[Pkg-gnupg-commit] [gnupg2] 01/04: import several upstream bugfix patches (Closes: #846834)
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Dec 6 01:31:20 UTC 2016
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit c83fe65170b6db1478d1db72da1f1d396012fd2c
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Mon Dec 5 12:44:18 2016 -0500
import several upstream bugfix patches (Closes: #846834)
---
.../patches/0014-scd-Fix-receive-buffer-size.patch | 35 +++
.../0015-scd-Support-OpenPGP-card-V3-for-RSA.patch | 180 +++++++++++
...016-g10-Fix-iteration-over-getkey-results.patch | 28 ++
...dirmngr-Lazily-launch-ldap-reaper-thread.patch} | 15 +-
debian/patches/0018-g10-Fix-memory-leak.patch | 46 +++
...e-the-two-versions-of-check_special_filen.patch | 336 +++++++++++++++++++++
...20-gpg-Make-decrypt-with-output-nnnn-work.patch | 48 +++
...-decryption-with-a-card-returning-a-PKCS-.patch | 34 +++
...rmngr-Handle-corner-case-in-shutdown-mode.patch | 80 +++++
.../0023-agent-dirmngr-Tiny-restructuring.patch | 90 ++++++
...y-Dirmngr-decide-whether-CERT-is-supporte.patch | 64 ++++
...-Fix-error-code-arg-in-ERRSIG-status-line.patch | 28 ++
...void-automatically-checking-upstream-swdb.patch | 6 +-
.../0005-dirmngr-Drop-useless-housekeeping.patch | 14 +-
debian/patches/series | 13 +-
15 files changed, 999 insertions(+), 18 deletions(-)
diff --git a/debian/patches/0014-scd-Fix-receive-buffer-size.patch b/debian/patches/0014-scd-Fix-receive-buffer-size.patch
new file mode 100644
index 0000000..552bd54
--- /dev/null
+++ b/debian/patches/0014-scd-Fix-receive-buffer-size.patch
@@ -0,0 +1,35 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Tue, 22 Nov 2016 20:53:57 +0900
+Subject: scd: Fix receive buffer size.
+
+* scd/apdu.c (send_le): Fix the size, adding two for status
+bytes to Le.
+
+--
+
+This is long standing bug. So far, Le was not exact value.
+Since forthcoming change will introduce exact value of expected length
+of response data, this change is needed.
+
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit 5c2db9dedfe9dbb14ffec24751ca23a69cead94e)
+---
+ scd/apdu.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/scd/apdu.c b/scd/apdu.c
+index 54f3b30..b32fe80 100644
+--- a/scd/apdu.c
++++ b/scd/apdu.c
+@@ -3757,8 +3757,9 @@ send_le (int slot, int class, int ins, int p0, int p1,
+
+ if (use_extended_length && (le > 256 || le < 0))
+ {
+- result_buffer_size = le < 0? 4096 : le;
+- result_buffer = xtrymalloc (result_buffer_size + 10);
++ /* Two more bytes are needed for status bytes. */
++ result_buffer_size = le < 0? 4096 : (le + 2);
++ result_buffer = xtrymalloc (result_buffer_size);
+ if (!result_buffer)
+ {
+ xfree (apdu_buffer);
diff --git a/debian/patches/0015-scd-Support-OpenPGP-card-V3-for-RSA.patch b/debian/patches/0015-scd-Support-OpenPGP-card-V3-for-RSA.patch
new file mode 100644
index 0000000..3759854
--- /dev/null
+++ b/debian/patches/0015-scd-Support-OpenPGP-card-V3-for-RSA.patch
@@ -0,0 +1,180 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Fri, 25 Nov 2016 16:12:26 +0900
+Subject: scd: Support OpenPGP card V3 for RSA.
+
+* scd/app-openpgp.c (struct app_local_s): Remove max_cmd_data and
+max_rsp_data fields as Extended Capabilities bits are different.
+(get_cached_data) Use extcap.max_certlen_3.
+(get_one_do): Don't use exmode=1.
+(determine_rsa_response): New.
+(get_public_key, do_genkey): Call determine_rsa_response.
+(do_sign): Use keyattr[0].rsa.n_bits / 8, instead of max_rsp_data.
+(do_auth): Use keyattr[2].rsa.n_bits / 8, instead of max_rsp_data.
+(do_decipher): Likewise with Use keyattr[1].rsa.n_bits / 8.
+(show_caps): Remove max_cmd_data and max_rsp_data.
+(app_select_openpgp): Likewise.
+
+--
+
+OpenPGP card V3 had introduced incompatible change in Extended
+Capabilities bits. We can work around by this change by not
+using those bits.
+
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit b89e63e5c326af71470124b410e6429cbd2b5c43)
+---
+ scd/app-openpgp.c | 61 ++++++++++++++++++++++++++++++++++---------------------
+ 1 file changed, 38 insertions(+), 23 deletions(-)
+
+diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
+index d1c9efe..8de9b80 100644
+--- a/scd/app-openpgp.c
++++ b/scd/app-openpgp.c
+@@ -197,8 +197,6 @@ struct app_local_s {
+ unsigned int sm_algo:2; /* Symmetric crypto algo for SM. */
+ unsigned int max_certlen_3:16;
+ unsigned int max_get_challenge:16; /* Maximum size for get_challenge. */
+- unsigned int max_cmd_data:16; /* Maximum data size for a command. */
+- unsigned int max_rsp_data:16; /* Maximum size of a response. */
+ } extcap;
+
+ /* Flags used to control the application. */
+@@ -325,7 +323,7 @@ get_cached_data (app_t app, int tag,
+ }
+
+ if (try_extlen && app->app_local->cardcap.ext_lc_le)
+- exmode = app->app_local->extcap.max_rsp_data;
++ exmode = app->app_local->extcap.max_certlen_3;
+ else
+ exmode = 0;
+
+@@ -455,10 +453,7 @@ get_one_do (app_t app, int tag, unsigned char **result, size_t *nbytes,
+
+ if (app->card_version > 0x0100 && data_objects[i].get_immediate_in_v11)
+ {
+- if (data_objects[i].try_extlen && app->app_local->cardcap.ext_lc_le)
+- exmode = app->app_local->extcap.max_rsp_data;
+- else
+- exmode = 0;
++ exmode = 0;
+ rc = iso7816_get_data (app->slot, exmode, tag, &buffer, &buflen);
+ if (rc)
+ {
+@@ -922,6 +917,22 @@ send_key_attr (ctrl_t ctrl, app_t app, const char *keyword, int keyno)
+ }
+
+
++#define RSA_SMALL_SIZE_KEY 1952
++#define RSA_SMALL_SIZE_OP 2048
++
++static int
++determine_rsa_response (app_t app, int keyno)
++{
++ int size;
++
++ size = 2 + 3 /* header */
++ + 4 /* tag+len */ + app->app_local->keyattr[keyno].rsa.n_bits/8
++ + 2 /* tag+len */ + app->app_local->keyattr[keyno].rsa.e_bits/8;
++
++ return size;
++}
++
++
+ /* Implement the GETATTR command. This is similar to the LEARN
+ command but returns just one value via the status interface. */
+ static gpg_error_t
+@@ -1531,10 +1542,12 @@ get_public_key (app_t app, int keyno)
+ int exmode, le_value;
+
+ /* We may simply read the public key out of these cards. */
+- if (app->app_local->cardcap.ext_lc_le)
++ if (app->app_local->cardcap.ext_lc_le
++ && app->app_local->keyattr[keyno].key_type == KEY_TYPE_RSA
++ && app->app_local->keyattr[keyno].rsa.n_bits > RSA_SMALL_SIZE_KEY)
+ {
+ exmode = 1; /* Use extended length. */
+- le_value = app->app_local->extcap.max_rsp_data;
++ le_value = determine_rsa_response (app, keyno);
+ }
+ else
+ {
+@@ -3769,12 +3782,11 @@ do_genkey (app_t app, ctrl_t ctrl, const char *keynostr, unsigned int flags,
+ if (keybits > 4096)
+ return gpg_error (GPG_ERR_TOO_LARGE);
+
+- /* Test whether we will need extended length mode. (1900 is an
+- arbitrary length which for sure fits into a short apdu.) */
+- if (app->app_local->cardcap.ext_lc_le && keybits > 1900)
++ if (app->app_local->cardcap.ext_lc_le && keybits > RSA_SMALL_SIZE_KEY
++ && app->app_local->keyattr[keyno].key_type == KEY_TYPE_RSA)
+ {
+ exmode = 1; /* Use extended length w/o a limit. */
+- le_value = app->app_local->extcap.max_rsp_data;
++ le_value = determine_rsa_response (app, keyno);
+ /* No need to check le_value because it comes from a 16 bit
+ value and thus can't create an overflow on a 32 bit
+ system. */
+@@ -4122,10 +4134,12 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
+ }
+
+
+- if (app->app_local->cardcap.ext_lc_le)
++ if (app->app_local->cardcap.ext_lc_le
++ && app->app_local->keyattr[0].key_type == KEY_TYPE_RSA
++ && app->app_local->keyattr[0].rsa.n_bits > RSA_SMALL_SIZE_OP)
+ {
+ exmode = 1; /* Use extended length. */
+- le_value = app->app_local->extcap.max_rsp_data;
++ le_value = app->app_local->keyattr[0].rsa.n_bits / 8;
+ }
+ else
+ {
+@@ -4225,10 +4239,12 @@ do_auth (app_t app, const char *keyidstr,
+ {
+ int exmode, le_value;
+
+- if (app->app_local->cardcap.ext_lc_le)
++ if (app->app_local->cardcap.ext_lc_le
++ && app->app_local->keyattr[2].key_type == KEY_TYPE_RSA
++ && app->app_local->keyattr[2].rsa.n_bits > RSA_SMALL_SIZE_OP)
+ {
+ exmode = 1; /* Use extended length. */
+- le_value = app->app_local->extcap.max_rsp_data;
++ le_value = app->app_local->keyattr[2].rsa.n_bits / 8;
+ }
+ else
+ {
+@@ -4417,10 +4433,13 @@ do_decipher (app_t app, const char *keyidstr,
+ else
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+- if (app->app_local->cardcap.ext_lc_le && indatalen > 254 )
++ if (app->app_local->cardcap.ext_lc_le
++ && (indatalen > 254
++ || (app->app_local->keyattr[1].key_type == KEY_TYPE_RSA
++ && app->app_local->keyattr[1].rsa.n_bits > RSA_SMALL_SIZE_OP)))
+ {
+ exmode = 1; /* Extended length w/o a limit. */
+- le_value = app->app_local->extcap.max_rsp_data;
++ le_value = app->app_local->keyattr[1].rsa.n_bits / 8;
+ }
+ else if (app->app_local->cardcap.cmd_chaining && indatalen > 254)
+ {
+@@ -4578,8 +4597,6 @@ show_caps (struct app_local_s *s)
+ log_printf (" (%s)", s->extcap.sm_algo==2? "3DES":
+ (s->extcap.sm_algo==2? "AES-128" : "AES-256"));
+ log_info ("Max-Cert3-Len ..: %u\n", s->extcap.max_certlen_3);
+- log_info ("Max-Cmd-Data ...: %u\n", s->extcap.max_cmd_data);
+- log_info ("Max-Rsp-Data ...: %u\n", s->extcap.max_rsp_data);
+ log_info ("Cmd-Chaining ...: %s\n", s->cardcap.cmd_chaining?"yes":"no");
+ log_info ("Ext-Lc-Le ......: %s\n", s->cardcap.ext_lc_le?"yes":"no");
+ log_info ("Status Indicator: %02X\n", s->status_indicator);
+@@ -4883,8 +4900,6 @@ app_select_openpgp (app_t app)
+ app->app_local->extcap.max_get_challenge
+ = (buffer[2] << 8 | buffer[3]);
+ app->app_local->extcap.max_certlen_3 = (buffer[4] << 8 | buffer[5]);
+- app->app_local->extcap.max_cmd_data = (buffer[6] << 8 | buffer[7]);
+- app->app_local->extcap.max_rsp_data = (buffer[8] << 8 | buffer[9]);
+ }
+ xfree (relptr);
+
diff --git a/debian/patches/0016-g10-Fix-iteration-over-getkey-results.patch b/debian/patches/0016-g10-Fix-iteration-over-getkey-results.patch
new file mode 100644
index 0000000..7364a15
--- /dev/null
+++ b/debian/patches/0016-g10-Fix-iteration-over-getkey-results.patch
@@ -0,0 +1,28 @@
+From: Justus Winter <justus at g10code.com>
+Date: Mon, 28 Nov 2016 13:36:56 +0100
+Subject: g10: Fix iteration over getkey results.
+
+* g10/getkey.c (getkey_next): Only ask 'lookup' for the exact match if
+our caller requested the key. Fixes a crash in 'lookup'.
+
+GnuPG-bug-id: 2848
+Fixes-commit: 1d03cc77e1706f7da653153ad4b58c61e4fd2573
+Signed-off-by: Justus Winter <justus at g10code.com>
+(cherry picked from commit 4db9a425644dccaf81b51ebc97b32a9cc21941a4)
+---
+ g10/getkey.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/g10/getkey.c b/g10/getkey.c
+index f0e33c5..30b456f 100644
+--- a/g10/getkey.c
++++ b/g10/getkey.c
+@@ -2178,7 +2178,7 @@ getkey_next (getkey_ctx_t ctx, PKT_public_key *pk, kbnode_t *ret_keyblock)
+ if (pk && ret_keyblock == NULL)
+ ret_keyblock = &keyblock;
+
+- rc = lookup (ctx, ret_keyblock, &found_key, ctx->want_secret);
++ rc = lookup (ctx, ret_keyblock, pk ? &found_key : NULL, ctx->want_secret);
+ if (!rc && pk)
+ {
+ log_assert (found_key);
diff --git a/debian/patches/dirmngr-idling/0003-dirmngr-Lazily-launch-ldap-reaper-thread.patch b/debian/patches/0017-dirmngr-Lazily-launch-ldap-reaper-thread.patch
similarity index 90%
rename from debian/patches/dirmngr-idling/0003-dirmngr-Lazily-launch-ldap-reaper-thread.patch
rename to debian/patches/0017-dirmngr-Lazily-launch-ldap-reaper-thread.patch
index 5aa2ee3..db3a9e3 100644
--- a/debian/patches/dirmngr-idling/0003-dirmngr-Lazily-launch-ldap-reaper-thread.patch
+++ b/debian/patches/0017-dirmngr-Lazily-launch-ldap-reaper-thread.patch
@@ -30,16 +30,17 @@ that developers can run tests against, i would be happy to hear about
it.
Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
+(cherry-picked from f6728d13e8e544dbd4b9351ed981613e5504293f)
---
dirmngr/dirmngr.c | 18 ------------------
dirmngr/ldap-wrapper.c | 5 +++--
2 files changed, 3 insertions(+), 20 deletions(-)
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
-index 49a7835..4ad4440 100644
+index e46a889..e03aa33 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
-@@ -989,9 +989,6 @@ main (int argc, char **argv)
+@@ -982,9 +982,6 @@ main (int argc, char **argv)
thread_init ();
cert_cache_init ();
crl_cache_init ();
@@ -49,7 +50,7 @@ index 49a7835..4ad4440 100644
http_register_netactivity_cb (netactivity_action);
start_command_handler (ASSUAN_INVALID_FD);
shutdown_reaper ();
-@@ -1027,9 +1024,6 @@ main (int argc, char **argv)
+@@ -1020,9 +1017,6 @@ main (int argc, char **argv)
thread_init ();
cert_cache_init ();
crl_cache_init ();
@@ -59,7 +60,7 @@ index 49a7835..4ad4440 100644
http_register_netactivity_cb (netactivity_action);
handle_connections (3);
assuan_sock_close (3);
-@@ -1238,9 +1232,6 @@ main (int argc, char **argv)
+@@ -1231,9 +1225,6 @@ main (int argc, char **argv)
thread_init ();
cert_cache_init ();
crl_cache_init ();
@@ -69,7 +70,7 @@ index 49a7835..4ad4440 100644
http_register_netactivity_cb (netactivity_action);
handle_connections (fd);
assuan_sock_close (fd);
-@@ -1251,9 +1242,6 @@ main (int argc, char **argv)
+@@ -1244,9 +1235,6 @@ main (int argc, char **argv)
/* Just list the CRL cache and exit. */
if (argc)
wrong_args ("--list-crls");
@@ -79,7 +80,7 @@ index 49a7835..4ad4440 100644
crl_cache_init ();
crl_cache_list (es_stdout);
}
-@@ -1267,9 +1255,6 @@ main (int argc, char **argv)
+@@ -1260,9 +1248,6 @@ main (int argc, char **argv)
thread_init ();
cert_cache_init ();
crl_cache_init ();
@@ -89,7 +90,7 @@ index 49a7835..4ad4440 100644
if (!argc)
rc = crl_cache_load (&ctrlbuf, NULL);
else
-@@ -1293,9 +1278,6 @@ main (int argc, char **argv)
+@@ -1286,9 +1271,6 @@ main (int argc, char **argv)
thread_init ();
cert_cache_init ();
crl_cache_init ();
diff --git a/debian/patches/0018-g10-Fix-memory-leak.patch b/debian/patches/0018-g10-Fix-memory-leak.patch
new file mode 100644
index 0000000..92f6e92
--- /dev/null
+++ b/debian/patches/0018-g10-Fix-memory-leak.patch
@@ -0,0 +1,46 @@
+From: Justus Winter <justus at g10code.com>
+Date: Tue, 29 Nov 2016 16:48:35 +0100
+Subject: g10: Fix memory leak.
+
+* g10/decrypt.c (decrypt_messages): Properly decrease the reference
+count of the armor filters after pushing them.
+
+Signed-off-by: Justus Winter <justus at g10code.com>
+(cherry picked from commit 52385a2ba1bf7e53f500ffde5fd34f28e69cf76b)
+---
+ g10/decrypt.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/g10/decrypt.c b/g10/decrypt.c
+index 751b7be..c99f064 100644
+--- a/g10/decrypt.c
++++ b/g10/decrypt.c
+@@ -180,7 +180,6 @@ void
+ decrypt_messages (ctrl_t ctrl, int nfiles, char *files[])
+ {
+ IOBUF fp;
+- armor_filter_context_t *afx = NULL;
+ progress_filter_context_t *pfx;
+ char *p, *output = NULL;
+ int rc=0,use_stdin=0;
+@@ -254,8 +253,11 @@ decrypt_messages (ctrl_t ctrl, int nfiles, char *files[])
+ {
+ if (use_armor_filter(fp))
+ {
+- afx = new_armor_context ();
+- push_armor_filter ( afx, fp );
++ armor_filter_context_t *afx = new_armor_context ();
++ rc = push_armor_filter (afx, fp);
++ if (rc)
++ log_error("failed to push armor filter");
++ release_armor_context (afx);
+ }
+ }
+ rc = proc_packets (ctrl,NULL, fp);
+@@ -275,6 +277,5 @@ decrypt_messages (ctrl_t ctrl, int nfiles, char *files[])
+ }
+
+ set_next_passphrase(NULL);
+- release_armor_context (afx);
+ release_progress_context (pfx);
+ }
diff --git a/debian/patches/0019-gpg-sm-Merge-the-two-versions-of-check_special_filen.patch b/debian/patches/0019-gpg-sm-Merge-the-two-versions-of-check_special_filen.patch
new file mode 100644
index 0000000..120745e
--- /dev/null
+++ b/debian/patches/0019-gpg-sm-Merge-the-two-versions-of-check_special_filen.patch
@@ -0,0 +1,336 @@
+From: Werner Koch <wk at gnupg.org>
+Date: Tue, 29 Nov 2016 16:18:24 +0100
+Subject: gpg,sm: Merge the two versions of check_special_filename.
+
+* sm/gpgsm.c (check_special_filename): Move to ..
+* common/sysutils.c (check_special_filename): here. Add arg
+NOTRANSLATE.
+(allow_special_filenames): New local var.
+(enable_special_filenames): New public functions.
+* sm/gpgsm.c (allow_special_filenames): Remove var.
+(main): Call enable_special_filenames instead of setting the var.
+(open_read, open_es_fread, open_es_fwrite): Call
+check_special_filename with 0 for NOTRANSLATE.
+* common/iobuf.c (special_names_enabled): Remove var.
+(iobuf_enable_special_filenames): Remove func.
+(check_special_filename): Remove func.
+(iobuf_is_pipe_filename): Call new version of the function with
+NOTRANSLATE set.
+(do_open): Ditto.
+* g10/gpg.c (main): Call enable_special_filenames instead of
+iobuf_enable_special_filenames.
+* g10/gpgv.c (main): Ditto.
+--
+
+Note that we keep the iobuf.c:translate_file_handle because it is a
+bit different (for whatever reasons) than the translate function from
+sysutils.
+
+Signed-off-by: Werner Koch <wk at gnupg.org>
+(cherry picked from commit 60b4982836a00ef6b2a97d16f735b3f6b74dce62)
+---
+ common/iobuf.c | 37 ++++---------------------------------
+ common/iobuf.h | 8 +-------
+ common/sysutils.c | 36 +++++++++++++++++++++++++++++++++++-
+ common/sysutils.h | 2 ++
+ g10/gpg.c | 4 +++-
+ g10/gpgv.c | 2 +-
+ sm/gpgsm.c | 33 ++++++---------------------------
+ 7 files changed, 52 insertions(+), 70 deletions(-)
+
+diff --git a/common/iobuf.c b/common/iobuf.c
+index ed90bd7..d346027 100644
+--- a/common/iobuf.c
++++ b/common/iobuf.c
+@@ -155,11 +155,6 @@ typedef struct
+ block_filter_ctx_t;
+
+
+-/* Global flag to tell whether special file names are enabled. See
+- gpg.c for an explanation of these file names. FIXME: This does not
+- belong in the iobuf subsystem. */
+-static int special_names_enabled;
+-
+ /* Local prototypes. */
+ static int underflow (iobuf_t a, int clear_pending_eof);
+ static int underflow_target (iobuf_t a, int clear_pending_eof, size_t target);
+@@ -1237,41 +1232,16 @@ iobuf_temp_with_content (const char *buffer, size_t length)
+ return a;
+ }
+
+-void
+-iobuf_enable_special_filenames (int yes)
+-{
+- special_names_enabled = yes;
+-}
+-
+-
+-/* See whether the filename has the form "-&nnnn", where n is a
+- non-zero number. Returns this number or -1 if it is not the
+- case. */
+-static int
+-check_special_filename (const char *fname)
+-{
+- if (special_names_enabled && fname && *fname == '-' && fname[1] == '&')
+- {
+- int i;
+-
+- fname += 2;
+- for (i = 0; digitp (fname+i); i++)
+- ;
+- if (!fname[i])
+- return atoi (fname);
+- }
+- return -1;
+-}
+-
+
+ int
+ iobuf_is_pipe_filename (const char *fname)
+ {
+ if (!fname || (*fname=='-' && !fname[1]) )
+ return 1;
+- return check_special_filename (fname) != -1;
++ return check_special_filename (fname, 0, 1) != -1;
+ }
+
++
+ static iobuf_t
+ do_open (const char *fname, int special_filenames,
+ int use, const char *opentype, int mode700)
+@@ -1304,7 +1274,8 @@ do_open (const char *fname, int special_filenames,
+ }
+ else if (!fname)
+ return NULL;
+- else if (special_filenames && (fd = check_special_filename (fname)) != -1)
++ else if (special_filenames
++ && (fd = check_special_filename (fname, 0, 1)) != -1)
+ return iobuf_fdopen (translate_file_handle (fd, use == IOBUF_INPUT ? 0 : 1),
+ opentype);
+ else
+diff --git a/common/iobuf.h b/common/iobuf.h
+index 4fa5660..22e02da 100644
+--- a/common/iobuf.h
++++ b/common/iobuf.h
+@@ -258,16 +258,10 @@ struct iobuf_struct
+ #endif
+ EXTERN_UNLESS_MAIN_MODULE int iobuf_debug_mode;
+
+-/* Whether iobuf_open, iobuf_create and iobuf_is_pipefilename
+- recognize special filenames. Special filenames are of the form
+- "-&nnnn" where n is a positive integer. The integer corresponds to
+- a file descriptor. Note: these functions always recognize the
+- special filename '-', which corresponds to standard input. */
+-void iobuf_enable_special_filenames (int yes);
+
+ /* Returns whether the specified filename corresponds to a pipe. In
+ particular, this function checks if FNAME is "-" and, if special
+- filenames are enabled (see iobuf_enable_special_filenames), whether
++ filenames are enabled (see check_special_filename), whether
+ FNAME is a special filename. */
+ int iobuf_is_pipe_filename (const char *fname);
+
+diff --git a/common/sysutils.c b/common/sysutils.c
+index c7df872..e67420f 100644
+--- a/common/sysutils.c
++++ b/common/sysutils.c
+@@ -1,7 +1,7 @@
+ /* sysutils.c - system helpers
+ * Copyright (C) 1991-2001, 2003-2004,
+ * 2006-2008 Free Software Foundation, Inc.
+- * Copyright (C) 2013-2014 Werner Koch
++ * Copyright (C) 2013-2016 Werner Koch
+ *
+ * This file is part of GnuPG.
+ *
+@@ -83,6 +83,10 @@
+
+ #define tohex(n) ((n) < 10 ? ((n) + '0') : (((n) - 10) + 'A'))
+
++/* Flag to tell whether special file names are enabled. See gpg.c for
++ * an explanation of these file names. */
++static int allow_special_filenames;
++
+
+ static GPGRT_INLINE gpg_error_t
+ my_error_from_syserror (void)
+@@ -168,6 +172,13 @@ enable_core_dumps (void)
+ }
+
+
++/* Allow the use of special "-&nnn" style file names. */
++void
++enable_special_filenames (void)
++{
++ allow_special_filenames = 1;
++}
++
+
+ /* Return a string which is used as a kind of process ID. */
+ const byte *
+@@ -402,6 +413,29 @@ translate_sys2libc_fd_int (int fd, int for_write)
+ }
+
+
++/* Check whether FNAME has the form "-&nnnn", where N is a non-zero
++ * number. Returns this number or -1 if it is not the case. If the
++ * caller wants to use the file descriptor for writing FOR_WRITE shall
++ * be set to 1. If NOTRANSLATE is set the Windows spefic mapping is
++ * not done. */
++int
++check_special_filename (const char *fname, int for_write, int notranslate)
++{
++ if (allow_special_filenames
++ && fname && *fname == '-' && fname[1] == '&')
++ {
++ int i;
++
++ fname += 2;
++ for (i=0; digitp (fname+i); i++ )
++ ;
++ if (!fname[i])
++ return notranslate? atoi (fname)
++ /**/ : translate_sys2libc_fd_int (atoi (fname), for_write);
++ }
++ return -1;
++}
++
+
+ /* Replacement for tmpfile(). This is required because the tmpfile
+ function of Windows' runtime library is broken, insecure, ignores
+diff --git a/common/sysutils.h b/common/sysutils.h
+index fef6ba1..a9316d7 100644
+--- a/common/sysutils.h
++++ b/common/sysutils.h
+@@ -50,6 +50,7 @@ typedef int gnupg_fd_t;
+ void trap_unaligned (void);
+ int disable_core_dumps (void);
+ int enable_core_dumps (void);
++void enable_special_filenames (void);
+ const unsigned char *get_session_marker (size_t *rlen);
+ unsigned int get_uint_nonce (void);
+ /*int check_permissions (const char *path,int extension,int checkonly);*/
+@@ -57,6 +58,7 @@ void gnupg_sleep (unsigned int seconds);
+ void gnupg_usleep (unsigned int usecs);
+ int translate_sys2libc_fd (gnupg_fd_t fd, int for_write);
+ int translate_sys2libc_fd_int (int fd, int for_write);
++int check_special_filename (const char *fname, int for_write, int notranslate);
+ FILE *gnupg_tmpfile (void);
+ void gnupg_reopen_std (const char *pgmname);
+ void gnupg_allow_set_foregound_window (pid_t pid);
+diff --git a/g10/gpg.c b/g10/gpg.c
+index c54facb..caa0653 100644
+--- a/g10/gpg.c
++++ b/g10/gpg.c
+@@ -3304,9 +3304,11 @@ main (int argc, char **argv)
+ case oAllowSecretKeyImport: /* obsolete */ break;
+ case oTryAllSecrets: opt.try_all_secrets = 1; break;
+ case oTrustedKey: register_trusted_key( pargs.r.ret_str ); break;
++
+ case oEnableSpecialFilenames:
+- iobuf_enable_special_filenames (1);
++ enable_special_filenames ();
+ break;
++
+ case oNoExpensiveTrustChecks: opt.no_expensive_trust_checks=1; break;
+ case oAutoCheckTrustDB: opt.no_auto_check_trustdb=0; break;
+ case oNoAutoCheckTrustDB: opt.no_auto_check_trustdb=1; break;
+diff --git a/g10/gpgv.c b/g10/gpgv.c
+index d9f2898..1e4bb73 100644
+--- a/g10/gpgv.c
++++ b/g10/gpgv.c
+@@ -204,7 +204,7 @@ main( int argc, char **argv )
+ break;
+ case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break;
+ case oEnableSpecialFilenames:
+- iobuf_enable_special_filenames (1);
++ enable_special_filenames ();
+ break;
+ default : pargs.err = ARGPARSE_PRINT_ERROR; break;
+ }
+diff --git a/sm/gpgsm.c b/sm/gpgsm.c
+index c4fd1c2..08d4830 100644
+--- a/sm/gpgsm.c
++++ b/sm/gpgsm.c
+@@ -439,9 +439,6 @@ static int maybe_setuid = 1;
+ static const char *debug_level;
+ static unsigned int debug_value;
+
+-/* Option --enable-special-filenames */
+-static int allow_special_filenames;
+-
+ /* Default value for include-certs. We need an extra macro for
+ gpgconf-list because the variable will be changed by the command
+ line option.
+@@ -468,7 +465,6 @@ static void set_cmd (enum cmd_and_opt_values *ret_cmd,
+ enum cmd_and_opt_values new_cmd );
+
+ static void emergency_cleanup (void);
+-static int check_special_filename (const char *fname, int for_write);
+ static int open_read (const char *filename);
+ static estream_t open_es_fread (const char *filename, const char *mode);
+ static estream_t open_es_fwrite (const char *filename);
+@@ -1420,7 +1416,9 @@ main ( int argc, char **argv)
+ case oNoRandomSeedFile: use_random_seed = 0; break;
+ case oNoCommonCertsImport: no_common_certs_import = 1; break;
+
+- case oEnableSpecialFilenames: allow_special_filenames =1; break;
++ case oEnableSpecialFilenames:
++ enable_special_filenames ();
++ break;
+
+ case oValidationModel: parse_validation_model (pargs.r.ret_str); break;
+
+@@ -2107,25 +2105,6 @@ gpgsm_parse_validation_model (const char *model)
+ }
+
+
+-/* Check whether the filename has the form "-&nnnn", where n is a
+- non-zero number. Returns this number or -1 if it is not the case. */
+-static int
+-check_special_filename (const char *fname, int for_write)
+-{
+- if (allow_special_filenames
+- && fname && *fname == '-' && fname[1] == '&' ) {
+- int i;
+-
+- fname += 2;
+- for (i=0; isdigit (fname[i]); i++ )
+- ;
+- if ( !fname[i] )
+- return translate_sys2libc_fd_int (atoi (fname), for_write);
+- }
+- return -1;
+-}
+-
+-
+
+ /* Open the FILENAME for read and return the file descriptor. Stop
+ with an error message in case of problems. "-" denotes stdin and
+@@ -2140,7 +2119,7 @@ open_read (const char *filename)
+ set_binary (stdin);
+ return 0; /* stdin */
+ }
+- fd = check_special_filename (filename, 0);
++ fd = check_special_filename (filename, 0, 0);
+ if (fd != -1)
+ return fd;
+ fd = open (filename, O_RDONLY | O_BINARY);
+@@ -2162,7 +2141,7 @@ open_es_fread (const char *filename, const char *mode)
+ if (filename[0] == '-' && !filename[1])
+ fd = fileno (stdin);
+ else
+- fd = check_special_filename (filename, 0);
++ fd = check_special_filename (filename, 0, 0);
+ if (fd != -1)
+ {
+ fp = es_fdopen_nc (fd, mode);
+@@ -2200,7 +2179,7 @@ open_es_fwrite (const char *filename)
+ return fp;
+ }
+
+- fd = check_special_filename (filename, 1);
++ fd = check_special_filename (filename, 1, 0);
+ if (fd != -1)
+ {
+ fp = es_fdopen_nc (fd, "wb");
diff --git a/debian/patches/0020-gpg-Make-decrypt-with-output-nnnn-work.patch b/debian/patches/0020-gpg-Make-decrypt-with-output-nnnn-work.patch
new file mode 100644
index 0000000..7e7b091
--- /dev/null
+++ b/debian/patches/0020-gpg-Make-decrypt-with-output-nnnn-work.patch
@@ -0,0 +1,48 @@
+From: Werner Koch <wk at gnupg.org>
+Date: Tue, 29 Nov 2016 16:42:14 +0100
+Subject: gpg: Make --decrypt with output '-&nnnn' work.
+
+* g10/plaintext.c (get_output_file): Check and open special filename
+before falling back to stdout.
+--
+
+GnuPG-bug-id: 2677
+Signed-off-by: Werner Koch <wk at gnupg.org>
+(cherry picked from commit a5910e00ace882b8a17169faf4607163ab454af9)
+---
+ g10/plaintext.c | 22 +++++++++++++++++++---
+ 1 file changed, 19 insertions(+), 3 deletions(-)
+
+diff --git a/g10/plaintext.c b/g10/plaintext.c
+index bdf5592..40ce603 100644
+--- a/g10/plaintext.c
++++ b/g10/plaintext.c
+@@ -108,9 +108,25 @@ get_output_file (const byte *embedded_name, int embedded_namelen,
+ }
+ else if (iobuf_is_pipe_filename (fname) || !*fname)
+ {
+- /* No filename or "-" given; write to stdout. */
+- fp = es_stdout;
+- es_set_binary (fp);
++ /* Special file name, no filename, or "-" given; write to the
++ * file descriptor or to stdout. */
++ int fd;
++ char xname[64];
++
++ fd = check_special_filename (fname, 1, 0);
++ if (fd == -1)
++ {
++ /* Not a special filename, thus we want stdout. */
++ fp = es_stdout;
++ es_set_binary (fp);
++ }
++ else if (!(fp = es_fdopen_nc (fd, "wb")))
++ {
++ err = gpg_error_from_syserror ();
++ snprintf (xname, sizeof xname, "[fd %d]", fd);
++ log_error (_("can't open '%s': %s\n"), xname, gpg_strerror (err));
++ goto leave;
++ }
+ }
+ else
+ {
diff --git a/debian/patches/0021-gpgsm-Allow-decryption-with-a-card-returning-a-PKCS-.patch b/debian/patches/0021-gpgsm-Allow-decryption-with-a-card-returning-a-PKCS-.patch
new file mode 100644
index 0000000..3a06a7c
--- /dev/null
+++ b/debian/patches/0021-gpgsm-Allow-decryption-with-a-card-returning-a-PKCS-.patch
@@ -0,0 +1,34 @@
+From: Werner Koch <wk at gnupg.org>
+Date: Tue, 29 Nov 2016 19:19:45 +0100
+Subject: gpgsm: Allow decryption with a card returning a PKCS#1 stripped key.
+
+* sm/decrypt.c (prepare_decryption): Handle a 16 byte session key.
+--
+
+GnuPG-bug-id: 2230
+Signed-off-by: Werner Koch <wk at gnupg.org>
+(cherry picked from commit 8489b12211098ad58c008cfb74b5cb91849cf68d)
+---
+ sm/decrypt.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/sm/decrypt.c b/sm/decrypt.c
+index 11c1cf8..a2907f6 100644
+--- a/sm/decrypt.c
++++ b/sm/decrypt.c
+@@ -74,10 +74,12 @@ prepare_decryption (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
+ log_printhex ("pkcs1 encoded session key:", seskey, seskeylen);
+
+ n=0;
+- if (seskeylen == 24)
++ if (seskeylen == 24 || seskeylen == 16)
+ {
+- /* Smells like a 3-des key. This might happen because a SC has
+- already done the unpacking. */
++ /* Smells like a 3-DES or AES-128 key. This might happen
++ * because a SC has already done the unpacking. A better
++ * solution would be to test for this only after we triggered
++ * the GPG_ERR_INV_SESSION_KEY. */
+ }
+ else
+ {
diff --git a/debian/patches/0022-agent-dirmngr-Handle-corner-case-in-shutdown-mode.patch b/debian/patches/0022-agent-dirmngr-Handle-corner-case-in-shutdown-mode.patch
new file mode 100644
index 0000000..0351456
--- /dev/null
+++ b/debian/patches/0022-agent-dirmngr-Handle-corner-case-in-shutdown-mode.patch
@@ -0,0 +1,80 @@
+From: Werner Koch <wk at gnupg.org>
+Date: Tue, 29 Nov 2016 20:15:47 +0100
+Subject: agent,dirmngr: Handle corner case in shutdown mode.
+
+* agent/gpg-agent.c (handle_connections): Keep on selecting on the
+inotify fd even when a shutdown is pending.
+* dirmngr/dirmngr.c (handle_connections): Ditto. Also simplifyy the
+use of the HAVE_INOTIFY_INIT cpp conditional.
+--
+
+Without that patch we won't notice a removed socket when a shutdown is
+pending. This is somewhat related to bug report 2849.
+
+Signed-off-by: Werner Koch <wk at gnupg.org>
+(cherry picked from commit 854adc8ae19749e44cb79dfa0c5401f48012b13a)
+---
+ agent/gpg-agent.c | 6 ++++++
+ dirmngr/dirmngr.c | 12 +++++++-----
+ 2 files changed, 13 insertions(+), 5 deletions(-)
+
+diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
+index fa67a3a..79d58bd 100644
+--- a/agent/gpg-agent.c
++++ b/agent/gpg-agent.c
+@@ -2872,6 +2872,12 @@ handle_connections (gnupg_fd_t listen_fd,
+ /* Do not accept new connections but keep on running the
+ loop to cope with the timer events. */
+ FD_ZERO (&fdset);
++ nfd = -1;
++ if (my_inotify_fd != -1)
++ {
++ FD_SET (my_inotify_fd, &fdset);
++ nfd = my_inotify_fd;
++ }
+ }
+
+ /* POSIX says that fd_set should be implemented as a structure,
+diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
+index e03aa33..21500ec 100644
+--- a/dirmngr/dirmngr.c
++++ b/dirmngr/dirmngr.c
+@@ -1839,9 +1839,7 @@ handle_connections (assuan_fd_t listen_fd)
+ int nfd, ret;
+ fd_set fdset, read_fdset;
+ int saved_errno;
+-#ifdef HAVE_INOTIFY_INIT
+- int my_inotify_fd;
+-#endif /*HAVE_INOTIFY_INIT*/
++ int my_inotify_fd = -1;
+
+ npth_attr_init (&tattr);
+ npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
+@@ -1883,14 +1881,12 @@ handle_connections (assuan_fd_t listen_fd)
+ FD_ZERO (&fdset);
+ FD_SET (FD2INT (listen_fd), &fdset);
+ nfd = FD2INT (listen_fd);
+-#ifdef HAVE_INOTIFY_INIT
+ if (my_inotify_fd != -1)
+ {
+ FD_SET (my_inotify_fd, &fdset);
+ if (my_inotify_fd > nfd)
+ nfd = my_inotify_fd;
+ }
+-#endif /*HAVE_INOTIFY_INIT*/
+
+ /* Main loop. */
+ for (;;)
+@@ -1904,6 +1900,12 @@ handle_connections (assuan_fd_t listen_fd)
+ /* Do not accept new connections but keep on running the
+ select loop to wait for signals (e.g. SIGCHLD). */
+ FD_ZERO (&fdset);
++ nfd = -1;
++ if (my_inotify_fd != -1)
++ {
++ FD_SET (my_inotify_fd, &fdset);
++ nfd = my_inotify_fd;
++ }
+ }
+
+ /* Take a copy of the fdset. */
diff --git a/debian/patches/0023-agent-dirmngr-Tiny-restructuring.patch b/debian/patches/0023-agent-dirmngr-Tiny-restructuring.patch
new file mode 100644
index 0000000..6e77a94
--- /dev/null
+++ b/debian/patches/0023-agent-dirmngr-Tiny-restructuring.patch
@@ -0,0 +1,90 @@
+From: Werner Koch <wk at gnupg.org>
+Date: Tue, 29 Nov 2016 20:35:10 +0100
+Subject: agent,dirmngr: Tiny restructuring.
+
+* agent/gpg-agent.c (handle_connections): Add a comment.
+* dirmngr/dirmngr.c (main): Move assuan_sock_close of the listening
+socket to ...
+(handle_connections): here. Add a comment why we keep the
+listening socket open during a shutdown.
+
+Signed-off-by: Werner Koch <wk at gnupg.org>
+(cherry picked from commit aa6ab9e0bc67fe9ce5601047e84ea4a875e8eb64)
+---
+ agent/gpg-agent.c | 7 ++++++-
+ dirmngr/dirmngr.c | 16 ++++++++++++----
+ 2 files changed, 18 insertions(+), 5 deletions(-)
+
+diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
+index 79d58bd..efef8c1 100644
+--- a/agent/gpg-agent.c
++++ b/agent/gpg-agent.c
+@@ -2870,7 +2870,12 @@ handle_connections (gnupg_fd_t listen_fd,
+ break; /* ready */
+
+ /* Do not accept new connections but keep on running the
+- loop to cope with the timer events. */
++ * loop to cope with the timer events.
++ *
++ * Note that we do not close the listening socket because a
++ * client trying to connect to that socket would instead
++ * restart a new dirmngr instance - which is unlikely the
++ * intention of a shutdown. */
+ FD_ZERO (&fdset);
+ nfd = -1;
+ if (my_inotify_fd != -1)
+diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
+index 21500ec..80c556b 100644
+--- a/dirmngr/dirmngr.c
++++ b/dirmngr/dirmngr.c
+@@ -1019,7 +1019,6 @@ main (int argc, char **argv)
+ crl_cache_init ();
+ http_register_netactivity_cb (netactivity_action);
+ handle_connections (3);
+- assuan_sock_close (3);
+ shutdown_reaper ();
+ }
+ #endif /*HAVE_W32_SYSTEM*/
+@@ -1227,7 +1226,6 @@ main (int argc, char **argv)
+ crl_cache_init ();
+ http_register_netactivity_cb (netactivity_action);
+ handle_connections (fd);
+- assuan_sock_close (fd);
+ shutdown_reaper ();
+ }
+ else if (cmd == aListCRLs)
+@@ -1825,7 +1823,8 @@ my_inotify_is_name (int fd, const char *name)
+ #endif /*HAVE_INOTIFY_INIT*/
+
+
+-/* Main loop in daemon mode. */
++/* Main loop in daemon mode. Note that LISTEN_FD will be owned by
++ * this function. */
+ static void
+ handle_connections (assuan_fd_t listen_fd)
+ {
+@@ -1898,7 +1897,14 @@ handle_connections (assuan_fd_t listen_fd)
+ break; /* ready */
+
+ /* Do not accept new connections but keep on running the
+- select loop to wait for signals (e.g. SIGCHLD). */
++ * loop to cope with the timer events.
++ *
++ * Note that we do not close the listening socket because a
++ * client trying to connect to that socket would instead
++ * restart a new dirmngr instance - which is unlikely the
++ * intention of a shutdown. */
++ /* assuan_sock_close (listen_fd); */
++ /* listen_fd = -1; */
+ FD_ZERO (&fdset);
+ nfd = -1;
+ if (my_inotify_fd != -1)
+@@ -1990,6 +1996,8 @@ handle_connections (assuan_fd_t listen_fd)
+ close (my_inotify_fd);
+ #endif /*HAVE_INOTIFY_INIT*/
+ npth_attr_destroy (&tattr);
++ if (listen_fd != -1)
++ assuan_sock_close (fd);
+ cleanup ();
+ log_info ("%s %s stopped\n", strusage(11), strusage(13));
+ }
diff --git a/debian/patches/0024-gpg-Let-only-Dirmngr-decide-whether-CERT-is-supporte.patch b/debian/patches/0024-gpg-Let-only-Dirmngr-decide-whether-CERT-is-supporte.patch
new file mode 100644
index 0000000..22c81c9
--- /dev/null
+++ b/debian/patches/0024-gpg-Let-only-Dirmngr-decide-whether-CERT-is-supporte.patch
@@ -0,0 +1,64 @@
+From: Werner Koch <wk at gnupg.org>
+Date: Thu, 1 Dec 2016 13:08:02 +0100
+Subject: gpg: Let only Dirmngr decide whether CERT is supported.
+
+* g10/getkey.c (parse_auto_key_locate): Do not build parts depending
+on USE_DNS_CERT.
+--
+
+This also removes USE_DNS_SRV from commented code.
+
+Signed-off-by: Werner Koch <wk at gnupg.org>
+(cherry picked from commit 86efc3ee53abaf1e22b53c1b360c51829e476115)
+---
+ g10/getkey.c | 2 --
+ g10/keyserver.c | 4 ----
+ 2 files changed, 6 deletions(-)
+
+diff --git a/g10/getkey.c b/g10/getkey.c
+index 30b456f..68b1438 100644
+--- a/g10/getkey.c
++++ b/g10/getkey.c
+@@ -4153,10 +4153,8 @@ parse_auto_key_locate (char *options)
+ akl->type = AKL_LDAP;
+ else if (ascii_strcasecmp (tok, "keyserver") == 0)
+ akl->type = AKL_KEYSERVER;
+-#ifdef USE_DNS_CERT
+ else if (ascii_strcasecmp (tok, "cert") == 0)
+ akl->type = AKL_CERT;
+-#endif
+ else if (ascii_strcasecmp (tok, "pka") == 0)
+ akl->type = AKL_PKA;
+ else if (ascii_strcasecmp (tok, "dane") == 0)
+diff --git a/g10/keyserver.c b/g10/keyserver.c
+index 9148e7d..c7363c9 100644
+--- a/g10/keyserver.c
++++ b/g10/keyserver.c
+@@ -2084,11 +2084,9 @@ keyserver_import_ldap (ctrl_t ctrl,
+ struct keyserver_spec *keyserver;
+ strlist_t list=NULL;
+ int rc,hostlen=1;
+-#ifdef USE_DNS_SRV
+ struct srventry *srvlist=NULL;
+ int srvcount,i;
+ char srvname[MAXDNAME];
+-#endif
+
+ /* Parse out the domain */
+ domain=strrchr(name,'@');
+@@ -2102,7 +2100,6 @@ keyserver_import_ldap (ctrl_t ctrl,
+ keyserver->host=xmalloc(1);
+ keyserver->host[0]='\0';
+
+-#ifdef USE_DNS_SRV
+ snprintf(srvname,MAXDNAME,"_pgpkey-ldap._tcp.%s",domain);
+
+ FIXME("network related - move to dirmngr or drop the code");
+@@ -2130,7 +2127,6 @@ keyserver_import_ldap (ctrl_t ctrl,
+ }
+
+ free(srvlist);
+-#endif
+
+ /* If all else fails, do the PGP Universal trick of
+ ldap://keys.(domain) */
diff --git a/debian/patches/0025-gpg-Fix-error-code-arg-in-ERRSIG-status-line.patch b/debian/patches/0025-gpg-Fix-error-code-arg-in-ERRSIG-status-line.patch
new file mode 100644
index 0000000..d49fc4c
--- /dev/null
+++ b/debian/patches/0025-gpg-Fix-error-code-arg-in-ERRSIG-status-line.patch
@@ -0,0 +1,28 @@
+From: Werner Koch <wk at gnupg.org>
+Date: Sat, 3 Dec 2016 21:35:45 +0100
+Subject: gpg: Fix error code arg in ERRSIG status line.
+
+* g10/mainproc.c (check_sig_and_print): Use gpg_err_code to return an
+error code in ERRSIG.
+--
+
+Debian-bug-id: 846834
+Signed-off-by: Werner Koch <wk at gnupg.org>
+(cherry picked from commit ef10c348bffc7dad19e1832bebc453755d209420)
+---
+ g10/mainproc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/g10/mainproc.c b/g10/mainproc.c
+index c1819f0..314d515 100644
+--- a/g10/mainproc.c
++++ b/g10/mainproc.c
+@@ -2218,7 +2218,7 @@ check_sig_and_print (CTX c, kbnode_t node)
+ snprintf (buf, sizeof buf, "%08lX%08lX %d %d %02x %lu %d",
+ (ulong)sig->keyid[0], (ulong)sig->keyid[1],
+ sig->pubkey_algo, sig->digest_algo,
+- sig->sig_class, (ulong)sig->timestamp, rc);
++ sig->sig_class, (ulong)sig->timestamp, gpg_err_code (rc));
+ write_status_text (STATUS_ERRSIG, buf);
+ if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY)
+ {
diff --git a/debian/patches/dirmngr-idling/0004-dirmngr-Avoid-automatically-checking-upstream-swdb.patch b/debian/patches/dirmngr-idling/0004-dirmngr-Avoid-automatically-checking-upstream-swdb.patch
index 18d393c..879e7c7 100644
--- a/debian/patches/dirmngr-idling/0004-dirmngr-Avoid-automatically-checking-upstream-swdb.patch
+++ b/debian/patches/dirmngr-idling/0004-dirmngr-Avoid-automatically-checking-upstream-swdb.patch
@@ -13,10 +13,10 @@ Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
1 file changed, 13 deletions(-)
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
-index 4ad4440..14ff05a 100644
+index 49a7835..f54d3ab 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
-@@ -1751,7 +1751,6 @@ static void *
+@@ -1769,7 +1769,6 @@ static void *
housekeeping_thread (void *arg)
{
static int sentinel;
@@ -24,7 +24,7 @@ index 4ad4440..14ff05a 100644
(void)arg;
-@@ -1764,18 +1763,6 @@ housekeeping_thread (void *arg)
+@@ -1782,18 +1781,6 @@ housekeeping_thread (void *arg)
if (opt.verbose > 1)
log_info ("starting housekeeping\n");
diff --git a/debian/patches/dirmngr-idling/0005-dirmngr-Drop-useless-housekeeping.patch b/debian/patches/dirmngr-idling/0005-dirmngr-Drop-useless-housekeeping.patch
index fca6b72..8f77f9b 100644
--- a/debian/patches/dirmngr-idling/0005-dirmngr-Drop-useless-housekeeping.patch
+++ b/debian/patches/dirmngr-idling/0005-dirmngr-Drop-useless-housekeeping.patch
@@ -19,7 +19,7 @@ Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
1 file changed, 5 insertions(+), 108 deletions(-)
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
-index 14ff05a..e03aa33 100644
+index f54d3ab..e46a889 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -296,13 +296,6 @@ static int active_connections;
@@ -36,7 +36,7 @@ index 14ff05a..e03aa33 100644
/* This union is used to avoid compiler warnings in case a pointer is
64 bit and an int 32 bit. We store an integer in a pointer and get
it back later (npth_getspecific et al.). */
-@@ -1746,83 +1739,6 @@ handle_signal (int signo)
+@@ -1764,83 +1757,6 @@ handle_signal (int signo)
#endif /*!HAVE_W32_SYSTEM*/
@@ -120,7 +120,7 @@ index 14ff05a..e03aa33 100644
/* Check the nonce on a new connection. This is a NOP unless we are
using our Unix domain socket emulation under Windows. */
static int
-@@ -1922,9 +1838,6 @@ handle_connections (assuan_fd_t listen_fd)
+@@ -1940,9 +1856,6 @@ handle_connections (assuan_fd_t listen_fd)
gnupg_fd_t fd;
int nfd, ret;
fd_set fdset, read_fdset;
@@ -130,7 +130,7 @@ index 14ff05a..e03aa33 100644
int saved_errno;
#ifdef HAVE_INOTIFY_INIT
int my_inotify_fd;
-@@ -1966,9 +1879,7 @@ handle_connections (assuan_fd_t listen_fd)
+@@ -1984,9 +1897,7 @@ handle_connections (assuan_fd_t listen_fd)
#endif /*HAVE_INOTIFY_INIT*/
@@ -141,7 +141,7 @@ index 14ff05a..e03aa33 100644
FD_ZERO (&fdset);
FD_SET (FD2INT (listen_fd), &fdset);
nfd = FD2INT (listen_fd);
-@@ -1981,9 +1892,6 @@ handle_connections (assuan_fd_t listen_fd)
+@@ -1999,9 +1910,6 @@ handle_connections (assuan_fd_t listen_fd)
}
#endif /*HAVE_INOTIFY_INIT*/
@@ -151,7 +151,7 @@ index 14ff05a..e03aa33 100644
/* Main loop. */
for (;;)
{
-@@ -1994,31 +1902,21 @@ handle_connections (assuan_fd_t listen_fd)
+@@ -2012,31 +1920,21 @@ handle_connections (assuan_fd_t listen_fd)
break; /* ready */
/* Do not accept new connections but keep on running the
@@ -186,7 +186,7 @@ index 14ff05a..e03aa33 100644
saved_errno = errno;
#endif
-@@ -2032,8 +1930,7 @@ handle_connections (assuan_fd_t listen_fd)
+@@ -2050,8 +1948,7 @@ handle_connections (assuan_fd_t listen_fd)
if (ret <= 0)
{
diff --git a/debian/patches/series b/debian/patches/series
index 71ab57d..b2dbf53 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,7 +3,6 @@ block-ptrace-on-agent/0002-Avoid-simple-memory-dumps-via-ptrace.patch
debian-packaging/0003-avoid-regenerating-defsincdate-use-shipped-file.patch
dirmngr-idling/0001-dirmngr-hkp-Avoid-potential-race-condition-when-some.patch
dirmngr-idling/0002-dimrngr-Avoid-need-for-hkp-housekeeping.patch
-dirmngr-idling/0003-dirmngr-Lazily-launch-ldap-reaper-thread.patch
dirmngr-idling/0004-dirmngr-Avoid-automatically-checking-upstream-swdb.patch
dirmngr-idling/0005-dirmngr-Drop-useless-housekeeping.patch
gpg-agent-idling/0001-agent-Create-framework-of-scheduled-timers.patch
@@ -12,3 +11,15 @@ gpg-agent-idling/0003-agent-Avoid-tight-timer-tick-when-possible.patch
gpg-agent-idling/0004-agent-Avoid-scheduled-checks-on-socket-when-inotify-.patch
0013-agent-Fix-npth-daemon-mode-problem.patch
0014-doc-Clarify-dirmngr-homedir-option.patch
+0014-scd-Fix-receive-buffer-size.patch
+0015-scd-Support-OpenPGP-card-V3-for-RSA.patch
+0016-g10-Fix-iteration-over-getkey-results.patch
+0017-dirmngr-Lazily-launch-ldap-reaper-thread.patch
+0018-g10-Fix-memory-leak.patch
+0019-gpg-sm-Merge-the-two-versions-of-check_special_filen.patch
+0020-gpg-Make-decrypt-with-output-nnnn-work.patch
+0021-gpgsm-Allow-decryption-with-a-card-returning-a-PKCS-.patch
+0022-agent-dirmngr-Handle-corner-case-in-shutdown-mode.patch
+0023-agent-dirmngr-Tiny-restructuring.patch
+0024-gpg-Let-only-Dirmngr-decide-whether-CERT-is-supporte.patch
+0025-gpg-Fix-error-code-arg-in-ERRSIG-status-line.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list