summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--NEWS21
-rw-r--r--README16
-rw-r--r--agent/gpg-agent.c37
-rw-r--r--agent/protect.c14
-rw-r--r--agent/t-protect.c2
-rw-r--r--configure.ac21
-rw-r--r--dirmngr/crlcache.c12
-rw-r--r--doc/DETAILS16
-rw-r--r--doc/Makefile.am16
-rw-r--r--doc/tools.texi136
-rw-r--r--g10/getkey.c5
-rw-r--r--po/da.po2
-rw-r--r--sm/keydb.c2
-rw-r--r--tools/gpgtar-extract.c12
14 files changed, 214 insertions, 98 deletions
diff --git a/NEWS b/NEWS
index 0ffff2f..38a8da1 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,22 @@
+Noteworthy changes in version 2.2.3 (2017-11-20)
+------------------------------------------------
+
+ * gpgsm: Fix initial keybox creation on Windows. [#3507]
+
+ * dirmngr: Fix crash in case of a CRL loading error. [#3510]
+
+ * Fix the name of the Windows registry key. [Git#4f5afaf1fd]
+
+ * gpgtar: Fix wrong behaviour of --set-filename. [#3500]
+
+ * gpg: Silence AKL retrieval messages. [#3504]
+
+ * agent: Use clock or clock_gettime for calibration. [#3056]
+
+ * agent: Improve robustness of the shutdown pending
+ state. [Git#7ffedfab89]
+
+
Noteworthy changes in version 2.2.2 (2017-11-07)
------------------------------------------------
@@ -40,6 +59,8 @@ Noteworthy changes in version 2.2.2 (2017-11-07)
* Add configure option --enable-werror. [#2423]
+ See-also: gnupg-announce/2017q4/000416.html
+
Noteworthy changes in version 2.2.1 (2017-09-19)
------------------------------------------------
diff --git a/README b/README
index dd66dab..23f705a 100644
--- a/README
+++ b/README
@@ -33,11 +33,11 @@
GnuPG 2.2 depends on the following GnuPG related packages:
- npth (ftp://ftp.gnupg.org/gcrypt/npth/)
- libgpg-error (ftp://ftp.gnupg.org/gcrypt/libgpg-error/)
- libgcrypt (ftp://ftp.gnupg.org/gcrypt/libgcrypt/)
- libksba (ftp://ftp.gnupg.org/gcrypt/libksba/)
- libassuan (ftp://ftp.gnupg.org/gcrypt/libassuan/)
+ npth (https://gnupg.org/ftp/gcrypt/npth/)
+ libgpg-error (https://gnupg.org/ftp/gcrypt/libgpg-error/)
+ libgcrypt (https://gnupg.org/ftp/gcrypt/libgcrypt/)
+ libksba (https://gnupg.org/ftp/gcrypt/libksba/)
+ libassuan (https://gnupg.org/ftp/gcrypt/libassuan/)
You should get the latest versions of course, the GnuPG configure
script complains if a version is not sufficient.
@@ -48,7 +48,7 @@
You also need the Pinentry package for most functions of GnuPG;
however it is not a build requirement. Pinentry is available at
- ftp://ftp.gnupg.org/gcrypt/pinentry/ .
+ https://gnupg.org/ftp/gcrypt/pinentry/ .
After building and installing the above packages in the order as
given above, you may continue with GnuPG installation (you may also
@@ -228,7 +228,7 @@
You subscribe to one of the list by sending mail with a subject of
"subscribe" to x-request@gnupg.org, where x is the name of the
mailing list (gnupg-announce, gnupg-users, etc.). See
- https://www.gnupg.org/documentation/mailing-lists.html for archives
+ https://gnupg.org/documentation/mailing-lists.html for archives
of the mailing lists.
Please direct bug reports to [[https://bugs.gnupg.org]] or post them
@@ -241,7 +241,7 @@
authors and we try to answer questions when time allows us.
Commercial grade support for GnuPG is available; for a listing of
- offers see https://www.gnupg.org/service.html . Maintaining and
+ offers see https://gnupg.org/service.html . Maintaining and
improving GnuPG requires a lot of time. Since 2001, g10 Code GmbH,
a German company owned and headed by GnuPG's principal author Werner
Koch, is bearing the majority of these costs. To keep GnuPG in a
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index 2e19d19..0b2b982 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -3000,27 +3000,34 @@ handle_connections (gnupg_fd_t listen_fd,
next timeout. */
continue;
+ /* The inotify fds are set even when a shutdown is pending (see
+ * above). So we must handle them in any case. To avoid that
+ * they trigger a second time we close them immediately. */
+ if (sock_inotify_fd != -1
+ && FD_ISSET (sock_inotify_fd, &read_fdset)
+ && gnupg_inotify_has_name (sock_inotify_fd, GPG_AGENT_SOCK_NAME))
+ {
+ shutdown_pending = 1;
+ close (sock_inotify_fd);
+ sock_inotify_fd = -1;
+ log_info ("socket file has been removed - shutting down\n");
+ }
+
+ if (home_inotify_fd != -1
+ && FD_ISSET (home_inotify_fd, &read_fdset))
+ {
+ shutdown_pending = 1;
+ close (home_inotify_fd);
+ home_inotify_fd = -1;
+ log_info ("homedir has been removed - shutting down\n");
+ }
+
if (!shutdown_pending)
{
int idx;
ctrl_t ctrl;
npth_t thread;
- if (sock_inotify_fd != -1
- && FD_ISSET (sock_inotify_fd, &read_fdset)
- && gnupg_inotify_has_name (sock_inotify_fd, GPG_AGENT_SOCK_NAME))
- {
- shutdown_pending = 1;
- log_info ("socket file has been removed - shutting down\n");
- }
-
- if (home_inotify_fd != -1
- && FD_ISSET (home_inotify_fd, &read_fdset))
- {
- shutdown_pending = 1;
- log_info ("homedir has been removed - shutting down\n");
- }
-
for (idx=0; idx < DIM(listentbl); idx++)
{
if (listentbl[idx].l_fd == GNUPG_INVALID_FD)
diff --git a/agent/protect.c b/agent/protect.c
index 3073fc4..9bb2da6 100644
--- a/agent/protect.c
+++ b/agent/protect.c
@@ -23,6 +23,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <time.h>
#include <ctype.h>
#include <assert.h>
#include <unistd.h>
@@ -104,11 +105,14 @@ calibrate_get_time (struct calibrate_time_s *data)
&data->creation_time, &data->exit_time,
&data->kernel_time, &data->user_time);
# endif
-#else
- struct tms tmp;
+#elif defined (CLOCK_THREAD_CPUTIME_ID)
+ struct timespec tmp;
- times (&tmp);
- data->ticks = tmp.tms_utime;
+ clock_gettime (CLOCK_THREAD_CPUTIME_ID, &tmp);
+ data->ticks = (clock_t)(((unsigned long long)tmp.tv_sec * 1000000000 +
+ tmp.tv_nsec) * CLOCKS_PER_SEC / 1000000000);
+#else
+ data->ticks = clock ();
#endif
}
@@ -135,7 +139,7 @@ calibrate_elapsed_time (struct calibrate_time_s *starttime)
}
#else
return (unsigned long)((((double) (stoptime.ticks - starttime->ticks))
- /CLOCKS_PER_SEC)*10000000);
+ /CLOCKS_PER_SEC)*1000);
#endif
}
diff --git a/agent/t-protect.c b/agent/t-protect.c
index 1d3c8ec..92d312c 100644
--- a/agent/t-protect.c
+++ b/agent/t-protect.c
@@ -322,9 +322,9 @@ test_agent_protect_shared_secret (void)
int
main (int argc, char **argv)
{
- (void)argc;
(void)argv;
+ opt.verbose = argc - 1; /* We can do "./t-protect -v -v" */
gcry_control (GCRYCTL_DISABLE_SECMEM);
test_agent_protect ();
diff --git a/configure.ac b/configure.ac
index dc1fc1a..fb6f0da 100644
--- a/configure.ac
+++ b/configure.ac
@@ -28,7 +28,7 @@ min_automake_version="1.14"
m4_define([mym4_package],[gnupg])
m4_define([mym4_major], [2])
m4_define([mym4_minor], [2])
-m4_define([mym4_micro], [2])
+m4_define([mym4_micro], [3])
# To start a new development series, i.e a new major or minor number
# you need to mark an arbitrary commit before the first beta release
@@ -602,8 +602,9 @@ AC_PROG_RANLIB
AC_CHECK_TOOL(AR, ar, :)
AC_PATH_PROG(PERL,"perl")
AC_CHECK_TOOL(WINDRES, windres, :)
-AC_PATH_PROG(YAT2M, "yat2m", "./yat2m" )
+AC_PATH_PROG(YAT2M, "yat2m")
AC_ARG_VAR(YAT2M, [tool to convert texi to man pages])
+AM_CONDITIONAL(HAVE_YAT2M, test -n "$ac_cv_path_YAT2M")
AC_ISC_POSIX
AC_SYS_LARGEFILE
GNUPG_CHECK_USTAR
@@ -1611,12 +1612,20 @@ if test "$GCC" = yes; then
mycflags="$mycflags -Wdeclaration-after-statement"
fi
- AC_MSG_CHECKING([if gcc supports -Wlogical-op and -Wvla])
- CFLAGS="-Wlogical-op -Wvla"
+ AC_MSG_CHECKING([if gcc supports -Wlogical-op])
+ CFLAGS="-Wlogical-op -Werror"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no)
AC_MSG_RESULT($_gcc_wopt)
if test x"$_gcc_wopt" = xyes ; then
- mycflags="$mycflags -Wlogical-op -Wvla"
+ mycflags="$mycflags -Wlogical-op"
+ fi
+
+ AC_MSG_CHECKING([if gcc supports -Wvla])
+ CFLAGS="-Wvla"
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no)
+ AC_MSG_RESULT($_gcc_wopt)
+ if test x"$_gcc_wopt" = xyes ; then
+ mycflags="$mycflags -Wvla"
fi
else
@@ -1814,7 +1823,7 @@ AC_DEFINE_UNQUOTED(DIRMNGR_DEFAULT_KEYSERVER,
AC_DEFINE_UNQUOTED(GPGEXT_GPG, "gpg", [The standard binary file suffix])
if test "$have_w32_system" = yes; then
- AC_DEFINE_UNQUOTED(GNUPG_REGISTRY_DIR, "\\\\Software\\\\GNU\\\\GnuPG",
+ AC_DEFINE_UNQUOTED(GNUPG_REGISTRY_DIR, "Software\\\\GNU\\\\GnuPG",
[The directory part of the W32 registry keys])
fi
diff --git a/dirmngr/crlcache.c b/dirmngr/crlcache.c
index 248ad9a..6eeeb8d 100644
--- a/dirmngr/crlcache.c
+++ b/dirmngr/crlcache.c
@@ -1562,7 +1562,7 @@ start_sig_check (ksba_crl_t crl, gcry_md_hd_t *md, int *algo)
should return 0 on a good signature, GPG_ERR_BAD_SIGNATURE if the
signature does not verify or any other error code. CRL is the CRL
object we are working on, MD the hash context and ISSUER_CERT the
- certificate of the CRL issuer. This function closes MD. */
+ certificate of the CRL issuer. This function takes ownership of MD. */
static gpg_error_t
finish_sig_check (ksba_crl_t crl, gcry_md_hd_t md, int algo,
ksba_cert_t issuer_cert)
@@ -1646,12 +1646,13 @@ finish_sig_check (ksba_crl_t crl, gcry_md_hd_t md, int algo,
/* Call this to match a start_sig_check that can not be completed
- normally. */
+ normally. Takes ownership of MD if MD is not NULL. */
static void
abort_sig_check (ksba_crl_t crl, gcry_md_hd_t md)
{
(void)crl;
- gcry_md_close (md);
+ if (md)
+ gcry_md_close (md);
}
@@ -1842,13 +1843,13 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl,
}
err = finish_sig_check (crl, md, algo, crlissuer_cert);
+ md = NULL; /* Closed. */
if (err)
{
log_error (_("CRL signature verification failed: %s\n"),
gpg_strerror (err));
goto failure;
}
- md = NULL;
err = validate_cert_chain (ctrl, crlissuer_cert, NULL,
(VALIDATE_FLAG_TRUST_CONFIG
@@ -1877,8 +1878,7 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl,
failure:
- if (md)
- abort_sig_check (crl, md);
+ abort_sig_check (crl, md);
ksba_cert_release (crlissuer_cert);
return err;
}
diff --git a/doc/DETAILS b/doc/DETAILS
index 0be55f4..e54e8a0 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -394,9 +394,8 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
*** NEWSIG [<signers_uid>]
Is issued right before a signature verification starts. This is
useful to define a context for parsing ERROR status messages.
- arguments are currently defined. If SIGNERS_UID is given and is
- not "-" this is the percent escape value of the OpenPGP Signer's
- User ID signature sub-packet.
+ If SIGNERS_UID is given and is not "-" this is the percent-escaped
+ value of the OpenPGP Signer's User ID signature sub-packet.
*** GOODSIG <long_keyid_or_fpr> <username>
The signature with the keyid is good. For each signature only one
@@ -1041,15 +1040,16 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
- 4 :: Key is stored on a smartcard.
*** PROGRESS <what> <char> <cur> <total> [<units>]
- Used by the primegen and Public key functions to indicate
+ Used by the primegen and public key functions to indicate
progress. <char> is the character displayed with no --status-fd
enabled, with the linefeed replaced by an 'X'. <cur> is the
current amount done and <total> is amount to be done; a <total> of
- 0 indicates that the total amount is not known. The condition
+ 0 indicates that the total amount is not known. Both are
+ non-negative integers. The condition
: TOTAL && CUR == TOTAL
may be used to detect the end of an operation.
- Well known values for WHAT are:
+ Well known values for <what> are:
- pk_dsa :: DSA key generation
- pk_elg :: Elgamal key generation
@@ -1064,7 +1064,9 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
the data of a smartcard.
- card_busy :: A smartcard is still working
- <units> is sometines used to describe the units for <current> and
+ When <what> refers to a file path, it may be truncated.
+
+ <units> is sometimes used to describe the units for <current> and
<total>. For example "B", "KiB", or "MiB".
*** BACKUP_KEY_CREATED <fingerprint> <fname>
diff --git a/doc/Makefile.am b/doc/Makefile.am
index 89079b3..aba84ba 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -91,7 +91,7 @@ myman_sources = gnupg7.texi gpg.texi gpgsm.texi gpg-agent.texi \
dirmngr.texi scdaemon.texi tools.texi wks.texi
myman_pages = gpgsm.1 gpg-agent.1 dirmngr.8 scdaemon.1 \
watchgnupg.1 gpgconf.1 addgnupghome.8 gpg-preset-passphrase.1 \
- gpg-connect-agent.1 gpgparsemail.1 symcryptrun.1 \
+ gpg-connect-agent.1 gpgparsemail.1 symcryptrun.1 gpgtar.1 \
applygnupgdefaults.8 gpg-wks-client.1 gpg-wks-server.1 \
dirmngr-client.1
if USE_GPG2_HACK
@@ -110,10 +110,18 @@ CLEANFILES = yat2m mkdefsinc defs.inc
DISTCLEANFILES = gnupg.tmp gnupg.ops yat2m-stamp.tmp yat2m-stamp \
gnupg-card-architecture.eps \
gnupg-module-overview.eps \
- $(myman_pages) gpg-zip.1 gnupg.7
+ $(myman_pages) gnupg.7
+
+if HAVE_YAT2M
+YAT2M_CMD = $(YAT2M)
+YAT2M_DEP = $(YAT2M)
+else
+YAT2M_CMD = ./yat2m
+YAT2M_DEP = yat2m
yat2m: yat2m.c
$(CC_FOR_BUILD) -o $@ $(srcdir)/yat2m.c
+endif
mkdefsinc: mkdefsinc.c Makefile ../config.h
$(CC_FOR_BUILD) -I. -I.. -I$(srcdir) $(AM_CPPFLAGS) \
@@ -146,12 +154,12 @@ yat2m-stamp: $(myman_sources) defs.inc
@touch yat2m-stamp.tmp
incd="`test -f defsincdate || echo '$(srcdir)/'`defsincdate"; \
for file in $(myman_sources) ; do \
- $(YAT2M) $(YAT2M_OPTIONS) --store \
+ $(YAT2M_CMD) $(YAT2M_OPTIONS) --store \
--date "`cat $$incd 2>/dev/null`" \
`test -f '$$file' || echo '$(srcdir)/'`$$file ; done
@mv -f yat2m-stamp.tmp $@
-yat2m-stamp: $(YAT2M)
+yat2m-stamp: $(YAT2M_DEP)
$(myman_pages) gnupg.7 : yat2m-stamp defs.inc
@if test -f $@; then :; else \
diff --git a/doc/tools.texi b/doc/tools.texi
index 332fb01..5104bea 100644
--- a/doc/tools.texi
+++ b/doc/tools.texi
@@ -20,7 +20,7 @@ GnuPG comes with a couple of smaller tools:
* dirmngr-client:: How to use the Dirmngr client tool.
* gpgparsemail:: Parse a mail message into an annotated format
* symcryptrun:: Call a simple symmetric encryption tool.
-* gpg-zip:: Encrypt or sign files into an archive.
+* gpgtar:: Encrypt or sign files into an archive.
@end menu
@c
@@ -1894,23 +1894,19 @@ The possible exit status codes of @command{symcryptrun} are:
@c
-@c GPG-ZIP
+@c GPGTAR
@c
-@c The original manpage on which this section is based was written
-@c by Colin Tuckley <colin@tuckley.org> and Daniel Leidert
-@c <daniel.leidert@wgdd.de> for the Debian distribution (but may be used by
-@c others).
-@manpage gpg-zip.1
-@node gpg-zip
+@manpage gpgtar.1
+@node gpgtar
@section Encrypt or sign files into an archive
@ifset manverb
-.B gpg-zip
+.B gpgtar
\- Encrypt or sign files into an archive
@end ifset
@mansect synopsis
@ifset manverb
-.B gpg-zip
+.B gpgtar
.RI [ options ]
.I filename1
.I [ filename2, ... ]
@@ -1919,61 +1915,130 @@ The possible exit status codes of @command{symcryptrun} are:
@end ifset
@mansect description
-@command{gpg-zip} encrypts or signs files into an archive. It is an
+@command{gpgtar} encrypts or signs files into an archive. It is an
gpg-ized tar using the same format as used by PGP's PGP Zip.
@manpause
@noindent
-@command{gpg-zip} is invoked this way:
+@command{gpgtar} is invoked this way:
@example
-gpg-zip [options] @var{filename1} [@var{filename2}, ...] @var{directory} [@var{directory2}, ...]
+gpgtar [options] @var{filename1} [@var{filename2}, ...] @var{directory} [@var{directory2}, ...]
@end example
@mansect options
@noindent
-@command{gpg-zip} understands these options:
+@command{gpgtar} understands these options:
@table @gnupgtabopt
+@item --create
+@opindex create
+Put given files and directories into a vanilla ``ustar'' archive.
+
+@item --extract
+@opindex extract
+Extract all files from a vanilla ``ustar'' archive.
+
@item --encrypt
@itemx -e
@opindex encrypt
-Encrypt data. This option may be combined with @option{--symmetric} (for output that may be decrypted via a secret key or a passphrase).
+Encrypt given files and directories into an archive. This option may
+be combined with option @option{--symmetric} for an archive that may
+be decrypted via a secret key or a passphrase.
@item --decrypt
@itemx -d
@opindex decrypt
-Decrypt data.
+Extract all files from an encrypted archive.
+
+@item --sign
+@itemx -s
+Make a signed archive from the given files and directories. Thsi can
+be combined with option @option{--encrypt} to create a signed and then
+encrypted archive.
+
+@item --list-archive
+@itemx -t
+@opindex list-archive
+List the contents of the specified archive.
@item --symmetric
@itemx -c
Encrypt with a symmetric cipher using a passphrase. The default
-symmetric cipher used is CAST5, but may be chosen with the
+symmetric cipher used is @value{GPGSYMENCALGO}, but may be chosen with the
@option{--cipher-algo} option to @command{gpg}.
-@item --sign
-@itemx -s
-Make a signature. See @command{gpg}.
-
@item --recipient @var{user}
@itemx -r @var{user}
@opindex recipient
-Encrypt for user id @var{user}. See @command{gpg}.
+Encrypt for user id @var{user}. For details see @command{gpg}.
@item --local-user @var{user}
@itemx -u @var{user}
@opindex local-user
-Use @var{user} as the key to sign with. See @command{gpg}.
-
-@item --list-archive
-@opindex list-archive
-List the contents of the specified archive.
+Use @var{user} as the key to sign with. For details see @command{gpg}.
@item --output @var{file}
@itemx -o @var{file}
@opindex output
-Write output to specified file @var{file}.
+Write the archive to the specified file @var{file}.
+
+@item --verbose
+@itemx -v
+@opindex verbose
+Enable extra informational output.
+
+@item --quiet
+@itemx -q
+@opindex quiet
+Try to be as quiet as possible.
+
+@item --skip-crypto
+@opindex skip-crypto
+Skip all crypto operations and create or extract vanilla ``ustar''
+archives.
+
+@item --dry-run
+@opindex dry-run
+Do not actually output the extracted files.
+
+@item --directory @var{dir}
+@itemx -C @var{dir}
+@opindex directory
+Extract the files into the directory @var{dir}. The
+default is to take the directory name from
+the input filename. If no input filename is known a directory named
+@file{GPGARCH} is used.
+
+@item --files-from @var{file}
+@itemx -T @var{file}
+Take the file names to work from the file @var{file}; one file per
+line.
+
+@item --null
+@opindex null
+Modify option @option{--files-from} to use a binary nul instead of a
+linefeed to separate file names.
+
+@item --openpgp
+@opindex openpgp
+This option has no effect becuase OpenPGP encryption and signing is
+the default.
+
+@item --cms
+@opindex cms
+This option is reserved and shall not be used. It will eventually be
+used to encrypt or sign using the CMS protocol; but that is not yet
+implemented.
+
+
+@item --set-filename @var{file}
+@opindex set-filename
+Use the last component of @var{file} as the output directory. The
+default is to take the directory name from the input filename. If no
+input filename is known a directory named @file{GPGARCH} is used.
+This option is deprecated in favor of option @option{--directory}.
@item --gpg @var{gpgcmd}
@opindex gpg
@@ -1981,15 +2046,14 @@ Use the specified command @var{gpgcmd} instead of @command{gpg}.
@item --gpg-args @var{args}
@opindex gpg-args
-Pass the specified options to @command{gpg}.
-
-@item --tar @var{tarcmd}
-@opindex tar
-Use the specified command @var{tarcmd} instead of @command{tar}.
+Pass the specified extra options to @command{gpg}.
@item --tar-args @var{args}
@opindex tar-args
-Pass the specified options to @command{tar}.
+Assume @var{args} are standard options of the command @command{tar}
+and parse them. The only supported tar options are "--directory",
+"--files-from", and "--null" This is an obsolete options because those
+supported tar options can also be given directly.
@item --version
@opindex version
@@ -2017,14 +2081,14 @@ Encrypt the contents of directory @file{mydocs} for user Bob to file
@file{test1}:
@example
-gpg-zip --encrypt --output test1 --gpg-args -r Bob mydocs
+gpgtar --encrypt --output test1 -r Bob mydocs
@end example
@noindent
List the contents of archive @file{test1}:
@example
-gpg-zip --list-archive test1
+gpgtar --list-archive test1
@end example
diff --git a/g10/getkey.c b/g10/getkey.c
index c58e8ff..f73e443 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1448,8 +1448,9 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
if (!rc)
{
/* Key found. */
- log_info (_("automatically retrieved '%s' via %s\n"),
- name, mechanism);
+ if (opt.verbose)
+ log_info (_("automatically retrieved '%s' via %s\n"),
+ name, mechanism);
break;
}
if (gpg_err_code (rc) != GPG_ERR_NO_PUBKEY
diff --git a/po/da.po b/po/da.po
index bd6e9c5..abc1257 100644
--- a/po/da.po
+++ b/po/da.po
@@ -4994,7 +4994,7 @@ msgid "Key is superseded"
msgstr "Nøglen er blevet afløst"
msgid "Key has been compromised"
-msgstr "Nøglen er blevet komprimeret"
+msgstr "Nøglen er blevet kompromitteret"
msgid "Key is no longer used"
msgstr "Nøglen bruges ikke længere"
diff --git a/sm/keydb.c b/sm/keydb.c
index 87fc12d..d85679a 100644
--- a/sm/keydb.c
+++ b/sm/keydb.c
@@ -205,7 +205,7 @@ maybe_create_keybox (char *filename, int force, int *r_created)
/* The file does not yet exist, create it now. */
oldmask = umask (077);
- fp = fopen (filename, "w");
+ fp = fopen (filename, "wb");
if (!fp)
{
rc = gpg_error_from_syserror ();
diff --git a/tools/gpgtar-extract.c b/tools/gpgtar-extract.c
index b0e17cb..8613d19 100644
--- a/tools/gpgtar-extract.c
+++ b/tools/gpgtar-extract.c
@@ -345,21 +345,21 @@ gpgtar_extract (const char *filename, int decrypt)
dirname = xtrystrdup (opt.directory);
else
{
- if (filename)
+ if (opt.filename)
{
- dirprefix = strrchr (filename, '/');
+ dirprefix = strrchr (opt.filename, '/');
if (dirprefix)
dirprefix++;
else
- dirprefix = filename;
+ dirprefix = opt.filename;
}
- else if (opt.filename)
+ else if (filename)
{
- dirprefix = strrchr (opt.filename, '/');
+ dirprefix = strrchr (filename, '/');
if (dirprefix)
dirprefix++;
else
- dirprefix = opt.filename;
+ dirprefix = filename;
}
if (!dirprefix || !*dirprefix)