ALT Linux repos
S: | 1.4.23-alt4 |
5.0: | 1.4.9-alt1 |
4.1: | 1.4.9-alt1 |
4.0: | 1.4.9-alt1.M40.1 |
3.0: | 1.4.1-alt1 |
+updates: | 1.4.5-alt0.M30.0 |
Group :: File tools
RPM: gnupg
Main Changelog Spec Patches Sources Download Gear Bugs and FR Repocop
Patch: gnupg-1.4.23-alt4.patch
Download
Download
Makefile.am | 4 +-
cipher/Makefile.am | 1 +
cipher/Makefile.in | 4 +-
cipher/algorithms.h | 9 ++++
cipher/md.c | 12 ++++-
cipher/rsa.c | 49 ++++++++++++++++---
cipher/sha1dc.c | 124 +++++++++++++++++++++++++++++++++++++++++++++++
configure.ac | 12 +++--
doc/gpg.texi | 4 ++
g10/gpg.c | 7 +++
g10/keyid.c | 18 +++----
g10/main.h | 2 +-
g10/options.h | 11 ++---
g10/options.skel | 37 +++++---------
g10/sign.c | 2 +-
include/cipher.h | 11 +++--
include/iobuf.h | 10 ++--
include/memory.h | 10 ++--
include/mpi.h | 10 ++--
keyserver/gpgkeys_curl.c | 2 +
keyserver/gpgkeys_hkp.c | 2 +
keyserver/gpgkeys_ldap.c | 6 +--
po/ru.po | 4 +-
tools/bftest.c | 1 +
tools/mpicalc.c | 1 +
util/logger.c | 11 ++---
util/miscutil.c | 4 +-
util/strgutil.c | 26 ++++++++++
28 files changed, 303 insertions(+), 91 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 44adf6a..5b1913f 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -37,14 +37,14 @@ else
bzlib =
endif
-SUBDIRS = m4 intl zlib ${bzlib} util mpi cipher tools \
+SUBDIRS = m4 ${bzlib} util mpi cipher tools \
g10 keyserver po doc ${checks}
EXTRA_DIST = scripts/config.rpath PROJECTS BUGS config.h.in \
autogen.sh ChangeLog-2011 po/ChangeLog-2011 \
util/ChangeLog-2011 scripts/ChangeLog-2011 \
doc/ChangeLog-2011 tools/ChangeLog-2011 \
- zlib/ChangeLog-2011 m4/ChangeLog-2011 \
+ m4/ChangeLog-2011 \
include/ChangeLog-2011 g10/ChangeLog-2011 \
checks/ChangeLog-2011 cipher/ChangeLog-2011 \
intl/ChangeLog-2011 keyserver/ChangeLog-2011 \
diff --git a/cipher/Makefile.am b/cipher/Makefile.am
index bd79fbc..3fa7476 100644
--- a/cipher/Makefile.am
+++ b/cipher/Makefile.am
@@ -53,6 +53,7 @@ libcipher_a_SOURCES = cipher.c \
md5.c \
rmd160.c \
sha1.c \
+ sha1dc.c \
sha256.c
if USE_RNDLINUX
diff --git a/cipher/Makefile.in b/cipher/Makefile.in
index 476eb2d..6af58f4 100644
--- a/cipher/Makefile.in
+++ b/cipher/Makefile.in
@@ -149,7 +149,7 @@ am__libcipher_a_SOURCES_DIST = cipher.c pubkey.c md.c dynload.c \
elgamal.h rsa.c rsa.h primegen.c random.h random.c \
rand-internal.h rmd.h dsa.h dsa.c smallprime.c algorithms.h \
md5.c rmd160.c sha1.c sha256.c rndlinux.c rndunix.c rndegd.c \
- rndw32.c sha512.c
+ rndw32.c sha512.c sha1dc.c
@USE_RNDLINUX_TRUE@am__objects_1 = rndlinux.$(OBJEXT)
@USE_RNDUNIX_TRUE@am__objects_2 = rndunix.$(OBJEXT)
@USE_RNDEGD_TRUE@am__objects_3 = rndegd.$(OBJEXT)
@@ -408,7 +408,7 @@ libcipher_a_SOURCES = cipher.c pubkey.c md.c dynload.c bithelp.h des.c \
twofish.c blowfish.c cast5.c rijndael.c camellia.c camellia.h \
camellia-glue.c idea.c elgamal.c elgamal.h rsa.c rsa.h \
primegen.c random.h random.c rand-internal.h rmd.h dsa.h dsa.c \
- smallprime.c algorithms.h md5.c rmd160.c sha1.c sha256.c \
+ smallprime.c algorithms.h md5.c rmd160.c sha1.c sha256.c sha1dc.c \
$(am__append_2) $(am__append_3) $(am__append_4) \
$(am__append_5) $(am__append_6)
all: all-am
diff --git a/cipher/algorithms.h b/cipher/algorithms.h
index 9deefb4..da74107 100644
--- a/cipher/algorithms.h
+++ b/cipher/algorithms.h
@@ -49,6 +49,15 @@ sha1_get_info (int algo, size_t *contextsize,
byte *(**r_read)( void *c )
);
+const char *
+sha1dc_get_info (int algo, size_t *contextsize,
+ byte **r_asnoid, int *r_asnlen, int *r_mdlen,
+ void (**r_init)( void *c ),
+ void (**r_write)( void *c, byte *buf, size_t nbytes ),
+ void (**r_final)( void *c ),
+ byte *(**r_read)( void *c )
+ );
+
const char *
sha224_get_info (int algo, size_t *contextsize,
byte **r_asnoid, int *r_asnlen, int *r_mdlen,
diff --git a/cipher/md.c b/cipher/md.c
index ab36d17..ff65d1d 100644
--- a/cipher/md.c
+++ b/cipher/md.c
@@ -113,6 +113,9 @@ load_digest_module (void)
BUG ();
if (!new_list_item (DIGEST_ALGO_SHA1, sha1_get_info))
BUG ();
+ /* Intended as transparent replacement of sha1. */
+ if (!new_list_item (DIGEST_ALGO_SHA1DC, sha1dc_get_info))
+ BUG ();
return 1;
}
@@ -211,10 +214,14 @@ void
md_enable( MD_HANDLE h, int algo )
{
struct md_digest_list_s *r, *ac;
+ const int algo0 = algo;
for( ac=h->list; ac; ac = ac->next )
if( ac->algo == algo )
return ; /* already enabled */
+ /* Replace sha1 with sha1dc for non-secure payloads. */
+ if (algo == DIGEST_ALGO_SHA1 && !h->secure)
+ algo = DIGEST_ALGO_SHA1DC;
/* find the algorithm */
do {
for(r = digest_list; r; r = r->next )
@@ -231,6 +238,9 @@ md_enable( MD_HANDLE h, int algo )
: xmalloc( sizeof *ac + r->contextsize
- sizeof(r->context) );
*ac = *r;
+ /* Revert to requested algo id (for sha1dc -> sha1), because
+ * it will be searched by that id in the helpers. */
+ ac->algo = algo0;
ac->next = h->list;
h->list = ac;
/* and init this instance */
@@ -495,7 +505,7 @@ void
md_start_debug( MD_HANDLE md, const char *suffix )
{
static int idx=0;
- char buf[25];
+ char buf[20 + sizeof(idx) * 3];
if( md->debug ) {
log_debug("Oops: md debug already started\n");
diff --git a/cipher/rsa.c b/cipher/rsa.c
index b3ecd3b..0ff9e37 100644
--- a/cipher/rsa.c
+++ b/cipher/rsa.c
@@ -193,19 +193,54 @@ generate( RSA_secret_key *sk, unsigned nbits )
/****************
- * Test wether the secret key is valid.
- * Returns: true if this is a valid key.
+ * Test whether the secret key is valid.
+ * Returns: nonzero if this is a valid key.
*/
static int
check_secret_key( RSA_secret_key *sk )
{
- int rc;
- MPI temp = mpi_alloc( mpi_get_nlimbs(sk->p)*2 );
-
+ int rc = 0;
+ MPI temp = mpi_alloc_secure ( mpi_get_nlimbs(sk->p) + mpi_get_nlimbs(sk->q) );
+ MPI p_1 = mpi_copy (sk->p); /* (p-1) */
+ MPI q_1 = mpi_copy (sk->p); /* (q-1) */
+ MPI p_1_q_1 = mpi_alloc_secure ( mpi_get_nlimbs(sk->p) + mpi_get_nlimbs(sk->q) ); /* (p-1)(q-1) */
+
+ /* Calculate (p-1)(q-1). */
+ mpi_sub_ui(p_1, p_1, 1);
+ mpi_sub_ui(q_1, q_1, 1);
+ mpi_mul(p_1_q_1, p_1, q_1);
+
+ /* Check pq = n. */
mpi_mul(temp, sk->p, sk->q );
- rc = mpi_cmp( temp, sk->n );
+ if( 0 != mpi_cmp(temp, sk->n ) )
+ goto end;
+
+ /* Check gcd(e, (p-1)(q-1)) = 1. */
+ if( ! mpi_gcd(temp, sk->e, p_1_q_1) )
+ goto end;
+
+ /* Check de == 1 (mod (p-1)) and (mod (q-1)), i.e. d = e^-1. */
+ mpi_mulm(temp, sk->d, sk->e, p_1);
+ if( 0 != mpi_cmp_ui(temp, 1))
+ goto end;
+ mpi_mulm(temp, sk->d, sk->e, q_1);
+ if( 0 != mpi_cmp_ui(temp, 1))
+ goto end;
+
+ /* Check up == 1 (mod q). */
+ mpi_mulm(temp, sk->u, sk->p, sk->q);
+ if( 0 != mpi_cmp_ui(temp, 1))
+ goto end;
+
+ /* Success. Fall through to deallocation code. */
+ rc = 1;
+
+ end:
mpi_free(temp);
- return !rc;
+ mpi_free(p_1);
+ mpi_free(q_1);
+ mpi_free(p_1_q_1);
+ return rc;
}
diff --git a/cipher/sha1dc.c b/cipher/sha1dc.c
new file mode 100644
index 0000000..4f08095
--- /dev/null
+++ b/cipher/sha1dc.c
@@ -0,0 +1,124 @@
+/* sha1dc.c - SHA1DC hash function
+ * Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
+ * Copyright (C) 2021 Vitaly Chikunov <vt@altlinux.org>.
+ * Based on sha1.c
+ *
+ * Please see below for more legal information!
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <sha1dc/sha1.h>
+#include "util.h"
+#include "memory.h"
+#include "algorithms.h"
+#include "bithelp.h"
+
+typedef struct {
+ SHA1_CTX ctx;
+ byte buf[20];
+} SHA1DC_CONTEXT;
+
+
+void
+sha1dc_init( SHA1DC_CONTEXT *hd )
+{
+ /* Security options are enabled by default. */
+ SHA1DCInit(&hd->ctx);
+}
+
+
+/* Update the message digest with the contents
+ * of INBUF with length INLEN.
+ */
+static void
+sha1dc_write( SHA1DC_CONTEXT *hd, byte *inbuf, size_t inlen)
+{
+
+ SHA1DCUpdate(&hd->ctx, inbuf, inlen);
+}
+
+
+/* The routine final terminates the computation and
+ * returns the digest.
+ * Returns: 20 bytes representing the digest.
+ */
+
+static void
+sha1dc_final(SHA1DC_CONTEXT *hd)
+{
+ SHA1DCFinal(hd->buf, &hd->ctx);
+}
+
+static byte *
+sha1dc_read( SHA1DC_CONTEXT *hd )
+{
+ return hd->buf;
+}
+
+
+/****************
+ * Shortcut functions which puts the hash value of the supplied buffer
+ * into outbuf which must have a size of 20 bytes.
+ */
+void
+sha1dc_hash_buffer (char *outbuf, const char *buffer, size_t length)
+{
+ SHA1DC_CONTEXT hd;
+
+ sha1dc_init (&hd);
+ sha1dc_write (&hd, (byte*)buffer, length);
+ sha1dc_final (&hd);
+ memcpy (outbuf, hd.buf, 20);
+}
+
+
+/****************
+ * Return some information about the algorithm. We need algo here to
+ * distinguish different flavors of the algorithm.
+ * Returns: A pointer to string describing the algorithm or NULL if
+ * the ALGO is invalid.
+ */
+const char *
+sha1dc_get_info( int algo, size_t *contextsize,
+ byte **r_asnoid, int *r_asnlen, int *r_mdlen,
+ void (**r_init)( void *c ),
+ void (**r_write)( void *c, byte *buf, size_t nbytes ),
+ void (**r_final)( void *c ),
+ byte *(**r_read)( void *c )
+ )
+{
+ static byte asn[15] = /* Object ID is 1.3.14.3.2.26 */
+ { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03,
+ 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 };
+
+ *contextsize = sizeof(SHA1DC_CONTEXT);
+ *r_asnoid = asn;
+ *r_asnlen = DIM(asn);
+ *r_mdlen = 20;
+ *(void (**)(SHA1DC_CONTEXT *))r_init = sha1dc_init;
+ *(void (**)(SHA1DC_CONTEXT *, byte*, size_t))r_write = sha1dc_write;
+ *(void (**)(SHA1DC_CONTEXT *))r_final = sha1dc_final;
+ *(byte *(**)(SHA1DC_CONTEXT *))r_read = sha1dc_read;
+
+ return "SHA1DC";
+}
diff --git a/configure.ac b/configure.ac
index b92440c..afe6397 100644
--- a/configure.ac
+++ b/configure.ac
@@ -863,7 +863,7 @@ dnl Checks for libraries.
AM_PO_SUBDIRS
AM_GNU_GETTEXT_VERSION([0.19.3])
if test "$try_gettext" = yes; then
- AM_GNU_GETTEXT(,[need-ngettext])
+ AM_GNU_GETTEXT(,[need-ngettext],[external])
# gettext requires some extra checks. These really should be part of
# the basic AM_GNU_GETTEXT macro. TODO: move other gettext-specific
# function checks to here.
@@ -1037,6 +1037,13 @@ AC_CHECK_TYPES([struct sigaction, sigset_t],,,[#include <signal.h>])
AC_CHECK_FUNC(getopt,,AC_CHECK_LIB(iberty,getopt,AC_SUBST(GETOPT,"-liberty")))
+AC_CHECK_HEADERS([sha1dc/sha1.h])
+AC_CHECK_LIB(sha1detectcoll, SHA1DCInit)
+if test -z "$ac_cv_header_sha1dc_sha1_h" ||
+ test -z "$ac_cv_lib_sha1detectcoll_SHA1DCInit"; then
+ AC_MSG_ERROR(libsha1detectcoll-devel is not available)
+fi
+
#
# check for gethrtime and run a testprogram to see whether
# it is broken. It has been reported that some Solaris and HP UX systems
@@ -1466,7 +1473,6 @@ fi
AC_CONFIG_FILES([
Makefile
m4/Makefile
-intl/Makefile
po/Makefile.in
util/Makefile
mpi/Makefile
@@ -1478,8 +1484,6 @@ keyserver/gpgkeys_test
doc/Makefile
tools/Makefile
tools/gpg-zip
-zlib/Makefile
-bzlib/Makefile
checks/Makefile
])
AC_OUTPUT
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 42658c9..0cbb62f 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1253,6 +1253,10 @@ Valid values for @code{name} are:
@opindex display-charset:koi8-r
The usual Russian set (rfc1489).
+ @item cp1251
+ @opindex display-charset:cp1251
+ The cp1251 aka windows-1251 Cyrillic set.
+
@item utf-8
@opindex display-charset:utf-8
Bypass all translations and assume
diff --git a/g10/gpg.c b/g10/gpg.c
index 416d44e..71ebcb6 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -1721,6 +1721,13 @@ reopen_std(void)
if(did_stdin==2 || did_stdout==2 || did_stderr==2)
exit(3);
+
+ gid_t gid = getgid();
+ if(getegid() != gid && setgid(gid))
+ {
+ fprintf(complain,"gpg: fatal: failed to reset gid: %s\n", strerror(errno));
+ exit(3);
+ }
#endif /* HAVE_STAT && !HAVE_W32_SYSTEM */
}
diff --git a/g10/keyid.c b/g10/keyid.c
index a86ac94..fafc2f7 100644
--- a/g10/keyid.c
+++ b/g10/keyid.c
@@ -449,7 +449,7 @@ nbits_from_sk( PKT_secret_key *sk )
}
static const char *
-mk_datestr (char *buffer, time_t atime)
+mk_datestr (char *buffer, size_t bufsize, time_t atime)
{
struct tm *tp;
@@ -457,7 +457,7 @@ mk_datestr (char *buffer, time_t atime)
strcpy (buffer, "????" "-??" "-??"); /* Mark this as invalid. */
else {
tp = gmtime (&atime);
- sprintf (buffer,"%04d-%02d-%02d",
+ snprintf (buffer, bufsize, "%04d-%02d-%02d",
1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday );
}
return buffer;
@@ -474,7 +474,7 @@ datestr_from_pk( PKT_public_key *pk )
static char buffer[11+5];
time_t atime = pk->timestamp;
- return mk_datestr (buffer, atime);
+ return mk_datestr (buffer, sizeof(buffer), atime);
}
const char *
@@ -483,7 +483,7 @@ datestr_from_sk( PKT_secret_key *sk )
static char buffer[11+5];
time_t atime = sk->timestamp;
- return mk_datestr (buffer, atime);
+ return mk_datestr (buffer, sizeof(buffer), atime);
}
const char *
@@ -492,7 +492,7 @@ datestr_from_sig( PKT_signature *sig )
static char buffer[11+5];
time_t atime = sig->timestamp;
- return mk_datestr (buffer, atime);
+ return mk_datestr (buffer, sizeof(buffer), atime);
}
const char *
@@ -504,7 +504,7 @@ expirestr_from_pk( PKT_public_key *pk )
if( !pk->expiredate )
return _("never ");
atime = pk->expiredate;
- return mk_datestr (buffer, atime);
+ return mk_datestr (buffer, sizeof(buffer), atime);
}
const char *
@@ -516,7 +516,7 @@ expirestr_from_sk( PKT_secret_key *sk )
if( !sk->expiredate )
return _("never ");
atime = sk->expiredate;
- return mk_datestr (buffer, atime);
+ return mk_datestr (buffer, sizeof(buffer), atime);
}
const char *
@@ -528,7 +528,7 @@ expirestr_from_sig( PKT_signature *sig )
if(!sig->expiredate)
return _("never ");
atime=sig->expiredate;
- return mk_datestr (buffer, atime);
+ return mk_datestr (buffer, sizeof(buffer), atime);
}
const char *
@@ -540,7 +540,7 @@ revokestr_from_pk( PKT_public_key *pk )
if(!pk->revoked.date)
return _("never ");
atime=pk->revoked.date;
- return mk_datestr (buffer, atime);
+ return mk_datestr (buffer, sizeof(buffer), atime);
}
diff --git a/g10/main.h b/g10/main.h
index a0b96f9..92e07c9 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -38,7 +38,7 @@
# define DEFAULT_CIPHER_ALGO CIPHER_ALGO_3DES
#endif
-#define DEFAULT_DIGEST_ALGO DIGEST_ALGO_SHA1
+#define DEFAULT_DIGEST_ALGO ((GNUPG)? DIGEST_ALGO_SHA256:DIGEST_ALGO_SHA1)
#define DEFAULT_COMPRESS_ALGO COMPRESS_ALGO_ZIP
#define DEFAULT_S2K_DIGEST_ALGO DIGEST_ALGO_SHA1
diff --git a/g10/options.h b/g10/options.h
index 0ac6e77..687772f 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -26,12 +26,11 @@
#include "packet.h"
#ifndef EXTERN_UNLESS_MAIN_MODULE
-/* Norcraft can't cope with common symbols */
-#if defined (__riscos__) && !defined (INCLUDED_BY_MAIN_MODULE)
-#define EXTERN_UNLESS_MAIN_MODULE extern
-#else
-#define EXTERN_UNLESS_MAIN_MODULE
-#endif
+# if !defined (INCLUDED_BY_MAIN_MODULE)
+# define EXTERN_UNLESS_MAIN_MODULE extern
+# else
+# define EXTERN_UNLESS_MAIN_MODULE
+# endif
#endif
EXTERN_UNLESS_MAIN_MODULE
diff --git a/g10/options.skel b/g10/options.skel
index 21bd09b..9f31507 100644
--- a/g10/options.skel
+++ b/g10/options.skel
@@ -23,20 +23,17 @@
#
# See the man page for a list of options.
-# Uncomment the following option to get rid of the copyright notice
-
-#no-greeting
+# Comment out the following option to reenable the copyright notice.
+no-greeting
# If you have more than 1 secret key in your keyring, you may want to
# uncomment the following option and set your preferred keyid.
-
#default-key 621CC013
# If you do not pass a recipient to gpg, it will ask for one. Using
# this option you can encrypt to a default key. Key validation will
# not be done in this case. The second form uses the default key as
# default recipient.
-
#default-recipient some-user-id
#default-recipient-self
@@ -45,20 +42,17 @@
# mail client that does not automatically encrypt mail to your key.
# In the example, this option allows you to read your local copy of
# encrypted mail that you've sent to others.
-
#encrypt-to some-key-id
# By default GnuPG creates version 4 signatures for data files as
# specified by OpenPGP. Some earlier (PGP 6, PGP 7) versions of PGP
# require the older version 3 signatures. Setting this option forces
# GnuPG to create version 3 signatures.
-
#force-v3-sigs
# Because some mailers change lines starting with "From " to ">From "
# it is good to handle such lines in a special way when creating
# cleartext signatures; all other PGP versions do it this way too.
-
#no-escape-from-lines
# If you do not use the Latin-1 (ISO-8859-1) charset, you should tell
@@ -68,7 +62,6 @@
# translation. Note that future version of GnuPG will change to UTF-8
# as default character set. In most cases this option is not required
# as GnuPG is able to figure out the correct charset at runtime.
-
#charset utf-8
# Group names may be defined like this:
@@ -80,13 +73,11 @@
# cannot make an group that points to another group. Note also that
# if there are spaces in the recipient name, this will appear as two
# recipients. In these cases it is better to use the key ID.
-
#group mynames = paige 0x12345678 joe patti
# Lock the file only once for the lifetime of a process. If you do
# not define this, the lock will be obtained and released every time
# it is needed, which is usually preferable.
-
#lock-once
# GnuPG can send and receive keys to and from a keyserver. These
@@ -115,7 +106,6 @@
# such a "server", which spreads the load over a number of physical
# servers. To see the IP address of the server actually used, you may use
# the "--keyserver-options debug".
-
keyserver hkp://keys.gnupg.net
#keyserver mailto:pgp-public-keys@keys.nl.pgp.net
#keyserver ldap://keyserver.pgp.com
@@ -150,17 +140,14 @@ keyserver hkp://keys.gnupg.net
#
# no-include-attributes : do not include attribute IDs (aka "photo IDs")
# when sending keys to the keyserver.
-
#keyserver-options auto-key-retrieve
# Display photo user IDs in key listings
-
-# list-options show-photos
+#list-options show-photos
# Display photo user IDs when a signature from a key with a photo is
# verified
-
-# verify-options show-photos
+#verify-options show-photos
# Use this program to display photo user IDs
#
@@ -183,14 +170,14 @@ keyserver hkp://keys.gnupg.net
# to use your regular JPEG image viewer.
#
# Some other viewers:
-# photo-viewer "qiv %i"
-# photo-viewer "ee %i"
+#photo-viewer "qiv %i"
+#photo-viewer "ee %i"
#
# This one saves a copy of the photo ID in your home directory:
-# photo-viewer "cat > ~/photoid-for-key-%k.%t"
+#photo-viewer "cat > ~/photoid-for-key-%k.%t"
#
# Use your MIME handler to view photos:
-# photo-viewer "metamail -q -d -b -c %T -s 'KeyID 0x%k' -f GnuPG"
+#photo-viewer "metamail -q -d -b -c %T -s 'KeyID 0x%k' -f GnuPG"
# Passphrase agent
#
@@ -198,9 +185,8 @@ keyserver hkp://keys.gnupg.net
# the new Assuan based one (currently available in the "newpg" package
# at ftp.gnupg.org/gcrypt/alpha/aegypten/). To make use of the agent,
# you have to run an agent as daemon and use the option
-#
-# use-agent
-#
+#use-agent
+
# which tries to use the agent but will fallback to the regular mode
# if there is a problem connecting to the agent. The normal way to
# locate the agent is by looking at the environment variable
@@ -237,3 +223,6 @@ keyserver hkp://keys.gnupg.net
#
# Try CERT, then PKA, then LDAP, then hkp://subkeys.net:
#auto-key-locate cert pka ldap hkp://subkeys.pgp.net
+
+# Comment out the next line to reenable the warning about "using insecure memory".
+no-secmem-warning
diff --git a/g10/sign.c b/g10/sign.c
index ed8ac73..a02baf6 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -1412,7 +1412,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
else if(sk->pubkey_algo==PUBKEY_ALGO_DSA)
digest_algo = match_dsa_hash(mpi_get_nbits(sk->skey[1])/8);
else
- digest_algo = DIGEST_ALGO_SHA1;
+ digest_algo = DEFAULT_DIGEST_ALGO;
}
md = md_open( digest_algo, 0 );
diff --git a/include/cipher.h b/include/cipher.h
index dd4af18..c289af8 100644
--- a/include/cipher.h
+++ b/include/cipher.h
@@ -68,6 +68,7 @@
#define DIGEST_ALGO_SHA384 9
#define DIGEST_ALGO_SHA512 10
#define DIGEST_ALGO_SHA224 11
+#define DIGEST_ALGO_SHA1DC 112 /* private */
#define COMPRESS_ALGO_NONE 0
#define COMPRESS_ALGO_ZIP 1
@@ -115,11 +116,11 @@ struct gcry_md_context {
typedef struct gcry_md_context *MD_HANDLE;
#ifndef EXTERN_UNLESS_MAIN_MODULE
-#if defined (__riscos__) && !defined (INCLUDED_BY_MAIN_MODULE)
-#define EXTERN_UNLESS_MAIN_MODULE extern
-#else
-#define EXTERN_UNLESS_MAIN_MODULE
-#endif
+# if !defined (INCLUDED_BY_MAIN_MODULE)
+# define EXTERN_UNLESS_MAIN_MODULE extern
+# else
+# define EXTERN_UNLESS_MAIN_MODULE
+# endif
#endif
EXTERN_UNLESS_MAIN_MODULE int g10c_debug_mode;
EXTERN_UNLESS_MAIN_MODULE int g10_opt_verbose;
diff --git a/include/iobuf.h b/include/iobuf.h
index 030f8c8..71b9bd3 100644
--- a/include/iobuf.h
+++ b/include/iobuf.h
@@ -70,11 +70,11 @@ struct iobuf_struct {
};
#ifndef EXTERN_UNLESS_MAIN_MODULE
-#if defined (__riscos__) && !defined (INCLUDED_BY_MAIN_MODULE)
-#define EXTERN_UNLESS_MAIN_MODULE extern
-#else
-#define EXTERN_UNLESS_MAIN_MODULE
-#endif
+# if !defined (INCLUDED_BY_MAIN_MODULE)
+# define EXTERN_UNLESS_MAIN_MODULE extern
+# else
+# define EXTERN_UNLESS_MAIN_MODULE
+# endif
#endif
EXTERN_UNLESS_MAIN_MODULE int iobuf_debug_mode;
diff --git a/include/memory.h b/include/memory.h
index d414a9b..870fe38 100644
--- a/include/memory.h
+++ b/include/memory.h
@@ -91,11 +91,11 @@ unsigned secmem_get_flags(void);
#define DBG_MEMSTAT memory_stat_debug_mode
#ifndef EXTERN_UNLESS_MAIN_MODULE
-#if defined (__riscos__) && !defined (INCLUDED_BY_MAIN_MODULE)
-#define EXTERN_UNLESS_MAIN_MODULE extern
-#else
-#define EXTERN_UNLESS_MAIN_MODULE
-#endif
+# if !defined (INCLUDED_BY_MAIN_MODULE)
+# define EXTERN_UNLESS_MAIN_MODULE extern
+# else
+# define EXTERN_UNLESS_MAIN_MODULE
+# endif
#endif
EXTERN_UNLESS_MAIN_MODULE int memory_debug_mode;
EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
diff --git a/include/mpi.h b/include/mpi.h
index a4c16f5..50a5baf 100644
--- a/include/mpi.h
+++ b/include/mpi.h
@@ -36,11 +36,11 @@
#include "memory.h"
#ifndef EXTERN_UNLESS_MAIN_MODULE
-#if defined (__riscos__) && !defined (INCLUDED_BY_MAIN_MODULE)
-#define EXTERN_UNLESS_MAIN_MODULE extern
-#else
-#define EXTERN_UNLESS_MAIN_MODULE
-#endif
+# if !defined (INCLUDED_BY_MAIN_MODULE)
+# define EXTERN_UNLESS_MAIN_MODULE extern
+# else
+# define EXTERN_UNLESS_MAIN_MODULE
+# endif
#endif
#define DBG_MPI mpi_debug_mode
diff --git a/keyserver/gpgkeys_curl.c b/keyserver/gpgkeys_curl.c
index 55aee68..39bc108 100644
--- a/keyserver/gpgkeys_curl.c
+++ b/keyserver/gpgkeys_curl.c
@@ -37,6 +37,7 @@
#ifdef HAVE_GETOPT_H
#include <getopt.h>
#endif
+#define INCLUDED_BY_MAIN_MODULE 1
#ifdef HAVE_LIBCURL
#include <curl/curl.h>
#else
@@ -45,6 +46,7 @@
#include "compat.h"
#include "keyserver.h"
#include "ksutil.h"
+#include "util.h"
extern char *optarg;
extern int optind;
diff --git a/keyserver/gpgkeys_hkp.c b/keyserver/gpgkeys_hkp.c
index f45958e..6b262ab 100644
--- a/keyserver/gpgkeys_hkp.c
+++ b/keyserver/gpgkeys_hkp.c
@@ -38,6 +38,7 @@
#ifdef HAVE_GETOPT_H
# include <getopt.h>
#endif
+#define INCLUDED_BY_MAIN_MODULE 1
#ifdef HAVE_LIBCURL
# include <curl/curl.h>
/* This #define rigamarole is to enable a hack to fake DNS SRV using
@@ -63,6 +64,7 @@
#include "compat.h"
#include "keyserver.h"
#include "ksutil.h"
+#include "util.h"
extern char *optarg;
extern int optind;
diff --git a/keyserver/gpgkeys_ldap.c b/keyserver/gpgkeys_ldap.c
index 3541957..23129e9 100644
--- a/keyserver/gpgkeys_ldap.c
+++ b/keyserver/gpgkeys_ldap.c
@@ -58,13 +58,11 @@
#include <ldap_ssl.h>
#endif
+#define INCLUDED_BY_MAIN_MODULE 1
#include "compat.h"
#include "keyserver.h"
#include "ksutil.h"
-
-#ifdef __riscos__
#include "util.h"
-#endif
#if HAVE_W32_SYSTEM
# if !defined(__MINGW64_VERSION_MAJOR) || !defined(__MINGW32_MAJOR_VERSION)
@@ -233,7 +231,7 @@ epoch2ldaptime(time_t stamp)
/* YYYYMMDDHHmmssZ */
- sprintf(buf,"%04d%02d%02d%02d%02d%02dZ",
+ snprintf(buf, sizeof(buf), "%04d%02d%02d%02d%02d%02dZ",
ldaptime->tm_year,
ldaptime->tm_mon,
ldaptime->tm_mday,
diff --git a/po/ru.po b/po/ru.po
index 2d5b2a4..f001b25 100644
--- a/po/ru.po
+++ b/po/ru.po
@@ -40,7 +40,7 @@ msgstr "невозможно заблокировать `%s': %s\n"
#: cipher/random.c:430 cipher/random.c:609
#, c-format
msgid "waiting for lock on `%s'...\n"
-msgstr "ожидание блокировки `%s'\n"
+msgstr "ожидание блокировки `%s'...\n"
#: cipher/random.c:473 g10/card-util.c:787 g10/dearmor.c:59 g10/dearmor.c:108
#: g10/encode.c:182 g10/encode.c:472 g10/gpg.c:1028 g10/gpg.c:3615
@@ -5569,7 +5569,7 @@ msgstr "ВНИМАНИЕ: обнаружен слабый ключ - смени
#: g10/seckey-cert.c:366
msgid "generating the deprecated 16-bit checksum for secret key protection\n"
msgstr ""
-"создание нерекомендуемой 16-битной контрольной суммы для защиты ключа\n"
+"создание не рекомендуемой 16-битной контрольной суммы для защиты ключа\n"
#: g10/seskey.c:51
msgid "weak key created - retrying\n"
diff --git a/tools/bftest.c b/tools/bftest.c
index 8a1572c..3c1d93b 100644
--- a/tools/bftest.c
+++ b/tools/bftest.c
@@ -26,6 +26,7 @@
#include <fcntl.h>
#endif
+#define INCLUDED_BY_MAIN_MODULE 1
#include "util.h"
#include "cipher.h"
#include "i18n.h"
diff --git a/tools/mpicalc.c b/tools/mpicalc.c
index 46e5fc8..e75d4af 100644
--- a/tools/mpicalc.c
+++ b/tools/mpicalc.c
@@ -31,6 +31,7 @@
#include <stdlib.h>
#include <ctype.h>
+#define INCLUDED_BY_MAIN_MODULE 1
#include "util.h"
#include "mpi.h"
#include "i18n.h"
diff --git a/util/logger.c b/util/logger.c
index d631611..7e488b0 100644
--- a/util/logger.c
+++ b/util/logger.c
@@ -109,6 +109,8 @@ log_get_errorcount( int clear)
void
log_inc_errorcount()
{
+ /* Protect agains overflow. */
+ if (errorcount < 30000)
errorcount++;
}
@@ -135,7 +137,7 @@ g10_log_print_prefix(const char *text)
if (!logfp )
{
FILE *ttyfp_local;
-
+
init_ttyfp();
ttyfp_local = ttyfp_is ();
if (isatty (fileno (stderr)) && isatty (fileno (ttyfp_local)))
@@ -179,7 +181,7 @@ g10_log_warning( const char *fmt, ... )
if(strict)
{
- errorcount++;
+ log_inc_errorcount ();
g10_log_print_prefix(_("ERROR: "));
}
else
@@ -203,7 +205,7 @@ g10_log_error( const char *fmt, ... )
va_start( arg_ptr, fmt ) ;
vfprintf(logfp,fmt,arg_ptr) ;
va_end(arg_ptr);
- errorcount++;
+ log_inc_errorcount ();
#ifdef __riscos__
fflush( logfp );
#endif /* __riscos__ */
@@ -285,6 +287,3 @@ g10_log_hexdump( const char *text, const char *buf, size_t len )
fflush( logfp );
#endif /* __riscos__ */
}
-
-
-
diff --git a/util/miscutil.c b/util/miscutil.c
index f0cbaca..fc90a46 100644
--- a/util/miscutil.c
+++ b/util/miscutil.c
@@ -134,7 +134,7 @@ strtimestamp( u32 stamp )
}
else {
tp = gmtime( &atime );
- sprintf(buffer,"%04d-%02d-%02d",
+ snprintf(buffer, sizeof buffer, "%04d-%02d-%02d",
1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday );
}
return buffer;
@@ -156,7 +156,7 @@ isotimestamp (u32 stamp)
}
else {
tp = gmtime( &atime );
- sprintf(buffer,"%04d-%02d-%02d %02d:%02d:%02d",
+ snprintf(buffer, sizeof buffer, "%04d-%02d-%02d %02d:%02d:%02d",
1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday,
tp->tm_hour, tp->tm_min, tp->tm_sec);
}
diff --git a/util/strgutil.c b/util/strgutil.c
index 3d45405..5eef7b1 100644
--- a/util/strgutil.c
+++ b/util/strgutil.c
@@ -77,6 +77,25 @@ static ushort koi8_unicode[128] = {
0x042c,0x042b,0x0417,0x0428,0x042d,0x0429,0x0427,0x042a
};
+static ushort cp1251_unicode[128] = {
+ 0x0402,0x0403,0x201a,0x0453,0x201e,0x2026,0x2020,0x2021,
+ 0x20ac,0x2030,0x0409,0x2039,0x040a,0x040c,0x040b,0x040f,
+ 0x0452,0x2018,0x2019,0x201c,0x201d,0x2022,0x2013,0x2014,
+ 0xffff,0x2122,0x0459,0x203a,0x045a,0x045c,0x045b,0x045f,
+ 0x00a0,0x040e,0x045e,0x0408,0x00a4,0x0490,0x00a6,0x00a7,
+ 0x0401,0x00a9,0x0404,0x00ab,0x00ac,0x00ad,0x00ae,0x0407,
+ 0x00b0,0x00b1,0x0406,0x0456,0x0491,0x00b5,0x00b6,0x00b7,
+ 0x0451,0x2116,0x0454,0x00bb,0x0458,0x0405,0x0455,0x0457,
+ 0x0410,0x0411,0x0412,0x0413,0x0414,0x0415,0x0416,0x0417,
+ 0x0418,0x0419,0x041a,0x041b,0x041c,0x041d,0x041e,0x041f,
+ 0x0420,0x0421,0x0422,0x0423,0x0424,0x0425,0x0426,0x0427,
+ 0x0428,0x0429,0x042a,0x042b,0x042c,0x042d,0x042e,0x042f,
+ 0x0430,0x0431,0x0432,0x0433,0x0434,0x0435,0x0436,0x0437,
+ 0x0438,0x0439,0x043a,0x043b,0x043c,0x043d,0x043e,0x043f,
+ 0x0440,0x0441,0x0442,0x0443,0x0444,0x0445,0x0446,0x0447,
+ 0x0448,0x0449,0x044a,0x044b,0x044c,0x044d,0x044e,0x044f
+};
+
static ushort latin2_unicode[128] = {
0x0080,0x0081,0x0082,0x0083,0x0084,0x0085,0x0086,0x0087,
0x0088,0x0089,0x008A,0x008B,0x008C,0x008D,0x008E,0x008F,
@@ -707,6 +726,13 @@ set_native_charset( const char *newset )
active_charset = koi8_unicode;
use_iconv = 0;
}
+ else if( !ascii_strcasecmp( newset, "cp1251" )
+ || !ascii_strcasecmp (newset, "windows-1251" ) ) {
+ active_charset_name = "cp1251";
+ no_translation = 0;
+ active_charset = cp1251_unicode;
+ use_iconv = 0;
+ }
else
return G10ERR_GENERAL;
#endif /*!USE_GNUPG_ICONV*/