Sisyphus repository
Last update: 1 october 2023 | SRPMs: 18631 | Visits: 37048074
en ru br
ALT Linux repos
S:1.4.23-alt4
5.0: 1.4.9-alt1
4.1: 1.4.9-alt1
4.0: 1.4.9-alt1.M40.1
3.0: 1.4.1-alt1
+updates:1.4.5-alt0.M30.0

Group :: File tools
RPM: gnupg

 Main   Changelog   Spec   Patches   Sources   Download   Gear   Bugs and FR  Repocop 

Patch: gnupg-1.4.23-alt4.patch
Download


 Makefile.am              |   4 +-
 cipher/Makefile.am       |   1 +
 cipher/Makefile.in       |   4 +-
 cipher/algorithms.h      |   9 ++++
 cipher/md.c              |  12 ++++-
 cipher/rsa.c             |  49 ++++++++++++++++---
 cipher/sha1dc.c          | 124 +++++++++++++++++++++++++++++++++++++++++++++++
 configure.ac             |  12 +++--
 doc/gpg.texi             |   4 ++
 g10/gpg.c                |   7 +++
 g10/keyid.c              |  18 +++----
 g10/main.h               |   2 +-
 g10/options.h            |  11 ++---
 g10/options.skel         |  37 +++++---------
 g10/sign.c               |   2 +-
 include/cipher.h         |  11 +++--
 include/iobuf.h          |  10 ++--
 include/memory.h         |  10 ++--
 include/mpi.h            |  10 ++--
 keyserver/gpgkeys_curl.c |   2 +
 keyserver/gpgkeys_hkp.c  |   2 +
 keyserver/gpgkeys_ldap.c |   6 +--
 po/ru.po                 |   4 +-
 tools/bftest.c           |   1 +
 tools/mpicalc.c          |   1 +
 util/logger.c            |  11 ++---
 util/miscutil.c          |   4 +-
 util/strgutil.c          |  26 ++++++++++
 28 files changed, 303 insertions(+), 91 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 44adf6a..5b1913f 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -37,14 +37,14 @@ else
 bzlib =
 endif
 
-SUBDIRS = m4 intl zlib ${bzlib} util mpi cipher tools \
+SUBDIRS = m4 ${bzlib} util mpi cipher tools \
           g10 keyserver po doc ${checks}
 
 EXTRA_DIST = scripts/config.rpath PROJECTS BUGS config.h.in	\
              autogen.sh ChangeLog-2011 po/ChangeLog-2011	\
              util/ChangeLog-2011 scripts/ChangeLog-2011		\
              doc/ChangeLog-2011 tools/ChangeLog-2011		\
-             zlib/ChangeLog-2011 m4/ChangeLog-2011		\
+             m4/ChangeLog-2011		\
              include/ChangeLog-2011 g10/ChangeLog-2011		\
              checks/ChangeLog-2011 cipher/ChangeLog-2011	\
              intl/ChangeLog-2011 keyserver/ChangeLog-2011	\
diff --git a/cipher/Makefile.am b/cipher/Makefile.am
index bd79fbc..3fa7476 100644
--- a/cipher/Makefile.am
+++ b/cipher/Makefile.am
@@ -53,6 +53,7 @@ libcipher_a_SOURCES = cipher.c	\
 		 md5.c     	\
 		 rmd160.c  	\
 		 sha1.c         \
+		 sha1dc.c       \
 		 sha256.c
 
 if USE_RNDLINUX
diff --git a/cipher/Makefile.in b/cipher/Makefile.in
index 476eb2d..6af58f4 100644
--- a/cipher/Makefile.in
+++ b/cipher/Makefile.in
@@ -149,7 +149,7 @@ am__libcipher_a_SOURCES_DIST = cipher.c pubkey.c md.c dynload.c \
 	elgamal.h rsa.c rsa.h primegen.c random.h random.c \
 	rand-internal.h rmd.h dsa.h dsa.c smallprime.c algorithms.h \
 	md5.c rmd160.c sha1.c sha256.c rndlinux.c rndunix.c rndegd.c \
-	rndw32.c sha512.c
+	rndw32.c sha512.c sha1dc.c
 @USE_RNDLINUX_TRUE@am__objects_1 = rndlinux.$(OBJEXT)
 @USE_RNDUNIX_TRUE@am__objects_2 = rndunix.$(OBJEXT)
 @USE_RNDEGD_TRUE@am__objects_3 = rndegd.$(OBJEXT)
@@ -408,7 +408,7 @@ libcipher_a_SOURCES = cipher.c pubkey.c md.c dynload.c bithelp.h des.c \
 	twofish.c blowfish.c cast5.c rijndael.c camellia.c camellia.h \
 	camellia-glue.c idea.c elgamal.c elgamal.h rsa.c rsa.h \
 	primegen.c random.h random.c rand-internal.h rmd.h dsa.h dsa.c \
-	smallprime.c algorithms.h md5.c rmd160.c sha1.c sha256.c \
+	smallprime.c algorithms.h md5.c rmd160.c sha1.c sha256.c sha1dc.c \
 	$(am__append_2) $(am__append_3) $(am__append_4) \
 	$(am__append_5) $(am__append_6)
 all: all-am
diff --git a/cipher/algorithms.h b/cipher/algorithms.h
index 9deefb4..da74107 100644
--- a/cipher/algorithms.h
+++ b/cipher/algorithms.h
@@ -49,6 +49,15 @@ sha1_get_info (int algo, size_t *contextsize,
 	       byte *(**r_read)( void *c )
                );
 
+const char *
+sha1dc_get_info (int algo, size_t *contextsize,
+                 byte **r_asnoid, int *r_asnlen, int *r_mdlen,
+                 void (**r_init)( void *c ),
+                 void (**r_write)( void *c, byte *buf, size_t nbytes ),
+                 void (**r_final)( void *c ),
+                 byte *(**r_read)( void *c )
+                 );
+
 const char *
 sha224_get_info (int algo, size_t *contextsize,
 		 byte **r_asnoid, int *r_asnlen, int *r_mdlen,
diff --git a/cipher/md.c b/cipher/md.c
index ab36d17..ff65d1d 100644
--- a/cipher/md.c
+++ b/cipher/md.c
@@ -113,6 +113,9 @@ load_digest_module (void)
     BUG ();
   if (!new_list_item (DIGEST_ALGO_SHA1, sha1_get_info))
     BUG ();
+  /* Intended as transparent replacement of sha1. */
+  if (!new_list_item (DIGEST_ALGO_SHA1DC, sha1dc_get_info))
+    BUG ();
 
   return 1;
 }
@@ -211,10 +214,14 @@ void
 md_enable( MD_HANDLE h, int algo )
 {
     struct md_digest_list_s *r, *ac;
+    const int algo0 = algo;
 
     for( ac=h->list; ac; ac = ac->next )
 	if( ac->algo == algo )
 	    return ; /* already enabled */
+    /* Replace sha1 with sha1dc for non-secure payloads. */
+    if (algo == DIGEST_ALGO_SHA1 && !h->secure)
+	algo = DIGEST_ALGO_SHA1DC;
     /* find the algorithm */
     do {
 	for(r = digest_list; r; r = r->next )
@@ -231,6 +238,9 @@ md_enable( MD_HANDLE h, int algo )
 		  : xmalloc( sizeof *ac + r->contextsize
 					       - sizeof(r->context) );
     *ac = *r;
+    /* Revert to requested algo id (for sha1dc -> sha1), because
+     * it will be searched by that id in the helpers. */
+    ac->algo = algo0;
     ac->next = h->list;
     h->list = ac;
     /* and init this instance */
@@ -495,7 +505,7 @@ void
 md_start_debug( MD_HANDLE md, const char *suffix )
 {
     static int idx=0;
-    char buf[25];
+    char buf[20 + sizeof(idx) * 3];
 
     if( md->debug ) {
 	log_debug("Oops: md debug already started\n");
diff --git a/cipher/rsa.c b/cipher/rsa.c
index b3ecd3b..0ff9e37 100644
--- a/cipher/rsa.c
+++ b/cipher/rsa.c
@@ -193,19 +193,54 @@ generate( RSA_secret_key *sk, unsigned nbits )
 
 
 /****************
- * Test wether the secret key is valid.
- * Returns: true if this is a valid key.
+ * Test whether the secret key is valid.
+ * Returns: nonzero if this is a valid key.
  */
 static int
 check_secret_key( RSA_secret_key *sk )
 {
-    int rc;
-    MPI temp = mpi_alloc( mpi_get_nlimbs(sk->p)*2 );
-
+    int rc = 0;
+    MPI temp    = mpi_alloc_secure ( mpi_get_nlimbs(sk->p) + mpi_get_nlimbs(sk->q) );
+    MPI p_1     = mpi_copy (sk->p); /* (p-1) */
+    MPI q_1     = mpi_copy (sk->p); /* (q-1) */
+    MPI p_1_q_1 = mpi_alloc_secure ( mpi_get_nlimbs(sk->p) + mpi_get_nlimbs(sk->q) ); /* (p-1)(q-1) */
+
+    /* Calculate (p-1)(q-1). */
+    mpi_sub_ui(p_1, p_1, 1);
+    mpi_sub_ui(q_1, q_1, 1);
+    mpi_mul(p_1_q_1, p_1, q_1);
+
+    /* Check pq = n. */
     mpi_mul(temp, sk->p, sk->q );
-    rc = mpi_cmp( temp, sk->n );
+    if( 0 != mpi_cmp(temp, sk->n ) )
+	goto end;
+
+    /* Check gcd(e, (p-1)(q-1)) = 1. */
+    if( ! mpi_gcd(temp, sk->e, p_1_q_1) )
+	goto end;
+
+    /* Check de == 1 (mod (p-1)) and (mod (q-1)), i.e. d = e^-1. */
+    mpi_mulm(temp, sk->d, sk->e, p_1);
+    if( 0 != mpi_cmp_ui(temp, 1))
+	goto end;
+    mpi_mulm(temp, sk->d, sk->e, q_1);
+    if( 0 != mpi_cmp_ui(temp, 1))
+	goto end;
+
+    /* Check up == 1 (mod q). */
+    mpi_mulm(temp, sk->u, sk->p, sk->q);
+    if( 0 != mpi_cmp_ui(temp, 1))
+	goto end;
+
+    /* Success.  Fall through to deallocation code. */
+    rc = 1;
+
+ end:
     mpi_free(temp);
-    return !rc;
+    mpi_free(p_1);
+    mpi_free(q_1);
+    mpi_free(p_1_q_1);
+    return rc;
 }
 
 
diff --git a/cipher/sha1dc.c b/cipher/sha1dc.c
new file mode 100644
index 0000000..4f08095
--- /dev/null
+++ b/cipher/sha1dc.c
@@ -0,0 +1,124 @@
+/* sha1dc.c - SHA1DC hash function
+ *	Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
+ *      Copyright (C) 2021 Vitaly Chikunov <vt@altlinux.org>.
+ *      Based on sha1.c
+ *
+ * Please see below for more legal information!
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <sha1dc/sha1.h>
+#include "util.h"
+#include "memory.h"
+#include "algorithms.h"
+#include "bithelp.h"
+
+typedef struct {
+    SHA1_CTX ctx;
+    byte buf[20];
+} SHA1DC_CONTEXT;
+
+
+void
+sha1dc_init( SHA1DC_CONTEXT *hd )
+{
+    /* Security options are enabled by default. */
+    SHA1DCInit(&hd->ctx);
+}
+
+
+/* Update the message digest with the contents
+ * of INBUF with length INLEN.
+ */
+static void
+sha1dc_write( SHA1DC_CONTEXT *hd, byte *inbuf, size_t inlen)
+{
+
+    SHA1DCUpdate(&hd->ctx, inbuf, inlen);
+}
+
+
+/* The routine final terminates the computation and
+ * returns the digest.
+ * Returns: 20 bytes representing the digest.
+ */
+
+static void
+sha1dc_final(SHA1DC_CONTEXT *hd)
+{
+    SHA1DCFinal(hd->buf, &hd->ctx);
+}
+
+static byte *
+sha1dc_read( SHA1DC_CONTEXT *hd )
+{
+    return hd->buf;
+}
+
+
+/****************
+ * Shortcut functions which puts the hash value of the supplied buffer
+ * into outbuf which must have a size of 20 bytes.
+ */
+void
+sha1dc_hash_buffer (char *outbuf, const char *buffer, size_t length)
+{
+  SHA1DC_CONTEXT hd;
+
+  sha1dc_init (&hd);
+  sha1dc_write (&hd, (byte*)buffer, length);
+  sha1dc_final (&hd);
+  memcpy (outbuf, hd.buf, 20);
+}
+
+
+/****************
+ * Return some information about the algorithm.  We need algo here to
+ * distinguish different flavors of the algorithm.
+ * Returns: A pointer to string describing the algorithm or NULL if
+ *	    the ALGO is invalid.
+ */
+const char *
+sha1dc_get_info( int algo, size_t *contextsize,
+                 byte **r_asnoid, int *r_asnlen, int *r_mdlen,
+                 void (**r_init)( void *c ),
+                 void (**r_write)( void *c, byte *buf, size_t nbytes ),
+                 void (**r_final)( void *c ),
+                 byte *(**r_read)( void *c )
+               )
+{
+    static byte asn[15] = /* Object ID is 1.3.14.3.2.26 */
+		    { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03,
+		      0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 };
+
+    *contextsize = sizeof(SHA1DC_CONTEXT);
+    *r_asnoid = asn;
+    *r_asnlen = DIM(asn);
+    *r_mdlen = 20;
+    *(void  (**)(SHA1DC_CONTEXT *))r_init                 = sha1dc_init;
+    *(void  (**)(SHA1DC_CONTEXT *, byte*, size_t))r_write = sha1dc_write;
+    *(void  (**)(SHA1DC_CONTEXT *))r_final                = sha1dc_final;
+    *(byte *(**)(SHA1DC_CONTEXT *))r_read                 = sha1dc_read;
+
+    return "SHA1DC";
+}
diff --git a/configure.ac b/configure.ac
index b92440c..afe6397 100644
--- a/configure.ac
+++ b/configure.ac
@@ -863,7 +863,7 @@ dnl Checks for libraries.
 AM_PO_SUBDIRS
 AM_GNU_GETTEXT_VERSION([0.19.3])
 if test "$try_gettext" = yes; then
-  AM_GNU_GETTEXT(,[need-ngettext])
+  AM_GNU_GETTEXT(,[need-ngettext],[external])
   # gettext requires some extra checks.  These really should be part of
   # the basic AM_GNU_GETTEXT macro.  TODO: move other gettext-specific
   # function checks to here.
@@ -1037,6 +1037,13 @@ AC_CHECK_TYPES([struct sigaction, sigset_t],,,[#include <signal.h>])
 
 AC_CHECK_FUNC(getopt,,AC_CHECK_LIB(iberty,getopt,AC_SUBST(GETOPT,"-liberty")))
 
+AC_CHECK_HEADERS([sha1dc/sha1.h])
+AC_CHECK_LIB(sha1detectcoll, SHA1DCInit)
+if test -z "$ac_cv_header_sha1dc_sha1_h" ||
+   test -z "$ac_cv_lib_sha1detectcoll_SHA1DCInit"; then
+   AC_MSG_ERROR(libsha1detectcoll-devel is not available)
+fi
+
 #
 # check for gethrtime and run a testprogram to see whether
 # it is broken.  It has been reported that some Solaris and HP UX systems
@@ -1466,7 +1473,6 @@ fi
 AC_CONFIG_FILES([
 Makefile
 m4/Makefile
-intl/Makefile
 po/Makefile.in
 util/Makefile
 mpi/Makefile
@@ -1478,8 +1484,6 @@ keyserver/gpgkeys_test
 doc/Makefile
 tools/Makefile
 tools/gpg-zip
-zlib/Makefile
-bzlib/Makefile
 checks/Makefile
 ])
 AC_OUTPUT
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 42658c9..0cbb62f 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1253,6 +1253,10 @@ Valid values for @code{name} are:
   @opindex display-charset:koi8-r
   The usual Russian set (rfc1489).
 
+  @item cp1251
+  @opindex display-charset:cp1251
+  The cp1251 aka windows-1251 Cyrillic set.
+
   @item utf-8
   @opindex display-charset:utf-8
   Bypass all translations and assume
diff --git a/g10/gpg.c b/g10/gpg.c
index 416d44e..71ebcb6 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -1721,6 +1721,13 @@ reopen_std(void)
 
   if(did_stdin==2 || did_stdout==2 || did_stderr==2)
     exit(3);
+
+  gid_t gid = getgid();
+  if(getegid() != gid && setgid(gid))
+    {
+      fprintf(complain,"gpg: fatal: failed to reset gid: %s\n", strerror(errno));
+      exit(3);
+    }
 #endif /* HAVE_STAT && !HAVE_W32_SYSTEM */
 }
 
diff --git a/g10/keyid.c b/g10/keyid.c
index a86ac94..fafc2f7 100644
--- a/g10/keyid.c
+++ b/g10/keyid.c
@@ -449,7 +449,7 @@ nbits_from_sk( PKT_secret_key *sk )
 }
 
 static const char *
-mk_datestr (char *buffer, time_t atime)
+mk_datestr (char *buffer, size_t bufsize, time_t atime)
 {
     struct tm *tp;
 
@@ -457,7 +457,7 @@ mk_datestr (char *buffer, time_t atime)
       strcpy (buffer, "????" "-??" "-??"); /* Mark this as invalid.  */
     else {
         tp = gmtime (&atime);
-        sprintf (buffer,"%04d-%02d-%02d",
+        snprintf (buffer, bufsize, "%04d-%02d-%02d",
                  1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday );
     }
     return buffer;
@@ -474,7 +474,7 @@ datestr_from_pk( PKT_public_key *pk )
     static char buffer[11+5];
     time_t atime = pk->timestamp;
 
-    return mk_datestr (buffer, atime);
+    return mk_datestr (buffer, sizeof(buffer), atime);
 }
 
 const char *
@@ -483,7 +483,7 @@ datestr_from_sk( PKT_secret_key *sk )
     static char buffer[11+5];
     time_t atime = sk->timestamp;
 
-    return mk_datestr (buffer, atime);
+    return mk_datestr (buffer, sizeof(buffer), atime);
 }
 
 const char *
@@ -492,7 +492,7 @@ datestr_from_sig( PKT_signature *sig )
     static char buffer[11+5];
     time_t atime = sig->timestamp;
 
-    return mk_datestr (buffer, atime);
+    return mk_datestr (buffer, sizeof(buffer), atime);
 }
 
 const char *
@@ -504,7 +504,7 @@ expirestr_from_pk( PKT_public_key *pk )
     if( !pk->expiredate )
 	return _("never     ");
     atime = pk->expiredate;
-    return mk_datestr (buffer, atime);
+    return mk_datestr (buffer, sizeof(buffer), atime);
 }
 
 const char *
@@ -516,7 +516,7 @@ expirestr_from_sk( PKT_secret_key *sk )
     if( !sk->expiredate )
 	return _("never     ");
     atime = sk->expiredate;
-    return mk_datestr (buffer, atime);
+    return mk_datestr (buffer, sizeof(buffer), atime);
 }
 
 const char *
@@ -528,7 +528,7 @@ expirestr_from_sig( PKT_signature *sig )
     if(!sig->expiredate)
       return _("never     ");
     atime=sig->expiredate;
-    return mk_datestr (buffer, atime);
+    return mk_datestr (buffer, sizeof(buffer), atime);
 }
 
 const char *
@@ -540,7 +540,7 @@ revokestr_from_pk( PKT_public_key *pk )
     if(!pk->revoked.date)
       return _("never     ");
     atime=pk->revoked.date;
-    return mk_datestr (buffer, atime);
+    return mk_datestr (buffer, sizeof(buffer), atime);
 }
 
 
diff --git a/g10/main.h b/g10/main.h
index a0b96f9..92e07c9 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -38,7 +38,7 @@
 # define DEFAULT_CIPHER_ALGO     CIPHER_ALGO_3DES
 #endif
 
-#define DEFAULT_DIGEST_ALGO     DIGEST_ALGO_SHA1
+#define DEFAULT_DIGEST_ALGO     ((GNUPG)? DIGEST_ALGO_SHA256:DIGEST_ALGO_SHA1)
 #define DEFAULT_COMPRESS_ALGO   COMPRESS_ALGO_ZIP
 #define DEFAULT_S2K_DIGEST_ALGO DIGEST_ALGO_SHA1
 
diff --git a/g10/options.h b/g10/options.h
index 0ac6e77..687772f 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -26,12 +26,11 @@
 #include "packet.h"
 
 #ifndef EXTERN_UNLESS_MAIN_MODULE
-/* Norcraft can't cope with common symbols */
-#if defined (__riscos__) && !defined (INCLUDED_BY_MAIN_MODULE)
-#define EXTERN_UNLESS_MAIN_MODULE extern
-#else
-#define EXTERN_UNLESS_MAIN_MODULE
-#endif
+# if !defined (INCLUDED_BY_MAIN_MODULE)
+#  define EXTERN_UNLESS_MAIN_MODULE extern
+# else
+#  define EXTERN_UNLESS_MAIN_MODULE
+# endif
 #endif
 
 EXTERN_UNLESS_MAIN_MODULE
diff --git a/g10/options.skel b/g10/options.skel
index 21bd09b..9f31507 100644
--- a/g10/options.skel
+++ b/g10/options.skel
@@ -23,20 +23,17 @@
 #
 # See the man page for a list of options.
 
-# Uncomment the following option to get rid of the copyright notice
-
-#no-greeting
+# Comment out the following option to reenable the copyright notice.
+no-greeting
 
 # If you have more than 1 secret key in your keyring, you may want to
 # uncomment the following option and set your preferred keyid.
-
 #default-key 621CC013
 
 # If you do not pass a recipient to gpg, it will ask for one.  Using
 # this option you can encrypt to a default key.  Key validation will
 # not be done in this case.  The second form uses the default key as
 # default recipient.
-
 #default-recipient some-user-id
 #default-recipient-self
 
@@ -45,20 +42,17 @@
 # mail client that does not automatically encrypt mail to your key.
 # In the example, this option allows you to read your local copy of
 # encrypted mail that you've sent to others.
-
 #encrypt-to some-key-id
 
 # By default GnuPG creates version 4 signatures for data files as
 # specified by OpenPGP.  Some earlier (PGP 6, PGP 7) versions of PGP
 # require the older version 3 signatures.  Setting this option forces
 # GnuPG to create version 3 signatures.
-
 #force-v3-sigs
 
 # Because some mailers change lines starting with "From " to ">From "
 # it is good to handle such lines in a special way when creating
 # cleartext signatures; all other PGP versions do it this way too.
-
 #no-escape-from-lines
 
 # If you do not use the Latin-1 (ISO-8859-1) charset, you should tell
@@ -68,7 +62,6 @@
 # translation.  Note that future version of GnuPG will change to UTF-8
 # as default character set.  In most cases this option is not required
 # as GnuPG is able to figure out the correct charset at runtime.
-
 #charset utf-8
 
 # Group names may be defined like this:
@@ -80,13 +73,11 @@
 # cannot make an group that points to another group.  Note also that
 # if there are spaces in the recipient name, this will appear as two
 # recipients.  In these cases it is better to use the key ID.
-
 #group mynames = paige 0x12345678 joe patti
 
 # Lock the file only once for the lifetime of a process.  If you do
 # not define this, the lock will be obtained and released every time
 # it is needed, which is usually preferable.
-
 #lock-once
 
 # GnuPG can send and receive keys to and from a keyserver.  These
@@ -115,7 +106,6 @@
 # such a "server", which spreads the load over a number of physical
 # servers.  To see the IP address of the server actually used, you may use
 # the "--keyserver-options debug".
-
 keyserver hkp://keys.gnupg.net
 #keyserver mailto:pgp-public-keys@keys.nl.pgp.net
 #keyserver ldap://keyserver.pgp.com
@@ -150,17 +140,14 @@ keyserver hkp://keys.gnupg.net
 #
 # no-include-attributes : do not include attribute IDs (aka "photo IDs")
 #                         when sending keys to the keyserver.
-
 #keyserver-options auto-key-retrieve
 
 # Display photo user IDs in key listings
-
-# list-options show-photos
+#list-options show-photos
 
 # Display photo user IDs when a signature from a key with a photo is
 # verified
-
-# verify-options show-photos
+#verify-options show-photos
 
 # Use this program to display photo user IDs
 #
@@ -183,14 +170,14 @@ keyserver hkp://keys.gnupg.net
 # to use your regular JPEG image viewer.
 #
 # Some other viewers:
-# photo-viewer "qiv %i"
-# photo-viewer "ee %i"
+#photo-viewer "qiv %i"
+#photo-viewer "ee %i"
 #
 # This one saves a copy of the photo ID in your home directory:
-# photo-viewer "cat > ~/photoid-for-key-%k.%t"
+#photo-viewer "cat > ~/photoid-for-key-%k.%t"
 #
 # Use your MIME handler to view photos:
-# photo-viewer "metamail -q -d -b -c %T -s 'KeyID 0x%k' -f GnuPG"
+#photo-viewer "metamail -q -d -b -c %T -s 'KeyID 0x%k' -f GnuPG"
 
 # Passphrase agent
 #
@@ -198,9 +185,8 @@ keyserver hkp://keys.gnupg.net
 # the new Assuan based one (currently available in the "newpg" package
 # at ftp.gnupg.org/gcrypt/alpha/aegypten/).  To make use of the agent,
 # you have to run an agent as daemon and use the option
-#
-# use-agent
-# 
+#use-agent
+
 # which tries to use the agent but will fallback to the regular mode
 # if there is a problem connecting to the agent.  The normal way to
 # locate the agent is by looking at the environment variable
@@ -237,3 +223,6 @@ keyserver hkp://keys.gnupg.net
 #
 # Try CERT, then PKA, then LDAP, then hkp://subkeys.net:
 #auto-key-locate cert pka ldap hkp://subkeys.pgp.net
+
+# Comment out the next line to reenable the warning about "using insecure memory".
+no-secmem-warning
diff --git a/g10/sign.c b/g10/sign.c
index ed8ac73..a02baf6 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -1412,7 +1412,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
 	else if(sk->pubkey_algo==PUBKEY_ALGO_DSA)
 	  digest_algo = match_dsa_hash(mpi_get_nbits(sk->skey[1])/8);
 	else
-	  digest_algo = DIGEST_ALGO_SHA1;
+	  digest_algo = DEFAULT_DIGEST_ALGO;
       }
 
     md = md_open( digest_algo, 0 );
diff --git a/include/cipher.h b/include/cipher.h
index dd4af18..c289af8 100644
--- a/include/cipher.h
+++ b/include/cipher.h
@@ -68,6 +68,7 @@
 #define DIGEST_ALGO_SHA384    9
 #define DIGEST_ALGO_SHA512   10
 #define DIGEST_ALGO_SHA224   11
+#define DIGEST_ALGO_SHA1DC   112    /* private */
 
 #define COMPRESS_ALGO_NONE   0
 #define COMPRESS_ALGO_ZIP    1
@@ -115,11 +116,11 @@ struct gcry_md_context {
 typedef struct gcry_md_context *MD_HANDLE;
 
 #ifndef EXTERN_UNLESS_MAIN_MODULE
-#if defined (__riscos__) && !defined (INCLUDED_BY_MAIN_MODULE)
-#define EXTERN_UNLESS_MAIN_MODULE extern
-#else
-#define EXTERN_UNLESS_MAIN_MODULE
-#endif
+# if !defined (INCLUDED_BY_MAIN_MODULE)
+#  define EXTERN_UNLESS_MAIN_MODULE extern
+# else
+#  define EXTERN_UNLESS_MAIN_MODULE
+# endif
 #endif
 EXTERN_UNLESS_MAIN_MODULE int g10c_debug_mode;
 EXTERN_UNLESS_MAIN_MODULE int g10_opt_verbose;
diff --git a/include/iobuf.h b/include/iobuf.h
index 030f8c8..71b9bd3 100644
--- a/include/iobuf.h
+++ b/include/iobuf.h
@@ -70,11 +70,11 @@ struct iobuf_struct {
 };
 
 #ifndef EXTERN_UNLESS_MAIN_MODULE
-#if defined (__riscos__) && !defined (INCLUDED_BY_MAIN_MODULE)
-#define EXTERN_UNLESS_MAIN_MODULE extern
-#else
-#define EXTERN_UNLESS_MAIN_MODULE 
-#endif
+# if !defined (INCLUDED_BY_MAIN_MODULE)
+#  define EXTERN_UNLESS_MAIN_MODULE extern
+# else
+#  define EXTERN_UNLESS_MAIN_MODULE
+# endif
 #endif
 EXTERN_UNLESS_MAIN_MODULE int iobuf_debug_mode;
 
diff --git a/include/memory.h b/include/memory.h
index d414a9b..870fe38 100644
--- a/include/memory.h
+++ b/include/memory.h
@@ -91,11 +91,11 @@ unsigned secmem_get_flags(void);
 #define DBG_MEMSTAT   memory_stat_debug_mode
 
 #ifndef EXTERN_UNLESS_MAIN_MODULE
-#if defined (__riscos__) && !defined (INCLUDED_BY_MAIN_MODULE)
-#define EXTERN_UNLESS_MAIN_MODULE extern
-#else
-#define EXTERN_UNLESS_MAIN_MODULE 
-#endif
+# if !defined (INCLUDED_BY_MAIN_MODULE)
+#  define EXTERN_UNLESS_MAIN_MODULE extern
+# else
+#  define EXTERN_UNLESS_MAIN_MODULE
+# endif
 #endif
 EXTERN_UNLESS_MAIN_MODULE int memory_debug_mode;
 EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
diff --git a/include/mpi.h b/include/mpi.h
index a4c16f5..50a5baf 100644
--- a/include/mpi.h
+++ b/include/mpi.h
@@ -36,11 +36,11 @@
 #include "memory.h"
 
 #ifndef EXTERN_UNLESS_MAIN_MODULE
-#if defined (__riscos__) && !defined (INCLUDED_BY_MAIN_MODULE)
-#define EXTERN_UNLESS_MAIN_MODULE extern
-#else
-#define EXTERN_UNLESS_MAIN_MODULE 
-#endif
+# if !defined (INCLUDED_BY_MAIN_MODULE)
+#  define EXTERN_UNLESS_MAIN_MODULE extern
+# else
+#  define EXTERN_UNLESS_MAIN_MODULE
+# endif
 #endif
 
 #define DBG_MPI     mpi_debug_mode
diff --git a/keyserver/gpgkeys_curl.c b/keyserver/gpgkeys_curl.c
index 55aee68..39bc108 100644
--- a/keyserver/gpgkeys_curl.c
+++ b/keyserver/gpgkeys_curl.c
@@ -37,6 +37,7 @@
 #ifdef HAVE_GETOPT_H
 #include <getopt.h>
 #endif
+#define INCLUDED_BY_MAIN_MODULE 1
 #ifdef HAVE_LIBCURL
 #include <curl/curl.h>
 #else
@@ -45,6 +46,7 @@
 #include "compat.h"
 #include "keyserver.h"
 #include "ksutil.h"
+#include "util.h"
 
 extern char *optarg;
 extern int optind;
diff --git a/keyserver/gpgkeys_hkp.c b/keyserver/gpgkeys_hkp.c
index f45958e..6b262ab 100644
--- a/keyserver/gpgkeys_hkp.c
+++ b/keyserver/gpgkeys_hkp.c
@@ -38,6 +38,7 @@
 #ifdef HAVE_GETOPT_H
 # include <getopt.h>
 #endif
+#define INCLUDED_BY_MAIN_MODULE 1
 #ifdef HAVE_LIBCURL
 # include <curl/curl.h>
 /* This #define rigamarole is to enable a hack to fake DNS SRV using
@@ -63,6 +64,7 @@
 #include "compat.h"
 #include "keyserver.h"
 #include "ksutil.h"
+#include "util.h"
 
 extern char *optarg;
 extern int optind;
diff --git a/keyserver/gpgkeys_ldap.c b/keyserver/gpgkeys_ldap.c
index 3541957..23129e9 100644
--- a/keyserver/gpgkeys_ldap.c
+++ b/keyserver/gpgkeys_ldap.c
@@ -58,13 +58,11 @@
 #include <ldap_ssl.h>
 #endif
 
+#define INCLUDED_BY_MAIN_MODULE 1
 #include "compat.h"
 #include "keyserver.h"
 #include "ksutil.h"
-
-#ifdef __riscos__
 #include "util.h"
-#endif
 
 #if HAVE_W32_SYSTEM
 # if !defined(__MINGW64_VERSION_MAJOR) || !defined(__MINGW32_MAJOR_VERSION)
@@ -233,7 +231,7 @@ epoch2ldaptime(time_t stamp)
 
   /* YYYYMMDDHHmmssZ */
 
-  sprintf(buf,"%04d%02d%02d%02d%02d%02dZ",
+  snprintf(buf, sizeof(buf), "%04d%02d%02d%02d%02d%02dZ",
 	  ldaptime->tm_year,
 	  ldaptime->tm_mon,
 	  ldaptime->tm_mday,
diff --git a/po/ru.po b/po/ru.po
index 2d5b2a4..f001b25 100644
--- a/po/ru.po
+++ b/po/ru.po
@@ -40,7 +40,7 @@ msgstr "невозможно заблокировать `%s': %s\n"
 #: cipher/random.c:430 cipher/random.c:609
 #, c-format
 msgid "waiting for lock on `%s'...\n"
-msgstr "ожидание блокировки `%s'\n"
+msgstr "ожидание блокировки `%s'...\n"
 
 #: cipher/random.c:473 g10/card-util.c:787 g10/dearmor.c:59 g10/dearmor.c:108
 #: g10/encode.c:182 g10/encode.c:472 g10/gpg.c:1028 g10/gpg.c:3615
@@ -5569,7 +5569,7 @@ msgstr "ВНИМАНИЕ: обнаружен слабый ключ - смени
 #: g10/seckey-cert.c:366
 msgid "generating the deprecated 16-bit checksum for secret key protection\n"
 msgstr ""
-"создание нерекомендуемой 16-битной контрольной суммы для защиты ключа\n"
+"создание не рекомендуемой 16-битной контрольной суммы для защиты ключа\n"
 
 #: g10/seskey.c:51
 msgid "weak key created - retrying\n"
diff --git a/tools/bftest.c b/tools/bftest.c
index 8a1572c..3c1d93b 100644
--- a/tools/bftest.c
+++ b/tools/bftest.c
@@ -26,6 +26,7 @@
 #include <fcntl.h>
 #endif
 
+#define INCLUDED_BY_MAIN_MODULE 1
 #include "util.h"
 #include "cipher.h"
 #include "i18n.h"
diff --git a/tools/mpicalc.c b/tools/mpicalc.c
index 46e5fc8..e75d4af 100644
--- a/tools/mpicalc.c
+++ b/tools/mpicalc.c
@@ -31,6 +31,7 @@
 #include <stdlib.h>
 #include <ctype.h>
 
+#define INCLUDED_BY_MAIN_MODULE 1
 #include "util.h"
 #include "mpi.h"
 #include "i18n.h"
diff --git a/util/logger.c b/util/logger.c
index d631611..7e488b0 100644
--- a/util/logger.c
+++ b/util/logger.c
@@ -109,6 +109,8 @@ log_get_errorcount( int clear)
 void
 log_inc_errorcount()
 {
+  /* Protect agains overflow.  */
+  if (errorcount < 30000)
     errorcount++;
 }
 
@@ -135,7 +137,7 @@ g10_log_print_prefix(const char *text)
     if (!logfp )
       {
         FILE *ttyfp_local;
-        
+
         init_ttyfp();
         ttyfp_local = ttyfp_is ();
         if (isatty (fileno (stderr)) && isatty (fileno (ttyfp_local)))
@@ -179,7 +181,7 @@ g10_log_warning( const char *fmt, ... )
 
     if(strict)
       {
-	errorcount++;
+	log_inc_errorcount ();
 	g10_log_print_prefix(_("ERROR: "));
       }
     else
@@ -203,7 +205,7 @@ g10_log_error( const char *fmt, ... )
     va_start( arg_ptr, fmt ) ;
     vfprintf(logfp,fmt,arg_ptr) ;
     va_end(arg_ptr);
-    errorcount++;
+    log_inc_errorcount ();
 #ifdef __riscos__
     fflush( logfp );
 #endif /* __riscos__ */
@@ -285,6 +287,3 @@ g10_log_hexdump( const char *text, const char *buf, size_t len )
     fflush( logfp );
 #endif /* __riscos__ */
 }
-
-
-
diff --git a/util/miscutil.c b/util/miscutil.c
index f0cbaca..fc90a46 100644
--- a/util/miscutil.c
+++ b/util/miscutil.c
@@ -134,7 +134,7 @@ strtimestamp( u32 stamp )
     }
     else {
         tp = gmtime( &atime );
-        sprintf(buffer,"%04d-%02d-%02d",
+        snprintf(buffer, sizeof buffer, "%04d-%02d-%02d",
                 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday );
     }
     return buffer;
@@ -156,7 +156,7 @@ isotimestamp (u32 stamp)
     }
     else {
         tp = gmtime( &atime );
-        sprintf(buffer,"%04d-%02d-%02d %02d:%02d:%02d",
+        snprintf(buffer, sizeof buffer, "%04d-%02d-%02d %02d:%02d:%02d",
                 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday,
                 tp->tm_hour, tp->tm_min, tp->tm_sec);
     }
diff --git a/util/strgutil.c b/util/strgutil.c
index 3d45405..5eef7b1 100644
--- a/util/strgutil.c
+++ b/util/strgutil.c
@@ -77,6 +77,25 @@ static ushort koi8_unicode[128] = {
     0x042c,0x042b,0x0417,0x0428,0x042d,0x0429,0x0427,0x042a
 };
 
+static ushort cp1251_unicode[128] = {
+    0x0402,0x0403,0x201a,0x0453,0x201e,0x2026,0x2020,0x2021,
+    0x20ac,0x2030,0x0409,0x2039,0x040a,0x040c,0x040b,0x040f,
+    0x0452,0x2018,0x2019,0x201c,0x201d,0x2022,0x2013,0x2014,
+    0xffff,0x2122,0x0459,0x203a,0x045a,0x045c,0x045b,0x045f,
+    0x00a0,0x040e,0x045e,0x0408,0x00a4,0x0490,0x00a6,0x00a7,
+    0x0401,0x00a9,0x0404,0x00ab,0x00ac,0x00ad,0x00ae,0x0407,
+    0x00b0,0x00b1,0x0406,0x0456,0x0491,0x00b5,0x00b6,0x00b7,
+    0x0451,0x2116,0x0454,0x00bb,0x0458,0x0405,0x0455,0x0457,
+    0x0410,0x0411,0x0412,0x0413,0x0414,0x0415,0x0416,0x0417,
+    0x0418,0x0419,0x041a,0x041b,0x041c,0x041d,0x041e,0x041f,
+    0x0420,0x0421,0x0422,0x0423,0x0424,0x0425,0x0426,0x0427,
+    0x0428,0x0429,0x042a,0x042b,0x042c,0x042d,0x042e,0x042f,
+    0x0430,0x0431,0x0432,0x0433,0x0434,0x0435,0x0436,0x0437,
+    0x0438,0x0439,0x043a,0x043b,0x043c,0x043d,0x043e,0x043f,
+    0x0440,0x0441,0x0442,0x0443,0x0444,0x0445,0x0446,0x0447,
+    0x0448,0x0449,0x044a,0x044b,0x044c,0x044d,0x044e,0x044f
+};
+
 static ushort latin2_unicode[128] = {
     0x0080,0x0081,0x0082,0x0083,0x0084,0x0085,0x0086,0x0087,
     0x0088,0x0089,0x008A,0x008B,0x008C,0x008D,0x008E,0x008F,
@@ -707,6 +726,13 @@ set_native_charset( const char *newset )
 	active_charset = koi8_unicode;
         use_iconv = 0;
     }
+    else if( !ascii_strcasecmp( newset, "cp1251" )
+        || !ascii_strcasecmp (newset, "windows-1251" ) ) {
+	active_charset_name = "cp1251";
+        no_translation = 0;
+	active_charset = cp1251_unicode;
+        use_iconv = 0;
+    }
     else
 	return G10ERR_GENERAL;
 #endif /*!USE_GNUPG_ICONV*/
 
design & coding: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
current maintainer: Michael Shigorin