Commit 6a6219a9 authored by Daniel Kahn Gillmor's avatar Daniel Kahn Gillmor

New upstream version 2.2.16

parents a9d59d51 3f2b7a53
2019-05-28 Werner Koch <wk@gnupg.org>
Release GnuPG 2.2.16.
+ commit 3f2b7a53ddc43b3a349451d28691aaaa116786dc
dirmngr: Allow for other hash algorithms than SHA-1 in OCSP.
+ commit 5281ecbe3ae8364407d9831243b81d664b040805
* dirmngr/ocsp.c (do_ocsp_request): Remove arg md. Add args r_sigval,
r_produced_at, and r_md. Get the hash algo from the signature and
create the context here.
(check_signature): Allow any hash algo. Print a diagnostic if the
signature does not verify.
2019-05-27 Werner Koch <wk@gnupg.org>
sm: Avoid confusing diagnostic for the default key.
+ commit 32210e855c460ed60505bf9be9adea33d05c40eb
* sm/certlist.c (cert_usage_p): Add arg 'silent' and change all
callers.
(gpgsm_cert_use_sign_p): Add arg 'silent' and pass to cert_usage_p.
Change all callers.
* sm/sign.c (gpgsm_get_default_cert): Set SILENT when calling
gpgsm_cert_use_sign_p
gpg: Fixed i18n markup of some strings.
+ commit ab5d7142a79e92819f5551cfc424a8ceaf0885fa
* g10/tofu.c: Removed some translation markups which either make no
sense or are not possble.
gpg: Allow deletion of subkeys with --delete-[secret-]key.
+ commit d9b31d3a20b89a5ad7e9a2158b6da63a9a37fa8a
* common/userids.c (classify_user_id): Do not set the EXACT flag in
the default case.
* g10/export.c (exact_subkey_match_p): Make static,
* g10/delkey.c (do_delete_key): Implement subkey only deleting.
2019-05-27 NIIBE Yutaka <gniibe@fsij.org>
agent: Stop scdaemon after reload when disable_scdaemon.
+ commit 9ccdd59e4e1e0b0e3b03b288f52f3c71e86a04dd
* agent/call-scd.c (agent_card_killscd): New.
* agent/gpg-agent.c (agent_sighup_action): Call agent_card_killscd.
2019-05-21 Werner Koch <wk@gnupg.org>
gpg: Do not bail on an invalid packet in the local keyring.
+ commit 30f44957ccd1433846709911798af3da4e437900
* g10/keydb.c (parse_keyblock_image): Treat invalid packet special.
gpg: Do not allow creation of user ids larger than our parser allows.
+ commit d32963eeb33fd3053d40a4e7071fb0e8b28a8651
* g10/parse-packet.c: Move max packet lengths constants to ...
* g10/packet.h: ... here.
* g10/build-packet.c (do_user_id): Return an error if too data is too
large.
* g10/keygen.c (write_uid): Return an error for too large data.
2019-05-21 NIIBE Yutaka <gniibe@fsij.org>
agent: For SSH key, don't put NUL-byte at the end.
+ commit 6e39541f4f488fe59eac399bad18c465f373a784
* agent/command-ssh.c (ssh_key_to_protected_buffer): Update
the length by the second call of gcry_sexp_sprint.
2019-05-20 Werner Koch <wk@gnupg.org>
Matheus Afonso Martins Moreira
gpg: Do not delete any keys if --dry-run is passed.
+ commit 5c46c5f74540ad753b925b74593332ca92de47fa
* g10/delkey.c (do_delete_key): Don't delete the keyblock on dry runs.
Do not clear the ownertrust. Do not let the agent delete the key.
2019-05-17 Werner Koch <wk@gnupg.org>
gpg: Fix using --decrypt along with --use-embedded-filename.
+ commit 1702179d91b7136661af084d7dab2e50a2857491
* g10/options.h (opt): Add flags.dummy_outfile.
* g10/decrypt.c (decrypt_message): Set this global flag instead of the
fucntion local flag.
* g10/plaintext.c (get_output_file): Ignore opt.output if that was
used as a dummy option aslong with --use-embedded-filename.
gpg: Improve the photo image viewer selection.
+ commit cd5f040a5389944dd8a05bc9c938f888581dfc8a
* g10/exec.c (w32_system): Add "!ShellExecute" special.
* g10/photoid.c (get_default_photo_command): Use the new ShellExecute
under Windows and fallbac to 'display' and 'xdg-open' in the Unix
case.
(show_photos): Flush stdout so that the output is shown before the
image pops up.
2019-05-16 Werner Koch <wk@gnupg.org>
kbx: Fix an endless loop under Windows due to an incomplete fix.
+ commit 0fff927889b075442ed7130f376118c31fda1f32
* kbx/keybox-search.c (keybox_search): We need to seek to the last
position in all cases not just when doing a NEXT.
kbx: Fix deadlock in gpgsm on Windows due to a sharing violation.
+ commit 6f72aa821407e47ad3963e72e139f2ca2c69d9dd
* kbx/keybox-init.c (keybox_lock) [W32]: Use _keybox_close_file
instead of fclose so that a close is done if the file is opened by
another handle.
* kbx/keybox-search.c (keybox_search): Remember the last offset and
use that in NEXT search mode if we had to re-open the file.
gpgconf: Before --launch check that the config file is fine.
+ commit 3a28706cfd960ff84dda9a22aa2f160b4c2efbb5
* tools/gpgconf-comp.c (gc_component_launch): Check the conf file.
* tools/gpgconf.c (gpgconf_failure): Call log_flush.
2019-05-15 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
gpg: enable OpenPGP export of cleartext keys with comments.
+ commit 9c704d9d46338769a66bfc6c378efeda3c4bd9ec
* g10/export.c (cleartext_secret_key_to_openpgp): ignore trailing
sublists in private-key S-expression.
2019-05-15 Werner Koch <wk@gnupg.org>
gpgconf: Support --homedir for --launch.
+ commit 31e26037bd727a6ee9c96ba168a55c4f9def43b6
* tools/gpgconf-comp.c (gpg_agent_runtime_change): Simplify because
gnupg_homedir already returns abd absolute name.
(scdaemon_runtime_change): Ditto.
(dirmngr_runtime_change): Ditto.
(gc_component_launch): Support --homedir.
2019-05-14 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
agent: correct length for uri and comment on 64-bit big-endian platforms
+ commit 110932925ba8e0169da18d7774440f8d1fd8a344
* agent/findkey.c (agent_public_key_from_file): pass size_t as int to
gcry_sexp_build_array's %b.
2019-05-14 Werner Koch <wk@gnupg.org>
gpg: Do not print a hint to use the deprecated --keyserver option.
+ commit 8d645f1d1f2b0f4e2d3b72f2a585acac4bdd8846
* g10/keyserver.c (keyserver_search): Remove a specialized error
message.
2019-05-14 NIIBE Yutaka <gniibe@fsij.org>
g10: Fix possible null dereference.
+ commit 5b22d2c400890fc366ccb7ca74ee886d9cef22a3
* g10/armor.c (armor_filter): Access ->d in the internal loop.
build: Update m4/iconv.m4.
+ commit cf73c82e95f999bd35636b0cf4e80ed5c33fa7a8
* m4/iconv.m4: Update from gettext 0.20.1.
2019-05-13 Werner Koch <wk@gnupg.org>
gpg: Change update_keysig_packet to replace SHA-1 by SHA-256.
+ commit c1dc7a832921fdf5686d377f33db78707c0345e2
* g10/sign.c (update_keysig_packet): Convert digest algo when needed.
2019-05-12 Werner Koch <wk@gnupg.org>
sm: Fix a warning in an es_fopencooie function.
+ commit 8d0d61aca3d2713df8a33444af3658b859d72be8
* sm/certdump.c (format_name_writer): Take care of a flush request.
2019-05-10 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
doc: correct documentation for gpgconf --kill.
+ commit be116f871dbf14dd44d3a7909c2a052f8979c480
* doc/tools.texi(gpgconf): Correct documentation for gpgconf --kill.
(cherry picked from commit 9662538be6afc8beee0f2654f9a8f234c5dac016)
2019-05-09 Werner Koch <wk@gnupg.org>
build: Sign all Windows binaries.
+ commit e6901c2bc802996c24335bcb35012ccb74b4ced0
* build-aux/speedo.mk (AUTHENTICODE_SIGNHOST): New.
(AUTHENTICODE_TOOL): New.
(AUTHENTICODE_FILES): New.
(installer): Sign listed files.
(AUTHENTICODE_SIGNHOST): New macro.
(sign-installer): Use that macro instead of direct use of osslsigncode.
2019-05-03 Werner Koch <wk@gnupg.org>
gpg: Use just the addrspec from the Signer's UID.
+ commit 05204b72497db093f5d2da4a2446c0264a946296
* g10/parse-packet.c (parse_signature): Take only the addrspec from a
Signer's UID subpacket.
2019-04-23 NIIBE Yutaka <gniibe@fsij.org>
po: Update Japanese Translation.
+ commit caa61fb7da6b858f038dde948d36fce5c0a85ee5
2019-04-18 Andre Heinecke <aheinecke@intevation.de>
g10: Fix double free when locating by mbox.
+ commit 35899dc2903b118620e6f9f0fa6b21c8568abbf1
* g10/getkey.c (get_best_pubkey_byname): Set new.uid always
to NULL after use.
2019-04-16 NIIBE Yutaka <gniibe@fsij.org>
common: Fix AWK portability.
+ commit ee766b2b5d646643d66d23eae478f71c0a01a343
* common/Makefile.am: Use pkg_namespace.
* common/mkstrtable.awk: Use pkg_namespace. Regexp fix.
2019-04-11 Werner Koch <wk@gnupg.org>
gpg: Accept also armored data from the WKD.
+ commit dc4c7f65e32a0cddc075d06fa0132e099bcb6455
* g10/keyserver.c (keyserver_import_wkd): Clear NO_ARMOR.
gpg: Set a limit of 5 to the number of keys imported from the WKD.
+ commit e9fcb0361ab4ef1f6fb0ea235f1b15667932aba2
* g10/import.c (import): Limit the number of considered keys to 5.
(import_one): Return the first fingerprint in case of WKD.
2019-04-02 Werner Koch <wk@gnupg.org>
scd: Add dummy option --application-priority.
+ commit cb2065967465939f82cc585254cae0244ed94eac
dirmngr: Improve domaininfo cache update algorithm.
+ commit 48e7977709b6a56e8fd8e9f5abb9dba5ea617c33
* dirmngr/domaininfo.c (struct domaininfo_s): Add field keepmark.
(insert_or_update): Implement new update algorithm.
dirmngr: Better error code for http status 413.
+ commit 0a30ce036a615bc95382e0640d185b031f8c6a63
* dirmngr/ks-engine-hkp.c (send_request): New case for 413.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.
2019-04-01 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
NEWS: correct typo in header.
+ commit 5b1b5be65f343d252c865d705d23b55982718f2d
2019-03-27 NIIBE Yutaka <gniibe@fsij.org>
g10: Fix symmetric cipher algo constant for ECDH.
+ commit 38c2a9a644e0bc1e2594ea437a5930982f7b8c4e
* g10/ecdh.c (kek_params_table): Use CIPHER_ALGO_AES192 for
ECC strength 384, according to RFC-6637.
2019-03-27 Trevor Bentley <trevor@yubico.com>
gpg: Don't use EdDSA algo ID for ECDSA curves.
+ commit 2f455d18ab99a1d94029d3f607ae918bd5c9fecf
* g10/keygen.c (ask_curve): Change algo ID to ECDSA if it changed from
an EdDSA curve.
2019-03-26 Werner Koch <wk@gnupg.org>
Release 2.2.15.
Noteworthy changes in version 2.2.16 (2019-05-28)
-------------------------------------------------
* gpg,gpgsm: Fix deadlock on Windows due to a keybox sharing
violation. [#4505]
* gpg: Allow deletion of subkeys with --delete-key. This finally
makes the bang-suffix work as expected for that command. [#4457]
* gpg: Replace SHA-1 by SHA-256 in self-signatures when updating
them with --quick-set-expire or --quick-set-primary-uid. [#4508]
* gpg: Improve the photo image viewer selection. [#4334]
* gpg: Fix decryption with --use-embedded-filename. [#4500]
* gpg: Remove hints on using the --keyserver option. [#4512]
* gpg: Fix export of certain secret keys with comments. [#4490]
* gpg: Reject too long user-ids in --quick-gen-key. [#4532]
* gpg: Fix a double free in the best key selection code. [#4462]
* gpg: Fix the key generation dialog for switching back from EdDSA
to ECDSA.
* gpg: Use AES-192 with SHA-384 to comply with RFC-6637.
* gpg: Use only the addrspec from the Signer's UID subpacket to
mitigate a problem with another implementation.
* gpg: Skip invalid packets during a keyring listing and sync
diagnostics with the output.
* gpgsm: Avoid confusing diagnostic when signing with the default
key. [#4535]
* agent: Do not delete any secret key in --dry-run mode.
* agent: Fix failures on 64 bit big-endian boxes related to URIs in
a keyfile. [#4501]
* agent: Stop scdaemon after a reload with disable-scdaemon newly
configured. [#4326]
* dirmngr: Improve caching algorithm for WKD domains.
* dirmngr: Support other hash algorithms than SHA-1 for OCSP. [#3966]
* gpgconf: Make --homedir work for --launch. [#4496]
* gpgconf: Before --launch check for a valid config file. [#4497]
* wkd: Do not import more than 5 keys from one WKD address.
* wkd: Accept keys which are stored in armored format in the
directory.
* The installer for Windows now comes with signed binaries.
Release-info: https://dev.gnupg.org/T4509
See-also: gnupg-announce/2019q2/000438.html
Noteworthy changes in version 2.2.15 (2019-03-26)
-------------------------------------------------
......@@ -50,7 +115,7 @@ Noteworthy changes in version 2.2.14 (2019-03-19)
* dirmngr: Fix build problems with gcc 9 in libdns.
* gpgconf: New option --show-socket for use wity --launch.
* gpgconf: New option --show-socket for use with --launch.
* gpgtar: Make option -C work for archive creation.
......
......@@ -597,6 +597,7 @@ int agent_card_scd (ctrl_t ctrl, const char *cmdline,
int (*getpin_cb)(void *, const char *,
const char *, char*, size_t),
void *getpin_cb_arg, void *assuan_context);
void agent_card_killscd (void);
/*-- learncard.c --*/
......
......@@ -1324,3 +1324,12 @@ agent_card_scd (ctrl_t ctrl, const char *cmdline,
return unlock_scd (ctrl, 0);
}
void
agent_card_killscd (void)
{
if (primary_scd_ctx == NULL)
return;
assuan_transact (primary_scd_ctx, "KILLSCD",
NULL, NULL, NULL, NULL, NULL, NULL);
}
......@@ -3003,8 +3003,8 @@ ssh_key_to_protected_buffer (gcry_sexp_t key, const char *passphrase,
goto out;
}
gcry_sexp_sprint (key, GCRYSEXP_FMT_CANON, buffer_new, buffer_new_n);
/* FIXME: guarantee? */
buffer_new_n = gcry_sexp_sprint (key, GCRYSEXP_FMT_CANON,
buffer_new, buffer_new_n);
if (*passphrase)
err = agent_protect (buffer_new, passphrase, buffer, buffer_n, 0, -1);
......
......@@ -1231,8 +1231,8 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx,
}
/* Entry int for the command KEYINFO. This function handles the
command option processing. For details see hlp_keyinfo above. */
/* Entry into the command KEYINFO. This function handles the
* command option processing. For details see hlp_keyinfo above. */
static gpg_error_t
cmd_keyinfo (assuan_context_t ctx, char *line)
{
......
......@@ -1230,6 +1230,7 @@ agent_public_key_from_file (ctrl_t ctrl,
gcry_sexp_t uri_sexp, comment_sexp;
const char *uri, *comment;
size_t uri_length, comment_length;
int uri_intlen, comment_intlen;
char *format, *p;
void *args[2+7+2+2+1]; /* Size is 2 + max. # of elements + 2 for uri + 2
for comment + end-of-list. */
......@@ -1311,14 +1312,16 @@ agent_public_key_from_file (ctrl_t ctrl,
{
p = stpcpy (p, "(uri %b)");
assert (argidx+1 < DIM (args));
args[argidx++] = (void *)&uri_length;
uri_intlen = (int)uri_length;
args[argidx++] = (void *)&uri_intlen;
args[argidx++] = (void *)&uri;
}
if (comment)
{
p = stpcpy (p, "(comment %b)");
assert (argidx+1 < DIM (args));
args[argidx++] = (void *)&comment_length;
comment_intlen = (int)comment_length;
args[argidx++] = (void *)&comment_intlen;
args[argidx++] = (void*)&comment;
}
*p++ = ')';
......
......@@ -2434,6 +2434,9 @@ agent_sighup_action (void)
"pinentry" binary that one can be used in case the
"pinentry-basic" fallback was in use. */
gnupg_module_name_flush_some ();
if (opt.disable_scdaemon)
agent_card_killscd ();
}
......
......@@ -157,9 +157,41 @@ INST_NAME=gnupg-w32
# Use this to override the installaion directory for native builds.
INSTALL_PREFIX=none
# The Authenticode key and cert chain used to sign the Windows installer
# The Authenticode key and cert chain used to sign the Windows
# installer If AUTHENTICODE_SIGNHOST is specified, signing is done on
# that host using the Windows signtool. The signhost is usually an
# entry in .ssh/config. Depending on the used token it might be
# necessary to allow single signon and unlock the token before running
# this makefile. All files given in AUTHENTICODE_FILES are signed
# before they are put into the installer.
AUTHENTICODE_SIGNHOST=authenticode-signhost
AUTHENTICODE_TOOL='"C:\Program Files (x86)\Windows Kits\10\bin\signtool.exe"'
AUTHENTICODE_KEY=${HOME}/.gnupg/g10code-authenticode-key.p12
AUTHENTICODE_CERTS=${HOME}/.gnupg/g10code-authenticode-certs.pem
AUTHENTICODE_FILES= \
dirmngr.exe \
dirmngr_ldap.exe \
gpg-agent.exe \
gpg-connect-agent.exe \
gpg-preset-passphrase.exe \
gpg-wks-client.exe \
gpg.exe \
gpgconf.exe \
gpgme-w32spawn.exe \
gpgsm.exe \
gpgtar.exe \
gpgv.exe \
libassuan-0.dll \
libgcrypt-20.dll \
libgpg-error-0.dll \
libgpgme-11.dll \
libksba-8.dll \
libnpth-0.dll \
libsqlite3-0.dll \
pinentry-w32.exe \
scdaemon.exe \
zlib1.dll
# Directory names.
......@@ -1211,7 +1243,22 @@ ifeq ($(WITH_GUI),1)
extra_installer_options += -DWITH_GUI=1
endif
# Note that we sign only when doing the final installer.
installer: all w32_insthelpers $(w32src)/inst-options.ini $(bdir)/README.txt
(set -e;\
cd "$(idir)"; \
if echo "$(idir)" | grep -q '/PLAY-release/' ; then \
for f in $(AUTHENTICODE_FILES); do \
if [ -f "bin/$$f" ]; then \
$(call AUTHENTICODE_sign,"bin/$$f","bin/$$f");\
elif [ -f "libexec/$$f" ]; then \
$(call AUTHENTICODE_sign,"libexec/$$f","libexec/$$f");\
else \
echo "speedo: WARNING: file '$$f' not available for signing";\
fi;\
done; \
fi \
)
$(MAKENSIS) -V2 \
-DINST_DIR=$(idir) \
-DINST6_DIR=$(idir6) \
......@@ -1237,6 +1284,28 @@ define MKSWDB_commands
) | tee $(1).swdb
endef
# Sign the file $1 and save the result as $2
define AUTHENTICODE_sign
set -e;\
if [ -n "$(AUTHENTICODE_SIGNHOST)" ]; then \
echo "speedo: Signing via host $(AUTHENTICODE_SIGNHOST)";\
scp $(1) "$(AUTHENTICODE_SIGNHOST):a.exe" ;\
ssh "$(AUTHENTICODE_SIGNHOST)" $(AUTHENTICODE_TOOL) sign \
/n '"g10 Code GmbH"' \
/tr 'http://rfc3161timestamp.globalsign.com/advanced' /td sha256 \
/fd sha256 /du https://gnupg.org a.exe ;\
scp "$(AUTHENTICODE_SIGNHOST):a.exe" $(2);\
echo "speedo: signed file is '$(2)'" ;\
else \
echo "speedo: Signing using key $(AUTHENTICODE_KEY)";\
osslsigncode sign -certs $(AUTHENTICODE_CERTS) \
-pkcs12 $(AUTHENTICODE_KEY) -askpass \
-ts "http://timestamp.globalsign.com/scripts/timstamp.dll" \
-h sha256 -n GnuPG -i https://gnupg.org \
-in $(1) -out $(2) ;\
fi
endef
# Build the installer from the source tarball.
installer-from-source: dist-source
......@@ -1265,13 +1334,8 @@ sign-installer:
exefile="$(INST_NAME)-$(INST_VERSION)_$(BUILD_DATESTR).exe" ;\
echo "speedo: /*" ;\
echo "speedo: * Signing installer" ;\
echo "speedo: * Key: $(AUTHENTICODE_KEY)";\
echo "speedo: */" ;\
osslsigncode sign -certs $(AUTHENTICODE_CERTS)\
-pkcs12 $(AUTHENTICODE_KEY) -askpass \
-ts "http://timestamp.globalsign.com/scripts/timstamp.dll" \
-h sha256 -n GnuPG -i https://gnupg.org \
-in "PLAY/inst/$$exefile" -out "../../$$exefile" ;\
$(call AUTHENTICODE_sign,"PLAY/inst/$$exefile","../../$$exefile");\
exefile="../../$$exefile" ;\
$(call MKSWDB_commands,$${exefile},$${reldate}); \
echo "speedo: /*" ;\
......
......@@ -148,13 +148,13 @@ if MAINTAINER_MODE
audit-events.h: Makefile.am mkstrtable.awk exaudit.awk audit.h
$(AWK) -f $(srcdir)/exaudit.awk $(srcdir)/audit.h \
| $(AWK) -f $(srcdir)/mkstrtable.awk -v textidx=3 -v nogettext=1 \
-v namespace=eventstr_ > $(srcdir)/audit-events.h
-v pkg_namespace=eventstr_ > $(srcdir)/audit-events.h
# Create the status-codes.h include file from status.h
status-codes.h: Makefile.am mkstrtable.awk exstatus.awk status.h
$(AWK) -f $(srcdir)/exstatus.awk $(srcdir)/status.h \
| $(AWK) -f $(srcdir)/mkstrtable.awk -v textidx=3 -v nogettext=1 \
-v namespace=statusstr_ > $(srcdir)/status-codes.h
-v pkg_namespace=statusstr_ > $(srcdir)/status-codes.h
endif
#
......
......@@ -76,7 +76,7 @@
#
# The variable prefix can be used to prepend a string to each message.
#
# The variable namespace can be used to prepend a string to each
# The variable pkg_namespace can be used to prepend a string to each
# variable and macro name.
BEGIN {
......@@ -101,7 +101,7 @@ header {
print "/* The purpose of this complex string table is to produce";
print " optimal code with a minimum of relocations. */";
print "";
print "static const char " namespace "msgstr[] = ";
print "static const char " pkg_namespace "msgstr[] = ";
header = 0;
}
else
......@@ -109,7 +109,7 @@ header {
}
!header {
sub (/\#.+/, "");
sub (/#.+/, "");
sub (/[ ]+$/, ""); # Strip trailing space and tab characters.
if (/^$/)
......@@ -149,14 +149,14 @@ END {
else
print " gettext_noop (\"" prefix last_msgstr "\");";
print "";
print "static const int " namespace "msgidx[] =";
print "static const int " pkg_namespace "msgidx[] =";
print " {";
for (i = 0; i < coded_msgs; i++)
print " " pos[i] ",";
print " " pos[coded_msgs];
print " };";
print "";
print "#define " namespace "msgidxof(code) (0 ? -1 \\";
print "#define " pkg_namespace "msgidxof(code) (0 ? -1 \\";
# Gather the ranges.
skip = code[0];
......
......@@ -351,8 +351,10 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack)
}
else if (!hexprefix)
{
/* The fingerprint in an X.509 listing is often delimited by
colons, so we try to single this case out. */
/* The fingerprint of an X.509 listing is often delimited by
* colons, so we try to single this case out. Note that the
* OpenPGP bang suffix is not supported here. */
desc->exact = 0;
mode = 0;
hexlength = strspn (s, ":0123456789abcdefABCDEF");
if (hexlength == 59 && (!s[hexlength] || spacep (s+hexlength)))
......@@ -414,7 +416,6 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack)
}
if (!mode) /* Default to substring search. */
{
desc->exact = 0;
desc->u.name = s;
mode = KEYDB_SEARCH_MODE_SUBSTR;
}
......
......@@ -28,7 +28,7 @@ min_automake_version="1.14"
m4_define([mym4_package],[gnupg])
m4_define([mym4_major], [2])
m4_define([mym4_minor], [2])
m4_define([mym4_micro], [15])
m4_define([mym4_micro], [16])
# To start a new development series, i.e a new major or minor number
# you need to mark an arbitrary commit before the first beta release
......
......@@ -47,6 +47,7 @@ struct domaininfo_s
unsigned int wkd_not_found:1; /* A WKD query failed. */
unsigned int wkd_supported:1; /* One WKD entry was found. */
unsigned int wkd_not_supported:1; /* Definitely does not support WKD. */
unsigned int keepmark:1; /* Private to insert_or_update(). */
char name[1];
};
typedef struct domaininfo_s *domaininfo_t;
......@@ -143,7 +144,10 @@ insert_or_update (const char *domain,
{
domaininfo_t di;
domaininfo_t di_new;
domaininfo_t di_cut;
domaininfo_t drop = NULL;
domaininfo_t drop_extra = NULL;
int nkept = 0;
int ndropped = 0;
u32 hash;
int count;
......@@ -162,7 +166,6 @@ insert_or_update (const char *domain,
/* Need to do another lookup because the malloc is a system call and
* thus the hash array may have been changed by another thread. */
di_cut = NULL;
for (count=0, di = domainbuckets[hash]; di; di = di->next, count++)
if (!strcmp (di->name, domain))
{
......@@ -172,16 +175,89 @@ insert_or_update (const char *domain,
}
/* Before we insert we need to check whether the chain gets too long. */
di_cut = NULL;
if (count >= MAX_DOMAINBUCKET_LEN)
{
for (count=0, di = domainbuckets[hash]; di; di = di->next, count++)
if (count >= MAX_DOMAINBUCKET_LEN/2)
{
di_cut = di->next;
di->next = NULL;
break;
}
domaininfo_t bucket;
domaininfo_t *array;
int narray, idx;
domaininfo_t keep = NULL;
/* Unlink from the global list before doing a syscall. */
bucket = domainbuckets[hash];
domainbuckets[hash] = NULL;
array = xtrycalloc (count, sizeof *array);
if (!array)
{
/* That's bad; give up the entire bucket. */
log_error ("domaininfo: error allocating helper array: %s\n",
gpg_strerror (gpg_err_code_from_syserror ()));
drop_extra = bucket;
goto leave;
}
narray = 0;
/* Move all items into an array for easier processing. */
for (di = bucket; di; di = di->next)
array[narray++] = di;
log_assert (narray == count);
/* Mark all item in the array which are flagged to support wkd
* but not more than half of the maximum. This way we will at
* the end drop half of the items. */
count = 0;
for (idx=0; idx < narray; idx++)
{
di = array[idx];
di->keepmark = 0; /* Clear flag here on the first pass. */
if (di->wkd_supported && count < MAX_DOMAINBUCKET_LEN/2)
{
di->keepmark = 1;
count++;
}
}
/* Now mark those which are marked as not found. */
/* FIXME: we should use an LRU algorithm here. */
for (idx=0; idx < narray; idx++)
{
di = array[idx];
if (!di->keepmark
&& di->wkd_not_supported && count < MAX_DOMAINBUCKET_LEN/2)
{
di->keepmark = 1;
count++;
}
}
/* Build a bucket list and a second list for later freeing the
* items (we can't do it directly because a free is a system
* call and we want to avoid locks in this module. Note that
* the kept items will be reversed order which does not matter. */
for (idx=0; idx < narray; idx++)
{
di = array[idx];
if (di->keepmark)
{
di->next = keep;
keep = di;
nkept++;
}
else
{