (time warp or clock problem)\n") : _("key has been created %lu seconds " "in future (time warp or clock problem)\n"), d ); - rc = G10ERR_TIME_CONFLICT; - goto leave; + if( !opt.ignore_time_conflict ) { + rc = G10ERR_TIME_CONFLICT; + goto leave; + } } diff --git a/g10/options.h b/g10/options.h index d98241c29..1da1120be 100644 --- a/g10/options.h +++ b/g10/options.h @@ -87,6 +87,7 @@ struct { ulong set_filesize; int honor_http_proxy; int fast_list_mode; + int ignore_time_conflict; } opt; diff --git a/g10/sig-check.c b/g10/sig-check.c index 742727c99..d9e4c3983 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -303,7 +303,8 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest ) ? _("public key is %lu second newer than the signature\n") : _("public key is %lu seconds newer than the signature\n"), d ); - return G10ERR_TIME_CONFLICT; /* pubkey newer than signature */ + if( !opt.ignore_time_conflict ) + return G10ERR_TIME_CONFLICT; /* pubkey newer than signature */ } cur_time = make_timestamp(); @@ -313,7 +314,8 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest ) "in future (time warp or clock problem)\n") : _("key has been created %lu seconds " "in future (time warp or clock problem)\n"), d ); - return G10ERR_TIME_CONFLICT; + if( !opt.ignore_time_conflict ) + return G10ERR_TIME_CONFLICT; } if( pk->expiredate && pk->expiredate < cur_time ) { diff --git a/g10/sign.c b/g10/sign.c index 0d3e50372..4a2bd3ec1 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -112,7 +112,8 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig, "in future (time warp or clock problem)\n") : _("key has been created %lu seconds " "in future (time warp or clock problem)\n"), d ); - return G10ERR_TIME_CONFLICT; + if( !opt.ignore_time_conflict ) + return G10ERR_TIME_CONFLICT; } diff --git a/g10/trustdb.c b/g10/trustdb.c index 1791f2882..eb244143e 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -2326,7 +2326,8 @@ check_trust( PKT_public_key *pk, unsigned *r_trustlevel, log_info(_("key %08lX.%lu: created in future " "(time warp or clock problem)\n"), (ulong)keyid[1], pk->local_id ); - return G10ERR_TIME_CONFLICT; + if( !opt.ignore_time_conflict ) + return G10ERR_TIME_CONFLICT; } if( !(rec.r.dir.dirflags & DIRF_CHECKED) ) diff --git a/scripts/commit b/scripts/commit index 18a9b4aa7..6bfa0a615 100755 --- a/scripts/commit +++ b/scripts/commit @@ -59,5 +59,5 @@ for i in `find . -name cvs-add -print`; do fi done -cvs commit -m "See ChangeLog: $date $name" $* +cvs -z3 commit -m "See ChangeLog: $date $name" $* -- cgit v1.2.3