~ubuntu-branches/ubuntu/oneiric/gnupg2/oneiric-proposed

Committer: Bazaar Package Importer
Author(s): Michael Bienia
Date: 2010-01-22 21:49:55 UTC
mfrom: (1.1.14 upstream) (7.1.3 squeeze)
Revision ID: james.westby@ubuntu.com-20100122214955-r2ab5it9rts5gqjf

Tags: 2.0.14-1ubuntu1

* Merge with Debian testing (lp: #511356). Remaining changes:
- debian/gnupg2.dev: udev rules to set ACLs on SCM smartcard readers.
- debian/rules: Call dh_installudev.

files added:
debian/patches

debian/patches/.dpkg-source-applied

debian/patches/debian-changes

debian/patches/debian-changes-2.0.14-1ubuntu1

debian/patches/series

debian/source

debian/source/format

debian/source/options

debian/source/patch-header

files modified:
AUTHORS

ChangeLog

NEWS

README

VERSION

agent/ChangeLog

agent/agent.h

agent/command.c

agent/divert-scd.c

agent/gpg-agent.c

agent/minip12.c

agent/protect-tool.c

agent/protect.c

agent/trustlist.c

common/ChangeLog

common/Makefile.am

common/Makefile.in

common/audit-events.h

common/audit.c

common/audit.h

common/dns-cert.c

common/estream.c

common/pka.c

common/srv.c

config.h.in

configure

configure.ac

debian/changelog

debian/control

doc/DETAILS

doc/gnupg-card-architecture.eps

doc/gnupg-card-architecture.pdf

doc/gnupg-card-architecture.png

doc/gnupg.info

doc/gnupg.info-1

doc/gnupg.info-2

doc/gpg-agent.texi

doc/gpg.texi

doc/gpgsm.texi

doc/scdaemon.texi

doc/stamp-vti

doc/version.texi

g10/ChangeLog

g10/call-agent.c

g10/call-agent.h

g10/card-util.c

g10/gpg.c

g10/keydb.h

g10/keygen.c

g10/passphrase.c

g10/pkglue.c

g10/sig-check.c

g10/tdbio.c

g10/trustdb.c

po/ChangeLog

po/be.gmo

po/be.po

po/ca.gmo

po/ca.po

po/cs.gmo

po/cs.po

po/da.gmo

po/da.po

po/de.gmo

po/de.po

po/el.gmo

po/el.po

po/en@boldquot.gmo

po/en@boldquot.po

po/en@quot.gmo

po/en@quot.po

po/eo.gmo

po/eo.po

po/es.gmo

po/es.po

po/et.gmo

po/et.po

po/fi.gmo

po/fi.po

po/fr.gmo

po/fr.po

po/gl.gmo

po/gl.po

po/gnupg2.pot

po/hu.gmo

po/hu.po

po/id.gmo

po/id.po

po/it.gmo

po/it.po

po/ja.gmo

po/ja.po

po/nb.gmo

po/nb.po

po/pl.gmo

po/pl.po

po/pt.gmo

po/pt.po

po/pt_BR.gmo

po/pt_BR.po

po/ro.gmo

po/ro.po

po/ru.gmo

po/ru.po

po/sk.gmo

po/sk.po

po/sv.gmo

po/sv.po

po/tr.gmo

po/tr.po

po/zh_CN.gmo

po/zh_CN.po

po/zh_TW.gmo

po/zh_TW.po

scd/ChangeLog

scd/app-p15.c

scd/ccid-driver.c

scd/scdaemon.c

scripts/ChangeLog

scripts/config.guess

scripts/config.sub

sm/ChangeLog

sm/certchain.c

sm/certreqgen.c

sm/decrypt.c

sm/gpgsm.c

sm/gpgsm.h

sm/sign.c

sm/verify.c

tests/ChangeLog

tests/asschk.c

tests/openpgp/ChangeLog

tests/openpgp/Makefile.am

tests/openpgp/Makefile.in

tools/ChangeLog

tools/applygnupgdefaults

tools/no-libgcrypt.c

version

Show diffs side-by-side

added added

removed removed

common/audit.c

/* audit.c - GnuPG's audit subsystem

* This file is part of GnuPG.

{

audit_event_t event; /* The event. */

gpg_error_t err; /* The logged error code. */

int intvalue; /* A logged interger value. */

int intvalue; /* A logged integer value. */

char *string; /* A malloced string or NULL. */

ksba_cert_t cert; /* A certifciate or NULL. */

int have_err:1;

483

oktext = _("|audit-log-result|Not enabled");

484

else if (!strcmp (oktext, "error"))

485

oktext = _("|audit-log-result|Error");

486

else if (!strcmp (oktext, "not-used"))

487

oktext = _("|audit-log-result|Not used");

488

else if (!strcmp (oktext, "okay"))

489

oktext = _("|audit-log-result|Okay");

490

else if (!strcmp (oktext, "skipped"))

491

oktext = _("|audit-log-result|Skipped");

492

else if (!strcmp (oktext, "some"))

493

oktext = _("|audit-log-result|Some");

486

494

else

487

495

s = "";

488

496

806

814

static void

807

815

proc_type_sign (audit_ctx_t ctx)

808

816

{

809

log_item_t item;

817

log_item_t item, loopitem;

818

int signer, idx;

819

const char *result;

820

ksba_cert_t cert;

821

char *name;

822

int lastalgo;

810

823

811

item = NULL;

824

item = find_log_item (ctx, AUDIT_SIGNING_DONE, 0);

812

825

writeout_li (ctx, item?"Yes":"No", "%s", _("Data signing succeeded"));

813

826

814

827

enter_li (ctx);

815

828

816

829

item = find_log_item (ctx, AUDIT_GOT_DATA, 0);

817

830

writeout_li (ctx, item? "Yes":"No", "%s", _("Data available"));

818

831

/* Write remarks with the data hash algorithms. We use a very

832

simple scheme to avoid some duplicates. */

833

loopitem = NULL;

834

lastalgo = 0;

835

while ((loopitem = find_next_log_item

836

(ctx, loopitem, AUDIT_DATA_HASH_ALGO, AUDIT_NEW_SIG)))

837

{

838

if (loopitem->intvalue && loopitem->intvalue != lastalgo)

839

writeout_rem (ctx, _("data hash algorithm: %s"),

840

gcry_md_algo_name (loopitem->intvalue));

841

lastalgo = loopitem->intvalue;

842

}

843

844

/* Loop over all signer. */

845

loopitem = NULL;

846

signer = 0;

847

while ((loopitem=find_next_log_item (ctx, loopitem, AUDIT_NEW_SIG, 0)))

848

{

849

signer++;

850

851

item = find_next_log_item (ctx, loopitem, AUDIT_SIGNED_BY, AUDIT_NEW_SIG);

852

if (!item)

853

result = "error";

854

else if (!item->err)

855

result = "okay";

856

else if (gpg_err_code (item->err) == GPG_ERR_CANCELED)

857

result = "skipped";

858

else

859

result = gpg_strerror (item->err);

860

cert = item? item->cert : NULL;

861

862

writeout_li (ctx, result, _("Signer %d"), signer);

863

item = find_next_log_item (ctx, loopitem,

864

AUDIT_ATTR_HASH_ALGO, AUDIT_NEW_SIG);

865

if (item)

866

writeout_rem (ctx, _("attr hash algorithm: %s"),

867

gcry_md_algo_name (item->intvalue));

868

869

if (cert)

870

{

871

name = get_cert_name (cert);

872

writeout_rem (ctx, "%s", name);

873

xfree (name);

874

enter_li (ctx);

875

for (idx=0; (name = get_cert_subject (cert, idx)); idx++)

876

{

877

writeout_rem (ctx, "%s", name);

878

xfree (name);

879

}

880

leave_li (ctx);

881

}

882

}

819

883

820

884

leave_li (ctx);

821

885

}

826

890

static void

827

891

proc_type_decrypt (audit_ctx_t ctx)

828

892

{

829

log_item_t item;

893

log_item_t loopitem, item;

894

int algo, recpno;

895

char *name;

896

char numbuf[35];

897

int idx;

830

898

831

item = NULL;

832

writeout_li (ctx, item?"Yes":"No", "%s", _("Data decryption succeeded"));

899

item = find_log_item (ctx, AUDIT_DECRYPTION_RESULT, 0);

900

writeout_li (ctx, item && !item->err?"Yes":"No",

901

"%s", _("Data decryption succeeded"));

833

902

834

903

enter_li (ctx);

835

904

836

905

item = find_log_item (ctx, AUDIT_GOT_DATA, 0);

837

906

writeout_li (ctx, item? "Yes":"No", "%s", _("Data available"));

838

907

908

item = find_log_item (ctx, AUDIT_DATA_CIPHER_ALGO, 0);

909

algo = item? item->intvalue : 0;

910

writeout_li (ctx, algo?"Yes":"No", "%s", _("Encryption algorithm supported"));

911

if (algo)

912

writeout_rem (ctx, _("algorithm: %s"), gcry_cipher_algo_name (algo));

913

914

item = find_log_item (ctx, AUDIT_BAD_DATA_CIPHER_ALGO, 0);

915

if (item && item->string)

916

{

917

algo = gcry_cipher_map_name (item->string);

918

if (algo)

919

writeout_rem (ctx, _("algorithm: %s"), gcry_cipher_algo_name (algo));

920

else if (item->string && !strcmp (item->string, "1.2.840.113549.3.2"))

921

writeout_rem (ctx, _("unsupported algorithm: %s"), "RC2");

922

else if (item->string)

923

writeout_rem (ctx, _("unsupported algorithm: %s"), item->string);

924

else

925

writeout_rem (ctx, _("seems to be not encrypted"));

926

}

927

928

929

for (recpno = 0, item = NULL;

930

(item = find_next_log_item (ctx, item, AUDIT_NEW_RECP, 0)); recpno++)

931

;

932

snprintf (numbuf, sizeof numbuf, "%d", recpno);

933

writeout_li (ctx, numbuf, "%s", _("Number of recipients"));

934

935

/* Loop over all recipients. */

936

loopitem = NULL;

937

while ((loopitem = find_next_log_item (ctx, loopitem, AUDIT_NEW_RECP, 0)))

938

{

939

const char *result;

940

941

recpno = loopitem->have_intvalue? loopitem->intvalue : -1;

942

943

item = find_next_log_item (ctx, loopitem,

944

AUDIT_RECP_RESULT, AUDIT_NEW_RECP);

945

if (!item)

946

result = "not-used";

947

else if (!item->err)

948

result = "okay";

949

else if (gpg_err_code (item->err) == GPG_ERR_CANCELED)

950

result = "skipped";

951

else

952

result = gpg_strerror (item->err);

953

954

item = find_next_log_item (ctx, loopitem,

955

AUDIT_RECP_NAME, AUDIT_NEW_RECP);

956

writeout_li (ctx, result, _("Recipient %d"), recpno);

957

if (item && item->string)

958

writeout_rem (ctx, "%s", item->string);

959

960

/* If we have a certificate write out more infos. */

961

item = find_next_log_item (ctx, loopitem,

962

AUDIT_SAVE_CERT, AUDIT_NEW_RECP);

963

if (item && item->cert)

964

{

965

enter_li (ctx);

966

for (idx=0; (name = get_cert_subject (item->cert, idx)); idx++)

967

{

968

writeout_rem (ctx, "%s", name);

969

xfree (name);

970

}

971

leave_li (ctx);

972

}

973

}

839

974

840

975

leave_li (ctx);

841

976

}

847

982

proc_type_verify (audit_ctx_t ctx)

848

983

{

849

984

log_item_t loopitem, item;

850

int signo, count, idx;

985

int signo, count, idx, n_good, n_bad;

851

986

char numbuf[35];

987

const char *result;

852

988

853

989

/* If there is at least one signature status we claim that the

854

verifciation succeeded. This does not mean that the data has

990

verification succeeded. This does not mean that the data has

855

991

verified okay. */

856

992

item = find_log_item (ctx, AUDIT_SIG_STATUS, 0);

857

993

writeout_li (ctx, item?"Yes":"No", "%s", _("Data verification succeeded"));

867

1003

if (!item)

868

1004

goto leave;

869

1005

870

item = find_log_item (ctx, AUDIT_DATA_HASH_ALGO, AUDIT_NEW_SIG);

871

writeout_li (ctx, item?"Yes":"No", "%s", _("Parsing signature succeeded"));

872

if (!item)

873

{

874

item = find_log_item (ctx, AUDIT_BAD_DATA_HASH_ALGO, AUDIT_NEW_SIG);

875

if (item)

876

writeout_rem (ctx, _("Bad hash algorithm: %s"),

877

item->string? item->string:"?");

1006

/* Print info about the used data hashing algorithms. */

1007

for (idx=0, n_good=n_bad=0; idx < ctx->logused; idx++)

1008

{

1009

item = ctx->log + idx;

1010

if (item->event == AUDIT_NEW_SIG)

1011

break;

1012

else if (item->event == AUDIT_DATA_HASH_ALGO)

1013

n_good++;

1014

else if (item->event == AUDIT_BAD_DATA_HASH_ALGO)

1015

n_bad++;

1016

}

1017

item = find_log_item (ctx, AUDIT_DATA_HASHING, AUDIT_NEW_SIG);

1018

if (!item || item->err || !n_good)

1019

result = "No";

1020

else if (n_good && !n_bad)

1021

result = "Yes";

1022

else

1023

result = "Some";

1024

writeout_li (ctx, result, "%s", _("Parsing data succeeded"));

1025

if (n_good || n_bad)

1026

{

1027

for (idx=0; idx < ctx->logused; idx++)

1028

{

1029

item = ctx->log + idx;

1030

if (item->event == AUDIT_NEW_SIG)

1031

break;

1032

else if (item->event == AUDIT_DATA_HASH_ALGO)

1033

writeout_rem (ctx, _("data hash algorithm: %s"),

1034

gcry_md_algo_name (item->intvalue));

1035

else if (item->event == AUDIT_BAD_DATA_HASH_ALGO)

1036

writeout_rem (ctx, _("bad data hash algorithm: %s"),

1037

item->string? item->string:"?");

1038

}

1039

}

878

1040

879

goto leave;

880

}

881

1041

882

1042

/* Loop over all signatures. */

883

1043

loopitem = find_log_item (ctx, AUDIT_NEW_SIG, 0);

893

1053

AUDIT_SIG_NAME, AUDIT_NEW_SIG);

894

1054

if (item)

895

1055

writeout_rem (ctx, "%s", item->string);

1056

1057

item = find_next_log_item (ctx, loopitem,

1058

AUDIT_DATA_HASH_ALGO, AUDIT_NEW_SIG);

1059

if (item)

1060

writeout_rem (ctx, _("data hash algorithm: %s"),

1061

gcry_md_algo_name (item->intvalue));

1062

item = find_next_log_item (ctx, loopitem,

1063

AUDIT_ATTR_HASH_ALGO, AUDIT_NEW_SIG);

1064

if (item)

1065

writeout_rem (ctx, _("attr hash algorithm: %s"),

1066

gcry_md_algo_name (item->intvalue));

1067

896

1068

enter_li (ctx);

897

1069

898

1070

/* List the certificate chain. */

1006

1178

/* We use an environment variable to include some debug info in the

1007

1179

log. */

1008

1180

if ((s = getenv ("gnupg_debug_audit")))

1009

{

1010

show_raw = 1;

1011

if (!strcmp (s, "html"))

1012

use_html = 1;

1013

}

1181

show_raw = 1;

1014

1182

1015

1183

assert (!ctx->outstream);

1016

1184

ctx->outstream = out;

Older »