From de324a0d965490c7f1c3c060aae74d03eeb54888 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 1 Dec 2011 10:51:36 +0100 Subject: Generate the ChangeLog from commit logs. * scripts/gitlog-to-changelog: New script. Taken from gnulib. * scripts/git-log-fix: New file. * scripts/git-log-footer: New file. * doc/HACKING: Describe the ChangeLog policy * ChangeLog: New file. * Makefile.am (EXTRA_DIST): Add new files. (gen-ChangeLog): New. (dist-hook): Run gen-ChangeLog. Rename all ChangeLog files to ChangeLog-2011. --- ChangeLog | 1404 +---- ChangeLog-2011 | 1394 +++++ Makefile.am | 24 +- agent/ChangeLog | 3107 ----------- agent/ChangeLog-2011 | 3118 +++++++++++ agent/Makefile.am | 3 +- common/ChangeLog | 2488 --------- common/ChangeLog-2011 | 2499 +++++++++ common/ChangeLog.jnlib | 11 + common/Makefile.am | 2 +- dirmngr/ChangeLog | 1606 ------ dirmngr/ChangeLog-2011 | 1617 ++++++ dirmngr/ChangeLog.1 | 4 + dirmngr/Makefile.am | 2 +- doc/ChangeLog | 860 --- doc/ChangeLog-2011 | 871 +++ doc/HACKING | 31 +- doc/Makefile.am | 2 +- g10/ChangeLog | 12055 ---------------------------------------- g10/ChangeLog-2011 | 12066 +++++++++++++++++++++++++++++++++++++++++ g10/Makefile.am | 2 +- g13/ChangeLog | 3 - g13/ChangeLog-2011 | 14 + g13/Makefile.am | 2 + include/ChangeLog | 444 -- include/ChangeLog-2011 | 455 ++ include/Makefile.am | 2 +- kbx/ChangeLog | 385 -- kbx/ChangeLog-2011 | 396 ++ keyserver/ChangeLog | 1348 ----- keyserver/ChangeLog-2011 | 1359 +++++ keyserver/Makefile.am | 14 +- m4/ChangeLog | 164 - m4/ChangeLog-2011 | 175 + m4/Makefile.am | 5 +- po/ChangeLog | 322 -- po/ChangeLog-2011 | 330 ++ po/de.po | 27 +- scd/ChangeLog | 2585 --------- scd/ChangeLog-2011 | 2596 +++++++++ scd/Makefile.am | 2 + scripts/ChangeLog | 51 - scripts/ChangeLog-2011 | 62 + scripts/git-log-fix | 3 + scripts/git-log-footer | 14 + scripts/gitlog-to-changelog | 345 ++ sm/ChangeLog | 2957 ---------- sm/ChangeLog-2011 | 2968 ++++++++++ sm/Makefile.am | 1 + tests/ChangeLog | 141 - tests/ChangeLog-2011 | 152 + tests/Makefile.am | 2 +- tests/openpgp/ChangeLog | 413 -- tests/openpgp/ChangeLog-2011 | 424 ++ tests/openpgp/Makefile.am | 2 +- tests/pkits/ChangeLog | 64 - tests/pkits/ChangeLog-2011 | 75 + tests/pkits/Makefile.am | 12 +- tools/ChangeLog | 1277 ----- tools/ChangeLog-2011 | 1288 +++++ tools/Makefile.am | 2 +- 61 files changed, 32348 insertions(+), 31699 deletions(-) create mode 100644 ChangeLog-2011 delete mode 100644 agent/ChangeLog create mode 100644 agent/ChangeLog-2011 delete mode 100644 common/ChangeLog create mode 100644 common/ChangeLog-2011 delete mode 100644 dirmngr/ChangeLog create mode 100644 dirmngr/ChangeLog-2011 delete mode 100644 doc/ChangeLog create mode 100644 doc/ChangeLog-2011 delete mode 100644 g10/ChangeLog create mode 100644 g10/ChangeLog-2011 delete mode 100644 g13/ChangeLog create mode 100644 g13/ChangeLog-2011 delete mode 100644 include/ChangeLog create mode 100644 include/ChangeLog-2011 delete mode 100644 kbx/ChangeLog create mode 100644 kbx/ChangeLog-2011 delete mode 100644 keyserver/ChangeLog create mode 100644 keyserver/ChangeLog-2011 delete mode 100644 m4/ChangeLog create mode 100644 m4/ChangeLog-2011 delete mode 100644 po/ChangeLog create mode 100644 po/ChangeLog-2011 delete mode 100644 scd/ChangeLog create mode 100644 scd/ChangeLog-2011 delete mode 100644 scripts/ChangeLog create mode 100644 scripts/ChangeLog-2011 create mode 100644 scripts/git-log-fix create mode 100644 scripts/git-log-footer create mode 100755 scripts/gitlog-to-changelog delete mode 100644 sm/ChangeLog create mode 100644 sm/ChangeLog-2011 delete mode 100644 tests/ChangeLog create mode 100644 tests/ChangeLog-2011 delete mode 100644 tests/openpgp/ChangeLog create mode 100644 tests/openpgp/ChangeLog-2011 delete mode 100644 tests/pkits/ChangeLog create mode 100644 tests/pkits/ChangeLog-2011 delete mode 100644 tools/ChangeLog create mode 100644 tools/ChangeLog-2011 diff --git a/ChangeLog b/ChangeLog index cbf878893..8bd68a626 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,1396 +1,16 @@ -2011-11-29 Werner Koch +No more ChangeLog files +======================== - * autogen.sh: Make sure HOME et al have no unsafe characters. +Do not modify any of the ChangeLog files in GnuPG. Starting on +December 1st, 2011 we put change information only in the GIT commit +log, and generate a top-level ChangeLog file from logs at "make dist" +time. As such, there are strict requirements on the form of the +commit log messages. See doc/HACKING for details. The old ChangeLog +files have all be renamed to ChangeLog-2011. -2011-11-28 Jim Meyering - accept --with-libgpg-error-prefix as well as --with-gpg-error-prefix - * m4/gpg-error.m4: Update from git master. -2011-10-13 Marcus Brinkmann - - * configure.ac: Fix npth version check. - * m4/npth.m4: Fix version check. - - * configure.ac: Don't check for PTH but for NPTH. - (AH_BOTTOM): Remove PTH_SYSCALL_SOFT. - (have_pth): Rename to ... - (have_npth): ... this. - (USE_GNU_NPTH): Rename to ... - (USE_GNU_PTH): ... this. - * m4/gnupg-npth.m4: New file. - -2011-09-23 Werner Koch - - * configure.ac: Remove check for gcry_kdf_derive. - -2011-08-10 Werner Koch - - * configure.ac: Fix new autoconf warnings. - -2011-05-20 Werner Koch - - * configure.ac: Require libgpg-error 1.10. - -2011-03-08 Werner Koch - - Release 2.1.0beta2. - - * configure.ac: Require libgcrypt 1.5.0. - (HAVE_GCRY_PK_ECDH, HAVE_GCRY_PK_GET_CURVE): Remove. - (utmp.h): Check for header. - -2011-02-25 Werner Koch - - * configure.ac: Require libksba 1.2. - -2011-02-04 Werner Koch - - * autogen.sh: Ensure that the git pre-commit hoom has been - enabled. Add a cleanpo filter if not yet set. - -2011-02-03 Werner Koch - - * configure.ac (HAVE_GCRY_PK_GET_CURVE): Use AC_TRY_LINK. - -2011-02-01 Werner Koch - - * configure.ac (HAVE_GCRY_PK_GET_CURVE): Define if availabale. - -2011-01-20 Werner Koch - - * configure.ac (AC_CONFIG_FILES): Remove keyserver/. - -2011-01-19 Werner Koch - - * configure.ac: Add new option --enable-gpg2-is-gpg. - (NAME_OF_INSTALLED_GPG): New ac_define. - * autogen.sh [--build-w32ce]: Use --enable-gpg2-is-gpg. - -2011-01-21 Werner Koch - - * configure.ac: Need Libgcrypt 1.4.6 due to AESWRAP. - (HAVE_GCRY_PK_ECDH): Add new test. - -2011-01-03 Werner Koch - - * README.SVN: Rename to README.GIT. - * Makefile.am (EXTRA_DIST): Adjust for that change. - -2010-12-14 Werner Koch - - * configure.ac (BUILD_WITH_GPG, BUILD_WITH_GPGSM) - (BUILD_WITH_AGENT, BUILD_WITH_SCDAEMON, BUILD_WITH_DIRMNGR) - (BUILD_WITH_G13): New defines. - -2010-11-23 Werner Koch - - * am/cmacros.am (extra_bin_ldflags): New. For W32CE set the stack - size to 256k. - -2010-11-17 Werner Koch - - * configure.ac (ENABLE_CARD_SUPPORT): Define. - -2010-10-27 Werner Koch - - * acinclude.m4 (GNUPG_TIME_T_UNSIGNED): New. - * configure.ac (AC_HEADER_TIME): Include before checking time_t. - (GNUPG_TIME_T_UNSIGNED): Add. - -2010-10-26 Werner Koch - - Release 2.1.0beta1. - -2010-10-18 Werner Koch - - * Makefile.am (install-data-hook): Add W32 specific hook. - -2010-10-08 Werner Koch - - * configure.ac: Add option --enable-dirmngr-auto-start. - (USE_DIRMNGR_AUTO_START): New ac_define. - * autogen.sh <--build-w32ce>: Use new option. - -2010-10-06 Werner Koch - - * configure.ac: Make --enable-standard-socket the default. - -2010-10-04 Werner Koch - - * configure.ac (GNUPG_CHECK_FAQPROG): Remove. - -2010-08-19 Werner Koch - - * configure.ac (AH_BOTTOM): Define GPG_ERR_ENABLE_ERRNO_MACROS. - -2010-08-09 Werner Koch - - * configure.ac (inet_pton): Check for it. - -2010-08-05 Werner Koch - - * configure.ac (AH_BOTTOM): Remove HTTP_USE_ESTREAM. - -2010-08-02 Werner Koch - - * configure.ac: Require libksba 1.1.0 due to the use of - ksba_reader_set_release_notify. - -2010-07-30 Werner Koch - - * configure.ac (GNUPG_PTH_PATH) [W32]: Require version 2.0.3. - -2010-07-25 Werner Koch - - * configure.ac (USE_LDAPWRAPPER): AC_DEFINE and AM_CONDITIONAL it. - -2010-06-09 Werner Koch - - * configure.ac (GNUPG_DIRMNGR_LDAP_PGM): Add option - --with-dirmngr-ldap-pgm. - - * am/cmacros.am (-DGNUPG_LOCALSTATEDIR): New. - (GNUPG_DEFAULT_DIRMNGR_LDAP): New. - -2010-06-08 Werner Koch - - * configure.ac: Add build support for dirmngr. - (try_ldap): Rename to try_ks_ldap. - (GNUPG_CHECK_LDAP): Also test if dirmngr is to be build. - - * Makefile.am (SUBDIRS): Add dirmngr. - -2010-06-07 Werner Koch - - * dirmngr/: New. - - * configure.ac: Add option --enable-gpgtar. - -2010-05-31 Werner Koch - - * configure.ac (AC_CHECK_FUNCS): Check for lstat. - -2010-04-30 Werner Koch - - * configure.ac: Add option --enable-standard-socket. - (USE_STANDARD_SOCKET): ac_define it. - -2010-04-14 Werner Koch - - * Makefile.am (keyserver) [W32CE]: Do not build for now. - - * configure.ac (use_zip): New. - (--disable-zip): New option. - (HAVE_ZIP): New. - * autogen.sh : Disable ZIP. - -2010-04-07 Werner Koch - - * autogen.sh: Take a .gnupg-autogen.rc file in account. - - * gl/mkdtemp.c (getpid) [W32CE]: New macro. - -2010-03-24 Werner Koch - - * configure.ac (AH_BOTTOM): Use /gnupg as the default homedir on - dosish systems which don't support drive letters (e.g. W32CE). - - * am/cmacros.am (extra_sys_libs): New. - -2010-03-23 Werner Koch - - * configure.ac (W32SOCKLIBS): Change value for W32CE. - -2010-03-12 Werner Koch - - * configure.ac (AC_INIT): Prepare for using git. - -2010-03-10 Werner Koch - - * jnlib/: Move all code to common/. - * Makefile.am (SUBDIRS): Remove jnlib. - * configure.ac (AC_CONFIG_FILES): Remove jnlib/Makefile. - - * configure.ac (AM_PATH_LIBASSUAN): Remove double test. - * acinclude.m4 (GNUPG_CHECK_ENDIAN): Remove bogus warning. - -2010-03-09 Werner Koch - - * configure.ac: Add option --disable-ccid-driver. - (AH_BOTTOM): Define GPG_ERR_ENABLE_GETTEXT_MACROS. - -2010-02-26 Werner Koch - - * gl/mkdtemp.c (__set_errno) [W32CE]: Use gpg_err_set_errno. - * gl/setenv.c (__set_errno) [W32CE]: Ditto. - * gl/unsetenv.c (__set_errno) [W32CE]: Ditto. - - * configure.ac (HAVE_W32CE_SYSTEM): New ac_define and - am_conditional. - (signal.h, getenv): Check for them. - - * autogen.sh: New option --build-w32ce. Remove obsolete option - --without-included-gettext. - -2009-12-08 Werner Koch - - * configure.ac (USE_DNS_CERT): Support ADNS. - -2009-12-07 Werner Koch - - * configure.ac: Check for ADNS before checking for the BIND - resolver. - (USE_ADNS): Fallback macro for PKA and CERT lookups. - -2009-10-20 Marcus Brinkmann - - * configure.ac: Check for fusermount and encfs. - -2009-10-16 Marcus Brinkmann - - * configure.ac: Check for libassuan instead of libassuan-pth. - -2009-10-12 Werner Koch - - * configure.ac: Use -O3 because newer gcc versions require that - for uninitialized variable warnings. - -2009-09-23 Werner Koch - - * configure.ac (HAVE_ASSUAN_SET_IO_MONITOR): Remove test. - (_ASSUAN_ONLY_GPG_ERRORS): Remove. - -2009-09-23 Marcus Brinkmann - - * configure.ac (NEED_LIBASSUAN_API, NEED_LIBASSUAN_VERSION): - Update to new API (2, 1.1.0). - -2009-09-21 Werner Koch - - Start a new development branch in the SVN trunk. The stable one - is now known in the SVN as branches/GNUPG-STABLE-2-0. - -2009-09-04 Werner Koch - - Release 2.0.13. - -2009-06-29 Werner Koch - - * configure.ac: Take care of --without-adns. Suggested by - Arfrever Frehtes Taifersar Arahesis. - -2009-06-17 Werner Koch - - Release 2.0.12. - -2009-06-05 David Shaw - - * configure.ac: Remove Camellia restriction. - -2009-04-01 Werner Koch - - * configure.ac: Test for fsync. - -2009-03-18 Werner Koch - - * configure.ac: Test for getrlimit. - -2009-03-03 Werner Koch - - Release 2.0.11. - -2009-01-12 Werner Koch - - Release 2.0.10. - -2008-12-09 Werner Koch - - Release 2.0.10rc1. - -2008-10-17 Werner Koch - - * configure.ac: Use more warning options with modern GCCs. - -2008-09-29 Werner Koch - - * configure.ac: Require libgcrypt 1.4. - -2008-08-27 David Shaw - - * configure.ac: Use printf for the most portable SVN version - detection. - - * configure.ac: Darwin's /bin/sh has a builtin echo that doesn't - understand '-n'. Use tr to trim the carriage return instead. - -2008-04-23 Werner Koch - - * configure.ac: Call gl_HEADER_SYS_SOCKET and gl_TYPE_SOCKLEN_T. - -2008-04-07 Werner Koch - - * configure.ac (ADNSLIBS): Test for adns. - (GPGKEYS_KDNS): New. - -2008-04-01 Werner Koch - - * configure.ac: Require curl 7.10 (Oct 1 2002) or later as we use - curl_version_info(). - (AC_INIT): Fix quoting. - -2008-03-27 Werner Koch - - * Makefile.am (dist_doc_DATA): New. Install README. - -2008-03-26 Werner Koch - - Release 2.0.9. - -2008-02-19 Werner Koch - - * configure.ac: Remove --with-pkits-tests. - -2008-02-15 Werner Koch - - * gl/allocsa.h, gl/m4/allocsa.m4: Replace HAVE_LONG_LONG by - HAVE_LONG_LONG_INT. - -2008-02-15 gettextize - - * configure.ac (AM_GNU_GETTEXT_VERSION): Bump to 0.17. - -2007-12-20 Werner Koch - - Released 2.0.8. - -2007-12-17 Werner Koch - - * configure.ac: Add treatment for HAVE_LDAP_START_TLS_SA. - -2007-12-14 Werner Koch - - Released 2.0.8rc1. - -2007-12-12 Werner Koch - - * configure.ac (USE_CAMELLIA): Define by new option --enable-camellia. - -2007-12-03 Werner Koch - - * configure.ac: Add test gt_LC_MESSAGES.. - -2007-10-01 Werner Koch - - * configure.ac: Require assuan 1.0.4. - -2007-09-14 Werner Koch - - * configure.ac (GNUPG_LIBASSUAN_VERSION): New. - -2007-09-10 Werner Koch - - Released 2.0.7. - -2007-08-27 Werner Koch - - * configure.ac: Remove remaining support for internal regex. - Define DISABLE_REGEX automake conditional. Add option - --with-regex. - * autogen.sh [--build-w32]: Remove --disable-regex. Use --with-regex. - -2007-08-16 Werner Koch - - Released 2.0.6. - -2007-08-08 Werner Koch - - * configure.ac: Use AC_CANONICAL_HOST and not AC_CANONICAL_TARGET. - -2007-07-09 Werner Koch - - * configure.ac (AM_ICONV): Check for it even when building without - NLS. - -2007-07-05 Werner Koch - - Released 2.0.5. - - * configure.ac: Require libassuan 1.0.2. - -2007-07-05 Marcus Brinkmann - - * configure.ac: Invoke AM_LANGINFO_CODESET. - -2007-07-04 Werner Koch - - * Makefile.am (AUTOMAKE_OPTIONS): Add no-dist-gzip. - - Switched entire package to GPLv3+. - - * configure.ac: Require libksba 1.0.2. - - * COPYING: Updated to GPLv3. - * COPYING.LIB: New as jnlib/ uses this license. - - * gl/: Switched to GPLv3+. - - * intl/ Removed. - * configure.ac (AM_GNU_GETTEXT): Add external flag. - (AM_ICONV): New. - -2007-07-03 Werner Koch - - * configure.ac [W32]: Use ws2_32 instead of wsock32. - -2007-06-25 Werner Koch - - * gl/mkdtemp.c (gen_tempname) [MKDIR_TAKES_ONE_ARG]: Avoid - compiler warning by using the proper config macro. - -2007-06-15 Werner Koch - - * configure.ac: Call AM_PO_SUBDIRS. - (W32SOCKLIBS): New. - - * autogen.sh: Use = and not == in test to be POSIXly correct. - : Disable use of regex. - -2007-06-14 Werner Koch - - * configure.ac [AH_BOTTOM]: Remove the hardwired names of modules. - -2007-06-12 Werner Koch - - * configure.ac [AH_BOTTOM]: Define HTTP_NO_WSASTARTUP. - -2007-06-11 Werner Koch - - * am/cmacros.am (libcommonstd, libcommonpth, libcommonstd_ldadd) - (libcommonpth_ldadd): Add macros. - -2007-06-06 Werner Koch - - * configure.ac: Add a few notices message so make browsing of the - log file easier. - (CC_FOR_BUILD): New. - -2007-05-30 Werner Koch - - * configure.ac [W32]: Do not create a symlink to w32-pth.h. - Require the installation of the w32pth package. - -2007-05-29 Werner Koch - - * gl/: Updated to a newer version. - -2007-05-24 Werner Koch - - * configure.ac: Use -Wpointer-arith is possible. - -2007-05-15 Werner Koch - - * configure.ac: Renamed the estream macros. Remove -Wformat-nonliteral. - - * configure.ac: Call ESTREAM_INIT and define the memory - allocators for estream_asprintf. - (gl_MODULES): Remove vasprintf. - -2007-05-09 Werner Koch - - Released 2.0.4. - -2007-05-07 Werner Koch - - * configure.ac: Require libgcrypt 1.2.2 to avoid compiler warnings. - -2007-05-07 gettextize - - * configure.ac (AM_GNU_GETTEXT_VERSION): Bump to 0.16.1. - -2007-05-07 Werner Koch - - * configure.ac: Bail out if no C-89 compiler has been found. - -2007-05-04 Werner Koch - - * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Add --enable-mailto - - * configure.ac: Require automake 1.10 - (AC_CONFIG_FILES): Rename gpgkeys_ to gpg2keys_. - (AM_PROG_CC_C_O): New. - -2007-03-08 Werner Koch - - Released 2.0.3. - - * autogen.sh: Add option --force. - -2007-01-31 Werner Koch - - Released 2.0.2. - -2006-11-30 Werner Koch - - * configure.ac: Save original LIBS when testing for dlopen. - -2006-11-28 Werner Koch - - Released 2.0.1. - -2006-11-23 Werner Koch - - Released 2.0.1rc1. - -2006-11-21 Werner Koch - - * configure.ac [AH_BOTTOM]: Disable PTH soft mapping. - (AC_CHECK_SIZEOF): Check for time_t. - (BUILD_INCLUDED_LIBINTL): Remove AM_PO_SUBDIRS as it is not - required for C. - -2006-11-15 Werner Koch - - * autogen.sh: Add convenience option --build-amd64. - -2006-11-14 Werner Koch - - * configure.ac (HAVE_ASSUAN_SET_IO_MONITOR): Test for it. - -2006-11-11 Werner Koch - - Released 2.0.0. - -2006-11-06 Werner Koch - - Released 1.9.95. - -2006-11-03 Werner Koch - - * configure.ac: Test for pty.h. From Gentoo. - -2006-10-24 Werner Koch - - Released 1.9.94. - -2006-10-20 Werner Koch - - * Makefile.am (stowinstall): Add convenience target. - -2006-10-18 Werner Koch - - * configure.ac: svn revison magic fixes for old bashs. Suggested - by Alain Guibert. - -2006-10-18 Werner Koch - - Released 1.9.93. - -2006-10-17 Werner Koch - - * autogen.sh <--build-w32>: Test also for a host "mingw32". - - * configure.ac: Removed W32LIBS. Use NETLIBS instead. - -2006-10-11 Werner Koch - - Released 1.9.92. - - * configure.ac: Require libassuan 0.9.3. - -2006-10-09 Werner Koch - - * acinclude.m4: Moved pth check to m4/gnupg-pth.m4. - -2006-10-06 Werner Koch - - * configure.ac: Also check for libassuan's pth version. - -2006-10-04 Werner Koch - - Released 1.9.91. - - * configure.ac: Require libassuan 0.9.1 which fixes a problem with - gpgsm. - -2006-09-27 Werner Koch - - * gl/strsep.h, gl/strsep.c, gl/m4/strsep.m4: Removed. - * gl/strpbrk.h, gl/strpbrk.c, gl/m4/strpbrk.m4: Removed. - * gl/Makefile.am: Removed module strsep and strpbrk. - * configure.ac: Check for strsep in the context of jnlib. Remove - check from gl_MODULES. Moved check for timegm into the jnlib context. - -2006-09-27 Marcus Brinkmann - - * Makefile.am: Fix cut & paste error. - -2006-09-25 Werner Koch - - Released 1.9.90. - -2006-09-22 Werner Koch - - * AUTHORS: Add information about used licenses. - -2006-09-20 Werner Koch - - * Makefile.am (dist-hook): Removed distfiles cruft. - (SUBDIRS): Added include - -2006-09-18 Werner Koch - - Released 1.9.23. - - * configure.ac (--enable-agent-only): Donot build tools and doc - (--disable-tools,--disable-doc): New. - * Makefile.am (SUBDIRS): Allow to conditional build tools and doc. - -2006-09-14 Werner Koch - - Replaced all call gpg_error_from_errno(errno) by - gpg_error_from_syserror(). - - * configure.ac: Build gpg by default. - (GNUPG_SYS_SO_PEERCRED): Removed. - -2006-09-13 Werner Koch - - * autogen.sh: Better detection of the cross compiler kit. - -2006-09-06 Marcus Brinkmann - - * configure.ac: New automake conditional RUN_GPG_TESTS. - -2006-09-06 Werner Koch - - * configure.ac: Define _ASSUAN_ONLY_GPG_ERRORS. Require Assuan - 0.9 and libgpg-error 1.4. - -2006-08-31 Werner Koch - - * configure.ac: Require libksba 1.0 and added API check for it. - (GPG_ERR_LOCKED): Removed DECL check as we require 1.2 anyway. - (have_libusb): New to give a feedback about CCID support - -2006-08-21 Werner Koch - - * configure.ac: Removed docbook tests. - (AC_CONFIG_FILES): Added gpgkeys_test and gpgkeys_mailto. - - * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Enable gpg. - -2006-08-17 Werner Koch - - * THANKS: Merged with the 1.4 one. - -2006-08-16 Werner Koch - - * configure.ac: Removed test for capabilities and mlock. - -2006-08-15 Werner Koch - - * Makefile.am (keyserver): Enable building of keyserver helpers. - - * configure.ac: Merged with the current configure from 1.4.5. - Require libgpg-error 1.2 and libksba 0.9.16. - -2006-07-29 Marcus Brinkmann - - * README: Spelling fixes. - -2006-07-27 Werner Koch - - Released 1.9.22. - - * configure.ac: Call AB_INIT. - -2006-07-03 Werner Koch - - * configure.ac: Test for ksba_dn_teststr. - -2006-06-30 Werner Koch - - * keyserver/: New. Taken from 1.4.4 - * Makefile.am (SUBDIRS): Include keyserver/. - * configure.ac: Include keyserver/. - (FAKE_CURL, GPGKEYS_CURL): New. - -2006-06-20 Werner Koch - - Released 1.9.21. - -2006-06-08 Marcus Brinkmann - - * configure.ac (PTH_LIBS): Add --all to pth-config invocation. - -2006-05-24 Werner Koch - - * configure.ac: New option --disable-optimization taked from 1.4.3. - -2006-05-23 Werner Koch - - * configure.ac (ZLIBS): New for zlib link commands. Add bzip2 - support. - -2006-05-22 Werner Koch - - * configure.ac (EXEEXT): New. - -2006-04-18 Werner Koch - - * configure.ac (PK_UID_CACHE_SIZE): New. - -2006-04-07 Werner Koch - - * configure.ac: Use new method to include the SVN revison. Now it - is the actual global revision number. - -2005-12-20 Werner Koch - - Released 1.9.20. - -2005-11-28 Werner Koch - - * configure.ac: Append the revision to the version string. - -2005-11-13 Werner Koch - - * am/cmacros.am (-DGNUPG_SYSCONFDIR): Define it. - -2005-11-11 Werner Koch - - * configure.ac (NEED_KSBA_VERSION: Require 0.9.13. - -2005-09-12 Werner Koch - - Released 1.9.19. - -2005-08-01 Werner Koch - - Released 1.9.18. - - * configure.ac: Require libksba 0.9.12 to match new features in gpgsm. - -2005-06-20 Werner Koch - - Released 1.9.17. - -2005-06-02 Werner Koch - - * configure.ac (HAVE_PTH): Define as alias for USE_GNU_PTH. It is - used by common/estream.c. - -2005-06-01 Werner Koch - - * configure.ac (gl_INIT): Add gnulib stuff. - (fseeko, ftello, ttyname, isascii): Replaced the AC_REPLACE_FUNCS - by a simple check. - (putc_unlocked): Removed check. Not used. - (strsep, mkdtemp, asprintf): Replaced checks by gnulib checks. - (xsize): Added will probably come handy soon. - (CFLAGS): Use -Wformat-security instead of - -Wformat-nonliteral. Add --Wno-format-y2k. - * gl/, gl/m4/: New. - -2005-05-15 Werner Koch - - * configure.ac: Remove option --disable-threads; require the use - of GNU Pth. - -2005-04-27 Werner Koch - - * configure.ac: Removed OpenSC detection and options. - * acinclude.m4: Ditto. - -2005-04-21 Werner Koch - - Released 1.9.16. - - * configure.ac: Do not build gpg by default. - -2005-04-20 Werner Koch - - * configure.ac: Test whether GPG_ERR_LOCKED is declared and - provide a replacement if not. - -2005-04-15 Werner Koch - - * configure.ac: Require libksba 0.9.11. - -2005-04-15 Marcus Brinkmann - - * configure.ac: Check for /usr/bin/shred and define SHRED. - - * configure.ac: Add --enable-symcryptrun, disabled by default. - Define automake variable BUILD_SYMCRYPTRUN. - Check for openpty -lutil, define LIBUTIL_LIBS. - -2005-03-03 Werner Koch - - * acinclude.m4 (GNUPG_PTH_VERSION_CHECK): Accidently used - --ldflags instead of --cflags. Reported by Kazu Yamamoto. - -2005-02-03 Werner Koch - - * AUTHORS: Copied from 1.4 and edited to refelct the changes in - 1.9. - -2005-01-17 Werner Koch - - * configure.ac: Make --without-included-regex work as expected. - Fixed FTP location info for some libraries. - -2005-01-13 Werner Koch - - Released 1.9.15. - - * acinclude.m4 (GNUPG_PTH_VERSION_CHECK): Link a simple test - program to see whether the installation is sane. - -2005-01-07 Werner Koch - - * configure.ac: Require gpg-error 1.0. - -2005-01-04 Werner Koch - - * configure.ac: Remove hack not to build gpg2 for W32. - * autogen.sh : Pass option --disable-gpg instead. - -2004-12-22 Werner Koch - - Released 1.9.14. - -2004-12-20 Werner Koch - - * configure.ac: Add PATHSEP_C and PATHSEP_S. For W32 let all - directories default to c:/gnupg. Require libassuan 0.6.9. - -2004-12-18 Werner Koch - - * configure.ac (AH_BOTTOM): Define EXEEXT_S. - - * autogen.sh: Updated --build-w32 feature. - -2004-12-15 Werner Koch - - * Makefile.am (SUBDIRS) [W32]: Do not build in tests/. - - * acinclude.m4: Add proper macro name quoting for use with - automake 1.9. - - * configure.ac: Add replacement check for ttyname. - Removed support for a included zlib. - -2004-12-06 Werner Koch - - * configure.ac (have_w32_system): New. Disable Pth checks for W32. - Link jnlib/w32-pth.h to pth.h. - -2004-12-03 Werner Koch - - Released 1.9.13. - -2004-11-26 Werner Koch - - * configure.ac: Replace strsep. Replaced use of "target" by - "host". - -2004-10-22 Werner Koch - - Released 1.9.12. - - * Makefile.am (AUTOMAKE_OPTIONS): Set option to create bzip2 tarball. - -2004-10-01 Werner Koch - - Released 1.9.11. - -2004-09-30 Werner Koch - - * README: Minor updates. - -2004-09-30 gettextize - - * configure.ac (AM_GNU_GETTEXT_VERSION): Bump to 0.14.1. - -2004-08-16 Werner Koch - - * configure.ac: Build Makefile for tests/pkits. New option - --with-pkits-tests. - -2004-08-05 Werner Koch - - * configure.ac: Changed tests for libusb to also suuport the - stable version 0.1.x. - -2004-07-22 Werner Koch - - Released 1.9.10. - - * configure.ac: Define AM conditional HAVE_OPENSC. - -2004-07-21 Werner Koch - - * configure.ac: Don't set DIE to no after it might has been set to - yes. - -2004-07-20 Werner Koch - - * Makefile.am (sm): Build kbx only if gpgsm is to be build. - -2004-07-20 Werner Koch - - * configure.ac: New option --enable-agent-only. - -2004-06-08 Werner Koch - - Released 1.9.9. - -2004-06-06 Werner Koch - - * configure.ac: Require libksba 0.9.7. - -2004-04-29 Werner Koch - - Released 1.9.8. - -2004-04-20 Werner Koch - - * configure.ac: Remove the fopencookie test. We don't need the - dummy function because we conditionally use fopencookie, - fpencookie or a replacement at place. - -2004-04-02 Thomas Schwinge - - * autogen.sh: Added ACLOCAL_FLAGS. - -2004-04-06 Werner Koch - - Released 1.9.7. - - * configure.ac: Require libgcrypt 1.1.94. - Introduce PACKAGE_GT and set it to gnupg2. - -2004-03-23 Werner Koch - - * configure.ac: Define SAFE_VERSION_DASH and SAFE_VERSION_DOT. - -2004-03-09 Werner Koch - - * configure.ac (NEED_GPG_ERROR_VERSION): Set to 0.7. - -2004-03-06 Werner Koch - - Released 1.9.6. - - * configure.ac: Check the Libgcrypt API. - -2004-02-25 Werner Koch - - * configure.ac: New option --disable-threads to inhibit - unintentional builds without Pth. - -2004-02-21 Werner Koch - - Released 1.9.5. - -2004-02-20 Werner Koch - - * configure.ac: Fixed URLs in the notice messages. - -2004-02-18 Werner Koch - - * acinclude.m4: Removed macros to detect gpg-error, libgcrypt, - libassuan and ksba as they are now distributed in m4/. - -2004-02-13 Werner Koch - - * configure.ac: Require libksba 0.9.4 and libgcrypt 1.1.92. - -2004-02-12 Werner Koch - - * autogen.sh: Removed cruft from debugging. - - * am/cmacros.am: New. - -2004-02-11 Werner Koch - - * configure.ac: Removed the need for g10defs.h. Reworked the - --with-foo-pgm stuff. - - * autogen.sh (check_version): Removed bashism and simplified. - * acinclude.m4 (AM_PATH_OPENSC): Kludge to avoid error output for - a bad opensc-config. - -2004-01-30 Werner Koch - - Released 1.9.4. - - * configure.ac: Require libksba 0.9.3 due to another bug fix there. - -2004-01-29 Werner Koch - - * README: Updated. - - * configure.ac: Require libksba 0.9.2 due to bug fixes. - -2004-01-24 Werner Koch - - * configure.ac: Now requires libassuan 0.6.3. - -2003-12-23 Werner Koch - - Released 1.9.3. - - * README-alpha: Removed. - * configure.ac, Makefile.am: Add the tests and tools directories. - -2003-12-19 Werner Koch - - * configure.ac: Now require libgcrypt 1.1.91 to help testing the - latest libgcrypt changes. Requires libksab 0.9.1. - -2003-12-17 Werner Koch - - * configure.ac: Requires now libassuan 0.6.2. - (CFLAGS): Add --Wformat-noliteral in gcc mode. - -2003-12-16 Werner Koch - - * configure.ac: Check for funopen and fopencookie as part of the - jnlib checks. - -2003-12-09 Werner Koch - - * configure.ac: Add a min_automake_version. - * README.CVS: New. - * autogen.sh: Revamped except for the --build-w32 hack. - * Makefile.am: Add README.CVS - -2003-11-17 Werner Koch - - Release 1.9.2. - - * configure.ac: Requires now libassuan 0.6.1. - -2003-10-31 Werner Koch - - * configure.ac (NEED_KSBA_VERSION): Set to 0.9.0 due the changed - time interface. - -2003-10-21 Werner Koch - - * configure.ac (PRINTABLE_OS_NAME): Remove special case for The - Hurd; Robert Millan reported that the uname test is now - sufficient. - -2003-10-01 Werner Koch - - * configure.ac (AH_BOTTOM): Define GNUPG_MAJOR_VERSION. - -2003-09-23 Werner Koch - - Merged most of David Shaw's changes in 1.3 since 2003-06-03. - - * configure.ac: Drop all TIGER/192 support. - (uint64_t): Check for UINT64_C to go along with uint64_t. - (getaddrinfo): Check for it. - (sigset_t): Check for sigset_t and struct sigaction. This is for - Forte c89 on Solaris which seems to define only the function call - half of the two pairs by default. - (W32LIBS): Include wsock32 in W32LIBS. This is different from - NETLIBS so we don't need to force other platforms to pull in the - netlibs when they aren't actually needed. - -2003-09-06 Werner Koch - - Released 1.9.1. - - * configure.ac: Require newer versions of some libraries. - -2003-09-02 Werner Koch - - * configure.ac (HAVE_LIBUSB): Added a simple test for libusb. - -2003-08-19 Marcus Brinkmann - - * configure.ac (AM_PATH_GPG_ERROR): Add missing comma in - invocation. - -2003-08-06 Werner Koch - - * configure.ac: Check for libgpg-error. Print infos about missing - libraries more nicely. - * acinclude.m4 (AM_PATH_GPG_ERROR): Added. - -2003-08-05 Werner Koch - - Released 1.9.0. - - * configure.ac (GNUPG_DEFAULT_HONMEDIR): Changed back to ~/.gnupg. - -2003-07-31 Werner Koch - - * Makefile.am (DISTCLEANFILES): Add g10defs.h - -2003-06-18 Werner Koch - - * configure.ac (GNUPG_DEFAULT_HOMEDIR): Changed temporary to - .gnupg2 to avoid accidential use with production keys. - -2003-06-11 Werner Koch - - * configure.ac: Merged all stuff from current 1.3 version in. - * acinclude.m4: Merged required macros from current 1.2 version in. - -2003-06-04 Werner Koch - - * configure.ac, Makefile.am: Enable building of gpg. - -2003-04-29 Werner Koch - - * configure.ac: Build a limited version of scdaemon if libopensc - is not available. - - * configure.ac (ALL_LINUGAS): Removed. - - * Makefile.am (ACLOCAL_AMFLAGS): New. - * configure.ac (AM_GNU_GETTEXT_VERSION): New. Set to 0.11.5. - -2003-04-29 gettextize - - * Makefile.am (SUBDIRS): Add m4. - (ACLOCAL_AMFLAGS): New variable. - (EXTRA_DIST): Add scripts/config.rpath. - * configure.ac (AC_CONFIG_FILES): Add m4/Makefile. - -2003-04-29 Werner Koch - - * assuan/ : Removed. We now use libassuan. - * Makefile.am (SUBDIRS): Removed assuan - - * configure.ac: Check for libassuan. - -2003-01-09 Werner Koch - - * configure.ac (GNUPG_PROTECT_TOOL): New option --with-protect-tool. - (NEED_KSBA_VERSION): Does now require 0.4.6. - - * README: Noted where to find gpg-protect-tool. - -2002-10-31 Neal H. Walfield - - * configure.ac: Check for flockfile and funlockfile. Check for - isascii and putc_unlocked replacing them if not found. - - * configure.ac (PTH_LIBS): If pth is found, add the output of - `$PTH_CONFIG --ldflags`, not just `$PTH_CONFIG --libs`. - -2002-10-19 Werner Koch - - * configure.ac: Bumped version number to 1.9.0-cvs. - - NewPG (Aegypten project) to GnuPG merge. - -2002-09-20 Werner Koch - - Released 0.9.2. - -2002-09-05 Neal H. Walfield - - * configure.ac: Check for makeinfo. - -2002-09-03 Neal H. Walfield - - * autogen.sh (have_version): New function. Generalize and - simplify logic for finding and determining the versions of GNU - programs. Use it. - -2002-08-23 Werner Koch - - Released 0.9.1. - - * acinclude.m4 (AM_PATH_LIBGCRYPT): Updated from Libgcrypt. - (AM_PATH_OPENSC): Strip non-digits from the micro version. - -2002-08-21 Werner Koch - - Released 0.9.0. - - * configure.ac: Changed the default homedir to .gnupg. - * README-alpha: Removed. - -2002-08-19 Werner Koch - - * acinclude.m4: Removed -lpcsclite from KSBA_LIBS; copy+paste bug. - -2002-08-13 Werner Koch - - * acinclude.m4 (AM_PATH_OPENSC, AM_PATH_KSBA): New. - * configure.ac: Use them. - -2002-08-10 Werner Koch - - Released 0.3.10. - - * configure.ac (NEED_LIBKSBA_VERSION): Require 0.4.4. Add support - for gettext. - -2002-07-22 Werner Koch - - * configure.ac: Check for ftello and provide a replacement. - -2002-07-01 Werner Koch - - Released 0.3.9. - - * README: Short note on how to export in pkcs-12 format. - -2002-06-29 Werner Koch - - * configure.ac: Define --with options to set the default location - of the agent, scdaemon, pinentry and dirmngr. - -2002-06-27 Werner Koch - - * README: Short blurb on how to import a PKCS-12 file. - - * configure.ac (AH_BOTTOM): New to define some constants. - -2002-06-25 Werner Koch - - Released 0.3.8. - - * configure.ac (NEED_LIBGCRYPT_VERSION): Set to 1.1.8. - -2002-06-12 Werner Koch - - * configure.ac (NEED_LIBKSBA_VERSION): We need 0.4.3 now. - -2002-06-04 Werner Koch - - Released 0.3.7. - -2002-05-21 Werner Koch - - * configure.ac: We now require libgcrypt 1.1.7 and libksba 0.4.2. - -2002-05-14 Werner Koch - - * doc/: New - * configure.ac, Makefile.am: Added doc/. - -2002-05-03 Werner Koch - - Released 0.3.6. - -2002-04-25 Werner Koch - - * configure.ac: Check for setlocale. - -2002-04-24 Marcus Brinkmann - - * configure.ac: Check for locale.h. - -2002-04-15 Werner Koch - - Released 0.3.5. - - * NEWS: Started to describe release notes. - - * configure.ac (NEED_LIBKSBA_VERSION, NEED_LIBGCRYPT_VERSION): Defined - -2002-04-01 Werner Koch - - Released 0.3.4. - -2002-03-18 Werner Koch - - Released 0.3.3. - -2002-03-08 Werner Koch - - * README: Add some explanation on how to specify a user ID. - -2002-03-06 Werner Koch - - Released 0.3.2. - -2002-03-04 Werner Koch - - Released 0.3.1. - - * README: Explained some options and files. - -2002-02-14 Werner Koch - - * configure.ac: Fixed status messages related to presence of Pth. - -2002-02-13 Werner Koch - - * acinclude.m4 (GNUPG_SYS_SO_PEERCRED): New. - * configure.ac: use it. - -2002-02-12 Werner Koch - - * configure.ac: Check for PTH. Provide replacement fucntions for - apsrintf and fopencookie. - - * acinclude.m4 (GNUPG_PTH_VERSION_CHECK): New. - -2002-02-07 Werner Koch - - Released 0.3.0. - - * configure.ac: Require libgcrypt 1.1.6. - -2002-02-01 Marcus Brinkmann - - * configure.ac (KSBA_CONFIG): Remove superfluous x in front of - variable. - -2002-01-26 Werner Koch - - * configure.ac: Add options to disable the build of some programs - and print a configure status at the end. - * acinclude.m4 (GNUPG_BUILD_PROGRAM): New. - - * scd/ : New. Added to Makefile and configure. - * configure.ac: Check for libopensc - * Makefile.am: Build scd only when libopensc is available - -2002-01-23 Werner Koch - - * configure.ac (mkdtemp): See whether we have to provide a - replacement. - -2001-12-18 Werner Koch - - Released 0.0.0. - -2001-12-17 Werner Koch - - * acinclude.m4: Add AM_PATH_LIBGCRYPT macro. - * configure.ac: and use it here. Figure out the location of libksba - -2001-12-15 Werner Koch - - * configure.ac (missing_dir): Bail out if asprintf and fopencookie - are not available. - -2001-12-04 Werner Koch - - * configure.ac (HAVE_JNLIB_LOGGING): always define it. - - - Copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007. - 2010 Free Software Foundation, Inc. - - This file is free software; as a special exception the author gives - unlimited permission to copy and/or distribute it, with or without - modifications, as long as this notice is preserved. - - This file is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY, to the extent permitted by law; without even the - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +Local Variables: +buffer-read-only: t +mode: text +End: diff --git a/ChangeLog-2011 b/ChangeLog-2011 new file mode 100644 index 000000000..cfba8f473 --- /dev/null +++ b/ChangeLog-2011 @@ -0,0 +1,1394 @@ +2011-12-01 Werner Koch + + NB: ChangeLog files are no longer manually maintained. Starting + on December 1st, 2011 we put change information only in the GIT + commit log, and generate a top-level ChangeLog file from logs at + "make dist". See doc/HACKING for details. + +2011-11-29 Werner Koch + + * autogen.sh: Make sure HOME et al have no unsafe characters. + +2011-11-28 Jim Meyering + + accept --with-libgpg-error-prefix as well as --with-gpg-error-prefix + * m4/gpg-error.m4: Update from git master. + +2011-09-23 Werner Koch + + * configure.ac: Remove check for gcry_kdf_derive. + +2011-08-10 Werner Koch + + * configure.ac: Fix new autoconf warnings. + +2011-05-20 Werner Koch + + * configure.ac: Require libgpg-error 1.10. + +2011-03-08 Werner Koch + + Release 2.1.0beta2. + + * configure.ac: Require libgcrypt 1.5.0. + (HAVE_GCRY_PK_ECDH, HAVE_GCRY_PK_GET_CURVE): Remove. + (utmp.h): Check for header. + +2011-02-25 Werner Koch + + * configure.ac: Require libksba 1.2. + +2011-02-04 Werner Koch + + * autogen.sh: Ensure that the git pre-commit hoom has been + enabled. Add a cleanpo filter if not yet set. + +2011-02-03 Werner Koch + + * configure.ac (HAVE_GCRY_PK_GET_CURVE): Use AC_TRY_LINK. + +2011-02-01 Werner Koch + + * configure.ac (HAVE_GCRY_PK_GET_CURVE): Define if availabale. + +2011-01-20 Werner Koch + + * configure.ac (AC_CONFIG_FILES): Remove keyserver/. + +2011-01-19 Werner Koch + + * configure.ac: Add new option --enable-gpg2-is-gpg. + (NAME_OF_INSTALLED_GPG): New ac_define. + * autogen.sh [--build-w32ce]: Use --enable-gpg2-is-gpg. + +2011-01-21 Werner Koch + + * configure.ac: Need Libgcrypt 1.4.6 due to AESWRAP. + (HAVE_GCRY_PK_ECDH): Add new test. + +2011-01-03 Werner Koch + + * README.SVN: Rename to README.GIT. + * Makefile.am (EXTRA_DIST): Adjust for that change. + +2010-12-14 Werner Koch + + * configure.ac (BUILD_WITH_GPG, BUILD_WITH_GPGSM) + (BUILD_WITH_AGENT, BUILD_WITH_SCDAEMON, BUILD_WITH_DIRMNGR) + (BUILD_WITH_G13): New defines. + +2010-11-23 Werner Koch + + * am/cmacros.am (extra_bin_ldflags): New. For W32CE set the stack + size to 256k. + +2010-11-17 Werner Koch + + * configure.ac (ENABLE_CARD_SUPPORT): Define. + +2010-10-27 Werner Koch + + * acinclude.m4 (GNUPG_TIME_T_UNSIGNED): New. + * configure.ac (AC_HEADER_TIME): Include before checking time_t. + (GNUPG_TIME_T_UNSIGNED): Add. + +2010-10-26 Werner Koch + + Release 2.1.0beta1. + +2010-10-18 Werner Koch + + * Makefile.am (install-data-hook): Add W32 specific hook. + +2010-10-08 Werner Koch + + * configure.ac: Add option --enable-dirmngr-auto-start. + (USE_DIRMNGR_AUTO_START): New ac_define. + * autogen.sh <--build-w32ce>: Use new option. + +2010-10-06 Werner Koch + + * configure.ac: Make --enable-standard-socket the default. + +2010-10-04 Werner Koch + + * configure.ac (GNUPG_CHECK_FAQPROG): Remove. + +2010-08-19 Werner Koch + + * configure.ac (AH_BOTTOM): Define GPG_ERR_ENABLE_ERRNO_MACROS. + +2010-08-09 Werner Koch + + * configure.ac (inet_pton): Check for it. + +2010-08-05 Werner Koch + + * configure.ac (AH_BOTTOM): Remove HTTP_USE_ESTREAM. + +2010-08-02 Werner Koch + + * configure.ac: Require libksba 1.1.0 due to the use of + ksba_reader_set_release_notify. + +2010-07-30 Werner Koch + + * configure.ac (GNUPG_PTH_PATH) [W32]: Require version 2.0.3. + +2010-07-25 Werner Koch + + * configure.ac (USE_LDAPWRAPPER): AC_DEFINE and AM_CONDITIONAL it. + +2010-06-09 Werner Koch + + * configure.ac (GNUPG_DIRMNGR_LDAP_PGM): Add option + --with-dirmngr-ldap-pgm. + + * am/cmacros.am (-DGNUPG_LOCALSTATEDIR): New. + (GNUPG_DEFAULT_DIRMNGR_LDAP): New. + +2010-06-08 Werner Koch + + * configure.ac: Add build support for dirmngr. + (try_ldap): Rename to try_ks_ldap. + (GNUPG_CHECK_LDAP): Also test if dirmngr is to be build. + + * Makefile.am (SUBDIRS): Add dirmngr. + +2010-06-07 Werner Koch + + * dirmngr/: New. + + * configure.ac: Add option --enable-gpgtar. + +2010-05-31 Werner Koch + + * configure.ac (AC_CHECK_FUNCS): Check for lstat. + +2010-04-30 Werner Koch + + * configure.ac: Add option --enable-standard-socket. + (USE_STANDARD_SOCKET): ac_define it. + +2010-04-14 Werner Koch + + * Makefile.am (keyserver) [W32CE]: Do not build for now. + + * configure.ac (use_zip): New. + (--disable-zip): New option. + (HAVE_ZIP): New. + * autogen.sh : Disable ZIP. + +2010-04-07 Werner Koch + + * autogen.sh: Take a .gnupg-autogen.rc file in account. + + * gl/mkdtemp.c (getpid) [W32CE]: New macro. + +2010-03-24 Werner Koch + + * configure.ac (AH_BOTTOM): Use /gnupg as the default homedir on + dosish systems which don't support drive letters (e.g. W32CE). + + * am/cmacros.am (extra_sys_libs): New. + +2010-03-23 Werner Koch + + * configure.ac (W32SOCKLIBS): Change value for W32CE. + +2010-03-12 Werner Koch + + * configure.ac (AC_INIT): Prepare for using git. + +2010-03-10 Werner Koch + + * jnlib/: Move all code to common/. + * Makefile.am (SUBDIRS): Remove jnlib. + * configure.ac (AC_CONFIG_FILES): Remove jnlib/Makefile. + + * configure.ac (AM_PATH_LIBASSUAN): Remove double test. + * acinclude.m4 (GNUPG_CHECK_ENDIAN): Remove bogus warning. + +2010-03-09 Werner Koch + + * configure.ac: Add option --disable-ccid-driver. + (AH_BOTTOM): Define GPG_ERR_ENABLE_GETTEXT_MACROS. + +2010-02-26 Werner Koch + + * gl/mkdtemp.c (__set_errno) [W32CE]: Use gpg_err_set_errno. + * gl/setenv.c (__set_errno) [W32CE]: Ditto. + * gl/unsetenv.c (__set_errno) [W32CE]: Ditto. + + * configure.ac (HAVE_W32CE_SYSTEM): New ac_define and + am_conditional. + (signal.h, getenv): Check for them. + + * autogen.sh: New option --build-w32ce. Remove obsolete option + --without-included-gettext. + +2009-12-08 Werner Koch + + * configure.ac (USE_DNS_CERT): Support ADNS. + +2009-12-07 Werner Koch + + * configure.ac: Check for ADNS before checking for the BIND + resolver. + (USE_ADNS): Fallback macro for PKA and CERT lookups. + +2009-10-20 Marcus Brinkmann + + * configure.ac: Check for fusermount and encfs. + +2009-10-16 Marcus Brinkmann + + * configure.ac: Check for libassuan instead of libassuan-pth. + +2009-10-12 Werner Koch + + * configure.ac: Use -O3 because newer gcc versions require that + for uninitialized variable warnings. + +2009-09-23 Werner Koch + + * configure.ac (HAVE_ASSUAN_SET_IO_MONITOR): Remove test. + (_ASSUAN_ONLY_GPG_ERRORS): Remove. + +2009-09-23 Marcus Brinkmann + + * configure.ac (NEED_LIBASSUAN_API, NEED_LIBASSUAN_VERSION): + Update to new API (2, 1.1.0). + +2009-09-21 Werner Koch + + Start a new development branch in the SVN trunk. The stable one + is now known in the SVN as branches/GNUPG-STABLE-2-0. + +2009-09-04 Werner Koch + + Release 2.0.13. + +2009-06-29 Werner Koch + + * configure.ac: Take care of --without-adns. Suggested by + Arfrever Frehtes Taifersar Arahesis. + +2009-06-17 Werner Koch + + Release 2.0.12. + +2009-06-05 David Shaw + + * configure.ac: Remove Camellia restriction. + +2009-04-01 Werner Koch + + * configure.ac: Test for fsync. + +2009-03-18 Werner Koch + + * configure.ac: Test for getrlimit. + +2009-03-03 Werner Koch + + Release 2.0.11. + +2009-01-12 Werner Koch + + Release 2.0.10. + +2008-12-09 Werner Koch + + Release 2.0.10rc1. + +2008-10-17 Werner Koch + + * configure.ac: Use more warning options with modern GCCs. + +2008-09-29 Werner Koch + + * configure.ac: Require libgcrypt 1.4. + +2008-08-27 David Shaw + + * configure.ac: Use printf for the most portable SVN version + detection. + + * configure.ac: Darwin's /bin/sh has a builtin echo that doesn't + understand '-n'. Use tr to trim the carriage return instead. + +2008-04-23 Werner Koch + + * configure.ac: Call gl_HEADER_SYS_SOCKET and gl_TYPE_SOCKLEN_T. + +2008-04-07 Werner Koch + + * configure.ac (ADNSLIBS): Test for adns. + (GPGKEYS_KDNS): New. + +2008-04-01 Werner Koch + + * configure.ac: Require curl 7.10 (Oct 1 2002) or later as we use + curl_version_info(). + (AC_INIT): Fix quoting. + +2008-03-27 Werner Koch + + * Makefile.am (dist_doc_DATA): New. Install README. + +2008-03-26 Werner Koch + + Release 2.0.9. + +2008-02-19 Werner Koch + + * configure.ac: Remove --with-pkits-tests. + +2008-02-15 Werner Koch + + * gl/allocsa.h, gl/m4/allocsa.m4: Replace HAVE_LONG_LONG by + HAVE_LONG_LONG_INT. + +2008-02-15 gettextize + + * configure.ac (AM_GNU_GETTEXT_VERSION): Bump to 0.17. + +2007-12-20 Werner Koch + + Released 2.0.8. + +2007-12-17 Werner Koch + + * configure.ac: Add treatment for HAVE_LDAP_START_TLS_SA. + +2007-12-14 Werner Koch + + Released 2.0.8rc1. + +2007-12-12 Werner Koch + + * configure.ac (USE_CAMELLIA): Define by new option --enable-camellia. + +2007-12-03 Werner Koch + + * configure.ac: Add test gt_LC_MESSAGES.. + +2007-10-01 Werner Koch + + * configure.ac: Require assuan 1.0.4. + +2007-09-14 Werner Koch + + * configure.ac (GNUPG_LIBASSUAN_VERSION): New. + +2007-09-10 Werner Koch + + Released 2.0.7. + +2007-08-27 Werner Koch + + * configure.ac: Remove remaining support for internal regex. + Define DISABLE_REGEX automake conditional. Add option + --with-regex. + * autogen.sh [--build-w32]: Remove --disable-regex. Use --with-regex. + +2007-08-16 Werner Koch + + Released 2.0.6. + +2007-08-08 Werner Koch + + * configure.ac: Use AC_CANONICAL_HOST and not AC_CANONICAL_TARGET. + +2007-07-09 Werner Koch + + * configure.ac (AM_ICONV): Check for it even when building without + NLS. + +2007-07-05 Werner Koch + + Released 2.0.5. + + * configure.ac: Require libassuan 1.0.2. + +2007-07-05 Marcus Brinkmann + + * configure.ac: Invoke AM_LANGINFO_CODESET. + +2007-07-04 Werner Koch + + * Makefile.am (AUTOMAKE_OPTIONS): Add no-dist-gzip. + + Switched entire package to GPLv3+. + + * configure.ac: Require libksba 1.0.2. + + * COPYING: Updated to GPLv3. + * COPYING.LIB: New as jnlib/ uses this license. + + * gl/: Switched to GPLv3+. + + * intl/ Removed. + * configure.ac (AM_GNU_GETTEXT): Add external flag. + (AM_ICONV): New. + +2007-07-03 Werner Koch + + * configure.ac [W32]: Use ws2_32 instead of wsock32. + +2007-06-25 Werner Koch + + * gl/mkdtemp.c (gen_tempname) [MKDIR_TAKES_ONE_ARG]: Avoid + compiler warning by using the proper config macro. + +2007-06-15 Werner Koch + + * configure.ac: Call AM_PO_SUBDIRS. + (W32SOCKLIBS): New. + + * autogen.sh: Use = and not == in test to be POSIXly correct. + : Disable use of regex. + +2007-06-14 Werner Koch + + * configure.ac [AH_BOTTOM]: Remove the hardwired names of modules. + +2007-06-12 Werner Koch + + * configure.ac [AH_BOTTOM]: Define HTTP_NO_WSASTARTUP. + +2007-06-11 Werner Koch + + * am/cmacros.am (libcommonstd, libcommonpth, libcommonstd_ldadd) + (libcommonpth_ldadd): Add macros. + +2007-06-06 Werner Koch + + * configure.ac: Add a few notices message so make browsing of the + log file easier. + (CC_FOR_BUILD): New. + +2007-05-30 Werner Koch + + * configure.ac [W32]: Do not create a symlink to w32-pth.h. + Require the installation of the w32pth package. + +2007-05-29 Werner Koch + + * gl/: Updated to a newer version. + +2007-05-24 Werner Koch + + * configure.ac: Use -Wpointer-arith is possible. + +2007-05-15 Werner Koch + + * configure.ac: Renamed the estream macros. Remove -Wformat-nonliteral. + + * configure.ac: Call ESTREAM_INIT and define the memory + allocators for estream_asprintf. + (gl_MODULES): Remove vasprintf. + +2007-05-09 Werner Koch + + Released 2.0.4. + +2007-05-07 Werner Koch + + * configure.ac: Require libgcrypt 1.2.2 to avoid compiler warnings. + +2007-05-07 gettextize + + * configure.ac (AM_GNU_GETTEXT_VERSION): Bump to 0.16.1. + +2007-05-07 Werner Koch + + * configure.ac: Bail out if no C-89 compiler has been found. + +2007-05-04 Werner Koch + + * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Add --enable-mailto + + * configure.ac: Require automake 1.10 + (AC_CONFIG_FILES): Rename gpgkeys_ to gpg2keys_. + (AM_PROG_CC_C_O): New. + +2007-03-08 Werner Koch + + Released 2.0.3. + + * autogen.sh: Add option --force. + +2007-01-31 Werner Koch + + Released 2.0.2. + +2006-11-30 Werner Koch + + * configure.ac: Save original LIBS when testing for dlopen. + +2006-11-28 Werner Koch + + Released 2.0.1. + +2006-11-23 Werner Koch + + Released 2.0.1rc1. + +2006-11-21 Werner Koch + + * configure.ac [AH_BOTTOM]: Disable PTH soft mapping. + (AC_CHECK_SIZEOF): Check for time_t. + (BUILD_INCLUDED_LIBINTL): Remove AM_PO_SUBDIRS as it is not + required for C. + +2006-11-15 Werner Koch + + * autogen.sh: Add convenience option --build-amd64. + +2006-11-14 Werner Koch + + * configure.ac (HAVE_ASSUAN_SET_IO_MONITOR): Test for it. + +2006-11-11 Werner Koch + + Released 2.0.0. + +2006-11-06 Werner Koch + + Released 1.9.95. + +2006-11-03 Werner Koch + + * configure.ac: Test for pty.h. From Gentoo. + +2006-10-24 Werner Koch + + Released 1.9.94. + +2006-10-20 Werner Koch + + * Makefile.am (stowinstall): Add convenience target. + +2006-10-18 Werner Koch + + * configure.ac: svn revison magic fixes for old bashs. Suggested + by Alain Guibert. + +2006-10-18 Werner Koch + + Released 1.9.93. + +2006-10-17 Werner Koch + + * autogen.sh <--build-w32>: Test also for a host "mingw32". + + * configure.ac: Removed W32LIBS. Use NETLIBS instead. + +2006-10-11 Werner Koch + + Released 1.9.92. + + * configure.ac: Require libassuan 0.9.3. + +2006-10-09 Werner Koch + + * acinclude.m4: Moved pth check to m4/gnupg-pth.m4. + +2006-10-06 Werner Koch + + * configure.ac: Also check for libassuan's pth version. + +2006-10-04 Werner Koch + + Released 1.9.91. + + * configure.ac: Require libassuan 0.9.1 which fixes a problem with + gpgsm. + +2006-09-27 Werner Koch + + * gl/strsep.h, gl/strsep.c, gl/m4/strsep.m4: Removed. + * gl/strpbrk.h, gl/strpbrk.c, gl/m4/strpbrk.m4: Removed. + * gl/Makefile.am: Removed module strsep and strpbrk. + * configure.ac: Check for strsep in the context of jnlib. Remove + check from gl_MODULES. Moved check for timegm into the jnlib context. + +2006-09-27 Marcus Brinkmann + + * Makefile.am: Fix cut & paste error. + +2006-09-25 Werner Koch + + Released 1.9.90. + +2006-09-22 Werner Koch + + * AUTHORS: Add information about used licenses. + +2006-09-20 Werner Koch + + * Makefile.am (dist-hook): Removed distfiles cruft. + (SUBDIRS): Added include + +2006-09-18 Werner Koch + + Released 1.9.23. + + * configure.ac (--enable-agent-only): Donot build tools and doc + (--disable-tools,--disable-doc): New. + * Makefile.am (SUBDIRS): Allow to conditional build tools and doc. + +2006-09-14 Werner Koch + + Replaced all call gpg_error_from_errno(errno) by + gpg_error_from_syserror(). + + * configure.ac: Build gpg by default. + (GNUPG_SYS_SO_PEERCRED): Removed. + +2006-09-13 Werner Koch + + * autogen.sh: Better detection of the cross compiler kit. + +2006-09-06 Marcus Brinkmann + + * configure.ac: New automake conditional RUN_GPG_TESTS. + +2006-09-06 Werner Koch + + * configure.ac: Define _ASSUAN_ONLY_GPG_ERRORS. Require Assuan + 0.9 and libgpg-error 1.4. + +2006-08-31 Werner Koch + + * configure.ac: Require libksba 1.0 and added API check for it. + (GPG_ERR_LOCKED): Removed DECL check as we require 1.2 anyway. + (have_libusb): New to give a feedback about CCID support + +2006-08-21 Werner Koch + + * configure.ac: Removed docbook tests. + (AC_CONFIG_FILES): Added gpgkeys_test and gpgkeys_mailto. + + * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Enable gpg. + +2006-08-17 Werner Koch + + * THANKS: Merged with the 1.4 one. + +2006-08-16 Werner Koch + + * configure.ac: Removed test for capabilities and mlock. + +2006-08-15 Werner Koch + + * Makefile.am (keyserver): Enable building of keyserver helpers. + + * configure.ac: Merged with the current configure from 1.4.5. + Require libgpg-error 1.2 and libksba 0.9.16. + +2006-07-29 Marcus Brinkmann + + * README: Spelling fixes. + +2006-07-27 Werner Koch + + Released 1.9.22. + + * configure.ac: Call AB_INIT. + +2006-07-03 Werner Koch + + * configure.ac: Test for ksba_dn_teststr. + +2006-06-30 Werner Koch + + * keyserver/: New. Taken from 1.4.4 + * Makefile.am (SUBDIRS): Include keyserver/. + * configure.ac: Include keyserver/. + (FAKE_CURL, GPGKEYS_CURL): New. + +2006-06-20 Werner Koch + + Released 1.9.21. + +2006-06-08 Marcus Brinkmann + + * configure.ac (PTH_LIBS): Add --all to pth-config invocation. + +2006-05-24 Werner Koch + + * configure.ac: New option --disable-optimization taked from 1.4.3. + +2006-05-23 Werner Koch + + * configure.ac (ZLIBS): New for zlib link commands. Add bzip2 + support. + +2006-05-22 Werner Koch + + * configure.ac (EXEEXT): New. + +2006-04-18 Werner Koch + + * configure.ac (PK_UID_CACHE_SIZE): New. + +2006-04-07 Werner Koch + + * configure.ac: Use new method to include the SVN revison. Now it + is the actual global revision number. + +2005-12-20 Werner Koch + + Released 1.9.20. + +2005-11-28 Werner Koch + + * configure.ac: Append the revision to the version string. + +2005-11-13 Werner Koch + + * am/cmacros.am (-DGNUPG_SYSCONFDIR): Define it. + +2005-11-11 Werner Koch + + * configure.ac (NEED_KSBA_VERSION: Require 0.9.13. + +2005-09-12 Werner Koch + + Released 1.9.19. + +2005-08-01 Werner Koch + + Released 1.9.18. + + * configure.ac: Require libksba 0.9.12 to match new features in gpgsm. + +2005-06-20 Werner Koch + + Released 1.9.17. + +2005-06-02 Werner Koch + + * configure.ac (HAVE_PTH): Define as alias for USE_GNU_PTH. It is + used by common/estream.c. + +2005-06-01 Werner Koch + + * configure.ac (gl_INIT): Add gnulib stuff. + (fseeko, ftello, ttyname, isascii): Replaced the AC_REPLACE_FUNCS + by a simple check. + (putc_unlocked): Removed check. Not used. + (strsep, mkdtemp, asprintf): Replaced checks by gnulib checks. + (xsize): Added will probably come handy soon. + (CFLAGS): Use -Wformat-security instead of + -Wformat-nonliteral. Add --Wno-format-y2k. + * gl/, gl/m4/: New. + +2005-05-15 Werner Koch + + * configure.ac: Remove option --disable-threads; require the use + of GNU Pth. + +2005-04-27 Werner Koch + + * configure.ac: Removed OpenSC detection and options. + * acinclude.m4: Ditto. + +2005-04-21 Werner Koch + + Released 1.9.16. + + * configure.ac: Do not build gpg by default. + +2005-04-20 Werner Koch + + * configure.ac: Test whether GPG_ERR_LOCKED is declared and + provide a replacement if not. + +2005-04-15 Werner Koch + + * configure.ac: Require libksba 0.9.11. + +2005-04-15 Marcus Brinkmann + + * configure.ac: Check for /usr/bin/shred and define SHRED. + + * configure.ac: Add --enable-symcryptrun, disabled by default. + Define automake variable BUILD_SYMCRYPTRUN. + Check for openpty -lutil, define LIBUTIL_LIBS. + +2005-03-03 Werner Koch + + * acinclude.m4 (GNUPG_PTH_VERSION_CHECK): Accidently used + --ldflags instead of --cflags. Reported by Kazu Yamamoto. + +2005-02-03 Werner Koch + + * AUTHORS: Copied from 1.4 and edited to refelct the changes in + 1.9. + +2005-01-17 Werner Koch + + * configure.ac: Make --without-included-regex work as expected. + Fixed FTP location info for some libraries. + +2005-01-13 Werner Koch + + Released 1.9.15. + + * acinclude.m4 (GNUPG_PTH_VERSION_CHECK): Link a simple test + program to see whether the installation is sane. + +2005-01-07 Werner Koch + + * configure.ac: Require gpg-error 1.0. + +2005-01-04 Werner Koch + + * configure.ac: Remove hack not to build gpg2 for W32. + * autogen.sh : Pass option --disable-gpg instead. + +2004-12-22 Werner Koch + + Released 1.9.14. + +2004-12-20 Werner Koch + + * configure.ac: Add PATHSEP_C and PATHSEP_S. For W32 let all + directories default to c:/gnupg. Require libassuan 0.6.9. + +2004-12-18 Werner Koch + + * configure.ac (AH_BOTTOM): Define EXEEXT_S. + + * autogen.sh: Updated --build-w32 feature. + +2004-12-15 Werner Koch + + * Makefile.am (SUBDIRS) [W32]: Do not build in tests/. + + * acinclude.m4: Add proper macro name quoting for use with + automake 1.9. + + * configure.ac: Add replacement check for ttyname. + Removed support for a included zlib. + +2004-12-06 Werner Koch + + * configure.ac (have_w32_system): New. Disable Pth checks for W32. + Link jnlib/w32-pth.h to pth.h. + +2004-12-03 Werner Koch + + Released 1.9.13. + +2004-11-26 Werner Koch + + * configure.ac: Replace strsep. Replaced use of "target" by + "host". + +2004-10-22 Werner Koch + + Released 1.9.12. + + * Makefile.am (AUTOMAKE_OPTIONS): Set option to create bzip2 tarball. + +2004-10-01 Werner Koch + + Released 1.9.11. + +2004-09-30 Werner Koch + + * README: Minor updates. + +2004-09-30 gettextize + + * configure.ac (AM_GNU_GETTEXT_VERSION): Bump to 0.14.1. + +2004-08-16 Werner Koch + + * configure.ac: Build Makefile for tests/pkits. New option + --with-pkits-tests. + +2004-08-05 Werner Koch + + * configure.ac: Changed tests for libusb to also suuport the + stable version 0.1.x. + +2004-07-22 Werner Koch + + Released 1.9.10. + + * configure.ac: Define AM conditional HAVE_OPENSC. + +2004-07-21 Werner Koch + + * configure.ac: Don't set DIE to no after it might has been set to + yes. + +2004-07-20 Werner Koch + + * Makefile.am (sm): Build kbx only if gpgsm is to be build. + +2004-07-20 Werner Koch + + * configure.ac: New option --enable-agent-only. + +2004-06-08 Werner Koch + + Released 1.9.9. + +2004-06-06 Werner Koch + + * configure.ac: Require libksba 0.9.7. + +2004-04-29 Werner Koch + + Released 1.9.8. + +2004-04-20 Werner Koch + + * configure.ac: Remove the fopencookie test. We don't need the + dummy function because we conditionally use fopencookie, + fpencookie or a replacement at place. + +2004-04-02 Thomas Schwinge + + * autogen.sh: Added ACLOCAL_FLAGS. + +2004-04-06 Werner Koch + + Released 1.9.7. + + * configure.ac: Require libgcrypt 1.1.94. + Introduce PACKAGE_GT and set it to gnupg2. + +2004-03-23 Werner Koch + + * configure.ac: Define SAFE_VERSION_DASH and SAFE_VERSION_DOT. + +2004-03-09 Werner Koch + + * configure.ac (NEED_GPG_ERROR_VERSION): Set to 0.7. + +2004-03-06 Werner Koch + + Released 1.9.6. + + * configure.ac: Check the Libgcrypt API. + +2004-02-25 Werner Koch + + * configure.ac: New option --disable-threads to inhibit + unintentional builds without Pth. + +2004-02-21 Werner Koch + + Released 1.9.5. + +2004-02-20 Werner Koch + + * configure.ac: Fixed URLs in the notice messages. + +2004-02-18 Werner Koch + + * acinclude.m4: Removed macros to detect gpg-error, libgcrypt, + libassuan and ksba as they are now distributed in m4/. + +2004-02-13 Werner Koch + + * configure.ac: Require libksba 0.9.4 and libgcrypt 1.1.92. + +2004-02-12 Werner Koch + + * autogen.sh: Removed cruft from debugging. + + * am/cmacros.am: New. + +2004-02-11 Werner Koch + + * configure.ac: Removed the need for g10defs.h. Reworked the + --with-foo-pgm stuff. + + * autogen.sh (check_version): Removed bashism and simplified. + * acinclude.m4 (AM_PATH_OPENSC): Kludge to avoid error output for + a bad opensc-config. + +2004-01-30 Werner Koch + + Released 1.9.4. + + * configure.ac: Require libksba 0.9.3 due to another bug fix there. + +2004-01-29 Werner Koch + + * README: Updated. + + * configure.ac: Require libksba 0.9.2 due to bug fixes. + +2004-01-24 Werner Koch + + * configure.ac: Now requires libassuan 0.6.3. + +2003-12-23 Werner Koch + + Released 1.9.3. + + * README-alpha: Removed. + * configure.ac, Makefile.am: Add the tests and tools directories. + +2003-12-19 Werner Koch + + * configure.ac: Now require libgcrypt 1.1.91 to help testing the + latest libgcrypt changes. Requires libksab 0.9.1. + +2003-12-17 Werner Koch + + * configure.ac: Requires now libassuan 0.6.2. + (CFLAGS): Add --Wformat-noliteral in gcc mode. + +2003-12-16 Werner Koch + + * configure.ac: Check for funopen and fopencookie as part of the + jnlib checks. + +2003-12-09 Werner Koch + + * configure.ac: Add a min_automake_version. + * README.CVS: New. + * autogen.sh: Revamped except for the --build-w32 hack. + * Makefile.am: Add README.CVS + +2003-11-17 Werner Koch + + Release 1.9.2. + + * configure.ac: Requires now libassuan 0.6.1. + +2003-10-31 Werner Koch + + * configure.ac (NEED_KSBA_VERSION): Set to 0.9.0 due the changed + time interface. + +2003-10-21 Werner Koch + + * configure.ac (PRINTABLE_OS_NAME): Remove special case for The + Hurd; Robert Millan reported that the uname test is now + sufficient. + +2003-10-01 Werner Koch + + * configure.ac (AH_BOTTOM): Define GNUPG_MAJOR_VERSION. + +2003-09-23 Werner Koch + + Merged most of David Shaw's changes in 1.3 since 2003-06-03. + + * configure.ac: Drop all TIGER/192 support. + (uint64_t): Check for UINT64_C to go along with uint64_t. + (getaddrinfo): Check for it. + (sigset_t): Check for sigset_t and struct sigaction. This is for + Forte c89 on Solaris which seems to define only the function call + half of the two pairs by default. + (W32LIBS): Include wsock32 in W32LIBS. This is different from + NETLIBS so we don't need to force other platforms to pull in the + netlibs when they aren't actually needed. + +2003-09-06 Werner Koch + + Released 1.9.1. + + * configure.ac: Require newer versions of some libraries. + +2003-09-02 Werner Koch + + * configure.ac (HAVE_LIBUSB): Added a simple test for libusb. + +2003-08-19 Marcus Brinkmann + + * configure.ac (AM_PATH_GPG_ERROR): Add missing comma in + invocation. + +2003-08-06 Werner Koch + + * configure.ac: Check for libgpg-error. Print infos about missing + libraries more nicely. + * acinclude.m4 (AM_PATH_GPG_ERROR): Added. + +2003-08-05 Werner Koch + + Released 1.9.0. + + * configure.ac (GNUPG_DEFAULT_HONMEDIR): Changed back to ~/.gnupg. + +2003-07-31 Werner Koch + + * Makefile.am (DISTCLEANFILES): Add g10defs.h + +2003-06-18 Werner Koch + + * configure.ac (GNUPG_DEFAULT_HOMEDIR): Changed temporary to + .gnupg2 to avoid accidential use with production keys. + +2003-06-11 Werner Koch + + * configure.ac: Merged all stuff from current 1.3 version in. + * acinclude.m4: Merged required macros from current 1.2 version in. + +2003-06-04 Werner Koch + + * configure.ac, Makefile.am: Enable building of gpg. + +2003-04-29 Werner Koch + + * configure.ac: Build a limited version of scdaemon if libopensc + is not available. + + * configure.ac (ALL_LINUGAS): Removed. + + * Makefile.am (ACLOCAL_AMFLAGS): New. + * configure.ac (AM_GNU_GETTEXT_VERSION): New. Set to 0.11.5. + +2003-04-29 gettextize + + * Makefile.am (SUBDIRS): Add m4. + (ACLOCAL_AMFLAGS): New variable. + (EXTRA_DIST): Add scripts/config.rpath. + * configure.ac (AC_CONFIG_FILES): Add m4/Makefile. + +2003-04-29 Werner Koch + + * assuan/ : Removed. We now use libassuan. + * Makefile.am (SUBDIRS): Removed assuan + + * configure.ac: Check for libassuan. + +2003-01-09 Werner Koch + + * configure.ac (GNUPG_PROTECT_TOOL): New option --with-protect-tool. + (NEED_KSBA_VERSION): Does now require 0.4.6. + + * README: Noted where to find gpg-protect-tool. + +2002-10-31 Neal H. Walfield + + * configure.ac: Check for flockfile and funlockfile. Check for + isascii and putc_unlocked replacing them if not found. + + * configure.ac (PTH_LIBS): If pth is found, add the output of + `$PTH_CONFIG --ldflags`, not just `$PTH_CONFIG --libs`. + +2002-10-19 Werner Koch + + * configure.ac: Bumped version number to 1.9.0-cvs. + + NewPG (Aegypten project) to GnuPG merge. + +2002-09-20 Werner Koch + + Released 0.9.2. + +2002-09-05 Neal H. Walfield + + * configure.ac: Check for makeinfo. + +2002-09-03 Neal H. Walfield + + * autogen.sh (have_version): New function. Generalize and + simplify logic for finding and determining the versions of GNU + programs. Use it. + +2002-08-23 Werner Koch + + Released 0.9.1. + + * acinclude.m4 (AM_PATH_LIBGCRYPT): Updated from Libgcrypt. + (AM_PATH_OPENSC): Strip non-digits from the micro version. + +2002-08-21 Werner Koch + + Released 0.9.0. + + * configure.ac: Changed the default homedir to .gnupg. + * README-alpha: Removed. + +2002-08-19 Werner Koch + + * acinclude.m4: Removed -lpcsclite from KSBA_LIBS; copy+paste bug. + +2002-08-13 Werner Koch + + * acinclude.m4 (AM_PATH_OPENSC, AM_PATH_KSBA): New. + * configure.ac: Use them. + +2002-08-10 Werner Koch + + Released 0.3.10. + + * configure.ac (NEED_LIBKSBA_VERSION): Require 0.4.4. Add support + for gettext. + +2002-07-22 Werner Koch + + * configure.ac: Check for ftello and provide a replacement. + +2002-07-01 Werner Koch + + Released 0.3.9. + + * README: Short note on how to export in pkcs-12 format. + +2002-06-29 Werner Koch + + * configure.ac: Define --with options to set the default location + of the agent, scdaemon, pinentry and dirmngr. + +2002-06-27 Werner Koch + + * README: Short blurb on how to import a PKCS-12 file. + + * configure.ac (AH_BOTTOM): New to define some constants. + +2002-06-25 Werner Koch + + Released 0.3.8. + + * configure.ac (NEED_LIBGCRYPT_VERSION): Set to 1.1.8. + +2002-06-12 Werner Koch + + * configure.ac (NEED_LIBKSBA_VERSION): We need 0.4.3 now. + +2002-06-04 Werner Koch + + Released 0.3.7. + +2002-05-21 Werner Koch + + * configure.ac: We now require libgcrypt 1.1.7 and libksba 0.4.2. + +2002-05-14 Werner Koch + + * doc/: New + * configure.ac, Makefile.am: Added doc/. + +2002-05-03 Werner Koch + + Released 0.3.6. + +2002-04-25 Werner Koch + + * configure.ac: Check for setlocale. + +2002-04-24 Marcus Brinkmann + + * configure.ac: Check for locale.h. + +2002-04-15 Werner Koch + + Released 0.3.5. + + * NEWS: Started to describe release notes. + + * configure.ac (NEED_LIBKSBA_VERSION, NEED_LIBGCRYPT_VERSION): Defined + +2002-04-01 Werner Koch + + Released 0.3.4. + +2002-03-18 Werner Koch + + Released 0.3.3. + +2002-03-08 Werner Koch + + * README: Add some explanation on how to specify a user ID. + +2002-03-06 Werner Koch + + Released 0.3.2. + +2002-03-04 Werner Koch + + Released 0.3.1. + + * README: Explained some options and files. + +2002-02-14 Werner Koch + + * configure.ac: Fixed status messages related to presence of Pth. + +2002-02-13 Werner Koch + + * acinclude.m4 (GNUPG_SYS_SO_PEERCRED): New. + * configure.ac: use it. + +2002-02-12 Werner Koch + + * configure.ac: Check for PTH. Provide replacement fucntions for + apsrintf and fopencookie. + + * acinclude.m4 (GNUPG_PTH_VERSION_CHECK): New. + +2002-02-07 Werner Koch + + Released 0.3.0. + + * configure.ac: Require libgcrypt 1.1.6. + +2002-02-01 Marcus Brinkmann + + * configure.ac (KSBA_CONFIG): Remove superfluous x in front of + variable. + +2002-01-26 Werner Koch + + * configure.ac: Add options to disable the build of some programs + and print a configure status at the end. + * acinclude.m4 (GNUPG_BUILD_PROGRAM): New. + + * scd/ : New. Added to Makefile and configure. + * configure.ac: Check for libopensc + * Makefile.am: Build scd only when libopensc is available + +2002-01-23 Werner Koch + + * configure.ac (mkdtemp): See whether we have to provide a + replacement. + +2001-12-18 Werner Koch + + Released 0.0.0. + +2001-12-17 Werner Koch + + * acinclude.m4: Add AM_PATH_LIBGCRYPT macro. + * configure.ac: and use it here. Figure out the location of libksba + +2001-12-15 Werner Koch + + * configure.ac (missing_dir): Bail out if asprintf and fopencookie + are not available. + +2001-12-04 Werner Koch + + * configure.ac (HAVE_JNLIB_LOGGING): always define it. + + + Copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007. + 2010 Free Software Foundation, Inc. + + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even the + implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +Local Variables: +buffer-read-only: t +End: diff --git a/Makefile.am b/Makefile.am index 23edae4e3..292748abc 100644 --- a/Makefile.am +++ b/Makefile.am @@ -20,9 +20,12 @@ ACLOCAL_AMFLAGS = -I m4 -I gl/m4 AUTOMAKE_OPTIONS = dist-bzip2 no-dist-gzip -DISTCHECK_CONFIGURE_FLAGS = --enable-symcryptrun --enable-mailto +DISTCHECK_CONFIGURE_FLAGS = --enable-symcryptrun --enable-mailto --enable-gpgtar -EXTRA_DIST = scripts/config.rpath scripts/potomo autogen.sh README.GIT +EXTRA_DIST = scripts/config.rpath scripts/potomo autogen.sh README.GIT \ + ChangeLog-2011 po/ChangeLog-2011 scripts/ChangeLog-2011 \ + scripts/gitlog-to-changelog \ + scripts/git-log-fix scripts/git-log-footer DISTCLEANFILES = g10defs.h if BUILD_GPGSM @@ -90,7 +93,7 @@ SUBDIRS = m4 gl include common ${kbx} \ dist_doc_DATA = README -dist-hook: +dist-hook: gen-ChangeLog echo "$(VERSION)" > $(distdir)/VERSION if HAVE_W32_SYSTEM @@ -106,5 +109,20 @@ install-data-hook: done endif + +gen_start_date = 2011-12-01T06:00:00 +.PHONY: gen-ChangeLog +gen-ChangeLog: + if test -d $(top_srcdir)/.git; then \ + (cd $(top_srcdir) && \ + ./scripts/gitlog-to-changelog \ + --amend=scripts/git-log-fix \ + --since=$(gen_start_date) ) > $(distdir)/cl-t; \ + cat $(top_srcdir)/scripts/git-log-footer >> $(distdir)/cl-t; \ + rm -f $(distdir)/ChangeLog; \ + mv $(distdir)/cl-t $(distdir)/ChangeLog; \ + fi + + stowinstall: $(MAKE) $(AM_MAKEFLAGS) install prefix=/usr/local/stow/gnupg diff --git a/agent/ChangeLog b/agent/ChangeLog deleted file mode 100644 index 8ab70bd42..000000000 --- a/agent/ChangeLog +++ /dev/null @@ -1,3107 +0,0 @@ -2011-11-28 Werner Koch - - * command-ssh.c (card_key_available): Change wording of no key - diagnostic. - (ssh_handler_request_identities): Do not call card_key_available - if the scdaemon is disabled. - -2011-10-13 Marcus Brinkmann - - * gpg-agent.c (start_connection_thread) - (start_connection_thread_ssh): Cast npth_self result to unsigned - long for safety. - - * cache.c (new_data): Fix error check. - - * cache.c, call-pinentry.c, call-scd.c, findkey.c, gpg-agent.c, - trustlist.c: Port to NPth. - -2011-09-12 Ben Kibbey - - * genkey.c (agent_ask_new_passphrase): Allow for an empty passphrase - (no protection) in PINENTRY_MODE_LOOPBACK. - -2011-09-10 Ben Kibbey - - * agent.h (pinentry_loopback): New prototype. - * command.c (pinentry_loopback): New function to inquire a passphrase - from the client. For use with pinentry-mode=loopback. - * call-pinentry.c (agent_askpin): Handle PINENTRY_MODE_LOOPBACK. - * call-pinentry.c (agent_get_passphrase): Ditto. - * genkey.c (agent_ask_new_passphrase): Ditto. - -2011-08-10 Werner Koch - - * genkey.c (check_passphrase_pattern): Use gpg_strerror instead of - strerror. - * command-ssh.c (ssh_receive_mpint_list): Remove unused var - ELEMS_PUBLIC_N. - * gpg-agent.c (main): Remove unused var MAY_COREDUMP. - -2011-08-09 Ben Kibbey - - * command.c (option_handler): Have option s2k-count match the - documentation. - -2011-07-27 Werner Koch - - * call-scd.c (struct inq_needpin_s): Add field ANY_INQ_SEEN. - (inq_needpin): Set it. - (agent_card_scd): Send the cancel only if an inquire was actually - used. - -2011-07-09 Ben Kibbey - - * call-scd.c (agent_card_scd): Send the CANCEL command back to SCD - when the SCD command is cancelled from the client. - -2011-07-22 Werner Koch - - * command-ssh.c (ssh_receive_key): Do not init comment to an empty - static string; in the error case it would be freed. - -2011-07-20 Werner Koch - - * command.c (do_one_keyinfo, cmd_keyinfo): Support option --ssh-fpr. - - * command-ssh.c (ssh_identity_register): Display the ssh - fingerprint in the prompt. - (add_control_entry): Add arg FMTFPR and use it as comment in - sshcontrol. - (confirm_flag_from_sshcontrol): New. - (data_sign): Ask for confirmaton if requested. - (search_control_file): Add new arg R_CONFIRM and enhance parser. - * findkey.c (agent_raw_key_from_file): New. - (modify_description): Add format letter %F. - * findkey.c (agent_key_from_file): Simplify comment extraction by - using gcry_sexp_nth_string. - -2011-06-28 Ben Kibbey - - * command.c (option_handler): Add option s2k-count. - * agent.h (server_control_s): Add member s2k_count. - * genkey.c (store_key): Add parameter s2k_count. - * protect.c (agent_protect): Add parameter s2k_count. - * protect.c (do_encryption): Add parameter s2k_count. - -2011-06-01 Marcus Brinkmann - - * cvt-openpgp.c (convert_to_openpgp): Change type of N to unsigned - int. - -2011-04-26 Werner Koch - - * cvt-openpgp.c (convert_to_openpgp): Use rfc4880 encoded S2K count. - * protect.c (get_standard_s2k_count_rfc4880): New. - (S2K_DECODE_COUNT): New. - (s2k_hash_passphrase): Use the new macro. - -2011-04-21 Werner Koch - - * agent.h (server_control_s): Add field cache_ttl_opt_preset. - * gpg-agent.c (agent_init_default_ctrl): Init this field. - * genkey.c (agent_genkey): Use this new variable. - * command.c (cmd_passwd): Ditto. - (option_handler): Add new option cache-ttl-opt-preset. - -2011-04-20 Marcus Brinkmann - - * command.c (cmd_import_key): Release key from failed import - before converting openpgp private key in the openpgp-private-key - case. - -2011-04-17 Ben Kibbey - - * command.c (cmd_passwd): Check for an error before presetting. - -2011-04-12 Ben Kibbey - - * command.c (cmd_passwd): Fixed --preset when not previously cached. - -2011-04-12 Werner Koch - - * agent.h (CACHE_TTL_NONCE, CACHE_TTL_OPT_PRESET): New. - * command.c (cmd_passwd, cmd_import_key): Use new macros. - * genkey.c (agent_genkey): Ditto. - -2011-04-10 Ben Kibbey - - * command.c (cmd_passwd): Add option --preset. - * command.c (cmd_genkey): Add option --preset. - * genkey.c (agent_genkey): Add parameter preset. - -2011-04-06 Ben Kibbey - - * command.c (do_one_keyinfo): Add protection type field. - -2011-03-10 Werner Koch - - * protect.c (hash_passphrase): Use the new gcry_kdf_derive. - -2011-03-08 Werner Koch - - * cvt-openpgp.c (GCRY_PK_ECDH) [!HAVE_GCRY_PK_ECDH]: Remove. - -2011-03-03 Ben Kibbey - - * command.c (cmd_preset_passphrase): Add option --inquire. - -2011-03-03 Werner Koch - - * gpg-agent.c: Add option --allow-loopback-pinentry. - * command.c (option_handler): Add option pinentry-mode. - * agent.h (pinentry_mode_t): New enum. - (struct server_local_s): Add PINENTRY_MODE. - (struct opt): Add ALLOW_LOOPBACK_PINENTRY. - * call-pinentry.c (agent_askpin): Implement ask, cancel and error - pinentry modes. - (agent_get_passphrase, agent_get_confirmation): Ditto. - (agent_show_message): Return cancel if pinentry mode is not "ask". - (agent_popup_message_start): Ditto. - -2011-03-02 Werner Koch - - * call-scd.c (hash_algo_option): New. - (agent_card_pksign): Use it with PKSIGN. - -2011-03-02 Ben Kibbey (wk) - - * command.c (cmd_clear_passphrase): Add option --mode=normal. - (cmd_keyinfo): Add option --data. - (do_one_keyinfo): Return CACHED status. Add arg DATA. - -2011-02-07 Werner Koch - - * pksign.c (do_encode_dsa): Enforce multipe of 8 bits only for DSA. - -2011-02-03 Werner Koch - - * protect.c (protect_info): Support ECC algos. - - * pksign.c (do_encode_dsa): Map public key algo number. Extend - DSA size check for ECDSA. - - * gpg-agent.c: Include cipher.h. - (map_pk_openpgp_to_gcry): New. - - * findkey.c (key_parms_from_sexp): Support ECDH. - - * cvt-openpgp.c (get_keygrip): Support ECC algorithms. - (convert_secret_key): Ditto. - (do_unprotect): Ditto. - -2011-02-02 Werner Koch - - * cvt-openpgp.c (convert_secret_key): Remove algo mapping. - -2011-01-31 Werner Koch - - * cvt-openpgp.c (convert_to_openpgp): Adjust to reverted Libgcrypt - ABI. - - * protect.c (protect_info): Adjust ECDSA and ECDH parameter names. - Add "ecc". - * findkey.c (key_parms_from_sexp): Ditto. - -2011-01-19 Werner Koch - - * trustlist.c (read_one_trustfile): Also chop an CR. - -2011-01-21 Werner Koch - - * pksign.c (do_encode_dsa): Compare MDLEN to bytes. - - * cvt-openpgp.c (GCRY_PK_ECDH) [!HAVE_GCRY_PK_ECDH]: New. - -2010-12-02 Werner Koch - - * gpg-agent.c (CHECK_OWN_SOCKET_INTERVAL) [W32CE]: Set to 60 - seconds. - -2010-11-29 Werner Koch - - * cache.c (initialize_module_cache): Factor code out to ... - (init_encryption): new. - (new_data, agent_get_cache): Init encryption on on the fly. - -2010-11-26 Werner Koch - - * gpg-agent.c (CHECK_OWN_SOCKET_INTERVAL): New. - (handle_tick) [W32CE]: Don't check own socket. - -2010-11-23 Werner Koch - - * Makefile.am (gpg_agent_LDFLAGS): Add extra_bin_ldflags. - -2010-11-11 Werner Koch - - * agent.h (opt): Add field SIGUSR2_ENABLED. - * gpg-agent.c (handle_connections): Set that flag. - * call-scd.c (start_scd): Enable events depending on this flag. - -2010-10-27 Werner Koch - - * gpg-agent.c (create_socket_name): Use TMPDIR. Change callers. - -2010-10-26 Werner Koch - - * cache.c (agent_put_cache): Allow deletion even if TTL is passwd - as 0. - - * genkey.c (agent_protect_and_store): Add arg PASSPHRASE_ADDR. - * command.c (cmd_passwd): Add option --passwd-nonce. - (struct server_local_s): Add LAST_CACHE_NONCE and LAST_PASSWD_NONCE. - (clear_nonce_cache): New. - (reset_notify): Clear the nonce cache. - (start_command_handler): Ditto. - -2010-10-25 Werner Koch - - * command.c (cmd_export_key): Free CACHE_NONCE. - (cmd_passwd): Add option --cache-nonce. - -2010-10-18 Werner Koch - - * call-pinentry.c (start_pinentry): Print name of pinentry on - connect error. - - * call-scd.c (agent_card_pksign): Make sure to return an unsigned - number. - -2010-10-14 Werner Koch - - * command.c (cmd_genkey): Add option --no-protection. - * genkey.c (agent_genkey): Add arg NO_PROTECTION. - -2010-10-13 Werner Koch - - * call-pinentry.c (agent_get_passphrase): Support the close_button. - - * gpg-agent.c (create_server_socket): Switch back to stderr - logging if we are not starting a agent. - - * command.c (cmd_passwd, cmd_export_key): Move mapping of - GPG_ERR_FULLY_CANCELED to .. - (leave_cmd): .. here. - (option_handler): Add option agent-awareness. - * protect-tool.c (get_passphrase): Take care of - GPG_ERR_FULLY_CANCELED. - * findkey.c (try_unprotect_cb): Ditto. - (unprotect): Remove the fully_canceled hack. - * call-pinentry.c (start_pinentry): Ditto. - (agent_askpin): Ditto. - * pkdecrypt.c (agent_pkdecrypt): Ditto - * pksign.c (agent_pksign_do): Ditto. - * genkey.c (agent_ask_new_passphrase): Remove arg CANCEL_ALL. - -2010-10-06 Werner Koch - - * cvt-openpgp.c (convert_secret_key): Add missing break. - -2010-10-05 Werner Koch - - * gpg-agent.c (main): Don't set SSH_AGENT_PID so that ssh-agent -k - won't kill out gpg-agent. - -2010-09-30 Werner Koch - - * gpg-agent.c (agent_exit): Run cleanup. - (cleanup): Run only once. - - * call-pinentry.c (close_button_status_cb): New. - (agent_askpin): Add arg R_CANCEL_ALL. Change all callers. - * genkey.c (agent_ask_new_passphrase): Ditto. - * findkey.c (unprotect): Return GPG_ERR_FULLY_CANCELED if needed. - - * command.c (cmd_export_key): Add support for OpenPGP keys. - * findkey.c (unprotect): Add optional arg R_PASSPHRASE. - (agent_key_from_file): Ditto. Change all callers. - - * findkey.c (unprotect): Do not put the passphrase into the cache - if it has been changed. - - * cvt-openpgp.c (convert_to_openpgp, apply_protection) - (key_from_sexp): New. - -2010-09-29 Werner Koch - - * cvt-openpgp.c (convert_openpgp): Rename to convert_from_openpgp. - - * command.c (has_option): Stop at "--". - (has_option_name, option_value): Ditto. - (skip_options): Skip initial spaces. - -2010-09-24 Werner Koch - - * gpg-agent.c (main, reread_configuration): Always test whether - the default configuration file has been created in the meantime. - Fixes bug#1285. - -2010-09-17 Werner Koch - - * command.c (cmd_havekey): Allow testing of several keygrips. - -2010-09-15 Werner Koch - - * protect.c (calculate_mic): Take care of shared secret format. - - * agent.h (PROTECTED_SHARED_SECRET): New. - -2010-09-02 Werner Koch - - * cache.c (new_data): Change arg and callers to use a string and - explicity return an error code. We never used raw binary data and - thus it is easier to use a string. Adjust callers. - (initialize_module_cache, deinitialize_module_cache): New. - (new_data): Encrypt the cached data. - (struct cache_item_s): Remove field LOCKCOUNT. Change all users - accordingly. - (agent_unlock_cache_entry): Remove. - (agent_get_cache): Return an allocated string and remove CACHE_ID. - * genkey.c (agent_genkey): Remove cache marker stuff. - * findkey.c (unprotect): Ditto. - * cvt-openpgp.c (convert_openpgp): Ditto. - * command.c (cmd_get_passphrase): Ditto. - * gpg-agent.c (main, cleanup): Initialize and deinitialize the - cache module. - -2010-09-01 Werner Koch - - * call-pinentry.c (start_pinentry): Disable pinentry logging. - - * command.c (cmd_import_key, cmd_genkey, cmd_pksign): Add CACHE - handling. - * cvt-openpgp.c (convert_openpgp): Add arg CACHE_NONCE and try the - cached nonce first. - * genkey.c (agent_genkey): Add arg CACHE_NONCE. - * cache.c (agent_get_cache): Require user and nonce cache modes - to match the requested mode. - (agent_put_cache): Ditto. - * agent.h (CACHE_MODE_NONCE): New. - * pksign.c (agent_pksign_do, agent_pksign): Add arg CACHE_NONCE. - * findkey.c (agent_key_from_file): Ditto. - (unprotect): Implement it. - -2010-08-31 Werner Koch - - * pksign.c (do_encode_dsa): Fix sign problem. - * findkey.c (agent_is_dsa_key): Adjust to actual usage. - -2010-08-30 Werner Koch - - * protect.c (s2k_hash_passphrase): New public function. - -2010-08-27 Werner Koch - - * command.c (cmd_import_key): Support OpenPGP keys. - * cvt-openpgp.h, cvt-openpgp.c: New. Some of the code is based on - code taken from g10/seckey-cert.c. - -2010-08-26 Werner Koch - - * command-ssh.c (open_control_file): Use estream to create the file. - - * findkey.c (agent_write_private_key): Explicitly create file with - mode 600. - * gpg-agent.c (main): Ditto. - * trustlist.c (agent_marktrusted): Explicitly create file with - mode 640. - -2010-08-16 Werner Koch - - * gpg-agent.c: Replace remaining printf by es_printf. - -2010-08-11 Werner Koch - - * call-pinentry.c (agent_get_passphrase, agent_askpin): Fix - setting of confidential flag. - - * call-scd.c (agent_card_scd): Pass assuan comment lines to the - caller. - (ASSUAN_CONVEY_COMMENTS): Provide replacement if needed. - -2010-08-09 Werner Koch - - * Makefile.am (t_common_ldadd): Add NETLIBS for sake of the TCP - logging. - -2010-06-24 Werner Koch - - * genkey.c (check_passphrase_pattern): Use HANG option for - gnupg_wait_progress. Fixes regression from 2010-06-09. - -2010-06-21 Werner Koch - - * protect-tool.c (export_p12_file, import_p12_cert_cb) - (import_p12_file, sexp_to_kparms, store_private_key): Remove - unused code. - -2010-06-18 Werner Koch - - * protect-tool.c (store_private_key, rsa_key_check): Remove. - - * command.c (cmd_export_key): New. - -2010-06-15 Werner Koch - - * command.c (cmd_keywrap_key, cmd_import_key): New. - - * genkey.c (agent_genkey, agent_protect_and_store): Factor common - code out to... - (agent_ask_new_passphrase): .. new. - - * findkey.c (agent_write_private_key): Return GPG_ERR_EEXIST - instead of GPG_ERR_GENERAL. - -2010-06-14 Werner Koch - - * protect-tool.c: Remove commands --p12-import and --p12-export. - * minip12.c, minip12.h: Move to ../sm. - * Makefile.am (gpg_protect_tool_SOURCES): Remove them. - * preset-passphrase.c: Remove unneeded minip12.h. - - * command.c (cmd_keywrap_key): New. - - * command.c (leave_cmd): New. - (cmd_istrusted, cmd_listtrusted, cmd_marktrusted, cmd_pksign) - (cmd_pkdecrypt, cmd_genkey, cmd_readkey, cmd_keyinfo) - (cmd_get_passphrase, cmd_get_confirmation, cmd_learn) - (cmd_passwd, cmd_preset_passphrase, cmd_getval, cmd_putval): Use it. - -2010-05-12 Werner Koch - - * preset-passphrase.c (forget_passphrase): Actually implement - this. Fixes bug#1198. - -2010-05-11 Werner Koch - - * agent.h (opt): Add field USE_STANDARD_SOCKET. - * gpg-agent.c (use_standard_socket): Remove. Use new option instead. - - * command.c (cmd_killagent, cmd_reloadagent): Provide command also - for non-W32 platforms. - (cmd_getinfo): New subcommands std_session_env and std_startup_env. - -2010-05-03 Werner Koch - - * gpg-agent.c (check_own_socket_thread): Do not release SOCKNAME - too early. - -2010-04-30 Werner Koch - - * gpg-agent.c (main): Add command --use-standard-socket-p. - -2010-04-26 Werner Koch - - * gpg-agent.c (create_server_socket) [W32]: Also check for EEXIST. - -2010-04-19 Werner Koch - - * pksign.c (get_dsa_qbits, do_encode_dsa): New. - (agent_pksign_do): Detect DSA keys and use do_encode_dsa. - * findkey.c (agent_public_key_from_file): Factor some code out to .. - (key_parms_from_sexp): New. - (agent_is_dsa_key): New. - - * command.c (cmd_sethash): Clear digeest.RAW_VALUE. - -2010-04-14 Werner Koch - - * Makefile.am (libexec_PROGRAMS) [W32CE]: Do not build - gpg-preset-passphrase for now. - (pwquery_libs) [W32CE]: Set to empty. - - * trustlist.c (read_one_trustfile): Use estream. - -2010-04-13 Werner Koch - - * findkey.c (read_key_file): Use estream. - (agent_write_private_key): Ditto. - -2010-04-07 Werner Koch - - * gpg-agent.c (handle_connections) [W32]: Assume that PTh support - the handle event. Use a dummy event for W32CE. - (get_agent_scd_notify_event) [W32CE]: Do not build. - - * call-pinentry.c: Remove setenv.h. Include sysutils.h. - (atfork_cb): s/setenv/gnupg_setenv/. - - * gpg-agent.c: Do not include setenv.h. - (main): s/unsetenv/gnupg_unsetenv/. - - * protect.c (calibrate_get_time) [W32CE]: Use GetThreadTimes. - -2010-04-06 Werner Koch - - * call-scd.c [!HAVE_SIGNAL_H]: Do not include signal.h. - - * findkey.c (agent_write_private_key): s/remove/gnupg_remove/. - - * command-ssh.c (search_control_file): Replace rewind by fseek and - clearerr. - * genkey.c (check_passphrase_pattern): Ditto. - - * gpg-agent.c [!HAVE_SIGNAL_H]: Do not include signal.h. - (remove_socket): s/remove/gnupg_remove/. - (create_private_keys_directory): Use gnupg_mkdir. - -2010-03-11 Werner Koch - - * gpg-agent.c: Include "asshelp.h". - (main): Remove assuan_set_assuan_log_prefix. Add - assuan_set_log_cb. - (handle_signal): Disable pth ctrl dumping. - (parse_rereadable_options, main): Remove assuan_set_assuan_log_stream. - * call-scd.c (start_scd): Remove assuan_set_log_stream. - -2010-03-10 Werner Koch - - * Makefile.am (common_libs): Remove libjnlib.a. - - * trustlist.c, protect-tool.c, command-ssh.c: Remove estream.h. - -2010-02-17 Werner Koch - - * call-pinentry.c (start_pinentry): Always free OPTSTR. Send - default-xxx strings. - -2010-01-26 Werner Koch - - * protect.c (do_encryption): Encode the s2kcount and no not use a - static value of 96. - -2009-12-21 Werner Koch - - * command.c (cmd_getinfo): Add sub-command s2k_count. - -2009-12-14 Werner Koch - - * protect.c (agent_unprotect): Decode the S2K count here and take - care of the new unencoded values. Add a lower limit sanity check. - (hash_passphrase): Do not decode here. - (get_standard_s2k_count, calibrate_s2k_count): New. - (calibrate_get_time, calibrate_elapsed_time): New. - (do_encryption): Use get_standard_s2k_count. - -2009-12-08 Werner Koch - - * protect.c (agent_unprotect): Avoid compiler warning. - -2009-12-08 Marcus Brinkmann - - * call-pinentry.c (start_pinentry): Convert posix fd to assuan fd. - * call-scd.c (start_scd): Likewise. - -2009-12-03 Werner Koch - - * gpg-agent.c (set_debug): Allow for numerical debug leveles. Print - active debug flags. - -2009-12-02 Werner Koch - - * trustlist.c (read_trustfiles): Store the pointer returned from - shrinking the memory and not the orginal one. Fixes bug#1163. - Reported by TAKAHASHI Tamotsu. Also return correct error after - memory failure. - -2009-11-27 Marcus Brinkmann - - * command.c (start_command_handler): Do not call - assuan_set_log_stream anymore. - * gpg-agent.c (main): But call assuan_set_assuan_log_stream here. - -2009-11-25 Marcus Brinkmann - - * command.c (start_command_handler): Use assuan_fd_t and - assuan_fdopen on fds. - -2009-11-05 Marcus Brinkmann - - * call-pinentry.c (start_pinentry): Call assuan_pipe_connect, not - assuan_pipe_connect_ext. - * command.c (start_command_handler): Change - assuan_init_socket_server_ext into assuan_init_socket_server. - * call-scd.c (start_scd): Update use of assuan_socket_connect and - assuan_pipe_connect. - * gpg-agent.c (check_own_socket_thread, check_for_running_agent): - Update use of assuan_socket_connect. - -2009-11-04 Werner Koch - - * command.c (register_commands): Add help arg to - assuan_register_command. Convert all command comments to help - strings. - -2009-11-02 Marcus Brinkmann - - * command.c (reset_notify): Take LINE arg and return error. - (register_commands): Use assuan_handler_t type. - -2009-10-16 Marcus Brinkmann - - * gpg_agent_CFLAGS, gpg_agent_LDADD: Use libassuan instead of - libassuan-pth. - * gpg-agent.c: Invoke ASSUAN_SYSTEM_PTH_IMPL. - (main): Call assuan_set_system_hooks and assuan_sock_init. - Fix invocation of assuan_socket_connect. - -2009-09-23 Werner Koch - - * command.c (register_commands) [HAVE_ASSUAN_SET_IO_MONITOR]: - Remove cpp condition. - (start_command_handler) [HAVE_ASSUAN_SET_IO_MONITOR]: Ditto. - -2009-09-23 Marcus Brinkmann - - * gpg-agent.c (parse_rereadable_options): Don't set global assuan - log file (there ain't one anymore). - (main): Update to new API. - (check_own_socket_pid_cb): Return gpg_error_t instead of int. - (check_own_socket_thread, check_for_running_agent): Create assuan - context before connecting to server. - * command.c: Include "scdaemon.h" before because of - GPG_ERR_SOURCE_DEFAULT check. - (write_and_clear_outbuf): Use gpg_error_t instead of - assuan_error_t. - (cmd_geteventcounter, cmd_istrusted, cmd_listtrusted) - (cmd_marktrusted, cmd_havekey, cmd_sigkey, cmd_setkeydesc) - (cmd_sethash, cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_readkey) - (cmd_keyinfo, cmd_get_passphrase, cmd_clear_passphrase) - (cmd_get_confirmation, cmd_learn, cmd_passwd) - (cmd_preset_passphrase, cmd_scd, cmd_getval, cmd_putval) - (cmd_updatestartuptty, cmd_killagent, cmd_reloadagent) - (cmd_getinfo, option_handler): Return gpg_error_t instead of int. - (post_cmd_notify): Change type of ERR to gpg_error_t from int. - (io_monitor): Add hook argument. Use symbols for constants. - (register_commands): Change return type of HANDLER to gpg_error_t. - (start_command_handler): Allocate assuan context before starting - server. - * call-pinentry.c: Include "scdaemon.h" before because - of GPG_ERR_SOURCE_DEFAULT check. - (unlock_pinentry): Call assuan_release instead of - assuan_disconnect. - (getinfo_pid_cb, getpin_cb): Return gpg_error_t instead of int. - (start_pinentry): Allocate assuan context before connecting to - server. - * call-scd.c (membuf_data_cb, learn_status_cb, get_serialno_cb) - (membuf_data_cb, inq_needpin, card_getattr_cb, pass_status_thru) - (pass_data_thru): Change return type to gpg_error_t. - (start_scd): Allocate assuan context before connecting to server. - -2009-09-04 Marcus Brinkmann - - * command.c (start_command_handler): Add comment about gap in - implementation (in dead code), for future reference. - -2009-08-11 Werner Koch - - * divert-scd.c (ask_for_card): I18n a prompt string. - -2009-07-06 Werner Koch - - * agent.h: Include session-env.h. - (opt): Replace most of the startup_xxx fields by a session_env_t. - (struct server_control_s): Likewise. - * gpg-agent.c (main): Rewrite setting of the startup fields. - (handle_connections, main): Allocate SESSION_ENV. - (agent_init_default_ctrl, agent_deinit_default_ctrl): Change - accordingly. - * command.c (option_handler): Ditto. - (cmd_updatestartuptty): Change accordingly. Protect old values - from out of core failures. - * command-ssh.c (start_command_handler_ssh): Ditto. - (start_command_handler_ssh): Replace strdup by xtrystrdup. - * call-pinentry.c (atfork_cb): Pass new envrinmnet variables. - (start_pinentry): Use session_env stuff. - * protect-tool.c (main): Adjust call to gnupg_prepare_get_passphrase. - -2009-06-24 Werner Koch - - * genkey.c (agent_protect_and_store): Return RC and not 0. - * protect.c (do_encryption): Fix ignored error code from malloc. - Reported by Fabian Keil. - -2009-06-17 Werner Koch - - * call-pinentry.c (agent_get_confirmation): Add arg WITH_CANCEL. - Change all callers. - * trustlist.c (agent_marktrusted): Use WITH_CANCEL - -2009-06-09 Werner Koch - - * learncard.c (send_cert_back): Ignore certain error codes. - -2009-06-05 Werner Koch - - * protect-tool.c (store_private_key): Fix last change by appending - a ".key". - -2009-06-03 Werner Koch - - * protect-tool.c: Include estream.h. - (store_private_key): Replace stdio streams by estream functions - for a portable use of the "x" mode. - * trustlist.c: Include estream.h. - (agent_marktrusted): Replace stdio stream by estream functions. - - * protect-tool.c (store_private_key): Use bin2hex. - -2009-06-02 Werner Koch - - * gpg-agent.c (main): Run pth_kill after fork. Fixes bug#1066. - -2009-05-19 Werner Koch - - * gpg-agent.c (JNLIB_NEED_AFLOCAL): Define. - (create_server_socket): Use SUN_LEN macro. - -2009-05-15 Werner Koch - - Fix bug #1053. - - * agent.h (lookup_ttl_t): New. - * findkey.c (unprotect): Add arg LOOKUP_TTL. - (agent_key_from_file): Ditto. - * pksign.c (agent_pksign_do): Ditto. - * command-ssh.c (ttl_from_sshcontrol): New. - (data_sign): Pass new function to agent_pksign_do. - (search_control_file): Add new arg R_TTL. - -2009-05-14 Werner Koch - - * command.c (cmd_get_passphrase): Add option --qualitybar. - * call-pinentry.c (agent_askpin): Factor some code out to ... - (setup_qualitybar): .. new. - (agent_get_passphrase): Add arg WITH_QUALITYBAR and implement it. - -2009-04-14 Marcus Brinkmann - - * call-pinentry.c (agent_get_confirmation): Try SETNOTOK command - with pinentry. - -2009-04-01 Werner Koch - - * protect-tool.c (pe_opt): New. - (opts): Add option --agent-program. Use ARGPARSE macros. - (get_new_passphrase): Remove. - (get_passphrase): Use gpg-agent directly. Remove arg OPT_CHECK and - change all callers. - * Makefile.am (gpg_protect_tool_LDADD): Replace pwquery_libs by - LIBASSUAN_LIBS. - (gpg_protect_tool_CFLAGS): New. - - * command.c (percent_plus_unescape): Remove. - (cmd_putval): Use percent_plus_unescape_inplace. - * call-scd.c (unescape_status_string): Remove. - (card_getattr_cb): Use percent_plus_unescape. - * protect-tool.c (main): Use percent_plus_unescape from common/. - (percent_plus_unescape, percent_plus_unescape_string): Remove. - -2009-03-27 Werner Koch - - * learncard.c (agent_handle_learn): Add new certtype 111. - -2009-03-26 Werner Koch - - * agent.h (MAX_DIGEST_LEN): Change to 64. - * command.c (cmd_sethash): Allow digest length of 48 and 64. - (cmd_sethash): Allow more hash algos. - - * trustlist.c (reformat_name): New. - (agent_marktrusted): Use a reformatted name. Reload the table - before the update and always reload it at the end. - (agent_istrusted): Check early for the disabled flag. - -2009-03-25 Werner Koch - - * pkdecrypt.c (agent_pkdecrypt): Return a specific error message - if the key is not available. - - * gpg-agent.c (main): Print a started message to show the real pid. - -2009-03-20 Werner Koch - - * learncard.c (struct kpinfo_cp_parm_s): Add field CTRL. - (struct certinfo_cb_parm_s): Ditto. - (agent_handle_learn): Set CTRL field. - (kpinfo_cb, certinfo_cb): Send progress status. - - * agent.h (agent_write_status): Flag with GNUPG_GCC_A_SENTINEL. - -2009-03-19 Werner Koch - - * trustlist.c (struct trustitem_s): Add field DISABLED. - (read_one_trustfile): Parse the '!' flag. - (agent_istrusted, agent_listtrusted): Check flag. - (agent_istrusted): Add arg R_DISABLED. Change all callers. - (agent_marktrusted): Do not ask if flagged as disabled. Reverse - the order of the questions. Store the disabled flag. - - * gpg-agent.c (main): Save signal mask and open fds. Restore mask - and close all fds prior to the exec. Fixes bug#1013. - -2009-03-17 Werner Koch - - * command.c (cmd_get_passphrase): Break repeat loop on error. - Show error message. - (cmd_getinfo): Add subcommand "cmd_has_option". - (command_has_option): New. - -2009-03-17 Daiki Ueno - - * command.c (option_value): New function. - (cmd_get_passphrase): Accept new option --repeat, which makes - gpg-agent to ask passphrase several times. - -2009-03-06 Werner Koch - - * command.c (cmd_keyinfo): New command. - (register_commands): Register it. - (agent_write_status): Make sure not to print LR or CR. - * divert-scd.c (ask_for_card): Factor shadow info parsing out to ... - * protect.c (parse_shadow_info): New. - * findkey.c (agent_key_from_file): Use make_canon_sexp. - (agent_write_private_key, unprotect, read_key_file) - (agent_key_available): Use bin2hex. - (agent_key_info_from_file): New. - (read_key_file): Log no error message for ENOENT. - -2009-03-05 Werner Koch - - * divert-scd.c (getpin_cb): Support flag 'P'. Change max_digits - from 8 to 16. Append a message about keypads. - * findkey.c (unprotect): Change max digits to 16. - -2009-03-02 Werner Koch - - * command.c (cmd_getinfo): Add subcommand "scd_running". - - * call-scd.c (agent_scd_check_running): New. - - * gpg-agent.c: Add missing option strings for "--batch" and - "--homedir". Reported by Petr Uzel. - - * protect-tool.c (import_p12_file): Take care of canceled - passphrase entry. Fixes bug#1003. - (export_p12_file): Ditto. - -2008-12-17 Werner Koch - - * gpg-agent.c (handle_connections): Set action of all pth event - handled signals to SIG_IGN. Use a different pth_sigmask strategy. - -2008-12-10 Werner Koch - - * command.c (cmd_get_passphrase): Implement option --no-ask. - -2008-12-09 Werner Koch - - * gpg-agent.c (main): Call i18n_init before init_common_subsystems. - * preset-passphrase.c (main): Ditto. - * protect-tool.c (main): Ditto. - - * command.c (cmd_preset_passphrase): Allow an arbitrary string for - the cache id. - -2008-12-08 Werner Koch - - * gpg-agent.c (handle_connections): Sync the ticker to the next - full second. This is bug#871. - -2008-12-05 Werner Koch - - * minip12.c (decrypt_block): Fix const modified of CHARSETS. - * learncard.c (sinfo_cb_parm_s): Remove superflous semicolon. - Reported by Stoyan Angelov. - -2008-11-18 Werner Koch - - * gpg-agent.c (make_libversion): New. - (my_strusage): Print libgcrypt version - -2008-11-11 Werner Koch - - * call-scd.c (membuf_data_cb): Change return type to - assuan_error_t to avoid warnings with newer libassuan versions. - -2008-11-04 Werner Koch - - * command.c (cmd_killagent): Stop the agent immediately. - (start_command_handler): Take care of GPG_ERR_EOF. - -2008-10-29 Werner Koch - - * gpg-agent.c (main): Move USE_STANDARD_SOCKET to the outer scope. - (create_socket_name): Remove arg USE_STANDARD_SOCKET. Change all - callers. - (create_server_socket): Remove IS_STANDARD_NAME and replace it by - USE_STANDARD_SOCKET. Change all callers. - (check_own_socket_running): New. - (check_own_socket, check_own_socket_thread): New. - (handle_tick): Check server socket once a minute. - (handle_connections): Remove the extra pth_wait in the shutdown - case. - -2008-10-20 Werner Koch - - * command.c (cmd_geteventcounter): Mark unused arg. - (cmd_listtrusted, cmd_pksign, cmd_pkdecrypt, cmd_genkey): Ditto. - (cmd_updatestartuptty, post_cmd_notify): Ditto. - * command-ssh.c (add_control_entry) - (ssh_handler_request_identities, ssh_handler_remove_identity) - (ssh_handler_remove_all_identities, ssh_handler_lock) - (ssh_handler_unlock): Ditto. - * call-pinentry.c (pinentry_active_p, popup_message_thread) - (agent_popup_message_stop): Ditto. - * findkey.c (agent_public_key_from_file): Ditto. - * genkey.c (check_passphrase_pattern): Ditto. - * call-scd.c (atfork_cb): Ditto. - * protect-tool.c (import_p12_cert_cb): Ditto. - * t-protect.c (main): Ditto. - -2008-10-17 Werner Koch - - * call-scd.c (start_scd) [W32]: Use snprintf again because we now - always use the estream variant. - -2008-10-15 Werner Koch - - * call-scd.c (start_scd): Enable assuan loggging if requested. - (agent_scd_check_aliveness) [W32]: Fix use of GetExitCodeProcess. - -2008-10-14 Werner Koch - - * gpg-agent.c (get_agent_scd_notify_event): Need to use a manual - reset event. - -2008-09-29 Werner Koch - - * agent.h (GCRY_MD_USER): Rename to GCRY_MODULE_ID_USER. - (GCRY_MD_USER_TLS_MD5SHA1): Rename to MD_USER_TLS_MD5SHA1 and - change all users. - -2008-09-25 Werner Koch - - * divert-scd.c (getpin_cb): Support a Reset Code style PINs.. - -2008-09-03 Werner Koch - - * command.c (parse_keygrip): Use hex2bin. - (cmd_preset_passphrase): Decode the passphrase. Reported by Kiss - Gabor. Fixes #679 again. - * preset-passphrase.c (make_hexstring): Remove. - (preset_passphrase): Use bin2hex. - -2008-05-27 Werner Koch - - * trustlist.c (insert_colons): Fix stupidly wrong allocation size - computation. - -2008-05-26 Werner Koch - - * gpg-agent.c (main): Re-initialize default assuan log stream if a - log file is used. - - * trustlist.c (agent_marktrusted): Use xtryasprintf and xfree. - - * gpg-agent.c (main, agent_deinit_default_ctrl): Always use xfree - because our asprintf is mapped to an xmalloc style function in - util.h. Replace xstrdup by xtrystrdup. - * w32main.c (build_argv): Ditto. - * preset-passphrase.c (preset_passphrase): Ditto. - * divert-scd.c (ask_for_card): Ditto. - * command.c (option_handler): Ditto. - * command-ssh.c (ssh_handler_request_identities): Ditto. - * call-pinentry.c (start_pinentry): Ditto. - - * gpg-agent.c (start_connection_thread) - (start_connection_thread_ssh): Use pth_thread_id for useful output - under W32. - (pth_thread_id) [!PTH_HAVE_PTH_THREAD_ID]: New. - -2008-03-17 Werner Koch - - * agent.h (agent_inq_pinentry_launched): New prototype. - - * call-pinentry.c: Include sys/types.h and signal.h. - -2008-02-14 Werner Koch - - * command.c (agent_inq_pinentry_launched): New. - (option_handler): Add option allow-pinentry-notify. - * call-pinentry.c (getinfo_pid_cb): New. - (start_pinentry): Ask for the PID and notify the client. - -2008-01-15 Marcus Brinkmann - - * call-pinentry.c (start_pinentry): Start pinentry in detached - mode. - -2007-12-04 Werner Koch - - * call-pinentry.c (agent_askpin): Use gnupg_get_help_string. - -2007-12-03 Werner Koch - - * gpg-agent.c (main): s/standard_socket/use_standard_socket/ for - clarity. - (create_server_socket): New arg IS_SSH to avoid testing with - assuan commands. - -2007-11-20 Werner Koch - - * gpg-agent.c (get_agent_scd_notify_event): New. - (handle_signal): Factor SIGUSR2 code out to: - (agent_sigusr2_action): .. New. - (agent_sighup_action): Print info message here and not in - handle_signal. - (handle_connections) [PTH_EVENT_HANDLE]: Call agent_sigusr2_action. - - * call-scd.c (agent_scd_check_aliveness) [W32]: Implemented. - (start_scd) [W32]: Send event-signal option. - -2007-11-19 Werner Koch - - * call-pinentry.c (agent_askpin): Set the tooltip for the quality - bar. - -2007-11-15 Werner Koch - - * agent.h (struct server_control_s): Add XAUTHORITY and - PINENTRY_USER_DATA. - * gpg-agent.c: New option --xauthority. - (main, agent_init_default_ctrl) - (agent_deinit_default_ctrl): Implemented - * command.c (cmd_updatestartuptty): Ditto. - * command-ssh.c (start_command_handler_ssh): Ditto. - * call-pinentry.c (atfork_cb): Set the environment. - (start_pinentry): Pass CTRL as arg to atfork_cb. - -2007-11-14 Werner Koch - - * call-scd.c (start_scd) [W32]: Take care of fflush peculiarities. - -2007-11-07 Werner Koch - - * agent.h: Remove errors.h. - -2007-10-24 Werner Koch - - * genkey.c (check_passphrase_constraints): Changed the wording of - the warning messages. - -2007-10-19 Werner Koch - - * protect-tool.c (get_passphrase): Use new utf8 switch fucntions. - -2007-10-15 Daiki Ueno (wk) - - * command-ssh.c (reenter_compare_cb): New function; imported from - genkey.c. - (ssh_identity_register): Ask initial passphrase twice. - -2007-10-02 Werner Koch - - * command.c (cmd_getinfo): Add "pid" subcommand. - -2007-10-01 Werner Koch - - * agent.h (struct server_control_s): Remove unused CONNECTION_FD. - - * gpg-agent.c: Remove w32-afunix.h. Include mkdtemp.h. - (socket_nonce, socket_nonce_ssh): New. - (create_server_socket): Use assuan socket wrappers. Remove W32 - specific stuff. Save the server nonce. - (check_nonce): New. - (start_connection_thread, start_connection_thread_ssh): Call it. - (handle_connections): Change args to gnupg_fd_t. - * command.c (start_command_handler): Change LISTEN_FD to gnupg_fd_t. - * command-ssh.c (start_command_handler_ssh): Ditto. - -2007-09-18 Werner Koch - - * agent.h (struct pin_entry_info_s): Add element WITH_QUALITYBAR. - * genkey.c (check_passphrase_constraints): New arg SILENT. - Changed all callers. - (agent_protect_and_store, agent_genkey): Enable qualitybar. - * call-pinentry.c (agent_askpin): Send that option. - (unescape_passphrase_string): New. - (inq_quality): New. - (estimate_passphrase_quality): New. - -2007-09-14 Marcus Brinkmann - - * call-pinentry.c (agent_popup_message_stop): Implement kill for - Windows. - -2007-08-28 Werner Koch - - * gpg-agent.c (main): Add option --faked-system-time. - - * protect-tool.c (read_and_unprotect): Print the protected-at date. - - * agent.h (struct server_control_s): Add member IN_PASSWD. - * command.c (cmd_passwd): Set it. - * findkey.c (try_unprotect_cb): Use it. - - * protect.c (do_encryption): Replace asprintf by xtryasprint. - (agent_protect): Create the protected-at item. - (agent_unprotect): Add optional arg PROTECTED_AT. - (merge_lists): Add args CUTOFF and CUTLEN. - (agent_unprotect): Use them. - * findkey.c (try_unprotect_cb): Add code to test for expired keys. - (unprotect): Allow changing the passphrase. - -2007-08-27 Werner Koch - - * gpg-agent.c: Add options --min-passphrase-nonalpha, - --check-passphrase-pattern and --enforce-passphrase-constraints. - (MIN_PASSPHRASE_NONALPHA): Init nonalpha option to 1. - (main): Declare options for gpgconf. - * agent.h (struct): Add members MIN_PASSPHRASE_NONALPHA, - ENFORCE_PASSPHRASE_CONSTRAINTS and CHECK_PASSPHRASE_PATTERN. - * genkey.c (nonalpha_charcount): New. - (check_passphrase_pattern): New. - (check_passphrase_constraints): Implement. Factor some code out... - (take_this_one_anyway, take_this_one_anyway2): .. New. - - * call-pinentry.c (agent_show_message): New. - (agent_askpin): We better reset the pin buffer before asking. - - * trustlist.c (insert_colons): New. - (agent_marktrusted): Pretty print the fpr. - -2007-08-22 Werner Koch - - * findkey.c (O_BINARY): Make sure it is defined. - (agent_write_private_key): Use O_BINARY - - * protect-tool.c (import_p12_file): Add hack to allow importing of - gnupg 2.0.4 generated files. - -2007-08-06 Werner Koch - - * trustlist.c (read_one_trustfile): Add flag "cm". - (agent_istrusted): Ditto. - -2007-08-02 Werner Koch - - * gpg-agent.c: Include gc-opt-flags.h and remove their definition - here. - -2007-07-13 Werner Koch - - * genkey.c (check_passphrase_constraints): Require a confirmation - for an empty passphrase. - (agent_genkey, agent_protect_and_store): No need to repeat an - empty passphrase. - -2007-07-05 Werner Koch - - * call-scd.c (struct inq_needpin_s): New. - (inq_needpin): Pass unknown inquiries up. - -2007-07-04 Werner Koch - - * gpg-agent.c (TIMERTICK_INTERVAL): New. - (fixed_gcry_pth_init, main): Kludge to fix Pth initialization. - -2007-07-03 Werner Koch - - * gpg-agent.c (handle_connections): Do not use FD_SETSIZE for - select but compute the correct number. - -2007-07-02 Werner Koch - - * command.c (cmd_reloadagent) [W32]: New. - (register_commands) [W32]: New command RELOADAGENT. - - * Makefile.am (gpg_agent_SOURCES): Remove w32main.c and w32main.h. - (gpg_agent_res_ldflags): Remove icon file as we don't have a - proper icon yet. - * gpg-agent.c (main): do not include w32main.h. Remove all calls - to w32main.c. - (agent_sighup_action): New. - (handle_signal): Use it. - -2007-06-26 Werner Koch - - * gpg-agent.c (create_directories) [W32]: Made it work. - -2007-06-21 Werner Koch - - * agent.h (ctrl_t): Remove. It is now declared in ../common/util.h. - - * gpg-agent.c (check_for_running_agent): New arg SILENT. Changed - all callers. - (create_server_socket): If the standard socket is in use check - whether a agent is running and avoid starting another one. - -2007-06-18 Marcus Brinkmann - - * gpg-agent.c (main): Percent escape pathname in --gpgconf-list - output. - -2007-06-18 Werner Koch - - * w32main.c (build_argv): New. - (WinMain): Use it. - - * command.c (cmd_killagent) [W32]: New. - (cmd_getinfo): New. - * gpg-agent.c (get_agent_ssh_socket_name): New. - (no_force_standard_socket) New. - (create_server_socket): Use it. - * Makefile.am (gpg_agent_res_ldflags): Pass windows option to ld. - -2007-06-14 Werner Koch - - * protect-tool.c (main): Setup default socket name for - simple-pwquery. - (MAP_SPWQ_ERROR_IMPL): New. Use map_spwq_error for spqw related - error codes. - * preset-passphrase.c (main): Setup default socket name for - simple-pwquery. - (map_spwq_error): Remove. - (MAP_SPWQ_ERROR_IMPL): New. - - * call-pinentry.c (start_pinentry): Use gnupg_module_name. - * call-scd.c (start_scd): Ditto. - -2007-06-12 Werner Koch - - * taskbar.c: New. - - * trustlist.c (read_one_trustfile): Replace GNUPG_SYSCONFDIR by a - function call. - (read_trustfiles): Ditto. - - * gpg-agent.c (main): Replace some calls by init_common_subsystems. - * preset-passphrase.c (main): Ditto. - * protect-tool.c (main): Ditto. - -2007-06-11 Werner Koch - - * Makefile.am (common_libs): Use libcommonstd macro. - (commonpth_libs): Use libcommonpth macro. - - * protect-tool.c (main) [W32]: Call pth_init. - - * preset-passphrase.c (main) [W32]: Replace the explicit Winsocket - init by a call to pth_init. - - * trustlist.c (initialize_module_trustlist): New. - * gpg-agent.c (main): Call it. - - * call-pinentry.c (initialize_module_query): Rename to - initialize_module_call_pinentry. - - * minip12.c: Remove iconv.h. Add utf8conf.h. Changed all iconv - calss to use these jnlib wrappers. - -2007-06-06 Werner Koch - - * minip12.c (enum): Rename CONTEXT to ASNCONTEXT as winnt.h - defines such a symbol to access the process context. - - * call-pinentry.c (dump_mutex_state) [W32]: Handle the W32Pth case. - * call-scd.c (dump_mutex_state): Ditto. - - * protect-tool.c (i18n_init): Remove. - * preset-passphrase.c (i18n_init): Remove. - * gpg-agent.c (i18n_init): Remove. - -2007-05-19 Marcus Brinkmann - - * protect-tool.c (get_passphrase): Free ORIG_CODESET on error. - -2007-05-14 Werner Koch - - * protect.c (make_shadow_info): Replace sprintf by smklen. - -2007-04-20 Werner Koch - - * gpg-agent.c (my_gcry_logger, my_gcry_outofcore_handler): Removed. - (main): Call the setup_libgcrypt_logging helper. - * protect-tool.c (my_gcry_logger): Removed. - (main): Call the setup_libgcrypt_logging helper. - -2007-04-03 Werner Koch - - * trustlist.c (read_trustfiles): Take a missing trustlist as an - empty one. - -2007-03-20 Werner Koch - - * protect-tool.c: New option --p12-charset. - * minip12.c (p12_build): Implement it. - -2007-03-19 Werner Koch - - * minip12.c: Include iconv.h. - (decrypt_block): New. - (parse_bag_encrypted_data, parse_bag_data): Use it here. - (bag_data_p, bag_decrypted_data_p): New helpers. - -2007-03-06 Werner Koch - - * gpg-agent.c (main) : Add entries for all ttl options. - -2007-02-20 Werner Koch - - * call-pinentry.c (start_pinentry): Fix for OS X to allow loading - of the bundle. Tested by Benjamin Donnachie. - -2007-02-14 Werner Koch - - * gpg-agent.c: New option --pinentry-touch-file. - (get_agent_socket_name): New. - * agent.h (opt): Add pinentry_touch_file. - * call-pinentry.c (start_pinentry): Send new option to the - pinentry. - -2007-01-31 Moritz Schulte (wk) - - * command-ssh.c (stream_read_string): Initialize LENGTH to zero. - (start_command_handler_ssh): Use es_fgetc/es_ungetc to check if - EOF has been reached before trying to process another request. - -2007-01-31 Werner Koch - - * command-ssh.c (start_command_handler_ssh): - - * Makefile.am (t_common_ldadd): Add LIBICONV. - -2007-01-25 Werner Koch - - * genkey.c (check_passphrase_constraints): Get ngettext call right - and use UTF-8 aware strlen. - - * protect-tool.c (get_passphrase): New arg OPT_CHECK. - (get_new_passphrase): Enable OPT_CHECK on the first call. - * command.c (cmd_get_passphrase): Implement option --check. - -2007-01-24 Werner Koch - - * gpg-agent.c (MIN_PASSPHRASE_LEN): New - (parse_rereadable_options): New option --min-passphrase-len. - * genkey.c (check_passphrase_constraints): New. - (agent_genkey, agent_protect_and_store): Call new function. Fix - memory leak. - - * call-pinentry.c (agent_askpin): Allow translation of the displayed - error message. - (agent_popup_message_start): Remove arg CANCEL_BTN. - (popup_message_thread): Use --one-button option. - - * command.c (cmd_passwd): Now that we don't distinguish between - assuan and regular error codes we can jump to the end on error. - -2006-12-07 David Shaw - - * Makefile.am: Link to iconv for jnlib dependency. - -2006-11-20 Werner Koch - - * call-pinentry.c (agent_popup_message_stop): Use SIGKILL. - * call-scd.c (inq_needpin): Implement POPUPKEYPADPROMPT and - DISMISSKEYPADPROMPT. - -2006-11-15 Werner Koch - - * protect.c (make_shadow_info): Cast printf arg to unsigned int. - * minip12.c (parse_bag_encrypted_data): Ditto. - (parse_bag_data, p12_parse): Ditto. - * command-ssh.c (ssh_identity_register): Changed buffer_n to - size_t. - - * agent.h (struct server_control_s): New field thread_startup. - * command.c (start_command_handler): Moved CTRL init code to .. - * gpg-agent.c (start_connection_thread): .. here. - (agent_deinit_default_ctrl): New. - (agent_init_default_ctrl): Made static. - (handle_connections): Allocate CTRL and pass it pth_spawn. - * command-ssh.c (start_command_handler_ssh): Moved CTRL init code - to .. - * gpg-agent.c (start_connection_thread_ssh): .. here. - -2006-11-14 Werner Koch - - * command.c (bump_key_eventcounter): New. - (bump_card_eventcounter): New. - (cmd_geteventcounter): New command. - * gpg-agent.c (handle_signal): Call bump_card_eventcounter. - * findkey.c (agent_write_private_key): Call bump_key_eventcounter. - * trustlist.c (agent_reload_trustlist): Ditto. - - * command.c (post_cmd_notify, io_monitor): New. - (register_commands, start_command_handler): Register them. - -2006-11-09 Werner Koch - - * gpg-agent.c (main): In detached mode connect standard - descriptors to /dev/null. - - * trustlist.c (read_trustfiles): Make sure not to pass a zero size - to realloc as the C standards says that this behaves like free. - -2006-11-06 Werner Koch - - * protect-tool.c (my_strusage): Fixed typo. - -2006-10-23 Werner Koch - - * gpg-agent.c (main): New command --gpgconf-test. - - * minip12.c (parse_bag_encrypted_data, parse_bag_data): Allow for - a salt of 20 bytes. - -2006-10-20 Werner Koch - - * Makefile.am (t_common_ldadd): Use GPG_ERROR_LIBS instead -o just -l - -2006-10-19 Werner Koch - - * findkey.c (unprotect): Use it to avoid unnecessary calls to - agent_askpin. - * call-pinentry.c (pinentry_active_p): New. - -2006-10-17 Werner Koch - - * Makefile.am (gpg_agent_LDADD): Link to libcommonpth. - (gpg_agent_CFLAGS): New. This allows to only link this with Pth. - -2006-10-16 Werner Koch - - * call-pinentry.c (agent_get_confirmation): Map Cancel code here too. - * trustlist.c (agent_marktrusted): Return Cancel instead of - Not_Confirmed for the first question. - -2006-10-12 Werner Koch - - * protect-tool.c (get_passphrase): Fix if !HAVE_LANGINFO_CODESET. - -2006-10-06 Werner Koch - - * Makefile.am (AM_CFLAGS): Use PTH version of libassuan. - (gpg_agent_LDADD): Ditto. - - * divert-scd.c (divert_pksign): Use PKAUTH for the TLS algo. - -2006-10-05 Werner Koch - - * command.c (has_option_name): New. - (cmd_sethash): New --hash option. - * pksign.c (do_encode_raw_pkcs1): New. - (agent_pksign_do): Use it here for the TLS algo. - * agent.h (GCRY_MD_USER_TLS_MD5SHA1): New. - * divert-scd.c (pksign): Add case for tls-md5sha1. - - * divert-scd.c (encode_md_for_card): Check that the algo is valid. - -2006-10-04 Werner Koch - - * call-pinentry.c (agent_get_passphrase): Changed to return the - unencoded passphrase. - (agent_askpin, agent_get_passphrase, agent_get_confirmation): Need - to map the cancel error. - * command.c (send_back_passphrase): New. - (cmd_get_passphrase): Use it here. Also implement --data option. - (skip_options): New. - -2006-09-26 Werner Koch - - * learncard.c (agent_handle_learn): Send back the keypair - information. - -2006-09-25 Werner Koch - - * trustlist.c (read_one_trustfile): Allow extra flags. - (struct trustitem_s): Replaced KEYFLAGS by a FLAGS struct. - Changed all code to use this. - (agent_istrusted): New arg CTRL. Changed all callers. Send back - flags. - * command.c (agent_write_status): New. - -2006-09-20 Werner Koch - - * Makefile.am: Changes to allow parallel make runs. - -2006-09-15 Werner Koch - - * trustlist.c: Entirely rewritten. - (agent_trustlist_housekeeping): Removed and removed all calls. - -2006-09-14 Werner Koch - - Replaced all call gpg_error_from_errno(errno) by - gpg_error_from_syserror(). - - * call-pinentry.c (start_pinentry): Replaced pipe_connect2 by - pipe_connect_ext. - * call-scd.c (start_scd): Ditto. - * command.c (start_command_handler): Replaced - init_connected_socket_server by init_socket_server_ext. - -2006-09-13 Werner Koch - - * preset-passphrase.c (main) [W32]: Check for WSAStartup error. - -2006-09-08 Werner Koch - - * call-scd.c: Add signal.h as we are referencing SIGUSR2. - -2006-09-06 Marcus Brinkmann - - * Makefile.am (AM_CFLAGS): Add $(GPG_ERR_CFLAGS). - (gpg_agent_LDADD): Replace -lgpg-error with $(GPG_ERROR_LIBS). - -2006-09-06 Werner Koch - - * query.c: Renamed to .. - * call-pinentry.c: .. this. - - * agent.h (out_of_core): Removed. - (CTRL): Removed and changed everywhere to ctrl_t. - - Replaced all Assuan error codes by libgpg-error codes. Removed - all map_to_assuan_status and map_assuan_err. - - * gpg-agent.c (main): Call assuan_set_assuan_err_source to have Assuan - switch to gpg-error codes. - * command.c (set_error): Adjusted. - -2006-09-04 Werner Koch - - * command.c (percent_plus_unescape): New. - (cmd_get_val, cmd_putval): New. - -2006-08-29 Werner Koch - - * command-ssh.c (stream_read_mpi): Sanity check for early - detecting of too large keys. - * gpg-agent.c (my_gcry_outofcore_handler): New. - (main): Register it. - (main): No allocate 32k secure memory (was 16k). - -2006-07-31 Werner Koch - - * preset-passphrase.c (make_hexstring): For consistency use - xtrymalloc and changed caller to use xfree. Fixed function - comment. - -2006-07-29 Marcus Brinkmann - - * preset-passphrase.c (preset_passphrase): Do not strip off last - character of passphrase. - (make_hexstring): New function. - * command.c (cmd_preset_passphrase): Use parse_hexstring to syntax - check passphrase argument. Truncate passphrase at delimiter. - -2006-07-24 Werner Koch - - * minip12.c (build_key_bag): New args SHA1HASH and - KEYIDSTR. Append bag Attributes if these args are given. - (build_cert_sequence): ditto. - (p12_build): Calculate certificate hash and pass to build - functions. - -2006-07-21 Werner Koch - - * minip12.c (oid_pkcs_12_keyBag): New. - (parse_bag_encrypted_data): New arg R_RESULT. Support keybags and - return the key object. - (p12_parse): Take new arg into account. Free RESULT on error. - -2006-06-26 Werner Koch - - * gpg-agent.c (handle_signal): Print info for SIGUSR2 only in - verbose mode. - -2006-06-22 Werner Koch - - * command-ssh.c (make_cstring): Use memcpy instead of strncpy. - (ssh_receive_mpint_list, sexp_key_extract, data_sign): Use - xtrycalloc instead of xtrymalloc followed by memset. - -2006-06-20 Werner Koch - - * minip12.c (create_final): New arg PW. Add code to calculate the - MAC. - -2006-06-09 Marcus Brinkmann - - * Makefile.am (gpg_agent_LDADD): Add $(NETLIBS). - (gpg_protect_tool_LDADD): Likewise. - (gpg_preset_passphrase_LDADD): Likewise. - -2006-04-09 Moritz Schulte - - * command-ssh.c (ssh_request_process): Removed FIXME mentioning a - possible DoS attack. - -2006-04-01 Moritz Schulte - - * command-ssh.c (ssh_identity_register): Make KEY_GRIP_RAW be 20 - instead of 21 bytes long; do not fill KEY_GRIP_RAW[20] with NUL - byte - KEY_GRIP_RAW is a raw binary string anyway. - -2006-02-09 Werner Koch - - * call-scd.c (struct scd_local_s): New field next_local. - (scd_local_list): New. - (start_scd): Put new local into list. - (agent_reset_scd): Remove it from the list. - (agent_scd_check_aliveness): Here is the actual reason why we need - all this stuff. - (agent_reset_scd): Send the new command RESTART instead of RESET. - -2005-12-16 Werner Koch - - * minip12.c (cram_octet_string): New - (p12_parse): Use it for NDEFed bags. - (parse_bag_data): Ditto. - (string_to_key, set_key_iv, crypt_block): New arg SALTLEN. - (p12_build): Use old value 8 for new arg. - (parse_bag_encrypted_data, parse_bag_data): Allow for salts of 8 - to 16 bytes. Add new arg R_CONSUMED. - -2005-11-24 Werner Koch - - * minip12.c (p12_parse): Fixed for case that the key object comes - prior to the certificate. - -2005-10-19 Werner Koch - - * divert-scd.c (getpin_cb): Hack to use it for a keypad message. - - * call-scd.c (inq_needpin): Reworked to support the new KEYPADINFO. - - * query.c (start_pinentry): Keep track of the owner. - (popup_message_thread, agent_popup_message_start) - (agent_popup_message_stop, agent_reset_query): New. - * command.c (start_command_handler): Make sure a popup window gets - closed. - -2005-10-08 Marcus Brinkmann - - * Makefile.am (gpg_protect_tool_LDADD): Add ../gl/libgnu.a. - (gpg_preset_passphrase_LDADD, t_common_ldadd): Likewise. - (gpg_agent_LDADD): Add ../gl/libgnu.a after ../common/libcommon.a. - -2005-09-16 Werner Koch - - * minip12.c (build_key_sequence, build_cert_sequence): Fixed - padding. - -2005-09-15 Moritz Schulte - - * t-protect.c (test_agent_protect): Implemented. - (main): Disable use of secure memory. - -2005-09-09 Werner Koch - - * minip12.c (p12_build): Oops, array needs to be larger for the - certificate. - (build_cert_bag): Fixed yesterdays change. - - * command-ssh.c (card_key_available): Let the card handler decide - whether the card is supported here. Also get a short serial - number to return from the card handler. - -2005-09-08 Werner Koch - - * minip12.c (build_cert_bag): Use a non constructed object. - i.e. 0x80 and not 0xa0. - -2005-08-16 Werner Koch - - * gpg-agent.c (main): Use a default file name for --write-env-file. - -2005-07-25 Werner Koch - - * findkey.c (agent_public_key_from_file): Fixed array assignment. - This was the cause for random segvs. - -2005-06-29 Werner Koch - - * command-ssh.c (data_sign): Removed empty statement. - -2005-06-21 Werner Koch - - * minip12.c (create_final): Cast size_t to ulong for printf. - (build_key_bag, build_cert_bag, build_cert_sequence): Ditto. - -2005-06-16 Werner Koch - - * protect-tool.c (make_advanced): Makde RESULT a plain char. - * call-scd.c (unescape_status_string): Need to cast unsigned char* - for strcpy. - (agent_card_pksign): Made arg R_BUF an unsigned char**. - * divert-scd.c (divert_pksign): Made SIGVAL unsigned char*. - (encode_md_for_card): Initialize R_VAL and R_LEN. - * genkey.c (store_key): Made BUF unsigned. - * protect.c (do_encryption): Ditto. - (do_encryption): Made arg PROTBEGIN unsigned. Initialize RESULT - and RESULTLEN even on error. - (merge_lists): Need to cast unsigned char * for strcpy. Initialize - RESULTand RESULTLEN even on error. - (agent_unprotect): Likewise for strtoul. - (make_shadow_info): Made P and INFO plain char. - (agent_shadow_key): Made P plain char. - -2005-06-15 Werner Koch - - * query.c (agent_get_passphrase): Made HEXSTRING a char*. - * command-ssh.c (ssh_key_grip): Made arg BUFFER unsigned. - (ssh_key_grip): Simplified. - (data_sign): Initialize variables with the definition. - (ssh_convert_key_to_blob): Make sure that BLOB and BLOB_SIZE - are set to NULL on error. Cool, gcc-4 detects uninitialized stuff - beyond function boundaries; well it can't know that we do error - proper error handling so that this was not a real error. - (file_to_buffer): Likewise for BUFFER and BUFFER_N. - (data_sign): Likewise for SIG and SIG_N. - (stream_read_byte): Set B to a value even on error. - * command.c (cmd_genkey): Changed VALUE to char. - (cmd_readkey): Cast arg for gcry_sexp_sprint. - * agent.h (struct server_control_s): Made KEYGRIP unsigned. - -2005-06-13 Werner Koch - - * command-ssh.c (start_command_handler_ssh): Reset the SCD. - -2005-06-09 Werner Koch - - * gpg-agent.c (create_socket_name): New option --max-cache-ttl-ssh. - * cache.c (housekeeping): Use it. - (agent_put_cache): Use a switch to get the default ttl so that it - is easier to add more cases. - -2005-06-06 Werner Koch - - * gpg-agent.c: New option --default-cache-ttl-ssh. - * agent.h (cache_mode_t): New. - * pksign.c (agent_pksign_do): New arg CACHE_MODE to replace the - ARG IGNORE_CACHE. Changed all callers. - (agent_pksign): Ditto. - * findkey.c (agent_key_from_file): Ditto. Canged all callers. - (unprotect): Ditto. - * command-ssh.c (data_sign): Use CACHE_MODE_SSH. - * cache.c (agent_get_cache): New arg CACHE_MODE. - (agent_put_cache): Ditto. Store it in the cache. - - * query.c (agent_query_dump_state, dump_mutex_state): New. - (unlock_pinentry): Reset the global context before releasing the - mutex. - * gpg-agent.c (handle_signal): Dump query.c info on SIGUSR1. - - * call-scd.c (agent_scd_check_aliveness): Always do a waitpid and - add a timeout to the locking. - -2005-06-03 Werner Koch - - * command.c (cmd_updatestartuptty): New. - - * gpg-agent.c: New option --write-env-file. - - * gpg-agent.c (handle_connections): Make sure that the signals we - are handling are not blocked.Block signals while creating new - threads. - -2005-06-02 Werner Koch - - * call-scd.c (agent_scd_dump_state, dump_mutex_state): New. - * gpg-agent.c (handle_signal): Print it on SIGUSR1. - (handle_connections): Include the file descriptor into the - threadnames. - -2005-06-01 Werner Koch - - * gpg-agent.c: Include setenv.h. - -2005-05-31 Werner Koch - - * agent.h (out_of_core): s/__inline__/inine. Noted by Ray Link. - -2005-05-25 Werner Koch - - * gpg-agent.c (main): Do not unset the DISPLAY when we are - continuing as child. - -2005-05-24 Werner Koch - - * call-scd.c (inq_needpin): Skip leading spaces in of PIN - description. - * divert-scd.c (getpin_cb): Enhanced to cope with description - flags. - * query.c (agent_askpin): Add arg PROMPT_TEXT. Changed all - callers. - -2005-05-21 Werner Koch - - * call-scd.c (start_scd): Don't test for an alive scdaemon here. - (agent_scd_check_aliveness): New. - * gpg-agent.c (handle_tick): Test for an alive scdaemon. - (handle_signal): Print thread info on SIGUSR1. - -2005-05-20 Werner Koch - - * protect-tool.c: New option --canonical. - (show_file): Implement it. - - * keyformat.txt: Define the created-at attribute for keys. - -2005-05-18 Werner Koch - - * divert-scd.c (ask_for_card): Removed the card reset kludge. - -2005-05-17 Werner Koch - - * call-scd.c (unlock_scd): Add new arg CTRL. Changed all callers. - (start_scd): Reoworked to allow for additional connections. - * agent.h (ctrl_t): Add local data for the SCdaemon. - * command.c (start_command_handler): Release SERVER_LOCAL. - - * gpg-agent.c (create_server_socket): Use xmalloc. - (main): Removed option --disable-pth a dummy. Removed non-pth - code path. - (cleanup_sh): Removed. Not needed anymore. - -2005-05-05 Moritz Schulte - - * command-ssh.c (ssh_key_to_buffer): Rename to ... - (ssh_key_to_protected_buffer): ... this; change callers. - Improved documentation. - Use ssh_key_grip(), where gcry_pk_get_keygrip() has been used - before. - (ssh_handler_sign_request): Removed unusued variable P. - -2005-04-20 Moritz Schulte - - * command-ssh.c (ssh_handler_request_identities): Removed - debugging code (sleep call), which was commited unintenionally. - -2005-04-20 Werner Koch - - * minip12.c (parse_bag_encrypted_data): Fix the unpadding hack. - - * gpg-agent.c: New option --disable-scdaemon. - (handle_connections): Add time event to drive ... - (handle_tick): New function. - (main): Record the parent PID. Fixed segv when using ssh and a - command. - - * call-scd.c (start_scd): Take care of this option. - -2005-04-03 Moritz Schulte - - * command-ssh.c (ssh_request_spec): New member: secret_input. - (REQUEST_SPEC_DEFINE): New argument: secret_input. - (request_specs): Add secret_input flag. - (request_spec_lookup): New function ... - (ssh_request_process): ... use it here; depending on secret_input - flag allocate secure or non-secure memory. - -2005-03-02 Moritz Schulte - - * command-ssh.c (sexp_key_extract): Removed FIXME, since - xtrymallos does set errno correctly by now. - (sexp_extract_identifier): Remove const attribute from identifier. - (ssh_handler_request_identities): Remove const attribute from - key_type; removes ugly casts and FIXME. - (sexp_key_extract): Remove const attribute from comment. - (ssh_send_key_public): Remove const attribute from - key_type/comment; removes ugly cast. - (data_sign): Remove const attribute from identifier; removes ugly - cast. - (key_secret_to_public): Remove const attribute from comment; - removes ugly cast. - (ssh_handler_sign_request): Remove const attribute from p. - (sexp_key_extract): Use make_cstring(). - (ssh_key_extract_comment): Likewise. - (ssh_key_to_buffer): Use secure memory for memory area to hold the - key S-Expression. - Added more comments. - -2005-02-25 Werner Koch - - * findkey.c (modify_description): Keep invalid % escapes, so that - %0A may pass through. - - * agent.h (server_control_s): New field USE_AUTH_CALL. - * call-scd.c (agent_card_pksign): Make use of it. - * command-ssh.c (data_sign): Set the flag. - (ssh_send_key_public): New arg OVERRIDE_COMMENT. - (card_key_available): Add new arg CARDSN. - (ssh_handler_request_identities): Use the card s/n as comment. - (sexp_key_extract): Use GCRYMPI_FMT_STD. - (data_sign): Ditto. - - * learncard.c (make_shadow_info): Moved to .. - * protect.c (make_shadow_info): .. here. Return NULL on malloc - failure. Made global. - * agent.h: Add prototype. - -2005-02-24 Werner Koch - - * call-scd.c (unescape_status_string): New. Actual a copy of - ../g10/call-agent.c - (card_getattr_cb, agent_card_getattr): New. - - * command-ssh.c (card_key_available): New. - (ssh_handler_request_identities): First see whether a card key is - available. - - * gpg-agent.c (handle_connections): Need to check for events if - select returns with -1. - -2005-02-23 Werner Koch - - * command-ssh.c (get_passphrase): Removed. - (ssh_identity_register): Partly rewritten. - (open_control_file, search_control_file, add_control_entry): New. - (ssh_handler_request_identities): Return only files listed in our - control file. - - * findkey.c (unprotect): Check for allocation error. - - * agent.h (opt): Add fields to record the startup terminal - settings. - * gpg-agent.c (main): Record them and do not force keep display - with --enable-ssh-support. - * command-ssh.c (start_command_handler_ssh): Use them here. - - * gpg-agent.c: Renamed option --ssh-support to - --enable-ssh-support. - - * command.c (cmd_readkey): New. - (register_commands): Register new command "READKEY". - - * command-ssh.c (ssh_request_process): Improved logging. - - * findkey.c (agent_write_private_key): Always use plain open. - Don't depend on an umask for permissions. - (agent_key_from_file): Factored file reading code out to .. - (read_key_file): .. new function. - (agent_public_key_from_file): New. - -2005-02-22 Werner Koch - - * command-ssh.c (stream_read_string): Removed call to abort on - memory error because the CVS version of libgcrypt makes sure - that ERRNO gets always set on error even with a faulty user - supplied function. - -2005-02-19 Moritz Schulte - - * command-ssh.c (ssh_receive_mpint_list): Slightly rewritten, do - not use elems_secret member of key_spec. - (ssh_key_type_spec): Removed member: elems_secret. - (ssh_key_types): Removed elems_secret data. - (ssh_sexp_construct): Renamed to ... - (sexp_key_construct): ... this; changed callers. - (ssh_sexp_extract): Renamed to ... - (sexp_key_extract): ... this; changed callers. - (ssh_sexp_extract_key_type): Renamed to ... - (sexp_extract_identifier): ... this; changed callers; use - make_cstring(). - Added more comments. - -2005-02-18 Moritz Schulte - - * command-ssh.c (ssh_sexp_construct): Rewritten generation of sexp - template, clarified. - (ssh_sexp_extract): Support shadowed-private-key-sexp; treat - protected-private key and shadowed-private-key as public keys. - (key_secret_to_public): Rewritten: simply use ssh_sexp_extract() - and ssh_sexp_construct(). - -2005-02-15 Werner Koch - - * findkey.c (modify_description): Don't increment OUT_LEN during - the second pass. - -2005-02-14 Moritz Schulte - - * command-ssh.c (es_read_byte): Renamed to ... - (stream_es_read_byte): ... this; changed callers. - (es_write_byte): Renamed to ... - (stream_write_byte): ... this; changed callers. - (es_read_uint32): Renamed to ... - (stream_read_uint32): ... this; changed callers. - (es_write_uint32): Renamed to ... - (stream_write_uint32): ... this; changed callers. - (es_read_data): Renamed to ... - (stream_read_data): ... this; changed callers. - (es_write_data): Renamed to ... - (stream_write_data): ... this; changed callers. - (es_read_string): Renamed to ... - (stream_read_string): ... this; changed callers. - (es_read_cstring): Renamed to ... - (stream_read_cstring): ... this; changed callers. - (es_write_string): Renamed to ... - (stream_write_string): ... this; changed callers. - (es_write_cstring): Renamed to ... - (stream_write_cstring): ... this; changed callers. - (es_read_mpi): Renamed to ... - (stream_read_mpi): ... this; changed callers. - (es_write_mpi): Renamed to ... - (stream_write_mpi): ... this; changed callers. - (es_copy): Renamed to ... - (stream_copy): ... this; changed callers. - (es_read_file): Renamed to ... - (file_to_buffer): ... this; changed callers. - (ssh_identity_register): Removed variable description_length; - changed code to use asprintf for description. - (stream_write_uint32): Do not filter out the last byte of shift - expression. - (uint32_construct): New macro ... - (stream_read_uint32): ... use it; removed unnecessary cast. - -2005-02-03 Werner Koch - - * agent.h (agent_exit): Add JNLIB_GCC_A_NR to indicate that this - function won't return. - - * gpg-agent.c (check_for_running_agent): Initialize pid to a - default value if not needed. - - * command-ssh.c: Removed stdint.h. s/byte_t/unsigned char/, - s/uint32/u32/ becuase that is what we have always used in GnuPG. - (ssh_request_specs): Moved to top of file. - (ssh_key_types): Ditto. - (make_cstring): Ditto. - (data_sign): Don't use a variable for the passphrase prompt, make - it translatable. - (ssh_request_process): - - - * findkey.c (modify_description): Renamed arguments for clarity, - polished documentation. Make comment a C-string. Fixed case of - DESCRIPTION being just "%". - (agent_key_from_file): Make sure comment string to a C-string. - - * gpg-agent.c (create_socket_name): Cleanup the implemntation, use - DIMof, agent_exit, removed superflous args and return the - allocated string as value. Documented. Changed callers. - (create_server_socket): Cleanups similar to above. Changed callers. - (cleanup_do): Renamed to .. - (remove_socket): .. this. Changed caller. - (handle_connections): The signals are to be handled in the select - and not in the accept. Test all FDs after returning from a - select. Remove the event tests from the accept calls. The select - already assured that the accept won't block. - -2005-01-29 Moritz Schulte - - * command-ssh.c (ssh_handler_request_identities) - (ssh_handler_sign_request, ssh_handler_add_identity) - (ssh_handler_remove_identity, ssh_handler_remove_all_identities) - (ssh_handler_lock, ssh_handler_unlock): Changed to return an error - code instead of a boolean. - (ssh_request_process): Changed to return a boolean instead of an - error; adjust caller. - (ssh_request_handle_t): Adjusted type. - (ssh_request_spec): New member: identifier. - (REQUEST_SPEC_DEFINE): New macro; use it for initialization of - request_specs[]. - (ssh_request_process): In debugging mode, log identifier of - handler to execute. - (start_command_handler_ssh): Moved most of the stream handling - code ... - (ssh_request_process): ... here. - -2005-01-28 Moritz Schulte - - * command-ssh.c (ssh_handler_add_identity): Pass ctrl to - ssh_identity_register(). - (ssh_identity_register): New argument: ctrl; pass ctrl to - get_passphrase(). - (get_passphrase): Pass ctrl instead of NULL to agent_askpin(). - (start_command_handler_ssh): Use agent_init_default_ctrl(); - deallocate structure members, which might be dynamically - allocated. - (lifetime_default): Removed variable. - (ssh_handler_add_identity): Fix ttl handling; renamed variable - `death' to `ttl'. - (ssh_identity_register): Fix key grip handling. - -2005-01-26 Moritz Schulte - - * command-ssh.c (ssh_handler_sign_request): Confirm to agent - protocol in case of failure. - - * command-ssh.c: New file. - - * Makefile.am (gpg_agent_SOURCES): New source file: command-ssh.c. - - * findkey.c (modify_description): New function. - (agent_key_from_file): Support comment field in key s-expressions. - - * gpg-agent.c (enum cmd_and_opt_values): New item: oSSHSupport. - (opts) New entry for oSSHSupport. - New variable: socket_name_ssh. - (cleanup_do): New function based on cleanup(). - (cleanup): Use cleanup_do() for socket_name and socket_name_ssh. - (main): New switch case for oSSHSupport. - (main): Move socket name creation code to ... - (create_socket_name): ... this new function. - (main): Use create_socket_name() for creating socket names for - socket_name and for socket_name_ssh in case ssh support is - enabled. - Move socket creation code to ... - (create_server_socket): ... this new function. - (main): Use create_server_socket() for creating sockets. - In case standard_socket is set, do not only store a socket name in - socket_name, but also in socket_name_ssh. - Generate additional environment info strings for ssh support. - Pass additional ssh socket argument to handle_connections. - (start_connection_thread_ssh): New function. - (handle_connections): Use select to multiplex between gpg-agent - and ssh-agent protocol. - - * agent.h (struct opt): New member: ssh_support. - (start_command_handler_ssh): Add prototype. - -2005-01-04 Werner Koch - - * trustlist.c (agent_marktrusted): Use "Cancel" for the first - confirmation and made the strings translatable. - - * cache.c (agent_put_cache): Fix the test for using the default - TTL. - -2004-12-21 Werner Koch - - * preset-passphrase.c (preset_passphrase): Handle --passphrase. - - * Makefile.am (gpg_preset_passphrase_LDADD): Reorder libs so that - pwquery may use stuff from jnlib. Conditionally add -lwsock2 - (gpg_protect_tool_LDADD): Ditto. - - * preset-passphrase.c (main): Use default_homedir(). - (main) [W32]: Initialize sockets. - -2004-12-21 Marcus Brinkmann - - * Makefile.am (libexec_PROGRAMS): Add gpg-preset-passphrase. - (gpg_preset_passphrase_SOURCES, gpg_preset_passphrase_LDADD): New - targets. - * agent.h (opt): New member allow_cache_passphrase. - * cache.c (housekeeping): Check if R->ttl is not negative. - (agent_put_cache): Allow ttl to be negative. - * command.c (parse_hexstring): Allow something to follow the - hexstring. - (cmd_cache_passphrase): New function. - (register_commands): Add it. - * gpg-agent.c: Handle --allow-preset-passphrase. - * preset-passphrase.c: New file. - -2004-12-21 Werner Koch - - * gpg-agent.c (main): Use default_homedir(). - * protect-tool.c (main): Ditto. - -2004-12-20 Werner Koch - - * gpg-agent.c (main) [W32]: Now that Mutexes work we can remove - the pth_init kludge. - (main): Add new options --[no-]use-standard-socket. - (check_for_running_agent): Check whether it is running on the - standard socket. - - * call-scd.c (init_membuf, put_membuf, get_membuf): Removed. We - now use the identical implementation from ../common/membuf.c. - - * pksign.c (agent_pksign): Changed arg OUTFP to OUTBUF and use - membuf functions to return the value. - * pkdecrypt.c (agent_pkdecrypt): Ditto. - * genkey.c (agent_genkey): Ditto. - * command.c (cmd_pksign, cmd_pkdecrypt, cmd_genkey): Replaced - assuan_get_data_fp() by a the membuf scheme. - (clear_outbuf, write_and_clear_outbuf): New. - -2004-12-19 Werner Koch - - * query.c (initialize_module_query): New. - * call-scd.c (initialize_module_call_scd): New. - * gpg-agent.c (main): Call them. - -2004-12-18 Werner Koch - - * gpg-agent.c (main): Remove special Pth initialize. - - * agent.h (map_assuan_err): Define in terms of - map_assuan_err_with_source. - -2004-12-17 Moritz Schulte - - * query.c: Undo change from 2004-12-05. - -2004-12-15 Werner Koch - - * gpg-agent.c [W32]: Various hacks to make it work. - - * findkey.c (agent_write_private_key) [W32]: Adjust open call. - - * call-scd.c (start_scd) [W32]: Don't check whether the daemon - didn't died. To hard to do under Windows. - (start_scd) [W32]: Disable sending of the event signal option. - - * protect-tool.c (read_file, export_p12_file) [W32]: Use setmode - to get stdout and stin into binary mode. - -2004-12-05 Moritz Schulte - - * query.c (start_pinentry): Allow CTRL be NULL. - -2004-10-22 Werner Koch - - * gpg-agent.c (parse_rereadable_options): Return "not handled" - when the log file has not beend hadled. This is will let the main - option processing continue. Fixed a bug introduced on 2004-09-4 - resulting in logging to stderr until a HUP has been given. - (main): Don't close the listen FD. - -2004-09-30 Werner Koch - - * Makefile.am: Adjusted from gettext 1.14. - -2004-09-29 Werner Koch - - * minip12.c (parse_bag_encrypted_data): Print error if a bad - passphrase has been given. - -2004-09-28 Werner Koch - - * protect.c (agent_unprotect): Fixed wiping of CLEARTEXT. Thanks - to Moritz for pointing this out. - -2004-09-25 Moritz Schulte - - * agent.h: Declare: agent_pksign_do. - (struct server_control_s): New member: raw_value. - - * pksign.c (do_encode_md): New argument: raw_value; support - generation of raw (non-pkcs1) data objects; adjust callers. - (agent_pksign_do): New function, based on code ripped - out from agent_pksign. - (agent_pksign): Use agent_pksign_do. - - * command.c (start_command_handler): Set ctrl.digest.raw_value. - -2004-09-09 Werner Koch - - * gpg-agent.c (check_for_running_agent): New. - (main): The default action is now to check for an already running - agent. - (parse_rereadable_options): Set logfile only on reread. - (main): Do not print the "is development version" note. - -2004-08-20 Werner Koch - - * gpg-agent.c: New option --max-cache-ttl. Suggested by Alexander - Belopolsky. - * cache.c (housekeeping): Use it here instead of the hardwired - default of 1 hour. - - * query.c (start_pinentry): Use a timeout for the pinentry lock. - -2004-08-18 Werner Koch - - * protect-tool.c (get_passphrase): Make sure that the default - prompts passed to gpg-agent are utf-8 encoded. Add new prompt values. - (import_p12_file, import_p12_file, export_p12_file): Changed calls - to get_passphrase so that better prompts are displayed. - (get_new_passphrase): New. - -2004-07-22 Werner Koch - - * trustlist.c (read_list): Allow colons in the fingerprint. - (headerblurb): Rephrased. - - * gpg-agent.c (handle_connections): Increase the stack size ot 256k. - -2004-06-20 Moritz Schulte - - * gpg-agent.c: Include (build fix for BSD). - -2004-05-11 Werner Koch - - * gpg-agent.c (handle_signal): Reload the trustlist on SIGHUP. - (start_connection_thread): Hack to simulate a ticker. - * trustlist.c (agent_trustlist_housekeeping) - (agent_reload_trustlist): New. Protected all global functions - here with a simple counter which is sufficient for Pth. - -2004-05-03 Werner Koch - - * gpg-agent.c: Remove help texts for options lile --lc-ctype. - (main): New option --allow-mark-trusted. - * trustlist.c (agent_marktrusted): Use it here. - -2004-04-30 Werner Koch - - * protect-tool.c: New option --enable-status-msg. - (store_private_key): Print status messages for imported keys. - (read_and_unprotect): Ditto for bad passphrase. - - * gpg-agent.c (parse_rereadable_options): New arg REREAD. Allow - changing oLogFile. - (current_logfile): New. - -2004-04-26 Werner Koch - - * call-scd.c (start_scd): Do not register an event signal if we - are running as a pipe server. - -2004-04-21 Werner Koch - - * call-scd.c (start_scd): Send event-signal option. Always check - that the scdaemon is still running. - - * gpg-agent.c (handle_signal): Do not use SIGUSR{1,2} anymore for - changing the verbosity. - -2004-04-16 Werner Koch - - * gpg-agent.c (main): Tell the logging code that we are running - detached. - -2004-04-06 Werner Koch - - * gpg-agent.c (main): Use new libgcrypt thread library register - scheme. - -2004-03-23 Marcus Brinkmann - - * gpg-agent.c (main): For now, always print the default config - file name for --gpgconf-list. - -2004-03-17 Werner Koch - - * gpg-agent.c (main) : Fixed default value quoting. - -2004-03-16 Werner Koch - - * gpg-agent.c (parse_rereadable_options): Use the new - DEFAULT_CACHE_TTL macro. - (main): Updated --gpgconf-list output. - -2004-02-21 Werner Koch - - * command.c (cmd_passwd): Take acount of a key description. - - * genkey.c (reenter_compare_cb): Do not set the error text. - (agent_protect_and_store, agent_genkey): Force a re-enter after a - non-matching passphrase. - * query.c (agent_askpin): Add new arg INITIAL_ERRTEXT; changed - all callers. - -2004-02-19 Werner Koch - - * protect-tool.c: New options --have-cert and --prompt. - (export_p12_file): Read a certificate from STDIN and pass it to - p12_build. Detect a keygrip and construct the filename in that - case. Unprotcet a key if needed. Print error messages for key - formats we can't handle. - (release_passphrase): New. - (get_passphrase): New arg PROMPTNO. Return the allocated - string. Changed all callers. - - * minip12.c: Revamped the build part. - (p12_build): New args CERT and CERTLEN. - -2004-02-18 Werner Koch - - * protect-tool.c (main): Setup the used character set. - * gpg-agent.c (main): Ditto. - - * gpg-agent.c (set_debug): New. New option --debug-level. - (main): New option --gpgconf-list. - -2004-02-17 Werner Koch - - * pksign.c (do_encode_md): Cleaned up by using gcry_sexp_build. - - * Makefile.am (gpg_protect_tool_SOURCES): Removed - simple-pwquery.[ch], as we once moved it to ../common. - -2004-02-13 Werner Koch - - * command.c (cmd_setkeydesc): New. - (register_commands): Add command SETKEYDESC. - (cmd_pksign, cmd_pkdecrypt): Use the key description. - (reset_notify): Reset the description. - * findkey.c (unprotect): Add arg DESC_TEXT. - (agent_key_from_file): Ditto. - * pksign.c (agent_pksign): Ditto. - * pkdecrypt.c (agent_pkdecrypt): Ditto. Made CIPHERTEXT an - unsigned char*. - - * protect-tool.c (main): New options --no-fail-on-exist, --homedir. - (store_private_key): Use them here. - -2004-02-12 Werner Koch - - * protect-tool.c (read_file, main): Allow reading from stdin. - - * Makefile.am: Include cmacros.am for common flags. - (libexec_PROGRAMS): Put gpg-protect-tool there. - -2004-02-10 Werner Koch - - * minip12.c (parse_bag_encrypted_data): Finished implementation. - (p12_parse): Add callback args. - * protect-tool.c (import_p12_cert_cb): New. - (import_p12_file): Use it. - -2004-02-06 Werner Koch - - * minip12.c (crypt_block): Add arg CIPHER_ALGO; changed all callers. - (set_key_iv): Add arg KEYBYTES; changed caller. - -2004-02-03 Werner Koch - - * findkey.c (agent_key_from_file): Extra paranoid wipe. - * protect.c (agent_unprotect): Ditto. - (merge_lists): Ditto. Add arg RESULTLEN. - * pkdecrypt.c (agent_pkdecrypt): Don't show the secret key even in - debug mode. - - * protect.c: Add DSA and Elgamal description. - -2004-01-29 Werner Koch - - * agent.h (server_control_s): Add connection_fd field. - * command.c (start_command_handler): Init it here. - * gpg-agent.c (agent_init_default_ctrl): and here. - * call-scd.c: Add the CTRL arg to all functions calling start_scd - and pass it to start_scd. Changed all callers - (start_scd): Keep track of the current active connection. - (agent_reset_scd): New. - * command.c (start_command_handler): Call it here. - * learncard.c (agent_handle_learn): Add arg CTRL; changed caller. - (send_cert_back): Ditto. - -2004-01-28 Werner Koch - - * trustlist.c (agent_marktrusted): Check whether the trustlist is - writable. - -2004-01-27 Werner Koch - - * sexp-parse.h: Moved to ../common. - -2004-01-24 Werner Koch - - * call-scd.c (atfork_cb): New. - (start_scd): Make sure secmem gets cleared. - * query.c (atfork_cb): New. - (start_pinentry): Make sure secmem gets cleared. - -2004-01-16 Werner Koch - - * findkey.c (agent_key_from_file): Now return an error code so - that we have more detailed error messages in the upper layers. - This fixes the handling of pinentry's cancel button. - * pksign.c (agent_pksign): Changed accordingly. - * pkdecrypt.c (agent_pkdecrypt): Ditto. - * command.c (cmd_passwd): Ditto. - -2003-12-16 Werner Koch - - * gpg-agent.c (main): Set the prefixes for assuan logging. - -2003-12-15 Werner Koch - - * protect.c (do_encryption): Use gcry_create_nonce instad of the - obsolete WEAK_RANDOM. - -2003-11-20 Werner Koch - - * sexp-parse.h (snext): Don't use atoi_1 and digitp macros, so - that this file is useful by other applications too. - -2003-10-27 Werner Koch - - * command.c (cmd_get_confirmation): New command. - -2003-08-20 Timo Schulz - - * pksign.c (do_encode_md): Allocate enough space. Cast md - byte to unsigned char to prevent sign extension. - -2003-08-14 Timo Schulz - - * pksign.c (do_encode_md): Due to the fact pkcs#1 padding - is now in Libgcrypt, use the new interface. - -2003-07-31 Werner Koch - - * Makefile.am (gpg_agent_LDADD): Added INTLLIBS. - (gpg_protect_tool_SOURCES): Added simple-pwquery.[ch] - -2003-07-27 Werner Koch - - Adjusted for gcry_mpi_print and gcry_mpi_scan API change. - -2003-07-15 Werner Koch - - * simple-pwquery.c, simple-pwquery.h: Moved to ../common. - * Makefile.am (gpg_protect_tool_LDADD): Add simple-pwquery.o. - Removed it from xx_SOURCES. - -2003-07-04 Werner Koch - - * gpg-agent.c (handle_connections): Kludge to allow use of Pth 1 - and 2. - -2003-06-30 Werner Koch - - * call-scd.c (learn_status_cb): Store the serialno in PARM. - -2003-06-26 Werner Koch - - * call-scd.c (agent_card_serialno): Don't do a RESET anymore. - -2003-06-25 Werner Koch - - * command.c (cmd_scd): New. - * call-scd.c (agent_card_scd): New. - * divert-scd.c (divert_generic_cmd): New - - * call-scd.c (agent_card_learn): New callback args SINFO. - (learn_status_cb): Pass all other status lines to the sinfo - callback. - * learncard.c (release_sinfo, sinfo_cb): New. - (agent_handle_learn): Pass the new cb to the learn function and - pass the collected information back to the client's assuan - connection. - - * gpg-agent.c (main): Moved pth_init before gcry_check_version. - -2003-06-24 Werner Koch - - * gpg-agent.c (handle_connections): Adjusted for Pth 2.0 - - Adjusted for changes in the libgcrypt API. Some more fixes for the - libgpg-error stuff. - -2003-06-04 Werner Koch - - Renamed error codes from INVALID to INV and removed _ERROR suffixes. - -2003-06-03 Werner Koch - - Changed all error codes in all files to the new libgpg-error scheme. - - * agent.h: Include gpg-error.h and errno.h - * Makefile.am: Link with libgpg-error - - * query.c: assuan.h is now a system header. - * genkey.c (agent_genkey): Fixed silly use of xmalloc by - xtrymalloc. - -2003-04-29 Werner Koch - - * command.c (register_commands): Adjusted for new Assuan semantics. - - * Makefile.am: Don't override LDFLAGS. - -2002-12-04 Werner Koch - - * gpg-agent.c: New variable config_filename. - (parse_rereadable_options): New. - (main): Use it here. Add setting of default values, set - config_filename. - (reread_configuration): Filled with actual code. - -2002-12-03 Werner Koch - - * protect-tool.c (read_key): Don't run make_canonical on a NULL - buffer. - - * command.c (parse_hexstring): New. - (cmd_sethash): Use it. - (parse_keygrip): New. - (cmd_havekey, cmd_sigkey): Use it. - (cmd_passwd): New. - * genkey.c (agent_protect_and_store): New. - (store_key): Add arg FORCE. - (agent_genkey): Pass false to this force of store_key. - -2002-11-13 Werner Koch - - * gpg-agent.c (main): Switch all messages to utf-8. - - * simple-pwquery.c (agent_send_all_options): Use $GPG_TTY and - stdin with ttyname. - - * cache.c (new_data): Uiih - /sizeof d/sizeof *d/. - -2002-11-10 Werner Koch - - * command.c (option_handler): Fix keep_tty check. - -2002-11-06 Werner Koch - - * gpg-agent.c (main): Make sure we have a default ttyname. - * command.c (option_handler): Check opt.keep_tty here - * query.c (start_pinentry): but not anymore here. - -2002-11-05 Werner Koch - - * agent.h (opt,server_control_s): Move display and lc_ variables - to the control struct so that they are per connection. - * gpg-agent.c (agent_init_default_ctrl): New. - (main): Assign those command line options to new default_* variables. - Reset DISPLAY in server mode so that tehre is no implicit default. - * command.c (start_command_handler): Initialize and deinitialize - the control values. - (option_handler): Work on the ctrl values and not on the opt. - * query.c (start_pinentry): New argument CTRL to set the display - connection specific. Changed all callers to pass this value. - (agent_askpin,agent_get_passphrase,agent_get_confirmation): Add - CTRL arg and pass it ot start_pinentry. - * command.c (cmd_get_passphrase): Pass CTRL argument. - * trustlist.c (agent_marktrusted): Add CTRL argument - * command.c (cmd_marktrusted): Pass CTRL argument - * divert-scd.c (ask_for_card): Add CTRL arg. - (divert_pksign,divert_pkdecrypt): Ditto. Changed caller. - (getpin_cb): Use OPAQUE to pass the CTRL variable. Changed both - users. - * findkey.c (unprotect): Add CTRL arg. - (agent_key_from_file): Ditto. - - * query.c (unlock_pinentry): Disconnect the pinentry so that we - start a new one for each request. This is required to support - clients with different environments (e.g. X magic cookies). - -2002-09-05 Neal H. Walfield - - * gpg-agent.c (main) [USE_GNU_PTH]: No need to call - assuan_set_io_func as assuan is smart. - -2002-09-25 Werner Koch - - * gpg-agent.c (handle_signal): Flush cache on SIGHUP. - * cache.c (agent_flush_cache): New. - - * gpg-agent.c, agent.h: Add --keep-display and --keep-tty. - * query.c (start_pinentry): Implement them. The option passing - needs more thoughts. - -2002-09-09 Werner Koch - - * gpg-agent.c (create_private_keys_directory) - (create_directories): New. - (main): Try to create a home directory. - -2002-09-04 Neal H. Walfield - - * gpg-agent.c (main): Use sigaction, not signal. - -2002-09-03 Neal H. Walfield - - * findkey.c: Include . - (agent_write_private_key): Prefer POSIX compatibity, open and - fdopen, over the simplicity of GNU extensions, fopen(file, "x"). - -2002-08-22 Werner Koch - - * query.c (agent_askpin): Provide the default desc text depending - on the pininfo. Do the basic PIN verification only when - min_digits is set. - -2002-08-21 Werner Koch - - * query.c (agent_askpin): Hack to show the right default prompt. - (agent_get_passphrase): Ditto. - - * trans.c: Removed and replaced all usages with standard _() - - * divert-scd.c (getpin_cb): Pass a more descritive text to the - pinentry. - - * Makefile.am: Renamed the binary protect-tool to gpg-protect-tool. - * protect-tool.c: Removed the note about internal use only. - - * gpg-agent.c (main): New option --daemon so that the program is - not accidently started in the background. - -2002-08-16 Werner Koch - - * call-scd.c (learn_status_cb): Handle CERTINFO status. - (agent_card_learn): Add args for certinfo cb. - * learncard.c (release_certinfo,certinfo_cb): New. - (send_cert_back): New. With factored out code from .. - (agent_handle_learn): here. Return certinfo stuff. - -2002-07-26 Werner Koch - - * gpg-agent.c (main): New option --ignore-cache-for-signing. - * command.c (option_handler): New server option - use-cache-for-signing defaulting to true. - (cmd_pksign): handle global and per session option. - * findkey.c (agent_key_from_file, unprotect): New arg - ignore_cache. Changed all callers. - * pksign.c (agent_pksign): Likewise. - -2002-06-29 Werner Koch - - * query.c (start_pinentry): Use GNUPG_DERAULT_PINENTRY. - * call-scd.c (start_scd): Use GNUPG_DEFAULT_SCDAEMON. - -2002-06-28 Werner Koch - - * protect-tool.c (export_p12_file): New. - (main): New command --p12-export. - * minip12.c (create_final,p12_build,compute_tag_length): New. - (store_tag_length): New. - -2002-06-27 Werner Koch - - * minip12.c (crypt_block): Renamed from decrypt_block, add arg to - allow encryption. - - * Makefile.am (pkglib_PROGRAMS): Put protect-tool there. - - * findkey.c (agent_write_private_key,agent_key_from_file) - (agent_key_available): Use GNUPG_PRIVATE_KEYS_DIR constant. - * gpg-agent.c (main): Use GNUPG_DEFAULT_HOMEDIR constant. - - * protect-tool.c (store_private_key): New. - (import_p12_file): Store the new file if requested. - (main): New options --force and --store. - - * gpg-agent.c (main): Set a global flag when running detached. - * query.c (start_pinentry): Pass the list of FD to keep in the - child when not running detached. - * call-scd.c (start_scd): Ditto. - -2002-06-26 Werner Koch - - * command.c (cmd_istrusted, cmd_listtrusted, cmd_marktrusted) - (cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_get_passphrase) - (cmd_learn): Print an error message for a failed operation. - - * simple-pwquery.c, simple-pwquery.h: New. - * protect-tool. (get_passphrase): New, used to get a passphrase - from the agent if none was given on the command line. - -2002-06-25 Werner Koch - - * protect-tool.c (rsa_key_check): New. - (import_p12_file): New. - (main): New command --p12-import. - * minip12.c, minip12.h: New. - -2002-06-24 Werner Koch - - * protect-tool.c (read_file): New. - (read_key): Factored most code out to read_file. - -2002-06-17 Werner Koch - - * agent.h: Add a callback function to the pin_entry_info structure. - * query.c (agent_askpin): Use the callback to check for a correct - PIN. Removed the start_err_text argument because it is not - anymore needed; changed callers. - * findkey.c (unprotect): Replace our own check loop by a callback. - (try_unprotect_cb): New. - * genkey.c (reenter_compare_cb): New. - (agent_genkey): Use this callback here. Fixed setting of the pi2 - variable and a segv in case of an empty PIN. - - * divert-scd.c (getpin_cb): Removed some unused stuff and - explained what we still have to change. - -2002-06-12 Werner Koch - - * gpg-agent.c (main): New option --disable-pth. - -2002-06-11 Werner Koch - - * protect-tool.c: Add command --show-keygrip - (show_keygrip): New. - -2002-05-23 Werner Koch - - * call-scd.c: Seirialized all scdaeom access when using Pth. - - * cache.c: Made the cache Pth-thread-safe. - (agent_unlock_cache_entry): New. - * findkey.c (unprotect): Unlock the returned cache value. - * command.c (cmd_get_passphrase): Ditto. - - * gpg-agent.c (main): Register pth_read/write with Assuan. - -2002-05-22 Werner Koch - - * query.c: Serialized all pinentry access when using Pth. - - * gpg-agent.c (handle_signal,start_connection_thread) - (handle_connections): New - (main): Use the new Pth stuff to allow concurrent connections. - * command.c (start_command_handler): Add new arg FD so that the - fucntion can also be used for an already connected socket. - * Makefile.am: Link with Pth. - -2002-05-14 Werner Koch - - * cache.c (housekeeping, agent_put_cache): Use our time() wrapper. - -2002-04-26 Werner Koch - - * cache.c (agent_put_cache): Reinitialize the creation time and - the ttl when reusing a slot. - - * call-scd.c (start_scd): Print debug messages only with debug - flags set. - * query.c (start_pinentry): Ditto. - -2002-04-25 Marcus Brinkmann - - * agent.h (agent_get_confirmation): Replace paramter prompt with - two parameters ok and cancel. - * query.c (agent_get_confirmation): Likewise. Implement this. - * trustlist.c (agent_marktrusted): Fix invocation of - agent_get_confirmation. - * divert-scd.c (ask_for_card): Likewise. - -2002-04-24 Marcus Brinkmann - - * agent.h (struct opt): Add members display, ttyname, ttytype, - lc_ctype, and lc_messages. - * gpg-agent.c (enum cmd_and_opt_values): Add oDisplay, oTTYname, - oTTYtype, oLCctype, and LCmessages. - (main): Handle these options. - * command.c (option_handler): New function. - (register_commands): Register option handler. - * query.c (start_pinentry): Pass the various display and tty - options to the pinentry. - -2002-04-05 Werner Koch - - * protect-tool.c (show_file): New. Used as default action. - -2002-03-28 Werner Koch - - * divert-scd.c (encode_md_for_card): Don't do the pkcs-1 padding, - the scdaemon should take care of it. - (ask_for_card): Hack to not display the trailing zero. - -2002-03-11 Werner Koch - - * learncard.c (kpinfo_cb): Remove the content restrictions from - the keyID. - -2002-03-06 Werner Koch - - * learncard.c: New. - * divert-scd.c (ask_for_card): The serial number is binary so - convert it to hex here. - * findkey.c (agent_write_private_key): New. - * genkey.c (store_key): And use it here. - - * pkdecrypt.c (agent_pkdecrypt): Changed the way the diversion is done. - * divert-scd.c (divert_pkdecrypt): Changed interface and - implemented it. - -2002-03-05 Werner Koch - - * call-scd.c (inq_needpin): New. - (agent_card_pksign): Add getpin_cb args. - (agent_card_pkdecrypt): New. - -2002-03-04 Werner Koch - - * pksign.c (agent_pksign): Changed how the diversion is done. - * divert-scd.c (divert_pksign): Changed interface and implemented it. - (encode_md_for_card): New. - * call-scd.c (agent_card_pksign): New. - -2002-02-28 Werner Koch - - * pksign.c (agent_pksign): Detect whether a Smartcard is to be - used and divert the operation in this case. - * pkdecrypt.c (agent_pkdecrypt): Likewise - * findkey.c (agent_key_from_file): Add optional arg shadow_info - and have it return information about a shadowed key. - * protect.c (agent_get_shadow_info): New. - - * protect.c (snext,sskip,smatch): Moved to - * sexp-parse.h: New file. - * divert-scd.c: New. - -2002-02-27 Werner Koch - - * protect.c (agent_shadow_key): New. - - * command.c (cmd_learn): New command LEARN. - * gpg-agent.c: New option --scdaemon-program. - * call-scd.c (start_scd): New. Based on query.c - * query.c: Add 2 more arguments to all uses of assuan_transact. - -2002-02-18 Werner Koch - - * findkey.c (unprotect): Show an error message for a bad passphrase. - - * command.c (cmd_marktrusted): Implemented. - * trustlist.c (agent_marktrusted): New. - (open_list): Add APPEND arg. - - * query.c (agent_get_confirmation): New. - -2002-02-06 Werner Koch - - * cache.c (housekeeping): Fixed linking in the remove case. - -2002-02-01 Werner Koch - - * gpg-agent.c: New option --default-cache-ttl. - * cache.c (agent_put_cache): Use it. - - * cache.c: Add a few debug outputs. - - * protect.c (agent_private_key_type): New. - * agent.h: Add PRIVATE_KEY_ enums. - * findkey.c (agent_key_from_file): Use it to decide whether we - have to unprotect a key. - (unprotect): Cache the passphrase. - - * findkey.c (agent_key_from_file,agent_key_available): The key - files do now require a ".key" suffix to make a script's life - easier. - * genkey.c (store_key): Ditto. - -2002-01-31 Werner Koch - - * genkey.c (store_key): Protect the key. - (agent_genkey): Ask for the passphrase. - * findkey.c (unprotect): Actually unprotect the key. - * query.c (agent_askpin): Add an optional start_err_text. - -2002-01-30 Werner Koch - - * protect.c: New. - (hash_passphrase): Based on the GnuPG 1.0.6 version. - * protect-tool.c: New - -2002-01-29 Werner Koch - - * findkey.c (agent_key_available): New. - * command.c (cmd_havekey): New. - (register_commands): And register new command. - -2002-01-20 Werner Koch - - * command.c (cmd_get_passphrase): Remove the plus signs. - - * query.c (start_pinentry): Send no-grab option to pinentry - * gpg-agent.c (main): Move variable grab as no_grab to agent.h. - -2002-01-19 Werner Koch - - * gpg-agent.c (main): Disable core dumps. - - * cache.c: New. - * command.c (cmd_get_passphrase): Use the cache. - (cmd_clear_passphrase): Ditto. - - * gpg-agent.c: Removed unused cruft and implement the socket - based server. - (my_strusage): Take bug report address from configure.ac. - * command.c (start_command_handler): Add an argument to start as - regular server. - (start_command_handler): Enable Assuan logging. - -2002-01-15 Werner Koch - - * trustlist.c: New. - * command.c (cmd_istrusted, cmd_listtrusted, cmd_marktrusted): New. - -2002-01-07 Werner Koch - - * genkey.c: Store the secret part and return the public part. - -2002-01-03 Werner Koch - - * command.c (cmd_get_passphrase): New. - (cmd_clear_passphrase): New. - * query.c (agent_get_passphrase): New. - -2002-01-02 Werner Koch - - * genkey.c: New. - * command.c (cmd_genkey): New. - - * command.c (rc_to_assuan_status): Removed and changed all callers - to use map_to_assuan_status. - -2001-12-19 Werner Koch - - * keyformat.txt: New. - -2001-12-19 Marcus Brinkmann - - * query.c (start_pinentry): Add new argument to assuan_pipe_connect. - -2001-12-18 Werner Koch - - * Makefile.am: Use LIBGCRYPT macros - -2001-12-14 Werner Koch - - * gpg-agent.c (main): New option --batch. New option --debug-wait - n, so that it is possible to attach gdb when used in server mode. - * query.c (agent_askpin): Don't ask in batch mode. - - * command.c: Removed the conversion macros as they are now in - ../common/util.h. - -2001-12-14 Marcus Brinkmann - - * query.c (LINELENGTH): Removed. - (agent_askpin): Use ASSUAN_LINELENGTH, not LINELENGTH. - -2001-11-19 Werner Koch - - * gpg-agent.c: Removed all GUI code, removed code for old - protocol. New code to use the Assuan protocol as a server and - also to communicate with a new ask-passphrase utility. - -2000-11-22 Werner Koch - - * gpg-agent.c (main): csh support by Dan Winship, new options --sh - and --csh and set default by consulting $SHELL. - -Mon Aug 21 17:59:17 CEST 2000 Werner Koch - - * gpg-agent.c (passphrase_dialog): Cleanup the window and added the - user supplied text to the window. - (main): Fixed segv in gtk_init when used without a command to start. - - * gpg-agent.c: --flush option. - (req_flush): New. - (req_clear_passphrase): Implemented. - -Fri Aug 18 14:27:14 CEST 2000 Werner Koch - - * gpg-agent.c: New. - * Makefile.am: New. - - - Copyright 2001, 2002, 2003, 2004, 2005, - 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc. - - This file is free software; as a special exception the author gives - unlimited permission to copy and/or distribute it, with or without - modifications, as long as this notice is preserved. - - This file is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY, to the extent permitted by law; without even the - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/agent/ChangeLog-2011 b/agent/ChangeLog-2011 new file mode 100644 index 000000000..c074d1b65 --- /dev/null +++ b/agent/ChangeLog-2011 @@ -0,0 +1,3118 @@ +2011-12-01 Werner Koch + + NB: ChangeLog files are no longer manually maintained. Starting + on December 1st, 2011 we put change information only in the GIT + commit log, and generate a top-level ChangeLog file from logs at + "make dist". See doc/HACKING for details. + +2011-11-28 Werner Koch + + * command-ssh.c (card_key_available): Change wording of no key + diagnostic. + (ssh_handler_request_identities): Do not call card_key_available + if the scdaemon is disabled. + +2011-10-13 Marcus Brinkmann + + * gpg-agent.c (start_connection_thread) + (start_connection_thread_ssh): Cast npth_self result to unsigned + long for safety. + + * cache.c (new_data): Fix error check. + + * cache.c, call-pinentry.c, call-scd.c, findkey.c, gpg-agent.c, + trustlist.c: Port to NPth. + +2011-09-12 Ben Kibbey + + * genkey.c (agent_ask_new_passphrase): Allow for an empty passphrase + (no protection) in PINENTRY_MODE_LOOPBACK. + +2011-09-10 Ben Kibbey + + * agent.h (pinentry_loopback): New prototype. + * command.c (pinentry_loopback): New function to inquire a passphrase + from the client. For use with pinentry-mode=loopback. + * call-pinentry.c (agent_askpin): Handle PINENTRY_MODE_LOOPBACK. + * call-pinentry.c (agent_get_passphrase): Ditto. + * genkey.c (agent_ask_new_passphrase): Ditto. + +2011-08-10 Werner Koch + + * genkey.c (check_passphrase_pattern): Use gpg_strerror instead of + strerror. + * command-ssh.c (ssh_receive_mpint_list): Remove unused var + ELEMS_PUBLIC_N. + * gpg-agent.c (main): Remove unused var MAY_COREDUMP. + +2011-08-09 Ben Kibbey + + * command.c (option_handler): Have option s2k-count match the + documentation. + +2011-07-27 Werner Koch + + * call-scd.c (struct inq_needpin_s): Add field ANY_INQ_SEEN. + (inq_needpin): Set it. + (agent_card_scd): Send the cancel only if an inquire was actually + used. + +2011-07-09 Ben Kibbey + + * call-scd.c (agent_card_scd): Send the CANCEL command back to SCD + when the SCD command is cancelled from the client. + +2011-07-22 Werner Koch + + * command-ssh.c (ssh_receive_key): Do not init comment to an empty + static string; in the error case it would be freed. + +2011-07-20 Werner Koch + + * command.c (do_one_keyinfo, cmd_keyinfo): Support option --ssh-fpr. + + * command-ssh.c (ssh_identity_register): Display the ssh + fingerprint in the prompt. + (add_control_entry): Add arg FMTFPR and use it as comment in + sshcontrol. + (confirm_flag_from_sshcontrol): New. + (data_sign): Ask for confirmaton if requested. + (search_control_file): Add new arg R_CONFIRM and enhance parser. + * findkey.c (agent_raw_key_from_file): New. + (modify_description): Add format letter %F. + * findkey.c (agent_key_from_file): Simplify comment extraction by + using gcry_sexp_nth_string. + +2011-06-28 Ben Kibbey + + * command.c (option_handler): Add option s2k-count. + * agent.h (server_control_s): Add member s2k_count. + * genkey.c (store_key): Add parameter s2k_count. + * protect.c (agent_protect): Add parameter s2k_count. + * protect.c (do_encryption): Add parameter s2k_count. + +2011-06-01 Marcus Brinkmann + + * cvt-openpgp.c (convert_to_openpgp): Change type of N to unsigned + int. + +2011-04-26 Werner Koch + + * cvt-openpgp.c (convert_to_openpgp): Use rfc4880 encoded S2K count. + * protect.c (get_standard_s2k_count_rfc4880): New. + (S2K_DECODE_COUNT): New. + (s2k_hash_passphrase): Use the new macro. + +2011-04-21 Werner Koch + + * agent.h (server_control_s): Add field cache_ttl_opt_preset. + * gpg-agent.c (agent_init_default_ctrl): Init this field. + * genkey.c (agent_genkey): Use this new variable. + * command.c (cmd_passwd): Ditto. + (option_handler): Add new option cache-ttl-opt-preset. + +2011-04-20 Marcus Brinkmann + + * command.c (cmd_import_key): Release key from failed import + before converting openpgp private key in the openpgp-private-key + case. + +2011-04-17 Ben Kibbey + + * command.c (cmd_passwd): Check for an error before presetting. + +2011-04-12 Ben Kibbey + + * command.c (cmd_passwd): Fixed --preset when not previously cached. + +2011-04-12 Werner Koch + + * agent.h (CACHE_TTL_NONCE, CACHE_TTL_OPT_PRESET): New. + * command.c (cmd_passwd, cmd_import_key): Use new macros. + * genkey.c (agent_genkey): Ditto. + +2011-04-10 Ben Kibbey + + * command.c (cmd_passwd): Add option --preset. + * command.c (cmd_genkey): Add option --preset. + * genkey.c (agent_genkey): Add parameter preset. + +2011-04-06 Ben Kibbey + + * command.c (do_one_keyinfo): Add protection type field. + +2011-03-10 Werner Koch + + * protect.c (hash_passphrase): Use the new gcry_kdf_derive. + +2011-03-08 Werner Koch + + * cvt-openpgp.c (GCRY_PK_ECDH) [!HAVE_GCRY_PK_ECDH]: Remove. + +2011-03-03 Ben Kibbey + + * command.c (cmd_preset_passphrase): Add option --inquire. + +2011-03-03 Werner Koch + + * gpg-agent.c: Add option --allow-loopback-pinentry. + * command.c (option_handler): Add option pinentry-mode. + * agent.h (pinentry_mode_t): New enum. + (struct server_local_s): Add PINENTRY_MODE. + (struct opt): Add ALLOW_LOOPBACK_PINENTRY. + * call-pinentry.c (agent_askpin): Implement ask, cancel and error + pinentry modes. + (agent_get_passphrase, agent_get_confirmation): Ditto. + (agent_show_message): Return cancel if pinentry mode is not "ask". + (agent_popup_message_start): Ditto. + +2011-03-02 Werner Koch + + * call-scd.c (hash_algo_option): New. + (agent_card_pksign): Use it with PKSIGN. + +2011-03-02 Ben Kibbey (wk) + + * command.c (cmd_clear_passphrase): Add option --mode=normal. + (cmd_keyinfo): Add option --data. + (do_one_keyinfo): Return CACHED status. Add arg DATA. + +2011-02-07 Werner Koch + + * pksign.c (do_encode_dsa): Enforce multipe of 8 bits only for DSA. + +2011-02-03 Werner Koch + + * protect.c (protect_info): Support ECC algos. + + * pksign.c (do_encode_dsa): Map public key algo number. Extend + DSA size check for ECDSA. + + * gpg-agent.c: Include cipher.h. + (map_pk_openpgp_to_gcry): New. + + * findkey.c (key_parms_from_sexp): Support ECDH. + + * cvt-openpgp.c (get_keygrip): Support ECC algorithms. + (convert_secret_key): Ditto. + (do_unprotect): Ditto. + +2011-02-02 Werner Koch + + * cvt-openpgp.c (convert_secret_key): Remove algo mapping. + +2011-01-31 Werner Koch + + * cvt-openpgp.c (convert_to_openpgp): Adjust to reverted Libgcrypt + ABI. + + * protect.c (protect_info): Adjust ECDSA and ECDH parameter names. + Add "ecc". + * findkey.c (key_parms_from_sexp): Ditto. + +2011-01-19 Werner Koch + + * trustlist.c (read_one_trustfile): Also chop an CR. + +2011-01-21 Werner Koch + + * pksign.c (do_encode_dsa): Compare MDLEN to bytes. + + * cvt-openpgp.c (GCRY_PK_ECDH) [!HAVE_GCRY_PK_ECDH]: New. + +2010-12-02 Werner Koch + + * gpg-agent.c (CHECK_OWN_SOCKET_INTERVAL) [W32CE]: Set to 60 + seconds. + +2010-11-29 Werner Koch + + * cache.c (initialize_module_cache): Factor code out to ... + (init_encryption): new. + (new_data, agent_get_cache): Init encryption on on the fly. + +2010-11-26 Werner Koch + + * gpg-agent.c (CHECK_OWN_SOCKET_INTERVAL): New. + (handle_tick) [W32CE]: Don't check own socket. + +2010-11-23 Werner Koch + + * Makefile.am (gpg_agent_LDFLAGS): Add extra_bin_ldflags. + +2010-11-11 Werner Koch + + * agent.h (opt): Add field SIGUSR2_ENABLED. + * gpg-agent.c (handle_connections): Set that flag. + * call-scd.c (start_scd): Enable events depending on this flag. + +2010-10-27 Werner Koch + + * gpg-agent.c (create_socket_name): Use TMPDIR. Change callers. + +2010-10-26 Werner Koch + + * cache.c (agent_put_cache): Allow deletion even if TTL is passwd + as 0. + + * genkey.c (agent_protect_and_store): Add arg PASSPHRASE_ADDR. + * command.c (cmd_passwd): Add option --passwd-nonce. + (struct server_local_s): Add LAST_CACHE_NONCE and LAST_PASSWD_NONCE. + (clear_nonce_cache): New. + (reset_notify): Clear the nonce cache. + (start_command_handler): Ditto. + +2010-10-25 Werner Koch + + * command.c (cmd_export_key): Free CACHE_NONCE. + (cmd_passwd): Add option --cache-nonce. + +2010-10-18 Werner Koch + + * call-pinentry.c (start_pinentry): Print name of pinentry on + connect error. + + * call-scd.c (agent_card_pksign): Make sure to return an unsigned + number. + +2010-10-14 Werner Koch + + * command.c (cmd_genkey): Add option --no-protection. + * genkey.c (agent_genkey): Add arg NO_PROTECTION. + +2010-10-13 Werner Koch + + * call-pinentry.c (agent_get_passphrase): Support the close_button. + + * gpg-agent.c (create_server_socket): Switch back to stderr + logging if we are not starting a agent. + + * command.c (cmd_passwd, cmd_export_key): Move mapping of + GPG_ERR_FULLY_CANCELED to .. + (leave_cmd): .. here. + (option_handler): Add option agent-awareness. + * protect-tool.c (get_passphrase): Take care of + GPG_ERR_FULLY_CANCELED. + * findkey.c (try_unprotect_cb): Ditto. + (unprotect): Remove the fully_canceled hack. + * call-pinentry.c (start_pinentry): Ditto. + (agent_askpin): Ditto. + * pkdecrypt.c (agent_pkdecrypt): Ditto + * pksign.c (agent_pksign_do): Ditto. + * genkey.c (agent_ask_new_passphrase): Remove arg CANCEL_ALL. + +2010-10-06 Werner Koch + + * cvt-openpgp.c (convert_secret_key): Add missing break. + +2010-10-05 Werner Koch + + * gpg-agent.c (main): Don't set SSH_AGENT_PID so that ssh-agent -k + won't kill out gpg-agent. + +2010-09-30 Werner Koch + + * gpg-agent.c (agent_exit): Run cleanup. + (cleanup): Run only once. + + * call-pinentry.c (close_button_status_cb): New. + (agent_askpin): Add arg R_CANCEL_ALL. Change all callers. + * genkey.c (agent_ask_new_passphrase): Ditto. + * findkey.c (unprotect): Return GPG_ERR_FULLY_CANCELED if needed. + + * command.c (cmd_export_key): Add support for OpenPGP keys. + * findkey.c (unprotect): Add optional arg R_PASSPHRASE. + (agent_key_from_file): Ditto. Change all callers. + + * findkey.c (unprotect): Do not put the passphrase into the cache + if it has been changed. + + * cvt-openpgp.c (convert_to_openpgp, apply_protection) + (key_from_sexp): New. + +2010-09-29 Werner Koch + + * cvt-openpgp.c (convert_openpgp): Rename to convert_from_openpgp. + + * command.c (has_option): Stop at "--". + (has_option_name, option_value): Ditto. + (skip_options): Skip initial spaces. + +2010-09-24 Werner Koch + + * gpg-agent.c (main, reread_configuration): Always test whether + the default configuration file has been created in the meantime. + Fixes bug#1285. + +2010-09-17 Werner Koch + + * command.c (cmd_havekey): Allow testing of several keygrips. + +2010-09-15 Werner Koch + + * protect.c (calculate_mic): Take care of shared secret format. + + * agent.h (PROTECTED_SHARED_SECRET): New. + +2010-09-02 Werner Koch + + * cache.c (new_data): Change arg and callers to use a string and + explicity return an error code. We never used raw binary data and + thus it is easier to use a string. Adjust callers. + (initialize_module_cache, deinitialize_module_cache): New. + (new_data): Encrypt the cached data. + (struct cache_item_s): Remove field LOCKCOUNT. Change all users + accordingly. + (agent_unlock_cache_entry): Remove. + (agent_get_cache): Return an allocated string and remove CACHE_ID. + * genkey.c (agent_genkey): Remove cache marker stuff. + * findkey.c (unprotect): Ditto. + * cvt-openpgp.c (convert_openpgp): Ditto. + * command.c (cmd_get_passphrase): Ditto. + * gpg-agent.c (main, cleanup): Initialize and deinitialize the + cache module. + +2010-09-01 Werner Koch + + * call-pinentry.c (start_pinentry): Disable pinentry logging. + + * command.c (cmd_import_key, cmd_genkey, cmd_pksign): Add CACHE + handling. + * cvt-openpgp.c (convert_openpgp): Add arg CACHE_NONCE and try the + cached nonce first. + * genkey.c (agent_genkey): Add arg CACHE_NONCE. + * cache.c (agent_get_cache): Require user and nonce cache modes + to match the requested mode. + (agent_put_cache): Ditto. + * agent.h (CACHE_MODE_NONCE): New. + * pksign.c (agent_pksign_do, agent_pksign): Add arg CACHE_NONCE. + * findkey.c (agent_key_from_file): Ditto. + (unprotect): Implement it. + +2010-08-31 Werner Koch + + * pksign.c (do_encode_dsa): Fix sign problem. + * findkey.c (agent_is_dsa_key): Adjust to actual usage. + +2010-08-30 Werner Koch + + * protect.c (s2k_hash_passphrase): New public function. + +2010-08-27 Werner Koch + + * command.c (cmd_import_key): Support OpenPGP keys. + * cvt-openpgp.h, cvt-openpgp.c: New. Some of the code is based on + code taken from g10/seckey-cert.c. + +2010-08-26 Werner Koch + + * command-ssh.c (open_control_file): Use estream to create the file. + + * findkey.c (agent_write_private_key): Explicitly create file with + mode 600. + * gpg-agent.c (main): Ditto. + * trustlist.c (agent_marktrusted): Explicitly create file with + mode 640. + +2010-08-16 Werner Koch + + * gpg-agent.c: Replace remaining printf by es_printf. + +2010-08-11 Werner Koch + + * call-pinentry.c (agent_get_passphrase, agent_askpin): Fix + setting of confidential flag. + + * call-scd.c (agent_card_scd): Pass assuan comment lines to the + caller. + (ASSUAN_CONVEY_COMMENTS): Provide replacement if needed. + +2010-08-09 Werner Koch + + * Makefile.am (t_common_ldadd): Add NETLIBS for sake of the TCP + logging. + +2010-06-24 Werner Koch + + * genkey.c (check_passphrase_pattern): Use HANG option for + gnupg_wait_progress. Fixes regression from 2010-06-09. + +2010-06-21 Werner Koch + + * protect-tool.c (export_p12_file, import_p12_cert_cb) + (import_p12_file, sexp_to_kparms, store_private_key): Remove + unused code. + +2010-06-18 Werner Koch + + * protect-tool.c (store_private_key, rsa_key_check): Remove. + + * command.c (cmd_export_key): New. + +2010-06-15 Werner Koch + + * command.c (cmd_keywrap_key, cmd_import_key): New. + + * genkey.c (agent_genkey, agent_protect_and_store): Factor common + code out to... + (agent_ask_new_passphrase): .. new. + + * findkey.c (agent_write_private_key): Return GPG_ERR_EEXIST + instead of GPG_ERR_GENERAL. + +2010-06-14 Werner Koch + + * protect-tool.c: Remove commands --p12-import and --p12-export. + * minip12.c, minip12.h: Move to ../sm. + * Makefile.am (gpg_protect_tool_SOURCES): Remove them. + * preset-passphrase.c: Remove unneeded minip12.h. + + * command.c (cmd_keywrap_key): New. + + * command.c (leave_cmd): New. + (cmd_istrusted, cmd_listtrusted, cmd_marktrusted, cmd_pksign) + (cmd_pkdecrypt, cmd_genkey, cmd_readkey, cmd_keyinfo) + (cmd_get_passphrase, cmd_get_confirmation, cmd_learn) + (cmd_passwd, cmd_preset_passphrase, cmd_getval, cmd_putval): Use it. + +2010-05-12 Werner Koch + + * preset-passphrase.c (forget_passphrase): Actually implement + this. Fixes bug#1198. + +2010-05-11 Werner Koch + + * agent.h (opt): Add field USE_STANDARD_SOCKET. + * gpg-agent.c (use_standard_socket): Remove. Use new option instead. + + * command.c (cmd_killagent, cmd_reloadagent): Provide command also + for non-W32 platforms. + (cmd_getinfo): New subcommands std_session_env and std_startup_env. + +2010-05-03 Werner Koch + + * gpg-agent.c (check_own_socket_thread): Do not release SOCKNAME + too early. + +2010-04-30 Werner Koch + + * gpg-agent.c (main): Add command --use-standard-socket-p. + +2010-04-26 Werner Koch + + * gpg-agent.c (create_server_socket) [W32]: Also check for EEXIST. + +2010-04-19 Werner Koch + + * pksign.c (get_dsa_qbits, do_encode_dsa): New. + (agent_pksign_do): Detect DSA keys and use do_encode_dsa. + * findkey.c (agent_public_key_from_file): Factor some code out to .. + (key_parms_from_sexp): New. + (agent_is_dsa_key): New. + + * command.c (cmd_sethash): Clear digeest.RAW_VALUE. + +2010-04-14 Werner Koch + + * Makefile.am (libexec_PROGRAMS) [W32CE]: Do not build + gpg-preset-passphrase for now. + (pwquery_libs) [W32CE]: Set to empty. + + * trustlist.c (read_one_trustfile): Use estream. + +2010-04-13 Werner Koch + + * findkey.c (read_key_file): Use estream. + (agent_write_private_key): Ditto. + +2010-04-07 Werner Koch + + * gpg-agent.c (handle_connections) [W32]: Assume that PTh support + the handle event. Use a dummy event for W32CE. + (get_agent_scd_notify_event) [W32CE]: Do not build. + + * call-pinentry.c: Remove setenv.h. Include sysutils.h. + (atfork_cb): s/setenv/gnupg_setenv/. + + * gpg-agent.c: Do not include setenv.h. + (main): s/unsetenv/gnupg_unsetenv/. + + * protect.c (calibrate_get_time) [W32CE]: Use GetThreadTimes. + +2010-04-06 Werner Koch + + * call-scd.c [!HAVE_SIGNAL_H]: Do not include signal.h. + + * findkey.c (agent_write_private_key): s/remove/gnupg_remove/. + + * command-ssh.c (search_control_file): Replace rewind by fseek and + clearerr. + * genkey.c (check_passphrase_pattern): Ditto. + + * gpg-agent.c [!HAVE_SIGNAL_H]: Do not include signal.h. + (remove_socket): s/remove/gnupg_remove/. + (create_private_keys_directory): Use gnupg_mkdir. + +2010-03-11 Werner Koch + + * gpg-agent.c: Include "asshelp.h". + (main): Remove assuan_set_assuan_log_prefix. Add + assuan_set_log_cb. + (handle_signal): Disable pth ctrl dumping. + (parse_rereadable_options, main): Remove assuan_set_assuan_log_stream. + * call-scd.c (start_scd): Remove assuan_set_log_stream. + +2010-03-10 Werner Koch + + * Makefile.am (common_libs): Remove libjnlib.a. + + * trustlist.c, protect-tool.c, command-ssh.c: Remove estream.h. + +2010-02-17 Werner Koch + + * call-pinentry.c (start_pinentry): Always free OPTSTR. Send + default-xxx strings. + +2010-01-26 Werner Koch + + * protect.c (do_encryption): Encode the s2kcount and no not use a + static value of 96. + +2009-12-21 Werner Koch + + * command.c (cmd_getinfo): Add sub-command s2k_count. + +2009-12-14 Werner Koch + + * protect.c (agent_unprotect): Decode the S2K count here and take + care of the new unencoded values. Add a lower limit sanity check. + (hash_passphrase): Do not decode here. + (get_standard_s2k_count, calibrate_s2k_count): New. + (calibrate_get_time, calibrate_elapsed_time): New. + (do_encryption): Use get_standard_s2k_count. + +2009-12-08 Werner Koch + + * protect.c (agent_unprotect): Avoid compiler warning. + +2009-12-08 Marcus Brinkmann + + * call-pinentry.c (start_pinentry): Convert posix fd to assuan fd. + * call-scd.c (start_scd): Likewise. + +2009-12-03 Werner Koch + + * gpg-agent.c (set_debug): Allow for numerical debug leveles. Print + active debug flags. + +2009-12-02 Werner Koch + + * trustlist.c (read_trustfiles): Store the pointer returned from + shrinking the memory and not the orginal one. Fixes bug#1163. + Reported by TAKAHASHI Tamotsu. Also return correct error after + memory failure. + +2009-11-27 Marcus Brinkmann + + * command.c (start_command_handler): Do not call + assuan_set_log_stream anymore. + * gpg-agent.c (main): But call assuan_set_assuan_log_stream here. + +2009-11-25 Marcus Brinkmann + + * command.c (start_command_handler): Use assuan_fd_t and + assuan_fdopen on fds. + +2009-11-05 Marcus Brinkmann + + * call-pinentry.c (start_pinentry): Call assuan_pipe_connect, not + assuan_pipe_connect_ext. + * command.c (start_command_handler): Change + assuan_init_socket_server_ext into assuan_init_socket_server. + * call-scd.c (start_scd): Update use of assuan_socket_connect and + assuan_pipe_connect. + * gpg-agent.c (check_own_socket_thread, check_for_running_agent): + Update use of assuan_socket_connect. + +2009-11-04 Werner Koch + + * command.c (register_commands): Add help arg to + assuan_register_command. Convert all command comments to help + strings. + +2009-11-02 Marcus Brinkmann + + * command.c (reset_notify): Take LINE arg and return error. + (register_commands): Use assuan_handler_t type. + +2009-10-16 Marcus Brinkmann + + * gpg_agent_CFLAGS, gpg_agent_LDADD: Use libassuan instead of + libassuan-pth. + * gpg-agent.c: Invoke ASSUAN_SYSTEM_PTH_IMPL. + (main): Call assuan_set_system_hooks and assuan_sock_init. + Fix invocation of assuan_socket_connect. + +2009-09-23 Werner Koch + + * command.c (register_commands) [HAVE_ASSUAN_SET_IO_MONITOR]: + Remove cpp condition. + (start_command_handler) [HAVE_ASSUAN_SET_IO_MONITOR]: Ditto. + +2009-09-23 Marcus Brinkmann + + * gpg-agent.c (parse_rereadable_options): Don't set global assuan + log file (there ain't one anymore). + (main): Update to new API. + (check_own_socket_pid_cb): Return gpg_error_t instead of int. + (check_own_socket_thread, check_for_running_agent): Create assuan + context before connecting to server. + * command.c: Include "scdaemon.h" before because of + GPG_ERR_SOURCE_DEFAULT check. + (write_and_clear_outbuf): Use gpg_error_t instead of + assuan_error_t. + (cmd_geteventcounter, cmd_istrusted, cmd_listtrusted) + (cmd_marktrusted, cmd_havekey, cmd_sigkey, cmd_setkeydesc) + (cmd_sethash, cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_readkey) + (cmd_keyinfo, cmd_get_passphrase, cmd_clear_passphrase) + (cmd_get_confirmation, cmd_learn, cmd_passwd) + (cmd_preset_passphrase, cmd_scd, cmd_getval, cmd_putval) + (cmd_updatestartuptty, cmd_killagent, cmd_reloadagent) + (cmd_getinfo, option_handler): Return gpg_error_t instead of int. + (post_cmd_notify): Change type of ERR to gpg_error_t from int. + (io_monitor): Add hook argument. Use symbols for constants. + (register_commands): Change return type of HANDLER to gpg_error_t. + (start_command_handler): Allocate assuan context before starting + server. + * call-pinentry.c: Include "scdaemon.h" before because + of GPG_ERR_SOURCE_DEFAULT check. + (unlock_pinentry): Call assuan_release instead of + assuan_disconnect. + (getinfo_pid_cb, getpin_cb): Return gpg_error_t instead of int. + (start_pinentry): Allocate assuan context before connecting to + server. + * call-scd.c (membuf_data_cb, learn_status_cb, get_serialno_cb) + (membuf_data_cb, inq_needpin, card_getattr_cb, pass_status_thru) + (pass_data_thru): Change return type to gpg_error_t. + (start_scd): Allocate assuan context before connecting to server. + +2009-09-04 Marcus Brinkmann + + * command.c (start_command_handler): Add comment about gap in + implementation (in dead code), for future reference. + +2009-08-11 Werner Koch + + * divert-scd.c (ask_for_card): I18n a prompt string. + +2009-07-06 Werner Koch + + * agent.h: Include session-env.h. + (opt): Replace most of the startup_xxx fields by a session_env_t. + (struct server_control_s): Likewise. + * gpg-agent.c (main): Rewrite setting of the startup fields. + (handle_connections, main): Allocate SESSION_ENV. + (agent_init_default_ctrl, agent_deinit_default_ctrl): Change + accordingly. + * command.c (option_handler): Ditto. + (cmd_updatestartuptty): Change accordingly. Protect old values + from out of core failures. + * command-ssh.c (start_command_handler_ssh): Ditto. + (start_command_handler_ssh): Replace strdup by xtrystrdup. + * call-pinentry.c (atfork_cb): Pass new envrinmnet variables. + (start_pinentry): Use session_env stuff. + * protect-tool.c (main): Adjust call to gnupg_prepare_get_passphrase. + +2009-06-24 Werner Koch + + * genkey.c (agent_protect_and_store): Return RC and not 0. + * protect.c (do_encryption): Fix ignored error code from malloc. + Reported by Fabian Keil. + +2009-06-17 Werner Koch + + * call-pinentry.c (agent_get_confirmation): Add arg WITH_CANCEL. + Change all callers. + * trustlist.c (agent_marktrusted): Use WITH_CANCEL + +2009-06-09 Werner Koch + + * learncard.c (send_cert_back): Ignore certain error codes. + +2009-06-05 Werner Koch + + * protect-tool.c (store_private_key): Fix last change by appending + a ".key". + +2009-06-03 Werner Koch + + * protect-tool.c: Include estream.h. + (store_private_key): Replace stdio streams by estream functions + for a portable use of the "x" mode. + * trustlist.c: Include estream.h. + (agent_marktrusted): Replace stdio stream by estream functions. + + * protect-tool.c (store_private_key): Use bin2hex. + +2009-06-02 Werner Koch + + * gpg-agent.c (main): Run pth_kill after fork. Fixes bug#1066. + +2009-05-19 Werner Koch + + * gpg-agent.c (JNLIB_NEED_AFLOCAL): Define. + (create_server_socket): Use SUN_LEN macro. + +2009-05-15 Werner Koch + + Fix bug #1053. + + * agent.h (lookup_ttl_t): New. + * findkey.c (unprotect): Add arg LOOKUP_TTL. + (agent_key_from_file): Ditto. + * pksign.c (agent_pksign_do): Ditto. + * command-ssh.c (ttl_from_sshcontrol): New. + (data_sign): Pass new function to agent_pksign_do. + (search_control_file): Add new arg R_TTL. + +2009-05-14 Werner Koch + + * command.c (cmd_get_passphrase): Add option --qualitybar. + * call-pinentry.c (agent_askpin): Factor some code out to ... + (setup_qualitybar): .. new. + (agent_get_passphrase): Add arg WITH_QUALITYBAR and implement it. + +2009-04-14 Marcus Brinkmann + + * call-pinentry.c (agent_get_confirmation): Try SETNOTOK command + with pinentry. + +2009-04-01 Werner Koch + + * protect-tool.c (pe_opt): New. + (opts): Add option --agent-program. Use ARGPARSE macros. + (get_new_passphrase): Remove. + (get_passphrase): Use gpg-agent directly. Remove arg OPT_CHECK and + change all callers. + * Makefile.am (gpg_protect_tool_LDADD): Replace pwquery_libs by + LIBASSUAN_LIBS. + (gpg_protect_tool_CFLAGS): New. + + * command.c (percent_plus_unescape): Remove. + (cmd_putval): Use percent_plus_unescape_inplace. + * call-scd.c (unescape_status_string): Remove. + (card_getattr_cb): Use percent_plus_unescape. + * protect-tool.c (main): Use percent_plus_unescape from common/. + (percent_plus_unescape, percent_plus_unescape_string): Remove. + +2009-03-27 Werner Koch + + * learncard.c (agent_handle_learn): Add new certtype 111. + +2009-03-26 Werner Koch + + * agent.h (MAX_DIGEST_LEN): Change to 64. + * command.c (cmd_sethash): Allow digest length of 48 and 64. + (cmd_sethash): Allow more hash algos. + + * trustlist.c (reformat_name): New. + (agent_marktrusted): Use a reformatted name. Reload the table + before the update and always reload it at the end. + (agent_istrusted): Check early for the disabled flag. + +2009-03-25 Werner Koch + + * pkdecrypt.c (agent_pkdecrypt): Return a specific error message + if the key is not available. + + * gpg-agent.c (main): Print a started message to show the real pid. + +2009-03-20 Werner Koch + + * learncard.c (struct kpinfo_cp_parm_s): Add field CTRL. + (struct certinfo_cb_parm_s): Ditto. + (agent_handle_learn): Set CTRL field. + (kpinfo_cb, certinfo_cb): Send progress status. + + * agent.h (agent_write_status): Flag with GNUPG_GCC_A_SENTINEL. + +2009-03-19 Werner Koch + + * trustlist.c (struct trustitem_s): Add field DISABLED. + (read_one_trustfile): Parse the '!' flag. + (agent_istrusted, agent_listtrusted): Check flag. + (agent_istrusted): Add arg R_DISABLED. Change all callers. + (agent_marktrusted): Do not ask if flagged as disabled. Reverse + the order of the questions. Store the disabled flag. + + * gpg-agent.c (main): Save signal mask and open fds. Restore mask + and close all fds prior to the exec. Fixes bug#1013. + +2009-03-17 Werner Koch + + * command.c (cmd_get_passphrase): Break repeat loop on error. + Show error message. + (cmd_getinfo): Add subcommand "cmd_has_option". + (command_has_option): New. + +2009-03-17 Daiki Ueno + + * command.c (option_value): New function. + (cmd_get_passphrase): Accept new option --repeat, which makes + gpg-agent to ask passphrase several times. + +2009-03-06 Werner Koch + + * command.c (cmd_keyinfo): New command. + (register_commands): Register it. + (agent_write_status): Make sure not to print LR or CR. + * divert-scd.c (ask_for_card): Factor shadow info parsing out to ... + * protect.c (parse_shadow_info): New. + * findkey.c (agent_key_from_file): Use make_canon_sexp. + (agent_write_private_key, unprotect, read_key_file) + (agent_key_available): Use bin2hex. + (agent_key_info_from_file): New. + (read_key_file): Log no error message for ENOENT. + +2009-03-05 Werner Koch + + * divert-scd.c (getpin_cb): Support flag 'P'. Change max_digits + from 8 to 16. Append a message about keypads. + * findkey.c (unprotect): Change max digits to 16. + +2009-03-02 Werner Koch + + * command.c (cmd_getinfo): Add subcommand "scd_running". + + * call-scd.c (agent_scd_check_running): New. + + * gpg-agent.c: Add missing option strings for "--batch" and + "--homedir". Reported by Petr Uzel. + + * protect-tool.c (import_p12_file): Take care of canceled + passphrase entry. Fixes bug#1003. + (export_p12_file): Ditto. + +2008-12-17 Werner Koch + + * gpg-agent.c (handle_connections): Set action of all pth event + handled signals to SIG_IGN. Use a different pth_sigmask strategy. + +2008-12-10 Werner Koch + + * command.c (cmd_get_passphrase): Implement option --no-ask. + +2008-12-09 Werner Koch + + * gpg-agent.c (main): Call i18n_init before init_common_subsystems. + * preset-passphrase.c (main): Ditto. + * protect-tool.c (main): Ditto. + + * command.c (cmd_preset_passphrase): Allow an arbitrary string for + the cache id. + +2008-12-08 Werner Koch + + * gpg-agent.c (handle_connections): Sync the ticker to the next + full second. This is bug#871. + +2008-12-05 Werner Koch + + * minip12.c (decrypt_block): Fix const modified of CHARSETS. + * learncard.c (sinfo_cb_parm_s): Remove superflous semicolon. + Reported by Stoyan Angelov. + +2008-11-18 Werner Koch + + * gpg-agent.c (make_libversion): New. + (my_strusage): Print libgcrypt version + +2008-11-11 Werner Koch + + * call-scd.c (membuf_data_cb): Change return type to + assuan_error_t to avoid warnings with newer libassuan versions. + +2008-11-04 Werner Koch + + * command.c (cmd_killagent): Stop the agent immediately. + (start_command_handler): Take care of GPG_ERR_EOF. + +2008-10-29 Werner Koch + + * gpg-agent.c (main): Move USE_STANDARD_SOCKET to the outer scope. + (create_socket_name): Remove arg USE_STANDARD_SOCKET. Change all + callers. + (create_server_socket): Remove IS_STANDARD_NAME and replace it by + USE_STANDARD_SOCKET. Change all callers. + (check_own_socket_running): New. + (check_own_socket, check_own_socket_thread): New. + (handle_tick): Check server socket once a minute. + (handle_connections): Remove the extra pth_wait in the shutdown + case. + +2008-10-20 Werner Koch + + * command.c (cmd_geteventcounter): Mark unused arg. + (cmd_listtrusted, cmd_pksign, cmd_pkdecrypt, cmd_genkey): Ditto. + (cmd_updatestartuptty, post_cmd_notify): Ditto. + * command-ssh.c (add_control_entry) + (ssh_handler_request_identities, ssh_handler_remove_identity) + (ssh_handler_remove_all_identities, ssh_handler_lock) + (ssh_handler_unlock): Ditto. + * call-pinentry.c (pinentry_active_p, popup_message_thread) + (agent_popup_message_stop): Ditto. + * findkey.c (agent_public_key_from_file): Ditto. + * genkey.c (check_passphrase_pattern): Ditto. + * call-scd.c (atfork_cb): Ditto. + * protect-tool.c (import_p12_cert_cb): Ditto. + * t-protect.c (main): Ditto. + +2008-10-17 Werner Koch + + * call-scd.c (start_scd) [W32]: Use snprintf again because we now + always use the estream variant. + +2008-10-15 Werner Koch + + * call-scd.c (start_scd): Enable assuan loggging if requested. + (agent_scd_check_aliveness) [W32]: Fix use of GetExitCodeProcess. + +2008-10-14 Werner Koch + + * gpg-agent.c (get_agent_scd_notify_event): Need to use a manual + reset event. + +2008-09-29 Werner Koch + + * agent.h (GCRY_MD_USER): Rename to GCRY_MODULE_ID_USER. + (GCRY_MD_USER_TLS_MD5SHA1): Rename to MD_USER_TLS_MD5SHA1 and + change all users. + +2008-09-25 Werner Koch + + * divert-scd.c (getpin_cb): Support a Reset Code style PINs.. + +2008-09-03 Werner Koch + + * command.c (parse_keygrip): Use hex2bin. + (cmd_preset_passphrase): Decode the passphrase. Reported by Kiss + Gabor. Fixes #679 again. + * preset-passphrase.c (make_hexstring): Remove. + (preset_passphrase): Use bin2hex. + +2008-05-27 Werner Koch + + * trustlist.c (insert_colons): Fix stupidly wrong allocation size + computation. + +2008-05-26 Werner Koch + + * gpg-agent.c (main): Re-initialize default assuan log stream if a + log file is used. + + * trustlist.c (agent_marktrusted): Use xtryasprintf and xfree. + + * gpg-agent.c (main, agent_deinit_default_ctrl): Always use xfree + because our asprintf is mapped to an xmalloc style function in + util.h. Replace xstrdup by xtrystrdup. + * w32main.c (build_argv): Ditto. + * preset-passphrase.c (preset_passphrase): Ditto. + * divert-scd.c (ask_for_card): Ditto. + * command.c (option_handler): Ditto. + * command-ssh.c (ssh_handler_request_identities): Ditto. + * call-pinentry.c (start_pinentry): Ditto. + + * gpg-agent.c (start_connection_thread) + (start_connection_thread_ssh): Use pth_thread_id for useful output + under W32. + (pth_thread_id) [!PTH_HAVE_PTH_THREAD_ID]: New. + +2008-03-17 Werner Koch + + * agent.h (agent_inq_pinentry_launched): New prototype. + + * call-pinentry.c: Include sys/types.h and signal.h. + +2008-02-14 Werner Koch + + * command.c (agent_inq_pinentry_launched): New. + (option_handler): Add option allow-pinentry-notify. + * call-pinentry.c (getinfo_pid_cb): New. + (start_pinentry): Ask for the PID and notify the client. + +2008-01-15 Marcus Brinkmann + + * call-pinentry.c (start_pinentry): Start pinentry in detached + mode. + +2007-12-04 Werner Koch + + * call-pinentry.c (agent_askpin): Use gnupg_get_help_string. + +2007-12-03 Werner Koch + + * gpg-agent.c (main): s/standard_socket/use_standard_socket/ for + clarity. + (create_server_socket): New arg IS_SSH to avoid testing with + assuan commands. + +2007-11-20 Werner Koch + + * gpg-agent.c (get_agent_scd_notify_event): New. + (handle_signal): Factor SIGUSR2 code out to: + (agent_sigusr2_action): .. New. + (agent_sighup_action): Print info message here and not in + handle_signal. + (handle_connections) [PTH_EVENT_HANDLE]: Call agent_sigusr2_action. + + * call-scd.c (agent_scd_check_aliveness) [W32]: Implemented. + (start_scd) [W32]: Send event-signal option. + +2007-11-19 Werner Koch + + * call-pinentry.c (agent_askpin): Set the tooltip for the quality + bar. + +2007-11-15 Werner Koch + + * agent.h (struct server_control_s): Add XAUTHORITY and + PINENTRY_USER_DATA. + * gpg-agent.c: New option --xauthority. + (main, agent_init_default_ctrl) + (agent_deinit_default_ctrl): Implemented + * command.c (cmd_updatestartuptty): Ditto. + * command-ssh.c (start_command_handler_ssh): Ditto. + * call-pinentry.c (atfork_cb): Set the environment. + (start_pinentry): Pass CTRL as arg to atfork_cb. + +2007-11-14 Werner Koch + + * call-scd.c (start_scd) [W32]: Take care of fflush peculiarities. + +2007-11-07 Werner Koch + + * agent.h: Remove errors.h. + +2007-10-24 Werner Koch + + * genkey.c (check_passphrase_constraints): Changed the wording of + the warning messages. + +2007-10-19 Werner Koch + + * protect-tool.c (get_passphrase): Use new utf8 switch fucntions. + +2007-10-15 Daiki Ueno (wk) + + * command-ssh.c (reenter_compare_cb): New function; imported from + genkey.c. + (ssh_identity_register): Ask initial passphrase twice. + +2007-10-02 Werner Koch + + * command.c (cmd_getinfo): Add "pid" subcommand. + +2007-10-01 Werner Koch + + * agent.h (struct server_control_s): Remove unused CONNECTION_FD. + + * gpg-agent.c: Remove w32-afunix.h. Include mkdtemp.h. + (socket_nonce, socket_nonce_ssh): New. + (create_server_socket): Use assuan socket wrappers. Remove W32 + specific stuff. Save the server nonce. + (check_nonce): New. + (start_connection_thread, start_connection_thread_ssh): Call it. + (handle_connections): Change args to gnupg_fd_t. + * command.c (start_command_handler): Change LISTEN_FD to gnupg_fd_t. + * command-ssh.c (start_command_handler_ssh): Ditto. + +2007-09-18 Werner Koch + + * agent.h (struct pin_entry_info_s): Add element WITH_QUALITYBAR. + * genkey.c (check_passphrase_constraints): New arg SILENT. + Changed all callers. + (agent_protect_and_store, agent_genkey): Enable qualitybar. + * call-pinentry.c (agent_askpin): Send that option. + (unescape_passphrase_string): New. + (inq_quality): New. + (estimate_passphrase_quality): New. + +2007-09-14 Marcus Brinkmann + + * call-pinentry.c (agent_popup_message_stop): Implement kill for + Windows. + +2007-08-28 Werner Koch + + * gpg-agent.c (main): Add option --faked-system-time. + + * protect-tool.c (read_and_unprotect): Print the protected-at date. + + * agent.h (struct server_control_s): Add member IN_PASSWD. + * command.c (cmd_passwd): Set it. + * findkey.c (try_unprotect_cb): Use it. + + * protect.c (do_encryption): Replace asprintf by xtryasprint. + (agent_protect): Create the protected-at item. + (agent_unprotect): Add optional arg PROTECTED_AT. + (merge_lists): Add args CUTOFF and CUTLEN. + (agent_unprotect): Use them. + * findkey.c (try_unprotect_cb): Add code to test for expired keys. + (unprotect): Allow changing the passphrase. + +2007-08-27 Werner Koch + + * gpg-agent.c: Add options --min-passphrase-nonalpha, + --check-passphrase-pattern and --enforce-passphrase-constraints. + (MIN_PASSPHRASE_NONALPHA): Init nonalpha option to 1. + (main): Declare options for gpgconf. + * agent.h (struct): Add members MIN_PASSPHRASE_NONALPHA, + ENFORCE_PASSPHRASE_CONSTRAINTS and CHECK_PASSPHRASE_PATTERN. + * genkey.c (nonalpha_charcount): New. + (check_passphrase_pattern): New. + (check_passphrase_constraints): Implement. Factor some code out... + (take_this_one_anyway, take_this_one_anyway2): .. New. + + * call-pinentry.c (agent_show_message): New. + (agent_askpin): We better reset the pin buffer before asking. + + * trustlist.c (insert_colons): New. + (agent_marktrusted): Pretty print the fpr. + +2007-08-22 Werner Koch + + * findkey.c (O_BINARY): Make sure it is defined. + (agent_write_private_key): Use O_BINARY + + * protect-tool.c (import_p12_file): Add hack to allow importing of + gnupg 2.0.4 generated files. + +2007-08-06 Werner Koch + + * trustlist.c (read_one_trustfile): Add flag "cm". + (agent_istrusted): Ditto. + +2007-08-02 Werner Koch + + * gpg-agent.c: Include gc-opt-flags.h and remove their definition + here. + +2007-07-13 Werner Koch + + * genkey.c (check_passphrase_constraints): Require a confirmation + for an empty passphrase. + (agent_genkey, agent_protect_and_store): No need to repeat an + empty passphrase. + +2007-07-05 Werner Koch + + * call-scd.c (struct inq_needpin_s): New. + (inq_needpin): Pass unknown inquiries up. + +2007-07-04 Werner Koch + + * gpg-agent.c (TIMERTICK_INTERVAL): New. + (fixed_gcry_pth_init, main): Kludge to fix Pth initialization. + +2007-07-03 Werner Koch + + * gpg-agent.c (handle_connections): Do not use FD_SETSIZE for + select but compute the correct number. + +2007-07-02 Werner Koch + + * command.c (cmd_reloadagent) [W32]: New. + (register_commands) [W32]: New command RELOADAGENT. + + * Makefile.am (gpg_agent_SOURCES): Remove w32main.c and w32main.h. + (gpg_agent_res_ldflags): Remove icon file as we don't have a + proper icon yet. + * gpg-agent.c (main): do not include w32main.h. Remove all calls + to w32main.c. + (agent_sighup_action): New. + (handle_signal): Use it. + +2007-06-26 Werner Koch + + * gpg-agent.c (create_directories) [W32]: Made it work. + +2007-06-21 Werner Koch + + * agent.h (ctrl_t): Remove. It is now declared in ../common/util.h. + + * gpg-agent.c (check_for_running_agent): New arg SILENT. Changed + all callers. + (create_server_socket): If the standard socket is in use check + whether a agent is running and avoid starting another one. + +2007-06-18 Marcus Brinkmann + + * gpg-agent.c (main): Percent escape pathname in --gpgconf-list + output. + +2007-06-18 Werner Koch + + * w32main.c (build_argv): New. + (WinMain): Use it. + + * command.c (cmd_killagent) [W32]: New. + (cmd_getinfo): New. + * gpg-agent.c (get_agent_ssh_socket_name): New. + (no_force_standard_socket) New. + (create_server_socket): Use it. + * Makefile.am (gpg_agent_res_ldflags): Pass windows option to ld. + +2007-06-14 Werner Koch + + * protect-tool.c (main): Setup default socket name for + simple-pwquery. + (MAP_SPWQ_ERROR_IMPL): New. Use map_spwq_error for spqw related + error codes. + * preset-passphrase.c (main): Setup default socket name for + simple-pwquery. + (map_spwq_error): Remove. + (MAP_SPWQ_ERROR_IMPL): New. + + * call-pinentry.c (start_pinentry): Use gnupg_module_name. + * call-scd.c (start_scd): Ditto. + +2007-06-12 Werner Koch + + * taskbar.c: New. + + * trustlist.c (read_one_trustfile): Replace GNUPG_SYSCONFDIR by a + function call. + (read_trustfiles): Ditto. + + * gpg-agent.c (main): Replace some calls by init_common_subsystems. + * preset-passphrase.c (main): Ditto. + * protect-tool.c (main): Ditto. + +2007-06-11 Werner Koch + + * Makefile.am (common_libs): Use libcommonstd macro. + (commonpth_libs): Use libcommonpth macro. + + * protect-tool.c (main) [W32]: Call pth_init. + + * preset-passphrase.c (main) [W32]: Replace the explicit Winsocket + init by a call to pth_init. + + * trustlist.c (initialize_module_trustlist): New. + * gpg-agent.c (main): Call it. + + * call-pinentry.c (initialize_module_query): Rename to + initialize_module_call_pinentry. + + * minip12.c: Remove iconv.h. Add utf8conf.h. Changed all iconv + calss to use these jnlib wrappers. + +2007-06-06 Werner Koch + + * minip12.c (enum): Rename CONTEXT to ASNCONTEXT as winnt.h + defines such a symbol to access the process context. + + * call-pinentry.c (dump_mutex_state) [W32]: Handle the W32Pth case. + * call-scd.c (dump_mutex_state): Ditto. + + * protect-tool.c (i18n_init): Remove. + * preset-passphrase.c (i18n_init): Remove. + * gpg-agent.c (i18n_init): Remove. + +2007-05-19 Marcus Brinkmann + + * protect-tool.c (get_passphrase): Free ORIG_CODESET on error. + +2007-05-14 Werner Koch + + * protect.c (make_shadow_info): Replace sprintf by smklen. + +2007-04-20 Werner Koch + + * gpg-agent.c (my_gcry_logger, my_gcry_outofcore_handler): Removed. + (main): Call the setup_libgcrypt_logging helper. + * protect-tool.c (my_gcry_logger): Removed. + (main): Call the setup_libgcrypt_logging helper. + +2007-04-03 Werner Koch + + * trustlist.c (read_trustfiles): Take a missing trustlist as an + empty one. + +2007-03-20 Werner Koch + + * protect-tool.c: New option --p12-charset. + * minip12.c (p12_build): Implement it. + +2007-03-19 Werner Koch + + * minip12.c: Include iconv.h. + (decrypt_block): New. + (parse_bag_encrypted_data, parse_bag_data): Use it here. + (bag_data_p, bag_decrypted_data_p): New helpers. + +2007-03-06 Werner Koch + + * gpg-agent.c (main) : Add entries for all ttl options. + +2007-02-20 Werner Koch + + * call-pinentry.c (start_pinentry): Fix for OS X to allow loading + of the bundle. Tested by Benjamin Donnachie. + +2007-02-14 Werner Koch + + * gpg-agent.c: New option --pinentry-touch-file. + (get_agent_socket_name): New. + * agent.h (opt): Add pinentry_touch_file. + * call-pinentry.c (start_pinentry): Send new option to the + pinentry. + +2007-01-31 Moritz Schulte (wk) + + * command-ssh.c (stream_read_string): Initialize LENGTH to zero. + (start_command_handler_ssh): Use es_fgetc/es_ungetc to check if + EOF has been reached before trying to process another request. + +2007-01-31 Werner Koch + + * command-ssh.c (start_command_handler_ssh): + + * Makefile.am (t_common_ldadd): Add LIBICONV. + +2007-01-25 Werner Koch + + * genkey.c (check_passphrase_constraints): Get ngettext call right + and use UTF-8 aware strlen. + + * protect-tool.c (get_passphrase): New arg OPT_CHECK. + (get_new_passphrase): Enable OPT_CHECK on the first call. + * command.c (cmd_get_passphrase): Implement option --check. + +2007-01-24 Werner Koch + + * gpg-agent.c (MIN_PASSPHRASE_LEN): New + (parse_rereadable_options): New option --min-passphrase-len. + * genkey.c (check_passphrase_constraints): New. + (agent_genkey, agent_protect_and_store): Call new function. Fix + memory leak. + + * call-pinentry.c (agent_askpin): Allow translation of the displayed + error message. + (agent_popup_message_start): Remove arg CANCEL_BTN. + (popup_message_thread): Use --one-button option. + + * command.c (cmd_passwd): Now that we don't distinguish between + assuan and regular error codes we can jump to the end on error. + +2006-12-07 David Shaw + + * Makefile.am: Link to iconv for jnlib dependency. + +2006-11-20 Werner Koch + + * call-pinentry.c (agent_popup_message_stop): Use SIGKILL. + * call-scd.c (inq_needpin): Implement POPUPKEYPADPROMPT and + DISMISSKEYPADPROMPT. + +2006-11-15 Werner Koch + + * protect.c (make_shadow_info): Cast printf arg to unsigned int. + * minip12.c (parse_bag_encrypted_data): Ditto. + (parse_bag_data, p12_parse): Ditto. + * command-ssh.c (ssh_identity_register): Changed buffer_n to + size_t. + + * agent.h (struct server_control_s): New field thread_startup. + * command.c (start_command_handler): Moved CTRL init code to .. + * gpg-agent.c (start_connection_thread): .. here. + (agent_deinit_default_ctrl): New. + (agent_init_default_ctrl): Made static. + (handle_connections): Allocate CTRL and pass it pth_spawn. + * command-ssh.c (start_command_handler_ssh): Moved CTRL init code + to .. + * gpg-agent.c (start_connection_thread_ssh): .. here. + +2006-11-14 Werner Koch + + * command.c (bump_key_eventcounter): New. + (bump_card_eventcounter): New. + (cmd_geteventcounter): New command. + * gpg-agent.c (handle_signal): Call bump_card_eventcounter. + * findkey.c (agent_write_private_key): Call bump_key_eventcounter. + * trustlist.c (agent_reload_trustlist): Ditto. + + * command.c (post_cmd_notify, io_monitor): New. + (register_commands, start_command_handler): Register them. + +2006-11-09 Werner Koch + + * gpg-agent.c (main): In detached mode connect standard + descriptors to /dev/null. + + * trustlist.c (read_trustfiles): Make sure not to pass a zero size + to realloc as the C standards says that this behaves like free. + +2006-11-06 Werner Koch + + * protect-tool.c (my_strusage): Fixed typo. + +2006-10-23 Werner Koch + + * gpg-agent.c (main): New command --gpgconf-test. + + * minip12.c (parse_bag_encrypted_data, parse_bag_data): Allow for + a salt of 20 bytes. + +2006-10-20 Werner Koch + + * Makefile.am (t_common_ldadd): Use GPG_ERROR_LIBS instead -o just -l + +2006-10-19 Werner Koch + + * findkey.c (unprotect): Use it to avoid unnecessary calls to + agent_askpin. + * call-pinentry.c (pinentry_active_p): New. + +2006-10-17 Werner Koch + + * Makefile.am (gpg_agent_LDADD): Link to libcommonpth. + (gpg_agent_CFLAGS): New. This allows to only link this with Pth. + +2006-10-16 Werner Koch + + * call-pinentry.c (agent_get_confirmation): Map Cancel code here too. + * trustlist.c (agent_marktrusted): Return Cancel instead of + Not_Confirmed for the first question. + +2006-10-12 Werner Koch + + * protect-tool.c (get_passphrase): Fix if !HAVE_LANGINFO_CODESET. + +2006-10-06 Werner Koch + + * Makefile.am (AM_CFLAGS): Use PTH version of libassuan. + (gpg_agent_LDADD): Ditto. + + * divert-scd.c (divert_pksign): Use PKAUTH for the TLS algo. + +2006-10-05 Werner Koch + + * command.c (has_option_name): New. + (cmd_sethash): New --hash option. + * pksign.c (do_encode_raw_pkcs1): New. + (agent_pksign_do): Use it here for the TLS algo. + * agent.h (GCRY_MD_USER_TLS_MD5SHA1): New. + * divert-scd.c (pksign): Add case for tls-md5sha1. + + * divert-scd.c (encode_md_for_card): Check that the algo is valid. + +2006-10-04 Werner Koch + + * call-pinentry.c (agent_get_passphrase): Changed to return the + unencoded passphrase. + (agent_askpin, agent_get_passphrase, agent_get_confirmation): Need + to map the cancel error. + * command.c (send_back_passphrase): New. + (cmd_get_passphrase): Use it here. Also implement --data option. + (skip_options): New. + +2006-09-26 Werner Koch + + * learncard.c (agent_handle_learn): Send back the keypair + information. + +2006-09-25 Werner Koch + + * trustlist.c (read_one_trustfile): Allow extra flags. + (struct trustitem_s): Replaced KEYFLAGS by a FLAGS struct. + Changed all code to use this. + (agent_istrusted): New arg CTRL. Changed all callers. Send back + flags. + * command.c (agent_write_status): New. + +2006-09-20 Werner Koch + + * Makefile.am: Changes to allow parallel make runs. + +2006-09-15 Werner Koch + + * trustlist.c: Entirely rewritten. + (agent_trustlist_housekeeping): Removed and removed all calls. + +2006-09-14 Werner Koch + + Replaced all call gpg_error_from_errno(errno) by + gpg_error_from_syserror(). + + * call-pinentry.c (start_pinentry): Replaced pipe_connect2 by + pipe_connect_ext. + * call-scd.c (start_scd): Ditto. + * command.c (start_command_handler): Replaced + init_connected_socket_server by init_socket_server_ext. + +2006-09-13 Werner Koch + + * preset-passphrase.c (main) [W32]: Check for WSAStartup error. + +2006-09-08 Werner Koch + + * call-scd.c: Add signal.h as we are referencing SIGUSR2. + +2006-09-06 Marcus Brinkmann + + * Makefile.am (AM_CFLAGS): Add $(GPG_ERR_CFLAGS). + (gpg_agent_LDADD): Replace -lgpg-error with $(GPG_ERROR_LIBS). + +2006-09-06 Werner Koch + + * query.c: Renamed to .. + * call-pinentry.c: .. this. + + * agent.h (out_of_core): Removed. + (CTRL): Removed and changed everywhere to ctrl_t. + + Replaced all Assuan error codes by libgpg-error codes. Removed + all map_to_assuan_status and map_assuan_err. + + * gpg-agent.c (main): Call assuan_set_assuan_err_source to have Assuan + switch to gpg-error codes. + * command.c (set_error): Adjusted. + +2006-09-04 Werner Koch + + * command.c (percent_plus_unescape): New. + (cmd_get_val, cmd_putval): New. + +2006-08-29 Werner Koch + + * command-ssh.c (stream_read_mpi): Sanity check for early + detecting of too large keys. + * gpg-agent.c (my_gcry_outofcore_handler): New. + (main): Register it. + (main): No allocate 32k secure memory (was 16k). + +2006-07-31 Werner Koch + + * preset-passphrase.c (make_hexstring): For consistency use + xtrymalloc and changed caller to use xfree. Fixed function + comment. + +2006-07-29 Marcus Brinkmann + + * preset-passphrase.c (preset_passphrase): Do not strip off last + character of passphrase. + (make_hexstring): New function. + * command.c (cmd_preset_passphrase): Use parse_hexstring to syntax + check passphrase argument. Truncate passphrase at delimiter. + +2006-07-24 Werner Koch + + * minip12.c (build_key_bag): New args SHA1HASH and + KEYIDSTR. Append bag Attributes if these args are given. + (build_cert_sequence): ditto. + (p12_build): Calculate certificate hash and pass to build + functions. + +2006-07-21 Werner Koch + + * minip12.c (oid_pkcs_12_keyBag): New. + (parse_bag_encrypted_data): New arg R_RESULT. Support keybags and + return the key object. + (p12_parse): Take new arg into account. Free RESULT on error. + +2006-06-26 Werner Koch + + * gpg-agent.c (handle_signal): Print info for SIGUSR2 only in + verbose mode. + +2006-06-22 Werner Koch + + * command-ssh.c (make_cstring): Use memcpy instead of strncpy. + (ssh_receive_mpint_list, sexp_key_extract, data_sign): Use + xtrycalloc instead of xtrymalloc followed by memset. + +2006-06-20 Werner Koch + + * minip12.c (create_final): New arg PW. Add code to calculate the + MAC. + +2006-06-09 Marcus Brinkmann + + * Makefile.am (gpg_agent_LDADD): Add $(NETLIBS). + (gpg_protect_tool_LDADD): Likewise. + (gpg_preset_passphrase_LDADD): Likewise. + +2006-04-09 Moritz Schulte + + * command-ssh.c (ssh_request_process): Removed FIXME mentioning a + possible DoS attack. + +2006-04-01 Moritz Schulte + + * command-ssh.c (ssh_identity_register): Make KEY_GRIP_RAW be 20 + instead of 21 bytes long; do not fill KEY_GRIP_RAW[20] with NUL + byte - KEY_GRIP_RAW is a raw binary string anyway. + +2006-02-09 Werner Koch + + * call-scd.c (struct scd_local_s): New field next_local. + (scd_local_list): New. + (start_scd): Put new local into list. + (agent_reset_scd): Remove it from the list. + (agent_scd_check_aliveness): Here is the actual reason why we need + all this stuff. + (agent_reset_scd): Send the new command RESTART instead of RESET. + +2005-12-16 Werner Koch + + * minip12.c (cram_octet_string): New + (p12_parse): Use it for NDEFed bags. + (parse_bag_data): Ditto. + (string_to_key, set_key_iv, crypt_block): New arg SALTLEN. + (p12_build): Use old value 8 for new arg. + (parse_bag_encrypted_data, parse_bag_data): Allow for salts of 8 + to 16 bytes. Add new arg R_CONSUMED. + +2005-11-24 Werner Koch + + * minip12.c (p12_parse): Fixed for case that the key object comes + prior to the certificate. + +2005-10-19 Werner Koch + + * divert-scd.c (getpin_cb): Hack to use it for a keypad message. + + * call-scd.c (inq_needpin): Reworked to support the new KEYPADINFO. + + * query.c (start_pinentry): Keep track of the owner. + (popup_message_thread, agent_popup_message_start) + (agent_popup_message_stop, agent_reset_query): New. + * command.c (start_command_handler): Make sure a popup window gets + closed. + +2005-10-08 Marcus Brinkmann + + * Makefile.am (gpg_protect_tool_LDADD): Add ../gl/libgnu.a. + (gpg_preset_passphrase_LDADD, t_common_ldadd): Likewise. + (gpg_agent_LDADD): Add ../gl/libgnu.a after ../common/libcommon.a. + +2005-09-16 Werner Koch + + * minip12.c (build_key_sequence, build_cert_sequence): Fixed + padding. + +2005-09-15 Moritz Schulte + + * t-protect.c (test_agent_protect): Implemented. + (main): Disable use of secure memory. + +2005-09-09 Werner Koch + + * minip12.c (p12_build): Oops, array needs to be larger for the + certificate. + (build_cert_bag): Fixed yesterdays change. + + * command-ssh.c (card_key_available): Let the card handler decide + whether the card is supported here. Also get a short serial + number to return from the card handler. + +2005-09-08 Werner Koch + + * minip12.c (build_cert_bag): Use a non constructed object. + i.e. 0x80 and not 0xa0. + +2005-08-16 Werner Koch + + * gpg-agent.c (main): Use a default file name for --write-env-file. + +2005-07-25 Werner Koch + + * findkey.c (agent_public_key_from_file): Fixed array assignment. + This was the cause for random segvs. + +2005-06-29 Werner Koch + + * command-ssh.c (data_sign): Removed empty statement. + +2005-06-21 Werner Koch + + * minip12.c (create_final): Cast size_t to ulong for printf. + (build_key_bag, build_cert_bag, build_cert_sequence): Ditto. + +2005-06-16 Werner Koch + + * protect-tool.c (make_advanced): Makde RESULT a plain char. + * call-scd.c (unescape_status_string): Need to cast unsigned char* + for strcpy. + (agent_card_pksign): Made arg R_BUF an unsigned char**. + * divert-scd.c (divert_pksign): Made SIGVAL unsigned char*. + (encode_md_for_card): Initialize R_VAL and R_LEN. + * genkey.c (store_key): Made BUF unsigned. + * protect.c (do_encryption): Ditto. + (do_encryption): Made arg PROTBEGIN unsigned. Initialize RESULT + and RESULTLEN even on error. + (merge_lists): Need to cast unsigned char * for strcpy. Initialize + RESULTand RESULTLEN even on error. + (agent_unprotect): Likewise for strtoul. + (make_shadow_info): Made P and INFO plain char. + (agent_shadow_key): Made P plain char. + +2005-06-15 Werner Koch + + * query.c (agent_get_passphrase): Made HEXSTRING a char*. + * command-ssh.c (ssh_key_grip): Made arg BUFFER unsigned. + (ssh_key_grip): Simplified. + (data_sign): Initialize variables with the definition. + (ssh_convert_key_to_blob): Make sure that BLOB and BLOB_SIZE + are set to NULL on error. Cool, gcc-4 detects uninitialized stuff + beyond function boundaries; well it can't know that we do error + proper error handling so that this was not a real error. + (file_to_buffer): Likewise for BUFFER and BUFFER_N. + (data_sign): Likewise for SIG and SIG_N. + (stream_read_byte): Set B to a value even on error. + * command.c (cmd_genkey): Changed VALUE to char. + (cmd_readkey): Cast arg for gcry_sexp_sprint. + * agent.h (struct server_control_s): Made KEYGRIP unsigned. + +2005-06-13 Werner Koch + + * command-ssh.c (start_command_handler_ssh): Reset the SCD. + +2005-06-09 Werner Koch + + * gpg-agent.c (create_socket_name): New option --max-cache-ttl-ssh. + * cache.c (housekeeping): Use it. + (agent_put_cache): Use a switch to get the default ttl so that it + is easier to add more cases. + +2005-06-06 Werner Koch + + * gpg-agent.c: New option --default-cache-ttl-ssh. + * agent.h (cache_mode_t): New. + * pksign.c (agent_pksign_do): New arg CACHE_MODE to replace the + ARG IGNORE_CACHE. Changed all callers. + (agent_pksign): Ditto. + * findkey.c (agent_key_from_file): Ditto. Canged all callers. + (unprotect): Ditto. + * command-ssh.c (data_sign): Use CACHE_MODE_SSH. + * cache.c (agent_get_cache): New arg CACHE_MODE. + (agent_put_cache): Ditto. Store it in the cache. + + * query.c (agent_query_dump_state, dump_mutex_state): New. + (unlock_pinentry): Reset the global context before releasing the + mutex. + * gpg-agent.c (handle_signal): Dump query.c info on SIGUSR1. + + * call-scd.c (agent_scd_check_aliveness): Always do a waitpid and + add a timeout to the locking. + +2005-06-03 Werner Koch + + * command.c (cmd_updatestartuptty): New. + + * gpg-agent.c: New option --write-env-file. + + * gpg-agent.c (handle_connections): Make sure that the signals we + are handling are not blocked.Block signals while creating new + threads. + +2005-06-02 Werner Koch + + * call-scd.c (agent_scd_dump_state, dump_mutex_state): New. + * gpg-agent.c (handle_signal): Print it on SIGUSR1. + (handle_connections): Include the file descriptor into the + threadnames. + +2005-06-01 Werner Koch + + * gpg-agent.c: Include setenv.h. + +2005-05-31 Werner Koch + + * agent.h (out_of_core): s/__inline__/inine. Noted by Ray Link. + +2005-05-25 Werner Koch + + * gpg-agent.c (main): Do not unset the DISPLAY when we are + continuing as child. + +2005-05-24 Werner Koch + + * call-scd.c (inq_needpin): Skip leading spaces in of PIN + description. + * divert-scd.c (getpin_cb): Enhanced to cope with description + flags. + * query.c (agent_askpin): Add arg PROMPT_TEXT. Changed all + callers. + +2005-05-21 Werner Koch + + * call-scd.c (start_scd): Don't test for an alive scdaemon here. + (agent_scd_check_aliveness): New. + * gpg-agent.c (handle_tick): Test for an alive scdaemon. + (handle_signal): Print thread info on SIGUSR1. + +2005-05-20 Werner Koch + + * protect-tool.c: New option --canonical. + (show_file): Implement it. + + * keyformat.txt: Define the created-at attribute for keys. + +2005-05-18 Werner Koch + + * divert-scd.c (ask_for_card): Removed the card reset kludge. + +2005-05-17 Werner Koch + + * call-scd.c (unlock_scd): Add new arg CTRL. Changed all callers. + (start_scd): Reoworked to allow for additional connections. + * agent.h (ctrl_t): Add local data for the SCdaemon. + * command.c (start_command_handler): Release SERVER_LOCAL. + + * gpg-agent.c (create_server_socket): Use xmalloc. + (main): Removed option --disable-pth a dummy. Removed non-pth + code path. + (cleanup_sh): Removed. Not needed anymore. + +2005-05-05 Moritz Schulte + + * command-ssh.c (ssh_key_to_buffer): Rename to ... + (ssh_key_to_protected_buffer): ... this; change callers. + Improved documentation. + Use ssh_key_grip(), where gcry_pk_get_keygrip() has been used + before. + (ssh_handler_sign_request): Removed unusued variable P. + +2005-04-20 Moritz Schulte + + * command-ssh.c (ssh_handler_request_identities): Removed + debugging code (sleep call), which was commited unintenionally. + +2005-04-20 Werner Koch + + * minip12.c (parse_bag_encrypted_data): Fix the unpadding hack. + + * gpg-agent.c: New option --disable-scdaemon. + (handle_connections): Add time event to drive ... + (handle_tick): New function. + (main): Record the parent PID. Fixed segv when using ssh and a + command. + + * call-scd.c (start_scd): Take care of this option. + +2005-04-03 Moritz Schulte + + * command-ssh.c (ssh_request_spec): New member: secret_input. + (REQUEST_SPEC_DEFINE): New argument: secret_input. + (request_specs): Add secret_input flag. + (request_spec_lookup): New function ... + (ssh_request_process): ... use it here; depending on secret_input + flag allocate secure or non-secure memory. + +2005-03-02 Moritz Schulte + + * command-ssh.c (sexp_key_extract): Removed FIXME, since + xtrymallos does set errno correctly by now. + (sexp_extract_identifier): Remove const attribute from identifier. + (ssh_handler_request_identities): Remove const attribute from + key_type; removes ugly casts and FIXME. + (sexp_key_extract): Remove const attribute from comment. + (ssh_send_key_public): Remove const attribute from + key_type/comment; removes ugly cast. + (data_sign): Remove const attribute from identifier; removes ugly + cast. + (key_secret_to_public): Remove const attribute from comment; + removes ugly cast. + (ssh_handler_sign_request): Remove const attribute from p. + (sexp_key_extract): Use make_cstring(). + (ssh_key_extract_comment): Likewise. + (ssh_key_to_buffer): Use secure memory for memory area to hold the + key S-Expression. + Added more comments. + +2005-02-25 Werner Koch + + * findkey.c (modify_description): Keep invalid % escapes, so that + %0A may pass through. + + * agent.h (server_control_s): New field USE_AUTH_CALL. + * call-scd.c (agent_card_pksign): Make use of it. + * command-ssh.c (data_sign): Set the flag. + (ssh_send_key_public): New arg OVERRIDE_COMMENT. + (card_key_available): Add new arg CARDSN. + (ssh_handler_request_identities): Use the card s/n as comment. + (sexp_key_extract): Use GCRYMPI_FMT_STD. + (data_sign): Ditto. + + * learncard.c (make_shadow_info): Moved to .. + * protect.c (make_shadow_info): .. here. Return NULL on malloc + failure. Made global. + * agent.h: Add prototype. + +2005-02-24 Werner Koch + + * call-scd.c (unescape_status_string): New. Actual a copy of + ../g10/call-agent.c + (card_getattr_cb, agent_card_getattr): New. + + * command-ssh.c (card_key_available): New. + (ssh_handler_request_identities): First see whether a card key is + available. + + * gpg-agent.c (handle_connections): Need to check for events if + select returns with -1. + +2005-02-23 Werner Koch + + * command-ssh.c (get_passphrase): Removed. + (ssh_identity_register): Partly rewritten. + (open_control_file, search_control_file, add_control_entry): New. + (ssh_handler_request_identities): Return only files listed in our + control file. + + * findkey.c (unprotect): Check for allocation error. + + * agent.h (opt): Add fields to record the startup terminal + settings. + * gpg-agent.c (main): Record them and do not force keep display + with --enable-ssh-support. + * command-ssh.c (start_command_handler_ssh): Use them here. + + * gpg-agent.c: Renamed option --ssh-support to + --enable-ssh-support. + + * command.c (cmd_readkey): New. + (register_commands): Register new command "READKEY". + + * command-ssh.c (ssh_request_process): Improved logging. + + * findkey.c (agent_write_private_key): Always use plain open. + Don't depend on an umask for permissions. + (agent_key_from_file): Factored file reading code out to .. + (read_key_file): .. new function. + (agent_public_key_from_file): New. + +2005-02-22 Werner Koch + + * command-ssh.c (stream_read_string): Removed call to abort on + memory error because the CVS version of libgcrypt makes sure + that ERRNO gets always set on error even with a faulty user + supplied function. + +2005-02-19 Moritz Schulte + + * command-ssh.c (ssh_receive_mpint_list): Slightly rewritten, do + not use elems_secret member of key_spec. + (ssh_key_type_spec): Removed member: elems_secret. + (ssh_key_types): Removed elems_secret data. + (ssh_sexp_construct): Renamed to ... + (sexp_key_construct): ... this; changed callers. + (ssh_sexp_extract): Renamed to ... + (sexp_key_extract): ... this; changed callers. + (ssh_sexp_extract_key_type): Renamed to ... + (sexp_extract_identifier): ... this; changed callers; use + make_cstring(). + Added more comments. + +2005-02-18 Moritz Schulte + + * command-ssh.c (ssh_sexp_construct): Rewritten generation of sexp + template, clarified. + (ssh_sexp_extract): Support shadowed-private-key-sexp; treat + protected-private key and shadowed-private-key as public keys. + (key_secret_to_public): Rewritten: simply use ssh_sexp_extract() + and ssh_sexp_construct(). + +2005-02-15 Werner Koch + + * findkey.c (modify_description): Don't increment OUT_LEN during + the second pass. + +2005-02-14 Moritz Schulte + + * command-ssh.c (es_read_byte): Renamed to ... + (stream_es_read_byte): ... this; changed callers. + (es_write_byte): Renamed to ... + (stream_write_byte): ... this; changed callers. + (es_read_uint32): Renamed to ... + (stream_read_uint32): ... this; changed callers. + (es_write_uint32): Renamed to ... + (stream_write_uint32): ... this; changed callers. + (es_read_data): Renamed to ... + (stream_read_data): ... this; changed callers. + (es_write_data): Renamed to ... + (stream_write_data): ... this; changed callers. + (es_read_string): Renamed to ... + (stream_read_string): ... this; changed callers. + (es_read_cstring): Renamed to ... + (stream_read_cstring): ... this; changed callers. + (es_write_string): Renamed to ... + (stream_write_string): ... this; changed callers. + (es_write_cstring): Renamed to ... + (stream_write_cstring): ... this; changed callers. + (es_read_mpi): Renamed to ... + (stream_read_mpi): ... this; changed callers. + (es_write_mpi): Renamed to ... + (stream_write_mpi): ... this; changed callers. + (es_copy): Renamed to ... + (stream_copy): ... this; changed callers. + (es_read_file): Renamed to ... + (file_to_buffer): ... this; changed callers. + (ssh_identity_register): Removed variable description_length; + changed code to use asprintf for description. + (stream_write_uint32): Do not filter out the last byte of shift + expression. + (uint32_construct): New macro ... + (stream_read_uint32): ... use it; removed unnecessary cast. + +2005-02-03 Werner Koch + + * agent.h (agent_exit): Add JNLIB_GCC_A_NR to indicate that this + function won't return. + + * gpg-agent.c (check_for_running_agent): Initialize pid to a + default value if not needed. + + * command-ssh.c: Removed stdint.h. s/byte_t/unsigned char/, + s/uint32/u32/ becuase that is what we have always used in GnuPG. + (ssh_request_specs): Moved to top of file. + (ssh_key_types): Ditto. + (make_cstring): Ditto. + (data_sign): Don't use a variable for the passphrase prompt, make + it translatable. + (ssh_request_process): + + + * findkey.c (modify_description): Renamed arguments for clarity, + polished documentation. Make comment a C-string. Fixed case of + DESCRIPTION being just "%". + (agent_key_from_file): Make sure comment string to a C-string. + + * gpg-agent.c (create_socket_name): Cleanup the implemntation, use + DIMof, agent_exit, removed superflous args and return the + allocated string as value. Documented. Changed callers. + (create_server_socket): Cleanups similar to above. Changed callers. + (cleanup_do): Renamed to .. + (remove_socket): .. this. Changed caller. + (handle_connections): The signals are to be handled in the select + and not in the accept. Test all FDs after returning from a + select. Remove the event tests from the accept calls. The select + already assured that the accept won't block. + +2005-01-29 Moritz Schulte + + * command-ssh.c (ssh_handler_request_identities) + (ssh_handler_sign_request, ssh_handler_add_identity) + (ssh_handler_remove_identity, ssh_handler_remove_all_identities) + (ssh_handler_lock, ssh_handler_unlock): Changed to return an error + code instead of a boolean. + (ssh_request_process): Changed to return a boolean instead of an + error; adjust caller. + (ssh_request_handle_t): Adjusted type. + (ssh_request_spec): New member: identifier. + (REQUEST_SPEC_DEFINE): New macro; use it for initialization of + request_specs[]. + (ssh_request_process): In debugging mode, log identifier of + handler to execute. + (start_command_handler_ssh): Moved most of the stream handling + code ... + (ssh_request_process): ... here. + +2005-01-28 Moritz Schulte + + * command-ssh.c (ssh_handler_add_identity): Pass ctrl to + ssh_identity_register(). + (ssh_identity_register): New argument: ctrl; pass ctrl to + get_passphrase(). + (get_passphrase): Pass ctrl instead of NULL to agent_askpin(). + (start_command_handler_ssh): Use agent_init_default_ctrl(); + deallocate structure members, which might be dynamically + allocated. + (lifetime_default): Removed variable. + (ssh_handler_add_identity): Fix ttl handling; renamed variable + `death' to `ttl'. + (ssh_identity_register): Fix key grip handling. + +2005-01-26 Moritz Schulte + + * command-ssh.c (ssh_handler_sign_request): Confirm to agent + protocol in case of failure. + + * command-ssh.c: New file. + + * Makefile.am (gpg_agent_SOURCES): New source file: command-ssh.c. + + * findkey.c (modify_description): New function. + (agent_key_from_file): Support comment field in key s-expressions. + + * gpg-agent.c (enum cmd_and_opt_values): New item: oSSHSupport. + (opts) New entry for oSSHSupport. + New variable: socket_name_ssh. + (cleanup_do): New function based on cleanup(). + (cleanup): Use cleanup_do() for socket_name and socket_name_ssh. + (main): New switch case for oSSHSupport. + (main): Move socket name creation code to ... + (create_socket_name): ... this new function. + (main): Use create_socket_name() for creating socket names for + socket_name and for socket_name_ssh in case ssh support is + enabled. + Move socket creation code to ... + (create_server_socket): ... this new function. + (main): Use create_server_socket() for creating sockets. + In case standard_socket is set, do not only store a socket name in + socket_name, but also in socket_name_ssh. + Generate additional environment info strings for ssh support. + Pass additional ssh socket argument to handle_connections. + (start_connection_thread_ssh): New function. + (handle_connections): Use select to multiplex between gpg-agent + and ssh-agent protocol. + + * agent.h (struct opt): New member: ssh_support. + (start_command_handler_ssh): Add prototype. + +2005-01-04 Werner Koch + + * trustlist.c (agent_marktrusted): Use "Cancel" for the first + confirmation and made the strings translatable. + + * cache.c (agent_put_cache): Fix the test for using the default + TTL. + +2004-12-21 Werner Koch + + * preset-passphrase.c (preset_passphrase): Handle --passphrase. + + * Makefile.am (gpg_preset_passphrase_LDADD): Reorder libs so that + pwquery may use stuff from jnlib. Conditionally add -lwsock2 + (gpg_protect_tool_LDADD): Ditto. + + * preset-passphrase.c (main): Use default_homedir(). + (main) [W32]: Initialize sockets. + +2004-12-21 Marcus Brinkmann + + * Makefile.am (libexec_PROGRAMS): Add gpg-preset-passphrase. + (gpg_preset_passphrase_SOURCES, gpg_preset_passphrase_LDADD): New + targets. + * agent.h (opt): New member allow_cache_passphrase. + * cache.c (housekeeping): Check if R->ttl is not negative. + (agent_put_cache): Allow ttl to be negative. + * command.c (parse_hexstring): Allow something to follow the + hexstring. + (cmd_cache_passphrase): New function. + (register_commands): Add it. + * gpg-agent.c: Handle --allow-preset-passphrase. + * preset-passphrase.c: New file. + +2004-12-21 Werner Koch + + * gpg-agent.c (main): Use default_homedir(). + * protect-tool.c (main): Ditto. + +2004-12-20 Werner Koch + + * gpg-agent.c (main) [W32]: Now that Mutexes work we can remove + the pth_init kludge. + (main): Add new options --[no-]use-standard-socket. + (check_for_running_agent): Check whether it is running on the + standard socket. + + * call-scd.c (init_membuf, put_membuf, get_membuf): Removed. We + now use the identical implementation from ../common/membuf.c. + + * pksign.c (agent_pksign): Changed arg OUTFP to OUTBUF and use + membuf functions to return the value. + * pkdecrypt.c (agent_pkdecrypt): Ditto. + * genkey.c (agent_genkey): Ditto. + * command.c (cmd_pksign, cmd_pkdecrypt, cmd_genkey): Replaced + assuan_get_data_fp() by a the membuf scheme. + (clear_outbuf, write_and_clear_outbuf): New. + +2004-12-19 Werner Koch + + * query.c (initialize_module_query): New. + * call-scd.c (initialize_module_call_scd): New. + * gpg-agent.c (main): Call them. + +2004-12-18 Werner Koch + + * gpg-agent.c (main): Remove special Pth initialize. + + * agent.h (map_assuan_err): Define in terms of + map_assuan_err_with_source. + +2004-12-17 Moritz Schulte + + * query.c: Undo change from 2004-12-05. + +2004-12-15 Werner Koch + + * gpg-agent.c [W32]: Various hacks to make it work. + + * findkey.c (agent_write_private_key) [W32]: Adjust open call. + + * call-scd.c (start_scd) [W32]: Don't check whether the daemon + didn't died. To hard to do under Windows. + (start_scd) [W32]: Disable sending of the event signal option. + + * protect-tool.c (read_file, export_p12_file) [W32]: Use setmode + to get stdout and stin into binary mode. + +2004-12-05 Moritz Schulte + + * query.c (start_pinentry): Allow CTRL be NULL. + +2004-10-22 Werner Koch + + * gpg-agent.c (parse_rereadable_options): Return "not handled" + when the log file has not beend hadled. This is will let the main + option processing continue. Fixed a bug introduced on 2004-09-4 + resulting in logging to stderr until a HUP has been given. + (main): Don't close the listen FD. + +2004-09-30 Werner Koch + + * Makefile.am: Adjusted from gettext 1.14. + +2004-09-29 Werner Koch + + * minip12.c (parse_bag_encrypted_data): Print error if a bad + passphrase has been given. + +2004-09-28 Werner Koch + + * protect.c (agent_unprotect): Fixed wiping of CLEARTEXT. Thanks + to Moritz for pointing this out. + +2004-09-25 Moritz Schulte + + * agent.h: Declare: agent_pksign_do. + (struct server_control_s): New member: raw_value. + + * pksign.c (do_encode_md): New argument: raw_value; support + generation of raw (non-pkcs1) data objects; adjust callers. + (agent_pksign_do): New function, based on code ripped + out from agent_pksign. + (agent_pksign): Use agent_pksign_do. + + * command.c (start_command_handler): Set ctrl.digest.raw_value. + +2004-09-09 Werner Koch + + * gpg-agent.c (check_for_running_agent): New. + (main): The default action is now to check for an already running + agent. + (parse_rereadable_options): Set logfile only on reread. + (main): Do not print the "is development version" note. + +2004-08-20 Werner Koch + + * gpg-agent.c: New option --max-cache-ttl. Suggested by Alexander + Belopolsky. + * cache.c (housekeeping): Use it here instead of the hardwired + default of 1 hour. + + * query.c (start_pinentry): Use a timeout for the pinentry lock. + +2004-08-18 Werner Koch + + * protect-tool.c (get_passphrase): Make sure that the default + prompts passed to gpg-agent are utf-8 encoded. Add new prompt values. + (import_p12_file, import_p12_file, export_p12_file): Changed calls + to get_passphrase so that better prompts are displayed. + (get_new_passphrase): New. + +2004-07-22 Werner Koch + + * trustlist.c (read_list): Allow colons in the fingerprint. + (headerblurb): Rephrased. + + * gpg-agent.c (handle_connections): Increase the stack size ot 256k. + +2004-06-20 Moritz Schulte + + * gpg-agent.c: Include (build fix for BSD). + +2004-05-11 Werner Koch + + * gpg-agent.c (handle_signal): Reload the trustlist on SIGHUP. + (start_connection_thread): Hack to simulate a ticker. + * trustlist.c (agent_trustlist_housekeeping) + (agent_reload_trustlist): New. Protected all global functions + here with a simple counter which is sufficient for Pth. + +2004-05-03 Werner Koch + + * gpg-agent.c: Remove help texts for options lile --lc-ctype. + (main): New option --allow-mark-trusted. + * trustlist.c (agent_marktrusted): Use it here. + +2004-04-30 Werner Koch + + * protect-tool.c: New option --enable-status-msg. + (store_private_key): Print status messages for imported keys. + (read_and_unprotect): Ditto for bad passphrase. + + * gpg-agent.c (parse_rereadable_options): New arg REREAD. Allow + changing oLogFile. + (current_logfile): New. + +2004-04-26 Werner Koch + + * call-scd.c (start_scd): Do not register an event signal if we + are running as a pipe server. + +2004-04-21 Werner Koch + + * call-scd.c (start_scd): Send event-signal option. Always check + that the scdaemon is still running. + + * gpg-agent.c (handle_signal): Do not use SIGUSR{1,2} anymore for + changing the verbosity. + +2004-04-16 Werner Koch + + * gpg-agent.c (main): Tell the logging code that we are running + detached. + +2004-04-06 Werner Koch + + * gpg-agent.c (main): Use new libgcrypt thread library register + scheme. + +2004-03-23 Marcus Brinkmann + + * gpg-agent.c (main): For now, always print the default config + file name for --gpgconf-list. + +2004-03-17 Werner Koch + + * gpg-agent.c (main) : Fixed default value quoting. + +2004-03-16 Werner Koch + + * gpg-agent.c (parse_rereadable_options): Use the new + DEFAULT_CACHE_TTL macro. + (main): Updated --gpgconf-list output. + +2004-02-21 Werner Koch + + * command.c (cmd_passwd): Take acount of a key description. + + * genkey.c (reenter_compare_cb): Do not set the error text. + (agent_protect_and_store, agent_genkey): Force a re-enter after a + non-matching passphrase. + * query.c (agent_askpin): Add new arg INITIAL_ERRTEXT; changed + all callers. + +2004-02-19 Werner Koch + + * protect-tool.c: New options --have-cert and --prompt. + (export_p12_file): Read a certificate from STDIN and pass it to + p12_build. Detect a keygrip and construct the filename in that + case. Unprotcet a key if needed. Print error messages for key + formats we can't handle. + (release_passphrase): New. + (get_passphrase): New arg PROMPTNO. Return the allocated + string. Changed all callers. + + * minip12.c: Revamped the build part. + (p12_build): New args CERT and CERTLEN. + +2004-02-18 Werner Koch + + * protect-tool.c (main): Setup the used character set. + * gpg-agent.c (main): Ditto. + + * gpg-agent.c (set_debug): New. New option --debug-level. + (main): New option --gpgconf-list. + +2004-02-17 Werner Koch + + * pksign.c (do_encode_md): Cleaned up by using gcry_sexp_build. + + * Makefile.am (gpg_protect_tool_SOURCES): Removed + simple-pwquery.[ch], as we once moved it to ../common. + +2004-02-13 Werner Koch + + * command.c (cmd_setkeydesc): New. + (register_commands): Add command SETKEYDESC. + (cmd_pksign, cmd_pkdecrypt): Use the key description. + (reset_notify): Reset the description. + * findkey.c (unprotect): Add arg DESC_TEXT. + (agent_key_from_file): Ditto. + * pksign.c (agent_pksign): Ditto. + * pkdecrypt.c (agent_pkdecrypt): Ditto. Made CIPHERTEXT an + unsigned char*. + + * protect-tool.c (main): New options --no-fail-on-exist, --homedir. + (store_private_key): Use them here. + +2004-02-12 Werner Koch + + * protect-tool.c (read_file, main): Allow reading from stdin. + + * Makefile.am: Include cmacros.am for common flags. + (libexec_PROGRAMS): Put gpg-protect-tool there. + +2004-02-10 Werner Koch + + * minip12.c (parse_bag_encrypted_data): Finished implementation. + (p12_parse): Add callback args. + * protect-tool.c (import_p12_cert_cb): New. + (import_p12_file): Use it. + +2004-02-06 Werner Koch + + * minip12.c (crypt_block): Add arg CIPHER_ALGO; changed all callers. + (set_key_iv): Add arg KEYBYTES; changed caller. + +2004-02-03 Werner Koch + + * findkey.c (agent_key_from_file): Extra paranoid wipe. + * protect.c (agent_unprotect): Ditto. + (merge_lists): Ditto. Add arg RESULTLEN. + * pkdecrypt.c (agent_pkdecrypt): Don't show the secret key even in + debug mode. + + * protect.c: Add DSA and Elgamal description. + +2004-01-29 Werner Koch + + * agent.h (server_control_s): Add connection_fd field. + * command.c (start_command_handler): Init it here. + * gpg-agent.c (agent_init_default_ctrl): and here. + * call-scd.c: Add the CTRL arg to all functions calling start_scd + and pass it to start_scd. Changed all callers + (start_scd): Keep track of the current active connection. + (agent_reset_scd): New. + * command.c (start_command_handler): Call it here. + * learncard.c (agent_handle_learn): Add arg CTRL; changed caller. + (send_cert_back): Ditto. + +2004-01-28 Werner Koch + + * trustlist.c (agent_marktrusted): Check whether the trustlist is + writable. + +2004-01-27 Werner Koch + + * sexp-parse.h: Moved to ../common. + +2004-01-24 Werner Koch + + * call-scd.c (atfork_cb): New. + (start_scd): Make sure secmem gets cleared. + * query.c (atfork_cb): New. + (start_pinentry): Make sure secmem gets cleared. + +2004-01-16 Werner Koch + + * findkey.c (agent_key_from_file): Now return an error code so + that we have more detailed error messages in the upper layers. + This fixes the handling of pinentry's cancel button. + * pksign.c (agent_pksign): Changed accordingly. + * pkdecrypt.c (agent_pkdecrypt): Ditto. + * command.c (cmd_passwd): Ditto. + +2003-12-16 Werner Koch + + * gpg-agent.c (main): Set the prefixes for assuan logging. + +2003-12-15 Werner Koch + + * protect.c (do_encryption): Use gcry_create_nonce instad of the + obsolete WEAK_RANDOM. + +2003-11-20 Werner Koch + + * sexp-parse.h (snext): Don't use atoi_1 and digitp macros, so + that this file is useful by other applications too. + +2003-10-27 Werner Koch + + * command.c (cmd_get_confirmation): New command. + +2003-08-20 Timo Schulz + + * pksign.c (do_encode_md): Allocate enough space. Cast md + byte to unsigned char to prevent sign extension. + +2003-08-14 Timo Schulz + + * pksign.c (do_encode_md): Due to the fact pkcs#1 padding + is now in Libgcrypt, use the new interface. + +2003-07-31 Werner Koch + + * Makefile.am (gpg_agent_LDADD): Added INTLLIBS. + (gpg_protect_tool_SOURCES): Added simple-pwquery.[ch] + +2003-07-27 Werner Koch + + Adjusted for gcry_mpi_print and gcry_mpi_scan API change. + +2003-07-15 Werner Koch + + * simple-pwquery.c, simple-pwquery.h: Moved to ../common. + * Makefile.am (gpg_protect_tool_LDADD): Add simple-pwquery.o. + Removed it from xx_SOURCES. + +2003-07-04 Werner Koch + + * gpg-agent.c (handle_connections): Kludge to allow use of Pth 1 + and 2. + +2003-06-30 Werner Koch + + * call-scd.c (learn_status_cb): Store the serialno in PARM. + +2003-06-26 Werner Koch + + * call-scd.c (agent_card_serialno): Don't do a RESET anymore. + +2003-06-25 Werner Koch + + * command.c (cmd_scd): New. + * call-scd.c (agent_card_scd): New. + * divert-scd.c (divert_generic_cmd): New + + * call-scd.c (agent_card_learn): New callback args SINFO. + (learn_status_cb): Pass all other status lines to the sinfo + callback. + * learncard.c (release_sinfo, sinfo_cb): New. + (agent_handle_learn): Pass the new cb to the learn function and + pass the collected information back to the client's assuan + connection. + + * gpg-agent.c (main): Moved pth_init before gcry_check_version. + +2003-06-24 Werner Koch + + * gpg-agent.c (handle_connections): Adjusted for Pth 2.0 + + Adjusted for changes in the libgcrypt API. Some more fixes for the + libgpg-error stuff. + +2003-06-04 Werner Koch + + Renamed error codes from INVALID to INV and removed _ERROR suffixes. + +2003-06-03 Werner Koch + + Changed all error codes in all files to the new libgpg-error scheme. + + * agent.h: Include gpg-error.h and errno.h + * Makefile.am: Link with libgpg-error + + * query.c: assuan.h is now a system header. + * genkey.c (agent_genkey): Fixed silly use of xmalloc by + xtrymalloc. + +2003-04-29 Werner Koch + + * command.c (register_commands): Adjusted for new Assuan semantics. + + * Makefile.am: Don't override LDFLAGS. + +2002-12-04 Werner Koch + + * gpg-agent.c: New variable config_filename. + (parse_rereadable_options): New. + (main): Use it here. Add setting of default values, set + config_filename. + (reread_configuration): Filled with actual code. + +2002-12-03 Werner Koch + + * protect-tool.c (read_key): Don't run make_canonical on a NULL + buffer. + + * command.c (parse_hexstring): New. + (cmd_sethash): Use it. + (parse_keygrip): New. + (cmd_havekey, cmd_sigkey): Use it. + (cmd_passwd): New. + * genkey.c (agent_protect_and_store): New. + (store_key): Add arg FORCE. + (agent_genkey): Pass false to this force of store_key. + +2002-11-13 Werner Koch + + * gpg-agent.c (main): Switch all messages to utf-8. + + * simple-pwquery.c (agent_send_all_options): Use $GPG_TTY and + stdin with ttyname. + + * cache.c (new_data): Uiih - /sizeof d/sizeof *d/. + +2002-11-10 Werner Koch + + * command.c (option_handler): Fix keep_tty check. + +2002-11-06 Werner Koch + + * gpg-agent.c (main): Make sure we have a default ttyname. + * command.c (option_handler): Check opt.keep_tty here + * query.c (start_pinentry): but not anymore here. + +2002-11-05 Werner Koch + + * agent.h (opt,server_control_s): Move display and lc_ variables + to the control struct so that they are per connection. + * gpg-agent.c (agent_init_default_ctrl): New. + (main): Assign those command line options to new default_* variables. + Reset DISPLAY in server mode so that tehre is no implicit default. + * command.c (start_command_handler): Initialize and deinitialize + the control values. + (option_handler): Work on the ctrl values and not on the opt. + * query.c (start_pinentry): New argument CTRL to set the display + connection specific. Changed all callers to pass this value. + (agent_askpin,agent_get_passphrase,agent_get_confirmation): Add + CTRL arg and pass it ot start_pinentry. + * command.c (cmd_get_passphrase): Pass CTRL argument. + * trustlist.c (agent_marktrusted): Add CTRL argument + * command.c (cmd_marktrusted): Pass CTRL argument + * divert-scd.c (ask_for_card): Add CTRL arg. + (divert_pksign,divert_pkdecrypt): Ditto. Changed caller. + (getpin_cb): Use OPAQUE to pass the CTRL variable. Changed both + users. + * findkey.c (unprotect): Add CTRL arg. + (agent_key_from_file): Ditto. + + * query.c (unlock_pinentry): Disconnect the pinentry so that we + start a new one for each request. This is required to support + clients with different environments (e.g. X magic cookies). + +2002-09-05 Neal H. Walfield + + * gpg-agent.c (main) [USE_GNU_PTH]: No need to call + assuan_set_io_func as assuan is smart. + +2002-09-25 Werner Koch + + * gpg-agent.c (handle_signal): Flush cache on SIGHUP. + * cache.c (agent_flush_cache): New. + + * gpg-agent.c, agent.h: Add --keep-display and --keep-tty. + * query.c (start_pinentry): Implement them. The option passing + needs more thoughts. + +2002-09-09 Werner Koch + + * gpg-agent.c (create_private_keys_directory) + (create_directories): New. + (main): Try to create a home directory. + +2002-09-04 Neal H. Walfield + + * gpg-agent.c (main): Use sigaction, not signal. + +2002-09-03 Neal H. Walfield + + * findkey.c: Include . + (agent_write_private_key): Prefer POSIX compatibity, open and + fdopen, over the simplicity of GNU extensions, fopen(file, "x"). + +2002-08-22 Werner Koch + + * query.c (agent_askpin): Provide the default desc text depending + on the pininfo. Do the basic PIN verification only when + min_digits is set. + +2002-08-21 Werner Koch + + * query.c (agent_askpin): Hack to show the right default prompt. + (agent_get_passphrase): Ditto. + + * trans.c: Removed and replaced all usages with standard _() + + * divert-scd.c (getpin_cb): Pass a more descritive text to the + pinentry. + + * Makefile.am: Renamed the binary protect-tool to gpg-protect-tool. + * protect-tool.c: Removed the note about internal use only. + + * gpg-agent.c (main): New option --daemon so that the program is + not accidently started in the background. + +2002-08-16 Werner Koch + + * call-scd.c (learn_status_cb): Handle CERTINFO status. + (agent_card_learn): Add args for certinfo cb. + * learncard.c (release_certinfo,certinfo_cb): New. + (send_cert_back): New. With factored out code from .. + (agent_handle_learn): here. Return certinfo stuff. + +2002-07-26 Werner Koch + + * gpg-agent.c (main): New option --ignore-cache-for-signing. + * command.c (option_handler): New server option + use-cache-for-signing defaulting to true. + (cmd_pksign): handle global and per session option. + * findkey.c (agent_key_from_file, unprotect): New arg + ignore_cache. Changed all callers. + * pksign.c (agent_pksign): Likewise. + +2002-06-29 Werner Koch + + * query.c (start_pinentry): Use GNUPG_DERAULT_PINENTRY. + * call-scd.c (start_scd): Use GNUPG_DEFAULT_SCDAEMON. + +2002-06-28 Werner Koch + + * protect-tool.c (export_p12_file): New. + (main): New command --p12-export. + * minip12.c (create_final,p12_build,compute_tag_length): New. + (store_tag_length): New. + +2002-06-27 Werner Koch + + * minip12.c (crypt_block): Renamed from decrypt_block, add arg to + allow encryption. + + * Makefile.am (pkglib_PROGRAMS): Put protect-tool there. + + * findkey.c (agent_write_private_key,agent_key_from_file) + (agent_key_available): Use GNUPG_PRIVATE_KEYS_DIR constant. + * gpg-agent.c (main): Use GNUPG_DEFAULT_HOMEDIR constant. + + * protect-tool.c (store_private_key): New. + (import_p12_file): Store the new file if requested. + (main): New options --force and --store. + + * gpg-agent.c (main): Set a global flag when running detached. + * query.c (start_pinentry): Pass the list of FD to keep in the + child when not running detached. + * call-scd.c (start_scd): Ditto. + +2002-06-26 Werner Koch + + * command.c (cmd_istrusted, cmd_listtrusted, cmd_marktrusted) + (cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_get_passphrase) + (cmd_learn): Print an error message for a failed operation. + + * simple-pwquery.c, simple-pwquery.h: New. + * protect-tool. (get_passphrase): New, used to get a passphrase + from the agent if none was given on the command line. + +2002-06-25 Werner Koch + + * protect-tool.c (rsa_key_check): New. + (import_p12_file): New. + (main): New command --p12-import. + * minip12.c, minip12.h: New. + +2002-06-24 Werner Koch + + * protect-tool.c (read_file): New. + (read_key): Factored most code out to read_file. + +2002-06-17 Werner Koch + + * agent.h: Add a callback function to the pin_entry_info structure. + * query.c (agent_askpin): Use the callback to check for a correct + PIN. Removed the start_err_text argument because it is not + anymore needed; changed callers. + * findkey.c (unprotect): Replace our own check loop by a callback. + (try_unprotect_cb): New. + * genkey.c (reenter_compare_cb): New. + (agent_genkey): Use this callback here. Fixed setting of the pi2 + variable and a segv in case of an empty PIN. + + * divert-scd.c (getpin_cb): Removed some unused stuff and + explained what we still have to change. + +2002-06-12 Werner Koch + + * gpg-agent.c (main): New option --disable-pth. + +2002-06-11 Werner Koch + + * protect-tool.c: Add command --show-keygrip + (show_keygrip): New. + +2002-05-23 Werner Koch + + * call-scd.c: Seirialized all scdaeom access when using Pth. + + * cache.c: Made the cache Pth-thread-safe. + (agent_unlock_cache_entry): New. + * findkey.c (unprotect): Unlock the returned cache value. + * command.c (cmd_get_passphrase): Ditto. + + * gpg-agent.c (main): Register pth_read/write with Assuan. + +2002-05-22 Werner Koch + + * query.c: Serialized all pinentry access when using Pth. + + * gpg-agent.c (handle_signal,start_connection_thread) + (handle_connections): New + (main): Use the new Pth stuff to allow concurrent connections. + * command.c (start_command_handler): Add new arg FD so that the + fucntion can also be used for an already connected socket. + * Makefile.am: Link with Pth. + +2002-05-14 Werner Koch + + * cache.c (housekeeping, agent_put_cache): Use our time() wrapper. + +2002-04-26 Werner Koch + + * cache.c (agent_put_cache): Reinitialize the creation time and + the ttl when reusing a slot. + + * call-scd.c (start_scd): Print debug messages only with debug + flags set. + * query.c (start_pinentry): Ditto. + +2002-04-25 Marcus Brinkmann + + * agent.h (agent_get_confirmation): Replace paramter prompt with + two parameters ok and cancel. + * query.c (agent_get_confirmation): Likewise. Implement this. + * trustlist.c (agent_marktrusted): Fix invocation of + agent_get_confirmation. + * divert-scd.c (ask_for_card): Likewise. + +2002-04-24 Marcus Brinkmann + + * agent.h (struct opt): Add members display, ttyname, ttytype, + lc_ctype, and lc_messages. + * gpg-agent.c (enum cmd_and_opt_values): Add oDisplay, oTTYname, + oTTYtype, oLCctype, and LCmessages. + (main): Handle these options. + * command.c (option_handler): New function. + (register_commands): Register option handler. + * query.c (start_pinentry): Pass the various display and tty + options to the pinentry. + +2002-04-05 Werner Koch + + * protect-tool.c (show_file): New. Used as default action. + +2002-03-28 Werner Koch + + * divert-scd.c (encode_md_for_card): Don't do the pkcs-1 padding, + the scdaemon should take care of it. + (ask_for_card): Hack to not display the trailing zero. + +2002-03-11 Werner Koch + + * learncard.c (kpinfo_cb): Remove the content restrictions from + the keyID. + +2002-03-06 Werner Koch + + * learncard.c: New. + * divert-scd.c (ask_for_card): The serial number is binary so + convert it to hex here. + * findkey.c (agent_write_private_key): New. + * genkey.c (store_key): And use it here. + + * pkdecrypt.c (agent_pkdecrypt): Changed the way the diversion is done. + * divert-scd.c (divert_pkdecrypt): Changed interface and + implemented it. + +2002-03-05 Werner Koch + + * call-scd.c (inq_needpin): New. + (agent_card_pksign): Add getpin_cb args. + (agent_card_pkdecrypt): New. + +2002-03-04 Werner Koch + + * pksign.c (agent_pksign): Changed how the diversion is done. + * divert-scd.c (divert_pksign): Changed interface and implemented it. + (encode_md_for_card): New. + * call-scd.c (agent_card_pksign): New. + +2002-02-28 Werner Koch + + * pksign.c (agent_pksign): Detect whether a Smartcard is to be + used and divert the operation in this case. + * pkdecrypt.c (agent_pkdecrypt): Likewise + * findkey.c (agent_key_from_file): Add optional arg shadow_info + and have it return information about a shadowed key. + * protect.c (agent_get_shadow_info): New. + + * protect.c (snext,sskip,smatch): Moved to + * sexp-parse.h: New file. + * divert-scd.c: New. + +2002-02-27 Werner Koch + + * protect.c (agent_shadow_key): New. + + * command.c (cmd_learn): New command LEARN. + * gpg-agent.c: New option --scdaemon-program. + * call-scd.c (start_scd): New. Based on query.c + * query.c: Add 2 more arguments to all uses of assuan_transact. + +2002-02-18 Werner Koch + + * findkey.c (unprotect): Show an error message for a bad passphrase. + + * command.c (cmd_marktrusted): Implemented. + * trustlist.c (agent_marktrusted): New. + (open_list): Add APPEND arg. + + * query.c (agent_get_confirmation): New. + +2002-02-06 Werner Koch + + * cache.c (housekeeping): Fixed linking in the remove case. + +2002-02-01 Werner Koch + + * gpg-agent.c: New option --default-cache-ttl. + * cache.c (agent_put_cache): Use it. + + * cache.c: Add a few debug outputs. + + * protect.c (agent_private_key_type): New. + * agent.h: Add PRIVATE_KEY_ enums. + * findkey.c (agent_key_from_file): Use it to decide whether we + have to unprotect a key. + (unprotect): Cache the passphrase. + + * findkey.c (agent_key_from_file,agent_key_available): The key + files do now require a ".key" suffix to make a script's life + easier. + * genkey.c (store_key): Ditto. + +2002-01-31 Werner Koch + + * genkey.c (store_key): Protect the key. + (agent_genkey): Ask for the passphrase. + * findkey.c (unprotect): Actually unprotect the key. + * query.c (agent_askpin): Add an optional start_err_text. + +2002-01-30 Werner Koch + + * protect.c: New. + (hash_passphrase): Based on the GnuPG 1.0.6 version. + * protect-tool.c: New + +2002-01-29 Werner Koch + + * findkey.c (agent_key_available): New. + * command.c (cmd_havekey): New. + (register_commands): And register new command. + +2002-01-20 Werner Koch + + * command.c (cmd_get_passphrase): Remove the plus signs. + + * query.c (start_pinentry): Send no-grab option to pinentry + * gpg-agent.c (main): Move variable grab as no_grab to agent.h. + +2002-01-19 Werner Koch + + * gpg-agent.c (main): Disable core dumps. + + * cache.c: New. + * command.c (cmd_get_passphrase): Use the cache. + (cmd_clear_passphrase): Ditto. + + * gpg-agent.c: Removed unused cruft and implement the socket + based server. + (my_strusage): Take bug report address from configure.ac. + * command.c (start_command_handler): Add an argument to start as + regular server. + (start_command_handler): Enable Assuan logging. + +2002-01-15 Werner Koch + + * trustlist.c: New. + * command.c (cmd_istrusted, cmd_listtrusted, cmd_marktrusted): New. + +2002-01-07 Werner Koch + + * genkey.c: Store the secret part and return the public part. + +2002-01-03 Werner Koch + + * command.c (cmd_get_passphrase): New. + (cmd_clear_passphrase): New. + * query.c (agent_get_passphrase): New. + +2002-01-02 Werner Koch + + * genkey.c: New. + * command.c (cmd_genkey): New. + + * command.c (rc_to_assuan_status): Removed and changed all callers + to use map_to_assuan_status. + +2001-12-19 Werner Koch + + * keyformat.txt: New. + +2001-12-19 Marcus Brinkmann + + * query.c (start_pinentry): Add new argument to assuan_pipe_connect. + +2001-12-18 Werner Koch + + * Makefile.am: Use LIBGCRYPT macros + +2001-12-14 Werner Koch + + * gpg-agent.c (main): New option --batch. New option --debug-wait + n, so that it is possible to attach gdb when used in server mode. + * query.c (agent_askpin): Don't ask in batch mode. + + * command.c: Removed the conversion macros as they are now in + ../common/util.h. + +2001-12-14 Marcus Brinkmann + + * query.c (LINELENGTH): Removed. + (agent_askpin): Use ASSUAN_LINELENGTH, not LINELENGTH. + +2001-11-19 Werner Koch + + * gpg-agent.c: Removed all GUI code, removed code for old + protocol. New code to use the Assuan protocol as a server and + also to communicate with a new ask-passphrase utility. + +2000-11-22 Werner Koch + + * gpg-agent.c (main): csh support by Dan Winship, new options --sh + and --csh and set default by consulting $SHELL. + +Mon Aug 21 17:59:17 CEST 2000 Werner Koch + + * gpg-agent.c (passphrase_dialog): Cleanup the window and added the + user supplied text to the window. + (main): Fixed segv in gtk_init when used without a command to start. + + * gpg-agent.c: --flush option. + (req_flush): New. + (req_clear_passphrase): Implemented. + +Fri Aug 18 14:27:14 CEST 2000 Werner Koch + + * gpg-agent.c: New. + * Makefile.am: New. + + + Copyright 2001, 2002, 2003, 2004, 2005, + 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc. + + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even the + implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +Local Variables: +buffer-read-only: t +End: diff --git a/agent/Makefile.am b/agent/Makefile.am index 45ce7d75a..c9fa9c7e8 100644 --- a/agent/Makefile.am +++ b/agent/Makefile.am @@ -25,7 +25,8 @@ libexec_PROGRAMS += gpg-preset-passphrase endif noinst_PROGRAMS = $(TESTS) -# EXTRA_DIST = gpg-agent.ico gpg-agent-resource.rc +EXTRA_DIST = ChangeLog-2011 + AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common -I$(top_srcdir)/intl diff --git a/common/ChangeLog b/common/ChangeLog deleted file mode 100644 index 623b29237..000000000 --- a/common/ChangeLog +++ /dev/null @@ -1,2488 +0,0 @@ -2011-11-30 Werner Koch - - Rewrite dns-cert.c to not use the gpg-only iobuf stuff. - * dns-cert.c: Remove iobuf.h. - (get_dns_cert): Rename to _get_dns_cert. Remove MAX_SIZE arg. - Change iobuf arg to a estream-t. Rewrite function to make use of - estream instead of iobuf. Require all parameters. Return an - gpg_error_t error instead of the type. Add arg ERRSOURCE. - * dns-cert.h (get_dns_cert): New macro to pass the error source to - _gpg_dns_cert. - * t-dns-cert.c (main): Adjust for changes in get_dns_cert. - - * estream.c (es_fopenmem_init): New. - * estream.h (es_fopenmem_init): New. - -2011-11-29 Werner Koch - - * estream.c (func_mem_create): Don't set FUNC_REALLOC if GROW is - not set. Require FUNC_REALLOC if DATA is NULL and FUNC_FREE is - given. - - * dns-cert.c: Use new CERTTYPE_ constants for better readability. - -2011-11-28 Werner Koch - - * t-dns-cert.c (main): Increase MAX_SIZE to 64k. - - * dns-cert.c (get_dns_cert): Factor test code out to ... - * t-dns-cert.c: new file. - -2011-10-24 Werner Koch - - * dotlock.h, dotlock.c: Add alternative to allow distribution of - these files under a modified BSD license - -2011-10-13 Marcus Brinkmann - - * estream.c, exechelp-posix.c, exechelp-w32.c, exechelp-w32ce.c, - http.c, init.c, sysutils.c: Port to NPth. - -2011-09-30 Werner Koch - - Change the license of all JNLIB parts from LPGLv3+ to to LGPLv3+ - or GPLv2+. - - * dotlock.h (DOTLOCK_EXT_SYM_PREFIX): New macro. - -2011-09-29 Werner Koch - - * dotlock.c (DOTLOCK_USE_PTHREAD): New macro. - [DOTLOCK_USE_PTHREAD] (all_lockfiles_mutex): New. - (LOCK_all_lockfiles, UNLOCK_all_lockfiles): New. Use them to - protect access to all_lockfiles. - (dotlock_set_fd, dotlock_get_fd): New. - -2011-09-28 Werner Koch - - * dotlock.c (dotlock_take, dotlock_take_unix, dotlock_take_w32): - Implement arbitrary timeout values. - (dotlock_create): Add arg FLAGS for future extensions. - -2011-09-27 Werner Koch - - * dotlock.c (dotlock_take_unix): Check only the link count and not - the error return from link. - (use_hardlinks_p): New. - (dotlock_create_unix): Test for hardlinks. - (dotlock_take_unix): Implement O_EXCL locking. - -2011-09-23 Werner Koch - - * dotlock.c: Factor Unix and W32 specific code out into specific - functions. Define HAVE_POSIX_SYSTEM. Rearrange some functions. - (disable_dotlock): Rename to dotlock_disable. - (create_dotlock): Rename to dotlock_create. - (destroy_dotlock): Rename to dotlock_destroy. - (make_dotlock): Rename to dotlock_take. - (release_dotlock): Rename to dotlock_release. - -2011-09-22 Werner Koch - - * dotlock.c: Remove support for RISCOS. - -2011-08-10 Werner Koch - - * t-exechelp.c (test_close_all_fds): Don't use the DUMMY_FD var. - - * pka.c (get_pka_info): Remove unused var. - - * signal.c (got_fatal_signal): Remove unused var. - - * estream.c (es_fread, es_fwrite): Remove unused var. - -2011-07-20 Werner Koch - - * ssh-utils.c, ssh-utils.h: New. - * t-ssh-utils.c: New. - * Makefile.am (t_ssh_utils_LDADD): New. - (module_tests): Add t-ssh-utils.c - -2011-06-01 Marcus Brinkmann - - * util.h: Undef snprintf before redefining it. - -2011-05-20 Werner Koch - - * util.h: Remove some error code substitutes. - -2011-04-25 Werner Koch - - * userids.c (classify_user_id): Add arg OPENPGP_HACK to fix - regression from 2009-12-08. - -2011-04-01 Werner Koch - - * sysutils.c (get_uint_nonce): New. - -2011-03-03 Werner Koch - - * estream.c (struct estream_list): Rename to estream_list_s and - simplify. A double linked list is overkill for our purpose. - (do_list_add, do_list_remove): Adjust accordingly. - (_es_get_std_stream): Ditto. - (do_list_iterate, estream_iterator_t): Remove; it is used only at - one place. - (es_fflush): Replace iteration function. Also lock each stream - while flushing all streams. - -2011-02-27 Werner Koch - - * gettime.c (isotime2epoch): Factor check code out to .. - (isotime_p): .. new. - (isotime_human_p): New. - (string2isotime): New. - * t-gettime.c (test_string2isotime): New. - -2011-02-11 Andrey Jivsov - - * openpgp-oid.c (openpgp_oid_to_str): Use unsigned int for - get_opaque. Fixes a bug on 64 bit platforms. - -2011-02-08 Werner Koch - - * http.c (connect_server): Add arg R_HOST_NOT_FOUND. - -2011-02-07 Werner Koch - - * http.c (my_socket_new, my_socket_ref, my_socket_unref): New. - (cookie_close, cookie_read, cookie_write, http_close, _http_open) - (send_request): Replace use of an socket integer by the new socket - object. - (_http_raw_connect): New. - (fp_onclose_notification): New. - (_http_raw_connect, _http_wait_response, http_close): Register and - unregister this notification. - * http.h (http_raw_connect): New. - - * http.h (parsed_uri_s): Add field IS_OPAQUE. - (http_req_t): Add HTTP_REQ_OPAQUE. - * http.c (do_parse_uri): Parse unknown schemes into PATH. - (my_socket_new, my_socket_ref, my_socket_unref): New. - (send_request): Simplify save_errno stuff. - -2011-02-03 Werner Koch - - * status.h (STATUS_DECRYPTION_INFO): New. - - * argparse.c (strusage): Update copyright year. - -2011-01-31 Werner Koch - - * openpgp-oid.c: New. - * t-openpgp-oid.c: New. - -2011-01-20 Werner Koch - - Fix bug#1313. - - * http.c (my_select): New. Define to pth_select if building with Pth. - (start_server, write_server, cookie_read, cookie_write): Use it. - (my_connect): New. Define to pth_connect if building with Pth. - (connect_server): Use it. - (my_accept): New. Define to pth_accept if building with Pth. - (start_server): Use it. - -2011-01-20 Werner Koch - - * util.h (struct b64state): Add field LASTERR. - * b64enc.c (enc_start, b64enc_write, b64enc_finish): Handle - LASTERR. This is to make sure that we don't leak strduped data. - * b64dec.c (b64dec_start, b64dec_proc, b64dec_finish): Ditto. - - * http.c (escape_data): New. - (insert_escapes): Implement using escape_data. - (http_escape_data): New. - -2011-01-19 Werner Koch - - * homedir.c (gnupg_module_name): Use NAME_OF_INSTALLED_GPG instead - of "gpg2". - -2011-01-18 Werner Koch - - * iobuf.c (file_es_filter_ctx_t): New. - (file_es_filter): New. - (iobuf_esopen): New. - - * membuf.c (clear_membuf, peek_membuf): New. - - * util.h (GPG_ERR_NO_KEYSERVER): New. - - * keyserver.h (keyserver_spec): Move from ../g10/options.h to here. - - * http.c (do_parse_uri): Add arg NO_SCHEME_CHECK. Change all - callers. Support HKP and HKPS. - (_http_parse_uri): Do proper error management. - * http.h (parsed_uri_s): Add field IS_HTTP. - (http_parse_uri): Support NO_SCHEME_CHECK arg. - - * estream.c (es_func_mem_write): Fix computation of NEWSIZE. - -2011-01-10 Werner Koch - - * session-env.c (update_var): Fix same value detection. Fixes - bug#1311. - -2010-12-17 Werner Koch - - * asshelp.c (lock_spawning): Add arg VERBOSE. Improve timeout - management. Make callers pass a value for VERBOSE. - (lock_agent_spawning, unlock_agent_spawning): Remove. Change - callers to use lock_spawning and unlock_spawning. - -2010-12-17 Marcus Brinkmann - - * homedir.c (gnupg_cachedir): Create /temp subdirectories. - -2010-12-02 Werner Koch - - * miscellaneous.c (gnupg_cipher_algo_name): New. Replace all - users of gcry_cipher_algo_name by this one. - - * logging.c (fun_cookie_s) [W32CE]: Add field USE_WRITEFILE. - (fun_writer) [W32CE]: Make use of it. - (set_file_fd) [W32CE]: Implement special filename "GPG2:". - -2010-11-25 Werner Koch - - * asshelp.c (start_new_gpg_agent): Change style of startup info. - (start_new_dirmngr): Ditto. - -2010-11-23 Werner Koch - - * asshelp.c (SECS_TO_WAIT_FOR_AGENT, SECS_TO_WAIT_FOR_DIRMNGR): - Use these constants. For W32CE increase them to 30 seconds. - (start_new_gpg_agent): Print time to startup agent. - (start_new_dirmngr): Ditto. - -2010-11-04 Werner Koch - - * logging.c (do_logv) [W32]: Don't set a default log stream if the - registry entry is empty. - -2010-10-27 Werner Koch - - * gettime.c (gnupg_get_isotime): Compare to (time_t)-1. - (epoch2isotime): Ditto. - (IS_INVALID_TIME_T): New. - (asctimestamp): Use new macro. - (strtimestamp, isotimestamp): Ditto. Use snprintf. - -2010-10-25 Werner Koch - - * logging.c (do_log): Rename to log_log and make global. - -2010-10-20 Werner Koch - - * i18n.c (i18n_init) [USE_SIMPLE_GETTEXT]: Call textdomain. - -2010-10-14 Werner Koch - - * asshelp.c (start_new_gpg_agent): Print a notice once the agent - has been started. - (start_new_dirmngr): Likewise. - -2010-10-13 Werner Koch - - * miscellaneous.c (parse_version_number, parse_version_string) - (gnupg_compare_version): New. - -2010-10-04 Werner Koch - - * gettime.c (asctimestamp) [W32CE]: Do not print the timezone. - -2010-09-30 Werner Koch - - * util.h (GPG_ERR_FULLY_CANCELED): Add replacement. - -2010-09-17 Werner Koch - - * http.c (INADDR_NONE): Provide fallback. - * logging.c (INADDR_NONE): Ditto. - -2010-09-16 Werner Koch - - * util.h: Add GPG_ERR_MISSING_ISSUER_CERT. - * status.c (get_inv_recpsgnr_code): Ditto. - -2010-09-13 Werner Koch - - * homedir.c (gnupg_bindir) [W32CE]: Change to bin/. - (gnupg_libexecdir) [W32]: Call gnupg_bindir. - (gnupg_libdir, gnupg_datadir, gnupg_localedir) [W32]: Simplify by - using xstrconcat. - (gnupg_module_name): Ditto. - (w32_rootdir): Strip a trailing "bin". - -2010-09-02 Werner Koch - - * util.h (GPG_ERR_NOT_INITIALIZED): Define if not defined. - -2010-09-01 Marcus Brinkmann - - * estream.c (_es_set_std_fd): Disable debug output. - -2010-08-26 Werner Koch - - * estream.c (es_convert_mode): Rename to parse_mode. - (parse_mode): Add arg R_CMODE and parse key value pairs. Use Use - 664 as the default mode. Change callers. - (ES_DEFAULT_OPEN_MODE): Remove. - (es_fopen, do_fpopen, do_w32open, es_freopen): Support a creation - mode. - (es_func_file_create): Rename to func_file_create and add arg CMODE. - (es_func_fd_create): Rename to func_fd_create. - (es_func_fp_create): Rename to func_fp_create. - (es_list_add): Rename to do_list_add. - (es_list_remove): Rename to do_list_remove. - (es_list_iterate): Rename to do_list_iterate. - (es_pth_read): Rename to do_pth_read. - (es_deinit): Rename to do_deinit. - (es_init_do): Rename to do_init. - (es_func_mem_create): Rename to func_mem_create. - -2010-08-23 Werner Koch - - * exechelp-w32ce.c: Rewrite all spawn stuff. - - * exechelp-w32.c (close_all_fds) [W32]: Make it a dummy function. - - * estream.c (es_onclose): New. - (notify_list_t, onclose): New. - (struct estream_internal): Add field ONCLOSE. - (es_initialize, es_deinitialize): Manage new field. - (do_close): Call onclose notify functions. - -2010-08-20 Werner Koch - - * exechelp-w32.c (create_inheritable_pipe): Change arg to HANDLE. - - * estream.h (es_sysopen_t): New. - * estream.c (es_func_w32_create, es_func_w32_read) - (es_func_w32_write, es_func_w32_seek, es_func_w32_destroy) - (estream_functions_w32, estream_cookie_fd): New. Only for W32. - (es_sysopen, es_sysopen_nc): New. - (do_w32open, do_sysopen): New. - (es_syshd, es_syshd_unlocked): New. - (struct estream_internal): Replace filed FD by SYSHD. - (es_initialize): Clear SYSHD_VALID. - (map_w32_to_errno): New. - (es_get_fd): Remove. - (es_fileno_unlocked): Re-implement using es_syshd. - (es_initialize, es_create): Replace arg FD by SYSHD. - (es_fopen, es_mopen, es_fopenmem, do_fdopen, do_fpopen) - (es_tmpfile): Use SYSHD instead of FD. - (es_destroy): Rename to do_close. - -2010-08-19 Werner Koch - - * exechelp-posix.c (create_pipe_and_estream): New. - (gnupg_spawn_process): Rework this function and its calling - convention; it is not used anyway. - * exechelp-w32.c (gnupg_spawn_process): Ditto. - -2010-08-18 Werner Koch - - * logging.c (writen): Add arg IS_SOCKET. - (fun_writer): Pass the is_socket flag. - (do_logv) [W32]: Allow for a default log stream - - * estream.c (struct estream_internal): Remove obsolete fields - PRINT_FP, PRINT_ERRNO, PRINT_ERR and all remaining code cruft. - -2010-08-16 Werner Koch - - * estream.c (es_printf_unlocked, es_printf): New. - - * asshelp.c (lock_agent_t): Rename to lock_spawn_t. - (lock_agent_spawning, unlock_agent_spawning): Factor code out to ... - (lock_spawning, unlock_spawning): .. new. - (start_new_gpg_agent): Make more use of ERRSOURCE. - (start_new_dirmngr): New. - -2010-08-13 Werner Koch - - * Makefile.am (audit-events.h, status-codes.h): Fix srcdir problem - amd depend on Makefile.am instead of Makefile. - -2010-08-12 Werner Koch - - * sysutils.c (gnupg_remove) [W32CE]: Fix returned error. - -2010-08-09 Werner Koch - - * logging.c (WITH_IPV6): New macro. - (parse_portno): New. From libassuan. - (fun_writer): Support TCP logging on all platforms. - (sock_close): New. - -2010-08-06 Werner Koch - - * homedir.c (dirmngr_socket_name) [W32CE]: Base on default homedir. - (gnupg_cachedir) [W32CE]: Drop drive letter. - - * http.c (http_open_document): Rename to _http_open_document and - add arg ERRSOURCE. Pass ERRSOURCE to all called funcs. - (http_wait_response, http_open, http_parse_uri): Likewise. - (do_parse_uri, parse_response, store_header): Change to return an - gpg_err_code_t. Change callers. - (send_request): Add arg ERRSOURCE. Change callers. - * http.h (http_open_document, http_wait_response, http_open) - (http_parse_uri): Define as macro. - -2010-08-05 Werner Koch - - * estream.h (es_asprintf, es_vasprintf): Add lost prototyps. - - * http.c: Require estream and make HTTP_USE_ESTREAM obsolete. It - make the code unreadable and we require estream anyway for GnuPG. - (http_wait_response): Get use of cookies right. - (send_request): s/xtryasprintf/es_asprintf/ to allow standalone - use of the code. - (insert_escapes, connect_server): s/sprintf/snprintf/. - (parse_response): s/my_read_line/es_read_line/. - (my_read_line): Remove. - (write_server): Use pth_write. - -2010-07-26 Werner Koch - - * estream.c (es_func_fp_write) [W32]: Write smaller chunks. - -2010-07-25 Werner Koch - - * argparse.c (initialize): Use ARGPARSE_PRINT_WARNING constant. - -2010-07-24 Werner Koch - - * estream.c (es_set_binary): New. - -2010-07-19 Werner Koch - - * utf8conv.c (utf8_to_wchar): s/malloc/jnlib_malloc/. - -2010-07-16 Werner Koch - - * http.h (HTTP_FLAG_IGNORE_CL): Add flag . - * http.c (WITHOUT_GNU_PTH): Test macro for Pth support. - (http_parse_uri): s/xcalloc/xtrycalloc/. - (send_request): Replace of discrete allocation and sprintf by - xtryasprintf. - (http_wait_response): Replace HTTP_FLAG_NO_SHUTDOWN by - HTTP_FLAG_SHUTDOWN to change the default to no shutdown. - (cookie_read) [HAVE_PTH]: Use pth_read. - (longcounter_t): New. - (struct cookie_s): Add support for content length. Turn flag - fields into bit types. - (parse_response): Parse content length header. - (cookie_read): Take care of the content length. - -2010-07-08 Werner Koch - - * estream.c (estream_functions_file): Remove and replace by - identical estream_functions_fd. - -2010-07-06 Werner Koch - - * util.h (b64state): Add field STREAM. - * b64enc.c (b64enc_start): Factor code out to .. - (enc_start): new. - (b64enc_start_es, my_fputs): New. - (b64enc_write, b64enc_finish): Support estream. - -2010-06-24 Werner Koch - - * asshelp.c (lock_agent_spawning) [W32]: Use CreateMutexW. - (start_new_gpg_agent): Use HANG option for gnupg_wait_progress. - Fixes regression from 2010-06-09. - -2010-06-21 Werner Koch - - * util.h (xfree_fnc): New. - -2010-06-18 Werner Koch - - * util.h (GPG_ERR_MISSING_KEY) [!GPG_ERR_MISSING_KEY]: New. - - * sexputil.c (make_canon_sexp_pad): Add arg SECURE. - -2010-06-17 Werner Koch - - * sexputil.c (make_canon_sexp_pad): New. - -2010-06-14 Werner Koch - - * membuf.c (put_membuf): Add shortcut for !LEN. - -2010-06-11 Marcus Brinkmann - - * sysutils.c (translate_sys2libc_fd): Revert last change. - (translate_sys2libc_fd_int): Revert last change. - -2010-06-10 Marcus Brinkmann - - * sysutils.c (translate_sys2libc_fd) [HAVE_W32CE_SYSTEM]: - Implement. - (translate_sys2libc_fd_int) [HAVE_W32CE_SYSTEM]: Don't call - translate_sys2libc_fd. - - * estream.c (_es_get_std_stream): Fix cut&paste bug. - -2010-06-09 Werner Koch - - * exechelp-posix.c, exechelp-w32.c - * exechelp-w32ce.c (gnupg_wait_process): Add new arg HANG. Change - all callers. - (gnupg_release_process): New. Use it after all calls to - gnupg_wait_process. - - * util.h (GNUPG_MODULE_NAME_DIRMNGR_LDAP): New. - * homedir.c (gnupg_cachedir): New. - (w32_try_mkdir): New. - (dirmngr_socket_name): Change standard socket name. - (gnupg_module_name): Support GNUPG_MODULE_NAME_DIRMNGR_LDAP. - - * logging.c (log_set_get_tid_callback): Replace by ... - (log_set_pid_suffix_cb): .. new. - (do_logv): Change accordingly. - -2010-06-08 Marcus Brinkmann - - * Makefile.am (AM_CFLAGS): Add $(LIBASSUAN_CFLAGS). - (t_common_ldadd): Add $(LIBASSUAN_LIBS). - * sysutils.c: Include . - (translate_sys2libc_fd_int): Cast to silence gcc warning. - * iobuf.c: Include - (translate_file_handle): Fix syntax error. - -2010-06-08 Werner Koch - - * iobuf.c (translate_file_handle) [W32CE]: Handle rendezvous ids. - -2010-06-07 Werner Koch - - * sysutils.c [W32CE]: Finish pipe creation. - - * estream.c (es_fname_get, es_fname_set): New. - (fname_set_internal): New. - (struct estream_internal): Add fields printable_fname and - printable_fname_inuse. - (_es_get_std_stream): Set stream name. - (es_fopen, es_freopen, es_deinitialize): Set fname. - - * exechelp-posix.c (gnupg_spawn_process): Allow passing INFILE or - OUTFILE as NULL. - * exechelp-w32.c (gnupg_spawn_process): Ditto. - * exechelp-w32ce.c (gnupg_spawn_process): Return an error for - INFILE or OUTFILE passed as NULL. - -2010-06-01 Werner Koch - - * logging.c (log_get_stream): Make sture a log stream is available. - -2010-05-30 Werner Koch - - * init.c (writestring_via_estream): New. - (init_common_subsystems): Register with argparse. - - * argparse.c (argparse_register_outfnc): New. - (writestrings, flushstrings): New. Use them instead of stdout or - stderr based functions. - -2010-05-04 Werner Koch - - * estream.c (_es_get_std_stream): Re-use registered standard fds. - (IS_INVALID_FD, ESTREAM_SYS_YIELD): New. - (es_func_fd_read, es_func_fd_write, es_func_fd_seek) - (es_func_fd_destroy): Implement a dummy stream. - - * exechelp-w32ce.c (build_w32_commandline): Add args FD0_ISNULL - and FD1_ISNULL. Remove arg PGMNAME. Change callers. - (gnupg_spawn_process_detached): Implement. - (gnupg_spawn_process_fd): Implement one special case for now. - -2010-05-03 Werner Koch - - * asshelp.c (lock_agent_spawning, unlock_agent_spawning): New. - (start_new_gpg_agent): Test for configured standard socket and - try to fire up the agent in this case. - - * exechelp-posix.c (gnupg_wait_process): Do not log a message if - EXITCODE is given. - (gnupg_spawn_process_detached): Do not reuse PID for the second fork. - -2010-04-26 Werner Koch - - * utf8conv.c (load_libiconv) [W32CE]: No libiconv warning - - * init.c (init_common_subsystems) [W32CE]: Register the sleep - function before es_init. - -2010-04-20 Werner Koch - - * estream.c (es_deinit): New. - (es_init_do): Install atexit handler to flush all streams. - - * Makefile.am (common_sources): Add gettime.h. - -2010-04-20 Marcus Brinkmann - - * logging.c (do_log_ignore_arg): New helper function. - (log_string): Use it to remove ugly volatile hack that causes gcc - warning. - (log_flush): Likewise. - * sysutils.c (gnupg_unsetenv) [!HAVE_W32CE_SYSTEM]: Return something. - (gnupg_setenv) [!HAVE_W32CE_SYSTEM]: Likewise. - * pka.c (get_pka_info): Solve strict aliasing rule violation. - * t-exechelp.c (test_close_all_fds): Use dummy variables to - silence gcc warning. - -2010-04-15 Werner Koch - - * util.h: Factor time related functions out to ... - * gettime.h: New. - (gnupg_copy_time): Move to ... - * gettime.c (gnupg_copy_time): New. - - * sysutils.c (gnupg_setenv) [!W32CE]: Add missing return. - (gnupg_unsetenv) [!W32CE]: Add missing return. - -2010-04-14 Werner Koch - - * Makefile.am (noinst_LIBRARIES) [W32CE]: Exclude libsimple-pwquery. - - * w32help.h (umask) [W32CE]: New. - - * sysutils.c (_gnupg_isatty): New. - * util.h (gnupg_isatty): New. - - * asshelp.c (setup_libassuan_logging): Read ASSUAN_DEBUG envvar. - (my_libassuan_log_handler): Use it. - * sysutils.c (_gnupg_getenv): Implement ASSUAN_DEBUG. - -2010-04-08 Werner Koch - - * w32help.h (_setmode, setmode) [W32CE]: Provide prototype and - macro. - -2010-04-07 Werner Koch - - * mischelp.c (timegm): Replace unsetenv/putenv by gnupg_unsetenv. - - * sysutils.c: Include setenv.h. - (gnupg_setenv, gnupg_unsetenv): New. - - -2010-04-06 Werner Koch - - * sysutils.c (gnupg_mkdir): New. - -2010-03-29 Werner Koch - - * init.c (sleep_on_exit): Change to 400ms. - -2010-03-25 Werner Koch - - * init.c (sleep_on_exit) [W32CE]: New. - (init_common_subsystems): Call it. - -2010-03-24 Werner Koch - - * stringhelp.c (change_slashes, compare_filenames): Replace - HAVE_DRIVE_LETTERS by HAVE_DOSISH_SYSTEM. - (make_basename, make_dirname): Detect backslashes and drive - letters separately. - - * dotlock.c (make_dotlock, create_dotlock, release_dotlock): Use - LockFileEx and UnlockFileEx to support W32CE. - - * ttyio.c (USE_W32_CONSOLE): Replace all _WIN32 by this. - (init_ttyfp) [W32CE]: Use stderr. - - * iobuf.c (FD_FOR_STDIN, FD_FOR_STDOUT) [W32CE]: Use estream. - (translate_file_handle) [W32CE]: Remove handle translation. - -2010-03-23 Werner Koch - - * sysutils.c (gnupg_remove): New. - -2010-03-22 Werner Koch - - * exechelp-w32ce.c (build_w32_commandline): Replace by code from - libassuan. - (create_inheritable_pipe): Use _assuan_w32ce_prepare_pipe. - (build_w32_commandline_copy, do_create_pipe): Remove. - - * exechelp-posix.c (gnupg_spawn_process): Change to use estream - also for INFILE and STATUSFILE. - * exechelp-w32.c (gnupg_spawn_process): Ditto. - -2010-03-22 Werner Koch - - * exechelp.c: Remove after factoring all code out to ... - * exechelp-posix.c, exechelp-w32.c, exechelp-w32ce.c: .. new. - - * exechelp.c (create_inheritable_pipe_r) - (create_inheritable_pipe_w): Fold both into ... - (create_inheritable_pipe): .. New. Change callers to use this. - (gnupg_create_inbound_pipe, gnupg_create_outbound_pipe): Factor - code out to ... - (do_create_pipe): .. New. - - * init.c (parse_std_file_handles): Change to use rendezvous ids. - -2010-03-15 Werner Koch - - * init.c (init_common_subsystems): Add args ARGCP and - ARGVP. Change all callers to provide them. - (parse_std_file_handles): New. - - * t-sysutils.c (rewind) [W32CE]: Provide a replacement. - - * Makefile.am (module_tests) [W32CE]: Don't build t-exechelp for now. - - * sysutils.c (gnupg_allow_set_foregound_window) [W32CE]: Don't - call AllowSetForegroundWindow. - - * logging.c (isatty) [W32CE]: New. - (fun_writer, set_file_fd): Use estream even for the internal error - messages. - (log_string, log_flush): Make DUMMY_ARG_PTR static. - -2010-03-15 Werner Koch - - * asshelp.c (send_pinentry_environment) [!HAVE_SETLOCALE]: Do not - define OLD_LC. - * http.c (connect_server) [!USE_DNS_SRV]: Mark SRVTAG unused. - * dns-cert.c (get_dns_cert) [!USE_DNS_CERT]: Mark args unused. - * pka.c (get_pka_info): Ditto. - - * signal.c (pause_on_sigusr): Remove. It was used in ancient gpg - version with shared memory IPC. Last caller removed on 2006-04-18. - (do_block) [W32]: Mark arg unused. - - * exechelp.c (w32_open_null): Use CreateFileW. - - * init.c (init_common_subsystems): Add args ARGCP and ARGVP. - Change all callers to pass them. - - * logging.c (S_IRGRP, S_IROTH, S_IWGRP, S_IWOTH) [W32]: New. - (fun_writer, set_file_fd) [W32]: Disable socket code. - - * localename.c: Include gpg-error.h. - - * util.h (GPG_ERR_NOT_ENABLED): Remove this temporary definition. - -2010-03-12 Werner Koch - - * status.h (STATUS_ENTER): New. - - * ttyio.c (tty_fprintf): Change to use estream. - - * miscellaneous.c (print_utf8_string): Rename to print_utf8_buffer - and change FP arg to an estream. Change all callers. - (print_utf8_string2): Ditto; new name is to print_utf8_buffer2. - -2010-03-11 Werner Koch - - * miscellaneous.c (print_string): Remove. - - * estream.c (es_setvbuf): Fix parameter check. - (es_set_buffering): Allow a SIZE of 0. - * asshelp.c (setup_libassuan_logging, my_libassuan_log_handler): New. - * logging.c (do_logv): Add arg IGNORE_ARG_PTR. Change all callers. - (log_string): New. - (log_flush): New. - (set_file_fd): Simplify by using estreams es_stderr. - - * estream.h (es_stdout, es_stderr, es_stdin): New. - -2010-03-10 Werner Koch - - * estream.c (es_func_fp_read, es_func_fp_write, es_func_fp_seek) - (es_func_fp_destroy): Allow a NULL FP to implement a dummy stream. - (do_fpopen): Ditto. - (es_vfprintf_unlocked): New. - (es_fprintf_unlocked): Make public. - (es_fputs_unlocked): New. - - * logging.h: Replace FILE* by estream_t. - * logging.c: Remove USE_FUNWRITER cpp conditional because we now - use estream. - (my_funopen_hook_ret_t, my_funopen_hook_size_t): Replace by - ssize_t. - (log_get_stream): Change to return an estream_t. - (set_file_fd): Always close the log stream because it can't be - assigned to stderr or stdout directly. Use a dummy estream as - last resort log stream. - (log_test_fd, log_get_fd): Use es_fileno. - (log_get_stream): Assert that we have a log stream. - (do_logv): Use estream functions and lock the output. - -2010-03-10 Werner Koch - - * util.h: Replace jnlib path part by common. - (snprintf): Use the replacement macro on all platforms. - - * Makefile.am (jnlib_sources): New. - (libcommon_a_SOURCES, libcommonpth_a_SOURCES): Add jnlib_sources. - (jnlib_tests): New. - (noinst_PROGRAMS, TESTS): Add jnlib_tests. - (t_common_ldadd): Remove libjnlib.a. - - * README.jnlib, ChangeLog.jnlib, libjnlib-config.h, argparse.c - * argparse.h, dotlock.c, dotlock.h, dynload.h, logging.c - * logging.h, mischelp.c, mischelp.h, stringhelp.c, stringhelp.h - * strlist.c, strlist.h, types.h, utf8conv.c, utf8conv.h - * w32-afunix.c, w32-afunix.h, w32-reg.c, w32help.h, xmalloc.c - * xmalloc.h, t-stringhelp.c, t-support.c, t-support.h - * t-timestuff.c, t-w32-reg.c: Move from jnlib to here. - - * init.c: Remove "estream.h". - * util.h: Include "estream.h". - - * xasprintf.c, ttyio.c: Remove "estream-printf.h". - -2010-03-08 Werner Koch - - * exechelp.c [!HAVE_SIGNAL_H]: Do not include signal.h. - (DETACHED_PROCESS, CREATE_NEW_PROCESS_GROUP) [W32CE]: Provide stubs. - - * iobuf.h (iobuf_ioctl_t): New. Use the new macros instead of the - hard wired values. - * iobuf.c (iobuf_append): Remove. - (iobuf_fdopen): Factor code out to ... - (do_iobuf_fdopen): ... new. - (iobuf_fdopen_nc): New. - (iobuf_open_fd_or_name): Implement using iobuf_fdopen_nc. - - * iobuf.c (INVALID_FD): Replace by GNUPG_INVALID_FD. - (fp_or_fd_t): Replace by gnupg_fd_t. - (my_fileno): Replace by the FD2INT macro. - (FILEP_OR_FD_FOR_STDIN, FILEP_OR_FD_FOR_STDOUT): Rename to - FD_FOR_STDIN, FD_FOR_STDOUT. - (file_filter): Make full use of FD_FOR_STDIN. - (USE_SETMODE): Remove. Not needed without stdio. - (my_fopen_ro, my_fopen): Replace unneeded macros. - - * iobuf.c [FILE_FILTER_USES_STDIO]: Remove all code. It has not - been used for a long time. - - * exechelp.h: Include "estream.h". - - * exechelp.c (gnupg_spawn_process): Change OUTFILE to an estream_t. - -2010-03-02 Werner Koch - - * estream.c, estream.h, estream-printf.c, estream-printf.h: Update - from libestream. - -2010-03-01 Werner Koch - - * signal.c [!HAVE_SIGNAL_H]: Don't include signal.h. - - * iobuf.c (direct_open) [W32CE]: Make filename to wchar_t. - (iobuf_cancel) [W32CE]: Use DeleteFile. - - * gettime.c (dump_isotime): Use "%s" to print "none". - - * homedir.c (standard_homedir) [W32CE]: Use wchar_t to create the - directory. - (w32_rootdir) [W32CE]: Likewise. - - * sysutils.c (translate_sys2libc_fd) [W32CE]: Add support. - (gnupg_tmpfile) [W32CE]: Ditto. - (_gnupg_getenv) [W32CE]: New. - - * util.h (getpid, getenv) [W32CE]: New. - - * i18n.c (i18n_switchto_utf8) - (i18n_switchback) [USE_SIMPLE_GETTEXT]: Use new function from - libgpg-error which supports proper restoring. - - * sysutils.c (get_session_marker): Simplified by using gcrypt. - -2009-12-08 Marcus Brinkmann - - * Makefile.am (audit-events.h, status.h) [!MAINTAINER_MODE]: No - longer include these rules if not in maintainer mode. - -2009-12-08 Werner Koch - - * userids.h, userids.c: New. - (classify_user_id): Merged from similar fucntions in sm/ and g10/. - - * dns-cert.c (get_dns_cert): Add support for ADNS. - -2009-12-08 Marcus Brinkmann - - * asshelp.c (start_new_gpg_agent): Convert posix FD to assuan FD. - - * asshelp.c (start_new_gpg_agent) [HAVE_W32_SYSTEM]: Add missing - argument in assuan_socket_connect invocation. - * iobuf.c (iobuf_open_fd_or_name): Fix type of FD in function - declaration. - -2009-12-07 Werner Koch - - * pka.c (get_pka_info): Add support for ADNS. - * src.v (getsrv): Add support for ADNS. - - * srv.c (getsrv): s/xrealloc/xtryrealloc/. - -2009-12-04 Werner Koch - - * Makefile.am (audit-events.h, status-codes.h): Create files in - the source dir. Fixes bug#1164. - -2009-12-02 Werner Koch - - * audit.c (proc_type_decrypt, proc_type_sign): Implemented. - (proc_type_verify): Print hash algo infos. - * audit.h (AUDIT_DATA_CIPHER_ALGO, AUDIT_BAD_DATA_CIPHER_ALSO) - (AUDIT_NEW_RECP, AUDIT_DECRYPTION_RESULT, AUDIT_RECP_RESULT) - (AUDIT_ATTR_HASH_ALGO, AUDIT_SIGNED_BY, AUDIT_SIGNING_DONE): - -2009-11-05 Marcus Brinkmann - - * asshelp.c (start_new_gpg_agent): Update use of - assuan_socket_connect and assuan_pipe_connect. - -2009-11-02 Marcus Brinkmann - - * get-passphrase.c (default_inq_cb, membuf_data_cb): Change return - type to gpg_error_t. - -2009-10-28 Werner Koch - - * status.h (STATUS_MOUNTPOINT): New. - -2009-10-16 Marcus Brinkmann - - * Makefile.am (libcommon_a_CFLAGS): Use LIBASSUAN_CFLAGS instead - of LIBASSUAN_PTH_CFLAGS. - -2009-10-13 Werner Koch - - * exechelp.c (gnupg_kill_process): New. - -2009-09-29 Werner Koch - - * exechelp.c (create_inheritable_pipe): Rename to - create_inheritable_pipe_w. - (create_inheritable_pipe_r): New. - (gnupg_create_outbound_pipe): New. - - * iobuf.h: Include "sysutils.h" - - * iobuf.c (iobuf_open_fd_or_name): New. - (iobuf_get_fname_nonnull): New. - -2009-09-23 Marcus Brinkmann - - * asshelp.c (start_new_gpg_agent): Allocate assuan context before - starting server. - -2009-09-03 Werner Koch - - Update from libestream: - * estream-printf.c: Include stdint.h only if HAVE_STDINT_H is - defined. - * estream-printf.c: Remove all test code. Use macro DEBUG instead - of TEST for debugging. - * estream-printf.c (pr_float): Make buffer larger for silly high - numbers. - -2009-08-11 David Shaw - - * ttyio.h, ttyio.c (tty_enable_completion): Some ifdefs around - HAVE_LIBREADLINE to allow building when readline isn't available. - -2009-08-06 Werner Koch - - * status.h (STATUS_INV_SGNR, STATUS_NO_SGNR): New. - * status.c (get_inv_recpsgnr_code): New. - -2009-07-23 David Shaw - - * srv.c (getsrv): Fix type-punning warning. - -2009-07-23 Werner Koch - - * util.h (GPG_ERR_NOT_ENABLED): New. - * audit.h (enum): Add AUDIT_CRL_CHECK. - * audit.c (proc_type_verify): Show CRL check result. - -2009-07-06 Werner Koch - - * get-passphrase.c (struct agentargs): Add SESSION_ENV and remove - obsolete args. - (gnupg_prepare_get_passphrase): Ditto. - - * session-env.c, session-env.h: New. - * t-session-env.c: New. - * Makefile.am (common_sources, module_tests): Add them. - * asshelp.h: Include "session-env.h" - * asshelp.c (send_one_option): Add arg PUTENV. - (send_pinentry_environment): Replace most args by SESSION_ENV and - rewrite fucntion. - (start_new_gpg_agent): Likewise. - - * t-exechelp.c (test_close_all_fds): Remove debug code. - -2009-07-01 Werner Koch - - * sexputil.c (get_pk_algo_from_canon_sexp): New. - -2009-06-29 Werner Koch - - * estream.c (BUFFER_ROUND_TO_BLOCK): Remove unused macro. - (es_func_mem_write): Rewrite reallocation part. - - * estream.c (es_write_sanitized_utf8_buffer): Typo typo fix. - -2009-06-25 Werner Koch - - * estream.c (es_write_sanitized_utf8_buffer): Typo fix. - -2009-06-24 Werner Koch - - * estream.c (es_read_line): In the malloc error case, set - MAX_LENGTH to 0 only if requested. - * xreadline.c (read_line): Ditto. - * estream.c (es_write_sanitized_utf8_buffer): Pass on error from - es_fputs. - * sexputil.c (get_rsa_pk_from_canon_sexp): Check for error after - the loop. Reported by Fabian Keil. - -2009-06-22 Werner Koch - - * estream.c (es_pth_read, es_pth_write) [W32]: New. - (ESTREAM_SYS_READ, ESTREAM_SYS_WRITE) [HAVE_PTH]: Use them. - -2009-06-03 Werner Koch - - * estream.c (es_convert_mode): Rewrite and support the "x" flag. - -2009-05-28 David Shaw - - From 1.4: - - * http.h, http.c (send_request) Pass in a STRLIST for additional - headers. Change all callers. - -2009-05-27 David Shaw - - From 1.4: - - * http.h, http.c (send_request): Pass in srvtag and make its - presence sufficient to turn the feature on. - (http_open): From here. - (http_document): And here. - - * srv.c (getsrv): Raise maximum packet size to 2048, as PACKETSZ - is too small these days. - -2009-05-22 Werner Koch - - * ttyio.c (tty_cleanup_after_signal): New. - -2009-05-19 Werner Koch - - * simple-pwquery.c (agent_open): Use SUN_LEN - (JNLIB_NEED_AFLOCAL): Define and include mischelp.h. - -2009-05-07 Werner Koch - - * sexputil.c (get_rsa_pk_from_canon_sexp): New. - * t-sexputil.c (test_make_canon_sexp_from_rsa_pk): Extend the test. - -2009-04-28 Werner Koch - - * sexputil.c (make_canon_sexp_from_rsa_pk): New. - * t-sexputil.c (test_make_canon_sexp_from_rsa_pk): New. - -2009-04-01 Werner Koch - - * iobuf.c: Port David's changes from 1.4: - (fd_cache_invalidate): Pass return code from close back. - (direct_open, iobuf_ioctl): Check that return value. - (fd_cache_synchronize): New. - (iobuf_ioctl): Add new sub command 4 (fsync). - - * iobuf.c (fd_cache_strcmp): New. Taken from 1.4. - (fd_cache_invalidate, fd_cache_close, fd_cache_open): Use it. - - * exechelp.c (gnupg_spawn_process): Implement new flag bit 6. - * sysutils.c (gnupg_allow_set_foregound_window): Allow the use of - ASFW_ANY. - - * membuf.c (put_membuf, get_membuf): Wipe memory on out of core. - -2009-03-31 Werner Koch - - * percent.c (percent_unescape, percent_plus_unescape): New. - (percent_plus_unescape_inplace, percent_unescape_inplace): New. - (do_plus_or_plain_unescape, count_unescape, do_unescape): New. - (do_unescape_inplace): New. - * t-percent.c (test_percent_plus_escape): Test percent_plus_unescape. - - * get-passphrase.c, get-passphrase.h: New. - * Makefile.am (without_pth_sources): New. - -2009-03-18 Werner Koch - - * exechelp.c: Include sys/resource.h and sys/stat.h. - (get_max_open_fds): New. - (do_exec): Use it. - (get_all_open_fds): New. - (close_all_fds): New. - (do_exec): Use close_all_fds. - * t-exechelp.c: New. - -2009-03-13 David Shaw - - * http.c (do_parse_uri): Properly handle IPv6 literal addresses as - per RFC-2732. Adapted from patch by Phil Pennock. - -2009-03-12 Werner Koch - - * gettime.c: Include i18n.h. - (dump_isotime): New. - -2009-03-06 Werner Koch - - * sexputil.c (make_canon_sexp): New. - -2009-03-03 Werner Koch - - * exechelp.c (do_exec): Make sure that /dev/null connected FDs are - not closed. - -2009-01-19 Werner Koch - - * audit.c (writeout_li): Translate a few more result strings. - Fixes bug#970. - - * convert.c (hex2str): Fix optimization to append a nul character. - -2008-12-05 Werner Koch - - * percent.c, t-percent.c: New. - - * exechelp.c (gnupg_spawn_process, gnupg_spawn_process_fd) - (gnupg_spawn_process_detached) [W32]: Remove debug output. - -2008-11-20 Werner Koch - - * audit.c (writeout_li): Translate OKTEXT. - -2008-11-04 Werner Koch - - * i18n.c (i18n_init) [USE_SIMPLE_GETTEXT]: Adjust for changed - w32-gettext.c. - * homedir.c (gnupg_localedir): New. - -2008-10-20 Werner Koch - - * http.c (http_register_tls_callback) [!HTTP_USE_GNUTLS]: Mark - unused arg. - * localename.c (do_nl_locale_name): Ditto. - * audit.c (event2str): Silent gcc warning. - * sysutils.c (translate_sys2libc_fd): Mark unused arg. - (translate_sys2libc_fd_int): Ditto. - * iobuf.c (translate_file_handle): Ditto. - * asshelp.c (send_one_option): Ditto. - * exechelp.c (gnupg_spawn_process): Ditto. - * signal.c (got_usr_signal): Ditto - * estream.c (es_func_fd_create) [!W32]: Ditto. - (es_func_fp_create) [!W32]: Ditto. - (es_write_hexstring): Ditto. - (dummy_mutex_call_void, dummy_mutex_call_int) [HAVE_PTH]: New. - (ESTREAM_MUTEX_LOCK, ESTREAM_MUTEX_UNLOCK, ESTREAM_MUTEX_TRYLOCK) - (ESTREAM_MUTEX_INITIALIZE) [HAVE_PTH]: Use dummy calls so to mark - unused arg. - -2008-10-19 Werner Koch - - * estream-printf.c (estream_vsnprintf): Fix return value. - (check_snprintf): Add a new test. - (one_test) [W32]: Disable test. - -2008-10-17 Werner Koch - - * util.h (snprintf) [W32]: Redefine to estream_snprintf. - -2008-09-03 Werner Koch - - * convert.c (hex2str): New. - (hex2str_alloc): New. - * t-convert.c (test_hex2str): New. - -2008-08-19 Werner Koch - - * iobuf.c: Avoid passing a NULL (iobuf_t)->desc to the log - function. Should in general never be NULL, but well. Reported by - M. Heneka. - -2008-06-26 Werner Koch - - * estream.c (es_write_sanitized): Loose check for control - characters to better cope with utf-8. The range 0x80..0x9f is - nowadays not anymore accidently used for control charaters. - -2008-06-25 Marcus Brinkmann - - Revert last three changes related to handle translation. - * sysutils.c: - (FD_TRANSLATE_MAX, fd_translate, fd_translate_len) - (translate_table_init, translate_table_lookup): Removed. - * iobuf.c (check_special_filename): Do not use - translate_table_lookup. - * sysutils.h (translate_table_init, translate_table_lookup): - Remove prototypes. - -2008-06-19 Werner Koch - - * sysutils.c: Remove . - (fd_translate_max): Use macro for the size. - (translate_table_init): Protect read against EINTR and replace - isspace by spacep. - -2008-06-18 Marcus Brinkmann - - * sysutils.c (TRANS_MAX): Bump up to 350 to be on the safe side. - - * sysutils.h (translate_table_init, translate_table_lookup): New - prototypes. - * sysutils.c: Include . - (FD_TRANSLATE_MAX): New macro. - (fd_translate, fd_translate_len): New static variables. - (translate_table_init, translate_table_lookup): New functions. - (translate_sys2libc_fd_int): Translate file descriptor. - * iobuf.c (check_special_filename): Translate handle values from - special filenames. - -2008-06-16 Werner Koch - - * homedir.c (w32_commondir): New. - (gnupg_sysconfdir): Use it. - -2008-06-09 Werner Koch - - * b64dec.c: New. - -2008-06-05 Werner Koch - - * util.h (gnupg_copy_time): Replace strcpy by memcpy. - -2008-05-26 Werner Koch - - * asshelp.c (send_one_option, send_pinentry_environment): use - xfree and xtrystrdup. - - * i18n.c (i18n_switchto_utf8) [USE_SIMPLE_GETTEXT]: Return NULL. - - * homedir.c (gnupg_module_name): Add - GNUPG_MODULE_NAME_CONNECT_AGENT and GNUPG_MODULE_NAME_GPGCONF. - -2008-04-21 Werner Koch - - * http.c (http_wait_response) [W32]: Use DuplicateHandle because - it is a socket. - (cookie_read) [W32]: Use recv in place of read. - -2008-04-08 Werner Koch - - * i18n.c (i18n_switchto_utf8, i18n_switchback) - [USE_SIMPLE_GETTEXT]: Implement. - -2008-04-07 Werner Koch - - * b64enc.c (b64enc_start): Detect PGP mode. - (b64enc_finish): Write PGP CRC. - * util.h (struct b64state): Add field CRC. - * t-b64.c: New. - - * pka.c (get_pka_info): Use xtrymalloc and check result. - -2008-03-25 Werner Koch - - * localename.c: Strip all W32 code. Include w32help.h. - (gnupg_messages_locale_name) [W32]: Use the gettext_localename. - -2008-03-17 Werner Koch - - * iobuf.c (IOBUF_BUFFER_SIZE): Actually use this macro. - - * simple-pwquery.c (agent_send_all_options): Fix last change. - -2008-03-06 Werner Koch - - * simple-pwquery.c (agent_send_all_options): Add support for - XAUTHORITY and PINENTRY_USER_DATA. - -2008-02-15 Marcus Brinkmann - - * exechelp.c (gnupg_spawn_process_fd): Add flag DETACHED_PROCESS - unconditionally (required for all callers at the moment). - -2008-02-14 Werner Koch - - * sysutils.c (gnupg_allow_set_foregound_window): New. - (WINVER) [W32]: Define. - -2008-01-31 Werner Koch - - * audit.c (audit_print_result): Make sure that the output is - always UTF8. - -2008-01-27 Werner Koch - - * exechelp.c (gnupg_spawn_process): Add arg FLAGS and changed all - callers to pass 0 for it. - -2007-12-13 Werner Koch - - * sexputil.c (hash_algo_from_sigval): New. - * t-sexputil.c: New. - * Makefile.am (module_tests): Add it. - -2007-12-11 Werner Koch - - * asshelp.c (send_pinentry_environment): Allow using of old - gpg-agents not capabale of the xauthority and pinentry_user_data - options. - -2007-12-04 Werner Koch - - * Makefile.am (t_helpfile_LDADD, module_maint_tests): New. - * t-helpfile.c: New. - * helpfile.c: New. - * membuf.h (is_membuf_ready, MEMBUF_ZERO): New. - * localename.c: New. Taken from gettext with modifications as done - for GpgOL. Export one new function. - * util.h (gnupg_messages_locale_name, gnupg_get_help_string): Added. - - * sysutils.c (gnupg_reopen_std): New. Taken from ../g10/gpg.c. - -2007-11-27 Werner Koch - - * Makefile.am (CLEANFILES): New. - - * homedir.c (dirmngr_socket_name): Use CSIDL_WINDOWS. - -2007-11-15 Werner Koch - - * asshelp.c (send_pinentry_environment): Add args XAUTHORITY and - PINENTRY_USER_DATA. - (start_new_gpg_agent): Ditto. - -2007-11-07 Werner Koch - - * status.h: New. - * errors.h: Remove. - -2007-11-05 Werner Koch - - * audit.c, audit.h: New. - * Makefile.am: Add rules to build audit-events.h. - * exaudit.awk: New. - * mkstrtable.awk: New. Taken from libgpg-error. - -2007-10-19 Werner Koch - - * i18n.c (i18n_switchto_utf8, i18n_switchback): New. - -2007-10-01 Werner Koch - - * sysutils.h (FD2INT, INT2FD): New. - -2007-09-21 Werner Koch - - * homedir.c (default_homedir): Make registry work. Reported by - Marc Mutz. - -2007-08-29 Werner Koch - - * exechelp.c (gnupg_wait_process): Add arg EXITCODE. Changed all - callers. - (gnupg_create_inbound_pipe): New. - * util.h (GNUPG_MODULE_NAME_GPGSM, GNUPG_MODULE_NAME_GPG): New. - * homedir.c (gnupg_module_name): Add them - -2007-08-28 Werner Koch - - * gettime.c (check_isotime, add_isotime): New. Originally written - for DirMngr by me. - (add_days_to_isotime): New. - (date2jd, jd2date, days_per_month, days_per_year): New. Taken from - my ancient (1988) code used in Wedit (time2.c). - -2007-08-27 Werner Koch - - * util.h (GNUPG_MODULE_NAME_CHECK_PATTERN): New. - * homedir.c (gnupg_module_name): Add it. - * exechelp.c (w32_fd_or_null) [W32]: New. - (gnupg_spawn_process_fd): New. - (gnupg_wait_process) [W32]: Close the handle after if the process has - returned. - -2007-08-22 Werner Koch - - Updated estream from libestream. - - * estream.c (mem_malloc, mem_realloc, mem_free): New. Use them - instead of the ES_MEM_foo. - * estream.c (estream_cookie_mem): Remove members DONT_FREE, - APPEND_ZERO, PTR and SIZE. Add MEMORY_LIMIT. Put GROW into a new - FLAGS struct. - (es_func_mem_create): Remove APPEND_ZERO, DONT_FREE, PTR and - SIZE. Add MEMORY_LIMIT. - (es_func_mem_write, es_func_mem_seek, es_func_mem_destroy): Revamp. - (es_open_memstream): Change API to just take a memory limit and a - mode argument. Rename to .. - (es_fopenmem): .. this. - (HAVE_W32_SYSTEM) [_WIN32]: Define if not defined. - (tmpfd) [W32]: Implement directly using the W32 API. - (es_fgets): Rewrite without using doreadline. - -2007-08-21 Werner Koch - - * sysutils.c (gnupg_tmpfile): New. - * t-sysutils.c: New. - * Makefile.am (module_tests): Add t-sysutils. - -2007-08-20 Werner Koch - - * exechelp.c [W32]: Redefine X_OK to F_OK. - -2007-08-16 Werner Koch - - * Makefile.am (t_convert_DEPENDENCIES): Remove - ($(PROGRAMS)): Remove. - (t_common_ldadd): Use libcommon.a and not the macro. - -2007-08-14 Werner Koch - - * homedir.c (dirmngr_socket_name): New. - -2007-08-07 Werner Koch - - * tlv.c, tlv.h: Move from ../scd/. - * tlv.c (parse_sexp, parse_ber_header): Add ERRSOURCE arg and prefix - name with a _. - * tlv.h: Use macro to convey ERRSOURCE. - -2007-08-02 Werner Koch - - * gc-opt-flags.h: New. - -2007-08-01 Werner Koch - - * estream-printf.c (read_dummy_value): Removed as it is useless now. - (read_values): Remove check on !vaargs which is not anymore needed - and anyway not portable. Reported by Peter O'Gorman. - -2007-07-16 Werner Koch - - * estream.c (es_func_file_create): Clear NO_CLOSE flag. - -2007-07-12 Werner Koch - - * sysutils.h (gnupg_fd_t): New. - * sysutils.c (translate_sys2libc_fd): Use that type instead of int. - (translate_sys2libc_fd_int): New. - -2007-07-09 Werner Koch - - * t-gettime.c (test_isotime2epoch): Use time_t and not u32. - -2007-07-05 Werner Koch - - * t-gettime.c: New. - * gettime.c (isotime2epoch, epoch2isotime): New. - -2007-07-04 Werner Koch - - * estream.c (es_init_do): Do not throw an error if pth has already - been initialized. - -2007-06-26 Werner Koch - - * Makefile.am ($(PROGRAMS)): New. - - * util.h (init_common_subsystems): Moved to .. - * init.h: .. New. - * util.h: Include init.h. - - * homedir.c (standard_homedir): New. - (default_homedir) [W32]: Reimplemented in terms of - standard_homedir. Fixed memory leak. - -2007-06-25 Werner Koch - - * iobuf.c: Add more documentation and slighly restructured macro - defintion for better readability. - (FILEP_OR_FD): Rename to fp_or_fd_t. - (CLOSE_CACHE): Rename to close_cache_t. - - * sysutils.c (translate_sys2libc_fd): New using the code from iobuf.c. - * iobuf.c: Include sysutils.h. - (iobuf_translate_file_handle): Remove. - (translate_file_handle): Use new function. - - * estream-printf.c [TEST]: Header including fixes. - (do_format): Do not append a trailing Nul. This avoids spurious - Nuls in the es_printf output. - (estream_vsnprintf, estream_vasprintf): Take this in account. - - * estream.h (struct es__stream): Change FLAGS to a bit structure. - (ES__FLAG_WRITING): Replace by a bit from FLAGS. * estream.c - (struct estream_internal): Rename FLAGS to MODEFLAGS so that they - are not confused with the estream flags. - (es_initialize, es_create): Add arg MODEFLAGS so that we can setup - the intial writemode. Changed all callers to pass them. - (es_convert_mode): Set O_BINARY. - (es_func_fd_create, es_func_fp_create, es_func_file_create) [W32]: - Call setmode if requested. - -2007-06-24 Werner Koch - - * estream.c (do_fpopen, es_fpopen, es_fpopen_nc): New. - (es_func_fp_create, es_func_fp_read, es_func_fp_write) - (es_func_fp_seek, es_func_fp_destroy): New. - -2007-06-22 Werner Koch - - * estream.c (es_fdopen): Factored code out to.. - (do_fdopen): .. new. - (es_fdopen_nc): New. - (estream_cookie_fd): Add field NO_CLOSE. - (es_func_fd_create): Add arg NO_CLOSE and changed all callers. - (es_func_fd_destroy): Handle the new flag. - - * homedir.c (gnupg_libexecdir) [W32]: Factor code out to .. - (w32_rootdir): .. new. - (gnupg_sysconfdir, gnupg_libdir, gnupg_datadir) [W32]: Return - name based on w32_rootdir(). - -2007-06-21 Werner Koch - - * membuf.h (get_membuf_len): New. - - * membuf.c (init_membuf_secure): Really allocate in secure memory. - (put_membuf_str): New. - - * ttyio.c (tty_getf): New. - - * util.h (ctrl_t): Declare it here. - - * asshelp.c (start_new_gpg_agent): New. Based on code from - ../sm/call-agent.c - -2007-06-20 Werner Koch - - * sysutils.c (gnupg_sleep): New. - * sysutils.h [W32]: Remove _sleep wrapper. Changed all callers to - use gnupg_sleep. - - * exechelp.c (build_w32_commandline_copy): New. - (build_w32_commandline): Factored some code out to new function - and correctly process a PGMNAME with spaces. - (gnupg_spawn_process_detached) [W32]: Implement. - -2007-06-14 Werner Koch - - * simple-pwquery.h (MAP_SPWQ_ERROR_IMPL): New. - (SPWQ_NO_PIN_ENTRY): New. - * simple-pwquery.c (simple_pw_set_socket): New. - (agent_open): Use it if GPG_AGENT_INFO is not set. - (simple_pwquery): Extended to allow returning of otehyr error codes. - - * util.h (GNUPG_MODULE_NAME_AGENT, GNUPG_MODULE_NAME_PINENTRY) - (GNUPG_MODULE_NAME_SCDAEMON, GNUPG_MODULE_NAME_DIRMNGR) - (GNUPG_MODULE_NAME_PROTECT_TOOL): New. - * homedir.c (gnupg_module_name): New. - (gnupg_bindir): New. - -2007-06-12 Werner Koch - - * homedir.c (gnupg_sysconfdir): New. - (gnupg_libexecdir): New. Taken from g10/misc.c:get_libexecdir. - (gnupg_datadir): New. - (gnupg_libdir): New. - - * http.c (connect_server) [W32]: Do not call init_sockets if - HTTP_NO_WSASTARTUP is defined. - - * init.c: New. - - * estream.c (es_init_do): Init stream lock here because we can't - use a static initialization with W32pth. - -2007-06-11 Werner Koch - - * Makefile.am (t_common_ldadd): Use libcommonstd macro. - -2007-06-06 Werner Koch - - * Makefile.am: Include am/cmacros.am. - - * sysutils.h [W32]: Remove prototypes for the registry access. - * w32reg.c: Move to ../jnlib/w32-reg.c. - - * i18n.c (i18n_init): New. - - * simple-gettext.c: Remove. - - * iobuf.c (iobuf_get_filelength): Rename SIZE to EXSIZE to silent - shadowing warning. - -2007-06-04 Werner Koch - - * http.c [W32]: Include unistd.h also in this case. - (write_server) [W32]: Fixed error code. - (init_sockets): Fixed syntax error. - (cookie_close): Replace close by sock_close macro. - - * estream.c [w32]: Do not init Mutex. - - * Makefile.am (common_sources) [USE_SNS_SRV]: Build srv.c only - when needed. - - * ttyio.c (init_ttyfp) [W32]: Do not use TTYFP. - - * util.h: Include ../jnlib/dynload.h. - - * dynload.h: Move to ../jnlib. - -2007-05-30 Werner Koch - - * estream.c (MEM_FREE, MEM_ALLOC, MEM_REALLOC): Prefix with ES_ as - windows.h also has such definitions, - -2007-05-15 Werner Koch - - * util.h: Do not include gnulib's vasprintf. Redefine asprintf - and vasprintf. - - * xasprintf.c (xasprintf, xtryasprintf): Use estream_vasprintf. - - * estream-printf.h, estream-printf.c: New. Taken from current - libestream SVN. - * Makefile.am (common_sources): Add them. - -2007-05-14 Werner Koch - - * sexp-parse.h (smklen): New. - * sexputil.c: Include sexp-parse.h. - (make_simple_sexp_from_hexstr): Replace sprintf by smklen. - -2007-05-07 Werner Koch - - * signal.c (got_fatal_signal): Protect SIG from being clobbered by - a faulty signal implementaion. Suggested by James Juran. - -2007-04-25 Werner Koch - - * i18n.h (ngettext): New. - * simple-gettext.c (ngettext): New. - -2007-04-20 Werner Koch - - * miscellaneous.c (my_gcry_logger, my_gcry_outofcore_handler): - Moved from gpg-agent to here. - (my_gcry_fatalerror_handler): new. - (setup_libgcrypt_logging): New. - -2007-03-19 Werner Koch - - * miscellaneous.c (print_hexstring): New. - * estream.c (es_fprintf_unlocked): New. - (es_write_sanitized): New. - (es_write_hexstring): New. - (es_write_sanitized_utf8_buffer) [GNUPG_MAJOR_VERSION]: New. - -2007-03-09 David Shaw - - From STABLE-BRANCH-1-4 - - * http.c (do_parse_uri): Remove the hkp port 11371 detection. We - implement hkp in the keyserver handler, and the support here makes - it appear like a bad hkp request actually succeeded. - -2007-01-31 Werner Koch - - * Makefile.am (t_common_ldadd): Add LIBINCONV and LIBINTL. - -2007-01-25 Werner Koch - - * simple-pwquery.c (simple_pwquery): New arg OPT_CHECK. - -2006-12-13 David Shaw - - * Makefile.am (AM_CPPFLAGS): Include intl/ so we can reference the - built-in headers. - -2006-11-23 Werner Koch - - * http.c: Include i18n.h - -2006-11-21 Werner Koch - - * estream.c: Remove explicit Pth soft mapping diabling becuase it - is now done in config.h. - -2006-11-15 Werner Koch - - * estream.c: Disabled Pth soft mapping. - (my_funopen_hook_ret_t): New. - (print_fun_writer): Use it here. - - * iobuf.c (fd_cache_close): Use %d instead of %p for debug output. - -2006-11-03 Werner Koch - - * Makefile.am (t_convert_DEPENDENCIES): Add libcommon. From - Gentoo. - -2006-10-24 Marcus Brinkmann - - * Makefile.am (libcommon_a_CFLAGS): Add $(LIBASSUAN_CFLAGS). - (libsimple_pwquery_a_CFLAGS): New variable. - -2006-10-20 Werner Koch - - * convert.c (hex2bin): New. - -2006-10-17 Werner Koch - - * estream.c (struct estream_internal, es_initialize) - (es_deinitialize, print_fun_writer, es_print): New and modified - functions to avoid tempfiles for printf style printing. - - * Makefile.am (libcommonpth_a_SOURCES): New. We now build a secon - version of the library with explicit Pth support. - * exechelp.c, estream.c: Make use of WITHOUT_GNU_PTH. - -2006-10-08 Werner Koch - - * gpgrlhelp.c: Trun all functions into dummies if readline is not - available. - -2006-10-06 Werner Koch - - * Makefile.am (AM_CFLAGS): Use PTH version of libassuan. - - * util.h (GNUPG_GCC_A_SENTINEL): Defined for gcc >= 4. - -2006-10-04 David Shaw - - * gpgrlhelp.c: readline requires stdio.h. - -2006-10-04 Werner Koch - - * membuf.c (init_membuf_secure): New. - (put_membuf): Make sure that ERRNO is set even if the underlying - malloc code does not work properly. - (get_membuf): Set ERRNO on error. - (get_membuf): Allow to pass LEN as NULL. - -2006-10-02 Werner Koch - - * iobuf.c (iobuf_unread): Removed. This code is not required. - Also removed the entire unget buffer stuff. - -2006-09-27 Werner Koch - - * util.h: Do not include strsep.h and strpbrk.h. - (isascii): Removed as it is now in jnlib. - - * iobuf.c (pop_filter, underflow, iobuf_close): Free the unget - buffer. - -2006-09-27 Florian Weimer (wk) - - * iobuf.c (iobuf_unread): New. - -2006-09-22 Werner Koch - - * i18n.h: Changed license to an all permissive one. - - * ttyio.c (tty_get): We need to use readline too. Added two more - hooks. - -2006-09-21 Werner Koch - - * ttyio.c (tty_private_set_rl_hooks): New. - (tty_enable_completion, tty_disable_completion): Use a hook to - enable readline support. Now always available. - (tty_cleanup_rl_after_signal): New. - - * ttyio.h: Removed readline specific stuff. Included util.h. - * common-defs.h: New. - -2006-09-15 Werner Koch - - * convert.c: New. - (hexcolon2bin): New. - (bin2hex, bin2hexcolon, do_binhex): New. - * t-convert.c: New - -2006-09-14 Werner Koch - - * util.h (out_of_core): Use new gpg_error_from_syserror function. - - * http.c (init_sockets): Changed it to require 2.2 unless it is - build within gnupg 1 where we require 1.1 (and not anymore allow - for 1.0). - -2006-09-07 Werner Koch - - * exechelp.c (gnupg_spawn_process): Factor out post fork code to .. - (do_exec): .. new function. Allow passing of -1 for the fds. - (gnupg_spawn_process): Terminate gcrypt's secure memory in the child. - (gnupg_spawn_process_detached): New. - -2006-09-06 Werner Koch - - * maperror.c: Removed. - - * util.h (out_of_core): New. - -2006-09-04 Werner Koch - - * http.c (http_get_header): New. - (capitalize_header_name, store_header): New. - (parse_response): Store headers away. - (send_request): Return GPG_ERR_NOT_FOUND if connect_server failed. - * http.h: New flag HTTP_FLAG_NEED_HEADER. - -2006-08-21 Werner Koch - - * Makefile.am (libcommon_a_SOURCES): Added keyserver.h - - * openpgpdefs.h: New. Stripped from ..g10/packet.h. - -2006-08-16 Werner Koch - - * keyserver.h: Moved from ../include to here. - - * http.c: Include srv.h. - - * srv.c, srv.h: New. Taken from GnuPG 1.4 - -2006-08-14 Werner Koch - - * http.h (struct http_context_s): Moved to implementation. - * http.c (http_open): Changed call to return a context. - (http_open_document): Ditto. - (http_get_read_ptr, http_get_read_ptr, http_get_status_code): New. - (do_parse_uri): Replaced strlwr by straight code to ease - standalone use of this file. - (http_wait_response): Removed arg STATUS_CODE as it is available - through an accessor function. Adjusted caller. - (http_escape_string): New. - - * estream.c (es_read_line): Renamed to .. - (doreadline): .. this. Changed all callers. - (es_read_line): New. This is theusual limited getline variabnt as - used at several places. Here taken and adjusted from xreadline.c - (es_free): New. - -2006-08-11 Werner Koch - - * http.c: Major internal changes to optionallly support GNUTLS and - ESTREAM. - (http_open): Move initialization of the stream ... - (send_request): .. here. - (http_register_tls_callback): New. - - * estream.c (es_writen): Try to seek only is a seek function has - been registered. - -2006-08-09 Werner Koch - - * http.c, http.h: New. Taken from gnupg 1.4.5, merged with - changes done for the Dirmngr project (by g10 Code) and cleaned up - some stuff. - (make_header_line): New. Change all caller to make user of the new - * Makefile.am (libcommon_a_SOURCES): Added http.c and http.h. - -2006-05-23 Werner Koch - - * gettime.c (isotimestamp): New. - - * ttyio.c (tty_get_ttyname): Posixly correct usage of ctermid. - - * dns-cert.c: New. Taken from 1.4.3's util/cert.c. - * dns-cert.h: New. - -2006-05-22 Werner Koch - - * pka.c: New. Taked from 1.4.3. - * pka.h: New. - * Makefile.am: Added pka. - -2006-05-19 Werner Koch - - * yesno.c (answer_is_yes_no_default, answer_is_yes_no_quit): - Updated from 1.4.3. - (answer_is_okay_cancel): new. From 1.4.3. - - * miscellaneous.c (match_multistr): New. Taken from 1.4.3. - - * ttyio.c (tty_enable_completion, tty_disable_completion): New - dummy functions. - * ttyio.h: Add prototypes and stubs. - -2006-04-19 Werner Koch - - * iobuf.c (iobuf_get_fd): New. Taken from 1.4.3. - (iobuf_is_pipe_filename): New. - (pop_filter): Made static. - (iobuf_skip_rest): New. Orginal patch by Florian - Weimer. Added new argument PARTIAL. - (block_filter): Remove the old gpg indeterminate length mode. - (block_filter): Properly handle a partial body stream - that ends with a 5-byte length that happens to be zero. - (iobuf_set_block_mode, iobuf_in_block_mode): Removed as - superfluous. - (iobuf_get_filelength): New arg OVERFLOW. - (iobuf_get_filelength) [W32]: Use GetFileSizeEx if available - * miscellaneous.c (is_file_compressed): Take care of OVERFLOW. - -2006-04-18 Werner Koch - - * homedir.c (w32_shgetfolderpath): New. Taken from gpg 1.4.3. - (default_homedir): Use it. - -2005-10-08 Marcus Brinkmann - - * signal.c (get_signal_name): Check value of HAVE_DECL_SYS_SIGLIST - instead of just if it is defined. - -2005-09-28 Marcus Brinkmann - - * Makefile.am (AM_CFLAGS): Add $(LIBASSUAN_CFLAGS). - -2005-07-04 Marcus Brinkmann - - * simple-pwquery.h (simple_pwclear): New prototype. - * simple-pwquery.c (simple_pwclear): New function. - -2005-06-15 Werner Koch - - * miscellaneous.c (make_printable_string): Made P a void*. - - * sexputil.c (keygrip_from_canon_sexp, cmp_simple_canon_sexp): - Fixed signed/unsigned pointer mismatch. - (make_simple_sexp_from_hexstr): Ditto. This is all too ugly; I - wonder why gcc-4's default is to warn about them and forcing us to - use cast the warning away. - * iobuf.c (block_filter): Ditto. - (iobuf_flush): Ditto. - (iobuf_read_line): Ditto. - (iobuf_read): Make BUFFER a void *. - (iobuf_write): Make BUFFER a const void *. - * ttyio.c (tty_print_utf8_string2): Ditto. - * estream.c (estream_cookie_mem): Make MEMORY unsigned char*. - (es_write): Make BUFFER a void *. - (es_writen): Ditto. - (es_func_fd_read, es_func_fd_write, es_func_mem_read) - (es_func_mem_write): Ditto. - (es_read, es_readn): Ditto. - (es_func_mem_write): Made MEMORY_NEW an unsigned char *. - * estream.h (es_cookie_read_function_t) - (es_cookie_write_function_t): Changed buffer arg to void*. - -2005-06-03 Werner Koch - - * estream.c: Use HAVE_CONFIG_H and not USE_CONFIG_H! - (es_func_fd_read, es_func_fd_write): Protect against EINTR. - -2005-06-01 Werner Koch - - * Makefile.am (AM_CPPFLAGS): Added. - - * util.h: Add some includes for gnulib. - (ttyname, isascii): Define them inline. - * fseeko.c, ftello.c: Removed. - * strsep.c, mkdtemp.c: Removed. - * ttyname.c, isascii.c: Removed. - -2005-05-31 Werner Koch - - * dynload.h: s/__inline__/inline/. - -2005-05-13 Werner Koch - - * signal.c (got_fatal_signal): Print the signal number if we can't - get a name for it. - (get_signal_name): Return NULL if no name is available. Fixed - conditional for sys_siglist to the correct one. - -2005-04-17 Werner Koch - - * sexputil.c (cmp_simple_canon_sexp): New. - (make_simple_sexp_from_hexstr): New. - -2005-04-07 Werner Koch - - * sexputil.c: New. - -2005-04-11 Marcus Brinkmann - - * simple-pwquery.c (simple_pwquery): Use spwq_secure_free. - -2005-03-03 Werner Koch - - * Makefile.am (AM_CFLAGS): Added PTH_CFLAGS. Noted by Kazu Yamamoto. - -2005-02-25 Werner Koch - - * xasprintf.c (xtryasprintf): New. - -2005-01-26 Moritz Schulte - - * Makefile.am (libcommon_a_SOURCES): New source files: estream.c, - estream.h. - * estream.c, estream.h: New files. - -2005-01-03 Werner Koch - - * asshelp.c (send_pinentry_environment): Fixed changed from - 2004-12-18; cut+paste error for lc-messages. - -2004-12-21 Werner Koch - - * simple-pwquery.c (agent_open) [W32]: Implement for W32. - (readline) [W32]: Use recv instead of read. - (writen) [W32]: Use send instead of write. - (my_stpcpy): Define a stpcpy replacement so that this file - continues to be self-contained. - (agent_send_all_options) [W32]: Don't call ttyname. - -2004-12-21 Marcus Brinkmann - - * simple-pwquery.h (simple_query): Add prototype. - * simple-pwquery.c (simple_query): New function. - -2004-12-21 Werner Koch - - * signal.c (got_fatal_signal, got_usr_signal) - (got_fatal_signal) [DOSISH]: Don't build. - * simple-gettext.c: Include sysutils.h - - * homedir.c: New. Use CSIDL_APPDATA for W32 as the default home - directory. - * Makefile.am (libcommon_a_SOURCES): Add it. - (EXTRA_DIST): Removed mkerror and mkerrtok. - -2004-12-20 Werner Koch - - * sysutils.h [W32]: Define sleep. - * util.h: Add prototype for mkdtemp. - - * membuf.c (put_membuf): Wipe out buffer after a failed realloc. - -2004-12-19 Werner Koch - - * maperror.c (map_assuan_err_with_source): Oops, args were swapped. - -2004-12-18 Werner Koch - - * maperror.c (map_assuan_err): Renamed to .. - (map_assuan_err_with_source): .. this and add arg SOURCE.c - * asshelp.c (send_pinentry_environment, send_one_option): Add arg - ERRSOURCE. - -2004-12-15 Werner Koch - - * sysutils.h [W32]: Prototypes for registry functions. - * w32reg.c: Include sysutils.h - - * simple-pwquery.c [W32]: Dummy code to allow a build. - - * exechelp.c [W32]: Implemented for W32 . - - * ttyname.c: New. - - * asshelp.c (send_one_option): New. - (send_pinentry_environment): Cleaned up and made sure that empty - values are not send. - -2004-12-07 Werner Koch - - * asshelp.c (send_pinentry_environment) [W32]: Do not use ttyname. - -2004-12-06 Werner Koch - - * exechelp.h, exechelp.c: New. Based on code from ../sm/import.c. - -2004-12-03 Werner Koch - - * strsep.c: Fixed copyright comments. - -2004-11-26 Werner Koch - - * simple-gettext.c: New taken from gnupg 1.3.x - - * simple-pwquery.c [_WIN32]: Include winsock2.h. - (agent_open): Disable it until we have our AF_UNIX implementation - ready. - * fseeko.c, ftello.c: Include sys/types for the sake of W32. - -2004-11-23 Werner Koch - - * b64enc.c: Include stdio.h and string.h - -2004-08-18 Werner Koch - - * simple-pwquery.c (simple_pwquery): Handle gpg-error style return - code for canceled. - -2004-07-20 Werner Koch - - * maperror.c: Removed header ksba.h. Not required anymore. - -2004-06-14 Werner Koch - - * xreadline.c: New. Based on the iobuf_read_line function. - -2004-05-12 Werner Koch - - * util.h (xtrycalloc_secure,xtrymalloc_secure): New. - -2004-05-11 Werner Koch - - * sysutils.c (disable_core_dumps): Only set the current limit. - (enable_core_dumps): New. - -2004-04-13 Werner Koch - - * simple-pwquery.c (copy_and_escape): Relaxed quoting. - -2004-04-05 Werner Koch - - * errors.h (STATUS_NEWSIG): New. - -2004-03-11 Werner Koch - - * dynload.h [__MINGW32__]: Define RTLD_LAZY. - -2004-03-09 Werner Koch - - * maperror.c (map_assuan_err): Map the Locale_Problem item. - -2004-03-03 Werner Koch - - * asshelp.c, asshelp.h: New. - (send_pinentry_environment): New. Code taken from ../sm/call-agent.c. - -2004-02-19 Werner Koch - - * simple-pwquery.c (agent_open): Don't mangle INFOSTR. - -2004-02-17 Werner Koch - - * simple-pwquery.c (agent_open): Ignore an empty GPG_AGENT_INFO. - - * errors.h: Added STATUS_IMPORT_OK. - -2004-02-10 Werner Koch - - * b64enc.c: New. Based on code from ../sm/base64.c. - -2004-01-30 Marcus Brinkmann - - * Makefile.am (libcommon_a_SOURCES): Add xasprintf.c. - * miscellaneous.c (xasprintf): Moved to ... - * xasprintf (xasprintf): ... here. New file. - This allows to use xasprintf without sucking in gpg-error. - -2004-01-27 Werner Koch - - * sexp-parse.h: New; moved from../agent. - - * util.h (xtoi_4): New. - -2003-12-23 Werner Koch - - * maperror.c (map_assuan_err): Prepared for a new error code. - -2003-12-17 Werner Koch - - * gettime.c (asctimestamp): Add a note on a non-avoidable gcc warning. - - * util.h [!HAVE_VASPRINTF]: Add printf format attribute to the - replacement function. - - * miscellaneous.c (xasprintf): New. - -2003-11-14 Werner Koch - - * mkdtemp.c (mkdtemp): Use gcry_create_nonce. - - * cryptmiss.c: Removed. - -2003-11-13 Werner Koch - - * util.h (vasprintf): Also fixed the prototype. - - * vasprintf.c (vasprintf): ARGS should not be a pointer. Fixed - segv on Solaris. Reported by Andrew J. Schorr. - -2003-11-12 Werner Koch - - * maperror.c (map_ksba_err, map_gcry_err, map_kbx_err): Removed. - -2003-10-31 Werner Koch - - * util.h (gnupg_isotime_t): New. - (gnupg_copy_time): New. - - * gettime.c (gnupg_get_isotime): New. - -2003-09-23 Werner Koch - - * iobuf.c (check_special_filename): Replaced is isdigit by digitp - to avoid passing negative values and potential locale problems. - Problem noted by Christian Biere. - - * util.h (ascii_isspace): New. - -2003-09-18 Werner Koch - - * ttyio.c (tty_fprintf): New. - (tty_print_string, tty_print_utf8_string2) - (tty_print_utf8_string): Made P argument const byte*. - -2003-08-20 Marcus Brinkmann - - * maperror.c (map_ksba_err): Map -1. Use gpg_err_make to set - the error source. - -2003-08-14 Timo Schulz - - * dynload.h. New. W32 wrapper around the dynload mechanism. - -2003-07-15 Werner Koch - - * simple-pwquery.c, simple-pwquery.h: New; moved from ../agent. - * Makefile.am (libsimple_pwquery_a_LIBADD): New. - -2003-06-25 Werner Koch - - * maperror.c (map_to_assuan_status): Directly map 0 to 0. - -2003-06-17 Werner Koch - - * gettime.c (scan_isodatestr,add_days_to_timestamp,strtimevalue) - (strtimestamp,asctimestamp): New. Code taken from gnupg 1.3.2 - mischelp.c. - - * yesno.c: New. Code taken from gnupg 1.3.2 mischelp.c - - * miscellaneous.c: New. - - * util.h: Include utf8conf.h - -2003-06-16 Werner Koch - - * gettime.c (make_timestamp): New. - - * ttyio.c: New. Taken from gnupg 1.2. - * ttyio.h: Move from ../include. - -2003-06-13 Werner Koch - - * util.h (seterr): Removed macro. - (xmalloc_secure,xcalloc_secure): New. - -2003-06-11 Werner Koch - - * iobuf.c (iobuf_writebyte,iobuf_write): Return error code from - iobuf_flush. - (iobuf_writestr): Ditto. - -2003-06-10 Werner Koch - - * iobuf.c, iobuf.h: New. Taken from current gnupg 1.3 CVS. Run - indent on it and adjusted error handling to libgpg-error style. - Replaced IOBUF by iobuf_t. Renamed malloc functions. - -2003-06-04 Werner Koch - - * errors.h: Removed all error codes. We keep the status codes for - now. - * Makefile.am: Do not create errors.c anymore; remove it from the - sources. - - * maperror.c: Don't include error.h. Change all error codes to - libgpg-error style. - (map_assuan_err): Changed to new Assuan error code convention. - (map_to_assuan_status): Likewise. - (map_gcry_err,map_kbx_err): Not needed. For now dummy functions. - - * membuf.c, membuf.h: New. Code taken from ../sm/call-agent.h. - * Makefile.am: Added above. - -2003-04-29 Werner Koch - - * util.h (fopencokokie): Removed prototype and struct. - - * fopencookie.c: Removed. - - * maperror.c: Use system assuan.h - -2002-10-31 Neal H. Walfield - - * isascii.c: New file. - * putc_unlocked.c: Likewise. - -2002-10-28 Neal H. Walfield - - * signal.c (caught_fatal_sig): Remove superfluous zero - initializer. - (caught_sigusr1): Likewise. - -2002-09-04 Neal H. Walfield - - * vasprintf.c (vasprintf) [va_copy]: Use va_copy. - [!va_copy && __va_copy]: Use __va_copy. - [!va_copy && !__va_copy]: Only now fall back to using memcpy. - -2002-08-21 Werner Koch - - * errors.h: Added STATUS_IMPORT_PROBLEM. - -2002-08-20 Werner Koch - - * vasprintf.c: Hack to handle NULL for %s. - -2002-08-09 Werner Koch - - * signal.c: New. Taken from GnuPG 1.1.91. - -2002-07-23 Werner Koch - - * util.h (_IO_cookie_io_functions_t): Fixed typo. Noted by - Richard Lefebvre. - -2002-07-22 Werner Koch - - * fseeko.c, ftello.c: New. - -2002-06-28 Werner Koch - - * maperror.c (map_to_assuan_status): Map more errorcodes to Bad - Certificate. - -2002-06-26 Werner Koch - - * maperror.c (map_to_assuan_status): Map EOF to No_Data_Available. - -2002-06-10 Werner Koch - - * errors.h (gnupg_error_token): Add new prototype. - (STATUS_ERROR): New. - - * mkerrtok: New. - * Makefile.am: Use it to create the new error token function. - -2002-06-04 Werner Koch - - * maperror.c (map_to_assuan_status): Map Bad_CA_Certificate. - -2002-05-23 Werner Koch - - * no-pth.c, Makefile.am: Removed. - -2002-05-22 Werner Koch - - * mkdtemp.c: Replaced byte by unsigned char because it is no longer - defined in gcrypt.h. - -2002-05-21 Werner Koch - - * maperror.c (map_gcry_err): Add libgcrypt's new S-expression errors. - (map_ksba_err): Add a few mappings. - -2002-05-14 Werner Koch - - * gettime.c: New. - -2002-05-03 Werner Koch - - * errors.h: Added STARUS_EXPSIG and STATUS_EXPKEYSIG. - -2002-04-15 Werner Koch - - * cryptmiss.c: New. - -2002-02-14 Werner Koch - - * maperror.c: Add more assuan<->gnupg mappings. - -2002-02-12 Werner Koch - - * fopencookie.c: Dummy function. - - * vasprintf.c: New. Taken from binutils-2.9.1 and dropped all non - ANSI-C stuff. Merged with asprintf version. - - * no-pth.c: New. - -2002-01-23 Werner Koch - - * mkdtemp.c: Copied from gnupg-1.0.6c and changed to use libgcrypt. - -2002-01-19 Werner Koch - - * sysutils.c: New. This is the misc.c file from gnupg 1.0.6 with - the OpenPGP stuff removed. - * sysutils.h: New. - -2002-01-15 Werner Koch - - * maperror.c: Add mapping for Not_Trusted. - -2002-01-11 Werner Koch - - * maperror.c (map_assuan_err): Codes for CRL - -2002-01-08 Werner Koch - - * util.h (spacep): New. - -2002-01-02 Werner Koch - - * maperror.c (map_to_assuan_status): New. Merged from ../agent - and ../sm. - -2001-12-20 Werner Koch - - * maperror.c (map_gcry_err): Add some mappings. - -2001-12-18 Werner Koch - - * Makefile.am (AM_CPPFLAGS): Include flags for gcrypt and ksba - -2001-12-14 Werner Koch - - * util.h (digitp, hexdigitp): New ctype like macros. - (atoi_1,atoi_2,atoi_4,xtoi_1,xtoi_2): New. - - - Copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, - 2009, 2010, 2011 Free Software Foundation, Inc. - - This file is free software; as a special exception the author gives - unlimited permission to copy and/or distribute it, with or without - modifications, as long as this notice is preserved. - - This file is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY, to the extent permitted by law; without even the - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/common/ChangeLog-2011 b/common/ChangeLog-2011 new file mode 100644 index 000000000..42ee4e87f --- /dev/null +++ b/common/ChangeLog-2011 @@ -0,0 +1,2499 @@ +2011-12-01 Werner Koch + + NB: ChangeLog files are no longer manually maintained. Starting + on December 1st, 2011 we put change information only in the GIT + commit log, and generate a top-level ChangeLog file from logs at + "make dist". See doc/HACKING for details. + +2011-11-30 Werner Koch + + Rewrite dns-cert.c to not use the gpg-only iobuf stuff. + * dns-cert.c: Remove iobuf.h. + (get_dns_cert): Rename to _get_dns_cert. Remove MAX_SIZE arg. + Change iobuf arg to a estream-t. Rewrite function to make use of + estream instead of iobuf. Require all parameters. Return an + gpg_error_t error instead of the type. Add arg ERRSOURCE. + * dns-cert.h (get_dns_cert): New macro to pass the error source to + _gpg_dns_cert. + * t-dns-cert.c (main): Adjust for changes in get_dns_cert. + + * estream.c (es_fopenmem_init): New. + * estream.h (es_fopenmem_init): New. + +2011-11-29 Werner Koch + + * estream.c (func_mem_create): Don't set FUNC_REALLOC if GROW is + not set. Require FUNC_REALLOC if DATA is NULL and FUNC_FREE is + given. + + * dns-cert.c: Use new CERTTYPE_ constants for better readability. + +2011-11-28 Werner Koch + + * t-dns-cert.c (main): Increase MAX_SIZE to 64k. + + * dns-cert.c (get_dns_cert): Factor test code out to ... + * t-dns-cert.c: new file. + +2011-10-24 Werner Koch + + * dotlock.h, dotlock.c: Add alternative to allow distribution of + these files under a modified BSD license + +2011-10-13 Marcus Brinkmann + + * estream.c, exechelp-posix.c, exechelp-w32.c, exechelp-w32ce.c, + http.c, init.c, sysutils.c: Port to NPth. + +2011-09-30 Werner Koch + + Change the license of all JNLIB parts from LPGLv3+ to to LGPLv3+ + or GPLv2+. + + * dotlock.h (DOTLOCK_EXT_SYM_PREFIX): New macro. + +2011-09-29 Werner Koch + + * dotlock.c (DOTLOCK_USE_PTHREAD): New macro. + [DOTLOCK_USE_PTHREAD] (all_lockfiles_mutex): New. + (LOCK_all_lockfiles, UNLOCK_all_lockfiles): New. Use them to + protect access to all_lockfiles. + (dotlock_set_fd, dotlock_get_fd): New. + +2011-09-28 Werner Koch + + * dotlock.c (dotlock_take, dotlock_take_unix, dotlock_take_w32): + Implement arbitrary timeout values. + (dotlock_create): Add arg FLAGS for future extensions. + +2011-09-27 Werner Koch + + * dotlock.c (dotlock_take_unix): Check only the link count and not + the error return from link. + (use_hardlinks_p): New. + (dotlock_create_unix): Test for hardlinks. + (dotlock_take_unix): Implement O_EXCL locking. + +2011-09-23 Werner Koch + + * dotlock.c: Factor Unix and W32 specific code out into specific + functions. Define HAVE_POSIX_SYSTEM. Rearrange some functions. + (disable_dotlock): Rename to dotlock_disable. + (create_dotlock): Rename to dotlock_create. + (destroy_dotlock): Rename to dotlock_destroy. + (make_dotlock): Rename to dotlock_take. + (release_dotlock): Rename to dotlock_release. + +2011-09-22 Werner Koch + + * dotlock.c: Remove support for RISCOS. + +2011-08-10 Werner Koch + + * t-exechelp.c (test_close_all_fds): Don't use the DUMMY_FD var. + + * pka.c (get_pka_info): Remove unused var. + + * signal.c (got_fatal_signal): Remove unused var. + + * estream.c (es_fread, es_fwrite): Remove unused var. + +2011-07-20 Werner Koch + + * ssh-utils.c, ssh-utils.h: New. + * t-ssh-utils.c: New. + * Makefile.am (t_ssh_utils_LDADD): New. + (module_tests): Add t-ssh-utils.c + +2011-06-01 Marcus Brinkmann + + * util.h: Undef snprintf before redefining it. + +2011-05-20 Werner Koch + + * util.h: Remove some error code substitutes. + +2011-04-25 Werner Koch + + * userids.c (classify_user_id): Add arg OPENPGP_HACK to fix + regression from 2009-12-08. + +2011-04-01 Werner Koch + + * sysutils.c (get_uint_nonce): New. + +2011-03-03 Werner Koch + + * estream.c (struct estream_list): Rename to estream_list_s and + simplify. A double linked list is overkill for our purpose. + (do_list_add, do_list_remove): Adjust accordingly. + (_es_get_std_stream): Ditto. + (do_list_iterate, estream_iterator_t): Remove; it is used only at + one place. + (es_fflush): Replace iteration function. Also lock each stream + while flushing all streams. + +2011-02-27 Werner Koch + + * gettime.c (isotime2epoch): Factor check code out to .. + (isotime_p): .. new. + (isotime_human_p): New. + (string2isotime): New. + * t-gettime.c (test_string2isotime): New. + +2011-02-11 Andrey Jivsov + + * openpgp-oid.c (openpgp_oid_to_str): Use unsigned int for + get_opaque. Fixes a bug on 64 bit platforms. + +2011-02-08 Werner Koch + + * http.c (connect_server): Add arg R_HOST_NOT_FOUND. + +2011-02-07 Werner Koch + + * http.c (my_socket_new, my_socket_ref, my_socket_unref): New. + (cookie_close, cookie_read, cookie_write, http_close, _http_open) + (send_request): Replace use of an socket integer by the new socket + object. + (_http_raw_connect): New. + (fp_onclose_notification): New. + (_http_raw_connect, _http_wait_response, http_close): Register and + unregister this notification. + * http.h (http_raw_connect): New. + + * http.h (parsed_uri_s): Add field IS_OPAQUE. + (http_req_t): Add HTTP_REQ_OPAQUE. + * http.c (do_parse_uri): Parse unknown schemes into PATH. + (my_socket_new, my_socket_ref, my_socket_unref): New. + (send_request): Simplify save_errno stuff. + +2011-02-03 Werner Koch + + * status.h (STATUS_DECRYPTION_INFO): New. + + * argparse.c (strusage): Update copyright year. + +2011-01-31 Werner Koch + + * openpgp-oid.c: New. + * t-openpgp-oid.c: New. + +2011-01-20 Werner Koch + + Fix bug#1313. + + * http.c (my_select): New. Define to pth_select if building with Pth. + (start_server, write_server, cookie_read, cookie_write): Use it. + (my_connect): New. Define to pth_connect if building with Pth. + (connect_server): Use it. + (my_accept): New. Define to pth_accept if building with Pth. + (start_server): Use it. + +2011-01-20 Werner Koch + + * util.h (struct b64state): Add field LASTERR. + * b64enc.c (enc_start, b64enc_write, b64enc_finish): Handle + LASTERR. This is to make sure that we don't leak strduped data. + * b64dec.c (b64dec_start, b64dec_proc, b64dec_finish): Ditto. + + * http.c (escape_data): New. + (insert_escapes): Implement using escape_data. + (http_escape_data): New. + +2011-01-19 Werner Koch + + * homedir.c (gnupg_module_name): Use NAME_OF_INSTALLED_GPG instead + of "gpg2". + +2011-01-18 Werner Koch + + * iobuf.c (file_es_filter_ctx_t): New. + (file_es_filter): New. + (iobuf_esopen): New. + + * membuf.c (clear_membuf, peek_membuf): New. + + * util.h (GPG_ERR_NO_KEYSERVER): New. + + * keyserver.h (keyserver_spec): Move from ../g10/options.h to here. + + * http.c (do_parse_uri): Add arg NO_SCHEME_CHECK. Change all + callers. Support HKP and HKPS. + (_http_parse_uri): Do proper error management. + * http.h (parsed_uri_s): Add field IS_HTTP. + (http_parse_uri): Support NO_SCHEME_CHECK arg. + + * estream.c (es_func_mem_write): Fix computation of NEWSIZE. + +2011-01-10 Werner Koch + + * session-env.c (update_var): Fix same value detection. Fixes + bug#1311. + +2010-12-17 Werner Koch + + * asshelp.c (lock_spawning): Add arg VERBOSE. Improve timeout + management. Make callers pass a value for VERBOSE. + (lock_agent_spawning, unlock_agent_spawning): Remove. Change + callers to use lock_spawning and unlock_spawning. + +2010-12-17 Marcus Brinkmann + + * homedir.c (gnupg_cachedir): Create /temp subdirectories. + +2010-12-02 Werner Koch + + * miscellaneous.c (gnupg_cipher_algo_name): New. Replace all + users of gcry_cipher_algo_name by this one. + + * logging.c (fun_cookie_s) [W32CE]: Add field USE_WRITEFILE. + (fun_writer) [W32CE]: Make use of it. + (set_file_fd) [W32CE]: Implement special filename "GPG2:". + +2010-11-25 Werner Koch + + * asshelp.c (start_new_gpg_agent): Change style of startup info. + (start_new_dirmngr): Ditto. + +2010-11-23 Werner Koch + + * asshelp.c (SECS_TO_WAIT_FOR_AGENT, SECS_TO_WAIT_FOR_DIRMNGR): + Use these constants. For W32CE increase them to 30 seconds. + (start_new_gpg_agent): Print time to startup agent. + (start_new_dirmngr): Ditto. + +2010-11-04 Werner Koch + + * logging.c (do_logv) [W32]: Don't set a default log stream if the + registry entry is empty. + +2010-10-27 Werner Koch + + * gettime.c (gnupg_get_isotime): Compare to (time_t)-1. + (epoch2isotime): Ditto. + (IS_INVALID_TIME_T): New. + (asctimestamp): Use new macro. + (strtimestamp, isotimestamp): Ditto. Use snprintf. + +2010-10-25 Werner Koch + + * logging.c (do_log): Rename to log_log and make global. + +2010-10-20 Werner Koch + + * i18n.c (i18n_init) [USE_SIMPLE_GETTEXT]: Call textdomain. + +2010-10-14 Werner Koch + + * asshelp.c (start_new_gpg_agent): Print a notice once the agent + has been started. + (start_new_dirmngr): Likewise. + +2010-10-13 Werner Koch + + * miscellaneous.c (parse_version_number, parse_version_string) + (gnupg_compare_version): New. + +2010-10-04 Werner Koch + + * gettime.c (asctimestamp) [W32CE]: Do not print the timezone. + +2010-09-30 Werner Koch + + * util.h (GPG_ERR_FULLY_CANCELED): Add replacement. + +2010-09-17 Werner Koch + + * http.c (INADDR_NONE): Provide fallback. + * logging.c (INADDR_NONE): Ditto. + +2010-09-16 Werner Koch + + * util.h: Add GPG_ERR_MISSING_ISSUER_CERT. + * status.c (get_inv_recpsgnr_code): Ditto. + +2010-09-13 Werner Koch + + * homedir.c (gnupg_bindir) [W32CE]: Change to bin/. + (gnupg_libexecdir) [W32]: Call gnupg_bindir. + (gnupg_libdir, gnupg_datadir, gnupg_localedir) [W32]: Simplify by + using xstrconcat. + (gnupg_module_name): Ditto. + (w32_rootdir): Strip a trailing "bin". + +2010-09-02 Werner Koch + + * util.h (GPG_ERR_NOT_INITIALIZED): Define if not defined. + +2010-09-01 Marcus Brinkmann + + * estream.c (_es_set_std_fd): Disable debug output. + +2010-08-26 Werner Koch + + * estream.c (es_convert_mode): Rename to parse_mode. + (parse_mode): Add arg R_CMODE and parse key value pairs. Use Use + 664 as the default mode. Change callers. + (ES_DEFAULT_OPEN_MODE): Remove. + (es_fopen, do_fpopen, do_w32open, es_freopen): Support a creation + mode. + (es_func_file_create): Rename to func_file_create and add arg CMODE. + (es_func_fd_create): Rename to func_fd_create. + (es_func_fp_create): Rename to func_fp_create. + (es_list_add): Rename to do_list_add. + (es_list_remove): Rename to do_list_remove. + (es_list_iterate): Rename to do_list_iterate. + (es_pth_read): Rename to do_pth_read. + (es_deinit): Rename to do_deinit. + (es_init_do): Rename to do_init. + (es_func_mem_create): Rename to func_mem_create. + +2010-08-23 Werner Koch + + * exechelp-w32ce.c: Rewrite all spawn stuff. + + * exechelp-w32.c (close_all_fds) [W32]: Make it a dummy function. + + * estream.c (es_onclose): New. + (notify_list_t, onclose): New. + (struct estream_internal): Add field ONCLOSE. + (es_initialize, es_deinitialize): Manage new field. + (do_close): Call onclose notify functions. + +2010-08-20 Werner Koch + + * exechelp-w32.c (create_inheritable_pipe): Change arg to HANDLE. + + * estream.h (es_sysopen_t): New. + * estream.c (es_func_w32_create, es_func_w32_read) + (es_func_w32_write, es_func_w32_seek, es_func_w32_destroy) + (estream_functions_w32, estream_cookie_fd): New. Only for W32. + (es_sysopen, es_sysopen_nc): New. + (do_w32open, do_sysopen): New. + (es_syshd, es_syshd_unlocked): New. + (struct estream_internal): Replace filed FD by SYSHD. + (es_initialize): Clear SYSHD_VALID. + (map_w32_to_errno): New. + (es_get_fd): Remove. + (es_fileno_unlocked): Re-implement using es_syshd. + (es_initialize, es_create): Replace arg FD by SYSHD. + (es_fopen, es_mopen, es_fopenmem, do_fdopen, do_fpopen) + (es_tmpfile): Use SYSHD instead of FD. + (es_destroy): Rename to do_close. + +2010-08-19 Werner Koch + + * exechelp-posix.c (create_pipe_and_estream): New. + (gnupg_spawn_process): Rework this function and its calling + convention; it is not used anyway. + * exechelp-w32.c (gnupg_spawn_process): Ditto. + +2010-08-18 Werner Koch + + * logging.c (writen): Add arg IS_SOCKET. + (fun_writer): Pass the is_socket flag. + (do_logv) [W32]: Allow for a default log stream + + * estream.c (struct estream_internal): Remove obsolete fields + PRINT_FP, PRINT_ERRNO, PRINT_ERR and all remaining code cruft. + +2010-08-16 Werner Koch + + * estream.c (es_printf_unlocked, es_printf): New. + + * asshelp.c (lock_agent_t): Rename to lock_spawn_t. + (lock_agent_spawning, unlock_agent_spawning): Factor code out to ... + (lock_spawning, unlock_spawning): .. new. + (start_new_gpg_agent): Make more use of ERRSOURCE. + (start_new_dirmngr): New. + +2010-08-13 Werner Koch + + * Makefile.am (audit-events.h, status-codes.h): Fix srcdir problem + amd depend on Makefile.am instead of Makefile. + +2010-08-12 Werner Koch + + * sysutils.c (gnupg_remove) [W32CE]: Fix returned error. + +2010-08-09 Werner Koch + + * logging.c (WITH_IPV6): New macro. + (parse_portno): New. From libassuan. + (fun_writer): Support TCP logging on all platforms. + (sock_close): New. + +2010-08-06 Werner Koch + + * homedir.c (dirmngr_socket_name) [W32CE]: Base on default homedir. + (gnupg_cachedir) [W32CE]: Drop drive letter. + + * http.c (http_open_document): Rename to _http_open_document and + add arg ERRSOURCE. Pass ERRSOURCE to all called funcs. + (http_wait_response, http_open, http_parse_uri): Likewise. + (do_parse_uri, parse_response, store_header): Change to return an + gpg_err_code_t. Change callers. + (send_request): Add arg ERRSOURCE. Change callers. + * http.h (http_open_document, http_wait_response, http_open) + (http_parse_uri): Define as macro. + +2010-08-05 Werner Koch + + * estream.h (es_asprintf, es_vasprintf): Add lost prototyps. + + * http.c: Require estream and make HTTP_USE_ESTREAM obsolete. It + make the code unreadable and we require estream anyway for GnuPG. + (http_wait_response): Get use of cookies right. + (send_request): s/xtryasprintf/es_asprintf/ to allow standalone + use of the code. + (insert_escapes, connect_server): s/sprintf/snprintf/. + (parse_response): s/my_read_line/es_read_line/. + (my_read_line): Remove. + (write_server): Use pth_write. + +2010-07-26 Werner Koch + + * estream.c (es_func_fp_write) [W32]: Write smaller chunks. + +2010-07-25 Werner Koch + + * argparse.c (initialize): Use ARGPARSE_PRINT_WARNING constant. + +2010-07-24 Werner Koch + + * estream.c (es_set_binary): New. + +2010-07-19 Werner Koch + + * utf8conv.c (utf8_to_wchar): s/malloc/jnlib_malloc/. + +2010-07-16 Werner Koch + + * http.h (HTTP_FLAG_IGNORE_CL): Add flag . + * http.c (WITHOUT_GNU_PTH): Test macro for Pth support. + (http_parse_uri): s/xcalloc/xtrycalloc/. + (send_request): Replace of discrete allocation and sprintf by + xtryasprintf. + (http_wait_response): Replace HTTP_FLAG_NO_SHUTDOWN by + HTTP_FLAG_SHUTDOWN to change the default to no shutdown. + (cookie_read) [HAVE_PTH]: Use pth_read. + (longcounter_t): New. + (struct cookie_s): Add support for content length. Turn flag + fields into bit types. + (parse_response): Parse content length header. + (cookie_read): Take care of the content length. + +2010-07-08 Werner Koch + + * estream.c (estream_functions_file): Remove and replace by + identical estream_functions_fd. + +2010-07-06 Werner Koch + + * util.h (b64state): Add field STREAM. + * b64enc.c (b64enc_start): Factor code out to .. + (enc_start): new. + (b64enc_start_es, my_fputs): New. + (b64enc_write, b64enc_finish): Support estream. + +2010-06-24 Werner Koch + + * asshelp.c (lock_agent_spawning) [W32]: Use CreateMutexW. + (start_new_gpg_agent): Use HANG option for gnupg_wait_progress. + Fixes regression from 2010-06-09. + +2010-06-21 Werner Koch + + * util.h (xfree_fnc): New. + +2010-06-18 Werner Koch + + * util.h (GPG_ERR_MISSING_KEY) [!GPG_ERR_MISSING_KEY]: New. + + * sexputil.c (make_canon_sexp_pad): Add arg SECURE. + +2010-06-17 Werner Koch + + * sexputil.c (make_canon_sexp_pad): New. + +2010-06-14 Werner Koch + + * membuf.c (put_membuf): Add shortcut for !LEN. + +2010-06-11 Marcus Brinkmann + + * sysutils.c (translate_sys2libc_fd): Revert last change. + (translate_sys2libc_fd_int): Revert last change. + +2010-06-10 Marcus Brinkmann + + * sysutils.c (translate_sys2libc_fd) [HAVE_W32CE_SYSTEM]: + Implement. + (translate_sys2libc_fd_int) [HAVE_W32CE_SYSTEM]: Don't call + translate_sys2libc_fd. + + * estream.c (_es_get_std_stream): Fix cut&paste bug. + +2010-06-09 Werner Koch + + * exechelp-posix.c, exechelp-w32.c + * exechelp-w32ce.c (gnupg_wait_process): Add new arg HANG. Change + all callers. + (gnupg_release_process): New. Use it after all calls to + gnupg_wait_process. + + * util.h (GNUPG_MODULE_NAME_DIRMNGR_LDAP): New. + * homedir.c (gnupg_cachedir): New. + (w32_try_mkdir): New. + (dirmngr_socket_name): Change standard socket name. + (gnupg_module_name): Support GNUPG_MODULE_NAME_DIRMNGR_LDAP. + + * logging.c (log_set_get_tid_callback): Replace by ... + (log_set_pid_suffix_cb): .. new. + (do_logv): Change accordingly. + +2010-06-08 Marcus Brinkmann + + * Makefile.am (AM_CFLAGS): Add $(LIBASSUAN_CFLAGS). + (t_common_ldadd): Add $(LIBASSUAN_LIBS). + * sysutils.c: Include . + (translate_sys2libc_fd_int): Cast to silence gcc warning. + * iobuf.c: Include + (translate_file_handle): Fix syntax error. + +2010-06-08 Werner Koch + + * iobuf.c (translate_file_handle) [W32CE]: Handle rendezvous ids. + +2010-06-07 Werner Koch + + * sysutils.c [W32CE]: Finish pipe creation. + + * estream.c (es_fname_get, es_fname_set): New. + (fname_set_internal): New. + (struct estream_internal): Add fields printable_fname and + printable_fname_inuse. + (_es_get_std_stream): Set stream name. + (es_fopen, es_freopen, es_deinitialize): Set fname. + + * exechelp-posix.c (gnupg_spawn_process): Allow passing INFILE or + OUTFILE as NULL. + * exechelp-w32.c (gnupg_spawn_process): Ditto. + * exechelp-w32ce.c (gnupg_spawn_process): Return an error for + INFILE or OUTFILE passed as NULL. + +2010-06-01 Werner Koch + + * logging.c (log_get_stream): Make sture a log stream is available. + +2010-05-30 Werner Koch + + * init.c (writestring_via_estream): New. + (init_common_subsystems): Register with argparse. + + * argparse.c (argparse_register_outfnc): New. + (writestrings, flushstrings): New. Use them instead of stdout or + stderr based functions. + +2010-05-04 Werner Koch + + * estream.c (_es_get_std_stream): Re-use registered standard fds. + (IS_INVALID_FD, ESTREAM_SYS_YIELD): New. + (es_func_fd_read, es_func_fd_write, es_func_fd_seek) + (es_func_fd_destroy): Implement a dummy stream. + + * exechelp-w32ce.c (build_w32_commandline): Add args FD0_ISNULL + and FD1_ISNULL. Remove arg PGMNAME. Change callers. + (gnupg_spawn_process_detached): Implement. + (gnupg_spawn_process_fd): Implement one special case for now. + +2010-05-03 Werner Koch + + * asshelp.c (lock_agent_spawning, unlock_agent_spawning): New. + (start_new_gpg_agent): Test for configured standard socket and + try to fire up the agent in this case. + + * exechelp-posix.c (gnupg_wait_process): Do not log a message if + EXITCODE is given. + (gnupg_spawn_process_detached): Do not reuse PID for the second fork. + +2010-04-26 Werner Koch + + * utf8conv.c (load_libiconv) [W32CE]: No libiconv warning + + * init.c (init_common_subsystems) [W32CE]: Register the sleep + function before es_init. + +2010-04-20 Werner Koch + + * estream.c (es_deinit): New. + (es_init_do): Install atexit handler to flush all streams. + + * Makefile.am (common_sources): Add gettime.h. + +2010-04-20 Marcus Brinkmann + + * logging.c (do_log_ignore_arg): New helper function. + (log_string): Use it to remove ugly volatile hack that causes gcc + warning. + (log_flush): Likewise. + * sysutils.c (gnupg_unsetenv) [!HAVE_W32CE_SYSTEM]: Return something. + (gnupg_setenv) [!HAVE_W32CE_SYSTEM]: Likewise. + * pka.c (get_pka_info): Solve strict aliasing rule violation. + * t-exechelp.c (test_close_all_fds): Use dummy variables to + silence gcc warning. + +2010-04-15 Werner Koch + + * util.h: Factor time related functions out to ... + * gettime.h: New. + (gnupg_copy_time): Move to ... + * gettime.c (gnupg_copy_time): New. + + * sysutils.c (gnupg_setenv) [!W32CE]: Add missing return. + (gnupg_unsetenv) [!W32CE]: Add missing return. + +2010-04-14 Werner Koch + + * Makefile.am (noinst_LIBRARIES) [W32CE]: Exclude libsimple-pwquery. + + * w32help.h (umask) [W32CE]: New. + + * sysutils.c (_gnupg_isatty): New. + * util.h (gnupg_isatty): New. + + * asshelp.c (setup_libassuan_logging): Read ASSUAN_DEBUG envvar. + (my_libassuan_log_handler): Use it. + * sysutils.c (_gnupg_getenv): Implement ASSUAN_DEBUG. + +2010-04-08 Werner Koch + + * w32help.h (_setmode, setmode) [W32CE]: Provide prototype and + macro. + +2010-04-07 Werner Koch + + * mischelp.c (timegm): Replace unsetenv/putenv by gnupg_unsetenv. + + * sysutils.c: Include setenv.h. + (gnupg_setenv, gnupg_unsetenv): New. + + +2010-04-06 Werner Koch + + * sysutils.c (gnupg_mkdir): New. + +2010-03-29 Werner Koch + + * init.c (sleep_on_exit): Change to 400ms. + +2010-03-25 Werner Koch + + * init.c (sleep_on_exit) [W32CE]: New. + (init_common_subsystems): Call it. + +2010-03-24 Werner Koch + + * stringhelp.c (change_slashes, compare_filenames): Replace + HAVE_DRIVE_LETTERS by HAVE_DOSISH_SYSTEM. + (make_basename, make_dirname): Detect backslashes and drive + letters separately. + + * dotlock.c (make_dotlock, create_dotlock, release_dotlock): Use + LockFileEx and UnlockFileEx to support W32CE. + + * ttyio.c (USE_W32_CONSOLE): Replace all _WIN32 by this. + (init_ttyfp) [W32CE]: Use stderr. + + * iobuf.c (FD_FOR_STDIN, FD_FOR_STDOUT) [W32CE]: Use estream. + (translate_file_handle) [W32CE]: Remove handle translation. + +2010-03-23 Werner Koch + + * sysutils.c (gnupg_remove): New. + +2010-03-22 Werner Koch + + * exechelp-w32ce.c (build_w32_commandline): Replace by code from + libassuan. + (create_inheritable_pipe): Use _assuan_w32ce_prepare_pipe. + (build_w32_commandline_copy, do_create_pipe): Remove. + + * exechelp-posix.c (gnupg_spawn_process): Change to use estream + also for INFILE and STATUSFILE. + * exechelp-w32.c (gnupg_spawn_process): Ditto. + +2010-03-22 Werner Koch + + * exechelp.c: Remove after factoring all code out to ... + * exechelp-posix.c, exechelp-w32.c, exechelp-w32ce.c: .. new. + + * exechelp.c (create_inheritable_pipe_r) + (create_inheritable_pipe_w): Fold both into ... + (create_inheritable_pipe): .. New. Change callers to use this. + (gnupg_create_inbound_pipe, gnupg_create_outbound_pipe): Factor + code out to ... + (do_create_pipe): .. New. + + * init.c (parse_std_file_handles): Change to use rendezvous ids. + +2010-03-15 Werner Koch + + * init.c (init_common_subsystems): Add args ARGCP and + ARGVP. Change all callers to provide them. + (parse_std_file_handles): New. + + * t-sysutils.c (rewind) [W32CE]: Provide a replacement. + + * Makefile.am (module_tests) [W32CE]: Don't build t-exechelp for now. + + * sysutils.c (gnupg_allow_set_foregound_window) [W32CE]: Don't + call AllowSetForegroundWindow. + + * logging.c (isatty) [W32CE]: New. + (fun_writer, set_file_fd): Use estream even for the internal error + messages. + (log_string, log_flush): Make DUMMY_ARG_PTR static. + +2010-03-15 Werner Koch + + * asshelp.c (send_pinentry_environment) [!HAVE_SETLOCALE]: Do not + define OLD_LC. + * http.c (connect_server) [!USE_DNS_SRV]: Mark SRVTAG unused. + * dns-cert.c (get_dns_cert) [!USE_DNS_CERT]: Mark args unused. + * pka.c (get_pka_info): Ditto. + + * signal.c (pause_on_sigusr): Remove. It was used in ancient gpg + version with shared memory IPC. Last caller removed on 2006-04-18. + (do_block) [W32]: Mark arg unused. + + * exechelp.c (w32_open_null): Use CreateFileW. + + * init.c (init_common_subsystems): Add args ARGCP and ARGVP. + Change all callers to pass them. + + * logging.c (S_IRGRP, S_IROTH, S_IWGRP, S_IWOTH) [W32]: New. + (fun_writer, set_file_fd) [W32]: Disable socket code. + + * localename.c: Include gpg-error.h. + + * util.h (GPG_ERR_NOT_ENABLED): Remove this temporary definition. + +2010-03-12 Werner Koch + + * status.h (STATUS_ENTER): New. + + * ttyio.c (tty_fprintf): Change to use estream. + + * miscellaneous.c (print_utf8_string): Rename to print_utf8_buffer + and change FP arg to an estream. Change all callers. + (print_utf8_string2): Ditto; new name is to print_utf8_buffer2. + +2010-03-11 Werner Koch + + * miscellaneous.c (print_string): Remove. + + * estream.c (es_setvbuf): Fix parameter check. + (es_set_buffering): Allow a SIZE of 0. + * asshelp.c (setup_libassuan_logging, my_libassuan_log_handler): New. + * logging.c (do_logv): Add arg IGNORE_ARG_PTR. Change all callers. + (log_string): New. + (log_flush): New. + (set_file_fd): Simplify by using estreams es_stderr. + + * estream.h (es_stdout, es_stderr, es_stdin): New. + +2010-03-10 Werner Koch + + * estream.c (es_func_fp_read, es_func_fp_write, es_func_fp_seek) + (es_func_fp_destroy): Allow a NULL FP to implement a dummy stream. + (do_fpopen): Ditto. + (es_vfprintf_unlocked): New. + (es_fprintf_unlocked): Make public. + (es_fputs_unlocked): New. + + * logging.h: Replace FILE* by estream_t. + * logging.c: Remove USE_FUNWRITER cpp conditional because we now + use estream. + (my_funopen_hook_ret_t, my_funopen_hook_size_t): Replace by + ssize_t. + (log_get_stream): Change to return an estream_t. + (set_file_fd): Always close the log stream because it can't be + assigned to stderr or stdout directly. Use a dummy estream as + last resort log stream. + (log_test_fd, log_get_fd): Use es_fileno. + (log_get_stream): Assert that we have a log stream. + (do_logv): Use estream functions and lock the output. + +2010-03-10 Werner Koch + + * util.h: Replace jnlib path part by common. + (snprintf): Use the replacement macro on all platforms. + + * Makefile.am (jnlib_sources): New. + (libcommon_a_SOURCES, libcommonpth_a_SOURCES): Add jnlib_sources. + (jnlib_tests): New. + (noinst_PROGRAMS, TESTS): Add jnlib_tests. + (t_common_ldadd): Remove libjnlib.a. + + * README.jnlib, ChangeLog.jnlib, libjnlib-config.h, argparse.c + * argparse.h, dotlock.c, dotlock.h, dynload.h, logging.c + * logging.h, mischelp.c, mischelp.h, stringhelp.c, stringhelp.h + * strlist.c, strlist.h, types.h, utf8conv.c, utf8conv.h + * w32-afunix.c, w32-afunix.h, w32-reg.c, w32help.h, xmalloc.c + * xmalloc.h, t-stringhelp.c, t-support.c, t-support.h + * t-timestuff.c, t-w32-reg.c: Move from jnlib to here. + + * init.c: Remove "estream.h". + * util.h: Include "estream.h". + + * xasprintf.c, ttyio.c: Remove "estream-printf.h". + +2010-03-08 Werner Koch + + * exechelp.c [!HAVE_SIGNAL_H]: Do not include signal.h. + (DETACHED_PROCESS, CREATE_NEW_PROCESS_GROUP) [W32CE]: Provide stubs. + + * iobuf.h (iobuf_ioctl_t): New. Use the new macros instead of the + hard wired values. + * iobuf.c (iobuf_append): Remove. + (iobuf_fdopen): Factor code out to ... + (do_iobuf_fdopen): ... new. + (iobuf_fdopen_nc): New. + (iobuf_open_fd_or_name): Implement using iobuf_fdopen_nc. + + * iobuf.c (INVALID_FD): Replace by GNUPG_INVALID_FD. + (fp_or_fd_t): Replace by gnupg_fd_t. + (my_fileno): Replace by the FD2INT macro. + (FILEP_OR_FD_FOR_STDIN, FILEP_OR_FD_FOR_STDOUT): Rename to + FD_FOR_STDIN, FD_FOR_STDOUT. + (file_filter): Make full use of FD_FOR_STDIN. + (USE_SETMODE): Remove. Not needed without stdio. + (my_fopen_ro, my_fopen): Replace unneeded macros. + + * iobuf.c [FILE_FILTER_USES_STDIO]: Remove all code. It has not + been used for a long time. + + * exechelp.h: Include "estream.h". + + * exechelp.c (gnupg_spawn_process): Change OUTFILE to an estream_t. + +2010-03-02 Werner Koch + + * estream.c, estream.h, estream-printf.c, estream-printf.h: Update + from libestream. + +2010-03-01 Werner Koch + + * signal.c [!HAVE_SIGNAL_H]: Don't include signal.h. + + * iobuf.c (direct_open) [W32CE]: Make filename to wchar_t. + (iobuf_cancel) [W32CE]: Use DeleteFile. + + * gettime.c (dump_isotime): Use "%s" to print "none". + + * homedir.c (standard_homedir) [W32CE]: Use wchar_t to create the + directory. + (w32_rootdir) [W32CE]: Likewise. + + * sysutils.c (translate_sys2libc_fd) [W32CE]: Add support. + (gnupg_tmpfile) [W32CE]: Ditto. + (_gnupg_getenv) [W32CE]: New. + + * util.h (getpid, getenv) [W32CE]: New. + + * i18n.c (i18n_switchto_utf8) + (i18n_switchback) [USE_SIMPLE_GETTEXT]: Use new function from + libgpg-error which supports proper restoring. + + * sysutils.c (get_session_marker): Simplified by using gcrypt. + +2009-12-08 Marcus Brinkmann + + * Makefile.am (audit-events.h, status.h) [!MAINTAINER_MODE]: No + longer include these rules if not in maintainer mode. + +2009-12-08 Werner Koch + + * userids.h, userids.c: New. + (classify_user_id): Merged from similar fucntions in sm/ and g10/. + + * dns-cert.c (get_dns_cert): Add support for ADNS. + +2009-12-08 Marcus Brinkmann + + * asshelp.c (start_new_gpg_agent): Convert posix FD to assuan FD. + + * asshelp.c (start_new_gpg_agent) [HAVE_W32_SYSTEM]: Add missing + argument in assuan_socket_connect invocation. + * iobuf.c (iobuf_open_fd_or_name): Fix type of FD in function + declaration. + +2009-12-07 Werner Koch + + * pka.c (get_pka_info): Add support for ADNS. + * src.v (getsrv): Add support for ADNS. + + * srv.c (getsrv): s/xrealloc/xtryrealloc/. + +2009-12-04 Werner Koch + + * Makefile.am (audit-events.h, status-codes.h): Create files in + the source dir. Fixes bug#1164. + +2009-12-02 Werner Koch + + * audit.c (proc_type_decrypt, proc_type_sign): Implemented. + (proc_type_verify): Print hash algo infos. + * audit.h (AUDIT_DATA_CIPHER_ALGO, AUDIT_BAD_DATA_CIPHER_ALSO) + (AUDIT_NEW_RECP, AUDIT_DECRYPTION_RESULT, AUDIT_RECP_RESULT) + (AUDIT_ATTR_HASH_ALGO, AUDIT_SIGNED_BY, AUDIT_SIGNING_DONE): + +2009-11-05 Marcus Brinkmann + + * asshelp.c (start_new_gpg_agent): Update use of + assuan_socket_connect and assuan_pipe_connect. + +2009-11-02 Marcus Brinkmann + + * get-passphrase.c (default_inq_cb, membuf_data_cb): Change return + type to gpg_error_t. + +2009-10-28 Werner Koch + + * status.h (STATUS_MOUNTPOINT): New. + +2009-10-16 Marcus Brinkmann + + * Makefile.am (libcommon_a_CFLAGS): Use LIBASSUAN_CFLAGS instead + of LIBASSUAN_PTH_CFLAGS. + +2009-10-13 Werner Koch + + * exechelp.c (gnupg_kill_process): New. + +2009-09-29 Werner Koch + + * exechelp.c (create_inheritable_pipe): Rename to + create_inheritable_pipe_w. + (create_inheritable_pipe_r): New. + (gnupg_create_outbound_pipe): New. + + * iobuf.h: Include "sysutils.h" + + * iobuf.c (iobuf_open_fd_or_name): New. + (iobuf_get_fname_nonnull): New. + +2009-09-23 Marcus Brinkmann + + * asshelp.c (start_new_gpg_agent): Allocate assuan context before + starting server. + +2009-09-03 Werner Koch + + Update from libestream: + * estream-printf.c: Include stdint.h only if HAVE_STDINT_H is + defined. + * estream-printf.c: Remove all test code. Use macro DEBUG instead + of TEST for debugging. + * estream-printf.c (pr_float): Make buffer larger for silly high + numbers. + +2009-08-11 David Shaw + + * ttyio.h, ttyio.c (tty_enable_completion): Some ifdefs around + HAVE_LIBREADLINE to allow building when readline isn't available. + +2009-08-06 Werner Koch + + * status.h (STATUS_INV_SGNR, STATUS_NO_SGNR): New. + * status.c (get_inv_recpsgnr_code): New. + +2009-07-23 David Shaw + + * srv.c (getsrv): Fix type-punning warning. + +2009-07-23 Werner Koch + + * util.h (GPG_ERR_NOT_ENABLED): New. + * audit.h (enum): Add AUDIT_CRL_CHECK. + * audit.c (proc_type_verify): Show CRL check result. + +2009-07-06 Werner Koch + + * get-passphrase.c (struct agentargs): Add SESSION_ENV and remove + obsolete args. + (gnupg_prepare_get_passphrase): Ditto. + + * session-env.c, session-env.h: New. + * t-session-env.c: New. + * Makefile.am (common_sources, module_tests): Add them. + * asshelp.h: Include "session-env.h" + * asshelp.c (send_one_option): Add arg PUTENV. + (send_pinentry_environment): Replace most args by SESSION_ENV and + rewrite fucntion. + (start_new_gpg_agent): Likewise. + + * t-exechelp.c (test_close_all_fds): Remove debug code. + +2009-07-01 Werner Koch + + * sexputil.c (get_pk_algo_from_canon_sexp): New. + +2009-06-29 Werner Koch + + * estream.c (BUFFER_ROUND_TO_BLOCK): Remove unused macro. + (es_func_mem_write): Rewrite reallocation part. + + * estream.c (es_write_sanitized_utf8_buffer): Typo typo fix. + +2009-06-25 Werner Koch + + * estream.c (es_write_sanitized_utf8_buffer): Typo fix. + +2009-06-24 Werner Koch + + * estream.c (es_read_line): In the malloc error case, set + MAX_LENGTH to 0 only if requested. + * xreadline.c (read_line): Ditto. + * estream.c (es_write_sanitized_utf8_buffer): Pass on error from + es_fputs. + * sexputil.c (get_rsa_pk_from_canon_sexp): Check for error after + the loop. Reported by Fabian Keil. + +2009-06-22 Werner Koch + + * estream.c (es_pth_read, es_pth_write) [W32]: New. + (ESTREAM_SYS_READ, ESTREAM_SYS_WRITE) [HAVE_PTH]: Use them. + +2009-06-03 Werner Koch + + * estream.c (es_convert_mode): Rewrite and support the "x" flag. + +2009-05-28 David Shaw + + From 1.4: + + * http.h, http.c (send_request) Pass in a STRLIST for additional + headers. Change all callers. + +2009-05-27 David Shaw + + From 1.4: + + * http.h, http.c (send_request): Pass in srvtag and make its + presence sufficient to turn the feature on. + (http_open): From here. + (http_document): And here. + + * srv.c (getsrv): Raise maximum packet size to 2048, as PACKETSZ + is too small these days. + +2009-05-22 Werner Koch + + * ttyio.c (tty_cleanup_after_signal): New. + +2009-05-19 Werner Koch + + * simple-pwquery.c (agent_open): Use SUN_LEN + (JNLIB_NEED_AFLOCAL): Define and include mischelp.h. + +2009-05-07 Werner Koch + + * sexputil.c (get_rsa_pk_from_canon_sexp): New. + * t-sexputil.c (test_make_canon_sexp_from_rsa_pk): Extend the test. + +2009-04-28 Werner Koch + + * sexputil.c (make_canon_sexp_from_rsa_pk): New. + * t-sexputil.c (test_make_canon_sexp_from_rsa_pk): New. + +2009-04-01 Werner Koch + + * iobuf.c: Port David's changes from 1.4: + (fd_cache_invalidate): Pass return code from close back. + (direct_open, iobuf_ioctl): Check that return value. + (fd_cache_synchronize): New. + (iobuf_ioctl): Add new sub command 4 (fsync). + + * iobuf.c (fd_cache_strcmp): New. Taken from 1.4. + (fd_cache_invalidate, fd_cache_close, fd_cache_open): Use it. + + * exechelp.c (gnupg_spawn_process): Implement new flag bit 6. + * sysutils.c (gnupg_allow_set_foregound_window): Allow the use of + ASFW_ANY. + + * membuf.c (put_membuf, get_membuf): Wipe memory on out of core. + +2009-03-31 Werner Koch + + * percent.c (percent_unescape, percent_plus_unescape): New. + (percent_plus_unescape_inplace, percent_unescape_inplace): New. + (do_plus_or_plain_unescape, count_unescape, do_unescape): New. + (do_unescape_inplace): New. + * t-percent.c (test_percent_plus_escape): Test percent_plus_unescape. + + * get-passphrase.c, get-passphrase.h: New. + * Makefile.am (without_pth_sources): New. + +2009-03-18 Werner Koch + + * exechelp.c: Include sys/resource.h and sys/stat.h. + (get_max_open_fds): New. + (do_exec): Use it. + (get_all_open_fds): New. + (close_all_fds): New. + (do_exec): Use close_all_fds. + * t-exechelp.c: New. + +2009-03-13 David Shaw + + * http.c (do_parse_uri): Properly handle IPv6 literal addresses as + per RFC-2732. Adapted from patch by Phil Pennock. + +2009-03-12 Werner Koch + + * gettime.c: Include i18n.h. + (dump_isotime): New. + +2009-03-06 Werner Koch + + * sexputil.c (make_canon_sexp): New. + +2009-03-03 Werner Koch + + * exechelp.c (do_exec): Make sure that /dev/null connected FDs are + not closed. + +2009-01-19 Werner Koch + + * audit.c (writeout_li): Translate a few more result strings. + Fixes bug#970. + + * convert.c (hex2str): Fix optimization to append a nul character. + +2008-12-05 Werner Koch + + * percent.c, t-percent.c: New. + + * exechelp.c (gnupg_spawn_process, gnupg_spawn_process_fd) + (gnupg_spawn_process_detached) [W32]: Remove debug output. + +2008-11-20 Werner Koch + + * audit.c (writeout_li): Translate OKTEXT. + +2008-11-04 Werner Koch + + * i18n.c (i18n_init) [USE_SIMPLE_GETTEXT]: Adjust for changed + w32-gettext.c. + * homedir.c (gnupg_localedir): New. + +2008-10-20 Werner Koch + + * http.c (http_register_tls_callback) [!HTTP_USE_GNUTLS]: Mark + unused arg. + * localename.c (do_nl_locale_name): Ditto. + * audit.c (event2str): Silent gcc warning. + * sysutils.c (translate_sys2libc_fd): Mark unused arg. + (translate_sys2libc_fd_int): Ditto. + * iobuf.c (translate_file_handle): Ditto. + * asshelp.c (send_one_option): Ditto. + * exechelp.c (gnupg_spawn_process): Ditto. + * signal.c (got_usr_signal): Ditto + * estream.c (es_func_fd_create) [!W32]: Ditto. + (es_func_fp_create) [!W32]: Ditto. + (es_write_hexstring): Ditto. + (dummy_mutex_call_void, dummy_mutex_call_int) [HAVE_PTH]: New. + (ESTREAM_MUTEX_LOCK, ESTREAM_MUTEX_UNLOCK, ESTREAM_MUTEX_TRYLOCK) + (ESTREAM_MUTEX_INITIALIZE) [HAVE_PTH]: Use dummy calls so to mark + unused arg. + +2008-10-19 Werner Koch + + * estream-printf.c (estream_vsnprintf): Fix return value. + (check_snprintf): Add a new test. + (one_test) [W32]: Disable test. + +2008-10-17 Werner Koch + + * util.h (snprintf) [W32]: Redefine to estream_snprintf. + +2008-09-03 Werner Koch + + * convert.c (hex2str): New. + (hex2str_alloc): New. + * t-convert.c (test_hex2str): New. + +2008-08-19 Werner Koch + + * iobuf.c: Avoid passing a NULL (iobuf_t)->desc to the log + function. Should in general never be NULL, but well. Reported by + M. Heneka. + +2008-06-26 Werner Koch + + * estream.c (es_write_sanitized): Loose check for control + characters to better cope with utf-8. The range 0x80..0x9f is + nowadays not anymore accidently used for control charaters. + +2008-06-25 Marcus Brinkmann + + Revert last three changes related to handle translation. + * sysutils.c: + (FD_TRANSLATE_MAX, fd_translate, fd_translate_len) + (translate_table_init, translate_table_lookup): Removed. + * iobuf.c (check_special_filename): Do not use + translate_table_lookup. + * sysutils.h (translate_table_init, translate_table_lookup): + Remove prototypes. + +2008-06-19 Werner Koch + + * sysutils.c: Remove . + (fd_translate_max): Use macro for the size. + (translate_table_init): Protect read against EINTR and replace + isspace by spacep. + +2008-06-18 Marcus Brinkmann + + * sysutils.c (TRANS_MAX): Bump up to 350 to be on the safe side. + + * sysutils.h (translate_table_init, translate_table_lookup): New + prototypes. + * sysutils.c: Include . + (FD_TRANSLATE_MAX): New macro. + (fd_translate, fd_translate_len): New static variables. + (translate_table_init, translate_table_lookup): New functions. + (translate_sys2libc_fd_int): Translate file descriptor. + * iobuf.c (check_special_filename): Translate handle values from + special filenames. + +2008-06-16 Werner Koch + + * homedir.c (w32_commondir): New. + (gnupg_sysconfdir): Use it. + +2008-06-09 Werner Koch + + * b64dec.c: New. + +2008-06-05 Werner Koch + + * util.h (gnupg_copy_time): Replace strcpy by memcpy. + +2008-05-26 Werner Koch + + * asshelp.c (send_one_option, send_pinentry_environment): use + xfree and xtrystrdup. + + * i18n.c (i18n_switchto_utf8) [USE_SIMPLE_GETTEXT]: Return NULL. + + * homedir.c (gnupg_module_name): Add + GNUPG_MODULE_NAME_CONNECT_AGENT and GNUPG_MODULE_NAME_GPGCONF. + +2008-04-21 Werner Koch + + * http.c (http_wait_response) [W32]: Use DuplicateHandle because + it is a socket. + (cookie_read) [W32]: Use recv in place of read. + +2008-04-08 Werner Koch + + * i18n.c (i18n_switchto_utf8, i18n_switchback) + [USE_SIMPLE_GETTEXT]: Implement. + +2008-04-07 Werner Koch + + * b64enc.c (b64enc_start): Detect PGP mode. + (b64enc_finish): Write PGP CRC. + * util.h (struct b64state): Add field CRC. + * t-b64.c: New. + + * pka.c (get_pka_info): Use xtrymalloc and check result. + +2008-03-25 Werner Koch + + * localename.c: Strip all W32 code. Include w32help.h. + (gnupg_messages_locale_name) [W32]: Use the gettext_localename. + +2008-03-17 Werner Koch + + * iobuf.c (IOBUF_BUFFER_SIZE): Actually use this macro. + + * simple-pwquery.c (agent_send_all_options): Fix last change. + +2008-03-06 Werner Koch + + * simple-pwquery.c (agent_send_all_options): Add support for + XAUTHORITY and PINENTRY_USER_DATA. + +2008-02-15 Marcus Brinkmann + + * exechelp.c (gnupg_spawn_process_fd): Add flag DETACHED_PROCESS + unconditionally (required for all callers at the moment). + +2008-02-14 Werner Koch + + * sysutils.c (gnupg_allow_set_foregound_window): New. + (WINVER) [W32]: Define. + +2008-01-31 Werner Koch + + * audit.c (audit_print_result): Make sure that the output is + always UTF8. + +2008-01-27 Werner Koch + + * exechelp.c (gnupg_spawn_process): Add arg FLAGS and changed all + callers to pass 0 for it. + +2007-12-13 Werner Koch + + * sexputil.c (hash_algo_from_sigval): New. + * t-sexputil.c: New. + * Makefile.am (module_tests): Add it. + +2007-12-11 Werner Koch + + * asshelp.c (send_pinentry_environment): Allow using of old + gpg-agents not capabale of the xauthority and pinentry_user_data + options. + +2007-12-04 Werner Koch + + * Makefile.am (t_helpfile_LDADD, module_maint_tests): New. + * t-helpfile.c: New. + * helpfile.c: New. + * membuf.h (is_membuf_ready, MEMBUF_ZERO): New. + * localename.c: New. Taken from gettext with modifications as done + for GpgOL. Export one new function. + * util.h (gnupg_messages_locale_name, gnupg_get_help_string): Added. + + * sysutils.c (gnupg_reopen_std): New. Taken from ../g10/gpg.c. + +2007-11-27 Werner Koch + + * Makefile.am (CLEANFILES): New. + + * homedir.c (dirmngr_socket_name): Use CSIDL_WINDOWS. + +2007-11-15 Werner Koch + + * asshelp.c (send_pinentry_environment): Add args XAUTHORITY and + PINENTRY_USER_DATA. + (start_new_gpg_agent): Ditto. + +2007-11-07 Werner Koch + + * status.h: New. + * errors.h: Remove. + +2007-11-05 Werner Koch + + * audit.c, audit.h: New. + * Makefile.am: Add rules to build audit-events.h. + * exaudit.awk: New. + * mkstrtable.awk: New. Taken from libgpg-error. + +2007-10-19 Werner Koch + + * i18n.c (i18n_switchto_utf8, i18n_switchback): New. + +2007-10-01 Werner Koch + + * sysutils.h (FD2INT, INT2FD): New. + +2007-09-21 Werner Koch + + * homedir.c (default_homedir): Make registry work. Reported by + Marc Mutz. + +2007-08-29 Werner Koch + + * exechelp.c (gnupg_wait_process): Add arg EXITCODE. Changed all + callers. + (gnupg_create_inbound_pipe): New. + * util.h (GNUPG_MODULE_NAME_GPGSM, GNUPG_MODULE_NAME_GPG): New. + * homedir.c (gnupg_module_name): Add them + +2007-08-28 Werner Koch + + * gettime.c (check_isotime, add_isotime): New. Originally written + for DirMngr by me. + (add_days_to_isotime): New. + (date2jd, jd2date, days_per_month, days_per_year): New. Taken from + my ancient (1988) code used in Wedit (time2.c). + +2007-08-27 Werner Koch + + * util.h (GNUPG_MODULE_NAME_CHECK_PATTERN): New. + * homedir.c (gnupg_module_name): Add it. + * exechelp.c (w32_fd_or_null) [W32]: New. + (gnupg_spawn_process_fd): New. + (gnupg_wait_process) [W32]: Close the handle after if the process has + returned. + +2007-08-22 Werner Koch + + Updated estream from libestream. + + * estream.c (mem_malloc, mem_realloc, mem_free): New. Use them + instead of the ES_MEM_foo. + * estream.c (estream_cookie_mem): Remove members DONT_FREE, + APPEND_ZERO, PTR and SIZE. Add MEMORY_LIMIT. Put GROW into a new + FLAGS struct. + (es_func_mem_create): Remove APPEND_ZERO, DONT_FREE, PTR and + SIZE. Add MEMORY_LIMIT. + (es_func_mem_write, es_func_mem_seek, es_func_mem_destroy): Revamp. + (es_open_memstream): Change API to just take a memory limit and a + mode argument. Rename to .. + (es_fopenmem): .. this. + (HAVE_W32_SYSTEM) [_WIN32]: Define if not defined. + (tmpfd) [W32]: Implement directly using the W32 API. + (es_fgets): Rewrite without using doreadline. + +2007-08-21 Werner Koch + + * sysutils.c (gnupg_tmpfile): New. + * t-sysutils.c: New. + * Makefile.am (module_tests): Add t-sysutils. + +2007-08-20 Werner Koch + + * exechelp.c [W32]: Redefine X_OK to F_OK. + +2007-08-16 Werner Koch + + * Makefile.am (t_convert_DEPENDENCIES): Remove + ($(PROGRAMS)): Remove. + (t_common_ldadd): Use libcommon.a and not the macro. + +2007-08-14 Werner Koch + + * homedir.c (dirmngr_socket_name): New. + +2007-08-07 Werner Koch + + * tlv.c, tlv.h: Move from ../scd/. + * tlv.c (parse_sexp, parse_ber_header): Add ERRSOURCE arg and prefix + name with a _. + * tlv.h: Use macro to convey ERRSOURCE. + +2007-08-02 Werner Koch + + * gc-opt-flags.h: New. + +2007-08-01 Werner Koch + + * estream-printf.c (read_dummy_value): Removed as it is useless now. + (read_values): Remove check on !vaargs which is not anymore needed + and anyway not portable. Reported by Peter O'Gorman. + +2007-07-16 Werner Koch + + * estream.c (es_func_file_create): Clear NO_CLOSE flag. + +2007-07-12 Werner Koch + + * sysutils.h (gnupg_fd_t): New. + * sysutils.c (translate_sys2libc_fd): Use that type instead of int. + (translate_sys2libc_fd_int): New. + +2007-07-09 Werner Koch + + * t-gettime.c (test_isotime2epoch): Use time_t and not u32. + +2007-07-05 Werner Koch + + * t-gettime.c: New. + * gettime.c (isotime2epoch, epoch2isotime): New. + +2007-07-04 Werner Koch + + * estream.c (es_init_do): Do not throw an error if pth has already + been initialized. + +2007-06-26 Werner Koch + + * Makefile.am ($(PROGRAMS)): New. + + * util.h (init_common_subsystems): Moved to .. + * init.h: .. New. + * util.h: Include init.h. + + * homedir.c (standard_homedir): New. + (default_homedir) [W32]: Reimplemented in terms of + standard_homedir. Fixed memory leak. + +2007-06-25 Werner Koch + + * iobuf.c: Add more documentation and slighly restructured macro + defintion for better readability. + (FILEP_OR_FD): Rename to fp_or_fd_t. + (CLOSE_CACHE): Rename to close_cache_t. + + * sysutils.c (translate_sys2libc_fd): New using the code from iobuf.c. + * iobuf.c: Include sysutils.h. + (iobuf_translate_file_handle): Remove. + (translate_file_handle): Use new function. + + * estream-printf.c [TEST]: Header including fixes. + (do_format): Do not append a trailing Nul. This avoids spurious + Nuls in the es_printf output. + (estream_vsnprintf, estream_vasprintf): Take this in account. + + * estream.h (struct es__stream): Change FLAGS to a bit structure. + (ES__FLAG_WRITING): Replace by a bit from FLAGS. * estream.c + (struct estream_internal): Rename FLAGS to MODEFLAGS so that they + are not confused with the estream flags. + (es_initialize, es_create): Add arg MODEFLAGS so that we can setup + the intial writemode. Changed all callers to pass them. + (es_convert_mode): Set O_BINARY. + (es_func_fd_create, es_func_fp_create, es_func_file_create) [W32]: + Call setmode if requested. + +2007-06-24 Werner Koch + + * estream.c (do_fpopen, es_fpopen, es_fpopen_nc): New. + (es_func_fp_create, es_func_fp_read, es_func_fp_write) + (es_func_fp_seek, es_func_fp_destroy): New. + +2007-06-22 Werner Koch + + * estream.c (es_fdopen): Factored code out to.. + (do_fdopen): .. new. + (es_fdopen_nc): New. + (estream_cookie_fd): Add field NO_CLOSE. + (es_func_fd_create): Add arg NO_CLOSE and changed all callers. + (es_func_fd_destroy): Handle the new flag. + + * homedir.c (gnupg_libexecdir) [W32]: Factor code out to .. + (w32_rootdir): .. new. + (gnupg_sysconfdir, gnupg_libdir, gnupg_datadir) [W32]: Return + name based on w32_rootdir(). + +2007-06-21 Werner Koch + + * membuf.h (get_membuf_len): New. + + * membuf.c (init_membuf_secure): Really allocate in secure memory. + (put_membuf_str): New. + + * ttyio.c (tty_getf): New. + + * util.h (ctrl_t): Declare it here. + + * asshelp.c (start_new_gpg_agent): New. Based on code from + ../sm/call-agent.c + +2007-06-20 Werner Koch + + * sysutils.c (gnupg_sleep): New. + * sysutils.h [W32]: Remove _sleep wrapper. Changed all callers to + use gnupg_sleep. + + * exechelp.c (build_w32_commandline_copy): New. + (build_w32_commandline): Factored some code out to new function + and correctly process a PGMNAME with spaces. + (gnupg_spawn_process_detached) [W32]: Implement. + +2007-06-14 Werner Koch + + * simple-pwquery.h (MAP_SPWQ_ERROR_IMPL): New. + (SPWQ_NO_PIN_ENTRY): New. + * simple-pwquery.c (simple_pw_set_socket): New. + (agent_open): Use it if GPG_AGENT_INFO is not set. + (simple_pwquery): Extended to allow returning of otehyr error codes. + + * util.h (GNUPG_MODULE_NAME_AGENT, GNUPG_MODULE_NAME_PINENTRY) + (GNUPG_MODULE_NAME_SCDAEMON, GNUPG_MODULE_NAME_DIRMNGR) + (GNUPG_MODULE_NAME_PROTECT_TOOL): New. + * homedir.c (gnupg_module_name): New. + (gnupg_bindir): New. + +2007-06-12 Werner Koch + + * homedir.c (gnupg_sysconfdir): New. + (gnupg_libexecdir): New. Taken from g10/misc.c:get_libexecdir. + (gnupg_datadir): New. + (gnupg_libdir): New. + + * http.c (connect_server) [W32]: Do not call init_sockets if + HTTP_NO_WSASTARTUP is defined. + + * init.c: New. + + * estream.c (es_init_do): Init stream lock here because we can't + use a static initialization with W32pth. + +2007-06-11 Werner Koch + + * Makefile.am (t_common_ldadd): Use libcommonstd macro. + +2007-06-06 Werner Koch + + * Makefile.am: Include am/cmacros.am. + + * sysutils.h [W32]: Remove prototypes for the registry access. + * w32reg.c: Move to ../jnlib/w32-reg.c. + + * i18n.c (i18n_init): New. + + * simple-gettext.c: Remove. + + * iobuf.c (iobuf_get_filelength): Rename SIZE to EXSIZE to silent + shadowing warning. + +2007-06-04 Werner Koch + + * http.c [W32]: Include unistd.h also in this case. + (write_server) [W32]: Fixed error code. + (init_sockets): Fixed syntax error. + (cookie_close): Replace close by sock_close macro. + + * estream.c [w32]: Do not init Mutex. + + * Makefile.am (common_sources) [USE_SNS_SRV]: Build srv.c only + when needed. + + * ttyio.c (init_ttyfp) [W32]: Do not use TTYFP. + + * util.h: Include ../jnlib/dynload.h. + + * dynload.h: Move to ../jnlib. + +2007-05-30 Werner Koch + + * estream.c (MEM_FREE, MEM_ALLOC, MEM_REALLOC): Prefix with ES_ as + windows.h also has such definitions, + +2007-05-15 Werner Koch + + * util.h: Do not include gnulib's vasprintf. Redefine asprintf + and vasprintf. + + * xasprintf.c (xasprintf, xtryasprintf): Use estream_vasprintf. + + * estream-printf.h, estream-printf.c: New. Taken from current + libestream SVN. + * Makefile.am (common_sources): Add them. + +2007-05-14 Werner Koch + + * sexp-parse.h (smklen): New. + * sexputil.c: Include sexp-parse.h. + (make_simple_sexp_from_hexstr): Replace sprintf by smklen. + +2007-05-07 Werner Koch + + * signal.c (got_fatal_signal): Protect SIG from being clobbered by + a faulty signal implementaion. Suggested by James Juran. + +2007-04-25 Werner Koch + + * i18n.h (ngettext): New. + * simple-gettext.c (ngettext): New. + +2007-04-20 Werner Koch + + * miscellaneous.c (my_gcry_logger, my_gcry_outofcore_handler): + Moved from gpg-agent to here. + (my_gcry_fatalerror_handler): new. + (setup_libgcrypt_logging): New. + +2007-03-19 Werner Koch + + * miscellaneous.c (print_hexstring): New. + * estream.c (es_fprintf_unlocked): New. + (es_write_sanitized): New. + (es_write_hexstring): New. + (es_write_sanitized_utf8_buffer) [GNUPG_MAJOR_VERSION]: New. + +2007-03-09 David Shaw + + From STABLE-BRANCH-1-4 + + * http.c (do_parse_uri): Remove the hkp port 11371 detection. We + implement hkp in the keyserver handler, and the support here makes + it appear like a bad hkp request actually succeeded. + +2007-01-31 Werner Koch + + * Makefile.am (t_common_ldadd): Add LIBINCONV and LIBINTL. + +2007-01-25 Werner Koch + + * simple-pwquery.c (simple_pwquery): New arg OPT_CHECK. + +2006-12-13 David Shaw + + * Makefile.am (AM_CPPFLAGS): Include intl/ so we can reference the + built-in headers. + +2006-11-23 Werner Koch + + * http.c: Include i18n.h + +2006-11-21 Werner Koch + + * estream.c: Remove explicit Pth soft mapping diabling becuase it + is now done in config.h. + +2006-11-15 Werner Koch + + * estream.c: Disabled Pth soft mapping. + (my_funopen_hook_ret_t): New. + (print_fun_writer): Use it here. + + * iobuf.c (fd_cache_close): Use %d instead of %p for debug output. + +2006-11-03 Werner Koch + + * Makefile.am (t_convert_DEPENDENCIES): Add libcommon. From + Gentoo. + +2006-10-24 Marcus Brinkmann + + * Makefile.am (libcommon_a_CFLAGS): Add $(LIBASSUAN_CFLAGS). + (libsimple_pwquery_a_CFLAGS): New variable. + +2006-10-20 Werner Koch + + * convert.c (hex2bin): New. + +2006-10-17 Werner Koch + + * estream.c (struct estream_internal, es_initialize) + (es_deinitialize, print_fun_writer, es_print): New and modified + functions to avoid tempfiles for printf style printing. + + * Makefile.am (libcommonpth_a_SOURCES): New. We now build a secon + version of the library with explicit Pth support. + * exechelp.c, estream.c: Make use of WITHOUT_GNU_PTH. + +2006-10-08 Werner Koch + + * gpgrlhelp.c: Trun all functions into dummies if readline is not + available. + +2006-10-06 Werner Koch + + * Makefile.am (AM_CFLAGS): Use PTH version of libassuan. + + * util.h (GNUPG_GCC_A_SENTINEL): Defined for gcc >= 4. + +2006-10-04 David Shaw + + * gpgrlhelp.c: readline requires stdio.h. + +2006-10-04 Werner Koch + + * membuf.c (init_membuf_secure): New. + (put_membuf): Make sure that ERRNO is set even if the underlying + malloc code does not work properly. + (get_membuf): Set ERRNO on error. + (get_membuf): Allow to pass LEN as NULL. + +2006-10-02 Werner Koch + + * iobuf.c (iobuf_unread): Removed. This code is not required. + Also removed the entire unget buffer stuff. + +2006-09-27 Werner Koch + + * util.h: Do not include strsep.h and strpbrk.h. + (isascii): Removed as it is now in jnlib. + + * iobuf.c (pop_filter, underflow, iobuf_close): Free the unget + buffer. + +2006-09-27 Florian Weimer (wk) + + * iobuf.c (iobuf_unread): New. + +2006-09-22 Werner Koch + + * i18n.h: Changed license to an all permissive one. + + * ttyio.c (tty_get): We need to use readline too. Added two more + hooks. + +2006-09-21 Werner Koch + + * ttyio.c (tty_private_set_rl_hooks): New. + (tty_enable_completion, tty_disable_completion): Use a hook to + enable readline support. Now always available. + (tty_cleanup_rl_after_signal): New. + + * ttyio.h: Removed readline specific stuff. Included util.h. + * common-defs.h: New. + +2006-09-15 Werner Koch + + * convert.c: New. + (hexcolon2bin): New. + (bin2hex, bin2hexcolon, do_binhex): New. + * t-convert.c: New + +2006-09-14 Werner Koch + + * util.h (out_of_core): Use new gpg_error_from_syserror function. + + * http.c (init_sockets): Changed it to require 2.2 unless it is + build within gnupg 1 where we require 1.1 (and not anymore allow + for 1.0). + +2006-09-07 Werner Koch + + * exechelp.c (gnupg_spawn_process): Factor out post fork code to .. + (do_exec): .. new function. Allow passing of -1 for the fds. + (gnupg_spawn_process): Terminate gcrypt's secure memory in the child. + (gnupg_spawn_process_detached): New. + +2006-09-06 Werner Koch + + * maperror.c: Removed. + + * util.h (out_of_core): New. + +2006-09-04 Werner Koch + + * http.c (http_get_header): New. + (capitalize_header_name, store_header): New. + (parse_response): Store headers away. + (send_request): Return GPG_ERR_NOT_FOUND if connect_server failed. + * http.h: New flag HTTP_FLAG_NEED_HEADER. + +2006-08-21 Werner Koch + + * Makefile.am (libcommon_a_SOURCES): Added keyserver.h + + * openpgpdefs.h: New. Stripped from ..g10/packet.h. + +2006-08-16 Werner Koch + + * keyserver.h: Moved from ../include to here. + + * http.c: Include srv.h. + + * srv.c, srv.h: New. Taken from GnuPG 1.4 + +2006-08-14 Werner Koch + + * http.h (struct http_context_s): Moved to implementation. + * http.c (http_open): Changed call to return a context. + (http_open_document): Ditto. + (http_get_read_ptr, http_get_read_ptr, http_get_status_code): New. + (do_parse_uri): Replaced strlwr by straight code to ease + standalone use of this file. + (http_wait_response): Removed arg STATUS_CODE as it is available + through an accessor function. Adjusted caller. + (http_escape_string): New. + + * estream.c (es_read_line): Renamed to .. + (doreadline): .. this. Changed all callers. + (es_read_line): New. This is theusual limited getline variabnt as + used at several places. Here taken and adjusted from xreadline.c + (es_free): New. + +2006-08-11 Werner Koch + + * http.c: Major internal changes to optionallly support GNUTLS and + ESTREAM. + (http_open): Move initialization of the stream ... + (send_request): .. here. + (http_register_tls_callback): New. + + * estream.c (es_writen): Try to seek only is a seek function has + been registered. + +2006-08-09 Werner Koch + + * http.c, http.h: New. Taken from gnupg 1.4.5, merged with + changes done for the Dirmngr project (by g10 Code) and cleaned up + some stuff. + (make_header_line): New. Change all caller to make user of the new + * Makefile.am (libcommon_a_SOURCES): Added http.c and http.h. + +2006-05-23 Werner Koch + + * gettime.c (isotimestamp): New. + + * ttyio.c (tty_get_ttyname): Posixly correct usage of ctermid. + + * dns-cert.c: New. Taken from 1.4.3's util/cert.c. + * dns-cert.h: New. + +2006-05-22 Werner Koch + + * pka.c: New. Taked from 1.4.3. + * pka.h: New. + * Makefile.am: Added pka. + +2006-05-19 Werner Koch + + * yesno.c (answer_is_yes_no_default, answer_is_yes_no_quit): + Updated from 1.4.3. + (answer_is_okay_cancel): new. From 1.4.3. + + * miscellaneous.c (match_multistr): New. Taken from 1.4.3. + + * ttyio.c (tty_enable_completion, tty_disable_completion): New + dummy functions. + * ttyio.h: Add prototypes and stubs. + +2006-04-19 Werner Koch + + * iobuf.c (iobuf_get_fd): New. Taken from 1.4.3. + (iobuf_is_pipe_filename): New. + (pop_filter): Made static. + (iobuf_skip_rest): New. Orginal patch by Florian + Weimer. Added new argument PARTIAL. + (block_filter): Remove the old gpg indeterminate length mode. + (block_filter): Properly handle a partial body stream + that ends with a 5-byte length that happens to be zero. + (iobuf_set_block_mode, iobuf_in_block_mode): Removed as + superfluous. + (iobuf_get_filelength): New arg OVERFLOW. + (iobuf_get_filelength) [W32]: Use GetFileSizeEx if available + * miscellaneous.c (is_file_compressed): Take care of OVERFLOW. + +2006-04-18 Werner Koch + + * homedir.c (w32_shgetfolderpath): New. Taken from gpg 1.4.3. + (default_homedir): Use it. + +2005-10-08 Marcus Brinkmann + + * signal.c (get_signal_name): Check value of HAVE_DECL_SYS_SIGLIST + instead of just if it is defined. + +2005-09-28 Marcus Brinkmann + + * Makefile.am (AM_CFLAGS): Add $(LIBASSUAN_CFLAGS). + +2005-07-04 Marcus Brinkmann + + * simple-pwquery.h (simple_pwclear): New prototype. + * simple-pwquery.c (simple_pwclear): New function. + +2005-06-15 Werner Koch + + * miscellaneous.c (make_printable_string): Made P a void*. + + * sexputil.c (keygrip_from_canon_sexp, cmp_simple_canon_sexp): + Fixed signed/unsigned pointer mismatch. + (make_simple_sexp_from_hexstr): Ditto. This is all too ugly; I + wonder why gcc-4's default is to warn about them and forcing us to + use cast the warning away. + * iobuf.c (block_filter): Ditto. + (iobuf_flush): Ditto. + (iobuf_read_line): Ditto. + (iobuf_read): Make BUFFER a void *. + (iobuf_write): Make BUFFER a const void *. + * ttyio.c (tty_print_utf8_string2): Ditto. + * estream.c (estream_cookie_mem): Make MEMORY unsigned char*. + (es_write): Make BUFFER a void *. + (es_writen): Ditto. + (es_func_fd_read, es_func_fd_write, es_func_mem_read) + (es_func_mem_write): Ditto. + (es_read, es_readn): Ditto. + (es_func_mem_write): Made MEMORY_NEW an unsigned char *. + * estream.h (es_cookie_read_function_t) + (es_cookie_write_function_t): Changed buffer arg to void*. + +2005-06-03 Werner Koch + + * estream.c: Use HAVE_CONFIG_H and not USE_CONFIG_H! + (es_func_fd_read, es_func_fd_write): Protect against EINTR. + +2005-06-01 Werner Koch + + * Makefile.am (AM_CPPFLAGS): Added. + + * util.h: Add some includes for gnulib. + (ttyname, isascii): Define them inline. + * fseeko.c, ftello.c: Removed. + * strsep.c, mkdtemp.c: Removed. + * ttyname.c, isascii.c: Removed. + +2005-05-31 Werner Koch + + * dynload.h: s/__inline__/inline/. + +2005-05-13 Werner Koch + + * signal.c (got_fatal_signal): Print the signal number if we can't + get a name for it. + (get_signal_name): Return NULL if no name is available. Fixed + conditional for sys_siglist to the correct one. + +2005-04-17 Werner Koch + + * sexputil.c (cmp_simple_canon_sexp): New. + (make_simple_sexp_from_hexstr): New. + +2005-04-07 Werner Koch + + * sexputil.c: New. + +2005-04-11 Marcus Brinkmann + + * simple-pwquery.c (simple_pwquery): Use spwq_secure_free. + +2005-03-03 Werner Koch + + * Makefile.am (AM_CFLAGS): Added PTH_CFLAGS. Noted by Kazu Yamamoto. + +2005-02-25 Werner Koch + + * xasprintf.c (xtryasprintf): New. + +2005-01-26 Moritz Schulte + + * Makefile.am (libcommon_a_SOURCES): New source files: estream.c, + estream.h. + * estream.c, estream.h: New files. + +2005-01-03 Werner Koch + + * asshelp.c (send_pinentry_environment): Fixed changed from + 2004-12-18; cut+paste error for lc-messages. + +2004-12-21 Werner Koch + + * simple-pwquery.c (agent_open) [W32]: Implement for W32. + (readline) [W32]: Use recv instead of read. + (writen) [W32]: Use send instead of write. + (my_stpcpy): Define a stpcpy replacement so that this file + continues to be self-contained. + (agent_send_all_options) [W32]: Don't call ttyname. + +2004-12-21 Marcus Brinkmann + + * simple-pwquery.h (simple_query): Add prototype. + * simple-pwquery.c (simple_query): New function. + +2004-12-21 Werner Koch + + * signal.c (got_fatal_signal, got_usr_signal) + (got_fatal_signal) [DOSISH]: Don't build. + * simple-gettext.c: Include sysutils.h + + * homedir.c: New. Use CSIDL_APPDATA for W32 as the default home + directory. + * Makefile.am (libcommon_a_SOURCES): Add it. + (EXTRA_DIST): Removed mkerror and mkerrtok. + +2004-12-20 Werner Koch + + * sysutils.h [W32]: Define sleep. + * util.h: Add prototype for mkdtemp. + + * membuf.c (put_membuf): Wipe out buffer after a failed realloc. + +2004-12-19 Werner Koch + + * maperror.c (map_assuan_err_with_source): Oops, args were swapped. + +2004-12-18 Werner Koch + + * maperror.c (map_assuan_err): Renamed to .. + (map_assuan_err_with_source): .. this and add arg SOURCE.c + * asshelp.c (send_pinentry_environment, send_one_option): Add arg + ERRSOURCE. + +2004-12-15 Werner Koch + + * sysutils.h [W32]: Prototypes for registry functions. + * w32reg.c: Include sysutils.h + + * simple-pwquery.c [W32]: Dummy code to allow a build. + + * exechelp.c [W32]: Implemented for W32 . + + * ttyname.c: New. + + * asshelp.c (send_one_option): New. + (send_pinentry_environment): Cleaned up and made sure that empty + values are not send. + +2004-12-07 Werner Koch + + * asshelp.c (send_pinentry_environment) [W32]: Do not use ttyname. + +2004-12-06 Werner Koch + + * exechelp.h, exechelp.c: New. Based on code from ../sm/import.c. + +2004-12-03 Werner Koch + + * strsep.c: Fixed copyright comments. + +2004-11-26 Werner Koch + + * simple-gettext.c: New taken from gnupg 1.3.x + + * simple-pwquery.c [_WIN32]: Include winsock2.h. + (agent_open): Disable it until we have our AF_UNIX implementation + ready. + * fseeko.c, ftello.c: Include sys/types for the sake of W32. + +2004-11-23 Werner Koch + + * b64enc.c: Include stdio.h and string.h + +2004-08-18 Werner Koch + + * simple-pwquery.c (simple_pwquery): Handle gpg-error style return + code for canceled. + +2004-07-20 Werner Koch + + * maperror.c: Removed header ksba.h. Not required anymore. + +2004-06-14 Werner Koch + + * xreadline.c: New. Based on the iobuf_read_line function. + +2004-05-12 Werner Koch + + * util.h (xtrycalloc_secure,xtrymalloc_secure): New. + +2004-05-11 Werner Koch + + * sysutils.c (disable_core_dumps): Only set the current limit. + (enable_core_dumps): New. + +2004-04-13 Werner Koch + + * simple-pwquery.c (copy_and_escape): Relaxed quoting. + +2004-04-05 Werner Koch + + * errors.h (STATUS_NEWSIG): New. + +2004-03-11 Werner Koch + + * dynload.h [__MINGW32__]: Define RTLD_LAZY. + +2004-03-09 Werner Koch + + * maperror.c (map_assuan_err): Map the Locale_Problem item. + +2004-03-03 Werner Koch + + * asshelp.c, asshelp.h: New. + (send_pinentry_environment): New. Code taken from ../sm/call-agent.c. + +2004-02-19 Werner Koch + + * simple-pwquery.c (agent_open): Don't mangle INFOSTR. + +2004-02-17 Werner Koch + + * simple-pwquery.c (agent_open): Ignore an empty GPG_AGENT_INFO. + + * errors.h: Added STATUS_IMPORT_OK. + +2004-02-10 Werner Koch + + * b64enc.c: New. Based on code from ../sm/base64.c. + +2004-01-30 Marcus Brinkmann + + * Makefile.am (libcommon_a_SOURCES): Add xasprintf.c. + * miscellaneous.c (xasprintf): Moved to ... + * xasprintf (xasprintf): ... here. New file. + This allows to use xasprintf without sucking in gpg-error. + +2004-01-27 Werner Koch + + * sexp-parse.h: New; moved from../agent. + + * util.h (xtoi_4): New. + +2003-12-23 Werner Koch + + * maperror.c (map_assuan_err): Prepared for a new error code. + +2003-12-17 Werner Koch + + * gettime.c (asctimestamp): Add a note on a non-avoidable gcc warning. + + * util.h [!HAVE_VASPRINTF]: Add printf format attribute to the + replacement function. + + * miscellaneous.c (xasprintf): New. + +2003-11-14 Werner Koch + + * mkdtemp.c (mkdtemp): Use gcry_create_nonce. + + * cryptmiss.c: Removed. + +2003-11-13 Werner Koch + + * util.h (vasprintf): Also fixed the prototype. + + * vasprintf.c (vasprintf): ARGS should not be a pointer. Fixed + segv on Solaris. Reported by Andrew J. Schorr. + +2003-11-12 Werner Koch + + * maperror.c (map_ksba_err, map_gcry_err, map_kbx_err): Removed. + +2003-10-31 Werner Koch + + * util.h (gnupg_isotime_t): New. + (gnupg_copy_time): New. + + * gettime.c (gnupg_get_isotime): New. + +2003-09-23 Werner Koch + + * iobuf.c (check_special_filename): Replaced is isdigit by digitp + to avoid passing negative values and potential locale problems. + Problem noted by Christian Biere. + + * util.h (ascii_isspace): New. + +2003-09-18 Werner Koch + + * ttyio.c (tty_fprintf): New. + (tty_print_string, tty_print_utf8_string2) + (tty_print_utf8_string): Made P argument const byte*. + +2003-08-20 Marcus Brinkmann + + * maperror.c (map_ksba_err): Map -1. Use gpg_err_make to set + the error source. + +2003-08-14 Timo Schulz + + * dynload.h. New. W32 wrapper around the dynload mechanism. + +2003-07-15 Werner Koch + + * simple-pwquery.c, simple-pwquery.h: New; moved from ../agent. + * Makefile.am (libsimple_pwquery_a_LIBADD): New. + +2003-06-25 Werner Koch + + * maperror.c (map_to_assuan_status): Directly map 0 to 0. + +2003-06-17 Werner Koch + + * gettime.c (scan_isodatestr,add_days_to_timestamp,strtimevalue) + (strtimestamp,asctimestamp): New. Code taken from gnupg 1.3.2 + mischelp.c. + + * yesno.c: New. Code taken from gnupg 1.3.2 mischelp.c + + * miscellaneous.c: New. + + * util.h: Include utf8conf.h + +2003-06-16 Werner Koch + + * gettime.c (make_timestamp): New. + + * ttyio.c: New. Taken from gnupg 1.2. + * ttyio.h: Move from ../include. + +2003-06-13 Werner Koch + + * util.h (seterr): Removed macro. + (xmalloc_secure,xcalloc_secure): New. + +2003-06-11 Werner Koch + + * iobuf.c (iobuf_writebyte,iobuf_write): Return error code from + iobuf_flush. + (iobuf_writestr): Ditto. + +2003-06-10 Werner Koch + + * iobuf.c, iobuf.h: New. Taken from current gnupg 1.3 CVS. Run + indent on it and adjusted error handling to libgpg-error style. + Replaced IOBUF by iobuf_t. Renamed malloc functions. + +2003-06-04 Werner Koch + + * errors.h: Removed all error codes. We keep the status codes for + now. + * Makefile.am: Do not create errors.c anymore; remove it from the + sources. + + * maperror.c: Don't include error.h. Change all error codes to + libgpg-error style. + (map_assuan_err): Changed to new Assuan error code convention. + (map_to_assuan_status): Likewise. + (map_gcry_err,map_kbx_err): Not needed. For now dummy functions. + + * membuf.c, membuf.h: New. Code taken from ../sm/call-agent.h. + * Makefile.am: Added above. + +2003-04-29 Werner Koch + + * util.h (fopencokokie): Removed prototype and struct. + + * fopencookie.c: Removed. + + * maperror.c: Use system assuan.h + +2002-10-31 Neal H. Walfield + + * isascii.c: New file. + * putc_unlocked.c: Likewise. + +2002-10-28 Neal H. Walfield + + * signal.c (caught_fatal_sig): Remove superfluous zero + initializer. + (caught_sigusr1): Likewise. + +2002-09-04 Neal H. Walfield + + * vasprintf.c (vasprintf) [va_copy]: Use va_copy. + [!va_copy && __va_copy]: Use __va_copy. + [!va_copy && !__va_copy]: Only now fall back to using memcpy. + +2002-08-21 Werner Koch + + * errors.h: Added STATUS_IMPORT_PROBLEM. + +2002-08-20 Werner Koch + + * vasprintf.c: Hack to handle NULL for %s. + +2002-08-09 Werner Koch + + * signal.c: New. Taken from GnuPG 1.1.91. + +2002-07-23 Werner Koch + + * util.h (_IO_cookie_io_functions_t): Fixed typo. Noted by + Richard Lefebvre. + +2002-07-22 Werner Koch + + * fseeko.c, ftello.c: New. + +2002-06-28 Werner Koch + + * maperror.c (map_to_assuan_status): Map more errorcodes to Bad + Certificate. + +2002-06-26 Werner Koch + + * maperror.c (map_to_assuan_status): Map EOF to No_Data_Available. + +2002-06-10 Werner Koch + + * errors.h (gnupg_error_token): Add new prototype. + (STATUS_ERROR): New. + + * mkerrtok: New. + * Makefile.am: Use it to create the new error token function. + +2002-06-04 Werner Koch + + * maperror.c (map_to_assuan_status): Map Bad_CA_Certificate. + +2002-05-23 Werner Koch + + * no-pth.c, Makefile.am: Removed. + +2002-05-22 Werner Koch + + * mkdtemp.c: Replaced byte by unsigned char because it is no longer + defined in gcrypt.h. + +2002-05-21 Werner Koch + + * maperror.c (map_gcry_err): Add libgcrypt's new S-expression errors. + (map_ksba_err): Add a few mappings. + +2002-05-14 Werner Koch + + * gettime.c: New. + +2002-05-03 Werner Koch + + * errors.h: Added STARUS_EXPSIG and STATUS_EXPKEYSIG. + +2002-04-15 Werner Koch + + * cryptmiss.c: New. + +2002-02-14 Werner Koch + + * maperror.c: Add more assuan<->gnupg mappings. + +2002-02-12 Werner Koch + + * fopencookie.c: Dummy function. + + * vasprintf.c: New. Taken from binutils-2.9.1 and dropped all non + ANSI-C stuff. Merged with asprintf version. + + * no-pth.c: New. + +2002-01-23 Werner Koch + + * mkdtemp.c: Copied from gnupg-1.0.6c and changed to use libgcrypt. + +2002-01-19 Werner Koch + + * sysutils.c: New. This is the misc.c file from gnupg 1.0.6 with + the OpenPGP stuff removed. + * sysutils.h: New. + +2002-01-15 Werner Koch + + * maperror.c: Add mapping for Not_Trusted. + +2002-01-11 Werner Koch + + * maperror.c (map_assuan_err): Codes for CRL + +2002-01-08 Werner Koch + + * util.h (spacep): New. + +2002-01-02 Werner Koch + + * maperror.c (map_to_assuan_status): New. Merged from ../agent + and ../sm. + +2001-12-20 Werner Koch + + * maperror.c (map_gcry_err): Add some mappings. + +2001-12-18 Werner Koch + + * Makefile.am (AM_CPPFLAGS): Include flags for gcrypt and ksba + +2001-12-14 Werner Koch + + * util.h (digitp, hexdigitp): New ctype like macros. + (atoi_1,atoi_2,atoi_4,xtoi_1,xtoi_2): New. + + + Copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, + 2009, 2010, 2011 Free Software Foundation, Inc. + + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even the + implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +Local Variables: +buffer-read-only: t +End: diff --git a/common/ChangeLog.jnlib b/common/ChangeLog.jnlib index f51525e42..4ac02f3c2 100644 --- a/common/ChangeLog.jnlib +++ b/common/ChangeLog.jnlib @@ -1,3 +1,10 @@ +2011-12-01 Werner Koch + + NB: ChangeLog files are no longer manually maintained. Starting + on December 1st, 2011 we put change information only in the GIT + commit log, and generate a top-level ChangeLog file from logs at + "make dist". See doc/HACKING for details. + 2010-03-10 Werner Koch See gnupg/common/ChangeLog for newer changes. @@ -767,3 +774,7 @@ Mon Jan 24 13:04:28 CET 2000 Werner Koch This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +Local Variables: +buffer-read-only: t +End: diff --git a/common/Makefile.am b/common/Makefile.am index 55d35b587..2ff4ade48 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -18,7 +18,7 @@ ## Process this file with automake to produce Makefile.in -EXTRA_DIST = mkstrtable.awk exaudit.awk exstatus.awk \ +EXTRA_DIST = mkstrtable.awk exaudit.awk exstatus.awk ChangeLog-2011 \ audit-events.h status-codes.h README.jnlib ChangeLog.jnlib noinst_LIBRARIES = libcommon.a libcommonpth.a libgpgrl.a diff --git a/dirmngr/ChangeLog b/dirmngr/ChangeLog deleted file mode 100644 index 7f1ea1170..000000000 --- a/dirmngr/ChangeLog +++ /dev/null @@ -1,1606 +0,0 @@ -2011-11-24 Werner Koch - - * ks-engine-http.c (ks_http_help): Do not print help for hkp. - * ks-engine-hkp.c (ks_hkp_help): Print help only for hkp. - (send_request): Remove test code. - (map_host): Use xtrymalloc. - - * certcache.c (classify_pattern): Remove unused variable and make - explicit substring search work. - -2011-11-24 Werner Koch - - * ks-engine-http.c (ks_http_help): Do not print help for hkp. - * ks-engine-hkp.c (ks_hkp_help): Print help only for hkp. - (send_request): Remove test code. - (map_host): Use xtrymalloc. - - * certcache.c (classify_pattern): Remove unused variable and make - explicit substring search work. - -2011-10-13 Marcus Brinkmann - - * Makefile.am, certcache.c, crlfetch.c, dirmngr.c, ldap-wrapper.c: - Port to NPth. - -2011-06-01 Marcus Brinkmann - - * Makefile.am (dirmngr_ldap_CFLAGS): Add $(LIBGCRYPT_CFLAGS), - which is needed by common/util.h. - -2011-04-25 Werner Koch - - * ks-engine-hkp.c (ks_hkp_search): Mark classify_user_id for use - with OpenPGP. - (ks_hkp_get): Ditto. - -2011-04-12 Werner Koch - - * ks-engine-hkp.c (ks_hkp_search, ks_hkp_get, ks_hkp_put): Factor - code out to .. - (make_host_part): new. - (hostinfo_s): New. - (create_new_hostinfo, find_hostinfo, sort_hostpool) - (select_random_host, map_host, mark_host_dead) - (ks_hkp_print_hosttable): New. - -2011-02-23 Werner Koch - - * certcache.c (get_cert_bysubject): Take care of a NULL argument. - (find_cert_bysubject): Ditto. Fixes bug#1300. - -2011-02-09 Werner Koch - - * ks-engine-kdns.c: New but only the framework. - - * server.c (cmd_keyserver): Add option --help. - (dirmngr_status_help): New. - * ks-action.c (ks_print_help): New. - (ks_action_help): New. - * ks-engine-finger.c (ks_finger_help): New. - * ks-engine-http.c (ks_http_help): New. - * ks-engine-hkp.c (ks_hkp_help): New. - - * ks-action.c (ks_action_fetch): Support http URLs. - * ks-engine-http.c: New. - - * ks-engine-finger.c (ks_finger_get): Rename to ks_finger_fetch. - Change caller. - -2011-02-08 Werner Koch - - * server.c (cmd_ks_fetch): New. - * ks-action.c (ks_action_fetch): New. - * ks-engine-finger.c: New. - -2011-02-03 Werner Koch - - * Makefile.am (dirmngr_LDADD): Remove -llber. - -2011-01-25 Werner Koch - - * dirmngr.c (handle_connections): Rewrite loop to use pth-select - so to sync timeouts to the full second. - (pth_thread_id): New. - (main) [W32CE]: Fix setting of default homedir. - - * ldap-wrapper.c (ldap_wrapper_thread): Sync to the full second. - Increate pth_wait timeout from 1 to 2 seconds. - -2011-01-20 Werner Koch - - * server.c (release_ctrl_keyservers): New. - (cmd_keyserver, cmd_ks_seach, cmd_ks_get, cmd_ks_put): New. - * dirmngr.h (uri_item_t): New. - (struct server_control_s): Add field KEYSERVERS. - * ks-engine-hkp.c: New. - * ks-engine.h: New. - * ks-action.c, ks-action.h: New. - * server.c: Include ks-action.h. - (cmd_ks_search): New. - * Makefile.am (dirmngr_SOURCES): Add new files. - -2011-01-19 Werner Koch - - * dirmngr.c (main): Use es_printf for --gpgconf-list. - -2010-12-14 Werner Koch - - * cdb.h (struct cdb) [W32]: Add field CDB_MAPPING. - * cdblib.c (cdb_init) [W32]: Save mapping handle. - (cdb_free) [W32]: Don't leak the mapping handle from cdb_init by - using the saved one. - - * crlcache.c (crl_cache_insert): Close unused matching files. - - * dirmngr.c (main) [W32CE]: Change homedir in daemon mode to /gnupg. - -2010-12-07 Werner Koch - - * dirmngr.c (TIMERTICK_INTERVAL) [W32CE]: Change to 60s. - -2010-11-23 Werner Koch - - * Makefile.am (dirmngr_LDFLAGS): Add extra_bin_ldflags. - (dirmngr_client_LDFLAGS): Ditto. - -2010-10-21 Werner Koch - - * dirmngr.c (main): Changed faked system time warning - -2010-10-15 Werner Koch - - * Makefile.am (CLEANFILES): Add no-libgcrypt.c. - -2010-09-16 Werner Koch - - * validate.c (validate_cert_chain): Use GPG_ERR_MISSING_ISSUER_CERT. - -2010-08-13 Werner Koch - - * Makefile.am (dirmngr_SOURCES): Add w32-ldap-help.h. - - * dirmngr_ldap.c (fetch_ldap): Call ldap_unbind. - - * w32-ldap-help.h: New. - * dirmngr_ldap.c [W32CE]: Include w32-ldap-help.h and use the - mapped ldap functions. - -2010-08-12 Werner Koch - - * crlcache.c (update_dir, crl_cache_insert): s/unlink/gnupg_remove/. - - * dirmngr.c (dirmngr_sighup_action): New. - - * server.c (cmd_killdirmngr, cmd_reloaddirmngr): New. - (struct server_local_s): Add field STOPME. - (start_command_handler): Act on STOPME. - -2010-08-06 Werner Koch - - * dirmngr.c (JNLIB_NEED_AFLOCAL): Define macro. - (main): Use SUN_LEN macro. - (main) [W32]: Allow EEXIST in addition to EADDRINUSE. - -2010-08-05 Werner Koch - - * server.c (set_error, leave_cmd): New. - (cmd_validate, cmd_ldapserver, cmd_isvalid, cmd_checkcrl) - (cmd_checkocsp, cmd_lookup, cmd_listcrls, cmd_cachecert): Use - leave_cmd. - (cmd_getinfo): New. - (data_line_cookie_write, data_line_cookie_close): New. - (cmd_listcrls): Replace assuan_get_data_fp by es_fopencookie. - - * misc.c (create_estream_ksba_reader, my_estream_ksba_reader_cb): New. - * certcache.c (load_certs_from_dir): Use create_estream_ksba_reader. - * crlcache.c (crl_cache_load): Ditto. - -2010-08-03 Werner Koch - - * dirmngr_ldap.c (pth_enter, pth_leave) [USE_LDAPWRAPPER]: Turn - into functions for use in a 'for' control stmt. - -2010-07-26 Werner Koch - - * dirmngr_ldap.c (print_ldap_entries): Remove special fwrite case - for W32 because that is now handles by estream. - -2010-07-25 Werner Koch - - * Makefile.am (dirmngr_SOURCES) [!USE_LDAPWRAPPER]: Build - ldap-wrapper-ce. - * ldap-wrapper-ce.c: New. - - * dirmngr_ldap.c (opt): Remove global variable ... - (my_opt_t): ... and declare a type instead. - (main): Define a MY_OPT variable and change all references to OPT - to this. - (set_timeout, print_ldap_entries, fetch_ldap, process_url): Pass - MYOPT arg. - -2010-07-24 Werner Koch - - * dirmngr_ldap.c (main): Init common subsystems. Call - es_set_binary. - -2010-07-19 Werner Koch - - * dirmngr.c: Include ldap-wrapper.h. - (launch_reaper_thread): Move code to ... - * ldap-wrapper.c (ldap_wrapper_launch_thread): .. here. Change - callers. - (ldap_wrapper_thread): Rename to ... - (wrapper_thread): this and make local. - - * ldap.c (destroy_wrapper, print_log_line) - (read_log_data, ldap_wrapper_thread) - (ldap_wrapper_wait_connections, ldap_wrapper_release_context) - (ldap_wrapper_connection_cleanup, reader_callback, ldap_wrapper): - Factor code out to ... - * ldap-wrapper.c: new. - (ldap_wrapper): Make public. - (read_buffer): Copy from ldap.c. - * ldap-wrapper.h: New. - * Makefile.am (dirmngr_SOURCES): Add new files. - -2010-07-16 Werner Koch - - * http.c, http.h: Remove. - - * dirmngr-err.h: New. - * dirmngr.h: Include dirmngr-err.h instead of gpg-error.h - - * cdblib.c: Replace assignments to ERRNO by a call to - gpg_err_set_errno. Include dirmngr-err.h. - (cdb_free) [__MINGW32CE__]: Do not use get_osfhandle. - - * dirmngr.c [!HAVE_SIGNAL_H]: Don't include signal.h. - (USE_W32_SERVICE): New. Use this to control the use of the W32 - service system. - -2010-07-06 Werner Koch - - * dirmngr.c (main): Print note on directory name changes. - - Replace almost all uses of stdio by estream. - - * b64dec.c, b64enc.c: Remove. They are duplicated in ../common/. - -2010-06-28 Werner Koch - - * dirmngr_ldap.c (my_i18n_init): Remove. - (main): Call i18n_init instead of above function. - - * dirmngr-client.c (my_i18n_init): Remove. - (main): Call i18n_init instead of above function. - - * Makefile.am (dirmngr_LDADD): Add ../gl/libgnu. - (dirmngr_ldap_LDADD, dirmngr_client_LDADD): Ditto. - -2010-06-09 Werner Koch - - * i18n.h: Remove. - - * Makefile.am (no-libgcrypt.c): New rule. - - * exechelp.h: Remove. - * exechelp.c: Remove. - (dirmngr_release_process): Change callers to use the gnupg func. - (dirmngr_wait_process): Likewise. - (dirmngr_kill_process): Likewise. This actually implements it for - W32. - * ldap.c (ldap_wrapper): s/get_dirmngr_ldap_path/gnupg_module_name/. - (ldap_wrapper_thread): Use gnupg_wait_process and adjust for - changed semantics. - (ldap_wrapper): Replace xcalloc by xtrycalloc. Replace spawn - mechanism. - - * server.c (start_command_handler): Remove assuan_set_log_stream. - - * validate.c: Remove gcrypt.h and ksba.h. - - * ldapserver.c: s/util.h/dirmngr.h/. - - * dirmngr.c (sleep) [W32]: Remove macro. - (main): s/sleep/gnupg_sleep/. - (pid_suffix_callback): Change arg type. - (my_gcry_logger): Remove. - (fixed_gcry_pth_init): New. - (main): Use it. - (FD2INT): Remove. - -2010-06-08 Werner Koch - - * misc.h (copy_time): Remove and replace by gnupg_copy_time which - allows to set a null date. - * misc.c (dump_isotime, get_time, get_isotime, set_time) - (check_isotime, add_isotime): Remove and replace all calls by the - versions from common/gettime.c. - - * crlcache.c, misc.c, misc.h: s/dirmngr_isotime_t/gnupg_isotime_t/. - * server.c, ldap.c: Reorder include directives. - * crlcache.h, misc.h: Remove all include directives. - - * certcache.c (cmp_simple_canon_sexp): Remove. - (compare_serialno): Rewrite using cmp_simple_canon_sexp from - common/sexputil.c - - * error.h: Remove. - - * dirmngr.c: Remove transitional option "--ignore-ocsp-servic-url". - (opts): Use ARGPARSE macros. - (i18n_init): Remove. - (main): Use GnuPG init functions. - - * dirmngr.h: Remove duplicated stuff now taken from ../common. - - * get-path.c, util.h: Remove. - - * Makefile.am: Adjust to GnuPG system. - * estream.c, estream.h, estream-printf.c, estream-printf.h: Remove. - -2010-06-07 Werner Koch - - * OAUTHORS, ONEWS, ChangeLog.1: New. - - * ChangeLog, Makefile.am, b64dec.c, b64enc.c, cdb.h, cdblib.c - * certcache.c, certcache.h, crlcache.c, crlcache.h, crlfetch.c - * crlfetch.h, dirmngr-client.c, dirmngr.c, dirmngr.h - * dirmngr_ldap.c, error.h, estream-printf.c, estream-printf.h - * estream.c, estream.h, exechelp.c, exechelp.h, get-path.c, http.c - * http.h, i18n.h, ldap-url.c, ldap-url.h, ldap.c, ldapserver.c - * ldapserver.h, misc.c, misc.h, ocsp.c, ocsp.h, server.c, util.h - * validate.c, validate.h: Imported from the current SVN of the - dirmngr package (only src/). - -2010-03-13 Werner Koch - - * dirmngr.c (int_and_ptr_u): New. - (pid_suffix_callback): Trick out compiler. - (start_connection_thread): Ditto. - (handle_connections): Ditto. - -2010-03-09 Werner Koch - - * dirmngr.c (set_debug): Allow numerical values. - -2009-12-15 Werner Koch - - * dirmngr.c: Add option --ignore-cert-extension. - (parse_rereadable_options): Implement. - * dirmngr.h (opt): Add IGNORED_CERT_EXTENSIONS. - * validate.c (unknown_criticals): Handle ignored extensions. - -2009-12-08 Marcus Brinkmann - - * dirmngr-client.c (start_dirmngr): Convert posix FDs to assuan fds. - -2009-11-25 Marcus Brinkmann - - * server.c (start_command_handler): Use assuan_fd_t and - assuan_fdopen on fds. - -2009-11-05 Marcus Brinkmann - - * server.c (start_command_handler): Update use of - assuan_init_socket_server. - * dirmngr-client.c (start_dirmngr): Update use of - assuan_pipe_connect and assuan_socket_connect. - -2009-11-04 Werner Koch - - * server.c (register_commands): Add help arg to - assuan_register_command. Change all command comments to strings. - -2009-11-02 Marcus Brinkmann - - * server.c (reset_notify): Take LINE argument, return gpg_error_t. - -2009-10-16 Marcus Brinkmann - - * Makefile.am: (dirmngr_LDADD): Link to $(LIBASSUAN_LIBS) instead - of $(LIBASSUAN_PTH_LIBS). - * dirmngr.c: Invoke ASSUAN_SYSTEM_PTH_IMPL. - (main): Call assuan_set_system_hooks and assuan_sock_init. - -2009-09-22 Marcus Brinkmann - - * dirmngr.c (main): Update to new Assuan interface. - * server.c (option_handler, cmd_ldapserver, cmd_isvalid) - (cmd_checkcrl, cmd_checkocsp, cmd_lookup, cmd_loadcrl) - (cmd_listcrls, cmd_cachecert, cmd_validate): Return gpg_error_t - instead int. - (register_commands): Likewise for member HANDLER. - (start_command_handler): Allocate context with assuan_new before - starting server. Release on error. - * dirmngr-client.c (main): Update to new Assuan interface. - (start_dirmngr): Allocate context with assuan_new before - connecting to server. Release on error. - -2009-08-12 Werner Koch - - * dirmngr-client.c (squid_loop_body): Flush stdout. Suggested by - Philip Shin. - -2009-08-07 Werner Koch - - * crlfetch.c (my_es_read): Add explicit check for EOF. - - * http.c (struct http_context_s): Turn IN_DATA and IS_HTTP_0_9 to - bit fields. - (struct cookie_s): Add CONTENT_LENGTH_VALID and CONTENT_LENGTH. - (parse_response): Parse the Content-Length header. - (cookie_read): Handle content length. - (http_open): Make NEED_HEADER the semi-default. - - * http.h (HTTP_FLAG_IGNORE_CL): New. - -2009-08-04 Werner Koch - - * ldap.c (ldap_wrapper_thread): Factor some code out to ... - (read_log_data): ... new. Close the log fd on error. - (ldap_wrapper_thread): Delay cleanup until the log fd is closed. - (SAFE_PTH_CLOSE): New. Use it instead of pth_close. - -2009-07-31 Werner Koch - - * server.c (cmd_loadcrl): Add option --url. - * dirmngr-client.c (do_loadcrl): Make use of --url. - - * crlfetch.c (crl_fetch): Remove HTTP_FLAG_NO_SHUTDOWN. Add - flag HTTP_FLAG_LOG_RESP with active DBG_LOOKUP. - - * http.c: Require estream. Remove P_ES macro. - (write_server): Remove. - (my_read_line): Remove. Replace all callers by es_read_line. - (send_request): Use es_asprintf. Always store the cookie. - (http_wait_response): Remove the need to dup the socket. USe new - shutdown flag. - * http.h (HTTP_FLAG_NO_SHUTDOWN): Rename to HTTP_FLAG_SHUTDOWN. - - * estream.c, estream.h, estream-printf.c, estream-printf.h: Update - from current libestream. This is provide es_asprintf. - -2009-07-20 Werner Koch - - * dirmngr.c (pid_suffix_callback): New. - (main): Use log_set_pid_suffix_cb. - (start_connection_thread): Put the fd into the tls. - - * ldap.c (ldap_wrapper_thread): Print ldap worker stati. - (ldap_wrapper_release_context): Print a debug info. - (end_cert_fetch_ldap): Release the reader. Might fix bug#999. - -2009-06-17 Werner Koch - - * util.h: Remove unused dotlock.h. - -2009-05-26 Werner Koch - - * ldap.c (ldap_wrapper): Show reader object in diagnostics. - * crlcache.c (crl_cache_reload_crl): Ditto. Change debug messages - to regular diagnostics. - * dirmngr_ldap.c (print_ldap_entries): Add extra diagnostics. - -2009-04-03 Werner Koch - - * dirmngr.h (struct server_local_s): Move back to ... - * server.c (struct server_local_s): ... here. - (get_ldapservers_from_ctrl): New. - * ldapserver.h (ldapserver_iter_begin): Use it. - -2008-10-29 Marcus Brinkmann - - * estream.c (es_getline): Add explicit cast to silence gcc -W - warning. - * crlcache.c (finish_sig_check): Likewise. - - * dirmngr.c (opts): Add missing initializer to silence gcc - -W warning. - * server.c (register_commands): Likewise. - * dirmngr-client.c (opts): Likewise. - * dirmngr_ldap.c (opts): Likewise. - - * dirmngr-client.c (status_cb, inq_cert, data_cb): Change return - type to gpg_error_t to silence gcc warning. - -2008-10-21 Werner Koch - - * certcache.c (load_certs_from_dir): Accept ".der" files. - - * server.c (get_istrusted_from_client): New. - * validate.c (validate_cert_chain): Add new optional arg - R_TRUST_ANCHOR. Adjust all callers - * crlcache.c (crl_cache_entry_s): Add fields USER_TRUST_REQ - and CHECK_TRUST_ANCHOR. - (release_one_cache_entry): Release CHECK_TRUST_ANCHOR. - (list_one_crl_entry): Print info about the new fields. - (open_dir, write_dir_line_crl): Support the new U-flag. - (crl_parse_insert): Add arg R_TRUST_ANCHOR and set it accordingly. - (crl_cache_insert): Store trust anchor in entry object. - (cache_isvalid): Ask client for trust is needed. - - * crlcache.c (open_dir): Replace xcalloc by xtrycalloc. - (next_line_from_file): Ditt. Add arg to return the gpg error. - Change all callers. - (update_dir): Replace sprintf and malloc by estream_asprintf. - (crl_cache_insert): Ditto. - (crl_cache_isvalid): Replace xmalloc by xtrymalloc. - (get_auth_key_id): Ditto. - (crl_cache_insert): Ditto. - - * crlcache.c (start_sig_check): Remove HAVE_GCRY_MD_DEBUG test. - * validate.c (check_cert_sig): Ditto. Remove workaround for bug - in libgcrypt 1.2. - - * estream.c, estream.h, estream-printf.c, estream-printf.h: Update - from current libestream (svn rev 61). - -2008-09-30 Marcus Brinkmann - - * get-path.c (get_dirmngr_ldap_path): Revert last change. - Instead, use dirmngr_libexecdir(). - (find_program_at_standard_place): Don't define for now. - -2008-09-30 Marcus Brinkmann - - * get-path.c (dirmngr_cachedir): Make COMP a pointer to const to - silence gcc warning. - (get_dirmngr_ldap_path): Look for dirmngr_ldap in the installation - directory. - -2008-08-06 Marcus Brinkmann - - * dirmngr.c (main): Mark the ldapserverlist-file option as - read-only. - -2008-07-31 Werner Koch - - * crlcache.c (start_sig_check) [!HAVE_GCRY_MD_DEBUG]: Use - gcry_md_start_debug - -2008-06-16 Werner Koch - - * get-path.c (w32_commondir): New. - (dirmngr_sysconfdir): Use it here. - (dirmngr_datadir): Ditto. - -2008-06-12 Marcus Brinkmann - - * Makefile.am (dirmngr_SOURCES): Add ldapserver.h and ldapserver.c. - * ldapserver.h, ldapserver.c: New files. - * ldap.c: Include "ldapserver.h". - (url_fetch_ldap): Use iterator to get session servers as well. - (attr_fetch_ldap, start_default_fetch_ldap): Likewise. - * dirmngr.c: Include "ldapserver.h". - (free_ldapservers_list): Removed. Change callers to - ldapserver_list_free. - (parse_ldapserver_file): Use ldapserver_parse_one. - * server.c: Include "ldapserver.h". - (cmd_ldapserver): New command. - (register_commands): Add new command LDAPSERVER. - (reset_notify): New function. - (start_command_handler): Register reset notify handler. - Deallocate session server list. - (lookup_cert_by_pattern): Use iterator to get session servers as well. - (struct server_local_s): Move to ... - * dirmngr.h (struct server_local_s): ... here. Add new member - ldapservers. - -2008-06-10 Werner Koch - - Support PEM encoded CRLs. Fixes bug#927. - - * crlfetch.c (struct reader_cb_context_s): New. - (struct file_reader_map_s): Replace FP by new context. - (register_file_reader, get_file_reader): Adjust accordingly. - (my_es_read): Detect Base64 encoded CRL and decode if needed. - (crl_fetch): Pass new context to the callback. - (crl_close_reader): Cleanup the new context. - * b64dec.c: New. Taken from GnuPG. - * util.h (struct b64state): Add new fields STOP_SEEN and - INVALID_ENCODING. - -2008-05-26 Marcus Brinkmann - - * dirmngr.c (main) [HAVE_W32_SYSTEM]: Switch to system - configuration on gpgconf related commands, and make all options - unchangeable. - -2008-03-25 Marcus Brinkmann - - * dirmngr_ldap.c (print_ldap_entries): Add code alternative for - W32 console stdout (unused at this point). - -2008-03-21 Marcus Brinkmann - - * estream.c (ESTREAM_MUTEX_DESTROY): New macro. - (es_create, es_destroy): Use it. - -2008-02-21 Werner Koch - - * validate.c (check_cert_sig) [HAVE_GCRY_MD_DEBUG]: Use new debug - function if available. - - * crlcache.c (abort_sig_check): Mark unused arg. - - * exechelp.c (dirmngr_release_process) [!W32]: Mark unsed arg. - - * validate.c (is_root_cert): New. Taken from GnuPG. - (validate_cert_chain): Use it in place of the simple DN compare. - -2008-02-15 Marcus Brinkmann - - * dirmngr.c (main): Reinitialize assuan log stream if necessary. - - * crlcache.c (update_dir) [HAVE_W32_SYSTEM]: Remove destination - file before rename. - (crl_cache_insert) [HAVE_W32_SYSTEM]: Remove destination file - before rename. - -2008-02-14 Marcus Brinkmann - - * validate.c (check_cert_policy): Use ksba_free instead of xfree. - (validate_cert_chain): Likewise. Free SUBJECT on error. - (cert_usage_p): Likewise. - - * crlcache.c (finish_sig_check): Undo last change. - (finish_sig_check): Close md. - (abort_sig_check): New function. - (crl_parse_insert): Use abort_sig_check to clean up. - - * crlcache.c (crl_cache_insert): Clean up CDB on error. - -2008-02-13 Marcus Brinkmann - - * crlcache.c (finish_sig_check): Call gcry_md_stop_debug. - * exechelp.h (dirmngr_release_process): New prototype. - * exechelp.c (dirmngr_release_process): New function. - * ldap.c (ldap_wrapper_thread): Release pid. - (destroy_wrapper): Likewise. - - * dirmngr.c (launch_reaper_thread): Destroy tattr. - (handle_connections): Likewise. - -2008-02-12 Marcus Brinkmann - - * ldap.c (pth_close) [! HAVE_W32_SYSTEM]: New macro. - (struct wrapper_context_s): New member log_ev. - (destroy_wrapper): Check FDs for != -1 rather than != 0. Use - pth_close instead of close. Free CTX->log_ev. - (ldap_wrapper_thread): Rewritten to use pth_wait instead of - select. Also use pth_read instead of read and pth_close instead - of close. - (ldap_wrapper): Initialize CTX->log_ev. - (reader_callback): Use pth_close instead of close. - * exechelp.c (create_inheritable_pipe) [HAVE_W32_SYSTEM]: Removed. - (dirmngr_spawn_process) [HAVE_W32_SYSTEM]: Use pth_pipe instead. - * dirmngr_ldap.c [HAVE_W32_SYSTEM]: Include . - (main) [HAVE_W32_SYSTEM]: Set mode of stdout to binary. - -2008-02-01 Werner Koch - - * ldap.c: Remove all ldap headers as they are unused. - - * dirmngr_ldap.c (LDAP_DEPRECATED): New, to have OpenLDAP use the - old standard API. - -2008-01-10 Werner Koch - - * dirmngr-client.c: New option --local. - (do_lookup): Use it. - - * server.c (lookup_cert_by_pattern): Implement local lookup. - (return_one_cert): New. - * certcache.c (hexsn_to_sexp): New. - (classify_pattern, get_certs_bypattern): New. - - * misc.c (unhexify): Allow passing NULL for RESULT. - (cert_log_subject): Do not call ksba_free on an unused variable. - -2008-01-02 Marcus Brinkmann - - * Makefile.am (dirmngr_LDADD, dirmngr_ldap_LDADD) - (dirmngr_client_LDADD): Add $(LIBICONV). Reported by Michael - Nottebrock. - -2007-12-11 Werner Koch - - * server.c (option_handler): New option audit-events. - * dirmngr.h (struct server_control_s): Add member AUDIT_EVENTS. - -2007-11-26 Marcus Brinkmann - - * get-path.c (dirmngr_cachedir): Create intermediate directories. - (default_socket_name): Use CSIDL_WINDOWS. - -2007-11-21 Werner Koch - - * server.c (lookup_cert_by_pattern): Add args SINGLE and CACHE_ONLY. - (cmd_lookup): Add options --single and --cache-only. - -2007-11-16 Werner Koch - - * certcache.c (load_certs_from_dir): Also log the subject DN. - * misc.c (cert_log_subject): New. - -2007-11-14 Werner Koch - - * dirmngr-client.c: Replace --lookup-url by --url. - (main): Remove extra code for --lookup-url. - (do_lookup): Remove LOOKUP_URL arg and use the - global option OPT.URL. - - * server.c (has_leading_option): New. - (cmd_lookup): Use it. - - * crlfetch.c (fetch_cert_by_url): Use GPG_ERR_INV_CERT_OBJ. - (fetch_cert_by_url): Use gpg_error_from_syserror. - -2007-11-14 Moritz (wk) - - * dirmngr-client.c: New command: --lookup-url . - (do_lookup): New parameter: lookup_url. If TRUE, include "--url" - switch in LOOKUP transaction. - (enum): New entry: oLookupUrl. - (opts): Likewise. - (main): Handle oLookupUrl. New variable: cmd_lookup_url, set - during option parsing, pass to do_lookup() and substitute some - occurences of "cmd_lookup" with "cmd_lookup OR cmd_lookup_url". - * crlfetch.c (fetch_cert_by_url): New function, uses - url_fetch_ldap() to create a reader object and libksba functions - to read a single cert from that reader. - * server.c (lookup_cert_by_url, lookup_cert_by_pattern): New - functions. - (cmd_lookup): Moved almost complete code ... - (lookup_cert_by_pattern): ... here. - (cmd_lookup): Support new optional argument: --url. Depending on - the presence of that switch, call lookup_cert_by_url() or - lookup_cert_by_pattern(). - (lookup_cert_by_url): Heavily stripped down version of - lookup_cert_by_pattern(), using fetch_cert_by_url. - -2007-10-24 Marcus Brinkmann - - * exechelp.c (dirmngr_spawn_process): Fix child handles. - -2007-10-05 Marcus Brinkmann - - * dirmngr.h: Include assuan.h. - (start_command_handler): Change type of FD to assuan_fd_t. - * dirmngr.c: Do not include w32-afunix.h. - (socket_nonce): New global variable. - (create_server_socket): Use assuan socket wrappers. Remove W32 - specific stuff. Save the server nonce. - (check_nonce): New function. - (start_connection_thread): Call it. - (handle_connections): Change args to assuan_fd_t. - * server.c (start_command_handler): Change type of FD to assuan_fd_t. - -2007-09-12 Marcus Brinkmann - - * dirmngr.c (main): Percent escape pathnames in --gpgconf-list output. - -2007-08-27 Moritz Schulte - - * src/Makefile.am (AM_CPPFLAGS): Define DIRMNGR_SOCKETDIR based on - $(localstatedir). - * src/get-path.c (default_socket_name): Use DIRMNGR_SOCKETDIR - instead of hard-coded "/var/run/dirmngr". - -2007-08-16 Werner Koch - - * get-path.c (get_dirmngr_ldap_path): Make PATHNAME const. - - * dirmngr.c (my_ksba_hash_buffer): Mark unused arg. - (dirmngr_init_default_ctrl): Ditto. - (my_gcry_logger): Ditto. - * dirmngr-client.c (status_cb): Ditto. - * dirmngr_ldap.c (catch_alarm): Ditto. - * estream-printf.c (pr_bytes_so_far): Ditto. - * estream.c (es_func_fd_create): Ditto. - (es_func_fp_create): Ditto. - (es_write_hexstring): Ditto. - * server.c (cmd_listcrls): Ditto. - (cmd_cachecert): Ditto. - * crlcache.c (cache_isvalid): Ditto. - * ocsp.c (do_ocsp_request): Ditto. - * ldap.c (ldap_wrapper_thread): Ditto. - * http.c (http_register_tls_callback): Ditto. - (connect_server): Ditto. - (write_server) [!HTTP_USE_ESTREAM]: Don't build. - -2007-08-14 Werner Koch - - * get-path.c (dirmngr_cachedir) [W32]: Use CSIDL_LOCAL_APPDATA. - -2007-08-13 Werner Koch - - * dirmngr.c (handle_connections): Use a timeout in the accept - function. Block signals while creating a new thread. - (shutdown_pending): Needs to be volatile as also accessed bt the - service function. - (w32_service_control): Do not use the regular log fucntions here. - (handle_tick): New. - (main): With system_service in effect use aDaemon as default - command. - (main) [W32]: Only temporary redefine main for the sake of Emacs's - "C-x 4 a". - - * dirmngr-client.c (main) [W32]: Initialize sockets. - (start_dirmngr): Use default_socket_name instead of a constant. - * Makefile.am (dirmngr_client_SOURCES): Add get-path.c - -2007-08-09 Werner Koch - - * dirmngr.c (parse_ocsp_signer): New. - (parse_rereadable_options): Set opt.ocsp_signer to this. - * dirmngr.h (fingerprint_list_t): New. - * ocsp.c (ocsp_isvalid, check_signature, validate_responder_cert): - Allow for several default ocscp signers. - (ocsp_isvalid): Return GPG_ERR_NO_DATA for an unknwon status. - - * dirmngr-client.c: New option --force-default-responder. - - * server.c (has_option, skip_options): New. - (cmd_checkocsp): Add option --force-default-responder. - (cmd_isvalid): Ditto. Also add option --only-ocsp. - - * ocsp.c (ocsp_isvalid): New arg FORCE_DEFAULT_RESPONDER. - - * dirmngr.c: New option --ocsp-max-period. - * ocsp.c (ocsp_isvalid): Implement it and take care that a missing - next_update is to be ignored. - - * crlfetch.c (my_es_read): New. Use it instead of es_read. - - * estream.h, estream.c, estream-printf.c: Updated from current - libestream SVN. - -2007-08-08 Werner Koch - - * crlcache.c (crl_parse_insert): Hack to allow for a missing - nextUpdate. - - * dirmngr_ldap.c (print_ldap_entries): Strip the extension from - the want_attr. - - * exechelp.c (dirmngr_wait_process): Reworked for clear error - semantics. - * ldap.c (ldap_wrapper_thread): Adjust for new - dirmngr_wait_process semantics. - -2007-08-07 Werner Koch - - * get-path.c (default_socket_name) [!W32]: Fixed syntax error. - - * ldap.c (X509CACERT, make_url, fetch_next_cert_ldap): Support - x509caCert as used by the Bundesnetzagentur. - (ldap_wrapper): Do not pass the prgtram name as the first - argument. dirmngr_spawn_process takes care of that. - -2007-08-04 Marcus Brinkmann - - * dirmngr.h (opt): Add member system_service. - * dirmngr.c (opts) [HAVE_W32_SYSTEM]: New entry for option - --service. - (DEFAULT_SOCKET_NAME): Removed. - (service_handle, service_status, - w32_service_control) [HAVE_W32_SYSTEM]: New symbols. - (main) [HAVE_W32_SYSTEM]: New entry point for --service. Rename - old function to ... - (real_main) [HAVE_W32_SYSTEM]: ... this. Use default_socket_name - instead of DEFAULT_SOCKET_NAME, and similar for other paths. - Allow colons in Windows socket path name, and implement --service - option. - * util.h (dirmngr_sysconfdir, dirmngr_libexecdir, dirmngr_datadir, - dirmngr_cachedir, default_socket_name): New prototypes. - * get-path.c (dirmngr_sysconfdir, dirmngr_libexecdir) - (dirmngr_datadir, dirmngr_cachedir, default_socket_name): New - functions. - (DIRSEP_C, DIRSEP_S): New macros. - -2007-08-03 Marcus Brinkmann - - * get-path.c: Really add the file this time. - -2007-07-31 Marcus Brinkmann - - * crlfetch.c: Include "estream.h". - (crl_fetch): Use es_read callback instead a file handle. - (crl_close_reader): Use es_fclose instead of fclose. - (struct file_reader_map_s): Change type of FP to estream_t. - (register_file_reader, crl_fetch, crl_close_reader): Likewise. - * ocsp.c: Include "estream.h". - (read_response): Change type of FP to estream_t. - (read_response, do_ocsp_request): Use es_* variants of I/O - functions. - - * http.c: Include . - (http_wait_response) [HAVE_W32_SYSTEM]: Use DuplicateHandle. - (cookie_read): Use pth_read instead read. - (cookie_write): Use pth_write instead write. - -2007-07-30 Marcus Brinkmann - - * ldap-url.c (ldap_str2charray): Fix buglet in ldap_utf8_strchr - invocation. - -2007-07-27 Marcus Brinkmann - - * estream.h, estream.c: Update from recent GnuPG. - - * get-path.c: New file. - * Makefile.am (dirmngr_SOURCES): Add get-path.c. - * util.h (default_homedir, get_dirmngr_ldap_path): New prototypes. - * dirmngr.c (main): Use default_homedir(). - * ldap-url.h: Remove japanese white space (sorry!). - -2007-07-26 Marcus Brinkmann - - * ldap.c (pth_yield): Remove macro. - - * ldap.c (pth_yield) [HAVE_W32_SYSTEM]: Define to Sleep(0). - - * dirmngr_ldap.c [HAVE_W32_SYSTEM]: Do not include , but - , and "ldap-url.h". - * ldap.c [HAVE_W32_SYSTEM]: Do not include , but - and . - - * ldap-url.c: Do not include , but , - and "ldap-url.h". - (LDAP_P): New macro. - * ldap-url.h: New file. - * Makefile.am (ldap_url): Add ldap-url.h. - - * Makefile.am (ldap_url): New variable. - (dirmngr_ldap_SOURCES): Add $(ldap_url). - (dirmngr_ldap_LDADD): Add $(LIBOBJS). - * ldap-url.c: New file, excerpted from OpenLDAP. - * dirmngr.c (main) [HAVE_W32_SYSTEM]: Avoid the daemonization. - * dirmngr_ldap.c: Include "util.h". - (main) [HAVE_W32_SYSTEM]: Don't set up alarm. - (set_timeout) [HAVE_W32_SYSTEM]: Likewise. - * ldap.c [HAVE_W32_SYSTEM]: Add macros for setenv and pth_yield. - * no-libgcrypt.h (NO_LIBGCRYPT): Define. - * util.h [NO_LIBGCRYPT]: Don't include . - -2007-07-23 Marcus Brinkmann - - * Makefile.am (dirmngr_SOURCES): Add exechelp.h and exechelp.c. - * exechelp.h, exechelp.c: New files. - * ldap.c: Don't include but "exechelp.h". - (destroy_wrapper, ldap_wrapper_thread, - ldap_wrapper_connection_cleanup): Use dirmngr_kill_process instead - of kill. - (ldap_wrapper_thread): Use dirmngr_wait_process instead of - waitpid. - (ldap_wrapper): Use dirmngr_spawn_process. - -2007-07-20 Marcus Brinkmann - - * certcache.c (cert_cache_lock): Do not initialize statically. - (init_cache_lock): New function. - (cert_cache_init): Call init_cache_lock. - - * estream.h, estream.c, estream-printf.h, estream-printf.c: New - files. - * Makefile.am (dirmngr_SOURCES): Add estream.c, estream.h, - estream-printf.c, estream-printf.h. - - * http.c: Update to latest version from GnuPG. - - * Makefile.am (cdb_sources) - * cdblib.c: Port to windows (backport from tinycdb 0.76). - - * crlcache.c [HAVE_W32_SYSTEM]: Don't include sys/utsname.h. - [MKDIR_TAKES_ONE_ARG]: Define mkdir as a macro for such systems. - (update_dir, crl_cache_insert) [HAVE_W32_SYSTEM]: Don't get uname. - * server.c (start_command_handler) [HAVE_W32_SYSTEM]: Don't log - peer credentials. - - * dirmngr.c [HAVE_W32_SYSTEM]: Do not include sys/socket.h or - sys/un.h, but ../jnlib/w32-afunix.h. - (sleep) [HAVE_W32_SYSTEM]: New macro. - (main) [HAVE_W32_SYSTEM]: Don't mess with SIGPIPE. Use W32 socket - API. - (handle_signal) [HAVE_W32_SYSTEM]: Deactivate the bunch of the - code. - (handle_connections) [HAVE_W32_SYSTEM]: don't handle signals. - -2006-11-29 Werner Koch - - * dirmngr.c (my_strusage): Use macro for the bug report address - and the copyright line. - * dirmngr-client.c (my_strusage): Ditto. - * dirmngr_ldap.c (my_strusage): Ditto. - - * Makefile.am: Do not link against LIBICONV. - -2006-11-19 Werner Koch - - * dirmngr.c: Include i18n.h. - -2006-11-17 Werner Koch - - * Makefile.am (dirmngr_LDADD): Use LIBASSUAN_PTH_LIBS. - -2006-11-16 Werner Koch - - * server.c (start_command_handler): Replaced - assuan_init_connected_socket_server by assuan_init_socket_server_ext. - - * crlcache.c (update_dir): Put a diagnostic into DIR.txt. - (open_dir): Detect invalid and duplicate entries. - (update_dir): Fixed search for second field. - -2006-10-23 Werner Koch - - * dirmngr.c (main): New command --gpgconf-test. - -2006-09-14 Werner Koch - - * server.c (start_command_handler): In vebose mode print - information about the peer. This may later be used to restrict - certain commands. - -2006-09-12 Werner Koch - - * server.c (start_command_handler): Print a more informative hello - line. - * dirmngr.c: Moved config_filename into the opt struct. - -2006-09-11 Werner Koch - - Changed everything to use Assuan with gpg-error codes. - * maperror.c: Removed. - * server.c (map_to_assuan_status): Removed. - * dirmngr.c (main): Set assuan error source. - * dirmngr-client.c (main): Ditto. - -2006-09-04 Werner Koch - - * crlfetch.c (crl_fetch): Implement HTTP redirection. - * ocsp.c (do_ocsp_request): Ditto. - - New HTTP code version taken from gnupg svn release 4236. - * http.c (http_get_header): New. - (capitalize_header_name, store_header): New. - (parse_response): Store headers away. - (send_request): Return GPG_ERR_NOT_FOUND if connect_server failed. - * http.h: New flag HTTP_FLAG_NEED_HEADER. - -2006-09-01 Werner Koch - - * crlfetch.c (register_file_reader, get_file_reader): New. - (crl_fetch): Register the file pointer for HTTP. - (crl_close_reader): And release it. - - * http.c, http.h: Updated from GnuPG SVN trunk. Changed all users - to adopt the new API. - * dirmngr.h: Moved inclusion of jnlib header to ... - * util.h: .. here. This is required becuase http.c includes only - a file util.h but makes use of log_foo. Include gcrypt.h so that - gcry_malloc et al are declared. - -2006-08-31 Werner Koch - - * ocsp.c (check_signature): Make use of the responder id. - -2006-08-30 Werner Koch - - * validate.c (check_cert_sig): Workaround for rimemd160. - (allowed_ca): Always allow trusted CAs. - - * dirmngr.h (cert_ref_t): New. - (struct server_control_s): Add field OCSP_CERTS. - * server.c (start_command_handler): Release new field - * ocsp.c (release_ctrl_ocsp_certs): New. - (check_signature): Store certificates in OCSP_CERTS. - - * certcache.c (find_issuing_cert): Reset error if cert was found - by subject. - (put_cert): Add new arg FPR_BUFFER. Changed callers. - (cache_cert_silent): New. - - * dirmngr.c (parse_rereadable_options): New options - --ocsp-max-clock-skew and --ocsp-current-period. - * ocsp.c (ocsp_isvalid): Use them here. - - * ocsp.c (validate_responder_cert): New optional arg signer_cert. - (check_signature_core): Ditto. - (check_signature): Use the default signer certificate here. - -2006-06-27 Werner Koch - - * dirmngr-client.c (inq_cert): Take care of SENDCERT_SKI. - -2006-06-26 Werner Koch - - * crlcache.c (lock_db_file): Count open files when needed. - (find_entry): Fixed deleted case. - -2006-06-23 Werner Koch - - * misc.c (cert_log_name): New. - - * certcache.c (load_certs_from_dir): Also print certificate name. - (find_cert_bysn): Release ISSDN. - - * validate.h: New VALIDATE_MODE_CERT. - * server.c (cmd_validate): Use it here so that no policy checks - are done. Try to validated a cached copy of the target. - - * validate.c (validate_cert_chain): Implement a validation cache. - (check_revocations): Print more diagnostics. Actually use the - loop variable and not the head of the list. - (validate_cert_chain): Do not check revocations of CRL issuer - certificates in plain CRL check mode. - * ocsp.c (ocsp_isvalid): Make sure it is reset for a status of - revoked. - -2006-06-22 Werner Koch - - * validate.c (cert_use_crl_p): New. - (cert_usage_p): Add a mode 6 for CRL signing. - (validate_cert_chain): Check that the certificate may be used for - CRL signing. Print a note when not running as system daemon. - (validate_cert_chain): Reduce the maximum depth from 50 to 10. - - * certcache.c (find_cert_bysn): Minor restructuring - (find_cert_bysubject): Ditto. Use get_cert_local when called - without KEYID. - * crlcache.c (get_crlissuer_cert_bysn): Removed. - (get_crlissuer_cert): Removed. - (crl_parse_insert): Use find_cert_bysubject and find_cert_bysn - instead of the removed functions. - -2006-06-19 Werner Koch - - * certcache.c (compare_serialno): Silly me. Using 0 as true is - that hard; tsss. Fixed call cases except for the only working one - which are both numbers of the same length. - -2006-05-15 Werner Koch - - * crlfetch.c (crl_fetch): Use no-shutdown flag for HTTP. This - seems to be required for "IBM_HTTP_Server/2.0.47.1 Apache/2.0.47 - (Unix)". - - * http.c (parse_tuple): Set flag to to indicate no value. - (build_rel_path): Take care of it. - - * crlcache.c (crl_cache_reload_crl): Also iterate over all names - within a DP. - -2005-09-28 Marcus Brinkmann - - * Makefile.am (dirmngr_LDADD): Add @LIBINTL@ and @LIBICONV@. - (dirmngr_ldap_LDADD): Likewise. - (dirmngr_client_LDADD): Likewise. - -2005-09-12 Werner Koch - - * dirmngr.c: Fixed description to match the one in gpgconf. - -2005-06-15 Werner Koch - - * server.c (cmd_lookup): Take care of NO_DATA which might get - returned also by start_cert_fetch(). - -2005-04-20 Werner Koch - - * ldap.c (ldap_wrapper_wait_connections): Set a shutdown flag. - (ldap_wrapper_thread): Handle shutdown in a special way. - -2005-04-19 Werner Koch - - * server.c (get_cert_local, get_issuing_cert_local) - (get_cert_local_ski): Bail out if called without a local context. - -2005-04-18 Werner Koch - - * certcache.c (find_issuing_cert): Fixed last resort method which - should be finding by subject and not by issuer. Try to locate it - also using the keyIdentifier method. Improve error reporting. - (cmp_simple_canon_sexp): New. - (find_cert_bysubject): New. - (find_cert_bysn): Ask back to the caller before trying an extarnl - lookup. - * server.c (get_cert_local_ski): New. - * crlcache.c (crl_parse_insert): Also try to locate issuer - certificate using the keyIdentifier. Improved error reporting. - -2005-04-14 Werner Koch - - * ldap.c (start_cert_fetch_ldap): Really return ERR. - -2005-03-17 Werner Koch - - * http.c (parse_response): Changed MAXLEN and LEN to size_t to - match the requirement of read_line. - * http.h (http_context_s): Ditto for BUFFER_SIZE. - -2005-03-15 Werner Koch - - * ldap.c: Included time.h. Reported by Bernhard Herzog. - -2005-03-09 Werner Koch - - * dirmngr.c: Add a note to the help listing check the man page for - other options. - -2005-02-01 Werner Koch - - * crlcache.c (crl_parse_insert): Renamed a few variables and - changed diagnostic strings for clarity. - (get_issuer_cert): Renamed to get_crlissuer_cert. Try to locate - the certificate from the cache using the subject name. Use new - fetch function. - (get_crlissuer_cert_bysn): New. - (crl_parse_insert): Use it here. - * crlfetch.c (ca_cert_fetch): Changed interface. - (fetch_next_ksba_cert): New. - * ldap.c (run_ldap_wrapper): Add arg MULTI_MODE. Changed all - callers. - (start_default_fetch_ldap): New - * certcache.c (get_cert_bysubject): New. - (clean_cache_slot, put_cert): Store the subject DN if available. - (MAX_EXTRA_CACHED_CERTS): Increase limit of cachable certificates - to 1000. - (find_cert_bysn): Loop until a certificate with a matching S/N has - been found. - - * dirmngr.c (main): Add honor-http-proxy to the gpgconf list. - -2005-01-31 Werner Koch - - * ldap.c: Started to work on support for userSMIMECertificates. - - * dirmngr.c (main): Make sure to always pass a server control - structure to the caching functions. Reported by Neil Dunbar. - -2005-01-05 Werner Koch - - * dirmngr-client.c (read_pem_certificate): Skip trailing percent - escaped linefeeds. - -2005-01-03 Werner Koch - - * dirmngr-client.c (read_pem_certificate): New. - (read_certificate): Divert to it depending on pem option. - (squid_loop_body): New. - (main): New options --pem and --squid-mode. - -2004-12-17 Werner Koch - - * dirmngr.c (launch_ripper_thread): Renamed to launch_reaper_thread. - (shutdown_reaper): New. Use it for --server and --daemon. - * ldap.c (ldap_wrapper_wait_connections): New. - -2004-12-17 Werner Koch - - * Makefile.am (dirmngr_ldap_LDADD): Adjusted for new LDAP checks. - -2004-12-16 Werner Koch - - * ldap.c (ldap_wrapper): Peek on the output to detect empty output - early. - -2004-12-15 Werner Koch - - * ldap.c (ldap_wrapper): Print a diagnostic after forking for the - ldap wrapper. - * certcache.h (find_cert_bysn): Add this prototype. - * crlcache.c (start_sig_check): Write CRL hash debug file. - (finish_sig_check): Dump the signer's certificate. - (crl_parse_insert): Try to get the issuing cert by authKeyId. - Moved certificate retrieval after item processing. - -2004-12-13 Werner Koch - - * dirmngr_ldap.c (catch_alarm, set_timeout): new. - (main): Install alarm handler. Add new option --only-search-timeout. - (print_ldap_entries, fetch_ldap): Use set_timeout (); - * dirmngr.h: Make LDAPTIMEOUT a simple unsigned int. Change all - initializations. - * ldap.c (start_cert_fetch_ldap, run_ldap_wrapper): Pass timeout - option to the wrapper. - (INACTIVITY_TIMEOUT): Depend on LDAPTIMEOUT. - (run_ldap_wrapper): Add arg IGNORE_TIMEOUT. - (ldap_wrapper_thread): Check for special timeout exit code. - - * dirmngr.c: Workaround a typo in gpgconf for - ignore-ocsp-service-url. - -2004-12-10 Werner Koch - - * ldap.c (url_fetch_ldap): Use TMP and not a HOST which is always - NULL. - * misc.c (host_and_port_from_url): Fixed bad encoding detection. - -2004-12-03 Werner Koch - - * crlcache.c (crl_cache_load): Re-implement it. - - * dirmngr-client.c: New command --load-crl - (do_loadcrl): New. - - * dirmngr.c (parse_rereadable_options, main): Make --allow-ocsp, - --ocsp-responder, --ocsp-signer and --max-replies re-readable. - - * ocsp.c (check_signature): try to get the cert from the cache - first. - (ocsp_isvalid): Print the next and this update times on time - conflict. - - * certcache.c (load_certs_from_dir): Print the fingerprint for - trusted certificates. - (get_cert_byhexfpr): New. - * misc.c (get_fingerprint_hexstring_colon): New. - -2004-12-01 Werner Koch - - * Makefile.am (dirmngr_LDADD): Don't use LDAP_LIBS. - - * validate.c (validate_cert_chain): Fixed test; as written in the - comment we want to do this only in daemon mode. For clarity - reworked by using a linked list of certificates and include root - and tragte certificate. - (check_revocations): Likewise. Introduced a recursion sentinel. - -2004-11-30 Werner Koch - - * crlfetch.c (ca_cert_fetch, crl_fetch_default): Do not use the - binary prefix as this will be handled in the driver. - - * dirmngr_ldap.c: New option --log-with-pid. - (fetch_ldap): Handle LDAP_NO_SUCH_OBJECT. - * ldap.c (run_ldap_wrapper, start_cert_fetch_ldap): Use new log - option. - - -2004-11-25 Werner Koch - - * Makefile.am (dirmngr_ldap_CFLAGS): Added GPG_ERROR_CFLAGS. - Noted by Bernhard Herzog. - -2004-11-24 Werner Koch - - * ldap.c (ldap_wrapper): Fixed default name of the ldap wrapper. - - * b64enc.c (b64enc_start, b64enc_finish): Use standard strdup/free - to manage memory. - - * dirmngr.c: New options --ignore-http-dp, --ignore-ldap-dp and - --ignore-ocsp-service-url. - * crlcache.c (crl_cache_reload_crl): Implement them. - * ocsp.c (ocsp_isvalid): Ditto. - -2004-11-23 Werner Koch - - * ldap.c (ldap_wrapper_thread, reader_callback, ldap_wrapper): - Keep a timestamp and terminate the wrapper after some time of - inactivity. - - * dirmngr-client.c (do_lookup): New. - (main): New option --lookup. - (data_cb): New. - * b64enc.c: New. Taken from GnuPG 1.9. - * no-libgcrypt.c (gcry_strdup): Added. - - * ocsp.c (ocsp_isvalid): New arg CERT and lookup the issuer - certificate using the standard methods. - - * server.c (cmd_lookup): Truncation is now also an indication for - error. - (cmd_checkocsp): Implemented. - - * dirmngr_ldap.c (fetch_ldap): Write an error marker for a - truncated search. - * ldap.c (add_server_to_servers): Reactivated. - (url_fetch_ldap): Call it here and try all configured servers in - case of a a failed lookup. - (fetch_next_cert_ldap): Detect the truncation error flag. - * misc.c (host_and_port_from_url, remove_percent_escapes): New. - -2004-11-22 Werner Koch - - * dirmngr_ldap.c (main): New option --proxy. - * ocsp.c (do_ocsp_request): Take care of opt.disable_http. - * crlfetch.c (crl_fetch): Honor the --honor-http-proxy variable. - (crl_fetch): Take care of opt.disable_http and disable_ldap. - (crl_fetch_default, ca_cert_fetch, start_cert_fetch): - * ldap.c (run_ldap_wrapper): New arg PROXY. - (url_fetch_ldap, attr_fetch_ldap, start_cert_fetch_ldap): Pass it. - - * http.c (http_open_document): Add arg PROXY. - (http_open): Ditto. - (send_request): Ditto and implement it as an override. - - * ocsp.c (validate_responder_cert): Use validate_cert_chain. - - * Makefile.am (AM_CPPFLAGS): Add macros for a few system - directories. - * dirmngr.h (opt): New members homedir_data, homedir_cache, - ldap_wrapper_program, system_daemon, honor_http_proxy, http_proxy, - ldap_proxy, only_ldap_proxy, disable_ldap, disable_http. - * dirmngr.c (main): Initialize new opt members HOMEDIR_DATA and - HOMEDIR_CACHE. - (parse_rereadable_options): New options --ldap-wrapper-program, - --http-wrapper-program, --disable-ldap, --disable-http, - --honor-http-proxy, --http-proxy, --ldap-proxy, --only-ldap-proxy. - (reread_configuration): New. - - * ldap.c (ldap_wrapper): Use the correct name for the wrapper. - - * crlcache.c (DBDIR_D): Make it depend on opt.SYSTEM_DAEMON. - (cleanup_cache_dir, open_dir, update_dir, make_db_file_name) - (crl_cache_insert, create_directory_if_needed): Use opt.HOMEDIR_CACHE - - * validate.c (check_revocations): New. - * crlcache.c (crl_cache_isvalid): Factored most code out to - (cache_isvalid): .. new. - (crl_cache_cert_isvalid): New. - * server.c (cmd_checkcrl): Cleaned up by using this new function. - (reload_crl): Moved to .. - * crlcache.c (crl_cache_reload_crl): .. here and made global. - - * certcache.c (cert_compute_fpr): Renamed from computer_fpr and - made global. - (find_cert_bysn): Try to lookup missing certs. - (cert_cache_init): Intialize using opt.HOMEDIR_DATA. - - -2004-11-19 Werner Koch - - * dirmngr-client.c (status_cb): New. Use it in very verbose mode. - - * server.c (start_command_handler): Malloc the control structure - and properly release it. Removed the primary_connection - hack. Cleanup running wrappers. - (dirmngr_status): Return an error code. - (dirmngr_tick): Return an error code and detect a - cancellation. Use wall time and not CPU time. - * validate.c (validate_cert_chain): Add CTRL arg and changed callers. - * crlcache.c (crl_cache_isvalid): - * crlfetch.c (ca_cert_fetch, start_cert_fetch, crl_fetch_default) - (crl_fetch): Ditto. - * ldap.c (ldap_wrapper, run_ldap_wrapper, url_fetch_ldap) - (attr_fetch_ldap, start_cert_fetch_ldap): Ditto. - (ldap_wrapper_release_context): Reset the stored CTRL. - (reader_callback): Periodically call dirmngr_tick. - (ldap_wrapper_release_context): Print an error message for read - errors. - (ldap_wrapper_connection_cleanup): New. - -2004-11-18 Werner Koch - - * dirmngr.c (main): Do not cd / if not running detached. - - * dirmngr-client.c: New options --cache-cert and --validate. - (do_cache, do_validate): New. - * server.c (cmd_cachecert, cmd_validate): New. - - * crlcache.c (get_issuer_cert): Make use of the certificate cache. - (crl_parse_insert): Validate the issuer certificate. - - * dirmngr.c (handle_signal): Reinitialize the certificate cache on - a HUP. - (struct opts): Add --homedir to enable the already implemented code. - (handle_signal): Print stats on SIGUSR1. - - * certcache.c (clean_cache_slot, cert_cache_init) - (cert_cache_deinit): New. - (acquire_cache_read_lock, acquire_cache_write_lock) - (release_cache_lock): New. Use them where needed. - (put_cert): Renamed from put_loaded_cert. - (cache_cert): New. - (cert_cache_print_stats): New. - (compare_serialno): Fixed. - -2004-11-16 Werner Koch - - * Makefile.am (AM_CPPFLAGS): Define DIRMNGR_SYSCONFDIR and - DIRMNGR_LIBEXECDIR. - - * misc.c (dump_isotime, dump_string, dump_cert): New. Taken from - gnupg 1.9. - (dump_serial): New. - -2004-11-15 Werner Koch - - * validate.c: New. Based on gnupg's certchain.c - - * ldap.c (get_cert_ldap): Removed. - (read_buffer): New. - (start_cert_fetch_ldap, fetch_next_cert_ldap) - (end_cert_fetch_ldap): Rewritten to make use of the ldap wrapper. - -2004-11-12 Werner Koch - - * http.c (insert_escapes): Print the percent sign too. - - * dirmngr-client.c (inq_cert): Ignore "SENDCERT" and - "SENDISSUERCERT". - - * server.c (do_get_cert_local): Limit the length of a retruned - certificate. Return NULL without an error if an empry value has - been received. - - * crlfetch.c (ca_cert_fetch): Use the ksba_reader_object. - (setup_funopen, fun_reader, fun_closer): Removed. - - * crlcache.c (get_issuer_cert): Adjust accordingly. - - * ldap.c (attr_fetch_ldap_internal, attr_fetch_fun_closer) - (attr_fetch_fun_reader, url_fetch_ldap_internal) - (get_attr_from_result_ldap): Removed. - (destroy_wrapper, print_log_line, ldap_wrapper_thread) - (ldap_wrapper_release_context, reader_callback, ldap_wrapper) - (run_ldap_wrapper): New. - (url_fetch_ldap): Make use of the new ldap wrapper and return a - ksba reader object instead of a stdio stream. - (attr_fetch_ldap): Ditto. - (make_url, escape4url): New. - -2004-11-11 Werner Koch - - * dirmngr.c (launch_ripper_thread): New. - (main): Start it wheere appropriate. Always ignore SIGPIPE. - (start_connection_thread): Maintain a connection count. - (handle_signal, handle_connections): Use it here instead of the - thread count. - - * crlcache.c (crl_cache_insert): Changed to use ksba reader - object. Changed all callers to pass this argument. - -2004-11-08 Werner Koch - - * dirmngr_ldap.c: New. - - * crlcache.c (crl_cache_init): Don't return a cache object but - keep it module local. We only need one. - (crl_cache_deinit): Don't take cache object but work on existing - one. - (get_current_cache): New. - (crl_cache_insert, crl_cache_list, crl_cache_load): Use the global - cache object and removed the cache arg. Changed all callers. - - * dirmngr-client.c: New option --ping. - - * dirmngr.c (main): New option --daemon. Initialize PTH. - (handle_connections, start_connection_thread): New. - (handle_signal): New. - (parse_rereadable_options): New. Changed main to make use of it. - (set_debug): Don't bail out on invalid debug levels. - (main): Init the crl_chache for server and daemon mode. - - * server.c (start_command_handler): New arg FD. Changed callers. - -2004-11-06 Werner Koch - - * server.c (map_assuan_err): Factored out to .. - * maperror.c: .. new file. - * util.h: Add prototype - -2004-11-05 Werner Koch - - * no-libgcrypt.c: New, used as helper for dirmngr-client which - does not need libgcrypt proper but jnlib references the memory - functions. Taken from gnupg 1.9.12. - - * dirmngr.h: Factored i18n and xmalloc code out to .. - * i18n.h, util.h: .. New. - - * dirmngr-client.c: New. Some code taken from gnupg 1.9.12. - * Makefile.am (bin_PROGRAMS) Add dirmngr-client. - -2004-11-04 Werner Koch - - * src/server.c (get_fingerprint_from_line, cmd_checkcrl) - (cmd_checkocsp): New. - (register_commands): Register new commands. - (inquire_cert_and_load_crl): Factored most code out to .. - (reload_crl): .. new function. - * src/certcache.h, src/certcache.c: New. - * src/Makefile.am (dirmngr_SOURCES): Add new files. - -2004-11-04 Werner Koch - - Please note that earlier entries are found in the top level - ChangeLog. - [Update after merge with GnuPG: see ./ChangeLog.1] - - - Copyright 2004, 2005, 2006, 2007, 2008, 2009, 2010, - 2011 Free Software Foundation, Inc. - - This file is free software; as a special exception the author gives - unlimited permission to copy and/or distribute it, with or without - modifications, as long as this notice is preserved. - - This file is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY, to the extent permitted by law; without even the - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/dirmngr/ChangeLog-2011 b/dirmngr/ChangeLog-2011 new file mode 100644 index 000000000..b35bec313 --- /dev/null +++ b/dirmngr/ChangeLog-2011 @@ -0,0 +1,1617 @@ +2011-12-01 Werner Koch + + NB: ChangeLog files are no longer manually maintained. Starting + on December 1st, 2011 we put change information only in the GIT + commit log, and generate a top-level ChangeLog file from logs at + "make dist". See doc/HACKING for details. + +2011-11-24 Werner Koch + + * ks-engine-http.c (ks_http_help): Do not print help for hkp. + * ks-engine-hkp.c (ks_hkp_help): Print help only for hkp. + (send_request): Remove test code. + (map_host): Use xtrymalloc. + + * certcache.c (classify_pattern): Remove unused variable and make + explicit substring search work. + +2011-11-24 Werner Koch + + * ks-engine-http.c (ks_http_help): Do not print help for hkp. + * ks-engine-hkp.c (ks_hkp_help): Print help only for hkp. + (send_request): Remove test code. + (map_host): Use xtrymalloc. + + * certcache.c (classify_pattern): Remove unused variable and make + explicit substring search work. + +2011-10-13 Marcus Brinkmann + + * Makefile.am, certcache.c, crlfetch.c, dirmngr.c, ldap-wrapper.c: + Port to NPth. + +2011-06-01 Marcus Brinkmann + + * Makefile.am (dirmngr_ldap_CFLAGS): Add $(LIBGCRYPT_CFLAGS), + which is needed by common/util.h. + +2011-04-25 Werner Koch + + * ks-engine-hkp.c (ks_hkp_search): Mark classify_user_id for use + with OpenPGP. + (ks_hkp_get): Ditto. + +2011-04-12 Werner Koch + + * ks-engine-hkp.c (ks_hkp_search, ks_hkp_get, ks_hkp_put): Factor + code out to .. + (make_host_part): new. + (hostinfo_s): New. + (create_new_hostinfo, find_hostinfo, sort_hostpool) + (select_random_host, map_host, mark_host_dead) + (ks_hkp_print_hosttable): New. + +2011-02-23 Werner Koch + + * certcache.c (get_cert_bysubject): Take care of a NULL argument. + (find_cert_bysubject): Ditto. Fixes bug#1300. + +2011-02-09 Werner Koch + + * ks-engine-kdns.c: New but only the framework. + + * server.c (cmd_keyserver): Add option --help. + (dirmngr_status_help): New. + * ks-action.c (ks_print_help): New. + (ks_action_help): New. + * ks-engine-finger.c (ks_finger_help): New. + * ks-engine-http.c (ks_http_help): New. + * ks-engine-hkp.c (ks_hkp_help): New. + + * ks-action.c (ks_action_fetch): Support http URLs. + * ks-engine-http.c: New. + + * ks-engine-finger.c (ks_finger_get): Rename to ks_finger_fetch. + Change caller. + +2011-02-08 Werner Koch + + * server.c (cmd_ks_fetch): New. + * ks-action.c (ks_action_fetch): New. + * ks-engine-finger.c: New. + +2011-02-03 Werner Koch + + * Makefile.am (dirmngr_LDADD): Remove -llber. + +2011-01-25 Werner Koch + + * dirmngr.c (handle_connections): Rewrite loop to use pth-select + so to sync timeouts to the full second. + (pth_thread_id): New. + (main) [W32CE]: Fix setting of default homedir. + + * ldap-wrapper.c (ldap_wrapper_thread): Sync to the full second. + Increate pth_wait timeout from 1 to 2 seconds. + +2011-01-20 Werner Koch + + * server.c (release_ctrl_keyservers): New. + (cmd_keyserver, cmd_ks_seach, cmd_ks_get, cmd_ks_put): New. + * dirmngr.h (uri_item_t): New. + (struct server_control_s): Add field KEYSERVERS. + * ks-engine-hkp.c: New. + * ks-engine.h: New. + * ks-action.c, ks-action.h: New. + * server.c: Include ks-action.h. + (cmd_ks_search): New. + * Makefile.am (dirmngr_SOURCES): Add new files. + +2011-01-19 Werner Koch + + * dirmngr.c (main): Use es_printf for --gpgconf-list. + +2010-12-14 Werner Koch + + * cdb.h (struct cdb) [W32]: Add field CDB_MAPPING. + * cdblib.c (cdb_init) [W32]: Save mapping handle. + (cdb_free) [W32]: Don't leak the mapping handle from cdb_init by + using the saved one. + + * crlcache.c (crl_cache_insert): Close unused matching files. + + * dirmngr.c (main) [W32CE]: Change homedir in daemon mode to /gnupg. + +2010-12-07 Werner Koch + + * dirmngr.c (TIMERTICK_INTERVAL) [W32CE]: Change to 60s. + +2010-11-23 Werner Koch + + * Makefile.am (dirmngr_LDFLAGS): Add extra_bin_ldflags. + (dirmngr_client_LDFLAGS): Ditto. + +2010-10-21 Werner Koch + + * dirmngr.c (main): Changed faked system time warning + +2010-10-15 Werner Koch + + * Makefile.am (CLEANFILES): Add no-libgcrypt.c. + +2010-09-16 Werner Koch + + * validate.c (validate_cert_chain): Use GPG_ERR_MISSING_ISSUER_CERT. + +2010-08-13 Werner Koch + + * Makefile.am (dirmngr_SOURCES): Add w32-ldap-help.h. + + * dirmngr_ldap.c (fetch_ldap): Call ldap_unbind. + + * w32-ldap-help.h: New. + * dirmngr_ldap.c [W32CE]: Include w32-ldap-help.h and use the + mapped ldap functions. + +2010-08-12 Werner Koch + + * crlcache.c (update_dir, crl_cache_insert): s/unlink/gnupg_remove/. + + * dirmngr.c (dirmngr_sighup_action): New. + + * server.c (cmd_killdirmngr, cmd_reloaddirmngr): New. + (struct server_local_s): Add field STOPME. + (start_command_handler): Act on STOPME. + +2010-08-06 Werner Koch + + * dirmngr.c (JNLIB_NEED_AFLOCAL): Define macro. + (main): Use SUN_LEN macro. + (main) [W32]: Allow EEXIST in addition to EADDRINUSE. + +2010-08-05 Werner Koch + + * server.c (set_error, leave_cmd): New. + (cmd_validate, cmd_ldapserver, cmd_isvalid, cmd_checkcrl) + (cmd_checkocsp, cmd_lookup, cmd_listcrls, cmd_cachecert): Use + leave_cmd. + (cmd_getinfo): New. + (data_line_cookie_write, data_line_cookie_close): New. + (cmd_listcrls): Replace assuan_get_data_fp by es_fopencookie. + + * misc.c (create_estream_ksba_reader, my_estream_ksba_reader_cb): New. + * certcache.c (load_certs_from_dir): Use create_estream_ksba_reader. + * crlcache.c (crl_cache_load): Ditto. + +2010-08-03 Werner Koch + + * dirmngr_ldap.c (pth_enter, pth_leave) [USE_LDAPWRAPPER]: Turn + into functions for use in a 'for' control stmt. + +2010-07-26 Werner Koch + + * dirmngr_ldap.c (print_ldap_entries): Remove special fwrite case + for W32 because that is now handles by estream. + +2010-07-25 Werner Koch + + * Makefile.am (dirmngr_SOURCES) [!USE_LDAPWRAPPER]: Build + ldap-wrapper-ce. + * ldap-wrapper-ce.c: New. + + * dirmngr_ldap.c (opt): Remove global variable ... + (my_opt_t): ... and declare a type instead. + (main): Define a MY_OPT variable and change all references to OPT + to this. + (set_timeout, print_ldap_entries, fetch_ldap, process_url): Pass + MYOPT arg. + +2010-07-24 Werner Koch + + * dirmngr_ldap.c (main): Init common subsystems. Call + es_set_binary. + +2010-07-19 Werner Koch + + * dirmngr.c: Include ldap-wrapper.h. + (launch_reaper_thread): Move code to ... + * ldap-wrapper.c (ldap_wrapper_launch_thread): .. here. Change + callers. + (ldap_wrapper_thread): Rename to ... + (wrapper_thread): this and make local. + + * ldap.c (destroy_wrapper, print_log_line) + (read_log_data, ldap_wrapper_thread) + (ldap_wrapper_wait_connections, ldap_wrapper_release_context) + (ldap_wrapper_connection_cleanup, reader_callback, ldap_wrapper): + Factor code out to ... + * ldap-wrapper.c: new. + (ldap_wrapper): Make public. + (read_buffer): Copy from ldap.c. + * ldap-wrapper.h: New. + * Makefile.am (dirmngr_SOURCES): Add new files. + +2010-07-16 Werner Koch + + * http.c, http.h: Remove. + + * dirmngr-err.h: New. + * dirmngr.h: Include dirmngr-err.h instead of gpg-error.h + + * cdblib.c: Replace assignments to ERRNO by a call to + gpg_err_set_errno. Include dirmngr-err.h. + (cdb_free) [__MINGW32CE__]: Do not use get_osfhandle. + + * dirmngr.c [!HAVE_SIGNAL_H]: Don't include signal.h. + (USE_W32_SERVICE): New. Use this to control the use of the W32 + service system. + +2010-07-06 Werner Koch + + * dirmngr.c (main): Print note on directory name changes. + + Replace almost all uses of stdio by estream. + + * b64dec.c, b64enc.c: Remove. They are duplicated in ../common/. + +2010-06-28 Werner Koch + + * dirmngr_ldap.c (my_i18n_init): Remove. + (main): Call i18n_init instead of above function. + + * dirmngr-client.c (my_i18n_init): Remove. + (main): Call i18n_init instead of above function. + + * Makefile.am (dirmngr_LDADD): Add ../gl/libgnu. + (dirmngr_ldap_LDADD, dirmngr_client_LDADD): Ditto. + +2010-06-09 Werner Koch + + * i18n.h: Remove. + + * Makefile.am (no-libgcrypt.c): New rule. + + * exechelp.h: Remove. + * exechelp.c: Remove. + (dirmngr_release_process): Change callers to use the gnupg func. + (dirmngr_wait_process): Likewise. + (dirmngr_kill_process): Likewise. This actually implements it for + W32. + * ldap.c (ldap_wrapper): s/get_dirmngr_ldap_path/gnupg_module_name/. + (ldap_wrapper_thread): Use gnupg_wait_process and adjust for + changed semantics. + (ldap_wrapper): Replace xcalloc by xtrycalloc. Replace spawn + mechanism. + + * server.c (start_command_handler): Remove assuan_set_log_stream. + + * validate.c: Remove gcrypt.h and ksba.h. + + * ldapserver.c: s/util.h/dirmngr.h/. + + * dirmngr.c (sleep) [W32]: Remove macro. + (main): s/sleep/gnupg_sleep/. + (pid_suffix_callback): Change arg type. + (my_gcry_logger): Remove. + (fixed_gcry_pth_init): New. + (main): Use it. + (FD2INT): Remove. + +2010-06-08 Werner Koch + + * misc.h (copy_time): Remove and replace by gnupg_copy_time which + allows to set a null date. + * misc.c (dump_isotime, get_time, get_isotime, set_time) + (check_isotime, add_isotime): Remove and replace all calls by the + versions from common/gettime.c. + + * crlcache.c, misc.c, misc.h: s/dirmngr_isotime_t/gnupg_isotime_t/. + * server.c, ldap.c: Reorder include directives. + * crlcache.h, misc.h: Remove all include directives. + + * certcache.c (cmp_simple_canon_sexp): Remove. + (compare_serialno): Rewrite using cmp_simple_canon_sexp from + common/sexputil.c + + * error.h: Remove. + + * dirmngr.c: Remove transitional option "--ignore-ocsp-servic-url". + (opts): Use ARGPARSE macros. + (i18n_init): Remove. + (main): Use GnuPG init functions. + + * dirmngr.h: Remove duplicated stuff now taken from ../common. + + * get-path.c, util.h: Remove. + + * Makefile.am: Adjust to GnuPG system. + * estream.c, estream.h, estream-printf.c, estream-printf.h: Remove. + +2010-06-07 Werner Koch + + * OAUTHORS, ONEWS, ChangeLog.1: New. + + * ChangeLog, Makefile.am, b64dec.c, b64enc.c, cdb.h, cdblib.c + * certcache.c, certcache.h, crlcache.c, crlcache.h, crlfetch.c + * crlfetch.h, dirmngr-client.c, dirmngr.c, dirmngr.h + * dirmngr_ldap.c, error.h, estream-printf.c, estream-printf.h + * estream.c, estream.h, exechelp.c, exechelp.h, get-path.c, http.c + * http.h, i18n.h, ldap-url.c, ldap-url.h, ldap.c, ldapserver.c + * ldapserver.h, misc.c, misc.h, ocsp.c, ocsp.h, server.c, util.h + * validate.c, validate.h: Imported from the current SVN of the + dirmngr package (only src/). + +2010-03-13 Werner Koch + + * dirmngr.c (int_and_ptr_u): New. + (pid_suffix_callback): Trick out compiler. + (start_connection_thread): Ditto. + (handle_connections): Ditto. + +2010-03-09 Werner Koch + + * dirmngr.c (set_debug): Allow numerical values. + +2009-12-15 Werner Koch + + * dirmngr.c: Add option --ignore-cert-extension. + (parse_rereadable_options): Implement. + * dirmngr.h (opt): Add IGNORED_CERT_EXTENSIONS. + * validate.c (unknown_criticals): Handle ignored extensions. + +2009-12-08 Marcus Brinkmann + + * dirmngr-client.c (start_dirmngr): Convert posix FDs to assuan fds. + +2009-11-25 Marcus Brinkmann + + * server.c (start_command_handler): Use assuan_fd_t and + assuan_fdopen on fds. + +2009-11-05 Marcus Brinkmann + + * server.c (start_command_handler): Update use of + assuan_init_socket_server. + * dirmngr-client.c (start_dirmngr): Update use of + assuan_pipe_connect and assuan_socket_connect. + +2009-11-04 Werner Koch + + * server.c (register_commands): Add help arg to + assuan_register_command. Change all command comments to strings. + +2009-11-02 Marcus Brinkmann + + * server.c (reset_notify): Take LINE argument, return gpg_error_t. + +2009-10-16 Marcus Brinkmann + + * Makefile.am: (dirmngr_LDADD): Link to $(LIBASSUAN_LIBS) instead + of $(LIBASSUAN_PTH_LIBS). + * dirmngr.c: Invoke ASSUAN_SYSTEM_PTH_IMPL. + (main): Call assuan_set_system_hooks and assuan_sock_init. + +2009-09-22 Marcus Brinkmann + + * dirmngr.c (main): Update to new Assuan interface. + * server.c (option_handler, cmd_ldapserver, cmd_isvalid) + (cmd_checkcrl, cmd_checkocsp, cmd_lookup, cmd_loadcrl) + (cmd_listcrls, cmd_cachecert, cmd_validate): Return gpg_error_t + instead int. + (register_commands): Likewise for member HANDLER. + (start_command_handler): Allocate context with assuan_new before + starting server. Release on error. + * dirmngr-client.c (main): Update to new Assuan interface. + (start_dirmngr): Allocate context with assuan_new before + connecting to server. Release on error. + +2009-08-12 Werner Koch + + * dirmngr-client.c (squid_loop_body): Flush stdout. Suggested by + Philip Shin. + +2009-08-07 Werner Koch + + * crlfetch.c (my_es_read): Add explicit check for EOF. + + * http.c (struct http_context_s): Turn IN_DATA and IS_HTTP_0_9 to + bit fields. + (struct cookie_s): Add CONTENT_LENGTH_VALID and CONTENT_LENGTH. + (parse_response): Parse the Content-Length header. + (cookie_read): Handle content length. + (http_open): Make NEED_HEADER the semi-default. + + * http.h (HTTP_FLAG_IGNORE_CL): New. + +2009-08-04 Werner Koch + + * ldap.c (ldap_wrapper_thread): Factor some code out to ... + (read_log_data): ... new. Close the log fd on error. + (ldap_wrapper_thread): Delay cleanup until the log fd is closed. + (SAFE_PTH_CLOSE): New. Use it instead of pth_close. + +2009-07-31 Werner Koch + + * server.c (cmd_loadcrl): Add option --url. + * dirmngr-client.c (do_loadcrl): Make use of --url. + + * crlfetch.c (crl_fetch): Remove HTTP_FLAG_NO_SHUTDOWN. Add + flag HTTP_FLAG_LOG_RESP with active DBG_LOOKUP. + + * http.c: Require estream. Remove P_ES macro. + (write_server): Remove. + (my_read_line): Remove. Replace all callers by es_read_line. + (send_request): Use es_asprintf. Always store the cookie. + (http_wait_response): Remove the need to dup the socket. USe new + shutdown flag. + * http.h (HTTP_FLAG_NO_SHUTDOWN): Rename to HTTP_FLAG_SHUTDOWN. + + * estream.c, estream.h, estream-printf.c, estream-printf.h: Update + from current libestream. This is provide es_asprintf. + +2009-07-20 Werner Koch + + * dirmngr.c (pid_suffix_callback): New. + (main): Use log_set_pid_suffix_cb. + (start_connection_thread): Put the fd into the tls. + + * ldap.c (ldap_wrapper_thread): Print ldap worker stati. + (ldap_wrapper_release_context): Print a debug info. + (end_cert_fetch_ldap): Release the reader. Might fix bug#999. + +2009-06-17 Werner Koch + + * util.h: Remove unused dotlock.h. + +2009-05-26 Werner Koch + + * ldap.c (ldap_wrapper): Show reader object in diagnostics. + * crlcache.c (crl_cache_reload_crl): Ditto. Change debug messages + to regular diagnostics. + * dirmngr_ldap.c (print_ldap_entries): Add extra diagnostics. + +2009-04-03 Werner Koch + + * dirmngr.h (struct server_local_s): Move back to ... + * server.c (struct server_local_s): ... here. + (get_ldapservers_from_ctrl): New. + * ldapserver.h (ldapserver_iter_begin): Use it. + +2008-10-29 Marcus Brinkmann + + * estream.c (es_getline): Add explicit cast to silence gcc -W + warning. + * crlcache.c (finish_sig_check): Likewise. + + * dirmngr.c (opts): Add missing initializer to silence gcc + -W warning. + * server.c (register_commands): Likewise. + * dirmngr-client.c (opts): Likewise. + * dirmngr_ldap.c (opts): Likewise. + + * dirmngr-client.c (status_cb, inq_cert, data_cb): Change return + type to gpg_error_t to silence gcc warning. + +2008-10-21 Werner Koch + + * certcache.c (load_certs_from_dir): Accept ".der" files. + + * server.c (get_istrusted_from_client): New. + * validate.c (validate_cert_chain): Add new optional arg + R_TRUST_ANCHOR. Adjust all callers + * crlcache.c (crl_cache_entry_s): Add fields USER_TRUST_REQ + and CHECK_TRUST_ANCHOR. + (release_one_cache_entry): Release CHECK_TRUST_ANCHOR. + (list_one_crl_entry): Print info about the new fields. + (open_dir, write_dir_line_crl): Support the new U-flag. + (crl_parse_insert): Add arg R_TRUST_ANCHOR and set it accordingly. + (crl_cache_insert): Store trust anchor in entry object. + (cache_isvalid): Ask client for trust is needed. + + * crlcache.c (open_dir): Replace xcalloc by xtrycalloc. + (next_line_from_file): Ditt. Add arg to return the gpg error. + Change all callers. + (update_dir): Replace sprintf and malloc by estream_asprintf. + (crl_cache_insert): Ditto. + (crl_cache_isvalid): Replace xmalloc by xtrymalloc. + (get_auth_key_id): Ditto. + (crl_cache_insert): Ditto. + + * crlcache.c (start_sig_check): Remove HAVE_GCRY_MD_DEBUG test. + * validate.c (check_cert_sig): Ditto. Remove workaround for bug + in libgcrypt 1.2. + + * estream.c, estream.h, estream-printf.c, estream-printf.h: Update + from current libestream (svn rev 61). + +2008-09-30 Marcus Brinkmann + + * get-path.c (get_dirmngr_ldap_path): Revert last change. + Instead, use dirmngr_libexecdir(). + (find_program_at_standard_place): Don't define for now. + +2008-09-30 Marcus Brinkmann + + * get-path.c (dirmngr_cachedir): Make COMP a pointer to const to + silence gcc warning. + (get_dirmngr_ldap_path): Look for dirmngr_ldap in the installation + directory. + +2008-08-06 Marcus Brinkmann + + * dirmngr.c (main): Mark the ldapserverlist-file option as + read-only. + +2008-07-31 Werner Koch + + * crlcache.c (start_sig_check) [!HAVE_GCRY_MD_DEBUG]: Use + gcry_md_start_debug + +2008-06-16 Werner Koch + + * get-path.c (w32_commondir): New. + (dirmngr_sysconfdir): Use it here. + (dirmngr_datadir): Ditto. + +2008-06-12 Marcus Brinkmann + + * Makefile.am (dirmngr_SOURCES): Add ldapserver.h and ldapserver.c. + * ldapserver.h, ldapserver.c: New files. + * ldap.c: Include "ldapserver.h". + (url_fetch_ldap): Use iterator to get session servers as well. + (attr_fetch_ldap, start_default_fetch_ldap): Likewise. + * dirmngr.c: Include "ldapserver.h". + (free_ldapservers_list): Removed. Change callers to + ldapserver_list_free. + (parse_ldapserver_file): Use ldapserver_parse_one. + * server.c: Include "ldapserver.h". + (cmd_ldapserver): New command. + (register_commands): Add new command LDAPSERVER. + (reset_notify): New function. + (start_command_handler): Register reset notify handler. + Deallocate session server list. + (lookup_cert_by_pattern): Use iterator to get session servers as well. + (struct server_local_s): Move to ... + * dirmngr.h (struct server_local_s): ... here. Add new member + ldapservers. + +2008-06-10 Werner Koch + + Support PEM encoded CRLs. Fixes bug#927. + + * crlfetch.c (struct reader_cb_context_s): New. + (struct file_reader_map_s): Replace FP by new context. + (register_file_reader, get_file_reader): Adjust accordingly. + (my_es_read): Detect Base64 encoded CRL and decode if needed. + (crl_fetch): Pass new context to the callback. + (crl_close_reader): Cleanup the new context. + * b64dec.c: New. Taken from GnuPG. + * util.h (struct b64state): Add new fields STOP_SEEN and + INVALID_ENCODING. + +2008-05-26 Marcus Brinkmann + + * dirmngr.c (main) [HAVE_W32_SYSTEM]: Switch to system + configuration on gpgconf related commands, and make all options + unchangeable. + +2008-03-25 Marcus Brinkmann + + * dirmngr_ldap.c (print_ldap_entries): Add code alternative for + W32 console stdout (unused at this point). + +2008-03-21 Marcus Brinkmann + + * estream.c (ESTREAM_MUTEX_DESTROY): New macro. + (es_create, es_destroy): Use it. + +2008-02-21 Werner Koch + + * validate.c (check_cert_sig) [HAVE_GCRY_MD_DEBUG]: Use new debug + function if available. + + * crlcache.c (abort_sig_check): Mark unused arg. + + * exechelp.c (dirmngr_release_process) [!W32]: Mark unsed arg. + + * validate.c (is_root_cert): New. Taken from GnuPG. + (validate_cert_chain): Use it in place of the simple DN compare. + +2008-02-15 Marcus Brinkmann + + * dirmngr.c (main): Reinitialize assuan log stream if necessary. + + * crlcache.c (update_dir) [HAVE_W32_SYSTEM]: Remove destination + file before rename. + (crl_cache_insert) [HAVE_W32_SYSTEM]: Remove destination file + before rename. + +2008-02-14 Marcus Brinkmann + + * validate.c (check_cert_policy): Use ksba_free instead of xfree. + (validate_cert_chain): Likewise. Free SUBJECT on error. + (cert_usage_p): Likewise. + + * crlcache.c (finish_sig_check): Undo last change. + (finish_sig_check): Close md. + (abort_sig_check): New function. + (crl_parse_insert): Use abort_sig_check to clean up. + + * crlcache.c (crl_cache_insert): Clean up CDB on error. + +2008-02-13 Marcus Brinkmann + + * crlcache.c (finish_sig_check): Call gcry_md_stop_debug. + * exechelp.h (dirmngr_release_process): New prototype. + * exechelp.c (dirmngr_release_process): New function. + * ldap.c (ldap_wrapper_thread): Release pid. + (destroy_wrapper): Likewise. + + * dirmngr.c (launch_reaper_thread): Destroy tattr. + (handle_connections): Likewise. + +2008-02-12 Marcus Brinkmann + + * ldap.c (pth_close) [! HAVE_W32_SYSTEM]: New macro. + (struct wrapper_context_s): New member log_ev. + (destroy_wrapper): Check FDs for != -1 rather than != 0. Use + pth_close instead of close. Free CTX->log_ev. + (ldap_wrapper_thread): Rewritten to use pth_wait instead of + select. Also use pth_read instead of read and pth_close instead + of close. + (ldap_wrapper): Initialize CTX->log_ev. + (reader_callback): Use pth_close instead of close. + * exechelp.c (create_inheritable_pipe) [HAVE_W32_SYSTEM]: Removed. + (dirmngr_spawn_process) [HAVE_W32_SYSTEM]: Use pth_pipe instead. + * dirmngr_ldap.c [HAVE_W32_SYSTEM]: Include . + (main) [HAVE_W32_SYSTEM]: Set mode of stdout to binary. + +2008-02-01 Werner Koch + + * ldap.c: Remove all ldap headers as they are unused. + + * dirmngr_ldap.c (LDAP_DEPRECATED): New, to have OpenLDAP use the + old standard API. + +2008-01-10 Werner Koch + + * dirmngr-client.c: New option --local. + (do_lookup): Use it. + + * server.c (lookup_cert_by_pattern): Implement local lookup. + (return_one_cert): New. + * certcache.c (hexsn_to_sexp): New. + (classify_pattern, get_certs_bypattern): New. + + * misc.c (unhexify): Allow passing NULL for RESULT. + (cert_log_subject): Do not call ksba_free on an unused variable. + +2008-01-02 Marcus Brinkmann + + * Makefile.am (dirmngr_LDADD, dirmngr_ldap_LDADD) + (dirmngr_client_LDADD): Add $(LIBICONV). Reported by Michael + Nottebrock. + +2007-12-11 Werner Koch + + * server.c (option_handler): New option audit-events. + * dirmngr.h (struct server_control_s): Add member AUDIT_EVENTS. + +2007-11-26 Marcus Brinkmann + + * get-path.c (dirmngr_cachedir): Create intermediate directories. + (default_socket_name): Use CSIDL_WINDOWS. + +2007-11-21 Werner Koch + + * server.c (lookup_cert_by_pattern): Add args SINGLE and CACHE_ONLY. + (cmd_lookup): Add options --single and --cache-only. + +2007-11-16 Werner Koch + + * certcache.c (load_certs_from_dir): Also log the subject DN. + * misc.c (cert_log_subject): New. + +2007-11-14 Werner Koch + + * dirmngr-client.c: Replace --lookup-url by --url. + (main): Remove extra code for --lookup-url. + (do_lookup): Remove LOOKUP_URL arg and use the + global option OPT.URL. + + * server.c (has_leading_option): New. + (cmd_lookup): Use it. + + * crlfetch.c (fetch_cert_by_url): Use GPG_ERR_INV_CERT_OBJ. + (fetch_cert_by_url): Use gpg_error_from_syserror. + +2007-11-14 Moritz (wk) + + * dirmngr-client.c: New command: --lookup-url . + (do_lookup): New parameter: lookup_url. If TRUE, include "--url" + switch in LOOKUP transaction. + (enum): New entry: oLookupUrl. + (opts): Likewise. + (main): Handle oLookupUrl. New variable: cmd_lookup_url, set + during option parsing, pass to do_lookup() and substitute some + occurences of "cmd_lookup" with "cmd_lookup OR cmd_lookup_url". + * crlfetch.c (fetch_cert_by_url): New function, uses + url_fetch_ldap() to create a reader object and libksba functions + to read a single cert from that reader. + * server.c (lookup_cert_by_url, lookup_cert_by_pattern): New + functions. + (cmd_lookup): Moved almost complete code ... + (lookup_cert_by_pattern): ... here. + (cmd_lookup): Support new optional argument: --url. Depending on + the presence of that switch, call lookup_cert_by_url() or + lookup_cert_by_pattern(). + (lookup_cert_by_url): Heavily stripped down version of + lookup_cert_by_pattern(), using fetch_cert_by_url. + +2007-10-24 Marcus Brinkmann + + * exechelp.c (dirmngr_spawn_process): Fix child handles. + +2007-10-05 Marcus Brinkmann + + * dirmngr.h: Include assuan.h. + (start_command_handler): Change type of FD to assuan_fd_t. + * dirmngr.c: Do not include w32-afunix.h. + (socket_nonce): New global variable. + (create_server_socket): Use assuan socket wrappers. Remove W32 + specific stuff. Save the server nonce. + (check_nonce): New function. + (start_connection_thread): Call it. + (handle_connections): Change args to assuan_fd_t. + * server.c (start_command_handler): Change type of FD to assuan_fd_t. + +2007-09-12 Marcus Brinkmann + + * dirmngr.c (main): Percent escape pathnames in --gpgconf-list output. + +2007-08-27 Moritz Schulte + + * src/Makefile.am (AM_CPPFLAGS): Define DIRMNGR_SOCKETDIR based on + $(localstatedir). + * src/get-path.c (default_socket_name): Use DIRMNGR_SOCKETDIR + instead of hard-coded "/var/run/dirmngr". + +2007-08-16 Werner Koch + + * get-path.c (get_dirmngr_ldap_path): Make PATHNAME const. + + * dirmngr.c (my_ksba_hash_buffer): Mark unused arg. + (dirmngr_init_default_ctrl): Ditto. + (my_gcry_logger): Ditto. + * dirmngr-client.c (status_cb): Ditto. + * dirmngr_ldap.c (catch_alarm): Ditto. + * estream-printf.c (pr_bytes_so_far): Ditto. + * estream.c (es_func_fd_create): Ditto. + (es_func_fp_create): Ditto. + (es_write_hexstring): Ditto. + * server.c (cmd_listcrls): Ditto. + (cmd_cachecert): Ditto. + * crlcache.c (cache_isvalid): Ditto. + * ocsp.c (do_ocsp_request): Ditto. + * ldap.c (ldap_wrapper_thread): Ditto. + * http.c (http_register_tls_callback): Ditto. + (connect_server): Ditto. + (write_server) [!HTTP_USE_ESTREAM]: Don't build. + +2007-08-14 Werner Koch + + * get-path.c (dirmngr_cachedir) [W32]: Use CSIDL_LOCAL_APPDATA. + +2007-08-13 Werner Koch + + * dirmngr.c (handle_connections): Use a timeout in the accept + function. Block signals while creating a new thread. + (shutdown_pending): Needs to be volatile as also accessed bt the + service function. + (w32_service_control): Do not use the regular log fucntions here. + (handle_tick): New. + (main): With system_service in effect use aDaemon as default + command. + (main) [W32]: Only temporary redefine main for the sake of Emacs's + "C-x 4 a". + + * dirmngr-client.c (main) [W32]: Initialize sockets. + (start_dirmngr): Use default_socket_name instead of a constant. + * Makefile.am (dirmngr_client_SOURCES): Add get-path.c + +2007-08-09 Werner Koch + + * dirmngr.c (parse_ocsp_signer): New. + (parse_rereadable_options): Set opt.ocsp_signer to this. + * dirmngr.h (fingerprint_list_t): New. + * ocsp.c (ocsp_isvalid, check_signature, validate_responder_cert): + Allow for several default ocscp signers. + (ocsp_isvalid): Return GPG_ERR_NO_DATA for an unknwon status. + + * dirmngr-client.c: New option --force-default-responder. + + * server.c (has_option, skip_options): New. + (cmd_checkocsp): Add option --force-default-responder. + (cmd_isvalid): Ditto. Also add option --only-ocsp. + + * ocsp.c (ocsp_isvalid): New arg FORCE_DEFAULT_RESPONDER. + + * dirmngr.c: New option --ocsp-max-period. + * ocsp.c (ocsp_isvalid): Implement it and take care that a missing + next_update is to be ignored. + + * crlfetch.c (my_es_read): New. Use it instead of es_read. + + * estream.h, estream.c, estream-printf.c: Updated from current + libestream SVN. + +2007-08-08 Werner Koch + + * crlcache.c (crl_parse_insert): Hack to allow for a missing + nextUpdate. + + * dirmngr_ldap.c (print_ldap_entries): Strip the extension from + the want_attr. + + * exechelp.c (dirmngr_wait_process): Reworked for clear error + semantics. + * ldap.c (ldap_wrapper_thread): Adjust for new + dirmngr_wait_process semantics. + +2007-08-07 Werner Koch + + * get-path.c (default_socket_name) [!W32]: Fixed syntax error. + + * ldap.c (X509CACERT, make_url, fetch_next_cert_ldap): Support + x509caCert as used by the Bundesnetzagentur. + (ldap_wrapper): Do not pass the prgtram name as the first + argument. dirmngr_spawn_process takes care of that. + +2007-08-04 Marcus Brinkmann + + * dirmngr.h (opt): Add member system_service. + * dirmngr.c (opts) [HAVE_W32_SYSTEM]: New entry for option + --service. + (DEFAULT_SOCKET_NAME): Removed. + (service_handle, service_status, + w32_service_control) [HAVE_W32_SYSTEM]: New symbols. + (main) [HAVE_W32_SYSTEM]: New entry point for --service. Rename + old function to ... + (real_main) [HAVE_W32_SYSTEM]: ... this. Use default_socket_name + instead of DEFAULT_SOCKET_NAME, and similar for other paths. + Allow colons in Windows socket path name, and implement --service + option. + * util.h (dirmngr_sysconfdir, dirmngr_libexecdir, dirmngr_datadir, + dirmngr_cachedir, default_socket_name): New prototypes. + * get-path.c (dirmngr_sysconfdir, dirmngr_libexecdir) + (dirmngr_datadir, dirmngr_cachedir, default_socket_name): New + functions. + (DIRSEP_C, DIRSEP_S): New macros. + +2007-08-03 Marcus Brinkmann + + * get-path.c: Really add the file this time. + +2007-07-31 Marcus Brinkmann + + * crlfetch.c: Include "estream.h". + (crl_fetch): Use es_read callback instead a file handle. + (crl_close_reader): Use es_fclose instead of fclose. + (struct file_reader_map_s): Change type of FP to estream_t. + (register_file_reader, crl_fetch, crl_close_reader): Likewise. + * ocsp.c: Include "estream.h". + (read_response): Change type of FP to estream_t. + (read_response, do_ocsp_request): Use es_* variants of I/O + functions. + + * http.c: Include . + (http_wait_response) [HAVE_W32_SYSTEM]: Use DuplicateHandle. + (cookie_read): Use pth_read instead read. + (cookie_write): Use pth_write instead write. + +2007-07-30 Marcus Brinkmann + + * ldap-url.c (ldap_str2charray): Fix buglet in ldap_utf8_strchr + invocation. + +2007-07-27 Marcus Brinkmann + + * estream.h, estream.c: Update from recent GnuPG. + + * get-path.c: New file. + * Makefile.am (dirmngr_SOURCES): Add get-path.c. + * util.h (default_homedir, get_dirmngr_ldap_path): New prototypes. + * dirmngr.c (main): Use default_homedir(). + * ldap-url.h: Remove japanese white space (sorry!). + +2007-07-26 Marcus Brinkmann + + * ldap.c (pth_yield): Remove macro. + + * ldap.c (pth_yield) [HAVE_W32_SYSTEM]: Define to Sleep(0). + + * dirmngr_ldap.c [HAVE_W32_SYSTEM]: Do not include , but + , and "ldap-url.h". + * ldap.c [HAVE_W32_SYSTEM]: Do not include , but + and . + + * ldap-url.c: Do not include , but , + and "ldap-url.h". + (LDAP_P): New macro. + * ldap-url.h: New file. + * Makefile.am (ldap_url): Add ldap-url.h. + + * Makefile.am (ldap_url): New variable. + (dirmngr_ldap_SOURCES): Add $(ldap_url). + (dirmngr_ldap_LDADD): Add $(LIBOBJS). + * ldap-url.c: New file, excerpted from OpenLDAP. + * dirmngr.c (main) [HAVE_W32_SYSTEM]: Avoid the daemonization. + * dirmngr_ldap.c: Include "util.h". + (main) [HAVE_W32_SYSTEM]: Don't set up alarm. + (set_timeout) [HAVE_W32_SYSTEM]: Likewise. + * ldap.c [HAVE_W32_SYSTEM]: Add macros for setenv and pth_yield. + * no-libgcrypt.h (NO_LIBGCRYPT): Define. + * util.h [NO_LIBGCRYPT]: Don't include . + +2007-07-23 Marcus Brinkmann + + * Makefile.am (dirmngr_SOURCES): Add exechelp.h and exechelp.c. + * exechelp.h, exechelp.c: New files. + * ldap.c: Don't include but "exechelp.h". + (destroy_wrapper, ldap_wrapper_thread, + ldap_wrapper_connection_cleanup): Use dirmngr_kill_process instead + of kill. + (ldap_wrapper_thread): Use dirmngr_wait_process instead of + waitpid. + (ldap_wrapper): Use dirmngr_spawn_process. + +2007-07-20 Marcus Brinkmann + + * certcache.c (cert_cache_lock): Do not initialize statically. + (init_cache_lock): New function. + (cert_cache_init): Call init_cache_lock. + + * estream.h, estream.c, estream-printf.h, estream-printf.c: New + files. + * Makefile.am (dirmngr_SOURCES): Add estream.c, estream.h, + estream-printf.c, estream-printf.h. + + * http.c: Update to latest version from GnuPG. + + * Makefile.am (cdb_sources) + * cdblib.c: Port to windows (backport from tinycdb 0.76). + + * crlcache.c [HAVE_W32_SYSTEM]: Don't include sys/utsname.h. + [MKDIR_TAKES_ONE_ARG]: Define mkdir as a macro for such systems. + (update_dir, crl_cache_insert) [HAVE_W32_SYSTEM]: Don't get uname. + * server.c (start_command_handler) [HAVE_W32_SYSTEM]: Don't log + peer credentials. + + * dirmngr.c [HAVE_W32_SYSTEM]: Do not include sys/socket.h or + sys/un.h, but ../jnlib/w32-afunix.h. + (sleep) [HAVE_W32_SYSTEM]: New macro. + (main) [HAVE_W32_SYSTEM]: Don't mess with SIGPIPE. Use W32 socket + API. + (handle_signal) [HAVE_W32_SYSTEM]: Deactivate the bunch of the + code. + (handle_connections) [HAVE_W32_SYSTEM]: don't handle signals. + +2006-11-29 Werner Koch + + * dirmngr.c (my_strusage): Use macro for the bug report address + and the copyright line. + * dirmngr-client.c (my_strusage): Ditto. + * dirmngr_ldap.c (my_strusage): Ditto. + + * Makefile.am: Do not link against LIBICONV. + +2006-11-19 Werner Koch + + * dirmngr.c: Include i18n.h. + +2006-11-17 Werner Koch + + * Makefile.am (dirmngr_LDADD): Use LIBASSUAN_PTH_LIBS. + +2006-11-16 Werner Koch + + * server.c (start_command_handler): Replaced + assuan_init_connected_socket_server by assuan_init_socket_server_ext. + + * crlcache.c (update_dir): Put a diagnostic into DIR.txt. + (open_dir): Detect invalid and duplicate entries. + (update_dir): Fixed search for second field. + +2006-10-23 Werner Koch + + * dirmngr.c (main): New command --gpgconf-test. + +2006-09-14 Werner Koch + + * server.c (start_command_handler): In vebose mode print + information about the peer. This may later be used to restrict + certain commands. + +2006-09-12 Werner Koch + + * server.c (start_command_handler): Print a more informative hello + line. + * dirmngr.c: Moved config_filename into the opt struct. + +2006-09-11 Werner Koch + + Changed everything to use Assuan with gpg-error codes. + * maperror.c: Removed. + * server.c (map_to_assuan_status): Removed. + * dirmngr.c (main): Set assuan error source. + * dirmngr-client.c (main): Ditto. + +2006-09-04 Werner Koch + + * crlfetch.c (crl_fetch): Implement HTTP redirection. + * ocsp.c (do_ocsp_request): Ditto. + + New HTTP code version taken from gnupg svn release 4236. + * http.c (http_get_header): New. + (capitalize_header_name, store_header): New. + (parse_response): Store headers away. + (send_request): Return GPG_ERR_NOT_FOUND if connect_server failed. + * http.h: New flag HTTP_FLAG_NEED_HEADER. + +2006-09-01 Werner Koch + + * crlfetch.c (register_file_reader, get_file_reader): New. + (crl_fetch): Register the file pointer for HTTP. + (crl_close_reader): And release it. + + * http.c, http.h: Updated from GnuPG SVN trunk. Changed all users + to adopt the new API. + * dirmngr.h: Moved inclusion of jnlib header to ... + * util.h: .. here. This is required becuase http.c includes only + a file util.h but makes use of log_foo. Include gcrypt.h so that + gcry_malloc et al are declared. + +2006-08-31 Werner Koch + + * ocsp.c (check_signature): Make use of the responder id. + +2006-08-30 Werner Koch + + * validate.c (check_cert_sig): Workaround for rimemd160. + (allowed_ca): Always allow trusted CAs. + + * dirmngr.h (cert_ref_t): New. + (struct server_control_s): Add field OCSP_CERTS. + * server.c (start_command_handler): Release new field + * ocsp.c (release_ctrl_ocsp_certs): New. + (check_signature): Store certificates in OCSP_CERTS. + + * certcache.c (find_issuing_cert): Reset error if cert was found + by subject. + (put_cert): Add new arg FPR_BUFFER. Changed callers. + (cache_cert_silent): New. + + * dirmngr.c (parse_rereadable_options): New options + --ocsp-max-clock-skew and --ocsp-current-period. + * ocsp.c (ocsp_isvalid): Use them here. + + * ocsp.c (validate_responder_cert): New optional arg signer_cert. + (check_signature_core): Ditto. + (check_signature): Use the default signer certificate here. + +2006-06-27 Werner Koch + + * dirmngr-client.c (inq_cert): Take care of SENDCERT_SKI. + +2006-06-26 Werner Koch + + * crlcache.c (lock_db_file): Count open files when needed. + (find_entry): Fixed deleted case. + +2006-06-23 Werner Koch + + * misc.c (cert_log_name): New. + + * certcache.c (load_certs_from_dir): Also print certificate name. + (find_cert_bysn): Release ISSDN. + + * validate.h: New VALIDATE_MODE_CERT. + * server.c (cmd_validate): Use it here so that no policy checks + are done. Try to validated a cached copy of the target. + + * validate.c (validate_cert_chain): Implement a validation cache. + (check_revocations): Print more diagnostics. Actually use the + loop variable and not the head of the list. + (validate_cert_chain): Do not check revocations of CRL issuer + certificates in plain CRL check mode. + * ocsp.c (ocsp_isvalid): Make sure it is reset for a status of + revoked. + +2006-06-22 Werner Koch + + * validate.c (cert_use_crl_p): New. + (cert_usage_p): Add a mode 6 for CRL signing. + (validate_cert_chain): Check that the certificate may be used for + CRL signing. Print a note when not running as system daemon. + (validate_cert_chain): Reduce the maximum depth from 50 to 10. + + * certcache.c (find_cert_bysn): Minor restructuring + (find_cert_bysubject): Ditto. Use get_cert_local when called + without KEYID. + * crlcache.c (get_crlissuer_cert_bysn): Removed. + (get_crlissuer_cert): Removed. + (crl_parse_insert): Use find_cert_bysubject and find_cert_bysn + instead of the removed functions. + +2006-06-19 Werner Koch + + * certcache.c (compare_serialno): Silly me. Using 0 as true is + that hard; tsss. Fixed call cases except for the only working one + which are both numbers of the same length. + +2006-05-15 Werner Koch + + * crlfetch.c (crl_fetch): Use no-shutdown flag for HTTP. This + seems to be required for "IBM_HTTP_Server/2.0.47.1 Apache/2.0.47 + (Unix)". + + * http.c (parse_tuple): Set flag to to indicate no value. + (build_rel_path): Take care of it. + + * crlcache.c (crl_cache_reload_crl): Also iterate over all names + within a DP. + +2005-09-28 Marcus Brinkmann + + * Makefile.am (dirmngr_LDADD): Add @LIBINTL@ and @LIBICONV@. + (dirmngr_ldap_LDADD): Likewise. + (dirmngr_client_LDADD): Likewise. + +2005-09-12 Werner Koch + + * dirmngr.c: Fixed description to match the one in gpgconf. + +2005-06-15 Werner Koch + + * server.c (cmd_lookup): Take care of NO_DATA which might get + returned also by start_cert_fetch(). + +2005-04-20 Werner Koch + + * ldap.c (ldap_wrapper_wait_connections): Set a shutdown flag. + (ldap_wrapper_thread): Handle shutdown in a special way. + +2005-04-19 Werner Koch + + * server.c (get_cert_local, get_issuing_cert_local) + (get_cert_local_ski): Bail out if called without a local context. + +2005-04-18 Werner Koch + + * certcache.c (find_issuing_cert): Fixed last resort method which + should be finding by subject and not by issuer. Try to locate it + also using the keyIdentifier method. Improve error reporting. + (cmp_simple_canon_sexp): New. + (find_cert_bysubject): New. + (find_cert_bysn): Ask back to the caller before trying an extarnl + lookup. + * server.c (get_cert_local_ski): New. + * crlcache.c (crl_parse_insert): Also try to locate issuer + certificate using the keyIdentifier. Improved error reporting. + +2005-04-14 Werner Koch + + * ldap.c (start_cert_fetch_ldap): Really return ERR. + +2005-03-17 Werner Koch + + * http.c (parse_response): Changed MAXLEN and LEN to size_t to + match the requirement of read_line. + * http.h (http_context_s): Ditto for BUFFER_SIZE. + +2005-03-15 Werner Koch + + * ldap.c: Included time.h. Reported by Bernhard Herzog. + +2005-03-09 Werner Koch + + * dirmngr.c: Add a note to the help listing check the man page for + other options. + +2005-02-01 Werner Koch + + * crlcache.c (crl_parse_insert): Renamed a few variables and + changed diagnostic strings for clarity. + (get_issuer_cert): Renamed to get_crlissuer_cert. Try to locate + the certificate from the cache using the subject name. Use new + fetch function. + (get_crlissuer_cert_bysn): New. + (crl_parse_insert): Use it here. + * crlfetch.c (ca_cert_fetch): Changed interface. + (fetch_next_ksba_cert): New. + * ldap.c (run_ldap_wrapper): Add arg MULTI_MODE. Changed all + callers. + (start_default_fetch_ldap): New + * certcache.c (get_cert_bysubject): New. + (clean_cache_slot, put_cert): Store the subject DN if available. + (MAX_EXTRA_CACHED_CERTS): Increase limit of cachable certificates + to 1000. + (find_cert_bysn): Loop until a certificate with a matching S/N has + been found. + + * dirmngr.c (main): Add honor-http-proxy to the gpgconf list. + +2005-01-31 Werner Koch + + * ldap.c: Started to work on support for userSMIMECertificates. + + * dirmngr.c (main): Make sure to always pass a server control + structure to the caching functions. Reported by Neil Dunbar. + +2005-01-05 Werner Koch + + * dirmngr-client.c (read_pem_certificate): Skip trailing percent + escaped linefeeds. + +2005-01-03 Werner Koch + + * dirmngr-client.c (read_pem_certificate): New. + (read_certificate): Divert to it depending on pem option. + (squid_loop_body): New. + (main): New options --pem and --squid-mode. + +2004-12-17 Werner Koch + + * dirmngr.c (launch_ripper_thread): Renamed to launch_reaper_thread. + (shutdown_reaper): New. Use it for --server and --daemon. + * ldap.c (ldap_wrapper_wait_connections): New. + +2004-12-17 Werner Koch + + * Makefile.am (dirmngr_ldap_LDADD): Adjusted for new LDAP checks. + +2004-12-16 Werner Koch + + * ldap.c (ldap_wrapper): Peek on the output to detect empty output + early. + +2004-12-15 Werner Koch + + * ldap.c (ldap_wrapper): Print a diagnostic after forking for the + ldap wrapper. + * certcache.h (find_cert_bysn): Add this prototype. + * crlcache.c (start_sig_check): Write CRL hash debug file. + (finish_sig_check): Dump the signer's certificate. + (crl_parse_insert): Try to get the issuing cert by authKeyId. + Moved certificate retrieval after item processing. + +2004-12-13 Werner Koch + + * dirmngr_ldap.c (catch_alarm, set_timeout): new. + (main): Install alarm handler. Add new option --only-search-timeout. + (print_ldap_entries, fetch_ldap): Use set_timeout (); + * dirmngr.h: Make LDAPTIMEOUT a simple unsigned int. Change all + initializations. + * ldap.c (start_cert_fetch_ldap, run_ldap_wrapper): Pass timeout + option to the wrapper. + (INACTIVITY_TIMEOUT): Depend on LDAPTIMEOUT. + (run_ldap_wrapper): Add arg IGNORE_TIMEOUT. + (ldap_wrapper_thread): Check for special timeout exit code. + + * dirmngr.c: Workaround a typo in gpgconf for + ignore-ocsp-service-url. + +2004-12-10 Werner Koch + + * ldap.c (url_fetch_ldap): Use TMP and not a HOST which is always + NULL. + * misc.c (host_and_port_from_url): Fixed bad encoding detection. + +2004-12-03 Werner Koch + + * crlcache.c (crl_cache_load): Re-implement it. + + * dirmngr-client.c: New command --load-crl + (do_loadcrl): New. + + * dirmngr.c (parse_rereadable_options, main): Make --allow-ocsp, + --ocsp-responder, --ocsp-signer and --max-replies re-readable. + + * ocsp.c (check_signature): try to get the cert from the cache + first. + (ocsp_isvalid): Print the next and this update times on time + conflict. + + * certcache.c (load_certs_from_dir): Print the fingerprint for + trusted certificates. + (get_cert_byhexfpr): New. + * misc.c (get_fingerprint_hexstring_colon): New. + +2004-12-01 Werner Koch + + * Makefile.am (dirmngr_LDADD): Don't use LDAP_LIBS. + + * validate.c (validate_cert_chain): Fixed test; as written in the + comment we want to do this only in daemon mode. For clarity + reworked by using a linked list of certificates and include root + and tragte certificate. + (check_revocations): Likewise. Introduced a recursion sentinel. + +2004-11-30 Werner Koch + + * crlfetch.c (ca_cert_fetch, crl_fetch_default): Do not use the + binary prefix as this will be handled in the driver. + + * dirmngr_ldap.c: New option --log-with-pid. + (fetch_ldap): Handle LDAP_NO_SUCH_OBJECT. + * ldap.c (run_ldap_wrapper, start_cert_fetch_ldap): Use new log + option. + + +2004-11-25 Werner Koch + + * Makefile.am (dirmngr_ldap_CFLAGS): Added GPG_ERROR_CFLAGS. + Noted by Bernhard Herzog. + +2004-11-24 Werner Koch + + * ldap.c (ldap_wrapper): Fixed default name of the ldap wrapper. + + * b64enc.c (b64enc_start, b64enc_finish): Use standard strdup/free + to manage memory. + + * dirmngr.c: New options --ignore-http-dp, --ignore-ldap-dp and + --ignore-ocsp-service-url. + * crlcache.c (crl_cache_reload_crl): Implement them. + * ocsp.c (ocsp_isvalid): Ditto. + +2004-11-23 Werner Koch + + * ldap.c (ldap_wrapper_thread, reader_callback, ldap_wrapper): + Keep a timestamp and terminate the wrapper after some time of + inactivity. + + * dirmngr-client.c (do_lookup): New. + (main): New option --lookup. + (data_cb): New. + * b64enc.c: New. Taken from GnuPG 1.9. + * no-libgcrypt.c (gcry_strdup): Added. + + * ocsp.c (ocsp_isvalid): New arg CERT and lookup the issuer + certificate using the standard methods. + + * server.c (cmd_lookup): Truncation is now also an indication for + error. + (cmd_checkocsp): Implemented. + + * dirmngr_ldap.c (fetch_ldap): Write an error marker for a + truncated search. + * ldap.c (add_server_to_servers): Reactivated. + (url_fetch_ldap): Call it here and try all configured servers in + case of a a failed lookup. + (fetch_next_cert_ldap): Detect the truncation error flag. + * misc.c (host_and_port_from_url, remove_percent_escapes): New. + +2004-11-22 Werner Koch + + * dirmngr_ldap.c (main): New option --proxy. + * ocsp.c (do_ocsp_request): Take care of opt.disable_http. + * crlfetch.c (crl_fetch): Honor the --honor-http-proxy variable. + (crl_fetch): Take care of opt.disable_http and disable_ldap. + (crl_fetch_default, ca_cert_fetch, start_cert_fetch): + * ldap.c (run_ldap_wrapper): New arg PROXY. + (url_fetch_ldap, attr_fetch_ldap, start_cert_fetch_ldap): Pass it. + + * http.c (http_open_document): Add arg PROXY. + (http_open): Ditto. + (send_request): Ditto and implement it as an override. + + * ocsp.c (validate_responder_cert): Use validate_cert_chain. + + * Makefile.am (AM_CPPFLAGS): Add macros for a few system + directories. + * dirmngr.h (opt): New members homedir_data, homedir_cache, + ldap_wrapper_program, system_daemon, honor_http_proxy, http_proxy, + ldap_proxy, only_ldap_proxy, disable_ldap, disable_http. + * dirmngr.c (main): Initialize new opt members HOMEDIR_DATA and + HOMEDIR_CACHE. + (parse_rereadable_options): New options --ldap-wrapper-program, + --http-wrapper-program, --disable-ldap, --disable-http, + --honor-http-proxy, --http-proxy, --ldap-proxy, --only-ldap-proxy. + (reread_configuration): New. + + * ldap.c (ldap_wrapper): Use the correct name for the wrapper. + + * crlcache.c (DBDIR_D): Make it depend on opt.SYSTEM_DAEMON. + (cleanup_cache_dir, open_dir, update_dir, make_db_file_name) + (crl_cache_insert, create_directory_if_needed): Use opt.HOMEDIR_CACHE + + * validate.c (check_revocations): New. + * crlcache.c (crl_cache_isvalid): Factored most code out to + (cache_isvalid): .. new. + (crl_cache_cert_isvalid): New. + * server.c (cmd_checkcrl): Cleaned up by using this new function. + (reload_crl): Moved to .. + * crlcache.c (crl_cache_reload_crl): .. here and made global. + + * certcache.c (cert_compute_fpr): Renamed from computer_fpr and + made global. + (find_cert_bysn): Try to lookup missing certs. + (cert_cache_init): Intialize using opt.HOMEDIR_DATA. + + +2004-11-19 Werner Koch + + * dirmngr-client.c (status_cb): New. Use it in very verbose mode. + + * server.c (start_command_handler): Malloc the control structure + and properly release it. Removed the primary_connection + hack. Cleanup running wrappers. + (dirmngr_status): Return an error code. + (dirmngr_tick): Return an error code and detect a + cancellation. Use wall time and not CPU time. + * validate.c (validate_cert_chain): Add CTRL arg and changed callers. + * crlcache.c (crl_cache_isvalid): + * crlfetch.c (ca_cert_fetch, start_cert_fetch, crl_fetch_default) + (crl_fetch): Ditto. + * ldap.c (ldap_wrapper, run_ldap_wrapper, url_fetch_ldap) + (attr_fetch_ldap, start_cert_fetch_ldap): Ditto. + (ldap_wrapper_release_context): Reset the stored CTRL. + (reader_callback): Periodically call dirmngr_tick. + (ldap_wrapper_release_context): Print an error message for read + errors. + (ldap_wrapper_connection_cleanup): New. + +2004-11-18 Werner Koch + + * dirmngr.c (main): Do not cd / if not running detached. + + * dirmngr-client.c: New options --cache-cert and --validate. + (do_cache, do_validate): New. + * server.c (cmd_cachecert, cmd_validate): New. + + * crlcache.c (get_issuer_cert): Make use of the certificate cache. + (crl_parse_insert): Validate the issuer certificate. + + * dirmngr.c (handle_signal): Reinitialize the certificate cache on + a HUP. + (struct opts): Add --homedir to enable the already implemented code. + (handle_signal): Print stats on SIGUSR1. + + * certcache.c (clean_cache_slot, cert_cache_init) + (cert_cache_deinit): New. + (acquire_cache_read_lock, acquire_cache_write_lock) + (release_cache_lock): New. Use them where needed. + (put_cert): Renamed from put_loaded_cert. + (cache_cert): New. + (cert_cache_print_stats): New. + (compare_serialno): Fixed. + +2004-11-16 Werner Koch + + * Makefile.am (AM_CPPFLAGS): Define DIRMNGR_SYSCONFDIR and + DIRMNGR_LIBEXECDIR. + + * misc.c (dump_isotime, dump_string, dump_cert): New. Taken from + gnupg 1.9. + (dump_serial): New. + +2004-11-15 Werner Koch + + * validate.c: New. Based on gnupg's certchain.c + + * ldap.c (get_cert_ldap): Removed. + (read_buffer): New. + (start_cert_fetch_ldap, fetch_next_cert_ldap) + (end_cert_fetch_ldap): Rewritten to make use of the ldap wrapper. + +2004-11-12 Werner Koch + + * http.c (insert_escapes): Print the percent sign too. + + * dirmngr-client.c (inq_cert): Ignore "SENDCERT" and + "SENDISSUERCERT". + + * server.c (do_get_cert_local): Limit the length of a retruned + certificate. Return NULL without an error if an empry value has + been received. + + * crlfetch.c (ca_cert_fetch): Use the ksba_reader_object. + (setup_funopen, fun_reader, fun_closer): Removed. + + * crlcache.c (get_issuer_cert): Adjust accordingly. + + * ldap.c (attr_fetch_ldap_internal, attr_fetch_fun_closer) + (attr_fetch_fun_reader, url_fetch_ldap_internal) + (get_attr_from_result_ldap): Removed. + (destroy_wrapper, print_log_line, ldap_wrapper_thread) + (ldap_wrapper_release_context, reader_callback, ldap_wrapper) + (run_ldap_wrapper): New. + (url_fetch_ldap): Make use of the new ldap wrapper and return a + ksba reader object instead of a stdio stream. + (attr_fetch_ldap): Ditto. + (make_url, escape4url): New. + +2004-11-11 Werner Koch + + * dirmngr.c (launch_ripper_thread): New. + (main): Start it wheere appropriate. Always ignore SIGPIPE. + (start_connection_thread): Maintain a connection count. + (handle_signal, handle_connections): Use it here instead of the + thread count. + + * crlcache.c (crl_cache_insert): Changed to use ksba reader + object. Changed all callers to pass this argument. + +2004-11-08 Werner Koch + + * dirmngr_ldap.c: New. + + * crlcache.c (crl_cache_init): Don't return a cache object but + keep it module local. We only need one. + (crl_cache_deinit): Don't take cache object but work on existing + one. + (get_current_cache): New. + (crl_cache_insert, crl_cache_list, crl_cache_load): Use the global + cache object and removed the cache arg. Changed all callers. + + * dirmngr-client.c: New option --ping. + + * dirmngr.c (main): New option --daemon. Initialize PTH. + (handle_connections, start_connection_thread): New. + (handle_signal): New. + (parse_rereadable_options): New. Changed main to make use of it. + (set_debug): Don't bail out on invalid debug levels. + (main): Init the crl_chache for server and daemon mode. + + * server.c (start_command_handler): New arg FD. Changed callers. + +2004-11-06 Werner Koch + + * server.c (map_assuan_err): Factored out to .. + * maperror.c: .. new file. + * util.h: Add prototype + +2004-11-05 Werner Koch + + * no-libgcrypt.c: New, used as helper for dirmngr-client which + does not need libgcrypt proper but jnlib references the memory + functions. Taken from gnupg 1.9.12. + + * dirmngr.h: Factored i18n and xmalloc code out to .. + * i18n.h, util.h: .. New. + + * dirmngr-client.c: New. Some code taken from gnupg 1.9.12. + * Makefile.am (bin_PROGRAMS) Add dirmngr-client. + +2004-11-04 Werner Koch + + * src/server.c (get_fingerprint_from_line, cmd_checkcrl) + (cmd_checkocsp): New. + (register_commands): Register new commands. + (inquire_cert_and_load_crl): Factored most code out to .. + (reload_crl): .. new function. + * src/certcache.h, src/certcache.c: New. + * src/Makefile.am (dirmngr_SOURCES): Add new files. + +2004-11-04 Werner Koch + + Please note that earlier entries are found in the top level + ChangeLog. + [Update after merge with GnuPG: see ./ChangeLog.1] + + + Copyright 2004, 2005, 2006, 2007, 2008, 2009, 2010, + 2011 Free Software Foundation, Inc. + + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even the + implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +Local Variables: +buffer-read-only: t +End: diff --git a/dirmngr/ChangeLog.1 b/dirmngr/ChangeLog.1 index 6d7a513e2..f7b50c7a1 100644 --- a/dirmngr/ChangeLog.1 +++ b/dirmngr/ChangeLog.1 @@ -800,3 +800,7 @@ There are old Dirmngr ChangeLog entries. ldapsearch -v -x -h www.trustcenter.de -b '' userCertificate -t cp /tmp/ testcert.der ./test-dirmngr + +Local Variables: +buffer-read-only: t +End: diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am index e3d5f742e..c5f073e3b 100644 --- a/dirmngr/Makefile.am +++ b/dirmngr/Makefile.am @@ -19,7 +19,7 @@ ## Process this file with automake to produce Makefile.in -EXTRA_DIST = OAUTHORS ONEWS ChangeLog.1 +EXTRA_DIST = OAUTHORS ONEWS ChangeLog.1 ChangeLog-2011 bin_PROGRAMS = dirmngr dirmngr-client diff --git a/doc/ChangeLog b/doc/ChangeLog deleted file mode 100644 index 17c58ecd4..000000000 --- a/doc/ChangeLog +++ /dev/null @@ -1,860 +0,0 @@ -2011-10-12 Werner Koch - - * gpg.texi: Add a bunch of opindex items. - - * yat2m.c (parse_file): Add hack to allow table indentation. - -2011-08-12 Werner Koch - - * texi.css: Override some elements. - * gnupg-log-tr.png: New. - * gnupg.texi: Use transparent logo. - -2011-03-01 Werner Koch - - * gpgsm.texi (CSR and certificate creation): New. - * gpg.texi (Unattended GPG key generation): New. - -2010-10-29 David Shaw - - * gpg.texi (GPG Configuration Options): Clarify that show-photos - doesn't work with --with-colons. --personal-digest-preferences - does not have a default any longer. - -2010-10-18 Werner Koch - - * DETAILS: Fix description of IMPORT_RES. Reported by Nicholas Cole. - -2010-10-11 Daniel Kahn Gillmor (wk) - - * gpg.texi (GPG Configuration Options) : Describe %v - and %V. - -2010-10-05 Werner Koch - - * Makefile.am (faq.txt faq.html, faq-online): New. - -2010-10-04 Werner Koch - - * faq.org: New. - * FAQ: Make it a static file with a pointer to the online location. - * Makefile.am (EXTRA_DIST): Remove faq.raw and faq.html. - (FAQ, faq.html): Remove these targets - -2010-09-28 Werner Koch - - * Makefile.am (AM_MAKEINFOFLAGS): Add define gpgtwoone. - -2010-09-28 David Shaw - - * gpg.texi (OpenPGP Options): Clarify that --force-v3-sigs - disables (not enables) v4 options. --force-v3-sigs defaults to - no. - -2010-08-18 Werner Koch - - * tools.texi (watchgnupg): Add examples section. - -2010-06-10 Werner Koch - - * Makefile.am (gnupg_TEXINFOS): Add dirmngr.texi. - (myman_sources): Ditto. - (myman_pages): Add dirmngr and dirmngr-client pages. - (noinst_MANS): Move gnupg.7 to man_MANS. - - * gnupg.texi: Include dirmngr.texi and add a menu entry. - * dirmngr.texi: New. Taken from the current SVN of the dirmngr - package and adjusted to fit into the GnuPG manual. Moved - dirmngr-cleint stuff to ... - * tools.texi (dirmngr-client): ... new. - -2009-11-18 Werner Koch - - * gpg.texi (GPG Key related Options): Describe - --skip-hidden-recipients. - -2009-10-19 David Shaw - - * gpg.texi (GPG Configuration Options): Clarify that ca-cert-file - is a generic store, the details of which depend on the underlying - libraries. - -2009-08-24 David Shaw - - * gpg.texi: Suggested new ordering for --edit-key. - -2009-08-17 David Shaw - - * gpg.texi (OpenPGP Options): Clarify that - personal-foo-preferences overrides recipient preferences (safely). - -2009-08-14 David Shaw - - * gpg.texi (GPG Configuration Options): Document keyserver options - check-cert and ca-cert-file. - -2009-08-06 Werner Koch - - * DETAILS: Describe the new INV_SNDR and NO_SNDR.. - -2009-07-31 David Shaw - - * gpg.texi (OpenPGP Options): Don't mention - --no-sk-comment (doesn't exist any longer). - -2009-07-23 David Shaw - - * gpg.texi (GPG Configuration Options): LDAP uses DNS-SD to locate - a server before falling back to keys.{domain}. - -2009-07-23 Werner Koch - - * help.txt (gpgsm.crl-problem): New. - -2009-07-22 Werner Koch - - * scdaemon.texi, instguide.texi, gpgsm.texi, sysnotes.texi - * glossary.texi, howto-create-a-server-cert.texi, tools.texi - * gpg-agent.texi, gpg.texi, debugging.texi: Typo fixes. Reported - by Jeroen Schot. Fixes bug#1093. - - * gpg.texi (GPG Configuration Options): Tell what files to backup. - * sysnotes.texi: Remove some warning notes for W32. - -2009-07-20 Werner Koch - - * gpg.texi (Operational GPG Commands): Add a note for --send-keys. - Fixes bug#1090. - -2009-07-06 Werner Koch - - * debugging.texi (Common Problems): Add a note about corrupted - keys in --search-keys. - -2009-06-02 Werner Koch - - * tools.texi (watchgnupg): Typo fix. Fixes bug#1065. - - * gpg-agent.texi (Agent Commands): Update description of --daemon. - -2009-05-20 Werner Koch - - * gpg.texi (GPG Configuration Options): Explain new meaning of - --enable-dsa2. - -2009-03-16 David Shaw - - * gpg.texi (GPG Configuration Options): Document keyserver-options - debug. - -2009-03-04 Werner Koch - - * help.txt (gpg.keygen.size): Add a link to web page. - -2009-03-03 Werner Koch - - * gpg.texi (Operational GPG Commands): "merge-only" is an - import-option. Reported by Joseph Oreste Bruni. - -2009-03-02 Werner Koch - - * gpg-agent.texi (Invoking GPG-AGENT): Modernized instructions. - (Agent Options): Fix spelling of option --lc-ctype. - -2009-01-12 Werner Koch - - * faq.raw: Fix bug reorting address. - -2008-12-12 Werner Koch - - * gpgsm.texi (General GPGSM Commands): Fix --help, --version and - --warranty wording. - -2008-12-08 Werner Koch - - * DETAILS: Clarify the use of "trust" and "validity" as suggested - by Daniel Kahn Gillmor. Fix some typos. Remove the outdated - sections on packet headers and pipemode. Point to the libgcrypt - manual for a description of the key generation. - -2008-11-12 Werner Koch - - * gpg-agent.texi (Agent Options): Use Posix $() instead of - backticks to avoid rendering problems. - -2008-10-13 Werner Koch - - * gpgsm.texi (Certificate Management): Explain hot to delete the - secret key. - -2008-10-01 Werner Koch - - * tools.texi (Controlling gpg-connect-agent): Describe /datafile. - -2008-09-23 David Shaw - - * gpg.texi (OpenPGP Key Management): Clarify setpref a bit. - -2008-08-30 Werner Koch - - * yat2m.c (write_th): Print a note that this is generated source. - (VERSION): Bump up to 1.0. - -2008-07-30 Werner Koch - - * gpgsm.texi (GPGSM Configuration): Mention com-cert.pem. - -2008-06-25 Werner Koch - - * qualified.txt: Add new BnetzA certs 12R and 13R. - * com-certs.pem: Ditto. - * examples/trustlist.txt: Ditto. - -2008-06-19 Werner Koch - - * tools.texi (Listing options): Describe new complect gpgconf type - "alias list". - -2008-06-16 Werner Koch - - * DETAILS (group): Document %ask-passphrase. - -2008-05-26 Werner Koch - - * gpgv.texi: Minor fixes. Fixes bug#918. - - * opt-homedir.texi: Typo fixes. Fixes bug#917. - -2008-05-26 Marcus Brinkmann - - * tools.texi (Invoking gpgconf): Document --list-dirs. - -2008-05-20 Marcus Brinkmann - - * tools.texi (Invoking gpgconf): Add --dry-run and --check-options. - (Checking programs): Document --check-options. - -2008-05-15 Marcus Brinkmann - - * gpg.texi (Operational GPG Commands): Mention the way to change - the default signing key. - -2008-05-06 Werner Koch - - * Makefile.am (myman_pages): Add gpg-zip.1. - - * tools.texi (gpg-zip): Add new section. - -2008-04-08 Werner Koch - - * gpg.texi (GPG Configuration Options): Change subkeys.pgp.net to - keys.gnupg.net. Describe --auto-key-locate mechanisms local and - nodefault. - -2008-04-03 Werner Koch - - * yat2m.c (proc_texi_cmd): Remove extra apostrophe from @samp and - use open and close quote to @file and @env. - -2008-04-02 Werner Koch - - * opt-homedir.texi: Remove special case for Registry key. - - * yat2m.c (proc_texi_cmd): Use the \(aq glyph for @samp. This is - bug#898. - (proc_texi_buffer): Handle backslashs correctly. - -2008-03-27 Werner Koch - - * Makefile.am (nobase_dist_doc_DATA, dist_html_DATA): New. Move - relevant files to here. - (install-html-local): Remove. - -2008-02-27 Marcus Brinkmann - - * tools.texi (Listing options): Document new types. - -2008-02-26 Werner Koch - - * gpg.texi (GPG Configuration Options): Mention rfc4398. - -2008-02-05 David Shaw - - * gpg.texi (GPG Esoteric Options): Tweak mention of Tempest font - to add a "claimed" in there. - -2008-01-29 Justin Pryzby (wk) - - * gpg-agent.texi (Agent Options): Grammar fixes - - * qualified.txt: Spelling fixes. - -2008-01-28 Justin Pryzby (wk) - - * gpg-agent.texi, yat2m.c, scdaemon.texi, qualified.txt - * tools.texi, gpgsm.texi: Typo fixes and minor grammer fixes. - -2008-01-10 Werner Koch - - * qualified.txt: Add missing country tag to the last entries. - Reported by Marcus Brinkmann. - -2008-01-10 Marcus Brinkmann - - * tools.texi (gpgconf): Some clarifications. - -2008-01-02 Werner Koch - - * gpg.texi (GPG Esoteric Options): Mention --log-file. - -2007-12-13 Werner Koch - - * qualified.txt: Add 2 root certs from S-Trust for 2008-2012. - * examples/trustlist.txt: Ditto. - * com-certs.pem: Ditto. - - * gpgsm.texi (Esoteric Options): Document --extra-digest-algo. - -2007-12-12 Werner Koch - - * gpg.texi: Typo fixes. From Christer Andersson. - -2007-12-04 Werner Koch - - * help.txt: New online help file. - * help.be.txt, help.ca.txt, help.cs.txt, help.da.txt, help.de.txt - * help.el.txt, help.eo.txt, help.es.txt, help.et.txt, help.fi.txt - * help.fr.txt, help.gl.txt, help.hu.txt, help.id.txt, help.it.txt - * help.ja.txt, help.nb.txt, help.pl.txt, help.pt.txt - * help.pt_BR.txt, help.ro.txt, help.ru.txt, help.sk.txt - * help.sv.txt, help.tr.txt, help.zh_CN.txt, help.zh_TW.txt: New - online file, generated from teh current po files. - * Makefile.am (dist_pkgdata_DATA): Add them. - -2007-11-19 Werner Koch - - * gpg.texi (GPG Configuration Options): English Grammar fix. - Thanks to Gerg Troxel. - - * gpgsm.texi (Certificate Options): Document - --auto-issuer-key-retrieve. - -2007-11-15 Werner Koch - - * gpg.texi (GPG Configuration): Add PINENTRY_USER_DATA. - - * gpg-agent.texi (Agent Options): Add xauthority. - -2007-10-31 Marcus Brinkmann - - * gpg-agent.texi (Agent Options): Fix typos, by Bernhard Reiter. - -2007-10-27 David Shaw - - * gpg.texi: Document --rfc4880 (the new --openpgp). - -2007-10-25 David Shaw - - * gpg.texi: Clarify --force-v3-sigs, --pgp2, and --pgp6 a bit. - -2007-10-23 Werner Koch - - * tools.texi (Listing global options): New. - -2007-10-19 Werner Koch - - * tools.texi (Controlling gpg-connect-agent): Updated. - -2007-08-29 Werner Koch - - * tools.texi (Checking programs): New. - -2007-08-27 Werner Koch - - * examples/pwpattern.list: New. - -2007-08-24 Werner Koch - - * debugging.texi (Common Problems): Add "A root certifciate does - not validate." - -2007-08-14 Werner Koch - - * glossary.texi (Glossary): Add a more items. - -2007-08-13 Werner Koch - - * yat2m.c (proc_texi_cmd): Do not put @samp content between two - newlines. - - * gpg-agent.texi (Agent Configuration): Explain the CM flag for - trustlist.txt. - -2007-08-09 Werner Koch - - * gpgsm.texi (Certificate Options): Describe --validation-model. - -2007-07-23 Werner Koch - - * scdaemon.texi (Scdaemon Commands): Remove obsolete --print-atr. - -2007-07-17 Werner Koch - - * gpgsm.texi (Input and Output): Document --default-key. - -2007-07-04 Werner Koch - - * gpl.texi: Updated to GPLv3. - -2007-06-22 Werner Koch - - * gpg.texi (Operational GPG Commands): Describe the flags used by - --check-sigs. - -2007-06-21 Werner Koch - - * gpgsm.texi (Certificate Management): Changed description of - --gen-key. - -2007-06-19 Werner Koch - - * glossary.texi (Glossary): Describe PSE. - -2007-06-18 Werner Koch - - * gpg-agent.texi (Agent GETINFO): New. - -2007-06-06 Werner Koch - - * Makefile.am (yat2m): Use a plain rule to build it for the sake - of cross-compiling. - - * yat2m.c (finish_page): Init SECT to NULL. - -2007-05-11 Werner Koch - - * gpgsm.texi (--export): Enhanced description. - -2007-05-09 Werner Koch - - * examples/gpgconf.conf: Remove active example line. - - * Makefile.am (online): Distinguish between released and svn manuals. - -2007-05-08 Werner Koch - - * howtos.texi: New. - * howto-create-a-server-cert.texi: New. - * Makefile.am (gnupg_TEXINFOS): Add new files. - - * gnupg.texi: Moved the logo for HTML more to the top. - * Makefile.am (install-html-local): New. - (DVIPS): Redefine to include srcdir. - -2007-05-04 Werner Koch - - * gnupg.texi (Top): Fix typo and a grammar issue. - * Makefile.am (EXTRA_DIST): Add gnupg-logo.png. Suggested by - Bernard Leak. - -2007-04-15 David Shaw - - * gpg.texi (OpenPGP Options): Update the personal-foo-preferences - documentation a bit. - -2007-04-10 Werner Koch - - * gpg.texi (GPG Configuration Options): Document --batch, no-tty, - --yes and --no. - -2007-03-08 Werner Koch - - * gnupg-logo.png, gnupg-logo.eps, gnupg-logo.pdf: New. - * gnupg-badge-openpgp.eps, gnupg-badge-openpgp.eps - * gnupg-badge-openpgp.jpg: Removed. - * gnupg.texi: Use new logo. - -2007-03-07 Werner Koch - - * tools.texi (applygnupgdefaults): New. - -2007-03-06 Werner Koch - - * examples/gpgconf.conf: New. - -2007-03-04 David Shaw - - * gpg.texi (GPG Esoteric Options): Document - --allow-multiple-messages. - -2007-02-26 Werner Koch - - * gpg.texi (GPG Configuration): Document envvar LANGUAGE. - (GPG Configuration Options): Document show-primary-uid-only. - -2007-02-18 Werner Koch - - * gpg.texi (GPG Esoteric Options): No card reader options for gpg2. - -2007-02-14 Werner Koch - - * gpg-agent.texi (Agent Options): Doc --pinentry-touch-file. - -2007-02-05 Werner Koch - - * debugging.texi (Common Problems): Tell how to export a private - key without a certificate. - -2007-01-30 Werner Koch - - * com-certs.pem: Added the current root certifcates of D-Trust and - S-Trust. - -2007-01-18 David Shaw - - * gpg.texi, specify-user-id.texi: Only some of the mentions of - exclamation marks have an example. Give examples to the rest. - -2007-01-17 David Shaw - - * gpg.texi (GPG Configuration Options): Make http_proxy option - documentation match reality. - (BUGS): Warn about hibernate/safe-sleep/etc writing main RAM to - disk, despite locking. - -2006-12-08 Werner Koch - - * gnupg.texi (direntry): Rename gpg to gpg2. - -2006-12-04 Werner Koch - - * gpgv.texi: New. - * tools.texi: Include new file. - -2006-12-02 David Shaw - - * gpg.texi (GPG Esoteric Options): Document --passphrase-repeat. - -2006-11-14 Werner Koch - - * gpgsm.texi (GPGSM EXPORT): Document changes. - -2006-11-11 Werner Koch - - * gnupg.texi (Top): Move gpg-agent part before gpg. - -2006-11-05 David Shaw - - * gpg.texi: Reference to --s2k-count in --s2k-mode. - -2006-10-30 Werner Koch - - * faq.raw: Minor corrections. - -2006-10-12 Werner Koch - - * Makefile.am (man_MANS): Do not install gnupg.7 due to a conflict - with gpg1. - -2006-10-12 David Shaw - - * gpg.texi: Document --s2k-count. - -2006-09-25 Werner Koch - - * gpg.texi (GPG Examples): Add markup to all options. This is - required to have the double dashs printed correclty. - -2006-09-22 Werner Koch - - * instguide.texi (Installation): New. - * assuan.texi (Assuan): Removed. Use the libassuan manual instead. - * gnupg.texi: Reflect these changes. - - * gpg.texi: Make some parts depend on the "gpgone" set - command. This allows us to use the same source for gpg1 and gpg2. - - * yat2m.c (parse_file): Better parsing of @ifset and ifclear. - (main): Allow definition of "-D gpgone". - (parse_file): Allow macro definitions. - (proc_texi_cmd): Expand macros. - (proc_texi_buffer): Process commands terminated by the closing - brace of the enclosing command. - -2006-09-20 Werner Koch - - * texi.css: New. Note that the current vesion of makeinfo has a - bug while copying the @import directive. A pacth has been send to - upstream. - -2006-09-19 Werner Koch - - * gpg.texi: Some restructuring. - - * Makefile.am (online): New target. - -2006-09-18 Werner Koch - - * com-certs.pem: New. - -2006-09-13 Werner Koch - - * gpg.texi (GPG Esoteric Options): Fixed typo in - --require-cross-certification and made it the default. - -2006-09-11 Werner Koch - - * HACKING: Cleaned up. - -2006-09-08 Werner Koch - - * yat2m.c (parse_file): Ignore @node lines immediately. - (proc_texi_cmd): No special @end ifset processing anymore. - - * specify-user-id.texi: New. Factored out of gpg.texi and ../README. - -2006-09-07 Werner Koch - - * scdaemon.texi (Scdaemon Configuration): New. - - * examples/scd-event: Event handler for sdaemon. - * examples/: New directory - -2006-08-22 Werner Koch - - * yat2m.c (parse_file): Added code to skip a line after @mansect. - - * gnupg7.texi: New. - -2006-08-21 Werner Koch - - * Makefile.am: Added other doc files from gpg 1.4. - -2006-08-17 Werner Koch - - * Makefile.am: Added rules to build man pages. - - * yat2m.c: New. - -2006-02-14 Werner Koch - - * gpgsm.texi (GPGSM Configuration): New section. - -2005-11-14 Werner Koch - - * qualified.txt: Added real information. - -2005-11-13 Werner Koch - - * qualified.txt: New. - * Makefile.am (dist_pkgdata_DATA): New. - -2005-08-16 Werner Koch - - * gpg-agent.texi (Agent Options): Note default file name for - --write-env-file. - -2005-06-03 Werner Koch - - * debugging.texi (Architecture Details): New section, mostly empty. - * gnupg-card-architecture.fig: New. - * Makefile.am: Rules to build png and eps versions. - - * gpg-agent.texi (Agent UPDATESTARTUPTTY): New. - -2005-05-17 Werner Koch - - * gpg-agent.texi (Agent Options): Removed --disable-pth. - -2005-04-27 Werner Koch - - * tools.texi (symcryptrun): Added. - - * scdaemon.texi: Removed OpenSC specific options. - -2005-04-20 Werner Koch - - * gpg-agent.texi (Agent Configuration): New section. - -2005-02-24 Werner Koch - - * tools.texi (gpg-connect-agent): New. - -2005-02-14 Werner Koch - - * gpgsm.texi (Certificate Management): Document --import. - -2005-01-27 Moritz Schulte - - * gpg-agent.texi: Document ssh-agent emulation layer. - -2005-01-04 Werner Koch - - * gnupg.texi: Updated to use @copying. - -2004-12-22 Werner Koch - - * gnupg.texi: Reordered. - * contrib.texi: Updated. - -2004-12-21 Werner Koch - - * tools.texi (gpg-preset-passphrase): New section. - - * gnupg-badge-openpgp.eps, gnupg-badge-openpgp.jpg: New - * gnupg.texi: Add a logo. - * sysnotes.texi: New. - -2004-11-05 Werner Koch - - * debugging.texi (Common Problems): Curses pinentry problem. - -2004-10-22 Werner Koch - - * tools.texi (Helper Tools): Document gpgsm-gencert.sh. - -2004-10-05 Werner Koch - - * gpg-agent.texi (Invoking GPG-AGENT): Tell that GPG_TTY needs to - be set in all cases. - -2004-09-30 Werner Koch - - * gpg.texi: New. - * gnupg.texi: Include gpg.texi - - * tools.texi: Add a few @command markups. - * gpgsm.texi: Ditto - * gpg-agent.texi: Ditto. - * scdaemon.texi: Ditto. - -2004-09-30 Marcus Brinkmann - - * tools.texi (Changing options): Add documentation for gpgconf. - - * contrib.texi (Contributors): Add two missing periods. - -2004-09-29 Werner Koch - - * gpgsm.texi (Configuration Options): Add --log-file. - - * gpg-agent.texi (Invoking GPG-AGENT): Add a few words about the - expected pinentry filename. - - Changed license of the manual stuff to GPL. - - * gnupg.texi (Top): New menu item Helper Tools. - - * tools.texi (Helper Tools): New. - * Makefile.am (gnupg_TEXINFOS): Add tools.texi. - -2004-08-05 Werner Koch - - * scdaemon.texi (Card applications): New section. - -2004-06-22 Werner Koch - - * glossary.texi: New. - -2004-06-18 Werner Koch - - * debugging.texi: New. - * gnupg.texi: Include it. - -2004-05-11 Werner Koch - - * gpgsm.texi (Esoteric Options): Add --debug-allow-core-dump. - -2004-05-03 Werner Koch - - * gpg-agent.texi (Agent Options): Add --allow-mark-trusted. - -2004-02-03 Werner Koch - - * contrib.texi (Contributors): Updated from the gpg 1.2.3 thanks - list. - * gpgsm.texi, gpg-agent.texi, scdaemon.texi: Language cleanups. - -2003-12-01 Werner Koch - - * gpgsm.texi (Certificate Options): Add --{enable,disable}-ocsp. - -2003-11-17 Werner Koch - - * scdaemon.texi (Scdaemon Options): Added --allow-admin and - --deny-admin. - -2003-10-27 Werner Koch - - * gpg-agent.texi (Agent GET_CONFIRMATION): New. - -2002-12-04 Werner Koch - - * gpg-agent.texi (Agent Signals): New. - -2002-12-03 Werner Koch - - * gpgsm.texi (Operational Commands): Add --passwd and - --call-protect-tool. - * gpg-agent.texi (Agent PASSWD): New - -2002-11-13 Werner Koch - - * gpg-agent.texi (Invoking GPG-AGENT): Tell about GPG_TTY. - -2002-11-12 Werner Koch - - * gpgsm.texi (Operational Commands): Add --call-dirmngr. - -2002-09-25 Werner Koch - - * gpg-agent.texi (Agent Options): Add --keep-tty and --keep-display. - -2002-09-12 Werner Koch - - * gpg-agent.texi (Invoking GPG-AGENT): Explained how to start only - one instance. - -2002-08-28 Werner Koch - - * gpg-agent.texi (Agent Options): Explained more options. - * scdaemon.texi (Scdaemon Options): Ditto. - -2002-08-09 Werner Koch - - * Makefile.am (gnupg_TEXINFOS): Include contrib.texi. - -2002-08-06 Werner Koch - - * gpgsm.texi: Added more options. - -2002-07-26 Werner Koch - - * assuan.texi: New. - * gpgsm.texi, scdaemon.texi, gpg-agent.texi: Documented the Assuan - protocol used. - -2002-07-22 Werner Koch - - * gnupg.texi, scdaemon.texi, gpg-agent.texi: New. - * contrib.texi, gpl.texi, fdl.texi: New. - * gpgsm.texi: Made this an include file for gnupg.texi. - * Makefile.am: Build gnupg.info instead of gpgsm.info. - -2002-06-04 Werner Koch - - * gpgsm.texi (Invocation): Described the various debug flags. - -2002-05-14 Werner Koch - - * Makefile.am, gpgsm.texi: New. - - Copyright 2002, 2004, 2005, 2006, 2007, 2008, 2010 Free Software Foundation, Inc. - - This file is free software; as a special exception the author gives - unlimited permission to copy and/or distribute it, with or without - modifications, as long as this notice is preserved. - - This file is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY, to the extent permitted by law; without even the - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/doc/ChangeLog-2011 b/doc/ChangeLog-2011 new file mode 100644 index 000000000..b830c0e11 --- /dev/null +++ b/doc/ChangeLog-2011 @@ -0,0 +1,871 @@ +2011-12-01 Werner Koch + + NB: ChangeLog files are no longer manually maintained. Starting + on December 1st, 2011 we put change information only in the GIT + commit log, and generate a top-level ChangeLog file from logs at + "make dist". See doc/HACKING for details. + +2011-10-12 Werner Koch + + * gpg.texi: Add a bunch of opindex items. + + * yat2m.c (parse_file): Add hack to allow table indentation. + +2011-08-12 Werner Koch + + * texi.css: Override some elements. + * gnupg-log-tr.png: New. + * gnupg.texi: Use transparent logo. + +2011-03-01 Werner Koch + + * gpgsm.texi (CSR and certificate creation): New. + * gpg.texi (Unattended GPG key generation): New. + +2010-10-29 David Shaw + + * gpg.texi (GPG Configuration Options): Clarify that show-photos + doesn't work with --with-colons. --personal-digest-preferences + does not have a default any longer. + +2010-10-18 Werner Koch + + * DETAILS: Fix description of IMPORT_RES. Reported by Nicholas Cole. + +2010-10-11 Daniel Kahn Gillmor (wk) + + * gpg.texi (GPG Configuration Options) : Describe %v + and %V. + +2010-10-05 Werner Koch + + * Makefile.am (faq.txt faq.html, faq-online): New. + +2010-10-04 Werner Koch + + * faq.org: New. + * FAQ: Make it a static file with a pointer to the online location. + * Makefile.am (EXTRA_DIST): Remove faq.raw and faq.html. + (FAQ, faq.html): Remove these targets + +2010-09-28 Werner Koch + + * Makefile.am (AM_MAKEINFOFLAGS): Add define gpgtwoone. + +2010-09-28 David Shaw + + * gpg.texi (OpenPGP Options): Clarify that --force-v3-sigs + disables (not enables) v4 options. --force-v3-sigs defaults to + no. + +2010-08-18 Werner Koch + + * tools.texi (watchgnupg): Add examples section. + +2010-06-10 Werner Koch + + * Makefile.am (gnupg_TEXINFOS): Add dirmngr.texi. + (myman_sources): Ditto. + (myman_pages): Add dirmngr and dirmngr-client pages. + (noinst_MANS): Move gnupg.7 to man_MANS. + + * gnupg.texi: Include dirmngr.texi and add a menu entry. + * dirmngr.texi: New. Taken from the current SVN of the dirmngr + package and adjusted to fit into the GnuPG manual. Moved + dirmngr-cleint stuff to ... + * tools.texi (dirmngr-client): ... new. + +2009-11-18 Werner Koch + + * gpg.texi (GPG Key related Options): Describe + --skip-hidden-recipients. + +2009-10-19 David Shaw + + * gpg.texi (GPG Configuration Options): Clarify that ca-cert-file + is a generic store, the details of which depend on the underlying + libraries. + +2009-08-24 David Shaw + + * gpg.texi: Suggested new ordering for --edit-key. + +2009-08-17 David Shaw + + * gpg.texi (OpenPGP Options): Clarify that + personal-foo-preferences overrides recipient preferences (safely). + +2009-08-14 David Shaw + + * gpg.texi (GPG Configuration Options): Document keyserver options + check-cert and ca-cert-file. + +2009-08-06 Werner Koch + + * DETAILS: Describe the new INV_SNDR and NO_SNDR.. + +2009-07-31 David Shaw + + * gpg.texi (OpenPGP Options): Don't mention + --no-sk-comment (doesn't exist any longer). + +2009-07-23 David Shaw + + * gpg.texi (GPG Configuration Options): LDAP uses DNS-SD to locate + a server before falling back to keys.{domain}. + +2009-07-23 Werner Koch + + * help.txt (gpgsm.crl-problem): New. + +2009-07-22 Werner Koch + + * scdaemon.texi, instguide.texi, gpgsm.texi, sysnotes.texi + * glossary.texi, howto-create-a-server-cert.texi, tools.texi + * gpg-agent.texi, gpg.texi, debugging.texi: Typo fixes. Reported + by Jeroen Schot. Fixes bug#1093. + + * gpg.texi (GPG Configuration Options): Tell what files to backup. + * sysnotes.texi: Remove some warning notes for W32. + +2009-07-20 Werner Koch + + * gpg.texi (Operational GPG Commands): Add a note for --send-keys. + Fixes bug#1090. + +2009-07-06 Werner Koch + + * debugging.texi (Common Problems): Add a note about corrupted + keys in --search-keys. + +2009-06-02 Werner Koch + + * tools.texi (watchgnupg): Typo fix. Fixes bug#1065. + + * gpg-agent.texi (Agent Commands): Update description of --daemon. + +2009-05-20 Werner Koch + + * gpg.texi (GPG Configuration Options): Explain new meaning of + --enable-dsa2. + +2009-03-16 David Shaw + + * gpg.texi (GPG Configuration Options): Document keyserver-options + debug. + +2009-03-04 Werner Koch + + * help.txt (gpg.keygen.size): Add a link to web page. + +2009-03-03 Werner Koch + + * gpg.texi (Operational GPG Commands): "merge-only" is an + import-option. Reported by Joseph Oreste Bruni. + +2009-03-02 Werner Koch + + * gpg-agent.texi (Invoking GPG-AGENT): Modernized instructions. + (Agent Options): Fix spelling of option --lc-ctype. + +2009-01-12 Werner Koch + + * faq.raw: Fix bug reorting address. + +2008-12-12 Werner Koch + + * gpgsm.texi (General GPGSM Commands): Fix --help, --version and + --warranty wording. + +2008-12-08 Werner Koch + + * DETAILS: Clarify the use of "trust" and "validity" as suggested + by Daniel Kahn Gillmor. Fix some typos. Remove the outdated + sections on packet headers and pipemode. Point to the libgcrypt + manual for a description of the key generation. + +2008-11-12 Werner Koch + + * gpg-agent.texi (Agent Options): Use Posix $() instead of + backticks to avoid rendering problems. + +2008-10-13 Werner Koch + + * gpgsm.texi (Certificate Management): Explain hot to delete the + secret key. + +2008-10-01 Werner Koch + + * tools.texi (Controlling gpg-connect-agent): Describe /datafile. + +2008-09-23 David Shaw + + * gpg.texi (OpenPGP Key Management): Clarify setpref a bit. + +2008-08-30 Werner Koch + + * yat2m.c (write_th): Print a note that this is generated source. + (VERSION): Bump up to 1.0. + +2008-07-30 Werner Koch + + * gpgsm.texi (GPGSM Configuration): Mention com-cert.pem. + +2008-06-25 Werner Koch + + * qualified.txt: Add new BnetzA certs 12R and 13R. + * com-certs.pem: Ditto. + * examples/trustlist.txt: Ditto. + +2008-06-19 Werner Koch + + * tools.texi (Listing options): Describe new complect gpgconf type + "alias list". + +2008-06-16 Werner Koch + + * DETAILS (group): Document %ask-passphrase. + +2008-05-26 Werner Koch + + * gpgv.texi: Minor fixes. Fixes bug#918. + + * opt-homedir.texi: Typo fixes. Fixes bug#917. + +2008-05-26 Marcus Brinkmann + + * tools.texi (Invoking gpgconf): Document --list-dirs. + +2008-05-20 Marcus Brinkmann + + * tools.texi (Invoking gpgconf): Add --dry-run and --check-options. + (Checking programs): Document --check-options. + +2008-05-15 Marcus Brinkmann + + * gpg.texi (Operational GPG Commands): Mention the way to change + the default signing key. + +2008-05-06 Werner Koch + + * Makefile.am (myman_pages): Add gpg-zip.1. + + * tools.texi (gpg-zip): Add new section. + +2008-04-08 Werner Koch + + * gpg.texi (GPG Configuration Options): Change subkeys.pgp.net to + keys.gnupg.net. Describe --auto-key-locate mechanisms local and + nodefault. + +2008-04-03 Werner Koch + + * yat2m.c (proc_texi_cmd): Remove extra apostrophe from @samp and + use open and close quote to @file and @env. + +2008-04-02 Werner Koch + + * opt-homedir.texi: Remove special case for Registry key. + + * yat2m.c (proc_texi_cmd): Use the \(aq glyph for @samp. This is + bug#898. + (proc_texi_buffer): Handle backslashs correctly. + +2008-03-27 Werner Koch + + * Makefile.am (nobase_dist_doc_DATA, dist_html_DATA): New. Move + relevant files to here. + (install-html-local): Remove. + +2008-02-27 Marcus Brinkmann + + * tools.texi (Listing options): Document new types. + +2008-02-26 Werner Koch + + * gpg.texi (GPG Configuration Options): Mention rfc4398. + +2008-02-05 David Shaw + + * gpg.texi (GPG Esoteric Options): Tweak mention of Tempest font + to add a "claimed" in there. + +2008-01-29 Justin Pryzby (wk) + + * gpg-agent.texi (Agent Options): Grammar fixes + + * qualified.txt: Spelling fixes. + +2008-01-28 Justin Pryzby (wk) + + * gpg-agent.texi, yat2m.c, scdaemon.texi, qualified.txt + * tools.texi, gpgsm.texi: Typo fixes and minor grammer fixes. + +2008-01-10 Werner Koch + + * qualified.txt: Add missing country tag to the last entries. + Reported by Marcus Brinkmann. + +2008-01-10 Marcus Brinkmann + + * tools.texi (gpgconf): Some clarifications. + +2008-01-02 Werner Koch + + * gpg.texi (GPG Esoteric Options): Mention --log-file. + +2007-12-13 Werner Koch + + * qualified.txt: Add 2 root certs from S-Trust for 2008-2012. + * examples/trustlist.txt: Ditto. + * com-certs.pem: Ditto. + + * gpgsm.texi (Esoteric Options): Document --extra-digest-algo. + +2007-12-12 Werner Koch + + * gpg.texi: Typo fixes. From Christer Andersson. + +2007-12-04 Werner Koch + + * help.txt: New online help file. + * help.be.txt, help.ca.txt, help.cs.txt, help.da.txt, help.de.txt + * help.el.txt, help.eo.txt, help.es.txt, help.et.txt, help.fi.txt + * help.fr.txt, help.gl.txt, help.hu.txt, help.id.txt, help.it.txt + * help.ja.txt, help.nb.txt, help.pl.txt, help.pt.txt + * help.pt_BR.txt, help.ro.txt, help.ru.txt, help.sk.txt + * help.sv.txt, help.tr.txt, help.zh_CN.txt, help.zh_TW.txt: New + online file, generated from teh current po files. + * Makefile.am (dist_pkgdata_DATA): Add them. + +2007-11-19 Werner Koch + + * gpg.texi (GPG Configuration Options): English Grammar fix. + Thanks to Gerg Troxel. + + * gpgsm.texi (Certificate Options): Document + --auto-issuer-key-retrieve. + +2007-11-15 Werner Koch + + * gpg.texi (GPG Configuration): Add PINENTRY_USER_DATA. + + * gpg-agent.texi (Agent Options): Add xauthority. + +2007-10-31 Marcus Brinkmann + + * gpg-agent.texi (Agent Options): Fix typos, by Bernhard Reiter. + +2007-10-27 David Shaw + + * gpg.texi: Document --rfc4880 (the new --openpgp). + +2007-10-25 David Shaw + + * gpg.texi: Clarify --force-v3-sigs, --pgp2, and --pgp6 a bit. + +2007-10-23 Werner Koch + + * tools.texi (Listing global options): New. + +2007-10-19 Werner Koch + + * tools.texi (Controlling gpg-connect-agent): Updated. + +2007-08-29 Werner Koch + + * tools.texi (Checking programs): New. + +2007-08-27 Werner Koch + + * examples/pwpattern.list: New. + +2007-08-24 Werner Koch + + * debugging.texi (Common Problems): Add "A root certifciate does + not validate." + +2007-08-14 Werner Koch + + * glossary.texi (Glossary): Add a more items. + +2007-08-13 Werner Koch + + * yat2m.c (proc_texi_cmd): Do not put @samp content between two + newlines. + + * gpg-agent.texi (Agent Configuration): Explain the CM flag for + trustlist.txt. + +2007-08-09 Werner Koch + + * gpgsm.texi (Certificate Options): Describe --validation-model. + +2007-07-23 Werner Koch + + * scdaemon.texi (Scdaemon Commands): Remove obsolete --print-atr. + +2007-07-17 Werner Koch + + * gpgsm.texi (Input and Output): Document --default-key. + +2007-07-04 Werner Koch + + * gpl.texi: Updated to GPLv3. + +2007-06-22 Werner Koch + + * gpg.texi (Operational GPG Commands): Describe the flags used by + --check-sigs. + +2007-06-21 Werner Koch + + * gpgsm.texi (Certificate Management): Changed description of + --gen-key. + +2007-06-19 Werner Koch + + * glossary.texi (Glossary): Describe PSE. + +2007-06-18 Werner Koch + + * gpg-agent.texi (Agent GETINFO): New. + +2007-06-06 Werner Koch + + * Makefile.am (yat2m): Use a plain rule to build it for the sake + of cross-compiling. + + * yat2m.c (finish_page): Init SECT to NULL. + +2007-05-11 Werner Koch + + * gpgsm.texi (--export): Enhanced description. + +2007-05-09 Werner Koch + + * examples/gpgconf.conf: Remove active example line. + + * Makefile.am (online): Distinguish between released and svn manuals. + +2007-05-08 Werner Koch + + * howtos.texi: New. + * howto-create-a-server-cert.texi: New. + * Makefile.am (gnupg_TEXINFOS): Add new files. + + * gnupg.texi: Moved the logo for HTML more to the top. + * Makefile.am (install-html-local): New. + (DVIPS): Redefine to include srcdir. + +2007-05-04 Werner Koch + + * gnupg.texi (Top): Fix typo and a grammar issue. + * Makefile.am (EXTRA_DIST): Add gnupg-logo.png. Suggested by + Bernard Leak. + +2007-04-15 David Shaw + + * gpg.texi (OpenPGP Options): Update the personal-foo-preferences + documentation a bit. + +2007-04-10 Werner Koch + + * gpg.texi (GPG Configuration Options): Document --batch, no-tty, + --yes and --no. + +2007-03-08 Werner Koch + + * gnupg-logo.png, gnupg-logo.eps, gnupg-logo.pdf: New. + * gnupg-badge-openpgp.eps, gnupg-badge-openpgp.eps + * gnupg-badge-openpgp.jpg: Removed. + * gnupg.texi: Use new logo. + +2007-03-07 Werner Koch + + * tools.texi (applygnupgdefaults): New. + +2007-03-06 Werner Koch + + * examples/gpgconf.conf: New. + +2007-03-04 David Shaw + + * gpg.texi (GPG Esoteric Options): Document + --allow-multiple-messages. + +2007-02-26 Werner Koch + + * gpg.texi (GPG Configuration): Document envvar LANGUAGE. + (GPG Configuration Options): Document show-primary-uid-only. + +2007-02-18 Werner Koch + + * gpg.texi (GPG Esoteric Options): No card reader options for gpg2. + +2007-02-14 Werner Koch + + * gpg-agent.texi (Agent Options): Doc --pinentry-touch-file. + +2007-02-05 Werner Koch + + * debugging.texi (Common Problems): Tell how to export a private + key without a certificate. + +2007-01-30 Werner Koch + + * com-certs.pem: Added the current root certifcates of D-Trust and + S-Trust. + +2007-01-18 David Shaw + + * gpg.texi, specify-user-id.texi: Only some of the mentions of + exclamation marks have an example. Give examples to the rest. + +2007-01-17 David Shaw + + * gpg.texi (GPG Configuration Options): Make http_proxy option + documentation match reality. + (BUGS): Warn about hibernate/safe-sleep/etc writing main RAM to + disk, despite locking. + +2006-12-08 Werner Koch + + * gnupg.texi (direntry): Rename gpg to gpg2. + +2006-12-04 Werner Koch + + * gpgv.texi: New. + * tools.texi: Include new file. + +2006-12-02 David Shaw + + * gpg.texi (GPG Esoteric Options): Document --passphrase-repeat. + +2006-11-14 Werner Koch + + * gpgsm.texi (GPGSM EXPORT): Document changes. + +2006-11-11 Werner Koch + + * gnupg.texi (Top): Move gpg-agent part before gpg. + +2006-11-05 David Shaw + + * gpg.texi: Reference to --s2k-count in --s2k-mode. + +2006-10-30 Werner Koch + + * faq.raw: Minor corrections. + +2006-10-12 Werner Koch + + * Makefile.am (man_MANS): Do not install gnupg.7 due to a conflict + with gpg1. + +2006-10-12 David Shaw + + * gpg.texi: Document --s2k-count. + +2006-09-25 Werner Koch + + * gpg.texi (GPG Examples): Add markup to all options. This is + required to have the double dashs printed correclty. + +2006-09-22 Werner Koch + + * instguide.texi (Installation): New. + * assuan.texi (Assuan): Removed. Use the libassuan manual instead. + * gnupg.texi: Reflect these changes. + + * gpg.texi: Make some parts depend on the "gpgone" set + command. This allows us to use the same source for gpg1 and gpg2. + + * yat2m.c (parse_file): Better parsing of @ifset and ifclear. + (main): Allow definition of "-D gpgone". + (parse_file): Allow macro definitions. + (proc_texi_cmd): Expand macros. + (proc_texi_buffer): Process commands terminated by the closing + brace of the enclosing command. + +2006-09-20 Werner Koch + + * texi.css: New. Note that the current vesion of makeinfo has a + bug while copying the @import directive. A pacth has been send to + upstream. + +2006-09-19 Werner Koch + + * gpg.texi: Some restructuring. + + * Makefile.am (online): New target. + +2006-09-18 Werner Koch + + * com-certs.pem: New. + +2006-09-13 Werner Koch + + * gpg.texi (GPG Esoteric Options): Fixed typo in + --require-cross-certification and made it the default. + +2006-09-11 Werner Koch + + * HACKING: Cleaned up. + +2006-09-08 Werner Koch + + * yat2m.c (parse_file): Ignore @node lines immediately. + (proc_texi_cmd): No special @end ifset processing anymore. + + * specify-user-id.texi: New. Factored out of gpg.texi and ../README. + +2006-09-07 Werner Koch + + * scdaemon.texi (Scdaemon Configuration): New. + + * examples/scd-event: Event handler for sdaemon. + * examples/: New directory + +2006-08-22 Werner Koch + + * yat2m.c (parse_file): Added code to skip a line after @mansect. + + * gnupg7.texi: New. + +2006-08-21 Werner Koch + + * Makefile.am: Added other doc files from gpg 1.4. + +2006-08-17 Werner Koch + + * Makefile.am: Added rules to build man pages. + + * yat2m.c: New. + +2006-02-14 Werner Koch + + * gpgsm.texi (GPGSM Configuration): New section. + +2005-11-14 Werner Koch + + * qualified.txt: Added real information. + +2005-11-13 Werner Koch + + * qualified.txt: New. + * Makefile.am (dist_pkgdata_DATA): New. + +2005-08-16 Werner Koch + + * gpg-agent.texi (Agent Options): Note default file name for + --write-env-file. + +2005-06-03 Werner Koch + + * debugging.texi (Architecture Details): New section, mostly empty. + * gnupg-card-architecture.fig: New. + * Makefile.am: Rules to build png and eps versions. + + * gpg-agent.texi (Agent UPDATESTARTUPTTY): New. + +2005-05-17 Werner Koch + + * gpg-agent.texi (Agent Options): Removed --disable-pth. + +2005-04-27 Werner Koch + + * tools.texi (symcryptrun): Added. + + * scdaemon.texi: Removed OpenSC specific options. + +2005-04-20 Werner Koch + + * gpg-agent.texi (Agent Configuration): New section. + +2005-02-24 Werner Koch + + * tools.texi (gpg-connect-agent): New. + +2005-02-14 Werner Koch + + * gpgsm.texi (Certificate Management): Document --import. + +2005-01-27 Moritz Schulte + + * gpg-agent.texi: Document ssh-agent emulation layer. + +2005-01-04 Werner Koch + + * gnupg.texi: Updated to use @copying. + +2004-12-22 Werner Koch + + * gnupg.texi: Reordered. + * contrib.texi: Updated. + +2004-12-21 Werner Koch + + * tools.texi (gpg-preset-passphrase): New section. + + * gnupg-badge-openpgp.eps, gnupg-badge-openpgp.jpg: New + * gnupg.texi: Add a logo. + * sysnotes.texi: New. + +2004-11-05 Werner Koch + + * debugging.texi (Common Problems): Curses pinentry problem. + +2004-10-22 Werner Koch + + * tools.texi (Helper Tools): Document gpgsm-gencert.sh. + +2004-10-05 Werner Koch + + * gpg-agent.texi (Invoking GPG-AGENT): Tell that GPG_TTY needs to + be set in all cases. + +2004-09-30 Werner Koch + + * gpg.texi: New. + * gnupg.texi: Include gpg.texi + + * tools.texi: Add a few @command markups. + * gpgsm.texi: Ditto + * gpg-agent.texi: Ditto. + * scdaemon.texi: Ditto. + +2004-09-30 Marcus Brinkmann + + * tools.texi (Changing options): Add documentation for gpgconf. + + * contrib.texi (Contributors): Add two missing periods. + +2004-09-29 Werner Koch + + * gpgsm.texi (Configuration Options): Add --log-file. + + * gpg-agent.texi (Invoking GPG-AGENT): Add a few words about the + expected pinentry filename. + + Changed license of the manual stuff to GPL. + + * gnupg.texi (Top): New menu item Helper Tools. + + * tools.texi (Helper Tools): New. + * Makefile.am (gnupg_TEXINFOS): Add tools.texi. + +2004-08-05 Werner Koch + + * scdaemon.texi (Card applications): New section. + +2004-06-22 Werner Koch + + * glossary.texi: New. + +2004-06-18 Werner Koch + + * debugging.texi: New. + * gnupg.texi: Include it. + +2004-05-11 Werner Koch + + * gpgsm.texi (Esoteric Options): Add --debug-allow-core-dump. + +2004-05-03 Werner Koch + + * gpg-agent.texi (Agent Options): Add --allow-mark-trusted. + +2004-02-03 Werner Koch + + * contrib.texi (Contributors): Updated from the gpg 1.2.3 thanks + list. + * gpgsm.texi, gpg-agent.texi, scdaemon.texi: Language cleanups. + +2003-12-01 Werner Koch + + * gpgsm.texi (Certificate Options): Add --{enable,disable}-ocsp. + +2003-11-17 Werner Koch + + * scdaemon.texi (Scdaemon Options): Added --allow-admin and + --deny-admin. + +2003-10-27 Werner Koch + + * gpg-agent.texi (Agent GET_CONFIRMATION): New. + +2002-12-04 Werner Koch + + * gpg-agent.texi (Agent Signals): New. + +2002-12-03 Werner Koch + + * gpgsm.texi (Operational Commands): Add --passwd and + --call-protect-tool. + * gpg-agent.texi (Agent PASSWD): New + +2002-11-13 Werner Koch + + * gpg-agent.texi (Invoking GPG-AGENT): Tell about GPG_TTY. + +2002-11-12 Werner Koch + + * gpgsm.texi (Operational Commands): Add --call-dirmngr. + +2002-09-25 Werner Koch + + * gpg-agent.texi (Agent Options): Add --keep-tty and --keep-display. + +2002-09-12 Werner Koch + + * gpg-agent.texi (Invoking GPG-AGENT): Explained how to start only + one instance. + +2002-08-28 Werner Koch + + * gpg-agent.texi (Agent Options): Explained more options. + * scdaemon.texi (Scdaemon Options): Ditto. + +2002-08-09 Werner Koch + + * Makefile.am (gnupg_TEXINFOS): Include contrib.texi. + +2002-08-06 Werner Koch + + * gpgsm.texi: Added more options. + +2002-07-26 Werner Koch + + * assuan.texi: New. + * gpgsm.texi, scdaemon.texi, gpg-agent.texi: Documented the Assuan + protocol used. + +2002-07-22 Werner Koch + + * gnupg.texi, scdaemon.texi, gpg-agent.texi: New. + * contrib.texi, gpl.texi, fdl.texi: New. + * gpgsm.texi: Made this an include file for gnupg.texi. + * Makefile.am: Build gnupg.info instead of gpgsm.info. + +2002-06-04 Werner Koch + + * gpgsm.texi (Invocation): Described the various debug flags. + +2002-05-14 Werner Koch + + * Makefile.am, gpgsm.texi: New. + + Copyright 2002, 2004, 2005, 2006, 2007, 2008, 2010 Free Software Foundation, Inc. + + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even the + implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +Local Variables: +buffer-read-only: t +End: diff --git a/doc/HACKING b/doc/HACKING index 07f09c56b..d6cb8ab4c 100644 --- a/doc/HACKING +++ b/doc/HACKING @@ -3,7 +3,30 @@ (Some notes on GNUPG internals.) - ===> Under construction <======= +* No more ChangeLog files + +Do not modify any of the ChangeLog files in GnuPG. Starting on +December 1st, 2011 we put change information only in the GIT commit +log, and generate a top-level ChangeLog file from logs at "make dist" +time. As such, there are strict requirements on the form of the +commit log messages. The old ChangeLog files have all be renamed to +ChangeLog-2011 + + +* Commit log requirements + +Your commit log should always start with a one-line summary, the second +line should be blank, and the remaining lines are usually ChangeLog-style +entries for all affected files. However, it's fine -- even recommended -- +to write a few lines of prose describing the change, when the summary +and ChangeLog entries don't give enough of the big picture. Omit the +leading TABs that you're used to seeing in a "real" ChangeLog file, but +keep the maximum line length at 72 or smaller, so that the generated +ChangeLog lines, each with its leading TAB, will not exceed 80 columns. + + + +===> What follows is probably out of date <=== RFCs @@ -63,7 +86,7 @@ g10/keydb.h g10/keyid.c Helper functions to get the keyid, fingerprint etc. -g10/trustdb.c +g10/trustdb.c g10/trustdb.h g10/tdbdump.c Management of the trustdb.gpg @@ -74,7 +97,7 @@ g10/delkey.c Delete a key g10/kbnode.c Helper for the KBNODE linked list g10/main.h Prototypes and some constants g10/mainproc.c Message processing -g10/armor.c Ascii armor filter +g10/armor.c Ascii armor filter g10/mdfilter.c Filter to calculate hashs g10/textfilter.c Filter to handle CR/LF and trailing white space g10/cipher.c En-/Decryption filter @@ -88,7 +111,7 @@ g10/hkp.h Keyserver access g10/hkp.c g10/packet.h Defintion of OpenPGP structures. g10/passphrase.c Passphrase handling code -g10/pubkey-enc.c +g10/pubkey-enc.c g10/seckey-cert.c g10/seskey.c g10/import.c diff --git a/doc/Makefile.am b/doc/Makefile.am index f9fd00857..e228f2306 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -34,7 +34,7 @@ EXTRA_DIST = samplekeys.asc \ gnupg-card-architecture.pdf \ FAQ gnupg7.texi \ opt-homedir.texi see-also-note.texi specify-user-id.texi \ - gpgv.texi texi.css yat2m.c + gpgv.texi texi.css yat2m.c ChangeLog-2011 BUILT_SOURCES = gnupg-card-architecture.eps gnupg-card-architecture.png \ gnupg-card-architecture.pdf diff --git a/g10/ChangeLog b/g10/ChangeLog deleted file mode 100644 index 4dadaabcc..000000000 --- a/g10/ChangeLog +++ /dev/null @@ -1,12055 +0,0 @@ -2011-11-30 Werner Koch - - * keyserver.c (keyserver_import_cert): Adjust for changed - get_dns_cert. - -2011-11-28 Werner Koch - - * keyserver.c (DEFAULT_MAX_CERT_SIZE): Increase from 16k to 64k. - -2011-11-22 Werner Koch - - * pubkey-enc.c (get_session_key): Don't print anonymous recipient - messages in quiet mode. This is bug#1378. - -2011-11-06 Werner Koch - - * card-util.c (generate_card_keys): Add arg CTRL. - - * call-agent.c (agent_readkey): New. - * keygen.c (do_create_from_keygrip): New. - (ask_algo): Add arg R_KEYGRIP and a prompt to enter it. - (generate_subkeypair): Call do_create_from_keygrip if required. - (generate_subkeypair): Add arg CTRL. Change caller. - (ask_algo): Add arg CTRL. - (generate_keypair): Ditto. - -2011-09-23 Werner Koch - - * gpgv.c (disable_dotlock): Rename to dotlock_disable. - (create_dotlock): Rename to dotlock_create. - (destroy_dotlock): Rename to dotlock_destroy. - (make_dotlock): Rename to dotlock_take. - (release_dotlock): Rename to dotlock_release. - (lockfiles_remove): Rename to dotlock_remove_lockfiles. - -2011-09-20 Werner Koch - - * free-packet.c (free_public_key): Allow a NULL argument. - * keyedit.c (keyedit_passwd): No more need to check that PK is NULL. - (menu_addrevoker): Ditto. - * passphrase.c (passphrase_get, passphrase_to_dek_ext): Ditto. - * skclist.c (release_sk_list): Ditto. - * revoke.c (gen_desig_revoke): Ditto. - * pubkey-enc.c (get_session_key): Ditto. - * pkclist.c (build_pk_list): Ditto. - -2011-09-20 Jim Meyering - - avoid use of freed pointer - If we free pk2 at the top of the for-loop, set it to NULL - so that we don't free it again just before returning. - * revoke.c (gen_desig_revoke): Don't use pk2 after freeing it. - -2011-09-20 Werner Koch - - * sign.c (sign_file, clearsign_file, sign_symencrypt_file): - s/gcry_md_start_debug/gcry_md_debug/ in preparation for Libgcrypt - 1.6. - * mainproc.c (proc_plaintext, proc_tree): Ditto. - * decrypt-data.c (decrypt_data): Ditto. - * cipher.c (write_header): Ditto. - -2011-08-10 Werner Koch - - * export.c (transfer_format_to_openpgp): Don't parse unneeded CSUM. - - * import.c (import_secret_one): Use arg OPTIONS instead of global - import options var. - - * sig-check.c (do_check): Remove unused var CTX. - - * build-packet.c (do_user_id): Return value. - -2011-07-29 Werner Koch - - * tdbio.c (open_db): Do not print read-only warning in quiet mode. - -2011-07-18 Werner Koch - - * parse-packet.c (parse_key): Print the decoded iteration count. - Fixes bug#1355. - -2011-07-07 Werner Koch - - * card-util.c (ask_card_keysize): Bump key size limit to 4096. - * call-agent.c (scd_genkey_parm_s): New. - (agent_scd_genkey): Use new struct. - (scd_genkey_cb): Implement chunked mode for KEY-DATA. - (scd_genkey_cb_append_savedbytes): New. - -2011-06-16 Werner Koch - - * card-util.c (ask_card_keysize): Bump key size limit to 4096. - * call-agent.c (scd_genkey_parm_s): New. - (agent_scd_genkey): Use new struct. - (scd_genkey_cb): Implement chunked mode for KEY-DATA. - (scd_genkey_cb_append_savedbytes): New. - -2011-06-13 Werner Koch - - * pkglue.c (mpi_from_sexp): Use GCRYMPI_FMT_USG to avoid problems - with leading zeroed. The latest Libgcrypt does this now - correctly. Given that the default of gcry_sexp_nth_mpi would use - a signed MPI, which is not implemented, the assertion would fail. - -2011-06-01 Marcus Brinkmann - - * parse-packet.c (parse_pubkeyenc): Change type of N to size_t. - (parse_key): Likewise. - * seskey.c (encode_session_key): Convert nframe to int for - debugging. - * build-packet.c (gpg_mpi_write): Change type of N to unsigned int. - * import.c (transfer_secret_keys): Likewise. - -2011-04-29 Werner Koch - - * keydb.c (keydb_get_keyblock, keydb_add_resource): Use gpg_error. - (keydb_get_keyblock): Return VALUE_NOT_FOUND instead of -1. - (keydb_update_keyblock, keydb_insert_keyblock) - (keydb_delete_keyblock): Ditto. - (keydb_locate_writable): Ditto. - (keydb_search_reset): Ditto. - (keydb_search2): Return GPG_ERR_NOT_FOUND instead of -1. Change - all callers. - (keydb_search_first, keydb_search_next, keydb_search_kid) - (keydb_search_fpr): Ditto. - -2011-04-29 Marcus Brinkmann - - * import.c (import_secret_one): Leave all checks to import_one. - Cancel secret key import if public key was skipped due to - merge-only request. Fix import status for non-new secret key - import by checking stat counter. - -2011-04-29 Marcus Brinkmann - - * delkey.c (do_delete_key): Access public keyblock even for secret - key operations. But deleting secret key is not supported yet, so - give an error. Limit secret-key-exists error case to public keys. - -2011-04-28 Werner Koch - - * ecdh.c (pk_ecdh_encrypt_with_shared_point): Remove memory leak - of SECRET_X in the error case. Replace an assert by an error - return. - -2011-04-26 Werner Koch - - * export.c (transfer_format_to_openpgp): Do not apply - encode_s2k_iterations to S2K_COUNT. - -2011-04-25 Werner Koch - - * delkey.c (do_delete_key): Mark classify_user_id for use with - OpenPGP. - * trustdb.c (register_trusted_key): Ditto. - * revoke.c (gen_revoke): Ditto. - * keyserver.c (keyserver_export, keyidlist, keyserver_export): Ditto. - * getkey.c (key_byname): Ditto. - * export.c (do_export_stream): Ditto. - -2011-04-20 Marcus Brinkmann - - * keylist.c (list_keyblock_colon): Use get_ownertrust_info, not - get_ownertrust (which lead to binary zeroes in the output!). - -2011-03-23 Werner Koch - - * parse-packet.c (read_rest): Drop unsed PARTIAL arg. Rewrite to - detect premature EOF. Suggested by Timo Schulz. - -2011-03-10 Werner Koch - - * passphrase.c (hash_passphrase): Remove. - (passphrase_to_dek_ext): Use gcry_kdf_derive. - -2011-03-03 Werner Koch - - * keylist.c (print_card_key_info): Re-implement using the agent. - * card-util.c (card_status) [GNUPG_MAJOR_VERSION!=1]: Call - print_card_key_info. - - * keyid.c (hash_public_key): Remove shadowing NBITS. - - * misc.c (pubkey_nbits): Replace GCRY_PK_ by PUBKEY_ALGO_. - (get_signature_count): Remove warning. - - * armor.c (armor_filter): Don't take a copy of radbuf while - writing the checksum. This works around a faulty gcc 4.4 warning. - -2011-03-02 Werner Koch - - * call-agent.c (agent_scd_pksign, agent_scd_pkdecrypt) - (hash_algo_option): Remove these unused functions. - -2011-02-10 Werner Koch - - * seskey.c (encode_md_value): Change last fix to avoid a - regression for DSA with SHA-2 hashes. - -2011-02-09 Werner Koch - - * keyserver.c: Replace all printf by es_printf. - -2011-02-08 Werner Koch - - * call-dirmngr.c (gpg_dirmngr_ks_fetch): New. - * keyserver.c (keyserver_fetch): Rewrite to use dirmngr. - -2011-02-07 Werner Koch - - * seskey.c (encode_md_value): Truncate to MDLEN and not to QBYTES - which makes a difference with 521 bit ECC keys. For clarity - rename QBYTES to QBITS and adjust accordingly. - -2011-02-04 Werner Koch - - * sig-check.c (do_check_messages): Remove the long deprecated - SIGEXPIRED status line. - -2011-02-03 Werner Koch - - * export.c (transfer_format_to_openpgp) [!HAVE_GCRY_PK_GET_CURVE]: - Fix syntax error. - - * decrypt-data.c: Include status.h. - (decrypt_data): Emit a DECRYPTION_INFO status line. - - * misc.c (has_invalid_email_chars): Relax mailbox name checking. - Fixes bug#1315. - - * sign.c (do_sign): Use openpgp_pk_algo_name. - - * keygen.c (ask_algo): Show ECC algos only in expert mode. Add - non-combined menu entries for ECDSA and ECDH. - (ask_key_flags): Use openpgp_pk_algo_name. - -2011-02-03 Werner Koch - - Finished ECC integration. - Wrote change description for 2011-01-13. - -2011-02-02 Werner Koch - - * encrypt.c (write_pubkey_enc_from_list): Don't compute the - fingerprint. - * pkglue.c (pk_encrypt): Replace PK_FP by PK and compute the - fingerprint only when needed. - * pkglue.h: Include packet.h. - - * import.c (transfer_secret_keys): Make sure keyids are available. - - * keyid.c (hash_public_key): Adjust for the ECC case. - -2011-02-01 Werner Koch - - * gpg.c (main): Call setup_libgcrypt_logging. - - * import.c (transfer_secret_keys): Implement ECC case. - (one_mpi_from_pkey): New. - * export.c (transfer_format_to_openpgp): Ditto. - * keygen.c (gpg_curve_to_oid): New. - (ecckey_from_sexp): Factor curve name mapping out to new function. - -2011-01-31 Werner Koch - - * ecdh.c (pk_ecdh_encrypt_with_shared_point): Return an opaque MPI. - - * build-packet.c (mpi_write): Rename to gpg_mpi_write and make global. - -2011-01-30 Werner Koch - - * keyid.c (keygrip_from_pk): Adjust ECC cases. - * pkglue.c (pk_verify): Ditto. - - * parse-packet.c (parse_key): Simply ECC case. - (parse_pubkeyenc): Ditto. - - * misc.c (pubkey_get_npkey): Special case ECC. - (pubkey_get_nskey): Ditto. - (mpi_print): Support printing of opaque values. - (openpgp_oid_to_str): New. - (pubkey_nbits): For ECC pass curve parameter. - - * ecdh.c (pk_ecdh_default_params): Change to return an opaque MPI. - - * build-packet.c (do_key): Automatically handle real and opaque - key parameters. - (write_fake_data): Return an error code. - (mpi_write): Support writing opaque MPIs. - (do_pubkey_enc): Simplify ECC handling. - -2011-01-28 Werner Koch - - * keygen.c (gen_ecc): Rewrite. Select a named curve and create a - keyspec based on that. - (pk_ecc_build_key_params): Remove. - (get_parameter_algo): Map algo number. - (ecckey_from_sexp): New. - * misc.c (map_pk_gcry_to_openpgp): New. - -2011-01-25 Werner Koch - - * ecdh.c (pk_ecdh_default_params_to_mpi): Remove. - (pk_ecdh_default_params): Rewrite. Factor KEK table out to .. - (kek_params_table): .. here. - (pk_ecdh_generate_ephemeral_key): New. - (pk_ecdh_encrypt): Remove. - (pk_ecdh_encrypt_with_shared_point): Make public. - - * pubkey-enc.c (get_it): Fix assertion. Use GPG_ERR_WRONG_SECKEY - instead of log_fatal. Add safety checks for NFRAME. - - * keygen.c (pk_ecc_keypair_gen): Make static. - (ask_keysize): Use proper rounding for ECC. - (pk_ecc_build_key_params): Remove NBITSSTR. - -2011-01-20 Werner Koch - - * keyserver.c: Rewrite most stuff for use with dirmngr. Get rid - of all spawn code. More work pending. - - * export.c (export_pubkeys_buffer): New. - - * import.c (import_keys_es_stream): New. - - * call-dirmngr.c, call-dirmngr.h: New. - * gpg.h (server_control_s): Add DIRMNGR_LOCAL. - * gpg.c: Include call-dirmngr.h. - (gpg_deinit_default_ctrl): Call gpg_dirmngr_deinit_session_data. - -2011-01-13 Andrey Jivsov (wk) - - Integrated ECC support. Below are the changes finally merged into - the git master after some cleanup by wk until 2011-02-03. - - * ecdh.c: New. - - * sign.c (mpi_from_sexp): Remove. - (match_dsa_hash): Uses SHA-512 for ECDSA with 521 bits. - (hash_for): Support ECDSA. - (make_keysig_packet): Ditto. - - * seskey.c (encode_session_key): Add arg OPENPGP_PK_ALGO. Support - ECDH. - (encode_md_value): Map pkalgo. Extend size checks to ECDSA. - - * pubkey-enc.c (get_it): Support ECDH. - - * pkglue.c (mpi_from_sexp): Make global. - (pk_verify, pk_encrypt, pk_check_secret_key): Support ECC. - - * parse-packet.c (read_size_body): New. - (parse_pubkeyenc): Support ECC. - (parse_key): Ditto. - - * misc.c (map_pk_openpgp_to_gcry, map_pk_gcry_to_openpgp): New. - (openpgp_pk_test_algo, openpgp_pk_test_algo2): Map algo numbers. - (openpgp_pk_algo_usage): Support ECDH and ECDSA. - (openpgp_pk_algo_name): Simplify. - (ecdsa_qbits_from_Q): New. - - * mainproc.c (proc_pubkey_enc): Support ECC. - - * keyid.c (pubkey_letter): Add 'E' and 'e'. - (keygrip_from_pk): Supporf ECC. - - * keygen.c: Include pkglue.h. - (ask_algo): Add option 9 for ECDSA and ECDH. - (ask_keysize): Support ECDSA and ECDH. - (do_create): Ditto. - (gen_ecc): New. - (pk_ecc_build_key_params): New. - - * getkey.c (cache_public_key): Support ECC. - - * encrypt.c (write_pubkey_enc_from_list): Pass PK to PK_ENCRYPT - and the pkalgo to encode_session_key. - - * build-packet.c (do_key, do_pubkey_enc): Support ECC. - (write_size_body_mpi): New. - -2011-01-06 Werner Koch - - * gpg.c (main): Use keyserver_spec_t. - - * options.h (struct opt): Factor definition of struct keyserver - out to ../common/keyserver.h. - (keyserver_spec_t): New. - -2011-01-21 Werner Koch - - * seskey.c (encode_md_value): Truncate the DSA hash again. - - * misc.c (openpgp_pk_algo_name): Always use the gcrypt function. - -2010-12-09 Werner Koch - - * tdbio.c (tdbio_set_dbname) [W32CE]: Take care of missing errno. - (strerror) [W32CE]: Dummy replacement. - (open_db) [W32CE]: Use CreateFile. - -2010-12-02 Werner Koch - - * misc.c (openpgp_cipher_algo_name): Use gnupg_cipher_algo_name. - -2010-11-23 Werner Koch - - * Makefile.am (gpg2_LDFLAGS, gpgv2_LDFLAGS): Add extra_bin_ldflags. - - * plaintext.c (handle_plaintext): Change to use estream. - s/rc/err/. Replace some xmalloc by xtrymalloc. Use more - gpg_strerror. - * options.h (struct): Change type of OUTFP to estream_t. - * decrypt.c (decrypt_message_fd): Adjust accordingly. - -2010-11-17 Werner Koch - - * keyedit.c (find_pk_from_sknode): Remove. - * misc.c (get_signature_count): Call agent. - * keygen.c (gen_card_key): Rework. Remove arg PARA. - (generate_keypair): Change arg BACKUP_ENCRYPTION_DIR to the flag - CARD_BACKUP_KEY. - (pBACKUPENCDIR): Change to pCARDBACKUPKEY. - (struct output_control_s): Remove struct SEC. Remove all usages - of it. - (gen_card_key_with_backup): Remove arg BACKUP_DIR. - - * call-agent.c (agent_scd_genkey): Remove extra memset. - -2010-11-16 Werner Koch - - * keygen.c (generate_card_subkeypair): Remove arg SEC_KEYBLOCK and - change to return an error code. Rework for removed secring code. - * card-util.c (card_generate_subkey): Remove arg SEC_KEYBLOCK. - Return an error code instead of a success flag. Change caller. - -2010-10-29 David Shaw - - * pkclist.c (select_algo_from_prefs): Make sure the scores can't - overflow when picking an algorithm (not a security issue since we - can't pick something not present in all preference lists, but we - might pick something that isn't scored first choice). - - * pkclist.c (select_algo_from_prefs): Slightly improve the - handling of MD5 in preference lists. Instead of replacing MD5 - with SHA-1, just remove MD5 from the list altogether, and let the - next-highest ranked algorithm be chosen. - -2010-10-27 Werner Koch - - * keygen.c (ask_expire_interval): Do not print the y2038 if we - have an unsigned time_t. - * keyid.c (IS_INVALID_TIME_T): New. - (mk_datestr): Use it to detect the y2038 problem. - -2010-10-26 Werner Koch - - * keyedit.c (change_passphrase): Handle the passwd_nonce. - * call-agent.c (cache_nonce_parm_s): New. - (cache_nonce_status_cb): Use that new struct. - (agent_genkey, agent_import_key, agent_export_key, agent_passwd): - Adjust for that change. - -2010-10-25 Werner Koch - - * passphrase.c (gpg_format_keydesc): Fix printing of main keyid. - - * keyedit.c (JNLIB_NEED_LOG_LOGV): Define. - * call-agent.c (agent_passwd): New. - -2010-10-21 Werner Koch - - * keyedit.c (keyedit_passwd): Simplify. - (change_passphrase): Return an error code and not the change - flag. Remove editing of the keyring. - - * seckey-cert.c: Remove. - * Makefile.am (gpg2_SOURCES): Remove seckey-cert.c - - * revoke.c (gen_revoke): Check that the secret key is available. - -2010-10-20 Werner Koch - - * verify.c (verify_signatures): Use gpg_strerror on open failure - for consistency of error messages. - - * packet.h (PKT_public_key): s/mdc_feature/flags.mdc/. Change all - users. - (PKT_public_key): Split is_disabled into flags.disabled_valid and - flags.disabled. Change all users. - (pk_is_disabled): Adjust for change. - (PKT_public_key): s/is_primary/flags.primary/. Change all users. - (PKT_public_key): s/is_revoked/flags.revoked/. Change all users. - (PKT_public_key): s/maybe_revoked/flags.maybe_revoked/. Change all - users. - (PKT_public_key): s/is_valid/flags.valid/. Change all users. - (PKT_public_key): s/dont_cache/flags.dont_cache/. Change all users. - (PKT_public_key): s/backsig/flags.backsig/. Change all users. - - * sign.c (openpgp_card_v1_p): New. - (hash_for): Re-implement test for v1 cards. - * packet.h (PKT_public_key): Add field serialno and - flags.serialno_valid. - * free-packet.c (release_public_key_parts): Free serialno. - - * parse-packet.c (parse_key): Cast -1 to size_t. - * trustdb.c (validate_keys): Cast -1 to size_t. Suggested by - Steven M. Schweda. - -2010-10-18 Werner Koch - - * call-agent.c (agent_scd_pksign): Replace sprintf by bin2hex. - (agent_scd_pkdecrypt, agent_pksign): Ditto. - - * sign.c (do_sign): Remove warning and commented old code. - -2010-10-14 Werner Koch - - * call-agent.c (agent_genkey): Add arg NO_PROTECTION. - * keygen.c (do_create, gen_elg, gen_dsa, gen_rsa, common_gen): Add - arg KEYGEN_FLAGS. - (read_parameter_file): Add options no-protection and transient-key. - (KEYGEN_FLAG_NO_PROTECTION, KEYGEN_FLAG_TRANSIENT_KEY): New. - (gen_rsa, gen_dsa, gen_elg): Use transient-key. - -2010-10-13 Werner Koch - - * call-agent.c (start_agent): Send option agent-awareness. - (status_sc_op_failure): Take care of GPG_ERR_FULLY_CANCELED. - * passphrase.c (passphrase_get): Ditto. - * import.c (transfer_secret_keys): Ditto. - * card-util.c (write_sc_op_status): Ditto. - - * getkey.c (enum_secret_keys): Rewrite. - - * pubkey-enc.c (get_session_key): Skip keys without an encryption - capability. Handle GPG_ERR_FULLY_CANCELED. - * gpg.c: Add option --try-secret-key. - * options.h (struct opt): Add field secret_keys_to_try. - - * passphrase.c (next_to_last_passphrase): Remove. - -2010-10-12 Werner Koch - - * keygen.c (generate_subkeypair): Check availibility of secret parts. - - * keylist.c (print_card_serialno): Change to take a hexified serialno. - (list_keyblock_print): Print serialno and stub key indicators. - (list_keyblock_colon): Ditto. - - * getkey.c (have_any_secret_key): Remove. Replace all calls by - agent_probe_any_secret_key. - * gpgv.c (agent_probe_any_secret_key): New. - (agent_get_keyinfo): New. - -2010-10-08 Werner Koch - - * gpg.c: Add option --with-keygrip. - * options.h (struct opt): Add WITH_KEYGRIP. - * keylist.c (list_keyblock_print, list_keyblock_colon): Implement - new option. - -2010-10-06 Werner Koch - - * import.c (transfer_secret_keys): Ignore missing key parameters. - Provide dummy IV. Ignore stub keys. - -2010-10-01 Werner Koch - - * export.c (do_export_stream): Rewrite to take the secret keys - from the agent. - (canon_pubkey_algo, transfer_format_to_openpgp): New. - -2010-09-29 Werner Koch - - * keygen.c (key_from_sexp): Fix memory leak in the error case. - - * call-agent.c (agent_export_key): New. - -2010-09-29 Werner Koch - - * build-packet.c (build_packet): Fix up the pkttype. - - * keyid.c (keystr_with_sub): Make SUB_KID optional. - (keystr_from_pk_with_sub): Ditto. - - * call-agent.c (agent_scd_pksign): Add missing space. - - * mainproc.c (struct mainproc_context): Add field CTRL. - (proc_packets): Add arg CTRL. Change all callers. - (proc_signature_packets, proc_signature_packets_by_fd) - (proc_encryption_packets): Add arg CTRL. Change all callers. - * compress.c (handle_compressed): Ditto. - * getkey.c (get_pubkey_byname): Ditto. - * keyserver.c (keyserver_spawn, keyserver_work): Ditto. - (show_prompt, keyserver_export, keyserver_import) - (keyserver_import_fprint, keyserver_import_keyid) - (keyserver_refresh, keyserver_search, keyserver_fetch) - (keyserver_import_name, keyserver_search_prompt) - (keyserver_import_pka, keyserver_import_cert): Ditto. - callers. - * verify.c (verify_signatures, verify_files): Ditto. - * sign.c (sign_file): Ditto. - * encrypt.c (encrypt_crypt, encrypt_crypt_files): Ditto. - * pkclist.c (find_and_check_key, build_pk_list): Ditto. - * keylist.c (locate_one, public_key_list, secret_key_list): Ditto. - * card-util.c (fetch_url, card_edit): Ditto. - * import.c (check_prefs, import_one, revocation_present): Ditto. - * keyedit.c (menu_addrevoker, keyedit_menu): Ditto. - * decrypt-data.c (decrypt_data): Ditto. - * decrypt.c (decrypt_message, decrypt_messages) - (decrypt_message_fd): Ditto. - * gpgv.c (main): Add CTRL structure. - -2010-09-28 Werner Koch - - * options.h (struct opt): Remove SIMPLE_SK_CHECKSUM. - - * export.c (parse_export_options): Remove option - export-resert-subkey-passwd. - (do_export_stream, do_export, export_pubkeys) - (export_pubkeys_stream, export_seckeys, export_secsubkeys): Add - arg CTRL. Change all callers. - - * call-agent.c (hash_algo_option): New. - (agent_scd_pksign): Use it. - -2010-09-17 Werner Koch - - * call-agent.c (agent_probe_any_secret_key): New. - -2010-09-28 David Shaw - - * options.skel: Make the example for force-v3-sigs match - reality (it has defaulted to off since 2007-10-25). - -2010-09-06 Werner Koch - - * card-util.c (card_status): Remove stub creation for GnuPG >= 2. - (card_store_subkey): Temporary disable this code. - - * keyedit.c (show_key_with_all_names): Merge secret and public key - parts. - (show_basic_key_info): Ditto. - * delkey.c (do_delete_key): Ditto. - * export.c (subkey_in_list_p, exact_subkey_match_p): Ditto. - (new_subkey_list_item): Ditto. - * keyid.c (keystr_from_sk, keystr_from_sk_with_sub) - (keyid_from_sk, nbits_from_sk, datestr_from_sk) - (expirestr_from_sk, colon_datestr_from_sk, fingerprint_from_sk) - (serialno_and_fpr_from_sk, do_fingerprint_md_sk): Remove. - * import.c (print_import_ok): Remove arg SK. - (import_secret_one): Adjust for seckey_info format. - (transfer_secret_keys): Ditto. Use gpg_format_keydesc. - (sec_to_pub_keyblock): Simplify. - (pub_to_sec_keyblock): Remove. - (auto_create_card_key_stub): Remove - not anymore needed. - (update_sec_keyblock_with_cardinfo): Remove. - (import_secret_one): Use arg option instead of the global option. - * free-packet.c (copy_public_key): Adjust for seckey_info format. - (copy_public_parts_to_secret_key, copy_secret_key) - (cmp_secret_keys, cmp_public_secret_key): Remove. - * passphrase.c (gpg_format_keydesc): Add arg MODE and change all - callers. - * keyring.c (keyring_search): Remove special case for secret keys. - * mainproc.c (struct mainproc_context): Remove unused field - LAST_SECKEY. - * parse-packet.c (parse_key): Rewrite to cope with new seckey_info - format. - * build-packet.c (do_public_key, do_secret_key): Merge code into ... - (do_key): .. new. Cope with seckey_info format. - -2010-09-03 Werner Koch - - * packet.h (struct seckey_info): New. - (PKT_public_key): Increase size of PKEY to allow storing of secret - keys. Add field SECKEY_INFO. - (PKT_secret_key): Remove. - * free-packet.c (release_public_key_parts): Take care of change. - (release_secret_key_parts, free_secret_key): Remove. - -2010-09-02 Werner Koch - - * import.c (transfer_secret_keys, import_secret_one): Enable stats. - (import_secret_one): Enable secret key merging. - -2010-09-01 Werner Koch - - * sign.c (do_sign, write_signature_packets, complete_sig): Add arg - CACHE_NONCE. - (make_keysig_packet): Ditto. - * keygen.c (make_backsig, write_direct_sig, write_selfsigs) - (write_keybinding): Add arg CACHE_NONCE. - (do_generate_keypair): Use cache_nonce to avoid a pinentry for the - self-signatures. - - * passphrase.c (gpg_format_keydesc): Remove now superfluous - algo_name fallback. - - * keygen.c (gen_elg, gen_dsa, gen_rsa, do_create, common_gen): Add - arg CACHE_NONCE_ADDR. - (generate_subkeypair): Pass NULL for CACHE_NONCE_ADDR. - (do_generate_keypair): Add cache nonce handling. - - * import.c (transfer_secret_keys): Support a cache nonce. - * call-agent.c (cache_nonce_status_cb): New. - (agent_genkey, agent_import_key): Add arg CACHE_NONCE_ADDR. - (agent_pksign): Ditto. - -2010-08-30 Werner Koch - - * keyid.c (KEYID_STR_SIZE): New - (keystr): Use snprintf and new macro. - (keystr_with_sub): New. - (keystr_from_sk_with_sub): New. - (keystr_from_pk_with_sub): New. - -2010-08-27 Werner Koch - - * gpg.c (main): Change scope of CTRL to the entire function. - - * import.c (import_secret_one, import, import_keys_internal) - (import_keys, import_keys_stream): Add arg CTRL. - * call-agent.c (agent_keywrap_key): New. - (agent_import_key, inq_import_key_parms): New. - -2010-08-26 Werner Koch - - * misc.c (openpgp_pk_algo_name): New. - (openpgp_md_algo_name): New. - -2010-08-24 Werner Koch - - * options.h (IMPORT_SK2PK): Remove. - * import.c (parse_import_options): Turn convert-sk-to-pk into a - dummy option. - (sec_to_pub_keyblock): Use modern functions. - -2010-08-16 Werner Koch - - * gpg.c (list_config, gpgconf_list): Use es_printf. - (print_hex, print_hashline, print_algo_numbers) - (print_algo_names): Use es_printf. - -2010-07-20 Werner Koch - - * mainproc.c (print_pkenc_list): Write a STATUS_ERROR. Fixes - bug#1255. - -2010-06-17 Werner Koch - - * gpg.c (main): Use CAST5 as default s2k algo. The macro - USE_CAST5 was only used with GnuPG 1.x. - -2010-06-07 Werner Koch - - * cpr.c: Use estream for status output. - -2010-05-12 Werner Koch - - * armor.c (radix64_read): Extended 2006-04-28 fix to fix bug#1179. - - * plaintext.c (handle_plaintext): Check return code of fflush. - Fixes bug#1207. - -2010-05-07 Werner Koch - - * import.c (fix_bad_direct_key_sigs): New. - (import_one): Call it. - (chk_self_sigs): Re-indent, slighly re-arrange code, use test - macros for the sig class. Check direct key signatures. Fixes - bug#1223. - -2010-04-27 Werner Koch - - * passphrase.c (gpg_format_keydesc): New. - * pubkey-enc.c (get_it): Use it. - * sign.c (do_sign): Use it. - -2010-04-26 Werner Koch - - * keygen.c (keygen_set_std_prefs): Explicitly include Z0 in the - default preferences if no compression algorithms are available. - Remove a possible trailing space in the dummy_string. - -2010-04-23 Werner Koch - - * pubkey-enc.c (get_it): Use the agent for decryption. - * call-agent.c (agent_pkdecrypt, inq_ciphertext_cb): New. - -2010-04-22 Werner Koch - - * photoid.c (show_photos): Remove arg SK. - - * pubkey-enc.c (get_session_key, get_it): Change to use the public - key object. - (get_it): Remove card related stuff. Now automagically handled - by the agent. - - * skclist.c (build_sk_list): Remove UNLOCK arg. - - * keylist.c (print_fingerprint): Remove arg SK. - * mainproc.c (list_node): Disable listing of secret key packets. - - * keyring.c (struct keyring_name, struct keyring_handle): Remove - field SECRET. - (keyring_register_filename, keyring_new, orename_tmp_file) - (do_copy): Remove arg SECRET. - * keydb.c (struct resource_item): Remove field SECRET. - (keydb_add_resource): Remove arg SECRET. - (keydb_new): Remove code fro secret keyrings. - - * gpg.c (main): Ignore --secret-keyring. Remove all secret - keyring related code. - -2010-04-21 Werner Koch - - * pkclist.c (default_recipient): Change to use public keys. - - * keydb.c (keydb_new): Remove arg SECRET. Change all callers. - - * getkey.c (get_seckey): Change to take a public key. - (have_secret_key): Rename to have_any_secret_key and make use of - the agent. - (key_byname): Rmemove unused arg SK. - (get_seckey_byname2): Remove and move code to - (get_seckey_byname): .. here. Remove INLOCK arg. - (get_seckey_bynames): Remove. - (get_seckey_next): Remove. - (get_seckey_end): Remove. Use get_pubkey_end instead. - (get_seckey_byfprint, get_seckeyblock_byfprint): Change to use - public keys. - (seckey_available): Rename to .. - (have_secret_key_with_kid): .. this and change to employ the - agent. Change all callers. - (sk_from_block): Remove. - - * call-agent.c (agent_probe_secret_key): New. - (agent_havekey): Remove. - * gpgv.c (agent_probe_secret_key): New. - - * keyedit.c (keyedit_menu) - (sign_uids, menu_adduid, menu_deluid, menu_delkey) - (menu_addrevoker, menu_expire, menu_backsign) - (menu_set_primary_uid, menu_set_preferences) - (menu_set_keyserver_url, menu_set_notation, menu_revsig) - (menu_revuid, menu_revkey, menu_revsubkey): Remove all code to - manage the secret keyring. - -2010-04-20 Werner Koch - - * keylist.c (list_keyblock_colon): Print the keygrip. - - * sign.c (do_sign): Call the agent to create the signature. - (mpi_from_sexp): New. - * keyid.c (keygrip_from_pk, hexkeygrip_from_pk): New. - * call-agent.c (agent_pksign): New. - - * pkglue.c (pk_sign): Remove. - - * keygen.c (generate_keypair): Do not ask for a passphrase. - -2010-04-15 Werner Koch - - * keygen.c (gen_dsa, gen_elg, gen_rsa): Remove args SEC_ROOT, DEK, - S2K and RET_SK. Change to use the gpg-agent based key generation. - Factor common code out to ... - (common_gen): New. - (do_create): Remove args SEC_ROOT, DEK, S2K and RET_SK. - (do_generate_keypair, write_selfsigs, write_direct_sig) - (write_keybinding, make_backsig): Adjust for above changes. - (generate_subkeypair): Remove arg SEC_KEYBLOCK. - (genhelp_protect, genhelp_factors): Remove. - (get_parameter_dek, get_parameter_s2k): Remove. - - * call-agent.c (start_agent): Add dummy arg CTRL. - (agent_havekey, keyinfo_status_cb, agent_get_keyinfo) - (agent_genkey): New. - - * seckey-cert.c (check_secret_key): Remove - (is_secret_key_protected): Take a public key as arg. - (protect_secret_key): Remove. - - * seskey.c (encode_md_value): Remove SK arg. - -2010-04-14 Werner Koch - - * cpr.c (myread) [W32CE]: Do not use raise. - - * misc.c (check_compress_algo): Rewrite to handle the new HAVE_ZIP. - * compress.c (push_compress_filter2): Ditto. - (init_compress, do_compress, init_uncompress, do_uncompress) - (compress_filter) [!HAVE_ZIP]: Do not build. - * main.h (DEFAULT_COMPRESS_ALGO): Depend on HAVE_ZIP. - * keygen.c (keygen_set_std_prefs): Use check_compress_algo also - for ZIP and ZLIB. - - * Makefile.am (install-exec-hook) [W32CE]: New. - (bin_PROGRAMS) [W32CE]: Do not build gpgv2. - (gpg2_LDADD): Add extra_syslibs. - -2010-04-06 Werner Koch - - * openfile.c (mkdir): Remove. - (try_make_homedir): Use gnupg_mkdir. - -2010-04-01 Werner Koch - - Use gpg_err_set_errno to set ERRNO. - -2010-03-26 Werner Koch - - * signal.c (pause_on_sigusr): Remove. It was used in ancient gpg - version with shared memory IPC. Last caller removed on 2006-04-18. - -2010-03-24 Werner Koch - - * openfile.c (CMP_FILENAME): Depend on HAVE_DOSISH_SYSTEM instead - of HAVE_DRIVE_LETTERS. - -2010-03-15 Werner Koch - - * card-util.c: Replace stdio by estream. - * keylist.c: Ditto. - -2010-03-12 Werner Koch - - * plaintext.c (setup_plaintext_name): Do not encode pipe like - filenames. This helps with bug#1201. - - * seckey-cert.c (do_check): Return GPG_ERR_CANCELED. - * keyedit.c (change_passphrase): Add arg R_ERR. - (keyedit_passwd): Return the correct error or emit a success - status message. - -2010-03-11 Werner Koch - - * misc.c (mpi_print): Change to take a estream_t arg. - - * parse-packet.c (listfp): Change to an estream_t. Change all - users to use estream functions. - - * kbnode.c (dump_kbnode): Change to use log functions. - * pkclist.c (do_show_revocation_reason): Ditto - - * armor.c (parse_header_line): Replace print_string by - es_print_sanitized. - (fake_packet): Ditto. - * keyedit.c (print_and_check_one_sig_colon): Ditto. - (show_key_with_all_names_colon): Ditto. - (ask_revoke_sig): Ditto. - * keylist.c (list_keyblock_colon): Ditto. - * mainproc.c (print_userid, list_node): Ditto. - * trustdb.c (dump_key_array): Ditto. - * gpg.c (list_config): ditto. - - * gpg.c: Include "asshelp.h". - (main): Remove assuan_set_assuan_log_prefix. Add - assuan_set_log_cb. - * server.c (gpg_server): Remove assuan_set_log_stream. - -2010-03-10 Werner Koch - - * Makefile.am (needed_libs): Remove libjnlib.a. - - * main.h: Remove "estream.h". - -2010-03-08 Werner Koch - - * main.h: Include "estream.h" - * openfile.c (open_outfile): Replace dup/iobuf_fdopen by - iobuf_fdopen_nc. - * mainproc.c (proc_signature_packets_by_fd): Return error on - memory failure. - * plaintext.c (hash_datafile_by_fd): Ditto. - * verify.c (gpg_verify): Use iobuf_fdopen_nc. Change OUT_FP to an - estream_t. - * server.c (cmd_verify): Do not dup the fds. - - Use macros for iobuf_ioctl commands. - -2010-02-17 Werner Koch - - * keygen.c (ask_user_id): Avoid infinite loop in case of invalid - data. Fixes bug#1186. - -2010-02-02 Werner Koch - - * keyedit.c (keyedit_menu): Change prompt to "gpg". - * card-util.c (card_edit): Change prompt to "gpg/card". - -2010-01-11 Werner Koch - - * sign.c (only_old_style, write_onepass_sig_packets, hash_for) - (write_signature_packets, print_status_sig_created) - (clearsign_file, make_keysig_packet, mk_notation_policy_etc) - (complete_sig, do_sign, update_keysig_packet): Replace all - secret key access by the matching public key. - * keylist.c (print_seckey_info): Ditto. - * revoke.c (gen_desig_revoke): Ditto. - * skclist.c (release_sk_list): Ditto. - * keyedit.c (sign_uids): Ditto. - * misc.c (get_signature_count): Ditto. - * main.h (struct expand_args): s/sk/pksk/. Change all users. - - * keyedit.c (keyedit_passwd): Finish implementation. - -2010-01-10 Werner Koch - - * skclist.c (GCRYCTL_FAKED_RANDOM_P): Remove because we require - libgcrypt 1.4. - (is_insecure, key_present_in_sk_list): Work with public keys. - (build_sk_list): Change to work on public keys. - * keydb.h (struct sk_list): Replace field SK by a PK field. - - * keylist.c (list_keyblock_print): Always look for the public key - and ignore all secret key packets. - (list_keyblock_colon): Ditto. - (print_capabilities): Remove arg SK and all secret key stuff. - Adjust all callers. - (dump_attribs): Ditto. - - * getkey.c (getkey_bynames, getkey_next, get_pubkey_end): New. - (getkey_byname): New. - (getkey_ctx_s): Add WANT_SECRET. - (key_byname): Set it. - (merge_keys_and_selfsig): Remove all the secret key merging. - (lookup): Simplify by removing secret key code. - - * keylist.c (list_all): Scan public keys and use have_secret_key - to filter secret keys. - (list_one): Use the new get_key functions. - - * gpg.h (kbnode_t): Add as alias for KBNODE. - * keydb.h (getkey_ctx_t): Add as alias for GETKEY_CTX. - -2010-01-09 Werner Koch - - * getkey.c, keylist.c: Re-indent. - -2010-01-08 Werner Koch - - * cpr.c (write_status_error): Rename to write_status_errcode. - Change all callers. - (write_status_error): New. - - * gpg.c: Add option --passwd. - (aPasswd): New. - (main): Implement. - * keyedit.c (keyedit_passwd): New. - - * gpg.c (oPasswd, oPasswdFD, oPasswdFile, oPasswdRepeat): Change - to oPassphrase, oPassphraseFD, oPassphraseFile, oPassphraseRepeat. - * options.h (struct): s/passwd_repeat/passphrase_repeat/. - * gpg.c (main): Ditto. - * passphrase.c (passphrase_to_dek_ext): Ditto. - -2009-12-21 Werner Koch - - * call-agent.c (agent_get_s2k_count): New. - * gpg.c (main): Set s2k_count to 0. - * (encode_s2k_iterations): Move ... - * passphrase.c (encode_s2k_iterations): ... here. Call - agent_get_s2k_count if called with a 0 arg. - (passphrase_to_dek_ext): Set S2K_COUNT via encode_s2k_iterations. - -2009-12-17 Werner Koch - - * sig-check.c (do_check_messages): Evaluate the HAS_EXPIRED flag. - Fixes bug#1059. - - * gpg.c: Add new option --faked-system-time. - -2009-12-15 Werner Koch - - * keydb.c (keydb_add_resource): s/readonly/read_only/g. - * keyring.c (keyring_register_filename): Ditto. - - * tdbio.c (tdbio_set_dbname): Do not call log_fatal after creating - the directory. Fixes bug#1169. Reported by Daniel Leidert. - -2009-12-08 Werner Koch - - * keyring.h: Include userids.h. - * gpg.h (KEYDB_SEARCH_DESC): Remove. - * packet.h: Include userids.h. - (PKT_user_id): Declare using gpg_pkt_user_id_s. - * keydb.h (KeydbSearchMode, struct keydb_search_desc): Remove. We - now use those in ../kbx. - * getkey.c (classify_user_id): Remove. It is now in common/. - (key_byname): Adjust for changed classify_user_id. - * delkey.c (do_delete_key): Ditto. - * trustdb.c (register_trusted_key): Ditto. - * revoke.c (gen_desig_revoke, gen_revoke): Ditto. - * keyserver.c (parse_keyrec, keyserver_export, keyserver_import) - (keyidlist): Ditto. - * export.c (do_export_stream): Ditto. - - * pkclist.c (find_and_check_key): Replace GPG_ERR_INV_NAME by - GPG_ERR_INV_USER_ID. - -2009-12-04 Werner Koch - - * keygen.c (DEFAULT_STD_ALGO, DEFAULT_STD_KEYSIZE): New. - (ask_keysize): Use new macro. - (gen_rsa): Set default size if NBITS is 0. - (get_parameter_algo): Add algo name "default". Add arg R_DEFAULT. - (proc_parameter_file): Process default flag. - -2009-12-03 Werner Koch - - * gpg.c (set_debug): Allow for numerical debug leveles. Print - active debug flags. - -2009-11-27 Werner Koch - - * keyedit.c (cmds, keyedit_menu): New command "checkbkupkey". - -2009-11-25 Marcus Brinkmann - - * server.c (gpg_server): Use assuan_fd_t and assuan_fdopen on fds. - -2009-11-23 Werner Koch - - * gpg.c (gpgconf_list): Add key "default_pubkey_algo". - -2009-11-18 Werner Koch - - * gpg.c: Add option --skip-hidden-recipients and no- variant. - * options.h (struct opt): Add field SKIP_HIDDEN_RECIPIENTS. - * pubkey-enc.c (get_session_key): Implement that option. - -2009-11-04 Werner Koch - - * server.c (register_commands): Add NULL arg to - assuan_register_command. - -2009-11-02 Marcus Brinkmann - - * server.c (reset_notify, input_notify, output_notify): Update to - new assuan interface. - (register_commands): Use assuan_handler_t. - -2009-10-19 Werner Koch - - * options.h (glo_ctrl): Add field LASTERR. - * mainproc.c (proc_encrypted): Set LASTERR. - * server.c (cmd_decrypt): Check LASTERR. - -2009-10-02 Werner Koch - - * server.c (cmd_encrypt, cmd_decrypt): Implement. - * decrypt.c (decrypt_message_fd): New. - * options.h (struct opt): Add field OUTFP. - * plaintext.c (handle_plaintext): Support opt.outfp. - - * encr-data.c: Rename to decrypt-data.c to reflect the action and - not the processed packet type. - -2009-10-02 Werner Koch - - * encr-data.c (decode_filter_context_s): Add fields PARTIAL and - LENGTH. - (decrypt_data): Set them. Simplify premature EOF detection. - (mdc_decode_filter): Take fixed length packets in account. - (decode_filter): Ditto. Better EOF detection. - * parse-packet.c (parse_encrypted): Store ed->LEN without the MDC - version byte. - -2009-09-30 Werner Koch - - * parse-packet.c (skip_packet, parse_gpg_control) : Take - care of premature EOFs. - - * gpg.c (main): Remove obsolete GCRYCTL_DISABLE_INTERNAL_LOCKING. - -2009-09-29 Werner Koch - - * openfile.c (open_outfile): Re-indent. Use xstrconcat. - (NAME_OF_DEV_NULL): New. - (open_outfile): Use it. - (overwrite_filep): Use it. Also use case insensitive compare - when needed. Re-indent. - (open_outfile): Add arg INP_FD. Change all callers. - - * encrypt.c (encrypt_crypt): Add new args FILEFD, OUTPUTFD and - PROVIDED_KEYS. Change all callers. - -2009-09-28 Werner Koch - - * server.c (skip_options, has_option): New. - (cmd_recipient): Implement. - - * keydb.h (pk_list_t): New. - - * pkclist.c (send_status_inv_recp): New. Replace direct calls. - (build_pk_list): Factor some code out to ... - (find_and_check_key): ... new. - - * encode.c: Rename to encrypt.c. Re-indent all. - * encrypt.c (encode_symmetric, encode_store, encode_seskey) - (encode_simple, encode_crypt, encode_filter) - (encode_crypt_files): Rename all to encrypt_*. Change all callers. - - * trustdb.c (get_validity_info): Take care of a NULL PK. Fixes - bug#1138. - (get_validity_string): Ditto. - -2009-09-25 Werner Koch - - * pkglue.c (pk_sign, pk_verify, pk_encrypt, pk_decrypt) - (pk_check_secret_key): Allow deprecated RSA identifiers 2 and 3. - Fixes bug#1139. - -2009-09-23 Marcus Brinkmann - - * call-agent.c: Include "scdaemon.h" before because of - GPG_ERR_SOURCE_DEFAULT check. - (learn_status_cb, dummy_data_cb, get_serialno_cb, default_inq_cb) - (learn_status_cb, inq_writecert_parms, inq_writekey_parms) - (scd_genkey_cb, membuf_data_cb): Return gpg_error_t instead of - int. - * gpg.c: Include "scdaemon.h" before because of - GPG_ERR_SOURCE_DEFAULT check. - (main): Update to new Assuan API. - * server.c: Include "scdaemon.h" before because of - GPG_ERR_SOURCE_DEFAULT check. - (option_handler, cmd_recipient, cmd_signer, cmd_encrypt) - (cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export) - (cmd_delkeys, cmd_message, do_listkeys, cmd_listkeys) - (cmd_listsecretkeys, cmd_genkey, cmd_getinfo): Return gpg_error_t - instead of int. - (register_commands): Allocate assuan context before starting - server. - (gpg_server): Allocate assuan_context before starting server. - -2009-09-04 Werner Koch - - * keyedit.c (menu_select_uid): Use IDX ==-1 t select all. - (menu_select_key): Ditto. - (keyedit_menu) : Allow '*' to select all. - -2009-09-03 Werner Koch - - * keyedit.c (menu_adduid): Pass keyblock to generate_user_id. - * keygen.c (generate_user_id): Add arg KEYBLOCK. Factor code out - to ... - (uid_from_string): ... new. - (ask_user_id): Add arg KEYBLOCK and check for duplicates. Fix - bug#1122. - - * Makefile.am (uninstall-local): New. - - * compress-bz2.c (do_uncompress): Detect unexpected EOF. Fix - bug#1011. - -2009-08-26 Werner Koch - - * keyedit.c (menu_revsig): Check for signature right away. Fix - Debian-bug#543530. - -2009-08-20 Daiki Ueno - - * mainproc.c (proc_encrypted): Clear passphrase cached with S2K - cache ID if decryption failed. - * passphrase.c (passphrase_to_dek_ext): Set dek->s2k_cacheid. - * gpgv.c (passphrase_clear_cache): New stub. - -2009-08-11 Werner Koch - - * call-agent.c (get_serialno_cb): New. From ../agent/call-scd.c. - (gpg_agent_get_confirmation): New. - (select_openpgp): New. - (agent_scd_pkdecrypt, agent_scd_pksign): Use it here. - -2009-08-06 Werner Koch - - * skclist.c (build_sk_list): Print INV_SGNR status line. - * seckey-cert.c (do_check): Return G10ERR_UNU_SECKEY instead of - general error. - -2009-08-05 Werner Koch - - * card-util.c: Enable readline support also in GnuPG-2. - - * call-agent.c (agent_learn): Always select the card first. - - * gpg.c: Add --key-edit alias. - - * call-agent.c (scd_genkey_cb): Forward progress status lines. - - * card-util.c (generate_card_keys): Remove special case for - GnuPG-2. Ask for the keysize and change it. - (card_generate_subkey): Ask for the keysize and change it. - (get_info_for_key_operation): Read KEY-ATTR. - (show_keysize_warning, ask_card_keysize): New. - (do_change_keysize): New. - -2009-07-31 David Shaw - - * gpg.c (main): --pgp6 includes --disable-mdc. - -2009-07-23 David Shaw - - * keyserver.c (keyserver_import_ldap): Try a DNS-SD lookup to find - a domain-specific LDAP server before resorting to keys.{domain}. - -2009-07-22 Werner Koch - - * card-util.c (generate_card_keys): Ask for off-card keys only if - the card supports it. - (get_info_for_key_operation): Read EXTCAP. - (card_store_subkey): Check for non matching sizes. - - * call-agent.h (struct agent_card_info_s): Add field EXTCAP. - * call-agent.c (agent_learn): Use a direct SCD command. - (did_early_card_test): New. - (start_agent): Perform an early test for the card. Add arg FOR_CARD. - (status_sc_op_failure): New. - (agent_scd_setattr, agent_scd_writekey, agent_scd_genkey) - (agent_scd_pksign, agent_scd_pkdecrypt, agent_scd_change_pin) - (agent_scd_checkpin): Call new function. - (learn_status_cb): Parse KEY_TIME and EXTCAP. - - * gpg.c (main) : Show commands to run. - * trustdb.c (how_to_fix_the_trustdb): New. - * tdbio.c (tdbio_invalid): Show commands to re-create the trustdb. - Fixes bug#929. - -2009-07-20 Werner Koch - - * keygen.c (generate_keypair): Allow Elgamal > 3072 in BOTH mode. - Reported by Jeroen Schot. Fixes bug#1091. - -2009-07-17 Werner Koch - - * keyring.c (keyring_rebuild_cache): Replace the assert by a - proper error message and allow to delete a bad keyblock. - -2009-07-13 Werner Koch - - * exec.c: Fix function name indentation. - (expand_args): Simplify by using membuf functions. - (exec_write): Fix memory leak on error. - (w32_system): Use DETACHED_PROCESS so that a new console is not - created. - -2009-07-09 Werner Koch - - * card-util.c (card_store_subkey): Do not restrict to 1024 bit keys. - Print an error message on write errors. - - * gpg.c (main): Remove the SHA-1 default from the personal digest - list. This was used in the past as a hack to avoid preferring - RMD-160. - - * keygen.c (keygen_set_std_prefs): Remove RMD-160 from the list. - Change order to SHA-256, SHA-1, SHA-384, SHA-512, SHA-224. - (gen_dsa): Use a 256 bit Q for 2048 bit P. Round to FIPS allowed - values in non-expert mode. - -2009-07-07 Werner Koch - - * gpg.c (set_opt_session_env): New. - (main): Allocate opt.session_env. Use it for oDisplay, oTTYname, - oTTYtype and oXauthority. - - * options.h: Include session_env.h. - (opt): Add field SESSION_ENV, remove obsolete fields. - - * call-agent.c (start_agent): Adjust start_new_gpg_agent for - changed args. - -2009-06-24 Werner Koch - - * keyedit.c (menu_select_key): Remove dead assign to I. - (menu_select_uid): Ditto. - * keyring.c (keyring_search): Remove dead assign to NAME. - * card-util.c (card_edit): Remove useless DID_CHECKPIN. - * call-agent.c (unhexify_fpr): Remove dead op on N. - * passphrase.c (passphrase_to_dek_ext): Do not deref a NULL PW. - * revoke.c (gen_revoke): Remove unused malloc of PK. - * parse-packet.c (mpi_read): Init NREAD. - Reported by Fabian Keil. - -2009-06-17 Werner Koch - - * parse-packet.c (parse): Use a casted -1 instead of a 32 bit - constant to check for a garbled package. Fixes bug#1040. - - * card-util.c (put_data_to_file, read_cert): New. - (card_edit): Add command "readcert". - (fetch_url): Allow code also for this gnupg major version 2. - * call-agent.c (agent_scd_readcert): New. - -2009-06-15 Werner Koch - - * keyserver.c (keyserver_search_prompt): No prompt in batch+colons - mode. - -2009-06-09 Werner Koch - - * card-util.c (write_sc_op_status): New. - (change_pin): Use it. - (change_url, change_login, change_private_do, change_cert) - (change_lang, change_sex, change_cafpr, toggle_forcesig) - (check_pin_for_key_operation): Ditto. - -2009-06-05 David Shaw - - * gpg.c (main), misc.c (openpgp_cipher_test_algo): Remove Camellia - restriction. - - * misc.c (map_cipher_openpgp_to_gcry), main.h: Add macros for - openpgp_cipher_open, openpgp_cipher_get_algo_keylen, and - openpgp_cipher_get_algo_blklen to wrap around the corresponding - gcry_* functions, but pass the algorithm number through - map_cipher_openpgp_to_gcry. This is needed in case the gcry - algorithm number doesn't match the OpenPGP number (c.f. Camellia). - - * encr-data.c, pubkey-enc.c, mainproc.c, cipher.c, encode.c, - seskey.c, passphrase.c, seckey-cert.c: Use new openpgp_cipher_* - macros here. - -2009-06-02 Werner Koch - - * card-util.c (get_manufacturer): Add new manufacturer. - -2009-05-26 Werner Koch - - * parse-packet.c (mpi_read): Workaround for zero-length MPI bug in - libgcrypt<1.5.0. - -2009-05-22 Werner Koch - - * signal.c (got_fatal_signal): Call new function - tty_cleanup_after_signal. - -2009-05-20 Werner Koch - - * gpg.c (main): Fix --fingerprint/--with-fingerprint command - detection. Fixes bug#1044. - - * keygen.c (ask_keysize): Allow selection of DSA key size even - without --enable-dsa2. - (gen_dsa): Remove size check. - - * keygen.c (ask_key_flags): Fix bug in the translation check. - Fixes bug#1056. - -2009-05-18 Daiki Ueno (wk) - - * encode.c (encode_simple): Tell passphrase_to_dek to cache - the passphrase. - (setup_symkey): Ditto. - * mainproc.c (proc_symkey_enc): Tell passphrase_to_dek to cache - the passphrase. - (proc_encrypted): Ditto. - * passphrase.c (hash_passphrase): Remove arg CREATE. - (passphrase_to_dek): New mode 3 and 4 for caching passphrase for - symmetric encryption. - -2009-05-17 Werner Koch - - * keygen.c (ask_algo): Add arg R_SUBKEY_ALGO. Change return value - semantics. Change presented order of algorithms. Make RSA+RSA - the default. - (generate_keypair): Adjust for change. - (ask_keysize): Add arg PRIMARY_KEYSIZE for subkey creation. - Change callers. - -2009-05-15 Werner Koch - - * keygen.c (gen_card_key_with_backup): Get the size of the key - from the card. - * call-agent.h (struct agent_card_info_s): Add field KEY_ATTR. - * call-agent.c (learn_status_cb): Support KEY-ATTR. - * card-util.c (card_status): Print key attributes. - -2009-05-15 Marcus Brinkmann - - * gpg.c (gpgconf_list): Remove dead entry "allow-pka-lookup" (a - verify option for a couple of years now). - -2009-05-14 Werner Koch - - * call-agent.c (agent_get_passphrase): Add arg CHECK. - * passphrase.c (passphrase_get): Pass new arg. - - * keygen.c (gen_card_key_with_backup): Print a status error. - (do_generate_keypair): Ditto. - (do_ask_passphrase): Add arg MODE. - (generate_raw_key): Call with mode 1. - * passphrase.c (ask_passphrase): Remove becuase it is not used. - (passphrase_to_dek): Factor code out to ... - (passphrase_to_dek_ext): .. New. Add args CUSTDESC and CUSTPROMPT. - -2009-05-13 Werner Koch - - * keygen.c (parse_expire_string): Base ISO date string at noon. - Also allow full ISO timestamp. - -2009-05-11 Werner Koch - - * parse-packet.c (parse_key): Print the key id in list mode. - - * skclist.c (build_sk_list): Use log_info for "duplicated entry". - Fixes bug#1045. - - * encode.c (encode_simple): Print empty file warning only in - verbose mode. Closes bug#1039. - (encode_crypt): Ditto. - * sign.c (write_plaintext_packet): Ditto. - -2009-05-10 David Shaw - - * keyserver.c (keyserver_typemap): gpgkeys_hkp handles hkps as - well. From 1.4. - -2009-05-06 Werner Koch - - * getkey.c (finish_lookup): Remove dead code. - - * keyring.c (keyring_get_keyblock): Fix memory leak due to ring - trust packets. Fixes bug#1034. - -2009-04-03 Werner Koch - - * gpgv.c (main): Open keyrings readonly. - * keydb.c (keydb_add_resource): Add readonly flag bit. - (keydb_rebuild_caches): Don't act on readonly resources. - - * keyring.c (keyring_register_filename): Add arg READONLY. - (struct keyring_name): Add field READONLY. - (keyring_is_writable): Implement readonly feature. - (keyring_update_keyblock): Return GPG_ERR_EACCES for readonly - keyrings. - (keyring_insert_keyblock, keyring_delete_keyblock): Ditto. - -2009-04-01 Werner Koch - - * gpg.c (main): Properly handle UTF8 usernames with --sign-key and - --lsign-key. From 1.4, David 2008-12-21. - -2009-03-20 David Shaw (wk) - - * keyring.c (rename_tmp_file): Force a fsync (via iobuf_ioctl) on - secret keyring files to be extra safe on filesystems that may not - sync data and metadata together (ext4). Also check return code - from the cache invalidation to make sure we're safe over NFS and - similar. - -2009-03-31 Werner Koch - - * passphrase.c (ask_passphrase): Use percent_plus_unescape. - * misc.c (unescape_percent_string): Remove. - - * call-agent.c (unescape_status_string): Chnage to use - percent_plus_unescape. - -2009-03-25 Werner Koch - - * mainproc.c (print_pkenc_list): Use snprintf. - -2009-03-17 Werner Koch - - * call-agent.c (my_percent_plus_escape): Remove. - (agent_get_passphrase): Rewrite using percent_plus_escape. - -2009-03-17 Daiki Ueno - - * passphrase.c (passphrase_get): Add extra arg REPEAT and adjust - callers; remove special treatment for MODE==2. - (passphrase_to_dek): Move --passphrase-repeat handling to - gpg-agent. - - * call-agent.c (agent_get_passphrase): Add extra arg REPEAT. - * call-agent.h: Ditto. - -2009-03-16 Werner Koch - - * gpg.c (my_strusage): Revert last change. Systems w/o a gpg1 may, - and actually do, install gpg2 as gpg. - * gpgv.c (my_strusage): Ditto. - -2009-03-14 David Shaw - - * gpg.c (my_strusage): gpg2 and gpgv2 (not gpg and gpgv). - * gpgv.c (my_strusage): Same. - - * gpgv.c (my_strusage): Fix name of program in "Syntax" line. - -2009-02-27 Werner Koch - - * call-agent.c (agent_scd_pksign, agent_scd_pkdecrypt): First send - the SERIALNO command. - -2009-02-24 Werner Koch - - * pkglue.c (pk_verify): Return an error for improper DATA instead - of calling BUG(). - -2009-02-09 Werner Koch - - * keylist.c (print_capabilities): Take care of cert-only keys. - Fixes bug#998. - * keyedit.c (show_key_with_all_names_colon): Print the capabilities. - -2009-01-26 Werner Koch - - * card-util.c (card_status): Detect a Geldkarte. - -2009-01-13 Werner Koch - - * call-agent.c (dummy_data_cb): New. - (agent_learn): Use it. - * card-util.c (card_status): Print type of non-OpenPGP card. - * call-agent.h (agent_card_info_s): Add field APPTYPE. - -2009-01-12 Werner Koch - - * getkey.c (finish_lookup): Take care of keys with a zero - timestamp. Reported by Peter Gutmann. - -2009-01-08 Werner Koch - - * misc.c (has_invalid_email_chars): Let non-ascii pass through. - - * cpr.c [USE_SHM_COPROCESSING]: Remove this code. - -2008-12-12 Werner Koch - - * passphrase.c (passphrase_get): Write a STATUS_ERROR. - * cpr.c (write_status_error): New. - - * Makefile.am (common_source): Add rmd160.h. - -2008-12-11 Werner Koch - - * sig-check.c (signature_check2): Change algorithm used to compute - the SIG_ID. - (check_revocation_keys): Close message digest. - - * rmd160.c, rmd160.h: New. Based on code from GnuPG-1.4. - * t-rmd160.c: New. - * Makefile.am: Add support to run tests. - * keyid.c (namehash_from_uid): Use rmd160_hash_buffer. - -2008-12-10 Werner Koch - - * trustdb.h (NAMEHASH_HASH): Remove unsued constant. - - * gpg.c (print_mds): Print RMD160 only is enabled. - - * keygen.c (keygen_set_std_prefs): Include RMD160 only if - available. - -2008-12-09 Werner Koch - - * gpg.c (main) [IS_DEVELOPMENT_VERSION]: Fix strusage use. - -2008-12-09 Werner Koch - - * keygen.c (proc_parameter_file): Check that key and subkey usages - are allowed. - -2008-12-09 David Shaw (wk) - - * trustdb.c (validate_one_keyblock): Fix the trust signature - calculations so that we lower the trust depth of signatures to fit - within the current chain, rather than discarding any signature - that does not fit within the trust depth. - -2008-12-09 Werner Koch - - * keyserver.c (show_prompt): Flush stdout. - - * gpg.c (open_info_file): Add arg BINARY and adjust callers. - - * gpg.c (main): Call i18n_init before init_common_subsystems. - * gpgv.c (main): Ditto. - - * keylist.c (set_attrib_fd): Do not close ATTRIB_FP if it is the - log stream. - (set_attrib_fd) [W32]: Set to binary mode. - (dump_attribs): Flush the stream after writing. - -2008-12-05 Werner Koch - - * call-agent.c (percent_plus_escape): Rename to - my_percent_plus_escape and also escape the percent character. - Change all callers. - -2008-11-18 Werner Koch - - * gpg.c (build_lib_list): Remove. - (make_libversion): New. - (my_strusage): Use it. - * gpgv.c (make_libversion): New. - (my_strusage): Print libgcrypt version. - -2008-11-13 Werner Koch - - * gpgv.c: Use new ARGPARSE macros and re-indent. - -2008-11-11 Werner Koch - - * gpg.c (opts): Use new ARGPARSE macros for clarity. - -2008-10-24 Werner Koch - - * keyedit.c (change_passphrase): Clear passphrase cache. - -2008-10-20 Werner Koch - - * gpgv.c: Mark all args of the stub fucntions as unused. - - * card-util.c (generate_card_keys): Remove unused arg SERIALNO and - adjust caller. - - * build-packet.c (write_sign_packet_header): Mark unused arg. - * gpg.c (gpg_init_default_ctrl, gpg_deinit_default_ctrl): Ditto. - * getkey.c (skip_unusable): Ditto. - (write_version): Ditto. - * keydb.c (keydb_locate_writable): Ditto. - * keyring.c (update_offset_hash_table): Ditto. - (keyring_lock): Ditto. - * misc.c (register_secured_file): Ditto. - (unregister_secured_file): Ditto. - (is_secured_file): Ditto. - (is_secured_filename): Ditto. - * parse-packet.c (parse_marker): Ditto. - (parse_key, parse_attribute): Ditto. - (parse_trust, parse_compressed, parse_mdc, parse_gpg_control): Ditto. - * cpr.c (progress_cb): Ditto. - * passphrase.c (passphrase_clear_cache): Ditto. - (ask_passphrase): Ditto. - * keyedit.c (keyedit_completion): Ditto. - * import.c (import_revoke_cert): Ditto. - (chk_self_sigs, delete_inv_parts, append_uid): Ditto. - (merge_sigs, merge_keysigs, append_key): Ditto. - * trustdb.c (list_trust_path): Ditto. - (enum_cert_paths, enum_cert_paths_print): Ditto. - * tdbdump.c (list_trustdb): Ditto. - * keygen.c (keygen_upd_std_prefs): Ditto. - (genhelp_factors): Ditto. - * call-agent.c (agent_scd_setattr): Ditto. - (agent_scd_writekey, agent_scd_change_pin, agent_scd_genkey): Ditto. - (agent_clear_pin_cache): Ditto. - - * server.c (option_handler): Mark non yet used arg. - (input_notify, output_notify): Ditto. - (cmd_recipient, cmd_signer, cmd_encrypt, cmd_decrypt, cmd_verify) - (cmd_sign, cmd_import, cmd_export, cmd_delkeys, do_listkeys) - (cmd_genkey): Ditto. - * verify.c (gpg_verify): Ditto. - -2008-10-17 Werner Koch - - * main.h (idea_cipher_warn): Use do while construct in place of an - empty definition. - -2008-10-03 David Shaw - - * main.h, mainproc.c (check_sig_and_print) - * keylist.c (list_keyblock_print) - * pkclist.c (do_edit_ownertrust) - * keyedit.c (menu_showphoto) - * photoid.c (generate_photo_id, show_photos) - * misc.c (pct_expando): Add %v and %V expandos so - that displaying photo IDs can show the attribute validity - tag (%v) and string (%V). Originally by Daniel Gillmor. - -2008-09-29 Werner Koch - - * gpg.c (main): Remove -sat kludge. Note that we printed a - warning for two years. - - * seskey.c (encode_md_value): Remove extra gcry_md_test_algo since - it is not needed with Libgcrypt 1.4. - * skclist.c (random_is_faked): Simplify. - * sign.c (match_dsa_hash): Remove runtime check for SHA224. - * gpg.c (print_mds): Use GCRY_MD_SHA224 constant. - -2008-09-25 David Shaw - - * keyedit.c (keyedit_menu): Fix bug where a modified keyring loses - its modified status after a "clean" or "minimize" that doesn't - need to do anything. - -2008-09-25 Werner Koch - - * parse-packet.c (parse): Remove special treatment for compressed - new style packets. Fixes bug#931. - - * card-util.c (change_pin): Support setting of the reset code. - -2008-09-24 Werner Koch - - * call-agent.h (struct agent_card_info_s): Add field IS_V2. - * call-agent.c (learn_status_cb): That that field. - - * card-util.c (change_pin): Rename first arg to UNBLOCK_v2 and use - it this way. - (card_edit): Add new command UNBLOCK. - -2008-09-23 David Shaw - - * pkclist.c (select_algo_from_prefs): Redo function to rank prefs - and pick a consensus winner across all keys. - -2008-09-16 Werner Koch - - * card-util.c (fpr_is_ff): New. - (card_status): Do not print general key info for an all-ff fpr. - (change_login, change_private_do): Factor common code out to ... - (get_data_from_file): .. new. - (change_cert): New. - (card_edit): Add command "writecert". - * call-agent.c (writecert_parm_s): New. - (inq_writecert_parms, agent_scd_writecert): New. - -2008-09-04 David Shaw - - * keyserver.c (keyserver_import_cert): Allow keyserver URLs in - addition to full URLs in CERT records. - -2008-08-11 Werner Koch - - * keygen.c (ask_expire_interval): Check for time overflow of an - u32. Fixes bug #947. - -2008-08-01 Werner Koch - - * tdbio.c (open_db) [!EROFS]: Move closing parens out of the - ifdef. Reported by Ken Takusagawa. - -2008-06-25 Marcus Brinkmann - - * gpg.c (enum cmd_and_opt_values): Remove option - oEnableW32HandleTranslation. - (opts): Remove option --enable-w32-handle-translation. - (main): Remove variable w32_handle_translation. - -2008-06-19 Werner Koch - - * gpg.c (gpgconf_list): Add "group". - -2008-06-18 Marcus Brinkmann - - * gpg.c (enum cmd_and_opt_values): New option - oEnableW32HandleTranslation. - (opts): New option --enable-w32-handle-translation. - (main): New variable w32_handle_translation to keep track of - option. - -2008-06-16 Werner Koch - - * keygen.c (output_control_s): Add ASK_PASSPHRASE. - (read_parameter_file): Add commands %ask-passphrase and - %no-ask-passphrase. - -2008-06-11 Werner Koch - - * gpg.c: Make --fixed-list-mode a dummy. - * options.h (struct): Removed FIXED_LIST_MODE. - * keyid.c (colon_strtime, colon_datestr_from_pk) - (colon_datestr_from_sk, colon_datestr_from_sig) - (colon_expirestr_from_sig): Remove fixed_list_mode case. - * keylist.c (list_keyblock_colon): Ditto. Remove all now unsed - code and reindent. - -2008-05-31 Werner Koch - - * keygen.c (ask_user_id): Change the string printed as header of - the user ID generation. Use code to not break existing - translations. Suggested by Eric Tetz. - -2008-05-08 Werner Koch - - * sig-check.c (do_check_messages): Print a revocation diagnostic - in verbose mode. - -2008-05-07 Werner Koch - - * gpg.c: New command --locate-keys. New options --with-sig-list - and --with-sig-check. - * keylist.c (locate_one): New. - (public_key_list): Add arg LOCATE_MODE and use locate_one. - * getkey.c (get_pubkey_byname): Fix nodefault case. Add option - RETCTX, change all callers. - (struct getkey_ctx_s): Add field extra_ptr; - (get_pubkey_end): Free it. - -2008-04-18 Werner Koch - - * misc.c (map_cipher_openpgp_to_gcry, map_cipher_gcry_to_openpgp) - (openpgp_cipher_test_algo): Add camellia-192. - (openpgp_cipher_blocklen): New. - * parse-packet.c (parse_key): Use new function here. - -2008-04-15 David Shaw - - * getkey.c (merge_selfsigs_subkey): If there are multiple 0x19 - backsigs, take the most recent one. - -2008-04-08 Werner Koch - - * options.h (opt): Add AKL_NODEFAULT and AKL_LOCAL. - * getkey.c (parse_auto_key_locate): Parse them. - (get_pubkey_byname): Implement them. Add arg NO_AKL and use that - in all cases where a local key is expected. - * import.c (import_one): Fill in the fingerprint in all cases. - Use log_get_stream. - * keyserver.c (keyserver_import_pka): Set FPR to NULL on error. - Return G10ERR_NO_PUBKEY if no PKA info is available or no key URI - is given in the PKA record.. - (keyserver_import_cert): Return G10ERR_NO_PUBKEY if a CERT record - was not found. - - * getkey.c (get_pubkey_byname): Release FPR in the error case. - Continue with next mechanism on error. Better diagnostics. - -2008-04-07 Werner Koch - - * keyserver.c (parse_keyserver_uri): Allow a default host name. - - * getkey.c (get_pubkey_byname): Replace sprintf by bin2hex. - -2008-04-02 Werner Koch - - * gpg.c (main): Do not allow DSA2 with a too old Libgcrypt. - -2008-03-26 Werner Koch - - * tdbio.c (lookup_hashtable): Make cmp args const. - (cmp_trec_fpr): Make FPR const. - (tdbio_search_trust_byfpr): Remove cast. - -2008-03-25 Werner Koch - - * keyserver.c (parse_keyrec): Take care of char defaulting to - unsigned when using hextobyte. - -2008-03-25 David Shaw (wk) - - * import.c (collapse_uids): Fix bug 894: possible memory - corruption around deduplication of user IDs. - -2008-03-25 Werner Koch - - * parse-packet.c (parse_key): Parse a secret key encrypted with - Camellia. - - * options.skel: Make the default keyserver keys.gnupg.net. - -2008-03-18 Werner Koch - - * seckey-cert.c (do_check): Use GCRYMPI_FMT_PGP for v3 keys. - Reported by Petr Cerny. - -2008-03-13 Werner Koch - - * passphrase.c (PROMPTSTRING): Change string to me more similar to - the X.509 prompt. - -2008-02-26 Werner Koch - - * getkey.c (get_pubkey_byname): Fix comment. - -2008-02-14 Werner Koch - - * call-agent.c (default_inq_cb): New. - (agent_learn, agent_scd_getattr, agent_scd_pksign) - (agent_scd_pkdecrypt, agent_scd_change_pin, agent_scd_checkpin) - (agent_get_passphrase, agent_clear_passphrase): Use new callback. - (inq_writekey_parms): Fall back to the new callback for other - inquiries. - (start_agent): Tell agent that we accept pinentry notifications. - -2008-02-11 Werner Koch - - * server.c (cmd_getinfo): New. - (register_commands): Register GETINFO. - -2008-02-09 Marcus Brinkmann - - * gpg.c (main): New variable default_configname. Use it if - save_configname is NULL (can happen if default configfile does - not exist). Move default configname determination to ... - (get_default_configname): ... this new function. - -2008-01-30 Werner Koch - - * keydb.c (maybe_create_keyring): Fixed last change. - * tdbio.c (tdbio_set_dbname): Also test for forward slash. - -2008-01-29 Werner Koch - - * keydb.c (maybe_create_keyring): Take care of a missing slash. - (maybe_create_keyring) [W32]: Also test for forward slash. - -2008-01-26 Werner Koch - - * card-util.c (get_manufacturer): Add vendor 0004. - -2008-01-02 Werner Koch - - * gpg.c: Add --logger-file as an alias for log-file. - -2007-12-14 Werner Koch - - * gpg.c (main): Set opt.no_homedir_creation during the first option - parsing pass. - -2007-12-12 Werner Koch - - * misc.c (print_pubkey_algo_note): Print a warning if a type 20 - key is used. - (openpgp_pk_test_algo, openpgp_pk_test_algo2) - (openpgp_pk_algo_usage): Allow type 20 keys only in rfc2440 mode. - -2007-12-12 David Shaw (wk) - - * trustdb.c (sanitize_regexp): New. Protect against dangerous - regexps (malloc bombs) by force-commenting any characters aside - from the ones we explicitly want. - (check_regexp): Use it here before passing the regexp to - regcomp(). - -2007-12-12 Werner Koch - - * misc.c (map_cipher_openpgp_to_gcry): New. Used to map Camellia - algorithms to Gcrypt. - (openpgp_cipher_test_algo): Call new map function. Replace - all remaining calls to gcry_cipher_test_algo by a call to this. - (openpgp_cipher_algo_name): New. Replace all remaining calls to - gcry_cipher_algo_name by a call to this. - (map_cipher_gcry_to_openpgp): New. - (string_to_cipher_algo): Use it. - * gpg.c (main): Print a warning if Camellia support is build in. - - * gpg.c (print_algo_names): New. From the 1.4 branch by David. - (list_config): Use it here for the "ciphername" and "digestname" - config items so we can get a script-parseable list of the names. - - * parse-packet.c (parse_onepass_sig): Sigclass is hex, so include - the 0x. - - * sign.c (match_dsa_hash): Remove conditional builds dending on - USE_SHAxxx. We don't need this becuase it can be expected that - libgcrypt provides it. However we need to runtime test for SHA244 - becuase that is only available with libgcrypt 2.4. - -2007-12-11 Werner Koch - - * mainproc.c (proc_pubkey_enc): Allow type 20 Elgamal key for - decryption. - -2007-12-10 Werner Koch - - * import.c (auto_create_card_key_stub): Do not clear the entire - fingerprint. This finally makes the stub creation work. My past - tests seemed to work because there was a key with a all zero - fingerprint available (Elgamal signing keys). - -2007-12-08 Werner Koch - - * misc.c (openpgp_pk_algo_usage): Allow Elgamal type 20 for - encryption. - -2007-12-04 Werner Koch - - * helptext.c (get_help_from_file): New. - (display_online_help): Use it to geting the help through a file. - (helptexts): Remove. - -2007-12-03 Werner Koch - - * keygen.c (ask_key_flags): Add a translation remark and implement - a workaround. - - * gpg.c (reopen_std): Moved to ../common and renamed to - gnupg_reopen_std. - - * gpg.c: Remove second inclusion of fcntl.h. - -2007-11-19 Werner Koch - - * keyedit.c (keyedit_menu): String grammar fix. - -2007-11-15 Werner Koch - - * gpg.c (main): New option --xauthority. - * call-agent.c (start_agent): Adjust changed start_new_gpg_agent. - -2007-11-12 Werner Koch - - * cpr.c (do_get_from_fd): s/bool/getbool/ to overcome problems - with Mac OS 10.5 which seems to include stdbool.h silently. - -2007-11-07 Werner Koch - - Replace all includes of errors.h by status.h (found in common/). - - * status.h: Remove. - * status.h: Move prototypes to main.h. - * status.c: Rename to .. - * cpr.c: .. this. - (get_status_string): Remove. We take this now from common/. - -2007-10-25 David Shaw (wk) - - From 1.4 (October): - - * gpg.c (main): Add --require-cross-certification to - --openpgp/--rfc4880 mode. - - * gpg.c (main): Disable --rfc2440-text and --force-v3-sigs by - default. Enable --require-cross-certification by default. - --openpgp (--rfc4880) is the same as --rfc2440 except with - "--enable-dsa2 --no-rfc2440-text --escape-from-lines". - - * misc.c (compliance_option_string, compliance_failure): Minor - cleanup. - - * armor.c (is_armor_header): Comment about 4880. - - * options.h, gpg.c (main): Add --rfc4880, and make --openpgp an - alias to it. --rfc2440 now stands alone. For now, use the old - 2440 defaults for 4880. - * misc.c (compliance_option_string): Ditto. - - * keyedit.c (keyedit_menu): Use compliance_option_string() instead - of printing the compliance modes here. - -2007-10-25 David Shaw (wk) - - From 1.4 (September): - - * import.c (collapse_uids): Significant speedup for de-duping user - IDs. - -2007-10-25 David Shaw (wk) - - From 1.4 (July): - - * armor.c (parse_header_line): Improve test so that the header - test only allows "Hash" in the signed data section. - - * armor.c (is_armor_tag): New. Detect if an armor header matches - 2440bis-21. - (parse_header_line): Call it here, as bis-21 requires warning the - user (but continuing to process the message) when seeing an - unknown header. - - * encode.c (encode_crypt): Missed one call to - setup_plaintext_name(). This is bug#809. - - * sign.c (mk_notation_policy_etc): Expect all sigs that this is - called for are >=v4. - (write_signature_packets, make_keysig_packet): Only call it for - >=v4 sigs. This allows --force-v3-sigs and --force-v4-certs to - enable or disable notations, policies, and keyserver URLs. This - is bug#800. - -2007-10-19 Werner Koch - - * passphrase.c (passphrase_get): Use new utf8 switching fucntions. - -2007-09-14 Werner Koch - - * gpg.c (build_lib_list): New. - (my_strusage): Print lib info. - -2007-08-27 Werner Koch - - * trustdb.c (USE_INTERNAL_REGEX): Remove support. - -2007-08-24 Werner Koch - - * keyring.c (keyring_register_filename): Use same_file_p(). - -2007-08-21 Werner Koch - - * misc.c (openpgp_md_test_algo): Remove rfc2440bis hash algorithms. - (openpgp_cipher_test_algo): Likewise for algos 5 and 6. - -2007-08-02 Werner Koch - - * gpg.c: Include gc-opt-flags.h and remove their definition here. - -2007-07-17 Werner Koch - - * gpg.c (gpgconf_list): Declare --encrypt-to and --default-key. - - * card-util.c (get_manufacturer): Add the unmanaged S/N range. - -2007-07-12 Werner Koch - - * gpg.c (main): Use translate_sys2libc_fd_int when passing an int - value. - * gpgv.c (main): Ditto. - -2007-07-05 Werner Koch - - * card-util.c (card_generate_subkey, card_store_subkey): Enable - the code also for GnuPG-2. - - * keygen.c (make_backsig): Add arg TIMESTAMP. - (write_keybinding): Add arg TIMESTAMP, pass it to make_backsig. - (write_direct_sig, write_selfsigs): Add arg TIMESTAMP. - (gen_elg, gen_dsa, gen_rsa): Add arg TIMESTAMP. - (do_create): Ditto. - (do_generate_keypair): Use the same timestamp for key creation - time and all key signatures. Return an error if write_direct_sig - for the secret key fails. - (generate_subkeypair): Ditto. - (gen_card_key): New arg TIMESTAMP. - (generate_card_subkeypair): Pass current time to gen_card_key. - (gen_card_key_with_backup): New arg TIMESTAMP. - (read_parameter_file): Add option Creation-Date. - (parse_creation_string): New. - (do_generate_keypair): Use the Creation-Date if available. - (save_unprotected_key_to_card): Use P for P and not D. - * call-agent.c (agent_scd_genkey): Add arg CREATETIME. - * keyedit.c (menu_backsign): Use the same timestamp for all backsigs. - -2007-06-26 Werner Koch - - * openfile.c (try_make_homedir): Support W32; use standard_homedir. - -2007-06-25 Werner Koch - - * gpg.c, gpgv.c: Include sysutils.h. - (main): Replace iobuf_translate_file_handle by - translate_sys2libc_fd. - -2007-06-21 Werner Koch - - * main.h: Include util.h. - - * call-agent.c (start_agent): Factored almost all code out to - ../common/asshelp.c. - - * gpg.h (ctrl_t): Remove. It is now declared in ../common/util.h. - -2007-06-20 Werner Koch - - * misc.c (setsysinfo, trap_unaligned): Remove. It is also in - common/sysutils.c. - (disable_core_dumps, get_session_marker): - - * sign.c (sleep): Remove sleep wrapper. - -2007-06-18 Marcus Brinkmann - - * gpg.c (gpgconf_list): Percent escape output of --gpgconf-list. - -2007-06-14 Werner Koch - - * call-agent.c (start_agent): Use gnupg_module_name. - -2007-06-12 Werner Koch - - * openfile.c (copy_options_file): Use gnupg_datadir. - * misc.c (get_libexecdir): Remove. Changed all callers to use - gnupg_libexecdir. - * gpg.c (check_permissions): Use gnupg_libdir. - - * gpg.c (main): Replace some calls by init_common_subsystems. - * gpgv.c (main): Ditto. - -2007-06-11 Werner Koch - - * Makefile.am (needed_libs): Use libcommonstd macro. - - * gpgv.c (main) [W32]: Call pth_init. - * gpg.c (main) [W32]: Call pth_init. - -2007-06-08 Werner Koch - - * Makefile.am (gpg2_LDADD): Syntax fix. - -2007-06-06 Werner Koch - - * passphrase.c (passphrase_get) [!ENABLE_NLS]: Do not define - orig_codeset. - - * Makefile.am (gpgv2_LDADD, gpg2_LDADD): Include LDADD before - libgcrypt. - - * plaintext.c (handle_plaintext): Replace eof by eof_seen as W32's - io.h has a symbol with that name. - - * misc.c: Do not include dynload.h. - (w32_shgetfolderpath): Remove. It is now in common/homedir.c. - - * gpgv.c (i18n_init): Remove. - * gpg.c (i18n_init): Remove. - (main): Make --load-extension a dummy - -2007-05-19 Marcus Brinkmann - - * passphrase.c (passphrase_get): Use PACKAGE_GT, not PACKAGE. - - * passphrase.c (passphrase_get): Free ORIG_CODESET on error. - -2007-05-16 Werner Koch - - * sig-check.c (check_backsig): Check the digest algorithm before - using it. Fixed bug 797. - -2007-05-09 Werner Koch - - * openfile.c (overwrite_filep, open_outfile) [W32]: Need to use - just "nul". Though, I am pretty sure that some MSDOS versions - grok the extra /dev/. - -2007-05-07 Werner Koch - - * openfile.c (open_outfile, overwrite_filep) [W32]: Use "/dev/nul". - -2007-05-02 David Shaw - - * packet.h, mainproc.c (reset_literals_seen): New function to - reset the literals count. - - * verify.c (verify_one_file), decrypt.c (decrypt_messages): Call - it here so we allow multiple literals in --multifile mode (in - different files - not concatenated together). - -2007-04-26 Marcus Brinkmann - - * passphrase.c (passphrase_to_dek): Write missing passphrase - status message in case of cancellation. - -2007-04-16 Werner Koch - - * build-packet.c (mpi_write): Made buffer a bit larger. Reported - by Alexander Feigl. - -2007-04-13 Werner Koch - - * call-agent.c (start_agent): Don't use log_error when using the - fallback hack to start the agent. This is bug 782. - -2007-04-05 David Shaw - - From STABLE-BRANCH-1-4 - - * parse-packet.c (parse_marker): New. Enforce that the marker - contains 'P', 'G', 'P', and nothing but. - (parse): Call it here. - (skip_packet): No longer need to handle marker packets here. - -2007-03-14 David Shaw - - From STABLE-BRANCH-1-4 - - * keyserver.c: Windows Vista doesn't grok X_OK and so fails - access() tests. Previous versions interpreted X_OK as F_OK - anyway, so we'll just use F_OK directly. - -2007-03-09 David Shaw - - From STABLE-BRANCH-1-4 - - * parse-packet.c (parse_signature): It's hex. - - * getkey.c (merge_selfsigs_subkey): Avoid listing the contents of - a backsig when list mode is on. Noted by Timo Schulz. - -2007-03-08 Werner Koch - - * plaintext.c (handle_plaintext): Add two extra fflush for stdout. - -2007-03-08 David Shaw (wk) - - * keyedit.c (keyedit_menu): If we modify the keyblock (via - fix_keyblock() or collapse_uids()) make sure we reprocess the - keyblock so the flags are correct. Noted by Robin H. Johnson. - - * getkey.c (fixup_uidnode): Properly clear flags that don't apply - to us (revoked, expired) so that we can reprocess a uid. - -2007-03-05 Werner Koch - - Converted this file to UTF-8. - - Ported David and my multiple messages changes from 1.4.7. - - * options.h, gpg.c (main), mainproc.c (check_sig_and_print): Allow - multiple sig verification again as this is protected via the - multiple-messages code. New option --allow-multiple-messages and - --no variant. - * status.h (STATUS_ERROR): New status code. - * status.c (get_status_string): Ditto. - * mainproc.c (proc_plaintext): Emit it if multiple messages are - detected. Error out if more than one plaintext packet is - encountered. - * mainproc.c (literals_seen): New. - -2007-02-26 Werner Koch - - * gpg.c (main): Add verify option show-primary-uid-only. - * options.h (VERIFY_SHOW_PRIMARY_UID_ONLY): New. - * mainproc.c (check_sig_and_print): Implement it. - -2007-02-22 Werner Koch - - * encr-data.c (decrypt_data): Correctly test for unknown algorithm. - * import.c (check_prefs): Ditto. - * keyedit.c (show_prefs): Ditto. - * mainproc.c (proc_symkey_enc): Ditto. - -2007-02-06 Werner Koch - - * export.c (do_export_stream): Allow reset-subkey-passwd along - with sexp-format. - -2007-02-04 Werner Koch - - * parse-packet.c (parse_signature): Limit bytes read for an - unknown alogorithm. Fixes Debian bug#402592. - -2007-01-31 Werner Koch - - * verify.c (verify_signatures): Do no dereference a NULL afx. - - * passphrase.c (passphrase_get): Set the cancel flag on all error - from the agent. Fixes a bug reported by Tom Duerbusch. - -2007-01-30 Werner Koch - - * status.c (write_status_begin_signing): New. - * sign.c (sign_file, sign_symencrypt_file): Call it. - * textfilter.c (copy_clearsig_text): Call it. - - * call-agent.c (agent_scd_pksign): Pass --hash-rmd160 to SCD if - required. - - * gpg.c (main): Let --no-use-agent and --gpg-agent-info print a - warning. - * misc.c (obsolete_option): New. - -2007-01-29 Werner Koch - - * pkclist.c (do_we_trust_pre): Issue a user-id-hint status code. - -2007-01-15 Werner Koch - - * parse-packet.c (read_protected_v3_mpi): Make sure to stop - reading even for corrupted packets. - * keygen.c (generate_user_id): Need to allocate one byte more. - Reported by Felix von Leitner. - -2006-12-21 Werner Koch - - * gpg.c (main): New command --server. - * gpg.h (struct server_control_s, ctrl_t): New. - * server.c: New. - * verify.c (gpg_verify): New. - * mainproc.c (mainproc_context): Made SIGNED_DATA a structure. - (proc_signature_packets_by_fd): New. - (proc_compressed_cb): Divert depending on SIGNED_DATA. - * plaintext.c (hash_datafile_by_fd): New. - * mainproc.c (proc_tree): Use it here. - - * verify.c (verify_signatures): Init AFX only when needed. - Don't leak a context on error. - (verify_one_file): Don't leak a context on error. - -2006-12-07 Werner Koch - - * openfile.c (copy_options_file): Use log_info instead of - log_error to avoid an error return of gpg due to a missing - skeleton file. - -2006-12-07 David Shaw - - * Makefile.am: Link to iconv for jnlib dependency. - -2006-12-05 Werner Koch - - * passphrase.c (passphrase_to_dek): Handle a Cancel request - correctly. [Bug#737] - * mainproc.c (proc_symkey_enc): Removed workaround for bogus cancel - processing. - * encode.c (encode_simple): Distinguish error message between - cancel and invalid passphrase. - (setup_symkey): Ditto. - * sign.c (sign_symencrypt_file): Ditto - * keyedit.c (change_passphrase): Allow cancellation. - * keygen.c (do_ask_passphrase): New arg R_CANCELED. - (generate_keypair): Handle a passphrase cancellation. - (generate_raw_key): Ditto. - (generate_subkeypair): Ditto. - -2006-12-04 Werner Koch - - * filter.h (armor_filter_context_t): New element REFCOUNT. - * armor.c (armor_filter): Made static. - (push_armor_filter, release_armor_context, new_armor_context): New. - (armor_filter): Release the context. - * gpg.c (main): Use new armor context functions and - push_armor_filter. - * export.c (do_export): Ditto. - * encode.c (encode_simple, encode_crypt): Ditto. - * decrypt.c (decrypt_message, decrypt_messages): Ditto. - * dearmor.c (dearmor_file, enarmor_file): Ditto. - * verify.c (verify_signatures, verify_one_file): Ditto. - * sign.c (sign_file, clearsign_file, sign_symencrypt_file): Ditto. - * revoke.c (gen_desig_revoke, gen_revoke): Ditto. - * keyserver.c (keyserver_spawn): Ditto. - * keygen.c (output_control_s): Turn AFX fields into pointers. - (read_parameter_file): Allocate and release AFX fields. - (do_generate_keypair): Use push_armor_filter. - * import.c (import): Replace iobuf_push_filter2 hack by the new - armor context stuff. - -2006-12-03 Werner Koch - - * filter.h: New element REFCOUNT. - (handle_progress): Remove prototype. - * progress.c (new_progress_context, release_progress_context): New. - (progress_filter): Use new function to release context. Made static. - (handle_progress): Bumb reference counter. No more check for - enabled progress as this is handled by new_progress_context. - * verify.c (verify_signatures, verify_one_file): Replace stack - based progress context by a heap based one. - * sign.c (sign_file, clearsign_file, sign_symencrypt_file): Ditto. - * plaintext.c (ask_for_detached_datafile, hash_datafiles): Ditto. - * encode.c (encode_simple, encode_crypt): Ditto. - * decrypt.c (decrypt_message, decrypt_messages): Ditto. - - * keyedit.c (menu_clean): Made strings translatable. - -2006-12-03 David Shaw - - * keyedit.c (menu_clean): Show "already minimized" rather than - "already clean" when a minimized key is minimized again. From - Dirk Traulsen. - -2006-12-02 David Shaw - - * options.h, gpg.c (main), passphrase.c (passphrase_to_dek): Add - --passphrase-repeat option to control how many times gpg will - re-prompt for a passphrase to ensure the user has typed it - correctly. Defaults to 1. - -2006-12-02 Werner Koch - - * encr-data.c: Allocate DFX context on the heap and not on the - stack. Changes at several places. Fixes CVE-2006-6235. - -2006-11-27 Werner Koch - - * openfile.c (ask_outfile_name): Fixed buffer overflow occurring - if make_printable_string returns a longer string. Fixes bug 728. - -2006-11-21 Werner Koch - - * Makefile.am (needed_libs): libgnu needs to come after libcommon. - - * keygen.c (ask_expire_interval): Print y2038 warning only for 32 - bit time_t. - (save_unprotected_key_to_card): Made RSA_N_LEN et al a size_t. - Cast printf args. - (get_parameter_algo): Allow "ELG" as alias for "ELG-E". - - * seckey-cert.c (do_check): Made NBYTES a size_t. - (do_check): Made NDATA a size_t. - (protect_secret_key): Made NARR a size_t. - (protect_secret_key): Made NVYES a size_t. - * pubkey-enc.c (get_it): Made INDATALEN a size_t. - (get_it): Made NFRAME a size_t. - * keyid.c (hash_public_key): Made NBITS an unsigned int. - * misc.c (checksum_mpi): Made NBYTES a size_t. - (openpgp_pk_test_algo2): Made USE_BUF a size_t. - * seskey.c (encode_session_key): Made NFRAME a size_t. - (do_encode_md): Ditto. - (encode_md_value): Cast size_t argument of printf. - (encode_md_value): Ditto. - -2006-11-10 Werner Koch - - * parse-packet.c (mpi_read): Changed NREAD to size_t to match the - gcry_mpi-scan prototype. - (mpi_read): Fixed double increment of bytes read to correctly - detect overlong MPIs. - -2006-11-05 Werner Koch - - * gpg.c (main): Remove the default --require-cross-certification. - * options.skel: Enable require-cross-certification. - -2006-10-31 Werner Koch - - * pkclist.c (warn_missing_aes_from_pklist): New. - * encode.c (encrypt_filter, encode_crypt): Use it here. - -2006-10-27 Werner Koch - - * pkclist.c (warn_missing_mdc_from_pklist): New. - * encode.c (use_mdc): Use it here. - -2006-10-24 Marcus Brinkmann - - * Makefile.am (AM_CFLAGS): Add $(LIBASSUAN_CFLAGS). - -2006-10-23 Werner Koch - - * gpg.c (main): New command --gpgconf-test. - - * Makefile.am (bzip2_source): New. - -2006-10-20 Werner Koch - - * getkey.c (classify_user_id): Reserve '&' for search by keygrip. - -2006-10-19 Werner Koch - - * keygen.c (get_parameter_algo): Add special case for ELG_E which - is not supported by libgcrypt's mapping function. - -2006-10-18 Werner Koch - - * keyid.c (v3_keyid): Don't use mempcy as we need to hold the - keyids in the native endian format. - - * import.c (import_print_stats): Use log_printf. - - * build-packet.c (do_public_key): Care about mpi_write errors. - (do_secret_key, do_pubkey_enc, do_signature): Ditto. - (mpi_write): Print an extra warning on error. - -2006-10-17 Werner Koch - - * Makefile.am (LDADD): Replaced W32LIBS by NETLIBS. - -2006-10-12 David Shaw - - * parse-packet.c (parse_symkeyenc): Show the unpacked as well as - the packed s2k iteration count. - - * main.h, options.h, gpg.c (encode_s2k_iterations, main), - passphrase.c (hash_passphrase): Add --s2k-count option to specify - the number of s2k hash iterations. - -2006-10-08 Werner Koch - - * gpgv.c: Remove the tty stubs as we are now required to link to - tty anyway (it is included in libcommand and has dependencies to - other modules as well). - - * keyedit.c (keyedit_menu): Use keyedit_completion only if - readline is available. It would be better to move this code into - gpgrlhelp.c - -2006-10-06 Werner Koch - - * Makefile.am (AM_CFLAGS): Use PTH version of libassuan. - -2006-10-06 David Shaw - - * keyserver.c (keyserver_spawn): Write the 16-digit keyid rather - than whatever key selector the user used on the command line. - -2006-10-05 Werner Koch - - * status.c (progress_cb): Changed to libgcrypt API. - (set_status_fd): Register the progress cb. - - * seskey.c (encode_md_value): Check that the hash algo is valid - before getting the OID. - -2006-10-04 Werner Koch - - * passphrase.c: Allow for a static passphrase in batch mode. - - * call-agent.c (agent_havekey): Removed. - (percent_plus_escape): New. - (agent_get_passphrase): New. - (agent_clear_passphrase): New. - - * passphrase.c: Changed so that we always require the agent. - (agent_send_option, agent_send_all_options, agent_open): Removed. - (agent_get_passphrase): Cleaned up. Does now use the call-agent - functions. Renamed to - (passphrase_get): .. this. Changed all callers. - (passphrase_clear_cache): Rewritten. - (passphrase_to_dek, hash_passphrase): Re-indented. - - * gpg.c (main): Made --use-agent a dummy option. - * seckey-cert.c (check_secret_key): We require the agent, so always - allow for 3 tries. - - * gpg.c (main): Print a warning if -sat has been used. - (main): Removed the special treatment of the -k option. -k is now - an alias for --list-keys. - (main): Removed --list-ownertrust. - -2006-10-02 Werner Koch - - * encr-data.c (decrypt_data, mdc_decode_filter): Check the MDC - right here and don't let parse-packet handle the MDC. - -2006-09-29 Werner Koch - - * compress.c (do_uncompress): Removed use of Z_PARTIAL_FLUSH. - This is outdated and old zlib versions which still require it have - security problems. - -2006-09-27 Werner Koch - - Replaced all STRLIST by strlist_t. - -2006-09-21 Werner Koch - - * signal.c (got_fatal_signal): Replaced readline stuff by a tty - function. - - * Makefile.am (LDADD): Include libgpgrl.a. - - * gpg.c (main): Call gpg_rl_initialize. - - * keyedit.c: Removed double inclusion of stdio.h. - -2006-09-20 Werner Koch - - * call-agent.c: Include asshelp.h. - (start_agent): Use send_pinentry_environment. - -2006-09-14 Werner Koch - - Replaced all call gpg_error_from_errno(errno) by - gpg_error_from_syserror(). - -2006-09-13 Werner Koch - - * gpg.c (main): Made --require-cross-certification the default. - -2006-09-06 Marcus Brinkmann - - * Makefile.am (gpg2_LDADD, gpgv2_LDADD): Replace -lassuan and - -lgpg-error with $(LIBASSUAN_LIBS) and $(GPG_ERROR_LIBS). - (AM_CFLAGS): Add $(LIBASSUAN_CFLAGS) and $(GPG_ERROR_CFLAGS). - -2006-09-06 Werner Koch - - * gpg.c (main): Enable new assuan API. - * call-agent.c: Changed to new Assuan API. - -2006-09-01 Werner Koch - - * call-agent.c: Do not force using the pipe server. - - * gpg.c (main): Enable card related commands. - -2006-08-22 Werner Koch - - * mainproc.c (proc_plaintext): Fixed a #warning - -2006-08-21 Werner Koch - - * skclist.c (random_is_faked): Implemented. - (is_insecure): Also test for the old uppercase version of the - insecure string. - * gpg.c (main): Renamed --quick-random to debug-quick-quick-random. - - * gpg.c (print_mds): Do not use the USE_SHA macros. - - * mainproc.c (proc_encrypted): Remove assign inside condition for - better readibility. - - * packet.h: Moved consts to new header ../common/openpgpdefs.h. - -2006-08-16 Werner Koch - - * keyserver.c (GPGKEYS_PREFIX): Rename to gpg2keys_. This is so - that we can install helpers from 1.4 and 2 without conflicts and - first of all don't get lost with weird bug reports. - - * keyid.c (serialno_and_fpr_from_sk): New. Actually lost during - the last 1.4 to 1.9 merge. - - * gpg.c (list_config): Output ccid-reader-id only for gnupg 1. - - * call-agent.c (agent_scd_writekey): New. - (inq_writekey_parms): New. - - * gpgv.c: Include call-agent.h for use by stubs. - - * misc.c: Include call-agent.h for use by get_signature_count. - -2006-07-27 Werner Koch - - * parse-packet.c (parse_comment): Cap comments at 65k. - (parse_gpg_control): Skip too large control packets. - -2006-07-24 David Shaw (wk) - - * keydb.h, pkclist.c (select_algo_from_prefs, algo_available): - Pass a union for preference hints rather than doing void * games. - - * sign.c (sign_file): Use it here. - - * sign.c (sign_file): When signing with multiple DSA keys, one - being DSA1 and one being DSA2 and encrypting at the same time, if - the recipient preferences give a hash that can work with the DSA2 - key, then allow the DSA1 key to be promoted rather than giving up - and using hash_for(). - - * pkclist.c (algo_available): Automatically enable DSA2 mode when - handling a key that clearly isn't DSA1 (i.e. q!=160). - -2006-06-30 Werner Koch - - * misc.c (checksum_mpi): No need for nbits as they are alredy - included in the buffer. - -2006-06-29 Werner Koch - - * parse-packet.c (parse_signature, parse_key): Need store the - length of opaque data as number of bits. - * card-util.c (card_store_subkey): Ditto. - - * mainproc.c (print_pkenc_list, check_sig_and_print): Replaced - log_get_stream by calls to log_printf. This avoids the extra LFs - inserted by the logging function. They are a bit too smart - sometimes. - * pkclist.c (do_show_revocation_reason): Print final LF through - log_printf to avoid extra LFs. - * pubkey-enc.c (get_it): Ditto. - - * seskey.c (encode_md_value): Fix call to gcry. - -2006-06-27 Werner Koch - - Applied patches from 1.4.x (2006-05-22 to 2006-06-23) from David: - - * keygen.c (keygen_upd_std_prefs, keygen_add_std_prefs) - (proc_parameter_file): Add --default-keyserver-url to specify a - keyserver URL at key generation time, and "Keyserver:" keyword for - doing the same through a batch file. - * options.h, gpg.c (main): Ditto. - - * sign.c (do_sign): For now don't accept a truncated hash even - for DSA1 keys (be liberal in what you accept, etc). - - * import.c (import_one): Add a flag (from_sk) so we don't check - prefs on an autoconverted public key. The check should only - happen on the sk side. Noted by Dirk Traulsen. - - * keygen.c (gen_card_key): Add optional argument to return a - pointer (not a copy) of the stub secret key for the secret key we - just generated on the card. - (generate_card_subkeypair): Use it here so that the signing key on - the card can use the card to generate the 0x19 backsig on the - primary key. Noted by Janko Heilgeist and Jonas Oberg. - - * parse-packet.c (parse_user_id): Cap the user ID size at 2048 - bytes. This prevents a memory allocation attack with a very large - user ID. A very large packet length could even cause the - allocation (a u32) to wrap around to a small number. Noted by - Evgeny Legerov on full-disclosure. - - * keygen.c (gen_dsa): Allow generating DSA2 keys. Allow - specifying sizes > 1024 when --enable-dsa2 is set. The size of q - is set automatically based on the key size. - (ask_keysize, generate_keypair): Ask for DSA size when - --enable-dsa2 is set. - - * exec.c (make_tempdir) [W32]: Fix bug with a temporary directory - on W32 that is over 256 bytes long. Noted by Israel G. Lugo. - - * gpg.c (reopen_std): New function to reopen fd 0, 1, or 2 if we - are called with them closed. This is to protect our - keyring/trustdb files from corruption if they get attached to one - of the standard fds. Print a warning if possible that this has - happened, and fail completely if we cannot reopen (should never - happen). - (main): Call it here. - - * parse-packet.c (dump_sig_subpkt, parse_signature): Fix meaning - of key expiration and sig expiration subpackets - zero means - "never expire" according to 2440, not "expire instantly". - * build-packet.c (build_sig_subpkt_from_sig): Ditto. - * getkey.c (fixup_uidnode, merge_selfsigs_main) - (merge_selfsigs_subkey): Ditto. - * keygen.c (keygen_add_key_expire): Ditto. - - * getkey.c (get_pubkey_byname) - * import.c (import_one): Fix key selection problem when - auto-key-locate returns a list of keys, not all of which are - usable (revoked, expired, etc). Noted by Simon Josefsson. - -2006-05-24 Werner Koch - - * keyid.c (hash_public_key): Do not double hash the length bytes, - they are already included by mpi_print. - - * misc.c (openpgp_pk_test_algo2): Get test call right. - - * misc.c (string_to_cipher_algo, string_to_digest_algo): New. - * keygen.c (keygen_set_std_prefs): use them here. - * gpg.c (main): and here. - -2006-05-23 Werner Koch - - * card-util.c (generate_card_keys): Removed temporary kludge for - generate_keypair. - - * call-agent.c (agent_scd_setattr): Add arg SERIALNO. - (agent_scd_genkey): Ditto. - (agent_scd_change_pin): Ditto. - - * call-agent.h (struct agent_card_info_s): Updated to match the - one of 1.4.3. - - * Makefile.am (LDADD): Include ZLIBS. - - * gpgv.c: Removed stubs not anymore useful due to libgcrypt. - -2006-05-22 Werner Koch - - * keyserver.c (keyidlist): Replaced mpi_get_keyid by v3_keyid. - * keydb.h (v3_keyid): Added. - - * import.c (import): Better initialize KEYBLOCK as to quiet - compiler warning. - - * skclist.c (random_is_faked): New. - - * mainproc.c: Include pka.h. - -2006-05-19 Werner Koch - - * misc.c (openpgp_pk_test_algo2): Need to use gcry_pk_algo_info - directly. - (string_count_chr): New. - - * armor.c (parse_header_line): Use renamed function - length_sans_trailing_ws. - - * options.h, gpg.c: Option --strict is not used thus removed code - but kept option. - -2006-04-28 David Shaw (wk) - - * keyserver.c (direct_uri_map): New. - (keyserver_spawn): Used here to add "_uri" to certain gpgkeys_xxx - helpers when the meaning is different if a path is provided (i.e. - ldap). - (keyserver_import_cert): Show warning if there is a CERT - fingerprint, but no --keyserver set. - - * keyserver.c: Fix build problem with platforms that stick libcurl - in a place not in the regular include search path. - - * options.h, gpg.c (main): Add --enable-dsa2 and --disable-dsa2. - Defaults to disable. - - * pkclist.c (algo_available): If --enable-dsa2 is set, we're - allowed to truncate hashes to fit DSA keys. - - * sign.c (match_dsa_hash): New. Return the best match hash for a - given q size. - (do_sign, hash_for, sign_file): When signing with a DSA key, if it - has q==160, assume it is an old DSA key and don't allow truncation - unless --enable-dsa2 is also set. q!=160 always allows truncation - since they must be DSA2 keys. - (make_keysig_packet): If the user doesn't specify a - --cert-digest-algo, use match_dsa_hash to pick the best hash for - key signatures. - - * gpg.c (print_mds): Add SHA-224. - * armor.c (armor_filter, parse_hash_header): Add SHA-224. - - * sign.c (write_plaintext_packet): - Factor common literal packet setup code from here, to... - * encode.c (encode_simple): .. there. - - * main.h, plaintext.c (setup_plaintext_name): Here. New. Make sure - the literal packet filename field is UTF-8 encoded. - - * options.h, gpg.c (main): Make sure --set-filename is UTF-8 - encoded and note when filenames are already UTF-8. - - * keyedit.c (menu_backsign): Give some more verbose errors when we - have no need to backsign. - - * getkey.c (parse_auto_key_locate): Fix dupe-removal code. - - * keyedit.c (menu_backsign): Allow backsigning even if the secret - subkey doesn't have a binding signature. - - * armor.c (radix64_read): Don't report EOF when reading only a pad - (=) character. The EOF actually starts after the pad. - - * gpg.c (main): Make --export, --send-keys, --recv-keys, - --refresh-keys, and --fetch-keys follow their arguments from left - to right. Suggested by Peter Palfrader. - -2006-04-18 Werner Koch - - * tdbio.c (open_db, migrate_from_v2): Removed feature to migration - from old trustdb version 2. - - * gpg.c, mainproc.c: Removed pipemode feature. - - * status.c: Removed shared memory coprocess stuff - - Merged with current gpg 1.4.3 code. - - * keygen.c, keyid.c, misc.c, openfile.c, verify.c, trustdb.c - * textfilter.c, tdbio.c, tdbdump.c, status.c, skclist.c, signal.c - * sign.c, sig-check.c, seskey.c, seckey-cert.c, revoke.c - * pubkey-enc.c, progress.c, plaintext.c, pkclist.c, photoid.c - * passphrase.c, parse-packet.c, mdfilter.c, mainproc.c - * keyserver.c, keyring.c, keylist.c, keyedit.c, keydb.c, kbnode.c - * import.c, getkey.c, gpgv.c, helptext.c, free-packet.c - * build-packet.c, cipher.c, compress.c, dearmor.c, decrypt.c - * delkey.c, encr-data.c, encode.c, exec.c, export.c - * gpg.c, armor.c: Updated from gnupg-1.4.3 and merged back gcry and - gnupg-1.9 related changes. - * trustdb.h, tdbio.h, status.h, photoid.h, packet.h, options.h - * main.h, keyserver-internal.h, keyring.h, keydb.h, filter.h - * exec.h: Ditto. - * global.h: Removed after merging constants with gpg.h. - * comment.c, pipemode.c: Removed. - * card-util.c: Updated from gnupg-1.4.3. - * compress-bz2.c: New. - -2005-06-15 Werner Koch - - * g10.c (print_hashline, add_group): Fixes for signed/unsigned - pointer mismatch warnings. - -2005-06-01 Werner Koch - - * mkdtemp.c: Removed. - * exec.c: Include mkdtemp.h - -2004-12-21 Werner Koch - - * gpgv.c, g10.c (main): Use default_hoemdir (). - -2004-12-18 Werner Koch - - * gpg.h (map_assuan_err): Define in terms of - map_assuan_err_with_source. - -2004-12-15 Werner Koch - - * Makefile.am (LDADD): Remove ZLIBS. - -2004-10-22 Werner Koch - - * g10.c (main): Display a bit fat warning that this gpg should not - be used. - - * card-util.c (fetch_url): Disable for gnupg 1.9 - (card_generate_subkey): Ditto. - (card_store_subkey): Ditto. - -2004-09-30 Werner Koch - - * gpgv.c (i18n_init): Always use LC_ALL. - - * Makefile.am (LDADD): Adjusted for gettext 0.14. - -2004-09-20 Werner Koch - - * keyedit.c (show_key_with_all_names): Print the card S/N. - -2004-09-11 Moritz Schulte - - * openfile.c (copy_options_file): Fixed last commit (added a `+'). - -2004-08-31 Werner Koch - - * openfile.c (copy_options_file): Use gpg-conf.skel. Better take - the length of SKELEXT into account, someone might make it larger. - * Makefile.am: Install options.skel as gpg-conf.skel. - -2004-08-18 Marcus Brinkmann - - * passphrase.c (agent_get_passphrase): Fix detection of gpg-agent - cancellation. - -2004-07-01 Werner Koch - - * card-util.c (change_login): Kludge to allow reading data from a - file. - (card_edit): Pass ARG_STRING to change_login. - (card_status): Print CA fingerprints. - (change_cafpr): New. - (card_edit): New command CAFPR. - - * call-agent.h: Add members for CA fingerprints. - * call-agent.c (agent_release_card_info): Invalid them. - (learn_status_cb): Store them. - -2004-04-30 Werner Koch - - * g10.c (main) : Use gpg.conf and not /dev/null as - default filename. - -2004-04-28 Werner Koch - - * card-util.c (card_edit): Remove PIN verification. - (generate_card_keys): New arg SERIALNO. Do PIN verification here - after resetting forced_chv1. - -2004-04-26 Werner Koch - - * card-util.c (change_name): Check that the NAME is not too long. - (change_url): Likewise. - (change_login): Likewise. - -2004-03-23 Werner Koch - - * g10.c: New options --gpgconf-list, --debug-level and --log-file - (set_debug): Add arg DEBUG_LEVEL. - (main): Look at less and less version specific config files. From - gnupg 1.3. - -2004-02-17 Werner Koch - - * call-agent.c (start_agent): Ignore an empty GPG_AGENT_INFO. - * passphrase.c (agent_open): Ditto. - -2004-02-12 Werner Koch - - * gpgv.c: Removed g10defs.h. - - * Makefile.am: Include cmacros.am for common flags. - -2004-02-11 Werner Koch - - * openfile.c (try_make_homedir): Use GNUPG_DEFAULT_HOMEDIR. - * gpgv.c (main): Ditto. - * g10.c (main): Ditto. - -2004-01-19 Moritz Schulte - - * keygen.c (do_generate_keypair): Print member fname, instead of - newfname, again. - (do_generate_keypair): Don't try to execute certain pieces of code - in case an error occured. - (gen_card_key): Don't print out a message, which is already - printed by do_generate_keypair(). - -2004-01-18 Moritz Schulte - - * keygen.c (do_generate_keypair): Print member fname, instead of - newfname. - -2003-12-17 Werner Koch - - * card-util.c (print_name): Fixed bad format string usage. - (print_isoname): Ditto. - - * trustdb.c (check_regexp): s/exp/expr/. - - * keyedit.c (trustsig_prompt): Removed a "> 255" term; it is - always false due to the data type. - - * passphrase.c (agent_get_passphrase): Use xasprintf and avoid - non-literal format strings. - - * tdbio.c (upd_hashtable, drop_from_hashtable, lookup_hashtable): - Fixed log_error format string bugs. Kudos to the now working - gcc-3.3 -Wformat-nonliteral and Florian Weimer's investigations in - gnupg 1.2.3. - -2003-12-15 Werner Koch - - * seckey-cert.c (protect_secret_key): Use gry_create_nonce for the - IV; there is not need for real strong random here and it even - better protect the random bits used for the key. - -2003-11-16 Moritz Schulte - - * signal.c: Removed unused file. - -2003-11-10 Moritz Schulte - - * Makefile.am (INCLUDES): Added: @LIBGCRYPT_CFLAGS@. - -2003-10-25 Werner Koch - - * call-agent.c (learn_status_cb, scd_genkey_cb): Fixed faulty use - of !spacep(). - -2003-10-20 Werner Koch - - * card-util.c (card_edit): New command "passwd". Add logic to - check the PIN in advance. - (card_status): Add new args to return the serial number. Changed - all callers. - * call-agent.c (agent_scd_checkpin): New. - -2003-10-08 Werner Koch - - * call-agent.c (agent_scd_getattr): Don't clear the passed info - structure, so that it can indeed be updated. - - * card-util.c (fpr_is_zero): New. - (generate_card_keys): New. - (card_edit): New command "generate". - * keygen.c (generate_keypair): New arg CARD_SERIALNO, removed call - to check_smartcard. - (check_smartcard,show_smartcard): Removed. - (show_sha1_fpr,fpr_is_zero): Removed. - -2003-10-01 Werner Koch - - * card-util.c: Tweaked to use this source also under 1.3. - -2003-09-30 Werner Koch - - * keylist.c (print_card_serialno): New. - (list_keyblock_print): Use it here. - - * card-util.c (toggle_forcesig): New. - (card_edit): New command "forcesig". - - * card-util.c (print_name, print_isoname): Use 0 and not LF fro - the max_n arg of tty_print_utf8_string2. - - * call-agent.c (agent_scd_getattr): New. - (learn_status_cb): Release values before assignment so that it can - be used by getattr to update the structure. - - * card-util.c (change_pin): Simplified. We now have only a PIN - and an Admin PIN. - -2003-09-27 Werner Koch - - * sign.c (do_sign): Removed disabled testcode. - -2003-09-26 Timo Schulz - - * card_status (card_status): Do not use fputs since the fp - parameter can be NULL. This fixes a segv. - -2003-09-24 Werner Koch - - * card-util.c (print_isoname,card_status): Handle opt.with_colons. - (print_sha1_fpr_colon): New. - -2003-09-23 Werner Koch - - Merged most of David Shaw's changes in 1.3 since 2003-06-03. - - * Makefile.am: Include W32LIBS where appropriate. - - * armor.c (parse_hash_header,armor_filter): Drop TIGER/192 support. - * g10.c (print_hex,print_mds): Ditto. - * pkclist.c (algo_available): Ditto. - - * armor.c (armor_filter): Allow using --comment multiple times to - get multiple Comment header lines. --no-comments resets list. - * options.h, g10.c (main): Ditto. Deprecate --default-comment in - favor of --no-comments. - - * g10.c (main): Trim --help to commonly used options. Remove -f. - - * g10.c (main): Add --multifile as an alias to turn --encrypt into - --encrypt-files (plus --verify-files, --decrypt-files). Error out - if --multifile is used with the commands that don't support it yet. - - * encode.c (use_mdc), g10.c (main): Use RFC1991 and RFC2440 - directly to check for MDC usability. Do not set the force_mdc or - disable_mdc flags since there is no point any longer. - - * g10.c (main): Use "keyserver-url" instead of - "preferred-keyserver" for the sake of short and simple commands. - (add_keyserver_url): Clarify a few strings. It's a - "preferred keyserver URL". - * keyedit.c (keyedit_menu): Ditto. - * sign.c (mk_notation_policy_etc): Ditto. - - * main.h, keygen.c (keygen_add_keyserver_url): Signature callback - for adding a keyserver URL. - * keyedit.c (keyedit_menu, menu_set_keyserver_url): New command to - set preferred keyserver to specified (or all) user IDs. - * build-packet.c (build_sig_subpkt): Set preferred keyserver flag - while building a preferred keyserver subpacket. - - * keylist.c (show_policy_url, show_keyserver_url): URLs might be - UTF8. - - * keyedit.c (menu_addrevoker): Fix leaking a few bytes. - - * keyedit.c (show_key_with_all_names): Use list-option - show-long-keyid in main --edit-key display. - - * keyedit.c (print_and_check_one_sig): Use list-option - show-long-keyid in --edit-key "check" function. - - * passphrase.c (agent_send_all_options): Make use of $GPG_TTY. - - * g10.c (main): Disable use-agent if passphrase-fd is given - later. Suggested by Kurt Garloff. - - * exec.c, g10.c, gpgv.c, passphrase.c, photoid.c: - s/__MINGW32__/_WIN32/ to help building on native Windows - compilers. Requested by Brian Gladman. From Werner on stable - branch. - - * options.h, g10.c (main): Add list-option - list-preferred-keyserver. - - * keyedit.c (change_passphrase): When responding 'no' to the blank - passphrase question, re-prompt for a new passphrase. This is bug - #202. - - * mainproc.c (check_sig_and_print): Use two different preferred - keyserver displays - one if the key is not present (to tell the - user where to get the key), the other if it is present (to tell - the user where the key can be refreshed). - - * packet.h, parse-packet.c (parse_signature): Set flag if a - preferred keyserver is present. - - * keylist.c (list_keyblock_print): Show keyserver url in listings - with list-option show-keyserver-url. - - * mainproc.c (check_sig_and_print): Get the uid validity before - printing any sig results to avoid munging the output with trustdb - warnings. - - * g10.c (main): Don't include --show-keyring in --help as it is - deprecated. - - * options.skel: Note that keyserver.pgp.com isn't synchronized, - and explain the roundrobin a bit better. - - * sig-check.c (check_key_signature2), import.c (import_one, - import_revoke_cert, chk_self_sigs, delete_inv_parts, - collapse_uids, merge_blocks): Make much quieter during import of - slightly munged, but recoverable, keys. Use log_error for - unrecoverable import failures. - - * keyring.c (keyring_rebuild_cache): Comment. - - * sign.c (mk_notation_and_policy): Making a v3 signature with - notations or policy urls is an error, not an info (i.e. increment - the errorcount). Don't print the notation or policy url to stdout - since it can be mixed into the output stream when piping and munge - the stream. - - * packet.h, sig-check.c (signature_check2, do_check, - do_check_messages): Provide a signing-key-is-revoked flag. Change - all callers. - - * status.h, status.c (get_status_string): New REVKEYSIG status tag - for a good signature from a revoked key. - - * mainproc.c (do_check_sig, check_sig_and_print): Use it here. - - * import.c (import_revoke_cert, merge_blocks, merge_sigs): Compare - actual signatures on import rather than using keyid or class - matching. This does not change actual behavior with a key, but - does mean that all sigs are imported whether they will be used or - not. - - * parse-packet.c (parse_signature): Don't give "signature packet - without xxxx" warnings for experimental pk algorithms. An - experimental algorithm may not have a notion of (for example) a - keyid (i.e. PGP's x.509 stuff). - - * options.h, g10.c (main), keylist.c (list_keyblock_print), - keyedit.c (print_and_check_one_sig): New "show-sig-expire" - list-option to show signature expiration dates (if any). - - * options.h, g10.c (main, add_keyserver_url): Add - --sig-preferred-keyserver to implant a "where to get my key" - subpacket into a signature. - - * sign.c (mk_notation_and_policy): Rename to - mk_notation_policy_etc and add preferred keyserver support for - signatures. - - * keygen.c (do_add_key_flags): Don't set the certify flag for - subkeys. - (ask_algo): Provide key flags for DSA, Elgamal_e, and Elgamal - subkeys. - (generate_keypair): Provide key flags for the default DSA/Elgamal - keys. - - * sig-check.c (signature_check, signature_check2, - check_key_signature, check_key_signature2): Allow passing NULLs - for unused parameters in the x2 form of each function to avoid the - need for dummy variables. getkey.c, mainproc.c: Change all - callers. - - * trustdb.h, trustdb.c (read_trust_options): New. Returns items - from the trustdb version record. - * keylist.c (public_key_list): Use it here for the new "tru" - record. - * gpgv.c (read_trust_options): Stub. - - * keyedit.c (show_key_with_all_names): Use list-option - show-validity in --edit-key interface as well. - - * options.h, g10.c (main), mainproc.c (check_sig_and_print): Add - verify-options "show-validity" and "show-long-keyid" to show - trustdb validity and long keyids during (file) signature - verification. - - * packet.h, main.h, sig-check.c (signature_check2) - (check_key_signature2, do_check): If ret_pk is set, fill in the pk - used to verify the signature. Change all callers in getkey.c, - mainproc.c, and sig-check.c. - - * keylist.c (list_keyblock_colon): Use the ret_pk from above to - put the fingerprint of the signing key in "sig" records during a - --with-colons --check-sigs. This requires --no-sig-cache as well - since we don't cache fingerprints. - - * parse-packet.c (parse_signature): No need to reserve 8 bytes for - the unhashed signature cache any longer. - - * misc.c (pct_expando): Add two new expandos - signer's - fingerprint (%g), and signer's primary fingerprint (%p). - - * g10.c (main): Add --rfc2440 alias for --openpgp since in a few - months, they won't be the same thing. - - * keyserver.c (parse_keyserver_uri): Accept "http" as an alias for - "hkp", since it is occasionally written that way. - (keyserver_spawn): Use ascii_isspace to avoid locale issues. - - * keygen.c (ask_user_id): Make --allow-freeform-uid apply to the - email field as well as the name field, and allow mixing fields - when it is set. - - * trustdb.c (validate_one_keyblock): Certifications on revoked or - expired uids do not count in the web of trust. - - * signal.c (init_one_signal, pause_on_sigusr, do_block): Only use - sigprocmask() if we have sigset_t, and only use sigaction() if we - have struct sigaction. This is for Forte c89 on Solaris which - seems to define only the function call half of the two pairs by - default. - (pause_on_sigusr): Typo. - (do_block): If we can't use sigprocmask() and sigset_t, try to get - the number of signals from NSIG as well as MAXSIG, and if we - can't, fail with an explanation. - - * signal.c, tdbio.c: Comment out the transaction code. It was not - used in this version, and was causing some build problems on - quasi-posix platforms (Solaris and Forte c89). - - * keylist.c (list_keyblock_colon): Don't include validity values - when listing secret keys since they can be incorrect and/or - misleading. This is a temporary kludge, and will be handled - properly in 1.9/2.0. - - * mainproc.c (check_sig_and_print): Only show the "key available - from" preferred keyserver line if the key is not currently - present. - - * keyedit.c (sign_uids): Do not sign expired uids without --expert - (same behavior as revoked uids). Do not allow signing a user ID - without a self-signature. --expert overrides. Add additional - prompt to the signature level question. - (menu_expire): When changing expiration dates, don't replace - selfsigs on revoked uids since this would effectively unrevoke - them. There is also no point in replacing expired selfsigs. This - is bug #181 - - * g10.c (add_notation_data): Make sure that only ascii is passed - to iscntrl. Noted by Christian Biere. - * getkey.c (classify_user_id2): Replaced isspace by spacep - * keygen.c (ask_user_id): Ditto. - (get_parameter_algo): Ditto. - * keyedit.c (keyedit_menu): Ditto. - * tdbdump.c (import_ownertrust): Ditto. s/isxdigit/hexdigitp/. - * revoke.c (ask_revocation_reason): - * keyserver.c (keyserver_spawn): Dito. - - * parse-packet.c (parse): Disallow old style partial length for - all key material packets to avoid possible corruption of keyrings. - - * import.c (import_keys_internal): Invalidate the cache so that - the file descriptor gets closed. Fixes bug reported by Juan - F. Codagnone. - - * options.h, g10.c (main), main.h, keylist.c (show_keyserver_url), - mainproc.c (check_sig_and_print), parse-packet.c (dump_sig_subpkt, - parse_one_sig_subpkt, can_handle_critical): Add read-only support - for preferred keyserver subpackets. They're basically policy URLs - with a different name. Add a verify-option - "show-preferred-keyserver" to turn them on and off (on by default, - as per stable branch). - - * g10.c (main): Add "--set-notation" as alias to "--notation-data" - this is to make things consistent with --set-policy-url meaning - both sigs and certs. - - * options.h, g10.c (main), keylist.c (list_keyblock_print): Add - "show-validity" and "show-long-keyid" list-options. - - * gpgv.c (get_validity, trust_value_to_string): Stubs. - - * g10.c (main): Use SAFE_VERSION instead of VERSION in the - version-specific gpg.conf file so it can be overridden on RISCOS. - - * keyedit.c (show_key_with_all_names): Fix assertion failure when - using toggle to see a secret key. Reported by Maxim Britov. - - -2003-09-22 Timo Schulz - - * card-util.c (card_status): Free pk in case of an error - and return if the card is no OpenPGP card. - -2003-09-18 Werner Koch - - * g10.c: New command --card-edit. - * card-util.c (card_status): Use tty_fprintf for all output. - (print_sha1_fpr, print_isoname): Ditto. - (get_one_name,change_name, change_url, change_login,change_lang) - (change_sex): New; taken from keygen.c. - * keygen.c (smartcard_get_one_name, smartcard_change_name) - (smartcard_change_url, smartcard_change_login_data) - (smartcard_change_lang, smartcard_change_sex): Removed. - (check_smartcard): Removed most menu items. - -2003-09-06 Werner Koch - - * misc.c (openpgp_pk_algo_usage): Allow AUTH where SIGN is allowed. - - * keygen.c (ask_passphrase): No need to allocated S2K in secure - memory. - -2003-09-04 Werner Koch - - * keygen.c (do_add_key_flags, parse_parameter_usage) - (do_generate_keypair): Add support the proposed AUTH key flag. - * getkey.c (fixup_uidnode, merge_selfsigs_main) - (merge_selfsigs_subkey, premerge_public_with_secret): Ditto. - * keylist.c (print_capabilities): Ditto. - -2003-08-25 Timo Schulz - - * pkglue.c (mpi_from_sexp): New. Used to factor out - some common code. - -2003-08-24 Werner Koch - - * keygen.c (do_generate_keypair): Print a reminder to use --gen-revoke. - -2003-08-18 Timo Schulz - - * encode.c (encode_sesskey): Checked the code and removed - the warning since all compatibility checks with PGP succeeded. - * mainproc.c (symkey_decrypt_sesskey): Better check for the - algorithm and check the return values of some functions. - * mdc.c (use_mdc): Simplified. - -2003-08-07 Werner Koch - - * pkglue.c (pk_sign): Fix last change. - (pk_verify): Check for valid DATA array so that we don't segv in - Libgcrypt. - (pk_verify): Ditto. - -2003-08-06 Werner Koch - - * pkglue.c (pk_sign): Allow signing using RSA. - -2003-08-05 Werner Koch - - * Makefile.am (install-data-local): Dropped check for the ancient - gpgm tool. - (bin_PROGRAMS): Renamed gpg to gpg2 and gpgv to gpgv2. This is so - that it won't conflict with the current stable version of gpg. - - * pkglue.c (pk_check_secret_key): New. - * seckey-cert.c (do_check): Reenable this test here again. - - * g10.c (main): Add command -K as an alias for - --list-secret-keys. Command "-k" is now an alias to --list-keys. - Remove special treatment of -kv and -kvv. - (set_cmd): Ditto. - (main): Strip a "-cvs" suffix when testing for a version specific - config file. - - * status.h, status.c, g10.c [USE_SHM_COPROCESSING]: Removed. This - is not any longer available. - -2003-07-29 Werner Koch - - * g10.c (main): Add secmem features and set the random seed file. - (g10_exit): Update the random seed file. - - * parse-packet.c (parse_signature,read_protected_v3_mpi) - (parse_key): Fixed use of mpi_set_opaque. - * keygen.c (gen_card_key): Ditto. - -2003-07-28 Werner Koch - - * status.c (progress_cb): Adjusted for use with Libcgrypt. - (set_status_fd): Register that callback. - - * keygen.c (smartcard_change_login_data): New. - (smartcard_change_lang): New. - (smartcard_change_sex): New. - (check_smartcard): Add menu entries to edit the above. - (gen_elg,gen_dsa,gen_rsa): Reimplemented in terms of Libgcrypt. - (genhelp_protect, genhelp_factors, key_from_sexp): New. - * comment.c (make_comment_node_from_buffer): New. - (make_comment_node): Reimplemented in terms of above. - -2003-07-27 Werner Koch - - Adjusted for gcry_mpi_print and gcry_mpi_scan API change. - -2003-07-24 Werner Koch - - * g10.c: New command --card-status. - * card-util.c (card_status): New. - * call-agent.c (learn_status_cb): Parse more information. - - * keylist.c (print_pubkey_info): Add FP arg for optional printing - to a stream. Changed all callers. - -2003-07-23 Werner Koch - - * keygen.c (generate_keypair): Create an AUTHKEYTYPE entry for cards. - (do_generate_keypair): Abd generate the authkey. - (check_smartcard): Changed menu accordingly. - -2003-07-22 Werner Koch - - * g10.c: New command --change-pin. - * card-util.c: New. - * call-agent.c (agent_scd_change_pin): New. - (agent_release_card_info): New. - * keygen.c (check_smartcard): Use it here. - -2003-07-16 Werner Koch - - * export.c (parse_export_options): New option sexp-format. - (export_seckeys,export_secsubkeys): Check sexp-format option. - (do_export): Ignore armor for sexp format. - (do_export_stream): Handle sexp-format. - (write_sexp_line,write_sexp_keyparm, build_sexp_seckey): New. - (build_sexp): New. - -2003-07-03 Werner Koch - - * options.h (DBG_CIPHER): Reintroduced it. - * seskey.c (encode_session_key): Debug output of the session key. - - * pubkey-enc.c (get_it): Handle card case. - * call-agent.c (agent_scd_pkdecrypt): New. - * pkglue.c (pk_encrypt): Add RSA support. - - * g10.c (main): Default to --use-agent. - - * keygen.c (show_smartcard): Print info about the public key. - (check_smartcard): Check for existing key here. - (gen_card_key): And not anymore here. - (fpr_is_zero): New. - (generate_keypair): Generate both keys for a card. - (smartcard_change_url): Nw. - -2003-07-02 Werner Koch - - * seckey-cert.c (is_secret_key_protected): Let it handle mode 1002. - -2003-07-01 Werner Koch - - * keygen.c (gen_card_key): Obviously we should use the creation - date received from SCDAEMON, so that the fingerprints will match. - * sign.c (do_sign): Pass the serialno to the sign code. - * keyid.c (serialno_and_fpr_from_sk): New. - -2003-06-30 Werner Koch - - * call-agent.h (agent_card_info_s): Add field serialno. - * call-agent.c (store_serialno): New. - (learn_status_cb): Store the serial number. - * keygen.c (gen_card_key): Store the serial number - (check_smartcard): New argument to return the serial number. - (generate_keypair): Get the serial number from check_smartcard and - store it as a parameter. - * parse-packet.c (parse_key): Use the protect.iv field to store the - serial number. - * build-packet.c (do_secret_key): Write the serial number. - -2003-06-27 Werner Koch - - * seckey-cert.c (check_secret_key): Bypass the unprotection for - mode 1002. - * sign.c (do_sign): Handle card case (i.e. mode 1002). - -2003-06-26 Werner Koch - - * build-packet.c (do_secret_key): Implement special protection - mode 1002. - * parse-packet.c (parse_key): Likewise. - - * keygen.c (smartcard_gen_key): New. - * call-agent.c (agent_scd_setattr): New. - -2003-06-24 Werner Koch - - * Makefile.am: Removed signal.c - - * g10.c (emergency_cleanup): New. - (main): Use gnupg_init_signals and register malloc for assuan. - -2003-06-23 Werner Koch - - * keyid.c (do_fingerprint_md): Made it work again. - -2003-06-19 Werner Koch - - Fixed all "==" comparisons against error code constants to use - gpg_err_code(). - - * import.c (import_secret_one): - (import_revoke_cert): - (chk_self_sigs): - - * misc.c (openpgp_md_map_name): Check also for the Hx format. - (openpgp_cipher_map_name): Check also for the Sx format. - (pubkey_get_npkey): Adjusted for changed gcrypt API. - (pubkey_get_nskey): Ditto. - (pubkey_get_nsig): Ditto. - (pubkey_get_nenc): Ditto. - -2003-06-18 Werner Koch - - Finished the bulk of changes for gnupg 1.9. This included - switching to libgcrypt functions, using shared error codes from - libgpg-error, replacing the old functions we used to have in - ../util by those in ../jnlib and ../common, renaming the malloc - functions and a couple of types. Note, that not all changes are - listed below becuause they are too similar and done at far too - many places. As of today the code builds using the current - libgcrypt from CVS but it is very unlikely that it actually works. - - * sig-check.c (cmp_help): Removed. Was never used. - - * pkglue.c: New. Most stuff taken from gnupg 1.1.2. - * pkglue.h: New. - - * misc.c (pull_in_libs): Removed. - - * keygen.c (count_chr): New. - (ask_user_id): Removed faked RNG support. - - * misc.c (openpgp_md_map_name,openpgp_cipher_map_name) - (openpgp_pk_map_name): New. - - * skclist.c (build_sk_list): Removed faked RNG support. - (is_insecure): Removed. - - * comment.c (make_mpi_comment_node): Use gcry MPI print function. - - * keyid.c (v3_keyid): New. - - * misc.c (mpi_write,mpi_write_opaque,mpi_read,mpi_read_opaque) - (mpi_print): New. Taken from gnupg 1.1.2. - (checksum_mpi): Replaced by implementation from 1.1.2. - - * g10.c (my_strusage): Renamed from strusage and return NULL - instead calling a default function. - (add_to_strlist2): New. Taken from ../util/strgutil.c of gnupg 1.2. - - * plaintext.c (handle_plaintext): New arg CREATE_FILE to cope with - the fact that gpg-error does not have this error code anymore. - - * mainproc.c (symkey_decrypt_sesskey): Ditto. - - * seskey.c (make_session_key): Adjusted for use with libgcrypt. - (encode_session_key): Ditto. - (do_encode_md): Ditto. - (encode_md_value): Ditto. - - * keyring.c: Use libgpg-error instead of READ_ERROR etc. - - * g10.c: Adjusted all algorithm name/id mapping functions. - (set_debug): Pass MPI and CRYPTO debug values to libgcrypt. - - * Makefile.am (INCLUDES): Define LOCALEDIR and the default error - source. - - * g10.c (i18n_init): s/G10_LOCALEDIR/LOCALEDIR/. - - Renamed m_alloc et al to xmalloc et al. - s/g10_errstr/gpg_strerror/ - s/MPI/gcry_mpi_t/ - Adjusted all md_open calls to the libgcrypt API. - - * build-packet.c (do_comment): Return error code from iobuf write - function. - (do_user_id): Ditto. - (do_public_key): Ditto. - - * Makefile.am: Add new files, link gpg with libgpg-error. - * g10.c, options.h: New option --agent-program. - * call-agent.c: New. - * gpg.h, call-agent.h: New. - -2003-06-03 David Shaw - - * options.h, g10.c (main), keylist.c (list_keyblock_print): Add - "show-validity" and "show-long-keyid" list-options. - - * gpgv.c (get_validity, trust_value_to_string): Stubs. - - * g10.c (main): Use SAFE_VERSION instead of VERSION in the - version-specific gpg.conf file so it can be overridden on RISCOS. - -2003-06-01 David Shaw - - * g10.c (main), keylist.c (show_policy_url, show_notation), - mainproc.c (check_sig_and_print): Emulate the old policy and - notation behavior (display by default). Send to status-fd whether - it is displayed on the screen or not. - - * g10.c (main): Since we now have some options in devel that won't - work in a stable branch gpg.conf file, try for a version-specific - gpg.conf-VERSION file before falling back to gpg.conf. - - * main.h, options.h: Move various option flags to options.h. - -2003-05-31 David Shaw - - * mainproc.c (check_sig_and_print), main.h, keylist.c - (show_policy, show_notation): Collapse the old print_notation_data - into show_policy() and show_notation() so there is only one - function to print notations and policy URLs. - - * options.h, main.h, g10.c (main), keyedit.c - (print_and_check_one_sig), keylist.c (list_one, - list_keyblock_print), pkclist.c (do_edit_ownertrust), sign.c - (mk_notation_and_policy): New "list-options" and "verify-options" - commands. These replace the existing - --show-photos/--no-show-photos, - --show-notation/--no-show-notation, - --show-policy-url/--no-show-policy-url, and --show-keyring - options. The new method is more flexible since a user can specify - (for example) showing photos during sig verification, but not in - key listings. The old options are emulated. - - * main.h, misc.c (parse_options): New general option line - parser. Fix the bug in the old version that did not handle report - syntax errors after a valid entry. - - * import.c (parse_import_options), export.c - (parse_export_options): Call it here instead of duplicating the - code. - -2003-05-30 David Shaw - - * keylist.c (list_one): Don't show the keyring filename when in - --with-colons mode. Actually translate "Keyring" string. - - * mainproc.c (proc_tree): We can't currently handle multiple - signatures of different classes or digests (we'd pretty much have - to run a different hash context for each), but if they are all the - same, make an exception. This is Debian bug #194292. - - * sig-check.c (check_key_signature2): Make string translatable. - - * packet.h, getkey.c (fixup_uidnode): Mark real primary uids - differently than assumed primaries. - - * keyedit.c (no_primary_warning): Use the differently marked - primaries here in a new function to warn when an --edit-key - command might rearrange the self-sig dates enough to change which - uid is primary. - (menu_expire, menu_set_preferences): Use no_primary_warning() - here. - - * Makefile.am: Use @DLLIBS@ for -ldl. - -2003-05-26 David Shaw - - * getkey.c (premerge_public_with_secret): Made "no secret subkey - for" warning a verbose item and translatable. (From wk on stable - branch) - - * sig-check.c (check_key_signature2): Made "no subkey for subkey - binding packet" a verbose item instead of a !quiet one. There are - too many garbled keys out in the wild. (From wk on stable branch) - - * filter.h: Remove const from WHAT. (From wk on stable branch) - - * progress.c (handle_progress): Store a copy of - NAME. (progress_filter): Release WHAT, make sure not to print a - NULL WHAT. (From wk on stable branch) - - * openfile.c (open_sigfile): Adjust free for new progress - semantics. (From wk on stable branch) - - * plaintext.c (ask_for_detached_datafile): Don't dealloc - pfx->WHAT. (From wk on stable branch) - - * seckey-cert.c (do_check): Issue the RSA_OR_IDEA status when the - cipher algo is IDEA to make it easier to track down the - problem. (From twoaday on stable branch) - -2003-05-24 David Shaw - - * armor.c, g10.c, kbnode.c, misc.c, pkclist.c, sign.c, - build-packet.c, getkey.c, keydb.c, openfile.c, plaintext.c, - status.c, gpgv.c, keygen.c, options.h, sig-check.c, tdbio.h, - encode.c, mainproc.c, parse-packet.c, signal.c, textfilter.c: Edit - all preprocessor instructions to remove whitespace before the '#'. - This is not required by C89, but there are some compilers out - there that don't like it. - -2003-05-21 David Shaw - - * trustdb.h, trustdb.c (is_disabled), gpgv.c (is_disabled): Rename - is_disabled to cache_disabled_value, which now takes a pk and not - just the keyid. This is for speed since there is no need to - re-fetch a key when we already have that key handy. Cache the - result of the check so we don't need to hit the trustdb more than - once. - - * getkey.c (skip_disabled): New function to get a pk and call - is_disabled on it. (key_byname): Use it here. - - * packet.h, getkey.c (skip_disabled), keylist.c - (print_capabilities): New "pk_is_disabled" macro to retrieve the - cached disabled value if available, and fill it in via - cache_disabled_value if not available. - - * trustdb.c (get_validity): Cache the disabled value since we have - it handy and it might be useful later. - - * parse-packet.c (parse_key): Clear disabled flag when parsing a - new key. Just in case someone forgets to clear the whole key. - - * getkey.c (merge_selfsigs_main): Add an "if all else fails" path - for setting a single user ID primary when there are multiple set - primaries all at the same second, or no primaries set and the most - recent user IDs are at the same second, or no signed user IDs at - all. This is arbitrary, but deterministic. - - * exec.h, photoid.h: Add copyright message. - - * keylist.c (list_keyblock_print): Don't dump attribs for - revoked/expired/etc uids for non-colon key listings. This is for - consistency with --show-photos. - - * main.h, keylist.c (dump_attribs), mainproc.c - (check_sig_and_print): Dump attribs if --attrib-fd is set when - verifying signatures. - - * g10.c (main): New --gnupg option to disable the various - --openpgp, --pgpX, etc. options. This is the same as --no-XXXX - for those options. - - * revoke.c (ask_revocation_reason): Clear old reason if user - elects to repeat question. This is bug 153. - - * keyedit.c (sign_uids): Show keyid of the key making the - signature. - -2003-05-21 Werner Koch - - * progress.c (handle_progress) - * sign.c (write_plaintext_packet) - * encode.c (encode_simple,encode_crypt): Make sure that a filename - of "-" is considered to be stdin so that iobuf_get_filelength - won't get called. This fixes bug 156 reported by Gregery Barton. - -2003-05-02 David Shaw - - * packet.h, build-packet.c (build_sig_subpkt), export.c - (do_export_stream), import.c (remove_bad_stuff, import), - parse-packet.c (dump_sig_subpkt, parse_one_sig_subpkt): Remove - vestigal code for the old sig cache subpacket. This wasn't - completely harmless as it caused subpacket 101 to disappear on - import and export. - - * options.h, armor.c, cipher.c, g10.c, keyedit.c, pkclist.c, - sign.c, encode.c, getkey.c, revoke.c: The current flags for - different levels of PGP-ness are massively complex. This is step - one in simplifying them. No functional change yet, just use a - macro to check for compliance level. - - * sign.c (sign_file): Fix bug that causes spurious compression - preference warning. - - * sign.c (clearsign_file): Fix bug that prevents proper warning - message from appearing when clearsigning in --pgp2 mode with a - non-v3 RSA key. - - * main.h, misc.c (compliance_option_string, compliance_string, - compliance_failure), pkclist.c (build_pk_list), sign.c (sign_file, - clearsign_file), encode.c (encode_crypt, - write_pubkey_enc_from_list): New functions to put the "this - message may not be usable...." warning in one place. - - * options.h, g10.c (main): Part two of the simplification. Use a - single enum to indicate what we are compliant to (1991, 2440, - PGPx, etc.) - - * g10.c (main): Show errors for failure in export, send-keys, - recv-keys, and refresh-keys. - - * options.h, g10.c (main): Give algorithm warnings for algorithms - chosen against the --pgpX and --openpgp rules. - - * keydb.h, pkclist.c (algo_available): Make TIGER192 invalid in - --openpgp mode. - - * sign.c (sign_file), pkclist.c (algo_available): Allow passing a - hint of 0. - -2003-05-01 David Shaw - - * tdbio.c (create_version_record): Only create new trustdbs with - TM_CLASSIC or TM_PGP. - - * trustdb.h, trustdb.c (trust_string, get_ownertrust_string, - get_validity_string, ask_ownertrust, validate_keys), pkclist.c - (do_edit_ownertrust): Rename trust_string to trust_value_to_string - for naming consistency. - - * trustdb.h, trustdb.c (string_to_trust_value): New function to - translate a string to a trust value. - - * g10.c (main): Use string_to_trust_value here for - --force-ownertrust. - - * options.h, g10.c (main), trustdb.c (trust_model_string, - init_trustdb, check_trustdb, update_trustdb, get_validity, - validate_one_keyblock): An "OpenPGP" trust model is misleading - since there is no official OpenPGP trust model. Use "PGP" - instead. - -2003-04-30 David Shaw - - * build-packet.c (build_sig_subpkt): Comments. - - * exec.c (exec_write): Cast NULL to void* to properly terminate - varargs list. - - * keyedit.c (show_key_with_all_names): Just for safety, catch an - invalid pk algorithm. - - * sign.c (make_keysig_packet): Crucial that the call to mksubpkt - comes LAST before the calls to finalize the sig as that makes it - possible for the mksubpkt function to get a reliable pointer to - the subpacket area. - - * pkclist.c (do_we_trust_pre): If an untrusted key was chosen by a - particular user ID, use that ID as the one to ask about when - prompting whether to use the key anyway. - (build_pk_list): Similar change here when adding keys to the - recipient list. - - * trustdb.c (update_validity): Fix bug that prevented more than - one validity record per trust record. - (get_validity): When retrieving validity for a (user) supplied - user ID, return the validity for that user ID only, and do not - fall back to the general key validity. - (validate_one_keyblock): Some commentary on whether - non-self-signed user IDs belong in the web of trust (arguably, - they do). - -2003-04-27 David Shaw - - * g10.c (main): Add --no-textmode. - - * export.c (do_export_stream), keyedit.c (show_key_with_all_names, - menu_addrevoker), mainproc.c (check_sig_and_print), photoid.c - (show_photos), sign.c (mk_notation_and_policy), trustdb.c - (get_validity, reset_trust_records, validate_keys): Make some - strings translatable. - - * mainproc.c (check_sig_and_print): Show digest algorithm and sig - class when verifying a sig with --verbose on, and add version, pk - and hash algorithms and sig class to VALIDSIG. - - * parse-packet.c (enum_sig_subpkt): Make a warning message a - --verbose warning message since we don't need to warn every time - we see an unknown critical (we only need to invalidate the - signature). - - * trustdb.c (init_trustdb): Check the trustdb options even with - TM_AUTO since the auto may become TM_CLASSIC or TM_OPENPGP. - -2003-04-26 David Shaw - - * sign.c (do_sign): Show the hash used when making a signature in - verbose mode. - - * tdbio.h, tdbio.c (tdbio_read_model): New function to return the - trust model used in a given trustdb. - - * options.h, g10.c (main), trustdb.c (init_trustdb, check_trustdb, - update_trustdb): Use tdbio_read_model to implement an "auto" trust - model which is set via the trustdb. - -2003-04-23 David Shaw - - * import.c (import_revoke_cert): Remove ultimate trust when - revoking an ultimately trusted key. - - * keyedit.c (sign_uids): Allow replacing expired signatures. - Allow duplicate signatures with --expert. - - * pkclist.c (check_signatures_trust): Don't display a null - fingerprint when checking a signature with --always-trust enabled. - - * filter.h (progress_filter_context_t), progress.c - (handle_progress), plaintext.c (ask_for_detached_datafile, - hash_datafiles): Fix compiler warnings. Make "what" constant. - - * build-packet.c (do_plaintext): Do not create invalid literal - packets with >255-byte names. - -2003-04-15 Werner Koch - - * Makefile.am (AM_CFLAGS): Make use of AM_CFLAGS and AM_LDFLAGS. - - * g10.c, options.h: New option --enable-progress-filter. - * progress.c (handle_progress): Make use of it. - -2003-04-15 Marcus Brinkmann - - * progress.c: New file. - * Makefile.am (common_source): Add progress.c. - * filter.h (progress_filter_context_t): New type. - (progress_filter, handle_progress): New prototypes. - * main.h (open_sigfile): New argument for prototype. - * openfile.c (open_sigfile): New argument to install progress - filter. - * encode.c (encode_simple): New variable PFX. Register - progress filter. Install text_filter after that. - (encode_crypt): Likewise. - * sign.c (sign_file): Likewise. - (clearsign_file): Likewise. - * decrypt.c (decrypt_message): Likewise. - (decrypt_messages): Likewise. - * verify.c (verify_signatures): Likewise. - (verify_one_file): Likewise. - * plaintext.c (hash_datafiles): Likewise. - (ask_for_detached_datafile): Likewise. - -2003-04-10 Werner Koch - - * passphrase.c (read_passphrase_from_fd): Do a dummy read if the - agent is to be used. Noted by Ingo Klöcker. - (agent_get_passphrase): Inhibit caching when we have no - fingerprint. This is required for key generation as well as for - symmetric only encryption. - - * passphrase .c (agent_get_passphrase): New arg CANCELED. - (passphrase_to_dek): Ditto. Passed to above. Changed all - callers to pass NULL. - * seckey-cert.c (do_check): New arg CANCELED. - (check_secret_key): Terminate loop when canceled. - - * keyedit.c (change_passphrase): Pass ERRTEXT untranslated to - passphrase_to_dek and translate where appropriate. - * seckey-cert.c (check_secret_key): Ditto. - * keygen.c (ask_passphrase): Ditto. - * passphrase.c (agent_get_passphrase): Translate the TRYAGAIN_TEXT. - Switch the codeset to utf-8. - -2003-04-09 Werner Koch - - * decrypt.c (decrypt_messages): Fixed error handling; the function - used to re-loop with same file after an error. Reported by Joseph - Walton. - -2003-04-08 David Shaw - - * main.h, g10.c (main), import.c (parse_import_options, - fix_pks_corruption): It's really PKS corruption, not HKP - corruption. Keep the old repair-hkp-subkey-bug command as an - alias. - - * g10.c (main): Rename --no-version to --no-emit-version for - consistency. Keep --no-version as an alias. - -2003-04-04 David Shaw - - * pkclist.c (algo_available): PGP 8 can use the SHA-256 hash. - - * sign.c (sign_file, clearsign_file, sign_symencrypt_file): Remove - unused code. - -2003-04-01 Werner Koch - - * mainproc.c (check_sig_and_print): Add primary key fpr to VALIDSIG - status. - -2003-03-24 David Shaw - - * keydb.h: Err on the side of making an unknown signature a SIG - rather than a CERT. - - * import.c (delete_inv_parts): Discard any key signatures that - aren't key types (i.e. 0x00, 0x01, etc.) - - * g10.c (main): Add deprecated option warning for - --list-ownertrust. Add --compression-algo alias for - --compress-algo. Change --version output strings to match - "showpref" strings, and make translatable. - - * status.c (do_get_from_fd): Accept 'y' as well as 'Y' for - --command-fd boolean input. - - * trustdb.c: Fix typo (DISABLE_REGEXP -> DISABLE_REGEX) - - * keyedit.c (show_key_with_all_names_colon): Show no-ks-modify - flag. - -2003-03-11 David Shaw - - * options.h, g10.c (main), keyserver.c (kopts): Add "try-dns-srv" - keyserver option. Defaults to on. - - * passphrase.c (agent_get_passphrase): Fix memory leak with - symmetric messages. Fix segfault with symmetric messages. Fix - incorrect prompt with symmetric messages. - -2003-03-10 Werner Koch - - * compress.c (init_uncompress): Use a 15 bit window size so that - the output of implementations which don't run for PGP 2 - compatibility won't get garbled. - -2003-03-04 David Shaw - - * trustdb.c (validate_keys): Mask the ownertrust when building the - list of fully valid keys so that disabled keys are still counted - in the web of trust. - (get_ownertrust_with_min): Do the same for the minimum ownertrust - calculation. - - * parse-packet.c (dump_sig_subpkt): Show the notation names for - not-human-readable notations. Fix cosmetic off-by-one length - counter. - - * options.skel: Add explantion and commented-out - "no-mangle-dos-filenames". - - * mainproc.c (proc_encrypted): Make string translatable. - - * keyserver.c (keyserver_spawn): Quote ':', '%', and any 8-bit - characters in the uid strings sent to the keyserver helper. - - * keyring.c (keyring_rebuild_cache): Lock the keyring while - rebuilding the signature caches to prevent another gpg from - tampering with the temporary copy. - - * keygen.c (keygen_set_std_prefs): Include AES192 and AES256 in - default prefs. - - * keyedit.c (show_prefs): Make strings translatable. - - * keydb.c: Double the maximum number of keyrings to 40. - - * gpgv.c (main): Fix bug #113 - gpgv should accept the - --ignore-time-conflict option. - - * g10.c (main): --openpgp disables --pgpX. Double the amount of - secure memory to 32k (keys are getting bigger these days). - - * Makefile.am: Makefile.am: Use @CAPLIBS@ to link in -lcap if we - are using capabilities. - -2003-02-26 David Shaw - - * keyserver.c (keyserver_spawn): Include various pieces of - information about the key in the data sent to the keyserver - helper. This allows the helper to use it in instructing a remote - server which may not have any actual OpenPGP smarts in parsing - keys. - - * main.h, export.c (export_pubkeys_stream, do_export_stream): Add - ability to return only the first match in an exported keyblock for - keyserver usage. This should be replaced at some point with a - more flexible solution where each key can be armored seperately. - -2003-02-22 David Shaw - - * sign.c (sign_file): Do not push textmode filter onto an unopened - IOBUF (segfault). Noted by Marcus Brinkmann. Push and - reinitialize textmode filter for each file in a multiple file - list. - - * packet.h, getkey.c (fixup_uidnode), keyedit.c (show_prefs): Set - and show the keyserver no-modify flag. - - * keygen.c (add_keyserver_modify): New. - (keygen_upd_std_prefs): Call it here. - (keygen_set_std_prefs): Accept "ks-modify" and "no-ks-modify" as - prefs to set and unset keyserver modify flag. - - * g10.c (main): Accept "s1" in addition to "idea" to match the - other ciphers. - - * main.h, misc.c (idea_cipher_warn): We don't need this if IDEA - has been disabled. - -2003-02-21 David Shaw - - * keygen.c (keygen_set_std_prefs): Don't put AES or CAST5 in - default prefs if they are disabled. - - * g10.c (main): Use 3DES instead of CAST5 if we don't have CAST5 - support. Use 3DES for the s2k cipher in --openpgp mode. - (print_mds): #ifdef all of the optional digest algorithms. - -2003-02-12 David Shaw - - * keydb.h, getkey.c (classify_user_id, classify_user_id2): Make - 'exact' a per-desc item. Merge into one function since - 'force_exact' is no longer needed. - (key_byname): Use new classify_user_id function, and new exact - flag in KEYDB_SEARCH_DESC. - - * keyring.h, keyring.c (keyring_search): Return an optional index - to show which KEYDB_SEARCH_DESC was the matching one. - - * keydb.h, keydb.c (keydb_search): Rename to keydb_search2, and - pass the optional index to keyring_search. Add a macro version of - keydb_search that calls this new function. - - * export.c (do_export_stream): If the keyid! syntax is used, - export only that specified key. If the key in question is a - subkey, export the primary plus that subkey only. - -2003-02-11 David Shaw - - * exec.c (set_exec_path): Add debugging line. - - * g10.c (print_hex, print_mds): Print long hash strings a lot - neater. This assumes at least an 80-character display, as there - are a few other similar assumptions here and there. Users who - need unformatted hashes can still use with-colons. Check that - SHA384 and 512 are available before using them as they are no - longer always available. - - * Makefile.am: Use a local copy of libexecdir along with @PACKAGE@ - as GNUPG_LIBEXECDIR so it can be easily overridden at make time. - -2003-02-04 David Shaw - - * armor.c (parse_hash_header, armor_filter): Accept the new SHAs - in the armor Hash: header. - - * g10.c (print_hex): Print long hash strings a little neater. - (print_mds): Add the new SHAs to the hash list. - -2003-02-02 David Shaw - - * keyedit.c (menu_revuid): Properly handle a nonselfsigned uid on - a v4 key (treat as a v4 revocation). - - * import.c (print_import_check): Do not re-utf8 convert user IDs. - -2003-01-27 David Shaw - - * mainproc.c (list_node): Show signature expiration date in - with-colons sig records. - - * keylist.c (list_keyblock_colon), mainproc.c (list_node): Show - trust sig information in with-colons sig records. - -2003-01-16 David Shaw - - * g10.c (add_group): Trim whitespace after a group name so it does - not matter where the user puts the = sign. - - * options.skel: Comment out the first three lines in case someone - manually copies the skel file to their homedir. - - * sign.c (clearsign_file): Only use pgp2mode with v3 keys and - MD5. This matches what we do when decoding such messages and - prevents creating a message (v3+RIPEMD/160) that we can't verify. - - * sig-check.c (signature_check2): Use G10ERR_GENERAL as the error - for signature digest conflict. BAD_SIGN implies that a signature - was checked and we may try and print out a user ID for a key that - doesn't exist. - -2003-01-15 David Shaw - - * trustdb.c (init_trustdb, get_validity): Don't use a changed - trust model to indicate a dirty trustdb, and never auto-rebuild a - dirty trustdb with the "always" trust model. - - * g10.c (add_group): Last commit missed the \t ;) - -2003-01-14 David Shaw - - * packet.h, parse-packet.c (setup_user_id), free-packet.c - (free_user_id), keydb.h, keyid.c (namehash_from_uid): New function - to rmd160-hash the contents of a user ID packet and cache it in - the uid object. - - * keylist.c (list_keyblock_colon): Use namehash in field 8 of - uids. Show dates for creation (selfsig date), and expiration in - fields 6 and 7. - - * trustdb.c (get_validity, get_validity_counts, update_validity): - Use new namehash function rather than hashing it locally. - -2003-01-14 Werner Koch - - * g10.c (add_group): Fixed group parsing to allow more than one - delimiter in a row and also allow tab as delimiter. - -2003-01-12 David Shaw - - * tdbio.c (tdbio_set_dbname): Fix assertion failure with - non-fully-qualified trustdb names. - -2003-01-11 David Shaw - - * trustdb.c (get_validity_info, get_ownertrust_info, - trust_letter): Simplify by returning a ? for error directly. - - * keyedit.c (show_key_with_all_names): Use get_validity_string and - get_ownertrust_string to show full word versions of trust - (i.e. "full" instead of 'f'). - - * trustdb.h, trustdb.c (get_ownertrust_string, - get_validity_string): Same as get_ownertrust_info, and - get_validity_info, except returns a full string. - - * trustdb.c (get_ownertrust_with_min): New. Same as - 'get_ownertrust' but takes the min_ownertrust value into account. - -2003-01-10 David Shaw - - * armor.c (armor_filter): Comment about PGP's end of line tab - problem. - - * trustdb.h, trustdb.c (trust_letter): Make - static. (get_ownertrust_info, get_validity_info): Don't mask the - trust level twice. - - * trustdb.h, gpgv.c, trustdb.c (get_validity, get_validity_info), - keylist.c (list_keyblock_colon), keyedit.c - (show_key_with_all_names_colon, menu_revuid): Pass a user ID in - rather than a namehash, so we only have to do the hashing in one - place. - - * packet.h, pkclist.c (build_pk_list), free-packet.c - (release_public_key_parts): Remove unused namehash element for - public keys. - -2003-01-07 David Shaw - - * keygen.c (keygen_set_std_prefs): Warn when setting an IDEA - preference when IDEA is not available. - -2003-01-06 David Shaw - - * trustdb.c (get_validity_info): 'd' for disabled is not a - validity value any more. - - * packet.h, tdbio.h, tdbio.c (tdbio_read_record, - tdbio_write_record), trustdb.c (update_validity): Store temporary - full & marginal counts in the trustdb. - (clear_validity, get_validity_counts): Return and clear temp - counts. - (store_validation_status): Keep track of which keyids have been - stored. - (validate_one_keyblock, validate_key_list): Use per-uid copies of - the full & marginal counts so they can be recalled for multiple - levels. - (validate_keys): Only use unused keys for each new round. - (reset_unconnected_keys): Rename to reset_trust_records, and only - skip specifically excluded records. - - * keylist.c (print_capabilities): Show 'D' for disabled keys in - capabilities section. - - * trustdb.c (is_disabled): Remove incorrect comment. - -2003-01-03 David Shaw - - * import.c (import_one): Only do the work to create the status - display for interactive import if status is enabled. - - * keyring.c (keyring_search): skipfnc didn't work properly with - non-keyid searches. Noted by Stefan Bellon. - - * getkey.c (merge_selfsigs_main): Remove some unused code and make - sure that the pk selfsigversion member accounts for 1F direct - sigs. - -2003-01-02 Werner Koch - - * keydb.c (keydb_add_resource): Don't assume that try_make_homedir - terminates but check again for the existence of the directory and - continue then. - * openfile.c (copy_options_file): Print a warning if the skeleton - file has active options. - -2002-12-29 David Shaw - - * getkey.c (merge_selfsigs_main), main.h, sig-check.c - (check_key_signature2): Pass the ultimately trusted pk directly to - check_key_signature2 to avoid going through the key selection - mechanism. This prevents a deadly embrace when two keys without - selfsigs each sign the other. - -2002-12-27 David Shaw - - * keyserver.c (keyserver_refresh): Don't print the "refreshing..." - line if there are no keys to refresh or if there is no keyserver - set. - - * getkey.c (merge_selfsigs_main): Any valid user ID should make a - key valid, not just the last one. This also fixes Debian bug - #174276. - -2002-12-27 Stefan Bellon - - * import.c (print_import_check): Changed int to size_t. - -2002-12-27 David Shaw - - * keyedit.c (keyedit_menu, menu_revuid): Add "revuid" feature to - revoke a user ID. This is the same as issuing a revocation for - the self-signature, but a much simpler interface to do it. - -2002-12-26 David Shaw - - * keydb.h, getkey.c (key_byname): Flag to enable or disable - including disabled keys. Keys specified via keyid (i.e. 0x...) - are always included. - - * getkey.c (get_pubkey_byname, get_seckey_byname2, - get_seckey_bynames), keyedit.c (keyedit_menu, menu_addrevoker): - Include disabled keys in these functions. - - * pkclist.c (build_pk_list): Do not include disabled keys for -r - or the key prompt. Do include disabled keys for the default key - and --encrypt-to. - - * trustdb.h, trustdb.c (is_disabled): New skipfnc for skipping - disabled keys. - - * gpgv.c (is_disabled): Stub. - - * keygen.c (keygen_add_key_expire): Properly handle updating a key - expiration to a no-expiration value. - - * keyedit.c (enable_disable_key): Comment. - - * import.c (import_one): When in interactive mode and --verbose, - don't repeat some key information twice. - -2002-12-22 Timo Schulz - - * import.c (print_import_check): New. - (import_one): Use it here. - Use merge_keys_and_selfsig in the interactive mode to avoid - wrong key information. - * status.h: Add new status code. - * status.c: Ditto. - -2002-12-13 David Shaw - - * pkclist.c (do_we_trust): Tweak language to refer to the "named - user" rather than "owner". Noted by Stefan Bellon. - - * trustdb.h, trustdb.c (trustdb_pending_check): New function to - check if the trustdb needs a check. - - * import.c (import_keys_internal): Used here so we don't rebuild - the trustdb if it is still clean. - (import_one, chk_self_sigs): Only mark trustdb dirty if the key - that is being imported has any sigs other than self-sigs. - Suggested by Adrian von Bidder. - - * options.skel: Include the required '=' sign in the sample - 'group' option. Noted by Stefan Bellon. - - * import.c (chk_self_sigs): Don't try and check a subkey as if it - was a signature. - -2002-12-11 David Shaw - - * tdbio.c (tdbio_read_record, tdbio_write_record): Compact the - RECTYPE_TRUST records a bit. - - * g10.c (main): Comment out --list-trust-path until it can be - implemented. - - * import.c (import_one): Warn when importing an Elgamal primary - that this may take some time (to verify self-sigs). - (chk_self_sigs): Try and cache all self-sigs so the keyblock is - written to the keyring with a good rich cache. - - * keygen.c (ask_algo): Make the Elgamal sign+encrypt warning - stronger, and remove the RSA sign+encrypt warning. - -2002-12-06 Stefan Bellon - - * options.h: Fixed typo (mangle_dos_names instead of - mangle_dos_filenames). - -2002-12-05 Werner Koch - - * g10.c: New options --[no-]mangle-dos-filenames. - * options.h (opt): Added mangle-dos-filenames. - * openfile.c (open_outfile) [USE_ONLY_8DOT3]: Truncate the - filename only when this option is set; this is the default. - -2002-12-04 David Shaw - - * main.h, keyedit.c, keygen.c: Back out previous (2002-12-01) - change. Minimal isn't always best. - - * sign.c (update_keysig_packet): Use the current time rather then - a modification of the original signature time. Make sure that - this doesn't cause a time warp. - - * keygen.c (keygen_add_key_expire): Properly handle a key - expiration date in the past (use a duration of 0). - - * keyedit.c (menu_expire): Use update_keysig_packet so any sig - subpackets are maintained during the update. - - * build-packet.c (build_sig_subpkt): Mark sig expired or unexpired - when the sig expiration subpacket is added. - (build_sig_subpkt_from_sig): Handle making an expiration subpacket - from a sig that has already expired (use a duration of 0). - - * packet.h, sign.c (update_keysig_packet), keyedit.c - (menu_set_primary_uid, menu_set_preferences): Add ability to issue - 0x18 subkey binding sigs to update_keysig_packet and change all - callers. - - * trustdb.c (validate_keys): Show trust parameters when building - the trustdb, and make sure that the version record update was - successful. - (init_trustdb): If the current parameters aren't what was used for - building the trustdb, the trustdb is invalid. - - * tbio.c (tdbio_db_matches_options): Update to work with new - trustdbs. - -2002-12-03 David Shaw - - * tdbio.h, tdbio.c (tdbio_read_record, tdbio_write_record): Store - trust model in the trustdb version record. - (tdbio_update_version_record): New function to update version - record values during a trustdb check or update. - (tdbio_dump_record): Show trust model in dump. - - * trustdb.c (validate_keys): Call tdbio_update_version_record on - success so that the correct options are stored in the trustdb. - - * options.h: rearrange trust models so that CLASSIC is 0 and - OPENPGP is 1. - - * options.h, g10.c (main), encode.c (write_pubkey_enc_from_list), - pkclist.c (algo_available), revoke.c (gen_revoke): Add --pgp8 - mode. This is basically identical to --pgp7 in all ways except - that signing subkeys, v4 data sigs (including expiration), and SK - comments are allowed. - - * getkey.c (finish_lookup): Comment. - - * main.h, keylist.c (reorder_keyblock), keyedit.c (keyedit_menu): - Reorder user ID display in the --edit-key menu to match that of - the --list-keys display. - - * g10.c (add_notation_data): Fix initialization. - -2002-12-01 David Shaw - - * keyedit.c (menu_expire): Don't lose key flags when changing the - expiration date of a subkey. This is not the most optimal - solution, but it is minimal change on the stable branch. - - * main.h, keygen.c (do_copy_key_flags): New function to copy key - flags, if any, from one sig to another. - (do_add_key_expire): New function to add key expiration to a sig. - (keygen_copy_flags_add_expire): New version of - keygen_add_key_expire that also copies key flags. - (keygen_add_key_flags_and_expire): Use do_add_key_expire. - - * import.c (fix_hkp_corruption): Comment. - -2002-11-25 Stefan Bellon - - * plaintext.c (handle_plaintext) [__riscos__]: If nooutput is set, - no filetype is needed obviously. - -2002-11-24 David Shaw - - * main.h, misc.c (default_cipher_algo, default_compress_algo): - New. Return the default algorithm by trying - --cipher-algo/--compress-algo, then the first item in the pref - list, then s2k-cipher-algo or ZIP. - - * sign.c (sign_file, sign_symencrypt_file), encode.c - (encode_simple, encode_crypt): Call default_cipher_algo and - default_compress_algo to get algorithms. - - * g10.c (main): Allow pref selection for compress algo with - --openpgp. - - * mainproc.c (proc_encrypted): Use --s2k-digest-algo for - passphrase mangling rather than --digest-algo. - - * sign.c (hash_for): If --digest-algo is not set, but - --personal-digest-preferences is, then use the first hash - algorithm in the personal list. If the signing algorithm is DSA, - then use the first 160-bit hash algorithm in the personal list. - If --pgp2 is set and it's a v3 RSA key, use MD5. - - * g10.c (main), keydb.c (keydb_add_resource, - keydb_locate_writable): Rename --default-keyring as - --primary-keyring. Stefan wins the naming contest. - -2002-11-23 David Shaw - - * g10.c (add_notation_data): Disallow notation names that do not - contain a '@', unless --expert is set. This is to help prevent - people from polluting the (as yet unused) IETF namespace. - - * main.h: Comments about default algorithms. - - * photoid.c (image_type_to_string): Comments about 3-letter file - extensions. - - * encode.c (encode_simple), passphrase.c (passphrase_to_dek), - sign.c (sign_symencrypt_file): Use --s2k-digest-algo for - passphrase mangling rather than --digest-algo. - -2002-11-21 David Shaw - - * keygen.c (keygen_set_std_prefs): Properly handle an empty - preference string. - - * misc.c (string_to_compress_algo): "none" is a bad choice since - it conflicts with the "none" in setpref. - -2002-11-14 David Shaw - - * g10.c (main): Allow compression algorithm names as the argument - to --compress-algo. The old algorithm names still work for - backwards compatibility. - - * misc.c (string_to_compress_algo): Allow "none" as an alias for - "uncompressed". - -2002-11-13 Stefan Bellon - - * getkey.c (get_pubkey_byfprint_fast): Fixed type incompatibility, - was unsigned char instead of byte. - -2002-11-13 David Shaw - - * encode.c (encode_simple): Make sure that files larger than about - 4G use partial length encoding. This is required because OpenPGP - allows only for 32 bit length fields. From Werner on stable - branch. - - * getkey.c (get_pubkey_direct): Renamed to... - (get_pubkey_fast): this and made extern. - (get_pubkey_byfprint_fast): New. From Werner on stable branch. - - * keydb.h, import.c (import_one): Use get_pubkey_fast instead of - get_pubkey. We don't need a merged key and actually this might - lead to recursions. - (revocation_present): Likewise for search by fingerprint. From - Werner on stable branch. - - * g10.c (main): Try to create the trustdb even for non-colon-mode - list-key operations. This is required because getkey needs to - know whether a a key is ultimately trusted. From Werner on stable - branch. - - * exec.c [__CYGWIN32__]: Keep cygwin separate from Mingw32; - we don't need it here as it behaves more like a Posix system. - From Werner on stable branch. - - * passphrase.c (agent_get_passphrase): Ditto. From Werner on - stable branch. - - * tdbio.c (MY_O_BINARY): Need binary mode with Cygwin. From - Werner on stable branch. - - * g10.c, gpgv.c (main) [__CYGWIN32__]: Don't get the homedir from - the registry. From Werner on stable branch. - - * keyedit.c (show_key_with_all_names_colon): Make --with-colons - --edit display match the validity and trust of --with-colons - --list-keys. - - * passphrase.c (agent_send_all_options): Fix compile warning. - - * keylist.c (list_keyblock_colon): Validity for subkeys should - match that of the primary key, and not that of the last user ID. - - * getkey.c (merge_selfsigs): Revoked/expired/invalid primary keys - carry these facts onto all their subkeys, but only after the - subkey has a chance to be marked valid. This is to fix an - incorrect "invalid public key" error verifying a signature made by - a revoked signing subkey, with a valid unrevoked primary key. - -2002-11-09 Werner Koch - - * passphrase.c (agent_send_all_options): Use tty_get_ttyname to - get the default ttyname. - -2002-11-07 David Shaw - - * keyring.h, keyring.c (keyring_register_filename): Return the - pointer if a given keyring is registered twice. - - * keydb.h, keydb.c (keydb_add_resource): Use flags to indicate a - default keyring. - (keydb_locate_writable): Prefer the default keyring if possible. - - * g10.c (main): Add --default-keyring option. - -2002-11-06 David Shaw - - * options.h, g10.c (main), trustdb.c (ask_ownertrust): Add - --force-ownertrust option for debugging purposes. This allows - setting a whole keyring to a given trust during an - --update-trustdb. Not for normal use - it's just easier than - hitting "4" all the time to test a large trustdb. - - * pubkey-enc.c (get_session_key): With hidden recipients or try a - given passphrase against all secret keys rather than trying all - secret keys in turn. Don't if --try-all-secrets or --status-fd is - enabled. - - * passphrase.c (passphrase_to_dek): Mode 1 means do a regular - passphrase query, but don't prompt with the key info. - - * seckey-cert.c (do_check, check_secret_key): A negative ask count - means to enable passphrase mode 1. - - * keydb.h, getkey.c (enum_secret_keys): Add flag to include - secret-parts-missing keys (or not) in the list. - -2002-11-05 David Shaw - - * keyserver.c (keyserver_search_prompt): When --with-colons is - enabled, don't try and fit the search output to the screen size - - just dump the whole list. - -2002-11-04 David Shaw - - * keyserver.c (keyserver_search_prompt): When --with-colons is - enabled, just dump the raw keyserver protocol to stdout and don't - print the menu. - - * keyserver.c (show_prompt): Don't show a prompt when command-fd - is being used. - - * trustdb.c (trust_model_string, check_trustdb, update_trustdb, - validate_one_keyblock): It's not clear what a trustdb rebuild or - check means with a trust model other than "classic" or "openpgp", - so disallow this. - -2002-11-03 David Shaw - - * options.h, g10.c (main): Add --trust-model option. Current - models are "openpgp" which is classic+trustsigs, "classic" which - is classic only, and "always" which is the same as the current - option --always-trust (which still works). Default is "openpgp". - - * trustdb.c (validate_one_keyblock): Use "openpgp" trust model to - enable trust sigs. - - * gpgv.c (main), mainproc.c (check_sig_and_print), pkclist.c - (do_we_trust, do_we_trust_pre, check_signatures_trust): Use new - --trust-model option in place of --always-trust. - - * keyedit.c (sign_mk_attrib, trustsig_prompt, sign_uids, - keyedit_menu): Prompt for and create a trust signature with - "tsign". This is functional, but needs better UI text. - - * build-packet.c (build_sig_subpkt): Able to build trust and - regexp subpackets. - - * pkclist.c (do_edit_ownertrust): Comment. - -2002-11-02 David Shaw - - * keygen.c (set_one_pref, keygen_set_std_prefs): Allow using the - full algorithm name (CAST5, SHA1) rather than the short form (S3, - H2). - - * main.h, keygen.c (keygen_get_std_prefs), keyedit.c - (keyedit_menu): Return and use a fake uid packet rather than a - string since we already have a nice parser/printer in - keyedit.c:show_prefs. - - * main.h, misc.c (string_to_compress_algo): New. - -2002-11-01 David Shaw - - * g10.c (main): Add --no-throw-keyid. - - * keydb.h, encode.c (write_pubkey_enc_from_list), g10.c (main), - pkclist.c (build_pk_list): Add --hidden-recipient (-R) and - --hidden-encrypt-to, which do a single-user variation on - --throw-keyid. The "hide this key" flag is carried in bit 0 of - the pk_list flags field. - - * keyserver.c (parse_keyrec): Fix shadowing warning. - -2002-10-31 Stefan Bellon - - * compress.c (init_compress) [__riscos__]: Use - riscos_load_module() to load ZLib module. - - * g10.c (main) [__riscos__]: Renames due to changes in riscos.c - (e.g. prefixes all RISC OS specific functions with riscos_*). - * photoid.c (show_photos) [__riscos__]: Likewise. - * signal.c (got_fatal_signal) [__riscos__]: Likewise. - - * trustdb.c (check_regexp) [__riscos__]: Branch to RISC OS RegEx - handling. - -2002-10-31 David Shaw - - * build-packet.c (do_plaintext), encode.c (encode_sesskey, - encode_simple, encode_crypt), sign.c (write_plaintext_packet): Use - wipememory() instead of memset() to wipe sensitive memory as the - memset() might be optimized away. - -2002-10-30 David Shaw - - * trustdb.c (check_regexp): Modern regexps require REG_EXTENDED. - -2002-10-29 David Shaw - - * packet.h, trustdb.h, trustdb.c (trust_string): New. Return a - string like "fully trusted", "marginally trusted", etc. - (get_min_ownertrust): New. Return minimum ownertrust. - (update_min_ownertrust): New. Set minimum ownertrust. - (check_regexp): New. Check a regular epression against a user ID. - (ask_ownertrust): Allow specifying a minimum value. - (get_ownertrust_info): Follow the minimum ownertrust when - returning a letter. - (clear_validity): Remove minimum ownertrust when a key becomes - invalid. - (release_key_items): Release regexp along with the rest of the - info. - (validate_one_keyblock, validate_keys): Build a trust sig chain - while validating. Call check_regexp for regexps. Use the minimum - ownertrust if the user does not specify a genuine ownertrust. - - * pkclist.c (do_edit_ownertrust): Only allow user to select a - trust level greater than the minimum value. - - * parse-packet.c (can_handle_critical): Can handle critical trust - and regexp subpackets. - - * trustdb.h, trustdb.c (clear_ownertrusts), delkey.c - (do_delete_key), import.c (import_one): Rename clear_ownertrust to - clear_ownertrusts and have it clear the min_ownertrust value as - well. - - * keylist.c (list_keyblock_print): Indent uid to match pub and - sig. - - * keyedit.c (print_and_check_one_sig, show_key_and_fingerprint, - menu_addrevoker), keylist.c (list_keyblock_print, - print_fingerprint): Show "T" or the trust depth for trust - signatures, and add spaces to some strings to make room for it. - - * packet.h, parse-packet.c (dump_sig_subpkt, parse_one_sig_subpkt, - parse_signature): Parse trust signature values. - - * tdbio.h, tdbio.c (tdbio_read_record, tdbio_write_record): - Reserve a byte for the minimum ownertrust value (for use with - trust signatures). - -2002-10-29 Stefan Bellon - - * build-packet.c (calc_plaintext, do_plaintext): Removed RISC OS - specific filetype parts (it's now done in make_basename()). - - * plaintext.c (handle_plaintext): Tidied up RISC OS specific - filetype parts. - - * encode.c (encode_simple, encode_crypt): Added argument to - make_basename() call. - - * sign.c (write_plaintext_packet): Added argument to - make_basename() call. - -2002-10-28 Stefan Bellon - - * build-packet.c (calc_plaintext, do_plaintext): Added filetype - handling for RISC OS' file types. - - * plaintext.c (handle_plaintext) [__riscos__]: Added filetype - handling for RISC OS' file types. - -2002-10-23 David Shaw - - * main.h, import.c (sec_to_pub_keyblock, import_secret_one, - parse_import_options), g10.c (main): New import-option - "convert-sk-to-pk" to convert a secret key into a public key - during import. It is on by default. - -2002-10-23 Werner Koch - - * pubkey-enc.c (get_it): Fix segv, test for revoked only when PK - has been assigned. - -2002-10-18 Timo Schulz - - * keylist.c: (print_pubkey_info): New. - (print_seckey_info): New. - * main.h: Prototypes for the new functions. - * delkey.c (do_delete_key): Use it here. - * revoke.c (gen_desig_revoke): Ditto. - -2002-10-17 Werner Koch - - * pkclist.c (do_edit_ownertrust): Show all user IDs. This should - be enhanced to also show the current trust level. Suggested by - Florian Weimer. - -2002-10-17 David Shaw - - * g10.c (main): Handle --strict and --no-strict from the command - line before the options file is loaded. - -2002-10-15 David Shaw - - * g10.c (main): Disable --textmode when encrypting (symmetric or - pk) in --pgp2 mode as PGP 2 can't handle the unknown length - literal packet. Reported by Michael Richardson. - -2002-10-14 David Shaw - - * keyserver-internal.h, keyserver.c (print_keyrec, parse_keyrec, - show_prompt, keyserver_search_prompt, keyserver_spawn): Go to - version 1 of the keyserver protocol. This is a better design, - similar to --with-colons, that allows for keys with multiple user - IDs rather than using multiple keys. It also matches the machine - readable pksd format. Also use a prettier --search-keys listing - format that can fill different size windows (currently set at 24 - lines). - -2002-10-12 Werner Koch - - * keygen.c (print_status_key_created): New. - (do_generate_keypair): Use it to print the fingerprint. - (generate_subkeypair): Likewise. - -2002-10-11 David Shaw - - * keyedit.c (menu_addrevoker): Properly back out if the signature - fails. Also, do not allow appointing the same revoker twice, and - report ALREADY_SIGNED if the user tries it. - -2002-10-07 David Shaw - - * import.c (import_keys_internal): Missed one s/inp/inp2/. - - * keylist.c (print_capabilities): Properly indicate per-key - capabilities of sign&encrypt primary keys that have - secret-parts-missing (i.e. no capabilities at all) - - * mainproc.c (symkey_decrypt_sesskey): Fix compiler warning. - -2002-10-04 David Shaw - - * getkey.c (get_pubkey_direct): Don't cache keys retrieved via - this function as they may not have all their fields filled in. - - * sig-check.c (signature_check2): Use new is_primary flag to check - rather than comparing main_keyid with keyid as this still works in - the case of a not fully filled in pk. - -2002-10-04 Werner Koch - - * import.c (import_keys_internal): s/inp/inp2/ to avoid shadowing - warning. - - * passphrase.c (agent_get_passphrase): Fixed signed/unsigned char - problem in %-escaping. Noted by Ingo Klöcker. - -2002-10-03 David Shaw - - * options.h, g10.c (main): Add --strict and --no-strict to switch - the log_warning severity level from info to error. - - * keylist.c (print_capabilities): Secret-parts-missing keys should - show that fact in the capabilities, and only primary signing keys - can certify other keys. - - * packet.h, parse_packet.c (parse_key): Add is_primary flag for - public keys (it already exists for secret keys). - -2002-10-02 David Shaw - - * import.c (import_secret_one): Check for an illegal (>110) - protection cipher when importing a secret key. - - * keylist.c (list_keyblock_print): Show a '#' for a - secret-parts-missing key. - - * parse_packet.c (parse_key): Some comments. - - * revoke.c (gen_revoke): Remove some debugging code. - - * trustdb.c (verify_own_keys): Make trusted-key a non-deprecated - option again. - - * seckey-cert.c (do_check): Don't give the IDEA warning unless the - cipher in question is in fact IDEA. - -2002-10-01 David Shaw - - * import.c (import_one): Make sure that a newly imported key - starts with a clean ownertrust. - -2002-10-01 Werner Koch - - * getkey.c (get_pubkey_direct): New. - (merge_selfsigs_main): Use it here to look for an ultimately - trusted key. Using the full get_pubkey might lead to an - infinitive recursion. - -2002-09-29 David Shaw - - * keyserver.c (parse_keyserver_uri): Force the keyserver URI - scheme to lowercase to be case-insensitive. - -2002-09-28 David Shaw - - * export.c (do_export_stream): Comment. - - * sig-check.c (check_key_signature2): Properly handle a - non-designated revocation import. - -2002-09-26 Werner Koch - - * g10.c (set_homedir): New. Changed all direct assignments to use - this. - * gpgv.c (set_homedir): Ditto. - -2002-09-25 David Shaw - - * Makefile.am: Link gpg with EGDLIBS (i.e. NETLIBS) as EGD uses - sockets. Remove the old NETLIBS variable since the keyserver - stuff is no longer internal. - -2002-09-24 David Shaw - - * import.c (import_keys_stream): Fix compiler type warning. - - * keyring.c (keyring_rebuild_cache), sig-check.c - (check_key_signature2), import.c (import, chk_self_sigs): Minor - language cleanups. - -2002-09-23 Stefan Bellon - - * main.h: Introduced fast-import as import option. Removed - fast as separate option from prototypes. - * import.c (parse_import_options): Added fast-import option. - (import_*): Removed fast as separate option. - * g10.c (main): Added option fast-import, removed old fast - as separate argument. - * keyserver.c (keyserver_spawn): Removed old fast as separate - argument. - -2002-09-22 Stefan Bellon - - * import.c (import_keys, import_keys_stream, - import_keys_internal): Added trustdb update/check to key import if - not fast-import and interactive set/no-auto-check-trustdb unset. - Avoided function clone by introducing import_keys_internal. - -2002-09-19 David Shaw - - * keyserver.c (keyserver_spawn): Properly handle line truncation. - Don't leak memory (~10-20 bytes) on searches. - (keyserver_search_prompt): Cleanup. - - * keylist.c (list_keyblock_colon): Show 1F direct key signatures - in --with-colons listing. - -2002-09-16 David Shaw - - * keyedit.c (menu_addrevoker): The direct key signature for - revocation keys must be at least v4 to carry the revocation key - subpacket. Add a PGP 2.x warning for revocation keys. - -2002-09-14 David Shaw - - * g10.c (check_permissions): Rearrange strings to make translating - easier (don't incorporate string parts). - - * keyedit.c (sign_uids): Make strings translatable. - - * sig-check.c (check_key_signature2): Make string translatable. - -2002-09-13 David Shaw - - * getkey.c (check_revocation_keys): Move.... - * main.h, sig-check.c (check_revocation_keys): to here. Also - return the signature_check error code rather than 0/1 and cache - the sig result. - - * sig-check.c (check_key_signature2): Divert to - check_revocation_keys if a revocation sig is made by someone other - than the pk owner. - - * getkey.c (merge_selfsigs_main): Tidy. - -2002-09-13 Werner Koch - - * g10.c (main) [__MINGW32__]: Activate oLoadExtension. - -2002-09-12 David Shaw - - * Makefile.am, hkp.c, hkp.h, keyserver.c (keyserver_work): Remove - internal HKP support. - - * keyserver.c (keyserver_spawn): Remove whitespace after keyserver - commands. - -2002-09-10 David Shaw - - * exec.c (expand_args): Remove loop left over from earlier - implementation. - (exec_write): Missed one tick. - -2002-09-10 Werner Koch - - * g10.c, options.h: Removed option --emulate-checksum-bug. - * misc.c (checksum_u16_nobug): Removed. - (checksum_u16): Removed the bug emulation. - (checksum_mpi): Ditto. - (checksum_mpi_counted_nbits): Removed and replaced all calls - with checksum_mpi. - - * parse-packet.c (read_protected_v3_mpi): New. - (parse_key): Use it here to store it as an opaque MPI. - * seckey-cert.c (do_check): Changed the v3 unprotection to the new - why to store these keys. - (protect_secret_key): Likewise. - * build-packet.c (do_secret_key): And changed the writing. - - * tdbio.c (tdbio_set_dbname, open_db): Use new macro MY_O_BINARY - to avoid silly ifdefs. - (open_db): Fallback to RDONLY so that gpg may be used from a - RO-medium. - - * encode.c (encode_simple): Make sure we don't use an ESK packet - when we don't have a salt in the S2K. - - * misc.c (pct_expando) : Make sure that LEN is initialized. - - * exec.c (exec_finish): Use ticks to denote filenames in messages. - (make_tempdir, exec_write): Changed format of messages. - - * keyserver.c (print_keyinfo): Release USERID in on error. - (keyserver_work) [!DISABLE_KEYSERVER_HELPERS]: Exclude the unused - code. - -2002-09-09 Werner Koch - - * parse-packet.c (make_attribute_uidname): Add new ar MAX_NAMELEN - for sanity checks. Changed both callers. Limit the size of an %s. - - * options.skel: Comment lock-once out, so that this file does not - change anything when copied to a new home directory. - * openfile.c (try_make_homedir): Don't exit after copying the - option skeleton. - - * options.h: Don't use a comma when declaring variables over more - than one line. - - * mainproc.c (symkey_decrypt_sesskey): Check length of the session - key. - - * hkp.c (dehtmlize): Use ascii_tolower to protect against weird - locales. Cast the argument for isspace for the sake of broken - HP/UXes. - (parse_hkp_index): s/ascii_memcasecmp/ascii_strncasecmp/. - - * g10.c: Removed option --emulate-3des-s2k-bug. - - * passphrase.c (hash_passphrase): Was used here. - - * export.c (parse_export_options) - * keyserver.c (parse_keyserver_options) - * import.c (parse_import_options) - * g10.c (check_permissions): s/ascii_memcasecmp/ascii_strncasecmp/. - -2002-09-09 David Shaw - - * g10.c (add_group): Use '=' to separate group name from group - members. Use a better error message for when no = is found. - - * hkp.c (hkp_export): Use CRLF in headers. - -2002-09-03 David Shaw - - * mainproc.c (print_pkenc_list): Don't increment the error counter - when printing the list of keys a message was encrypted to. This - would make gpg give a non-zero exit code even for completely valid - messages if the message was encrypted to more than one key that - the user owned. - -2002-09-02 Werner Koch - - * g10.c (main): Try to set a default character set. Print the - used one in verbosity level 3. - * gpgv.c (main): Try to set a default character set. - - * status.c, status.h (STATUS_IMPORT_OK): New. - * import.c (import_one,import_secret_one): Print new status. - -2002-08-30 David Shaw - - * pkclist.c (build_pk_list): Add new status code to indicate an - untrusted user. This (or a disabled key) fail with "unavailable - pubkey" (G10ERR_UNU_PUBKEY). - - * pkclist.c (build_pk_list): Fail if any recipient keys are - unusable. - - * options.skel: The PGP LDAP keyserver is back. Use MIT keyserver - as a sample rather than cryptnet as cryptnet does not support - searching yet. - - * keyedit.c (show_key_with_all_names): Fix error message - (preferences are userid/selfsig and not key specific). - -2002-08-30 Werner Koch - - * pkclist.c (do_we_trust_pre): Changed the wording of a warning. - - * encode.c (encode_simple,encode_crypt): Use new style CTB for - compressssed packets when using MDC. We need to do this so that - concatenated messages are properly decrypted. Old style - compression assumes that it is the last packet; given that we - can't determine the length in advance, the uncompressor does not - know where to start. Actually we should use the new CTB always - but this would break PGP 2 compatibility. - - * parse-packet.c (parse): Special treatment for new style CTB - compressed packets. - - * build-packet.c (do_mdc): Removed. Was not used. - (do_encrypted_mdc): Count in the version number and the MDC packet. - -2002-08-28 David Shaw - - * sig-check.c (do_check_messages, do_check): Show keyid in error - messages. - - * keyserver.c (print_keyinfo): More readable key listings for - --search-keys responses. - -2002-08-26 David Shaw - - * hkp.c (parse_hkp_index, dehtmlize): Move HTML functionality into - new "dehtmlize" function. Remove HTML before trying to parse each - line from the keyserver. If the keyserver provides key type - information in the listing, use it. - -2002-08-23 David Shaw - - * sig-check.c (do_check, do_check_messages): Emit the usual sig - warnings even for cached sigs. This also serves to protect - against missing a sig expiring while cached. - - * getkey.c (merge_selfsigs_main): Don't check UID self-sigs twice. - -2002-08-22 David Shaw - - * import.c (clean_subkeys, chk_self_sigs): Merge clean_subkeys - into chk_self_sigs. This improves efficiency as the same - signatures are not checked multiple times. Clarify when a subkey - is revoked (any revocation signature, even if it is dated before - the binding signature). - - * getkey.c (merge_selfsigs_subkey): Subkey revocation comments. - - * keylist.c (list_one): Stats are only for public key listings. - - * g10.c (main), options.skel: Default should be include-revoked - for keyserver operations. - -2002-08-21 Werner Koch - - * import.c (import_print_stats): Print new non_imported counter - which is currently not used because we terminate on errors. - -2002-08-20 David Shaw - - * options.skel: Document no-include-attributes for - keyserver-options. - - * keylist.c, keyedit.c, keyserver.c, sign.c: Some TODOs and - comments. - - * export.c (do_export_stream): Fix noop bug in exporting sensitive - revocation keys. - - * pkclist.c (do_edit_ownertrust): Comment out the option for - showing trust paths until it can be implemented. - -2002-08-19 Werner Koch - - * getkey.c (get_user_id_native): Renamed to .. - (get_user_id_printable): this. Filter out all dangerous - characters. Checked all usages. - (get_user_id_string_native): Renamed to.. - (get_user_id_string_printable): this. Filter out all dangerous - characters. Checked all usages. - * keyedit.c (show_basic_key_info): New. - * keylist.c (print_fingerprint): New mode 3. - * import.c (import_one): Use new function to display the user ID. - -2002-08-16 Timo Schulz - - * g10.c (main): Enable opt.interactive. - - * import.c (import_one): Ask the user if the key shall be - imported when the interactive mode is used. Useful to extract - selected keys from a file. - -2002-08-16 Werner Koch - - * seckey-cert.c: Workaround to allow decryption of v3 keys created - with a bug in the mpi_get_secure_buffer. - -2002-08-14 David Shaw - - * hkp.c (parse_hkp_index): Properly handle really large keys - (5 digit key length) in HKP searches. - -2002-08-13 David Shaw - - * encode.c (encode_simple): Fix problem with using compression - algo 2 and symmetric compressed files. - - * encode.c (encode_simple, encode_crypt): If we are not using a - MDC, compress even if a file is already compressed. This is to - help against the chosen ciphertext attack. - - * pkclist.c (select_algo_from_prefs): Fix requested algorithm bug - so the request succeeds even if the requested algorithm is not the - first found. - - * cipher.c (write_header), encode.c (use_mdc, encode_simple, - encode_crypt, encrypt_filter), g10.c (main): Be more eager to use - a MDC. We use a MDC if the keys directly support it, if the keys - list AES (any) or TWOFISH anywhere in the prefs, or if the cipher - chosen does not have a 64 bit blocksize. - -2002-08-08 David Shaw - - * options.skel: Some language tweaks, and remove the - load-extension section for random gatherers. - - * keyring.c (create_tmp_file, rename_tmp_file): Create tmp files - with user-only permissions, but restore the original permissions - if the user has something special set. - - * openfile.c (copy_options_file): Create new options file - (gpg.conf) with user-only permissions. - - * keydb.c (keydb_add_resource): Create new keyrings with user-only - permissions. - - * tdbio.c (tdbio_set_dbname): Create new trustdbs with user-only - permissions. - -2002-08-07 David Shaw - - * sig-check.c (signature_check2): Sanity check that the md has a - context for the hash that the sig is expecting. This can happen - if a onepass sig header does not match the actual sig, and also if - the clearsign "Hash:" header is missing or does not match the - actual sig. - - * keyedit.c (menu_revsig): Properly show a uid is revoked without - restarting gpg. This is Debian bug 124219, though their supplied - patch will not do the right thing. - - * main.h, tdbio.c (tdbio_set_dbname), misc.c (removed - check_permissions), keydb.c (keydb_add_resource), g10.c (main, - check_permissions): Significant reworking of the permission check - mechanism. The new behavior is to check everything in the homedir - by checking the homedir itself. If the user wants to put - (possibly shared) keyrings outside the homedir, they are not - checked. The options file and any extension files are checked - wherever they are, as well as their enclosing directories. This - is Debian bug 147760. - -2002-08-06 Stefan Bellon - - * g10.c (main): Use of EXTSEP_S in new gpg.conf string. - * openfile.c (copy_options_file): Ditto. - -2002-08-06 David Shaw - - * options.h, g10.c (main), mainproc.c (proc_encrypted): - --ignore-mdc-error option to turn a MDC check error into a - warning. - - * encode.c (encode_crypt), g10.c (main), sign.c (sign_file, - clearsign_file): Use the same --pgpX warning string everywhere to - ease translations. - - * encode.c (write_pubkey_enc_from_list): Warn when using - --throw-keyid with --pgpX. Noted by Vedaal Nistar. - - * revoke.c (export_minimal_pk, gen_desig_revoke, gen_revoke): - Export a minimal pk along with the revocation cert when in --pgpX - mode so that PGP can import it. - -2002-08-06 Werner Koch - - * options.skel: Changed comments. - - * g10.c (main): Try to use "gpg.conf" as default option file. - * openfile.c (copy_options_file): Changed name of created file. - -2002-08-02 Werner Koch - - * Makefile.am (LDFLAGS): Removed DYNLINK_LDFLAGS. - -2002-07-30 David Shaw - - * options.h, g10.c (main), mainproc.c (proc_encrypted): Return a - decryption failed error if a MDC does not verify. Warn if a MDC - is not present (can disable via --no-mdc-warning). - - * exec.c (exec_write), g10.c (main), keyserver.c - (keyserver_spawn): Use new DISABLE_KEYSERVER_PATH rather than - FIXED_EXEC_PATH. - -2002-07-28 David Shaw - - * sig-check.c (do_check): Properly validate v4 sigs with no hashed - section at all. - -2002-07-25 Werner Koch - - * delkey.c (do_delete_key): Always allow to delete a key in batch mode - when specified by fingerprint. Suggested by Enzo Michelangeli. - -2002-07-25 David Shaw - - * keyedit.c (menu_revsig): Change "revsig" to honor selected uids - so the user can revoke sigs from particular uids only. - - * keylist.c (list_keyblock_print): Don't display expired uids in - --list-keys unless -v and not --list-sigs (just like revoked - uids). - - * exec.c, export.c, import.c, keyedit.c, keyserver.c, misc.c: - "Warning" -> "WARNING" - -2002-07-24 David Shaw - - * main.h, import.c (parse_import_options, fix_hkp_corruption, - import_one, delete_inv_parts), g10.c (main): New import-option - "repair-hkp-subkey-bug", which repairs as much as possible the HKP - mangling multiple subkeys bug. It is on by default for keyserver - receives, and off by default for regular --import. - - * main.h, import.c (import, import_one, delete_inv_parts), hkp.c - (hkp_ask_import), keyserver.c (keyserver_spawn): Use keyserver - import options when doing keyserver receives. - - * options.h, exec.h, exec.c (set_exec_path, exec_write), g10.c - (main), keyserver.c (keyserver_spawn): If the user does not use - "exec-path", completely replace $PATH with GNUPG_LIBEXECDIR before - calling the keyserver helper. If the user does use "exec-path", - append GNUPG_LIBEXECDIR after the specified path. - -2002-07-23 David Shaw - - * import.c (parse_import_options), export.c - (parse_export_options): Fix offset problem with reversed ("no-") - meanings. - - * import.c (delete_inv_parts): Discard subkey signatures (0x18 and - 0x28) if found in the userid section of the key. - - * sig-check.c (signature_check2): Signatures made by invalid - subkeys (bad/missing binding sig) are also invalid. - - * keylist.c (print_fingerprint): Show the primary as well as the - secondary key fingerprint in modes 1 & 2. - -2002-07-22 David Shaw - - * options.h, main.h, g10.c (main), import.c - (parse_import_options, delete_inv_parts), keyserver.c - (parse_keyserver_options): add new --import-options option. The - only current flag is "allow-local-sigs". - - * g10.c (main): Don't disable MDC in pgp7 mode. - - * options.h, g10.c (main), keyserver.c (parse_keyserver_options): - Remove old keyserver-option include-attributes now that there is - an export-option for the same thing. - - * options.h, main.h, export.c (parse_export_options, - do_export_stream), g10.c (main): add new --export-options option. - Current flags are "include-non-rfc", "include-local-sigs", - "include-attributes", and "include-sensitive-revkeys". - - * options.h, hkp.c (hkp_export), keyserver.c - (parse_keyserver_options, keyserver_spawn): try passing unknown - keyserver options to export options, and if successful, use them - when doing a keyserver --send-key. - - * build-packet.c (build_sig_subpkt): We do not generate - SIGSUBPKT_PRIV_VERIFY_CACHE anymore. - - * revoke.c (gen_desig_revoke): Lots more comments about including - sensitive revkeys along with the revocation sig itself. - - * keyserver.c (parse_keyserver_options): Simpler implementation - that can skip one pass over the options. - -2002-07-18 David Shaw - - * keyedit.c (keyedit_menu, menu_addrevoker): Allow specifying - "sensitive" as an argument to an addrevoker command. This sets - the 0x40 sensitive revoker flag. - - * revoke.c (gen_desig_revoke): When generating a designated - revocation, include the direct key sig that contains the - designated revoker subpacket. This allows sensitive designated - revocation subpackets to be exported. Also indicate which - revokers are sensitive in the first place. - -2002-07-17 David Shaw - - * keyedit.c (show_key_with_all_names_colon): The 0x40 class bit in - a designated revoker means "sensitive", not "local". It's - exportable under the right circumstances. - - * main.h, options.h, export.c (do_export_stream), g10.c (main), - hkp.c (hkp_export), keyserver.c (keyserver_spawn: Add a flag to - skip attribute packets and their signatures while exporting. This - is to accomodate keyservers (pksd again) that choke on attributes. - Use keyserver-option "include-attributes" to control it. This - defaults to ON (i.e. don't skip). - -2002-07-09 David Shaw - - * options.h, keyserver.c (parse_keyserver_uri, keyserver_spawn, - keyserver_work), hkp.c (hkp_ask_import, hkp_export, hkp_search): - Use a much more strict reading of RFC-2396 for the keyserver URIs. - Specifically, don't try and be smart about checking the value of - ":port" so long as it is all digits, and properly handle opaque - data (those scheme specific parts that do not start with "//"). - -2002-07-04 David Shaw - - * photoid.c (get_default_photo_command, show_photos): Honor - FIXED_PHOTO_VIEWER and DISABLE_PHOTO_VIEWER. - - * mainproc.c (check_sig_and_print): Use --show-photos to show - photos when verifying a sig made by a key with a photo. - - * keyserver.c (parse_keyserver_uri): Properly parse a URI with no - :port section and an empty file path, but with a terminating '/'. - (keyserver_work): Honor DISABLE_KEYSERVER_HELPERS. - - * hkp.c (hkp_ask_import): Display keyserver URI as a URI, but only - if verbose. - - * exec.c, g10.c: USE_EXEC_PATH -> FIXED_EXEC_PATH - -2002-07-03 David Shaw - - * exec.h, exec.c (set_exec_path, exec_write), g10.c (main): If - USE_EXEC_PATH is defined at compile time, use it to lock the - exec-path and not allow the user to change it. - -2002-07-02 David Shaw - - * options.h, g10.c (main), keyserver.c (keyserver_refresh): - Maintain and use the original keyserver URI for cosmetics rather - than trying to recreate it when needed. - - * mainproc.c (check_sig_and_print): Properly disregard expired - uids. Make sure that the first uid listed is a real uid and not - an attribute (attributes should only be listed in the "aka" - section). When there are no valid textual userids, try for an - invalid textual userid before using any attribute uid. - -2002-07-01 David Shaw - - * options.skel: Fix a few typos, clarify "group", and remove - sample photo viewers for Win32 since they are the defaults now. - - * parse-packet.c (make_attribute_uidname), keylist.c - (dump_attribs): Fix two typecast warnings. - - * packet.h, build-packet.c (build_attribute_subpkt), exec.c - (expand_args), mkdtemp.c (mkdtemp), photoid.c - (parse_image_header): Fix some signedness compiler warnings. - -2002-07-01 Werner Koch - - * photoid.c (get_default_photo_command): Also use __MINGW32__ - instead of HAVE_DOSISH_SYSTEM. - - * encode.c (encode_symmetric): Do not use the new encryption code. - -2002-06-30 Werner Koch - - * photoid.c: Use __MINGW32__ to include windows because - HAVE_DOSISH_SYSTEM is also set for OS/2 and plain DOS. Provide - constant missing in older mingw installations. - -2002-06-21 Stefan Bellon - - * g10.c [__riscos__]: Moved RISC OS specific stuff to util/riscos.c - and include/util.h. - - * gpgv.c [__riscos__]: Likewise. - -2002-06-20 David Shaw - - * keydb.h, pkclist.c (select_algo_from_prefs): Allow passing a - suggested algorithm which will be used if available. - - * encode.c (encode_crypt, encrypt_filter), sign.c (sign_file): Use - new select_algo_from_prefs feature to check if forcing an - algorithm would violate the recipient preferences. - - * photoid.c (get_default_photo_command, show_photos): Use - different default viewers on different platforms. Currently we - have Win 9x, Win NT (2k, xp), Mac OSX, RISC OS, and "everybody - else". These are #ifdefs as much as possible to avoid clutter. - - * g10.c (strusage, build_list), keyedit.c (show_prefs), main.h, - misc.c (compress_algo_to_string, check_compress_algo), pkclist.c - (algo_available), keygen.c (keygen_set_std_prefs): New - algo_to_string and check functions for compress algorithms. - -2002-06-20 Werner Koch - - * misc.c (setsysinfo): Removed a #warning for Alpha's uniligedn - trap disabling - it is quite possible that this is a debug relict. - -2002-06-20 Stefan Bellon - - * g10.c [__riscos__]: Added image file system feature. - - * gpgv.c [__riscos__]: Added image file system feature. - - * photoid.c (show_photos) [__riscos__]: Set RISC OS filetype of - photo id according to MIME type. - -2002-06-19 David Shaw - - * hkp.c (parse_hkp_index): Don't leak memory when failing out of a - bad HKP keyserver. - - * g10.c (add_notation_data): Relax slightly the rules as to what - can go into a notation name - 2440 allows "@", for example. - -2002-06-17 David Shaw - - * import.c (clean_subkeys, import_one): Only allow at most 1 - binding sig and at most 1 revocation sig on a subkey, as per - 2440:11.1. - - * hkp.c (parse_hkp_index, hkp_search): Error if the keyserver - returns an unparseable HKP response. - -2002-06-15 David Shaw - - * keyedit.c (show_key_with_all_names), keylist.c - (list_keyblock_print): Show "[expired]" before expired uids. - - * keyedit.c (show_key_with_all_names_colon), mainproc.c - (list_node), keylist.c (list_keyblock_colon): Show flag 'e' for - expired user ids. Use "uat" for user attribute packets instead of - "uid". Also use ' ' rather than the fake user id - string on attributes. - - * keygen.c (keygen_add_revkey): Remove unused code. - - * misc.c (check_permissions): Check directory permissions - properly - they are not special files. - - * pkclist.c (expand_id, expand_group, build_pk_list): When - expanding groups before building a pk list, inherit flags from the - original pre-expanded string. - - * pubkey-enc.c (is_algo_in_prefs): Don't use prefs from expired - uids. - -2002-06-14 David Shaw - - * free-packet.c (copy_signature): Properly copy a signature that - carries a revocation key on it. - - * pkclist.c (expand_id, expand_group, build_pk_list): Groups now - work properly when used in the "Enter the user ID" prompt. - -2002-06-14 David Shaw - - * keyedit.c (show_key_with_all_names): Display warning if a user - tries to show prefs on a v3 key with a v3 selfsig. - - * kbnode.c (dump_kbnode): Show if a uid is expired. - - * import.c (merge_blocks, import_revoke_cert): Show user ID - receiving a revocation certificate. - - * free-packet.c (cmp_user_ids): Properly compare attribute ids. - - * pkclist.c (expand_groups): Maintain the strlist flags while - expanding. Members of an expansion inherit their flags from the - expansion key. - - * options.h, cipher.c (write_header), g10.c (main), keygen.c - (keygen_set_std_prefs): remove the personal_mdc flag. It no - longer serves a purpose now that the personal preference lists are - split into cipher/digest/zip. - -2002-06-14 Timo Schulz - - * skclist.c (is_insecure): Implemented. - -2002-06-12 David Shaw - - * keyserver.c (keyserver_spawn): Properly handle PROGRAM responses - when they have a CRLF ending. Noted by Keith Ray. - - * keyserver.c (keyserver_spawn): Handle CRLF endings from - keyserver helpers. Also don't leak the last line worth of memory - from the keyserver response. - - * main.h, misc.c (deprecated_warning): New function to warn about - deprecated options and commands. - - * g10.c (main), keyserver-internal.h, keyserver.c - (parse_keyserver_uri): Use new deprecated function to warn about - honor-http-proxy, auto-key-retrieve, and x-broken-hkp. - -2002-06-11 David Shaw - - * Makefile.am: link gpg with NETLIBS for the built-in HKP access. - -2002-06-10 David Shaw - - * options.h, keyserver.c (keyserver_opts), g10.c (main): New - keyserver option "include-subkeys". This feature already existed, - but now can be turned off. It defaults to on. - - * options.h, keyserver.c (parse_keyserver_options, - keyserver_spawn): There are now enough options to justify making a - structure for the keyserver options rather than a page of - if-then-else-if-then-etc. - - * getkey.c (merge_keys_and_selfsig, merge_selfsigs_main): Fix bug - in calculating key expiration dates. - -2002-06-09 David Shaw - - * keydb.h, getkey.c (get_user_id_native), import.c (import_one): - Display user ID while importing a key. Note this applies to both - --import and keyserver --recv-keys. - - * exec.c (exec_finish): Log unnatural exit (core dump, killed - manually, etc) for fork/exec/pipe child processes. - -2002-06-08 Timo Schulz - - * encode.c (encode_symmetric): Disable the compat flag - when the expert mode is enabled. - -2002-06-07 David Shaw - - * options.skel, options.h, main.h, keydb.h, pkclist.c - (build_pk_list, expand_groups), g10.c (main, add_group): Add new - "group" command to allow one name to expand into multiple keys. - For simplicity, and to avoid potential loops, we only expand once - - you can't make an alias that points to an alias. - - * main.h, g10.c (main), keygen.c (build_personal_digest_list): - Simplify the default digest list - there is really no need for the - other hashes since they will never be used after SHA-1 in the - list. - - * options.skel, options.h, g10.c (main), hkp.c (hkp_ask_import, - hkp_export, hkp_search), keyserver.c (parse_keyserver_options, - parse_keyserver_uri, keyserver_work, keyserver_refresh): Make the - "x-broken-hkp" keyserver scheme into keyserver-option - "broken-http-proxy". Move honor_http_proxy into - keyserver_options. Canonicalize the three variations of "hkp", - "x-hkp", and "x-broken-hkp" into "hkp". - -2002-06-07 Stefan Bellon - - * g10.c [__riscos__]: Added --attribute-file to do the same as - --attribute-fd, but with a filename not a fd as argument. - Added magic symbol for RISC OS to use different memory management. - - * gpgv.c [__riscos__]: Added magic symbol for RISC OS to use - different memory management. - -2002-06-06 David Shaw - - * main.h, g10.c (main), keygen.c (build_personal_digest_list): Put - in a default digest preference list consisting of SHA-1, followed - by every other installed digest except MD5. Note this is the same - as having no digest preference at all except for SHA-1 being - favored. - - * options.h, g10.c (main), keygen.c (keygen_set_std_prefs), - pkclist.c (select_algo_from_prefs): Split - --personal-preference-list into three: - --personal-{cipher|digest|compress}-preferences. This allows a - user to set one without affecting another (i.e. setting only a - digest pref doesn't imply an empty cipher pref). - - * exec.c (exec_read): This is a safer way of guessing the return - value of system(). Noted by Stefan Bellon. - -2002-06-05 David Shaw - - * hkp.c (parse_hkp_index): Be more robust with keyservers - returning very unparseable responses. - - * exec.c (exec_read): Catch and display an error when the remote - process exits unnaturally (i.e. segfault) so the user knows what - happened. Also fix exec_write stub which has a different number - of arguments now. - -2002-06-05 Timo Schulz - - * encode.c (encode_simple): Ignore the new mode for RFC1991. - * mainproc.c (symkey_decrypt_sesskey): Better check for weird - keysizes. - -2002-06-05 Timo Schulz - - * encode.c (encode_sesskey): New. - (encode_simple): Use it here. But by default we use the compat - mode which supress to generate encrypted session keys. - -2002-06-05 Timo Schulz - - * mainproc.c (symkey_decrypt_sesskey): New. - (proc_symkey_enc): Support for encrypted session keys. - -2002-06-04 David Shaw - - * sign.c (hash_for, sign_file): When encrypting and signing at the - same time, consult the various hash prefs to pick a hash algorithm - to use. Pass in a 160-bit hint if any of the signing keys are - DSA. - - * keydb.h, pkclist.c (select_algo_from_prefs, algo_available): - Pass a "hints" opaque pointer in to let the caller give hints as - to what algorithms would be acceptable. The only current hint is - for PREFTYPE_HASH to require a 160-bit hash for DSA. Change all - callers in encode.c (encode_crypt, encrypt_filter) and sign.c - (sign_file). If we settle on MD5 as the best algorithm based - solely on recepient keys and SHA1 is also a possibility, use SHA1 - unless the user intentionally chose MD5. This is as per 2440:13. - - * exec.c (make_tempdir): Fix duplicated filename problem. - -2002-06-03 David Shaw - - * packet.h, parse-packet.c (enum_sig_subpkt): Report back from - enum_sig_subpkt when a subpacket is critical and change all - callers in keylist.c (show_policy_url, show_notation), mainproc.c - (print_notation_data), and pkclist.c (do_show_revocation_reason). - - * keylist.c (show_policy_url, show_notation): Display if the - policy or notation is critical. - -2002-06-03 David Shaw - - * main.h, g10.c (main), keylist.c (dump_attribs, set_attrib_fd, - list_keyblock_print, list_keyblock_colon), status.h, status.c - (get_status_string): New --attribute-fd feature to dump the - contents of attribute subpackets for frontends. If --status-fd is - also used, then a new status tag ATTRIBUTE is provided for each - subpacket. - - * packet.h, getkey.c (fixup_uidnode, merge_selfsigs_main, - merge_selfsigs_subkey), parse-packet.c (setup_user_id): Keep track - of the expiration time of a user ID, and while we're at it, use - the expired flag from the selfsig rather than reparsing the - SIG_EXPIRE subpacket. - - * photoid.c (generate_photo_id): When adding a new photo ID, - showing the photo for confirmation is not safe when noninteractive - since the "user" may not be able to dismiss a viewer window. - Noted by Timo Schulz. - -2002-06-03 David Shaw - - * options.skel: Sample photo viewers for Win32. - - * misc.c (pct_expando): Use the seckey for %k/%K if the pubkey is - not available. - - * photoid.h, photoid.c (show_photos): Include the seckey in case a - user tries to view a photo on a secret key, and change all callers - in keyedit.c (menu_showphoto), keylist.c (list_keyblock_print), - and photoid.c (generate_photo_id). - -2002-06-02 David Shaw - - * photoid.c (show_photos): Work properly when not called with a - public key. - -2002-05-31 David Shaw - - * sign.c (mk_notation_and_policy): Free unneeded buffer. - - * hkp.c (parse_hkp_index): Properly handle the '&' character - (i.e. "&") in HKP responses. - - * getkey.c (merge_selfsigs_main): Fix reversed expiration time - check with self-sigs. - - * keyedit.c (sign_uids): When making a new self-sig on a v3 key, - make a v3 self-sig unless it is currently a v3 self-sig being - promoted to v4. - -2002-05-31 Timo Schulz - - * pkclist.c (do_show_revocation_reason): Don't use capital - letters for non-interactive output. - (show_revocation_reason): Now it is global. - * pubkey-enc.c (get_it): Show if the key has been revoked. - -2002-05-30 David Shaw - - * sign.c (write_signature_packets, sign_file, clearsign_file, - sign_symencrypt_file): Make a v4 signature if a policy URL or - notation is set, unless v3 sigs are forced via rfc1991 or - force-v3-sigs. Also remove some doubled code and clarify an error - message (we don't sign in PGP2 mode - just detach-sign). - - * parse-packet.c (parse_one_sig_subpkt): Add KS_FLAGS to the "any - size" section. - -2002-05-29 David Shaw - - * keygen.c (keygen_set_std_prefs, add_feature_mdc): Use "mdc" and - "no-mdc" in the prefs string to allow switching on and off the MDC - feature. This is needed to properly export a key from GnuPG for - use on PGP which does not support MDC - without this, MDC-capable - implementations will still try and generate MDCs which will break - PGP. - - * keygen.c (keygen_get_std_prefs): Show "[mdc]" in prefs string if - it is enabled. - - * options.h, g10.c (main), cipher.c (write_header), keygen.c - (keygen_set_std_prefs): For consistency, allow the user to specify - mdc/no-mdc in the --personal-preference-list. If disabled, it - acts just like --disable-mdc. - -2002-05-29 David Shaw - - * options.h, exec.c: Add some debugging info, using the 1024 debug - flag. - - * exec.c (win_system): New system()-like function for win32 that - does not return until the child process terminates. Of course, - this doesn't help if the process itself exits before it is - finished. - -2002-05-29 Werner Koch - - * encode.c (encode_simple): Intialize PKT when --no-literal is used. - - * keyedit.c (show_key_with_all_names_colon): Renamed the record - for revocation keys to "rvk". - -2002-05-27 Werner Koch - - * keyedit.c (show_key_with_all_names_colon): New. - (show_key_with_all_names): Divert to new function when required. - Sanitize printing of revoker name. - -2002-05-27 David Shaw - - * build-packet.c (build_sig_subpkt): Handle setting sig flags for - certain subpacket types (notation, policy url, exportable, - revocable). keyedit.c (sign_mk_attrib): Flags no longer need to - be set here. - - * packet.h, parse-packet.c (parse_one_sig_subpkt), build-packet.c - (build_sig_subpkt): Call parse_one_sig_subpkt to sanity check - buffer lengths before building a sig subpacket. - -2002-05-26 David Shaw - - * sign.c (mk_notation_and_policy): Include secret key to enable %s - expandos, and pass notations through pct_expando as well. - - * main.h, misc.c (pct_expando): Add %s and %S expandos for - signer's keyid. - -2002-05-25 David Shaw - - * g10.c (strusage, build_list): Add compress algorithms to - --version list. Show algorithm numbers when --verbose --version - is done. - -2002-05-22 David Shaw - - * options.h, main.h, keygen.c (keygen_set_set_prefs, - keygen_get_std_prefs, keygen_upd_std_prefs), keyedit.c - (keyedit_menu), g10.c (main), pkclist.c (select_algo_from_prefs): - Add --personal-preference-list which allows the user to factor in - their own preferred algorithms when the preference lists are - consulted. Obviously, this does not let the user violate a - recepient's preferences (and the RFC) - this only influences the - ranking of the agreed-on (and available) algorithms from the - recepients. Suggested by David Hollenberg. - - * options.h, keygen.c (keygen_set_std_prefs), g10.c (main): Rename - --preference-list to --default-preference-list (as that is what it - really is), and make it a true default in that if the user selects - "default" they get this list and not the compiled-in list. - -2002-05-22 Werner Koch - - * g10.c (main): Add missing LF in a info printout and made it - translatable. Noted by Michael Tokarev. - -2002-05-21 Werner Koch - - * g10.c (main): Removed the undef of USE_SHM_COPROCESSING which - was erroneously introduced on 2002-01-09. - - * signal.c (got_fatal_signal): Don't write the Nul to stderr. - Reported by David Hollenberg. - -2002-05-18 David Shaw - - * main.h, g10.c (main), revoke.c (gen_desig_revoke): Generate a - designated revocation via --desig-revoke - - * keyedit.c (keyedit_menu, menu_addrevoker): New "addrevoker" - command to add a designated revoker to a key. - -2002-05-17 David Shaw - - * gpgv.c: Add stub for get_ownertrust(). - - * g10.c (main): --allow-freeform-uid should be implied by - OpenPGP. Add --no-allow-freeform-uid. - - * keyedit.c (sign_uids): Issue a warning when signing a - non-selfsigned uid. - - * getkey.c (merge_selfsigs_main): If a key has no selfsigs, and - allow-non-selfsigned-uid is not set, still try and make the key - valid by checking all uids for a signature from an ultimately - trusted key. - -2002-05-16 David Shaw - - * main.h, keygen.c (keygen_add_revkey): Add revocation key - subpackets to a signature (callable by - make_keysig_packet). (write_direct_sig): Write a 1F direct key - signature. (parse_revocation_key): Parse a string in - algo:fpr:sensitive format into a revocation - key. (get_parameter_revkey, do_generate_keypair): Call above - functions when prompted from a batch key generation file. - - * build-packet.c (build_sig_subpkt): Allow multiple revocation key - subpackets in a single sig. - - * keydb.h, getkey.c (get_seckey_byfprint): Same as - get_pubkey_byfprint, except for secret keys. We only know the - fingerprint of a revocation key, so this is needed to retrieve the - secret key needed to issue a revokation. - - * packet.h, parse-packet.c (parse_signature, parse_revkeys): Split - revkey parsing off into a new function that can be used to reparse - after manipulating the revkey list. - - * sign.c (make_keysig_packet): Ability to make 1F direct key - signatures. - -2002-05-15 David Shaw - - * options.skel: keyserver.pgp.com is gone, so list pgp.surfnet.nl - as a sample LDAP server instead. - - * getkey.c (merge_selfsigs_main): Properly handle multiple - revocation keys in a single packet. Properly handle revocation - keys that are in out-of-order packets. Remove duplicates in - revocation key list. - -2002-05-14 Timo Schulz - - * exec.c (make_tempdir) [MINGW32]: Added missing '\'. - -2002-05-14 Stefan Bellon - - * exec.c (make_tempdir): Make use of EXTSEP_S instead of hardcoded - dot as extension separator. - -2002-05-13 David Shaw - - * photoid.c (show_photos): Use the long keyid as the filename for - the photo. Use the short keyid as the filename on 8.3 systems. - - * exec.h, exec.c (make_tempdir, exec_write, exec_finish): Allow - caller to specify filename. This should make things easier on - windows and macs where the file extension is required, but a whole - filename is even better. - - * keyedit.c (show_key_with_all_names, show_prefs): Show proper - prefs for a v4 key uid with no selfsig at all. - - * misc.c (check_permissions): Don't check permissions on - non-normal files (pipes, character devices, etc.) - -2002-05-11 Werner Koch - - * mainproc.c (proc_symkey_enc): Avoid segv in case the parser - encountered an invalid packet. - - * keyserver.c (keyserver_export): Get confirmation before sending - all keys. - -2002-05-10 Stefan Bellon - - * g10.c, hkp.c, keyedit.c, keyserver.c: Replaced all occurrances - of strcasecmp with ascii_strcasecmp and all occurrances of - strncasecmp with ascii_memcasecmp. - -2002-05-10 David Shaw - - * packet.h, getkey.c (fixup_uidnode), keyedit.c (show_prefs): Show - assumed prefs for hash and compression as well as the cipher pref. - Show assumed prefs if there are no prefs at all on a v4 - self-signed key. - - * options.h, g10.c (main), sign.c (make_keysig_packet): New - --cert-digest-algo function to override the default key signing - hash algorithm. - -2002-05-09 David Shaw - - * getkey.c (merge_selfsigs_main): Make sure the revocation key - list starts clean as this function may be called more than once - (e.g. from functions in --edit). - - * g10.c, encode.c (encode_crypt), sign.c (sign_file, - sign_symencrypt_file): Make --compress-algo work like the - documentation says. It should be like --cipher-algo and - --digest-algo in that it can override the preferences calculation - and impose the setting the user wants. No --compress-algo setting - allows the usual preferences calculation to take place. - - * main.h, compress.c (compress_filter): use new - DEFAULT_COMPRESS_ALGO define, and add a sanity check for compress - algo value. - -2002-05-08 David Shaw - - * pkclist.c (select_algo_from_prefs): There is an assumed - compression preference for uncompressed data. - -2002-05-07 David Shaw - - * options.h, g10.c (main), getkey.c (finish_lookup), pkclist.c - (algo_available): --pgp7, identical to --pgp6 except that it - permits a few algorithms that PGP 7 added: AES128, AES192, AES256, - and TWOFISH. Any more of these --pgpX flags, and it'll be time to - start looking at a generic --emulate-pgp X option. - - * export.c (do_export_stream): Warn the user when exporting a - secret key if it or any of its secret subkeys are protected with - SHA1 while simple_sk_checksum is set. - - * parse-packet.c (parse_key): Show when the SHA1 protection is - used in --list-packets. - - * options.h, build-packet.c (do_comment), g10.c (main): Rename - --no-comment as --sk-comments/--no-sk-comments (--no-comment still - works) and make the default be --no-sk-comments. - -2002-05-07 Werner Koch - - * keygen.c (get_parameter_algo): Never allow generation of the - deprecated RSA-E or RSA-S flavors of PGP RSA. - (ask_algo): Allow generation of RSA sign and encrypt in expert - mode. Don't allow ElGamal S+E unless in expert mode. - * helptext.c: Added entry keygen.algo.rsa_se. - -2002-05-07 David Shaw - - * keyedit.c (sign_uids): If --expert is set, allow re-signing a - uid to promote a v3 self-sig to a v4 one. This essentially - deletes the old v3 self-sig and replaces it with a v4 one. - - * packet.h, parse-packet.c (parse_key), getkey.c - (merge_keys_and_selfsig, merge_selfsigs_main): a v3 key with a v4 - self-sig must never let the v4 self-sig express a key expiration - time that extends beyond the original v3 expiration time. - -2002-05-06 David Shaw - - * keyedit.c (sign_uids): When making a self-signature via "sign" - don't ask about sig level or expiration, and include the usual - preferences and such for v4 self-sigs. (menu_set_preferences): - Convert uids from UTF8 to native before printing. - - * keyedit.c (sign_uids): Convert uids from UTF8 to native before - printing. (menu_set_primary_uid): Show error if the user tries to - make a uid with a v3 self-sig primary. - -2002-05-05 David Shaw - - * import.c (import_one): When merging with a key we already have, - don't let a key conflict (same keyid but different key) stop the - import: just skip the bad key and continue. - - * exec.c (make_tempdir): Under Win32, don't try environment - variables for temp directories - GetTempDir tries environment - variables internally, and it's better not to second-guess it in - case MS adds some sort of temp dir handling to Windows at some - point. - -2002-05-05 Timo Schulz - - * mainproc.c (proc_symkey_enc): Don't ask for a passphrase - in the list only mode. - -2002-05-05 David Shaw - - * keyserver.c (keyserver_refresh): --refresh-keys implies - --merge-only so as not to import keys with keyids that match the - ones being refreshed. Noted by Florian Weimer. - -2002-05-04 Stefan Bellon - - * free-packet.c (copy_public_key): Don't call m_alloc(0), therefore - added consistency check for revkey and numrefkeys. - - * getkey.c (check_revocation_keys): Added consistency check for - revkey and numrefkeys. - - * keyedit.c (show_key_with_all_names): Likewise. - -2002-05-03 David Shaw - - * photoid.c: Provide default image viewer for Win32. - - * misc.c (pct_expando): %t means extension, not name ("jpg", not - "jpeg"). - - * keyserver.c (keyserver_spawn), photoid.c (show_photos), exec.h, - exec.c: Allow the caller to determine the temp file extension when - starting an exec_write and change all callers. - - * keyedit.c (sign_uids): Nonrevocable key signatures cause an - automatic promotion to v4. - - * exec.c: Provide stubs for exec_ functions when NO_EXEC is - defined. - -2002-05-02 David Shaw - - * photoid.h, photoid.c (parse_image_header, image_type_to_string): - Useful functions to return data about an image. - - * packet.h, parse-packet.c (make_attribute_uidname, - parse_attribute_subpkts, parse_attribute), photoid.h, photoid.c - (show_photos): Handle multiple images in a single attribute - packet. - - * main.h, misc.c (pct_expando), sign.c (mk_notation_and_policy), - photoid.c (show_photos): Simpler expando code that does not - require using compile-time string sizes. Call - image_type_to_string to get image strings (i.e. "jpg", - "image/jpeg"). Change all callers. - - * keyedit.c (menu_showphoto), keylist.c (list_keyblock_print): - Allow viewing multiple images within a single attribute packet. - - * gpgv.c: Various stubs for link happiness. - -2002-05-02 David Shaw - - * build-packet.c (build_sig_subpkt), keyedit.c (sign_uids), - options.h, sign.c (mk_notation_and_policy), g10.c (main, - add_notation_data, add_policy_url (new), check_policy_url - (removed)): Allow multiple policy URLs on a given signature. - Split "--notation-data" into "--cert-notation" and - "--sig-notation" so the user can set different policies for key - and data signing. For backwards compatibility, "--notation-data" - sets both, as before. - -2002-05-02 Werner Koch - - * options.skel: Removed the comment on trusted-keys because this - option is now deprecated. - -2002-05-01 David Shaw - - * keyedit.c (menu_adduid): 2440bis04 says that multiple attribute - packets on a given key are legal. - - * keyserver.c (keyserver_refresh): the fake v3 keyid hack applies - to "mailto" URLs as well since they are also served by pksd. - -2002-04-29 Werner Koch - - Added a copyright year for files changed this year. - -2002-04-25 Werner Koch - - * g10.c, options.h: New options --display, --ttyname, --ttytype, - --lc-ctype, --lc-messages to be used with future versions of the - gpg-agent. - * passphrase.c (agent_send_option,agent_send_all_options): New. - (agent_open): Send options to the agent. - - * trustdb.c (update_ownertrust, clear_ownertrust): Do an explicit - do_sync because revalidation_mark does it only if when the - timestamp actually changes. - -2002-04-23 David Shaw - - * main.h, keygen.c (do_generate_keypair), keylist.c - (print_signature_stats, list_all, list_one, list_keyblock, - list_keyblock_print, list_keyblock_colon): After generating a new - key, show the key information (name, keyid, fingerprint, etc.) - Also do not print uncheckable signatures (missing key..) in - --check-sigs. Print statistics (N missing keys, etc.) after - --check-sigs. - - * keyedit.c (sign_uids): When signing a key with an expiration - date on it, the "Do you want your signature to expire at the same - time?" question should default to YES. - -2002-04-22 David Shaw - - * parse-packet.c (parse_plaintext), packet.h, plaintext.c - (handle_plaintext): Fix bug in handling literal packets with - zero-length data (no data was being confused with partial body - length). - - * misc.c (pct_expando), options.skel: %t means extension ("jpg"). - %T means MIME type ("image/jpeg"). - - * import.c (import_one): Only trigger trust update if the keyring - is actually changed. - - * export.c (do_export_stream): Missing a m_free. - -2002-04-22 Stefan Bellon - - * keyid.c (expirestr_from_sk, expirestr_from_sig): Added _() to - string constant. - - * exec.c (make_tempdir) [__riscos__]: Better placement of - temporary file. - -2002-04-20 David Shaw - - * keygen.c (generate_subkeypair): 2440bis04 adds that creating - subkeys on v3 keys is a MUST NOT. - - * getkey.c (finish_lookup): The --pgp6 "use the primary key" - behavior should only apply while data signing and not encryption. - Noted by Roger Sondermann. - -2002-04-19 Werner Koch - - * keygen.c (keygen_set_std_prefs): Put back 3DES because the RFC - says it is good form to do so. - -2002-04-19 David Shaw - - * keyedit.c (menu_deluid): Only cause a trust update if we delete - a non-revoked user id. - - * hkp.c (hkp_ask_import), keyserver.c (parse_keyserver_options, - keyserver_spawn), options.h: Remove fast-import keyserver option - (no longer meaningful). - - * g10.c (main), keyedit.c (sign_uids), options.h: Change - --default-check-level to --default-cert-check-level as it makes - clear what it operates on. - - * g10.c (main): --pgp6 also implies --no-ask-sig-expire. - - * delkey.c (do_delete_key): Comment. - - * keyedit.c (sign_uids, keyedit_menu, menu_deluid, menu_delsig, - menu_expire, menu_revsig, menu_revkey): Only force a trustdb check - if we did something that changes it. - - * g10.c: add "--auto-check-trustdb" to override a - "--no-auto-check-trustdb" - -2002-04-19 Werner Koch - - * tdbio.c (tdbio_write_nextcheck): Return a status whether the - stamp was actually changed. - * trustdb.c (revalidation_mark): Sync the changes. Removed the - sync operation done by its callers. - (get_validity): Add logic for maintaining a pending_check flag. - (clear_ownertrust): New. - - * keyedit.c (sign_uids): Don't call revalidation_mark depending on - primary_pk. - (keyedit_menu): Call revalidation_mark after "trust". - (show_key_with_all_names): Print a warning on the wrong listed key - validity. - - * delkey.c (do_delete_key): Clear the owenertrust information when - deleting a public key. - -2002-04-18 Werner Koch - - * seskey.c (encode_md_value): Print an error message if a wrong - digest algorithm is used with DSA. Changed all callers to cope - with a NULL return. Problem noted by Imad R. Faiad. - -2002-04-18 David Shaw - - * trustdb.c (mark_usable_uid_certs): Properly handle nonrevocable - signatures that can expire. In short, the only thing that can - override an unexpired nonrevocable signature is another unexpired - nonrevocable signature. - - * getkey.c (finish_lookup): Always use primary signing key for - signatures when --pgp6 is on since pgp6 and 7 do not understand - signatures made by signing subkeys. - -2002-04-18 Werner Koch - - * trustdb.c (validate_keys): Never schedule a nextcheck into the - past. - (validate_key_list): New arg curtime use it to set next_expire. - (validate_one_keyblock): Take the current time from the caller. - (clear_validity, reset_unconnected_keys): New. - (validate_keys): Reset all unconnected keys. - - * getkey.c (premerge_public_with_secret): Fixed 0x12345678! syntax - for use with secret keys. - (lookup): Advance the searchmode after a search FIRST. - - * seckey-cert.c (do_check): Always calculate the old checksum for - use after unprotection. - - * g10.c, options.skel: New option --no-escape-from. Made - --escape-from and --force-v3-sigs the default and removed them - from the options skeleton. - -2002-04-16 Werner Koch - - * parse-packet.c (parse_key): Support a SHA1 checksum as per - draft-rfc2440-bis04. - * packet.h (PKT_secret_key): Add field sha1chk. - * seckey-cert.c (do_check): Check the SHA1 checksum - (protect_secret_key): And create it. - * build-packet.c (do_secret_key): Mark it as sha-1 protected. - * g10.c, options.h: New option --simple-sk-checksum. - -2002-04-13 David Shaw - - * parse-packet.c (parse_signature): Minor fix - signatures should - expire at their expiration time and not one second later. - - * keygen.c (proc_parameter_file): Allow specifying preferences - string (i.e. "s5 s2 z1 z2", etc) in a batchmode key generation - file. - - * keyedit.c (keyedit_menu): Print standard error message when - signing a revoked key (no new translation). - - * getkey.c (merge_selfsigs): Get the default set of key prefs from - the real (not attribute) primary uid. - -2002-04-12 David Shaw - - * pkclist.c (build_pk_list): Fix bug that allowed a key to be - selected twice in batch mode if one instance was the default - recipient and the other was an encrypt-to. Noted by Stefan - Bellon. - - * parse-packet.c (dump_sig_subpkt): Show data in trust and regexp - sig subpackets. - - * keyedit.c (keyedit_menu): Use new function real_uids_left to - prevent deleting the last real (i.e. non-attribute) uid. Again, - according to the attribute draft. (menu_showphoto): Make another - string translatable. - -2002-04-11 David Shaw - - * build-packet.c (build_sig_subpkt): Delete subpackets from both - hashed and unhashed area on update. (find_subpkt): No longer - needed. - - * keyedit.c (sign_uids): With --pgp2 on, refuse to sign a v3 key - with a v4 signature. As usual, --expert overrides. Try to tweak - some strings to a closer match so they can all be translated in - one place. Use different helptext keys to allow different help - text for different questions. - - * keygen.c (keygen_upd_std_prefs): Remove preferences from both - hashed and unhashed areas if they are not going to be used. - -2002-04-10 David Shaw - - * misc.c (pct_expando), options.skel: Use %t to indicate type of a - photo ID (in this version, it's always "jpeg"). Also tweak string - expansion loop to minimize reallocs. - - * mainproc.c (do_check_sig): Variable type fix. - - * keyedit.c (menu_set_primary_uid): Differentiate between true - user IDs and attribute user IDs when making one of them primary. - That is, if we are making a user ID primary, we alter user IDs. - If we are making an attribute packet primary, we alter attribute - packets. This matches the language in the latest attribute packet - draft. - - * keyedit.c (sign_uids): No need for the empty string hack. - - * getkey.c (fixup_uidnode): Only accept preferences from the - hashed segment of the self-sig. - -2002-04-10 Werner Koch - - * tdbio.c (migrate_from_v2): Fixed the offset to read the old - ownertrust value and only add entries to the table if we really - have a value. - -2002-04-08 David Shaw - - * status.h, status.c (get_status_string): Add KEYEXPIRED, EXPSIG, - and EXPKEYSIG. Add "deprecated-use-keyexpired-instead" to - SIGEXPIRED. - - * sig-check.c (do_check): Start transition from SIGEXPIRED to - KEYEXPIRED, since the actual event is signature verification by an - expired key and not an expired signature. (do_signature_check, - packet.h): Rename as signature_check2, make public, and change all - callers. - - * mainproc.c (check_sig_and_print, do_check_sig): Use status - EXPSIG for an expired, but good, signature. Add the expiration - time (or 0) to the VALIDSIG status line. Use status KEYEXPSIG for - a good signature from an expired key. - - * g10.c (main): remove checks for no arguments now that argparse - does it. - -2002-04-06 Werner Koch - - * keyring.c (keyring_get_keyblock): Disable the keylist mode here. - - * encode.c (encode_simple, encode_crypt): Only test on compressed - files if a compress level was not explicity set. - - * keygen.c (keygen_set_std_prefs): Removed Blowfish and Twofish - from the list of default preferences, swapped the preferences of - RMD160 and SHA1. Don't include a preference to 3DES unless the - IDEA kludge gets used. - - * free-packet.c (free_packet): call free_encrypted also for - PKT_ENCRYPTED_MDC. - - * compress.c (release_context): New. - (handle_compressed): Allocate the context and setup a closure to - release the context. This is required because there is no - guarantee that the filter gets popped from the chain at the end - of the function. Problem noted by Timo and probably also the - cause for a couple of other reports. - (compress_filter): Use the release function if set. - - * tdbio.c [__CYGWIN32__]: Don't rename ftruncate. Noted by - Disastry. - - * parse-packet.c (parse_signature): Put parens around a bit test. - - * exec.c (make_tempdir): Double backslash for TMP directory - creation under Windows. Better strlen the DIRSEP_S constants for - allocation measurements. - - * decrypt.c (decrypt_messages): Release the passphrase aquired - by get_last_passphrase. - -2002-04-02 Werner Koch - - * Makefile.am (EXTRA_DIST): Removed OPTIONS an pubring.asc - they - are no longer of any use. - -2002-04-03 David Shaw - - * keyserver.c (parse_keyserver_options): fix auto-key-retrieve to - actually work as a keyserver-option (noted by Roger Sondermann). - - * keylist.c (reorder_keyblock): do not reorder the primary - attribute packet - the first user ID must be a genuine one. - -2002-03-31 David Shaw - - * keylist.c (list_keyblock_colon): Fix ownertrust display with - --with-colons. - - * keygen.c (generate_user_id), photoid.c (generate_photo_id): - Properly initialize the user ID refcount. A few more "y/n" -> - "y/N" in photoid.c. - - * keyedit.c (ask_revoke_sig): Warn the user if they are about to - revoke an expired sig (not a problem, but they should know). Also - tweak a few prompts to change "y/n" to "y/N", which is how most - other prompts are written. - - * keyserver.c (keyserver_search_prompt): Control-d escapes the - keyserver search prompt. - - * pkclist.c (show_revocation_reason & callers): If a subkey is - considered revoked solely because the parent key is revoked, print - the revocation reason from the parent key. - - * trustdb.c (get_validity): Allow revocation/expiration to apply - to a uid/key with no entry in the trustdb. - -2002-03-29 David Shaw - - * keyserver.c (printunquoted): unquote backslashes from keyserver - searches - - * hkp.c (write_quoted): quote backslashes from keyserver searches - -2002-03-26 Werner Koch - - * keygen.c (ask_keysize): Removed the warning for key sizes > 1536. - -2002-03-25 Werner Koch - - * keyedit.c (sign_uids): Use 2 strings and not a %s so that - translations can be done the right way. - * helptext.c: Fixed small typo. - -2002-03-23 David Shaw - - * import.c (append_uid, merge_sigs): it is okay to import - completely non-signed uids now (with --allow-non-selfsigned-uid). - - * getkey.c (get_primary_uid, merge_selfsigs_main): do not choose - an attribute packet (i.e. photo) as primary uid. This prevents - oddities like "Good signature from [image of size 2671]". This is - still not perfect (one can still select an attribute packet as - primary in --edit), but is closer to the way the draft is going. - - * g10.c (build_list): algorithms should include 110. - - * g10.c (main): --pgp2 implies --no-ask-sig-expire and - --no-ask-cert-expire as those would cause a v4 sig/cert. - - * armor.c (is_armor_header): be more lenient in what constitutes a - valid armor header (i.e. -----BEGIN blah blah-----) as some - Windows programs seem to add spaces at the end. --openpgp makes - it strict again. - -2002-03-18 David Shaw - - * keyserver.c (keyserver_search_prompt): Properly handle a "no - keys found" case from the internal HKP code (external HKP is ok). - Also, make a COUNT -1 (i.e. streamed) keyserver response a little - more efficient. - - * g10.c (main): Add --no-allow-non-selfsigned-uid - -2002-03-17 David Shaw - - * g10.c (main): --openpgp implies --allow-non-selfsigned-uid. - - * getkey.c (merge_selfsigs_main): If none of the uids are primary - (because none are valid) then pick the first to be primary (but - still invalid). This is for cosmetics in case some display needs - to print a user ID from a non-selfsigned key. Also use - --allow-non-selfsigned-uid to make such a key valid and not - --always-trust. The key is *not* automatically trusted via - --allow-non-selfsigned-uid. - - * mainproc.c (check_sig_and_print): Make sure non-selfsigned uids - print [uncertain] on verification even though one is primary now. - - * getkey.c (merge_selfsigs): If the main key is not valid, then - neither are the subkeys. - - * import.c (import_one): Allow --allow-non-selfsigned-uid to work - on completely unsigned keys. Print the uids in UTF8. Remove - mark_non_selfsigned_uids_valid(). - - * keyedit.c (show_key_with_all_names): Show revocation key as - UTF8. - - * sign.c (clearsign_file): Allow --not-dash-escaped to work with - v3 keys. - -2002-03-14 Werner Koch - - * main.h: Changed the default algorithms to CAST5 and SHA1. - -2002-03-13 David Shaw - - * import.c (chk_self_sigs): Show which user ID a bad self-sig - (invald sig or unsupported public key algorithm) resides on. - - * import.c (chk_self_sigs): any valid self-sig should mark a user - ID or subkey as valid - otherwise, an attacker could DoS the user - by inventing a bogus invalid self-signature. - -2002-03-07 David Shaw - - * g10.c (main): make a few more strings translatable. - - * options.h, options.skel, g10.c (main), gpgv.c, mainproc.c - (check_sig_and_print), keyserver.c (parse_keyserver_options): - --auto-key-retrieve should really be a keyserver-option variable. - - * import.c (revocation_present): new function to print a warning - if a key is imported that has been revoked by designated revoker, - but the designated revoker is not present to verify the - revocation. If keyserver-options auto-key-retrieve is set, try - and fetch the designated revoker from the keyserver. - - * import.c (import_one): call revocation_present after importing a - new key. Note that this applies to --import, --recv-keys, and - --search-keys. - - * keyserver-internal.h, keyserver.c (keyserver_import_fprint): - import via fingerprint (for revocation keys). - - * keyserver.c (keyserver_import_keyid): much simpler - implementation now that we're using KEYDB_SEARCH_DESC internally. - -2002-03-04 David Shaw - - * revoke.c (gen_revoke): do not prompt for revocation reason for - v3 revocations (unless force-v4-certs is on) since they wouldn't - be used anyway. - - * keyedit.c (menu_revsig): show the status of the sigs - (exportable? revocable?) to the user before prompting for which - sig to revoke. Also, make sure that local signatures get local - revocations. - - * keyedit.c (ask_revoke_sig): remind the user which sigs are - local. - - * g10.c (main): Add "exec-path" variable to override PATH for - execing programs. - - * export.c (do_export_stream): properly check return code from - classify_user_id to catch unclassifiable keys. - -2002-03-03 David Shaw - - * parse-packet.c (parse_signature): variable type tweak for RISC - OS (from Stefan) - -2002-02-28 David Shaw - - * getkey.c (check_revocation_keys): New function to check a - revocation against a list of potential revocation keys. Note the - loop-breaking code here. This is to prevent blowing up if A is - B's revocation key, while B is also A's. Note also that this is - written so that a revoked revoker can still issue revocations: - i.e. If A revokes B, but A is revoked, B is still revoked. I'm - not completely convinced this is the proper behavior, but it - matches how PGP does it. It does at least have the advantage of - much simpler code - my first version of this had lots of loop - maintaining code so you could chain revokers many levels deep and - if D was revoked, C was not, which meant that B was, and so on. - It was sort of scary, actually. - - * getkey.c (merge_selfsigs_main): Add any revocation keys onto the - pk. This is particularly interesting since we normally only get - data from the most recent 1F signature, but you need multiple 1F - sigs to properly handle revocation keys (PGP does it this way, and - a revocation key could be marked "sensitive" and hence in a - different signature). Also, if a pk has a revocation key set, - check for revocation sigs that were not made by us - if made by a - valid revocation key, mark the pk revoked. - - * packet.h, getkey.c (cache_public_key): do not cache key if - "dont_cache" is set. This allows the revocation key code to look - up a key and return information that may be inaccurate to prevent - loops without caching the fake data. - - * packet.h, sig-check.c (do_signature_check): Record if a - signature was made by a revoked pk. - - * packet.h, parse-packet.c (parse_one_sig_subpkt, - can_handle_critical, parse_signature): Get revocation key - information out of direct sigs. - - * keylist.c (list_keyblock_print): don't assume that the presence - of a 0x20 signature means the key is revoked. With revocation - keys, this may not be true if the revocation key is not around to - verify it or if verification failed. Also, 0x1F should get listed - as "sig", and not "unexpected signature class". - - * keyedit.c (show_key_with_all_names): Add a flag for printing - revoker information and change all callers. - - * import.c (merge_blocks): merge in any new direct key (0x1F) - sigs. - - * import.c (import_revoke_cert): don't keep processing after a - revocation is rejected. - - * import.c (delete_inv_parts): Allow importing a revocation - signature even if it was not issued by the key. This allows a - revocation key to issue it. Of course, the sig still needs to be - checked before we trust it. - - * free-packet.c (copy_public_key): Include a new copy of the - revocation keys when duping a pk. - - * free-packet.c (free_seckey_enc, release_public_key_parts): Free - any revocation keys that are attached to a sig or pk. - - * export.c (do_export_stream): Do not export signatures with - "sensitive" revocation keys in them. - -2002-02-27 David Shaw - - * export.c (do_export_stream): Do not include v3 keys in a - --export-secret-subkeys export. - - * getkey.c (merge_selfsigs_main): If a key isn't valid (say, - because of no self-signature), allow --always-trust to force it - valid so it can be trusted. - -2002-02-25 David Shaw - - * hkp.c (hkp_ask_import), hkp.h, keyserver.c (all): treat key - lists internally as fingerprints when possible. All this is via - KEYDB_SEARCH_DESC - no point in reinventing the wheel. This allows - the helper program to search the keyserver by fingerprint if - desired (and the keyserver supports it). Note that automatic - fingerprint promotion during refresh only applies to v4 keys as a - v4 fingerprint can be easily changed into a long or short key id, - and a v3 cannot. - - * pubkey-enc.c, getkey.c, misc.c, main.h: Take two copies of - hextobyte() from pubkey-enc.c and getkey.c and make them into one - copy in misc.c. - -2002-02-22 David Shaw - - * keyserver.c (keyserver_search_prompt): Detect a "no keys found" - case even if the helper program does not explicitly say how many - keys were found. - - * hkp.c (parse_hkp_index): Bug fix - don't report non-revoked keys - as revoked in HKP key searches. - -2002-02-19 Werner Koch - - * parse-packet.c (parse_trust): Made parsing more robust. - -2002-02-19 David Shaw - - * hkp.c (parse_hkp_index): Catch corruption in HKP index lines - (can be caused by broken or malicious keyservers). - - * keyserver.c (keyserver_work): Add KEYSERVER_NOT_SUPPORTED for - unsupported actions (say, a keyserver that has no way to search, - or a readonly keyserver that has no way to add). Also add a - USE_EXTERNAL_HKP define to disable the internal HKP keyserver - code. - -2002-02-14 Werner Koch - - * g10.c: New option --no-use-agent. - - * pkclist.c (check_signatures_trust): Always print the warning for - unknown and undefined trust. Removed the did_add cruft. Reported - by Janusz A. Urbanowicz. - -2002-02-11 David Shaw - - * hkp.c (parse_hkp_index): Bug fix - properly handle user IDs with - colons (":") in them while HKP searching. - -2002-02-09 David Shaw - - * misc.c (pct_expando): More comments. - - * keydb.h, sign.c (mk_notation_and_policy): Clarify what is a sig - and what is a cert. A sig has sigclass 0x00, 0x01, 0x02, or 0x40, - and everything else is a cert. - - * g10.c (main), keyedit.c (keyedit_menu): Add a "nrlsign" for - nonrevocable and local key signatures. - - * g10.c (main): Add a --no-force-mdc to undo --force-mdc. - - * options.h, g10.c (main), cipher.c (write_header): Add a knob to - --disable-mdc/--no-disable-mdc. Off by default, of course, but is - used in --pgp2 and --pgp6 modes. - - * pkclist.c (build_pk_list): Allow specifying multiple users in - the "Enter the user ID" loop. Enter a blank line to stop. Show - each key+id as it is added. - - * keylist.c (show_policy_url), mainproc.c (print_notation_data): - It is not illegal (though possibly silly) to have multiple policy - URLs in a given signature, so print all that are present. - - * hkp.c (hkp_search): More efficient implementation of URL-ifying - code. - -2002-02-04 David Shaw - - * main.h, misc.c (pct_expando): New function to generalize - %-expando processing in any arbitrary string. - - * photoid.c (show_photo): Call the new pct_expando function rather - than expand strings internally. - - * sign.c (mk_notation_and_policy): Show policy URLs and notations - when making a signature if show-policy/show-notation is on. - %-expand policy URLs during generation. This lets the user have - policy URLs of the form "http://notary.jabberwocky.com/keysign/%K" - which will generate a per-signature policy URL. - - * main.h, keylist.c (show_policy_url, show_notation): Add amount - to indent so the same function can be used in key listings as well - as during sig generation. Change all callers. - -2002-02-04 David Shaw - - * keyserver.c, options.h (parse_keyserver_options, keyidlist): - Workaround for the pksd and OKS keyserver bug that calculates v4 - RSA keyids as if they were v3. The workaround/hack is to fetch - both the v4 (e.g. 99242560) and v3 (e.g. 68FDDBC7) keyids. This - only happens for key refresh while using the HKP scheme and the - refresh-add-fake-v3-keyids keyserver option must be set. This - should stay off by default. - -2002-02-03 David Shaw - - * keyserver.c (keyserver_spawn): Bug fix - do not append keys to - each other when --sending more than one. - -2002-02-02 David Shaw - - * options.h, g10.c (main), keyedit.c (sign_uids), sign.c - (mk_notation_and_policy): Split "--set-policy-url" into - "--cert-policy-url" and "--sig-policy-url" so the user can set - different policies for key and data signing. For backwards - compatibility, "--set-policy-url" sets both, as before. - -2002-01-30 Werner Koch - - * g10.c (main): --gen-random --armor does now output a base64 - encoded string. - -2002-01-28 David Shaw - - * g10.c (main), options.h, pkclist.c (algo_available): --pgp6 - flag. This is not nearly as involved as --pgp2. In short, it - turns off force_mdc, turns on no_comment, escape_from, and - force_v3_sigs, and sets compression to 1. It also restricts the - user to IDEA (if present), 3DES, CAST5, MD5, SHA1, and RIPEMD160. - See the comments above algo_available() for lots of discussion on - why you would want to do this. - -2002-01-27 David Shaw - - * keygen.c (keygen_set_std_prefs): Comment - - * keyedit.c (sign_uids): Bug fix - when signing with multiple - secret keys at the same time, make sure each key gets the sigclass - prompt. - - * exec.c (exec_finish): Close the iobuf and FILE before trying to - waitpid, so the remote process will get a SIGPIPE and exit. This - is only a factor when using a pipe to communicate. - - * exec.c (exec_write): Disable cache-on-close of the fd iobuf (is - this right? Why is a fd iobuf cached at all?) - -2002-01-26 Werner Koch - - * g10.c, options.h: New option --gpg-agent-info - * passphrase.c (agent_open): Let it override the environment info. - * seckey-cert.c (check_secret_key): Always try 3 times when the - agent is enabled. - * options.skel: Describe --use-agent. - -2002-01-24 David Shaw - - * pubkey-enc.c (is_algo_in_prefs, get_it): Only check preferences - against keys with v4 self sigs - there is really little point in - warning for every single non-IDEA message encrypted to an old key. - - * pkclist.c (select_algo_from_prefs): Only put in the fake IDEA - preference if --pgp2 is on. - - * mainproc.c (check_sig_and_print): Print "Expired" for expired - but good signatures (this still prints "BAD" for expired but bad - signatures). - -2002-01-23 David Shaw - - * keygen.c (ask_keysize): Cosmetic: don't present a RSA signing - key as a "keypair" which can be 768 bits long (as RSA minimum is - 1024). - - * pubkey-enc.c (is_algo_in_prefs): Allow IDEA as a fake preference - for v3 keys with v3 selfsigs. - -2002-01-22 David Shaw - - * packet.h, getkey.c (merge_selfsigs_main), pkclist.c - (select_algo_from_prefs): Implement the fake IDEA preference as - per RFC2440:12.1. This doesn't mean that IDEA will be used (the - plugin may not be present), but it does mean that a v3 key with a - v3 selfsig has an implicit IDEA preference instead of 3DES. v3 - keys with v4 selfsigs use preferences as normal. - - * encode.c (encode_crypt): if select_algo_from_prefs fails, this - means that we could not find a cipher that both keys like. Since - all v4 keys have an implicit 3DES preference, this means there is - a v3 key with a v3 selfsig in the list. Use 3DES in this case as - it is the safest option (we know the v4 key can handle it, and - we'll just hope the v3 key is being used in an implementation that - can handle it). If --pgp2 is on, warn the user what we're doing - since it'll probably break PGP2 compatibility. - - * g10.c (main): Do not force using IDEA for encrypted files in - --pgp2 mode - let the fake IDEA preference choose this for us for - better compatibility when encrypting to multiple keys, only some - of which are v3. - - * keygen.c (keygen_set_std_prefs): Put 3DES on the end of the - default cipher pref list (RFC2440: "...it is good form to place it - there explicitly."). If the user has the IDEA plugin installed, - put a preference for IDEA *after* 3DES to effectively disable its - use for everything except encrypting along with v3 keys. - - * encode.c, g10.c, sign.c: Change the PGP2 warning line from - "... will not be usable ..." to "... may not be usable ..." as the - user could be using one of the enhanced PGP2 variations. - - * helptext.c: Revise the sign_uid.class help text as suggested by - Stefan. - -2002-01-20 Werner Koch - - * passphrase.c (passphrase_to_dek): Add tryagain_text arg to be - used with the agent. Changed all callers. - (agent_get_passphrase): Likewise and send it to the agent - * seckey-cert.c (do_check): New arg tryagain_text. - (check_secret_key): Pass the string to do_check. - * keygen.c (ask_passphrase): Set the error text is required. - * keyedit.c (change_passphrase): Ditto. - - * passphrase.c (agent_open): Disable opt.use_agent in case of a - problem with the agent. - (agent_get_passphrase): Ditto. - (passphrase_clear_cache): Ditto. - -2002-01-19 Werner Koch - - * passphrase.c (agent_open): Add support for the new Assuan based - gpg-agent. New arg to return the used protocol version. - (agent_get_passphrase): Implemented new protocol here. - (passphrase_clear_cache): Ditto. - (readline): New. - -2002-01-15 Timo Schulz - - * encode.c (encode_crypt_files): Fail if --output is used. - - * g10.c: New command --decrypt-files. - - * decrypt.c (decrypt_messages): New. - -2002-01-09 David Shaw - - * g10.c, misc.c, gpgv.c: move idea_cipher_warn to misc.c so gpgv.c - doesn't need a stub for it any longer. - - * g10.c (get_temp_dir), main.h: no longer used (it's in exec.c now) - - * g10.c (main), delkey.c (delete_keys), main.h : Allow - --delete-key (now --delete-keys, though --delete-key still works, - of course) to delete multiple keys in one go. This applies to - --delete-secret-key(s) and --delete-secret-and-public-key(s) as - well. - -2002-01-09 Timo Schulz - - * encode.c (encode_crypt_files): Now it behaves like verify_files. - - * g10.c (main): We don't need to check argc for encode_crypt_files - any longer. - -2002-01-09 Timo Schulz - - * exec.c: Include windows.h for dosish systems. - -2002-01-08 Timo Schulz - - * g10.c (main): New description for --encrypt-files. - -2002-01-08 Werner Koch - - * g10.c (main): Must register the secring for encryption because - it is needed to figure out the default recipient. Reported by - Roger Sondermann. - -2002-01-05 David Shaw - - * keyedit.c (menu_adduid): Require --expert before adding a photo - ID to a v3 key, and before adding a second photo ID to any key. - - * keyedit.c (keyedit_menu): Don't allow adding photo IDs in - rfc1991 or pgp2 mode. - - * getkey.c (merge_selfsigs_subkey): Permit v3 subkeys. Believe it - or not, this is allowed by rfc 2440, and both PGP 6 and PGP 7 work - fine with them. - - * g10.c, options.h, keyedit.c, sign.c: Move the "ask for - expiration" switch off of --expert, which was getting quite - overloaded, and onto ask-sig-expire and ask-cert-expire. Both - default to off. - - * g10.c (main): Change the default compression algo to 1, to be - more OpenPGP compliant (PGP also uses this, so it'll help with - interoperability problems as well). - - * encode.c (encode_crypt): Handle compression algo 2, since the - default is now 1. - - * build-packet.c (build_attribute_subpkt): Fix off-by-one error. - -2002-01-05 Werner Koch - - * g10.c (main): Do not register the secret keyrings for certain - commands. - - * keydb.c (keydb_add_resource): Use access to test for keyring - existence. This avoids cached opened files which are bad under - RISC OS. - -2002-01-04 David Shaw - - * sign.c (sign_file, sign_symencrypt_file): always use one-pass - packets unless rfc1991 is enabled. This allows a signature made - with a v3 key to work in PGP 6 and 7. Signatures made with v4 - keys are unchanged. - - * g10.c (main): Disallow non-detached signatures in PGP2 mode. - Move the "you must use files and not pipes" PGP2 warning up so all - the PGP2 stuff is together. - - * encode.c (encode_simple): Use the actual filesize instead of - partial length packets in the internal literal packet from a - symmetric message. This breaks PGP5(?), but fixes PGP2, 6, and 7. - It's a decent tradeoff. Note there was only an issue with - old-style RFC1991 symmetric messages. 2440-style messages in 6 - and 7 work with or without partial length packets. - -2002-01-03 David Shaw - - * g10.c (main): Removed --no-default-check-level option, as it is - not consistent with other "default" options. Plus, it is the same - as saying --default-check-level 0. - - * exec.c (exec_read): Disallow caching tempfile from child - process, as this keeps the file handle open and can cause unlink - problems on some platforms. - - * keyserver.c (keyserver_search_prompt): Minor tweak - don't - bother to transform keyids into textual form if they're just going - to be transformed back to numbers. - -2002-01-03 Timo Schulz - - * g10.c: New command --encrypt-files. - - * verify.c (print_file_status): Removed the static because - encode_crypt_files also uses this function. - - * main.h (print_files_status): New. - (encode_crypt_files): New. - - * encode.c (encode_crypt_files): New. - -2002-01-02 Stefan Bellon - - * keyserver.c: Moved util.h include down in order to avoid - redefinition problems on RISC OS. - - * keyring.c (keyring_lock): Only lock keyrings that are writable. - - * keyring.c (keyring_update_keyblock): Close unused iobuf. - - * hkp.c (parse_hkp_index, hkp_search) [__riscos__]: Changed - unsigned char* to char* because of compiler issues. - - * exec.c (exec_finish) [__riscos__]: Invalidate close cache so - that file can be unlinked. - -2001-12-28 David Shaw - - * g10.c (main): Use a different strlist to check extensions since - they need to be handled seperately now. - - * misc.c,main.h (check_permissions): Properly handle permission - and ownership checks on files in the lib directory - (e.g. /usr/local/lib/gnupg), which are owned by root and are - world-readable, and change all callers to specify extension or - per-user file. - - * photoid.c (show_photo), keyserver.c (keyserver_spawn): Bug fix - - don't call exec_finish if exec_write fails. - - * keyserver.c (keyserver_spawn): Look for OPTIONS from the - keyserver helper - specifically, a "OUTOFBAND" option for the - email keyserver. - - * mainproc.c (list_node), keylist.c (list_keyblock_colon), - import.c (delete_inv_parts), export.c (do_export_stream): Use - signature flags for exportability check rather than re-parsing the - subpacket. - - * keyid.c, keydb.h (get_lsign_letter): No longer needed. - -2001-12-27 David Shaw - - * exec.c (exec_finish): Show errors when temp files cannot be - deleted for whatever reason. - - * exec.c (exec_read): Don't rely on WEXITSTATUS being present. - - * exec.c (make_tempdir): Add temp file creator for win32. Don't - create an incoming temp file if the exec is write-only. - - * keyserver.c (keyserver_spawn): Clean up error handling, for when - the spawn fails. - - * photoid.c (show_photo): Clean up error handling. - - * misc.c (check_permissions): Neaten. - -2001-12-25 David Shaw - - * mkdtemp.c (mkdtemp): Add copyleft info and tweak the 'X' counter - to be a bit simpler. - - * keyserver.c, photoid.c: Remove unused headers left over from - when the exec functions lived there. - -2001-12-23 Timo Schulz - - * misc.c (check_permissions): Do not use it for W32 systems. - - * tdbio.c (migrate_from_v2): Define ftruncate as chsize() for W32. - - * mkdtemp.c: W32 support. - - * photoid.c: Ditto. - - * exec.c: Ditto. - -2001-12-22 David Shaw - - * exec.c (make_tempdir): avoid compiler warning with const - - * mkdtemp.c (mkdtemp): catch the empty ("") string case in case - someone repurposes mkdtemp at some point. - - * photoid.c (generate_photo_id, show_photo): some type changes - from Stefan Bellon. - - * exec.c (make_tempdir): handle Win32 systems, suggested by Timo - Schulz. - -2001-12-22 Werner Koch - - * encode.c (encode_simple, encode_crypt): i18n 2 strings. - -2001-12-22 Timo Schulz - - * encode.c (encode_simple, encode_crypt): Use is_file_compressed - to avoid to compress compressed files. - -2001-12-22 Werner Koch - - * keyserver.c (keyserver_spawn): Removed some variables - declaration due to shadowing warnings. - - * build-packet.c (build_attribute_subpkt): s/index/idx/ to avoid - compiler warnig due to index(3). - - * getkey.c (get_ctx_handle): Use KEYDB_HANDLE as return value. - * keylist.c (list_one): Made resname const. - - * keyedit.c (keyedit_menu): Allow "addphoto" only when --openpgp is - not used. - - * options.skel: Changed one example photo viewer to qiv. - -2001-12-21 David Shaw - - * Makefile.am: add exec.c, exec.h, photoid.c, and photoid.h - - * build-packet.c (build_attribute_subpkt): new function to build - the raw attribute subpacket. Note that attribute subpackets have - the same format as signature subpackets. - - * exec.c: new file with generic exec-a-program functionality. - Used by both photo IDs and keyserver helpers. This is pretty much - the same code that used to be keyserver specific, with some - changes to be usable generically. - - * free-packet.c (free_attributes (new)): function to free an - attribute packet. - - * gpgv.c: added stub show_photo - - * keyedit.c (keyedit_menu, menu_adduid, menu_showphoto): can add a - photo (calls generate_photo_id), or display a photo (calls - show_photo) from the --edit menu. New commands are "addphoto", - and "delphoto" (same as "deluid"). - - * keylist.c (list_keyblock_print): show photos during key list if - --show-photos enabled. - - * keyserver.c (keyserver_spawn): use the generic exec_xxx - functions to call keyserver helper. - - * g10.c, options.h: three new options - --{no-}show-photos, and - --photo-viewer to give the command line to display a picture. - - * options.skel: instructions for the photo viewer - - * parse-packet.c (parse_user_id, setup_user_id (new)): common code - for both user IDs and attribute IDs moved to setup_user_id. - - * parse-packet.c (make_attribute_uidname (new)): constructs a fake - "name" for attribute packets (e.g. "[image of size ...]") - - * parse-packet.c (parse_attribute (replaces parse_photo_id), - parse_attribute_subpkts): Builds an array of individual - attributes. Currently only handles attribute image / type jpeg - subpackets. - - * sign.c (hash_uid): Fix bug in signing attribute (formerly - photo_id) packets. - - * packet.h, and callers: globally change "photo_id" to "attribute" - and add structures for attributes. The packet format is generic - attributes, even though the only attribute type thus far defined - is jpeg. - -2001-12-21 David Shaw - - * parse-packet.c (can_handle_critical): Can handle critical - revocation subpackets now. - - * trustdb.c (mark_usable_uid_certs): Disregard revocations for - nonrevocable sigs. Note that this allows a newer revocable - signature to override an older nonrevocable signature. - - * sign.c (make_keysig_packet): add a duration field and change all - callers. This makes make_keysig_packet closer to - write_signature_packets and removes some duplicated expiration - code. - - * keyedit.c (keyedit_menu, menu_revsig, sign_uids, - sign_mk_attrib): Add nrsign command, don't allow revoking a - nonrevocable signature, - - * g10.c (main): Add --nrsign option to nonrevocably sign a key - from the command line. - - * build-packet.c (build_sig_subpkt_from_sig): Comment to explain - the use of CRITICAL. - -2001-12-21 Werner Koch - - * g10.c. options.h : New option --show-keyring - * getkey.c (get_ctx_handle): New. - * keylist.c (list_one): Implement option here. By David Champion. - -2001-12-20 David Shaw - - * keyserver.c (keyserver_spawn): Use mkdtemp() to make temp - directory. - - * mkdtemp.c: replacement function for those platforms that don't - have mkdtemp (make a temp directory securely). - -2001-12-19 David Shaw - - * misc.c (check_permissions): New function to stat() and ensure - the permissions of GNUPGHOME and the files have safe permissions. - - * keydb.c (keydb_add_resource): Check keyring permissions. - - * tdbio.c (tdbio_set_dbname): Check permissions of trustdb.gpg - - * keyserver.c (keyserver_spawn): Disable keyserver schemes that - involve running external programs if the options file has unsafe - permissions or ownership. - - * g10.c, options.h: New option --no-permission-warning to disable - the permission warning message(s). This also permits use of the - keyserver if it had been disabled (see above). Also check the - permissions/ownership of random_seed. - - * keyserver.c (keyserver_spawn): The new glibc prints a warning - when using mktemp() (the code was already secure, but the warning - was bound to cause confusion). Use a different implementation - based on get_random_bits() instead. Also try a few times to get - the temp dir before giving up. - -2001-12-19 Werner Koch - - * g10.c, passphrase.c [CYGWIN32]: Allow this as an alias for MINGW32. - -2001-12-18 David Shaw - - * g10.c (idea_cipher_warn): Add a flag to show the warning always - or once per session and change all callers (show always except for - the secret key protection and unknown cipher from an encrypted - message errors). Also make the strings translatable. - - * pubkey-enc.c (get_it): Add the IDEA cipher warning if the user - tries to decrypt an IDEA encrypted message without the IDEA - plugin. - - * keyserver.c (parse_keyserver_uri): More strict checking of the - keyserver URI. Specifically, fail if the ":port" section is - anything except a number between 1 and 65535. - -2001-12-17 David Shaw - - * keyserver.c (print_keyinfo): No need to check for - control/illegal characters, as utf8_to_native does this for us. - - * mainproc.c (proc_encrypted): Use generic IDEA warning. - - * gpgv.c: add stub for idea_cipher_warn - - * g10.c, hkp.c, keyserver.c: Fix capitalization and plural issues. - - * encode.c (encode_crypt), sign.c (sign_file, clearsign_file): - disable pgp2 mode after the message is no longer pgp2 compatible. - - * g10.c (main): Tweak the PGP2.x IDEA warning to use the generic - warning, and not merely fail if the IDEA plugin isn't there. - - * g10.c (main, idea_cipher_warn), keygen.c (set_one_pref), - seckey-cert.c (do_check): Add a generic IDEA warning for when the - IDEA plugin is not present. This pops up when the user uses - "--cipher-algo idea", when setpref is used to set a "S1" - preference, and when a secret key protected with IDEA is used. - -2001-12-15 Werner Koch - - * keyserver.c (keyserver_spawn): Assert that we have dropped privs. - -2001-12-13 Werner Koch - - * pubkey-enc.c (get_session_key): Check that the public key - algorithm is indeed usable for en/decryption. This avoid a - strange error message from pubkey_decrypt if for some reasons a - bad algorithm indentifier is passed. - -2001-12-12 David Shaw - - * Fixed some types for portability. Noted by Stefan Bellon. - -2001-12-11 Werner Koch - - * hkp.c (hkp_export): Do not print possible control characters - from a keyserver response. - (parse_hkp_index): Made uid an unsigned char* because it is passed to - isspace(). - (hkp_search): Ditto for the char* vars. - - * g10.c (main): Print the IDEA warning also for -c and -se. - - * g10.c (get_temp_dir): Assert that we have dropped privs - - * encode.c (encode_crypt): Include the first key into the --pgp2 - check. - -2001-12-07 David Shaw - - * g10.c, options.h: New option --pgp2. This is identical to - "--rfc1991 --cipher-algo idea --compress-algo 1 --digest-algo md5 - --force_v3_sigs" with the addition of an warning to advise the - user not to use a pipe (which would break pgp2 compatibility). - - * encode.c (encode_crypt): warn if the user tries to encrypt to - any key that is not RSA and <= 2048 bits when the --pgp2 option is - used. - - * sign.c (sign_file, clearsign_file): When using --pgp2, make a v3 - sig, and warn if the signature is made with a non-v3 key. - -2001-12-05 David Shaw - - * sign.c (sign_file, clearsign_file, sign_symencrypt_file): Prompt - for sig expiration if --expert is set and --force-v3-sigs is not - set (v3 sigs cannot expire). - - * mainproc.c (check_sig_and_print): After checking a sig, print - expiration status. This causes a error return if the sig is - expired. - - * build-packet.c (build_sig_subpkt_from_sig): Include a critical - sig expiration subpacket if the sig is to expire. - - * keyedit.c (sign_uids): Do not sign an expired key unless - --expert is set, in which case prompt. Also, offer to expire a - signature when the key the user is signing expires. - - * keygen.c (ask_expire_interval): Add a value to determine whether - to prompt for a key or sig expiration and change all callers. - - * keyid.c: New functions: expirestr_from_sig and - colon_expirestr_from_sig. - - * keylist.c (list_keyblock_colon): Show sig expiration date in the - --with-colons listing. - - * sign.c (make_keysig_packet, write_signature_packets): Pass in an - optional timestamp for the signature packet, and change all - callers. - - * keyedit.c (sign_mk_attrib): Include a critical expiration - subpacket in the signature if an expiration date is given. - -2001-12-04 David Shaw - - * keyedit.c (sign_uids): If the user tries to sign a - locally-signed key, allow the cert to be promoted to a full - exportable signature. This essentially deletes the old - non-exportable sig, and replaces it with a new exportable one. - -2001-12-04 David Shaw - - * keyedit.c (keyedit_menu): Do not allow signing a revoked key - unless --expert is set, and ask even then. - - * keyedit.c (sign_uids): Do not allow signing a revoked UID unless - --expert is set, and ask even then. - - * g10.c, options.h : New option --expert - -2001-11-16 David Shaw - - * Allow the user to select no compression via "--compress-algo 0" - on the command line. - - * keyedit.c (show_prefs): Show compression preferences in the - long-form "showpref" style. - - * keygen.c (set_one_pref): Permit setting a no-compression ("Z0") - preference. - - * getkey.c (fixup_uidnode): Fix compression preference corruption - bug. - -2001-12-02 David Shaw - - * g10.c: Add advisory --for-your-eyes-only option as per section - 5.9 of 2440. - -2001-12-05 David Shaw - - * Force a V4 sig if the user has a notation or policy URL set. - -2001-12-04 David Shaw - - * g10.c: Add options --keyserver-options, --temp-directory, and - auto-key-retrieve (the opposite of no-auto-key-retrieve). - - * hkp.c (hkp_search): New function to handle searching a HKP - keyserver for a key - - * hkp.c (hkp_ask_import, hkp_export): Pretty large changes to make - them communicate via the generic functions in keyserver.c - - * keyserver.c: new file with generic keyserver routines for - getting keys from a keyserver, sending keys to a keyserver, and - searching for keys on a keyserver. Calls the internal HKP stuff - in hkp.c for HKP keyserver functions. Other calls are handled by - an external program which is spawned and written to and read from - via pipes. Platforms that don't have pipes use temp files. - -2001-11-20 David Shaw - - * options.h, g10.c: New options show-notation, no-show-notation, - default-check-level, no-default-check-level, show-policy-url, - no-show-policy-url. - - * packet.h, sign.c (make_keysig_packet), parse-packet.c - (parse_signature), free-packet.c (free_seckey_enc): Fill in - structures for notation, policy, sig class, exportability, etc. - - * keyedit.c, keylist.c (print_and_check_one_sig, - list_keyblock_print): Show flags in signature display for cert - details (class, local, notation, policy, revocable). If selected, - show the notation and policy url. - - * keyedit.c (sign_uids): Prompt for and use different key sig - classes. - - * helptext.c (helptexts): Add help text to explain different - key signature classes - -2001-11-26 David Shaw - - * trustdb.c (mark_usable_uid_certs): Fix segfault from bad - initialization and fix reversed key signature expiration check. - -2001-11-09 Werner Koch - - * export.c (do_export_stream): Put all given names into a search - description and change the loop so that all matching names are - returned. - -2001-11-08 Werner Koch - - * pubkey-enc.c (get_it): To reduce the number of questions on the - MLs print the the name of cipher algorithm 1 with the error message. - - * mainproc.c: Changed the way old rfc1991 encryption cipher is - selected. Based on a patch by W Lewis. - - * pkclist.c (do_edit_ownertrust): Allow to skip over keys, the non - working "show info" is now assigned to "i" - * trustdb.c (ask_ownertrust, validate_keys): Implement a real quit - here. Both are by David Shaw. - - * trustdb.c (validate_keys): Make sure next_exipire is initialized. - - * sign.c (make_keysig_packet): Use SHA-1 with v4 RSA keys. - - * g10.c, options.h : New option --[no-]froce-v4-certs. - * sign.c (make_keysig_packet): Create v4 sigs on v4 keys even with - a v3 key. Use that new option. By David Shaw - - * revoke.c (ask_revocation_reason): Allow to select "no reason". - By David Shaw. - - * keyid.c (fingerprint_from_sk): Calculation of an v3 fpr was - plain wrong - nearly the same code in fingerprint_from_pk is correct. - - * build-packet.c (do_secret_key): Added a few comments to the code. - -2001-11-07 Werner Koch - - * g10.c (main): Print a warning when -r is used w/o encryption. - Suggested by Pascal Scheffers. - -2001-10-23 Werner Koch - - * keyedit.c (keyedit_menu): Changed helptext for showpref - command. Suggested by Reinhard Wobst. - - * keyring.c (keyring_search): When marking the offtbl ready, take - into account that we may have more than one keyring. - -2001-10-22 Werner Koch - - * Makefile.am: Do not use OMIT_DEPENDENCIES - - * build-packet.c (build_sig_subpkt): Default is now to put all - types of subpackets into the hashed area and only list those which - should go into the unhashed area. - -2001-10-18 Werner Koch - - * keydb.c (keydb_add_resource): Rearranged the way we keep track - of the resource. There will now be an entry for each keyring here - and not in keyring.c itself. Store a token to allow creation of a - keyring handle. Changed all functions to utilize this new design. - (keydb_locate_writable): Make a real implementation. - * keyring.c (next_kr): Removed and changed all callers to set the - resource directly from the one given with the handle. - (keyring_is_writable): New. - (keyring_rebuild_cache): Add an arg to pass the token from keydb. - -2001-10-17 Werner Koch - - * keyring.c (keyring_search): Enabled word search mode but print a - warning that it is buggy. - -2001-10-11 Werner Koch - - * hkp.c (hkp_ask_import): No more need to set the port number for - the x-hkp scheme. - (hkp_export): Ditto. - -2001-10-06 Stefan Bellon - - * passphrase.c [__riscos__]: Disabled agent specific stuff. - * g10.c: New option --no-force-v3-sigs. - -2001-10-04 Werner Koch - - * export.c (do_export_stream): Do not push the compress filter - here because the context would run out of scope due to the - iobuf_close done by the caller. - (do_export): Do it here instead. - -2001-09-28 Werner Koch - - * keyedit.c (sign_uids): Always use the primary key to sign keys. - * getkey.c (finish_lookup): Hack to return only the primary key if - a certification key has been requested. - - * trustdb.c (cmp_kid_for_make_key_array): Renamed to - (validate_one_keyblock): this and changed arg for direct calling. - (make_key_array): Renamed to - (validate_one_keyblock): this and changed args for direct calling. - (mark_usable_uid_certs, validate_one_keyblock) - (validate_key_list): Add next_expire arg to keep track of - expiration times. - (validate_keys): Ditto for UTKs and write the stamp. - - * tdbio.c (migrate_from_v2): Check return code of tbdio_sync. - - * tdbdump.c (import_ownertrust): Do a tdbio_sync(). - - * keyring.c: Made the offtbl an global object. - -2001-09-27 Werner Koch - - * pkclist.c (do_edit_ownertrust): Allow settin of ultimate trust. - - * trustdb.c (mark_keyblock_seen): New. - (make_key_array): Use it to mark the subkeys too. - (validate_keys): Store validity for ultimatly trusted keys. - -2001-09-26 Werner Koch - - * pkclist.c (check_signatures_trust, do_we_trust): Removed the - invocation of add_ownertrust. Minor changes to the wording. - (add_ownertrust, add_ownertrust_cb): Removed. - - * trustdb.c (get_validity): Allow to lookup the validity using a - subkey. - - * trustdb.c (new_key_hash_table): Increased the table size to 1024 - and changed the masks accordingly. - (validate): Changed stats printing. - (mark_usable_uid_certs): New. - (cmp_kid_for_make_key_array): Does now check the signatures and - figures out a usable one. - -2001-09-25 Werner Koch - - * keyring.c (new_offset_item,release_offset_items) - (new_offset_hash_table, lookup_offset_hash_table) - (update_offset_hash_table, update_offset_hash_table_from_kb): New. - (keyring_search): Use a offset table to optimize search for - unknown keys. - (keyring_update_keyblock, keyring_insert_keyblock): Insert new - offsets. - * getkey.c (MAX_UNK_CACHE_ENTRIES): Removed the unknown keys - caching code. - - * g10.c, options.h, import.c: Removed the entire - allow-secret-key-import stuff because the validity is now - controlled by other means. - - * g10.c: New command --rebuild-keydb-caches. - * keydb.c (keydb_rebuild_caches): New. - * keyring.c (do_copy): Moved some code to - (create_tmp_file, rename_tmp_file, write_keyblock): new functions. - (keyring_rebuild_cache): New. - - * packet.h (PKT_ring_trust): Add sigcache field. - * parse-packet.c (parse_trust): Parse sigcache. - * keyring.c (do_copy): Always insert a sigcache packet. - (keyring_get_keyblock): Copy the sigcache packet to the signature. - * sig-check.c (cache_sig_result): Renamed from - cache_selfsig_result. Changed implementation to use the flag bits - and changed all callers. - (mdc_kludge_check): Removed this unused code. - (do_check): Do not set the sig flags here. - - * import.c (read_block): Make sure that ring_trust packets are - never imported. - * export.c (do_export_stream): and never export them. - - * trustdb.c (make_key_array): Skip revoked and expired keys. - -2001-09-24 Werner Koch - - * g10.c, options.h: New option --no-auto-check-trustdb. - - * keygen.c (do_generate_keypair): Set newly created keys to - ultimately trusted. - - * tdbio.h, tdbio.c: Removed all support for records DIR, KEY, UID, - PREF, SIG, SDIR and CACH. Changed migration function to work - direct on the file. - (tdbio_read_nextcheck): New. - (tdbio_write_nextcheck): New. - -2001-09-21 Werner Koch - - Revamped the entire key validation system. - * trustdb.c: Complete rewrite. No more validation on demand, - removed some functions, adjusted to all callers to use the new - and much simpler interface. Does not use the LID anymore. - * tdbio.c, tdbio.h: Add new record types trust and valid. Wrote a - migration function to convert to the new trustdb layout. - * getkey.c (classify_user_id2): Do not allow the use of the "#" - prefix. - * keydb.h: Removed the TDBIDX mode add a skipfnc to the - descriptor. - * keyring.c (keyring_search): Implemented skipfnc. - - * passphrase.c (agent_open): Add missing bracket. Include windows.h. - -2001-09-19 Werner Koch - - * keylist.c (print_fingerprint): Renamed from fingerprint, made - global available. Added new arg to control the print style. - * mainproc.c (print_fingerprint): Removed. - * pkclist.c (print_fpr, fpr_info): Removed and changed callers to - use print_fingerprint. - * keyedit.c (show_fingerprint): Ditto. - - * passphrase.c (writen, readn) - (agent_open, agent_close) - (agent_get_passphrase) - (passphrase_clear_cache): Support for W32. Contributed by Timo. - - * import.c (import_one): Release keydb handles at 2 more places. - - * keyring.c (keyring_release): Close the iobuf. - (keyring_get_keyblock): Init ret_kb to NULL and store error contidion. - - * import.c (import_new_stats_handle): New. - (import_release_stats_handle): New. - (import_print_stats): Renamed from static fnc print_stats. - (import_keys, import_keys_stream): Add an optional status handle - arg and changed all callers. - * hkp.c (hkp_ask_import): Add an stats_handle arg and changed all - callers. - - * mainproc.c (print_pkenc_list): Use print_utf8_string2(). - -2001-09-18 Werner Koch - - * g10.c: New command --refresh-keys. - * hkp.c (hkp_refresh_keys): New. Contributed by Timo Schulz. - - * parse-packet.c (parse): Stop on impossible packet lengths. - -2001-09-17 Werner Koch - - * mainproc.c (print_notation_data): Wrap notation data status lines - after 50 chars. - - * mainproc.c (proc_pubkey_enc): Make option try-all-secrets work. - By disastry@saiknes.lv. - -2001-09-14 Werner Koch - - * parse-packet.c (dump_sig_subpkt): List key server preferences - and show the revocable flag correctly. Contributed by David Shaw. - -2001-09-09 Werner Koch - - * keyedit.c (keyedit_menu): No need to define another p. - - * keylist.c (print_capabilities): s/used/use/ so that it - does not shadow a global. - * sign.c (sign_file): Renamed arg encrypt to encryptflag - * keygen.c: Replaced all "usage" by "use". - * misc.c (openpgp_pk_algo_usage): Ditto. - - * pubkey-enc.c (get_it): Renamed arg k to enc so that the later - defined k does not shadow it. - - * parse-packet.c (parse_gpg_control): No need to define another i. - - * getkey.c (get_pubkey_byfprint): Must use the enum values and not - the fprint_len. - * keyring.c (keyring_search): Removed a non-sense break. Both - bugs pointed out by Stefan. - -2001-09-07 Werner Koch - - * status.c, status.h: Added NO_RECP and ALREADY_SIGNED. - * pkclist.c (build_pk_list): Issue NO_RECP. - * keyedit.c (sign_uids): Added experimental ALREADY_SIGNED - - * hkp.c (hkp_import): Use log_error. Bug reported by Neal H - Walfield. - - * getkey.c (classify_user_id2): Change args to take the desc union - direct. It was a stupid idea to pass the individual fields of an - union to this function. Changed all callers. - (classify_user_id): Ditto and allow to pass NULL as the description. - -2001-09-06 Werner Koch - - * getkey.c (fixup_uidnode): Features flag is now a bit vector. - * keygen.c (add_feature_mdc): Ditto. - - Revamped the entire key I/O code to be prepared for other ways of - key storages and to get rid of the existing shit. GDBM support has - gone. - * keydb.c: New - * keyring.c, keyring.h: New. - * ringedit.c: Removed. Moved some stuff to keyring.c - * getkey.c: Changed everything related to the key retrieving - functions which are now using the keydb_ functions. - (prepare_search, word_match_chars, word_match) - (prepare_word_match, compare_name): Moved to keyring.c - (get_pubkey_byname): Removed ctx arg and add ret_kdbhd - arg. Changed all callers. - (key_byname): Use get_pubkey_end to release the context and take - new ret_kbdhd arg. Changed all callers. - (classify_user_id2): Fill the 16 byte fingerprint up with 4 null - bytes not with zero bytes of value 4, tsss. - * import.c (import_one): Updated to use the new keydb interface. - (import_secret_one): Ditto. - (import_revoke_cert): Ditto. - * delkey.c (do_delete_key): Ditto. - * keyedit.c (keyedit_menu): Ditto. - (get_keyblock_byname): Removed. - * revoke.c (gen_revoke): Ditto. - * export.c (do_export_stream): Ditto. - * trustdb.c (update_trustdb): Ditto. - * g10.c, gpgv.c (main): Renamed add_keyblock_resource to - keydb_add_resource. - * Makefile.am: Added and removed files. - - * keydb.h: Moved KBNODE typedef and MAX_FINGERPRINT_LEN to - * global.h: this new header. - -2001-09-03 Werner Koch - - * passphrase.c (agent_get_passphrase): Changed nread to size_t. - (passphrase_clear_cache): Ditto. - - * keyid.c (mk_datestr): Avoid trigraphs. - (fingerprint_from_pk): Cache the keyid in the pk. - - * options.h: Add opt.with_fingerprint so that we know whether the - corresponding options was used. - * g10.c (main): Set it here. - * pkclist.c (check_signatures_trust): Always print fingerprint - when this option is used. Mixed a minor memory leak. - - * status.c, status.h: New status INV_RECP. - * pkclist.c (build_pk_list): Issue this status. - -2001-08-31 Werner Koch - - * parse-packet.c (parse_key,parse_pubkeyenc) - (parse_signature): Return error on reading bad MPIs. - - * mainproc.c (check_sig_and_print): Always print the user ID even - if it is not bound by a signature. Use the primary UID in the - status messages and encode them in UTF-8 - * status.c (write_status_text_and_buffer): New. - -2001-08-30 Werner Koch - - * packet.h (sigsubpkttype_t): Add SIGSUBPKT_FEATURES. - (PKT_public_key, PKT_user_id): Add a flag for it. - * parse-packet.c, build-packet.c: Add support for them. - * getkey.c (fixup_uidnode, merge_selfsigs): Set the MDC flags. - * keygen.c (add_feature_mdc): New. - (keygen_upd_std_prefs): Always set the MDC feature. - * keyedit.c (show_prefs): List the MDC flag - * pkclist.c (select_mdc_from_pklist): New. - * encode.c (encode_crypt, encrypt_filter): Test whether MDC - should be used. - * cipher.c (write_header): Set MDC use depending on the above test. - Print more status info. - - * delkey.c (do_delete_key): Kludge to delete a secret key with no - public key available. - - * ringedit.c (find_secret_keyblock_direct): New. - * getkey.c (seckey_available): Simplified. - - * ringedit.c (cmp_seckey): Now compares the secret key against the - public key while ignoring all secret parts. - (keyring_search): Use a public key packet as arg. Allow to search - for subnkeys - (search): Likewise. Changed all callers. - (find_secret_keyblock_bypk): New. - (find_secret_keyblock_byname): First locate the pubkey and then - find the correponding secret key. - * parse-packet.c (parse): Renamed pkttype arg to onlykeypkts and - changed code accordingly. Changed all callers. - (search_packet): Removed pkttype arg. - * keyedit.c (keyedit_menu): First locate the public key and then - try to locate a secret key. - - * ringedit.c (locate_keyblock_by_fpr): Removed. - (locate_keyblock_by_keyid): Removed. - (find_keyblock_bysk): Removed. - - * sig-check.c (check_key_signature2): Print the keyid along with - the wrong sig class errors. - -2001-08-24 Werner Koch - - * sign.c (sign_file): Stripped the disabled comment packet code. - (sign_file, sign_symencrypt_file): Moved common code to .. - (write_onepass_sig_packets): .. this new function. - (sign_file, clearsign_file, sign_symencrypt_file): Moved common - code to - (write_signature_packets): this new function. - (write_signature_packets, make_keysig_packet) - (update_keysig_packet): Moved common code to - (hash_uid, hash_sigclass_to_magic): these new functions - (sign_file, sign_symencrypt_file): Moved common code to - (write_plaintext_packet): this new function. - -2001-08-21 Stefan Bellon - - * trustdb.c (query_trust_info): Changed trustlevel to signed int. - * g10.c [__riscos__]: Fixed handling of --use-agent --lock-multiple. - -2001-08-20 Werner Koch - - * encr-data.c (decrypt_data): Keep track on whether we already - printed information about the used algorithm. - * mainproc.c (proc_encrypted): Removed the non-working IDEA hack - and print a message about the assumed algorithm. - * passphrase.c (passphrase_to_dek): Use the same algorithm as above. - (proc_symkey_enc): Print the algorithm, so that the user knows it - before entering the passphrase. - (proc_pubkey_enc, proc_pubkey_enc): Zero the DEK out. - * encode.c (encode_crypt, encrypt_filter): Ditto. - - * g10.c: Allow for --sign --symmetric. - * sign.c (sign_and_symencrypt): New. - - Applied patches from Stefan Bellon to support - RISC OS. Nearly all of these patches are identified by the - __riscos__ macro. - * compress.c: Added a couple of casts. - * g10.c [__riscos__]: Some patches and new options foo-file similar - to all foo-fd options. - * gpgv.c, openfile.c, ringedit.c, tdbio.c: Minor fixes. Mainly - replaced hardcoded path separators with EXTSEP_S like macros. - * passprase.c [__riscos__]: Disabled agent stuff - * trustdb.c (check_trust): Changed r_trustlevel to signed int to - avoid mismatch problems in pkclist.c - * pkclist.c (add_ownertrust): Ditto. - * plaintext.c (handle_plaintext) [__riscos__]: Print a note when - file can't be created. - * options.h [__riscos__]: Use an extern unless included from the - main module. - * signal.c (got_fatal_signal) [__riscos__]: Close all files. - -2001-08-14 Werner Koch - - * keygen.c (ask_algo): New arg r_usage. Allow for RSA keys. - (gen_rsa): Enabled the code. - (do_create): Enabled RSA branch. - (parse_parameter_usage): New. - (proc_parameter_file): Handle usage parameter. - (read_parameter_file): Ditto. - (generate_keypair): Ditto. - (generate_subkeypair): Ditto. - (do_generate_keypair): Ditto. - (do_add_key_flags): New. - (keygen_add_std_prefs): Use the new function. - (keygen_add_key_flags_and_expire): New. - (write_selfsig, write_keybinding): Handle new usage arg. - * build-packet.c (build_sig_subpkt): Make sure that key flags go - into the hashed area. - - * keygen.c (write_uid): Initialize the reference cunter. - - * keyedit.c (keyedit_menu): No more need to update the trustdb for - preferences. Added calls to merge keblock. - - * kbnode.c (dump_kbnode): Print some more flags. - -2001-08-10 Werner Koch - - Revamped the preference handling. - - * packet.h (prefitem_t, preftype_t): New. - (PKT_public_key): Added a uid field. - (PKT_user_id): Added field to store preferences and a reference - counter. - * parse-packet.c (parse_user_id,parse_photo_id): Initialize them - * free-packet.c (free_user_id): Free them. - (copy_user_id): Removed. - (scopy_user_id): New. - (cmp_user_ids): Optimized for identical pointers. - (release_public_key_parts): Release the uid. - (copy_public_key_with_new_namehash): Removed. - (copy_prefs): New. - * keyedit.c (menu_adduid): Use the new shallow copy user id. - (show_prefs): Adjusted implementation. - (keyedit_menu): No more need to update the trustdb after changing - preferences. - * getkey.c (fixup_uidnode): Store preferences. - (find_by_name): Return a user id packet and remove namehash stuff. - (lookup): Removed the unused namehash stuff. - (finish_lookup): Added foundu arg. - (pk_from_block): Removed the namehash arg and changed all callers. - (merge_selfsigs): Copy prefs to all keys. - * trustdb.c (get_pref_data): Removed. - (is_algo_in_prefs): Removed. - (make_pref_record): Deleted and removed all class. - * pkclist.c (select_algo_from_prefs): Adjusted for the new - preference implementation. - * pubkey-enc.c (is_algo_in_prefs): New. - (get_it): Use that new function. - -2001-08-09 Werner Koch - - * build-packet.c (build_sig_subpkt): Fixed calculation of - newarea->size. - - * g10.c (main): New option "--preference-list" - * keyedit.c (keyedit_menu): New commands "setpref" and "updpref". - (menu_set_preferences): New. - * keygen.c (keygen_set_std_prefs): New. - (set_one_pref): New. - (check_zip_algo): New. - (keygen_get_std_prefs): New. - (keygen_upd_std_prefs): New - (keygen_add_std_prefs): Move the pref setting code into the above fnc. - * build-packet.c (build_sig_subpkt): Updated the list of allowed - to update subpackets. - -2001-08-08 Werner Koch - - * packet.h (subpktarea_t): New. - (PKT_signature): Use that type for hashed_data and unhashed_data and - removed the _data prefix from those fields. Changed all users. - * parse-packet.c (parse_signature): Changed allocation for that. - (parse_sig_subpkt): Changed declaration - (enum_sig_subpkt): Ditto and changed implementation accordingly. - * free-packet.c (cp_subpktarea): Renamed from cp_data_block and - adjusted implementation. Changed caller. - * sig-check.c (mdc_kludge_check): Adjusted the hashing. - (do_check): Ditto. - * sign.c (sign_file, clearsign_file, make_keysig_packet, - update_keysig_packet): Ditto. - * build-packet.c (build_sig_subpkt): Partial rewrite. - (find_subpkt): Adjusted and made static. - (delete_sig_subpkt): Adjusted. - (do_signature): Ditto. - - * keygen.c (ask_keysize): Do not print the notes about suggested - key sizes if just a DSA key is generated. - - * trustdb.c (add_ultimate_key): s/log_error/log_info/ for - duplicated inserted trusted keys. - -2001-08-07 Werner Koch - - * sign.c (sleep): Redefine for W32. - - * g10.c, options.h: Set new flag opt.no_homedir_creation when - --no-options is given. - * openfile.c (try_make_homedir): Don't create the homedir in that case. - -2001-08-03 Werner Koch - - * armor.c (armor_filter): Removed the default comment string - because it could get us in trouble due to translations using non - ascii characters. - -2001-08-01 Werner Koch - - * keylist.c (list_keyblock_print): Do not list revoked UIDs unless - in verbose mode and we do no signature listing. - - * getkey.c (finish_lookup): Skip subkeys which are not yet valid. - * g10.c, options.h: New option --ignore-valid-from. - - * sign.c (make_keysig_packet): Added new sigversion argument to - allow the caller to force generation of required signature - version. Changed all callers. Suggested by Thomas Roessler. - - * keyedit.c (sign_uids): Force v4 signature generation for local - sigs. Removed the check for local signature and pre-v4 keys. - -2001-07-27 Werner Koch - - * keyedit.c (sign_uids): Check that we are not trying to to a - lsign with a pre-v4 key. Bug noticed by Thomas Roessler. - -2001-07-26 Werner Koch - - * parse-packet.c (parse_photo_id): Reset all variables. - * getkey.c (merge_selfsigs_main): Removed checks on PHOTO_ID - because this is handled identically to a user ID. - -2001-07-06 Werner Koch - - * cipher.c (write_header): Don't use MDC with --rfc1991. Suggested - by disastry@saiknes.lv. - -2001-07-05 Werner Koch - - * g10.c, options.h: New option --preserve-permissions. - * ringedit.c (add_keyblock_resource): Use it here - (keyring_copy): and here. - - * trustdb.c (verify_own_keys): Be more silent on --quiet. - Suggested by Thomas Roessler. - * sig-check.c (check_key_signature2): Ditto. - * mainproc.c (proc_encrypted, proc_tree): Ditto - * getkey.c (lookup): Ditto. - -2001-07-04 Werner Koch - - * ringedit.c (add_keyblock_resource): Restore filename in case of error. - -2001-06-25 Werner Koch - - * kbnode.c (dump_kbnode): Print the signature timestamp. - - * keyedit.c (keyedit_menu): New menu point "primary". - (change_primary_uid_cb): New. - (menu_set_primary_uid): New. - * sign.c (update_keysig_packet): New. - * build-packet.c (build_sig_subpkt): Put the primary UID flag into - the hashed area. Allow update of some more packets. - -2001-06-15 Werner Koch - - * getkey.c (merge_selfsigs): Exit gracefully when a secret key is - encountered. May happen if a secret key is in public keyring. - Reported by Francesco Potorti. - -2001-06-12 Werner Koch - - * getkey.c (compare_name): Use ascii_memistr(), ascii_memcasecmp() - * keyedit.c (keyedit_menu): Use ascii_strcasecmp(). - * armor.c (radix64_read): Use ascii_toupper(). - * ringedit.c (do_bm_search): Ditto. - * keygen.c (read_parameter_file): Ditto. - * openfile.c (CMP_FILENAME): Ditto. - * g10.c (i18n_init): We can now use just LC_ALL. - -2001-05-29 Werner Koch - - * keygen.c (generate_subkeypair): Print a warning if a subkey is - created on a v3 key. Suggested by Brian M. Carlson. - -2001-05-27 Werner Koch - - * keyid.c (get_lsign_letter): New. - * keylist.c (list_keyblock_colon): Use it here. - * mainproc.c (list_node): and here. - - * getkey.c, packet.h, free-packet.c: Removed that useless key - created field; I dunno why I introducded this at all - the - creation time is always bound to the key packet and subject to - fingerprint calculation etc. - - * getkey.c (fixup_uidnode): Add keycreated arg and use this - instead of the signature timestamp to calculate the - help_key_expire. Bug reported by David R. Bergstein. - (merge_selfsigs_main): Correct key expiration time calculation. - (merge_selfsigs_subkey): Ditto. - -2001-05-25 Werner Koch - - * revoke.c (gen_revoke): Add a cast to a tty_printf arg. - * delkey.c (do_delete_key): Ditto. - * keyedit.c (print_and_check_one_sig): Ditto. - (ask_revoke_sig): Ditto. - (menu_revsig): Ditto. - (check_all_keysigs): Removed unused arg. - -2001-05-23 Werner Koch - - * g10.c (opts): Typo fix by Robert C. Ames. - -2001-05-06 Werner Koch - - * revoke.c: Small typo fix - -2001-05-04 Werner Koch - - * passphrase.c (passphrase_clear_cache): Shortcut if agent usage - is not enabled. - -2001-05-01 Werner Koch - - * passphrase.c (writen): Replaced ssize_t by int. Thanks to - to Robert Joop for reporting that SunOS 4.1.4 does not have it. - -2001-04-28 Werner Koch - - * getkey.c (merge_public_with_secret): pkttype was not set to subkey. - -2001-04-27 Werner Koch - - * skclist.c (build_sk_list): Changed one log_debug to log_info. - -2001-04-25 Werner Koch - - * keyedit.c (show_prefs): Add a verbose mode. - (show_key_with_all_names): Pass verbose flag for special value of - with_pref. - (keyedit_menu): New command "showpref" - (show_key_with_all_names): Mark revoked uids and the primary key. - -2001-04-24 Werner Koch - - * getkey.c (get_primary_uid): Return a different string in case of - error and made it translatable. - - * build-packet.c (do_secret_key): Ugly, we wrote a zero - instead of the computed ndays. Thanks to M Taylor for complaining - about a secret key import problem. - -2001-04-23 Werner Koch - - * hkp.c (hkp_ask_import): Allow to specify a port number for the - keyserver. Add a kudge to set the no_shutdown flag. - (hkp_export): Ditto. - * options.skel: Document the changes - -2001-04-20 Werner Koch - - * options.skel: Add some more comments. - -2001-04-19 Werner Koch - - * keyid.c (mk_datestr): New. Handles negative times. We must do - this because Windoze segvs on negative times passed to gmtime(). - Changed all datestr_from function to use this one. - - * keyid.c, keyid.h (colon_strtime): New. To implement the - fixed-list-mode. - (colon_datestr_from_pk): New. - (colon_datestr_from_sk): New. - (colon_datestr_from_sig): New. - * keylist.c (list_keyblock_colon): Use these functions here. - * mainproc.c (list_node): Ditto. - -2001-04-18 Werner Koch - - * openfile.c (open_sigfile): Fixed the handling of ".sign". - * mainproc.c (proc_tree): Use iobuf_get_real_fname. - Both are by Vincent Broman. - -2001-04-14 Werner Koch - - * getkey.c (fixup_uidnode): Removed check for !sig which is - pointless here. Thanks to Jan Niehusmann. - -2001-04-10 Werner Koch - - * sig-check.c (check_key_signature2): Use log_info instead of - log_error so that messed up keys do not let gpg return an error. - Suggested by Christian Kurz. - - * getkey.c (merge_selfsigs_main): Do a fixup_uidnode only if we - have both, uid and sig. Thanks to M Taylor. - -2001-04-05 Werner Koch - - * armor.c (unarmor_pump_new,unarmor_pump_release): New. - (unarmor_pump): New. - * pipemode.c (pipemode_filter): Use the unarmor_pump to handle - armored or non-armored detached signatures. We can't use the - regular armor_filter because this does only check for armored - signatures the very first time. In pipemode we may have a mix of - armored and binary detached signatures. - * mainproc.c (proc_tree): Do not print the "old style" notice when - this is a pipemode processes detached signature. - (proc_plaintext): Special handling of pipemode detached sigs. - - * packet.h (CTRLPKT_PLAINTEXT_MARK): New. - * parse-packet.c (create_gpg_control): New. - * kbnode.c (dump_kbnode): Support it here. - * mainproc.c (check_sig_and_print): Fixed the check for bad - sequences of multiple signatures. - (proc_plaintext): Add the marker packet. - (proc_tree): We can now check multiple detached signatures. - -2001-04-02 Werner Koch - - The length of encrypted packets for blocksizes != 8 was not - correct encoded. I think this is a minor problem, because we - usually use partial length packets. Kudos to Kahil D. Jallad for - pointing this out. - * packet.h: Add extralen to PKT_encrypted. - * cipher.c (write_header): Set extralen. - * build-packet.c (do_encrypted): Use extralen instead of const 10. - (do_encrypted_mdc): Ditto. - * parse-packet.c (parse_encrypted): Set extralen to 0 because we - don't know it here. - -2001-03-30 Werner Koch - - * getkey.c (premerge_public_with_secret): Changed wording an add - the keyID to the info message. - -2001-03-29 Werner Koch - - * getkey.c (premerge_public_with_secret): Use log_info instead of - log_error when no secret key was found for a public one. - Fix the usage if the secret parts of a key are not available. - - * openfile.c (ask_outfile_name): Trim spaces. - (open_outfile): Allow to enter an alternate filename. Thanks to - Stefan Bellon. - * plaintext.c (handle_plaintext): Ditto. - -2001-03-28 Werner Koch - - * mainproc.c (do_check_sig): Allow direct key and subkey - revocation signature. - * sig-check.c (check_key_signature2): Check direct key signatures. - Print the signature class along with an error. - -2001-03-27 Werner Koch - - * packet.h: Add a missing typedef to an enum. Thanks to Stefan Bellon. - - * g10.c: New option --no-sig-create-check. - * sign.c (do_sign): Implement it here. - * g10.c: New option --no-sig-cache. - * sig-check.c (check_key_signature2): Implement it here. - (cache_selfsig_result): and here. - - * keylist.c (list_keyblock): Removed debugging stuff. - - * getkey.c (cache_public_key): Made global. - * keygen.c (write_selfsig, write_keybinding): Cache the new key. - - * getkey.c (key_byname): Add new arg secmode and changed all - callers to request explicitly the mode. Deriving this information - from the other supplied parameters does not work if neither pk nor - sk are supplied. - -2001-03-25 Werner Koch - - * packet.h (ctrlpkttype_t): New. - * mainproc.c (add_gpg_control,proc_plaintext,proc_tree): Use the - new enum values. - * pipemode.c (make_control): Ditto. - * armor.c (armor_filter): Ditto. - -2001-03-24 Werner Koch - - * sign.c (do_sign): Verify the signature right after creation. - -2001-03-23 Werner Koch - - * status.c, status.h (STATUS_UNEXPECTED): New. - * mainproc.c (do_proc_packets): And emit it here. - -2001-03-21 Werner Koch - - * status.c: Add sys/types.h so that it runs on Ultrix. Reported - by Georg Schwarz.x - - * build-packet.c (build_sig_subpkt): Fixed generaton of packet - length header in case where 2 bytes headers are needed. Thanks to - Piotr Krukowiecki. - -2001-03-19 Werner Koch - - * g10.c (main): the default keyring is no always used unless - --no-default-keyring is given. - - * ringedit.c (add_keyblock_resource): invalidate cache after file - creation. - -2001-03-15 Werner Koch - - * keygen.c (ask_algo): Changed the warning of the ElGamal S+E Algo. - - * keylist.c (print_capabilities): New. - (list_keyblock_colon): and use it here. - -2001-03-13 Werner Koch - - * main.c, options.h: New option --fixed_list_mode. - * keylist.c (list_keyblock_colon): use it here. - - * getkey.c (merge_keys_and_selfsig): Divert merging of public keys - to the function used in key selection.. - * keylist.c (is_uid_valid): Removed. - (list_keyblock): Splitted into .. - (list_keyblock_print, list_keyblock_colon): .. these. - functions. Changed them to use the flags set in the key lookup code. - (reorder_keyblock): New, so that primary user IDs are listed first. - - * ringedit.c (keyring_copy): flush the new iobuf chaces before - rename or remove operations. This is mainly needed for W32. - - * hkp.c [HAVE_DOSISH_SYSTEM]: Removed the disabled code because we - have now W32 socket support in ../util/http.c - - * skclist.c (key_present_in_sk_list): New. - (is_duplicated_entry): New. - (build_sk_list): Check for duplicates and do that before unlocking. - -2001-03-12 Werner Koch - - * armor.c (parse_header_line): Removed double empty line check. - (parse_header_line): Replaced trim_trailing_ws with a counting - function so that we can adjust for the next read. - - * options.skel: Fixed 3 typos. By Thomas Klausner. Replaced the - keyserver example by a better working server. - - * parse-packet.c (parse_symkeyenc): Return Invalid_Packet on error. - (parse_pubkeyenc): Ditto. - (parse_onepass_sig): Ditto. - (parse_plaintext): Ditto. - (parse_encrypted): Ditto. - (parse_signature): Return error at other places too. - (parse_key): Ditto. - * g10.c (main): Set opt.list_packets to another value when invoked - with the --list-packets command. - * mainproc.c (do_proc_packets): Don's stop processing when running - under --list-packets command. - - * signal.c (do_sigaction): Removed. - (init_one_signal): New to replace the above. Needed to support - systems without sigactions. Suggested by Dave Dykstra. - (got_fatal_signal,init_signals): Use the above here. - (do_block): Use sigset() if sigprocmask() is not available. - - * armor.c (parse_hash_header): Test on TIGER192, which is the - correct value as per rfc2440. By Edwin Woudt. - -2001-03-08 Werner Koch - - * misc.c: Include time.h. By James Troup. - - * getkey.c: Re-enabled the unknown user Id and PK caches and - increased their sizes. - - * getkey.c (merge_selfsigs_main): Set expire date and continue - processing even if we found a revoked key. - (merge_selfsigs_subkeys): Ditto. - - * packet.h: Add an is_revoked flag to the user_id packet. - * getkey.c (fixup_uidnode): Set that flag here. - (merge_selfsigs_main): Fix so that the latest signature is used to - find the self-signature for an UID. - * parse-packet.c (parse_user_id): Zero out all fields. - * mainproc.c (check_sig_and_print): Print the primary user ID - according the the node flag and then all other non-revoked user IDs. - (is_uid_revoked): Removed; it is now handled by the key selection code. - - Changed the year list of all copyright notices. - -2001-03-07 Werner Koch - - * getkey.c (finish_lookup): Print an info message only in verbose mode. - -2001-03-05 Werner Koch - - * packet.h: Replaced sigsubpkt_t value 101 by PRIV_VERIFY_CACHE. - We have never used the old value, so we can do this without any harm. - * parse-packet.c (dump_sig_subpkt): Ditto. - (parse_one_sig_subpkt): Parse that new sub packet. - * build-packet.c (build_sig_subpkt): Removed the old one from the - hashed area. - (delete_sig_subpkt): New. - (build_sig_subpkt): Allow an update of that new subpkt. - * sig-check.c (check_key_signature2): Add verification caching - (cache_selfsig_result): New. - * export.c (do_export_stream): Delete that sig subpkt before exporting. - * import.c (remove_bad_stuff): New. - (import): Apply that function to all imported data - -2001-03-03 Werner Koch - - * getkey.c: Introduced a new lookup context flag "exact" and used - it in all place where we once used primary. - (classify_user_id2): Replaced the old function and add an extra - argument to return whether an exact keyID has been requested. - (key_byname): Removed the unused ctx.primary flag - (get_seckey_byname2): Ditto. - (finish_lookup): Changed debugging output. - -2001-03-02 Werner Koch - - * keylist.c (list_one): Remove the merge key calls. - -2001-03-01 Werner Koch - - * getkey.c (finish_lookup): Don't use it if we no specific usage - has been requested. - (merge_selfsigs_main): fix UID only if we have an signature. - (lookup): Return UNU_PUBKEY etc. instead of NO_PUBKEY if we found - a key but the requested usage does not allow this key. - * import.c (import_one): Take UNU_PUBKEY into account. - * mainproc.c (list_node): Ditto. - * keylist.c (list_keyblock): Ditto. - * keyedit.c (print_and_check_one_sig): Ditto. - -2001-02-09 Werner Koch - - * delkey.c (delete_key): Removed that silly assert which rendered - the whole new stuff meaningless. - -2001-02-08 Werner Koch - - * getkey.c (key_byname): It can happen that we have both, sk and pk - NULL, fix for that. - - * parse-packet.c (parse_one_sig_subpkt): Add support for - primary_uid and key_flags. - (can_handle_critical): Ditto - - * parse-packet.c (parse_encrypted): Fixed listing of pktlen for - MDC packets. - - * getkey.c: Backported the version of this file from gpg 1.1. this - involved some changes in other files too. - * parse-packet.c (parse_key): Clear req_usage. - * skclist.c (build_sk_list): Use req_usage to pass the usage - information to the lookup function. - * pkclist.c (build_pk_list): Ditto. - * free-packet.c (copy_public_parts_to_secret_key): New. - * keydb.h: Add IS_* macros to check the sig_class. - * misc.c (openpgp_cipher_test_algo): New. - (openpgp_pk_test_algo): New. - (openpgp_pk_algo_usage): New. - (openpgp_md_test_algo): New. - * packet.h: Add a few fields to PKT_{public,secret}_key and - PKT_user_id. - * seckey-cert.c (do_check): Use the new main_keyid field. - -2001-02-04 Werner Koch - - * encr-data.c (decrypt_data): Catch error when we had problems to - parse the encrypted packet. By Timo. - -2001-01-29 Werner Koch - - * g10.c (main): --batch does now set nogreeting. - - * delkey.c (do_delete_key): Fixed delete-both functionality. - -2001-01-22 Werner Koch - - * g10.c: New command --delete-secret-and-public-key. - * delkey.c (delete_key): Add new arg allow_both. - (do_delete_key): Move most stuff from above to this new function. - -2001-01-12 Werner Koch - - * passphrase.c (passphrase_to_dek): Use MD5 when IDEA is installed - and we have no S2K. - * mainproc.c (proc_encrypted): Likewise - -2001-01-11 Werner Koch - - * sig-check.c (do_check): Print the signature key expire message - only in verbose mode and added the keyID. - -2001-01-09 Werner Koch - - * status.c, status.h: New status USERID_HINT. - (write_status_text): Replace LF and CR int text by C-escape sequence. - - * passphrase.c (passphrase_to_dek): Fixed the NEED_PASSPHRASE - output. It does now always print 2 keyIDs. Emit the new - USERID_HINT. - -2001-01-08 Werner Koch - - * g10.c, options.h: New option --no-expensive-trust-checks. - * keylist.c (list_keyblock): Act on this option. - -2001-01-04 Werner Koch - - * g10.c (main): Set homedir only in the pre-parsing phase and - replace backslashes in the W32 version. - -2001-01-03 Werner Koch - - * status.c, status.h : New status KEY_CREATED - * keygen.c (do_generate_keypair,generate_subkeypair): Emit it. - -2000-12-28 Werner Koch - - * signal.c (got_fatal_signal): Remove lockfiles here because the - atexit stuff does not work due to the use of raise. Suggested by - Peter Fales. - * gpgv.c (remove_lockfiles): New stub. - -2000-12-19 Werner Koch - - * status.c, status.h (cpr_get_no_help): New. - * keyedit.c (keyedit_menu): Use it here because we have our own - help list here. - -2000-12-18 Werner Koch - - * mainproc.c (print_failed_pkenc): Don't print the sometimes - confusing message about unavailabe secret key. Renamed ... - (print_pkenc_list): ... to this and introduced failed arg. - (proc_encrypted): Print the failed encryption keys and then - the one to be used. - (proc_pubkey_enc): Store also the key we are going to use. - - * mainproc.c (check_sig_and_print): Don't list revoked user IDs. - (is_uid_revoked): New. - -2000-12-08 Werner Koch - - * pipemode.c: Made the command work. Currently only for - non-armored detached signatures. - * mainproc.c (release_list): Reset the new pipemode vars. - (add_gpg_control): Handle the control packets for pipemode - * status.c, status.h: New stati {BEGIN,END}_STREAM. - -2000-12-07 Werner Koch - - * g10.c: New option --allow-secret-key-import. - * import.c (import_keys,import_keys_stream): Honor this option. - (import): New arg allow_secret and pass that arg down to ... - (import_secret_one): to this and print a warning if secret key - importing is not allowed. - -2000-12-05 Werner Koch - - * cipher.c (cipher_filter): Moved the end_encryption status ... - * encode.c (encode_simple,encode_crypt): to here - * sign.c (sign_file): and here. - - * status.c (mywrite): Removed. - (get_status_string): Removed the LFs from the strings. - (set_status_fd,is_status_enabed,write_status_text, - write_status_buffer): Replaced all mywrite by stdio calls and use - fdopen to create a strem. This is needed to make things smoother - in the W32 version. - -2000-12-04 Werner Koch - - * import.c (merge_blocks): Increment n_sigs for revocations. - -2000-11-30 Werner Koch - - * g10.c (main): Use iobuf_translate_file_handle for all options - with filehandles as arguments. This is function does some magic - for the W32 API. - - * verify.c (verify_signatures): Add a comment rant about the - detached signature problem. - * mainproc.c (proc_tree): Issue an error if a detached signature - is assumed but a standard one was found. - * plaintext.c (hash_datafiles): Don't fall back to read signature - from stdin. - * openfile.c (open_sigfile): Print verbose message only if the - file could be accessed. - -2000-11-24 Werner Koch - - * passphrase.c [HAVE_DOSISH_SYSTEM]: Disabled all the agent stuff. - -2000-11-16 Werner Koch - - * g10.c: New option --use-agent - * passphrase.c (agent_open,agent_close): New. - (agent_get_passphrase,agent_clear_passphrase): New. - (passphrase_clear_cache): New. - (passphrase_to_dek): Use the agent here. - * seckey-cert.c (do_check): Clear cached passphrases. - -2000-11-15 Werner Koch - - * status.c (write_status_text): Moved the big switch to ... - (get_status_string): ... new function. - (write_status_buffer): New. - - * status.c (mywrite): New and replaced all write() by this. - - * status.c, status.h: Add 3 status lcodes for notaions and policy. - * mainproc.c (print_notation_data): Do status output of notations. - -2000-11-13 Werner Koch - - * sign.c (clearsign_file): Use LF macro to print linefeed. - -2000-11-11 Paul Eggert - - Clean up the places in the code that incorrectly use "long" or - "unsigned long" for file offsets. The correct type to use is - "off_t". The difference is important on large-file hosts, - where "off_t" is longer than "long". - - * keydb.h (struct keyblock_pos_struct.offset): - Use off_t, not ulong, for file offsets. - * packet.h (dbg_search_packet, dbg_copy_some_packets, - search_packet, copy_some_packets): Likewise. - * parse-packet.c (parse, dbg_search_packet, search_packet, - dbg_copy_some_packets, copy_some_packets): Likewise. - * ringedit.c (keyring_search): Likewise. - - * parse-packet.c (parse): Do not use %lu to report file - offsets in error diagnostics; it's not portable. - * ringedit.c (keyring_search): Likewise. - -2000-11-09 Werner Koch - - * g10.c (main): New option --enable-special-filenames. - -2000-11-07 Werner Koch - - * g10.c (main): New command --pipemode. - * pipemode.c: New. - -2000-10-23 Werner Koch - - * armor.c (armor_filter): Changed output of hdrlines, so that a CR - is emitted for DOS systems. - - * keygen.c (read_parameter_file): Add a cast for isspace(). - - * status.c (myread): Use SIGINT instead of SIGHUP for DOS. - -2000-10-19 Werner Koch - - * g10.c: New option --ignore-crc-error - * armor.c (invalid_crc): New. - (radix64_read): Act on new option. - - * openfile.c (try_make_homedir): Klaus Singvogel fixed a stupid - error introduced on Sep 6th. - -2000-10-18 Werner Koch - - * misc.c (print_cipher_algo_note): Don't print the note for AES. - Changed wording. - -2000-10-16 Werner Koch - - * mainproc.c (do_proc_packets): Hack to fix the problem that - signatures are not detected when there is a MDC packet but no - compression packet. - - * g10.c (print_hashline): New. - (print_mds): Use above func with --with-colons. - - * mainproc.c (check_sig_and_print): Detect multiple signatures - and don't verify them. - -2000-10-14 Werner Koch - - * mainproc.c (add_onepass_sig): There is an easier solution to the - error fixed yesterday; just check that we only have onepass - packets. However, the other solution provides an cleaner - interface and opens the path to get access to other information - from the armore headers. - (release_list): Reset some more variables. - -2000-10-13 Werner Koch - - * mainproc.c (add_gpg_control): New. - (do_proc_packets): use it. - (proc_plaintext): Changed logic to detect clearsigns. - (proc_tree): Check the cleartext sig with some new code. - - * packet.h: New packet PKT_GPG_CONTROL. - * parse-packet.c (parse_gpg_control): New. - * misc.c (get_session_marker): New. - * armor.c (armor_filter): Replaced the faked 1-pass packet by the - new control packet. - - * keyedit.c (keyedit_menu): Allow batchmode with a command_fd. - * status.c (my_read): New. - (do_get_from_fd): use it. - -2000-10-12 Werner Koch - - * keygen.c (keygen_add_std_prefs): Add Rijndael to the prefs. - -2000-10-07 Werner Koch - - * gpgv.c: Add more stubs for ununsed code to make the binary smaller. - -Wed Oct 4 15:50:18 CEST 2000 Werner Koch - - * sign.c (hash_for): New arg to take packet version in account, changed - call callers. - - * gpgv.c: New. - * Makefile.am: Rearranged source files so that gpgv can be build with - at least files as possible. - -Mon Sep 18 12:13:52 CEST 2000 Werner Koch - - * hkp.c (not_implemented): Print a notice for W32 - -Fri Sep 15 18:40:36 CEST 2000 Werner Koch - - * keygen.c (keygen_add_std_prefs): Changed order of preferences to - twofish, cast5, blowfish. - - * pkclist.c (algo_available): Removed hack to disable Twofish. - -Thu Sep 14 17:45:11 CEST 2000 Werner Koch - - * parse-packet.c (dump_sig_subpkt): Dump key flags. Print special - warning in case of faked ARRs. - - * getkey.c (finsih_lookup): Hack so that for v4 RSA keys the subkey - is used for encryption. - -Thu Sep 14 14:20:38 CEST 2000 Werner Koch - - * g10.c (main): Default S2K algorithms are now SHA1 and CAST5 - this - should solve a lot of compatibility problems with other OpenPGP - apps because those algorithms are SHOULD and not optional. The old - way to force it was by using the --openpgp option whith the drawback - that this would disable a couple of workarounds for PGP. - - * g10.c (main): Don't set --quite along with --no-tty. By Frank Tobin. - - * misc.c (disable_core_dump): Don't display a warning here but a return - a status value and ... - * g10.c (main): ...print warnining here. Suggested by Sam Roberts. - -Wed Sep 13 18:12:34 CEST 2000 Werner Koch - - * keyedit.c (keyedit_menu): Allow to use "debug" on the secret key. - - * ringedit.c (cmp_seckey): Fix for v4 RSA keys. - * seckey-cert.c (do_check): Workaround for PGP 7 bug. - -Wed Sep 6 17:55:47 CEST 2000 Werner Koch - - * misc.c (print_pubkey_algo_note): Do not print the RSA notice. - * sig-check.c (do_signature_check): Do not emit the RSA status message. - * pubkey-enc.c (get_session_key): Ditto. - - * encode.c (encode_simple, encode_crypt): Fix for large files. - * sign.c (sign_file): Ditto. - -Wed Sep 6 14:59:09 CEST 2000 Werner Koch - - * passphrase.c (hash_passphrase): Removed funny assert. Reported by - David Mathog. - - * openfile.c (try_make_homedir): Changes for non-Posix systems. - * g10.c (main): Take the default homedir from macro. - - * g10.c: The --trusted-key option is back. - * trustdb.c (verify_own_key): Handle this option. - (add_ultimate_key): Moved stuff from verify_own_key to this new func. - (register_trusted_key): New. - -Fri Aug 25 16:05:38 CEST 2000 Werner Koch - - * parse-packet.c (dump_sig_subpkt): Print info about the ARR. - - * openfile.c (overwrite_filep): Always return okay if the file is - called /dev/null. - (make_outfile_name): Add ".sign" to the list of know extensions. - (open_sigfile): Ditto. - -Wed Aug 23 19:52:51 CEST 2000 Werner Koch - - * g10.c: New option --allow-freeform-uid. By Jeroen C. van Gelderen. - * keygen.c (ask_user_id): Implemented here. - -Fri Aug 4 14:23:05 CEST 2000 Werner Koch - - * status.c (do_get_from_fd): Ooops, we used fd instead of opt.command_fd. - Thanks to Michael Tokarev. - -Tue Aug 1 20:06:23 CEST 2000 Werner Koch - - * g10.c: New opttion --try-all-secrets on suggestion from Matthias Urlichs. - * pubkey-enc.c (get_session_key): Quite easy to implement here. - -Thu Jul 27 17:33:04 CEST 2000 Werner Koch - - * g10.c: New option --merge-only. Suggested by Brendan O'Dea. - * import.c (import_one): Implemented it here - (import_secret_one): Ditto. - (print_stats): and give some stats. - -Thu Jul 27 12:01:00 CEST 2000 Werner Koch - - * g10.c: New options --show-session-key and --override-session-key - * pubkey-enc.c (hextobyte): New. - (get_override_session_key): New. - * mainproc.c (proc_pubkey_enc): Add session-key stuff. - * status.h, status.c (STATUS_SESSION_KEY): New. - -Thu Jul 27 10:02:38 CEST 2000 Werner Koch - - * g10.c (main): Use setmode(O_BINARY) for MSDOS while generating random bytes - (print_mds): Likewise for stdin. - * plaintext.c (handle_plaintext): Likewise for stdout. - -Mon Jul 24 10:30:17 CEST 2000 Werner Koch - - * keyedit.c (menu_expire): expire date for primary key can be set again. - -Wed Jul 19 11:26:43 CEST 2000 Werner Koch - - * keylist.c (is_uid_valid): New. - (list_keyblock): Print validity information for all user IDs. Note, this - has to be done at other places too; for now we have only minimal support. - -Wed Jul 12 13:32:06 CEST 2000 Werner Koch - - * helptext.c, pkclist.c: s/superseeded/superseded/ - -Mon Jul 10 16:08:57 CEST 2000 Werner Koch - - * parse-packet.c (enum_sig_subpkt): Fixed testing on crtitical bit in case - of a NULL buffer. Reported by Peter Marschall. - -Wed Jul 5 13:28:45 CEST 2000 Werner Koch - - * keyedit.c, keyid.c: Add some _() - - * argparse.c: Changed the flag to suppress --version handling to also - suppress --help. - -Wed Jun 28 11:54:44 CEST 2000 Werner Koch - - * armor.c (armor_filter): Set sigclass to 0 in case of non-dash-escaped - clearsig. This makes this mode work again. - - * mainproc.c (proc_tree): Fixed handling of one-pass-sig packets in textmode. - Disabled the ugly workaround for PGP 5 - let's see whether thi breaks less - cases. Found by Ted Cabeen. - - * options.h (DBG_HASHING): New. All commented md_start_debug are now - controlled by this debug option. - - * sign.c (print_status_sig_created): New and called from 2 places. - - * keygen.c (gen_rsa): New, but commented. - (ask_algo): Commented support for RSA. - - * seckey-cert.c (protect_secret_key): Started to fix the code for v4 RSA - keys - it is not solved yet. However, we have time until, Sep 20th ;) - -Wed Jun 14 12:27:09 CEST 2000 Werner Koch - - * status.c (init_shm_coprocessing): Changed the sequence of the get,attach - to cope with the changes in newer Linux kernels. This bug has been found - by who also proposed this solution. Hopefully - this does not break gpg on to many systems. - - * cipher.c (write_header): Protect the IV with the MDC too. - * encr-data.c (decrypt_data): Likewise. - -Fri Jun 9 10:09:52 CEST 2000 Werner Koch - - * g10.c: New options --no-auto-key-retrieve - * options.h (auto_key_retrieve): New. - * mainproc.c (check_sig_and_print): Implemented that. - -Wed Jun 7 19:19:09 CEST 2000 Werner Koch - - * sig-check.c (do_check): Use EMULATE_MDENCODE also on v4 packets. - -Wed Jun 7 17:25:38 CEST 2000 Werner Koch - - * cipher.c (write_header): Use plain CFB mode for MDC encrypted packets. - * encr-data.c (decrypt_data): Ditto. - -Mon Jun 5 23:41:54 CEST 2000 Werner Koch - - * seskey.c (do_encode_md, encode_md_value): Add new arg v3compathack to work - around a bug in old versions. - * sig-check.c (do_check): use the aboved workaround when enabled. - * g10.c: New option --emulate-md-decode-bug - -Mon Jun 5 12:37:43 CEST 2000 Werner Koch - - * build-packet.c (do_mdc): New. - (do_encrypted_mdc): Changed for the new proposal. - * parse-packet.c (parse_mdc): New. - (parse_encrypted): Fixed for the new proposal. - * packet.h (PKT_MDC): New. - * cipher.c (cipher_filter): Build the MDC packet here. - * g10.c (main): Enable --force-mdc. - * encr-data.c (mdc_decode_filter): Fixed for new MDC method - - * options.h(rfc2440): New. - * g10.c (main): Changed the selected values for --openpgp to not include - optional algorithms. - -Thu May 18 11:38:54 CEST 2000 Werner Koch - - * keyedit.c (keyedit_menu): Add a keyword arg to the prompt. - - * status.c, status.h: Added 3 new status tokens. - * status.c (do_get_from_fd): New. - (cpr_enabled,cpr_get,cpr_get_hidden,cpr_kill_prompt, - cpr_get_answer_is_yes,cpr_get_answer_yes_no_quit): Modified to work - with the new function. - * g10.c: Add new option --command-fd. - - * status.c (progress_cb): New. - (set_status_fd): Register progress functions - -Fri May 12 14:01:20 CEST 2000 Werner Koch - - * delkey.c (delete_key): Add 2 new status messages - * status.c, status.h (STATUS_DELETE_PROBLEM): New. - - Fixed years of copyright in all source files. - -Mon May 1 17:08:14 CEST 2000 Werner Koch - - * trustdb.c (propagate_validity): Fixed the bug that only one uid - gets fully trusted even when all are signed by an ultimate key. - -Mon May 1 15:38:04 CEST 2000 Werner Koch - - * getkey.c (key_byname): Always returned a defined context. Fixed - a segv for invalid user id specifications. Reported by Walter Koch. - - * getkey.c (get_user_id): I18ned "no user id" string. By Walter. - - * pkclist.c (do_show_revocation_reason): Typo fixes. - * helptext.c: Ditto. - - * armor.c (armor_filter): Fixed some CRLF issues. By Mike McEwan. - -Fri Apr 14 19:37:08 CEST 2000 Werner Koch - - * pkclist.c (do_show_revocation_reason): New. - (show_revocation_reason): New and called at various places. - - * g10.c (main): Fixed small typo. - - * pkclist.c (do_we_trust): Act on always_trust but not for revoked - keys. Suggested by Chip Salzenberg. - - * g10.c: New option --lock-never. - - * ringedit.c (get_writable_keyblock_file): New. - * keygen.c (do_generate_keypair): Use this instead of the hardwired one. - - * keygen.c (ask_user_id): Check that the email address is in the - correct field. Suggested by Christian Kurz. - -Mon Apr 10 13:34:19 CEST 2000 Werner Koch - - * keyedit.c (show_key_with_all_names): s/sbb/ssb/ - -Tue Mar 28 14:26:58 CEST 2000 Werner Koch - - * trustdb.c (verify_own_keys): Do not print warning about unprotected - key when in quiet mode. - -Wed Mar 22 13:50:24 CET 2000 Werner Koch - - * mainproc.c (print_userid): Do UTF8 conversion before printing. - * import.c (import_one): Ditto. - (import_secret_one): Ditto. - (delete_inv_parts): Ditto. - -Thu Mar 16 16:20:23 CET 2000 Werner Koch - - * keylist.c (print_key_data): Handle a NULL pk gracefully. - - * getkey.c (merge_one_pk_and_selfsig): Fixed silly code for - getting the primary keys keyID but kept using the one from the - subkey. - * pubkey-enc.c (get_it): Print a note for expired subkeys. - - * getkey.c (has_expired): New. - (subkeys_expiretime): New. - (finish_lookup): Check for expired subkeys needed for encryption. - (merge_keys_and_selfsig): Fixed expiration date merging for subkeys. - - * keylist.c (list_keyblock): Print expiration time for "sub". - (list_one): Add missing merging for public keys. - * mainproc.c (list_node): Ditto. - -2000-03-14 13:49:38 Werner Koch (wk@habibti.openit.de) - - * keygen.c (keyedit_menu): Do not allow to use certain commands - while the secret key is selected. - -2000-03-09 12:53:09 Werner Koch (wk@habibti.openit.de) - - * keygen.c (ask_expire_interval): Movede parsig to ... - (parse_expire_string): ... this new function. And some new control - commands. - (proc_parameter_file): Add expire date parsing. - (do_generate_keypair): Allow the use of specified output files. - -2000-03-08 10:38:38 Werner Koch (wk@habibti.openit.de) - - * keygen.c (ask_algo): Removed is_v4 return value and the commented - code to create Elg keys in a v3 packet. Removed the rounding - of key sizes here. - (do_create): Likewise removed arg v4_packet. - (gen_elg): Likewise removed arg version. Now rounding keysizes here. - (gen_dsa): Rounding keysize now here. - (release_parameter_list): New - (get_parameter*): New. - (proc_parameter_file): New. - (read_parameter_file): New. - (generate_keypair): Splitted. Now uses read_parameter_file when in - batch mode. Additional argument to specify a parameter file. - (do_generate_keypair): Main bulk of above fucntion and uses the - parameter list. - (do_create): Don't print long notice in batch mode. - * g10.c (main): Allow batched key generation. - -Thu Mar 2 15:37:46 CET 2000 Werner Koch - - * pubkey-enc.c (get_it): Print a note about unknown cipher algos. - - * g10.c (opts): Add a note to the help listing about the man page - and removed some options from the help listing. - - * keyedit.c (print_and_check_one_sig): Use a new function to truncate - the output of the user ID. Suggested by Jan-Benedict Glaw. - -Wed Feb 23 10:07:57 CET 2000 Werner Koch - - * helptext.c: typo fix. - -Thu Feb 17 13:39:32 CET 2000 Werner Koch - - * revoke.c: Removed a bunch of commented code. - - * packet.h (SIGSUBPKT_REVOC_REASON): New. - * build-packet.c (build_sig_subpkt): Support new sub packet. - * parse-packet.c (parse_one_sig_subpkt): Ditto. - (dump_sig_subpkt): Ditto. - * revoke.c (ask_revocation_reason): New. - (release_revocation_reason_info): New. - (revocation_reason_build_cb): New. - (gen_revoke): Ask for reason. - * main.h (struct revocation_reason_info): Add declaration. - * keyedit.c (menu_revsig): Add support for revocation reason. - (menu_revkey): Ditto. - (sign_uid_mk_attrib): Renamed to ... - (sign_mk_attrib): ... this, made static and add support for reasons. - -Tue Feb 15 08:48:13 CET 2000 Werner Koch - - * build-packet.c (build_packet): Fixed fixing of old comment packets. - - * import.c (import_keys): Fixed importing from stdin when called with - nnames set to zero as it normally happens. - -Mon Feb 14 14:30:20 CET 2000 Werner Koch - - * sig-check.c (check_key_signature2): Add new arg r_expired. - (do_signature_check): New arg to pass it down to ... - (do_check): New arg r-expire which is set when the signature - has expired. - * trustdb.c (check_sig_record): Set SIGF_EXPIRED flag and set - the expiretime to zero so that thi signature will not be checked - anymore. - -Fri Feb 11 17:44:40 CET 2000 Werner Koch - - * g10.c (g10_exit): Update the random seed_file. - (main): Set the random seed file. New option --no-random-seed-file. - -Thu Feb 10 17:39:44 CET 2000 Werner Koch - - * keyedit.c (menu_expire): Fixed segv due to unitialized sub_pk. - By Rémi. - -Thu Feb 10 11:39:41 CET 2000 Werner Koch - - * keylist.c (list_keyblock): Don't print warnings in the middle of - regulat output lines. By Rémi. - - * sig-check.c: Include options.h - -Wed Feb 9 15:33:44 CET 2000 Werner Koch - - * gpg.c: New option --ignore-time-conflict - * sig-check.c (do_check): Implemented this option. - * trustdb.c (check_trust): Ditto. - * sign.c (do_sign): Ditto. - * keygen.c (generate_subkeypair): Ditto. - - * encode.c (encode_simple): use iobuf_cancel after open failure. - Reported by Huy Le. - -Fri Jan 14 18:32:01 CET 2000 Werner Koch - - * packet.h (STRING2KEY): Changed mode from byte to int. - * parse-packet.c (parse_key): Add the special GNU protection stuff - * build-packet.c (so_secret_key): Ditto. - * seckey-cert.c (do_check): Ditto. - * keyedit.c (change_passphrase): Ditto. - * export.c (export_secsubkeys): New. - (do_export_stream): Hack to export the primary key using mode 1001. - * g10.c: New command --export-secret-subkeys - -Thu Jan 13 19:31:58 CET 2000 Werner Koch - - * armor.c (is_armored): Check for 1-pass-sig packets. Reported by - David Hallinan . - (armor_filter): Replaced one LF by the LF macro. Reported by - Wolfgang Redtenbacher. - -Wed Jan 5 11:51:17 CET 2000 Werner Koch - - * g10.c (main): Reset new global flag opt.pgp2_workarounds - when --openpgp is used. - * mainproc.c (proc_plaintext): Do the PGP2,5 workarounds only - when the global flag is set. - (proc_tree): Ditto. - * textfilter.c (copy_clearsig_text): Ditto. - * armor.c (armor_filter): Ditto. - - * g10.c: New option --list-only - * mainproc.c (proc_tree): Don't do it if opt.list_only is active. - (proc_pubkey_enc): Implement option. - - * status.h, status.c ({BEGIN,END}_{EN,DE}CRYPTION): New. - * cipher.c (cipher_filter): New status outputs. - * mainproc.c (proc_encrypted): New status outputs. - -Fri Dec 31 14:08:15 CET 1999 Werner Koch - - * armor.c (armor_filter): Made the "Comment:" header translatable. - - * hkp.c (hkp_import): Make sure that the program does not return - success when there is a connection problem. Reported by Phillip Jones. - -Sun Dec 19 15:22:26 CET 1999 Werner Koch - - * armor.c (LF): Use this new macro at all places where a line LF - is needed. This way DOSish textfiles should be created when the - input data is also in dos mode. - * sign.c (LF): Ditto. - * textfilter.c (LF): Ditto. - (copy_clearsig_text): Disabled the forcing of CR,LF sequences - for DOS systems. - - * plaintext.c (handle_plaintext): Fixes for line endings on DOS. - and react on a LF in cleartext. - * armor.c (fake_packet): Restore the original line ending after - removing trailing spaces. - - * signal.c (got_fatal_signal): DOS fix. - -Thu Dec 16 10:07:58 CET 1999 Werner Koch - - * mainproc.c (print_failed_pkenc): Fix for unknown algorithm. - Found by fygrave@epr0.org. - -Thu Dec 9 10:31:05 CET 1999 Werner Koch - - * hkp.c: i18n the strings. - -Sat Dec 4 15:32:20 CET 1999 Werner Koch - - * trustdb.c (verify_key): Shortcut for ultimately trusted keys. - -Sat Dec 4 12:30:28 CET 1999 Werner Koch - - * pkclist.c (build_pk_list): Validate the trust using the namehash - if this one has been set by the key lookup. - - * g10.c: Add --delete-secret-key to the help page. - - * openfile.c (copy_options_file): Made static. - (try_make_homedir): New. - * ringedit.c (add_keyblock_resource): Use the try_make_hoemdir logic. - * tdbio.c (tdbio_set_dbname): Likewise. - - * keygen.c (generate_user_id): Use m_alloc_clear() here. We should - better use an allocation function specific to the user_id packet. - - * keygen.c (keygen_add_std_prefs): Changed symmetric preferences - to include Blowfish again. This is due to it's better speed compared - to CAST5. - - * g10.c (strusage): Print the home directory. - - * armor.c (armor_filter): Take action on the cancel control msg. - * filter.h (armor_filter_context_t): Add cancel flag. - -Mon Nov 29 21:52:11 CET 1999 Werner Koch - - * g10.c: New option --fast-list-mode .. - * keylist.c (list_keyblock): .. and implemented. - * mainproc.c (list_node): Ditto. - - * import.c (mark_non_selfsigned_uids_valid): Fixed the case that there - is a uid without any packet following. - -Mon Nov 22 11:14:53 CET 1999 Werner Koch - - * mainproc.c (proc_plaintext): Never enable the hash processing - when skip_verify is active. - - * armor.c (parse_header_line): Stop parsing on a WS line too. - Suggested by Aric Cyr. - - * tdbdump.c (HEXTOBIN): Changed the name of the argument, so that - traditional cpp don't mess up the macros. Suggested by Jos Backus. - - * mainproc.c (list_node): Print the PK algo in the --with-colon mode. - * keylist.c (list_keyblock): Ditto. - - * signal.c (got_fatal_signal): Found the reason why exit(8) did not - work - it is better to set the disposition back to default before - raising the signal. Print the notice on stderr always. - -Fri Nov 12 20:33:19 CET 1999 Werner Koch - - * g10.c (make_username): Swapped the logic. - * keylist.c (public_key_list): Now takes a STRLIST as arg and moved - the creation ot this list to the caller, so that he can copy with - UTF-conversion of user IDs. Changed all callers. - (secret_key_list): Likewise. - - * getkey.c (get_user_id_string_native): New and ... - * encode.c (write_pubkey_enc_from_list): ... use it here. - - * pubring.asc: Updated. - - * packet.h (PKT_PHOTO_ID): New. - * parse-packet.c (parse_photo_id): New. - * build-packet.c (do_user_id: Handle photo IDs. - (build_packet): Change CTB for photo IDs - * free-packet.c (free_user_id): Release memory used for photo IDs - * sig-check.c (hash_uid_node): Handle photo IDs too. - * trustdb.c (print_uid_from_keyblock): Hash photo ID. - (make_uid_records): Ditto. - * getkey.c (find_by_name): Ditto. - * keyedit.c (show_prefs): Ditto. - * keylist.c (list_keyblock): Ditto. - -Thu Oct 28 16:08:20 CEST 1999 Werner Koch - - * keygen.c (ask_expire_interval): Print a warning for systems - with a signed 32 time_t if the exiration time is beyoind 2038. - -Fri Oct 8 20:40:50 CEST 1999 Werner Koch - - * ringedit.c (enum_keyblocks): The last fix way really stupid; - reverted and set rt to Unknown. - -Fri Oct 8 20:32:01 CEST 1999 Werner Koch - - * ringedit.c (enum_keyblocks): Zero the entire kbpos out on open. - - * g10.c (oEntropyDLL): Removed option. - (main): Made the warning on development versions more verbose. - - * g10.c (oHonorHttpProxy): New option. - * hkp.c (hkp_ask_import,hkp_export): Implement this option. - * options.skel: Enable this option for new installations - -Mon Oct 4 21:23:04 CEST 1999 Werner Koch - - * import.c (import_keys): Changed calling interface, adjusted caller. - (import): Moved printing of stats out ... - (print_stats): New. ... to here. - (import_keys_stream): Call stats print here. - (import_keys): Print stats as totals for all files. - - * tdbio.h (DIRF_NEWKEYS): New - * tdbio.c (tdbio_dump_record): Print the new flag. - * trustdb.c (check_trust_record): New arg sigs_only. Adapted all - callers. - (do_update_trust_record): Removed recheck arg and add a new sigs_only - do we can later improve on the performance. Changed all callers too. - (check_trustdb): Evalutate the new flag and add a status output. - Do a check when the dir record has not been checked. - (build_cert_tree): Evaluate the new flag. - (check_trust): Ditto. Do a trust_record check, when the dir record - is not marked as checked. - (mark_fresh_keys): New. - (clear_lid_table): New. - (sync_trustdb): New. - * import.c (import_keys): Call sync_trustdb() after processing. - (import_keys_stream): Ditto. - * tdbdump.c (import_ownertrust): Ditto. - - * import.c (import_revoke_cert): Notify the trust DB. - (do_update_trust_record): Use |= to set the REVOKED bit and not &=; - shame on me for this bad copy+paste introduced bug. - (do_we_trust): Add trustmask to allow revoked key override to work. - Chnaged are to allow return of a mofified trustlevel. Adapted the - one caller. - - * g10.c: New options --emulate-3des-s2k-bug - * passphrase.c (hash_passphrase): Implemented above. - - * mainproc.c (proc_tree): Check for standalone signatures. - (do_check_sig): Print a notice for a standalone revocation - (check_sig_and_print): Do not print an error for unchecked standalone - revocations. - -Tue Sep 28 20:54:37 CEST 1999 Werner Koch - - * encode.c (encode_simple): Use new CTB when we don't have the - length of the file. This is somewhat strange as the comment above - indicates that this part is actually fixed for PGP 5 - maybe I simply - lost the source line, tsss. - - * armor.c (armor_filter): Set a flag if no OpenPGP data has been found. - * verify.c (verify_signatures): Add an error helptext. - -Thu Sep 23 19:24:30 CEST 1999 Werner Koch - - * openfile.c (open_outfile): Fixed the 8dot3 handling. - - * passphrase.c (passphrase_to_dek): Print uid using utf8 func. - * delkey.c (delete_key): Ditto. - * pkclist.c (show_paths,do_edit_ownertrust,do_we_trust): Ditto - (do_we_trust_pre): Ditto. - * trustdb.c (print_user_id,check_uidsigs): Ditto. - * revoke.c (gen_revoke,ask_revoke_sig): Ditto. - -Thu Sep 23 09:52:58 CEST 1999 Werner Koch - - * verify.c (print_file_status): New. - (verify_one_file): Moved status print to th new fnc. Add error status. - * status.c, status.h (STATUS_FILE_ERROR): New - -Wed Sep 22 10:14:17 CEST 1999 Werner Koch - - * openfile.c (make_outfile_name): Use case-insenstive compare for - DOS systems. Add ".pgp" to the list of know extensions. - (open_outfile): For DOS systems try to replace the suffiy instead of - appending it. - - * status.c, status.h: Add STATUS_FILE_{START,DONE}. - * verify.c (verify_one_file): Emit these new stati. - - * sign.c (clearsign_file): Avoid duplicated Entries in the "Hash:" - line. Those headers are now only _not_ printed when there are - only old-style keys _and_ all hashs are MD5. - -Mon Sep 20 12:24:41 CEST 1999 Werner Koch - - - * verify.c (verify_files, ferify_one_file): New. - * g10.c: New command --verify-files - -Fri Sep 17 12:56:42 CEST 1999 Werner Koch - - * g10.c: Add UK spelling as alias for armor options ;-) - - * import.c (append_uid): Fixed a SEGV when there is no selfsig and - no subkey. - (merge_sigs): Ditto. Removed the assertion. - -Wed Sep 15 16:22:17 CEST 1999 Werner Koch - - * g10.c: New option --entropy-dll-name - -Mon Sep 13 10:51:29 CEST 1999 Werner Koch - - * signal.c (got_fatal_signal): Print message using write(2) and - only for development versions. - -Mon Sep 6 19:59:08 CEST 1999 Werner Koch - - * tdbio.c (tdbio_set_dbname): Use mkdir macro - * ringedit.c (add_keyblock_resource): Ditto. - -Fri Sep 3 10:04:45 CEST 1999 Werner Koch - - * pkclist.c (build_pk_list): Skip keys set with --encrypt-to also - when asking for a key. - - * plaintext.c (handle_plaintext): Make sure that we don't read a - second EOF in the read loop for partial length packets. - - * mainproc.c (check_sig_and_print): print user ID as utf-8. - -Thu Sep 2 16:40:55 CEST 1999 Werner Koch - - * import.c (merge_blocks): First add new subkeys, then merge subkey - certificates. - (merge_sigs): Don't merge subkey signatures here. - -Wed Sep 1 15:30:44 CEST 1999 Werner Koch - - * keygen.c (ask_expire_interval): Fixed bug related to cpr_xx (tnx - Francis J. Lacoste). - -Tue Aug 31 17:20:44 CEST 1999 Werner Koch - - * plaintext.c (do_hash): Hash CR,LF for a single CR. - (ask_for_detached_datafile): Changed arguments to be closer to - those of hash_datafiles and cleanup the code a bit. - * mainproc.c (proc_tree): Workaround for pgp5 textmode detached - signatures. Changed behavior of asking for data file to be the same - as with provided data files. - - * keylist.c (list_keyblock): Use UTF8 print functions. - -Mon Aug 30 20:38:33 CEST 1999 Werner Koch - - * import.c (chk_self_sigs): some s/log_error/log_info/ so that gpg - does not return an error if a key has some invalid packets. - - * helptext.c: Fixed some typos and changed the way the - translation works. The english text is now the keyword for gettext - and not anymore the keyword supplied to the function. Done after - some discussion with Walter who thinks this is much easier for the - translators. - - * misc.c (disable_core_dumps): Don't do it for DOSish systems. - - * signal.c (signal_name): Bounds check on signum. - -Wed Aug 4 10:34:18 CEST 1999 Werner Koch - - * pubring.asc: Updated. - - * pkclist.c (do_we_trust_pre,check_signatures_trust): Do not print - the warning about --always_trust when --quiet is used. - - * pkclist.c (fpr_info): New and called at several places. - - * parse-packet.c (dump_sig_subpkt): List revocation key contents. - -Mon Jul 26 09:34:46 CEST 1999 Werner Koch - - * pkclist.c (build_pk_list): Fixed typo in format string. - - * trustdb.c (create_shadow_dir): Don't translate the error string. - - * g10.c (main): Fixed spelling of user-id. - * getkey.c (find_by_name_pk,find_by_name_sk, - find_by_keyid,find_by_keyid_sk): Ditto and translate it. - * import.c (mark_non_selfsigned_uids_valid,delete_inv_parts): Ditto. - - -Mon Jul 26 01:01:39 CEST 1999 Michael Roth - - * g10.c, options.h: New options --no-literal and --set-filesize - - * encode.c (encode_simple, encode_crypt): Support for the options - --no-literal and --set-filesize. - - * sign.c (sign_file): ditto. - -Fri Jul 23 13:53:03 CEST 1999 Werner Koch - - - * ringedit.c (enum_keyblocks): Removed annoying error message in cases - when we have no keyring at all to enum. - - * getkey.c (classify_user_id): Rewrote to relax the recognition of - keyIDs and fingerprints (Michael). - - * mainproc.c (check_sig_and_print): Print status NO_PUBKEY. - (print_failed_pkenc): Print status NO_SECKEY. - - * import.c (mark_non_selfsigned_uids_valid): New. - * g10.c: New option --allow-non-selfsigned-uid. - - * pkclist.c (print_fpr): New. - (do_we_trust_pre): Print the fpr before asking whether to use the key - anyway. - (do_edit_ownertrust): Likewise. - -Thu Jul 22 20:03:03 CEST 1999 Werner Koch - - - * ringedit.c (enum_keyblocks): Removed annoying error message in cases - when we have no keyring at all to enum. - - * getkey.c (classify_user_id): Rewrote to relax the recognition of - keyIDs and fingerprints (Michael). - - * mainproc.c (check_sig_and_print): Print status NO_PUBKEY. - (print_failed_pkenc): Print status NO_SECKEY. - - * import.c (mark_non_selfsigned_uids_valid): New. - * g10.c: New option --allow-non-selfsigned-uid. - -Thu Jul 15 10:15:35 CEST 1999 Werner Koch - - * g10.c: New options --disable-{cipher,pubkey}-algo. - -Wed Jul 14 19:42:08 CEST 1999 Werner Koch - - * status.h (STATUS_IMPORTED): New. - * import.c (import): Print some status information (Holger Schurig). - - * g10.c (main): Make --no-greeting work again. Add a warning when - --force-mds is used. - -Tue Jul 13 17:39:25 CEST 1999 Werner Koch - - * pkclist.c (do_edit_ownertrust): Changed the way help works. - (build_pk_list): Implemented default recipient stuff. - * g10.c: New options --default-recipient[-self] - (main): Suppress greeting in most cases, entering a passphrase or - a missing value is not considered to be interactive use. - Merged --print-md and --print-mds; the latter is now obsolete. - Changed the way --gen-random works and documented it. - Changed the way --gen-prime works and add a man entry. - * g10.c (MAINTAINER_OPTIONS): Removed. - -Mon Jul 12 18:45:57 CEST 1999 Werner Koch - - * keyedit.c (keyedit_menu): Add arg sign_mode and changed callers - * g10.c (main): New command --lsign-key. - -Mon Jul 12 14:55:34 CEST 1999 Werner Koch - - * mainproc.c (kidlist_item): New. - (release_list): Release failed pk-enc-list. - (print_failed_pkenc): New - (proc_encrypted): Print info about failed PK enc. - - * openfile.c (make_outfile_name): s/error/info/ - - * passphrase.c (passphrase_to_dek): Return an empty passphrase when - in batch mode and don't make the warning message fatal - * seckey-cert.c (check_secret_key): Try only once when in batch mode. - - * g10.c (make_username): New. - -Thu Jul 8 16:21:27 CEST 1999 Werner Koch - - - * packet.h (PKT_ring_trust): New - * parse-packet.c (parse_trust): Store trust value - * build-packet (build_packet): Ignore ring trust packets. - * mainproc.c (add_ring_trust): New. - (list_node): Print "rtv" records. - * g10.c: New option --with-fingerprint. - - * trustdb.c (verify_own_keys): Don't insert if we are dry running - (check_trust): Ditto. - -Wed Jul 7 13:08:40 CEST 1999 Werner Koch - - * Makefile.am: Support for libtool. - - * keygen.c (ask_expire_interval): Hack to allow for an expire date. - - * trustdb.c (do_update_trust_record,update_trust_record): Splitted. - (check_trust_record): New. - (check_trust,build_cert_tree): Check the dir record as needed. - (upd_pref_record): Removed. - (make_pref_record): New. - (propagate_validity): Stop as soon as we have enough validity. - - * tbdio.c (MAX_CACHE_ENTRIES_HARD): Increased the limit. - - -Fri Jul 2 11:45:54 CEST 1999 Werner Koch - - * g10.c (g10_exit): Dump random stats. - - * sig-check.c (check_key_signature,check_key_signature2): Enhanced - version and wrapper for old function. - (do_signature_check,signature_check): Ditto. - -Thu Jul 1 12:47:31 CEST 1999 Werner Koch - - - * keyedit.c (show_key_with_all_names): Print a notice for disabled keys. - (enable_disable_keys): Add functionality - * pkclist.c (edit_ownertrust): preserve disabled state. - (build_pk_list): Skip disabled keys. - * trustdb.c (upd_one_ownertrust): Ditto. - (build_cert_tree): Mask the ownertrust. - (trust_letter): Mask the value. - (do_check): Take disabled flag into account. - - * passphrase.c (passphrase_to_dek): Add a pubkey_algo arg and changed - all callers. - - * g10.c (utf8_strings): 2 new options. - - * trustdb.c (insert_trust_record_by_pk): New, replaces the next one. - (insert_trust_record): Now takes a keyblock as arg. Changed all - callers to use the appropritae function. - - * openfile.c (ask_outfile_name): New. - * plaintext.c (handle_plaintext): Ask for filename if there is - no valid syntax. Don't use fname varbatim but filter it. - -Tue Jun 29 21:44:25 CEST 1999 Werner Koch - - - * trustdb.h (TRUST_FLAG_DISABLED): New. - - * status.c (USE_CAPABILITIES): Capabilities support (Remi). - - * tdbio.c : Added new fields to the DIR record. - (tdbio_write_record): Fixed the update of the hash tables. - (tdbio_delete_record): Drop the record from the hash tables. - (drop_from_hashtbl): New. - - * status.c (cpr_get): Special online help mode. - * helptext.c ("keyedit.cmd"): Removed. - * keyedit.c (keyedit_menu): Use only help system. - (enable_disable_key): New bit doies not yet work. - -Sat Jun 26 12:15:59 CEST 1999 Werner Koch - - - * dearmor.c (enarmor_file): Fixed comment string. - * tdbdump.c (export_ownertrust): Text fix. - * tbio.c (tdbio_invalid): Ditto. - - * parse-packet.c (parse_key): Made temp buffer larger. - - * Makefile.am (install-data-local): Add missing backslashes - -Tue Jun 15 12:21:08 CEST 1999 Werner Koch - - * g10.c (main): Made iterated+salted the default S2K method. - - * Makefile.am (install-data-local): Use DESTDIR. - - * passphrase.c (passphrase_to_dek): Emit missing-passphrase while in - batchmode. - - * parse-packet.c (parse_pubkeyenc): Fixed a SEGV. - -Mon Jun 14 21:18:54 CEST 1999 Michael Roth - - * g10.c: New options --openpgp, --no-tty, --emit-version, - --default-comment and --lock-multiple - -Thu Jun 10 14:18:23 CEST 1999 Werner Koch - - * free-packet.c (free_encrypted): Fixed EOF case (Remi). - (free_plaintext): Ditto. - - * helptext.c (keyedit.delsig.unknown): New (Remi). - * keyedit.c (print_and_check_one_sig): Add arg print_without_key and - changed all callers to make use of it (Remi): - -Tue Jun 8 13:36:25 CEST 1999 Werner Koch - - * keylist.c (print_key_data): New and called elsewhere. - * g10.c: New option --with-key-data - -Wed Jun 2 14:17:19 CEST 1999 Werner Koch - - * mainproc.c (proc_tree): Yet another bad hack to cope with - broken pgp2 created detached messages in textmode. - -Tue Jun 1 16:01:46 CEST 1999 Werner Koch - - * openfile.c (make_outfile_name): New. - * plaintext.c (handle_plaintext): Outputfile is now the inputfile - without the suffix. - * g10.c: New option --use-embedded-filename - -Mon May 31 19:41:10 CEST 1999 Werner Koch - - * g10.c (main): Fix for SHM init (Michael). - - * compress.c, encr-data.c, mdfilter.c, - plaintext.c, free-packet.c: Speed patches (Rémi). - -Thu May 27 09:40:55 CEST 1999 Werner Koch - - * status.c (cpr_get_answer_yes_no_quit): New. - * keyedit.c (menu_delsig): New. - (check_all_keysigs): Splitted. - (print_and_check_one_sig): New. - -Wed May 26 14:36:29 CEST 1999 Werner Koch - - * build-packet.c (build_sig_subpkt): Support large packets. - * parse-packet.c (enum_sig_subpkt): Replaces parse_sig_subpkt. - * mainproc.c (print_notation_data): Print all notation packets. - * g10.c (add_notation_data): Add a way to specify the critical flag. - (main): Add option --set-policy-url. - (check_policy_url): Basic checks. - * sign.c (mk_notation_and_policy): Replaces mk_notation. - - * parse-packet.c (can_handle_critical): Moved decision whether we can - handle critical subpacket to an extra function. - -Tue May 25 19:50:32 CEST 1999 Werner Koch - - * sign.c (sign_file): Always use compression algo 1 for signed - onyl file becuase we can´ be sure the the verifier supports other - algorithms. - - * build-packet.c (build_sig_subpkt): Support for notation data. - * sign.c (sign_file,clearsign_file,make_keysig_packet): Ditto. - (mk_notation): New. - * g10.c (add_notation_data): New and add option -N - * mainproc.c (print_notation_data): New. - (check_sig_and_print): Print any notation data of the signed text. - -Sun May 23 14:20:22 CEST 1999 Werner Koch - - * pkclist.c (check_signatures_trust): Print a warning and return - immediateley if opt.always_trust is true. - - * g10.c (main): Corrected handling of no-default-keyring - - * pkclist.c (algo_available): Disable Twofish until we have settled - how to do the MDC. - - * hkp.c: Disable everything for mingw32 - -Sat May 22 22:47:26 CEST 1999 Werner Koch - - * mainproc.c (check_sig_and_print): Add sig creation time to the - VALIDSIG status output. Add more info to the ERRSIG output. - * sig-check.c (signature_check): Add sig time after epoch to SIG_ID. - - * import.c (import_one): Merge duplicate user IDs. - (collapse_uids): New. - * kbnode.c (move_kbnode): New. - (remove_kbnode): New. - * keyedit.c (keyedit_menu): Call collapse_uids. - - * g10.c: new option --logger-fd. - - * import.c: s/log_*_f/log_*/ - -Thu May 20 14:04:08 CEST 1999 Werner Koch - - * misc.c (pull_in_libs): do the volatile only for gcc - - * sig-check (signature_check): Emit SIG_iD only for classes 0 and 1. - - * armor.c (armor_filter): Add detection of PGP2 created clearsigs. - (fake_packet): A tab is not a WS for pgp2 - handle this. - * textfilter.c (len_without_trailing_chars): New. - (copy_clearsig_text): Add pgp2mode arg. - * sign.c (clearsign_file): pass old_style to the above fnc. - - -Wed May 19 16:04:30 CEST 1999 Werner Koch - - * g10.c: New option --interactive. - - * mainproc.c (proc_plaintext): Add workaround for pgp2 bug - (do_check_sig): Ditto. - (proc_tree): Ditto. - * plaintext.c (do_hash): Ditto. - (hash_datafiles): Ditto, add an arg, changed all callers. - * mdfilter.c (md_filter): Add support for the alternate hash context. - -Mon May 17 21:54:43 CEST 1999 Werner Koch - - * parse-packet.c (parse_encrypted): Support for PKT_ENCRYPTED_MDC. - * build-packet.c (do_encrypted_mdc): Ditto. - * cipher.c (write_header): Add mdc hashing. - (cipher_filter): write out the hash. - * mainproc.c (do_proc_packets): Add PKT_ENCRYPTED_MDC. - * encr-data.c (decrypt_data): Add mdc hashing. - (mdc_decode_filter): New. - - * parse-packet.c (parse_sig_subpkt): Fixed stupid bug for subpkt - length calculation - (parse_signature): Fixed even more stupid bug. - -Sat May 8 19:28:08 CEST 1999 Werner Koch - - * build-packet.c (do_signature): Removed MDC hack. - * encode.c (encode_crypt_mdc): Removed. - * mainproc.c (do_check_sig): Removed MDC hack. - (check_sig_and_print): Ditto. - * parse-packet.c (parse_signature): Ditto. - * sig-check.c (mdc_kludge_check): Ditto. - * free-packte.c (copy_signature, free_seckey_enc): Ditto. - - * parse-packet.c (parse_signature,parse_key): Store data of - unknown algorithms with mpi_set_opaque inseatd of the old - faked data stuff. - (read_rest): Removed. - (read_rest2): Renamed to read_rest - * build-packet.c (write_fake_data): Use mpi_get_opaque. - * free-packet.c (cp_fake_data): Removed and cahnged all callers - to use mpi_copy. - (free_pubkey_enc,free_seckey_enc,release_public_key_parts, - release_secret_key_parts): Use mpi_free for opaque data. - -Thu May 6 14:18:17 CEST 1999 Werner Koch - - * trustdb.c (check_trust): Check for revoked subkeys. - * pkclist.c (do_we_trust): Handled revoked subkeys. - (do_we_trust_pre): Ditto. - (check_signatures_trust): Ditto. - - * build-packet.c (hash_public_key): Fix for ancient g10 keys. - - * mainproc.c (do_proc_packets): Return EOF if no data has been read. - * g10.c (main): Catch errors for default operation. - -Thu Apr 29 12:29:22 CEST 1999 Werner Koch - - * sign.c (sign_file): Fixed hashing in case of no subpackets. - (clearsign_file): Ditto. - (make_keysig_packet): Ditto. - -Wed Apr 28 13:03:03 CEST 1999 Werner Koch - - * keyedit.c (keyedit_menu): Add new command revkey. - * (menu_revkey): New. - - -Mon Apr 26 17:48:15 CEST 1999 Werner Koch - - * parse-packet.c (parse_signature): Add the MDC hack. - * build-packet.c (do_signature): Ditto. - * free-packet.c (free_seckey_enc,copy_signature,cmp_signatures): Ditto. - * mainproc.c (do_check_sig): Ditto. - * sig-check.c (mdc_kludge_check): New. - * encode.c (encrypt_mdc_file): New. - - * keyedit.c (check_all_keysigs): List revocations. - * (menu_revsig): New. - * sign (make_keysig_packet): Support for class 0x30. - -Sun Apr 18 20:48:15 CEST 1999 Werner Koch - - * pkclist.c (select_algo_from_prefs): Fixed the case that one key - has no preferences (Remi Guyomarch). - - keylist.c (list_keyblock): ulti_hack to propagate trust to all uids. - -Sun Apr 18 10:11:28 CEST 1999 Werner Koch - - * seckey-cert.c (do_check): Use real IV instead of a 0 one, so that - it works even if the length of the IV doesn't match the blocksize. - Removed the save_iv stuff. - (protect_secret_key): Likewise. Create the IV here. - * packet.h (PKT_secret_key): Increased size of IV field and add a - ivlen field. - * parse-packet.c (parse_key): Use the len protect.ivlen. - * build-packet.c (do_secret_key). Ditto. - - * getkey.c (key_byname): Close keyblocks. - - * Makefile.am (gpgm): Removed this - * g10.c: Merged gpg and gpgm - - * import.c (import): Utilize option quiet. - * tdbio.c (tdbio_set_dbname): Ditto. - * ringedit.c (add_keyblock_resource,keyring_copy): Ditto. - - * keyedit.c (sign_uids): Add some batch support. - - * g10.c (main): add call to tty_batchmode. - -Fri Apr 9 12:26:25 CEST 1999 Werner Koch - - * status.c (write_status_text): Some more status codes. - * passphrase_to_dek (passphrase_to_dek): add a status code. - * seckey_cert.c (check_secret_key): Likewise. - - * encr-data.c (decrypt_data): Reverse the last changes - * cipher.c (write_header): Ditto. - - * parse-packet.c (parse_key): Dropped kludge for ancient blowfish mode. - -Thu Apr 8 09:35:53 CEST 1999 Werner Koch - - * mainproc.c (proc_encrypted): Add a new status output - * passphrase.c (passphrase_to_dek): Ditto. - * status.h status.c: Add new status tokens. - -Wed Apr 7 20:51:39 CEST 1999 Werner Koch - - * encr-data.c (decrypt_data): Fixes for 128 bit blocksize - * cipher.c (write_header): Ditto. - * seckey-cert.c (do_check): Ditto. - (protect_secret_key). Ditto. - * misc.c (print_cipher_algo_note): Twofish is now a standard algo. - - * keygen.c (do_create): Fixed spelling (Gaël Quéri) - (ask_keysize): Only allow keysizes up to 4096 - - * ringedit.c (add_keyblock_resource): chmod newly created secrings. - - * import.c (delete_inv_parts): Fixed accidently deleted subkeys. - -Tue Apr 6 19:58:12 CEST 1999 Werner Koch - - * armor.c: Removed duped include (John Bley) - * mainproc.c: Ditto. - - * build-packet.c (hash_public_key): Fixed hashing of the header. - - * import.c (delete_inv_parts): Allow import of own non-exportable sigs. - -Sat Mar 20 13:59:47 CET 1999 Werner Koch - - * armor.c (fake_packet): Fix for not not-dash-escaped - -Sat Mar 20 11:44:21 CET 1999 Werner Koch - - * g10.c (main): Added command --recv-keys - * hkp.c (hkp_import): New. - -Wed Mar 17 13:09:03 CET 1999 Werner Koch - - * trustdb.c (check_trust): add new arg add_fnc and changed all callers. - (do_check): Ditto. - (verify_key): Ditto. - (propagate_validity): Use the new add_fnc arg. - (print_user_id): Add the FILE arg. - (propagate_ownertrust): New. - * pkclist.c (add_ownertrust_cb): New and changed the add_ownertrust - logic. - - * getkey.c (get_keyblock_bylid): New. - * trustdb.c (print_uid_from_keyblock): New. - (dump_tn_tree_with_colons): New. - (list_trust_path): Add colon print mode. - - * trustdb.c (insert_trust_record): Always use the primary key. - - * encode.c (encode_simple): Added text_mode filter (Rémi Guyomarch) - (encode_crypt): Ditto. - - * mainproc.c (proc_pubkey_enc): Added status ENC_TO. - * armor.c (armor_filter): Added status NODATA. - * passphrase.c (passphrase_to_dek): Always print NEED_PASSPHRASE - * seckey_cert.c (check_secret_key): Added BAD_PASS status. - - * g10.c (main): Set g10_opt_homedir. - -Sun Mar 14 19:34:36 CET 1999 Werner Koch - - * keygen.c (do_create): Changed wording of the note (Hugh Daniel) - -Thu Mar 11 16:39:46 CET 1999 Werner Koch - - * tdbdump.c: New - - * trustdb.c (walk_sigrecs,do_list_sigs,list_sigs, - list_records,list_trustdb,export_ownertrust,import_ownertrust): Moved - to tdbdump.c - (init_trustdb): renamed to setup_trustdb. Changed all callers. - (do_init_trustdb): renamed to init_trustdb(). - * trustdb.c (die_invalid_db): replaced by tdbio_invalid. - * tdbio.c (tdbio_invalid): New. - - * import.c (delete_inv_parts): Skip non exportable signatures. - * keyedit.c (sign_uid_mk_attrib): New. - (sign_uids): Add the local argument. - (keyedit_menu): New "lsign" command. - * trustdb.c (register_trusted_key): Removed this and all related stuff. - * g10.c (oTrustedKey): Removed option. - - * tdbio.h (dir.valcheck): New trustdb field. - * tdbio.c: Add support for this field - (tdbio_read_modify_stamp): New. - (tdbio_write_modify_stamp): New. - * trustdb.c (do_check): Check against this field. Removed cache update. - (verify_key): Add cache update. - (upd_uid_record): Some functional changes. - (upd_cert_record): Ditto - -Wed Mar 10 11:26:18 CET 1999 Werner Koch - - * keylist.c (list_keyblock): Fixed segv in uid. Print 'u' as - validity of sks. - -Mon Mar 8 20:47:17 CET 1999 Werner Koch - - * getkey.c (classify_user_id): Add new mode 12 (#). - - * seckey-cert.c (check_secret_key): replaced error by info. - - * trustdb.c (query_trust_info): Add another arg, changed all callers. - (check_trust): Ditto. - (do_check): Ditto. - (verify_key): Handle namehash. - * keylist.c (list_keyblock): print trust info for user ids. - - * sig-check.c (signature_check): Add sig-created to status output. - -Tue Mar 2 16:44:57 CET 1999 Werner Koch - - * textfilter.c (copy_clearsig_text): New. - (clearsign): Removed. - * sign.c (clearsign_file): does not use textfiler anymore. - - * keygen.c (ask_user_id): print a note about the used charset. - -Tue Mar 2 10:38:42 CET 1999 Werner Koch - - * sig-check.c (signature_check): sig-id now works for all algos. - - * armor.c (armor_filter): Fixed armor bypassing. - -Sun Feb 28 19:11:00 CET 1999 Werner Koch - - * keygen.c (ask_user_id): Don't change the case of email addresses. - (has_invalid_email_chars): Adjusted. - - * keylist.c (list_one): Really list serect keys (Remi Guyomarch) - - * keyedit.c (menu_select_uid): Add some braces to make egcs happy. - (menu_select_key): Ditto. - - * mainproc.c (do_proc_packets): List sym-enc packets (Remi Guyomarch) - -Fri Feb 26 17:55:41 CET 1999 Werner Koch - - * pkclist.c (build_pk_list): Return error if there are no recipients. - - * sig-check.c (signature_check): New signature id feature. - * armor.c (make_radic64_string): New. - - * mainproc.c (proc_pubkey_enc): early check for seckey availability. - - * pkclist.c (do_we_trust_pre): print user id before asking. - - * ringedit.c (add_keyblock_resource,get_keyblock_handle): Cleaner - handling of default resource. - - -Thu Feb 25 18:47:39 CET 1999 Werner Koch - - * pkclist.c (algo_available): New. - (select_algo_from_prefs): Check whether algo is available. - - * ringedit.c (keyring_copy): Take care of opt.dry_run. - (do_gdbm_store): Ditto. - * openfile.c (open_outfile). Ditto. - (copy_options_file): Ditto. - * trustdb.c (update_trustdb): Ditto. - (clear_trust_checked_flag): Ditto. - (update_trust_record): Ditto. - (insert_trust_record): Ditto. - -Wed Feb 24 11:07:27 CET 1999 Werner Koch - - * keylist.c (secret_key_list): Now really list the secret key. - - * trustdb.c (do_init_trustdb): New. Init is now deferred. - -Mon Feb 22 20:04:00 CET 1999 Werner Koch - - * getkey.c (lookup_sk): Return G10ERR_NO_SECKEY and not x_PUBKEY. - -Fri Feb 19 15:49:15 CET 1999 Werner Koch - - * pkclist.c (select_algo_from_prefs): retrieve LID if not there. - - * armor.c (fake_packet): Replaced ugly lineending handling. - - * g10.c (oNoEncryptTo): New. - * pkclist.c (build_pk_list): Implemented this option. - - * g10.c (main): Greeting is now printed to stderr and not to tty. - Use add_to_strlist() instead of direct coding. - - * import.c (import): Use iobuf_push_filter2. - - * mainproc.c (check_sig_and_print): Print all user ids - for good signatures. - * getkey.c (get_pubkeyblock): New. - - * import.c (chk_self_sigs): Fixed SEGV for unbounded class 0x18 keys. - (delete_inv_parts): Delete special marked packets. - -Tue Feb 16 14:10:02 CET 1999 Werner Koch - - * g10.c (main): New option --encrypt-to - - * pkclist.c (build_pk_list): Implemented encrypt-to. - - * parse-packet.c (parse_user_id): Removed the hack to work with - utf-8 strings. - - * g10.c (main): Install lockfile cleanup handler. - * tdbio.c (cleanup): Removed: this is now handled by dotlock. - -Sat Feb 13 14:13:04 CET 1999 Werner Koch - - * tdbio.c (tdbio_set_dbname): Init lockhandle for a new trustdb - -Wed Feb 10 17:15:39 CET 1999 Werner Koch - - * g10.c (main): check for development version now in configure - - * tdbio.c (tdbio_write_record): Add uid.validity - (tdbio_read_record) : Ditto. - (tdbio_dump_record) : Ditto. - - * keygen.c (keygen_add_std_prefs): Replaced Blowfish by Twofish, - removed MD5 and Tiger. - * pubkey-enc.c (get_it): Suppress warning about missing Blowfish - in preferences in certain cases. - - * ringedit.c (lock_rentry,unlock_rentry): New. - - * getkey.c (key_byname): Pass ret_kb down to lookup_xx. - - * armor.c (armor_filter): No output of of empty comment lines. - Add option --no-version to suppress the output of the version string. - - * getkey.c: Release the getkey context for auto context variables. - -Sun Jan 24 18:16:26 CET 1999 Werner Koch - - * getkey.c: Changed the internal design to allow simultaneous - lookup of multible user ids - (get_pubkey_bynames): New. - (get_seckey_bynames): New. - (get_seckey_next): New. - (get_seckey_end): New. - * keylist.c (list_one): Use the new functions. - - * keylist.c (list_keyblock): add a newline for normal listings. - - * g10.c (--recipient): New option name to replace --remote-user - - -Wed Jan 20 18:59:49 CET 1999 Werner Koch - - * textfilter.c: Mostly rewritten - * plaintext.c (handle_plaintext): Use now text_filter semantics. - -Tue Jan 19 19:34:58 CET 1999 Werner Koch - - * export.c (export_pubkeys_stream): New. - (do_export_stream): New. - * g10.c (aSendKeys): New command. - * hkp.c (hkp_export): New. - - * compress.c (do_uncompress): Hack for algo 1 and 1.1.3 - -Sun Jan 17 11:04:33 CET 1999 Werner Koch - - * textfilter.c (text_filter): Now uses iobuf_read_line(). - (read_line): Removed. - - * armor.c (trim_trailing_spaces): Removed and replaced - by trim_trailing_ws from libutil - -Sat Jan 16 12:03:27 CET 1999 Werner Koch - - * hkp.c (hkp_ask_import): Use only the short keyid - -Sat Jan 16 09:27:30 CET 1999 Werner Koch - - * import.c (import_key_stream): New - (import): New, moved most of import_keys here. - * g10.c: New option --keyserver - * mainproc.c (check_sig_and_print): Hook to import a pubkey. - - * pref.c pref.h : Removed - - * hkp.c hkp.h: New - -Wed Jan 13 14:10:15 CET 1999 Werner Koch - - * armor.c (radix64_read): Print an error if a bad armor was detected. - -Wed Jan 13 12:49:36 CET 1999 Werner Koch - - * armor.c (radix64_read): Now handles malformed armors produced - by some buggy MUAs. - -Tue Jan 12 11:17:18 CET 1999 Werner Koch - - * ringedit.c (find_keyblock_bysk): New. - - * skc_list.c (is_insecure): New. - (build_sk_list): usage check for insecure keys. - - * import.c (chk_self_sigs): Add handling for subkeys. - (delete_inv_parts): Skip unsigned subkeys - - * sig-check.c (do_check): Print info if the signature is older - than the key. - * keygen.c (generate_subkeypair): Fail on time warp. - * sign.c (do_sign): Ditto. - -Sun Jan 10 15:10:02 CET 1999 Werner Koch - - * armor.c (fake_packet): Fixed not-dash-escaped bug. - -Sat Jan 9 16:02:23 CET 1999 Werner Koch - - * sig-check.c (do_check): Output time diff on error - - * status.c (STATUS_VALIDSIG): New. - (is_status_enabled): New. - * mainproc.c (check_sig_and_print): Issue that status message. - - * plaintext.c (special_md_putc): Removed - - * armor.c (armor_filter): print error for truncated lines. - - * free-packet.c (free_encrypted): Revomed call to set_block_mode. - (free_plaintext): Ditto. - -Thu Jan 7 18:00:58 CET 1999 Werner Koch - - * pkclist.c (add_ownertrust): Fixed return value. - - * encr-data.c (decrypt_data): Disabled iobuf_set_limit and - iobuf_pop_filter stuff. - * compress.c (handle_compressed): Disabled iobuf_pop_filter. - - * packet.h (PKT_secret_key): Add is_primary flag. - * parse-packet.c (parse_key): Set this flag. - * passphrase.c (passphrase_to_dek): Kludge to print the primary - keyid - changed the API: keyid must now hold 2 keyids. - * getkey.c (get_primary_seckey): New. - * seckey-cert.c (do_check): pass primary keyid to passphrase query - - * tbdio.c (open_db): removed the atexit - (tdbio_set_dbname): and moved it to here. - - * armor.c: Rewrote large parts. - -Tue Dec 29 19:55:38 CET 1998 Werner Koch - - * revoke.c (gen_revoke): Removed compression. - - * pkclist.c (do_we_trust_pre): special check for revoked keys - - * trustdb.c (update_trust_record): Fixed revoke flag. - -Tue Dec 29 14:41:47 CET 1998 Werner Koch - - * misc.c (disable_core_dumps): Check for EINVAL (Atari) - - * getkey (merge_one_pk_and_selfsig): Fixed search of expiredate. - (merge_keys_and_selfsig): Ditto. - - * free-packet.c (cmp_public_keys): cmp expire only for v3 packets - (cmp_secret_keys): Ditto. - (cmp_public_secret_key): Ditto. - -Wed Dec 23 17:12:24 CET 1998 Werner Koch - - * armor.c (find_header): Reset not_dashed at every header - -Wed Dec 23 13:18:14 CET 1998 Werner Koch - - * pkclist.c (add_ownertrust): Refresh validity values. - - * trustdb.c (enum_cert_paths_print): New arg refresh. - - * ringedit.c: Fixed problems fix keyrings - * parse-packet.c (dbg_parse_packet): New debug functions. - - * getkey.c (getkey_disable_caches): New. - * import.c (import_keys): Disable caches. - -Thu Dec 17 18:31:15 CET 1998 Werner Koch - - * misc.c (trap_unaligned): Only for glibc 1 - - * sign.c (write_dash_escaped): Now escapes "From " lines - * g10.c: New option --escape-from-lines - - * trustdb.c (sort_tsl_list): New - (list_trust_path): Now prints sorted list. - (enum_cert_paths): Likewise. - (enum_cert_paths_print): New. - (print_paths): New printing format. - * pkclist.c (add_ownertrust): New arg quit. - (edit_ownertrust): New quit selection and does not query - the recipients ownertrust anymore. - (add_ownertrust): Print the ceritficate path. - - -Mon Dec 14 21:18:49 CET 1998 Werner Koch - - * parse-packet.c (parse_signature): Now checks for critical bit - (parse_sig_subpkt): Splitted. - (parse_one_sig_subpkt): New. - * sig-check.c (do_check): handle critical bit. - -Sun Dec 13 14:10:56 CET 1998 Werner Koch - - * pcklist.c (select_algo_from_prefs): Preferences should - now work (lost the != ? ) - -Thu Dec 10 20:15:36 CET 1998 Werner Koch - - * ringedit.c (gdbm_store): Fix for inserts - - * g10.c (main): New option --export-all - * export.c (export_pubkeys): New arg. - (do_export): Now may skip old keys. - - * status.c: Minor patches for Sun's cc - - * keygen.c (ask_algo): Disabled v3 ElGamal choice, rearranged - the numbers. Add a warning question when a sign+encrypt key - is selected. - - * g10.c (do_not_use_RSA): Removed. - * misc.c (print_pubkey_algo_note): New as replacement for the - do_not_use_RSA() and chnaged all callers. - (print_cipher_algo_note): New. - (print_hash_algo_note): New. - - * cipher.c (write_header): Add a call to print_cipher_algo_note. - * seckey-cert.c (protect_secret_key): Ditto - * sign.c (do_sign): Add a call to print_digest_algo_note. - - * getkey.c (get_long_user_id_string): New. - * mainproc.c (check_sig_and_print): Changed the format of the - status output. - - * encrypt.c (write_pubkey_enc_from_list): print used symmetric cipher. - - * pkclist.c (do_we_trust): Changed a message. - -Wed Dec 9 13:41:06 CET 1998 Werner Koch - - * misc.c (trap_unaligned) [ALPHA]: Only if UAC_SIGBUS is defined. - - * sign.c (write_dash_escaped): Add the forgotten patch by Brian Moore. - - * compress.c (do_uncompress): Fixed the inflating bug. - - -Tue Dec 8 13:15:16 CET 1998 Werner Koch - - * trustdb.c (upd_uid_record): Now uses the newest self-signature - (insert_trust_record): Now calls update with recheck set to true. - (register_trusted_key): New. - (verify_own_keys): Enhanced by list of trusted keys. - - * g10.c (main): Print a warning when a devel version is used. - (main): New option --trusted-key - - * import.c (merge_blocks): Fixed merging of new user ids and - added merging of subkeys. - (append_uid): Ditto. - (merge_keysig): New. - (append_key): New. - * getkey.c (merge_one_pk_and_selfsig): Get the expiration time - from the newest self-signature. - (merge_keys_and_selfsig): Ditto. - - * free-packet.c (cmp_secret_key): New. - - -Fri Nov 27 21:37:41 CET 1998 Werner Koch - - * g10.c: New option --lock-once - * tdbio.c (open_db): Add an atexit - (cleanup): New. - (tdbio_sync): Add locking. - (tdbio_end_transaction): Ditto. - (put_record_into_cache): Ditto. - * ringedit.c (keyring_copy): Ditto. - (cleanup): New. - (add_keyblock_resource): Add an atexit. - -Fri Nov 27 15:30:24 CET 1998 Werner Koch - - * armor.c (find_header): Another fix for clearsigs. - -Fri Nov 27 12:39:29 CET 1998 Werner Koch - - - * status.c (display_help): Removed. - * helptext.c: New and removed the N_() from all cpr_gets. - - -Fri Nov 20 16:54:52 1998 Werner Koch (wk@isil.d.shuttle.de) - - * g10.c (main): New option --not-dash-escaped - * sign.c (write_dashed_escaped): Ditto. - * armor.c (find_header): Support for NotDashEscaped header. - - * getkey.c: print "disabled cache.." only if verbose is used. - -Thu Nov 19 07:17:31 1998 Werner Koch - - * parse-packet.c (dump_sig_subpkt): Fixed expire listing - * getkey.c (merge_keys_and_selfsig): Fixed expire calculation. - (merge_one_pk_and_selfsig): Ditto. - * keyedit.c (menu_expire). Ditto. - * keygen.c (keygen_add_key_expire): Ditto. - (ask_expire_interval): New and changed all local function to use - this instead. - (keygen_add_key_expire): Opaque should now be a public key; - changed all callers. - - * parse.packet.c (parse): use skip_rest to skip packets. - - * keyedit.c (keyedit_menu): New arg for cmdline cmds. - -Wed Nov 18 20:33:50 1998 Werner Koch (wk@isil.d.shuttle.de) - - * trustdb.c (check_trustdb): Now rechecks all gived userids. - (collect_paths): Some fixes. - (upd_pref_records): Skips empty items, evaluate all items. - - * parse-packet.c (dump_sig_subpkt): Better listing of prefs. - (skip_packet): Now knows about marker packet - - * g10.c: removed cmd "--edit-sig". - - * pubring.asc: Updated. - -Sat Nov 14 14:01:29 1998 Werner Koch (wk@isil.d.shuttle.de) - - * g10.c (main): Changed syntax of --list-trust-path - * trustdb.c (list_trust_path): Replaced max_depth by - opt.max_cert_depth - -Fri Nov 13 07:39:58 1998 Werner Koch - - * trustdb.c (collect_paths): Removed a warning message. - (enum_trust_web): Removed. - (enum_cert_paths): New. - * pkclist.c (add_ownertrust): Changed to use enum_cert_paths. - (edit_ownertrust): Now list ceritficates on request. - (show_paths): New. - -Wed Nov 11 18:05:44 1998 Werner Koch - - * g10.c (main): New option --max-cert-depth - * tdbio.h: add new fields to ver and dir record. - * tdbio.c: read/write/dump of these fields. - (tdbio_db_matches_options): New. - * trustdb.c: replaced MAC_CERT_DEPTH by opt.max_cert_depth. - (do_check): cache validity and changed other functions - to reset the cached value. - - * keylist.c (list_one): Now lists the ownertrust. - * mainproc.c (list_node): Ditto. - -Tue Nov 10 10:08:59 1998 Werner Koch (wk@isil.d.shuttle.de) - - * g10.c (g10_exit): Now looks at the new g10_errors_seen. - * mainproc.c (check_sig_and_print): Sets g10_errors_seen. - - * *.c : i18n many more strings. - - * ringedit.c (locate_keyblock_by_keyid): Add HAVE_LIBGDBM - (locate_keyblock_by_fpr): Ditto. - - * g10.c (main): removed unsused "int errors". - (main): Add new option --charset. - - * g10.c (main): special message for the unix newbie. - -Mon Nov 9 07:17:42 1998 Werner Koch - - * getkey.c (finish_lookup): Kludge to prefere algo 16. - - * trustdb.c (new_lid_table): Clear cached item. - - * status.c (cpr_get_utf8): New. - * pkclist.c (build_pk_list): Uses this. - -Sun Nov 8 17:20:39 1998 Werner Koch (wk@isil.d.shuttle.de) - - * mainproc.c (check_sig_and_print): Why did I use strlen()-1 - in the printf? - This truncated the TZ. - -Sat Nov 7 15:57:28 1998 me,,, (wk@tobold) - - * getkey.c (lookup): Changes to support a read_next. - (get_pubkey): Fixed a memory leak. - - * keylist.c (list_one): Now lists all matching user IDs. - -Tue Nov 3 16:19:21 1998 Werner Koch (wk@isil.d.shuttle.de) - - * keygen.c (ask_user_id): Now converted to UTF-8 - - * g10.c (main): Kludge for pgp clearsigs and textmode. - -Fri Oct 30 16:40:39 1998 me,,, (wk@tobold) - - * signal.c (block_all_signals): New. - (unblock_all_signals): New - * tdbio.c (tdbio_end_transaction): Now blocks all signals. - - * trustdb.c (new_lid_table): Changed the representation of the - former local_lid_info stuff. - - * trustdb.c (update_trust_record): Reorganized the whole thing. - * sig-check.c (check_key_signature): Now handles class 0x28 - - -Wed Oct 28 18:56:33 1998 me,,, (wk@tobold) - - * export.c (do_export): Takes care of the exportable sig flag. - -Tue Oct 27 14:53:04 1998 Werner Koch (wk@isil.d.shuttle.de) - - * trustdb.c (update_trust_record): New "fast" parameter. - -Sun Oct 25 19:32:05 1998 Werner Koch (wk@isil.d.shuttle.de) - - * openfile.c (copy_options_File): New. - * ringedit.c (add_keyblock_resource): Creates options file - * tdbio.c (tdbio_set_dbname): Ditto. - -Sat Oct 24 14:10:53 1998 brian moore - - * mainproc.c (proc_pubkey_enc): Don't release the DEK - (do_proc_packets): Ditto. - -Fri Oct 23 06:49:38 1998 me,,, (wk@tobold) - - * keyedit.c (keyedit_menu): Comments are now allowed - - * trustdb.c: Rewrote large parts. - - -Thu Oct 22 15:56:45 1998 Michael Roth (mroth@nessie.de) - - * encode.c: (encode_simple): Only the plain filename without - a given directory is stored in generated packets. - (encode_crypt): Ditto. - - * sign.c: (sign_file) Ditto. - - -Thu Oct 22 10:53:41 1998 Werner Koch (wk@isil.d.shuttle.de) - - * trustdb.c (update_trust_record): Add new optional arg. - - * import.c (import_keys): Add statistics output - * trustdb.c (update_trustdb): Ditto. - (insert_trustdb): Ditto. - - * tdbio.c (tdbio_begin_transaction): New. - (tdbio_end_transaction): New. - (tdbio_cancel_transaction): New. - - * g10.c (main): New option --quit. - - * trustdb.c (check_hint_sig): No tests for user-id w/o sig. - This caused an assert while checking the sigs. - - * trustdb.c (upd_sig_record): Splitted into several functions. - - * import.c (import_keys): New arg "fast". - * g10.c (main): New command --fast-import. - -Wed Oct 21 18:19:36 1998 Michael Roth - - * ringedit.c (add_keyblock_resource): Directory is now created. - * tdbio.c (tdbio_set_dbname): New info message. - -Wed Oct 21 11:52:04 1998 Werner Koch (wk@isil.d.shuttle.de) - - * trustdb.c (update_trustdb): released keyblock in loop. - - * keylist.c (list_block): New. - (list_all): Changed to use list_block. - - * trustdb.c: Completed support for GDBM - - * sign.c (only_old_style): Changed the way force_v3 is handled - (sign_file): Ditto. - (clearsign_file): Ditto. - - * keygen.c (has_invalid_email_chars): Splitted into mailbox and - host part. - - * keylist.c (list_one): Add a merge_keys_and_selfsig. - * mainproc.c (proc_tree): Ditto. - -Sun Oct 18 11:49:03 1998 Werner Koch (wk@isil.d.shuttle.de) - - * sign.c (only_old_style): Add option force_v3_sigs - (sign_file): Fixed a bug in sig->version - (clearsign_file): Ditto. - - * parse-packet.c (dump_sig_subpkt): New - - * keyedit.c (menu_expire): New. - * free-packet.c (cmp_signatures): New - - -Sat Oct 17 10:22:39 1998 Werner Koch (wk@isil.d.shuttle.de) - - * armor.c: changed output line length from 72 to 64. - - * keyedit.c (fix_keyblock): New. - -Fri Oct 16 10:24:47 1998 Werner Koch (wk@isil.d.shuttle.de) - - * trustdb.c: Rewrote most. - * tdbio.c: Add cache and generalized hash tables. - - * options.h (ENABLE_COMMENT_PACKETS): New but undef'ed. - * encode.c, sign.c, keygen.c: Disabled comment packets. - * export.c (do_export): Comment packets are never exported, - except for those in the secret keyring. - - * g10.c (main): Removed option do-no-export-rsa; should be - be replaced by a secpial tool. - * export.c (do_export): Removed the code for the above option. - - * armor.c (find_header): Support for new only_keyblocks. - * import.c (import_keys): Only looks for keyblock armors. - - * packet.h: replaced valid_days by expiredate and changed all users. - * build-packet.c (do_public_key): calculates valid-days - (do_secret_key): Ditto. - * parse-packet.c (parse_key): expiredate is calucated from the - valid_period in v3 packets. - * keyid.c (do_fingerprint_md): calculates valid_dates. - - * keygen.c (add_key_expire): fixed key expiration time for v4 packets. - - * armor.c (find_header): A LF in the first 28 bytes - was skipped for non-armored data. - -Thu Oct 8 11:35:51 1998 Werner Koch (wk@isil.d.shuttle.de) - - * armor.c (is_armored): Add test on old comment packets. - - * tdbio.c (tdbio_search_dir_bypk): fixed memory leak. - - * getkey.c: Changed the caching algorithms. - -Wed Oct 7 19:33:28 1998 Werner Koch (wk@isil.d.shuttle.de) - - * kbnodes.c (unused_nodes): New. - -Wed Oct 7 11:15:36 1998 Werner Koch (wk@isil.d.shuttle.de) - - * keyedit.c (sign_uids): Fixed a problem with SK which could caused - a save of an unprotected key. - (menu_adduid): Ditto. - - * keyedit.c (keyedit_menu): Prefs are now correctly listed for - new user ids. - - * trustdb.c (update_trust_record): New. - (insert_trust_record): Now makes use of update_trust_record. - -Tue Oct 6 16:18:03 1998 Werner Koch (wk@isil.d.shuttle.de) - - * trustdb.c (read_record): replaces most of the tdbio_read_records. - (write_record): Ditto. - -Sat Oct 3 11:01:21 1998 Werner Koch (wk@isil.d.shuttle.de) - - * keygen.c (ask_alogo): enable ElGamal enc-only only for addmode. - -Wed Sep 30 10:15:33 1998 Werner Koch (wk@isil.d.shuttle.de) - - * import.c (import_one): Fixed update of wrong keyblock. - -Tue Sep 29 08:32:08 1998 me,,, (wk@tobold) - - * mainproc.c (proc_plaintext): Display note for special filename. - * plaintext.c (handle_plaintext): Suppress output of special file. - -Mon Sep 28 12:57:12 1998 Werner Koch (wk@isil.d.shuttle.de) - - * g10.c (verify_own_keys): Add warning if a key is not protected. - - * passphrase (hash_passphrase): Fixed iterated+salted mode and - setup for keysizes > hashsize. - - * g10.c (main): New options: --s2k-{cipher,digest,mode}. - -Fri Sep 25 09:34:23 1998 Werner Koch (wk@isil.d.shuttle.de) - - * g10.c: Chnaged some help texts. - -Tue Sep 22 19:34:39 1998 Werner Koch (wk@isil.d.shuttle.de) - - * passphrase.c (read_passphrase_from_fd): fixed bug for long - passphrases. - -Mon Sep 21 11:28:05 1998 Werner Koch (wk@(none)) - - * getkey.c (lookup): Add code to use the sub key if the primary one - does not match the usage. - - * armor.c (armor_filter): New error message: no valid data found. - (radix64_read): Changes to support multiple messages. - (i18n.h): New. - * mainproc.c (add_onepass_sig): bug fix. - -Mon Sep 21 08:03:16 1998 Werner Koch (wk@isil.d.shuttle.de) - - * pkclist.c (do_we_trust): Add keyid to most messages. - - * passphrase.c (read_passphrase_from_fd): New. - (have_static_passphrase): New - (get_passphrase_fd): Removed. - (set_passphrase_fd): Removed. - * g10.c (main): passphrase is now read here. - - * keyedit.c (keyedit_menu): "help" texts should now translate fine. - -Mon Sep 21 06:40:02 1998 Werner Koch (wk@isil.d.shuttle.de) - - * encode.c (encode_simple): Now disables compression - when --rfc1991 is used. - (encode_crypt): Ditto. - -Fri Sep 18 16:50:32 1998 Werner Koch (wk@isil.d.shuttle.de) - - * getkey.c (merge_key_and_selfsig): New. - -Fri Sep 18 10:20:11 1998 Werner Koch (wk@isil.d.shuttle.de) - - * pkclist.c (select_algo_from_prefs): Removed 3DES kludge. - - * seskey.c (make_session_key): Fixed SERIOUS bug introduced - by adding the weak key detection code. - - * sign.c (sign_file): Changed aremor header in certain cases. - -Tue Sep 15 17:52:55 1998 Werner Koch (wk@isil.d.shuttle.de) - - * mainproc.c (check_sig_and_print): Replaced ascime by asctimestamp. - -Mon Sep 14 11:40:52 1998 Werner Koch (wk@isil.d.shuttle.de) - - * seskey.c (make_session_key): Now detects weak keys. - - * trustdb (clear_trust_checked_flag): New. - - * plaintext.c (handle_plaintext): Does no anymore suppress CR from - cleartext signed messages. - -Sun Sep 13 12:54:29 1998 Werner Koch (wk@isil.d.shuttle.de) - - * trustdb.c (insert_trust_record): Fixed a stupid bug in the free - liunked list loops. - -Sat Sep 12 15:49:16 1998 Werner Koch (wk@isil.d.shuttle.de) - - * status.c (remove_shmid): New. - (init_shm_comprocess): Now sets permission to the real uid. - -Wed Sep 9 11:15:03 1998 Werner Koch (wk@isil.d.shuttle.de) - - * packet.h (PKT_pubkey_enc): New flah throw_keyid, and add logic to - implement it. - * g10.c (main): New Option --throw-keyid - - * getkey.c (enum_secret_keys): Add new ar and changed all callers. - -Tue Sep 8 20:04:09 1998 Werner Koch (wk@isil.d.shuttle.de) - - * delkey.c (delete_key): Moved from keyedit.c. - -Mon Sep 7 16:37:52 1998 Werner Koch (wk@isil.d.shuttle.de) - - * build-packet.c (calc_length_header): New arg new_ctb to correctly - calculate the length of new style packets. - - * armor.c (is_armored): Checks for symkey_enc packets. - - * pkclist.c (select_algo_from_prefs): 3DEs substitute is now CAST5. - -Tue Aug 11 17:54:50 1998 Werner Koch (wk@isil.d.shuttle.de) - - * build-packet.c (do_secret_key): Fixed handling of old keys. - - * getkey.c (compare_name): Fixed exact and email matching - - * openfile.c (open_outfile): Changed arguments and all callers. - -Tue Aug 11 09:14:35 1998 Werner Koch (wk@isil.d.shuttle.de) - - * encode.c (encode_simple): Applied option set-filename and comment. - (encode_crypt): Ditto. - * sign.c (sign_file): Ditto. - * armor.c (armor_filter): Applied option comment. - - * encode.c (encode_crypt): Moved init_packet to the begin. - (encode_simple): add an init_packet(). - - * comment (write_comment): Now enforces a hash sign as the 1st byte. - - * import.c (import_one): Add explanation for "no user ids". - - * compress.c (do_uncompress): Applied Brian Warner's patch to support - zlib 1.1.3 etc. - - * trustdb.c (check_trust): Fixed a problem after inserting new keys. - - * getkey (lookup): do not return the primary key if usage is given - (lookup_sk): Ditto and take usage into account. - - * status.c (cpr_get_answer_is_yes): add display_help. - -Mon Aug 10 10:11:28 1998 Werner Koch (wk@isil.d.shuttle.de) - - * getkey.c (lookup_sk): Now always returns the primary if arg - primary is true. - (lookup): Likewise. - (get_pubkey_byname): Now returns the primary key - (get_seckey_byname): Ditto. - - -Mon Aug 10 08:34:03 1998 Werner Koch (wk@isil.d.shuttle.de) - - * keyid.c (pubkey_letter): ELG_E is now a small g. - -Sat Aug 8 17:26:12 1998 Werner Koch (wk@isil.d.shuttle.de) - - * openfile (overwrite_filep): Changed semantics and all callers. - -Sat Aug 8 12:17:07 1998 Werner Koch (wk@isil.d.shuttle.de) - - * status.c (display_help): New. - -Thu Aug 6 16:30:41 1998 Werner Koch,mobil,,, (wk@tobold) - - * seskey.c (encode_session_key): Now uses get_random_bits(). - -Thu Aug 6 07:34:56 1998 Werner Koch,mobil,,, (wk@tobold) - - * ringedit.c (keyring_copy): No more backupfiles for - secret keyrings and add additional warning in case of - a failed secret keyring operation. - -Wed Aug 5 11:54:37 1998 Werner Koch (wk@isil.d.shuttle.de) - - * g10.c (check_opts): Moved to main. Changed def_cipher_algo - semantics and chnaged all users. - - * pubkey-enc.c (get_sssion_key): New informational output - about preferences. - - * parse-packet.c (parse_symkeyenc): Fixed salted+iterated S2K - (parse_key): Ditto. - * build-packet.c (do_secret_key): Ditto. - (do_symkey_enc): Ditto. - -Tue Aug 4 08:59:10 1998 Werner Koch (wk@isil.d.shuttle.de) - - * getkey.c (enum_secret_keys): Now returns only primary keys. - - * getkey (lookup): Now sets the new namehash field. - - * parse-packet.c (parse_sig_subpkt2): New. - - * sign.c (sign_file): one-pass sigs are now emiited reverse. - Preference data is considered when selecting the compress algo. - -Wed Jul 29 12:53:03 1998 Werner Koch (wk@isil.d.shuttle.de) - - * free-packet.c (copy_signature): New. - - * keygen.c (generate_subkeypair): rewritten - * g10.c (aKeyadd): Removed option --add-key - -Mon Jul 27 10:37:28 1998 Werner Koch (wk@isil.d.shuttle.de) - - * seckey-cert.c (do_check): Additional check on cipher blocksize. - (protect_secret_key): Ditto. - * encr-data.c: Support for other blocksizes. - * cipher.c (write_header): Ditto. - -Fri Jul 24 16:47:59 1998 Werner Koch (wk@isil.d.shuttle.de) - - * kbnode.c (insert_kbnode): Changed semantics and all callers. - * keyedit.c : More or less a complete rewrite - -Wed Jul 22 17:10:04 1998 Werner Koch (wk@isil.d.shuttle.de) - - * build-packet.c (write_sign_packet_header): New. - -Tue Jul 21 14:37:09 1998 Werner Koch (wk@isil.d.shuttle.de) - - * import.c (import_one): Now creates a trustdb record. - - * g10.c (main): New command --check-trustdb - -Mon Jul 20 11:15:07 1998 Werner Koch (wk@isil.d.shuttle.de) - - * genkey.c (generate_keypair): Default key is now DSA with - encryption only ElGamal subkey. - -Thu Jul 16 10:58:33 1998 Werner Koch (wk@isil.d.shuttle.de) - - * keyid.c (keyid_from_fingerprint): New. - * getkey.c (get_pubkey_byfprint): New. - -Tue Jul 14 18:09:51 1998 Werner Koch (wk@isil.d.shuttle.de) - - * keyid.c (fingerprint_from_pk): Add argument and changed all callers. - (fingerprint_from_sk): Ditto. - -Tue Jul 14 10:10:03 1998 Werner Koch (wk@isil.d.shuttle.de) - - * plaintext.c (handle_plaintext): Now returns create error if - the file could not be created or the user responded not to overwrite - the file. - * mainproc.c (proc_plaintext): Tries again if the file could not - be created to check the signature without output. - - * misc.c (disable_core_dumps): New. - * g10.c (main): disable coredumps for gpg - - * g10.c (MAINTAINER_OPTIONS): New to disable some options - -Mon Jul 13 16:47:54 1998 Werner Koch (wk@isil.d.shuttle.de) - - * plaintext.c (hash_datafiles): New arg for better support of - detached sigs. Changed all callers. - * mainproc.c (proc_signature_packets): Ditto. - - * g10.c (main): New option "compress-sigs" - * sig.c (sign_file): detached signatures are not anymore compressed - unless the option --compress-sigs is used. - -Thu Jul 9 19:54:54 1998 Werner Koch (wk@isil.d.shuttle.de) - - * armor.c: Fixes to allow zero length cleartext signatures - -Thu Jul 9 14:52:47 1998 Werner Koch (wk@isil.d.shuttle.de) - - * g10.c (build_list): Now drops setuid. - (main): Changed the way keyrings and algorithms are registered . - -Wed Jul 8 14:17:30 1998 Werner Koch (wk@isil.d.shuttle.de) - - * packet.h (PKT_public_key): Add field keyid. - * parse-packet.c (parse_key): Reset the above field. - * keyid.c (keyid_from_pk): Use above field as cache. - - * tdbio.c, tdbio.h: New - * trustdb.c: Moved some functions to tdbio.c. - (print_keyid): New. - - * pkclist.c (check_signatures_trust): New. - -Wed Jul 8 10:45:28 1998 Werner Koch (wk@isil.d.shuttle.de) - - * plaintext.c (special_md_putc): New. - (handle_plaintext): add clearsig argument - * mainproc.c (proc_plaintext): detection of clearsig - * sign.c (write_dased_escaped): Changed clearsig format - -Tue Jul 7 18:56:19 1998 Werner Koch (wk@isil.d.shuttle.de) - - * armor.c (find_header): Now makes sure that there is only one - empty line for clearsigs, as this is what OP now says. - -Mon Jul 6 13:09:07 1998 Werner Koch (wk@isil.d.shuttle.de) - - * g10.c (main): New option default-secret-key - * getkey.c (get_seckey_byname): support for this option. - -Mon Jul 6 09:03:49 1998 Werner Koch (wk@isil.d.shuttle.de) - - * getkey.c (add_keyring): Keyrings are now added to end of the - list of keyrings. The first added keyringwill be created. - (add_secret_keyring): Likewise. - - * ringedit.c (add_keyblock_resource): Files are created here. - - * g10.c (aNOP): Removed - - * getkey.c (lookup): Add checking of usage for name lookups - * packet.h (pubkey_usage): Add a field which may be used to store - usage capabilities. - * pkclist.c (build_pk_list): getkey now called with usage arg. - * skclist.c (build_sk_list): Ditto. - - * sign.c (clearsign_file): Fixed "Hash:" headers - -Sat Jul 4 13:33:31 1998 Werner Koch (wk@isil.d.shuttle.de) - - * trustdb.c (list_ownertrust): New. - * g10.c (aListOwnerTrust): New. - - * g10.c (def_pubkey_algo): Removed. - - * trustdb.c (verify_private_data): Removed and also the call to it. - (sign_private_data): Removed. - -Fri Jul 3 13:26:10 1998 Werner Koch (wk@isil.d.shuttle.de) - - * g10.c (aEditKey): was aEditSig. Changed usage msg. - - * keyedit.c: Done some i18n stuff. - - * g10.c (do_not_use_RSA): New. - * sign.c (do_sign): Add call to above function. - * encode.c (write_pubkey_enc_from_list): Ditto. - -Thu Jul 2 21:01:25 1998 Werner Koch (wk@isil.d.shuttle.de) - - * parse-packet.c: Now is able sto store data of unknown - algorithms. - * free-packet.c: Support for this. - * build-packet.c: Can write data of packet with unknown algos. - -Thu Jul 2 11:46:36 1998 Werner Koch (wk@isil.d.shuttle.de) - - * parse-packet.c (parse): fixed 4 byte length header - -Wed Jul 1 12:36:55 1998 Werner Koch (wk@isil.d.shuttle.de) - - * packet.h (new_ctb): New field for some packets - * build-packet.c (build_packet): Support for new_ctb - * parse-packet.c (parse): Ditto. - -Mon Jun 29 12:54:45 1998 Werner Koch (wk@isil.d.shuttle.de) - - * packet.h: changed all "_cert" to "_key", "subcert" to "subkey". - - * free-packet.c (free_packet): Removed memory leak for subkeys. - -Sun Jun 28 18:32:27 1998 Werner Koch (wk@isil.d.shuttle.de) - - * import.c (import_keys): Renamed from import_pubkeys. - (import_secret_one): New. - - * g10.c (aExportSecret): New. - - * export.c (export_seckeys): New. - - * parse-packet.c (parse_certificate): Cleaned up. - (parse_packet): Trust packets are now considered as unknown. - (parse_pubkey_warning): New. - -Fri Jun 26 10:37:35 1998 Werner Koch (wk@isil.d.shuttle.de) - - * keygen.c (has_invalid_email_chars): New. - -Wed Jun 24 16:40:22 1998 Werner Koch (wk@isil.d.shuttle.de) - - * armor.c (armor_filter): Now creates valid onepass_sig packets - with all detected hash algorithms. - * mainproc.c (proc_plaintext): Now uses the hash algos as specified - in the onepass_sig packets (if there are any) - -Mon Jun 22 11:54:08 1998 Werner Koch (wk@isil.d.shuttle.de) - - * plaintext.c (handle_plaintext): add arg to disable outout - * mainproc.c (proc_plaintext): disable output when in sigs_only mode. - -Thu Jun 18 13:17:27 1998 Werner Koch (wk@isil.d.shuttle.de) - - * keygen.c: Removed all rsa packet stuff, chnaged defaults - for key generation. - -Sun Jun 14 21:28:31 1998 Werner Koch (wk@isil.d.shuttle.de) - - * misc.c (checksum_u16): Fixed a stupid bug which caused a - wrong checksum calculation for the secret key protection and - add a backward compatibility option. - * g10.c (main): Add option --emulate-checksum-bug. - -Thu Jun 11 13:26:44 1998 Werner Koch (wk@isil.d.shuttle.de) - - * packet.h: Major changes to the structure of public key material - which is now stored in an array and not anaymore in a union of - algorithm specific structures. These is needed to make the system - more extendable and makes a lot of stuff much simpler. Changed - all over the system. - - * dsa.c, rsa.c, elg.c: Removed. - -Wed Jun 10 07:22:02 1998 Werner Koch,mobil,,, (wk@tobold) - - * g10.c ("load-extension"): New option. - -Mon Jun 8 22:23:37 1998 Werner Koch (wk@isil.d.shuttle.de) - - * seckey-cert.c (do_check): Removed cipher constants - (protect_secret_key): Ditto. - -Fri May 29 10:00:28 1998 Werner Koch (wk@isil.d.shuttle.de) - - * trustdb.c (query_trust_info): New. - * keylist.c (list_one): Add output of trust info - * mainproc (list_node): ditto. - * g10.c (main): full trustdb init if -with-colons and any of the - key list modes. - -Thu May 28 10:34:42 1998 Werner Koch (wk@isil.d.shuttle.de) - - * status.c (STATUS_RSA_OR_IDEA): New. - * sig-check.c (check_signature): Output special status message. - * pubkey-enc.c (get_session_key): Ditto. - - * mainproc.c (check_sig_and_print): Changed format of output. - * passpharse.c (passphrase_to_dek): Likewise. - -Wed May 27 13:46:48 1998 Werner Koch (wk@isil.d.shuttle.de) - - * g10.c (aListSecretKeys): New option --list-secret-keys - * keylist.c (std_key_list): Renamed to public_key_list. - (secret_key_list): New - (list_one, list_all): Add support for secret keys. - * getkey.c (get_secret_keyring): New. - * mainproc.c (list_node): Add option --with-colons for secret keys - - * sig-check.c (check_key_signature): detection of selfsigs - * mainproc.c (list_node): fixed listing. - - * g10.c (aListSecretKeys): New option --always-trust - * pkclist.c (do_we_trust): Override per option added - - * status.c (write_status_text): Add a prefix to every output line. - -Wed May 27 07:49:21 1998 Werner Koch (wk@isil.d.shuttle.de) - - * g10 (--compress-keys): New. - * options.h (compress_keys): New. - * export.c (export_pubkeys): Only compresses with the new option. - -Tue May 26 11:24:33 1998 Werner Koch (wk@isil.d.shuttle.de) - - * passphrase.c (get_last_passphrase): New - (set_next_passphrase): New. - (passphrase_to_dek): add support for the above functions. - * keyedit.c (make_keysig_packet): Add sigclass 0x18, - changed all callers due to a new argument. - * keygen.c (write_keybinding): New - (generate_subkeypair): Add functionality - (ask_algo, ask_keysize, ask_valid_days): Broke out of generate_keypair - (ask_user_id, ask_passphrase): Ditto. - -Thu May 21 11:26:13 1998 Werner Koch (wk@isil.d.shuttle.de) - - * g10.c,gpgd.c (main): Does now return an int, so that egcs does - not complain. - - * armor.c (fake_packet): Removed erro message and add a noticed - that this part should be fixed. - - * sign.c (sign_file): Compression now comes in front of encryption. - * encode.c (encode_simple): Ditto. - (encode_crypt): Ditto. - -Tue May 19 16:18:19 1998 Werner Koch (wk@isil.d.shuttle.de) - - * armor.c (fake_packet): Changed assertion to log_error - -Sat May 16 16:02:06 1998 Werner Koch (wk@isil.d.shuttle.de) - - * build-packet.c (build_packet): Add SUBKEY packets. - -Fri May 15 17:57:23 1998 Werner Koch (wk@isil.d.shuttle.de) - - * sign.c (hash_for): New and used in all places here. - * main.h (DEFAULT_): new macros. - * g10.c (opt.def_digest_algo): Now set to 0 - - * compress.c (init_compress): Add support for algo 1 - * options.h (def_compress_algo): New - * g10.c (main): New option --compress-algo - -Fri May 15 13:23:59 1998 Werner Koch (wk@isil.d.shuttle.de) - - * g10.c (print_mds): New feature to print only one hash, - chnaged formatting. - -Thu May 14 15:36:24 1998 Werner Koch (wk@isil.d.shuttle.de) - - * misc.c (trap_unaligned) [__alpha__]: New - * g10.c (trap_unaligned): Add call to this to track down SIGBUS - on Alphas (to avoid the slow emulation code). - -Wed May 13 11:48:27 1998 Werner Koch (wk@isil.d.shuttle.de) - - * build-packet.c (do_signature): Support for v4 pakets. - * keyedit.c (make_keysig_packet): Ditto. - * build-packet.c (build_sig_subpkt_from_sig): New. - (build_sig_subpkt): New. - - * elg.c (g10_elg_sign): removed keyid_from_skc. - * dsa.c (g10_dsa_sign): Ditto. - * rsa.c (g10_rsa_sign): Ditto. - * keyedit.c (make_keysig_packet): Add call to keyid_from_skc - - * sign.c (clearsign_file): Support for v4 signatures. - (sign_file): Ditto. - -Wed May 6 09:31:24 1998 Werner Koch (wk@isil.d.shuttle.de) - - * parse-packet.c (do_parse): add support for 5 byte length leader. - (parse_subpkt): Ditto. - * build-packet.c (write_new_header): Ditto. - - * packet.h (SIGSUBPKT_): New constants. - * parse-packet.c (parse_sig_subpkt): Changed name, made global, - and arg to return packet length, chnaged all callers - - -Tue May 5 22:11:59 1998 Werner Koch (wk@isil.d.shuttle.de) - - * keygen.c (gen_dsa): New. - * build_packet.c (do_secret_cert): Support for DSA - -Mon May 4 19:01:25 1998 Werner Koch (wk@isil.d.shuttle.de) - - * compress.c: doubled buffer sizes - * parse-packet.c (do_plaintext): now uses iobuf_read/write. - -Mon May 4 09:35:53 1998 Werner Koch (wk@isil.d.shuttle.de) - - * seskey.c (encode_md_value): Add optional argument hash_algo, - changed all callers. - - * passphrase.c (make_dek_from_passphrase): Removed - * (get_passhrase_hash): Changed name to passphrase_to_dek, add arg, - changed all callers. - - * all: Introduced the new ELG identifier and added support for the - encryption only one (which is okay to use by GNUPG for signatures). - -Sun May 3 17:50:26 1998 Werner Koch (wk@isil.d.shuttle.de) - - * packet.h (PKT_OLD_COMMENT): New name for type 16. - * parse-packet.c (parse_comment): Now uses type 61 - -Fri May 1 12:44:39 1998 Werner Koch,mobil,,, (wk@tobold) - - * packet.h (count): Chnaged s2k count from byte to u32. - * seckey-cert.c (do_check): Changed s2k algo 3 to 4, changed - reading of count. - * build-packet.c (do_secret_cert): ditto. - * parse-packet.c (parse_certificate): ditto. - - * parse-packet.c (parse_symkeyenc): New. - * build-packet.c (do_symkey_enc): New. - -Thu Apr 30 16:33:34 1998 Werner Koch (wk@isil.d.shuttle.de) - - * sign.c (clearsign_file): Fixed "Hash: " armor line. - -Tue Apr 28 14:27:42 1998 Werner Koch (wk@isil.d.shuttle.de) - - * parse-packet.c (parse_subpkt): Some new types. - -Mon Apr 27 12:53:59 1998 Werner Koch (wk@isil.d.shuttle.de) - - * g10.c (main): Add option --skip-verify. - * mainproc.c (check_sig_and_print): Ditto. - - * g10.c (print_mds): Add output for Tiger. - - * sign.c (sign_file): Now uses partial length headers if used - in canonical textmode (kludge to fix a bug). - - * parse-packet.c (parse_certificate): Changed BLOWFISH id. - * pubkey-enc.c (get_session_key): Ditto. - * seskey.c (make_session_key): Ditto. - * seckey-cert.c (protect_secret_key,do_check): Add BLOWFISH160. - -Fri Apr 24 17:38:48 1998 Werner Koch,mobil,,, (wk@tobold) - - * sig-check.c (check_key_signature): Add sig-class 0x14..0x17 - * keyedit.c (sign-key): Some changes to start with support of - the above new sig-classes. - -Wed Apr 22 09:01:57 1998 Werner Koch,mobil,,, (wk@tobold) - - * getkey.c (compare_name): add email matching - -Tue Apr 21 16:17:12 1998 Werner Koch,mobil,,, (wk@tobold) - - * armor.c (armor_filter): fixed missing last LF before CSUM. - -Thu Apr 9 11:35:22 1998 Werner Koch (wk@isil.d.shuttle.de) - - * seckey-cert.c (do_check): New; combines all the check functions - into one. - - * sign.c: removed all key management functions - * keyedit.c: New. - -Thu Apr 9 09:49:36 1998 Werner Koch (wk@isil.d.shuttle.de) - - * import.c (chk_self_sigs): Changed an error message. - -Wed Apr 8 16:19:39 1998 Werner Koch (wk@isil.d.shuttle.de) - - * packet.h: packet structs now uses structs from the pubkey, - removed all copy operations from packet to pubkey structs. - -Wed Apr 8 13:40:33 1998 Werner Koch (wk@isil.d.shuttle.de) - - * trustdb.c (verify_own_certs): Fixed "public key not found". - - * getkey.c (key_byname): New, combines public and secret key search. - - * pkclist.c (build_pkc_list): Add new arg usage, changed all callers. - * skclist.c (build_skc_list): Likewise. - - * ringedit.c (find_keyblock, keyring_search2): Removed. - -Wed Apr 8 09:47:21 1998 Werner Koch (wk@isil.d.shuttle.de) - - * sig-check.c (do_check): Applied small fix from Ulf Möller. - -Tue Apr 7 19:28:07 1998 Werner Koch (wk@isil.d.shuttle.de) - - * cipher.c, encr-data.c, seckey-cert.c: Now uses cipher_xxxx - functions instead of blowfish_xxx or cast_xxx - -Tue Apr 7 11:04:02 1998 Werner Koch (wk@isil.d.shuttle.de) - - * Makefile.am (g10maint.o): Changed the way it is created. - -Mon Apr 6 11:17:08 1998 Werner Koch (wk@isil.d.shuttle.de) - - * misc.c: New. - * keygen.c (checksum,checksum_u16,checksum_mpi): Moved to misc.c - * seckey-cert.c: Kludge for wrong ELG checksum implementation. - -Sat Apr 4 20:07:01 1998 Werner Koch (wk@isil.d.shuttle.de) - - * cipher.c (cipher_filter): Support for CAST5 - * encr-data.c (decode_filter): Ditto. - (decrypt_data): Ditto. - * seskey.c (make_session_key): Ditto. - * seckey-cert.c (check_elg, check_dsa): Ditto, - (protect_secret_key): Ditto. - * pubkey-enc.c (get_session_key): Ditto. - * passphrase.c (hash_passphrase): Ditto. - -Thu Apr 2 20:22:35 1998 Werner Koch (wk@isil.d.shuttle.de) - - * gpgd.c: New - -Thu Apr 2 10:38:16 1998 Werner Koch (wk@isil.d.shuttle.de) - - * keygen.c (generate_keypair): Add valid_days stuff. - * trustdb.c (check_trust): Add check for valid_days. - -Wed Apr 1 16:15:58 1998 Werner Koch (wk@isil.d.shuttle.de) - - * keygen.c (generate_keypair): Addional question whether the - selected large keysize is really needed. - -Wed Apr 1 15:56:33 1998 Werner Koch (wk@isil.d.shuttle.de) - - * seckey-cert.c (protect_secret_key): merged protect_xxx to here. - -Wed Apr 1 10:34:46 1998 Werner Koch (wk@isil.d.shuttle.de) - - * Makefile.am (g10maint.c): Changed creation rule, so that it works - on FreeBSD (missing CFLAGS). - - * parse-packet.c (parse_subkey): Removed. - -Thu Mar 19 15:22:36 1998 Werner Koch (wk@isil.d.shuttle.de) - - * ringedit.c (keyring_enum): Fixed problem with reading too - many packets. Add support to read secret keyrings. - - * getkey.c (scan_keyring): Removed - (lookup): New to replace scan_keyring. - (scan_secret_keyring): Removed. - (lookup_skc): New. - -Wed Mar 18 11:47:34 1998 Werner Koch (wk@isil.d.shuttle.de) - - * ringedit.c (enum_keyblocks): New read mode 11. - - * keyid.c (elg_fingerprint_md): New and changed all other functions - to call this if the packet version is 4 or above. - -Tue Mar 17 20:46:16 1998 Werner Koch (wk@isil.d.shuttle.de) - - * parse-packet.c (parse_certificate): Add listing support for subkeys. - -Tue Mar 17 20:32:22 1998 Werner Koch (wk@isil.d.shuttle.de) - - * armor.c (is_armored): Allow marker packet. - -Thu Mar 12 13:36:49 1998 Werner Koch (wk@isil.d.shuttle.de) - - * trustdb.c (check_trust): Checks timestamp of pubkey. - * sig-check. (do_check): Compares timestamps. - -Tue Mar 10 17:01:56 1998 Werner Koch (wk@isil.d.shuttle.de) - - * g10.c (main): Add call to init_signals. - * signal.c: New. - -Mon Mar 9 12:43:42 1998 Werner Koch (wk@isil.d.shuttle.de) - - * dsa.c: New - * packet.h, free-packet.c, parse-packet.c : Add support for DSA - * sig-check.c, getkey.c, keyid.c, ringedit.c: Ditto. - * seckey-cert.c: Ditto. - - * packet.h : Moved .digest_algo of signature packets to outer - structure. Changed all references - -Sun Mar 8 13:06:42 1998 Werner Koch (wk@isil.d.shuttle.de) - - * openfile.c : Support for stdout filename "-". - - * mainproc.c (check_sig_and_print): Enhanced status output: - * status.c (write_status_text): New. - -Fri Mar 6 16:10:54 1998 Werner Koch (wk@isil.d.shuttle.de) - - * kbnode.c (clone_kbnode): Fixed private_flag. - - * mainproc.c (list_node): Output of string "Revoked" as user-id. - -Fri Mar 6 14:26:39 1998 Werner Koch (wk@isil.d.shuttle.de) - - * g10.c (main): Add userids to "-kv" and cleaned up this stuff. - -Fri Mar 6 12:45:58 1998 Werner Koch (wk@isil.d.shuttle.de) - - * g10.c (main): Changed semantics of the list-... commands - and added a new one. Removed option "-d" - - * decrypt.c: New. - - * trustdb.c (init_trustdb): Autocreate directory only if it ends - in "/.gnupg". - -Thu Mar 5 12:12:11 1998 Werner Koch (wk@isil.d.shuttle.de) - - * mainproc.c (do_proc_packets): New. Common part of proc_packet. - (proc_signature_packets): special version to handle signature data. - * verify.c: New. - * g10.c (aVerify): New. - * plaintext.c (hash_datafiles): New. - * compress.c (handle_compressed): Add callback arg, changed caller. - -Thu Mar 5 10:20:06 1998 Werner Koch (wk@isil.d.shuttle.de) - - * g10.c: Is nom the common source for gpg and gpgm - * g10maint.c: Removed - * Makefile.am: Add rule to build g10maint.c - -Thu Mar 5 08:43:59 1998 Werner Koch (wk@isil.d.shuttle.de) - - * g10.c (main): Changed the way clear text sigs are faked. - -Wed Mar 4 19:47:37 1998 Werner Koch (wk@isil.d.shuttle.de) - - * g10maint.c (aMuttKeyList): New - * keylist.c: New. - -Wed Mar 4 17:20:33 1998 Werner Koch (wk@isil.d.shuttle.de) - - * getkey.c (get_pubkey_byname): Kludge to allow 0x prefix. - -Tue Mar 3 13:46:55 1998 Werner Koch (wk@isil.d.shuttle.de) - - * g10maint.c (main): New option --gen-random. - -Tue Mar 3 09:50:08 1998 Werner Koch (wk@isil.d.shuttle.de) - - * g10.c (aDeleteSecretKey): New. - (aEditSig): Add option "--edit-key" as synonym for "--edit-sig". - (aDeleteSecretKey): New. - * getkey.c (seckey_available): New. - * sign.c (delete_key): Enhanced to delete secret keys, changed all - callers. - -Mon Mar 2 21:23:48 1998 Werner Koch (wk@isil.d.shuttle.de) - - * pkc_list.c (build_pkc_list): Add interactive input of user ID. - -Mon Mar 2 20:54:05 1998 Werner Koch (wk@isil.d.shuttle.de) - - * pkclist.c (do_we_trust_pre): New. - (add_ownertrust): Add message. - * trustdb.c (enum_trust_web): Quick fix. - -Mon Mar 2 13:50:53 1998 Werner Koch (wk@isil.d.shuttle.de) - - * g10.c (main): New action aDeleteKey - * sign.c (delete_key): New. - -Sun Mar 1 16:38:58 1998 Werner Koch (wk@isil.d.shuttle.de) - - * trustdb.c (do_check): No returns TRUST_UNDEFINED instead of - eof error. - -Fri Feb 27 18:14:03 1998 Werner Koch (wk@isil.d.shuttle.de) - - * armor.c (find_header): Removed trailing CR on headers. - -Fri Feb 27 18:02:48 1998 Werner Koch (wk@isil.d.shuttle.de) - - * ringedit.c (keyring_search) [MINGW32]: Open and close file here - because rename does not work on open files. Chnaged callers. - -Fri Feb 27 16:43:11 1998 Werner Koch (wk@isil.d.shuttle.de) - - * sig-check.c (do_check): Add an md_enable. - * mainproc.c (do_check_sig): Use md_open in case of detached sig - (proc_tree): Take detached sigs into account. - -Fri Feb 27 15:22:46 1998 Werner Koch (wk@isil.d.shuttle.de) - - * g10.c (main): Make use of GNUPGHOME envvar. - * g10main.c (main): Ditto. - -Wed Feb 25 11:40:04 1998 Werner Koch (wk@isil.d.shuttle.de) - - * plaintext.c (ask_for_detached_datafile): add opt.verbose to - info output. - - * openfile.c (open_sigfile): Try also name ending in ".asc" - -Wed Feb 25 08:41:00 1998 Werner Koch (wk@isil.d.shuttle.de) - - * keygen.c (generate_keypair): Fixed memory overflow. - -Tue Feb 24 15:51:55 1998 Werner Koch (wk@isil.d.shuttle.de) - - * parse-packet.c (parse_certificate): Support for S2K. - * build-packet.c (do_secret_cert): Ditto. - * keygen.c (gen_elg): Ditto. - * seckey-cert.c (check_elg): Ditto - (protect_elg): Ditto. - * sign.c (chnage_passphrase): Ditto. - * passphrase.c (get_passphrase_hash): Support for a salt and - changed all callers. - (make_dek_from_passphrase): Ditto. - -Tue Feb 24 12:30:56 1998 Werner Koch (wk@isil.d.shuttle.de) - - * build-packet.c (hash_public_cert): Disabled debug output. - -Fri Feb 20 17:22:28 1998 Werner Koch (wk@isil.d.shuttle.de) - - * trustdb.c (init_trustdb) [MINGW32]: Removed 2nd mkdir arg. - (keyring_copy) [MINGW32]: Add a remove prior to the renames. - -Wed Feb 18 18:39:02 1998 Werner Koch (wk@isil.d.shuttle.de) - - * Makefile.am (OMIT_DEPENDENCIES): New. - - * rsa.c: Replaced log_bug by BUG. - -Wed Feb 18 13:35:58 1998 Werner Koch (wk@isil.d.shuttle.de) - - * mainproc.c (do_check_sig): Now uses hash_public_cert. - * parse-packet.c (parse_certificate): Removed hashing. - * packet.h (public_cert): Removed hash variable. - * free-packet.c (copy_public_cert, free_public_cert): Likewise. - - * sig-check.c (check_key_signatures): Changed semantics. - -Wed Feb 18 12:11:28 1998 Werner Koch (wk@isil.d.shuttle.de) - - * trustdb.c (do_check): Add handling for revocation certificates. - (build_sigrecs): Ditto. - (check_sigs): Ditto. - -Wed Feb 18 09:31:04 1998 Werner Koch (wk@isil.d.shuttle.de) - - * armor.c (armor_filter): Add afx->hdrlines. - * revoke.c (gen_revoke): Add comment line. - * dearmor.c (enarmor_file): Ditto. - - * sig-check.c (check_key_signature): Add handling for class 0x20. - * mainproc.c : Ditto. - -Tue Feb 17 21:24:17 1998 Werner Koch (wk@isil.d.shuttle.de) - - * armor.c : Add header lines "...ARMORED FILE .." - * dearmor.c (enarmor_file): New. - * g10maint.c (main): New option "--enarmor" - -Tue Feb 17 19:03:33 1998 Werner Koch (wk@isil.d.shuttle.de) - - * mainproc.c : Changed a lot, because the packets are now stored - a simple linlked list and not anymore in a complicatd tree structure. - -Tue Feb 17 10:14:48 1998 Werner Koch (wk@isil.d.shuttle.de) - - * free_packet.c (cmp_public_certs): New. - (cmp_user_ids): New. - - * kbnode.c (clone_kbnode): New. - (release_kbnode): Add clone support. - - * ringedit.c (find_keyblock_bypkc): New. - - * sign.c (remove_keysigs): Self signatures are now skipped, - changed arguments and all callers. - - * import.c : Add functionality. - -Tue Feb 17 09:31:40 1998 Werner Koch (wk@isil.d.shuttle.de) - - * options.h (homedir): New option. - * g10.c, g10maint.c, getkey.c, keygen.c, trustdb.c (opt.homedir): New. - - * trustdb.c (init_trustdb): mkdir for hoem directory - (sign_private_data): Renamed "sig" to "g10.sig" - -Mon Feb 16 20:02:03 1998 Werner Koch (wk@isil.d.shuttle.de) - - * kbnode.c (commit_kbnode): New. - (delete_kbnode): removed unused first arg. Changed all Callers. - - * ringedit.c (keyblock_resource_name): New. - (get_keyblock_handle): NULL for filename returns default resource. - -Mon Feb 16 19:38:48 1998 Werner Koch (wk@isil.d.shuttle.de) - - * sig-check.s (check_key_signature): Now uses the supplied - public key to check the signature and not any more the one - from the getkey.c - (do_check): New. - (check_signature): Most work moved to do_check. - -Mon Feb 16 14:48:57 1998 Werner Koch (wk@isil.d.shuttle.de) - - * armor.c (find_header): Fixed another bug. - -Mon Feb 16 12:18:34 1998 Werner Koch (wk@isil.d.shuttle.de) - - * getkey.c (scan_keyring): Add handling of compressed keyrings. - -Mon Feb 16 10:44:51 1998 Werner Koch (wk@isil.d.shuttle.de) - - * g10.c, g10maint.c (strusage): Rewrote. - (build_list): New - -Mon Feb 16 08:58:41 1998 Werner Koch (wk@isil.d.shuttle.de) - - * armor.c (use_armor): New. - -Sat Feb 14 14:30:57 1998 Werner Koch (wk@isil.d.shuttle.de) - - * mainproc.c (proc_tree): Sigclass fix. - -Sat Feb 14 14:16:33 1998 Werner Koch (wk@isil.d.shuttle.de) - - * armor.c (armor_filter): Changed version and comment string. - * encode.c, sign.c, keygen.c: Changed all comment packet strings. - -Sat Feb 14 12:39:24 1998 Werner Koch (wk@isil.d.shuttle.de) - - * g10.c (aGenRevoke): New command. - * revoke.c: New. - * sign.c (make_keysig_packet): Add support for sigclass 0x20. - -Fri Feb 13 20:18:14 1998 Werner Koch (wk@isil.d.shuttle.de) - - * ringedit.c (enum_keyblocks, keyring_enum): New. - -Fri Feb 13 19:33:40 1998 Werner Koch (wk@isil.d.shuttle.de) - - * export.c: Add functionality. - - * keygen.c (generate_keypair): Moved the leading comment behind the - key packet. - * kbnode.c (walk_kbnode): Fixed. - - * g10.c (main): listing armored keys now work. - -Fri Feb 13 16:17:43 1998 Werner Koch (wk@isil.d.shuttle.de) - - * parse-packet.c (parse_publickey, parse_signature): Fixed calls - to mpi_read used for ELG b. - -Fri Feb 13 15:13:23 1998 Werner Koch (wk@isil.d.shuttle.de) - - * g10.c (main): changed formatting of help output. - -Thu Feb 12 22:24:42 1998 Werner Koch (wk@frodo) - - * pubkey-enc.c (get_session_key): rewritten - - - Copyright 1998,1999,2000,2001,2002,2003,2004,2005, - 2006,2007,2008,2009,2010,2011 Free Software Foundation, Inc. - - This file is free software; as a special exception the author gives - unlimited permission to copy and/or distribute it, with or without - modifications, as long as this notice is preserved. - - This file is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY, to the extent permitted by law; without even the - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/g10/ChangeLog-2011 b/g10/ChangeLog-2011 new file mode 100644 index 000000000..31359d8c5 --- /dev/null +++ b/g10/ChangeLog-2011 @@ -0,0 +1,12066 @@ +2011-12-01 Werner Koch + + NB: ChangeLog files are no longer manually maintained. Starting + on December 1st, 2011 we put change information only in the GIT + commit log, and generate a top-level ChangeLog file from logs at + "make dist". See doc/HACKING for details. + +2011-11-30 Werner Koch + + * keyserver.c (keyserver_import_cert): Adjust for changed + get_dns_cert. + +2011-11-28 Werner Koch + + * keyserver.c (DEFAULT_MAX_CERT_SIZE): Increase from 16k to 64k. + +2011-11-22 Werner Koch + + * pubkey-enc.c (get_session_key): Don't print anonymous recipient + messages in quiet mode. This is bug#1378. + +2011-11-06 Werner Koch + + * card-util.c (generate_card_keys): Add arg CTRL. + + * call-agent.c (agent_readkey): New. + * keygen.c (do_create_from_keygrip): New. + (ask_algo): Add arg R_KEYGRIP and a prompt to enter it. + (generate_subkeypair): Call do_create_from_keygrip if required. + (generate_subkeypair): Add arg CTRL. Change caller. + (ask_algo): Add arg CTRL. + (generate_keypair): Ditto. + +2011-09-23 Werner Koch + + * gpgv.c (disable_dotlock): Rename to dotlock_disable. + (create_dotlock): Rename to dotlock_create. + (destroy_dotlock): Rename to dotlock_destroy. + (make_dotlock): Rename to dotlock_take. + (release_dotlock): Rename to dotlock_release. + (lockfiles_remove): Rename to dotlock_remove_lockfiles. + +2011-09-20 Werner Koch + + * free-packet.c (free_public_key): Allow a NULL argument. + * keyedit.c (keyedit_passwd): No more need to check that PK is NULL. + (menu_addrevoker): Ditto. + * passphrase.c (passphrase_get, passphrase_to_dek_ext): Ditto. + * skclist.c (release_sk_list): Ditto. + * revoke.c (gen_desig_revoke): Ditto. + * pubkey-enc.c (get_session_key): Ditto. + * pkclist.c (build_pk_list): Ditto. + +2011-09-20 Jim Meyering + + avoid use of freed pointer + If we free pk2 at the top of the for-loop, set it to NULL + so that we don't free it again just before returning. + * revoke.c (gen_desig_revoke): Don't use pk2 after freeing it. + +2011-09-20 Werner Koch + + * sign.c (sign_file, clearsign_file, sign_symencrypt_file): + s/gcry_md_start_debug/gcry_md_debug/ in preparation for Libgcrypt + 1.6. + * mainproc.c (proc_plaintext, proc_tree): Ditto. + * decrypt-data.c (decrypt_data): Ditto. + * cipher.c (write_header): Ditto. + +2011-08-10 Werner Koch + + * export.c (transfer_format_to_openpgp): Don't parse unneeded CSUM. + + * import.c (import_secret_one): Use arg OPTIONS instead of global + import options var. + + * sig-check.c (do_check): Remove unused var CTX. + + * build-packet.c (do_user_id): Return value. + +2011-07-29 Werner Koch + + * tdbio.c (open_db): Do not print read-only warning in quiet mode. + +2011-07-18 Werner Koch + + * parse-packet.c (parse_key): Print the decoded iteration count. + Fixes bug#1355. + +2011-07-07 Werner Koch + + * card-util.c (ask_card_keysize): Bump key size limit to 4096. + * call-agent.c (scd_genkey_parm_s): New. + (agent_scd_genkey): Use new struct. + (scd_genkey_cb): Implement chunked mode for KEY-DATA. + (scd_genkey_cb_append_savedbytes): New. + +2011-06-16 Werner Koch + + * card-util.c (ask_card_keysize): Bump key size limit to 4096. + * call-agent.c (scd_genkey_parm_s): New. + (agent_scd_genkey): Use new struct. + (scd_genkey_cb): Implement chunked mode for KEY-DATA. + (scd_genkey_cb_append_savedbytes): New. + +2011-06-13 Werner Koch + + * pkglue.c (mpi_from_sexp): Use GCRYMPI_FMT_USG to avoid problems + with leading zeroed. The latest Libgcrypt does this now + correctly. Given that the default of gcry_sexp_nth_mpi would use + a signed MPI, which is not implemented, the assertion would fail. + +2011-06-01 Marcus Brinkmann + + * parse-packet.c (parse_pubkeyenc): Change type of N to size_t. + (parse_key): Likewise. + * seskey.c (encode_session_key): Convert nframe to int for + debugging. + * build-packet.c (gpg_mpi_write): Change type of N to unsigned int. + * import.c (transfer_secret_keys): Likewise. + +2011-04-29 Werner Koch + + * keydb.c (keydb_get_keyblock, keydb_add_resource): Use gpg_error. + (keydb_get_keyblock): Return VALUE_NOT_FOUND instead of -1. + (keydb_update_keyblock, keydb_insert_keyblock) + (keydb_delete_keyblock): Ditto. + (keydb_locate_writable): Ditto. + (keydb_search_reset): Ditto. + (keydb_search2): Return GPG_ERR_NOT_FOUND instead of -1. Change + all callers. + (keydb_search_first, keydb_search_next, keydb_search_kid) + (keydb_search_fpr): Ditto. + +2011-04-29 Marcus Brinkmann + + * import.c (import_secret_one): Leave all checks to import_one. + Cancel secret key import if public key was skipped due to + merge-only request. Fix import status for non-new secret key + import by checking stat counter. + +2011-04-29 Marcus Brinkmann + + * delkey.c (do_delete_key): Access public keyblock even for secret + key operations. But deleting secret key is not supported yet, so + give an error. Limit secret-key-exists error case to public keys. + +2011-04-28 Werner Koch + + * ecdh.c (pk_ecdh_encrypt_with_shared_point): Remove memory leak + of SECRET_X in the error case. Replace an assert by an error + return. + +2011-04-26 Werner Koch + + * export.c (transfer_format_to_openpgp): Do not apply + encode_s2k_iterations to S2K_COUNT. + +2011-04-25 Werner Koch + + * delkey.c (do_delete_key): Mark classify_user_id for use with + OpenPGP. + * trustdb.c (register_trusted_key): Ditto. + * revoke.c (gen_revoke): Ditto. + * keyserver.c (keyserver_export, keyidlist, keyserver_export): Ditto. + * getkey.c (key_byname): Ditto. + * export.c (do_export_stream): Ditto. + +2011-04-20 Marcus Brinkmann + + * keylist.c (list_keyblock_colon): Use get_ownertrust_info, not + get_ownertrust (which lead to binary zeroes in the output!). + +2011-03-23 Werner Koch + + * parse-packet.c (read_rest): Drop unsed PARTIAL arg. Rewrite to + detect premature EOF. Suggested by Timo Schulz. + +2011-03-10 Werner Koch + + * passphrase.c (hash_passphrase): Remove. + (passphrase_to_dek_ext): Use gcry_kdf_derive. + +2011-03-03 Werner Koch + + * keylist.c (print_card_key_info): Re-implement using the agent. + * card-util.c (card_status) [GNUPG_MAJOR_VERSION!=1]: Call + print_card_key_info. + + * keyid.c (hash_public_key): Remove shadowing NBITS. + + * misc.c (pubkey_nbits): Replace GCRY_PK_ by PUBKEY_ALGO_. + (get_signature_count): Remove warning. + + * armor.c (armor_filter): Don't take a copy of radbuf while + writing the checksum. This works around a faulty gcc 4.4 warning. + +2011-03-02 Werner Koch + + * call-agent.c (agent_scd_pksign, agent_scd_pkdecrypt) + (hash_algo_option): Remove these unused functions. + +2011-02-10 Werner Koch + + * seskey.c (encode_md_value): Change last fix to avoid a + regression for DSA with SHA-2 hashes. + +2011-02-09 Werner Koch + + * keyserver.c: Replace all printf by es_printf. + +2011-02-08 Werner Koch + + * call-dirmngr.c (gpg_dirmngr_ks_fetch): New. + * keyserver.c (keyserver_fetch): Rewrite to use dirmngr. + +2011-02-07 Werner Koch + + * seskey.c (encode_md_value): Truncate to MDLEN and not to QBYTES + which makes a difference with 521 bit ECC keys. For clarity + rename QBYTES to QBITS and adjust accordingly. + +2011-02-04 Werner Koch + + * sig-check.c (do_check_messages): Remove the long deprecated + SIGEXPIRED status line. + +2011-02-03 Werner Koch + + * export.c (transfer_format_to_openpgp) [!HAVE_GCRY_PK_GET_CURVE]: + Fix syntax error. + + * decrypt-data.c: Include status.h. + (decrypt_data): Emit a DECRYPTION_INFO status line. + + * misc.c (has_invalid_email_chars): Relax mailbox name checking. + Fixes bug#1315. + + * sign.c (do_sign): Use openpgp_pk_algo_name. + + * keygen.c (ask_algo): Show ECC algos only in expert mode. Add + non-combined menu entries for ECDSA and ECDH. + (ask_key_flags): Use openpgp_pk_algo_name. + +2011-02-03 Werner Koch + + Finished ECC integration. + Wrote change description for 2011-01-13. + +2011-02-02 Werner Koch + + * encrypt.c (write_pubkey_enc_from_list): Don't compute the + fingerprint. + * pkglue.c (pk_encrypt): Replace PK_FP by PK and compute the + fingerprint only when needed. + * pkglue.h: Include packet.h. + + * import.c (transfer_secret_keys): Make sure keyids are available. + + * keyid.c (hash_public_key): Adjust for the ECC case. + +2011-02-01 Werner Koch + + * gpg.c (main): Call setup_libgcrypt_logging. + + * import.c (transfer_secret_keys): Implement ECC case. + (one_mpi_from_pkey): New. + * export.c (transfer_format_to_openpgp): Ditto. + * keygen.c (gpg_curve_to_oid): New. + (ecckey_from_sexp): Factor curve name mapping out to new function. + +2011-01-31 Werner Koch + + * ecdh.c (pk_ecdh_encrypt_with_shared_point): Return an opaque MPI. + + * build-packet.c (mpi_write): Rename to gpg_mpi_write and make global. + +2011-01-30 Werner Koch + + * keyid.c (keygrip_from_pk): Adjust ECC cases. + * pkglue.c (pk_verify): Ditto. + + * parse-packet.c (parse_key): Simply ECC case. + (parse_pubkeyenc): Ditto. + + * misc.c (pubkey_get_npkey): Special case ECC. + (pubkey_get_nskey): Ditto. + (mpi_print): Support printing of opaque values. + (openpgp_oid_to_str): New. + (pubkey_nbits): For ECC pass curve parameter. + + * ecdh.c (pk_ecdh_default_params): Change to return an opaque MPI. + + * build-packet.c (do_key): Automatically handle real and opaque + key parameters. + (write_fake_data): Return an error code. + (mpi_write): Support writing opaque MPIs. + (do_pubkey_enc): Simplify ECC handling. + +2011-01-28 Werner Koch + + * keygen.c (gen_ecc): Rewrite. Select a named curve and create a + keyspec based on that. + (pk_ecc_build_key_params): Remove. + (get_parameter_algo): Map algo number. + (ecckey_from_sexp): New. + * misc.c (map_pk_gcry_to_openpgp): New. + +2011-01-25 Werner Koch + + * ecdh.c (pk_ecdh_default_params_to_mpi): Remove. + (pk_ecdh_default_params): Rewrite. Factor KEK table out to .. + (kek_params_table): .. here. + (pk_ecdh_generate_ephemeral_key): New. + (pk_ecdh_encrypt): Remove. + (pk_ecdh_encrypt_with_shared_point): Make public. + + * pubkey-enc.c (get_it): Fix assertion. Use GPG_ERR_WRONG_SECKEY + instead of log_fatal. Add safety checks for NFRAME. + + * keygen.c (pk_ecc_keypair_gen): Make static. + (ask_keysize): Use proper rounding for ECC. + (pk_ecc_build_key_params): Remove NBITSSTR. + +2011-01-20 Werner Koch + + * keyserver.c: Rewrite most stuff for use with dirmngr. Get rid + of all spawn code. More work pending. + + * export.c (export_pubkeys_buffer): New. + + * import.c (import_keys_es_stream): New. + + * call-dirmngr.c, call-dirmngr.h: New. + * gpg.h (server_control_s): Add DIRMNGR_LOCAL. + * gpg.c: Include call-dirmngr.h. + (gpg_deinit_default_ctrl): Call gpg_dirmngr_deinit_session_data. + +2011-01-13 Andrey Jivsov (wk) + + Integrated ECC support. Below are the changes finally merged into + the git master after some cleanup by wk until 2011-02-03. + + * ecdh.c: New. + + * sign.c (mpi_from_sexp): Remove. + (match_dsa_hash): Uses SHA-512 for ECDSA with 521 bits. + (hash_for): Support ECDSA. + (make_keysig_packet): Ditto. + + * seskey.c (encode_session_key): Add arg OPENPGP_PK_ALGO. Support + ECDH. + (encode_md_value): Map pkalgo. Extend size checks to ECDSA. + + * pubkey-enc.c (get_it): Support ECDH. + + * pkglue.c (mpi_from_sexp): Make global. + (pk_verify, pk_encrypt, pk_check_secret_key): Support ECC. + + * parse-packet.c (read_size_body): New. + (parse_pubkeyenc): Support ECC. + (parse_key): Ditto. + + * misc.c (map_pk_openpgp_to_gcry, map_pk_gcry_to_openpgp): New. + (openpgp_pk_test_algo, openpgp_pk_test_algo2): Map algo numbers. + (openpgp_pk_algo_usage): Support ECDH and ECDSA. + (openpgp_pk_algo_name): Simplify. + (ecdsa_qbits_from_Q): New. + + * mainproc.c (proc_pubkey_enc): Support ECC. + + * keyid.c (pubkey_letter): Add 'E' and 'e'. + (keygrip_from_pk): Supporf ECC. + + * keygen.c: Include pkglue.h. + (ask_algo): Add option 9 for ECDSA and ECDH. + (ask_keysize): Support ECDSA and ECDH. + (do_create): Ditto. + (gen_ecc): New. + (pk_ecc_build_key_params): New. + + * getkey.c (cache_public_key): Support ECC. + + * encrypt.c (write_pubkey_enc_from_list): Pass PK to PK_ENCRYPT + and the pkalgo to encode_session_key. + + * build-packet.c (do_key, do_pubkey_enc): Support ECC. + (write_size_body_mpi): New. + +2011-01-06 Werner Koch + + * gpg.c (main): Use keyserver_spec_t. + + * options.h (struct opt): Factor definition of struct keyserver + out to ../common/keyserver.h. + (keyserver_spec_t): New. + +2011-01-21 Werner Koch + + * seskey.c (encode_md_value): Truncate the DSA hash again. + + * misc.c (openpgp_pk_algo_name): Always use the gcrypt function. + +2010-12-09 Werner Koch + + * tdbio.c (tdbio_set_dbname) [W32CE]: Take care of missing errno. + (strerror) [W32CE]: Dummy replacement. + (open_db) [W32CE]: Use CreateFile. + +2010-12-02 Werner Koch + + * misc.c (openpgp_cipher_algo_name): Use gnupg_cipher_algo_name. + +2010-11-23 Werner Koch + + * Makefile.am (gpg2_LDFLAGS, gpgv2_LDFLAGS): Add extra_bin_ldflags. + + * plaintext.c (handle_plaintext): Change to use estream. + s/rc/err/. Replace some xmalloc by xtrymalloc. Use more + gpg_strerror. + * options.h (struct): Change type of OUTFP to estream_t. + * decrypt.c (decrypt_message_fd): Adjust accordingly. + +2010-11-17 Werner Koch + + * keyedit.c (find_pk_from_sknode): Remove. + * misc.c (get_signature_count): Call agent. + * keygen.c (gen_card_key): Rework. Remove arg PARA. + (generate_keypair): Change arg BACKUP_ENCRYPTION_DIR to the flag + CARD_BACKUP_KEY. + (pBACKUPENCDIR): Change to pCARDBACKUPKEY. + (struct output_control_s): Remove struct SEC. Remove all usages + of it. + (gen_card_key_with_backup): Remove arg BACKUP_DIR. + + * call-agent.c (agent_scd_genkey): Remove extra memset. + +2010-11-16 Werner Koch + + * keygen.c (generate_card_subkeypair): Remove arg SEC_KEYBLOCK and + change to return an error code. Rework for removed secring code. + * card-util.c (card_generate_subkey): Remove arg SEC_KEYBLOCK. + Return an error code instead of a success flag. Change caller. + +2010-10-29 David Shaw + + * pkclist.c (select_algo_from_prefs): Make sure the scores can't + overflow when picking an algorithm (not a security issue since we + can't pick something not present in all preference lists, but we + might pick something that isn't scored first choice). + + * pkclist.c (select_algo_from_prefs): Slightly improve the + handling of MD5 in preference lists. Instead of replacing MD5 + with SHA-1, just remove MD5 from the list altogether, and let the + next-highest ranked algorithm be chosen. + +2010-10-27 Werner Koch + + * keygen.c (ask_expire_interval): Do not print the y2038 if we + have an unsigned time_t. + * keyid.c (IS_INVALID_TIME_T): New. + (mk_datestr): Use it to detect the y2038 problem. + +2010-10-26 Werner Koch + + * keyedit.c (change_passphrase): Handle the passwd_nonce. + * call-agent.c (cache_nonce_parm_s): New. + (cache_nonce_status_cb): Use that new struct. + (agent_genkey, agent_import_key, agent_export_key, agent_passwd): + Adjust for that change. + +2010-10-25 Werner Koch + + * passphrase.c (gpg_format_keydesc): Fix printing of main keyid. + + * keyedit.c (JNLIB_NEED_LOG_LOGV): Define. + * call-agent.c (agent_passwd): New. + +2010-10-21 Werner Koch + + * keyedit.c (keyedit_passwd): Simplify. + (change_passphrase): Return an error code and not the change + flag. Remove editing of the keyring. + + * seckey-cert.c: Remove. + * Makefile.am (gpg2_SOURCES): Remove seckey-cert.c + + * revoke.c (gen_revoke): Check that the secret key is available. + +2010-10-20 Werner Koch + + * verify.c (verify_signatures): Use gpg_strerror on open failure + for consistency of error messages. + + * packet.h (PKT_public_key): s/mdc_feature/flags.mdc/. Change all + users. + (PKT_public_key): Split is_disabled into flags.disabled_valid and + flags.disabled. Change all users. + (pk_is_disabled): Adjust for change. + (PKT_public_key): s/is_primary/flags.primary/. Change all users. + (PKT_public_key): s/is_revoked/flags.revoked/. Change all users. + (PKT_public_key): s/maybe_revoked/flags.maybe_revoked/. Change all + users. + (PKT_public_key): s/is_valid/flags.valid/. Change all users. + (PKT_public_key): s/dont_cache/flags.dont_cache/. Change all users. + (PKT_public_key): s/backsig/flags.backsig/. Change all users. + + * sign.c (openpgp_card_v1_p): New. + (hash_for): Re-implement test for v1 cards. + * packet.h (PKT_public_key): Add field serialno and + flags.serialno_valid. + * free-packet.c (release_public_key_parts): Free serialno. + + * parse-packet.c (parse_key): Cast -1 to size_t. + * trustdb.c (validate_keys): Cast -1 to size_t. Suggested by + Steven M. Schweda. + +2010-10-18 Werner Koch + + * call-agent.c (agent_scd_pksign): Replace sprintf by bin2hex. + (agent_scd_pkdecrypt, agent_pksign): Ditto. + + * sign.c (do_sign): Remove warning and commented old code. + +2010-10-14 Werner Koch + + * call-agent.c (agent_genkey): Add arg NO_PROTECTION. + * keygen.c (do_create, gen_elg, gen_dsa, gen_rsa, common_gen): Add + arg KEYGEN_FLAGS. + (read_parameter_file): Add options no-protection and transient-key. + (KEYGEN_FLAG_NO_PROTECTION, KEYGEN_FLAG_TRANSIENT_KEY): New. + (gen_rsa, gen_dsa, gen_elg): Use transient-key. + +2010-10-13 Werner Koch + + * call-agent.c (start_agent): Send option agent-awareness. + (status_sc_op_failure): Take care of GPG_ERR_FULLY_CANCELED. + * passphrase.c (passphrase_get): Ditto. + * import.c (transfer_secret_keys): Ditto. + * card-util.c (write_sc_op_status): Ditto. + + * getkey.c (enum_secret_keys): Rewrite. + + * pubkey-enc.c (get_session_key): Skip keys without an encryption + capability. Handle GPG_ERR_FULLY_CANCELED. + * gpg.c: Add option --try-secret-key. + * options.h (struct opt): Add field secret_keys_to_try. + + * passphrase.c (next_to_last_passphrase): Remove. + +2010-10-12 Werner Koch + + * keygen.c (generate_subkeypair): Check availibility of secret parts. + + * keylist.c (print_card_serialno): Change to take a hexified serialno. + (list_keyblock_print): Print serialno and stub key indicators. + (list_keyblock_colon): Ditto. + + * getkey.c (have_any_secret_key): Remove. Replace all calls by + agent_probe_any_secret_key. + * gpgv.c (agent_probe_any_secret_key): New. + (agent_get_keyinfo): New. + +2010-10-08 Werner Koch + + * gpg.c: Add option --with-keygrip. + * options.h (struct opt): Add WITH_KEYGRIP. + * keylist.c (list_keyblock_print, list_keyblock_colon): Implement + new option. + +2010-10-06 Werner Koch + + * import.c (transfer_secret_keys): Ignore missing key parameters. + Provide dummy IV. Ignore stub keys. + +2010-10-01 Werner Koch + + * export.c (do_export_stream): Rewrite to take the secret keys + from the agent. + (canon_pubkey_algo, transfer_format_to_openpgp): New. + +2010-09-29 Werner Koch + + * keygen.c (key_from_sexp): Fix memory leak in the error case. + + * call-agent.c (agent_export_key): New. + +2010-09-29 Werner Koch + + * build-packet.c (build_packet): Fix up the pkttype. + + * keyid.c (keystr_with_sub): Make SUB_KID optional. + (keystr_from_pk_with_sub): Ditto. + + * call-agent.c (agent_scd_pksign): Add missing space. + + * mainproc.c (struct mainproc_context): Add field CTRL. + (proc_packets): Add arg CTRL. Change all callers. + (proc_signature_packets, proc_signature_packets_by_fd) + (proc_encryption_packets): Add arg CTRL. Change all callers. + * compress.c (handle_compressed): Ditto. + * getkey.c (get_pubkey_byname): Ditto. + * keyserver.c (keyserver_spawn, keyserver_work): Ditto. + (show_prompt, keyserver_export, keyserver_import) + (keyserver_import_fprint, keyserver_import_keyid) + (keyserver_refresh, keyserver_search, keyserver_fetch) + (keyserver_import_name, keyserver_search_prompt) + (keyserver_import_pka, keyserver_import_cert): Ditto. + callers. + * verify.c (verify_signatures, verify_files): Ditto. + * sign.c (sign_file): Ditto. + * encrypt.c (encrypt_crypt, encrypt_crypt_files): Ditto. + * pkclist.c (find_and_check_key, build_pk_list): Ditto. + * keylist.c (locate_one, public_key_list, secret_key_list): Ditto. + * card-util.c (fetch_url, card_edit): Ditto. + * import.c (check_prefs, import_one, revocation_present): Ditto. + * keyedit.c (menu_addrevoker, keyedit_menu): Ditto. + * decrypt-data.c (decrypt_data): Ditto. + * decrypt.c (decrypt_message, decrypt_messages) + (decrypt_message_fd): Ditto. + * gpgv.c (main): Add CTRL structure. + +2010-09-28 Werner Koch + + * options.h (struct opt): Remove SIMPLE_SK_CHECKSUM. + + * export.c (parse_export_options): Remove option + export-resert-subkey-passwd. + (do_export_stream, do_export, export_pubkeys) + (export_pubkeys_stream, export_seckeys, export_secsubkeys): Add + arg CTRL. Change all callers. + + * call-agent.c (hash_algo_option): New. + (agent_scd_pksign): Use it. + +2010-09-17 Werner Koch + + * call-agent.c (agent_probe_any_secret_key): New. + +2010-09-28 David Shaw + + * options.skel: Make the example for force-v3-sigs match + reality (it has defaulted to off since 2007-10-25). + +2010-09-06 Werner Koch + + * card-util.c (card_status): Remove stub creation for GnuPG >= 2. + (card_store_subkey): Temporary disable this code. + + * keyedit.c (show_key_with_all_names): Merge secret and public key + parts. + (show_basic_key_info): Ditto. + * delkey.c (do_delete_key): Ditto. + * export.c (subkey_in_list_p, exact_subkey_match_p): Ditto. + (new_subkey_list_item): Ditto. + * keyid.c (keystr_from_sk, keystr_from_sk_with_sub) + (keyid_from_sk, nbits_from_sk, datestr_from_sk) + (expirestr_from_sk, colon_datestr_from_sk, fingerprint_from_sk) + (serialno_and_fpr_from_sk, do_fingerprint_md_sk): Remove. + * import.c (print_import_ok): Remove arg SK. + (import_secret_one): Adjust for seckey_info format. + (transfer_secret_keys): Ditto. Use gpg_format_keydesc. + (sec_to_pub_keyblock): Simplify. + (pub_to_sec_keyblock): Remove. + (auto_create_card_key_stub): Remove - not anymore needed. + (update_sec_keyblock_with_cardinfo): Remove. + (import_secret_one): Use arg option instead of the global option. + * free-packet.c (copy_public_key): Adjust for seckey_info format. + (copy_public_parts_to_secret_key, copy_secret_key) + (cmp_secret_keys, cmp_public_secret_key): Remove. + * passphrase.c (gpg_format_keydesc): Add arg MODE and change all + callers. + * keyring.c (keyring_search): Remove special case for secret keys. + * mainproc.c (struct mainproc_context): Remove unused field + LAST_SECKEY. + * parse-packet.c (parse_key): Rewrite to cope with new seckey_info + format. + * build-packet.c (do_public_key, do_secret_key): Merge code into ... + (do_key): .. new. Cope with seckey_info format. + +2010-09-03 Werner Koch + + * packet.h (struct seckey_info): New. + (PKT_public_key): Increase size of PKEY to allow storing of secret + keys. Add field SECKEY_INFO. + (PKT_secret_key): Remove. + * free-packet.c (release_public_key_parts): Take care of change. + (release_secret_key_parts, free_secret_key): Remove. + +2010-09-02 Werner Koch + + * import.c (transfer_secret_keys, import_secret_one): Enable stats. + (import_secret_one): Enable secret key merging. + +2010-09-01 Werner Koch + + * sign.c (do_sign, write_signature_packets, complete_sig): Add arg + CACHE_NONCE. + (make_keysig_packet): Ditto. + * keygen.c (make_backsig, write_direct_sig, write_selfsigs) + (write_keybinding): Add arg CACHE_NONCE. + (do_generate_keypair): Use cache_nonce to avoid a pinentry for the + self-signatures. + + * passphrase.c (gpg_format_keydesc): Remove now superfluous + algo_name fallback. + + * keygen.c (gen_elg, gen_dsa, gen_rsa, do_create, common_gen): Add + arg CACHE_NONCE_ADDR. + (generate_subkeypair): Pass NULL for CACHE_NONCE_ADDR. + (do_generate_keypair): Add cache nonce handling. + + * import.c (transfer_secret_keys): Support a cache nonce. + * call-agent.c (cache_nonce_status_cb): New. + (agent_genkey, agent_import_key): Add arg CACHE_NONCE_ADDR. + (agent_pksign): Ditto. + +2010-08-30 Werner Koch + + * keyid.c (KEYID_STR_SIZE): New + (keystr): Use snprintf and new macro. + (keystr_with_sub): New. + (keystr_from_sk_with_sub): New. + (keystr_from_pk_with_sub): New. + +2010-08-27 Werner Koch + + * gpg.c (main): Change scope of CTRL to the entire function. + + * import.c (import_secret_one, import, import_keys_internal) + (import_keys, import_keys_stream): Add arg CTRL. + * call-agent.c (agent_keywrap_key): New. + (agent_import_key, inq_import_key_parms): New. + +2010-08-26 Werner Koch + + * misc.c (openpgp_pk_algo_name): New. + (openpgp_md_algo_name): New. + +2010-08-24 Werner Koch + + * options.h (IMPORT_SK2PK): Remove. + * import.c (parse_import_options): Turn convert-sk-to-pk into a + dummy option. + (sec_to_pub_keyblock): Use modern functions. + +2010-08-16 Werner Koch + + * gpg.c (list_config, gpgconf_list): Use es_printf. + (print_hex, print_hashline, print_algo_numbers) + (print_algo_names): Use es_printf. + +2010-07-20 Werner Koch + + * mainproc.c (print_pkenc_list): Write a STATUS_ERROR. Fixes + bug#1255. + +2010-06-17 Werner Koch + + * gpg.c (main): Use CAST5 as default s2k algo. The macro + USE_CAST5 was only used with GnuPG 1.x. + +2010-06-07 Werner Koch + + * cpr.c: Use estream for status output. + +2010-05-12 Werner Koch + + * armor.c (radix64_read): Extended 2006-04-28 fix to fix bug#1179. + + * plaintext.c (handle_plaintext): Check return code of fflush. + Fixes bug#1207. + +2010-05-07 Werner Koch + + * import.c (fix_bad_direct_key_sigs): New. + (import_one): Call it. + (chk_self_sigs): Re-indent, slighly re-arrange code, use test + macros for the sig class. Check direct key signatures. Fixes + bug#1223. + +2010-04-27 Werner Koch + + * passphrase.c (gpg_format_keydesc): New. + * pubkey-enc.c (get_it): Use it. + * sign.c (do_sign): Use it. + +2010-04-26 Werner Koch + + * keygen.c (keygen_set_std_prefs): Explicitly include Z0 in the + default preferences if no compression algorithms are available. + Remove a possible trailing space in the dummy_string. + +2010-04-23 Werner Koch + + * pubkey-enc.c (get_it): Use the agent for decryption. + * call-agent.c (agent_pkdecrypt, inq_ciphertext_cb): New. + +2010-04-22 Werner Koch + + * photoid.c (show_photos): Remove arg SK. + + * pubkey-enc.c (get_session_key, get_it): Change to use the public + key object. + (get_it): Remove card related stuff. Now automagically handled + by the agent. + + * skclist.c (build_sk_list): Remove UNLOCK arg. + + * keylist.c (print_fingerprint): Remove arg SK. + * mainproc.c (list_node): Disable listing of secret key packets. + + * keyring.c (struct keyring_name, struct keyring_handle): Remove + field SECRET. + (keyring_register_filename, keyring_new, orename_tmp_file) + (do_copy): Remove arg SECRET. + * keydb.c (struct resource_item): Remove field SECRET. + (keydb_add_resource): Remove arg SECRET. + (keydb_new): Remove code fro secret keyrings. + + * gpg.c (main): Ignore --secret-keyring. Remove all secret + keyring related code. + +2010-04-21 Werner Koch + + * pkclist.c (default_recipient): Change to use public keys. + + * keydb.c (keydb_new): Remove arg SECRET. Change all callers. + + * getkey.c (get_seckey): Change to take a public key. + (have_secret_key): Rename to have_any_secret_key and make use of + the agent. + (key_byname): Rmemove unused arg SK. + (get_seckey_byname2): Remove and move code to + (get_seckey_byname): .. here. Remove INLOCK arg. + (get_seckey_bynames): Remove. + (get_seckey_next): Remove. + (get_seckey_end): Remove. Use get_pubkey_end instead. + (get_seckey_byfprint, get_seckeyblock_byfprint): Change to use + public keys. + (seckey_available): Rename to .. + (have_secret_key_with_kid): .. this and change to employ the + agent. Change all callers. + (sk_from_block): Remove. + + * call-agent.c (agent_probe_secret_key): New. + (agent_havekey): Remove. + * gpgv.c (agent_probe_secret_key): New. + + * keyedit.c (keyedit_menu) + (sign_uids, menu_adduid, menu_deluid, menu_delkey) + (menu_addrevoker, menu_expire, menu_backsign) + (menu_set_primary_uid, menu_set_preferences) + (menu_set_keyserver_url, menu_set_notation, menu_revsig) + (menu_revuid, menu_revkey, menu_revsubkey): Remove all code to + manage the secret keyring. + +2010-04-20 Werner Koch + + * keylist.c (list_keyblock_colon): Print the keygrip. + + * sign.c (do_sign): Call the agent to create the signature. + (mpi_from_sexp): New. + * keyid.c (keygrip_from_pk, hexkeygrip_from_pk): New. + * call-agent.c (agent_pksign): New. + + * pkglue.c (pk_sign): Remove. + + * keygen.c (generate_keypair): Do not ask for a passphrase. + +2010-04-15 Werner Koch + + * keygen.c (gen_dsa, gen_elg, gen_rsa): Remove args SEC_ROOT, DEK, + S2K and RET_SK. Change to use the gpg-agent based key generation. + Factor common code out to ... + (common_gen): New. + (do_create): Remove args SEC_ROOT, DEK, S2K and RET_SK. + (do_generate_keypair, write_selfsigs, write_direct_sig) + (write_keybinding, make_backsig): Adjust for above changes. + (generate_subkeypair): Remove arg SEC_KEYBLOCK. + (genhelp_protect, genhelp_factors): Remove. + (get_parameter_dek, get_parameter_s2k): Remove. + + * call-agent.c (start_agent): Add dummy arg CTRL. + (agent_havekey, keyinfo_status_cb, agent_get_keyinfo) + (agent_genkey): New. + + * seckey-cert.c (check_secret_key): Remove + (is_secret_key_protected): Take a public key as arg. + (protect_secret_key): Remove. + + * seskey.c (encode_md_value): Remove SK arg. + +2010-04-14 Werner Koch + + * cpr.c (myread) [W32CE]: Do not use raise. + + * misc.c (check_compress_algo): Rewrite to handle the new HAVE_ZIP. + * compress.c (push_compress_filter2): Ditto. + (init_compress, do_compress, init_uncompress, do_uncompress) + (compress_filter) [!HAVE_ZIP]: Do not build. + * main.h (DEFAULT_COMPRESS_ALGO): Depend on HAVE_ZIP. + * keygen.c (keygen_set_std_prefs): Use check_compress_algo also + for ZIP and ZLIB. + + * Makefile.am (install-exec-hook) [W32CE]: New. + (bin_PROGRAMS) [W32CE]: Do not build gpgv2. + (gpg2_LDADD): Add extra_syslibs. + +2010-04-06 Werner Koch + + * openfile.c (mkdir): Remove. + (try_make_homedir): Use gnupg_mkdir. + +2010-04-01 Werner Koch + + Use gpg_err_set_errno to set ERRNO. + +2010-03-26 Werner Koch + + * signal.c (pause_on_sigusr): Remove. It was used in ancient gpg + version with shared memory IPC. Last caller removed on 2006-04-18. + +2010-03-24 Werner Koch + + * openfile.c (CMP_FILENAME): Depend on HAVE_DOSISH_SYSTEM instead + of HAVE_DRIVE_LETTERS. + +2010-03-15 Werner Koch + + * card-util.c: Replace stdio by estream. + * keylist.c: Ditto. + +2010-03-12 Werner Koch + + * plaintext.c (setup_plaintext_name): Do not encode pipe like + filenames. This helps with bug#1201. + + * seckey-cert.c (do_check): Return GPG_ERR_CANCELED. + * keyedit.c (change_passphrase): Add arg R_ERR. + (keyedit_passwd): Return the correct error or emit a success + status message. + +2010-03-11 Werner Koch + + * misc.c (mpi_print): Change to take a estream_t arg. + + * parse-packet.c (listfp): Change to an estream_t. Change all + users to use estream functions. + + * kbnode.c (dump_kbnode): Change to use log functions. + * pkclist.c (do_show_revocation_reason): Ditto + + * armor.c (parse_header_line): Replace print_string by + es_print_sanitized. + (fake_packet): Ditto. + * keyedit.c (print_and_check_one_sig_colon): Ditto. + (show_key_with_all_names_colon): Ditto. + (ask_revoke_sig): Ditto. + * keylist.c (list_keyblock_colon): Ditto. + * mainproc.c (print_userid, list_node): Ditto. + * trustdb.c (dump_key_array): Ditto. + * gpg.c (list_config): ditto. + + * gpg.c: Include "asshelp.h". + (main): Remove assuan_set_assuan_log_prefix. Add + assuan_set_log_cb. + * server.c (gpg_server): Remove assuan_set_log_stream. + +2010-03-10 Werner Koch + + * Makefile.am (needed_libs): Remove libjnlib.a. + + * main.h: Remove "estream.h". + +2010-03-08 Werner Koch + + * main.h: Include "estream.h" + * openfile.c (open_outfile): Replace dup/iobuf_fdopen by + iobuf_fdopen_nc. + * mainproc.c (proc_signature_packets_by_fd): Return error on + memory failure. + * plaintext.c (hash_datafile_by_fd): Ditto. + * verify.c (gpg_verify): Use iobuf_fdopen_nc. Change OUT_FP to an + estream_t. + * server.c (cmd_verify): Do not dup the fds. + + Use macros for iobuf_ioctl commands. + +2010-02-17 Werner Koch + + * keygen.c (ask_user_id): Avoid infinite loop in case of invalid + data. Fixes bug#1186. + +2010-02-02 Werner Koch + + * keyedit.c (keyedit_menu): Change prompt to "gpg". + * card-util.c (card_edit): Change prompt to "gpg/card". + +2010-01-11 Werner Koch + + * sign.c (only_old_style, write_onepass_sig_packets, hash_for) + (write_signature_packets, print_status_sig_created) + (clearsign_file, make_keysig_packet, mk_notation_policy_etc) + (complete_sig, do_sign, update_keysig_packet): Replace all + secret key access by the matching public key. + * keylist.c (print_seckey_info): Ditto. + * revoke.c (gen_desig_revoke): Ditto. + * skclist.c (release_sk_list): Ditto. + * keyedit.c (sign_uids): Ditto. + * misc.c (get_signature_count): Ditto. + * main.h (struct expand_args): s/sk/pksk/. Change all users. + + * keyedit.c (keyedit_passwd): Finish implementation. + +2010-01-10 Werner Koch + + * skclist.c (GCRYCTL_FAKED_RANDOM_P): Remove because we require + libgcrypt 1.4. + (is_insecure, key_present_in_sk_list): Work with public keys. + (build_sk_list): Change to work on public keys. + * keydb.h (struct sk_list): Replace field SK by a PK field. + + * keylist.c (list_keyblock_print): Always look for the public key + and ignore all secret key packets. + (list_keyblock_colon): Ditto. + (print_capabilities): Remove arg SK and all secret key stuff. + Adjust all callers. + (dump_attribs): Ditto. + + * getkey.c (getkey_bynames, getkey_next, get_pubkey_end): New. + (getkey_byname): New. + (getkey_ctx_s): Add WANT_SECRET. + (key_byname): Set it. + (merge_keys_and_selfsig): Remove all the secret key merging. + (lookup): Simplify by removing secret key code. + + * keylist.c (list_all): Scan public keys and use have_secret_key + to filter secret keys. + (list_one): Use the new get_key functions. + + * gpg.h (kbnode_t): Add as alias for KBNODE. + * keydb.h (getkey_ctx_t): Add as alias for GETKEY_CTX. + +2010-01-09 Werner Koch + + * getkey.c, keylist.c: Re-indent. + +2010-01-08 Werner Koch + + * cpr.c (write_status_error): Rename to write_status_errcode. + Change all callers. + (write_status_error): New. + + * gpg.c: Add option --passwd. + (aPasswd): New. + (main): Implement. + * keyedit.c (keyedit_passwd): New. + + * gpg.c (oPasswd, oPasswdFD, oPasswdFile, oPasswdRepeat): Change + to oPassphrase, oPassphraseFD, oPassphraseFile, oPassphraseRepeat. + * options.h (struct): s/passwd_repeat/passphrase_repeat/. + * gpg.c (main): Ditto. + * passphrase.c (passphrase_to_dek_ext): Ditto. + +2009-12-21 Werner Koch + + * call-agent.c (agent_get_s2k_count): New. + * gpg.c (main): Set s2k_count to 0. + * (encode_s2k_iterations): Move ... + * passphrase.c (encode_s2k_iterations): ... here. Call + agent_get_s2k_count if called with a 0 arg. + (passphrase_to_dek_ext): Set S2K_COUNT via encode_s2k_iterations. + +2009-12-17 Werner Koch + + * sig-check.c (do_check_messages): Evaluate the HAS_EXPIRED flag. + Fixes bug#1059. + + * gpg.c: Add new option --faked-system-time. + +2009-12-15 Werner Koch + + * keydb.c (keydb_add_resource): s/readonly/read_only/g. + * keyring.c (keyring_register_filename): Ditto. + + * tdbio.c (tdbio_set_dbname): Do not call log_fatal after creating + the directory. Fixes bug#1169. Reported by Daniel Leidert. + +2009-12-08 Werner Koch + + * keyring.h: Include userids.h. + * gpg.h (KEYDB_SEARCH_DESC): Remove. + * packet.h: Include userids.h. + (PKT_user_id): Declare using gpg_pkt_user_id_s. + * keydb.h (KeydbSearchMode, struct keydb_search_desc): Remove. We + now use those in ../kbx. + * getkey.c (classify_user_id): Remove. It is now in common/. + (key_byname): Adjust for changed classify_user_id. + * delkey.c (do_delete_key): Ditto. + * trustdb.c (register_trusted_key): Ditto. + * revoke.c (gen_desig_revoke, gen_revoke): Ditto. + * keyserver.c (parse_keyrec, keyserver_export, keyserver_import) + (keyidlist): Ditto. + * export.c (do_export_stream): Ditto. + + * pkclist.c (find_and_check_key): Replace GPG_ERR_INV_NAME by + GPG_ERR_INV_USER_ID. + +2009-12-04 Werner Koch + + * keygen.c (DEFAULT_STD_ALGO, DEFAULT_STD_KEYSIZE): New. + (ask_keysize): Use new macro. + (gen_rsa): Set default size if NBITS is 0. + (get_parameter_algo): Add algo name "default". Add arg R_DEFAULT. + (proc_parameter_file): Process default flag. + +2009-12-03 Werner Koch + + * gpg.c (set_debug): Allow for numerical debug leveles. Print + active debug flags. + +2009-11-27 Werner Koch + + * keyedit.c (cmds, keyedit_menu): New command "checkbkupkey". + +2009-11-25 Marcus Brinkmann + + * server.c (gpg_server): Use assuan_fd_t and assuan_fdopen on fds. + +2009-11-23 Werner Koch + + * gpg.c (gpgconf_list): Add key "default_pubkey_algo". + +2009-11-18 Werner Koch + + * gpg.c: Add option --skip-hidden-recipients and no- variant. + * options.h (struct opt): Add field SKIP_HIDDEN_RECIPIENTS. + * pubkey-enc.c (get_session_key): Implement that option. + +2009-11-04 Werner Koch + + * server.c (register_commands): Add NULL arg to + assuan_register_command. + +2009-11-02 Marcus Brinkmann + + * server.c (reset_notify, input_notify, output_notify): Update to + new assuan interface. + (register_commands): Use assuan_handler_t. + +2009-10-19 Werner Koch + + * options.h (glo_ctrl): Add field LASTERR. + * mainproc.c (proc_encrypted): Set LASTERR. + * server.c (cmd_decrypt): Check LASTERR. + +2009-10-02 Werner Koch + + * server.c (cmd_encrypt, cmd_decrypt): Implement. + * decrypt.c (decrypt_message_fd): New. + * options.h (struct opt): Add field OUTFP. + * plaintext.c (handle_plaintext): Support opt.outfp. + + * encr-data.c: Rename to decrypt-data.c to reflect the action and + not the processed packet type. + +2009-10-02 Werner Koch + + * encr-data.c (decode_filter_context_s): Add fields PARTIAL and + LENGTH. + (decrypt_data): Set them. Simplify premature EOF detection. + (mdc_decode_filter): Take fixed length packets in account. + (decode_filter): Ditto. Better EOF detection. + * parse-packet.c (parse_encrypted): Store ed->LEN without the MDC + version byte. + +2009-09-30 Werner Koch + + * parse-packet.c (skip_packet, parse_gpg_control) : Take + care of premature EOFs. + + * gpg.c (main): Remove obsolete GCRYCTL_DISABLE_INTERNAL_LOCKING. + +2009-09-29 Werner Koch + + * openfile.c (open_outfile): Re-indent. Use xstrconcat. + (NAME_OF_DEV_NULL): New. + (open_outfile): Use it. + (overwrite_filep): Use it. Also use case insensitive compare + when needed. Re-indent. + (open_outfile): Add arg INP_FD. Change all callers. + + * encrypt.c (encrypt_crypt): Add new args FILEFD, OUTPUTFD and + PROVIDED_KEYS. Change all callers. + +2009-09-28 Werner Koch + + * server.c (skip_options, has_option): New. + (cmd_recipient): Implement. + + * keydb.h (pk_list_t): New. + + * pkclist.c (send_status_inv_recp): New. Replace direct calls. + (build_pk_list): Factor some code out to ... + (find_and_check_key): ... new. + + * encode.c: Rename to encrypt.c. Re-indent all. + * encrypt.c (encode_symmetric, encode_store, encode_seskey) + (encode_simple, encode_crypt, encode_filter) + (encode_crypt_files): Rename all to encrypt_*. Change all callers. + + * trustdb.c (get_validity_info): Take care of a NULL PK. Fixes + bug#1138. + (get_validity_string): Ditto. + +2009-09-25 Werner Koch + + * pkglue.c (pk_sign, pk_verify, pk_encrypt, pk_decrypt) + (pk_check_secret_key): Allow deprecated RSA identifiers 2 and 3. + Fixes bug#1139. + +2009-09-23 Marcus Brinkmann + + * call-agent.c: Include "scdaemon.h" before because of + GPG_ERR_SOURCE_DEFAULT check. + (learn_status_cb, dummy_data_cb, get_serialno_cb, default_inq_cb) + (learn_status_cb, inq_writecert_parms, inq_writekey_parms) + (scd_genkey_cb, membuf_data_cb): Return gpg_error_t instead of + int. + * gpg.c: Include "scdaemon.h" before because of + GPG_ERR_SOURCE_DEFAULT check. + (main): Update to new Assuan API. + * server.c: Include "scdaemon.h" before because of + GPG_ERR_SOURCE_DEFAULT check. + (option_handler, cmd_recipient, cmd_signer, cmd_encrypt) + (cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export) + (cmd_delkeys, cmd_message, do_listkeys, cmd_listkeys) + (cmd_listsecretkeys, cmd_genkey, cmd_getinfo): Return gpg_error_t + instead of int. + (register_commands): Allocate assuan context before starting + server. + (gpg_server): Allocate assuan_context before starting server. + +2009-09-04 Werner Koch + + * keyedit.c (menu_select_uid): Use IDX ==-1 t select all. + (menu_select_key): Ditto. + (keyedit_menu) : Allow '*' to select all. + +2009-09-03 Werner Koch + + * keyedit.c (menu_adduid): Pass keyblock to generate_user_id. + * keygen.c (generate_user_id): Add arg KEYBLOCK. Factor code out + to ... + (uid_from_string): ... new. + (ask_user_id): Add arg KEYBLOCK and check for duplicates. Fix + bug#1122. + + * Makefile.am (uninstall-local): New. + + * compress-bz2.c (do_uncompress): Detect unexpected EOF. Fix + bug#1011. + +2009-08-26 Werner Koch + + * keyedit.c (menu_revsig): Check for signature right away. Fix + Debian-bug#543530. + +2009-08-20 Daiki Ueno + + * mainproc.c (proc_encrypted): Clear passphrase cached with S2K + cache ID if decryption failed. + * passphrase.c (passphrase_to_dek_ext): Set dek->s2k_cacheid. + * gpgv.c (passphrase_clear_cache): New stub. + +2009-08-11 Werner Koch + + * call-agent.c (get_serialno_cb): New. From ../agent/call-scd.c. + (gpg_agent_get_confirmation): New. + (select_openpgp): New. + (agent_scd_pkdecrypt, agent_scd_pksign): Use it here. + +2009-08-06 Werner Koch + + * skclist.c (build_sk_list): Print INV_SGNR status line. + * seckey-cert.c (do_check): Return G10ERR_UNU_SECKEY instead of + general error. + +2009-08-05 Werner Koch + + * card-util.c: Enable readline support also in GnuPG-2. + + * call-agent.c (agent_learn): Always select the card first. + + * gpg.c: Add --key-edit alias. + + * call-agent.c (scd_genkey_cb): Forward progress status lines. + + * card-util.c (generate_card_keys): Remove special case for + GnuPG-2. Ask for the keysize and change it. + (card_generate_subkey): Ask for the keysize and change it. + (get_info_for_key_operation): Read KEY-ATTR. + (show_keysize_warning, ask_card_keysize): New. + (do_change_keysize): New. + +2009-07-31 David Shaw + + * gpg.c (main): --pgp6 includes --disable-mdc. + +2009-07-23 David Shaw + + * keyserver.c (keyserver_import_ldap): Try a DNS-SD lookup to find + a domain-specific LDAP server before resorting to keys.{domain}. + +2009-07-22 Werner Koch + + * card-util.c (generate_card_keys): Ask for off-card keys only if + the card supports it. + (get_info_for_key_operation): Read EXTCAP. + (card_store_subkey): Check for non matching sizes. + + * call-agent.h (struct agent_card_info_s): Add field EXTCAP. + * call-agent.c (agent_learn): Use a direct SCD command. + (did_early_card_test): New. + (start_agent): Perform an early test for the card. Add arg FOR_CARD. + (status_sc_op_failure): New. + (agent_scd_setattr, agent_scd_writekey, agent_scd_genkey) + (agent_scd_pksign, agent_scd_pkdecrypt, agent_scd_change_pin) + (agent_scd_checkpin): Call new function. + (learn_status_cb): Parse KEY_TIME and EXTCAP. + + * gpg.c (main) : Show commands to run. + * trustdb.c (how_to_fix_the_trustdb): New. + * tdbio.c (tdbio_invalid): Show commands to re-create the trustdb. + Fixes bug#929. + +2009-07-20 Werner Koch + + * keygen.c (generate_keypair): Allow Elgamal > 3072 in BOTH mode. + Reported by Jeroen Schot. Fixes bug#1091. + +2009-07-17 Werner Koch + + * keyring.c (keyring_rebuild_cache): Replace the assert by a + proper error message and allow to delete a bad keyblock. + +2009-07-13 Werner Koch + + * exec.c: Fix function name indentation. + (expand_args): Simplify by using membuf functions. + (exec_write): Fix memory leak on error. + (w32_system): Use DETACHED_PROCESS so that a new console is not + created. + +2009-07-09 Werner Koch + + * card-util.c (card_store_subkey): Do not restrict to 1024 bit keys. + Print an error message on write errors. + + * gpg.c (main): Remove the SHA-1 default from the personal digest + list. This was used in the past as a hack to avoid preferring + RMD-160. + + * keygen.c (keygen_set_std_prefs): Remove RMD-160 from the list. + Change order to SHA-256, SHA-1, SHA-384, SHA-512, SHA-224. + (gen_dsa): Use a 256 bit Q for 2048 bit P. Round to FIPS allowed + values in non-expert mode. + +2009-07-07 Werner Koch + + * gpg.c (set_opt_session_env): New. + (main): Allocate opt.session_env. Use it for oDisplay, oTTYname, + oTTYtype and oXauthority. + + * options.h: Include session_env.h. + (opt): Add field SESSION_ENV, remove obsolete fields. + + * call-agent.c (start_agent): Adjust start_new_gpg_agent for + changed args. + +2009-06-24 Werner Koch + + * keyedit.c (menu_select_key): Remove dead assign to I. + (menu_select_uid): Ditto. + * keyring.c (keyring_search): Remove dead assign to NAME. + * card-util.c (card_edit): Remove useless DID_CHECKPIN. + * call-agent.c (unhexify_fpr): Remove dead op on N. + * passphrase.c (passphrase_to_dek_ext): Do not deref a NULL PW. + * revoke.c (gen_revoke): Remove unused malloc of PK. + * parse-packet.c (mpi_read): Init NREAD. + Reported by Fabian Keil. + +2009-06-17 Werner Koch + + * parse-packet.c (parse): Use a casted -1 instead of a 32 bit + constant to check for a garbled package. Fixes bug#1040. + + * card-util.c (put_data_to_file, read_cert): New. + (card_edit): Add command "readcert". + (fetch_url): Allow code also for this gnupg major version 2. + * call-agent.c (agent_scd_readcert): New. + +2009-06-15 Werner Koch + + * keyserver.c (keyserver_search_prompt): No prompt in batch+colons + mode. + +2009-06-09 Werner Koch + + * card-util.c (write_sc_op_status): New. + (change_pin): Use it. + (change_url, change_login, change_private_do, change_cert) + (change_lang, change_sex, change_cafpr, toggle_forcesig) + (check_pin_for_key_operation): Ditto. + +2009-06-05 David Shaw + + * gpg.c (main), misc.c (openpgp_cipher_test_algo): Remove Camellia + restriction. + + * misc.c (map_cipher_openpgp_to_gcry), main.h: Add macros for + openpgp_cipher_open, openpgp_cipher_get_algo_keylen, and + openpgp_cipher_get_algo_blklen to wrap around the corresponding + gcry_* functions, but pass the algorithm number through + map_cipher_openpgp_to_gcry. This is needed in case the gcry + algorithm number doesn't match the OpenPGP number (c.f. Camellia). + + * encr-data.c, pubkey-enc.c, mainproc.c, cipher.c, encode.c, + seskey.c, passphrase.c, seckey-cert.c: Use new openpgp_cipher_* + macros here. + +2009-06-02 Werner Koch + + * card-util.c (get_manufacturer): Add new manufacturer. + +2009-05-26 Werner Koch + + * parse-packet.c (mpi_read): Workaround for zero-length MPI bug in + libgcrypt<1.5.0. + +2009-05-22 Werner Koch + + * signal.c (got_fatal_signal): Call new function + tty_cleanup_after_signal. + +2009-05-20 Werner Koch + + * gpg.c (main): Fix --fingerprint/--with-fingerprint command + detection. Fixes bug#1044. + + * keygen.c (ask_keysize): Allow selection of DSA key size even + without --enable-dsa2. + (gen_dsa): Remove size check. + + * keygen.c (ask_key_flags): Fix bug in the translation check. + Fixes bug#1056. + +2009-05-18 Daiki Ueno (wk) + + * encode.c (encode_simple): Tell passphrase_to_dek to cache + the passphrase. + (setup_symkey): Ditto. + * mainproc.c (proc_symkey_enc): Tell passphrase_to_dek to cache + the passphrase. + (proc_encrypted): Ditto. + * passphrase.c (hash_passphrase): Remove arg CREATE. + (passphrase_to_dek): New mode 3 and 4 for caching passphrase for + symmetric encryption. + +2009-05-17 Werner Koch + + * keygen.c (ask_algo): Add arg R_SUBKEY_ALGO. Change return value + semantics. Change presented order of algorithms. Make RSA+RSA + the default. + (generate_keypair): Adjust for change. + (ask_keysize): Add arg PRIMARY_KEYSIZE for subkey creation. + Change callers. + +2009-05-15 Werner Koch + + * keygen.c (gen_card_key_with_backup): Get the size of the key + from the card. + * call-agent.h (struct agent_card_info_s): Add field KEY_ATTR. + * call-agent.c (learn_status_cb): Support KEY-ATTR. + * card-util.c (card_status): Print key attributes. + +2009-05-15 Marcus Brinkmann + + * gpg.c (gpgconf_list): Remove dead entry "allow-pka-lookup" (a + verify option for a couple of years now). + +2009-05-14 Werner Koch + + * call-agent.c (agent_get_passphrase): Add arg CHECK. + * passphrase.c (passphrase_get): Pass new arg. + + * keygen.c (gen_card_key_with_backup): Print a status error. + (do_generate_keypair): Ditto. + (do_ask_passphrase): Add arg MODE. + (generate_raw_key): Call with mode 1. + * passphrase.c (ask_passphrase): Remove becuase it is not used. + (passphrase_to_dek): Factor code out to ... + (passphrase_to_dek_ext): .. New. Add args CUSTDESC and CUSTPROMPT. + +2009-05-13 Werner Koch + + * keygen.c (parse_expire_string): Base ISO date string at noon. + Also allow full ISO timestamp. + +2009-05-11 Werner Koch + + * parse-packet.c (parse_key): Print the key id in list mode. + + * skclist.c (build_sk_list): Use log_info for "duplicated entry". + Fixes bug#1045. + + * encode.c (encode_simple): Print empty file warning only in + verbose mode. Closes bug#1039. + (encode_crypt): Ditto. + * sign.c (write_plaintext_packet): Ditto. + +2009-05-10 David Shaw + + * keyserver.c (keyserver_typemap): gpgkeys_hkp handles hkps as + well. From 1.4. + +2009-05-06 Werner Koch + + * getkey.c (finish_lookup): Remove dead code. + + * keyring.c (keyring_get_keyblock): Fix memory leak due to ring + trust packets. Fixes bug#1034. + +2009-04-03 Werner Koch + + * gpgv.c (main): Open keyrings readonly. + * keydb.c (keydb_add_resource): Add readonly flag bit. + (keydb_rebuild_caches): Don't act on readonly resources. + + * keyring.c (keyring_register_filename): Add arg READONLY. + (struct keyring_name): Add field READONLY. + (keyring_is_writable): Implement readonly feature. + (keyring_update_keyblock): Return GPG_ERR_EACCES for readonly + keyrings. + (keyring_insert_keyblock, keyring_delete_keyblock): Ditto. + +2009-04-01 Werner Koch + + * gpg.c (main): Properly handle UTF8 usernames with --sign-key and + --lsign-key. From 1.4, David 2008-12-21. + +2009-03-20 David Shaw (wk) + + * keyring.c (rename_tmp_file): Force a fsync (via iobuf_ioctl) on + secret keyring files to be extra safe on filesystems that may not + sync data and metadata together (ext4). Also check return code + from the cache invalidation to make sure we're safe over NFS and + similar. + +2009-03-31 Werner Koch + + * passphrase.c (ask_passphrase): Use percent_plus_unescape. + * misc.c (unescape_percent_string): Remove. + + * call-agent.c (unescape_status_string): Chnage to use + percent_plus_unescape. + +2009-03-25 Werner Koch + + * mainproc.c (print_pkenc_list): Use snprintf. + +2009-03-17 Werner Koch + + * call-agent.c (my_percent_plus_escape): Remove. + (agent_get_passphrase): Rewrite using percent_plus_escape. + +2009-03-17 Daiki Ueno + + * passphrase.c (passphrase_get): Add extra arg REPEAT and adjust + callers; remove special treatment for MODE==2. + (passphrase_to_dek): Move --passphrase-repeat handling to + gpg-agent. + + * call-agent.c (agent_get_passphrase): Add extra arg REPEAT. + * call-agent.h: Ditto. + +2009-03-16 Werner Koch + + * gpg.c (my_strusage): Revert last change. Systems w/o a gpg1 may, + and actually do, install gpg2 as gpg. + * gpgv.c (my_strusage): Ditto. + +2009-03-14 David Shaw + + * gpg.c (my_strusage): gpg2 and gpgv2 (not gpg and gpgv). + * gpgv.c (my_strusage): Same. + + * gpgv.c (my_strusage): Fix name of program in "Syntax" line. + +2009-02-27 Werner Koch + + * call-agent.c (agent_scd_pksign, agent_scd_pkdecrypt): First send + the SERIALNO command. + +2009-02-24 Werner Koch + + * pkglue.c (pk_verify): Return an error for improper DATA instead + of calling BUG(). + +2009-02-09 Werner Koch + + * keylist.c (print_capabilities): Take care of cert-only keys. + Fixes bug#998. + * keyedit.c (show_key_with_all_names_colon): Print the capabilities. + +2009-01-26 Werner Koch + + * card-util.c (card_status): Detect a Geldkarte. + +2009-01-13 Werner Koch + + * call-agent.c (dummy_data_cb): New. + (agent_learn): Use it. + * card-util.c (card_status): Print type of non-OpenPGP card. + * call-agent.h (agent_card_info_s): Add field APPTYPE. + +2009-01-12 Werner Koch + + * getkey.c (finish_lookup): Take care of keys with a zero + timestamp. Reported by Peter Gutmann. + +2009-01-08 Werner Koch + + * misc.c (has_invalid_email_chars): Let non-ascii pass through. + + * cpr.c [USE_SHM_COPROCESSING]: Remove this code. + +2008-12-12 Werner Koch + + * passphrase.c (passphrase_get): Write a STATUS_ERROR. + * cpr.c (write_status_error): New. + + * Makefile.am (common_source): Add rmd160.h. + +2008-12-11 Werner Koch + + * sig-check.c (signature_check2): Change algorithm used to compute + the SIG_ID. + (check_revocation_keys): Close message digest. + + * rmd160.c, rmd160.h: New. Based on code from GnuPG-1.4. + * t-rmd160.c: New. + * Makefile.am: Add support to run tests. + * keyid.c (namehash_from_uid): Use rmd160_hash_buffer. + +2008-12-10 Werner Koch + + * trustdb.h (NAMEHASH_HASH): Remove unsued constant. + + * gpg.c (print_mds): Print RMD160 only is enabled. + + * keygen.c (keygen_set_std_prefs): Include RMD160 only if + available. + +2008-12-09 Werner Koch + + * gpg.c (main) [IS_DEVELOPMENT_VERSION]: Fix strusage use. + +2008-12-09 Werner Koch + + * keygen.c (proc_parameter_file): Check that key and subkey usages + are allowed. + +2008-12-09 David Shaw (wk) + + * trustdb.c (validate_one_keyblock): Fix the trust signature + calculations so that we lower the trust depth of signatures to fit + within the current chain, rather than discarding any signature + that does not fit within the trust depth. + +2008-12-09 Werner Koch + + * keyserver.c (show_prompt): Flush stdout. + + * gpg.c (open_info_file): Add arg BINARY and adjust callers. + + * gpg.c (main): Call i18n_init before init_common_subsystems. + * gpgv.c (main): Ditto. + + * keylist.c (set_attrib_fd): Do not close ATTRIB_FP if it is the + log stream. + (set_attrib_fd) [W32]: Set to binary mode. + (dump_attribs): Flush the stream after writing. + +2008-12-05 Werner Koch + + * call-agent.c (percent_plus_escape): Rename to + my_percent_plus_escape and also escape the percent character. + Change all callers. + +2008-11-18 Werner Koch + + * gpg.c (build_lib_list): Remove. + (make_libversion): New. + (my_strusage): Use it. + * gpgv.c (make_libversion): New. + (my_strusage): Print libgcrypt version. + +2008-11-13 Werner Koch + + * gpgv.c: Use new ARGPARSE macros and re-indent. + +2008-11-11 Werner Koch + + * gpg.c (opts): Use new ARGPARSE macros for clarity. + +2008-10-24 Werner Koch + + * keyedit.c (change_passphrase): Clear passphrase cache. + +2008-10-20 Werner Koch + + * gpgv.c: Mark all args of the stub fucntions as unused. + + * card-util.c (generate_card_keys): Remove unused arg SERIALNO and + adjust caller. + + * build-packet.c (write_sign_packet_header): Mark unused arg. + * gpg.c (gpg_init_default_ctrl, gpg_deinit_default_ctrl): Ditto. + * getkey.c (skip_unusable): Ditto. + (write_version): Ditto. + * keydb.c (keydb_locate_writable): Ditto. + * keyring.c (update_offset_hash_table): Ditto. + (keyring_lock): Ditto. + * misc.c (register_secured_file): Ditto. + (unregister_secured_file): Ditto. + (is_secured_file): Ditto. + (is_secured_filename): Ditto. + * parse-packet.c (parse_marker): Ditto. + (parse_key, parse_attribute): Ditto. + (parse_trust, parse_compressed, parse_mdc, parse_gpg_control): Ditto. + * cpr.c (progress_cb): Ditto. + * passphrase.c (passphrase_clear_cache): Ditto. + (ask_passphrase): Ditto. + * keyedit.c (keyedit_completion): Ditto. + * import.c (import_revoke_cert): Ditto. + (chk_self_sigs, delete_inv_parts, append_uid): Ditto. + (merge_sigs, merge_keysigs, append_key): Ditto. + * trustdb.c (list_trust_path): Ditto. + (enum_cert_paths, enum_cert_paths_print): Ditto. + * tdbdump.c (list_trustdb): Ditto. + * keygen.c (keygen_upd_std_prefs): Ditto. + (genhelp_factors): Ditto. + * call-agent.c (agent_scd_setattr): Ditto. + (agent_scd_writekey, agent_scd_change_pin, agent_scd_genkey): Ditto. + (agent_clear_pin_cache): Ditto. + + * server.c (option_handler): Mark non yet used arg. + (input_notify, output_notify): Ditto. + (cmd_recipient, cmd_signer, cmd_encrypt, cmd_decrypt, cmd_verify) + (cmd_sign, cmd_import, cmd_export, cmd_delkeys, do_listkeys) + (cmd_genkey): Ditto. + * verify.c (gpg_verify): Ditto. + +2008-10-17 Werner Koch + + * main.h (idea_cipher_warn): Use do while construct in place of an + empty definition. + +2008-10-03 David Shaw + + * main.h, mainproc.c (check_sig_and_print) + * keylist.c (list_keyblock_print) + * pkclist.c (do_edit_ownertrust) + * keyedit.c (menu_showphoto) + * photoid.c (generate_photo_id, show_photos) + * misc.c (pct_expando): Add %v and %V expandos so + that displaying photo IDs can show the attribute validity + tag (%v) and string (%V). Originally by Daniel Gillmor. + +2008-09-29 Werner Koch + + * gpg.c (main): Remove -sat kludge. Note that we printed a + warning for two years. + + * seskey.c (encode_md_value): Remove extra gcry_md_test_algo since + it is not needed with Libgcrypt 1.4. + * skclist.c (random_is_faked): Simplify. + * sign.c (match_dsa_hash): Remove runtime check for SHA224. + * gpg.c (print_mds): Use GCRY_MD_SHA224 constant. + +2008-09-25 David Shaw + + * keyedit.c (keyedit_menu): Fix bug where a modified keyring loses + its modified status after a "clean" or "minimize" that doesn't + need to do anything. + +2008-09-25 Werner Koch + + * parse-packet.c (parse): Remove special treatment for compressed + new style packets. Fixes bug#931. + + * card-util.c (change_pin): Support setting of the reset code. + +2008-09-24 Werner Koch + + * call-agent.h (struct agent_card_info_s): Add field IS_V2. + * call-agent.c (learn_status_cb): That that field. + + * card-util.c (change_pin): Rename first arg to UNBLOCK_v2 and use + it this way. + (card_edit): Add new command UNBLOCK. + +2008-09-23 David Shaw + + * pkclist.c (select_algo_from_prefs): Redo function to rank prefs + and pick a consensus winner across all keys. + +2008-09-16 Werner Koch + + * card-util.c (fpr_is_ff): New. + (card_status): Do not print general key info for an all-ff fpr. + (change_login, change_private_do): Factor common code out to ... + (get_data_from_file): .. new. + (change_cert): New. + (card_edit): Add command "writecert". + * call-agent.c (writecert_parm_s): New. + (inq_writecert_parms, agent_scd_writecert): New. + +2008-09-04 David Shaw + + * keyserver.c (keyserver_import_cert): Allow keyserver URLs in + addition to full URLs in CERT records. + +2008-08-11 Werner Koch + + * keygen.c (ask_expire_interval): Check for time overflow of an + u32. Fixes bug #947. + +2008-08-01 Werner Koch + + * tdbio.c (open_db) [!EROFS]: Move closing parens out of the + ifdef. Reported by Ken Takusagawa. + +2008-06-25 Marcus Brinkmann + + * gpg.c (enum cmd_and_opt_values): Remove option + oEnableW32HandleTranslation. + (opts): Remove option --enable-w32-handle-translation. + (main): Remove variable w32_handle_translation. + +2008-06-19 Werner Koch + + * gpg.c (gpgconf_list): Add "group". + +2008-06-18 Marcus Brinkmann + + * gpg.c (enum cmd_and_opt_values): New option + oEnableW32HandleTranslation. + (opts): New option --enable-w32-handle-translation. + (main): New variable w32_handle_translation to keep track of + option. + +2008-06-16 Werner Koch + + * keygen.c (output_control_s): Add ASK_PASSPHRASE. + (read_parameter_file): Add commands %ask-passphrase and + %no-ask-passphrase. + +2008-06-11 Werner Koch + + * gpg.c: Make --fixed-list-mode a dummy. + * options.h (struct): Removed FIXED_LIST_MODE. + * keyid.c (colon_strtime, colon_datestr_from_pk) + (colon_datestr_from_sk, colon_datestr_from_sig) + (colon_expirestr_from_sig): Remove fixed_list_mode case. + * keylist.c (list_keyblock_colon): Ditto. Remove all now unsed + code and reindent. + +2008-05-31 Werner Koch + + * keygen.c (ask_user_id): Change the string printed as header of + the user ID generation. Use code to not break existing + translations. Suggested by Eric Tetz. + +2008-05-08 Werner Koch + + * sig-check.c (do_check_messages): Print a revocation diagnostic + in verbose mode. + +2008-05-07 Werner Koch + + * gpg.c: New command --locate-keys. New options --with-sig-list + and --with-sig-check. + * keylist.c (locate_one): New. + (public_key_list): Add arg LOCATE_MODE and use locate_one. + * getkey.c (get_pubkey_byname): Fix nodefault case. Add option + RETCTX, change all callers. + (struct getkey_ctx_s): Add field extra_ptr; + (get_pubkey_end): Free it. + +2008-04-18 Werner Koch + + * misc.c (map_cipher_openpgp_to_gcry, map_cipher_gcry_to_openpgp) + (openpgp_cipher_test_algo): Add camellia-192. + (openpgp_cipher_blocklen): New. + * parse-packet.c (parse_key): Use new function here. + +2008-04-15 David Shaw + + * getkey.c (merge_selfsigs_subkey): If there are multiple 0x19 + backsigs, take the most recent one. + +2008-04-08 Werner Koch + + * options.h (opt): Add AKL_NODEFAULT and AKL_LOCAL. + * getkey.c (parse_auto_key_locate): Parse them. + (get_pubkey_byname): Implement them. Add arg NO_AKL and use that + in all cases where a local key is expected. + * import.c (import_one): Fill in the fingerprint in all cases. + Use log_get_stream. + * keyserver.c (keyserver_import_pka): Set FPR to NULL on error. + Return G10ERR_NO_PUBKEY if no PKA info is available or no key URI + is given in the PKA record.. + (keyserver_import_cert): Return G10ERR_NO_PUBKEY if a CERT record + was not found. + + * getkey.c (get_pubkey_byname): Release FPR in the error case. + Continue with next mechanism on error. Better diagnostics. + +2008-04-07 Werner Koch + + * keyserver.c (parse_keyserver_uri): Allow a default host name. + + * getkey.c (get_pubkey_byname): Replace sprintf by bin2hex. + +2008-04-02 Werner Koch + + * gpg.c (main): Do not allow DSA2 with a too old Libgcrypt. + +2008-03-26 Werner Koch + + * tdbio.c (lookup_hashtable): Make cmp args const. + (cmp_trec_fpr): Make FPR const. + (tdbio_search_trust_byfpr): Remove cast. + +2008-03-25 Werner Koch + + * keyserver.c (parse_keyrec): Take care of char defaulting to + unsigned when using hextobyte. + +2008-03-25 David Shaw (wk) + + * import.c (collapse_uids): Fix bug 894: possible memory + corruption around deduplication of user IDs. + +2008-03-25 Werner Koch + + * parse-packet.c (parse_key): Parse a secret key encrypted with + Camellia. + + * options.skel: Make the default keyserver keys.gnupg.net. + +2008-03-18 Werner Koch + + * seckey-cert.c (do_check): Use GCRYMPI_FMT_PGP for v3 keys. + Reported by Petr Cerny. + +2008-03-13 Werner Koch + + * passphrase.c (PROMPTSTRING): Change string to me more similar to + the X.509 prompt. + +2008-02-26 Werner Koch + + * getkey.c (get_pubkey_byname): Fix comment. + +2008-02-14 Werner Koch + + * call-agent.c (default_inq_cb): New. + (agent_learn, agent_scd_getattr, agent_scd_pksign) + (agent_scd_pkdecrypt, agent_scd_change_pin, agent_scd_checkpin) + (agent_get_passphrase, agent_clear_passphrase): Use new callback. + (inq_writekey_parms): Fall back to the new callback for other + inquiries. + (start_agent): Tell agent that we accept pinentry notifications. + +2008-02-11 Werner Koch + + * server.c (cmd_getinfo): New. + (register_commands): Register GETINFO. + +2008-02-09 Marcus Brinkmann + + * gpg.c (main): New variable default_configname. Use it if + save_configname is NULL (can happen if default configfile does + not exist). Move default configname determination to ... + (get_default_configname): ... this new function. + +2008-01-30 Werner Koch + + * keydb.c (maybe_create_keyring): Fixed last change. + * tdbio.c (tdbio_set_dbname): Also test for forward slash. + +2008-01-29 Werner Koch + + * keydb.c (maybe_create_keyring): Take care of a missing slash. + (maybe_create_keyring) [W32]: Also test for forward slash. + +2008-01-26 Werner Koch + + * card-util.c (get_manufacturer): Add vendor 0004. + +2008-01-02 Werner Koch + + * gpg.c: Add --logger-file as an alias for log-file. + +2007-12-14 Werner Koch + + * gpg.c (main): Set opt.no_homedir_creation during the first option + parsing pass. + +2007-12-12 Werner Koch + + * misc.c (print_pubkey_algo_note): Print a warning if a type 20 + key is used. + (openpgp_pk_test_algo, openpgp_pk_test_algo2) + (openpgp_pk_algo_usage): Allow type 20 keys only in rfc2440 mode. + +2007-12-12 David Shaw (wk) + + * trustdb.c (sanitize_regexp): New. Protect against dangerous + regexps (malloc bombs) by force-commenting any characters aside + from the ones we explicitly want. + (check_regexp): Use it here before passing the regexp to + regcomp(). + +2007-12-12 Werner Koch + + * misc.c (map_cipher_openpgp_to_gcry): New. Used to map Camellia + algorithms to Gcrypt. + (openpgp_cipher_test_algo): Call new map function. Replace + all remaining calls to gcry_cipher_test_algo by a call to this. + (openpgp_cipher_algo_name): New. Replace all remaining calls to + gcry_cipher_algo_name by a call to this. + (map_cipher_gcry_to_openpgp): New. + (string_to_cipher_algo): Use it. + * gpg.c (main): Print a warning if Camellia support is build in. + + * gpg.c (print_algo_names): New. From the 1.4 branch by David. + (list_config): Use it here for the "ciphername" and "digestname" + config items so we can get a script-parseable list of the names. + + * parse-packet.c (parse_onepass_sig): Sigclass is hex, so include + the 0x. + + * sign.c (match_dsa_hash): Remove conditional builds dending on + USE_SHAxxx. We don't need this becuase it can be expected that + libgcrypt provides it. However we need to runtime test for SHA244 + becuase that is only available with libgcrypt 2.4. + +2007-12-11 Werner Koch + + * mainproc.c (proc_pubkey_enc): Allow type 20 Elgamal key for + decryption. + +2007-12-10 Werner Koch + + * import.c (auto_create_card_key_stub): Do not clear the entire + fingerprint. This finally makes the stub creation work. My past + tests seemed to work because there was a key with a all zero + fingerprint available (Elgamal signing keys). + +2007-12-08 Werner Koch + + * misc.c (openpgp_pk_algo_usage): Allow Elgamal type 20 for + encryption. + +2007-12-04 Werner Koch + + * helptext.c (get_help_from_file): New. + (display_online_help): Use it to geting the help through a file. + (helptexts): Remove. + +2007-12-03 Werner Koch + + * keygen.c (ask_key_flags): Add a translation remark and implement + a workaround. + + * gpg.c (reopen_std): Moved to ../common and renamed to + gnupg_reopen_std. + + * gpg.c: Remove second inclusion of fcntl.h. + +2007-11-19 Werner Koch + + * keyedit.c (keyedit_menu): String grammar fix. + +2007-11-15 Werner Koch + + * gpg.c (main): New option --xauthority. + * call-agent.c (start_agent): Adjust changed start_new_gpg_agent. + +2007-11-12 Werner Koch + + * cpr.c (do_get_from_fd): s/bool/getbool/ to overcome problems + with Mac OS 10.5 which seems to include stdbool.h silently. + +2007-11-07 Werner Koch + + Replace all includes of errors.h by status.h (found in common/). + + * status.h: Remove. + * status.h: Move prototypes to main.h. + * status.c: Rename to .. + * cpr.c: .. this. + (get_status_string): Remove. We take this now from common/. + +2007-10-25 David Shaw (wk) + + From 1.4 (October): + + * gpg.c (main): Add --require-cross-certification to + --openpgp/--rfc4880 mode. + + * gpg.c (main): Disable --rfc2440-text and --force-v3-sigs by + default. Enable --require-cross-certification by default. + --openpgp (--rfc4880) is the same as --rfc2440 except with + "--enable-dsa2 --no-rfc2440-text --escape-from-lines". + + * misc.c (compliance_option_string, compliance_failure): Minor + cleanup. + + * armor.c (is_armor_header): Comment about 4880. + + * options.h, gpg.c (main): Add --rfc4880, and make --openpgp an + alias to it. --rfc2440 now stands alone. For now, use the old + 2440 defaults for 4880. + * misc.c (compliance_option_string): Ditto. + + * keyedit.c (keyedit_menu): Use compliance_option_string() instead + of printing the compliance modes here. + +2007-10-25 David Shaw (wk) + + From 1.4 (September): + + * import.c (collapse_uids): Significant speedup for de-duping user + IDs. + +2007-10-25 David Shaw (wk) + + From 1.4 (July): + + * armor.c (parse_header_line): Improve test so that the header + test only allows "Hash" in the signed data section. + + * armor.c (is_armor_tag): New. Detect if an armor header matches + 2440bis-21. + (parse_header_line): Call it here, as bis-21 requires warning the + user (but continuing to process the message) when seeing an + unknown header. + + * encode.c (encode_crypt): Missed one call to + setup_plaintext_name(). This is bug#809. + + * sign.c (mk_notation_policy_etc): Expect all sigs that this is + called for are >=v4. + (write_signature_packets, make_keysig_packet): Only call it for + >=v4 sigs. This allows --force-v3-sigs and --force-v4-certs to + enable or disable notations, policies, and keyserver URLs. This + is bug#800. + +2007-10-19 Werner Koch + + * passphrase.c (passphrase_get): Use new utf8 switching fucntions. + +2007-09-14 Werner Koch + + * gpg.c (build_lib_list): New. + (my_strusage): Print lib info. + +2007-08-27 Werner Koch + + * trustdb.c (USE_INTERNAL_REGEX): Remove support. + +2007-08-24 Werner Koch + + * keyring.c (keyring_register_filename): Use same_file_p(). + +2007-08-21 Werner Koch + + * misc.c (openpgp_md_test_algo): Remove rfc2440bis hash algorithms. + (openpgp_cipher_test_algo): Likewise for algos 5 and 6. + +2007-08-02 Werner Koch + + * gpg.c: Include gc-opt-flags.h and remove their definition here. + +2007-07-17 Werner Koch + + * gpg.c (gpgconf_list): Declare --encrypt-to and --default-key. + + * card-util.c (get_manufacturer): Add the unmanaged S/N range. + +2007-07-12 Werner Koch + + * gpg.c (main): Use translate_sys2libc_fd_int when passing an int + value. + * gpgv.c (main): Ditto. + +2007-07-05 Werner Koch + + * card-util.c (card_generate_subkey, card_store_subkey): Enable + the code also for GnuPG-2. + + * keygen.c (make_backsig): Add arg TIMESTAMP. + (write_keybinding): Add arg TIMESTAMP, pass it to make_backsig. + (write_direct_sig, write_selfsigs): Add arg TIMESTAMP. + (gen_elg, gen_dsa, gen_rsa): Add arg TIMESTAMP. + (do_create): Ditto. + (do_generate_keypair): Use the same timestamp for key creation + time and all key signatures. Return an error if write_direct_sig + for the secret key fails. + (generate_subkeypair): Ditto. + (gen_card_key): New arg TIMESTAMP. + (generate_card_subkeypair): Pass current time to gen_card_key. + (gen_card_key_with_backup): New arg TIMESTAMP. + (read_parameter_file): Add option Creation-Date. + (parse_creation_string): New. + (do_generate_keypair): Use the Creation-Date if available. + (save_unprotected_key_to_card): Use P for P and not D. + * call-agent.c (agent_scd_genkey): Add arg CREATETIME. + * keyedit.c (menu_backsign): Use the same timestamp for all backsigs. + +2007-06-26 Werner Koch + + * openfile.c (try_make_homedir): Support W32; use standard_homedir. + +2007-06-25 Werner Koch + + * gpg.c, gpgv.c: Include sysutils.h. + (main): Replace iobuf_translate_file_handle by + translate_sys2libc_fd. + +2007-06-21 Werner Koch + + * main.h: Include util.h. + + * call-agent.c (start_agent): Factored almost all code out to + ../common/asshelp.c. + + * gpg.h (ctrl_t): Remove. It is now declared in ../common/util.h. + +2007-06-20 Werner Koch + + * misc.c (setsysinfo, trap_unaligned): Remove. It is also in + common/sysutils.c. + (disable_core_dumps, get_session_marker): + + * sign.c (sleep): Remove sleep wrapper. + +2007-06-18 Marcus Brinkmann + + * gpg.c (gpgconf_list): Percent escape output of --gpgconf-list. + +2007-06-14 Werner Koch + + * call-agent.c (start_agent): Use gnupg_module_name. + +2007-06-12 Werner Koch + + * openfile.c (copy_options_file): Use gnupg_datadir. + * misc.c (get_libexecdir): Remove. Changed all callers to use + gnupg_libexecdir. + * gpg.c (check_permissions): Use gnupg_libdir. + + * gpg.c (main): Replace some calls by init_common_subsystems. + * gpgv.c (main): Ditto. + +2007-06-11 Werner Koch + + * Makefile.am (needed_libs): Use libcommonstd macro. + + * gpgv.c (main) [W32]: Call pth_init. + * gpg.c (main) [W32]: Call pth_init. + +2007-06-08 Werner Koch + + * Makefile.am (gpg2_LDADD): Syntax fix. + +2007-06-06 Werner Koch + + * passphrase.c (passphrase_get) [!ENABLE_NLS]: Do not define + orig_codeset. + + * Makefile.am (gpgv2_LDADD, gpg2_LDADD): Include LDADD before + libgcrypt. + + * plaintext.c (handle_plaintext): Replace eof by eof_seen as W32's + io.h has a symbol with that name. + + * misc.c: Do not include dynload.h. + (w32_shgetfolderpath): Remove. It is now in common/homedir.c. + + * gpgv.c (i18n_init): Remove. + * gpg.c (i18n_init): Remove. + (main): Make --load-extension a dummy + +2007-05-19 Marcus Brinkmann + + * passphrase.c (passphrase_get): Use PACKAGE_GT, not PACKAGE. + + * passphrase.c (passphrase_get): Free ORIG_CODESET on error. + +2007-05-16 Werner Koch + + * sig-check.c (check_backsig): Check the digest algorithm before + using it. Fixed bug 797. + +2007-05-09 Werner Koch + + * openfile.c (overwrite_filep, open_outfile) [W32]: Need to use + just "nul". Though, I am pretty sure that some MSDOS versions + grok the extra /dev/. + +2007-05-07 Werner Koch + + * openfile.c (open_outfile, overwrite_filep) [W32]: Use "/dev/nul". + +2007-05-02 David Shaw + + * packet.h, mainproc.c (reset_literals_seen): New function to + reset the literals count. + + * verify.c (verify_one_file), decrypt.c (decrypt_messages): Call + it here so we allow multiple literals in --multifile mode (in + different files - not concatenated together). + +2007-04-26 Marcus Brinkmann + + * passphrase.c (passphrase_to_dek): Write missing passphrase + status message in case of cancellation. + +2007-04-16 Werner Koch + + * build-packet.c (mpi_write): Made buffer a bit larger. Reported + by Alexander Feigl. + +2007-04-13 Werner Koch + + * call-agent.c (start_agent): Don't use log_error when using the + fallback hack to start the agent. This is bug 782. + +2007-04-05 David Shaw + + From STABLE-BRANCH-1-4 + + * parse-packet.c (parse_marker): New. Enforce that the marker + contains 'P', 'G', 'P', and nothing but. + (parse): Call it here. + (skip_packet): No longer need to handle marker packets here. + +2007-03-14 David Shaw + + From STABLE-BRANCH-1-4 + + * keyserver.c: Windows Vista doesn't grok X_OK and so fails + access() tests. Previous versions interpreted X_OK as F_OK + anyway, so we'll just use F_OK directly. + +2007-03-09 David Shaw + + From STABLE-BRANCH-1-4 + + * parse-packet.c (parse_signature): It's hex. + + * getkey.c (merge_selfsigs_subkey): Avoid listing the contents of + a backsig when list mode is on. Noted by Timo Schulz. + +2007-03-08 Werner Koch + + * plaintext.c (handle_plaintext): Add two extra fflush for stdout. + +2007-03-08 David Shaw (wk) + + * keyedit.c (keyedit_menu): If we modify the keyblock (via + fix_keyblock() or collapse_uids()) make sure we reprocess the + keyblock so the flags are correct. Noted by Robin H. Johnson. + + * getkey.c (fixup_uidnode): Properly clear flags that don't apply + to us (revoked, expired) so that we can reprocess a uid. + +2007-03-05 Werner Koch + + Converted this file to UTF-8. + + Ported David and my multiple messages changes from 1.4.7. + + * options.h, gpg.c (main), mainproc.c (check_sig_and_print): Allow + multiple sig verification again as this is protected via the + multiple-messages code. New option --allow-multiple-messages and + --no variant. + * status.h (STATUS_ERROR): New status code. + * status.c (get_status_string): Ditto. + * mainproc.c (proc_plaintext): Emit it if multiple messages are + detected. Error out if more than one plaintext packet is + encountered. + * mainproc.c (literals_seen): New. + +2007-02-26 Werner Koch + + * gpg.c (main): Add verify option show-primary-uid-only. + * options.h (VERIFY_SHOW_PRIMARY_UID_ONLY): New. + * mainproc.c (check_sig_and_print): Implement it. + +2007-02-22 Werner Koch + + * encr-data.c (decrypt_data): Correctly test for unknown algorithm. + * import.c (check_prefs): Ditto. + * keyedit.c (show_prefs): Ditto. + * mainproc.c (proc_symkey_enc): Ditto. + +2007-02-06 Werner Koch + + * export.c (do_export_stream): Allow reset-subkey-passwd along + with sexp-format. + +2007-02-04 Werner Koch + + * parse-packet.c (parse_signature): Limit bytes read for an + unknown alogorithm. Fixes Debian bug#402592. + +2007-01-31 Werner Koch + + * verify.c (verify_signatures): Do no dereference a NULL afx. + + * passphrase.c (passphrase_get): Set the cancel flag on all error + from the agent. Fixes a bug reported by Tom Duerbusch. + +2007-01-30 Werner Koch + + * status.c (write_status_begin_signing): New. + * sign.c (sign_file, sign_symencrypt_file): Call it. + * textfilter.c (copy_clearsig_text): Call it. + + * call-agent.c (agent_scd_pksign): Pass --hash-rmd160 to SCD if + required. + + * gpg.c (main): Let --no-use-agent and --gpg-agent-info print a + warning. + * misc.c (obsolete_option): New. + +2007-01-29 Werner Koch + + * pkclist.c (do_we_trust_pre): Issue a user-id-hint status code. + +2007-01-15 Werner Koch + + * parse-packet.c (read_protected_v3_mpi): Make sure to stop + reading even for corrupted packets. + * keygen.c (generate_user_id): Need to allocate one byte more. + Reported by Felix von Leitner. + +2006-12-21 Werner Koch + + * gpg.c (main): New command --server. + * gpg.h (struct server_control_s, ctrl_t): New. + * server.c: New. + * verify.c (gpg_verify): New. + * mainproc.c (mainproc_context): Made SIGNED_DATA a structure. + (proc_signature_packets_by_fd): New. + (proc_compressed_cb): Divert depending on SIGNED_DATA. + * plaintext.c (hash_datafile_by_fd): New. + * mainproc.c (proc_tree): Use it here. + + * verify.c (verify_signatures): Init AFX only when needed. + Don't leak a context on error. + (verify_one_file): Don't leak a context on error. + +2006-12-07 Werner Koch + + * openfile.c (copy_options_file): Use log_info instead of + log_error to avoid an error return of gpg due to a missing + skeleton file. + +2006-12-07 David Shaw + + * Makefile.am: Link to iconv for jnlib dependency. + +2006-12-05 Werner Koch + + * passphrase.c (passphrase_to_dek): Handle a Cancel request + correctly. [Bug#737] + * mainproc.c (proc_symkey_enc): Removed workaround for bogus cancel + processing. + * encode.c (encode_simple): Distinguish error message between + cancel and invalid passphrase. + (setup_symkey): Ditto. + * sign.c (sign_symencrypt_file): Ditto + * keyedit.c (change_passphrase): Allow cancellation. + * keygen.c (do_ask_passphrase): New arg R_CANCELED. + (generate_keypair): Handle a passphrase cancellation. + (generate_raw_key): Ditto. + (generate_subkeypair): Ditto. + +2006-12-04 Werner Koch + + * filter.h (armor_filter_context_t): New element REFCOUNT. + * armor.c (armor_filter): Made static. + (push_armor_filter, release_armor_context, new_armor_context): New. + (armor_filter): Release the context. + * gpg.c (main): Use new armor context functions and + push_armor_filter. + * export.c (do_export): Ditto. + * encode.c (encode_simple, encode_crypt): Ditto. + * decrypt.c (decrypt_message, decrypt_messages): Ditto. + * dearmor.c (dearmor_file, enarmor_file): Ditto. + * verify.c (verify_signatures, verify_one_file): Ditto. + * sign.c (sign_file, clearsign_file, sign_symencrypt_file): Ditto. + * revoke.c (gen_desig_revoke, gen_revoke): Ditto. + * keyserver.c (keyserver_spawn): Ditto. + * keygen.c (output_control_s): Turn AFX fields into pointers. + (read_parameter_file): Allocate and release AFX fields. + (do_generate_keypair): Use push_armor_filter. + * import.c (import): Replace iobuf_push_filter2 hack by the new + armor context stuff. + +2006-12-03 Werner Koch + + * filter.h: New element REFCOUNT. + (handle_progress): Remove prototype. + * progress.c (new_progress_context, release_progress_context): New. + (progress_filter): Use new function to release context. Made static. + (handle_progress): Bumb reference counter. No more check for + enabled progress as this is handled by new_progress_context. + * verify.c (verify_signatures, verify_one_file): Replace stack + based progress context by a heap based one. + * sign.c (sign_file, clearsign_file, sign_symencrypt_file): Ditto. + * plaintext.c (ask_for_detached_datafile, hash_datafiles): Ditto. + * encode.c (encode_simple, encode_crypt): Ditto. + * decrypt.c (decrypt_message, decrypt_messages): Ditto. + + * keyedit.c (menu_clean): Made strings translatable. + +2006-12-03 David Shaw + + * keyedit.c (menu_clean): Show "already minimized" rather than + "already clean" when a minimized key is minimized again. From + Dirk Traulsen. + +2006-12-02 David Shaw + + * options.h, gpg.c (main), passphrase.c (passphrase_to_dek): Add + --passphrase-repeat option to control how many times gpg will + re-prompt for a passphrase to ensure the user has typed it + correctly. Defaults to 1. + +2006-12-02 Werner Koch + + * encr-data.c: Allocate DFX context on the heap and not on the + stack. Changes at several places. Fixes CVE-2006-6235. + +2006-11-27 Werner Koch + + * openfile.c (ask_outfile_name): Fixed buffer overflow occurring + if make_printable_string returns a longer string. Fixes bug 728. + +2006-11-21 Werner Koch + + * Makefile.am (needed_libs): libgnu needs to come after libcommon. + + * keygen.c (ask_expire_interval): Print y2038 warning only for 32 + bit time_t. + (save_unprotected_key_to_card): Made RSA_N_LEN et al a size_t. + Cast printf args. + (get_parameter_algo): Allow "ELG" as alias for "ELG-E". + + * seckey-cert.c (do_check): Made NBYTES a size_t. + (do_check): Made NDATA a size_t. + (protect_secret_key): Made NARR a size_t. + (protect_secret_key): Made NVYES a size_t. + * pubkey-enc.c (get_it): Made INDATALEN a size_t. + (get_it): Made NFRAME a size_t. + * keyid.c (hash_public_key): Made NBITS an unsigned int. + * misc.c (checksum_mpi): Made NBYTES a size_t. + (openpgp_pk_test_algo2): Made USE_BUF a size_t. + * seskey.c (encode_session_key): Made NFRAME a size_t. + (do_encode_md): Ditto. + (encode_md_value): Cast size_t argument of printf. + (encode_md_value): Ditto. + +2006-11-10 Werner Koch + + * parse-packet.c (mpi_read): Changed NREAD to size_t to match the + gcry_mpi-scan prototype. + (mpi_read): Fixed double increment of bytes read to correctly + detect overlong MPIs. + +2006-11-05 Werner Koch + + * gpg.c (main): Remove the default --require-cross-certification. + * options.skel: Enable require-cross-certification. + +2006-10-31 Werner Koch + + * pkclist.c (warn_missing_aes_from_pklist): New. + * encode.c (encrypt_filter, encode_crypt): Use it here. + +2006-10-27 Werner Koch + + * pkclist.c (warn_missing_mdc_from_pklist): New. + * encode.c (use_mdc): Use it here. + +2006-10-24 Marcus Brinkmann + + * Makefile.am (AM_CFLAGS): Add $(LIBASSUAN_CFLAGS). + +2006-10-23 Werner Koch + + * gpg.c (main): New command --gpgconf-test. + + * Makefile.am (bzip2_source): New. + +2006-10-20 Werner Koch + + * getkey.c (classify_user_id): Reserve '&' for search by keygrip. + +2006-10-19 Werner Koch + + * keygen.c (get_parameter_algo): Add special case for ELG_E which + is not supported by libgcrypt's mapping function. + +2006-10-18 Werner Koch + + * keyid.c (v3_keyid): Don't use mempcy as we need to hold the + keyids in the native endian format. + + * import.c (import_print_stats): Use log_printf. + + * build-packet.c (do_public_key): Care about mpi_write errors. + (do_secret_key, do_pubkey_enc, do_signature): Ditto. + (mpi_write): Print an extra warning on error. + +2006-10-17 Werner Koch + + * Makefile.am (LDADD): Replaced W32LIBS by NETLIBS. + +2006-10-12 David Shaw + + * parse-packet.c (parse_symkeyenc): Show the unpacked as well as + the packed s2k iteration count. + + * main.h, options.h, gpg.c (encode_s2k_iterations, main), + passphrase.c (hash_passphrase): Add --s2k-count option to specify + the number of s2k hash iterations. + +2006-10-08 Werner Koch + + * gpgv.c: Remove the tty stubs as we are now required to link to + tty anyway (it is included in libcommand and has dependencies to + other modules as well). + + * keyedit.c (keyedit_menu): Use keyedit_completion only if + readline is available. It would be better to move this code into + gpgrlhelp.c + +2006-10-06 Werner Koch + + * Makefile.am (AM_CFLAGS): Use PTH version of libassuan. + +2006-10-06 David Shaw + + * keyserver.c (keyserver_spawn): Write the 16-digit keyid rather + than whatever key selector the user used on the command line. + +2006-10-05 Werner Koch + + * status.c (progress_cb): Changed to libgcrypt API. + (set_status_fd): Register the progress cb. + + * seskey.c (encode_md_value): Check that the hash algo is valid + before getting the OID. + +2006-10-04 Werner Koch + + * passphrase.c: Allow for a static passphrase in batch mode. + + * call-agent.c (agent_havekey): Removed. + (percent_plus_escape): New. + (agent_get_passphrase): New. + (agent_clear_passphrase): New. + + * passphrase.c: Changed so that we always require the agent. + (agent_send_option, agent_send_all_options, agent_open): Removed. + (agent_get_passphrase): Cleaned up. Does now use the call-agent + functions. Renamed to + (passphrase_get): .. this. Changed all callers. + (passphrase_clear_cache): Rewritten. + (passphrase_to_dek, hash_passphrase): Re-indented. + + * gpg.c (main): Made --use-agent a dummy option. + * seckey-cert.c (check_secret_key): We require the agent, so always + allow for 3 tries. + + * gpg.c (main): Print a warning if -sat has been used. + (main): Removed the special treatment of the -k option. -k is now + an alias for --list-keys. + (main): Removed --list-ownertrust. + +2006-10-02 Werner Koch + + * encr-data.c (decrypt_data, mdc_decode_filter): Check the MDC + right here and don't let parse-packet handle the MDC. + +2006-09-29 Werner Koch + + * compress.c (do_uncompress): Removed use of Z_PARTIAL_FLUSH. + This is outdated and old zlib versions which still require it have + security problems. + +2006-09-27 Werner Koch + + Replaced all STRLIST by strlist_t. + +2006-09-21 Werner Koch + + * signal.c (got_fatal_signal): Replaced readline stuff by a tty + function. + + * Makefile.am (LDADD): Include libgpgrl.a. + + * gpg.c (main): Call gpg_rl_initialize. + + * keyedit.c: Removed double inclusion of stdio.h. + +2006-09-20 Werner Koch + + * call-agent.c: Include asshelp.h. + (start_agent): Use send_pinentry_environment. + +2006-09-14 Werner Koch + + Replaced all call gpg_error_from_errno(errno) by + gpg_error_from_syserror(). + +2006-09-13 Werner Koch + + * gpg.c (main): Made --require-cross-certification the default. + +2006-09-06 Marcus Brinkmann + + * Makefile.am (gpg2_LDADD, gpgv2_LDADD): Replace -lassuan and + -lgpg-error with $(LIBASSUAN_LIBS) and $(GPG_ERROR_LIBS). + (AM_CFLAGS): Add $(LIBASSUAN_CFLAGS) and $(GPG_ERROR_CFLAGS). + +2006-09-06 Werner Koch + + * gpg.c (main): Enable new assuan API. + * call-agent.c: Changed to new Assuan API. + +2006-09-01 Werner Koch + + * call-agent.c: Do not force using the pipe server. + + * gpg.c (main): Enable card related commands. + +2006-08-22 Werner Koch + + * mainproc.c (proc_plaintext): Fixed a #warning + +2006-08-21 Werner Koch + + * skclist.c (random_is_faked): Implemented. + (is_insecure): Also test for the old uppercase version of the + insecure string. + * gpg.c (main): Renamed --quick-random to debug-quick-quick-random. + + * gpg.c (print_mds): Do not use the USE_SHA macros. + + * mainproc.c (proc_encrypted): Remove assign inside condition for + better readibility. + + * packet.h: Moved consts to new header ../common/openpgpdefs.h. + +2006-08-16 Werner Koch + + * keyserver.c (GPGKEYS_PREFIX): Rename to gpg2keys_. This is so + that we can install helpers from 1.4 and 2 without conflicts and + first of all don't get lost with weird bug reports. + + * keyid.c (serialno_and_fpr_from_sk): New. Actually lost during + the last 1.4 to 1.9 merge. + + * gpg.c (list_config): Output ccid-reader-id only for gnupg 1. + + * call-agent.c (agent_scd_writekey): New. + (inq_writekey_parms): New. + + * gpgv.c: Include call-agent.h for use by stubs. + + * misc.c: Include call-agent.h for use by get_signature_count. + +2006-07-27 Werner Koch + + * parse-packet.c (parse_comment): Cap comments at 65k. + (parse_gpg_control): Skip too large control packets. + +2006-07-24 David Shaw (wk) + + * keydb.h, pkclist.c (select_algo_from_prefs, algo_available): + Pass a union for preference hints rather than doing void * games. + + * sign.c (sign_file): Use it here. + + * sign.c (sign_file): When signing with multiple DSA keys, one + being DSA1 and one being DSA2 and encrypting at the same time, if + the recipient preferences give a hash that can work with the DSA2 + key, then allow the DSA1 key to be promoted rather than giving up + and using hash_for(). + + * pkclist.c (algo_available): Automatically enable DSA2 mode when + handling a key that clearly isn't DSA1 (i.e. q!=160). + +2006-06-30 Werner Koch + + * misc.c (checksum_mpi): No need for nbits as they are alredy + included in the buffer. + +2006-06-29 Werner Koch + + * parse-packet.c (parse_signature, parse_key): Need store the + length of opaque data as number of bits. + * card-util.c (card_store_subkey): Ditto. + + * mainproc.c (print_pkenc_list, check_sig_and_print): Replaced + log_get_stream by calls to log_printf. This avoids the extra LFs + inserted by the logging function. They are a bit too smart + sometimes. + * pkclist.c (do_show_revocation_reason): Print final LF through + log_printf to avoid extra LFs. + * pubkey-enc.c (get_it): Ditto. + + * seskey.c (encode_md_value): Fix call to gcry. + +2006-06-27 Werner Koch + + Applied patches from 1.4.x (2006-05-22 to 2006-06-23) from David: + + * keygen.c (keygen_upd_std_prefs, keygen_add_std_prefs) + (proc_parameter_file): Add --default-keyserver-url to specify a + keyserver URL at key generation time, and "Keyserver:" keyword for + doing the same through a batch file. + * options.h, gpg.c (main): Ditto. + + * sign.c (do_sign): For now don't accept a truncated hash even + for DSA1 keys (be liberal in what you accept, etc). + + * import.c (import_one): Add a flag (from_sk) so we don't check + prefs on an autoconverted public key. The check should only + happen on the sk side. Noted by Dirk Traulsen. + + * keygen.c (gen_card_key): Add optional argument to return a + pointer (not a copy) of the stub secret key for the secret key we + just generated on the card. + (generate_card_subkeypair): Use it here so that the signing key on + the card can use the card to generate the 0x19 backsig on the + primary key. Noted by Janko Heilgeist and Jonas Oberg. + + * parse-packet.c (parse_user_id): Cap the user ID size at 2048 + bytes. This prevents a memory allocation attack with a very large + user ID. A very large packet length could even cause the + allocation (a u32) to wrap around to a small number. Noted by + Evgeny Legerov on full-disclosure. + + * keygen.c (gen_dsa): Allow generating DSA2 keys. Allow + specifying sizes > 1024 when --enable-dsa2 is set. The size of q + is set automatically based on the key size. + (ask_keysize, generate_keypair): Ask for DSA size when + --enable-dsa2 is set. + + * exec.c (make_tempdir) [W32]: Fix bug with a temporary directory + on W32 that is over 256 bytes long. Noted by Israel G. Lugo. + + * gpg.c (reopen_std): New function to reopen fd 0, 1, or 2 if we + are called with them closed. This is to protect our + keyring/trustdb files from corruption if they get attached to one + of the standard fds. Print a warning if possible that this has + happened, and fail completely if we cannot reopen (should never + happen). + (main): Call it here. + + * parse-packet.c (dump_sig_subpkt, parse_signature): Fix meaning + of key expiration and sig expiration subpackets - zero means + "never expire" according to 2440, not "expire instantly". + * build-packet.c (build_sig_subpkt_from_sig): Ditto. + * getkey.c (fixup_uidnode, merge_selfsigs_main) + (merge_selfsigs_subkey): Ditto. + * keygen.c (keygen_add_key_expire): Ditto. + + * getkey.c (get_pubkey_byname) + * import.c (import_one): Fix key selection problem when + auto-key-locate returns a list of keys, not all of which are + usable (revoked, expired, etc). Noted by Simon Josefsson. + +2006-05-24 Werner Koch + + * keyid.c (hash_public_key): Do not double hash the length bytes, + they are already included by mpi_print. + + * misc.c (openpgp_pk_test_algo2): Get test call right. + + * misc.c (string_to_cipher_algo, string_to_digest_algo): New. + * keygen.c (keygen_set_std_prefs): use them here. + * gpg.c (main): and here. + +2006-05-23 Werner Koch + + * card-util.c (generate_card_keys): Removed temporary kludge for + generate_keypair. + + * call-agent.c (agent_scd_setattr): Add arg SERIALNO. + (agent_scd_genkey): Ditto. + (agent_scd_change_pin): Ditto. + + * call-agent.h (struct agent_card_info_s): Updated to match the + one of 1.4.3. + + * Makefile.am (LDADD): Include ZLIBS. + + * gpgv.c: Removed stubs not anymore useful due to libgcrypt. + +2006-05-22 Werner Koch + + * keyserver.c (keyidlist): Replaced mpi_get_keyid by v3_keyid. + * keydb.h (v3_keyid): Added. + + * import.c (import): Better initialize KEYBLOCK as to quiet + compiler warning. + + * skclist.c (random_is_faked): New. + + * mainproc.c: Include pka.h. + +2006-05-19 Werner Koch + + * misc.c (openpgp_pk_test_algo2): Need to use gcry_pk_algo_info + directly. + (string_count_chr): New. + + * armor.c (parse_header_line): Use renamed function + length_sans_trailing_ws. + + * options.h, gpg.c: Option --strict is not used thus removed code + but kept option. + +2006-04-28 David Shaw (wk) + + * keyserver.c (direct_uri_map): New. + (keyserver_spawn): Used here to add "_uri" to certain gpgkeys_xxx + helpers when the meaning is different if a path is provided (i.e. + ldap). + (keyserver_import_cert): Show warning if there is a CERT + fingerprint, but no --keyserver set. + + * keyserver.c: Fix build problem with platforms that stick libcurl + in a place not in the regular include search path. + + * options.h, gpg.c (main): Add --enable-dsa2 and --disable-dsa2. + Defaults to disable. + + * pkclist.c (algo_available): If --enable-dsa2 is set, we're + allowed to truncate hashes to fit DSA keys. + + * sign.c (match_dsa_hash): New. Return the best match hash for a + given q size. + (do_sign, hash_for, sign_file): When signing with a DSA key, if it + has q==160, assume it is an old DSA key and don't allow truncation + unless --enable-dsa2 is also set. q!=160 always allows truncation + since they must be DSA2 keys. + (make_keysig_packet): If the user doesn't specify a + --cert-digest-algo, use match_dsa_hash to pick the best hash for + key signatures. + + * gpg.c (print_mds): Add SHA-224. + * armor.c (armor_filter, parse_hash_header): Add SHA-224. + + * sign.c (write_plaintext_packet): + Factor common literal packet setup code from here, to... + * encode.c (encode_simple): .. there. + + * main.h, plaintext.c (setup_plaintext_name): Here. New. Make sure + the literal packet filename field is UTF-8 encoded. + + * options.h, gpg.c (main): Make sure --set-filename is UTF-8 + encoded and note when filenames are already UTF-8. + + * keyedit.c (menu_backsign): Give some more verbose errors when we + have no need to backsign. + + * getkey.c (parse_auto_key_locate): Fix dupe-removal code. + + * keyedit.c (menu_backsign): Allow backsigning even if the secret + subkey doesn't have a binding signature. + + * armor.c (radix64_read): Don't report EOF when reading only a pad + (=) character. The EOF actually starts after the pad. + + * gpg.c (main): Make --export, --send-keys, --recv-keys, + --refresh-keys, and --fetch-keys follow their arguments from left + to right. Suggested by Peter Palfrader. + +2006-04-18 Werner Koch + + * tdbio.c (open_db, migrate_from_v2): Removed feature to migration + from old trustdb version 2. + + * gpg.c, mainproc.c: Removed pipemode feature. + + * status.c: Removed shared memory coprocess stuff + + Merged with current gpg 1.4.3 code. + + * keygen.c, keyid.c, misc.c, openfile.c, verify.c, trustdb.c + * textfilter.c, tdbio.c, tdbdump.c, status.c, skclist.c, signal.c + * sign.c, sig-check.c, seskey.c, seckey-cert.c, revoke.c + * pubkey-enc.c, progress.c, plaintext.c, pkclist.c, photoid.c + * passphrase.c, parse-packet.c, mdfilter.c, mainproc.c + * keyserver.c, keyring.c, keylist.c, keyedit.c, keydb.c, kbnode.c + * import.c, getkey.c, gpgv.c, helptext.c, free-packet.c + * build-packet.c, cipher.c, compress.c, dearmor.c, decrypt.c + * delkey.c, encr-data.c, encode.c, exec.c, export.c + * gpg.c, armor.c: Updated from gnupg-1.4.3 and merged back gcry and + gnupg-1.9 related changes. + * trustdb.h, tdbio.h, status.h, photoid.h, packet.h, options.h + * main.h, keyserver-internal.h, keyring.h, keydb.h, filter.h + * exec.h: Ditto. + * global.h: Removed after merging constants with gpg.h. + * comment.c, pipemode.c: Removed. + * card-util.c: Updated from gnupg-1.4.3. + * compress-bz2.c: New. + +2005-06-15 Werner Koch + + * g10.c (print_hashline, add_group): Fixes for signed/unsigned + pointer mismatch warnings. + +2005-06-01 Werner Koch + + * mkdtemp.c: Removed. + * exec.c: Include mkdtemp.h + +2004-12-21 Werner Koch + + * gpgv.c, g10.c (main): Use default_hoemdir (). + +2004-12-18 Werner Koch + + * gpg.h (map_assuan_err): Define in terms of + map_assuan_err_with_source. + +2004-12-15 Werner Koch + + * Makefile.am (LDADD): Remove ZLIBS. + +2004-10-22 Werner Koch + + * g10.c (main): Display a bit fat warning that this gpg should not + be used. + + * card-util.c (fetch_url): Disable for gnupg 1.9 + (card_generate_subkey): Ditto. + (card_store_subkey): Ditto. + +2004-09-30 Werner Koch + + * gpgv.c (i18n_init): Always use LC_ALL. + + * Makefile.am (LDADD): Adjusted for gettext 0.14. + +2004-09-20 Werner Koch + + * keyedit.c (show_key_with_all_names): Print the card S/N. + +2004-09-11 Moritz Schulte + + * openfile.c (copy_options_file): Fixed last commit (added a `+'). + +2004-08-31 Werner Koch + + * openfile.c (copy_options_file): Use gpg-conf.skel. Better take + the length of SKELEXT into account, someone might make it larger. + * Makefile.am: Install options.skel as gpg-conf.skel. + +2004-08-18 Marcus Brinkmann + + * passphrase.c (agent_get_passphrase): Fix detection of gpg-agent + cancellation. + +2004-07-01 Werner Koch + + * card-util.c (change_login): Kludge to allow reading data from a + file. + (card_edit): Pass ARG_STRING to change_login. + (card_status): Print CA fingerprints. + (change_cafpr): New. + (card_edit): New command CAFPR. + + * call-agent.h: Add members for CA fingerprints. + * call-agent.c (agent_release_card_info): Invalid them. + (learn_status_cb): Store them. + +2004-04-30 Werner Koch + + * g10.c (main) : Use gpg.conf and not /dev/null as + default filename. + +2004-04-28 Werner Koch + + * card-util.c (card_edit): Remove PIN verification. + (generate_card_keys): New arg SERIALNO. Do PIN verification here + after resetting forced_chv1. + +2004-04-26 Werner Koch + + * card-util.c (change_name): Check that the NAME is not too long. + (change_url): Likewise. + (change_login): Likewise. + +2004-03-23 Werner Koch + + * g10.c: New options --gpgconf-list, --debug-level and --log-file + (set_debug): Add arg DEBUG_LEVEL. + (main): Look at less and less version specific config files. From + gnupg 1.3. + +2004-02-17 Werner Koch + + * call-agent.c (start_agent): Ignore an empty GPG_AGENT_INFO. + * passphrase.c (agent_open): Ditto. + +2004-02-12 Werner Koch + + * gpgv.c: Removed g10defs.h. + + * Makefile.am: Include cmacros.am for common flags. + +2004-02-11 Werner Koch + + * openfile.c (try_make_homedir): Use GNUPG_DEFAULT_HOMEDIR. + * gpgv.c (main): Ditto. + * g10.c (main): Ditto. + +2004-01-19 Moritz Schulte + + * keygen.c (do_generate_keypair): Print member fname, instead of + newfname, again. + (do_generate_keypair): Don't try to execute certain pieces of code + in case an error occured. + (gen_card_key): Don't print out a message, which is already + printed by do_generate_keypair(). + +2004-01-18 Moritz Schulte + + * keygen.c (do_generate_keypair): Print member fname, instead of + newfname. + +2003-12-17 Werner Koch + + * card-util.c (print_name): Fixed bad format string usage. + (print_isoname): Ditto. + + * trustdb.c (check_regexp): s/exp/expr/. + + * keyedit.c (trustsig_prompt): Removed a "> 255" term; it is + always false due to the data type. + + * passphrase.c (agent_get_passphrase): Use xasprintf and avoid + non-literal format strings. + + * tdbio.c (upd_hashtable, drop_from_hashtable, lookup_hashtable): + Fixed log_error format string bugs. Kudos to the now working + gcc-3.3 -Wformat-nonliteral and Florian Weimer's investigations in + gnupg 1.2.3. + +2003-12-15 Werner Koch + + * seckey-cert.c (protect_secret_key): Use gry_create_nonce for the + IV; there is not need for real strong random here and it even + better protect the random bits used for the key. + +2003-11-16 Moritz Schulte + + * signal.c: Removed unused file. + +2003-11-10 Moritz Schulte + + * Makefile.am (INCLUDES): Added: @LIBGCRYPT_CFLAGS@. + +2003-10-25 Werner Koch + + * call-agent.c (learn_status_cb, scd_genkey_cb): Fixed faulty use + of !spacep(). + +2003-10-20 Werner Koch + + * card-util.c (card_edit): New command "passwd". Add logic to + check the PIN in advance. + (card_status): Add new args to return the serial number. Changed + all callers. + * call-agent.c (agent_scd_checkpin): New. + +2003-10-08 Werner Koch + + * call-agent.c (agent_scd_getattr): Don't clear the passed info + structure, so that it can indeed be updated. + + * card-util.c (fpr_is_zero): New. + (generate_card_keys): New. + (card_edit): New command "generate". + * keygen.c (generate_keypair): New arg CARD_SERIALNO, removed call + to check_smartcard. + (check_smartcard,show_smartcard): Removed. + (show_sha1_fpr,fpr_is_zero): Removed. + +2003-10-01 Werner Koch + + * card-util.c: Tweaked to use this source also under 1.3. + +2003-09-30 Werner Koch + + * keylist.c (print_card_serialno): New. + (list_keyblock_print): Use it here. + + * card-util.c (toggle_forcesig): New. + (card_edit): New command "forcesig". + + * card-util.c (print_name, print_isoname): Use 0 and not LF fro + the max_n arg of tty_print_utf8_string2. + + * call-agent.c (agent_scd_getattr): New. + (learn_status_cb): Release values before assignment so that it can + be used by getattr to update the structure. + + * card-util.c (change_pin): Simplified. We now have only a PIN + and an Admin PIN. + +2003-09-27 Werner Koch + + * sign.c (do_sign): Removed disabled testcode. + +2003-09-26 Timo Schulz + + * card_status (card_status): Do not use fputs since the fp + parameter can be NULL. This fixes a segv. + +2003-09-24 Werner Koch + + * card-util.c (print_isoname,card_status): Handle opt.with_colons. + (print_sha1_fpr_colon): New. + +2003-09-23 Werner Koch + + Merged most of David Shaw's changes in 1.3 since 2003-06-03. + + * Makefile.am: Include W32LIBS where appropriate. + + * armor.c (parse_hash_header,armor_filter): Drop TIGER/192 support. + * g10.c (print_hex,print_mds): Ditto. + * pkclist.c (algo_available): Ditto. + + * armor.c (armor_filter): Allow using --comment multiple times to + get multiple Comment header lines. --no-comments resets list. + * options.h, g10.c (main): Ditto. Deprecate --default-comment in + favor of --no-comments. + + * g10.c (main): Trim --help to commonly used options. Remove -f. + + * g10.c (main): Add --multifile as an alias to turn --encrypt into + --encrypt-files (plus --verify-files, --decrypt-files). Error out + if --multifile is used with the commands that don't support it yet. + + * encode.c (use_mdc), g10.c (main): Use RFC1991 and RFC2440 + directly to check for MDC usability. Do not set the force_mdc or + disable_mdc flags since there is no point any longer. + + * g10.c (main): Use "keyserver-url" instead of + "preferred-keyserver" for the sake of short and simple commands. + (add_keyserver_url): Clarify a few strings. It's a + "preferred keyserver URL". + * keyedit.c (keyedit_menu): Ditto. + * sign.c (mk_notation_policy_etc): Ditto. + + * main.h, keygen.c (keygen_add_keyserver_url): Signature callback + for adding a keyserver URL. + * keyedit.c (keyedit_menu, menu_set_keyserver_url): New command to + set preferred keyserver to specified (or all) user IDs. + * build-packet.c (build_sig_subpkt): Set preferred keyserver flag + while building a preferred keyserver subpacket. + + * keylist.c (show_policy_url, show_keyserver_url): URLs might be + UTF8. + + * keyedit.c (menu_addrevoker): Fix leaking a few bytes. + + * keyedit.c (show_key_with_all_names): Use list-option + show-long-keyid in main --edit-key display. + + * keyedit.c (print_and_check_one_sig): Use list-option + show-long-keyid in --edit-key "check" function. + + * passphrase.c (agent_send_all_options): Make use of $GPG_TTY. + + * g10.c (main): Disable use-agent if passphrase-fd is given + later. Suggested by Kurt Garloff. + + * exec.c, g10.c, gpgv.c, passphrase.c, photoid.c: + s/__MINGW32__/_WIN32/ to help building on native Windows + compilers. Requested by Brian Gladman. From Werner on stable + branch. + + * options.h, g10.c (main): Add list-option + list-preferred-keyserver. + + * keyedit.c (change_passphrase): When responding 'no' to the blank + passphrase question, re-prompt for a new passphrase. This is bug + #202. + + * mainproc.c (check_sig_and_print): Use two different preferred + keyserver displays - one if the key is not present (to tell the + user where to get the key), the other if it is present (to tell + the user where the key can be refreshed). + + * packet.h, parse-packet.c (parse_signature): Set flag if a + preferred keyserver is present. + + * keylist.c (list_keyblock_print): Show keyserver url in listings + with list-option show-keyserver-url. + + * mainproc.c (check_sig_and_print): Get the uid validity before + printing any sig results to avoid munging the output with trustdb + warnings. + + * g10.c (main): Don't include --show-keyring in --help as it is + deprecated. + + * options.skel: Note that keyserver.pgp.com isn't synchronized, + and explain the roundrobin a bit better. + + * sig-check.c (check_key_signature2), import.c (import_one, + import_revoke_cert, chk_self_sigs, delete_inv_parts, + collapse_uids, merge_blocks): Make much quieter during import of + slightly munged, but recoverable, keys. Use log_error for + unrecoverable import failures. + + * keyring.c (keyring_rebuild_cache): Comment. + + * sign.c (mk_notation_and_policy): Making a v3 signature with + notations or policy urls is an error, not an info (i.e. increment + the errorcount). Don't print the notation or policy url to stdout + since it can be mixed into the output stream when piping and munge + the stream. + + * packet.h, sig-check.c (signature_check2, do_check, + do_check_messages): Provide a signing-key-is-revoked flag. Change + all callers. + + * status.h, status.c (get_status_string): New REVKEYSIG status tag + for a good signature from a revoked key. + + * mainproc.c (do_check_sig, check_sig_and_print): Use it here. + + * import.c (import_revoke_cert, merge_blocks, merge_sigs): Compare + actual signatures on import rather than using keyid or class + matching. This does not change actual behavior with a key, but + does mean that all sigs are imported whether they will be used or + not. + + * parse-packet.c (parse_signature): Don't give "signature packet + without xxxx" warnings for experimental pk algorithms. An + experimental algorithm may not have a notion of (for example) a + keyid (i.e. PGP's x.509 stuff). + + * options.h, g10.c (main), keylist.c (list_keyblock_print), + keyedit.c (print_and_check_one_sig): New "show-sig-expire" + list-option to show signature expiration dates (if any). + + * options.h, g10.c (main, add_keyserver_url): Add + --sig-preferred-keyserver to implant a "where to get my key" + subpacket into a signature. + + * sign.c (mk_notation_and_policy): Rename to + mk_notation_policy_etc and add preferred keyserver support for + signatures. + + * keygen.c (do_add_key_flags): Don't set the certify flag for + subkeys. + (ask_algo): Provide key flags for DSA, Elgamal_e, and Elgamal + subkeys. + (generate_keypair): Provide key flags for the default DSA/Elgamal + keys. + + * sig-check.c (signature_check, signature_check2, + check_key_signature, check_key_signature2): Allow passing NULLs + for unused parameters in the x2 form of each function to avoid the + need for dummy variables. getkey.c, mainproc.c: Change all + callers. + + * trustdb.h, trustdb.c (read_trust_options): New. Returns items + from the trustdb version record. + * keylist.c (public_key_list): Use it here for the new "tru" + record. + * gpgv.c (read_trust_options): Stub. + + * keyedit.c (show_key_with_all_names): Use list-option + show-validity in --edit-key interface as well. + + * options.h, g10.c (main), mainproc.c (check_sig_and_print): Add + verify-options "show-validity" and "show-long-keyid" to show + trustdb validity and long keyids during (file) signature + verification. + + * packet.h, main.h, sig-check.c (signature_check2) + (check_key_signature2, do_check): If ret_pk is set, fill in the pk + used to verify the signature. Change all callers in getkey.c, + mainproc.c, and sig-check.c. + + * keylist.c (list_keyblock_colon): Use the ret_pk from above to + put the fingerprint of the signing key in "sig" records during a + --with-colons --check-sigs. This requires --no-sig-cache as well + since we don't cache fingerprints. + + * parse-packet.c (parse_signature): No need to reserve 8 bytes for + the unhashed signature cache any longer. + + * misc.c (pct_expando): Add two new expandos - signer's + fingerprint (%g), and signer's primary fingerprint (%p). + + * g10.c (main): Add --rfc2440 alias for --openpgp since in a few + months, they won't be the same thing. + + * keyserver.c (parse_keyserver_uri): Accept "http" as an alias for + "hkp", since it is occasionally written that way. + (keyserver_spawn): Use ascii_isspace to avoid locale issues. + + * keygen.c (ask_user_id): Make --allow-freeform-uid apply to the + email field as well as the name field, and allow mixing fields + when it is set. + + * trustdb.c (validate_one_keyblock): Certifications on revoked or + expired uids do not count in the web of trust. + + * signal.c (init_one_signal, pause_on_sigusr, do_block): Only use + sigprocmask() if we have sigset_t, and only use sigaction() if we + have struct sigaction. This is for Forte c89 on Solaris which + seems to define only the function call half of the two pairs by + default. + (pause_on_sigusr): Typo. + (do_block): If we can't use sigprocmask() and sigset_t, try to get + the number of signals from NSIG as well as MAXSIG, and if we + can't, fail with an explanation. + + * signal.c, tdbio.c: Comment out the transaction code. It was not + used in this version, and was causing some build problems on + quasi-posix platforms (Solaris and Forte c89). + + * keylist.c (list_keyblock_colon): Don't include validity values + when listing secret keys since they can be incorrect and/or + misleading. This is a temporary kludge, and will be handled + properly in 1.9/2.0. + + * mainproc.c (check_sig_and_print): Only show the "key available + from" preferred keyserver line if the key is not currently + present. + + * keyedit.c (sign_uids): Do not sign expired uids without --expert + (same behavior as revoked uids). Do not allow signing a user ID + without a self-signature. --expert overrides. Add additional + prompt to the signature level question. + (menu_expire): When changing expiration dates, don't replace + selfsigs on revoked uids since this would effectively unrevoke + them. There is also no point in replacing expired selfsigs. This + is bug #181 + + * g10.c (add_notation_data): Make sure that only ascii is passed + to iscntrl. Noted by Christian Biere. + * getkey.c (classify_user_id2): Replaced isspace by spacep + * keygen.c (ask_user_id): Ditto. + (get_parameter_algo): Ditto. + * keyedit.c (keyedit_menu): Ditto. + * tdbdump.c (import_ownertrust): Ditto. s/isxdigit/hexdigitp/. + * revoke.c (ask_revocation_reason): + * keyserver.c (keyserver_spawn): Dito. + + * parse-packet.c (parse): Disallow old style partial length for + all key material packets to avoid possible corruption of keyrings. + + * import.c (import_keys_internal): Invalidate the cache so that + the file descriptor gets closed. Fixes bug reported by Juan + F. Codagnone. + + * options.h, g10.c (main), main.h, keylist.c (show_keyserver_url), + mainproc.c (check_sig_and_print), parse-packet.c (dump_sig_subpkt, + parse_one_sig_subpkt, can_handle_critical): Add read-only support + for preferred keyserver subpackets. They're basically policy URLs + with a different name. Add a verify-option + "show-preferred-keyserver" to turn them on and off (on by default, + as per stable branch). + + * g10.c (main): Add "--set-notation" as alias to "--notation-data" + this is to make things consistent with --set-policy-url meaning + both sigs and certs. + + * options.h, g10.c (main), keylist.c (list_keyblock_print): Add + "show-validity" and "show-long-keyid" list-options. + + * gpgv.c (get_validity, trust_value_to_string): Stubs. + + * g10.c (main): Use SAFE_VERSION instead of VERSION in the + version-specific gpg.conf file so it can be overridden on RISCOS. + + * keyedit.c (show_key_with_all_names): Fix assertion failure when + using toggle to see a secret key. Reported by Maxim Britov. + + +2003-09-22 Timo Schulz + + * card-util.c (card_status): Free pk in case of an error + and return if the card is no OpenPGP card. + +2003-09-18 Werner Koch + + * g10.c: New command --card-edit. + * card-util.c (card_status): Use tty_fprintf for all output. + (print_sha1_fpr, print_isoname): Ditto. + (get_one_name,change_name, change_url, change_login,change_lang) + (change_sex): New; taken from keygen.c. + * keygen.c (smartcard_get_one_name, smartcard_change_name) + (smartcard_change_url, smartcard_change_login_data) + (smartcard_change_lang, smartcard_change_sex): Removed. + (check_smartcard): Removed most menu items. + +2003-09-06 Werner Koch + + * misc.c (openpgp_pk_algo_usage): Allow AUTH where SIGN is allowed. + + * keygen.c (ask_passphrase): No need to allocated S2K in secure + memory. + +2003-09-04 Werner Koch + + * keygen.c (do_add_key_flags, parse_parameter_usage) + (do_generate_keypair): Add support the proposed AUTH key flag. + * getkey.c (fixup_uidnode, merge_selfsigs_main) + (merge_selfsigs_subkey, premerge_public_with_secret): Ditto. + * keylist.c (print_capabilities): Ditto. + +2003-08-25 Timo Schulz + + * pkglue.c (mpi_from_sexp): New. Used to factor out + some common code. + +2003-08-24 Werner Koch + + * keygen.c (do_generate_keypair): Print a reminder to use --gen-revoke. + +2003-08-18 Timo Schulz + + * encode.c (encode_sesskey): Checked the code and removed + the warning since all compatibility checks with PGP succeeded. + * mainproc.c (symkey_decrypt_sesskey): Better check for the + algorithm and check the return values of some functions. + * mdc.c (use_mdc): Simplified. + +2003-08-07 Werner Koch + + * pkglue.c (pk_sign): Fix last change. + (pk_verify): Check for valid DATA array so that we don't segv in + Libgcrypt. + (pk_verify): Ditto. + +2003-08-06 Werner Koch + + * pkglue.c (pk_sign): Allow signing using RSA. + +2003-08-05 Werner Koch + + * Makefile.am (install-data-local): Dropped check for the ancient + gpgm tool. + (bin_PROGRAMS): Renamed gpg to gpg2 and gpgv to gpgv2. This is so + that it won't conflict with the current stable version of gpg. + + * pkglue.c (pk_check_secret_key): New. + * seckey-cert.c (do_check): Reenable this test here again. + + * g10.c (main): Add command -K as an alias for + --list-secret-keys. Command "-k" is now an alias to --list-keys. + Remove special treatment of -kv and -kvv. + (set_cmd): Ditto. + (main): Strip a "-cvs" suffix when testing for a version specific + config file. + + * status.h, status.c, g10.c [USE_SHM_COPROCESSING]: Removed. This + is not any longer available. + +2003-07-29 Werner Koch + + * g10.c (main): Add secmem features and set the random seed file. + (g10_exit): Update the random seed file. + + * parse-packet.c (parse_signature,read_protected_v3_mpi) + (parse_key): Fixed use of mpi_set_opaque. + * keygen.c (gen_card_key): Ditto. + +2003-07-28 Werner Koch + + * status.c (progress_cb): Adjusted for use with Libcgrypt. + (set_status_fd): Register that callback. + + * keygen.c (smartcard_change_login_data): New. + (smartcard_change_lang): New. + (smartcard_change_sex): New. + (check_smartcard): Add menu entries to edit the above. + (gen_elg,gen_dsa,gen_rsa): Reimplemented in terms of Libgcrypt. + (genhelp_protect, genhelp_factors, key_from_sexp): New. + * comment.c (make_comment_node_from_buffer): New. + (make_comment_node): Reimplemented in terms of above. + +2003-07-27 Werner Koch + + Adjusted for gcry_mpi_print and gcry_mpi_scan API change. + +2003-07-24 Werner Koch + + * g10.c: New command --card-status. + * card-util.c (card_status): New. + * call-agent.c (learn_status_cb): Parse more information. + + * keylist.c (print_pubkey_info): Add FP arg for optional printing + to a stream. Changed all callers. + +2003-07-23 Werner Koch + + * keygen.c (generate_keypair): Create an AUTHKEYTYPE entry for cards. + (do_generate_keypair): Abd generate the authkey. + (check_smartcard): Changed menu accordingly. + +2003-07-22 Werner Koch + + * g10.c: New command --change-pin. + * card-util.c: New. + * call-agent.c (agent_scd_change_pin): New. + (agent_release_card_info): New. + * keygen.c (check_smartcard): Use it here. + +2003-07-16 Werner Koch + + * export.c (parse_export_options): New option sexp-format. + (export_seckeys,export_secsubkeys): Check sexp-format option. + (do_export): Ignore armor for sexp format. + (do_export_stream): Handle sexp-format. + (write_sexp_line,write_sexp_keyparm, build_sexp_seckey): New. + (build_sexp): New. + +2003-07-03 Werner Koch + + * options.h (DBG_CIPHER): Reintroduced it. + * seskey.c (encode_session_key): Debug output of the session key. + + * pubkey-enc.c (get_it): Handle card case. + * call-agent.c (agent_scd_pkdecrypt): New. + * pkglue.c (pk_encrypt): Add RSA support. + + * g10.c (main): Default to --use-agent. + + * keygen.c (show_smartcard): Print info about the public key. + (check_smartcard): Check for existing key here. + (gen_card_key): And not anymore here. + (fpr_is_zero): New. + (generate_keypair): Generate both keys for a card. + (smartcard_change_url): Nw. + +2003-07-02 Werner Koch + + * seckey-cert.c (is_secret_key_protected): Let it handle mode 1002. + +2003-07-01 Werner Koch + + * keygen.c (gen_card_key): Obviously we should use the creation + date received from SCDAEMON, so that the fingerprints will match. + * sign.c (do_sign): Pass the serialno to the sign code. + * keyid.c (serialno_and_fpr_from_sk): New. + +2003-06-30 Werner Koch + + * call-agent.h (agent_card_info_s): Add field serialno. + * call-agent.c (store_serialno): New. + (learn_status_cb): Store the serial number. + * keygen.c (gen_card_key): Store the serial number + (check_smartcard): New argument to return the serial number. + (generate_keypair): Get the serial number from check_smartcard and + store it as a parameter. + * parse-packet.c (parse_key): Use the protect.iv field to store the + serial number. + * build-packet.c (do_secret_key): Write the serial number. + +2003-06-27 Werner Koch + + * seckey-cert.c (check_secret_key): Bypass the unprotection for + mode 1002. + * sign.c (do_sign): Handle card case (i.e. mode 1002). + +2003-06-26 Werner Koch + + * build-packet.c (do_secret_key): Implement special protection + mode 1002. + * parse-packet.c (parse_key): Likewise. + + * keygen.c (smartcard_gen_key): New. + * call-agent.c (agent_scd_setattr): New. + +2003-06-24 Werner Koch + + * Makefile.am: Removed signal.c + + * g10.c (emergency_cleanup): New. + (main): Use gnupg_init_signals and register malloc for assuan. + +2003-06-23 Werner Koch + + * keyid.c (do_fingerprint_md): Made it work again. + +2003-06-19 Werner Koch + + Fixed all "==" comparisons against error code constants to use + gpg_err_code(). + + * import.c (import_secret_one): + (import_revoke_cert): + (chk_self_sigs): + + * misc.c (openpgp_md_map_name): Check also for the Hx format. + (openpgp_cipher_map_name): Check also for the Sx format. + (pubkey_get_npkey): Adjusted for changed gcrypt API. + (pubkey_get_nskey): Ditto. + (pubkey_get_nsig): Ditto. + (pubkey_get_nenc): Ditto. + +2003-06-18 Werner Koch + + Finished the bulk of changes for gnupg 1.9. This included + switching to libgcrypt functions, using shared error codes from + libgpg-error, replacing the old functions we used to have in + ../util by those in ../jnlib and ../common, renaming the malloc + functions and a couple of types. Note, that not all changes are + listed below becuause they are too similar and done at far too + many places. As of today the code builds using the current + libgcrypt from CVS but it is very unlikely that it actually works. + + * sig-check.c (cmp_help): Removed. Was never used. + + * pkglue.c: New. Most stuff taken from gnupg 1.1.2. + * pkglue.h: New. + + * misc.c (pull_in_libs): Removed. + + * keygen.c (count_chr): New. + (ask_user_id): Removed faked RNG support. + + * misc.c (openpgp_md_map_name,openpgp_cipher_map_name) + (openpgp_pk_map_name): New. + + * skclist.c (build_sk_list): Removed faked RNG support. + (is_insecure): Removed. + + * comment.c (make_mpi_comment_node): Use gcry MPI print function. + + * keyid.c (v3_keyid): New. + + * misc.c (mpi_write,mpi_write_opaque,mpi_read,mpi_read_opaque) + (mpi_print): New. Taken from gnupg 1.1.2. + (checksum_mpi): Replaced by implementation from 1.1.2. + + * g10.c (my_strusage): Renamed from strusage and return NULL + instead calling a default function. + (add_to_strlist2): New. Taken from ../util/strgutil.c of gnupg 1.2. + + * plaintext.c (handle_plaintext): New arg CREATE_FILE to cope with + the fact that gpg-error does not have this error code anymore. + + * mainproc.c (symkey_decrypt_sesskey): Ditto. + + * seskey.c (make_session_key): Adjusted for use with libgcrypt. + (encode_session_key): Ditto. + (do_encode_md): Ditto. + (encode_md_value): Ditto. + + * keyring.c: Use libgpg-error instead of READ_ERROR etc. + + * g10.c: Adjusted all algorithm name/id mapping functions. + (set_debug): Pass MPI and CRYPTO debug values to libgcrypt. + + * Makefile.am (INCLUDES): Define LOCALEDIR and the default error + source. + + * g10.c (i18n_init): s/G10_LOCALEDIR/LOCALEDIR/. + + Renamed m_alloc et al to xmalloc et al. + s/g10_errstr/gpg_strerror/ + s/MPI/gcry_mpi_t/ + Adjusted all md_open calls to the libgcrypt API. + + * build-packet.c (do_comment): Return error code from iobuf write + function. + (do_user_id): Ditto. + (do_public_key): Ditto. + + * Makefile.am: Add new files, link gpg with libgpg-error. + * g10.c, options.h: New option --agent-program. + * call-agent.c: New. + * gpg.h, call-agent.h: New. + +2003-06-03 David Shaw + + * options.h, g10.c (main), keylist.c (list_keyblock_print): Add + "show-validity" and "show-long-keyid" list-options. + + * gpgv.c (get_validity, trust_value_to_string): Stubs. + + * g10.c (main): Use SAFE_VERSION instead of VERSION in the + version-specific gpg.conf file so it can be overridden on RISCOS. + +2003-06-01 David Shaw + + * g10.c (main), keylist.c (show_policy_url, show_notation), + mainproc.c (check_sig_and_print): Emulate the old policy and + notation behavior (display by default). Send to status-fd whether + it is displayed on the screen or not. + + * g10.c (main): Since we now have some options in devel that won't + work in a stable branch gpg.conf file, try for a version-specific + gpg.conf-VERSION file before falling back to gpg.conf. + + * main.h, options.h: Move various option flags to options.h. + +2003-05-31 David Shaw + + * mainproc.c (check_sig_and_print), main.h, keylist.c + (show_policy, show_notation): Collapse the old print_notation_data + into show_policy() and show_notation() so there is only one + function to print notations and policy URLs. + + * options.h, main.h, g10.c (main), keyedit.c + (print_and_check_one_sig), keylist.c (list_one, + list_keyblock_print), pkclist.c (do_edit_ownertrust), sign.c + (mk_notation_and_policy): New "list-options" and "verify-options" + commands. These replace the existing + --show-photos/--no-show-photos, + --show-notation/--no-show-notation, + --show-policy-url/--no-show-policy-url, and --show-keyring + options. The new method is more flexible since a user can specify + (for example) showing photos during sig verification, but not in + key listings. The old options are emulated. + + * main.h, misc.c (parse_options): New general option line + parser. Fix the bug in the old version that did not handle report + syntax errors after a valid entry. + + * import.c (parse_import_options), export.c + (parse_export_options): Call it here instead of duplicating the + code. + +2003-05-30 David Shaw + + * keylist.c (list_one): Don't show the keyring filename when in + --with-colons mode. Actually translate "Keyring" string. + + * mainproc.c (proc_tree): We can't currently handle multiple + signatures of different classes or digests (we'd pretty much have + to run a different hash context for each), but if they are all the + same, make an exception. This is Debian bug #194292. + + * sig-check.c (check_key_signature2): Make string translatable. + + * packet.h, getkey.c (fixup_uidnode): Mark real primary uids + differently than assumed primaries. + + * keyedit.c (no_primary_warning): Use the differently marked + primaries here in a new function to warn when an --edit-key + command might rearrange the self-sig dates enough to change which + uid is primary. + (menu_expire, menu_set_preferences): Use no_primary_warning() + here. + + * Makefile.am: Use @DLLIBS@ for -ldl. + +2003-05-26 David Shaw + + * getkey.c (premerge_public_with_secret): Made "no secret subkey + for" warning a verbose item and translatable. (From wk on stable + branch) + + * sig-check.c (check_key_signature2): Made "no subkey for subkey + binding packet" a verbose item instead of a !quiet one. There are + too many garbled keys out in the wild. (From wk on stable branch) + + * filter.h: Remove const from WHAT. (From wk on stable branch) + + * progress.c (handle_progress): Store a copy of + NAME. (progress_filter): Release WHAT, make sure not to print a + NULL WHAT. (From wk on stable branch) + + * openfile.c (open_sigfile): Adjust free for new progress + semantics. (From wk on stable branch) + + * plaintext.c (ask_for_detached_datafile): Don't dealloc + pfx->WHAT. (From wk on stable branch) + + * seckey-cert.c (do_check): Issue the RSA_OR_IDEA status when the + cipher algo is IDEA to make it easier to track down the + problem. (From twoaday on stable branch) + +2003-05-24 David Shaw + + * armor.c, g10.c, kbnode.c, misc.c, pkclist.c, sign.c, + build-packet.c, getkey.c, keydb.c, openfile.c, plaintext.c, + status.c, gpgv.c, keygen.c, options.h, sig-check.c, tdbio.h, + encode.c, mainproc.c, parse-packet.c, signal.c, textfilter.c: Edit + all preprocessor instructions to remove whitespace before the '#'. + This is not required by C89, but there are some compilers out + there that don't like it. + +2003-05-21 David Shaw + + * trustdb.h, trustdb.c (is_disabled), gpgv.c (is_disabled): Rename + is_disabled to cache_disabled_value, which now takes a pk and not + just the keyid. This is for speed since there is no need to + re-fetch a key when we already have that key handy. Cache the + result of the check so we don't need to hit the trustdb more than + once. + + * getkey.c (skip_disabled): New function to get a pk and call + is_disabled on it. (key_byname): Use it here. + + * packet.h, getkey.c (skip_disabled), keylist.c + (print_capabilities): New "pk_is_disabled" macro to retrieve the + cached disabled value if available, and fill it in via + cache_disabled_value if not available. + + * trustdb.c (get_validity): Cache the disabled value since we have + it handy and it might be useful later. + + * parse-packet.c (parse_key): Clear disabled flag when parsing a + new key. Just in case someone forgets to clear the whole key. + + * getkey.c (merge_selfsigs_main): Add an "if all else fails" path + for setting a single user ID primary when there are multiple set + primaries all at the same second, or no primaries set and the most + recent user IDs are at the same second, or no signed user IDs at + all. This is arbitrary, but deterministic. + + * exec.h, photoid.h: Add copyright message. + + * keylist.c (list_keyblock_print): Don't dump attribs for + revoked/expired/etc uids for non-colon key listings. This is for + consistency with --show-photos. + + * main.h, keylist.c (dump_attribs), mainproc.c + (check_sig_and_print): Dump attribs if --attrib-fd is set when + verifying signatures. + + * g10.c (main): New --gnupg option to disable the various + --openpgp, --pgpX, etc. options. This is the same as --no-XXXX + for those options. + + * revoke.c (ask_revocation_reason): Clear old reason if user + elects to repeat question. This is bug 153. + + * keyedit.c (sign_uids): Show keyid of the key making the + signature. + +2003-05-21 Werner Koch + + * progress.c (handle_progress) + * sign.c (write_plaintext_packet) + * encode.c (encode_simple,encode_crypt): Make sure that a filename + of "-" is considered to be stdin so that iobuf_get_filelength + won't get called. This fixes bug 156 reported by Gregery Barton. + +2003-05-02 David Shaw + + * packet.h, build-packet.c (build_sig_subpkt), export.c + (do_export_stream), import.c (remove_bad_stuff, import), + parse-packet.c (dump_sig_subpkt, parse_one_sig_subpkt): Remove + vestigal code for the old sig cache subpacket. This wasn't + completely harmless as it caused subpacket 101 to disappear on + import and export. + + * options.h, armor.c, cipher.c, g10.c, keyedit.c, pkclist.c, + sign.c, encode.c, getkey.c, revoke.c: The current flags for + different levels of PGP-ness are massively complex. This is step + one in simplifying them. No functional change yet, just use a + macro to check for compliance level. + + * sign.c (sign_file): Fix bug that causes spurious compression + preference warning. + + * sign.c (clearsign_file): Fix bug that prevents proper warning + message from appearing when clearsigning in --pgp2 mode with a + non-v3 RSA key. + + * main.h, misc.c (compliance_option_string, compliance_string, + compliance_failure), pkclist.c (build_pk_list), sign.c (sign_file, + clearsign_file), encode.c (encode_crypt, + write_pubkey_enc_from_list): New functions to put the "this + message may not be usable...." warning in one place. + + * options.h, g10.c (main): Part two of the simplification. Use a + single enum to indicate what we are compliant to (1991, 2440, + PGPx, etc.) + + * g10.c (main): Show errors for failure in export, send-keys, + recv-keys, and refresh-keys. + + * options.h, g10.c (main): Give algorithm warnings for algorithms + chosen against the --pgpX and --openpgp rules. + + * keydb.h, pkclist.c (algo_available): Make TIGER192 invalid in + --openpgp mode. + + * sign.c (sign_file), pkclist.c (algo_available): Allow passing a + hint of 0. + +2003-05-01 David Shaw + + * tdbio.c (create_version_record): Only create new trustdbs with + TM_CLASSIC or TM_PGP. + + * trustdb.h, trustdb.c (trust_string, get_ownertrust_string, + get_validity_string, ask_ownertrust, validate_keys), pkclist.c + (do_edit_ownertrust): Rename trust_string to trust_value_to_string + for naming consistency. + + * trustdb.h, trustdb.c (string_to_trust_value): New function to + translate a string to a trust value. + + * g10.c (main): Use string_to_trust_value here for + --force-ownertrust. + + * options.h, g10.c (main), trustdb.c (trust_model_string, + init_trustdb, check_trustdb, update_trustdb, get_validity, + validate_one_keyblock): An "OpenPGP" trust model is misleading + since there is no official OpenPGP trust model. Use "PGP" + instead. + +2003-04-30 David Shaw + + * build-packet.c (build_sig_subpkt): Comments. + + * exec.c (exec_write): Cast NULL to void* to properly terminate + varargs list. + + * keyedit.c (show_key_with_all_names): Just for safety, catch an + invalid pk algorithm. + + * sign.c (make_keysig_packet): Crucial that the call to mksubpkt + comes LAST before the calls to finalize the sig as that makes it + possible for the mksubpkt function to get a reliable pointer to + the subpacket area. + + * pkclist.c (do_we_trust_pre): If an untrusted key was chosen by a + particular user ID, use that ID as the one to ask about when + prompting whether to use the key anyway. + (build_pk_list): Similar change here when adding keys to the + recipient list. + + * trustdb.c (update_validity): Fix bug that prevented more than + one validity record per trust record. + (get_validity): When retrieving validity for a (user) supplied + user ID, return the validity for that user ID only, and do not + fall back to the general key validity. + (validate_one_keyblock): Some commentary on whether + non-self-signed user IDs belong in the web of trust (arguably, + they do). + +2003-04-27 David Shaw + + * g10.c (main): Add --no-textmode. + + * export.c (do_export_stream), keyedit.c (show_key_with_all_names, + menu_addrevoker), mainproc.c (check_sig_and_print), photoid.c + (show_photos), sign.c (mk_notation_and_policy), trustdb.c + (get_validity, reset_trust_records, validate_keys): Make some + strings translatable. + + * mainproc.c (check_sig_and_print): Show digest algorithm and sig + class when verifying a sig with --verbose on, and add version, pk + and hash algorithms and sig class to VALIDSIG. + + * parse-packet.c (enum_sig_subpkt): Make a warning message a + --verbose warning message since we don't need to warn every time + we see an unknown critical (we only need to invalidate the + signature). + + * trustdb.c (init_trustdb): Check the trustdb options even with + TM_AUTO since the auto may become TM_CLASSIC or TM_OPENPGP. + +2003-04-26 David Shaw + + * sign.c (do_sign): Show the hash used when making a signature in + verbose mode. + + * tdbio.h, tdbio.c (tdbio_read_model): New function to return the + trust model used in a given trustdb. + + * options.h, g10.c (main), trustdb.c (init_trustdb, check_trustdb, + update_trustdb): Use tdbio_read_model to implement an "auto" trust + model which is set via the trustdb. + +2003-04-23 David Shaw + + * import.c (import_revoke_cert): Remove ultimate trust when + revoking an ultimately trusted key. + + * keyedit.c (sign_uids): Allow replacing expired signatures. + Allow duplicate signatures with --expert. + + * pkclist.c (check_signatures_trust): Don't display a null + fingerprint when checking a signature with --always-trust enabled. + + * filter.h (progress_filter_context_t), progress.c + (handle_progress), plaintext.c (ask_for_detached_datafile, + hash_datafiles): Fix compiler warnings. Make "what" constant. + + * build-packet.c (do_plaintext): Do not create invalid literal + packets with >255-byte names. + +2003-04-15 Werner Koch + + * Makefile.am (AM_CFLAGS): Make use of AM_CFLAGS and AM_LDFLAGS. + + * g10.c, options.h: New option --enable-progress-filter. + * progress.c (handle_progress): Make use of it. + +2003-04-15 Marcus Brinkmann + + * progress.c: New file. + * Makefile.am (common_source): Add progress.c. + * filter.h (progress_filter_context_t): New type. + (progress_filter, handle_progress): New prototypes. + * main.h (open_sigfile): New argument for prototype. + * openfile.c (open_sigfile): New argument to install progress + filter. + * encode.c (encode_simple): New variable PFX. Register + progress filter. Install text_filter after that. + (encode_crypt): Likewise. + * sign.c (sign_file): Likewise. + (clearsign_file): Likewise. + * decrypt.c (decrypt_message): Likewise. + (decrypt_messages): Likewise. + * verify.c (verify_signatures): Likewise. + (verify_one_file): Likewise. + * plaintext.c (hash_datafiles): Likewise. + (ask_for_detached_datafile): Likewise. + +2003-04-10 Werner Koch + + * passphrase.c (read_passphrase_from_fd): Do a dummy read if the + agent is to be used. Noted by Ingo Klöcker. + (agent_get_passphrase): Inhibit caching when we have no + fingerprint. This is required for key generation as well as for + symmetric only encryption. + + * passphrase .c (agent_get_passphrase): New arg CANCELED. + (passphrase_to_dek): Ditto. Passed to above. Changed all + callers to pass NULL. + * seckey-cert.c (do_check): New arg CANCELED. + (check_secret_key): Terminate loop when canceled. + + * keyedit.c (change_passphrase): Pass ERRTEXT untranslated to + passphrase_to_dek and translate where appropriate. + * seckey-cert.c (check_secret_key): Ditto. + * keygen.c (ask_passphrase): Ditto. + * passphrase.c (agent_get_passphrase): Translate the TRYAGAIN_TEXT. + Switch the codeset to utf-8. + +2003-04-09 Werner Koch + + * decrypt.c (decrypt_messages): Fixed error handling; the function + used to re-loop with same file after an error. Reported by Joseph + Walton. + +2003-04-08 David Shaw + + * main.h, g10.c (main), import.c (parse_import_options, + fix_pks_corruption): It's really PKS corruption, not HKP + corruption. Keep the old repair-hkp-subkey-bug command as an + alias. + + * g10.c (main): Rename --no-version to --no-emit-version for + consistency. Keep --no-version as an alias. + +2003-04-04 David Shaw + + * pkclist.c (algo_available): PGP 8 can use the SHA-256 hash. + + * sign.c (sign_file, clearsign_file, sign_symencrypt_file): Remove + unused code. + +2003-04-01 Werner Koch + + * mainproc.c (check_sig_and_print): Add primary key fpr to VALIDSIG + status. + +2003-03-24 David Shaw + + * keydb.h: Err on the side of making an unknown signature a SIG + rather than a CERT. + + * import.c (delete_inv_parts): Discard any key signatures that + aren't key types (i.e. 0x00, 0x01, etc.) + + * g10.c (main): Add deprecated option warning for + --list-ownertrust. Add --compression-algo alias for + --compress-algo. Change --version output strings to match + "showpref" strings, and make translatable. + + * status.c (do_get_from_fd): Accept 'y' as well as 'Y' for + --command-fd boolean input. + + * trustdb.c: Fix typo (DISABLE_REGEXP -> DISABLE_REGEX) + + * keyedit.c (show_key_with_all_names_colon): Show no-ks-modify + flag. + +2003-03-11 David Shaw + + * options.h, g10.c (main), keyserver.c (kopts): Add "try-dns-srv" + keyserver option. Defaults to on. + + * passphrase.c (agent_get_passphrase): Fix memory leak with + symmetric messages. Fix segfault with symmetric messages. Fix + incorrect prompt with symmetric messages. + +2003-03-10 Werner Koch + + * compress.c (init_uncompress): Use a 15 bit window size so that + the output of implementations which don't run for PGP 2 + compatibility won't get garbled. + +2003-03-04 David Shaw + + * trustdb.c (validate_keys): Mask the ownertrust when building the + list of fully valid keys so that disabled keys are still counted + in the web of trust. + (get_ownertrust_with_min): Do the same for the minimum ownertrust + calculation. + + * parse-packet.c (dump_sig_subpkt): Show the notation names for + not-human-readable notations. Fix cosmetic off-by-one length + counter. + + * options.skel: Add explantion and commented-out + "no-mangle-dos-filenames". + + * mainproc.c (proc_encrypted): Make string translatable. + + * keyserver.c (keyserver_spawn): Quote ':', '%', and any 8-bit + characters in the uid strings sent to the keyserver helper. + + * keyring.c (keyring_rebuild_cache): Lock the keyring while + rebuilding the signature caches to prevent another gpg from + tampering with the temporary copy. + + * keygen.c (keygen_set_std_prefs): Include AES192 and AES256 in + default prefs. + + * keyedit.c (show_prefs): Make strings translatable. + + * keydb.c: Double the maximum number of keyrings to 40. + + * gpgv.c (main): Fix bug #113 - gpgv should accept the + --ignore-time-conflict option. + + * g10.c (main): --openpgp disables --pgpX. Double the amount of + secure memory to 32k (keys are getting bigger these days). + + * Makefile.am: Makefile.am: Use @CAPLIBS@ to link in -lcap if we + are using capabilities. + +2003-02-26 David Shaw + + * keyserver.c (keyserver_spawn): Include various pieces of + information about the key in the data sent to the keyserver + helper. This allows the helper to use it in instructing a remote + server which may not have any actual OpenPGP smarts in parsing + keys. + + * main.h, export.c (export_pubkeys_stream, do_export_stream): Add + ability to return only the first match in an exported keyblock for + keyserver usage. This should be replaced at some point with a + more flexible solution where each key can be armored seperately. + +2003-02-22 David Shaw + + * sign.c (sign_file): Do not push textmode filter onto an unopened + IOBUF (segfault). Noted by Marcus Brinkmann. Push and + reinitialize textmode filter for each file in a multiple file + list. + + * packet.h, getkey.c (fixup_uidnode), keyedit.c (show_prefs): Set + and show the keyserver no-modify flag. + + * keygen.c (add_keyserver_modify): New. + (keygen_upd_std_prefs): Call it here. + (keygen_set_std_prefs): Accept "ks-modify" and "no-ks-modify" as + prefs to set and unset keyserver modify flag. + + * g10.c (main): Accept "s1" in addition to "idea" to match the + other ciphers. + + * main.h, misc.c (idea_cipher_warn): We don't need this if IDEA + has been disabled. + +2003-02-21 David Shaw + + * keygen.c (keygen_set_std_prefs): Don't put AES or CAST5 in + default prefs if they are disabled. + + * g10.c (main): Use 3DES instead of CAST5 if we don't have CAST5 + support. Use 3DES for the s2k cipher in --openpgp mode. + (print_mds): #ifdef all of the optional digest algorithms. + +2003-02-12 David Shaw + + * keydb.h, getkey.c (classify_user_id, classify_user_id2): Make + 'exact' a per-desc item. Merge into one function since + 'force_exact' is no longer needed. + (key_byname): Use new classify_user_id function, and new exact + flag in KEYDB_SEARCH_DESC. + + * keyring.h, keyring.c (keyring_search): Return an optional index + to show which KEYDB_SEARCH_DESC was the matching one. + + * keydb.h, keydb.c (keydb_search): Rename to keydb_search2, and + pass the optional index to keyring_search. Add a macro version of + keydb_search that calls this new function. + + * export.c (do_export_stream): If the keyid! syntax is used, + export only that specified key. If the key in question is a + subkey, export the primary plus that subkey only. + +2003-02-11 David Shaw + + * exec.c (set_exec_path): Add debugging line. + + * g10.c (print_hex, print_mds): Print long hash strings a lot + neater. This assumes at least an 80-character display, as there + are a few other similar assumptions here and there. Users who + need unformatted hashes can still use with-colons. Check that + SHA384 and 512 are available before using them as they are no + longer always available. + + * Makefile.am: Use a local copy of libexecdir along with @PACKAGE@ + as GNUPG_LIBEXECDIR so it can be easily overridden at make time. + +2003-02-04 David Shaw + + * armor.c (parse_hash_header, armor_filter): Accept the new SHAs + in the armor Hash: header. + + * g10.c (print_hex): Print long hash strings a little neater. + (print_mds): Add the new SHAs to the hash list. + +2003-02-02 David Shaw + + * keyedit.c (menu_revuid): Properly handle a nonselfsigned uid on + a v4 key (treat as a v4 revocation). + + * import.c (print_import_check): Do not re-utf8 convert user IDs. + +2003-01-27 David Shaw + + * mainproc.c (list_node): Show signature expiration date in + with-colons sig records. + + * keylist.c (list_keyblock_colon), mainproc.c (list_node): Show + trust sig information in with-colons sig records. + +2003-01-16 David Shaw + + * g10.c (add_group): Trim whitespace after a group name so it does + not matter where the user puts the = sign. + + * options.skel: Comment out the first three lines in case someone + manually copies the skel file to their homedir. + + * sign.c (clearsign_file): Only use pgp2mode with v3 keys and + MD5. This matches what we do when decoding such messages and + prevents creating a message (v3+RIPEMD/160) that we can't verify. + + * sig-check.c (signature_check2): Use G10ERR_GENERAL as the error + for signature digest conflict. BAD_SIGN implies that a signature + was checked and we may try and print out a user ID for a key that + doesn't exist. + +2003-01-15 David Shaw + + * trustdb.c (init_trustdb, get_validity): Don't use a changed + trust model to indicate a dirty trustdb, and never auto-rebuild a + dirty trustdb with the "always" trust model. + + * g10.c (add_group): Last commit missed the \t ;) + +2003-01-14 David Shaw + + * packet.h, parse-packet.c (setup_user_id), free-packet.c + (free_user_id), keydb.h, keyid.c (namehash_from_uid): New function + to rmd160-hash the contents of a user ID packet and cache it in + the uid object. + + * keylist.c (list_keyblock_colon): Use namehash in field 8 of + uids. Show dates for creation (selfsig date), and expiration in + fields 6 and 7. + + * trustdb.c (get_validity, get_validity_counts, update_validity): + Use new namehash function rather than hashing it locally. + +2003-01-14 Werner Koch + + * g10.c (add_group): Fixed group parsing to allow more than one + delimiter in a row and also allow tab as delimiter. + +2003-01-12 David Shaw + + * tdbio.c (tdbio_set_dbname): Fix assertion failure with + non-fully-qualified trustdb names. + +2003-01-11 David Shaw + + * trustdb.c (get_validity_info, get_ownertrust_info, + trust_letter): Simplify by returning a ? for error directly. + + * keyedit.c (show_key_with_all_names): Use get_validity_string and + get_ownertrust_string to show full word versions of trust + (i.e. "full" instead of 'f'). + + * trustdb.h, trustdb.c (get_ownertrust_string, + get_validity_string): Same as get_ownertrust_info, and + get_validity_info, except returns a full string. + + * trustdb.c (get_ownertrust_with_min): New. Same as + 'get_ownertrust' but takes the min_ownertrust value into account. + +2003-01-10 David Shaw + + * armor.c (armor_filter): Comment about PGP's end of line tab + problem. + + * trustdb.h, trustdb.c (trust_letter): Make + static. (get_ownertrust_info, get_validity_info): Don't mask the + trust level twice. + + * trustdb.h, gpgv.c, trustdb.c (get_validity, get_validity_info), + keylist.c (list_keyblock_colon), keyedit.c + (show_key_with_all_names_colon, menu_revuid): Pass a user ID in + rather than a namehash, so we only have to do the hashing in one + place. + + * packet.h, pkclist.c (build_pk_list), free-packet.c + (release_public_key_parts): Remove unused namehash element for + public keys. + +2003-01-07 David Shaw + + * keygen.c (keygen_set_std_prefs): Warn when setting an IDEA + preference when IDEA is not available. + +2003-01-06 David Shaw + + * trustdb.c (get_validity_info): 'd' for disabled is not a + validity value any more. + + * packet.h, tdbio.h, tdbio.c (tdbio_read_record, + tdbio_write_record), trustdb.c (update_validity): Store temporary + full & marginal counts in the trustdb. + (clear_validity, get_validity_counts): Return and clear temp + counts. + (store_validation_status): Keep track of which keyids have been + stored. + (validate_one_keyblock, validate_key_list): Use per-uid copies of + the full & marginal counts so they can be recalled for multiple + levels. + (validate_keys): Only use unused keys for each new round. + (reset_unconnected_keys): Rename to reset_trust_records, and only + skip specifically excluded records. + + * keylist.c (print_capabilities): Show 'D' for disabled keys in + capabilities section. + + * trustdb.c (is_disabled): Remove incorrect comment. + +2003-01-03 David Shaw + + * import.c (import_one): Only do the work to create the status + display for interactive import if status is enabled. + + * keyring.c (keyring_search): skipfnc didn't work properly with + non-keyid searches. Noted by Stefan Bellon. + + * getkey.c (merge_selfsigs_main): Remove some unused code and make + sure that the pk selfsigversion member accounts for 1F direct + sigs. + +2003-01-02 Werner Koch + + * keydb.c (keydb_add_resource): Don't assume that try_make_homedir + terminates but check again for the existence of the directory and + continue then. + * openfile.c (copy_options_file): Print a warning if the skeleton + file has active options. + +2002-12-29 David Shaw + + * getkey.c (merge_selfsigs_main), main.h, sig-check.c + (check_key_signature2): Pass the ultimately trusted pk directly to + check_key_signature2 to avoid going through the key selection + mechanism. This prevents a deadly embrace when two keys without + selfsigs each sign the other. + +2002-12-27 David Shaw + + * keyserver.c (keyserver_refresh): Don't print the "refreshing..." + line if there are no keys to refresh or if there is no keyserver + set. + + * getkey.c (merge_selfsigs_main): Any valid user ID should make a + key valid, not just the last one. This also fixes Debian bug + #174276. + +2002-12-27 Stefan Bellon + + * import.c (print_import_check): Changed int to size_t. + +2002-12-27 David Shaw + + * keyedit.c (keyedit_menu, menu_revuid): Add "revuid" feature to + revoke a user ID. This is the same as issuing a revocation for + the self-signature, but a much simpler interface to do it. + +2002-12-26 David Shaw + + * keydb.h, getkey.c (key_byname): Flag to enable or disable + including disabled keys. Keys specified via keyid (i.e. 0x...) + are always included. + + * getkey.c (get_pubkey_byname, get_seckey_byname2, + get_seckey_bynames), keyedit.c (keyedit_menu, menu_addrevoker): + Include disabled keys in these functions. + + * pkclist.c (build_pk_list): Do not include disabled keys for -r + or the key prompt. Do include disabled keys for the default key + and --encrypt-to. + + * trustdb.h, trustdb.c (is_disabled): New skipfnc for skipping + disabled keys. + + * gpgv.c (is_disabled): Stub. + + * keygen.c (keygen_add_key_expire): Properly handle updating a key + expiration to a no-expiration value. + + * keyedit.c (enable_disable_key): Comment. + + * import.c (import_one): When in interactive mode and --verbose, + don't repeat some key information twice. + +2002-12-22 Timo Schulz + + * import.c (print_import_check): New. + (import_one): Use it here. + Use merge_keys_and_selfsig in the interactive mode to avoid + wrong key information. + * status.h: Add new status code. + * status.c: Ditto. + +2002-12-13 David Shaw + + * pkclist.c (do_we_trust): Tweak language to refer to the "named + user" rather than "owner". Noted by Stefan Bellon. + + * trustdb.h, trustdb.c (trustdb_pending_check): New function to + check if the trustdb needs a check. + + * import.c (import_keys_internal): Used here so we don't rebuild + the trustdb if it is still clean. + (import_one, chk_self_sigs): Only mark trustdb dirty if the key + that is being imported has any sigs other than self-sigs. + Suggested by Adrian von Bidder. + + * options.skel: Include the required '=' sign in the sample + 'group' option. Noted by Stefan Bellon. + + * import.c (chk_self_sigs): Don't try and check a subkey as if it + was a signature. + +2002-12-11 David Shaw + + * tdbio.c (tdbio_read_record, tdbio_write_record): Compact the + RECTYPE_TRUST records a bit. + + * g10.c (main): Comment out --list-trust-path until it can be + implemented. + + * import.c (import_one): Warn when importing an Elgamal primary + that this may take some time (to verify self-sigs). + (chk_self_sigs): Try and cache all self-sigs so the keyblock is + written to the keyring with a good rich cache. + + * keygen.c (ask_algo): Make the Elgamal sign+encrypt warning + stronger, and remove the RSA sign+encrypt warning. + +2002-12-06 Stefan Bellon + + * options.h: Fixed typo (mangle_dos_names instead of + mangle_dos_filenames). + +2002-12-05 Werner Koch + + * g10.c: New options --[no-]mangle-dos-filenames. + * options.h (opt): Added mangle-dos-filenames. + * openfile.c (open_outfile) [USE_ONLY_8DOT3]: Truncate the + filename only when this option is set; this is the default. + +2002-12-04 David Shaw + + * main.h, keyedit.c, keygen.c: Back out previous (2002-12-01) + change. Minimal isn't always best. + + * sign.c (update_keysig_packet): Use the current time rather then + a modification of the original signature time. Make sure that + this doesn't cause a time warp. + + * keygen.c (keygen_add_key_expire): Properly handle a key + expiration date in the past (use a duration of 0). + + * keyedit.c (menu_expire): Use update_keysig_packet so any sig + subpackets are maintained during the update. + + * build-packet.c (build_sig_subpkt): Mark sig expired or unexpired + when the sig expiration subpacket is added. + (build_sig_subpkt_from_sig): Handle making an expiration subpacket + from a sig that has already expired (use a duration of 0). + + * packet.h, sign.c (update_keysig_packet), keyedit.c + (menu_set_primary_uid, menu_set_preferences): Add ability to issue + 0x18 subkey binding sigs to update_keysig_packet and change all + callers. + + * trustdb.c (validate_keys): Show trust parameters when building + the trustdb, and make sure that the version record update was + successful. + (init_trustdb): If the current parameters aren't what was used for + building the trustdb, the trustdb is invalid. + + * tbio.c (tdbio_db_matches_options): Update to work with new + trustdbs. + +2002-12-03 David Shaw + + * tdbio.h, tdbio.c (tdbio_read_record, tdbio_write_record): Store + trust model in the trustdb version record. + (tdbio_update_version_record): New function to update version + record values during a trustdb check or update. + (tdbio_dump_record): Show trust model in dump. + + * trustdb.c (validate_keys): Call tdbio_update_version_record on + success so that the correct options are stored in the trustdb. + + * options.h: rearrange trust models so that CLASSIC is 0 and + OPENPGP is 1. + + * options.h, g10.c (main), encode.c (write_pubkey_enc_from_list), + pkclist.c (algo_available), revoke.c (gen_revoke): Add --pgp8 + mode. This is basically identical to --pgp7 in all ways except + that signing subkeys, v4 data sigs (including expiration), and SK + comments are allowed. + + * getkey.c (finish_lookup): Comment. + + * main.h, keylist.c (reorder_keyblock), keyedit.c (keyedit_menu): + Reorder user ID display in the --edit-key menu to match that of + the --list-keys display. + + * g10.c (add_notation_data): Fix initialization. + +2002-12-01 David Shaw + + * keyedit.c (menu_expire): Don't lose key flags when changing the + expiration date of a subkey. This is not the most optimal + solution, but it is minimal change on the stable branch. + + * main.h, keygen.c (do_copy_key_flags): New function to copy key + flags, if any, from one sig to another. + (do_add_key_expire): New function to add key expiration to a sig. + (keygen_copy_flags_add_expire): New version of + keygen_add_key_expire that also copies key flags. + (keygen_add_key_flags_and_expire): Use do_add_key_expire. + + * import.c (fix_hkp_corruption): Comment. + +2002-11-25 Stefan Bellon + + * plaintext.c (handle_plaintext) [__riscos__]: If nooutput is set, + no filetype is needed obviously. + +2002-11-24 David Shaw + + * main.h, misc.c (default_cipher_algo, default_compress_algo): + New. Return the default algorithm by trying + --cipher-algo/--compress-algo, then the first item in the pref + list, then s2k-cipher-algo or ZIP. + + * sign.c (sign_file, sign_symencrypt_file), encode.c + (encode_simple, encode_crypt): Call default_cipher_algo and + default_compress_algo to get algorithms. + + * g10.c (main): Allow pref selection for compress algo with + --openpgp. + + * mainproc.c (proc_encrypted): Use --s2k-digest-algo for + passphrase mangling rather than --digest-algo. + + * sign.c (hash_for): If --digest-algo is not set, but + --personal-digest-preferences is, then use the first hash + algorithm in the personal list. If the signing algorithm is DSA, + then use the first 160-bit hash algorithm in the personal list. + If --pgp2 is set and it's a v3 RSA key, use MD5. + + * g10.c (main), keydb.c (keydb_add_resource, + keydb_locate_writable): Rename --default-keyring as + --primary-keyring. Stefan wins the naming contest. + +2002-11-23 David Shaw + + * g10.c (add_notation_data): Disallow notation names that do not + contain a '@', unless --expert is set. This is to help prevent + people from polluting the (as yet unused) IETF namespace. + + * main.h: Comments about default algorithms. + + * photoid.c (image_type_to_string): Comments about 3-letter file + extensions. + + * encode.c (encode_simple), passphrase.c (passphrase_to_dek), + sign.c (sign_symencrypt_file): Use --s2k-digest-algo for + passphrase mangling rather than --digest-algo. + +2002-11-21 David Shaw + + * keygen.c (keygen_set_std_prefs): Properly handle an empty + preference string. + + * misc.c (string_to_compress_algo): "none" is a bad choice since + it conflicts with the "none" in setpref. + +2002-11-14 David Shaw + + * g10.c (main): Allow compression algorithm names as the argument + to --compress-algo. The old algorithm names still work for + backwards compatibility. + + * misc.c (string_to_compress_algo): Allow "none" as an alias for + "uncompressed". + +2002-11-13 Stefan Bellon + + * getkey.c (get_pubkey_byfprint_fast): Fixed type incompatibility, + was unsigned char instead of byte. + +2002-11-13 David Shaw + + * encode.c (encode_simple): Make sure that files larger than about + 4G use partial length encoding. This is required because OpenPGP + allows only for 32 bit length fields. From Werner on stable + branch. + + * getkey.c (get_pubkey_direct): Renamed to... + (get_pubkey_fast): this and made extern. + (get_pubkey_byfprint_fast): New. From Werner on stable branch. + + * keydb.h, import.c (import_one): Use get_pubkey_fast instead of + get_pubkey. We don't need a merged key and actually this might + lead to recursions. + (revocation_present): Likewise for search by fingerprint. From + Werner on stable branch. + + * g10.c (main): Try to create the trustdb even for non-colon-mode + list-key operations. This is required because getkey needs to + know whether a a key is ultimately trusted. From Werner on stable + branch. + + * exec.c [__CYGWIN32__]: Keep cygwin separate from Mingw32; + we don't need it here as it behaves more like a Posix system. + From Werner on stable branch. + + * passphrase.c (agent_get_passphrase): Ditto. From Werner on + stable branch. + + * tdbio.c (MY_O_BINARY): Need binary mode with Cygwin. From + Werner on stable branch. + + * g10.c, gpgv.c (main) [__CYGWIN32__]: Don't get the homedir from + the registry. From Werner on stable branch. + + * keyedit.c (show_key_with_all_names_colon): Make --with-colons + --edit display match the validity and trust of --with-colons + --list-keys. + + * passphrase.c (agent_send_all_options): Fix compile warning. + + * keylist.c (list_keyblock_colon): Validity for subkeys should + match that of the primary key, and not that of the last user ID. + + * getkey.c (merge_selfsigs): Revoked/expired/invalid primary keys + carry these facts onto all their subkeys, but only after the + subkey has a chance to be marked valid. This is to fix an + incorrect "invalid public key" error verifying a signature made by + a revoked signing subkey, with a valid unrevoked primary key. + +2002-11-09 Werner Koch + + * passphrase.c (agent_send_all_options): Use tty_get_ttyname to + get the default ttyname. + +2002-11-07 David Shaw + + * keyring.h, keyring.c (keyring_register_filename): Return the + pointer if a given keyring is registered twice. + + * keydb.h, keydb.c (keydb_add_resource): Use flags to indicate a + default keyring. + (keydb_locate_writable): Prefer the default keyring if possible. + + * g10.c (main): Add --default-keyring option. + +2002-11-06 David Shaw + + * options.h, g10.c (main), trustdb.c (ask_ownertrust): Add + --force-ownertrust option for debugging purposes. This allows + setting a whole keyring to a given trust during an + --update-trustdb. Not for normal use - it's just easier than + hitting "4" all the time to test a large trustdb. + + * pubkey-enc.c (get_session_key): With hidden recipients or try a + given passphrase against all secret keys rather than trying all + secret keys in turn. Don't if --try-all-secrets or --status-fd is + enabled. + + * passphrase.c (passphrase_to_dek): Mode 1 means do a regular + passphrase query, but don't prompt with the key info. + + * seckey-cert.c (do_check, check_secret_key): A negative ask count + means to enable passphrase mode 1. + + * keydb.h, getkey.c (enum_secret_keys): Add flag to include + secret-parts-missing keys (or not) in the list. + +2002-11-05 David Shaw + + * keyserver.c (keyserver_search_prompt): When --with-colons is + enabled, don't try and fit the search output to the screen size - + just dump the whole list. + +2002-11-04 David Shaw + + * keyserver.c (keyserver_search_prompt): When --with-colons is + enabled, just dump the raw keyserver protocol to stdout and don't + print the menu. + + * keyserver.c (show_prompt): Don't show a prompt when command-fd + is being used. + + * trustdb.c (trust_model_string, check_trustdb, update_trustdb, + validate_one_keyblock): It's not clear what a trustdb rebuild or + check means with a trust model other than "classic" or "openpgp", + so disallow this. + +2002-11-03 David Shaw + + * options.h, g10.c (main): Add --trust-model option. Current + models are "openpgp" which is classic+trustsigs, "classic" which + is classic only, and "always" which is the same as the current + option --always-trust (which still works). Default is "openpgp". + + * trustdb.c (validate_one_keyblock): Use "openpgp" trust model to + enable trust sigs. + + * gpgv.c (main), mainproc.c (check_sig_and_print), pkclist.c + (do_we_trust, do_we_trust_pre, check_signatures_trust): Use new + --trust-model option in place of --always-trust. + + * keyedit.c (sign_mk_attrib, trustsig_prompt, sign_uids, + keyedit_menu): Prompt for and create a trust signature with + "tsign". This is functional, but needs better UI text. + + * build-packet.c (build_sig_subpkt): Able to build trust and + regexp subpackets. + + * pkclist.c (do_edit_ownertrust): Comment. + +2002-11-02 David Shaw + + * keygen.c (set_one_pref, keygen_set_std_prefs): Allow using the + full algorithm name (CAST5, SHA1) rather than the short form (S3, + H2). + + * main.h, keygen.c (keygen_get_std_prefs), keyedit.c + (keyedit_menu): Return and use a fake uid packet rather than a + string since we already have a nice parser/printer in + keyedit.c:show_prefs. + + * main.h, misc.c (string_to_compress_algo): New. + +2002-11-01 David Shaw + + * g10.c (main): Add --no-throw-keyid. + + * keydb.h, encode.c (write_pubkey_enc_from_list), g10.c (main), + pkclist.c (build_pk_list): Add --hidden-recipient (-R) and + --hidden-encrypt-to, which do a single-user variation on + --throw-keyid. The "hide this key" flag is carried in bit 0 of + the pk_list flags field. + + * keyserver.c (parse_keyrec): Fix shadowing warning. + +2002-10-31 Stefan Bellon + + * compress.c (init_compress) [__riscos__]: Use + riscos_load_module() to load ZLib module. + + * g10.c (main) [__riscos__]: Renames due to changes in riscos.c + (e.g. prefixes all RISC OS specific functions with riscos_*). + * photoid.c (show_photos) [__riscos__]: Likewise. + * signal.c (got_fatal_signal) [__riscos__]: Likewise. + + * trustdb.c (check_regexp) [__riscos__]: Branch to RISC OS RegEx + handling. + +2002-10-31 David Shaw + + * build-packet.c (do_plaintext), encode.c (encode_sesskey, + encode_simple, encode_crypt), sign.c (write_plaintext_packet): Use + wipememory() instead of memset() to wipe sensitive memory as the + memset() might be optimized away. + +2002-10-30 David Shaw + + * trustdb.c (check_regexp): Modern regexps require REG_EXTENDED. + +2002-10-29 David Shaw + + * packet.h, trustdb.h, trustdb.c (trust_string): New. Return a + string like "fully trusted", "marginally trusted", etc. + (get_min_ownertrust): New. Return minimum ownertrust. + (update_min_ownertrust): New. Set minimum ownertrust. + (check_regexp): New. Check a regular epression against a user ID. + (ask_ownertrust): Allow specifying a minimum value. + (get_ownertrust_info): Follow the minimum ownertrust when + returning a letter. + (clear_validity): Remove minimum ownertrust when a key becomes + invalid. + (release_key_items): Release regexp along with the rest of the + info. + (validate_one_keyblock, validate_keys): Build a trust sig chain + while validating. Call check_regexp for regexps. Use the minimum + ownertrust if the user does not specify a genuine ownertrust. + + * pkclist.c (do_edit_ownertrust): Only allow user to select a + trust level greater than the minimum value. + + * parse-packet.c (can_handle_critical): Can handle critical trust + and regexp subpackets. + + * trustdb.h, trustdb.c (clear_ownertrusts), delkey.c + (do_delete_key), import.c (import_one): Rename clear_ownertrust to + clear_ownertrusts and have it clear the min_ownertrust value as + well. + + * keylist.c (list_keyblock_print): Indent uid to match pub and + sig. + + * keyedit.c (print_and_check_one_sig, show_key_and_fingerprint, + menu_addrevoker), keylist.c (list_keyblock_print, + print_fingerprint): Show "T" or the trust depth for trust + signatures, and add spaces to some strings to make room for it. + + * packet.h, parse-packet.c (dump_sig_subpkt, parse_one_sig_subpkt, + parse_signature): Parse trust signature values. + + * tdbio.h, tdbio.c (tdbio_read_record, tdbio_write_record): + Reserve a byte for the minimum ownertrust value (for use with + trust signatures). + +2002-10-29 Stefan Bellon + + * build-packet.c (calc_plaintext, do_plaintext): Removed RISC OS + specific filetype parts (it's now done in make_basename()). + + * plaintext.c (handle_plaintext): Tidied up RISC OS specific + filetype parts. + + * encode.c (encode_simple, encode_crypt): Added argument to + make_basename() call. + + * sign.c (write_plaintext_packet): Added argument to + make_basename() call. + +2002-10-28 Stefan Bellon + + * build-packet.c (calc_plaintext, do_plaintext): Added filetype + handling for RISC OS' file types. + + * plaintext.c (handle_plaintext) [__riscos__]: Added filetype + handling for RISC OS' file types. + +2002-10-23 David Shaw + + * main.h, import.c (sec_to_pub_keyblock, import_secret_one, + parse_import_options), g10.c (main): New import-option + "convert-sk-to-pk" to convert a secret key into a public key + during import. It is on by default. + +2002-10-23 Werner Koch + + * pubkey-enc.c (get_it): Fix segv, test for revoked only when PK + has been assigned. + +2002-10-18 Timo Schulz + + * keylist.c: (print_pubkey_info): New. + (print_seckey_info): New. + * main.h: Prototypes for the new functions. + * delkey.c (do_delete_key): Use it here. + * revoke.c (gen_desig_revoke): Ditto. + +2002-10-17 Werner Koch + + * pkclist.c (do_edit_ownertrust): Show all user IDs. This should + be enhanced to also show the current trust level. Suggested by + Florian Weimer. + +2002-10-17 David Shaw + + * g10.c (main): Handle --strict and --no-strict from the command + line before the options file is loaded. + +2002-10-15 David Shaw + + * g10.c (main): Disable --textmode when encrypting (symmetric or + pk) in --pgp2 mode as PGP 2 can't handle the unknown length + literal packet. Reported by Michael Richardson. + +2002-10-14 David Shaw + + * keyserver-internal.h, keyserver.c (print_keyrec, parse_keyrec, + show_prompt, keyserver_search_prompt, keyserver_spawn): Go to + version 1 of the keyserver protocol. This is a better design, + similar to --with-colons, that allows for keys with multiple user + IDs rather than using multiple keys. It also matches the machine + readable pksd format. Also use a prettier --search-keys listing + format that can fill different size windows (currently set at 24 + lines). + +2002-10-12 Werner Koch + + * keygen.c (print_status_key_created): New. + (do_generate_keypair): Use it to print the fingerprint. + (generate_subkeypair): Likewise. + +2002-10-11 David Shaw + + * keyedit.c (menu_addrevoker): Properly back out if the signature + fails. Also, do not allow appointing the same revoker twice, and + report ALREADY_SIGNED if the user tries it. + +2002-10-07 David Shaw + + * import.c (import_keys_internal): Missed one s/inp/inp2/. + + * keylist.c (print_capabilities): Properly indicate per-key + capabilities of sign&encrypt primary keys that have + secret-parts-missing (i.e. no capabilities at all) + + * mainproc.c (symkey_decrypt_sesskey): Fix compiler warning. + +2002-10-04 David Shaw + + * getkey.c (get_pubkey_direct): Don't cache keys retrieved via + this function as they may not have all their fields filled in. + + * sig-check.c (signature_check2): Use new is_primary flag to check + rather than comparing main_keyid with keyid as this still works in + the case of a not fully filled in pk. + +2002-10-04 Werner Koch + + * import.c (import_keys_internal): s/inp/inp2/ to avoid shadowing + warning. + + * passphrase.c (agent_get_passphrase): Fixed signed/unsigned char + problem in %-escaping. Noted by Ingo Klöcker. + +2002-10-03 David Shaw + + * options.h, g10.c (main): Add --strict and --no-strict to switch + the log_warning severity level from info to error. + + * keylist.c (print_capabilities): Secret-parts-missing keys should + show that fact in the capabilities, and only primary signing keys + can certify other keys. + + * packet.h, parse_packet.c (parse_key): Add is_primary flag for + public keys (it already exists for secret keys). + +2002-10-02 David Shaw + + * import.c (import_secret_one): Check for an illegal (>110) + protection cipher when importing a secret key. + + * keylist.c (list_keyblock_print): Show a '#' for a + secret-parts-missing key. + + * parse_packet.c (parse_key): Some comments. + + * revoke.c (gen_revoke): Remove some debugging code. + + * trustdb.c (verify_own_keys): Make trusted-key a non-deprecated + option again. + + * seckey-cert.c (do_check): Don't give the IDEA warning unless the + cipher in question is in fact IDEA. + +2002-10-01 David Shaw + + * import.c (import_one): Make sure that a newly imported key + starts with a clean ownertrust. + +2002-10-01 Werner Koch + + * getkey.c (get_pubkey_direct): New. + (merge_selfsigs_main): Use it here to look for an ultimately + trusted key. Using the full get_pubkey might lead to an + infinitive recursion. + +2002-09-29 David Shaw + + * keyserver.c (parse_keyserver_uri): Force the keyserver URI + scheme to lowercase to be case-insensitive. + +2002-09-28 David Shaw + + * export.c (do_export_stream): Comment. + + * sig-check.c (check_key_signature2): Properly handle a + non-designated revocation import. + +2002-09-26 Werner Koch + + * g10.c (set_homedir): New. Changed all direct assignments to use + this. + * gpgv.c (set_homedir): Ditto. + +2002-09-25 David Shaw + + * Makefile.am: Link gpg with EGDLIBS (i.e. NETLIBS) as EGD uses + sockets. Remove the old NETLIBS variable since the keyserver + stuff is no longer internal. + +2002-09-24 David Shaw + + * import.c (import_keys_stream): Fix compiler type warning. + + * keyring.c (keyring_rebuild_cache), sig-check.c + (check_key_signature2), import.c (import, chk_self_sigs): Minor + language cleanups. + +2002-09-23 Stefan Bellon + + * main.h: Introduced fast-import as import option. Removed + fast as separate option from prototypes. + * import.c (parse_import_options): Added fast-import option. + (import_*): Removed fast as separate option. + * g10.c (main): Added option fast-import, removed old fast + as separate argument. + * keyserver.c (keyserver_spawn): Removed old fast as separate + argument. + +2002-09-22 Stefan Bellon + + * import.c (import_keys, import_keys_stream, + import_keys_internal): Added trustdb update/check to key import if + not fast-import and interactive set/no-auto-check-trustdb unset. + Avoided function clone by introducing import_keys_internal. + +2002-09-19 David Shaw + + * keyserver.c (keyserver_spawn): Properly handle line truncation. + Don't leak memory (~10-20 bytes) on searches. + (keyserver_search_prompt): Cleanup. + + * keylist.c (list_keyblock_colon): Show 1F direct key signatures + in --with-colons listing. + +2002-09-16 David Shaw + + * keyedit.c (menu_addrevoker): The direct key signature for + revocation keys must be at least v4 to carry the revocation key + subpacket. Add a PGP 2.x warning for revocation keys. + +2002-09-14 David Shaw + + * g10.c (check_permissions): Rearrange strings to make translating + easier (don't incorporate string parts). + + * keyedit.c (sign_uids): Make strings translatable. + + * sig-check.c (check_key_signature2): Make string translatable. + +2002-09-13 David Shaw + + * getkey.c (check_revocation_keys): Move.... + * main.h, sig-check.c (check_revocation_keys): to here. Also + return the signature_check error code rather than 0/1 and cache + the sig result. + + * sig-check.c (check_key_signature2): Divert to + check_revocation_keys if a revocation sig is made by someone other + than the pk owner. + + * getkey.c (merge_selfsigs_main): Tidy. + +2002-09-13 Werner Koch + + * g10.c (main) [__MINGW32__]: Activate oLoadExtension. + +2002-09-12 David Shaw + + * Makefile.am, hkp.c, hkp.h, keyserver.c (keyserver_work): Remove + internal HKP support. + + * keyserver.c (keyserver_spawn): Remove whitespace after keyserver + commands. + +2002-09-10 David Shaw + + * exec.c (expand_args): Remove loop left over from earlier + implementation. + (exec_write): Missed one tick. + +2002-09-10 Werner Koch + + * g10.c, options.h: Removed option --emulate-checksum-bug. + * misc.c (checksum_u16_nobug): Removed. + (checksum_u16): Removed the bug emulation. + (checksum_mpi): Ditto. + (checksum_mpi_counted_nbits): Removed and replaced all calls + with checksum_mpi. + + * parse-packet.c (read_protected_v3_mpi): New. + (parse_key): Use it here to store it as an opaque MPI. + * seckey-cert.c (do_check): Changed the v3 unprotection to the new + why to store these keys. + (protect_secret_key): Likewise. + * build-packet.c (do_secret_key): And changed the writing. + + * tdbio.c (tdbio_set_dbname, open_db): Use new macro MY_O_BINARY + to avoid silly ifdefs. + (open_db): Fallback to RDONLY so that gpg may be used from a + RO-medium. + + * encode.c (encode_simple): Make sure we don't use an ESK packet + when we don't have a salt in the S2K. + + * misc.c (pct_expando) : Make sure that LEN is initialized. + + * exec.c (exec_finish): Use ticks to denote filenames in messages. + (make_tempdir, exec_write): Changed format of messages. + + * keyserver.c (print_keyinfo): Release USERID in on error. + (keyserver_work) [!DISABLE_KEYSERVER_HELPERS]: Exclude the unused + code. + +2002-09-09 Werner Koch + + * parse-packet.c (make_attribute_uidname): Add new ar MAX_NAMELEN + for sanity checks. Changed both callers. Limit the size of an %s. + + * options.skel: Comment lock-once out, so that this file does not + change anything when copied to a new home directory. + * openfile.c (try_make_homedir): Don't exit after copying the + option skeleton. + + * options.h: Don't use a comma when declaring variables over more + than one line. + + * mainproc.c (symkey_decrypt_sesskey): Check length of the session + key. + + * hkp.c (dehtmlize): Use ascii_tolower to protect against weird + locales. Cast the argument for isspace for the sake of broken + HP/UXes. + (parse_hkp_index): s/ascii_memcasecmp/ascii_strncasecmp/. + + * g10.c: Removed option --emulate-3des-s2k-bug. + + * passphrase.c (hash_passphrase): Was used here. + + * export.c (parse_export_options) + * keyserver.c (parse_keyserver_options) + * import.c (parse_import_options) + * g10.c (check_permissions): s/ascii_memcasecmp/ascii_strncasecmp/. + +2002-09-09 David Shaw + + * g10.c (add_group): Use '=' to separate group name from group + members. Use a better error message for when no = is found. + + * hkp.c (hkp_export): Use CRLF in headers. + +2002-09-03 David Shaw + + * mainproc.c (print_pkenc_list): Don't increment the error counter + when printing the list of keys a message was encrypted to. This + would make gpg give a non-zero exit code even for completely valid + messages if the message was encrypted to more than one key that + the user owned. + +2002-09-02 Werner Koch + + * g10.c (main): Try to set a default character set. Print the + used one in verbosity level 3. + * gpgv.c (main): Try to set a default character set. + + * status.c, status.h (STATUS_IMPORT_OK): New. + * import.c (import_one,import_secret_one): Print new status. + +2002-08-30 David Shaw + + * pkclist.c (build_pk_list): Add new status code to indicate an + untrusted user. This (or a disabled key) fail with "unavailable + pubkey" (G10ERR_UNU_PUBKEY). + + * pkclist.c (build_pk_list): Fail if any recipient keys are + unusable. + + * options.skel: The PGP LDAP keyserver is back. Use MIT keyserver + as a sample rather than cryptnet as cryptnet does not support + searching yet. + + * keyedit.c (show_key_with_all_names): Fix error message + (preferences are userid/selfsig and not key specific). + +2002-08-30 Werner Koch + + * pkclist.c (do_we_trust_pre): Changed the wording of a warning. + + * encode.c (encode_simple,encode_crypt): Use new style CTB for + compressssed packets when using MDC. We need to do this so that + concatenated messages are properly decrypted. Old style + compression assumes that it is the last packet; given that we + can't determine the length in advance, the uncompressor does not + know where to start. Actually we should use the new CTB always + but this would break PGP 2 compatibility. + + * parse-packet.c (parse): Special treatment for new style CTB + compressed packets. + + * build-packet.c (do_mdc): Removed. Was not used. + (do_encrypted_mdc): Count in the version number and the MDC packet. + +2002-08-28 David Shaw + + * sig-check.c (do_check_messages, do_check): Show keyid in error + messages. + + * keyserver.c (print_keyinfo): More readable key listings for + --search-keys responses. + +2002-08-26 David Shaw + + * hkp.c (parse_hkp_index, dehtmlize): Move HTML functionality into + new "dehtmlize" function. Remove HTML before trying to parse each + line from the keyserver. If the keyserver provides key type + information in the listing, use it. + +2002-08-23 David Shaw + + * sig-check.c (do_check, do_check_messages): Emit the usual sig + warnings even for cached sigs. This also serves to protect + against missing a sig expiring while cached. + + * getkey.c (merge_selfsigs_main): Don't check UID self-sigs twice. + +2002-08-22 David Shaw + + * import.c (clean_subkeys, chk_self_sigs): Merge clean_subkeys + into chk_self_sigs. This improves efficiency as the same + signatures are not checked multiple times. Clarify when a subkey + is revoked (any revocation signature, even if it is dated before + the binding signature). + + * getkey.c (merge_selfsigs_subkey): Subkey revocation comments. + + * keylist.c (list_one): Stats are only for public key listings. + + * g10.c (main), options.skel: Default should be include-revoked + for keyserver operations. + +2002-08-21 Werner Koch + + * import.c (import_print_stats): Print new non_imported counter + which is currently not used because we terminate on errors. + +2002-08-20 David Shaw + + * options.skel: Document no-include-attributes for + keyserver-options. + + * keylist.c, keyedit.c, keyserver.c, sign.c: Some TODOs and + comments. + + * export.c (do_export_stream): Fix noop bug in exporting sensitive + revocation keys. + + * pkclist.c (do_edit_ownertrust): Comment out the option for + showing trust paths until it can be implemented. + +2002-08-19 Werner Koch + + * getkey.c (get_user_id_native): Renamed to .. + (get_user_id_printable): this. Filter out all dangerous + characters. Checked all usages. + (get_user_id_string_native): Renamed to.. + (get_user_id_string_printable): this. Filter out all dangerous + characters. Checked all usages. + * keyedit.c (show_basic_key_info): New. + * keylist.c (print_fingerprint): New mode 3. + * import.c (import_one): Use new function to display the user ID. + +2002-08-16 Timo Schulz + + * g10.c (main): Enable opt.interactive. + + * import.c (import_one): Ask the user if the key shall be + imported when the interactive mode is used. Useful to extract + selected keys from a file. + +2002-08-16 Werner Koch + + * seckey-cert.c: Workaround to allow decryption of v3 keys created + with a bug in the mpi_get_secure_buffer. + +2002-08-14 David Shaw + + * hkp.c (parse_hkp_index): Properly handle really large keys + (5 digit key length) in HKP searches. + +2002-08-13 David Shaw + + * encode.c (encode_simple): Fix problem with using compression + algo 2 and symmetric compressed files. + + * encode.c (encode_simple, encode_crypt): If we are not using a + MDC, compress even if a file is already compressed. This is to + help against the chosen ciphertext attack. + + * pkclist.c (select_algo_from_prefs): Fix requested algorithm bug + so the request succeeds even if the requested algorithm is not the + first found. + + * cipher.c (write_header), encode.c (use_mdc, encode_simple, + encode_crypt, encrypt_filter), g10.c (main): Be more eager to use + a MDC. We use a MDC if the keys directly support it, if the keys + list AES (any) or TWOFISH anywhere in the prefs, or if the cipher + chosen does not have a 64 bit blocksize. + +2002-08-08 David Shaw + + * options.skel: Some language tweaks, and remove the + load-extension section for random gatherers. + + * keyring.c (create_tmp_file, rename_tmp_file): Create tmp files + with user-only permissions, but restore the original permissions + if the user has something special set. + + * openfile.c (copy_options_file): Create new options file + (gpg.conf) with user-only permissions. + + * keydb.c (keydb_add_resource): Create new keyrings with user-only + permissions. + + * tdbio.c (tdbio_set_dbname): Create new trustdbs with user-only + permissions. + +2002-08-07 David Shaw + + * sig-check.c (signature_check2): Sanity check that the md has a + context for the hash that the sig is expecting. This can happen + if a onepass sig header does not match the actual sig, and also if + the clearsign "Hash:" header is missing or does not match the + actual sig. + + * keyedit.c (menu_revsig): Properly show a uid is revoked without + restarting gpg. This is Debian bug 124219, though their supplied + patch will not do the right thing. + + * main.h, tdbio.c (tdbio_set_dbname), misc.c (removed + check_permissions), keydb.c (keydb_add_resource), g10.c (main, + check_permissions): Significant reworking of the permission check + mechanism. The new behavior is to check everything in the homedir + by checking the homedir itself. If the user wants to put + (possibly shared) keyrings outside the homedir, they are not + checked. The options file and any extension files are checked + wherever they are, as well as their enclosing directories. This + is Debian bug 147760. + +2002-08-06 Stefan Bellon + + * g10.c (main): Use of EXTSEP_S in new gpg.conf string. + * openfile.c (copy_options_file): Ditto. + +2002-08-06 David Shaw + + * options.h, g10.c (main), mainproc.c (proc_encrypted): + --ignore-mdc-error option to turn a MDC check error into a + warning. + + * encode.c (encode_crypt), g10.c (main), sign.c (sign_file, + clearsign_file): Use the same --pgpX warning string everywhere to + ease translations. + + * encode.c (write_pubkey_enc_from_list): Warn when using + --throw-keyid with --pgpX. Noted by Vedaal Nistar. + + * revoke.c (export_minimal_pk, gen_desig_revoke, gen_revoke): + Export a minimal pk along with the revocation cert when in --pgpX + mode so that PGP can import it. + +2002-08-06 Werner Koch + + * options.skel: Changed comments. + + * g10.c (main): Try to use "gpg.conf" as default option file. + * openfile.c (copy_options_file): Changed name of created file. + +2002-08-02 Werner Koch + + * Makefile.am (LDFLAGS): Removed DYNLINK_LDFLAGS. + +2002-07-30 David Shaw + + * options.h, g10.c (main), mainproc.c (proc_encrypted): Return a + decryption failed error if a MDC does not verify. Warn if a MDC + is not present (can disable via --no-mdc-warning). + + * exec.c (exec_write), g10.c (main), keyserver.c + (keyserver_spawn): Use new DISABLE_KEYSERVER_PATH rather than + FIXED_EXEC_PATH. + +2002-07-28 David Shaw + + * sig-check.c (do_check): Properly validate v4 sigs with no hashed + section at all. + +2002-07-25 Werner Koch + + * delkey.c (do_delete_key): Always allow to delete a key in batch mode + when specified by fingerprint. Suggested by Enzo Michelangeli. + +2002-07-25 David Shaw + + * keyedit.c (menu_revsig): Change "revsig" to honor selected uids + so the user can revoke sigs from particular uids only. + + * keylist.c (list_keyblock_print): Don't display expired uids in + --list-keys unless -v and not --list-sigs (just like revoked + uids). + + * exec.c, export.c, import.c, keyedit.c, keyserver.c, misc.c: + "Warning" -> "WARNING" + +2002-07-24 David Shaw + + * main.h, import.c (parse_import_options, fix_hkp_corruption, + import_one, delete_inv_parts), g10.c (main): New import-option + "repair-hkp-subkey-bug", which repairs as much as possible the HKP + mangling multiple subkeys bug. It is on by default for keyserver + receives, and off by default for regular --import. + + * main.h, import.c (import, import_one, delete_inv_parts), hkp.c + (hkp_ask_import), keyserver.c (keyserver_spawn): Use keyserver + import options when doing keyserver receives. + + * options.h, exec.h, exec.c (set_exec_path, exec_write), g10.c + (main), keyserver.c (keyserver_spawn): If the user does not use + "exec-path", completely replace $PATH with GNUPG_LIBEXECDIR before + calling the keyserver helper. If the user does use "exec-path", + append GNUPG_LIBEXECDIR after the specified path. + +2002-07-23 David Shaw + + * import.c (parse_import_options), export.c + (parse_export_options): Fix offset problem with reversed ("no-") + meanings. + + * import.c (delete_inv_parts): Discard subkey signatures (0x18 and + 0x28) if found in the userid section of the key. + + * sig-check.c (signature_check2): Signatures made by invalid + subkeys (bad/missing binding sig) are also invalid. + + * keylist.c (print_fingerprint): Show the primary as well as the + secondary key fingerprint in modes 1 & 2. + +2002-07-22 David Shaw + + * options.h, main.h, g10.c (main), import.c + (parse_import_options, delete_inv_parts), keyserver.c + (parse_keyserver_options): add new --import-options option. The + only current flag is "allow-local-sigs". + + * g10.c (main): Don't disable MDC in pgp7 mode. + + * options.h, g10.c (main), keyserver.c (parse_keyserver_options): + Remove old keyserver-option include-attributes now that there is + an export-option for the same thing. + + * options.h, main.h, export.c (parse_export_options, + do_export_stream), g10.c (main): add new --export-options option. + Current flags are "include-non-rfc", "include-local-sigs", + "include-attributes", and "include-sensitive-revkeys". + + * options.h, hkp.c (hkp_export), keyserver.c + (parse_keyserver_options, keyserver_spawn): try passing unknown + keyserver options to export options, and if successful, use them + when doing a keyserver --send-key. + + * build-packet.c (build_sig_subpkt): We do not generate + SIGSUBPKT_PRIV_VERIFY_CACHE anymore. + + * revoke.c (gen_desig_revoke): Lots more comments about including + sensitive revkeys along with the revocation sig itself. + + * keyserver.c (parse_keyserver_options): Simpler implementation + that can skip one pass over the options. + +2002-07-18 David Shaw + + * keyedit.c (keyedit_menu, menu_addrevoker): Allow specifying + "sensitive" as an argument to an addrevoker command. This sets + the 0x40 sensitive revoker flag. + + * revoke.c (gen_desig_revoke): When generating a designated + revocation, include the direct key sig that contains the + designated revoker subpacket. This allows sensitive designated + revocation subpackets to be exported. Also indicate which + revokers are sensitive in the first place. + +2002-07-17 David Shaw + + * keyedit.c (show_key_with_all_names_colon): The 0x40 class bit in + a designated revoker means "sensitive", not "local". It's + exportable under the right circumstances. + + * main.h, options.h, export.c (do_export_stream), g10.c (main), + hkp.c (hkp_export), keyserver.c (keyserver_spawn: Add a flag to + skip attribute packets and their signatures while exporting. This + is to accomodate keyservers (pksd again) that choke on attributes. + Use keyserver-option "include-attributes" to control it. This + defaults to ON (i.e. don't skip). + +2002-07-09 David Shaw + + * options.h, keyserver.c (parse_keyserver_uri, keyserver_spawn, + keyserver_work), hkp.c (hkp_ask_import, hkp_export, hkp_search): + Use a much more strict reading of RFC-2396 for the keyserver URIs. + Specifically, don't try and be smart about checking the value of + ":port" so long as it is all digits, and properly handle opaque + data (those scheme specific parts that do not start with "//"). + +2002-07-04 David Shaw + + * photoid.c (get_default_photo_command, show_photos): Honor + FIXED_PHOTO_VIEWER and DISABLE_PHOTO_VIEWER. + + * mainproc.c (check_sig_and_print): Use --show-photos to show + photos when verifying a sig made by a key with a photo. + + * keyserver.c (parse_keyserver_uri): Properly parse a URI with no + :port section and an empty file path, but with a terminating '/'. + (keyserver_work): Honor DISABLE_KEYSERVER_HELPERS. + + * hkp.c (hkp_ask_import): Display keyserver URI as a URI, but only + if verbose. + + * exec.c, g10.c: USE_EXEC_PATH -> FIXED_EXEC_PATH + +2002-07-03 David Shaw + + * exec.h, exec.c (set_exec_path, exec_write), g10.c (main): If + USE_EXEC_PATH is defined at compile time, use it to lock the + exec-path and not allow the user to change it. + +2002-07-02 David Shaw + + * options.h, g10.c (main), keyserver.c (keyserver_refresh): + Maintain and use the original keyserver URI for cosmetics rather + than trying to recreate it when needed. + + * mainproc.c (check_sig_and_print): Properly disregard expired + uids. Make sure that the first uid listed is a real uid and not + an attribute (attributes should only be listed in the "aka" + section). When there are no valid textual userids, try for an + invalid textual userid before using any attribute uid. + +2002-07-01 David Shaw + + * options.skel: Fix a few typos, clarify "group", and remove + sample photo viewers for Win32 since they are the defaults now. + + * parse-packet.c (make_attribute_uidname), keylist.c + (dump_attribs): Fix two typecast warnings. + + * packet.h, build-packet.c (build_attribute_subpkt), exec.c + (expand_args), mkdtemp.c (mkdtemp), photoid.c + (parse_image_header): Fix some signedness compiler warnings. + +2002-07-01 Werner Koch + + * photoid.c (get_default_photo_command): Also use __MINGW32__ + instead of HAVE_DOSISH_SYSTEM. + + * encode.c (encode_symmetric): Do not use the new encryption code. + +2002-06-30 Werner Koch + + * photoid.c: Use __MINGW32__ to include windows because + HAVE_DOSISH_SYSTEM is also set for OS/2 and plain DOS. Provide + constant missing in older mingw installations. + +2002-06-21 Stefan Bellon + + * g10.c [__riscos__]: Moved RISC OS specific stuff to util/riscos.c + and include/util.h. + + * gpgv.c [__riscos__]: Likewise. + +2002-06-20 David Shaw + + * keydb.h, pkclist.c (select_algo_from_prefs): Allow passing a + suggested algorithm which will be used if available. + + * encode.c (encode_crypt, encrypt_filter), sign.c (sign_file): Use + new select_algo_from_prefs feature to check if forcing an + algorithm would violate the recipient preferences. + + * photoid.c (get_default_photo_command, show_photos): Use + different default viewers on different platforms. Currently we + have Win 9x, Win NT (2k, xp), Mac OSX, RISC OS, and "everybody + else". These are #ifdefs as much as possible to avoid clutter. + + * g10.c (strusage, build_list), keyedit.c (show_prefs), main.h, + misc.c (compress_algo_to_string, check_compress_algo), pkclist.c + (algo_available), keygen.c (keygen_set_std_prefs): New + algo_to_string and check functions for compress algorithms. + +2002-06-20 Werner Koch + + * misc.c (setsysinfo): Removed a #warning for Alpha's uniligedn + trap disabling - it is quite possible that this is a debug relict. + +2002-06-20 Stefan Bellon + + * g10.c [__riscos__]: Added image file system feature. + + * gpgv.c [__riscos__]: Added image file system feature. + + * photoid.c (show_photos) [__riscos__]: Set RISC OS filetype of + photo id according to MIME type. + +2002-06-19 David Shaw + + * hkp.c (parse_hkp_index): Don't leak memory when failing out of a + bad HKP keyserver. + + * g10.c (add_notation_data): Relax slightly the rules as to what + can go into a notation name - 2440 allows "@", for example. + +2002-06-17 David Shaw + + * import.c (clean_subkeys, import_one): Only allow at most 1 + binding sig and at most 1 revocation sig on a subkey, as per + 2440:11.1. + + * hkp.c (parse_hkp_index, hkp_search): Error if the keyserver + returns an unparseable HKP response. + +2002-06-15 David Shaw + + * keyedit.c (show_key_with_all_names), keylist.c + (list_keyblock_print): Show "[expired]" before expired uids. + + * keyedit.c (show_key_with_all_names_colon), mainproc.c + (list_node), keylist.c (list_keyblock_colon): Show flag 'e' for + expired user ids. Use "uat" for user attribute packets instead of + "uid". Also use ' ' rather than the fake user id + string on attributes. + + * keygen.c (keygen_add_revkey): Remove unused code. + + * misc.c (check_permissions): Check directory permissions + properly - they are not special files. + + * pkclist.c (expand_id, expand_group, build_pk_list): When + expanding groups before building a pk list, inherit flags from the + original pre-expanded string. + + * pubkey-enc.c (is_algo_in_prefs): Don't use prefs from expired + uids. + +2002-06-14 David Shaw + + * free-packet.c (copy_signature): Properly copy a signature that + carries a revocation key on it. + + * pkclist.c (expand_id, expand_group, build_pk_list): Groups now + work properly when used in the "Enter the user ID" prompt. + +2002-06-14 David Shaw + + * keyedit.c (show_key_with_all_names): Display warning if a user + tries to show prefs on a v3 key with a v3 selfsig. + + * kbnode.c (dump_kbnode): Show if a uid is expired. + + * import.c (merge_blocks, import_revoke_cert): Show user ID + receiving a revocation certificate. + + * free-packet.c (cmp_user_ids): Properly compare attribute ids. + + * pkclist.c (expand_groups): Maintain the strlist flags while + expanding. Members of an expansion inherit their flags from the + expansion key. + + * options.h, cipher.c (write_header), g10.c (main), keygen.c + (keygen_set_std_prefs): remove the personal_mdc flag. It no + longer serves a purpose now that the personal preference lists are + split into cipher/digest/zip. + +2002-06-14 Timo Schulz + + * skclist.c (is_insecure): Implemented. + +2002-06-12 David Shaw + + * keyserver.c (keyserver_spawn): Properly handle PROGRAM responses + when they have a CRLF ending. Noted by Keith Ray. + + * keyserver.c (keyserver_spawn): Handle CRLF endings from + keyserver helpers. Also don't leak the last line worth of memory + from the keyserver response. + + * main.h, misc.c (deprecated_warning): New function to warn about + deprecated options and commands. + + * g10.c (main), keyserver-internal.h, keyserver.c + (parse_keyserver_uri): Use new deprecated function to warn about + honor-http-proxy, auto-key-retrieve, and x-broken-hkp. + +2002-06-11 David Shaw + + * Makefile.am: link gpg with NETLIBS for the built-in HKP access. + +2002-06-10 David Shaw + + * options.h, keyserver.c (keyserver_opts), g10.c (main): New + keyserver option "include-subkeys". This feature already existed, + but now can be turned off. It defaults to on. + + * options.h, keyserver.c (parse_keyserver_options, + keyserver_spawn): There are now enough options to justify making a + structure for the keyserver options rather than a page of + if-then-else-if-then-etc. + + * getkey.c (merge_keys_and_selfsig, merge_selfsigs_main): Fix bug + in calculating key expiration dates. + +2002-06-09 David Shaw + + * keydb.h, getkey.c (get_user_id_native), import.c (import_one): + Display user ID while importing a key. Note this applies to both + --import and keyserver --recv-keys. + + * exec.c (exec_finish): Log unnatural exit (core dump, killed + manually, etc) for fork/exec/pipe child processes. + +2002-06-08 Timo Schulz + + * encode.c (encode_symmetric): Disable the compat flag + when the expert mode is enabled. + +2002-06-07 David Shaw + + * options.skel, options.h, main.h, keydb.h, pkclist.c + (build_pk_list, expand_groups), g10.c (main, add_group): Add new + "group" command to allow one name to expand into multiple keys. + For simplicity, and to avoid potential loops, we only expand once + - you can't make an alias that points to an alias. + + * main.h, g10.c (main), keygen.c (build_personal_digest_list): + Simplify the default digest list - there is really no need for the + other hashes since they will never be used after SHA-1 in the + list. + + * options.skel, options.h, g10.c (main), hkp.c (hkp_ask_import, + hkp_export, hkp_search), keyserver.c (parse_keyserver_options, + parse_keyserver_uri, keyserver_work, keyserver_refresh): Make the + "x-broken-hkp" keyserver scheme into keyserver-option + "broken-http-proxy". Move honor_http_proxy into + keyserver_options. Canonicalize the three variations of "hkp", + "x-hkp", and "x-broken-hkp" into "hkp". + +2002-06-07 Stefan Bellon + + * g10.c [__riscos__]: Added --attribute-file to do the same as + --attribute-fd, but with a filename not a fd as argument. + Added magic symbol for RISC OS to use different memory management. + + * gpgv.c [__riscos__]: Added magic symbol for RISC OS to use + different memory management. + +2002-06-06 David Shaw + + * main.h, g10.c (main), keygen.c (build_personal_digest_list): Put + in a default digest preference list consisting of SHA-1, followed + by every other installed digest except MD5. Note this is the same + as having no digest preference at all except for SHA-1 being + favored. + + * options.h, g10.c (main), keygen.c (keygen_set_std_prefs), + pkclist.c (select_algo_from_prefs): Split + --personal-preference-list into three: + --personal-{cipher|digest|compress}-preferences. This allows a + user to set one without affecting another (i.e. setting only a + digest pref doesn't imply an empty cipher pref). + + * exec.c (exec_read): This is a safer way of guessing the return + value of system(). Noted by Stefan Bellon. + +2002-06-05 David Shaw + + * hkp.c (parse_hkp_index): Be more robust with keyservers + returning very unparseable responses. + + * exec.c (exec_read): Catch and display an error when the remote + process exits unnaturally (i.e. segfault) so the user knows what + happened. Also fix exec_write stub which has a different number + of arguments now. + +2002-06-05 Timo Schulz + + * encode.c (encode_simple): Ignore the new mode for RFC1991. + * mainproc.c (symkey_decrypt_sesskey): Better check for weird + keysizes. + +2002-06-05 Timo Schulz + + * encode.c (encode_sesskey): New. + (encode_simple): Use it here. But by default we use the compat + mode which supress to generate encrypted session keys. + +2002-06-05 Timo Schulz + + * mainproc.c (symkey_decrypt_sesskey): New. + (proc_symkey_enc): Support for encrypted session keys. + +2002-06-04 David Shaw + + * sign.c (hash_for, sign_file): When encrypting and signing at the + same time, consult the various hash prefs to pick a hash algorithm + to use. Pass in a 160-bit hint if any of the signing keys are + DSA. + + * keydb.h, pkclist.c (select_algo_from_prefs, algo_available): + Pass a "hints" opaque pointer in to let the caller give hints as + to what algorithms would be acceptable. The only current hint is + for PREFTYPE_HASH to require a 160-bit hash for DSA. Change all + callers in encode.c (encode_crypt, encrypt_filter) and sign.c + (sign_file). If we settle on MD5 as the best algorithm based + solely on recepient keys and SHA1 is also a possibility, use SHA1 + unless the user intentionally chose MD5. This is as per 2440:13. + + * exec.c (make_tempdir): Fix duplicated filename problem. + +2002-06-03 David Shaw + + * packet.h, parse-packet.c (enum_sig_subpkt): Report back from + enum_sig_subpkt when a subpacket is critical and change all + callers in keylist.c (show_policy_url, show_notation), mainproc.c + (print_notation_data), and pkclist.c (do_show_revocation_reason). + + * keylist.c (show_policy_url, show_notation): Display if the + policy or notation is critical. + +2002-06-03 David Shaw + + * main.h, g10.c (main), keylist.c (dump_attribs, set_attrib_fd, + list_keyblock_print, list_keyblock_colon), status.h, status.c + (get_status_string): New --attribute-fd feature to dump the + contents of attribute subpackets for frontends. If --status-fd is + also used, then a new status tag ATTRIBUTE is provided for each + subpacket. + + * packet.h, getkey.c (fixup_uidnode, merge_selfsigs_main, + merge_selfsigs_subkey), parse-packet.c (setup_user_id): Keep track + of the expiration time of a user ID, and while we're at it, use + the expired flag from the selfsig rather than reparsing the + SIG_EXPIRE subpacket. + + * photoid.c (generate_photo_id): When adding a new photo ID, + showing the photo for confirmation is not safe when noninteractive + since the "user" may not be able to dismiss a viewer window. + Noted by Timo Schulz. + +2002-06-03 David Shaw + + * options.skel: Sample photo viewers for Win32. + + * misc.c (pct_expando): Use the seckey for %k/%K if the pubkey is + not available. + + * photoid.h, photoid.c (show_photos): Include the seckey in case a + user tries to view a photo on a secret key, and change all callers + in keyedit.c (menu_showphoto), keylist.c (list_keyblock_print), + and photoid.c (generate_photo_id). + +2002-06-02 David Shaw + + * photoid.c (show_photos): Work properly when not called with a + public key. + +2002-05-31 David Shaw + + * sign.c (mk_notation_and_policy): Free unneeded buffer. + + * hkp.c (parse_hkp_index): Properly handle the '&' character + (i.e. "&") in HKP responses. + + * getkey.c (merge_selfsigs_main): Fix reversed expiration time + check with self-sigs. + + * keyedit.c (sign_uids): When making a new self-sig on a v3 key, + make a v3 self-sig unless it is currently a v3 self-sig being + promoted to v4. + +2002-05-31 Timo Schulz + + * pkclist.c (do_show_revocation_reason): Don't use capital + letters for non-interactive output. + (show_revocation_reason): Now it is global. + * pubkey-enc.c (get_it): Show if the key has been revoked. + +2002-05-30 David Shaw + + * sign.c (write_signature_packets, sign_file, clearsign_file, + sign_symencrypt_file): Make a v4 signature if a policy URL or + notation is set, unless v3 sigs are forced via rfc1991 or + force-v3-sigs. Also remove some doubled code and clarify an error + message (we don't sign in PGP2 mode - just detach-sign). + + * parse-packet.c (parse_one_sig_subpkt): Add KS_FLAGS to the "any + size" section. + +2002-05-29 David Shaw + + * keygen.c (keygen_set_std_prefs, add_feature_mdc): Use "mdc" and + "no-mdc" in the prefs string to allow switching on and off the MDC + feature. This is needed to properly export a key from GnuPG for + use on PGP which does not support MDC - without this, MDC-capable + implementations will still try and generate MDCs which will break + PGP. + + * keygen.c (keygen_get_std_prefs): Show "[mdc]" in prefs string if + it is enabled. + + * options.h, g10.c (main), cipher.c (write_header), keygen.c + (keygen_set_std_prefs): For consistency, allow the user to specify + mdc/no-mdc in the --personal-preference-list. If disabled, it + acts just like --disable-mdc. + +2002-05-29 David Shaw + + * options.h, exec.c: Add some debugging info, using the 1024 debug + flag. + + * exec.c (win_system): New system()-like function for win32 that + does not return until the child process terminates. Of course, + this doesn't help if the process itself exits before it is + finished. + +2002-05-29 Werner Koch + + * encode.c (encode_simple): Intialize PKT when --no-literal is used. + + * keyedit.c (show_key_with_all_names_colon): Renamed the record + for revocation keys to "rvk". + +2002-05-27 Werner Koch + + * keyedit.c (show_key_with_all_names_colon): New. + (show_key_with_all_names): Divert to new function when required. + Sanitize printing of revoker name. + +2002-05-27 David Shaw + + * build-packet.c (build_sig_subpkt): Handle setting sig flags for + certain subpacket types (notation, policy url, exportable, + revocable). keyedit.c (sign_mk_attrib): Flags no longer need to + be set here. + + * packet.h, parse-packet.c (parse_one_sig_subpkt), build-packet.c + (build_sig_subpkt): Call parse_one_sig_subpkt to sanity check + buffer lengths before building a sig subpacket. + +2002-05-26 David Shaw + + * sign.c (mk_notation_and_policy): Include secret key to enable %s + expandos, and pass notations through pct_expando as well. + + * main.h, misc.c (pct_expando): Add %s and %S expandos for + signer's keyid. + +2002-05-25 David Shaw + + * g10.c (strusage, build_list): Add compress algorithms to + --version list. Show algorithm numbers when --verbose --version + is done. + +2002-05-22 David Shaw + + * options.h, main.h, keygen.c (keygen_set_set_prefs, + keygen_get_std_prefs, keygen_upd_std_prefs), keyedit.c + (keyedit_menu), g10.c (main), pkclist.c (select_algo_from_prefs): + Add --personal-preference-list which allows the user to factor in + their own preferred algorithms when the preference lists are + consulted. Obviously, this does not let the user violate a + recepient's preferences (and the RFC) - this only influences the + ranking of the agreed-on (and available) algorithms from the + recepients. Suggested by David Hollenberg. + + * options.h, keygen.c (keygen_set_std_prefs), g10.c (main): Rename + --preference-list to --default-preference-list (as that is what it + really is), and make it a true default in that if the user selects + "default" they get this list and not the compiled-in list. + +2002-05-22 Werner Koch + + * g10.c (main): Add missing LF in a info printout and made it + translatable. Noted by Michael Tokarev. + +2002-05-21 Werner Koch + + * g10.c (main): Removed the undef of USE_SHM_COPROCESSING which + was erroneously introduced on 2002-01-09. + + * signal.c (got_fatal_signal): Don't write the Nul to stderr. + Reported by David Hollenberg. + +2002-05-18 David Shaw + + * main.h, g10.c (main), revoke.c (gen_desig_revoke): Generate a + designated revocation via --desig-revoke + + * keyedit.c (keyedit_menu, menu_addrevoker): New "addrevoker" + command to add a designated revoker to a key. + +2002-05-17 David Shaw + + * gpgv.c: Add stub for get_ownertrust(). + + * g10.c (main): --allow-freeform-uid should be implied by + OpenPGP. Add --no-allow-freeform-uid. + + * keyedit.c (sign_uids): Issue a warning when signing a + non-selfsigned uid. + + * getkey.c (merge_selfsigs_main): If a key has no selfsigs, and + allow-non-selfsigned-uid is not set, still try and make the key + valid by checking all uids for a signature from an ultimately + trusted key. + +2002-05-16 David Shaw + + * main.h, keygen.c (keygen_add_revkey): Add revocation key + subpackets to a signature (callable by + make_keysig_packet). (write_direct_sig): Write a 1F direct key + signature. (parse_revocation_key): Parse a string in + algo:fpr:sensitive format into a revocation + key. (get_parameter_revkey, do_generate_keypair): Call above + functions when prompted from a batch key generation file. + + * build-packet.c (build_sig_subpkt): Allow multiple revocation key + subpackets in a single sig. + + * keydb.h, getkey.c (get_seckey_byfprint): Same as + get_pubkey_byfprint, except for secret keys. We only know the + fingerprint of a revocation key, so this is needed to retrieve the + secret key needed to issue a revokation. + + * packet.h, parse-packet.c (parse_signature, parse_revkeys): Split + revkey parsing off into a new function that can be used to reparse + after manipulating the revkey list. + + * sign.c (make_keysig_packet): Ability to make 1F direct key + signatures. + +2002-05-15 David Shaw + + * options.skel: keyserver.pgp.com is gone, so list pgp.surfnet.nl + as a sample LDAP server instead. + + * getkey.c (merge_selfsigs_main): Properly handle multiple + revocation keys in a single packet. Properly handle revocation + keys that are in out-of-order packets. Remove duplicates in + revocation key list. + +2002-05-14 Timo Schulz + + * exec.c (make_tempdir) [MINGW32]: Added missing '\'. + +2002-05-14 Stefan Bellon + + * exec.c (make_tempdir): Make use of EXTSEP_S instead of hardcoded + dot as extension separator. + +2002-05-13 David Shaw + + * photoid.c (show_photos): Use the long keyid as the filename for + the photo. Use the short keyid as the filename on 8.3 systems. + + * exec.h, exec.c (make_tempdir, exec_write, exec_finish): Allow + caller to specify filename. This should make things easier on + windows and macs where the file extension is required, but a whole + filename is even better. + + * keyedit.c (show_key_with_all_names, show_prefs): Show proper + prefs for a v4 key uid with no selfsig at all. + + * misc.c (check_permissions): Don't check permissions on + non-normal files (pipes, character devices, etc.) + +2002-05-11 Werner Koch + + * mainproc.c (proc_symkey_enc): Avoid segv in case the parser + encountered an invalid packet. + + * keyserver.c (keyserver_export): Get confirmation before sending + all keys. + +2002-05-10 Stefan Bellon + + * g10.c, hkp.c, keyedit.c, keyserver.c: Replaced all occurrances + of strcasecmp with ascii_strcasecmp and all occurrances of + strncasecmp with ascii_memcasecmp. + +2002-05-10 David Shaw + + * packet.h, getkey.c (fixup_uidnode), keyedit.c (show_prefs): Show + assumed prefs for hash and compression as well as the cipher pref. + Show assumed prefs if there are no prefs at all on a v4 + self-signed key. + + * options.h, g10.c (main), sign.c (make_keysig_packet): New + --cert-digest-algo function to override the default key signing + hash algorithm. + +2002-05-09 David Shaw + + * getkey.c (merge_selfsigs_main): Make sure the revocation key + list starts clean as this function may be called more than once + (e.g. from functions in --edit). + + * g10.c, encode.c (encode_crypt), sign.c (sign_file, + sign_symencrypt_file): Make --compress-algo work like the + documentation says. It should be like --cipher-algo and + --digest-algo in that it can override the preferences calculation + and impose the setting the user wants. No --compress-algo setting + allows the usual preferences calculation to take place. + + * main.h, compress.c (compress_filter): use new + DEFAULT_COMPRESS_ALGO define, and add a sanity check for compress + algo value. + +2002-05-08 David Shaw + + * pkclist.c (select_algo_from_prefs): There is an assumed + compression preference for uncompressed data. + +2002-05-07 David Shaw + + * options.h, g10.c (main), getkey.c (finish_lookup), pkclist.c + (algo_available): --pgp7, identical to --pgp6 except that it + permits a few algorithms that PGP 7 added: AES128, AES192, AES256, + and TWOFISH. Any more of these --pgpX flags, and it'll be time to + start looking at a generic --emulate-pgp X option. + + * export.c (do_export_stream): Warn the user when exporting a + secret key if it or any of its secret subkeys are protected with + SHA1 while simple_sk_checksum is set. + + * parse-packet.c (parse_key): Show when the SHA1 protection is + used in --list-packets. + + * options.h, build-packet.c (do_comment), g10.c (main): Rename + --no-comment as --sk-comments/--no-sk-comments (--no-comment still + works) and make the default be --no-sk-comments. + +2002-05-07 Werner Koch + + * keygen.c (get_parameter_algo): Never allow generation of the + deprecated RSA-E or RSA-S flavors of PGP RSA. + (ask_algo): Allow generation of RSA sign and encrypt in expert + mode. Don't allow ElGamal S+E unless in expert mode. + * helptext.c: Added entry keygen.algo.rsa_se. + +2002-05-07 David Shaw + + * keyedit.c (sign_uids): If --expert is set, allow re-signing a + uid to promote a v3 self-sig to a v4 one. This essentially + deletes the old v3 self-sig and replaces it with a v4 one. + + * packet.h, parse-packet.c (parse_key), getkey.c + (merge_keys_and_selfsig, merge_selfsigs_main): a v3 key with a v4 + self-sig must never let the v4 self-sig express a key expiration + time that extends beyond the original v3 expiration time. + +2002-05-06 David Shaw + + * keyedit.c (sign_uids): When making a self-signature via "sign" + don't ask about sig level or expiration, and include the usual + preferences and such for v4 self-sigs. (menu_set_preferences): + Convert uids from UTF8 to native before printing. + + * keyedit.c (sign_uids): Convert uids from UTF8 to native before + printing. (menu_set_primary_uid): Show error if the user tries to + make a uid with a v3 self-sig primary. + +2002-05-05 David Shaw + + * import.c (import_one): When merging with a key we already have, + don't let a key conflict (same keyid but different key) stop the + import: just skip the bad key and continue. + + * exec.c (make_tempdir): Under Win32, don't try environment + variables for temp directories - GetTempDir tries environment + variables internally, and it's better not to second-guess it in + case MS adds some sort of temp dir handling to Windows at some + point. + +2002-05-05 Timo Schulz + + * mainproc.c (proc_symkey_enc): Don't ask for a passphrase + in the list only mode. + +2002-05-05 David Shaw + + * keyserver.c (keyserver_refresh): --refresh-keys implies + --merge-only so as not to import keys with keyids that match the + ones being refreshed. Noted by Florian Weimer. + +2002-05-04 Stefan Bellon + + * free-packet.c (copy_public_key): Don't call m_alloc(0), therefore + added consistency check for revkey and numrefkeys. + + * getkey.c (check_revocation_keys): Added consistency check for + revkey and numrefkeys. + + * keyedit.c (show_key_with_all_names): Likewise. + +2002-05-03 David Shaw + + * photoid.c: Provide default image viewer for Win32. + + * misc.c (pct_expando): %t means extension, not name ("jpg", not + "jpeg"). + + * keyserver.c (keyserver_spawn), photoid.c (show_photos), exec.h, + exec.c: Allow the caller to determine the temp file extension when + starting an exec_write and change all callers. + + * keyedit.c (sign_uids): Nonrevocable key signatures cause an + automatic promotion to v4. + + * exec.c: Provide stubs for exec_ functions when NO_EXEC is + defined. + +2002-05-02 David Shaw + + * photoid.h, photoid.c (parse_image_header, image_type_to_string): + Useful functions to return data about an image. + + * packet.h, parse-packet.c (make_attribute_uidname, + parse_attribute_subpkts, parse_attribute), photoid.h, photoid.c + (show_photos): Handle multiple images in a single attribute + packet. + + * main.h, misc.c (pct_expando), sign.c (mk_notation_and_policy), + photoid.c (show_photos): Simpler expando code that does not + require using compile-time string sizes. Call + image_type_to_string to get image strings (i.e. "jpg", + "image/jpeg"). Change all callers. + + * keyedit.c (menu_showphoto), keylist.c (list_keyblock_print): + Allow viewing multiple images within a single attribute packet. + + * gpgv.c: Various stubs for link happiness. + +2002-05-02 David Shaw + + * build-packet.c (build_sig_subpkt), keyedit.c (sign_uids), + options.h, sign.c (mk_notation_and_policy), g10.c (main, + add_notation_data, add_policy_url (new), check_policy_url + (removed)): Allow multiple policy URLs on a given signature. + Split "--notation-data" into "--cert-notation" and + "--sig-notation" so the user can set different policies for key + and data signing. For backwards compatibility, "--notation-data" + sets both, as before. + +2002-05-02 Werner Koch + + * options.skel: Removed the comment on trusted-keys because this + option is now deprecated. + +2002-05-01 David Shaw + + * keyedit.c (menu_adduid): 2440bis04 says that multiple attribute + packets on a given key are legal. + + * keyserver.c (keyserver_refresh): the fake v3 keyid hack applies + to "mailto" URLs as well since they are also served by pksd. + +2002-04-29 Werner Koch + + Added a copyright year for files changed this year. + +2002-04-25 Werner Koch + + * g10.c, options.h: New options --display, --ttyname, --ttytype, + --lc-ctype, --lc-messages to be used with future versions of the + gpg-agent. + * passphrase.c (agent_send_option,agent_send_all_options): New. + (agent_open): Send options to the agent. + + * trustdb.c (update_ownertrust, clear_ownertrust): Do an explicit + do_sync because revalidation_mark does it only if when the + timestamp actually changes. + +2002-04-23 David Shaw + + * main.h, keygen.c (do_generate_keypair), keylist.c + (print_signature_stats, list_all, list_one, list_keyblock, + list_keyblock_print, list_keyblock_colon): After generating a new + key, show the key information (name, keyid, fingerprint, etc.) + Also do not print uncheckable signatures (missing key..) in + --check-sigs. Print statistics (N missing keys, etc.) after + --check-sigs. + + * keyedit.c (sign_uids): When signing a key with an expiration + date on it, the "Do you want your signature to expire at the same + time?" question should default to YES. + +2002-04-22 David Shaw + + * parse-packet.c (parse_plaintext), packet.h, plaintext.c + (handle_plaintext): Fix bug in handling literal packets with + zero-length data (no data was being confused with partial body + length). + + * misc.c (pct_expando), options.skel: %t means extension ("jpg"). + %T means MIME type ("image/jpeg"). + + * import.c (import_one): Only trigger trust update if the keyring + is actually changed. + + * export.c (do_export_stream): Missing a m_free. + +2002-04-22 Stefan Bellon + + * keyid.c (expirestr_from_sk, expirestr_from_sig): Added _() to + string constant. + + * exec.c (make_tempdir) [__riscos__]: Better placement of + temporary file. + +2002-04-20 David Shaw + + * keygen.c (generate_subkeypair): 2440bis04 adds that creating + subkeys on v3 keys is a MUST NOT. + + * getkey.c (finish_lookup): The --pgp6 "use the primary key" + behavior should only apply while data signing and not encryption. + Noted by Roger Sondermann. + +2002-04-19 Werner Koch + + * keygen.c (keygen_set_std_prefs): Put back 3DES because the RFC + says it is good form to do so. + +2002-04-19 David Shaw + + * keyedit.c (menu_deluid): Only cause a trust update if we delete + a non-revoked user id. + + * hkp.c (hkp_ask_import), keyserver.c (parse_keyserver_options, + keyserver_spawn), options.h: Remove fast-import keyserver option + (no longer meaningful). + + * g10.c (main), keyedit.c (sign_uids), options.h: Change + --default-check-level to --default-cert-check-level as it makes + clear what it operates on. + + * g10.c (main): --pgp6 also implies --no-ask-sig-expire. + + * delkey.c (do_delete_key): Comment. + + * keyedit.c (sign_uids, keyedit_menu, menu_deluid, menu_delsig, + menu_expire, menu_revsig, menu_revkey): Only force a trustdb check + if we did something that changes it. + + * g10.c: add "--auto-check-trustdb" to override a + "--no-auto-check-trustdb" + +2002-04-19 Werner Koch + + * tdbio.c (tdbio_write_nextcheck): Return a status whether the + stamp was actually changed. + * trustdb.c (revalidation_mark): Sync the changes. Removed the + sync operation done by its callers. + (get_validity): Add logic for maintaining a pending_check flag. + (clear_ownertrust): New. + + * keyedit.c (sign_uids): Don't call revalidation_mark depending on + primary_pk. + (keyedit_menu): Call revalidation_mark after "trust". + (show_key_with_all_names): Print a warning on the wrong listed key + validity. + + * delkey.c (do_delete_key): Clear the owenertrust information when + deleting a public key. + +2002-04-18 Werner Koch + + * seskey.c (encode_md_value): Print an error message if a wrong + digest algorithm is used with DSA. Changed all callers to cope + with a NULL return. Problem noted by Imad R. Faiad. + +2002-04-18 David Shaw + + * trustdb.c (mark_usable_uid_certs): Properly handle nonrevocable + signatures that can expire. In short, the only thing that can + override an unexpired nonrevocable signature is another unexpired + nonrevocable signature. + + * getkey.c (finish_lookup): Always use primary signing key for + signatures when --pgp6 is on since pgp6 and 7 do not understand + signatures made by signing subkeys. + +2002-04-18 Werner Koch + + * trustdb.c (validate_keys): Never schedule a nextcheck into the + past. + (validate_key_list): New arg curtime use it to set next_expire. + (validate_one_keyblock): Take the current time from the caller. + (clear_validity, reset_unconnected_keys): New. + (validate_keys): Reset all unconnected keys. + + * getkey.c (premerge_public_with_secret): Fixed 0x12345678! syntax + for use with secret keys. + (lookup): Advance the searchmode after a search FIRST. + + * seckey-cert.c (do_check): Always calculate the old checksum for + use after unprotection. + + * g10.c, options.skel: New option --no-escape-from. Made + --escape-from and --force-v3-sigs the default and removed them + from the options skeleton. + +2002-04-16 Werner Koch + + * parse-packet.c (parse_key): Support a SHA1 checksum as per + draft-rfc2440-bis04. + * packet.h (PKT_secret_key): Add field sha1chk. + * seckey-cert.c (do_check): Check the SHA1 checksum + (protect_secret_key): And create it. + * build-packet.c (do_secret_key): Mark it as sha-1 protected. + * g10.c, options.h: New option --simple-sk-checksum. + +2002-04-13 David Shaw + + * parse-packet.c (parse_signature): Minor fix - signatures should + expire at their expiration time and not one second later. + + * keygen.c (proc_parameter_file): Allow specifying preferences + string (i.e. "s5 s2 z1 z2", etc) in a batchmode key generation + file. + + * keyedit.c (keyedit_menu): Print standard error message when + signing a revoked key (no new translation). + + * getkey.c (merge_selfsigs): Get the default set of key prefs from + the real (not attribute) primary uid. + +2002-04-12 David Shaw + + * pkclist.c (build_pk_list): Fix bug that allowed a key to be + selected twice in batch mode if one instance was the default + recipient and the other was an encrypt-to. Noted by Stefan + Bellon. + + * parse-packet.c (dump_sig_subpkt): Show data in trust and regexp + sig subpackets. + + * keyedit.c (keyedit_menu): Use new function real_uids_left to + prevent deleting the last real (i.e. non-attribute) uid. Again, + according to the attribute draft. (menu_showphoto): Make another + string translatable. + +2002-04-11 David Shaw + + * build-packet.c (build_sig_subpkt): Delete subpackets from both + hashed and unhashed area on update. (find_subpkt): No longer + needed. + + * keyedit.c (sign_uids): With --pgp2 on, refuse to sign a v3 key + with a v4 signature. As usual, --expert overrides. Try to tweak + some strings to a closer match so they can all be translated in + one place. Use different helptext keys to allow different help + text for different questions. + + * keygen.c (keygen_upd_std_prefs): Remove preferences from both + hashed and unhashed areas if they are not going to be used. + +2002-04-10 David Shaw + + * misc.c (pct_expando), options.skel: Use %t to indicate type of a + photo ID (in this version, it's always "jpeg"). Also tweak string + expansion loop to minimize reallocs. + + * mainproc.c (do_check_sig): Variable type fix. + + * keyedit.c (menu_set_primary_uid): Differentiate between true + user IDs and attribute user IDs when making one of them primary. + That is, if we are making a user ID primary, we alter user IDs. + If we are making an attribute packet primary, we alter attribute + packets. This matches the language in the latest attribute packet + draft. + + * keyedit.c (sign_uids): No need for the empty string hack. + + * getkey.c (fixup_uidnode): Only accept preferences from the + hashed segment of the self-sig. + +2002-04-10 Werner Koch + + * tdbio.c (migrate_from_v2): Fixed the offset to read the old + ownertrust value and only add entries to the table if we really + have a value. + +2002-04-08 David Shaw + + * status.h, status.c (get_status_string): Add KEYEXPIRED, EXPSIG, + and EXPKEYSIG. Add "deprecated-use-keyexpired-instead" to + SIGEXPIRED. + + * sig-check.c (do_check): Start transition from SIGEXPIRED to + KEYEXPIRED, since the actual event is signature verification by an + expired key and not an expired signature. (do_signature_check, + packet.h): Rename as signature_check2, make public, and change all + callers. + + * mainproc.c (check_sig_and_print, do_check_sig): Use status + EXPSIG for an expired, but good, signature. Add the expiration + time (or 0) to the VALIDSIG status line. Use status KEYEXPSIG for + a good signature from an expired key. + + * g10.c (main): remove checks for no arguments now that argparse + does it. + +2002-04-06 Werner Koch + + * keyring.c (keyring_get_keyblock): Disable the keylist mode here. + + * encode.c (encode_simple, encode_crypt): Only test on compressed + files if a compress level was not explicity set. + + * keygen.c (keygen_set_std_prefs): Removed Blowfish and Twofish + from the list of default preferences, swapped the preferences of + RMD160 and SHA1. Don't include a preference to 3DES unless the + IDEA kludge gets used. + + * free-packet.c (free_packet): call free_encrypted also for + PKT_ENCRYPTED_MDC. + + * compress.c (release_context): New. + (handle_compressed): Allocate the context and setup a closure to + release the context. This is required because there is no + guarantee that the filter gets popped from the chain at the end + of the function. Problem noted by Timo and probably also the + cause for a couple of other reports. + (compress_filter): Use the release function if set. + + * tdbio.c [__CYGWIN32__]: Don't rename ftruncate. Noted by + Disastry. + + * parse-packet.c (parse_signature): Put parens around a bit test. + + * exec.c (make_tempdir): Double backslash for TMP directory + creation under Windows. Better strlen the DIRSEP_S constants for + allocation measurements. + + * decrypt.c (decrypt_messages): Release the passphrase aquired + by get_last_passphrase. + +2002-04-02 Werner Koch + + * Makefile.am (EXTRA_DIST): Removed OPTIONS an pubring.asc - they + are no longer of any use. + +2002-04-03 David Shaw + + * keyserver.c (parse_keyserver_options): fix auto-key-retrieve to + actually work as a keyserver-option (noted by Roger Sondermann). + + * keylist.c (reorder_keyblock): do not reorder the primary + attribute packet - the first user ID must be a genuine one. + +2002-03-31 David Shaw + + * keylist.c (list_keyblock_colon): Fix ownertrust display with + --with-colons. + + * keygen.c (generate_user_id), photoid.c (generate_photo_id): + Properly initialize the user ID refcount. A few more "y/n" -> + "y/N" in photoid.c. + + * keyedit.c (ask_revoke_sig): Warn the user if they are about to + revoke an expired sig (not a problem, but they should know). Also + tweak a few prompts to change "y/n" to "y/N", which is how most + other prompts are written. + + * keyserver.c (keyserver_search_prompt): Control-d escapes the + keyserver search prompt. + + * pkclist.c (show_revocation_reason & callers): If a subkey is + considered revoked solely because the parent key is revoked, print + the revocation reason from the parent key. + + * trustdb.c (get_validity): Allow revocation/expiration to apply + to a uid/key with no entry in the trustdb. + +2002-03-29 David Shaw + + * keyserver.c (printunquoted): unquote backslashes from keyserver + searches + + * hkp.c (write_quoted): quote backslashes from keyserver searches + +2002-03-26 Werner Koch + + * keygen.c (ask_keysize): Removed the warning for key sizes > 1536. + +2002-03-25 Werner Koch + + * keyedit.c (sign_uids): Use 2 strings and not a %s so that + translations can be done the right way. + * helptext.c: Fixed small typo. + +2002-03-23 David Shaw + + * import.c (append_uid, merge_sigs): it is okay to import + completely non-signed uids now (with --allow-non-selfsigned-uid). + + * getkey.c (get_primary_uid, merge_selfsigs_main): do not choose + an attribute packet (i.e. photo) as primary uid. This prevents + oddities like "Good signature from [image of size 2671]". This is + still not perfect (one can still select an attribute packet as + primary in --edit), but is closer to the way the draft is going. + + * g10.c (build_list): algorithms should include 110. + + * g10.c (main): --pgp2 implies --no-ask-sig-expire and + --no-ask-cert-expire as those would cause a v4 sig/cert. + + * armor.c (is_armor_header): be more lenient in what constitutes a + valid armor header (i.e. -----BEGIN blah blah-----) as some + Windows programs seem to add spaces at the end. --openpgp makes + it strict again. + +2002-03-18 David Shaw + + * keyserver.c (keyserver_search_prompt): Properly handle a "no + keys found" case from the internal HKP code (external HKP is ok). + Also, make a COUNT -1 (i.e. streamed) keyserver response a little + more efficient. + + * g10.c (main): Add --no-allow-non-selfsigned-uid + +2002-03-17 David Shaw + + * g10.c (main): --openpgp implies --allow-non-selfsigned-uid. + + * getkey.c (merge_selfsigs_main): If none of the uids are primary + (because none are valid) then pick the first to be primary (but + still invalid). This is for cosmetics in case some display needs + to print a user ID from a non-selfsigned key. Also use + --allow-non-selfsigned-uid to make such a key valid and not + --always-trust. The key is *not* automatically trusted via + --allow-non-selfsigned-uid. + + * mainproc.c (check_sig_and_print): Make sure non-selfsigned uids + print [uncertain] on verification even though one is primary now. + + * getkey.c (merge_selfsigs): If the main key is not valid, then + neither are the subkeys. + + * import.c (import_one): Allow --allow-non-selfsigned-uid to work + on completely unsigned keys. Print the uids in UTF8. Remove + mark_non_selfsigned_uids_valid(). + + * keyedit.c (show_key_with_all_names): Show revocation key as + UTF8. + + * sign.c (clearsign_file): Allow --not-dash-escaped to work with + v3 keys. + +2002-03-14 Werner Koch + + * main.h: Changed the default algorithms to CAST5 and SHA1. + +2002-03-13 David Shaw + + * import.c (chk_self_sigs): Show which user ID a bad self-sig + (invald sig or unsupported public key algorithm) resides on. + + * import.c (chk_self_sigs): any valid self-sig should mark a user + ID or subkey as valid - otherwise, an attacker could DoS the user + by inventing a bogus invalid self-signature. + +2002-03-07 David Shaw + + * g10.c (main): make a few more strings translatable. + + * options.h, options.skel, g10.c (main), gpgv.c, mainproc.c + (check_sig_and_print), keyserver.c (parse_keyserver_options): + --auto-key-retrieve should really be a keyserver-option variable. + + * import.c (revocation_present): new function to print a warning + if a key is imported that has been revoked by designated revoker, + but the designated revoker is not present to verify the + revocation. If keyserver-options auto-key-retrieve is set, try + and fetch the designated revoker from the keyserver. + + * import.c (import_one): call revocation_present after importing a + new key. Note that this applies to --import, --recv-keys, and + --search-keys. + + * keyserver-internal.h, keyserver.c (keyserver_import_fprint): + import via fingerprint (for revocation keys). + + * keyserver.c (keyserver_import_keyid): much simpler + implementation now that we're using KEYDB_SEARCH_DESC internally. + +2002-03-04 David Shaw + + * revoke.c (gen_revoke): do not prompt for revocation reason for + v3 revocations (unless force-v4-certs is on) since they wouldn't + be used anyway. + + * keyedit.c (menu_revsig): show the status of the sigs + (exportable? revocable?) to the user before prompting for which + sig to revoke. Also, make sure that local signatures get local + revocations. + + * keyedit.c (ask_revoke_sig): remind the user which sigs are + local. + + * g10.c (main): Add "exec-path" variable to override PATH for + execing programs. + + * export.c (do_export_stream): properly check return code from + classify_user_id to catch unclassifiable keys. + +2002-03-03 David Shaw + + * parse-packet.c (parse_signature): variable type tweak for RISC + OS (from Stefan) + +2002-02-28 David Shaw + + * getkey.c (check_revocation_keys): New function to check a + revocation against a list of potential revocation keys. Note the + loop-breaking code here. This is to prevent blowing up if A is + B's revocation key, while B is also A's. Note also that this is + written so that a revoked revoker can still issue revocations: + i.e. If A revokes B, but A is revoked, B is still revoked. I'm + not completely convinced this is the proper behavior, but it + matches how PGP does it. It does at least have the advantage of + much simpler code - my first version of this had lots of loop + maintaining code so you could chain revokers many levels deep and + if D was revoked, C was not, which meant that B was, and so on. + It was sort of scary, actually. + + * getkey.c (merge_selfsigs_main): Add any revocation keys onto the + pk. This is particularly interesting since we normally only get + data from the most recent 1F signature, but you need multiple 1F + sigs to properly handle revocation keys (PGP does it this way, and + a revocation key could be marked "sensitive" and hence in a + different signature). Also, if a pk has a revocation key set, + check for revocation sigs that were not made by us - if made by a + valid revocation key, mark the pk revoked. + + * packet.h, getkey.c (cache_public_key): do not cache key if + "dont_cache" is set. This allows the revocation key code to look + up a key and return information that may be inaccurate to prevent + loops without caching the fake data. + + * packet.h, sig-check.c (do_signature_check): Record if a + signature was made by a revoked pk. + + * packet.h, parse-packet.c (parse_one_sig_subpkt, + can_handle_critical, parse_signature): Get revocation key + information out of direct sigs. + + * keylist.c (list_keyblock_print): don't assume that the presence + of a 0x20 signature means the key is revoked. With revocation + keys, this may not be true if the revocation key is not around to + verify it or if verification failed. Also, 0x1F should get listed + as "sig", and not "unexpected signature class". + + * keyedit.c (show_key_with_all_names): Add a flag for printing + revoker information and change all callers. + + * import.c (merge_blocks): merge in any new direct key (0x1F) + sigs. + + * import.c (import_revoke_cert): don't keep processing after a + revocation is rejected. + + * import.c (delete_inv_parts): Allow importing a revocation + signature even if it was not issued by the key. This allows a + revocation key to issue it. Of course, the sig still needs to be + checked before we trust it. + + * free-packet.c (copy_public_key): Include a new copy of the + revocation keys when duping a pk. + + * free-packet.c (free_seckey_enc, release_public_key_parts): Free + any revocation keys that are attached to a sig or pk. + + * export.c (do_export_stream): Do not export signatures with + "sensitive" revocation keys in them. + +2002-02-27 David Shaw + + * export.c (do_export_stream): Do not include v3 keys in a + --export-secret-subkeys export. + + * getkey.c (merge_selfsigs_main): If a key isn't valid (say, + because of no self-signature), allow --always-trust to force it + valid so it can be trusted. + +2002-02-25 David Shaw + + * hkp.c (hkp_ask_import), hkp.h, keyserver.c (all): treat key + lists internally as fingerprints when possible. All this is via + KEYDB_SEARCH_DESC - no point in reinventing the wheel. This allows + the helper program to search the keyserver by fingerprint if + desired (and the keyserver supports it). Note that automatic + fingerprint promotion during refresh only applies to v4 keys as a + v4 fingerprint can be easily changed into a long or short key id, + and a v3 cannot. + + * pubkey-enc.c, getkey.c, misc.c, main.h: Take two copies of + hextobyte() from pubkey-enc.c and getkey.c and make them into one + copy in misc.c. + +2002-02-22 David Shaw + + * keyserver.c (keyserver_search_prompt): Detect a "no keys found" + case even if the helper program does not explicitly say how many + keys were found. + + * hkp.c (parse_hkp_index): Bug fix - don't report non-revoked keys + as revoked in HKP key searches. + +2002-02-19 Werner Koch + + * parse-packet.c (parse_trust): Made parsing more robust. + +2002-02-19 David Shaw + + * hkp.c (parse_hkp_index): Catch corruption in HKP index lines + (can be caused by broken or malicious keyservers). + + * keyserver.c (keyserver_work): Add KEYSERVER_NOT_SUPPORTED for + unsupported actions (say, a keyserver that has no way to search, + or a readonly keyserver that has no way to add). Also add a + USE_EXTERNAL_HKP define to disable the internal HKP keyserver + code. + +2002-02-14 Werner Koch + + * g10.c: New option --no-use-agent. + + * pkclist.c (check_signatures_trust): Always print the warning for + unknown and undefined trust. Removed the did_add cruft. Reported + by Janusz A. Urbanowicz. + +2002-02-11 David Shaw + + * hkp.c (parse_hkp_index): Bug fix - properly handle user IDs with + colons (":") in them while HKP searching. + +2002-02-09 David Shaw + + * misc.c (pct_expando): More comments. + + * keydb.h, sign.c (mk_notation_and_policy): Clarify what is a sig + and what is a cert. A sig has sigclass 0x00, 0x01, 0x02, or 0x40, + and everything else is a cert. + + * g10.c (main), keyedit.c (keyedit_menu): Add a "nrlsign" for + nonrevocable and local key signatures. + + * g10.c (main): Add a --no-force-mdc to undo --force-mdc. + + * options.h, g10.c (main), cipher.c (write_header): Add a knob to + --disable-mdc/--no-disable-mdc. Off by default, of course, but is + used in --pgp2 and --pgp6 modes. + + * pkclist.c (build_pk_list): Allow specifying multiple users in + the "Enter the user ID" loop. Enter a blank line to stop. Show + each key+id as it is added. + + * keylist.c (show_policy_url), mainproc.c (print_notation_data): + It is not illegal (though possibly silly) to have multiple policy + URLs in a given signature, so print all that are present. + + * hkp.c (hkp_search): More efficient implementation of URL-ifying + code. + +2002-02-04 David Shaw + + * main.h, misc.c (pct_expando): New function to generalize + %-expando processing in any arbitrary string. + + * photoid.c (show_photo): Call the new pct_expando function rather + than expand strings internally. + + * sign.c (mk_notation_and_policy): Show policy URLs and notations + when making a signature if show-policy/show-notation is on. + %-expand policy URLs during generation. This lets the user have + policy URLs of the form "http://notary.jabberwocky.com/keysign/%K" + which will generate a per-signature policy URL. + + * main.h, keylist.c (show_policy_url, show_notation): Add amount + to indent so the same function can be used in key listings as well + as during sig generation. Change all callers. + +2002-02-04 David Shaw + + * keyserver.c, options.h (parse_keyserver_options, keyidlist): + Workaround for the pksd and OKS keyserver bug that calculates v4 + RSA keyids as if they were v3. The workaround/hack is to fetch + both the v4 (e.g. 99242560) and v3 (e.g. 68FDDBC7) keyids. This + only happens for key refresh while using the HKP scheme and the + refresh-add-fake-v3-keyids keyserver option must be set. This + should stay off by default. + +2002-02-03 David Shaw + + * keyserver.c (keyserver_spawn): Bug fix - do not append keys to + each other when --sending more than one. + +2002-02-02 David Shaw + + * options.h, g10.c (main), keyedit.c (sign_uids), sign.c + (mk_notation_and_policy): Split "--set-policy-url" into + "--cert-policy-url" and "--sig-policy-url" so the user can set + different policies for key and data signing. For backwards + compatibility, "--set-policy-url" sets both, as before. + +2002-01-30 Werner Koch + + * g10.c (main): --gen-random --armor does now output a base64 + encoded string. + +2002-01-28 David Shaw + + * g10.c (main), options.h, pkclist.c (algo_available): --pgp6 + flag. This is not nearly as involved as --pgp2. In short, it + turns off force_mdc, turns on no_comment, escape_from, and + force_v3_sigs, and sets compression to 1. It also restricts the + user to IDEA (if present), 3DES, CAST5, MD5, SHA1, and RIPEMD160. + See the comments above algo_available() for lots of discussion on + why you would want to do this. + +2002-01-27 David Shaw + + * keygen.c (keygen_set_std_prefs): Comment + + * keyedit.c (sign_uids): Bug fix - when signing with multiple + secret keys at the same time, make sure each key gets the sigclass + prompt. + + * exec.c (exec_finish): Close the iobuf and FILE before trying to + waitpid, so the remote process will get a SIGPIPE and exit. This + is only a factor when using a pipe to communicate. + + * exec.c (exec_write): Disable cache-on-close of the fd iobuf (is + this right? Why is a fd iobuf cached at all?) + +2002-01-26 Werner Koch + + * g10.c, options.h: New option --gpg-agent-info + * passphrase.c (agent_open): Let it override the environment info. + * seckey-cert.c (check_secret_key): Always try 3 times when the + agent is enabled. + * options.skel: Describe --use-agent. + +2002-01-24 David Shaw + + * pubkey-enc.c (is_algo_in_prefs, get_it): Only check preferences + against keys with v4 self sigs - there is really little point in + warning for every single non-IDEA message encrypted to an old key. + + * pkclist.c (select_algo_from_prefs): Only put in the fake IDEA + preference if --pgp2 is on. + + * mainproc.c (check_sig_and_print): Print "Expired" for expired + but good signatures (this still prints "BAD" for expired but bad + signatures). + +2002-01-23 David Shaw + + * keygen.c (ask_keysize): Cosmetic: don't present a RSA signing + key as a "keypair" which can be 768 bits long (as RSA minimum is + 1024). + + * pubkey-enc.c (is_algo_in_prefs): Allow IDEA as a fake preference + for v3 keys with v3 selfsigs. + +2002-01-22 David Shaw + + * packet.h, getkey.c (merge_selfsigs_main), pkclist.c + (select_algo_from_prefs): Implement the fake IDEA preference as + per RFC2440:12.1. This doesn't mean that IDEA will be used (the + plugin may not be present), but it does mean that a v3 key with a + v3 selfsig has an implicit IDEA preference instead of 3DES. v3 + keys with v4 selfsigs use preferences as normal. + + * encode.c (encode_crypt): if select_algo_from_prefs fails, this + means that we could not find a cipher that both keys like. Since + all v4 keys have an implicit 3DES preference, this means there is + a v3 key with a v3 selfsig in the list. Use 3DES in this case as + it is the safest option (we know the v4 key can handle it, and + we'll just hope the v3 key is being used in an implementation that + can handle it). If --pgp2 is on, warn the user what we're doing + since it'll probably break PGP2 compatibility. + + * g10.c (main): Do not force using IDEA for encrypted files in + --pgp2 mode - let the fake IDEA preference choose this for us for + better compatibility when encrypting to multiple keys, only some + of which are v3. + + * keygen.c (keygen_set_std_prefs): Put 3DES on the end of the + default cipher pref list (RFC2440: "...it is good form to place it + there explicitly."). If the user has the IDEA plugin installed, + put a preference for IDEA *after* 3DES to effectively disable its + use for everything except encrypting along with v3 keys. + + * encode.c, g10.c, sign.c: Change the PGP2 warning line from + "... will not be usable ..." to "... may not be usable ..." as the + user could be using one of the enhanced PGP2 variations. + + * helptext.c: Revise the sign_uid.class help text as suggested by + Stefan. + +2002-01-20 Werner Koch + + * passphrase.c (passphrase_to_dek): Add tryagain_text arg to be + used with the agent. Changed all callers. + (agent_get_passphrase): Likewise and send it to the agent + * seckey-cert.c (do_check): New arg tryagain_text. + (check_secret_key): Pass the string to do_check. + * keygen.c (ask_passphrase): Set the error text is required. + * keyedit.c (change_passphrase): Ditto. + + * passphrase.c (agent_open): Disable opt.use_agent in case of a + problem with the agent. + (agent_get_passphrase): Ditto. + (passphrase_clear_cache): Ditto. + +2002-01-19 Werner Koch + + * passphrase.c (agent_open): Add support for the new Assuan based + gpg-agent. New arg to return the used protocol version. + (agent_get_passphrase): Implemented new protocol here. + (passphrase_clear_cache): Ditto. + (readline): New. + +2002-01-15 Timo Schulz + + * encode.c (encode_crypt_files): Fail if --output is used. + + * g10.c: New command --decrypt-files. + + * decrypt.c (decrypt_messages): New. + +2002-01-09 David Shaw + + * g10.c, misc.c, gpgv.c: move idea_cipher_warn to misc.c so gpgv.c + doesn't need a stub for it any longer. + + * g10.c (get_temp_dir), main.h: no longer used (it's in exec.c now) + + * g10.c (main), delkey.c (delete_keys), main.h : Allow + --delete-key (now --delete-keys, though --delete-key still works, + of course) to delete multiple keys in one go. This applies to + --delete-secret-key(s) and --delete-secret-and-public-key(s) as + well. + +2002-01-09 Timo Schulz + + * encode.c (encode_crypt_files): Now it behaves like verify_files. + + * g10.c (main): We don't need to check argc for encode_crypt_files + any longer. + +2002-01-09 Timo Schulz + + * exec.c: Include windows.h for dosish systems. + +2002-01-08 Timo Schulz + + * g10.c (main): New description for --encrypt-files. + +2002-01-08 Werner Koch + + * g10.c (main): Must register the secring for encryption because + it is needed to figure out the default recipient. Reported by + Roger Sondermann. + +2002-01-05 David Shaw + + * keyedit.c (menu_adduid): Require --expert before adding a photo + ID to a v3 key, and before adding a second photo ID to any key. + + * keyedit.c (keyedit_menu): Don't allow adding photo IDs in + rfc1991 or pgp2 mode. + + * getkey.c (merge_selfsigs_subkey): Permit v3 subkeys. Believe it + or not, this is allowed by rfc 2440, and both PGP 6 and PGP 7 work + fine with them. + + * g10.c, options.h, keyedit.c, sign.c: Move the "ask for + expiration" switch off of --expert, which was getting quite + overloaded, and onto ask-sig-expire and ask-cert-expire. Both + default to off. + + * g10.c (main): Change the default compression algo to 1, to be + more OpenPGP compliant (PGP also uses this, so it'll help with + interoperability problems as well). + + * encode.c (encode_crypt): Handle compression algo 2, since the + default is now 1. + + * build-packet.c (build_attribute_subpkt): Fix off-by-one error. + +2002-01-05 Werner Koch + + * g10.c (main): Do not register the secret keyrings for certain + commands. + + * keydb.c (keydb_add_resource): Use access to test for keyring + existence. This avoids cached opened files which are bad under + RISC OS. + +2002-01-04 David Shaw + + * sign.c (sign_file, sign_symencrypt_file): always use one-pass + packets unless rfc1991 is enabled. This allows a signature made + with a v3 key to work in PGP 6 and 7. Signatures made with v4 + keys are unchanged. + + * g10.c (main): Disallow non-detached signatures in PGP2 mode. + Move the "you must use files and not pipes" PGP2 warning up so all + the PGP2 stuff is together. + + * encode.c (encode_simple): Use the actual filesize instead of + partial length packets in the internal literal packet from a + symmetric message. This breaks PGP5(?), but fixes PGP2, 6, and 7. + It's a decent tradeoff. Note there was only an issue with + old-style RFC1991 symmetric messages. 2440-style messages in 6 + and 7 work with or without partial length packets. + +2002-01-03 David Shaw + + * g10.c (main): Removed --no-default-check-level option, as it is + not consistent with other "default" options. Plus, it is the same + as saying --default-check-level 0. + + * exec.c (exec_read): Disallow caching tempfile from child + process, as this keeps the file handle open and can cause unlink + problems on some platforms. + + * keyserver.c (keyserver_search_prompt): Minor tweak - don't + bother to transform keyids into textual form if they're just going + to be transformed back to numbers. + +2002-01-03 Timo Schulz + + * g10.c: New command --encrypt-files. + + * verify.c (print_file_status): Removed the static because + encode_crypt_files also uses this function. + + * main.h (print_files_status): New. + (encode_crypt_files): New. + + * encode.c (encode_crypt_files): New. + +2002-01-02 Stefan Bellon + + * keyserver.c: Moved util.h include down in order to avoid + redefinition problems on RISC OS. + + * keyring.c (keyring_lock): Only lock keyrings that are writable. + + * keyring.c (keyring_update_keyblock): Close unused iobuf. + + * hkp.c (parse_hkp_index, hkp_search) [__riscos__]: Changed + unsigned char* to char* because of compiler issues. + + * exec.c (exec_finish) [__riscos__]: Invalidate close cache so + that file can be unlinked. + +2001-12-28 David Shaw + + * g10.c (main): Use a different strlist to check extensions since + they need to be handled seperately now. + + * misc.c,main.h (check_permissions): Properly handle permission + and ownership checks on files in the lib directory + (e.g. /usr/local/lib/gnupg), which are owned by root and are + world-readable, and change all callers to specify extension or + per-user file. + + * photoid.c (show_photo), keyserver.c (keyserver_spawn): Bug fix - + don't call exec_finish if exec_write fails. + + * keyserver.c (keyserver_spawn): Look for OPTIONS from the + keyserver helper - specifically, a "OUTOFBAND" option for the + email keyserver. + + * mainproc.c (list_node), keylist.c (list_keyblock_colon), + import.c (delete_inv_parts), export.c (do_export_stream): Use + signature flags for exportability check rather than re-parsing the + subpacket. + + * keyid.c, keydb.h (get_lsign_letter): No longer needed. + +2001-12-27 David Shaw + + * exec.c (exec_finish): Show errors when temp files cannot be + deleted for whatever reason. + + * exec.c (exec_read): Don't rely on WEXITSTATUS being present. + + * exec.c (make_tempdir): Add temp file creator for win32. Don't + create an incoming temp file if the exec is write-only. + + * keyserver.c (keyserver_spawn): Clean up error handling, for when + the spawn fails. + + * photoid.c (show_photo): Clean up error handling. + + * misc.c (check_permissions): Neaten. + +2001-12-25 David Shaw + + * mkdtemp.c (mkdtemp): Add copyleft info and tweak the 'X' counter + to be a bit simpler. + + * keyserver.c, photoid.c: Remove unused headers left over from + when the exec functions lived there. + +2001-12-23 Timo Schulz + + * misc.c (check_permissions): Do not use it for W32 systems. + + * tdbio.c (migrate_from_v2): Define ftruncate as chsize() for W32. + + * mkdtemp.c: W32 support. + + * photoid.c: Ditto. + + * exec.c: Ditto. + +2001-12-22 David Shaw + + * exec.c (make_tempdir): avoid compiler warning with const + + * mkdtemp.c (mkdtemp): catch the empty ("") string case in case + someone repurposes mkdtemp at some point. + + * photoid.c (generate_photo_id, show_photo): some type changes + from Stefan Bellon. + + * exec.c (make_tempdir): handle Win32 systems, suggested by Timo + Schulz. + +2001-12-22 Werner Koch + + * encode.c (encode_simple, encode_crypt): i18n 2 strings. + +2001-12-22 Timo Schulz + + * encode.c (encode_simple, encode_crypt): Use is_file_compressed + to avoid to compress compressed files. + +2001-12-22 Werner Koch + + * keyserver.c (keyserver_spawn): Removed some variables + declaration due to shadowing warnings. + + * build-packet.c (build_attribute_subpkt): s/index/idx/ to avoid + compiler warnig due to index(3). + + * getkey.c (get_ctx_handle): Use KEYDB_HANDLE as return value. + * keylist.c (list_one): Made resname const. + + * keyedit.c (keyedit_menu): Allow "addphoto" only when --openpgp is + not used. + + * options.skel: Changed one example photo viewer to qiv. + +2001-12-21 David Shaw + + * Makefile.am: add exec.c, exec.h, photoid.c, and photoid.h + + * build-packet.c (build_attribute_subpkt): new function to build + the raw attribute subpacket. Note that attribute subpackets have + the same format as signature subpackets. + + * exec.c: new file with generic exec-a-program functionality. + Used by both photo IDs and keyserver helpers. This is pretty much + the same code that used to be keyserver specific, with some + changes to be usable generically. + + * free-packet.c (free_attributes (new)): function to free an + attribute packet. + + * gpgv.c: added stub show_photo + + * keyedit.c (keyedit_menu, menu_adduid, menu_showphoto): can add a + photo (calls generate_photo_id), or display a photo (calls + show_photo) from the --edit menu. New commands are "addphoto", + and "delphoto" (same as "deluid"). + + * keylist.c (list_keyblock_print): show photos during key list if + --show-photos enabled. + + * keyserver.c (keyserver_spawn): use the generic exec_xxx + functions to call keyserver helper. + + * g10.c, options.h: three new options - --{no-}show-photos, and + --photo-viewer to give the command line to display a picture. + + * options.skel: instructions for the photo viewer + + * parse-packet.c (parse_user_id, setup_user_id (new)): common code + for both user IDs and attribute IDs moved to setup_user_id. + + * parse-packet.c (make_attribute_uidname (new)): constructs a fake + "name" for attribute packets (e.g. "[image of size ...]") + + * parse-packet.c (parse_attribute (replaces parse_photo_id), + parse_attribute_subpkts): Builds an array of individual + attributes. Currently only handles attribute image / type jpeg + subpackets. + + * sign.c (hash_uid): Fix bug in signing attribute (formerly + photo_id) packets. + + * packet.h, and callers: globally change "photo_id" to "attribute" + and add structures for attributes. The packet format is generic + attributes, even though the only attribute type thus far defined + is jpeg. + +2001-12-21 David Shaw + + * parse-packet.c (can_handle_critical): Can handle critical + revocation subpackets now. + + * trustdb.c (mark_usable_uid_certs): Disregard revocations for + nonrevocable sigs. Note that this allows a newer revocable + signature to override an older nonrevocable signature. + + * sign.c (make_keysig_packet): add a duration field and change all + callers. This makes make_keysig_packet closer to + write_signature_packets and removes some duplicated expiration + code. + + * keyedit.c (keyedit_menu, menu_revsig, sign_uids, + sign_mk_attrib): Add nrsign command, don't allow revoking a + nonrevocable signature, + + * g10.c (main): Add --nrsign option to nonrevocably sign a key + from the command line. + + * build-packet.c (build_sig_subpkt_from_sig): Comment to explain + the use of CRITICAL. + +2001-12-21 Werner Koch + + * g10.c. options.h : New option --show-keyring + * getkey.c (get_ctx_handle): New. + * keylist.c (list_one): Implement option here. By David Champion. + +2001-12-20 David Shaw + + * keyserver.c (keyserver_spawn): Use mkdtemp() to make temp + directory. + + * mkdtemp.c: replacement function for those platforms that don't + have mkdtemp (make a temp directory securely). + +2001-12-19 David Shaw + + * misc.c (check_permissions): New function to stat() and ensure + the permissions of GNUPGHOME and the files have safe permissions. + + * keydb.c (keydb_add_resource): Check keyring permissions. + + * tdbio.c (tdbio_set_dbname): Check permissions of trustdb.gpg + + * keyserver.c (keyserver_spawn): Disable keyserver schemes that + involve running external programs if the options file has unsafe + permissions or ownership. + + * g10.c, options.h: New option --no-permission-warning to disable + the permission warning message(s). This also permits use of the + keyserver if it had been disabled (see above). Also check the + permissions/ownership of random_seed. + + * keyserver.c (keyserver_spawn): The new glibc prints a warning + when using mktemp() (the code was already secure, but the warning + was bound to cause confusion). Use a different implementation + based on get_random_bits() instead. Also try a few times to get + the temp dir before giving up. + +2001-12-19 Werner Koch + + * g10.c, passphrase.c [CYGWIN32]: Allow this as an alias for MINGW32. + +2001-12-18 David Shaw + + * g10.c (idea_cipher_warn): Add a flag to show the warning always + or once per session and change all callers (show always except for + the secret key protection and unknown cipher from an encrypted + message errors). Also make the strings translatable. + + * pubkey-enc.c (get_it): Add the IDEA cipher warning if the user + tries to decrypt an IDEA encrypted message without the IDEA + plugin. + + * keyserver.c (parse_keyserver_uri): More strict checking of the + keyserver URI. Specifically, fail if the ":port" section is + anything except a number between 1 and 65535. + +2001-12-17 David Shaw + + * keyserver.c (print_keyinfo): No need to check for + control/illegal characters, as utf8_to_native does this for us. + + * mainproc.c (proc_encrypted): Use generic IDEA warning. + + * gpgv.c: add stub for idea_cipher_warn + + * g10.c, hkp.c, keyserver.c: Fix capitalization and plural issues. + + * encode.c (encode_crypt), sign.c (sign_file, clearsign_file): + disable pgp2 mode after the message is no longer pgp2 compatible. + + * g10.c (main): Tweak the PGP2.x IDEA warning to use the generic + warning, and not merely fail if the IDEA plugin isn't there. + + * g10.c (main, idea_cipher_warn), keygen.c (set_one_pref), + seckey-cert.c (do_check): Add a generic IDEA warning for when the + IDEA plugin is not present. This pops up when the user uses + "--cipher-algo idea", when setpref is used to set a "S1" + preference, and when a secret key protected with IDEA is used. + +2001-12-15 Werner Koch + + * keyserver.c (keyserver_spawn): Assert that we have dropped privs. + +2001-12-13 Werner Koch + + * pubkey-enc.c (get_session_key): Check that the public key + algorithm is indeed usable for en/decryption. This avoid a + strange error message from pubkey_decrypt if for some reasons a + bad algorithm indentifier is passed. + +2001-12-12 David Shaw + + * Fixed some types for portability. Noted by Stefan Bellon. + +2001-12-11 Werner Koch + + * hkp.c (hkp_export): Do not print possible control characters + from a keyserver response. + (parse_hkp_index): Made uid an unsigned char* because it is passed to + isspace(). + (hkp_search): Ditto for the char* vars. + + * g10.c (main): Print the IDEA warning also for -c and -se. + + * g10.c (get_temp_dir): Assert that we have dropped privs + + * encode.c (encode_crypt): Include the first key into the --pgp2 + check. + +2001-12-07 David Shaw + + * g10.c, options.h: New option --pgp2. This is identical to + "--rfc1991 --cipher-algo idea --compress-algo 1 --digest-algo md5 + --force_v3_sigs" with the addition of an warning to advise the + user not to use a pipe (which would break pgp2 compatibility). + + * encode.c (encode_crypt): warn if the user tries to encrypt to + any key that is not RSA and <= 2048 bits when the --pgp2 option is + used. + + * sign.c (sign_file, clearsign_file): When using --pgp2, make a v3 + sig, and warn if the signature is made with a non-v3 key. + +2001-12-05 David Shaw + + * sign.c (sign_file, clearsign_file, sign_symencrypt_file): Prompt + for sig expiration if --expert is set and --force-v3-sigs is not + set (v3 sigs cannot expire). + + * mainproc.c (check_sig_and_print): After checking a sig, print + expiration status. This causes a error return if the sig is + expired. + + * build-packet.c (build_sig_subpkt_from_sig): Include a critical + sig expiration subpacket if the sig is to expire. + + * keyedit.c (sign_uids): Do not sign an expired key unless + --expert is set, in which case prompt. Also, offer to expire a + signature when the key the user is signing expires. + + * keygen.c (ask_expire_interval): Add a value to determine whether + to prompt for a key or sig expiration and change all callers. + + * keyid.c: New functions: expirestr_from_sig and + colon_expirestr_from_sig. + + * keylist.c (list_keyblock_colon): Show sig expiration date in the + --with-colons listing. + + * sign.c (make_keysig_packet, write_signature_packets): Pass in an + optional timestamp for the signature packet, and change all + callers. + + * keyedit.c (sign_mk_attrib): Include a critical expiration + subpacket in the signature if an expiration date is given. + +2001-12-04 David Shaw + + * keyedit.c (sign_uids): If the user tries to sign a + locally-signed key, allow the cert to be promoted to a full + exportable signature. This essentially deletes the old + non-exportable sig, and replaces it with a new exportable one. + +2001-12-04 David Shaw + + * keyedit.c (keyedit_menu): Do not allow signing a revoked key + unless --expert is set, and ask even then. + + * keyedit.c (sign_uids): Do not allow signing a revoked UID unless + --expert is set, and ask even then. + + * g10.c, options.h : New option --expert + +2001-11-16 David Shaw + + * Allow the user to select no compression via "--compress-algo 0" + on the command line. + + * keyedit.c (show_prefs): Show compression preferences in the + long-form "showpref" style. + + * keygen.c (set_one_pref): Permit setting a no-compression ("Z0") + preference. + + * getkey.c (fixup_uidnode): Fix compression preference corruption + bug. + +2001-12-02 David Shaw + + * g10.c: Add advisory --for-your-eyes-only option as per section + 5.9 of 2440. + +2001-12-05 David Shaw + + * Force a V4 sig if the user has a notation or policy URL set. + +2001-12-04 David Shaw + + * g10.c: Add options --keyserver-options, --temp-directory, and + auto-key-retrieve (the opposite of no-auto-key-retrieve). + + * hkp.c (hkp_search): New function to handle searching a HKP + keyserver for a key + + * hkp.c (hkp_ask_import, hkp_export): Pretty large changes to make + them communicate via the generic functions in keyserver.c + + * keyserver.c: new file with generic keyserver routines for + getting keys from a keyserver, sending keys to a keyserver, and + searching for keys on a keyserver. Calls the internal HKP stuff + in hkp.c for HKP keyserver functions. Other calls are handled by + an external program which is spawned and written to and read from + via pipes. Platforms that don't have pipes use temp files. + +2001-11-20 David Shaw + + * options.h, g10.c: New options show-notation, no-show-notation, + default-check-level, no-default-check-level, show-policy-url, + no-show-policy-url. + + * packet.h, sign.c (make_keysig_packet), parse-packet.c + (parse_signature), free-packet.c (free_seckey_enc): Fill in + structures for notation, policy, sig class, exportability, etc. + + * keyedit.c, keylist.c (print_and_check_one_sig, + list_keyblock_print): Show flags in signature display for cert + details (class, local, notation, policy, revocable). If selected, + show the notation and policy url. + + * keyedit.c (sign_uids): Prompt for and use different key sig + classes. + + * helptext.c (helptexts): Add help text to explain different + key signature classes + +2001-11-26 David Shaw + + * trustdb.c (mark_usable_uid_certs): Fix segfault from bad + initialization and fix reversed key signature expiration check. + +2001-11-09 Werner Koch + + * export.c (do_export_stream): Put all given names into a search + description and change the loop so that all matching names are + returned. + +2001-11-08 Werner Koch + + * pubkey-enc.c (get_it): To reduce the number of questions on the + MLs print the the name of cipher algorithm 1 with the error message. + + * mainproc.c: Changed the way old rfc1991 encryption cipher is + selected. Based on a patch by W Lewis. + + * pkclist.c (do_edit_ownertrust): Allow to skip over keys, the non + working "show info" is now assigned to "i" + * trustdb.c (ask_ownertrust, validate_keys): Implement a real quit + here. Both are by David Shaw. + + * trustdb.c (validate_keys): Make sure next_exipire is initialized. + + * sign.c (make_keysig_packet): Use SHA-1 with v4 RSA keys. + + * g10.c, options.h : New option --[no-]froce-v4-certs. + * sign.c (make_keysig_packet): Create v4 sigs on v4 keys even with + a v3 key. Use that new option. By David Shaw + + * revoke.c (ask_revocation_reason): Allow to select "no reason". + By David Shaw. + + * keyid.c (fingerprint_from_sk): Calculation of an v3 fpr was + plain wrong - nearly the same code in fingerprint_from_pk is correct. + + * build-packet.c (do_secret_key): Added a few comments to the code. + +2001-11-07 Werner Koch + + * g10.c (main): Print a warning when -r is used w/o encryption. + Suggested by Pascal Scheffers. + +2001-10-23 Werner Koch + + * keyedit.c (keyedit_menu): Changed helptext for showpref + command. Suggested by Reinhard Wobst. + + * keyring.c (keyring_search): When marking the offtbl ready, take + into account that we may have more than one keyring. + +2001-10-22 Werner Koch + + * Makefile.am: Do not use OMIT_DEPENDENCIES + + * build-packet.c (build_sig_subpkt): Default is now to put all + types of subpackets into the hashed area and only list those which + should go into the unhashed area. + +2001-10-18 Werner Koch + + * keydb.c (keydb_add_resource): Rearranged the way we keep track + of the resource. There will now be an entry for each keyring here + and not in keyring.c itself. Store a token to allow creation of a + keyring handle. Changed all functions to utilize this new design. + (keydb_locate_writable): Make a real implementation. + * keyring.c (next_kr): Removed and changed all callers to set the + resource directly from the one given with the handle. + (keyring_is_writable): New. + (keyring_rebuild_cache): Add an arg to pass the token from keydb. + +2001-10-17 Werner Koch + + * keyring.c (keyring_search): Enabled word search mode but print a + warning that it is buggy. + +2001-10-11 Werner Koch + + * hkp.c (hkp_ask_import): No more need to set the port number for + the x-hkp scheme. + (hkp_export): Ditto. + +2001-10-06 Stefan Bellon + + * passphrase.c [__riscos__]: Disabled agent specific stuff. + * g10.c: New option --no-force-v3-sigs. + +2001-10-04 Werner Koch + + * export.c (do_export_stream): Do not push the compress filter + here because the context would run out of scope due to the + iobuf_close done by the caller. + (do_export): Do it here instead. + +2001-09-28 Werner Koch + + * keyedit.c (sign_uids): Always use the primary key to sign keys. + * getkey.c (finish_lookup): Hack to return only the primary key if + a certification key has been requested. + + * trustdb.c (cmp_kid_for_make_key_array): Renamed to + (validate_one_keyblock): this and changed arg for direct calling. + (make_key_array): Renamed to + (validate_one_keyblock): this and changed args for direct calling. + (mark_usable_uid_certs, validate_one_keyblock) + (validate_key_list): Add next_expire arg to keep track of + expiration times. + (validate_keys): Ditto for UTKs and write the stamp. + + * tdbio.c (migrate_from_v2): Check return code of tbdio_sync. + + * tdbdump.c (import_ownertrust): Do a tdbio_sync(). + + * keyring.c: Made the offtbl an global object. + +2001-09-27 Werner Koch + + * pkclist.c (do_edit_ownertrust): Allow settin of ultimate trust. + + * trustdb.c (mark_keyblock_seen): New. + (make_key_array): Use it to mark the subkeys too. + (validate_keys): Store validity for ultimatly trusted keys. + +2001-09-26 Werner Koch + + * pkclist.c (check_signatures_trust, do_we_trust): Removed the + invocation of add_ownertrust. Minor changes to the wording. + (add_ownertrust, add_ownertrust_cb): Removed. + + * trustdb.c (get_validity): Allow to lookup the validity using a + subkey. + + * trustdb.c (new_key_hash_table): Increased the table size to 1024 + and changed the masks accordingly. + (validate): Changed stats printing. + (mark_usable_uid_certs): New. + (cmp_kid_for_make_key_array): Does now check the signatures and + figures out a usable one. + +2001-09-25 Werner Koch + + * keyring.c (new_offset_item,release_offset_items) + (new_offset_hash_table, lookup_offset_hash_table) + (update_offset_hash_table, update_offset_hash_table_from_kb): New. + (keyring_search): Use a offset table to optimize search for + unknown keys. + (keyring_update_keyblock, keyring_insert_keyblock): Insert new + offsets. + * getkey.c (MAX_UNK_CACHE_ENTRIES): Removed the unknown keys + caching code. + + * g10.c, options.h, import.c: Removed the entire + allow-secret-key-import stuff because the validity is now + controlled by other means. + + * g10.c: New command --rebuild-keydb-caches. + * keydb.c (keydb_rebuild_caches): New. + * keyring.c (do_copy): Moved some code to + (create_tmp_file, rename_tmp_file, write_keyblock): new functions. + (keyring_rebuild_cache): New. + + * packet.h (PKT_ring_trust): Add sigcache field. + * parse-packet.c (parse_trust): Parse sigcache. + * keyring.c (do_copy): Always insert a sigcache packet. + (keyring_get_keyblock): Copy the sigcache packet to the signature. + * sig-check.c (cache_sig_result): Renamed from + cache_selfsig_result. Changed implementation to use the flag bits + and changed all callers. + (mdc_kludge_check): Removed this unused code. + (do_check): Do not set the sig flags here. + + * import.c (read_block): Make sure that ring_trust packets are + never imported. + * export.c (do_export_stream): and never export them. + + * trustdb.c (make_key_array): Skip revoked and expired keys. + +2001-09-24 Werner Koch + + * g10.c, options.h: New option --no-auto-check-trustdb. + + * keygen.c (do_generate_keypair): Set newly created keys to + ultimately trusted. + + * tdbio.h, tdbio.c: Removed all support for records DIR, KEY, UID, + PREF, SIG, SDIR and CACH. Changed migration function to work + direct on the file. + (tdbio_read_nextcheck): New. + (tdbio_write_nextcheck): New. + +2001-09-21 Werner Koch + + Revamped the entire key validation system. + * trustdb.c: Complete rewrite. No more validation on demand, + removed some functions, adjusted to all callers to use the new + and much simpler interface. Does not use the LID anymore. + * tdbio.c, tdbio.h: Add new record types trust and valid. Wrote a + migration function to convert to the new trustdb layout. + * getkey.c (classify_user_id2): Do not allow the use of the "#" + prefix. + * keydb.h: Removed the TDBIDX mode add a skipfnc to the + descriptor. + * keyring.c (keyring_search): Implemented skipfnc. + + * passphrase.c (agent_open): Add missing bracket. Include windows.h. + +2001-09-19 Werner Koch + + * keylist.c (print_fingerprint): Renamed from fingerprint, made + global available. Added new arg to control the print style. + * mainproc.c (print_fingerprint): Removed. + * pkclist.c (print_fpr, fpr_info): Removed and changed callers to + use print_fingerprint. + * keyedit.c (show_fingerprint): Ditto. + + * passphrase.c (writen, readn) + (agent_open, agent_close) + (agent_get_passphrase) + (passphrase_clear_cache): Support for W32. Contributed by Timo. + + * import.c (import_one): Release keydb handles at 2 more places. + + * keyring.c (keyring_release): Close the iobuf. + (keyring_get_keyblock): Init ret_kb to NULL and store error contidion. + + * import.c (import_new_stats_handle): New. + (import_release_stats_handle): New. + (import_print_stats): Renamed from static fnc print_stats. + (import_keys, import_keys_stream): Add an optional status handle + arg and changed all callers. + * hkp.c (hkp_ask_import): Add an stats_handle arg and changed all + callers. + + * mainproc.c (print_pkenc_list): Use print_utf8_string2(). + +2001-09-18 Werner Koch + + * g10.c: New command --refresh-keys. + * hkp.c (hkp_refresh_keys): New. Contributed by Timo Schulz. + + * parse-packet.c (parse): Stop on impossible packet lengths. + +2001-09-17 Werner Koch + + * mainproc.c (print_notation_data): Wrap notation data status lines + after 50 chars. + + * mainproc.c (proc_pubkey_enc): Make option try-all-secrets work. + By disastry@saiknes.lv. + +2001-09-14 Werner Koch + + * parse-packet.c (dump_sig_subpkt): List key server preferences + and show the revocable flag correctly. Contributed by David Shaw. + +2001-09-09 Werner Koch + + * keyedit.c (keyedit_menu): No need to define another p. + + * keylist.c (print_capabilities): s/used/use/ so that it + does not shadow a global. + * sign.c (sign_file): Renamed arg encrypt to encryptflag + * keygen.c: Replaced all "usage" by "use". + * misc.c (openpgp_pk_algo_usage): Ditto. + + * pubkey-enc.c (get_it): Renamed arg k to enc so that the later + defined k does not shadow it. + + * parse-packet.c (parse_gpg_control): No need to define another i. + + * getkey.c (get_pubkey_byfprint): Must use the enum values and not + the fprint_len. + * keyring.c (keyring_search): Removed a non-sense break. Both + bugs pointed out by Stefan. + +2001-09-07 Werner Koch + + * status.c, status.h: Added NO_RECP and ALREADY_SIGNED. + * pkclist.c (build_pk_list): Issue NO_RECP. + * keyedit.c (sign_uids): Added experimental ALREADY_SIGNED + + * hkp.c (hkp_import): Use log_error. Bug reported by Neal H + Walfield. + + * getkey.c (classify_user_id2): Change args to take the desc union + direct. It was a stupid idea to pass the individual fields of an + union to this function. Changed all callers. + (classify_user_id): Ditto and allow to pass NULL as the description. + +2001-09-06 Werner Koch + + * getkey.c (fixup_uidnode): Features flag is now a bit vector. + * keygen.c (add_feature_mdc): Ditto. + + Revamped the entire key I/O code to be prepared for other ways of + key storages and to get rid of the existing shit. GDBM support has + gone. + * keydb.c: New + * keyring.c, keyring.h: New. + * ringedit.c: Removed. Moved some stuff to keyring.c + * getkey.c: Changed everything related to the key retrieving + functions which are now using the keydb_ functions. + (prepare_search, word_match_chars, word_match) + (prepare_word_match, compare_name): Moved to keyring.c + (get_pubkey_byname): Removed ctx arg and add ret_kdbhd + arg. Changed all callers. + (key_byname): Use get_pubkey_end to release the context and take + new ret_kbdhd arg. Changed all callers. + (classify_user_id2): Fill the 16 byte fingerprint up with 4 null + bytes not with zero bytes of value 4, tsss. + * import.c (import_one): Updated to use the new keydb interface. + (import_secret_one): Ditto. + (import_revoke_cert): Ditto. + * delkey.c (do_delete_key): Ditto. + * keyedit.c (keyedit_menu): Ditto. + (get_keyblock_byname): Removed. + * revoke.c (gen_revoke): Ditto. + * export.c (do_export_stream): Ditto. + * trustdb.c (update_trustdb): Ditto. + * g10.c, gpgv.c (main): Renamed add_keyblock_resource to + keydb_add_resource. + * Makefile.am: Added and removed files. + + * keydb.h: Moved KBNODE typedef and MAX_FINGERPRINT_LEN to + * global.h: this new header. + +2001-09-03 Werner Koch + + * passphrase.c (agent_get_passphrase): Changed nread to size_t. + (passphrase_clear_cache): Ditto. + + * keyid.c (mk_datestr): Avoid trigraphs. + (fingerprint_from_pk): Cache the keyid in the pk. + + * options.h: Add opt.with_fingerprint so that we know whether the + corresponding options was used. + * g10.c (main): Set it here. + * pkclist.c (check_signatures_trust): Always print fingerprint + when this option is used. Mixed a minor memory leak. + + * status.c, status.h: New status INV_RECP. + * pkclist.c (build_pk_list): Issue this status. + +2001-08-31 Werner Koch + + * parse-packet.c (parse_key,parse_pubkeyenc) + (parse_signature): Return error on reading bad MPIs. + + * mainproc.c (check_sig_and_print): Always print the user ID even + if it is not bound by a signature. Use the primary UID in the + status messages and encode them in UTF-8 + * status.c (write_status_text_and_buffer): New. + +2001-08-30 Werner Koch + + * packet.h (sigsubpkttype_t): Add SIGSUBPKT_FEATURES. + (PKT_public_key, PKT_user_id): Add a flag for it. + * parse-packet.c, build-packet.c: Add support for them. + * getkey.c (fixup_uidnode, merge_selfsigs): Set the MDC flags. + * keygen.c (add_feature_mdc): New. + (keygen_upd_std_prefs): Always set the MDC feature. + * keyedit.c (show_prefs): List the MDC flag + * pkclist.c (select_mdc_from_pklist): New. + * encode.c (encode_crypt, encrypt_filter): Test whether MDC + should be used. + * cipher.c (write_header): Set MDC use depending on the above test. + Print more status info. + + * delkey.c (do_delete_key): Kludge to delete a secret key with no + public key available. + + * ringedit.c (find_secret_keyblock_direct): New. + * getkey.c (seckey_available): Simplified. + + * ringedit.c (cmp_seckey): Now compares the secret key against the + public key while ignoring all secret parts. + (keyring_search): Use a public key packet as arg. Allow to search + for subnkeys + (search): Likewise. Changed all callers. + (find_secret_keyblock_bypk): New. + (find_secret_keyblock_byname): First locate the pubkey and then + find the correponding secret key. + * parse-packet.c (parse): Renamed pkttype arg to onlykeypkts and + changed code accordingly. Changed all callers. + (search_packet): Removed pkttype arg. + * keyedit.c (keyedit_menu): First locate the public key and then + try to locate a secret key. + + * ringedit.c (locate_keyblock_by_fpr): Removed. + (locate_keyblock_by_keyid): Removed. + (find_keyblock_bysk): Removed. + + * sig-check.c (check_key_signature2): Print the keyid along with + the wrong sig class errors. + +2001-08-24 Werner Koch + + * sign.c (sign_file): Stripped the disabled comment packet code. + (sign_file, sign_symencrypt_file): Moved common code to .. + (write_onepass_sig_packets): .. this new function. + (sign_file, clearsign_file, sign_symencrypt_file): Moved common + code to + (write_signature_packets): this new function. + (write_signature_packets, make_keysig_packet) + (update_keysig_packet): Moved common code to + (hash_uid, hash_sigclass_to_magic): these new functions + (sign_file, sign_symencrypt_file): Moved common code to + (write_plaintext_packet): this new function. + +2001-08-21 Stefan Bellon + + * trustdb.c (query_trust_info): Changed trustlevel to signed int. + * g10.c [__riscos__]: Fixed handling of --use-agent --lock-multiple. + +2001-08-20 Werner Koch + + * encr-data.c (decrypt_data): Keep track on whether we already + printed information about the used algorithm. + * mainproc.c (proc_encrypted): Removed the non-working IDEA hack + and print a message about the assumed algorithm. + * passphrase.c (passphrase_to_dek): Use the same algorithm as above. + (proc_symkey_enc): Print the algorithm, so that the user knows it + before entering the passphrase. + (proc_pubkey_enc, proc_pubkey_enc): Zero the DEK out. + * encode.c (encode_crypt, encrypt_filter): Ditto. + + * g10.c: Allow for --sign --symmetric. + * sign.c (sign_and_symencrypt): New. + + Applied patches from Stefan Bellon to support + RISC OS. Nearly all of these patches are identified by the + __riscos__ macro. + * compress.c: Added a couple of casts. + * g10.c [__riscos__]: Some patches and new options foo-file similar + to all foo-fd options. + * gpgv.c, openfile.c, ringedit.c, tdbio.c: Minor fixes. Mainly + replaced hardcoded path separators with EXTSEP_S like macros. + * passprase.c [__riscos__]: Disabled agent stuff + * trustdb.c (check_trust): Changed r_trustlevel to signed int to + avoid mismatch problems in pkclist.c + * pkclist.c (add_ownertrust): Ditto. + * plaintext.c (handle_plaintext) [__riscos__]: Print a note when + file can't be created. + * options.h [__riscos__]: Use an extern unless included from the + main module. + * signal.c (got_fatal_signal) [__riscos__]: Close all files. + +2001-08-14 Werner Koch + + * keygen.c (ask_algo): New arg r_usage. Allow for RSA keys. + (gen_rsa): Enabled the code. + (do_create): Enabled RSA branch. + (parse_parameter_usage): New. + (proc_parameter_file): Handle usage parameter. + (read_parameter_file): Ditto. + (generate_keypair): Ditto. + (generate_subkeypair): Ditto. + (do_generate_keypair): Ditto. + (do_add_key_flags): New. + (keygen_add_std_prefs): Use the new function. + (keygen_add_key_flags_and_expire): New. + (write_selfsig, write_keybinding): Handle new usage arg. + * build-packet.c (build_sig_subpkt): Make sure that key flags go + into the hashed area. + + * keygen.c (write_uid): Initialize the reference cunter. + + * keyedit.c (keyedit_menu): No more need to update the trustdb for + preferences. Added calls to merge keblock. + + * kbnode.c (dump_kbnode): Print some more flags. + +2001-08-10 Werner Koch + + Revamped the preference handling. + + * packet.h (prefitem_t, preftype_t): New. + (PKT_public_key): Added a uid field. + (PKT_user_id): Added field to store preferences and a reference + counter. + * parse-packet.c (parse_user_id,parse_photo_id): Initialize them + * free-packet.c (free_user_id): Free them. + (copy_user_id): Removed. + (scopy_user_id): New. + (cmp_user_ids): Optimized for identical pointers. + (release_public_key_parts): Release the uid. + (copy_public_key_with_new_namehash): Removed. + (copy_prefs): New. + * keyedit.c (menu_adduid): Use the new shallow copy user id. + (show_prefs): Adjusted implementation. + (keyedit_menu): No more need to update the trustdb after changing + preferences. + * getkey.c (fixup_uidnode): Store preferences. + (find_by_name): Return a user id packet and remove namehash stuff. + (lookup): Removed the unused namehash stuff. + (finish_lookup): Added foundu arg. + (pk_from_block): Removed the namehash arg and changed all callers. + (merge_selfsigs): Copy prefs to all keys. + * trustdb.c (get_pref_data): Removed. + (is_algo_in_prefs): Removed. + (make_pref_record): Deleted and removed all class. + * pkclist.c (select_algo_from_prefs): Adjusted for the new + preference implementation. + * pubkey-enc.c (is_algo_in_prefs): New. + (get_it): Use that new function. + +2001-08-09 Werner Koch + + * build-packet.c (build_sig_subpkt): Fixed calculation of + newarea->size. + + * g10.c (main): New option "--preference-list" + * keyedit.c (keyedit_menu): New commands "setpref" and "updpref". + (menu_set_preferences): New. + * keygen.c (keygen_set_std_prefs): New. + (set_one_pref): New. + (check_zip_algo): New. + (keygen_get_std_prefs): New. + (keygen_upd_std_prefs): New + (keygen_add_std_prefs): Move the pref setting code into the above fnc. + * build-packet.c (build_sig_subpkt): Updated the list of allowed + to update subpackets. + +2001-08-08 Werner Koch + + * packet.h (subpktarea_t): New. + (PKT_signature): Use that type for hashed_data and unhashed_data and + removed the _data prefix from those fields. Changed all users. + * parse-packet.c (parse_signature): Changed allocation for that. + (parse_sig_subpkt): Changed declaration + (enum_sig_subpkt): Ditto and changed implementation accordingly. + * free-packet.c (cp_subpktarea): Renamed from cp_data_block and + adjusted implementation. Changed caller. + * sig-check.c (mdc_kludge_check): Adjusted the hashing. + (do_check): Ditto. + * sign.c (sign_file, clearsign_file, make_keysig_packet, + update_keysig_packet): Ditto. + * build-packet.c (build_sig_subpkt): Partial rewrite. + (find_subpkt): Adjusted and made static. + (delete_sig_subpkt): Adjusted. + (do_signature): Ditto. + + * keygen.c (ask_keysize): Do not print the notes about suggested + key sizes if just a DSA key is generated. + + * trustdb.c (add_ultimate_key): s/log_error/log_info/ for + duplicated inserted trusted keys. + +2001-08-07 Werner Koch + + * sign.c (sleep): Redefine for W32. + + * g10.c, options.h: Set new flag opt.no_homedir_creation when + --no-options is given. + * openfile.c (try_make_homedir): Don't create the homedir in that case. + +2001-08-03 Werner Koch + + * armor.c (armor_filter): Removed the default comment string + because it could get us in trouble due to translations using non + ascii characters. + +2001-08-01 Werner Koch + + * keylist.c (list_keyblock_print): Do not list revoked UIDs unless + in verbose mode and we do no signature listing. + + * getkey.c (finish_lookup): Skip subkeys which are not yet valid. + * g10.c, options.h: New option --ignore-valid-from. + + * sign.c (make_keysig_packet): Added new sigversion argument to + allow the caller to force generation of required signature + version. Changed all callers. Suggested by Thomas Roessler. + + * keyedit.c (sign_uids): Force v4 signature generation for local + sigs. Removed the check for local signature and pre-v4 keys. + +2001-07-27 Werner Koch + + * keyedit.c (sign_uids): Check that we are not trying to to a + lsign with a pre-v4 key. Bug noticed by Thomas Roessler. + +2001-07-26 Werner Koch + + * parse-packet.c (parse_photo_id): Reset all variables. + * getkey.c (merge_selfsigs_main): Removed checks on PHOTO_ID + because this is handled identically to a user ID. + +2001-07-06 Werner Koch + + * cipher.c (write_header): Don't use MDC with --rfc1991. Suggested + by disastry@saiknes.lv. + +2001-07-05 Werner Koch + + * g10.c, options.h: New option --preserve-permissions. + * ringedit.c (add_keyblock_resource): Use it here + (keyring_copy): and here. + + * trustdb.c (verify_own_keys): Be more silent on --quiet. + Suggested by Thomas Roessler. + * sig-check.c (check_key_signature2): Ditto. + * mainproc.c (proc_encrypted, proc_tree): Ditto + * getkey.c (lookup): Ditto. + +2001-07-04 Werner Koch + + * ringedit.c (add_keyblock_resource): Restore filename in case of error. + +2001-06-25 Werner Koch + + * kbnode.c (dump_kbnode): Print the signature timestamp. + + * keyedit.c (keyedit_menu): New menu point "primary". + (change_primary_uid_cb): New. + (menu_set_primary_uid): New. + * sign.c (update_keysig_packet): New. + * build-packet.c (build_sig_subpkt): Put the primary UID flag into + the hashed area. Allow update of some more packets. + +2001-06-15 Werner Koch + + * getkey.c (merge_selfsigs): Exit gracefully when a secret key is + encountered. May happen if a secret key is in public keyring. + Reported by Francesco Potorti. + +2001-06-12 Werner Koch + + * getkey.c (compare_name): Use ascii_memistr(), ascii_memcasecmp() + * keyedit.c (keyedit_menu): Use ascii_strcasecmp(). + * armor.c (radix64_read): Use ascii_toupper(). + * ringedit.c (do_bm_search): Ditto. + * keygen.c (read_parameter_file): Ditto. + * openfile.c (CMP_FILENAME): Ditto. + * g10.c (i18n_init): We can now use just LC_ALL. + +2001-05-29 Werner Koch + + * keygen.c (generate_subkeypair): Print a warning if a subkey is + created on a v3 key. Suggested by Brian M. Carlson. + +2001-05-27 Werner Koch + + * keyid.c (get_lsign_letter): New. + * keylist.c (list_keyblock_colon): Use it here. + * mainproc.c (list_node): and here. + + * getkey.c, packet.h, free-packet.c: Removed that useless key + created field; I dunno why I introducded this at all - the + creation time is always bound to the key packet and subject to + fingerprint calculation etc. + + * getkey.c (fixup_uidnode): Add keycreated arg and use this + instead of the signature timestamp to calculate the + help_key_expire. Bug reported by David R. Bergstein. + (merge_selfsigs_main): Correct key expiration time calculation. + (merge_selfsigs_subkey): Ditto. + +2001-05-25 Werner Koch + + * revoke.c (gen_revoke): Add a cast to a tty_printf arg. + * delkey.c (do_delete_key): Ditto. + * keyedit.c (print_and_check_one_sig): Ditto. + (ask_revoke_sig): Ditto. + (menu_revsig): Ditto. + (check_all_keysigs): Removed unused arg. + +2001-05-23 Werner Koch + + * g10.c (opts): Typo fix by Robert C. Ames. + +2001-05-06 Werner Koch + + * revoke.c: Small typo fix + +2001-05-04 Werner Koch + + * passphrase.c (passphrase_clear_cache): Shortcut if agent usage + is not enabled. + +2001-05-01 Werner Koch + + * passphrase.c (writen): Replaced ssize_t by int. Thanks to + to Robert Joop for reporting that SunOS 4.1.4 does not have it. + +2001-04-28 Werner Koch + + * getkey.c (merge_public_with_secret): pkttype was not set to subkey. + +2001-04-27 Werner Koch + + * skclist.c (build_sk_list): Changed one log_debug to log_info. + +2001-04-25 Werner Koch + + * keyedit.c (show_prefs): Add a verbose mode. + (show_key_with_all_names): Pass verbose flag for special value of + with_pref. + (keyedit_menu): New command "showpref" + (show_key_with_all_names): Mark revoked uids and the primary key. + +2001-04-24 Werner Koch + + * getkey.c (get_primary_uid): Return a different string in case of + error and made it translatable. + + * build-packet.c (do_secret_key): Ugly, we wrote a zero + instead of the computed ndays. Thanks to M Taylor for complaining + about a secret key import problem. + +2001-04-23 Werner Koch + + * hkp.c (hkp_ask_import): Allow to specify a port number for the + keyserver. Add a kudge to set the no_shutdown flag. + (hkp_export): Ditto. + * options.skel: Document the changes + +2001-04-20 Werner Koch + + * options.skel: Add some more comments. + +2001-04-19 Werner Koch + + * keyid.c (mk_datestr): New. Handles negative times. We must do + this because Windoze segvs on negative times passed to gmtime(). + Changed all datestr_from function to use this one. + + * keyid.c, keyid.h (colon_strtime): New. To implement the + fixed-list-mode. + (colon_datestr_from_pk): New. + (colon_datestr_from_sk): New. + (colon_datestr_from_sig): New. + * keylist.c (list_keyblock_colon): Use these functions here. + * mainproc.c (list_node): Ditto. + +2001-04-18 Werner Koch + + * openfile.c (open_sigfile): Fixed the handling of ".sign". + * mainproc.c (proc_tree): Use iobuf_get_real_fname. + Both are by Vincent Broman. + +2001-04-14 Werner Koch + + * getkey.c (fixup_uidnode): Removed check for !sig which is + pointless here. Thanks to Jan Niehusmann. + +2001-04-10 Werner Koch + + * sig-check.c (check_key_signature2): Use log_info instead of + log_error so that messed up keys do not let gpg return an error. + Suggested by Christian Kurz. + + * getkey.c (merge_selfsigs_main): Do a fixup_uidnode only if we + have both, uid and sig. Thanks to M Taylor. + +2001-04-05 Werner Koch + + * armor.c (unarmor_pump_new,unarmor_pump_release): New. + (unarmor_pump): New. + * pipemode.c (pipemode_filter): Use the unarmor_pump to handle + armored or non-armored detached signatures. We can't use the + regular armor_filter because this does only check for armored + signatures the very first time. In pipemode we may have a mix of + armored and binary detached signatures. + * mainproc.c (proc_tree): Do not print the "old style" notice when + this is a pipemode processes detached signature. + (proc_plaintext): Special handling of pipemode detached sigs. + + * packet.h (CTRLPKT_PLAINTEXT_MARK): New. + * parse-packet.c (create_gpg_control): New. + * kbnode.c (dump_kbnode): Support it here. + * mainproc.c (check_sig_and_print): Fixed the check for bad + sequences of multiple signatures. + (proc_plaintext): Add the marker packet. + (proc_tree): We can now check multiple detached signatures. + +2001-04-02 Werner Koch + + The length of encrypted packets for blocksizes != 8 was not + correct encoded. I think this is a minor problem, because we + usually use partial length packets. Kudos to Kahil D. Jallad for + pointing this out. + * packet.h: Add extralen to PKT_encrypted. + * cipher.c (write_header): Set extralen. + * build-packet.c (do_encrypted): Use extralen instead of const 10. + (do_encrypted_mdc): Ditto. + * parse-packet.c (parse_encrypted): Set extralen to 0 because we + don't know it here. + +2001-03-30 Werner Koch + + * getkey.c (premerge_public_with_secret): Changed wording an add + the keyID to the info message. + +2001-03-29 Werner Koch + + * getkey.c (premerge_public_with_secret): Use log_info instead of + log_error when no secret key was found for a public one. + Fix the usage if the secret parts of a key are not available. + + * openfile.c (ask_outfile_name): Trim spaces. + (open_outfile): Allow to enter an alternate filename. Thanks to + Stefan Bellon. + * plaintext.c (handle_plaintext): Ditto. + +2001-03-28 Werner Koch + + * mainproc.c (do_check_sig): Allow direct key and subkey + revocation signature. + * sig-check.c (check_key_signature2): Check direct key signatures. + Print the signature class along with an error. + +2001-03-27 Werner Koch + + * packet.h: Add a missing typedef to an enum. Thanks to Stefan Bellon. + + * g10.c: New option --no-sig-create-check. + * sign.c (do_sign): Implement it here. + * g10.c: New option --no-sig-cache. + * sig-check.c (check_key_signature2): Implement it here. + (cache_selfsig_result): and here. + + * keylist.c (list_keyblock): Removed debugging stuff. + + * getkey.c (cache_public_key): Made global. + * keygen.c (write_selfsig, write_keybinding): Cache the new key. + + * getkey.c (key_byname): Add new arg secmode and changed all + callers to request explicitly the mode. Deriving this information + from the other supplied parameters does not work if neither pk nor + sk are supplied. + +2001-03-25 Werner Koch + + * packet.h (ctrlpkttype_t): New. + * mainproc.c (add_gpg_control,proc_plaintext,proc_tree): Use the + new enum values. + * pipemode.c (make_control): Ditto. + * armor.c (armor_filter): Ditto. + +2001-03-24 Werner Koch + + * sign.c (do_sign): Verify the signature right after creation. + +2001-03-23 Werner Koch + + * status.c, status.h (STATUS_UNEXPECTED): New. + * mainproc.c (do_proc_packets): And emit it here. + +2001-03-21 Werner Koch + + * status.c: Add sys/types.h so that it runs on Ultrix. Reported + by Georg Schwarz.x + + * build-packet.c (build_sig_subpkt): Fixed generaton of packet + length header in case where 2 bytes headers are needed. Thanks to + Piotr Krukowiecki. + +2001-03-19 Werner Koch + + * g10.c (main): the default keyring is no always used unless + --no-default-keyring is given. + + * ringedit.c (add_keyblock_resource): invalidate cache after file + creation. + +2001-03-15 Werner Koch + + * keygen.c (ask_algo): Changed the warning of the ElGamal S+E Algo. + + * keylist.c (print_capabilities): New. + (list_keyblock_colon): and use it here. + +2001-03-13 Werner Koch + + * main.c, options.h: New option --fixed_list_mode. + * keylist.c (list_keyblock_colon): use it here. + + * getkey.c (merge_keys_and_selfsig): Divert merging of public keys + to the function used in key selection.. + * keylist.c (is_uid_valid): Removed. + (list_keyblock): Splitted into .. + (list_keyblock_print, list_keyblock_colon): .. these. + functions. Changed them to use the flags set in the key lookup code. + (reorder_keyblock): New, so that primary user IDs are listed first. + + * ringedit.c (keyring_copy): flush the new iobuf chaces before + rename or remove operations. This is mainly needed for W32. + + * hkp.c [HAVE_DOSISH_SYSTEM]: Removed the disabled code because we + have now W32 socket support in ../util/http.c + + * skclist.c (key_present_in_sk_list): New. + (is_duplicated_entry): New. + (build_sk_list): Check for duplicates and do that before unlocking. + +2001-03-12 Werner Koch + + * armor.c (parse_header_line): Removed double empty line check. + (parse_header_line): Replaced trim_trailing_ws with a counting + function so that we can adjust for the next read. + + * options.skel: Fixed 3 typos. By Thomas Klausner. Replaced the + keyserver example by a better working server. + + * parse-packet.c (parse_symkeyenc): Return Invalid_Packet on error. + (parse_pubkeyenc): Ditto. + (parse_onepass_sig): Ditto. + (parse_plaintext): Ditto. + (parse_encrypted): Ditto. + (parse_signature): Return error at other places too. + (parse_key): Ditto. + * g10.c (main): Set opt.list_packets to another value when invoked + with the --list-packets command. + * mainproc.c (do_proc_packets): Don's stop processing when running + under --list-packets command. + + * signal.c (do_sigaction): Removed. + (init_one_signal): New to replace the above. Needed to support + systems without sigactions. Suggested by Dave Dykstra. + (got_fatal_signal,init_signals): Use the above here. + (do_block): Use sigset() if sigprocmask() is not available. + + * armor.c (parse_hash_header): Test on TIGER192, which is the + correct value as per rfc2440. By Edwin Woudt. + +2001-03-08 Werner Koch + + * misc.c: Include time.h. By James Troup. + + * getkey.c: Re-enabled the unknown user Id and PK caches and + increased their sizes. + + * getkey.c (merge_selfsigs_main): Set expire date and continue + processing even if we found a revoked key. + (merge_selfsigs_subkeys): Ditto. + + * packet.h: Add an is_revoked flag to the user_id packet. + * getkey.c (fixup_uidnode): Set that flag here. + (merge_selfsigs_main): Fix so that the latest signature is used to + find the self-signature for an UID. + * parse-packet.c (parse_user_id): Zero out all fields. + * mainproc.c (check_sig_and_print): Print the primary user ID + according the the node flag and then all other non-revoked user IDs. + (is_uid_revoked): Removed; it is now handled by the key selection code. + + Changed the year list of all copyright notices. + +2001-03-07 Werner Koch + + * getkey.c (finish_lookup): Print an info message only in verbose mode. + +2001-03-05 Werner Koch + + * packet.h: Replaced sigsubpkt_t value 101 by PRIV_VERIFY_CACHE. + We have never used the old value, so we can do this without any harm. + * parse-packet.c (dump_sig_subpkt): Ditto. + (parse_one_sig_subpkt): Parse that new sub packet. + * build-packet.c (build_sig_subpkt): Removed the old one from the + hashed area. + (delete_sig_subpkt): New. + (build_sig_subpkt): Allow an update of that new subpkt. + * sig-check.c (check_key_signature2): Add verification caching + (cache_selfsig_result): New. + * export.c (do_export_stream): Delete that sig subpkt before exporting. + * import.c (remove_bad_stuff): New. + (import): Apply that function to all imported data + +2001-03-03 Werner Koch + + * getkey.c: Introduced a new lookup context flag "exact" and used + it in all place where we once used primary. + (classify_user_id2): Replaced the old function and add an extra + argument to return whether an exact keyID has been requested. + (key_byname): Removed the unused ctx.primary flag + (get_seckey_byname2): Ditto. + (finish_lookup): Changed debugging output. + +2001-03-02 Werner Koch + + * keylist.c (list_one): Remove the merge key calls. + +2001-03-01 Werner Koch + + * getkey.c (finish_lookup): Don't use it if we no specific usage + has been requested. + (merge_selfsigs_main): fix UID only if we have an signature. + (lookup): Return UNU_PUBKEY etc. instead of NO_PUBKEY if we found + a key but the requested usage does not allow this key. + * import.c (import_one): Take UNU_PUBKEY into account. + * mainproc.c (list_node): Ditto. + * keylist.c (list_keyblock): Ditto. + * keyedit.c (print_and_check_one_sig): Ditto. + +2001-02-09 Werner Koch + + * delkey.c (delete_key): Removed that silly assert which rendered + the whole new stuff meaningless. + +2001-02-08 Werner Koch + + * getkey.c (key_byname): It can happen that we have both, sk and pk + NULL, fix for that. + + * parse-packet.c (parse_one_sig_subpkt): Add support for + primary_uid and key_flags. + (can_handle_critical): Ditto + + * parse-packet.c (parse_encrypted): Fixed listing of pktlen for + MDC packets. + + * getkey.c: Backported the version of this file from gpg 1.1. this + involved some changes in other files too. + * parse-packet.c (parse_key): Clear req_usage. + * skclist.c (build_sk_list): Use req_usage to pass the usage + information to the lookup function. + * pkclist.c (build_pk_list): Ditto. + * free-packet.c (copy_public_parts_to_secret_key): New. + * keydb.h: Add IS_* macros to check the sig_class. + * misc.c (openpgp_cipher_test_algo): New. + (openpgp_pk_test_algo): New. + (openpgp_pk_algo_usage): New. + (openpgp_md_test_algo): New. + * packet.h: Add a few fields to PKT_{public,secret}_key and + PKT_user_id. + * seckey-cert.c (do_check): Use the new main_keyid field. + +2001-02-04 Werner Koch + + * encr-data.c (decrypt_data): Catch error when we had problems to + parse the encrypted packet. By Timo. + +2001-01-29 Werner Koch + + * g10.c (main): --batch does now set nogreeting. + + * delkey.c (do_delete_key): Fixed delete-both functionality. + +2001-01-22 Werner Koch + + * g10.c: New command --delete-secret-and-public-key. + * delkey.c (delete_key): Add new arg allow_both. + (do_delete_key): Move most stuff from above to this new function. + +2001-01-12 Werner Koch + + * passphrase.c (passphrase_to_dek): Use MD5 when IDEA is installed + and we have no S2K. + * mainproc.c (proc_encrypted): Likewise + +2001-01-11 Werner Koch + + * sig-check.c (do_check): Print the signature key expire message + only in verbose mode and added the keyID. + +2001-01-09 Werner Koch + + * status.c, status.h: New status USERID_HINT. + (write_status_text): Replace LF and CR int text by C-escape sequence. + + * passphrase.c (passphrase_to_dek): Fixed the NEED_PASSPHRASE + output. It does now always print 2 keyIDs. Emit the new + USERID_HINT. + +2001-01-08 Werner Koch + + * g10.c, options.h: New option --no-expensive-trust-checks. + * keylist.c (list_keyblock): Act on this option. + +2001-01-04 Werner Koch + + * g10.c (main): Set homedir only in the pre-parsing phase and + replace backslashes in the W32 version. + +2001-01-03 Werner Koch + + * status.c, status.h : New status KEY_CREATED + * keygen.c (do_generate_keypair,generate_subkeypair): Emit it. + +2000-12-28 Werner Koch + + * signal.c (got_fatal_signal): Remove lockfiles here because the + atexit stuff does not work due to the use of raise. Suggested by + Peter Fales. + * gpgv.c (remove_lockfiles): New stub. + +2000-12-19 Werner Koch + + * status.c, status.h (cpr_get_no_help): New. + * keyedit.c (keyedit_menu): Use it here because we have our own + help list here. + +2000-12-18 Werner Koch + + * mainproc.c (print_failed_pkenc): Don't print the sometimes + confusing message about unavailabe secret key. Renamed ... + (print_pkenc_list): ... to this and introduced failed arg. + (proc_encrypted): Print the failed encryption keys and then + the one to be used. + (proc_pubkey_enc): Store also the key we are going to use. + + * mainproc.c (check_sig_and_print): Don't list revoked user IDs. + (is_uid_revoked): New. + +2000-12-08 Werner Koch + + * pipemode.c: Made the command work. Currently only for + non-armored detached signatures. + * mainproc.c (release_list): Reset the new pipemode vars. + (add_gpg_control): Handle the control packets for pipemode + * status.c, status.h: New stati {BEGIN,END}_STREAM. + +2000-12-07 Werner Koch + + * g10.c: New option --allow-secret-key-import. + * import.c (import_keys,import_keys_stream): Honor this option. + (import): New arg allow_secret and pass that arg down to ... + (import_secret_one): to this and print a warning if secret key + importing is not allowed. + +2000-12-05 Werner Koch + + * cipher.c (cipher_filter): Moved the end_encryption status ... + * encode.c (encode_simple,encode_crypt): to here + * sign.c (sign_file): and here. + + * status.c (mywrite): Removed. + (get_status_string): Removed the LFs from the strings. + (set_status_fd,is_status_enabed,write_status_text, + write_status_buffer): Replaced all mywrite by stdio calls and use + fdopen to create a strem. This is needed to make things smoother + in the W32 version. + +2000-12-04 Werner Koch + + * import.c (merge_blocks): Increment n_sigs for revocations. + +2000-11-30 Werner Koch + + * g10.c (main): Use iobuf_translate_file_handle for all options + with filehandles as arguments. This is function does some magic + for the W32 API. + + * verify.c (verify_signatures): Add a comment rant about the + detached signature problem. + * mainproc.c (proc_tree): Issue an error if a detached signature + is assumed but a standard one was found. + * plaintext.c (hash_datafiles): Don't fall back to read signature + from stdin. + * openfile.c (open_sigfile): Print verbose message only if the + file could be accessed. + +2000-11-24 Werner Koch + + * passphrase.c [HAVE_DOSISH_SYSTEM]: Disabled all the agent stuff. + +2000-11-16 Werner Koch + + * g10.c: New option --use-agent + * passphrase.c (agent_open,agent_close): New. + (agent_get_passphrase,agent_clear_passphrase): New. + (passphrase_clear_cache): New. + (passphrase_to_dek): Use the agent here. + * seckey-cert.c (do_check): Clear cached passphrases. + +2000-11-15 Werner Koch + + * status.c (write_status_text): Moved the big switch to ... + (get_status_string): ... new function. + (write_status_buffer): New. + + * status.c (mywrite): New and replaced all write() by this. + + * status.c, status.h: Add 3 status lcodes for notaions and policy. + * mainproc.c (print_notation_data): Do status output of notations. + +2000-11-13 Werner Koch + + * sign.c (clearsign_file): Use LF macro to print linefeed. + +2000-11-11 Paul Eggert + + Clean up the places in the code that incorrectly use "long" or + "unsigned long" for file offsets. The correct type to use is + "off_t". The difference is important on large-file hosts, + where "off_t" is longer than "long". + + * keydb.h (struct keyblock_pos_struct.offset): + Use off_t, not ulong, for file offsets. + * packet.h (dbg_search_packet, dbg_copy_some_packets, + search_packet, copy_some_packets): Likewise. + * parse-packet.c (parse, dbg_search_packet, search_packet, + dbg_copy_some_packets, copy_some_packets): Likewise. + * ringedit.c (keyring_search): Likewise. + + * parse-packet.c (parse): Do not use %lu to report file + offsets in error diagnostics; it's not portable. + * ringedit.c (keyring_search): Likewise. + +2000-11-09 Werner Koch + + * g10.c (main): New option --enable-special-filenames. + +2000-11-07 Werner Koch + + * g10.c (main): New command --pipemode. + * pipemode.c: New. + +2000-10-23 Werner Koch + + * armor.c (armor_filter): Changed output of hdrlines, so that a CR + is emitted for DOS systems. + + * keygen.c (read_parameter_file): Add a cast for isspace(). + + * status.c (myread): Use SIGINT instead of SIGHUP for DOS. + +2000-10-19 Werner Koch + + * g10.c: New option --ignore-crc-error + * armor.c (invalid_crc): New. + (radix64_read): Act on new option. + + * openfile.c (try_make_homedir): Klaus Singvogel fixed a stupid + error introduced on Sep 6th. + +2000-10-18 Werner Koch + + * misc.c (print_cipher_algo_note): Don't print the note for AES. + Changed wording. + +2000-10-16 Werner Koch + + * mainproc.c (do_proc_packets): Hack to fix the problem that + signatures are not detected when there is a MDC packet but no + compression packet. + + * g10.c (print_hashline): New. + (print_mds): Use above func with --with-colons. + + * mainproc.c (check_sig_and_print): Detect multiple signatures + and don't verify them. + +2000-10-14 Werner Koch + + * mainproc.c (add_onepass_sig): There is an easier solution to the + error fixed yesterday; just check that we only have onepass + packets. However, the other solution provides an cleaner + interface and opens the path to get access to other information + from the armore headers. + (release_list): Reset some more variables. + +2000-10-13 Werner Koch + + * mainproc.c (add_gpg_control): New. + (do_proc_packets): use it. + (proc_plaintext): Changed logic to detect clearsigns. + (proc_tree): Check the cleartext sig with some new code. + + * packet.h: New packet PKT_GPG_CONTROL. + * parse-packet.c (parse_gpg_control): New. + * misc.c (get_session_marker): New. + * armor.c (armor_filter): Replaced the faked 1-pass packet by the + new control packet. + + * keyedit.c (keyedit_menu): Allow batchmode with a command_fd. + * status.c (my_read): New. + (do_get_from_fd): use it. + +2000-10-12 Werner Koch + + * keygen.c (keygen_add_std_prefs): Add Rijndael to the prefs. + +2000-10-07 Werner Koch + + * gpgv.c: Add more stubs for ununsed code to make the binary smaller. + +Wed Oct 4 15:50:18 CEST 2000 Werner Koch + + * sign.c (hash_for): New arg to take packet version in account, changed + call callers. + + * gpgv.c: New. + * Makefile.am: Rearranged source files so that gpgv can be build with + at least files as possible. + +Mon Sep 18 12:13:52 CEST 2000 Werner Koch + + * hkp.c (not_implemented): Print a notice for W32 + +Fri Sep 15 18:40:36 CEST 2000 Werner Koch + + * keygen.c (keygen_add_std_prefs): Changed order of preferences to + twofish, cast5, blowfish. + + * pkclist.c (algo_available): Removed hack to disable Twofish. + +Thu Sep 14 17:45:11 CEST 2000 Werner Koch + + * parse-packet.c (dump_sig_subpkt): Dump key flags. Print special + warning in case of faked ARRs. + + * getkey.c (finsih_lookup): Hack so that for v4 RSA keys the subkey + is used for encryption. + +Thu Sep 14 14:20:38 CEST 2000 Werner Koch + + * g10.c (main): Default S2K algorithms are now SHA1 and CAST5 - this + should solve a lot of compatibility problems with other OpenPGP + apps because those algorithms are SHOULD and not optional. The old + way to force it was by using the --openpgp option whith the drawback + that this would disable a couple of workarounds for PGP. + + * g10.c (main): Don't set --quite along with --no-tty. By Frank Tobin. + + * misc.c (disable_core_dump): Don't display a warning here but a return + a status value and ... + * g10.c (main): ...print warnining here. Suggested by Sam Roberts. + +Wed Sep 13 18:12:34 CEST 2000 Werner Koch + + * keyedit.c (keyedit_menu): Allow to use "debug" on the secret key. + + * ringedit.c (cmp_seckey): Fix for v4 RSA keys. + * seckey-cert.c (do_check): Workaround for PGP 7 bug. + +Wed Sep 6 17:55:47 CEST 2000 Werner Koch + + * misc.c (print_pubkey_algo_note): Do not print the RSA notice. + * sig-check.c (do_signature_check): Do not emit the RSA status message. + * pubkey-enc.c (get_session_key): Ditto. + + * encode.c (encode_simple, encode_crypt): Fix for large files. + * sign.c (sign_file): Ditto. + +Wed Sep 6 14:59:09 CEST 2000 Werner Koch + + * passphrase.c (hash_passphrase): Removed funny assert. Reported by + David Mathog. + + * openfile.c (try_make_homedir): Changes for non-Posix systems. + * g10.c (main): Take the default homedir from macro. + + * g10.c: The --trusted-key option is back. + * trustdb.c (verify_own_key): Handle this option. + (add_ultimate_key): Moved stuff from verify_own_key to this new func. + (register_trusted_key): New. + +Fri Aug 25 16:05:38 CEST 2000 Werner Koch + + * parse-packet.c (dump_sig_subpkt): Print info about the ARR. + + * openfile.c (overwrite_filep): Always return okay if the file is + called /dev/null. + (make_outfile_name): Add ".sign" to the list of know extensions. + (open_sigfile): Ditto. + +Wed Aug 23 19:52:51 CEST 2000 Werner Koch + + * g10.c: New option --allow-freeform-uid. By Jeroen C. van Gelderen. + * keygen.c (ask_user_id): Implemented here. + +Fri Aug 4 14:23:05 CEST 2000 Werner Koch + + * status.c (do_get_from_fd): Ooops, we used fd instead of opt.command_fd. + Thanks to Michael Tokarev. + +Tue Aug 1 20:06:23 CEST 2000 Werner Koch + + * g10.c: New opttion --try-all-secrets on suggestion from Matthias Urlichs. + * pubkey-enc.c (get_session_key): Quite easy to implement here. + +Thu Jul 27 17:33:04 CEST 2000 Werner Koch + + * g10.c: New option --merge-only. Suggested by Brendan O'Dea. + * import.c (import_one): Implemented it here + (import_secret_one): Ditto. + (print_stats): and give some stats. + +Thu Jul 27 12:01:00 CEST 2000 Werner Koch + + * g10.c: New options --show-session-key and --override-session-key + * pubkey-enc.c (hextobyte): New. + (get_override_session_key): New. + * mainproc.c (proc_pubkey_enc): Add session-key stuff. + * status.h, status.c (STATUS_SESSION_KEY): New. + +Thu Jul 27 10:02:38 CEST 2000 Werner Koch + + * g10.c (main): Use setmode(O_BINARY) for MSDOS while generating random bytes + (print_mds): Likewise for stdin. + * plaintext.c (handle_plaintext): Likewise for stdout. + +Mon Jul 24 10:30:17 CEST 2000 Werner Koch + + * keyedit.c (menu_expire): expire date for primary key can be set again. + +Wed Jul 19 11:26:43 CEST 2000 Werner Koch + + * keylist.c (is_uid_valid): New. + (list_keyblock): Print validity information for all user IDs. Note, this + has to be done at other places too; for now we have only minimal support. + +Wed Jul 12 13:32:06 CEST 2000 Werner Koch + + * helptext.c, pkclist.c: s/superseeded/superseded/ + +Mon Jul 10 16:08:57 CEST 2000 Werner Koch + + * parse-packet.c (enum_sig_subpkt): Fixed testing on crtitical bit in case + of a NULL buffer. Reported by Peter Marschall. + +Wed Jul 5 13:28:45 CEST 2000 Werner Koch + + * keyedit.c, keyid.c: Add some _() + + * argparse.c: Changed the flag to suppress --version handling to also + suppress --help. + +Wed Jun 28 11:54:44 CEST 2000 Werner Koch + + * armor.c (armor_filter): Set sigclass to 0 in case of non-dash-escaped + clearsig. This makes this mode work again. + + * mainproc.c (proc_tree): Fixed handling of one-pass-sig packets in textmode. + Disabled the ugly workaround for PGP 5 - let's see whether thi breaks less + cases. Found by Ted Cabeen. + + * options.h (DBG_HASHING): New. All commented md_start_debug are now + controlled by this debug option. + + * sign.c (print_status_sig_created): New and called from 2 places. + + * keygen.c (gen_rsa): New, but commented. + (ask_algo): Commented support for RSA. + + * seckey-cert.c (protect_secret_key): Started to fix the code for v4 RSA + keys - it is not solved yet. However, we have time until, Sep 20th ;) + +Wed Jun 14 12:27:09 CEST 2000 Werner Koch + + * status.c (init_shm_coprocessing): Changed the sequence of the get,attach + to cope with the changes in newer Linux kernels. This bug has been found + by who also proposed this solution. Hopefully + this does not break gpg on to many systems. + + * cipher.c (write_header): Protect the IV with the MDC too. + * encr-data.c (decrypt_data): Likewise. + +Fri Jun 9 10:09:52 CEST 2000 Werner Koch + + * g10.c: New options --no-auto-key-retrieve + * options.h (auto_key_retrieve): New. + * mainproc.c (check_sig_and_print): Implemented that. + +Wed Jun 7 19:19:09 CEST 2000 Werner Koch + + * sig-check.c (do_check): Use EMULATE_MDENCODE also on v4 packets. + +Wed Jun 7 17:25:38 CEST 2000 Werner Koch + + * cipher.c (write_header): Use plain CFB mode for MDC encrypted packets. + * encr-data.c (decrypt_data): Ditto. + +Mon Jun 5 23:41:54 CEST 2000 Werner Koch + + * seskey.c (do_encode_md, encode_md_value): Add new arg v3compathack to work + around a bug in old versions. + * sig-check.c (do_check): use the aboved workaround when enabled. + * g10.c: New option --emulate-md-decode-bug + +Mon Jun 5 12:37:43 CEST 2000 Werner Koch + + * build-packet.c (do_mdc): New. + (do_encrypted_mdc): Changed for the new proposal. + * parse-packet.c (parse_mdc): New. + (parse_encrypted): Fixed for the new proposal. + * packet.h (PKT_MDC): New. + * cipher.c (cipher_filter): Build the MDC packet here. + * g10.c (main): Enable --force-mdc. + * encr-data.c (mdc_decode_filter): Fixed for new MDC method + + * options.h(rfc2440): New. + * g10.c (main): Changed the selected values for --openpgp to not include + optional algorithms. + +Thu May 18 11:38:54 CEST 2000 Werner Koch + + * keyedit.c (keyedit_menu): Add a keyword arg to the prompt. + + * status.c, status.h: Added 3 new status tokens. + * status.c (do_get_from_fd): New. + (cpr_enabled,cpr_get,cpr_get_hidden,cpr_kill_prompt, + cpr_get_answer_is_yes,cpr_get_answer_yes_no_quit): Modified to work + with the new function. + * g10.c: Add new option --command-fd. + + * status.c (progress_cb): New. + (set_status_fd): Register progress functions + +Fri May 12 14:01:20 CEST 2000 Werner Koch + + * delkey.c (delete_key): Add 2 new status messages + * status.c, status.h (STATUS_DELETE_PROBLEM): New. + + Fixed years of copyright in all source files. + +Mon May 1 17:08:14 CEST 2000 Werner Koch + + * trustdb.c (propagate_validity): Fixed the bug that only one uid + gets fully trusted even when all are signed by an ultimate key. + +Mon May 1 15:38:04 CEST 2000 Werner Koch + + * getkey.c (key_byname): Always returned a defined context. Fixed + a segv for invalid user id specifications. Reported by Walter Koch. + + * getkey.c (get_user_id): I18ned "no user id" string. By Walter. + + * pkclist.c (do_show_revocation_reason): Typo fixes. + * helptext.c: Ditto. + + * armor.c (armor_filter): Fixed some CRLF issues. By Mike McEwan. + +Fri Apr 14 19:37:08 CEST 2000 Werner Koch + + * pkclist.c (do_show_revocation_reason): New. + (show_revocation_reason): New and called at various places. + + * g10.c (main): Fixed small typo. + + * pkclist.c (do_we_trust): Act on always_trust but not for revoked + keys. Suggested by Chip Salzenberg. + + * g10.c: New option --lock-never. + + * ringedit.c (get_writable_keyblock_file): New. + * keygen.c (do_generate_keypair): Use this instead of the hardwired one. + + * keygen.c (ask_user_id): Check that the email address is in the + correct field. Suggested by Christian Kurz. + +Mon Apr 10 13:34:19 CEST 2000 Werner Koch + + * keyedit.c (show_key_with_all_names): s/sbb/ssb/ + +Tue Mar 28 14:26:58 CEST 2000 Werner Koch + + * trustdb.c (verify_own_keys): Do not print warning about unprotected + key when in quiet mode. + +Wed Mar 22 13:50:24 CET 2000 Werner Koch + + * mainproc.c (print_userid): Do UTF8 conversion before printing. + * import.c (import_one): Ditto. + (import_secret_one): Ditto. + (delete_inv_parts): Ditto. + +Thu Mar 16 16:20:23 CET 2000 Werner Koch + + * keylist.c (print_key_data): Handle a NULL pk gracefully. + + * getkey.c (merge_one_pk_and_selfsig): Fixed silly code for + getting the primary keys keyID but kept using the one from the + subkey. + * pubkey-enc.c (get_it): Print a note for expired subkeys. + + * getkey.c (has_expired): New. + (subkeys_expiretime): New. + (finish_lookup): Check for expired subkeys needed for encryption. + (merge_keys_and_selfsig): Fixed expiration date merging for subkeys. + + * keylist.c (list_keyblock): Print expiration time for "sub". + (list_one): Add missing merging for public keys. + * mainproc.c (list_node): Ditto. + +2000-03-14 13:49:38 Werner Koch (wk@habibti.openit.de) + + * keygen.c (keyedit_menu): Do not allow to use certain commands + while the secret key is selected. + +2000-03-09 12:53:09 Werner Koch (wk@habibti.openit.de) + + * keygen.c (ask_expire_interval): Movede parsig to ... + (parse_expire_string): ... this new function. And some new control + commands. + (proc_parameter_file): Add expire date parsing. + (do_generate_keypair): Allow the use of specified output files. + +2000-03-08 10:38:38 Werner Koch (wk@habibti.openit.de) + + * keygen.c (ask_algo): Removed is_v4 return value and the commented + code to create Elg keys in a v3 packet. Removed the rounding + of key sizes here. + (do_create): Likewise removed arg v4_packet. + (gen_elg): Likewise removed arg version. Now rounding keysizes here. + (gen_dsa): Rounding keysize now here. + (release_parameter_list): New + (get_parameter*): New. + (proc_parameter_file): New. + (read_parameter_file): New. + (generate_keypair): Splitted. Now uses read_parameter_file when in + batch mode. Additional argument to specify a parameter file. + (do_generate_keypair): Main bulk of above fucntion and uses the + parameter list. + (do_create): Don't print long notice in batch mode. + * g10.c (main): Allow batched key generation. + +Thu Mar 2 15:37:46 CET 2000 Werner Koch + + * pubkey-enc.c (get_it): Print a note about unknown cipher algos. + + * g10.c (opts): Add a note to the help listing about the man page + and removed some options from the help listing. + + * keyedit.c (print_and_check_one_sig): Use a new function to truncate + the output of the user ID. Suggested by Jan-Benedict Glaw. + +Wed Feb 23 10:07:57 CET 2000 Werner Koch + + * helptext.c: typo fix. + +Thu Feb 17 13:39:32 CET 2000 Werner Koch + + * revoke.c: Removed a bunch of commented code. + + * packet.h (SIGSUBPKT_REVOC_REASON): New. + * build-packet.c (build_sig_subpkt): Support new sub packet. + * parse-packet.c (parse_one_sig_subpkt): Ditto. + (dump_sig_subpkt): Ditto. + * revoke.c (ask_revocation_reason): New. + (release_revocation_reason_info): New. + (revocation_reason_build_cb): New. + (gen_revoke): Ask for reason. + * main.h (struct revocation_reason_info): Add declaration. + * keyedit.c (menu_revsig): Add support for revocation reason. + (menu_revkey): Ditto. + (sign_uid_mk_attrib): Renamed to ... + (sign_mk_attrib): ... this, made static and add support for reasons. + +Tue Feb 15 08:48:13 CET 2000 Werner Koch + + * build-packet.c (build_packet): Fixed fixing of old comment packets. + + * import.c (import_keys): Fixed importing from stdin when called with + nnames set to zero as it normally happens. + +Mon Feb 14 14:30:20 CET 2000 Werner Koch + + * sig-check.c (check_key_signature2): Add new arg r_expired. + (do_signature_check): New arg to pass it down to ... + (do_check): New arg r-expire which is set when the signature + has expired. + * trustdb.c (check_sig_record): Set SIGF_EXPIRED flag and set + the expiretime to zero so that thi signature will not be checked + anymore. + +Fri Feb 11 17:44:40 CET 2000 Werner Koch + + * g10.c (g10_exit): Update the random seed_file. + (main): Set the random seed file. New option --no-random-seed-file. + +Thu Feb 10 17:39:44 CET 2000 Werner Koch + + * keyedit.c (menu_expire): Fixed segv due to unitialized sub_pk. + By Rémi. + +Thu Feb 10 11:39:41 CET 2000 Werner Koch + + * keylist.c (list_keyblock): Don't print warnings in the middle of + regulat output lines. By Rémi. + + * sig-check.c: Include options.h + +Wed Feb 9 15:33:44 CET 2000 Werner Koch + + * gpg.c: New option --ignore-time-conflict + * sig-check.c (do_check): Implemented this option. + * trustdb.c (check_trust): Ditto. + * sign.c (do_sign): Ditto. + * keygen.c (generate_subkeypair): Ditto. + + * encode.c (encode_simple): use iobuf_cancel after open failure. + Reported by Huy Le. + +Fri Jan 14 18:32:01 CET 2000 Werner Koch + + * packet.h (STRING2KEY): Changed mode from byte to int. + * parse-packet.c (parse_key): Add the special GNU protection stuff + * build-packet.c (so_secret_key): Ditto. + * seckey-cert.c (do_check): Ditto. + * keyedit.c (change_passphrase): Ditto. + * export.c (export_secsubkeys): New. + (do_export_stream): Hack to export the primary key using mode 1001. + * g10.c: New command --export-secret-subkeys + +Thu Jan 13 19:31:58 CET 2000 Werner Koch + + * armor.c (is_armored): Check for 1-pass-sig packets. Reported by + David Hallinan . + (armor_filter): Replaced one LF by the LF macro. Reported by + Wolfgang Redtenbacher. + +Wed Jan 5 11:51:17 CET 2000 Werner Koch + + * g10.c (main): Reset new global flag opt.pgp2_workarounds + when --openpgp is used. + * mainproc.c (proc_plaintext): Do the PGP2,5 workarounds only + when the global flag is set. + (proc_tree): Ditto. + * textfilter.c (copy_clearsig_text): Ditto. + * armor.c (armor_filter): Ditto. + + * g10.c: New option --list-only + * mainproc.c (proc_tree): Don't do it if opt.list_only is active. + (proc_pubkey_enc): Implement option. + + * status.h, status.c ({BEGIN,END}_{EN,DE}CRYPTION): New. + * cipher.c (cipher_filter): New status outputs. + * mainproc.c (proc_encrypted): New status outputs. + +Fri Dec 31 14:08:15 CET 1999 Werner Koch + + * armor.c (armor_filter): Made the "Comment:" header translatable. + + * hkp.c (hkp_import): Make sure that the program does not return + success when there is a connection problem. Reported by Phillip Jones. + +Sun Dec 19 15:22:26 CET 1999 Werner Koch + + * armor.c (LF): Use this new macro at all places where a line LF + is needed. This way DOSish textfiles should be created when the + input data is also in dos mode. + * sign.c (LF): Ditto. + * textfilter.c (LF): Ditto. + (copy_clearsig_text): Disabled the forcing of CR,LF sequences + for DOS systems. + + * plaintext.c (handle_plaintext): Fixes for line endings on DOS. + and react on a LF in cleartext. + * armor.c (fake_packet): Restore the original line ending after + removing trailing spaces. + + * signal.c (got_fatal_signal): DOS fix. + +Thu Dec 16 10:07:58 CET 1999 Werner Koch + + * mainproc.c (print_failed_pkenc): Fix for unknown algorithm. + Found by fygrave@epr0.org. + +Thu Dec 9 10:31:05 CET 1999 Werner Koch + + * hkp.c: i18n the strings. + +Sat Dec 4 15:32:20 CET 1999 Werner Koch + + * trustdb.c (verify_key): Shortcut for ultimately trusted keys. + +Sat Dec 4 12:30:28 CET 1999 Werner Koch + + * pkclist.c (build_pk_list): Validate the trust using the namehash + if this one has been set by the key lookup. + + * g10.c: Add --delete-secret-key to the help page. + + * openfile.c (copy_options_file): Made static. + (try_make_homedir): New. + * ringedit.c (add_keyblock_resource): Use the try_make_hoemdir logic. + * tdbio.c (tdbio_set_dbname): Likewise. + + * keygen.c (generate_user_id): Use m_alloc_clear() here. We should + better use an allocation function specific to the user_id packet. + + * keygen.c (keygen_add_std_prefs): Changed symmetric preferences + to include Blowfish again. This is due to it's better speed compared + to CAST5. + + * g10.c (strusage): Print the home directory. + + * armor.c (armor_filter): Take action on the cancel control msg. + * filter.h (armor_filter_context_t): Add cancel flag. + +Mon Nov 29 21:52:11 CET 1999 Werner Koch + + * g10.c: New option --fast-list-mode .. + * keylist.c (list_keyblock): .. and implemented. + * mainproc.c (list_node): Ditto. + + * import.c (mark_non_selfsigned_uids_valid): Fixed the case that there + is a uid without any packet following. + +Mon Nov 22 11:14:53 CET 1999 Werner Koch + + * mainproc.c (proc_plaintext): Never enable the hash processing + when skip_verify is active. + + * armor.c (parse_header_line): Stop parsing on a WS line too. + Suggested by Aric Cyr. + + * tdbdump.c (HEXTOBIN): Changed the name of the argument, so that + traditional cpp don't mess up the macros. Suggested by Jos Backus. + + * mainproc.c (list_node): Print the PK algo in the --with-colon mode. + * keylist.c (list_keyblock): Ditto. + + * signal.c (got_fatal_signal): Found the reason why exit(8) did not + work - it is better to set the disposition back to default before + raising the signal. Print the notice on stderr always. + +Fri Nov 12 20:33:19 CET 1999 Werner Koch + + * g10.c (make_username): Swapped the logic. + * keylist.c (public_key_list): Now takes a STRLIST as arg and moved + the creation ot this list to the caller, so that he can copy with + UTF-conversion of user IDs. Changed all callers. + (secret_key_list): Likewise. + + * getkey.c (get_user_id_string_native): New and ... + * encode.c (write_pubkey_enc_from_list): ... use it here. + + * pubring.asc: Updated. + + * packet.h (PKT_PHOTO_ID): New. + * parse-packet.c (parse_photo_id): New. + * build-packet.c (do_user_id: Handle photo IDs. + (build_packet): Change CTB for photo IDs + * free-packet.c (free_user_id): Release memory used for photo IDs + * sig-check.c (hash_uid_node): Handle photo IDs too. + * trustdb.c (print_uid_from_keyblock): Hash photo ID. + (make_uid_records): Ditto. + * getkey.c (find_by_name): Ditto. + * keyedit.c (show_prefs): Ditto. + * keylist.c (list_keyblock): Ditto. + +Thu Oct 28 16:08:20 CEST 1999 Werner Koch + + * keygen.c (ask_expire_interval): Print a warning for systems + with a signed 32 time_t if the exiration time is beyoind 2038. + +Fri Oct 8 20:40:50 CEST 1999 Werner Koch + + * ringedit.c (enum_keyblocks): The last fix way really stupid; + reverted and set rt to Unknown. + +Fri Oct 8 20:32:01 CEST 1999 Werner Koch + + * ringedit.c (enum_keyblocks): Zero the entire kbpos out on open. + + * g10.c (oEntropyDLL): Removed option. + (main): Made the warning on development versions more verbose. + + * g10.c (oHonorHttpProxy): New option. + * hkp.c (hkp_ask_import,hkp_export): Implement this option. + * options.skel: Enable this option for new installations + +Mon Oct 4 21:23:04 CEST 1999 Werner Koch + + * import.c (import_keys): Changed calling interface, adjusted caller. + (import): Moved printing of stats out ... + (print_stats): New. ... to here. + (import_keys_stream): Call stats print here. + (import_keys): Print stats as totals for all files. + + * tdbio.h (DIRF_NEWKEYS): New + * tdbio.c (tdbio_dump_record): Print the new flag. + * trustdb.c (check_trust_record): New arg sigs_only. Adapted all + callers. + (do_update_trust_record): Removed recheck arg and add a new sigs_only + do we can later improve on the performance. Changed all callers too. + (check_trustdb): Evalutate the new flag and add a status output. + Do a check when the dir record has not been checked. + (build_cert_tree): Evaluate the new flag. + (check_trust): Ditto. Do a trust_record check, when the dir record + is not marked as checked. + (mark_fresh_keys): New. + (clear_lid_table): New. + (sync_trustdb): New. + * import.c (import_keys): Call sync_trustdb() after processing. + (import_keys_stream): Ditto. + * tdbdump.c (import_ownertrust): Ditto. + + * import.c (import_revoke_cert): Notify the trust DB. + (do_update_trust_record): Use |= to set the REVOKED bit and not &=; + shame on me for this bad copy+paste introduced bug. + (do_we_trust): Add trustmask to allow revoked key override to work. + Chnaged are to allow return of a mofified trustlevel. Adapted the + one caller. + + * g10.c: New options --emulate-3des-s2k-bug + * passphrase.c (hash_passphrase): Implemented above. + + * mainproc.c (proc_tree): Check for standalone signatures. + (do_check_sig): Print a notice for a standalone revocation + (check_sig_and_print): Do not print an error for unchecked standalone + revocations. + +Tue Sep 28 20:54:37 CEST 1999 Werner Koch + + * encode.c (encode_simple): Use new CTB when we don't have the + length of the file. This is somewhat strange as the comment above + indicates that this part is actually fixed for PGP 5 - maybe I simply + lost the source line, tsss. + + * armor.c (armor_filter): Set a flag if no OpenPGP data has been found. + * verify.c (verify_signatures): Add an error helptext. + +Thu Sep 23 19:24:30 CEST 1999 Werner Koch + + * openfile.c (open_outfile): Fixed the 8dot3 handling. + + * passphrase.c (passphrase_to_dek): Print uid using utf8 func. + * delkey.c (delete_key): Ditto. + * pkclist.c (show_paths,do_edit_ownertrust,do_we_trust): Ditto + (do_we_trust_pre): Ditto. + * trustdb.c (print_user_id,check_uidsigs): Ditto. + * revoke.c (gen_revoke,ask_revoke_sig): Ditto. + +Thu Sep 23 09:52:58 CEST 1999 Werner Koch + + * verify.c (print_file_status): New. + (verify_one_file): Moved status print to th new fnc. Add error status. + * status.c, status.h (STATUS_FILE_ERROR): New + +Wed Sep 22 10:14:17 CEST 1999 Werner Koch + + * openfile.c (make_outfile_name): Use case-insenstive compare for + DOS systems. Add ".pgp" to the list of know extensions. + (open_outfile): For DOS systems try to replace the suffiy instead of + appending it. + + * status.c, status.h: Add STATUS_FILE_{START,DONE}. + * verify.c (verify_one_file): Emit these new stati. + + * sign.c (clearsign_file): Avoid duplicated Entries in the "Hash:" + line. Those headers are now only _not_ printed when there are + only old-style keys _and_ all hashs are MD5. + +Mon Sep 20 12:24:41 CEST 1999 Werner Koch + + + * verify.c (verify_files, ferify_one_file): New. + * g10.c: New command --verify-files + +Fri Sep 17 12:56:42 CEST 1999 Werner Koch + + * g10.c: Add UK spelling as alias for armor options ;-) + + * import.c (append_uid): Fixed a SEGV when there is no selfsig and + no subkey. + (merge_sigs): Ditto. Removed the assertion. + +Wed Sep 15 16:22:17 CEST 1999 Werner Koch + + * g10.c: New option --entropy-dll-name + +Mon Sep 13 10:51:29 CEST 1999 Werner Koch + + * signal.c (got_fatal_signal): Print message using write(2) and + only for development versions. + +Mon Sep 6 19:59:08 CEST 1999 Werner Koch + + * tdbio.c (tdbio_set_dbname): Use mkdir macro + * ringedit.c (add_keyblock_resource): Ditto. + +Fri Sep 3 10:04:45 CEST 1999 Werner Koch + + * pkclist.c (build_pk_list): Skip keys set with --encrypt-to also + when asking for a key. + + * plaintext.c (handle_plaintext): Make sure that we don't read a + second EOF in the read loop for partial length packets. + + * mainproc.c (check_sig_and_print): print user ID as utf-8. + +Thu Sep 2 16:40:55 CEST 1999 Werner Koch + + * import.c (merge_blocks): First add new subkeys, then merge subkey + certificates. + (merge_sigs): Don't merge subkey signatures here. + +Wed Sep 1 15:30:44 CEST 1999 Werner Koch + + * keygen.c (ask_expire_interval): Fixed bug related to cpr_xx (tnx + Francis J. Lacoste). + +Tue Aug 31 17:20:44 CEST 1999 Werner Koch + + * plaintext.c (do_hash): Hash CR,LF for a single CR. + (ask_for_detached_datafile): Changed arguments to be closer to + those of hash_datafiles and cleanup the code a bit. + * mainproc.c (proc_tree): Workaround for pgp5 textmode detached + signatures. Changed behavior of asking for data file to be the same + as with provided data files. + + * keylist.c (list_keyblock): Use UTF8 print functions. + +Mon Aug 30 20:38:33 CEST 1999 Werner Koch + + * import.c (chk_self_sigs): some s/log_error/log_info/ so that gpg + does not return an error if a key has some invalid packets. + + * helptext.c: Fixed some typos and changed the way the + translation works. The english text is now the keyword for gettext + and not anymore the keyword supplied to the function. Done after + some discussion with Walter who thinks this is much easier for the + translators. + + * misc.c (disable_core_dumps): Don't do it for DOSish systems. + + * signal.c (signal_name): Bounds check on signum. + +Wed Aug 4 10:34:18 CEST 1999 Werner Koch + + * pubring.asc: Updated. + + * pkclist.c (do_we_trust_pre,check_signatures_trust): Do not print + the warning about --always_trust when --quiet is used. + + * pkclist.c (fpr_info): New and called at several places. + + * parse-packet.c (dump_sig_subpkt): List revocation key contents. + +Mon Jul 26 09:34:46 CEST 1999 Werner Koch + + * pkclist.c (build_pk_list): Fixed typo in format string. + + * trustdb.c (create_shadow_dir): Don't translate the error string. + + * g10.c (main): Fixed spelling of user-id. + * getkey.c (find_by_name_pk,find_by_name_sk, + find_by_keyid,find_by_keyid_sk): Ditto and translate it. + * import.c (mark_non_selfsigned_uids_valid,delete_inv_parts): Ditto. + + +Mon Jul 26 01:01:39 CEST 1999 Michael Roth + + * g10.c, options.h: New options --no-literal and --set-filesize + + * encode.c (encode_simple, encode_crypt): Support for the options + --no-literal and --set-filesize. + + * sign.c (sign_file): ditto. + +Fri Jul 23 13:53:03 CEST 1999 Werner Koch + + + * ringedit.c (enum_keyblocks): Removed annoying error message in cases + when we have no keyring at all to enum. + + * getkey.c (classify_user_id): Rewrote to relax the recognition of + keyIDs and fingerprints (Michael). + + * mainproc.c (check_sig_and_print): Print status NO_PUBKEY. + (print_failed_pkenc): Print status NO_SECKEY. + + * import.c (mark_non_selfsigned_uids_valid): New. + * g10.c: New option --allow-non-selfsigned-uid. + + * pkclist.c (print_fpr): New. + (do_we_trust_pre): Print the fpr before asking whether to use the key + anyway. + (do_edit_ownertrust): Likewise. + +Thu Jul 22 20:03:03 CEST 1999 Werner Koch + + + * ringedit.c (enum_keyblocks): Removed annoying error message in cases + when we have no keyring at all to enum. + + * getkey.c (classify_user_id): Rewrote to relax the recognition of + keyIDs and fingerprints (Michael). + + * mainproc.c (check_sig_and_print): Print status NO_PUBKEY. + (print_failed_pkenc): Print status NO_SECKEY. + + * import.c (mark_non_selfsigned_uids_valid): New. + * g10.c: New option --allow-non-selfsigned-uid. + +Thu Jul 15 10:15:35 CEST 1999 Werner Koch + + * g10.c: New options --disable-{cipher,pubkey}-algo. + +Wed Jul 14 19:42:08 CEST 1999 Werner Koch + + * status.h (STATUS_IMPORTED): New. + * import.c (import): Print some status information (Holger Schurig). + + * g10.c (main): Make --no-greeting work again. Add a warning when + --force-mds is used. + +Tue Jul 13 17:39:25 CEST 1999 Werner Koch + + * pkclist.c (do_edit_ownertrust): Changed the way help works. + (build_pk_list): Implemented default recipient stuff. + * g10.c: New options --default-recipient[-self] + (main): Suppress greeting in most cases, entering a passphrase or + a missing value is not considered to be interactive use. + Merged --print-md and --print-mds; the latter is now obsolete. + Changed the way --gen-random works and documented it. + Changed the way --gen-prime works and add a man entry. + * g10.c (MAINTAINER_OPTIONS): Removed. + +Mon Jul 12 18:45:57 CEST 1999 Werner Koch + + * keyedit.c (keyedit_menu): Add arg sign_mode and changed callers + * g10.c (main): New command --lsign-key. + +Mon Jul 12 14:55:34 CEST 1999 Werner Koch + + * mainproc.c (kidlist_item): New. + (release_list): Release failed pk-enc-list. + (print_failed_pkenc): New + (proc_encrypted): Print info about failed PK enc. + + * openfile.c (make_outfile_name): s/error/info/ + + * passphrase.c (passphrase_to_dek): Return an empty passphrase when + in batch mode and don't make the warning message fatal + * seckey-cert.c (check_secret_key): Try only once when in batch mode. + + * g10.c (make_username): New. + +Thu Jul 8 16:21:27 CEST 1999 Werner Koch + + + * packet.h (PKT_ring_trust): New + * parse-packet.c (parse_trust): Store trust value + * build-packet (build_packet): Ignore ring trust packets. + * mainproc.c (add_ring_trust): New. + (list_node): Print "rtv" records. + * g10.c: New option --with-fingerprint. + + * trustdb.c (verify_own_keys): Don't insert if we are dry running + (check_trust): Ditto. + +Wed Jul 7 13:08:40 CEST 1999 Werner Koch + + * Makefile.am: Support for libtool. + + * keygen.c (ask_expire_interval): Hack to allow for an expire date. + + * trustdb.c (do_update_trust_record,update_trust_record): Splitted. + (check_trust_record): New. + (check_trust,build_cert_tree): Check the dir record as needed. + (upd_pref_record): Removed. + (make_pref_record): New. + (propagate_validity): Stop as soon as we have enough validity. + + * tbdio.c (MAX_CACHE_ENTRIES_HARD): Increased the limit. + + +Fri Jul 2 11:45:54 CEST 1999 Werner Koch + + * g10.c (g10_exit): Dump random stats. + + * sig-check.c (check_key_signature,check_key_signature2): Enhanced + version and wrapper for old function. + (do_signature_check,signature_check): Ditto. + +Thu Jul 1 12:47:31 CEST 1999 Werner Koch + + + * keyedit.c (show_key_with_all_names): Print a notice for disabled keys. + (enable_disable_keys): Add functionality + * pkclist.c (edit_ownertrust): preserve disabled state. + (build_pk_list): Skip disabled keys. + * trustdb.c (upd_one_ownertrust): Ditto. + (build_cert_tree): Mask the ownertrust. + (trust_letter): Mask the value. + (do_check): Take disabled flag into account. + + * passphrase.c (passphrase_to_dek): Add a pubkey_algo arg and changed + all callers. + + * g10.c (utf8_strings): 2 new options. + + * trustdb.c (insert_trust_record_by_pk): New, replaces the next one. + (insert_trust_record): Now takes a keyblock as arg. Changed all + callers to use the appropritae function. + + * openfile.c (ask_outfile_name): New. + * plaintext.c (handle_plaintext): Ask for filename if there is + no valid syntax. Don't use fname varbatim but filter it. + +Tue Jun 29 21:44:25 CEST 1999 Werner Koch + + + * trustdb.h (TRUST_FLAG_DISABLED): New. + + * status.c (USE_CAPABILITIES): Capabilities support (Remi). + + * tdbio.c : Added new fields to the DIR record. + (tdbio_write_record): Fixed the update of the hash tables. + (tdbio_delete_record): Drop the record from the hash tables. + (drop_from_hashtbl): New. + + * status.c (cpr_get): Special online help mode. + * helptext.c ("keyedit.cmd"): Removed. + * keyedit.c (keyedit_menu): Use only help system. + (enable_disable_key): New bit doies not yet work. + +Sat Jun 26 12:15:59 CEST 1999 Werner Koch + + + * dearmor.c (enarmor_file): Fixed comment string. + * tdbdump.c (export_ownertrust): Text fix. + * tbio.c (tdbio_invalid): Ditto. + + * parse-packet.c (parse_key): Made temp buffer larger. + + * Makefile.am (install-data-local): Add missing backslashes + +Tue Jun 15 12:21:08 CEST 1999 Werner Koch + + * g10.c (main): Made iterated+salted the default S2K method. + + * Makefile.am (install-data-local): Use DESTDIR. + + * passphrase.c (passphrase_to_dek): Emit missing-passphrase while in + batchmode. + + * parse-packet.c (parse_pubkeyenc): Fixed a SEGV. + +Mon Jun 14 21:18:54 CEST 1999 Michael Roth + + * g10.c: New options --openpgp, --no-tty, --emit-version, + --default-comment and --lock-multiple + +Thu Jun 10 14:18:23 CEST 1999 Werner Koch + + * free-packet.c (free_encrypted): Fixed EOF case (Remi). + (free_plaintext): Ditto. + + * helptext.c (keyedit.delsig.unknown): New (Remi). + * keyedit.c (print_and_check_one_sig): Add arg print_without_key and + changed all callers to make use of it (Remi): + +Tue Jun 8 13:36:25 CEST 1999 Werner Koch + + * keylist.c (print_key_data): New and called elsewhere. + * g10.c: New option --with-key-data + +Wed Jun 2 14:17:19 CEST 1999 Werner Koch + + * mainproc.c (proc_tree): Yet another bad hack to cope with + broken pgp2 created detached messages in textmode. + +Tue Jun 1 16:01:46 CEST 1999 Werner Koch + + * openfile.c (make_outfile_name): New. + * plaintext.c (handle_plaintext): Outputfile is now the inputfile + without the suffix. + * g10.c: New option --use-embedded-filename + +Mon May 31 19:41:10 CEST 1999 Werner Koch + + * g10.c (main): Fix for SHM init (Michael). + + * compress.c, encr-data.c, mdfilter.c, + plaintext.c, free-packet.c: Speed patches (Rémi). + +Thu May 27 09:40:55 CEST 1999 Werner Koch + + * status.c (cpr_get_answer_yes_no_quit): New. + * keyedit.c (menu_delsig): New. + (check_all_keysigs): Splitted. + (print_and_check_one_sig): New. + +Wed May 26 14:36:29 CEST 1999 Werner Koch + + * build-packet.c (build_sig_subpkt): Support large packets. + * parse-packet.c (enum_sig_subpkt): Replaces parse_sig_subpkt. + * mainproc.c (print_notation_data): Print all notation packets. + * g10.c (add_notation_data): Add a way to specify the critical flag. + (main): Add option --set-policy-url. + (check_policy_url): Basic checks. + * sign.c (mk_notation_and_policy): Replaces mk_notation. + + * parse-packet.c (can_handle_critical): Moved decision whether we can + handle critical subpacket to an extra function. + +Tue May 25 19:50:32 CEST 1999 Werner Koch + + * sign.c (sign_file): Always use compression algo 1 for signed + onyl file becuase we can´ be sure the the verifier supports other + algorithms. + + * build-packet.c (build_sig_subpkt): Support for notation data. + * sign.c (sign_file,clearsign_file,make_keysig_packet): Ditto. + (mk_notation): New. + * g10.c (add_notation_data): New and add option -N + * mainproc.c (print_notation_data): New. + (check_sig_and_print): Print any notation data of the signed text. + +Sun May 23 14:20:22 CEST 1999 Werner Koch + + * pkclist.c (check_signatures_trust): Print a warning and return + immediateley if opt.always_trust is true. + + * g10.c (main): Corrected handling of no-default-keyring + + * pkclist.c (algo_available): Disable Twofish until we have settled + how to do the MDC. + + * hkp.c: Disable everything for mingw32 + +Sat May 22 22:47:26 CEST 1999 Werner Koch + + * mainproc.c (check_sig_and_print): Add sig creation time to the + VALIDSIG status output. Add more info to the ERRSIG output. + * sig-check.c (signature_check): Add sig time after epoch to SIG_ID. + + * import.c (import_one): Merge duplicate user IDs. + (collapse_uids): New. + * kbnode.c (move_kbnode): New. + (remove_kbnode): New. + * keyedit.c (keyedit_menu): Call collapse_uids. + + * g10.c: new option --logger-fd. + + * import.c: s/log_*_f/log_*/ + +Thu May 20 14:04:08 CEST 1999 Werner Koch + + * misc.c (pull_in_libs): do the volatile only for gcc + + * sig-check (signature_check): Emit SIG_iD only for classes 0 and 1. + + * armor.c (armor_filter): Add detection of PGP2 created clearsigs. + (fake_packet): A tab is not a WS for pgp2 - handle this. + * textfilter.c (len_without_trailing_chars): New. + (copy_clearsig_text): Add pgp2mode arg. + * sign.c (clearsign_file): pass old_style to the above fnc. + + +Wed May 19 16:04:30 CEST 1999 Werner Koch + + * g10.c: New option --interactive. + + * mainproc.c (proc_plaintext): Add workaround for pgp2 bug + (do_check_sig): Ditto. + (proc_tree): Ditto. + * plaintext.c (do_hash): Ditto. + (hash_datafiles): Ditto, add an arg, changed all callers. + * mdfilter.c (md_filter): Add support for the alternate hash context. + +Mon May 17 21:54:43 CEST 1999 Werner Koch + + * parse-packet.c (parse_encrypted): Support for PKT_ENCRYPTED_MDC. + * build-packet.c (do_encrypted_mdc): Ditto. + * cipher.c (write_header): Add mdc hashing. + (cipher_filter): write out the hash. + * mainproc.c (do_proc_packets): Add PKT_ENCRYPTED_MDC. + * encr-data.c (decrypt_data): Add mdc hashing. + (mdc_decode_filter): New. + + * parse-packet.c (parse_sig_subpkt): Fixed stupid bug for subpkt + length calculation + (parse_signature): Fixed even more stupid bug. + +Sat May 8 19:28:08 CEST 1999 Werner Koch + + * build-packet.c (do_signature): Removed MDC hack. + * encode.c (encode_crypt_mdc): Removed. + * mainproc.c (do_check_sig): Removed MDC hack. + (check_sig_and_print): Ditto. + * parse-packet.c (parse_signature): Ditto. + * sig-check.c (mdc_kludge_check): Ditto. + * free-packte.c (copy_signature, free_seckey_enc): Ditto. + + * parse-packet.c (parse_signature,parse_key): Store data of + unknown algorithms with mpi_set_opaque inseatd of the old + faked data stuff. + (read_rest): Removed. + (read_rest2): Renamed to read_rest + * build-packet.c (write_fake_data): Use mpi_get_opaque. + * free-packet.c (cp_fake_data): Removed and cahnged all callers + to use mpi_copy. + (free_pubkey_enc,free_seckey_enc,release_public_key_parts, + release_secret_key_parts): Use mpi_free for opaque data. + +Thu May 6 14:18:17 CEST 1999 Werner Koch + + * trustdb.c (check_trust): Check for revoked subkeys. + * pkclist.c (do_we_trust): Handled revoked subkeys. + (do_we_trust_pre): Ditto. + (check_signatures_trust): Ditto. + + * build-packet.c (hash_public_key): Fix for ancient g10 keys. + + * mainproc.c (do_proc_packets): Return EOF if no data has been read. + * g10.c (main): Catch errors for default operation. + +Thu Apr 29 12:29:22 CEST 1999 Werner Koch + + * sign.c (sign_file): Fixed hashing in case of no subpackets. + (clearsign_file): Ditto. + (make_keysig_packet): Ditto. + +Wed Apr 28 13:03:03 CEST 1999 Werner Koch + + * keyedit.c (keyedit_menu): Add new command revkey. + * (menu_revkey): New. + + +Mon Apr 26 17:48:15 CEST 1999 Werner Koch + + * parse-packet.c (parse_signature): Add the MDC hack. + * build-packet.c (do_signature): Ditto. + * free-packet.c (free_seckey_enc,copy_signature,cmp_signatures): Ditto. + * mainproc.c (do_check_sig): Ditto. + * sig-check.c (mdc_kludge_check): New. + * encode.c (encrypt_mdc_file): New. + + * keyedit.c (check_all_keysigs): List revocations. + * (menu_revsig): New. + * sign (make_keysig_packet): Support for class 0x30. + +Sun Apr 18 20:48:15 CEST 1999 Werner Koch + + * pkclist.c (select_algo_from_prefs): Fixed the case that one key + has no preferences (Remi Guyomarch). + + keylist.c (list_keyblock): ulti_hack to propagate trust to all uids. + +Sun Apr 18 10:11:28 CEST 1999 Werner Koch + + * seckey-cert.c (do_check): Use real IV instead of a 0 one, so that + it works even if the length of the IV doesn't match the blocksize. + Removed the save_iv stuff. + (protect_secret_key): Likewise. Create the IV here. + * packet.h (PKT_secret_key): Increased size of IV field and add a + ivlen field. + * parse-packet.c (parse_key): Use the len protect.ivlen. + * build-packet.c (do_secret_key). Ditto. + + * getkey.c (key_byname): Close keyblocks. + + * Makefile.am (gpgm): Removed this + * g10.c: Merged gpg and gpgm + + * import.c (import): Utilize option quiet. + * tdbio.c (tdbio_set_dbname): Ditto. + * ringedit.c (add_keyblock_resource,keyring_copy): Ditto. + + * keyedit.c (sign_uids): Add some batch support. + + * g10.c (main): add call to tty_batchmode. + +Fri Apr 9 12:26:25 CEST 1999 Werner Koch + + * status.c (write_status_text): Some more status codes. + * passphrase_to_dek (passphrase_to_dek): add a status code. + * seckey_cert.c (check_secret_key): Likewise. + + * encr-data.c (decrypt_data): Reverse the last changes + * cipher.c (write_header): Ditto. + + * parse-packet.c (parse_key): Dropped kludge for ancient blowfish mode. + +Thu Apr 8 09:35:53 CEST 1999 Werner Koch + + * mainproc.c (proc_encrypted): Add a new status output + * passphrase.c (passphrase_to_dek): Ditto. + * status.h status.c: Add new status tokens. + +Wed Apr 7 20:51:39 CEST 1999 Werner Koch + + * encr-data.c (decrypt_data): Fixes for 128 bit blocksize + * cipher.c (write_header): Ditto. + * seckey-cert.c (do_check): Ditto. + (protect_secret_key). Ditto. + * misc.c (print_cipher_algo_note): Twofish is now a standard algo. + + * keygen.c (do_create): Fixed spelling (Gaël Quéri) + (ask_keysize): Only allow keysizes up to 4096 + + * ringedit.c (add_keyblock_resource): chmod newly created secrings. + + * import.c (delete_inv_parts): Fixed accidently deleted subkeys. + +Tue Apr 6 19:58:12 CEST 1999 Werner Koch + + * armor.c: Removed duped include (John Bley) + * mainproc.c: Ditto. + + * build-packet.c (hash_public_key): Fixed hashing of the header. + + * import.c (delete_inv_parts): Allow import of own non-exportable sigs. + +Sat Mar 20 13:59:47 CET 1999 Werner Koch + + * armor.c (fake_packet): Fix for not not-dash-escaped + +Sat Mar 20 11:44:21 CET 1999 Werner Koch + + * g10.c (main): Added command --recv-keys + * hkp.c (hkp_import): New. + +Wed Mar 17 13:09:03 CET 1999 Werner Koch + + * trustdb.c (check_trust): add new arg add_fnc and changed all callers. + (do_check): Ditto. + (verify_key): Ditto. + (propagate_validity): Use the new add_fnc arg. + (print_user_id): Add the FILE arg. + (propagate_ownertrust): New. + * pkclist.c (add_ownertrust_cb): New and changed the add_ownertrust + logic. + + * getkey.c (get_keyblock_bylid): New. + * trustdb.c (print_uid_from_keyblock): New. + (dump_tn_tree_with_colons): New. + (list_trust_path): Add colon print mode. + + * trustdb.c (insert_trust_record): Always use the primary key. + + * encode.c (encode_simple): Added text_mode filter (Rémi Guyomarch) + (encode_crypt): Ditto. + + * mainproc.c (proc_pubkey_enc): Added status ENC_TO. + * armor.c (armor_filter): Added status NODATA. + * passphrase.c (passphrase_to_dek): Always print NEED_PASSPHRASE + * seckey_cert.c (check_secret_key): Added BAD_PASS status. + + * g10.c (main): Set g10_opt_homedir. + +Sun Mar 14 19:34:36 CET 1999 Werner Koch + + * keygen.c (do_create): Changed wording of the note (Hugh Daniel) + +Thu Mar 11 16:39:46 CET 1999 Werner Koch + + * tdbdump.c: New + + * trustdb.c (walk_sigrecs,do_list_sigs,list_sigs, + list_records,list_trustdb,export_ownertrust,import_ownertrust): Moved + to tdbdump.c + (init_trustdb): renamed to setup_trustdb. Changed all callers. + (do_init_trustdb): renamed to init_trustdb(). + * trustdb.c (die_invalid_db): replaced by tdbio_invalid. + * tdbio.c (tdbio_invalid): New. + + * import.c (delete_inv_parts): Skip non exportable signatures. + * keyedit.c (sign_uid_mk_attrib): New. + (sign_uids): Add the local argument. + (keyedit_menu): New "lsign" command. + * trustdb.c (register_trusted_key): Removed this and all related stuff. + * g10.c (oTrustedKey): Removed option. + + * tdbio.h (dir.valcheck): New trustdb field. + * tdbio.c: Add support for this field + (tdbio_read_modify_stamp): New. + (tdbio_write_modify_stamp): New. + * trustdb.c (do_check): Check against this field. Removed cache update. + (verify_key): Add cache update. + (upd_uid_record): Some functional changes. + (upd_cert_record): Ditto + +Wed Mar 10 11:26:18 CET 1999 Werner Koch + + * keylist.c (list_keyblock): Fixed segv in uid. Print 'u' as + validity of sks. + +Mon Mar 8 20:47:17 CET 1999 Werner Koch + + * getkey.c (classify_user_id): Add new mode 12 (#). + + * seckey-cert.c (check_secret_key): replaced error by info. + + * trustdb.c (query_trust_info): Add another arg, changed all callers. + (check_trust): Ditto. + (do_check): Ditto. + (verify_key): Handle namehash. + * keylist.c (list_keyblock): print trust info for user ids. + + * sig-check.c (signature_check): Add sig-created to status output. + +Tue Mar 2 16:44:57 CET 1999 Werner Koch + + * textfilter.c (copy_clearsig_text): New. + (clearsign): Removed. + * sign.c (clearsign_file): does not use textfiler anymore. + + * keygen.c (ask_user_id): print a note about the used charset. + +Tue Mar 2 10:38:42 CET 1999 Werner Koch + + * sig-check.c (signature_check): sig-id now works for all algos. + + * armor.c (armor_filter): Fixed armor bypassing. + +Sun Feb 28 19:11:00 CET 1999 Werner Koch + + * keygen.c (ask_user_id): Don't change the case of email addresses. + (has_invalid_email_chars): Adjusted. + + * keylist.c (list_one): Really list serect keys (Remi Guyomarch) + + * keyedit.c (menu_select_uid): Add some braces to make egcs happy. + (menu_select_key): Ditto. + + * mainproc.c (do_proc_packets): List sym-enc packets (Remi Guyomarch) + +Fri Feb 26 17:55:41 CET 1999 Werner Koch + + * pkclist.c (build_pk_list): Return error if there are no recipients. + + * sig-check.c (signature_check): New signature id feature. + * armor.c (make_radic64_string): New. + + * mainproc.c (proc_pubkey_enc): early check for seckey availability. + + * pkclist.c (do_we_trust_pre): print user id before asking. + + * ringedit.c (add_keyblock_resource,get_keyblock_handle): Cleaner + handling of default resource. + + +Thu Feb 25 18:47:39 CET 1999 Werner Koch + + * pkclist.c (algo_available): New. + (select_algo_from_prefs): Check whether algo is available. + + * ringedit.c (keyring_copy): Take care of opt.dry_run. + (do_gdbm_store): Ditto. + * openfile.c (open_outfile). Ditto. + (copy_options_file): Ditto. + * trustdb.c (update_trustdb): Ditto. + (clear_trust_checked_flag): Ditto. + (update_trust_record): Ditto. + (insert_trust_record): Ditto. + +Wed Feb 24 11:07:27 CET 1999 Werner Koch + + * keylist.c (secret_key_list): Now really list the secret key. + + * trustdb.c (do_init_trustdb): New. Init is now deferred. + +Mon Feb 22 20:04:00 CET 1999 Werner Koch + + * getkey.c (lookup_sk): Return G10ERR_NO_SECKEY and not x_PUBKEY. + +Fri Feb 19 15:49:15 CET 1999 Werner Koch + + * pkclist.c (select_algo_from_prefs): retrieve LID if not there. + + * armor.c (fake_packet): Replaced ugly lineending handling. + + * g10.c (oNoEncryptTo): New. + * pkclist.c (build_pk_list): Implemented this option. + + * g10.c (main): Greeting is now printed to stderr and not to tty. + Use add_to_strlist() instead of direct coding. + + * import.c (import): Use iobuf_push_filter2. + + * mainproc.c (check_sig_and_print): Print all user ids + for good signatures. + * getkey.c (get_pubkeyblock): New. + + * import.c (chk_self_sigs): Fixed SEGV for unbounded class 0x18 keys. + (delete_inv_parts): Delete special marked packets. + +Tue Feb 16 14:10:02 CET 1999 Werner Koch + + * g10.c (main): New option --encrypt-to + + * pkclist.c (build_pk_list): Implemented encrypt-to. + + * parse-packet.c (parse_user_id): Removed the hack to work with + utf-8 strings. + + * g10.c (main): Install lockfile cleanup handler. + * tdbio.c (cleanup): Removed: this is now handled by dotlock. + +Sat Feb 13 14:13:04 CET 1999 Werner Koch + + * tdbio.c (tdbio_set_dbname): Init lockhandle for a new trustdb + +Wed Feb 10 17:15:39 CET 1999 Werner Koch + + * g10.c (main): check for development version now in configure + + * tdbio.c (tdbio_write_record): Add uid.validity + (tdbio_read_record) : Ditto. + (tdbio_dump_record) : Ditto. + + * keygen.c (keygen_add_std_prefs): Replaced Blowfish by Twofish, + removed MD5 and Tiger. + * pubkey-enc.c (get_it): Suppress warning about missing Blowfish + in preferences in certain cases. + + * ringedit.c (lock_rentry,unlock_rentry): New. + + * getkey.c (key_byname): Pass ret_kb down to lookup_xx. + + * armor.c (armor_filter): No output of of empty comment lines. + Add option --no-version to suppress the output of the version string. + + * getkey.c: Release the getkey context for auto context variables. + +Sun Jan 24 18:16:26 CET 1999 Werner Koch + + * getkey.c: Changed the internal design to allow simultaneous + lookup of multible user ids + (get_pubkey_bynames): New. + (get_seckey_bynames): New. + (get_seckey_next): New. + (get_seckey_end): New. + * keylist.c (list_one): Use the new functions. + + * keylist.c (list_keyblock): add a newline for normal listings. + + * g10.c (--recipient): New option name to replace --remote-user + + +Wed Jan 20 18:59:49 CET 1999 Werner Koch + + * textfilter.c: Mostly rewritten + * plaintext.c (handle_plaintext): Use now text_filter semantics. + +Tue Jan 19 19:34:58 CET 1999 Werner Koch + + * export.c (export_pubkeys_stream): New. + (do_export_stream): New. + * g10.c (aSendKeys): New command. + * hkp.c (hkp_export): New. + + * compress.c (do_uncompress): Hack for algo 1 and 1.1.3 + +Sun Jan 17 11:04:33 CET 1999 Werner Koch + + * textfilter.c (text_filter): Now uses iobuf_read_line(). + (read_line): Removed. + + * armor.c (trim_trailing_spaces): Removed and replaced + by trim_trailing_ws from libutil + +Sat Jan 16 12:03:27 CET 1999 Werner Koch + + * hkp.c (hkp_ask_import): Use only the short keyid + +Sat Jan 16 09:27:30 CET 1999 Werner Koch + + * import.c (import_key_stream): New + (import): New, moved most of import_keys here. + * g10.c: New option --keyserver + * mainproc.c (check_sig_and_print): Hook to import a pubkey. + + * pref.c pref.h : Removed + + * hkp.c hkp.h: New + +Wed Jan 13 14:10:15 CET 1999 Werner Koch + + * armor.c (radix64_read): Print an error if a bad armor was detected. + +Wed Jan 13 12:49:36 CET 1999 Werner Koch + + * armor.c (radix64_read): Now handles malformed armors produced + by some buggy MUAs. + +Tue Jan 12 11:17:18 CET 1999 Werner Koch + + * ringedit.c (find_keyblock_bysk): New. + + * skc_list.c (is_insecure): New. + (build_sk_list): usage check for insecure keys. + + * import.c (chk_self_sigs): Add handling for subkeys. + (delete_inv_parts): Skip unsigned subkeys + + * sig-check.c (do_check): Print info if the signature is older + than the key. + * keygen.c (generate_subkeypair): Fail on time warp. + * sign.c (do_sign): Ditto. + +Sun Jan 10 15:10:02 CET 1999 Werner Koch + + * armor.c (fake_packet): Fixed not-dash-escaped bug. + +Sat Jan 9 16:02:23 CET 1999 Werner Koch + + * sig-check.c (do_check): Output time diff on error + + * status.c (STATUS_VALIDSIG): New. + (is_status_enabled): New. + * mainproc.c (check_sig_and_print): Issue that status message. + + * plaintext.c (special_md_putc): Removed + + * armor.c (armor_filter): print error for truncated lines. + + * free-packet.c (free_encrypted): Revomed call to set_block_mode. + (free_plaintext): Ditto. + +Thu Jan 7 18:00:58 CET 1999 Werner Koch + + * pkclist.c (add_ownertrust): Fixed return value. + + * encr-data.c (decrypt_data): Disabled iobuf_set_limit and + iobuf_pop_filter stuff. + * compress.c (handle_compressed): Disabled iobuf_pop_filter. + + * packet.h (PKT_secret_key): Add is_primary flag. + * parse-packet.c (parse_key): Set this flag. + * passphrase.c (passphrase_to_dek): Kludge to print the primary + keyid - changed the API: keyid must now hold 2 keyids. + * getkey.c (get_primary_seckey): New. + * seckey-cert.c (do_check): pass primary keyid to passphrase query + + * tbdio.c (open_db): removed the atexit + (tdbio_set_dbname): and moved it to here. + + * armor.c: Rewrote large parts. + +Tue Dec 29 19:55:38 CET 1998 Werner Koch + + * revoke.c (gen_revoke): Removed compression. + + * pkclist.c (do_we_trust_pre): special check for revoked keys + + * trustdb.c (update_trust_record): Fixed revoke flag. + +Tue Dec 29 14:41:47 CET 1998 Werner Koch + + * misc.c (disable_core_dumps): Check for EINVAL (Atari) + + * getkey (merge_one_pk_and_selfsig): Fixed search of expiredate. + (merge_keys_and_selfsig): Ditto. + + * free-packet.c (cmp_public_keys): cmp expire only for v3 packets + (cmp_secret_keys): Ditto. + (cmp_public_secret_key): Ditto. + +Wed Dec 23 17:12:24 CET 1998 Werner Koch + + * armor.c (find_header): Reset not_dashed at every header + +Wed Dec 23 13:18:14 CET 1998 Werner Koch + + * pkclist.c (add_ownertrust): Refresh validity values. + + * trustdb.c (enum_cert_paths_print): New arg refresh. + + * ringedit.c: Fixed problems fix keyrings + * parse-packet.c (dbg_parse_packet): New debug functions. + + * getkey.c (getkey_disable_caches): New. + * import.c (import_keys): Disable caches. + +Thu Dec 17 18:31:15 CET 1998 Werner Koch + + * misc.c (trap_unaligned): Only for glibc 1 + + * sign.c (write_dash_escaped): Now escapes "From " lines + * g10.c: New option --escape-from-lines + + * trustdb.c (sort_tsl_list): New + (list_trust_path): Now prints sorted list. + (enum_cert_paths): Likewise. + (enum_cert_paths_print): New. + (print_paths): New printing format. + * pkclist.c (add_ownertrust): New arg quit. + (edit_ownertrust): New quit selection and does not query + the recipients ownertrust anymore. + (add_ownertrust): Print the ceritficate path. + + +Mon Dec 14 21:18:49 CET 1998 Werner Koch + + * parse-packet.c (parse_signature): Now checks for critical bit + (parse_sig_subpkt): Splitted. + (parse_one_sig_subpkt): New. + * sig-check.c (do_check): handle critical bit. + +Sun Dec 13 14:10:56 CET 1998 Werner Koch + + * pcklist.c (select_algo_from_prefs): Preferences should + now work (lost the != ? ) + +Thu Dec 10 20:15:36 CET 1998 Werner Koch + + * ringedit.c (gdbm_store): Fix for inserts + + * g10.c (main): New option --export-all + * export.c (export_pubkeys): New arg. + (do_export): Now may skip old keys. + + * status.c: Minor patches for Sun's cc + + * keygen.c (ask_algo): Disabled v3 ElGamal choice, rearranged + the numbers. Add a warning question when a sign+encrypt key + is selected. + + * g10.c (do_not_use_RSA): Removed. + * misc.c (print_pubkey_algo_note): New as replacement for the + do_not_use_RSA() and chnaged all callers. + (print_cipher_algo_note): New. + (print_hash_algo_note): New. + + * cipher.c (write_header): Add a call to print_cipher_algo_note. + * seckey-cert.c (protect_secret_key): Ditto + * sign.c (do_sign): Add a call to print_digest_algo_note. + + * getkey.c (get_long_user_id_string): New. + * mainproc.c (check_sig_and_print): Changed the format of the + status output. + + * encrypt.c (write_pubkey_enc_from_list): print used symmetric cipher. + + * pkclist.c (do_we_trust): Changed a message. + +Wed Dec 9 13:41:06 CET 1998 Werner Koch + + * misc.c (trap_unaligned) [ALPHA]: Only if UAC_SIGBUS is defined. + + * sign.c (write_dash_escaped): Add the forgotten patch by Brian Moore. + + * compress.c (do_uncompress): Fixed the inflating bug. + + +Tue Dec 8 13:15:16 CET 1998 Werner Koch + + * trustdb.c (upd_uid_record): Now uses the newest self-signature + (insert_trust_record): Now calls update with recheck set to true. + (register_trusted_key): New. + (verify_own_keys): Enhanced by list of trusted keys. + + * g10.c (main): Print a warning when a devel version is used. + (main): New option --trusted-key + + * import.c (merge_blocks): Fixed merging of new user ids and + added merging of subkeys. + (append_uid): Ditto. + (merge_keysig): New. + (append_key): New. + * getkey.c (merge_one_pk_and_selfsig): Get the expiration time + from the newest self-signature. + (merge_keys_and_selfsig): Ditto. + + * free-packet.c (cmp_secret_key): New. + + +Fri Nov 27 21:37:41 CET 1998 Werner Koch + + * g10.c: New option --lock-once + * tdbio.c (open_db): Add an atexit + (cleanup): New. + (tdbio_sync): Add locking. + (tdbio_end_transaction): Ditto. + (put_record_into_cache): Ditto. + * ringedit.c (keyring_copy): Ditto. + (cleanup): New. + (add_keyblock_resource): Add an atexit. + +Fri Nov 27 15:30:24 CET 1998 Werner Koch + + * armor.c (find_header): Another fix for clearsigs. + +Fri Nov 27 12:39:29 CET 1998 Werner Koch + + + * status.c (display_help): Removed. + * helptext.c: New and removed the N_() from all cpr_gets. + + +Fri Nov 20 16:54:52 1998 Werner Koch (wk@isil.d.shuttle.de) + + * g10.c (main): New option --not-dash-escaped + * sign.c (write_dashed_escaped): Ditto. + * armor.c (find_header): Support for NotDashEscaped header. + + * getkey.c: print "disabled cache.." only if verbose is used. + +Thu Nov 19 07:17:31 1998 Werner Koch + + * parse-packet.c (dump_sig_subpkt): Fixed expire listing + * getkey.c (merge_keys_and_selfsig): Fixed expire calculation. + (merge_one_pk_and_selfsig): Ditto. + * keyedit.c (menu_expire). Ditto. + * keygen.c (keygen_add_key_expire): Ditto. + (ask_expire_interval): New and changed all local function to use + this instead. + (keygen_add_key_expire): Opaque should now be a public key; + changed all callers. + + * parse.packet.c (parse): use skip_rest to skip packets. + + * keyedit.c (keyedit_menu): New arg for cmdline cmds. + +Wed Nov 18 20:33:50 1998 Werner Koch (wk@isil.d.shuttle.de) + + * trustdb.c (check_trustdb): Now rechecks all gived userids. + (collect_paths): Some fixes. + (upd_pref_records): Skips empty items, evaluate all items. + + * parse-packet.c (dump_sig_subpkt): Better listing of prefs. + (skip_packet): Now knows about marker packet + + * g10.c: removed cmd "--edit-sig". + + * pubring.asc: Updated. + +Sat Nov 14 14:01:29 1998 Werner Koch (wk@isil.d.shuttle.de) + + * g10.c (main): Changed syntax of --list-trust-path + * trustdb.c (list_trust_path): Replaced max_depth by + opt.max_cert_depth + +Fri Nov 13 07:39:58 1998 Werner Koch + + * trustdb.c (collect_paths): Removed a warning message. + (enum_trust_web): Removed. + (enum_cert_paths): New. + * pkclist.c (add_ownertrust): Changed to use enum_cert_paths. + (edit_ownertrust): Now list ceritficates on request. + (show_paths): New. + +Wed Nov 11 18:05:44 1998 Werner Koch + + * g10.c (main): New option --max-cert-depth + * tdbio.h: add new fields to ver and dir record. + * tdbio.c: read/write/dump of these fields. + (tdbio_db_matches_options): New. + * trustdb.c: replaced MAC_CERT_DEPTH by opt.max_cert_depth. + (do_check): cache validity and changed other functions + to reset the cached value. + + * keylist.c (list_one): Now lists the ownertrust. + * mainproc.c (list_node): Ditto. + +Tue Nov 10 10:08:59 1998 Werner Koch (wk@isil.d.shuttle.de) + + * g10.c (g10_exit): Now looks at the new g10_errors_seen. + * mainproc.c (check_sig_and_print): Sets g10_errors_seen. + + * *.c : i18n many more strings. + + * ringedit.c (locate_keyblock_by_keyid): Add HAVE_LIBGDBM + (locate_keyblock_by_fpr): Ditto. + + * g10.c (main): removed unsused "int errors". + (main): Add new option --charset. + + * g10.c (main): special message for the unix newbie. + +Mon Nov 9 07:17:42 1998 Werner Koch + + * getkey.c (finish_lookup): Kludge to prefere algo 16. + + * trustdb.c (new_lid_table): Clear cached item. + + * status.c (cpr_get_utf8): New. + * pkclist.c (build_pk_list): Uses this. + +Sun Nov 8 17:20:39 1998 Werner Koch (wk@isil.d.shuttle.de) + + * mainproc.c (check_sig_and_print): Why did I use strlen()-1 + in the printf? - This truncated the TZ. + +Sat Nov 7 15:57:28 1998 me,,, (wk@tobold) + + * getkey.c (lookup): Changes to support a read_next. + (get_pubkey): Fixed a memory leak. + + * keylist.c (list_one): Now lists all matching user IDs. + +Tue Nov 3 16:19:21 1998 Werner Koch (wk@isil.d.shuttle.de) + + * keygen.c (ask_user_id): Now converted to UTF-8 + + * g10.c (main): Kludge for pgp clearsigs and textmode. + +Fri Oct 30 16:40:39 1998 me,,, (wk@tobold) + + * signal.c (block_all_signals): New. + (unblock_all_signals): New + * tdbio.c (tdbio_end_transaction): Now blocks all signals. + + * trustdb.c (new_lid_table): Changed the representation of the + former local_lid_info stuff. + + * trustdb.c (update_trust_record): Reorganized the whole thing. + * sig-check.c (check_key_signature): Now handles class 0x28 + + +Wed Oct 28 18:56:33 1998 me,,, (wk@tobold) + + * export.c (do_export): Takes care of the exportable sig flag. + +Tue Oct 27 14:53:04 1998 Werner Koch (wk@isil.d.shuttle.de) + + * trustdb.c (update_trust_record): New "fast" parameter. + +Sun Oct 25 19:32:05 1998 Werner Koch (wk@isil.d.shuttle.de) + + * openfile.c (copy_options_File): New. + * ringedit.c (add_keyblock_resource): Creates options file + * tdbio.c (tdbio_set_dbname): Ditto. + +Sat Oct 24 14:10:53 1998 brian moore + + * mainproc.c (proc_pubkey_enc): Don't release the DEK + (do_proc_packets): Ditto. + +Fri Oct 23 06:49:38 1998 me,,, (wk@tobold) + + * keyedit.c (keyedit_menu): Comments are now allowed + + * trustdb.c: Rewrote large parts. + + +Thu Oct 22 15:56:45 1998 Michael Roth (mroth@nessie.de) + + * encode.c: (encode_simple): Only the plain filename without + a given directory is stored in generated packets. + (encode_crypt): Ditto. + + * sign.c: (sign_file) Ditto. + + +Thu Oct 22 10:53:41 1998 Werner Koch (wk@isil.d.shuttle.de) + + * trustdb.c (update_trust_record): Add new optional arg. + + * import.c (import_keys): Add statistics output + * trustdb.c (update_trustdb): Ditto. + (insert_trustdb): Ditto. + + * tdbio.c (tdbio_begin_transaction): New. + (tdbio_end_transaction): New. + (tdbio_cancel_transaction): New. + + * g10.c (main): New option --quit. + + * trustdb.c (check_hint_sig): No tests for user-id w/o sig. + This caused an assert while checking the sigs. + + * trustdb.c (upd_sig_record): Splitted into several functions. + + * import.c (import_keys): New arg "fast". + * g10.c (main): New command --fast-import. + +Wed Oct 21 18:19:36 1998 Michael Roth + + * ringedit.c (add_keyblock_resource): Directory is now created. + * tdbio.c (tdbio_set_dbname): New info message. + +Wed Oct 21 11:52:04 1998 Werner Koch (wk@isil.d.shuttle.de) + + * trustdb.c (update_trustdb): released keyblock in loop. + + * keylist.c (list_block): New. + (list_all): Changed to use list_block. + + * trustdb.c: Completed support for GDBM + + * sign.c (only_old_style): Changed the way force_v3 is handled + (sign_file): Ditto. + (clearsign_file): Ditto. + + * keygen.c (has_invalid_email_chars): Splitted into mailbox and + host part. + + * keylist.c (list_one): Add a merge_keys_and_selfsig. + * mainproc.c (proc_tree): Ditto. + +Sun Oct 18 11:49:03 1998 Werner Koch (wk@isil.d.shuttle.de) + + * sign.c (only_old_style): Add option force_v3_sigs + (sign_file): Fixed a bug in sig->version + (clearsign_file): Ditto. + + * parse-packet.c (dump_sig_subpkt): New + + * keyedit.c (menu_expire): New. + * free-packet.c (cmp_signatures): New + + +Sat Oct 17 10:22:39 1998 Werner Koch (wk@isil.d.shuttle.de) + + * armor.c: changed output line length from 72 to 64. + + * keyedit.c (fix_keyblock): New. + +Fri Oct 16 10:24:47 1998 Werner Koch (wk@isil.d.shuttle.de) + + * trustdb.c: Rewrote most. + * tdbio.c: Add cache and generalized hash tables. + + * options.h (ENABLE_COMMENT_PACKETS): New but undef'ed. + * encode.c, sign.c, keygen.c: Disabled comment packets. + * export.c (do_export): Comment packets are never exported, + except for those in the secret keyring. + + * g10.c (main): Removed option do-no-export-rsa; should be + be replaced by a secpial tool. + * export.c (do_export): Removed the code for the above option. + + * armor.c (find_header): Support for new only_keyblocks. + * import.c (import_keys): Only looks for keyblock armors. + + * packet.h: replaced valid_days by expiredate and changed all users. + * build-packet.c (do_public_key): calculates valid-days + (do_secret_key): Ditto. + * parse-packet.c (parse_key): expiredate is calucated from the + valid_period in v3 packets. + * keyid.c (do_fingerprint_md): calculates valid_dates. + + * keygen.c (add_key_expire): fixed key expiration time for v4 packets. + + * armor.c (find_header): A LF in the first 28 bytes + was skipped for non-armored data. + +Thu Oct 8 11:35:51 1998 Werner Koch (wk@isil.d.shuttle.de) + + * armor.c (is_armored): Add test on old comment packets. + + * tdbio.c (tdbio_search_dir_bypk): fixed memory leak. + + * getkey.c: Changed the caching algorithms. + +Wed Oct 7 19:33:28 1998 Werner Koch (wk@isil.d.shuttle.de) + + * kbnodes.c (unused_nodes): New. + +Wed Oct 7 11:15:36 1998 Werner Koch (wk@isil.d.shuttle.de) + + * keyedit.c (sign_uids): Fixed a problem with SK which could caused + a save of an unprotected key. + (menu_adduid): Ditto. + + * keyedit.c (keyedit_menu): Prefs are now correctly listed for + new user ids. + + * trustdb.c (update_trust_record): New. + (insert_trust_record): Now makes use of update_trust_record. + +Tue Oct 6 16:18:03 1998 Werner Koch (wk@isil.d.shuttle.de) + + * trustdb.c (read_record): replaces most of the tdbio_read_records. + (write_record): Ditto. + +Sat Oct 3 11:01:21 1998 Werner Koch (wk@isil.d.shuttle.de) + + * keygen.c (ask_alogo): enable ElGamal enc-only only for addmode. + +Wed Sep 30 10:15:33 1998 Werner Koch (wk@isil.d.shuttle.de) + + * import.c (import_one): Fixed update of wrong keyblock. + +Tue Sep 29 08:32:08 1998 me,,, (wk@tobold) + + * mainproc.c (proc_plaintext): Display note for special filename. + * plaintext.c (handle_plaintext): Suppress output of special file. + +Mon Sep 28 12:57:12 1998 Werner Koch (wk@isil.d.shuttle.de) + + * g10.c (verify_own_keys): Add warning if a key is not protected. + + * passphrase (hash_passphrase): Fixed iterated+salted mode and + setup for keysizes > hashsize. + + * g10.c (main): New options: --s2k-{cipher,digest,mode}. + +Fri Sep 25 09:34:23 1998 Werner Koch (wk@isil.d.shuttle.de) + + * g10.c: Chnaged some help texts. + +Tue Sep 22 19:34:39 1998 Werner Koch (wk@isil.d.shuttle.de) + + * passphrase.c (read_passphrase_from_fd): fixed bug for long + passphrases. + +Mon Sep 21 11:28:05 1998 Werner Koch (wk@(none)) + + * getkey.c (lookup): Add code to use the sub key if the primary one + does not match the usage. + + * armor.c (armor_filter): New error message: no valid data found. + (radix64_read): Changes to support multiple messages. + (i18n.h): New. + * mainproc.c (add_onepass_sig): bug fix. + +Mon Sep 21 08:03:16 1998 Werner Koch (wk@isil.d.shuttle.de) + + * pkclist.c (do_we_trust): Add keyid to most messages. + + * passphrase.c (read_passphrase_from_fd): New. + (have_static_passphrase): New + (get_passphrase_fd): Removed. + (set_passphrase_fd): Removed. + * g10.c (main): passphrase is now read here. + + * keyedit.c (keyedit_menu): "help" texts should now translate fine. + +Mon Sep 21 06:40:02 1998 Werner Koch (wk@isil.d.shuttle.de) + + * encode.c (encode_simple): Now disables compression + when --rfc1991 is used. + (encode_crypt): Ditto. + +Fri Sep 18 16:50:32 1998 Werner Koch (wk@isil.d.shuttle.de) + + * getkey.c (merge_key_and_selfsig): New. + +Fri Sep 18 10:20:11 1998 Werner Koch (wk@isil.d.shuttle.de) + + * pkclist.c (select_algo_from_prefs): Removed 3DES kludge. + + * seskey.c (make_session_key): Fixed SERIOUS bug introduced + by adding the weak key detection code. + + * sign.c (sign_file): Changed aremor header in certain cases. + +Tue Sep 15 17:52:55 1998 Werner Koch (wk@isil.d.shuttle.de) + + * mainproc.c (check_sig_and_print): Replaced ascime by asctimestamp. + +Mon Sep 14 11:40:52 1998 Werner Koch (wk@isil.d.shuttle.de) + + * seskey.c (make_session_key): Now detects weak keys. + + * trustdb (clear_trust_checked_flag): New. + + * plaintext.c (handle_plaintext): Does no anymore suppress CR from + cleartext signed messages. + +Sun Sep 13 12:54:29 1998 Werner Koch (wk@isil.d.shuttle.de) + + * trustdb.c (insert_trust_record): Fixed a stupid bug in the free + liunked list loops. + +Sat Sep 12 15:49:16 1998 Werner Koch (wk@isil.d.shuttle.de) + + * status.c (remove_shmid): New. + (init_shm_comprocess): Now sets permission to the real uid. + +Wed Sep 9 11:15:03 1998 Werner Koch (wk@isil.d.shuttle.de) + + * packet.h (PKT_pubkey_enc): New flah throw_keyid, and add logic to + implement it. + * g10.c (main): New Option --throw-keyid + + * getkey.c (enum_secret_keys): Add new ar and changed all callers. + +Tue Sep 8 20:04:09 1998 Werner Koch (wk@isil.d.shuttle.de) + + * delkey.c (delete_key): Moved from keyedit.c. + +Mon Sep 7 16:37:52 1998 Werner Koch (wk@isil.d.shuttle.de) + + * build-packet.c (calc_length_header): New arg new_ctb to correctly + calculate the length of new style packets. + + * armor.c (is_armored): Checks for symkey_enc packets. + + * pkclist.c (select_algo_from_prefs): 3DEs substitute is now CAST5. + +Tue Aug 11 17:54:50 1998 Werner Koch (wk@isil.d.shuttle.de) + + * build-packet.c (do_secret_key): Fixed handling of old keys. + + * getkey.c (compare_name): Fixed exact and email matching + + * openfile.c (open_outfile): Changed arguments and all callers. + +Tue Aug 11 09:14:35 1998 Werner Koch (wk@isil.d.shuttle.de) + + * encode.c (encode_simple): Applied option set-filename and comment. + (encode_crypt): Ditto. + * sign.c (sign_file): Ditto. + * armor.c (armor_filter): Applied option comment. + + * encode.c (encode_crypt): Moved init_packet to the begin. + (encode_simple): add an init_packet(). + + * comment (write_comment): Now enforces a hash sign as the 1st byte. + + * import.c (import_one): Add explanation for "no user ids". + + * compress.c (do_uncompress): Applied Brian Warner's patch to support + zlib 1.1.3 etc. + + * trustdb.c (check_trust): Fixed a problem after inserting new keys. + + * getkey (lookup): do not return the primary key if usage is given + (lookup_sk): Ditto and take usage into account. + + * status.c (cpr_get_answer_is_yes): add display_help. + +Mon Aug 10 10:11:28 1998 Werner Koch (wk@isil.d.shuttle.de) + + * getkey.c (lookup_sk): Now always returns the primary if arg + primary is true. + (lookup): Likewise. + (get_pubkey_byname): Now returns the primary key + (get_seckey_byname): Ditto. + + +Mon Aug 10 08:34:03 1998 Werner Koch (wk@isil.d.shuttle.de) + + * keyid.c (pubkey_letter): ELG_E is now a small g. + +Sat Aug 8 17:26:12 1998 Werner Koch (wk@isil.d.shuttle.de) + + * openfile (overwrite_filep): Changed semantics and all callers. + +Sat Aug 8 12:17:07 1998 Werner Koch (wk@isil.d.shuttle.de) + + * status.c (display_help): New. + +Thu Aug 6 16:30:41 1998 Werner Koch,mobil,,, (wk@tobold) + + * seskey.c (encode_session_key): Now uses get_random_bits(). + +Thu Aug 6 07:34:56 1998 Werner Koch,mobil,,, (wk@tobold) + + * ringedit.c (keyring_copy): No more backupfiles for + secret keyrings and add additional warning in case of + a failed secret keyring operation. + +Wed Aug 5 11:54:37 1998 Werner Koch (wk@isil.d.shuttle.de) + + * g10.c (check_opts): Moved to main. Changed def_cipher_algo + semantics and chnaged all users. + + * pubkey-enc.c (get_sssion_key): New informational output + about preferences. + + * parse-packet.c (parse_symkeyenc): Fixed salted+iterated S2K + (parse_key): Ditto. + * build-packet.c (do_secret_key): Ditto. + (do_symkey_enc): Ditto. + +Tue Aug 4 08:59:10 1998 Werner Koch (wk@isil.d.shuttle.de) + + * getkey.c (enum_secret_keys): Now returns only primary keys. + + * getkey (lookup): Now sets the new namehash field. + + * parse-packet.c (parse_sig_subpkt2): New. + + * sign.c (sign_file): one-pass sigs are now emiited reverse. + Preference data is considered when selecting the compress algo. + +Wed Jul 29 12:53:03 1998 Werner Koch (wk@isil.d.shuttle.de) + + * free-packet.c (copy_signature): New. + + * keygen.c (generate_subkeypair): rewritten + * g10.c (aKeyadd): Removed option --add-key + +Mon Jul 27 10:37:28 1998 Werner Koch (wk@isil.d.shuttle.de) + + * seckey-cert.c (do_check): Additional check on cipher blocksize. + (protect_secret_key): Ditto. + * encr-data.c: Support for other blocksizes. + * cipher.c (write_header): Ditto. + +Fri Jul 24 16:47:59 1998 Werner Koch (wk@isil.d.shuttle.de) + + * kbnode.c (insert_kbnode): Changed semantics and all callers. + * keyedit.c : More or less a complete rewrite + +Wed Jul 22 17:10:04 1998 Werner Koch (wk@isil.d.shuttle.de) + + * build-packet.c (write_sign_packet_header): New. + +Tue Jul 21 14:37:09 1998 Werner Koch (wk@isil.d.shuttle.de) + + * import.c (import_one): Now creates a trustdb record. + + * g10.c (main): New command --check-trustdb + +Mon Jul 20 11:15:07 1998 Werner Koch (wk@isil.d.shuttle.de) + + * genkey.c (generate_keypair): Default key is now DSA with + encryption only ElGamal subkey. + +Thu Jul 16 10:58:33 1998 Werner Koch (wk@isil.d.shuttle.de) + + * keyid.c (keyid_from_fingerprint): New. + * getkey.c (get_pubkey_byfprint): New. + +Tue Jul 14 18:09:51 1998 Werner Koch (wk@isil.d.shuttle.de) + + * keyid.c (fingerprint_from_pk): Add argument and changed all callers. + (fingerprint_from_sk): Ditto. + +Tue Jul 14 10:10:03 1998 Werner Koch (wk@isil.d.shuttle.de) + + * plaintext.c (handle_plaintext): Now returns create error if + the file could not be created or the user responded not to overwrite + the file. + * mainproc.c (proc_plaintext): Tries again if the file could not + be created to check the signature without output. + + * misc.c (disable_core_dumps): New. + * g10.c (main): disable coredumps for gpg + + * g10.c (MAINTAINER_OPTIONS): New to disable some options + +Mon Jul 13 16:47:54 1998 Werner Koch (wk@isil.d.shuttle.de) + + * plaintext.c (hash_datafiles): New arg for better support of + detached sigs. Changed all callers. + * mainproc.c (proc_signature_packets): Ditto. + + * g10.c (main): New option "compress-sigs" + * sig.c (sign_file): detached signatures are not anymore compressed + unless the option --compress-sigs is used. + +Thu Jul 9 19:54:54 1998 Werner Koch (wk@isil.d.shuttle.de) + + * armor.c: Fixes to allow zero length cleartext signatures + +Thu Jul 9 14:52:47 1998 Werner Koch (wk@isil.d.shuttle.de) + + * g10.c (build_list): Now drops setuid. + (main): Changed the way keyrings and algorithms are registered . + +Wed Jul 8 14:17:30 1998 Werner Koch (wk@isil.d.shuttle.de) + + * packet.h (PKT_public_key): Add field keyid. + * parse-packet.c (parse_key): Reset the above field. + * keyid.c (keyid_from_pk): Use above field as cache. + + * tdbio.c, tdbio.h: New + * trustdb.c: Moved some functions to tdbio.c. + (print_keyid): New. + + * pkclist.c (check_signatures_trust): New. + +Wed Jul 8 10:45:28 1998 Werner Koch (wk@isil.d.shuttle.de) + + * plaintext.c (special_md_putc): New. + (handle_plaintext): add clearsig argument + * mainproc.c (proc_plaintext): detection of clearsig + * sign.c (write_dased_escaped): Changed clearsig format + +Tue Jul 7 18:56:19 1998 Werner Koch (wk@isil.d.shuttle.de) + + * armor.c (find_header): Now makes sure that there is only one + empty line for clearsigs, as this is what OP now says. + +Mon Jul 6 13:09:07 1998 Werner Koch (wk@isil.d.shuttle.de) + + * g10.c (main): New option default-secret-key + * getkey.c (get_seckey_byname): support for this option. + +Mon Jul 6 09:03:49 1998 Werner Koch (wk@isil.d.shuttle.de) + + * getkey.c (add_keyring): Keyrings are now added to end of the + list of keyrings. The first added keyringwill be created. + (add_secret_keyring): Likewise. + + * ringedit.c (add_keyblock_resource): Files are created here. + + * g10.c (aNOP): Removed + + * getkey.c (lookup): Add checking of usage for name lookups + * packet.h (pubkey_usage): Add a field which may be used to store + usage capabilities. + * pkclist.c (build_pk_list): getkey now called with usage arg. + * skclist.c (build_sk_list): Ditto. + + * sign.c (clearsign_file): Fixed "Hash:" headers + +Sat Jul 4 13:33:31 1998 Werner Koch (wk@isil.d.shuttle.de) + + * trustdb.c (list_ownertrust): New. + * g10.c (aListOwnerTrust): New. + + * g10.c (def_pubkey_algo): Removed. + + * trustdb.c (verify_private_data): Removed and also the call to it. + (sign_private_data): Removed. + +Fri Jul 3 13:26:10 1998 Werner Koch (wk@isil.d.shuttle.de) + + * g10.c (aEditKey): was aEditSig. Changed usage msg. + + * keyedit.c: Done some i18n stuff. + + * g10.c (do_not_use_RSA): New. + * sign.c (do_sign): Add call to above function. + * encode.c (write_pubkey_enc_from_list): Ditto. + +Thu Jul 2 21:01:25 1998 Werner Koch (wk@isil.d.shuttle.de) + + * parse-packet.c: Now is able sto store data of unknown + algorithms. + * free-packet.c: Support for this. + * build-packet.c: Can write data of packet with unknown algos. + +Thu Jul 2 11:46:36 1998 Werner Koch (wk@isil.d.shuttle.de) + + * parse-packet.c (parse): fixed 4 byte length header + +Wed Jul 1 12:36:55 1998 Werner Koch (wk@isil.d.shuttle.de) + + * packet.h (new_ctb): New field for some packets + * build-packet.c (build_packet): Support for new_ctb + * parse-packet.c (parse): Ditto. + +Mon Jun 29 12:54:45 1998 Werner Koch (wk@isil.d.shuttle.de) + + * packet.h: changed all "_cert" to "_key", "subcert" to "subkey". + + * free-packet.c (free_packet): Removed memory leak for subkeys. + +Sun Jun 28 18:32:27 1998 Werner Koch (wk@isil.d.shuttle.de) + + * import.c (import_keys): Renamed from import_pubkeys. + (import_secret_one): New. + + * g10.c (aExportSecret): New. + + * export.c (export_seckeys): New. + + * parse-packet.c (parse_certificate): Cleaned up. + (parse_packet): Trust packets are now considered as unknown. + (parse_pubkey_warning): New. + +Fri Jun 26 10:37:35 1998 Werner Koch (wk@isil.d.shuttle.de) + + * keygen.c (has_invalid_email_chars): New. + +Wed Jun 24 16:40:22 1998 Werner Koch (wk@isil.d.shuttle.de) + + * armor.c (armor_filter): Now creates valid onepass_sig packets + with all detected hash algorithms. + * mainproc.c (proc_plaintext): Now uses the hash algos as specified + in the onepass_sig packets (if there are any) + +Mon Jun 22 11:54:08 1998 Werner Koch (wk@isil.d.shuttle.de) + + * plaintext.c (handle_plaintext): add arg to disable outout + * mainproc.c (proc_plaintext): disable output when in sigs_only mode. + +Thu Jun 18 13:17:27 1998 Werner Koch (wk@isil.d.shuttle.de) + + * keygen.c: Removed all rsa packet stuff, chnaged defaults + for key generation. + +Sun Jun 14 21:28:31 1998 Werner Koch (wk@isil.d.shuttle.de) + + * misc.c (checksum_u16): Fixed a stupid bug which caused a + wrong checksum calculation for the secret key protection and + add a backward compatibility option. + * g10.c (main): Add option --emulate-checksum-bug. + +Thu Jun 11 13:26:44 1998 Werner Koch (wk@isil.d.shuttle.de) + + * packet.h: Major changes to the structure of public key material + which is now stored in an array and not anaymore in a union of + algorithm specific structures. These is needed to make the system + more extendable and makes a lot of stuff much simpler. Changed + all over the system. + + * dsa.c, rsa.c, elg.c: Removed. + +Wed Jun 10 07:22:02 1998 Werner Koch,mobil,,, (wk@tobold) + + * g10.c ("load-extension"): New option. + +Mon Jun 8 22:23:37 1998 Werner Koch (wk@isil.d.shuttle.de) + + * seckey-cert.c (do_check): Removed cipher constants + (protect_secret_key): Ditto. + +Fri May 29 10:00:28 1998 Werner Koch (wk@isil.d.shuttle.de) + + * trustdb.c (query_trust_info): New. + * keylist.c (list_one): Add output of trust info + * mainproc (list_node): ditto. + * g10.c (main): full trustdb init if -with-colons and any of the + key list modes. + +Thu May 28 10:34:42 1998 Werner Koch (wk@isil.d.shuttle.de) + + * status.c (STATUS_RSA_OR_IDEA): New. + * sig-check.c (check_signature): Output special status message. + * pubkey-enc.c (get_session_key): Ditto. + + * mainproc.c (check_sig_and_print): Changed format of output. + * passpharse.c (passphrase_to_dek): Likewise. + +Wed May 27 13:46:48 1998 Werner Koch (wk@isil.d.shuttle.de) + + * g10.c (aListSecretKeys): New option --list-secret-keys + * keylist.c (std_key_list): Renamed to public_key_list. + (secret_key_list): New + (list_one, list_all): Add support for secret keys. + * getkey.c (get_secret_keyring): New. + * mainproc.c (list_node): Add option --with-colons for secret keys + + * sig-check.c (check_key_signature): detection of selfsigs + * mainproc.c (list_node): fixed listing. + + * g10.c (aListSecretKeys): New option --always-trust + * pkclist.c (do_we_trust): Override per option added + + * status.c (write_status_text): Add a prefix to every output line. + +Wed May 27 07:49:21 1998 Werner Koch (wk@isil.d.shuttle.de) + + * g10 (--compress-keys): New. + * options.h (compress_keys): New. + * export.c (export_pubkeys): Only compresses with the new option. + +Tue May 26 11:24:33 1998 Werner Koch (wk@isil.d.shuttle.de) + + * passphrase.c (get_last_passphrase): New + (set_next_passphrase): New. + (passphrase_to_dek): add support for the above functions. + * keyedit.c (make_keysig_packet): Add sigclass 0x18, + changed all callers due to a new argument. + * keygen.c (write_keybinding): New + (generate_subkeypair): Add functionality + (ask_algo, ask_keysize, ask_valid_days): Broke out of generate_keypair + (ask_user_id, ask_passphrase): Ditto. + +Thu May 21 11:26:13 1998 Werner Koch (wk@isil.d.shuttle.de) + + * g10.c,gpgd.c (main): Does now return an int, so that egcs does + not complain. + + * armor.c (fake_packet): Removed erro message and add a noticed + that this part should be fixed. + + * sign.c (sign_file): Compression now comes in front of encryption. + * encode.c (encode_simple): Ditto. + (encode_crypt): Ditto. + +Tue May 19 16:18:19 1998 Werner Koch (wk@isil.d.shuttle.de) + + * armor.c (fake_packet): Changed assertion to log_error + +Sat May 16 16:02:06 1998 Werner Koch (wk@isil.d.shuttle.de) + + * build-packet.c (build_packet): Add SUBKEY packets. + +Fri May 15 17:57:23 1998 Werner Koch (wk@isil.d.shuttle.de) + + * sign.c (hash_for): New and used in all places here. + * main.h (DEFAULT_): new macros. + * g10.c (opt.def_digest_algo): Now set to 0 + + * compress.c (init_compress): Add support for algo 1 + * options.h (def_compress_algo): New + * g10.c (main): New option --compress-algo + +Fri May 15 13:23:59 1998 Werner Koch (wk@isil.d.shuttle.de) + + * g10.c (print_mds): New feature to print only one hash, + chnaged formatting. + +Thu May 14 15:36:24 1998 Werner Koch (wk@isil.d.shuttle.de) + + * misc.c (trap_unaligned) [__alpha__]: New + * g10.c (trap_unaligned): Add call to this to track down SIGBUS + on Alphas (to avoid the slow emulation code). + +Wed May 13 11:48:27 1998 Werner Koch (wk@isil.d.shuttle.de) + + * build-packet.c (do_signature): Support for v4 pakets. + * keyedit.c (make_keysig_packet): Ditto. + * build-packet.c (build_sig_subpkt_from_sig): New. + (build_sig_subpkt): New. + + * elg.c (g10_elg_sign): removed keyid_from_skc. + * dsa.c (g10_dsa_sign): Ditto. + * rsa.c (g10_rsa_sign): Ditto. + * keyedit.c (make_keysig_packet): Add call to keyid_from_skc + + * sign.c (clearsign_file): Support for v4 signatures. + (sign_file): Ditto. + +Wed May 6 09:31:24 1998 Werner Koch (wk@isil.d.shuttle.de) + + * parse-packet.c (do_parse): add support for 5 byte length leader. + (parse_subpkt): Ditto. + * build-packet.c (write_new_header): Ditto. + + * packet.h (SIGSUBPKT_): New constants. + * parse-packet.c (parse_sig_subpkt): Changed name, made global, + and arg to return packet length, chnaged all callers + + +Tue May 5 22:11:59 1998 Werner Koch (wk@isil.d.shuttle.de) + + * keygen.c (gen_dsa): New. + * build_packet.c (do_secret_cert): Support for DSA + +Mon May 4 19:01:25 1998 Werner Koch (wk@isil.d.shuttle.de) + + * compress.c: doubled buffer sizes + * parse-packet.c (do_plaintext): now uses iobuf_read/write. + +Mon May 4 09:35:53 1998 Werner Koch (wk@isil.d.shuttle.de) + + * seskey.c (encode_md_value): Add optional argument hash_algo, + changed all callers. + + * passphrase.c (make_dek_from_passphrase): Removed + * (get_passhrase_hash): Changed name to passphrase_to_dek, add arg, + changed all callers. + + * all: Introduced the new ELG identifier and added support for the + encryption only one (which is okay to use by GNUPG for signatures). + +Sun May 3 17:50:26 1998 Werner Koch (wk@isil.d.shuttle.de) + + * packet.h (PKT_OLD_COMMENT): New name for type 16. + * parse-packet.c (parse_comment): Now uses type 61 + +Fri May 1 12:44:39 1998 Werner Koch,mobil,,, (wk@tobold) + + * packet.h (count): Chnaged s2k count from byte to u32. + * seckey-cert.c (do_check): Changed s2k algo 3 to 4, changed + reading of count. + * build-packet.c (do_secret_cert): ditto. + * parse-packet.c (parse_certificate): ditto. + + * parse-packet.c (parse_symkeyenc): New. + * build-packet.c (do_symkey_enc): New. + +Thu Apr 30 16:33:34 1998 Werner Koch (wk@isil.d.shuttle.de) + + * sign.c (clearsign_file): Fixed "Hash: " armor line. + +Tue Apr 28 14:27:42 1998 Werner Koch (wk@isil.d.shuttle.de) + + * parse-packet.c (parse_subpkt): Some new types. + +Mon Apr 27 12:53:59 1998 Werner Koch (wk@isil.d.shuttle.de) + + * g10.c (main): Add option --skip-verify. + * mainproc.c (check_sig_and_print): Ditto. + + * g10.c (print_mds): Add output for Tiger. + + * sign.c (sign_file): Now uses partial length headers if used + in canonical textmode (kludge to fix a bug). + + * parse-packet.c (parse_certificate): Changed BLOWFISH id. + * pubkey-enc.c (get_session_key): Ditto. + * seskey.c (make_session_key): Ditto. + * seckey-cert.c (protect_secret_key,do_check): Add BLOWFISH160. + +Fri Apr 24 17:38:48 1998 Werner Koch,mobil,,, (wk@tobold) + + * sig-check.c (check_key_signature): Add sig-class 0x14..0x17 + * keyedit.c (sign-key): Some changes to start with support of + the above new sig-classes. + +Wed Apr 22 09:01:57 1998 Werner Koch,mobil,,, (wk@tobold) + + * getkey.c (compare_name): add email matching + +Tue Apr 21 16:17:12 1998 Werner Koch,mobil,,, (wk@tobold) + + * armor.c (armor_filter): fixed missing last LF before CSUM. + +Thu Apr 9 11:35:22 1998 Werner Koch (wk@isil.d.shuttle.de) + + * seckey-cert.c (do_check): New; combines all the check functions + into one. + + * sign.c: removed all key management functions + * keyedit.c: New. + +Thu Apr 9 09:49:36 1998 Werner Koch (wk@isil.d.shuttle.de) + + * import.c (chk_self_sigs): Changed an error message. + +Wed Apr 8 16:19:39 1998 Werner Koch (wk@isil.d.shuttle.de) + + * packet.h: packet structs now uses structs from the pubkey, + removed all copy operations from packet to pubkey structs. + +Wed Apr 8 13:40:33 1998 Werner Koch (wk@isil.d.shuttle.de) + + * trustdb.c (verify_own_certs): Fixed "public key not found". + + * getkey.c (key_byname): New, combines public and secret key search. + + * pkclist.c (build_pkc_list): Add new arg usage, changed all callers. + * skclist.c (build_skc_list): Likewise. + + * ringedit.c (find_keyblock, keyring_search2): Removed. + +Wed Apr 8 09:47:21 1998 Werner Koch (wk@isil.d.shuttle.de) + + * sig-check.c (do_check): Applied small fix from Ulf Möller. + +Tue Apr 7 19:28:07 1998 Werner Koch (wk@isil.d.shuttle.de) + + * cipher.c, encr-data.c, seckey-cert.c: Now uses cipher_xxxx + functions instead of blowfish_xxx or cast_xxx + +Tue Apr 7 11:04:02 1998 Werner Koch (wk@isil.d.shuttle.de) + + * Makefile.am (g10maint.o): Changed the way it is created. + +Mon Apr 6 11:17:08 1998 Werner Koch (wk@isil.d.shuttle.de) + + * misc.c: New. + * keygen.c (checksum,checksum_u16,checksum_mpi): Moved to misc.c + * seckey-cert.c: Kludge for wrong ELG checksum implementation. + +Sat Apr 4 20:07:01 1998 Werner Koch (wk@isil.d.shuttle.de) + + * cipher.c (cipher_filter): Support for CAST5 + * encr-data.c (decode_filter): Ditto. + (decrypt_data): Ditto. + * seskey.c (make_session_key): Ditto. + * seckey-cert.c (check_elg, check_dsa): Ditto, + (protect_secret_key): Ditto. + * pubkey-enc.c (get_session_key): Ditto. + * passphrase.c (hash_passphrase): Ditto. + +Thu Apr 2 20:22:35 1998 Werner Koch (wk@isil.d.shuttle.de) + + * gpgd.c: New + +Thu Apr 2 10:38:16 1998 Werner Koch (wk@isil.d.shuttle.de) + + * keygen.c (generate_keypair): Add valid_days stuff. + * trustdb.c (check_trust): Add check for valid_days. + +Wed Apr 1 16:15:58 1998 Werner Koch (wk@isil.d.shuttle.de) + + * keygen.c (generate_keypair): Addional question whether the + selected large keysize is really needed. + +Wed Apr 1 15:56:33 1998 Werner Koch (wk@isil.d.shuttle.de) + + * seckey-cert.c (protect_secret_key): merged protect_xxx to here. + +Wed Apr 1 10:34:46 1998 Werner Koch (wk@isil.d.shuttle.de) + + * Makefile.am (g10maint.c): Changed creation rule, so that it works + on FreeBSD (missing CFLAGS). + + * parse-packet.c (parse_subkey): Removed. + +Thu Mar 19 15:22:36 1998 Werner Koch (wk@isil.d.shuttle.de) + + * ringedit.c (keyring_enum): Fixed problem with reading too + many packets. Add support to read secret keyrings. + + * getkey.c (scan_keyring): Removed + (lookup): New to replace scan_keyring. + (scan_secret_keyring): Removed. + (lookup_skc): New. + +Wed Mar 18 11:47:34 1998 Werner Koch (wk@isil.d.shuttle.de) + + * ringedit.c (enum_keyblocks): New read mode 11. + + * keyid.c (elg_fingerprint_md): New and changed all other functions + to call this if the packet version is 4 or above. + +Tue Mar 17 20:46:16 1998 Werner Koch (wk@isil.d.shuttle.de) + + * parse-packet.c (parse_certificate): Add listing support for subkeys. + +Tue Mar 17 20:32:22 1998 Werner Koch (wk@isil.d.shuttle.de) + + * armor.c (is_armored): Allow marker packet. + +Thu Mar 12 13:36:49 1998 Werner Koch (wk@isil.d.shuttle.de) + + * trustdb.c (check_trust): Checks timestamp of pubkey. + * sig-check. (do_check): Compares timestamps. + +Tue Mar 10 17:01:56 1998 Werner Koch (wk@isil.d.shuttle.de) + + * g10.c (main): Add call to init_signals. + * signal.c: New. + +Mon Mar 9 12:43:42 1998 Werner Koch (wk@isil.d.shuttle.de) + + * dsa.c: New + * packet.h, free-packet.c, parse-packet.c : Add support for DSA + * sig-check.c, getkey.c, keyid.c, ringedit.c: Ditto. + * seckey-cert.c: Ditto. + + * packet.h : Moved .digest_algo of signature packets to outer + structure. Changed all references + +Sun Mar 8 13:06:42 1998 Werner Koch (wk@isil.d.shuttle.de) + + * openfile.c : Support for stdout filename "-". + + * mainproc.c (check_sig_and_print): Enhanced status output: + * status.c (write_status_text): New. + +Fri Mar 6 16:10:54 1998 Werner Koch (wk@isil.d.shuttle.de) + + * kbnode.c (clone_kbnode): Fixed private_flag. + + * mainproc.c (list_node): Output of string "Revoked" as user-id. + +Fri Mar 6 14:26:39 1998 Werner Koch (wk@isil.d.shuttle.de) + + * g10.c (main): Add userids to "-kv" and cleaned up this stuff. + +Fri Mar 6 12:45:58 1998 Werner Koch (wk@isil.d.shuttle.de) + + * g10.c (main): Changed semantics of the list-... commands + and added a new one. Removed option "-d" + + * decrypt.c: New. + + * trustdb.c (init_trustdb): Autocreate directory only if it ends + in "/.gnupg". + +Thu Mar 5 12:12:11 1998 Werner Koch (wk@isil.d.shuttle.de) + + * mainproc.c (do_proc_packets): New. Common part of proc_packet. + (proc_signature_packets): special version to handle signature data. + * verify.c: New. + * g10.c (aVerify): New. + * plaintext.c (hash_datafiles): New. + * compress.c (handle_compressed): Add callback arg, changed caller. + +Thu Mar 5 10:20:06 1998 Werner Koch (wk@isil.d.shuttle.de) + + * g10.c: Is nom the common source for gpg and gpgm + * g10maint.c: Removed + * Makefile.am: Add rule to build g10maint.c + +Thu Mar 5 08:43:59 1998 Werner Koch (wk@isil.d.shuttle.de) + + * g10.c (main): Changed the way clear text sigs are faked. + +Wed Mar 4 19:47:37 1998 Werner Koch (wk@isil.d.shuttle.de) + + * g10maint.c (aMuttKeyList): New + * keylist.c: New. + +Wed Mar 4 17:20:33 1998 Werner Koch (wk@isil.d.shuttle.de) + + * getkey.c (get_pubkey_byname): Kludge to allow 0x prefix. + +Tue Mar 3 13:46:55 1998 Werner Koch (wk@isil.d.shuttle.de) + + * g10maint.c (main): New option --gen-random. + +Tue Mar 3 09:50:08 1998 Werner Koch (wk@isil.d.shuttle.de) + + * g10.c (aDeleteSecretKey): New. + (aEditSig): Add option "--edit-key" as synonym for "--edit-sig". + (aDeleteSecretKey): New. + * getkey.c (seckey_available): New. + * sign.c (delete_key): Enhanced to delete secret keys, changed all + callers. + +Mon Mar 2 21:23:48 1998 Werner Koch (wk@isil.d.shuttle.de) + + * pkc_list.c (build_pkc_list): Add interactive input of user ID. + +Mon Mar 2 20:54:05 1998 Werner Koch (wk@isil.d.shuttle.de) + + * pkclist.c (do_we_trust_pre): New. + (add_ownertrust): Add message. + * trustdb.c (enum_trust_web): Quick fix. + +Mon Mar 2 13:50:53 1998 Werner Koch (wk@isil.d.shuttle.de) + + * g10.c (main): New action aDeleteKey + * sign.c (delete_key): New. + +Sun Mar 1 16:38:58 1998 Werner Koch (wk@isil.d.shuttle.de) + + * trustdb.c (do_check): No returns TRUST_UNDEFINED instead of + eof error. + +Fri Feb 27 18:14:03 1998 Werner Koch (wk@isil.d.shuttle.de) + + * armor.c (find_header): Removed trailing CR on headers. + +Fri Feb 27 18:02:48 1998 Werner Koch (wk@isil.d.shuttle.de) + + * ringedit.c (keyring_search) [MINGW32]: Open and close file here + because rename does not work on open files. Chnaged callers. + +Fri Feb 27 16:43:11 1998 Werner Koch (wk@isil.d.shuttle.de) + + * sig-check.c (do_check): Add an md_enable. + * mainproc.c (do_check_sig): Use md_open in case of detached sig + (proc_tree): Take detached sigs into account. + +Fri Feb 27 15:22:46 1998 Werner Koch (wk@isil.d.shuttle.de) + + * g10.c (main): Make use of GNUPGHOME envvar. + * g10main.c (main): Ditto. + +Wed Feb 25 11:40:04 1998 Werner Koch (wk@isil.d.shuttle.de) + + * plaintext.c (ask_for_detached_datafile): add opt.verbose to + info output. + + * openfile.c (open_sigfile): Try also name ending in ".asc" + +Wed Feb 25 08:41:00 1998 Werner Koch (wk@isil.d.shuttle.de) + + * keygen.c (generate_keypair): Fixed memory overflow. + +Tue Feb 24 15:51:55 1998 Werner Koch (wk@isil.d.shuttle.de) + + * parse-packet.c (parse_certificate): Support for S2K. + * build-packet.c (do_secret_cert): Ditto. + * keygen.c (gen_elg): Ditto. + * seckey-cert.c (check_elg): Ditto + (protect_elg): Ditto. + * sign.c (chnage_passphrase): Ditto. + * passphrase.c (get_passphrase_hash): Support for a salt and + changed all callers. + (make_dek_from_passphrase): Ditto. + +Tue Feb 24 12:30:56 1998 Werner Koch (wk@isil.d.shuttle.de) + + * build-packet.c (hash_public_cert): Disabled debug output. + +Fri Feb 20 17:22:28 1998 Werner Koch (wk@isil.d.shuttle.de) + + * trustdb.c (init_trustdb) [MINGW32]: Removed 2nd mkdir arg. + (keyring_copy) [MINGW32]: Add a remove prior to the renames. + +Wed Feb 18 18:39:02 1998 Werner Koch (wk@isil.d.shuttle.de) + + * Makefile.am (OMIT_DEPENDENCIES): New. + + * rsa.c: Replaced log_bug by BUG. + +Wed Feb 18 13:35:58 1998 Werner Koch (wk@isil.d.shuttle.de) + + * mainproc.c (do_check_sig): Now uses hash_public_cert. + * parse-packet.c (parse_certificate): Removed hashing. + * packet.h (public_cert): Removed hash variable. + * free-packet.c (copy_public_cert, free_public_cert): Likewise. + + * sig-check.c (check_key_signatures): Changed semantics. + +Wed Feb 18 12:11:28 1998 Werner Koch (wk@isil.d.shuttle.de) + + * trustdb.c (do_check): Add handling for revocation certificates. + (build_sigrecs): Ditto. + (check_sigs): Ditto. + +Wed Feb 18 09:31:04 1998 Werner Koch (wk@isil.d.shuttle.de) + + * armor.c (armor_filter): Add afx->hdrlines. + * revoke.c (gen_revoke): Add comment line. + * dearmor.c (enarmor_file): Ditto. + + * sig-check.c (check_key_signature): Add handling for class 0x20. + * mainproc.c : Ditto. + +Tue Feb 17 21:24:17 1998 Werner Koch (wk@isil.d.shuttle.de) + + * armor.c : Add header lines "...ARMORED FILE .." + * dearmor.c (enarmor_file): New. + * g10maint.c (main): New option "--enarmor" + +Tue Feb 17 19:03:33 1998 Werner Koch (wk@isil.d.shuttle.de) + + * mainproc.c : Changed a lot, because the packets are now stored + a simple linlked list and not anymore in a complicatd tree structure. + +Tue Feb 17 10:14:48 1998 Werner Koch (wk@isil.d.shuttle.de) + + * free_packet.c (cmp_public_certs): New. + (cmp_user_ids): New. + + * kbnode.c (clone_kbnode): New. + (release_kbnode): Add clone support. + + * ringedit.c (find_keyblock_bypkc): New. + + * sign.c (remove_keysigs): Self signatures are now skipped, + changed arguments and all callers. + + * import.c : Add functionality. + +Tue Feb 17 09:31:40 1998 Werner Koch (wk@isil.d.shuttle.de) + + * options.h (homedir): New option. + * g10.c, g10maint.c, getkey.c, keygen.c, trustdb.c (opt.homedir): New. + + * trustdb.c (init_trustdb): mkdir for hoem directory + (sign_private_data): Renamed "sig" to "g10.sig" + +Mon Feb 16 20:02:03 1998 Werner Koch (wk@isil.d.shuttle.de) + + * kbnode.c (commit_kbnode): New. + (delete_kbnode): removed unused first arg. Changed all Callers. + + * ringedit.c (keyblock_resource_name): New. + (get_keyblock_handle): NULL for filename returns default resource. + +Mon Feb 16 19:38:48 1998 Werner Koch (wk@isil.d.shuttle.de) + + * sig-check.s (check_key_signature): Now uses the supplied + public key to check the signature and not any more the one + from the getkey.c + (do_check): New. + (check_signature): Most work moved to do_check. + +Mon Feb 16 14:48:57 1998 Werner Koch (wk@isil.d.shuttle.de) + + * armor.c (find_header): Fixed another bug. + +Mon Feb 16 12:18:34 1998 Werner Koch (wk@isil.d.shuttle.de) + + * getkey.c (scan_keyring): Add handling of compressed keyrings. + +Mon Feb 16 10:44:51 1998 Werner Koch (wk@isil.d.shuttle.de) + + * g10.c, g10maint.c (strusage): Rewrote. + (build_list): New + +Mon Feb 16 08:58:41 1998 Werner Koch (wk@isil.d.shuttle.de) + + * armor.c (use_armor): New. + +Sat Feb 14 14:30:57 1998 Werner Koch (wk@isil.d.shuttle.de) + + * mainproc.c (proc_tree): Sigclass fix. + +Sat Feb 14 14:16:33 1998 Werner Koch (wk@isil.d.shuttle.de) + + * armor.c (armor_filter): Changed version and comment string. + * encode.c, sign.c, keygen.c: Changed all comment packet strings. + +Sat Feb 14 12:39:24 1998 Werner Koch (wk@isil.d.shuttle.de) + + * g10.c (aGenRevoke): New command. + * revoke.c: New. + * sign.c (make_keysig_packet): Add support for sigclass 0x20. + +Fri Feb 13 20:18:14 1998 Werner Koch (wk@isil.d.shuttle.de) + + * ringedit.c (enum_keyblocks, keyring_enum): New. + +Fri Feb 13 19:33:40 1998 Werner Koch (wk@isil.d.shuttle.de) + + * export.c: Add functionality. + + * keygen.c (generate_keypair): Moved the leading comment behind the + key packet. + * kbnode.c (walk_kbnode): Fixed. + + * g10.c (main): listing armored keys now work. + +Fri Feb 13 16:17:43 1998 Werner Koch (wk@isil.d.shuttle.de) + + * parse-packet.c (parse_publickey, parse_signature): Fixed calls + to mpi_read used for ELG b. + +Fri Feb 13 15:13:23 1998 Werner Koch (wk@isil.d.shuttle.de) + + * g10.c (main): changed formatting of help output. + +Thu Feb 12 22:24:42 1998 Werner Koch (wk@frodo) + + * pubkey-enc.c (get_session_key): rewritten + + + Copyright 1998,1999,2000,2001,2002,2003,2004,2005, + 2006,2007,2008,2009,2010,2011 Free Software Foundation, Inc. + + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even the + implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +Local Variables: +buffer-read-only: t +End: diff --git a/g10/Makefile.am b/g10/Makefile.am index 56d5d10a4..e9f69b34d 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -18,7 +18,7 @@ ## Process this file with automake to produce Makefile.in -EXTRA_DIST = options.skel +EXTRA_DIST = options.skel ChangeLog-2011 AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common \ -I$(top_srcdir)/include -I$(top_srcdir)/intl diff --git a/g13/ChangeLog b/g13/ChangeLog deleted file mode 100644 index ecd72226b..000000000 --- a/g13/ChangeLog +++ /dev/null @@ -1,3 +0,0 @@ -2009-11-04 Werner Koch - - Under initial development - no need for a ChangeLog. diff --git a/g13/ChangeLog-2011 b/g13/ChangeLog-2011 new file mode 100644 index 000000000..5d372c23f --- /dev/null +++ b/g13/ChangeLog-2011 @@ -0,0 +1,14 @@ +2011-12-01 Werner Koch + + NB: ChangeLog files are no longer manually maintained. Starting + on December 1st, 2011 we put change information only in the GIT + commit log, and generate a top-level ChangeLog file from logs at + "make dist". See doc/HACKING for details. + +2009-11-04 Werner Koch + + Under initial development - no need for a ChangeLog. + +Local Variables: +buffer-read-only: t +End: diff --git a/g13/Makefile.am b/g13/Makefile.am index 3fe07524b..745ec40e6 100644 --- a/g13/Makefile.am +++ b/g13/Makefile.am @@ -18,6 +18,8 @@ ## Process this file with automake to produce Makefile.in +EXTRA_DIST = ChangeLog-2011 + bin_PROGRAMS = g13 AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl -I$(top_srcdir)/common diff --git a/include/ChangeLog b/include/ChangeLog deleted file mode 100644 index 09d5b6e99..000000000 --- a/include/ChangeLog +++ /dev/null @@ -1,444 +0,0 @@ -2011-02-01 Werner Koch - - * cipher.h (PUBKEY_MAX_NPKEY, PUBKEY_MAX_NSKEY): Bump up to - accommodate gcrypt ECC keys. - -2011-01-21 Werner Koch - - * cipher.h (GCRY_PK_USAGE_CERT): Remove compatibility macros - because we now require libgcrypt 1.4.6. - (GCRY_PK_ECDH): Add replacement. - -2009-08-20 Daiki Ueno (wk) - - * cipher.h (struct DEK): Add field S2K_CACHEID. - -2008-04-18 Werner Koch - - * cipher.h (CIPHER_ALGO_CAMELLIA256): Change ID to 13. - (CIPHER_ALGO_CAMELLIA192): New. - -2007-12-12 Werner Koch - - * cipher.h (CIPHER_ALGO_CAMELLIA128, CIPHER_ALGO_CAMELLIA256): New. - -2006-09-20 Werner Koch - - * errors.h, http.h, memory.h, mpi.h, util.h, i18n.h: Removed. - * Makefile.am: New. - * distfiles: Removed. - -2006-08-16 Werner Koch - - * keyserver.h: Moved to ../common. - * http.h: Retired. - -2006-04-28 Werner Koch - - * cipher.h (DIGEST_ALGO_SHA224): Define it. - -2006-04-18 Werner Koch - - * keyserver.h, i18n.h, http.h, cipher.h: Updated to gpg 1.4.3. - -2003-09-04 David Shaw - - * cipher.h: Drop TIGER/192 support. - - * types.h: Prefer using uint64_t when creating a 64-bit unsigned - type. This avoids a warning on compilers that support but complain - about unsigned long long. - - * util.h: Make sure that only ascii is passed to isfoo - functions. (From Werner on stable branch). - -2003-09-04 Werner Koch - - * cipher.h (PUBKEY_USAGE_AUTH): Added. - -2003-07-03 Werner Koch - - * cipher.h (DBG_CIPHER,g10c_debug_mode): Removed. - -2003-06-11 Werner Koch - - * cipher.h: Include gcrypt.h and mapped cipher algo names to - gcrypt ones. Removed twofish_old and skipjack. Removed all - handle definitions and other raerely used stuff. This file will - eventually be entirely removed. - -2003-06-10 Werner Koch - - * types.h (struct strlist): Removed. - -2003-05-24 David Shaw - - * cipher.h, i18n.h, iobuf.h, memory.h, mpi.h, types.h, util.h: - Edit all preprocessor instructions to remove whitespace before the - '#'. This is not required by C89, but there are some compilers - out there that don't like it. - -2003-05-14 David Shaw - - * types.h: Add initializer macros for 64-bit unsigned type. - -2003-05-02 David Shaw - - * cipher.h: Add constants for compression algorithms. - -2003-03-11 David Shaw - - * http.h: Add HTTP_FLAG_TRY_SRV. - -2003-02-11 David Shaw - - * types.h: Try and use uint64_t for a 64-bit type. - -2003-02-04 David Shaw - - * cipher.h: Add constants for new SHAs. - -2002-11-13 David Shaw - - * util.h [__CYGWIN32__]: Don't need the registry prototypes. From - Werner on stable branch. - -2002-11-06 David Shaw - - * util.h: Add wipememory2() macro (same as wipememory, but can - specify the byte to wipe with). - -2002-10-31 Stefan Bellon - - * util.h [__riscos__]: Prefixed all RISC OS prototypes with - riscos_* - - * zlib-riscos.h: New. This is macro magic in order to make the - zlib library calls indeed call the RISC OS ZLib module. - -2002-10-31 David Shaw - - * util.h: Add wipememory() macro. - -2002-10-29 Stefan Bellon - - * util.h: Added parameter argument to make_basename() needed for - filetype support. - [__riscos__]: Added prototype. - -2002-10-28 Stefan Bellon - - * util.h [__riscos__]: Added prototypes for new filetype support. - -2002-10-19 David Shaw - - * distfiles, _regex.h: Add _regex.h from glibc 2.3.1. - -2002-10-14 David Shaw - - * keyserver.h: Go to KEYSERVER_PROTO_VERSION 1. - -2002-10-08 David Shaw - - * keyserver.h: Add new error code KEYSERVER_UNREACHABLE. - -2002-10-03 David Shaw - - * util.h: Add new log_warning logger command which can be switched - between log_info and log_error via log_set_strict. - -2002-09-24 David Shaw - - * keyserver.h: Add some new error codes for better GPA support. - -2002-09-10 Werner Koch - - * mpi.h (mpi_is_protected, mpi_set_protect_flag) - (mpi_clear_protect_flag): Removed. - (mpi_get_nbit_info, mpi_set_nbit_info): Removed. - -2002-08-13 David Shaw - - * cipher.h: Add AES aliases for RIJNDAEL algo numbers. - -2002-08-07 David Shaw - - * cipher.h: Add md_algo_present(). - -2002-08-06 Stefan Bellon - - * util.h [__riscos__]: Added riscos_getchar(). - -2002-06-21 Stefan Bellon - - * util.h [__riscos__]: Further moving away of RISC OS specific - stuff from general code. - -2002-06-20 Stefan Bellon - - * util.h [__riscos__]: Added riscos_set_filetype(). - -2002-06-14 David Shaw - - * util.h: Add pop_strlist() from strgutil.c. - -2002-06-07 Stefan Bellon - - * util.h [__riscos__]: RISC OS needs strings.h for strcasecmp() - and strncasecmp(). - -2002-05-22 Werner Koch - - * util.h: Add strncasecmp. Removed stricmp and memicmp. - -2002-05-10 Stefan Bellon - - * mpi.h: New function mpi_debug_alloc_like for M_DEBUG. - - * util.h [__riscos__]: Make use of __func__ that later - Norcroft compiler provides. - - * memory.h: Fixed wrong definition of m_alloc_secure_clear. - -2002-04-23 David Shaw - - * util.h: New function answer_is_yes_no_default() to give a - default answer. - -2002-04-22 Stefan Bellon - - * util.h [__riscos__]: Removed riscos_open, riscos_fopen and - riscos_fstat as those special versions aren't needed anymore. - -2002-02-19 David Shaw - - * keyserver.h: Add KEYSERVER_NOT_SUPPORTED for unsupported actions - (say, a keyserver that has no way to search, or a readonly - keyserver that has no way to add). - -2002-01-02 Stefan Bellon - - * util.h [__riscos__]: Updated prototype list. - - * types.h [__riscos__]: Changed comment wording. - -2001-12-27 David Shaw - - * KEYSERVER_SCHEME_NOT_FOUND should be 127 to match the POSIX - system() (via /bin/sh) way of signaling this. - - * Added G10ERR_KEYSERVER - -2001-12-27 Werner Koch - - * util.h [MINGW32]: Fixed name of include file. - -2001-12-22 Timo Schulz - - * util.h (is_file_compressed): New. - -2001-12-19 Werner Koch - - * util.h [CYGWIN32]: Allow this as an alias for MINGW32. Include - stdarg.h becuase we use the va_list type. By Disastry. - -2001-09-28 Werner Koch - - * cipher.h (PUBKEY_USAGE_CERT): New. - -2001-09-07 Werner Koch - - * util.h: Add strsep(). - -2001-08-30 Werner Koch - - * cipher.h (DEK): Added use_mdc. - -2001-08-24 Werner Koch - - * cipher.h (md_write): Made buf arg const. - -2001-08-20 Werner Koch - - * cipher.h (DEK): Added algo_info_printed; - - * util.h [__riscos__]: Added prototypes and made sure that we - never use __attribute__. - * cipher.h, iobuf.h, memory.h, mpi.h [__riscos__]: extern hack. - * i18n.h [__riscos__]: Use another include file - -2001-05-30 Werner Koch - - * ttyio.h (tty_printf): Add missing parenthesis for non gcc. - * http.h: Removed trailing comma to make old ccs happy. Both are - by Albert Chin. - -2001-05-25 Werner Koch - - * ttyio.h (tty_printf): Add printf attribute. - -2001-04-23 Werner Koch - - * http.h: New flag HTTP_FLAG_NO_SHUTDOWN. - -2001-04-13 Werner Koch - - * iobuf.h: Removed iobuf_fopen. - -2001-03-01 Werner Koch - - * errors.h (G10ERR_UNU_SECKEY,G10ERR_UNU_PUBKEY): New - -2000-11-30 Werner Koch - - * iobuf.h (iobuf_translate_file_handle): Add prototype. - -2000-11-11 Paul Eggert - - * iobuf.h (iobuf_get_filelength): Now returns off_t, not u32. - (struct iobuf_struct, iobuf_set_limit, - iobuf_tell, iobuf_seek): Use off_t, not ulong, for file offsets. - -2000-10-12 Werner Koch - - * mpi.h: Changed the way mpi_limb_t is defined. - -Wed Sep 6 17:55:47 CEST 2000 Werner Koch - - * iobuf.c (IOBUF_FILELENGTH_LIMIT): New. - -2000-03-14 14:03:43 Werner Koch (wk@habibti.openit.de) - - * types.h (HAVE_U64_TYPEDEF): Defined depending on configure test. - -Thu Jan 13 19:31:58 CET 2000 Werner Koch - - * types.h (HAVE_U64_TYPEDEF): Add a test for _LONGLONG which fixes - this long living SGI bug. Reported by Alec Habig. - -Sat Dec 4 12:30:28 CET 1999 Werner Koch - - * iobuf.h (IOBUFCTRL_CANCEL): Nww. - -Mon Oct 4 21:23:04 CEST 1999 Werner Koch - - * errors.h (G10ERR_NOT_PROCESSED): New. - -Wed Sep 15 16:22:17 CEST 1999 Werner Koch - - - * i18n.h: Add support for simple-gettext. - -Tue Jun 29 21:44:25 CEST 1999 Werner Koch - - - * util.h (stricmp): Use strcasecmp as replacement. - -Sat Jun 26 12:15:59 CEST 1999 Werner Koch - - - * cipher.h (MD_HANDLE): Assigned a structure name. - -Fri Apr 9 12:26:25 CEST 1999 Werner Koch - - * cipher.h (BLOWFISH160): Removed. - -Tue Apr 6 19:58:12 CEST 1999 Werner Koch - - * cipher.h (DEK): increased max. key length to 32 bytes - - -Sat Feb 20 21:40:49 CET 1999 Werner Koch - - * g10lib.h: Removed file and changed all files that includes this. - -Tue Feb 16 14:10:02 CET 1999 Werner Koch - - * types.h (STRLIST): Add field flags. - -Wed Feb 10 17:15:39 CET 1999 Werner Koch - - * cipher.h (CIPHER_ALGO_TWOFISH): Chnaged ID to 10 and renamed - the old experimenatl algorithm to xx_OLD. - -Thu Jan 7 18:00:58 CET 1999 Werner Koch - - * cipher.h (MD_BUFFER_SIZE): Removed. - -Mon Dec 14 21:18:49 CET 1998 Werner Koch - - * types.h: fix for SUNPRO_C - -Tue Dec 8 13:15:16 CET 1998 Werner Koch - - * mpi.h (MPI): Changed the structure name to gcry_mpi and - changed all users. - -Tue Oct 20 11:40:00 1998 Werner Koch (wk@isil.d.shuttle.de) - - * iobuf.h (iobuf_get_temp_buffer): New. - -Tue Oct 13 12:40:48 1998 Werner Koch (wk@isil.d.shuttle.de) - - * iobuf.h (iobuf_get): Now uses .nofast - (iobuf_get2): Removed. - -Mon Sep 14 09:17:22 1998 Werner Koch (wk@(none)) - - * util.h (HAVE_ATEXIT): New. - (HAVE_RAISE): New. - -Mon Jul 6 10:41:55 1998 Werner Koch (wk@isil.d.shuttle.de) - - * cipher.h (PUBKEY_USAGE_): New. - -Mon Jul 6 09:49:51 1998 Werner Koch (wk@isil.d.shuttle.de) - - * iobuf.h (iobuf_set_error): New. - (iobuf_error): New. - -Sat Jun 13 17:31:32 1998 Werner Koch (wk@isil.d.shuttle.de) - - * g10lib.h: New as interface for the g10lib. - -Mon Jun 8 22:14:48 1998 Werner Koch (wk@isil.d.shuttle.de) - - * cipher.h (CIPHER_ALGO_CAST5): Changed name from .. CAST - -Thu May 21 13:25:51 1998 Werner Koch (wk@isil.d.shuttle.de) - - * cipher.h: removed ROT 5 and changed one id and add dummy - -Tue May 19 18:09:05 1998 Werner Koch (wk@isil.d.shuttle.de) - - * cipher.h (DIGEST_ALGO_TIGER): Chnaged id from 101 to 6. - -Mon May 4 16:37:17 1998 Werner Koch (wk@isil.d.shuttle.de) - - * cipher.h (PUBKEY_ALGO_ELGAMAL_E): New, with value of the - old one. - * (is_ELGAMAL, is_RSA): New macros - -Sun Apr 26 14:35:24 1998 Werner Koch (wk@isil.d.shuttle.de) - - * types.h: New type u64 - -Mon Mar 9 12:59:55 1998 Werner Koch (wk@isil.d.shuttle.de) - - * cipher.h: Included dsa.h. - -Tue Mar 3 15:11:21 1998 Werner Koch (wk@isil.d.shuttle.de) - - * cipher.h (random.h): Add new header and move all relevalt - functions to this header. - - - Copyright 1998, 1999, 2000, 2001 Free Software Foundation, Inc. - - This file is free software; as a special exception the author gives - unlimited permission to copy and/or distribute it, with or without - modifications, as long as this notice is preserved. - - This file is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY, to the extent permitted by law; without even the - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/include/ChangeLog-2011 b/include/ChangeLog-2011 new file mode 100644 index 000000000..c4b44870b --- /dev/null +++ b/include/ChangeLog-2011 @@ -0,0 +1,455 @@ +2011-12-01 Werner Koch + + NB: ChangeLog files are no longer manually maintained. Starting + on December 1st, 2011 we put change information only in the GIT + commit log, and generate a top-level ChangeLog file from logs at + "make dist". See doc/HACKING for details. + +2011-02-01 Werner Koch + + * cipher.h (PUBKEY_MAX_NPKEY, PUBKEY_MAX_NSKEY): Bump up to + accommodate gcrypt ECC keys. + +2011-01-21 Werner Koch + + * cipher.h (GCRY_PK_USAGE_CERT): Remove compatibility macros + because we now require libgcrypt 1.4.6. + (GCRY_PK_ECDH): Add replacement. + +2009-08-20 Daiki Ueno (wk) + + * cipher.h (struct DEK): Add field S2K_CACHEID. + +2008-04-18 Werner Koch + + * cipher.h (CIPHER_ALGO_CAMELLIA256): Change ID to 13. + (CIPHER_ALGO_CAMELLIA192): New. + +2007-12-12 Werner Koch + + * cipher.h (CIPHER_ALGO_CAMELLIA128, CIPHER_ALGO_CAMELLIA256): New. + +2006-09-20 Werner Koch + + * errors.h, http.h, memory.h, mpi.h, util.h, i18n.h: Removed. + * Makefile.am: New. + * distfiles: Removed. + +2006-08-16 Werner Koch + + * keyserver.h: Moved to ../common. + * http.h: Retired. + +2006-04-28 Werner Koch + + * cipher.h (DIGEST_ALGO_SHA224): Define it. + +2006-04-18 Werner Koch + + * keyserver.h, i18n.h, http.h, cipher.h: Updated to gpg 1.4.3. + +2003-09-04 David Shaw + + * cipher.h: Drop TIGER/192 support. + + * types.h: Prefer using uint64_t when creating a 64-bit unsigned + type. This avoids a warning on compilers that support but complain + about unsigned long long. + + * util.h: Make sure that only ascii is passed to isfoo + functions. (From Werner on stable branch). + +2003-09-04 Werner Koch + + * cipher.h (PUBKEY_USAGE_AUTH): Added. + +2003-07-03 Werner Koch + + * cipher.h (DBG_CIPHER,g10c_debug_mode): Removed. + +2003-06-11 Werner Koch + + * cipher.h: Include gcrypt.h and mapped cipher algo names to + gcrypt ones. Removed twofish_old and skipjack. Removed all + handle definitions and other raerely used stuff. This file will + eventually be entirely removed. + +2003-06-10 Werner Koch + + * types.h (struct strlist): Removed. + +2003-05-24 David Shaw + + * cipher.h, i18n.h, iobuf.h, memory.h, mpi.h, types.h, util.h: + Edit all preprocessor instructions to remove whitespace before the + '#'. This is not required by C89, but there are some compilers + out there that don't like it. + +2003-05-14 David Shaw + + * types.h: Add initializer macros for 64-bit unsigned type. + +2003-05-02 David Shaw + + * cipher.h: Add constants for compression algorithms. + +2003-03-11 David Shaw + + * http.h: Add HTTP_FLAG_TRY_SRV. + +2003-02-11 David Shaw + + * types.h: Try and use uint64_t for a 64-bit type. + +2003-02-04 David Shaw + + * cipher.h: Add constants for new SHAs. + +2002-11-13 David Shaw + + * util.h [__CYGWIN32__]: Don't need the registry prototypes. From + Werner on stable branch. + +2002-11-06 David Shaw + + * util.h: Add wipememory2() macro (same as wipememory, but can + specify the byte to wipe with). + +2002-10-31 Stefan Bellon + + * util.h [__riscos__]: Prefixed all RISC OS prototypes with + riscos_* + + * zlib-riscos.h: New. This is macro magic in order to make the + zlib library calls indeed call the RISC OS ZLib module. + +2002-10-31 David Shaw + + * util.h: Add wipememory() macro. + +2002-10-29 Stefan Bellon + + * util.h: Added parameter argument to make_basename() needed for + filetype support. + [__riscos__]: Added prototype. + +2002-10-28 Stefan Bellon + + * util.h [__riscos__]: Added prototypes for new filetype support. + +2002-10-19 David Shaw + + * distfiles, _regex.h: Add _regex.h from glibc 2.3.1. + +2002-10-14 David Shaw + + * keyserver.h: Go to KEYSERVER_PROTO_VERSION 1. + +2002-10-08 David Shaw + + * keyserver.h: Add new error code KEYSERVER_UNREACHABLE. + +2002-10-03 David Shaw + + * util.h: Add new log_warning logger command which can be switched + between log_info and log_error via log_set_strict. + +2002-09-24 David Shaw + + * keyserver.h: Add some new error codes for better GPA support. + +2002-09-10 Werner Koch + + * mpi.h (mpi_is_protected, mpi_set_protect_flag) + (mpi_clear_protect_flag): Removed. + (mpi_get_nbit_info, mpi_set_nbit_info): Removed. + +2002-08-13 David Shaw + + * cipher.h: Add AES aliases for RIJNDAEL algo numbers. + +2002-08-07 David Shaw + + * cipher.h: Add md_algo_present(). + +2002-08-06 Stefan Bellon + + * util.h [__riscos__]: Added riscos_getchar(). + +2002-06-21 Stefan Bellon + + * util.h [__riscos__]: Further moving away of RISC OS specific + stuff from general code. + +2002-06-20 Stefan Bellon + + * util.h [__riscos__]: Added riscos_set_filetype(). + +2002-06-14 David Shaw + + * util.h: Add pop_strlist() from strgutil.c. + +2002-06-07 Stefan Bellon + + * util.h [__riscos__]: RISC OS needs strings.h for strcasecmp() + and strncasecmp(). + +2002-05-22 Werner Koch + + * util.h: Add strncasecmp. Removed stricmp and memicmp. + +2002-05-10 Stefan Bellon + + * mpi.h: New function mpi_debug_alloc_like for M_DEBUG. + + * util.h [__riscos__]: Make use of __func__ that later + Norcroft compiler provides. + + * memory.h: Fixed wrong definition of m_alloc_secure_clear. + +2002-04-23 David Shaw + + * util.h: New function answer_is_yes_no_default() to give a + default answer. + +2002-04-22 Stefan Bellon + + * util.h [__riscos__]: Removed riscos_open, riscos_fopen and + riscos_fstat as those special versions aren't needed anymore. + +2002-02-19 David Shaw + + * keyserver.h: Add KEYSERVER_NOT_SUPPORTED for unsupported actions + (say, a keyserver that has no way to search, or a readonly + keyserver that has no way to add). + +2002-01-02 Stefan Bellon + + * util.h [__riscos__]: Updated prototype list. + + * types.h [__riscos__]: Changed comment wording. + +2001-12-27 David Shaw + + * KEYSERVER_SCHEME_NOT_FOUND should be 127 to match the POSIX + system() (via /bin/sh) way of signaling this. + + * Added G10ERR_KEYSERVER + +2001-12-27 Werner Koch + + * util.h [MINGW32]: Fixed name of include file. + +2001-12-22 Timo Schulz + + * util.h (is_file_compressed): New. + +2001-12-19 Werner Koch + + * util.h [CYGWIN32]: Allow this as an alias for MINGW32. Include + stdarg.h becuase we use the va_list type. By Disastry. + +2001-09-28 Werner Koch + + * cipher.h (PUBKEY_USAGE_CERT): New. + +2001-09-07 Werner Koch + + * util.h: Add strsep(). + +2001-08-30 Werner Koch + + * cipher.h (DEK): Added use_mdc. + +2001-08-24 Werner Koch + + * cipher.h (md_write): Made buf arg const. + +2001-08-20 Werner Koch + + * cipher.h (DEK): Added algo_info_printed; + + * util.h [__riscos__]: Added prototypes and made sure that we + never use __attribute__. + * cipher.h, iobuf.h, memory.h, mpi.h [__riscos__]: extern hack. + * i18n.h [__riscos__]: Use another include file + +2001-05-30 Werner Koch + + * ttyio.h (tty_printf): Add missing parenthesis for non gcc. + * http.h: Removed trailing comma to make old ccs happy. Both are + by Albert Chin. + +2001-05-25 Werner Koch + + * ttyio.h (tty_printf): Add printf attribute. + +2001-04-23 Werner Koch + + * http.h: New flag HTTP_FLAG_NO_SHUTDOWN. + +2001-04-13 Werner Koch + + * iobuf.h: Removed iobuf_fopen. + +2001-03-01 Werner Koch + + * errors.h (G10ERR_UNU_SECKEY,G10ERR_UNU_PUBKEY): New + +2000-11-30 Werner Koch + + * iobuf.h (iobuf_translate_file_handle): Add prototype. + +2000-11-11 Paul Eggert + + * iobuf.h (iobuf_get_filelength): Now returns off_t, not u32. + (struct iobuf_struct, iobuf_set_limit, + iobuf_tell, iobuf_seek): Use off_t, not ulong, for file offsets. + +2000-10-12 Werner Koch + + * mpi.h: Changed the way mpi_limb_t is defined. + +Wed Sep 6 17:55:47 CEST 2000 Werner Koch + + * iobuf.c (IOBUF_FILELENGTH_LIMIT): New. + +2000-03-14 14:03:43 Werner Koch (wk@habibti.openit.de) + + * types.h (HAVE_U64_TYPEDEF): Defined depending on configure test. + +Thu Jan 13 19:31:58 CET 2000 Werner Koch + + * types.h (HAVE_U64_TYPEDEF): Add a test for _LONGLONG which fixes + this long living SGI bug. Reported by Alec Habig. + +Sat Dec 4 12:30:28 CET 1999 Werner Koch + + * iobuf.h (IOBUFCTRL_CANCEL): Nww. + +Mon Oct 4 21:23:04 CEST 1999 Werner Koch + + * errors.h (G10ERR_NOT_PROCESSED): New. + +Wed Sep 15 16:22:17 CEST 1999 Werner Koch + + + * i18n.h: Add support for simple-gettext. + +Tue Jun 29 21:44:25 CEST 1999 Werner Koch + + + * util.h (stricmp): Use strcasecmp as replacement. + +Sat Jun 26 12:15:59 CEST 1999 Werner Koch + + + * cipher.h (MD_HANDLE): Assigned a structure name. + +Fri Apr 9 12:26:25 CEST 1999 Werner Koch + + * cipher.h (BLOWFISH160): Removed. + +Tue Apr 6 19:58:12 CEST 1999 Werner Koch + + * cipher.h (DEK): increased max. key length to 32 bytes + + +Sat Feb 20 21:40:49 CET 1999 Werner Koch + + * g10lib.h: Removed file and changed all files that includes this. + +Tue Feb 16 14:10:02 CET 1999 Werner Koch + + * types.h (STRLIST): Add field flags. + +Wed Feb 10 17:15:39 CET 1999 Werner Koch + + * cipher.h (CIPHER_ALGO_TWOFISH): Chnaged ID to 10 and renamed + the old experimenatl algorithm to xx_OLD. + +Thu Jan 7 18:00:58 CET 1999 Werner Koch + + * cipher.h (MD_BUFFER_SIZE): Removed. + +Mon Dec 14 21:18:49 CET 1998 Werner Koch + + * types.h: fix for SUNPRO_C + +Tue Dec 8 13:15:16 CET 1998 Werner Koch + + * mpi.h (MPI): Changed the structure name to gcry_mpi and + changed all users. + +Tue Oct 20 11:40:00 1998 Werner Koch (wk@isil.d.shuttle.de) + + * iobuf.h (iobuf_get_temp_buffer): New. + +Tue Oct 13 12:40:48 1998 Werner Koch (wk@isil.d.shuttle.de) + + * iobuf.h (iobuf_get): Now uses .nofast + (iobuf_get2): Removed. + +Mon Sep 14 09:17:22 1998 Werner Koch (wk@(none)) + + * util.h (HAVE_ATEXIT): New. + (HAVE_RAISE): New. + +Mon Jul 6 10:41:55 1998 Werner Koch (wk@isil.d.shuttle.de) + + * cipher.h (PUBKEY_USAGE_): New. + +Mon Jul 6 09:49:51 1998 Werner Koch (wk@isil.d.shuttle.de) + + * iobuf.h (iobuf_set_error): New. + (iobuf_error): New. + +Sat Jun 13 17:31:32 1998 Werner Koch (wk@isil.d.shuttle.de) + + * g10lib.h: New as interface for the g10lib. + +Mon Jun 8 22:14:48 1998 Werner Koch (wk@isil.d.shuttle.de) + + * cipher.h (CIPHER_ALGO_CAST5): Changed name from .. CAST + +Thu May 21 13:25:51 1998 Werner Koch (wk@isil.d.shuttle.de) + + * cipher.h: removed ROT 5 and changed one id and add dummy + +Tue May 19 18:09:05 1998 Werner Koch (wk@isil.d.shuttle.de) + + * cipher.h (DIGEST_ALGO_TIGER): Chnaged id from 101 to 6. + +Mon May 4 16:37:17 1998 Werner Koch (wk@isil.d.shuttle.de) + + * cipher.h (PUBKEY_ALGO_ELGAMAL_E): New, with value of the + old one. + * (is_ELGAMAL, is_RSA): New macros + +Sun Apr 26 14:35:24 1998 Werner Koch (wk@isil.d.shuttle.de) + + * types.h: New type u64 + +Mon Mar 9 12:59:55 1998 Werner Koch (wk@isil.d.shuttle.de) + + * cipher.h: Included dsa.h. + +Tue Mar 3 15:11:21 1998 Werner Koch (wk@isil.d.shuttle.de) + + * cipher.h (random.h): Add new header and move all relevalt + functions to this header. + + + Copyright 1998, 1999, 2000, 2001 Free Software Foundation, Inc. + + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even the + implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +Local Variables: +buffer-read-only: t +End: diff --git a/include/Makefile.am b/include/Makefile.am index 09176ded2..4d733ba91 100644 --- a/include/Makefile.am +++ b/include/Makefile.am @@ -1 +1 @@ -EXTRA_DIST = cipher.h types.h host2net.h _regex.h +EXTRA_DIST = cipher.h types.h host2net.h _regex.h ChangeLog-2011 diff --git a/kbx/ChangeLog b/kbx/ChangeLog deleted file mode 100644 index 9e77118a5..000000000 --- a/kbx/ChangeLog +++ /dev/null @@ -1,385 +0,0 @@ -2011-04-28 Werner Koch - - * keybox-openpgp.c: Include ../common/openpgpdefs.h. - (enum packet_types): Remove. - (_keybox_parse_openpgp): Update NPARSED also on errors. - (parse_key): Take care of ecc algorithms. - * kbxutil.c (import_openpgp): Do not print an error for non-RSA v3 - packets. - -2010-07-23 Werner Koch - - * keybox-blob.c (_keybox_create_x509_blob): Fix reallocation bug. - -2010-04-20 Marcus Brinkmann - - * keybox-update.c [!HAVE_DOSISH_SYSTEM]: Include - ../common/sysutils.h even then to silence gcc warning about - missing declaration of gnupg_remove. - -2010-04-15 Werner Koch - - * keybox-blob.c: Include gettime.h - (make_timestamp): Remove. - -2010-03-23 Werner Koch - - * Makefile.am (extra_libs): New. - (kbxutil_LDADD): Use it. - - * keybox-update.c: [HAVE_DOSISH_SYSTEM]: Include sysutils.h. - (keybox_compress): Replace rewind by fseek+clearerr. - (rename_tmp_file, keybox_compress): s/remove/gnupg_remove/. - -2010-03-10 Werner Koch - - * Makefile.am (kbxutil_LDADD, $(PROGRAMS)): Remove libjnlib.a. - - * keybox-search.c, keybox-init.c, keybox-defs.h, kbxutil.c: - Replace "jnlib" include file part by "common". - -2010-03-08 Werner Koch - - Use macros for iobuf_ioctl commands. - -2009-12-08 Werner Koch - - * keybox-search-desc.h (keydb_search_desc): Use u32 type for - KID. Extend the skip function ptr. - (gpg_pkt_user_id_t): New. - * keybox-search.c (has_short_kid, has_long_kid): Change to use u32 - args for KID. - -2008-12-09 Werner Koch - - * kbxutil.c (main): Call i18n_init before init_common_subsystems. - -2008-11-20 Werner Koch - - * keybox-update.c (create_tmp_file) [USE_ONLY_8DOT3]: Use other - suffixes to avoid conflicts with gpg uses filenames. - -2008-11-11 Werner Koch - - * Makefile.am (kbxutil_LDADD): Change order of libs. - ($(PROGRAMS)): Ditto for documentation. - -2008-10-20 Werner Koch - - * keybox-update.c (blob_filecopy): Remove unused arg n_packets. - (keybox_insert_cert): Adjust for that. - (keybox_update_cert): Mark unused args. - (keybox_set_flags): Ditto. - * keybox-blob.c (create_blob_trailer): Ditto. - * keybox-search.c (keybox_get_flags): Ditto. - * keybox-dump.c (_keybox_dump_find_dups): Ditto. - * kbxutil.c (my_gcry_logger): Ditto. - -2008-05-06 Werner Koch - - * keybox-file.c (_keybox_read_blob2): Return GPG_ERR_TOO_SHORT if - we get an EOF for 2nd to 5th byte as a better error message. - - Always use gpg_error_from_syserror and gpg_err_code_from_syserror. - This is to avoid cases where we expect an error but due to an - errno set to 0 we get back a success status. - -2008-04-01 Werner Koch - - * keybox-init.c (keybox_new, keybox_release): Track used handles. - (_keybox_close_file): New. - * keybox-update.c (keybox_insert_cert, keybox_set_flags) - (keybox_delete, keybox_compress): Use the new close function. - -2008-03-13 Werner Koch - - * keybox-blob.c (x509_email_kludge): Use the same code as in - ..sm/keylist.c so that email parts are not only detected at the - start of the DN. Reported by Yoshiaki Kasahara. - -2007-08-24 Werner Koch - - * keybox-init.c (keybox_register_file): Use same_file_p. - -2007-08-23 Werner Koch - - * kbxutil.c: New commands --find-dups and --cut. New options - --from an --to. - * keybox-dump.c (hash_blob_rawdata): New. - (_keybox_dump_find_dups): New. - (open_file): Factor some code out to this. - (_keybox_dump_cut_records): New. - -2007-06-26 Werner Koch - - * kbxutil.c: Include init.h - -2007-06-15 Werner Koch - - * Makefile.am (kbxutil_LDADD): Add W32SOCKLIBS. - -2007-06-12 Werner Koch - - * kbxutil.c (main): Replace some calls by init_common_subsystems. - -2007-06-06 Werner Koch - - * kbxutil.c (i18n_init): Remove. - -2007-03-20 Werner Koch - - * keybox.h (KEYBOX_FLAG_BLOB_SECRET, KEYBOX_FLAG_BLOB_EPHEMERAL): - New. - * keybox-update.c (keybox_compress): Use it here instead of a - magic constant. - -2007-01-31 Werner Koch - - * Makefile.am (kbxutil_LDADD): Use GPG_ERROR_LIBS instead of -l. - Reordered args. - -2007-01-25 Werner Koch - - * Makefile.am (kbxutil_LDADD): Added LIBICONV. Noted by Billy - Halsey. - -2006-11-15 Werner Koch - - * kbxutil.c (dump_openpgp_key): Cast printf argument. - -2006-10-20 Werner Koch - - * keybox-search.c (blob_x509_has_grip, has_keygrip): New. - (keybox_search): Implement new search mode. - * keybox-search-desc.h (KEYDB_SEARCH_MODE_KEYGRIP): New. - (keydb_search_desc): New member GRIP. - -2006-09-20 Werner Koch - - * Makefile.am ($(PROGRAMS): New. - -2006-09-14 Werner Koch - - Replaced all call gpg_error_from_errno(errno) by - gpg_error_from_syserror(). - -2005-10-08 Marcus Brinkmann - - * Makefile.am (kbxutil_LDADD): Add ../gl/libgnu.a after - ../jnlib/libjnlib.a. - -2005-06-15 Werner Koch - - * keybox-file.c (_keybox_read_blob2): Make IMAGE unsigned. - (_keybox_write_blob): - - * keybox-blob.c (create_blob_finish, _keybox_create_x509_blob): - Fixed warnings about signed/unsigned pointer mismatches. - (x509_email_kludge): Ditto. - (_keybox_new_blob): Changed arg IMAGE to unsigned char *. - (_keybox_get_blob_image): Changed return type to unsigned char*. - -2005-06-01 Werner Koch - - * keybox-file.c (ftello) [!HAVE_FSEEKO]: New replacement - function. Copied from ../common/ftello.c. - * keybox-update.c (fseeko) [!HAVE_FSEEKO]: New replacement - function. Copied from ../common/iobuf.c. - -2004-12-18 Werner Koch - - * keybox-defs.h (map_assuan_err): Define in terms of - map_assuan_err_with_source. - -2004-12-07 Werner Koch - - * keybox-init.c (keybox_release): Close the file pointer. - -2004-11-26 Werner Koch - - * Makefile.am (kbxutil_LDADD): Add ../common/libcommon.a - - * keybox-defs.h: Include stringhelp.h. - -2004-09-30 Werner Koch - - * kbxutil.c (i18n_init): Always use LC_ALL. - - * Makefile.am: Adjusted for gettext 0.14. - -2004-08-24 Werner Koch - - * kbxutil.c: New command --import-openpgp. - (main): Updated libgcrypt initialization stuff. - (my_gcry_logger): New. - (read_file): New. Taken from ../agent/protect-tool. - (dump_fpr, dump_openpgp_key, import_openpgp): New. - - * keybox-openpgp.c: New. - -2004-06-18 Werner Koch - - * keybox-dump.c (_keybox_dump_file): New arg STATS_ONLY. - (update_stats): New. - * kbxutil.c (main): New command --stats. - -2004-04-23 Werner Koch - - * keybox-blob.c (_keybox_update_header_blob): New. - * keybox-update.c (blob_filecopy): Handle header blob. - * keybox-file.c (_keybox_read_blob2): New. Moved code from - _keybox_read_blob to there. - * keybox-dump.c (dump_header_blob): Print header info. - -2004-04-21 Werner Koch - - * keybox-search.c (_keybox_get_flag_location): Add flag - KEYBOX_FLAG_CREATED_AT. - * keybox-update.c (keybox_compress): New. - - * keybox-search.c (get32, get16, blob_get_type) - (blob_get_blob_flags, has_short_kid, has_long_kid) - (has_fingerprint, has_issuer, has_issuer_sn, has_sn, has_subject) - (has_subject_or_alt, has_mail): inline them. - - * keybox-update.c (blob_filecopy): Fixed an error/eof check - (s/if(fread)/if(nread)/). - - * keybox-dump.c (_keybox_dump_blob): Really print the timestamps. - -2004-04-20 Werner Koch - - * keybox-defs.h: Include jnlib/types.h and remove our own - definitions for byte.u16 and u32. - -2004-02-02 Werner Koch - - * keybox.h (keybox_flag_t): New. - * keybox-search.c (get_flag_from_image, keybox_get_flags): New. - (_keybox_get_flag_location): New. - -2003-11-12 Werner Koch - - Adjusted for API changes in Libksba. - - * keybox-blob.c: Include time.h - -2003-06-03 Werner Koch - - Changed all error codes in all files to the new libgpg-error scheme. - - * keybox-defs.h: Include gpg-error.h . - (KeyboxError): Removed. - * Makefile.am: Removed keybox-error.c stuff. - -2002-11-14 Werner Koch - - * keybox-search.c (blob_cmp_name) : Fixed - length compare; there is no 0 stored since nearly a year. - -2002-10-31 Neal H. Walfield - - * Makefile.am (AM_CPPFLAGS): Fix ytpo. - -2002-08-10 Werner Koch - - * keybox-search.c (blob_cmp_fpr_part): New. - (has_short_kid, has_long_kid): Implemented. - -2002-07-22 Werner Koch - - * keybox-defs.h: New BLOBTYPTE_EMPTY. - * keybox-dump.c (_keybox_dump_blob): Handle new type. - * keybox-file.c (_keybox_read_blob): Skip over empty blobs. Store - the file offset. - * keybox-blob.c (_keybox_new_blob): Add new arg OFF. - (_keybox_get_blob_fileoffset): New. - * keybox-update.c (keybox_delete): Implemented. - -2002-06-19 Werner Koch - - * keybox-init.c (keybox_set_ephemeral): New. - * keybox-blob.c (create_blob_header): Store ephemeral flag. - (_keybox_create_x509_blob): Pass epheermal flag on. - * keybox-update.c (keybox_insert_cert): Ditto. - * keybox-search.c (blob_get_blob_flags): New. - (keybox_search): Ignore ephemeral blobs when not in ephemeral mode. - - * keybox-dump.c (_keybox_dump_blob): Print blob flags as strings. - -2002-02-25 Werner Koch - - * keybox-search.c (blob_cmp_mail): Use case-insensitive compare - because mail addresses are in general case insensitive (well - RFC2822 allows for case sensitive mailbox parts, but this is in - general considired a Bad Thing). Add additional substr parameter - to allow for substring matches within the mail address. Change - all callers to pass this along. - (blob_cmp_name): Likewise but do the case-insensitive search only - in sub string mode. - (keybox_search): Implement MAILSUB and SUBSTR mode. - -2002-01-21 Werner Koch - - * keybox-search.c (keybox_search): Allow KEYDB_SEARCH_MODE_FPR20. - -2002-01-15 Werner Koch - - * keybox-search.c (blob_cmp_fpr): New. - (has_fingerprint): Implemented; - -2001-12-20 Werner Koch - - * keybox-blob.c (_keybox_create_x509_blob): Skip the leading - parenthesis of the serial number's S-exp. - (_keybox_create_x509_blob): And fixed length calculation. - (create_blob_header): Don't add an offset when writing the serial. - -2001-12-18 Werner Koch - - * Makefile.am (AM_CPPFLAGS): Add flags for libksba - - * keybox-blob.c (_keybox_create_x509_blob): Use - gcry_sexp_canon_len to get the length of the serial number. - (_keybox_release_blob): Need to use a new serialbuf to free the memory. - -2001-12-17 Werner Koch - - * keybox-search.c: Changed the way the serial number is - represented. - -2001-12-15 Werner Koch - - * keybox-search.c (blob_cmp_name): There is no terminating 0 stored - for the uid; fixed length compare. - -2001-12-14 Werner Koch - - * keybox-blob.c (x509_email_kludge): New. - (_keybox_create_x509_blob): Insert an extra email address if the - subject's DN has an email part. - * keybox-defs.h: Added the xtoi_2 and digitp macros. - -2001-12-13 Werner Koch - - * keybox-search.c (blob_cmp_name): Kludge to allow searching for - more than one name. - (has_subject_or_alt): New. - (blob_cmp_mail): New. - (has_mail): New. - (keybox_search): Implemented exact search and exact mail search. - - * kbx/keybox-blob.c (_keybox_create_x509_blob): Insert alternate - names. - - - Copyright 2001, 2002, 2003, 2004, 2005, 2006, - 2007, 2008, 2011 Free Software Foundation, Inc. - - This file is free software; as a special exception the author gives - unlimited permission to copy and/or distribute it, with or without - modifications, as long as this notice is preserved. - - This file is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY, to the extent permitted by law; without even the - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/kbx/ChangeLog-2011 b/kbx/ChangeLog-2011 new file mode 100644 index 000000000..7641f532f --- /dev/null +++ b/kbx/ChangeLog-2011 @@ -0,0 +1,396 @@ +2011-12-01 Werner Koch + + NB: ChangeLog files are no longer manually maintained. Starting + on December 1st, 2011 we put change information only in the GIT + commit log, and generate a top-level ChangeLog file from logs at + "make dist". See doc/HACKING for details. + +2011-04-28 Werner Koch + + * keybox-openpgp.c: Include ../common/openpgpdefs.h. + (enum packet_types): Remove. + (_keybox_parse_openpgp): Update NPARSED also on errors. + (parse_key): Take care of ecc algorithms. + * kbxutil.c (import_openpgp): Do not print an error for non-RSA v3 + packets. + +2010-07-23 Werner Koch + + * keybox-blob.c (_keybox_create_x509_blob): Fix reallocation bug. + +2010-04-20 Marcus Brinkmann + + * keybox-update.c [!HAVE_DOSISH_SYSTEM]: Include + ../common/sysutils.h even then to silence gcc warning about + missing declaration of gnupg_remove. + +2010-04-15 Werner Koch + + * keybox-blob.c: Include gettime.h + (make_timestamp): Remove. + +2010-03-23 Werner Koch + + * Makefile.am (extra_libs): New. + (kbxutil_LDADD): Use it. + + * keybox-update.c: [HAVE_DOSISH_SYSTEM]: Include sysutils.h. + (keybox_compress): Replace rewind by fseek+clearerr. + (rename_tmp_file, keybox_compress): s/remove/gnupg_remove/. + +2010-03-10 Werner Koch + + * Makefile.am (kbxutil_LDADD, $(PROGRAMS)): Remove libjnlib.a. + + * keybox-search.c, keybox-init.c, keybox-defs.h, kbxutil.c: + Replace "jnlib" include file part by "common". + +2010-03-08 Werner Koch + + Use macros for iobuf_ioctl commands. + +2009-12-08 Werner Koch + + * keybox-search-desc.h (keydb_search_desc): Use u32 type for + KID. Extend the skip function ptr. + (gpg_pkt_user_id_t): New. + * keybox-search.c (has_short_kid, has_long_kid): Change to use u32 + args for KID. + +2008-12-09 Werner Koch + + * kbxutil.c (main): Call i18n_init before init_common_subsystems. + +2008-11-20 Werner Koch + + * keybox-update.c (create_tmp_file) [USE_ONLY_8DOT3]: Use other + suffixes to avoid conflicts with gpg uses filenames. + +2008-11-11 Werner Koch + + * Makefile.am (kbxutil_LDADD): Change order of libs. + ($(PROGRAMS)): Ditto for documentation. + +2008-10-20 Werner Koch + + * keybox-update.c (blob_filecopy): Remove unused arg n_packets. + (keybox_insert_cert): Adjust for that. + (keybox_update_cert): Mark unused args. + (keybox_set_flags): Ditto. + * keybox-blob.c (create_blob_trailer): Ditto. + * keybox-search.c (keybox_get_flags): Ditto. + * keybox-dump.c (_keybox_dump_find_dups): Ditto. + * kbxutil.c (my_gcry_logger): Ditto. + +2008-05-06 Werner Koch + + * keybox-file.c (_keybox_read_blob2): Return GPG_ERR_TOO_SHORT if + we get an EOF for 2nd to 5th byte as a better error message. + + Always use gpg_error_from_syserror and gpg_err_code_from_syserror. + This is to avoid cases where we expect an error but due to an + errno set to 0 we get back a success status. + +2008-04-01 Werner Koch + + * keybox-init.c (keybox_new, keybox_release): Track used handles. + (_keybox_close_file): New. + * keybox-update.c (keybox_insert_cert, keybox_set_flags) + (keybox_delete, keybox_compress): Use the new close function. + +2008-03-13 Werner Koch + + * keybox-blob.c (x509_email_kludge): Use the same code as in + ..sm/keylist.c so that email parts are not only detected at the + start of the DN. Reported by Yoshiaki Kasahara. + +2007-08-24 Werner Koch + + * keybox-init.c (keybox_register_file): Use same_file_p. + +2007-08-23 Werner Koch + + * kbxutil.c: New commands --find-dups and --cut. New options + --from an --to. + * keybox-dump.c (hash_blob_rawdata): New. + (_keybox_dump_find_dups): New. + (open_file): Factor some code out to this. + (_keybox_dump_cut_records): New. + +2007-06-26 Werner Koch + + * kbxutil.c: Include init.h + +2007-06-15 Werner Koch + + * Makefile.am (kbxutil_LDADD): Add W32SOCKLIBS. + +2007-06-12 Werner Koch + + * kbxutil.c (main): Replace some calls by init_common_subsystems. + +2007-06-06 Werner Koch + + * kbxutil.c (i18n_init): Remove. + +2007-03-20 Werner Koch + + * keybox.h (KEYBOX_FLAG_BLOB_SECRET, KEYBOX_FLAG_BLOB_EPHEMERAL): + New. + * keybox-update.c (keybox_compress): Use it here instead of a + magic constant. + +2007-01-31 Werner Koch + + * Makefile.am (kbxutil_LDADD): Use GPG_ERROR_LIBS instead of -l. + Reordered args. + +2007-01-25 Werner Koch + + * Makefile.am (kbxutil_LDADD): Added LIBICONV. Noted by Billy + Halsey. + +2006-11-15 Werner Koch + + * kbxutil.c (dump_openpgp_key): Cast printf argument. + +2006-10-20 Werner Koch + + * keybox-search.c (blob_x509_has_grip, has_keygrip): New. + (keybox_search): Implement new search mode. + * keybox-search-desc.h (KEYDB_SEARCH_MODE_KEYGRIP): New. + (keydb_search_desc): New member GRIP. + +2006-09-20 Werner Koch + + * Makefile.am ($(PROGRAMS): New. + +2006-09-14 Werner Koch + + Replaced all call gpg_error_from_errno(errno) by + gpg_error_from_syserror(). + +2005-10-08 Marcus Brinkmann + + * Makefile.am (kbxutil_LDADD): Add ../gl/libgnu.a after + ../jnlib/libjnlib.a. + +2005-06-15 Werner Koch + + * keybox-file.c (_keybox_read_blob2): Make IMAGE unsigned. + (_keybox_write_blob): + + * keybox-blob.c (create_blob_finish, _keybox_create_x509_blob): + Fixed warnings about signed/unsigned pointer mismatches. + (x509_email_kludge): Ditto. + (_keybox_new_blob): Changed arg IMAGE to unsigned char *. + (_keybox_get_blob_image): Changed return type to unsigned char*. + +2005-06-01 Werner Koch + + * keybox-file.c (ftello) [!HAVE_FSEEKO]: New replacement + function. Copied from ../common/ftello.c. + * keybox-update.c (fseeko) [!HAVE_FSEEKO]: New replacement + function. Copied from ../common/iobuf.c. + +2004-12-18 Werner Koch + + * keybox-defs.h (map_assuan_err): Define in terms of + map_assuan_err_with_source. + +2004-12-07 Werner Koch + + * keybox-init.c (keybox_release): Close the file pointer. + +2004-11-26 Werner Koch + + * Makefile.am (kbxutil_LDADD): Add ../common/libcommon.a + + * keybox-defs.h: Include stringhelp.h. + +2004-09-30 Werner Koch + + * kbxutil.c (i18n_init): Always use LC_ALL. + + * Makefile.am: Adjusted for gettext 0.14. + +2004-08-24 Werner Koch + + * kbxutil.c: New command --import-openpgp. + (main): Updated libgcrypt initialization stuff. + (my_gcry_logger): New. + (read_file): New. Taken from ../agent/protect-tool. + (dump_fpr, dump_openpgp_key, import_openpgp): New. + + * keybox-openpgp.c: New. + +2004-06-18 Werner Koch + + * keybox-dump.c (_keybox_dump_file): New arg STATS_ONLY. + (update_stats): New. + * kbxutil.c (main): New command --stats. + +2004-04-23 Werner Koch + + * keybox-blob.c (_keybox_update_header_blob): New. + * keybox-update.c (blob_filecopy): Handle header blob. + * keybox-file.c (_keybox_read_blob2): New. Moved code from + _keybox_read_blob to there. + * keybox-dump.c (dump_header_blob): Print header info. + +2004-04-21 Werner Koch + + * keybox-search.c (_keybox_get_flag_location): Add flag + KEYBOX_FLAG_CREATED_AT. + * keybox-update.c (keybox_compress): New. + + * keybox-search.c (get32, get16, blob_get_type) + (blob_get_blob_flags, has_short_kid, has_long_kid) + (has_fingerprint, has_issuer, has_issuer_sn, has_sn, has_subject) + (has_subject_or_alt, has_mail): inline them. + + * keybox-update.c (blob_filecopy): Fixed an error/eof check + (s/if(fread)/if(nread)/). + + * keybox-dump.c (_keybox_dump_blob): Really print the timestamps. + +2004-04-20 Werner Koch + + * keybox-defs.h: Include jnlib/types.h and remove our own + definitions for byte.u16 and u32. + +2004-02-02 Werner Koch + + * keybox.h (keybox_flag_t): New. + * keybox-search.c (get_flag_from_image, keybox_get_flags): New. + (_keybox_get_flag_location): New. + +2003-11-12 Werner Koch + + Adjusted for API changes in Libksba. + + * keybox-blob.c: Include time.h + +2003-06-03 Werner Koch + + Changed all error codes in all files to the new libgpg-error scheme. + + * keybox-defs.h: Include gpg-error.h . + (KeyboxError): Removed. + * Makefile.am: Removed keybox-error.c stuff. + +2002-11-14 Werner Koch + + * keybox-search.c (blob_cmp_name) : Fixed + length compare; there is no 0 stored since nearly a year. + +2002-10-31 Neal H. Walfield + + * Makefile.am (AM_CPPFLAGS): Fix ytpo. + +2002-08-10 Werner Koch + + * keybox-search.c (blob_cmp_fpr_part): New. + (has_short_kid, has_long_kid): Implemented. + +2002-07-22 Werner Koch + + * keybox-defs.h: New BLOBTYPTE_EMPTY. + * keybox-dump.c (_keybox_dump_blob): Handle new type. + * keybox-file.c (_keybox_read_blob): Skip over empty blobs. Store + the file offset. + * keybox-blob.c (_keybox_new_blob): Add new arg OFF. + (_keybox_get_blob_fileoffset): New. + * keybox-update.c (keybox_delete): Implemented. + +2002-06-19 Werner Koch + + * keybox-init.c (keybox_set_ephemeral): New. + * keybox-blob.c (create_blob_header): Store ephemeral flag. + (_keybox_create_x509_blob): Pass epheermal flag on. + * keybox-update.c (keybox_insert_cert): Ditto. + * keybox-search.c (blob_get_blob_flags): New. + (keybox_search): Ignore ephemeral blobs when not in ephemeral mode. + + * keybox-dump.c (_keybox_dump_blob): Print blob flags as strings. + +2002-02-25 Werner Koch + + * keybox-search.c (blob_cmp_mail): Use case-insensitive compare + because mail addresses are in general case insensitive (well + RFC2822 allows for case sensitive mailbox parts, but this is in + general considired a Bad Thing). Add additional substr parameter + to allow for substring matches within the mail address. Change + all callers to pass this along. + (blob_cmp_name): Likewise but do the case-insensitive search only + in sub string mode. + (keybox_search): Implement MAILSUB and SUBSTR mode. + +2002-01-21 Werner Koch + + * keybox-search.c (keybox_search): Allow KEYDB_SEARCH_MODE_FPR20. + +2002-01-15 Werner Koch + + * keybox-search.c (blob_cmp_fpr): New. + (has_fingerprint): Implemented; + +2001-12-20 Werner Koch + + * keybox-blob.c (_keybox_create_x509_blob): Skip the leading + parenthesis of the serial number's S-exp. + (_keybox_create_x509_blob): And fixed length calculation. + (create_blob_header): Don't add an offset when writing the serial. + +2001-12-18 Werner Koch + + * Makefile.am (AM_CPPFLAGS): Add flags for libksba + + * keybox-blob.c (_keybox_create_x509_blob): Use + gcry_sexp_canon_len to get the length of the serial number. + (_keybox_release_blob): Need to use a new serialbuf to free the memory. + +2001-12-17 Werner Koch + + * keybox-search.c: Changed the way the serial number is + represented. + +2001-12-15 Werner Koch + + * keybox-search.c (blob_cmp_name): There is no terminating 0 stored + for the uid; fixed length compare. + +2001-12-14 Werner Koch + + * keybox-blob.c (x509_email_kludge): New. + (_keybox_create_x509_blob): Insert an extra email address if the + subject's DN has an email part. + * keybox-defs.h: Added the xtoi_2 and digitp macros. + +2001-12-13 Werner Koch + + * keybox-search.c (blob_cmp_name): Kludge to allow searching for + more than one name. + (has_subject_or_alt): New. + (blob_cmp_mail): New. + (has_mail): New. + (keybox_search): Implemented exact search and exact mail search. + + * kbx/keybox-blob.c (_keybox_create_x509_blob): Insert alternate + names. + + + Copyright 2001, 2002, 2003, 2004, 2005, 2006, + 2007, 2008, 2011 Free Software Foundation, Inc. + + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even the + implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +Local Variables: +buffer-read-only: t +End: diff --git a/keyserver/ChangeLog b/keyserver/ChangeLog deleted file mode 100644 index cc42a6426..000000000 --- a/keyserver/ChangeLog +++ /dev/null @@ -1,1348 +0,0 @@ -2011-01-20 Werner Koch - - * gpgkeys_hkp.c (get_name): Remove test for KS_GETNAME. It is - always true. - (search_key): Remove test for KS_GETNAME. It is always false. - -2009-08-26 Werner Koch - - * gpgkeys_hkp.c: Include util.h. - (send_key): Use strconcat to build KEY. - (appendable_path): New. - (get_name): Use strconcat to build REQUEST. - (search_key): Ditto. - - * ksutil.c: Include util.h. - (parse_ks_options): Use make_filename_try for the ca-cert-file arg. - -2009-07-06 David Shaw - - * gpgkeys_hkp.c (main, srv_replace): Minor tweaks to use the - DNS-SD names ("pgpkey-http" and "pgpkey-https") in SRV lookups - instead of "hkp" and "hkps". - -2009-06-24 Werner Koch - - * gpgkeys_ldap.c (send_key): Do not deep free a NULL modlist. - Reported by Fabian Keil. - -2009-05-28 David Shaw - - From 1.4: - - * curl-shim.c (curl_slist_append, curl_slist_free_all): New. - Simple wrappers around strlist_t to emulate the curl way of doing - string lists. - (curl_easy_setopt): Handle the curl HTTPHEADER option. - - * gpgkeys_curl.c, gpgkeys_hkp.c (main): Avoid caches to get the - most recent copy of the key. This is bug #1061. - -2009-05-27 David Shaw - - From 1.4: - - * gpgkeys_hkp.c (srv_replace): New function to transform a SRV - hostname to a real hostname. - (main): Call it from here for the HAVE_LIBCURL case (without - libcurl is handled via the curl-shim). - - * curl-shim.h, curl-shim.c (curl_easy_setopt, curl_easy_perform): - Add a CURLOPT_SRVTAG_GPG_HACK (passed through the the http - engine). - -2009-05-10 David Shaw - - From 1.4: - - * gpgkeys_hkp.c (send_key, get_key, get_name, search_key, main): - Add support for SSLized HKP. - - * curl-shim.h (curl_version): No need to provide a version for - curl-shim as it always matches the GnuPG version. - - * gpgkeys_curl.c, gpgkeys_hkp.c (main): Show which version of curl - we're using as part of --version. - - * gpgkeys_curl.c, gpgkeys_finger.c, gpgkeys_hkp.c, - gpgkeys_ldap.c (show_help): Document --version. - -2009-05-04 David Shaw - - * gpgkeys_mailto.in: Set 'mail-from' as a keyserver-option, rather - than the ugly ?from= syntax. - -2009-01-22 Werner Koch - - * Makefile.am (gpg2keys_curl_LDADD, gpg2keys_hkp_LDADD): Add all - standard libs. - -2008-10-20 Werner Koch - - * curl-shim.c (curl_global_init): Mark usused arg. - (curl_version_info): Ditto. - -2008-08-29 Werner Koch - - * gpgkeys_kdns.c: Changed copyright notice to the FSF. - -2008-04-21 Werner Koch - - * ksutil.c (w32_init_sockets) [HAVE_W32_SYSTEM]: New. - * curl-shim.c (curl_easy_init) [HAVE_W32_SYSTEM]: Call it. - * gpgkeys_finger.c: s/_WIN32/HAVE_W32_SYSTEM/. - (init_sockets): Remove. - (connect_server) [HAVE_W32_SYSTEM]: Call new function. - -2008-04-14 David Shaw - - * gpgkeys_curl.c (main), gpgkeys_hkp.c (main): Make sure all - libcurl number options are passed as long. - - * curl-shim.c (curl_easy_setopt): Minor tweak to match the real - curl better - libcurl uses 'long', not 'unsigned int'. - -2008-04-07 Werner Koch - - * gpgkeys_kdns.c: New. - * Makefile.am: Support kdns. - - * no-libgcrypt.c (gcry_strdup): Fix. It was not used. - -2008-03-25 Werner Koch - - * gpgkeys_ldap.c (build_attrs): Take care of char defaulting to - unsigned when using hextobyte. - -2007-10-25 David Shaw (wk) - - From 1.4 (July): - - * gpgkeys_ldap.c (main): Fix bug in setting up whether to verify - peer SSL cert. This used to work with older OpenLDAP, but is now - more strictly handled. - - * gpgkeys_ldap.c (search_key, main): Fix bug where searching for - foo bar (no quotes) on the command line resulted in searching for - "foo\2Abar" due to LDAP quoting. The proper search is "foo*bar". - -2007-06-11 Werner Koch - - * gpgkeys_hkp.c (send_key): Rename eof to r_eof as some Windows - header defines such a symbol. - (main): Likewise. - -2007-06-06 Werner Koch - - * gpgkeys_ldap.c (send_key, send_key_keyserver): Rename eof to - r_eof as some Windows file has such a symbol. - (main): Likewise. - -2007-05-07 Werner Koch - - * Makefile.am (gpg2keys_ldap_LDADD): Add GPG_ERROR_LIBS. - -2007-05-04 Werner Koch - - * gpgkeys_test.in: Rename to .. - * gpg2keys_test.in: .. this. - * gpgkeys_mailto.in: Rename to .. - * gpg2keys_mailto.in: .. this - * Makefile.am: Likewise - -2007-03-13 David Shaw - - From STABLE-BRANCH-1-4 - - * gpgkeys_curl.c (main): Use curl_version_info to verify that the - protocol we're about to use is actually available. - - * curl-shim.h, curl-shim.c (curl_free): Make into a macro. - (curl_version_info): New. Only advertises "http" for our shim, of - course. - -2007-03-09 David Shaw - - From STABLE-BRANCH-1-4 - - * gpgkeys_ldap.c (send_key): Missing a free(). - - * curl-shim.c (curl_easy_perform): Some debugging items that may - be handy. - -2006-12-03 David Shaw - - * gpgkeys_hkp.c (search_key): HKP keyservers like the 0x to be - present when searching by keyID. - -2006-11-22 Werner Koch - - * Makefile.am (gpg2keys_ldap_LDADD): Add jnlib. This is needed - for some replacement functions. - -2006-11-21 Werner Koch - - * curl-shim.c (curl_easy_perform): Made BUFLEN and MAXLNE a size_t. - -2006-11-05 David Shaw - - * gpgkeys_hkp.c (curl_mrindex_writer): Revert previous change. - Key-not-found still has a HTML response. - -2006-10-24 Marcus Brinkmann - - * Makefile.am (gpg2keys_ldap_CPPFLAGS): Rename second instance to ... - (gpg2keys_finger_CPPFLAGS): ... this. - -2006-10-20 Werner Koch - - * Makefile.am: Reporder macros for better readability. - (gpg2keys_finger_LDADD): Add GPG_ERROR_LIBS. - -2006-10-19 David Shaw - - * gpgkeys_hkp.c (curl_mrindex_writer): Print a warning if we see - HTML coming back from a MR hkp query. - -2006-10-17 Werner Koch - - * Makefile.am: Removed W32LIBS as they are included in NETLIBS. - Removed PTH_LIBS. - -2006-09-26 Werner Koch - - * curl-shim.c: Adjusted for changes in http.c. - (curl_easy_perform): Changed LINE from unsigned char* to char*. - - * Makefile.am (gpg2keys_curl_LDADD, gpg2keys_hkp_LDADD) - [FAKE_CURL]: Need to link against common_libs and pth. - - * curl-shim.h, curl-shim.c: Removed license exception as not - needed here. - -2006-09-22 Werner Koch - - * gpgkeys_curl.c, gpgkeys_hkp.c, gpgkeys_ldap.c, curl-shim.c: - * curl-shim.h, ksutil.c, ksutil.h: Add special license exception - for OpenSSL. This helps to avoid license conflicts if OpenLDAP or - cURL is linked against OpenSSL and we would thus indirectly link - to OpenSSL. This is considered a bug fix and forgives all - possible violations, pertaining to this issue, possibly occured in - the past. - - * no-libgcrypt.c: Changed license to a simple all permissive one. - - * Makefile.am (gpg2keys_ldap_LDADD): For license reasons do not - link against common_libs. - (gpg2keys_curl_LDADD, gpg2keys_hkp_LDADD): Ditto. - * ksutil.c (ks_hextobyte, ks_toupper, ks_strcasecmp): New. - Identical to the ascii_foo versions from jnlib. - * gpgkeys_ldap.c: Include assert.h. - (main): Replace BUG by assert. - (build_attrs): Use ks_hextobyte and ks_strcasecmp. - - * gpgkeys_finger.c (get_key): Resolved signed/unisgned char - mismatch. - -2006-09-19 Werner Koch - - * no-libgcrypt.c: New. Taken from ../tools. - * Makefile.am: Add no-libgcrypt to all sources. - -2006-09-06 Marcus Brinkmann - - * Makefile.am (AM_CFLAGS): Add $(GPG_ERROR_CFLAGS). - -2006-08-16 Werner Koch - - * Makefile.am: Renamed all binaries to gpg2keys_*. - (gpg2keys_ldap_CPPFLAGS): Add AM_CPPFLAGS. - -2006-08-15 Werner Koch - - * Makefile.am: Adjusted to the gnupg2 framework. - -2006-08-14 Werner Koch - - * curl-shil.c, curl-shim.h: Changed to make use of the new http.c - API. - - * curl-shim.c (curl_easy_perform): Add missing http_close to the - POST case. - -2006-07-24 David Shaw (wk) - - * curl-shim.c (curl_easy_perform): Minor cleanup of proxy code. - - * gpgkeys_hkp.c (send_key) - * gpgkeys_ldap.c (send_key, send_key_keyserver): Fix string - matching problem when the ascii armored form of the key happens to - match "KEY" at the beginning of the line. - -2006-04-26 David Shaw - - * gpgkeys_http.c, gpgkeys_oldhkp.c: Removed. - - * Makefile.am: Don't build gpgkeys_http or gpgkeys_(old)hkp any - longer as this is done via curl or fake-curl. - - * ksutil.h, ksutil.c, gpgkeys_hkp.c, gpgkeys_curl.c: Minor - #include tweaks as FAKE_CURL is no longer meaningful. - -2006-04-10 David Shaw - - * gpgkeys_ldap.c (ldap_quote, get_name, search_key): LDAP-quote - directly into place rather than mallocing temporary buffers. - - * gpgkeys_ldap.c (get_name): Build strings with strcat rather than - using sprintf which is harder to read and modify. - - * ksutil.h, ksutil.c (classify_ks_search): Add - KS_SEARCH_KEYID_SHORT and KS_SEARCH_KEYID_LONG to search for a key - ID. - - * gpgkeys_ldap.c (search_key): Use it here to flip from pgpUserID - searches to pgpKeyID or pgpCertID. - -2006-03-27 David Shaw - - * gpgkeys_ldap.c: #define LDAP_DEPRECATED for newer OpenLDAPs so - they use the regular old API that is compatible with other LDAP - libraries. - -2006-03-03 David Shaw - - * gpgkeys_ldap.c (main): Fix build problem with non-OpenLDAP LDAP - libraries that have TLS. - -2006-02-23 David Shaw - - * ksutil.c (init_ks_options): Default include-revoked and - include-subkeys to on, as gpg isn't doing this any longer. - -2006-02-22 David Shaw - - * gpgkeys_hkp.c (get_name): A GETNAME query turns exact=on to cut - down on odd matches. - -2006-02-21 David Shaw - - * gpgkeys_ldap.c (make_one_attr, build_attrs, send_key): Don't - allow duplicate attributes as OpenLDAP is now enforcing this. - - * gpgkeys_ldap.c (main): Add binddn and bindpw so users can pass - credentials to a remote LDAP server. - - * curl-shim.h, curl-shim.c (curl_easy_init, curl_easy_setopt, - curl_easy_perform): Mingw has 'stderr' as a macro? - - * curl-shim.h, curl-shim.c (curl_easy_init, curl_easy_setopt, - curl_easy_perform): Add CURLOPT_VERBOSE and CURLOPT_STDERR for - easier debugging. - -2006-01-16 David Shaw - - * gpgkeys_hkp.c (send_key): Do not escape the '=' in the HTTP POST - when uploading a key. - -2005-12-23 David Shaw - - * ksutil.h, ksutil.c (parse_ks_options): New keyserver command - "getname". - - * gpgkeys_hkp.c (main, get_name), gpgkeys_ldap.c (main, get_name): - Use it here to do direct name (rather than key ID) fetches. - -2005-12-19 David Shaw - - * ksutil.h, ksutil.c (curl_armor_writer, curl_writer, - curl_writer_finalize): New functionality to handle binary format - keys by armoring them for input to GPG. - - * gpgkeys_curl.c (get_key), gpgkeys_hkp.c (get_key): Call it here. - -2005-12-07 David Shaw - - * gpgkeys_finger.c (get_key), gpgkeys_curl.c (get_key): Better - language for the key-not-found error. - - * ksutil.c (curl_err_to_gpg_err): Add CURLE_OK and - CURLE_COULDNT_CONNECT. - - * gpgkeys_curl.c (get_key): Give key-not-found error if no data is - found (or file itself is not found) during a fetch. - -2005-12-06 David Shaw - - * curl-shim.c (curl_easy_perform): Fix build warning (code before - declaration). - -2005-11-02 David Shaw - - * gpgkeys_hkp.c (search_key): Fix warning with typecast (though - curl should really have defined that char * as const). - -2005-08-25 David Shaw - - * ksutil.h, ksutil.c (parse_ks_options): Remove exact-name and - exact-email. - (classify_ks_search): Mimic the gpg search modes instead with *, - =, <, and @. - - * gpgkeys_ldap.c (search_key), gpgkeys_hkp.c (search_key): Call - them here. Suggested by Jason Harris. - -2005-08-18 David Shaw - - * ksutil.h, ksutil.c (parse_ks_options): New keyserver-option - exact-name. The last of exact-name and exact-email overrides the - earlier. - - * gpgkeys_ldap.c (search_key), gpgkeys_hkp.c (search_key): Use it - here to do a name-only search. - - * gpgkeys_ldap.c (ldap_quote): \-quote a string for LDAP. - - * gpgkeys_ldap.c (search_key): Use it here to escape reserved - characters in searches. - -2005-08-17 David Shaw - - * ksutil.h, ksutil.c (parse_ks_options): New keyserver-option - exact-email. - - * gpgkeys_ldap.c (search_key), gpgkeys_hkp.c (search_key): Use it - here to do an email-only search. - -2005-08-08 David Shaw - - * Makefile.am: Include LDAP_CPPFLAGS when building LDAP. - -2005-08-03 David Shaw - - * gpgkeys_hkp.c (main), gpgkeys_curl.c (main), curl-shim.h: Show - version of curl (or curl-shim) when debug is set. - -2005-07-20 David Shaw - - * gpgkeys_curl.c (get_key, main): Don't try and be smart about - what protocols we handle. Directly pass them to curl or fake-curl - and see if an error comes back. - - * curl-shim.h, curl-shim.c (handle_error), ksutil.c - (curl_err_to_gpg_err): Add support for CURLE_UNSUPPORTED_PROTOCOL - in fake curl. - - * Makefile.am: Don't need -DFAKE_CURL any longer since it's in - config.h. - -2005-06-23 David Shaw - - * gpgkeys_mailto.in, gpgkeys_test.in: Use @VERSION@ so version - string stays up to date. - - * gpgkeys_http.c: Don't need to define HTTP_PROXY_ENV here since - it's in ksutil.h. - - * gpgkeys_curl.c (get_key, main), gpgkeys_hkp.c (main): Pass AUTH - values to curl or curl-shim. - - * curl-shim.c (curl_easy_perform), gpgkeys_curl.c (main), - gpgkeys_hkp.c (main): Use curl-style proxy semantics. - - * curl-shim.h, curl-shim.c (curl_easy_setopt, curl_easy_perform): - Add CURLOPT_USERPWD option for HTTP auth. - - * gpgkeys_http.c (get_key), gpgkeys_oldhkp (send_key, get_key, - search_key): No longer need to pass a proxyauth. - - * gpgkeys_http.c (get_key): Pass auth outside of the URL. - -2005-06-21 David Shaw - - * gpgkeys_http.c (get_key), gpgkeys_oldhkp.c (send_key, get_key, - search_key): Fix http_open/http_open_document calls to pass NULL - for auth and proxyauth since these programs pass them in the URL. - -2005-06-20 David Shaw - - * gpgkeys_hkp.c (append_path, send_key, get_key, search_key, - main), gpgkeys_oldhkp.c (main): Properly handle double slashes in - paths. - -2005-06-05 David Shaw - - * ksutil.c (init_ks_options, parse_ks_options): Provide a default - "/" path unless overridden by the config. Allow config to specify - items multiple times and take the last specified item. - -2005-06-04 David Shaw - - * gpgkeys_hkp.c, gpgkeys_oldhkp.c: Add support for HKP servers - that aren't at the root path. Suggested by Jack Bates. - -2005-06-01 David Shaw - - * ksutil.c [HAVE_DOSISH_SYSTEM]: Fix warnings on mingw32. Noted - by Joe Vender. - -2005-05-04 David Shaw - - * ksutil.h, ksutil.c: #ifdef so we can build without libcurl or - fake-curl. - -2005-05-03 David Shaw - - * gpgkeys_http.c: Need GET defined. - -2005-05-01 David Shaw - - * gpgkeys_hkp.c, gpgkeys_oldhkp.c, ksutil.h: Some minor cleanup - and comments as to the size of MAX_LINE and MAX_URL. - -2005-04-16 David Shaw - - * gpgkeys_hkp.c: New hkp handler that uses curl or curl-shim. - - * Makefile.am: Build new gpgkeys_hkp. - - * curl-shim.c (curl_easy_perform): Cleanup. - - * ksutil.h, ksutil.c (curl_writer), gpgkeys_curl.c (get_key): Pass - a context to curl_writer so we can support multiple fetches in a - single session. - - * curl-shim.h, curl-shim.c (handle_error, curl_easy_setopt, - curl_easy_perform): Add POST functionality to the curl shim. - - * curl-shim.h, curl-shim.c (curl_escape, curl_free): Emulate - curl_escape and curl_free. - - * gpgkeys_curl.c (main): If the http-proxy option is given without - any arguments, try to get the proxy from the environment. - - * ksutil.h, ksutil.c (curl_err_to_gpg_err, curl_writer): Copy from - gpgkeys_curl.c. - - * gpgkeys_oldhkp.c: Copy from gpgkeys_hkp.c. - -2005-03-22 David Shaw - - * gpgkeys_ldap.c, ksutil.h, ksutil.c (print_nocr): Moved from - gpgkeys_ldap.c. Print a string, but strip out any CRs. - - * gpgkeys_finger.c (get_key), gpgkeys_hkp.c (get_key), - gpgkeys_http.c (get_key): Use it here when outputting key material - to canonicalize line endings. - -2005-03-19 David Shaw - - * gpgkeys_ldap.c (main): Fix three wrong calls to fail_all(). - Noted by Stefan Bellon. - -2005-03-17 David Shaw - - * ksutil.c (parse_ks_options): Handle verbose=nnn. - - * Makefile.am: Calculate GNUPG_LIBEXECDIR directly. Do not - redefine $libexecdir. - - * gpgkeys_curl.c, gpgkeys_finger.c, gpgkeys_ldap.c: Start using - parse_ks_options and remove a lot of common code. - - * ksutil.h, ksutil.c (parse_ks_options): Parse OPAQUE, and default - debug with no arguments to 1. - -2005-03-16 David Shaw - - * gpgkeys_ldap.c: Include lber.h if configure determines we need - it. - - * ksutil.h, ksutil.c (ks_action_to_string): New. - (free_ks_options): Only free if options exist. - - * ksutil.h, ksutil.c (init_ks_options, free_ks_options, - parse_ks_options): Pull a lot of duplicated code into a single - options parser for all keyserver helpers. - -2005-02-11 David Shaw - - * curl-shim.c (curl_easy_perform): Fix compile warning. - - * curl-shim.h, gpgkeys_curl.c (main), gpgkeys_ldap.c (main): Add - ca-cert-file option, to pass in the SSL cert. - - * curl-shim.h, curl-shim.c: New. This is code to fake the curl - API in terms of the current HTTP iobuf API. - - * gpgkeys_curl.c [FAKE_CURL], Makefile.am: If FAKE_CURL is set, - link with the iobuf code rather than libcurl. - -2005-02-05 David Shaw - - * gpgkeys_finger.c (main), gpgkeys_hkp.c (main): Fix --version - output. - - * gpgkeys_curl.c (main): Make sure the curl handle is cleaned up - on failure. - -2005-02-01 David Shaw - - * gpgkeys_hkp.c (get_key), gpgkeys_http.c (get_key): Fix missing - http_close() calls. Noted by Phil Pennock. - - * ksutil.h: Up the default timeout to two minutes. - -2005-01-24 David Shaw - - * gpgkeys_ldap.c (print_nocr): New. - (get_key): Call it here to canonicalize line endings. - - * gpgkeys_curl.c (writer): Discard everything outside the BEGIN - and END lines when retrieving keys. Canonicalize line endings. - (main): Accept FTPS. - -2005-01-21 David Shaw - - * gpgkeys_ldap.c (main): Add "check-cert" option to disable SSL - certificate checking (which is on by default). - - * gpgkeys_curl.c (main): Add "debug" option to match the LDAP - helper. Add "check-cert" option to disable SSL certificate - checking (which is on by default). - -2005-01-18 David Shaw - - * gpgkeys_curl.c: Fix typo. - -2005-01-18 Werner Koch - - * gpgkeys_curl.c: s/MAX_PATH/URLMAX_PATH/g to avoid a clash with - the W32 defined macro. Removed unneeded initialization of static - variables. - * gpgkeys_http.c: Ditto. - * ksutil.h: s/MAX_PATH/URLMAX_PATH/. - -2005-01-17 David Shaw - - * gpgkeys_curl.c (main): Only allow specified protocols to use the - curl handler. - - * Makefile.am: Use LIBCURL_CPPFLAGS instead of LIBCURL_INCLUDES. - -2005-01-13 David Shaw - - * ksutil.h, gpgkeys_curl.c, gpgkeys_hkp.c, gpgkeys_ldap.c, - gpgkeys_finger.c, gpgkeys_http.c: Part 2 of the cleanup. Move all - the various defines to ksutil.h. - - * gpgkeys_finger.c, gpgkeys_hkp.c, gpgkeys_http.c, gpgkeys_ldap.c: - Part 1 of a minor cleanup to use #defines instead of hard-coded - sizes. - - * gpgkeys_finger.c (connect_server): Use INADDR_NONE instead of - SOCKET_ERROR. Noted by Timo. - -2005-01-09 David Shaw - - * gpgkeys_curl.c (get_key): Newer versions of libcurl don't define - TRUE. - -2004-12-24 David Shaw - - * gpgkeys_curl.c (main): Use new defines for opting out of certain - transfer protocols. Allow setting HTTP proxy via "http-proxy=foo" - option (there is natural support in libcurl for the http_proxy - environment variable). - - * Makefile.am: Remove the conditional since this is all handled in - autoconf now. - -2004-12-22 David Shaw - - * gpgkeys_curl.c (main): New "follow-redirects" option. Takes an - optional numeric value for the maximum number of redirects to - allow. Defaults to 5. - - * gpgkeys_curl.c (main), gpgkeys_finger.c (main), gpgkeys_hkp.c - (main), gpgkeys_http.c (main), gpgkeys_ldap.c (main): Make sure - that a "timeout" option passed with no arguments is properly - handled. - - * gpgkeys_curl.c (get_key, writer): New function to wrap around - fwrite to avoid DLL access problem on win32. - - * gpgkeys_http.c (main, get_key): Properly pass authentication - info through to the http library. - - * Makefile.am: Build gpgkeys_http or gpgkeys_curl as needed. - - * gpgkeys_curl.c (main, get_key): Minor tweaks to work with either - FTP or HTTP. - - * gpgkeys_ftp.c: renamed to gpgkeys_curl.c. - - * gpgkeys_ftp.c (main, get_key): Use auth data as passed by gpg. - Use CURLOPT_FILE instead of CURLOPT_WRITEDATA (same option, but - backwards compatible). - -2004-12-21 David Shaw - - * gpgkeys_ftp.c: New. - - * Makefile.am: Build it if requested. - -2004-12-14 Werner Koch - - * Makefile.am (install-exec-hook, uninstall-hook): Removed. For - Windows reasons we can't use the symlink trick. - -2004-12-03 David Shaw - - * Makefile.am: The harmless "ignored error" on gpgkeys_ldap - install on top of an existing install is bound to confuse people. - Use ln -s -f to force the overwrite. - -2004-10-28 David Shaw - - * gpgkeys_finger.c [_WIN32] (connect_server): Fix typo. - -2004-10-28 Werner Koch - - * Makefile.am (other_libs): New. Also include LIBICONV. Noted by - Tim Mooney. - -2004-10-28 Werner Koch - - * Makefile.am (other_libs): - -2004-10-18 David Shaw - - * gpgkeys_hkp.c (send_key, get_key, search_key): Use "hkp" instead - of "x-hkp" so it can be used as a SRV tag. - -2004-10-16 David Shaw - - * gpgkeys_finger.c [_WIN32] (connect_server): Fix typo. - -2004-10-15 Werner Koch - - * gpgkeys_ldap.c (main, show_help): Kludge to implement standard - GNU options. Factored help printing out. - * gpgkeys_finger.c (main, show_help): Ditto. - * gpgkeys_hkp.c (main, show_help): Ditto. - * gpgkeys_http.c (main, show_help): Ditto. - * gpgkeys_test.in, gpgkeys_mailto.in: Implement --version and --help. - - * Makefile.am: Add ksutil.h. - -2004-10-14 David Shaw - - * gpgkeys_finger.c (main): We do not support relay fingering - (i.e. "finger://relayhost/user@example.com"), but finger URLs are - occasionally miswritten that way. Give an error in this case. - -2004-10-14 Werner Koch - - * gpgkeys_finger.c (get_key): s/unsigned char/byte/ due - to a strange typedef for RISC OS. Noted by Stefan. - -2004-10-13 David Shaw - - * gpgkeys_ldap.c (main), gpgkeys_hkp.c (main), gpgkeys_http.c - (main), gpgkeys_finger.c (main): Call timeout functions before - performing an action that could block for a long time. - - * ksutil.h, ksutil.c: New. Right now just contains timeout - functions. - -2004-10-11 David Shaw - - * gpgkeys_finger.c, gpgkeys_hkp.c, gpgkeys_http.c, gpgkeys_ldap.c: - Fix a few occurances of "filename" to `filename'. - -2004-10-11 Werner Koch - - * gpgkeys_finger.c: New. - -2004-08-27 Stefan Bellon - - * gpgkeys_hkp.c (search_key): Fix the prior faulty fix by - introducing a cast but leaving skey unsigned. - - * gpgkeys_hkp.c (search_key): Change type of variable skey from - unsigned char* to char* to fix type incompatibility. - -2004-08-23 David Shaw - - * gpgkeys_ldap.c (get_key, search_key), gpgkeys_hkp.c (get_key, - search_key), gpgkeys_http.c (get_key): Do not give informational - logs since this is now done inside gpg. - - * gpgkeys_hkp.c (dehtmlize): Understand the quote character - (i.e. """) in HTML responses. - (search_key): Search key must be unsigned for url encoder to work - properly for 8-bit values. - - * gpgkeys_ldap.c (get_key): Factor out informational display into - new function build_info(). - - * gpgkeys_ldap.c (build_attrs): Properly terminate user ID strings - that got shrunk due to encoding. - -2004-08-22 David Shaw - - * gpgkeys_ldap.c (find_basekeyspacedn): Use LDAP_SCOPE_BASE along - with a full DN rather than LDAP_SCOPE_ONELEVEL plus a filter to - find the pgpServerInfo object. Some LDAP setups don't like the - search. - (main): Stop binding to the server since it seems no server really - requires it, and some require it not be there. - -2004-07-29 David Shaw - - * gpgkeys_ldap.c (main): Add "debug" option. This is only really - useful with OpenLDAP, but it's practically vital to debug SSL and - TLS setups. Add "basedn" option. This allows users to override - the autodetection for base DN. SSL overrides TLS, so TLS will not - be started on SSL connections (starting an already started car). - -2004-07-28 David Shaw - - * gpgkeys_ldap.c (build_attrs): Add "pgpKeySize" and "pgpSubKeyID" - attributes so we can do subkey searches. - - * gpgkeys_ldap.c (main): Under certain error conditions, we might - try and unbind twice. Don't. - - * gpgkeys_ldap.c (join_two_modlists): New. - (send_key): Use new function so we can try a modify operation - first, and fail over to an add if that fails. Add cannot cope - with the NULLs at the head of the modify request, so we jump into - the list in the middle. - -2004-07-27 David Shaw - - * gpgkeys_ldap.c (main): Don't try and error out before making a - ldaps connection to the NAI keyserver since we cannot tell if it - is a NAI keyserver until we connect. Fail if we cannot find a - base keyspace DN. Fix a false success message for TLS being - enabled. - -2004-07-20 Werner Koch - - * gpgkeys_ldap.c [_WIN32]: Include Windows specific header files. - Suggested by Brian Gladman. - -2004-05-26 David Shaw - - * gpgkeys_http.c: General polish and removal of leftover stuff - from gpgkeys_hkp.c. - -2004-05-21 David Shaw - - * gpgkeys_http.c (get_key): Cosmetic fix - make sure that URLs - with no path use a path of "/". - - * gpgkeys_ldap.c (ldap2epochtime): We can always rely on timegm() - being available now, since it's a replacement function. - -2004-05-20 David Shaw - - * gpgkeys_http.c: New program to do a simple HTTP file fetch using - the keyserver interface. - - * Makefile.am: Build it. - -2004-02-28 David Shaw - - * Makefile.am: Don't split LDADD across two lines since some make - programs can't handle blank lines after a \ continuation. Noted - by Christoph Moench-Tegeder. - -2004-02-25 David Shaw - - * gpgkeys_ldap.c (send_key): List pgpCertID as one of the deleted - attributes. This guarantees that if something goes wrong, we - won't be able to complete the transaction, thus leaving any key - already existing on the server intact. - -2004-02-23 David Shaw - - * gpgkeys_ldap.c (delete_one_attr): Removed. - (make_one_attr): Delete functionality added. Optional deduping - functionality added (currently only used for pgpSignerID). - (build_attrs): Translate sig entries into pgpSignerID. Properly - build the timestamp for pgpKeyCreateTime and pgpKeyExpireTime. - -2004-02-22 David Shaw - - * gpgkeys_ldap.c (delete_one_attr): New function to replace - attributes with NULL (a "delete" that works even for nonexistant - attributes). - (send_key): Use it here to remove attributes so a modify operation - starts with a clean playing field. Bias sends to modify before - add, since (I suspect) people update their existing keys more - often than they make and send new keys to the server. - -2004-02-21 David Shaw - - * gpgkeys_ldap.c (epoch2ldaptime): New. Converse of - ldap2epochtime. - (make_one_attr): New. Build a modification list in memory to send - to the LDAP server. - (build_attrs): New. Parse INFO lines sent over by gpg. - (free_mod_values): New. Unwinds a modification list. - (send_key_keyserver): Renamed from old send_key(). - (send_key): New function to send a key to a LDAP server. - (main): Use send_key() for real LDAP servers, send_key_keyserver() - otherwise. - -2004-02-20 David Shaw - - * gpgkeys_ldap.c: Replacement prototypes for setenv and unsetenv. - (search_key): Catch a SIZELIMIT_EXCEEDED error and show the user - whatever the server did give us. - (find_basekeyspacedn): There is no guarantee that namingContexts - will be readable. - - * Makefile.am: Link gpgkeys_ldap with libutil.a to get the - replacement functions (and eventually translations, etc). - -2004-02-19 David Shaw - - * gpgkeys_ldap.c (ldap2epochtime): LDAP timestamps are UTC, so do - not correct for timezones. - (main): Find the basekeyspacedn before we try to start TLS, so we - can give a better error message when a user tries to use TLS with - a LDAP keyserver. - - * Makefile.am: Add automake conditionals to symlink gpgkeys_ldaps - to gpgkeys_ldap when needed. - - * gpgkeys_ldap.c (main): Add support for LDAPS and TLS - connections. These are only useful and usable when talking to - real LDAP keyservers. Add new "tls" option to tune TLS use from - off, to try quietly, to try loudly, or to require TLS. - - * gpgkeys_ldap.c (find_basekeyspacedn): New function to figure out - what kind of LDAP server we're talking to (either real LDAP or the - LDAP keyserver), and return the baseKeySpaceDN to find keys under. - (main): Call it from here, and remove the old code that only - handled the LDAP keyserver. - -2004-02-18 David Shaw - - * gpgkeys_ldap.c (ldap_to_gpg_err): Make sure that - LDAP_OPT_ERROR_NUMBER is defined before we use it. - - * gpgkeys_mailto.in: Fix VERSION number. - -2004-01-13 Werner Koch - - * gpgkeys_hkp.c (send_key): Add a content type. - -2004-01-11 David Shaw - - * gpgkeys_hkp.c (search_key): Catch a mangled input file (useful - if something other than GnuPG is calling the program). - (main): Avoid possible pre-string write. Noted by Christian - Biere. - - * gpgkeys_ldap.c (main): Avoid possible pre-string write. - -2003-12-28 David Shaw - - * gpgkeys_hkp.c (send_key, get_key, main): Work with new HTTP code - that passes the proxy in from the outside. If the command file - sends a proxy, use it. If it sends "http-proxy" with no - arguments, use $http_proxy from the environment. Suggested by - Christian Biere. - -2003-12-28 Stefan Bellon - - * gpgkeys_hkp.c, gpgkeys_ldap.c [__riscos__]: Removal of - unnecessary #ifdef __riscos__ sections. - -2003-11-27 Werner Koch - - * gpgkeys_hkp.c (get_key): Fixed invalid use of fprintf without - format string. - -2003-10-25 Werner Koch - - * Makefile.am (gpgkeys_hkp_LDADD): Replaced INTLLIBS by LIBINTL. - -2003-07-10 David Shaw - - * Makefile.am: Use W32LIBS where appropriate. - -2003-05-30 David Shaw - - * gpgkeys_hkp.c, gpgkeys_ldap.c: #include if it is - available. Also include extern references for optarg and optind - since there is no guarantee that any header file will include - them. Standards? We don't need no stinkin' standards. - - * Makefile.am: Use @GETOPT@ to pull in libiberty on those - platforms that need it. - -2003-04-08 David Shaw - - * gpgkeys_hkp.c (dehtmlize, parse_hkp_index): Fix memory - corruption bug on some platforms. - -2003-03-11 David Shaw - - * gpgkeys_hkp.c (get_key): Properly handle CRLF line endings in - the armored key. - (main): Accept "try-dns-srv" option. - - * Makefile.am: Use @CAPLIBS@ to link in -lcap if we are using - capabilities. Use @SRVLIBS@ to link in the resolver if we are - using DNS SRV. - -2003-02-11 David Shaw - - * Makefile.am: Use a local copy of libexecdir along with @PACKAGE@ - so it can be easily overridden at make time. - -2003-01-29 David Shaw - - * gpgkeys_mailto.in: Fix regexp to work properly if the "keyid" is - not a keyid, but rather a text string from the user ID. - -2003-01-06 David Shaw - - * gpgkeys_hkp.c (get_key): Use options=mr when getting a key so - keyserver doesn't attach the HTML header which we will just have - to discard. - -2002-11-17 David Shaw - - * gpgkeys_ldap.c (main), gpgkeys_hkp.c (main): Use new keyserver - protocol version. - -2002-11-14 David Shaw - - * gpgkeys_ldap.c (get_key): The deduping code requires - "pgpcertid", but that was not available when running without - verbose on. Noted by Stefan. - -2002-11-10 David Shaw - - * gpgkeys_ldap.c (get_key): Fix typo in deduping code. - -2002-11-05 David Shaw - - * gpgkeys_ldap.c (key_in_keylist, add_key_to_keylist, - free_keylist, get_key, search_key): The LDAP keyserver doesn't - remove duplicates, so remove them locally. Do not include the key - modification time in the search response. - -2002-11-04 David Shaw - - * gpgkeys_hkp.c (send_key), gpgkeys_ldap.c (send_key): Properly - handle an input file that does not include any key data at all. - -2002-10-24 David Shaw - - * gpgkeys_hkp.c (main), gpgkeys_ldap.c (main): Add -V flag to - output protocol and program version. - -2002-10-21 David Shaw - - * Makefile.am: Anything linking with libutil.a needs INTLLIBS as - well on platforms where INTLLIBS is set. - -2002-10-14 David Shaw - - * gpgkeys_hkp.c (write_quoted): Use %-encoding instead of - \-encoding. - (parse_hkp_index): Use new keyserver key listing format, and add - support for disabled keys via include-disabled. - - * gpgkeys_ldap.c (get_key): Don't print keysize unless it's >0. - (printquoted): Use %-encoding instead of \-encoding. - (search_key): Use new keyserver key listing format. - -2002-10-08 David Shaw - - * gpgkeys_ldap.c (search_key, main): Make sure LDAP values are - freed in case of error. - - * gpgkeys_ldap.c (fail_all): New function to unwind a keylist and - error each item. - (main): Call fail_all from here, as needed. Also add a NO_MEMORY - error in an appropriate place and fix error return code. - (ldap_err_to_gpg_err): Add KEYSERVER_UNREACHABLE. - - * gpgkeys_hkp.c (fail_all): New function to unwind a keylist and - error each item. - (main): Call fail_all from here. Also add a NO_MEMORY error in an - appropriate place. - (get_key): Use new UNREACHABLE error for network errors. - -2002-09-26 Werner Koch - - * gpgkeys_ldap.c (send_key): Removed non-constant initializers. - -2002-09-24 David Shaw - - * gpgkeys_ldap.c (ldap_err_to_gpg_err, ldap_to_gpg_err, send_key, - get_key, search_key, main): Some minor error reporting - enhancements for use with GPA (show reasons for KEY FAILED). - - * gpgkeys_hkp.c (send_key, get_key, search_key, main): Some minor - error reporting enhancements for use with GPA (show reasons for - KEY FAILED). - -2002-09-20 Werner Koch - - * gpgkeys_hkp.c (handle_old_hkp_index): s/input/inp/ to avoid - shadowing warning. - -2002-09-19 David Shaw - - * gpgkeys_hkp.c (get_key, handle_old_hkp_index, search_key): - Properly handle line truncation. - -2002-09-16 David Shaw - - * gpgkeys_mailto.in: Add quasi-RFC-2368 mailto:email@addr?from= - syntax so people can set their own email address to respond to. - - * gpgkeys_hkp.c (get_key): Properly respond with KEY FAILED (to - gpg) and "key not found" (to user) on failure. - -2002-09-13 David Shaw - - * gpgkeys_hkp.c: (search_key, handle_old_hkp_index): Try and - request a machine-readable key index. If the server supports - this, pass it through. If the server does not support it, parse - the "index" page. - -2002-09-12 Stefan Bellon - - * gpgkeys_hkp.c: Tidied up RISC OS initializations. - -2002-09-12 David Shaw - - * gpgkeys_hkp.c (main): Remove warning - this is no longer - experimental code. - -2002-09-09 Werner Koch - - * gpgkeys_hkp.c (send_key, get_key, search_key): Check return - value of malloc. - (dehtmlize): Use ascii_tolower to protect against weird locales. - Cast the argument for isspace for the sake of broken HP/UXes. - (search_key): Check return value of realloc. - -2002-09-09 David Shaw - - * gpgkeys_ldap.c (get_key): Some compilers (RISC OS, HPUX c89) - don't like using variables as array initializers. - - * gpgkeys_hkp.c (send_key): Use CRLF in headers. - -2002-08-28 David Shaw - - * gpgkeys_hkp.c (parse_hkp_index): Use same types on all - platforms. This was probably leftover from earlier code where the - typing mattered. - - * gpgkeys_hkp.c: Overall cleanup from iobuf conversion. Be - consistent in m_alloc and malloc usage. Remove include-disabled - (meaningless on HKP). RISC OS tweak. - -2002-08-27 David Shaw - - * gpgkeys_hkp.c, Makefile.am: Convert over to using iobufs. - - * gpgkeys_hkp.c (http_get, http_post): Use CRLF for line endings. - - * gpgkeys_hkp.c: Include util.h on RISC OS as per Stefan. Include - a replacement for hstrerror() for those platforms (such as RISC - OS) that don't have it. - -2002-08-26 David Shaw - - * Makefile.am: May as well include gpgkeys_hkp.c in the - distribution now. It works well enough without proxies, and isn't - built by default. It would be good to get some test experience - with it. - - * gpgkeys_hkp.c (main): Don't warn about include-subkeys - it - isn't unsupported, it's actually non-meaningful in the context of - HKP (yet). - - * gpgkeys_hkp.c (parse_hkp_index, dehtmlize): Move HTML - functionality into new "dehtmlize" function. Remove HTML before - trying to parse each line from the keyserver. If the keyserver - provides key type information in the listing, use it. (Copy over - from g10/hkp.c). - -2002-08-19 David Shaw - - * gpgkeys_hkp.c (get_key, parse_hkp_index): Bring over latest code - from g10/hkp.c. - - * gpgkeys_ldap.c (get_key): Fix cosmetic URL display problem - (extra ":" at the end). - -2002-08-03 Stefan Bellon - - * gpgkeys_ldap.c: Tidied up RISC OS initializations. - -2002-07-25 David Shaw - - * gpgkeys_hkp.c: "Warning" -> "WARNING" - -2002-07-24 David Shaw - - * Makefile.am: Install keyserver helpers in @GNUPG_LIBEXECDIR@ - -2002-07-15 David Shaw - - * gpgkeys_ldap.c (send_key, get_key, main): Consult the server - version string to determine whether to use pgpKey or pgpKeyV2. - -2002-07-09 David Shaw - - * gpgkeys_mailto.in: Use new OPAQUE tag for non net-path URIs. - Fail more elegantly if there is no email address to send to. Show - the GnuPG version in the message body. - -2002-07-04 David Shaw - - * gpgkeys_ldap.c (get_key), gpgkeys_hkp.c (get_key): Display - keyserver URI as a URI, but only if verbose. - -2002-07-01 David Shaw - - * gpgkeys_hkp.c (parse_hkp_index): Error if the keyserver returns - an unparseable HKP response. - - * gpgkeys_hkp.c (main): Warn on honor-http-proxy, - broken-http-proxy, and include-subkeys (not supported yet). - - * gpgkeys_ldap.c (main), gpgkeys_hkp.c (http_connect, main): Fix - some shadowing warnings. - -2002-06-11 David Shaw - - * Makefile.am: Don't hard-code the LDAP libraries - get them from - LDAPLIBS via configure. Also, gpgkeys_hkp is a program, not a - script. - -2002-06-10 David Shaw - - * gpgkeys_ldap.c (include_subkeys): Default "include-subkeys" to - off, since GnuPG now defaults it to on. - -2002-06-06 David Shaw - - * gpgkeys_hkp.c (parse_hkp_index): Type tweaks. - - * gpgkeys_hkp.c (main): Add experimental code warning. - -2002-06-05 David Shaw - - * Makefile.am, gpgkeys_hkp.c (new): Experimental HKP keyserver - interface. - -2002-05-08 David Shaw - - * gpgkeys_ldap.c: Include if we absolutely must. This - helps when compiling against a very old OpenLDAP. - -2002-04-29 David Shaw - - * gpgkeys_mailto.in: Properly handle key requests in full - fingerprint form. - -2002-03-29 David Shaw - - * gpgkeys_ldap.c (printquoted): Quote backslashes within keyserver - search responses. - -2002-02-25 David Shaw - - * gpgkeys_ldap (get_key): LDAP keyservers do not support v3 - fingerprints, so error out if someone tries. Actually, they don't - support any fingerprints, but at least we can calculate a keyid - from a v4 fingerprint. - -2002-02-23 David Shaw - - * gpgkeys_ldap: Clarify the notion of a partial failure. This is - possible if more than one key is being handled in a batch, and one - fails while the other succeeds. Note that a search that comes up - with no results is not a failure - that is a valid response of "no - answer". - - * gpgkeys_ldap.c (get_key): Allow GnuPG to send us full v4 - fingerprints, long key ids, or short key ids while fetching. - Since the LDAP server doesn't actually handle fingerprints, chop - them down to long key ids for actual use. - - * gpgkeys_ldap.c (main, get_key): When searching for a keyid, - search for subkeys as well as primary keys. This is mostly - significant when automatically fetching the key based on the id in - a header (i.e. "signature made by...."). "no-include-subkeys" - disables. - -2002-02-14 David Shaw - - * gpgkeys_ldap.c: Fix compiler warning. - - * gpgkeys_ldap.c: Be much more robust with mangled input files. - -2001-12-28 David Shaw - - * gpgkeys_mailto.in: Use the new OUTOFBAND indicator so gpg knows - not to try and import anything. Also turn on perl -w for - warnings. - - * gpgkeys_ldap.c (main): If we're using temp files (rather than - stdin/stdout), make sure the file is closed when we're done. - -2001-12-20 David Shaw - - * Properly free the LDAP response when we're done with it. - - * Now that we handle multiple keys, we must remove duplicates as - the LDAP keyserver returns keys with multiple user IDs multiple - times. - - * Properly handle multiple keys with the same key ID (it's really - rare, so fetch "0xDEADBEEF" to test this). - -2001-12-17 David Shaw - - * gpgkeys_ldap.c, gpgkeys_mailto.in: Fix GNU capitalization - issues. Prefix log messages with "gpgkeys" to clarify which - program is generating them. - -2001-12-14 David Shaw - - * gpgkeys_ldap.c (search_key): Use unsigned int rather than uint - for portability. - -2001-12-04 David Shaw - - * Initial version of gpgkeys_ldap (LDAP keyserver helper) and - gpgkeys_mailto (email keyserver helper) - - - Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, - 2007 Free Software Foundation, Inc. - - This file is free software; as a special exception the author gives - unlimited permission to copy and/or distribute it, with or without - modifications, as long as this notice is preserved. - - This file is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY, to the extent permitted by law; without even the - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/keyserver/ChangeLog-2011 b/keyserver/ChangeLog-2011 new file mode 100644 index 000000000..01cca41c3 --- /dev/null +++ b/keyserver/ChangeLog-2011 @@ -0,0 +1,1359 @@ +2011-12-01 Werner Koch + + NB: ChangeLog files are no longer manually maintained. Starting + on December 1st, 2011 we put change information only in the GIT + commit log, and generate a top-level ChangeLog file from logs at + "make dist". See doc/HACKING for details. + +2011-01-20 Werner Koch + + * gpgkeys_hkp.c (get_name): Remove test for KS_GETNAME. It is + always true. + (search_key): Remove test for KS_GETNAME. It is always false. + +2009-08-26 Werner Koch + + * gpgkeys_hkp.c: Include util.h. + (send_key): Use strconcat to build KEY. + (appendable_path): New. + (get_name): Use strconcat to build REQUEST. + (search_key): Ditto. + + * ksutil.c: Include util.h. + (parse_ks_options): Use make_filename_try for the ca-cert-file arg. + +2009-07-06 David Shaw + + * gpgkeys_hkp.c (main, srv_replace): Minor tweaks to use the + DNS-SD names ("pgpkey-http" and "pgpkey-https") in SRV lookups + instead of "hkp" and "hkps". + +2009-06-24 Werner Koch + + * gpgkeys_ldap.c (send_key): Do not deep free a NULL modlist. + Reported by Fabian Keil. + +2009-05-28 David Shaw + + From 1.4: + + * curl-shim.c (curl_slist_append, curl_slist_free_all): New. + Simple wrappers around strlist_t to emulate the curl way of doing + string lists. + (curl_easy_setopt): Handle the curl HTTPHEADER option. + + * gpgkeys_curl.c, gpgkeys_hkp.c (main): Avoid caches to get the + most recent copy of the key. This is bug #1061. + +2009-05-27 David Shaw + + From 1.4: + + * gpgkeys_hkp.c (srv_replace): New function to transform a SRV + hostname to a real hostname. + (main): Call it from here for the HAVE_LIBCURL case (without + libcurl is handled via the curl-shim). + + * curl-shim.h, curl-shim.c (curl_easy_setopt, curl_easy_perform): + Add a CURLOPT_SRVTAG_GPG_HACK (passed through the the http + engine). + +2009-05-10 David Shaw + + From 1.4: + + * gpgkeys_hkp.c (send_key, get_key, get_name, search_key, main): + Add support for SSLized HKP. + + * curl-shim.h (curl_version): No need to provide a version for + curl-shim as it always matches the GnuPG version. + + * gpgkeys_curl.c, gpgkeys_hkp.c (main): Show which version of curl + we're using as part of --version. + + * gpgkeys_curl.c, gpgkeys_finger.c, gpgkeys_hkp.c, + gpgkeys_ldap.c (show_help): Document --version. + +2009-05-04 David Shaw + + * gpgkeys_mailto.in: Set 'mail-from' as a keyserver-option, rather + than the ugly ?from= syntax. + +2009-01-22 Werner Koch + + * Makefile.am (gpg2keys_curl_LDADD, gpg2keys_hkp_LDADD): Add all + standard libs. + +2008-10-20 Werner Koch + + * curl-shim.c (curl_global_init): Mark usused arg. + (curl_version_info): Ditto. + +2008-08-29 Werner Koch + + * gpgkeys_kdns.c: Changed copyright notice to the FSF. + +2008-04-21 Werner Koch + + * ksutil.c (w32_init_sockets) [HAVE_W32_SYSTEM]: New. + * curl-shim.c (curl_easy_init) [HAVE_W32_SYSTEM]: Call it. + * gpgkeys_finger.c: s/_WIN32/HAVE_W32_SYSTEM/. + (init_sockets): Remove. + (connect_server) [HAVE_W32_SYSTEM]: Call new function. + +2008-04-14 David Shaw + + * gpgkeys_curl.c (main), gpgkeys_hkp.c (main): Make sure all + libcurl number options are passed as long. + + * curl-shim.c (curl_easy_setopt): Minor tweak to match the real + curl better - libcurl uses 'long', not 'unsigned int'. + +2008-04-07 Werner Koch + + * gpgkeys_kdns.c: New. + * Makefile.am: Support kdns. + + * no-libgcrypt.c (gcry_strdup): Fix. It was not used. + +2008-03-25 Werner Koch + + * gpgkeys_ldap.c (build_attrs): Take care of char defaulting to + unsigned when using hextobyte. + +2007-10-25 David Shaw (wk) + + From 1.4 (July): + + * gpgkeys_ldap.c (main): Fix bug in setting up whether to verify + peer SSL cert. This used to work with older OpenLDAP, but is now + more strictly handled. + + * gpgkeys_ldap.c (search_key, main): Fix bug where searching for + foo bar (no quotes) on the command line resulted in searching for + "foo\2Abar" due to LDAP quoting. The proper search is "foo*bar". + +2007-06-11 Werner Koch + + * gpgkeys_hkp.c (send_key): Rename eof to r_eof as some Windows + header defines such a symbol. + (main): Likewise. + +2007-06-06 Werner Koch + + * gpgkeys_ldap.c (send_key, send_key_keyserver): Rename eof to + r_eof as some Windows file has such a symbol. + (main): Likewise. + +2007-05-07 Werner Koch + + * Makefile.am (gpg2keys_ldap_LDADD): Add GPG_ERROR_LIBS. + +2007-05-04 Werner Koch + + * gpgkeys_test.in: Rename to .. + * gpg2keys_test.in: .. this. + * gpgkeys_mailto.in: Rename to .. + * gpg2keys_mailto.in: .. this + * Makefile.am: Likewise + +2007-03-13 David Shaw + + From STABLE-BRANCH-1-4 + + * gpgkeys_curl.c (main): Use curl_version_info to verify that the + protocol we're about to use is actually available. + + * curl-shim.h, curl-shim.c (curl_free): Make into a macro. + (curl_version_info): New. Only advertises "http" for our shim, of + course. + +2007-03-09 David Shaw + + From STABLE-BRANCH-1-4 + + * gpgkeys_ldap.c (send_key): Missing a free(). + + * curl-shim.c (curl_easy_perform): Some debugging items that may + be handy. + +2006-12-03 David Shaw + + * gpgkeys_hkp.c (search_key): HKP keyservers like the 0x to be + present when searching by keyID. + +2006-11-22 Werner Koch + + * Makefile.am (gpg2keys_ldap_LDADD): Add jnlib. This is needed + for some replacement functions. + +2006-11-21 Werner Koch + + * curl-shim.c (curl_easy_perform): Made BUFLEN and MAXLNE a size_t. + +2006-11-05 David Shaw + + * gpgkeys_hkp.c (curl_mrindex_writer): Revert previous change. + Key-not-found still has a HTML response. + +2006-10-24 Marcus Brinkmann + + * Makefile.am (gpg2keys_ldap_CPPFLAGS): Rename second instance to ... + (gpg2keys_finger_CPPFLAGS): ... this. + +2006-10-20 Werner Koch + + * Makefile.am: Reporder macros for better readability. + (gpg2keys_finger_LDADD): Add GPG_ERROR_LIBS. + +2006-10-19 David Shaw + + * gpgkeys_hkp.c (curl_mrindex_writer): Print a warning if we see + HTML coming back from a MR hkp query. + +2006-10-17 Werner Koch + + * Makefile.am: Removed W32LIBS as they are included in NETLIBS. + Removed PTH_LIBS. + +2006-09-26 Werner Koch + + * curl-shim.c: Adjusted for changes in http.c. + (curl_easy_perform): Changed LINE from unsigned char* to char*. + + * Makefile.am (gpg2keys_curl_LDADD, gpg2keys_hkp_LDADD) + [FAKE_CURL]: Need to link against common_libs and pth. + + * curl-shim.h, curl-shim.c: Removed license exception as not + needed here. + +2006-09-22 Werner Koch + + * gpgkeys_curl.c, gpgkeys_hkp.c, gpgkeys_ldap.c, curl-shim.c: + * curl-shim.h, ksutil.c, ksutil.h: Add special license exception + for OpenSSL. This helps to avoid license conflicts if OpenLDAP or + cURL is linked against OpenSSL and we would thus indirectly link + to OpenSSL. This is considered a bug fix and forgives all + possible violations, pertaining to this issue, possibly occured in + the past. + + * no-libgcrypt.c: Changed license to a simple all permissive one. + + * Makefile.am (gpg2keys_ldap_LDADD): For license reasons do not + link against common_libs. + (gpg2keys_curl_LDADD, gpg2keys_hkp_LDADD): Ditto. + * ksutil.c (ks_hextobyte, ks_toupper, ks_strcasecmp): New. + Identical to the ascii_foo versions from jnlib. + * gpgkeys_ldap.c: Include assert.h. + (main): Replace BUG by assert. + (build_attrs): Use ks_hextobyte and ks_strcasecmp. + + * gpgkeys_finger.c (get_key): Resolved signed/unisgned char + mismatch. + +2006-09-19 Werner Koch + + * no-libgcrypt.c: New. Taken from ../tools. + * Makefile.am: Add no-libgcrypt to all sources. + +2006-09-06 Marcus Brinkmann + + * Makefile.am (AM_CFLAGS): Add $(GPG_ERROR_CFLAGS). + +2006-08-16 Werner Koch + + * Makefile.am: Renamed all binaries to gpg2keys_*. + (gpg2keys_ldap_CPPFLAGS): Add AM_CPPFLAGS. + +2006-08-15 Werner Koch + + * Makefile.am: Adjusted to the gnupg2 framework. + +2006-08-14 Werner Koch + + * curl-shil.c, curl-shim.h: Changed to make use of the new http.c + API. + + * curl-shim.c (curl_easy_perform): Add missing http_close to the + POST case. + +2006-07-24 David Shaw (wk) + + * curl-shim.c (curl_easy_perform): Minor cleanup of proxy code. + + * gpgkeys_hkp.c (send_key) + * gpgkeys_ldap.c (send_key, send_key_keyserver): Fix string + matching problem when the ascii armored form of the key happens to + match "KEY" at the beginning of the line. + +2006-04-26 David Shaw + + * gpgkeys_http.c, gpgkeys_oldhkp.c: Removed. + + * Makefile.am: Don't build gpgkeys_http or gpgkeys_(old)hkp any + longer as this is done via curl or fake-curl. + + * ksutil.h, ksutil.c, gpgkeys_hkp.c, gpgkeys_curl.c: Minor + #include tweaks as FAKE_CURL is no longer meaningful. + +2006-04-10 David Shaw + + * gpgkeys_ldap.c (ldap_quote, get_name, search_key): LDAP-quote + directly into place rather than mallocing temporary buffers. + + * gpgkeys_ldap.c (get_name): Build strings with strcat rather than + using sprintf which is harder to read and modify. + + * ksutil.h, ksutil.c (classify_ks_search): Add + KS_SEARCH_KEYID_SHORT and KS_SEARCH_KEYID_LONG to search for a key + ID. + + * gpgkeys_ldap.c (search_key): Use it here to flip from pgpUserID + searches to pgpKeyID or pgpCertID. + +2006-03-27 David Shaw + + * gpgkeys_ldap.c: #define LDAP_DEPRECATED for newer OpenLDAPs so + they use the regular old API that is compatible with other LDAP + libraries. + +2006-03-03 David Shaw + + * gpgkeys_ldap.c (main): Fix build problem with non-OpenLDAP LDAP + libraries that have TLS. + +2006-02-23 David Shaw + + * ksutil.c (init_ks_options): Default include-revoked and + include-subkeys to on, as gpg isn't doing this any longer. + +2006-02-22 David Shaw + + * gpgkeys_hkp.c (get_name): A GETNAME query turns exact=on to cut + down on odd matches. + +2006-02-21 David Shaw + + * gpgkeys_ldap.c (make_one_attr, build_attrs, send_key): Don't + allow duplicate attributes as OpenLDAP is now enforcing this. + + * gpgkeys_ldap.c (main): Add binddn and bindpw so users can pass + credentials to a remote LDAP server. + + * curl-shim.h, curl-shim.c (curl_easy_init, curl_easy_setopt, + curl_easy_perform): Mingw has 'stderr' as a macro? + + * curl-shim.h, curl-shim.c (curl_easy_init, curl_easy_setopt, + curl_easy_perform): Add CURLOPT_VERBOSE and CURLOPT_STDERR for + easier debugging. + +2006-01-16 David Shaw + + * gpgkeys_hkp.c (send_key): Do not escape the '=' in the HTTP POST + when uploading a key. + +2005-12-23 David Shaw + + * ksutil.h, ksutil.c (parse_ks_options): New keyserver command + "getname". + + * gpgkeys_hkp.c (main, get_name), gpgkeys_ldap.c (main, get_name): + Use it here to do direct name (rather than key ID) fetches. + +2005-12-19 David Shaw + + * ksutil.h, ksutil.c (curl_armor_writer, curl_writer, + curl_writer_finalize): New functionality to handle binary format + keys by armoring them for input to GPG. + + * gpgkeys_curl.c (get_key), gpgkeys_hkp.c (get_key): Call it here. + +2005-12-07 David Shaw + + * gpgkeys_finger.c (get_key), gpgkeys_curl.c (get_key): Better + language for the key-not-found error. + + * ksutil.c (curl_err_to_gpg_err): Add CURLE_OK and + CURLE_COULDNT_CONNECT. + + * gpgkeys_curl.c (get_key): Give key-not-found error if no data is + found (or file itself is not found) during a fetch. + +2005-12-06 David Shaw + + * curl-shim.c (curl_easy_perform): Fix build warning (code before + declaration). + +2005-11-02 David Shaw + + * gpgkeys_hkp.c (search_key): Fix warning with typecast (though + curl should really have defined that char * as const). + +2005-08-25 David Shaw + + * ksutil.h, ksutil.c (parse_ks_options): Remove exact-name and + exact-email. + (classify_ks_search): Mimic the gpg search modes instead with *, + =, <, and @. + + * gpgkeys_ldap.c (search_key), gpgkeys_hkp.c (search_key): Call + them here. Suggested by Jason Harris. + +2005-08-18 David Shaw + + * ksutil.h, ksutil.c (parse_ks_options): New keyserver-option + exact-name. The last of exact-name and exact-email overrides the + earlier. + + * gpgkeys_ldap.c (search_key), gpgkeys_hkp.c (search_key): Use it + here to do a name-only search. + + * gpgkeys_ldap.c (ldap_quote): \-quote a string for LDAP. + + * gpgkeys_ldap.c (search_key): Use it here to escape reserved + characters in searches. + +2005-08-17 David Shaw + + * ksutil.h, ksutil.c (parse_ks_options): New keyserver-option + exact-email. + + * gpgkeys_ldap.c (search_key), gpgkeys_hkp.c (search_key): Use it + here to do an email-only search. + +2005-08-08 David Shaw + + * Makefile.am: Include LDAP_CPPFLAGS when building LDAP. + +2005-08-03 David Shaw + + * gpgkeys_hkp.c (main), gpgkeys_curl.c (main), curl-shim.h: Show + version of curl (or curl-shim) when debug is set. + +2005-07-20 David Shaw + + * gpgkeys_curl.c (get_key, main): Don't try and be smart about + what protocols we handle. Directly pass them to curl or fake-curl + and see if an error comes back. + + * curl-shim.h, curl-shim.c (handle_error), ksutil.c + (curl_err_to_gpg_err): Add support for CURLE_UNSUPPORTED_PROTOCOL + in fake curl. + + * Makefile.am: Don't need -DFAKE_CURL any longer since it's in + config.h. + +2005-06-23 David Shaw + + * gpgkeys_mailto.in, gpgkeys_test.in: Use @VERSION@ so version + string stays up to date. + + * gpgkeys_http.c: Don't need to define HTTP_PROXY_ENV here since + it's in ksutil.h. + + * gpgkeys_curl.c (get_key, main), gpgkeys_hkp.c (main): Pass AUTH + values to curl or curl-shim. + + * curl-shim.c (curl_easy_perform), gpgkeys_curl.c (main), + gpgkeys_hkp.c (main): Use curl-style proxy semantics. + + * curl-shim.h, curl-shim.c (curl_easy_setopt, curl_easy_perform): + Add CURLOPT_USERPWD option for HTTP auth. + + * gpgkeys_http.c (get_key), gpgkeys_oldhkp (send_key, get_key, + search_key): No longer need to pass a proxyauth. + + * gpgkeys_http.c (get_key): Pass auth outside of the URL. + +2005-06-21 David Shaw + + * gpgkeys_http.c (get_key), gpgkeys_oldhkp.c (send_key, get_key, + search_key): Fix http_open/http_open_document calls to pass NULL + for auth and proxyauth since these programs pass them in the URL. + +2005-06-20 David Shaw + + * gpgkeys_hkp.c (append_path, send_key, get_key, search_key, + main), gpgkeys_oldhkp.c (main): Properly handle double slashes in + paths. + +2005-06-05 David Shaw + + * ksutil.c (init_ks_options, parse_ks_options): Provide a default + "/" path unless overridden by the config. Allow config to specify + items multiple times and take the last specified item. + +2005-06-04 David Shaw + + * gpgkeys_hkp.c, gpgkeys_oldhkp.c: Add support for HKP servers + that aren't at the root path. Suggested by Jack Bates. + +2005-06-01 David Shaw + + * ksutil.c [HAVE_DOSISH_SYSTEM]: Fix warnings on mingw32. Noted + by Joe Vender. + +2005-05-04 David Shaw + + * ksutil.h, ksutil.c: #ifdef so we can build without libcurl or + fake-curl. + +2005-05-03 David Shaw + + * gpgkeys_http.c: Need GET defined. + +2005-05-01 David Shaw + + * gpgkeys_hkp.c, gpgkeys_oldhkp.c, ksutil.h: Some minor cleanup + and comments as to the size of MAX_LINE and MAX_URL. + +2005-04-16 David Shaw + + * gpgkeys_hkp.c: New hkp handler that uses curl or curl-shim. + + * Makefile.am: Build new gpgkeys_hkp. + + * curl-shim.c (curl_easy_perform): Cleanup. + + * ksutil.h, ksutil.c (curl_writer), gpgkeys_curl.c (get_key): Pass + a context to curl_writer so we can support multiple fetches in a + single session. + + * curl-shim.h, curl-shim.c (handle_error, curl_easy_setopt, + curl_easy_perform): Add POST functionality to the curl shim. + + * curl-shim.h, curl-shim.c (curl_escape, curl_free): Emulate + curl_escape and curl_free. + + * gpgkeys_curl.c (main): If the http-proxy option is given without + any arguments, try to get the proxy from the environment. + + * ksutil.h, ksutil.c (curl_err_to_gpg_err, curl_writer): Copy from + gpgkeys_curl.c. + + * gpgkeys_oldhkp.c: Copy from gpgkeys_hkp.c. + +2005-03-22 David Shaw + + * gpgkeys_ldap.c, ksutil.h, ksutil.c (print_nocr): Moved from + gpgkeys_ldap.c. Print a string, but strip out any CRs. + + * gpgkeys_finger.c (get_key), gpgkeys_hkp.c (get_key), + gpgkeys_http.c (get_key): Use it here when outputting key material + to canonicalize line endings. + +2005-03-19 David Shaw + + * gpgkeys_ldap.c (main): Fix three wrong calls to fail_all(). + Noted by Stefan Bellon. + +2005-03-17 David Shaw + + * ksutil.c (parse_ks_options): Handle verbose=nnn. + + * Makefile.am: Calculate GNUPG_LIBEXECDIR directly. Do not + redefine $libexecdir. + + * gpgkeys_curl.c, gpgkeys_finger.c, gpgkeys_ldap.c: Start using + parse_ks_options and remove a lot of common code. + + * ksutil.h, ksutil.c (parse_ks_options): Parse OPAQUE, and default + debug with no arguments to 1. + +2005-03-16 David Shaw + + * gpgkeys_ldap.c: Include lber.h if configure determines we need + it. + + * ksutil.h, ksutil.c (ks_action_to_string): New. + (free_ks_options): Only free if options exist. + + * ksutil.h, ksutil.c (init_ks_options, free_ks_options, + parse_ks_options): Pull a lot of duplicated code into a single + options parser for all keyserver helpers. + +2005-02-11 David Shaw + + * curl-shim.c (curl_easy_perform): Fix compile warning. + + * curl-shim.h, gpgkeys_curl.c (main), gpgkeys_ldap.c (main): Add + ca-cert-file option, to pass in the SSL cert. + + * curl-shim.h, curl-shim.c: New. This is code to fake the curl + API in terms of the current HTTP iobuf API. + + * gpgkeys_curl.c [FAKE_CURL], Makefile.am: If FAKE_CURL is set, + link with the iobuf code rather than libcurl. + +2005-02-05 David Shaw + + * gpgkeys_finger.c (main), gpgkeys_hkp.c (main): Fix --version + output. + + * gpgkeys_curl.c (main): Make sure the curl handle is cleaned up + on failure. + +2005-02-01 David Shaw + + * gpgkeys_hkp.c (get_key), gpgkeys_http.c (get_key): Fix missing + http_close() calls. Noted by Phil Pennock. + + * ksutil.h: Up the default timeout to two minutes. + +2005-01-24 David Shaw + + * gpgkeys_ldap.c (print_nocr): New. + (get_key): Call it here to canonicalize line endings. + + * gpgkeys_curl.c (writer): Discard everything outside the BEGIN + and END lines when retrieving keys. Canonicalize line endings. + (main): Accept FTPS. + +2005-01-21 David Shaw + + * gpgkeys_ldap.c (main): Add "check-cert" option to disable SSL + certificate checking (which is on by default). + + * gpgkeys_curl.c (main): Add "debug" option to match the LDAP + helper. Add "check-cert" option to disable SSL certificate + checking (which is on by default). + +2005-01-18 David Shaw + + * gpgkeys_curl.c: Fix typo. + +2005-01-18 Werner Koch + + * gpgkeys_curl.c: s/MAX_PATH/URLMAX_PATH/g to avoid a clash with + the W32 defined macro. Removed unneeded initialization of static + variables. + * gpgkeys_http.c: Ditto. + * ksutil.h: s/MAX_PATH/URLMAX_PATH/. + +2005-01-17 David Shaw + + * gpgkeys_curl.c (main): Only allow specified protocols to use the + curl handler. + + * Makefile.am: Use LIBCURL_CPPFLAGS instead of LIBCURL_INCLUDES. + +2005-01-13 David Shaw + + * ksutil.h, gpgkeys_curl.c, gpgkeys_hkp.c, gpgkeys_ldap.c, + gpgkeys_finger.c, gpgkeys_http.c: Part 2 of the cleanup. Move all + the various defines to ksutil.h. + + * gpgkeys_finger.c, gpgkeys_hkp.c, gpgkeys_http.c, gpgkeys_ldap.c: + Part 1 of a minor cleanup to use #defines instead of hard-coded + sizes. + + * gpgkeys_finger.c (connect_server): Use INADDR_NONE instead of + SOCKET_ERROR. Noted by Timo. + +2005-01-09 David Shaw + + * gpgkeys_curl.c (get_key): Newer versions of libcurl don't define + TRUE. + +2004-12-24 David Shaw + + * gpgkeys_curl.c (main): Use new defines for opting out of certain + transfer protocols. Allow setting HTTP proxy via "http-proxy=foo" + option (there is natural support in libcurl for the http_proxy + environment variable). + + * Makefile.am: Remove the conditional since this is all handled in + autoconf now. + +2004-12-22 David Shaw + + * gpgkeys_curl.c (main): New "follow-redirects" option. Takes an + optional numeric value for the maximum number of redirects to + allow. Defaults to 5. + + * gpgkeys_curl.c (main), gpgkeys_finger.c (main), gpgkeys_hkp.c + (main), gpgkeys_http.c (main), gpgkeys_ldap.c (main): Make sure + that a "timeout" option passed with no arguments is properly + handled. + + * gpgkeys_curl.c (get_key, writer): New function to wrap around + fwrite to avoid DLL access problem on win32. + + * gpgkeys_http.c (main, get_key): Properly pass authentication + info through to the http library. + + * Makefile.am: Build gpgkeys_http or gpgkeys_curl as needed. + + * gpgkeys_curl.c (main, get_key): Minor tweaks to work with either + FTP or HTTP. + + * gpgkeys_ftp.c: renamed to gpgkeys_curl.c. + + * gpgkeys_ftp.c (main, get_key): Use auth data as passed by gpg. + Use CURLOPT_FILE instead of CURLOPT_WRITEDATA (same option, but + backwards compatible). + +2004-12-21 David Shaw + + * gpgkeys_ftp.c: New. + + * Makefile.am: Build it if requested. + +2004-12-14 Werner Koch + + * Makefile.am (install-exec-hook, uninstall-hook): Removed. For + Windows reasons we can't use the symlink trick. + +2004-12-03 David Shaw + + * Makefile.am: The harmless "ignored error" on gpgkeys_ldap + install on top of an existing install is bound to confuse people. + Use ln -s -f to force the overwrite. + +2004-10-28 David Shaw + + * gpgkeys_finger.c [_WIN32] (connect_server): Fix typo. + +2004-10-28 Werner Koch + + * Makefile.am (other_libs): New. Also include LIBICONV. Noted by + Tim Mooney. + +2004-10-28 Werner Koch + + * Makefile.am (other_libs): + +2004-10-18 David Shaw + + * gpgkeys_hkp.c (send_key, get_key, search_key): Use "hkp" instead + of "x-hkp" so it can be used as a SRV tag. + +2004-10-16 David Shaw + + * gpgkeys_finger.c [_WIN32] (connect_server): Fix typo. + +2004-10-15 Werner Koch + + * gpgkeys_ldap.c (main, show_help): Kludge to implement standard + GNU options. Factored help printing out. + * gpgkeys_finger.c (main, show_help): Ditto. + * gpgkeys_hkp.c (main, show_help): Ditto. + * gpgkeys_http.c (main, show_help): Ditto. + * gpgkeys_test.in, gpgkeys_mailto.in: Implement --version and --help. + + * Makefile.am: Add ksutil.h. + +2004-10-14 David Shaw + + * gpgkeys_finger.c (main): We do not support relay fingering + (i.e. "finger://relayhost/user@example.com"), but finger URLs are + occasionally miswritten that way. Give an error in this case. + +2004-10-14 Werner Koch + + * gpgkeys_finger.c (get_key): s/unsigned char/byte/ due + to a strange typedef for RISC OS. Noted by Stefan. + +2004-10-13 David Shaw + + * gpgkeys_ldap.c (main), gpgkeys_hkp.c (main), gpgkeys_http.c + (main), gpgkeys_finger.c (main): Call timeout functions before + performing an action that could block for a long time. + + * ksutil.h, ksutil.c: New. Right now just contains timeout + functions. + +2004-10-11 David Shaw + + * gpgkeys_finger.c, gpgkeys_hkp.c, gpgkeys_http.c, gpgkeys_ldap.c: + Fix a few occurances of "filename" to `filename'. + +2004-10-11 Werner Koch + + * gpgkeys_finger.c: New. + +2004-08-27 Stefan Bellon + + * gpgkeys_hkp.c (search_key): Fix the prior faulty fix by + introducing a cast but leaving skey unsigned. + + * gpgkeys_hkp.c (search_key): Change type of variable skey from + unsigned char* to char* to fix type incompatibility. + +2004-08-23 David Shaw + + * gpgkeys_ldap.c (get_key, search_key), gpgkeys_hkp.c (get_key, + search_key), gpgkeys_http.c (get_key): Do not give informational + logs since this is now done inside gpg. + + * gpgkeys_hkp.c (dehtmlize): Understand the quote character + (i.e. """) in HTML responses. + (search_key): Search key must be unsigned for url encoder to work + properly for 8-bit values. + + * gpgkeys_ldap.c (get_key): Factor out informational display into + new function build_info(). + + * gpgkeys_ldap.c (build_attrs): Properly terminate user ID strings + that got shrunk due to encoding. + +2004-08-22 David Shaw + + * gpgkeys_ldap.c (find_basekeyspacedn): Use LDAP_SCOPE_BASE along + with a full DN rather than LDAP_SCOPE_ONELEVEL plus a filter to + find the pgpServerInfo object. Some LDAP setups don't like the + search. + (main): Stop binding to the server since it seems no server really + requires it, and some require it not be there. + +2004-07-29 David Shaw + + * gpgkeys_ldap.c (main): Add "debug" option. This is only really + useful with OpenLDAP, but it's practically vital to debug SSL and + TLS setups. Add "basedn" option. This allows users to override + the autodetection for base DN. SSL overrides TLS, so TLS will not + be started on SSL connections (starting an already started car). + +2004-07-28 David Shaw + + * gpgkeys_ldap.c (build_attrs): Add "pgpKeySize" and "pgpSubKeyID" + attributes so we can do subkey searches. + + * gpgkeys_ldap.c (main): Under certain error conditions, we might + try and unbind twice. Don't. + + * gpgkeys_ldap.c (join_two_modlists): New. + (send_key): Use new function so we can try a modify operation + first, and fail over to an add if that fails. Add cannot cope + with the NULLs at the head of the modify request, so we jump into + the list in the middle. + +2004-07-27 David Shaw + + * gpgkeys_ldap.c (main): Don't try and error out before making a + ldaps connection to the NAI keyserver since we cannot tell if it + is a NAI keyserver until we connect. Fail if we cannot find a + base keyspace DN. Fix a false success message for TLS being + enabled. + +2004-07-20 Werner Koch + + * gpgkeys_ldap.c [_WIN32]: Include Windows specific header files. + Suggested by Brian Gladman. + +2004-05-26 David Shaw + + * gpgkeys_http.c: General polish and removal of leftover stuff + from gpgkeys_hkp.c. + +2004-05-21 David Shaw + + * gpgkeys_http.c (get_key): Cosmetic fix - make sure that URLs + with no path use a path of "/". + + * gpgkeys_ldap.c (ldap2epochtime): We can always rely on timegm() + being available now, since it's a replacement function. + +2004-05-20 David Shaw + + * gpgkeys_http.c: New program to do a simple HTTP file fetch using + the keyserver interface. + + * Makefile.am: Build it. + +2004-02-28 David Shaw + + * Makefile.am: Don't split LDADD across two lines since some make + programs can't handle blank lines after a \ continuation. Noted + by Christoph Moench-Tegeder. + +2004-02-25 David Shaw + + * gpgkeys_ldap.c (send_key): List pgpCertID as one of the deleted + attributes. This guarantees that if something goes wrong, we + won't be able to complete the transaction, thus leaving any key + already existing on the server intact. + +2004-02-23 David Shaw + + * gpgkeys_ldap.c (delete_one_attr): Removed. + (make_one_attr): Delete functionality added. Optional deduping + functionality added (currently only used for pgpSignerID). + (build_attrs): Translate sig entries into pgpSignerID. Properly + build the timestamp for pgpKeyCreateTime and pgpKeyExpireTime. + +2004-02-22 David Shaw + + * gpgkeys_ldap.c (delete_one_attr): New function to replace + attributes with NULL (a "delete" that works even for nonexistant + attributes). + (send_key): Use it here to remove attributes so a modify operation + starts with a clean playing field. Bias sends to modify before + add, since (I suspect) people update their existing keys more + often than they make and send new keys to the server. + +2004-02-21 David Shaw + + * gpgkeys_ldap.c (epoch2ldaptime): New. Converse of + ldap2epochtime. + (make_one_attr): New. Build a modification list in memory to send + to the LDAP server. + (build_attrs): New. Parse INFO lines sent over by gpg. + (free_mod_values): New. Unwinds a modification list. + (send_key_keyserver): Renamed from old send_key(). + (send_key): New function to send a key to a LDAP server. + (main): Use send_key() for real LDAP servers, send_key_keyserver() + otherwise. + +2004-02-20 David Shaw + + * gpgkeys_ldap.c: Replacement prototypes for setenv and unsetenv. + (search_key): Catch a SIZELIMIT_EXCEEDED error and show the user + whatever the server did give us. + (find_basekeyspacedn): There is no guarantee that namingContexts + will be readable. + + * Makefile.am: Link gpgkeys_ldap with libutil.a to get the + replacement functions (and eventually translations, etc). + +2004-02-19 David Shaw + + * gpgkeys_ldap.c (ldap2epochtime): LDAP timestamps are UTC, so do + not correct for timezones. + (main): Find the basekeyspacedn before we try to start TLS, so we + can give a better error message when a user tries to use TLS with + a LDAP keyserver. + + * Makefile.am: Add automake conditionals to symlink gpgkeys_ldaps + to gpgkeys_ldap when needed. + + * gpgkeys_ldap.c (main): Add support for LDAPS and TLS + connections. These are only useful and usable when talking to + real LDAP keyservers. Add new "tls" option to tune TLS use from + off, to try quietly, to try loudly, or to require TLS. + + * gpgkeys_ldap.c (find_basekeyspacedn): New function to figure out + what kind of LDAP server we're talking to (either real LDAP or the + LDAP keyserver), and return the baseKeySpaceDN to find keys under. + (main): Call it from here, and remove the old code that only + handled the LDAP keyserver. + +2004-02-18 David Shaw + + * gpgkeys_ldap.c (ldap_to_gpg_err): Make sure that + LDAP_OPT_ERROR_NUMBER is defined before we use it. + + * gpgkeys_mailto.in: Fix VERSION number. + +2004-01-13 Werner Koch + + * gpgkeys_hkp.c (send_key): Add a content type. + +2004-01-11 David Shaw + + * gpgkeys_hkp.c (search_key): Catch a mangled input file (useful + if something other than GnuPG is calling the program). + (main): Avoid possible pre-string write. Noted by Christian + Biere. + + * gpgkeys_ldap.c (main): Avoid possible pre-string write. + +2003-12-28 David Shaw + + * gpgkeys_hkp.c (send_key, get_key, main): Work with new HTTP code + that passes the proxy in from the outside. If the command file + sends a proxy, use it. If it sends "http-proxy" with no + arguments, use $http_proxy from the environment. Suggested by + Christian Biere. + +2003-12-28 Stefan Bellon + + * gpgkeys_hkp.c, gpgkeys_ldap.c [__riscos__]: Removal of + unnecessary #ifdef __riscos__ sections. + +2003-11-27 Werner Koch + + * gpgkeys_hkp.c (get_key): Fixed invalid use of fprintf without + format string. + +2003-10-25 Werner Koch + + * Makefile.am (gpgkeys_hkp_LDADD): Replaced INTLLIBS by LIBINTL. + +2003-07-10 David Shaw + + * Makefile.am: Use W32LIBS where appropriate. + +2003-05-30 David Shaw + + * gpgkeys_hkp.c, gpgkeys_ldap.c: #include if it is + available. Also include extern references for optarg and optind + since there is no guarantee that any header file will include + them. Standards? We don't need no stinkin' standards. + + * Makefile.am: Use @GETOPT@ to pull in libiberty on those + platforms that need it. + +2003-04-08 David Shaw + + * gpgkeys_hkp.c (dehtmlize, parse_hkp_index): Fix memory + corruption bug on some platforms. + +2003-03-11 David Shaw + + * gpgkeys_hkp.c (get_key): Properly handle CRLF line endings in + the armored key. + (main): Accept "try-dns-srv" option. + + * Makefile.am: Use @CAPLIBS@ to link in -lcap if we are using + capabilities. Use @SRVLIBS@ to link in the resolver if we are + using DNS SRV. + +2003-02-11 David Shaw + + * Makefile.am: Use a local copy of libexecdir along with @PACKAGE@ + so it can be easily overridden at make time. + +2003-01-29 David Shaw + + * gpgkeys_mailto.in: Fix regexp to work properly if the "keyid" is + not a keyid, but rather a text string from the user ID. + +2003-01-06 David Shaw + + * gpgkeys_hkp.c (get_key): Use options=mr when getting a key so + keyserver doesn't attach the HTML header which we will just have + to discard. + +2002-11-17 David Shaw + + * gpgkeys_ldap.c (main), gpgkeys_hkp.c (main): Use new keyserver + protocol version. + +2002-11-14 David Shaw + + * gpgkeys_ldap.c (get_key): The deduping code requires + "pgpcertid", but that was not available when running without + verbose on. Noted by Stefan. + +2002-11-10 David Shaw + + * gpgkeys_ldap.c (get_key): Fix typo in deduping code. + +2002-11-05 David Shaw + + * gpgkeys_ldap.c (key_in_keylist, add_key_to_keylist, + free_keylist, get_key, search_key): The LDAP keyserver doesn't + remove duplicates, so remove them locally. Do not include the key + modification time in the search response. + +2002-11-04 David Shaw + + * gpgkeys_hkp.c (send_key), gpgkeys_ldap.c (send_key): Properly + handle an input file that does not include any key data at all. + +2002-10-24 David Shaw + + * gpgkeys_hkp.c (main), gpgkeys_ldap.c (main): Add -V flag to + output protocol and program version. + +2002-10-21 David Shaw + + * Makefile.am: Anything linking with libutil.a needs INTLLIBS as + well on platforms where INTLLIBS is set. + +2002-10-14 David Shaw + + * gpgkeys_hkp.c (write_quoted): Use %-encoding instead of + \-encoding. + (parse_hkp_index): Use new keyserver key listing format, and add + support for disabled keys via include-disabled. + + * gpgkeys_ldap.c (get_key): Don't print keysize unless it's >0. + (printquoted): Use %-encoding instead of \-encoding. + (search_key): Use new keyserver key listing format. + +2002-10-08 David Shaw + + * gpgkeys_ldap.c (search_key, main): Make sure LDAP values are + freed in case of error. + + * gpgkeys_ldap.c (fail_all): New function to unwind a keylist and + error each item. + (main): Call fail_all from here, as needed. Also add a NO_MEMORY + error in an appropriate place and fix error return code. + (ldap_err_to_gpg_err): Add KEYSERVER_UNREACHABLE. + + * gpgkeys_hkp.c (fail_all): New function to unwind a keylist and + error each item. + (main): Call fail_all from here. Also add a NO_MEMORY error in an + appropriate place. + (get_key): Use new UNREACHABLE error for network errors. + +2002-09-26 Werner Koch + + * gpgkeys_ldap.c (send_key): Removed non-constant initializers. + +2002-09-24 David Shaw + + * gpgkeys_ldap.c (ldap_err_to_gpg_err, ldap_to_gpg_err, send_key, + get_key, search_key, main): Some minor error reporting + enhancements for use with GPA (show reasons for KEY FAILED). + + * gpgkeys_hkp.c (send_key, get_key, search_key, main): Some minor + error reporting enhancements for use with GPA (show reasons for + KEY FAILED). + +2002-09-20 Werner Koch + + * gpgkeys_hkp.c (handle_old_hkp_index): s/input/inp/ to avoid + shadowing warning. + +2002-09-19 David Shaw + + * gpgkeys_hkp.c (get_key, handle_old_hkp_index, search_key): + Properly handle line truncation. + +2002-09-16 David Shaw + + * gpgkeys_mailto.in: Add quasi-RFC-2368 mailto:email@addr?from= + syntax so people can set their own email address to respond to. + + * gpgkeys_hkp.c (get_key): Properly respond with KEY FAILED (to + gpg) and "key not found" (to user) on failure. + +2002-09-13 David Shaw + + * gpgkeys_hkp.c: (search_key, handle_old_hkp_index): Try and + request a machine-readable key index. If the server supports + this, pass it through. If the server does not support it, parse + the "index" page. + +2002-09-12 Stefan Bellon + + * gpgkeys_hkp.c: Tidied up RISC OS initializations. + +2002-09-12 David Shaw + + * gpgkeys_hkp.c (main): Remove warning - this is no longer + experimental code. + +2002-09-09 Werner Koch + + * gpgkeys_hkp.c (send_key, get_key, search_key): Check return + value of malloc. + (dehtmlize): Use ascii_tolower to protect against weird locales. + Cast the argument for isspace for the sake of broken HP/UXes. + (search_key): Check return value of realloc. + +2002-09-09 David Shaw + + * gpgkeys_ldap.c (get_key): Some compilers (RISC OS, HPUX c89) + don't like using variables as array initializers. + + * gpgkeys_hkp.c (send_key): Use CRLF in headers. + +2002-08-28 David Shaw + + * gpgkeys_hkp.c (parse_hkp_index): Use same types on all + platforms. This was probably leftover from earlier code where the + typing mattered. + + * gpgkeys_hkp.c: Overall cleanup from iobuf conversion. Be + consistent in m_alloc and malloc usage. Remove include-disabled + (meaningless on HKP). RISC OS tweak. + +2002-08-27 David Shaw + + * gpgkeys_hkp.c, Makefile.am: Convert over to using iobufs. + + * gpgkeys_hkp.c (http_get, http_post): Use CRLF for line endings. + + * gpgkeys_hkp.c: Include util.h on RISC OS as per Stefan. Include + a replacement for hstrerror() for those platforms (such as RISC + OS) that don't have it. + +2002-08-26 David Shaw + + * Makefile.am: May as well include gpgkeys_hkp.c in the + distribution now. It works well enough without proxies, and isn't + built by default. It would be good to get some test experience + with it. + + * gpgkeys_hkp.c (main): Don't warn about include-subkeys - it + isn't unsupported, it's actually non-meaningful in the context of + HKP (yet). + + * gpgkeys_hkp.c (parse_hkp_index, dehtmlize): Move HTML + functionality into new "dehtmlize" function. Remove HTML before + trying to parse each line from the keyserver. If the keyserver + provides key type information in the listing, use it. (Copy over + from g10/hkp.c). + +2002-08-19 David Shaw + + * gpgkeys_hkp.c (get_key, parse_hkp_index): Bring over latest code + from g10/hkp.c. + + * gpgkeys_ldap.c (get_key): Fix cosmetic URL display problem + (extra ":" at the end). + +2002-08-03 Stefan Bellon + + * gpgkeys_ldap.c: Tidied up RISC OS initializations. + +2002-07-25 David Shaw + + * gpgkeys_hkp.c: "Warning" -> "WARNING" + +2002-07-24 David Shaw + + * Makefile.am: Install keyserver helpers in @GNUPG_LIBEXECDIR@ + +2002-07-15 David Shaw + + * gpgkeys_ldap.c (send_key, get_key, main): Consult the server + version string to determine whether to use pgpKey or pgpKeyV2. + +2002-07-09 David Shaw + + * gpgkeys_mailto.in: Use new OPAQUE tag for non net-path URIs. + Fail more elegantly if there is no email address to send to. Show + the GnuPG version in the message body. + +2002-07-04 David Shaw + + * gpgkeys_ldap.c (get_key), gpgkeys_hkp.c (get_key): Display + keyserver URI as a URI, but only if verbose. + +2002-07-01 David Shaw + + * gpgkeys_hkp.c (parse_hkp_index): Error if the keyserver returns + an unparseable HKP response. + + * gpgkeys_hkp.c (main): Warn on honor-http-proxy, + broken-http-proxy, and include-subkeys (not supported yet). + + * gpgkeys_ldap.c (main), gpgkeys_hkp.c (http_connect, main): Fix + some shadowing warnings. + +2002-06-11 David Shaw + + * Makefile.am: Don't hard-code the LDAP libraries - get them from + LDAPLIBS via configure. Also, gpgkeys_hkp is a program, not a + script. + +2002-06-10 David Shaw + + * gpgkeys_ldap.c (include_subkeys): Default "include-subkeys" to + off, since GnuPG now defaults it to on. + +2002-06-06 David Shaw + + * gpgkeys_hkp.c (parse_hkp_index): Type tweaks. + + * gpgkeys_hkp.c (main): Add experimental code warning. + +2002-06-05 David Shaw + + * Makefile.am, gpgkeys_hkp.c (new): Experimental HKP keyserver + interface. + +2002-05-08 David Shaw + + * gpgkeys_ldap.c: Include if we absolutely must. This + helps when compiling against a very old OpenLDAP. + +2002-04-29 David Shaw + + * gpgkeys_mailto.in: Properly handle key requests in full + fingerprint form. + +2002-03-29 David Shaw + + * gpgkeys_ldap.c (printquoted): Quote backslashes within keyserver + search responses. + +2002-02-25 David Shaw + + * gpgkeys_ldap (get_key): LDAP keyservers do not support v3 + fingerprints, so error out if someone tries. Actually, they don't + support any fingerprints, but at least we can calculate a keyid + from a v4 fingerprint. + +2002-02-23 David Shaw + + * gpgkeys_ldap: Clarify the notion of a partial failure. This is + possible if more than one key is being handled in a batch, and one + fails while the other succeeds. Note that a search that comes up + with no results is not a failure - that is a valid response of "no + answer". + + * gpgkeys_ldap.c (get_key): Allow GnuPG to send us full v4 + fingerprints, long key ids, or short key ids while fetching. + Since the LDAP server doesn't actually handle fingerprints, chop + them down to long key ids for actual use. + + * gpgkeys_ldap.c (main, get_key): When searching for a keyid, + search for subkeys as well as primary keys. This is mostly + significant when automatically fetching the key based on the id in + a header (i.e. "signature made by...."). "no-include-subkeys" + disables. + +2002-02-14 David Shaw + + * gpgkeys_ldap.c: Fix compiler warning. + + * gpgkeys_ldap.c: Be much more robust with mangled input files. + +2001-12-28 David Shaw + + * gpgkeys_mailto.in: Use the new OUTOFBAND indicator so gpg knows + not to try and import anything. Also turn on perl -w for + warnings. + + * gpgkeys_ldap.c (main): If we're using temp files (rather than + stdin/stdout), make sure the file is closed when we're done. + +2001-12-20 David Shaw + + * Properly free the LDAP response when we're done with it. + + * Now that we handle multiple keys, we must remove duplicates as + the LDAP keyserver returns keys with multiple user IDs multiple + times. + + * Properly handle multiple keys with the same key ID (it's really + rare, so fetch "0xDEADBEEF" to test this). + +2001-12-17 David Shaw + + * gpgkeys_ldap.c, gpgkeys_mailto.in: Fix GNU capitalization + issues. Prefix log messages with "gpgkeys" to clarify which + program is generating them. + +2001-12-14 David Shaw + + * gpgkeys_ldap.c (search_key): Use unsigned int rather than uint + for portability. + +2001-12-04 David Shaw + + * Initial version of gpgkeys_ldap (LDAP keyserver helper) and + gpgkeys_mailto (email keyserver helper) + + + Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, + 2007 Free Software Foundation, Inc. + + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even the + implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +Local Variables: +buffer-read-only: t +End: diff --git a/keyserver/Makefile.am b/keyserver/Makefile.am index fd046cfc0..884b8eb2d 100644 --- a/keyserver/Makefile.am +++ b/keyserver/Makefile.am @@ -1,5 +1,5 @@ # Makefile.am - Makefile for keyservers -# Copyright (C) 2001, 2002, 2004, 2005, 2006, +# Copyright (C) 2001, 2002, 2004, 2005, 2006, # 2009 Free Software Foundation, Inc. # # This file is part of GnuPG. @@ -8,12 +8,12 @@ # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. -# +# # GnuPG is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program; if not, see . ## Process this file with automake to produce Makefile.in @@ -26,7 +26,9 @@ EXTRA_PROGRAMS = gpg2keys_ldap gpg2keys_hkp gpg2keys_finger gpg2keys_curl \ gpg2keys_kdns EXTRA_SCRIPTS = gpg2keys_mailto -AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common -I$(top_srcdir)/intl +EXTRA_DIST = ChangeLog-2011 + +AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common -I$(top_srcdir)/intl AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) @@ -62,11 +64,11 @@ if FAKE_CURL gpg2keys_curl_SOURCES += curl-shim.c curl-shim.h gpg2keys_curl_CPPFLAGS = $(AM_CPPFLAGS) gpg2keys_curl_LDADD = $(common_libs) $(GPG_ERROR_LIBS) $(NETLIBS) $(DNSLIBS) \ - $(other_libs) + $(other_libs) gpg2keys_hkp_SOURCES += curl-shim.c curl-shim.h gpg2keys_hkp_CPPFLAGS = $(AM_CPPFLAGS) gpg2keys_hkp_LDADD = $(common_libs) $(GPG_ERROR_LIBS) $(NETLIBS) $(DNSLIBS) \ - $(other_libs) + $(other_libs) else # Note that we need to include all other libs here as well because # some compilers don't care about inline functions and insert diff --git a/m4/ChangeLog b/m4/ChangeLog deleted file mode 100644 index b13bd4f20..000000000 --- a/m4/ChangeLog +++ /dev/null @@ -1,164 +0,0 @@ -2011-09-12 Werner Koch - - * libcurl.m4: Fix lost hash sign introduced by previous change. - Reported by John Marshall. - -2011-08-10 Werner Koch - - * readline.m4, libcurl.m4: Fix use of AC_LANG_PROGRAM. - * libcurl.m4: s/ifelse/m4_if/. - -2011-02-25 Werner Koch - - * ksba.m4: Update from git master. - -2011-02-23 Werner Koch - - * libgcrypt.m4, gpg-error.m4: Update from their GIT masters. - -2010-06-08 Werner Koch - - * ldap.m4 (gnupg_have_ldap): Set variable. - -2009-09-03 Werner Koch - - * estream.m4: Update for libestream. - -2008-04-23 Werner Koch - - * socklen.m4, sys_socket_h.m4: New. Taken from libassuan. - * Makefile.am (EXTRA_DIST): Add them. - -2008-02-15 gettextize - - * gettext.m4: Upgrade to gettext-0.17. - * iconv.m4: Upgrade to gettext-0.17. - * lib-link.m4: Upgrade to gettext-0.17. - * po.m4: Upgrade to gettext-0.17. - -2007-12-17 Werner Koch - - * ldap.m4: Test for ldap_start_tls_sA. - -2007-06-15 Marcus Brinkmann - - * Makefile.am (EXTRA_DIST): Remove inttypes-h.m4, longlong.m4 and - ulonglong.m4. - -2007-05-30 Werner Koch - - * gnupg-pth.m4: Remove W32 kludge. - -2007-05-29 Werner Koch - - * longlong.m4, ulonglong.m4: Remove. We now require autoconf - 2.61. - -2007-05-15 Werner Koch - - * estream.m4: New. - -2007-05-09 Werner Koch - - * gpg-error.m4, ksba.m4, libassuan.m4, libgcrypt.m4: Updated. - -2007-05-07 gettextize - - * gettext.m4: Upgrade to gettext-0.16.1. - * lib-link.m4: Upgrade to gettext-0.16.1. - * codeset.m4: Upgrade to gettext-0.16.1. - * intl.m4: New file, from gettext-0.16.1. - * intldir.m4: New file, from gettext-0.16.1. - * intmax.m4: Upgrade to gettext-0.16.1. - * inttypes_h.m4: Upgrade to gettext-0.16.1. - * inttypes-pri.m4: Upgrade to gettext-0.16.1. - * lock.m4: Upgrade to gettext-0.16.1. - * longlong.m4: Upgrade to gettext-0.16.1. - * size_max.m4: Upgrade to gettext-0.16.1. - * stdint_h.m4: Upgrade to gettext-0.16.1. - * ulonglong.m4: Upgrade to gettext-0.16.1. - * Makefile.am (EXTRA_DIST): Add the new files. - -2006-11-21 Werner Koch - - * gnupg-pth.m4 (GNUPG_PTH_VERSION_CHECK): Use --all with - pth-config. - -2006-11-17 Werner Koch - - * gnupg-pth.m4: Make sure that have_w32_system is set to no by - default. - -2006-11-14 Werner Koch - - * libassuan.m4: Updated from libassuan SVN. - -2006-10-09 Werner Koch - - * gnupg-pth.m4: New. Taken from ../acinclude.m4. - (GNUPG_PATH_PTH): New. - -2006-10-06 Werner Koch - - * libassuan.m4: Updated. - -2006-07-27 Werner Koch - - * autobuild.m4: New. - -2006-06-30 Werner Koch - - * ldap.m4: New. Taken from gnupg 1.4.4 - * Makefile.am (EXTRA_DIST): Add ldap.me - -2004-09-30 Werner Koch - - * gpg-error.m4, libassuan.m4, libgcrypt.m4: Updated. - -2004-09-30 gettextize - - * gettext.m4: Upgrade to gettext-0.14.1. - * intmax.m4: New file, from gettext-0.14.1. - * lib-ld.m4: Upgrade to gettext-0.14.1. - * lib-prefix.m4: Upgrade to gettext-0.14.1. - * longdouble.m4: New file, from gettext-0.14.1. - * longlong.m4: New file, from gettext-0.14.1. - * po.m4: Upgrade to gettext-0.14.1. - * printf-posix.m4: New file, from gettext-0.14.1. - * signed.m4: New file, from gettext-0.14.1. - * size_max.m4: New file, from gettext-0.14.1. - * ulonglong.m4: Upgrade to gettext-0.14.1. - * wchar_t.m4: New file, from gettext-0.14.1. - * wint_t.m4: New file, from gettext-0.14.1. - * xsize.m4: New file, from gettext-0.14.1. - * Makefile.am (EXTRA_DIST): Add the new files. - -2004-03-06 Werner Koch - - * libgcrypt.m4: Updated. - -2004-02-18 Werner Koch - - * gpg-error.m4, libgcrypt.m4, libassuan.m4, ksba.m4: New. - * Makefile.am: Distribute them - -2003-04-29 gettextize - - * codeset.m4: New file, from gettext-0.11.5. - * gettext.m4: New file, from gettext-0.11.5. - * glibc21.m4: New file, from gettext-0.11.5. - * iconv.m4: New file, from gettext-0.11.5. - * intdiv0.m4: New file, from gettext-0.11.5. - * inttypes.m4: New file, from gettext-0.11.5. - * inttypes_h.m4: New file, from gettext-0.11.5. - * inttypes-pri.m4: New file, from gettext-0.11.5. - * isc-posix.m4: New file, from gettext-0.11.5. - * lcmessage.m4: New file, from gettext-0.11.5. - * lib-ld.m4: New file, from gettext-0.11.5. - * lib-link.m4: New file, from gettext-0.11.5. - * lib-prefix.m4: New file, from gettext-0.11.5. - * progtest.m4: New file, from gettext-0.11.5. - * stdint_h.m4: New file, from gettext-0.11.5. - * uintmax_t.m4: New file, from gettext-0.11.5. - * ulonglong.m4: New file, from gettext-0.11.5. - * Makefile.am: New file. diff --git a/m4/ChangeLog-2011 b/m4/ChangeLog-2011 new file mode 100644 index 000000000..d466275a2 --- /dev/null +++ b/m4/ChangeLog-2011 @@ -0,0 +1,175 @@ +2011-12-01 Werner Koch + + NB: ChangeLog files are no longer manually maintained. Starting + on December 1st, 2011 we put change information only in the GIT + commit log, and generate a top-level ChangeLog file from logs at + "make dist". See doc/HACKING for details. + +2011-09-12 Werner Koch + + * libcurl.m4: Fix lost hash sign introduced by previous change. + Reported by John Marshall. + +2011-08-10 Werner Koch + + * readline.m4, libcurl.m4: Fix use of AC_LANG_PROGRAM. + * libcurl.m4: s/ifelse/m4_if/. + +2011-02-25 Werner Koch + + * ksba.m4: Update from git master. + +2011-02-23 Werner Koch + + * libgcrypt.m4, gpg-error.m4: Update from their GIT masters. + +2010-06-08 Werner Koch + + * ldap.m4 (gnupg_have_ldap): Set variable. + +2009-09-03 Werner Koch + + * estream.m4: Update for libestream. + +2008-04-23 Werner Koch + + * socklen.m4, sys_socket_h.m4: New. Taken from libassuan. + * Makefile.am (EXTRA_DIST): Add them. + +2008-02-15 gettextize + + * gettext.m4: Upgrade to gettext-0.17. + * iconv.m4: Upgrade to gettext-0.17. + * lib-link.m4: Upgrade to gettext-0.17. + * po.m4: Upgrade to gettext-0.17. + +2007-12-17 Werner Koch + + * ldap.m4: Test for ldap_start_tls_sA. + +2007-06-15 Marcus Brinkmann + + * Makefile.am (EXTRA_DIST): Remove inttypes-h.m4, longlong.m4 and + ulonglong.m4. + +2007-05-30 Werner Koch + + * gnupg-pth.m4: Remove W32 kludge. + +2007-05-29 Werner Koch + + * longlong.m4, ulonglong.m4: Remove. We now require autoconf + 2.61. + +2007-05-15 Werner Koch + + * estream.m4: New. + +2007-05-09 Werner Koch + + * gpg-error.m4, ksba.m4, libassuan.m4, libgcrypt.m4: Updated. + +2007-05-07 gettextize + + * gettext.m4: Upgrade to gettext-0.16.1. + * lib-link.m4: Upgrade to gettext-0.16.1. + * codeset.m4: Upgrade to gettext-0.16.1. + * intl.m4: New file, from gettext-0.16.1. + * intldir.m4: New file, from gettext-0.16.1. + * intmax.m4: Upgrade to gettext-0.16.1. + * inttypes_h.m4: Upgrade to gettext-0.16.1. + * inttypes-pri.m4: Upgrade to gettext-0.16.1. + * lock.m4: Upgrade to gettext-0.16.1. + * longlong.m4: Upgrade to gettext-0.16.1. + * size_max.m4: Upgrade to gettext-0.16.1. + * stdint_h.m4: Upgrade to gettext-0.16.1. + * ulonglong.m4: Upgrade to gettext-0.16.1. + * Makefile.am (EXTRA_DIST): Add the new files. + +2006-11-21 Werner Koch + + * gnupg-pth.m4 (GNUPG_PTH_VERSION_CHECK): Use --all with + pth-config. + +2006-11-17 Werner Koch + + * gnupg-pth.m4: Make sure that have_w32_system is set to no by + default. + +2006-11-14 Werner Koch + + * libassuan.m4: Updated from libassuan SVN. + +2006-10-09 Werner Koch + + * gnupg-pth.m4: New. Taken from ../acinclude.m4. + (GNUPG_PATH_PTH): New. + +2006-10-06 Werner Koch + + * libassuan.m4: Updated. + +2006-07-27 Werner Koch + + * autobuild.m4: New. + +2006-06-30 Werner Koch + + * ldap.m4: New. Taken from gnupg 1.4.4 + * Makefile.am (EXTRA_DIST): Add ldap.me + +2004-09-30 Werner Koch + + * gpg-error.m4, libassuan.m4, libgcrypt.m4: Updated. + +2004-09-30 gettextize + + * gettext.m4: Upgrade to gettext-0.14.1. + * intmax.m4: New file, from gettext-0.14.1. + * lib-ld.m4: Upgrade to gettext-0.14.1. + * lib-prefix.m4: Upgrade to gettext-0.14.1. + * longdouble.m4: New file, from gettext-0.14.1. + * longlong.m4: New file, from gettext-0.14.1. + * po.m4: Upgrade to gettext-0.14.1. + * printf-posix.m4: New file, from gettext-0.14.1. + * signed.m4: New file, from gettext-0.14.1. + * size_max.m4: New file, from gettext-0.14.1. + * ulonglong.m4: Upgrade to gettext-0.14.1. + * wchar_t.m4: New file, from gettext-0.14.1. + * wint_t.m4: New file, from gettext-0.14.1. + * xsize.m4: New file, from gettext-0.14.1. + * Makefile.am (EXTRA_DIST): Add the new files. + +2004-03-06 Werner Koch + + * libgcrypt.m4: Updated. + +2004-02-18 Werner Koch + + * gpg-error.m4, libgcrypt.m4, libassuan.m4, ksba.m4: New. + * Makefile.am: Distribute them + +2003-04-29 gettextize + + * codeset.m4: New file, from gettext-0.11.5. + * gettext.m4: New file, from gettext-0.11.5. + * glibc21.m4: New file, from gettext-0.11.5. + * iconv.m4: New file, from gettext-0.11.5. + * intdiv0.m4: New file, from gettext-0.11.5. + * inttypes.m4: New file, from gettext-0.11.5. + * inttypes_h.m4: New file, from gettext-0.11.5. + * inttypes-pri.m4: New file, from gettext-0.11.5. + * isc-posix.m4: New file, from gettext-0.11.5. + * lcmessage.m4: New file, from gettext-0.11.5. + * lib-ld.m4: New file, from gettext-0.11.5. + * lib-link.m4: New file, from gettext-0.11.5. + * lib-prefix.m4: New file, from gettext-0.11.5. + * progtest.m4: New file, from gettext-0.11.5. + * stdint_h.m4: New file, from gettext-0.11.5. + * uintmax_t.m4: New file, from gettext-0.11.5. + * ulonglong.m4: New file, from gettext-0.11.5. + * Makefile.am: New file. + +Local Variables: +buffer-read-only: t +End: diff --git a/m4/Makefile.am b/m4/Makefile.am index d0d84e23d..f94c0c1b2 100644 --- a/m4/Makefile.am +++ b/m4/Makefile.am @@ -12,7 +12,4 @@ EXTRA_DIST += estream.m4 EXTRA_DIST += sys_socket_h.m4 socklen.m4 - - - - +EXTRA_DIST += ChangeLog-2011 diff --git a/po/ChangeLog b/po/ChangeLog deleted file mode 100644 index e4e560d07..000000000 --- a/po/ChangeLog +++ /dev/null @@ -1,322 +0,0 @@ -2011-05-12 Marcus Brinkmann - - * cs.po: Merge in dirmngr cs.po. Hope I got that right. - -2011-01-20 Werner Koch - - * de.po: Fix two fuzzies. - -2010-10-21 Werner Koch - - * POTFILES.in: Add files in dirmngr/. - * de.po: Translate the dirmngr strings. - -2010-10-18 Werner Koch - - * de.po: Update. - - * POTFILES.in: Add cvt-openpgp.c - - * LINGUAS: Re-enable de.po. - -2010-04-13 Marcus Brinkmann - - * POTFILES.in: Replace common/exechelp.c by - common/exechelp-posix.c, common/exechelp-w32.c and - common/exechelp-w32ce.c. - -2009-10-16 Marcus Brinkmann - - * POTFILES.in: g10/encode.c was renamed to g10/encrypt.c, and - encr-data.c was renamed to decrypt-data.c - -2009-09-03 Werner Koch - - * de.po: Translate new strings. - -2009-09-03 Jedi Lin (wk) - - * zh_TW.po: Update. - -2009-07-14 Werner Koch - - * de.po: s/nicht-exportfähig/unwiderrufbar/. Reported by Simon - Richter. - -2009-07-09 Werner Koch - - * zh_CN.po : Marked fuzzy. See bug#1078. - -2009-06-30 Werner Koch - - * es.po: Mark a bad translation fuzzy. - -2009-06-30 Daiki Ueno - - * ja.po: Typo fix. Fixes bug#1078. - -2009-06-02 Werner Koch - - * de.po: Applied a patch from Daniel Leidert to fix a bunch of - small typos. See also Debian bug report 314068. Fixes bug#1069. - -2009-01-19 Werner Koch - - * de.po: Translated a few new audit-log related strings. - -2009-01-12 Maxim Britov (wk) - - * ru.po: Update. - -2009-01-07 Jaime Suárez (wk) - - * es.po: Update. - -2009-01-05 Nilgün Belma Bugüner (wk) - - * tr.po: Update. - -2009-01-05 Jedi (wk) - - * zh_TW.po: Update. - -2008-12-08 Werner Koch - - * de.po: Typo fixes. Reported by Daniel Leidert. - -2008-11-13 Werner Koch - - * de.po: Udpate. - -2008-09-30 David Ammouial (wk) - - * fr.po: Fix bug #922. - -2008-07-21 Werner Koch - - * sv.po: Adjust special size entry. - -2008-07-21 Daniel Nylander (wk) - - * sv.po: Update. - -2008-05-28 Jaime Suárez (wk) - - * es.po: Update. All strings for 2.0.9 are no translated. - -2008-05-26 Werner Koch - - * de.po: Minor fixes submitted by Jan Seidel. Fixes bug#916. - - * it.po: Typo fix. Fixes bug#920. - -2008-05-09 Werner Koch - - * de.po: Update. - -2008-05-01 Werner Koch - - * de.po: Typo fix. - -2008-03-26 Jedi Lin (wk) - - * zh_TW.po: Update. - -2008-03-26 Werner Koch - - * de.po: Translate two new strings. - -2008-02-15 Werner Koch - - * de.po: Translate 3 new strings. - -2008-02-15 Jedi Lin (wk) - - * zh_TW.po: Update. - -2008-02-15 gettextize - - * Makefile.in.in: Upgrade to gettext-0.17. - -2008-01-22 Werner Koch - - * de.po: Small typo fixes. Reported by Ludwig Reiter. - -2007-12-14 Werner Koch - - * de.po: Update. - -2007-12-12 Werner Koch - - * POTFILES.in: Add a couple of missing files. - -2007-12-03 Jakub Bogusz (wk) - - * pl.po: Updated. Received through entry bug#856. - -2007-11-15 Werner Koch - - * de.po: Type fix. - -2007-11-12 Daniel Nylander (wk) - - * sv.po: Updated. - -2007-09-14 Werner Koch - - * de.po: Changed translation of --honor-http-proxy. - -2007-08-29 Werner Koch - - * de.po: Translated the argparse.c strings. - -2007-08-28 Werner Koch - - * de.po: Updated. - -2007-08-16 Werner Koch - - * pt_BR.po, es.po: Remove the "GNU" from the project ID. That - stupid msginit uses a script project-id to retrieve a new project - id. Instead of using what it founds out, it tries to put "GNU" - before the id if _any_ file in the current directory has a string - "GNU ". As en@bold.po is build automagically this - package name mangling breaks make distcheck as it tries to rebuild - the po file with the "correct" name. The upshot is never to use - GNU in you po directory. - - * de.po: Fix a few fuzzy entries and translate new strings. - -2007-07-04 Werner Koch - - * de.po: Update a few strings. - -2007-05-09 Werner Koch - - * de.po: Update a few strings. - -2007-05-07 gettextize - - * Makefile.in.in: Upgrade to gettext-0.16.1. - -2007-02-26 Werner Koch - - * sv.po: Update from Daniel. - -2007-01-31 Werner Koch - - * de.po: Fixed a few fuzzy entries. - -2007-01-25 Werner Koch - - * de.po: Add Plural-Forms. - -2006-12-22 Werner Koch - - * sv.po: Installed revised and updated translation by Daniel - Nylander. - -2006-11-13 Werner Koch - - * ru.po: Update from Maxim. - -2006-11-10 Werner Koch - - * de.po: Received complete update from Walter. - -2006-11-06 Werner Koch - - * tr.po: Updated. - -2006-09-25 Werner Koch - - * LINGUAS: Copied from gnupg 1.4.5. - * de.po: Merged with the version from 1.4.5. - * be.po, ca.po, cs.po, da.po, de.po, eo.po, el.po, es.po, et.po - * fi.po, fr.po, gl.po, hu.po, id.po, it.po, ja.po, nb.po, pl.po - * pt_BR.po, pt.po, ro.po, ru.po, sk.po, sv.po, tr.po, zh_TW.po - * zh_CN.po: Copied from gnupg 1.4.5. - -2005-11-23 Werner Koch - - * de.po: Updated. - -2005-08-01 Werner Koch - - * de.po: Converted to utf-8; fixed a few umlaut problems. - -2005-04-21 Werner Koch - - * de.po: Fixed all fuzzies and untranslated strings. - -2005-01-04 Werner Koch - - * de.po: Updated. - -2004-10-22 Werner Koch - - * POTFILES.in: Removed sc-investigate.c - -2004-10-04 Werner Koch - - * de.po: Typo fixes. - -2004-09-30 gettextize - - * Makefile.in.in: Upgrade to gettext-0.14.1. - * Rules-quot: Upgrade to gettext-0.14.1. - -2004-09-30 Werner Koch - - * de.po: Updated. - - * POTFILES.in: Add more files. - -2004-07-22 Werner Koch - - * de.po: Updated. - -2004-04-06 Werner Koch - - * Makevars (DOMAIN): Init from PACKAGE_GT - -2003-12-09 Werner Koch - - * Makevars (MSGID_BUGS_ADDRESS): New. - -2003-04-29 Werner Koch - - * LINUGAS: NEW. - -2003-04-29 gettextize - - * Rules-quot: New file, from gettext-0.11.5. - * boldquot.sed: New file, from gettext-0.11.5. - * en@boldquot.header: New file, from gettext-0.11.5. - * en@quot.header: New file, from gettext-0.11.5. - * insert-header.sin: New file, from gettext-0.11.5. - * quot.sed: New file, from gettext-0.11.5. - * remove-potcdate.sin: New file, from gettext-0.11.5. - -2002-08-21 Werner Koch - - * de.po: Updated the translation. - -2002-08-10 Werner Koch - - * Makefile.in.in: Installed from gettext-0.10.40. - * POTFILES.in: New. - * de.po: New. - - - Copyright 2002, 2003, 2004, 2005, 2009 Free Software Foundation, Inc. - - This file is free software; as a special exception the author gives - unlimited permission to copy and/or distribute it, with or without - modifications, as long as this notice is preserved. - - This file is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY, to the extent permitted by law; without even the - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - - diff --git a/po/ChangeLog-2011 b/po/ChangeLog-2011 new file mode 100644 index 000000000..3615b749a --- /dev/null +++ b/po/ChangeLog-2011 @@ -0,0 +1,330 @@ +2011-12-01 Werner Koch + + NB: ChangeLog files are no longer manually maintained. Starting + on December 1st, 2011 we put change information only in the GIT + commit log, and generate a top-level ChangeLog file from logs at + "make dist". See doc/HACKING for details. + +2011-05-12 Marcus Brinkmann + + * cs.po: Merge in dirmngr cs.po. Hope I got that right. + +2011-01-20 Werner Koch + + * de.po: Fix two fuzzies. + +2010-10-21 Werner Koch + + * POTFILES.in: Add files in dirmngr/. + * de.po: Translate the dirmngr strings. + +2010-10-18 Werner Koch + + * de.po: Update. + + * POTFILES.in: Add cvt-openpgp.c + + * LINGUAS: Re-enable de.po. + +2010-04-13 Marcus Brinkmann + + * POTFILES.in: Replace common/exechelp.c by + common/exechelp-posix.c, common/exechelp-w32.c and + common/exechelp-w32ce.c. + +2009-10-16 Marcus Brinkmann + + * POTFILES.in: g10/encode.c was renamed to g10/encrypt.c, and + encr-data.c was renamed to decrypt-data.c + +2009-09-03 Werner Koch + + * de.po: Translate new strings. + +2009-09-03 Jedi Lin (wk) + + * zh_TW.po: Update. + +2009-07-14 Werner Koch + + * de.po: s/nicht-exportfähig/unwiderrufbar/. Reported by Simon + Richter. + +2009-07-09 Werner Koch + + * zh_CN.po : Marked fuzzy. See bug#1078. + +2009-06-30 Werner Koch + + * es.po: Mark a bad translation fuzzy. + +2009-06-30 Daiki Ueno + + * ja.po: Typo fix. Fixes bug#1078. + +2009-06-02 Werner Koch + + * de.po: Applied a patch from Daniel Leidert to fix a bunch of + small typos. See also Debian bug report 314068. Fixes bug#1069. + +2009-01-19 Werner Koch + + * de.po: Translated a few new audit-log related strings. + +2009-01-12 Maxim Britov (wk) + + * ru.po: Update. + +2009-01-07 Jaime Suárez (wk) + + * es.po: Update. + +2009-01-05 Nilgün Belma Bugüner (wk) + + * tr.po: Update. + +2009-01-05 Jedi (wk) + + * zh_TW.po: Update. + +2008-12-08 Werner Koch + + * de.po: Typo fixes. Reported by Daniel Leidert. + +2008-11-13 Werner Koch + + * de.po: Udpate. + +2008-09-30 David Ammouial (wk) + + * fr.po: Fix bug #922. + +2008-07-21 Werner Koch + + * sv.po: Adjust special size entry. + +2008-07-21 Daniel Nylander (wk) + + * sv.po: Update. + +2008-05-28 Jaime Suárez (wk) + + * es.po: Update. All strings for 2.0.9 are no translated. + +2008-05-26 Werner Koch + + * de.po: Minor fixes submitted by Jan Seidel. Fixes bug#916. + + * it.po: Typo fix. Fixes bug#920. + +2008-05-09 Werner Koch + + * de.po: Update. + +2008-05-01 Werner Koch + + * de.po: Typo fix. + +2008-03-26 Jedi Lin (wk) + + * zh_TW.po: Update. + +2008-03-26 Werner Koch + + * de.po: Translate two new strings. + +2008-02-15 Werner Koch + + * de.po: Translate 3 new strings. + +2008-02-15 Jedi Lin (wk) + + * zh_TW.po: Update. + +2008-02-15 gettextize + + * Makefile.in.in: Upgrade to gettext-0.17. + +2008-01-22 Werner Koch + + * de.po: Small typo fixes. Reported by Ludwig Reiter. + +2007-12-14 Werner Koch + + * de.po: Update. + +2007-12-12 Werner Koch + + * POTFILES.in: Add a couple of missing files. + +2007-12-03 Jakub Bogusz (wk) + + * pl.po: Updated. Received through entry bug#856. + +2007-11-15 Werner Koch + + * de.po: Type fix. + +2007-11-12 Daniel Nylander (wk) + + * sv.po: Updated. + +2007-09-14 Werner Koch + + * de.po: Changed translation of --honor-http-proxy. + +2007-08-29 Werner Koch + + * de.po: Translated the argparse.c strings. + +2007-08-28 Werner Koch + + * de.po: Updated. + +2007-08-16 Werner Koch + + * pt_BR.po, es.po: Remove the "GNU" from the project ID. That + stupid msginit uses a script project-id to retrieve a new project + id. Instead of using what it founds out, it tries to put "GNU" + before the id if _any_ file in the current directory has a string + "GNU ". As en@bold.po is build automagically this + package name mangling breaks make distcheck as it tries to rebuild + the po file with the "correct" name. The upshot is never to use + GNU in you po directory. + + * de.po: Fix a few fuzzy entries and translate new strings. + +2007-07-04 Werner Koch + + * de.po: Update a few strings. + +2007-05-09 Werner Koch + + * de.po: Update a few strings. + +2007-05-07 gettextize + + * Makefile.in.in: Upgrade to gettext-0.16.1. + +2007-02-26 Werner Koch + + * sv.po: Update from Daniel. + +2007-01-31 Werner Koch + + * de.po: Fixed a few fuzzy entries. + +2007-01-25 Werner Koch + + * de.po: Add Plural-Forms. + +2006-12-22 Werner Koch + + * sv.po: Installed revised and updated translation by Daniel + Nylander. + +2006-11-13 Werner Koch + + * ru.po: Update from Maxim. + +2006-11-10 Werner Koch + + * de.po: Received complete update from Walter. + +2006-11-06 Werner Koch + + * tr.po: Updated. + +2006-09-25 Werner Koch + + * LINGUAS: Copied from gnupg 1.4.5. + * de.po: Merged with the version from 1.4.5. + * be.po, ca.po, cs.po, da.po, de.po, eo.po, el.po, es.po, et.po + * fi.po, fr.po, gl.po, hu.po, id.po, it.po, ja.po, nb.po, pl.po + * pt_BR.po, pt.po, ro.po, ru.po, sk.po, sv.po, tr.po, zh_TW.po + * zh_CN.po: Copied from gnupg 1.4.5. + +2005-11-23 Werner Koch + + * de.po: Updated. + +2005-08-01 Werner Koch + + * de.po: Converted to utf-8; fixed a few umlaut problems. + +2005-04-21 Werner Koch + + * de.po: Fixed all fuzzies and untranslated strings. + +2005-01-04 Werner Koch + + * de.po: Updated. + +2004-10-22 Werner Koch + + * POTFILES.in: Removed sc-investigate.c + +2004-10-04 Werner Koch + + * de.po: Typo fixes. + +2004-09-30 gettextize + + * Makefile.in.in: Upgrade to gettext-0.14.1. + * Rules-quot: Upgrade to gettext-0.14.1. + +2004-09-30 Werner Koch + + * de.po: Updated. + + * POTFILES.in: Add more files. + +2004-07-22 Werner Koch + + * de.po: Updated. + +2004-04-06 Werner Koch + + * Makevars (DOMAIN): Init from PACKAGE_GT + +2003-12-09 Werner Koch + + * Makevars (MSGID_BUGS_ADDRESS): New. + +2003-04-29 Werner Koch + + * LINUGAS: NEW. + +2003-04-29 gettextize + + * Rules-quot: New file, from gettext-0.11.5. + * boldquot.sed: New file, from gettext-0.11.5. + * en@boldquot.header: New file, from gettext-0.11.5. + * en@quot.header: New file, from gettext-0.11.5. + * insert-header.sin: New file, from gettext-0.11.5. + * quot.sed: New file, from gettext-0.11.5. + * remove-potcdate.sin: New file, from gettext-0.11.5. + +2002-08-21 Werner Koch + + * de.po: Updated the translation. + +2002-08-10 Werner Koch + + * Makefile.in.in: Installed from gettext-0.10.40. + * POTFILES.in: New. + * de.po: New. + + Copyright 2002, 2003, 2004, 2005, 2009 Free Software Foundation, Inc. + + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even the + implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +Local Variables: +buffer-read-only: t +End: diff --git a/po/de.po b/po/de.po index 51d7e03fd..fe83f7979 100644 --- a/po/de.po +++ b/po/de.po @@ -111,8 +111,8 @@ msgstr "Fehler beim Holen der Karten-Seriennummer: %s\n" msgid "detected card with S/N: %s\n" msgstr "Erkannte Karte hat die Seriennummer: %s\n" -#, c-format -msgid "error getting default authentication keyID of card: %s\n" +#, fuzzy, c-format +msgid "no authentication key for ssh on card: %s\n" msgstr "Fehler beim Holen der Authentisierungsschlüssel-ID der Karte: %s\n" #, c-format @@ -131,7 +131,9 @@ msgstr "Fehler beim Schreiben des Schlüssels: %s\n" msgid "" "An ssh process requested the use of key%%0A %s%%0A (%s)%%0ADo you want to " "allow this?" -msgstr "Ein SSH Processs möchte folgenden Schlüssel verwenden:%%0A %s%%0A (%s)%%0AErlauben Sie dies?" +msgstr "" +"Ein SSH Processs möchte folgenden Schlüssel verwenden:%%0A %s%%0A (%s)%%" +"0AErlauben Sie dies?" msgid "Allow" msgstr "Erlauben" @@ -141,7 +143,9 @@ msgstr "Verweigern" #, c-format msgid "Please enter the passphrase for the ssh key%%0A %F%%0A (%c)" -msgstr "Bitte geben Sie die Passphrase für den SSH-Schlüssel%%0A %F%%0A (%c)%%0Aein." +msgstr "" +"Bitte geben Sie die Passphrase für den SSH-Schlüssel%%0A %F%%0A (%c)%%" +"0Aein." msgid "Please re-enter this passphrase" msgstr "Bitte geben Sie die Passphrase noch einmal ein:" @@ -152,7 +156,8 @@ msgid "" "s%%0Awithin gpg-agent's key storage" msgstr "" "Bitte geben Sie eine Passphrase ein, um den empfangenen geheimen\n" -"Schlüssel%%0A %s%%0A %s%%0Aim Schlüsselspeicher des Gpg-Agenten zu schützen." +"Schlüssel%%0A %s%%0A %s%%0Aim Schlüsselspeicher des Gpg-Agenten zu " +"schützen." msgid "does not match - try again" msgstr "Keine Übereinstimmung - bitte nochmal versuchen." @@ -5429,6 +5434,18 @@ msgstr "|AN|Neue Admin-PIN" msgid "|N|New PIN" msgstr "|N|Neue PIN" +#, fuzzy +msgid "||Please enter the Reset Code for the card and New PIN" +msgstr "Bitte geben Sie den Rückstellcode für diese Karte ein" + +#, fuzzy +msgid "||Please enter the Admin PIN and New Admin PIN" +msgstr "|A|Bitte die Admin-PIN eingeben." + +#, fuzzy +msgid "||Please enter the PIN and New PIN" +msgstr "||Bitte die PIN eingeben" + msgid "error reading application data\n" msgstr "Fehler beim Lesen der Anwendungsdaten\n" diff --git a/scd/ChangeLog b/scd/ChangeLog deleted file mode 100644 index 32ff33d48..000000000 --- a/scd/ChangeLog +++ /dev/null @@ -1,2585 +0,0 @@ -2011-12-01 Niibe Yutaka - - * app-openpgp.c (do_change_pin): Fix pincb messages when - use_keypad == 1. - -2011-11-29 Niibe Yutaka - - PC/SC pininput support for passphrase modification (2/2) - * apdu.h (apdu_send_simple_kp): Remove. - - * apdu.c (pcsc_keypad_modify): Add bConfirmPIN handling. - (apdu_send_simple_kp): Remove. - - * iso7816.h (iso7816_reset_retry_counter_kp): Remove arguments - of NEWCHV, and NEWCHVLEN. - (iso7816_reset_retry_counter_with_rc_kp, iso7816_put_data_kp): New. - - * iso7816.c (iso7816_reset_retry_counter_with_rc_kp): New. - (iso7816_reset_retry_counter_kp): Call apdu_keypad_modify. Only - handle the case with PININFO. - (iso7816_reset_retry_counter): Don't call - iso7816_reset_retry_counter_kp. - (iso7816_put_data_kp): New. - - * app-openpgp.c (do_change_pin): Add with_resetcode. - Handle keypad for unblocking pass phrase with resetcode, - setting up of resetcode, and unblocking by admin. - - PC/SC pininput support for passphrase modification (1/2) - * iso7816.h (iso7816_change_reference_data_kp): Remove arguments - of OLDCHV, OLDCHVLEN, NEWCHV, and NEWCHVLEN. - - * iso7816.c (iso7816_change_reference_data_kp): Call - apdu_keypad_modify. - (iso7816_change_reference_data): Don't call - iso7816_change_reference_data_kp. - - * apdu.h (apdu_keypad_modify): New. - - * apdu.c (pcsc_keypad_modify, apdu_keypad_modify): New. - (struct reader_table_s): New memeber function keypad_modify. - (new_reader_slot, open_ct_reader, open_ccid_reader) - (open_rapdu_reader): Initialize keypad_modify. - - * app-openpgp.c (do_change_pin): Handle keypad and call - iso7816_change_reference_data_kp if it is the case. - -2011-11-28 Niibe Yutaka - - * iso7816.h (iso7816_verify_kp): Remove arguments of CHV and CHVLEN. - - * iso7816.c (iso7816_verify_kp): Call apdu_keypad_verify. Only - handle the case with PININFO. - (iso7816_verify): Call apdu_send_simple. - - * app-openpgp.c (verify_a_chv, verify_chv3): Follow the change of - iso7816_verify_kp. - - * app-nks.c (verify_pin): Likewise. - - * app-dinsig.c (verify_pin): Likewise. - - * apdu.c: Include "iso7816.h". - (struct reader_table_s): New memeber function keypad_verify. - Add fields verify_ioctl and modify_ioctl in pcsc. - (CM_IOCTL_GET_FEATURE_REQUEST, FEATURE_VERIFY_PIN_DIRECT) - (FEATURE_MODIFY_PIN_DIRECT): New. - (pcsc_control): New. - (control_pcsc_direct, control_pcsc_wrapped, control_pcsc) - (check_pcsc_keypad, pcsc_keypad_verify): New. - (ccid_keypad_verify, apdu_keypad_verify): New. - (new_reader_slot): Initialize with check_pcsc_keypad, - pcsc_keypad_verify, verify_ioctl and modify_ioctl. - (open_ct_reader): Initialize keypad_verify with NULL. - (open_ccid_reader): Initialize keypad_verify. - (open_rapdu_reader): Initialize keypad_verify with NULL. - (apdu_open_reader): Initialize pcsc_control. - - * pcsc-wrapper.c (load_pcsc_driver): Initialize pcsc_control. - (handle_control): New. - (main): Handle the case 6 of handle_control. - -2011-10-13 Marcus Brinkmann - - * Makefile.am, apdu.c, app.c, command.c, scdaemon.c: Port to Npth. - -2011-08-10 Werner Koch - - * command.c (cmd_killscd): Use the new assuan force close flag - if available. - -2011-08-08 Werner Koch - - * app-openpgp.c (do_decipher): Take care of accidentally passed - signed integer data with a leading 0. - -2011-06-16 Werner Koch - - * app-openpgp.c (send_key_data): Implemented chunked mode. - (change_keyattr): Increase limit to 4096. - (do_decipher): Adjust padding for 4096 bit keys. - -2011-02-23 Werner Koch - - * apdu.c (apdu_open_reader): Lock in to CCID if used once. - -2011-01-25 NIIBE Yutaka , - Grant Olson (wk) - - * command.c (do_reset, get_reader_slot) - (update_reader_status_file): Fix handling of the VALID flag for - unplugged readers. - -2011-01-25 Werner Koch - - From 2.0 branch, 2010-03-17: - - * command.c (open_card): Return GPG_ERR_NOT_OPERATIONAL if no - card services are available. - (get_reader_slot): Detect no services status. - (cmd_serialno): No reset if there are no services. - (scd_command_handler): Stop scdaemon in that case. - * apdu.c (pcsc_no_service): New. - (open_pcsc_reader_direct): Set it. - (apdu_open_reader): Add arg R_NO_SERVICE. - -2011-01-05 Werner Koch - - * ccid-driver.c (ccid_transceive_secure): Support the gnuk token. - -2010-11-16 Werner Koch - - * apdu.c (PCSC_UNKNOWN) [W32]: Fix all these values which don't - match those of libpcsc. Reported by Michael Petig. - -2010-10-27 Werner Koch - - * scdaemon.c (create_socket_name): Use TMPDIR. Change callers. - -2010-10-18 Werner Koch - - * app-openpgp.c (parse_algorithm_attribute): Remove extra const in - definition of DESC. - -2010-08-16 Werner Koch - - * scdaemon.c: Replace remaining printf by es_printf. - -2010-06-09 Werner Koch - - * scdaemon.c (main): s/log_set_get_tid_callback/log_set_pid_suffix_cb/. - (tid_log_callback): Adjust for this change. - -2010-03-11 Werner Koch - - * scdaemon.c: Include "asshelp.h". - (main): Remove assuan_set_assuan_log_prefix. Add - assuan_set_log_cb. - (handle_signal): Disable pth ctrl dumping. - * command.c (scd_command_handler): Remove assuan_set_log_stream. - -2010-03-10 Werner Koch - - * Makefile.am (scdaemon_LDADD): Remove libjnlib.a. - -2009-12-15 Werner Koch - - * iso7816.c (do_generate_keypair): s/readonly/read_only/ because - the first is a keyword in VMS C. - -2009-12-03 Werner Koch - - * scdaemon.c (set_debug): Allow for numerical debug leveles. Print - active debug flags. - -2009-11-25 Marcus Brinkmann - - * command.c (scd_command_handler): Use assuan_fd_t and - assuan_fdopen on fds. - -2009-11-05 Marcus Brinkmann - - * command.c (scd_command_handler): Call assuan_init_socket_server, - not assuan_init_socket_server_ext. - -2009-11-04 Werner Koch - - * command.c (register_commands): Add help arg to - assuan_register_command. Add help strings to all commands. - -2009-11-02 Marcus Brinkmann - - * command.c (reset_notify): Take LINE arg and return error. - (register_commands): Use assuan_handler_t type. - -2009-10-25 Werner Koch - - * scdaemon.c (scd_deinit_default_ctrl): Release IN_DATA. - * command.c (cmd_setdata): Release IN_DATA. Reported by Klaus - Flittner. - -2009-10-16 Marcus Brinkmann - - * AM_CFLAGS, scdaemon_LDADD: Use libassuan instead of libassuan-pth. - * scdaemon.c: Invoke ASSUAN_SYSTEM_PTH_IMPL. - (main): Call assuan_set_system_hooks and assuan_sock_init. - -2009-09-23 Marcus Brinkmann - - * command.c: Include "scdaemon.h" before because of - GPG_ERR_SOURCE_DEFAULT check. - (option_handler, open_card, cmd_serialno, cmd_lean, cmd_readcert) - (cmd_readkey, cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt) - (cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey) - (cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_lock) - (cmd_unlock, cmd_getinfo, cmd_restart, cmd_disconnect, cmd_apdu) - (cmd_killscd): Return gpg_error_t instead of int. - (scd_command_handler): Allocate assuan context before starting server. - * scdaemon.c (main): Update to new Assuan API. - -2009-09-03 Werner Koch - - * app-openpgp.c (do_decipher): Compute required Le. - * iso7816.c (iso7816_decipher): Add new arg LE. - * app-nks.c (do_decipher): Adjust for change. - - * iso7816.c (iso7816_put_data, iso7816_put_data_odd): Turn DATA - into a void ptr. - -2009-08-05 Werner Koch - - * app-openpgp.c (change_keyattr_from_string): New. - (do_setattr): Support KEY-ATTR. - -2009-07-29 Marcus Brinkmann - - * ccid-driver.c (print_pr_data): Fix 64 bit compat problem. - -2009-07-24 Werner Koch - - * ccid-driver.c (parse_ccid_descriptor): Enable hack for SCR 3320. - -2009-07-21 Werner Koch - - * ccid-driver.c [HAVE_PTH]: Include pth.h. - (my_sleep): New. - (bulk_in): s/gnupg_sleep/my_sleep/. - -2009-07-20 Werner Koch - - * apdu.c [GNUPG_MAJOR_VERSION==1]: Include dynload.h. - -2009-07-16 Werner Koch - - * command.c (update_reader_status_file): Test for unplugged reader. - (TEST_CARD_REMOVAL): Ditto. - * app.c (select_application): Ditto. - * ccid-driver.c (bulk_out): Return CCID_DRIVER_ERR_NO_READER if a - reader was unplugged. - (struct ccid_driver_s): Turn nonnull_nad into an unsigned char. - Turn apdu_level, auto_ifsd, powered_off, has_pinpad into - bitfields. Add enodev_seen. - * apdu.c (apdu_prepare_exit): New. - (get_status_ccid): Return the status word and nut just -1. - * scdaemon.c (scd_exit): Call it. - -2009-07-13 Werner Koch - - * ccid-driver.c (struct ccid_driver_s): Add fields last_progress, - progress_cb and progress_cb_arg. - (ccid_set_progress_cb): New. - (print_progress): New. - (ccid_transceive): Call print_progress for wait time extensions. - * apdu.c (struct reader_table_s): Add field set_progress_cb. - (new_reader_slot): Clear that field. - (open_ccid_reader): Set it to .. - (set_progress_cb_ccid_reader): ... new fucntion. - * app.c (print_progress_line): New. - (lock_reader): Add arg CTRL to set a progress callback and - change all callers to provide it. - (unlock_reader): Remove the progress callback. - -2009-07-10 Werner Koch - - * iso7816.c (iso7816_compute_ds): Add args EXTENDED_MODE and LE. - Change all callers to use 0. - (iso7816_internal_authenticate): Add args EXTENDED_MODE and LE. - * app-openpgp.c (do_sign): Take exmode and Le from card - capabilities and pass them to iso7816_compute_ds. - (do_auth): Ditto for iso7816_internal_authenticate. - (change_keyattr): Reset CHV verification status. - -2009-07-09 Werner Koch - - * app-openpgp.c (change_keyattr): New. - (do_writekey): Call it. - - * app-openpgp.c (does_key_exist): Add arg GENERATING. Change - callers. - -2009-06-30 Werner Koch - - * ccid-driver.c (ccid_transceive): Set RESYNCING flag. - -2009-06-29 Werner Koch - - * ccid-driver.c (ccid_transceive): Add a hack to support extended - length for Omnikey readers. - (is_exlen_apdu): New. - (parse_ccid_descriptor): Track short+extended apdu exchange level. - -2009-06-18 Werner Koch - - * app-openpgp.c (verify_chv2): Remove special case for v2 cards. - (get_public_key): Use extended mode. - -2009-06-17 Werner Koch - - * iso7816.c (iso7816_get_data): Add arg EXTENDED_MODE. Change all - callers. - * app-openpgp.c (data_objects): Use bit flags. Add flag - TRY_EXTLENGTH. - (get_cached_data): Add arg TRY_EXTLEN and use it for iso7816_get_data. - (get_one_do): Use extended length APDU if necessary. - -2009-06-10 Werner Koch - - * app-openpgp.c (store_fpr): Change first arg to app_t; adjust - callers. Flush the cache. - -2009-06-09 Werner Koch - - * app-openpgp.c (do_readcert): Return NOT_FOUND if the retrieved - data has a length of zero. - (do_getattr): Add EXTCAP subkey "sm". - -2009-05-20 Werner Koch - - * app-openpgp.c (verify_chv2): Add case for v2 cards. - (verify_chv3): Factor some code out to .. - (build_enter_admin_pin_prompt): .. new. - (do_change_pin): Properly handle v2 cards. - -2009-05-19 Werner Koch - - * scdaemon.c (create_server_socket): Use SUN_LEN. - (JNLIB_NEED_AFLOCAL): Define. - -2009-05-13 Werner Koch - - * ccid-driver.c (abort_cmd): Add arg SEQNO and change callers. - (bulk_in): Retry on seqno mismatch. - - * apdu.c (send_le): Release result_buffer. - (apdu_send_direct): Implemend extended length. - * command.c (cmd_apdu): Add option "--exlen". - -2009-05-11 Werner Koch - - * apdu.c (send_le): Replace log_error by log_info. - -2009-05-08 Werner Koch - - * app-openpgp.c (do_genkey): Allow larger key sizes. - (do_decipher): Ditto. - * iso7816.c (do_generate_keypair): Add arg EXTENDED_MODE an LE. - (iso7816_generate_keypair, iso7816_read_public_key): Ditto. - Changed all callers. - * apdu.c (send_le): Implement extended length return values. - - * ccid-driver.c (bulk_in): Retry on EAGAIN. - (abort_cmd): Change seqno handling. - -2009-04-28 Werner Koch - - * app-help.c (app_help_count_bits): New. - - * app-nks.c (switch_application): Detect mass signature cards. - Take care of new NEED_APP_SELECT flag. - (do_sign): Don't allow mass signature cards. - (all_zero_p): New. - (do_readkey): New. - (app_select_nks): Register do_readkey. - -2009-04-01 Werner Koch - - * app-openpgp.c (do_setattr, do_writekey): Prepare for extended - length cards. - -2009-03-31 Werner Koch - - * command.c (percent_plus_unescape): Remove. - (cmd_setattr): Use percent_plus_unescape_inplace. - -2009-03-30 Werner Koch - - * app-nks.c (do_decipher): Make it work for TCOS 3. - * iso7816.c (iso7816_decipher): Add arg EXTENDED_MODE. - * apdu.c (apdu_send): Add arg EXTENDED_MODE and change all callers. - (apdu_send_le): Ditto. - (apdu_send_direct): Ditto, but not yet functional. - (send_le): Fix command chaining. Implement extended length option. - * ccid-driver.c (ccid_transceive): Remove restriction on apdu length. - (struct ccid_driver_s): Add field IFSC. - (ccid_get_atr): Set IFSC. - (ccid_transceive): Use negotiated IFSC and support S(IFS) command. - -2009-03-26 Werner Koch - - * command.c (cmd_pksign): Allow more hash algorithms. - - * scdaemon.h (MAX_DIGEST_LEN): Change to 64. - - * apdu.c (open_ccid_reader): Clear the is_to flag. - - * app-nks.c (filelist): Add field KID. - (do_getattr): Change standard authentication key. - (do_sign): Setup a security environment for TCOS 3 cards and support - all SHA-2 algorithms. - -2009-03-24 Werner Koch - - * command.c (struct server_local_s): Add flag - APP_CTX_MARKED_FOR_RELEASE. - (do_reset): Set the flag. - (open_card): Act on this flag. - * app-common.h (struct app_ctx_s): Add flag NO_REUSE. - (application_notify_card_reset): Set the flag. - * app.c (select_application, release_application): Take care of - that flag. - -2009-03-20 Werner Koch - - * app-nks.c (keygripstr_from_pk_file): Fix for TCOS 3 cards. - -2009-03-18 Werner Koch - - * apdu.c (open_pcsc_reader_wrapped): Use close_all_fds. - - * command.c (cmd_learn): Add option --keypairinfo. - * app.c (app_write_learn_status): Add arg FLAGS. - * app-common.h (struct app_ctx_s): Add arg FLAGS to LEARN_STATUS. - Change all implementors. - * app-p15.c (do_learn_status): Take care of flag bit 0. - * app-nks.c (do_learn_status, do_learn_status_core): Ditto. - -2009-03-10 Werner Koch - - * app-openpgp.c (send_key_attr): New. - (do_getattr): New attribute KEY_ATTR. - * command.c (send_status_direct): New. - -2009-03-06 Werner Koch - - * app-nks.c (do_learn_status): Factor code out to.. - (do_learn_status_core): .. new. - (do_readcert, do_sign, do_decipher): Switch to SigG if needed. - (verify_pin): Use DESC also for keypad based verify. - -2009-03-05 Werner Koch - - * app-openpgp.c (verify_a_chv): Remove special case for keypads. - (verify_chv3): Ditto. - - * app-nks.c (get_chv_status): New. - (parse_pwidstr): New. - (verify_pin): Add args PWID and DESC and use them. Remove the - CHV1 caching. - (do_change_pin): Allow PIN selection and add reset mode. - (do_learn_status): Use NKS-NKS3 tag for TCOS 3 cards. - (do_readcert, do_sign): Allow NKS-NKS3 tag. - -2009-03-04 Werner Koch - - * app-nks.c (do_getattr): New. - (app_select_nks): Register it. - (verify_pin): Factor some code out to... - (basic_pin_checks): New. - (do_change_pin): Call the basic check. - (app_select_nks): Move AID to .. - (aid_nks): .. new. - (aid_sigg): New. - (switch_application): New. - (do_getattr, do_learn_status, do_readcert, do_sign, do_decipher) - (do_change_pin, do_check_pin): Make sure we are in NKS mode. - -2009-03-03 Werner Koch - - * command.c (scd_command_handler): Remove dereference of STOPME - after free. - -2009-02-27 Werner Koch - - * app.c (get_supported_applications): New. - * command.c (cmd_getinfo): New subcommand "app_list" - (cmd_killscd): New. - (register_commands): Register command KILLSCD. - (struct server_local_s): Add field STOPME. - (scd_command_handler): Act upon this. - -2009-02-25 Werner Koch - - * apdu.c (apdu_get_status): Factor all code out to ... - (apdu_private_get_status): .. new. Add arg NO_ATR_RESET. - (apdu_connect): Call new function. - - * scdaemon.c: New option --debug-log-tid. - (tid_log_callback): New. - (main): Move debug-wait code after debug stream init. - -2009-02-24 Werner Koch - - * ccid-driver.c (ccid_get_atr): Move debug output to .. - (print_r2p_parameters): .. new. - (print_r2p_header, print_pr_data, print_r2p_unknown) - (print_r2p_datablock, print_r2p_slotstatus, print_r2p_escape) - (print_r2p_datarate): New. - (bulk_in): Call parameter printing. - (ccid_set_debug_level): Add debug level 3. - (convert_le_u16): New. - (print_p2r_header, print_p2r_iccpoweron, print_p2r_iccpoweroff) - (print_p2r_getslotstatus, print_p2r_xfrblock) - (print_p2r_getparameters, print_p2r_resetparameters) - (print_p2r_setparameters, print_p2r_escape, print_p2r_iccclock) - (print_p2r_to0apdu, print_p2r_secure, print_p2r_mechanical) - (print_p2r_abort, print_p2r_setdatarate, print_r2p_unknown): New. - (bulk_out): Add arg NO_DEBUG and change all callers to pass 0. - Call parameter printing. - (ccid_slot_status): Call with NO_DEBUG set. - (abort_cmd, send_escape_cmd, ccid_get_atr, ccid_get_atr) - (ccid_transceive_apdu_level, ccid_transceive) - (ccid_transceive_secure): Remove old debug print code. - -2009-02-12 Werner Koch - - * command.c (cmd_getinfo): Add new subcommand "deny_admin". - -2009-01-28 Werner Koch - - * scdaemon.c (main): Make --allow-admin the default and make the - option a dummy. - -2009-01-27 Werner Koch - - * app-geldkarte.c: Changed to use an AID. - - * app.c (app_munge_serialno): Add case for no serialno. - (app_get_serial_and_stamp): Ditto. - -2009-01-26 Werner Koch - - * app-geldkarte.c: New. - * Makefile.am (card_apps): Add new file. - * app.c (select_application): Test for geldkarte. - -2009-01-12 Werner Koch - - * command.c (send_client_notifications) [HAVE_W32_SYSTEM]: Fix - brackets. - -2009-01-08 Werner Koch - - * iso7816.c (iso7816_read_record, iso7816_read_binary): Pass 0 for - L_e because the problem with the CCID driver has gone. - (iso7816_apdu_direct): New. - - * app-nks.c (filelist): Add NKS_VER field. Add NKS 3 specific - entries. - (app_local_s, do_deinit): New. - (get_nks_version): New. - (app_select_nks): Setup local data. - (keygripstr_from_pk_file): Replace SLOT by APP and take care of - NKS version > 2. - (do_learn_status): Take care of NKS version. - -2009-01-05 Werner Koch - - * apdu.c (apdu_get_status): Save the last status. - -2008-12-18 Werner Koch - - * ccid-driver.c (abort_cmd): New. - (bulk_in): Call abort_cmd after severe errors. - - * apdu.c (reader_table_s): Add field ANY_STATUS. - (new_reader_slot): Clear it. - (apdu_get_status): Use ANY_STATUS to update the change counter. - Remove the use of the flag bit from LAST_STATUS everywhere. - * command.c (update_reader_status_file): Factor code out to ... - (send_client_notifications): New. Track signals already sent. - (update_reader_status_file): Shutdown the reader after a failed - apdu_get_status. - -2008-12-09 Werner Koch - - * scdaemon.c (main): Call i18n_init before init_common_subsystems. - -2008-12-08 Werner Koch - - * scdaemon.c (handle_connections): Sync ticker to the next full - interval. - (TIMERTICK_INTERVAL_USEC): Change to 500ms. - -2008-12-05 Werner Koch - - * app-openpgp.c (app_local_s): Add field ALGO_ATTR_CHANGE. - (app_select_openpgp): Parse new capability. - (show_caps): Show new capability. - -2008-12-03 Werner Koch - - * scdaemon.c (opts): Use ARGPARSE_ macros. Add option - --card-timeout. - * command.c (update_reader_status_file): Implement it. - -2008-11-18 Werner Koch - - * scdaemon.c (make_libversion): New. - (my_strusage): Print libgcrypt and libksba version. - -2008-11-03 Werner Koch - - * command.c (server_local_s): Add field DISCONNECT_ALLOWED. - (cmd_disconnect): Implement command. - (open_card): Reset disconnect flag. - (update_reader_status_file): Disconnect if allowed. - - * app-common.h (app_ctx_s): Remove INITIALIZED. Make REF_COUNT - unsigned. - * app.c (select_application): Remove INITIALIZED. - (app_write_learn_status, app_readcert, app_readkey, app_getattr) - (app_setattr, app_sign, app_decipher, app_writecert) - (app_writekey, app_get_challenge, app_change_pin, app_check_pin): - Replace INITIALIZED by REF_COUNT check. - (application_notify_card_removed): Rename to .. - (application_notify_card_reset): .. this. Change all callers. - * command.c (do_reset): Call application_notify_card_reset after - sending a reset. - (update_reader_status_file): Add arg SET_CARD_REMOVED. - (scd_update_reader_status_file): Pass true for new flag. - (do_reset): Pass false for new flag. - - * app.c (app_get_serial_and_stamp): Use bin2hex. - * app-help.c (app_help_get_keygrip_string): Ditto. - * app-p15.c (send_certinfo, send_keypairinfo, do_getattr): Ditto. - * app-openpgp.c (send_fpr_if_not_null, send_key_data) - (retrieve_fpr_from_card, send_keypair_info): Ditto. - * app-nks.c (keygripstr_from_pk_file): Ditto. - * command.c (cmd_apdu): Ditto. - -2008-10-21 Marcus Brinkmann - - * command.c (open_card): If connect error is SW_HOST_NO_CARD, - return a more descriptive error. - -2008-10-20 Werner Koch - - * pcsc-wrapper.c (read_32): Use provided arg and not stdin. Is - called with stdin, though. - (handle_close): Mark unused arg. - (handle_status, handle_reset): Ditto. - - * ccid-driver.c (ccid_check_card_presence): Mark not yet used arg. - - * scdaemon.c (scd_deinit_default_ctrl): Mark unused arg. - * command.c (cmd_unlock, cmd_restart, cmd_disconnect): Ditto. - * apdu.c (ct_get_status): Ditto. - (ct_send_apdu, pcsc_send_apdu_wrapped) - (apdu_open_remote_reader): Ditto. - * app.c (select_application): Ditto. - * app-openpgp.c (do_writecert, do_change_pin, do_writekey): Ditto. - * app-nks.c (do_change_pin, do_check_pin): Ditto. - -2008-10-16 Werner Koch - - * command.c (cmd_disconnect): New dummy command. - (register_commands): Register command. - -2008-10-15 Werner Koch - - * command.c (scd_command_handler): Return true if there is no more - active session. - * scdaemon.c (start_connection_thread): Set shutdown flag if - requested by command handler. - (main): Make PIPE_SERVER module global. - (handle_connections): Disable listen_fd if a shutdown is pending. - -2008-10-14 Werner Koch - - * apdu.c (reader_table_s): Add fields connect_card and - disconnect_card. - (new_reader_slot): Set them to NULL. - (apdu_connect, apdu_disconnect): New. - (apdu_close_reader, apdu_shutdown_reader): Call apdu_disconnect. - (connect_pcsc_card, disconnect_pcsc_card): new. - (reset_pcsc_reader_direct): Implement in terms of - disconnect_pcsc_card and connect_pcsc_card. - (apdu_get_atr): Return NULL if there is no ATR. - * sc-copykeys.c (main): Add call to apdu_connect. - * command.c (open_card): Ditto. - - * apdu.h (SW_HOST_ALREADY_CONNECTED): New. - (APDU_CARD_USABLE, APDU_CARD_PRESENT, APDU_CARD_ACTIVE): New. - * apdu.c: Replace constants by the new macros. - (open_pcsc_reader): Factor code out to ... - (open_pcsc_reader_direct, open_pcsc_reader_wrapped): New. - (reset_pcsc_reader): Factor code out to ... - (reset_pcsc_reader_direct, reset_pcsc_reader_wrapped): New. - (pcsc_get_status): Factor code out to ... - (pcsc_get_status_direct, pcsc_get_status_wrapped): New. - (pcsc_send_apdu): Factor code out to ... - (pcsc_send_apdu_direct, pcsc_send_apdu_wrapped): New. - (close_pcsc_reader): Factor code out to ... - (close_pcsc_reader_direct, close_pcsc_reader_wrapped): New. - - * command.c (update_reader_status_file): Open the reader if not - yet done. - - * scdaemon.c (TIMERTICK_INTERVAL_SEC, TIMERTICK_INTERVAL_USEC): - New to replace TIMERTICK_INTERVAL. Chnage from 2s (4 under W32) - to 250ms. - -2008-10-13 Werner Koch - - * command.c (option_handler) [W32]: Use strtoul with base 16. - (update_reader_status_file) [W32]: Set Event. - (scd_command_handler): Use INT2FD to silent warning. - -2008-09-29 Werner Koch - - * scdaemon.h (GCRY_MD_USER): Rename to GCRY_MODULE_ID_USER. - (GCRY_MD_USER_TLS_MD5SHA1): Rename to MD_USER_TLS_MD5SHA1 and - change all users. - -2008-09-28 Marcus Brinkmann - - * apdu.c (pcsc_get_status): Fix last change. - -2008-09-25 Werner Koch - - * app-openpgp.c (do_setattr): Do not allow setting of the reset - code. - (do_change_pin): Allow setting of the reset code. - -2008-09-24 Werner Koch - - * app-openpgp.c (verify_chv3): Set the did_chv3 flag which was - accidently removed on 2008-03-26. - (verify_chv2): Revert last change. - (do_change_pin): Do not change CHV2. Add reset code logic for v2 - cards. - * iso7816.c (iso7816_reset_retry_counter_with_rc): New. - - * app-openpgp.c (add_tlv, build_privkey_template): New. - (do_writekey): Support v2 keys and other key lengths than 1024. - * iso7816.c (iso7816_put_data_odd): New. - -2008-09-23 Werner Koch - - * app-openpgp.c (do_sign): Support SHA-2 digests. - (verify_chv2): No CHV auto-sync for v2 cards. - (do_auth): Allow 2048 bit keys. - (parse_algorithm_attribute): New. - (rsa_key_format_t): New. - (struct app_local_s): Add struct KEYATTR. - -2008-09-23 Marcus Brinkmann - - * apdu.c (pcsc_get_status): Be more relaxed with the usable flag - under Windows. - -2008-09-23 Werner Koch - - * app-openpgp.c (do_setattr): Use command chaining for long - values. - * iso7816.c (iso7816_put_data): Add arg EXTENDED_MODE. Change all - callers. - * apdu.c (apdu_send_simple): Add arg EXTENDED_MODE. Change all - callers. - (send_le): Implement command chaining. - * ccid-driver.c (ccid_transceive_apdu_level): Increase allowed - APDU size. - (ccid_transceive): Alow for APDUS of up to 259 bytes. - * apdu.h: Add new SW_ codes. - -2008-09-16 Werner Koch - - * command.c (cmd_writecert): New. - (register_commands): Register it. - * app-common.h (app_ctx_s): Add member WRITECERT. - * app.c (app_writecert): New. - * app-openpgp.c (do_writecert): New. - (parse_historical): New. - (show_extcap): New. - (dump_all_do): Print only the length of longs DOs. - * command.c (cmd_writekey, cmd_apdu, cmd_pksign) - (cmd_passwd): Replace open coding by skip_options. - -2008-08-30 Moritz - - * scdaemon.c (main): Use estream_asprintf instead of asprintf. - * command.c (update_reader_status_file): Likewise. - (cmd_serialno): Use estream_asprintf instead of asprintf - and xfree instead of free to release memory allocated - through (estream_)asprintf. - (cmd_learn): Likewise. - (pin_cb): Likewise. - * app-openpgp.c (get_public_key): Likewise. - -2008-08-18 Werner Koch - - * app-openpgp.c (do_setattr): Fix test for v2 cards. - -2008-08-11 Werner Koch - - * apdu.c (reset_pcsc_reader, open_pcsc_reader) - (reset_rapdu_reader, open_rapdu_reader): Allow ATRs of up to 33 - bytes. Provide maximum size of ATR buffer using DIM. Such long - ATR are never seen in reality but the PC/SC library of MAC OS X is - just too buggy. Reported by Ludovic Rousseau. Fixes bug #948. - -2008-07-30 Werner Koch - - * app-openpgp.c (verify_a_chv): Use xtrymalloc and make the prompt - for CHV2 more user friendly. - -2008-07-03 Werner Koch - - * app-openpgp.c (do_readcert): New. - (app_local_s): Add fields IS_V2 and MAX_CERTLEN_3. - (app_select_openpgp): Set them and register do_readcert. - (do_setattr): Allow storing of the certificate. - -2008-06-25 Werner Koch - - * app-dinsig.c (do_sign): Allow for SHA256. - -2008-06-24 Werner Koch - - * app-common.h (app_ctx_s): Renamed reset_mode parameter of - change_pin to mode_Flags and make it an unsigned int. - (APP_CHANGE_FLAG_RESET, APP_CHANGE_FLAG_NULLPIN): New. - * app-openpgp.c (do_change_pin): Adjust for that. - - * command.c (cmd_passwd): Add option --nullpin. - * app-nks.c (do_check_pin, do_change_pin): New. - (app_select_nks): Register new functions. - -2008-04-21 Moritz Schulte (wk) - - * app-openpgp.c (verify_a_chv): Make use of the default CHV flag. - -2008-03-26 Werner Koch - - * app-openpgp.c (verify_chv3): Support the keypad. - -2008-02-09 Marcus Brinkmann - - * scdaemon.c (main): Use CONFIG_FILENAME as filename if it is set - in gpgconf-list output. - -2007-12-10 Werner Koch - - * app-openpgp.c (do_decipher): Take care of cryptograms shorter - that 128 bytes. Fixes bug#851. - -2007-11-14 Werner Koch - - * scdaemon.c (main): Pass STANDARD_SOCKET flag to - create_server_socket. - -2007-11-13 Werner Koch - - * scdaemon.c (start_connection_thread): Do not call - assuan_sock_check_nonce if we are running in --server mode. - -2007-11-07 Werner Koch - - * scdaemon.h: Remove errors.h. - -2007-10-02 Werner Koch - - * command.c (cmd_getinfo): Add "pid" subcommand. - -2007-10-01 Werner Koch - - * scdaemon.c (create_server_socket): Use Assuan socket wrappers - and remove Windows specific code. - (socket_nonce): New. - (start_connection_thread): Check nonce. - -2007-09-14 Marcus Brinkmann - - * scdaemon.c (main): New variable STANDARD_SOCKET, which is 1 for - W32 targets. Use it for create_socket_name. - -2007-08-07 Werner Koch - - * tlv.c, tlv.h: Move to ../common/. - -2007-08-02 Werner Koch - - * scdaemon.c: Include gc-opt-flags.h and remove their definition - here. - -2007-08-01 Werner Koch - - * apdu.c (send_le): Implement exact length hack. Suggested by - Sten Lindgren. - -2007-07-05 Werner Koch - - * command.c (has_option_name, skip_options): New. - (cmd_genkey): Add option --timestamp. - (cmd_writekey): Enter confidential mode while inquiring the key data. - - * app.c (app_genkey): Add arg CREATETIME. - * app-common.h (app_ctx_s): Likewise - * app-openpgp.c (do_genkey): Ditto. Use it. - - -2007-07-04 Werner Koch - - * command.c (cmd_getinfo): New subcommand "version". - - * scdaemon.c (TIMERTICK_INTERVAL): New. - (handle_connections) [W32]: Enable a dummy sigs event. - (handle_connections): Use a proper count for select and not - FD_SETSIZE. - (fixed_gcry_pth_init, main): Kludge to fix pth initialization. - -2007-06-21 Werner Koch - - * scdaemon.h (ctrl_t): Remove. It is now declared in ../common/util.h. - -2007-06-18 Marcus Brinkmann - - * scdaemon.c (main): Percent escape output of --gpgconf-list. - -2007-06-12 Werner Koch - - * scdaemon.c (main): Replace some calls by init_common_subsystems. - -2007-06-11 Werner Koch - - * Makefile.am (scdaemon_LDADD): Use libcommonpth macro. - - * command.c (initialize_module_command): New. - * scdaemon.c (main) [W32]: Do not use sigpipe code. - (main): Call initialize_module_command. - -2007-06-06 Werner Koch - - * app-openpgp.c (do_sign): Fix arithmetic on void*. - - * app.c (dump_mutex_state) [W32]: Handle the W32Pth case. - - * apdu.c: Remove dynload.h. - - * scdaemon.c (i18n_init): Remove. - -2007-04-20 Werner Koch - - * sc-copykeys.c (my_gcry_logger): Removed. - (main): Call setup_libgcrypt_logging helper. - * scdaemon.c (my_gcry_logger): Removed. - (main): Call setup_libgcrypt_logging helper. - -2007-04-03 Werner Koch - - * command.c (cmd_getinfo): New subcommand "reader_list". - * ccid-driver.c (scan_or_find_devices): Ignore EBUSY in scan mode - for special transports. - -2007-03-07 Werner Koch - - * app-dinsig.c: Include i18n.h. - (verify_pin): Support PIN pads. - * app-nks.c (verify_pin): Ditto. - - * ccid-driver.c (bulk_in): Handle time extension before checking - the message type. - (ccid_transceive_secure): Support the Cherry XX44 keyboard. - Kudos to the nice folks at Cherry for helping with that. - -2007-02-18 Werner Koch - - * scdaemon.c (DEFAULT_PCSC_DRIVER): Add a default for OS X. - -2007-01-25 Werner Koch - - * Makefile.am (scdaemon_LDADD): Added LIBICONV. Noted by Billy - Halsey. - -2006-12-21 Werner Koch - - * app-openpgp.c (verify_chv2): Factored most code out into... - (verify_a_chv): ... new. - (do_sign): Factored verification code out to new function and - take care of a keypad entered PIN. - (compare_fingerprint): Print an additional diagnostic. - -2006-11-28 Werner Koch - - * apdu.c (send_le, apdu_send_direct): Increase RESULTLEN to 258 to - allow for full 256 byte and the status word. This might break - some old PC/SC drivers or cards, but we will see. Suggested by - Kenneth Wang. - -2006-11-23 Werner Koch - - * command.c (scd_command_handler): Fixed use of CTRL. - -2006-11-21 Werner Koch - - * Makefile.am (libexec_PROGRAMS): Put pscs-wrapper into libexec. - Renamed to gnupg-pcsc-wrapper. - * apdu.c (open_pcsc_reader): Use GNUPG_LIBEXECDIR to accces the - wrapper. Suggested by Eric Dorland. - -2006-11-20 Werner Koch - - * app-openpgp.c (verify_chv2): Support for keypads (only CHV2). - - * ccid-driver.c (ccid_transceive_secure): Made it work for Kaan - and SCM. - -2006-11-17 Werner Koch - - * ccid-driver.c (scan_or_find_devices): Use DEBUGOUT_2 instead of - log_debug. Removed few other log_debug. - - * iso7816.c (iso7816_check_keypad): Allow for a SW of 0. - - * command.c (pin_cb): New mode to prompt for a keypad entry. - - * scdaemon.c (main) : Add disable-keypad. - -2006-11-15 Werner Koch - - * app-p15.c (read_ef_odf): Cast one printf arg. - - * scdaemon.h (struct server_control_s): Add field THREAD_STARTUP. - * command.c (scd_command_handler): Add new arg CTRL. - * scdaemon.c (scd_init_default_ctrl): Made static. - (scd_deinit_default_ctrl): New. - (start_connection_thread): Call init/deinit of ctrl. - (handle_connections): Allocate CTRL. - - * apdu.c (PCSC_ERR_MASK): New. - (reset_pcsc_reader, pcsc_get_status, pcsc_send_apdu) - (close_pcsc_reader, open_pcsc_reader): Use it after shifting error - values. Reported by Henrik Nordstrom. Fixes bug #724. - -2006-10-24 Werner Koch - - * scdaemon.h (GCRY_MD_USER_TLS_MD5SHA1): New. - (MAX_DIGEST_LEN): Increased to 36. - * app-p15.c (do_sign): Support for TLS_MD5SHA1. - (do_auth): Detect TLS_MD5SHA1. - (do_sign): Tweaks for that digest. - -2006-10-23 Werner Koch - - * scdaemon.c (main): New command --gpgconf-test. - -2006-10-17 Werner Koch - - * Makefile.am (scdaemon_LDADD): Link against libcommonpth. - -2006-10-12 Werner Koch - - * apdu.c: Include pth.h after unistd.h for the sake of newer Pth - versions. - -2006-10-11 Werner Koch - - * app-openpgp.c (do_sign): Redirect to do_auth for OpenPGP.3. - -2006-10-06 Werner Koch - - * Makefile.am (AM_CFLAGS): Use PTH version of libassuan. - (scdaemon_LDADD): Ditto. - - * scdaemon.h (send_status_info): Mark with sentinel attribute. - -2006-10-02 Marcus Brinkmann - - * command.c (update_reader_status_file): Increase buffer of - NUMBUF2 (fixing typo). - -2006-09-24 Marcus Brinkmann - - * app-openpgp.c (do_sign): Advance INDATA by the SHA1 resp. RMD160 - prefix length. - -2006-09-14 Werner Koch - - Replaced all call gpg_error_from_errno(errno) by - gpg_error_from_syserror(). - - * command.c (scd_command_handler): Replaced - init_connected_socket_server by init_socket_server_ext. - -2006-09-07 Werner Koch - - * command.c (update_reader_status_file): Execute an event handler - if available. - -2006-09-06 Werner Koch - - * apdu.c (pcsc_end_transaction): - * pcsc-wrapper.c (pcsc_end_transaction: Fixed dclaration. - Reported by Bob Dunlop. - - * scdaemon.h (CTRL,APP): Removed and changed everywhere to - ctrl_t/app_t. - - Replaced all Assuan error codes by libgpg-error codes. Removed - all map_to_assuan_status and map_assuan_err. - - * scdaemon.c (main): Call assuan_set_assuan_err_source to have Assuan - switch to gpg-error codes. - * command.c (set_error): Adjusted. - -2006-09-02 Marcus Brinkmann - - * command.c (get_reader_slot): Return the slot_table index, not - the APDU slot number. - (update_reader_status_file): Use the slot_table index in the - update_card_removed invocation. - -2006-09-01 Marcus Brinkmann - - * command.c (cmd_getinfo): Handle status command. - -2006-08-30 Marcus Brinkmann - - * command.c (do_reset): Delay resetting CTRL->reader_slot until - after update_card_removed invocation. - -2006-08-28 Marcus Brinkmann - - * app-openpgp.c (do_decipher, do_sign): Allow "OPENPGP.2" - resp. "OPENPGP.1" for KEYIDSTR. - -2006-08-21 Werner Koch - - * pcsc-wrapper.c (handle_open, handle_close): Reset card and - protocol on error/close. - (handle_status): Don't set the state if the state is unknown. - (handle_reset): Ignore an error if already disconnected. May - happen due to system wake-up after hibernation. Suggested by Bob - Dunlop. - -2006-06-28 Werner Koch - - * app-openpgp.c (do_writekey): Fixed computation of memmove - length. This led to garbled keys if E was larger than one byte. - Thanks to Achim Pietig for hinting at the garbled E. - -2006-06-09 Marcus Brinkmann - - * Makefile.am (scdaemon_LDADD): Add $(NETLIBS). - -2006-04-14 Marcus Brinkmann - - * app.c (select_application): Cover up a slot mismatch error in - case it happens (it shouldn't happen). - (release_application): Use APP->slot. Lock the reader. - (application_notify_card_removed): Lock the reader. - -2006-04-11 Werner Koch - - * command.c (hex_to_buffer): New. - (cmd_apdu): New. - -2006-04-03 Werner Koch - - * scdaemon.c [__GLIBC__]: Default to libpcsclite.so.1. - -2006-03-21 Werner Koch - - * command.c (cmd_pksign): Add --hash option. - -2006-03-01 Werner Koch - - * command.c (status_file_update_lock): New. - (scd_update_reader_status_file): Use lock and factor existing code - out to .. - (update_reader_status_file): .. this. - (do_reset): Use the lock and call update_reader_status_file. - -2006-02-20 Werner Koch - - * apdu.c (open_pcsc_reader): Fixed double free. Thanks to Moritz. - -2006-02-09 Werner Koch - - * command.c (get_reader_slot, do_reset) - (scd_update_reader_status_file): Rewrote. - - * app.c (release_application): Factored code out to .. - (deallocate_app): new function. - (select_application): Introduce new saved application stuff. - (application_notify_card_removed): New. - * command.c (update_card_removed): Call it here. - (do_reset): And here. - - * app.c (check_application_conflict): New. - * command.c (open_card): Use it here. - (cmd_restart): New command. - - * command.c (cmd_lock): Fixed --wait option to actually terminate. - -2006-02-08 Werner Koch - - * ccid-driver.c (ccid_get_atr): Read Parameter and select T=1 - using these parameters. - (scan_or_find_devices): Check for NULL r_fd. - -2006-02-02 Werner Koch - - * ccid-driver.c (special_transport): New - (ccid_open_reader, do_close_reader, ccid_shutdown_reader) - (bulk_out, bulk_in): Add support for CardMan 4040 reader. - - * ccid-driver.c (scan_or_find_devices): Factored most code out to - (scan_or_find_usb_device): .. new. - (make_reader_id): Fixed vendor mask. - -2006-01-01 Werner Koch - - * app-openpgp.c (do_sign): Give user error if hash algorithm is - not supported by the card. - -2005-12-06 Werner Koch - - * apdu.c (open_pcsc_reader): Check that pcsc-wrapper is actually - installed. - -2005-11-23 Werner Koch - - * app-nks.c (verify_pin): Give a special error message for a Nullpin. - -2005-10-29 Werner Koch - - * ccid-driver.c (send_escape_cmd): New args RESULT, RESULTLEN and - RESULTMAX. Changed all callers. - (ccid_transceive_escape): New. - -2005-10-27 Werner Koch - - * apdu.c [__CYGWIN__]: Make cygwin environment similar to _WIN32. - Suggested by John P. Clizbe. - * scdaemon.c [__CYGWIN__]: Set default PC/SC driver to winscard.dll. - -2005-10-19 Werner Koch - - * ccid-driver.h (CCID_DRIVER_ERR_NO_KEYPAD): New. - * apdu.h (SW_HOST_NO_KEYPAD): New. - * iso7816.h (struct iso7816_pininfo_s): New. - * iso7816.c (map_sw): Support new code. - (iso7816_check_keypad): New. - (iso7816_verify_kp, iso7816_change_reference_data_kp) - (iso7816_reset_retry_counter_kp): New. Extended versions of the - original functions. - * apdu.c (host_sw_string): Support new code. - (reader_table_s): New field CHECK_KEYPAD. - (new_reader_slot, open_ct_reader, open_pcsc_reader) - (open_ccid_reader, open_rapdu_reader): Initialize it. - (check_ccid_keypad): New. - (apdu_check_keypad): New. - (apdu_send_le): Factored all code out to ... - (send_le): .. new. Takes an additional arg; changed all callers - of the orginal function to use this one with a NULL for the new - arg. - (apdu_send_simple_kp): New. - (ct_send_apdu, pcsc_send_apdu, my_rapdu_send_apdu) - (send_apdu_ccid): New arg PININFO. - (send_apdu_ccid): Use the new arg. - - * scdaemon.c: New option --disable-keypad. - -2005-10-08 Marcus Brinkmann - - * Makefile.am (scdaemon_LDADD): Add ../gl/libgnu.a after - ../common/libcommon.a. - -2005-09-20 Werner Koch - - * app-dinsig.c (verify_pin): Try ISO 9564 BCD encoding. - - * iso7816.c (iso7816_select_application): Add arg FLAGS. Changed - all callers to pass 0. - * app-openpgp.c (app_select_openpgp): But this one requires a - special flag. - - * app-p15.c (app_select_p15): Don't use select application for the - BELPIC. - -2005-09-09 Werner Koch - - * pcsc-wrapper.c (main): Removed bogus free. - - * app-p15.c (do_auth): New. - (do_getattr): New attribs $AUTHKEYID and $DISPSERIALNO. - * app-openpgp.c (do_getattr): Ditto. - -2005-09-08 Werner Koch - - * app-openpgp.c (do_getattr): New key $AUTHKEYID. - -2005-09-06 Werner Koch - - * app-p15.c (do_sign): Tweaked for BELPIC cards. - (read_home_df): New arg R_BELPIC. - (app_select_p15): Set card type for BELPIC. - -2005-09-05 Werner Koch - - * iso7816.c (iso7816_select_path): New. - * app-p15.c (select_ef_by_path): Allow for direct path selection. - (app_select_p15): Try using the Belgian variant of pkcs#15. - (read_home_df): New. - (read_ef_odf): Generalized. - (read_ef_tokeninfo): New. - (read_p15_info): Set serialnumber from TokenInfo. - (app_select_p15): Don't munge serialNumber - that must be done - only once. - - * iso7816.c (iso7816_read_binary): Use Le=0 when reading all - data. Handle 6C00 error and take 6B00 as indication for EOF. - * apdu.h (SW_EXACT_LENGTH_P): New. - * apdu.c (new_reader_slot, reset_pcsc_reader, pcsc_get_status) - (open_pcsc_reader): Set new reader state IS_T0. - (apdu_send_le): When doing T=0 make sure not to send Lc and Le. - Problem reported by Carl Meijer. - (apdu_send_direct): Initialize RESULTLEN. - * pcsc-wrapper.c (handle_status): Return the current protocol as - a new third word. - -2005-08-05 Werner Koch - - * apdu.c (open_rapdu_reader): Set the reader number. - -2005-07-05 Werner Koch - - * app-openpgp.c (do_readkey): Return a mallcoed copy of the key as - required by the description. Thanks to Moritz for tracking this - problem down. - -2005-06-21 Werner Koch - - * scdaemon.c (main): ifdef call to ccid_set_debug_level. - - * apdu.c (reset_pcsc_reader, open_pcsc_reader): Cast size_t to - ulong for printf. - -2005-06-06 Werner Koch - - * scdaemon.c (main): New option --debug-allow-core-dump. - -2005-06-03 Werner Koch - - * scdaemon.c (handle_connections): Make sure that the signals we - are handling are not blocked.Block signals while creating new - threads. - (handle_connections): Include the file descriptor into the name of - the thread. - -2005-06-02 Werner Koch - - * app.c (app_dump_state, dump_mutex_state): New. - * scdaemon.c (handle_signal): Print it on SIGUSR1. - - * app-openpgp.c (do_writekey): Typo fix. - - * command.c (open_card): Check for locked state even if an - application context is available. - - * app-common.h: Add REF_COUNT field. - * app.c (release_application, select_application): Implement - reference counting to share the context beween connections. - - * app.c (lock_reader, unlock_reader): Take SLOT instead of APP as - argument. Changed all callers. - (select_application): Unlock the reader on error. This should fix - the hangs I noticed last week. - - * scdaemon.h: Removed card_ctx_t cruft. - -2005-06-01 Werner Koch - - * scdaemon.c: Include mkdtemp.h. - -2005-05-31 Werner Koch - - * tlv.c [GNUPG_MAJOR_VERSION==1]: Define constants instead of - including a gnupg 1.4 header. - -2005-05-30 Werner Koch - - * tlv.c: Add hack to compile without gpg-error.h when used with - GnuPG 1.4. - -2005-05-23 Werner Koch - - * Makefile.am: Do not build sc-copykeys anymore. - - * app-openpgp.c (app_openpgp_storekey, app_openpgp_readkey) - (app_openpgp_cardinfo): Removed. - - * ccid-driver.c (parse_ccid_descriptor): SCR335 FW version 5.14 is - good. - (do_close_reader): Never do a reset. The caller should instead - make sure that the reader has been closed properly. The new retry - code in ccid_slot_status will make sure that the readersatrts up - fine even if the last process didn't closed the USB connection - properly. - (ccid_get_atr): For certain readers try switching to ISO mode. - Thanks to Ludovic Rousseau for this hint and the magic numbers. - (print_command_failed): New. - (bulk_in): Use it here. Add new arg NO_DEBUG. - (ccid_slot_status): Disabled debugging. - -2005-05-21 Werner Koch - - * scdaemon.c (handle_signal): Print thread info on SIGUSR1. - -2005-05-20 Werner Koch - - * ccid-driver.c: Replaced macro DEBUG_T1 by a new debug level. - (parse_ccid_descriptor): Mark SCR335 firmware version 5.18 good. - (ccid_transceive): Arghhh. The seqno is another bit in the - R-block than in the I block, this was wrong at one place. - - * scdaemon.c: New options --debug-ccid-driver and - --debug-disable-ticker. - - * app-openpgp.c (do_genkey, do_writekey): Factored code to check - for existing key out into .. - (does_key_exist): .. New function. - -2005-05-19 Werner Koch - - * tlv.c (parse_sexp): New. - - * command.c (cmd_writekey): New. - * app.c (app_writekey): New. - * app-common.c (app_t): Add function ptr WRITEKEY. - * app-openpgp.c (do_writekey): New. - - * app-openpgp.c (do_readkey) [GNUPG_MAJOR_VERSION==1]: Return error. - * app-common.h (app_t) [GNUPG_MAJOR_VERSION==1]: Add a field to - store the Assuan context. - -2005-05-17 Werner Koch - - * scdaemon.c: Removed non-pth code paths. - (create_socket_name, create_server_socket): New. Taken from - ../agent/gpg-agent. - (cleanup): Changed to adjust for SOCKET_NAME now being malloced. - (ticker_thread): Always use pth_event_occurred; it is again - defined for all decent PTH versions. - (handle_connections): New. Based on the gpg-agent code. - (start_connection_thread): Ditto. - (ticker_thread): Removed. - (cleanup_sh): Removed. - (main): Run the handler for the pipe server in a separate - thread. This replaces the old ticker thread. - (scd_get_socket_name): New. - * command.c (cmd_getinfo): New command GETINFO. - (scd_command_handler): Renamed argument and changed code to use an - already connected FD. - -2005-05-15 Werner Koch - - * app.c, app-common.h, app-nks.c, app-p15.c, app-dinsig.c - * app-openpgp.c: Change most function return types from int to - gpg_error_t. - * command.c (pin_cb): Ditto. - * sc-copykeys.c (pincb): Ditto. - - * app.c (lock_reader, unlock_reader): New. Changed call handler - wrappers to make use of these functions. - -2005-05-07 Werner Koch - - * ccid-driver.c (do_close_reader): Don't do a reset before close. - Some folks reported that it makes the SCR335 hang less often. - Look at the source on how to re-enable it. - -2005-04-27 Werner Koch - - * app-p15.c (micardo_mse): New. - (do_sign): Call it. - * iso7816.c (iso7816_manage_security_env): Allow passing DATA as - NULL to indicate an empty Lc. - * tlv.c (find_tlv): Check that a found object fits into the - buffer. - (find_tlv_unchecked): New as replacement for the old non-checking - variant. - * app.c (select_application): Keep on using the non-checking - variant. - * app-openpgp.c (get_one_do, dump_all_do): Ditto. - - - Removal of the old OpenSC based code. - - * app-p15.c: New. Basic support for pkcs15 cards without OpenSC. - There are quite a couple of things missing but at least I can use - my old TCOS cards from the Aegypten-1 development for signing. - * app.c (select_application): Detect pkcs15 applications. - * Makefile.am (scdaemon_SOURCES): Removed card.c, card-common.h - and card-p15.c because they are now obsolete. Added app-p15.c. - Removed all OpenSC stuff. - * command.c (do_reset, open_card, cmd_serialno, cmd_learn) - (cmd_readcert, cmd_readkey, cmd_pksign, cmd_pkdecrypt): Removed - all special cases for the old card.c based mechanisms. - * scdaemon.c, apdu.c: Removed all special cases for OpenSC. - -2005-04-20 Werner Koch - - * command.c: Use GPG_ERR_LOCKED instead of EBUSY. - -2005-04-14 Werner Koch - - * app-openpgp.c (retrieve_key_material): Rewritten. Return a - proper error code. - (retrieve_next_token): Removed. - (retrieve_fpr_from_card): Rewritten to make use of DO caching and - to take the KEYNO as arg. - (get_public_key): Renamed variable for clarity. - -2005-04-12 Werner Koch - - Basic support for several sessions. - - * command.c (scd_command_handler): Replace the primary_connection - stuff by a real connection list. Release the local context on - exit. - (scd_update_reader_status_file): Update accordingly. Send signal - to all connections who registered an event signal. - (cmd_lock, cmd_unlock, register_commands): New commands LOCK and - UNLOCK. - (cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt, cmd_setattr) - (cmd_genkey, cmd_passwd, cmd_checkpin): Return an error if reader - is locked. - (do_reset): Handle locking. - (open_card): Ditto. Share the reader slot with other sessions. - (get_reader_slot): New. - (update_card_removed): New. Use it in the TEST_CARD_REMOVAL macro. - -2005-04-07 Werner Koch - - * app-openpgp.c (do_check_pin): Add hack to allow verification of - CHV3. - (get_public_key): Don't use gcry functions to create S-expressions. - (do_deinit, do_readkey, do_genkey, send_keypair_info): Adjust for - above change. - -2005-03-29 Moritz Schulte - - * app-openpgp.c (retrieve_fpr_from_card): New function. - (retrieve_next_token): New function. - (retrieve_key_material): New function. - (get_public_key): Implement retrival of key through expernal - helper (gpg) in case the openpgp card is not cooperative enough. - -2005-03-16 Werner Koch - - * ccid-driver.c (parse_ccid_descriptor): Make SCM workaround - reader type specific. - (scan_or_find_devices): Do not check the interface subclass in the - SPR532 kludge, as this depends on the firmware version. - (ccid_get_atr): Get the Slot status first. This solves the - problem with readers hanging on recent Linux 2.6.x. - (bulk_in): Add argument TIMEOUT and changed all callers to pass an - appropriate one. Change the standard timeout from 10 to 5 seconds. - (ccid_slot_status): Add a retry code with an initial short timeout. - (do_close_reader): Do an usb_reset before closing the reader. - -2005-02-25 Werner Koch - - * app-openpgp.c (get_public_key): Make sure not to return negative - numbers. - (do_sign): Allow passing of indata with algorithm prefix. - (do_auth): Allow OPENPGP.3 as an alternative ID. - - * app.c (app_getattr): Return just the S/N but not the timestamp. - -2005-02-24 Werner Koch - - * app.c (app_getattr): Return APPTYPE or SERIALNO type even if the - application does dot support the getattr call. - - * app-openpgp.c (get_one_do): Never try to get a non cacheable - object from the cache. - (get_one_do): Add new arg to return an error code. Changed all - callers. - (do_getattr): Let it return a proper error code. - - * app.c (select_application): Return an error code and the - application context in an new arg. - * command.c (open_card): Adjusted for that. Don't use the - fallback if no card is present. Return an error if the card has - been removed without a reset. - (do_reset, cmd_serialno): Clear that error flag. - (TEST_CARD_REMOVAL): New. Use it with all command handlers. - (scd_update_reader_status_file): Set the error flag on all changes. - - * scdaemon.c (ticker_thread): Termintate if a shutdown is pending. - - * apdu.c: Added some PCSC error codes. - (pcsc_error_to_sw): New. - (reset_pcsc_reader, pcsc_get_status, pcsc_send_apdu) - (open_pcsc_reader): Do proper error code mapping. - -2005-03-16 Werner Koch - - * ccid-driver.c (parse_ccid_descriptor): Make SCM workaround - reader type specific. - (scan_or_find_devices): Do not check the interface subclass in the - SPR532 kludge, as this depends on the firmware version. - (ccid_get_atr): Get the Slot status first. This solves the - problem with readers hanging on recent Linux 2.6.x. - -2005-02-22 Werner Koch - - * app-openpgp.c (app_local_s): New field PK. - (do_deinit, do_genkey, app_openpgp_storekey): Clear it. - (get_public_key, send_keypair_info): New. - (do_learn_status): Send KEYPAIR info - - * app-common.h (app_ctx_t): Add function pointer READKEY. - * app.c (app_readkey): New. - * command.c (cmd_readkey): Use READKEY function if possible. - -2005-01-26 Werner Koch - - * ccid-driver.c (parse_ccid_descriptor): Need the CSM workaround - also for newer firmware versions. Need to get a list of fixed - firmware versions and use that. - -2005-01-25 Werner Koch - - * apdu.c (apdu_send_le, apdu_send_direct): Fix some compiler - warnings. - - * app-openpgp.c (get_cached_data): New arg GET_IMMEDIATE to bypass - the cache. Changed all callers. - (get_one_do): Bypass the cache if the value would have been read - directly for v1.1 cards.It makes things a bit slower but obnly for - 1.0 cards and there are not that many cards out in the wild. This - is required to fix a caching bug when generating new keys; as a - side effect of the retrieval of the the C4 DO from the 6E DO the - cached fingerprint will get updated to the old value and later - when signing the generated key the checking of the fingerprint - fails because it won't match the new one. Thanks to Moritz for - analyzing this problem. - (verify_chv3): Removed the CHV status reread logic because we - won't cache the C4 DO anymore. - -2004-12-28 Werner Koch - - * ccid-driver.c (find_endpoint): New. - (scan_or_find_devices): Add new args to return endpoint info and - interface number. - (ccid_open_reader, ccid_shutdown_reader): Take care of these new - args. - (bulk_in, bulk_out): Use the correct endpoints. - (ccid_transceive_apdu_level): New. - (ccid_transceive): Divert to above. - (parse_ccid_descriptor): Allow APDU level exchange mode. - (do_close_reader): Pass the interface number to usb_release_interface. - -2004-12-21 Werner Koch - - * scdaemon.c (main): Use default_homedir(). - -2004-12-18 Werner Koch - - * scdaemon.c (main) [W32]: Remove special Pth initialize.. - - * scdaemon.h (map_assuan_err): Define in terms of - map_assuan_err_with_source. - -2004-12-15 Werner Koch - - * scdaemon.c [W32]: Various hacks to make it run under W32. - - * command.c (scd_update_reader_status_file) [W32]: Don't use kill. - - * apdu.c [W32]: Disable use of pcsc_wrapper. - - * Makefile.am (scdaemon_LDADD): Reorder libs. - (sc_copykeys_LDADD): Add libassuan because it is needed for W32. - -2004-12-06 Werner Koch - - * Makefile.am (pkglib_PROGRAMS): Build only for W32. - -2004-10-22 Werner Koch - - * app-openpgp.c (verify_chv3): The minium length for CHV3 is - 8. Changed string to match the other ones. - -2004-10-21 Werner Koch - - * app-openpgp.c (do_sign): Replace asprintf by direct allocation. - This avoids problems with missing vasprintf implementations in - gnupg 1.4. - - * app-common.h (app_openpgp_storekey: Add prototype. - -2004-10-20 Werner Koch - - * sc-investigate: Removed. - * Makefile.am (sc_investigate): Removed. - - * pcsc-wrapper.c (load_pcsc_driver): Load get_status_change func. - (handle_open): Succeed even without a present card. - (handle_status, handle_reset): New. - - * apdu.c (apdu_open_reader): Load pcsc_get_status_change fucntion. - (pcsc_get_status): Implemented. - (reset_pcsc_reader): Implemented. - (open_pcsc_reader): Succeed even with no card inserted. - (open_ccid_reader): Set LAST_STATUS. - - * iso7816.c (iso7816_select_application): Always use 0 for P1. - -2004-10-18 Werner Koch - - * ccid-driver.c (ccid_get_atr): Reset T=1 state info. - -2004-10-14 Werner Koch - - * app-openpgp.c (parse_login_data): New. - (app_select_openpgp): Call it. - (do_setattr): Reparse it after change. - -2004-10-06 Werner Koch - - * ccid-driver.c (ccid_open_reader): Store the vendor ID. - (ccid_transceive_secure): New. - (parse_ccid_descriptor): Workaround for an SCM reader problem. - -2004-10-04 Werner Koch - - * ccid-driver.c (send_escape_cmd): New. - -2004-09-30 Werner Koch - - * Makefile.am: Adjusted for gettext 0.14. - - * app-openpgp.c (do_sign): Add the error string to the verify - failed messages. - -2004-09-27 Werner Koch - - From gnupg 1.3 - - * app-openpgp.c: Made all strings translatable. - (verify_chv3) [GNUPG_MAJOR_VERSION]: Make opt.allow_admin - available for use in gnupg 2. - (verify_chv3): Reimplemented countdown showing to use only - functions from this module. Flush the CVH status cache on a - successful read. - (get_one_do): Hack to bypass the cache for cards versions > 1.0. - (store_fpr): Store the creation date for card version > 1.0. - - * app-openpgp.c (app_openpgp_storekey): Call flush_cache. - (get_cached_data): Move local data initialization to .. - (app_select_openpgp): .. here. Read some flags for later use. - (do_getattr): New read-only attribute EXTCAP. - - * apdu.c (open_pcsc_reader): Do not print empty reader string. - - * ccid-driver.c (do_close_reader): Factored some code out from ... - (ccid_close_reader): ..here. - (ccid_shutdown_reader): New. - - * apdu.c (apdu_shutdown_reader): New. - (shutdown_ccid_reader): New. - - * apdu.c (open_ccid_reader): New arg PORTSTR. Pass it to - ccid_open_reader. - (apdu_open_reader): Pass portstr to open_ccid_reader. - (apdu_open_reader): No fallback if a full CCID reader id has been - given. - - * ccid-driver.c (ccid_get_reader_list): New. - (ccid_open_reader): Changed API to take a string for the reader. - Removed al the cruft for the libusb development vesion which seems - not to be maintained anymore and there are no packages anyway. - The stable library works just fine. - (struct ccid_reader_id_s): Deleted and replaced everywhere by a - simple string. - (usb_get_string_simple): Removed. - (bulk_in): Do valgrind hack here and not just everywhere. - - * ccid-driver.c (read_device_info): Removed. - (make_reader_id, scan_or_find_devices): New. - (ccid_open_reader): Simplified by make use of the new functions. - (ccid_set_debug_level): New. Changed the macros to make use of - it. It has turned out that it is often useful to enable debugging - at runtime so I added this option. - - From gnupg 1.3 - David Shaw - - * app-openpgp.c (verify_chv3): Show a countdown of how many wrong - admin PINs can be entered before the card is locked. - - * app-openpgp.c (get_cached_data): Avoid mallocing zero since it - breaks us when using --enable-m-guard. - - * ccid-driver.c (usb_get_string_simple): Replacement function to - work with older libusb. - - * ccid-driver.c (read_device_info): Fix segfault when usb device - is not accessible. - (ccid_open_reader): Allow working with an even older version of - libusb (usb_busses global instead of usb_get_busses()). - -2004-09-11 Werner Koch - - * app-openpgp.c (app_select_openpgp): Its app_munge_serialno and - not app_number_serialno. - -2004-08-20 Werner Koch - - * app.c (select_application): Fixed serial number extraction and - added the BMI card workaround. - (app_munge_serialno): New. - * app-openpgp.c (app_select_openpgp): Try munging serialno. - -2004-08-05 Werner Koch - - * scdaemon.c (main): New option --disable-application. - * app.c (is_app_allowed): New. - (select_application): Use it to check for disabled applications. - - * ccid-driver.h (CCID_DRIVER_ERR_ABORTED): New. - * ccid-driver.c (ccid_open_reader): Support the stable 0.1 version - of libusb. - (ccid_get_atr): Handle short messages. - - * apdu.c (my_rapdu_get_status): Implemented. - -2004-07-27 Moritz Schulte - - * apdu.c: Include . - - * Makefile.am: Use @DL_LIBS@ instead of -ldl. - -2004-07-22 Werner Koch - - * Makefile.am: Make OpenSC lib link after libgcrypt. Do not link - to pth. - * apdu.c: Don't use Pth if we use OpenSC. - * sc-investigate.c, scdaemon.c: Disable use of pth if OpenSC is used. - - * scdaemon.c (main): Bumbed thread stack size up to 512k. - -2004-07-16 Werner Koch - - * apdu.c (reader_table_s): Add function pointers for the backends. - (apdu_close_reader, apdu_get_status, apdu_activate) - (send_apdu): Make use of them. - (new_reader_slot): Intialize them to NULL. - (dump_ccid_reader_status, ct_dump_reader_status): New. - (dump_pcsc_reader_status): New. - (open_ct_reader, open_pcsc_reader, open_ccid_reader) - (open_osc_reader, open_rapdu_reader): Intialize function pointers. - (ct_activate_card, ct_send_apdu, pcsc_send_apdu, osc_send_apdu) - (error_string): Removed. Replaced by apdu_strerror. - (get_ccid_error_string): Removed. - (ct_activate_card): Remove the unused loop. - (reset_ct_reader): Implemented. - (ct_send_apdu): Activate the card if not yet done. - (pcsc_send_apdu): Ditto. - -2004-07-15 Werner Koch - - * ccid-driver.h: Add error codes. - * ccid-driver.c: Implement more or less proper error codes all - over the place. - - * apdu.c (apdu_send_direct): New. - (get_ccid_error_string): Add some error code mappings. - (send_apdu): Pass error codes along for drivers already supporting - them. - (host_sw_string): New. - (get_ccid_error_string): Use above. - (send_apdu_ccid): Reset the reader if it has not yet been done. - (open_ccid_reader): Don't care if the ATR can't be read. - (apdu_activate_card): New. - (apdu_strerror): New. - (dump_reader_status): Only enable it with opt.VERBOSE. - * iso7816.c (map_sw): Add mappings for the new error codes. - -2004-07-02 Werner Koch - - * apdu.c (open_ct_reader, open_pcsc_reader, open_ccid_reader) - (reset_ccid_reader, open_osc_reader): Call dump_reader_status only - in verbose mode. - -2004-07-01 Werner Koch - - * sc-investigate.c: Initialize Pth which is now required. - (interactive_shell): New command "readpk". - - * app-openpgp.c (do_getattr): Fix for sending CA-FPR. - -2004-06-30 Werner Koch - - * app-openpgp.c (app_openpgp_readkey): Fixed check for valid - exponent. - -2004-06-18 Werner Koch - - * sc-investigate.c (my_read_line): Renamed from read_line. - -2004-06-16 Werner Koch - - * apdu.c (osc_get_status): Fixed type in function name. Noted by - Axel Thimm. Yes, I didn't tested it with OpenSC :-(. - -2004-04-28 Werner Koch - - * app-openpgp.c (do_setattr): Sync FORCE_CHV1. - -2004-04-27 Werner Koch - - * app-common.h: Do not include ksba.h for gnupg 1. - -2004-04-26 Werner Koch - - * app-common.h: New members FNC.DEINIT and APP_LOCAL. - * app.c (release_application): Call new deconstructor. - * app-openpgp.c (do_deinit): New. - (get_cached_data, flush_cache_item, flush_cache_after_error) - (flush_cache): New. - (get_one_do): Replaced arg SLOT by APP. Make used of cached data. - (verify_chv2, verify_chv3): Flush some cache item after error. - (do_change_pin): Ditto. - (do_sign): Ditto. - (do_setattr): Flush cache item. - (do_genkey): Flush the entire cache. - (compare_fingerprint): Use cached data. - - * scdaemon.c (main): Do the last change the usual way. This is so - that we can easily test for versioned config files above. - -2004-04-26 Marcus Brinkmann - - * scdaemon.c (main): For now, always print default filename for - --gpgconf-list, and never /dev/null. - -2004-04-21 Werner Koch - - * command.c (scd_update_reader_status_file): Send a signal back to - the client. - (option_handler): Parse the new event-signal option. - - * scdaemon.c (handle_signal): Do not use SIGUSR{1,2} anymore for - changing the verbosity. - -2004-04-20 Werner Koch - - * command.c (scd_update_reader_status_file): Write status files. - - * app-help.c (app_help_read_length_of_cert): Fixed calculation of - R_CERTOFF. - - * pcsc-wrapper.c: New. - * Makefile.am (pkglib_PROGRAMS): Install it here. - * apdu.c (writen, readn): New. - (open_pcsc_reader, pcsc_send_apdu, close_pcsc_reader): Use the - pcsc-wrapper if we are using Pth. - (apdu_send_le): Reinitialize RESULTLEN. Handle SW_EOF_REACHED - like SW_SUCCESS. - -2004-04-19 Werner Koch - - * ccid-driver.c (parse_ccid_descriptor): Store some of the reader - features away. New arg HANDLE - (read_device_info): New arg HANDLE. Changed caller. - (bulk_in): Handle time extension requests. - (ccid_get_atr): Setup parameters and the IFSD. - (compute_edc): New. Factored out code. - (ccid_transceive): Use default NADs when required. - -2004-04-14 Werner Koch - - * scdaemon.h (server_control_s): Add member READER_SLOT. - * scdaemon.c (scd_init_default_ctrl): Initialize READER_SLOT to -1. - * command.c (open_card): Reuse an open slot. - (reset_notify): Just reset the slot if supported by the reader. - (do_reset): Factored code from above out. - (scd_command_handler): Use it for cleanup. - - * apdu.h: New pseudo stati SW_HOST_NOT_SUPPORTED, - SW_HOST_LOCKING_FAILED and SW_HOST_BUSY. - * iso7816.c (map_sw): Map it. - - * ccid-driver.c (ccid_slot_status): Add arg STATUSBITS. - * apdu.c (apdu_get_status): New. - (ct_get_status, pcsc_get_status, ocsc_get_status): New stubs. - (get_status_ccid): New. - (apdu_reset): New. - (reset_ct_reader, reset_pcsc_reader, reset_osc_reader): New stubs. - (reset_ccid_reader): New. - (apdu_enum_reader): New. - - * apdu.c (lock_slot, trylock_slot, unlock_slot): New helpers. - (new_reader_slot) [USE_GNU_PTH]: Init mutex. - (apdu_reset, apdu_get_status, apdu_send_le): Run functions - in locked mode. - - * command.c (scd_update_reader_status_file): New. - * scdaemon.c (handle_tick): Call it. - -2004-04-13 Werner Koch - - * scdaemon.c: Convert to a Pth application. - (handle_signal, ticker_thread, handle_tick): New. - (main): Fire up the ticker thread in server mode. - -2004-03-23 Werner Koch - - * scdaemon.c (main) : Fixed output for pcsc_driver. - -2004-03-17 Werner Koch - - * tlv.c (parse_ber_header): Do not check for tag overflow - it - does not make sense. Simplified the check for length overflow. - - * scdaemon.c (main) : Fixed default value quoting. - -2004-03-16 Werner Koch - - * app-dinsig.c: Implemented. Based on app-nks.c and card-dinsig.c - * app-nks.c (get_length_of_cert): Removed. - * app-help.c: New. - (app_help_read_length_of_cert): New. Code taken from above. New - optional arg R_CERTOFF. - - * card-dinsig.c: Removed. - * card.c (card_get_serial_and_stamp): Do not bind to the old and - never finsiged card-dinsig.c. - - * iso7816.c (iso7816_read_binary): Allow for an NMAX > 254. - -2004-03-11 Werner Koch - - * scdaemon.h (out_of_core): Removed. Replaced callers by standard - gpg_error function. - - * apdu.c, iso7816.c, ccid-driver.c [GNUPG_SCD_MAIN_HEADER]: Allow - to include a header defined by the compiler. This helps us to - reuse the source in other software. - -2004-03-10 Werner Koch - - * iso7816.c (iso7816_read_record): New arg SHORT_EF. Changed all - callers. - -2004-02-18 Werner Koch - - * sc-investigate.c (main): Setup the used character set. - * scdaemon.c (main): Ditto. - - * scdaemon.c (set_debug): New. Add option --debug-level. - (main): Add option --gpgconf-list. - -2004-02-12 Werner Koch - - * Makefile.am: Include cmacros.am for common flags. - -2004-01-29 Werner Koch - - * command.c (reset_notify): Release the application context and - close the reader. - -2004-01-28 Werner Koch - - * iso7816.c (iso7816_manage_security_env): New. - (iso7816_decipher): Add PADIND argument. - -2004-01-27 Werner Koch - - * command.c (cmd_readcert, cmd_readkey): Work on a copy of LINE. - - * app-common.h (app_ctx_s): Added readcert field. - * app.c (app_readcert): New. - * tlv.c (parse_ber_header): Added; taken from libksba. - -2004-01-26 Werner Koch - - * card.c (map_sc_err): Use SCD as the error source. - - * command.c (open_card): ADD arg NAME to allow requesting a - specific application. Changed all callers. - (cmd_serialno): Allow optional argument to select the desired - application. - - * app-nks.c: New. - - * scdaemon.h (opt): Add READER_PORT. - * scdaemon.c (main): Set it here. - * app.c (app_set_default_reader_port): Removed. - (select_application): Add NAME arg and figure out a - default serial number from the GDO. Add SLOT arg and remove all - reader management. - (release_application): New. - (app_write_learn_status): Output an APPTYPE status line. - * command.c (open_card): Adapt for select_application change. - * app-openpgp.c (app_select_openpgp): Removed SN and SNLEN args - and set it directly. Changed all callers. - -2004-01-25 Werner Koch - - * iso7816.c (iso7816_select_application): P1 kludge for OpenPGP - card. - * app-openpgp.c (find_tlv): Factor out this function to .. - * tlv.c, tlv.h: .. new. - - * scdaemon.h: Introduced app_t and ctrl_t as the new types for APP - and CTRL. - -2004-01-21 Werner Koch - - * apdu.c (apdu_send_le): Treat SW_EOF_REACHED as a warning. - -2004-01-20 Werner Koch - - * iso7816.c (iso7816_read_binary): New. - (iso7816_select_file): New. - (iso7816_list_directory): New. - - * sc-investigate.c: Add option -i. - (select_app, read_line, interactive_shell): New. - -2004-01-16 Werner Koch - - * apdu.h: Add SW_FILE_NOT_FOUND. - * iso7816.c (map_sw): Map it to GPG_ERR_ENOENT. - * iso7816.c (iso7816_select_file): New. - - * app-dinsig.c: New file w/o any real code yet. - * Makefile.am (scdaemon_SOURCES,sc_investigate_SOURCES): Add file. - - * sc-investigate.c: Add option --disable-ccid. - -2003-12-19 Werner Koch - - * apdu.c (apdu_send_le): Send a get_response with the indicated - length and not the 64 bytes we used for testing. - - * app-openpgp.c (verify_chv2, verify_chv3, do_sign): Check the - minimum length of the passphrase, so that we don't need to - decrement the retry counter. - -2003-12-17 Werner Koch - - * card-p15.c (p15_enum_keypairs): Replaced KRC by RC. - * card-dinsig.c (dinsig_enum_keypairs): Ditto. - -2003-12-16 Werner Koch - - * scdaemon.c (main): Set the prefixes for assuan logging. - -2003-11-17 Werner Koch - - * scdaemon.c, scdaemon.h: New options --allow-admin and --deny-admin. - * app-openpgp.c (verify_chv3): Check it here. - -2003-11-12 Werner Koch - - Adjusted for API changes in Libksba. - -2003-10-30 Werner Koch - - * apdu.c (close_ct_reader, close_pcsc_reader): Implemented. - (get_ccid_error_string): New. Not very useful messages, though. - -2003-10-25 Werner Koch - - * ccid-driver.c (ccid_open_reader): Return an error if no USB - devices are found. - - * command.c (cmd_genkey, cmd_passwd): Fixed faulty use of - !spacep(). - - * apdu.c (apdu_open_reader): Hacks for PC/SC under Windows. - -2003-10-20 Werner Koch - - * command.c (cmd_checkpin): New. - (register_commands): Add command CHECKPIN. - * app.c (app_check_pin): New. - * app-openpgp.c (check_against_given_fingerprint): New. Factored - out that code elsewhere. - (do_check_pin): New. - -2003-10-10 Werner Koch - - * ccid-driver.c (ccid_close_reader): New. - - * apdu.c (close_ccid_reader, close_ct_reader, close_csc_reader) - (close_osc_reader, apdu_close_reader): New. Not all are properly - implemented yet. - -2003-10-09 Werner Koch - - * ccid-driver.c (ccid_transceive): Add T=1 chaining for sending. - -2003-10-08 Werner Koch - - * app-openpgp.c (do_getattr): Support SERIALNO and AID. - -2003-10-01 Werner Koch - - * ccid-driver.c: Detect GnuPG 1.3 and include appropriate files. - * apdu.c: Ditto. - * app-openpgp.c: Ditto. - * iso7816.c: Ditto. - (generate_keypair): Renamed to .. - (do_generate_keypair): .. this. - * app-common.h [GNUPG_MAJOR_VERSION]: New. - * iso7816.h [GNUPG_MAJOR_VERSION]: Include cardglue.h - -2003-09-30 Werner Koch - - * command.c (cmd_getattr): New command GETATTR. - * app.c (app_setattr): New. - (do_getattr): New. - (do_learn_status): Reimplemented in terms of do_getattr. - - * app-openpgp.c (do_change_pin): Make sure CVH1 and CHV2 are - always synced. - (verify_chv2, verify_chv3): New. Factored out common code. - (do_setattr, do_sign, do_auth, do_decipher): Change the names of - the prompts to match that we have only 2 different PINs. - (app_select_openpgp): Check whether the card enforced CHV1. - (convert_sig_counter_value): New. Factor out code from - get_sig_counter. - -2003-09-28 Werner Koch - - * app-openpgp.c (dump_all_do): Use gpg_err_code and not gpg_error. - -2003-09-19 Werner Koch - - * ccid-driver.c (parse_ccid_descriptor): New. - (read_device_info): New. - (ccid_open_reader): Check that the device has all required features. - -2003-09-06 Werner Koch - - * scdaemon.c (main): --pcsc-driver again defaults to pcsclite. - David Corcoran was so kind to remove the GPL incompatible - advertisng clause from pcsclite. - * apdu.c (apdu_open_reader): Actually make pcsc-driver option work. - -2003-09-05 Werner Koch - - * ccid-driver.c: More work, data can now actually be retrieved. - * ccid-driver.c, ccid-driver.h: Alternativley allow use under BSD - conditions. - -2003-09-02 Werner Koch - - * scdaemon.c, scdaemon.h: New option --pcsc-ccid. - * ccid-driver.c, ccid-driver.h: New but far from being useful. - * Makefile.am: Add above. - * apdu.c: Add support for that ccid driver. - -2003-08-26 Timo Schulz - - * apdu.c (new_reader_slot): Only set 'is_osc' when OpenSC - is used. - -2003-08-25 Werner Koch - - * command.c (cmd_setattr): Use a copy of LINE. - (cmd_genkey): Use a copy of KEYNO. - (cmd_passwd): Use a copy of CHVNOSTR. - (cmd_pksign, cmd_pkauth, cmd_pkdecrypt): s/strdup/xtrystrdup/. - -2003-08-19 Werner Koch - - * scdaemon.c, scdaemon.h: New option --pcsc-driver. - * apdu.c (apdu_open_reader): Use that option here instead of a - hardcoded one. - -2003-08-18 Werner Koch - - * Makefile.am: Add OPENSC_LIBS to all programs. - - * scdaemon.c, scdaemon.h: New option --disable-opensc. - * card.c (card_open): Implement it. - * apdu.c (open_osc_reader, osc_send_apdu): New. - (apdu_open_reader) [HAVE_OPENSC]: Use the opensc driver if not - disabled. - (error_string) [HAVE_OPENSC]: Use sc_strerror. - (send_apdu) [HAVE_OPENSC]: Call osc_apdu_send. - - * card-p15.c (p15_enum_keypairs, p15_prepare_key): Adjusted for - libgpg-error. - -2003-08-14 Timo Schulz - - * apdu.c (ct_activate_card): Change the code a little to avoid - problems with other readers. - * Always use 'dynload.h' instead of 'dlfcn.h'. - -2003-08-05 Werner Koch - - * app-openpgp.c (dump_all_do): Don't analyze constructed DOs after - an error. - -2003-08-04 Werner Koch - - * app.c (app_set_default_reader_port): New. - (select_application): Use it here. - * scdaemon.c (main): and here. - * sc-copykeys.c: --reader-port does now take a string. - * sc-investigate.c, scdaemon.c: Ditto. - * apdu.c (apdu_open_reader): Ditto. Load pcsclite if no ctapi - driver is configured. Always include code for ctapi. - (new_reader_slot): Don't test for already used ports and remove - port arg. - (open_pcsc_reader, pcsc_send_apdu, pcsc_error_string): New. - (apdu_send_le): Changed RC to long to cope with PC/SC. - - * scdaemon.c, scdaemon.h: New option --ctapi-driver. - * sc-investigate.c, sc-copykeys.c: Ditto. - -2003-07-31 Werner Koch - - * Makefile.am (scdaemon_LDADD): Added INTLLIBS. - -2003-07-28 Werner Koch - - * app-openpgp.c (do_setattr): Change implementation. Allow all - useful DOs. - -2003-07-27 Werner Koch - - Adjusted for gcry_mpi_print and gcry_mpi_scan API change. - -2003-07-24 Werner Koch - - * app-openpgp.c (do_learn_status): Print more status information. - (app_select_openpgp): Store the card version. - (store_fpr): Add argument card_version and fix DOs for old cards. - (app_openpgp_storekey): Likewise. - -2003-07-23 Werner Koch - - * command.c (cmd_pkauth): New. - (cmd_setdata): Check whether data was given at all to avoid - passing 0 to malloc. - - * app.c (app_auth): New. - * app-openpgp.c (do_auth): New. - -2003-07-22 Werner Koch - - * command.c (cmd_passwd): New. - * app.c (app_change_pin): New. - * app-openpgp.c (do_change_pin): New. - * iso7816.c (iso7816_reset_retry_counter): Implemented. - - * sc-investigate.c (main): New option --gen-random. - * iso7816.c (iso7816_get_challenge): Don't create APDUs with a - length larger than 255. - -2003-07-17 Werner Koch - - * command.c (cmd_random): New command RANDOM. - - * iso7816.c (map_sw): New. Use it in this file to return - meaningful error messages. Changed all public fucntions to return - a gpg_error_t. - (iso7816_change_reference_data): New. - * apdu.c (apdu_open_reader): Use faked status words for soem - system errors. - -2003-07-16 Werner Koch - - * apdu.c (apdu_send_simple): Use apdu_send_le so that we can - specify not to send Le as it should be. - -2003-07-15 Werner Koch - - * Makefile.am: Add sc-copykeys program. - * sc-copykeys.c: New. - * app-openpgp.c (app_openpgp_storekey): New. - (app_openpgp_cardinfo): New. - (count_bits): New. - (store_fpr): And use it here to get the actual length in bit. - -2003-07-03 Werner Koch - - * app-openpgp.c (do_setattr): Add setting of the URL. - (app_select_openpgp): Dump card data only in very verbose mode. - (do_decipher): New. - -2003-07-02 Werner Koch - - * app-openpgp.c (get_sig_counter): New. - (do_sign): Print the signature counter and enable the PIN callback. - (do_genkey): Implement the PIN callback. - -2003-07-01 Werner Koch - - * app-openpgp.c (store_fpr): Fixed fingerprint calculation. - -2003-06-26 Werner Koch - - * app-openpgp.c (find_tlv): Fixed length header parsing. - - * app.c (app_genkey): New. - * command.c (cmd_genkey): New. - -2003-06-25 Werner Koch - - * command.c (percent_plus_unescape): New. - (cmd_setattr): New. - -2003-06-24 Werner Koch - - * command.c (send_status_info): New. - - * app-openpgp.c (app_select_openpgp): Replace SLOT arg by APP arg - and setup the function pointers in APP on success. Changed callers. - * app.c: New. - * app-common.h: New. - * scdaemon.h (APP): New type to handle applications. - (server_control_s): Add an APP context field. - - * command.c (cmd_serialno): Handle applications. - (cmd_pksign): Ditto. - (cmd_pkdecrypt): Ditto. - (reset_notify): Ditto. - (cmd_learn): For now return error for application contexts. - (cmd_readcert): Ditto. - (cmd_readkey): Ditto. - -2003-06-04 Werner Koch - - * card.c (map_sc_err): Renamed gpg_make_err to gpg_err_make. - - Renamed error codes from INVALID to INV and removed _ERROR suffixes. - -2003-06-03 Werner Koch - - Changed all error codes in all files to the new libgpg-error scheme. - - * scdaemon.h: Include gpg-error.h and errno.h - * card.c (map_sc_err): Use unknown for the error source. - * Makefile.am: Link with libgpg-error - -2003-05-14 Werner Koch - - * atr.c, atr.h: New. - * sc-investigate.c: Dump the ATR in a human readable format. - -2003-05-08 Werner Koch - - * scdaemon.h (DBG_CARD_IO_VALUE): New. - - * sc-investigate.c: New. - * scdaemon.c (main): Removed --print-atr option. - - * iso7816.c, iso7816.h, app-openpgp.c: New. - -2003-04-29 Werner Koch - - * scdaemon.c: New options --print-atr and --reader-port - * apdu.c, apdu.h: New - - * card.c, card-p15.c, card-dinsig.c: Allow build without OpenSC. - - * Makefile.am (LDFLAGS): Removed. - - * command.c (register_commands): Adjusted for new Assuan semantics. - -2002-08-21 Werner Koch - - * scdaemon.c (main): New option --daemon so that the program is - not accidently started in the background. - -2002-08-16 Werner Koch - - * scdaemon.c: Include i18n.h. - - * card-common.h (struct p15_private_s): Forward declaration. Add - it to card_ctx_s. - * card.c (card_close): Make sure private data is released. - (card_enum_certs): New. - * card-p15.c (p15_release_private_data): New. - (init_private_data): New to work around an OpenSC weirdness. - (p15_enum_keypairs): Do an OpenSC get_objects only once. - (p15_enum_certs): New. - (card_p15_bind): Bind new function. - * command.c (cmd_learn): Return information about the certificates. - -2002-08-09 Werner Koch - - * card.c (card_get_serial_and_stamp): Use the tokeinfo serial - number as a fallback. Add a special prefix for serial numbers. - -2002-07-30 Werner Koch - - Changes to cope with OpenSC 0.7.0: - - * card.c: Removed the check for the packed opensc version. - Changed include file names of opensc. - (map_sc_err): Adjusted error codes for new opensc version. - * card-p15.c: Changed include filename of opensc. - * card-dinsig.c: Ditto. - - * card-p15.c (p15_decipher): Add flags argument to OpenSC call. - -2002-07-24 Werner Koch - - * card.c (find_simple_tlv, find_iccsn): New. - (card_get_serial_and_stamp): Improved serial number parser. - -2002-06-27 Werner Koch - - * scdaemon.c (main): Use GNUPG_DEFAULT_HOMEDIR constant. - -2002-06-15 Werner Koch - - * card-dinsig.c: Documented some stuff from the DIN norm. - -2002-04-15 Werner Koch - - * command.c (cmd_pksign, cmd_pkdecrypt): Use a copy of the key ID. - -2002-04-12 Werner Koch - - * scdaemon.c: New option --debug-sc N. - * card.c (card_open): set it here. - - * card-p15.c (p15_prepare_key): Factored out common code from ... - (p15_sign, p15_decipher): here and made the decryption work the - regular way. - -2002-04-10 Werner Koch - - * card.c (card_open): Return immediately when no reader is available. - -2002-03-27 Werner Koch - - * card.c (card_open, card_close): Adjusted for changes in OpenSC. - -2002-03-10 Werner Koch - - * card-p15.c, card-dinsig.c, card-common.h: New. - * card.c: Factored most code out to the new modules, so that we - can better support different types of card applications. - -2002-01-26 Werner Koch - - * scdaemon.c scdaemon.h, command.c: New. Based on the code from - the gpg-agent. - - - Copyright 2002, 2003, 2004, 2005, 2007, 2008 Free Software Foundation, Inc. - - This file is free software; as a special exception the author gives - unlimited permission to copy and/or distribute it, with or without - modifications, as long as this notice is preserved. - - This file is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY, to the extent permitted by law; without even the - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/scd/ChangeLog-2011 b/scd/ChangeLog-2011 new file mode 100644 index 000000000..5a87a4c79 --- /dev/null +++ b/scd/ChangeLog-2011 @@ -0,0 +1,2596 @@ +2011-12-01 Werner Koch + + NB: ChangeLog files are no longer manually maintained. Starting + on December 1st, 2011 we put change information only in the GIT + commit log, and generate a top-level ChangeLog file from logs at + "make dist". See doc/HACKING for details. + +2011-12-01 Niibe Yutaka + + * app-openpgp.c (do_change_pin): Fix pincb messages when + use_keypad == 1. + +2011-11-29 Niibe Yutaka + + PC/SC pininput support for passphrase modification (2/2) + * apdu.h (apdu_send_simple_kp): Remove. + + * apdu.c (pcsc_keypad_modify): Add bConfirmPIN handling. + (apdu_send_simple_kp): Remove. + + * iso7816.h (iso7816_reset_retry_counter_kp): Remove arguments + of NEWCHV, and NEWCHVLEN. + (iso7816_reset_retry_counter_with_rc_kp, iso7816_put_data_kp): New. + + * iso7816.c (iso7816_reset_retry_counter_with_rc_kp): New. + (iso7816_reset_retry_counter_kp): Call apdu_keypad_modify. Only + handle the case with PININFO. + (iso7816_reset_retry_counter): Don't call + iso7816_reset_retry_counter_kp. + (iso7816_put_data_kp): New. + + * app-openpgp.c (do_change_pin): Add with_resetcode. + Handle keypad for unblocking pass phrase with resetcode, + setting up of resetcode, and unblocking by admin. + + PC/SC pininput support for passphrase modification (1/2) + * iso7816.h (iso7816_change_reference_data_kp): Remove arguments + of OLDCHV, OLDCHVLEN, NEWCHV, and NEWCHVLEN. + + * iso7816.c (iso7816_change_reference_data_kp): Call + apdu_keypad_modify. + (iso7816_change_reference_data): Don't call + iso7816_change_reference_data_kp. + + * apdu.h (apdu_keypad_modify): New. + + * apdu.c (pcsc_keypad_modify, apdu_keypad_modify): New. + (struct reader_table_s): New memeber function keypad_modify. + (new_reader_slot, open_ct_reader, open_ccid_reader) + (open_rapdu_reader): Initialize keypad_modify. + + * app-openpgp.c (do_change_pin): Handle keypad and call + iso7816_change_reference_data_kp if it is the case. + +2011-11-28 Niibe Yutaka + + * iso7816.h (iso7816_verify_kp): Remove arguments of CHV and CHVLEN. + + * iso7816.c (iso7816_verify_kp): Call apdu_keypad_verify. Only + handle the case with PININFO. + (iso7816_verify): Call apdu_send_simple. + + * app-openpgp.c (verify_a_chv, verify_chv3): Follow the change of + iso7816_verify_kp. + + * app-nks.c (verify_pin): Likewise. + + * app-dinsig.c (verify_pin): Likewise. + + * apdu.c: Include "iso7816.h". + (struct reader_table_s): New memeber function keypad_verify. + Add fields verify_ioctl and modify_ioctl in pcsc. + (CM_IOCTL_GET_FEATURE_REQUEST, FEATURE_VERIFY_PIN_DIRECT) + (FEATURE_MODIFY_PIN_DIRECT): New. + (pcsc_control): New. + (control_pcsc_direct, control_pcsc_wrapped, control_pcsc) + (check_pcsc_keypad, pcsc_keypad_verify): New. + (ccid_keypad_verify, apdu_keypad_verify): New. + (new_reader_slot): Initialize with check_pcsc_keypad, + pcsc_keypad_verify, verify_ioctl and modify_ioctl. + (open_ct_reader): Initialize keypad_verify with NULL. + (open_ccid_reader): Initialize keypad_verify. + (open_rapdu_reader): Initialize keypad_verify with NULL. + (apdu_open_reader): Initialize pcsc_control. + + * pcsc-wrapper.c (load_pcsc_driver): Initialize pcsc_control. + (handle_control): New. + (main): Handle the case 6 of handle_control. + +2011-10-13 Marcus Brinkmann + + * Makefile.am, apdu.c, app.c, command.c, scdaemon.c: Port to Npth. + +2011-08-10 Werner Koch + + * command.c (cmd_killscd): Use the new assuan force close flag + if available. + +2011-08-08 Werner Koch + + * app-openpgp.c (do_decipher): Take care of accidentally passed + signed integer data with a leading 0. + +2011-06-16 Werner Koch + + * app-openpgp.c (send_key_data): Implemented chunked mode. + (change_keyattr): Increase limit to 4096. + (do_decipher): Adjust padding for 4096 bit keys. + +2011-02-23 Werner Koch + + * apdu.c (apdu_open_reader): Lock in to CCID if used once. + +2011-01-25 NIIBE Yutaka , + Grant Olson (wk) + + * command.c (do_reset, get_reader_slot) + (update_reader_status_file): Fix handling of the VALID flag for + unplugged readers. + +2011-01-25 Werner Koch + + From 2.0 branch, 2010-03-17: + + * command.c (open_card): Return GPG_ERR_NOT_OPERATIONAL if no + card services are available. + (get_reader_slot): Detect no services status. + (cmd_serialno): No reset if there are no services. + (scd_command_handler): Stop scdaemon in that case. + * apdu.c (pcsc_no_service): New. + (open_pcsc_reader_direct): Set it. + (apdu_open_reader): Add arg R_NO_SERVICE. + +2011-01-05 Werner Koch + + * ccid-driver.c (ccid_transceive_secure): Support the gnuk token. + +2010-11-16 Werner Koch + + * apdu.c (PCSC_UNKNOWN) [W32]: Fix all these values which don't + match those of libpcsc. Reported by Michael Petig. + +2010-10-27 Werner Koch + + * scdaemon.c (create_socket_name): Use TMPDIR. Change callers. + +2010-10-18 Werner Koch + + * app-openpgp.c (parse_algorithm_attribute): Remove extra const in + definition of DESC. + +2010-08-16 Werner Koch + + * scdaemon.c: Replace remaining printf by es_printf. + +2010-06-09 Werner Koch + + * scdaemon.c (main): s/log_set_get_tid_callback/log_set_pid_suffix_cb/. + (tid_log_callback): Adjust for this change. + +2010-03-11 Werner Koch + + * scdaemon.c: Include "asshelp.h". + (main): Remove assuan_set_assuan_log_prefix. Add + assuan_set_log_cb. + (handle_signal): Disable pth ctrl dumping. + * command.c (scd_command_handler): Remove assuan_set_log_stream. + +2010-03-10 Werner Koch + + * Makefile.am (scdaemon_LDADD): Remove libjnlib.a. + +2009-12-15 Werner Koch + + * iso7816.c (do_generate_keypair): s/readonly/read_only/ because + the first is a keyword in VMS C. + +2009-12-03 Werner Koch + + * scdaemon.c (set_debug): Allow for numerical debug leveles. Print + active debug flags. + +2009-11-25 Marcus Brinkmann + + * command.c (scd_command_handler): Use assuan_fd_t and + assuan_fdopen on fds. + +2009-11-05 Marcus Brinkmann + + * command.c (scd_command_handler): Call assuan_init_socket_server, + not assuan_init_socket_server_ext. + +2009-11-04 Werner Koch + + * command.c (register_commands): Add help arg to + assuan_register_command. Add help strings to all commands. + +2009-11-02 Marcus Brinkmann + + * command.c (reset_notify): Take LINE arg and return error. + (register_commands): Use assuan_handler_t type. + +2009-10-25 Werner Koch + + * scdaemon.c (scd_deinit_default_ctrl): Release IN_DATA. + * command.c (cmd_setdata): Release IN_DATA. Reported by Klaus + Flittner. + +2009-10-16 Marcus Brinkmann + + * AM_CFLAGS, scdaemon_LDADD: Use libassuan instead of libassuan-pth. + * scdaemon.c: Invoke ASSUAN_SYSTEM_PTH_IMPL. + (main): Call assuan_set_system_hooks and assuan_sock_init. + +2009-09-23 Marcus Brinkmann + + * command.c: Include "scdaemon.h" before because of + GPG_ERR_SOURCE_DEFAULT check. + (option_handler, open_card, cmd_serialno, cmd_lean, cmd_readcert) + (cmd_readkey, cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt) + (cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey) + (cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_lock) + (cmd_unlock, cmd_getinfo, cmd_restart, cmd_disconnect, cmd_apdu) + (cmd_killscd): Return gpg_error_t instead of int. + (scd_command_handler): Allocate assuan context before starting server. + * scdaemon.c (main): Update to new Assuan API. + +2009-09-03 Werner Koch + + * app-openpgp.c (do_decipher): Compute required Le. + * iso7816.c (iso7816_decipher): Add new arg LE. + * app-nks.c (do_decipher): Adjust for change. + + * iso7816.c (iso7816_put_data, iso7816_put_data_odd): Turn DATA + into a void ptr. + +2009-08-05 Werner Koch + + * app-openpgp.c (change_keyattr_from_string): New. + (do_setattr): Support KEY-ATTR. + +2009-07-29 Marcus Brinkmann + + * ccid-driver.c (print_pr_data): Fix 64 bit compat problem. + +2009-07-24 Werner Koch + + * ccid-driver.c (parse_ccid_descriptor): Enable hack for SCR 3320. + +2009-07-21 Werner Koch + + * ccid-driver.c [HAVE_PTH]: Include pth.h. + (my_sleep): New. + (bulk_in): s/gnupg_sleep/my_sleep/. + +2009-07-20 Werner Koch + + * apdu.c [GNUPG_MAJOR_VERSION==1]: Include dynload.h. + +2009-07-16 Werner Koch + + * command.c (update_reader_status_file): Test for unplugged reader. + (TEST_CARD_REMOVAL): Ditto. + * app.c (select_application): Ditto. + * ccid-driver.c (bulk_out): Return CCID_DRIVER_ERR_NO_READER if a + reader was unplugged. + (struct ccid_driver_s): Turn nonnull_nad into an unsigned char. + Turn apdu_level, auto_ifsd, powered_off, has_pinpad into + bitfields. Add enodev_seen. + * apdu.c (apdu_prepare_exit): New. + (get_status_ccid): Return the status word and nut just -1. + * scdaemon.c (scd_exit): Call it. + +2009-07-13 Werner Koch + + * ccid-driver.c (struct ccid_driver_s): Add fields last_progress, + progress_cb and progress_cb_arg. + (ccid_set_progress_cb): New. + (print_progress): New. + (ccid_transceive): Call print_progress for wait time extensions. + * apdu.c (struct reader_table_s): Add field set_progress_cb. + (new_reader_slot): Clear that field. + (open_ccid_reader): Set it to .. + (set_progress_cb_ccid_reader): ... new fucntion. + * app.c (print_progress_line): New. + (lock_reader): Add arg CTRL to set a progress callback and + change all callers to provide it. + (unlock_reader): Remove the progress callback. + +2009-07-10 Werner Koch + + * iso7816.c (iso7816_compute_ds): Add args EXTENDED_MODE and LE. + Change all callers to use 0. + (iso7816_internal_authenticate): Add args EXTENDED_MODE and LE. + * app-openpgp.c (do_sign): Take exmode and Le from card + capabilities and pass them to iso7816_compute_ds. + (do_auth): Ditto for iso7816_internal_authenticate. + (change_keyattr): Reset CHV verification status. + +2009-07-09 Werner Koch + + * app-openpgp.c (change_keyattr): New. + (do_writekey): Call it. + + * app-openpgp.c (does_key_exist): Add arg GENERATING. Change + callers. + +2009-06-30 Werner Koch + + * ccid-driver.c (ccid_transceive): Set RESYNCING flag. + +2009-06-29 Werner Koch + + * ccid-driver.c (ccid_transceive): Add a hack to support extended + length for Omnikey readers. + (is_exlen_apdu): New. + (parse_ccid_descriptor): Track short+extended apdu exchange level. + +2009-06-18 Werner Koch + + * app-openpgp.c (verify_chv2): Remove special case for v2 cards. + (get_public_key): Use extended mode. + +2009-06-17 Werner Koch + + * iso7816.c (iso7816_get_data): Add arg EXTENDED_MODE. Change all + callers. + * app-openpgp.c (data_objects): Use bit flags. Add flag + TRY_EXTLENGTH. + (get_cached_data): Add arg TRY_EXTLEN and use it for iso7816_get_data. + (get_one_do): Use extended length APDU if necessary. + +2009-06-10 Werner Koch + + * app-openpgp.c (store_fpr): Change first arg to app_t; adjust + callers. Flush the cache. + +2009-06-09 Werner Koch + + * app-openpgp.c (do_readcert): Return NOT_FOUND if the retrieved + data has a length of zero. + (do_getattr): Add EXTCAP subkey "sm". + +2009-05-20 Werner Koch + + * app-openpgp.c (verify_chv2): Add case for v2 cards. + (verify_chv3): Factor some code out to .. + (build_enter_admin_pin_prompt): .. new. + (do_change_pin): Properly handle v2 cards. + +2009-05-19 Werner Koch + + * scdaemon.c (create_server_socket): Use SUN_LEN. + (JNLIB_NEED_AFLOCAL): Define. + +2009-05-13 Werner Koch + + * ccid-driver.c (abort_cmd): Add arg SEQNO and change callers. + (bulk_in): Retry on seqno mismatch. + + * apdu.c (send_le): Release result_buffer. + (apdu_send_direct): Implemend extended length. + * command.c (cmd_apdu): Add option "--exlen". + +2009-05-11 Werner Koch + + * apdu.c (send_le): Replace log_error by log_info. + +2009-05-08 Werner Koch + + * app-openpgp.c (do_genkey): Allow larger key sizes. + (do_decipher): Ditto. + * iso7816.c (do_generate_keypair): Add arg EXTENDED_MODE an LE. + (iso7816_generate_keypair, iso7816_read_public_key): Ditto. + Changed all callers. + * apdu.c (send_le): Implement extended length return values. + + * ccid-driver.c (bulk_in): Retry on EAGAIN. + (abort_cmd): Change seqno handling. + +2009-04-28 Werner Koch + + * app-help.c (app_help_count_bits): New. + + * app-nks.c (switch_application): Detect mass signature cards. + Take care of new NEED_APP_SELECT flag. + (do_sign): Don't allow mass signature cards. + (all_zero_p): New. + (do_readkey): New. + (app_select_nks): Register do_readkey. + +2009-04-01 Werner Koch + + * app-openpgp.c (do_setattr, do_writekey): Prepare for extended + length cards. + +2009-03-31 Werner Koch + + * command.c (percent_plus_unescape): Remove. + (cmd_setattr): Use percent_plus_unescape_inplace. + +2009-03-30 Werner Koch + + * app-nks.c (do_decipher): Make it work for TCOS 3. + * iso7816.c (iso7816_decipher): Add arg EXTENDED_MODE. + * apdu.c (apdu_send): Add arg EXTENDED_MODE and change all callers. + (apdu_send_le): Ditto. + (apdu_send_direct): Ditto, but not yet functional. + (send_le): Fix command chaining. Implement extended length option. + * ccid-driver.c (ccid_transceive): Remove restriction on apdu length. + (struct ccid_driver_s): Add field IFSC. + (ccid_get_atr): Set IFSC. + (ccid_transceive): Use negotiated IFSC and support S(IFS) command. + +2009-03-26 Werner Koch + + * command.c (cmd_pksign): Allow more hash algorithms. + + * scdaemon.h (MAX_DIGEST_LEN): Change to 64. + + * apdu.c (open_ccid_reader): Clear the is_to flag. + + * app-nks.c (filelist): Add field KID. + (do_getattr): Change standard authentication key. + (do_sign): Setup a security environment for TCOS 3 cards and support + all SHA-2 algorithms. + +2009-03-24 Werner Koch + + * command.c (struct server_local_s): Add flag + APP_CTX_MARKED_FOR_RELEASE. + (do_reset): Set the flag. + (open_card): Act on this flag. + * app-common.h (struct app_ctx_s): Add flag NO_REUSE. + (application_notify_card_reset): Set the flag. + * app.c (select_application, release_application): Take care of + that flag. + +2009-03-20 Werner Koch + + * app-nks.c (keygripstr_from_pk_file): Fix for TCOS 3 cards. + +2009-03-18 Werner Koch + + * apdu.c (open_pcsc_reader_wrapped): Use close_all_fds. + + * command.c (cmd_learn): Add option --keypairinfo. + * app.c (app_write_learn_status): Add arg FLAGS. + * app-common.h (struct app_ctx_s): Add arg FLAGS to LEARN_STATUS. + Change all implementors. + * app-p15.c (do_learn_status): Take care of flag bit 0. + * app-nks.c (do_learn_status, do_learn_status_core): Ditto. + +2009-03-10 Werner Koch + + * app-openpgp.c (send_key_attr): New. + (do_getattr): New attribute KEY_ATTR. + * command.c (send_status_direct): New. + +2009-03-06 Werner Koch + + * app-nks.c (do_learn_status): Factor code out to.. + (do_learn_status_core): .. new. + (do_readcert, do_sign, do_decipher): Switch to SigG if needed. + (verify_pin): Use DESC also for keypad based verify. + +2009-03-05 Werner Koch + + * app-openpgp.c (verify_a_chv): Remove special case for keypads. + (verify_chv3): Ditto. + + * app-nks.c (get_chv_status): New. + (parse_pwidstr): New. + (verify_pin): Add args PWID and DESC and use them. Remove the + CHV1 caching. + (do_change_pin): Allow PIN selection and add reset mode. + (do_learn_status): Use NKS-NKS3 tag for TCOS 3 cards. + (do_readcert, do_sign): Allow NKS-NKS3 tag. + +2009-03-04 Werner Koch + + * app-nks.c (do_getattr): New. + (app_select_nks): Register it. + (verify_pin): Factor some code out to... + (basic_pin_checks): New. + (do_change_pin): Call the basic check. + (app_select_nks): Move AID to .. + (aid_nks): .. new. + (aid_sigg): New. + (switch_application): New. + (do_getattr, do_learn_status, do_readcert, do_sign, do_decipher) + (do_change_pin, do_check_pin): Make sure we are in NKS mode. + +2009-03-03 Werner Koch + + * command.c (scd_command_handler): Remove dereference of STOPME + after free. + +2009-02-27 Werner Koch + + * app.c (get_supported_applications): New. + * command.c (cmd_getinfo): New subcommand "app_list" + (cmd_killscd): New. + (register_commands): Register command KILLSCD. + (struct server_local_s): Add field STOPME. + (scd_command_handler): Act upon this. + +2009-02-25 Werner Koch + + * apdu.c (apdu_get_status): Factor all code out to ... + (apdu_private_get_status): .. new. Add arg NO_ATR_RESET. + (apdu_connect): Call new function. + + * scdaemon.c: New option --debug-log-tid. + (tid_log_callback): New. + (main): Move debug-wait code after debug stream init. + +2009-02-24 Werner Koch + + * ccid-driver.c (ccid_get_atr): Move debug output to .. + (print_r2p_parameters): .. new. + (print_r2p_header, print_pr_data, print_r2p_unknown) + (print_r2p_datablock, print_r2p_slotstatus, print_r2p_escape) + (print_r2p_datarate): New. + (bulk_in): Call parameter printing. + (ccid_set_debug_level): Add debug level 3. + (convert_le_u16): New. + (print_p2r_header, print_p2r_iccpoweron, print_p2r_iccpoweroff) + (print_p2r_getslotstatus, print_p2r_xfrblock) + (print_p2r_getparameters, print_p2r_resetparameters) + (print_p2r_setparameters, print_p2r_escape, print_p2r_iccclock) + (print_p2r_to0apdu, print_p2r_secure, print_p2r_mechanical) + (print_p2r_abort, print_p2r_setdatarate, print_r2p_unknown): New. + (bulk_out): Add arg NO_DEBUG and change all callers to pass 0. + Call parameter printing. + (ccid_slot_status): Call with NO_DEBUG set. + (abort_cmd, send_escape_cmd, ccid_get_atr, ccid_get_atr) + (ccid_transceive_apdu_level, ccid_transceive) + (ccid_transceive_secure): Remove old debug print code. + +2009-02-12 Werner Koch + + * command.c (cmd_getinfo): Add new subcommand "deny_admin". + +2009-01-28 Werner Koch + + * scdaemon.c (main): Make --allow-admin the default and make the + option a dummy. + +2009-01-27 Werner Koch + + * app-geldkarte.c: Changed to use an AID. + + * app.c (app_munge_serialno): Add case for no serialno. + (app_get_serial_and_stamp): Ditto. + +2009-01-26 Werner Koch + + * app-geldkarte.c: New. + * Makefile.am (card_apps): Add new file. + * app.c (select_application): Test for geldkarte. + +2009-01-12 Werner Koch + + * command.c (send_client_notifications) [HAVE_W32_SYSTEM]: Fix + brackets. + +2009-01-08 Werner Koch + + * iso7816.c (iso7816_read_record, iso7816_read_binary): Pass 0 for + L_e because the problem with the CCID driver has gone. + (iso7816_apdu_direct): New. + + * app-nks.c (filelist): Add NKS_VER field. Add NKS 3 specific + entries. + (app_local_s, do_deinit): New. + (get_nks_version): New. + (app_select_nks): Setup local data. + (keygripstr_from_pk_file): Replace SLOT by APP and take care of + NKS version > 2. + (do_learn_status): Take care of NKS version. + +2009-01-05 Werner Koch + + * apdu.c (apdu_get_status): Save the last status. + +2008-12-18 Werner Koch + + * ccid-driver.c (abort_cmd): New. + (bulk_in): Call abort_cmd after severe errors. + + * apdu.c (reader_table_s): Add field ANY_STATUS. + (new_reader_slot): Clear it. + (apdu_get_status): Use ANY_STATUS to update the change counter. + Remove the use of the flag bit from LAST_STATUS everywhere. + * command.c (update_reader_status_file): Factor code out to ... + (send_client_notifications): New. Track signals already sent. + (update_reader_status_file): Shutdown the reader after a failed + apdu_get_status. + +2008-12-09 Werner Koch + + * scdaemon.c (main): Call i18n_init before init_common_subsystems. + +2008-12-08 Werner Koch + + * scdaemon.c (handle_connections): Sync ticker to the next full + interval. + (TIMERTICK_INTERVAL_USEC): Change to 500ms. + +2008-12-05 Werner Koch + + * app-openpgp.c (app_local_s): Add field ALGO_ATTR_CHANGE. + (app_select_openpgp): Parse new capability. + (show_caps): Show new capability. + +2008-12-03 Werner Koch + + * scdaemon.c (opts): Use ARGPARSE_ macros. Add option + --card-timeout. + * command.c (update_reader_status_file): Implement it. + +2008-11-18 Werner Koch + + * scdaemon.c (make_libversion): New. + (my_strusage): Print libgcrypt and libksba version. + +2008-11-03 Werner Koch + + * command.c (server_local_s): Add field DISCONNECT_ALLOWED. + (cmd_disconnect): Implement command. + (open_card): Reset disconnect flag. + (update_reader_status_file): Disconnect if allowed. + + * app-common.h (app_ctx_s): Remove INITIALIZED. Make REF_COUNT + unsigned. + * app.c (select_application): Remove INITIALIZED. + (app_write_learn_status, app_readcert, app_readkey, app_getattr) + (app_setattr, app_sign, app_decipher, app_writecert) + (app_writekey, app_get_challenge, app_change_pin, app_check_pin): + Replace INITIALIZED by REF_COUNT check. + (application_notify_card_removed): Rename to .. + (application_notify_card_reset): .. this. Change all callers. + * command.c (do_reset): Call application_notify_card_reset after + sending a reset. + (update_reader_status_file): Add arg SET_CARD_REMOVED. + (scd_update_reader_status_file): Pass true for new flag. + (do_reset): Pass false for new flag. + + * app.c (app_get_serial_and_stamp): Use bin2hex. + * app-help.c (app_help_get_keygrip_string): Ditto. + * app-p15.c (send_certinfo, send_keypairinfo, do_getattr): Ditto. + * app-openpgp.c (send_fpr_if_not_null, send_key_data) + (retrieve_fpr_from_card, send_keypair_info): Ditto. + * app-nks.c (keygripstr_from_pk_file): Ditto. + * command.c (cmd_apdu): Ditto. + +2008-10-21 Marcus Brinkmann + + * command.c (open_card): If connect error is SW_HOST_NO_CARD, + return a more descriptive error. + +2008-10-20 Werner Koch + + * pcsc-wrapper.c (read_32): Use provided arg and not stdin. Is + called with stdin, though. + (handle_close): Mark unused arg. + (handle_status, handle_reset): Ditto. + + * ccid-driver.c (ccid_check_card_presence): Mark not yet used arg. + + * scdaemon.c (scd_deinit_default_ctrl): Mark unused arg. + * command.c (cmd_unlock, cmd_restart, cmd_disconnect): Ditto. + * apdu.c (ct_get_status): Ditto. + (ct_send_apdu, pcsc_send_apdu_wrapped) + (apdu_open_remote_reader): Ditto. + * app.c (select_application): Ditto. + * app-openpgp.c (do_writecert, do_change_pin, do_writekey): Ditto. + * app-nks.c (do_change_pin, do_check_pin): Ditto. + +2008-10-16 Werner Koch + + * command.c (cmd_disconnect): New dummy command. + (register_commands): Register command. + +2008-10-15 Werner Koch + + * command.c (scd_command_handler): Return true if there is no more + active session. + * scdaemon.c (start_connection_thread): Set shutdown flag if + requested by command handler. + (main): Make PIPE_SERVER module global. + (handle_connections): Disable listen_fd if a shutdown is pending. + +2008-10-14 Werner Koch + + * apdu.c (reader_table_s): Add fields connect_card and + disconnect_card. + (new_reader_slot): Set them to NULL. + (apdu_connect, apdu_disconnect): New. + (apdu_close_reader, apdu_shutdown_reader): Call apdu_disconnect. + (connect_pcsc_card, disconnect_pcsc_card): new. + (reset_pcsc_reader_direct): Implement in terms of + disconnect_pcsc_card and connect_pcsc_card. + (apdu_get_atr): Return NULL if there is no ATR. + * sc-copykeys.c (main): Add call to apdu_connect. + * command.c (open_card): Ditto. + + * apdu.h (SW_HOST_ALREADY_CONNECTED): New. + (APDU_CARD_USABLE, APDU_CARD_PRESENT, APDU_CARD_ACTIVE): New. + * apdu.c: Replace constants by the new macros. + (open_pcsc_reader): Factor code out to ... + (open_pcsc_reader_direct, open_pcsc_reader_wrapped): New. + (reset_pcsc_reader): Factor code out to ... + (reset_pcsc_reader_direct, reset_pcsc_reader_wrapped): New. + (pcsc_get_status): Factor code out to ... + (pcsc_get_status_direct, pcsc_get_status_wrapped): New. + (pcsc_send_apdu): Factor code out to ... + (pcsc_send_apdu_direct, pcsc_send_apdu_wrapped): New. + (close_pcsc_reader): Factor code out to ... + (close_pcsc_reader_direct, close_pcsc_reader_wrapped): New. + + * command.c (update_reader_status_file): Open the reader if not + yet done. + + * scdaemon.c (TIMERTICK_INTERVAL_SEC, TIMERTICK_INTERVAL_USEC): + New to replace TIMERTICK_INTERVAL. Chnage from 2s (4 under W32) + to 250ms. + +2008-10-13 Werner Koch + + * command.c (option_handler) [W32]: Use strtoul with base 16. + (update_reader_status_file) [W32]: Set Event. + (scd_command_handler): Use INT2FD to silent warning. + +2008-09-29 Werner Koch + + * scdaemon.h (GCRY_MD_USER): Rename to GCRY_MODULE_ID_USER. + (GCRY_MD_USER_TLS_MD5SHA1): Rename to MD_USER_TLS_MD5SHA1 and + change all users. + +2008-09-28 Marcus Brinkmann + + * apdu.c (pcsc_get_status): Fix last change. + +2008-09-25 Werner Koch + + * app-openpgp.c (do_setattr): Do not allow setting of the reset + code. + (do_change_pin): Allow setting of the reset code. + +2008-09-24 Werner Koch + + * app-openpgp.c (verify_chv3): Set the did_chv3 flag which was + accidently removed on 2008-03-26. + (verify_chv2): Revert last change. + (do_change_pin): Do not change CHV2. Add reset code logic for v2 + cards. + * iso7816.c (iso7816_reset_retry_counter_with_rc): New. + + * app-openpgp.c (add_tlv, build_privkey_template): New. + (do_writekey): Support v2 keys and other key lengths than 1024. + * iso7816.c (iso7816_put_data_odd): New. + +2008-09-23 Werner Koch + + * app-openpgp.c (do_sign): Support SHA-2 digests. + (verify_chv2): No CHV auto-sync for v2 cards. + (do_auth): Allow 2048 bit keys. + (parse_algorithm_attribute): New. + (rsa_key_format_t): New. + (struct app_local_s): Add struct KEYATTR. + +2008-09-23 Marcus Brinkmann + + * apdu.c (pcsc_get_status): Be more relaxed with the usable flag + under Windows. + +2008-09-23 Werner Koch + + * app-openpgp.c (do_setattr): Use command chaining for long + values. + * iso7816.c (iso7816_put_data): Add arg EXTENDED_MODE. Change all + callers. + * apdu.c (apdu_send_simple): Add arg EXTENDED_MODE. Change all + callers. + (send_le): Implement command chaining. + * ccid-driver.c (ccid_transceive_apdu_level): Increase allowed + APDU size. + (ccid_transceive): Alow for APDUS of up to 259 bytes. + * apdu.h: Add new SW_ codes. + +2008-09-16 Werner Koch + + * command.c (cmd_writecert): New. + (register_commands): Register it. + * app-common.h (app_ctx_s): Add member WRITECERT. + * app.c (app_writecert): New. + * app-openpgp.c (do_writecert): New. + (parse_historical): New. + (show_extcap): New. + (dump_all_do): Print only the length of longs DOs. + * command.c (cmd_writekey, cmd_apdu, cmd_pksign) + (cmd_passwd): Replace open coding by skip_options. + +2008-08-30 Moritz + + * scdaemon.c (main): Use estream_asprintf instead of asprintf. + * command.c (update_reader_status_file): Likewise. + (cmd_serialno): Use estream_asprintf instead of asprintf + and xfree instead of free to release memory allocated + through (estream_)asprintf. + (cmd_learn): Likewise. + (pin_cb): Likewise. + * app-openpgp.c (get_public_key): Likewise. + +2008-08-18 Werner Koch + + * app-openpgp.c (do_setattr): Fix test for v2 cards. + +2008-08-11 Werner Koch + + * apdu.c (reset_pcsc_reader, open_pcsc_reader) + (reset_rapdu_reader, open_rapdu_reader): Allow ATRs of up to 33 + bytes. Provide maximum size of ATR buffer using DIM. Such long + ATR are never seen in reality but the PC/SC library of MAC OS X is + just too buggy. Reported by Ludovic Rousseau. Fixes bug #948. + +2008-07-30 Werner Koch + + * app-openpgp.c (verify_a_chv): Use xtrymalloc and make the prompt + for CHV2 more user friendly. + +2008-07-03 Werner Koch + + * app-openpgp.c (do_readcert): New. + (app_local_s): Add fields IS_V2 and MAX_CERTLEN_3. + (app_select_openpgp): Set them and register do_readcert. + (do_setattr): Allow storing of the certificate. + +2008-06-25 Werner Koch + + * app-dinsig.c (do_sign): Allow for SHA256. + +2008-06-24 Werner Koch + + * app-common.h (app_ctx_s): Renamed reset_mode parameter of + change_pin to mode_Flags and make it an unsigned int. + (APP_CHANGE_FLAG_RESET, APP_CHANGE_FLAG_NULLPIN): New. + * app-openpgp.c (do_change_pin): Adjust for that. + + * command.c (cmd_passwd): Add option --nullpin. + * app-nks.c (do_check_pin, do_change_pin): New. + (app_select_nks): Register new functions. + +2008-04-21 Moritz Schulte (wk) + + * app-openpgp.c (verify_a_chv): Make use of the default CHV flag. + +2008-03-26 Werner Koch + + * app-openpgp.c (verify_chv3): Support the keypad. + +2008-02-09 Marcus Brinkmann + + * scdaemon.c (main): Use CONFIG_FILENAME as filename if it is set + in gpgconf-list output. + +2007-12-10 Werner Koch + + * app-openpgp.c (do_decipher): Take care of cryptograms shorter + that 128 bytes. Fixes bug#851. + +2007-11-14 Werner Koch + + * scdaemon.c (main): Pass STANDARD_SOCKET flag to + create_server_socket. + +2007-11-13 Werner Koch + + * scdaemon.c (start_connection_thread): Do not call + assuan_sock_check_nonce if we are running in --server mode. + +2007-11-07 Werner Koch + + * scdaemon.h: Remove errors.h. + +2007-10-02 Werner Koch + + * command.c (cmd_getinfo): Add "pid" subcommand. + +2007-10-01 Werner Koch + + * scdaemon.c (create_server_socket): Use Assuan socket wrappers + and remove Windows specific code. + (socket_nonce): New. + (start_connection_thread): Check nonce. + +2007-09-14 Marcus Brinkmann + + * scdaemon.c (main): New variable STANDARD_SOCKET, which is 1 for + W32 targets. Use it for create_socket_name. + +2007-08-07 Werner Koch + + * tlv.c, tlv.h: Move to ../common/. + +2007-08-02 Werner Koch + + * scdaemon.c: Include gc-opt-flags.h and remove their definition + here. + +2007-08-01 Werner Koch + + * apdu.c (send_le): Implement exact length hack. Suggested by + Sten Lindgren. + +2007-07-05 Werner Koch + + * command.c (has_option_name, skip_options): New. + (cmd_genkey): Add option --timestamp. + (cmd_writekey): Enter confidential mode while inquiring the key data. + + * app.c (app_genkey): Add arg CREATETIME. + * app-common.h (app_ctx_s): Likewise + * app-openpgp.c (do_genkey): Ditto. Use it. + + +2007-07-04 Werner Koch + + * command.c (cmd_getinfo): New subcommand "version". + + * scdaemon.c (TIMERTICK_INTERVAL): New. + (handle_connections) [W32]: Enable a dummy sigs event. + (handle_connections): Use a proper count for select and not + FD_SETSIZE. + (fixed_gcry_pth_init, main): Kludge to fix pth initialization. + +2007-06-21 Werner Koch + + * scdaemon.h (ctrl_t): Remove. It is now declared in ../common/util.h. + +2007-06-18 Marcus Brinkmann + + * scdaemon.c (main): Percent escape output of --gpgconf-list. + +2007-06-12 Werner Koch + + * scdaemon.c (main): Replace some calls by init_common_subsystems. + +2007-06-11 Werner Koch + + * Makefile.am (scdaemon_LDADD): Use libcommonpth macro. + + * command.c (initialize_module_command): New. + * scdaemon.c (main) [W32]: Do not use sigpipe code. + (main): Call initialize_module_command. + +2007-06-06 Werner Koch + + * app-openpgp.c (do_sign): Fix arithmetic on void*. + + * app.c (dump_mutex_state) [W32]: Handle the W32Pth case. + + * apdu.c: Remove dynload.h. + + * scdaemon.c (i18n_init): Remove. + +2007-04-20 Werner Koch + + * sc-copykeys.c (my_gcry_logger): Removed. + (main): Call setup_libgcrypt_logging helper. + * scdaemon.c (my_gcry_logger): Removed. + (main): Call setup_libgcrypt_logging helper. + +2007-04-03 Werner Koch + + * command.c (cmd_getinfo): New subcommand "reader_list". + * ccid-driver.c (scan_or_find_devices): Ignore EBUSY in scan mode + for special transports. + +2007-03-07 Werner Koch + + * app-dinsig.c: Include i18n.h. + (verify_pin): Support PIN pads. + * app-nks.c (verify_pin): Ditto. + + * ccid-driver.c (bulk_in): Handle time extension before checking + the message type. + (ccid_transceive_secure): Support the Cherry XX44 keyboard. + Kudos to the nice folks at Cherry for helping with that. + +2007-02-18 Werner Koch + + * scdaemon.c (DEFAULT_PCSC_DRIVER): Add a default for OS X. + +2007-01-25 Werner Koch + + * Makefile.am (scdaemon_LDADD): Added LIBICONV. Noted by Billy + Halsey. + +2006-12-21 Werner Koch + + * app-openpgp.c (verify_chv2): Factored most code out into... + (verify_a_chv): ... new. + (do_sign): Factored verification code out to new function and + take care of a keypad entered PIN. + (compare_fingerprint): Print an additional diagnostic. + +2006-11-28 Werner Koch + + * apdu.c (send_le, apdu_send_direct): Increase RESULTLEN to 258 to + allow for full 256 byte and the status word. This might break + some old PC/SC drivers or cards, but we will see. Suggested by + Kenneth Wang. + +2006-11-23 Werner Koch + + * command.c (scd_command_handler): Fixed use of CTRL. + +2006-11-21 Werner Koch + + * Makefile.am (libexec_PROGRAMS): Put pscs-wrapper into libexec. + Renamed to gnupg-pcsc-wrapper. + * apdu.c (open_pcsc_reader): Use GNUPG_LIBEXECDIR to accces the + wrapper. Suggested by Eric Dorland. + +2006-11-20 Werner Koch + + * app-openpgp.c (verify_chv2): Support for keypads (only CHV2). + + * ccid-driver.c (ccid_transceive_secure): Made it work for Kaan + and SCM. + +2006-11-17 Werner Koch + + * ccid-driver.c (scan_or_find_devices): Use DEBUGOUT_2 instead of + log_debug. Removed few other log_debug. + + * iso7816.c (iso7816_check_keypad): Allow for a SW of 0. + + * command.c (pin_cb): New mode to prompt for a keypad entry. + + * scdaemon.c (main) : Add disable-keypad. + +2006-11-15 Werner Koch + + * app-p15.c (read_ef_odf): Cast one printf arg. + + * scdaemon.h (struct server_control_s): Add field THREAD_STARTUP. + * command.c (scd_command_handler): Add new arg CTRL. + * scdaemon.c (scd_init_default_ctrl): Made static. + (scd_deinit_default_ctrl): New. + (start_connection_thread): Call init/deinit of ctrl. + (handle_connections): Allocate CTRL. + + * apdu.c (PCSC_ERR_MASK): New. + (reset_pcsc_reader, pcsc_get_status, pcsc_send_apdu) + (close_pcsc_reader, open_pcsc_reader): Use it after shifting error + values. Reported by Henrik Nordstrom. Fixes bug #724. + +2006-10-24 Werner Koch + + * scdaemon.h (GCRY_MD_USER_TLS_MD5SHA1): New. + (MAX_DIGEST_LEN): Increased to 36. + * app-p15.c (do_sign): Support for TLS_MD5SHA1. + (do_auth): Detect TLS_MD5SHA1. + (do_sign): Tweaks for that digest. + +2006-10-23 Werner Koch + + * scdaemon.c (main): New command --gpgconf-test. + +2006-10-17 Werner Koch + + * Makefile.am (scdaemon_LDADD): Link against libcommonpth. + +2006-10-12 Werner Koch + + * apdu.c: Include pth.h after unistd.h for the sake of newer Pth + versions. + +2006-10-11 Werner Koch + + * app-openpgp.c (do_sign): Redirect to do_auth for OpenPGP.3. + +2006-10-06 Werner Koch + + * Makefile.am (AM_CFLAGS): Use PTH version of libassuan. + (scdaemon_LDADD): Ditto. + + * scdaemon.h (send_status_info): Mark with sentinel attribute. + +2006-10-02 Marcus Brinkmann + + * command.c (update_reader_status_file): Increase buffer of + NUMBUF2 (fixing typo). + +2006-09-24 Marcus Brinkmann + + * app-openpgp.c (do_sign): Advance INDATA by the SHA1 resp. RMD160 + prefix length. + +2006-09-14 Werner Koch + + Replaced all call gpg_error_from_errno(errno) by + gpg_error_from_syserror(). + + * command.c (scd_command_handler): Replaced + init_connected_socket_server by init_socket_server_ext. + +2006-09-07 Werner Koch + + * command.c (update_reader_status_file): Execute an event handler + if available. + +2006-09-06 Werner Koch + + * apdu.c (pcsc_end_transaction): + * pcsc-wrapper.c (pcsc_end_transaction: Fixed dclaration. + Reported by Bob Dunlop. + + * scdaemon.h (CTRL,APP): Removed and changed everywhere to + ctrl_t/app_t. + + Replaced all Assuan error codes by libgpg-error codes. Removed + all map_to_assuan_status and map_assuan_err. + + * scdaemon.c (main): Call assuan_set_assuan_err_source to have Assuan + switch to gpg-error codes. + * command.c (set_error): Adjusted. + +2006-09-02 Marcus Brinkmann + + * command.c (get_reader_slot): Return the slot_table index, not + the APDU slot number. + (update_reader_status_file): Use the slot_table index in the + update_card_removed invocation. + +2006-09-01 Marcus Brinkmann + + * command.c (cmd_getinfo): Handle status command. + +2006-08-30 Marcus Brinkmann + + * command.c (do_reset): Delay resetting CTRL->reader_slot until + after update_card_removed invocation. + +2006-08-28 Marcus Brinkmann + + * app-openpgp.c (do_decipher, do_sign): Allow "OPENPGP.2" + resp. "OPENPGP.1" for KEYIDSTR. + +2006-08-21 Werner Koch + + * pcsc-wrapper.c (handle_open, handle_close): Reset card and + protocol on error/close. + (handle_status): Don't set the state if the state is unknown. + (handle_reset): Ignore an error if already disconnected. May + happen due to system wake-up after hibernation. Suggested by Bob + Dunlop. + +2006-06-28 Werner Koch + + * app-openpgp.c (do_writekey): Fixed computation of memmove + length. This led to garbled keys if E was larger than one byte. + Thanks to Achim Pietig for hinting at the garbled E. + +2006-06-09 Marcus Brinkmann + + * Makefile.am (scdaemon_LDADD): Add $(NETLIBS). + +2006-04-14 Marcus Brinkmann + + * app.c (select_application): Cover up a slot mismatch error in + case it happens (it shouldn't happen). + (release_application): Use APP->slot. Lock the reader. + (application_notify_card_removed): Lock the reader. + +2006-04-11 Werner Koch + + * command.c (hex_to_buffer): New. + (cmd_apdu): New. + +2006-04-03 Werner Koch + + * scdaemon.c [__GLIBC__]: Default to libpcsclite.so.1. + +2006-03-21 Werner Koch + + * command.c (cmd_pksign): Add --hash option. + +2006-03-01 Werner Koch + + * command.c (status_file_update_lock): New. + (scd_update_reader_status_file): Use lock and factor existing code + out to .. + (update_reader_status_file): .. this. + (do_reset): Use the lock and call update_reader_status_file. + +2006-02-20 Werner Koch + + * apdu.c (open_pcsc_reader): Fixed double free. Thanks to Moritz. + +2006-02-09 Werner Koch + + * command.c (get_reader_slot, do_reset) + (scd_update_reader_status_file): Rewrote. + + * app.c (release_application): Factored code out to .. + (deallocate_app): new function. + (select_application): Introduce new saved application stuff. + (application_notify_card_removed): New. + * command.c (update_card_removed): Call it here. + (do_reset): And here. + + * app.c (check_application_conflict): New. + * command.c (open_card): Use it here. + (cmd_restart): New command. + + * command.c (cmd_lock): Fixed --wait option to actually terminate. + +2006-02-08 Werner Koch + + * ccid-driver.c (ccid_get_atr): Read Parameter and select T=1 + using these parameters. + (scan_or_find_devices): Check for NULL r_fd. + +2006-02-02 Werner Koch + + * ccid-driver.c (special_transport): New + (ccid_open_reader, do_close_reader, ccid_shutdown_reader) + (bulk_out, bulk_in): Add support for CardMan 4040 reader. + + * ccid-driver.c (scan_or_find_devices): Factored most code out to + (scan_or_find_usb_device): .. new. + (make_reader_id): Fixed vendor mask. + +2006-01-01 Werner Koch + + * app-openpgp.c (do_sign): Give user error if hash algorithm is + not supported by the card. + +2005-12-06 Werner Koch + + * apdu.c (open_pcsc_reader): Check that pcsc-wrapper is actually + installed. + +2005-11-23 Werner Koch + + * app-nks.c (verify_pin): Give a special error message for a Nullpin. + +2005-10-29 Werner Koch + + * ccid-driver.c (send_escape_cmd): New args RESULT, RESULTLEN and + RESULTMAX. Changed all callers. + (ccid_transceive_escape): New. + +2005-10-27 Werner Koch + + * apdu.c [__CYGWIN__]: Make cygwin environment similar to _WIN32. + Suggested by John P. Clizbe. + * scdaemon.c [__CYGWIN__]: Set default PC/SC driver to winscard.dll. + +2005-10-19 Werner Koch + + * ccid-driver.h (CCID_DRIVER_ERR_NO_KEYPAD): New. + * apdu.h (SW_HOST_NO_KEYPAD): New. + * iso7816.h (struct iso7816_pininfo_s): New. + * iso7816.c (map_sw): Support new code. + (iso7816_check_keypad): New. + (iso7816_verify_kp, iso7816_change_reference_data_kp) + (iso7816_reset_retry_counter_kp): New. Extended versions of the + original functions. + * apdu.c (host_sw_string): Support new code. + (reader_table_s): New field CHECK_KEYPAD. + (new_reader_slot, open_ct_reader, open_pcsc_reader) + (open_ccid_reader, open_rapdu_reader): Initialize it. + (check_ccid_keypad): New. + (apdu_check_keypad): New. + (apdu_send_le): Factored all code out to ... + (send_le): .. new. Takes an additional arg; changed all callers + of the orginal function to use this one with a NULL for the new + arg. + (apdu_send_simple_kp): New. + (ct_send_apdu, pcsc_send_apdu, my_rapdu_send_apdu) + (send_apdu_ccid): New arg PININFO. + (send_apdu_ccid): Use the new arg. + + * scdaemon.c: New option --disable-keypad. + +2005-10-08 Marcus Brinkmann + + * Makefile.am (scdaemon_LDADD): Add ../gl/libgnu.a after + ../common/libcommon.a. + +2005-09-20 Werner Koch + + * app-dinsig.c (verify_pin): Try ISO 9564 BCD encoding. + + * iso7816.c (iso7816_select_application): Add arg FLAGS. Changed + all callers to pass 0. + * app-openpgp.c (app_select_openpgp): But this one requires a + special flag. + + * app-p15.c (app_select_p15): Don't use select application for the + BELPIC. + +2005-09-09 Werner Koch + + * pcsc-wrapper.c (main): Removed bogus free. + + * app-p15.c (do_auth): New. + (do_getattr): New attribs $AUTHKEYID and $DISPSERIALNO. + * app-openpgp.c (do_getattr): Ditto. + +2005-09-08 Werner Koch + + * app-openpgp.c (do_getattr): New key $AUTHKEYID. + +2005-09-06 Werner Koch + + * app-p15.c (do_sign): Tweaked for BELPIC cards. + (read_home_df): New arg R_BELPIC. + (app_select_p15): Set card type for BELPIC. + +2005-09-05 Werner Koch + + * iso7816.c (iso7816_select_path): New. + * app-p15.c (select_ef_by_path): Allow for direct path selection. + (app_select_p15): Try using the Belgian variant of pkcs#15. + (read_home_df): New. + (read_ef_odf): Generalized. + (read_ef_tokeninfo): New. + (read_p15_info): Set serialnumber from TokenInfo. + (app_select_p15): Don't munge serialNumber - that must be done + only once. + + * iso7816.c (iso7816_read_binary): Use Le=0 when reading all + data. Handle 6C00 error and take 6B00 as indication for EOF. + * apdu.h (SW_EXACT_LENGTH_P): New. + * apdu.c (new_reader_slot, reset_pcsc_reader, pcsc_get_status) + (open_pcsc_reader): Set new reader state IS_T0. + (apdu_send_le): When doing T=0 make sure not to send Lc and Le. + Problem reported by Carl Meijer. + (apdu_send_direct): Initialize RESULTLEN. + * pcsc-wrapper.c (handle_status): Return the current protocol as + a new third word. + +2005-08-05 Werner Koch + + * apdu.c (open_rapdu_reader): Set the reader number. + +2005-07-05 Werner Koch + + * app-openpgp.c (do_readkey): Return a mallcoed copy of the key as + required by the description. Thanks to Moritz for tracking this + problem down. + +2005-06-21 Werner Koch + + * scdaemon.c (main): ifdef call to ccid_set_debug_level. + + * apdu.c (reset_pcsc_reader, open_pcsc_reader): Cast size_t to + ulong for printf. + +2005-06-06 Werner Koch + + * scdaemon.c (main): New option --debug-allow-core-dump. + +2005-06-03 Werner Koch + + * scdaemon.c (handle_connections): Make sure that the signals we + are handling are not blocked.Block signals while creating new + threads. + (handle_connections): Include the file descriptor into the name of + the thread. + +2005-06-02 Werner Koch + + * app.c (app_dump_state, dump_mutex_state): New. + * scdaemon.c (handle_signal): Print it on SIGUSR1. + + * app-openpgp.c (do_writekey): Typo fix. + + * command.c (open_card): Check for locked state even if an + application context is available. + + * app-common.h: Add REF_COUNT field. + * app.c (release_application, select_application): Implement + reference counting to share the context beween connections. + + * app.c (lock_reader, unlock_reader): Take SLOT instead of APP as + argument. Changed all callers. + (select_application): Unlock the reader on error. This should fix + the hangs I noticed last week. + + * scdaemon.h: Removed card_ctx_t cruft. + +2005-06-01 Werner Koch + + * scdaemon.c: Include mkdtemp.h. + +2005-05-31 Werner Koch + + * tlv.c [GNUPG_MAJOR_VERSION==1]: Define constants instead of + including a gnupg 1.4 header. + +2005-05-30 Werner Koch + + * tlv.c: Add hack to compile without gpg-error.h when used with + GnuPG 1.4. + +2005-05-23 Werner Koch + + * Makefile.am: Do not build sc-copykeys anymore. + + * app-openpgp.c (app_openpgp_storekey, app_openpgp_readkey) + (app_openpgp_cardinfo): Removed. + + * ccid-driver.c (parse_ccid_descriptor): SCR335 FW version 5.14 is + good. + (do_close_reader): Never do a reset. The caller should instead + make sure that the reader has been closed properly. The new retry + code in ccid_slot_status will make sure that the readersatrts up + fine even if the last process didn't closed the USB connection + properly. + (ccid_get_atr): For certain readers try switching to ISO mode. + Thanks to Ludovic Rousseau for this hint and the magic numbers. + (print_command_failed): New. + (bulk_in): Use it here. Add new arg NO_DEBUG. + (ccid_slot_status): Disabled debugging. + +2005-05-21 Werner Koch + + * scdaemon.c (handle_signal): Print thread info on SIGUSR1. + +2005-05-20 Werner Koch + + * ccid-driver.c: Replaced macro DEBUG_T1 by a new debug level. + (parse_ccid_descriptor): Mark SCR335 firmware version 5.18 good. + (ccid_transceive): Arghhh. The seqno is another bit in the + R-block than in the I block, this was wrong at one place. + + * scdaemon.c: New options --debug-ccid-driver and + --debug-disable-ticker. + + * app-openpgp.c (do_genkey, do_writekey): Factored code to check + for existing key out into .. + (does_key_exist): .. New function. + +2005-05-19 Werner Koch + + * tlv.c (parse_sexp): New. + + * command.c (cmd_writekey): New. + * app.c (app_writekey): New. + * app-common.c (app_t): Add function ptr WRITEKEY. + * app-openpgp.c (do_writekey): New. + + * app-openpgp.c (do_readkey) [GNUPG_MAJOR_VERSION==1]: Return error. + * app-common.h (app_t) [GNUPG_MAJOR_VERSION==1]: Add a field to + store the Assuan context. + +2005-05-17 Werner Koch + + * scdaemon.c: Removed non-pth code paths. + (create_socket_name, create_server_socket): New. Taken from + ../agent/gpg-agent. + (cleanup): Changed to adjust for SOCKET_NAME now being malloced. + (ticker_thread): Always use pth_event_occurred; it is again + defined for all decent PTH versions. + (handle_connections): New. Based on the gpg-agent code. + (start_connection_thread): Ditto. + (ticker_thread): Removed. + (cleanup_sh): Removed. + (main): Run the handler for the pipe server in a separate + thread. This replaces the old ticker thread. + (scd_get_socket_name): New. + * command.c (cmd_getinfo): New command GETINFO. + (scd_command_handler): Renamed argument and changed code to use an + already connected FD. + +2005-05-15 Werner Koch + + * app.c, app-common.h, app-nks.c, app-p15.c, app-dinsig.c + * app-openpgp.c: Change most function return types from int to + gpg_error_t. + * command.c (pin_cb): Ditto. + * sc-copykeys.c (pincb): Ditto. + + * app.c (lock_reader, unlock_reader): New. Changed call handler + wrappers to make use of these functions. + +2005-05-07 Werner Koch + + * ccid-driver.c (do_close_reader): Don't do a reset before close. + Some folks reported that it makes the SCR335 hang less often. + Look at the source on how to re-enable it. + +2005-04-27 Werner Koch + + * app-p15.c (micardo_mse): New. + (do_sign): Call it. + * iso7816.c (iso7816_manage_security_env): Allow passing DATA as + NULL to indicate an empty Lc. + * tlv.c (find_tlv): Check that a found object fits into the + buffer. + (find_tlv_unchecked): New as replacement for the old non-checking + variant. + * app.c (select_application): Keep on using the non-checking + variant. + * app-openpgp.c (get_one_do, dump_all_do): Ditto. + + + Removal of the old OpenSC based code. + + * app-p15.c: New. Basic support for pkcs15 cards without OpenSC. + There are quite a couple of things missing but at least I can use + my old TCOS cards from the Aegypten-1 development for signing. + * app.c (select_application): Detect pkcs15 applications. + * Makefile.am (scdaemon_SOURCES): Removed card.c, card-common.h + and card-p15.c because they are now obsolete. Added app-p15.c. + Removed all OpenSC stuff. + * command.c (do_reset, open_card, cmd_serialno, cmd_learn) + (cmd_readcert, cmd_readkey, cmd_pksign, cmd_pkdecrypt): Removed + all special cases for the old card.c based mechanisms. + * scdaemon.c, apdu.c: Removed all special cases for OpenSC. + +2005-04-20 Werner Koch + + * command.c: Use GPG_ERR_LOCKED instead of EBUSY. + +2005-04-14 Werner Koch + + * app-openpgp.c (retrieve_key_material): Rewritten. Return a + proper error code. + (retrieve_next_token): Removed. + (retrieve_fpr_from_card): Rewritten to make use of DO caching and + to take the KEYNO as arg. + (get_public_key): Renamed variable for clarity. + +2005-04-12 Werner Koch + + Basic support for several sessions. + + * command.c (scd_command_handler): Replace the primary_connection + stuff by a real connection list. Release the local context on + exit. + (scd_update_reader_status_file): Update accordingly. Send signal + to all connections who registered an event signal. + (cmd_lock, cmd_unlock, register_commands): New commands LOCK and + UNLOCK. + (cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt, cmd_setattr) + (cmd_genkey, cmd_passwd, cmd_checkpin): Return an error if reader + is locked. + (do_reset): Handle locking. + (open_card): Ditto. Share the reader slot with other sessions. + (get_reader_slot): New. + (update_card_removed): New. Use it in the TEST_CARD_REMOVAL macro. + +2005-04-07 Werner Koch + + * app-openpgp.c (do_check_pin): Add hack to allow verification of + CHV3. + (get_public_key): Don't use gcry functions to create S-expressions. + (do_deinit, do_readkey, do_genkey, send_keypair_info): Adjust for + above change. + +2005-03-29 Moritz Schulte + + * app-openpgp.c (retrieve_fpr_from_card): New function. + (retrieve_next_token): New function. + (retrieve_key_material): New function. + (get_public_key): Implement retrival of key through expernal + helper (gpg) in case the openpgp card is not cooperative enough. + +2005-03-16 Werner Koch + + * ccid-driver.c (parse_ccid_descriptor): Make SCM workaround + reader type specific. + (scan_or_find_devices): Do not check the interface subclass in the + SPR532 kludge, as this depends on the firmware version. + (ccid_get_atr): Get the Slot status first. This solves the + problem with readers hanging on recent Linux 2.6.x. + (bulk_in): Add argument TIMEOUT and changed all callers to pass an + appropriate one. Change the standard timeout from 10 to 5 seconds. + (ccid_slot_status): Add a retry code with an initial short timeout. + (do_close_reader): Do an usb_reset before closing the reader. + +2005-02-25 Werner Koch + + * app-openpgp.c (get_public_key): Make sure not to return negative + numbers. + (do_sign): Allow passing of indata with algorithm prefix. + (do_auth): Allow OPENPGP.3 as an alternative ID. + + * app.c (app_getattr): Return just the S/N but not the timestamp. + +2005-02-24 Werner Koch + + * app.c (app_getattr): Return APPTYPE or SERIALNO type even if the + application does dot support the getattr call. + + * app-openpgp.c (get_one_do): Never try to get a non cacheable + object from the cache. + (get_one_do): Add new arg to return an error code. Changed all + callers. + (do_getattr): Let it return a proper error code. + + * app.c (select_application): Return an error code and the + application context in an new arg. + * command.c (open_card): Adjusted for that. Don't use the + fallback if no card is present. Return an error if the card has + been removed without a reset. + (do_reset, cmd_serialno): Clear that error flag. + (TEST_CARD_REMOVAL): New. Use it with all command handlers. + (scd_update_reader_status_file): Set the error flag on all changes. + + * scdaemon.c (ticker_thread): Termintate if a shutdown is pending. + + * apdu.c: Added some PCSC error codes. + (pcsc_error_to_sw): New. + (reset_pcsc_reader, pcsc_get_status, pcsc_send_apdu) + (open_pcsc_reader): Do proper error code mapping. + +2005-03-16 Werner Koch + + * ccid-driver.c (parse_ccid_descriptor): Make SCM workaround + reader type specific. + (scan_or_find_devices): Do not check the interface subclass in the + SPR532 kludge, as this depends on the firmware version. + (ccid_get_atr): Get the Slot status first. This solves the + problem with readers hanging on recent Linux 2.6.x. + +2005-02-22 Werner Koch + + * app-openpgp.c (app_local_s): New field PK. + (do_deinit, do_genkey, app_openpgp_storekey): Clear it. + (get_public_key, send_keypair_info): New. + (do_learn_status): Send KEYPAIR info + + * app-common.h (app_ctx_t): Add function pointer READKEY. + * app.c (app_readkey): New. + * command.c (cmd_readkey): Use READKEY function if possible. + +2005-01-26 Werner Koch + + * ccid-driver.c (parse_ccid_descriptor): Need the CSM workaround + also for newer firmware versions. Need to get a list of fixed + firmware versions and use that. + +2005-01-25 Werner Koch + + * apdu.c (apdu_send_le, apdu_send_direct): Fix some compiler + warnings. + + * app-openpgp.c (get_cached_data): New arg GET_IMMEDIATE to bypass + the cache. Changed all callers. + (get_one_do): Bypass the cache if the value would have been read + directly for v1.1 cards.It makes things a bit slower but obnly for + 1.0 cards and there are not that many cards out in the wild. This + is required to fix a caching bug when generating new keys; as a + side effect of the retrieval of the the C4 DO from the 6E DO the + cached fingerprint will get updated to the old value and later + when signing the generated key the checking of the fingerprint + fails because it won't match the new one. Thanks to Moritz for + analyzing this problem. + (verify_chv3): Removed the CHV status reread logic because we + won't cache the C4 DO anymore. + +2004-12-28 Werner Koch + + * ccid-driver.c (find_endpoint): New. + (scan_or_find_devices): Add new args to return endpoint info and + interface number. + (ccid_open_reader, ccid_shutdown_reader): Take care of these new + args. + (bulk_in, bulk_out): Use the correct endpoints. + (ccid_transceive_apdu_level): New. + (ccid_transceive): Divert to above. + (parse_ccid_descriptor): Allow APDU level exchange mode. + (do_close_reader): Pass the interface number to usb_release_interface. + +2004-12-21 Werner Koch + + * scdaemon.c (main): Use default_homedir(). + +2004-12-18 Werner Koch + + * scdaemon.c (main) [W32]: Remove special Pth initialize.. + + * scdaemon.h (map_assuan_err): Define in terms of + map_assuan_err_with_source. + +2004-12-15 Werner Koch + + * scdaemon.c [W32]: Various hacks to make it run under W32. + + * command.c (scd_update_reader_status_file) [W32]: Don't use kill. + + * apdu.c [W32]: Disable use of pcsc_wrapper. + + * Makefile.am (scdaemon_LDADD): Reorder libs. + (sc_copykeys_LDADD): Add libassuan because it is needed for W32. + +2004-12-06 Werner Koch + + * Makefile.am (pkglib_PROGRAMS): Build only for W32. + +2004-10-22 Werner Koch + + * app-openpgp.c (verify_chv3): The minium length for CHV3 is + 8. Changed string to match the other ones. + +2004-10-21 Werner Koch + + * app-openpgp.c (do_sign): Replace asprintf by direct allocation. + This avoids problems with missing vasprintf implementations in + gnupg 1.4. + + * app-common.h (app_openpgp_storekey: Add prototype. + +2004-10-20 Werner Koch + + * sc-investigate: Removed. + * Makefile.am (sc_investigate): Removed. + + * pcsc-wrapper.c (load_pcsc_driver): Load get_status_change func. + (handle_open): Succeed even without a present card. + (handle_status, handle_reset): New. + + * apdu.c (apdu_open_reader): Load pcsc_get_status_change fucntion. + (pcsc_get_status): Implemented. + (reset_pcsc_reader): Implemented. + (open_pcsc_reader): Succeed even with no card inserted. + (open_ccid_reader): Set LAST_STATUS. + + * iso7816.c (iso7816_select_application): Always use 0 for P1. + +2004-10-18 Werner Koch + + * ccid-driver.c (ccid_get_atr): Reset T=1 state info. + +2004-10-14 Werner Koch + + * app-openpgp.c (parse_login_data): New. + (app_select_openpgp): Call it. + (do_setattr): Reparse it after change. + +2004-10-06 Werner Koch + + * ccid-driver.c (ccid_open_reader): Store the vendor ID. + (ccid_transceive_secure): New. + (parse_ccid_descriptor): Workaround for an SCM reader problem. + +2004-10-04 Werner Koch + + * ccid-driver.c (send_escape_cmd): New. + +2004-09-30 Werner Koch + + * Makefile.am: Adjusted for gettext 0.14. + + * app-openpgp.c (do_sign): Add the error string to the verify + failed messages. + +2004-09-27 Werner Koch + + From gnupg 1.3 + + * app-openpgp.c: Made all strings translatable. + (verify_chv3) [GNUPG_MAJOR_VERSION]: Make opt.allow_admin + available for use in gnupg 2. + (verify_chv3): Reimplemented countdown showing to use only + functions from this module. Flush the CVH status cache on a + successful read. + (get_one_do): Hack to bypass the cache for cards versions > 1.0. + (store_fpr): Store the creation date for card version > 1.0. + + * app-openpgp.c (app_openpgp_storekey): Call flush_cache. + (get_cached_data): Move local data initialization to .. + (app_select_openpgp): .. here. Read some flags for later use. + (do_getattr): New read-only attribute EXTCAP. + + * apdu.c (open_pcsc_reader): Do not print empty reader string. + + * ccid-driver.c (do_close_reader): Factored some code out from ... + (ccid_close_reader): ..here. + (ccid_shutdown_reader): New. + + * apdu.c (apdu_shutdown_reader): New. + (shutdown_ccid_reader): New. + + * apdu.c (open_ccid_reader): New arg PORTSTR. Pass it to + ccid_open_reader. + (apdu_open_reader): Pass portstr to open_ccid_reader. + (apdu_open_reader): No fallback if a full CCID reader id has been + given. + + * ccid-driver.c (ccid_get_reader_list): New. + (ccid_open_reader): Changed API to take a string for the reader. + Removed al the cruft for the libusb development vesion which seems + not to be maintained anymore and there are no packages anyway. + The stable library works just fine. + (struct ccid_reader_id_s): Deleted and replaced everywhere by a + simple string. + (usb_get_string_simple): Removed. + (bulk_in): Do valgrind hack here and not just everywhere. + + * ccid-driver.c (read_device_info): Removed. + (make_reader_id, scan_or_find_devices): New. + (ccid_open_reader): Simplified by make use of the new functions. + (ccid_set_debug_level): New. Changed the macros to make use of + it. It has turned out that it is often useful to enable debugging + at runtime so I added this option. + + From gnupg 1.3 - David Shaw + + * app-openpgp.c (verify_chv3): Show a countdown of how many wrong + admin PINs can be entered before the card is locked. + + * app-openpgp.c (get_cached_data): Avoid mallocing zero since it + breaks us when using --enable-m-guard. + + * ccid-driver.c (usb_get_string_simple): Replacement function to + work with older libusb. + + * ccid-driver.c (read_device_info): Fix segfault when usb device + is not accessible. + (ccid_open_reader): Allow working with an even older version of + libusb (usb_busses global instead of usb_get_busses()). + +2004-09-11 Werner Koch + + * app-openpgp.c (app_select_openpgp): Its app_munge_serialno and + not app_number_serialno. + +2004-08-20 Werner Koch + + * app.c (select_application): Fixed serial number extraction and + added the BMI card workaround. + (app_munge_serialno): New. + * app-openpgp.c (app_select_openpgp): Try munging serialno. + +2004-08-05 Werner Koch + + * scdaemon.c (main): New option --disable-application. + * app.c (is_app_allowed): New. + (select_application): Use it to check for disabled applications. + + * ccid-driver.h (CCID_DRIVER_ERR_ABORTED): New. + * ccid-driver.c (ccid_open_reader): Support the stable 0.1 version + of libusb. + (ccid_get_atr): Handle short messages. + + * apdu.c (my_rapdu_get_status): Implemented. + +2004-07-27 Moritz Schulte + + * apdu.c: Include . + + * Makefile.am: Use @DL_LIBS@ instead of -ldl. + +2004-07-22 Werner Koch + + * Makefile.am: Make OpenSC lib link after libgcrypt. Do not link + to pth. + * apdu.c: Don't use Pth if we use OpenSC. + * sc-investigate.c, scdaemon.c: Disable use of pth if OpenSC is used. + + * scdaemon.c (main): Bumbed thread stack size up to 512k. + +2004-07-16 Werner Koch + + * apdu.c (reader_table_s): Add function pointers for the backends. + (apdu_close_reader, apdu_get_status, apdu_activate) + (send_apdu): Make use of them. + (new_reader_slot): Intialize them to NULL. + (dump_ccid_reader_status, ct_dump_reader_status): New. + (dump_pcsc_reader_status): New. + (open_ct_reader, open_pcsc_reader, open_ccid_reader) + (open_osc_reader, open_rapdu_reader): Intialize function pointers. + (ct_activate_card, ct_send_apdu, pcsc_send_apdu, osc_send_apdu) + (error_string): Removed. Replaced by apdu_strerror. + (get_ccid_error_string): Removed. + (ct_activate_card): Remove the unused loop. + (reset_ct_reader): Implemented. + (ct_send_apdu): Activate the card if not yet done. + (pcsc_send_apdu): Ditto. + +2004-07-15 Werner Koch + + * ccid-driver.h: Add error codes. + * ccid-driver.c: Implement more or less proper error codes all + over the place. + + * apdu.c (apdu_send_direct): New. + (get_ccid_error_string): Add some error code mappings. + (send_apdu): Pass error codes along for drivers already supporting + them. + (host_sw_string): New. + (get_ccid_error_string): Use above. + (send_apdu_ccid): Reset the reader if it has not yet been done. + (open_ccid_reader): Don't care if the ATR can't be read. + (apdu_activate_card): New. + (apdu_strerror): New. + (dump_reader_status): Only enable it with opt.VERBOSE. + * iso7816.c (map_sw): Add mappings for the new error codes. + +2004-07-02 Werner Koch + + * apdu.c (open_ct_reader, open_pcsc_reader, open_ccid_reader) + (reset_ccid_reader, open_osc_reader): Call dump_reader_status only + in verbose mode. + +2004-07-01 Werner Koch + + * sc-investigate.c: Initialize Pth which is now required. + (interactive_shell): New command "readpk". + + * app-openpgp.c (do_getattr): Fix for sending CA-FPR. + +2004-06-30 Werner Koch + + * app-openpgp.c (app_openpgp_readkey): Fixed check for valid + exponent. + +2004-06-18 Werner Koch + + * sc-investigate.c (my_read_line): Renamed from read_line. + +2004-06-16 Werner Koch + + * apdu.c (osc_get_status): Fixed type in function name. Noted by + Axel Thimm. Yes, I didn't tested it with OpenSC :-(. + +2004-04-28 Werner Koch + + * app-openpgp.c (do_setattr): Sync FORCE_CHV1. + +2004-04-27 Werner Koch + + * app-common.h: Do not include ksba.h for gnupg 1. + +2004-04-26 Werner Koch + + * app-common.h: New members FNC.DEINIT and APP_LOCAL. + * app.c (release_application): Call new deconstructor. + * app-openpgp.c (do_deinit): New. + (get_cached_data, flush_cache_item, flush_cache_after_error) + (flush_cache): New. + (get_one_do): Replaced arg SLOT by APP. Make used of cached data. + (verify_chv2, verify_chv3): Flush some cache item after error. + (do_change_pin): Ditto. + (do_sign): Ditto. + (do_setattr): Flush cache item. + (do_genkey): Flush the entire cache. + (compare_fingerprint): Use cached data. + + * scdaemon.c (main): Do the last change the usual way. This is so + that we can easily test for versioned config files above. + +2004-04-26 Marcus Brinkmann + + * scdaemon.c (main): For now, always print default filename for + --gpgconf-list, and never /dev/null. + +2004-04-21 Werner Koch + + * command.c (scd_update_reader_status_file): Send a signal back to + the client. + (option_handler): Parse the new event-signal option. + + * scdaemon.c (handle_signal): Do not use SIGUSR{1,2} anymore for + changing the verbosity. + +2004-04-20 Werner Koch + + * command.c (scd_update_reader_status_file): Write status files. + + * app-help.c (app_help_read_length_of_cert): Fixed calculation of + R_CERTOFF. + + * pcsc-wrapper.c: New. + * Makefile.am (pkglib_PROGRAMS): Install it here. + * apdu.c (writen, readn): New. + (open_pcsc_reader, pcsc_send_apdu, close_pcsc_reader): Use the + pcsc-wrapper if we are using Pth. + (apdu_send_le): Reinitialize RESULTLEN. Handle SW_EOF_REACHED + like SW_SUCCESS. + +2004-04-19 Werner Koch + + * ccid-driver.c (parse_ccid_descriptor): Store some of the reader + features away. New arg HANDLE + (read_device_info): New arg HANDLE. Changed caller. + (bulk_in): Handle time extension requests. + (ccid_get_atr): Setup parameters and the IFSD. + (compute_edc): New. Factored out code. + (ccid_transceive): Use default NADs when required. + +2004-04-14 Werner Koch + + * scdaemon.h (server_control_s): Add member READER_SLOT. + * scdaemon.c (scd_init_default_ctrl): Initialize READER_SLOT to -1. + * command.c (open_card): Reuse an open slot. + (reset_notify): Just reset the slot if supported by the reader. + (do_reset): Factored code from above out. + (scd_command_handler): Use it for cleanup. + + * apdu.h: New pseudo stati SW_HOST_NOT_SUPPORTED, + SW_HOST_LOCKING_FAILED and SW_HOST_BUSY. + * iso7816.c (map_sw): Map it. + + * ccid-driver.c (ccid_slot_status): Add arg STATUSBITS. + * apdu.c (apdu_get_status): New. + (ct_get_status, pcsc_get_status, ocsc_get_status): New stubs. + (get_status_ccid): New. + (apdu_reset): New. + (reset_ct_reader, reset_pcsc_reader, reset_osc_reader): New stubs. + (reset_ccid_reader): New. + (apdu_enum_reader): New. + + * apdu.c (lock_slot, trylock_slot, unlock_slot): New helpers. + (new_reader_slot) [USE_GNU_PTH]: Init mutex. + (apdu_reset, apdu_get_status, apdu_send_le): Run functions + in locked mode. + + * command.c (scd_update_reader_status_file): New. + * scdaemon.c (handle_tick): Call it. + +2004-04-13 Werner Koch + + * scdaemon.c: Convert to a Pth application. + (handle_signal, ticker_thread, handle_tick): New. + (main): Fire up the ticker thread in server mode. + +2004-03-23 Werner Koch + + * scdaemon.c (main) : Fixed output for pcsc_driver. + +2004-03-17 Werner Koch + + * tlv.c (parse_ber_header): Do not check for tag overflow - it + does not make sense. Simplified the check for length overflow. + + * scdaemon.c (main) : Fixed default value quoting. + +2004-03-16 Werner Koch + + * app-dinsig.c: Implemented. Based on app-nks.c and card-dinsig.c + * app-nks.c (get_length_of_cert): Removed. + * app-help.c: New. + (app_help_read_length_of_cert): New. Code taken from above. New + optional arg R_CERTOFF. + + * card-dinsig.c: Removed. + * card.c (card_get_serial_and_stamp): Do not bind to the old and + never finsiged card-dinsig.c. + + * iso7816.c (iso7816_read_binary): Allow for an NMAX > 254. + +2004-03-11 Werner Koch + + * scdaemon.h (out_of_core): Removed. Replaced callers by standard + gpg_error function. + + * apdu.c, iso7816.c, ccid-driver.c [GNUPG_SCD_MAIN_HEADER]: Allow + to include a header defined by the compiler. This helps us to + reuse the source in other software. + +2004-03-10 Werner Koch + + * iso7816.c (iso7816_read_record): New arg SHORT_EF. Changed all + callers. + +2004-02-18 Werner Koch + + * sc-investigate.c (main): Setup the used character set. + * scdaemon.c (main): Ditto. + + * scdaemon.c (set_debug): New. Add option --debug-level. + (main): Add option --gpgconf-list. + +2004-02-12 Werner Koch + + * Makefile.am: Include cmacros.am for common flags. + +2004-01-29 Werner Koch + + * command.c (reset_notify): Release the application context and + close the reader. + +2004-01-28 Werner Koch + + * iso7816.c (iso7816_manage_security_env): New. + (iso7816_decipher): Add PADIND argument. + +2004-01-27 Werner Koch + + * command.c (cmd_readcert, cmd_readkey): Work on a copy of LINE. + + * app-common.h (app_ctx_s): Added readcert field. + * app.c (app_readcert): New. + * tlv.c (parse_ber_header): Added; taken from libksba. + +2004-01-26 Werner Koch + + * card.c (map_sc_err): Use SCD as the error source. + + * command.c (open_card): ADD arg NAME to allow requesting a + specific application. Changed all callers. + (cmd_serialno): Allow optional argument to select the desired + application. + + * app-nks.c: New. + + * scdaemon.h (opt): Add READER_PORT. + * scdaemon.c (main): Set it here. + * app.c (app_set_default_reader_port): Removed. + (select_application): Add NAME arg and figure out a + default serial number from the GDO. Add SLOT arg and remove all + reader management. + (release_application): New. + (app_write_learn_status): Output an APPTYPE status line. + * command.c (open_card): Adapt for select_application change. + * app-openpgp.c (app_select_openpgp): Removed SN and SNLEN args + and set it directly. Changed all callers. + +2004-01-25 Werner Koch + + * iso7816.c (iso7816_select_application): P1 kludge for OpenPGP + card. + * app-openpgp.c (find_tlv): Factor out this function to .. + * tlv.c, tlv.h: .. new. + + * scdaemon.h: Introduced app_t and ctrl_t as the new types for APP + and CTRL. + +2004-01-21 Werner Koch + + * apdu.c (apdu_send_le): Treat SW_EOF_REACHED as a warning. + +2004-01-20 Werner Koch + + * iso7816.c (iso7816_read_binary): New. + (iso7816_select_file): New. + (iso7816_list_directory): New. + + * sc-investigate.c: Add option -i. + (select_app, read_line, interactive_shell): New. + +2004-01-16 Werner Koch + + * apdu.h: Add SW_FILE_NOT_FOUND. + * iso7816.c (map_sw): Map it to GPG_ERR_ENOENT. + * iso7816.c (iso7816_select_file): New. + + * app-dinsig.c: New file w/o any real code yet. + * Makefile.am (scdaemon_SOURCES,sc_investigate_SOURCES): Add file. + + * sc-investigate.c: Add option --disable-ccid. + +2003-12-19 Werner Koch + + * apdu.c (apdu_send_le): Send a get_response with the indicated + length and not the 64 bytes we used for testing. + + * app-openpgp.c (verify_chv2, verify_chv3, do_sign): Check the + minimum length of the passphrase, so that we don't need to + decrement the retry counter. + +2003-12-17 Werner Koch + + * card-p15.c (p15_enum_keypairs): Replaced KRC by RC. + * card-dinsig.c (dinsig_enum_keypairs): Ditto. + +2003-12-16 Werner Koch + + * scdaemon.c (main): Set the prefixes for assuan logging. + +2003-11-17 Werner Koch + + * scdaemon.c, scdaemon.h: New options --allow-admin and --deny-admin. + * app-openpgp.c (verify_chv3): Check it here. + +2003-11-12 Werner Koch + + Adjusted for API changes in Libksba. + +2003-10-30 Werner Koch + + * apdu.c (close_ct_reader, close_pcsc_reader): Implemented. + (get_ccid_error_string): New. Not very useful messages, though. + +2003-10-25 Werner Koch + + * ccid-driver.c (ccid_open_reader): Return an error if no USB + devices are found. + + * command.c (cmd_genkey, cmd_passwd): Fixed faulty use of + !spacep(). + + * apdu.c (apdu_open_reader): Hacks for PC/SC under Windows. + +2003-10-20 Werner Koch + + * command.c (cmd_checkpin): New. + (register_commands): Add command CHECKPIN. + * app.c (app_check_pin): New. + * app-openpgp.c (check_against_given_fingerprint): New. Factored + out that code elsewhere. + (do_check_pin): New. + +2003-10-10 Werner Koch + + * ccid-driver.c (ccid_close_reader): New. + + * apdu.c (close_ccid_reader, close_ct_reader, close_csc_reader) + (close_osc_reader, apdu_close_reader): New. Not all are properly + implemented yet. + +2003-10-09 Werner Koch + + * ccid-driver.c (ccid_transceive): Add T=1 chaining for sending. + +2003-10-08 Werner Koch + + * app-openpgp.c (do_getattr): Support SERIALNO and AID. + +2003-10-01 Werner Koch + + * ccid-driver.c: Detect GnuPG 1.3 and include appropriate files. + * apdu.c: Ditto. + * app-openpgp.c: Ditto. + * iso7816.c: Ditto. + (generate_keypair): Renamed to .. + (do_generate_keypair): .. this. + * app-common.h [GNUPG_MAJOR_VERSION]: New. + * iso7816.h [GNUPG_MAJOR_VERSION]: Include cardglue.h + +2003-09-30 Werner Koch + + * command.c (cmd_getattr): New command GETATTR. + * app.c (app_setattr): New. + (do_getattr): New. + (do_learn_status): Reimplemented in terms of do_getattr. + + * app-openpgp.c (do_change_pin): Make sure CVH1 and CHV2 are + always synced. + (verify_chv2, verify_chv3): New. Factored out common code. + (do_setattr, do_sign, do_auth, do_decipher): Change the names of + the prompts to match that we have only 2 different PINs. + (app_select_openpgp): Check whether the card enforced CHV1. + (convert_sig_counter_value): New. Factor out code from + get_sig_counter. + +2003-09-28 Werner Koch + + * app-openpgp.c (dump_all_do): Use gpg_err_code and not gpg_error. + +2003-09-19 Werner Koch + + * ccid-driver.c (parse_ccid_descriptor): New. + (read_device_info): New. + (ccid_open_reader): Check that the device has all required features. + +2003-09-06 Werner Koch + + * scdaemon.c (main): --pcsc-driver again defaults to pcsclite. + David Corcoran was so kind to remove the GPL incompatible + advertisng clause from pcsclite. + * apdu.c (apdu_open_reader): Actually make pcsc-driver option work. + +2003-09-05 Werner Koch + + * ccid-driver.c: More work, data can now actually be retrieved. + * ccid-driver.c, ccid-driver.h: Alternativley allow use under BSD + conditions. + +2003-09-02 Werner Koch + + * scdaemon.c, scdaemon.h: New option --pcsc-ccid. + * ccid-driver.c, ccid-driver.h: New but far from being useful. + * Makefile.am: Add above. + * apdu.c: Add support for that ccid driver. + +2003-08-26 Timo Schulz + + * apdu.c (new_reader_slot): Only set 'is_osc' when OpenSC + is used. + +2003-08-25 Werner Koch + + * command.c (cmd_setattr): Use a copy of LINE. + (cmd_genkey): Use a copy of KEYNO. + (cmd_passwd): Use a copy of CHVNOSTR. + (cmd_pksign, cmd_pkauth, cmd_pkdecrypt): s/strdup/xtrystrdup/. + +2003-08-19 Werner Koch + + * scdaemon.c, scdaemon.h: New option --pcsc-driver. + * apdu.c (apdu_open_reader): Use that option here instead of a + hardcoded one. + +2003-08-18 Werner Koch + + * Makefile.am: Add OPENSC_LIBS to all programs. + + * scdaemon.c, scdaemon.h: New option --disable-opensc. + * card.c (card_open): Implement it. + * apdu.c (open_osc_reader, osc_send_apdu): New. + (apdu_open_reader) [HAVE_OPENSC]: Use the opensc driver if not + disabled. + (error_string) [HAVE_OPENSC]: Use sc_strerror. + (send_apdu) [HAVE_OPENSC]: Call osc_apdu_send. + + * card-p15.c (p15_enum_keypairs, p15_prepare_key): Adjusted for + libgpg-error. + +2003-08-14 Timo Schulz + + * apdu.c (ct_activate_card): Change the code a little to avoid + problems with other readers. + * Always use 'dynload.h' instead of 'dlfcn.h'. + +2003-08-05 Werner Koch + + * app-openpgp.c (dump_all_do): Don't analyze constructed DOs after + an error. + +2003-08-04 Werner Koch + + * app.c (app_set_default_reader_port): New. + (select_application): Use it here. + * scdaemon.c (main): and here. + * sc-copykeys.c: --reader-port does now take a string. + * sc-investigate.c, scdaemon.c: Ditto. + * apdu.c (apdu_open_reader): Ditto. Load pcsclite if no ctapi + driver is configured. Always include code for ctapi. + (new_reader_slot): Don't test for already used ports and remove + port arg. + (open_pcsc_reader, pcsc_send_apdu, pcsc_error_string): New. + (apdu_send_le): Changed RC to long to cope with PC/SC. + + * scdaemon.c, scdaemon.h: New option --ctapi-driver. + * sc-investigate.c, sc-copykeys.c: Ditto. + +2003-07-31 Werner Koch + + * Makefile.am (scdaemon_LDADD): Added INTLLIBS. + +2003-07-28 Werner Koch + + * app-openpgp.c (do_setattr): Change implementation. Allow all + useful DOs. + +2003-07-27 Werner Koch + + Adjusted for gcry_mpi_print and gcry_mpi_scan API change. + +2003-07-24 Werner Koch + + * app-openpgp.c (do_learn_status): Print more status information. + (app_select_openpgp): Store the card version. + (store_fpr): Add argument card_version and fix DOs for old cards. + (app_openpgp_storekey): Likewise. + +2003-07-23 Werner Koch + + * command.c (cmd_pkauth): New. + (cmd_setdata): Check whether data was given at all to avoid + passing 0 to malloc. + + * app.c (app_auth): New. + * app-openpgp.c (do_auth): New. + +2003-07-22 Werner Koch + + * command.c (cmd_passwd): New. + * app.c (app_change_pin): New. + * app-openpgp.c (do_change_pin): New. + * iso7816.c (iso7816_reset_retry_counter): Implemented. + + * sc-investigate.c (main): New option --gen-random. + * iso7816.c (iso7816_get_challenge): Don't create APDUs with a + length larger than 255. + +2003-07-17 Werner Koch + + * command.c (cmd_random): New command RANDOM. + + * iso7816.c (map_sw): New. Use it in this file to return + meaningful error messages. Changed all public fucntions to return + a gpg_error_t. + (iso7816_change_reference_data): New. + * apdu.c (apdu_open_reader): Use faked status words for soem + system errors. + +2003-07-16 Werner Koch + + * apdu.c (apdu_send_simple): Use apdu_send_le so that we can + specify not to send Le as it should be. + +2003-07-15 Werner Koch + + * Makefile.am: Add sc-copykeys program. + * sc-copykeys.c: New. + * app-openpgp.c (app_openpgp_storekey): New. + (app_openpgp_cardinfo): New. + (count_bits): New. + (store_fpr): And use it here to get the actual length in bit. + +2003-07-03 Werner Koch + + * app-openpgp.c (do_setattr): Add setting of the URL. + (app_select_openpgp): Dump card data only in very verbose mode. + (do_decipher): New. + +2003-07-02 Werner Koch + + * app-openpgp.c (get_sig_counter): New. + (do_sign): Print the signature counter and enable the PIN callback. + (do_genkey): Implement the PIN callback. + +2003-07-01 Werner Koch + + * app-openpgp.c (store_fpr): Fixed fingerprint calculation. + +2003-06-26 Werner Koch + + * app-openpgp.c (find_tlv): Fixed length header parsing. + + * app.c (app_genkey): New. + * command.c (cmd_genkey): New. + +2003-06-25 Werner Koch + + * command.c (percent_plus_unescape): New. + (cmd_setattr): New. + +2003-06-24 Werner Koch + + * command.c (send_status_info): New. + + * app-openpgp.c (app_select_openpgp): Replace SLOT arg by APP arg + and setup the function pointers in APP on success. Changed callers. + * app.c: New. + * app-common.h: New. + * scdaemon.h (APP): New type to handle applications. + (server_control_s): Add an APP context field. + + * command.c (cmd_serialno): Handle applications. + (cmd_pksign): Ditto. + (cmd_pkdecrypt): Ditto. + (reset_notify): Ditto. + (cmd_learn): For now return error for application contexts. + (cmd_readcert): Ditto. + (cmd_readkey): Ditto. + +2003-06-04 Werner Koch + + * card.c (map_sc_err): Renamed gpg_make_err to gpg_err_make. + + Renamed error codes from INVALID to INV and removed _ERROR suffixes. + +2003-06-03 Werner Koch + + Changed all error codes in all files to the new libgpg-error scheme. + + * scdaemon.h: Include gpg-error.h and errno.h + * card.c (map_sc_err): Use unknown for the error source. + * Makefile.am: Link with libgpg-error + +2003-05-14 Werner Koch + + * atr.c, atr.h: New. + * sc-investigate.c: Dump the ATR in a human readable format. + +2003-05-08 Werner Koch + + * scdaemon.h (DBG_CARD_IO_VALUE): New. + + * sc-investigate.c: New. + * scdaemon.c (main): Removed --print-atr option. + + * iso7816.c, iso7816.h, app-openpgp.c: New. + +2003-04-29 Werner Koch + + * scdaemon.c: New options --print-atr and --reader-port + * apdu.c, apdu.h: New + + * card.c, card-p15.c, card-dinsig.c: Allow build without OpenSC. + + * Makefile.am (LDFLAGS): Removed. + + * command.c (register_commands): Adjusted for new Assuan semantics. + +2002-08-21 Werner Koch + + * scdaemon.c (main): New option --daemon so that the program is + not accidently started in the background. + +2002-08-16 Werner Koch + + * scdaemon.c: Include i18n.h. + + * card-common.h (struct p15_private_s): Forward declaration. Add + it to card_ctx_s. + * card.c (card_close): Make sure private data is released. + (card_enum_certs): New. + * card-p15.c (p15_release_private_data): New. + (init_private_data): New to work around an OpenSC weirdness. + (p15_enum_keypairs): Do an OpenSC get_objects only once. + (p15_enum_certs): New. + (card_p15_bind): Bind new function. + * command.c (cmd_learn): Return information about the certificates. + +2002-08-09 Werner Koch + + * card.c (card_get_serial_and_stamp): Use the tokeinfo serial + number as a fallback. Add a special prefix for serial numbers. + +2002-07-30 Werner Koch + + Changes to cope with OpenSC 0.7.0: + + * card.c: Removed the check for the packed opensc version. + Changed include file names of opensc. + (map_sc_err): Adjusted error codes for new opensc version. + * card-p15.c: Changed include filename of opensc. + * card-dinsig.c: Ditto. + + * card-p15.c (p15_decipher): Add flags argument to OpenSC call. + +2002-07-24 Werner Koch + + * card.c (find_simple_tlv, find_iccsn): New. + (card_get_serial_and_stamp): Improved serial number parser. + +2002-06-27 Werner Koch + + * scdaemon.c (main): Use GNUPG_DEFAULT_HOMEDIR constant. + +2002-06-15 Werner Koch + + * card-dinsig.c: Documented some stuff from the DIN norm. + +2002-04-15 Werner Koch + + * command.c (cmd_pksign, cmd_pkdecrypt): Use a copy of the key ID. + +2002-04-12 Werner Koch + + * scdaemon.c: New option --debug-sc N. + * card.c (card_open): set it here. + + * card-p15.c (p15_prepare_key): Factored out common code from ... + (p15_sign, p15_decipher): here and made the decryption work the + regular way. + +2002-04-10 Werner Koch + + * card.c (card_open): Return immediately when no reader is available. + +2002-03-27 Werner Koch + + * card.c (card_open, card_close): Adjusted for changes in OpenSC. + +2002-03-10 Werner Koch + + * card-p15.c, card-dinsig.c, card-common.h: New. + * card.c: Factored most code out to the new modules, so that we + can better support different types of card applications. + +2002-01-26 Werner Koch + + * scdaemon.c scdaemon.h, command.c: New. Based on the code from + the gpg-agent. + + + Copyright 2002, 2003, 2004, 2005, 2007, 2008 Free Software Foundation, Inc. + + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even the + implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +Local Variables: +buffer-read-only: t +End: diff --git a/scd/Makefile.am b/scd/Makefile.am index f61a93e43..d9a3ddbde 100644 --- a/scd/Makefile.am +++ b/scd/Makefile.am @@ -17,6 +17,8 @@ ## Process this file with automake to produce Makefile.in +EXTRA_DIST = ChangeLog-2011 + bin_PROGRAMS = scdaemon if ! HAVE_W32_SYSTEM libexec_PROGRAMS = gnupg-pcsc-wrapper diff --git a/scripts/ChangeLog b/scripts/ChangeLog deleted file mode 100644 index 1a664ca68..000000000 --- a/scripts/ChangeLog +++ /dev/null @@ -1,51 +0,0 @@ -2011-11-29 Werner Koch - - * build-all.sh: Make sure HOME has no unsafe characters. - -2011-11-28 Werner Koch , - Jim Meyering - - * build-all.sh: New. - -2011-08-10 Werner Koch - - * config.guess, config.sub: Update to version 2011-06-03. - -2010-10-26 Werner Koch - - * config.guess: Update to version 2010-09-24. - * config.sub: Update to version 2010-09-11. - -2007-12-14 Werner Koch - - * config.guess, config.sub: Update to version 2007-11-19. - -2007-07-04 Werner Koch - - Switched to GPLv3+. - - * config.sub, config.guess: Updated from current Savannah - upstream. Changed to GPLv3+. - -2007-05-04 Werner Koch - - * texinfo.tex: Updated from gnulib. - -2007-04-04 Werner Koch - - * mail-to-translators: Copied from 1.4 and adjusted. - -2004-09-30 Werner Koch - - * config.guess, config.sub: Updated. - - - Copyright 2004, 2007, 2010 Free Software Foundation, Inc. - - This file is free software; as a special exception the author gives - unlimited permission to copy and/or distribute it, with or without - modifications, as long as this notice is preserved. - - This file is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY, to the extent permitted by law; without even the - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/scripts/ChangeLog-2011 b/scripts/ChangeLog-2011 new file mode 100644 index 000000000..9a3eed3b0 --- /dev/null +++ b/scripts/ChangeLog-2011 @@ -0,0 +1,62 @@ +2011-12-01 Werner Koch + + NB: ChangeLog files are no longer manually maintained. Starting + on December 1st, 2011 we put change information only in the GIT + commit log, and generate a top-level ChangeLog file from logs at + "make dist". See doc/HACKING for details. + +2011-11-29 Werner Koch + + * build-all.sh: Make sure HOME has no unsafe characters. + +2011-11-28 Werner Koch , + Jim Meyering + + * build-all.sh: New. + +2011-08-10 Werner Koch + + * config.guess, config.sub: Update to version 2011-06-03. + +2010-10-26 Werner Koch + + * config.guess: Update to version 2010-09-24. + * config.sub: Update to version 2010-09-11. + +2007-12-14 Werner Koch + + * config.guess, config.sub: Update to version 2007-11-19. + +2007-07-04 Werner Koch + + Switched to GPLv3+. + + * config.sub, config.guess: Updated from current Savannah + upstream. Changed to GPLv3+. + +2007-05-04 Werner Koch + + * texinfo.tex: Updated from gnulib. + +2007-04-04 Werner Koch + + * mail-to-translators: Copied from 1.4 and adjusted. + +2004-09-30 Werner Koch + + * config.guess, config.sub: Updated. + + + Copyright 2004, 2007, 2010 Free Software Foundation, Inc. + + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even the + implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +Local Variables: +buffer-read-only: t +End: diff --git a/scripts/git-log-fix b/scripts/git-log-fix new file mode 100644 index 000000000..af702fe6f --- /dev/null +++ b/scripts/git-log-fix @@ -0,0 +1,3 @@ +# This file is expected to be used via gitlog-to-changelog's --amend=FILE +# option. It specifies what changes to make to each given SHA1's commit +# log and metadata, using Perl-eval'able expressions. diff --git a/scripts/git-log-footer b/scripts/git-log-footer new file mode 100644 index 000000000..c31fe936a --- /dev/null +++ b/scripts/git-log-footer @@ -0,0 +1,14 @@ + +2011-12-01 Werner Koch + + NB: Changes done before December 1st, 2011 are described in + per directory files named ChangeLog-2011. See doc/HACKING for + details. + + ----- + Copyright (C) 2011 Free Software Foundation, Inc. + + Copying and distribution of this file and/or the original GIT + commit log messages, with or without modification, are + permitted provided the copyright notice and this notice are + preserved. diff --git a/scripts/gitlog-to-changelog b/scripts/gitlog-to-changelog new file mode 100755 index 000000000..40a803554 --- /dev/null +++ b/scripts/gitlog-to-changelog @@ -0,0 +1,345 @@ +eval '(exit $?0)' && eval 'exec perl -wS "$0" ${1+"$@"}' + & eval 'exec perl -wS "$0" $argv:q' + if 0; +# Convert git log output to ChangeLog format. + +my $VERSION = '2011-11-02 07:53'; # UTC +# The definition above must lie within the first 8 lines in order +# for the Emacs time-stamp write hook (at end) to update it. +# If you change this file with Emacs, please let the write hook +# do its job. Otherwise, update this string manually. + +# Copyright (C) 2008-2011 Free Software Foundation, Inc. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# Written by Jim Meyering + +use strict; +use warnings; +use Getopt::Long; +use POSIX qw(strftime); + +(my $ME = $0) =~ s|.*/||; + +# use File::Coda; # http://meyering.net/code/Coda/ +END { + defined fileno STDOUT or return; + close STDOUT and return; + warn "$ME: failed to close standard output: $!\n"; + $? ||= 1; +} + +sub usage ($) +{ + my ($exit_code) = @_; + my $STREAM = ($exit_code == 0 ? *STDOUT : *STDERR); + if ($exit_code != 0) + { + print $STREAM "Try `$ME --help' for more information.\n"; + } + else + { + print $STREAM < ChangeLog + $ME -- -n 5 foo > last-5-commits-to-branch-foo + +In a FILE specified via --amend, comment lines (starting with "#") are ignored. +FILE must consist of pairs where SHA is a 40-byte SHA1 (alone on +a line) referring to a commit in the current project, and CODE refers to one +or more consecutive lines of Perl code. Pairs must be separated by one or +more blank line. + +Here is sample input for use with --amend=FILE, from coreutils: + +3a169f4c5d9159283548178668d2fae6fced3030 +# fix typo in title: +s/all tile types/all file types/ + +1379ed974f1fa39b12e2ffab18b3f7a607082202 +# Due to a bug in vc-dwim, I mis-attributed a patch by Paul to myself. +# Change the author to be Paul. Note the escaped "@": +s,Jim .*>,Paul Eggert , + +EOF + } + exit $exit_code; +} + +# If the string $S is a well-behaved file name, simply return it. +# If it contains white space, quotes, etc., quote it, and return the new string. +sub shell_quote($) +{ + my ($s) = @_; + if ($s =~ m![^\w+/.,-]!) + { + # Convert each single quote to '\'' + $s =~ s/\'/\'\\\'\'/g; + # Then single quote the string. + $s = "'$s'"; + } + return $s; +} + +sub quoted_cmd(@) +{ + return join (' ', map {shell_quote $_} @_); +} + +# Parse file F. +# Comment lines (starting with "#") are ignored. +# F must consist of pairs where SHA is a 40-byte SHA1 +# (alone on a line) referring to a commit in the current project, and +# CODE refers to one or more consecutive lines of Perl code. +# Pairs must be separated by one or more blank line. +sub parse_amend_file($) +{ + my ($f) = @_; + + open F, '<', $f + or die "$ME: $f: failed to open for reading: $!\n"; + + my $fail; + my $h = {}; + my $in_code = 0; + my $sha; + while (defined (my $line = )) + { + $line =~ /^\#/ + and next; + chomp $line; + $line eq '' + and $in_code = 0, next; + + if (!$in_code) + { + $line =~ /^([0-9a-fA-F]{40})$/ + or (warn "$ME: $f:$.: invalid line; expected an SHA1\n"), + $fail = 1, next; + $sha = lc $1; + $in_code = 1; + exists $h->{$sha} + and (warn "$ME: $f:$.: duplicate SHA1\n"), + $fail = 1, next; + } + else + { + $h->{$sha} ||= ''; + $h->{$sha} .= "$line\n"; + } + } + close F; + + $fail + and exit 1; + + return $h; +} + +{ + my $since_date; + my $format_string = '%s%n%b%n'; + my $amend_file; + my $append_dot = 0; + GetOptions + ( + help => sub { usage 0 }, + version => sub { print "$ME version $VERSION\n"; exit }, + 'since=s' => \$since_date, + 'format=s' => \$format_string, + 'amend=s' => \$amend_file, + 'append-dot' => \$append_dot, + ) or usage 1; + + + defined $since_date + and unshift @ARGV, "--since=$since_date"; + + # This is a hash that maps an SHA1 to perl code (i.e., s/old/new/) + # that makes a correction in the log or attribution of that commit. + my $amend_code = defined $amend_file ? parse_amend_file $amend_file : {}; + + my @cmd = (qw (git log --log-size), + '--pretty=format:%H:%ct %an <%ae>%n%n'.$format_string, @ARGV); + open PIPE, '-|', @cmd + or die ("$ME: failed to run `". quoted_cmd (@cmd) ."': $!\n" + . "(Is your Git too old? Version 1.5.1 or later is required.)\n"); + + my $prev_date_line = ''; + my @prev_coauthors = (); + while (1) + { + defined (my $in = ) + or last; + $in =~ /^log size (\d+)$/ + or die "$ME:$.: Invalid line (expected log size):\n$in"; + my $log_nbytes = $1; + + my $log; + my $n_read = read PIPE, $log, $log_nbytes; + $n_read == $log_nbytes + or die "$ME:$.: unexpected EOF\n"; + + # Extract leading hash. + my ($sha, $rest) = split ':', $log, 2; + defined $sha + or die "$ME:$.: malformed log entry\n"; + $sha =~ /^[0-9a-fA-F]{40}$/ + or die "$ME:$.: invalid SHA1: $sha\n"; + + # If this commit's log requires any transformation, do it now. + my $code = $amend_code->{$sha}; + if (defined $code) + { + eval 'use Safe'; + my $s = new Safe; + # Put the unpreprocessed entry into "$_". + $_ = $rest; + + # Let $code operate on it, safely. + my $r = $s->reval("$code") + or die "$ME:$.:$sha: failed to eval \"$code\":\n$@\n"; + + # Note that we've used this entry. + delete $amend_code->{$sha}; + + # Update $rest upon success. + $rest = $_; + } + + my @line = split "\n", $rest; + my $author_line = shift @line; + defined $author_line + or die "$ME:$.: unexpected EOF\n"; + $author_line =~ /^(\d+) (.*>)$/ + or die "$ME:$.: Invalid line " + . "(expected date/author/email):\n$author_line\n"; + + my $date_line = sprintf "%s $2\n", strftime ("%F", localtime ($1)); + + # Format 'Co-authored-by: A U Thor ' lines in + # standard multi-author ChangeLog format. + my @coauthors = grep /^Co-authored-by:.*$/, @line; + for (@coauthors) + { + s/^Co-authored-by:\s*/\t /; + s/\s*/ + or warn "$ME: warning: missing email address for " + . substr ($_, 5) . "\n"; + } + + # If this header would be the same as the previous date/name/email/ + # coauthors header, then arrange not to print it. + if ($date_line ne $prev_date_line or "@coauthors" ne "@prev_coauthors") + { + $prev_date_line eq '' + or print "\n"; + print $date_line; + @coauthors + and print join ("\n", @coauthors), "\n"; + } + $prev_date_line = $date_line; + @prev_coauthors = @coauthors; + + # Omit "Co-authored-by..." and "Signed-off-by..." lines. + @line = grep !/^Signed-off-by: .*>$/, @line; + @line = grep !/^Co-authored-by: /, @line; + + # Remove leading and trailing blank lines. + if (@line) + { + while ($line[0] =~ /^\s*$/) { shift @line; } + while ($line[$#line] =~ /^\s*$/) { pop @line; } + } + + # If there were any lines + if (@line == 0) + { + warn "$ME: warning: empty commit message:\n $date_line\n"; + } + else + { + if ($append_dot) + { + # If the first line of the message has enough room, then + if (length $line[0] < 72) + { + # append a dot if there is no other punctuation or blank + # at the end. + $line[0] =~ /[[:punct:]\s]$/ + or $line[0] .= '.'; + } + } + + # Prefix each non-empty line with a TAB. + @line = map { length $_ ? "\t$_" : '' } @line; + + print "\n", join ("\n", @line), "\n"; + } + + defined ($in = ) + or last; + $in ne "\n" + and die "$ME:$.: unexpected line:\n$in"; + } + + close PIPE + or die "$ME: error closing pipe from " . quoted_cmd (@cmd) . "\n"; + # FIXME-someday: include $PROCESS_STATUS in the diagnostic + + # Complain about any unused entry in the --amend=F specified file. + my $fail = 0; + foreach my $sha (keys %$amend_code) + { + warn "$ME:$amend_file: unused entry: $sha\n"; + $fail = 1; + } + + exit $fail; +} + +# Local Variables: +# mode: perl +# indent-tabs-mode: nil +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "my $VERSION = '" +# time-stamp-format: "%:y-%02m-%02d %02H:%02M" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "'; # UTC" +# End: diff --git a/sm/ChangeLog b/sm/ChangeLog deleted file mode 100644 index a77c7a88e..000000000 --- a/sm/ChangeLog +++ /dev/null @@ -1,2957 +0,0 @@ -2011-09-20 Werner Koch - - * verify.c (gpgsm_verify): s/gcry_md_start_debug/gcry_md_debug/ - in preparation for Libgcrypt 1.6. - * sign.c (gpgsm_sign): Ditto. - * certreqgen.c (create_request): Ditto. - * certcheck.c (gpgsm_check_cert_sig): Ditto. - -2011-08-10 Werner Koch - - * keydb.c (keydb_add_resource): Remove unsued var CREATED_FNAME. - - * gpgsm.c (main): Remove unused var FNAME. - -2011-07-21 Werner Koch - - * call-dirmngr.c (get_cached_cert, get_cached_cert_data_cb): New. - (gpgsm_dirmngr_isvalid): Try to get the only-valid-if-cert-valid - certificate from the dirmngr first. - -2011-06-01 Marcus Brinkmann - - * certreqgen.c (proc_parameters): Initialize RC. - -2011-04-25 Werner Koch - - * certlist.c (gpgsm_add_to_certlist): Mark classify_user_id for - use with non-OpenPGP. - (gpgsm_find_cert): Ditto. - * sign.c (get_default_signer): Ditto. - * keylist.c (list_internal_keys): Ditto. - * import.c (reimport_one): Ditto. - * export.c (gpgsm_export): Ditto. - * delete.c (delete_one): Ditto. - -2011-03-10 Werner Koch - - * minip12.c (oid_pkcs5PBKDF2, oid_pkcs5PBES2, oid_aes128_CBC): New. - (set_key_iv_pbes2): New. - (crypt_block): Add args IV and IVLEN. Call set_key_iv_pbes2. - (decrypt_block): Add args IV and IVLEN. - (parse_bag_encrypted_data): Hack to support PBES2 data. - (parse_bag_data): Ditto. - -2011-03-03 Werner Koch - - * base64.c (base64_finish_write): Do not copy to radbuf to get rid - of a faulty gcc 4.4 "used uninitialized" warning. - -2011-03-01 Werner Koch - - * certreqgen.c (pSERIAL, pISSUERDN, pNOTBEFORE, pNOTAFTER) - (pSIGNINGKEY, pHASHALGO): New. - (reqgen_ctrl_s): Remove field WRITER. - (read_parameters): Support new keywords. Change arg WRITER to - OUT_FP; pass that to proc_parameters. - (proc_parameters): Add arg WRITER. Check values of new keywords. - Create writer object here. Support generation of certificates. - (create_request): Take new arg SIGKEY. Allow for hash algorithms - other than SHA-1. Set serialno and other values for certificate - creation. - (gpgsm_genkey): Do not create writer object but pass output stream - to read_parameters. - * certreqgen-ui.c (gpgsm_gencertreq_tty): Ask for self-signed. - * misc.c (transform_sigval): New. - -2011-02-25 Werner Koch - - * certreqgen.c (create_request): Add arg SIGKEY. - -2010-11-25 Werner Koch - - * base64.c (gpgsm_create_writer): Remove arg FP which is not used - by any caller. Change all callers. - (struct writer_cb_parm_s): Remove field FP. - (do_putc, do_fputs): Remove and replace callers by direct calls to - es_ functions. - -2010-11-23 Werner Koch - - * Makefile.am (gpgsm_LDADD): Add extra_bin_ldflags. - -2010-10-08 Werner Koch - - * gpgsm.c: Add option --with-keygrip. - * gpgsm.h (struct opt): Add WITH_KEYGRIP. - * keylist.c (list_cert_std): Implement option. - -2010-09-16 Werner Koch - - * certchain.c (gpgsm_walk_cert_chain): Use GPG_ERR_MISSING_ISSUER_CERT. - (do_validate_chain): Ditto. - (gpgsm_basic_cert_check): Ditto. - * call-agent.c (learn_cb): Take care of new - GPG_ERR_MISSING_ISSUER_CERT. - * import.c (check_and_store): Ditto. - (check_and_store): Ditto. - -2010-08-16 Werner Koch - - * gpgsm.c (main) : Use es_printf. - - * call-dirmngr.c (start_dirmngr_ext): Use new start_new_dirmngr - function. - - * gpgsm.c: Mark option --prefer-system-dirmngr obsolete. - (main): Enable dirmngr by default. - - * gpgsm.h (struct opt): Remove field PREFER_SYSTEM_DIRMNGR. - - * server.c (gpgsm_server): Use dirmngr_socket_name instead of the - envvar for the hello line info. - -2010-06-21 Werner Koch - - * minip12.c (p12_build): Change arg CERT to const void ptr. - (build_cert_sequence): Change arg CERT to const ptr. - - * gpgsm.c (main) : Use to estream. - (open_fwrite): Removed. - - * export.c: Include minip12.h. - (popen_protect_tool): Remove. - (export_p12): Use gpg-agent directly. Change calling convention. - (gpgsm_p12_export): Adjust for that change. Change arg FP to an - estream_t. - (do_putc): Remove. Change callers to es_putc. - (do_fputs): Likewise. - (print_short_info): Remove arg FP. - * call-agent.c (gpgsm_agent_export_key): new. - -2010-06-17 Werner Koch - - * import.c (parse_p12): Remove arg retfp. Use the agent's new - import command. - (import_one): Adjust call to pkcs12. - (store_cert_cb, rsa_key_check): New. - (popen_protect_tool): Remove. - * minip12.c (parse_bag_encrypted_data, p12_parse): Add arg - R_BADPASS. - * call-agent.c (gpgsm_agent_ask_passphrase): New. - (gpgsm_agent_keywrap_key): New. - (struct import_key_parm_s): New. - (gpgsm_agent_import_key): New. - * minip12.c, minip12.h: Move from ../agent/. - * Makefile.am (gpgsm_SOURCES): Add them. - -2010-06-11 Marcus Brinkmann - - * server.c (cmd_message) [HAVE_W32CE_SYSTEM]: Finish pipe. - -2010-06-10 Marcus Brinkmann - - * server.c (SERVER_STDIN, SERVER_STDOUT): New macros. - (gpgsm_server): Use them with assuan_fdopen. - -2010-04-23 Marcus Brinkmann - - * certreqgen.c (read_parameters): Use ascii_isspace instead of - spacep to stop at newline, too. - -2010-04-14 Werner Koch - - * gpgsm.c (main) [W32CE]: Disable dirmngr for now. - -2010-04-13 Werner Koch - - * sign.c (gpgsm_sign): Do not check qualified status in - no-chain-validation mode. - -2010-04-08 Werner Koch - - * gpgsm.c (open_es_fread): Add arg mode. - (main) : Call with mode "r" instead of "rb". - -2010-04-07 Werner Koch - - * misc.c: Remove setenv.h. Include sysutils.h. - (setup_pinentry_env): s/setenv/gnupg_setenv/ - -2010-03-24 Werner Koch - - * Makefile.am (gpgsm_LDADD): Add extra_sys_libs. - -2010-03-23 Werner Koch - - * qualified.c (gpgsm_is_in_qualified_list): Replace rewind by - fseek+clearerr. - -2010-03-22 Werner Koch - - * import.c (parse_p12): Use estream functions for the tmp streams. - * export.c (export_p12): Ditto. - -2010-03-11 Werner Koch - - * verify.c (gpgsm_verify): Use gpgsm_es_print_name. - - * gpgsm.c: Include "asshelp.h". - (main): Remove assuan_set_assuan_log_prefix. Add - assuan_set_log_cb. - * server.c (gpgsm_server): Remove assuan_set_log_stream. - -2010-03-10 Werner Koch - - * Makefile.am (common_libs): Remove libjnlib.a. Change order. - - * gpgsm.h: Remove "estream.h". - -2010-03-08 Werner Koch - - * certreqgen.c (gpgsm_genkey): Change OUT_FP to an estream_t - OUT_STREAM. - * certreqgen-ui.c (gpgsm_gencertreq_tty): ditto. - - * server.c (cmd_genkey): Close IN_STREAM. - - * server.c (cmd_encrypt, cmd_decrypt, cmd_verify, cmd_sign): Avoid - dup call by using es_fdopen_nc. - (do_listkeys): Use es_fdopen_nc instead of dup and es_fdopen. - (cmd_export): Ditto. - (cmd_genkey): Ditto. - * export.c (popen_protect_tool): Change OUTFILE to an estream_t. - (export_p12): Change OUTFP and arg RETFP to an estream_t. - (gpgsm_p12_export): Change DATAFP to an estream_t. - (gpgsm_export): Remove arg FP. - * import.c (import_one): Change CERTFP and arg FP to an estream_t. - (popen_protect_tool): Ditto for OUTFILE. - (parse_p12): Change CERTFP to an estream_t. - * sign.c (hash_data, hash_and_copy_data): Use estream. - (gpgsm_sign): Change arg OUT_FP to an estream_t. - * verify.c (gpgsm_verify): Rename FP to IN_FP. Change FP and arg - OUT_FP to an estream_t. - (hash_data): Use estream. - * base64.c (struct reader_cb_parm_s): Change FP to an estream_t. - (gpgsm_create_reader): Ditto. - (simple_reader_cb, base64_reader_cb): Adjust accordingly. - * decrypt.c (gpgsm_decrypt): Change OUT_FP and IN_FP to an estream_t. - * encrypt.c (gpgsm_encrypt): Change OUT_FP to an estream_t. Ditto - for DATA_FD. - (encrypt_cb): Use estream. - * gpgsm.c (main) : Use estream - functions. - (main) : Use open_es_fwrite. - -2009-12-14 Werner Koch - - * server.c (cmd_passwd): New. - (register_commands): Register new command. - -2009-12-10 Werner Koch - - * gpgsm.c: Add option --ignore-cert-extension. - * gpgsm.h (opt): Add field IGNORED_CERT_EXTENSIONS. - * certchain.c (unknown_criticals): Handle ignored extensions, - -2009-12-08 Werner Koch - - * keydb.c (keydb_search_kid): Fix code even that it is not used. - (classify_user_id): Adjust for change of u.kid type. - (keydb_classify_name): Replace GPG_ERR_INV_NAME by - GPG_ERR_INV_USER_ID. - (keydb_classify_name): Remove. Replace all callers by - classify_user_id. - -2009-12-08 Marcus Brinkmann - - * call-dirmngr.c (start_dirmngr_ext): Convert posix fd to assuan fd. - -2009-12-03 Werner Koch - - * gpgsm.c (set_debug): Allow for numerical debug leveles. Print - active debug flags. - -2009-12-02 Werner Koch - - * verify.c (gpgsm_verify): Add audit info on hash algorithms. - - * sign.c (gpgsm_sign): Add audit log calls. - (hash_data): Return an error indicator. - -2009-12-01 Werner Koch - - * decrypt.c (gpgsm_decrypt): Add audit log calls. - - * gpgsm.c: New option --html-audit-log. - -2009-11-25 Marcus Brinkmann - - * server.c (gpgsm_server): Use assuan_fd_t and assuan_fdopen on - fds. - -2009-11-23 Werner Koch - - * gpgsm.c (main) : Add key "default_pubkey_algo". - -2009-11-10 Marcus Brinkmann - - * server.c (cmd_getauditlog): Don't dup FD for es_fdopen_nc as - this leaks the FD here. - -2009-11-05 Marcus Brinkmann - - * call-dirmngr.c (start_dirmngr_ext): Update use of - assuan_pipe_connect and assuan_socket_connect. - -2009-11-04 Werner Koch - - * certreqgen.c (proc_parameters): Change fallback key length to - 2048. - - * server.c (register_commands): Add help arg to - assuan_register_command. Provide help strings for all commands. - -2009-11-02 Marcus Brinkmann - - * server.c (reset_notify, input_notify, output_notify): Update to - new assuan interface. - (register_commands): Use assuan_handler_t. - * call-agent.c (membuf_data_cb, default_inq_cb) - (inq_ciphertext_cb, scd_serialno_status_cb) - (scd_keypairinfo_status_cb, istrusted_status_cb) - (learn_status_cb, learn_cb, keyinfo_status_cb): Return gpg_error_t. - -2009-10-16 Werner Koch - - * gpgsm.c (default_include_certs): Change to -2. - (DEFAULT_INCLUDE_CERTS): New. - (DEFAULT_CIPHER_ALGO): New. Use instead of hardcoded "3DES". - -2009-09-30 Werner Koch - - * gpgsm.c (main): Remove obsolete GCRYCTL_DISABLE_INTERNAL_LOCKING. - -2009-09-23 Marcus Brinkmann - - * gpgsm.c (main): Update to new assuan API. - * server.c: Include "gpgsm.h" before due to check for - GPG_ERR_SOURCE_DEFAULT and assuan.h now including gpg-error.h. - (option_handler, cmd_recipient, cmd_signer, cmd_encrypt) - (cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export) - (cmd_delkeys, cmd_message, cmd_listkeys, cmd_dumpkeys) - (cmd_listsecretkeys, cmd_dumpsecretkeys, cmd_genkey) - (cmd_getauditlog, cmd_getinfo): Return gpg_error_t instead of int. - (register_commands): Same for member HANDLER in table. - (gpgsm_server): Allocate assuan context before starting server. - * sm/call-dirmngr.c: - * call-dirmngr.c (prepare_dirmngr): Check for CTX and error before - setting LDAPSERVER. - (start_dirmngr_ext): Allocate assuan context before starting - server. - (inq_certificate, isvalid_status_cb, lookup_cb, lookup_status_cb) - (run_command_cb, run_command_inq_cb, run_command_status_cb): - Return gpg_error_t instead of int. - -2009-08-06 Werner Koch - - * sign.c (gpgsm_sign): Print INV_SNDR for a bad default key. - - * server.c (cmd_signer): Remove unneeded case for -1. Send - INV_SGNR. Use new map function. - (cmd_recipient): Use new map function. - * gpgsm.c (do_add_recipient): Use new map function for INV_RECP. - (main): Ditto. Also send INV_SGNR. - -2009-07-30 Werner Koch - - * call-agent.c (learn_cb): Do not store as ephemeral. - -2009-07-29 Marcus Brinkmann - - * keylist.c (print_capabilities): Print a trailing colon. - -2009-07-23 Werner Koch - - * certchain.c (is_cert_still_valid): Emit AUDIT_CRL_CHECK. - -2009-07-07 Werner Koch - - * server.c (command_has_option): New. - (cmd_getinfo): Add subcommand "cmd_has_option". - (cmd_import): Implement option --re-import. - * import.c (gpgsm_import): Add arg reimport_mode. - (reimport_one): New. - - * gpgsm.h: Include session-env.h. - (opt): Add field SESSION_ENV. Remove obsolete fields. - * server.c (option_handler): Rewrite setting of option fields. - Replace strdup by xtrystrdup. - * gpgsm.c (set_opt_session_env): New. - (main): Use it for oDisplay, oTTYname, oTTYtype and oXauthority. - * call-agent.c (start_agent): Adjust start_new_gpg_agent for - changed args. - * misc.c (setup_pinentry_env): Use new session_env stuff. - -2009-07-02 Werner Koch - - * certreqgen-ui.c (gpgsm_gencertreq_tty): Allow using a key from a - card. - * call-agent.c (gpgsm_agent_scd_serialno) - (scd_serialno_status_cb, store_serialno): New. - (scd_keypairinfo_status_cb, gpgsm_agent_scd_keypairinfo): New. - -2009-07-01 Werner Koch - - * certreqgen-ui.c (check_keygrip): New. - (gpgsm_gencertreq_tty): Allow using an existing key. - - * gpgsm.c (open_es_fread): New. - (main) : Implement --batch mode. - -2009-06-24 Werner Koch - - * call-dirmngr.c (pattern_from_strlist): Remove dead assignment of N. - * sign.c (gpgsm_sign): Remove dead assignment. - * certreqgen.c (create_request): Assign GPG_ERR_BUG to RC. - Reported by Fabian Keil. - -2009-05-27 Werner Koch - - * encrypt.c (encrypt_dek): Make use of make_canon_sexp. - -2009-05-18 Werner Koch - - * server.c (option_handler): New option "no-encrypt-to". - (cmd_encrypt): Make use of it. - - * gpgsm.c: Remove not implemented --verify-files. - -2009-04-02 Werner Koch - - * keylist.c (list_cert_std): Print card serial number. - -2009-04-01 Werner Koch - - * export.c (popen_protect_tool): Add command line option - --agent-program and pass flag bit 6. - * import.c (popen_protect_tool): Ditto. - -2009-03-26 Werner Koch - - * gpgsm.c (main): s/def_digest_string/forced_digest_algo/ and - activate the --digest-algo option. - * gpgsm.h (struct opt): s/def_digest_algo/forced_digest_algo/. - * sign.c (gpgsm_sign): Implement --digest-algo. - - * sign.c (MAX_DIGEST_LEN): Change to 64. - - * call-agent.c (gpgsm_agent_marktrusted): Format the issuer name. - -2009-03-25 Werner Koch - - * decrypt.c (gpgsm_decrypt): Print ENC_TO and NO_SECKEY stati. - Fixes bug#1020. - * fingerprint.c (gpgsm_get_short_fingerprint): Add arg R_HIGH and - change all callers. - -2009-03-23 Werner Koch - - * delete.c (delete_one): Also delete ephemeral certificates if - specified uniquely. - -2009-03-20 Werner Koch - - * keylist.c (list_internal_keys): Set released cert to NULL. - - * call-agent.c (learn_status_cb): New. - (gpgsm_agent_learn): Use it. - (learn_cb): Send a progress for every certificate. - -2009-03-18 Werner Koch - - * gpgsm.h (struct opt): Move field WITH_EPHEMERAL_KEYS to struct - server_control_s. - * gpgsm.c (main): Change accordingly. - * keylist.c (list_internal_keys): Ditto. - * server.c (option_handler): Add "with-ephemeral-keys". - -2009-03-12 Werner Koch - - * certdump.c (gpgsm_dump_time): Remove. - * certdump.c, verify.c, certchain.c - * gpgsm.c: s/gpgsm_dump_time/dump_isotime/. - -2009-03-06 Werner Koch - - * call-agent.c (gpgsm_agent_keyinfo, keyinfo_status_cb): New. - * keylist.c (list_cert_colon): Print card S/N. - - * keylist.c (list_internal_keys): Always list ephemeral keys if - specified by keygrip or fingerprint. - (list_cert_raw): Always show ephemeral flag. - * export.c (gpgsm_export): Export ephemeral keys if specified by - keygrip. - -2009-02-09 Werner Koch - - * gpgsm.c (main): Change default cipher back to 3DES. - -2009-01-12 Werner Koch - - * keylist.c (print_utf8_extn_raw): Cast printf precision argument. - -2009-01-08 Werner Koch - - * fingerprint.c (gpgsm_get_keygrip_hexstring): Add error detection. - -2008-12-10 Werner Koch - - * gpgsm.c (our_cipher_test_algo): Use the GCRY constants as we now - require 1.4. - (our_md_test_algo): Ditto. Add SHA224. - (main) : Update default cipher algo. - -2008-12-09 Werner Koch - - * gpgsm.c (main): Call i18n_init before init_common_subsystems. - -2008-12-05 Werner Koch - - * certreqgen.c (create_request): Provide a custom prompt for the - signing. - - * certdump.c (gpgsm_format_keydesc): Remove debug output. - (gpgsm_format_keydesc): Remove saving of errno as xfree is - supposed not to change it. Use the new percent_plus_escape - function which also fixes the issue that we did not escaped a - percent in the past. - -2008-11-18 Werner Koch - - * gpgsm.c (make_libversion): New. - (my_strusage): Use new function. - (build_lib_list): Remove. - -2008-11-13 Werner Koch - - * gpgsm.c: Remove all unused options. Use ARGPARSE macros. - -2008-10-28 Werner Koch - - * certdump.c (gpgsm_format_keydesc): Use xtryasprintf and xfree. - (gpgsm_es_print_name): Factor code out to ... - (gpgsm_es_print_name2): New function. - (gpgsm_format_name2, format_name_writer): Use estream so that it - works on all platforms. - (format_name_writer): Fix reallocation bug. - -2008-10-23 Werner Koch - - * import.c (popen_protect_tool): Add arg CTRL and assure that the - agent is running. Pass a value for CTRL from all caller. - * export.c (popen_protect_tool): Ditto. - -2008-10-21 Werner Koch - - * call-dirmngr.c (inq_certificate_parm_s): Add field CTRL. - (gpgsm_dirmngr_isvalid): Supply a value for that field. - (inq_certificate): Add inquiry ISTRUSTED. - - * call-agent.c (gpgsm_agent_istrusted): Add new optional arg - HEXFPR. Changed all callers. - -2008-10-20 Werner Koch - - * keydb.c (keydb_locate_writable): Mark unused arg. - (keydb_search_kid): Ditto. - (keydb_clear_some_cert_flags): Ditto. - * server.c (cmd_encrypt): Ditto. - (cmd_decrypt, cmd_verify, cmd_import, cmd_genkey): Ditto. - * call-agent.c (gpgsm_scd_pksign): Ditto. - * call-dirmngr.c (release_dirmngr, release_dirmngr2) - (run_command_cb): Ditto. - * certlist.c (gpgsm_add_cert_to_certlist): Ditto. - * certchain.c (find_up_dirmngr): Ditto. - * keylist.c (print_key_data): Ditto. - (list_cert_raw, list_cert_std): Ditto. - * qualified.c (gpgsm_is_in_qualified_list): Ditto. - - * gpgsm.c (set_binary) [!W32]: Mark unused arg. - -2008-10-17 Werner Koch - - * call-dirmngr.c (start_dirmngr, start_dirmngr2): Reset the lock - flag on error. - (release_dirmngr, release_dirmngr2): Replace asserts by error messages. - (gpgsm_dirmngr_lookup): Replace assert by fatal error message. - -2008-10-13 Werner Koch - - * gpgsm.c: Add alias --delete-keys. - -2008-09-30 Werner Koch - - * server.c (cmd_getinfo): New subcommand agent-check. - * call-agent.c (gpgsm_agent_send_nop): New. - -2008-09-29 Werner Koch - - * certcheck.c (MY_GCRY_PK_ECDSA): Remove. Change users to - GCRY_PK_ECDSA. - * gpgsm.c (MY_GCRY_PK_ECDSA): Ditto. - * sign.c (MY_GCRY_MD_SHA224): Remove change users to GCRY_MD_SHA224. - -2008-09-04 Werner Koch - - * certdump.c (gpgsm_format_keydesc): Work around a mingw32 bug. - -2008-09-03 Werner Koch - - * sign.c (MY_GCRY_MD_SHA224): New, so that we don't need libgcrypt - 1.2. - -2008-08-13 Werner Koch - - * keylist.c (list_cert_colon): Print 'f' for validated certs. - -2008-08-08 Marcus Brinkmann - - * gpgsm.h (struct server_control_s): Remove member dirmngr_seen. - * call-dirmngr.c (dirmngr2_ctx, dirmngr_ctx_locked) - (dirmngr2_ctx_locked): New global variables. - (prepare_dirmngr): Don't check dirmngr_seen anymore. - (start_dirmngr): Move bunch of code to ... - (start_dirmngr_ext): ... this new function. - (release_dirmngr, start_dirmngr2, release_dirmngr2): New - functions. - (gpgsm_dirmngr_isvalid): Call release_dirmngr. - (gpgsm_dirmngr_lookup): Call release_dirmngr. If dirmngr_ctx is - locked, use dirmngr2_locked. - (gpgsm_dirmngr_run_command): Call release_dirmngr. - -2008-06-25 Werner Koch - - * sign.c (gpgsm_sign): Revamp the hash algorithm selection. - * gpgsm.h (struct certlist_s): Add field HASH_ALGO and HASH_ALGO_OID. - - * qualified.c (gpgsm_qualified_consent): Fix double free. - - * gpgsm.c (main): Change default cipher algo to AES. - - * keylist.c (print_utf8_extn_raw, print_utf8_extn): New. - (list_cert_raw, list_cert_std): Print the TeleSec restriction - extension. - -2008-06-23 Werner Koch - - * encrypt.c (encode_session_key): Replace xmalloc by xtrymalloc. - Use bin2hex instead of open coding the conversion. - (encrypt_dek): Init S_DATA. - -2008-06-13 Marcus Brinkmann - - * call-dirmngr.c (prepare_dirmngr): Fix error code to ignore. - -2008-06-12 Marcus Brinkmann - - * gpgsm.h (struct keyserver_spec): New struct. - (opt): Add member keyserver. - * gpgsm.c (keyserver_list_free, parse_keyserver_line): New functions. - (main): Implement --keyserver option. - * call-dirmngr.c (prepare_dirmngr): Send LDAPSERVER commands. - -2008-05-20 Werner Koch - - * gpgsm.c (main) : Pass FP and not stdout to - the export function. Reported by Marc Mutz. - -2008-05-06 Werner Koch - - * keylist.c (list_external_keys): Ignore NOT FOUND error code. - This is bug#907. - -2008-04-23 Werner Koch - - * certchain.c (find_up): Make correct C89 code. Declare variable - at the top of the block. Reported by Alain Guibert. - -2008-04-09 Werner Koch - - * verify.c (gpgsm_verify): Print the message hash values on error. - -2008-03-31 Werner Koch - - * call-dirmngr.c (start_dirmngr): Use log_info instead of - log_error when falling back to start dirmngr. - -2008-03-20 Werner Koch - - * certlist.c (gpgsm_add_to_certlist): Always save the first - subject and issuer. Initialize issuer with issuer and not with - subject. - (same_subject_issuer): Set issuer2 to issuer and not to subject. - -2008-03-17 Werner Koch - - * certdump.c (my_funopen_hook_size_t): New. - (format_name_writer): Use it. - -2008-03-13 Werner Koch - - * certdump.c (gpgsm_fpr_and_name_for_status): Fix signed/unsigned - char issue. - (gpgsm_format_keydesc): Remove superfluous test. Add expire date - to the prompt. - -2008-02-18 Werner Koch - - * certchain.c (gpgsm_is_root_cert): Factor code out to ... - (is_root_cert): New. Extend test for self-issued certificates - signed by other CAs. - (do_validate_chain, gpgsm_basic_cert_check) - (gpgsm_walk_cert_chain): Use it here. - - * gpgsm.c: Add option --no-common-certs-import. - - * certchain.c (find_up_dirmngr, find_up, do_validate_chain) - (check_cert_policy): Be more silent with --quiet. - - * gpgsm.c: Add option --disable-dirmngr. - * gpgsm.h (opt): Add field DISABLE_DIRMNGR. - * call-dirmngr.c (start_dirmngr): Implement option. - -2008-02-14 Werner Koch - - * server.c (option_handler): Add option allow-pinentry-notify. - (gpgsm_proxy_pinentry_notify): New. - * call-agent.c (default_inq_cb): New. - (gpgsm_agent_pksign, gpgsm_scd_pksign, gpgsm_agent_readkey) - (gpgsm_agent_istrusted, gpgsm_agent_marktrusted) - (gpgsm_agent_passwd, gpgsm_agent_get_confirmation): Call it. - (struct cipher_parm_s, struct genkey_parm_s): Add field CTRL. - (inq_ciphertext_cb): Test keyword and fallback to default_inq_cb. - (inq_genkey_parms): Ditto. - (start_agent): Tell agent to send us the pinentry notifications. - -2008-02-13 Werner Koch - - * call-dirmngr.c (gpgsm_dirmngr_lookup): Add arg CACHE_ONLY. - * keylist.c (list_external_keys): Pass false for new arg. - * certchain.c (find_up_dirmngr): New. - (find_up): Also try to read from the dirmngr cache. - (find_up, find_up_external, gpgsm_walk_cert_chain) - (gpgsm_basic_cert_check, allowed_ca): Add arg CTRL and changed all - callers. - * call-agent.c (struct learn_parm_s): Add field CTRL. - (gpgsm_agent_learn): Set it. - -2008-02-11 Werner Koch - - * server.c (cmd_getinfo): New. - (gpgsm_server): Register GETINFO. - -2008-01-29 Marcus Brinkmann - - * keylist.c (list_internal_keys): New variable lastcert. Use it - to suppress duplicates which immediately follow each other. - -2008-01-27 Werner Koch - - * import.c (popen_protect_tool): Set bit 7 in the flags for - gnupg_spawn_process so that under W32 no window appears. - * export.c (popen_protect_tool): Ditto. - -2007-12-13 Werner Koch - - * gpgsm.c (main): Add option --extra-digest-algo. - * gpgsm.h (struct): Add EXTRA_DIGEST_ALGO. - * verify.c (gpgsm_verify): Use it. Use the hash algorithm from - the signature value. - -2007-12-11 Werner Koch - - * certchain.c (do_validate_chain): Log AUDIT_ROOT_TRUSTED. - - * server.c (cmd_sign, cmd_decrypt, cmd_encrypt): Start audit log. - (cmd_recipient): Start audit session. - - * gpgsm.c (main): Revamp creation of the audit log. - - * gpgsm.h (struct server_control_s): Add AGENT_SEEN and DIRMNGR_SEEN. - * call-agent.c (start_agent): Record an audit event. - * call-dirmngr.c (start_dirmngr): Ditto. Add new arg CTRL and pass - it from all callers. - (prepare_dirmngr): New helper for start_dirmngr. - - * encrypt.c (gpgsm_encrypt): Add calls to audit_log. - -2007-12-03 Werner Koch - - * gpgsm.c (main): Call gnupg_reopen_std. - -h2007-11-22 Werner Koch - - * server.c (cmd_getauditlog): New. - (register_commands): Register GETAUDITLOG. - -2007-11-19 Werner Koch - - * server.c (cmd_recipient, cmd_signer): Add error reason 11. - - * gpgsm.c (main): Print a warning if --audit-log is used. - -2007-11-15 Werner Koch - - * gpgsm.h (struct): Add XAUTHORITY and PINENTRY_USER_DATA. - * misc.c (setup_pinentry_env): Add XAUTHORITY and PINENTRY_USER_DATA. - * gpgsm.c (main): New option --xauthority. - * call-agent.c (start_agent): Adjust for changed start_new_gpg_agent. - * server.c (option_handler): Ad the new options. - -2007-11-07 Werner Koch - - * gpgsm.c (main): New option --audit-log. - * server.c (option_handler): New option enable-audit-log. - (start_audit_session): New. - (cmd_verify): Create audit context. - (gpgsm_server): Release the context. - - * gpgsm.h (struct server_control_s): Add member AUDIT, include - audit.h. - * certdump.c (gpgsm_format_sn_issuer): New. - * verify.c (hash_data): Return an error code. - (gpgsm_verify): Add calls to audit_log. - - * gpgsm.c (get_status_string): Remove. - * gpgsm.h: Include status.h instead of errors.h. - -2007-10-19 Werner Koch - - * qualified.c (gpgsm_qualified_consent): Use i18N-swicth functions. - (gpgsm_not_qualified_warning): Ditto. - * certdump.c (gpgsm_format_keydesc): Ditto. - -2007-09-14 Werner Koch - - * gpgsm.c (build_lib_list): New. - (my_strusage): Print lib info. - -2007-08-24 Werner Koch - - * Makefile.am (common_libs): Swap libkeybox and jnlib. - -2007-08-23 Werner Koch - - * certlist.c (gpgsm_certs_identical_p): New. - (gpgsm_add_to_certlist): Ignore duplicate certificates in - ambigious name detection. - (gpgsm_find_cert): Ditto. - * export.c (gpgsm_p12_export): Ditto. - -2007-08-22 Werner Koch - - * certreqgen.c (create_request): Replace open coding by bin2hex. - - * certreqgen-ui.c (gpgsm_gencertreq_tty): Use es_fopenmem. - -2007-08-21 Werner Koch - - * import.c (parse_p12): Use gnupg_tmpfile. - * export.c (export_p12): Ditto. - -2007-08-20 Werner Koch - - * certreqgen.c (read_parameters): Change FP to an estream_t. - (gpgsm_genkey): Replace in_fd and in_stream by a estream_t. - * server.c (cmd_genkey): Adjust for that. - * certreqgen-ui.c (gpgsm_gencertreq_tty): Use es_open_memstream - instead of a temporary file. - -2007-08-14 Werner Koch - - * call-dirmngr.c (start_dirmngr): Use dirmngr_socket_name. change - the way infostr is xstrdupped. - - * gpgsm.c (main) [W32]: Make --prefer-system-dirmngr a dummy under - Windows. - -2007-08-13 Werner Koch - - * gpgsm.c (do_add_recipient): Add RECP_REQUIRED and make error - message depend on that. - (main): Add avriable RECP_REQUIRED, set ift for encryption - commands and pass it to do_add_recipient. - (our_pk_test_algo, our_cipher_test_algo, our_md_test_algo): Implement. - -2007-08-09 Werner Koch - - * gpgsm.c (main) [W32]: Enable CRL check by default. - (main): Update the default control structure after reading the - options. - (gpgsm_parse_validation_model, parse_validation_model): New. - (main): New option --validation-model. - * certchain.c (gpgsm_validate_chain): Implement this option. - * server.c (option_handler): Ditto. - - * certchain.c (is_cert_still_valid): Reformatted. Add arg - FORCE_OCSP. Changed callers to set this flag when using the chain - model. - -2007-08-08 Werner Koch - - * certdump.c (gpgsm_print_serial): Fixed brown paper bag style bugs - which prefixed the output with a 3A and cut it off at a 00. - - * keylist.c (list_cert_raw): Print the certificate ID first and - rename "Serial number" to "S/N". - (list_cert_std): Ditto. - -2007-08-07 Werner Koch - - * gpgsm.c (main): Allow a string for --faked-system-time. - -2007-08-06 Werner Koch - - Implementation of the chain model. - - * gpgsm.h (struct rootca_flags_s): Define new members VALID and - CHAIN_MODEL. - * call-agent.c (gpgsm_agent_istrusted): Mark ROOTCA_FLAGS valid. - (istrusted_status_cb): Set CHAIN_MODEL. - * certchain.c (gpgsm_validate_chain): Replace LM alias by LISTMODE - and FP by LISTFP. - (gpgsm_validate_chain): Factor some code out to ... - (check_validity_period, ask_marktrusted): .. new. - (check_validity_cm_basic, check_validity_cm_main): New. - (do_validate_chain): New with all code from gpgsm_validate_chain. - New arg ROOTCA_FLAGS. - (gpgsm_validate_chain): Provide ROOTCA_FLAGS and fallback to chain - model. Add RETFLAGS arg and changed all callers to pass NULL. Add - CHECKTIME arg and changed all callers to pass a nil value. - (has_validity_model_chain): New. - * verify.c (gpgsm_verify): Check for chain model and return as - part of the trust status. - - * gpgsm.h (VALIDATE_FLAG_NO_DIRMNGR): New. - (VALIDATE_FLAG_NO_DIRMNGR): New. - * call-dirmngr.c (gpgsm_dirmngr_isvalid): Use constant here. - -2007-08-03 Werner Koch - - * keylist.c (list_cert_colon): Avoid duplicate listing of kludge - uids. - - * verify.c (gpgsm_verify): Make STATUS_VERIFY return the hash and - pk algo. - * certcheck.c (gpgsm_check_cms_signature): Add arg R_PKALGO. - -2007-08-02 Werner Koch - - * gpgsm.c (main): Factored GC_OPT_FLAGS out to gc-opt-flags.h. - -2007-07-17 Werner Koch - - * gpgsm.c (main): Implement --default-key. - (main) : Declare --default-key and --encrypt-to. - -2007-07-16 Werner Koch - - * server.c (cmd_message): Use gnupg_fd_t to avoid dependecy on - newer assuan versions. - -2007-07-12 Werner Koch - - * gpgsm.c (check_special_filename): Use translate_sys2libc_fd_int - when passing an int value. - * server.c (cmd_encrypt, cmd_decrypt, cmd_verify, cmd_import) - (cmd_export, cmd_message, cmd_genkey): Translate file descriptors. - -2007-07-05 Werner Koch - - * Makefile.am (common_libs): Changed order of libs. - -2007-07-04 Werner Koch - - * certchain.c (check_cert_policy): Remove extra checks for - GPG_ERR_NO_VALUE. They are not needed since libksba 1.0.1. - * keylist.c (print_capabilities, list_cert_raw, list_cert_std): Ditto. - * certlist.c (cert_usage_p, cert_usage_p): Ditto. - -2007-06-26 Werner Koch - - * gpgsm.c (main): Call gnupg_rl_initialize. - * Makefile.am (gpgsm_LDADD): Add LIBREADLINE and libgpgrl.a. - -2007-06-25 Werner Koch - - * gpgsm.c (check_special_filename): Use translate_sys2libc_fd and - add new arg FOR_WRITE. Change callers to pass new arg. - -2007-06-24 Werner Koch - - * gpgsm.c (open_es_fwrite): Avoid the dup by using the new - es_fdopen_nc(). - -2007-06-21 Werner Koch - - * certreqgen-ui.c: New. - * gpgsm.c (main): Let --gen-key call it. - * certreqgen.c (gpgsm_genkey): Add optional IN_STREAM arg and - adjusted caller. - - * gpgsm.h (ctrl_t): Remove. It is now declared in ../common/util.h. - - * call-agent.c (start_agent): Factored almost all code out to - ../common/asshelp.c. - -2007-06-20 Werner Koch - - * call-agent.c (start_agent) [W32]: Start the agent on the fly. - -2007-06-18 Marcus Brinkmann - - * gpgsm.c (main): Percent escape output of --gpgconf-list. - -2007-06-14 Werner Koch - - * call-agent.c (start_agent): Use gnupg_module_name. - * call-dirmngr.c (start_dirmngr): Ditto. - * export.c (export_p12): Ditto. - * import.c (parse_p12): Ditto. - * gpgsm.c (run_protect_tool): Ditto. - -2007-06-12 Werner Koch - - * gpgsm.c (main): Replace some calls by init_common_subsystems. - (main): Use gnupg_datadir. - * qualified.c (read_list): Use gnupg-datadir. - -2007-06-11 Werner Koch - - * Makefile.am (common_libs): Use libcommaonstd macr. - - * gpgsm.c (main) [W32]: Call pth_init. - -2007-06-06 Werner Koch - - * qualified.c (gpgsm_not_qualified_warning) [!ENABLE_NLS]: Do not - define orig_codeset. - * certdump.c (gpgsm_format_keydesc) [!ENABLE_NLS]: Do not define - orig_codeset. - (format_name_writer): Define only if funopen et al is available. - - * gpgsm.c (i18n_init): Remove. - -2007-05-29 Werner Koch - - * export.c (gpgsm_p12_export): Print passphrase encoding info only - in PEM mode. - -2007-05-18 Marcus Brinkmann - - * qualified.c (gpgsm_qualified_consent, - gpgsm_not_qualified_warning): Free ORIG_CODESET on error. - * certdump.c (gpgsm_format_keydesc): Likewise. - -2007-05-07 Werner Koch - - * certcheck.c (MY_GCRY_PK_ECDSA): New. - -2007-04-20 Werner Koch - - * gpgsm.c (main): Parameterize failed versions check messages. - -2007-04-19 Werner Koch - - * certcheck.c (do_encode_md): Add arg PKEY. Add support for DSA2 - and all ECDSA sizes. - (get_dsa_qbits): New. - (pk_algo_from_sexp): A key will never contain ecdsa as algorithm, - so remove that. - -2007-04-18 Werner Koch - - * certcheck.c (do_encode_md): Support 160 bit ECDSA. - -2007-04-13 Werner Koch - - * call-agent.c (start_agent): Don't use log_error when using the - fallback hack to start the agent. This is bug 782. - -2007-03-20 Werner Koch - - * fingerprint.c (gpgsm_get_fingerprint): Add caching. - (gpgsm_get_fingerprint_string): Use bin2hexcolon(). - (gpgsm_get_fingerprint_hexstring): Use bin2hex and allocate only - as much memory as required. - (gpgsm_get_keygrip_hexstring): Use bin2hex. - - * certchain.c (gpgsm_validate_chain): Keep track of the - certificate chain and reset the ephemeral flags. - * keydb.c (keydb_set_cert_flags): New args EPHEMERAL and MASK. - Changed caller to use a mask of ~0. Return a proper error code if - the certificate is not available. - - * gpgsm.c: Add option --p12-charset. - * gpgsm.h (struct opt): Add p12_charset. - * export.c (popen_protect_tool): Use new option. - -2007-03-19 Werner Koch - - Changes to let export and key listing use estream to help systems - without funopen. - - * keylist.c: Use estream in place of stdio functions. - * gpgsm.c (open_es_fwrite): New. - (main): Use it for the list commands. - * server.c (data_line_cookie_functions): New. - (data_line_cookie_write, data_line_cookie_close): New. - (do_listkeys): Use estream. - - * certdump.c (gpgsm_print_serial): Changed to use estream. - (gpgsm_print_time): Ditto. - (pretty_es_print_sexp): New. - (gpgsm_es_print_name): New. - (print_dn_part): New arg STREAM. Changed all callers. - (print_dn_parts): Ditto. - * certchain.c (gpgsm_validate_chain): Changed FP to type - estream_t. - (do_list, unknown_criticals, allowed_ca, check_cert_policy) - (is_cert_still_valid): Ditto. - - * export.c (gpgsm_export): New arg STREAM. - (do_putc, do_fputs): New. - (print_short_info): Allow printing to optional STREAM. - * server.c (cmd_export): Use stream. - * base64.c (do_putc, do_fputs): New. - (base64_writer_cb, base64_finish_write): Let them cope with an - alternate output function. - (plain_writer_cb): New. - (gpgsm_create_writer): New arg STREAM and call plain_writer_cb for - binary output to an estream. Changed call callers. - -2007-01-31 Werner Koch - - * gpgsm.c (main): Let --gen-key print a more informative error - message. - -2007-01-25 Werner Koch - - * Makefile.am (gpgsm_LDADD): Add LIBICONV. Noted by Billy Halsey. - -2007-01-05 Werner Koch - - * certchain.c (unknown_criticals): Add subjectAltName. - -2006-12-21 Werner Koch - - * gpgsm.c: Comment mtrace feature. - -2006-12-21 Marcus Brinkmann - - * certchain.c (gpgsm_basic_cert_check): Release SUBJECT. - - * encrypt.c (encrypt_dek): Release S_CIPH. - -2006-12-20 Marcus Brinkmann - - * server.c (gpgsm_server): Release CTRL->server_local. - - * base64.c: Add new members READER and WRITER in union U2. - (gpgsm_create_reader): Initialise CTX->u2.reader. - (gpgsm_destroy_reader): Invoke ksba_reader_release. Return early - if CTX is NULL. - (gpgsm_create_writer): Initialise CTX->u2.writer. - (gpgsm_destroy_writer): Invoke ksba_writer_release. Return early - if CTX is NULL. - -2006-12-18 Marcus Brinkmann - - * fingerprint.c (gpgsm_get_fingerprint): Close MD. - -2006-11-24 Werner Koch - - * certdump.c (parse_dn_part): Take '#' as a special character only - at the beginning of a string. - -2006-11-21 Werner Koch - - * certdump.c (my_funopen_hook_ret_t): New. - (format_name_writer): Use it for the return value. - -2006-11-14 Werner Koch - - * server.c (skip_options): Skip leading spaces. - (has_option): Honor "--". - (cmd_export): Add option --data to do an inline export. Skip all - options. - - * certdump.c (gpgsm_fpr_and_name_for_status): New. - * verify.c (gpgsm_verify): Use it to print correct status messages. - -2006-11-11 Werner Koch - - * server.c (skip_options): New. - -2006-10-24 Marcus Brinkmann - - * Makefile.am (AM_CFLAGS): Add $(LIBASSUAN_CFLAGS). - -2006-10-23 Werner Koch - - * gpgsm.c (main): Remap common cipher algo names to their OIDs. - (main): New command --gpgconf-test. - -2006-10-20 Werner Koch - - * keydb.c (classify_user_id): Parse keygrip for the '&' identifier. - -2006-10-18 Werner Koch - - * keylist.c (list_cert_raw): Also test for GPG_ERR_NO_VALUE when - testing for GPG_ERR_NO_DATA. - * certlist.c (cert_usage_p, gpgsm_find_cert): Ditto. - * certchain.c (check_cert_policy): Ditto. - - * keylist.c (list_cert_std, list_cert_raw): Print "none" for no - chain length available. - -2006-10-17 Werner Koch - - * gpgsm.c: No need for pth.h. - (main): or to init it. It used to be hack for W32. - - * sign.c (gpgsm_get_default_cert): Changed to return only - certificates usable for signing. - -2006-10-16 Werner Koch - - * certchain.c (already_asked_marktrusted) - (set_already_asked_marktrusted): New. - (gpgsm_validate_chain) : Keep track of certificates - we already asked for. - -2006-10-11 Werner Koch - - * certreqgen.c (proc_parameters, create_request): Allow for - creation directly from a card. - * call-agent.c (gpgsm_agent_readkey): New arg FROMCARD. - (gpgsm_scd_pksign): New. - -2006-10-06 Werner Koch - - * Makefile.am (AM_CFLAGS): Use PTH version of libassuan. - (gpgsm_LDADD): Ditto. - -2006-10-05 Werner Koch - - * certcheck.c (do_encode_md): Check that the has algo is valid. - -2006-10-02 Marcus Brinkmann - - * server.c (register_commands): New commands DUMPKEYS and - DUMPSECRETKEYS. - (cmd_dumpkeys, cmd_dumpsecretkeys): New functions. - (option_handler): Support with-key-data option. - -2006-09-26 Werner Koch - - * certchain.c (gpgsm_validate_chain): More changes for the relax - feature. Use certificate reference counting instead of the old - explicit tests. Added a missing free. - -2006-09-25 Werner Koch - - * gpgsm.h (struct rootca_flags_s): New. - * call-agent.c (istrusted_status_cb): New. - (gpgsm_agent_istrusted): New arg ROOTCA_FLAGS. - * keylist.c (list_cert_colon): Use dummy for new arg. - * certchain.c (gpgsm_validate_chain): Make use of the relax flag - for root certificates. - (unknown_criticals): Ignore a GPG_ERR_NO_VALUE. - -2006-09-20 Werner Koch - - * gpgsm.c: Add alias command --dump-cert. - - * Makefile.am: Changes to allow parallel make runs. - -2006-09-18 Werner Koch - - * gpgsm.c (main): Use this to import standard certificates. - * keydb.c (keydb_add_resource): New arg AUTO_CREATED. - -2006-09-14 Werner Koch - - Replaced all call gpg_error_from_errno(errno) by - gpg_error_from_syserror(). - -2006-09-13 Werner Koch - - * keylist.c (list_internal_keys): Print marker line to FP and not - to stdout. - - * gpgsm.c (main): All list key list commands now make ose of - --output. Cleaned up calls to list modes. New command - --dump-chain. Renamed --list-sigs to --list-chain and added an - alias for the old one. - - * server.c (cmd_message): Changed to use assuan_command_parse_fd. - (option_handler): New option list-to-output. - (do_listkeys): Use it. - -2006-09-06 Werner Koch - - * gpgsm.h (OUT_OF_CORE): Removed and changed all callers to - out_of_core. - (CTRL): Removed and changed everywhere to ctrl_t. - (CERTLIST): Ditto. - - Replaced all Assuan error codes by libgpg-error codes. Removed - all map_to_assuan_status and map_assuan_err. - - * gpgsm.c (main): Call assuan_set_assuan_err_source to have Assuan - switch to gpg-error codes. - * server.c (set_error): Adjusted. - -2006-08-29 Werner Koch - - * call-agent.c (gpgsm_agent_pkdecrypt): Allow decryption using - complete S-expressions as implemented by the current gpg-agent. - - * gpgsm.c (main): Implement --output for encrypt, decrypt, sign - and export. - -2006-07-03 Werner Koch - - * certreqgen.c (proc_parameters): Print the component label of a - faulty DN. - -2006-06-26 Werner Koch - - * certdump.c (gpgsm_cert_log_name): New. - * certchain.c (is_cert_still_valid): Log the name of the certificate. - -2006-06-20 Werner Koch - - * gpgsm.c (gpgsm_init_default_ctrl): Take care of the command line - option --include-certs. - - * keylist.c (list_cert_raw): Print the certid. - -2006-05-23 Werner Koch - - * keydb.c (hextobyte): Deleted as it is now defined in jnlib. - - * Makefile.am (gpgsm_LDADD): Include ZLIBS. - -2006-05-19 Marcus Brinkmann - - * keydb.c (keydb_insert_cert): Do not lock here, but only check if - it is locked. - (keydb_store_cert): Lock here. - - * keydb.h (keydb_delete): Accept new argument UNLOCK. - * keydb.c (keydb_delete): Likewise. Only unlock if this is set. - * delete.c (delete_one): Add new argument to invocation of - keydb_delete. - -2006-05-15 Werner Koch - - * keylist.c (print_names_raw): Sanitize URI. - -2006-03-21 Werner Koch - - * certchain.c (get_regtp_ca_info): New. - (allowed_ca): Use it. - -2006-03-20 Werner Koch - - * qualified.c (gpgsm_is_in_qualified_list): New optional arg COUNTRY. - -2006-02-17 Werner Koch - - * call-dirmngr.c (start_dirmngr): Print name of dirmngr to be started. - -2005-11-23 Werner Koch - - * gpgsm.h: New member QUALSIG_APPROVAL. - * sign.c (gpgsm_sign): Print a warning if a certificate is not - qualified. - * qualified.c (gpgsm_qualified_consent): Include a note that this - is not approved software. - (gpgsm_not_qualified_warning): New. - * gpgsm.c (main): Prepared to print a note whether the software - has been approved. - -2005-11-13 Werner Koch - - * call-agent.c (gpgsm_agent_get_confirmation): New. - - * keylist.c (list_cert_std): Print qualified status. - * qualified.c: New. - * certchain.c (gpgsm_validate_chain): Check for qualified - certificates. - - * certchain.c (gpgsm_basic_cert_check): Release keydb handle when - no-chain-validation is used. - -2005-11-11 Werner Koch - - * keylist.c (print_capabilities): Print is_qualified status. - -2005-10-28 Werner Koch - - * certdump.c (pretty_print_sexp): New. - (gpgsm_print_name2): Use it here. This allows proper printing of - DNS names as used with server certificates. - -2005-10-10 Werner Koch - - * keylist.c: Add pkaAdress OID as reference. - -2005-10-08 Marcus Brinkmann - - * Makefile.am (gpgsm_LDADD): Add ../gl/libgnu.a after - ../common/libcommon.a. - -2005-09-13 Werner Koch - - * verify.c (gpgsm_verify): Print a note if the unknown algorithm - is MD2. - * sign.c (gpgsm_sign): Ditto. - * certcheck.c (gpgsm_check_cert_sig): Ditto. - -2005-09-08 Werner Koch - - * export.c (popen_protect_tool): Add option --have-cert. We - probably lost this option with 1.9.14 due to restructuring of - export.c. - -2005-07-21 Werner Koch - - * gpgsm.c (main): New options --no-log-file and --debug-none. - - * certreqgen.c (get_parameter, get_parameter_value): Add SEQ arg - to allow enumeration. Changed all callers. - (create_request): Process DNS and URI parameters. - -2005-07-20 Werner Koch - - * keylist.c (email_kludge): Reworked. - - * certdump.c (gpgsm_print_serial, gpgsm_dump_serial): Cast printf - arg to unsigned. - * call-dirmngr.c (gpgsm_dirmngr_run_command): Ditto - -2005-07-19 Werner Koch - - * fingerprint.c (gpgsm_get_certid): Cast printf arg to unsigned. - Bug accidently introduced while solving the #$%^& gcc - signed/unsigned char* warnings. - -2005-06-15 Werner Koch - - * delete.c (delete_one): Changed FPR to unsigned. - * encrypt.c (encrypt_dek): Made ENCVAL unsigned. - (gpgsm_encrypt): Ditto. - * sign.c (gpgsm_sign): Made SIGVAL unsigned. - * base64.c (base64_reader_cb): Need to use some casting to get - around signed/unsigned char* warnings. - * certcheck.c (gpgsm_check_cms_signature): Ditto. - (gpgsm_create_cms_signature): Changed arg R_SIGVAL to unsigned char*. - (do_encode_md): Made NFRAME a size_t. - * certdump.c (gpgsm_print_serial): Fixed signed/unsigned warning. - (gpgsm_dump_serial): Ditto. - (gpgsm_format_serial): Ditto. - (gpgsm_dump_string): Ditto. - (gpgsm_dump_cert): Ditto. - (parse_dn_part): Ditto. - (gpgsm_print_name2): Ditto. - * keylist.c (email_kludge): Ditto. - * certreqgen.c (proc_parameters, create_request): Ditto. - (create_request): Ditto. - * call-agent.c (gpgsm_agent_pksign): Made arg R_BUF unsigned. - (struct cipher_parm_s): Made CIPHERTEXT unsigned. - (struct genkey_parm_s): Ditto. - * server.c (strcpy_escaped_plus): Made arg S signed char*. - * fingerprint.c (gpgsm_get_fingerprint): Made ARRAY unsigned. - (gpgsm_get_keygrip): Ditto. - * keydb.c (keydb_insert_cert): Made DIGEST unsigned. - (keydb_update_cert): Ditto. - (classify_user_id): Apply cast to signed/unsigned assignment. - (hextobyte): Ditto. - -2005-06-01 Werner Koch - - * misc.c: Include setenv.h. - -2005-04-21 Werner Koch - - * gpgsm.c: New options --{enable,disable}-trusted-cert-crl-check. - * certchain.c (gpgsm_validate_chain): Make use of it. - - * certchain.c (gpgsm_validate_chain): Check revocations even for - expired certificates. This is required because on signature - verification an expired key is fine whereas a revoked one is not. - -2005-04-20 Werner Koch - - * Makefile.am (AM_CFLAGS): Add PTH_CFLAGS as noted by several folks. - -2005-04-19 Werner Koch - - * certchain.c (check_cert_policy): Print the diagnostic for a open - failure of policies.txt only in verbose mode or when it is not - ENOENT. - -2005-04-17 Werner Koch - - * call-dirmngr.c (inq_certificate): Add new inquire SENDCERT_SKI. - * certlist.c (gpgsm_find_cert): Add new arg KEYID and implement - this filter. Changed all callers. - - * certchain.c (find_up_search_by_keyid): New helper. - (find_up): Also try using the AKI.keyIdentifier. - (find_up_external): Ditto. - -2005-04-15 Werner Koch - - * keylist.c (list_cert_raw): Print the subjectKeyIdentifier as - well as the keyIdentifier part of the authorityKeyIdentifier. - -2005-03-31 Werner Koch - - * call-dirmngr.c (start_dirmngr): Use PATHSEP_C instead of ':'. - * call-agent.c (start_agent): Ditto. - -2005-03-17 Werner Koch - - * certcheck.c: Fixed use of DBG_CRYPTO and DBG_X509. - - * certchain.c (gpgsm_basic_cert_check): Dump certificates after a - failed gcry_pk_verify. - (find_up): Do an external lookup also for an authorityKeyIdentifier - lookup. Factored external lookup code out to .. - (find_up_external): .. new. - -2005-03-03 Werner Koch - - * Makefile.am (gpgsm_LDADD): Added PTH_LIBS. Noted by Kazu Yamamoto. - -2005-01-13 Werner Koch - - * certreqgen.c (proc_parameters): Cast printf arg. - -2004-12-22 Werner Koch - - * gpgsm.c (set_binary): New. - (main, open_read, open_fwrite): Use it. - -2004-12-21 Werner Koch - - * gpgsm.c (main): Use default_homedir(). - (main) [W32]: Default to disabled CRL checks. - -2004-12-20 Werner Koch - - * call-agent.c (start_agent): Before starting a pipe server start - to connect to a server on the standard socket. Use PATHSEP - * call-dirmngr.c (start_dirmngr): Use PATHSEP. - - * import.c: Include unistd.h for dup and close. - -2004-12-18 Werner Koch - - * gpgsm.h (map_assuan_err): Define in terms of - map_assuan_err_with_source. - * call-agent.c (start_agent): Pass error source to - send_pinentry_environment. - -2004-12-17 Werner Koch - - * call-dirmngr.c (isvalid_status_cb, lookup_status_cb) - (run_command_status_cb): Return cancel status if gpgsm_status - returned an error. - - * server.c (gpgsm_status, gpgsm_status2) - (gpgsm_status_with_err_code): Return an error code. - (gpgsm_status2): Always call va_end(). - -2004-12-15 Werner Koch - - * call-dirmngr.c (lookup_status_cb): Send progress messages - upstream. - (isvalid_status_cb): Ditto. - (gpgsm_dirmngr_isvalid): Put CTRL into status CB parameters. - (gpgsm_dirmngr_run_command, run_command_status_cb): Pass CTRL to - status callback and handle PROGRESS. - - * misc.c (setup_pinentry_env) [W32]: Don't use it. - - * gpgsm.c (main) [W32]: Init Pth because we need it for the socket - operations and to resolve libassuan symbols. - (run_protect_tool) [W32]: Disable it. - - * Makefile.am (gpgsm_LDADD): Move LIBASSUAN_LIBS more to the end. - -2004-12-07 Werner Koch - - * Makefile.am (gpgsm_LDADD): Put libassuan before jnlib because - under W32 we need the w32 pth code from jnlib. - - * misc.c (setup_pinentry_env) [W32]: Disabled. - -2004-12-06 Werner Koch - - * gpgsm.c (run_protect_tool) [_WIN32]: Disabled. - - * import.c (popen_protect_tool): Simplified by making use of - gnupg_spawn_process. - (parse_p12): Likewise, using gnupg_wait_process. - * export.c (popen_protect_tool): Ditto. - (export_p12): Ditto. - - * keydb.c: Don't define DIRSEP_S here. - -2004-12-02 Werner Koch - - * certchain.c (gpgsm_basic_cert_check): Dump certs with bad - signature for debugging. - (gpgsm_validate_chain): Ditto. - -2004-11-29 Werner Koch - - * gpgsm.c (set_debug): Changed to use a globals DEBUG_LEVEL and - DEBUG_VALUE. - (main): Made DEBUG_LEVEL global and introduced DEBUG_VALUE. This - now allows to add debug flags on top of a debug-level setting. - -2004-11-23 Werner Koch - - * gpgsm.c: New option --prefer-system-dirmngr. - * call-dirmngr.c (start_dirmngr): Implement this option. - -2004-10-22 Werner Koch - - * certreqgen.c (gpgsm_genkey): Remove the NEW from the certificate - request PEM header. This is according to the Sphinx standard. - -2004-10-08 Moritz Schulte - - * certchain.c (gpgsm_validate_chain): Do not use keydb_new() in - case the no_chain_validation-return-short-cut is used (fixes - memory leak). - -2004-10-04 Werner Koch - - * misc.c (setup_pinentry_env): Try hard to set a default for GPG_TTY. - -2004-09-30 Werner Koch - - * gpgsm.c (i18n_init): Always use LC_ALL. - - * certdump.c (gpgsm_format_name): Factored code out to .. - (gpgsm_format_name2): .. new. - (gpgsm_print_name): Factored code out to .. - (gpgsm_print_name2): .. new. - (print_dn_part): New arg TRANSLATE. Changed all callers. - (print_dn_parts): Ditto. - (gpgsm_format_keydesc): Do not translate the SUBJECT; we require - it to stay UTF-8 but we still want to filter out bad control - characters. - - * Makefile.am: Adjusted for gettext 0.14. - - * keylist.c (list_cert_colon): Make sure that the expired flag has - a higher precedence than the invalid flag. - -2004-09-29 Werner Koch - - * import.c (parse_p12): Write an error status line for bad - passphrases. Add new arg CTRL and changed caller. - * export.c (export_p12): Likewise. - -2004-09-14 Werner Koch - - * certchain.c (gpgsm_validate_chain): Give expired certificates a - higher error precedence and don't bother to check any CRL in that - case. - -2004-08-24 Werner Koch - - * certlist.c: Fixed typo in ocsp OID. - -2004-08-18 Werner Koch - - * certlist.c (gpgsm_cert_use_ocsp_p): New. - (cert_usage_p): Support it here. - * call-dirmngr.c (gpgsm_dirmngr_isvalid): Use it here. - -2004-08-17 Marcus Brinkmann - - * import.c: Fix typo in last change. - -2004-08-17 Werner Koch - - * import.c (check_and_store): Do a full validation if - --with-validation is set. - - * certchain.c (gpgsm_basic_cert_check): Print more detailed error - messages. - - * certcheck.c (do_encode_md): Partly support DSA. Add new arg - PKALGO. Changed all callers to pass it. - (pk_algo_from_sexp): New. - -2004-08-16 Werner Koch - - * gpgsm.c: New option --fixed-passphrase. - * import.c (popen_protect_tool): Pass it to the protect-tool. - - * server.c (cmd_encrypt): Use DEFAULT_RECPLIST and not recplist - for encrypt-to keys. - -2004-08-06 Werner Koch - - * gpgsm.c: New option --with-ephemeral-keys. - * keylist.c (list_internal_keys): Set it here. - (list_cert_raw): And indicate those keys. Changed all our callers - to pass the new arg HD through. - -2004-07-23 Werner Koch - - * certreqgen.c (proc_parameters): Do not allow key length below - 1024. - -2004-07-22 Werner Koch - - * keylist.c (list_cert_raw): Print the keygrip. - -2004-07-20 Werner Koch - - * certchain.c (gpgsm_validate_chain): The trust check didn't - worked anymore, probably due to the changes at 2003-03-04. Fixed. - -2004-06-06 Werner Koch - - * certreqgen.c (get_parameter_uint, create_request): Create - an extension for key usage when requested. - -2004-05-12 Werner Koch - - * gpgsm.c (main): Install emergency_cleanup also as an atexit - handler. - - * verify.c (gpgsm_verify): Removed the separate error code - handling for KSBA. We use shared error codes anyway. - - * export.c (export_p12): Removed debugging code. - - * encrypt.c (gpgsm_encrypt): Put the session key in to secure memory. - -2004-05-11 Werner Koch - - * sign.c (gpgsm_sign): Include the error source in the final error - message. - * decrypt.c (gpgsm_decrypt): Ditto. - - * fingerprint.c (gpgsm_get_key_algo_info): New. - * sign.c (gpgsm_sign): Don't assume RSA in the status line. - * keylist.c (list_cert_colon): Really print the algorithm and key - length. - (list_cert_raw, list_cert_std): Ditto. - (list_cert_colon): Reorganized to be able to tell whether a root - certificate is trusted. - - * gpgsm.c: New option --debug-allow-core-dump. - - * gpgsm.h (opt): Add member CONFIG_FILENAME. - * gpgsm.c (main): Use it here instead of the local var. - - * server.c (gpgsm_server): Print some additional information with - the hello in verbose mode. - -2004-04-30 Werner Koch - - * import.c (check_and_store): Do not update the stats for hidden - imports of issuer certs. - (popen_protect_tool): Request statusmessages from the protect-tool. - (parse_p12): Detect status messages. Add new arg STATS and update them. - (print_imported_summary): Include secret key stats. - -2004-04-28 Werner Koch - - * gpgsm.c: New command --keydb-clear-some-cert-flags. - * keydb.c (keydb_clear_some_cert_flags): New. - (keydb_update_keyblock, keydb_set_flags): Change error code - CONFLICT to NOT_LOCKED. - -2004-04-26 Werner Koch - - * gpgsm.c (main) : Do not use /dev/null as default config - filename. - - * call-agent.c (gpgsm_agent_pksign, gpgsm_agent_pkdecrypt) - (gpgsm_agent_genkey, gpgsm_agent_istrusted) - (gpgsm_agent_marktrusted, gpgsm_agent_havekey) - (gpgsm_agent_passwd): Add new arg CTRL and changed all callers. - (start_agent): New arg CTRL. Send progress item when starting a - new agent. - * sign.c (gpgsm_get_default_cert, get_default_signer): New arg - CTRL to be passed down to the agent function. - * decrypt.c (prepare_decryption): Ditto. - * certreqgen.c (proc_parameters, read_parameters): Ditto. - * certcheck.c (gpgsm_create_cms_signature): Ditto. - -2004-04-23 Werner Koch - - * keydb.c (keydb_add_resource): Try to compress the file on init. - - * keylist.c (oidtranstbl): New. OIDs collected from several sources. - (print_name_raw, print_names_raw, list_cert_raw): New. - (gpgsm_list_keys): Check the dump mode and pass it down as - necessary. - -2004-04-22 Werner Koch - - * gpgsm.c (main): New commands --dump-keys, --dump-external-keys, - --dump-secret-keys. - -2004-04-13 Werner Koch - - * misc.c (setup_pinentry_env): New. - * import.c (popen_protect_tool): Call it. - * export.c (popen_protect_tool): Call it. - -2004-04-08 Werner Koch - - * decrypt.c (gpgsm_decrypt): Return GPG_ERR_NO_DATA if it is not a - encrypted message. - -2004-04-07 Werner Koch - - * gpgsm.c: New option --force-crl-refresh. - * call-dirmngr.c (gpgsm_dirmngr_isvalid): Pass option to dirmngr. - -2004-04-05 Werner Koch - - * server.c (get_status_string): Add STATUS_NEWSIG. - * verify.c (gpgsm_verify): Print STATUS_NEWSIG for each signature. - - * certchain.c (gpgsm_validate_chain) : Do - not just warn if a cert is not suitable; bail out immediately. - -2004-04-01 Werner Koch - - * call-dirmngr.c (isvalid_status_cb): New. - (unhexify_fpr): New. Taken from ../g10/call-agent.c - (gpgsm_dirmngr_isvalid): Add new arg CTRL, changed caller to pass - it thru. Detect need to check the respondert cert and do that. - * certchain.c (gpgsm_validate_chain): Add new arg FLAGS. Changed - all callers. - -2004-03-24 Werner Koch - - * sign.c (gpgsm_sign): Include a short list of capabilities. - -2004-03-17 Werner Koch - - * gpgsm.c (main) : Fixed default value quoting. - -2004-03-16 Werner Koch - - * gpgsm.c (main): Implemented --gpgconf-list. - -2004-03-15 Werner Koch - - * keylist.c (list_cert_colon): Hack to set the expired flag. - -2004-03-09 Werner Koch - - * gpgsm.c (main): Correctly intitialze USE_OCSP flag. - - * keydb.c (keydb_delete): s/GPG_ERR_CONFLICT/GPG_ERR_NOT_LOCKED/ - -2004-03-04 Werner Koch - - * call-dirmngr.c (gpgsm_dirmngr_isvalid): New arg ISSUER_CERT. - - * certchain.c (is_cert_still_valid): New. Code moved from ... - (gpgsm_validate_chain): ... here because we now need to check at - two places and at a later stage, so that we can pass the issuer - cert down to the dirmngr. - -2004-03-03 Werner Koch - - * call-agent.c (start_agent): Replaced pinentry setup code by a - call to a new common function. - - * certdump.c (gpgsm_format_keydesc): Make sure the string is - returned as utf-8. - - * export.c (gpgsm_export): Make sure that we don't export more - than one certificate. - -2004-03-02 Werner Koch - - * export.c (create_duptable, destroy_duptable) - (insert_duptable): New. - (gpgsm_export): Avoid duplicates. - -2004-02-26 Werner Koch - - * certchain.c (compare_certs): New. - (gpgsm_validate_chain): Fixed infinite certificate checks after - bad signatures. - -2004-02-24 Werner Koch - - * keylist.c (list_cert_colon): Print the fingerprint as the - cert-id for root certificates. - -2004-02-21 Werner Koch - - * keylist.c (list_internal_keys): Return error codes. - (list_external_keys, gpgsm_list_keys): Ditto. - * server.c (do_listkeys): Ditto. - - * gpgsm.c (main): Display a key description for --passwd. - * call-agent.c (gpgsm_agent_passwd): New arg DESC. - -2004-02-20 Werner Koch - - * gpgsm.c (main): New option --debug-ignore-expiration. - * certchain.c (gpgsm_validate_chain): Use it here. - - * certlist.c (cert_usage_p): Apply extKeyUsage. - -2004-02-19 Werner Koch - - * export.c (export_p12, popen_protect_tool) - (gpgsm_p12_export): New. - * gpgsm.c (main): New command --export-secret-key-p12. - -2004-02-18 Werner Koch - - * gpgsm.c (set_debug): Set the new --debug-level flags. - (main): New option --gpgconf-list. - (main): Do not setup -u and -r keys when not required. - (main): Setup the used character set. - - * keydb.c (keydb_add_resource): Print a hint to start the - gpg-agent. - -2004-02-17 Werner Koch - - * gpgsm.c: Fixed value parsing for --with-validation. - * call-agent.c (start_agent): Ignore an empty GPG_AGENT_INFO. - * call-dirmngr.c (start_dirmngr): Likewise for DIRMNGR_INFO. - - * gpgsm.c: New option --with-md5-fingerprint. - * keylist.c (list_cert_std): Print MD5 fpr. - - * gpgsm.c: New options --with-validation. - * server.c (option_handler): New option "with-validation". - * keylist.c (list_cert_std, list_internal_keys): New args CTRL and - WITH_VALIDATION. Changed callers to set it. - (list_external_cb, list_external_keys): Pass CTRL to the callback. - (list_cert_colon): Add arg CTRL. Check validation if requested. - * certchain.c (unknown_criticals, allowed_ca, check_cert_policy) - (gpgsm_validate_chain): New args LISTMODE and FP. - (do_list): New helper for info output. - (find_up): New arg FIND_NEXT. - (gpgsm_validate_chain): After a bad signature try again with other - CA certificates. - - * import.c (print_imported_status): New arg NEW_CERT. Print - additional STATUS_IMPORT_OK becuase that is what gpgme expects. - (check_and_store): Always call above function after import. - * server.c (get_status_string): Added STATUS_IMPORT_OK. - -2004-02-13 Werner Koch - - * certcheck.c (gpgsm_create_cms_signature): Format a description - for use by the pinentry. - * decrypt.c (gpgsm_decrypt): Ditto. Free HEXKEYGRIP. - * certdump.c (format_name_cookie, format_name_writer) - (gpgsm_format_name): New. - (gpgsm_format_serial): New. - (gpgsm_format_keydesc): New. - * call-agent.c (gpgsm_agent_pksign): New arg DESC. - (gpgsm_agent_pkdecrypt): Ditto. - - * encrypt.c (init_dek): Check for too weak algorithms. - - * import.c (parse_p12, popen_protect_tool): New. - - * base64.c (gpgsm_create_reader): New arg ALLOW_MULTI_PEM. - Changed all callers. - (base64_reader_cb): Handle it here. - (gpgsm_reader_eof_seen): New. - (base64_reader_cb): Set a flag for EOF. - (simple_reader_cb): Ditto. - -2004-02-12 Werner Koch - - * gpgsm.h, gpgsm.c: New option --protect-tool-program. - * gpgsm.c (run_protect_tool): Use it. - -2004-02-11 Werner Koch - - * Makefile.am (AM_CPPFLAGS): Pass directory constants via -D; this - will allow to override directory names at make time. - -2004-02-02 Werner Koch - - * import.c (check_and_store): Import certificates even with - missing issuer's cert. Fixed an "depending on the verbose - setting" bug. - - * certchain.c (gpgsm_validate_chain): Mark revoked certs in the - keybox. - - * keylist.c (list_cert_colon): New arg VALIDITY; use it to print a - revoked flag. - (list_internal_keys): Retrieve validity flag. - (list_external_cb): Pass 0 as validity flag. - * keydb.c (keydb_get_flags, keydb_set_flags): New. - (keydb_set_cert_flags): New. - (lock_all): Return a proper error code. - (keydb_lock): New. - (keydb_delete): Don't lock but check that it has been locked. - (keydb_update_keyblock): Ditto. - * delete.c (delete_one): Take a lock. - -2004-01-30 Werner Koch - - * certchain.c (check_cert_policy): Fixed read error checking. - (check_cert_policy): With no critical policies issue only a - warning if the policy file does not exists. - - * sign.c (add_certificate_list): Decrement N for the first cert. - -2004-01-29 Werner Koch - - * certdump.c (parse_dn_part): Map common OIDs to human readable - labels. Make sure that a value won't get truncated if it includes - a Nul. - -2004-01-28 Werner Koch - - * certchain.c (gpgsm_validate_chain): Changed the message printed - for an untrusted root certificate. - -2004-01-27 Werner Koch - - * certdump.c (parse_dn_part): Pretty print the nameDistinguisher OID. - (print_dn_part): Do not delimit multiple RDN by " + ". Handle - multi-valued RDNs in a special way, i.e. in the order specified by - the certificate. - (print_dn_parts): Simplified. - -2004-01-16 Werner Koch - - * sign.c (gpgsm_sign): Print an error message on all failures. - * decrypt.c (gpgsm_decrypt): Ditto. - -2003-12-17 Werner Koch - - * server.c (gpgsm_server): Add arg DEFAULT_RECPLIST. - (cmd_encrypt): Add all enrypt-to marked certs to the list. - * encrypt.c (gpgsm_encrypt): Check that real recipients are - available. - * gpgsm.c (main): Make the --encrypt-to and --no-encrypt-to - options work. Pass the list of recients to gpgsm_server. - * gpgsm.h (certlist_s): Add field IS_ENCRYPT_TO. - (opt): Add NO_ENCRYPT_TO. - * certlist.c (gpgsm_add_to_certlist): New arg IS_ENCRYPT_TO. - Changed all callers and ignore duplicate entries. - (is_cert_in_certlist): New. - (gpgsm_add_cert_to_certlist): New. - - * certdump.c (gpgsm_print_serial): Cleaned up cast use in strtoul. - (gpgsm_dump_serial): Ditto. - - * decrypt.c (gpgsm_decrypt): Replaced ERR by RC. - -2003-12-16 Werner Koch - - * gpgsm.c (main): Set the prefixes for assuan logging. - - * sign.c (gpgsm_sign): Add validation checks for the default - certificate. - - * gpgsm.c: Add -k as alias for --list-keys and -K for - --list-secret-keys. - -2003-12-15 Werner Koch - - * encrypt.c (init_dek): Use gry_create_nonce for the IV; there is - not need for real strong random here and it even better protect - the random bits used for the key. - -2003-12-01 Werner Koch - - * gpgsm.c, gpgsm.h: New options --{enable,disable}-ocsp. - (gpgsm_init_default_ctrl): Set USE_OCSP to the default value. - * certchain.c (gpgsm_validate_chain): Handle USE_OCSP. - * call-dirmngr.c (gpgsm_dirmngr_isvalid): Add arg USE_OCSP and - proceed accordingly. - -2003-11-19 Werner Koch - - * verify.c (gpgsm_verify): Use "0" instead of an empty string for - the VALIDSIG status. - -2003-11-18 Werner Koch - - * verify.c (gpgsm_verify): Fixed for changes API of gcry_md_info. - - * certchain.c (unknown_criticals): Fixed an error code test. - -2003-11-12 Werner Koch - - Adjusted for API changes in Libksba. - -2003-10-31 Werner Koch - - * certchain.c (gpgsm_validate_chain): Changed to use ksba_isotime_t. - * verify.c (strtimestamp_r, gpgsm_verify): Ditto. - * sign.c (gpgsm_sign): Ditto. - * keylist.c (print_time, list_cert_std, list_cert_colon): Ditto. - * certdump.c (gpgsm_print_time, gpgsm_dump_time, gpgsm_dump_cert): - Ditto. - -2003-10-25 Werner Koch - - * certreqgen.c (read_parameters): Fixed faulty of !spacep(). - -2003-08-20 Marcus Brinkmann - - * encrypt.c (encode_session_key): Allocate enough space. Cast key - byte to unsigned char to prevent sign extension. - (encrypt_dek): Check return value before error. - -2003-08-14 Timo Schulz - - * encrypt.c (encode_session_key): Use new Libgcrypt interface. - -2003-07-31 Werner Koch - - * Makefile.am (gpgsm_LDADD): Added INTLLIBS. - -2003-07-29 Werner Koch - - * gpgsm.c (main): Add secmem features and set the random seed file. - (gpgsm_exit): Update the random seed file and enable debug output. - -2003-07-27 Werner Koch - - Adjusted for gcry_mpi_print and gcry_mpi_scan API change. - -2003-06-24 Werner Koch - - * server.c (gpgsm_status_with_err_code): New. - * verify.c (gpgsm_verify): Use it here instead of the old - tokenizing version. - - * verify.c (strtimestamp): Renamed to strtimestamp_r - - Adjusted for changes in the libgcrypt API. Some more fixes for the - libgpg-error stuff. - -2003-06-04 Werner Koch - - * call-agent.c (init_membuf,put_membuf,get_membuf): Removed. - Include new membuf header and changed used type. - - Renamed error codes from INVALID to INV and removed _ERROR suffixes. - -2003-06-03 Werner Koch - - Changed all error codes in all files to the new libgpg-error scheme. - - * gpgsm.h: Include gpg-error.h . - * Makefile.am: Link with libgpg-error. - -2003-04-29 Werner Koch - - * Makefile.am: Use libassuan. Don't override LDFLAGS anymore. - * server.c (register_commands): Adjust for new Assuan semantics. - -2002-12-03 Werner Koch - - * call-agent.c (gpgsm_agent_passwd): New. - * gpgsm.c (main): New command --passwd and --call-protect-tool - (run_protect_tool): New. - -2002-11-25 Werner Koch - - * verify.c (gpgsm_verify): Handle content-type attribute. - -2002-11-13 Werner Koch - - * call-agent.c (start_agent): Try to use $GPG_TTY instead of - ttyname. Changed ttyname to test stdin becuase it can be assumed - that output redirection is more common that input redirection. - -2002-11-12 Werner Koch - - * gpgsm.c: New command --call-dirmngr. - * call-dirmngr.c (gpgsm_dirmngr_run_command) - (run_command_inq_cb,run_command_cb) - (run_command_status_cb): New. - -2002-11-11 Werner Koch - - * certcheck.c (gpgsm_check_cms_signature): Don't double free - s_sig but free s_pkey at leave. - -2002-11-10 Werner Koch - - * gpgsm.c: Removed duplicate --list-secret-key entry. - -2002-09-19 Werner Koch - - * certcheck.c (gpgsm_check_cert_sig): Add cert hash debugging. - - * certchain.c (find_up): Print info when the cert was not found - by the autorithyKeyIdentifier. - -2002-09-03 Werner Koch - - * gpgsm.c (main): Disable the internal libgcrypt locking. - -2002-08-21 Werner Koch - - * import.c (print_imported_summary): Cleaned up. Print new - not_imported value. - (check_and_store): Update non_imported counter. - (print_import_problem): New. - (check_and_store): Print error status message. - * server.c (get_status_string): Added STATUS_IMPORT_PROBLEM. - -2002-08-20 Werner Koch - - * gpgsm.c (main): Use the log file only in server mode. - - * import.c (print_imported_summary): New. - (check_and_store): Update the counters, take new argument. - (import_one): Factored out core of gpgsm_import. - (gpgsm_import): Print counters. - (gpgsm_import_files): New. - * gpgsm.c (main): Use the new function for import. - -2002-08-19 Werner Koch - - * decrypt.c (gpgsm_decrypt): Return a better error status token. - * verify.c (gpgsm_verify): Don't error on messages with no signing - time or no message digest. This is only the case for messages - without any signed attributes. - -2002-08-16 Werner Koch - - * certpath.c: Renamed to .. - * certchain.c: this. Renamed all all other usages of "path" in the - context of certificates to "chain". - - * call-agent.c (learn_cb): Special treatment when the issuer - certificate is missing. - -2002-08-10 Werner Koch - - * Makefile.am (INCLUDES): Add definition for localedir. - - * keylist.c (list_cert_colon): Print the short fingerprint in the - key ID field. - * fingerprint.c (gpgsm_get_short_fingerprint): New. - * verify.c (gpgsm_verify): Print more verbose info for a good - signature. - -2002-08-09 Werner Koch - - * decrypt.c (prepare_decryption): Hack to detected already - unpkcsedone keys. - - * gpgsm.c (emergency_cleanup): New. - (main): Initialize the signal handler. - - * sign.c (gpgsm_sign): Reset the hash context for subsequent - signers and release it at the end. - -2002-08-05 Werner Koch - - * server.c (cmd_signer): New command "SIGNER" - (register_commands): Register it. - (cmd_sign): Pass the signer list to gpgsm_sign. - * certlist.c (gpgsm_add_to_certlist): Add SECRET argument, check - for secret key if set and changed all callers. - * sign.c (gpgsm_sign): New argument SIGNERLIST and implemt - multiple signers. - * gpgsm.c (main): Support more than one -u. - - * server.c (cmd_recipient): Return reason code 1 for No_Public_Key - which is actually what gets returned from add_to_certlist. - -2002-07-26 Werner Koch - - * certcheck.c (gpgsm_check_cert_sig): Implement proper cleanup. - (gpgsm_check_cms_signature): Ditto. - -2002-07-22 Werner Koch - - * keydb.c (keydb_add_resource): Register a lock file. - (lock_all, unlock_all): Implemented. - - * delete.c: New. - * gpgsm.c: Made --delete-key work. - * server.c (cmd_delkeys): New. - (register_commands): New command DELKEYS. - - * decrypt.c (gpgsm_decrypt): Print a convenience note when RC2 is - used and a STATUS_ERROR with the algorithm oid. - -2002-07-03 Werner Koch - - * server.c (gpgsm_status2): Insert a blank between all optional - arguments when using assuan. - * server.c (cmd_recipient): No more need for extra blank in constants. - * import.c (print_imported_status): Ditto. - * gpgsm.c (main): Ditto. - -2002-07-02 Werner Koch - - * verify.c (gpgsm_verify): Extend the STATUS_BADSIG line with - the fingerprint. - - * certpath.c (check_cert_policy): Don't use log_error to print a - warning. - - * keydb.c (keydb_store_cert): Add optional ar EXISTED and changed - all callers. - * call-agent.c (learn_cb): Print info message only for real imports. - - * import.c (gpgsm_import): Moved duplicated code to ... - (check_and_store): new function. Added magic to import the entire - chain. Print status only for real imports and moved printing code - to .. - (print_imported_status): New. - - * call-dirmngr.c (gpgsm_dirmngr_isvalid): print status of dirmngr - call in very verbose mode. - - * gpgsm.c (main): Use the same error codes for STATUS_INV_RECP as - with the server mode. - -2002-06-29 Werner Koch - - * gpgsm.c: New option --auto-issuer-key-retrieve. - * certpath.c (find_up): Try to retrieve an issuer key from an - external source and from the ephemeral key DB. - (find_up_store_certs_cb): New. - - * keydb.c (keydb_set_ephemeral): Does now return the old - state. Call the backend only when required. - - * call-dirmngr.c (start_dirmngr): Use GNUPG_DEFAULT_DIRMNGR. - (lookup_status_cb): Issue status only when CTRL is not NULL. - (gpgsm_dirmngr_lookup): Document that CTRL is optional. - - * call-agent.c (start_agent): Use GNUPG_DEFAULT_AGENT. - -2002-06-28 Werner Koch - - * server.c (cmd_recipient): Add more reason codes. - -2002-06-27 Werner Koch - - * certpath.c (gpgsm_basic_cert_check): Use - --debug-no-path-validation to also bypass this basic check. - - * gpgsm.c (main): Use GNUPG_DEFAULT_HOMEDIR constant. - - * call-agent.c (start_agent): Create and pass the list of FD to - keep in the child to assuan. - * call-dirmngr.c (start_dirmngr): Ditto. - -2002-06-26 Werner Koch - - * import.c (gpgsm_import): Print an STATUS_IMPORTED. - - * gpgsm.c: --debug-no-path-validation does not take an argument. - -2002-06-25 Werner Koch - - * certdump.c (print_dn_part): Always print a leading slash, - removed NEED_DELIM arg and changed caller. - - * export.c (gpgsm_export): Print LFs to FP and not stdout. - (print_short_info): Ditto. Make use of gpgsm_print_name. - - * server.c (cmd_export): Use output-fd instead of data lines; this - was actually the specified way. - -2002-06-24 Werner Koch - - * gpgsm.c: Removed duped help entry for --list-keys. - - * gpgsm.c, gpgsm.h: New option --debug-no-path-validation. - - * certpath.c (gpgsm_validate_path): Use it here instead of the - debug flag hack. - - * certpath.c (check_cert_policy): Return No_Policy_Match if the - policy file could not be opened. - -2002-06-20 Werner Koch - - * certlist.c (gpgsm_add_to_certlist): Fixed locating of a - certificate with the required key usage. - - * gpgsm.c (main): Fixed a segv when using --outfile without an - argument. - - * keylist.c (print_capabilities): Also check for non-repudiation - and data encipherment. - * certlist.c (cert_usage_p): Test for signing and encryption was - swapped. Add a case for certification usage, handle - non-repudiation and data encipherment. - (gpgsm_cert_use_cert_p): New. - (gpgsm_add_to_certlist): Added a CTRL argument and changed all - callers to pass it. - * certpath.c (gpgsm_validate_path): Use it here to print a status - message. Added a CTRL argument and changed all callers to pass it. - * decrypt.c (gpgsm_decrypt): Print a status message for wrong key - usage. - * verify.c (gpgsm_verify): Ditto. - * keydb.c (classify_user_id): Allow a colon delimited fingerprint. - -2002-06-19 Werner Koch - - * call-agent.c (learn_cb): Use log_info instead of log_error on - successful import. - - * keydb.c (keydb_set_ephemeral): New. - (keydb_store_cert): New are ephemeral, changed all callers. - * keylist.c (list_external_cb): Store cert as ephemeral. - * export.c (gpgsm_export): Kludge to export epehmeral certificates. - - * gpgsm.c (main): New command --list-external-keys. - -2002-06-17 Werner Koch - - * certreqgen.c (read_parameters): Improved error handling. - (gpgsm_genkey): Print error message. - -2002-06-13 Werner Koch - - * gpgsm.c (main): New option --log-file. - -2002-06-12 Werner Koch - - * call-dirmngr.c (lookup_status_cb): New. - (gpgsm_dirmngr_lookup): Use the status CB. Add new arg CTRL and - changed caller to pass it. - - * gpgsm.c (open_fwrite): New. - (main): Allow --output for --verify. - - * sign.c (hash_and_copy_data): New. - (gpgsm_sign): Implemented normal (non-detached) signatures. - * gpgsm.c (main): Ditto. - - * certpath.c (gpgsm_validate_path): Special error handling for - no policy match. - -2002-06-10 Werner Koch - - * server.c (get_status_string): Add STATUS_ERROR. - - * certpath.c (gpgsm_validate_path): Tweaked the error checking to - return error codes in a more sensitive way. - * verify.c (gpgsm_verify): Send status TRUST_NEVER also for a bad - CA certificate and when the certificate has been revoked. Issue - TRUST_FULLY even when the cert has expired. Append an error token - to these status lines. Issue the new generic error status when a - cert was not found and when leaving the function. - -2002-06-04 Werner Koch - - * gpgsm.c (main): New command --list-sigs - * keylist.c (list_cert_std): New. Use it whenever colon mode is - not used. - (list_cert_chain): New. - -2002-05-31 Werner Koch - - * gpgsm.c (main): Don't print the "go ahead" message for an - invalid command. - -2002-05-23 Werner Koch - - * import.c (gpgsm_import): Add error messages. - -2002-05-21 Werner Koch - - * keylist.c (list_internal_keys): Renamed from gpgsm_list_keys. - (list_external_keys): New. - (gpgsm_list_keys): Dispatcher for above. - * call-dirmngr.c (lookup_cb,pattern_from_strlist) - (gpgsm_dirmngr_lookup): New. - * server.c (option_handler): Handle new option --list-mode. - (do_listkeys): Handle options and actually use the mode argument. - (get_status_string): New code TRUNCATED. - - * import.c (gpgsm_import): Try to identify the type of input and - handle certs-only messages. - -2002-05-14 Werner Koch - - * gpgsm.c: New option --faked-system-time - * sign.c (gpgsm_sign): And use it here. - * certpath.c (gpgsm_validate_path): Ditto. - -2002-05-03 Werner Koch - - * certpath.c (gpgsm_validate_path): Added EXPTIME arg and changed - all callers. - * verify.c (gpgsm_verify): Tweaked usage of log_debug and - log_error. Return EXPSIG status and add expiretime to VALIDSIG. - -2002-04-26 Werner Koch - - * gpgsm.h (DBG_AGENT,DBG_AGENT_VALUE): Replaced by DBG_ASSUAN_*. - Changed all users. - - * call-agent.c (start_agent): Be more silent without -v. - * call-dirmngr.c (start_dirmngr): Ditto. - -2002-04-25 Werner Koch - - * call-agent.c (start_agent): Make copies of old locales and check - for setlocale. - -2002-04-25 Marcus Brinkmann - - * call-agent.c (start_agent): Fix error handling logic so the - locale is always correctly reset. - -2002-04-25 Marcus Brinkmann - - * server.c (option_handler): Accept display, ttyname, ttytype, - lc_ctype and lc_messages options. - * gpgsm.c (main): Allocate memory for these options. - * gpgsm.h (struct opt): Make corresponding members non-const. - -2002-04-24 Marcus Brinkmann - - * gpgsm.h (struct opt): New members display, ttyname, ttytype, - lc_ctype, lc_messages. - * gpgsm.c (enum cmd_and_opt_values): New members oDisplay, - oTTYname, oTTYtype, oLCctype, oLCmessages. - (opts): New entries for these options. - (main): Handle these new options. - * call-agent.c (start_agent): Set the various display and tty - parameter after resetting. - -2002-04-18 Werner Koch - - * certreqgen.c (gpgsm_genkey): Write status output on success. - -2002-04-15 Werner Koch - - * gpgsm.c (main): Check ksba version. - - * certpath.c (find_up): New to use the authorithKeyIdentifier. - Use it in all other functions to locate the signing cert.. - -2002-04-11 Werner Koch - - * certlist.c (cert_usable_p): New. - (gpgsm_cert_use_sign_p,gpgsm_cert_use_encrypt_p): New. - (gpgsm_cert_use_verify_p,gpgsm_cert_use_decrypt_p): New. - (gpgsm_add_to_certlist): Check the key usage. - * sign.c (gpgsm_sign): Ditto. - * verify.c (gpgsm_verify): Print a message wehn an unsuitable - certificate was used. - * decrypt.c (gpgsm_decrypt): Ditto - * keylist.c (print_capabilities): Determine values from the cert. - -2002-03-28 Werner Koch - - * keylist.c (list_cert_colon): Fixed listing of crt record; the - issuer is not at the right place. Print a chainingID. - * certpath.c (gpgsm_walk_cert_chain): Be a bit more silent on - common errors. - -2002-03-21 Werner Koch - - * export.c: New. - * gpgsm.c: Add command --export. - * server.c (cmd_export): New. - -2002-03-13 Werner Koch - - * decrypt.c (gpgsm_decrypt): Allow multiple recipients. - -2002-03-12 Werner Koch - - * certpath.c (check_cert_policy): Print the policy list. - - * verify.c (gpgsm_verify): Detect certs-only message. - -2002-03-11 Werner Koch - - * import.c (gpgsm_import): Print a notice about imported certificates - when in verbose mode. - - * gpgsm.c (main): Print INV_RECP status. - * server.c (cmd_recipient): Ditto. - - * server.c (gpgsm_status2): New. Allows for a list of strings. - (gpgsm_status): Divert to gpgsm_status2. - - * encrypt.c (gpgsm_encrypt): Don't use a default key when no - recipients are given. Print a NO_RECP status. - -2002-03-06 Werner Koch - - * server.c (cmd_listkeys, cmd_listsecretkeys): Divert to - (do_listkeys): new. Add pattern parsing. - - * keylist.c (gpgsm_list_keys): Handle selection pattern. - - * gpgsm.c: New command --learn-card - * call-agent.c (learn_cb,gpgsm_agent_learn): New. - - * gpgsm.c (main): Print error messages for non-implemented commands. - - * base64.c (base64_reader_cb): Use case insensitive compare of the - Content-Type string to detect plain base-64. - -2002-03-05 Werner Koch - - * gpgsm.c, gpgsm.h: Add local_user. - * sign.c (gpgsm_get_default_cert): New. - (get_default_signer): Use the new function if local_user is not - set otherwise used that value. - * encrypt.c (get_default_recipient): Removed. - (gpgsm_encrypt): Use gpgsm_get_default_cert. - - * verify.c (gpgsm_verify): Better error text for a bad signature - found by comparing the hashs. - -2002-02-27 Werner Koch - - * call-dirmngr.c, call-agent.c: Add 2 more arguments to all uses - of assuan_transact. - -2002-02-25 Werner Koch - - * server.c (option_handler): Allow to use -2 for "send all certs - except the root cert". - * sign.c (add_certificate_list): Implement it here. - * certpath.c (gpgsm_is_root_cert): New. - -2002-02-19 Werner Koch - - * certpath.c (check_cert_policy): New. - (gpgsm_validate_path): And call it from here. - * gpgsm.c (main): New options --policy-file, - --disable-policy-checks and --enable-policy-checks. - * gpgsm.h (opt): Added policy_file, no_policy_checks. - -2002-02-18 Werner Koch - - * certpath.c (gpgsm_validate_path): Ask the agent to add the - certificate into the trusted list. - * call-agent.c (gpgsm_agent_marktrusted): New. - -2002-02-07 Werner Koch - - * certlist.c (gpgsm_add_to_certlist): Check that the specified - name identifies a certificate unambiguously. - (gpgsm_find_cert): Ditto. - - * server.c (cmd_listkeys): Check that the data stream is available. - (cmd_listsecretkeys): Ditto. - (has_option): New. - (cmd_sign): Fix ambiguousity in option recognition. - - * gpgsm.c (main): Enable --logger-fd. - - * encrypt.c (gpgsm_encrypt): Increased buffer size for better - performance. - - * call-agent.c (gpgsm_agent_pksign): Check the S-Exp received from - the agent. - - * keylist.c (list_cert_colon): Filter out control characters. - -2002-02-06 Werner Koch - - * decrypt.c (gpgsm_decrypt): Bail out after an decryption error. - - * server.c (reset_notify): Close input and output FDs. - (cmd_encrypt,cmd_decrypt,cmd_verify,cmd_sign.cmd_import) - (cmd_genkey): Close the FDs and release the recipient list even in - the error case. - -2002-02-01 Marcus Brinkmann - - * sign.c (gpgsm_sign): Do not release certificate twice. - -2002-01-29 Werner Koch - - * call-agent.c (gpgsm_agent_havekey): New. - * keylist.c (list_cert_colon): New arg HAVE_SECRET, print "crs" - when we know that the secret key is available. - (gpgsm_list_keys): New arg MODE, check whether a secret key is - available. Changed all callers. - * gpgsm.c (main): New command --list-secret-keys. - * server.c (cmd_listsecretkeys): New. - (cmd_listkeys): Return secret keys with "crs" record. - -2002-01-28 Werner Koch - - * certreqgen.c (create_request): Store the email address in the req. - -2002-01-25 Werner Koch - - * gpgsm.c (main): Disable core dumps. - - * sign.c (add_certificate_list): New. - (gpgsm_sign): Add the certificates to the CMS object. - * certpath.c (gpgsm_walk_cert_chain): New. - * gpgsm.h (server_control_s): Add included_certs. - * gpgsm.c: Add option --include-certs. - (gpgsm_init_default_ctrl): New. - (main): Call it. - * server.c (gpgsm_server): Ditto. - (option_handler): Support --include-certs. - -2002-01-23 Werner Koch - - * certpath.c (gpgsm_validate_path): Print the DN of a missing issuer. - * certdump.c (gpgsm_dump_string): New. - (print_dn): Replaced by above. - -2002-01-22 Werner Koch - - * certpath.c (unknown_criticals): New. - (allowed_ca): New. - (gpgsm_validate_path): Check validity, CA attribute, path length - and unknown critical extensions. - -2002-01-21 Werner Koch - - * gpgsm.c: Add option --enable-crl-checks. - - * call-agent.c (start_agent): Implemented socket based access. - * call-dirmngr.c (start_dirmngr): Ditto. - -2002-01-20 Werner Koch - - * server.c (option_handler): New. - (gpgsm_server): Register it with assuan. - -2002-01-19 Werner Koch - - * server.c (gpgsm_server): Use assuan_deinit_server and setup - assuan logging if enabled. - * call-agent.c (inq_ciphertext_cb): Don't show the session key in - an Assuan log file. - - * gpgsm.c (my_strusage): Take bugreport address from configure.ac - -2002-01-15 Werner Koch - - * import.c (gpgsm_import): Just do a basic cert check before - storing it. - * certpath.c (gpgsm_basic_cert_check): New. - - * keydb.c (keydb_store_cert): New. - * import.c (store_cert): Removed and change all caller to use - the new function. - * verify.c (store_cert): Ditto. - - * certlist.c (gpgsm_add_to_certlist): Validate the path - - * certpath.c (gpgsm_validate_path): Check the trust list. - * call-agent.c (gpgsm_agent_istrusted): New. - -2002-01-14 Werner Koch - - * call-dirmngr.c (inq_certificate): Changed for new interface semantic. - * certlist.c (gpgsm_find_cert): New. - -2002-01-13 Werner Koch - - * fingerprint.c (gpgsm_get_certid): Print the serial and not the - hash after the dot. - -2002-01-11 Werner Koch - - * call-dirmngr.c: New. - * certpath.c (gpgsm_validate_path): Check the CRL here. - * fingerprint.c (gpgsm_get_certid): New. - * gpgsm.c: New options --dirmngr-program and --disable-crl-checks. - -2002-01-10 Werner Koch - - * base64.c (gpgsm_create_writer): Allow to set the object name - -2002-01-08 Werner Koch - - * keydb.c (spacep): Removed because it is now in util.c - - * server.c (cmd_genkey): New. - * certreqgen.c: New. The parameter handling code has been taken - from gnupg/g10/keygen.c version 1.0.6. - * call-agent.c (gpgsm_agent_genkey): New. - -2002-01-02 Werner Koch - - * server.c (rc_to_assuan_status): Removed and changed all callers - to use map_to_assuan_status. - -2001-12-20 Werner Koch - - * verify.c (gpgsm_verify): Implemented non-detached signature - verification. Add OUT_FP arg, initialize a writer and changed all - callers. - * server.c (cmd_verify): Pass an out_fp if one has been set. - - * base64.c (base64_reader_cb): Try to detect an S/MIME body part. - - * certdump.c (print_sexp): Renamed to gpgsm_dump_serial, made - global. - (print_time): Renamed to gpgsm_dump_time, made global. - (gpgsm_dump_serial): Take a real S-Expression as argument and - print the first item. - * keylist.c (list_cert_colon): Ditto. - * keydb.c (keydb_search_issuer_sn): Ditto. - * decrypt.c (print_integer_sexp): Removed and made callers - use gpgsm_dump_serial. - * verify.c (print_time): Removed, made callers use gpgsm_dump_time. - -2001-12-19 Marcus Brinkmann - - * call-agent.c (start_agent): Add new argument to assuan_pipe_connect. - -2001-12-18 Werner Koch - - * verify.c (print_integer_sexp): Renamed from print_integer and - print the serial number according to the S-Exp rules. - * decrypt.c (print_integer_sexp): Ditto. - -2001-12-17 Werner Koch - - * keylist.c (list_cert_colon): Changed for new return value of - get_serial. - * keydb.c (keydb_search_issuer_sn): Ditto. - * certcheck.c (gpgsm_check_cert_sig): Likewise for other S-Exp - returingin functions. - * fingerprint.c (gpgsm_get_keygrip): Ditto. - * encrypt.c (encrypt_dek): Ditto - * certcheck.c (gpgsm_check_cms_signature): Ditto - * decrypt.c (prepare_decryption): Ditto. - * call-agent.c (gpgsm_agent_pkdecrypt): Removed arg ciphertextlen, - use KsbaSexp type and calculate the length. - - * certdump.c (print_sexp): Remaned from print_integer, changed caller. - - * Makefile.am: Use the LIBGCRYPT and LIBKSBA variables. - - * fingerprint.c (gpgsm_get_keygrip): Use the new - gcry_pk_get_keygrip to calculate the grip - note the algorithm and - therefore the grip values changed. - -2001-12-15 Werner Koch - - * certcheck.c (gpgsm_check_cms_signature): Removed the faked-key - kludge. - (gpgsm_create_cms_signature): Removed the commented fake key - code. This makes the function pretty simple. - - * gpgsm.c (main): Renamed the default key database to "keyring.kbx". - - * decrypt.c (gpgsm_decrypt): Write STATUS_DECRYPTION_*. - * sign.c (gpgsm_sign): Write a STATUS_SIG_CREATED. - -2001-12-14 Werner Koch - - * keylist.c (list_cert_colon): Kludge to show an email address - encoded in the subject's DN. - - * verify.c (gpgsm_verify): Add hash debug helpers - * sign.c (gpgsm_sign): Ditto. - - * base64.c (base64_reader_cb): Reset the linelen when we need to - skip the line and adjusted test; I somehow forgot about DeMorgan. - - * server.c (cmd_encrypt,cmd_decrypt,cmd_sign,cmd_verify) - (cmd_import): Close the FDs on success. - (close_message_fd): New. - (input_notify): Setting autodetect_encoding to 0 after initializing - it to 0 is pretty pointless. Easy to fix. - - * gpgsm.c (main): New option --debug-wait n, so that it is - possible to attach gdb when used in server mode. - - * sign.c (get_default_signer): Use keydb_classify_name here. - -2001-12-14 Marcus Brinkmann - - * call-agent.c (LINELENGTH): Removed. - (gpgsm_agent_pksign): Use ASSUAN_LINELENGTH, not LINELENGTH. - (gpgsm_agent_pkdecrypt): Likewise. - -2001-12-13 Werner Koch - - * keylist.c (list_cert_colon): Print alternative names of subject - and a few other values. - -2001-12-12 Werner Koch - - * gpgsm.c (main): New options --assume-{armor,base64,binary}. - * base64.c (base64_reader_cb): Fixed non-autodetection mode. - -2001-12-04 Werner Koch - - * call-agent.c (read_from_agent): Check for inquire responses. - (request_reply): Handle them using a new callback arg, changed all - callers. - (gpgsm_agent_pkdecrypt): New. - -2001-11-27 Werner Koch - - * base64.c: New. Changed all other functions to use this instead - of direct creation of ksba_reader/writer. - * gpgsm.c (main): Set ctrl.auto_encoding unless --no-armor is used. - -2001-11-26 Werner Koch - - * gpgsm.c: New option --agent-program - * call-agent.c (start_agent): Allow to override the default path - to the agent. - - * keydb.c (keydb_add_resource): Create keybox - - * keylist.c (gpgsm_list_keys): Fixed non-server keylisting. - - * server.c (rc_to_assuan_status): New. Use it for all commands. - - - Copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, - 2010, 2011 Free Software Foundation, Inc. - - This file is free software; as a special exception the author gives - unlimited permission to copy and/or distribute it, with or without - modifications, as long as this notice is preserved. - - This file is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY, to the extent permitted by law; without even the - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/sm/ChangeLog-2011 b/sm/ChangeLog-2011 new file mode 100644 index 000000000..4a4df8632 --- /dev/null +++ b/sm/ChangeLog-2011 @@ -0,0 +1,2968 @@ +2011-12-01 Werner Koch + + NB: ChangeLog files are no longer manually maintained. Starting + on December 1st, 2011 we put change information only in the GIT + commit log, and generate a top-level ChangeLog file from logs at + "make dist". See doc/HACKING for details. + +2011-09-20 Werner Koch + + * verify.c (gpgsm_verify): s/gcry_md_start_debug/gcry_md_debug/ + in preparation for Libgcrypt 1.6. + * sign.c (gpgsm_sign): Ditto. + * certreqgen.c (create_request): Ditto. + * certcheck.c (gpgsm_check_cert_sig): Ditto. + +2011-08-10 Werner Koch + + * keydb.c (keydb_add_resource): Remove unsued var CREATED_FNAME. + + * gpgsm.c (main): Remove unused var FNAME. + +2011-07-21 Werner Koch + + * call-dirmngr.c (get_cached_cert, get_cached_cert_data_cb): New. + (gpgsm_dirmngr_isvalid): Try to get the only-valid-if-cert-valid + certificate from the dirmngr first. + +2011-06-01 Marcus Brinkmann + + * certreqgen.c (proc_parameters): Initialize RC. + +2011-04-25 Werner Koch + + * certlist.c (gpgsm_add_to_certlist): Mark classify_user_id for + use with non-OpenPGP. + (gpgsm_find_cert): Ditto. + * sign.c (get_default_signer): Ditto. + * keylist.c (list_internal_keys): Ditto. + * import.c (reimport_one): Ditto. + * export.c (gpgsm_export): Ditto. + * delete.c (delete_one): Ditto. + +2011-03-10 Werner Koch + + * minip12.c (oid_pkcs5PBKDF2, oid_pkcs5PBES2, oid_aes128_CBC): New. + (set_key_iv_pbes2): New. + (crypt_block): Add args IV and IVLEN. Call set_key_iv_pbes2. + (decrypt_block): Add args IV and IVLEN. + (parse_bag_encrypted_data): Hack to support PBES2 data. + (parse_bag_data): Ditto. + +2011-03-03 Werner Koch + + * base64.c (base64_finish_write): Do not copy to radbuf to get rid + of a faulty gcc 4.4 "used uninitialized" warning. + +2011-03-01 Werner Koch + + * certreqgen.c (pSERIAL, pISSUERDN, pNOTBEFORE, pNOTAFTER) + (pSIGNINGKEY, pHASHALGO): New. + (reqgen_ctrl_s): Remove field WRITER. + (read_parameters): Support new keywords. Change arg WRITER to + OUT_FP; pass that to proc_parameters. + (proc_parameters): Add arg WRITER. Check values of new keywords. + Create writer object here. Support generation of certificates. + (create_request): Take new arg SIGKEY. Allow for hash algorithms + other than SHA-1. Set serialno and other values for certificate + creation. + (gpgsm_genkey): Do not create writer object but pass output stream + to read_parameters. + * certreqgen-ui.c (gpgsm_gencertreq_tty): Ask for self-signed. + * misc.c (transform_sigval): New. + +2011-02-25 Werner Koch + + * certreqgen.c (create_request): Add arg SIGKEY. + +2010-11-25 Werner Koch + + * base64.c (gpgsm_create_writer): Remove arg FP which is not used + by any caller. Change all callers. + (struct writer_cb_parm_s): Remove field FP. + (do_putc, do_fputs): Remove and replace callers by direct calls to + es_ functions. + +2010-11-23 Werner Koch + + * Makefile.am (gpgsm_LDADD): Add extra_bin_ldflags. + +2010-10-08 Werner Koch + + * gpgsm.c: Add option --with-keygrip. + * gpgsm.h (struct opt): Add WITH_KEYGRIP. + * keylist.c (list_cert_std): Implement option. + +2010-09-16 Werner Koch + + * certchain.c (gpgsm_walk_cert_chain): Use GPG_ERR_MISSING_ISSUER_CERT. + (do_validate_chain): Ditto. + (gpgsm_basic_cert_check): Ditto. + * call-agent.c (learn_cb): Take care of new + GPG_ERR_MISSING_ISSUER_CERT. + * import.c (check_and_store): Ditto. + (check_and_store): Ditto. + +2010-08-16 Werner Koch + + * gpgsm.c (main) : Use es_printf. + + * call-dirmngr.c (start_dirmngr_ext): Use new start_new_dirmngr + function. + + * gpgsm.c: Mark option --prefer-system-dirmngr obsolete. + (main): Enable dirmngr by default. + + * gpgsm.h (struct opt): Remove field PREFER_SYSTEM_DIRMNGR. + + * server.c (gpgsm_server): Use dirmngr_socket_name instead of the + envvar for the hello line info. + +2010-06-21 Werner Koch + + * minip12.c (p12_build): Change arg CERT to const void ptr. + (build_cert_sequence): Change arg CERT to const ptr. + + * gpgsm.c (main) : Use to estream. + (open_fwrite): Removed. + + * export.c: Include minip12.h. + (popen_protect_tool): Remove. + (export_p12): Use gpg-agent directly. Change calling convention. + (gpgsm_p12_export): Adjust for that change. Change arg FP to an + estream_t. + (do_putc): Remove. Change callers to es_putc. + (do_fputs): Likewise. + (print_short_info): Remove arg FP. + * call-agent.c (gpgsm_agent_export_key): new. + +2010-06-17 Werner Koch + + * import.c (parse_p12): Remove arg retfp. Use the agent's new + import command. + (import_one): Adjust call to pkcs12. + (store_cert_cb, rsa_key_check): New. + (popen_protect_tool): Remove. + * minip12.c (parse_bag_encrypted_data, p12_parse): Add arg + R_BADPASS. + * call-agent.c (gpgsm_agent_ask_passphrase): New. + (gpgsm_agent_keywrap_key): New. + (struct import_key_parm_s): New. + (gpgsm_agent_import_key): New. + * minip12.c, minip12.h: Move from ../agent/. + * Makefile.am (gpgsm_SOURCES): Add them. + +2010-06-11 Marcus Brinkmann + + * server.c (cmd_message) [HAVE_W32CE_SYSTEM]: Finish pipe. + +2010-06-10 Marcus Brinkmann + + * server.c (SERVER_STDIN, SERVER_STDOUT): New macros. + (gpgsm_server): Use them with assuan_fdopen. + +2010-04-23 Marcus Brinkmann + + * certreqgen.c (read_parameters): Use ascii_isspace instead of + spacep to stop at newline, too. + +2010-04-14 Werner Koch + + * gpgsm.c (main) [W32CE]: Disable dirmngr for now. + +2010-04-13 Werner Koch + + * sign.c (gpgsm_sign): Do not check qualified status in + no-chain-validation mode. + +2010-04-08 Werner Koch + + * gpgsm.c (open_es_fread): Add arg mode. + (main) : Call with mode "r" instead of "rb". + +2010-04-07 Werner Koch + + * misc.c: Remove setenv.h. Include sysutils.h. + (setup_pinentry_env): s/setenv/gnupg_setenv/ + +2010-03-24 Werner Koch + + * Makefile.am (gpgsm_LDADD): Add extra_sys_libs. + +2010-03-23 Werner Koch + + * qualified.c (gpgsm_is_in_qualified_list): Replace rewind by + fseek+clearerr. + +2010-03-22 Werner Koch + + * import.c (parse_p12): Use estream functions for the tmp streams. + * export.c (export_p12): Ditto. + +2010-03-11 Werner Koch + + * verify.c (gpgsm_verify): Use gpgsm_es_print_name. + + * gpgsm.c: Include "asshelp.h". + (main): Remove assuan_set_assuan_log_prefix. Add + assuan_set_log_cb. + * server.c (gpgsm_server): Remove assuan_set_log_stream. + +2010-03-10 Werner Koch + + * Makefile.am (common_libs): Remove libjnlib.a. Change order. + + * gpgsm.h: Remove "estream.h". + +2010-03-08 Werner Koch + + * certreqgen.c (gpgsm_genkey): Change OUT_FP to an estream_t + OUT_STREAM. + * certreqgen-ui.c (gpgsm_gencertreq_tty): ditto. + + * server.c (cmd_genkey): Close IN_STREAM. + + * server.c (cmd_encrypt, cmd_decrypt, cmd_verify, cmd_sign): Avoid + dup call by using es_fdopen_nc. + (do_listkeys): Use es_fdopen_nc instead of dup and es_fdopen. + (cmd_export): Ditto. + (cmd_genkey): Ditto. + * export.c (popen_protect_tool): Change OUTFILE to an estream_t. + (export_p12): Change OUTFP and arg RETFP to an estream_t. + (gpgsm_p12_export): Change DATAFP to an estream_t. + (gpgsm_export): Remove arg FP. + * import.c (import_one): Change CERTFP and arg FP to an estream_t. + (popen_protect_tool): Ditto for OUTFILE. + (parse_p12): Change CERTFP to an estream_t. + * sign.c (hash_data, hash_and_copy_data): Use estream. + (gpgsm_sign): Change arg OUT_FP to an estream_t. + * verify.c (gpgsm_verify): Rename FP to IN_FP. Change FP and arg + OUT_FP to an estream_t. + (hash_data): Use estream. + * base64.c (struct reader_cb_parm_s): Change FP to an estream_t. + (gpgsm_create_reader): Ditto. + (simple_reader_cb, base64_reader_cb): Adjust accordingly. + * decrypt.c (gpgsm_decrypt): Change OUT_FP and IN_FP to an estream_t. + * encrypt.c (gpgsm_encrypt): Change OUT_FP to an estream_t. Ditto + for DATA_FD. + (encrypt_cb): Use estream. + * gpgsm.c (main) : Use estream + functions. + (main) : Use open_es_fwrite. + +2009-12-14 Werner Koch + + * server.c (cmd_passwd): New. + (register_commands): Register new command. + +2009-12-10 Werner Koch + + * gpgsm.c: Add option --ignore-cert-extension. + * gpgsm.h (opt): Add field IGNORED_CERT_EXTENSIONS. + * certchain.c (unknown_criticals): Handle ignored extensions, + +2009-12-08 Werner Koch + + * keydb.c (keydb_search_kid): Fix code even that it is not used. + (classify_user_id): Adjust for change of u.kid type. + (keydb_classify_name): Replace GPG_ERR_INV_NAME by + GPG_ERR_INV_USER_ID. + (keydb_classify_name): Remove. Replace all callers by + classify_user_id. + +2009-12-08 Marcus Brinkmann + + * call-dirmngr.c (start_dirmngr_ext): Convert posix fd to assuan fd. + +2009-12-03 Werner Koch + + * gpgsm.c (set_debug): Allow for numerical debug leveles. Print + active debug flags. + +2009-12-02 Werner Koch + + * verify.c (gpgsm_verify): Add audit info on hash algorithms. + + * sign.c (gpgsm_sign): Add audit log calls. + (hash_data): Return an error indicator. + +2009-12-01 Werner Koch + + * decrypt.c (gpgsm_decrypt): Add audit log calls. + + * gpgsm.c: New option --html-audit-log. + +2009-11-25 Marcus Brinkmann + + * server.c (gpgsm_server): Use assuan_fd_t and assuan_fdopen on + fds. + +2009-11-23 Werner Koch + + * gpgsm.c (main) : Add key "default_pubkey_algo". + +2009-11-10 Marcus Brinkmann + + * server.c (cmd_getauditlog): Don't dup FD for es_fdopen_nc as + this leaks the FD here. + +2009-11-05 Marcus Brinkmann + + * call-dirmngr.c (start_dirmngr_ext): Update use of + assuan_pipe_connect and assuan_socket_connect. + +2009-11-04 Werner Koch + + * certreqgen.c (proc_parameters): Change fallback key length to + 2048. + + * server.c (register_commands): Add help arg to + assuan_register_command. Provide help strings for all commands. + +2009-11-02 Marcus Brinkmann + + * server.c (reset_notify, input_notify, output_notify): Update to + new assuan interface. + (register_commands): Use assuan_handler_t. + * call-agent.c (membuf_data_cb, default_inq_cb) + (inq_ciphertext_cb, scd_serialno_status_cb) + (scd_keypairinfo_status_cb, istrusted_status_cb) + (learn_status_cb, learn_cb, keyinfo_status_cb): Return gpg_error_t. + +2009-10-16 Werner Koch + + * gpgsm.c (default_include_certs): Change to -2. + (DEFAULT_INCLUDE_CERTS): New. + (DEFAULT_CIPHER_ALGO): New. Use instead of hardcoded "3DES". + +2009-09-30 Werner Koch + + * gpgsm.c (main): Remove obsolete GCRYCTL_DISABLE_INTERNAL_LOCKING. + +2009-09-23 Marcus Brinkmann + + * gpgsm.c (main): Update to new assuan API. + * server.c: Include "gpgsm.h" before due to check for + GPG_ERR_SOURCE_DEFAULT and assuan.h now including gpg-error.h. + (option_handler, cmd_recipient, cmd_signer, cmd_encrypt) + (cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export) + (cmd_delkeys, cmd_message, cmd_listkeys, cmd_dumpkeys) + (cmd_listsecretkeys, cmd_dumpsecretkeys, cmd_genkey) + (cmd_getauditlog, cmd_getinfo): Return gpg_error_t instead of int. + (register_commands): Same for member HANDLER in table. + (gpgsm_server): Allocate assuan context before starting server. + * sm/call-dirmngr.c: + * call-dirmngr.c (prepare_dirmngr): Check for CTX and error before + setting LDAPSERVER. + (start_dirmngr_ext): Allocate assuan context before starting + server. + (inq_certificate, isvalid_status_cb, lookup_cb, lookup_status_cb) + (run_command_cb, run_command_inq_cb, run_command_status_cb): + Return gpg_error_t instead of int. + +2009-08-06 Werner Koch + + * sign.c (gpgsm_sign): Print INV_SNDR for a bad default key. + + * server.c (cmd_signer): Remove unneeded case for -1. Send + INV_SGNR. Use new map function. + (cmd_recipient): Use new map function. + * gpgsm.c (do_add_recipient): Use new map function for INV_RECP. + (main): Ditto. Also send INV_SGNR. + +2009-07-30 Werner Koch + + * call-agent.c (learn_cb): Do not store as ephemeral. + +2009-07-29 Marcus Brinkmann + + * keylist.c (print_capabilities): Print a trailing colon. + +2009-07-23 Werner Koch + + * certchain.c (is_cert_still_valid): Emit AUDIT_CRL_CHECK. + +2009-07-07 Werner Koch + + * server.c (command_has_option): New. + (cmd_getinfo): Add subcommand "cmd_has_option". + (cmd_import): Implement option --re-import. + * import.c (gpgsm_import): Add arg reimport_mode. + (reimport_one): New. + + * gpgsm.h: Include session-env.h. + (opt): Add field SESSION_ENV. Remove obsolete fields. + * server.c (option_handler): Rewrite setting of option fields. + Replace strdup by xtrystrdup. + * gpgsm.c (set_opt_session_env): New. + (main): Use it for oDisplay, oTTYname, oTTYtype and oXauthority. + * call-agent.c (start_agent): Adjust start_new_gpg_agent for + changed args. + * misc.c (setup_pinentry_env): Use new session_env stuff. + +2009-07-02 Werner Koch + + * certreqgen-ui.c (gpgsm_gencertreq_tty): Allow using a key from a + card. + * call-agent.c (gpgsm_agent_scd_serialno) + (scd_serialno_status_cb, store_serialno): New. + (scd_keypairinfo_status_cb, gpgsm_agent_scd_keypairinfo): New. + +2009-07-01 Werner Koch + + * certreqgen-ui.c (check_keygrip): New. + (gpgsm_gencertreq_tty): Allow using an existing key. + + * gpgsm.c (open_es_fread): New. + (main) : Implement --batch mode. + +2009-06-24 Werner Koch + + * call-dirmngr.c (pattern_from_strlist): Remove dead assignment of N. + * sign.c (gpgsm_sign): Remove dead assignment. + * certreqgen.c (create_request): Assign GPG_ERR_BUG to RC. + Reported by Fabian Keil. + +2009-05-27 Werner Koch + + * encrypt.c (encrypt_dek): Make use of make_canon_sexp. + +2009-05-18 Werner Koch + + * server.c (option_handler): New option "no-encrypt-to". + (cmd_encrypt): Make use of it. + + * gpgsm.c: Remove not implemented --verify-files. + +2009-04-02 Werner Koch + + * keylist.c (list_cert_std): Print card serial number. + +2009-04-01 Werner Koch + + * export.c (popen_protect_tool): Add command line option + --agent-program and pass flag bit 6. + * import.c (popen_protect_tool): Ditto. + +2009-03-26 Werner Koch + + * gpgsm.c (main): s/def_digest_string/forced_digest_algo/ and + activate the --digest-algo option. + * gpgsm.h (struct opt): s/def_digest_algo/forced_digest_algo/. + * sign.c (gpgsm_sign): Implement --digest-algo. + + * sign.c (MAX_DIGEST_LEN): Change to 64. + + * call-agent.c (gpgsm_agent_marktrusted): Format the issuer name. + +2009-03-25 Werner Koch + + * decrypt.c (gpgsm_decrypt): Print ENC_TO and NO_SECKEY stati. + Fixes bug#1020. + * fingerprint.c (gpgsm_get_short_fingerprint): Add arg R_HIGH and + change all callers. + +2009-03-23 Werner Koch + + * delete.c (delete_one): Also delete ephemeral certificates if + specified uniquely. + +2009-03-20 Werner Koch + + * keylist.c (list_internal_keys): Set released cert to NULL. + + * call-agent.c (learn_status_cb): New. + (gpgsm_agent_learn): Use it. + (learn_cb): Send a progress for every certificate. + +2009-03-18 Werner Koch + + * gpgsm.h (struct opt): Move field WITH_EPHEMERAL_KEYS to struct + server_control_s. + * gpgsm.c (main): Change accordingly. + * keylist.c (list_internal_keys): Ditto. + * server.c (option_handler): Add "with-ephemeral-keys". + +2009-03-12 Werner Koch + + * certdump.c (gpgsm_dump_time): Remove. + * certdump.c, verify.c, certchain.c + * gpgsm.c: s/gpgsm_dump_time/dump_isotime/. + +2009-03-06 Werner Koch + + * call-agent.c (gpgsm_agent_keyinfo, keyinfo_status_cb): New. + * keylist.c (list_cert_colon): Print card S/N. + + * keylist.c (list_internal_keys): Always list ephemeral keys if + specified by keygrip or fingerprint. + (list_cert_raw): Always show ephemeral flag. + * export.c (gpgsm_export): Export ephemeral keys if specified by + keygrip. + +2009-02-09 Werner Koch + + * gpgsm.c (main): Change default cipher back to 3DES. + +2009-01-12 Werner Koch + + * keylist.c (print_utf8_extn_raw): Cast printf precision argument. + +2009-01-08 Werner Koch + + * fingerprint.c (gpgsm_get_keygrip_hexstring): Add error detection. + +2008-12-10 Werner Koch + + * gpgsm.c (our_cipher_test_algo): Use the GCRY constants as we now + require 1.4. + (our_md_test_algo): Ditto. Add SHA224. + (main) : Update default cipher algo. + +2008-12-09 Werner Koch + + * gpgsm.c (main): Call i18n_init before init_common_subsystems. + +2008-12-05 Werner Koch + + * certreqgen.c (create_request): Provide a custom prompt for the + signing. + + * certdump.c (gpgsm_format_keydesc): Remove debug output. + (gpgsm_format_keydesc): Remove saving of errno as xfree is + supposed not to change it. Use the new percent_plus_escape + function which also fixes the issue that we did not escaped a + percent in the past. + +2008-11-18 Werner Koch + + * gpgsm.c (make_libversion): New. + (my_strusage): Use new function. + (build_lib_list): Remove. + +2008-11-13 Werner Koch + + * gpgsm.c: Remove all unused options. Use ARGPARSE macros. + +2008-10-28 Werner Koch + + * certdump.c (gpgsm_format_keydesc): Use xtryasprintf and xfree. + (gpgsm_es_print_name): Factor code out to ... + (gpgsm_es_print_name2): New function. + (gpgsm_format_name2, format_name_writer): Use estream so that it + works on all platforms. + (format_name_writer): Fix reallocation bug. + +2008-10-23 Werner Koch + + * import.c (popen_protect_tool): Add arg CTRL and assure that the + agent is running. Pass a value for CTRL from all caller. + * export.c (popen_protect_tool): Ditto. + +2008-10-21 Werner Koch + + * call-dirmngr.c (inq_certificate_parm_s): Add field CTRL. + (gpgsm_dirmngr_isvalid): Supply a value for that field. + (inq_certificate): Add inquiry ISTRUSTED. + + * call-agent.c (gpgsm_agent_istrusted): Add new optional arg + HEXFPR. Changed all callers. + +2008-10-20 Werner Koch + + * keydb.c (keydb_locate_writable): Mark unused arg. + (keydb_search_kid): Ditto. + (keydb_clear_some_cert_flags): Ditto. + * server.c (cmd_encrypt): Ditto. + (cmd_decrypt, cmd_verify, cmd_import, cmd_genkey): Ditto. + * call-agent.c (gpgsm_scd_pksign): Ditto. + * call-dirmngr.c (release_dirmngr, release_dirmngr2) + (run_command_cb): Ditto. + * certlist.c (gpgsm_add_cert_to_certlist): Ditto. + * certchain.c (find_up_dirmngr): Ditto. + * keylist.c (print_key_data): Ditto. + (list_cert_raw, list_cert_std): Ditto. + * qualified.c (gpgsm_is_in_qualified_list): Ditto. + + * gpgsm.c (set_binary) [!W32]: Mark unused arg. + +2008-10-17 Werner Koch + + * call-dirmngr.c (start_dirmngr, start_dirmngr2): Reset the lock + flag on error. + (release_dirmngr, release_dirmngr2): Replace asserts by error messages. + (gpgsm_dirmngr_lookup): Replace assert by fatal error message. + +2008-10-13 Werner Koch + + * gpgsm.c: Add alias --delete-keys. + +2008-09-30 Werner Koch + + * server.c (cmd_getinfo): New subcommand agent-check. + * call-agent.c (gpgsm_agent_send_nop): New. + +2008-09-29 Werner Koch + + * certcheck.c (MY_GCRY_PK_ECDSA): Remove. Change users to + GCRY_PK_ECDSA. + * gpgsm.c (MY_GCRY_PK_ECDSA): Ditto. + * sign.c (MY_GCRY_MD_SHA224): Remove change users to GCRY_MD_SHA224. + +2008-09-04 Werner Koch + + * certdump.c (gpgsm_format_keydesc): Work around a mingw32 bug. + +2008-09-03 Werner Koch + + * sign.c (MY_GCRY_MD_SHA224): New, so that we don't need libgcrypt + 1.2. + +2008-08-13 Werner Koch + + * keylist.c (list_cert_colon): Print 'f' for validated certs. + +2008-08-08 Marcus Brinkmann + + * gpgsm.h (struct server_control_s): Remove member dirmngr_seen. + * call-dirmngr.c (dirmngr2_ctx, dirmngr_ctx_locked) + (dirmngr2_ctx_locked): New global variables. + (prepare_dirmngr): Don't check dirmngr_seen anymore. + (start_dirmngr): Move bunch of code to ... + (start_dirmngr_ext): ... this new function. + (release_dirmngr, start_dirmngr2, release_dirmngr2): New + functions. + (gpgsm_dirmngr_isvalid): Call release_dirmngr. + (gpgsm_dirmngr_lookup): Call release_dirmngr. If dirmngr_ctx is + locked, use dirmngr2_locked. + (gpgsm_dirmngr_run_command): Call release_dirmngr. + +2008-06-25 Werner Koch + + * sign.c (gpgsm_sign): Revamp the hash algorithm selection. + * gpgsm.h (struct certlist_s): Add field HASH_ALGO and HASH_ALGO_OID. + + * qualified.c (gpgsm_qualified_consent): Fix double free. + + * gpgsm.c (main): Change default cipher algo to AES. + + * keylist.c (print_utf8_extn_raw, print_utf8_extn): New. + (list_cert_raw, list_cert_std): Print the TeleSec restriction + extension. + +2008-06-23 Werner Koch + + * encrypt.c (encode_session_key): Replace xmalloc by xtrymalloc. + Use bin2hex instead of open coding the conversion. + (encrypt_dek): Init S_DATA. + +2008-06-13 Marcus Brinkmann + + * call-dirmngr.c (prepare_dirmngr): Fix error code to ignore. + +2008-06-12 Marcus Brinkmann + + * gpgsm.h (struct keyserver_spec): New struct. + (opt): Add member keyserver. + * gpgsm.c (keyserver_list_free, parse_keyserver_line): New functions. + (main): Implement --keyserver option. + * call-dirmngr.c (prepare_dirmngr): Send LDAPSERVER commands. + +2008-05-20 Werner Koch + + * gpgsm.c (main) : Pass FP and not stdout to + the export function. Reported by Marc Mutz. + +2008-05-06 Werner Koch + + * keylist.c (list_external_keys): Ignore NOT FOUND error code. + This is bug#907. + +2008-04-23 Werner Koch + + * certchain.c (find_up): Make correct C89 code. Declare variable + at the top of the block. Reported by Alain Guibert. + +2008-04-09 Werner Koch + + * verify.c (gpgsm_verify): Print the message hash values on error. + +2008-03-31 Werner Koch + + * call-dirmngr.c (start_dirmngr): Use log_info instead of + log_error when falling back to start dirmngr. + +2008-03-20 Werner Koch + + * certlist.c (gpgsm_add_to_certlist): Always save the first + subject and issuer. Initialize issuer with issuer and not with + subject. + (same_subject_issuer): Set issuer2 to issuer and not to subject. + +2008-03-17 Werner Koch + + * certdump.c (my_funopen_hook_size_t): New. + (format_name_writer): Use it. + +2008-03-13 Werner Koch + + * certdump.c (gpgsm_fpr_and_name_for_status): Fix signed/unsigned + char issue. + (gpgsm_format_keydesc): Remove superfluous test. Add expire date + to the prompt. + +2008-02-18 Werner Koch + + * certchain.c (gpgsm_is_root_cert): Factor code out to ... + (is_root_cert): New. Extend test for self-issued certificates + signed by other CAs. + (do_validate_chain, gpgsm_basic_cert_check) + (gpgsm_walk_cert_chain): Use it here. + + * gpgsm.c: Add option --no-common-certs-import. + + * certchain.c (find_up_dirmngr, find_up, do_validate_chain) + (check_cert_policy): Be more silent with --quiet. + + * gpgsm.c: Add option --disable-dirmngr. + * gpgsm.h (opt): Add field DISABLE_DIRMNGR. + * call-dirmngr.c (start_dirmngr): Implement option. + +2008-02-14 Werner Koch + + * server.c (option_handler): Add option allow-pinentry-notify. + (gpgsm_proxy_pinentry_notify): New. + * call-agent.c (default_inq_cb): New. + (gpgsm_agent_pksign, gpgsm_scd_pksign, gpgsm_agent_readkey) + (gpgsm_agent_istrusted, gpgsm_agent_marktrusted) + (gpgsm_agent_passwd, gpgsm_agent_get_confirmation): Call it. + (struct cipher_parm_s, struct genkey_parm_s): Add field CTRL. + (inq_ciphertext_cb): Test keyword and fallback to default_inq_cb. + (inq_genkey_parms): Ditto. + (start_agent): Tell agent to send us the pinentry notifications. + +2008-02-13 Werner Koch + + * call-dirmngr.c (gpgsm_dirmngr_lookup): Add arg CACHE_ONLY. + * keylist.c (list_external_keys): Pass false for new arg. + * certchain.c (find_up_dirmngr): New. + (find_up): Also try to read from the dirmngr cache. + (find_up, find_up_external, gpgsm_walk_cert_chain) + (gpgsm_basic_cert_check, allowed_ca): Add arg CTRL and changed all + callers. + * call-agent.c (struct learn_parm_s): Add field CTRL. + (gpgsm_agent_learn): Set it. + +2008-02-11 Werner Koch + + * server.c (cmd_getinfo): New. + (gpgsm_server): Register GETINFO. + +2008-01-29 Marcus Brinkmann + + * keylist.c (list_internal_keys): New variable lastcert. Use it + to suppress duplicates which immediately follow each other. + +2008-01-27 Werner Koch + + * import.c (popen_protect_tool): Set bit 7 in the flags for + gnupg_spawn_process so that under W32 no window appears. + * export.c (popen_protect_tool): Ditto. + +2007-12-13 Werner Koch + + * gpgsm.c (main): Add option --extra-digest-algo. + * gpgsm.h (struct): Add EXTRA_DIGEST_ALGO. + * verify.c (gpgsm_verify): Use it. Use the hash algorithm from + the signature value. + +2007-12-11 Werner Koch + + * certchain.c (do_validate_chain): Log AUDIT_ROOT_TRUSTED. + + * server.c (cmd_sign, cmd_decrypt, cmd_encrypt): Start audit log. + (cmd_recipient): Start audit session. + + * gpgsm.c (main): Revamp creation of the audit log. + + * gpgsm.h (struct server_control_s): Add AGENT_SEEN and DIRMNGR_SEEN. + * call-agent.c (start_agent): Record an audit event. + * call-dirmngr.c (start_dirmngr): Ditto. Add new arg CTRL and pass + it from all callers. + (prepare_dirmngr): New helper for start_dirmngr. + + * encrypt.c (gpgsm_encrypt): Add calls to audit_log. + +2007-12-03 Werner Koch + + * gpgsm.c (main): Call gnupg_reopen_std. + +h2007-11-22 Werner Koch + + * server.c (cmd_getauditlog): New. + (register_commands): Register GETAUDITLOG. + +2007-11-19 Werner Koch + + * server.c (cmd_recipient, cmd_signer): Add error reason 11. + + * gpgsm.c (main): Print a warning if --audit-log is used. + +2007-11-15 Werner Koch + + * gpgsm.h (struct): Add XAUTHORITY and PINENTRY_USER_DATA. + * misc.c (setup_pinentry_env): Add XAUTHORITY and PINENTRY_USER_DATA. + * gpgsm.c (main): New option --xauthority. + * call-agent.c (start_agent): Adjust for changed start_new_gpg_agent. + * server.c (option_handler): Ad the new options. + +2007-11-07 Werner Koch + + * gpgsm.c (main): New option --audit-log. + * server.c (option_handler): New option enable-audit-log. + (start_audit_session): New. + (cmd_verify): Create audit context. + (gpgsm_server): Release the context. + + * gpgsm.h (struct server_control_s): Add member AUDIT, include + audit.h. + * certdump.c (gpgsm_format_sn_issuer): New. + * verify.c (hash_data): Return an error code. + (gpgsm_verify): Add calls to audit_log. + + * gpgsm.c (get_status_string): Remove. + * gpgsm.h: Include status.h instead of errors.h. + +2007-10-19 Werner Koch + + * qualified.c (gpgsm_qualified_consent): Use i18N-swicth functions. + (gpgsm_not_qualified_warning): Ditto. + * certdump.c (gpgsm_format_keydesc): Ditto. + +2007-09-14 Werner Koch + + * gpgsm.c (build_lib_list): New. + (my_strusage): Print lib info. + +2007-08-24 Werner Koch + + * Makefile.am (common_libs): Swap libkeybox and jnlib. + +2007-08-23 Werner Koch + + * certlist.c (gpgsm_certs_identical_p): New. + (gpgsm_add_to_certlist): Ignore duplicate certificates in + ambigious name detection. + (gpgsm_find_cert): Ditto. + * export.c (gpgsm_p12_export): Ditto. + +2007-08-22 Werner Koch + + * certreqgen.c (create_request): Replace open coding by bin2hex. + + * certreqgen-ui.c (gpgsm_gencertreq_tty): Use es_fopenmem. + +2007-08-21 Werner Koch + + * import.c (parse_p12): Use gnupg_tmpfile. + * export.c (export_p12): Ditto. + +2007-08-20 Werner Koch + + * certreqgen.c (read_parameters): Change FP to an estream_t. + (gpgsm_genkey): Replace in_fd and in_stream by a estream_t. + * server.c (cmd_genkey): Adjust for that. + * certreqgen-ui.c (gpgsm_gencertreq_tty): Use es_open_memstream + instead of a temporary file. + +2007-08-14 Werner Koch + + * call-dirmngr.c (start_dirmngr): Use dirmngr_socket_name. change + the way infostr is xstrdupped. + + * gpgsm.c (main) [W32]: Make --prefer-system-dirmngr a dummy under + Windows. + +2007-08-13 Werner Koch + + * gpgsm.c (do_add_recipient): Add RECP_REQUIRED and make error + message depend on that. + (main): Add avriable RECP_REQUIRED, set ift for encryption + commands and pass it to do_add_recipient. + (our_pk_test_algo, our_cipher_test_algo, our_md_test_algo): Implement. + +2007-08-09 Werner Koch + + * gpgsm.c (main) [W32]: Enable CRL check by default. + (main): Update the default control structure after reading the + options. + (gpgsm_parse_validation_model, parse_validation_model): New. + (main): New option --validation-model. + * certchain.c (gpgsm_validate_chain): Implement this option. + * server.c (option_handler): Ditto. + + * certchain.c (is_cert_still_valid): Reformatted. Add arg + FORCE_OCSP. Changed callers to set this flag when using the chain + model. + +2007-08-08 Werner Koch + + * certdump.c (gpgsm_print_serial): Fixed brown paper bag style bugs + which prefixed the output with a 3A and cut it off at a 00. + + * keylist.c (list_cert_raw): Print the certificate ID first and + rename "Serial number" to "S/N". + (list_cert_std): Ditto. + +2007-08-07 Werner Koch + + * gpgsm.c (main): Allow a string for --faked-system-time. + +2007-08-06 Werner Koch + + Implementation of the chain model. + + * gpgsm.h (struct rootca_flags_s): Define new members VALID and + CHAIN_MODEL. + * call-agent.c (gpgsm_agent_istrusted): Mark ROOTCA_FLAGS valid. + (istrusted_status_cb): Set CHAIN_MODEL. + * certchain.c (gpgsm_validate_chain): Replace LM alias by LISTMODE + and FP by LISTFP. + (gpgsm_validate_chain): Factor some code out to ... + (check_validity_period, ask_marktrusted): .. new. + (check_validity_cm_basic, check_validity_cm_main): New. + (do_validate_chain): New with all code from gpgsm_validate_chain. + New arg ROOTCA_FLAGS. + (gpgsm_validate_chain): Provide ROOTCA_FLAGS and fallback to chain + model. Add RETFLAGS arg and changed all callers to pass NULL. Add + CHECKTIME arg and changed all callers to pass a nil value. + (has_validity_model_chain): New. + * verify.c (gpgsm_verify): Check for chain model and return as + part of the trust status. + + * gpgsm.h (VALIDATE_FLAG_NO_DIRMNGR): New. + (VALIDATE_FLAG_NO_DIRMNGR): New. + * call-dirmngr.c (gpgsm_dirmngr_isvalid): Use constant here. + +2007-08-03 Werner Koch + + * keylist.c (list_cert_colon): Avoid duplicate listing of kludge + uids. + + * verify.c (gpgsm_verify): Make STATUS_VERIFY return the hash and + pk algo. + * certcheck.c (gpgsm_check_cms_signature): Add arg R_PKALGO. + +2007-08-02 Werner Koch + + * gpgsm.c (main): Factored GC_OPT_FLAGS out to gc-opt-flags.h. + +2007-07-17 Werner Koch + + * gpgsm.c (main): Implement --default-key. + (main) : Declare --default-key and --encrypt-to. + +2007-07-16 Werner Koch + + * server.c (cmd_message): Use gnupg_fd_t to avoid dependecy on + newer assuan versions. + +2007-07-12 Werner Koch + + * gpgsm.c (check_special_filename): Use translate_sys2libc_fd_int + when passing an int value. + * server.c (cmd_encrypt, cmd_decrypt, cmd_verify, cmd_import) + (cmd_export, cmd_message, cmd_genkey): Translate file descriptors. + +2007-07-05 Werner Koch + + * Makefile.am (common_libs): Changed order of libs. + +2007-07-04 Werner Koch + + * certchain.c (check_cert_policy): Remove extra checks for + GPG_ERR_NO_VALUE. They are not needed since libksba 1.0.1. + * keylist.c (print_capabilities, list_cert_raw, list_cert_std): Ditto. + * certlist.c (cert_usage_p, cert_usage_p): Ditto. + +2007-06-26 Werner Koch + + * gpgsm.c (main): Call gnupg_rl_initialize. + * Makefile.am (gpgsm_LDADD): Add LIBREADLINE and libgpgrl.a. + +2007-06-25 Werner Koch + + * gpgsm.c (check_special_filename): Use translate_sys2libc_fd and + add new arg FOR_WRITE. Change callers to pass new arg. + +2007-06-24 Werner Koch + + * gpgsm.c (open_es_fwrite): Avoid the dup by using the new + es_fdopen_nc(). + +2007-06-21 Werner Koch + + * certreqgen-ui.c: New. + * gpgsm.c (main): Let --gen-key call it. + * certreqgen.c (gpgsm_genkey): Add optional IN_STREAM arg and + adjusted caller. + + * gpgsm.h (ctrl_t): Remove. It is now declared in ../common/util.h. + + * call-agent.c (start_agent): Factored almost all code out to + ../common/asshelp.c. + +2007-06-20 Werner Koch + + * call-agent.c (start_agent) [W32]: Start the agent on the fly. + +2007-06-18 Marcus Brinkmann + + * gpgsm.c (main): Percent escape output of --gpgconf-list. + +2007-06-14 Werner Koch + + * call-agent.c (start_agent): Use gnupg_module_name. + * call-dirmngr.c (start_dirmngr): Ditto. + * export.c (export_p12): Ditto. + * import.c (parse_p12): Ditto. + * gpgsm.c (run_protect_tool): Ditto. + +2007-06-12 Werner Koch + + * gpgsm.c (main): Replace some calls by init_common_subsystems. + (main): Use gnupg_datadir. + * qualified.c (read_list): Use gnupg-datadir. + +2007-06-11 Werner Koch + + * Makefile.am (common_libs): Use libcommaonstd macr. + + * gpgsm.c (main) [W32]: Call pth_init. + +2007-06-06 Werner Koch + + * qualified.c (gpgsm_not_qualified_warning) [!ENABLE_NLS]: Do not + define orig_codeset. + * certdump.c (gpgsm_format_keydesc) [!ENABLE_NLS]: Do not define + orig_codeset. + (format_name_writer): Define only if funopen et al is available. + + * gpgsm.c (i18n_init): Remove. + +2007-05-29 Werner Koch + + * export.c (gpgsm_p12_export): Print passphrase encoding info only + in PEM mode. + +2007-05-18 Marcus Brinkmann + + * qualified.c (gpgsm_qualified_consent, + gpgsm_not_qualified_warning): Free ORIG_CODESET on error. + * certdump.c (gpgsm_format_keydesc): Likewise. + +2007-05-07 Werner Koch + + * certcheck.c (MY_GCRY_PK_ECDSA): New. + +2007-04-20 Werner Koch + + * gpgsm.c (main): Parameterize failed versions check messages. + +2007-04-19 Werner Koch + + * certcheck.c (do_encode_md): Add arg PKEY. Add support for DSA2 + and all ECDSA sizes. + (get_dsa_qbits): New. + (pk_algo_from_sexp): A key will never contain ecdsa as algorithm, + so remove that. + +2007-04-18 Werner Koch + + * certcheck.c (do_encode_md): Support 160 bit ECDSA. + +2007-04-13 Werner Koch + + * call-agent.c (start_agent): Don't use log_error when using the + fallback hack to start the agent. This is bug 782. + +2007-03-20 Werner Koch + + * fingerprint.c (gpgsm_get_fingerprint): Add caching. + (gpgsm_get_fingerprint_string): Use bin2hexcolon(). + (gpgsm_get_fingerprint_hexstring): Use bin2hex and allocate only + as much memory as required. + (gpgsm_get_keygrip_hexstring): Use bin2hex. + + * certchain.c (gpgsm_validate_chain): Keep track of the + certificate chain and reset the ephemeral flags. + * keydb.c (keydb_set_cert_flags): New args EPHEMERAL and MASK. + Changed caller to use a mask of ~0. Return a proper error code if + the certificate is not available. + + * gpgsm.c: Add option --p12-charset. + * gpgsm.h (struct opt): Add p12_charset. + * export.c (popen_protect_tool): Use new option. + +2007-03-19 Werner Koch + + Changes to let export and key listing use estream to help systems + without funopen. + + * keylist.c: Use estream in place of stdio functions. + * gpgsm.c (open_es_fwrite): New. + (main): Use it for the list commands. + * server.c (data_line_cookie_functions): New. + (data_line_cookie_write, data_line_cookie_close): New. + (do_listkeys): Use estream. + + * certdump.c (gpgsm_print_serial): Changed to use estream. + (gpgsm_print_time): Ditto. + (pretty_es_print_sexp): New. + (gpgsm_es_print_name): New. + (print_dn_part): New arg STREAM. Changed all callers. + (print_dn_parts): Ditto. + * certchain.c (gpgsm_validate_chain): Changed FP to type + estream_t. + (do_list, unknown_criticals, allowed_ca, check_cert_policy) + (is_cert_still_valid): Ditto. + + * export.c (gpgsm_export): New arg STREAM. + (do_putc, do_fputs): New. + (print_short_info): Allow printing to optional STREAM. + * server.c (cmd_export): Use stream. + * base64.c (do_putc, do_fputs): New. + (base64_writer_cb, base64_finish_write): Let them cope with an + alternate output function. + (plain_writer_cb): New. + (gpgsm_create_writer): New arg STREAM and call plain_writer_cb for + binary output to an estream. Changed call callers. + +2007-01-31 Werner Koch + + * gpgsm.c (main): Let --gen-key print a more informative error + message. + +2007-01-25 Werner Koch + + * Makefile.am (gpgsm_LDADD): Add LIBICONV. Noted by Billy Halsey. + +2007-01-05 Werner Koch + + * certchain.c (unknown_criticals): Add subjectAltName. + +2006-12-21 Werner Koch + + * gpgsm.c: Comment mtrace feature. + +2006-12-21 Marcus Brinkmann + + * certchain.c (gpgsm_basic_cert_check): Release SUBJECT. + + * encrypt.c (encrypt_dek): Release S_CIPH. + +2006-12-20 Marcus Brinkmann + + * server.c (gpgsm_server): Release CTRL->server_local. + + * base64.c: Add new members READER and WRITER in union U2. + (gpgsm_create_reader): Initialise CTX->u2.reader. + (gpgsm_destroy_reader): Invoke ksba_reader_release. Return early + if CTX is NULL. + (gpgsm_create_writer): Initialise CTX->u2.writer. + (gpgsm_destroy_writer): Invoke ksba_writer_release. Return early + if CTX is NULL. + +2006-12-18 Marcus Brinkmann + + * fingerprint.c (gpgsm_get_fingerprint): Close MD. + +2006-11-24 Werner Koch + + * certdump.c (parse_dn_part): Take '#' as a special character only + at the beginning of a string. + +2006-11-21 Werner Koch + + * certdump.c (my_funopen_hook_ret_t): New. + (format_name_writer): Use it for the return value. + +2006-11-14 Werner Koch + + * server.c (skip_options): Skip leading spaces. + (has_option): Honor "--". + (cmd_export): Add option --data to do an inline export. Skip all + options. + + * certdump.c (gpgsm_fpr_and_name_for_status): New. + * verify.c (gpgsm_verify): Use it to print correct status messages. + +2006-11-11 Werner Koch + + * server.c (skip_options): New. + +2006-10-24 Marcus Brinkmann + + * Makefile.am (AM_CFLAGS): Add $(LIBASSUAN_CFLAGS). + +2006-10-23 Werner Koch + + * gpgsm.c (main): Remap common cipher algo names to their OIDs. + (main): New command --gpgconf-test. + +2006-10-20 Werner Koch + + * keydb.c (classify_user_id): Parse keygrip for the '&' identifier. + +2006-10-18 Werner Koch + + * keylist.c (list_cert_raw): Also test for GPG_ERR_NO_VALUE when + testing for GPG_ERR_NO_DATA. + * certlist.c (cert_usage_p, gpgsm_find_cert): Ditto. + * certchain.c (check_cert_policy): Ditto. + + * keylist.c (list_cert_std, list_cert_raw): Print "none" for no + chain length available. + +2006-10-17 Werner Koch + + * gpgsm.c: No need for pth.h. + (main): or to init it. It used to be hack for W32. + + * sign.c (gpgsm_get_default_cert): Changed to return only + certificates usable for signing. + +2006-10-16 Werner Koch + + * certchain.c (already_asked_marktrusted) + (set_already_asked_marktrusted): New. + (gpgsm_validate_chain) : Keep track of certificates + we already asked for. + +2006-10-11 Werner Koch + + * certreqgen.c (proc_parameters, create_request): Allow for + creation directly from a card. + * call-agent.c (gpgsm_agent_readkey): New arg FROMCARD. + (gpgsm_scd_pksign): New. + +2006-10-06 Werner Koch + + * Makefile.am (AM_CFLAGS): Use PTH version of libassuan. + (gpgsm_LDADD): Ditto. + +2006-10-05 Werner Koch + + * certcheck.c (do_encode_md): Check that the has algo is valid. + +2006-10-02 Marcus Brinkmann + + * server.c (register_commands): New commands DUMPKEYS and + DUMPSECRETKEYS. + (cmd_dumpkeys, cmd_dumpsecretkeys): New functions. + (option_handler): Support with-key-data option. + +2006-09-26 Werner Koch + + * certchain.c (gpgsm_validate_chain): More changes for the relax + feature. Use certificate reference counting instead of the old + explicit tests. Added a missing free. + +2006-09-25 Werner Koch + + * gpgsm.h (struct rootca_flags_s): New. + * call-agent.c (istrusted_status_cb): New. + (gpgsm_agent_istrusted): New arg ROOTCA_FLAGS. + * keylist.c (list_cert_colon): Use dummy for new arg. + * certchain.c (gpgsm_validate_chain): Make use of the relax flag + for root certificates. + (unknown_criticals): Ignore a GPG_ERR_NO_VALUE. + +2006-09-20 Werner Koch + + * gpgsm.c: Add alias command --dump-cert. + + * Makefile.am: Changes to allow parallel make runs. + +2006-09-18 Werner Koch + + * gpgsm.c (main): Use this to import standard certificates. + * keydb.c (keydb_add_resource): New arg AUTO_CREATED. + +2006-09-14 Werner Koch + + Replaced all call gpg_error_from_errno(errno) by + gpg_error_from_syserror(). + +2006-09-13 Werner Koch + + * keylist.c (list_internal_keys): Print marker line to FP and not + to stdout. + + * gpgsm.c (main): All list key list commands now make ose of + --output. Cleaned up calls to list modes. New command + --dump-chain. Renamed --list-sigs to --list-chain and added an + alias for the old one. + + * server.c (cmd_message): Changed to use assuan_command_parse_fd. + (option_handler): New option list-to-output. + (do_listkeys): Use it. + +2006-09-06 Werner Koch + + * gpgsm.h (OUT_OF_CORE): Removed and changed all callers to + out_of_core. + (CTRL): Removed and changed everywhere to ctrl_t. + (CERTLIST): Ditto. + + Replaced all Assuan error codes by libgpg-error codes. Removed + all map_to_assuan_status and map_assuan_err. + + * gpgsm.c (main): Call assuan_set_assuan_err_source to have Assuan + switch to gpg-error codes. + * server.c (set_error): Adjusted. + +2006-08-29 Werner Koch + + * call-agent.c (gpgsm_agent_pkdecrypt): Allow decryption using + complete S-expressions as implemented by the current gpg-agent. + + * gpgsm.c (main): Implement --output for encrypt, decrypt, sign + and export. + +2006-07-03 Werner Koch + + * certreqgen.c (proc_parameters): Print the component label of a + faulty DN. + +2006-06-26 Werner Koch + + * certdump.c (gpgsm_cert_log_name): New. + * certchain.c (is_cert_still_valid): Log the name of the certificate. + +2006-06-20 Werner Koch + + * gpgsm.c (gpgsm_init_default_ctrl): Take care of the command line + option --include-certs. + + * keylist.c (list_cert_raw): Print the certid. + +2006-05-23 Werner Koch + + * keydb.c (hextobyte): Deleted as it is now defined in jnlib. + + * Makefile.am (gpgsm_LDADD): Include ZLIBS. + +2006-05-19 Marcus Brinkmann + + * keydb.c (keydb_insert_cert): Do not lock here, but only check if + it is locked. + (keydb_store_cert): Lock here. + + * keydb.h (keydb_delete): Accept new argument UNLOCK. + * keydb.c (keydb_delete): Likewise. Only unlock if this is set. + * delete.c (delete_one): Add new argument to invocation of + keydb_delete. + +2006-05-15 Werner Koch + + * keylist.c (print_names_raw): Sanitize URI. + +2006-03-21 Werner Koch + + * certchain.c (get_regtp_ca_info): New. + (allowed_ca): Use it. + +2006-03-20 Werner Koch + + * qualified.c (gpgsm_is_in_qualified_list): New optional arg COUNTRY. + +2006-02-17 Werner Koch + + * call-dirmngr.c (start_dirmngr): Print name of dirmngr to be started. + +2005-11-23 Werner Koch + + * gpgsm.h: New member QUALSIG_APPROVAL. + * sign.c (gpgsm_sign): Print a warning if a certificate is not + qualified. + * qualified.c (gpgsm_qualified_consent): Include a note that this + is not approved software. + (gpgsm_not_qualified_warning): New. + * gpgsm.c (main): Prepared to print a note whether the software + has been approved. + +2005-11-13 Werner Koch + + * call-agent.c (gpgsm_agent_get_confirmation): New. + + * keylist.c (list_cert_std): Print qualified status. + * qualified.c: New. + * certchain.c (gpgsm_validate_chain): Check for qualified + certificates. + + * certchain.c (gpgsm_basic_cert_check): Release keydb handle when + no-chain-validation is used. + +2005-11-11 Werner Koch + + * keylist.c (print_capabilities): Print is_qualified status. + +2005-10-28 Werner Koch + + * certdump.c (pretty_print_sexp): New. + (gpgsm_print_name2): Use it here. This allows proper printing of + DNS names as used with server certificates. + +2005-10-10 Werner Koch + + * keylist.c: Add pkaAdress OID as reference. + +2005-10-08 Marcus Brinkmann + + * Makefile.am (gpgsm_LDADD): Add ../gl/libgnu.a after + ../common/libcommon.a. + +2005-09-13 Werner Koch + + * verify.c (gpgsm_verify): Print a note if the unknown algorithm + is MD2. + * sign.c (gpgsm_sign): Ditto. + * certcheck.c (gpgsm_check_cert_sig): Ditto. + +2005-09-08 Werner Koch + + * export.c (popen_protect_tool): Add option --have-cert. We + probably lost this option with 1.9.14 due to restructuring of + export.c. + +2005-07-21 Werner Koch + + * gpgsm.c (main): New options --no-log-file and --debug-none. + + * certreqgen.c (get_parameter, get_parameter_value): Add SEQ arg + to allow enumeration. Changed all callers. + (create_request): Process DNS and URI parameters. + +2005-07-20 Werner Koch + + * keylist.c (email_kludge): Reworked. + + * certdump.c (gpgsm_print_serial, gpgsm_dump_serial): Cast printf + arg to unsigned. + * call-dirmngr.c (gpgsm_dirmngr_run_command): Ditto + +2005-07-19 Werner Koch + + * fingerprint.c (gpgsm_get_certid): Cast printf arg to unsigned. + Bug accidently introduced while solving the #$%^& gcc + signed/unsigned char* warnings. + +2005-06-15 Werner Koch + + * delete.c (delete_one): Changed FPR to unsigned. + * encrypt.c (encrypt_dek): Made ENCVAL unsigned. + (gpgsm_encrypt): Ditto. + * sign.c (gpgsm_sign): Made SIGVAL unsigned. + * base64.c (base64_reader_cb): Need to use some casting to get + around signed/unsigned char* warnings. + * certcheck.c (gpgsm_check_cms_signature): Ditto. + (gpgsm_create_cms_signature): Changed arg R_SIGVAL to unsigned char*. + (do_encode_md): Made NFRAME a size_t. + * certdump.c (gpgsm_print_serial): Fixed signed/unsigned warning. + (gpgsm_dump_serial): Ditto. + (gpgsm_format_serial): Ditto. + (gpgsm_dump_string): Ditto. + (gpgsm_dump_cert): Ditto. + (parse_dn_part): Ditto. + (gpgsm_print_name2): Ditto. + * keylist.c (email_kludge): Ditto. + * certreqgen.c (proc_parameters, create_request): Ditto. + (create_request): Ditto. + * call-agent.c (gpgsm_agent_pksign): Made arg R_BUF unsigned. + (struct cipher_parm_s): Made CIPHERTEXT unsigned. + (struct genkey_parm_s): Ditto. + * server.c (strcpy_escaped_plus): Made arg S signed char*. + * fingerprint.c (gpgsm_get_fingerprint): Made ARRAY unsigned. + (gpgsm_get_keygrip): Ditto. + * keydb.c (keydb_insert_cert): Made DIGEST unsigned. + (keydb_update_cert): Ditto. + (classify_user_id): Apply cast to signed/unsigned assignment. + (hextobyte): Ditto. + +2005-06-01 Werner Koch + + * misc.c: Include setenv.h. + +2005-04-21 Werner Koch + + * gpgsm.c: New options --{enable,disable}-trusted-cert-crl-check. + * certchain.c (gpgsm_validate_chain): Make use of it. + + * certchain.c (gpgsm_validate_chain): Check revocations even for + expired certificates. This is required because on signature + verification an expired key is fine whereas a revoked one is not. + +2005-04-20 Werner Koch + + * Makefile.am (AM_CFLAGS): Add PTH_CFLAGS as noted by several folks. + +2005-04-19 Werner Koch + + * certchain.c (check_cert_policy): Print the diagnostic for a open + failure of policies.txt only in verbose mode or when it is not + ENOENT. + +2005-04-17 Werner Koch + + * call-dirmngr.c (inq_certificate): Add new inquire SENDCERT_SKI. + * certlist.c (gpgsm_find_cert): Add new arg KEYID and implement + this filter. Changed all callers. + + * certchain.c (find_up_search_by_keyid): New helper. + (find_up): Also try using the AKI.keyIdentifier. + (find_up_external): Ditto. + +2005-04-15 Werner Koch + + * keylist.c (list_cert_raw): Print the subjectKeyIdentifier as + well as the keyIdentifier part of the authorityKeyIdentifier. + +2005-03-31 Werner Koch + + * call-dirmngr.c (start_dirmngr): Use PATHSEP_C instead of ':'. + * call-agent.c (start_agent): Ditto. + +2005-03-17 Werner Koch + + * certcheck.c: Fixed use of DBG_CRYPTO and DBG_X509. + + * certchain.c (gpgsm_basic_cert_check): Dump certificates after a + failed gcry_pk_verify. + (find_up): Do an external lookup also for an authorityKeyIdentifier + lookup. Factored external lookup code out to .. + (find_up_external): .. new. + +2005-03-03 Werner Koch + + * Makefile.am (gpgsm_LDADD): Added PTH_LIBS. Noted by Kazu Yamamoto. + +2005-01-13 Werner Koch + + * certreqgen.c (proc_parameters): Cast printf arg. + +2004-12-22 Werner Koch + + * gpgsm.c (set_binary): New. + (main, open_read, open_fwrite): Use it. + +2004-12-21 Werner Koch + + * gpgsm.c (main): Use default_homedir(). + (main) [W32]: Default to disabled CRL checks. + +2004-12-20 Werner Koch + + * call-agent.c (start_agent): Before starting a pipe server start + to connect to a server on the standard socket. Use PATHSEP + * call-dirmngr.c (start_dirmngr): Use PATHSEP. + + * import.c: Include unistd.h for dup and close. + +2004-12-18 Werner Koch + + * gpgsm.h (map_assuan_err): Define in terms of + map_assuan_err_with_source. + * call-agent.c (start_agent): Pass error source to + send_pinentry_environment. + +2004-12-17 Werner Koch + + * call-dirmngr.c (isvalid_status_cb, lookup_status_cb) + (run_command_status_cb): Return cancel status if gpgsm_status + returned an error. + + * server.c (gpgsm_status, gpgsm_status2) + (gpgsm_status_with_err_code): Return an error code. + (gpgsm_status2): Always call va_end(). + +2004-12-15 Werner Koch + + * call-dirmngr.c (lookup_status_cb): Send progress messages + upstream. + (isvalid_status_cb): Ditto. + (gpgsm_dirmngr_isvalid): Put CTRL into status CB parameters. + (gpgsm_dirmngr_run_command, run_command_status_cb): Pass CTRL to + status callback and handle PROGRESS. + + * misc.c (setup_pinentry_env) [W32]: Don't use it. + + * gpgsm.c (main) [W32]: Init Pth because we need it for the socket + operations and to resolve libassuan symbols. + (run_protect_tool) [W32]: Disable it. + + * Makefile.am (gpgsm_LDADD): Move LIBASSUAN_LIBS more to the end. + +2004-12-07 Werner Koch + + * Makefile.am (gpgsm_LDADD): Put libassuan before jnlib because + under W32 we need the w32 pth code from jnlib. + + * misc.c (setup_pinentry_env) [W32]: Disabled. + +2004-12-06 Werner Koch + + * gpgsm.c (run_protect_tool) [_WIN32]: Disabled. + + * import.c (popen_protect_tool): Simplified by making use of + gnupg_spawn_process. + (parse_p12): Likewise, using gnupg_wait_process. + * export.c (popen_protect_tool): Ditto. + (export_p12): Ditto. + + * keydb.c: Don't define DIRSEP_S here. + +2004-12-02 Werner Koch + + * certchain.c (gpgsm_basic_cert_check): Dump certs with bad + signature for debugging. + (gpgsm_validate_chain): Ditto. + +2004-11-29 Werner Koch + + * gpgsm.c (set_debug): Changed to use a globals DEBUG_LEVEL and + DEBUG_VALUE. + (main): Made DEBUG_LEVEL global and introduced DEBUG_VALUE. This + now allows to add debug flags on top of a debug-level setting. + +2004-11-23 Werner Koch + + * gpgsm.c: New option --prefer-system-dirmngr. + * call-dirmngr.c (start_dirmngr): Implement this option. + +2004-10-22 Werner Koch + + * certreqgen.c (gpgsm_genkey): Remove the NEW from the certificate + request PEM header. This is according to the Sphinx standard. + +2004-10-08 Moritz Schulte + + * certchain.c (gpgsm_validate_chain): Do not use keydb_new() in + case the no_chain_validation-return-short-cut is used (fixes + memory leak). + +2004-10-04 Werner Koch + + * misc.c (setup_pinentry_env): Try hard to set a default for GPG_TTY. + +2004-09-30 Werner Koch + + * gpgsm.c (i18n_init): Always use LC_ALL. + + * certdump.c (gpgsm_format_name): Factored code out to .. + (gpgsm_format_name2): .. new. + (gpgsm_print_name): Factored code out to .. + (gpgsm_print_name2): .. new. + (print_dn_part): New arg TRANSLATE. Changed all callers. + (print_dn_parts): Ditto. + (gpgsm_format_keydesc): Do not translate the SUBJECT; we require + it to stay UTF-8 but we still want to filter out bad control + characters. + + * Makefile.am: Adjusted for gettext 0.14. + + * keylist.c (list_cert_colon): Make sure that the expired flag has + a higher precedence than the invalid flag. + +2004-09-29 Werner Koch + + * import.c (parse_p12): Write an error status line for bad + passphrases. Add new arg CTRL and changed caller. + * export.c (export_p12): Likewise. + +2004-09-14 Werner Koch + + * certchain.c (gpgsm_validate_chain): Give expired certificates a + higher error precedence and don't bother to check any CRL in that + case. + +2004-08-24 Werner Koch + + * certlist.c: Fixed typo in ocsp OID. + +2004-08-18 Werner Koch + + * certlist.c (gpgsm_cert_use_ocsp_p): New. + (cert_usage_p): Support it here. + * call-dirmngr.c (gpgsm_dirmngr_isvalid): Use it here. + +2004-08-17 Marcus Brinkmann + + * import.c: Fix typo in last change. + +2004-08-17 Werner Koch + + * import.c (check_and_store): Do a full validation if + --with-validation is set. + + * certchain.c (gpgsm_basic_cert_check): Print more detailed error + messages. + + * certcheck.c (do_encode_md): Partly support DSA. Add new arg + PKALGO. Changed all callers to pass it. + (pk_algo_from_sexp): New. + +2004-08-16 Werner Koch + + * gpgsm.c: New option --fixed-passphrase. + * import.c (popen_protect_tool): Pass it to the protect-tool. + + * server.c (cmd_encrypt): Use DEFAULT_RECPLIST and not recplist + for encrypt-to keys. + +2004-08-06 Werner Koch + + * gpgsm.c: New option --with-ephemeral-keys. + * keylist.c (list_internal_keys): Set it here. + (list_cert_raw): And indicate those keys. Changed all our callers + to pass the new arg HD through. + +2004-07-23 Werner Koch + + * certreqgen.c (proc_parameters): Do not allow key length below + 1024. + +2004-07-22 Werner Koch + + * keylist.c (list_cert_raw): Print the keygrip. + +2004-07-20 Werner Koch + + * certchain.c (gpgsm_validate_chain): The trust check didn't + worked anymore, probably due to the changes at 2003-03-04. Fixed. + +2004-06-06 Werner Koch + + * certreqgen.c (get_parameter_uint, create_request): Create + an extension for key usage when requested. + +2004-05-12 Werner Koch + + * gpgsm.c (main): Install emergency_cleanup also as an atexit + handler. + + * verify.c (gpgsm_verify): Removed the separate error code + handling for KSBA. We use shared error codes anyway. + + * export.c (export_p12): Removed debugging code. + + * encrypt.c (gpgsm_encrypt): Put the session key in to secure memory. + +2004-05-11 Werner Koch + + * sign.c (gpgsm_sign): Include the error source in the final error + message. + * decrypt.c (gpgsm_decrypt): Ditto. + + * fingerprint.c (gpgsm_get_key_algo_info): New. + * sign.c (gpgsm_sign): Don't assume RSA in the status line. + * keylist.c (list_cert_colon): Really print the algorithm and key + length. + (list_cert_raw, list_cert_std): Ditto. + (list_cert_colon): Reorganized to be able to tell whether a root + certificate is trusted. + + * gpgsm.c: New option --debug-allow-core-dump. + + * gpgsm.h (opt): Add member CONFIG_FILENAME. + * gpgsm.c (main): Use it here instead of the local var. + + * server.c (gpgsm_server): Print some additional information with + the hello in verbose mode. + +2004-04-30 Werner Koch + + * import.c (check_and_store): Do not update the stats for hidden + imports of issuer certs. + (popen_protect_tool): Request statusmessages from the protect-tool. + (parse_p12): Detect status messages. Add new arg STATS and update them. + (print_imported_summary): Include secret key stats. + +2004-04-28 Werner Koch + + * gpgsm.c: New command --keydb-clear-some-cert-flags. + * keydb.c (keydb_clear_some_cert_flags): New. + (keydb_update_keyblock, keydb_set_flags): Change error code + CONFLICT to NOT_LOCKED. + +2004-04-26 Werner Koch + + * gpgsm.c (main) : Do not use /dev/null as default config + filename. + + * call-agent.c (gpgsm_agent_pksign, gpgsm_agent_pkdecrypt) + (gpgsm_agent_genkey, gpgsm_agent_istrusted) + (gpgsm_agent_marktrusted, gpgsm_agent_havekey) + (gpgsm_agent_passwd): Add new arg CTRL and changed all callers. + (start_agent): New arg CTRL. Send progress item when starting a + new agent. + * sign.c (gpgsm_get_default_cert, get_default_signer): New arg + CTRL to be passed down to the agent function. + * decrypt.c (prepare_decryption): Ditto. + * certreqgen.c (proc_parameters, read_parameters): Ditto. + * certcheck.c (gpgsm_create_cms_signature): Ditto. + +2004-04-23 Werner Koch + + * keydb.c (keydb_add_resource): Try to compress the file on init. + + * keylist.c (oidtranstbl): New. OIDs collected from several sources. + (print_name_raw, print_names_raw, list_cert_raw): New. + (gpgsm_list_keys): Check the dump mode and pass it down as + necessary. + +2004-04-22 Werner Koch + + * gpgsm.c (main): New commands --dump-keys, --dump-external-keys, + --dump-secret-keys. + +2004-04-13 Werner Koch + + * misc.c (setup_pinentry_env): New. + * import.c (popen_protect_tool): Call it. + * export.c (popen_protect_tool): Call it. + +2004-04-08 Werner Koch + + * decrypt.c (gpgsm_decrypt): Return GPG_ERR_NO_DATA if it is not a + encrypted message. + +2004-04-07 Werner Koch + + * gpgsm.c: New option --force-crl-refresh. + * call-dirmngr.c (gpgsm_dirmngr_isvalid): Pass option to dirmngr. + +2004-04-05 Werner Koch + + * server.c (get_status_string): Add STATUS_NEWSIG. + * verify.c (gpgsm_verify): Print STATUS_NEWSIG for each signature. + + * certchain.c (gpgsm_validate_chain) : Do + not just warn if a cert is not suitable; bail out immediately. + +2004-04-01 Werner Koch + + * call-dirmngr.c (isvalid_status_cb): New. + (unhexify_fpr): New. Taken from ../g10/call-agent.c + (gpgsm_dirmngr_isvalid): Add new arg CTRL, changed caller to pass + it thru. Detect need to check the respondert cert and do that. + * certchain.c (gpgsm_validate_chain): Add new arg FLAGS. Changed + all callers. + +2004-03-24 Werner Koch + + * sign.c (gpgsm_sign): Include a short list of capabilities. + +2004-03-17 Werner Koch + + * gpgsm.c (main) : Fixed default value quoting. + +2004-03-16 Werner Koch + + * gpgsm.c (main): Implemented --gpgconf-list. + +2004-03-15 Werner Koch + + * keylist.c (list_cert_colon): Hack to set the expired flag. + +2004-03-09 Werner Koch + + * gpgsm.c (main): Correctly intitialze USE_OCSP flag. + + * keydb.c (keydb_delete): s/GPG_ERR_CONFLICT/GPG_ERR_NOT_LOCKED/ + +2004-03-04 Werner Koch + + * call-dirmngr.c (gpgsm_dirmngr_isvalid): New arg ISSUER_CERT. + + * certchain.c (is_cert_still_valid): New. Code moved from ... + (gpgsm_validate_chain): ... here because we now need to check at + two places and at a later stage, so that we can pass the issuer + cert down to the dirmngr. + +2004-03-03 Werner Koch + + * call-agent.c (start_agent): Replaced pinentry setup code by a + call to a new common function. + + * certdump.c (gpgsm_format_keydesc): Make sure the string is + returned as utf-8. + + * export.c (gpgsm_export): Make sure that we don't export more + than one certificate. + +2004-03-02 Werner Koch + + * export.c (create_duptable, destroy_duptable) + (insert_duptable): New. + (gpgsm_export): Avoid duplicates. + +2004-02-26 Werner Koch + + * certchain.c (compare_certs): New. + (gpgsm_validate_chain): Fixed infinite certificate checks after + bad signatures. + +2004-02-24 Werner Koch + + * keylist.c (list_cert_colon): Print the fingerprint as the + cert-id for root certificates. + +2004-02-21 Werner Koch + + * keylist.c (list_internal_keys): Return error codes. + (list_external_keys, gpgsm_list_keys): Ditto. + * server.c (do_listkeys): Ditto. + + * gpgsm.c (main): Display a key description for --passwd. + * call-agent.c (gpgsm_agent_passwd): New arg DESC. + +2004-02-20 Werner Koch + + * gpgsm.c (main): New option --debug-ignore-expiration. + * certchain.c (gpgsm_validate_chain): Use it here. + + * certlist.c (cert_usage_p): Apply extKeyUsage. + +2004-02-19 Werner Koch + + * export.c (export_p12, popen_protect_tool) + (gpgsm_p12_export): New. + * gpgsm.c (main): New command --export-secret-key-p12. + +2004-02-18 Werner Koch + + * gpgsm.c (set_debug): Set the new --debug-level flags. + (main): New option --gpgconf-list. + (main): Do not setup -u and -r keys when not required. + (main): Setup the used character set. + + * keydb.c (keydb_add_resource): Print a hint to start the + gpg-agent. + +2004-02-17 Werner Koch + + * gpgsm.c: Fixed value parsing for --with-validation. + * call-agent.c (start_agent): Ignore an empty GPG_AGENT_INFO. + * call-dirmngr.c (start_dirmngr): Likewise for DIRMNGR_INFO. + + * gpgsm.c: New option --with-md5-fingerprint. + * keylist.c (list_cert_std): Print MD5 fpr. + + * gpgsm.c: New options --with-validation. + * server.c (option_handler): New option "with-validation". + * keylist.c (list_cert_std, list_internal_keys): New args CTRL and + WITH_VALIDATION. Changed callers to set it. + (list_external_cb, list_external_keys): Pass CTRL to the callback. + (list_cert_colon): Add arg CTRL. Check validation if requested. + * certchain.c (unknown_criticals, allowed_ca, check_cert_policy) + (gpgsm_validate_chain): New args LISTMODE and FP. + (do_list): New helper for info output. + (find_up): New arg FIND_NEXT. + (gpgsm_validate_chain): After a bad signature try again with other + CA certificates. + + * import.c (print_imported_status): New arg NEW_CERT. Print + additional STATUS_IMPORT_OK becuase that is what gpgme expects. + (check_and_store): Always call above function after import. + * server.c (get_status_string): Added STATUS_IMPORT_OK. + +2004-02-13 Werner Koch + + * certcheck.c (gpgsm_create_cms_signature): Format a description + for use by the pinentry. + * decrypt.c (gpgsm_decrypt): Ditto. Free HEXKEYGRIP. + * certdump.c (format_name_cookie, format_name_writer) + (gpgsm_format_name): New. + (gpgsm_format_serial): New. + (gpgsm_format_keydesc): New. + * call-agent.c (gpgsm_agent_pksign): New arg DESC. + (gpgsm_agent_pkdecrypt): Ditto. + + * encrypt.c (init_dek): Check for too weak algorithms. + + * import.c (parse_p12, popen_protect_tool): New. + + * base64.c (gpgsm_create_reader): New arg ALLOW_MULTI_PEM. + Changed all callers. + (base64_reader_cb): Handle it here. + (gpgsm_reader_eof_seen): New. + (base64_reader_cb): Set a flag for EOF. + (simple_reader_cb): Ditto. + +2004-02-12 Werner Koch + + * gpgsm.h, gpgsm.c: New option --protect-tool-program. + * gpgsm.c (run_protect_tool): Use it. + +2004-02-11 Werner Koch + + * Makefile.am (AM_CPPFLAGS): Pass directory constants via -D; this + will allow to override directory names at make time. + +2004-02-02 Werner Koch + + * import.c (check_and_store): Import certificates even with + missing issuer's cert. Fixed an "depending on the verbose + setting" bug. + + * certchain.c (gpgsm_validate_chain): Mark revoked certs in the + keybox. + + * keylist.c (list_cert_colon): New arg VALIDITY; use it to print a + revoked flag. + (list_internal_keys): Retrieve validity flag. + (list_external_cb): Pass 0 as validity flag. + * keydb.c (keydb_get_flags, keydb_set_flags): New. + (keydb_set_cert_flags): New. + (lock_all): Return a proper error code. + (keydb_lock): New. + (keydb_delete): Don't lock but check that it has been locked. + (keydb_update_keyblock): Ditto. + * delete.c (delete_one): Take a lock. + +2004-01-30 Werner Koch + + * certchain.c (check_cert_policy): Fixed read error checking. + (check_cert_policy): With no critical policies issue only a + warning if the policy file does not exists. + + * sign.c (add_certificate_list): Decrement N for the first cert. + +2004-01-29 Werner Koch + + * certdump.c (parse_dn_part): Map common OIDs to human readable + labels. Make sure that a value won't get truncated if it includes + a Nul. + +2004-01-28 Werner Koch + + * certchain.c (gpgsm_validate_chain): Changed the message printed + for an untrusted root certificate. + +2004-01-27 Werner Koch + + * certdump.c (parse_dn_part): Pretty print the nameDistinguisher OID. + (print_dn_part): Do not delimit multiple RDN by " + ". Handle + multi-valued RDNs in a special way, i.e. in the order specified by + the certificate. + (print_dn_parts): Simplified. + +2004-01-16 Werner Koch + + * sign.c (gpgsm_sign): Print an error message on all failures. + * decrypt.c (gpgsm_decrypt): Ditto. + +2003-12-17 Werner Koch + + * server.c (gpgsm_server): Add arg DEFAULT_RECPLIST. + (cmd_encrypt): Add all enrypt-to marked certs to the list. + * encrypt.c (gpgsm_encrypt): Check that real recipients are + available. + * gpgsm.c (main): Make the --encrypt-to and --no-encrypt-to + options work. Pass the list of recients to gpgsm_server. + * gpgsm.h (certlist_s): Add field IS_ENCRYPT_TO. + (opt): Add NO_ENCRYPT_TO. + * certlist.c (gpgsm_add_to_certlist): New arg IS_ENCRYPT_TO. + Changed all callers and ignore duplicate entries. + (is_cert_in_certlist): New. + (gpgsm_add_cert_to_certlist): New. + + * certdump.c (gpgsm_print_serial): Cleaned up cast use in strtoul. + (gpgsm_dump_serial): Ditto. + + * decrypt.c (gpgsm_decrypt): Replaced ERR by RC. + +2003-12-16 Werner Koch + + * gpgsm.c (main): Set the prefixes for assuan logging. + + * sign.c (gpgsm_sign): Add validation checks for the default + certificate. + + * gpgsm.c: Add -k as alias for --list-keys and -K for + --list-secret-keys. + +2003-12-15 Werner Koch + + * encrypt.c (init_dek): Use gry_create_nonce for the IV; there is + not need for real strong random here and it even better protect + the random bits used for the key. + +2003-12-01 Werner Koch + + * gpgsm.c, gpgsm.h: New options --{enable,disable}-ocsp. + (gpgsm_init_default_ctrl): Set USE_OCSP to the default value. + * certchain.c (gpgsm_validate_chain): Handle USE_OCSP. + * call-dirmngr.c (gpgsm_dirmngr_isvalid): Add arg USE_OCSP and + proceed accordingly. + +2003-11-19 Werner Koch + + * verify.c (gpgsm_verify): Use "0" instead of an empty string for + the VALIDSIG status. + +2003-11-18 Werner Koch + + * verify.c (gpgsm_verify): Fixed for changes API of gcry_md_info. + + * certchain.c (unknown_criticals): Fixed an error code test. + +2003-11-12 Werner Koch + + Adjusted for API changes in Libksba. + +2003-10-31 Werner Koch + + * certchain.c (gpgsm_validate_chain): Changed to use ksba_isotime_t. + * verify.c (strtimestamp_r, gpgsm_verify): Ditto. + * sign.c (gpgsm_sign): Ditto. + * keylist.c (print_time, list_cert_std, list_cert_colon): Ditto. + * certdump.c (gpgsm_print_time, gpgsm_dump_time, gpgsm_dump_cert): + Ditto. + +2003-10-25 Werner Koch + + * certreqgen.c (read_parameters): Fixed faulty of !spacep(). + +2003-08-20 Marcus Brinkmann + + * encrypt.c (encode_session_key): Allocate enough space. Cast key + byte to unsigned char to prevent sign extension. + (encrypt_dek): Check return value before error. + +2003-08-14 Timo Schulz + + * encrypt.c (encode_session_key): Use new Libgcrypt interface. + +2003-07-31 Werner Koch + + * Makefile.am (gpgsm_LDADD): Added INTLLIBS. + +2003-07-29 Werner Koch + + * gpgsm.c (main): Add secmem features and set the random seed file. + (gpgsm_exit): Update the random seed file and enable debug output. + +2003-07-27 Werner Koch + + Adjusted for gcry_mpi_print and gcry_mpi_scan API change. + +2003-06-24 Werner Koch + + * server.c (gpgsm_status_with_err_code): New. + * verify.c (gpgsm_verify): Use it here instead of the old + tokenizing version. + + * verify.c (strtimestamp): Renamed to strtimestamp_r + + Adjusted for changes in the libgcrypt API. Some more fixes for the + libgpg-error stuff. + +2003-06-04 Werner Koch + + * call-agent.c (init_membuf,put_membuf,get_membuf): Removed. + Include new membuf header and changed used type. + + Renamed error codes from INVALID to INV and removed _ERROR suffixes. + +2003-06-03 Werner Koch + + Changed all error codes in all files to the new libgpg-error scheme. + + * gpgsm.h: Include gpg-error.h . + * Makefile.am: Link with libgpg-error. + +2003-04-29 Werner Koch + + * Makefile.am: Use libassuan. Don't override LDFLAGS anymore. + * server.c (register_commands): Adjust for new Assuan semantics. + +2002-12-03 Werner Koch + + * call-agent.c (gpgsm_agent_passwd): New. + * gpgsm.c (main): New command --passwd and --call-protect-tool + (run_protect_tool): New. + +2002-11-25 Werner Koch + + * verify.c (gpgsm_verify): Handle content-type attribute. + +2002-11-13 Werner Koch + + * call-agent.c (start_agent): Try to use $GPG_TTY instead of + ttyname. Changed ttyname to test stdin becuase it can be assumed + that output redirection is more common that input redirection. + +2002-11-12 Werner Koch + + * gpgsm.c: New command --call-dirmngr. + * call-dirmngr.c (gpgsm_dirmngr_run_command) + (run_command_inq_cb,run_command_cb) + (run_command_status_cb): New. + +2002-11-11 Werner Koch + + * certcheck.c (gpgsm_check_cms_signature): Don't double free + s_sig but free s_pkey at leave. + +2002-11-10 Werner Koch + + * gpgsm.c: Removed duplicate --list-secret-key entry. + +2002-09-19 Werner Koch + + * certcheck.c (gpgsm_check_cert_sig): Add cert hash debugging. + + * certchain.c (find_up): Print info when the cert was not found + by the autorithyKeyIdentifier. + +2002-09-03 Werner Koch + + * gpgsm.c (main): Disable the internal libgcrypt locking. + +2002-08-21 Werner Koch + + * import.c (print_imported_summary): Cleaned up. Print new + not_imported value. + (check_and_store): Update non_imported counter. + (print_import_problem): New. + (check_and_store): Print error status message. + * server.c (get_status_string): Added STATUS_IMPORT_PROBLEM. + +2002-08-20 Werner Koch + + * gpgsm.c (main): Use the log file only in server mode. + + * import.c (print_imported_summary): New. + (check_and_store): Update the counters, take new argument. + (import_one): Factored out core of gpgsm_import. + (gpgsm_import): Print counters. + (gpgsm_import_files): New. + * gpgsm.c (main): Use the new function for import. + +2002-08-19 Werner Koch + + * decrypt.c (gpgsm_decrypt): Return a better error status token. + * verify.c (gpgsm_verify): Don't error on messages with no signing + time or no message digest. This is only the case for messages + without any signed attributes. + +2002-08-16 Werner Koch + + * certpath.c: Renamed to .. + * certchain.c: this. Renamed all all other usages of "path" in the + context of certificates to "chain". + + * call-agent.c (learn_cb): Special treatment when the issuer + certificate is missing. + +2002-08-10 Werner Koch + + * Makefile.am (INCLUDES): Add definition for localedir. + + * keylist.c (list_cert_colon): Print the short fingerprint in the + key ID field. + * fingerprint.c (gpgsm_get_short_fingerprint): New. + * verify.c (gpgsm_verify): Print more verbose info for a good + signature. + +2002-08-09 Werner Koch + + * decrypt.c (prepare_decryption): Hack to detected already + unpkcsedone keys. + + * gpgsm.c (emergency_cleanup): New. + (main): Initialize the signal handler. + + * sign.c (gpgsm_sign): Reset the hash context for subsequent + signers and release it at the end. + +2002-08-05 Werner Koch + + * server.c (cmd_signer): New command "SIGNER" + (register_commands): Register it. + (cmd_sign): Pass the signer list to gpgsm_sign. + * certlist.c (gpgsm_add_to_certlist): Add SECRET argument, check + for secret key if set and changed all callers. + * sign.c (gpgsm_sign): New argument SIGNERLIST and implemt + multiple signers. + * gpgsm.c (main): Support more than one -u. + + * server.c (cmd_recipient): Return reason code 1 for No_Public_Key + which is actually what gets returned from add_to_certlist. + +2002-07-26 Werner Koch + + * certcheck.c (gpgsm_check_cert_sig): Implement proper cleanup. + (gpgsm_check_cms_signature): Ditto. + +2002-07-22 Werner Koch + + * keydb.c (keydb_add_resource): Register a lock file. + (lock_all, unlock_all): Implemented. + + * delete.c: New. + * gpgsm.c: Made --delete-key work. + * server.c (cmd_delkeys): New. + (register_commands): New command DELKEYS. + + * decrypt.c (gpgsm_decrypt): Print a convenience note when RC2 is + used and a STATUS_ERROR with the algorithm oid. + +2002-07-03 Werner Koch + + * server.c (gpgsm_status2): Insert a blank between all optional + arguments when using assuan. + * server.c (cmd_recipient): No more need for extra blank in constants. + * import.c (print_imported_status): Ditto. + * gpgsm.c (main): Ditto. + +2002-07-02 Werner Koch + + * verify.c (gpgsm_verify): Extend the STATUS_BADSIG line with + the fingerprint. + + * certpath.c (check_cert_policy): Don't use log_error to print a + warning. + + * keydb.c (keydb_store_cert): Add optional ar EXISTED and changed + all callers. + * call-agent.c (learn_cb): Print info message only for real imports. + + * import.c (gpgsm_import): Moved duplicated code to ... + (check_and_store): new function. Added magic to import the entire + chain. Print status only for real imports and moved printing code + to .. + (print_imported_status): New. + + * call-dirmngr.c (gpgsm_dirmngr_isvalid): print status of dirmngr + call in very verbose mode. + + * gpgsm.c (main): Use the same error codes for STATUS_INV_RECP as + with the server mode. + +2002-06-29 Werner Koch + + * gpgsm.c: New option --auto-issuer-key-retrieve. + * certpath.c (find_up): Try to retrieve an issuer key from an + external source and from the ephemeral key DB. + (find_up_store_certs_cb): New. + + * keydb.c (keydb_set_ephemeral): Does now return the old + state. Call the backend only when required. + + * call-dirmngr.c (start_dirmngr): Use GNUPG_DEFAULT_DIRMNGR. + (lookup_status_cb): Issue status only when CTRL is not NULL. + (gpgsm_dirmngr_lookup): Document that CTRL is optional. + + * call-agent.c (start_agent): Use GNUPG_DEFAULT_AGENT. + +2002-06-28 Werner Koch + + * server.c (cmd_recipient): Add more reason codes. + +2002-06-27 Werner Koch + + * certpath.c (gpgsm_basic_cert_check): Use + --debug-no-path-validation to also bypass this basic check. + + * gpgsm.c (main): Use GNUPG_DEFAULT_HOMEDIR constant. + + * call-agent.c (start_agent): Create and pass the list of FD to + keep in the child to assuan. + * call-dirmngr.c (start_dirmngr): Ditto. + +2002-06-26 Werner Koch + + * import.c (gpgsm_import): Print an STATUS_IMPORTED. + + * gpgsm.c: --debug-no-path-validation does not take an argument. + +2002-06-25 Werner Koch + + * certdump.c (print_dn_part): Always print a leading slash, + removed NEED_DELIM arg and changed caller. + + * export.c (gpgsm_export): Print LFs to FP and not stdout. + (print_short_info): Ditto. Make use of gpgsm_print_name. + + * server.c (cmd_export): Use output-fd instead of data lines; this + was actually the specified way. + +2002-06-24 Werner Koch + + * gpgsm.c: Removed duped help entry for --list-keys. + + * gpgsm.c, gpgsm.h: New option --debug-no-path-validation. + + * certpath.c (gpgsm_validate_path): Use it here instead of the + debug flag hack. + + * certpath.c (check_cert_policy): Return No_Policy_Match if the + policy file could not be opened. + +2002-06-20 Werner Koch + + * certlist.c (gpgsm_add_to_certlist): Fixed locating of a + certificate with the required key usage. + + * gpgsm.c (main): Fixed a segv when using --outfile without an + argument. + + * keylist.c (print_capabilities): Also check for non-repudiation + and data encipherment. + * certlist.c (cert_usage_p): Test for signing and encryption was + swapped. Add a case for certification usage, handle + non-repudiation and data encipherment. + (gpgsm_cert_use_cert_p): New. + (gpgsm_add_to_certlist): Added a CTRL argument and changed all + callers to pass it. + * certpath.c (gpgsm_validate_path): Use it here to print a status + message. Added a CTRL argument and changed all callers to pass it. + * decrypt.c (gpgsm_decrypt): Print a status message for wrong key + usage. + * verify.c (gpgsm_verify): Ditto. + * keydb.c (classify_user_id): Allow a colon delimited fingerprint. + +2002-06-19 Werner Koch + + * call-agent.c (learn_cb): Use log_info instead of log_error on + successful import. + + * keydb.c (keydb_set_ephemeral): New. + (keydb_store_cert): New are ephemeral, changed all callers. + * keylist.c (list_external_cb): Store cert as ephemeral. + * export.c (gpgsm_export): Kludge to export epehmeral certificates. + + * gpgsm.c (main): New command --list-external-keys. + +2002-06-17 Werner Koch + + * certreqgen.c (read_parameters): Improved error handling. + (gpgsm_genkey): Print error message. + +2002-06-13 Werner Koch + + * gpgsm.c (main): New option --log-file. + +2002-06-12 Werner Koch + + * call-dirmngr.c (lookup_status_cb): New. + (gpgsm_dirmngr_lookup): Use the status CB. Add new arg CTRL and + changed caller to pass it. + + * gpgsm.c (open_fwrite): New. + (main): Allow --output for --verify. + + * sign.c (hash_and_copy_data): New. + (gpgsm_sign): Implemented normal (non-detached) signatures. + * gpgsm.c (main): Ditto. + + * certpath.c (gpgsm_validate_path): Special error handling for + no policy match. + +2002-06-10 Werner Koch + + * server.c (get_status_string): Add STATUS_ERROR. + + * certpath.c (gpgsm_validate_path): Tweaked the error checking to + return error codes in a more sensitive way. + * verify.c (gpgsm_verify): Send status TRUST_NEVER also for a bad + CA certificate and when the certificate has been revoked. Issue + TRUST_FULLY even when the cert has expired. Append an error token + to these status lines. Issue the new generic error status when a + cert was not found and when leaving the function. + +2002-06-04 Werner Koch + + * gpgsm.c (main): New command --list-sigs + * keylist.c (list_cert_std): New. Use it whenever colon mode is + not used. + (list_cert_chain): New. + +2002-05-31 Werner Koch + + * gpgsm.c (main): Don't print the "go ahead" message for an + invalid command. + +2002-05-23 Werner Koch + + * import.c (gpgsm_import): Add error messages. + +2002-05-21 Werner Koch + + * keylist.c (list_internal_keys): Renamed from gpgsm_list_keys. + (list_external_keys): New. + (gpgsm_list_keys): Dispatcher for above. + * call-dirmngr.c (lookup_cb,pattern_from_strlist) + (gpgsm_dirmngr_lookup): New. + * server.c (option_handler): Handle new option --list-mode. + (do_listkeys): Handle options and actually use the mode argument. + (get_status_string): New code TRUNCATED. + + * import.c (gpgsm_import): Try to identify the type of input and + handle certs-only messages. + +2002-05-14 Werner Koch + + * gpgsm.c: New option --faked-system-time + * sign.c (gpgsm_sign): And use it here. + * certpath.c (gpgsm_validate_path): Ditto. + +2002-05-03 Werner Koch + + * certpath.c (gpgsm_validate_path): Added EXPTIME arg and changed + all callers. + * verify.c (gpgsm_verify): Tweaked usage of log_debug and + log_error. Return EXPSIG status and add expiretime to VALIDSIG. + +2002-04-26 Werner Koch + + * gpgsm.h (DBG_AGENT,DBG_AGENT_VALUE): Replaced by DBG_ASSUAN_*. + Changed all users. + + * call-agent.c (start_agent): Be more silent without -v. + * call-dirmngr.c (start_dirmngr): Ditto. + +2002-04-25 Werner Koch + + * call-agent.c (start_agent): Make copies of old locales and check + for setlocale. + +2002-04-25 Marcus Brinkmann + + * call-agent.c (start_agent): Fix error handling logic so the + locale is always correctly reset. + +2002-04-25 Marcus Brinkmann + + * server.c (option_handler): Accept display, ttyname, ttytype, + lc_ctype and lc_messages options. + * gpgsm.c (main): Allocate memory for these options. + * gpgsm.h (struct opt): Make corresponding members non-const. + +2002-04-24 Marcus Brinkmann + + * gpgsm.h (struct opt): New members display, ttyname, ttytype, + lc_ctype, lc_messages. + * gpgsm.c (enum cmd_and_opt_values): New members oDisplay, + oTTYname, oTTYtype, oLCctype, oLCmessages. + (opts): New entries for these options. + (main): Handle these new options. + * call-agent.c (start_agent): Set the various display and tty + parameter after resetting. + +2002-04-18 Werner Koch + + * certreqgen.c (gpgsm_genkey): Write status output on success. + +2002-04-15 Werner Koch + + * gpgsm.c (main): Check ksba version. + + * certpath.c (find_up): New to use the authorithKeyIdentifier. + Use it in all other functions to locate the signing cert.. + +2002-04-11 Werner Koch + + * certlist.c (cert_usable_p): New. + (gpgsm_cert_use_sign_p,gpgsm_cert_use_encrypt_p): New. + (gpgsm_cert_use_verify_p,gpgsm_cert_use_decrypt_p): New. + (gpgsm_add_to_certlist): Check the key usage. + * sign.c (gpgsm_sign): Ditto. + * verify.c (gpgsm_verify): Print a message wehn an unsuitable + certificate was used. + * decrypt.c (gpgsm_decrypt): Ditto + * keylist.c (print_capabilities): Determine values from the cert. + +2002-03-28 Werner Koch + + * keylist.c (list_cert_colon): Fixed listing of crt record; the + issuer is not at the right place. Print a chainingID. + * certpath.c (gpgsm_walk_cert_chain): Be a bit more silent on + common errors. + +2002-03-21 Werner Koch + + * export.c: New. + * gpgsm.c: Add command --export. + * server.c (cmd_export): New. + +2002-03-13 Werner Koch + + * decrypt.c (gpgsm_decrypt): Allow multiple recipients. + +2002-03-12 Werner Koch + + * certpath.c (check_cert_policy): Print the policy list. + + * verify.c (gpgsm_verify): Detect certs-only message. + +2002-03-11 Werner Koch + + * import.c (gpgsm_import): Print a notice about imported certificates + when in verbose mode. + + * gpgsm.c (main): Print INV_RECP status. + * server.c (cmd_recipient): Ditto. + + * server.c (gpgsm_status2): New. Allows for a list of strings. + (gpgsm_status): Divert to gpgsm_status2. + + * encrypt.c (gpgsm_encrypt): Don't use a default key when no + recipients are given. Print a NO_RECP status. + +2002-03-06 Werner Koch + + * server.c (cmd_listkeys, cmd_listsecretkeys): Divert to + (do_listkeys): new. Add pattern parsing. + + * keylist.c (gpgsm_list_keys): Handle selection pattern. + + * gpgsm.c: New command --learn-card + * call-agent.c (learn_cb,gpgsm_agent_learn): New. + + * gpgsm.c (main): Print error messages for non-implemented commands. + + * base64.c (base64_reader_cb): Use case insensitive compare of the + Content-Type string to detect plain base-64. + +2002-03-05 Werner Koch + + * gpgsm.c, gpgsm.h: Add local_user. + * sign.c (gpgsm_get_default_cert): New. + (get_default_signer): Use the new function if local_user is not + set otherwise used that value. + * encrypt.c (get_default_recipient): Removed. + (gpgsm_encrypt): Use gpgsm_get_default_cert. + + * verify.c (gpgsm_verify): Better error text for a bad signature + found by comparing the hashs. + +2002-02-27 Werner Koch + + * call-dirmngr.c, call-agent.c: Add 2 more arguments to all uses + of assuan_transact. + +2002-02-25 Werner Koch + + * server.c (option_handler): Allow to use -2 for "send all certs + except the root cert". + * sign.c (add_certificate_list): Implement it here. + * certpath.c (gpgsm_is_root_cert): New. + +2002-02-19 Werner Koch + + * certpath.c (check_cert_policy): New. + (gpgsm_validate_path): And call it from here. + * gpgsm.c (main): New options --policy-file, + --disable-policy-checks and --enable-policy-checks. + * gpgsm.h (opt): Added policy_file, no_policy_checks. + +2002-02-18 Werner Koch + + * certpath.c (gpgsm_validate_path): Ask the agent to add the + certificate into the trusted list. + * call-agent.c (gpgsm_agent_marktrusted): New. + +2002-02-07 Werner Koch + + * certlist.c (gpgsm_add_to_certlist): Check that the specified + name identifies a certificate unambiguously. + (gpgsm_find_cert): Ditto. + + * server.c (cmd_listkeys): Check that the data stream is available. + (cmd_listsecretkeys): Ditto. + (has_option): New. + (cmd_sign): Fix ambiguousity in option recognition. + + * gpgsm.c (main): Enable --logger-fd. + + * encrypt.c (gpgsm_encrypt): Increased buffer size for better + performance. + + * call-agent.c (gpgsm_agent_pksign): Check the S-Exp received from + the agent. + + * keylist.c (list_cert_colon): Filter out control characters. + +2002-02-06 Werner Koch + + * decrypt.c (gpgsm_decrypt): Bail out after an decryption error. + + * server.c (reset_notify): Close input and output FDs. + (cmd_encrypt,cmd_decrypt,cmd_verify,cmd_sign.cmd_import) + (cmd_genkey): Close the FDs and release the recipient list even in + the error case. + +2002-02-01 Marcus Brinkmann + + * sign.c (gpgsm_sign): Do not release certificate twice. + +2002-01-29 Werner Koch + + * call-agent.c (gpgsm_agent_havekey): New. + * keylist.c (list_cert_colon): New arg HAVE_SECRET, print "crs" + when we know that the secret key is available. + (gpgsm_list_keys): New arg MODE, check whether a secret key is + available. Changed all callers. + * gpgsm.c (main): New command --list-secret-keys. + * server.c (cmd_listsecretkeys): New. + (cmd_listkeys): Return secret keys with "crs" record. + +2002-01-28 Werner Koch + + * certreqgen.c (create_request): Store the email address in the req. + +2002-01-25 Werner Koch + + * gpgsm.c (main): Disable core dumps. + + * sign.c (add_certificate_list): New. + (gpgsm_sign): Add the certificates to the CMS object. + * certpath.c (gpgsm_walk_cert_chain): New. + * gpgsm.h (server_control_s): Add included_certs. + * gpgsm.c: Add option --include-certs. + (gpgsm_init_default_ctrl): New. + (main): Call it. + * server.c (gpgsm_server): Ditto. + (option_handler): Support --include-certs. + +2002-01-23 Werner Koch + + * certpath.c (gpgsm_validate_path): Print the DN of a missing issuer. + * certdump.c (gpgsm_dump_string): New. + (print_dn): Replaced by above. + +2002-01-22 Werner Koch + + * certpath.c (unknown_criticals): New. + (allowed_ca): New. + (gpgsm_validate_path): Check validity, CA attribute, path length + and unknown critical extensions. + +2002-01-21 Werner Koch + + * gpgsm.c: Add option --enable-crl-checks. + + * call-agent.c (start_agent): Implemented socket based access. + * call-dirmngr.c (start_dirmngr): Ditto. + +2002-01-20 Werner Koch + + * server.c (option_handler): New. + (gpgsm_server): Register it with assuan. + +2002-01-19 Werner Koch + + * server.c (gpgsm_server): Use assuan_deinit_server and setup + assuan logging if enabled. + * call-agent.c (inq_ciphertext_cb): Don't show the session key in + an Assuan log file. + + * gpgsm.c (my_strusage): Take bugreport address from configure.ac + +2002-01-15 Werner Koch + + * import.c (gpgsm_import): Just do a basic cert check before + storing it. + * certpath.c (gpgsm_basic_cert_check): New. + + * keydb.c (keydb_store_cert): New. + * import.c (store_cert): Removed and change all caller to use + the new function. + * verify.c (store_cert): Ditto. + + * certlist.c (gpgsm_add_to_certlist): Validate the path + + * certpath.c (gpgsm_validate_path): Check the trust list. + * call-agent.c (gpgsm_agent_istrusted): New. + +2002-01-14 Werner Koch + + * call-dirmngr.c (inq_certificate): Changed for new interface semantic. + * certlist.c (gpgsm_find_cert): New. + +2002-01-13 Werner Koch + + * fingerprint.c (gpgsm_get_certid): Print the serial and not the + hash after the dot. + +2002-01-11 Werner Koch + + * call-dirmngr.c: New. + * certpath.c (gpgsm_validate_path): Check the CRL here. + * fingerprint.c (gpgsm_get_certid): New. + * gpgsm.c: New options --dirmngr-program and --disable-crl-checks. + +2002-01-10 Werner Koch + + * base64.c (gpgsm_create_writer): Allow to set the object name + +2002-01-08 Werner Koch + + * keydb.c (spacep): Removed because it is now in util.c + + * server.c (cmd_genkey): New. + * certreqgen.c: New. The parameter handling code has been taken + from gnupg/g10/keygen.c version 1.0.6. + * call-agent.c (gpgsm_agent_genkey): New. + +2002-01-02 Werner Koch + + * server.c (rc_to_assuan_status): Removed and changed all callers + to use map_to_assuan_status. + +2001-12-20 Werner Koch + + * verify.c (gpgsm_verify): Implemented non-detached signature + verification. Add OUT_FP arg, initialize a writer and changed all + callers. + * server.c (cmd_verify): Pass an out_fp if one has been set. + + * base64.c (base64_reader_cb): Try to detect an S/MIME body part. + + * certdump.c (print_sexp): Renamed to gpgsm_dump_serial, made + global. + (print_time): Renamed to gpgsm_dump_time, made global. + (gpgsm_dump_serial): Take a real S-Expression as argument and + print the first item. + * keylist.c (list_cert_colon): Ditto. + * keydb.c (keydb_search_issuer_sn): Ditto. + * decrypt.c (print_integer_sexp): Removed and made callers + use gpgsm_dump_serial. + * verify.c (print_time): Removed, made callers use gpgsm_dump_time. + +2001-12-19 Marcus Brinkmann + + * call-agent.c (start_agent): Add new argument to assuan_pipe_connect. + +2001-12-18 Werner Koch + + * verify.c (print_integer_sexp): Renamed from print_integer and + print the serial number according to the S-Exp rules. + * decrypt.c (print_integer_sexp): Ditto. + +2001-12-17 Werner Koch + + * keylist.c (list_cert_colon): Changed for new return value of + get_serial. + * keydb.c (keydb_search_issuer_sn): Ditto. + * certcheck.c (gpgsm_check_cert_sig): Likewise for other S-Exp + returingin functions. + * fingerprint.c (gpgsm_get_keygrip): Ditto. + * encrypt.c (encrypt_dek): Ditto + * certcheck.c (gpgsm_check_cms_signature): Ditto + * decrypt.c (prepare_decryption): Ditto. + * call-agent.c (gpgsm_agent_pkdecrypt): Removed arg ciphertextlen, + use KsbaSexp type and calculate the length. + + * certdump.c (print_sexp): Remaned from print_integer, changed caller. + + * Makefile.am: Use the LIBGCRYPT and LIBKSBA variables. + + * fingerprint.c (gpgsm_get_keygrip): Use the new + gcry_pk_get_keygrip to calculate the grip - note the algorithm and + therefore the grip values changed. + +2001-12-15 Werner Koch + + * certcheck.c (gpgsm_check_cms_signature): Removed the faked-key + kludge. + (gpgsm_create_cms_signature): Removed the commented fake key + code. This makes the function pretty simple. + + * gpgsm.c (main): Renamed the default key database to "keyring.kbx". + + * decrypt.c (gpgsm_decrypt): Write STATUS_DECRYPTION_*. + * sign.c (gpgsm_sign): Write a STATUS_SIG_CREATED. + +2001-12-14 Werner Koch + + * keylist.c (list_cert_colon): Kludge to show an email address + encoded in the subject's DN. + + * verify.c (gpgsm_verify): Add hash debug helpers + * sign.c (gpgsm_sign): Ditto. + + * base64.c (base64_reader_cb): Reset the linelen when we need to + skip the line and adjusted test; I somehow forgot about DeMorgan. + + * server.c (cmd_encrypt,cmd_decrypt,cmd_sign,cmd_verify) + (cmd_import): Close the FDs on success. + (close_message_fd): New. + (input_notify): Setting autodetect_encoding to 0 after initializing + it to 0 is pretty pointless. Easy to fix. + + * gpgsm.c (main): New option --debug-wait n, so that it is + possible to attach gdb when used in server mode. + + * sign.c (get_default_signer): Use keydb_classify_name here. + +2001-12-14 Marcus Brinkmann + + * call-agent.c (LINELENGTH): Removed. + (gpgsm_agent_pksign): Use ASSUAN_LINELENGTH, not LINELENGTH. + (gpgsm_agent_pkdecrypt): Likewise. + +2001-12-13 Werner Koch + + * keylist.c (list_cert_colon): Print alternative names of subject + and a few other values. + +2001-12-12 Werner Koch + + * gpgsm.c (main): New options --assume-{armor,base64,binary}. + * base64.c (base64_reader_cb): Fixed non-autodetection mode. + +2001-12-04 Werner Koch + + * call-agent.c (read_from_agent): Check for inquire responses. + (request_reply): Handle them using a new callback arg, changed all + callers. + (gpgsm_agent_pkdecrypt): New. + +2001-11-27 Werner Koch + + * base64.c: New. Changed all other functions to use this instead + of direct creation of ksba_reader/writer. + * gpgsm.c (main): Set ctrl.auto_encoding unless --no-armor is used. + +2001-11-26 Werner Koch + + * gpgsm.c: New option --agent-program + * call-agent.c (start_agent): Allow to override the default path + to the agent. + + * keydb.c (keydb_add_resource): Create keybox + + * keylist.c (gpgsm_list_keys): Fixed non-server keylisting. + + * server.c (rc_to_assuan_status): New. Use it for all commands. + + + Copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, + 2010, 2011 Free Software Foundation, Inc. + + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even the + implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +Local Variables: +buffer-read-only: t +End: diff --git a/sm/Makefile.am b/sm/Makefile.am index 89b553809..e8dfe0571 100644 --- a/sm/Makefile.am +++ b/sm/Makefile.am @@ -17,6 +17,7 @@ ## Process this file with automake to produce Makefile.in +EXTRA_DIST = ChangeLog-2011 bin_PROGRAMS = gpgsm diff --git a/tests/ChangeLog b/tests/ChangeLog deleted file mode 100644 index aa93f0780..000000000 --- a/tests/ChangeLog +++ /dev/null @@ -1,141 +0,0 @@ -2011-09-20 Jim Meyering - - avoid use of free'd pointer - * asschk.c (set_type_var): Set var->value to NULL after freeing it, - to avoid subsequent use of freed pointer. - -2009-10-13 Werner Koch - - * asschk.c (die): Replace this vararg macro by C-89 compliant - macros die_0, die_1, die_2 and die 3. Change all callers. - Reported by Nelson H. F. Beebe. - -2009-02-19 Werner Koch - - * Makefile.am (TESTS_ENVIRONMENT): Use /bin/pwd. - * inittests: Ditto. Fixes bug#1001. - -2008-10-20 Werner Koch - - * asschk.c (cmd_echo): Mark unused arg. - (cmd_send, cmd_expect_ok, cmd_expect_err, cmd_pipeserver) - (cmd_quit_if, cmd_fail_if): Ditto. - -2008-09-29 Werner Koch - - * Makefile.am (TESTS): Remove tests. - -2008-02-19 Werner Koch - - * Makefile.am: Always run pkits tests. - -2008-01-17 Werner Koch - - * asschk.c (read_assuan): Use __func__ instead of __FUNCTION__. - -2006-11-05 Werner Koch - - * asschk.c (read_assuan): Minor cleanups. - -2006-09-06 Marcus Brinkmann - - * Makefile.am (openpgp): New variable. - (SUBDIRS): Conditionalize openpgp on RUN_GPG_TESTS. - -2006-08-21 Werner Koch - - * Makefile.am (SUBDIRS): New. - * openpgp/: New. - -2006-06-08 Marcus Brinkmann - - * asschk.c (__func__) [__STDC_VERSION__ < 199901L && __GNUC__ >= 2]: - Define macro to __FUNCTION__. - (die): Use __func__ instead of __FUNCTION__. - -2005-10-07 Marcus Brinkmann - - * Makefile.am (TESTS_ENVIRONMENT): Remove LD_LIBRARY_PATH hack. - It's the responsibility of the person building the software to set - it properly. - -2004-09-30 Werner Koch - - * Makefile.am (SUBDIRS): Remove pkits until the copyright issues - have been cleared. - -2004-08-16 Werner Koch - - * Makefile.am: Descend into the new pkits directory - -2004-02-20 Werner Koch - - * Makefile.am: Reset GPG_AGENT_INFO here - * runtest: and not anymore here. - -2002-12-04 Werner Koch - - * inittests (gpgsm.conf): Fake system time. - -2002-10-31 Neal H. Walfield - - * Makefile.am (inittests.stamp): Do not set LD_LIBRARY_PATH here. - (TESTS_ENVIRONMENT): Do it here. And also frob $(LIBGCRYPT_LIBS) - and $(PTH_LIBS). - -2002-10-31 Neal H. Walfield - - * asschk.c (die): New macro. - (read_assuan): If in verbose mode, dump the string that was read. - (write_assuan): Be more verbose on failure. - -2002-09-04 Neal H. Walfield - - * Makefile.am (inittests.stamp): Do not set LD_LIBRARY_PATH, but - rather prepend it. Be more robust and prefer printf over echo -n. - -2002-09-04 Marcus Brinkmann - - * asschk.c (start_server): Close the parent's file descriptors in - the child. - (read_assuan): Variable NREAD removed. Cut off the received line - currectly if more than one line was read. - -2002-09-03 Neal H. Walfield - - * Makefile.am (inittests.stamp): Construct an LD_LIBRARY_PATH from - LDFLAGS. - -2002-08-09 Werner Koch - - * asschk.c (cmd_getenv): New. - (expand_line): Allow / as variable name delimiter. - * sm-sign+verify, sm-verify: Use $srcdir so that a VPATH build works. - - * Makefile.am: Fixes for make dist. - * samplekets/Makefile.am: New. - -2002-08-08 Werner Koch - - * asschk.c: Added some new features. - * runtest, inittests: New. - * text-1.txt, text-2.txt, text-3.txt: New. - * text-1.osig.pem, text-1.dsig.pem, text-1.osig-bad.pem: New. - * text-2.osig.pem, text-2.osig-bad.pem: New. - * samplekeys : New directory - * sm-verify, sm-sign+verify: The first test scripts. - -2002-08-06 Werner Koch - - * Makefile.am, asschk.c: New. - - - Copyright 2002 Free Software Foundation, Inc. - - This file is free software; as a special exception the author gives - unlimited permission to copy and/or distribute it, with or without - modifications, as long as this notice is preserved. - - This file is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY, to the extent permitted by law; without even the - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/tests/ChangeLog-2011 b/tests/ChangeLog-2011 new file mode 100644 index 000000000..972dbf597 --- /dev/null +++ b/tests/ChangeLog-2011 @@ -0,0 +1,152 @@ +2011-12-01 Werner Koch + + NB: ChangeLog files are no longer manually maintained. Starting + on December 1st, 2011 we put change information only in the GIT + commit log, and generate a top-level ChangeLog file from logs at + "make dist". See doc/HACKING for details. + +2011-09-20 Jim Meyering + + avoid use of free'd pointer + * asschk.c (set_type_var): Set var->value to NULL after freeing it, + to avoid subsequent use of freed pointer. + +2009-10-13 Werner Koch + + * asschk.c (die): Replace this vararg macro by C-89 compliant + macros die_0, die_1, die_2 and die 3. Change all callers. + Reported by Nelson H. F. Beebe. + +2009-02-19 Werner Koch + + * Makefile.am (TESTS_ENVIRONMENT): Use /bin/pwd. + * inittests: Ditto. Fixes bug#1001. + +2008-10-20 Werner Koch + + * asschk.c (cmd_echo): Mark unused arg. + (cmd_send, cmd_expect_ok, cmd_expect_err, cmd_pipeserver) + (cmd_quit_if, cmd_fail_if): Ditto. + +2008-09-29 Werner Koch + + * Makefile.am (TESTS): Remove tests. + +2008-02-19 Werner Koch + + * Makefile.am: Always run pkits tests. + +2008-01-17 Werner Koch + + * asschk.c (read_assuan): Use __func__ instead of __FUNCTION__. + +2006-11-05 Werner Koch + + * asschk.c (read_assuan): Minor cleanups. + +2006-09-06 Marcus Brinkmann + + * Makefile.am (openpgp): New variable. + (SUBDIRS): Conditionalize openpgp on RUN_GPG_TESTS. + +2006-08-21 Werner Koch + + * Makefile.am (SUBDIRS): New. + * openpgp/: New. + +2006-06-08 Marcus Brinkmann + + * asschk.c (__func__) [__STDC_VERSION__ < 199901L && __GNUC__ >= 2]: + Define macro to __FUNCTION__. + (die): Use __func__ instead of __FUNCTION__. + +2005-10-07 Marcus Brinkmann + + * Makefile.am (TESTS_ENVIRONMENT): Remove LD_LIBRARY_PATH hack. + It's the responsibility of the person building the software to set + it properly. + +2004-09-30 Werner Koch + + * Makefile.am (SUBDIRS): Remove pkits until the copyright issues + have been cleared. + +2004-08-16 Werner Koch + + * Makefile.am: Descend into the new pkits directory + +2004-02-20 Werner Koch + + * Makefile.am: Reset GPG_AGENT_INFO here + * runtest: and not anymore here. + +2002-12-04 Werner Koch + + * inittests (gpgsm.conf): Fake system time. + +2002-10-31 Neal H. Walfield + + * Makefile.am (inittests.stamp): Do not set LD_LIBRARY_PATH here. + (TESTS_ENVIRONMENT): Do it here. And also frob $(LIBGCRYPT_LIBS) + and $(PTH_LIBS). + +2002-10-31 Neal H. Walfield + + * asschk.c (die): New macro. + (read_assuan): If in verbose mode, dump the string that was read. + (write_assuan): Be more verbose on failure. + +2002-09-04 Neal H. Walfield + + * Makefile.am (inittests.stamp): Do not set LD_LIBRARY_PATH, but + rather prepend it. Be more robust and prefer printf over echo -n. + +2002-09-04 Marcus Brinkmann + + * asschk.c (start_server): Close the parent's file descriptors in + the child. + (read_assuan): Variable NREAD removed. Cut off the received line + currectly if more than one line was read. + +2002-09-03 Neal H. Walfield + + * Makefile.am (inittests.stamp): Construct an LD_LIBRARY_PATH from + LDFLAGS. + +2002-08-09 Werner Koch + + * asschk.c (cmd_getenv): New. + (expand_line): Allow / as variable name delimiter. + * sm-sign+verify, sm-verify: Use $srcdir so that a VPATH build works. + + * Makefile.am: Fixes for make dist. + * samplekets/Makefile.am: New. + +2002-08-08 Werner Koch + + * asschk.c: Added some new features. + * runtest, inittests: New. + * text-1.txt, text-2.txt, text-3.txt: New. + * text-1.osig.pem, text-1.dsig.pem, text-1.osig-bad.pem: New. + * text-2.osig.pem, text-2.osig-bad.pem: New. + * samplekeys : New directory + * sm-verify, sm-sign+verify: The first test scripts. + +2002-08-06 Werner Koch + + * Makefile.am, asschk.c: New. + + + Copyright 2002 Free Software Foundation, Inc. + + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even the + implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +Local Variables: +buffer-read-only: t +End: diff --git a/tests/Makefile.am b/tests/Makefile.am index 70b5fe270..2142d33d6 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -37,7 +37,7 @@ TESTS_ENVIRONMENT = GNUPGHOME=`/bin/pwd` GPG_AGENT_INFO= LC_ALL=C \ testscripts = sm-sign+verify sm-verify -EXTRA_DIST = runtest inittests $(testscripts) \ +EXTRA_DIST = runtest inittests $(testscripts) ChangeLog-2011 \ text-1.txt text-2.txt text-3.txt \ text-1.osig.pem text-1.dsig.pem text-1.osig-bad.pem \ text-2.osig.pem text-2.osig-bad.pem \ diff --git a/tests/openpgp/ChangeLog b/tests/openpgp/ChangeLog deleted file mode 100644 index 18fbad852..000000000 --- a/tests/openpgp/ChangeLog +++ /dev/null @@ -1,413 +0,0 @@ -2011-02-10 Werner Koch - - * ecc.test: New. - * pinentry.sh: New. - * defs.inc: Do not create a log when running tests with envvar - verbose > 1. Add pinentry-program to gpg-agent.conf. - * Makefile.am (sample_keys): New. - (EXTRA_DIST): Add them. - -2010-10-15 Werner Koch - - * Makefile.am (clean-local): New. - -2010-10-14 Werner Koch - - * genkey1024.test: Use the new no-protection option. - - * decrypt-dsa.test: Do not specify an extra keyring. The keyring - has been loaded into pubring.gpg. - * sigs-dsa.test: Ditto. - * encrypt-dsa.test: Ditto. - * signencrypt-dsa.test: Ditto. - - * decrypt.test: Remove passphrase stuff. - * sigs.test: Ditto. - - * privkeys/: New. - - * Makefile.am: Move most stuff to ... - * version.test: Prepare data files etc. - * finish.test: New. - * defs.inc: Set all envvars. - (usrname1, usrname2, username3): Use full mail address. - -2010-06-07 Werner Koch - - * Makefile.am (TESTS_ENVIRONMENT): New. Start all scripts under - the control of the gpg-agent. - (prepared.stamp): Create gpg-agent.conf. - * defs.inc: Do not create gpg-agent.conf - (GNUPGHOME): Check that it is set properly. - (GPG_AGENT_INFO): Do not change. - -2010-05-12 Werner Koch - - * armor.test (Version): Add test for bug#1179. - -2010-05-11 Werner Koch - - * genkey1024.test: Use GPG macro. - - * gpg-agent.conf.tmpl: New. - * defs.inc: Create gpg-agent.conf - (GNUPGHOME): Set and export. - (GPG_AGENT_INFO): Unset. - * Makefile.am (CLEANFILES): Add S.gpg-agent - -2010-05-07 Werner Koch - - * import.test: Add test case for bug#1223. - * bug1223-good.asc, bug1223-bogus.asc: New. - -2009-12-21 Werner Koch - - * Makefile.am (required_pgms): New. - (./gpg_dearmor): Depend on them. - -2009-06-05 David Shaw - - * defs.inc: Improved all_cipher_algos and all_hash_algos to work - when there are more than one line of algorithms. From 1.4. - -2009-04-19 Werner Koch - - * mkdemodirs (GPG): Use --no-options. - -2008-09-29 Werner Koch - - * clearsig.test: Replace -sat by --clearsign. - -2008-03-19 Werner Koch - - * import.test, bug894-test.asc: New. - -2007-12-14 Werner Koch - - * Makefile.am (./gpg_dearmor): Reverted last change because the - real fix is to --no-options. - -2007-11-22 Werner Koch - - * Makefile.am (./gpg_dearmor): Add --homedir so that we don't - auto create a ~/.gnupg/. From Gentoo. - -2007-10-25 Werner Koch - - Add missing copyright notices to *.test. - -2007-10-25 David Shaw (wk) - - From 1.4 (July): - - * defs.inc (all_cipher_algos): New function to return all ciphers. - * defs.inc (all_cipher_algos): New function to return all ciphers - we support. This is safer than the previous setup which could - hide that some ciphers weren't being tested. Plus, this - automatically tests any new ciphers libgcrypt supports. - (all_hash_algos): New. - * sigs.test: Use it here, and also test with >=160 bit hashes for - DSA2. - * conventional.test, encrypt.test, encrypt-dsa.test, - * conventional-mdc.test: Use it here. - -2007-05-02 David Shaw - - * conventional.test, encrypt.test, encrypt-dsa.test, - conventional-mdc.test: Fix some broken tests that were only - testing 3DES instead of all available ciphers. - -2007-03-04 David Shaw (wk) - - * verify.test: Use --allow-multiple-messages instead of - --allow-multisig-verification. Two clearsigs in a row counds as a - multiple-message test. - -2006-11-16 Werner Koch - - * Makefile.am (plain-large): Use gpg.texi instead of FAQ which - won't be found as it is not a source file. Pointed out by Moritz. - -2006-10-04 Werner Koch - - * signencrypt.test: Need to prepend srcdir to the file name - -2006-09-27 Werner Koch - - * signencrypt.test: Add a test for bug 537. - * bug537-test.data.asc: New. Taken from the BTS. - -2006-08-21 Werner Koch - - Copied tests from 1.4 and adjusted paths. - -2006-04-19 David Shaw - - * sigs.test, mds.test: Add tests for SHA-224, SHA-384, and - SHA-512. - -2006-04-11 Werner Koch - - * armor.test: New. - -2006-03-09 Werner Koch - - * defs.inc: Removed Basishm by proper redirection. - -2006-03-06 Werner Koch - - * defs.inc: Print error messages also to stderr. Allow for - verbose environment variable. - (linefeed): New. - (suspend_error, resume_error): New. - * verify.test: More tests. - * multisig.test: Better error printing. - (sig_1ls1ls_valid, sig_ls_valid): Moved to the non-valid group. - -2006-02-14 Werner Koch - - * verify.test: New. - -2005-06-21 Werner Koch - - * conventional.test (algos): Uhh ohh, cut+paste error and not - tested. - -2005-06-02 Werner Koch - - * conventional.test: have_cipher_algo now requires uppercase - algorithm names. Changed. Noted by John R. Shannon. - -2004-02-09 David Shaw - - * clearsig.test, sigs.test: Properly detect RSA being missing, and - use the proper key for doing an RSA test. - -2003-12-31 David Shaw - - * clearsig.test, conventional-mdc.test, conventional.test, - defs.inc, encrypt-dsa.test, encrypt.test, genkey1024.test, - plain-1.asc, plain-1-pgp.asc, plain-2.asc, plain-3.asc, - pubring.asc, secring.asc, sigs.test: Rework tests to work properly - with a gpg binary that doesn't have all ciphers and all pk algos. - Basically, we test for the ciphers we have, only test signing with - non-160-bit hashes with RSA (we test all hashes as hashes). Test - all key lengths of AES. - -2003-12-05 David Shaw - - * Makefile.am: Reenable tests now that the Elgamal signature keys - are gone. - - * defs.inc, pubring.asc, secring.asc, plain-1.asc, plain-2.asc, - plain-3.asc: Remove the old v3 Elgamal keys and replace with - RSA+Elgamal and RSA s+e. - -2003-12-03 David Shaw - - * options: Remove emulate-md-encode-bug. - -2003-11-27 Werner Koch - - * Makefile.am (TESTS): Temporary remove tests using ElG signatures. - -2003-09-04 David Shaw - - * mds.test, sigs.test: Remove TIGER/192 and make SHA-256 optional - (since it might not be compiled in). - -2003-07-10 David Shaw - - * Makefile.am: Add --no-permission-warning to avoid spurious - warning when importing demo keys. - -2003-05-27 Werner Koch - - * Makefile.am (CLEANFILES): Add gpg.conf - -2003-05-26 David Shaw - - * defs.inc (pgmname): Make sure there is a valid options - file. (From wk on stable branch) - - * mds.test: Note that missing algorithms are not errors. - -2003-04-23 David Shaw - - * Makefile.am, options.in: Rename options.in to options since it - no longer needs to be a generated file. - - * sigs.test: TODO note to add the new SHAs when we start - generating them. - - * mds.test: Test the new SHAs. - -2002-05-10 Werner Koch - - * Makefile.am: Add gpg_dearmor to all targets where it is used. - Noted by Andreas Haumer. - -2002-04-19 Werner Koch - - * signencrypt-dsa.test, sigs-dsa.test: Don't check with MD5 as - this is not valid with DSA signatures. - -2001-12-22 Werner Koch - - * options.in: Add no-permission-warning. - -2001-12-21 Werner Koch - - * Makefile.am (distclean-local): prefix mkdemodirs with srcdir - (DISTCLEANFILES): Add random_seed. - -2001-12-19 Werner Koch - - * options.in: Remove load-extension tiger - * Makefile.am (./options): append it if there is such a module. - -2001-10-23 Werner Koch - - * defs.inc, Makefile.am: Do not use $srcdir when invoking gpg. - Write the logfile to the current directory. - -2001-09-28 Werner Koch - - * defs.inc: Write a log file for each test. - * run-gpg, run-gpgm, run-gpg.patterns: Removed. Replaced in all - tests by a simple macro from defs.inc. - * Makefile.am (CLEANFILES): Remove log files. - (./gpg_dearmor): create it and use it instead of the macro. - This is needed in multisig.test due to IFS tricks. - - * armsignencrypt.test, signencrypt-dsa.test, signencrypt.test, - armencryptp.test, armencrypt.test, encryptp.test, seat.test, - encrypt-dsa.test, encrypt.test: Use --always-trust because the - test are not designed to check the validity. - -2001-09-06 Werner Koch - - * genkey1024.test: Simplified by using a parameter file. - -2001-05-30 Werner Koch - - * multisig.test (IFS): Reset IFS just before the test. - -2001-04-30 Werner Koch - - * multisig.test: Add an set +x to avoid ksh problems - -2001-04-28 Werner Koch - - * run-gpg.patterns: a v3 test key expired yesterday, suppress the - messages. - -2001-03-27 Werner Koch - - * defs.inc: Removed creation of options file. - * options.in: New. - * Makefile.am: Create options file and fixed import of pubdemo.asc. - - * run-gpg.patterns (gpg): Add some more patterns. - -2001-03-20 Werner Koch - - * Makefile.am: Import the pubdemo.asc file - - * sigs.test (hash_algo_list): s/tiger/tiger192/ - -2001-03-19 Werner Koch - - * mkdemodirs (GPGDEMO): Add --allow-secret-key-import to all gpg - invocations. Use echon -n instead of an argument with \c. - -2001-02-12 Werner Koch - - * multisig.test: new - * Makefile.am (TESTS): Added. - -2000-10-18 Werner Koch - - * conventional-mdc.test: Add Rijndael and fix for empty plain texts. - -Thu Feb 10 17:39:44 CET 2000 Werner Koch - - * mkdemodirs: Fixed the --clean loop. - -Thu Jan 13 19:31:58 CET 2000 Werner Koch - - * defs.inc (chdir): Removed becuase it is unsused an plain old sh - does not like this name. Reported by Alec Habig. - -Tue Oct 26 20:02:23 1999 Werner Koch (wk@gnupg.org) - - * Makefile.am (GPG_DEARMOR): New and use --no-options. - -Tue Aug 31 17:20:44 CEST 1999 Werner Koch - - * defs.inc: set LC_ALL empty - -Wed Aug 4 10:34:18 CEST 1999 Werner Koch - - * defs.inc (echo_n): New and used instead of /bin/echo "\c" - -Sun Apr 18 10:11:28 CEST 1999 Werner Koch - - * mkdemodirs: New - * signdemokey: New. - * Makefile.am (distclean-local): New. - -Wed Mar 17 13:09:03 CET 1999 Werner Koch - - * mds.test: replaced the "echo -n" - -Mon Mar 8 20:47:17 CET 1999 Werner Koch - - * pubdemo.asc, secdemo.asc: New. - -Fri Feb 19 15:49:15 CET 1999 Werner Koch - - * genkey1024.test: Be really quiet. - -1999-01-01 Geoff Keating - - * Makefile.am (CLEANFILES): Also delete trustdb and any leftover - lockfiles. - -Fri Nov 27 15:30:24 CET 1998 Werner Koch - - * clearsig.test: Some more test cases. - -Sun Oct 25 18:19:35 1998 Werner Koch (wk@isil.d.shuttle.de) - - * mds.test: Check whether TIGER is available. - * sigs.tesr: Ditto. - -Wed Sep 23 12:25:07 1998 Werner Koch (wk@isil.d.shuttle.de) - - * run-gpg.patterns: New (because Solaris fgrep does not like -f -). - -Mon Aug 10 21:33:38 1998 Werner Koch (wk@(none)) - - * genkey1024.test: Ariel fixed this. - -Wed Jul 8 10:43:47 1998 Werner Koch (wk@isil.d.shuttle.de) - - * seat.test: New. - -Mon May 18 15:40:02 1998 Werner Koch (wk@isil.d.shuttle.de) - - * Makefile.am: Now uses mk-tdata to produce random test data. - - * ChangeLog: New. - - - Copyright 1998, 1999, 2000, 2001, 2007 Free Software Foundation, Inc. - - This file is free software; as a special exception the author gives - unlimited permission to copy and/or distribute it, with or without - modifications, as long as this notice is preserved. - - This file is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY, to the extent permitted by law; without even the - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/tests/openpgp/ChangeLog-2011 b/tests/openpgp/ChangeLog-2011 new file mode 100644 index 000000000..4013a08f8 --- /dev/null +++ b/tests/openpgp/ChangeLog-2011 @@ -0,0 +1,424 @@ +2011-12-01 Werner Koch + + NB: ChangeLog files are no longer manually maintained. Starting + on December 1st, 2011 we put change information only in the GIT + commit log, and generate a top-level ChangeLog file from logs at + "make dist". See doc/HACKING for details. + +2011-02-10 Werner Koch + + * ecc.test: New. + * pinentry.sh: New. + * defs.inc: Do not create a log when running tests with envvar + verbose > 1. Add pinentry-program to gpg-agent.conf. + * Makefile.am (sample_keys): New. + (EXTRA_DIST): Add them. + +2010-10-15 Werner Koch + + * Makefile.am (clean-local): New. + +2010-10-14 Werner Koch + + * genkey1024.test: Use the new no-protection option. + + * decrypt-dsa.test: Do not specify an extra keyring. The keyring + has been loaded into pubring.gpg. + * sigs-dsa.test: Ditto. + * encrypt-dsa.test: Ditto. + * signencrypt-dsa.test: Ditto. + + * decrypt.test: Remove passphrase stuff. + * sigs.test: Ditto. + + * privkeys/: New. + + * Makefile.am: Move most stuff to ... + * version.test: Prepare data files etc. + * finish.test: New. + * defs.inc: Set all envvars. + (usrname1, usrname2, username3): Use full mail address. + +2010-06-07 Werner Koch + + * Makefile.am (TESTS_ENVIRONMENT): New. Start all scripts under + the control of the gpg-agent. + (prepared.stamp): Create gpg-agent.conf. + * defs.inc: Do not create gpg-agent.conf + (GNUPGHOME): Check that it is set properly. + (GPG_AGENT_INFO): Do not change. + +2010-05-12 Werner Koch + + * armor.test (Version): Add test for bug#1179. + +2010-05-11 Werner Koch + + * genkey1024.test: Use GPG macro. + + * gpg-agent.conf.tmpl: New. + * defs.inc: Create gpg-agent.conf + (GNUPGHOME): Set and export. + (GPG_AGENT_INFO): Unset. + * Makefile.am (CLEANFILES): Add S.gpg-agent + +2010-05-07 Werner Koch + + * import.test: Add test case for bug#1223. + * bug1223-good.asc, bug1223-bogus.asc: New. + +2009-12-21 Werner Koch + + * Makefile.am (required_pgms): New. + (./gpg_dearmor): Depend on them. + +2009-06-05 David Shaw + + * defs.inc: Improved all_cipher_algos and all_hash_algos to work + when there are more than one line of algorithms. From 1.4. + +2009-04-19 Werner Koch + + * mkdemodirs (GPG): Use --no-options. + +2008-09-29 Werner Koch + + * clearsig.test: Replace -sat by --clearsign. + +2008-03-19 Werner Koch + + * import.test, bug894-test.asc: New. + +2007-12-14 Werner Koch + + * Makefile.am (./gpg_dearmor): Reverted last change because the + real fix is to --no-options. + +2007-11-22 Werner Koch + + * Makefile.am (./gpg_dearmor): Add --homedir so that we don't + auto create a ~/.gnupg/. From Gentoo. + +2007-10-25 Werner Koch + + Add missing copyright notices to *.test. + +2007-10-25 David Shaw (wk) + + From 1.4 (July): + + * defs.inc (all_cipher_algos): New function to return all ciphers. + * defs.inc (all_cipher_algos): New function to return all ciphers + we support. This is safer than the previous setup which could + hide that some ciphers weren't being tested. Plus, this + automatically tests any new ciphers libgcrypt supports. + (all_hash_algos): New. + * sigs.test: Use it here, and also test with >=160 bit hashes for + DSA2. + * conventional.test, encrypt.test, encrypt-dsa.test, + * conventional-mdc.test: Use it here. + +2007-05-02 David Shaw + + * conventional.test, encrypt.test, encrypt-dsa.test, + conventional-mdc.test: Fix some broken tests that were only + testing 3DES instead of all available ciphers. + +2007-03-04 David Shaw (wk) + + * verify.test: Use --allow-multiple-messages instead of + --allow-multisig-verification. Two clearsigs in a row counds as a + multiple-message test. + +2006-11-16 Werner Koch + + * Makefile.am (plain-large): Use gpg.texi instead of FAQ which + won't be found as it is not a source file. Pointed out by Moritz. + +2006-10-04 Werner Koch + + * signencrypt.test: Need to prepend srcdir to the file name + +2006-09-27 Werner Koch + + * signencrypt.test: Add a test for bug 537. + * bug537-test.data.asc: New. Taken from the BTS. + +2006-08-21 Werner Koch + + Copied tests from 1.4 and adjusted paths. + +2006-04-19 David Shaw + + * sigs.test, mds.test: Add tests for SHA-224, SHA-384, and + SHA-512. + +2006-04-11 Werner Koch + + * armor.test: New. + +2006-03-09 Werner Koch + + * defs.inc: Removed Basishm by proper redirection. + +2006-03-06 Werner Koch + + * defs.inc: Print error messages also to stderr. Allow for + verbose environment variable. + (linefeed): New. + (suspend_error, resume_error): New. + * verify.test: More tests. + * multisig.test: Better error printing. + (sig_1ls1ls_valid, sig_ls_valid): Moved to the non-valid group. + +2006-02-14 Werner Koch + + * verify.test: New. + +2005-06-21 Werner Koch + + * conventional.test (algos): Uhh ohh, cut+paste error and not + tested. + +2005-06-02 Werner Koch + + * conventional.test: have_cipher_algo now requires uppercase + algorithm names. Changed. Noted by John R. Shannon. + +2004-02-09 David Shaw + + * clearsig.test, sigs.test: Properly detect RSA being missing, and + use the proper key for doing an RSA test. + +2003-12-31 David Shaw + + * clearsig.test, conventional-mdc.test, conventional.test, + defs.inc, encrypt-dsa.test, encrypt.test, genkey1024.test, + plain-1.asc, plain-1-pgp.asc, plain-2.asc, plain-3.asc, + pubring.asc, secring.asc, sigs.test: Rework tests to work properly + with a gpg binary that doesn't have all ciphers and all pk algos. + Basically, we test for the ciphers we have, only test signing with + non-160-bit hashes with RSA (we test all hashes as hashes). Test + all key lengths of AES. + +2003-12-05 David Shaw + + * Makefile.am: Reenable tests now that the Elgamal signature keys + are gone. + + * defs.inc, pubring.asc, secring.asc, plain-1.asc, plain-2.asc, + plain-3.asc: Remove the old v3 Elgamal keys and replace with + RSA+Elgamal and RSA s+e. + +2003-12-03 David Shaw + + * options: Remove emulate-md-encode-bug. + +2003-11-27 Werner Koch + + * Makefile.am (TESTS): Temporary remove tests using ElG signatures. + +2003-09-04 David Shaw + + * mds.test, sigs.test: Remove TIGER/192 and make SHA-256 optional + (since it might not be compiled in). + +2003-07-10 David Shaw + + * Makefile.am: Add --no-permission-warning to avoid spurious + warning when importing demo keys. + +2003-05-27 Werner Koch + + * Makefile.am (CLEANFILES): Add gpg.conf + +2003-05-26 David Shaw + + * defs.inc (pgmname): Make sure there is a valid options + file. (From wk on stable branch) + + * mds.test: Note that missing algorithms are not errors. + +2003-04-23 David Shaw + + * Makefile.am, options.in: Rename options.in to options since it + no longer needs to be a generated file. + + * sigs.test: TODO note to add the new SHAs when we start + generating them. + + * mds.test: Test the new SHAs. + +2002-05-10 Werner Koch + + * Makefile.am: Add gpg_dearmor to all targets where it is used. + Noted by Andreas Haumer. + +2002-04-19 Werner Koch + + * signencrypt-dsa.test, sigs-dsa.test: Don't check with MD5 as + this is not valid with DSA signatures. + +2001-12-22 Werner Koch + + * options.in: Add no-permission-warning. + +2001-12-21 Werner Koch + + * Makefile.am (distclean-local): prefix mkdemodirs with srcdir + (DISTCLEANFILES): Add random_seed. + +2001-12-19 Werner Koch + + * options.in: Remove load-extension tiger + * Makefile.am (./options): append it if there is such a module. + +2001-10-23 Werner Koch + + * defs.inc, Makefile.am: Do not use $srcdir when invoking gpg. + Write the logfile to the current directory. + +2001-09-28 Werner Koch + + * defs.inc: Write a log file for each test. + * run-gpg, run-gpgm, run-gpg.patterns: Removed. Replaced in all + tests by a simple macro from defs.inc. + * Makefile.am (CLEANFILES): Remove log files. + (./gpg_dearmor): create it and use it instead of the macro. + This is needed in multisig.test due to IFS tricks. + + * armsignencrypt.test, signencrypt-dsa.test, signencrypt.test, + armencryptp.test, armencrypt.test, encryptp.test, seat.test, + encrypt-dsa.test, encrypt.test: Use --always-trust because the + test are not designed to check the validity. + +2001-09-06 Werner Koch + + * genkey1024.test: Simplified by using a parameter file. + +2001-05-30 Werner Koch + + * multisig.test (IFS): Reset IFS just before the test. + +2001-04-30 Werner Koch + + * multisig.test: Add an set +x to avoid ksh problems + +2001-04-28 Werner Koch + + * run-gpg.patterns: a v3 test key expired yesterday, suppress the + messages. + +2001-03-27 Werner Koch + + * defs.inc: Removed creation of options file. + * options.in: New. + * Makefile.am: Create options file and fixed import of pubdemo.asc. + + * run-gpg.patterns (gpg): Add some more patterns. + +2001-03-20 Werner Koch + + * Makefile.am: Import the pubdemo.asc file + + * sigs.test (hash_algo_list): s/tiger/tiger192/ + +2001-03-19 Werner Koch + + * mkdemodirs (GPGDEMO): Add --allow-secret-key-import to all gpg + invocations. Use echon -n instead of an argument with \c. + +2001-02-12 Werner Koch + + * multisig.test: new + * Makefile.am (TESTS): Added. + +2000-10-18 Werner Koch + + * conventional-mdc.test: Add Rijndael and fix for empty plain texts. + +Thu Feb 10 17:39:44 CET 2000 Werner Koch + + * mkdemodirs: Fixed the --clean loop. + +Thu Jan 13 19:31:58 CET 2000 Werner Koch + + * defs.inc (chdir): Removed becuase it is unsused an plain old sh + does not like this name. Reported by Alec Habig. + +Tue Oct 26 20:02:23 1999 Werner Koch (wk@gnupg.org) + + * Makefile.am (GPG_DEARMOR): New and use --no-options. + +Tue Aug 31 17:20:44 CEST 1999 Werner Koch + + * defs.inc: set LC_ALL empty + +Wed Aug 4 10:34:18 CEST 1999 Werner Koch + + * defs.inc (echo_n): New and used instead of /bin/echo "\c" + +Sun Apr 18 10:11:28 CEST 1999 Werner Koch + + * mkdemodirs: New + * signdemokey: New. + * Makefile.am (distclean-local): New. + +Wed Mar 17 13:09:03 CET 1999 Werner Koch + + * mds.test: replaced the "echo -n" + +Mon Mar 8 20:47:17 CET 1999 Werner Koch + + * pubdemo.asc, secdemo.asc: New. + +Fri Feb 19 15:49:15 CET 1999 Werner Koch + + * genkey1024.test: Be really quiet. + +1999-01-01 Geoff Keating + + * Makefile.am (CLEANFILES): Also delete trustdb and any leftover + lockfiles. + +Fri Nov 27 15:30:24 CET 1998 Werner Koch + + * clearsig.test: Some more test cases. + +Sun Oct 25 18:19:35 1998 Werner Koch (wk@isil.d.shuttle.de) + + * mds.test: Check whether TIGER is available. + * sigs.tesr: Ditto. + +Wed Sep 23 12:25:07 1998 Werner Koch (wk@isil.d.shuttle.de) + + * run-gpg.patterns: New (because Solaris fgrep does not like -f -). + +Mon Aug 10 21:33:38 1998 Werner Koch (wk@(none)) + + * genkey1024.test: Ariel fixed this. + +Wed Jul 8 10:43:47 1998 Werner Koch (wk@isil.d.shuttle.de) + + * seat.test: New. + +Mon May 18 15:40:02 1998 Werner Koch (wk@isil.d.shuttle.de) + + * Makefile.am: Now uses mk-tdata to produce random test data. + + * ChangeLog: New. + + + Copyright 1998, 1999, 2000, 2001, 2007 Free Software Foundation, Inc. + + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even the + implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +Local Variables: +buffer-read-only: t +End: diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am index 8d6e5906b..ea1d54f8b 100644 --- a/tests/openpgp/Makefile.am +++ b/tests/openpgp/Makefile.am @@ -67,7 +67,7 @@ sample_keys = samplekeys/ecc-sample-1-pub.asc \ samplekeys/ecc-sample-2-sec.asc \ samplekeys/ecc-sample-3-sec.asc -EXTRA_DIST = defs.inc pinentry.sh $(TESTS) $(TEST_FILES) \ +EXTRA_DIST = defs.inc pinentry.sh $(TESTS) $(TEST_FILES) ChangeLog-2011 \ mkdemodirs signdemokey $(priv_keys) $(sample_keys) CLEANFILES = prepared.stamp x y yy z out err $(data_files) \ diff --git a/tests/pkits/ChangeLog b/tests/pkits/ChangeLog deleted file mode 100644 index 992d1dfbb..000000000 --- a/tests/pkits/ChangeLog +++ /dev/null @@ -1,64 +0,0 @@ -2009-03-03 Werner Koch - - * inittests (clean_files): Use /bin/pwd here as well. - - * Makefile.am (run-all-tests): Also use /bin/pwd here. - -2009-02-19 Werner Koch - - * Makefile.am (TESTS_ENVIRONMENT): Use /bin/pwd - * common.sh: Ditto. - -2008-02-19 Werner Koch - - * inittests: Unpack test data onlyu if available. - * common.sh: Skip tests if PKITS test data is not available. - * Makefile.am: Do not distribute test data. This allows to - include the test suite in the distribution. - - * signature-verification: New. - * validity-periods: New. - * verifying-name-chaining: New. - * basic-certificate-revocation: New. - * verifying-paths-self-issued: New. - * verifying-basic-constraints: New. - * key-usage: New. - * certificate-policies: New. - * require-explicit-policy: New. - * policy-mappings: New. - * inhibit-policy-mapping: New. - * inhibit-any-policy: New. - * name-constraints: New. - * distribution-points: New. - * delta-crls: New. - * private-certificate-extensions: New. - * Makefile.am (testscripts): Add them. - - * import-all-certs.data: Add section numbers. - -2008-02-18 Werner Koch - - * import-all-certs.data: Adjust import tests results. Almost all - certificates should now be importable due to relaxed basic checks. - - * inittests (clean_files): Disable all dirmngr access. - -2006-05-02 Werner Koch - - * PKITS_data.tar.bz2: Repackaged new copy because the old one got - corrupted by the conversion from CVS to SVN. - -2004-08-16 Werner Koch - - Started implementing PKITS based tests. - - - Copyright 2004, 2008 Free Software Foundation, Inc. - - This file is free software; as a special exception the author gives - unlimited permission to copy and/or distribute it, with or without - modifications, as long as this notice is preserved. - - This file is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY, to the extent permitted by law; without even the - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/tests/pkits/ChangeLog-2011 b/tests/pkits/ChangeLog-2011 new file mode 100644 index 000000000..d66e474ad --- /dev/null +++ b/tests/pkits/ChangeLog-2011 @@ -0,0 +1,75 @@ +2011-12-01 Werner Koch + + NB: ChangeLog files are no longer manually maintained. Starting + on December 1st, 2011 we put change information only in the GIT + commit log, and generate a top-level ChangeLog file from logs at + "make dist". See doc/HACKING for details. + +2009-03-03 Werner Koch + + * inittests (clean_files): Use /bin/pwd here as well. + + * Makefile.am (run-all-tests): Also use /bin/pwd here. + +2009-02-19 Werner Koch + + * Makefile.am (TESTS_ENVIRONMENT): Use /bin/pwd + * common.sh: Ditto. + +2008-02-19 Werner Koch + + * inittests: Unpack test data onlyu if available. + * common.sh: Skip tests if PKITS test data is not available. + * Makefile.am: Do not distribute test data. This allows to + include the test suite in the distribution. + + * signature-verification: New. + * validity-periods: New. + * verifying-name-chaining: New. + * basic-certificate-revocation: New. + * verifying-paths-self-issued: New. + * verifying-basic-constraints: New. + * key-usage: New. + * certificate-policies: New. + * require-explicit-policy: New. + * policy-mappings: New. + * inhibit-policy-mapping: New. + * inhibit-any-policy: New. + * name-constraints: New. + * distribution-points: New. + * delta-crls: New. + * private-certificate-extensions: New. + * Makefile.am (testscripts): Add them. + + * import-all-certs.data: Add section numbers. + +2008-02-18 Werner Koch + + * import-all-certs.data: Adjust import tests results. Almost all + certificates should now be importable due to relaxed basic checks. + + * inittests (clean_files): Disable all dirmngr access. + +2006-05-02 Werner Koch + + * PKITS_data.tar.bz2: Repackaged new copy because the old one got + corrupted by the conversion from CVS to SVN. + +2004-08-16 Werner Koch + + Started implementing PKITS based tests. + + + Copyright 2004, 2008 Free Software Foundation, Inc. + + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even the + implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +Local Variables: +buffer-read-only: t +End: diff --git a/tests/pkits/Makefile.am b/tests/pkits/Makefile.am index f59e5ec97..8098ad22b 100644 --- a/tests/pkits/Makefile.am +++ b/tests/pkits/Makefile.am @@ -1,18 +1,18 @@ # Makefile.am - tests using NIST's PKITS # Copyright (C) 2004, 2008 Free Software Foundation, Inc. -# +# # This file is part of GnuPG. -# +# # GnuPG is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. -# +# # GnuPG is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program; if not, see . @@ -43,8 +43,8 @@ testscripts = import-all-certs validate-all-certs \ private-certificate-extensions -EXTRA_DIST = inittests runtest common.sh $(testscripts) - import-all-certs.data +EXTRA_DIST = inittests runtest common.sh $(testscripts) ChangeLog-2011 \ + import-all-certs.data TESTS = $(testscripts) diff --git a/tools/ChangeLog b/tools/ChangeLog deleted file mode 100644 index d745169fe..000000000 --- a/tools/ChangeLog +++ /dev/null @@ -1,1277 +0,0 @@ -2011-10-13 Marcus Brinkmann - - * Makefile.am: Port to NPth. - -2011-08-26 Werner Koch - - * gpgconf-comp.c (gc_component): Mark for translation. Suggested - by Yuri Chornoivan. - -2011-03-08 Werner Koch - - * symcryptrun.c [HAVE_UTMP_H]: Include utmp.h. - -2011-02-23 Werner Koch - - * gpgconf.c: Add command --kill. - * gpgconf-comp.c (gc_component_kill): New. - (gpg_agent_runtime_change, scdaemon_runtime_change): Add kill flag. - -2011-02-03 Werner Koch - - * watchgnupg.c (print_version): Update copyright year. - -2010-12-14 Werner Koch - - * gpgconf-comp.c (gc_options_gpg_agent, gc_options_scdaemon) - (gc_options_gpg, gc_options_gpgsm, gc_options_dirmngr): Define to - NULL if corresponding BUILD_WITH_foo is not defined. - -2010-12-02 Werner Koch - - * no-libgcrypt.c (gcry_cipher_algo_name): New. - -2010-11-23 Werner Koch - - * Makefile.am (gpgconf_LDFLAGS): Add extra_bin_ldflags. - -2010-11-17 Marcus Brinkmann - - * gogconf.c: Revert accidental debug output commit. - -2010-10-27 Werner Koch - - * symcryptrun.c (confucius_mktmpdir): Use TMPDIR. - -2010-10-14 Werner Koch - - * gpg-connect-agent.c: Add option --agent-program. - - * gpg-connect-agent.c (start_agent): Rewrite using the - start_new_gpg_agent function. - - * gpgconf-comp.c (gpg_agent_runtime_change): Use gpg-connect-agent - on all platforms. - -2010-10-06 Werner Koch - - * watchgnupg.c (print_version): Add option --time-only. - -2010-10-05 Werner Koch - - * watchgnupg.c (main): Support TCP and local socket listening. - (main): Factor some code out to .. - (setup_client): this. - (err): New. - (client_list): New. - -2010-08-25 Werner Koch - - * gpgtar-extract.c (create_directory): Add .p7m as known - extension. - - * gpgtar.c: Add -t as short option for --list-archive. - * gpgtar-extract.c (gpgtar_extract): Use filename "-" for stdin. - Fix dirprefix setting. - * gpgtar-list.c (gpgtar_list): Ditto. - -2010-08-24 Werner Koch - - * gpgtar.c (opts): Fix --cms and --openpgp names. - -2010-08-23 Werner Koch - - * gpgconf-comp.c (GPGNAME) [W32CE]: s/gpg2/gpg/. - (get_config_filename) [W32CE]: Adjust absolute file name check. - - * gpgconf-comp.c (retrieve_options_from_program) - (retrieve_options_from_file, retrieve_options_from_program) - (copy_file, gc_process_gpgconf_conf): Do not use es_ferror after a - failed es_fclose. Note that the stream is in any case invalid - after calling es_fclose and that es_fclose does set ERRNO. - - * Makefile.am (maybe_commonpth_libs): New. - (gpgconf_LDADD): Use it. - -2010-08-20 Werner Koch - - * gpgconf-comp.c (collect_error_output): Remove extra CRs. - -2010-08-19 Werner Koch - - * gpgconf.c (main): Fix --check-options. - - * gpgconf-comp.c (gc_component_check_options): Replace - gnupg_spawn_process_fd by gnupg_spawn_process. - (retrieve_options_from_program): Ditto. - (collect_error_output): Change to use estream. - - * gpgconf-comp.c: Add new backend and component for PINENTRY. - (gc_component_check_options): Use --version to test the pinentry. - (gc_component_retrieve_options, gc_component_change_options): - Ignore the pinentry component. - -2010-08-16 Werner Koch - - * gpgconf.c (get_outfp): Change to use estream. - (main): Replace fprintf by es_fprintf. - * gpgconf-comp.c (gc_component_list_components) - (gc_check_programs, gc_component_list_options) - (gc_component_change_options, gc_component_check_options) - (list_one_option, gc_process_gpgconf_conf): Replace FILE* args by - estream_t. - -2010-08-13 Werner Koch - - * Makefile.am (gpgkey2ssh_LDADD): Add NETLIBS. - -2010-08-11 Werner Koch - - * gpgtar-create.c (gpgtar_create): Allow "-" for stdout in - opt.outfile. Switch es_stdout to binary mode. - -2010-08-09 Werner Koch - - * watchgnupg.c: Inlcude in.h and inet.h. - (main): Support tcp connections. - - * gpgtar.c (main): Add options -T and --null. - * gpgtar-create.c (gpgtar_create): Implement option --null. - -2010-07-16 Werner Koch - - * gpgtar-create.c: Rewrite to better support W32. - -2010-07-01 Werner Koch - - * gpgtar.c: Add option --set-filename. - -2010-06-24 Werner Koch - - * gpgconf-comp.c (gpg_agent_runtime_change) - (scdaemon_runtime_change, retrieve_options_from_program): Use HANG - option for gnupg_wait_progress. Fixes regression from 2010-06-09. - -2010-06-07 Werner Koch - - * gpgtar.c, gpgtar.h, gpgtar-list.c, gpgtar-create.c - * gpgtar-extract.c: New. - * Makefile.am (commonpth_libs): New. - (gpgtar_SOURCES, gpgtar_CFLAGS, gpgtar_LDADD): New. - (bin_PROGRAMS) [!W32CE]: Add gpgtar. - -2010-04-20 Marcus Brinkmann - - * gpgconf-comp.c (option_check_validity): Use dummy variables to - silence gcc warning. - -2010-04-14 Werner Koch - - * Makefile.am (bin_PROGRAMS) [W32CE]: Exclude gpgkey2ssh. - (noinst_PROGRAMS) [W32CE]: Don't build them. - (pwquery_libs) [W32CE]: Set to empty. - -2010-03-25 Werner Koch - - * Makefile.am (opt_libassuan_libs) [W32CE]: New. - (gpgconf_LDADD): Use it. - - * gpgconf-comp.c: Include signal.h only if available. Use - gpg_err_set_errno. - (key_matches_user_or_group) [W32CE]: Do not match any user. - -2010-03-15 Werner Koch - - * gpgconf-comp.c (my_dgettext): - s/gettext_select_utf8/gettext_use_utf8/. - -2010-03-10 Werner Koch - - * Makefile.am (common_libs): Remove libjnlib.a. - -2010-03-08 Werner Koch - - * no-libgcrypt.c (gcry_create_nonce): New. - -2010-02-26 Werner Koch - - * gpg-connect-agent.c (main): New option --tcp-socket. - -2010-01-10 Werner Koch - - * symcryptrun.c (utmp.h): Remove header; it is not used. - -2009-12-18 Werner Koch - - * applygnupgdefaults (errorfile): Use mktemp. Fixes bug#1146. - -2009-12-08 Marcus Brinkmann - - * gpg-connect-agent.c (main): Convert posix fd to assuan fd. - -2009-12-07 Werner Koch - - * no-libgcrypt.c (gcry_strdup): Actually copy the string. - -2009-11-23 Werner Koch - - * gpgconf-comp.c (gc_options_gpg): Add default_pubkey_algo. - -2009-11-05 Marcus Brinkmann - - * gpg-connect-agent.c (start_agent): Update use of - assuan_socket_connect and assuan_pipe_connect. - -2009-11-04 Werner Koch - - * gpg-connect-agent.c (read_and_print_response): Add arg WITHHASH. - (main): Pass true for WITHHASH for the HELP command. - -2009-09-23 Marcus Brinkmann - - * gpg-connect-agent.c (getinfo_pid_cb, read_and_print_response) - (main): Update to new Assuan API. - -2009-07-21 Werner Koch - - * gpgsplit.c (my_strusage): Remove i18n stuff. - -2009-07-07 Werner Koch - - * gpg-connect-agent.c (start_agent): Adjust for changed args of - send_pinentry_environment. - -2009-06-30 Werner Koch - - * ccidmon.c (parse_line_sniffusb): Take also TAB as delimiter. - -2009-06-29 Werner Koch - - * ccidmon.c (parse_line_sniffusb): New. - (main): Add option --sniffusb. - -2009-06-08 Werner Koch - - * gpgconf.c (main): Call gnupg_reopen_std. Should fix bug#1072. - -2009-05-19 Werner Koch - - * watchgnupg.c: Include jnlib/mischelp.h if required. - (main): Use SUN_LEN. - -2009-04-17 Werner Koch - - * ccidmon.c: New. - -2009-03-03 Werner Koch - - * gpgconf.c: New command --reload. - - * gpgconf-comp.c (gc_component_reload): New. - -2009-03-02 Werner Koch - - * gpgconf-comp.c (scdaemon_runtime_change): Killsc d only if it is - not running. - -2009-02-27 Werner Koch - - * gpgconf-comp.c (gpg_agent_runtime_change): Declare static. - (scdaemon_runtime_change): New. - (gc_backend_scdaemon): Register new function. - (gc_options_scdaemon): Make most options runtime changable. - -2009-01-20 Werner Koch - - * gpgconf.c (main): Print more directories. - -2008-12-09 Werner Koch - - * gpg-check-pattern.c (main): Call i18n_init before - init_common_subsystems. - * gpg-connect-agent.c (main): Ditto. - * gpgconf.c (main): Ditto. - * symcryptrun.c (main): Ditto. - -2008-12-08 Werner Koch - - * gpgkey2ssh.c (main): Change order of output for RSA. Change name - of DSA identifier. Reported by Daniel Kahn Gillmor. This is - bug#901. - -2008-12-05 Werner Koch - - * gpg-connect-agent.c (opts): Use ARGPARSE_ macros. - (start_agent) [W32]: Start agent if not running. - -2008-12-03 Werner Koch - - * gpgconf-comp.c : Add option --card-timeout. Remove - unused option --disable-opensc. - -2008-10-20 Werner Koch - - * gpgsplit.c (write_part): Remove unused arg FNAME. Change caller. - (do_split): Ditto. - - * no-libgcrypt.c (gcry_control): Mark unused arg. - * gpg-connect-agent.c (do_recvfd): Ditto. - * gpgparsemail.c (mime_signed_begin, mime_encrypted_begin): Ditto. - (pkcs7_begin): Ditto. - -2008-10-01 Werner Koch - - * gpg-connect-agent.c (main): New command datafile. - (read_and_print_response): Print to the defined datafile. - -2008-09-30 Werner Koch - - * gpgconf.c (main) : Print the bindir. - -2008-08-06 Marcus Brinkmann - - * gpgconf-comp.c (gc_options_gpgsm): Change type of keyserver - option to GC_ARG_TYPE_LDAP_SERVER. - - * gpgconf-comp.c (retrieve_options_from_file): Transfer the - NO_CHANGE flag from the file name option to the list option. - -2008-06-19 Werner Koch - - * gpgconf-comp.c (GC_ARG_TYPE_ALIAS_LIST): New. - (gc_arg_type): Add fallback type. - (gc_options_gpg): Add option "group". - -2008-06-12 Marcus Brinkmann - - * gpgconf-comp.c (gc_options_gpgsm): Add option keyserver. - -2008-05-26 Marcus Brinkmann - - * gpgconf-comp.c: Replace pathname by filename everywhere. - - * gpgconf.c (enum cmd_and_opt_values): Add aListDirs. - (opts): Add aListDirs option. - (main): Handle aListDirs. - * gpgconf.h (gc_percent_escape): New declaration. - * gpgconf-comp.c (my_percent_escape): Make non-static and rename - to ... - (gc_percent_escape): ... this. Change all callers. - -2008-05-26 Werner Koch - - * gpgconf-comp.c (gpg_agent_runtime_change) [W32]: Issue - "reloadagent" command to gpg-agent. - - * gpg-connect-agent.c (main): Allow server command on the command - line. - -2008-05-20 Marcus Brinkmann - - * gpgconf.h (gc_component_check_programs): Rename to ... - (gc_check_programs): ... this. - (gc_component_change_options): Add argument OUT. - (gc_component_check_options): New function. - * gpgconf.c (enum cmd_and_opt_values): New option aCheckOptions. - (opts): Add new option aCheckOptions (aka --check-options). - (main): Handle new option aCheckOptions. - * gpgconf-comp.c (gc_component_check_programs): Rename to ... - (gc_check_programs): ... this. Refactor core of it to ... - (gc_component_check_options): ... this new function. - (gc_component_change_options): Add new argument OUT. Externally - verify all changes. Implement option --dry-run. - -2008-05-09 Werner Koch - - * gpgconf-comp.c (my_dgettext) [USE_SIMPLE_GETTEXT]: Hack to - parly support translations. - -2008-04-08 Werner Koch - - * gpgconf-comp.c (gc_options_gpg): Add --auto-key-locate. - -2008-03-26 Werner Koch - - * make-dns-cert.c: Include unistd.h. Use config.h if requested. - (cert_key): Protect read against EINTR. - (main): Print SVN revision for standalone version. - -2008-03-05 Werner Koch - - * gpg-connect-agent.c (arithmetic_op): Add logical not, or and and. - (get_var_ext): Add functions errcode, errsource and errstring. - (read_and_print_response): Store server reply in $? variable. - (main): Implement IF command. - -2008-02-27 Marcus Brinkmann - - * gpgconf-comp.c (option_check_validity): For now, error out on - empty strings. - (enum): Add GC_ARG_TYPE_PUB_KEY and GC_ARG_TYPE_SEC_KEY. - -2008-02-01 Marcus Brinkmann - - * gpgconf-comp.c (gc_component_list_options): Fix memcpy. - Reported by Marc Mutz. - -2008-01-22 Werner Koch - - * gpgconf-comp.c: Use gnupg domain for honor-http-proxy. Make - "LDAP server list" group title translatable. - -2008-01-17 Marcus Brinkmann - - * gpgconf-comp.c (change_options_program): Strip duplicated - utf8-strings entries for gnupg backend. Don't create them either. - -2007-12-10 Marcus Brinkmann - - * gpgconf-comp.c (gc_component_list_options): Fix up expert level - of group. - -2007-12-04 Marcus Brinkmann - - * gpgconf-comp.c (gc_component_list_components): Do not print a - trailing semi-colon to ensure forward compatibility, as this would - indicate another empty field. - (gc_process_gpgconf_conf): Likewise. - -2007-11-15 Werner Koch - - * gpg-connect-agent.c (start_agent): Adjust changed - send_pinentry_environment. - -2007-10-24 Werner Koch - - * gpg-connect-agent.c (substitute_line): Restore temporary nul - marker. - (main): Add /while command. - -2007-10-23 Werner Koch - - * gpgconf-comp.c (gc_process_gpgconf_conf): Add arg - LISTFP. Changed all callers. - * gpgconf.h: Add gc_error. - * gpgconf.c: Add command --list-config. - (get_outfp): New. - (main): Make --output work. - - * gpgconf-comp.c (gc_options_gpg_agent): Replace accidently used - GC_BACKEND_SCDAEMON. We should consider to create these tables - from plain files. - -2007-10-22 Werner Koch - - * gpgconf-comp.c (retrieve_options_from_program): Replace use of - popen by our gnupg_spawn_process_fd. This is required because - popen under Windows can't handle long filenames. - -2007-10-19 Werner Koch - - * symcryptrun.c (confucius_get_pass): Use utf8 switching functions. - - * gpg-connect-agent.c (get_var_ext): New. - (substitute_line): Use it. - (assign_variable): Implement /slet in terms of get_var_ext. - (main): New option -s/--subst. - (add_definq): Add arg IS_VAR. Change all callers. - (main): Add command /definq. - (handle_inquire): Implement new command. - (substitute_line_copy): New. - (unescape_string, unpercent_string): New. - * no-libgcrypt.c (gcry_set_outofcore_handler) - (gcry_set_fatalerror_handler, gcry_set_log_handler): New. - * Makefile.am (gpg_connect_agent_LDADD): Link to libreadline. - - * gpgconf-comp.c (retrieve_options_from_file): Don't call fclose - with NULL. Fixes bug 842. - -2007-10-12 Werner Koch - - * gpg-connect-agent.c (substitute_line): Allow ${foo} syntax. - -2007-10-11 Werner Koch - - * gpg-connect-agent.c (get_var): Expand environment variables. - Suggested by Marc Mutz. - (set_var): Return the value. - (assign_variable): Add arg syslet. - (main): New command /slet. - (gnu_getcwd): New. - (assign_variable): Add tag cwd, and *dir. - -2007-10-02 Werner Koch - - * no-libgcrypt.c (gcry_malloc_secure): New. - - * gpg-connect-agent.c (set_var, set_int_var, get_var) - (substitute_line, show_variables, assign_variable) - (do_open, do_close, do_showopen): New. - (main): Add new commands /nosubst, /subst, /let, /showvar, /open, - /close and /showopen. - (main): New commands /run and /bye. - -2007-10-01 Werner Koch - - * gpg-connect-agent.c (do_sendfd): Use INT2FD for assuan_sendfd. - -2007-09-26 Werner Koch - - * gpg-connect-agent.c (main): Print the first response from the - server. - -2007-09-14 Werner Koch - - * gpgconf-comp.c: Make a string translatable. - -2007-09-04 Moritz Schulte - - * gpgsm-gencert.sh: Use printf instead of echo. - -2007-09-04 Moritz Schulte - - * gpgkey2ssh.c: Include sysutils.h so that gnupg_tmpfile() is - declared. - -2007-08-31 Werner Koch - - * gpgparsemail.c: Support PGP/MIME signed messages. - - * gpgconf-comp.c (gc_component_list_components): List the programs - names. - -2007-08-29 Werner Koch - - * gpgconf.c: New command --check-programs. - * gpgconf-comp.c (gc_component_check_programs): New. - (gc_backend): Add member MODULE_NAME and add these module names. - (retrieve_options_from_program): Use module name so that we use an - absolute file name and don't rely on $PATH. - (collect_error_output): New. - * no-libgcrypt.c (gcry_control): New. - -2007-08-28 Werner Koch - - * gpgconf-comp.c : Add options --max-passphrase-days - and --enable-passphrase-history. - -2007-08-27 Werner Koch - - * gpg-check-pattern.c: New - * Makefile.am (libexec_PROGRAMS): Add unless DISABLE_REGEX. - -2007-08-24 Werner Koch - - * gpgconf-comp.c : Add options --check-passphrase-pattern, - --min-passphrase-nonalpha and --enforce-passphrase-constraints and - move them into a new "passphrase policy" group. - (gc_component) [W32]: Enable dirmngr. - -2007-08-21 Werner Koch - - * gpgkey2ssh.c (key_to_blob): Use gnupg_tmpfile(). - -2007-08-02 Werner Koch - - * gpgconf-comp.c: Factor the public GC_OPT_FLAG constants out and - include gc-opt-flags.h. - -2007-07-17 Werner Koch - - * gpgconf-comp.c: Add --encrypt-to and --default-key to gpg and - gpgsm. - -2007-07-16 Marcus Brinkmann - - * gpg-connect-agent.c (main): Bail out if write fails. - -2007-07-05 Marcus Brinkmann - - * symcryptrun.c (confucius_get_pass): Define orig_codeset if - [ENABLE_NLS], not [HAVE_LANGINFO_CODESET]. - -2007-06-26 Werner Koch - - * gpgconf-comp.c (key_matches_user_or_group) [W32]: Implement user - name matching. - (GPGNAME): New. Use it instead of "gpg". - (gc_component) [W32]: Disable dirmngr for now. - (gc_component_retrieve_options): Ignore components without options. - (gc_component_change_options): Ditto. - (gc_component_list_options): Ditto. - (gc_component_find, gc_component_list_components): Ditto. - -2007-06-19 Werner Koch - - * gpgconf-comp.c (percent_escape): Rename to my_percent_escape. - Changed all callers. - -2007-06-18 Marcus Brinkmann - - * gpgconf-comp.c (retrieve_options_from_file): Close LIST_FILE. - (copy_file): In error case, save/restore errno. Close SRC and DST. - (gc_component_change_options): Catch error from unlink(). Remove - target backup file before rename(). - -2007-06-15 Marcus Brinkmann - - * gpgconf-comp.c (copy_file) [HAVE_W32_SYSTEM]: New function. - (change_options_file, change_options_program) [HAVE_W32_SYSTEM]: - Copy backup file. - (gc_component_change_options) [HAVE_W32_SYSTEM]: Non-atomic replace. - (gc_process_gpgconf_conf): Rename fname to fname_arg and - fname_buffer to fname, initialize fname with fname_arg, discarding - const qualifier. - -2007-06-15 Werner Koch - - * Makefile.am (symcryptrun_LDADD): It is LIBICONV and not LIBINCONV. - (gpgconf_LDADD, symcryptrun_LDADD): Add W32SOCKLIBS. - -2007-06-14 Werner Koch - - * symcryptrun.c (main): Setup default socket name for - simple-pwquery. - (MAP_SPWQ_ERROR_IMPL): New. Use it for all spwq error returns. - -2007-06-12 Werner Koch - - * gpgconf-comp.c (gc_process_gpgconf_conf): Replace - GNUPG_SYSCONFDIR by a function call. - - * gpg-connect-agent.c (main): Replace some calls by - init_common_subsystems. - * gpgconf.c (main): Ditto. - * symcryptrun.c (main): Ditto. - -2007-06-11 Werner Koch - - * symcryptrun.c (main) [W32]: Call pth_init. - * gpgconf.c (main) [W32]: Call pth_init - * gpg-connect-agent.c (main) [W32]: Call pth_init. - -2007-06-06 Werner Koch - - * Makefile.am (bin_PROGRAMS) [W32]: Do not build gpgparsemail. - - * gpgconf-comp.c [W32]: Do not include pwd.h and grp.h. - (key_matches_user_or_group) [W32]: For now always return false. - - * symcryptrun.c (i18n_init): Remove. - * gpgconf.c (i18n_init): Remove. - * gpg-connect-agent.c (i18n_init): Remove. - -2007-05-19 Marcus Brinkmann - - * symcryptrun.c (confucius_get_pass): Free ORIG_CODESET on error. - -2007-05-08 Werner Koch - - * sockprox.c: New. It needs to be build manually. By Moritz - Schulte. - -2007-04-20 Werner Koch - - * symcryptrun.c (my_gcry_logger): Removed. - (main): Call setup_libgcrypt_logging. - -2007-04-03 Werner Koch - - * gpgconf-comp.c: Allow changing of --allow-mark-trusted. - - * gpg-connect-agent.c (main): New option --decode and commands - decode and undecode. - (read_and_print_response): Implement option. - -2007-03-20 Werner Koch - - * gpgconf-comp.c (gc_options_gpgsm): Add p12-charset. - -2007-03-07 Werner Koch - - * applygnupgdefaults: New. - * Makefile.am (sbin_SCRIPTS): Add it - -2007-03-06 Werner Koch - - * gpgconf-comp.c: Include pwd.h and grp.h. - (GC_OPT_FLAG_NO_CHANGE): New. - (gc_component_change_options): Implement it. - (gc_options_gpg_agent): Add options for all ttl values and - min-passphrase-length. Apply new flag to some of them. - (gc_process_gpgconf_conf, key_matches_user_or_group): New. - (gc_component_change_options): Factor some code out to .. - (change_one_value): .. new. - (gc_component_retrieve_options): Allow -1 for COMPONENT to iterate - over al components. - * gpgconf.c (main): New commands --check-config and - --apply-defaults. Call gc_process_gpgconf_conf. - -2007-01-31 Werner Koch - - * Makefile.am (symcryptrun_LDADD): Add LIBICONV. - (gpgkey2ssh_LDADD): Ditto. - -2006-12-13 David Shaw - - * Makefile.am (gpgsplit_LDADD): Link to LIBINTL if we're using the - built-in code. - -2006-12-07 David Shaw - - * Makefile.am: Link to iconv for jnlib dependency. - -2006-11-23 Werner Koch - - * Makefile.am (gpg_connect_agent_LDADD): Add NETLIBS. - -2006-11-21 Werner Koch - - * gpgconf-comp.c (list_one_option): Cast print size_t arg. - -2006-11-17 Werner Koch - - * gpgconf-comp.c: Made disable-keypad a basic option. - -2006-11-03 Werner Koch - - * symcryptrun.c: Include signal.h and include pth.h only if test - asserts that it exists. - -2006-10-23 Werner Koch - - * gpgconf-comp.c : Add --cipher-algo. - -2006-10-20 Werner Koch - - * gpgsm-gencert.sh: Enhanced the main menu. - -2006-10-12 Werner Koch - - * Makefile.am (gpg-zip, gpgsplit): Do not install due to a - conflict with gpg1. - -2006-10-11 Werner Koch - - * gpgsm-gencert.sh: Allow generation of card keys. - -2006-10-08 Werner Koch - - * Makefile.am (gpgkey2ssh_LDADD): Add LIBINTL. Suggested by - Andreas Metzler. - -2006-09-22 Werner Koch - - * no-libgcrypt.c: Changed license to a simple all permissive one. - -2006-09-20 Werner Koch - - * Makefile.am: Changes to allow parallel make runs. - -2006-09-12 Werner Koch - - Replaced all call gpg_error_from_errno(errno) by - gpg_error_from_syserror(). - - * gpg-connect-agent.c (read_and_print_response): With verbosity - level 2 also print comment lines. - -2006-09-06 Werner Koch - - * gpg-connect-agent.c: Switch everything to new Assuan error code - style. - - * no-libgcrypt.c (out_of_core): Reanmed to ... - (out_of_memory): .. this to avoid name clash with util.h. - -2006-08-21 Werner Koch - - * gpgsplit.c: New. Taken from 1.4. Adjusted to GnuPG2. - - * Makefile.am (noinst_PROGRAMS): New. - -2006-06-09 Marcus Brinkmann - - * Makefile.am (gpgconf_LDADD): Add $(GPG_ERROR_LIBS). - (gpgkey2ssh_LDADD): Add ../jnlib/libjnlib.a. - -2006-05-23 Werner Koch - - * gpgparsemail.c: Include config.h if available - (stpcpy): Conditional include it. - - * gpgconf-comp.c (hextobyte): Removed as it is now availble in - jnlib. - -2005-12-20 Werner Koch - - * gpgconf-comp.c (gc_options_gpg): Add allow-pka-lookup. - -2005-12-14 Werner Koch - - * Makefile.am (bin_PROGRAMS): Build gpgparsemail. - - * gpgparsemail.c (pkcs7_begin): New. - (parse_message, message_cb): Add support of direct pkcs signatures. - -2005-10-19 Werner Koch - - * gpgconf-comp.c (gc_options_scdaemon): New option --disable-keypad. - -2005-09-22 Werner Koch - - * rfc822parse.c (parse_field): Tread Content-Disposition special. - -2005-10-08 Marcus Brinkmann - - * Makefile.am (watchgnupg_LDADD): New variable. - - * Makefile.am (gpgconf_LDADD): Add ../gl/libgnu.a after - ../common/libcommon.a. - (symcryptrun_LDADD, gpg_connect_agent_LDADD, gpgkey2ssh_LDADD): - Likewise. - -2005-09-29 Marcus Brinkmann - - * Makefile.am (AM_CFLAGS): Add $(LIBGCRYPT_CFLAGS). - -2005-09-06 Werner Koch - - * rfc822parse.c, rfc822parse.h: Changed license to LGPL. - -2005-08-01 Werner Koch - - * gpgsm-gencert.sh: Allow entering a keygrip to generate a CSR from - an existing key. - -2005-07-21 Werner Koch - - * gpgsm-gencert.sh: Reworked to allow for multiple email addresses - as well as DNsanmes and URi. Present the parameter file before - creating the certificate. - -2005-07-04 Marcus Brinkmann - - * symcryptrun.c (SYMC_BAD_PASSPHRASE, SYMC_CANCELED): New symbols, - use instead constants. - (hash_string): New function copied from simple-gettext.c. - (confucius_get_pass): Take new argument CACHEID. - (confucius_process): Calculate cacheid and pass it to - confucius_get_pass. Clear passphrase from cache if necessary. - -2005-06-16 Werner Koch - - * gpg-connect-agent.c (read_and_print_response): Made LINELEN a - size_t. - -2005-06-04 Marcus Brinkmann - - * symcryptrun.c (main): Allow any number of arguments, don't use - first argument as input file name. Pass extra arguments to - confucius_main. - (confucius_main): Accept new arguments argc and argv and pass them - to confucius_process. - (confucius_process): Accept new arguments argc and argv and pass - them to the confucius process. - -2005-06-01 Werner Koch - - * symcryptrun.c: Include mkdtemp.h. - -2005-05-31 Werner Koch - - * watchgnupg.c: Make sure that PF_LCOAL and AF_LOCAL are defines. - Noted by Ray Link. - -2005-05-28 Moritz Schulte - - * gpgkey2ssh.c: New file. - * Makefile.am (bin_PROGRAMS): Added gpgkey2ssh. - -2005-05-20 Werner Koch - - * gpg-connect-agent.c (add_definq, show_definq, clear_definq) - (handle_inquire): New. - (read_and_print_response): Handle INQUIRE command. - (main): Implement control commands. - -2005-04-21 Werner Koch - - * symcryptrun.c (main): Optionally allow the input file as command - line argument. - - * gpgconf-comp.c: Add gpgsm option disable-trusted-cert-crl-check. - -2005-04-20 Werner Koch - - * gpgconf-comp.c: Add gpg-agent:disable-scdaemon. - -2005-04-19 Marcus Brinkmann - - * symcryptrun.c: Add --input option. - -2005-04-15 Marcus Brinkmann - - * symcryptrun.c (TEMP_FAILURE_RETRY): Define if not defined. - - * symcryptrun.c (remove_file): New function. - (confucius_copy_file): Accept new argument PLAIN and shred the - file if it is set on error. - - * Makefile.am: Define symcryptrun make variable depending on - BUILD_SYMCRYPTUN. - (bin_PROGRAMS): Add ${symcryptrun} instead symcryptrun. - (symcryptrun_LDADD): Use $(LIBUTIL_LIBS) instead of -lutil. - -2005-04-11 Werner Koch - - * symcryptrun.c (confucius_mktmpdir): Changed to use mkdtmp(3). - -2005-04-11 Marcus Brinkmann - - * symcryptrun.c: Implement config file parsing. - - * Makefile.am (bin_PROGRAMS): Add symcryptrun. - (symcryptrun_SOURCES, symcryptrun_LDADD): New variables. - * symcryptrun.c: New file. - -2005-03-31 Werner Koch - - * gpg-connect-agent.c (start_agent): Use PATHSEP_C instead of ':'. - -2005-03-09 Werner Koch - - * gpgconf-comp.c : Add honor-http-proxy. - -2005-02-25 Werner Koch - - * no-libgcrypt.c (gcry_strdup): New. - -2005-02-24 Werner Koch - - * gpg-connect-agent.c: New. - * Makefile.am: Add it. - -2004-12-21 Werner Koch - - * gpgconf-comp.c (get_config_pathname) [DOSISH]: Detect absolute - pathnames with a drive letter. - -2004-12-15 Werner Koch - - * Makefile.am (bin_PROGRAMS) [W32]: Do not build watchgnupg. - - * gpgconf-comp.c (gpg_agent_runtime_change) [W32]: No way yet to - send a signal. Disable. - (change_options_file, change_options_program) [W32]: No link(2), - so we disable it. - (gc_component_change_options): Use rename instead of link. - -2004-12-13 Werner Koch - - * gpgconf-comp.c : Fixed typo. - -2004-11-24 Werner Koch - - * gpgconf-comp.c : Add --ignore-http-dp, --ignore-ldap-dp - and --ignore-ocsp-service-url. - -2004-11-23 Werner Koch - - * gpgconf-comp.c : Add the proxy options. - : Add --prefer-system-daemon. - -2004-11-11 Werner Koch - - * watchgnupg.c (main): Fixed test for read error. - -2004-10-22 Werner Koch - - * Makefile.am (bin_SCRIPTS): Add gpgsm-gencert.sh - - * gpgsm-gencert.sh: Fixed copyright; its part of GnuPG thus FSF. - -2004-10-01 Werner Koch - - * gpgconf-comp.c: Made all strings for --log-file read the same. - -2004-10-01 Werner Koch - - * gpgconf-comp.c (my_dgettext): Also switch codeset and directory - for the other used domains (i.e. dirmngr). - - * gpgconf.c (main): Fixed translation markers. - -2004-09-30 Werner Koch - - * gpgconf.c (i18n_init): Always use LC_ALL. - - * Makefile.am: Adjusted for gettext 0.14. - -2004-09-29 Werner Koch - - * gpgconf-comp.c: Made the entries fro GROUPs translatable. - Include i18n.h. - (my_dgettext): Hack to use the gnupg2 domain. - -2004-08-09 Moritz Schulte - - * gpgsm-gencert.sh: New file. - -2004-06-16 Werner Koch - - * rfc822parse.c (rfc822parse_get_field): Add arg VALUEOFF. - -2004-06-14 Werner Koch - - * no-libgcrypt.c (gcry_realloc, gcry_xmalloc, gcry_xcalloc): New. - - * gpgconf-comp.c (retrieve_options_from_program) - (retrieve_options_from_file, change_options_file) - (change_options_program, gc_component_change_options): Replaced - getline by read_line and test for allocation failure. - -2004-05-21 Marcus Brinkmann - - * gpgconf-comp.c (gc_options_dirmngr): Remove CRL group, put its - only option "max-replies" into LDAP group. - (gc_component): Change description of dirmngr to "Directory - Manager". - - * gpgconf-comp.c (gc_component_change_options): Move the - per-process backup file into a standard location. - -2004-05-03 Werner Koch - - * gpgconf-comp.c: Add --allow-mark-trusted for the gpg-agent. - -2004-04-30 Werner Koch - - * gpgconf-comp.c: Added more runtime flags for the gpg-agent - backend. - -2004-04-29 Marcus Brinkmann - - * gpgconf-comp.c (change_options_program): Turn on utf8-strings in - the gpgconf specific part of the config file for the GnuPG - backend. - -2004-04-28 Werner Koch - - * gpgconf-comp.c: Add --ocsp-signer for the dirmngr backend. - -2004-04-20 Marcus Brinkmann - - * gpgconf-comp.c (gc_options_gpg_agent): Change type of - ignore-cache-for-signing option to GC_ARG_TYPE_NONE. - -2004-04-07 Werner Koch - - * gpgconf-comp.c (my_dgettext): Switch the codeset once to utf-8. - Allow building with out NLS. - -2004-03-23 Marcus Brinkmann - - * gpgconf-comp.c (gc_options_dirmngr): Set GC_OPT_FLAG_ARG_OPT for - "LDAP Server". - (change_options_file): Remove assertion that tests that this flag - is not present. Handle an empty string in OPTION->new_value. - - * gpgconf.c (main): Remove obsolete warning. - -2004-03-23 Werner Koch - - * gpgconf-comp.c (gc_options_gpg): New. - (gc_component_t, gc_component): Add GC_BACKEND_GPG. - (gc_options_dirmngr): Add allow-ocsp. - -2004-03-23 Marcus Brinkmann - - * gpgconf-comp.c (gc_flag): Add missing flags. - - * gpgconf-comp.c: Include . - (gc_backend): Add new member runtime_change. - (gpg_agent_runtime_change): New function. - (gc_component_change_options): New variable runtime. Initialize - it. If an option is changed that has the GC_OPT_FLAG_RUNTIME bit - set, also set the corresponding runtime variable. Finally, call - the runtime_change callback of the backend if needed. - -2004-03-16 Werner Koch - - * gpgconf-comp.c (gc_options_gpg_agent): Implemented. - (gc_options_gpgsm, gc_options_scdaemon): Implemented. - (gc_backend_t): Add GC_BACKEND_SCDAEMON. - -2004-03-12 Marcus Brinkmann - - * gpgconf-comp.c (gc_component_change_options): Set the filenames - of the option's backend, not of the component. - Also use GC_BACKEND_NR, not GC_COMPONENT_NR. - -2004-03-09 Werner Koch - - * gpgconf-comp.c [_riscos_]: Removed special code for RISC OS; we - don't want to clutter our code with system dependent stuff. - -2004-03-08 Marcus Brinkmann - - * gpgconf-comp.c (retrieve_options_from_file): Quote each string - in the list, not only the first. - -2004-02-26 Marcus Brinkmann - - * gpgconf-comp.c (gc_component_list_options): Do not print empty - groups. - - * gpgconf-comp.c (option_check_validity): Check if option is - active. - (change_options_file): Implement. - - * gpgconf-comp.c (retrieve_options_from_program): Remove broken - string handling. - - * gpgconf-comp.c (change_options_program): Support all types of - options, including list types. - - * README.gpgconf: Fix description of arguments. - * gpgconf-comp.c (option_check_validity): Rewritten to properly - support optional arguments in lists. - - * README.gpgconf: Add info about optional arg and arg type 0. - * gpgconf-comp.c (gc_component_change_options): Parse list of - arg type 0 options. - (option_check_validity): Add new argument NEW_VALUE_NR. Perform - rigorous validity checks. - (change_options_program): Disable an option also if we have a new - value for it. - -2004-02-25 Marcus Brinkmann - - * gpgconf-comp.c (gc_component_list_options): Correct output for - lists of arg type none. - (struct gc_option): Add new member new_flags. - (option_check_validity): Check OPTION->new_flags beside - OPTION->new_value. Add new argument FLAGS. - (gc_component_change_options): Support default flag correctly. - (change_options_program): Likewise. - -2004-02-24 Marcus Brinkmann - - * README.gpgconf: Revert last change. Add new flags "default", - "default desc" and "no arg desc". Add new field ARGDEF. Add new - field FLAG to backend interface. - * gpgconf-comp.c (struct gc_option): Make flags of type unsigned - long. - (gc_component_list_options): Adjust type for flags. - Add default argument field. - (retrieve_options_from_program): Use "1" as value for non-option - arguments, not "Y". - (gc_component_change_options): Read in flags from input. - -2004-02-23 Marcus Brinkmann - - * README.gpgconf: Change meaning of type 0 options value if it is - the empty string or "0". - - * gpgconf.h (struct): Add member runtime. - * gpgconf.c: Add new option oRuntime. - (main): Same here. - - * gpgconf-comp.c (hextobyte): New function. - (percent_deescape): New function. - (get_config_pathname): Percent deescape pathname if taken from - option (default) value. Use default value only if it exists and - is not empty. Use empty string otherwise. Don't include leading - quote in pathname. - (change_options_program): Percent deescape string before writing - it out. - - * gpgconf-comp.c (gc_component_list_options): Do not skip groups - on output. - -2004-02-18 Werner Koch - - * gpgconf-comp.c: Added empty components for gpgsm and scdaemon. - -2004-02-12 Werner Koch - - * watchgnupg.c (main): Implement option "--". - (print_version): New. - - * Makefile.am: Include cmacros.am for common flags. - -2004-02-03 Werner Koch - - * addgnupghome: Try to use getent, so that it also works for NIS - setups. - -2004-01-31 Marcus Brinkmann - - * gpgconf-comp.c: Some bug fixes, parse only defaults from the - program, and read the current values from the configuration file - directly. - -2004-01-30 Marcus Brinkmann - - * gpgconf-comp.c (gc_error): New function, use it instead of - error() throughout. - - * gpgconf-comp.c: Use xmalloc, libcommon's asctimestamp and - gnupg_get_time, fix error() invocation and use getline() - consistently. - -2004-01-30 Werner Koch - - * addgnupghome: Also set the group of copied files. - -2004-01-30 Werner Koch - - * Makefile.am (sbin_SCRIPTS): New, to install addgnupghome. - (EXTRA_DIST): Added rfc822parse.c rfc822parse.h gpgparsemail.c - which might be useful for debugging. - -2004-01-29 Werner Koch - - * addgnupghome: New. - -2004-01-29 Marcus Brinkmann - - * gpgconf-list.c: File removed. - * README.gpgconf: New file. - * gpgconf-comp.c: New file. - * Makefile.am (gpgconf_SOURCES): Remove gpgconf-list.c, add - gpgconf-comp.c. - -2004-01-16 Werner Koch - - * watchgnupg.c (main): Need to use FD_ISSET for the client - descriptors too; aiiih. Set the listening socket to non-blocking. - -2004-01-10 Werner Koch - - * Makefile.am: Use GPG_ERROR_CFLAGS - -2004-01-05 Werner Koch - - * Manifest: New. - * gpgconf.c, gpgconf.h, gpgconf-list.c: New. A skeleton for now. - * no-libgcrypt.c: New. - * Makefile.am: Add above. - -2003-12-23 Werner Koch - - * Makefile.am: New. - * watchgnupg.c: New. - - - Copyright 2003, 2004, 2005, 2006, 2007, 2008, - 2009, 2010, 2011 Free Software Foundation, Inc. - - This file is free software; as a special exception the author gives - unlimited permission to copy and/or distribute it, with or without - modifications, as long as this notice is preserved. - - This file is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY, to the extent permitted by law; without even the - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/tools/ChangeLog-2011 b/tools/ChangeLog-2011 new file mode 100644 index 000000000..db771c82d --- /dev/null +++ b/tools/ChangeLog-2011 @@ -0,0 +1,1288 @@ +2011-12-01 Werner Koch + + NB: ChangeLog files are no longer manually maintained. Starting + on December 1st, 2011 we put change information only in the GIT + commit log, and generate a top-level ChangeLog file from logs at + "make dist". See doc/HACKING for details. + +2011-10-13 Marcus Brinkmann + + * Makefile.am: Port to NPth. + +2011-08-26 Werner Koch + + * gpgconf-comp.c (gc_component): Mark for translation. Suggested + by Yuri Chornoivan. + +2011-03-08 Werner Koch + + * symcryptrun.c [HAVE_UTMP_H]: Include utmp.h. + +2011-02-23 Werner Koch + + * gpgconf.c: Add command --kill. + * gpgconf-comp.c (gc_component_kill): New. + (gpg_agent_runtime_change, scdaemon_runtime_change): Add kill flag. + +2011-02-03 Werner Koch + + * watchgnupg.c (print_version): Update copyright year. + +2010-12-14 Werner Koch + + * gpgconf-comp.c (gc_options_gpg_agent, gc_options_scdaemon) + (gc_options_gpg, gc_options_gpgsm, gc_options_dirmngr): Define to + NULL if corresponding BUILD_WITH_foo is not defined. + +2010-12-02 Werner Koch + + * no-libgcrypt.c (gcry_cipher_algo_name): New. + +2010-11-23 Werner Koch + + * Makefile.am (gpgconf_LDFLAGS): Add extra_bin_ldflags. + +2010-11-17 Marcus Brinkmann + + * gogconf.c: Revert accidental debug output commit. + +2010-10-27 Werner Koch + + * symcryptrun.c (confucius_mktmpdir): Use TMPDIR. + +2010-10-14 Werner Koch + + * gpg-connect-agent.c: Add option --agent-program. + + * gpg-connect-agent.c (start_agent): Rewrite using the + start_new_gpg_agent function. + + * gpgconf-comp.c (gpg_agent_runtime_change): Use gpg-connect-agent + on all platforms. + +2010-10-06 Werner Koch + + * watchgnupg.c (print_version): Add option --time-only. + +2010-10-05 Werner Koch + + * watchgnupg.c (main): Support TCP and local socket listening. + (main): Factor some code out to .. + (setup_client): this. + (err): New. + (client_list): New. + +2010-08-25 Werner Koch + + * gpgtar-extract.c (create_directory): Add .p7m as known + extension. + + * gpgtar.c: Add -t as short option for --list-archive. + * gpgtar-extract.c (gpgtar_extract): Use filename "-" for stdin. + Fix dirprefix setting. + * gpgtar-list.c (gpgtar_list): Ditto. + +2010-08-24 Werner Koch + + * gpgtar.c (opts): Fix --cms and --openpgp names. + +2010-08-23 Werner Koch + + * gpgconf-comp.c (GPGNAME) [W32CE]: s/gpg2/gpg/. + (get_config_filename) [W32CE]: Adjust absolute file name check. + + * gpgconf-comp.c (retrieve_options_from_program) + (retrieve_options_from_file, retrieve_options_from_program) + (copy_file, gc_process_gpgconf_conf): Do not use es_ferror after a + failed es_fclose. Note that the stream is in any case invalid + after calling es_fclose and that es_fclose does set ERRNO. + + * Makefile.am (maybe_commonpth_libs): New. + (gpgconf_LDADD): Use it. + +2010-08-20 Werner Koch + + * gpgconf-comp.c (collect_error_output): Remove extra CRs. + +2010-08-19 Werner Koch + + * gpgconf.c (main): Fix --check-options. + + * gpgconf-comp.c (gc_component_check_options): Replace + gnupg_spawn_process_fd by gnupg_spawn_process. + (retrieve_options_from_program): Ditto. + (collect_error_output): Change to use estream. + + * gpgconf-comp.c: Add new backend and component for PINENTRY. + (gc_component_check_options): Use --version to test the pinentry. + (gc_component_retrieve_options, gc_component_change_options): + Ignore the pinentry component. + +2010-08-16 Werner Koch + + * gpgconf.c (get_outfp): Change to use estream. + (main): Replace fprintf by es_fprintf. + * gpgconf-comp.c (gc_component_list_components) + (gc_check_programs, gc_component_list_options) + (gc_component_change_options, gc_component_check_options) + (list_one_option, gc_process_gpgconf_conf): Replace FILE* args by + estream_t. + +2010-08-13 Werner Koch + + * Makefile.am (gpgkey2ssh_LDADD): Add NETLIBS. + +2010-08-11 Werner Koch + + * gpgtar-create.c (gpgtar_create): Allow "-" for stdout in + opt.outfile. Switch es_stdout to binary mode. + +2010-08-09 Werner Koch + + * watchgnupg.c: Inlcude in.h and inet.h. + (main): Support tcp connections. + + * gpgtar.c (main): Add options -T and --null. + * gpgtar-create.c (gpgtar_create): Implement option --null. + +2010-07-16 Werner Koch + + * gpgtar-create.c: Rewrite to better support W32. + +2010-07-01 Werner Koch + + * gpgtar.c: Add option --set-filename. + +2010-06-24 Werner Koch + + * gpgconf-comp.c (gpg_agent_runtime_change) + (scdaemon_runtime_change, retrieve_options_from_program): Use HANG + option for gnupg_wait_progress. Fixes regression from 2010-06-09. + +2010-06-07 Werner Koch + + * gpgtar.c, gpgtar.h, gpgtar-list.c, gpgtar-create.c + * gpgtar-extract.c: New. + * Makefile.am (commonpth_libs): New. + (gpgtar_SOURCES, gpgtar_CFLAGS, gpgtar_LDADD): New. + (bin_PROGRAMS) [!W32CE]: Add gpgtar. + +2010-04-20 Marcus Brinkmann + + * gpgconf-comp.c (option_check_validity): Use dummy variables to + silence gcc warning. + +2010-04-14 Werner Koch + + * Makefile.am (bin_PROGRAMS) [W32CE]: Exclude gpgkey2ssh. + (noinst_PROGRAMS) [W32CE]: Don't build them. + (pwquery_libs) [W32CE]: Set to empty. + +2010-03-25 Werner Koch + + * Makefile.am (opt_libassuan_libs) [W32CE]: New. + (gpgconf_LDADD): Use it. + + * gpgconf-comp.c: Include signal.h only if available. Use + gpg_err_set_errno. + (key_matches_user_or_group) [W32CE]: Do not match any user. + +2010-03-15 Werner Koch + + * gpgconf-comp.c (my_dgettext): + s/gettext_select_utf8/gettext_use_utf8/. + +2010-03-10 Werner Koch + + * Makefile.am (common_libs): Remove libjnlib.a. + +2010-03-08 Werner Koch + + * no-libgcrypt.c (gcry_create_nonce): New. + +2010-02-26 Werner Koch + + * gpg-connect-agent.c (main): New option --tcp-socket. + +2010-01-10 Werner Koch + + * symcryptrun.c (utmp.h): Remove header; it is not used. + +2009-12-18 Werner Koch + + * applygnupgdefaults (errorfile): Use mktemp. Fixes bug#1146. + +2009-12-08 Marcus Brinkmann + + * gpg-connect-agent.c (main): Convert posix fd to assuan fd. + +2009-12-07 Werner Koch + + * no-libgcrypt.c (gcry_strdup): Actually copy the string. + +2009-11-23 Werner Koch + + * gpgconf-comp.c (gc_options_gpg): Add default_pubkey_algo. + +2009-11-05 Marcus Brinkmann + + * gpg-connect-agent.c (start_agent): Update use of + assuan_socket_connect and assuan_pipe_connect. + +2009-11-04 Werner Koch + + * gpg-connect-agent.c (read_and_print_response): Add arg WITHHASH. + (main): Pass true for WITHHASH for the HELP command. + +2009-09-23 Marcus Brinkmann + + * gpg-connect-agent.c (getinfo_pid_cb, read_and_print_response) + (main): Update to new Assuan API. + +2009-07-21 Werner Koch + + * gpgsplit.c (my_strusage): Remove i18n stuff. + +2009-07-07 Werner Koch + + * gpg-connect-agent.c (start_agent): Adjust for changed args of + send_pinentry_environment. + +2009-06-30 Werner Koch + + * ccidmon.c (parse_line_sniffusb): Take also TAB as delimiter. + +2009-06-29 Werner Koch + + * ccidmon.c (parse_line_sniffusb): New. + (main): Add option --sniffusb. + +2009-06-08 Werner Koch + + * gpgconf.c (main): Call gnupg_reopen_std. Should fix bug#1072. + +2009-05-19 Werner Koch + + * watchgnupg.c: Include jnlib/mischelp.h if required. + (main): Use SUN_LEN. + +2009-04-17 Werner Koch + + * ccidmon.c: New. + +2009-03-03 Werner Koch + + * gpgconf.c: New command --reload. + + * gpgconf-comp.c (gc_component_reload): New. + +2009-03-02 Werner Koch + + * gpgconf-comp.c (scdaemon_runtime_change): Killsc d only if it is + not running. + +2009-02-27 Werner Koch + + * gpgconf-comp.c (gpg_agent_runtime_change): Declare static. + (scdaemon_runtime_change): New. + (gc_backend_scdaemon): Register new function. + (gc_options_scdaemon): Make most options runtime changable. + +2009-01-20 Werner Koch + + * gpgconf.c (main): Print more directories. + +2008-12-09 Werner Koch + + * gpg-check-pattern.c (main): Call i18n_init before + init_common_subsystems. + * gpg-connect-agent.c (main): Ditto. + * gpgconf.c (main): Ditto. + * symcryptrun.c (main): Ditto. + +2008-12-08 Werner Koch + + * gpgkey2ssh.c (main): Change order of output for RSA. Change name + of DSA identifier. Reported by Daniel Kahn Gillmor. This is + bug#901. + +2008-12-05 Werner Koch + + * gpg-connect-agent.c (opts): Use ARGPARSE_ macros. + (start_agent) [W32]: Start agent if not running. + +2008-12-03 Werner Koch + + * gpgconf-comp.c : Add option --card-timeout. Remove + unused option --disable-opensc. + +2008-10-20 Werner Koch + + * gpgsplit.c (write_part): Remove unused arg FNAME. Change caller. + (do_split): Ditto. + + * no-libgcrypt.c (gcry_control): Mark unused arg. + * gpg-connect-agent.c (do_recvfd): Ditto. + * gpgparsemail.c (mime_signed_begin, mime_encrypted_begin): Ditto. + (pkcs7_begin): Ditto. + +2008-10-01 Werner Koch + + * gpg-connect-agent.c (main): New command datafile. + (read_and_print_response): Print to the defined datafile. + +2008-09-30 Werner Koch + + * gpgconf.c (main) : Print the bindir. + +2008-08-06 Marcus Brinkmann + + * gpgconf-comp.c (gc_options_gpgsm): Change type of keyserver + option to GC_ARG_TYPE_LDAP_SERVER. + + * gpgconf-comp.c (retrieve_options_from_file): Transfer the + NO_CHANGE flag from the file name option to the list option. + +2008-06-19 Werner Koch + + * gpgconf-comp.c (GC_ARG_TYPE_ALIAS_LIST): New. + (gc_arg_type): Add fallback type. + (gc_options_gpg): Add option "group". + +2008-06-12 Marcus Brinkmann + + * gpgconf-comp.c (gc_options_gpgsm): Add option keyserver. + +2008-05-26 Marcus Brinkmann + + * gpgconf-comp.c: Replace pathname by filename everywhere. + + * gpgconf.c (enum cmd_and_opt_values): Add aListDirs. + (opts): Add aListDirs option. + (main): Handle aListDirs. + * gpgconf.h (gc_percent_escape): New declaration. + * gpgconf-comp.c (my_percent_escape): Make non-static and rename + to ... + (gc_percent_escape): ... this. Change all callers. + +2008-05-26 Werner Koch + + * gpgconf-comp.c (gpg_agent_runtime_change) [W32]: Issue + "reloadagent" command to gpg-agent. + + * gpg-connect-agent.c (main): Allow server command on the command + line. + +2008-05-20 Marcus Brinkmann + + * gpgconf.h (gc_component_check_programs): Rename to ... + (gc_check_programs): ... this. + (gc_component_change_options): Add argument OUT. + (gc_component_check_options): New function. + * gpgconf.c (enum cmd_and_opt_values): New option aCheckOptions. + (opts): Add new option aCheckOptions (aka --check-options). + (main): Handle new option aCheckOptions. + * gpgconf-comp.c (gc_component_check_programs): Rename to ... + (gc_check_programs): ... this. Refactor core of it to ... + (gc_component_check_options): ... this new function. + (gc_component_change_options): Add new argument OUT. Externally + verify all changes. Implement option --dry-run. + +2008-05-09 Werner Koch + + * gpgconf-comp.c (my_dgettext) [USE_SIMPLE_GETTEXT]: Hack to + parly support translations. + +2008-04-08 Werner Koch + + * gpgconf-comp.c (gc_options_gpg): Add --auto-key-locate. + +2008-03-26 Werner Koch + + * make-dns-cert.c: Include unistd.h. Use config.h if requested. + (cert_key): Protect read against EINTR. + (main): Print SVN revision for standalone version. + +2008-03-05 Werner Koch + + * gpg-connect-agent.c (arithmetic_op): Add logical not, or and and. + (get_var_ext): Add functions errcode, errsource and errstring. + (read_and_print_response): Store server reply in $? variable. + (main): Implement IF command. + +2008-02-27 Marcus Brinkmann + + * gpgconf-comp.c (option_check_validity): For now, error out on + empty strings. + (enum): Add GC_ARG_TYPE_PUB_KEY and GC_ARG_TYPE_SEC_KEY. + +2008-02-01 Marcus Brinkmann + + * gpgconf-comp.c (gc_component_list_options): Fix memcpy. + Reported by Marc Mutz. + +2008-01-22 Werner Koch + + * gpgconf-comp.c: Use gnupg domain for honor-http-proxy. Make + "LDAP server list" group title translatable. + +2008-01-17 Marcus Brinkmann + + * gpgconf-comp.c (change_options_program): Strip duplicated + utf8-strings entries for gnupg backend. Don't create them either. + +2007-12-10 Marcus Brinkmann + + * gpgconf-comp.c (gc_component_list_options): Fix up expert level + of group. + +2007-12-04 Marcus Brinkmann + + * gpgconf-comp.c (gc_component_list_components): Do not print a + trailing semi-colon to ensure forward compatibility, as this would + indicate another empty field. + (gc_process_gpgconf_conf): Likewise. + +2007-11-15 Werner Koch + + * gpg-connect-agent.c (start_agent): Adjust changed + send_pinentry_environment. + +2007-10-24 Werner Koch + + * gpg-connect-agent.c (substitute_line): Restore temporary nul + marker. + (main): Add /while command. + +2007-10-23 Werner Koch + + * gpgconf-comp.c (gc_process_gpgconf_conf): Add arg + LISTFP. Changed all callers. + * gpgconf.h: Add gc_error. + * gpgconf.c: Add command --list-config. + (get_outfp): New. + (main): Make --output work. + + * gpgconf-comp.c (gc_options_gpg_agent): Replace accidently used + GC_BACKEND_SCDAEMON. We should consider to create these tables + from plain files. + +2007-10-22 Werner Koch + + * gpgconf-comp.c (retrieve_options_from_program): Replace use of + popen by our gnupg_spawn_process_fd. This is required because + popen under Windows can't handle long filenames. + +2007-10-19 Werner Koch + + * symcryptrun.c (confucius_get_pass): Use utf8 switching functions. + + * gpg-connect-agent.c (get_var_ext): New. + (substitute_line): Use it. + (assign_variable): Implement /slet in terms of get_var_ext. + (main): New option -s/--subst. + (add_definq): Add arg IS_VAR. Change all callers. + (main): Add command /definq. + (handle_inquire): Implement new command. + (substitute_line_copy): New. + (unescape_string, unpercent_string): New. + * no-libgcrypt.c (gcry_set_outofcore_handler) + (gcry_set_fatalerror_handler, gcry_set_log_handler): New. + * Makefile.am (gpg_connect_agent_LDADD): Link to libreadline. + + * gpgconf-comp.c (retrieve_options_from_file): Don't call fclose + with NULL. Fixes bug 842. + +2007-10-12 Werner Koch + + * gpg-connect-agent.c (substitute_line): Allow ${foo} syntax. + +2007-10-11 Werner Koch + + * gpg-connect-agent.c (get_var): Expand environment variables. + Suggested by Marc Mutz. + (set_var): Return the value. + (assign_variable): Add arg syslet. + (main): New command /slet. + (gnu_getcwd): New. + (assign_variable): Add tag cwd, and *dir. + +2007-10-02 Werner Koch + + * no-libgcrypt.c (gcry_malloc_secure): New. + + * gpg-connect-agent.c (set_var, set_int_var, get_var) + (substitute_line, show_variables, assign_variable) + (do_open, do_close, do_showopen): New. + (main): Add new commands /nosubst, /subst, /let, /showvar, /open, + /close and /showopen. + (main): New commands /run and /bye. + +2007-10-01 Werner Koch + + * gpg-connect-agent.c (do_sendfd): Use INT2FD for assuan_sendfd. + +2007-09-26 Werner Koch + + * gpg-connect-agent.c (main): Print the first response from the + server. + +2007-09-14 Werner Koch + + * gpgconf-comp.c: Make a string translatable. + +2007-09-04 Moritz Schulte + + * gpgsm-gencert.sh: Use printf instead of echo. + +2007-09-04 Moritz Schulte + + * gpgkey2ssh.c: Include sysutils.h so that gnupg_tmpfile() is + declared. + +2007-08-31 Werner Koch + + * gpgparsemail.c: Support PGP/MIME signed messages. + + * gpgconf-comp.c (gc_component_list_components): List the programs + names. + +2007-08-29 Werner Koch + + * gpgconf.c: New command --check-programs. + * gpgconf-comp.c (gc_component_check_programs): New. + (gc_backend): Add member MODULE_NAME and add these module names. + (retrieve_options_from_program): Use module name so that we use an + absolute file name and don't rely on $PATH. + (collect_error_output): New. + * no-libgcrypt.c (gcry_control): New. + +2007-08-28 Werner Koch + + * gpgconf-comp.c : Add options --max-passphrase-days + and --enable-passphrase-history. + +2007-08-27 Werner Koch + + * gpg-check-pattern.c: New + * Makefile.am (libexec_PROGRAMS): Add unless DISABLE_REGEX. + +2007-08-24 Werner Koch + + * gpgconf-comp.c : Add options --check-passphrase-pattern, + --min-passphrase-nonalpha and --enforce-passphrase-constraints and + move them into a new "passphrase policy" group. + (gc_component) [W32]: Enable dirmngr. + +2007-08-21 Werner Koch + + * gpgkey2ssh.c (key_to_blob): Use gnupg_tmpfile(). + +2007-08-02 Werner Koch + + * gpgconf-comp.c: Factor the public GC_OPT_FLAG constants out and + include gc-opt-flags.h. + +2007-07-17 Werner Koch + + * gpgconf-comp.c: Add --encrypt-to and --default-key to gpg and + gpgsm. + +2007-07-16 Marcus Brinkmann + + * gpg-connect-agent.c (main): Bail out if write fails. + +2007-07-05 Marcus Brinkmann + + * symcryptrun.c (confucius_get_pass): Define orig_codeset if + [ENABLE_NLS], not [HAVE_LANGINFO_CODESET]. + +2007-06-26 Werner Koch + + * gpgconf-comp.c (key_matches_user_or_group) [W32]: Implement user + name matching. + (GPGNAME): New. Use it instead of "gpg". + (gc_component) [W32]: Disable dirmngr for now. + (gc_component_retrieve_options): Ignore components without options. + (gc_component_change_options): Ditto. + (gc_component_list_options): Ditto. + (gc_component_find, gc_component_list_components): Ditto. + +2007-06-19 Werner Koch + + * gpgconf-comp.c (percent_escape): Rename to my_percent_escape. + Changed all callers. + +2007-06-18 Marcus Brinkmann + + * gpgconf-comp.c (retrieve_options_from_file): Close LIST_FILE. + (copy_file): In error case, save/restore errno. Close SRC and DST. + (gc_component_change_options): Catch error from unlink(). Remove + target backup file before rename(). + +2007-06-15 Marcus Brinkmann + + * gpgconf-comp.c (copy_file) [HAVE_W32_SYSTEM]: New function. + (change_options_file, change_options_program) [HAVE_W32_SYSTEM]: + Copy backup file. + (gc_component_change_options) [HAVE_W32_SYSTEM]: Non-atomic replace. + (gc_process_gpgconf_conf): Rename fname to fname_arg and + fname_buffer to fname, initialize fname with fname_arg, discarding + const qualifier. + +2007-06-15 Werner Koch + + * Makefile.am (symcryptrun_LDADD): It is LIBICONV and not LIBINCONV. + (gpgconf_LDADD, symcryptrun_LDADD): Add W32SOCKLIBS. + +2007-06-14 Werner Koch + + * symcryptrun.c (main): Setup default socket name for + simple-pwquery. + (MAP_SPWQ_ERROR_IMPL): New. Use it for all spwq error returns. + +2007-06-12 Werner Koch + + * gpgconf-comp.c (gc_process_gpgconf_conf): Replace + GNUPG_SYSCONFDIR by a function call. + + * gpg-connect-agent.c (main): Replace some calls by + init_common_subsystems. + * gpgconf.c (main): Ditto. + * symcryptrun.c (main): Ditto. + +2007-06-11 Werner Koch + + * symcryptrun.c (main) [W32]: Call pth_init. + * gpgconf.c (main) [W32]: Call pth_init + * gpg-connect-agent.c (main) [W32]: Call pth_init. + +2007-06-06 Werner Koch + + * Makefile.am (bin_PROGRAMS) [W32]: Do not build gpgparsemail. + + * gpgconf-comp.c [W32]: Do not include pwd.h and grp.h. + (key_matches_user_or_group) [W32]: For now always return false. + + * symcryptrun.c (i18n_init): Remove. + * gpgconf.c (i18n_init): Remove. + * gpg-connect-agent.c (i18n_init): Remove. + +2007-05-19 Marcus Brinkmann + + * symcryptrun.c (confucius_get_pass): Free ORIG_CODESET on error. + +2007-05-08 Werner Koch + + * sockprox.c: New. It needs to be build manually. By Moritz + Schulte. + +2007-04-20 Werner Koch + + * symcryptrun.c (my_gcry_logger): Removed. + (main): Call setup_libgcrypt_logging. + +2007-04-03 Werner Koch + + * gpgconf-comp.c: Allow changing of --allow-mark-trusted. + + * gpg-connect-agent.c (main): New option --decode and commands + decode and undecode. + (read_and_print_response): Implement option. + +2007-03-20 Werner Koch + + * gpgconf-comp.c (gc_options_gpgsm): Add p12-charset. + +2007-03-07 Werner Koch + + * applygnupgdefaults: New. + * Makefile.am (sbin_SCRIPTS): Add it + +2007-03-06 Werner Koch + + * gpgconf-comp.c: Include pwd.h and grp.h. + (GC_OPT_FLAG_NO_CHANGE): New. + (gc_component_change_options): Implement it. + (gc_options_gpg_agent): Add options for all ttl values and + min-passphrase-length. Apply new flag to some of them. + (gc_process_gpgconf_conf, key_matches_user_or_group): New. + (gc_component_change_options): Factor some code out to .. + (change_one_value): .. new. + (gc_component_retrieve_options): Allow -1 for COMPONENT to iterate + over al components. + * gpgconf.c (main): New commands --check-config and + --apply-defaults. Call gc_process_gpgconf_conf. + +2007-01-31 Werner Koch + + * Makefile.am (symcryptrun_LDADD): Add LIBICONV. + (gpgkey2ssh_LDADD): Ditto. + +2006-12-13 David Shaw + + * Makefile.am (gpgsplit_LDADD): Link to LIBINTL if we're using the + built-in code. + +2006-12-07 David Shaw + + * Makefile.am: Link to iconv for jnlib dependency. + +2006-11-23 Werner Koch + + * Makefile.am (gpg_connect_agent_LDADD): Add NETLIBS. + +2006-11-21 Werner Koch + + * gpgconf-comp.c (list_one_option): Cast print size_t arg. + +2006-11-17 Werner Koch + + * gpgconf-comp.c: Made disable-keypad a basic option. + +2006-11-03 Werner Koch + + * symcryptrun.c: Include signal.h and include pth.h only if test + asserts that it exists. + +2006-10-23 Werner Koch + + * gpgconf-comp.c : Add --cipher-algo. + +2006-10-20 Werner Koch + + * gpgsm-gencert.sh: Enhanced the main menu. + +2006-10-12 Werner Koch + + * Makefile.am (gpg-zip, gpgsplit): Do not install due to a + conflict with gpg1. + +2006-10-11 Werner Koch + + * gpgsm-gencert.sh: Allow generation of card keys. + +2006-10-08 Werner Koch + + * Makefile.am (gpgkey2ssh_LDADD): Add LIBINTL. Suggested by + Andreas Metzler. + +2006-09-22 Werner Koch + + * no-libgcrypt.c: Changed license to a simple all permissive one. + +2006-09-20 Werner Koch + + * Makefile.am: Changes to allow parallel make runs. + +2006-09-12 Werner Koch + + Replaced all call gpg_error_from_errno(errno) by + gpg_error_from_syserror(). + + * gpg-connect-agent.c (read_and_print_response): With verbosity + level 2 also print comment lines. + +2006-09-06 Werner Koch + + * gpg-connect-agent.c: Switch everything to new Assuan error code + style. + + * no-libgcrypt.c (out_of_core): Reanmed to ... + (out_of_memory): .. this to avoid name clash with util.h. + +2006-08-21 Werner Koch + + * gpgsplit.c: New. Taken from 1.4. Adjusted to GnuPG2. + + * Makefile.am (noinst_PROGRAMS): New. + +2006-06-09 Marcus Brinkmann + + * Makefile.am (gpgconf_LDADD): Add $(GPG_ERROR_LIBS). + (gpgkey2ssh_LDADD): Add ../jnlib/libjnlib.a. + +2006-05-23 Werner Koch + + * gpgparsemail.c: Include config.h if available + (stpcpy): Conditional include it. + + * gpgconf-comp.c (hextobyte): Removed as it is now availble in + jnlib. + +2005-12-20 Werner Koch + + * gpgconf-comp.c (gc_options_gpg): Add allow-pka-lookup. + +2005-12-14 Werner Koch + + * Makefile.am (bin_PROGRAMS): Build gpgparsemail. + + * gpgparsemail.c (pkcs7_begin): New. + (parse_message, message_cb): Add support of direct pkcs signatures. + +2005-10-19 Werner Koch + + * gpgconf-comp.c (gc_options_scdaemon): New option --disable-keypad. + +2005-09-22 Werner Koch + + * rfc822parse.c (parse_field): Tread Content-Disposition special. + +2005-10-08 Marcus Brinkmann + + * Makefile.am (watchgnupg_LDADD): New variable. + + * Makefile.am (gpgconf_LDADD): Add ../gl/libgnu.a after + ../common/libcommon.a. + (symcryptrun_LDADD, gpg_connect_agent_LDADD, gpgkey2ssh_LDADD): + Likewise. + +2005-09-29 Marcus Brinkmann + + * Makefile.am (AM_CFLAGS): Add $(LIBGCRYPT_CFLAGS). + +2005-09-06 Werner Koch + + * rfc822parse.c, rfc822parse.h: Changed license to LGPL. + +2005-08-01 Werner Koch + + * gpgsm-gencert.sh: Allow entering a keygrip to generate a CSR from + an existing key. + +2005-07-21 Werner Koch + + * gpgsm-gencert.sh: Reworked to allow for multiple email addresses + as well as DNsanmes and URi. Present the parameter file before + creating the certificate. + +2005-07-04 Marcus Brinkmann + + * symcryptrun.c (SYMC_BAD_PASSPHRASE, SYMC_CANCELED): New symbols, + use instead constants. + (hash_string): New function copied from simple-gettext.c. + (confucius_get_pass): Take new argument CACHEID. + (confucius_process): Calculate cacheid and pass it to + confucius_get_pass. Clear passphrase from cache if necessary. + +2005-06-16 Werner Koch + + * gpg-connect-agent.c (read_and_print_response): Made LINELEN a + size_t. + +2005-06-04 Marcus Brinkmann + + * symcryptrun.c (main): Allow any number of arguments, don't use + first argument as input file name. Pass extra arguments to + confucius_main. + (confucius_main): Accept new arguments argc and argv and pass them + to confucius_process. + (confucius_process): Accept new arguments argc and argv and pass + them to the confucius process. + +2005-06-01 Werner Koch + + * symcryptrun.c: Include mkdtemp.h. + +2005-05-31 Werner Koch + + * watchgnupg.c: Make sure that PF_LCOAL and AF_LOCAL are defines. + Noted by Ray Link. + +2005-05-28 Moritz Schulte + + * gpgkey2ssh.c: New file. + * Makefile.am (bin_PROGRAMS): Added gpgkey2ssh. + +2005-05-20 Werner Koch + + * gpg-connect-agent.c (add_definq, show_definq, clear_definq) + (handle_inquire): New. + (read_and_print_response): Handle INQUIRE command. + (main): Implement control commands. + +2005-04-21 Werner Koch + + * symcryptrun.c (main): Optionally allow the input file as command + line argument. + + * gpgconf-comp.c: Add gpgsm option disable-trusted-cert-crl-check. + +2005-04-20 Werner Koch + + * gpgconf-comp.c: Add gpg-agent:disable-scdaemon. + +2005-04-19 Marcus Brinkmann + + * symcryptrun.c: Add --input option. + +2005-04-15 Marcus Brinkmann + + * symcryptrun.c (TEMP_FAILURE_RETRY): Define if not defined. + + * symcryptrun.c (remove_file): New function. + (confucius_copy_file): Accept new argument PLAIN and shred the + file if it is set on error. + + * Makefile.am: Define symcryptrun make variable depending on + BUILD_SYMCRYPTUN. + (bin_PROGRAMS): Add ${symcryptrun} instead symcryptrun. + (symcryptrun_LDADD): Use $(LIBUTIL_LIBS) instead of -lutil. + +2005-04-11 Werner Koch + + * symcryptrun.c (confucius_mktmpdir): Changed to use mkdtmp(3). + +2005-04-11 Marcus Brinkmann + + * symcryptrun.c: Implement config file parsing. + + * Makefile.am (bin_PROGRAMS): Add symcryptrun. + (symcryptrun_SOURCES, symcryptrun_LDADD): New variables. + * symcryptrun.c: New file. + +2005-03-31 Werner Koch + + * gpg-connect-agent.c (start_agent): Use PATHSEP_C instead of ':'. + +2005-03-09 Werner Koch + + * gpgconf-comp.c : Add honor-http-proxy. + +2005-02-25 Werner Koch + + * no-libgcrypt.c (gcry_strdup): New. + +2005-02-24 Werner Koch + + * gpg-connect-agent.c: New. + * Makefile.am: Add it. + +2004-12-21 Werner Koch + + * gpgconf-comp.c (get_config_pathname) [DOSISH]: Detect absolute + pathnames with a drive letter. + +2004-12-15 Werner Koch + + * Makefile.am (bin_PROGRAMS) [W32]: Do not build watchgnupg. + + * gpgconf-comp.c (gpg_agent_runtime_change) [W32]: No way yet to + send a signal. Disable. + (change_options_file, change_options_program) [W32]: No link(2), + so we disable it. + (gc_component_change_options): Use rename instead of link. + +2004-12-13 Werner Koch + + * gpgconf-comp.c : Fixed typo. + +2004-11-24 Werner Koch + + * gpgconf-comp.c : Add --ignore-http-dp, --ignore-ldap-dp + and --ignore-ocsp-service-url. + +2004-11-23 Werner Koch + + * gpgconf-comp.c : Add the proxy options. + : Add --prefer-system-daemon. + +2004-11-11 Werner Koch + + * watchgnupg.c (main): Fixed test for read error. + +2004-10-22 Werner Koch + + * Makefile.am (bin_SCRIPTS): Add gpgsm-gencert.sh + + * gpgsm-gencert.sh: Fixed copyright; its part of GnuPG thus FSF. + +2004-10-01 Werner Koch + + * gpgconf-comp.c: Made all strings for --log-file read the same. + +2004-10-01 Werner Koch + + * gpgconf-comp.c (my_dgettext): Also switch codeset and directory + for the other used domains (i.e. dirmngr). + + * gpgconf.c (main): Fixed translation markers. + +2004-09-30 Werner Koch + + * gpgconf.c (i18n_init): Always use LC_ALL. + + * Makefile.am: Adjusted for gettext 0.14. + +2004-09-29 Werner Koch + + * gpgconf-comp.c: Made the entries fro GROUPs translatable. + Include i18n.h. + (my_dgettext): Hack to use the gnupg2 domain. + +2004-08-09 Moritz Schulte + + * gpgsm-gencert.sh: New file. + +2004-06-16 Werner Koch + + * rfc822parse.c (rfc822parse_get_field): Add arg VALUEOFF. + +2004-06-14 Werner Koch + + * no-libgcrypt.c (gcry_realloc, gcry_xmalloc, gcry_xcalloc): New. + + * gpgconf-comp.c (retrieve_options_from_program) + (retrieve_options_from_file, change_options_file) + (change_options_program, gc_component_change_options): Replaced + getline by read_line and test for allocation failure. + +2004-05-21 Marcus Brinkmann + + * gpgconf-comp.c (gc_options_dirmngr): Remove CRL group, put its + only option "max-replies" into LDAP group. + (gc_component): Change description of dirmngr to "Directory + Manager". + + * gpgconf-comp.c (gc_component_change_options): Move the + per-process backup file into a standard location. + +2004-05-03 Werner Koch + + * gpgconf-comp.c: Add --allow-mark-trusted for the gpg-agent. + +2004-04-30 Werner Koch + + * gpgconf-comp.c: Added more runtime flags for the gpg-agent + backend. + +2004-04-29 Marcus Brinkmann + + * gpgconf-comp.c (change_options_program): Turn on utf8-strings in + the gpgconf specific part of the config file for the GnuPG + backend. + +2004-04-28 Werner Koch + + * gpgconf-comp.c: Add --ocsp-signer for the dirmngr backend. + +2004-04-20 Marcus Brinkmann + + * gpgconf-comp.c (gc_options_gpg_agent): Change type of + ignore-cache-for-signing option to GC_ARG_TYPE_NONE. + +2004-04-07 Werner Koch + + * gpgconf-comp.c (my_dgettext): Switch the codeset once to utf-8. + Allow building with out NLS. + +2004-03-23 Marcus Brinkmann + + * gpgconf-comp.c (gc_options_dirmngr): Set GC_OPT_FLAG_ARG_OPT for + "LDAP Server". + (change_options_file): Remove assertion that tests that this flag + is not present. Handle an empty string in OPTION->new_value. + + * gpgconf.c (main): Remove obsolete warning. + +2004-03-23 Werner Koch + + * gpgconf-comp.c (gc_options_gpg): New. + (gc_component_t, gc_component): Add GC_BACKEND_GPG. + (gc_options_dirmngr): Add allow-ocsp. + +2004-03-23 Marcus Brinkmann + + * gpgconf-comp.c (gc_flag): Add missing flags. + + * gpgconf-comp.c: Include . + (gc_backend): Add new member runtime_change. + (gpg_agent_runtime_change): New function. + (gc_component_change_options): New variable runtime. Initialize + it. If an option is changed that has the GC_OPT_FLAG_RUNTIME bit + set, also set the corresponding runtime variable. Finally, call + the runtime_change callback of the backend if needed. + +2004-03-16 Werner Koch + + * gpgconf-comp.c (gc_options_gpg_agent): Implemented. + (gc_options_gpgsm, gc_options_scdaemon): Implemented. + (gc_backend_t): Add GC_BACKEND_SCDAEMON. + +2004-03-12 Marcus Brinkmann + + * gpgconf-comp.c (gc_component_change_options): Set the filenames + of the option's backend, not of the component. + Also use GC_BACKEND_NR, not GC_COMPONENT_NR. + +2004-03-09 Werner Koch + + * gpgconf-comp.c [_riscos_]: Removed special code for RISC OS; we + don't want to clutter our code with system dependent stuff. + +2004-03-08 Marcus Brinkmann + + * gpgconf-comp.c (retrieve_options_from_file): Quote each string + in the list, not only the first. + +2004-02-26 Marcus Brinkmann + + * gpgconf-comp.c (gc_component_list_options): Do not print empty + groups. + + * gpgconf-comp.c (option_check_validity): Check if option is + active. + (change_options_file): Implement. + + * gpgconf-comp.c (retrieve_options_from_program): Remove broken + string handling. + + * gpgconf-comp.c (change_options_program): Support all types of + options, including list types. + + * README.gpgconf: Fix description of arguments. + * gpgconf-comp.c (option_check_validity): Rewritten to properly + support optional arguments in lists. + + * README.gpgconf: Add info about optional arg and arg type 0. + * gpgconf-comp.c (gc_component_change_options): Parse list of + arg type 0 options. + (option_check_validity): Add new argument NEW_VALUE_NR. Perform + rigorous validity checks. + (change_options_program): Disable an option also if we have a new + value for it. + +2004-02-25 Marcus Brinkmann + + * gpgconf-comp.c (gc_component_list_options): Correct output for + lists of arg type none. + (struct gc_option): Add new member new_flags. + (option_check_validity): Check OPTION->new_flags beside + OPTION->new_value. Add new argument FLAGS. + (gc_component_change_options): Support default flag correctly. + (change_options_program): Likewise. + +2004-02-24 Marcus Brinkmann + + * README.gpgconf: Revert last change. Add new flags "default", + "default desc" and "no arg desc". Add new field ARGDEF. Add new + field FLAG to backend interface. + * gpgconf-comp.c (struct gc_option): Make flags of type unsigned + long. + (gc_component_list_options): Adjust type for flags. + Add default argument field. + (retrieve_options_from_program): Use "1" as value for non-option + arguments, not "Y". + (gc_component_change_options): Read in flags from input. + +2004-02-23 Marcus Brinkmann + + * README.gpgconf: Change meaning of type 0 options value if it is + the empty string or "0". + + * gpgconf.h (struct): Add member runtime. + * gpgconf.c: Add new option oRuntime. + (main): Same here. + + * gpgconf-comp.c (hextobyte): New function. + (percent_deescape): New function. + (get_config_pathname): Percent deescape pathname if taken from + option (default) value. Use default value only if it exists and + is not empty. Use empty string otherwise. Don't include leading + quote in pathname. + (change_options_program): Percent deescape string before writing + it out. + + * gpgconf-comp.c (gc_component_list_options): Do not skip groups + on output. + +2004-02-18 Werner Koch + + * gpgconf-comp.c: Added empty components for gpgsm and scdaemon. + +2004-02-12 Werner Koch + + * watchgnupg.c (main): Implement option "--". + (print_version): New. + + * Makefile.am: Include cmacros.am for common flags. + +2004-02-03 Werner Koch + + * addgnupghome: Try to use getent, so that it also works for NIS + setups. + +2004-01-31 Marcus Brinkmann + + * gpgconf-comp.c: Some bug fixes, parse only defaults from the + program, and read the current values from the configuration file + directly. + +2004-01-30 Marcus Brinkmann + + * gpgconf-comp.c (gc_error): New function, use it instead of + error() throughout. + + * gpgconf-comp.c: Use xmalloc, libcommon's asctimestamp and + gnupg_get_time, fix error() invocation and use getline() + consistently. + +2004-01-30 Werner Koch + + * addgnupghome: Also set the group of copied files. + +2004-01-30 Werner Koch + + * Makefile.am (sbin_SCRIPTS): New, to install addgnupghome. + (EXTRA_DIST): Added rfc822parse.c rfc822parse.h gpgparsemail.c + which might be useful for debugging. + +2004-01-29 Werner Koch + + * addgnupghome: New. + +2004-01-29 Marcus Brinkmann + + * gpgconf-list.c: File removed. + * README.gpgconf: New file. + * gpgconf-comp.c: New file. + * Makefile.am (gpgconf_SOURCES): Remove gpgconf-list.c, add + gpgconf-comp.c. + +2004-01-16 Werner Koch + + * watchgnupg.c (main): Need to use FD_ISSET for the client + descriptors too; aiiih. Set the listening socket to non-blocking. + +2004-01-10 Werner Koch + + * Makefile.am: Use GPG_ERROR_CFLAGS + +2004-01-05 Werner Koch + + * Manifest: New. + * gpgconf.c, gpgconf.h, gpgconf-list.c: New. A skeleton for now. + * no-libgcrypt.c: New. + * Makefile.am: Add above. + +2003-12-23 Werner Koch + + * Makefile.am: New. + * watchgnupg.c: New. + + + Copyright 2003, 2004, 2005, 2006, 2007, 2008, + 2009, 2010, 2011 Free Software Foundation, Inc. + + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even the + implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +Local Variables: +buffer-read-only: t +End: diff --git a/tools/Makefile.am b/tools/Makefile.am index f3ac43b4b..9d842748a 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -20,7 +20,7 @@ EXTRA_DIST = \ Manifest watchgnupg.c \ addgnupghome applygnupgdefaults gpgsm-gencert.sh \ lspgpot mail-signed-keys convert-from-106 sockprox.c \ - ccidmon.c + ccidmon.c ChangeLog-2011 AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl -I$(top_srcdir)/common -- cgit v1.2.3