diff options
| author | David Shaw <[email protected]> | 2003-03-04 15:24:12 +0000 |
|---|---|---|
| committer | David Shaw <[email protected]> | 2003-03-04 15:24:12 +0000 |
| commit | 909f6a0637b7111c294e5f6f37e4c3a0561bcd99 (patch) | |
| tree | e1a4f448faaaee207c03d8813a15035c0e1c7f8b | |
| parent | * keyserver.c (keyserver_spawn): Include various pieces of information (diff) | |
| download | gnupg-909f6a0637b7111c294e5f6f37e4c3a0561bcd99.tar.gz gnupg-909f6a0637b7111c294e5f6f37e4c3a0561bcd99.zip | |
* trustdb.c (validate_keys): Mask the ownertrust when building the list of
fully valid keys so that disabled keys are still counted in the web of
trust. (get_ownertrust_with_min): Do the same for the minimum ownertrust
calculation.
* parse-packet.c (dump_sig_subpkt): Show the notation names for
not-human-readable notations. Fix cosmetic off-by-one length counter.
* options.skel: Add explantion and commented-out
"no-mangle-dos-filenames".
* mainproc.c (proc_encrypted): Make string translatable.
* keyserver.c (keyserver_spawn): Quote ':', '%', and any 8-bit characters
in the uid strings sent to the keyserver helper.
* keyring.c (keyring_rebuild_cache): Lock the keyring while rebuilding the
signature caches to prevent another gpg from tampering with the temporary
copy.
* keygen.c (keygen_set_std_prefs): Include AES192 and AES256 in default
prefs.
* keyedit.c (show_prefs): Make strings translatable.
* keydb.c: Double the maximum number of keyrings to 40.
* gpgv.c (main): Fix bug #113 - gpgv should accept the
--ignore-time-conflict option.
* g10.c (main): --openpgp disables --pgpX. Double the amount of secure
memory to 32k (keys are getting bigger these days).
* Makefile.am: Makefile.am: Use @CAPLIBS@ to link in -lcap if we are using
capabilities.
Diffstat (limited to '')
| -rw-r--r-- | g10/ChangeLog | 40 | ||||
| -rw-r--r-- | g10/Makefile.am | 2 | ||||
| -rw-r--r-- | g10/g10.c | 6 | ||||
| -rw-r--r-- | g10/gpgv.c | 1 | ||||
| -rw-r--r-- | g10/keydb.c | 2 | ||||
| -rw-r--r-- | g10/keyedit.c | 14 | ||||
| -rw-r--r-- | g10/keygen.c | 2 | ||||
| -rw-r--r-- | g10/keyring.c | 5 | ||||
| -rw-r--r-- | g10/keyserver.c | 18 | ||||
| -rw-r--r-- | g10/mainproc.c | 2 | ||||
| -rw-r--r-- | g10/options.skel | 19 | ||||
| -rw-r--r-- | g10/parse-packet.c | 12 | ||||
| -rw-r--r-- | g10/trustdb.c | 6 |
13 files changed, 103 insertions, 26 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 3f91ee5df..4b6ea0c8d 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,43 @@ +2003-03-04 David Shaw <[email protected]> + + * trustdb.c (validate_keys): Mask the ownertrust when building the + list of fully valid keys so that disabled keys are still counted + in the web of trust. + (get_ownertrust_with_min): Do the same for the minimum ownertrust + calculation. + + * parse-packet.c (dump_sig_subpkt): Show the notation names for + not-human-readable notations. Fix cosmetic off-by-one length + counter. + + * options.skel: Add explantion and commented-out + "no-mangle-dos-filenames". + + * mainproc.c (proc_encrypted): Make string translatable. + + * keyserver.c (keyserver_spawn): Quote ':', '%', and any 8-bit + characters in the uid strings sent to the keyserver helper. + + * keyring.c (keyring_rebuild_cache): Lock the keyring while + rebuilding the signature caches to prevent another gpg from + tampering with the temporary copy. + + * keygen.c (keygen_set_std_prefs): Include AES192 and AES256 in + default prefs. + + * keyedit.c (show_prefs): Make strings translatable. + + * keydb.c: Double the maximum number of keyrings to 40. + + * gpgv.c (main): Fix bug #113 - gpgv should accept the + --ignore-time-conflict option. + + * g10.c (main): --openpgp disables --pgpX. Double the amount of + secure memory to 32k (keys are getting bigger these days). + + * Makefile.am: Makefile.am: Use @CAPLIBS@ to link in -lcap if we + are using capabilities. + 2003-02-26 David Shaw <[email protected]> * keyserver.c (keyserver_spawn): Include various pieces of diff --git a/g10/Makefile.am b/g10/Makefile.am index 83349d411..a70a83734 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -25,7 +25,7 @@ EXTRA_DIST = options.skel LDFLAGS = @LDFLAGS@ libexecdir = @libexecdir@/@PACKAGE@ CFLAGS = @CFLAGS@ -DGNUPG_LIBEXECDIR="\"$(libexecdir)\"" -needed_libs = ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a +needed_libs = ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a @CAPLIBS@ #noinst_PROGRAMS = gpgd bin_PROGRAMS = gpg gpgv @@ -1240,7 +1240,7 @@ main( int argc, char **argv ) } #endif /* initialize the secure memory. */ - secmem_init( 16384 ); + secmem_init( 32768 ); maybe_setuid = 0; /* Okay, we are now working under our real uid */ @@ -1538,6 +1538,10 @@ main( int argc, char **argv ) opt.s2k_mode = 3; /* iterated+salted */ opt.s2k_digest_algo = DIGEST_ALGO_SHA1; opt.s2k_cipher_algo = CIPHER_ALGO_3DES; + opt.pgp2 = 0; + opt.pgp6 = 0; + opt.pgp7 = 0; + opt.pgp8 = 0; break; case oPGP2: opt.pgp2 = 1; break; case oNoPGP2: opt.pgp2 = 0; break; diff --git a/g10/gpgv.c b/g10/gpgv.c index 8e22d50e3..eba6f8dd0 100644 --- a/g10/gpgv.c +++ b/g10/gpgv.c @@ -179,6 +179,7 @@ main( int argc, char **argv ) case oStatusFD: set_status_fd( pargs.r.ret_int ); break; case oLoggerFD: log_set_logfile( NULL, pargs.r.ret_int ); break; case oHomedir: opt.homedir = pargs.r.ret_str; break; + case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break; default : pargs.err = 2; break; } } diff --git a/g10/keydb.c b/g10/keydb.c index 19b5c1ab8..520770542 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -42,7 +42,7 @@ typedef enum { KEYDB_RESOURCE_TYPE_NONE = 0, KEYDB_RESOURCE_TYPE_KEYRING } KeydbResourceType; -#define MAX_KEYDB_RESOURCES 20 +#define MAX_KEYDB_RESOURCES 40 struct resource_item { KeydbResourceType type; diff --git a/g10/keyedit.c b/g10/keyedit.c index e34ee3aaa..671031466 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -1624,7 +1624,8 @@ show_prefs (PKT_user_id *uid, int verbose) if (verbose) { int any, des_seen=0, sha1_seen=0, uncomp_seen=0; - tty_printf (" Cipher: "); + tty_printf (" "); + tty_printf (_("Cipher: ")); for(i=any=0; prefs[i].type; i++ ) { if( prefs[i].type == PREFTYPE_SYM ) { const char *s = cipher_algo_to_string (prefs[i].value); @@ -1646,7 +1647,8 @@ show_prefs (PKT_user_id *uid, int verbose) tty_printf (", "); tty_printf ("%s",cipher_algo_to_string(CIPHER_ALGO_3DES)); } - tty_printf ("\n Hash: "); + tty_printf ("\n "); + tty_printf (_("Digest: ")); for(i=any=0; prefs[i].type; i++ ) { if( prefs[i].type == PREFTYPE_HASH ) { const char *s = digest_algo_to_string (prefs[i].value); @@ -1668,7 +1670,8 @@ show_prefs (PKT_user_id *uid, int verbose) tty_printf (", "); tty_printf ("%s",digest_algo_to_string(DIGEST_ALGO_SHA1)); } - tty_printf ("\n Compression: "); + tty_printf ("\n "); + tty_printf (_("Compression: ")); for(i=any=0; prefs[i].type; i++ ) { if( prefs[i].type == PREFTYPE_ZIP ) { const char *s=compress_algo_to_string(prefs[i].value); @@ -1696,7 +1699,8 @@ show_prefs (PKT_user_id *uid, int verbose) } if(uid->mdc_feature || !uid->ks_modify) { - tty_printf ("\n Features: "); + tty_printf ("\n "); + tty_printf (_("Features: ")); any=0; if(uid->mdc_feature) { @@ -1707,7 +1711,7 @@ show_prefs (PKT_user_id *uid, int verbose) { if(any) tty_printf (", "); - tty_printf ("Keyserver no-modify"); + tty_printf (_("Keyserver no-modify")); } } tty_printf("\n"); diff --git a/g10/keygen.c b/g10/keygen.c index 039f77060..3e5bc4fcd 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -213,7 +213,7 @@ set_one_pref (int val, int type, const char *item, byte *buf, int *nbuf) } #ifdef USE_AES -#define AES "S7 " +#define AES "S9 S8 S7 " #else #define AES "" #endif diff --git a/g10/keyring.c b/g10/keyring.c index 898136b05..f8b6e1520 100644 --- a/g10/keyring.c +++ b/g10/keyring.c @@ -1326,6 +1326,10 @@ keyring_rebuild_cache (void *token) memset (&desc, 0, sizeof desc); desc.mode = KEYDB_SEARCH_MODE_FIRST; + rc=keyring_lock (hd, 1); + if(rc) + goto leave; + while ( !(rc = keyring_search (hd, &desc, 1, NULL)) ) { desc.mode = KEYDB_SEARCH_MODE_NEXT; @@ -1420,6 +1424,7 @@ keyring_rebuild_cache (void *token) m_free (tmpfilename); m_free (bakfilename); release_kbnode (keyblock); + keyring_lock (hd, 0); keyring_release (hd); return rc; } diff --git a/g10/keyserver.c b/g10/keyserver.c index b153bc49a..4947293d8 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -862,12 +862,26 @@ keyserver_spawn(int action,STRLIST list, case PKT_USER_ID: { PKT_user_id *uid=node->pkt->pkt.user_id; + int r; if(uid->attrib_data) continue; - fprintf(spawn->tochild,"uid:%s:%u:%u:", - uid->name,uid->created,uid->expiredate); + fprintf(spawn->tochild,"uid:"); + + /* Quote ':', '%', and any 8-bit + characters */ + for(r=0;r<uid->len;r++) + { + if(uid->name[r]==':' || uid->name[r]=='%' + || uid->name[r]&0x80) + fprintf(spawn->tochild,"%%%02X",uid->name[r]); + else + fprintf(spawn->tochild,"%c",uid->name[r]); + } + + fprintf(spawn->tochild,":%u:%u:", + uid->created,uid->expiredate); if(uid->is_revoked) fprintf(spawn->tochild,"r"); diff --git a/g10/mainproc.c b/g10/mainproc.c index c7da91b64..978ee9de8 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -505,7 +505,7 @@ proc_encrypted( CTX c, PACKET *pkt ) if( pkt->pkt.encrypted->mdc_method && !result ) write_status( STATUS_GOODMDC ); else if(!opt.no_mdc_warn) - log_info ("WARNING: message was not integrity protected\n"); + log_info (_("WARNING: message was not integrity protected\n")); } else if( result == G10ERR_BAD_SIGN ) { log_error(_("WARNING: encrypted message has been manipulated!\n")); diff --git a/g10/options.skel b/g10/options.skel index f2811d850..e50f66ffe 100644 --- a/g10/options.skel +++ b/g10/options.skel @@ -56,7 +56,7 @@ # If you do not use the Latin-1 (ISO-8859-1) charset, you should tell # GnuPG which is the native character set. Please check the man page # for supported character sets. This character set is only used for -# Meta data and not for the actual message which does not undergo any +# metadata and not for the actual message which does not undergo any # translation. Note that future version of GnuPG will change to UTF-8 # as default character set. @@ -74,6 +74,11 @@ #group mynames = paige 0x12345678 joe patti +# Some old Windows platforms require 8.3 filenames. If your system +# can handle long filenames, uncomment this. + +#no-mangle-dos-filenames + # Lock the file only once for the lifetime of a process. If you do # not define this, the lock will be obtained and released every time # it is needed - normally this is not needed. @@ -168,7 +173,8 @@ # generating and then cleaning up a secure temp file. # # The default program is "xloadimage -fork -quiet -title 'KeyID 0x%k' stdin" -# On Mac OS X and Windows, the default is to use your regular image viewer. +# On Mac OS X and Windows, the default is to use your regular JPEG image +# viewer. # # Some other viewers: # photo-viewer "qiv %i" @@ -181,13 +187,12 @@ # Use your MIME handler to view photos: # photo-viewer "metamail -q -d -b -c %T -s 'KeyID 0x%k' -f GnuPG" - # Passphrase agent # -# We support the old experimental passphrase agent protocol as well -# as the new Assuan based one (currently available in the "newpg" package -# at ftp.gnupg.org/gcrypt/alpha/aegypten/). To make use of the agent, you have -# to run an agent as daemon and use the option +# We support the old experimental passphrase agent protocol as well as +# the new Assuan based one (currently available in the "newpg" package +# at ftp.gnupg.org/gcrypt/alpha/aegypten/). To make use of the agent, +# you have to run an agent as daemon and use the option # # use-agent # diff --git a/g10/parse-packet.c b/g10/parse-packet.c index d270ece7d..7e390ae55 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -752,12 +752,12 @@ dump_sig_subpkt( int hashed, int type, int critical, type, (unsigned)length ); } + buffer++; + length--; printf("\t%s%ssubpkt %d len %u (", /*)*/ critical ? "critical ":"", hashed ? "hashed ":"", type, (unsigned)length ); - buffer++; - length--; if( length > buflen ) { printf("too short: buffer is only %u)\n", (unsigned)buflen ); return; @@ -823,8 +823,6 @@ dump_sig_subpkt( int hashed, int type, int critical, fputs("notation: ", stdout ); if( length < 8 ) p = "[too short]"; - else if( !(*buffer & 0x80) ) - p = "[not human readable]"; else { const byte *s = buffer; size_t n1, n2; @@ -837,7 +835,11 @@ dump_sig_subpkt( int hashed, int type, int critical, else { print_string( stdout, s, n1, ')' ); putc( '=', stdout ); - print_string( stdout, s+n1, n2, ')' ); + + if( *buffer & 0x80 ) + print_string( stdout, s+n1, n2, ')' ); + else + p = "[not human readable]"; } } } diff --git a/g10/trustdb.c b/g10/trustdb.c index 7f38bbc86..3dc2ded07 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -638,7 +638,7 @@ get_ownertrust_with_min (PKT_public_key *pk) { unsigned int otrust,otrust_min; - otrust = get_ownertrust (pk); + otrust = (get_ownertrust (pk) & TRUST_MASK); otrust_min = get_min_ownertrust (pk); if(otrust<otrust_min) { @@ -2004,7 +2004,8 @@ validate_keys (int interactive) k->kid[0]=kid[0]; k->kid[1]=kid[1]; k->ownertrust = - get_ownertrust (kar->keyblock->pkt->pkt.public_key); + (get_ownertrust (kar->keyblock->pkt->pkt.public_key) + & TRUST_MASK); k->min_ownertrust = get_min_ownertrust(kar->keyblock->pkt->pkt.public_key); k->trust_depth= @@ -2056,5 +2057,6 @@ validate_keys (int interactive) do_sync (); pending_check_trustdb = 0; } + return rc; } |