diff options
-rw-r--r-- | NEWS | 21 | ||||
-rw-r--r-- | README | 16 | ||||
-rw-r--r-- | agent/gpg-agent.c | 37 | ||||
-rw-r--r-- | agent/protect.c | 14 | ||||
-rw-r--r-- | agent/t-protect.c | 2 | ||||
-rw-r--r-- | configure.ac | 21 | ||||
-rw-r--r-- | dirmngr/crlcache.c | 12 | ||||
-rw-r--r-- | doc/DETAILS | 16 | ||||
-rw-r--r-- | doc/Makefile.am | 16 | ||||
-rw-r--r-- | doc/tools.texi | 136 | ||||
-rw-r--r-- | g10/getkey.c | 5 | ||||
-rw-r--r-- | po/da.po | 2 | ||||
-rw-r--r-- | sm/keydb.c | 2 | ||||
-rw-r--r-- | tools/gpgtar-extract.c | 12 |
14 files changed, 214 insertions, 98 deletions
@@ -1,3 +1,22 @@ +Noteworthy changes in version 2.2.3 (2017-11-20) +------------------------------------------------ + + * gpgsm: Fix initial keybox creation on Windows. [#3507] + + * dirmngr: Fix crash in case of a CRL loading error. [#3510] + + * Fix the name of the Windows registry key. [Git#4f5afaf1fd] + + * gpgtar: Fix wrong behaviour of --set-filename. [#3500] + + * gpg: Silence AKL retrieval messages. [#3504] + + * agent: Use clock or clock_gettime for calibration. [#3056] + + * agent: Improve robustness of the shutdown pending + state. [Git#7ffedfab89] + + Noteworthy changes in version 2.2.2 (2017-11-07) ------------------------------------------------ @@ -40,6 +59,8 @@ Noteworthy changes in version 2.2.2 (2017-11-07) * Add configure option --enable-werror. [#2423] + See-also: gnupg-announce/2017q4/000416.html + Noteworthy changes in version 2.2.1 (2017-09-19) ------------------------------------------------ @@ -33,11 +33,11 @@ GnuPG 2.2 depends on the following GnuPG related packages: - npth (ftp://ftp.gnupg.org/gcrypt/npth/) - libgpg-error (ftp://ftp.gnupg.org/gcrypt/libgpg-error/) - libgcrypt (ftp://ftp.gnupg.org/gcrypt/libgcrypt/) - libksba (ftp://ftp.gnupg.org/gcrypt/libksba/) - libassuan (ftp://ftp.gnupg.org/gcrypt/libassuan/) + npth (https://gnupg.org/ftp/gcrypt/npth/) + libgpg-error (https://gnupg.org/ftp/gcrypt/libgpg-error/) + libgcrypt (https://gnupg.org/ftp/gcrypt/libgcrypt/) + libksba (https://gnupg.org/ftp/gcrypt/libksba/) + libassuan (https://gnupg.org/ftp/gcrypt/libassuan/) You should get the latest versions of course, the GnuPG configure script complains if a version is not sufficient. @@ -48,7 +48,7 @@ You also need the Pinentry package for most functions of GnuPG; however it is not a build requirement. Pinentry is available at - ftp://ftp.gnupg.org/gcrypt/pinentry/ . + https://gnupg.org/ftp/gcrypt/pinentry/ . After building and installing the above packages in the order as given above, you may continue with GnuPG installation (you may also @@ -228,7 +228,7 @@ You subscribe to one of the list by sending mail with a subject of "subscribe" to x-request@gnupg.org, where x is the name of the mailing list (gnupg-announce, gnupg-users, etc.). See - https://www.gnupg.org/documentation/mailing-lists.html for archives + https://gnupg.org/documentation/mailing-lists.html for archives of the mailing lists. Please direct bug reports to [[https://bugs.gnupg.org]] or post them @@ -241,7 +241,7 @@ authors and we try to answer questions when time allows us. Commercial grade support for GnuPG is available; for a listing of - offers see https://www.gnupg.org/service.html . Maintaining and + offers see https://gnupg.org/service.html . Maintaining and improving GnuPG requires a lot of time. Since 2001, g10 Code GmbH, a German company owned and headed by GnuPG's principal author Werner Koch, is bearing the majority of these costs. To keep GnuPG in a diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 2e19d19..0b2b982 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -3000,27 +3000,34 @@ handle_connections (gnupg_fd_t listen_fd, next timeout. */ continue; + /* The inotify fds are set even when a shutdown is pending (see + * above). So we must handle them in any case. To avoid that + * they trigger a second time we close them immediately. */ + if (sock_inotify_fd != -1 + && FD_ISSET (sock_inotify_fd, &read_fdset) + && gnupg_inotify_has_name (sock_inotify_fd, GPG_AGENT_SOCK_NAME)) + { + shutdown_pending = 1; + close (sock_inotify_fd); + sock_inotify_fd = -1; + log_info ("socket file has been removed - shutting down\n"); + } + + if (home_inotify_fd != -1 + && FD_ISSET (home_inotify_fd, &read_fdset)) + { + shutdown_pending = 1; + close (home_inotify_fd); + home_inotify_fd = -1; + log_info ("homedir has been removed - shutting down\n"); + } + if (!shutdown_pending) { int idx; ctrl_t ctrl; npth_t thread; - if (sock_inotify_fd != -1 - && FD_ISSET (sock_inotify_fd, &read_fdset) - && gnupg_inotify_has_name (sock_inotify_fd, GPG_AGENT_SOCK_NAME)) - { - shutdown_pending = 1; - log_info ("socket file has been removed - shutting down\n"); - } - - if (home_inotify_fd != -1 - && FD_ISSET (home_inotify_fd, &read_fdset)) - { - shutdown_pending = 1; - log_info ("homedir has been removed - shutting down\n"); - } - for (idx=0; idx < DIM(listentbl); idx++) { if (listentbl[idx].l_fd == GNUPG_INVALID_FD) diff --git a/agent/protect.c b/agent/protect.c index 3073fc4..9bb2da6 100644 --- a/agent/protect.c +++ b/agent/protect.c @@ -23,6 +23,7 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <time.h> #include <ctype.h> #include <assert.h> #include <unistd.h> @@ -104,11 +105,14 @@ calibrate_get_time (struct calibrate_time_s *data) &data->creation_time, &data->exit_time, &data->kernel_time, &data->user_time); # endif -#else - struct tms tmp; +#elif defined (CLOCK_THREAD_CPUTIME_ID) + struct timespec tmp; - times (&tmp); - data->ticks = tmp.tms_utime; + clock_gettime (CLOCK_THREAD_CPUTIME_ID, &tmp); + data->ticks = (clock_t)(((unsigned long long)tmp.tv_sec * 1000000000 + + tmp.tv_nsec) * CLOCKS_PER_SEC / 1000000000); +#else + data->ticks = clock (); #endif } @@ -135,7 +139,7 @@ calibrate_elapsed_time (struct calibrate_time_s *starttime) } #else return (unsigned long)((((double) (stoptime.ticks - starttime->ticks)) - /CLOCKS_PER_SEC)*10000000); + /CLOCKS_PER_SEC)*1000); #endif } diff --git a/agent/t-protect.c b/agent/t-protect.c index 1d3c8ec..92d312c 100644 --- a/agent/t-protect.c +++ b/agent/t-protect.c @@ -322,9 +322,9 @@ test_agent_protect_shared_secret (void) int main (int argc, char **argv) { - (void)argc; (void)argv; + opt.verbose = argc - 1; /* We can do "./t-protect -v -v" */ gcry_control (GCRYCTL_DISABLE_SECMEM); test_agent_protect (); diff --git a/configure.ac b/configure.ac index dc1fc1a..fb6f0da 100644 --- a/configure.ac +++ b/configure.ac @@ -28,7 +28,7 @@ min_automake_version="1.14" m4_define([mym4_package],[gnupg]) m4_define([mym4_major], [2]) m4_define([mym4_minor], [2]) -m4_define([mym4_micro], [2]) +m4_define([mym4_micro], [3]) # To start a new development series, i.e a new major or minor number # you need to mark an arbitrary commit before the first beta release @@ -602,8 +602,9 @@ AC_PROG_RANLIB AC_CHECK_TOOL(AR, ar, :) AC_PATH_PROG(PERL,"perl") AC_CHECK_TOOL(WINDRES, windres, :) -AC_PATH_PROG(YAT2M, "yat2m", "./yat2m" ) +AC_PATH_PROG(YAT2M, "yat2m") AC_ARG_VAR(YAT2M, [tool to convert texi to man pages]) +AM_CONDITIONAL(HAVE_YAT2M, test -n "$ac_cv_path_YAT2M") AC_ISC_POSIX AC_SYS_LARGEFILE GNUPG_CHECK_USTAR @@ -1611,12 +1612,20 @@ if test "$GCC" = yes; then mycflags="$mycflags -Wdeclaration-after-statement" fi - AC_MSG_CHECKING([if gcc supports -Wlogical-op and -Wvla]) - CFLAGS="-Wlogical-op -Wvla" + AC_MSG_CHECKING([if gcc supports -Wlogical-op]) + CFLAGS="-Wlogical-op -Werror" AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no) AC_MSG_RESULT($_gcc_wopt) if test x"$_gcc_wopt" = xyes ; then - mycflags="$mycflags -Wlogical-op -Wvla" + mycflags="$mycflags -Wlogical-op" + fi + + AC_MSG_CHECKING([if gcc supports -Wvla]) + CFLAGS="-Wvla" + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no) + AC_MSG_RESULT($_gcc_wopt) + if test x"$_gcc_wopt" = xyes ; then + mycflags="$mycflags -Wvla" fi else @@ -1814,7 +1823,7 @@ AC_DEFINE_UNQUOTED(DIRMNGR_DEFAULT_KEYSERVER, AC_DEFINE_UNQUOTED(GPGEXT_GPG, "gpg", [The standard binary file suffix]) if test "$have_w32_system" = yes; then - AC_DEFINE_UNQUOTED(GNUPG_REGISTRY_DIR, "\\\\Software\\\\GNU\\\\GnuPG", + AC_DEFINE_UNQUOTED(GNUPG_REGISTRY_DIR, "Software\\\\GNU\\\\GnuPG", [The directory part of the W32 registry keys]) fi diff --git a/dirmngr/crlcache.c b/dirmngr/crlcache.c index 248ad9a..6eeeb8d 100644 --- a/dirmngr/crlcache.c +++ b/dirmngr/crlcache.c @@ -1562,7 +1562,7 @@ start_sig_check (ksba_crl_t crl, gcry_md_hd_t *md, int *algo) should return 0 on a good signature, GPG_ERR_BAD_SIGNATURE if the signature does not verify or any other error code. CRL is the CRL object we are working on, MD the hash context and ISSUER_CERT the - certificate of the CRL issuer. This function closes MD. */ + certificate of the CRL issuer. This function takes ownership of MD. */ static gpg_error_t finish_sig_check (ksba_crl_t crl, gcry_md_hd_t md, int algo, ksba_cert_t issuer_cert) @@ -1646,12 +1646,13 @@ finish_sig_check (ksba_crl_t crl, gcry_md_hd_t md, int algo, /* Call this to match a start_sig_check that can not be completed - normally. */ + normally. Takes ownership of MD if MD is not NULL. */ static void abort_sig_check (ksba_crl_t crl, gcry_md_hd_t md) { (void)crl; - gcry_md_close (md); + if (md) + gcry_md_close (md); } @@ -1842,13 +1843,13 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl, } err = finish_sig_check (crl, md, algo, crlissuer_cert); + md = NULL; /* Closed. */ if (err) { log_error (_("CRL signature verification failed: %s\n"), gpg_strerror (err)); goto failure; } - md = NULL; err = validate_cert_chain (ctrl, crlissuer_cert, NULL, (VALIDATE_FLAG_TRUST_CONFIG @@ -1877,8 +1878,7 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl, failure: - if (md) - abort_sig_check (crl, md); + abort_sig_check (crl, md); ksba_cert_release (crlissuer_cert); return err; } diff --git a/doc/DETAILS b/doc/DETAILS index 0be55f4..e54e8a0 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -394,9 +394,8 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB: *** NEWSIG [<signers_uid>] Is issued right before a signature verification starts. This is useful to define a context for parsing ERROR status messages. - arguments are currently defined. If SIGNERS_UID is given and is - not "-" this is the percent escape value of the OpenPGP Signer's - User ID signature sub-packet. + If SIGNERS_UID is given and is not "-" this is the percent-escaped + value of the OpenPGP Signer's User ID signature sub-packet. *** GOODSIG <long_keyid_or_fpr> <username> The signature with the keyid is good. For each signature only one @@ -1041,15 +1040,16 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB: - 4 :: Key is stored on a smartcard. *** PROGRESS <what> <char> <cur> <total> [<units>] - Used by the primegen and Public key functions to indicate + Used by the primegen and public key functions to indicate progress. <char> is the character displayed with no --status-fd enabled, with the linefeed replaced by an 'X'. <cur> is the current amount done and <total> is amount to be done; a <total> of - 0 indicates that the total amount is not known. The condition + 0 indicates that the total amount is not known. Both are + non-negative integers. The condition : TOTAL && CUR == TOTAL may be used to detect the end of an operation. - Well known values for WHAT are: + Well known values for <what> are: - pk_dsa :: DSA key generation - pk_elg :: Elgamal key generation @@ -1064,7 +1064,9 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB: the data of a smartcard. - card_busy :: A smartcard is still working - <units> is sometines used to describe the units for <current> and + When <what> refers to a file path, it may be truncated. + + <units> is sometimes used to describe the units for <current> and <total>. For example "B", "KiB", or "MiB". *** BACKUP_KEY_CREATED <fingerprint> <fname> diff --git a/doc/Makefile.am b/doc/Makefile.am index 89079b3..aba84ba 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -91,7 +91,7 @@ myman_sources = gnupg7.texi gpg.texi gpgsm.texi gpg-agent.texi \ dirmngr.texi scdaemon.texi tools.texi wks.texi myman_pages = gpgsm.1 gpg-agent.1 dirmngr.8 scdaemon.1 \ watchgnupg.1 gpgconf.1 addgnupghome.8 gpg-preset-passphrase.1 \ - gpg-connect-agent.1 gpgparsemail.1 symcryptrun.1 \ + gpg-connect-agent.1 gpgparsemail.1 symcryptrun.1 gpgtar.1 \ applygnupgdefaults.8 gpg-wks-client.1 gpg-wks-server.1 \ dirmngr-client.1 if USE_GPG2_HACK @@ -110,10 +110,18 @@ CLEANFILES = yat2m mkdefsinc defs.inc DISTCLEANFILES = gnupg.tmp gnupg.ops yat2m-stamp.tmp yat2m-stamp \ gnupg-card-architecture.eps \ gnupg-module-overview.eps \ - $(myman_pages) gpg-zip.1 gnupg.7 + $(myman_pages) gnupg.7 + +if HAVE_YAT2M +YAT2M_CMD = $(YAT2M) +YAT2M_DEP = $(YAT2M) +else +YAT2M_CMD = ./yat2m +YAT2M_DEP = yat2m yat2m: yat2m.c $(CC_FOR_BUILD) -o $@ $(srcdir)/yat2m.c +endif mkdefsinc: mkdefsinc.c Makefile ../config.h $(CC_FOR_BUILD) -I. -I.. -I$(srcdir) $(AM_CPPFLAGS) \ @@ -146,12 +154,12 @@ yat2m-stamp: $(myman_sources) defs.inc @touch yat2m-stamp.tmp incd="`test -f defsincdate || echo '$(srcdir)/'`defsincdate"; \ for file in $(myman_sources) ; do \ - $(YAT2M) $(YAT2M_OPTIONS) --store \ + $(YAT2M_CMD) $(YAT2M_OPTIONS) --store \ --date "`cat $$incd 2>/dev/null`" \ `test -f '$$file' || echo '$(srcdir)/'`$$file ; done @mv -f yat2m-stamp.tmp $@ -yat2m-stamp: $(YAT2M) +yat2m-stamp: $(YAT2M_DEP) $(myman_pages) gnupg.7 : yat2m-stamp defs.inc @if test -f $@; then :; else \ diff --git a/doc/tools.texi b/doc/tools.texi index 332fb01..5104bea 100644 --- a/doc/tools.texi +++ b/doc/tools.texi @@ -20,7 +20,7 @@ GnuPG comes with a couple of smaller tools: * dirmngr-client:: How to use the Dirmngr client tool. * gpgparsemail:: Parse a mail message into an annotated format * symcryptrun:: Call a simple symmetric encryption tool. -* gpg-zip:: Encrypt or sign files into an archive. +* gpgtar:: Encrypt or sign files into an archive. @end menu @c @@ -1894,23 +1894,19 @@ The possible exit status codes of @command{symcryptrun} are: @c -@c GPG-ZIP +@c GPGTAR @c -@c The original manpage on which this section is based was written -@c by Colin Tuckley <colin@tuckley.org> and Daniel Leidert -@c <daniel.leidert@wgdd.de> for the Debian distribution (but may be used by -@c others). -@manpage gpg-zip.1 -@node gpg-zip +@manpage gpgtar.1 +@node gpgtar @section Encrypt or sign files into an archive @ifset manverb -.B gpg-zip +.B gpgtar \- Encrypt or sign files into an archive @end ifset @mansect synopsis @ifset manverb -.B gpg-zip +.B gpgtar .RI [ options ] .I filename1 .I [ filename2, ... ] @@ -1919,61 +1915,130 @@ The possible exit status codes of @command{symcryptrun} are: @end ifset @mansect description -@command{gpg-zip} encrypts or signs files into an archive. It is an +@command{gpgtar} encrypts or signs files into an archive. It is an gpg-ized tar using the same format as used by PGP's PGP Zip. @manpause @noindent -@command{gpg-zip} is invoked this way: +@command{gpgtar} is invoked this way: @example -gpg-zip [options] @var{filename1} [@var{filename2}, ...] @var{directory} [@var{directory2}, ...] +gpgtar [options] @var{filename1} [@var{filename2}, ...] @var{directory} [@var{directory2}, ...] @end example @mansect options @noindent -@command{gpg-zip} understands these options: +@command{gpgtar} understands these options: @table @gnupgtabopt +@item --create +@opindex create +Put given files and directories into a vanilla ``ustar'' archive. + +@item --extract +@opindex extract +Extract all files from a vanilla ``ustar'' archive. + @item --encrypt @itemx -e @opindex encrypt -Encrypt data. This option may be combined with @option{--symmetric} (for output that may be decrypted via a secret key or a passphrase). +Encrypt given files and directories into an archive. This option may +be combined with option @option{--symmetric} for an archive that may +be decrypted via a secret key or a passphrase. @item --decrypt @itemx -d @opindex decrypt -Decrypt data. +Extract all files from an encrypted archive. + +@item --sign +@itemx -s +Make a signed archive from the given files and directories. Thsi can +be combined with option @option{--encrypt} to create a signed and then +encrypted archive. + +@item --list-archive +@itemx -t +@opindex list-archive +List the contents of the specified archive. @item --symmetric @itemx -c Encrypt with a symmetric cipher using a passphrase. The default -symmetric cipher used is CAST5, but may be chosen with the +symmetric cipher used is @value{GPGSYMENCALGO}, but may be chosen with the @option{--cipher-algo} option to @command{gpg}. -@item --sign -@itemx -s -Make a signature. See @command{gpg}. - @item --recipient @var{user} @itemx -r @var{user} @opindex recipient -Encrypt for user id @var{user}. See @command{gpg}. +Encrypt for user id @var{user}. For details see @command{gpg}. @item --local-user @var{user} @itemx -u @var{user} @opindex local-user -Use @var{user} as the key to sign with. See @command{gpg}. - -@item --list-archive -@opindex list-archive -List the contents of the specified archive. +Use @var{user} as the key to sign with. For details see @command{gpg}. @item --output @var{file} @itemx -o @var{file} @opindex output -Write output to specified file @var{file}. +Write the archive to the specified file @var{file}. + +@item --verbose +@itemx -v +@opindex verbose +Enable extra informational output. + +@item --quiet +@itemx -q +@opindex quiet +Try to be as quiet as possible. + +@item --skip-crypto +@opindex skip-crypto +Skip all crypto operations and create or extract vanilla ``ustar'' +archives. + +@item --dry-run +@opindex dry-run +Do not actually output the extracted files. + +@item --directory @var{dir} +@itemx -C @var{dir} +@opindex directory +Extract the files into the directory @var{dir}. The +default is to take the directory name from +the input filename. If no input filename is known a directory named +@file{GPGARCH} is used. + +@item --files-from @var{file} +@itemx -T @var{file} +Take the file names to work from the file @var{file}; one file per +line. + +@item --null +@opindex null +Modify option @option{--files-from} to use a binary nul instead of a +linefeed to separate file names. + +@item --openpgp +@opindex openpgp +This option has no effect becuase OpenPGP encryption and signing is +the default. + +@item --cms +@opindex cms +This option is reserved and shall not be used. It will eventually be +used to encrypt or sign using the CMS protocol; but that is not yet +implemented. + + +@item --set-filename @var{file} +@opindex set-filename +Use the last component of @var{file} as the output directory. The +default is to take the directory name from the input filename. If no +input filename is known a directory named @file{GPGARCH} is used. +This option is deprecated in favor of option @option{--directory}. @item --gpg @var{gpgcmd} @opindex gpg @@ -1981,15 +2046,14 @@ Use the specified command @var{gpgcmd} instead of @command{gpg}. @item --gpg-args @var{args} @opindex gpg-args -Pass the specified options to @command{gpg}. - -@item --tar @var{tarcmd} -@opindex tar -Use the specified command @var{tarcmd} instead of @command{tar}. +Pass the specified extra options to @command{gpg}. @item --tar-args @var{args} @opindex tar-args -Pass the specified options to @command{tar}. +Assume @var{args} are standard options of the command @command{tar} +and parse them. The only supported tar options are "--directory", +"--files-from", and "--null" This is an obsolete options because those +supported tar options can also be given directly. @item --version @opindex version @@ -2017,14 +2081,14 @@ Encrypt the contents of directory @file{mydocs} for user Bob to file @file{test1}: @example -gpg-zip --encrypt --output test1 --gpg-args -r Bob mydocs +gpgtar --encrypt --output test1 -r Bob mydocs @end example @noindent List the contents of archive @file{test1}: @example -gpg-zip --list-archive test1 +gpgtar --list-archive test1 @end example diff --git a/g10/getkey.c b/g10/getkey.c index c58e8ff..f73e443 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -1448,8 +1448,9 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk, if (!rc) { /* Key found. */ - log_info (_("automatically retrieved '%s' via %s\n"), - name, mechanism); + if (opt.verbose) + log_info (_("automatically retrieved '%s' via %s\n"), + name, mechanism); break; } if (gpg_err_code (rc) != GPG_ERR_NO_PUBKEY @@ -4994,7 +4994,7 @@ msgid "Key is superseded" msgstr "Nøglen er blevet afløst" msgid "Key has been compromised" -msgstr "Nøglen er blevet komprimeret" +msgstr "Nøglen er blevet kompromitteret" msgid "Key is no longer used" msgstr "Nøglen bruges ikke længere" @@ -205,7 +205,7 @@ maybe_create_keybox (char *filename, int force, int *r_created) /* The file does not yet exist, create it now. */ oldmask = umask (077); - fp = fopen (filename, "w"); + fp = fopen (filename, "wb"); if (!fp) { rc = gpg_error_from_syserror (); diff --git a/tools/gpgtar-extract.c b/tools/gpgtar-extract.c index b0e17cb..8613d19 100644 --- a/tools/gpgtar-extract.c +++ b/tools/gpgtar-extract.c @@ -345,21 +345,21 @@ gpgtar_extract (const char *filename, int decrypt) dirname = xtrystrdup (opt.directory); else { - if (filename) + if (opt.filename) { - dirprefix = strrchr (filename, '/'); + dirprefix = strrchr (opt.filename, '/'); if (dirprefix) dirprefix++; else - dirprefix = filename; + dirprefix = opt.filename; } - else if (opt.filename) + else if (filename) { - dirprefix = strrchr (opt.filename, '/'); + dirprefix = strrchr (filename, '/'); if (dirprefix) dirprefix++; else - dirprefix = opt.filename; + dirprefix = filename; } if (!dirprefix || !*dirprefix) |