gnupg.git
2 years agobuild: Make autogen.sh more POSIX friendly (next try)
Werner Koch [Thu, 12 Jan 2017 10:22:37 +0000 (11:22 +0100)]
build: Make autogen.sh more POSIX friendly (next try)

* autogen.sh: Fix dd count to 5.
--

Fixes-commit: 3c00b52f7cb0fbd756c0bbe5134b8f2d69c60dd1
Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: Rename a var to avoid a shadowing warning.
Werner Koch [Thu, 12 Jan 2017 09:40:26 +0000 (10:40 +0100)]
gpg: Rename a var to avoid a shadowing warning.

* g10/keygen.c (keygen_set_std_prefs): Rename variable.
--

I consider it better not to use the name of a commonly used function.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agotests: Fix t-gettime for a time_t of 64 and a long of 32 bit.
Werner Koch [Thu, 12 Jan 2017 09:39:19 +0000 (10:39 +0100)]
tests: Fix t-gettime for a time_t of 64 and a long of 32 bit.

* configure.ac (AC_CHECK_HEADERS): Add stdint.h.
* common/t-gettime.c: Include stdint.h.
(UINTMAX_C): Define replacement.
(test_isotime2epoch): Use UINTMAX_C for the >32 bit constants.
--

This is for example the case on 32 bit OpenBSD.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agobuild: Make autogen.sh more POSIX friendly.
Werner Koch [Thu, 12 Jan 2017 08:58:57 +0000 (09:58 +0100)]
build: Make autogen.sh more POSIX friendly.

* autogen.sh: Replace non POSIX "cp -a" and "head -c".
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agolibdns: Silence -Wstrict-prototypes on some function ptrs.
Werner Koch [Thu, 12 Jan 2017 08:22:14 +0000 (09:22 +0100)]
libdns: Silence -Wstrict-prototypes on some function ptrs.

* dirmngr/dns.c (dns_rrtype): Ignore -Wstrict-prototypes warning.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agolibdns: Provide replacement for EPROTO.
Werner Koch [Thu, 12 Jan 2017 08:20:49 +0000 (09:20 +0100)]
libdns: Provide replacement for EPROTO.

* dirmngr/dns.c (EPROTO) ![EPROTO]: Define to EPROTONOSUPPORT.
--

This is the same replacement we use in Libassuan
(commit 8ab3b9273524bd344bdb90dd5d3bc8e5f53ead6e) to make it work on
OpenBSD and may other BSD based OSes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodirmngr: After a connection failure log a hint if Tor is not running.
Werner Koch [Wed, 11 Jan 2017 16:09:16 +0000 (17:09 +0100)]
dirmngr: After a connection failure log a hint if Tor is not running.

* dirmngr/ks-engine-hkp.c (handle_send_request_error): Check whether
Tor is running.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodirmngr: Mark hosts dead on ENETDOWN.
Werner Koch [Wed, 11 Jan 2017 15:43:30 +0000 (16:43 +0100)]
dirmngr: Mark hosts dead on ENETDOWN.

* dirmngr/ks-engine-hkp.c (handle_send_request_error): Take care of
ENETDOWN.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodirmngr: Fix Tor access for v6 addresses.
Werner Koch [Wed, 11 Jan 2017 15:41:15 +0000 (16:41 +0100)]
dirmngr: Fix Tor access for v6 addresses.

* dirmngr/http.c (use_socks): New.
(my_sock_new_for_addr): New.
(connect_server): Replace assuan_sock_new by my_sock_new_for_addr.
--

Libassuan always uses 127.0.0.1 to connect to the local Tor proxy.
https.c used to create a socket for the actual address family and thus
the connect call in Libassuan fails when it tries to connect to a v6
address using a v4 socket.

It would be cleaner to have the my_sock_new_for_addr function as a
public interface in Libassuan; for now we need to duplicate some code.
from Libassuan.

GnuPG-bug-id: 2902
Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodirmngr: Remove warnings about unused global variables.
Werner Koch [Wed, 11 Jan 2017 09:48:20 +0000 (10:48 +0100)]
dirmngr: Remove warnings about unused global variables.

* dirmngr/crlcache.c (oidstr_issuingDistributionPoint): Comment.
* dirmngr/ocsp.c (oidstr_certHash): Comment.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodirmngr: Implement debug option "network" for http.
Werner Koch [Wed, 11 Jan 2017 09:35:46 +0000 (10:35 +0100)]
dirmngr: Implement debug option "network" for http.

* dirmngr/dirmngr.c (parse_rereadable_options): Set http debugging.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodirmngr: Add debug code to http.c.
Werner Koch [Wed, 11 Jan 2017 09:34:49 +0000 (10:34 +0100)]
dirmngr: Add debug code to http.c.

* dirmngr/http.c (opt_verbose, opt_debug): New vars.
(http_set_verbose): New function.
(_my_socket_new): Add debug output.
(_my_socket_ref, _my_socket_unref, session_unref): Call log_debug if
OPT_DEBUG has ben set to 2 in a debugger.
(http_session_new, http_session_ref): Ditto.
(send_request, http_start_data): Print debug output for the request.
(parse_response): Change to use log_debug_string for the response.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agocommon: New function log_debug_with_string.
Werner Koch [Wed, 11 Jan 2017 09:21:32 +0000 (10:21 +0100)]
common: New function log_debug_with_string.

* common/logging.c (do_logv): Factor some code out to ...
(print_prefix): new.
(log_logv): Add arg EXTRASTRING and print it.  Change all callers to
pass NULL for it.
(log_debug_with_string): New.  Uses EXTRASTRING.
--

This function can be used to print a human readable buffer in addition
to a log message to the log stream.  This function will keep all lines
together and prefix them with ">> ".

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agocommon: Avoid unnecessary ambiguity in argparse.
Daniel Kahn Gillmor [Tue, 10 Jan 2017 20:59:36 +0000 (15:59 -0500)]
common: Avoid unnecessary ambiguity in argparse.

* common/argparse.c (find_long_option): Avoid unnecessary ambiguity.
--

If two struct ARGPARSE_OPTS share a prefix in their long_opt name, but
have the exact same short_opt and flags, they are aliases and not
distinct options.  Avoid reporting this as an ambiguity, so that (for
example) both --clearsign and --clear-sign can be invoked as --clear.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Debian-Bug-Id: 850475

2 years agosystemd-user: Enable "systemctl --user reload {dirmngr,gpg-agent}"
Daniel Kahn Gillmor [Tue, 10 Jan 2017 22:12:09 +0000 (17:12 -0500)]
systemd-user: Enable "systemctl --user reload {dirmngr,gpg-agent}"

* doc/examples/systemd-user/*.service: Add ExecReload directives to
  indicate the canonical way to reload the services.

GnuPG recommends reloading the agent and dirmngr with "gpgconf
--reload".  if anyone is running them as systemd user services, they
might ask them to reload in the systemd way, so teach systemd the
right thing to do.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 years agodoc: Mention dirmngr.conf
Werner Koch [Tue, 10 Jan 2017 15:24:31 +0000 (16:24 +0100)]
doc: Mention dirmngr.conf

--

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agotests: Improve gpgconf test.
Justus Winter [Tue, 10 Jan 2017 14:50:57 +0000 (15:50 +0100)]
tests: Improve gpgconf test.

* tests/openpgp/defs.scm (valgrind): New variable.
(gpg-config): Fix clearing an option.
* tests/openpgp/gpgconf.scm: Also toggle 'quiet'.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotools: Fix memory leaks and improve error handling.
Justus Winter [Tue, 10 Jan 2017 14:42:27 +0000 (15:42 +0100)]
tools: Fix memory leaks and improve error handling.

* tools/gpgconf-comp.c (gc_option_free): New function.
(gc_components_free): Likewise.
(gc_components_init): Likewise.
(retrieve_options_from_program): Use 'xfree', fix memory leak.
(change_options_program): Improve error handling.
(gc_component_change_options): Fix memory leaks.
* tools/gpgconf.c (main): Initialize components.
* tools/gpgconf.h (gc_components_init): New prototype.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests: Add test for gpgconf.
Justus Winter [Tue, 10 Jan 2017 11:38:07 +0000 (12:38 +0100)]
tests: Add test for gpgconf.

* tests/openpgp/Makefile.am (XTESTS): Add new test.
* tests/openpgp/defs.scm (percent-encode): New function.
(gpg-conf): Generalize so that we can feed stdin.
(gpg-config): New function.
* tests/openpgp/gpgconf.scm: New file.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agocommon: Fix fallback code.
Justus Winter [Tue, 10 Jan 2017 11:31:46 +0000 (12:31 +0100)]
common: Fix fallback code.

* common/logging.c (_log_assert): Fix the variant for compilers that
do not support __FUNCTION__.
* common/logging.h (_log_assert): Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agodirmngr: Use "pgpkey-hkps" and "pgpkey-hkp" for SRV record lookups.
Werner Koch [Mon, 9 Jan 2017 09:42:30 +0000 (10:42 +0100)]
dirmngr: Use "pgpkey-hkps" and "pgpkey-hkp" for SRV record lookups.

* dirmngr/ks-engine-hkp.c (map_host): Chnage arg NO_SRV to SRVTAG.
(make_host_part): Rewrite.
--

This fixes a regression from 2.0 and 1.4 where these tags have been in
used since 2009.  For whatever reason this was not ported to 2.1 and
"hkp" was always used.

GnuPG-bug-id: 2451
Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodirmngr: Do not use a SRV record for HKP if a port was specified.
Werner Koch [Mon, 9 Jan 2017 09:11:20 +0000 (10:11 +0100)]
dirmngr: Do not use a SRV record for HKP if a port was specified.

* dirmngr/http.h (parsed_uri_s): Add field EXPLICIT_PORT.
* dirmngr/http.c (do_parse_uri): That it.
* dirmngr/ks-engine-hkp.c (map_host): Add arg NO_SRV.
(make_host_part): Ditto.
(ks_hkp_resolve): Set NO_SRV from EXPLICIT_PORT.
(ks_hkp_search): Ditto.
(ks_hkp_get): Ditto.
(ks_hkp_put): Ditto.
--

This implements the behaviour of the keyserver helpers from 1.4 and
2.0.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodoc: Update man page for watchgnupg
Werner Koch [Mon, 9 Jan 2017 07:54:45 +0000 (08:54 +0100)]
doc: Update man page for watchgnupg

--

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodirmngr: Implement experimental SRV record lookup for WKD.
Werner Koch [Sun, 8 Jan 2017 17:42:50 +0000 (18:42 +0100)]
dirmngr: Implement experimental SRV record lookup for WKD.

* dirmngr/server.c (cmd_wkd_get): Support SRV records.
--

This patch changes the way a WKD query is done.  Now we first look for
a SRV record for service "openpgpkey" and port "tcp" under the
to-be-queried domain.  If such a record was found and the target host
matches the to-be-queried domain or is a suffix to that domain, that
target host is used instead of the domain name.  The SRV record also
allows to change the port and obviously can be used for
load-balancing.

For example a query for the submission address of example.org with the
SRV record specification

_openpgpkey._tcp        IN     SRV   0 0  0    wkd.foo.org.
                        IN     SRV   0 0  0    wkd.example.net.
                        IN     SRV   0 0  4711 wkd.example.org.

(queried using the name "_openpgpkey._tcp.example.org") would fetch
from this URL:

 https://wkd.example.org:4711/.well-known/openpgpkey/submission-address

Note that the first two SRV records won't be used because foo.org and
example.net do not match example.org.  We require that the target host
is identical to the domain or be a subdomain of it.  This is so that
an attacker modifying the SRV records needs to setup a server in a
sub-domain of the actual domain and can't use an arbitrary domain.
Whether this is a sufficient requirement is not clear and needs
further discussion.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodirmngr: Improve debug output for TLS.
Werner Koch [Sun, 8 Jan 2017 17:07:18 +0000 (18:07 +0100)]
dirmngr: Improve debug output for TLS.

* dirmngr/misc.c (dump_cert): Also print SubjectAltNames.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodirmngr: Change internal SRV lookup API.
Werner Koch [Sun, 8 Jan 2017 17:04:59 +0000 (18:04 +0100)]
dirmngr: Change internal SRV lookup API.

* dirmngr/dns-stuff.c (get_dns_srv): Add args SERVICE and PROTO.
* dirmngr/http.c (connect_server): Simplify SRV lookup.
* dirmngr/ks-engine-hkp.c (map_host): Ditto.
* dirmngr/t-dns-stuff.c (main): Adjust for changed get_dns_srv.
--

This new API is more convenient because it includes commonly used
code.  Note that right now http.c's SRV record code is not used.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodirmngr: Strip root zone suffix from libdns SRV results.
Werner Koch [Sun, 8 Jan 2017 17:00:38 +0000 (18:00 +0100)]
dirmngr: Strip root zone suffix from libdns SRV results.

* dirmngr/dns-stuff.c (getsrv_libdns): Strip trailing dot from the
target.
--

See-also: b200e636ab20d2aa93d9f71f3789db5a04af0a56
Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agoagent,w32: Fix annoying output to DebugView.
Werner Koch [Fri, 6 Jan 2017 17:45:14 +0000 (18:45 +0100)]
agent,w32: Fix annoying output to DebugView.

* agent/gpg-agent.c (startup_fd_list): Do not define for W32.
(main) [W32]: Do not call get_all_open_fds.
--

GnuPG-bug-id: 2267
Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodoc: Document summary values of TOFU_STATS
Andre Heinecke [Fri, 6 Jan 2017 11:26:01 +0000 (12:26 +0100)]
doc: Document summary values of TOFU_STATS

--

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2 years agoscd: Fix for --disable-ccid for scdaemon.
NIIBE Yutaka [Fri, 6 Jan 2017 01:35:46 +0000 (10:35 +0900)]
scd: Fix for --disable-ccid for scdaemon.

* scd/apdu.c (apdu_dev_list_finish): Don't call ccid_dev_scan_finish
with no table.
(apdu_open_reader): Only increment when it's zero.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoscd: Fix for --disable-ccid-driver.
NIIBE Yutaka [Fri, 6 Jan 2017 01:07:40 +0000 (10:07 +0900)]
scd: Fix for --disable-ccid-driver.

* scd/apdu.c [HAVE_LIBUSB] (apdu_dev_list_start): Conditionalize.
[HAVE_LIBUSB] (apdu_dev_list_finish, apdu_open_reader): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoscd: Support multiple readers by CCID driver.
NIIBE Yutaka [Fri, 6 Jan 2017 00:14:13 +0000 (09:14 +0900)]
scd: Support multiple readers by CCID driver.

* scd/apdu.c (new_reader_slot): Lock is now in apdu_dev_list_start.
(close_pcsc_reader_direct, close_ccid_reader): RDRNAME is handled...
(apdu_close_reader): ... by this function now.
(apdu_prepare_exit): Likewise.
(open_ccid_reader): Open with dev_list.
(apdu_dev_list_start, apdu_dev_list_finish): New.
(apdu_open_one_reader): New.
(apdu_open_reader): Support multiple readers.
* scd/app.c (select_application): With SCAN, opening all readers
available, and register as new APP.
(app_write_learn_status): app->ref_count == 0 is valid for APP which is
not yet used.
(app_list_start, app_list_finish): New.
* scd/ccid-driver.c (struct ccid_driver_s): Remove RID and BCD_DEVICE.
Add BAI.
(parse_ccid_descriptor): BCD_DEVICE is now on the arguments.
(ccid_dev_scan, ccid_dev_scan_finish): New.
(ccid_get_BAI, ccid_compare_BAI, ccid_open_usb_reader): New.
(ccid_open_reader): Support multiple readers.
(ccid_set_progress_cb, ccid_close_reader): No RID any more.
--

With this change, multiple readers/tokens are supported by the internal
CCID driver of GnuPG.  Until the changes of upper layers (scdaemon,
gpg-agent, and gpg front end), only a single reader is used, though.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoSilence two -Wlogical-op warnings.
Werner Koch [Thu, 5 Jan 2017 19:42:55 +0000 (20:42 +0100)]
Silence two -Wlogical-op warnings.

* common/tlv.c (parse_ber_header): Avoid compiler warning about a
duplicate condition.
* tools/gpgtar-create.c (pattern_valid_p): Likewise.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodoc: Mention gpgv in the description of gpg --verify.
Werner Koch [Thu, 5 Jan 2017 19:25:16 +0000 (20:25 +0100)]
doc: Mention gpgv in the description of gpg --verify.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agotests: New test for --{show,override}-session-key.
Justus Winter [Thu, 5 Jan 2017 16:05:59 +0000 (17:05 +0100)]
tests: New test for --{show,override}-session-key.

* tests/openpgp/Makefile.am (XTESTS): Add new test.
* tests/openpgp/decrypt-session-key.scm: New file.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests: Fix macro.
Justus Winter [Thu, 5 Jan 2017 16:00:36 +0000 (17:00 +0100)]
tests: Fix macro.

* tests/openpgp/defs.scm (with-ephemeral-home-directory): Make
hygienic, use define-macro, do not change to the ephemeral home
directory.
* tests/gpgsm/setup.scm: Change to the ephemeral home directory.
* tests/openpgp/setup.scm: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agog10: avoid warning when --disable-tofu
Daniel Kahn Gillmor [Wed, 4 Jan 2017 13:31:06 +0000 (08:31 -0500)]
g10: avoid warning when --disable-tofu

If configured with --disable-tofu, we see compiler warnings about an
unused variable.  This should remove those warnings.

2 years agodoc: Add release announcement pointers to NEWS entries.
Werner Koch [Wed, 4 Jan 2017 17:37:36 +0000 (18:37 +0100)]
doc: Add release announcement pointers to NEWS entries.

--

These are used by the website buider to link to the announcement
mails.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agotests,w32: Fix locating the components.
Justus Winter [Wed, 4 Jan 2017 15:54:41 +0000 (16:54 +0100)]
tests,w32: Fix locating the components.

* tests/openpgp/defs.scm (percent-decode): New function.
(bin-prefix): New variable.
(installed?): Likewise.
(tool-hardcoded): Use the new variables.
(gpg-conf): Use the new function to decode the values.
(gpg-components): Do not use '--build-prefix' when 'installed?'.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agodoc: Extend dirmngr's --allow-version-check description
Werner Koch [Tue, 3 Jan 2017 12:12:25 +0000 (13:12 +0100)]
doc: Extend dirmngr's --allow-version-check description

--

2 years agodirmngr: Make sure Tor mode is also set for DNS on SIGHUP.
Werner Koch [Tue, 3 Jan 2017 11:03:28 +0000 (12:03 +0100)]
dirmngr: Make sure Tor mode is also set for DNS on SIGHUP.

* dirmngr/dns-stuff.c (enable_dns_tormode): Always succeed.
(reload_dns_stuff): Reset tor port.
* dirmngr/dirmngr.c (set_tor_mode): Also enable Tor mode for DNS.
(main): Remove warning that Tor mode may not fully work.
* dirmngr/server.c (cmd_dns_cert): Remove explicit Tor for DNS
initialization.
* dirmngr/t-dns-stuff.c (main): Remove option --new-circuit and error
checking for enable_dns_tormode.
--

This patch also resets the port on SIGHUP so that after starting Tor
SIGHUP is sufficient to use Tor.  Without the SIGHUP and when not
using the Tor browser Dirmngr would keep on trying the Tor browser
port.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodirmngr: New debug message on correctly initialized libdns.
Werner Koch [Mon, 2 Jan 2017 14:47:24 +0000 (15:47 +0100)]
dirmngr: New debug message on correctly initialized libdns.

* dirmngr/dns-stuff.c (libdns_init): Add debug level diagnostic on
success.
--

This output may help to avoid questions when evaluating an Assuan log.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agocommon: Turn assertions into expressions.
Justus Winter [Mon, 2 Jan 2017 15:30:45 +0000 (16:30 +0100)]
common: Turn assertions into expressions.

* common/logging.h (log_assert): Turn this into an expression so it
can be used in expressions.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests: Fix faked time in the TOFU test.
Justus Winter [Mon, 2 Jan 2017 15:37:02 +0000 (16:37 +0100)]
tests: Fix faked time in the TOFU test.

* tests/openpgp/tofu.scm (GPG): Fix time delta.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agog13: Improve printing of debug infos.
Werner Koch [Mon, 2 Jan 2017 12:30:37 +0000 (13:30 +0100)]
g13: Improve printing of debug infos.

* g13/g13tuple.c (all_printable): Make it work.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agoReplace use of variable-length-arrays.
Werner Koch [Mon, 2 Jan 2017 12:29:18 +0000 (13:29 +0100)]
Replace use of variable-length-arrays.

* common/t-iobuf.c (main): Replace variable-length-array.
* g10/gpgcompose.c (mksubpkt_callback): Ditto.
(encrypted): Ditto.
* g10/t-stutter.c (log_hexdump): Ditto.
(oracle_test): Ditto.
* g10/tofu.c (get_policy): Ditto.  Use "%zu" for size_t.
* scd/app-openpgp.c (ecc_writekey): Replace variable-length-array.
Check for zero length OID_LEN.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agobuild: Enable gcc warnings to detect non-portable code.
Werner Koch [Mon, 2 Jan 2017 11:59:10 +0000 (12:59 +0100)]
build: Enable gcc warnings to detect non-portable code.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpgscm: Fail if too many arguments are given.
Justus Winter [Thu, 22 Dec 2016 14:48:07 +0000 (15:48 +0100)]
gpgscm: Fail if too many arguments are given.

* tests/gpgscm/scheme.c (opexe_0): Enable check.
* tests/gpgscm/tests.scm (test::report): Remove superfluous argument.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agogpgscm: Add 'finally', rework all macros.
Justus Winter [Thu, 22 Dec 2016 13:42:50 +0000 (14:42 +0100)]
gpgscm: Add 'finally', rework all macros.

* tests/gpgscm/init.scm (finally): New macro.
* tests/gpgscm/tests.scm (letfd): Rewrite.
(with-working-directory): Likewise.
(with-temporary-working-directory): Likewise.
(lettmp): Likewise.
--

Rewrite all our macros using 'define-macro'. Use the new control flow
mechanism 'finally', or 'dynamic-wind' where appropriate.  Make sure
the macros are hygienic.  Reduce code duplication.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agogpgscm: Use boxed values for source locations.
Justus Winter [Thu, 22 Dec 2016 09:36:56 +0000 (10:36 +0100)]
gpgscm: Use boxed values for source locations.

* tests/gpgscm/scheme-private.h (struct port): Use boxed values for
filename and current line.  This allows us to use the same Scheme
object for labeling all expressions in a file.
* tests/gpgscm/scheme.c (file_push): Use boxed type for filename.
(mark): Mark location objects of port objects.
(gc): Mark location objects in the load stack.
(port_clear_location): New function.
(port_reset_current_line): Likewise.
(port_increment_current_line): Likewise.
(file_pop): Adapt accordingly.
(port_rep_from_filename): Likewise.
(port_rep_from_file): Likewise.
(port_close): Likewise.
(skipspace): Likewise.
(token): Likewise.
(_Error_1): Likewise.
(opexe_0): Likewise.
(opexe_5): Likewise.
(scheme_deinit): Likewise.
(scheme_load_file): Likewise.
(scheme_load_named_file): Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agodoc: Remove warning that DNS is not routed via Tor
Werner Koch [Mon, 2 Jan 2017 09:39:59 +0000 (10:39 +0100)]
doc: Remove warning that DNS is not routed via Tor

--

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodirmngr: Strip root zone suffix from libdns cname results.
Werner Koch [Mon, 2 Jan 2017 09:00:33 +0000 (10:00 +0100)]
dirmngr: Strip root zone suffix from libdns cname results.

* dirmngr/dns-stuff.c (resolve_name_libdns): Strip trailing dot.
(get_dns_cname_libdns): Ditto.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agoscd: Fix select_application.
NIIBE Yutaka [Fri, 30 Dec 2016 06:17:50 +0000 (15:17 +0900)]
scd: Fix select_application.

* scd/app.c (select_application): Fix the condition for open.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoscd: Fix card removal monitor.
NIIBE Yutaka [Fri, 30 Dec 2016 04:17:49 +0000 (13:17 +0900)]
scd: Fix card removal monitor.

* scd/app.c (app_reset): Call send_client_notification with REMOVAL.
(scd_update_reader_status_file): Likewise.
* scd/command.c (send_client_notifications): Distinguish removal.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoscd: Improve internal CCID driver.
NIIBE Yutaka [Thu, 29 Dec 2016 02:31:25 +0000 (11:31 +0900)]
scd: Improve internal CCID driver.

* scd/ccid-driver.c (scan_or_find_usb_device): Don't scan for
configuration but use active configuration.  Support alt_setting.
(scan_or_find_devices): Support alt_setting.
(ccid_open_reader): Support alt_setting.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoscd: Fix a race condition for new_reader_slot.
NIIBE Yutaka [Thu, 29 Dec 2016 01:07:43 +0000 (10:07 +0900)]
scd: Fix a race condition for new_reader_slot.

* scd/apdu.c (reader_table_lock, apdu_init): New.
(new_reader_slot): Serialize by reader_table_lock.
* scd/app.c (lock_app, unlock_app, app_new_register): Fix error code
usage.
(initialize_module_command): Call apdu_init.
* scd/scdaemon.c (main): Handle error for initialize_module_command.

--

This is a long standing bug.  There are two different things; The
serialization of allocating a new SLOT, and the serialization of using
the SLOT.  The latter was implemented in new_reader_slot by lock_slot.
However, the former was not done.  Thus, there was a possible race where
a same SLOT is allocated to multiple threads.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoscd: APP centric approach for device management.
NIIBE Yutaka [Wed, 28 Dec 2016 03:29:17 +0000 (12:29 +0900)]
scd: APP centric approach for device management.

* scd/app.c (lock_app): Rename from lock_reader and use internal field
of APP.
(unlock_app): Likewise.
(app_dump_state): Use APP.
(application_notify_card_reset): Remove.
(check_conflict): Change API for APP, instead of SLOT.
(check_application_conflict): Likewise.
(release_application_internal): New.
(app_reset): New.
(app_new_register): New.
(select_application): Change API for APP, instead of SLOT.
(deallocate_app, release_application): Modify for manage link.
(report_change): New.
(scd_update_reader_status_file): Moved from command.c and
use APP list, instead of VREADER.
(initialize_module_command): Moved from command.c.

* scd/command.c (TEST_CARD_REMOVAL): Remove.
(IS_LOCKED): Simplify.
(vreader_table): Remove.
(vreader_slot, update_card_removed): Remove.
(do_reset): Call app_reset.
(get_current_reader): Remove.
(open_card): Add SCAN arg.
(cmd_serialno): No retry, since retry is done in lower layer in apdu.c.
No do_reset, since it is done in lower layer.
Add clearing card_removed flag.
(cmd_disconnect): Call apdu_disconnect.
(send_client_notifications): Modify for APP.
(update_reader_status_file): Remove.

--

APP is the abstraction of the card application.  For management of
cards, it is better to focus on the APP instead of the physical reader.
This change makes support of multiple card/token easier.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoscd: Simplify monitoring card removal.
NIIBE Yutaka [Wed, 28 Dec 2016 02:14:29 +0000 (11:14 +0900)]
scd: Simplify monitoring card removal.

* scd/apdu.c (struct reader_table_s): Remove any_status, last_status,
status, and change_counter field.
(new_reader_slot, dump_reader_status, ct_activate_card, open_ct_reader)
(connect_pcsc_card, open_pcsc_reader_direct, open_pcsc_reader_wrapped)
(open_ccid_reader, apdu_reset): Follow the change.
(ct_dump_reader_status): Remove.
(apdu_get_status_internal, apdu_get_status): Remove CHANGED arg.
(apdu_connect): Follow the change.
* scd/command.c (struct vreader_s): Remove reset_failed, any, and
changed field.
(cmd_getinfo, update_reader_status_file): Follow the change.

--

In the past, scdaemon monitors card insertion (as well as removal), so
the code has been complicated, and there has been duplication in two
layers.  Now, it only monitors card removal, it's now simplified.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoscd: Improve internal CCID driver.
NIIBE Yutaka [Tue, 27 Dec 2016 02:58:54 +0000 (11:58 +0900)]
scd: Improve internal CCID driver.

* scd/ccid-driver.c (scan_or_find_usb_device): Fix return value.
Support device with multiple CCID interfaces.  Fix the case with
READERNO.  Support partial string match of "reader-port" like PC/SC
driver.

--

I don't know any device with multiple CCID interfaces, though.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agodirmngr: Fix for --disable-libdns usage.
NIIBE Yutaka [Fri, 23 Dec 2016 07:05:01 +0000 (16:05 +0900)]
dirmngr: Fix for --disable-libdns usage.

* dirmngr/dns-stuff.c (enable_recursive_resolver, set_dns_nameserver)
(reload_dns_stuff): Conditionalize with USE_LIBDNS.
(get_h_errno_as_gpg_error): Map HOST_NOT_FOUND to GPG_ERR_NO_NAME.

--

get_dns_srv assumes error code of GPG_ERR_NO_NAME when no SRV record
available.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
GnuPG-bug-id: 2889

2 years agotools: Show a clearer error message if a server doesn't support WKS
Neal H. Walfield [Thu, 22 Dec 2016 15:06:13 +0000 (16:06 +0100)]
tools: Show a clearer error message if a server doesn't support WKS

* tools/gpg-wks-client.c (command_send): If we fail to lookup the
submission address, print a better error message.  If it is because
the corresponding file doesn't exist, provide the hint that the server
probably doesn't support WKS.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agowks: Let the client ignore missing policy flags.
Werner Koch [Thu, 22 Dec 2016 13:39:11 +0000 (14:39 +0100)]
wks: Let the client ignore missing policy flags.

* tools/gpg-wks-client.c (command_send): Ignore missing policy flags.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agoscd: Clean up internal API for APP.
NIIBE Yutaka [Thu, 22 Dec 2016 12:14:26 +0000 (21:14 +0900)]
scd: Clean up internal API for APP.

* scd/app-common.h (app_readcert, app_readkey, app_setattr, app_sign,
app_auth, app_decipher, app_get_challenge, app_check_pin): Add CTRL as
the second argument.
* scd/app.c: Supply CTRL to lock_reader calls.
* scd/command.c (cmd_readcert, cmd_readkey, cmd_pksign, cmd_auth,
cmd_pkdecrypt, cmd_setattr, cmd_random, cmd_checkpin): Follow the
change.

--

APP is an abstraction of the "card application".  Most methods of APP
should have CTRL argument to report back progress to the session.  This
change fixes FIXMEs for missing CTRL.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agogpgscm: Guard use of union member.
Justus Winter [Wed, 21 Dec 2016 15:14:45 +0000 (16:14 +0100)]
gpgscm: Guard use of union member.

* tests/gpgscm/scheme.c (opexe_5): Check that we have a file port
before accessing filename.  Fixes a crash on 32-bit architectures.

Fixes-commit: e7429b1ced0c69fa7901f888f8dc25f00fc346a4
Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests: Avoid skipping exectool tests.
Werner Koch [Tue, 20 Dec 2016 17:38:12 +0000 (18:38 +0100)]
tests: Avoid skipping exectool tests.

* common/t-exectool.c (test_executing_true): Try also /usr/bin/true.
(test_executing_false): Try also /usr/bin/false.
--

Reported-by: Nelson H. F. Beebe
  I then ran a test on all our test lab systems, and found that
  /bin/false is missing on DragonFlyBSD, FreeBSD, GhostBSD,
  HardenedBSD, Mac OS X, MidnightBSD, Minix, one version of MirBSD,
  NetBSD, OpenBSD, PacBSD, PCBSD, and TrueOS.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agotests: Add test suite for gpgsm.
Justus Winter [Tue, 20 Dec 2016 13:05:10 +0000 (14:05 +0100)]
tests: Add test suite for gpgsm.

* configure.ac (AC_CONFIG_FILES): Add new file.
* tests/Makefile.am (SUBDIRS): Add new directory.
* tests/gpgsm/32100C27173EF6E9C4E9A25D3D69F86D37A4F939: New file.
* tests/gpgsm/Makefile.am: Likewise.
* tests/gpgsm/cert_dfn_pca01.der: Likewise.
* tests/gpgsm/cert_dfn_pca15.der: Likewise.
* tests/gpgsm/cert_g10code_test1.der: Likewise.
* tests/gpgsm/decrypt.scm: Likewise.
* tests/gpgsm/encrypt.scm: Likewise.
* tests/gpgsm/export.scm: Likewise.
* tests/gpgsm/gpgsm-defs.scm: Likewise.
* tests/gpgsm/import.scm: Likewise.
* tests/gpgsm/plain-1.cms.asc: Likewise.
* tests/gpgsm/plain-2.cms.asc: Likewise.
* tests/gpgsm/plain-3.cms.asc: Likewise.
* tests/gpgsm/plain-large.cms.asc: Likewise.
* tests/gpgsm/run-tests.scm: Likewise.
* tests/gpgsm/setup.scm: Likewise.
* tests/gpgsm/shell.scm: Likewise.
* tests/gpgsm/sign.scm: Likewise.
* tests/gpgsm/verify.scm: Likewise.
--
The certificates and keys are taken from GPGME's test suite.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests: Add macro managing ephemeral home directories.
Justus Winter [Tue, 20 Dec 2016 15:24:12 +0000 (16:24 +0100)]
tests: Add macro managing ephemeral home directories.

* tests/openpgp/defs.scm (with-ephemeral-home-directory): New macro.
* tests/openpgp/setup.scm: Use the new macro.

2 years agotests: Move argument parser.
Justus Winter [Tue, 20 Dec 2016 13:01:35 +0000 (14:01 +0100)]
tests: Move argument parser.

* tests/gpgme/gpgme-defs.scm (flag): Move...
* tests/gpgscm/tests.scm: ... over here.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests: Add missing encrypted sample, cleanup samples handling.
Justus Winter [Tue, 20 Dec 2016 12:57:05 +0000 (13:57 +0100)]
tests: Add missing encrypted sample, cleanup samples handling.

* tests/openpgp/Makefile.am (TEST_FILES): Add new file.
* tests/openpgp/defs.scm (plain-files): Add 'plain-large'.
(all-files): New variable.
(create-sample-files): New function.
(create-legacy-gpghome): Use new function.
* tests/openpgp/plain-large.asc: New file.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agoPost release updates.
Werner Koch [Tue, 20 Dec 2016 11:07:23 +0000 (12:07 +0100)]
Post release updates.

--

2 years agoRelease 2.1.17 gnupg-2.1.17
Werner Koch [Tue, 20 Dec 2016 10:25:45 +0000 (11:25 +0100)]
Release 2.1.17

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agopo: Auto-update.
Werner Koch [Tue, 20 Dec 2016 10:20:41 +0000 (11:20 +0100)]
po: Auto-update.

--

2 years agopo: Update German translation.
Werner Koch [Tue, 20 Dec 2016 10:16:38 +0000 (11:16 +0100)]
po: Update German translation.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agosm: Remove wrong example from gpgsm --help.
Werner Koch [Tue, 20 Dec 2016 10:15:34 +0000 (11:15 +0100)]
sm: Remove wrong example from gpgsm --help.

* sm/gpgsm.c (opts): Remove group 303.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agopo: Update one English string in Japanese translation.
Werner Koch [Tue, 20 Dec 2016 10:00:31 +0000 (11:00 +0100)]
po: Update one English string in Japanese translation.

--

2 years agodoc: Update NEWS
Werner Koch [Tue, 20 Dec 2016 09:55:31 +0000 (10:55 +0100)]
doc: Update NEWS

--

2 years agobuild: Update distributed signature key.
Werner Koch [Tue, 20 Dec 2016 09:22:05 +0000 (10:22 +0100)]
build: Update distributed signature key.

--

This update is required because gniibe prolonged his key.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodirmngr: New option --resolver-timeout.
Werner Koch [Tue, 20 Dec 2016 08:53:58 +0000 (09:53 +0100)]
dirmngr: New option --resolver-timeout.

* dirmngr/dns-stuff.c (DEFAULT_TIMEOUT): New.
(opt_timeout): New var.
(set_dns_timeout): New.
(libdns_res_open): Set the default timeout.
(libdns_res_wait): Use configurable timeout.
(resolve_name_libdns): Ditto.

* dirmngr/dirmngr.c (oResolverTimeout): New const.
(opts): New option --resolver-timeout.
(parse_rereadable_options): Set that option.
(main) <aGPGConfList>: Add --nameserver and --resolver-timeout.
* tools/gpgconf-comp.c (gc_options_dirmngr): Add --resolver-timeout
and --nameserver.

* dirmngr/http.c (connect_server): Fix yesterday introduced bug in
error diagnostic.
--

This timeout is a pretty crude thing because libdns has a few other
internal timeouts as well.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodirmngr: Fix problems with the getsrv function.
Werner Koch [Mon, 19 Dec 2016 22:27:02 +0000 (23:27 +0100)]
dirmngr: Fix problems with the getsrv function.

* dirmngr/dns-stuff.c (opt_debug, opt_verbose): New vars.
(set_dns_verbose): New func.
(libdns_switch_port_p): Add debug output.
(resolve_dns_name): Ditto.
(get_dns_cert): Ditto.
(get_dns_cname): Ditto.
(getsrv_libdns, getsrv_standard): Change SRVCOUNT to an unsigend int.
(getsrv): Rename to ...
((get_dns_srv): this.  Add arg R_COUNT and return an error.  Add debug
output.
* dirmngr/http.c: Adjust for chnaged getsrv().
* dirmngr/ks-engine-hkp.c (map_host): Ditto.
* dirmngr/t-dns-stuff.c (main): Ditto.  Call set_dns_verbose.
* dirmngr/dirmngr.c (parse_rereadable_options): Call set_dns_verbose.
--

Due to our switch to Libdns getsrv didn't worked correctly because it
returned -1 for an NXDOMAIN.  However, it is perfectly okay to have no
SRV record and thus we change the way this function is called to be
aligned with the other functions and also map NXDOMAIN to a zero SRV
record count.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agobuild: Add target to sign the windows installer.
Werner Koch [Mon, 19 Dec 2016 17:34:24 +0000 (18:34 +0100)]
build: Add target to sign the windows installer.

* build-aux/speedo.mk (w32-sign-installer): New.
(AUTHENTICODE_KEY): New.
(installer-from-source): Use cp instead of mv.  Factor code out to ...
(MKSWDB_commands): new macro.
(sign-installer): New.
--

Obviously this is more convenient then doing this all by hand.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agotests: Use the common test framework for the migration tests.
Justus Winter [Mon, 19 Dec 2016 16:28:43 +0000 (17:28 +0100)]
tests: Use the common test framework for the migration tests.

* tests/migrations/Makefile.am (reqired_pgms): Add 'gpgscm'.
(TESTS_ENVIRONMENT): Populate.
(TESTS): Rename to 'XTESTS'.
(xcheck): New target.
(EXTRA_DIST): Add new files.
(CLEANFILES): Remove log files.
* tests/migrations/common.scm: Honor 'verbose', fix paths.
* tests/migrations/run-tests.scm: New file.
* tests/migrations/setup.scm: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests: Use sequential test runner if only one test is given.
Justus Winter [Mon, 19 Dec 2016 16:23:56 +0000 (17:23 +0100)]
tests: Use sequential test runner if only one test is given.

* tests/openpgp/run-tests.scm: Use sequential test runner if only one
test is given.
--

This allows one to set the environment variable TESTFLAGS to
'--parallel' and enjoy faster test execution times without interfering
with stdio when one works on a single test.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agopo: Some updates to the German translation.
Werner Koch [Mon, 19 Dec 2016 15:29:44 +0000 (16:29 +0100)]
po: Some updates to the German translation.

--

2 years agotypo: Fix a string in do_we_trust_pre.
Werner Koch [Mon, 19 Dec 2016 15:27:21 +0000 (16:27 +0100)]
typo: Fix a string in do_we_trust_pre.

--

2 years agodirmngr,w32: Hack around a select problem.
Werner Koch [Mon, 19 Dec 2016 15:37:50 +0000 (16:37 +0100)]
dirmngr,w32: Hack around a select problem.

* dirmngr/dns.c (FD_SETSIZE): Bump up to 1024.
(dns_poll): Return an error instead of hitting an assertion failure.
--

For unknown reasons socket() return fd with values 244, 252, 268.  The
latter is above the FD_SETSIZE of 256.  It seems that select has been
build with a highler FD_SETSIZE limit.  Bump up to a reasonable large
value.

A better solution would be to grab some code from npth_eselect to
replace select.  We could also use npth_eselect direclty in
dns-stuff.c instead of using dns_res_poll.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agotest: Extend TOFU tests to also check the days with signatures.
Neal H. Walfield [Mon, 19 Dec 2016 14:59:56 +0000 (15:59 +0100)]
test: Extend TOFU tests to also check the days with signatures.

* tests/openpgp/tofu.scm (GPGTIME): Define the "standard" base time.
(faketime): New function.
(days->seconds): Likewise.
(GPG): Use faketime.
(check-counts): Also check the number of expected days with signatures
and encryptions.  Update callers.  Extend tests.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agodoc: Clarify that delkey deletes public keys.
Justus Winter [Mon, 19 Dec 2016 14:40:16 +0000 (15:40 +0100)]
doc: Clarify that delkey deletes public keys.

--
GnuPG-bug-id: 2878
Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests: New test for --delete-[secret-]keys.
Justus Winter [Mon, 19 Dec 2016 14:33:55 +0000 (15:33 +0100)]
tests: New test for --delete-[secret-]keys.

* tests/openpgp/Makefile.am (XTESTS): Add new test.
* tests/openpgp/defs.scm (keys): New variable.
(have-public-key?): New function.
(have-secret-key?): Likewise.
(have-secret-key-file?): Likewise.
* tests/openpgp/delete-keys.scm: New file.
* tests/openpgp/quick-key-manipulation.scm: Move the accessors to
'defs.scm'.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agogpgscm: Change associativity of ::.
Justus Winter [Mon, 19 Dec 2016 14:29:07 +0000 (15:29 +0100)]
gpgscm: Change associativity of ::.

* tests/gpgscm/scheme.c (mk_atom): Change associativity of the ::
infix-operator.  This makes it possible to naturally express accessing
nested structures (e.g. a::b::c).

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agogpgscm: Display location when assertions fail.
Justus Winter [Mon, 19 Dec 2016 14:28:07 +0000 (15:28 +0100)]
gpgscm: Display location when assertions fail.

* tests/gpgscm/lib.scm (assert): Use location information if
available.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agogpgscm: Make exception handling more robust.
Justus Winter [Mon, 19 Dec 2016 14:25:52 +0000 (15:25 +0100)]
gpgscm: Make exception handling more robust.

* tests/gpgscm/init.scm (throw'): Check that args is a list.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agospeedo,w32: Use nsExec::ExecToLog to avoid popups
Andre Heinecke [Mon, 19 Dec 2016 14:10:44 +0000 (15:10 +0100)]
speedo,w32: Use nsExec::ExecToLog to avoid popups

* build-aux/speedo/w32/inst.nsi: Use ExecToLog instead of
ExecWait.

--
nsExec is a standard nsis call to spawn a process and
wait for it to finish. ExecToLog redirects stdout and stderr
of the process call and adds it to the log window instead
of opening a temporary console window.

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2 years agoRemove unused debug flags and add "dns" and "network".
Werner Koch [Mon, 19 Dec 2016 08:41:15 +0000 (09:41 +0100)]
Remove unused debug flags and add "dns" and "network".

* g10/options.h (DBG_CARD_IO_VALUE, DBG_CARD_IO): Remove.
* g10/gpg.c (debug_flags): Remove "cardio".
* agent/agent.h (DBG_COMMAND_VALUE, DBG_COMMAND): Remove.
* agent/gpg-agent.c (debug_flags): Remove "command".
* scd/scdaemon.h (DBG_COMMAND_VALUE, DBG_COMMAND): Remove.
* scd/scdaemon.c (debug_flags): Remove "command".
* dirmngr/dirmngr.h (DBG_DNS_VALUE, DBG_DNS): New.
(DBG_NETWORK_VALUE, DNG_NETWORK): New.
* dirmngr/dirmngr.c (debug_flags): Add "dns" and "network".
--

Note that "dns" and "network" are not yet used but will soon be added
to dirmngr.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodirmngr: Fix setup of libdns for W32.
Werner Koch [Sat, 17 Dec 2016 20:54:45 +0000 (21:54 +0100)]
dirmngr: Fix setup of libdns for W32.

* configure.ac (DNSLIB) {W32]: Add -liphlpapi.
* dirmngr/dns-stuff.c [W32]: Include iphlpapi.h and define
WIN32_LEAN_AND_MEAN.
(libdns_init) [W32]: Use GetNetworkParams to get the nameserver.
* dirmngr/t-dns-stuff.c (init_sockets): New.
(main): Call it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agopo: Fix Japanese translation.
NIIBE Yutaka [Sat, 17 Dec 2016 07:29:44 +0000 (16:29 +0900)]
po: Fix Japanese translation.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agopo: Update Japanese translation.
NIIBE Yutaka [Sat, 17 Dec 2016 05:35:36 +0000 (14:35 +0900)]
po: Update Japanese translation.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agodirmngr: Auto-switch from Tor port to Torbrowser port.
Werner Koch [Fri, 16 Dec 2016 20:56:23 +0000 (21:56 +0100)]
dirmngr: Auto-switch from Tor port to Torbrowser port.

* dirmngr/dns-stuff.c (libdns_tor_port): New var.
(set_dns_nameserver): Clear that var.
(libdns_init): Init var to the default port.
(libdns_switch_port_p): New func.
(resolve_dns_name): Use function to switch the port
(get_dns_cert): Ditto.
(getsrv): Ditto.
(get_dns_cname): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodirmngr: Use one context for all libdns queries.
Werner Koch [Fri, 16 Dec 2016 20:00:14 +0000 (21:00 +0100)]
dirmngr: Use one context for all libdns queries.

* dirmngr/dns-stuff.c (libdns_reinit_pending): New var.
(enable_recursive_resolver): Set var.
(set_dns_nameserver): Ditto.
(libdns_init): Avoid double initialization.
(libdns_deinit): New.
(reload_dns_stuff): New.
(libdns_res_open): Act upon LIBDNS_REINIT_PENDING.
* dirmngr/t-dns-stuff.c (main): Call reload_dns_stuff to release
memory.
* dirmngr/dirmngr.c (cleanup): Ditto.
(dirmngr_sighup_action): Call reload_dns_stuff to set
LIBDNS_REINIT_PENDING.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodirmngr: Pass Tor credentials to libdns.
Werner Koch [Fri, 16 Dec 2016 19:25:02 +0000 (20:25 +0100)]
dirmngr: Pass Tor credentials to libdns.

* dirmngr/dns-stuff.c (tor_credentials): Replace by ...
(tor_socks_user, tor_socks_password): new vars.
(enable_dns_tormode): Set these new vars.
(libdns_res_open): Tell libdns the socks credentials.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodirmngr: Factor common libdns code out.
Werner Koch [Fri, 16 Dec 2016 19:09:27 +0000 (20:09 +0100)]
dirmngr: Factor common libdns code out.

* dirmngr/dns-stuff.c (libdns_res_open): New.  Replace all libdns_init
and dns-res_open by a call to this func.
(libdns_res_submit): New wrapper.  Replace all dns_res_sumbit calls.
(libdns_res_wait): New function.
(resolve_name_libdns): Replace loop by libdns_res_wait.
(get_dns_cert_libdns): Ditto.
(getsrv_libdns): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>