[Gpg4win-commits] [git] Gpg4win - branch, master, updated. gpg4win-2.2.3-4-gcb61d38
by Andre Heinecke
cvs at cvs.gnupg.org
Wed Feb 18 19:25:11 CET 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG for Windows".
The branch, master has been updated
via cb61d38fcd795648acb5c335325be7231f6c87cb (commit)
from 4f1715736001d292b7bcf406fa266e8e68821a8b (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit cb61d38fcd795648acb5c335325be7231f6c87cb
Author: Andre Heinecke <aheinecke at intevation.de>
Date: Wed Feb 18 19:23:07 2015 +0100
Update to gnupg 2.0.27
* patches/gnupg2-2.0.26/
0003-gpg-Allow-for-positional-parameters-in-the-passphras.patch,
patches/gnupg2-2.0.26/
0004-Make-the-use-of-verifiy-file-harder.patch: Removed.
* patches/gnupg2-2.0.26: Renamed to gnupg2-2.0.27.
diff --git a/packages/packages.current b/packages/packages.current
index 0618dcb..d5e858d 100644
--- a/packages/packages.current
+++ b/packages/packages.current
@@ -414,10 +414,12 @@ chk 37d0893a587354af2b6e49f6ae701ca84f52da67
file libassuan/libassuan-2.1.3.tar.bz2
chk 56ac91973c2818a91d4f16ed48265a2b5daf45d3
-# checked: 2014-08-12 ah - updated
-name gnupg2-2.0.26.tar.bz2
-file gnupg/gnupg-2.0.26.tar.bz2
-chk 3ff5b38152c919724fd09cf2f17df704272ba192
+# last changed: 2015-2-18
+# by: ah
+# verified: Sig D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
+name gnupg2-2.0.27.tar.bz2
+file gnupg/gnupg-2.0.27.tar.bz2
+chk d065be185f5bac8ea07b210ab7756e79b83b63d4
# checked: 2014-07-16 ah
file dirmngr/dirmngr-1.1.1.tar.bz2
diff --git a/patches/gnupg2-2.0.26/0003-gpg-Allow-for-positional-parameters-in-the-passphras.patch b/patches/gnupg2-2.0.26/0003-gpg-Allow-for-positional-parameters-in-the-passphras.patch
deleted file mode 100755
index cd8a3e7..0000000
--- a/patches/gnupg2-2.0.26/0003-gpg-Allow-for-positional-parameters-in-the-passphras.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-#! /bin/sh
-patch -p1 -l -f $* < $0
-exit $?
-
-From c45b9819e8f4b35681c91ffb67abdc38dcc32a2a Mon Sep 17 00:00:00 2001
-From: Werner Koch <wk at gnupg.org>
-Date: Tue, 26 Aug 2014 10:16:04 +0200
-Subject: [PATCH 1/3] gpg: Allow for positional parameters in the passphrase
- prompt.
-
-* g10/passphrase.c (passphrase_get): Replace sprintf by xasprintf.
---
-
-Without that at least the French translation does not always work
-because it requires positional parameters. Windows for example does
-not support them as they are not defined by C99 but by POSIX.
----
- g10/passphrase.c | 35 ++++++++++++-----------------------
- 1 file changed, 12 insertions(+), 23 deletions(-)
-
-diff --git a/g10/passphrase.c b/g10/passphrase.c
-index 9752718..54caf72 100644
---- a/g10/passphrase.c
-+++ b/g10/passphrase.c
-@@ -341,38 +341,27 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat,
- if ( !algo_name )
- algo_name = "?";
-
--#define KEYIDSTRING _(" (main key ID %s)")
--
-- maink = xmalloc ( strlen (KEYIDSTRING) + keystrlen() + 20 );
-- if( keyid[2] && keyid[3] && keyid[0] != keyid[2]
-+ if (keyid[2] && keyid[3]
-+ && keyid[0] != keyid[2]
- && keyid[1] != keyid[3] )
-- sprintf( maink, KEYIDSTRING, keystr(&keyid[2]) );
-+ maink = xasprintf (_(" (main key ID %s)"), keystr (&keyid[2]));
- else
-- *maink = 0;
-+ maink = xstrdup ("");
-
- uid = get_user_id ( keyid, &uidlen );
- timestr = strtimestamp (pk->timestamp);
-
--#undef KEYIDSTRING
--
--#define PROMPTSTRING _("Please enter the passphrase to unlock the" \
-- " secret key for the OpenPGP certificate:\n" \
-- "\"%.*s\"\n" \
-- "%u-bit %s key, ID %s,\n" \
-- "created %s%s.\n" )
--
-- atext = xmalloc ( 100 + strlen (PROMPTSTRING)
-- + uidlen + 15 + strlen(algo_name) + keystrlen()
-- + strlen (timestr) + strlen (maink) );
-- sprintf (atext, PROMPTSTRING,
-- (int)uidlen, uid,
-- nbits_from_pk (pk), algo_name, keystr(&keyid[0]), timestr,
-- maink );
-+ atext = xasprintf (_("Please enter the passphrase to unlock the"
-+ " secret key for the OpenPGP certificate:\n"
-+ "\"%.*s\"\n"
-+ "%u-bit %s key, ID %s,\n"
-+ "created %s%s.\n"),
-+ (int)uidlen, uid,
-+ nbits_from_pk (pk), algo_name, keystr(&keyid[0]),
-+ timestr, maink);
- xfree (uid);
- xfree (maink);
-
--#undef PROMPTSTRING
--
- {
- size_t dummy;
- fingerprint_from_pk( pk, fpr, &dummy );
---
-1.9.1
diff --git a/patches/gnupg2-2.0.26/0004-Make-the-use-of-verifiy-file-harder.patch b/patches/gnupg2-2.0.26/0004-Make-the-use-of-verifiy-file-harder.patch
deleted file mode 100755
index af3417f..0000000
--- a/patches/gnupg2-2.0.26/0004-Make-the-use-of-verifiy-file-harder.patch
+++ /dev/null
@@ -1,245 +0,0 @@
-#! /bin/sh
-patch -p1 -l -f $* < $0
-exit $?
-
-commit a5ca45e6168e75aa6f3743b764d601ab3df966b7
-Author: Werner Koch <wk at gnupg.org>
-Date: Fri Nov 14 09:36:19 2014 +0100
-
- gpg: Make the use of "--verify FILE" for detached sigs harder.
-
- * g10/openfile.c (open_sigfile): Factor some code out to ...
- (get_matching_datafile): new function.
- * g10/plaintext.c (hash_datafiles): Do not try to find matching file
- in batch mode.
- * g10/mainproc.c (check_sig_and_print): Print a warning if a possibly
- matching data file is not used by a standard signatures.
- --
-
- Allowing to use the abbreviated form for detached signatures is a long
- standing bug which has only been noticed by the public with the
- release of 2.1.0. :-(
-
- What we do is to remove the ability to check detached signature in
- --batch using the one file abbreviated mode. This should exhibit
- problems in scripts which use this insecure practice. We also print a
- warning if a matching data file exists but was not considered because
- the detached signature was actually a standard signature:
-
- gpgv: Good signature from "Werner Koch (dist sig)"
- gpgv: WARNING: not a detached signature; \
- file 'gnupg-2.1.0.tar.bz2' was NOT verified!
-
- We can only print a warning because it is possible that a standard
- signature is indeed to be verified but by coincidence a file with a
- matching name is stored alongside the standard signature.
-
- Reported-by: Simon Nicolussi (to gnupg-users on Nov 7)
- Signed-off-by: Werner Koch <wk at gnupg.org>
-
- (backported from commit 69384568f66a48eff3968bb1714aa13925580e9f)
-
-diff --git a/g10/main.h b/g10/main.h
-index e97b936..b55a184 100644
---- a/g10/main.h
-+++ b/g10/main.h
-@@ -253,7 +253,8 @@ int overwrite_filep( const char *fname );
- char *make_outfile_name( const char *iname );
- char *ask_outfile_name( const char *name, size_t namelen );
- int open_outfile( const char *iname, int mode, iobuf_t *a );
--iobuf_t open_sigfile( const char *iname, progress_filter_context_t *pfx );
-+char *get_matching_datafile (const char *sigfilename);
-+iobuf_t open_sigfile (const char *sigfilename, progress_filter_context_t *pfx);
- void try_make_homedir( const char *fname );
-
- /*-- seskey.c --*/
-diff --git a/g10/mainproc.c b/g10/mainproc.c
-index 551ab58..3abcb15 100644
---- a/g10/mainproc.c
-+++ b/g10/mainproc.c
-@@ -1959,6 +1959,44 @@ check_sig_and_print( CTX c, KBNODE node )
- sig->sig_class==0x01?_("textmode"):_("unknown"),
- gcry_md_algo_name (sig->digest_algo));
-
-+ if (!rc && !c->signed_data.used)
-+ {
-+ /* Signature is basically good but we test whether the
-+ deprecated command
-+ gpg --verify FILE.sig
-+ was used instead of
-+ gpg --verify FILE.sig FILE
-+ to verify a detached signature. If we figure out that a
-+ data file with a matching name exists, we print a warning.
-+
-+ The problem is that the first form would also verify a
-+ standard signature. This behavior could be used to
-+ create a made up .sig file for a tarball by creating a
-+ standard signature from a valid detached signature packet
-+ (for example from a signed git tag). Then replace the
-+ sig file on the FTP server along with a changed tarball.
-+ Using the first form the verify command would correctly
-+ verify the signature but don't even consider the tarball. */
-+ kbnode_t n;
-+ char *dfile;
-+
-+ dfile = get_matching_datafile (c->sigfilename);
-+ if (dfile)
-+ {
-+ for (n = c->list; n; n = n->next)
-+ if (n->pkt->pkttype != PKT_SIGNATURE)
-+ break;
-+ if (n)
-+ {
-+ /* Not only signature packets in the tree thus this
-+ is not a detached signature. */
-+ log_info (_("WARNING: not a detached signature; "
-+ "file '%s' was NOT verified!\n"), dfile);
-+ }
-+ xfree (dfile);
-+ }
-+ }
-+
- if( rc )
- g10_errors_seen = 1;
- if( opt.batch && rc )
-diff --git a/g10/openfile.c b/g10/openfile.c
-index db5cdc2..dc9dfd0 100644
---- a/g10/openfile.c
-+++ b/g10/openfile.c
-@@ -287,41 +287,70 @@ open_outfile( const char *iname, int mode, IOBUF *a )
- }
-
-
-+/* Find a matching data file for the signature file SIGFILENAME and
-+ return it as a malloced string. If no matching data file is found,
-+ return NULL. */
-+char *
-+get_matching_datafile (const char *sigfilename)
-+{
-+ char *fname = NULL;
-+ size_t len;
-+
-+ if (iobuf_is_pipe_filename (sigfilename))
-+ return NULL;
-+
-+ len = strlen (sigfilename);
-+ if (len > 4
-+ && (!strcmp (sigfilename + len - 4, EXTSEP_S "sig")
-+ || (len > 5 && !strcmp(sigfilename + len - 5, EXTSEP_S "sign"))
-+ || !strcmp(sigfilename + len - 4, EXTSEP_S "asc")))
-+ {
-+
-+ fname = xstrdup (sigfilename);
-+ fname[len-(fname[len-1]=='n'?5:4)] = 0 ;
-+ if (access (fname, R_OK ))
-+ {
-+ /* Not found or other error. */
-+ xfree (fname);
-+ fname = NULL;
-+ }
-+ }
-+
-+ return fname;
-+}
-+
-+
- /****************
- * Try to open a file without the extension ".sig" or ".asc"
- * Return NULL if such a file is not available.
- */
--IOBUF
--open_sigfile( const char *iname, progress_filter_context_t *pfx )
-+iobuf_t
-+open_sigfile (const char *sigfilename, progress_filter_context_t *pfx)
- {
-- IOBUF a = NULL;
-- size_t len;
--
-- if( !iobuf_is_pipe_filename (iname) ) {
-- len = strlen(iname);
-- if( len > 4 && ( !strcmp(iname + len - 4, EXTSEP_S "sig")
-- || ( len > 5 && !strcmp(iname + len - 5, EXTSEP_S "sign") )
-- || !strcmp(iname + len - 4, EXTSEP_S "asc")) ) {
-- char *buf;
-- buf = xstrdup(iname);
-- buf[len-(buf[len-1]=='n'?5:4)] = 0 ;
-- a = iobuf_open( buf );
-- if (a && is_secured_file (iobuf_get_fd (a)))
-- {
-- iobuf_close (a);
-- a = NULL;
-- errno = EPERM;
-- }
-- if( a && opt.verbose )
-- log_info(_("assuming signed data in `%s'\n"), buf );
-- if (a && pfx)
-- handle_progress (pfx, a, buf);
-- xfree(buf);
-- }
-+ iobuf_t a = NULL;
-+ char *buf;
-+
-+ buf = get_matching_datafile (sigfilename);
-+ if (buf)
-+ {
-+ a = iobuf_open (buf);
-+ if (a && is_secured_file (iobuf_get_fd (a)))
-+ {
-+ iobuf_close (a);
-+ a = NULL;
-+ gpg_err_set_errno (EPERM);
-+ }
-+ if (a)
-+ log_info (_("assuming signed data in '%s'\n"), buf);
-+ if (a && pfx)
-+ handle_progress (pfx, a, buf);
-+ xfree (buf);
- }
-- return a;
-+
-+ return a;
- }
-
-+
- /****************
- * Copy the option file skeleton to the given directory.
- */
-diff --git a/g10/plaintext.c b/g10/plaintext.c
-index 3777648..d24c640 100644
---- a/g10/plaintext.c
-+++ b/g10/plaintext.c
-@@ -546,17 +546,25 @@ hash_datafiles( gcry_md_hd_t md, gcry_md_hd_t md2, strlist_t files,
- pfx = new_progress_context ();
-
- if( !files ) {
-- /* check whether we can open the signed material */
-- fp = open_sigfile( sigfilename, pfx );
-- if( fp ) {
-- do_hash( md, md2, fp, textmode );
-- iobuf_close(fp);
-- release_progress_context (pfx);
-- return 0;
-- }
-- log_error (_("no signed data\n"));
-- release_progress_context (pfx);
-- return gpg_error (GPG_ERR_NO_DATA);
-+ /* Check whether we can open the signed material. We avoid
-+ trying to open a file if run in batch mode. This assumed
-+ data file for a sig file feature is just a convenience thing
-+ for the command line and the user needs to read possible
-+ warning messages. */
-+ if (!opt.batch)
-+ {
-+ fp = open_sigfile( sigfilename, pfx );
-+ if( fp )
-+ {
-+ do_hash( md, md2, fp, textmode );
-+ iobuf_close(fp);
-+ release_progress_context (pfx);
-+ return 0;
-+ }
-+ }
-+ log_error (_("no signed data\n"));
-+ release_progress_context (pfx);
-+ return gpg_error (GPG_ERR_NO_DATA);
- }
diff --git a/patches/gnupg2-2.0.26/0001-Enable-wildcard-expansion-with-mingw-w64.patch b/patches/gnupg2-2.0.27/0001-Enable-wildcard-expansion-with-mingw-w64.patch
similarity index 100%
rename from patches/gnupg2-2.0.26/0001-Enable-wildcard-expansion-with-mingw-w64.patch
rename to patches/gnupg2-2.0.27/0001-Enable-wildcard-expansion-with-mingw-w64.patch
diff --git a/patches/gnupg2-2.0.26/0002-Let-wchar_to_native-convert-to-console-codepage.patch b/patches/gnupg2-2.0.27/0002-Let-wchar_to_native-convert-to-console-codepage.patch
similarity index 100%
rename from patches/gnupg2-2.0.26/0002-Let-wchar_to_native-convert-to-console-codepage.patch
rename to patches/gnupg2-2.0.27/0002-Let-wchar_to_native-convert-to-console-codepage.patch
diff --git a/patches/gnupg2-2.0.26/0005-Fix-gpgtar-8-bit-encoding-handling-on-Win32.patch b/patches/gnupg2-2.0.27/0005-Fix-gpgtar-8-bit-encoding-handling-on-Win32.patch
similarity index 100%
rename from patches/gnupg2-2.0.26/0005-Fix-gpgtar-8-bit-encoding-handling-on-Win32.patch
rename to patches/gnupg2-2.0.27/0005-Fix-gpgtar-8-bit-encoding-handling-on-Win32.patch
-----------------------------------------------------------------------
Summary of changes:
packages/packages.current | 10 +-
...or-positional-parameters-in-the-passphras.patch | 77 -------
.../0004-Make-the-use-of-verifiy-file-harder.patch | 245 ---------------------
...-Enable-wildcard-expansion-with-mingw-w64.patch | 0
...har_to_native-convert-to-console-codepage.patch | 0
...x-gpgtar-8-bit-encoding-handling-on-Win32.patch | 0
6 files changed, 6 insertions(+), 326 deletions(-)
delete mode 100755 patches/gnupg2-2.0.26/0003-gpg-Allow-for-positional-parameters-in-the-passphras.patch
delete mode 100755 patches/gnupg2-2.0.26/0004-Make-the-use-of-verifiy-file-harder.patch
rename patches/{gnupg2-2.0.26 => gnupg2-2.0.27}/0001-Enable-wildcard-expansion-with-mingw-w64.patch (100%)
rename patches/{gnupg2-2.0.26 => gnupg2-2.0.27}/0002-Let-wchar_to_native-convert-to-console-codepage.patch (100%)
rename patches/{gnupg2-2.0.26 => gnupg2-2.0.27}/0005-Fix-gpgtar-8-bit-encoding-handling-on-Win32.patch (100%)
hooks/post-receive
--
GnuPG for Windows
http://git.gnupg.org
More information about the Gpg4win-commits
mailing list