Page MenuHome GnuPG
Files F18826093

No OneTemporary
Actions

View Options

diff --git a/ChangeLog b/ChangeLog
index 813e25b6d..41de8baad 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,1153 +1,1158 @@
+2009-12-07 Werner Koch <wk@g10code.com>
+
+ * configure.ac: Check for ADNS before checking for the BIND
+ resolver.
+
2009-10-20 Marcus Brinkmann <marcus@g10code.com>
* configure.ac: Check for fusermount and encfs.
2009-10-16 Marcus Brinkmann <marcus@g10code.com>
* configure.ac: Check for libassuan instead of libassuan-pth.
2009-10-12 Werner Koch <wk@g10code.com>
* configure.ac: Use -O3 because newer gcc versions require that
for uninitialized variable warnings.
2009-09-23 Werner Koch <wk@g10code.com>
* configure.ac (HAVE_ASSUAN_SET_IO_MONITOR): Remove test.
(_ASSUAN_ONLY_GPG_ERRORS): Remove.
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* configure.ac (NEED_LIBASSUAN_API, NEED_LIBASSUAN_VERSION):
Update to new API (2, 1.1.0).
2009-09-21 Werner Koch <wk@g10code.com>
Start a new development branch in the SVN trunk. The stable one
is now known in the SVN as branches/GNUPG-STABLE-2-0.
2009-09-04 Werner Koch <wk@g10code.com>
Release 2.0.13.
2009-06-29 Werner Koch <wk@g10code.com>
* configure.ac: Take care of --without-adns. Suggested by
Arfrever Frehtes Taifersar Arahesis.
2009-06-17 Werner Koch <wk@g10code.com>
Release 2.0.12.
2009-06-05 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Remove Camellia restriction.
2009-04-01 Werner Koch <wk@g10code.com>
* configure.ac: Test for fsync.
2009-03-18 Werner Koch <wk@g10code.com>
* configure.ac: Test for getrlimit.
2009-03-03 Werner Koch <wk@g10code.com>
Release 2.0.11.
2009-01-12 Werner Koch <wk@g10code.com>
Release 2.0.10.
2008-12-09 Werner Koch <wk@g10code.com>
Release 2.0.10rc1.
2008-10-17 Werner Koch <wk@g10code.com>
* configure.ac: Use more warning options with modern GCCs.
2008-09-29 Werner Koch <wk@g10code.com>
* configure.ac: Require libgcrypt 1.4.
2008-08-27 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Use printf for the most portable SVN version
detection.
* configure.ac: Darwin's /bin/sh has a builtin echo that doesn't
understand '-n'. Use tr to trim the carriage return instead.
2008-04-23 Werner Koch <wk@g10code.com>
* configure.ac: Call gl_HEADER_SYS_SOCKET and gl_TYPE_SOCKLEN_T.
2008-04-07 Werner Koch <wk@g10code.com>
* configure.ac (ADNSLIBS): Test for adns.
(GPGKEYS_KDNS): New.
2008-04-01 Werner Koch <wk@g10code.com>
* configure.ac: Require curl 7.10 (Oct 1 2002) or later as we use
curl_version_info().
(AC_INIT): Fix quoting.
2008-03-27 Werner Koch <wk@g10code.com>
* Makefile.am (dist_doc_DATA): New. Install README.
2008-03-26 Werner Koch <wk@g10code.com>
Release 2.0.9.
2008-02-19 Werner Koch <wk@g10code.com>
* configure.ac: Remove --with-pkits-tests.
2008-02-15 Werner Koch <wk@g10code.com>
* gl/allocsa.h, gl/m4/allocsa.m4: Replace HAVE_LONG_LONG by
HAVE_LONG_LONG_INT.
2008-02-15 gettextize <bug-gnu-gettext@gnu.org>
* configure.ac (AM_GNU_GETTEXT_VERSION): Bump to 0.17.
2007-12-20 Werner Koch <wk@g10code.com>
Released 2.0.8.
2007-12-17 Werner Koch <wk@g10code.com>
* configure.ac: Add treatment for HAVE_LDAP_START_TLS_SA.
2007-12-14 Werner Koch <wk@g10code.com>
Released 2.0.8rc1.
2007-12-12 Werner Koch <wk@g10code.com>
* configure.ac (USE_CAMELLIA): Define by new option --enable-camellia.
2007-12-03 Werner Koch <wk@g10code.com>
* configure.ac: Add test gt_LC_MESSAGES..
2007-10-01 Werner Koch <wk@g10code.com>
* configure.ac: Require assuan 1.0.4.
2007-09-14 Werner Koch <wk@g10code.com>
* configure.ac (GNUPG_LIBASSUAN_VERSION): New.
2007-09-10 Werner Koch <wk@g10code.com>
Released 2.0.7.
2007-08-27 Werner Koch <wk@g10code.com>
* configure.ac: Remove remaining support for internal regex.
Define DISABLE_REGEX automake conditional. Add option
--with-regex.
* autogen.sh [--build-w32]: Remove --disable-regex. Use --with-regex.
2007-08-16 Werner Koch <wk@g10code.com>
Released 2.0.6.
2007-08-08 Werner Koch <wk@g10code.com>
* configure.ac: Use AC_CANONICAL_HOST and not AC_CANONICAL_TARGET.
2007-07-09 Werner Koch <wk@g10code.com>
* configure.ac (AM_ICONV): Check for it even when building without
NLS.
2007-07-05 Werner Koch <wk@g10code.com>
Released 2.0.5.
* configure.ac: Require libassuan 1.0.2.
2007-07-05 Marcus Brinkmann <marcus@g10code.de>
* configure.ac: Invoke AM_LANGINFO_CODESET.
2007-07-04 Werner Koch <wk@g10code.com>
* Makefile.am (AUTOMAKE_OPTIONS): Add no-dist-gzip.
Switched entire package to GPLv3+.
* configure.ac: Require libksba 1.0.2.
* COPYING: Updated to GPLv3.
* COPYING.LIB: New as jnlib/ uses this license.
* gl/: Switched to GPLv3+.
* intl/ Removed.
* configure.ac (AM_GNU_GETTEXT): Add external flag.
(AM_ICONV): New.
2007-07-03 Werner Koch <wk@g10code.com>
* configure.ac [W32]: Use ws2_32 instead of wsock32.
2007-06-25 Werner Koch <wk@g10code.com>
* gl/mkdtemp.c (gen_tempname) [MKDIR_TAKES_ONE_ARG]: Avoid
compiler warning by using the proper config macro.
2007-06-15 Werner Koch <wk@g10code.com>
* configure.ac: Call AM_PO_SUBDIRS.
(W32SOCKLIBS): New.
* autogen.sh: Use = and not == in test to be POSIXly correct.
<build-w32>: Disable use of regex.
2007-06-14 Werner Koch <wk@g10code.com>
* configure.ac [AH_BOTTOM]: Remove the hardwired names of modules.
2007-06-12 Werner Koch <wk@g10code.com>
* configure.ac [AH_BOTTOM]: Define HTTP_NO_WSASTARTUP.
2007-06-11 Werner Koch <wk@g10code.com>
* am/cmacros.am (libcommonstd, libcommonpth, libcommonstd_ldadd)
(libcommonpth_ldadd): Add macros.
2007-06-06 Werner Koch <wk@g10code.com>
* configure.ac: Add a few notices message so make browsing of the
log file easier.
(CC_FOR_BUILD): New.
2007-05-30 Werner Koch <wk@g10code.com>
* configure.ac [W32]: Do not create a symlink to w32-pth.h.
Require the installation of the w32pth package.
2007-05-29 Werner Koch <wk@g10code.com>
* gl/: Updated to a newer version.
2007-05-24 Werner Koch <wk@g10code.com>
* configure.ac: Use -Wpointer-arith is possible.
2007-05-15 Werner Koch <wk@g10code.com>
* configure.ac: Renamed the estream macros. Remove -Wformat-nonliteral.
* configure.ac: Call ESTREAM_INIT and define the memory
allocators for estream_asprintf.
(gl_MODULES): Remove vasprintf.
2007-05-09 Werner Koch <wk@g10code.com>
Released 2.0.4.
2007-05-07 Werner Koch <wk@g10code.com>
* configure.ac: Require libgcrypt 1.2.2 to avoid compiler warnings.
2007-05-07 gettextize <bug-gnu-gettext@gnu.org>
* configure.ac (AM_GNU_GETTEXT_VERSION): Bump to 0.16.1.
2007-05-07 Werner Koch <wk@g10code.com>
* configure.ac: Bail out if no C-89 compiler has been found.
2007-05-04 Werner Koch <wk@g10code.com>
* Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Add --enable-mailto
* configure.ac: Require automake 1.10
(AC_CONFIG_FILES): Rename gpgkeys_ to gpg2keys_.
(AM_PROG_CC_C_O): New.
2007-03-08 Werner Koch <wk@g10code.com>
Released 2.0.3.
* autogen.sh: Add option --force.
2007-01-31 Werner Koch <wk@g10code.com>
Released 2.0.2.
2006-11-30 Werner Koch <wk@g10code.com>
* configure.ac: Save original LIBS when testing for dlopen.
2006-11-28 Werner Koch <wk@g10code.com>
Released 2.0.1.
2006-11-23 Werner Koch <wk@g10code.com>
Released 2.0.1rc1.
2006-11-21 Werner Koch <wk@g10code.com>
* configure.ac [AH_BOTTOM]: Disable PTH soft mapping.
(AC_CHECK_SIZEOF): Check for time_t.
(BUILD_INCLUDED_LIBINTL): Remove AM_PO_SUBDIRS as it is not
required for C.
2006-11-15 Werner Koch <wk@g10code.com>
* autogen.sh: Add convenience option --build-amd64.
2006-11-14 Werner Koch <wk@g10code.com>
* configure.ac (HAVE_ASSUAN_SET_IO_MONITOR): Test for it.
2006-11-11 Werner Koch <wk@g10code.com>
Released 2.0.0.
2006-11-06 Werner Koch <wk@g10code.com>
Released 1.9.95.
2006-11-03 Werner Koch <wk@g10code.com>
* configure.ac: Test for pty.h. From Gentoo.
2006-10-24 Werner Koch <wk@g10code.com>
Released 1.9.94.
2006-10-20 Werner Koch <wk@g10code.com>
* Makefile.am (stowinstall): Add convenience target.
2006-10-18 Werner Koch <wk@g10code.com>
* configure.ac: svn revison magic fixes for old bashs. Suggested
by Alain Guibert.
2006-10-18 Werner Koch <wk@g10code.com>
Released 1.9.93.
2006-10-17 Werner Koch <wk@g10code.com>
* autogen.sh <--build-w32>: Test also for a host "mingw32".
* configure.ac: Removed W32LIBS. Use NETLIBS instead.
2006-10-11 Werner Koch <wk@g10code.com>
Released 1.9.92.
* configure.ac: Require libassuan 0.9.3.
2006-10-09 Werner Koch <wk@g10code.com>
* acinclude.m4: Moved pth check to m4/gnupg-pth.m4.
2006-10-06 Werner Koch <wk@g10code.com>
* configure.ac: Also check for libassuan's pth version.
2006-10-04 Werner Koch <wk@g10code.com>
Released 1.9.91.
* configure.ac: Require libassuan 0.9.1 which fixes a problem with
gpgsm.
2006-09-27 Werner Koch <wk@g10code.com>
* gl/strsep.h, gl/strsep.c, gl/m4/strsep.m4: Removed.
* gl/strpbrk.h, gl/strpbrk.c, gl/m4/strpbrk.m4: Removed.
* gl/Makefile.am: Removed module strsep and strpbrk.
* configure.ac: Check for strsep in the context of jnlib. Remove
check from gl_MODULES. Moved check for timegm into the jnlib context.
2006-09-27 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am: Fix cut & paste error.
2006-09-25 Werner Koch <wk@g10code.com>
Released 1.9.90.
2006-09-22 Werner Koch <wk@g10code.com>
* AUTHORS: Add information about used licenses.
2006-09-20 Werner Koch <wk@g10code.com>
* Makefile.am (dist-hook): Removed distfiles cruft.
(SUBDIRS): Added include
2006-09-18 Werner Koch <wk@g10code.com>
Released 1.9.23.
* configure.ac (--enable-agent-only): Donot build tools and doc
(--disable-tools,--disable-doc): New.
* Makefile.am (SUBDIRS): Allow to conditional build tools and doc.
2006-09-14 Werner Koch <wk@g10code.com>
Replaced all call gpg_error_from_errno(errno) by
gpg_error_from_syserror().
* configure.ac: Build gpg by default.
(GNUPG_SYS_SO_PEERCRED): Removed.
2006-09-13 Werner Koch <wk@g10code.com>
* autogen.sh: Better detection of the cross compiler kit.
2006-09-06 Marcus Brinkmann <marcus@g10code.de>
* configure.ac: New automake conditional RUN_GPG_TESTS.
2006-09-06 Werner Koch <wk@g10code.com>
* configure.ac: Define _ASSUAN_ONLY_GPG_ERRORS. Require Assuan
0.9 and libgpg-error 1.4
2006-08-31 Werner Koch <wk@g10code.com>
* configure.ac: Require libksba 1.0 and added API check for it.
(GPG_ERR_LOCKED): Removed DECL check as we require 1.2 anyway.
(have_libusb): New to give a feedback about CCID support
2006-08-21 Werner Koch <wk@g10code.com>
* configure.ac: Removed docbook tests.
(AC_CONFIG_FILES): Added gpgkeys_test and gpgkeys_mailto.
* Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Enable gpg.
2006-08-17 Werner Koch <wk@g10code.com>
* THANKS: Merged with the 1.4 one.
2006-08-16 Werner Koch <wk@g10code.com>
* configure.ac: Removed test for capabilities and mlock.
2006-08-15 Werner Koch <wk@g10code.com>
* Makefile.am (keyserver): Enable building of keyserver helpers.
* configure.ac: Merged with the current configure from 1.4.5.
Require libgpg-error 1.2 and libksba 0.9.16.
2006-07-29 Marcus Brinkmann <marcus@g10code.de>
* README: Spelling fixes.
2006-07-27 Werner Koch <wk@g10code.com>
Released 1.9.22.
* configure.ac: Call AB_INIT.
2006-07-03 Werner Koch <wk@g10code.com>
* configure.ac: Test for ksba_dn_teststr.
2006-06-30 Werner Koch <wk@g10code.com>
* keyserver/: New. Taken from 1.4.4
* Makefile.am (SUBDIRS): Include keyserver/.
* configure.ac: Include keyserver/.
(FAKE_CURL, GPGKEYS_CURL): New.
2006-06-20 Werner Koch <wk@g10code.com>
Released 1.9.21.
2006-06-08 Marcus Brinkmann <marcus@g10code.de>
* configure.ac (PTH_LIBS): Add --all to pth-config invocation.
2006-05-24 Werner Koch <wk@g10code.com>
* configure.ac: New option --disable-optimization taked from 1.4.3.
2006-05-23 Werner Koch <wk@g10code.com>
* configure.ac (ZLIBS): New for zlib link commands. Add bzip2
support.
2006-05-22 Werner Koch <wk@g10code.com>
* configure.ac (EXEEXT): New.
2006-04-18 Werner Koch <wk@g10code.com>
* configure.ac (PK_UID_CACHE_SIZE): New.
2006-04-07 Werner Koch <wk@g10code.com>
* configure.ac: Use new method to include the SVN revison. Now it
is the actual global revision number.
2005-12-20 Werner Koch <wk@g10code.com>
Released 1.9.20.
2005-11-28 Werner Koch <wk@g10code.com>
* configure.ac: Append the revision to the version string.
2005-11-13 Werner Koch <wk@g10code.com>
* am/cmacros.am (-DGNUPG_SYSCONFDIR): Define it.
2005-11-11 Werner Koch <wk@g10code.com>
* configure.ac (NEED_KSBA_VERSION: Require 0.9.13.
2005-09-12 Werner Koch <wk@g10code.com>
Released 1.9.19.
2005-08-01 Werner Koch <wk@g10code.com>
Released 1.9.18.
* configure.ac: Require libksba 0.9.12 to match new features in gpgsm.
2005-06-20 Werner Koch <wk@g10code.com>
Released 1.9.17.
2005-06-02 Werner Koch <wk@g10code.com>
* configure.ac (HAVE_PTH): Define as alias for USE_GNU_PTH. It is
used by common/estream.c.
2005-06-01 Werner Koch <wk@g10code.com>
* configure.ac (gl_INIT): Add gnulib stuff.
(fseeko, ftello, ttyname, isascii): Replaced the AC_REPLACE_FUNCS
by a simple check.
(putc_unlocked): Removed check. Not used.
(strsep, mkdtemp, asprintf): Replaced checks by gnulib checks.
(xsize): Added will probably come handy soon.
(CFLAGS): Use -Wformat-security instead of
-Wformat-nonliteral. Add --Wno-format-y2k.
* gl/, gl/m4/: New.
2005-05-15 Werner Koch <wk@g10code.com>
* configure.ac: Remove option --disable-threads; require the use
of GNU Pth.
2005-04-27 Werner Koch <wk@g10code.com>
* configure.ac: Removed OpenSC detection and options.
* acinclude.m4: Ditto.
2005-04-21 Werner Koch <wk@g10code.com>
Released 1.9.16.
* configure.ac: Do not build gpg by default.
2005-04-20 Werner Koch <wk@g10code.com>
* configure.ac: Test whether GPG_ERR_LOCKED is declared and
provide a replacement if not.
2005-04-15 Werner Koch <wk@g10code.com>
* configure.ac: Require libksba 0.9.11.
2005-04-15 Marcus Brinkmann <marcus@g10code.de>
* configure.ac: Check for /usr/bin/shred and define SHRED.
* configure.ac: Add --enable-symcryptrun, disabled by default.
Define automake variable BUILD_SYMCRYPTRUN.
Check for openpty -lutil, define LIBUTIL_LIBS.
2005-03-03 Werner Koch <wk@g10code.com>
* acinclude.m4 (GNUPG_PTH_VERSION_CHECK): Accidently used
--ldflags instead of --cflags. Reported by Kazu Yamamoto.
2005-02-03 Werner Koch <wk@g10code.com>
* AUTHORS: Copied from 1.4 and edited to refelct the changes in
1.9.
2005-01-17 Werner Koch <wk@g10code.com>
* configure.ac: Make --without-included-regex work as expected.
Fixed FTP location info for some libraries.
2005-01-13 Werner Koch <wk@g10code.com>
Released 1.9.15.
* acinclude.m4 (GNUPG_PTH_VERSION_CHECK): Link a simple test
program to see whether the installation is sane.
2005-01-07 Werner Koch <wk@g10code.com>
* configure.ac: Require gpg-error 1.0.
2005-01-04 Werner Koch <wk@g10code.com>
* configure.ac: Remove hack not to build gpg2 for W32.
* autogen.sh <build-w32>: Pass option --disable-gpg instead.
2004-12-22 Werner Koch <wk@g10code.com>
Released 1.9.14.
2004-12-20 Werner Koch <wk@g10code.com>
* configure.ac: Add PATHSEP_C and PATHSEP_S. For W32 let all
directories default to c:/gnupg. Require libassuan 0.6.9.
2004-12-18 Werner Koch <wk@g10code.com>
* configure.ac (AH_BOTTOM): Define EXEEXT_S.
* autogen.sh: Updated --build-w32 feature.
2004-12-15 Werner Koch <wk@g10code.com>
* Makefile.am (SUBDIRS) [W32]: Do not build in tests/.
* acinclude.m4: Add proper macro name quoting for use with
automake 1.9.
* configure.ac: Add replacement check for ttyname.
Removed support for a included zlib.
2004-12-06 Werner Koch <wk@g10code.com>
* configure.ac (have_w32_system): New. Disable Pth checks for W32.
Link jnlib/w32-pth.h to pth.h.
2004-12-03 Werner Koch <wk@g10code.com>
Released 1.9.13.
2004-11-26 Werner Koch <wk@g10code.com>
* configure.ac: Replace strsep. Replaced use of "target" by
"host".
2004-10-22 Werner Koch <wk@g10code.com>
Released 1.9.12.
* Makefile.am (AUTOMAKE_OPTIONS): Set option to create bzip2 tarball.
2004-10-01 Werner Koch <wk@g10code.com>
Released 1.9.11.
2004-09-30 Werner Koch <wk@g10code.com>
* README: Minor updates.
2004-09-30 gettextize <bug-gnu-gettext@gnu.org>
* configure.ac (AM_GNU_GETTEXT_VERSION): Bump to 0.14.1.
2004-08-16 Werner Koch <wk@g10code.de>
* configure.ac: Build Makefile for tests/pkits. New option
--with-pkits-tests.
2004-08-05 Werner Koch <wk@g10code.de>
* configure.ac: Changed tests for libusb to also suuport the
stable version 0.1.x.
2004-07-22 Werner Koch <wk@g10code.de>
Released 1.9.10.
* configure.ac: Define AM conditional HAVE_OPENSC.
2004-07-21 Werner Koch <wk@g10code.de>
* configure.ac: Don't set DIE to no after it might has been set to
yes.
2004-07-20 Werner Koch <wk@g10code.de>
* Makefile.am (sm): Build kbx only if gpgsm is to be build.
2004-07-20 Werner Koch <wk@gnupg.org>
* configure.ac: New option --enable-agent-only.
2004-06-08 Werner Koch <wk@gnupg.org>
Released 1.9.9.
2004-06-06 Werner Koch <wk@gnupg.org>
* configure.ac: Require libksba 0.9.7.
2004-04-29 Werner Koch <wk@gnupg.org>
Released 1.9.8.
2004-04-20 Werner Koch <wk@gnupg.org>
* configure.ac: Remove the fopencookie test. We don't need the
dummy function because we conditionally use fopencookie,
fpencookie or a replacement at place.
2004-04-02 Thomas Schwinge <schwinge@nic-nac-project.de>
* autogen.sh: Added ACLOCAL_FLAGS.
2004-04-06 Werner Koch <wk@gnupg.org>
Released 1.9.7.
* configure.ac: Require libgcrypt 1.1.94.
Introduce PACKAGE_GT and set it to gnupg2.
2004-03-23 Werner Koch <wk@gnupg.org>
* configure.ac: Define SAFE_VERSION_DASH and SAFE_VERSION_DOT.
2004-03-09 Werner Koch <wk@gnupg.org>
* configure.ac (NEED_GPG_ERROR_VERSION): Set to 0.7.
2004-03-06 Werner Koch <wk@gnupg.org>
Released 1.9.6.
* configure.ac: Check the Libgcrypt API.
2004-02-25 Werner Koch <wk@gnupg.org>
* configure.ac: New option --disable-threads to inhibit
unintentional builds without Pth.
2004-02-21 Werner Koch <wk@gnupg.org>
Released 1.9.5.
2004-02-20 Werner Koch <wk@gnupg.org>
* configure.ac: Fixed URLs in the notice messages.
2004-02-18 Werner Koch <wk@gnupg.org>
* acinclude.m4: Removed macros to detect gpg-error, libgcrypt,
libassuan and ksba as they are now distributed in m4/.
2004-02-13 Werner Koch <wk@gnupg.org>
* configure.ac: Require libksba 0.9.4 and libgcrypt 1.1.92.
2004-02-12 Werner Koch <wk@gnupg.org>
* autogen.sh: Removed cruft from debugging.
* am/cmacros.am: New.
2004-02-11 Werner Koch <wk@gnupg.org>
* configure.ac: Removed the need for g10defs.h. Reworked the
--with-foo-pgm stuff.
* autogen.sh (check_version): Removed bashism and simplified.
* acinclude.m4 (AM_PATH_OPENSC): Kludge to avoid error output for
a bad opensc-config.
2004-01-30 Werner Koch <wk@gnupg.org>
Released 1.9.4.
* configure.ac: Require libksba 0.9.3 due to another bug fix there.
2004-01-29 Werner Koch <wk@gnupg.org>
* README: Updated.
* configure.ac: Require libksba 0.9.2 due to bug fixes.
2004-01-24 Werner Koch <wk@gnupg.org>
* configure.ac: Now requires libassuan 0.6.3.
2003-12-23 Werner Koch <wk@gnupg.org>
Released 1.9.3.
* README-alpha: Removed.
* configure.ac, Makefile.am: Add the tests and tools directories.
2003-12-19 Werner Koch <wk@gnupg.org>
* configure.ac: Now require libgcrypt 1.1.91 to help testing the
latest libgcrypt changes. Requires libksab 0.9.1.
2003-12-17 Werner Koch <wk@gnupg.org>
* configure.ac: Requires now libassuan 0.6.2.
(CFLAGS): Add --Wformat-noliteral in gcc mode.
2003-12-16 Werner Koch <wk@gnupg.org>
* configure.ac: Check for funopen and fopencookie as part of the
jnlib checks.
2003-12-09 Werner Koch <wk@gnupg.org>
* configure.ac: Add a min_automake_version.
* README.CVS: New.
* autogen.sh: Revamped except for the --build-w32 hack.
* Makefile.am: Add README.CVS
2003-11-17 Werner Koch <wk@gnupg.org>
Release 1.9.2.
* configure.ac: Requires now libassuan 0.6.1.
2003-10-31 Werner Koch <wk@gnupg.org>
* configure.ac (NEED_KSBA_VERSION): Set to 0.9.0 due the changed
time interface.
2003-10-21 Werner Koch <wk@gnupg.org>
* configure.ac (PRINTABLE_OS_NAME): Remove special case for The
Hurd; Robert Millan reported that the uname test is now
sufficient.
2003-10-01 Werner Koch <wk@gnupg.org>
* configure.ac (AH_BOTTOM): Define GNUPG_MAJOR_VERSION.
2003-09-23 Werner Koch <wk@gnupg.org>
Merged most of David Shaw's changes in 1.3 since 2003-06-03.
* configure.ac: Drop all TIGER/192 support.
(uint64_t): Check for UINT64_C to go along with uint64_t.
(getaddrinfo): Check for it.
(sigset_t): Check for sigset_t and struct sigaction. This is for
Forte c89 on Solaris which seems to define only the function call
half of the two pairs by default.
(W32LIBS): Include wsock32 in W32LIBS. This is different from
NETLIBS so we don't need to force other platforms to pull in the
netlibs when they aren't actually needed.
2003-09-06 Werner Koch <wk@gnupg.org>
Released 1.9.1.
* configure.ac: Require newer versions of some libraries.
2003-09-02 Werner Koch <wk@gnupg.org>
* configure.ac (HAVE_LIBUSB): Added a simple test for libusb.
2003-08-19 Marcus Brinkmann <marcus@g10code.de>
* configure.ac (AM_PATH_GPG_ERROR): Add missing comma in
invocation.
2003-08-06 Werner Koch <wk@gnupg.org>
* configure.ac: Check for libgpg-error. Print infos about missing
libraries more nicely.
* acinclude.m4 (AM_PATH_GPG_ERROR): Added.
2003-08-05 Werner Koch <wk@gnupg.org>
Released 1.9.0.
* configure.ac (GNUPG_DEFAULT_HONMEDIR): Changed back to ~/.gnupg.
2003-07-31 Werner Koch <wk@gnupg.org>
* Makefile.am (DISTCLEANFILES): Add g10defs.h
2003-06-18 Werner Koch <wk@gnupg.org>
* configure.ac (GNUPG_DEFAULT_HOMEDIR): Changed temporary to
.gnupg2 to avoid accidential use with production keys.
2003-06-11 Werner Koch <wk@gnupg.org>
* configure.ac: Merged all stuff from current 1.3 version in.
* acinclude.m4: Merged required macros from current 1.2 version in.
2003-06-04 Werner Koch <wk@gnupg.org>
* configure.ac, Makefile.am: Enable building of gpg.
2003-04-29 Werner Koch <wk@gnupg.org>
* configure.ac: Build a limited version of scdaemon if libopensc
is not available.
* configure.ac (ALL_LINUGAS): Removed.
* Makefile.am (ACLOCAL_AMFLAGS): New.
* configure.ac (AM_GNU_GETTEXT_VERSION): New. Set to 0.11.5.
2003-04-29 gettextize <bug-gnu-gettext@gnu.org>
* Makefile.am (SUBDIRS): Add m4.
(ACLOCAL_AMFLAGS): New variable.
(EXTRA_DIST): Add scripts/config.rpath.
* configure.ac (AC_CONFIG_FILES): Add m4/Makefile.
2003-04-29 Werner Koch <wk@gnupg.org>
* assuan/ : Removed. We now use libassuan.
* Makefile.am (SUBDIRS): Removed assuan
* configure.ac: Check for libassuan.
2003-01-09 Werner Koch <wk@gnupg.org>
* configure.ac (GNUPG_PROTECT_TOOL): New option --with-protect-tool.
(NEED_KSBA_VERSION): Does now require 0.4.6.
* README: Noted where to find gpg-protect-tool.
2002-10-31 Neal H. Walfield <neal@g10code.de>
* configure.ac: Check for flockfile and funlockfile. Check for
isascii and putc_unlocked replacing them if not found.
* configure.ac (PTH_LIBS): If pth is found, add the output of
`$PTH_CONFIG --ldflags`, not just `$PTH_CONFIG --libs`.
2002-10-19 Werner Koch <wk@gnupg.org>
* configure.ac: Bumped version number to 1.9.0-cvs.
NewPG (Aegypten project) to GnuPG merge.
2002-09-20 Werner Koch <wk@gnupg.org>
Released 0.9.2.
2002-09-05 Neal H. Walfield <neal@g10code.de>
* configure.ac: Check for makeinfo.
2002-09-03 Neal H. Walfield <neal@g10code.de>
* autogen.sh (have_version): New function. Generalize and
simplify logic for finding and determining the versions of GNU
programs. Use it.
2002-08-23 Werner Koch <wk@gnupg.org>
Released 0.9.1.
* acinclude.m4 (AM_PATH_LIBGCRYPT): Updated from Libgcrypt.
(AM_PATH_OPENSC): Strip non-digits from the micro version.
2002-08-21 Werner Koch <wk@gnupg.org>
Released 0.9.0.
* configure.ac: Changed the default homedir to .gnupg.
* README-alpha: Removed.
2002-08-19 Werner Koch <wk@gnupg.org>
* acinclude.m4: Removed -lpcsclite from KSBA_LIBS; copy+paste bug.
2002-08-13 Werner Koch <wk@gnupg.org>
* acinclude.m4 (AM_PATH_OPENSC, AM_PATH_KSBA): New.
* configure.ac: Use them.
2002-08-10 Werner Koch <wk@gnupg.org>
Released 0.3.10.
* configure.ac (NEED_LIBKSBA_VERSION): Require 0.4.4. Add support
for gettext.
2002-07-22 Werner Koch <wk@gnupg.org>
* configure.ac: Check for ftello and provide a replacement.
2002-07-01 Werner Koch <wk@gnupg.org>
Released 0.3.9.
* README: Short note on how to export in pkcs-12 format.
2002-06-29 Werner Koch <wk@gnupg.org>
* configure.ac: Define --with options to set the default location
of the agent, scdaemon, pinentry and dirmngr.
2002-06-27 Werner Koch <wk@gnupg.org>
* README: Short blurb on how to import a PKCS-12 file.
* configure.ac (AH_BOTTOM): New to define some constants.
2002-06-25 Werner Koch <wk@gnupg.org>
Released 0.3.8.
* configure.ac (NEED_LIBGCRYPT_VERSION): Set to 1.1.8.
2002-06-12 Werner Koch <wk@gnupg.org>
* configure.ac (NEED_LIBKSBA_VERSION): We need 0.4.3 now.
2002-06-04 Werner Koch <wk@gnupg.org>
Released 0.3.7.
2002-05-21 Werner Koch <wk@gnupg.org>
* configure.ac: We now require libgcrypt 1.1.7 and libksba 0.4.2.
2002-05-14 Werner Koch <wk@gnupg.org>
* doc/: New
* configure.ac, Makefile.am: Added doc/
2002-05-03 Werner Koch <wk@gnupg.org>
Released 0.3.6.
2002-04-25 Werner Koch <wk@gnupg.org>
* configure.ac: Check for setlocale.
2002-04-24 Marcus Brinkmann <marcus@g10code.de>
* configure.ac: Check for locale.h.
2002-04-15 Werner Koch <wk@gnupg.org>
Released 0.3.5.
* NEWS: Started to describe release notes.
* configure.ac (NEED_LIBKSBA_VERSION, NEED_LIBGCRYPT_VERSION): Defined
2002-04-01 Werner Koch <wk@gnupg.org>
Released 0.3.4.
2002-03-18 Werner Koch <wk@gnupg.org>
Released 0.3.3.
2002-03-08 Werner Koch <wk@gnupg.org>
* README: Add some explanation on how to specify a user ID.
2002-03-06 Werner Koch <wk@gnupg.org>
Released 0.3.2.
2002-03-04 Werner Koch <wk@gnupg.org>
Released 0.3.1.
* README: Explained some options and files.
2002-02-14 Werner Koch <wk@gnupg.org>
* configure.ac: Fixed status messages related to presence of Pth.
2002-02-13 Werner Koch <wk@gnupg.org>
* acinclude.m4 (GNUPG_SYS_SO_PEERCRED): New.
* configure.ac: use it.
2002-02-12 Werner Koch <wk@gnupg.org>
* configure.ac: Check for PTH. Provide replacement fucntions for
apsrintf and fopencookie.
* acinclude.m4 (GNUPG_PTH_VERSION_CHECK): New.
2002-02-07 Werner Koch <wk@gnupg.org>
Released 0.3.0.
* configure.ac: Require libgcrypt 1.1.6.
2002-02-01 Marcus Brinkmann <marcus@g10code.de>
* configure.ac (KSBA_CONFIG): Remove superfluous x in front of
variable.
2002-01-26 Werner Koch <wk@gnupg.org>
* configure.ac: Add options to disable the build of some programs
and print a configure status at the end.
* acinclude.m4 (GNUPG_BUILD_PROGRAM): New.
* scd/ : New. Added to Makefile and configure.
* configure.ac: Check for libopensc
* Makefile.am: Build scd only when libopensc is available
2002-01-23 Werner Koch <wk@gnupg.org>
* configure.ac (mkdtemp): See whether we have to provide a
replacement.
2001-12-18 Werner Koch <wk@gnupg.org>
Released 0.0.0.
2001-12-17 Werner Koch <wk@gnupg.org>
* acinclude.m4: Add AM_PATH_LIBGCRYPT macro.
* configure.ac: and use it here. Figure out the location of libksba
2001-12-15 Werner Koch <wk@gnupg.org>
* configure.ac (missing_dir): Bail out if asprintf and fopencookie
are not available.
2001-12-04 Werner Koch <wk@gnupg.org>
* configure.ac (HAVE_JNLIB_LOGGING): always define it.
Copyright 2001, 2002, 2003, 2004, 2005, 2006,
2007 Free Software Foundation, Inc.
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
modifications, as long as this notice is preserved.
This file is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/NEWS b/NEWS
index d240e826a..0d543cdaf 100644
--- a/NEWS
+++ b/NEWS
@@ -1,746 +1,748 @@
Noteworthy changes in version 2.1.x (under development)
-------------------------------------------------------
* Encrypted OpenPGP messages with trailing data (e.g. other OpenPGP
packets) are now correctly parsed.
* The GPGSM --audit-log feature is now more complete.
* The G13 tool for disk encryption key management has been added.
* The default for --include-cert is now to include all certificates
in the chain except for the root certificate.
* Numerical values may now be used as an alternative to the
debug-level keywords.
+ * Support SRV and PKA records on W32.
+
Noteworthy changes in version 2.0.13 (2009-09-04)
-------------------------------------------------
* GPG now generates 2048 bit RSA keys by default. The default hash
algorithm preferences has changed to prefer SHA-256 over SHA-1.
2048 bit DSA keys are now generated to use a 256 bit hash algorithm
* The envvars XMODIFIERS, GTK_IM_MODULE and QT_IM_MODULE are now
passed to the Pinentry to make SCIM work.
* The GPGSM command --gen-key features a --batch mode and implements
all features of gpgsm-gencert.sh in standard mode.
* New option --re-import for GPGSM's IMPORT server command.
* Enhanced writing of existing keys to OpenPGP v2 cards.
* Add hack to the internal CCID driver to allow the use of some
Omnikey based card readers with 2048 bit keys.
* GPG now repeatly asks the user to insert the requested OpenPGP
card. This can be disabled with --limit-card-insert-tries=1.
* Minor bug fixes.
Noteworthy changes in version 2.0.12 (2009-06-17)
-------------------------------------------------
* GPGSM now always lists ephemeral certificates if specified by
fingerprint or keygrip.
* New command "KEYINFO" for GPG_AGENT. GPGSM now also returns
information about smartcards.
* Made sure not to leak file descriptors if running gpg-agent with a
command. Restore the signal mask to solve a problem in Mono.
* Changed order of the confirmation questions for root certificates
and store negative answers in trustlist.txt.
* Better synchronization of concurrent smartcard sessions.
* Support 2048 bit OpenPGP cards.
* Support Telesec Netkey 3 cards.
* The gpg-protect-tool now uses gpg-agent via libassuan. Under
Windows the Pinentry will now be put into the foreground.
* Changed code to avoid a possible Mac OS X system freeze.
Noteworthy changes in version 2.0.11 (2009-03-03)
-------------------------------------------------
* Fixed a problem in SCDAEMON which caused unexpected card resets.
* SCDAEMON is now aware of the Geldkarte.
* The SCDAEMON option --allow-admin is now used by default.
* GPGCONF now restarts SCdaemon if necessary.
* The default cipher algorithm in GPGSM is now again 3DES. This is
due to interoperability problems with Outlook 2003 which still
can't cope with AES.
Noteworthy changes in version 2.0.10 (2009-01-12)
-------------------------------------------------
* [gpg] New keyserver helper gpg2keys_kdns as generic DNS CERT
lookup. Run with --help for a short description. Requires the
ADNS library.
* [gpg] New mechanisms "local" and "nodefault" for --auto-key-locate.
Fixed a few problems with this option.
* [gpg] New command --locate-keys.
* [gpg] New options --with-sig-list and --with-sig-check.
* [gpg] The option "-sat" is no longer an alias for --clearsign.
* [gpg] The option --fixed-list-mode is now implicitly used and obsolete.
* [gpg] New control statement %ask-passphrase for the unattended key
generation.
* [gpg] The algorithm to compute the SIG_ID status has been changed.
* [gpgsm] Now uses AES by default.
* [gpgsm] Made --output option work with --export-secret-key-p12.
* [gpg-agent] Terminate process if the own listening socket is not
anymore served by ourself.
* [scdaemon] Made it more robust on W32.
* [gpg-connect-agent] Accept commands given as command line arguments.
* [w32] Initialized the socket subsystem for all keyserver helpers.
* [w32] The sysconf directory has been moved from a subdirectory of
the installation directory to %CSIDL_COMMON_APPDATA%/GNU/etc/gnupg.
* [w32] The gnupg2.nls directory is not anymore used. The standard
locale directory is now used.
* [w32] Fixed a race condition between gpg and gpgsm in the use of
temporary file names.
* The gpg-preset-passphrase mechanism works again. An arbitrary
string may now be used for a custom cache ID.
* Admin PINs are cached again (bug in 2.0.9).
* Support for version 2 OpenPGP cards.
* Libgcrypt 1.4 is now required.
Noteworthy changes in version 2.0.9 (2008-03-26)
------------------------------------------------
* Gpgsm always tries to locate missing certificates from a running
Dirmngr's cache.
* Tweaks for Windows.
* The Admin PIN for OpenPGP cards may now be entered with the pinpad.
* Improved certificate chain construction.
* Extended the PKITS framework.
* Fixed a bug in the ambigious name detection.
* Fixed possible memory corruption while importing OpenPGP keys (bug
introduced with 2.0.8). [CVE-2008-1530]
* Minor bug fixes.
Noteworthy changes in version 2.0.8 (2007-12-20)
------------------------------------------------
* Enhanced gpg-connect-agent with a small scripting language.
* New option --list-config for gpgconf.
* Fixed a crash in gpgconf.
* Gpg-agent now supports the passphrase quality bar of the latest
Pinentry.
* The envvars XAUTHORITY and PINENTRY_USER_DATA are now passed to the
Pinentry.
* Fixed the auto creation of the key stub for smartcards.
* Fixed a rare bug in decryption using the OpenPGP card.
* Creating DSA2 keys is now possible.
* New option --extra-digest-algo for gpgsm to allow verification of
broken signatures.
* Allow encryption with legacy Elgamal sign+encrypt keys with option
--rfc2440.
* Windows is now a supported platform.
* Made sure that under Windows the file permissions of the socket are
taken into account. This required a change of our socket emulation
code and changed the IPC protocol under Windows.
Noteworthy changes in version 2.0.7 (2007-09-10)
------------------------------------------------
* Fixed encryption problem if duplicate certificates are in the
keybox.
* Made it work on Windows Vista. Note that the entire Windows port
is still considered Beta.
* Add new options min-passphrase-nonalpha, check-passphrase-pattern,
enforce-passphrase-constraints and max-passphrase-days to
gpg-agent.
* Add command --check-components to gpgconf. Gpgconf now uses the
installed versions of the programs and does not anymore search via
PATH for them.
Noteworthy changes in version 2.0.6 (2007-08-16)
------------------------------------------------
* GPGSM does now grok --default-key.
* GPGCONF is now aware of --default-key and --encrypt-to.
* GPGSM does again correctly print the serial number as well the the
various keyids. This was broken since 2.0.4.
* New option --validation-model and support for the chain-model.
* Improved Windows support.
Noteworthy changes in version 2.0.5 (2007-07-05)
------------------------------------------------
* Switched license to GPLv3.
* Basic support for Windows. Run "./autogen.sh --build-w32" to build
it. As usual the mingw cross compiling toolchain is required.
* Fixed bug when using the --p12-charset without --armor.
* The command --gen-key may now be used instead of the
gpgsm-gencert.sh script.
* Changed key generation to reveal less information about the
machine. Bug fixes for gpg2's card key generation.
Noteworthy changes in version 2.0.4 (2007-05-09)
------------------------------------------------
* The server mode key listing commands are now also working for
systems without the funopen/fopencookie API.
* PKCS#12 import now tries several encodings in case the passphrase
was not utf-8 encoded. New option --p12-charset for gpgsm.
* Improved the libgcrypt logging support in all modules.
Noteworthy changes in version 2.0.3 (2007-03-08)
------------------------------------------------
* By default, do not allow processing multiple plaintexts in a single
stream. Many programs that called GnuPG were assuming that GnuPG
did not permit this, and were thus not using the plaintext boundary
status tags that GnuPG provides. This change makes GnuPG reject
such messages by default which makes those programs safe again.
--allow-multiple-messages returns to the old behavior. [CVE-2007-1263].
* New --verify-option show-primary-uid-only.
* gpgconf may now reads a global configuration file to select which
options are changeable by a frontend. The new applygnupgdefaults
tool may be used by an admin to set default options for all users.
* The PIN pad of the Cherry XX44 keyboard is now supported. The
DINSIG and the NKS applications are now also aware of PIN pads.
Noteworthy changes in version 2.0.2 (2007-01-31)
------------------------------------------------
* Fixed a serious and exploitable bug in processing encrypted
packages. [CVE-2006-6235].
* Added --passphrase-repeat to set the number of times GPG will
prompt for a new passphrase to be repeated. This is useful to help
memorize a new passphrase. The default is 1 repetition.
* Using a PIN pad does now also work for the signing key.
* A warning is displayed by gpg-agent if a new passphrase is too
short. New option --min-passphrase-len defaults to 8.
* The status code BEGIN_SIGNING now shows the used hash algorithms.
Noteworthy changes in version 2.0.1 (2006-11-28)
------------------------------------------------
* Experimental support for the PIN pads of the SPR 532 and the Kaan
Advanced card readers. Add "disable-keypad" scdaemon.conf if you
don't want it. Does currently only work for the OpenPGP card and
its authentication and decrypt keys.
* Fixed build problems on some some platforms and crashes on amd64.
* Fixed a buffer overflow in gpg2. [bug#728,CVE-2006-6169]
Noteworthy changes in version 2.0.0 (2006-11-11)
------------------------------------------------
* First stable version of a GnuPG integrating OpenPGP and S/MIME.
Noteworthy changes in version 1.9.95 (2006-11-06)
-------------------------------------------------
* Minor bug fixes.
Noteworthy changes in version 1.9.94 (2006-10-24)
-------------------------------------------------
* Keys for gpgsm may now be specified using a keygrip. A keygrip is
indicated by a prefixing it with an ampersand.
* gpgconf now supports switching the CMS cipher algo (e.g. to AES).
* New command --gpgconf-test for all major tools. This may be used to
check whether the configuration file is sane.
Noteworthy changes in version 1.9.93 (2006-10-18)
-------------------------------------------------
* In --with-validation mode gpgsm will now also ask whether a root
certificate should be trusted.
* Link to Pth only if really necessary.
* Fixed a pubring corruption bug in gpg2 occurring when importing
signatures or keys with insane lengths.
* Fixed v3 keyID calculation bug in gpg2.
* More tweaks for certificates without extensions.
Noteworthy changes in version 1.9.92 (2006-10-11)
-------------------------------------------------
* Bug fixes.
Noteworthy changes in version 1.9.91 (2006-10-04)
-------------------------------------------------
* New "relax" flag for trustlist.txt to allow root CA certificates
without BasicContraints.
* [gpg2] Removed the -k PGP 2 compatibility hack. -k is now an
alias for --list-keys.
* [gpg2] Print a warning if "-sat" is used instead of "--clearsign".
Noteworthy changes in version 1.9.90 (2006-09-25)
-------------------------------------------------
* Made readline work for gpg.
* Cleanups und minor bug fixes.
* Included translations from gnupg 1.4.5.
Noteworthy changes in version 1.9.23 (2006-09-18)
-------------------------------------------------
* Regular man pages for most tools are now build directly from the
Texinfo source.
* The gpg code from 1.4.5 has been fully merged into this release.
The configure option --enable-gpg is still required to build this
gpg part. For production use of OpenPGP the gpg version 1.4.5 is
still recommended. Note, that gpg will be installed under the name
gpg2 to allow coexisting with an 1.4.x gpg.
* API change in gpg-agent's pkdecrypt command. Thus an older gpgsm
may not be used with the current gpg-agent.
* The scdaemon will now call a script on reader status changes.
* gpgsm now allows file descriptor passing for "INPUT", "OUTPUT" and
"MESSAGE".
* The gpgsm server may now output a key listing to the output file
handle. This needs to be enabled using "OPTION list-to-output=1".
* The --output option of gpgsm has now an effect on list-keys.
* New gpgsm commands --dump-chain and list-chain.
* gpg-connect-agent has new options to utilize descriptor passing.
* A global trustlist may now be used. See doc/examples/trustlist.txt.
* When creating a new pubring.kbx keybox common certificates are
imported.
Noteworthy changes in version 1.9.22 (2006-07-27)
-------------------------------------------------
* Enhanced pkcs#12 support to allow import from simple keyBags.
* Exporting to pkcs#12 now create bag attributes so that Mozilla is
able to import the files.
* Fixed uploading of certain keys to the smart card.
Noteworthy changes in version 1.9.21 (2006-06-20)
-------------------------------------------------
* New command APDU for scdaemon to allow using it for general card
access. Might be used through gpg-connect-agent by using the SCD
prefix command.
* Support for the CardMan 4040 PCMCIA reader (Linux 2.6.15 required).
* Scdaemon does not anymore reset cards at the end of a connection.
* Kludge to allow use of Bundesnetzagentur issued X.509 certificates.
* Added --hash=xxx option to scdaemon's PKSIGN command.
* Pkcs#12 files are now created with a MAC. This is for better
interoperability.
* Collected bug fixes and minor other changes.
Noteworthy changes in version 1.9.20 (2005-12-20)
-------------------------------------------------
* Importing pkcs#12 files created be recent versions of Mozilla works
again.
* Basic support for qualified signatures.
* New debug tool gpgparsemail.
Noteworthy changes in version 1.9.19 (2005-09-12)
-------------------------------------------------
* The Belgian eID card is now supported for signatures and ssh.
Other pkcs#15 cards should work as well.
* Fixed bug in --export-secret-key-p12 so that certificates are again
included.
Noteworthy changes in version 1.9.18 (2005-08-01)
-------------------------------------------------
* [gpgsm] Now allows for more than one email address as well as URIs
and dnsNames in certificate request generation. A keygrip may be
given to create a request from an existing key.
* A couple of minor bug fixes.
Noteworthy changes in version 1.9.17 (2005-06-20)
-------------------------------------------------
* gpg-connect-agent has now features to handle Assuan INQUIRE
commands.
* Internal changes for OpenPGP cards. New Assuan command WRITEKEY.
* GNU Pth is now a hard requirement.
* [scdaemon] Support for OpenSC has been removed. Instead a new and
straightforward pkcs#15 modules has been written. As of now it
does allows only signing using TCOS cards but we are going to
enhance it to match all the old capabilities.
* [gpg-agent] New option --write-env-file and Assuan command
UPDATESTARTUPTTY.
* [gpg-agent] New option --default-cache-ttl-ssh to set the TTL for
SSH passphrase caching independent from the other passphrases.
Noteworthy changes in version 1.9.16 (2005-04-21)
-------------------------------------------------
* gpg-agent does now support the ssh-agent protocol and thus allows
to use the pinentry as well as the OpenPGP smartcard with ssh.
* New tool gpg-connect-agent as a general client for the gpg-agent.
* New tool symcryptrun as a wrapper for certain encryption tools.
* The gpg tool is not anymore build by default because those gpg
versions available in the gnupg 1.4 series are far more matured.
Noteworthy changes in version 1.9.15 (2005-01-13)
-------------------------------------------------
* Fixed passphrase caching bug.
* Better support for CCID readers; the reader from Cherry RS 6700 USB
does now work.
Noteworthy changes in version 1.9.14 (2004-12-22)
-------------------------------------------------
* [gpg-agent] New option --use-standard-socket to allow the use of a
fixed socket. gpgsm falls back to this socket if GPG_AGENT_INFO
has not been set.
* Ported to MS Windows with some functional limitations.
* New tool gpg-preset-passphrase.
Noteworthy changes in version 1.9.13 (2004-12-03)
-------------------------------------------------
* [gpgsm] New option --prefer-system-dirmngr.
* Minor cleanups and debugging aids.
Noteworthy changes in version 1.9.12 (2004-10-22)
-------------------------------------------------
* [scdaemon] Partly rewrote the PC/SC code.
* Removed the sc-investigate tool. It is now in a separate package
available at ftp://ftp.g10code.com/g10code/gscutils/ .
* [gpg-agent] Fixed logging problem.
Noteworthy changes in version 1.9.11 (2004-10-01)
-------------------------------------------------
* When using --import along with --with-validation, the imported
certificates are validated and only imported if they are fully
valid.
* [gpg-agent] New option --max-cache-ttl.
* [gpg-agent] When used without --daemon or --server, gpg-agent now
check whether a agent is already running and usable.
* Fixed some i18n problems.
Noteworthy changes in version 1.9.10 (2004-07-22)
-------------------------------------------------
* Fixed a serious bug in the checking of trusted root certificates.
* New configure option --enable-agent-pnly allows to build and
install just the agent.
* Fixed a problem with the log file handling.
Noteworthy changes in version 1.9.9 (2004-06-08)
------------------------------------------------
* [gpg-agent] The new option --allow-mark-trusted is now required to
allow gpg-agent to add a key to the trustlist.txt after user
confirmation.
* Creating PKCS#10 requests does now honor the key usage.
Noteworthy changes in version 1.9.8 (2004-04-29)
------------------------------------------------
* [scdaemon] Overhauled the internal CCID driver.
* [scdaemon] Status files named ~/.gnupg/reader_<n>.status are now
written when using the internal CCID driver.
* [gpgsm] New commands --dump-{,secret,external}-keys to show a very
detailed view of the certificates.
* The keybox gets now compressed after 3 hours and ephemeral
stored certificates are deleted after about a day.
* [gpg] Usability fixes for --card-edit. Note, that this has already
been ported back to gnupg-1.3
Noteworthy changes in version 1.9.7 (2004-04-06)
------------------------------------------------
* Instrumented the modules for gpgconf.
* Added support for DINSIG card applications.
* Include the smimeCapabilities attribute with signed messages.
* Now uses the gettext domain "gnupg2" to avoid conflicts with gnupg
versions < 1.9.
Noteworthy changes in version 1.9.6 (2004-03-06)
------------------------------------------------
* Code cleanups and bug fixes.
Noteworthy changes in version 1.9.5 (2004-02-21)
------------------------------------------------
* gpg-protect-tool gets now installed into libexec as it ought to be.
Cleaned up the build system to better comply with the coding
standards.
* [gpgsm] The --import command is now able to autodetect pkcs#12
files and import secret and private keys from this file format.
A new command --export-secret-key-p12 is provided to allow
exporting of secret keys in PKCS\#12 format.
* [gpgsm] The pinentry will now present a description of the key for
whom the passphrase is requested.
* [gpgsm] New option --with-validation to check the validity of key
while listing it.
* New option --debug-level={none,basic,advanced,expert,guru} to map
the debug flags to sensitive levels on a per program base.
Noteworthy changes in version 1.9.4 (2004-01-30)
------------------------------------------------
* Added support for the Telesec NKS 2.0 card application.
* Added simple tool addgnupghome to create .gnupg directories from
/etc/skel/.gnupg.
* Various minor bug fixes and cleanups; mainly gpgsm and gpg-agent
related.
Noteworthy changes in version 1.9.3 (2003-12-23)
------------------------------------------------
* New gpgsm options --{enable,disable}-ocsp to validate keys using
OCSP. This option requires a not yet released DirMngr version.
Default is disabled.
* The --log-file option may now be used to print logs to a socket.
Prefix the socket name with "socket://" to enable this. This does
not work on all systems and falls back to stderr if there is a
problem with the socket.
* The options --encrypt-to and --no-encrypt-to now work the same in
gpgsm as in gpg. Note, they are also used in server mode.
* Duplicated recipients are now silently removed in gpgsm.
Noteworthy changes in version 1.9.2 (2003-11-17)
------------------------------------------------
* On card key generation is no longer done using the --gen-key
command but from the menu provided by the new --card-edit command.
* PINs are now properly cached and there are only 2 PINs visible.
The 3rd PIN (CHV2) is internally syncronized with the regular PIN.
* All kind of other internal stuff.
Noteworthy changes in version 1.9.1 (2003-09-06)
------------------------------------------------
* Support for OpenSC is back. scdaemon supports a --disable-opensc to
disable OpenSC use at runtime, so that PC/SC or ct-API can still be
used directly.
* Rudimentary support for the SCR335 smartcard reader using an
internal driver. Requires current libusb from CVS.
* Bug fixes.
Noteworthy changes in version 1.9.0 (2003-08-05)
------------------------------------------------
====== PLEASE SEE README-alpha =======
* gpg has been renamed to gpg2 and gpgv to gpgv2. This is a
temporary change to allow co-existing with stable gpg versions.
* ~/.gnupg/gpg.conf-1.9.0 is fist tried as config file before the
usual gpg.conf.
* Removed the -k, -kv and -kvv commands. -k is now an alias to
--list-keys. New command -K as alias for --list-secret-keys.
* Removed --run-as-shm-coprocess feature.
* gpg does now also use libgcrypt, libgpg-error is required.
* New gpgsm commands --call-dirmngr and --call-protect-tool.
* Changing a passphrase is now possible using "gpgsm --passwd"
* The content-type attribute is now recognized and created.
* The agent does now reread certain options on receiving a HUP.
* The pinentry is now forked for each request so that clients with
different environments are supported. When running in daemon mode
and --keep-display is not used the DISPLAY variable is ignored.
* Merged stuff from the newpg branch and started this new
development branch.
Copyright 2002, 2003, 2004, 2005, 2006, 2007,
2008, 2009 Free Software Foundation, Inc.
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
modifications, as long as this notice is preserved.
This file is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/common/ChangeLog b/common/ChangeLog
index e2da8a01a..6ec45823d 100644
--- a/common/ChangeLog
+++ b/common/ChangeLog
@@ -1,1558 +1,1565 @@
+2009-12-07 Werner Koch <wk@g10code.com>
+
+ * pka.c (get_pka_info): Add support for ADNS.
+ * src.v (getsrv): Add support for ADNS.
+
+ * srv.c (getsrv): s/xrealloc/xtryrealloc/.
+
2009-12-04 Werner Koch <wk@g10code.com>
* Makefile.am (audit-events.h, status-codes.h): Create files in
the source dir. Fixes bug#1164.
2009-12-02 Werner Koch <wk@g10code.com>
* audit.c (proc_type_decrypt, proc_type_sign): Implemented.
(proc_type_verify): Print hash algo infos.
* audit.h (AUDIT_DATA_CIPHER_ALGO, AUDIT_BAD_DATA_CIPHER_ALSO)
(AUDIT_NEW_RECP, AUDIT_DECRYPTION_RESULT, AUDIT_RECP_RESULT)
(AUDIT_ATTR_HASH_ALGO, AUDIT_SIGNED_BY, AUDIT_SIGNING_DONE):
2009-11-05 Marcus Brinkmann <marcus@g10code.de>
* asshelp.c (start_new_gpg_agent): Update use of
assuan_socket_connect and assuan_pipe_connect.
2009-11-02 Marcus Brinkmann <marcus@g10code.de>
* get-passphrase.c (default_inq_cb, membuf_data_cb): Change return
type to gpg_error_t.
2009-10-28 Werner Koch <wk@g10code.com>
* status.h (STATUS_MOUNTPOINT): New.
2009-10-16 Marcus Brinkmann <marcus@g10code.com>
* Makefile.am (libcommon_a_CFLAGS): Use LIBASSUAN_CFLAGS instead
of LIBASSUAN_PTH_CFLAGS.
2009-10-13 Werner Koch <wk@g10code.com>
* exechelp.c (gnupg_kill_process): New.
2009-09-29 Werner Koch <wk@g10code.com>
* exechelp.c (create_inheritable_pipe): Rename to
create_inheritable_pipe_w.
(create_inheritable_pipe_r): New.
(gnupg_create_outbound_pipe): New.
* iobuf.h: Include "sysutils.h"
* iobuf.c (iobuf_open_fd_or_name): New.
(iobuf_get_fname_nonnull): New.
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* asshelp.c (start_new_gpg_agent): Allocate assuan context before
starting server.
2009-09-03 Werner Koch <wk@g10code.com>
Update from libestream:
* estream-printf.c: Include stdint.h only if HAVE_STDINT_H is
defined.
* estream-printf.c: Remove all test code. Use macro DEBUG instead
of TEST for debugging.
* estream-printf.c (pr_float): Make buffer larger for silly high
numbers.
2009-08-11 David Shaw <dshaw@jabberwocky.com>
* ttyio.h, ttyio.c (tty_enable_completion): Some ifdefs around
HAVE_LIBREADLINE to allow building when readline isn't available.
2009-08-06 Werner Koch <wk@g10code.com>
* status.h (STATUS_INV_SGNR, STATUS_NO_SGNR): New.
* status.c (get_inv_recpsgnr_code): New.
2009-07-23 David Shaw <dshaw@jabberwocky.com>
* srv.c (getsrv): Fix type-punning warning.
2009-07-23 Werner Koch <wk@g10code.com>
* util.h (GPG_ERR_NOT_ENABLED): New.
* audit.h (enum): Add AUDIT_CRL_CHECK.
* audit.c (proc_type_verify): Show CRL check result.
2009-07-06 Werner Koch <wk@g10code.com>
* get-passphrase.c (struct agentargs): Add SESSION_ENV and remove
obsolete args.
(gnupg_prepare_get_passphrase): Ditto.
* session-env.c, session-env.h: New.
* t-session-env.c: New.
* Makefile.am (common_sources, module_tests): Add them.
* asshelp.h: Include "session-env.h"
* asshelp.c (send_one_option): Add arg PUTENV.
(send_pinentry_environment): Replace most args by SESSION_ENV and
rewrite fucntion.
(start_new_gpg_agent): Likewise.
* t-exechelp.c (test_close_all_fds): Remove debug code.
2009-07-01 Werner Koch <wk@g10code.com>
* sexputil.c (get_pk_algo_from_canon_sexp): New.
2009-06-29 Werner Koch <wk@g10code.com>
* estream.c (BUFFER_ROUND_TO_BLOCK): Remove unused macro.
(es_func_mem_write): Rewrite reallocation part.
* estream.c (es_write_sanitized_utf8_buffer): Typo typo fix.
2009-06-25 Werner Koch <wk@g10code.com>
* estream.c (es_write_sanitized_utf8_buffer): Typo fix.
2009-06-24 Werner Koch <wk@g10code.com>
* estream.c (es_read_line): In the malloc error case, set
MAX_LENGTH to 0 only if requested.
* xreadline.c (read_line): Ditto.
* estream.c (es_write_sanitized_utf8_buffer): Pass on error from
es_fputs.
* sexputil.c (get_rsa_pk_from_canon_sexp): Check for error after
the loop. Reported by Fabian Keil.
2009-06-22 Werner Koch <wk@g10code.com>
* estream.c (es_pth_read, es_pth_write) [W32]: New.
(ESTREAM_SYS_READ, ESTREAM_SYS_WRITE) [HAVE_PTH]: Use them.
2009-06-03 Werner Koch <wk@g10code.com>
* estream.c (es_convert_mode): Rewrite and support the "x" flag.
2009-05-28 David Shaw <dshaw@jabberwocky.com>
From 1.4:
* http.h, http.c (send_request) Pass in a STRLIST for additional
headers. Change all callers.
2009-05-27 David Shaw <dshaw@jabberwocky.com>
From 1.4:
* http.h, http.c (send_request): Pass in srvtag and make its
presence sufficient to turn the feature on.
(http_open): From here.
(http_document): And here.
* srv.c (getsrv): Raise maximum packet size to 2048, as PACKETSZ
is too small these days.
2009-05-22 Werner Koch <wk@g10code.com>
* ttyio.c (tty_cleanup_after_signal): New.
2009-05-19 Werner Koch <wk@g10code.com>
* simple-pwquery.c (agent_open): Use SUN_LEN
(JNLIB_NEED_AFLOCAL): Define and include mischelp.h.
2009-05-07 Werner Koch <wk@g10code.com>
* sexputil.c (get_rsa_pk_from_canon_sexp): New.
* t-sexputil.c (test_make_canon_sexp_from_rsa_pk): Extend the test.
2009-04-28 Werner Koch <wk@g10code.com>
* sexputil.c (make_canon_sexp_from_rsa_pk): New.
* t-sexputil.c (test_make_canon_sexp_from_rsa_pk): New.
2009-04-01 Werner Koch <wk@g10code.com>
* iobuf.c: Port David's changes from 1.4:
(fd_cache_invalidate): Pass return code from close back.
(direct_open, iobuf_ioctl): Check that eturn value.
(fd_cache_synchronize): New.
(iobuf_ioctl): Add new sub command 4 (fsync).
* iobuf.c (fd_cache_strcmp): New. Taken from 1.4.
(fd_cache_invalidate, fd_cache_close, fd_cache_open): Use it.
* exechelp.c (gnupg_spawn_process): Implement new flag bit 6.
* sysutils.c (gnupg_allow_set_foregound_window): Allow the use of
ASFW_ANY.
* membuf.c (put_membuf, get_membuf): Wipe memory on out of core.
2009-03-31 Werner Koch <wk@g10code.com>
* percent.c (percent_unescape, percent_plus_unescape): New.
(percent_plus_unescape_inplace, percent_unescape_inplace): New.
(do_plus_or_plain_unescape, count_unescape, do_unescape): New.
(do_unescape_inplace): New.
* t-percent.c (test_percent_plus_escape): Test percent_plus_unescape.
* get-passphrase.c, get-passphrase.h: New.
* Makefile.am (without_pth_sources): New.
2009-03-18 Werner Koch <wk@g10code.com>
* exechelp.c: Include sys/resource.h and sys/stat.h.
(get_max_open_fds): New.
(do_exec): Use it.
(get_all_open_fds): New.
(close_all_fds): New.
(do_exec): Use close_all_fds.
* t-exechelp.c: New.
2009-03-13 David Shaw <dshaw@jabberwocky.com>
* http.c (do_parse_uri): Properly handle IPv6 literal addresses as
per RFC-2732. Adapted from patch by Phil Pennock.
2009-03-12 Werner Koch <wk@g10code.com>
* gettime.c: Include i18n.h.
(dump_isotime): New.
2009-03-06 Werner Koch <wk@g10code.com>
* sexputil.c (make_canon_sexp): New.
2009-03-03 Werner Koch <wk@g10code.com>
* exechelp.c (do_exec): Make sure that /dev/null connected FDs are
not closed.
2009-01-19 Werner Koch <wk@g10code.com>
* audit.c (writeout_li): Translate a few more result strings.
Fixes bug#970.
* convert.c (hex2str): Fix optimization to append a nul character.
2008-12-05 Werner Koch <wk@g10code.com>
* percent.c, t-percent.c: New.
* exechelp.c (gnupg_spawn_process, gnupg_spawn_process_fd)
(gnupg_spawn_process_detached) [W32]: Remove debug output.
2008-11-20 Werner Koch <wk@g10code.com>
* audit.c (writeout_li): Translate OKTEXT.
2008-11-04 Werner Koch <wk@g10code.com>
* i18n.c (i18n_init) [USE_SIMPLE_GETTEXT]: Adjust for changed
w32-gettext.c.
* homedir.c (gnupg_localedir): New.
2008-10-20 Werner Koch <wk@g10code.com>
* http.c (http_register_tls_callback) [!HTTP_USE_GNUTLS]: Mark
unused arg.
* localename.c (do_nl_locale_name): Ditto.
* audit.c (event2str): Silent gcc warning.
* sysutils.c (translate_sys2libc_fd): Mark unused arg.
(translate_sys2libc_fd_int): Ditto.
* iobuf.c (translate_file_handle): Ditto.
* asshelp.c (send_one_option): Ditto.
* exechelp.c (gnupg_spawn_process): Ditto.
* signal.c (got_usr_signal): Ditto
* estream.c (es_func_fd_create) [!W32]: Ditto.
(es_func_fp_create) [!W32]: Ditto.
(es_write_hexstring): Ditto.
(dummy_mutex_call_void, dummy_mutex_call_int) [HAVE_PTH]: New.
(ESTREAM_MUTEX_LOCK, ESTREAM_MUTEX_UNLOCK, ESTREAM_MUTEX_TRYLOCK)
(ESTREAM_MUTEX_INITIALIZE) [HAVE_PTH]: Use dummy calls so to mark
unused arg.
2008-10-19 Werner Koch <wk@g10code.com>
* estream-printf.c (estream_vsnprintf): Fix return value.
(check_snprintf): Add a new test.
(one_test) [W32]: Disable test.
2008-10-17 Werner Koch <wk@g10code.com>
* util.h (snprintf) [W32]: Redefine to estream_snprintf.
2008-09-03 Werner Koch <wk@g10code.com>
* convert.c (hex2str): New.
(hex2str_alloc): New.
* t-convert.c (test_hex2str): New.
2008-08-19 Werner Koch <wk@g10code.com>
* iobuf.c: Avoid passing a NULL (iobuf_t)->desc to the log
function. Should in general never be NULL, but well. Reported by
M. Heneka.
2008-06-26 Werner Koch <wk@g10code.com>
* estream.c (es_write_sanitized): Loose check for control
characters to better cope with utf-8. The range 0x80..0x9f is
nowadays not anymore accidently used for control charaters.
2008-06-25 Marcus Brinkmann <marcus@g10code.de>
Revert last three changes related to handle translation.
* sysutils.c:
(FD_TRANSLATE_MAX, fd_translate, fd_translate_len)
(translate_table_init, translate_table_lookup): Removed.
* iobuf.c (check_special_filename): Do not use
translate_table_lookup.
* sysutils.h (translate_table_init, translate_table_lookup):
Remove prototypes.
2008-06-19 Werner Koch <wk@g10code.com>
* sysutils.c: Remove <ctype.h>.
(fd_translate_max): Use macro for the size.
(translate_table_init): Protect read against EINTR and replace
isspace by spacep.
2008-06-18 Marcus Brinkmann <marcus@g10code.de>
* sysutils.c (TRANS_MAX): Bump up to 350 to be on the safe side.
* sysutils.h (translate_table_init, translate_table_lookup): New
prototypes.
* sysutils.c: Include <ctype.h>.
(FD_TRANSLATE_MAX): New macro.
(fd_translate, fd_translate_len): New static variables.
(translate_table_init, translate_table_lookup): New functions.
(translate_sys2libc_fd_int): Translate file descriptor.
* iobuf.c (check_special_filename): Translate handle values from
special filenames.
2008-06-16 Werner Koch <wk@g10code.com>
* homedir.c (w32_commondir): New.
(gnupg_sysconfdir): Use it.
2008-06-09 Werner Koch <wk@g10code.com>
* b64dec.c: New.
2008-06-05 Werner Koch <wk@g10code.com>
* util.h (gnupg_copy_time): Replace strcpy by memcpy.
2008-05-26 Werner Koch <wk@g10code.com>
* asshelp.c (send_one_option, send_pinentry_environment): use
xfree and xtrystrdup.
* i18n.c (i18n_switchto_utf8) [USE_SIMPLE_GETTEXT]: Return NULL.
* homedir.c (gnupg_module_name): Add
GNUPG_MODULE_NAME_CONNECT_AGENT and GNUPG_MODULE_NAME_GPGCONF.
2008-04-21 Werner Koch <wk@g10code.com>
* http.c (http_wait_response) [W32]: Use DuplicateHandle because
it is a socket.
(cookie_read) [W32]: Use recv in place of read.
2008-04-08 Werner Koch <wk@g10code.com>
* i18n.c (i18n_switchto_utf8, i18n_switchback)
[USE_SIMPLE_GETTEXT]: Implement.
2008-04-07 Werner Koch <wk@g10code.com>
* b64enc.c (b64enc_start): Detect PGP mode.
(b64enc_finish): Write PGP CRC.
* util.h (struct b64state): Add field CRC.
* t-b64.c: New.
* pka.c (get_pka_info): Use xtrymalloc and check result.
2008-03-25 Werner Koch <wk@g10code.com>
* localename.c: Strip all W32 code. Include w32help.h.
(gnupg_messages_locale_name) [W32]: Use the gettext_localename.
2008-03-17 Werner Koch <wk@g10code.com>
* iobuf.c (IOBUF_BUFFER_SIZE): Actually use this macro.
* simple-pwquery.c (agent_send_all_options): Fix last change.
2008-03-06 Werner Koch <wk@g10code.com>
* simple-pwquery.c (agent_send_all_options): Add support for
XAUTHORITY and PINENTRY_USER_DATA.
2008-02-15 Marcus Brinkmann <marcus@g10code.de>
* exechelp.c (gnupg_spawn_process_fd): Add flag DETACHED_PROCESS
unconditionally (required for all callers at the moment).
2008-02-14 Werner Koch <wk@g10code.com>
* sysutils.c (gnupg_allow_set_foregound_window): New.
(WINVER) [W32]: Define.
2008-01-31 Werner Koch <wk@g10code.com>
* audit.c (audit_print_result): Make sure that the output is
always UTF8.
2008-01-27 Werner Koch <wk@g10code.com>
* exechelp.c (gnupg_spawn_process): Add arg FLAGS and changed all
callers to pass 0 for it.
2007-12-13 Werner Koch <wk@g10code.com>
* sexputil.c (hash_algo_from_sigval): New.
* t-sexputil.c: New.
* Makefile.am (module_tests): Add it.
2007-12-11 Werner Koch <wk@g10code.com>
* asshelp.c (send_pinentry_environment): Allow using of old
gpg-agents not capabale of the xauthority and pinentry_user_data
options.
2007-12-04 Werner Koch <wk@g10code.com>
* Makefile.am (t_helpfile_LDADD, module_maint_tests): New.
* t-helpfile.c: New.
* helpfile.c: New.
* membuf.h (is_membuf_ready, MEMBUF_ZERO): New.
* localename.c: New. Taken from gettext with modifications as done
for GpgOL. Export one new function.
* util.h (gnupg_messages_locale_name, gnupg_get_help_string): Added.
* sysutils.c (gnupg_reopen_std): New. Taken from ../g10/gpg.c.
2007-11-27 Werner Koch <wk@g10code.com>
* Makefile.am (CLEANFILES): New.
* homedir.c (dirmngr_socket_name): Use CSIDL_WINDOWS.
2007-11-15 Werner Koch <wk@g10code.com>
* asshelp.c (send_pinentry_environment): Add args XAUTHORITY and
PINENTRY_USER_DATA.
(start_new_gpg_agent): Ditto.
2007-11-07 Werner Koch <wk@g10code.com>
* status.h: New.
* errors.h: Remove.
2007-11-05 Werner Koch <wk@g10code.com>
* audit.c, audit.h: New.
* Makefile.am: Add rules to build audit-events.h.
* exaudit.awk: New.
* mkstrtable.awk: New. Taken from libgpg-error.
2007-10-19 Werner Koch <wk@g10code.com>
* i18n.c (i18n_switchto_utf8, i18n_switchback): New.
2007-10-01 Werner Koch <wk@g10code.com>
* sysutils.h (FD2INT, INT2FD): New.
2007-09-21 Werner Koch <wk@g10code.com>
* homedir.c (default_homedir): Make registry work. Reported by
Marc Mutz.
2007-08-29 Werner Koch <wk@g10code.com>
* exechelp.c (gnupg_wait_process): Add arg EXITCODE. Changed all
callers.
(gnupg_create_inbound_pipe): New.
* util.h (GNUPG_MODULE_NAME_GPGSM, GNUPG_MODULE_NAME_GPG): New.
* homedir.c (gnupg_module_name): Add them
2007-08-28 Werner Koch <wk@g10code.com>
* gettime.c (check_isotime, add_isotime): New. Originally written
for DirMngr by me.
(add_days_to_isotime): New.
(date2jd, jd2date, days_per_month, days_per_year): New. Taken from
my ancient (1988) code used in Wedit (time2.c).
2007-08-27 Werner Koch <wk@g10code.com>
* util.h (GNUPG_MODULE_NAME_CHECK_PATTERN): New.
* homedir.c (gnupg_module_name): Add it.
* exechelp.c (w32_fd_or_null) [W32]: New.
(gnupg_spawn_process_fd): New.
(gnupg_wait_process) [W32]: Close the handle after if the process has
returned.
2007-08-22 Werner Koch <wk@g10code.com>
Updated estream from libestream.
* estream.c (mem_malloc, mem_realloc, mem_free): New. Use them
instead of the ES_MEM_foo.
* estream.c (estream_cookie_mem): Remove members DONT_FREE,
APPEND_ZERO, PTR and SIZE. Add MEMORY_LIMIT. Put GROW into a new
FLAGS struct.
(es_func_mem_create): Remove APPEND_ZERO, DONT_FREE, PTR and
SIZE. Add MEMORY_LIMIT.
(es_func_mem_write, es_func_mem_seek, es_func_mem_destroy): Revamp.
(es_open_memstream): Change API to just take a memory limit and a
mode argument. Rename to ..
(es_fopenmem): .. this.
(HAVE_W32_SYSTEM) [_WIN32]: Define if not defined.
(tmpfd) [W32]: Implement directly using the W32 API.
(es_fgets): Rewrite without using doreadline.
2007-08-21 Werner Koch <wk@g10code.com>
* sysutils.c (gnupg_tmpfile): New.
* t-sysutils.c: New.
* Makefile.am (module_tests): Add t-sysutils.
2007-08-20 Werner Koch <wk@g10code.com>
* exechelp.c [W32]: Redefine X_OK to F_OK.
2007-08-16 Werner Koch <wk@g10code.com>
* Makefile.am (t_convert_DEPENDENCIES): Remove
($(PROGRAMS)): Remove.
(t_common_ldadd): Use libcommon.a and not the macro.
2007-08-14 Werner Koch <wk@g10code.com>
* homedir.c (dirmngr_socket_name): New.
2007-08-07 Werner Koch <wk@g10code.com>
* tlv.c, tlv.h: Move from ../scd/.
* tlv.c (parse_sexp, parse_ber_header): Add ERRSOURCE arg and prefix
name with a _.
* tlv.h: Use macro to convey ERRSOURCE.
2007-08-02 Werner Koch <wk@g10code.com>
* gc-opt-flags.h: New.
2007-08-01 Werner Koch <wk@g10code.com>
* estream-printf.c (read_dummy_value): Removed as it is useless now.
(read_values): Remove check on !vaargs which is not anymore needed
and anyway not portable. Reported by Peter O'Gorman.
2007-07-16 Werner Koch <wk@g10code.com>
* estream.c (es_func_file_create): Clear NO_CLOSE flag.
2007-07-12 Werner Koch <wk@g10code.com>
* sysutils.h (gnupg_fd_t): New.
* sysutils.c (translate_sys2libc_fd): Use that type instead of int.
(translate_sys2libc_fd_int): New.
2007-07-09 Werner Koch <wk@g10code.com>
* t-gettime.c (test_isotime2epoch): Use time_t and not u32.
2007-07-05 Werner Koch <wk@g10code.com>
* t-gettime.c: New.
* gettime.c (isotime2epoch, epoch2isotime): New.
2007-07-04 Werner Koch <wk@g10code.com>
* estream.c (es_init_do): Do not throw an error if pth has already
been initialized.
2007-06-26 Werner Koch <wk@g10code.com>
* Makefile.am ($(PROGRAMS)): New.
* util.h (init_common_subsystems): Moved to ..
* init.h: .. New.
* util.h: Include init.h.
* homedir.c (standard_homedir): New.
(default_homedir) [W32]: Reimplemented in terms of
standard_homedir. Fixed memory leak.
2007-06-25 Werner Koch <wk@g10code.com>
* iobuf.c: Add more documentation and slighly restructured macro
defintion for better readability.
(FILEP_OR_FD): Rename to fp_or_fd_t.
(CLOSE_CACHE): Rename to close_cache_t.
* sysutils.c (translate_sys2libc_fd): New using the code from iobuf.c.
* iobuf.c: Include sysutils.h.
(iobuf_translate_file_handle): Remove.
(translate_file_handle): Use new function.
* estream-printf.c [TEST]: Header including fixes.
(do_format): Do not append a trailing Nul. This avoids spurious
Nuls in the es_printf output.
(estream_vsnprintf, estream_vasprintf): Take this in account.
* estream.h (struct es__stream): Change FLAGS to a bit structure.
(ES__FLAG_WRITING): Replace by a bit from FLAGS. * estream.c
(struct estream_internal): Rename FLAGS to MODEFLAGS so that they
are not confused with the estream flags.
(es_initialize, es_create): Add arg MODEFLAGS so that we can setup
the intial writemode. Changed all callers to pass them.
(es_convert_mode): Set O_BINARY.
(es_func_fd_create, es_func_fp_create, es_func_file_create) [W32]:
Call setmode if requested.
2007-06-24 Werner Koch <wk@g10code.com>
* estream.c (do_fpopen, es_fpopen, es_fpopen_nc): New.
(es_func_fp_create, es_func_fp_read, es_func_fp_write)
(es_func_fp_seek, es_func_fp_destroy): New.
2007-06-22 Werner Koch <wk@g10code.com>
* estream.c (es_fdopen): Factored code out to..
(do_fdopen): .. new.
(es_fdopen_nc): New.
(estream_cookie_fd): Add field NO_CLOSE.
(es_func_fd_create): Add arg NO_CLOSE and changed all callers.
(es_func_fd_destroy): Handle the new flag.
* homedir.c (gnupg_libexecdir) [W32]: Factor code out to ..
(w32_rootdir): .. new.
(gnupg_sysconfdir, gnupg_libdir, gnupg_datadir) [W32]: Return
name based on w32_rootdir().
2007-06-21 Werner Koch <wk@g10code.com>
* membuf.h (get_membuf_len): New.
* membuf.c (init_membuf_secure): Really allocate in secure memory.
(put_membuf_str): New.
* ttyio.c (tty_getf): New.
* util.h (ctrl_t): Declare it here.
* asshelp.c (start_new_gpg_agent): New. Based on code from
../sm/call-agent.c
2007-06-20 Werner Koch <wk@g10code.com>
* sysutils.c (gnupg_sleep): New.
* sysutils.h [W32]: Remove _sleep wrapper. Changed all callers to
use gnupg_sleep.
* exechelp.c (build_w32_commandline_copy): New.
(build_w32_commandline): Factored some code out to new function
and correctly process a PGMNAME with spaces.
(gnupg_spawn_process_detached) [W32]: Implement.
2007-06-14 Werner Koch <wk@g10code.com>
* simple-pwquery.h (MAP_SPWQ_ERROR_IMPL): New.
(SPWQ_NO_PIN_ENTRY): New.
* simple-pwquery.c (simple_pw_set_socket): New.
(agent_open): Use it if GPG_AGENT_INFO is not set.
(simple_pwquery): Extended to allow returning of otehyr error codes.
* util.h (GNUPG_MODULE_NAME_AGENT, GNUPG_MODULE_NAME_PINENTRY)
(GNUPG_MODULE_NAME_SCDAEMON, GNUPG_MODULE_NAME_DIRMNGR)
(GNUPG_MODULE_NAME_PROTECT_TOOL): New.
* homedir.c (gnupg_module_name): New.
(gnupg_bindir): New.
2007-06-12 Werner Koch <wk@g10code.com>
* homedir.c (gnupg_sysconfdir): New.
(gnupg_libexecdir): New. Taken from g10/misc.c:get_libexecdir.
(gnupg_datadir): New.
(gnupg_libdir): New.
* http.c (connect_server) [W32]: Do not call init_sockets if
HTTP_NO_WSASTARTUP is defined.
* init.c: New.
* estream.c (es_init_do): Init stream lock here because we can't
use a static initialization with W32pth.
2007-06-11 Werner Koch <wk@g10code.com>
* Makefile.am (t_common_ldadd): Use libcommonstd macro.
2007-06-06 Werner Koch <wk@g10code.com>
* Makefile.am: Include am/cmacros.am.
* sysutils.h [W32]: Remove prototypes for the registry access.
* w32reg.c: Move to ../jnlib/w32-reg.c.
* i18n.c (i18n_init): New.
* simple-gettext.c: Remove.
* iobuf.c (iobuf_get_filelength): Rename SIZE to EXSIZE to silent
shadowing warning.
2007-06-04 Werner Koch <wk@g10code.com>
* http.c [W32]: Include unistd.h also in this case.
(write_server) [W32]: Fixed error code.
(init_sockets): Fixed syntax error.
(cookie_close): Replace close by sock_close macro.
* estream.c [w32]: Do not init Mutex.
* Makefile.am (common_sources) [USE_SNS_SRV]: Build srv.c only
when needed.
* ttyio.c (init_ttyfp) [W32]: Do not use TTYFP.
* util.h: Include ../jnlib/dynload.h.
* dynload.h: Move to ../jnlib.
2007-05-30 Werner Koch <wk@g10code.com>
* estream.c (MEM_FREE, MEM_ALLOC, MEM_REALLOC): Prefix with ES_ as
windows.h also has such definitions,
2007-05-15 Werner Koch <wk@g10code.com>
* util.h: Do not include gnulib's vasprintf. Redefine asprintf
and vasprintf.
* xasprintf.c (xasprintf, xtryasprintf): Use estream_vasprintf.
* estream-printf.h, estream-printf.c: New. Taken from current
libestream SVN.
* Makefile.am (common_sources): Add them.
2007-05-14 Werner Koch <wk@g10code.com>
* sexp-parse.h (smklen): New.
* sexputil.c: Include sexp-parse.h.
(make_simple_sexp_from_hexstr): Replace sprintf by smklen.
2007-05-07 Werner Koch <wk@g10code.com>
* signal.c (got_fatal_signal): Protect SIG from being clobbered by
a faulty signal implementaion. Suggested by James Juran.
2007-04-25 Werner Koch <wk@g10code.com>
* i18n.h (ngettext): New.
* simple-gettext.c (ngettext): New.
2007-04-20 Werner Koch <wk@g10code.com>
* miscellaneous.c (my_gcry_logger, my_gcry_outofcore_handler):
Moved from gpg-agent to here.
(my_gcry_fatalerror_handler): new.
(setup_libgcrypt_logging): New.
2007-03-19 Werner Koch <wk@g10code.com>
* miscellaneous.c (print_hexstring): New.
* estream.c (es_fprintf_unlocked): New.
(es_write_sanitized): New.
(es_write_hexstring): New.
(es_write_sanitized_utf8_buffer) [GNUPG_MAJOR_VERSION]: New.
2007-03-09 David Shaw <dshaw@jabberwocky.com>
From STABLE-BRANCH-1-4
* http.c (do_parse_uri): Remove the hkp port 11371 detection. We
implement hkp in the keyserver handler, and the support here makes
it appear like a bad hkp request actually succeeded.
2007-01-31 Werner Koch <wk@g10code.com>
* Makefile.am (t_common_ldadd): Add LIBINCONV and LIBINTL.
2007-01-25 Werner Koch <wk@g10code.com>
* simple-pwquery.c (simple_pwquery): New arg OPT_CHECK.
2006-12-13 David Shaw <dshaw@jabberwocky.com>
* Makefile.am (AM_CPPFLAGS): Include intl/ so we can reference the
built-in headers.
2006-11-23 Werner Koch <wk@g10code.com>
* http.c: Include i18n.h
2006-11-21 Werner Koch <wk@g10code.com>
* estream.c: Remove explicit Pth soft mapping diabling becuase it
is now done in config.h.
2006-11-15 Werner Koch <wk@g10code.com>
* estream.c: Disabled Pth soft mapping.
(my_funopen_hook_ret_t): New.
(print_fun_writer): Use it here.
* iobuf.c (fd_cache_close): Use %d instead of %p for debug output.
2006-11-03 Werner Koch <wk@g10code.com>
* Makefile.am (t_convert_DEPENDENCIES): Add libcommon. From
Gentoo.
2006-10-24 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (libcommon_a_CFLAGS): Add $(LIBASSUAN_CFLAGS).
(libsimple_pwquery_a_CFLAGS): New variable.
2006-10-20 Werner Koch <wk@g10code.com>
* convert.c (hex2bin): New.
2006-10-17 Werner Koch <wk@g10code.com>
* estream.c (struct estream_internal, es_initialize)
(es_deinitialize, print_fun_writer, es_print): New and modified
functions to avoid tempfiles for printf style printing.
* Makefile.am (libcommonpth_a_SOURCES): New. We now build a secon
version of the library with explicit Pth support.
* exechelp.c, estream.c: Make use of WITHOUT_GNU_PTH.
2006-10-08 Werner Koch <wk@g10code.com>
* gpgrlhelp.c: Trun all functions into dummies if readline is not
available.
2006-10-06 Werner Koch <wk@g10code.com>
* Makefile.am (AM_CFLAGS): Use PTH version of libassuan.
* util.h (GNUPG_GCC_A_SENTINEL): Defined for gcc >= 4.
2006-10-04 David Shaw <dshaw@jabberwocky.com>
* gpgrlhelp.c: readline requires stdio.h.
2006-10-04 Werner Koch <wk@g10code.com>
* membuf.c (init_membuf_secure): New.
(put_membuf): Make sure that ERRNO is set even if the underlying
malloc code does not work properly.
(get_membuf): Set ERRNO on error.
(get_membuf): Allow to pass LEN as NULL.
2006-10-02 Werner Koch <wk@g10code.com>
* iobuf.c (iobuf_unread): Removed. This code is not required.
Also removed the entire unget buffer stuff.
2006-09-27 Werner Koch <wk@g10code.com>
* util.h: Do not include strsep.h and strpbrk.h.
(isascii): Removed as it is now in jnlib.
* iobuf.c (pop_filter, underflow, iobuf_close): Free the unget
buffer.
2006-09-27 Florian Weimer <fweimer@bfk.de> (wk)
* iobuf.c (iobuf_unread): New.
2006-09-22 Werner Koch <wk@g10code.com>
* i18n.h: Changed license to an all permissive one.
* ttyio.c (tty_get): We need to use readline too. Added two more
hooks.
2006-09-21 Werner Koch <wk@g10code.com>
* ttyio.c (tty_private_set_rl_hooks): New.
(tty_enable_completion, tty_disable_completion): Use a hook to
enable readline support. Now always available.
(tty_cleanup_rl_after_signal): New.
* ttyio.h: Removed readline specific stuff. Included util.h.
* common-defs.h: New.
2006-09-15 Werner Koch <wk@g10code.com>
* convert.c: New.
(hexcolon2bin): New.
(bin2hex, bin2hexcolon, do_binhex): New.
* t-convert.c: New
2006-09-14 Werner Koch <wk@g10code.com>
* util.h (out_of_core): Use new gpg_error_from_syserror function.
* http.c (init_sockets): Changed it to require 2.2 unless it is
build within gnupg 1 where we require 1.1 (and not anymore allow
for 1.0).
2006-09-07 Werner Koch <wk@g10code.com>
* exechelp.c (gnupg_spawn_process): Factor out post fork code to ..
(do_exec): .. new function. Allow passing of -1 for the fds.
(gnupg_spawn_process): Terminate gcrypt's secure memory in the child.
(gnupg_spawn_process_detached): New.
2006-09-06 Werner Koch <wk@g10code.com>
* maperror.c: Removed.
* util.h (out_of_core): New.
2006-09-04 Werner Koch <wk@g10code.com>
* http.c (http_get_header): New.
(capitalize_header_name, store_header): New.
(parse_response): Store headers away.
(send_request): Return GPG_ERR_NOT_FOUND if connect_server failed.
* http.h: New flag HTTP_FLAG_NEED_HEADER.
2006-08-21 Werner Koch <wk@g10code.com>
* Makefile.am (libcommon_a_SOURCES): Added keyserver.h
* openpgpdefs.h: New. Stripped from ..g10/packet.h.
2006-08-16 Werner Koch <wk@g10code.com>
* keyserver.h: Moved from ../include to here.
* http.c: Include srv.h.
* srv.c, srv.h: New. Taken from GnuPG 1.4
2006-08-14 Werner Koch <wk@g10code.com>
* http.h (struct http_context_s): Moved to implementation.
* http.c (http_open): Changed call to return a context.
(http_open_document): Ditto.
(http_get_read_ptr, http_get_read_ptr, http_get_status_code): New.
(do_parse_uri): Replaced strlwr by straight code to ease
standalone use of this file.
(http_wait_response): Removed arg STATUS_CODE as it is available
through an accessor function. Adjusted caller.
(http_escape_string): New.
* estream.c (es_read_line): Renamed to ..
(doreadline): .. this. Changed all callers.
(es_read_line): New. This is theusual limited getline variabnt as
used at several places. Here taken and adjusted from xreadline.c
(es_free): New.
2006-08-11 Werner Koch <wk@g10code.com>
* http.c: Major internal changes to optionallly support GNUTLS and
ESTREAM.
(http_open): Move initialization of the stream ...
(send_request): .. here.
(http_register_tls_callback): New.
* estream.c (es_writen): Try to seek only is a seek function has
been registered.
2006-08-09 Werner Koch <wk@g10code.com>
* http.c, http.h: New. Taken from gnupg 1.4.5, merged with
changes done for the Dirmngr project (by g10 Code) and cleaned up
some stuff.
(make_header_line): New. Change all caller to make user of the new
* Makefile.am (libcommon_a_SOURCES): Added http.c and http.h.
2006-05-23 Werner Koch <wk@g10code.com>
* gettime.c (isotimestamp): New.
* ttyio.c (tty_get_ttyname): Posixly correct usage of ctermid.
* dns-cert.c: New. Taken from 1.4.3's util/cert.c.
* dns-cert.h: New.
2006-05-22 Werner Koch <wk@g10code.com>
* pka.c: New. Taked from 1.4.3.
* pka.h: New.
* Makefile.am: Added pka.
2006-05-19 Werner Koch <wk@g10code.com>
* yesno.c (answer_is_yes_no_default, answer_is_yes_no_quit):
Updated from 1.4.3.
(answer_is_okay_cancel): new. From 1.4.3.
* miscellaneous.c (match_multistr): New. Taken from 1.4.3.
* ttyio.c (tty_enable_completion, tty_disable_completion): New
dummy functions.
* ttyio.h: Add prototypes and stubs.
2006-04-19 Werner Koch <wk@g10code.com>
* iobuf.c (iobuf_get_fd): New. Taken from 1.4.3.
(iobuf_is_pipe_filename): New.
(pop_filter): Made static.
(iobuf_skip_rest): New. Orginal patch by Florian
Weimer. Added new argument PARTIAL.
(block_filter): Remove the old gpg indeterminate length mode.
(block_filter): Properly handle a partial body stream
that ends with a 5-byte length that happens to be zero.
(iobuf_set_block_mode, iobuf_in_block_mode): Removed as
superfluous.
(iobuf_get_filelength): New arg OVERFLOW.
(iobuf_get_filelength) [W32]: Use GetFileSizeEx if available
* miscellaneous.c (is_file_compressed): Take care of OVERFLOW.
2006-04-18 Werner Koch <wk@g10code.com>
* homedir.c (w32_shgetfolderpath): New. Taken from gpg 1.4.3.
(default_homedir): Use it.
2005-10-08 Marcus Brinkmann <marcus@g10code.de>
* signal.c (get_signal_name): Check value of HAVE_DECL_SYS_SIGLIST
instead of just if it is defined.
2005-09-28 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (AM_CFLAGS): Add $(LIBASSUAN_CFLAGS).
2005-07-04 Marcus Brinkmann <marcus@g10code.de>
* simple-pwquery.h (simple_pwclear): New prototype.
* simple-pwquery.c (simple_pwclear): New function.
2005-06-15 Werner Koch <wk@g10code.com>
* miscellaneous.c (make_printable_string): Made P a void*.
* sexputil.c (keygrip_from_canon_sexp, cmp_simple_canon_sexp):
Fixed signed/unsigned pointer mismatch.
(make_simple_sexp_from_hexstr): Ditto. This is all too ugly; I
wonder why gcc-4's default is to warn about them and forcing us to
use cast the warning away.
* iobuf.c (block_filter): Ditto.
(iobuf_flush): Ditto.
(iobuf_read_line): Ditto.
(iobuf_read): Make BUFFER a void *.
(iobuf_write): Make BUFFER a const void *.
* ttyio.c (tty_print_utf8_string2): Ditto.
* estream.c (estream_cookie_mem): Make MEMORY unsigned char*.
(es_write): Make BUFFER a void *.
(es_writen): Ditto.
(es_func_fd_read, es_func_fd_write, es_func_mem_read)
(es_func_mem_write): Ditto.
(es_read, es_readn): Ditto.
(es_func_mem_write): Made MEMORY_NEW an unsigned char *.
* estream.h (es_cookie_read_function_t)
(es_cookie_write_function_t): Changed buffer arg to void*.
2005-06-03 Werner Koch <wk@g10code.com>
* estream.c: Use HAVE_CONFIG_H and not USE_CONFIG_H!
(es_func_fd_read, es_func_fd_write): Protect against EINTR.
2005-06-01 Werner Koch <wk@g10code.com>
* Makefile.am (AM_CPPFLAGS): Added.
* util.h: Add some includes for gnulib.
(ttyname, isascii): Define them inline.
* fseeko.c, ftello.c: Removed.
* strsep.c, mkdtemp.c: Removed.
* ttyname.c, isascii.c: Removed.
2005-05-31 Werner Koch <wk@g10code.com>
* dynload.h: s/__inline__/inline/.
2005-05-13 Werner Koch <wk@g10code.com>
* signal.c (got_fatal_signal): Print the signal number if we can't
get a name for it.
(get_signal_name): Return NULL if no name is available. Fixed
conditional for sys_siglist to the correct one.
2005-04-17 Werner Koch <wk@g10code.com>
* sexputil.c (cmp_simple_canon_sexp): New.
(make_simple_sexp_from_hexstr): New.
2005-04-07 Werner Koch <wk@g10code.com>
* sexputil.c: New.
2005-04-11 Marcus Brinkmann <marcus@g10code.de>
* simple-pwquery.c (simple_pwquery): Use spwq_secure_free.
2005-03-03 Werner Koch <wk@g10code.com>
* Makefile.am (AM_CFLAGS): Added PTH_CFLAGS. Noted by Kazu Yamamoto.
2005-02-25 Werner Koch <wk@g10code.com>
* xasprintf.c (xtryasprintf): New.
2005-01-26 Moritz Schulte <moritz@g10code.com>
* Makefile.am (libcommon_a_SOURCES): New source files: estream.c,
estream.h.
* estream.c, estream.h: New files.
2005-01-03 Werner Koch <wk@g10code.com>
* asshelp.c (send_pinentry_environment): Fixed changed from
2004-12-18; cut+paste error for lc-messages.
2004-12-21 Werner Koch <wk@g10code.com>
* simple-pwquery.c (agent_open) [W32]: Implement for W32.
(readline) [W32]: Use recv instead of read.
(writen) [W32]: Use send instead of write.
(my_stpcpy): Define a stpcpy replacement so that this file
continues to be self-contained.
(agent_send_all_options) [W32]: Don't call ttyname.
2004-12-21 Marcus Brinkmann <marcus@g10code.de>
* simple-pwquery.h (simple_query): Add prototype.
* simple-pwquery.c (simple_query): New function.
2004-12-21 Werner Koch <wk@g10code.com>
* signal.c (got_fatal_signal, got_usr_signal)
(got_fatal_signal) [DOSISH]: Don't build.
* simple-gettext.c: Include sysutils.h
* homedir.c: New. Use CSIDL_APPDATA for W32 as the default home
directory.
* Makefile.am (libcommon_a_SOURCES): Add it.
(EXTRA_DIST): Removed mkerror and mkerrtok.
2004-12-20 Werner Koch <wk@g10code.com>
* sysutils.h [W32]: Define sleep.
* util.h: Add prototype for mkdtemp.
* membuf.c (put_membuf): Wipe out buffer after a failed realloc.
2004-12-19 Werner Koch <wk@g10code.com>
* maperror.c (map_assuan_err_with_source): Oops, args were swapped.
2004-12-18 Werner Koch <wk@g10code.com>
* maperror.c (map_assuan_err): Renamed to ..
(map_assuan_err_with_source): .. this and add arg SOURCE.c
* asshelp.c (send_pinentry_environment, send_one_option): Add arg
ERRSOURCE.
2004-12-15 Werner Koch <wk@g10code.com>
* sysutils.h [W32]: Prototypes for registry functions.
* w32reg.c: Include sysutils.h
* simple-pwquery.c [W32]: Dummy code to allow a build.
* exechelp.c [W32]: Implemented for W32 .
* ttyname.c: New.
* asshelp.c (send_one_option): New.
(send_pinentry_environment): Cleaned up and made sure that empty
values are not send.
2004-12-07 Werner Koch <wk@g10code.com>
* asshelp.c (send_pinentry_environment) [W32]: Do not use ttyname.
2004-12-06 Werner Koch <wk@g10code.com>
* exechelp.h, exechelp.c: New. Based on code from ../sm/import.c.
2004-12-03 Werner Koch <wk@g10code.com>
* strsep.c: Fixed copyright comments.
2004-11-26 Werner Koch <wk@g10code.com>
* simple-gettext.c: New taken from gnupg 1.3.x
* simple-pwquery.c [_WIN32]: Include winsock2.h.
(agent_open): Disable it until we have our AF_UNIX implementation
ready.
* fseeko.c, ftello.c: Include sys/types for the sake of W32.
2004-11-23 Werner Koch <wk@g10code.com>
* b64enc.c: Include stdio.h and string.h
2004-08-18 Werner Koch <wk@g10code.de>
* simple-pwquery.c (simple_pwquery): Handle gpg-error style return
code for canceled.
2004-07-20 Werner Koch <wk@g10code.de>
* maperror.c: Removed header ksba.h. Not required anymore.
2004-06-14 Werner Koch <wk@gnupg.org>
* xreadline.c: New. Based on the iobuf_read_line function.
2004-05-12 Werner Koch <wk@gnupg.org>
* util.h (xtrycalloc_secure,xtrymalloc_secure): New.
2004-05-11 Werner Koch <wk@gnupg.org>
* sysutils.c (disable_core_dumps): Only set the current limit.
(enable_core_dumps): New.
2004-04-13 Werner Koch <wk@gnupg.org>
* simple-pwquery.c (copy_and_escape): Relaxed quoting.
2004-04-05 Werner Koch <wk@gnupg.org>
* errors.h (STATUS_NEWSIG): New.
2004-03-11 Werner Koch <wk@gnupg.org>
* dynload.h [__MINGW32__]: Define RTLD_LAZY.
2004-03-09 Werner Koch <wk@gnupg.org>
* maperror.c (map_assuan_err): Map the Locale_Problem item.
2004-03-03 Werner Koch <wk@gnupg.org>
* asshelp.c, asshelp.h: New.
(send_pinentry_environment): New. Code taken from ../sm/call-agent.c.
2004-02-19 Werner Koch <wk@gnupg.org>
* simple-pwquery.c (agent_open): Don't mangle INFOSTR.
2004-02-17 Werner Koch <wk@gnupg.org>
* simple-pwquery.c (agent_open): Ignore an empty GPG_AGENT_INFO.
* errors.h: Added STATUS_IMPORT_OK.
2004-02-10 Werner Koch <wk@gnupg.org>
* b64enc.c: New. Based on code from ../sm/base64.c.
2004-01-30 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (libcommon_a_SOURCES): Add xasprintf.c.
* miscellaneous.c (xasprintf): Moved to ...
* xasprintf (xasprintf): ... here. New file.
This allows to use xasprintf without sucking in gpg-error.
2004-01-27 Werner Koch <wk@gnupg.org>
* sexp-parse.h: New; moved from../agent.
* util.h (xtoi_4): New.
2003-12-23 Werner Koch <wk@gnupg.org>
* maperror.c (map_assuan_err): Prepared for a new error code.
2003-12-17 Werner Koch <wk@gnupg.org>
* gettime.c (asctimestamp): Add a note on a non-avoidable gcc warning.
* util.h [!HAVE_VASPRINTF]: Add printf format attribute to the
replacement function.
* miscellaneous.c (xasprintf): New.
2003-11-14 Werner Koch <wk@gnupg.org>
* mkdtemp.c (mkdtemp): Use gcry_create_nonce.
* cryptmiss.c: Removed.
2003-11-13 Werner Koch <wk@gnupg.org>
* util.h (vasprintf): Also fixed the prototype.
* vasprintf.c (vasprintf): ARGS should not be a pointer. Fixed
segv on Solaris. Reported by Andrew J. Schorr.
2003-11-12 Werner Koch <wk@gnupg.org>
* maperror.c (map_ksba_err, map_gcry_err, map_kbx_err): Removed.
2003-10-31 Werner Koch <wk@gnupg.org>
* util.h (gnupg_isotime_t): New.
(gnupg_copy_time): New.
* gettime.c (gnupg_get_isotime): New.
2003-09-23 Werner Koch <wk@gnupg.org>
* iobuf.c (check_special_filename): Replaced is isdigit by digitp
to avoid passing negative values and potential locale problems.
Problem noted by Christian Biere.
* util.h (ascii_isspace): New.
2003-09-18 Werner Koch <wk@gnupg.org>
* ttyio.c (tty_fprintf): New.
(tty_print_string, tty_print_utf8_string2)
(tty_print_utf8_string): Made P argument const byte*.
2003-08-20 Marcus Brinkmann <marcus@g10code.de>
* maperror.c (map_ksba_err): Map -1. Use gpg_err_make to set
the error source.
2003-08-14 Timo Schulz <twoaday@freakmail.de>
* dynload.h. New. W32 wrapper around the dynload mechanism.
2003-07-15 Werner Koch <wk@gnupg.org>
* simple-pwquery.c, simple-pwquery.h: New; moved from ../agent.
* Makefile.am (libsimple_pwquery_a_LIBADD): New.
2003-06-25 Werner Koch <wk@gnupg.org>
* maperror.c (map_to_assuan_status): Directly map 0 to 0.
2003-06-17 Werner Koch <wk@gnupg.org>
* gettime.c (scan_isodatestr,add_days_to_timestamp,strtimevalue)
(strtimestamp,asctimestamp): New. Code taken from gnupg 1.3.2
mischelp.c.
* yesno.c: New. Code taken from gnupg 1.3.2 mischelp.c
* miscellaneous.c: New.
* util.h: Include utf8conf.h
2003-06-16 Werner Koch <wk@gnupg.org>
* gettime.c (make_timestamp): New.
* ttyio.c: New. Taken from gnupg 1.2.
* ttyio.h: Move from ../include.
2003-06-13 Werner Koch <wk@gnupg.org>
* util.h (seterr): Removed macro.
(xmalloc_secure,xcalloc_secure): New.
2003-06-11 Werner Koch <wk@gnupg.org>
* iobuf.c (iobuf_writebyte,iobuf_write): Return error code from
iobuf_flush.
(iobuf_writestr): Ditto.
2003-06-10 Werner Koch <wk@gnupg.org>
* iobuf.c, iobuf.h: New. Taken from current gnupg 1.3 CVS. Run
indent on it and adjusted error handling to libgpg-error style.
Replaced IOBUF by iobuf_t. Renamed malloc functions.
2003-06-04 Werner Koch <wk@gnupg.org>
* errors.h: Removed all error codes. We keep the status codes for
now.
* Makefile.am: Do not create errors.c anymore; remove it from the
sources.
* maperror.c: Don't include error.h. Change all error codes to
libgpg-error style.
(map_assuan_err): Changed to new Assuan error code convention.
(map_to_assuan_status): Likewise.
(map_gcry_err,map_kbx_err): Not needed. For now dummy functions.
* membuf.c, membuf.h: New. Code taken from ../sm/call-agent.h.
* Makefile.am: Added above.
2003-04-29 Werner Koch <wk@gnupg.org>
* util.h (fopencokokie): Removed prototype and struct.
* fopencookie.c: Removed.
* maperror.c: Use system assuan.h
2002-10-31 Neal H. Walfield <neal@g10code.de>
* isascii.c: New file.
* putc_unlocked.c: Likewise.
2002-10-28 Neal H. Walfield <neal@g10code.de>
* signal.c (caught_fatal_sig): Remove superfluous zero
initializer.
(caught_sigusr1): Likewise.
2002-09-04 Neal H. Walfield <neal@g10code.de>
* vasprintf.c (vasprintf) [va_copy]: Use va_copy.
[!va_copy && __va_copy]: Use __va_copy.
[!va_copy && !__va_copy]: Only now fall back to using memcpy.
2002-08-21 Werner Koch <wk@gnupg.org>
* errors.h: Added STATUS_IMPORT_PROBLEM.
2002-08-20 Werner Koch <wk@gnupg.org>
* vasprintf.c: Hack to handle NULL for %s.
2002-08-09 Werner Koch <wk@gnupg.org>
* signal.c: New. Taken from GnuPG 1.1.91.
2002-07-23 Werner Koch <wk@gnupg.org>
* util.h (_IO_cookie_io_functions_t): Fixed typo. Noted by
Richard Lefebvre.
2002-07-22 Werner Koch <wk@gnupg.org>
* fseeko.c, ftello.c: New.
2002-06-28 Werner Koch <wk@gnupg.org>
* maperror.c (map_to_assuan_status): Map more errorcodes to Bad
Certificate.
2002-06-26 Werner Koch <wk@gnupg.org>
* maperror.c (map_to_assuan_status): Map EOF to No_Data_Available.
2002-06-10 Werner Koch <wk@gnupg.org>
* errors.h (gnupg_error_token): Add new prototype.
(STATUS_ERROR): New.
* mkerrtok: New.
* Makefile.am: Use it to create the new error token function.
2002-06-04 Werner Koch <wk@gnupg.org>
* maperror.c (map_to_assuan_status): Map Bad_CA_Certificate.
2002-05-23 Werner Koch <wk@gnupg.org>
* no-pth.c, Makefile.am: Removed.
2002-05-22 Werner Koch <wk@gnupg.org>
* mkdtemp.c: Replaced byte by unsigned char because it is no longer
defined in gcrypt.h.
2002-05-21 Werner Koch <wk@gnupg.org>
* maperror.c (map_gcry_err): Add libgcrypt's new S-expression errors.
(map_ksba_err): Add a few mappings.
2002-05-14 Werner Koch <wk@gnupg.org>
* gettime.c: New.
2002-05-03 Werner Koch <wk@gnupg.org>
* errors.h: Added STARUS_EXPSIG and STATUS_EXPKEYSIG.
2002-04-15 Werner Koch <wk@gnupg.org>
* cryptmiss.c: New.
2002-02-14 Werner Koch <wk@gnupg.org>
* maperror.c: Add more assuan<->gnupg mappings.
2002-02-12 Werner Koch <wk@gnupg.org>
* fopencookie.c: Dummy function.
* vasprintf.c: New. Taken from binutils-2.9.1 and dropped all non
ANSI-C stuff. Merged with asprintf version.
* no-pth.c: New.
2002-01-23 Werner Koch <wk@gnupg.org>
* mkdtemp.c: Copied from gnupg-1.0.6c and changed to use libgcrypt.
2002-01-19 Werner Koch <wk@gnupg.org>
* sysutils.c: New. This is the misc.c file from gnupg 1.0.6 with
the OpenPGP stuff removed.
* sysutils.h: New.
2002-01-15 Werner Koch <wk@gnupg.org>
* maperror.c: Add mapping for Not_Trusted.
2002-01-11 Werner Koch <wk@gnupg.org>
* maperror.c (map_assuan_err): Codes for CRL
2002-01-08 Werner Koch <wk@gnupg.org>
* util.h (spacep): New.
2002-01-02 Werner Koch <wk@gnupg.org>
* maperror.c (map_to_assuan_status): New. Merged from ../agent
and ../sm.
2001-12-20 Werner Koch <wk@gnupg.org>
* maperror.c (map_gcry_err): Add some mappings.
2001-12-18 Werner Koch <wk@gnupg.org>
* Makefile.am (AM_CPPFLAGS): Include flags for gcrypt and ksba
2001-12-14 Werner Koch <wk@gnupg.org>
* util.h (digitp, hexdigitp): New ctype like macros.
(atoi_1,atoi_2,atoi_4,xtoi_1,xtoi_2): New.
Copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007,
2008, 2009 Free Software Foundation, Inc.
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
modifications, as long as this notice is preserved.
This file is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/common/pka.c b/common/pka.c
index 79a0bc3f5..e78f54367 100644
--- a/common/pka.c
+++ b/common/pka.c
@@ -1,252 +1,321 @@
/* pka.c - DNS Public Key Association RR access
* Copyright (C) 2005 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#ifdef USE_DNS_PKA
#include <sys/types.h>
#ifdef _WIN32
#include <windows.h>
#else
#include <netinet/in.h>
#include <arpa/nameser.h>
#include <resolv.h>
#endif
#endif /* USE_DNS_PKA */
+#ifdef USE_ADNS
+# include <adns.h>
+# ifndef HAVE_ADNS_FREE
+# define adns_free free
+# endif
+#endif
#include "util.h"
#include "pka.h"
#ifdef USE_DNS_PKA
/* Parse the TXT resource record. Format is:
v=pka1;fpr=a4d94e92b0986ab5ee9dcd755de249965b0358a2;uri=string
For simplicity white spaces are not allowed. Because we expect to
use a new RRTYPE for this in the future we define the TXT really
strict for simplicity: No white spaces, case sensitivity of the
names, order must be as given above. Only URI is optional.
This function modifies BUFFER. On success 0 is returned, the 20
byte fingerprint stored at FPR and BUFFER contains the URI or an
empty string.
*/
static int
parse_txt_record (char *buffer, unsigned char *fpr)
{
char *p, *pend;
int i;
p = buffer;
pend = strchr (p, ';');
if (!pend)
return -1;
*pend++ = 0;
if (strcmp (p, "v=pka1"))
return -1; /* Wrong or missing version. */
p = pend;
pend = strchr (p, ';');
if (pend)
*pend++ = 0;
if (strncmp (p, "fpr=", 4))
return -1; /* Missing fingerprint part. */
p += 4;
for (i=0; i < 20 && hexdigitp (p) && hexdigitp (p+1); i++, p += 2)
fpr[i] = xtoi_2 (p);
if (i != 20)
return -1; /* Fingerprint consists not of exactly 40 hexbytes. */
p = pend;
if (!p || !*p)
{
*buffer = 0;
return 0; /* Success (no URI given). */
}
if (strncmp (p, "uri=", 4))
return -1; /* Unknown part. */
p += 4;
/* There is an URI, copy it to the start of the buffer. */
while (*p)
*buffer++ = *p++;
*buffer = 0;
return 0;
}
/* For the given email ADDRESS lookup the PKA information in the DNS.
On success the 20 byte SHA-1 fingerprint is stored at FPR and the
URI will be returned in an allocated buffer. Note that the URI
might be an zero length string as this information is optional.
Caller must xfree the returned string.
On error NULL is returned and the 20 bytes at FPR are not
defined. */
char *
get_pka_info (const char *address, unsigned char *fpr)
{
+#ifdef USE_ADNS
+ int rc;
+ adns_state state;
+ const char *domain;
+ char *name;
+ adns_answer *answer = NULL;
+ char *buffer = NULL;
+
+ domain = strrchr (address, '@');
+ if (!domain || domain == address || !domain[1])
+ return NULL; /* Invalid mail address given. */
+ name = xtrymalloc (strlen (address) + 5 + 1);
+ if (!name)
+ return NULL;
+ memcpy (name, address, domain - address);
+ strcpy (stpcpy (name + (domain-address), "._pka."), domain+1);
+
+ rc = adns_init (&state, adns_if_noerrprint, NULL);
+ if (rc)
+ {
+ log_error ("error initializing adns: %s\n", strerror (errno));
+ xfree (name);
+ return NULL;
+ }
+
+ rc = adns_synchronous (state, name, adns_r_txt, adns_qf_quoteok_query,
+ &answer);
+ xfree (name);
+ if (rc)
+ {
+ log_error ("DNS query failed: %s\n", strerror (errno));
+ adns_finish (state);
+ return NULL;
+ }
+ if (answer->status != adns_s_ok
+ || answer->type != adns_r_txt || !answer->nrrs)
+ {
+ log_error ("DNS query returned an error: %s (%s)\n",
+ adns_strerror (answer->status),
+ adns_errabbrev (answer->status));
+ adns_free (answer);
+ adns_finish (state);
+ return NULL;
+ }
+
+ /* We use a PKA records iff there is exactly one record. */
+ if (answer->nrrs == 1 && answer->rrs.manyistr[0]->i != -1)
+ {
+ buffer = xtrystrdup (answer->rrs.manyistr[0]->str);
+ if (parse_txt_record (buffer, fpr))
+ {
+ xfree (buffer);
+ buffer = NULL; /* Not a valid gpg trustdns RR. */
+ }
+ }
+
+ adns_free (answer);
+ adns_finish (state);
+ return buffer;
+
+#else /*!USE_ADNS*/
unsigned char answer[PACKETSZ];
int anslen;
int qdcount, ancount, nscount, arcount;
int rc;
unsigned char *p, *pend;
const char *domain;
char *name;
domain = strrchr (address, '@');
if (!domain || domain == address || !domain[1])
return NULL; /* invalid mail address given. */
name = xtrymalloc (strlen (address) + 5 + 1);
if (!name)
return NULL;
memcpy (name, address, domain - address);
strcpy (stpcpy (name + (domain-address), "._pka."), domain+1);
anslen = res_query (name, C_IN, T_TXT, answer, PACKETSZ);
xfree (name);
if (anslen < sizeof(HEADER))
return NULL; /* DNS resolver returned a too short answer. */
if ( (rc=((HEADER*)answer)->rcode) != NOERROR )
return NULL; /* DNS resolver returned an error. */
/* We assume that PACKETSZ is large enough and don't do dynmically
expansion of the buffer. */
if (anslen > PACKETSZ)
return NULL; /* DNS resolver returned a too long answer */
qdcount = ntohs (((HEADER*)answer)->qdcount);
ancount = ntohs (((HEADER*)answer)->ancount);
nscount = ntohs (((HEADER*)answer)->nscount);
arcount = ntohs (((HEADER*)answer)->arcount);
if (!ancount)
return NULL; /* Got no answer. */
p = answer + sizeof (HEADER);
pend = answer + anslen; /* Actually points directly behind the buffer. */
while (qdcount-- && p < pend)
{
rc = dn_skipname (p, pend);
if (rc == -1)
return NULL;
p += rc + QFIXEDSZ;
}
if (ancount > 1)
return NULL; /* more than one possible gpg trustdns record - none used. */
while (ancount-- && p <= pend)
{
unsigned int type, class, txtlen, n;
char *buffer, *bufp;
rc = dn_skipname (p, pend);
if (rc == -1)
return NULL;
p += rc;
if (p >= pend - 10)
return NULL; /* RR too short. */
type = *p++ << 8;
type |= *p++;
class = *p++ << 8;
class |= *p++;
p += 4;
txtlen = *p++ << 8;
txtlen |= *p++;
if (type != T_TXT || class != C_IN)
return NULL; /* Answer does not match the query. */
buffer = bufp = xmalloc (txtlen + 1);
while (txtlen && p < pend)
{
for (n = *p++, txtlen--; txtlen && n && p < pend; txtlen--, n--)
*bufp++ = *p++;
}
*bufp = 0;
if (parse_txt_record (buffer, fpr))
{
xfree (buffer);
return NULL; /* Not a valid gpg trustdns RR. */
}
return buffer;
}
return NULL;
+#endif /*!USE_ADNS*/
}
+
#else /* !USE_DNS_PKA */
/* Dummy version of the function if we can't use the resolver
functions. */
char *
get_pka_info (const char *address, unsigned char *fpr)
{
return NULL;
}
#endif /* !USE_DNS_PKA */
#ifdef TEST
int
main(int argc,char *argv[])
{
unsigned char fpr[20];
char *uri;
int i;
if (argc < 2)
{
fprintf (stderr, "usage: pka mail-addresses\n");
return 1;
}
argc--;
argv++;
for (; argc; argc--, argv++)
{
uri = get_pka_info ( *argv, fpr );
printf ("%s", *argv);
if (uri)
{
putchar (' ');
for (i=0; i < 20; i++)
printf ("%02X", fpr[i]);
if (*uri)
printf (" %s", uri);
xfree (uri);
}
putchar ('\n');
}
return 0;
}
#endif /* TEST */
/*
Local Variables:
-compile-command: "cc -DUSE_DNS_PKA -DTEST -I.. -I../include -Wall -g -o pka pka.c -lresolv libutil.a"
+compile-command: "cc -DUSE_DNS_PKA -DTEST -I.. -I../include -Wall -g -o pka pka.c -lresolv ../tools/no-libgcrypt.o ../jnlib/libjnlib.a"
End:
*/
diff --git a/common/srv.c b/common/srv.c
index 46d84b583..79ffc7862 100644
--- a/common/srv.c
+++ b/common/srv.c
@@ -1,255 +1,321 @@
/* srv.c - DNS SRV code
* Copyright (C) 2003, 2009 Free Software Foundation, Inc.
*
* This file is part of GNUPG.
*
* GNUPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GNUPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include <config.h>
#include <sys/types.h>
#ifdef _WIN32
#include <windows.h>
#else
#include <netinet/in.h>
#include <arpa/nameser.h>
#include <resolv.h>
#endif
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
+#ifdef USE_ADNS
+# include <adns.h>
+# ifndef HAVE_ADNS_FREE
+# define adns_free free
+# endif
+#endif
#include "util.h"
#include "srv.h"
/* Not every installation has gotten around to supporting SRVs
yet... */
#ifndef T_SRV
#define T_SRV 33
#endif
static int
priosort(const void *a,const void *b)
{
const struct srventry *sa=a,*sb=b;
if(sa->priority>sb->priority)
return 1;
else if(sa->priority<sb->priority)
return -1;
else
return 0;
}
+
int
-getsrv(const char *name,struct srventry **list)
+getsrv (const char *name,struct srventry **list)
{
- unsigned char answer[2048];
- int r,srvcount=0;
- unsigned char *pt,*emsg;
- u16 count,dlen;
- HEADER *header=(HEADER *)answer;
-
- *list=NULL;
+ int srvcount=0;
+ u16 count;
+ int i, rc;
+
+ *list = NULL;
+
+#ifdef USE_ADNS
+ {
+ adns_state state;
+ adns_answer *answer = NULL;
+
+ rc = adns_init (&state, adns_if_noerrprint, NULL);
+ if (rc)
+ {
+ log_error ("error initializing adns: %s\n", strerror (errno));
+ return -1;
+ }
+
+ rc = adns_synchronous (state, name, adns_r_srv, adns_qf_quoteok_query,
+ &answer);
+ if (rc)
+ {
+ log_error ("DNS query failed: %s\n", strerror (errno));
+ adns_finish (state);
+ return -1;
+ }
+ if (answer->status != adns_s_ok
+ || answer->type != adns_r_srv || !answer->nrrs)
+ {
+ log_error ("DNS query returned an error or no records: %s (%s)\n",
+ adns_strerror (answer->status),
+ adns_errabbrev (answer->status));
+ adns_free (answer);
+ adns_finish (state);
+ return 0;
+ }
+
+ for (count = 0; count < answer->nrrs; count++)
+ {
+ struct srventry *srv = NULL;
+ struct srventry *newlist;
+
+ if (strlen (answer->rrs.srvha[count].ha.host) >= MAXDNAME)
+ {
+ log_info ("hostname in SRV record too long - skipped\n");
+ continue;
+ }
+
+ newlist = xtryrealloc (*list, (srvcount+1)*sizeof(struct srventry));
+ if (!newlist)
+ goto fail;
+ *list = newlist;
+ memset (&(*list)[srvcount], 0, sizeof(struct srventry));
+ srv = &(*list)[srvcount];
+ srvcount++;
+
+ srv->priority = answer->rrs.srvha[count].priority;
+ srv->weight = answer->rrs.srvha[count].weight;
+ srv->port = answer->rrs.srvha[count].port;
+ strcpy (srv->target, answer->rrs.srvha[count].ha.host);
+ }
+
+ adns_free (answer);
+ adns_finish (state);
+ }
+#else /*!USE_ADNS*/
+ {
+ unsigned char answer[2048];
+ HEADER *header = (HEADER *)answer;
+ unsigned char *pt, *emsg;
+ int r;
+ u16 dlen;
+
+ r = res_query (name, C_IN, T_SRV, answer, sizeof answer);
+ if (r < sizeof (HEADER) || r > sizeof answer)
+ return -1;
+ if (header->rcode != NOERROR || !(count=ntohs (header->ancount)))
+ return 0; /* Error or no record found. */
+
+ emsg = &answer[r];
+ pt = &answer[sizeof(HEADER)];
+
+ /* Skip over the query */
+ rc = dn_skipname (pt, emsg);
+ if (rc == -1)
+ goto fail;
+
+ pt += rc + QFIXEDSZ;
+
+ while (count-- > 0 && pt < emsg)
+ {
+ struct srventry *srv=NULL;
+ u16 type,class;
+ struct srventry *newlist;
+
+ newlist = xtryrealloc (*list, (srvcount+1)*sizeof(struct srventry));
+ if (!newlist)
+ goto fail;
+ *list = newlist;
+ memset(&(*list)[srvcount],0,sizeof(struct srventry));
+ srv=&(*list)[srvcount];
+ srvcount++;
+
+ rc = dn_skipname(pt,emsg); /* the name we just queried for */
+ if (rc == -1)
+ goto fail;
+ pt+=rc;
+
+ /* Truncated message? */
+ if((emsg-pt)<16)
+ goto fail;
+
+ type=*pt++ << 8;
+ type|=*pt++;
+ /* We asked for SRV and got something else !? */
+ if(type!=T_SRV)
+ goto fail;
+
+ class=*pt++ << 8;
+ class|=*pt++;
+ /* We asked for IN and got something else !? */
+ if(class!=C_IN)
+ goto fail;
+
+ pt+=4; /* ttl */
+ dlen=*pt++ << 8;
+ dlen|=*pt++;
+ srv->priority=*pt++ << 8;
+ srv->priority|=*pt++;
+ srv->weight=*pt++ << 8;
+ srv->weight|=*pt++;
+ srv->port=*pt++ << 8;
+ srv->port|=*pt++;
+
+ /* Get the name. 2782 doesn't allow name compression, but
+ dn_expand still works to pull the name out of the
+ packet. */
+ rc = dn_expand(answer,emsg,pt,srv->target,MAXDNAME);
+ if (rc == 1 && srv->target[0] == 0) /* "." */
+ {
+ xfree(*list);
+ *list = NULL;
+ return 0;
+ }
+ if (rc == -1)
+ goto fail;
+ pt += rc;
+ /* Corrupt packet? */
+ if (dlen != rc+6)
+ goto fail;
+ }
+ }
+#endif /*!USE_ADNS*/
+
+ /* Now we have an array of all the srv records. */
+
+ /* Order by priority */
+ qsort(*list,srvcount,sizeof(struct srventry),priosort);
+
+ /* For each priority, move the zero-weighted items first. */
+ for (i=0; i < srvcount; i++)
+ {
+ int j;
+
+ for (j=i;j < srvcount && (*list)[i].priority == (*list)[j].priority; j++)
+ {
+ if((*list)[j].weight==0)
+ {
+ /* Swap j with i */
+ if(j!=i)
+ {
+ struct srventry temp;
+
+ memcpy (&temp,&(*list)[j],sizeof(struct srventry));
+ memcpy (&(*list)[j],&(*list)[i],sizeof(struct srventry));
+ memcpy (&(*list)[i],&temp,sizeof(struct srventry));
+ }
+
+ break;
+ }
+ }
+ }
- r=res_query(name,C_IN,T_SRV,answer,2048);
- if(r<sizeof(HEADER) || r>2048)
- return -1;
+ /* Run the RFC-2782 weighting algorithm. We don't need very high
+ quality randomness for this, so regular libc srand/rand is
+ sufficient. Fixme: It is a bit questionaly to reinitalize srand
+ - better use a gnupg fucntion for this. */
+ srand(time(NULL)*getpid());
- if(header->rcode==NOERROR && (count=ntohs(header->ancount)))
+ for (i=0; i < srvcount; i++)
{
- int i,rc;
-
- emsg=&answer[r];
- pt=&answer[sizeof(HEADER)];
-
- /* Skip over the query */
-
- rc=dn_skipname(pt,emsg);
- if(rc==-1)
- goto fail;
-
- pt+=rc+QFIXEDSZ;
-
- while(count-->0 && pt<emsg)
- {
- struct srventry *srv=NULL;
- u16 type,class;
-
- *list=xrealloc(*list,(srvcount+1)*sizeof(struct srventry));
- memset(&(*list)[srvcount],0,sizeof(struct srventry));
- srv=&(*list)[srvcount];
- srvcount++;
-
- rc=dn_skipname(pt,emsg); /* the name we just queried for */
- if(rc==-1)
- goto fail;
- pt+=rc;
-
- /* Truncated message? */
- if((emsg-pt)<16)
- goto fail;
-
- type=*pt++ << 8;
- type|=*pt++;
- /* We asked for SRV and got something else !? */
- if(type!=T_SRV)
- goto fail;
-
- class=*pt++ << 8;
- class|=*pt++;
- /* We asked for IN and got something else !? */
- if(class!=C_IN)
- goto fail;
-
- pt+=4; /* ttl */
- dlen=*pt++ << 8;
- dlen|=*pt++;
- srv->priority=*pt++ << 8;
- srv->priority|=*pt++;
- srv->weight=*pt++ << 8;
- srv->weight|=*pt++;
- srv->port=*pt++ << 8;
- srv->port|=*pt++;
-
- /* Get the name. 2782 doesn't allow name compression, but
- dn_expand still works to pull the name out of the
- packet. */
- rc=dn_expand(answer,emsg,pt,srv->target,MAXDNAME);
- if(rc==1 && srv->target[0]==0) /* "." */
- goto noanswer;
- if(rc==-1)
- goto fail;
- pt+=rc;
- /* Corrupt packet? */
- if(dlen!=rc+6)
- goto fail;
-
-#if 0
- printf("count=%d\n",srvcount);
- printf("priority=%d\n",srv->priority);
- printf("weight=%d\n",srv->weight);
- printf("port=%d\n",srv->port);
- printf("target=%s\n",srv->target);
-#endif
- }
-
- /* Now we have an array of all the srv records. */
-
- /* Order by priority */
- qsort(*list,srvcount,sizeof(struct srventry),priosort);
-
- /* For each priority, move the zero-weighted items first. */
- for(i=0;i<srvcount;i++)
- {
- int j;
-
- for(j=i;j<srvcount && (*list)[i].priority==(*list)[j].priority;j++)
- {
- if((*list)[j].weight==0)
- {
- /* Swap j with i */
- if(j!=i)
- {
- struct srventry temp;
-
- memcpy(&temp,&(*list)[j],sizeof(struct srventry));
- memcpy(&(*list)[j],&(*list)[i],sizeof(struct srventry));
- memcpy(&(*list)[i],&temp,sizeof(struct srventry));
- }
-
- break;
- }
- }
- }
-
- /* Run the RFC-2782 weighting algorithm. We don't need very
- high quality randomness for this, so regular libc srand/rand
- is sufficient. */
- srand(time(NULL)*getpid());
-
- for(i=0;i<srvcount;i++)
- {
- int j;
- float prio_count=0,chose;
-
- for(j=i;j<srvcount && (*list)[i].priority==(*list)[j].priority;j++)
- {
- prio_count+=(*list)[j].weight;
- (*list)[j].run_count=prio_count;
- }
-
- chose=prio_count*rand()/RAND_MAX;
-
- for(j=i;j<srvcount && (*list)[i].priority==(*list)[j].priority;j++)
- {
- if(chose<=(*list)[j].run_count)
- {
- /* Swap j with i */
- if(j!=i)
- {
- struct srventry temp;
-
- memcpy(&temp,&(*list)[j],sizeof(struct srventry));
- memcpy(&(*list)[j],&(*list)[i],sizeof(struct srventry));
- memcpy(&(*list)[i],&temp,sizeof(struct srventry));
- }
- break;
- }
- }
- }
+ int j;
+ float prio_count=0,chose;
+
+ for (j=i; j < srvcount && (*list)[i].priority == (*list)[j].priority; j++)
+ {
+ prio_count+=(*list)[j].weight;
+ (*list)[j].run_count=prio_count;
+ }
+
+ chose=prio_count*rand()/RAND_MAX;
+
+ for (j=i;j<srvcount && (*list)[i].priority==(*list)[j].priority;j++)
+ {
+ if (chose<=(*list)[j].run_count)
+ {
+ /* Swap j with i */
+ if(j!=i)
+ {
+ struct srventry temp;
+
+ memcpy(&temp,&(*list)[j],sizeof(struct srventry));
+ memcpy(&(*list)[j],&(*list)[i],sizeof(struct srventry));
+ memcpy(&(*list)[i],&temp,sizeof(struct srventry));
+ }
+ break;
+ }
+ }
}
return srvcount;
- noanswer:
- xfree(*list);
- *list=NULL;
- return 0;
-
fail:
xfree(*list);
*list=NULL;
return -1;
}
#ifdef TEST
int
main(int argc,char *argv[])
{
struct srventry *srv;
int rc,i;
rc=getsrv("_hkp._tcp.wwwkeys.pgp.net",&srv);
printf("Count=%d\n\n",rc);
for(i=0;i<rc;i++)
{
printf("priority=%hu\n",srv[i].priority);
printf("weight=%hu\n",srv[i].weight);
printf("port=%hu\n",srv[i].port);
printf("target=%s\n",srv[i].target);
printf("\n");
}
xfree(srv);
return 0;
}
#endif /* TEST */
/*
Local Variables:
-compile-command: "cc -DTEST -I.. -I../include -Wall -g -o srv srv.c -lresolv libutil.a"
+compile-command: "cc -DTEST -I.. -I../include -Wall -g -o srv srv.c -lresolv ../tools/no-libgcrypt.o ../jnlib/libjnlib.a"
End:
*/
diff --git a/configure.ac b/configure.ac
index 42f4857da..8797e7954 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,1487 +1,1504 @@
# configure.ac - for GnuPG 2.1
# Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
# 2006, 2007, 2008, 2009 Free Software Foundation, Inc.
#
# This file is part of GnuPG.
#
# GnuPG is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# GnuPG is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
# Process this file with autoconf to produce a configure script.
AC_PREREQ(2.61)
min_automake_version="1.10"
# Remember to change the version number immediately *after* a release.
# Set my_issvn to "yes" for non-released code. Remember to run an
# "svn up" and "autogen.sh" right before creating a distribution.
m4_define([my_version], [2.1.0])
m4_define([my_issvn], [yes])
m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \
| sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)]))
AC_INIT([gnupg],
[my_version[]m4_if(my_issvn,[yes],[-svn[]svn_revision])],
[http://bugs.gnupg.org])
# Set development_version to yes if the minor number is odd or you
# feel that the default check for a development version is not
# sufficient.
development_version=no
NEED_GPG_ERROR_VERSION=1.4
NEED_LIBGCRYPT_API=1
NEED_LIBGCRYPT_VERSION=1.4.0
NEED_LIBASSUAN_API=2
NEED_LIBASSUAN_VERSION=1.1.0
NEED_KSBA_API=1
NEED_KSBA_VERSION=1.0.2
PACKAGE=$PACKAGE_NAME
PACKAGE_GT=${PACKAGE_NAME}2
VERSION=$PACKAGE_VERSION
AC_CONFIG_AUX_DIR(scripts)
AC_CONFIG_SRCDIR(sm/gpgsm.c)
AM_CONFIG_HEADER(config.h)
AM_INIT_AUTOMAKE($PACKAGE, $VERSION)
AC_CANONICAL_HOST
AB_INIT
AC_GNU_SOURCE
# Some status variables.
have_gpg_error=no
have_libgcrypt=no
have_libassuan=no
have_ksba=no
have_pth=no
have_libusb=no
have_adns=no
use_bzip2=yes
use_exec=yes
disable_keyserver_path=no
GNUPG_BUILD_PROGRAM(gpg, yes)
GNUPG_BUILD_PROGRAM(gpgsm, yes)
GNUPG_BUILD_PROGRAM(agent, yes)
GNUPG_BUILD_PROGRAM(scdaemon, yes)
GNUPG_BUILD_PROGRAM(g13, yes)
GNUPG_BUILD_PROGRAM(tools, yes)
GNUPG_BUILD_PROGRAM(doc, yes)
GNUPG_BUILD_PROGRAM(symcryptrun, no)
AC_SUBST(PACKAGE)
AC_SUBST(PACKAGE_GT)
AC_SUBST(VERSION)
AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of this package])
AC_DEFINE_UNQUOTED(PACKAGE_GT, "$PACKAGE_GT",
[Name of this package for gettext])
AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version of this package])
AC_DEFINE_UNQUOTED(PACKAGE_BUGREPORT, "$PACKAGE_BUGREPORT",
[Bug report address])
AC_DEFINE_UNQUOTED(NEED_LIBGCRYPT_VERSION, "$NEED_LIBGCRYPT_VERSION",
[Required version of Libgcrypt])
AC_DEFINE_UNQUOTED(NEED_KSBA_VERSION, "$NEED_KSBA_VERSION",
[Required version of Libksba])
# The default is to use the modules from this package and the few
# other packages in a standard place; i.e where this package gets
# installed. With these options it is possible to override these
# ${prefix} depended values with fixed paths, which can't be replaced
# at make time. See also am/cmacros.am and the defaults in AH_BOTTOM.
AC_ARG_WITH(agent-pgm,
[ --with-agent-pgm=PATH Use PATH as the default for the agent)],
GNUPG_AGENT_PGM="$withval", GNUPG_AGENT_PGM="" )
AC_SUBST(GNUPG_AGENT_PGM)
AM_CONDITIONAL(GNUPG_AGENT_PGM, test -n "$GNUPG_AGENT_PGM")
show_gnupg_agent_pgm="(default)"
test -n "$GNUPG_AGENT_PGM" && show_gnupg_agent_pgm="$GNUPG_AGENT_PGM"
AC_ARG_WITH(pinentry-pgm,
[ --with-pinentry-pgm=PATH Use PATH as the default for the pinentry)],
GNUPG_PINENTRY_PGM="$withval", GNUPG_PINENTRY_PGM="" )
AC_SUBST(GNUPG_PINENTRY_PGM)
AM_CONDITIONAL(GNUPG_PINENTRY_PGM, test -n "$GNUPG_PINENTRY_PGM")
show_gnupg_pinentry_pgm="(default)"
test -n "$GNUPG_PINENTRY_PGM" && show_gnupg_pinentry_pgm="$GNUPG_PINENTRY_PGM"
AC_ARG_WITH(scdaemon-pgm,
[ --with-scdaemon-pgm=PATH Use PATH as the default for the scdaemon)],
GNUPG_SCDAEMON_PGM="$withval", GNUPG_SCDAEMON_PGM="" )
AC_SUBST(GNUPG_SCDAEMON_PGM)
AM_CONDITIONAL(GNUPG_SCDAEMON_PGM, test -n "$GNUPG_SCDAEMON_PGM")
show_gnupg_scdaemon_pgm="(default)"
test -n "$GNUPG_SCDAEMON_PGM" && show_gnupg_scdaemon_pgm="$GNUPG_SCDAEMON_PGM"
AC_ARG_WITH(dirmngr-pgm,
[ --with-dirmngr-pgm=PATH Use PATH as the default for the dirmngr)],
GNUPG_DIRMNGR_PGM="$withval", GNUPG_DIRMNGR_PGM="" )
AC_SUBST(GNUPG_DIRMNGR_PGM)
AM_CONDITIONAL(GNUPG_DIRMNGR_PGM, test -n "$GNUPG_DIRMNGR_PGM")
show_gnupg_dirmngr_pgm="(default)"
test -n "$GNUPG_DIRMNGR_PGM" && show_gnupg_dirmngr_pgm="$GNUPG_DIRMNGR_PGM"
AC_ARG_WITH(protect-tool-pgm,
[ --with-protect-tool-pgm=PATH Use PATH as the default for the protect-tool)],
GNUPG_PROTECT_TOOL_PGM="$withval", GNUPG_PROTECT_TOOL_PGM="" )
AC_SUBST(GNUPG_PROTECT_TOOL_PGM)
AM_CONDITIONAL(GNUPG_PROTECT_TOOL_PGM, test -n "$GNUPG_PROTECT_TOOL_PGM")
show_gnupg_protect_tool_pgm="(default)"
test -n "$GNUPG_PROTECT_TOOL_PGM" \
&& show_gnupg_protect_tool_pgm="$GNUPG_PROTECT_TOOL_PGM"
# Some folks want to use only the agent from this packet. Make it
# easier for them by providing the configure option
# --enable-only-agent.
AC_ARG_ENABLE(agent-only,
AC_HELP_STRING([--enable-agent-only],[build only the gpg-agent]),
build_agent_only=$enableval)
# SELinux support includes tracking of sensitive files to avoid
# leaking their contents through processing these files by gpg itself
AC_MSG_CHECKING([whether SELinux support is requested])
AC_ARG_ENABLE(selinux-support,
AC_HELP_STRING([--enable-selinux-support],
[enable SELinux support]),
selinux_support=$enableval, selinux_support=no)
AC_MSG_RESULT($selinux_support)
# Allow disabling of bzib2 support.
# It is defined only after we confirm the library is available later
AC_MSG_CHECKING([whether to enable the BZIP2 compression algorithm])
AC_ARG_ENABLE(bzip2,
AC_HELP_STRING([--disable-bzip2],[disable the BZIP2 compression algorithm]),
use_bzip2=$enableval)
AC_MSG_RESULT($use_bzip2)
# Configure option to allow or disallow execution of external
# programs, like a photo viewer.
AC_MSG_CHECKING([whether to enable external program execution])
AC_ARG_ENABLE(exec,
AC_HELP_STRING([--disable-exec],[disable all external program execution]),
use_exec=$enableval)
AC_MSG_RESULT($use_exec)
if test "$use_exec" = no ; then
AC_DEFINE(NO_EXEC,1,[Define to disable all external program execution])
fi
if test "$use_exec" = yes ; then
AC_MSG_CHECKING([whether to enable photo ID viewing])
AC_ARG_ENABLE(photo-viewers,
[ --disable-photo-viewers disable photo ID viewers],
[if test "$enableval" = no ; then
AC_DEFINE(DISABLE_PHOTO_VIEWER,1,[define to disable photo viewing])
fi],enableval=yes)
gnupg_cv_enable_photo_viewers=$enableval
AC_MSG_RESULT($enableval)
if test "$gnupg_cv_enable_photo_viewers" = yes ; then
AC_MSG_CHECKING([whether to use a fixed photo ID viewer])
AC_ARG_WITH(photo-viewer,
[ --with-photo-viewer=FIXED_VIEWER set a fixed photo ID viewer],
[if test "$withval" = yes ; then
withval=no
elif test "$withval" != no ; then
AC_DEFINE_UNQUOTED(FIXED_PHOTO_VIEWER,"$withval",
[if set, restrict photo-viewer to this])
fi],withval=no)
AC_MSG_RESULT($withval)
fi
AC_MSG_CHECKING([whether to enable external keyserver helpers])
AC_ARG_ENABLE(keyserver-helpers,
[ --disable-keyserver-helpers disable all external keyserver support],
[if test "$enableval" = no ; then
AC_DEFINE(DISABLE_KEYSERVER_HELPERS,1,
[define to disable keyserver helpers])
fi],enableval=yes)
gnupg_cv_enable_keyserver_helpers=$enableval
AC_MSG_RESULT($enableval)
if test "$gnupg_cv_enable_keyserver_helpers" = yes ; then
# LDAP is defined only after we confirm the library is available later
AC_MSG_CHECKING([whether LDAP keyserver support is requested])
AC_ARG_ENABLE(ldap,
AC_HELP_STRING([--disable-ldap],[disable LDAP keyserver interface only]),
try_ldap=$enableval, try_ldap=yes)
AC_MSG_RESULT($try_ldap)
AC_MSG_CHECKING([whether HKP keyserver support is requested])
AC_ARG_ENABLE(hkp,
AC_HELP_STRING([--disable-hkp],[disable HKP keyserver interface only]),
try_hkp=$enableval, try_hkp=yes)
AC_MSG_RESULT($try_hkp)
AC_MSG_CHECKING([whether finger key fetching support is requested])
AC_ARG_ENABLE(finger,
AC_HELP_STRING([--disable-finger],
[disable finger key fetching interface only]),
try_finger=$enableval, try_finger=yes)
AC_MSG_RESULT($try_finger)
AC_MSG_CHECKING([whether generic object key fetching support is requested])
AC_ARG_ENABLE(generic,
AC_HELP_STRING([--disable-generic],
[disable generic object key fetching interface only]),
try_generic=$enableval, try_generic=yes)
AC_MSG_RESULT($try_generic)
AC_MSG_CHECKING([whether email keyserver support is requested])
AC_ARG_ENABLE(mailto,
AC_HELP_STRING([--enable-mailto],
[enable email keyserver interface only]),
try_mailto=$enableval, try_mailto=no)
AC_MSG_RESULT($try_mailto)
fi
AC_MSG_CHECKING([whether keyserver exec-path is enabled])
AC_ARG_ENABLE(keyserver-path,
AC_HELP_STRING([--disable-keyserver-path],
[disable the exec-path option for keyserver helpers]),
[if test "$enableval" = no ; then
disable_keyserver_path=yes
fi],enableval=yes)
AC_MSG_RESULT($enableval)
fi
#
# Check for the key/uid cache size. This can't be zero, but can be
# pretty small on embedded systems. This is used for the gpg part.
#
AC_MSG_CHECKING([for the size of the key and uid cache])
AC_ARG_ENABLE(key-cache,
AC_HELP_STRING([--enable-key-cache=SIZE],
[Set key cache to SIZE (default 4096)]),,enableval=4096)
if test "$enableval" = "no"; then
enableval=5
elif test "$enableval" = "yes" || test "$enableval" = ""; then
enableval=4096
fi
changequote(,)dnl
key_cache_size=`echo "$enableval" | sed 's/[A-Za-z]//g'`
changequote([,])dnl
if test "$enableval" != "$key_cache_size" || test "$key_cache_size" -lt 5; then
AC_MSG_ERROR([invalid key-cache size])
fi
AC_MSG_RESULT($key_cache_size)
AC_DEFINE_UNQUOTED(PK_UID_CACHE_SIZE,$key_cache_size,
[Size of the key and UID caches])
#
# Check whether we want to use Linux capabilities
#
AC_MSG_CHECKING([whether use of capabilities is requested])
AC_ARG_WITH(capabilities,
[ --with-capabilities use linux capabilities [default=no]],
[use_capabilities="$withval"],[use_capabilities=no])
AC_MSG_RESULT($use_capabilities)
#
# To avoid double inclusion of config.h which might happen at some
# places, we add the usual double inclusion protection at the top of
# config.h.
#
AH_TOP([
#ifndef GNUPG_CONFIG_H_INCLUDED
#define GNUPG_CONFIG_H_INCLUDED
])
#
# Stuff which goes at the bottom of config.h.
#
AH_BOTTOM([
/* This is the major version number of GnuPG so that
source included files can test for this. Note, that
we use 2 here even for GnuPG 1.9.x. */
#define GNUPG_MAJOR_VERSION 2
/* Now to separate file name parts.
Please note that the string version must not contain more
than one character because the code assumes strlen()==1 */
#ifdef HAVE_DOSISH_SYSTEM
#define DIRSEP_C '\\'
#define DIRSEP_S "\\"
#define EXTSEP_C '.'
#define EXTSEP_S "."
#define PATHSEP_C ';'
#define PATHSEP_S ";"
#define EXEEXT_S ".exe"
#else
#define DIRSEP_C '/'
#define DIRSEP_S "/"
#define EXTSEP_C '.'
#define EXTSEP_S "."
#define PATHSEP_C ':'
#define PATHSEP_S ":"
#define EXEEXT_S ""
#endif
/* This is the same as VERSION, but should be overridden if the
platform cannot handle things like dots '.' in filenames. Set
SAFE_VERSION_DOT and SAFE_VERSION_DASH to whatever SAFE_VERSION
uses for dots and dashes. */
#define SAFE_VERSION VERSION
#define SAFE_VERSION_DOT '.'
#define SAFE_VERSION_DASH '-'
/* Some global constants. */
#ifdef HAVE_DRIVE_LETTERS
#define GNUPG_DEFAULT_HOMEDIR "c:/gnupg"
#elif defined(__VMS)
#define GNUPG_DEFAULT_HOMEDIR "/SYS\$LOGIN/gnupg"
#else
#define GNUPG_DEFAULT_HOMEDIR "~/.gnupg"
#endif
#define GNUPG_PRIVATE_KEYS_DIR "private-keys-v1.d"
/* For some systems (DOS currently), we hardcode the path here. For
POSIX systems the values are constructed by the Makefiles, so that
the values may be overridden by the make invocations; this is to
comply with the GNU coding standards. */
#ifdef HAVE_DRIVE_LETTERS
/* FIXME: We need to use a function to determine these values depending
on the actual installation directory. */
#define GNUPG_BINDIR "c:\\gnupg"
#define GNUPG_LIBEXECDIR "c:\\gnupg"
#define GNUPG_LIBDIR "c:\\gnupg"
#define GNUPG_DATADIR "c:\\gnupg"
#define GNUPG_SYSCONFDIR "c:\\gnupg"
#endif
/* Derive some other constants. */
#if !(defined(HAVE_FORK) && defined(HAVE_PIPE) && defined(HAVE_WAITPID))
#define EXEC_TEMPFILE_ONLY
#endif
/* We didn't define endianness above, so get it from OS macros. This
is intended for making fat binary builds on OS X. */
#if !defined(BIG_ENDIAN_HOST) && !defined(LITTLE_ENDIAN_HOST)
#if defined(__BIG_ENDIAN__)
#define BIG_ENDIAN_HOST 1
#elif defined(__LITTLE_ENDIAN__)
#define LITTLE_ENDIAN_HOST 1
#else
#error "No endianness found"
#endif
#endif
/* Hack used for W32: ldap.m4 also tests for the ASCII version of
ldap_start_tls_s because that is the actual symbol used in the
library. winldap.h redefines it to our commonly used value,
thus we define our usual macro here. */
#ifdef HAVE_LDAP_START_TLS_SA
# ifndef HAVE_LDAP_START_TLS_S
# define HAVE_LDAP_START_TLS_S 1
# endif
#endif
/* Tell libgcrypt not to use its own libgpg-error implementation. */
#define USE_LIBGPG_ERROR 1
/* We use jnlib, so tell other modules about it. */
#define HAVE_JNLIB_LOGGING 1
/* Our HTTP code is used in estream mode. */
#define HTTP_USE_ESTREAM 1
/* Under W32 we do an explicit socket initialization, thus we need to
avoid the on-demand initialization which would also install an atexit
handler. */
#define HTTP_NO_WSASTARTUP
/* We always include support for the OpenPGP card. */
#define ENABLE_CARD_SUPPORT 1
/* We explicitly need to disable PTH's soft mapping as Debian
currently enables it by default for no reason. */
#define PTH_SYSCALL_SOFT 0
/* We want to use the libgcrypt provided memory allocation for
asprintf. */
#define _ESTREAM_PRINTF_MALLOC gcry_malloc
#define _ESTREAM_PRINTF_FREE gcry_free
#define _ESTREAM_PRINTF_EXTRA_INCLUDE "util.h"
#endif /*GNUPG_CONFIG_H_INCLUDED*/
])
AM_MAINTAINER_MODE
# Checks for programs.
AC_MSG_NOTICE([checking for programs])
AC_PROG_MAKE_SET
AM_SANITY_CHECK
missing_dir=`cd $ac_aux_dir && pwd`
AM_MISSING_PROG(ACLOCAL, aclocal, $missing_dir)
AM_MISSING_PROG(AUTOCONF, autoconf, $missing_dir)
AM_MISSING_PROG(AUTOMAKE, automake, $missing_dir)
AM_MISSING_PROG(AUTOHEADER, autoheader, $missing_dir)
AM_MISSING_PROG(MAKEINFO, makeinfo, $missing_dir)
AC_PROG_AWK
AC_PROG_CC
AC_PROG_CPP
AM_PROG_CC_C_O
if test "x$ac_cv_prog_cc_c89" = "xno" ; then
AC_MSG_ERROR([[No C-89 compiler found]])
fi
AC_PROG_INSTALL
AC_PROG_LN_S
AC_PROG_RANLIB
AC_CHECK_TOOL(AR, ar, :)
AC_PATH_PROG(PERL,"perl")
AC_CHECK_TOOL(WINDRES, windres, :)
AC_ISC_POSIX
gl_EARLY
AC_SYS_LARGEFILE
GNUPG_CHECK_FAQPROG
GNUPG_CHECK_USTAR
# We need to compile and run a program on the build machine. A
# comment in libgpg-error says that the AC_PROG_CC_FOR_BUILD macro in
# the AC archive is broken for autoconf 2.57. Given that tehre is no
# newer version of that macro, we assume that it is also broken for
# autoconf 2.61 and thus we use a simple but usually sufficient
# approach.
AC_MSG_CHECKING(for cc for build)
if test "$cross_compiling" = "yes"; then
CC_FOR_BUILD="${CC_FOR_BUILD-cc}"
else
CC_FOR_BUILD="${CC_FOR_BUILD-$CC}"
fi
AC_MSG_RESULT($CC_FOR_BUILD)
AC_ARG_VAR(CC_FOR_BUILD,[build system C compiler])
try_gettext=yes
have_dosish_system=no
have_w32_system=no
use_simple_gettext=no
case "${host}" in
*-mingw32*)
# special stuff for Windoze NT
ac_cv_have_dev_random=no
AC_DEFINE(USE_ONLY_8DOT3,1,
[set this to limit filenames to the 8.3 format])
AC_DEFINE(HAVE_DRIVE_LETTERS,1,
[defined if we must run on a stupid file system])
AC_DEFINE(USE_SIMPLE_GETTEXT,1,
[because the Unix gettext has too much overhead on
MingW32 systems and these systems lack Posix functions,
we use a simplified version of gettext])
disable_keyserver_path=yes
have_dosish_system=yes
have_w32_system=yes
try_gettext="no"
use_simple_gettext=yes
;;
i?86-emx-os2 | i?86-*-os2*emx )
# OS/2 with the EMX environment
ac_cv_have_dev_random=no
AC_DEFINE(HAVE_DRIVE_LETTERS)
have_dosish_system=yes
try_gettext="no"
;;
i?86-*-msdosdjgpp*)
# DOS with the DJGPP environment
ac_cv_have_dev_random=no
AC_DEFINE(HAVE_DRIVE_LETTERS)
have_dosish_system=yes
try_gettext="no"
;;
*-*-freebsd*)
# FreeBSD
CPPFLAGS="$CPPFLAGS -I/usr/local/include"
LDFLAGS="$LDFLAGS -L/usr/local/lib"
;;
*-*-hpux*)
if test -z "$GCC" ; then
CFLAGS="$CFLAGS -Ae -D_HPUX_SOURCE"
fi
;;
*-dec-osf4*)
if test -z "$GCC" ; then
# Suppress all warnings
# to get rid of the unsigned/signed char mismatch warnings.
CFLAGS="$CFLAGS -w"
fi
;;
*-dec-osf5*)
if test -z "$GCC" ; then
# Use the newer compiler `-msg_disable ptrmismatch1' to
# get rid of the unsigned/signed char mismatch warnings.
# Using this may hide other pointer mismatch warnings, but
# it at least lets other warning classes through
CFLAGS="$CFLAGS -msg_disable ptrmismatch1"
fi
;;
m68k-atari-mint)
;;
*)
;;
esac
if test "$have_dosish_system" = yes; then
AC_DEFINE(HAVE_DOSISH_SYSTEM,1,
[Defined if we run on some of the PCDOS like systems
(DOS, Windoze. OS/2) with special properties like
no file modes])
fi
AM_CONDITIONAL(HAVE_DOSISH_SYSTEM, test "$have_dosish_system" = yes)
AM_CONDITIONAL(USE_SIMPLE_GETTEXT, test x"$use_simple_gettext" = xyes)
if test "$have_w32_system" = yes; then
AC_DEFINE(HAVE_W32_SYSTEM,1, [Defined if we run on a W32 API based system])
fi
AM_CONDITIONAL(HAVE_W32_SYSTEM, test "$have_w32_system" = yes)
if test "$disable_keyserver_path" = yes; then
AC_DEFINE(DISABLE_KEYSERVER_PATH,1,
[Defined to disable exec-path for keyserver helpers])
fi
# (These need to go after AC_PROG_CC so that $EXEEXT is defined)
AC_DEFINE_UNQUOTED(EXEEXT,"$EXEEXT",[The executable file extension, if any])
if test x"$try_hkp" = xyes ; then
AC_SUBST(GPGKEYS_HKP,"gpg2keys_hkp$EXEEXT")
fi
if test x"$try_finger" = xyes ; then
AC_SUBST(GPGKEYS_FINGER,"gpg2keys_finger$EXEEXT")
fi
#
# Checks for libraries.
#
AC_MSG_NOTICE([checking for libraries])
#
# libgpg-error is a library with error codes shared between GnuPG
# related projects.
#
AM_PATH_GPG_ERROR("$NEED_GPG_ERROR_VERSION",
have_gpg_error=yes,have_gpg_error=no)
#
# Libgcrypt is our generic crypto library
#
AM_PATH_LIBGCRYPT("$NEED_LIBGCRYPT_API:$NEED_LIBGCRYPT_VERSION",
have_libgcrypt=yes,have_libgcrypt=no)
#
# libassuan is used for IPC
#
AM_PATH_LIBASSUAN("$NEED_LIBASSUAN_API:$NEED_LIBASSUAN_VERSION",
have_libassuan=yes,have_libassuan=no)
if test "$have_libassuan" = "yes"; then
have_libassuan=no
AM_PATH_LIBASSUAN("$NEED_LIBASSUAN_API:$NEED_LIBASSUAN_VERSION",
have_libassuan=yes,have_libassuan=no)
AC_DEFINE_UNQUOTED(GNUPG_LIBASSUAN_VERSION, "$libassuan_version",
[version of the libassuan library])
fi
#
# libksba is our X.509 support library
#
AM_PATH_KSBA("$NEED_KSBA_API:$NEED_KSBA_VERSION",have_ksba=yes,have_ksba=no)
#
# libusb allows us to use the integrated CCID smartcard reader driver.
#
# FiXME: Use GNUPG_CHECK_LIBUSB and modify to use separate AC_SUBSTs.
AC_CHECK_LIB(usb, usb_bulk_write,
[ LIBUSB_LIBS="$LIBUSB_LIBS -lusb"
AC_DEFINE(HAVE_LIBUSB,1,
[defined if libusb is available])
have_libusb=yes
])
AC_SUBST(LIBUSB_LIBS)
AC_CHECK_FUNCS(usb_create_match)
#
# Check wether it is necessary to link against libdl.
#
gnupg_dlopen_save_libs="$LIBS"
LIBS=""
AC_SEARCH_LIBS(dlopen, c dl,,,)
DL_LIBS=$LIBS
AC_SUBST(DL_LIBS)
LIBS="$gnupg_dlopen_save_libs"
# Checks for g13
AC_PATH_PROG(ENCFS, encfs, /usr/bin/encfs)
AC_DEFINE_UNQUOTED(ENCFS,
"${ENCFS}", [defines the filename of the encfs program])
AC_PATH_PROG(FUSERMOUNT, fusermount, /usr/bin/fusermount)
AC_DEFINE_UNQUOTED(FUSERMOUNT,
"${FUSERMOUNT}", [defines the filename of the fusermount program])
#
# Checks for symcryptrun:
#
# libutil has openpty() and login_tty().
AC_CHECK_LIB(util, openpty,
[ LIBUTIL_LIBS="$LIBUTIL_LIBS -lutil"
AC_DEFINE(HAVE_LIBUTIL,1,
[defined if libutil is available])
])
AC_SUBST(LIBUTIL_LIBS)
# shred is used to clean temporary plain text files.
AC_PATH_PROG(SHRED, shred, /usr/bin/shred)
AC_DEFINE_UNQUOTED(SHRED,
"${SHRED}", [defines the filename of the shred program])
#
# Check whether the GNU Pth library is available
# Note, that we include a Pth emulation for W32.
#
GNUPG_PATH_PTH
if test "$have_pth" = "yes"; then
AC_DEFINE(USE_GNU_PTH, 1,
[Defined if the GNU Portable Thread Library should be used])
else
AC_MSG_WARN([[
***
*** To support concurrent access to the gpg-agent and the SCdaemon
*** we need the support of the GNU Portable Threads Library.
*** Download it from ftp://ftp.gnu.org/gnu/pth/
*** On a Debian GNU/Linux system you might want to try
*** apt-get install libpth-dev
***]])
fi
AC_MSG_NOTICE([checking for networking options])
#
# Must check for network library requirements before doing link tests
# for ldap, for example. If ldap libs are static (or dynamic and without
# ELF runtime link paths), then link will fail and LDAP support won't
# be detected.
#
AC_CHECK_FUNC(gethostbyname, , AC_CHECK_LIB(nsl, gethostbyname,
[NETLIBS="-lnsl $NETLIBS"]))
AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt,
[NETLIBS="-lsocket $NETLIBS"]))
+
+#
+# Check for ADNS.
+#
+_cppflags="${CPPFLAGS}"
+_ldflags="${LDFLAGS}"
+AC_ARG_WITH(adns,
+ AC_HELP_STRING([--with-adns=DIR],
+ [look for the adns library in DIR]),
+ [if test -d "$withval"; then
+ CPPFLAGS="${CPPFLAGS} -I$withval/include"
+ LDFLAGS="${LDFLAGS} -L$withval/lib"
+ fi])
+if test "$with_adns" != "no"; then
+ AC_CHECK_HEADERS(adns.h,
+ AC_CHECK_LIB(adns, adns_init,
+ [have_adns=yes],
+ [CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}]),
+ [CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}])
+fi
+if test "$have_adns" = "yes"; then
+ ADNSLIBS="-ladns"
+fi
+AC_SUBST(ADNSLIBS)
+# Newer adns versions feature a free function to be used under W32.
+AC_CHECK_FUNCS(adns_free)
+
+
+
#
# Now try for the resolver functions so we can use DNS for SRV, PA and CERT.
#
if test x"$try_hkp" = xyes || test x"$try_http" = xyes ; then
AC_ARG_ENABLE(dns-srv,
AC_HELP_STRING([--disable-dns-srv],
[disable the use of DNS SRV in HKP and HTTP]),
use_dns_srv=$enableval,use_dns_srv=yes)
fi
AC_ARG_ENABLE(dns-pka,
AC_HELP_STRING([--disable-dns-pka],
[disable the use of PKA records in DNS]),
use_dns_pka=$enableval,use_dns_pka=yes)
AC_ARG_ENABLE(dns-cert,
AC_HELP_STRING([--disable-dns-cert],
[disable the use of CERT records in DNS]),
use_dns_cert=$enableval,use_dns_cert=yes)
if test x"$use_dns_pka" = xyes || test x"$use_dns_srv" = xyes \
|| test x"$use_dns_cert" = xyes; then
_dns_save_libs=$LIBS
LIBS=""
# the double underscore thing is a glibc-ism?
AC_SEARCH_LIBS(res_query,resolv bind,,
AC_SEARCH_LIBS(__res_query,resolv bind,,have_resolver=no))
AC_SEARCH_LIBS(dn_expand,resolv bind,,
AC_SEARCH_LIBS(__dn_expand,resolv bind,,have_resolver=no))
AC_SEARCH_LIBS(dn_skipname,resolv bind,,
AC_SEARCH_LIBS(__dn_skipname,resolv bind,,have_resolver=no))
if test x"$have_resolver" != xno ; then
# Make sure that the BIND 4 resolver interface is workable before
# enabling any code that calls it. At some point I'll rewrite the
# code to use the BIND 8 resolver API.
- # We might also want to use adns instead.
+ # We might also want to use adns instead. Problem with ADNS is that
+ # it does not support v6.
AC_MSG_CHECKING([whether the resolver is usable])
AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <sys/types.h>
#include <netinet/in.h>
#include <arpa/nameser.h>
#include <resolv.h>],
[[unsigned char answer[PACKETSZ];
res_query("foo.bar",C_IN,T_A,answer,PACKETSZ);
dn_skipname(0,0);
dn_expand(0,0,0,0,0);
]])],have_resolver=yes,have_resolver=no)
AC_MSG_RESULT($have_resolver)
# This is Apple-specific and somewhat bizarre as they changed the
# define in bind 8 for some reason.
if test x"$have_resolver" != xyes ; then
AC_MSG_CHECKING(
[whether I can make the resolver usable with BIND_8_COMPAT])
AC_LINK_IFELSE([AC_LANG_PROGRAM([#define BIND_8_COMPAT
#include <sys/types.h>
#include <netinet/in.h>
#include <arpa/nameser.h>
#include <resolv.h>],
[[unsigned char answer[PACKETSZ];
res_query("foo.bar",C_IN,T_A,answer,PACKETSZ);
dn_skipname(0,0); dn_expand(0,0,0,0,0);
]])],[have_resolver=yes ; need_compat=yes])
AC_MSG_RESULT($have_resolver)
fi
fi
if test x"$have_resolver" = xyes ; then
DNSLIBS=$LIBS
if test x"$use_dns_srv" = xyes ; then
AC_DEFINE(USE_DNS_SRV,1,[define to use DNS SRV])
fi
if test x"$use_dns_pka" = xyes ; then
AC_DEFINE(USE_DNS_PKA,1,[define to use our experimental DNS PKA])
fi
if test x"$use_dns_cert" = xyes ; then
AC_DEFINE(USE_DNS_CERT,1,[define to use DNS CERT])
fi
if test x"$need_compat" = xyes ; then
AC_DEFINE(BIND_8_COMPAT,1,[an Apple OSXism])
fi
else
use_dns_srv=no
use_dns_pka=no
use_dns_cert=no
+ # If we have no resolver library but ADNS (e.g. under W32) enable the
+ # code parts which can be used with ADNS.
+ if test x"$have_adns" = xyes ; then
+ DNSLIB="$ADNSLIBS"
+ AC_DEFINE(USE_ADNS,1,[Use ADNS as resolver library.])
+
+ if test x"$use_dns_srv" = xyes ; then
+ AC_DEFINE(USE_DNS_SRV,1)
+ fi
+
+ if test x"$use_dns_pka" = xyes ; then
+ AC_DEFINE(USE_DNS_PKA,1)
+ fi
+ fi
fi
LIBS=$_dns_save_libs
fi
AC_SUBST(DNSLIBS)
AM_CONDITIONAL(USE_DNS_SRV, test x"$use_dns_srv" = xyes)
-#
-# Check for ADNS.
-#
-_cppflags="${CPPFLAGS}"
-_ldflags="${LDFLAGS}"
-AC_ARG_WITH(adns,
- AC_HELP_STRING([--with-adns=DIR],
- [look for the adns library in DIR]),
- [if test -d "$withval"; then
- CPPFLAGS="${CPPFLAGS} -I$withval/include"
- LDFLAGS="${LDFLAGS} -L$withval/lib"
- fi])
-if test "$with_adns" != "no"; then
- AC_CHECK_HEADERS(adns.h,
- AC_CHECK_LIB(adns, adns_init,
- [have_adns=yes],
- [CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}]),
- [CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}])
-fi
-if test "$have_adns" = "yes"; then
- ADNSLIBS="-ladns"
-fi
-AC_SUBST(ADNSLIBS)
-# Newer adns versions feature a free function to be used under W32.
-AC_CHECK_FUNCS(adns_free)
-
-
#
# Check for LDAP
#
if test "$try_ldap" = yes ; then
GNUPG_CHECK_LDAP($NETLIBS)
fi
#
# Check for curl. We fake the curl API if libcurl isn't installed.
# We require 7.10 or later as we use curl_version_info().
#
LIBCURL_CHECK_CONFIG([yes],[7.10],,[fake_curl=yes])
AM_CONDITIONAL(FAKE_CURL,test x"$fake_curl" = xyes)
# Generic, for us, means curl
if test x"$try_generic" = xyes ; then
AC_SUBST(GPGKEYS_CURL,"gpg2keys_curl$EXEEXT")
fi
#
# Check for sendmail
#
# This isn't necessarily sendmail itself, but anything that gives a
# sendmail-ish interface to the outside world. That includes Exim,
# Postfix, etc. Basically, anything that can handle "sendmail -t".
if test "$try_mailto" = yes ; then
AC_ARG_WITH(mailprog,
AC_HELP_STRING([--with-mailprog=NAME],
[use "NAME -t" for mail transport]),
,with_mailprog=yes)
if test x"$with_mailprog" = xyes ; then
AC_PATH_PROG(SENDMAIL,sendmail,,$PATH:/usr/sbin:/usr/libexec:/usr/lib)
if test "$ac_cv_path_SENDMAIL" ; then
GPGKEYS_MAILTO="gpg2keys_mailto"
fi
elif test x"$with_mailprog" != xno ; then
AC_MSG_CHECKING([for a mail transport program])
AC_SUBST(SENDMAIL,$with_mailprog)
AC_MSG_RESULT($with_mailprog)
GPGKEYS_MAILTO="gpg2keys_mailto"
fi
fi
AC_SUBST(GPGKEYS_MAILTO)
#
# Construct a printable name of the OS
#
case "${host}" in
*-mingw32*)
PRINTABLE_OS_NAME="MingW32"
;;
*-*-cygwin*)
PRINTABLE_OS_NAME="Cygwin"
;;
i?86-emx-os2 | i?86-*-os2*emx )
PRINTABLE_OS_NAME="OS/2"
;;
i?86-*-msdosdjgpp*)
PRINTABLE_OS_NAME="MSDOS/DJGPP"
try_dynload=no
;;
*-linux*)
PRINTABLE_OS_NAME="GNU/Linux"
;;
*)
PRINTABLE_OS_NAME=`uname -s || echo "Unknown"`
;;
esac
AC_DEFINE_UNQUOTED(PRINTABLE_OS_NAME, "$PRINTABLE_OS_NAME",
[A human readable text with the name of the OS])
#
# Checking for iconv
#
AM_ICONV
#
# Check for gettext
#
# This is "GNU gnupg" - The project-id script from gettext
# needs this string
#
AC_MSG_NOTICE([checking for gettext])
AM_PO_SUBDIRS
AM_GNU_GETTEXT_VERSION([0.17])
if test "$try_gettext" = yes; then
AM_GNU_GETTEXT([external],[need-ngettext])
# gettext requires some extra checks. These really should be part of
# the basic AM_GNU_GETTEXT macro. TODO: move other gettext-specific
# function checks to here.
AC_CHECK_FUNCS(strchr)
else
USE_NLS=no
USE_INCLUDED_LIBINTL=no
BUILD_INCLUDED_LIBINTL=no
POSUB=po
AC_SUBST(USE_NLS)
AC_SUBST(USE_INCLUDED_LIBINTL)
AC_SUBST(BUILD_INCLUDED_LIBINTL)
AC_SUBST(POSUB)
fi
# We use HAVE_LANGINFO_CODESET in a couple of places.
AM_LANGINFO_CODESET
# Checks required for our use locales
gt_LC_MESSAGES
#
# SELinux support
#
if test "$selinux_support" = yes ; then
AC_DEFINE(ENABLE_SELINUX_HACKS,1,[Define to enable SELinux support])
fi
#
# Checks for header files.
#
AC_MSG_NOTICE([checking for header files])
AC_HEADER_STDC
AC_CHECK_HEADERS([string.h unistd.h langinfo.h termio.h locale.h getopt.h])
AC_CHECK_HEADERS([pty.h pwd.h inttypes.h])
AC_HEADER_TIME
#
# Checks for typedefs, structures, and compiler characteristics.
#
AC_MSG_NOTICE([checking for system characteristics])
AC_C_CONST
AC_C_INLINE
AC_C_VOLATILE
AC_TYPE_SIZE_T
AC_TYPE_MODE_T
AC_TYPE_SIGNAL
AC_DECL_SYS_SIGLIST
gl_HEADER_SYS_SOCKET
gl_TYPE_SOCKLEN_T
AC_ARG_ENABLE(endian-check,
AC_HELP_STRING([--disable-endian-check],
[disable the endian check and trust the OS provided macros]),
endiancheck=$enableval,endiancheck=yes)
if test x"$endiancheck" = xyes ; then
GNUPG_CHECK_ENDIAN
fi
# fixme: we should get rid of the byte type
GNUPG_CHECK_TYPEDEF(byte, HAVE_BYTE_TYPEDEF)
GNUPG_CHECK_TYPEDEF(ushort, HAVE_USHORT_TYPEDEF)
GNUPG_CHECK_TYPEDEF(ulong, HAVE_ULONG_TYPEDEF)
GNUPG_CHECK_TYPEDEF(u16, HAVE_U16_TYPEDEF)
GNUPG_CHECK_TYPEDEF(u32, HAVE_U32_TYPEDEF)
AC_CHECK_SIZEOF(unsigned short)
AC_CHECK_SIZEOF(unsigned int)
AC_CHECK_SIZEOF(unsigned long)
AC_CHECK_SIZEOF(unsigned long long)
AC_CHECK_SIZEOF(time_t,,[[
#include <stdio.h>
#if TIME_WITH_SYS_TIME
# include <sys/time.h>
# include <time.h>
#else
# if HAVE_SYS_TIME_H
# include <sys/time.h>
# else
# include <time.h>
# endif
#endif
]])
# Ensure that we have UINT64_C before we bother to check for uint64_t
# Fixme: really needed in gnupg? I think it is only useful in libcgrypt.
AC_CACHE_CHECK([for UINT64_C],[gnupg_cv_uint64_c_works],
AC_COMPILE_IFELSE(AC_LANG_PROGRAM([#include <inttypes.h>
uint64_t foo=UINT64_C(42);]),
gnupg_cv_uint64_c_works=yes,gnupg_cv_uint64_c_works=no))
if test "$gnupg_cv_uint64_c_works" = "yes" ; then
AC_CHECK_SIZEOF(uint64_t)
fi
if test "$ac_cv_sizeof_unsigned_short" = "0" \
|| test "$ac_cv_sizeof_unsigned_int" = "0" \
|| test "$ac_cv_sizeof_unsigned_long" = "0"; then
AC_MSG_WARN([Hmmm, something is wrong with the sizes - using defaults]);
fi
#
# Checks for library functions.
#
AC_MSG_NOTICE([checking for library functions])
AC_CHECK_DECLS(getpagesize)
AC_FUNC_FSEEKO
AC_FUNC_VPRINTF
AC_FUNC_FORK
AC_CHECK_FUNCS([strerror strlwr tcgetattr mmap])
AC_CHECK_FUNCS([strcasecmp strncasecmp ctermid times gmtime_r])
AC_CHECK_FUNCS([unsetenv fcntl ftruncate])
AC_CHECK_FUNCS([gettimeofday getrusage getrlimit setrlimit clock_gettime])
AC_CHECK_FUNCS([atexit raise getpagesize strftime nl_langinfo setlocale])
AC_CHECK_FUNCS([waitpid wait4 sigaction sigprocmask pipe stat getaddrinfo])
AC_CHECK_FUNCS([ttyname rand ftello fsync])
AC_CHECK_TYPES([struct sigaction, sigset_t],,,[#include <signal.h>])
#
# These are needed by libjnlib - fixme: we should use a jnlib.m4
# Note: We already checked pwd.h.
AC_CHECK_FUNCS([memicmp stpcpy strsep strlwr strtoul memmove stricmp strtol])
AC_CHECK_FUNCS([memrchr isascii timegm getrusage setrlimit stat setlocale])
AC_CHECK_FUNCS([flockfile funlockfile fopencookie funopen getpwnam getpwuid])
#
# gnulib checks
#
gl_SOURCE_BASE([gl])
gl_M4_BASE([gl/m4])
gl_MODULES([setenv mkdtemp xsize strpbrk])
gl_INIT
#
# W32 specific test
#
GNUPG_FUNC_MKDIR_TAKES_ONE_ARG
#
# Sanity check regex. Tests adapted from mutt.
#
AC_MSG_CHECKING([whether regular expression support is requested])
AC_ARG_ENABLE(regex,
AC_HELP_STRING([--disable-regex],
[do not handle regular expressions in trust signatures]),
use_regex=$enableval, use_regex=yes)
AC_MSG_RESULT($use_regex)
if test "$use_regex" = yes ; then
_cppflags="${CPPFLAGS}"
_ldflags="${LDFLAGS}"
AC_ARG_WITH(regex,
AC_HELP_STRING([--with-regex=DIR],[look for regex in DIR]),
[
if test -d "$withval" ; then
CPPFLAGS="${CPPFLAGS} -I$withval/include"
LDFLAGS="${LDFLAGS} -L$withval/lib"
fi
],withval="")
# Does the system have regex functions at all?
AC_SEARCH_LIBS([regcomp], [regex])
AC_CHECK_FUNC(regcomp, gnupg_cv_have_regex=yes, gnupg_cv_have_regex=no)
if test $gnupg_cv_have_regex = no; then
use_regex=no
else
if test x"$cross_compiling" = xyes; then
AC_MSG_WARN([cross compiling; assuming regexp libray is not broken])
else
AC_CACHE_CHECK([whether your system's regexp library is broken],
[gnupg_cv_regex_broken],
AC_TRY_RUN([
#include <unistd.h>
#include <regex.h>
main() { regex_t blah ; regmatch_t p; p.rm_eo = p.rm_eo; return regcomp(&blah, "foo.*bar", REG_NOSUB) || regexec (&blah, "foobar", 0, NULL, 0); }],
gnupg_cv_regex_broken=no, gnupg_cv_regex_broken=yes, gnupg_cv_regex_broken=yes))
if test $gnupg_cv_regex_broken = yes; then
AC_MSG_WARN([your regex is broken - disabling regex use])
use_regex=no
fi
fi
fi
CPPFLAGS="${_cppflags}"
LDFLAGS="${_ldflags}"
fi
if test "$use_regex" != yes ; then
AC_DEFINE(DISABLE_REGEX,1, [Define to disable regular expression support])
fi
AM_CONDITIONAL(DISABLE_REGEX, test x"$use_regex" != xyes)
#
# Do we have zlib? Must do it here because Solaris failed
# when compiling a conftest (due to the "-lz" from LIBS).
# Note that we combine zlib and bzlib2 in ZLIBS.
#
_cppflags="${CPPFLAGS}"
_ldflags="${LDFLAGS}"
AC_ARG_WITH(zlib,
[ --with-zlib=DIR use libz in DIR],[
if test -d "$withval"; then
CPPFLAGS="${CPPFLAGS} -I$withval/include"
LDFLAGS="${LDFLAGS} -L$withval/lib"
fi
])
AC_CHECK_HEADER(zlib.h,
AC_CHECK_LIB(z, deflateInit2_,
ZLIBS="-lz",
CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}),
CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags})
#
# Check whether we can support bzip2
#
if test "$use_bzip2" = yes ; then
_cppflags="${CPPFLAGS}"
_ldflags="${LDFLAGS}"
AC_ARG_WITH(bzip2,
AC_HELP_STRING([--with-bzip2=DIR],[look for bzip2 in DIR]),
[
if test -d "$withval" ; then
CPPFLAGS="${CPPFLAGS} -I$withval/include"
LDFLAGS="${LDFLAGS} -L$withval/lib"
fi
],withval="")
# Checking alongside stdio.h as an early version of bzip2 (1.0)
# required stdio.h to be included before bzlib.h, and Solaris 9 is
# woefully out of date.
if test "$withval" != no ; then
AC_CHECK_HEADER(bzlib.h,
AC_CHECK_LIB(bz2,BZ2_bzCompressInit,
[
have_bz2=yes
ZLIBS="$ZLIBS -lbz2"
AC_DEFINE(HAVE_BZIP2,1,
[Defined if the bz2 compression library is available])
],
CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}),
CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags},[#include <stdio.h>])
fi
fi
AM_CONDITIONAL(ENABLE_BZIP2_SUPPORT,test x"$have_bz2" = "xyes")
AC_SUBST(ZLIBS)
# Check for readline support
GNUPG_CHECK_READLINE
#
# Allow users to append something to the version string without
# flagging it as development version. The user version parts is
# considered everything after a dash.
#
if test "$development_version" != yes; then
changequote(,)dnl
tmp_pat='[a-zA-Z]'
changequote([,])dnl
if echo "$VERSION" | sed 's/-.*//' | grep "$tmp_pat" >/dev/null ; then
development_version=yes
fi
fi
if test "$development_version" = yes; then
AC_DEFINE(IS_DEVELOPMENT_VERSION,1,
[Defined if this is not a regular release])
fi
AM_CONDITIONAL(CROSS_COMPILING, test x$cross_compiling = xyes)
GNUPG_CHECK_GNUMAKE
# Add some extra libs here so that previous tests don't fail for
# mysterious reasons - the final link step should bail out.
# W32SOCKLIBS is also defined so that if can be used for tools not
# requiring any network stuff but linking to code in libcommon which
# tracks in winsock stuff (e.g. init_common_subsystems.
if test "$have_w32_system" = yes; then
W32SOCKLIBS="-lws2_32"
NETLIBS="${NETLIBS} ${W32SOCKLIBS}"
fi
AC_SUBST(NETLIBS)
AC_SUBST(W32SOCKLIBS)
#
# Setup gcc specific options
#
AC_MSG_NOTICE([checking for cc features])
if test "$GCC" = yes; then
# Note that it is okay to use CFLAGS here because this are just
# warning options and the user should have a chance of overriding
# them.
if test "$USE_MAINTAINER_MODE" = "yes"; then
CFLAGS="$CFLAGS -O3 -Wall -Wcast-align -Wshadow -Wstrict-prototypes"
CFLAGS="$CFLAGS -Wformat -Wno-format-y2k -Wformat-security"
AC_MSG_CHECKING([if gcc supports -Wno-missing-field-initializers])
_gcc_cflags_save=$CFLAGS
CFLAGS="-Wno-missing-field-initializers"
AC_COMPILE_IFELSE(AC_LANG_PROGRAM([]),_gcc_wopt=yes,_gcc_wopt=no)
AC_MSG_RESULT($_gcc_wopt)
CFLAGS=$_gcc_cflags_save;
if test x"$_gcc_wopt" = xyes ; then
CFLAGS="$CFLAGS -W -Wno-sign-compare -Wno-missing-field-initializers"
fi
AC_MSG_CHECKING([if gcc supports -Wdeclaration-after-statement])
_gcc_cflags_save=$CFLAGS
CFLAGS="-Wdeclaration-after-statement"
AC_COMPILE_IFELSE(AC_LANG_PROGRAM([]),_gcc_wopt=yes,_gcc_wopt=no)
AC_MSG_RESULT($_gcc_wopt)
CFLAGS=$_gcc_cflags_save;
if test x"$_gcc_wopt" = xyes ; then
CFLAGS="$CFLAGS -Wdeclaration-after-statement"
fi
else
CFLAGS="$CFLAGS -Wall"
fi
AC_MSG_CHECKING([if gcc supports -Wno-pointer-sign])
_gcc_cflags_save=$CFLAGS
CFLAGS="-Wno-pointer-sign"
AC_COMPILE_IFELSE(AC_LANG_PROGRAM([]),_gcc_psign=yes,_gcc_psign=no)
AC_MSG_RESULT($_gcc_psign)
CFLAGS=$_gcc_cflags_save;
if test x"$_gcc_psign" = xyes ; then
CFLAGS="$CFLAGS -Wno-pointer-sign"
fi
AC_MSG_CHECKING([if gcc supports -Wpointer-arith])
_gcc_cflags_save=$CFLAGS
CFLAGS="-Wpointer-arith"
AC_COMPILE_IFELSE(AC_LANG_PROGRAM([]),_gcc_psign=yes,_gcc_psign=no)
AC_MSG_RESULT($_gcc_psign)
CFLAGS=$_gcc_cflags_save;
if test x"$_gcc_psign" = xyes ; then
CFLAGS="$CFLAGS -Wpointer-arith"
fi
fi
#
# This is handy for debugging so the compiler doesn't rearrange
# things and eliminate variables.
#
AC_ARG_ENABLE(optimization,
AC_HELP_STRING([--disable-optimization],
[disable compiler optimization]),
[if test $enableval = no ; then
CFLAGS=`echo $CFLAGS | sed 's/-O[[0-9]]//'`
fi])
#
# Prepare building of estream
#
estream_INIT
#
# Decide what to build
#
if test "$have_adns" = "yes"; then
AC_SUBST(GPGKEYS_KDNS, "gpg2keys_kdns$EXEEXT")
fi
missing_pth=no
if test $have_ksba = no; then
build_gpgsm=no
build_scdaemon=no
fi
build_agent_threaded=""
if test "$build_agent" = "yes"; then
if test $have_pth = no; then
build_agent_threaded="(not multi-threaded)"
missing_pth=yes
fi
fi
build_scdaemon_extra=""
if test "$build_scdaemon" = "yes"; then
tmp=""
if test $have_pth = no; then
build_scdaemon_extra="not multi-threaded"
tmp=", "
missing_pth=yes
fi
if test $have_libusb = no; then
build_scdaemon_extra="${tmp}without internal CCID driver"
tmp=", "
fi
if test -n "$build_scdaemon_extra"; then
build_scdaemon_extra="(${build_scdaemon_extra})"
fi
fi
if test "$build_agent_only" = "yes" ; then
build_gpg=no
build_gpgsm=no
build_scdaemon=no
build_tools=no
build_doc=no
fi
AM_CONDITIONAL(BUILD_GPG, test "$build_gpg" = "yes")
AM_CONDITIONAL(BUILD_GPGSM, test "$build_gpgsm" = "yes")
AM_CONDITIONAL(BUILD_AGENT, test "$build_agent" = "yes")
AM_CONDITIONAL(BUILD_SCDAEMON, test "$build_scdaemon" = "yes")
AM_CONDITIONAL(BUILD_G13, test "$build_g13" = "yes")
AM_CONDITIONAL(BUILD_TOOLS, test "$build_tools" = "yes")
AM_CONDITIONAL(BUILD_DOC, test "$build_doc" = "yes")
AM_CONDITIONAL(BUILD_SYMCRYPTRUN, test "$build_symcryptrun" = "yes")
AM_CONDITIONAL(RUN_GPG_TESTS,
test x$cross_compiling = xno -a "$build_gpg" = yes )
#
# Print errors here so that they are visible all
# together and the user can acquire them all together.
#
die=no
if test "$have_gpg_error" = "no"; then
die=yes
AC_MSG_NOTICE([[
***
*** You need libgpg-error to build this program.
** This library is for example available at
*** ftp://ftp.gnupg.org/gcrypt/libgpg-error
*** (at least version $NEED_GPG_ERROR_VERSION is required.)
***]])
fi
if test "$have_libgcrypt" = "no"; then
die=yes
AC_MSG_NOTICE([[
***
*** You need libgcrypt to build this program.
** This library is for example available at
*** ftp://ftp.gnupg.org/gcrypt/libgcrypt/
*** (at least version $NEED_LIBGCRYPT_VERSION using API $NEED_LIBGCRYPT_API is required.)
***]])
fi
if test "$have_libassuan" = "no"; then
die=yes
AC_MSG_NOTICE([[
***
*** You need libassuan to build this program.
*** This library is for example available at
*** ftp://ftp.gnupg.org/gcrypt/libassuan/
*** (at least version $NEED_LIBASSUAN_VERSION (API $NEED_LIBASSUAN_API) is required).
***]])
fi
if test "$have_ksba" = "no"; then
AC_MSG_NOTICE([[
***
*** You need libksba to build this program.
*** This library is for example available at
*** ftp://ftp.gnupg.org/gcrypt/libksba/
*** (at least version $NEED_KSBA_VERSION using API $NEED_KSBA_API is required).
***]])
fi
if test "$missing_pth" = "yes"; then
AC_MSG_NOTICE([[
***
*** It is now required to build with support for the
*** GNU Portable Threads Library (Pth). Please install this
*** library first. The library is for example available at
*** ftp://ftp.gnu.org/gnu/pth/
*** On a Debian GNU/Linux system you can install it using
*** apt-get install libpth-dev
*** To build GnuPG for Windows you need to use the W32PTH
*** package; available at:
*** ftp://ftp.g10code.com/g10code/w32pth/
***]])
die=yes
fi
if test "$die" = "yes"; then
AC_MSG_ERROR([[
***
*** Required libraries not found. Please consult the above messages
*** and install them before running configure again.
***]])
fi
AC_CONFIG_FILES([ m4/Makefile
Makefile
po/Makefile.in
gl/Makefile
include/Makefile
jnlib/Makefile
common/Makefile
kbx/Makefile
g10/Makefile
sm/Makefile
agent/Makefile
scd/Makefile
g13/Makefile
keyserver/Makefile
keyserver/gpg2keys_mailto
keyserver/gpg2keys_test
tools/gpg-zip
tools/Makefile
doc/Makefile
tests/Makefile
tests/openpgp/Makefile
tests/pkits/Makefile
])
AC_OUTPUT
echo "
GnuPG v${VERSION} has been configured as follows:
Platform: $PRINTABLE_OS_NAME ($host)
OpenPGP: $build_gpg
S/MIME: $build_gpgsm
Agent: $build_agent $build_agent_threaded
Smartcard: $build_scdaemon $build_scdaemon_extra
G13: $build_g13
Protect tool: $show_gnupg_protect_tool_pgm
Default agent: $show_gnupg_agent_pgm
Default pinentry: $show_gnupg_pinentry_pgm
Default scdaemon: $show_gnupg_scdaemon_pgm
Default dirmngr: $show_gnupg_dirmngr_pgm
"
if test x"$use_regex" != xyes ; then
echo "
Warning: No regular expression support available.
OpenPGP trust signatures won't work.
gpg-check-pattern will not be build.
"
fi
diff --git a/doc/DETAILS b/doc/DETAILS
index 829407997..89f9e86a1 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -1,1268 +1,1268 @@
-*- text -*-
Format of colon listings
========================
First an example:
$ gpg --fixed-list-mode --with-colons --list-keys \
--with-fingerprint --with-fingerprint wk@gnupg.org
pub:f:1024:17:6C7EE1B8621CC013:899817715:1055898235::m:::scESC:
fpr:::::::::ECAF7590EB3443B5C7CF3ACB6C7EE1B8621CC013:
uid:f::::::::Werner Koch <wk@g10code.com>:
uid:f::::::::Werner Koch <wk@gnupg.org>:
sub:f:1536:16:06AD222CADF6A6E1:919537416:1036177416:::::e:
fpr:::::::::CF8BCC4B18DE08FCD8A1615906AD222CADF6A6E1:
sub:r:1536:20:5CE086B5B5A18FF4:899817788:1025961788:::::esc:
fpr:::::::::AB059359A3B81F410FCFF97F5CE086B5B5A18FF4:
The double --with-fingerprint prints the fingerprint for the subkeys
too. --fixed-list-mode is the modern listing way printing dates in
seconds since Epoch and does not merge the first userID with the pub
record; gpg2 does this by default and the option is a dummy.
1. Field: Type of record
pub = public key
crt = X.509 certificate
crs = X.509 certificate and private key available
sub = subkey (secondary key)
sec = secret key
ssb = secret subkey (secondary key)
uid = user id (only field 10 is used).
uat = user attribute (same as user id except for field 10).
sig = signature
rev = revocation signature
fpr = fingerprint: (fingerprint is in field 10)
pkd = public key data (special field format, see below)
grp = reserved for gpgsm
rvk = revocation key
tru = trust database information
spk = signature subpacket
2. Field: A letter describing the calculated validity. This is a single
letter, but be prepared that additional information may follow
in some future versions. (not used for secret keys)
o = Unknown (this key is new to the system)
i = The key is invalid (e.g. due to a missing self-signature)
d = The key has been disabled
(deprecated - use the 'D' in field 12 instead)
r = The key has been revoked
e = The key has expired
- = Unknown validity (i.e. no value assigned)
q = Undefined validity
'-' and 'q' may safely be treated as the same
value for most purposes
n = The key is valid
m = The key is marginal valid.
f = The key is fully valid
u = The key is ultimately valid. This often means
that the secret key is available, but any key may
be marked as ultimately valid.
If the validity information is given for a UID or UAT
record, it describes the validity calculated based on this
user ID. If given for a key record it describes the best
validity taken from the best rated user ID.
For X.509 certificates a 'u' is used for a trusted root
certificate (i.e. for the trust anchor) and an 'f' for all
other valid certificates.
3. Field: length of key in bits.
4. Field: Algorithm: 1 = RSA
16 = Elgamal (encrypt only)
17 = DSA (sometimes called DH, sign only)
20 = Elgamal (sign and encrypt - don't use them!)
(for other id's see include/cipher.h)
5. Field: KeyID
6. Field: Creation Date (in UTC). For UID and UAT records, this is
the self-signature date. Note that the date is usally
printed in seconds since epoch, however, we are migrating
to an ISO 8601 format (e.g. "19660205T091500"). This is
currently only relevant for X.509. A simple way to detect
the new format is to scan for the 'T'.
7. Field: Key or user ID/user attribute expiration date or empty if none.
8. Field: Used for serial number in crt records (used to be the Local-ID).
For UID and UAT records, this is a hash of the user ID contents
used to represent that exact user ID. For trust signatures,
this is the trust depth seperated by the trust value by a
space.
9. Field: Ownertrust (primary public keys only)
This is a single letter, but be prepared that additional
information may follow in some future versions. For trust
signatures with a regular expression, this is the regular
expression value, quoted as in field 10.
10. Field: User-ID. The value is quoted like a C string to avoid
control characters (the colon is quoted "\x3a").
For a "pub" record this field is not used on --fixed-list-mode.
A UAT record puts the attribute subpacket count here, a
space, and then the total attribute subpacket size.
In gpgsm the issuer name comes here
An FPR record stores the fingerprint here.
The fingerprint of an revocation key is stored here.
11. Field: Signature class as per RFC-4880. This is a 2 digit
hexnumber followed by either the letter 'x' for an
exportable signature or the letter 'l' for a local-only
signature. The class byte of an revocation key is also
given here, 'x' and 'l' is used the same way. IT is not
used for X.509.
12. Field: Key capabilities:
e = encrypt
s = sign
c = certify
a = authentication
A key may have any combination of them in any order. In
addition to these letters, the primary key has uppercase
versions of the letters to denote the _usable_
capabilities of the entire key, and a potential letter 'D'
to indicate a disabled key.
13. Field: Used in FPR records for S/MIME keys to store the
fingerprint of the issuer certificate. This is useful to
build the certificate path based on certificates stored in
the local keyDB; it is only filled if the issuer
certificate is available. The root has been reached if
this is the same string as the fingerprint. The advantage
of using this value is that it is guaranteed to have been
been build by the same lookup algorithm as gpgsm uses.
For "uid" records this lists the preferences in the same
way the gpg's --edit-key menu does.
For "sig" records, this is the fingerprint of the key that
issued the signature. Note that this is only filled in if
the signature verified correctly. Note also that for
various technical reasons, this fingerprint is only
available if --no-sig-cache is used.
14. Field Flag field used in the --edit menu output:
15. Field Used in sec/sbb to print the serial number of a token
(internal protect mode 1002) or a '#' if that key is a
simple stub (internal protect mode 1001)
All dates are displayed in the format yyyy-mm-dd unless you use the
option --fixed-list-mode in which case they are displayed as seconds
since Epoch. More fields may be added later, so parsers should be
prepared for this. When parsing a number the parser should stop at the
first non-number character so that additional information can later be
added.
If field 1 has the tag "pkd", a listing looks like this:
pkd:0:1024:B665B1435F4C2 .... FF26ABB:
! ! !-- the value
! !------ for information number of bits in the value
!--------- index (eg. DSA goes from 0 to 3: p,q,g,y)
Example for a "tru" trust base record:
tru:o:0:1166697654:1:3:1:5
The fields are:
2: Reason for staleness of trust. If this field is empty, then the
trustdb is not stale. This field may have multiple flags in it:
o: Trustdb is old
t: Trustdb was built with a different trust model than the one we
are using now.
3: Trust model:
0: Classic trust model, as used in PGP 2.x.
1: PGP trust model, as used in PGP 6 and later. This is the same
as the classic trust model, except for the addition of trust
signatures.
GnuPG before version 1.4 used the classic trust model by default.
GnuPG 1.4 and later uses the PGP trust model by default.
4: Date trustdb was created in seconds since 1970-01-01.
5: Date trustdb will expire in seconds since 1970-01-01.
6: Number of marginally trusted users to introduce a new key signer
(gpg's option --marginals-needed)
7: Number of completely trusted users to introduce a new key signer.
(gpg's option --completes-needed)
8: Maximum depth of a certification chain.
*gpg's option --max-cert-depth)
The "spk" signature subpacket records have the fields:
2: Subpacket number as per RFC-4880 and later.
3: Flags in hex. Currently the only two bits assigned are 1, to
indicate that the subpacket came from the hashed part of the
signature, and 2, to indicate the subpacket was marked critical.
4: Length of the subpacket. Note that this is the length of the
subpacket, and not the length of field 5 below. Due to the need
for %-encoding, the length of field 5 may be up to 3x this value.
5: The subpacket data. Printable ASCII is shown as ASCII, but other
values are rendered as %XX where XX is the hex value for the byte.
Format of the "--status-fd" output
==================================
Every line is prefixed with "[GNUPG:] ", followed by a keyword with
the type of the status line and a some arguments depending on the
type (maybe none); an application should always be prepared to see
more arguments in future versions.
NEWSIG
May be issued right before a signature verification starts. This
is useful to define a context for parsing ERROR status
messages. No arguments are currently defined.
GOODSIG <long_keyid_or_fpr> <username>
The signature with the keyid is good. For each signature only
one of the three codes GOODSIG, BADSIG or ERRSIG will be
emitted and they may be used as a marker for a new signature.
The username is the primary one encoded in UTF-8 and %XX
escaped. The fingerprint may be used instead of the long keyid
if it is available. This is the case with CMS and might
eventually also be available for OpenPGP.
EXPSIG <long_keyid_or_fpr> <username>
The signature with the keyid is good, but the signature is
expired. The username is the primary one encoded in UTF-8 and
%XX escaped. The fingerprint may be used instead of the long
keyid if it is available. This is the case with CMS and might
eventually also be available for OpenPGP.
EXPKEYSIG <long_keyid_or_fpr> <username>
The signature with the keyid is good, but the signature was
made by an expired key. The username is the primary one
encoded in UTF-8 and %XX escaped. The fingerprint may be used
instead of the long keyid if it is available. This is the
case with CMS and might eventually also be available for
OpenPGP.
REVKEYSIG <long_keyid_or_fpr> <username>
The signature with the keyid is good, but the signature was
made by a revoked key. The username is the primary one encoded
in UTF-8 and %XX escaped. The fingerprint may be used instead
of the long keyid if it is available. This is the case with
CMS and might eventually also be available for OpenPGP.
BADSIG <long_keyid_or_fpr> <username>
The signature with the keyid has not been verified okay. The
username is the primary one encoded in UTF-8 and %XX
escaped. The fingerprint may be used instead of the long keyid
if it is available. This is the case with CMS and might
eventually also be available for OpenPGP.
ERRSIG <long_keyid_or_fpr> <pubkey_algo> <hash_algo> \
<sig_class> <timestamp> <rc>
It was not possible to check the signature. This may be
caused by a missing public key or an unsupported algorithm. A
RC of 4 indicates unknown algorithm, a 9 indicates a missing
public key. The other fields give more information about this
signature. sig_class is a 2 byte hex-value. The fingerprint
may be used instead of the long keyid if it is available.
This is the case with CMS and might eventually also be
available for OpenPGP.
Note, that TIMESTAMP may either be a number with seconds since
epoch or an ISO 8601 string which can be detected by the
presence of the letter 'T' inside.
VALIDSIG <fingerprint in hex> <sig_creation_date> <sig-timestamp>
<expire-timestamp> <sig-version> <reserved> <pubkey-algo>
<hash-algo> <sig-class> [ <primary-key-fpr> ]
The signature with the keyid is good. This is the same as
GOODSIG but has the fingerprint as the argument. Both status
lines are emitted for a good signature. All arguments here
are on one long line. sig-timestamp is the signature creation
time in seconds after the epoch. expire-timestamp is the
signature expiration time in seconds after the epoch (zero
means "does not expire"). sig-version, pubkey-algo, hash-algo,
and sig-class (a 2-byte hex value) are all straight from the
signature packet. PRIMARY-KEY-FPR is the fingerprint of the
primary key or identical to the first argument. This is
useful to get back to the primary key without running gpg
again for this purpose.
The primary-key-fpr parameter is used for OpenPGP and not
available for CMS signatures. The sig-version as well as the
sig class is not defined for CMS and currently set to 0 and 00.
Note, that *-TIMESTAMP may either be a number with seconds
since epoch or an ISO 8601 string which can be detected by the
presence of the letter 'T' inside.
SIG_ID <radix64_string> <sig_creation_date> <sig-timestamp>
This is emitted only for signatures of class 0 or 1 which
have been verified okay. The string is a signature id
and may be used in applications to detect replay attacks
of signed messages. Note that only DLP algorithms give
unique ids - others may yield duplicated ones when they
have been created in the same second.
Note, that SIG-TIMESTAMP may either be a number with seconds
since epoch or an ISO 8601 string which can be detected by the
presence of the letter 'T' inside.
ENC_TO <long_keyid> <keytype> <keylength>
The message is encrypted to this LONG_KEYID. KEYTYPE is the
numerical value of the public key algorithm or 0 if it is not
known, KEYLENGTH is the length of the key or 0 if it is not
known (which is currently always the case). Gpg prints this
line always; Gpgsm only if it knows the certificate.
NODATA <what>
No data has been found. Codes for what are:
1 - No armored data.
2 - Expected a packet but did not found one.
3 - Invalid packet found, this may indicate a non OpenPGP
message.
4 - signature expected but not found
You may see more than one of these status lines.
UNEXPECTED <what>
Unexpected data has been encountered
0 - not further specified 1
TRUST_UNDEFINED <error token>
TRUST_NEVER <error token>
TRUST_MARGINAL [0 [<validation_model>]]
TRUST_FULLY [0 [<validation_model>]]
TRUST_ULTIMATE [0 [<validation_model>]]
For good signatures one of these status lines are emitted to
indicate the validity of the key used to create the signature.
The error token values are currently only emitted by gpgsm.
VALIDATION_MODEL describes the algorithm used to check the
validity of the key. The defaults are the standard Web of
Trust model for gpg and the the standard X.509 model for
gpgsm. The defined values are
"pgp" for the standard PGP WoT.
"shell" for the standard X.509 model.
"chain" for the chain model.
Note that we use the term "TRUST_" in the status names for
historic reasons; we now speak of validity.
PKA_TRUST_GOOD <mailbox>
PKA_TRUST_BAD <mailbox>
Depending on the outcome of the PKA check one of the above
status codes is emitted in addition to a TRUST_* status.
Without PKA info available or
SIGEXPIRED
This is deprecated in favor of KEYEXPIRED.
KEYEXPIRED <expire-timestamp>
The key has expired. expire-timestamp is the expiration time
in seconds since Epoch. This status line is not very useful
because it will also be emitted for expired subkeys even if
this subkey is not used. To check whether a key used to sign
a message has expired, the EXPKEYSIG status line is to be
used.
Note, that TIMESTAMP may either be a number with seconds since
epoch or an ISO 8601 string which can be detected by the
presence of the letter 'T' inside.
KEYREVOKED
The used key has been revoked by its owner. No arguments yet.
BADARMOR
The ASCII armor is corrupted. No arguments yet.
RSA_OR_IDEA
The IDEA algorithms has been used in the data. A
program might want to fallback to another program to handle
the data if GnuPG failed. This status message used to be emitted
also for RSA but this has been dropped after the RSA patent expired.
However we can't change the name of the message.
SHM_INFO
SHM_GET
SHM_GET_BOOL
SHM_GET_HIDDEN
GET_BOOL
GET_LINE
GET_HIDDEN
GOT_IT
NEED_PASSPHRASE <long main keyid> <long keyid> <keytype> <keylength>
Issued whenever a passphrase is needed.
keytype is the numerical value of the public key algorithm
or 0 if this is not applicable, keylength is the length
of the key or 0 if it is not known (this is currently always the case).
NEED_PASSPHRASE_SYM <cipher_algo> <s2k_mode> <s2k_hash>
Issued whenever a passphrase for symmetric encryption is needed.
NEED_PASSPHRASE_PIN <card_type> <chvno> [<serialno>]
Issued whenever a PIN is requested to unlock a card.
MISSING_PASSPHRASE
No passphrase was supplied. An application which encounters this
message may want to stop parsing immediately because the next message
will probably be a BAD_PASSPHRASE. However, if the application
is a wrapper around the key edit menu functionality it might not
make sense to stop parsing but simply ignoring the following
BAD_PASSPHRASE.
BAD_PASSPHRASE <long keyid>
The supplied passphrase was wrong or not given. In the latter case
you may have seen a MISSING_PASSPHRASE.
GOOD_PASSPHRASE
The supplied passphrase was good and the secret key material
is therefore usable.
DECRYPTION_FAILED
The symmetric decryption failed - one reason could be a wrong
passphrase for a symmetrical encrypted message.
DECRYPTION_OKAY
The decryption process succeeded. This means, that either the
correct secret key has been used or the correct passphrase
for a conventional encrypted message was given. The program
itself may return an errorcode because it may not be possible to
verify a signature for some reasons.
NO_PUBKEY <long keyid>
NO_SECKEY <long keyid>
The key is not available
IMPORT_CHECK <long keyid> <fingerprint> <user ID>
This status is emitted in interactive mode right before
the "import.okay" prompt.
IMPORTED <long keyid> <username>
The keyid and name of the signature just imported
IMPORT_OK <reason> [<fingerprint>]
The key with the primary key's FINGERPRINT has been imported.
Reason flags:
0 := Not actually changed
1 := Entirely new key.
2 := New user IDs
4 := New signatures
8 := New subkeys
16 := Contains private key.
The flags may be ORed.
IMPORT_PROBLEM <reason> [<fingerprint>]
Issued for each import failure. Reason codes are:
0 := "No specific reason given".
1 := "Invalid Certificate".
2 := "Issuer Certificate missing".
3 := "Certificate Chain too long".
4 := "Error storing certificate".
IMPORT_RES <count> <no_user_id> <imported> <imported_rsa> <unchanged>
<n_uids> <n_subk> <n_sigs> <n_revoc> <sec_read> <sec_imported> <sec_dups> <not_imported>
Final statistics on import process (this is one long line)
FILE_START <what> <filename>
Start processing a file <filename>. <what> indicates the performed
operation:
1 - verify
2 - encrypt
3 - decrypt
FILE_DONE
Marks the end of a file processing which has been started
by FILE_START.
BEGIN_DECRYPTION
END_DECRYPTION
Mark the start and end of the actual decryption process. These
are also emitted when in --list-only mode.
BEGIN_ENCRYPTION <mdc_method> <sym_algo>
END_ENCRYPTION
Mark the start and end of the actual encryption process.
BEGIN_SIGNING
Mark the start of the actual signing process. This may be used
as an indication that all requested secret keys are ready for
use.
DELETE_PROBLEM reason_code
Deleting a key failed. Reason codes are:
1 - No such key
2 - Must delete secret key first
3 - Ambigious specification
PROGRESS what char cur total
Used by the primegen and Public key functions to indicate progress.
"char" is the character displayed with no --status-fd enabled, with
the linefeed replaced by an 'X'. "cur" is the current amount
done and "total" is amount to be done; a "total" of 0 indicates that
the total amount is not known. The condition
TOATL && CUR == TOTAL
may be used to detect the end of an operation.
Well known values for WHAT:
"pk_dsa" - DSA key generation
"pk_elg" - Elgamal key generation
"primegen" - Prime generation
"need_entropy" - Waiting for new entropy in the RNG
"file:XXX" - processing file XXX
(note that current gpg versions leave out the
"file:" prefix).
"tick" - generic tick without any special meaning - useful
for letting clients know that the server is
still working.
"starting_agent" - A gpg-agent was started because it is not
running as a daemon.
"learncard" Send by the agent and gpgsm while learing
the data of a smartcard.
"card_busy" A smartcard is still working
SIG_CREATED <type> <pubkey algo> <hash algo> <class> <timestamp> <key fpr>
A signature has been created using these parameters.
type: 'D' = detached
'C' = cleartext
'S' = standard
(only the first character should be checked)
class: 2 hex digits with the signature class
Note, that TIMESTAMP may either be a number with seconds since
epoch or an ISO 8601 string which can be detected by the
presence of the letter 'T' inside.
KEY_CREATED <type> <fingerprint> [<handle>]
A key has been created
type: 'B' = primary and subkey
'P' = primary
'S' = subkey
The fingerprint is one of the primary key for type B and P and
the one of the subkey for S. Handle is an arbitrary
non-whitespace string used to match key parameters from batch
key creation run.
KEY_NOT_CREATED [<handle>]
The key from batch run has not been created due to errors.
SESSION_KEY <algo>:<hexdigits>
The session key used to decrypt the message. This message will
only be emitted when the special option --show-session-key
is used. The format is suitable to be passed to the option
--override-session-key
NOTATION_NAME <name>
NOTATION_DATA <string>
name and string are %XX escaped; the data may be split
among several NOTATION_DATA lines.
USERID_HINT <long main keyid> <string>
Give a hint about the user ID for a certain keyID.
POLICY_URL <string>
string is %XX escaped
BEGIN_STREAM
END_STREAM
Issued by pipemode.
INV_RECP <reason> <requested_recipient>
INV_SGNR <reason> <requested_sender>
Issued for each unusable recipient/sender. The reasons codes
currently in use are:
0 := "No specific reason given".
1 := "Not Found"
2 := "Ambigious specification"
3 := "Wrong key usage"
4 := "Key revoked"
5 := "Key expired"
6 := "No CRL known"
7 := "CRL too old"
8 := "Policy mismatch"
9 := "Not a secret key"
10 := "Key not trusted"
11 := "Missing certificate" (e.g. intermediate or root cert.)
Note that for historical reasons the INV_RECP status is also
used for gpgsm's SIGNER command where it relates to signer's
of course. Newer GnuPG versions are using INV_SGNR;
applications should ignore the INV_RECP during the sender's
command processing once they have seen an INV_SGNR. We use
different code so that we can distinguish them while doing an
encrypt+sign.
NO_RECP <reserved>
NO_SGNR <reserved>
Issued when no recipients/senders are usable.
ALREADY_SIGNED <long-keyid>
Warning: This is experimental and might be removed at any time.
TRUNCATED <maxno>
The output was truncated to MAXNO items. This status code is issued
for certain external requests
ERROR <error location> <error code> [<more>]
This is a generic error status message, it might be followed
by error location specific data. <error code> and
<error_location> should not contain spaces. The error code is
a either a string commencing with a letter or such a string
prefixed with a numerical error code and an underscore; e.g.:
"151011327_EOF".
ATTRIBUTE <fpr> <octets> <type> <index> <count>
<timestamp> <expiredate> <flags>
This is one long line issued for each attribute subpacket when
an attribute packet is seen during key listing. <fpr> is the
fingerprint of the key. <octets> is the length of the
attribute subpacket. <type> is the attribute type
(1==image). <index>/<count> indicates that this is the Nth
indexed subpacket of count total subpackets in this attribute
packet. <timestamp> and <expiredate> are from the
self-signature on the attribute packet. If the attribute
packet does not have a valid self-signature, then the
timestamp is 0. <flags> are a bitwise OR of:
0x01 = this attribute packet is a primary uid
0x02 = this attribute packet is revoked
0x04 = this attribute packet is expired
CARDCTRL <what> [<serialno>]
This is used to control smartcard operations.
Defined values for WHAT are:
1 = Request insertion of a card. Serialnumber may be given
to request a specific card. Used by gpg 1.4 w/o scdaemon.
2 = Request removal of a card. Used by gpg 1.4 w/o scdaemon.
3 = Card with serialnumber detected
4 = No card available.
5 = No card reader available
6 = No card support available
PLAINTEXT <format> <timestamp> <filename>
This indicates the format of the plaintext that is about to be
written. The format is a 1 byte hex code that shows the
format of the plaintext: 62 ('b') is binary data, 74 ('t') is
text data with no character set specified, and 75 ('u') is
text data encoded in the UTF-8 character set. The timestamp
is in seconds since the epoch. If a filename is available it
gets printed as the third argument, percent-escaped as usual.
PLAINTEXT_LENGTH <length>
This indicates the length of the plaintext that is about to be
written. Note that if the plaintext packet has partial length
encoding it is not possible to know the length ahead of time.
In that case, this status tag does not appear.
SIG_SUBPACKET <type> <flags> <len> <data>
This indicates that a signature subpacket was seen. The
format is the same as the "spk" record above.
SC_OP_FAILURE [<code>]
An operation on a smartcard definitely failed. Currently
there is no indication of the actual error code, but
application should be prepared to later accept more arguments.
Defined values for CODE are:
0 - unspecified error (identically to a missing CODE)
1 - canceled
2 - bad PIN
SC_OP_SUCCESS
A smart card operaion succeeded. This status is only printed
for certain operation and is mostly useful to check whether a
PIN change really worked.
BACKUP_KEY_CREATED fingerprint fname
A backup key named FNAME has been created for the key with
KEYID.
MOUNTPOINT <name>
NAME is a percent-plus escaped filename describing the
mountpoint for the current operation (e.g. g13 --mount). This
may either be the specified mountpoint or one randomly choosen
by g13.
Format of the "--attribute-fd" output
=====================================
When --attribute-fd is set, during key listings (--list-keys,
--list-secret-keys) GnuPG dumps each attribute packet to the file
descriptor specified. --attribute-fd is intended for use with
--status-fd as part of the required information is carried on the
ATTRIBUTE status tag (see above).
The contents of the attribute data is specified by RFC 4880. For
convenience, here is the Photo ID format, as it is currently the only
attribute defined:
Byte 0-1: The length of the image header. Due to a historical
accident (i.e. oops!) back in the NAI PGP days, this is
a little-endian number. Currently 16 (0x10 0x00).
Byte 2: The image header version. Currently 0x01.
Byte 3: Encoding format. 0x01 == JPEG.
Byte 4-15: Reserved, and currently unused.
All other data after this header is raw image (JPEG) data.
Format of the "--list-config" output
====================================
--list-config outputs information about the GnuPG configuration for
the benefit of frontends or other programs that call GnuPG. There are
several list-config items, all colon delimited like the rest of the
--with-colons output. The first field is always "cfg" to indicate
configuration information. The second field is one of (with
examples):
version: the third field contains the version of GnuPG.
cfg:version:1.3.5
pubkey: the third field contains the public key algorithmdcaiphers
this version of GnuPG supports, separated by semicolons. The
algorithm numbers are as specified in RFC-4880.
cfg:pubkey:1;2;3;16;17
cipher: the third field contains the symmetric ciphers this version of
GnuPG supports, separated by semicolons. The cipher numbers
are as specified in RFC-4880.
cfg:cipher:2;3;4;7;8;9;10
digest: the third field contains the digest (hash) algorithms this
version of GnuPG supports, separated by semicolons. The
digest numbers are as specified in RFC-4880.
cfg:digest:1;2;3;8;9;10
compress: the third field contains the compression algorithms this
version of GnuPG supports, separated by semicolons. The
algorithm numbers are as specified in RFC-4880.
cfg:compress:0;1;2;3
group: the third field contains the name of the group, and the fourth
field contains the values that the group expands to, separated
by semicolons.
For example, a group of:
group mynames = paige 0x12345678 joe patti
would result in:
cfg:group:mynames:patti;joe;0x12345678;paige
Key generation
==============
See the Libcrypt manual.
Unattended key generation
=========================
This feature allows unattended generation of keys controlled by a
parameter file. To use this feature, you use --gen-key together with
--batch and feed the parameters either from stdin or from a file given
on the commandline.
The format of this file is as follows:
o Text only, line length is limited to about 1000 chars.
o You must use UTF-8 encoding to specify non-ascii characters.
o Empty lines are ignored.
o Leading and trailing spaces are ignored.
o A hash sign as the first non white space character indicates a comment line.
o Control statements are indicated by a leading percent sign, the
arguments are separated by white space from the keyword.
o Parameters are specified by a keyword, followed by a colon. Arguments
are separated by white space.
o The first parameter must be "Key-Type", control statements
may be placed anywhere.
o Key generation takes place when either the end of the parameter file
is reached, the next "Key-Type" parameter is encountered or at the
control statement "%commit"
o Control statements:
%echo <text>
Print <text>.
%dry-run
Suppress actual key generation (useful for syntax checking).
%commit
Perform the key generation. An implicit commit is done
at the next "Key-Type" parameter.
%pubring <filename>
%secring <filename>
Do not write the key to the default or commandline given
keyring but to <filename>. This must be given before the first
commit to take place, duplicate specification of the same filename
is ignored, the last filename before a commit is used.
The filename is used until a new filename is used (at commit points)
and all keys are written to that file. If a new filename is given,
this file is created (and overwrites an existing one).
Both control statements must be given.
%ask-passphrase
Enable a mode where the command "passphrase" is ignored and
instead the usual passphrase dialog is used. This does not
make sense for batch key generation; however the unattended
key generation feature is also used by GUIs and this feature
relinquishes the GUI from implementing its own passphrase
entry code. This is a global option.
%no-ask-passphrase
Disable the ask-passphrase mode.
o The order of the parameters does not matter except for "Key-Type"
which must be the first parameter. The parameters are only for the
generated keyblock and parameters from previous key generations are not
used. Some syntactically checks may be performed.
The currently defined parameters are:
Key-Type: <algo-number>|<algo-string>
Starts a new parameter block by giving the type of the primary
key. The algorithm must be capable of signing. This is a
required parameter. It may be "default" to use the default
one; in this case don't give a Key-Usage and use "default" for
the Subkey-Type.
Key-Length: <length-in-bits>
Length of the key in bits. The default is returned by running
the command "gpg --gpgconf-list".
Key-Usage: <usage-list>
Space or comma delimited list of key usage, allowed values are
"encrypt", "sign", and "auth". This is used to generate the
key flags. Please make sure that the algorithm is capable of
this usage. Note that OpenPGP requires that all primary keys
are capable of certification, so no matter what usage is given
here, the "cert" flag will be on. If no Key-Usage is
specified and the key-type is not "default", all allowed
usages for that particular algorithm are used; if it is not
given but "default" is used the usage will be "sign".
Subkey-Type: <algo-number>|<algo-string>
This generates a secondary key. Currently only one subkey
- can be handled.
+ can be handled. "default" is also supported.
Subkey-Length: <length-in-bits>
Length of the subkey in bits. The default is returned by running
the command "gpg --gpgconf-list".
Subkey-Usage: <usage-list>
Similar to Key-Usage.
Passphrase: <string>
If you want to specify a passphrase for the secret key,
enter it here. Default is not to use any passphrase.
Name-Real: <string>
Name-Comment: <string>
Name-Email: <string>
The 3 parts of a key. Remember to use UTF-8 here.
If you don't give any of them, no user ID is created.
Expire-Date: <iso-date>|(<number>[d|w|m|y])
Set the expiration date for the key (and the subkey). It may
either be entered in ISO date format (2000-08-15) or as number
of days, weeks, month or years. The special notation
"seconds=N" is also allowed to directly give an Epoch
value. Without a letter days are assumed. Note that there is
no check done on the overflow of the type used by OpenPGP for
timestamps. Thus you better make sure that the given value
make sense. Although OpenPGP works with time intervals, GnuPG
uses an absolute value internally and thus the last year we
can represent is 2105.
Creation-Date: <iso-date>
Set the creation date of the key as stored in the key
information and which is also part of the fingerprint
calculation. Either a date like "1986-04-26" or a full
timestamp like "19860426T042640" may be used. The time is
considered to be UTC. If it is not given the current time
is used.
Preferences: <string>
Set the cipher, hash, and compression preference values for
this key. This expects the same type of string as "setpref"
in the --edit menu.
Revoker: <algo>:<fpr> [sensitive]
Add a designated revoker to the generated key. Algo is the
public key algorithm of the designated revoker (i.e. RSA=1,
DSA=17, etc.) Fpr is the fingerprint of the designated
revoker. The optional "sensitive" flag marks the designated
revoker as sensitive information. Only v4 keys may be
designated revokers.
Handle: <string>
This is an optional parameter only used with the status lines
KEY_CREATED and KEY_NOT_CREATED. STRING may be up to 100
characters and should not contain spaces. It is useful for
batch key generation to associate a key parameter block with a
status line.
Keyserver: <string>
This is an optional parameter that specifies the preferred
keyserver URL for the key.
Here is an example on how to create a key:
$ cat >foo <<EOF
%echo Generating a basic OpenPGP key
Key-Type: DSA
Key-Length: 1024
Subkey-Type: ELG-E
Subkey-Length: 1024
Name-Real: Joe Tester
Name-Comment: with stupid passphrase
Name-Email: joe@foo.bar
Expire-Date: 0
Passphrase: abc
%pubring foo.pub
%secring foo.sec
# Do a commit here, so that we can later print "done" :-)
%commit
%echo done
EOF
$ gpg --batch --gen-key foo
[...]
$ gpg --no-default-keyring --secret-keyring ./foo.sec \
--keyring ./foo.pub --list-secret-keys
/home/wk/work/gnupg-stable/scratch/foo.sec
------------------------------------------
sec 1024D/915A878D 2000-03-09 Joe Tester (with stupid passphrase) <joe@foo.bar>
ssb 1024g/8F70E2C0 2000-03-09
If you want to create a key with the default algorithms you would
use these parameters:
%echo Generating a default key
Key-Type: default
Subkey-Type: default
Name-Real: Joe Tester
Name-Comment: with stupid passphrase
Name-Email: joe@foo.bar
Expire-Date: 0
Passphrase: abc
%pubring foo.pub
%secring foo.sec
# Do a commit here, so that we can later print "done" :-)
%commit
%echo done
Layout of the TrustDB
=====================
The TrustDB is built from fixed length records, where the first byte
describes the record type. All numeric values are stored in network
byte order. The length of each record is 40 bytes. The first record of
the DB is always of type 1 and this is the only record of this type.
FIXME: The layout changed, document it here.
Record type 0:
--------------
Unused record, can be reused for any purpose.
Record type 1:
--------------
Version information for this TrustDB. This is always the first
record of the DB and the only one with type 1.
1 byte value 1
3 bytes 'gpg' magic value
1 byte Version of the TrustDB (2)
1 byte marginals needed
1 byte completes needed
1 byte max_cert_depth
The three items are used to check whether the cached
validity value from the dir record can be used.
1 u32 locked flags [not used]
1 u32 timestamp of trustdb creation
1 u32 timestamp of last modification which may affect the validity
of keys in the trustdb. This value is checked against the
validity timestamp in the dir records.
1 u32 timestamp of last validation [currently not used]
(Used to keep track of the time, when this TrustDB was checked
against the pubring)
1 u32 record number of keyhashtable [currently not used]
1 u32 first free record
1 u32 record number of shadow directory hash table [currently not used]
It does not make sense to combine this table with the key table
because the keyid is not in every case a part of the fingerprint.
1 u32 record number of the trusthashtbale
Record type 2: (directory record)
--------------
Informations about a public key certificate.
These are static values which are never changed without user interaction.
1 byte value 2
1 byte reserved
1 u32 LID . (This is simply the record number of this record.)
1 u32 List of key-records (the first one is the primary key)
1 u32 List of uid-records
1 u32 cache record
1 byte ownertrust
1 byte dirflag
1 byte maximum validity of all the user ids
1 u32 time of last validity check.
1 u32 Must check when this time has been reached.
(0 = no check required)
Record type 3: (key record)
--------------
Informations about a primary public key.
(This is mainly used to lookup a trust record)
1 byte value 3
1 byte reserved
1 u32 LID
1 u32 next - next key record
7 bytes reserved
1 byte keyflags
1 byte pubkey algorithm
1 byte length of the fingerprint (in bytes)
20 bytes fingerprint of the public key
(This is the value we use to identify a key)
Record type 4: (uid record)
--------------
Informations about a userid
We do not store the userid but the hash value of the userid because that
is sufficient.
1 byte value 4
1 byte reserved
1 u32 LID points to the directory record.
1 u32 next next userid
1 u32 pointer to preference record
1 u32 siglist list of valid signatures
1 byte uidflags
1 byte validity of the key calculated over this user id
20 bytes ripemd160 hash of the username.
Record type 5: (pref record)
--------------
This record type is not anymore used.
1 byte value 5
1 byte reserved
1 u32 LID; points to the directory record (and not to the uid record!).
(or 0 for standard preference record)
1 u32 next
30 byte preference data
Record type 6 (sigrec)
-------------
Used to keep track of key signatures. Self-signatures are not
stored. If a public key is not in the DB, the signature points to
a shadow dir record, which in turn has a list of records which
might be interested in this key (and the signature record here
is one).
1 byte value 6
1 byte reserved
1 u32 LID points back to the dir record
1 u32 next next sigrec of this uid or 0 to indicate the
last sigrec.
6 times
1 u32 Local_id of signatures dir or shadow dir record
1 byte Flag: Bit 0 = checked: Bit 1 is valid (we have a real
directory record for this)
1 = valid is set (but may be revoked)
Record type 8: (shadow directory record)
--------------
This record is used to reserve a LID for a public key. We
need this to create the sig records of other keys, even if we
do not yet have the public key of the signature.
This record (the record number to be more precise) will be reused
as the dir record when we import the real public key.
1 byte value 8
1 byte reserved
1 u32 LID (This is simply the record number of this record.)
2 u32 keyid
1 byte pubkey algorithm
3 byte reserved
1 u32 hintlist A list of records which have references to
this key. This is used for fast access to
signature records which are not yet checked.
Note, that this is only a hint and the actual records
may not anymore hold signature records for that key
but that the code cares about this.
18 byte reserved
Record Type 10 (hash table)
--------------
Due to the fact that we use fingerprints to lookup keys, we can
implement quick access by some simple hash methods, and avoid
the overhead of gdbm. A property of fingerprints is that they can be
used directly as hash values. (They can be considered as strong
random numbers.)
What we use is a dynamic multilevel architecture, which combines
hashtables, record lists, and linked lists.
This record is a hashtable of 256 entries; a special property
is that all these records are stored consecutively to make one
big table. The hash value is simple the 1st, 2nd, ... byte of
the fingerprint (depending on the indirection level).
When used to hash shadow directory records, a different table is used
and indexed by the keyid.
1 byte value 10
1 byte reserved
n u32 recnum; n depends on the record length:
n = (reclen-2)/4 which yields 9 for the current record length
of 40 bytes.
the total number of such record which makes up the table is:
m = (256+n-1) / n
which is 29 for a record length of 40.
To look up a key we use the first byte of the fingerprint to get
the recnum from this hashtable and look up the addressed record:
- If this record is another hashtable, we use 2nd byte
to index this hash table and so on.
- if this record is a hashlist, we walk all entries
until we found one a matching one.
- if this record is a key record, we compare the
fingerprint and to decide whether it is the requested key;
Record type 11 (hash list)
--------------
see hash table for an explanation.
This is also used for other purposes.
1 byte value 11
1 byte reserved
1 u32 next next hash list record
n times n = (reclen-5)/5
1 u32 recnum
For the current record length of 40, n is 7
Record type 254 (free record)
---------------
All these records form a linked list of unused records.
1 byte value 254
1 byte reserved (0)
1 u32 next_free
GNU extensions to the S2K algorithm
===================================
S2K mode 101 is used to identify these extensions.
After the hash algorithm the 3 bytes "GNU" are used to make
clear that these are extensions for GNU, the next bytes gives the
GNU protection mode - 1000. Defined modes are:
1001 - do not store the secret part at all
1002 - a stub to access smartcards (not used in 1.2.x)
Other Notes
===========
* For packet version 3 we calculate the keyids this way:
RSA := low 64 bits of n
ELGAMAL := build a v3 pubkey packet (with CTB 0x99) and calculate
a rmd160 hash value from it. This is used as the
fingerprint and the low 64 bits are the keyid.
* Revocation certificates consist only of the signature packet;
"import" knows how to handle this. The rationale behind it is
to keep them small.
OIDs below the GnuPG arc:
=========================
1.3.6.1.4.1.11591.2 GnuPG
1.3.6.1.4.1.11591.2.1 notation
1.3.6.1.4.1.11591.2.1.1 pkaAddress
1.3.6.1.4.1.11591.2.12242973 invalid encoded OID
Keyserver Message Format
=========================
The keyserver may be contacted by a Unix Domain socket or via TCP.
The format of a request is:
====
command-tag
"Content-length:" digits
CRLF
=======
Where command-tag is
NOOP
GET <user-name>
PUT
DELETE <user-name>
The format of a response is:
======
"GNUPG/1.0" status-code status-text
"Content-length:" digits
CRLF
============
followed by <digits> bytes of data
Status codes are:
o 1xx: Informational - Request received, continuing process
o 2xx: Success - The action was successfully received, understood,
and accepted
o 4xx: Client Error - The request contains bad syntax or cannot be
fulfilled
o 5xx: Server Error - The server failed to fulfill an apparently
valid request
Documentation on HKP (the http keyserver protocol):
A minimalistic HTTP server on port 11371 recognizes a GET for /pks/lookup.
The standard http URL encoded query parameters are this (always key=value):
- op=index (like pgp -kv), op=vindex (like pgp -kvv) and op=get (like
pgp -kxa)
- search=<stringlist>. This is a list of words that must occur in the key.
The words are delimited with space, points, @ and so on. The delimiters
are not searched for and the order of the words doesn't matter (but see
next option).
- exact=on. This switch tells the hkp server to only report exact matching
keys back. In this case the order and the "delimiters" are important.
- fingerprint=on. Also reports the fingerprints when used with 'index' or
'vindex'
The keyserver also recognizes http-POSTs to /pks/add. Use this to upload
keys.
A better way to do this would be a request like:
/pks/lookup/<gnupg_formatierte_user_id>?op=<operation>
This can be implemented using Hurd's translator mechanism.
However, I think the whole key server stuff has to be re-thought;
I have some ideas and probably create a white paper.
diff --git a/tools/ChangeLog b/tools/ChangeLog
index eaa60bb99..02e67f922 100644
--- a/tools/ChangeLog
+++ b/tools/ChangeLog
@@ -1,1062 +1,1066 @@
+2009-12-07 Werner Koch <wk@g10code.com>
+
+ * no-libgcrypt.c (gcry_strdup): Actually copy the string.
+
2009-11-23 Werner Koch <wk@g10code.com>
* gpgconf-comp.c (gc_options_gpg): Add default_pubkey_algo.
2009-11-05 Marcus Brinkmann <marcus@g10code.de>
* gpg-connect-agent.c (start_agent): Update use of
assuan_socket_connect and assuan_pipe_connect.
2009-11-04 Werner Koch <wk@g10code.com>
* gpg-connect-agent.c (read_and_print_response): Add arg WITHHASH.
(main): Pass true for WITHHASH for the HELP command.
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* gpg-connect-agent.c (getinfo_pid_cb, read_and_print_response)
(main): Update to new Assuan API.
2009-07-21 Werner Koch <wk@g10code.com>
* gpgsplit.c (my_strusage): Remove i18n stuff.
2009-07-07 Werner Koch <wk@g10code.com>
* gpg-connect-agent.c (start_agent): Adjust for changed args of
send_pinentry_environment.
2009-06-30 Werner Koch <wk@g10code.com>
* ccidmon.c (parse_line_sniffusb): Take also TAB as delimiter.
2009-06-29 Werner Koch <wk@g10code.com>
* ccidmon.c (parse_line_sniffusb): New.
(main): Add option --sniffusb.
2009-06-08 Werner Koch <wk@g10code.com>
* gpgconf.c (main): Call gnupg_reopen_std. Should fix bug#1072.
2009-05-19 Werner Koch <wk@g10code.com>
* watchgnupg.c: Include jnlib/mischelp.h if required.
(main): Use SUN_LEN.
2009-04-17 Werner Koch <wk@g10code.com>
* ccidmon.c: New.
2009-03-03 Werner Koch <wk@g10code.com>
* gpgconf.c: New command --reload.
* gpgconf-comp.c (gc_component_reload): New.
2009-03-02 Werner Koch <wk@g10code.com>
* gpgconf-comp.c (scdaemon_runtime_change): Killsc d only if it is
not running.
2009-02-27 Werner Koch <wk@g10code.com>
* gpgconf-comp.c (gpg_agent_runtime_change): Declare static.
(scdaemon_runtime_change): New.
(gc_backend_scdaemon): Register new function.
(gc_options_scdaemon): Make most options runtime changable.
2009-01-20 Werner Koch <wk@g10code.com>
* gpgconf.c (main): Print more directories.
2008-12-09 Werner Koch <wk@g10code.com>
* gpg-check-pattern.c (main): Call i18n_init before
init_common_subsystems.
* gpg-connect-agent.c (main): Ditto.
* gpgconf.c (main): Ditto.
* symcryptrun.c (main): Ditto.
2008-12-08 Werner Koch <wk@g10code.com>
* gpgkey2ssh.c (main): Change order of output for RSA. Change name
of DSA identifier. Reported by Daniel Kahn Gillmor. This is
bug#901.
2008-12-05 Werner Koch <wk@g10code.com>
* gpg-connect-agent.c (opts): Use ARGPARSE_ macros.
(start_agent) [W32]: Start agent if not running.
2008-12-03 Werner Koch <wk@g10code.com>
* gpgconf-comp.c <scdaemon>: Add option --card-timeout. Remove
unused option --disable-opensc.
2008-10-20 Werner Koch <wk@g10code.com>
* gpgsplit.c (write_part): Remove unused arg FNAME. Change caller.
(do_split): Ditto.
* no-libgcrypt.c (gcry_control): Mark unused arg.
* gpg-connect-agent.c (do_recvfd): Ditto.
* gpgparsemail.c (mime_signed_begin, mime_encrypted_begin): Ditto.
(pkcs7_begin): Ditto.
2008-10-01 Werner Koch <wk@g10code.com>
* gpg-connect-agent.c (main): New command datafile.
(read_and_print_response): Print to the defined datafile.
2008-09-30 Werner Koch <wk@g10code.com>
* gpgconf.c (main) <aListDirs>: Print the bindir.
2008-08-06 Marcus Brinkmann <marcus@g10code.de>
* gpgconf-comp.c (gc_options_gpgsm): Change type of keyserver
option to GC_ARG_TYPE_LDAP_SERVER.
* gpgconf-comp.c (retrieve_options_from_file): Transfer the
NO_CHANGE flag from the file name option to the list option.
2008-06-19 Werner Koch <wk@g10code.com>
* gpgconf-comp.c (GC_ARG_TYPE_ALIAS_LIST): New.
(gc_arg_type): Add fallback type.
(gc_options_gpg): Add option "group".
2008-06-12 Marcus Brinkmann <marcus@g10code.de>
* gpgconf-comp.c (gc_options_gpgsm): Add option keyserver.
2008-05-26 Marcus Brinkmann <marcus@g10code.de>
* gpgconf-comp.c: Replace pathname by filename everywhere.
* gpgconf.c (enum cmd_and_opt_values): Add aListDirs.
(opts): Add aListDirs option.
(main): Handle aListDirs.
* gpgconf.h (gc_percent_escape): New declaration.
* gpgconf-comp.c (my_percent_escape): Make non-static and rename
to ...
(gc_percent_escape): ... this. Change all callers.
2008-05-26 Werner Koch <wk@g10code.com>
* gpgconf-comp.c (gpg_agent_runtime_change) [W32]: Issue
"reloadagent" command to gpg-agent.
* gpg-connect-agent.c (main): Allow server command on the command
line.
2008-05-20 Marcus Brinkmann <marcus@g10code.de>
* gpgconf.h (gc_component_check_programs): Rename to ...
(gc_check_programs): ... this.
(gc_component_change_options): Add argument OUT.
(gc_component_check_options): New function.
* gpgconf.c (enum cmd_and_opt_values): New option aCheckOptions.
(opts): Add new option aCheckOptions (aka --check-options).
(main): Handle new option aCheckOptions.
* gpgconf-comp.c (gc_component_check_programs): Rename to ...
(gc_check_programs): ... this. Refactor core of it to ...
(gc_component_check_options): ... this new function.
(gc_component_change_options): Add new argument OUT. Externally
verify all changes. Implement option --dry-run.
2008-05-09 Werner Koch <wk@g10code.com>
* gpgconf-comp.c (my_dgettext) [USE_SIMPLE_GETTEXT]: Hack to
parly support translations.
2008-04-08 Werner Koch <wk@g10code.com>
* gpgconf-comp.c (gc_options_gpg): Add --auto-key-locate.
2008-03-26 Werner Koch <wk@g10code.com>
* make-dns-cert.c: Include unistd.h. Use config.h if requested.
(cert_key): Protect read against EINTR.
(main): Print SVN revision for standalone version.
2008-03-05 Werner Koch <wk@g10code.com>
* gpg-connect-agent.c (arithmetic_op): Add logical not, or and and.
(get_var_ext): Add functions errcode, errsource and errstring.
(read_and_print_response): Store server reply in $? variable.
(main): Implement IF command.
2008-02-27 Marcus Brinkmann <marcus@g10code.de>
* gpgconf-comp.c (option_check_validity): For now, error out on
empty strings.
(enum): Add GC_ARG_TYPE_PUB_KEY and GC_ARG_TYPE_SEC_KEY.
2008-02-01 Marcus Brinkmann <marcus@g10code.de>
* gpgconf-comp.c (gc_component_list_options): Fix memcpy.
Reported by Marc Mutz.
2008-01-22 Werner Koch <wk@g10code.com>
* gpgconf-comp.c: Use gnupg domain for honor-http-proxy. Make
"LDAP server list" group title translatable.
2008-01-17 Marcus Brinkmann <marcus@g10code.de>
* gpgconf-comp.c (change_options_program): Strip duplicated
utf8-strings entries for gnupg backend. Don't create them either.
2007-12-10 Marcus Brinkmann <marcus@g10code.de>
* gpgconf-comp.c (gc_component_list_options): Fix up expert level
of group.
2007-12-04 Marcus Brinkmann <marcus@g10code.de>
* gpgconf-comp.c (gc_component_list_components): Do not print a
trailing semi-colon to ensure forward compatibility, as this would
indicate another empty field.
(gc_process_gpgconf_conf): Likewise.
2007-11-15 Werner Koch <wk@g10code.com>
* gpg-connect-agent.c (start_agent): Adjust changed
send_pinentry_environment.
2007-10-24 Werner Koch <wk@g10code.com>
* gpg-connect-agent.c (substitute_line): Restore temporary nul
marker.
(main): Add /while command.
2007-10-23 Werner Koch <wk@g10code.com>
* gpgconf-comp.c (gc_process_gpgconf_conf): Add arg
LISTFP. Changed all callers.
* gpgconf.h: Add gc_error.
* gpgconf.c: Add command --list-config.
(get_outfp): New.
(main): Make --output work.
* gpgconf-comp.c (gc_options_gpg_agent): Replace accidently used
GC_BACKEND_SCDAEMON. We should consider to create these tables
from plain files.
2007-10-22 Werner Koch <wk@g10code.com>
* gpgconf-comp.c (retrieve_options_from_program): Replace use of
popen by our gnupg_spawn_process_fd. This is required because
popen under Windows can't handle long filenames.
2007-10-19 Werner Koch <wk@g10code.com>
* symcryptrun.c (confucius_get_pass): Use utf8 switching functions.
* gpg-connect-agent.c (get_var_ext): New.
(substitute_line): Use it.
(assign_variable): Implement /slet in terms of get_var_ext.
(main): New option -s/--subst.
(add_definq): Add arg IS_VAR. Change all callers.
(main): Add command /definq.
(handle_inquire): Implement new command.
(substitute_line_copy): New.
(unescape_string, unpercent_string): New.
* no-libgcrypt.c (gcry_set_outofcore_handler)
(gcry_set_fatalerror_handler, gcry_set_log_handler): New.
* Makefile.am (gpg_connect_agent_LDADD): Link to libreadline.
* gpgconf-comp.c (retrieve_options_from_file): Don't call fclose
with NULL. Fixes bug 842.
2007-10-12 Werner Koch <wk@g10code.com>
* gpg-connect-agent.c (substitute_line): Allow ${foo} syntax.
2007-10-11 Werner Koch <wk@g10code.com>
* gpg-connect-agent.c (get_var): Expand environment variables.
Suggested by Marc Mutz.
(set_var): Return the value.
(assign_variable): Add arg syslet.
(main): New command /slet.
(gnu_getcwd): New.
(assign_variable): Add tag cwd, and *dir.
2007-10-02 Werner Koch <wk@g10code.com>
* no-libgcrypt.c (gcry_malloc_secure): New.
* gpg-connect-agent.c (set_var, set_int_var, get_var)
(substitute_line, show_variables, assign_variable)
(do_open, do_close, do_showopen): New.
(main): Add new commands /nosubst, /subst, /let, /showvar, /open,
/close and /showopen.
(main): New commands /run and /bye.
2007-10-01 Werner Koch <wk@g10code.com>
* gpg-connect-agent.c (do_sendfd): Use INT2FD for assuan_sendfd.
2007-09-26 Werner Koch <wk@g10code.com>
* gpg-connect-agent.c (main): Print the first response from the
server.
2007-09-14 Werner Koch <wk@g10code.com>
* gpgconf-comp.c: Make a string translatable.
2007-09-04 Moritz Schulte <moritz@g10code.com>
* gpgsm-gencert.sh: Use printf instead of echo.
2007-09-04 Moritz Schulte <moritz@g10code.com>
* gpgkey2ssh.c: Include sysutils.h so that gnupg_tmpfile() is
declared.
2007-08-31 Werner Koch <wk@g10code.com>
* gpgparsemail.c: Support PGP/MIME signed messages.
* gpgconf-comp.c (gc_component_list_components): List the programs
names.
2007-08-29 Werner Koch <wk@g10code.com>
* gpgconf.c: New command --check-programs.
* gpgconf-comp.c (gc_component_check_programs): New.
(gc_backend): Add member MODULE_NAME and add these module names.
(retrieve_options_from_program): Use module name so that we use an
absolute file name and don't rely on $PATH.
(collect_error_output): New.
* no-libgcrypt.c (gcry_control): New.
2007-08-28 Werner Koch <wk@g10code.com>
* gpgconf-comp.c <gpg-agent>: Add options --max-passphrase-days
and --enable-passphrase-history.
2007-08-27 Werner Koch <wk@g10code.com>
* gpg-check-pattern.c: New
* Makefile.am (libexec_PROGRAMS): Add unless DISABLE_REGEX.
2007-08-24 Werner Koch <wk@g10code.com>
* gpgconf-comp.c <gpg-agent>: Add options --check-passphrase-pattern,
--min-passphrase-nonalpha and --enforce-passphrase-constraints and
move them into a new "passphrase policy" group.
(gc_component) [W32]: Enable dirmngr.
2007-08-21 Werner Koch <wk@g10code.com>
* gpgkey2ssh.c (key_to_blob): Use gnupg_tmpfile().
2007-08-02 Werner Koch <wk@g10code.com>
* gpgconf-comp.c: Factor the public GC_OPT_FLAG constants out and
include gc-opt-flags.h.
2007-07-17 Werner Koch <wk@g10code.com>
* gpgconf-comp.c: Add --encrypt-to and --default-key to gpg and
gpgsm.
2007-07-16 Marcus Brinkmann <marcus@g10code.de>
* gpg-connect-agent.c (main): Bail out if write fails.
2007-07-05 Marcus Brinkmann <marcus@g10code.de>
* symcryptrun.c (confucius_get_pass): Define orig_codeset if
[ENABLE_NLS], not [HAVE_LANGINFO_CODESET].
2007-06-26 Werner Koch <wk@g10code.com>
* gpgconf-comp.c (key_matches_user_or_group) [W32]: Implement user
name matching.
(GPGNAME): New. Use it instead of "gpg".
(gc_component) [W32]: Disable dirmngr for now.
(gc_component_retrieve_options): Ignore components without options.
(gc_component_change_options): Ditto.
(gc_component_list_options): Ditto.
(gc_component_find, gc_component_list_components): Ditto.
2007-06-19 Werner Koch <wk@g10code.com>
* gpgconf-comp.c (percent_escape): Rename to my_percent_escape.
Changed all callers.
2007-06-18 Marcus Brinkmann <marcus@g10code.de>
* gpgconf-comp.c (retrieve_options_from_file): Close LIST_FILE.
(copy_file): In error case, save/restore errno. Close SRC and DST.
(gc_component_change_options): Catch error from unlink(). Remove
target backup file before rename().
2007-06-15 Marcus Brinkmann <marcus@g10code.de>
* gpgconf-comp.c (copy_file) [HAVE_W32_SYSTEM]: New function.
(change_options_file, change_options_program) [HAVE_W32_SYSTEM]:
Copy backup file.
(gc_component_change_options) [HAVE_W32_SYSTEM]: Non-atomic replace.
(gc_process_gpgconf_conf): Rename fname to fname_arg and
fname_buffer to fname, initialize fname with fname_arg, discarding
const qualifier.
2007-06-15 Werner Koch <wk@g10code.com>
* Makefile.am (symcryptrun_LDADD): It is LIBICONV and not LIBINCONV.
(gpgconf_LDADD, symcryptrun_LDADD): Add W32SOCKLIBS.
2007-06-14 Werner Koch <wk@g10code.com>
* symcryptrun.c (main): Setup default socket name for
simple-pwquery.
(MAP_SPWQ_ERROR_IMPL): New. Use it for all spwq error returns.
2007-06-12 Werner Koch <wk@g10code.com>
* gpgconf-comp.c (gc_process_gpgconf_conf): Replace
GNUPG_SYSCONFDIR by a function call.
* gpg-connect-agent.c (main): Replace some calls by
init_common_subsystems.
* gpgconf.c (main): Ditto.
* symcryptrun.c (main): Ditto.
2007-06-11 Werner Koch <wk@g10code.com>
* symcryptrun.c (main) [W32]: Call pth_init.
* gpgconf.c (main) [W32]: Call pth_init
* gpg-connect-agent.c (main) [W32]: Call pth_init.
2007-06-06 Werner Koch <wk@g10code.com>
* Makefile.am (bin_PROGRAMS) [W32]: Do not build gpgparsemail.
* gpgconf-comp.c [W32]: Do not include pwd.h and grp.h.
(key_matches_user_or_group) [W32]: For now always return false.
* symcryptrun.c (i18n_init): Remove.
* gpgconf.c (i18n_init): Remove.
* gpg-connect-agent.c (i18n_init): Remove.
2007-05-19 Marcus Brinkmann <marcus@g10code.de>
* symcryptrun.c (confucius_get_pass): Free ORIG_CODESET on error.
2007-05-08 Werner Koch <wk@g10code.com>
* sockprox.c: New. It needs to be build manually. By Moritz
Schulte.
2007-04-20 Werner Koch <wk@g10code.com>
* symcryptrun.c (my_gcry_logger): Removed.
(main): Call setup_libgcrypt_logging.
2007-04-03 Werner Koch <wk@g10code.com>
* gpgconf-comp.c: Allow changing of --allow-mark-trusted.
* gpg-connect-agent.c (main): New option --decode and commands
decode and undecode.
(read_and_print_response): Implement option.
2007-03-20 Werner Koch <wk@g10code.com>
* gpgconf-comp.c (gc_options_gpgsm): Add p12-charset.
2007-03-07 Werner Koch <wk@g10code.com>
* applygnupgdefaults: New.
* Makefile.am (sbin_SCRIPTS): Add it
2007-03-06 Werner Koch <wk@g10code.com>
* gpgconf-comp.c: Include pwd.h and grp.h.
(GC_OPT_FLAG_NO_CHANGE): New.
(gc_component_change_options): Implement it.
(gc_options_gpg_agent): Add options for all ttl values and
min-passphrase-length. Apply new flag to some of them.
(gc_process_gpgconf_conf, key_matches_user_or_group): New.
(gc_component_change_options): Factor some code out to ..
(change_one_value): .. new.
(gc_component_retrieve_options): Allow -1 for COMPONENT to iterate
over al components.
* gpgconf.c (main): New commands --check-config and
--apply-defaults. Call gc_process_gpgconf_conf.
2007-01-31 Werner Koch <wk@g10code.com>
* Makefile.am (symcryptrun_LDADD): Add LIBICONV.
(gpgkey2ssh_LDADD): Ditto.
2006-12-13 David Shaw <dshaw@jabberwocky.com>
* Makefile.am (gpgsplit_LDADD): Link to LIBINTL if we're using the
built-in code.
2006-12-07 David Shaw <dshaw@jabberwocky.com>
* Makefile.am: Link to iconv for jnlib dependency.
2006-11-23 Werner Koch <wk@g10code.com>
* Makefile.am (gpg_connect_agent_LDADD): Add NETLIBS.
2006-11-21 Werner Koch <wk@g10code.com>
* gpgconf-comp.c (list_one_option): Cast print size_t arg.
2006-11-17 Werner Koch <wk@g10code.com>
* gpgconf-comp.c: Made disable-keypad a basic option.
2006-11-03 Werner Koch <wk@g10code.com>
* symcryptrun.c: Include signal.h and include pth.h only if test
asserts that it exists.
2006-10-23 Werner Koch <wk@g10code.com>
* gpgconf-comp.c <gpgsm>: Add --cipher-algo.
2006-10-20 Werner Koch <wk@g10code.com>
* gpgsm-gencert.sh: Enhanced the main menu.
2006-10-12 Werner Koch <wk@g10code.com>
* Makefile.am (gpg-zip, gpgsplit): Do not install due to a
conflict with gpg1.
2006-10-11 Werner Koch <wk@g10code.com>
* gpgsm-gencert.sh: Allow generation of card keys.
2006-10-08 Werner Koch <wk@g10code.com>
* Makefile.am (gpgkey2ssh_LDADD): Add LIBINTL. Suggested by
Andreas Metzler.
2006-09-22 Werner Koch <wk@g10code.com>
* no-libgcrypt.c: Changed license to a simple all permissive one.
2006-09-20 Werner Koch <wk@g10code.com>
* Makefile.am: Changes to allow parallel make runs.
2006-09-12 Werner Koch <wk@g10code.com>
Replaced all call gpg_error_from_errno(errno) by
gpg_error_from_syserror().
* gpg-connect-agent.c (read_and_print_response): With verbosity
level 2 also print comment lines.
2006-09-06 Werner Koch <wk@g10code.com>
* gpg-connect-agent.c: Switch everything to new Assuan error code
style.
* no-libgcrypt.c (out_of_core): Reanmed to ...
(out_of_memory): .. this to avoid name clash with util.h.
2006-08-21 Werner Koch <wk@g10code.com>
* gpgsplit.c: New. Taken from 1.4. Adjusted to GnuPG2.
* Makefile.am (noinst_PROGRAMS): New.
2006-06-09 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (gpgconf_LDADD): Add $(GPG_ERROR_LIBS).
(gpgkey2ssh_LDADD): Add ../jnlib/libjnlib.a.
2006-05-23 Werner Koch <wk@g10code.com>
* gpgparsemail.c: Include config.h if available
(stpcpy): Conditional include it.
* gpgconf-comp.c (hextobyte): Removed as it is now availble in
jnlib.
2005-12-20 Werner Koch <wk@g10code.com>
* gpgconf-comp.c (gc_options_gpg): Add allow-pka-lookup.
2005-12-14 Werner Koch <wk@g10code.com>
* Makefile.am (bin_PROGRAMS): Build gpgparsemail.
* gpgparsemail.c (pkcs7_begin): New.
(parse_message, message_cb): Add support of direct pkcs signatures.
2005-10-19 Werner Koch <wk@g10code.com>
* gpgconf-comp.c (gc_options_scdaemon): New option --disable-keypad.
2005-09-22 Werner Koch <wk@g10code.com>
* rfc822parse.c (parse_field): Tread Content-Disposition special.
2005-10-08 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (watchgnupg_LDADD): New variable.
* Makefile.am (gpgconf_LDADD): Add ../gl/libgnu.a after
../common/libcommon.a.
(symcryptrun_LDADD, gpg_connect_agent_LDADD, gpgkey2ssh_LDADD):
Likewise.
2005-09-29 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (AM_CFLAGS): Add $(LIBGCRYPT_CFLAGS).
2005-09-06 Werner Koch <wk@g10code.com>
* rfc822parse.c, rfc822parse.h: Changed license to LGPL.
2005-08-01 Werner Koch <wk@g10code.com>
* gpgsm-gencert.sh: Allow entering a keygrip to generate a CSR from
an existing key.
2005-07-21 Werner Koch <wk@g10code.com>
* gpgsm-gencert.sh: Reworked to allow for multiple email addresses
as well as DNsanmes and URi. Present the parameter file before
creating the certificate.
2005-07-04 Marcus Brinkmann <marcus@g10code.de>
* symcryptrun.c (SYMC_BAD_PASSPHRASE, SYMC_CANCELED): New symbols,
use instead constants.
(hash_string): New function copied from simple-gettext.c.
(confucius_get_pass): Take new argument CACHEID.
(confucius_process): Calculate cacheid and pass it to
confucius_get_pass. Clear passphrase from cache if necessary.
2005-06-16 Werner Koch <wk@g10code.com>
* gpg-connect-agent.c (read_and_print_response): Made LINELEN a
size_t.
2005-06-04 Marcus Brinkmann <marcus@g10code.de>
* symcryptrun.c (main): Allow any number of arguments, don't use
first argument as input file name. Pass extra arguments to
confucius_main.
(confucius_main): Accept new arguments argc and argv and pass them
to confucius_process.
(confucius_process): Accept new arguments argc and argv and pass
them to the confucius process.
2005-06-01 Werner Koch <wk@g10code.com>
* symcryptrun.c: Include mkdtemp.h.
2005-05-31 Werner Koch <wk@g10code.com>
* watchgnupg.c: Make sure that PF_LCOAL and AF_LOCAL are defines.
Noted by Ray Link.
2005-05-28 Moritz Schulte <moritz@g10code.com>
* gpgkey2ssh.c: New file.
* Makefile.am (bin_PROGRAMS): Added gpgkey2ssh.
2005-05-20 Werner Koch <wk@g10code.com>
* gpg-connect-agent.c (add_definq, show_definq, clear_definq)
(handle_inquire): New.
(read_and_print_response): Handle INQUIRE command.
(main): Implement control commands.
2005-04-21 Werner Koch <wk@g10code.com>
* symcryptrun.c (main): Optionally allow the input file as command
line argument.
* gpgconf-comp.c: Add gpgsm option disable-trusted-cert-crl-check.
2005-04-20 Werner Koch <wk@g10code.com>
* gpgconf-comp.c: Add gpg-agent:disable-scdaemon.
2005-04-19 Marcus Brinkmann <marcus@g10code.de>
* symcryptrun.c: Add --input option.
2005-04-15 Marcus Brinkmann <marcus@g10code.de>
* symcryptrun.c (TEMP_FAILURE_RETRY): Define if not defined.
* symcryptrun.c (remove_file): New function.
(confucius_copy_file): Accept new argument PLAIN and shred the
file if it is set on error.
* Makefile.am: Define symcryptrun make variable depending on
BUILD_SYMCRYPTUN.
(bin_PROGRAMS): Add ${symcryptrun} instead symcryptrun.
(symcryptrun_LDADD): Use $(LIBUTIL_LIBS) instead of -lutil.
2005-04-11 Werner Koch <wk@g10code.com>
* symcryptrun.c (confucius_mktmpdir): Changed to use mkdtmp(3).
2005-04-11 Marcus Brinkmann <marcus@g10code.de>
* symcryptrun.c: Implement config file parsing.
* Makefile.am (bin_PROGRAMS): Add symcryptrun.
(symcryptrun_SOURCES, symcryptrun_LDADD): New variables.
* symcryptrun.c: New file.
2005-03-31 Werner Koch <wk@g10code.com>
* gpg-connect-agent.c (start_agent): Use PATHSEP_C instead of ':'.
2005-03-09 Werner Koch <wk@g10code.com>
* gpgconf-comp.c <dirmngr>: Add honor-http-proxy.
2005-02-25 Werner Koch <wk@g10code.com>
* no-libgcrypt.c (gcry_strdup): New.
2005-02-24 Werner Koch <wk@g10code.com>
* gpg-connect-agent.c: New.
* Makefile.am: Add it.
2004-12-21 Werner Koch <wk@g10code.com>
* gpgconf-comp.c (get_config_pathname) [DOSISH]: Detect absolute
pathnames with a drive letter.
2004-12-15 Werner Koch <wk@g10code.com>
* Makefile.am (bin_PROGRAMS) [W32]: Do not build watchgnupg.
* gpgconf-comp.c (gpg_agent_runtime_change) [W32]: No way yet to
send a signal. Disable.
(change_options_file, change_options_program) [W32]: No link(2),
so we disable it.
(gc_component_change_options): Use rename instead of link.
2004-12-13 Werner Koch <wk@g10code.com>
* gpgconf-comp.c <ignore-ocsp-service-url>: Fixed typo.
2004-11-24 Werner Koch <wk@g10code.com>
* gpgconf-comp.c <dirmngr>: Add --ignore-http-dp, --ignore-ldap-dp
and --ignore-ocsp-service-url.
2004-11-23 Werner Koch <wk@g10code.com>
* gpgconf-comp.c <dirmngr>: Add the proxy options.
<gpgsm>: Add --prefer-system-daemon.
2004-11-11 Werner Koch <wk@g10code.com>
* watchgnupg.c (main): Fixed test for read error.
2004-10-22 Werner Koch <wk@g10code.com>
* Makefile.am (bin_SCRIPTS): Add gpgsm-gencert.sh
* gpgsm-gencert.sh: Fixed copyright; its part of GnuPG thus FSF.
2004-10-01 Werner Koch <wk@g10code.com>
* gpgconf-comp.c: Made all strings for --log-file read the same.
2004-10-01 Werner Koch <wk@g10code.com>
* gpgconf-comp.c (my_dgettext): Also switch codeset and directory
for the other used domains (i.e. dirmngr).
* gpgconf.c (main): Fixed translation markers.
2004-09-30 Werner Koch <wk@g10code.com>
* gpgconf.c (i18n_init): Always use LC_ALL.
* Makefile.am: Adjusted for gettext 0.14.
2004-09-29 Werner Koch <wk@g10code.com>
* gpgconf-comp.c: Made the entries fro GROUPs translatable.
Include i18n.h.
(my_dgettext): Hack to use the gnupg2 domain.
2004-08-09 Moritz Schulte <moritz@g10code.com>
* gpgsm-gencert.sh: New file.
2004-06-16 Werner Koch <wk@gnupg.org>
* rfc822parse.c (rfc822parse_get_field): Add arg VALUEOFF.
2004-06-14 Werner Koch <wk@gnupg.org>
* no-libgcrypt.c (gcry_realloc, gcry_xmalloc, gcry_xcalloc): New.
* gpgconf-comp.c (retrieve_options_from_program)
(retrieve_options_from_file, change_options_file)
(change_options_program, gc_component_change_options): Replaced
getline by read_line and test for allocation failure.
2004-05-21 Marcus Brinkmann <marcus@g10code.de>
* gpgconf-comp.c (gc_options_dirmngr): Remove CRL group, put its
only option "max-replies" into LDAP group.
(gc_component): Change description of dirmngr to "Directory
Manager".
* gpgconf-comp.c (gc_component_change_options): Move the
per-process backup file into a standard location.
2004-05-03 Werner Koch <wk@gnupg.org>
* gpgconf-comp.c: Add --allow-mark-trusted for the gpg-agent.
2004-04-30 Werner Koch <wk@gnupg.org>
* gpgconf-comp.c: Added more runtime flags for the gpg-agent
backend.
2004-04-29 Marcus Brinkmann <marcus@g10code.de>
* gpgconf-comp.c (change_options_program): Turn on utf8-strings in
the gpgconf specific part of the config file for the GnuPG
backend.
2004-04-28 Werner Koch <wk@gnupg.org>
* gpgconf-comp.c: Add --ocsp-signer for the dirmngr backend.
2004-04-20 Marcus Brinkmann <marcus@g10code.de>
* gpgconf-comp.c (gc_options_gpg_agent): Change type of
ignore-cache-for-signing option to GC_ARG_TYPE_NONE.
2004-04-07 Werner Koch <wk@gnupg.org>
* gpgconf-comp.c (my_dgettext): Switch the codeset once to utf-8.
Allow building with out NLS.
2004-03-23 Marcus Brinkmann <marcus@g10code.de>
* gpgconf-comp.c (gc_options_dirmngr): Set GC_OPT_FLAG_ARG_OPT for
"LDAP Server".
(change_options_file): Remove assertion that tests that this flag
is not present. Handle an empty string in OPTION->new_value.
* gpgconf.c (main): Remove obsolete warning.
2004-03-23 Werner Koch <wk@gnupg.org>
* gpgconf-comp.c (gc_options_gpg): New.
(gc_component_t, gc_component): Add GC_BACKEND_GPG.
(gc_options_dirmngr): Add allow-ocsp.
2004-03-23 Marcus Brinkmann <marcus@g10code.de>
* gpgconf-comp.c (gc_flag): Add missing flags.
* gpgconf-comp.c: Include <signal.h>.
(gc_backend): Add new member runtime_change.
(gpg_agent_runtime_change): New function.
(gc_component_change_options): New variable runtime. Initialize
it. If an option is changed that has the GC_OPT_FLAG_RUNTIME bit
set, also set the corresponding runtime variable. Finally, call
the runtime_change callback of the backend if needed.
2004-03-16 Werner Koch <wk@gnupg.org>
* gpgconf-comp.c (gc_options_gpg_agent): Implemented.
(gc_options_gpgsm, gc_options_scdaemon): Implemented.
(gc_backend_t): Add GC_BACKEND_SCDAEMON.
2004-03-12 Marcus Brinkmann <marcus@g10code.de>
* gpgconf-comp.c (gc_component_change_options): Set the filenames
of the option's backend, not of the component.
Also use GC_BACKEND_NR, not GC_COMPONENT_NR.
2004-03-09 Werner Koch <wk@gnupg.org>
* gpgconf-comp.c [_riscos_]: Removed special code for RISC OS; we
don't want to clutter our code with system dependent stuff.
2004-03-08 Marcus Brinkmann <marcus@g10code.de>
* gpgconf-comp.c (retrieve_options_from_file): Quote each string
in the list, not only the first.
2004-02-26 Marcus Brinkmann <marcus@g10code.de>
* gpgconf-comp.c (gc_component_list_options): Do not print empty
groups.
* gpgconf-comp.c (option_check_validity): Check if option is
active.
(change_options_file): Implement.
* gpgconf-comp.c (retrieve_options_from_program): Remove broken
string handling.
* gpgconf-comp.c (change_options_program): Support all types of
options, including list types.
* README.gpgconf: Fix description of arguments.
* gpgconf-comp.c (option_check_validity): Rewritten to properly
support optional arguments in lists.
* README.gpgconf: Add info about optional arg and arg type 0.
* gpgconf-comp.c (gc_component_change_options): Parse list of
arg type 0 options.
(option_check_validity): Add new argument NEW_VALUE_NR. Perform
rigorous validity checks.
(change_options_program): Disable an option also if we have a new
value for it.
2004-02-25 Marcus Brinkmann <marcus@g10code.de>
* gpgconf-comp.c (gc_component_list_options): Correct output for
lists of arg type none.
(struct gc_option): Add new member new_flags.
(option_check_validity): Check OPTION->new_flags beside
OPTION->new_value. Add new argument FLAGS.
(gc_component_change_options): Support default flag correctly.
(change_options_program): Likewise.
2004-02-24 Marcus Brinkmann <marcus@g10code.de>
* README.gpgconf: Revert last change. Add new flags "default",
"default desc" and "no arg desc". Add new field ARGDEF. Add new
field FLAG to backend interface.
* gpgconf-comp.c (struct gc_option): Make flags of type unsigned
long.
(gc_component_list_options): Adjust type for flags.
Add default argument field.
(retrieve_options_from_program): Use "1" as value for non-option
arguments, not "Y".
(gc_component_change_options): Read in flags from input.
2004-02-23 Marcus Brinkmann <marcus@g10code.de>
* README.gpgconf: Change meaning of type 0 options value if it is
the empty string or "0".
* gpgconf.h (struct): Add member runtime.
* gpgconf.c: Add new option oRuntime.
(main): Same here.
* gpgconf-comp.c (hextobyte): New function.
(percent_deescape): New function.
(get_config_pathname): Percent deescape pathname if taken from
option (default) value. Use default value only if it exists and
is not empty. Use empty string otherwise. Don't include leading
quote in pathname.
(change_options_program): Percent deescape string before writing
it out.
* gpgconf-comp.c (gc_component_list_options): Do not skip groups
on output.
2004-02-18 Werner Koch <wk@gnupg.org>
* gpgconf-comp.c: Added empty components for gpgsm and scdaemon.
2004-02-12 Werner Koch <wk@gnupg.org>
* watchgnupg.c (main): Implement option "--".
(print_version): New.
* Makefile.am: Include cmacros.am for common flags.
2004-02-03 Werner Koch <wk@gnupg.org>
* addgnupghome: Try to use getent, so that it also works for NIS
setups.
2004-01-31 Marcus Brinkmann <marcus@g10code.de>
* gpgconf-comp.c: Some bug fixes, parse only defaults from the
program, and read the current values from the configuration file
directly.
2004-01-30 Marcus Brinkmann <marcus@g10code.de>
* gpgconf-comp.c (gc_error): New function, use it instead of
error() throughout.
* gpgconf-comp.c: Use xmalloc, libcommon's asctimestamp and
gnupg_get_time, fix error() invocation and use getline()
consistently.
2004-01-30 Werner Koch <wk@gnupg.org>
* addgnupghome: Also set the group of copied files.
2004-01-30 Werner Koch <wk@gnupg.org>
* Makefile.am (sbin_SCRIPTS): New, to install addgnupghome.
(EXTRA_DIST): Added rfc822parse.c rfc822parse.h gpgparsemail.c
which might be useful for debugging.
2004-01-29 Werner Koch <wk@gnupg.org>
* addgnupghome: New.
2004-01-29 Marcus Brinkmann <marcus@g10code.de>
* gpgconf-list.c: File removed.
* README.gpgconf: New file.
* gpgconf-comp.c: New file.
* Makefile.am (gpgconf_SOURCES): Remove gpgconf-list.c, add
gpgconf-comp.c.
2004-01-16 Werner Koch <wk@gnupg.org>
* watchgnupg.c (main): Need to use FD_ISSET for the client
descriptors too; aiiih. Set the listening socket to non-blocking.
2004-01-10 Werner Koch <wk@gnupg.org>
* Makefile.am: Use GPG_ERROR_CFLAGS
2004-01-05 Werner Koch <wk@gnupg.org>
* Manifest: New.
* gpgconf.c, gpgconf.h, gpgconf-list.c: New. A skeleton for now.
* no-libgcrypt.c: New.
* Makefile.am: Add above.
2003-12-23 Werner Koch <wk@gnupg.org>
* Makefile.am: New.
* watchgnupg.c: New.
Copyright 2003, 2004, 2005, 2006, 2007, 2008,
2009 Free Software Foundation, Inc.
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
modifications, as long as this notice is preserved.
This file is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/tools/no-libgcrypt.c b/tools/no-libgcrypt.c
index 3428e57ee..4cfedcc59 100644
--- a/tools/no-libgcrypt.c
+++ b/tools/no-libgcrypt.c
@@ -1,141 +1,144 @@
/* no-libgcrypt.c - Replacement functions for libgcrypt.
* Copyright (C) 2003 Free Software Foundation, Inc.
*
* This file is free software; as a special exception the author gives
* unlimited permission to copy and/or distribute it, with or without
* modifications, as long as this notice is preserved.
*
* This file is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY, to the extent permitted by law; without even
* the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
* PURPOSE.
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include "../common/util.h"
#include "i18n.h"
/* Replace libgcrypt's malloc functions which are used by
../jnlib/libjnlib.a . ../common/util.h defines macros to map them
to xmalloc etc. */
static void
out_of_memory (void)
{
log_fatal (_("error allocating enough memory: %s\n"), strerror (errno));
}
void *
gcry_malloc (size_t n)
{
return malloc (n);
}
void *
gcry_malloc_secure (size_t n)
{
return malloc (n);
}
void *
gcry_xmalloc (size_t n)
{
void *p = malloc (n);
if (!p)
out_of_memory ();
return p;
}
char *
gcry_strdup (const char *string)
{
- return malloc (strlen (string)+1);
+ char *p = malloc (strlen (string)+1);
+ if (p)
+ strcpy (p, string);
+ return p;
}
void *
gcry_realloc (void *a, size_t n)
{
return realloc (a, n);
}
void *
gcry_xrealloc (void *a, size_t n)
{
void *p = realloc (a, n);
if (!p)
out_of_memory ();
return p;
}
void *
gcry_calloc (size_t n, size_t m)
{
return calloc (n, m);
}
void *
gcry_xcalloc (size_t n, size_t m)
{
void *p = calloc (n, m);
if (!p)
out_of_memory ();
return p;
}
char *
gcry_xstrdup (const char *string)
{
void *p = malloc (strlen (string)+1);
if (!p)
out_of_memory ();
strcpy( p, string );
return p;
}
void
gcry_free (void *a)
{
if (a)
free (a);
}
/* We need this dummy because exechelp.c uses gcry_control to
terminate the secure memeory. */
gcry_error_t
gcry_control (enum gcry_ctl_cmds cmd, ...)
{
(void)cmd;
return 0;
}
void
gcry_set_outofcore_handler (gcry_handler_no_mem_t h, void *opaque)
{
(void)h;
(void)opaque;
}
void
gcry_set_fatalerror_handler (gcry_handler_error_t fnc, void *opaque)
{
(void)fnc;
(void)opaque;
}
void
gcry_set_log_handler (gcry_handler_log_t f, void *opaque)
{
(void)f;
(void)opaque;
}

File Metadata

Mime Type
text/x-diff
Expires
Mon, Dec 23, 4:11 PM (19 h, 36 m)
Storage Engine
local-disk
Storage Format
Raw Data
Storage Handle
05/70/270af9fbb4816c5ea41176b5ba45

Event Timeline