aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--AUTHORS4
-rw-r--r--ChangeLog4
-rw-r--r--common/ChangeLog5
-rw-r--r--common/Makefile.am2
-rw-r--r--configure.ac4
-rw-r--r--doc/ChangeLog4
-rw-r--r--doc/faq.raw6
-rw-r--r--g10/ChangeLog15
-rw-r--r--g10/encode.c21
-rw-r--r--g10/gpg.c1
-rw-r--r--g10/keydb.h2
-rw-r--r--g10/options.skel28
-rw-r--r--g10/pkclist.c80
-rw-r--r--tests/ChangeLog4
-rw-r--r--tests/asschk.c23
-rw-r--r--tools/ChangeLog5
-rw-r--r--tools/symcryptrun.c3
17 files changed, 158 insertions, 53 deletions
diff --git a/AUTHORS b/AUTHORS
index 93f6ed4e6..1b86181f6 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -11,7 +11,7 @@ Ales Nyakhaychyk <[email protected]> Translations [be]
Birger Langkjer <[email protected]> Translations [da]
-Maxim Britov <[email protected]> Translations [ru]
+Maxim Britov <[email protected]> Translations [ru]
Daniel Resare <[email protected]> Translations [sv]
Per Tunedal <[email protected]> Translations [sv]
@@ -81,7 +81,7 @@ Nils Ellmenreich <nils 'at' infosun.fmi.uni-passau.de>
Paul Eggert <[email protected]>
(configuration macros for LFS)
-Pavel I. Shajdo <[email protected]> Translations [ru]
+Pavel I. Shajdo <[email protected]> Translations [ru]
(man pages)
Pedro Morais <[email protected]> Translations [pt_PT]
diff --git a/ChangeLog b/ChangeLog
index aadf85268..233c2000e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2006-11-03 Werner Koch <[email protected]>
+
+ * configure.ac: Test for pty.h. From Gentoo.
+
2006-10-24 Werner Koch <[email protected]>
Released 1.9.94.
diff --git a/common/ChangeLog b/common/ChangeLog
index 770f22b36..25af94867 100644
--- a/common/ChangeLog
+++ b/common/ChangeLog
@@ -1,3 +1,8 @@
+2006-11-03 Werner Koch <[email protected]>
+
+ * Makefile.am (t_convert_DEPENDENCIES): Add libcommon. From
+ Gentoo.
+
2006-10-24 Marcus Brinkmann <[email protected]>
* Makefile.am (libcommon_a_CFLAGS): Add $(LIBASSUAN_CFLAGS).
diff --git a/common/Makefile.am b/common/Makefile.am
index 14019b693..57056de3b 100644
--- a/common/Makefile.am
+++ b/common/Makefile.am
@@ -81,6 +81,6 @@ module_tests = t-convert
t_common_ldadd = ../jnlib/libjnlib.a ../common/libcommon.a ../gl/libgnu.a \
$(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS)
-t_convert_DEPENDENCIES = convert.c
+t_convert_DEPENDENCIES = convert.c libcommon.a
t_convert_LDADD = $(t_common_ldadd)
diff --git a/configure.ac b/configure.ac
index 67113e6ec..95b0f4ed4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -876,7 +876,7 @@ fi
#
AC_HEADER_STDC
AC_CHECK_HEADERS([string.h unistd.h langinfo.h termio.h locale.h getopt.h])
-AC_CHECK_HEADERS([pwd.h inttypes.h])
+AC_CHECK_HEADERS([pty.h pwd.h inttypes.h])
#
@@ -1245,7 +1245,7 @@ if test "$have_libassuan" = "no"; then
***
*** You need libassuan with Pth support to build this program.
*** This library is for example available at
-*** ftp://ftp.gnupg.org/gcrypt/alpha/libassuan/
+*** ftp://ftp.gnupg.org/gcrypt/libassuan/
*** (at least version $NEED_LIBASSUAN_VERSION (API $NEED_LIBASSUAN_API) is required).
***]])
fi
diff --git a/doc/ChangeLog b/doc/ChangeLog
index 85ac9c518..24399cd0c 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,3 +1,7 @@
+2006-10-30 Werner Koch <[email protected]>
+
+ * faq.raw: Minor corrections.
+
2006-10-12 Werner Koch <[email protected]>
* Makefile.am (man_MANS): Do not install gnupg.7 due to a conflict
diff --git a/doc/faq.raw b/doc/faq.raw
index cbab76b0c..4527760c8 100644
--- a/doc/faq.raw
+++ b/doc/faq.raw
@@ -583,7 +583,9 @@ you could search in the mailing list archive.
GnuPG keeps several files in a special homedir directory. These
include the options file, pubring.gpg, secring.gpg, trustdb.gpg,
and others. GnuPG will always create and use these files. On unices,
- the homedir is usually ~/.gnupg; on Windows "C:\gnupg\".
+ the homedir is usually ~/.gnupg; on Windows it is name "gnupg" and
+ found below the user's application directory. Run the gpg and
+ pass the option --version to see the name of that directory.
If you want to put your keyrings somewhere else, use the option:
@@ -978,7 +980,7 @@ you could search in the mailing list archive.
You are most likely using GnuPG 1.0.2 or older on Windows. That's
feature isn't yet implemented, but it's a bug not to say it. Newer
- versions issue a warning. Upgrade to 1.0.4 or newer.
+ versions issue a warning. Upgrade to 1.4.5 or newer.
<Q> I get "gpg: waiting for lock ..."
diff --git a/g10/ChangeLog b/g10/ChangeLog
index c6c1373aa..bf414fbd8 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,18 @@
+2006-11-05 Werner Koch <[email protected]>
+
+ * gpg.c (main): Remove the default --require-cross-certification.
+ * options.skel: Enable require-cross-certification.
+
+2006-10-31 Werner Koch <[email protected]>
+
+ * pkclist.c (warn_missing_aes_from_pklist): New.
+ * encode.c (encrypt_filter, encode_crypt): Use it here.
+
+2006-10-27 Werner Koch <[email protected]>
+
+ * pkclist.c (warn_missing_mdc_from_pklist): New.
+ * encode.c (use_mdc): Use it here.
+
2006-10-24 Marcus Brinkmann <[email protected]>
* Makefile.am (AM_CFLAGS): Add $(LIBASSUAN_CFLAGS).
diff --git a/g10/encode.c b/g10/encode.c
index b5045ac15..f55f4732c 100644
--- a/g10/encode.c
+++ b/g10/encode.c
@@ -147,6 +147,9 @@ use_mdc(PK_LIST pk_list,int algo)
if (gcry_cipher_get_algo_blklen (algo) != 8)
return 1;
+ if (opt.verbose)
+ warn_missing_mdc_from_pklist (pk_list);
+
return 0; /* No MDC */
}
@@ -521,6 +524,14 @@ encode_crypt( const char *filename, strlist_t remusr, int use_symkey )
compliance_failure();
}
}
+
+ /* In case 3DES has been selected, print a warning if
+ any key does not have a preference for AES. This
+ should help to indentify why encrypting to several
+ recipients falls back to 3DES. */
+ if (opt.verbose
+ && cfx.dek->algo == CIPHER_ALGO_3DES)
+ warn_missing_aes_from_pklist (pk_list);
}
else {
if(!opt.expert &&
@@ -533,7 +544,7 @@ encode_crypt( const char *filename, strlist_t remusr, int use_symkey )
cfx.dek->algo = opt.def_cipher_algo;
}
-
+
cfx.dek->use_mdc=use_mdc(pk_list,cfx.dek->algo);
/* Only do the is-file-already-compressed check if we are using a
@@ -716,6 +727,14 @@ encrypt_filter( void *opaque, int control,
* happen if we do not have any public keys in the list */
efx->cfx.dek->algo = DEFAULT_CIPHER_ALGO;
}
+
+ /* In case 3DES has been selected, print a warning if
+ any key does not have a preference for AES. This
+ should help to indentify why encrypting to several
+ recipients falls back to 3DES. */
+ if (opt.verbose
+ && efx->cfx.dek->algo == CIPHER_ALGO_3DES)
+ warn_missing_aes_from_pklist (efx->pk_list);
}
else {
if(!opt.expert &&
diff --git a/g10/gpg.c b/g10/gpg.c
index 624816cde..391943ec6 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -1857,7 +1857,6 @@ main (int argc, char **argv )
opt.rfc2440_text=1;
opt.def_sig_expire="0";
opt.def_cert_expire="0";
- opt.flags.require_cross_cert = 1;
set_homedir ( default_homedir () );
/* Check whether we have a config file on the command line. */
diff --git a/g10/keydb.h b/g10/keydb.h
index 30f91255f..5cf1dd2ac 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -188,6 +188,8 @@ int algo_available( preftype_t preftype, int algo,
int select_algo_from_prefs( PK_LIST pk_list, int preftype,
int request, const union pref_hint *hint);
int select_mdc_from_pklist (PK_LIST pk_list);
+void warn_missing_mdc_from_pklist (PK_LIST pk_list);
+void warn_missing_aes_from_pklist (PK_LIST pk_list);
/*-- skclist.c --*/
int random_is_faked (void);
diff --git a/g10/options.skel b/g10/options.skel
index 3d15f811c..117804813 100644
--- a/g10/options.skel
+++ b/g10/options.skel
@@ -53,6 +53,15 @@
#no-escape-from-lines
+# When verifying a signature made from a subkey, ensure that the cross
+# certification "back signature" on the subkey is present and valid.
+# This protects against a subtle attack against subkeys that can sign.
+# Defaults to --no-require-cross-certification. However for new
+# installations it should be enabled.
+
+require-cross-certification
+
+
# If you do not use the Latin-1 (ISO-8859-1) charset, you should tell
# GnuPG which is the native character set. Please check the man page
# for supported character sets. This character set is only used for
@@ -191,22 +200,3 @@ keyserver hkp://subkeys.pgp.net
# Use your MIME handler to view photos:
# photo-viewer "metamail -q -d -b -c %T -s 'KeyID 0x%k' -f GnuPG"
-# Passphrase agent
-#
-# We support the old experimental passphrase agent protocol as well as
-# the new Assuan based one (currently available in the "newpg" package
-# at ftp.gnupg.org/gcrypt/alpha/aegypten/). To make use of the agent,
-# you have to run an agent as daemon and use the option
-#
-# use-agent
-#
-# which tries to use the agent but will fallback to the regular mode
-# if there is a problem connecting to the agent. The normal way to
-# locate the agent is by looking at the environment variable
-# GPG_AGENT_INFO which should have been set during gpg-agent startup.
-# In certain situations the use of this variable is not possible, thus
-# the option
-#
-# --gpg-agent-info=<path>:<pid>:1
-#
-# may be used to override it.
diff --git a/g10/pkclist.c b/g10/pkclist.c
index 354e27023..6588802ad 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -1328,9 +1328,10 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype, int request,
}
#if 0
- log_debug("pref mask=%08lX%08lX%08lX%08lX%08lX%08lX%08lX%08lX\n",
+ log_debug("pref mask=%08lX%08lX%08lX%08lX%08lX%08lX%08lX%08lX (%s)\n",
(ulong)mask[7], (ulong)mask[6], (ulong)mask[5], (ulong)mask[4],
- (ulong)mask[3], (ulong)mask[2], (ulong)mask[1], (ulong)mask[0]);
+ (ulong)mask[3], (ulong)mask[2], (ulong)mask[1], (ulong)mask[0],
+ keystr_from_pk (pkr->pk));
#endif
for(i=0; i < 8; i++ )
bits[i] &= mask[i];
@@ -1423,26 +1424,73 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype, int request,
}
/*
- * Select the MDC flag from the pk_list. We can only use MDC if all recipients
- * support this feature
+ * Select the MDC flag from the pk_list. We can only use MDC if all
+ * recipients support this feature.
*/
int
select_mdc_from_pklist (PK_LIST pk_list)
{
- PK_LIST pkr;
+ PK_LIST pkr;
- if( !pk_list )
- return 0;
+ if ( !pk_list )
+ return 0;
+
+ for (pkr = pk_list; pkr; pkr = pkr->next)
+ {
+ int mdc;
+
+ if (pkr->pk->user_id) /* selected by user ID */
+ mdc = pkr->pk->user_id->flags.mdc;
+ else
+ mdc = pkr->pk->mdc_feature;
+ if (!mdc)
+ return 0; /* At least one recipient does not support it. */
+ }
+ return 1; /* Can be used. */
+}
- for (pkr = pk_list; pkr; pkr = pkr->next) {
- int mdc;
- if (pkr->pk->user_id) /* selected by user ID */
- mdc = pkr->pk->user_id->flags.mdc;
- else
- mdc = pkr->pk->mdc_feature;
- if (!mdc)
- return 0; /* at least one recipient does not support it */
+/* Print a warning for all keys in PK_LIST missing the MDC feature. */
+void
+warn_missing_mdc_from_pklist (PK_LIST pk_list)
+{
+ PK_LIST pkr;
+
+ for (pkr = pk_list; pkr; pkr = pkr->next)
+ {
+ int mdc;
+
+ if (pkr->pk->user_id) /* selected by user ID */
+ mdc = pkr->pk->user_id->flags.mdc;
+ else
+ mdc = pkr->pk->mdc_feature;
+ if (!mdc)
+ log_info (_("Note: key %s has no %s feature\n"),
+ keystr_from_pk (pkr->pk), "MDC");
+ }
+}
+
+void
+warn_missing_aes_from_pklist (PK_LIST pk_list)
+{
+ PK_LIST pkr;
+
+ for (pkr = pk_list; pkr; pkr = pkr->next)
+ {
+ const prefitem_t *prefs;
+ int i;
+ int gotit = 0;
+
+ prefs = pkr->pk->user_id? pkr->pk->user_id->prefs : pkr->pk->prefs;
+ if (prefs)
+ {
+ for (i=0; !gotit && prefs[i].type; i++ )
+ if (prefs[i].type == PREFTYPE_SYM
+ && prefs[i].value == CIPHER_ALGO_AES)
+ gotit++;
+ }
+ if (!gotit)
+ log_info (_("Note: key %s has no preference for %s\n"),
+ keystr_from_pk (pkr->pk), "AES");
}
- return 1; /* can be used */
}
diff --git a/tests/ChangeLog b/tests/ChangeLog
index e7e7c7f4b..e58eef1d3 100644
--- a/tests/ChangeLog
+++ b/tests/ChangeLog
@@ -1,3 +1,7 @@
+2006-11-05 Werner Koch <[email protected]>
+
+ * asschk.c (read_assuan): Minor cleanups.
+
2006-09-06 Marcus Brinkmann <[email protected]>
* Makefile.am (openpgp): New variable.
diff --git a/tests/asschk.c b/tests/asschk.c
index 40b95ba7d..344deca49 100644
--- a/tests/asschk.c
+++ b/tests/asschk.c
@@ -273,10 +273,12 @@ writen (int fd, const char *buffer, size_t length)
type and store that in recv_type. The function terminates on a
communication error. Returns a pointer into the inputline to the
first byte of the arguments. The parsing is very strict to match
- excalty what we want to send. */
+ exaclty what we want to send. */
static char *
read_assuan (int fd)
{
+ /* FIXME: For general robustness, the pending stuff needs to be
+ associated with FD. */
static char pending[MAX_LINELEN];
static size_t pending_len;
size_t nleft = sizeof recv_line;
@@ -296,11 +298,18 @@ read_assuan (int fd)
pending_len = 0;
}
else
- n = read (fd, buf, nleft);
-
- if (opt_verbose)
+ {
+ do
+ {
+ n = read (fd, buf, nleft);
+ }
+ while (n < 0 && errno == EINTR);
+ }
+
+ if (opt_verbose && n >= 0 )
{
int i;
+
printf ("%s: read \"", __FUNCTION__);
for (i = 0; i < n; i ++)
putc (buf[i], stdout);
@@ -308,11 +317,7 @@ read_assuan (int fd)
}
if (n < 0)
- {
- if (errno == EINTR)
- continue;
- die ("reading fd %d failed: %s", fd, strerror (errno));
- }
+ die ("reading fd %d failed: %s", fd, strerror (errno));
else if (!n)
die ("received incomplete line on fd %d", fd);
p = buf;
diff --git a/tools/ChangeLog b/tools/ChangeLog
index c29689bde..435c39799 100644
--- a/tools/ChangeLog
+++ b/tools/ChangeLog
@@ -1,3 +1,8 @@
+2006-11-03 Werner Koch <[email protected]>
+
+ * symcryptrun.c: Include signal.h and include pth.h only if test
+ asserts that it exists.
+
2006-10-23 Werner Koch <[email protected]>
* gpgconf-comp.c <gpgsm>: Add --cipher-algo.
diff --git a/tools/symcryptrun.c b/tools/symcryptrun.c
index 406cbb2a2..68302d39d 100644
--- a/tools/symcryptrun.c
+++ b/tools/symcryptrun.c
@@ -69,10 +69,13 @@
#include <string.h>
#include <errno.h>
#include <assert.h>
+#include <signal.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/wait.h>
+#ifdef HAVE_PTY_H
#include <pty.h>
+#endif
#include <utmp.h>
#include <ctype.h>
#ifdef HAVE_LOCALE_H