diff options
| author | Werner Koch <[email protected]> | 2006-11-05 15:08:58 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2006-11-05 15:08:58 +0000 |
| commit | 10d563da0879d9892e3bf44dc399273eb68e2343 (patch) | |
| tree | 9cec0b6724670532f55d7f1395ba2199cadb0e3b | |
| parent | Post release update (diff) | |
| download | gnupg-10d563da0879d9892e3bf44dc399273eb68e2343.tar.gz gnupg-10d563da0879d9892e3bf44dc399273eb68e2343.zip | |
Collected fixes.
| -rw-r--r-- | AUTHORS | 4 | ||||
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | common/ChangeLog | 5 | ||||
| -rw-r--r-- | common/Makefile.am | 2 | ||||
| -rw-r--r-- | configure.ac | 4 | ||||
| -rw-r--r-- | doc/ChangeLog | 4 | ||||
| -rw-r--r-- | doc/faq.raw | 6 | ||||
| -rw-r--r-- | g10/ChangeLog | 15 | ||||
| -rw-r--r-- | g10/encode.c | 21 | ||||
| -rw-r--r-- | g10/gpg.c | 1 | ||||
| -rw-r--r-- | g10/keydb.h | 2 | ||||
| -rw-r--r-- | g10/options.skel | 28 | ||||
| -rw-r--r-- | g10/pkclist.c | 80 | ||||
| -rw-r--r-- | tests/ChangeLog | 4 | ||||
| -rw-r--r-- | tests/asschk.c | 23 | ||||
| -rw-r--r-- | tools/ChangeLog | 5 | ||||
| -rw-r--r-- | tools/symcryptrun.c | 3 |
17 files changed, 158 insertions, 53 deletions
@@ -11,7 +11,7 @@ Ales Nyakhaychyk <[email protected]> Translations [be] Birger Langkjer <[email protected]> Translations [da] -Maxim Britov <[email protected]> Translations [ru] +Maxim Britov <[email protected]> Translations [ru] Daniel Resare <[email protected]> Translations [sv] Per Tunedal <[email protected]> Translations [sv] @@ -81,7 +81,7 @@ Nils Ellmenreich <nils 'at' infosun.fmi.uni-passau.de> Paul Eggert <[email protected]> (configuration macros for LFS) -Pavel I. Shajdo <[email protected]> Translations [ru] +Pavel I. Shajdo <[email protected]> Translations [ru] (man pages) Pedro Morais <[email protected]> Translations [pt_PT] @@ -1,3 +1,7 @@ +2006-11-03 Werner Koch <[email protected]> + + * configure.ac: Test for pty.h. From Gentoo. + 2006-10-24 Werner Koch <[email protected]> Released 1.9.94. diff --git a/common/ChangeLog b/common/ChangeLog index 770f22b36..25af94867 100644 --- a/common/ChangeLog +++ b/common/ChangeLog @@ -1,3 +1,8 @@ +2006-11-03 Werner Koch <[email protected]> + + * Makefile.am (t_convert_DEPENDENCIES): Add libcommon. From + Gentoo. + 2006-10-24 Marcus Brinkmann <[email protected]> * Makefile.am (libcommon_a_CFLAGS): Add $(LIBASSUAN_CFLAGS). diff --git a/common/Makefile.am b/common/Makefile.am index 14019b693..57056de3b 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -81,6 +81,6 @@ module_tests = t-convert t_common_ldadd = ../jnlib/libjnlib.a ../common/libcommon.a ../gl/libgnu.a \ $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) -t_convert_DEPENDENCIES = convert.c +t_convert_DEPENDENCIES = convert.c libcommon.a t_convert_LDADD = $(t_common_ldadd) diff --git a/configure.ac b/configure.ac index 67113e6ec..95b0f4ed4 100644 --- a/configure.ac +++ b/configure.ac @@ -876,7 +876,7 @@ fi # AC_HEADER_STDC AC_CHECK_HEADERS([string.h unistd.h langinfo.h termio.h locale.h getopt.h]) -AC_CHECK_HEADERS([pwd.h inttypes.h]) +AC_CHECK_HEADERS([pty.h pwd.h inttypes.h]) # @@ -1245,7 +1245,7 @@ if test "$have_libassuan" = "no"; then *** *** You need libassuan with Pth support to build this program. *** This library is for example available at -*** ftp://ftp.gnupg.org/gcrypt/alpha/libassuan/ +*** ftp://ftp.gnupg.org/gcrypt/libassuan/ *** (at least version $NEED_LIBASSUAN_VERSION (API $NEED_LIBASSUAN_API) is required). ***]]) fi diff --git a/doc/ChangeLog b/doc/ChangeLog index 85ac9c518..24399cd0c 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,7 @@ +2006-10-30 Werner Koch <[email protected]> + + * faq.raw: Minor corrections. + 2006-10-12 Werner Koch <[email protected]> * Makefile.am (man_MANS): Do not install gnupg.7 due to a conflict diff --git a/doc/faq.raw b/doc/faq.raw index cbab76b0c..4527760c8 100644 --- a/doc/faq.raw +++ b/doc/faq.raw @@ -583,7 +583,9 @@ you could search in the mailing list archive. GnuPG keeps several files in a special homedir directory. These include the options file, pubring.gpg, secring.gpg, trustdb.gpg, and others. GnuPG will always create and use these files. On unices, - the homedir is usually ~/.gnupg; on Windows "C:\gnupg\". + the homedir is usually ~/.gnupg; on Windows it is name "gnupg" and + found below the user's application directory. Run the gpg and + pass the option --version to see the name of that directory. If you want to put your keyrings somewhere else, use the option: @@ -978,7 +980,7 @@ you could search in the mailing list archive. You are most likely using GnuPG 1.0.2 or older on Windows. That's feature isn't yet implemented, but it's a bug not to say it. Newer - versions issue a warning. Upgrade to 1.0.4 or newer. + versions issue a warning. Upgrade to 1.4.5 or newer. <Q> I get "gpg: waiting for lock ..." diff --git a/g10/ChangeLog b/g10/ChangeLog index c6c1373aa..bf414fbd8 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,18 @@ +2006-11-05 Werner Koch <[email protected]> + + * gpg.c (main): Remove the default --require-cross-certification. + * options.skel: Enable require-cross-certification. + +2006-10-31 Werner Koch <[email protected]> + + * pkclist.c (warn_missing_aes_from_pklist): New. + * encode.c (encrypt_filter, encode_crypt): Use it here. + +2006-10-27 Werner Koch <[email protected]> + + * pkclist.c (warn_missing_mdc_from_pklist): New. + * encode.c (use_mdc): Use it here. + 2006-10-24 Marcus Brinkmann <[email protected]> * Makefile.am (AM_CFLAGS): Add $(LIBASSUAN_CFLAGS). diff --git a/g10/encode.c b/g10/encode.c index b5045ac15..f55f4732c 100644 --- a/g10/encode.c +++ b/g10/encode.c @@ -147,6 +147,9 @@ use_mdc(PK_LIST pk_list,int algo) if (gcry_cipher_get_algo_blklen (algo) != 8) return 1; + if (opt.verbose) + warn_missing_mdc_from_pklist (pk_list); + return 0; /* No MDC */ } @@ -521,6 +524,14 @@ encode_crypt( const char *filename, strlist_t remusr, int use_symkey ) compliance_failure(); } } + + /* In case 3DES has been selected, print a warning if + any key does not have a preference for AES. This + should help to indentify why encrypting to several + recipients falls back to 3DES. */ + if (opt.verbose + && cfx.dek->algo == CIPHER_ALGO_3DES) + warn_missing_aes_from_pklist (pk_list); } else { if(!opt.expert && @@ -533,7 +544,7 @@ encode_crypt( const char *filename, strlist_t remusr, int use_symkey ) cfx.dek->algo = opt.def_cipher_algo; } - + cfx.dek->use_mdc=use_mdc(pk_list,cfx.dek->algo); /* Only do the is-file-already-compressed check if we are using a @@ -716,6 +727,14 @@ encrypt_filter( void *opaque, int control, * happen if we do not have any public keys in the list */ efx->cfx.dek->algo = DEFAULT_CIPHER_ALGO; } + + /* In case 3DES has been selected, print a warning if + any key does not have a preference for AES. This + should help to indentify why encrypting to several + recipients falls back to 3DES. */ + if (opt.verbose + && efx->cfx.dek->algo == CIPHER_ALGO_3DES) + warn_missing_aes_from_pklist (efx->pk_list); } else { if(!opt.expert && @@ -1857,7 +1857,6 @@ main (int argc, char **argv ) opt.rfc2440_text=1; opt.def_sig_expire="0"; opt.def_cert_expire="0"; - opt.flags.require_cross_cert = 1; set_homedir ( default_homedir () ); /* Check whether we have a config file on the command line. */ diff --git a/g10/keydb.h b/g10/keydb.h index 30f91255f..5cf1dd2ac 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -188,6 +188,8 @@ int algo_available( preftype_t preftype, int algo, int select_algo_from_prefs( PK_LIST pk_list, int preftype, int request, const union pref_hint *hint); int select_mdc_from_pklist (PK_LIST pk_list); +void warn_missing_mdc_from_pklist (PK_LIST pk_list); +void warn_missing_aes_from_pklist (PK_LIST pk_list); /*-- skclist.c --*/ int random_is_faked (void); diff --git a/g10/options.skel b/g10/options.skel index 3d15f811c..117804813 100644 --- a/g10/options.skel +++ b/g10/options.skel @@ -53,6 +53,15 @@ #no-escape-from-lines +# When verifying a signature made from a subkey, ensure that the cross +# certification "back signature" on the subkey is present and valid. +# This protects against a subtle attack against subkeys that can sign. +# Defaults to --no-require-cross-certification. However for new +# installations it should be enabled. + +require-cross-certification + + # If you do not use the Latin-1 (ISO-8859-1) charset, you should tell # GnuPG which is the native character set. Please check the man page # for supported character sets. This character set is only used for @@ -191,22 +200,3 @@ keyserver hkp://subkeys.pgp.net # Use your MIME handler to view photos: # photo-viewer "metamail -q -d -b -c %T -s 'KeyID 0x%k' -f GnuPG" -# Passphrase agent -# -# We support the old experimental passphrase agent protocol as well as -# the new Assuan based one (currently available in the "newpg" package -# at ftp.gnupg.org/gcrypt/alpha/aegypten/). To make use of the agent, -# you have to run an agent as daemon and use the option -# -# use-agent -# -# which tries to use the agent but will fallback to the regular mode -# if there is a problem connecting to the agent. The normal way to -# locate the agent is by looking at the environment variable -# GPG_AGENT_INFO which should have been set during gpg-agent startup. -# In certain situations the use of this variable is not possible, thus -# the option -# -# --gpg-agent-info=<path>:<pid>:1 -# -# may be used to override it. diff --git a/g10/pkclist.c b/g10/pkclist.c index 354e27023..6588802ad 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -1328,9 +1328,10 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype, int request, } #if 0 - log_debug("pref mask=%08lX%08lX%08lX%08lX%08lX%08lX%08lX%08lX\n", + log_debug("pref mask=%08lX%08lX%08lX%08lX%08lX%08lX%08lX%08lX (%s)\n", (ulong)mask[7], (ulong)mask[6], (ulong)mask[5], (ulong)mask[4], - (ulong)mask[3], (ulong)mask[2], (ulong)mask[1], (ulong)mask[0]); + (ulong)mask[3], (ulong)mask[2], (ulong)mask[1], (ulong)mask[0], + keystr_from_pk (pkr->pk)); #endif for(i=0; i < 8; i++ ) bits[i] &= mask[i]; @@ -1423,26 +1424,73 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype, int request, } /* - * Select the MDC flag from the pk_list. We can only use MDC if all recipients - * support this feature + * Select the MDC flag from the pk_list. We can only use MDC if all + * recipients support this feature. */ int select_mdc_from_pklist (PK_LIST pk_list) { - PK_LIST pkr; + PK_LIST pkr; - if( !pk_list ) - return 0; + if ( !pk_list ) + return 0; + + for (pkr = pk_list; pkr; pkr = pkr->next) + { + int mdc; + + if (pkr->pk->user_id) /* selected by user ID */ + mdc = pkr->pk->user_id->flags.mdc; + else + mdc = pkr->pk->mdc_feature; + if (!mdc) + return 0; /* At least one recipient does not support it. */ + } + return 1; /* Can be used. */ +} - for (pkr = pk_list; pkr; pkr = pkr->next) { - int mdc; - if (pkr->pk->user_id) /* selected by user ID */ - mdc = pkr->pk->user_id->flags.mdc; - else - mdc = pkr->pk->mdc_feature; - if (!mdc) - return 0; /* at least one recipient does not support it */ +/* Print a warning for all keys in PK_LIST missing the MDC feature. */ +void +warn_missing_mdc_from_pklist (PK_LIST pk_list) +{ + PK_LIST pkr; + + for (pkr = pk_list; pkr; pkr = pkr->next) + { + int mdc; + + if (pkr->pk->user_id) /* selected by user ID */ + mdc = pkr->pk->user_id->flags.mdc; + else + mdc = pkr->pk->mdc_feature; + if (!mdc) + log_info (_("Note: key %s has no %s feature\n"), + keystr_from_pk (pkr->pk), "MDC"); + } +} + +void +warn_missing_aes_from_pklist (PK_LIST pk_list) +{ + PK_LIST pkr; + + for (pkr = pk_list; pkr; pkr = pkr->next) + { + const prefitem_t *prefs; + int i; + int gotit = 0; + + prefs = pkr->pk->user_id? pkr->pk->user_id->prefs : pkr->pk->prefs; + if (prefs) + { + for (i=0; !gotit && prefs[i].type; i++ ) + if (prefs[i].type == PREFTYPE_SYM + && prefs[i].value == CIPHER_ALGO_AES) + gotit++; + } + if (!gotit) + log_info (_("Note: key %s has no preference for %s\n"), + keystr_from_pk (pkr->pk), "AES"); } - return 1; /* can be used */ } diff --git a/tests/ChangeLog b/tests/ChangeLog index e7e7c7f4b..e58eef1d3 100644 --- a/tests/ChangeLog +++ b/tests/ChangeLog @@ -1,3 +1,7 @@ +2006-11-05 Werner Koch <[email protected]> + + * asschk.c (read_assuan): Minor cleanups. + 2006-09-06 Marcus Brinkmann <[email protected]> * Makefile.am (openpgp): New variable. diff --git a/tests/asschk.c b/tests/asschk.c index 40b95ba7d..344deca49 100644 --- a/tests/asschk.c +++ b/tests/asschk.c @@ -273,10 +273,12 @@ writen (int fd, const char *buffer, size_t length) type and store that in recv_type. The function terminates on a communication error. Returns a pointer into the inputline to the first byte of the arguments. The parsing is very strict to match - excalty what we want to send. */ + exaclty what we want to send. */ static char * read_assuan (int fd) { + /* FIXME: For general robustness, the pending stuff needs to be + associated with FD. */ static char pending[MAX_LINELEN]; static size_t pending_len; size_t nleft = sizeof recv_line; @@ -296,11 +298,18 @@ read_assuan (int fd) pending_len = 0; } else - n = read (fd, buf, nleft); - - if (opt_verbose) + { + do + { + n = read (fd, buf, nleft); + } + while (n < 0 && errno == EINTR); + } + + if (opt_verbose && n >= 0 ) { int i; + printf ("%s: read \"", __FUNCTION__); for (i = 0; i < n; i ++) putc (buf[i], stdout); @@ -308,11 +317,7 @@ read_assuan (int fd) } if (n < 0) - { - if (errno == EINTR) - continue; - die ("reading fd %d failed: %s", fd, strerror (errno)); - } + die ("reading fd %d failed: %s", fd, strerror (errno)); else if (!n) die ("received incomplete line on fd %d", fd); p = buf; diff --git a/tools/ChangeLog b/tools/ChangeLog index c29689bde..435c39799 100644 --- a/tools/ChangeLog +++ b/tools/ChangeLog @@ -1,3 +1,8 @@ +2006-11-03 Werner Koch <[email protected]> + + * symcryptrun.c: Include signal.h and include pth.h only if test + asserts that it exists. + 2006-10-23 Werner Koch <[email protected]> * gpgconf-comp.c <gpgsm>: Add --cipher-algo. diff --git a/tools/symcryptrun.c b/tools/symcryptrun.c index 406cbb2a2..68302d39d 100644 --- a/tools/symcryptrun.c +++ b/tools/symcryptrun.c @@ -69,10 +69,13 @@ #include <string.h> #include <errno.h> #include <assert.h> +#include <signal.h> #include <sys/stat.h> #include <sys/types.h> #include <sys/wait.h> +#ifdef HAVE_PTY_H #include <pty.h> +#endif #include <utmp.h> #include <ctype.h> #ifdef HAVE_LOCALE_H |