[Pkg-gnupg-commit] [gnupg2] 286/292: drop patches incorporated upstream
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Nov 21 06:31:58 UTC 2016
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit 0418a4db349bd2f896235cfbf949de4983c7b29f
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Sun Nov 20 21:23:41 2016 -0500
drop patches incorporated upstream
---
...achived-achieved-and-s-alternativly-alter.patch | 36 -
...egression-in-gpgv-s-printing-of-the-keyid.patch | 26 -
...gpg-Avoid-homedir-creation-by-list-config.patch | 43 -
...est-requiring-the-network-only-in-maintai.patch | 52 -
...cryption-of-R-work-w-o-try-secret-key-or-.patch | 45 -
...se-negatives-in-Ed25519-signature-verific.patch | 193 -
.../0010-agent-invoke-scdaemon-with-homedir.patch | 63 -
.../0011-scd-Clean-up-unused-shutdown-method.patch | 199 -
...elease-the-card-reader-after-card-removal.patch | 30 -
...-common-Check-read-errors-in-name-value.c.patch | 36 -
...0014-scd-Fix-an-action-after-card-removal.patch | 51 -
...nate-on-deletion-of-the-socket-file-Linux.patch | 161 -
...minate-on-deletion-of-the-socket-file-Lin.patch | 226 -
.../0017-gpg-Make-output-work-with-verify.patch | 57 -
...18-gpg-Add-options-output-and-yes-to-gpgv.patch | 96 -
.../0019-gpg-Remove-option-yes-from-gpgv.patch | 73 -
...nt-fingerprint-regardless-of-keyid-format.patch | 61 -
...-spelling-conenction-should-be-connection.patch | 38 -
...22-gpg-Improve-usability-of-quick-gen-key.patch | 224 -
...llow-use-of-default-algo-for-quick-addkey.patch | 39 -
...t-a-new-error-status-line-in-quick-adduid.patch | 28 -
.../0025-tests-gpgscm-Fix-use-of-pointer.patch | 66 -
...6-scd-Add-support-of-ECC-pubkey-attribute.patch | 208 -
...d-malloc-failure-due-to-no-key-signatures.patch | 58 -
.../0028-gpgscm-Fix-gcrypt-version-check.patch | 25 -
...ence-diagnostics-about-starting-housekeep.patch | 31 -
...pg-Fix-regression-in-fingerprint-printing.patch | 28 -
...31-dirmngr-Open-file-CRL-s-in-binary-mode.patch | 28 -
debian/patches/0032-dirmngr-Fix-type.patch | 24 -
...ding-a-user-id-make-sure-the-keyblock-has.patch | 31 -
...Allow-only-specific-digest-size-for-ECDSA.patch | 56 -
.../0035-dirmngr-Removal-of-no-libgcrypt.o.patch | 52 -
.../0036-agent-sm-Set-CTX-after-start_agent.patch | 220 -
...-Correctly-handle-modules-relying-on-npth.patch | 41 -
...o-not-link-gpg-connect-agent-against-npth.patch | 27 -
...re-that-internal-key-import-is-done-with-.patch | 24 -
...e-import-filter-data-object-more-flexible.patch | 163 -
...import-if-an-import-filter-removed-all-us.patch | 78 -
...-dirmngr-Fix-STARTTLS-on-LDAP-connections.patch | 26 -
...mime-parser-callbacks-access-to-the-rfc82.patch | 81 -
...e-restricted-browser-and-ssh-socket-by-de.patch | 114 -
.../0045-build-Fix-build-against-libiconv.patch | 94 -
...e-to-allow-disabling-of-the-extra-sockets.patch | 61 -
...e-the-extra-sockets-in-the-standard-socke.patch | 78 -
...-Remove-the-warning-for-the-GKR-hijacking.patch | 95 -
...-dirmngr-scd-npth_init-must-be-after-fork.patch | 225 -
...ols-Ignore-existing-directories-in-gpgtar.patch | 34 -
...lement-supervised-command-for-systemd-etc.patch | 358 --
...t-supervised-mode-for-the-new-default-soc.patch | 80 -
...t-cleanup-for-supervised-mode.-Fix-for-W3.patch | 88 -
...agent-Streamline-the-supervised-mode-code.patch | 491 --
...-error-handling-in-map_supervised_sockets.patch | 33 -
...56-agent-Fix-npth-supervised-mode-problem.patch | 29 -
...other-minor-fix-to-map_supervised_sockets.patch | 31 -
...-Don-t-add-user-attributes-to-the-TOFU-DB.patch | 31 -
.../0059-g10-Fix-testing-for-debug-flag.patch | 25 -
.../0060-sm-Remove-statement-without-effect.patch | 24 -
...oid-pointer-arithmetic-on-string-literals.patch | 42 -
...nt-dirmngr-scd-Fix-init_common_subsystems.patch | 98 -
.../patches/0063-agent-Fix-get_socket_name.patch | 45 -
debian/patches/0064-tools-Fix-error-handling.patch | 34 -
.../0065-g10-Fix-a-column-s-type-in-TOFU-DB.patch | 29 -
...ove-inotify-code-to-common-and-improve-it.patch | 335 --
...traightforward-names-for-the-default-sock.patch | 35 -
debian/patches/0068-gpgconf-Fix-for-homedir.patch | 158 -
.../patches/0069-scd-Fix-keytocard-for-ECC.patch | 28 -
...pg-agent-1-at-the-right-gpg-manpage-in-SE.patch | 25 -
...ument-how-to-manually-shut-down-gpg-agent.patch | 41 -
...72-scd-minor-cleanup-to-merge-other-works.patch | 218 -
.../0073-scd-Support-ECC-key-generation.patch | 309 -
...Make-use-of-default_errsource-in-exechelp.patch | 101 -
...32-Extend-gnupg_create_inbound_pipe-et-al.patch | 93 -
...Communicate-with-child-in-non-blocking-mo.patch | 52 -
.../0077-common-Fix-copying-data-to-estreams.patch | 43 -
.../0078-agent-Add-card-option-for-READKEY.patch | 274 -
.../patches/0079-g10-smartcard-keygen-change.patch | 341 --
...-scd-GENKEY-updates-the-public-key-in-APP.patch | 568 --
debian/patches/0081-agent-g10-Fix-keygen.patch | 44 -
.../0082-agent-Fix-saving-with-FORCE-1.patch | 54 -
.../patches/0083-Fix-use-cases-of-snprintf.patch | 999 ----
.../0084-g10-Support-ECC-for-gen_card_key.patch | 126 -
...10-Don-t-ask-keysize-for-for-non-RSA-card.patch | 108 -
.../0086-scd-Fix-segfault-changing-key-attr.patch | 33 -
debian/patches/0087-g10-scd-Fix-ECC-keygen.patch | 236 -
...-Write-first-keybox-record-in-binary-mode.patch | 27 -
.../0089-g10-More-card-key-generation-change.patch | 161 -
.../0090-g10-Fix-card-keygen-for-decryption.patch | 29 -
...091-common-Fix-openpgp_is_curve_supported.patch | 30 -
...scd-Use-canonical-curve-name-of-libgcrypt.patch | 318 -
...-Slightly-change-structure-of-cmd_readkey.patch | 117 -
...or-cleanup-for-recent-change-in-findkey.c.patch | 32 -
.../0095-gpg-Replace-two-sprintf-calls.patch | 54 -
...-w32-Fix-relaying-pinentry-user-data-fix-.patch | 190 -
debian/patches/0097-common-avoid-segfault.patch | 26 -
.../0098-agent-supervised-mode-improvements.patch | 37 -
.../0099-doc-Fix-spelling-of-internal.patch | 23 -
...ests-Improve-portability-of-fake-pinentry.patch | 178 -
...GPG_ERR_INV_VALUE-instead-of-GPG_ERR_EINV.patch | 30 -
.../0102-agent-Avoid-double-error-message.patch | 42 -
...-hang-due-to-deferred-thread-initializati.patch | 84 -
.../0104-common-Fix-gnupg_inotify_has_name.patch | 81 -
.../0105-dirmngr-report-actual-socket-name.patch | 63 -
...t-common-move-get_socket_name-into-common.patch | 168 -
...lement-supervised-command-for-systemd-etc.patch | 119 -
.../0108-g10-ECDH-shared-point-format.patch | 67 -
...-0x41-prefix-for-x-coordinate-only-result.patch | 62 -
.../0110-g10-Fix-ECDH-clarifying-the-format.patch | 68 -
.../0111-dirmngr-Fix-error-return-for-ADNS.patch | 29 -
.../patches/0112-dirmngr-More-ADNS-error-fix.patch | 47 -
...on-Fix-gnupg_inotify_has_name-differently.patch | 83 -
.../0114-dirmngr-ADNS-error-handling-fix.patch | 48 -
...ve-debug-output-from-gnupg_get_socket_nam.patch | 41 -
...gr-Do-not-implement-supervised-in-Windows.patch | 69 -
debian/patches/0120-g10-Assert-preconditions.patch | 26 -
debian/patches/0121-Fix-typos.patch | 181 -
...122-g10-Fix-iteration-over-getkey-results.patch | 40 -
.../0123-common-Add-GNUPG_MODULE_NAME_GPGV.patch | 44 -
...multiple-detached-signatures-with-differe.patch | 66 -
...le-the-Issuer-Fingerprint-from-rfc4880bis.patch | 71 -
.../0126-common-New-function-gnupg_usleep.patch | 117 -
...7-Spelling-correct-spelling-of-passphrase.patch | 496 --
.../0128-build-Fix-misspelled-dirmngr.patch | 23 -
...29-common-Improve-compare_string_versions.patch | 272 -
...d-the-PINENTRY_LAUNCHED-inquiry-and-statu.patch | 144 -
.../0131-scd-Add-advanced-option-for-READKEY.patch | 382 --
.../0132-scd-Fix-length-error-for-READKEY.patch | 27 -
...133-indent-Move-comments-inside-the-block.patch | 182 -
...http-www.gnu.org-in-license-notices-to-ht.patch | 6323 --------------------
.../patches/0135-common-w32-Simplify-locking.patch | 91 -
...-Improve-concurrency-in-the-non-adns-case.patch | 167 -
...-dirmngr-More-win32-system-daemon-cleanup.patch | 48 -
...ister-hkp-cacert-even-if-the-file-doesn-t.patch | 72 -
...-Add-system-CAs-if-no-hkp-cacert-is-given.patch | 98 -
...-a-default-keyserver-if-none-is-explicitl.patch | 65 -
debian/patches/series | 134 -
135 files changed, 20796 deletions(-)
diff --git a/debian/patches/0004-spelling-s-achived-achieved-and-s-alternativly-alter.patch b/debian/patches/0004-spelling-s-achived-achieved-and-s-alternativly-alter.patch
deleted file mode 100644
index ac5a5e2..0000000
--- a/debian/patches/0004-spelling-s-achived-achieved-and-s-alternativly-alter.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-Date: Mon, 29 Aug 2016 10:45:22 -0400
-Subject: spelling: s/achived/achieved/ and s/alternativly/alternatively/
-
-Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
----
- doc/dirmngr.texi | 2 +-
- doc/gpg.texi | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
-index d52fb89..629e621 100644
---- a/doc/dirmngr.texi
-+++ b/doc/dirmngr.texi
-@@ -390,7 +390,7 @@ not contain information about an assigned responder. Note, that
- @item --ocsp-signer @var{fpr}|@var{file}
- @opindex ocsp-signer
- Use the certificate with the fingerprint @var{fpr} to check the
--responses of the default OCSP Responder. Alternativly a filename can be
-+responses of the default OCSP Responder. Alternatively a filename can be
- given in which case the respinse is expected to be signed by one of the
- certificates described in that file. Any argument which contains a
- slash, dot or tilde is considered a filename. Usual filename expansion
-diff --git a/doc/gpg.texi b/doc/gpg.texi
-index fbcaa15..7261f48 100644
---- a/doc/gpg.texi
-+++ b/doc/gpg.texi
-@@ -2193,7 +2193,7 @@ opposite meaning. The options are:
- a formerly deleted key does not automatically gain an ownertrust
- values merely due to import. On the other hand it is sometimes
- necessary to re-import a trusted set of keys again but keeping
-- already assigned ownertrust values. This can be achived by using
-+ already assigned ownertrust values. This can be achieved by using
- this option.
-
- @item repair-pks-subkey-bug
diff --git a/debian/patches/0005-gpg-Fix-regression-in-gpgv-s-printing-of-the-keyid.patch b/debian/patches/0005-gpg-Fix-regression-in-gpgv-s-printing-of-the-keyid.patch
deleted file mode 100644
index 2635035..0000000
--- a/debian/patches/0005-gpg-Fix-regression-in-gpgv-s-printing-of-the-keyid.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Wed, 31 Aug 2016 08:37:51 +0200
-Subject: gpg: Fix regression in gpgv's printing of the keyid.
-
-* g10/keyid.c (keystr): Take care of KF_NONE != KF_DEFAULT.
---
-
-Debian-bug-id: 836144
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- g10/keyid.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/g10/keyid.c b/g10/keyid.c
-index 84990a3..bd396ee 100644
---- a/g10/keyid.c
-+++ b/g10/keyid.c
-@@ -403,6 +403,8 @@ keystr (u32 *keyid)
- static char keyid_str[KEYID_STR_SIZE];
- int format = opt.keyid_format;
-
-+ if (format == KF_DEFAULT)
-+ format = KF_NONE;
- if (format == KF_NONE)
- format = KF_LONG;
-
diff --git a/debian/patches/0006-gpg-Avoid-homedir-creation-by-list-config.patch b/debian/patches/0006-gpg-Avoid-homedir-creation-by-list-config.patch
deleted file mode 100644
index 9caee72..0000000
--- a/debian/patches/0006-gpg-Avoid-homedir-creation-by-list-config.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Thu, 1 Sep 2016 19:22:48 +0200
-Subject: gpg: Avoid homedir creation by --list-config
-
-* g10/gpg.c (main): Do not register a key for the list config
-commands.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- g10/gpg.c | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/g10/gpg.c b/g10/gpg.c
-index e02efe4..ae2125f 100644
---- a/g10/gpg.c
-+++ b/g10/gpg.c
-@@ -2375,11 +2375,16 @@ main (int argc, char **argv)
- {
- switch( pargs.r_opt )
- {
-- case aCheckKeys:
- case aListConfig:
- case aListGcryptConfig:
- case aGPGConfList:
- case aGPGConfTest:
-+ set_cmd (&cmd, pargs.r_opt);
-+ /* Do not register a keyring for these commands. */
-+ default_keyring = -1;
-+ break;
-+
-+ case aCheckKeys:
- case aListPackets:
- case aImport:
- case aFastImport:
-@@ -3785,6 +3790,8 @@ main (int argc, char **argv)
- case aGenRandom:
- case aDeArmor:
- case aEnArmor:
-+ case aListConfig:
-+ case aListGcryptConfig:
- break;
- case aFixTrustDB:
- case aExportOwnerTrust:
diff --git a/debian/patches/0007-tests-Run-test-requiring-the-network-only-in-maintai.patch b/debian/patches/0007-tests-Run-test-requiring-the-network-only-in-maintai.patch
deleted file mode 100644
index 9d53533..0000000
--- a/debian/patches/0007-tests-Run-test-requiring-the-network-only-in-maintai.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Thu, 1 Sep 2016 11:18:10 +0200
-Subject: tests: Run test requiring the network only in maintainer-mode.
-
-* dirmngr/Makefile.am (noinst_PROGRAMS, TESTS): Add module_net_tests.
-(module_tests): Move t-dns-test to ...
-(module_net_tests): here.
---
-
-Debian-bug-id: 836259
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- dirmngr/Makefile.am | 14 +++++++++++---
- 1 file changed, 11 insertions(+), 3 deletions(-)
-
-diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am
-index 64bc058..6b0a1e1 100644
---- a/dirmngr/Makefile.am
-+++ b/dirmngr/Makefile.am
-@@ -28,8 +28,8 @@ if USE_LDAPWRAPPER
- libexec_PROGRAMS = dirmngr_ldap
- endif
-
--noinst_PROGRAMS = $(module_tests) $(module_maint_tests)
--TESTS = $(module_tests)
-+noinst_PROGRAMS = $(module_tests) $(module_net_tests) $(module_maint_tests)
-+TESTS = $(module_tests) $(module_net_tests)
-
- AM_CPPFLAGS = -I$(top_srcdir)/common
-
-@@ -114,12 +114,20 @@ t_common_ldadd = $(libcommon) $(LIBASSUAN_LIBS) $(LIBGCRYPT_LIBS) \
- $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) \
- $(DNSLIBS) $(LIBINTL) $(LIBICONV)
-
--module_tests = t-dns-stuff
-+module_tests =
-
- if USE_LDAP
- module_tests += t-ldap-parse-uri
- endif
-
-+# Test which need a network connections are only used in maintainer mode.
-+if MAINTAINER_MODE
-+module_net_tests = t-dns-stuff
-+else
-+module_net_tests =
-+endif
-+
-+# Tests which are only for manually testing are only build in maintainer-mode.
- if MAINTAINER_MODE
- module_maint_tests = t-http
- else
diff --git a/debian/patches/0008-gpg-Make-decryption-of-R-work-w-o-try-secret-key-or-.patch b/debian/patches/0008-gpg-Make-decryption-of-R-work-w-o-try-secret-key-or-.patch
deleted file mode 100644
index 77cbf78..0000000
--- a/debian/patches/0008-gpg-Make-decryption-of-R-work-w-o-try-secret-key-or-.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Mon, 29 Aug 2016 07:55:06 +0200
-Subject: gpg: Make decryption of -R work w/o --try-secret-key or
- --default-key.
-
-* g10/getkey.c (enum_secret_keys): At state 3 enumerate the keys in all
-cases not just when --try-all-secrets is used.
---
-
-Regression-due-to: 82b90eee100cf1c9680517059b2d35e295dd992a
-Reported-by: Carola Grunwald
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- g10/getkey.c | 17 +++++++----------
- 1 file changed, 7 insertions(+), 10 deletions(-)
-
-diff --git a/g10/getkey.c b/g10/getkey.c
-index 90083ba..8b17598 100644
---- a/g10/getkey.c
-+++ b/g10/getkey.c
-@@ -3620,17 +3620,14 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk)
- c->state++;
- break;
-
-- case 3: /* Init search context to try all keys. */
-- if (opt.try_all_secrets)
-+ case 3: /* Init search context to enum all secret keys. */
-+ err = getkey_bynames (&c->ctx, NULL, NULL, 1, &keyblock);
-+ if (err)
- {
-- err = getkey_bynames (&c->ctx, NULL, NULL, 1, &keyblock);
-- if (err)
-- {
-- release_kbnode (keyblock);
-- keyblock = NULL;
-- getkey_end (c->ctx);
-- c->ctx = NULL;
-- }
-+ release_kbnode (keyblock);
-+ keyblock = NULL;
-+ getkey_end (c->ctx);
-+ c->ctx = NULL;
- }
- c->state++;
- break;
diff --git a/debian/patches/0009-gpg-Fix-false-negatives-in-Ed25519-signature-verific.patch b/debian/patches/0009-gpg-Fix-false-negatives-in-Ed25519-signature-verific.patch
deleted file mode 100644
index f2ddc08..0000000
--- a/debian/patches/0009-gpg-Fix-false-negatives-in-Ed25519-signature-verific.patch
+++ /dev/null
@@ -1,193 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Thu, 25 Aug 2016 15:18:51 +0200
-Subject: gpg: Fix false negatives in Ed25519 signature verification.
-
-* g10/pkglue.c (pk_verify): Fix Ed25519 signatrue values.
-* tests/openpgp/verify.scm (msg_ed25519_rshort): New
-(msg_ed25519_sshort): New.
-("Checking that a valid Ed25519 signature is verified as such"): New.
---
-
-About one out of 256 signature won't verify due to stripped zero
-bytes. See the source comment for details.
-
-Reported-by: Andre Heinecke
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- g10/pkglue.c | 58 ++++++++++++++++++++++++++++++++++++--
- tests/openpgp/verify.scm | 73 ++++++++++++++++++++++++++++++++++++++++++++++++
- 2 files changed, 128 insertions(+), 3 deletions(-)
-
-diff --git a/g10/pkglue.c b/g10/pkglue.c
-index 232c489..35c4cd1 100644
---- a/g10/pkglue.c
-+++ b/g10/pkglue.c
-@@ -58,6 +58,7 @@ pk_verify (pubkey_algo_t pkalgo, gcry_mpi_t hash,
- {
- gcry_sexp_t s_sig, s_hash, s_pkey;
- int rc;
-+ unsigned int neededfixedlen = 0;
-
- /* Make a sexp from pkey. */
- if (pkalgo == PUBKEY_ALGO_DSA)
-@@ -103,6 +104,9 @@ pk_verify (pubkey_algo_t pkalgo, gcry_mpi_t hash,
- curve, pkey[1]);
- xfree (curve);
- }
-+
-+ if (openpgp_oid_is_ed25519 (pkey[0]))
-+ neededfixedlen = 256 / 8;
- }
- else
- return GPG_ERR_PUBKEY_ALGO;
-@@ -144,11 +148,59 @@ pk_verify (pubkey_algo_t pkalgo, gcry_mpi_t hash,
- }
- else if (pkalgo == PUBKEY_ALGO_EDDSA)
- {
-- if (!data[0] || !data[1])
-+ gcry_mpi_t r = data[0];
-+ gcry_mpi_t s = data[1];
-+ size_t rlen, slen, n; /* (bytes) */
-+ char buf[64];
-+
-+ log_assert (neededfixedlen <= sizeof buf);
-+
-+ if (!r || !s)
-+ rc = gpg_error (GPG_ERR_BAD_MPI);
-+ else if ((rlen = (gcry_mpi_get_nbits (r)+7)/8) > neededfixedlen || !rlen)
-+ rc = gpg_error (GPG_ERR_BAD_MPI);
-+ else if ((slen = (gcry_mpi_get_nbits (s)+7)/8) > neededfixedlen || !slen)
- rc = gpg_error (GPG_ERR_BAD_MPI);
- else
-- rc = gcry_sexp_build (&s_sig, NULL,
-- "(sig-val(eddsa(r%M)(s%M)))", data[0], data[1]);
-+ {
-+ /* We need to fixup the length in case of leading zeroes.
-+ * OpenPGP does not allow leading zeroes and the parser for
-+ * the signature packet has no information on the use curve,
-+ * thus we need to do it here. We won't do it for opaque
-+ * MPIs under the assumption that they are known to be fine;
-+ * we won't see them here anyway but the check is anyway
-+ * required. Fixme: A nifty feature for gcry_sexp_build
-+ * would be a format to left pad the value (e.g. "%*M"). */
-+ rc = 0;
-+
-+ if (rlen < neededfixedlen
-+ && !gcry_mpi_get_flag (r, GCRYMPI_FLAG_OPAQUE)
-+ && !(rc=gcry_mpi_print (GCRYMPI_FMT_USG, buf, sizeof buf, &n, r)))
-+ {
-+ log_assert (n < neededfixedlen);
-+ memmove (buf + (neededfixedlen - n), buf, n);
-+ memset (buf, 0, neededfixedlen - n);
-+ r = gcry_mpi_set_opaque_copy (NULL, buf, neededfixedlen * 8);
-+ }
-+ if (slen < neededfixedlen
-+ && !gcry_mpi_get_flag (s, GCRYMPI_FLAG_OPAQUE)
-+ && !(rc=gcry_mpi_print (GCRYMPI_FMT_USG, buf, sizeof buf, &n, s)))
-+ {
-+ log_assert (n < neededfixedlen);
-+ memmove (buf + (neededfixedlen - n), buf, n);
-+ memset (buf, 0, neededfixedlen - n);
-+ s = gcry_mpi_set_opaque_copy (NULL, buf, neededfixedlen * 8);
-+ }
-+
-+ if (!rc)
-+ rc = gcry_sexp_build (&s_sig, NULL,
-+ "(sig-val(eddsa(r%M)(s%M)))", r, s);
-+
-+ if (r != data[0])
-+ gcry_mpi_release (r);
-+ if (s != data[1])
-+ gcry_mpi_release (s);
-+ }
- }
- else if (pkalgo == PUBKEY_ALGO_ELGAMAL || pkalgo == PUBKEY_ALGO_ELGAMAL_E)
- {
-diff --git a/tests/openpgp/verify.scm b/tests/openpgp/verify.scm
-index de03db5..2f03027 100755
---- a/tests/openpgp/verify.scm
-+++ b/tests/openpgp/verify.scm
-@@ -236,6 +236,67 @@ FWIAQUplk7JWbyRKAJ92ZJyJpWfzb0yc1s7MY65r2qEHrg==
- ;; Two clear text signatures in a row
- (define msg_clsclss_asc_multiple (string-append msg_cls_asc msg_clss_asc))
-
-+
-+;; An Ed25519 cleartext message with an R parameter of only 247 bits
-+;; so that the code to re-insert the stripped zero byte kicks in. The
-+;; S parameter has 253 bits but that does not strip a full byte.
-+(define msg_ed25519_rshort "
-+-----BEGIN PGP SIGNED MESSAGE-----
-+Hash: SHA256
-+
-+Dear Emily:
-+ I'm still confused as to what groups articles should be posted
-+to. How about an example?
-+ -- Still Confused
-+
-+Dear Still:
-+ Ok. Let's say you want to report that Gretzky has been traded from
-+the Oilers to the Kings. Now right away you might think rec.sport.hockey
-+would be enough. WRONG. Many more people might be interested. This is a
-+big trade! Since it's a NEWS article, it belongs in the news.* hierarchy
-+as well. If you are a news admin, or there is one on your machine, try
-+news.admin. If not, use news.misc.
-+ The Oilers are probably interested in geology, so try sci.physics.
-+He is a big star, so post to sci.astro, and sci.space because they are also
-+interested in stars. Next, his name is Polish sounding. So post to
-+soc.culture.polish. But that group doesn't exist, so cross-post to
-+news.groups suggesting it should be created. With this many groups of
-+interest, your article will be quite bizarre, so post to talk.bizarre as
-+well. (And post to comp.std.mumps, since they hardly get any articles
-+there, and a \"comp\" group will propagate your article further.)
-+ You may also find it is more fun to post the article once in each
-+group. If you list all the newsgroups in the same article, some newsreaders
-+will only show the the article to the reader once! Don't tolerate this.
-+ -- Emily Postnews Answers Your Questions on Netiquette
-+-----BEGIN PGP SIGNATURE-----
-+
-+iJEEARYIADoWIQSyHeq0+HX7PaQvHR0TlWNoKgINCgUCV772DhwccGF0cmljZS5s
-+dW11bWJhQGV4YW1wbGUubmV0AAoJEBOVY2gqAg0KMAIA90EtUwAja0iJGpO91wyz
-+GLh9pS5v495V0r94yU6uUyUA/RT/StyPWe1wbnEZuacZnLbUV6Yy/aTXCVAlxf0r
-+TusO
-+=vQ3f
-+-----END PGP SIGNATURE-----
-+")
-+
-+;; An Ed25519 cleartext message with an S parameter of only 248 bits
-+;; so that the code to re-insert the stripped zero byte kicks in.
-+(define msg_ed25519_sshort "
-+-----BEGIN PGP SIGNED MESSAGE-----
-+Hash: SHA256
-+
-+All articles that coruscate with resplendence are not truly auriferous.
-+-----BEGIN PGP SIGNATURE-----
-+
-+iJEEARYIADoWIQSyHeq0+HX7PaQvHR0TlWNoKgINCgUCV771QhwccGF0cmljZS5s
-+dW11bWJhQGV4YW1wbGUubmV0AAoJEBOVY2gqAg0KHVEBAI66OPDYXKWO3r6SaFT+
-+uxmh8x4ZerW41vMA9gkJ4AEKAPjoe/Z7fDqo1lCptIFutFAGbfNxcm/53prfx2fT
-+GisM
-+=L7sk
-+-----END PGP SIGNATURE-----
-+")
-+
-+
-+
- ;; Fixme: We need more tests with manipulated cleartext signatures.
-
- ;;
-@@ -272,3 +333,15 @@ FWIAQUplk7JWbyRKAJ92ZJyJpWfzb0yc1s7MY65r2qEHrg==
- (pipe:spawn `(, at GPG --verify)))
- (error "verification succeded but should not")))
- '(bad_ls_asc bad_fols_asc bad_olsf_asc bad_ools_asc))
-+
-+
-+;;; Need to import the ed25519 sample key used for
-+;;; the next two tests.
-+(call-check `(, at GPG --quiet --yes --import ,(in-srcdir key-file2)))
-+(for-each-p
-+ "Checking that a valid Ed25519 signature is verified as such"
-+ (lambda (armored-file)
-+ (pipe:do
-+ (pipe:echo (eval armored-file (current-environment)))
-+ (pipe:spawn `(, at GPG --verify))))
-+ '(msg_ed25519_rshort msg_ed25519_sshort))
diff --git a/debian/patches/0010-agent-invoke-scdaemon-with-homedir.patch b/debian/patches/0010-agent-invoke-scdaemon-with-homedir.patch
deleted file mode 100644
index 7e89ed7..0000000
--- a/debian/patches/0010-agent-invoke-scdaemon-with-homedir.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Fri, 2 Sep 2016 13:41:19 +0900
-Subject: agent: invoke scdaemon with --homedir.
-
-* agent/call-scd.c (start_scd): Supply --homedir option when it's not
-default homedir.
-
---
-
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- agent/call-scd.c | 21 +++++++++++++++++++--
- 1 file changed, 19 insertions(+), 2 deletions(-)
-
-diff --git a/agent/call-scd.c b/agent/call-scd.c
-index b776840..934ab4c 100644
---- a/agent/call-scd.c
-+++ b/agent/call-scd.c
-@@ -195,10 +195,11 @@ start_scd (ctrl_t ctrl)
- gpg_error_t err = 0;
- const char *pgmname;
- assuan_context_t ctx = NULL;
-- const char *argv[3];
-+ const char *argv[5];
- assuan_fd_t no_close_list[3];
- int i;
- int rc;
-+ char *abs_homedir = NULL;
-
- if (opt.disable_scdaemon)
- return gpg_error (GPG_ERR_NOT_SUPPORTED);
-@@ -313,7 +314,22 @@ start_scd (ctrl_t ctrl)
-
- argv[0] = pgmname;
- argv[1] = "--multi-server";
-- argv[2] = NULL;
-+ if (gnupg_default_homedir_p ())
-+ argv[2] = NULL;
-+ else
-+ {
-+ abs_homedir = make_absfilename_try (gnupg_homedir (), NULL);
-+ if (!abs_homedir)
-+ {
-+ log_error ("error building filename: %s\n",
-+ gpg_strerror (gpg_error_from_syserror ()));
-+ goto leave;
-+ }
-+
-+ argv[2] = "--homedir";
-+ argv[3] = abs_homedir;
-+ argv[4] = NULL;
-+ }
-
- i=0;
- if (!opt.running_detached)
-@@ -393,6 +409,7 @@ start_scd (ctrl_t ctrl)
- primary_scd_ctx_reusable = 0;
-
- leave:
-+ xfree (abs_homedir);
- if (err)
- {
- unlock_scd (ctrl, err);
diff --git a/debian/patches/0011-scd-Clean-up-unused-shutdown-method.patch b/debian/patches/0011-scd-Clean-up-unused-shutdown-method.patch
deleted file mode 100644
index 63b363e..0000000
--- a/debian/patches/0011-scd-Clean-up-unused-shutdown-method.patch
+++ /dev/null
@@ -1,199 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Fri, 2 Sep 2016 13:58:33 +0900
-Subject: scd: Clean up unused shutdown method.
-
-* scd/apdu.c (shutdown_ccid_reader, apdu_shutdown_reader): Remove.
-(reset_ccid_reader): Don't set shutdown_reader.
-* scd/ccid-driver.c (ccid_shutdown_reader): Remove.
-
---
-
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- scd/apdu.c | 48 -------------------------------------
- scd/apdu.h | 1 -
- scd/ccid-driver.c | 72 -------------------------------------------------------
- 3 files changed, 121 deletions(-)
-
-diff --git a/scd/apdu.c b/scd/apdu.c
-index 268a2c6..c139d76 100644
---- a/scd/apdu.c
-+++ b/scd/apdu.c
-@@ -101,7 +101,6 @@ struct reader_table_s {
- int (*connect_card)(int);
- int (*disconnect_card)(int);
- int (*close_reader)(int);
-- int (*shutdown_reader)(int);
- int (*reset_reader)(int);
- int (*get_status_reader)(int, unsigned int *);
- int (*send_apdu_reader)(int,unsigned char *,size_t,
-@@ -462,7 +461,6 @@ new_reader_slot (void)
- reader_table[reader].connect_card = NULL;
- reader_table[reader].disconnect_card = NULL;
- reader_table[reader].close_reader = NULL;
-- reader_table[reader].shutdown_reader = NULL;
- reader_table[reader].reset_reader = NULL;
- reader_table[reader].get_status_reader = NULL;
- reader_table[reader].send_apdu_reader = NULL;
-@@ -2476,14 +2474,6 @@ close_ccid_reader (int slot)
-
-
- static int
--shutdown_ccid_reader (int slot)
--{
-- ccid_shutdown_reader (reader_table[slot].ccid.handle);
-- return 0;
--}
--
--
--static int
- reset_ccid_reader (int slot)
- {
- int err;
-@@ -2649,7 +2639,6 @@ open_ccid_reader (const char *portstr)
- }
-
- reader_table[slot].close_reader = close_ccid_reader;
-- reader_table[slot].shutdown_reader = shutdown_ccid_reader;
- reader_table[slot].reset_reader = reset_ccid_reader;
- reader_table[slot].get_status_reader = get_status_ccid;
- reader_table[slot].send_apdu_reader = send_apdu_ccid;
-@@ -3264,43 +3253,6 @@ apdu_prepare_exit (void)
- }
-
-
--/* Shutdown a reader; that is basically the same as a close but keeps
-- the handle ready for later use. A apdu_reset_reader or apdu_connect
-- should be used to get it active again. */
--int
--apdu_shutdown_reader (int slot)
--{
-- int sw;
--
-- if (DBG_READER)
-- log_debug ("enter: apdu_shutdown_reader: slot=%d\n", slot);
--
-- if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used )
-- {
-- if (DBG_READER)
-- log_debug ("leave: apdu_shutdown_reader => SW_HOST_NO_DRIVER\n");
-- return SW_HOST_NO_DRIVER;
-- }
-- sw = apdu_disconnect (slot);
-- if (sw)
-- {
-- if (DBG_READER)
-- log_debug ("leave: apdu_shutdown_reader => 0x%x (apdu_disconnect)\n",
-- sw);
-- return sw;
-- }
-- if (reader_table[slot].shutdown_reader)
-- {
-- sw = reader_table[slot].shutdown_reader (slot);
-- if (DBG_READER)
-- log_debug ("leave: apdu_shutdown_reader => 0x%x (close_reader)\n", sw);
-- return sw;
-- }
-- if (DBG_READER)
-- log_debug ("leave: apdu_shutdown_reader => SW_HOST_NOT_SUPPORTED\n");
-- return SW_HOST_NOT_SUPPORTED;
--}
--
- /* Enumerate all readers and return information on whether this reader
- is in use. The caller should start with SLOT set to 0 and
- increment it with each call until an error is returned. */
-diff --git a/scd/apdu.h b/scd/apdu.h
-index 1694eac..7ca4c14 100644
---- a/scd/apdu.h
-+++ b/scd/apdu.h
-@@ -96,7 +96,6 @@ int apdu_open_remote_reader (const char *portstr,
- void *writefnc_value,
- void (*closefnc) (void *opaque),
- void *closefnc_value);
--int apdu_shutdown_reader (int slot);
- int apdu_close_reader (int slot);
- void apdu_prepare_exit (void);
- int apdu_enum_reader (int slot, int *used);
-diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c
-index b1523cb..478e038 100644
---- a/scd/ccid-driver.c
-+++ b/scd/ccid-driver.c
-@@ -1717,78 +1717,6 @@ do_close_reader (ccid_driver_t handle)
- }
-
-
--/* Reset a reader on HANDLE. This is useful in case a reader has been
-- plugged of and inserted at a different port. By resetting the
-- handle, the same reader will be get used. Note, that on error the
-- handle won't get released.
--
-- This does not return an ATR, so ccid_get_atr should be called right
-- after this one.
--*/
--int
--ccid_shutdown_reader (ccid_driver_t handle)
--{
-- int rc = 0;
-- libusb_device_handle *idev = NULL;
-- unsigned char *ifcdesc_extra = NULL;
-- size_t ifcdesc_extra_len;
-- int ifc_no, ep_bulk_out, ep_bulk_in, ep_intr;
--
-- if (!handle || !handle->rid)
-- return CCID_DRIVER_ERR_INV_VALUE;
--
-- do_close_reader (handle);
--
-- if (scan_or_find_devices (-1, handle->rid, NULL, NULL,
-- &ifcdesc_extra, &ifcdesc_extra_len,
-- &ifc_no, &ep_bulk_out, &ep_bulk_in, &ep_intr,
-- &idev, NULL) || !idev)
-- {
-- DEBUGOUT_1 ("no CCID reader with ID %s\n", handle->rid);
-- return CCID_DRIVER_ERR_NO_READER;
-- }
--
-- if (idev)
-- {
-- handle->idev = idev;
-- handle->ifc_no = ifc_no;
-- handle->ep_bulk_out = ep_bulk_out;
-- handle->ep_bulk_in = ep_bulk_in;
-- handle->ep_intr = ep_intr;
--
-- if (parse_ccid_descriptor (handle, ifcdesc_extra, ifcdesc_extra_len))
-- {
-- DEBUGOUT ("device not supported\n");
-- rc = CCID_DRIVER_ERR_NO_READER;
-- goto leave;
-- }
--
-- rc = libusb_claim_interface (idev, ifc_no);
-- if (rc)
-- {
-- DEBUGOUT_1 ("usb_claim_interface failed: %d\n", rc);
-- rc = CCID_DRIVER_ERR_CARD_IO_ERROR;
-- goto leave;
-- }
-- }
--
-- leave:
-- free (ifcdesc_extra);
-- if (rc)
-- {
-- if (handle->idev)
-- libusb_close (handle->idev);
-- handle->idev = NULL;
-- if (handle->dev_fd != -1)
-- close (handle->dev_fd);
-- handle->dev_fd = -1;
-- }
--
-- return rc;
--
--}
--
--
- int
- ccid_set_progress_cb (ccid_driver_t handle,
- void (*cb)(void *, const char *, int, int, int),
diff --git a/debian/patches/0012-scd-Release-the-card-reader-after-card-removal.patch b/debian/patches/0012-scd-Release-the-card-reader-after-card-removal.patch
deleted file mode 100644
index a9351ae..0000000
--- a/debian/patches/0012-scd-Release-the-card-reader-after-card-removal.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Fri, 2 Sep 2016 14:45:26 +0900
-Subject: scd: Release the card reader after card removal.
-
-* scd/command.c (update_reader_status_file): Call apdu_close_reader.
-
---
-
-GnuPG-bug-id: 2651
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- scd/command.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/scd/command.c b/scd/command.c
-index 239480b..2909330 100644
---- a/scd/command.c
-+++ b/scd/command.c
-@@ -2340,7 +2340,10 @@ update_reader_status_file (int set_card_removed_flag)
-
- /* Set the card removed flag for all current sessions. */
- if (vr->any && vr->status == 0 && set_card_removed_flag)
-- update_card_removed (idx, 1);
-+ {
-+ apdu_close_reader (vr->slot);
-+ update_card_removed (idx, 1);
-+ }
-
- vr->any = 1;
-
diff --git a/debian/patches/0013-common-Check-read-errors-in-name-value.c.patch b/debian/patches/0013-common-Check-read-errors-in-name-value.c.patch
deleted file mode 100644
index 65bc845..0000000
--- a/debian/patches/0013-common-Check-read-errors-in-name-value.c.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Fri, 2 Sep 2016 15:33:34 +0200
-Subject: common: Check read errors in name-value.c
-
-* common/name-value.c: Check for read errors.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- common/name-value.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/common/name-value.c b/common/name-value.c
-index 0b32a44..ebc48e5 100644
---- a/common/name-value.c
-+++ b/common/name-value.c
-@@ -665,7 +665,7 @@ do_nvc_parse (nvc_t *result, int *errlinep, estream_t stream,
-
- if (errlinep)
- *errlinep = 0;
-- while ((len = es_read_line (stream, &buf, &buf_len, NULL)))
-+ while ((len = es_read_line (stream, &buf, &buf_len, NULL)) > 0)
- {
- char *p;
- if (errlinep)
-@@ -735,6 +735,11 @@ do_nvc_parse (nvc_t *result, int *errlinep, estream_t stream,
- goto leave;
- }
- }
-+ if (len < 0)
-+ {
-+ err = gpg_error_from_syserror ();
-+ goto leave;
-+ }
-
- /* Add the final entry. */
- if (raw_value)
diff --git a/debian/patches/0014-scd-Fix-an-action-after-card-removal.patch b/debian/patches/0014-scd-Fix-an-action-after-card-removal.patch
deleted file mode 100644
index d699060..0000000
--- a/debian/patches/0014-scd-Fix-an-action-after-card-removal.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Sat, 3 Sep 2016 15:27:30 +0900
-Subject: scd: Fix an action after card removal.
-
-* scd/command.c (update_card_removed): Call apdu_close_reader here.
-
---
-
-This is update of the commit 8fe81055762d9c9e6f03fb7853a985c94ef73ac3
-It is better apdu_close_reader is called in update_card_removed.
-
-The commit 1598a4476466822e7e9c757ac471089d3db4b545 introduced a
-regression, it doesn't close the reader after removal of the card, while
-the code before the commit call apdu_close_reader in do_reset.
-So, this fix.
-
-GnuPG-bug-id: 2449
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- scd/command.c | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/scd/command.c b/scd/command.c
-index 2909330..9d978ab 100644
---- a/scd/command.c
-+++ b/scd/command.c
-@@ -223,8 +223,11 @@ update_card_removed (int vrdr, int value)
- /* Let the card application layer know about the removal. */
- if (value)
- {
-+ int slot = vreader_slot (vrdr);
-+
- log_debug ("Removal of a card: %d\n", vrdr);
-- application_notify_card_reset (vreader_slot (vrdr));
-+ apdu_close_reader (slot);
-+ application_notify_card_reset (slot);
- vreader_table[vrdr].slot = -1;
- }
- }
-@@ -2340,10 +2343,7 @@ update_reader_status_file (int set_card_removed_flag)
-
- /* Set the card removed flag for all current sessions. */
- if (vr->any && vr->status == 0 && set_card_removed_flag)
-- {
-- apdu_close_reader (vr->slot);
-- update_card_removed (idx, 1);
-- }
-+ update_card_removed (idx, 1);
-
- vr->any = 1;
-
diff --git a/debian/patches/0015-agent-Terminate-on-deletion-of-the-socket-file-Linux.patch b/debian/patches/0015-agent-Terminate-on-deletion-of-the-socket-file-Linux.patch
deleted file mode 100644
index 90de7c1..0000000
--- a/debian/patches/0015-agent-Terminate-on-deletion-of-the-socket-file-Linux.patch
+++ /dev/null
@@ -1,161 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Tue, 6 Sep 2016 10:53:45 +0200
-Subject: agent: Terminate on deletion of the socket file (Linux only).
-
-* configure.ac (AC_CHECK_FUNCS): Chec for inotify_init.
-* agent/gpg-agent.c [HAVE_INOTIFY_INIT]: Include sys/inotify.h.
-(my_inotify_is_name) [HAVE_INOTIFY_INIT]: New.
-(handle_connections) [HAVE_INOTIFY_INIT]: New.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- agent/gpg-agent.c | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
- configure.ac | 8 ++++++
- 2 files changed, 82 insertions(+)
-
-diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
-index 42073d9..07e75c0 100644
---- a/agent/gpg-agent.c
-+++ b/agent/gpg-agent.c
-@@ -47,6 +47,9 @@
- #ifdef HAVE_SIGNAL_H
- # include <signal.h>
- #endif
-+#ifdef HAVE_INOTIFY_INIT
-+# include <sys/inotify.h>
-+#endif /*HAVE_INOTIFY_INIT*/
- #include <npth.h>
- #ifdef HAVE_PRCTL
- # include <sys/prctl.h>
-@@ -2407,6 +2410,31 @@ start_connection_thread_ssh (void *arg)
- }
-
-
-+#ifdef HAVE_INOTIFY_INIT
-+/* Read an inotify event and return true if it matches NAME. */
-+static int
-+my_inotify_is_name (int fd, const char *name)
-+{
-+ union {
-+ struct inotify_event ev;
-+ char _buf[sizeof (struct inotify_event) + 100 + 1];
-+ } buf;
-+ int n;
-+
-+ n = npth_read (fd, &buf, sizeof buf);
-+ if (n < sizeof (struct inotify_event))
-+ return 0;
-+ if (buf.ev.len < strlen (name)+1)
-+ return 0;
-+ if (strcmp (buf.ev.name, name))
-+ return 0; /* Not the desired file. */
-+
-+ return 1; /* Found. */
-+}
-+#endif /*HAVE_INOTIFY_INIT*/
-+
-+
-+
- /* Connection handler loop. Wait for connection requests and spawn a
- thread after accepting a connection. */
- static void
-@@ -2430,6 +2458,9 @@ handle_connections (gnupg_fd_t listen_fd,
- HANDLE events[2];
- unsigned int events_set;
- #endif
-+#ifdef HAVE_INOTIFY_INIT
-+ int my_inotify_fd;
-+#endif /*HAVE_INOTIFY_INIT*/
- struct {
- const char *name;
- void *(*func) (void *arg);
-@@ -2467,6 +2498,28 @@ handle_connections (gnupg_fd_t listen_fd,
- # endif
- #endif
-
-+#ifdef HAVE_INOTIFY_INIT
-+ if (disable_check_own_socket)
-+ my_inotify_fd = -1;
-+ else if ((my_inotify_fd = inotify_init ()) == -1)
-+ log_info ("error enabling fast daemon termination: %s\n",
-+ strerror (errno));
-+ else
-+ {
-+ /* We need to watch the directory for the file becuase there
-+ * won't be an IN_DELETE_SELF for a socket file. */
-+ char *slash = strrchr (socket_name, '/');
-+ log_assert (slash && slash[1]);
-+ *slash = 0;
-+ if (inotify_add_watch (my_inotify_fd, socket_name, IN_DELETE) == -1)
-+ {
-+ close (my_inotify_fd);
-+ my_inotify_fd = -1;
-+ }
-+ *slash = '/';
-+ }
-+#endif /*HAVE_INOTIFY_INIT*/
-+
- /* On Windows we need to fire up a separate thread to listen for
- requests from Putty (an SSH client), so we can replace Putty's
- Pageant (its ssh-agent implementation). */
-@@ -2508,6 +2561,14 @@ handle_connections (gnupg_fd_t listen_fd,
- if (FD2INT (listen_fd_ssh) > nfd)
- nfd = FD2INT (listen_fd_ssh);
- }
-+#ifdef HAVE_INOTIFY_INIT
-+ if (my_inotify_fd != -1)
-+ {
-+ FD_SET (my_inotify_fd, &fdset);
-+ if (my_inotify_fd > nfd)
-+ nfd = my_inotify_fd;
-+ }
-+#endif /*HAVE_INOTIFY_INIT*/
-
- listentbl[0].l_fd = listen_fd;
- listentbl[1].l_fd = listen_fd_extra;
-@@ -2582,6 +2643,15 @@ handle_connections (gnupg_fd_t listen_fd,
- ctrl_t ctrl;
- npth_t thread;
-
-+#ifdef HAVE_INOTIFY_INIT
-+ if (my_inotify_fd != -1 && FD_ISSET (my_inotify_fd, &read_fdset)
-+ && my_inotify_is_name (my_inotify_fd, GPG_AGENT_SOCK_NAME))
-+ {
-+ shutdown_pending = 1;
-+ log_info ("socket file has been removed - shutting down\n");
-+ }
-+#endif /*HAVE_INOTIFY_INIT*/
-+
- for (idx=0; idx < DIM(listentbl); idx++)
- {
- if (listentbl[idx].l_fd == GNUPG_INVALID_FD)
-@@ -2628,6 +2698,10 @@ handle_connections (gnupg_fd_t listen_fd,
- }
- }
-
-+#ifdef HAVE_INOTIFY_INIT
-+ if (my_inotify_fd != -1)
-+ close (my_inotify_fd);
-+#endif /*HAVE_INOTIFY_INIT*/
- cleanup ();
- log_info (_("%s %s stopped\n"), strusage(11), strusage(13));
- npth_attr_destroy (&tattr);
-diff --git a/configure.ac b/configure.ac
-index 201b0b8..d452021 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -1389,6 +1389,14 @@ AC_CHECK_FUNCS([memicmp stpcpy strsep strlwr strtoul memmove stricmp strtol \
- flockfile funlockfile getpwnam getpwuid \
- getenv inet_pton strpbrk])
-
-+# See whether libc supports the Linux inotify interface
-+case "${host}" in
-+ *-*-linux*)
-+ AC_CHECK_FUNCS([inotify_init])
-+ ;;
-+esac
-+
-+
- if test "$have_android_system" = yes; then
- # On Android ttyname is a stub but prints an error message.
- AC_DEFINE(HAVE_BROKEN_TTYNAME,1,
diff --git a/debian/patches/0016-dirmngr-Terminate-on-deletion-of-the-socket-file-Lin.patch b/debian/patches/0016-dirmngr-Terminate-on-deletion-of-the-socket-file-Lin.patch
deleted file mode 100644
index 09a0b1a..0000000
--- a/debian/patches/0016-dirmngr-Terminate-on-deletion-of-the-socket-file-Lin.patch
+++ /dev/null
@@ -1,226 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Wed, 7 Sep 2016 12:36:48 +0200
-Subject: dirmngr: Terminate on deletion of the socket file (Linux only).
-
-* dirmngr/dirmngr.c [HAVE_INOTIFY_INIT]: Include sys/inotify.h.
-(oDisableCheckOwnSocket): New.
-(opts): Add --disable-check-own-socket.
-(disable_check_own_socket): New var.
-(parse_rereadable_options): Set that var.
-(my_inotify_is_name) [HAVE_INOTIFY_INIT]: New.
-(handle_connections) [HAVE_INOTIFY_INIT]: New.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- dirmngr/dirmngr.c | 103 +++++++++++++++++++++++++++++++++++++++++++++++++++---
- doc/dirmngr.texi | 6 ++++
- 2 files changed, 105 insertions(+), 4 deletions(-)
-
-diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
-index 0667e59..4a9e638 100644
---- a/dirmngr/dirmngr.c
-+++ b/dirmngr/dirmngr.c
-@@ -39,6 +39,9 @@
- #ifdef HAVE_SIGNAL_H
- # include <signal.h>
- #endif
-+#ifdef HAVE_INOTIFY_INIT
-+# include <sys/inotify.h>
-+#endif /*HAVE_INOTIFY_INIT*/
- #include <npth.h>
-
- #include "dirmngr-err.h"
-@@ -134,6 +137,7 @@ enum cmd_and_opt_values {
- oUseTor,
- oKeyServer,
- oNameServer,
-+ oDisableCheckOwnSocket,
- aTest
- };
-
-@@ -218,6 +222,7 @@ static ARGPARSE_OPTS opts[] = {
- ARGPARSE_s_i (oGnutlsDebug, "gnutls-debug", "@"),
- ARGPARSE_s_i (oGnutlsDebug, "tls-debug", "@"),
- ARGPARSE_s_i (oDebugWait, "debug-wait", "@"),
-+ ARGPARSE_s_n (oDisableCheckOwnSocket, "disable-check-own-socket", "@"),
- ARGPARSE_s_n (oNoGreeting, "no-greeting", "@"),
- ARGPARSE_s_s (oHomedir, "homedir", "@"),
- ARGPARSE_s_s (oLDAPWrapperProgram, "ldap-wrapper-program", "@"),
-@@ -274,6 +279,9 @@ static int opt_gnutls_debug = -1;
- /* Flag indicating that a shutdown has been requested. */
- static volatile int shutdown_pending;
-
-+/* Flags to indicate that we shall not watch our own socket. */
-+static int disable_check_own_socket;
-+
- /* Counter for the active connections. */
- static int active_connections;
-
-@@ -528,6 +536,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
- http_register_tls_ca (NULL);
- FREE_STRLIST (opt.keyserver);
- /* Note: We do not allow resetting of opt.use_tor at runtime. */
-+ disable_check_own_socket = 0;
- return 1;
- }
-
-@@ -554,6 +563,8 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
- }
- break;
-
-+ case oDisableCheckOwnSocket: disable_check_own_socket = 1; break;
-+
- case oLDAPWrapperProgram:
- opt.ldap_wrapper_program = pargs->r.ret_str;
- break;
-@@ -1840,6 +1851,35 @@ start_connection_thread (void *arg)
- }
-
-
-+#ifdef HAVE_INOTIFY_INIT
-+/* Read an inotify event and return true if it matches NAME. */
-+static int
-+my_inotify_is_name (int fd, const char *name)
-+{
-+ union {
-+ struct inotify_event ev;
-+ char _buf[sizeof (struct inotify_event) + 100 + 1];
-+ } buf;
-+ int n;
-+ const char *s;
-+
-+ s = strrchr (name, '/');
-+ if (s && s[1])
-+ name = s + 1;
-+
-+ n = npth_read (fd, &buf, sizeof buf);
-+ if (n < sizeof (struct inotify_event))
-+ return 0;
-+ if (buf.ev.len < strlen (name)+1)
-+ return 0;
-+ if (strcmp (buf.ev.name, name))
-+ return 0; /* Not the desired file. */
-+
-+ return 1; /* Found. */
-+}
-+#endif /*HAVE_INOTIFY_INIT*/
-+
-+
- /* Main loop in daemon mode. */
- static void
- handle_connections (assuan_fd_t listen_fd)
-@@ -1857,6 +1897,9 @@ handle_connections (assuan_fd_t listen_fd)
- struct timespec curtime;
- struct timespec timeout;
- int saved_errno;
-+#ifdef HAVE_INOTIFY_INIT
-+ int my_inotify_fd;
-+#endif /*HAVE_INOTIFY_INIT*/
-
- npth_attr_init (&tattr);
- npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
-@@ -1871,12 +1914,43 @@ handle_connections (assuan_fd_t listen_fd)
- npth_sigev_fini ();
- #endif
-
-+#ifdef HAVE_INOTIFY_INIT
-+ if (disable_check_own_socket)
-+ my_inotify_fd = -1;
-+ else if ((my_inotify_fd = inotify_init ()) == -1)
-+ log_info ("error enabling fast daemon termination: %s\n",
-+ strerror (errno));
-+ else
-+ {
-+ /* We need to watch the directory for the file because there
-+ * won't be an IN_DELETE_SELF for a socket file. */
-+ char *slash = strrchr (socket_name, '/');
-+ log_assert (slash && slash[1]);
-+ *slash = 0;
-+ if (inotify_add_watch (my_inotify_fd, socket_name, IN_DELETE) == -1)
-+ {
-+ close (my_inotify_fd);
-+ my_inotify_fd = -1;
-+ }
-+ *slash = '/';
-+ }
-+#endif /*HAVE_INOTIFY_INIT*/
-+
-+
- /* Setup the fdset. It has only one member. This is because we use
- pth_select instead of pth_accept to properly sync timeouts with
- to full second. */
- FD_ZERO (&fdset);
- FD_SET (FD2INT (listen_fd), &fdset);
- nfd = FD2INT (listen_fd);
-+#ifdef HAVE_INOTIFY_INIT
-+ if (my_inotify_fd != -1)
-+ {
-+ FD_SET (my_inotify_fd, &fdset);
-+ if (my_inotify_fd > nfd)
-+ nfd = my_inotify_fd;
-+ }
-+#endif /*HAVE_INOTIFY_INIT*/
-
- npth_clock_gettime (&abstime);
- abstime.tv_sec += TIMERTICK_INTERVAL;
-@@ -1928,11 +2002,28 @@ handle_connections (assuan_fd_t listen_fd)
- }
-
- if (ret <= 0)
-- /* Interrupt or timeout. Will be handled when calculating the
-- next timeout. */
-- continue;
-+ {
-+ /* Interrupt or timeout. Will be handled when calculating the
-+ next timeout. */
-+ continue;
-+ }
-+
-+ if (shutdown_pending)
-+ {
-+ /* Do not anymore accept connections. */
-+ continue;
-+ }
-+
-+#ifdef HAVE_INOTIFY_INIT
-+ if (my_inotify_fd != -1 && FD_ISSET (my_inotify_fd, &read_fdset)
-+ && my_inotify_is_name (my_inotify_fd, socket_name))
-+ {
-+ shutdown_pending = 1;
-+ log_info ("socket file has been removed - shutting down\n");
-+ }
-+#endif /*HAVE_INOTIFY_INIT*/
-
-- if (!shutdown_pending && FD_ISSET (FD2INT (listen_fd), &read_fdset))
-+ if (FD_ISSET (FD2INT (listen_fd), &read_fdset))
- {
- plen = sizeof paddr;
- fd = INT2FD (npth_accept (FD2INT(listen_fd),
-@@ -1967,6 +2058,10 @@ handle_connections (assuan_fd_t listen_fd)
- }
- }
-
-+#ifdef HAVE_INOTIFY_INIT
-+ if (my_inotify_fd != -1)
-+ close (my_inotify_fd);
-+#endif /*HAVE_INOTIFY_INIT*/
- npth_attr_destroy (&tattr);
- cleanup ();
- log_info ("%s %s stopped\n", strusage(11), strusage(13));
-diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
-index 629e621..43a1d84 100644
---- a/doc/dirmngr.texi
-+++ b/doc/dirmngr.texi
-@@ -213,6 +213,12 @@ When running in server mode, wait @var{n} seconds before entering the
- actual processing loop and print the pid. This gives time to attach a
- debugger.
-
-+ at item --disable-check-own-socket
-+ at opindex disable-check-own-socket
-+On some platforms @command{dirmngr} is able to detect the removal of
-+its socket file and shutdown itself. This option disable this
-+self-test for debugging purposes.
-+
- @item -s
- @itemx --sh
- @itemx -c
diff --git a/debian/patches/0017-gpg-Make-output-work-with-verify.patch b/debian/patches/0017-gpg-Make-output-work-with-verify.patch
deleted file mode 100644
index 7444da0..0000000
--- a/debian/patches/0017-gpg-Make-output-work-with-verify.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Thu, 8 Sep 2016 00:45:45 +0200
-Subject: gpg: Make --output work with --verify.
-
-* g10/mainproc.c (proc_plaintext): Handle opt.output.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- doc/gpg.texi | 16 +++++++++-------
- g10/mainproc.c | 7 ++++++-
- 2 files changed, 15 insertions(+), 8 deletions(-)
-
-diff --git a/doc/gpg.texi b/doc/gpg.texi
-index 7261f48..8fda9ae 100644
---- a/doc/gpg.texi
-+++ b/doc/gpg.texi
-@@ -3421,13 +3421,15 @@ show fingerprint
-
- @item gpg --verify @code{pgpfile}
- @itemx gpg --verify @code{sigfile}
--Verify the signature of the file but do not output the data. The
--second form is used for detached signatures, where @code{sigfile}
--is the detached signature (either ASCII armored or binary) and
--are the signed data; if this is not given, the name of
--the file holding the signed data is constructed by cutting off the
--extension (".asc" or ".sig") of @code{sigfile} or by asking the
--user for the filename.
-+Verify the signature of the file but do not output the data unless
-+requested. The second form is used for detached signatures, where
-+ at code{sigfile} is the detached signature (either ASCII armored or
-+binary) and are the signed data; if this is not given, the name of the
-+file holding the signed data is constructed by cutting off the
-+extension (".asc" or ".sig") of @code{sigfile} or by asking the user
-+for the filename. If the option @option{--output} is also used the
-+signed data is written to the file specified by that option; use
-+ at code{-} to write the signed data to stdout.
- @end table
-
-
-diff --git a/g10/mainproc.c b/g10/mainproc.c
-index 3d3f88b..5f97d45 100644
---- a/g10/mainproc.c
-+++ b/g10/mainproc.c
-@@ -757,7 +757,12 @@ proc_plaintext( CTX c, PACKET *pkt )
-
- if (!rc)
- {
-- rc = handle_plaintext (pt, &c->mfx, c->sigs_only, clearsig);
-+ /* It we are in --verify mode, we do not want to output the
-+ * signed text. However, if --output is also used we do what
-+ * has been requested and write out the signed data. */
-+ rc = handle_plaintext (pt, &c->mfx,
-+ (opt.outfp || opt.outfile)? 0 : c->sigs_only,
-+ clearsig);
- if (gpg_err_code (rc) == GPG_ERR_EACCES && !c->sigs_only)
- {
- /* Can't write output but we hash it anyway to check the
diff --git a/debian/patches/0018-gpg-Add-options-output-and-yes-to-gpgv.patch b/debian/patches/0018-gpg-Add-options-output-and-yes-to-gpgv.patch
deleted file mode 100644
index 54e1c4b..0000000
--- a/debian/patches/0018-gpg-Add-options-output-and-yes-to-gpgv.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Thu, 8 Sep 2016 10:50:51 +0200
-Subject: gpg: Add options --output and --yes to gpgv.
-
-* g10/gpgv.c (oOutput, oAnswerYes): New.
-(opts): Add --output and --yes.
-(main): Implement options.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- doc/gpg.texi | 3 ++-
- doc/gpgv.texi | 10 ++++++++++
- g10/gpgv.c | 7 +++++++
- 3 files changed, 19 insertions(+), 1 deletion(-)
-
-diff --git a/doc/gpg.texi b/doc/gpg.texi
-index 8fda9ae..11456c2 100644
---- a/doc/gpg.texi
-+++ b/doc/gpg.texi
-@@ -2153,7 +2153,8 @@ Assume the input data is not in ASCII armored format.
- @item --output @var{file}
- @itemx -o @var{file}
- @opindex output
--Write output to @var{file}.
-+Write output to @var{file}. To write to stdout use @code{-} as the
-+filename.
-
- @item --max-output @code{n}
- @opindex max-output
-diff --git a/doc/gpgv.texi b/doc/gpgv.texi
-index 1d9a81e..6676bde 100644
---- a/doc/gpgv.texi
-+++ b/doc/gpgv.texi
-@@ -92,6 +92,16 @@ are replaced by the HOME directory. If the filename
- does not contain a slash, it is assumed to be in the
- home-directory ("~/.gnupg" if --homedir is not used).
-
-+ at item --output @var{file}
-+ at itemx -o @var{file}
-+ at opindex output
-+Write output to @var{file}. This option can be used to get the signed
-+text from a cleartext or binary signature; it also works for detached
-+signatures, but in that case this option is in general not
-+useful. Unless you write to stdout (using @code{-} for @var{file}) you
-+should also use the option @option{--yes} to force overwriting an
-+existing file.
-+
- @item --status-fd @var{n}
- @opindex status-fd
- Write special status strings to the file descriptor @var{n}. See the
-diff --git a/g10/gpgv.c b/g10/gpgv.c
-index 4ef3e8b..284595e 100644
---- a/g10/gpgv.c
-+++ b/g10/gpgv.c
-@@ -55,6 +55,7 @@ enum cmd_and_opt_values {
- aNull = 0,
- oQuiet = 'q',
- oVerbose = 'v',
-+ oOutput = 'o',
- oBatch = 500,
- oKeyring,
- oIgnoreTimeConflict,
-@@ -62,6 +63,8 @@ enum cmd_and_opt_values {
- oLoggerFD,
- oHomedir,
- oWeakDigest,
-+ oAnswerYes,
-+ oAnswerNo,
- aTest
- };
-
-@@ -73,6 +76,7 @@ static ARGPARSE_OPTS opts[] = {
- ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")),
- ARGPARSE_s_s (oKeyring, "keyring",
- N_("|FILE|take the keys from the keyring FILE")),
-+ ARGPARSE_s_s (oOutput, "output", N_("|FILE|write output to FILE")),
- ARGPARSE_s_n (oIgnoreTimeConflict, "ignore-time-conflict",
- N_("make timestamp conflicts only a warning")),
- ARGPARSE_s_i (oStatusFD, "status-fd",
-@@ -81,6 +85,7 @@ static ARGPARSE_OPTS opts[] = {
- ARGPARSE_s_s (oHomedir, "homedir", "@"),
- ARGPARSE_s_s (oWeakDigest, "weak-digest",
- N_("|ALGO|reject signatures made with ALGO")),
-+ ARGPARSE_s_n (oAnswerYes, "yes", "@"),
-
- ARGPARSE_end ()
- };
-@@ -188,6 +193,8 @@ main( int argc, char **argv )
- gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
- break;
- case oKeyring: append_to_strlist( &nrings, pargs.r.ret_str); break;
-+ case oOutput: opt.outfile = pargs.r.ret_str; break;
-+ case oAnswerYes: opt.answer_yes = 1; break;
- case oStatusFD: set_status_fd( pargs.r.ret_int ); break;
- case oLoggerFD:
- log_set_fd (translate_sys2libc_fd_int (pargs.r.ret_int, 1));
diff --git a/debian/patches/0019-gpg-Remove-option-yes-from-gpgv.patch b/debian/patches/0019-gpg-Remove-option-yes-from-gpgv.patch
deleted file mode 100644
index 96dab80..0000000
--- a/debian/patches/0019-gpg-Remove-option-yes-from-gpgv.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Thu, 8 Sep 2016 14:34:07 +0200
-Subject: gpg: Remove option --yes from gpgv
-
-* g10/gpgv.c (opts): Remove --yes.
-(main): Always set opt.ANSWER_YES.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- doc/gpgv.texi | 12 ++++++------
- g10/gpgv.c | 5 +----
- 2 files changed, 7 insertions(+), 10 deletions(-)
-
-diff --git a/doc/gpgv.texi b/doc/gpgv.texi
-index 6676bde..9a74c27 100644
---- a/doc/gpgv.texi
-+++ b/doc/gpgv.texi
-@@ -95,12 +95,12 @@ home-directory ("~/.gnupg" if --homedir is not used).
- @item --output @var{file}
- @itemx -o @var{file}
- @opindex output
--Write output to @var{file}. This option can be used to get the signed
--text from a cleartext or binary signature; it also works for detached
--signatures, but in that case this option is in general not
--useful. Unless you write to stdout (using @code{-} for @var{file}) you
--should also use the option @option{--yes} to force overwriting an
--existing file.
-+Write output to @var{file}; to write to stdout use @code{-}. This
-+option can be used to get the signed text from a cleartext or binary
-+signature; it also works for detached signatures, but in that case
-+this option is in general not useful. Note that an existing file will
-+be overwritten.
-+
-
- @item --status-fd @var{n}
- @opindex status-fd
-diff --git a/g10/gpgv.c b/g10/gpgv.c
-index 284595e..81773db 100644
---- a/g10/gpgv.c
-+++ b/g10/gpgv.c
-@@ -63,8 +63,6 @@ enum cmd_and_opt_values {
- oLoggerFD,
- oHomedir,
- oWeakDigest,
-- oAnswerYes,
-- oAnswerNo,
- aTest
- };
-
-@@ -85,7 +83,6 @@ static ARGPARSE_OPTS opts[] = {
- ARGPARSE_s_s (oHomedir, "homedir", "@"),
- ARGPARSE_s_s (oWeakDigest, "weak-digest",
- N_("|ALGO|reject signatures made with ALGO")),
-- ARGPARSE_s_n (oAnswerYes, "yes", "@"),
-
- ARGPARSE_end ()
- };
-@@ -170,6 +167,7 @@ main( int argc, char **argv )
- opt.no_sig_cache = 1;
- opt.flags.require_cross_cert = 1;
- opt.batch = 1;
-+ opt.answer_yes = 1;
-
- opt.weak_digests = NULL;
-
-@@ -194,7 +192,6 @@ main( int argc, char **argv )
- break;
- case oKeyring: append_to_strlist( &nrings, pargs.r.ret_str); break;
- case oOutput: opt.outfile = pargs.r.ret_str; break;
-- case oAnswerYes: opt.answer_yes = 1; break;
- case oStatusFD: set_status_fd( pargs.r.ret_int ); break;
- case oLoggerFD:
- log_set_fd (translate_sys2libc_fd_int (pargs.r.ret_int, 1));
diff --git a/debian/patches/0020-gpg-print-fingerprint-regardless-of-keyid-format.patch b/debian/patches/0020-gpg-print-fingerprint-regardless-of-keyid-format.patch
deleted file mode 100644
index 0117b1b..0000000
--- a/debian/patches/0020-gpg-print-fingerprint-regardless-of-keyid-format.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-Date: Thu, 8 Sep 2016 14:47:04 +0200
-Subject: gpg: print fingerprint regardless of keyid-format
-
-* g10/keylist.c (print_fingerprint): use compact format independent of
- keyid-format; (print_key_line): always print the fingerprint
-
---
-
-The choice of fingerprint display should be independent of the
-keyid-format.
-
-Currently, the representation of the fingerprint changes depending on
-whether the user has specified --keyid-format to anything besides
-"none". (this is common, for example, if someone happens to have
-"keyid-format long" in their gpg.conf for interoperability with older
-versions of gpg)
-
-With this changeset, keyid-format governs only the format of the
-displayed keyID, while the fingerprint display is governed only by the
-fingerprint options:
-
- [default]::
- compact fpr of pubkey only
- --with-fingerprint::
- human-readable form of fpr of pubkey only
- --with-fingerprint --with-fingerprint::
- human-readable form of pubkey and subkey
- --with-subkey-fingerprint:
- compact fpr for pubkey and subkeys
-
-Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
----
- g10/keylist.c | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/g10/keylist.c b/g10/keylist.c
-index 59344b2..a71effc 100644
---- a/g10/keylist.c
-+++ b/g10/keylist.c
-@@ -1679,7 +1679,7 @@ print_fingerprint (estream_t override_fp, PKT_public_key *pk, int mode)
- }
-
- if (!opt.fingerprint && !opt.with_fingerprint
-- && opt.with_subkey_fingerprint && opt.keyid_format == KF_NONE)
-+ && opt.with_subkey_fingerprint)
- compact = 1;
-
- if (pk->main_keyid[0] == pk->keyid[0]
-@@ -1871,7 +1871,10 @@ print_key_line (estream_t fp, PKT_public_key *pk, int secret)
-
- tty_fprintf (fp, "\n");
-
-- if (pk->flags.primary && opt.keyid_format == KF_NONE)
-+ /* if the user hasn't explicitly asked for human-readable
-+ fingerprints, show compact fpr of primary key: */
-+ if (pk->flags.primary &&
-+ !opt.fingerprint && !opt.with_fingerprint)
- print_fingerprint (fp, pk, 20);
- }
-
diff --git a/debian/patches/0021-spelling-conenction-should-be-connection.patch b/debian/patches/0021-spelling-conenction-should-be-connection.patch
deleted file mode 100644
index 270a825..0000000
--- a/debian/patches/0021-spelling-conenction-should-be-connection.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-Date: Wed, 14 Sep 2016 17:20:26 -0400
-Subject: spelling: conenction should be connection
-
-* dirmngr/server.c, sm/server.c: s/conenction/connection/
-
-Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
----
- dirmngr/server.c | 2 +-
- sm/server.c | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/dirmngr/server.c b/dirmngr/server.c
-index 3ac4160..fe87bbe 100644
---- a/dirmngr/server.c
-+++ b/dirmngr/server.c
-@@ -275,7 +275,7 @@ strcpy_escaped_plus (char *d, const unsigned char *s)
-
-
- /* This function returns true if a Tor server is running. The sattus
-- is cached for the current conenction. */
-+ is cached for the current connection. */
- static int
- is_tor_running (ctrl_t ctrl)
- {
-diff --git a/sm/server.c b/sm/server.c
-index ce8085d..b4fcb43 100644
---- a/sm/server.c
-+++ b/sm/server.c
-@@ -1099,7 +1099,7 @@ static const char hlp_getinfo[] =
- " agent-check - Return success if the agent is running.\n"
- " cmd_has_option CMD OPT\n"
- " - Returns OK if the command CMD implements the option OPT.\n"
-- " offline - Returns OK if the conenction is in offline mode.";
-+ " offline - Returns OK if the connection is in offline mode.";
- static gpg_error_t
- cmd_getinfo (assuan_context_t ctx, char *line)
- {
diff --git a/debian/patches/0022-gpg-Improve-usability-of-quick-gen-key.patch b/debian/patches/0022-gpg-Improve-usability-of-quick-gen-key.patch
deleted file mode 100644
index 0b49e68..0000000
--- a/debian/patches/0022-gpg-Improve-usability-of-quick-gen-key.patch
+++ /dev/null
@@ -1,224 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Tue, 13 Sep 2016 11:30:54 +0200
-Subject: gpg: Improve usability of --quick-gen-key.
-
-* g10/keygen.c (FUTURE_STD_): New constants.
-(parse_expire_string): Handle special keywords.
-(parse_algo_usage_expire): Allow "future-default". Simplify call to
-parse_expire_string.
-(quick_generate_keypair): Always allow an expiration date. Replace
-former "test-default" by "future-default".
---
-
-Using an expiration date is pretty common, thus we now allow the
-creation of a standard key with expiration date.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- doc/gpg.texi | 30 ++++++++++++---------
- g10/keyedit.c | 2 +-
- g10/keygen.c | 86 +++++++++++++++++++++++++++++++++++++++++++----------------
- 3 files changed, 81 insertions(+), 37 deletions(-)
-
-diff --git a/doc/gpg.texi b/doc/gpg.texi
-index 11456c2..b9ca8da 100644
---- a/doc/gpg.texi
-+++ b/doc/gpg.texi
-@@ -615,12 +615,14 @@ answer to a ``Continue?'' style confirmation prompt is required. In
- case the user id already exists in the key ring a second prompt to
- force the creation of the key will show up.
-
--If any of the optional arguments are given, only the primary key is
--created and no prompts are shown. For a description of these optional
--arguments see the command @code{--quick-addkey}. The @code{usage}
--accepts also the value ``cert'' which can be used to create a
--certification only primary key; the default is to a create
--certification and signing key.
-+If @code{algo} or @code{usage} are given, only the primary key is
-+created and no prompts are shown. To specify an expiration date but
-+still create a primary and subkey use ``default'' or
-+``future-default'' for @code{algo} and ``default'' for @code{usage}.
-+For a description of these optional arguments see the command
-+ at code{--quick-addkey}. The @code{usage} accepts also the value
-+``cert'' which can be used to create a certification only primary key;
-+the default is to a create certification and signing key.
-
- If this command is used with @option{--batch},
- @option{--pinentry-mode} has been set to @code{loopback}, and one of
-@@ -637,13 +639,15 @@ Directly add a subkey to the key identified by the fingerprint
- added. If any of the arguments are given a more specific subkey is
- added.
-
-- at code{algo} may be any of the supported algorithms or curve names given
--in the format as used by key listings. To use the default algorithm
--the string ``default'' or ``-'' can be used. Supported algorithms are
--``rsa'', ``dsa'', ``elg'', ``ed25519'', ``cv25519'', and other ECC
--curves. For example the string ``rsa'' adds an RSA key with the
--default key length; a string ``rsa4096'' requests that the key length
--is 4096 bits.
-+ at code{algo} may be any of the supported algorithms or curve names
-+given in the format as used by key listings. To use the default
-+algorithm the string ``default'' or ``-'' can be used. Supported
-+algorithms are ``rsa'', ``dsa'', ``elg'', ``ed25519'', ``cv25519'',
-+and other ECC curves. For example the string ``rsa'' adds an RSA key
-+with the default key length; a string ``rsa4096'' requests that the
-+key length is 4096 bits. The string ``future-default'' is an alias
-+for the algorithm which will likely be used as default algorithm in
-+future versions of gpg.
-
- Depending on the given @code{algo} the subkey may either be an
- encryption subkey or a signing subkey. If an algorithm is capable of
-diff --git a/g10/keyedit.c b/g10/keyedit.c
-index 4c833f8..baee180 100644
---- a/g10/keyedit.c
-+++ b/g10/keyedit.c
-@@ -3304,7 +3304,7 @@ keyedit_quick_addkey (ctrl_t ctrl, const char *fpr, const char *algostr,
- goto leave;
- }
-
-- /* Create the subkey. Noet that the called function already prints
-+ /* Create the subkey. Note that the called function already prints
- * an error message. */
- if (!generate_subkeypair (ctrl, keyblock, algostr, usagestr, expirestr))
- modified = 1;
-diff --git a/g10/keygen.c b/g10/keygen.c
-index 2b3d328..e897075 100644
---- a/g10/keygen.c
-+++ b/g10/keygen.c
-@@ -58,6 +58,15 @@
- #define DEFAULT_STD_SUBKEYUSE PUBKEY_USAGE_ENC
- #define DEFAULT_STD_SUBCURVE NULL
-
-+#define FUTURE_STD_ALGO PUBKEY_ALGO_EDDSA
-+#define FUTURE_STD_KEYSIZE 0
-+#define FUTURE_STD_KEYUSE (PUBKEY_USAGE_CERT|PUBKEY_USAGE_SIG)
-+#define FUTURE_STD_CURVE "Ed25519"
-+#define FUTURE_STD_SUBALGO PUBKEY_ALGO_ECDH
-+#define FUTURE_STD_SUBKEYSIZE 0
-+#define FUTURE_STD_SUBKEYUSE PUBKEY_USAGE_ENC
-+#define FUTURE_STD_SUBCURVE "Curve25519"
-+
- /* Flag bits used during key generation. */
- #define KEYGEN_FLAG_NO_PROTECTION 1
- #define KEYGEN_FLAG_TRANSIENT_KEY 2
-@@ -2330,7 +2339,8 @@ parse_expire_string( const char *string )
- u32 curtime = make_timestamp ();
- time_t tt;
-
-- if (!*string)
-+ if (!string || !*string || !strcmp (string, "none")
-+ || !strcmp (string, "never") || !strcmp (string, "-"))
- seconds = 0;
- else if (!strncmp (string, "seconds=", 8))
- seconds = atoi (string+8);
-@@ -2347,7 +2357,7 @@ parse_expire_string( const char *string )
- return seconds;
- }
-
--/* Parsean Creation-Date string which is either "1986-04-26" or
-+/* Parse a Creation-Date string which is either "1986-04-26" or
- "19860426T042640". Returns 0 on error. */
- static u32
- parse_creation_string (const char *string)
-@@ -3612,12 +3622,49 @@ quick_generate_keypair (ctrl_t ctrl, const char *uid, const char *algostr,
- }
-
-
-- if (!strcmp (algostr, "test-default"))
-+ if ((!*algostr || !strcmp (algostr, "default")
-+ || !strcmp (algostr, "future-default"))
-+ && (!*usagestr || !strcmp (usagestr, "default")
-+ || !strcmp (usagestr, "-")))
- {
-- para = quickgen_set_para (para, 0, PUBKEY_ALGO_EDDSA, 0, "Ed25519", 0);
-- para = quickgen_set_para (para, 1, PUBKEY_ALGO_ECDH, 0, "Curve25519", 0);
-+ if (!strcmp (algostr, "future-default"))
-+ {
-+ para = quickgen_set_para (para, 0,
-+ FUTURE_STD_ALGO, FUTURE_STD_KEYSIZE,
-+ FUTURE_STD_CURVE, 0);
-+ para = quickgen_set_para (para, 1,
-+ FUTURE_STD_SUBALGO, FUTURE_STD_SUBKEYSIZE,
-+ FUTURE_STD_SUBCURVE, 0);
-+ }
-+ else
-+ {
-+ para = quickgen_set_para (para, 0,
-+ DEFAULT_STD_ALGO, DEFAULT_STD_KEYSIZE,
-+ DEFAULT_STD_CURVE, 0);
-+ para = quickgen_set_para (para, 1,
-+ DEFAULT_STD_SUBALGO, DEFAULT_STD_SUBKEYSIZE,
-+ DEFAULT_STD_SUBCURVE, 0);
-+ }
-+
-+ if (*expirestr)
-+ {
-+ u32 expire;
-+
-+ expire = parse_expire_string (expirestr);
-+ if (expire == (u32)-1 )
-+ {
-+ err = gpg_error (GPG_ERR_INV_VALUE);
-+ log_error (_("Key generation failed: %s\n"), gpg_strerror (err));
-+ goto leave;
-+ }
-+ r = xmalloc_clear (sizeof *r + 20);
-+ r->key = pKEYEXPIRE;
-+ r->u.expire = expire;
-+ r->next = para;
-+ para = r;
-+ }
- }
-- else if (*algostr || *usagestr || *expirestr)
-+ else
- {
- /* Extended unattended mode. Creates only the primary key. */
- int algo;
-@@ -3641,15 +3688,6 @@ quick_generate_keypair (ctrl_t ctrl, const char *uid, const char *algostr,
- r->next = para;
- para = r;
- }
-- else
-- {
-- para = quickgen_set_para (para, 0,
-- DEFAULT_STD_ALGO, DEFAULT_STD_KEYSIZE,
-- DEFAULT_STD_CURVE, 0);
-- para = quickgen_set_para (para, 1,
-- DEFAULT_STD_SUBALGO, DEFAULT_STD_SUBKEYSIZE,
-- DEFAULT_STD_SUBCURVE, 0);
-- }
-
- /* If the pinentry loopback mode is not and we have a static
- passphrase (i.e. set with --passphrase{,-fd,-file} while in batch
-@@ -4416,9 +4454,15 @@ parse_algo_usage_expire (ctrl_t ctrl, int for_subkey,
- if (!algostr || !*algostr
- || !strcmp (algostr, "default") || !strcmp (algostr, "-"))
- {
-- algo = for_subkey? DEFAULT_STD_SUBALGO : DEFAULT_STD_ALGO;
-- use = for_subkey? DEFAULT_STD_SUBKEYUSE : DEFAULT_STD_KEYUSE;
-- nbits = for_subkey?DEFAULT_STD_SUBKEYSIZE : DEFAULT_STD_KEYSIZE;
-+ algo = for_subkey? DEFAULT_STD_SUBALGO : DEFAULT_STD_ALGO;
-+ use = for_subkey? DEFAULT_STD_SUBKEYUSE : DEFAULT_STD_KEYUSE;
-+ nbits = for_subkey? DEFAULT_STD_SUBKEYSIZE : DEFAULT_STD_KEYSIZE;
-+ }
-+ else if (!strcmp (algostr, "future-default"))
-+ {
-+ algo = for_subkey? FUTURE_STD_SUBALGO : FUTURE_STD_ALGO;
-+ use = for_subkey? FUTURE_STD_SUBKEYUSE : FUTURE_STD_KEYUSE;
-+ nbits = for_subkey? FUTURE_STD_SUBKEYSIZE : FUTURE_STD_KEYSIZE;
- }
- else if (*algostr == '&' && strlen (algostr) == 41)
- {
-@@ -4490,11 +4534,7 @@ parse_algo_usage_expire (ctrl_t ctrl, int for_subkey,
- return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
-
- /* Parse the expire string. */
-- if (!expirestr || !*expirestr || !strcmp (expirestr, "none")
-- || !strcmp (expirestr, "never") || !strcmp (expirestr, "-"))
-- expire = 0;
-- else
-- expire = parse_expire_string (expirestr);
-+ expire = parse_expire_string (expirestr);
- if (expire == (u32)-1 )
- return gpg_error (GPG_ERR_INV_VALUE);
-
diff --git a/debian/patches/0023-gpg-Allow-use-of-default-algo-for-quick-addkey.patch b/debian/patches/0023-gpg-Allow-use-of-default-algo-for-quick-addkey.patch
deleted file mode 100644
index b622874..0000000
--- a/debian/patches/0023-gpg-Allow-use-of-default-algo-for-quick-addkey.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Wed, 14 Sep 2016 09:46:10 +0200
-Subject: gpg: Allow use of "default" algo for--quick-addkey.
-
-* g10/keygen.c (quick_generate_keypair): Write a status error.
-(parse_algo_usage_expire): Set a default curve.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- g10/keygen.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/g10/keygen.c b/g10/keygen.c
-index e897075..9cf314d 100644
---- a/g10/keygen.c
-+++ b/g10/keygen.c
-@@ -3614,6 +3614,7 @@ quick_generate_keypair (ctrl_t ctrl, const char *uid, const char *algostr,
- || !cpr_get_answer_is_yes_def ("quick_keygen.force",
- _("Create anyway? (y/N) "), 0))
- {
-+ write_status_error ("genkey", gpg_error (304));
- log_inc_errorcount (); /* we used log_info */
- goto leave;
- }
-@@ -4457,12 +4458,14 @@ parse_algo_usage_expire (ctrl_t ctrl, int for_subkey,
- algo = for_subkey? DEFAULT_STD_SUBALGO : DEFAULT_STD_ALGO;
- use = for_subkey? DEFAULT_STD_SUBKEYUSE : DEFAULT_STD_KEYUSE;
- nbits = for_subkey? DEFAULT_STD_SUBKEYSIZE : DEFAULT_STD_KEYSIZE;
-+ curve = for_subkey? DEFAULT_STD_SUBCURVE : DEFAULT_STD_CURVE;
- }
- else if (!strcmp (algostr, "future-default"))
- {
- algo = for_subkey? FUTURE_STD_SUBALGO : FUTURE_STD_ALGO;
- use = for_subkey? FUTURE_STD_SUBKEYUSE : FUTURE_STD_KEYUSE;
- nbits = for_subkey? FUTURE_STD_SUBKEYSIZE : FUTURE_STD_KEYSIZE;
-+ curve = for_subkey? FUTURE_STD_SUBCURVE : FUTURE_STD_CURVE;
- }
- else if (*algostr == '&' && strlen (algostr) == 41)
- {
diff --git a/debian/patches/0024-gpg-Emit-a-new-error-status-line-in-quick-adduid.patch b/debian/patches/0024-gpg-Emit-a-new-error-status-line-in-quick-adduid.patch
deleted file mode 100644
index fd4276f..0000000
--- a/debian/patches/0024-gpg-Emit-a-new-error-status-line-in-quick-adduid.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Wed, 14 Sep 2016 10:59:18 +0200
-Subject: gpg: Emit a new error status line in --quick-adduid.
-
-* g10/keyedit.c (menu_adduid): Emit an ERROR status for an existsing
-user id.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- g10/keyedit.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/g10/keyedit.c b/g10/keyedit.c
-index baee180..25f61ec 100644
---- a/g10/keyedit.c
-+++ b/g10/keyedit.c
-@@ -4308,7 +4308,10 @@ menu_adduid (ctrl_t ctrl, kbnode_t pub_keyblock,
- if (!uid)
- {
- if (uidstring)
-- log_error ("%s", _("Such a user ID already exists on this key!\n"));
-+ {
-+ write_status_error ("adduid", gpg_error (304));
-+ log_error ("%s", _("Such a user ID already exists on this key!\n"));
-+ }
- return 0;
- }
-
diff --git a/debian/patches/0025-tests-gpgscm-Fix-use-of-pointer.patch b/debian/patches/0025-tests-gpgscm-Fix-use-of-pointer.patch
deleted file mode 100644
index 9a1e0cf..0000000
--- a/debian/patches/0025-tests-gpgscm-Fix-use-of-pointer.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Thu, 15 Sep 2016 09:17:59 +0900
-Subject: tests/gpgscm: Fix use of pointer.
-
-* tests/gpgscm/scheme-private.h (struct scheme): Use (void *) for
-alloc_seg.
-* tests/gpgscm/scheme.c (alloc_cellseg): Use (void *) for cp. Use
-(void *) for coercion of address calculation.
-
---
-
-In old C language, (char *) means an address. In modern C, it's
-specifically an address with alignment=1. It's good to use (void *) for
-an address, because newer compiler emits warnings. Note: in this
-particular case, it is just a warning and the code is safe against
-invalid alignment, though.
-
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- tests/gpgscm/scheme-private.h | 2 +-
- tests/gpgscm/scheme.c | 6 +++---
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/tests/gpgscm/scheme-private.h b/tests/gpgscm/scheme-private.h
-index 9eafe76..727e0c0 100644
---- a/tests/gpgscm/scheme-private.h
-+++ b/tests/gpgscm/scheme-private.h
-@@ -78,7 +78,7 @@ int tracing;
- #ifndef CELL_NSEGMENT
- #define CELL_NSEGMENT 10 /* # of segments for cells */
- #endif
--char *alloc_seg[CELL_NSEGMENT];
-+void *alloc_seg[CELL_NSEGMENT];
- pointer cell_seg[CELL_NSEGMENT];
- int last_cell_seg;
-
-diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c
-index 987f5af..f5299fe 100644
---- a/tests/gpgscm/scheme.c
-+++ b/tests/gpgscm/scheme.c
-@@ -602,7 +602,7 @@ static int alloc_cellseg(scheme *sc, int n) {
- pointer newp;
- pointer last;
- pointer p;
-- char *cp;
-+ void *cp;
- long i;
- int k;
- int adj=ADJ;
-@@ -614,14 +614,14 @@ static int alloc_cellseg(scheme *sc, int n) {
- for (k = 0; k < n; k++) {
- if (sc->last_cell_seg >= CELL_NSEGMENT - 1)
- return k;
-- cp = (char*) sc->malloc(CELL_SEGSIZE * sizeof(struct cell)+adj);
-+ cp = sc->malloc(CELL_SEGSIZE * sizeof(struct cell)+adj);
- if (cp == 0)
- return k;
- i = ++sc->last_cell_seg ;
- sc->alloc_seg[i] = cp;
- /* adjust in TYPE_BITS-bit boundary */
- if(((unsigned long)cp)%adj!=0) {
-- cp=(char*)(adj*((unsigned long)cp/adj+1));
-+ cp=(void *)(adj*((unsigned long)cp/adj+1));
- }
- /* insert new segment in address order */
- newp=(pointer)cp;
diff --git a/debian/patches/0026-scd-Add-support-of-ECC-pubkey-attribute.patch b/debian/patches/0026-scd-Add-support-of-ECC-pubkey-attribute.patch
deleted file mode 100644
index ee149d0..0000000
--- a/debian/patches/0026-scd-Add-support-of-ECC-pubkey-attribute.patch
+++ /dev/null
@@ -1,208 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Fri, 16 Sep 2016 15:20:32 +0900
-Subject: scd: Add support of ECC pubkey attribute.
-
-* scd/app-openpgp.c (ECC_FLAG_PUBKEY): New.
-(send_key_attr, get_public_key, ecc_writekey, do_auth, do_decipher)
-(parse_algorithm_attribute): Check ECC_FLAG_DJB_TWEAK.
-(build_ecc_privkey_template): Add ECC_Q and ECC_Q_LEN.
-Support offering public key when ECC_FLAG_PUBKEY sets.
-(ecc_writekey): Supply ECC_Q and ECC_Q_LEN.
-(parse_algorithm_attribute): Parse pubkey-required byte.
-
---
-
-OpenPGPcard protocol specification version 3.2 supports algorithm
-attributes for ECC key which specifies public key data is required for
-"keytocard" command. This change supports the feature.
-
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- scd/app-openpgp.c | 61 ++++++++++++++++++++++++++++++++++++++++---------------
- 1 file changed, 45 insertions(+), 16 deletions(-)
-
-diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
-index 7dd1566..563a045 100644
---- a/scd/app-openpgp.c
-+++ b/scd/app-openpgp.c
-@@ -236,6 +236,7 @@ struct app_local_s {
- };
-
- #define ECC_FLAG_DJB_TWEAK (1 << 0)
-+#define ECC_FLAG_PUBKEY (1 << 1)
-
-
- /***** Local prototypes *****/
-@@ -910,7 +911,7 @@ send_key_attr (ctrl_t ctrl, app_t app, const char *keyword, int keyno)
- snprintf (buffer, sizeof buffer, "%d %d %s",
- keyno+1,
- keyno==1? PUBKEY_ALGO_ECDH :
-- app->app_local->keyattr[keyno].ecc.flags?
-+ (app->app_local->keyattr[keyno].ecc.flags & ECC_FLAG_DJB_TWEAK)?
- PUBKEY_ALGO_EDDSA : PUBKEY_ALGO_ECDSA,
- openpgp_oid_to_curve (app->app_local->keyattr[keyno].ecc.oid, 0));
- }
-@@ -1387,7 +1388,7 @@ get_public_key (app_t app, int keyno)
-
- if ((app->app_local->keyattr[keyno].key_type == KEY_TYPE_RSA
- || (app->app_local->keyattr[keyno].key_type == KEY_TYPE_ECC
-- && !app->app_local->keyattr[keyno].ecc.flags))
-+ && !(app->app_local->keyattr[keyno].ecc.flags & ECC_FLAG_DJB_TWEAK)))
- && mlen && (*m & 0x80))
- { /* Prepend numbers with a 0 if needed for MPI. */
- *mbuf = 0;
-@@ -1395,7 +1396,7 @@ get_public_key (app_t app, int keyno)
- mlen++;
- }
- else if (app->app_local->keyattr[keyno].key_type == KEY_TYPE_ECC
-- && app->app_local->keyattr[keyno].ecc.flags)
-+ && (app->app_local->keyattr[keyno].ecc.flags & ECC_FLAG_DJB_TWEAK))
- { /* Prepend 0x40 prefix. */
- *mbuf = 0x40;
- memcpy (mbuf+1, m, mlen);
-@@ -1429,7 +1430,7 @@ get_public_key (app_t app, int keyno)
- {
- char *format;
-
-- if (!app->app_local->keyattr[keyno].ecc.flags)
-+ if (!(app->app_local->keyattr[keyno].ecc.flags & ECC_FLAG_DJB_TWEAK))
- format = "(public-key(ecc(curve%s)(q%b)))";
- else if (keyno == 1)
- format = "(public-key(ecc(curve%s)(flags djb-tweak)(q%b)))";
-@@ -2633,9 +2634,10 @@ build_privkey_template (app_t app, int keyno,
- static gpg_error_t
- build_ecc_privkey_template (app_t app, int keyno,
- const unsigned char *ecc_d, size_t ecc_d_len,
-+ const unsigned char *ecc_q, size_t ecc_q_len,
- unsigned char **result, size_t *resultlen)
- {
-- unsigned char privkey[2];
-+ unsigned char privkey[2+2];
- size_t privkey_len;
- unsigned char exthdr[2+2+1];
- size_t exthdr_len;
-@@ -2645,8 +2647,10 @@ build_ecc_privkey_template (app_t app, int keyno,
- size_t datalen;
- unsigned char *template;
- size_t template_size;
-+ int pubkey_required;
-
-- (void)app;
-+ pubkey_required = !!(app->app_local->keyattr[keyno].ecc.flags
-+ & ECC_FLAG_PUBKEY);
-
- *result = NULL;
- *resultlen = 0;
-@@ -2658,8 +2662,15 @@ build_ecc_privkey_template (app_t app, int keyno,
- tp += add_tlv (tp, 0x92, ecc_d_len);
- datalen += ecc_d_len;
-
-+ if (pubkey_required)
-+ {
-+ tp += add_tlv (tp, 0x99, ecc_q_len);
-+ datalen += ecc_q_len;
-+ }
-+
- privkey_len = tp - privkey;
-
-+
- /* Build the extended header list without the private key template. */
- tp = exthdr;
- *tp++ = keyno ==0 ? 0xb6 : keyno == 1? 0xb8 : 0xa4;
-@@ -2693,6 +2704,12 @@ build_ecc_privkey_template (app_t app, int keyno,
- memcpy (tp, ecc_d, ecc_d_len);
- tp += ecc_d_len;
-
-+ if (pubkey_required)
-+ {
-+ memcpy (tp, ecc_q, ecc_q_len);
-+ tp += ecc_q_len;
-+ }
-+
- assert (tp - template == template_size);
-
- *result = template;
-@@ -3348,7 +3365,8 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
-
- if (app->app_local->keyattr[keyno].key_type != KEY_TYPE_ECC
- || app->app_local->keyattr[keyno].ecc.oid != oidstr
-- || app->app_local->keyattr[keyno].ecc.flags != flag_djb_tweak)
-+ || (flag_djb_tweak !=
-+ (app->app_local->keyattr[keyno].ecc.flags & ECC_FLAG_DJB_TWEAK)))
- {
- if (app->app_local->extcap.algo_attr_change)
- {
-@@ -3387,6 +3405,7 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
-
- err = build_ecc_privkey_template (app, keyno,
- ecc_d, ecc_d_len,
-+ ecc_q, ecc_q_len,
- &template, &template_len);
- if (err)
- goto leave;
-@@ -3991,7 +4010,7 @@ do_auth (app_t app, const char *keyidstr,
-
- if (app->app_local->keyattr[2].key_type == KEY_TYPE_ECC)
- {
-- if (!app->app_local->keyattr[2].ecc.flags
-+ if (!(app->app_local->keyattr[2].ecc.flags & ECC_FLAG_DJB_TWEAK)
- && (indatalen == 51 || indatalen == 67 || indatalen == 83))
- {
- const char *p = (const char *)indata + 19;
-@@ -4190,7 +4209,7 @@ do_decipher (app_t app, const char *keyidstr,
- {
- int old_format_len = 0;
-
-- if (app->app_local->keyattr[1].ecc.flags)
-+ if ((app->app_local->keyattr[1].ecc.flags & ECC_FLAG_DJB_TWEAK))
- {
- if (indatalen > 32 && (indatalen % 2))
- { /*
-@@ -4258,7 +4277,7 @@ do_decipher (app_t app, const char *keyidstr,
- outdata, outdatalen);
- xfree (fixbuf);
- if (app->app_local->keyattr[1].key_type == KEY_TYPE_ECC
-- && app->app_local->keyattr[1].ecc.flags)
-+ && (app->app_local->keyattr[1].ecc.flags & ECC_FLAG_DJB_TWEAK))
- { /* Add the prefix 0x40 */
- fixbuf = xtrymalloc (*outdatalen + 1);
- if (!fixbuf)
-@@ -4550,7 +4569,19 @@ parse_algorithm_attribute (app_t app, int keyno)
- else if (*buffer == PUBKEY_ALGO_ECDH || *buffer == PUBKEY_ALGO_ECDSA
- || *buffer == PUBKEY_ALGO_EDDSA)
- {
-- const char *oid = ecc_oid (buffer + 1, buflen - 1);
-+ const char *oid;
-+ int oidlen = buflen - 1;
-+
-+ app->app_local->keyattr[keyno].ecc.flags = 0;
-+
-+ if (buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff)
-+ { /* Found "pubkey required"-byte for private key template. */
-+ oidlen--;
-+ if (buffer[buflen-1] == 0xff)
-+ app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_PUBKEY;
-+ }
-+
-+ oid = ecc_oid (buffer + 1, oidlen);
-
- if (!oid)
- log_printhex ("Curve with OID not supported: ", buffer+1, buflen-1);
-@@ -4562,14 +4593,12 @@ parse_algorithm_attribute (app_t app, int keyno)
- || (*buffer == PUBKEY_ALGO_ECDH
- && !strcmp (app->app_local->keyattr[keyno].ecc.oid,
- "1.3.6.1.4.1.3029.1.5.1")))
-- app->app_local->keyattr[keyno].ecc.flags = ECC_FLAG_DJB_TWEAK;
-- else
-- app->app_local->keyattr[keyno].ecc.flags = 0;
-+ app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_DJB_TWEAK;
- if (opt.verbose)
- log_printf
- ("ECC, curve=%s%s\n", app->app_local->keyattr[keyno].ecc.oid,
-- !app->app_local->keyattr[keyno].ecc.flags ? "":
-- keyno==1? " (djb-tweak)": " (eddsa)");
-+ !(app->app_local->keyattr[keyno].ecc.flags & ECC_FLAG_DJB_TWEAK)?
-+ "": keyno==1? " (djb-tweak)": " (eddsa)");
- }
- }
- else if (opt.verbose)
diff --git a/debian/patches/0027-gpg-Avoid-malloc-failure-due-to-no-key-signatures.patch b/debian/patches/0027-gpg-Avoid-malloc-failure-due-to-no-key-signatures.patch
deleted file mode 100644
index b293be4..0000000
--- a/debian/patches/0027-gpg-Avoid-malloc-failure-due-to-no-key-signatures.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Mon, 19 Sep 2016 08:27:23 +0200
-Subject: gpg: Avoid malloc failure due to no key signatures
-
-* g10/keyedit.c (check_all_keysigs): Check early for no key
-signatures. Use xtrycalloc.
---
-
-GnuPG-bug-id: 2690
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- g10/keyedit.c | 27 +++++++++++++++++++--------
- 1 file changed, 19 insertions(+), 8 deletions(-)
-
-diff --git a/g10/keyedit.c b/g10/keyedit.c
-index 25f61ec..26b25aa 100644
---- a/g10/keyedit.c
-+++ b/g10/keyedit.c
-@@ -408,20 +408,31 @@ check_all_keysigs (KBNODE kb, int only_selected, int only_selfsigs)
-
- /* First we look for duplicates. */
- {
-- int nsigs = 0;
-- KBNODE *sigs;
-+ int nsigs;
-+ kbnode_t *sigs;
- int i;
- int last_i;
-
- /* Count the sigs. */
-- for (n = kb; n; n = n->next)
-- if (is_deleted_kbnode (n))
-- continue;
-- else if (n->pkt->pkttype == PKT_SIGNATURE)
-- nsigs ++;
-+ for (nsigs = 0, n = kb; n; n = n->next)
-+ {
-+ if (is_deleted_kbnode (n))
-+ continue;
-+ else if (n->pkt->pkttype == PKT_SIGNATURE)
-+ nsigs ++;
-+ }
-+
-+ if (!nsigs)
-+ return 0; /* No signatures at all. */
-
- /* Add them all to the SIGS array. */
-- sigs = xmalloc_clear (sizeof (*sigs) * nsigs);
-+ sigs = xtrycalloc (nsigs, sizeof *sigs);
-+ if (!sigs)
-+ {
-+ log_error (_("error allocating memory: %s\n"),
-+ gpg_strerror (gpg_error_from_syserror ()));
-+ return 0;
-+ }
-
- i = 0;
- for (n = kb; n; n = n->next)
diff --git a/debian/patches/0028-gpgscm-Fix-gcrypt-version-check.patch b/debian/patches/0028-gpgscm-Fix-gcrypt-version-check.patch
deleted file mode 100644
index b5d90f4..0000000
--- a/debian/patches/0028-gpgscm-Fix-gcrypt-version-check.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Mon, 19 Sep 2016 08:41:51 +0200
-Subject: gpgscm: Fix gcrypt version check.
-
-* tests/gpgscm/main.c (main): Check against required and not installed
-version.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- tests/gpgscm/main.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tests/gpgscm/main.c b/tests/gpgscm/main.c
-index 34ebb9f..6dcc923 100644
---- a/tests/gpgscm/main.c
-+++ b/tests/gpgscm/main.c
-@@ -222,7 +222,7 @@ main (int argc, char **argv)
- i18n_init ();
- init_common_subsystems (&argc, &argv);
-
-- if (!gcry_check_version (GCRYPT_VERSION))
-+ if (!gcry_check_version (NEED_LIBGCRYPT_VERSION))
- {
- fputs ("libgcrypt version mismatch\n", stderr);
- exit (2);
diff --git a/debian/patches/0029-dirmngr-Silence-diagnostics-about-starting-housekeep.patch b/debian/patches/0029-dirmngr-Silence-diagnostics-about-starting-housekeep.patch
deleted file mode 100644
index a09115a..0000000
--- a/debian/patches/0029-dirmngr-Silence-diagnostics-about-starting-housekeep.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Mon, 19 Sep 2016 11:47:29 +0200
-Subject: dirmngr: Silence diagnostics about starting housekeeping.
-
-* dirmngr/dirmngr.c (housekeeping_thread): Print info only in very
-verbose mode.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- dirmngr/dirmngr.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
-index 4a9e638..7be18cc 100644
---- a/dirmngr/dirmngr.c
-+++ b/dirmngr/dirmngr.c
-@@ -1715,12 +1715,12 @@ housekeeping_thread (void *arg)
- return NULL;
- }
- sentinel++;
-- if (opt.verbose)
-+ if (opt.verbose > 1)
- log_info ("starting housekeeping\n");
-
- ks_hkp_housekeeping (curtime);
-
-- if (opt.verbose)
-+ if (opt.verbose > 1)
- log_info ("ready with housekeeping\n");
- sentinel--;
- return NULL;
diff --git a/debian/patches/0030-gpg-Fix-regression-in-fingerprint-printing.patch b/debian/patches/0030-gpg-Fix-regression-in-fingerprint-printing.patch
deleted file mode 100644
index 853da97..0000000
--- a/debian/patches/0030-gpg-Fix-regression-in-fingerprint-printing.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Mon, 19 Sep 2016 17:47:56 +0200
-Subject: gpg: Fix regression in fingerprint printing.
-
-* g10/keylist.c (list_keyblock_print): Do not depend calling
-print_fingerprint on opt.keyid_format.
---
-
-Regression-due-to: d757009a24eb856770fc3a3729e2f21f54d2a618
-Debian-bug-id: 838153
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- g10/keylist.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/g10/keylist.c b/g10/keylist.c
-index a71effc..ad744d4 100644
---- a/g10/keylist.c
-+++ b/g10/keylist.c
-@@ -909,7 +909,7 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
- /* Print the "pub" line and in KF_NONE mode the fingerprint. */
- print_key_line (es_stdout, pk, secret);
-
-- if (fpr && opt.keyid_format != KF_NONE)
-+ if (fpr)
- print_fingerprint (NULL, pk, 0);
-
- if (opt.with_keygrip && hexgrip)
diff --git a/debian/patches/0031-dirmngr-Open-file-CRL-s-in-binary-mode.patch b/debian/patches/0031-dirmngr-Open-file-CRL-s-in-binary-mode.patch
deleted file mode 100644
index 13965cf..0000000
--- a/debian/patches/0031-dirmngr-Open-file-CRL-s-in-binary-mode.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From: Andre Heinecke <aheinecke at intevation.de>
-Date: Thu, 25 Aug 2016 18:15:52 +0200
-Subject: dirmngr: Open file CRL's in binary mode
-
-* dirmngr/crlcache.c (crl_cache_load): Open file in binary mode.
-
---
-This fixes conversion bugs with binary CRL's on Windows.
-
-GnuPG-bug-id: issue2448
-Signed-off-by: Andre Heinecke <aheinecke at intevation.de>
----
- dirmngr/crlcache.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/dirmngr/crlcache.c b/dirmngr/crlcache.c
-index 388754b..94d5f5f 100644
---- a/dirmngr/crlcache.c
-+++ b/dirmngr/crlcache.c
-@@ -2408,7 +2408,7 @@ crl_cache_load (ctrl_t ctrl, const char *filename)
- estream_t fp;
- ksba_reader_t reader;
-
-- fp = es_fopen (filename, "r");
-+ fp = es_fopen (filename, "rb");
- if (!fp)
- {
- err = gpg_error_from_errno (errno);
diff --git a/debian/patches/0032-dirmngr-Fix-type.patch b/debian/patches/0032-dirmngr-Fix-type.patch
deleted file mode 100644
index 3f08bf5..0000000
--- a/debian/patches/0032-dirmngr-Fix-type.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Tue, 20 Sep 2016 10:19:44 +0200
-Subject: dirmngr: Fix type.
-
-* dirmngr/dns-stuff.c (get_dns_cert): Fix type in fallback code.
-
-Signed-off-by: Justus Winter <justus at g10code.com>
----
- dirmngr/dns-stuff.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
-index 191719e..ac295b0 100644
---- a/dirmngr/dns-stuff.c
-+++ b/dirmngr/dns-stuff.c
-@@ -990,7 +990,7 @@ get_dns_cert (const char *name, int want_certtype,
- if (r_key)
- *r_key = NULL;
- if (r_keylen)
-- *r_keylen = NULL;
-+ *r_keylen = 0;
- *r_fpr = NULL;
- *r_fprlen = 0;
- *r_url = NULL;
diff --git a/debian/patches/0033-g10-When-adding-a-user-id-make-sure-the-keyblock-has.patch b/debian/patches/0033-g10-When-adding-a-user-id-make-sure-the-keyblock-has.patch
deleted file mode 100644
index ddd075d..0000000
--- a/debian/patches/0033-g10-When-adding-a-user-id-make-sure-the-keyblock-has.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From: "Neal H. Walfield" <neal at g10code.com>
-Date: Thu, 22 Sep 2016 21:32:31 +0200
-Subject: g10: When adding a user id, make sure the keyblock has been prepared.
-
-* g10/keyedit.c (keyedit_quick_adduid): Call merge_keys_and_selfsig on
-KEYBLOCK before adding the user id.
-
---
-Signed-off-by: Neal H. Walfield <neal at g10code.com>
-GnuPG-bug-id: 2697
-
-this is cherry-picked from upstream commit
-df5353b95eefc13135e7df50a7c197f270d6080d, but without the addition to
-the test suite.
----
- g10/keyedit.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/g10/keyedit.c b/g10/keyedit.c
-index 26b25aa..39c3572 100644
---- a/g10/keyedit.c
-+++ b/g10/keyedit.c
-@@ -2932,6 +2932,8 @@ keyedit_quick_adduid (ctrl_t ctrl, const char *username, const char *newuid)
-
- fix_keyblock (&keyblock);
-
-+ merge_keys_and_selfsig (keyblock);
-+
- if (menu_adduid (ctrl, keyblock, 0, NULL, uidstring))
- {
- err = keydb_update_keyblock (kdbhd, keyblock);
diff --git a/debian/patches/0034-agent-Allow-only-specific-digest-size-for-ECDSA.patch b/debian/patches/0034-agent-Allow-only-specific-digest-size-for-ECDSA.patch
deleted file mode 100644
index b2416bf..0000000
--- a/debian/patches/0034-agent-Allow-only-specific-digest-size-for-ECDSA.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Tue, 27 Sep 2016 14:01:18 +0900
-Subject: agent: Allow only specific digest size for ECDSA.
-
-* agent/pksign.c (do_encode_dsa): Fix validation of digest size.
-
---
-
-Thanks to Steven Noonan <steven at uplinklabs.net> who offers patches
-and a test case.
-
-GnuPG-bug-id: 2702
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- agent/pksign.c | 22 +++++++++-------------
- 1 file changed, 9 insertions(+), 13 deletions(-)
-
-diff --git a/agent/pksign.c b/agent/pksign.c
-index 9011be2..17f2704 100644
---- a/agent/pksign.c
-+++ b/agent/pksign.c
-@@ -189,25 +189,21 @@ do_encode_dsa (const byte *md, size_t mdlen, int pkalgo, gcry_sexp_t pkey,
- return gpg_error (GPG_ERR_INV_LENGTH);
- }
-
-+ /* ECDSA 521 is special has it is larger than the largest hash
-+ we have (SHA-512). Thus we chnage the size for further
-+ processing to 512. */
-+ if (pkalgo == GCRY_PK_ECDSA && qbits > 512)
-+ qbits = 512;
-+
- /* Check if we're too short. Too long is safe as we'll
-- * automatically left-truncate.
-- *
-- * This check would require the use of SHA512 with ECDSA 512. I
-- * think this is overkill to fail in this case. Therefore, relax
-- * the check, but only for ECDSA keys. We may need to adjust it
-- * later for general case. (Note that the check is really a bug for
-- * ECDSA 521 as the only hash that matches it is SHA 512, but 512 <
-- * 521 ).
-- */
-- if (mdlen < ((pkalgo==GCRY_PK_ECDSA && qbits > 521) ? 512 : qbits)/8)
-+ automatically left-truncate. */
-+ if (mdlen < qbits/8)
- {
- log_error (_("a %zu bit hash is not valid for a %u bit %s key\n"),
- mdlen*8,
- gcry_pk_get_nbits (pkey),
- gcry_pk_algo_name (pkalgo));
-- /* FIXME: we need to check the requirements for ECDSA. */
-- if (mdlen < 20 || pkalgo == GCRY_PK_DSA)
-- return gpg_error (GPG_ERR_INV_LENGTH);
-+ return gpg_error (GPG_ERR_INV_LENGTH);
- }
-
- /* Truncate. */
diff --git a/debian/patches/0035-dirmngr-Removal-of-no-libgcrypt.o.patch b/debian/patches/0035-dirmngr-Removal-of-no-libgcrypt.o.patch
deleted file mode 100644
index a584ab5..0000000
--- a/debian/patches/0035-dirmngr-Removal-of-no-libgcrypt.o.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Tue, 27 Sep 2016 14:21:08 +0900
-Subject: dirmngr: Removal of no-libgcrypt.o.
-
-* dirmngr/Makefile.am (dirmngr_ldap_LDADD): Remove no-libgcrypt.o.
-
---
-
-Thanks to Rainer Perske who located the issue.
-
-GnuPG-bug-id: 2698
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
-
-This is a fix for the commit: 49829c29e541546084950b8a153067db371d101a
----
- dirmngr/Makefile.am | 9 +--------
- 1 file changed, 1 insertion(+), 8 deletions(-)
-
-diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am
-index 6b0a1e1..6c85886 100644
---- a/dirmngr/Makefile.am
-+++ b/dirmngr/Makefile.am
-@@ -40,10 +40,6 @@ AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS) \
- $(LIBGNUTLS_CFLAGS)
-
-
--BUILT_SOURCES = no-libgcrypt.c
--
--CLEANFILES = no-libgcrypt.c
--
- if HAVE_W32_SYSTEM
- ldap_url = ldap-url.h ldap-url.c
- else
-@@ -93,7 +89,7 @@ if USE_LDAPWRAPPER
- dirmngr_ldap_SOURCES = dirmngr_ldap.c $(ldap_url)
- dirmngr_ldap_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS)
- dirmngr_ldap_LDFLAGS =
--dirmngr_ldap_LDADD = $(libcommon) no-libgcrypt.o \
-+dirmngr_ldap_LDADD = $(libcommon) \
- $(GPG_ERROR_LIBS) $(LIBGCRYPT_LIBS) $(LDAPLIBS) \
- $(LBER_LIBS) $(LIBINTL) $(LIBICONV)
- endif
-@@ -104,9 +100,6 @@ dirmngr_client_LDADD = $(libcommon) \
- $(LIBGCRYPT_LIBS) $(NETLIBS) $(LIBINTL) $(LIBICONV)
- dirmngr_client_LDFLAGS = $(extra_bin_ldflags)
-
--no-libgcrypt.c : $(top_srcdir)/tools/no-libgcrypt.c
-- cat $(top_srcdir)/tools/no-libgcrypt.c > no-libgcrypt.c
--
-
- t_common_src = t-support.h
- t_common_ldadd = $(libcommon) $(LIBASSUAN_LIBS) $(LIBGCRYPT_LIBS) \
diff --git a/debian/patches/0036-agent-sm-Set-CTX-after-start_agent.patch b/debian/patches/0036-agent-sm-Set-CTX-after-start_agent.patch
deleted file mode 100644
index 93423a8..0000000
--- a/debian/patches/0036-agent-sm-Set-CTX-after-start_agent.patch
+++ /dev/null
@@ -1,220 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Tue, 27 Sep 2016 14:45:21 +0900
-Subject: agent, sm: Set CTX after start_agent.
-
-* g10/call-agent.c (agent_keytocard): Assign parm.ctx after start_agent.
-* sm/call-agent.c (gpgsm_agent_pksign, gpgsm_scd_pksign)
-(gpgsm_agent_readkey, gpgsm_agent_scd_serialno)
-(gpgsm_agent_scd_keypairinfo, gpgsm_agent_marktrusted)
-(gpgsm_agent_passwd, gpgsm_agent_get_confirmation)
-(gpgsm_agent_ask_passphrase, gpgsm_agent_keywrap_key)
-(gpgsm_agent_export_key): Likewise.
-
---
-
-Reported-by: Rainer Perske
-GnuPG-bug-id: 2699
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- g10/call-agent.c | 2 +-
- sm/call-agent.c | 41 ++++++++++++++++++++++++++++++-----------
- 2 files changed, 31 insertions(+), 12 deletions(-)
-
-diff --git a/g10/call-agent.c b/g10/call-agent.c
-index a023654..93c9b56 100644
---- a/g10/call-agent.c
-+++ b/g10/call-agent.c
-@@ -829,7 +829,6 @@ agent_keytocard (const char *hexgrip, int keyno, int force,
- struct default_inq_parm_s parm;
-
- memset (&parm, 0, sizeof parm);
-- parm.ctx = agent_ctx;
-
- snprintf (line, DIM(line)-1, "KEYTOCARD %s%s %s OPENPGP.%d %s",
- force?"--force ": "", hexgrip, serialno, keyno, timestamp);
-@@ -838,6 +837,7 @@ agent_keytocard (const char *hexgrip, int keyno, int force,
- rc = start_agent (NULL, 1);
- if (rc)
- return rc;
-+ parm.ctx = agent_ctx;
-
- rc = assuan_transact (agent_ctx, line, NULL, NULL, default_inq_cb, &parm,
- NULL, NULL);
-diff --git a/sm/call-agent.c b/sm/call-agent.c
-index c7facbb..3262650 100644
---- a/sm/call-agent.c
-+++ b/sm/call-agent.c
-@@ -228,12 +228,13 @@ gpgsm_agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc,
- char *p, line[ASSUAN_LINELENGTH];
- membuf_t data;
- size_t len;
-- struct default_inq_parm_s inq_parm = { ctrl, agent_ctx };
-+ struct default_inq_parm_s inq_parm;
-
- *r_buf = NULL;
- rc = start_agent (ctrl);
- if (rc)
- return rc;
-+ inq_parm.ctx = agent_ctx;
-
- if (digestlen*2 + 50 > DIM(line))
- return gpg_error (GPG_ERR_GENERAL);
-@@ -301,7 +302,7 @@ gpgsm_scd_pksign (ctrl_t ctrl, const char *keyid, const char *desc,
- const char *hashopt;
- unsigned char *sigbuf;
- size_t sigbuflen;
-- struct default_inq_parm_s inq_parm = { ctrl, agent_ctx };
-+ struct default_inq_parm_s inq_parm;
-
- (void)desc;
-
-@@ -320,6 +321,7 @@ gpgsm_scd_pksign (ctrl_t ctrl, const char *keyid, const char *desc,
- rc = start_agent (ctrl);
- if (rc)
- return rc;
-+ inq_parm.ctx = agent_ctx;
-
- if (digestlen*2 + 50 > DIM(line))
- return gpg_error (GPG_ERR_GENERAL);
-@@ -580,12 +582,13 @@ gpgsm_agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip,
- size_t len;
- unsigned char *buf;
- char line[ASSUAN_LINELENGTH];
-- struct default_inq_parm_s inq_parm = { ctrl, agent_ctx };
-+ struct default_inq_parm_s inq_parm;
-
- *r_pubkey = NULL;
- rc = start_agent (ctrl);
- if (rc)
- return rc;
-+ inq_parm.ctx = agent_ctx;
-
- rc = assuan_transact (agent_ctx, "RESET",NULL, NULL, NULL, NULL, NULL, NULL);
- if (rc)
-@@ -668,12 +671,14 @@ gpgsm_agent_scd_serialno (ctrl_t ctrl, char **r_serialno)
- {
- int rc;
- char *serialno = NULL;
-- struct default_inq_parm_s inq_parm = { ctrl, agent_ctx };
-+ struct default_inq_parm_s inq_parm;
-
- *r_serialno = NULL;
- rc = start_agent (ctrl);
- if (rc)
- return rc;
-+ inq_parm.ctrl = ctrl;
-+ inq_parm.ctx = agent_ctx;
-
- rc = assuan_transact (agent_ctx, "SCD SERIALNO",
- NULL, NULL,
-@@ -738,12 +743,14 @@ gpgsm_agent_scd_keypairinfo (ctrl_t ctrl, strlist_t *r_list)
- {
- int rc;
- strlist_t list = NULL;
-- struct default_inq_parm_s inq_parm = { ctrl, agent_ctx };
-+ struct default_inq_parm_s inq_parm;
-
- *r_list = NULL;
- rc = start_agent (ctrl);
- if (rc)
- return rc;
-+ inq_parm.ctrl = ctrl;
-+ inq_parm.ctx = agent_ctx;
-
- rc = assuan_transact (agent_ctx, "SCD LEARN --force",
- NULL, NULL,
-@@ -836,11 +843,13 @@ gpgsm_agent_marktrusted (ctrl_t ctrl, ksba_cert_t cert)
- int rc;
- char *fpr, *dn, *dnfmt;
- char line[ASSUAN_LINELENGTH];
-- struct default_inq_parm_s inq_parm = { ctrl, agent_ctx };
-+ struct default_inq_parm_s inq_parm;
-
- rc = start_agent (ctrl);
- if (rc)
- return rc;
-+ inq_parm.ctrl = ctrl;
-+ inq_parm.ctx = agent_ctx;
-
- fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
- if (!fpr)
-@@ -1023,11 +1032,13 @@ gpgsm_agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc)
- {
- int rc;
- char line[ASSUAN_LINELENGTH];
-- struct default_inq_parm_s inq_parm = { ctrl, agent_ctx };
-+ struct default_inq_parm_s inq_parm;
-
- rc = start_agent (ctrl);
- if (rc)
- return rc;
-+ inq_parm.ctrl = ctrl;
-+ inq_parm.ctx = agent_ctx;
-
- if (!hexkeygrip || strlen (hexkeygrip) != 40)
- return gpg_error (GPG_ERR_INV_VALUE);
-@@ -1059,11 +1070,13 @@ gpgsm_agent_get_confirmation (ctrl_t ctrl, const char *desc)
- {
- int rc;
- char line[ASSUAN_LINELENGTH];
-- struct default_inq_parm_s inq_parm = { ctrl, agent_ctx };
-+ struct default_inq_parm_s inq_parm;
-
- rc = start_agent (ctrl);
- if (rc)
- return rc;
-+ inq_parm.ctrl = ctrl;
-+ inq_parm.ctx = agent_ctx;
-
- snprintf (line, DIM(line)-1, "GET_CONFIRMATION %s", desc);
- line[DIM(line)-1] = 0;
-@@ -1170,13 +1183,15 @@ gpgsm_agent_ask_passphrase (ctrl_t ctrl, const char *desc_msg, int repeat,
- char line[ASSUAN_LINELENGTH];
- char *arg4 = NULL;
- membuf_t data;
-- struct default_inq_parm_s inq_parm = { ctrl, agent_ctx };
-+ struct default_inq_parm_s inq_parm;
-
- *r_passphrase = NULL;
-
- err = start_agent (ctrl);
- if (err)
- return err;
-+ inq_parm.ctrl = ctrl;
-+ inq_parm.ctx = agent_ctx;
-
- if (desc_msg && *desc_msg && !(arg4 = percent_plus_escape (desc_msg)))
- return gpg_error_from_syserror ();
-@@ -1217,12 +1232,14 @@ gpgsm_agent_keywrap_key (ctrl_t ctrl, int forexport,
- size_t len;
- unsigned char *buf;
- char line[ASSUAN_LINELENGTH];
-- struct default_inq_parm_s inq_parm = { ctrl, agent_ctx };
-+ struct default_inq_parm_s inq_parm;
-
- *r_kek = NULL;
- err = start_agent (ctrl);
- if (err)
- return err;
-+ inq_parm.ctrl = ctrl;
-+ inq_parm.ctx = agent_ctx;
-
- snprintf (line, DIM(line)-1, "KEYWRAP_KEY %s",
- forexport? "--export":"--import");
-@@ -1306,13 +1323,15 @@ gpgsm_agent_export_key (ctrl_t ctrl, const char *keygrip, const char *desc,
- size_t len;
- unsigned char *buf;
- char line[ASSUAN_LINELENGTH];
-- struct default_inq_parm_s inq_parm = { ctrl, agent_ctx };
-+ struct default_inq_parm_s inq_parm;
-
- *r_result = NULL;
-
- err = start_agent (ctrl);
- if (err)
- return err;
-+ inq_parm.ctrl = ctrl;
-+ inq_parm.ctx = agent_ctx;
-
- if (desc)
- {
diff --git a/debian/patches/0037-common-Correctly-handle-modules-relying-on-npth.patch b/debian/patches/0037-common-Correctly-handle-modules-relying-on-npth.patch
deleted file mode 100644
index 05f6977..0000000
--- a/debian/patches/0037-common-Correctly-handle-modules-relying-on-npth.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Tue, 27 Sep 2016 15:54:56 +0200
-Subject: common: Correctly handle modules relying on npth.
-
-* common/Makefile.am (common_sources): Drop 'call-gpg.{c,h}'.
-(with_npth_sources): New variable.
-(libcommonpth_a_SOURCES): Use the new variable.
-
-Signed-off-by: Justus Winter <justus at g10code.com>
----
- common/Makefile.am | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/common/Makefile.am b/common/Makefile.am
-index 422fcf6..9f151f2 100644
---- a/common/Makefile.am
-+++ b/common/Makefile.am
-@@ -88,7 +88,6 @@ common_sources = \
- helpfile.c \
- mkdir_p.c mkdir_p.h \
- strlist.c strlist.h \
-- call-gpg.c call-gpg.h \
- exectool.c exectool.h \
- server-help.c server-help.h \
- name-value.c name-value.h \
-@@ -114,11 +113,14 @@ endif
- without_npth_sources = \
- get-passphrase.c get-passphrase.h
-
-+# Sources only useful with NPTH.
-+with_npth_sources = \
-+ call-gpg.c call-gpg.h
-
- libcommon_a_SOURCES = $(common_sources) $(without_npth_sources)
- libcommon_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) -DWITHOUT_NPTH=1
-
--libcommonpth_a_SOURCES = $(common_sources)
-+libcommonpth_a_SOURCES = $(common_sources) $(with_npth_sources)
- libcommonpth_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS)
-
- if !HAVE_W32CE_SYSTEM
diff --git a/debian/patches/0038-build-Do-not-link-gpg-connect-agent-against-npth.patch b/debian/patches/0038-build-Do-not-link-gpg-connect-agent-against-npth.patch
deleted file mode 100644
index 90ac0c5..0000000
--- a/debian/patches/0038-build-Do-not-link-gpg-connect-agent-against-npth.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Tue, 27 Sep 2016 17:45:52 +0200
-Subject: build: Do not link gpg-connect-agent against npth.
-
-* tools/Makefile.am: Do not link gpg-connect-agent against npth.
-
-Signed-off-by: Justus Winter <justus at g10code.com>
----
- tools/Makefile.am | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/tools/Makefile.am b/tools/Makefile.am
-index 12e5815..c9ff2b4 100644
---- a/tools/Makefile.am
-+++ b/tools/Makefile.am
-@@ -119,10 +119,9 @@ watchgnupg_SOURCES = watchgnupg.c
- watchgnupg_LDADD = $(NETLIBS)
-
- gpg_connect_agent_SOURCES = gpg-connect-agent.c
--# FIXME: remove NPTH_LIBS (why do we need them at all?)
- gpg_connect_agent_LDADD = ../common/libgpgrl.a $(common_libs) \
- $(LIBASSUAN_LIBS) $(LIBGCRYPT_LIBS) \
-- $(NPTH_LIBS) $(GPG_ERROR_LIBS) \
-+ $(GPG_ERROR_LIBS) \
- $(LIBREADLINE) $(LIBINTL) $(NETLIBS) $(LIBICONV) \
- $(resource_objs)
-
diff --git a/debian/patches/0039-gpg-Make-sure-that-internal-key-import-is-done-with-.patch b/debian/patches/0039-gpg-Make-sure-that-internal-key-import-is-done-with-.patch
deleted file mode 100644
index e537a22..0000000
--- a/debian/patches/0039-gpg-Make-sure-that-internal-key-import-is-done-with-.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Wed, 28 Sep 2016 13:36:28 +0200
-Subject: gpg: Make sure that internal key import is done with a binary stream.
-
-* g10/import.c (import_keys_internal): Open stream in binary mode.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- g10/import.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/g10/import.c b/g10/import.c
-index f7cb923..f16c063 100644
---- a/g10/import.c
-+++ b/g10/import.c
-@@ -465,7 +465,7 @@ import_keys_es_stream (ctrl_t ctrl, estream_t fp,
- int rc;
- iobuf_t inp;
-
-- inp = iobuf_esopen (fp, "r", 1);
-+ inp = iobuf_esopen (fp, "rb", 1);
- if (!inp)
- {
- rc = gpg_error_from_syserror ();
diff --git a/debian/patches/0040-gpg-Make-import-filter-data-object-more-flexible.patch b/debian/patches/0040-gpg-Make-import-filter-data-object-more-flexible.patch
deleted file mode 100644
index 653b1e6..0000000
--- a/debian/patches/0040-gpg-Make-import-filter-data-object-more-flexible.patch
+++ /dev/null
@@ -1,163 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Wed, 28 Sep 2016 13:39:09 +0200
-Subject: gpg: Make import filter data object more flexible.
-
-* g10/main.h (import_filter_t): New.
-* g10/import.c (struct import_filter_s): Declare struct.
-(import_keep_uid, import_drop_sig): Replace by ...
-(import_filter): new. Adjust all users.
-(cleanup_import_globals): Move code to ...
-(release_import_filter): new.
-(save_and_clear_import_filter): New.
-(restore_import_filter): New.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- g10/import.c | 72 +++++++++++++++++++++++++++++++++++++++++++++++-------------
- g10/main.h | 6 +++++
- 2 files changed, 63 insertions(+), 15 deletions(-)
-
-diff --git a/g10/import.c b/g10/import.c
-index f16c063..8ad1bd9 100644
---- a/g10/import.c
-+++ b/g10/import.c
-@@ -76,16 +76,22 @@ struct import_stats_s
- #define NODE_FLAG_A 8
-
-
--/* Global variables to store selector created from
-+/* A an object and a global instance to store selectors created from
- * --import-filter keep-uid=EXPR.
- * --import-filter drop-sig=EXPR.
- *
- * FIXME: We should put this into the CTRL object but that requires a
-- * lot more changes right now.
-+ * lot more changes right now. For now we use save and restore
-+ * fucntion to temporary change them.
- */
--static recsel_expr_t import_keep_uid;
--static recsel_expr_t import_drop_sig;
--
-+/* Definition of the import filters. */
-+struct import_filter_s
-+{
-+ recsel_expr_t keep_uid;
-+ recsel_expr_t drop_sig;
-+};
-+/* The current instance. */
-+struct import_filter_s import_filter;
-
-
- static int import (ctrl_t ctrl,
-@@ -120,12 +126,18 @@ static int merge_keysigs (kbnode_t dst, kbnode_t src, int *n_sigs);
-
-
- static void
-+release_import_filter (import_filter_t filt)
-+{
-+ recsel_release (filt->keep_uid);
-+ filt->keep_uid = NULL;
-+ recsel_release (filt->drop_sig);
-+ filt->drop_sig = NULL;
-+}
-+
-+static void
- cleanup_import_globals (void)
- {
-- recsel_release (import_keep_uid);
-- import_keep_uid = NULL;
-- recsel_release (import_drop_sig);
-- import_drop_sig = NULL;
-+ release_import_filter (&import_filter);
- }
-
-
-@@ -201,9 +213,9 @@ parse_and_set_import_filter (const char *string)
- register_mem_cleanup_func (cleanup_import_globals);
-
- if (!strncmp (string, "keep-uid=", 9))
-- err = recsel_parse_expr (&import_keep_uid, string+9);
-+ err = recsel_parse_expr (&import_filter.keep_uid, string+9);
- else if (!strncmp (string, "drop-sig=", 9))
-- err = recsel_parse_expr (&import_drop_sig, string+9);
-+ err = recsel_parse_expr (&import_filter.drop_sig, string+9);
- else
- err = gpg_error (GPG_ERR_INV_NAME);
-
-@@ -211,6 +223,36 @@ parse_and_set_import_filter (const char *string)
- }
-
-
-+/* Save the current import filters, return them, and clear the current
-+ * filters. Returns NULL on error and sets ERRNO. */
-+import_filter_t
-+save_and_clear_import_filter (void)
-+{
-+ import_filter_t filt;
-+
-+ filt = xtrycalloc (1, sizeof *filt);
-+ if (!filt)
-+ return NULL;
-+ *filt = import_filter;
-+ memset (&import_filter, 0, sizeof import_filter);
-+
-+ return filt;
-+}
-+
-+
-+/* Release the current import filters and restore them from NEWFILT.
-+ * Ownership of NEWFILT is moved to this function. */
-+void
-+restore_import_filter (import_filter_t filt)
-+{
-+ if (filt)
-+ {
-+ release_import_filter (&import_filter);
-+ import_filter = *filt;
-+ xfree (filt);
-+ }
-+}
-+
-
- import_stats_t
- import_new_stats_handle (void)
-@@ -1380,14 +1422,14 @@ import_one (ctrl_t ctrl,
- commit_kbnode (&keyblock);
-
- /* Apply import filter. */
-- if (import_keep_uid)
-+ if (import_filter.keep_uid)
- {
-- apply_keep_uid_filter (keyblock, import_keep_uid);
-+ apply_keep_uid_filter (keyblock, import_filter.keep_uid);
- commit_kbnode (&keyblock);
- }
-- if (import_drop_sig)
-+ if (import_filter.drop_sig)
- {
-- apply_drop_sig_filter (keyblock, import_drop_sig);
-+ apply_drop_sig_filter (keyblock, import_filter.drop_sig);
- commit_kbnode (&keyblock);
- }
-
-diff --git a/g10/main.h b/g10/main.h
-index 0956f66..c7ded7c 100644
---- a/g10/main.h
-+++ b/g10/main.h
-@@ -346,10 +346,16 @@ gcry_mpi_t encode_md_value (PKT_public_key *pk,
- /*-- import.c --*/
- struct import_stats_s;
- typedef struct import_stats_s *import_stats_t;
-+struct import_filter_s;
-+typedef struct import_filter_s *import_filter_t;
- typedef gpg_error_t (*import_screener_t)(kbnode_t keyblock, void *arg);
-
- int parse_import_options(char *str,unsigned int *options,int noisy);
-+
- gpg_error_t parse_and_set_import_filter (const char *string);
-+import_filter_t save_and_clear_import_filter (void);
-+void restore_import_filter (import_filter_t filt);
-+
- gpg_error_t read_key_from_file (ctrl_t ctrl, const char *fname,
- kbnode_t *r_keyblock);
- void import_keys (ctrl_t ctrl, char **fnames, int nnames,
diff --git a/debian/patches/0041-gpg-Reject-import-if-an-import-filter-removed-all-us.patch b/debian/patches/0041-gpg-Reject-import-if-an-import-filter-removed-all-us.patch
deleted file mode 100644
index 159f754..0000000
--- a/debian/patches/0041-gpg-Reject-import-if-an-import-filter-removed-all-us.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Wed, 28 Sep 2016 15:32:04 +0200
-Subject: gpg: Reject import if an import filter removed all user ids.
-
-* g10/import.c (any_uid_left): New.
-(import_one): Check that a UID is left.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- g10/import.c | 27 +++++++++++++++++++++++++++
- 1 file changed, 27 insertions(+)
-
-diff --git a/g10/import.c b/g10/import.c
-index 8ad1bd9..2e8c941 100644
---- a/g10/import.c
-+++ b/g10/import.c
-@@ -115,6 +115,7 @@ static int import_revoke_cert (kbnode_t node, struct import_stats_s *stats);
- static int chk_self_sigs (kbnode_t keyblock, u32 *keyid, int *non_self);
- static int delete_inv_parts (kbnode_t keyblock,
- u32 *keyid, unsigned int options);
-+static int any_uid_left (kbnode_t keyblock);
- static int merge_blocks (kbnode_t keyblock_orig,
- kbnode_t keyblock, u32 *keyid,
- int *n_uids, int *n_sigs, int *n_subk );
-@@ -1315,6 +1316,7 @@ import_one (ctrl_t ctrl,
- size_t an;
- char pkstrbuf[PUBKEY_STRING_SIZE];
- int merge_keys_done = 0;
-+ int any_filter = 0;
-
- /* Get the key and print some info about it. */
- node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
-@@ -1426,13 +1428,25 @@ import_one (ctrl_t ctrl,
- {
- apply_keep_uid_filter (keyblock, import_filter.keep_uid);
- commit_kbnode (&keyblock);
-+ any_filter = 1;
- }
- if (import_filter.drop_sig)
- {
- apply_drop_sig_filter (keyblock, import_filter.drop_sig);
- commit_kbnode (&keyblock);
-+ any_filter = 1;
- }
-
-+ /* If we ran any filter we need to check that at least one user id
-+ * is left in the keyring. Note that we do not use log_error in
-+ * this case. */
-+ if (any_filter && !any_uid_left (keyblock))
-+ {
-+ if (!opt.quiet )
-+ log_info ( _("key %s: no valid user IDs\n"), keystr_from_pk (pk));
-+ stats->no_user_id++;
-+ return 0;
-+ }
-
- /* Show the key in the form it is merged or inserted. We skip this
- * if "import-export" is also active without --armor or the output
-@@ -2714,6 +2728,19 @@ delete_inv_parts (kbnode_t keyblock, u32 *keyid, unsigned int options)
- return nvalid;
- }
-
-+/* This function returns true if any UID is left in the keyring. */
-+static int
-+any_uid_left (kbnode_t keyblock)
-+{
-+ kbnode_t node;
-+
-+ for (node=keyblock->next; node; node = node->next)
-+ if (node->pkt->pkttype == PKT_USER_ID)
-+ return 1;
-+ return 0;
-+}
-+
-+
-
- /****************
- * It may happen that the imported keyblock has duplicated user IDs.
diff --git a/debian/patches/0042-dirmngr-Fix-STARTTLS-on-LDAP-connections.patch b/debian/patches/0042-dirmngr-Fix-STARTTLS-on-LDAP-connections.patch
deleted file mode 100644
index 3a4970a..0000000
--- a/debian/patches/0042-dirmngr-Fix-STARTTLS-on-LDAP-connections.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Thu, 29 Sep 2016 14:17:24 +0200
-Subject: dirmngr: Fix STARTTLS on LDAP connections.
-
-* dirmngr/ks-engine-ldap.c (my_ldap_connect): Fix unfortunate typo.
---
-Courtesy of pkgsrc contributor fhajny.
-
-Signed-off-by: Justus Winter <justus at g10code.com>
----
- dirmngr/ks-engine-ldap.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c
-index ad2110e..9b9efc7 100644
---- a/dirmngr/ks-engine-ldap.c
-+++ b/dirmngr/ks-engine-ldap.c
-@@ -513,7 +513,7 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
- #endif /* LDAP_OPT_X_TLS_CACERTFILE && HAVE_LDAP_SET_OPTION */
- #endif
-
--#ifndef HAVE_LDAP_START_TLS_S
-+#ifdef HAVE_LDAP_START_TLS_S
- if (uri->use_tls)
- {
- /* XXX: We need an option to determine whether to abort if the
diff --git a/debian/patches/0043-tools-Give-mime-parser-callbacks-access-to-the-rfc82.patch b/debian/patches/0043-tools-Give-mime-parser-callbacks-access-to-the-rfc82.patch
deleted file mode 100644
index 51b787a..0000000
--- a/debian/patches/0043-tools-Give-mime-parser-callbacks-access-to-the-rfc82.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Thu, 29 Sep 2016 08:11:32 +0200
-Subject: tools: Give mime parser callbacks access to the rfc822 parser.
-
-* tools/mime-parser.c (mime_parser_context_s): Add field MSG.
-(parse_message_cb): Set it.
-(mime_parser_rfc822parser): New.
-* tools/mime-parser.h: Declare rfc822parse_t for the new prototype.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- tools/mime-parser.c | 17 +++++++++++++++++
- tools/mime-parser.h | 7 +++++++
- 2 files changed, 24 insertions(+)
-
-diff --git a/tools/mime-parser.c b/tools/mime-parser.c
-index 5f3659e..87f11d0 100644
---- a/tools/mime-parser.c
-+++ b/tools/mime-parser.c
-@@ -64,6 +64,9 @@ struct mime_parser_context_s
- /* The callback to collect a signature. */
- gpg_error_t (*collect_signature) (void *cookie, const char *data);
-
-+ /* The RFC822 parser context is stored here during callbacks. */
-+ rfc822parse_t msg;
-+
- /* Helper to convey error codes from user callbacks. */
- gpg_error_t err;
-
-@@ -189,6 +192,9 @@ parse_message_cb (void *opaque, rfc822parse_event_t event, rfc822parse_t msg)
- const char *s;
- int rc = 0;
-
-+ /* Make the RFC822 parser context availabale for callbacks. */
-+ ctx->msg = msg;
-+
- if (ctx->debug)
- show_message_parser_event (event);
-
-@@ -475,6 +481,8 @@ parse_message_cb (void *opaque, rfc822parse_event_t event, rfc822parse_t msg)
- }
- }
-
-+ ctx->msg = NULL;
-+
- return rc;
- }
-
-@@ -599,6 +607,15 @@ mime_parser_set_collect_signature (mime_parser_t ctx,
- }
-
-
-+/* Return the RFC888 parser context. This is only available inside a
-+ * callback. */
-+rfc822parse_t
-+mime_parser_rfc822parser (mime_parser_t ctx)
-+{
-+ return ctx->msg;
-+}
-+
-+
- /* Read and parse a message from FP and call the appropriate
- * callbacks. */
- gpg_error_t
-diff --git a/tools/mime-parser.h b/tools/mime-parser.h
-index ab0d792..b217a2c 100644
---- a/tools/mime-parser.h
-+++ b/tools/mime-parser.h
-@@ -48,5 +48,12 @@ void mime_parser_set_collect_signature (mime_parser_t ctx,
- gpg_error_t mime_parser_parse (mime_parser_t ctx, estream_t fp);
-
-
-+/* Duplicated declaration of the RFC822 parser context. */
-+struct rfc822parse_context;
-+typedef struct rfc822parse_context *rfc822parse_t;
-+
-+rfc822parse_t mime_parser_rfc822parser (mime_parser_t ctx);
-+
-+
-
- #endif /*GNUPG_MIME_PARSER_H*/
diff --git a/debian/patches/0044-agent-Enable-restricted-browser-and-ssh-socket-by-de.patch b/debian/patches/0044-agent-Enable-restricted-browser-and-ssh-socket-by-de.patch
deleted file mode 100644
index 628db05..0000000
--- a/debian/patches/0044-agent-Enable-restricted-browser-and-ssh-socket-by-de.patch
+++ /dev/null
@@ -1,114 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Thu, 15 Sep 2016 14:47:00 +0200
-Subject: agent: Enable restricted, browser, and ssh socket by default.
-
-* agent/gpg-agent.c (main): Provide defaults for 'extra-socket' and
-'browser-socket', enable ssh socket by default, but do not emit the
-'SSH_AUTH_SOCK' variable unless it has been explicitly requested.
-* configure.ac (GPG_AGENT_{EXTRA,BROWSER}_SOCK_NAME): New definitions.
-* doc/gpg-agent.texi: Update documentation.
---
-
-This change enables the restricted, browser, and ssh socket by
-default. Note that in all cases, the user has to do some additional
-configuration to her setup to make use of these features. Therefore,
-this should not break any existing setups, but makes it simpler to
-discover and use these features.
-
-Signed-off-by: Justus Winter <justus at g10code.com>
----
- agent/gpg-agent.c | 26 +++++++++++++++++---------
- configure.ac | 4 ++++
- doc/gpg-agent.texi | 6 +++++-
- 3 files changed, 26 insertions(+), 10 deletions(-)
-
-diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
-index 07e75c0..4aeb241 100644
---- a/agent/gpg-agent.c
-+++ b/agent/gpg-agent.c
-@@ -1053,6 +1053,18 @@ main (int argc, char **argv )
- agent_exit (0);
- }
-
-+ if (! opt.extra_socket)
-+ {
-+ opt.extra_socket = 1; /* (1 = points into r/o section) */
-+ socket_name_extra = GPG_AGENT_EXTRA_SOCK_NAME;
-+ }
-+
-+ if (! opt.browser_socket)
-+ {
-+ opt.browser_socket = 1; /* (1 = points into r/o section) */
-+ socket_name_browser = GPG_AGENT_BROWSER_SOCK_NAME;
-+ }
-+
- set_debug ();
-
- if (atexit (cleanup))
-@@ -1249,13 +1261,10 @@ main (int argc, char **argv )
- &socket_nonce_browser);
- }
-
-- if (ssh_support)
-- {
-- socket_name_ssh = create_socket_name (GPG_AGENT_SSH_SOCK_NAME, 1);
-- fd_ssh = create_server_socket (socket_name_ssh, 0, 1,
-- &redir_socket_name_ssh,
-- &socket_nonce_ssh);
-- }
-+ socket_name_ssh = create_socket_name (GPG_AGENT_SSH_SOCK_NAME, 1);
-+ fd_ssh = create_server_socket (socket_name_ssh, 0, 1,
-+ &redir_socket_name_ssh,
-+ &socket_nonce_ssh);
-
- /* If we are going to exec a program in the parent, we record
- the PID, so that the child may check whether the program is
-@@ -1321,8 +1330,7 @@ main (int argc, char **argv )
- *socket_name_extra = 0;
- if (opt.browser_socket)
- *socket_name_browser = 0;
-- if (ssh_support)
-- *socket_name_ssh = 0;
-+ *socket_name_ssh = 0;
-
- if (argc)
- { /* Run the program given on the commandline. */
-diff --git a/configure.ac b/configure.ac
-index d452021..acfd8c2 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -1747,6 +1747,10 @@ AC_DEFINE_UNQUOTED(GPGTAR_NAME, "gpgtar", [The name of the gpgtar tool])
-
- AC_DEFINE_UNQUOTED(GPG_AGENT_SOCK_NAME, "S.gpg-agent",
- [The name of the agent socket])
-+AC_DEFINE_UNQUOTED(GPG_AGENT_EXTRA_SOCK_NAME, "S.gpg-agent.rstrd",
-+ [The name of the agent socket for remote access])
-+AC_DEFINE_UNQUOTED(GPG_AGENT_BROWSER_SOCK_NAME, "S.gpg-agent.brwsr",
-+ [The name of the agent socket for browsers])
- AC_DEFINE_UNQUOTED(GPG_AGENT_SSH_SOCK_NAME, "S.gpg-agent.ssh",
- [The name of the agent socket for ssh])
- AC_DEFINE_UNQUOTED(DIRMNGR_INFO_NAME, "DIRMNGR_INFO",
-diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
-index b481dd6..079022d 100644
---- a/doc/gpg-agent.texi
-+++ b/doc/gpg-agent.texi
-@@ -536,6 +536,9 @@ pinentry to pop up at the @code{tty} or display you started the agent.
- @anchor{option --extra-socket}
- @item --extra-socket @var{name}
- @opindex extra-socket
-+The extra socket is always created, you may use this option to change
-+the name of the socket.
-+
- Also listen on native gpg-agent connections on the given socket. The
- intended use for this extra socket is to setup a Unix domain socket
- forwarding from a remote machine to this socket on the local machine.
-@@ -551,7 +554,8 @@ remote machine.
- @opindex enable-ssh-support
- @opindex enable-putty-support
-
--Enable the OpenSSH Agent protocol.
-+The OpenSSH Agent protocol is always enabled, but @command{gpg-agent}
-+will only set the @code{SSH_AUTH_SOCK} variable if this flag is given.
-
- In this mode of operation, the agent does not only implement the
- gpg-agent protocol, but also the agent protocol used by OpenSSH
diff --git a/debian/patches/0045-build-Fix-build-against-libiconv.patch b/debian/patches/0045-build-Fix-build-against-libiconv.patch
deleted file mode 100644
index 7ef1b1e..0000000
--- a/debian/patches/0045-build-Fix-build-against-libiconv.patch
+++ /dev/null
@@ -1,94 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Fri, 30 Sep 2016 12:34:31 +0200
-Subject: build: Fix build against libiconv.
-
-* agent/Makefile.am: Add INCICONV and LIBICONV.
-* common/Makefile.am: Likewise.
-* tools/Makefile.am: Likewise.
-
-Signed-off-by: Justus Winter <justus at g10code.com>
----
- agent/Makefile.am | 6 ++++--
- common/Makefile.am | 2 +-
- tools/Makefile.am | 15 +++++++++------
- 3 files changed, 14 insertions(+), 9 deletions(-)
-
-diff --git a/agent/Makefile.am b/agent/Makefile.am
-index 1970088..ed0ed44 100644
---- a/agent/Makefile.am
-+++ b/agent/Makefile.am
-@@ -64,7 +64,8 @@ pwquery_libs = ../common/libsimple-pwquery.a
- endif
-
-
--gpg_agent_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS)
-+gpg_agent_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS) \
-+ $(INCICONV)
- gpg_agent_LDADD = $(commonpth_libs) \
- $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(NPTH_LIBS) \
- $(GPG_ERROR_LIBS) $(LIBINTL) $(NETLIBS) $(LIBICONV) \
-@@ -76,7 +77,8 @@ gpg_protect_tool_SOURCES = \
- protect-tool.c \
- protect.c cvt-openpgp.c
-
--gpg_protect_tool_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS)
-+gpg_protect_tool_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) \
-+ $(INCICONV)
- gpg_protect_tool_LDADD = $(common_libs) $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) \
- $(GPG_ERROR_LIBS) $(LIBINTL) $(NETLIBS) $(LIBICONV)
-
-diff --git a/common/Makefile.am b/common/Makefile.am
-index 9f151f2..960d1dc 100644
---- a/common/Makefile.am
-+++ b/common/Makefile.am
-@@ -177,7 +177,7 @@ endif
- t_extra_src = t-support.h
-
- t_common_cflags = $(KSBA_CFLAGS) $(LIBGCRYPT_CFLAGS) \
-- $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS)
-+ $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS) $(INCICONV)
- t_common_ldadd = libcommon.a \
- $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \
- $(LIBINTL) $(LIBICONV)
-diff --git a/tools/Makefile.am b/tools/Makefile.am
-index c9ff2b4..54486a3 100644
---- a/tools/Makefile.am
-+++ b/tools/Makefile.am
-@@ -128,9 +128,10 @@ gpg_connect_agent_LDADD = ../common/libgpgrl.a $(common_libs) \
-
- if !DISABLE_REGEX
- gpg_check_pattern_SOURCES = gpg-check-pattern.c
--gpg_check_pattern_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS)
-+gpg_check_pattern_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) $(INCICONV)
- gpg_check_pattern_LDADD = $(common_libs) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
-- $(LIBINTL) $(NETLIBS) $(LIBICONV) $(W32SOCKLIBS)
-+ $(LIBINTL) $(NETLIBS) $(LIBICONV) $(W32SOCKLIBS) \
-+ $(LIBICONV)
- endif
-
- gpgtar_SOURCES = \
-@@ -152,8 +153,9 @@ gpg_wks_server_SOURCES = \
- mime-maker.c mime-maker.h \
- send-mail.c send-mail.h
-
--gpg_wks_server_CFLAGS = $(GPG_ERROR_CFLAGS)
--gpg_wks_server_LDADD = $(libcommon) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS)
-+gpg_wks_server_CFLAGS = $(GPG_ERROR_CFLAGS) $(INCICONV)
-+gpg_wks_server_LDADD = $(libcommon) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
-+ $(LIBICONV)
-
- gpg_wks_client_SOURCES = \
- gpg-wks-client.c \
-@@ -166,9 +168,10 @@ gpg_wks_client_SOURCES = \
- send-mail.c send-mail.h \
- call-dirmngr.c call-dirmngr.h
-
--gpg_wks_client_CFLAGS = $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS)
-+gpg_wks_client_CFLAGS = $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS) $(INCICONV)
- gpg_wks_client_LDADD = $(libcommon) \
-- $(LIBASSUAN_LIBS) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS)
-+ $(LIBASSUAN_LIBS) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
-+ $(LIBICONV)
-
-
- # Make sure that all libs are build before we use them. This is
diff --git a/debian/patches/0046-agent-Kludge-to-allow-disabling-of-the-extra-sockets.patch b/debian/patches/0046-agent-Kludge-to-allow-disabling-of-the-extra-sockets.patch
deleted file mode 100644
index 4cc1a3f..0000000
--- a/debian/patches/0046-agent-Kludge-to-allow-disabling-of-the-extra-sockets.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Fri, 30 Sep 2016 18:49:16 +0200
-Subject: agent: Kludge to allow disabling of the extra sockets.
-
-* agent/gpg-agent.c (main): Check for special socket names.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- agent/gpg-agent.c | 16 ++++++++++++++++
- doc/gpg-agent.texi | 5 +++--
- 2 files changed, 19 insertions(+), 2 deletions(-)
-
-diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
-index 4aeb241..29e0a40 100644
---- a/agent/gpg-agent.c
-+++ b/agent/gpg-agent.c
-@@ -1058,12 +1058,28 @@ main (int argc, char **argv )
- opt.extra_socket = 1; /* (1 = points into r/o section) */
- socket_name_extra = GPG_AGENT_EXTRA_SOCK_NAME;
- }
-+ else if (socket_name_extra
-+ && (!strcmp (socket_name_extra, "none")
-+ || !strcmp (socket_name_extra, "/dev/null")))
-+ {
-+ /* User requested not to create this socket. */
-+ opt.extra_socket = 0;
-+ socket_name_extra = NULL;
-+ }
-
- if (! opt.browser_socket)
- {
- opt.browser_socket = 1; /* (1 = points into r/o section) */
- socket_name_browser = GPG_AGENT_BROWSER_SOCK_NAME;
- }
-+ else if (socket_name_browser
-+ && (!strcmp (socket_name_browser, "none")
-+ || !strcmp (socket_name_browser, "/dev/null")))
-+ {
-+ /* User requested not to create this socket. */
-+ opt.browser_socket = 0;
-+ socket_name_browser = NULL;
-+ }
-
- set_debug ();
-
-diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
-index 079022d..c096b61 100644
---- a/doc/gpg-agent.texi
-+++ b/doc/gpg-agent.texi
-@@ -536,8 +536,9 @@ pinentry to pop up at the @code{tty} or display you started the agent.
- @anchor{option --extra-socket}
- @item --extra-socket @var{name}
- @opindex extra-socket
--The extra socket is always created, you may use this option to change
--the name of the socket.
-+The extra socket is created by default, you may use this option to
-+change the name of the socket. To disable the creation of the socket
-+use ``none'' or ``/dev/null'' for @var{name}.
-
- Also listen on native gpg-agent connections on the given socket. The
- intended use for this extra socket is to setup a Unix domain socket
diff --git a/debian/patches/0047-agent-Create-the-extra-sockets-in-the-standard-socke.patch b/debian/patches/0047-agent-Create-the-extra-sockets-in-the-standard-socke.patch
deleted file mode 100644
index 10e1a05..0000000
--- a/debian/patches/0047-agent-Create-the-extra-sockets-in-the-standard-socke.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Fri, 30 Sep 2016 19:21:51 +0200
-Subject: agent: Create the extra sockets in the standard socket dir.
-
-* agent/gpg-agent.c (main): Take the socketdir in account for the
-default sockets.
-* tools/gpgconf.c (list_dirs): Add "agent-extra-socket" and
-"agent-browser-socket".
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- agent/gpg-agent.c | 18 ++++++++++++------
- tools/gpgconf.c | 2 ++
- 2 files changed, 14 insertions(+), 6 deletions(-)
-
-diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
-index 29e0a40..aaebce3 100644
---- a/agent/gpg-agent.c
-+++ b/agent/gpg-agent.c
-@@ -1055,8 +1055,7 @@ main (int argc, char **argv )
-
- if (! opt.extra_socket)
- {
-- opt.extra_socket = 1; /* (1 = points into r/o section) */
-- socket_name_extra = GPG_AGENT_EXTRA_SOCK_NAME;
-+ opt.extra_socket = 1;
- }
- else if (socket_name_extra
- && (!strcmp (socket_name_extra, "none")
-@@ -1069,8 +1068,7 @@ main (int argc, char **argv )
-
- if (! opt.browser_socket)
- {
-- opt.browser_socket = 1; /* (1 = points into r/o section) */
-- socket_name_browser = GPG_AGENT_BROWSER_SOCK_NAME;
-+ opt.browser_socket = 1;
- }
- else if (socket_name_browser
- && (!strcmp (socket_name_browser, "none")
-@@ -1261,7 +1259,11 @@ main (int argc, char **argv )
-
- if (opt.extra_socket)
- {
-- socket_name_extra = create_socket_name (socket_name_extra, 0);
-+ if (socket_name_extra)
-+ socket_name_extra = create_socket_name (socket_name_extra, 0);
-+ else
-+ socket_name_extra = create_socket_name
-+ /**/ (GPG_AGENT_EXTRA_SOCK_NAME, 1);
- opt.extra_socket = 2; /* Indicate that it has been malloced. */
- fd_extra = create_server_socket (socket_name_extra, 0, 0,
- &redir_socket_name_extra,
-@@ -1270,7 +1272,11 @@ main (int argc, char **argv )
-
- if (opt.browser_socket)
- {
-- socket_name_browser = create_socket_name (socket_name_browser, 0);
-+ if (socket_name_browser)
-+ socket_name_browser = create_socket_name (socket_name_browser, 0);
-+ else
-+ socket_name_browser= create_socket_name
-+ /**/ (GPG_AGENT_BROWSER_SOCK_NAME, 1);
- opt.browser_socket = 2; /* Indicate that it has been malloced. */
- fd_browser = create_server_socket (socket_name_browser, 0, 0,
- &redir_socket_name_browser,
-diff --git a/tools/gpgconf.c b/tools/gpgconf.c
-index 221e3e2..263d726 100644
---- a/tools/gpgconf.c
-+++ b/tools/gpgconf.c
-@@ -165,6 +165,8 @@ list_dirs (estream_t fp, char **names)
- { "localedir", gnupg_localedir, NULL },
- { "dirmngr-socket", dirmngr_socket_name, NULL,},
- { "agent-ssh-socket", gnupg_socketdir, GPG_AGENT_SSH_SOCK_NAME },
-+ { "agent-extra-socket", gnupg_socketdir, GPG_AGENT_EXTRA_SOCK_NAME },
-+ { "agent-browser-socket",gnupg_socketdir, GPG_AGENT_BROWSER_SOCK_NAME },
- { "agent-socket", gnupg_socketdir, GPG_AGENT_SOCK_NAME },
- { "homedir", gnupg_homedir, NULL }
- };
diff --git a/debian/patches/0048-agent-Remove-the-warning-for-the-GKR-hijacking.patch b/debian/patches/0048-agent-Remove-the-warning-for-the-GKR-hijacking.patch
deleted file mode 100644
index 221d6f1..0000000
--- a/debian/patches/0048-agent-Remove-the-warning-for-the-GKR-hijacking.patch
+++ /dev/null
@@ -1,95 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Fri, 30 Sep 2016 19:38:03 +0200
-Subject: agent: Remove the warning for the GKR hijacking.
-
-* g10/call-agent.c (check_hijacking): Remove.
-(start_agent): Remove call.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- g10/call-agent.c | 65 --------------------------------------------------------
- 1 file changed, 65 deletions(-)
-
-diff --git a/g10/call-agent.c b/g10/call-agent.c
-index 93c9b56..0fb392c 100644
---- a/g10/call-agent.c
-+++ b/g10/call-agent.c
-@@ -189,69 +189,6 @@ default_inq_cb (void *opaque, const char *line)
- }
-
-
--/* Check whether gnome-keyring hijacked the gpg-agent. */
--static void
--check_hijacking (assuan_context_t ctx)
--{
-- membuf_t mb;
-- char *string;
--
-- init_membuf (&mb, 64);
--
-- /* AGENT_ID is a command implemented by gnome-keyring-daemon. It
-- does not return any data but an OK line with a remark. */
-- if (assuan_transact (ctx, "AGENT_ID",
-- put_membuf_cb, &mb, NULL, NULL, NULL, NULL))
-- {
-- xfree (get_membuf (&mb, NULL));
-- return; /* Error - Probably not hijacked. */
-- }
-- put_membuf (&mb, "", 1);
-- string = get_membuf (&mb, NULL);
-- if (!string || !*string)
-- {
-- /* Definitely hijacked - show a warning prompt. */
-- static int shown;
-- const char warn1[] =
-- "The GNOME keyring manager hijacked the GnuPG agent.";
-- const char warn2[] =
-- "GnuPG will not work properly - please configure that "
-- "tool to not interfere with the GnuPG system!";
-- log_info ("WARNING: %s\n", warn1);
-- log_info ("WARNING: %s\n", warn2);
-- /* (GPG_ERR_SOURCRE_GPG, GPG_ERR_NO_AGENT) */
-- write_status_text (STATUS_ERROR, "check_hijacking 33554509");
-- xfree (string);
-- string = strconcat (warn1, "\n\n", warn2, NULL);
-- if (string && !shown && !opt.batch)
-- {
-- /* NB: The Pinentry based prompt will only work if a
-- gnome-keyring manager passes invalid commands on to the
-- original gpg-agent. */
-- char *cmd, *cmdargs;
--
-- cmdargs = percent_plus_escape (string);
-- cmd = strconcat ("GET_CONFIRMATION ", cmdargs, NULL);
-- xfree (cmdargs);
-- if (cmd)
-- {
-- struct default_inq_parm_s dfltparm;
--
-- memset (&dfltparm, 0, sizeof dfltparm);
-- dfltparm.ctx = ctx;
-- assuan_transact (ctx, cmd, NULL, NULL,
-- default_inq_cb, &dfltparm,
-- NULL, NULL);
-- xfree (cmd);
-- shown = 1;
-- }
-- }
-- }
-- xfree (string);
--}
--
--
--
- /* Print a warning if the server's version number is less than our
- version number. Returns an error code on a connection problem. */
- static gpg_error_t
-@@ -346,8 +283,6 @@ start_agent (ctrl_t ctrl, int for_card)
- write_status_error ("set_pinentry_mode", rc);
- }
- }
--
-- check_hijacking (agent_ctx);
- }
- }
-
diff --git a/debian/patches/0049-agent-dirmngr-scd-npth_init-must-be-after-fork.patch b/debian/patches/0049-agent-dirmngr-scd-npth_init-must-be-after-fork.patch
deleted file mode 100644
index f83eaa8..0000000
--- a/debian/patches/0049-agent-dirmngr-scd-npth_init-must-be-after-fork.patch
+++ /dev/null
@@ -1,225 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Tue, 4 Oct 2016 09:01:13 +0900
-Subject: agent, dirmngr, scd: npth_init must be after fork.
-
-* agent/gpg-agent.c (thread_init_once, initialize_modules): New.
-(main): Make sure no daemonizing-fork call after npth_init, and no npth
-calls before npth_init, with care of npth calls by assuan hooks.
-* dirmngr/dirmngr.c (thread_init): New.
-(main): Make sure npth_init must not be called before daemonizing fork.
-* scd/scdaemon.c (main): Likewise.
-
---
-
-It is simply the best for nPth not to allow the daemonizing fork after
-npth_init, because semantics and implementations of forked child process
-in a threaded application is a difficult corner case.
-
-GnuPG-bug-id: 1779
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- agent/gpg-agent.c | 36 ++++++++++++++++++++++++++++--------
- dirmngr/dirmngr.c | 31 ++++++++++++++++++++-----------
- scd/scdaemon.c | 6 ++++--
- 3 files changed, 52 insertions(+), 21 deletions(-)
-
-diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
-index aaebce3..c1be1d7 100644
---- a/agent/gpg-agent.c
-+++ b/agent/gpg-agent.c
-@@ -721,6 +721,29 @@ finalize_rereadable_options (void)
- }
-
-
-+static void
-+thread_init_once (void)
-+{
-+ static int npth_initialized = 0;
-+
-+ if (!npth_initialized)
-+ {
-+ npth_initialized++;
-+ npth_init ();
-+ }
-+}
-+
-+static void
-+initialize_modules (void)
-+{
-+ thread_init_once ();
-+ assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH);
-+ initialize_module_cache ();
-+ initialize_module_call_pinentry ();
-+ initialize_module_call_scd ();
-+ initialize_module_trustlist ();
-+}
-+
-
- /* The main entry point. */
- int
-@@ -773,14 +796,11 @@ main (int argc, char **argv )
- i18n_init ();
- init_common_subsystems (&argc, &argv);
-
-- npth_init ();
--
- malloc_hooks.malloc = gcry_malloc;
- malloc_hooks.realloc = gcry_realloc;
- malloc_hooks.free = gcry_free;
- assuan_set_malloc_hooks (&malloc_hooks);
- assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
-- assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH);
- assuan_sock_init ();
- setup_libassuan_logging (&opt.debug);
-
-@@ -1088,16 +1108,12 @@ main (int argc, char **argv )
- exit (1);
- }
-
-- initialize_module_cache ();
-- initialize_module_call_pinentry ();
-- initialize_module_call_scd ();
-- initialize_module_trustlist ();
--
- /* Try to create missing directories. */
- create_directories ();
-
- if (debug_wait && pipe_server)
- {
-+ thread_init_once ();
- log_debug ("waiting for debugger - my pid is %u .....\n",
- (unsigned int)getpid());
- gnupg_sleep (debug_wait);
-@@ -1204,6 +1220,8 @@ main (int argc, char **argv )
- /* This is the simple pipe based server */
- ctrl_t ctrl;
-
-+ initialize_modules ();
-+
- ctrl = xtrycalloc (1, sizeof *ctrl);
- if (!ctrl)
- {
-@@ -1411,6 +1429,8 @@ main (int argc, char **argv )
- This is the child
- */
-
-+ initialize_modules ();
-+
- /* Detach from tty and put process into a new session */
- if (!nodetach )
- {
-diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
-index 7be18cc..67f8490 100644
---- a/dirmngr/dirmngr.c
-+++ b/dirmngr/dirmngr.c
-@@ -647,6 +647,22 @@ pid_suffix_callback (unsigned long *r_suffix)
- #endif /*!HAVE_W32_SYSTEM*/
-
-
-+static void
-+thread_init (void)
-+{
-+ npth_init ();
-+
-+ /* Now with NPth running we can set the logging callback. Our
-+ windows implementation does not yet feature the NPth TLS
-+ functions. */
-+#ifndef HAVE_W32_SYSTEM
-+ if (npth_key_create (&my_tlskey_current_fd, NULL) == 0)
-+ if (npth_setspecific (my_tlskey_current_fd, NULL) == 0)
-+ log_set_pid_suffix_cb (pid_suffix_callback);
-+#endif /*!HAVE_W32_SYSTEM*/
-+}
-+
-+
- int
- main (int argc, char **argv)
- {
-@@ -680,8 +696,6 @@ main (int argc, char **argv)
- i18n_init ();
- init_common_subsystems (&argc, &argv);
-
-- npth_init ();
--
- gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
-
- /* Check that the libraries are suitable. Do it here because
-@@ -722,15 +736,6 @@ main (int argc, char **argv)
- if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") )
- csh_style = 1;
-
-- /* Now with NPth running we can set the logging callback. Our
-- windows implementation does not yet feature the NPth TLS
-- functions. */
--#ifndef HAVE_W32_SYSTEM
-- if (npth_key_create (&my_tlskey_current_fd, NULL) == 0)
-- if (npth_setspecific (my_tlskey_current_fd, NULL) == 0)
-- log_set_pid_suffix_cb (pid_suffix_callback);
--#endif /*!HAVE_W32_SYSTEM*/
--
- /* Reset rereadable options to default values. */
- parse_rereadable_options (NULL, 0);
-
-@@ -981,6 +986,7 @@ main (int argc, char **argv)
- ldap_wrapper_launch_thread ();
- #endif /*USE_LDAP*/
-
-+ thread_init ();
- cert_cache_init ();
- crl_cache_init ();
- start_command_handler (ASSUAN_INVALID_FD);
-@@ -1179,6 +1185,7 @@ main (int argc, char **argv)
- ldap_wrapper_launch_thread ();
- #endif /*USE_LDAP*/
-
-+ thread_init ();
- cert_cache_init ();
- crl_cache_init ();
- handle_connections (fd);
-@@ -1206,6 +1213,7 @@ main (int argc, char **argv)
- #if USE_LDAP
- ldap_wrapper_launch_thread ();
- #endif /*USE_LDAP*/
-+ thread_init ();
- cert_cache_init ();
- crl_cache_init ();
- if (!argc)
-@@ -1231,6 +1239,7 @@ main (int argc, char **argv)
- #if USE_LDAP
- ldap_wrapper_launch_thread ();
- #endif /*USE_LDAP*/
-+ thread_init ();
- cert_cache_init ();
- crl_cache_init ();
- rc = crl_fetch (&ctrlbuf, argv[0], &reader);
-diff --git a/scd/scdaemon.c b/scd/scdaemon.c
-index 514e3c2..f0e704b 100644
---- a/scd/scdaemon.c
-+++ b/scd/scdaemon.c
-@@ -422,8 +422,6 @@ main (int argc, char **argv )
- i18n_init ();
- init_common_subsystems (&argc, &argv);
-
-- npth_init ();
--
- ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free);
-
- malloc_hooks.malloc = gcry_malloc;
-@@ -724,6 +722,8 @@ main (int argc, char **argv )
- }
- #endif
-
-+ npth_init ();
-+
- /* If --debug-allow-core-dump has been given we also need to
- switch the working directory to a place where we can actually
- write. */
-@@ -861,6 +861,8 @@ main (int argc, char **argv )
-
- /* This is the child. */
-
-+ npth_init ();
-+
- /* Detach from tty and put process into a new session. */
- if (!nodetach )
- {
diff --git a/debian/patches/0050-tools-Ignore-existing-directories-in-gpgtar.patch b/debian/patches/0050-tools-Ignore-existing-directories-in-gpgtar.patch
deleted file mode 100644
index 954b42a..0000000
--- a/debian/patches/0050-tools-Ignore-existing-directories-in-gpgtar.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Tue, 4 Oct 2016 12:44:14 +0200
-Subject: tools: Ignore existing directories in gpgtar.
-
-* tools/gpgtar-extract.c (extract_directory): Ignore existing
-directories now that we have '--directory'.
-
-Signed-off-by: Justus Winter <justus at g10code.com>
----
- tools/gpgtar-extract.c | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/tools/gpgtar-extract.c b/tools/gpgtar-extract.c
-index cee609c..8641126 100644
---- a/tools/gpgtar-extract.c
-+++ b/tools/gpgtar-extract.c
-@@ -122,11 +122,15 @@ extract_directory (const char *dirname, tar_header_t hdr)
- if (fname[strlen (fname)-1] == '/')
- fname[strlen (fname)-1] = 0;
-
-- /* Note that we don't need to care about EEXIST because we always
-- extract into a new hierarchy. */
- if (! opt.dry_run && gnupg_mkdir (fname, "-rwx------"))
- {
- err = gpg_error_from_syserror ();
-+ if (gpg_err_code (err) == GPG_ERR_EEXIST)
-+ {
-+ /* Ignore existing directories while extracting. */
-+ err = 0;
-+ }
-+
- if (gpg_err_code (err) == GPG_ERR_ENOENT)
- {
- /* Try to create the directory with parents but keep the
diff --git a/debian/patches/0051-agent-Implement-supervised-command-for-systemd-etc.patch b/debian/patches/0051-agent-Implement-supervised-command-for-systemd-etc.patch
deleted file mode 100644
index 1d06575..0000000
--- a/debian/patches/0051-agent-Implement-supervised-command-for-systemd-etc.patch
+++ /dev/null
@@ -1,358 +0,0 @@
-From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-Date: Fri, 12 Aug 2016 01:37:59 -0400
-Subject: agent: Implement --supervised command (for systemd, etc).
-
-* agent/gpg-agent.c (get_socket_path): New function for POSIX systems
-to return the path for a provided unix-domain socket.
-(map_supervised_sockets): New function to inspect $LISTEN_FDS and
-$LISTEN_FDNAMES and map them to the specific functionality offered by
-the agent.
-(main): Add --supervised command. When used, listen on already-open
-file descriptors instead of opening our own.
-* doc/gpg-agent.texi: Document --supervised option.
-
---
-
-"gpg-agent --supervised" is a way to invoke gpg-agent such that a
-system supervisor like systemd can provide socket-activated startup,
-log management, and scheduled shutdown.
-
-When running in this mode, gpg-agent:
-
- * Does not open its own listening socket; rather, it expects to be
- given a listening socket on incoming file descriptors.
-
- * Does not detach from the invoking process, staying in the
- foreground instead. Unless otherwise specified, logs are sent to
- stderr.
-
-Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
----
- agent/gpg-agent.c | 233 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
- doc/gpg-agent.texi | 12 +++
- 2 files changed, 243 insertions(+), 2 deletions(-)
-
-diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
-index c1be1d7..6f301fe 100644
---- a/agent/gpg-agent.c
-+++ b/agent/gpg-agent.c
-@@ -93,6 +93,7 @@ enum cmd_and_opt_values
- oLogFile,
- oServer,
- oDaemon,
-+ oSupervised,
- oBatch,
-
- oPinentryProgram,
-@@ -155,6 +156,7 @@ static ARGPARSE_OPTS opts[] = {
-
- ARGPARSE_s_n (oDaemon, "daemon", N_("run in daemon mode (background)")),
- ARGPARSE_s_n (oServer, "server", N_("run in server mode (foreground)")),
-+ ARGPARSE_s_n (oSupervised, "supervised", N_("run supervised (e.g., systemd)")),
- ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
- ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")),
- ARGPARSE_s_n (oSh, "sh", N_("sh-style command output")),
-@@ -733,6 +735,7 @@ thread_init_once (void)
- }
- }
-
-+
- static void
- initialize_modules (void)
- {
-@@ -745,6 +748,180 @@ initialize_modules (void)
- }
-
-
-+/* return a malloc'ed string that is the path to the passed unix-domain socket
-+ (or return NULL if this is not a valid unix-domain socket) */
-+static char *
-+get_socket_path (gnupg_fd_t fd)
-+{
-+#ifdef HAVE_W32_SYSTEM
-+ return NULL;
-+#else
-+ struct sockaddr_un un;
-+ socklen_t len = sizeof(un);
-+ char *ret = NULL;
-+
-+ if (fd == GNUPG_INVALID_FD)
-+ return NULL;
-+
-+ if (getsockname (fd, (struct sockaddr*)&un, &len) != 0)
-+ log_error ("could not getsockname(%d) -- error %d (%s)\n", fd,
-+ errno, strerror(errno));
-+ else if (un.sun_family != AF_UNIX)
-+ log_error ("file descriptor %d is not a unix-domain socket\n", fd);
-+ else if (len <= offsetof (struct sockaddr_un, sun_path))
-+ log_error ("socket path not present for file descriptor %d\n", fd);
-+ else if (len > sizeof(un))
-+ log_error ("socket path for file descriptor %d was truncated "
-+ "(passed %lu bytes, wanted %u)\n", fd, sizeof(un), len);
-+ else
-+ {
-+ log_debug ("file descriptor %d has path %s (%lu octets)\n", fd,
-+ un.sun_path, len - offsetof (struct sockaddr_un, sun_path));
-+ ret = malloc(len - offsetof (struct sockaddr_un, sun_path));
-+ if (ret == NULL)
-+ log_error ("failed to allocate memory for path to file "
-+ "descriptor %d\n", fd);
-+ else
-+ memcpy (ret, un.sun_path, len);
-+ }
-+ return ret;
-+#endif /* HAVE_W32_SYSTEM */
-+}
-+
-+
-+/* Discover which inherited file descriptors correspond to which
-+ services/sockets offered by gpg-agent, using the LISTEN_FDS and
-+ LISTEN_FDNAMES convention. The understood labels are "ssh",
-+ "extra", and "browser". Any other label will be interpreted as the
-+ standard socket.
-+
-+ This function is designed to log errors when the expected file
-+ descriptors don't make sense, but to do its best to continue to
-+ work even in the face of minor misconfigurations.
-+
-+ For more information on the LISTEN_FDS convention, see
-+ sd_listen_fds(3).
-+ */
-+static void
-+map_supervised_sockets (gnupg_fd_t *fd,
-+ gnupg_fd_t *fd_extra,
-+ gnupg_fd_t *fd_browser,
-+ gnupg_fd_t *fd_ssh)
-+{
-+ const char *listen_pid = NULL;
-+ const char *listen_fds = NULL;
-+ const char *listen_fdnames = NULL;
-+ int listen_fd_count = -1;
-+ int listen_fdnames_colons = 0;
-+ const char *fdnamep = NULL;
-+
-+ listen_pid = getenv ("LISTEN_PID");
-+ listen_fds = getenv ("LISTEN_FDS");
-+ listen_fdnames = getenv ("LISTEN_FDNAMES");
-+
-+ if (!listen_pid)
-+ log_error ("no $LISTEN_PID environment variable found in "
-+ "--supervised mode (ignoring).\n");
-+ else if (atoi (listen_pid) != getpid ())
-+ log_error ("$LISTEN_PID (%d) does not match process ID (%d) "
-+ "in --supervised mode (ignoring).\n",
-+ atoi (listen_pid), getpid ());
-+ else
-+ log_debug ("$LISTEN_PID matches process ID (%d)\n",
-+ getpid());
-+
-+ if (listen_fdnames)
-+ for (fdnamep = listen_fdnames; *fdnamep; fdnamep++)
-+ if (*fdnamep == ':')
-+ listen_fdnames_colons++;
-+ log_debug ("%d colon(s) in $LISTEN_FDNAMES: (%s)\n", listen_fdnames_colons, listen_fdnames);
-+
-+ if (!listen_fds)
-+ {
-+ if (!listen_fdnames)
-+ {
-+ log_error ("no LISTEN_FDS or LISTEN_FDNAMES environment variables "
-+ "found in --supervised mode (assuming 1 active descriptor).\n");
-+ listen_fd_count = 1;
-+ }
-+ else
-+ {
-+ log_error ("no LISTEN_FDS environment variable found in --supervised "
-+ " mode (relying on colons in LISTEN_FDNAMES instead)\n");
-+ listen_fd_count = listen_fdnames_colons + 1;
-+ }
-+ }
-+ else
-+ listen_fd_count = atoi (listen_fds);
-+
-+ if (listen_fd_count < 1)
-+ {
-+ log_error ("--supervised mode expects at least one file descriptor (was told %d) "
-+ "(carrying on as though it were 1)\n", listen_fd_count);
-+ listen_fd_count = 1;
-+ }
-+
-+ if (!listen_fdnames)
-+ {
-+ if (listen_fd_count != 1)
-+ log_error ("no LISTEN_FDNAMES and LISTEN_FDS (%d) != 1 in --supervised mode. "
-+ "(ignoring all sockets but the first one)\n", listen_fd_count);
-+ *fd = 3;
-+ }
-+ else
-+ {
-+ int i;
-+ if (listen_fd_count != listen_fdnames_colons + 1)
-+ {
-+ log_fatal ("number of items in LISTEN_FDNAMES (%d) does not match "
-+ "LISTEN_FDS (%d) in --supervised mode\n",
-+ listen_fdnames_colons + 1, listen_fd_count);
-+ exit (1);
-+ }
-+
-+ for (i = 3; i < 3 + listen_fd_count; i++)
-+ {
-+ int found = 0;
-+ char *next = strchrnul(listen_fdnames, ':');
-+ *next = '\0';
-+#define match_socket(var) if (!found && strcmp (listen_fdnames, #var) == 0) \
-+ { \
-+ found = 1; \
-+ if (*fd_ ## var == GNUPG_INVALID_FD) \
-+ { \
-+ *fd_ ## var = i; \
-+ log_info (#var " socket on fd %d\n", i); \
-+ } \
-+ else \
-+ { \
-+ log_error ("cannot listen on more than one " #var " socket. (closing fd %d)\n", i); \
-+ close (i); \
-+ } \
-+ }
-+ match_socket(ssh);
-+ match_socket(browser);
-+ match_socket(extra);
-+#undef match_socket
-+ if (!found)
-+ {
-+ if (*fd == GNUPG_INVALID_FD)
-+ {
-+ *fd = i;
-+ log_info ("standard socket (\"%s\") on fd %d\n",
-+ listen_fdnames, i);
-+ }
-+ else
-+ {
-+ log_error ("cannot listen on more than one standard socket. (closing fd %d)\n", i);
-+ close (i);
-+ }
-+ }
-+ listen_fdnames = next + 1;
-+ }
-+ }
-+}
-+
-+
- /* The main entry point. */
- int
- main (int argc, char **argv )
-@@ -760,6 +937,7 @@ main (int argc, char **argv )
- int default_config =1;
- int pipe_server = 0;
- int is_daemon = 0;
-+ int is_supervised = 0;
- int nodetach = 0;
- int csh_style = 0;
- char *logfile = NULL;
-@@ -962,6 +1140,7 @@ main (int argc, char **argv )
- case oSh: csh_style = 0; break;
- case oServer: pipe_server = 1; break;
- case oDaemon: is_daemon = 1; break;
-+ case oSupervised: is_supervised = 1; break;
-
- case oDisplay: default_display = xstrdup (pargs.r.ret_str); break;
- case oTTYname: default_ttyname = xstrdup (pargs.r.ret_str); break;
-@@ -1061,9 +1240,9 @@ main (int argc, char **argv )
- bind_textdomain_codeset (PACKAGE_GT, "UTF-8");
- #endif
-
-- if (!pipe_server && !is_daemon && !gpgconf_list)
-+ if (!pipe_server && !is_daemon && !gpgconf_list && !is_supervised)
- {
-- /* We have been called without any options and thus we merely
-+ /* We have been called without any command and thus we merely
- check whether an agent is already running. We do this right
- here so that we don't clobber a logfile with this check but
- print the status directly to stderr. */
-@@ -1242,6 +1421,54 @@ main (int argc, char **argv )
- agent_deinit_default_ctrl (ctrl);
- xfree (ctrl);
- }
-+ else if (is_supervised)
-+ {
-+ gnupg_fd_t fd = GNUPG_INVALID_FD;
-+ gnupg_fd_t fd_extra = GNUPG_INVALID_FD;
-+ gnupg_fd_t fd_browser = GNUPG_INVALID_FD;
-+ gnupg_fd_t fd_ssh = GNUPG_INVALID_FD;
-+
-+ /* when supervised and sending logs to stderr, the process
-+ supervisor should handle log entry metadata (pid, name,
-+ timestamp) */
-+ if (!logfile)
-+ log_set_prefix (NULL, 0);
-+
-+ log_info ("%s %s starting in supervised mode.\n",
-+ strusage(11), strusage(13) );
-+
-+ map_supervised_sockets (&fd, &fd_extra, &fd_browser, &fd_ssh);
-+ if (fd == GNUPG_INVALID_FD)
-+ {
-+ log_fatal ("no standard socket provided\n");
-+ exit (1);
-+ }
-+ /* record socket names where possible: */
-+ socket_name = get_socket_path (fd);
-+ socket_name_extra = get_socket_path (fd_extra);
-+ if (socket_name_extra)
-+ opt.extra_socket = 2;
-+ socket_name_browser = get_socket_path (fd_browser);
-+ if (socket_name_browser)
-+ opt.browser_socket = 2;
-+ socket_name_ssh = get_socket_path (fd_ssh);
-+
-+#ifdef HAVE_SIGPROCMASK
-+ if (startup_signal_mask_valid)
-+ {
-+ if (sigprocmask (SIG_SETMASK, &startup_signal_mask, NULL))
-+ log_error ("error restoring signal mask: %s\n",
-+ strerror (errno));
-+ }
-+ else
-+ log_info ("no saved signal mask\n");
-+#endif /*HAVE_SIGPROCMASK*/
-+
-+ log_debug ("FDs: std: %d extra: %d browser: %d ssh: %d\n",
-+ fd, fd_extra, fd_browser, fd_ssh);
-+ handle_connections (fd, fd_extra, fd_browser, fd_ssh);
-+ assuan_sock_close (fd);
-+ }
- else if (!is_daemon)
- ; /* NOTREACHED */
- else
-@@ -1254,6 +1481,8 @@ main (int argc, char **argv )
- pid_t pid;
- #endif
-
-+ initialize_modules ();
-+
- /* Remove the DISPLAY variable so that a pinentry does not
- default to a specific display. There is still a default
- display when gpg-agent was started using --display or a
-diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
-index c096b61..d40f981 100644
---- a/doc/gpg-agent.texi
-+++ b/doc/gpg-agent.texi
-@@ -158,6 +158,18 @@ As an alternative you may create a new process as a child of
- gpg-agent: @code{gpg-agent --daemon /bin/sh}. This way you get a new
- shell with the environment setup properly; after you exit from this
- shell, gpg-agent terminates within a few seconds.
-+
-+ at item --supervised
-+ at opindex supervised
-+Run in the foreground, sending logs by default to stderr, and
-+listening on provided file descriptors, which must already be bound to
-+listening sockets. This command is useful when running under systemd
-+or other similar process supervision schemes.
-+
-+In --supervised mode, different file descriptors can be provided for
-+use as different socket types (e.g. ssh, extra) as long as they are
-+identified in the environment variable $LISTEN_FDNAMES (see
-+sd_listen_fds(3) for more information on this convention).
- @end table
-
- @mansect options
diff --git a/debian/patches/0052-agent-Adjust-supervised-mode-for-the-new-default-soc.patch b/debian/patches/0052-agent-Adjust-supervised-mode-for-the-new-default-soc.patch
deleted file mode 100644
index 0dd129f..0000000
--- a/debian/patches/0052-agent-Adjust-supervised-mode-for-the-new-default-soc.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Tue, 4 Oct 2016 11:23:18 +0200
-Subject: agent: Adjust supervised mode for the new default socket names.
-
-* agent/gpg-agent.c (main): In supervised mode do not provide default
-socket names. Unset DISPLAY and INSIDE_EMACS. Use log_error and
-agent_exit.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- agent/gpg-agent.c | 32 ++++++++++++++++++++------------
- 1 file changed, 20 insertions(+), 12 deletions(-)
-
-diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
-index 6f301fe..13b6c6a 100644
---- a/agent/gpg-agent.c
-+++ b/agent/gpg-agent.c
-@@ -1252,10 +1252,10 @@ main (int argc, char **argv )
- agent_exit (0);
- }
-
-- if (! opt.extra_socket)
-- {
-- opt.extra_socket = 1;
-- }
-+ if (is_supervised)
-+ ;
-+ else if (!opt.extra_socket)
-+ opt.extra_socket = 1;
- else if (socket_name_extra
- && (!strcmp (socket_name_extra, "none")
- || !strcmp (socket_name_extra, "/dev/null")))
-@@ -1265,10 +1265,10 @@ main (int argc, char **argv )
- socket_name_extra = NULL;
- }
-
-- if (! opt.browser_socket)
-- {
-- opt.browser_socket = 1;
-- }
-+ if (is_supervised)
-+ ;
-+ else if (!opt.browser_socket)
-+ opt.browser_socket = 1;
- else if (socket_name_browser
- && (!strcmp (socket_name_browser, "none")
- || !strcmp (socket_name_browser, "/dev/null")))
-@@ -1437,11 +1437,19 @@ main (int argc, char **argv )
- log_info ("%s %s starting in supervised mode.\n",
- strusage(11), strusage(13) );
-
-+ /* See below on why we remove certain envvars. */
-+#ifndef HAVE_W32_SYSTEM
-+ if (!opt.keep_display)
-+ gnupg_unsetenv ("DISPLAY");
-+#endif
-+ gnupg_unsetenv ("INSIDE_EMACS");
-+
-+ /* Virtually create the sockets. */
- map_supervised_sockets (&fd, &fd_extra, &fd_browser, &fd_ssh);
- if (fd == GNUPG_INVALID_FD)
- {
-- log_fatal ("no standard socket provided\n");
-- exit (1);
-+ log_error ("no standard socket provided\n");
-+ agent_exit (1);
- }
- /* record socket names where possible: */
- socket_name = get_socket_path (fd);
-@@ -1464,8 +1472,8 @@ main (int argc, char **argv )
- log_info ("no saved signal mask\n");
- #endif /*HAVE_SIGPROCMASK*/
-
-- log_debug ("FDs: std: %d extra: %d browser: %d ssh: %d\n",
-- fd, fd_extra, fd_browser, fd_ssh);
-+ log_info ("listening on: std=%d extra=%d browser=%d ssh=%d\n",
-+ fd, fd_extra, fd_browser, fd_ssh);
- handle_connections (fd, fd_extra, fd_browser, fd_ssh);
- assuan_sock_close (fd);
- }
diff --git a/debian/patches/0053-agent-Adjust-cleanup-for-supervised-mode.-Fix-for-W3.patch b/debian/patches/0053-agent-Adjust-cleanup-for-supervised-mode.-Fix-for-W3.patch
deleted file mode 100644
index 1855df4..0000000
--- a/debian/patches/0053-agent-Adjust-cleanup-for-supervised-mode.-Fix-for-W3.patch
+++ /dev/null
@@ -1,88 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Tue, 4 Oct 2016 16:57:55 +0200
-Subject: agent: Adjust cleanup for supervised mode. Fix for W32.
-
-* agent/gpg-agent.c (opts) [W32]: Remove option --supervised.
-(is_supervised): Move from main() to global.
-(inhibit_socket_removal): New.
-(cleanup): Take care of supervise mode and INHIBIT_SOCKET_REMOVAL.
-(check_own_socket_thread): Set INHIBIT_SOCKET_REMOVAL instead of
-seting the socket names to empty.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- agent/gpg-agent.c | 33 ++++++++++++++++++++-------------
- 1 file changed, 20 insertions(+), 13 deletions(-)
-
-diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
-index 13b6c6a..719e747 100644
---- a/agent/gpg-agent.c
-+++ b/agent/gpg-agent.c
-@@ -156,7 +156,9 @@ static ARGPARSE_OPTS opts[] = {
-
- ARGPARSE_s_n (oDaemon, "daemon", N_("run in daemon mode (background)")),
- ARGPARSE_s_n (oServer, "server", N_("run in server mode (foreground)")),
-- ARGPARSE_s_n (oSupervised, "supervised", N_("run supervised (e.g., systemd)")),
-+#ifndef HAVE_W32_SYSTEM
-+ ARGPARSE_s_n (oSupervised, "supervised", N_("run in supervised mode")),
-+#endif
- ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
- ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")),
- ARGPARSE_s_n (oSh, "sh", N_("sh-style command output")),
-@@ -326,6 +328,12 @@ static int check_own_socket_running;
- /* Flags to indicate that check_own_socket shall not be called. */
- static int disable_check_own_socket;
-
-+/* Flag indicating that we are in supervised mode. */
-+static int is_supervised;
-+
-+/* Flag to inhibit socket removal in cleanup. */
-+static int inhibit_socket_removal;
-+
- /* It is possible that we are currently running under setuid permissions */
- static int maybe_setuid = 1;
-
-@@ -582,12 +590,15 @@ cleanup (void)
- return;
- done = 1;
- deinitialize_module_cache ();
-- remove_socket (socket_name, redir_socket_name);
-- if (opt.extra_socket > 1)
-- remove_socket (socket_name_extra, redir_socket_name_extra);
-- if (opt.browser_socket > 1)
-- remove_socket (socket_name_browser, redir_socket_name_browser);
-- remove_socket (socket_name_ssh, redir_socket_name_ssh);
-+ if (!is_supervised && !inhibit_socket_removal)
-+ {
-+ remove_socket (socket_name, redir_socket_name);
-+ if (opt.extra_socket > 1)
-+ remove_socket (socket_name_extra, redir_socket_name_extra);
-+ if (opt.browser_socket > 1)
-+ remove_socket (socket_name_browser, redir_socket_name_browser);
-+ remove_socket (socket_name_ssh, redir_socket_name_ssh);
-+ }
- }
-
-
-@@ -937,7 +948,6 @@ main (int argc, char **argv )
- int default_config =1;
- int pipe_server = 0;
- int is_daemon = 0;
-- int is_supervised = 0;
- int nodetach = 0;
- int csh_style = 0;
- char *logfile = NULL;
-@@ -3062,11 +3072,8 @@ check_own_socket_thread (void *arg)
- if (rc)
- {
- /* We may not remove the socket as it is now in use by another
-- server. Setting the name to empty does this. */
-- if (socket_name)
-- *socket_name = 0;
-- if (socket_name_ssh)
-- *socket_name_ssh = 0;
-+ server. */
-+ inhibit_socket_removal = 1;
- shutdown_pending = 2;
- log_info ("this process is useless - shutting down\n");
- }
diff --git a/debian/patches/0054-agent-Streamline-the-supervised-mode-code.patch b/debian/patches/0054-agent-Streamline-the-supervised-mode-code.patch
deleted file mode 100644
index ad7ca2e..0000000
--- a/debian/patches/0054-agent-Streamline-the-supervised-mode-code.patch
+++ /dev/null
@@ -1,491 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Tue, 4 Oct 2016 17:02:49 +0200
-Subject: agent: Streamline the supervised mode code.
-
-* agent/gpg-agent.c (get_socket_path): Rename to ...
-(get_socket_name): this. This is to comply with the GNU coding guide.
-Use xtrymalloc instead of malloc. Do not build for W32.
-(map_supervised_sockets): Use strtokenize and set the the socket names
-here.
-(main): Adjust for above change. Do not close the socket.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- agent/gpg-agent.c | 408 +++++++++++++++++++++++++++--------------------------
- doc/gpg-agent.texi | 8 +-
- 2 files changed, 216 insertions(+), 200 deletions(-)
-
-diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
-index 719e747..ea23159 100644
---- a/agent/gpg-agent.c
-+++ b/agent/gpg-agent.c
-@@ -579,6 +579,208 @@ remove_socket (char *name, char *redir_name)
- }
-
-
-+/* Return a malloc'ed string that is the path to the passed
-+ * unix-domain socket (or return NULL if this is not a valid
-+ * unix-domain socket). We use a plain int here because it is only
-+ * used on Linux.
-+ *
-+ * FIXME: This function needs to be moved to libassuan. */
-+#ifndef HAVE_W32_SYSTEM
-+static char *
-+get_socket_name (int fd)
-+{
-+ struct sockaddr_un un;
-+ socklen_t len = sizeof(un);
-+ char *name = NULL;
-+
-+ if (getsockname (fd, (struct sockaddr*)&un, &len) != 0)
-+ log_error ("could not getsockname(%d): %s\n", fd,
-+ gpg_strerror (gpg_error_from_syserror ()));
-+ else if (un.sun_family != AF_UNIX)
-+ log_error ("file descriptor %d is not a unix-domain socket\n", fd);
-+ else if (len <= offsetof (struct sockaddr_un, sun_path))
-+ log_error ("socket name not present for file descriptor %d\n", fd);
-+ else if (len > sizeof(un))
-+ log_error ("socket name for file descriptor %d was truncated "
-+ "(passed %lu bytes, wanted %u)\n", fd, sizeof(un), len);
-+ else
-+ {
-+ log_debug ("file descriptor %d has path %s (%lu octets)\n", fd,
-+ un.sun_path, len - offsetof (struct sockaddr_un, sun_path));
-+ name = xtrymalloc (len - offsetof (struct sockaddr_un, sun_path) + 1);
-+ if (!name)
-+ log_error ("failed to allocate memory for name of fd %d: %s\n",
-+ fd, gpg_strerror (gpg_error_from_syserror ()));
-+ else
-+ {
-+ memcpy (name, un.sun_path, len);
-+ name[len] = 0;
-+ }
-+ }
-+
-+ return name;
-+}
-+#endif /*!HAVE_W32_SYSTEM*/
-+
-+
-+/* Discover which inherited file descriptors correspond to which
-+ * services/sockets offered by gpg-agent, using the LISTEN_FDS and
-+ * LISTEN_FDNAMES convention. The understood labels are "ssh",
-+ * "extra", and "browser". "std" or other labels will be interpreted
-+ * as the standard socket.
-+ *
-+ * This function is designed to log errors when the expected file
-+ * descriptors don't make sense, but to do its best to continue to
-+ * work even in the face of minor misconfigurations.
-+ *
-+ * For more information on the LISTEN_FDS convention, see
-+ * sd_listen_fds(3) on certain Linux distributions.
-+ */
-+#ifndef HAVE_W32_SYSTEM
-+static void
-+map_supervised_sockets (gnupg_fd_t *r_fd,
-+ gnupg_fd_t *r_fd_extra,
-+ gnupg_fd_t *r_fd_browser,
-+ gnupg_fd_t *r_fd_ssh)
-+{
-+ struct {
-+ const char *label;
-+ int **fdaddr;
-+ char **nameaddr;
-+ } tbl[] = {
-+ { "ssh", &r_fd_ssh, &socket_name_ssh },
-+ { "browser", &r_fd_browser, &socket_name_browser },
-+ { "extra", &r_fd_extra, &socket_name_extra },
-+ { "std", &r_fd, &socket_name } /* (Must be the last item.) */
-+ };
-+ const char *envvar;
-+ char **fdnames;
-+ int nfdnames;
-+ int fd_count;
-+
-+ *r_fd = *r_fd_extra = *r_fd_browser = *r_fd_ssh = -1;
-+
-+ /* Print a warning if LISTEN_PID does not match outr pid. */
-+ envvar = getenv ("LISTEN_PID");
-+ if (!envvar)
-+ log_error ("no LISTEN_PID environment variable found in "
-+ "--supervised mode (ignoring)\n");
-+ else if (strtoul (envvar, NULL, 10) != (unsigned long)getpid ())
-+ log_error ("environment variable LISTEN_PID (%lu) does not match"
-+ " our pid (%lu) in --supervised mode (ignoring)\n",
-+ (unsigned long)strtoul (envvar, NULL, 10),
-+ (unsigned long)getpid ());
-+
-+ /* Parse LISTEN_FDNAMES into the array FDNAMES. */
-+ envvar = getenv ("LISTEN_FDNAMES");
-+ if (envvar)
-+ {
-+ fdnames = strtokenize (envvar, ":");
-+ if (!fdnames)
-+ {
-+ log_error ("strtokenize failed: %s\n",
-+ gpg_strerror (gpg_error_from_syserror ()));
-+ agent_exit (1);
-+ }
-+ for (nfdnames=0; fdnames[nfdnames]; nfdnames++)
-+ ;
-+ }
-+ else
-+ {
-+ fdnames = NULL;
-+ nfdnames = 0;
-+ }
-+
-+ /* Parse LISTEN_FDS into fd_count or provide a replacement. */
-+ envvar = getenv ("LISTEN_FDS");
-+ if (envvar)
-+ fd_count = atoi (envvar);
-+ else if (fdnames)
-+ {
-+ log_error ("no LISTEN_FDS environment variable found in --supervised"
-+ " mode (relying on LISTEN_FDNAMES instead)\n");
-+ fd_count = nfdnames;
-+ }
-+ else
-+ {
-+ log_error ("no LISTEN_FDS or LISTEN_FDNAMES environment variables "
-+ "found in --supervised mode"
-+ " (assuming 1 active descriptor)\n");
-+ fd_count = 1;
-+ }
-+
-+ if (fd_count < 1)
-+ {
-+ log_error ("--supervised mode expects at least one file descriptor"
-+ " (was told %d, carrying on as though it were 1)\n",
-+ fd_count);
-+ fd_count = 1;
-+ }
-+
-+ /* Assign the descriptors to the return values. */
-+ if (!fdnames)
-+ {
-+ if (fd_count != 1)
-+ log_error ("no LISTEN_FDNAMES and LISTEN_FDS (%d) != 1"
-+ " in --supervised mode."
-+ " (ignoring all sockets but the first one)\n",
-+ fd_count);
-+ *r_fd = 3;
-+ }
-+ else if (fd_count != nfdnames)
-+ {
-+ log_fatal ("number of items in LISTEN_FDNAMES (%d) does not match "
-+ "LISTEN_FDS (%d) in --supervised mode\n",
-+ nfdnames, fd_count);
-+ }
-+ else
-+ {
-+ int i, j, fd;
-+ char *name;
-+
-+ for (i = 0; i < nfdnames; i++)
-+ {
-+ for (j = 0; j < DIM (tbl); j++)
-+ {
-+ log_debug ("i=%d j=%d fdname=%s check=%s\n", i, j,
-+ fdnames[i], tbl[j].label);
-+ if (!strcmp (fdnames[i], tbl[j].label) || j == DIM(tbl)-1)
-+ {
-+ if (**tbl[j].fdaddr == -1)
-+ {
-+ fd = 3 + i;
-+ name = get_socket_name (fd);
-+ if (name)
-+ {
-+ **tbl[j].fdaddr = fd;
-+ *tbl[j].nameaddr = name;
-+ log_info ("using fd %d for %s socket (%s)\n",
-+ fd, tbl[j].label, name);
-+ }
-+ else
-+ {
-+ log_error ("cannot listen on fd %d for %s socket\n",
-+ fd, tbl[j].label);
-+ close (i);
-+ }
-+ }
-+ else
-+ {
-+ log_error ("cannot listen on more than one %s socket\n",
-+ tbl[j].label);
-+ close (i);
-+ }
-+ break;
-+ }
-+ }
-+ }
-+ }
-+
-+ xfree (fdnames);
-+}
-+#endif /*!HAVE_W32_SYSTEM*/
-+
-+
- /* Cleanup code for this program. This is either called has an atexit
- handler or directly. */
- static void
-@@ -759,180 +961,6 @@ initialize_modules (void)
- }
-
-
--/* return a malloc'ed string that is the path to the passed unix-domain socket
-- (or return NULL if this is not a valid unix-domain socket) */
--static char *
--get_socket_path (gnupg_fd_t fd)
--{
--#ifdef HAVE_W32_SYSTEM
-- return NULL;
--#else
-- struct sockaddr_un un;
-- socklen_t len = sizeof(un);
-- char *ret = NULL;
--
-- if (fd == GNUPG_INVALID_FD)
-- return NULL;
--
-- if (getsockname (fd, (struct sockaddr*)&un, &len) != 0)
-- log_error ("could not getsockname(%d) -- error %d (%s)\n", fd,
-- errno, strerror(errno));
-- else if (un.sun_family != AF_UNIX)
-- log_error ("file descriptor %d is not a unix-domain socket\n", fd);
-- else if (len <= offsetof (struct sockaddr_un, sun_path))
-- log_error ("socket path not present for file descriptor %d\n", fd);
-- else if (len > sizeof(un))
-- log_error ("socket path for file descriptor %d was truncated "
-- "(passed %lu bytes, wanted %u)\n", fd, sizeof(un), len);
-- else
-- {
-- log_debug ("file descriptor %d has path %s (%lu octets)\n", fd,
-- un.sun_path, len - offsetof (struct sockaddr_un, sun_path));
-- ret = malloc(len - offsetof (struct sockaddr_un, sun_path));
-- if (ret == NULL)
-- log_error ("failed to allocate memory for path to file "
-- "descriptor %d\n", fd);
-- else
-- memcpy (ret, un.sun_path, len);
-- }
-- return ret;
--#endif /* HAVE_W32_SYSTEM */
--}
--
--
--/* Discover which inherited file descriptors correspond to which
-- services/sockets offered by gpg-agent, using the LISTEN_FDS and
-- LISTEN_FDNAMES convention. The understood labels are "ssh",
-- "extra", and "browser". Any other label will be interpreted as the
-- standard socket.
--
-- This function is designed to log errors when the expected file
-- descriptors don't make sense, but to do its best to continue to
-- work even in the face of minor misconfigurations.
--
-- For more information on the LISTEN_FDS convention, see
-- sd_listen_fds(3).
-- */
--static void
--map_supervised_sockets (gnupg_fd_t *fd,
-- gnupg_fd_t *fd_extra,
-- gnupg_fd_t *fd_browser,
-- gnupg_fd_t *fd_ssh)
--{
-- const char *listen_pid = NULL;
-- const char *listen_fds = NULL;
-- const char *listen_fdnames = NULL;
-- int listen_fd_count = -1;
-- int listen_fdnames_colons = 0;
-- const char *fdnamep = NULL;
--
-- listen_pid = getenv ("LISTEN_PID");
-- listen_fds = getenv ("LISTEN_FDS");
-- listen_fdnames = getenv ("LISTEN_FDNAMES");
--
-- if (!listen_pid)
-- log_error ("no $LISTEN_PID environment variable found in "
-- "--supervised mode (ignoring).\n");
-- else if (atoi (listen_pid) != getpid ())
-- log_error ("$LISTEN_PID (%d) does not match process ID (%d) "
-- "in --supervised mode (ignoring).\n",
-- atoi (listen_pid), getpid ());
-- else
-- log_debug ("$LISTEN_PID matches process ID (%d)\n",
-- getpid());
--
-- if (listen_fdnames)
-- for (fdnamep = listen_fdnames; *fdnamep; fdnamep++)
-- if (*fdnamep == ':')
-- listen_fdnames_colons++;
-- log_debug ("%d colon(s) in $LISTEN_FDNAMES: (%s)\n", listen_fdnames_colons, listen_fdnames);
--
-- if (!listen_fds)
-- {
-- if (!listen_fdnames)
-- {
-- log_error ("no LISTEN_FDS or LISTEN_FDNAMES environment variables "
-- "found in --supervised mode (assuming 1 active descriptor).\n");
-- listen_fd_count = 1;
-- }
-- else
-- {
-- log_error ("no LISTEN_FDS environment variable found in --supervised "
-- " mode (relying on colons in LISTEN_FDNAMES instead)\n");
-- listen_fd_count = listen_fdnames_colons + 1;
-- }
-- }
-- else
-- listen_fd_count = atoi (listen_fds);
--
-- if (listen_fd_count < 1)
-- {
-- log_error ("--supervised mode expects at least one file descriptor (was told %d) "
-- "(carrying on as though it were 1)\n", listen_fd_count);
-- listen_fd_count = 1;
-- }
--
-- if (!listen_fdnames)
-- {
-- if (listen_fd_count != 1)
-- log_error ("no LISTEN_FDNAMES and LISTEN_FDS (%d) != 1 in --supervised mode. "
-- "(ignoring all sockets but the first one)\n", listen_fd_count);
-- *fd = 3;
-- }
-- else
-- {
-- int i;
-- if (listen_fd_count != listen_fdnames_colons + 1)
-- {
-- log_fatal ("number of items in LISTEN_FDNAMES (%d) does not match "
-- "LISTEN_FDS (%d) in --supervised mode\n",
-- listen_fdnames_colons + 1, listen_fd_count);
-- exit (1);
-- }
--
-- for (i = 3; i < 3 + listen_fd_count; i++)
-- {
-- int found = 0;
-- char *next = strchrnul(listen_fdnames, ':');
-- *next = '\0';
--#define match_socket(var) if (!found && strcmp (listen_fdnames, #var) == 0) \
-- { \
-- found = 1; \
-- if (*fd_ ## var == GNUPG_INVALID_FD) \
-- { \
-- *fd_ ## var = i; \
-- log_info (#var " socket on fd %d\n", i); \
-- } \
-- else \
-- { \
-- log_error ("cannot listen on more than one " #var " socket. (closing fd %d)\n", i); \
-- close (i); \
-- } \
-- }
-- match_socket(ssh);
-- match_socket(browser);
-- match_socket(extra);
--#undef match_socket
-- if (!found)
-- {
-- if (*fd == GNUPG_INVALID_FD)
-- {
-- *fd = i;
-- log_info ("standard socket (\"%s\") on fd %d\n",
-- listen_fdnames, i);
-- }
-- else
-- {
-- log_error ("cannot listen on more than one standard socket. (closing fd %d)\n", i);
-- close (i);
-- }
-- }
-- listen_fdnames = next + 1;
-- }
-- }
--}
--
--
- /* The main entry point. */
- int
- main (int argc, char **argv )
-@@ -1433,10 +1461,8 @@ main (int argc, char **argv )
- }
- else if (is_supervised)
- {
-- gnupg_fd_t fd = GNUPG_INVALID_FD;
-- gnupg_fd_t fd_extra = GNUPG_INVALID_FD;
-- gnupg_fd_t fd_browser = GNUPG_INVALID_FD;
-- gnupg_fd_t fd_ssh = GNUPG_INVALID_FD;
-+#ifndef HAVE_W32_SYSTEM
-+ gnupg_fd_t fd, fd_extra, fd_browser, fd_ssh;
-
- /* when supervised and sending logs to stderr, the process
- supervisor should handle log entry metadata (pid, name,
-@@ -1447,29 +1473,17 @@ main (int argc, char **argv )
- log_info ("%s %s starting in supervised mode.\n",
- strusage(11), strusage(13) );
-
-- /* See below on why we remove certain envvars. */
--#ifndef HAVE_W32_SYSTEM
-+ /* See below in "regular server mode" on why we remove certain
-+ * envvars. */
- if (!opt.keep_display)
- gnupg_unsetenv ("DISPLAY");
--#endif
- gnupg_unsetenv ("INSIDE_EMACS");
-
-- /* Virtually create the sockets. */
-+ /* Virtually create the sockets. Note that we use -1 here
-+ * because the whole thing works only on Unix. */
- map_supervised_sockets (&fd, &fd_extra, &fd_browser, &fd_ssh);
-- if (fd == GNUPG_INVALID_FD)
-- {
-- log_error ("no standard socket provided\n");
-- agent_exit (1);
-- }
-- /* record socket names where possible: */
-- socket_name = get_socket_path (fd);
-- socket_name_extra = get_socket_path (fd_extra);
-- if (socket_name_extra)
-- opt.extra_socket = 2;
-- socket_name_browser = get_socket_path (fd_browser);
-- if (socket_name_browser)
-- opt.browser_socket = 2;
-- socket_name_ssh = get_socket_path (fd_ssh);
-+ if (fd == -1)
-+ log_fatal ("no standard socket provided\n");
-
- #ifdef HAVE_SIGPROCMASK
- if (startup_signal_mask_valid)
-@@ -1485,7 +1499,7 @@ main (int argc, char **argv )
- log_info ("listening on: std=%d extra=%d browser=%d ssh=%d\n",
- fd, fd_extra, fd_browser, fd_ssh);
- handle_connections (fd, fd_extra, fd_browser, fd_ssh);
-- assuan_sock_close (fd);
-+#endif /*!HAVE_W32_SYSTEM*/
- }
- else if (!is_daemon)
- ; /* NOTREACHED */
-diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
-index d40f981..232e060 100644
---- a/doc/gpg-agent.texi
-+++ b/doc/gpg-agent.texi
-@@ -164,12 +164,14 @@ shell, gpg-agent terminates within a few seconds.
- Run in the foreground, sending logs by default to stderr, and
- listening on provided file descriptors, which must already be bound to
- listening sockets. This command is useful when running under systemd
--or other similar process supervision schemes.
-+or other similar process supervision schemes. This option is not
-+supported on Windows.
-
- In --supervised mode, different file descriptors can be provided for
- use as different socket types (e.g. ssh, extra) as long as they are
--identified in the environment variable $LISTEN_FDNAMES (see
--sd_listen_fds(3) for more information on this convention).
-+identified in the environment variable @code{LISTEN_FDNAMES} (see
-+sd_listen_fds(3) on some Linux distributions for more information on
-+this convention).
- @end table
-
- @mansect options
diff --git a/debian/patches/0055-agent-Fix-error-handling-in-map_supervised_sockets.patch b/debian/patches/0055-agent-Fix-error-handling-in-map_supervised_sockets.patch
deleted file mode 100644
index 0b07c0a..0000000
--- a/debian/patches/0055-agent-Fix-error-handling-in-map_supervised_sockets.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-Date: Wed, 5 Oct 2016 00:23:11 -0400
-Subject: agent: Fix error handling in map_supervised_sockets
-
-* agent/gpg-agent.c (map_supervised_sockets): the file descriptor to
- close on error is fd, not i.
-
-Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
----
- agent/gpg-agent.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
-index ea23159..26994bd 100644
---- a/agent/gpg-agent.c
-+++ b/agent/gpg-agent.c
-@@ -761,14 +761,14 @@ map_supervised_sockets (gnupg_fd_t *r_fd,
- {
- log_error ("cannot listen on fd %d for %s socket\n",
- fd, tbl[j].label);
-- close (i);
-+ close (fd);
- }
- }
- else
- {
- log_error ("cannot listen on more than one %s socket\n",
- tbl[j].label);
-- close (i);
-+ close (fd);
- }
- break;
- }
diff --git a/debian/patches/0056-agent-Fix-npth-supervised-mode-problem.patch b/debian/patches/0056-agent-Fix-npth-supervised-mode-problem.patch
deleted file mode 100644
index d5edaa0..0000000
--- a/debian/patches/0056-agent-Fix-npth-supervised-mode-problem.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Wed, 5 Oct 2016 09:13:27 +0200
-Subject: agent: Fix npth + supervised mode problem.
-
-* agent/gpg-agent.c (main): Initialize modules in supervised mode.
---
-
-It was probably my fault. I had to rebase my patches to take in the
-npth patches but for some reason my addition of initialize_modules got
-lost.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- agent/gpg-agent.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
-index 26994bd..054e845 100644
---- a/agent/gpg-agent.c
-+++ b/agent/gpg-agent.c
-@@ -1464,6 +1464,8 @@ main (int argc, char **argv )
- #ifndef HAVE_W32_SYSTEM
- gnupg_fd_t fd, fd_extra, fd_browser, fd_ssh;
-
-+ initialize_modules ();
-+
- /* when supervised and sending logs to stderr, the process
- supervisor should handle log entry metadata (pid, name,
- timestamp) */
diff --git a/debian/patches/0057-agent-Another-minor-fix-to-map_supervised_sockets.patch b/debian/patches/0057-agent-Another-minor-fix-to-map_supervised_sockets.patch
deleted file mode 100644
index 24f2a2e..0000000
--- a/debian/patches/0057-agent-Another-minor-fix-to-map_supervised_sockets.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Wed, 5 Oct 2016 11:48:59 +0200
-Subject: agent: Another minor fix to map_supervised_sockets.
-
-* agent/gpg-agent.c (map_supervised_sockets): Remove debug message.
-Provide correct fd in the second error case.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- agent/gpg-agent.c | 4 +---
- 1 file changed, 1 insertion(+), 3 deletions(-)
-
-diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
-index 054e845..c236180 100644
---- a/agent/gpg-agent.c
-+++ b/agent/gpg-agent.c
-@@ -742,13 +742,11 @@ map_supervised_sockets (gnupg_fd_t *r_fd,
- {
- for (j = 0; j < DIM (tbl); j++)
- {
-- log_debug ("i=%d j=%d fdname=%s check=%s\n", i, j,
-- fdnames[i], tbl[j].label);
- if (!strcmp (fdnames[i], tbl[j].label) || j == DIM(tbl)-1)
- {
-+ fd = 3 + i;
- if (**tbl[j].fdaddr == -1)
- {
-- fd = 3 + i;
- name = get_socket_name (fd);
- if (name)
- {
diff --git a/debian/patches/0058-g10-Don-t-add-user-attributes-to-the-TOFU-DB.patch b/debian/patches/0058-g10-Don-t-add-user-attributes-to-the-TOFU-DB.patch
deleted file mode 100644
index 56bf69f..0000000
--- a/debian/patches/0058-g10-Don-t-add-user-attributes-to-the-TOFU-DB.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From: "Neal H. Walfield" <neal at g10code.com>
-Date: Mon, 5 Sep 2016 16:44:09 +0200
-Subject: g10: Don't add user attributes to the TOFU DB.
-
-* g10/trustdb.c (tdb_get_validity_core): Skip user attributes.
-
---
-Signed-off-by: Neal H. Walfield <neal at g10code.com>
----
- g10/trustdb.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/g10/trustdb.c b/g10/trustdb.c
-index dd74d18..7097be2 100644
---- a/g10/trustdb.c
-+++ b/g10/trustdb.c
-@@ -1043,6 +1043,14 @@ tdb_get_validity_core (ctrl_t ctrl,
- else
- user_id = n->pkt->pkt.user_id;
-
-+ if (user_id->attrib_data)
-+ {
-+ /* Skip user attributes. */
-+ if (uid)
-+ break;
-+ continue;
-+ }
-+
- /* If the user id is revoked or expired, then skip it. */
- if (user_id->is_revoked || user_id->is_expired)
- {
diff --git a/debian/patches/0059-g10-Fix-testing-for-debug-flag.patch b/debian/patches/0059-g10-Fix-testing-for-debug-flag.patch
deleted file mode 100644
index 0755fba..0000000
--- a/debian/patches/0059-g10-Fix-testing-for-debug-flag.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Thu, 6 Oct 2016 14:17:55 +0200
-Subject: g10: Fix testing for debug flag.
-
-* g10/parse-packet.c (set_packet_list_mode): Fix testing for debug
-flag.
-
-Signed-off-by: Justus Winter <justus at g10code.com>
----
- g10/parse-packet.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/g10/parse-packet.c b/g10/parse-packet.c
-index 9a733b5..86c2be4 100644
---- a/g10/parse-packet.c
-+++ b/g10/parse-packet.c
-@@ -220,7 +220,7 @@ set_packet_list_mode (int mode)
- else
- listfp = es_stderr;
-
-- if (opt.debug && DBG_MPI_VALUE)
-+ if (opt.debug & DBG_MPI_VALUE)
- mpi_print_mode = 1;
- }
- return old;
diff --git a/debian/patches/0060-sm-Remove-statement-without-effect.patch b/debian/patches/0060-sm-Remove-statement-without-effect.patch
deleted file mode 100644
index aba162b..0000000
--- a/debian/patches/0060-sm-Remove-statement-without-effect.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Thu, 6 Oct 2016 14:30:56 +0200
-Subject: sm: Remove statement without effect.
-
-* sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Remove statement without
-effect.
-
-Signed-off-by: Justus Winter <justus at g10code.com>
----
- sm/call-dirmngr.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c
-index 7e26c3a..6987121 100644
---- a/sm/call-dirmngr.c
-+++ b/sm/call-dirmngr.c
-@@ -559,7 +559,6 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl,
- isvalid_status_cb, &stparm);
- if (opt.verbose > 1)
- log_info ("response of dirmngr: %s\n", rc? gpg_strerror (rc): "okay");
-- rc = rc;
-
- if (!rc && stparm.seen)
- {
diff --git a/debian/patches/0061-common-Avoid-pointer-arithmetic-on-string-literals.patch b/debian/patches/0061-common-Avoid-pointer-arithmetic-on-string-literals.patch
deleted file mode 100644
index cce801b..0000000
--- a/debian/patches/0061-common-Avoid-pointer-arithmetic-on-string-literals.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Thu, 6 Oct 2016 14:48:52 +0200
-Subject: common: Avoid pointer arithmetic on string literals.
-
-* common/gettime.c (rfctimestamp): Use indexing instead.
-* common/signal.c (got_fatal_signal): Likewise.
----
- common/gettime.c | 6 +++---
- common/signal.c | 2 +-
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/common/gettime.c b/common/gettime.c
-index dd9c196..2103d5f 100644
---- a/common/gettime.c
-+++ b/common/gettime.c
-@@ -746,10 +746,10 @@ rfctimestamp (u32 stamp)
- if (!tp)
- return NULL;
- return xtryasprintf ("%.3s, %02d %.3s %04d %02d:%02d:%02d +0000",
-- ("SunMonTueWedThuFriSat" + (tp->tm_wday%7)*3),
-+ &"SunMonTueWedThuFriSat"[(tp->tm_wday%7)*3],
- tp->tm_mday,
-- ("JanFebMarAprMayJunJulAugSepOctNovDec"
-- + (tp->tm_mon%12)*3),
-+ &"JanFebMarAprMayJunJulAugSepOctNovDec"
-+ [(tp->tm_mon%12)*3],
- tp->tm_year + 1900,
- tp->tm_hour,
- tp->tm_min,
-diff --git a/common/signal.c b/common/signal.c
-index b202f0f..9064adc 100644
---- a/common/signal.c
-+++ b/common/signal.c
-@@ -134,7 +134,7 @@ got_fatal_signal (int sig)
- {
- if (value >= i || ((any || i==1) && !(value/i)))
- {
-- (void)write (2, "0123456789"+(value/i), 1);
-+ (void)write (2, &"0123456789"[value/i], 1);
- if ((value/i))
- any = 1;
- value %= i;
diff --git a/debian/patches/0062-agent-dirmngr-scd-Fix-init_common_subsystems.patch b/debian/patches/0062-agent-dirmngr-scd-Fix-init_common_subsystems.patch
deleted file mode 100644
index 8074607..0000000
--- a/debian/patches/0062-agent-dirmngr-scd-Fix-init_common_subsystems.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Fri, 7 Oct 2016 10:45:22 +0900
-Subject: agent, dirmngr, scd: Fix init_common_subsystems.
-
-* common/init.c (_init_common_subsystems): Don't call
-gpgrt_set_syscall_clamp in this function.
-* agent/gpg-agent.c, dirmngr/dirmngr.c, scd/scdaemon.c: Call
-gpgrt_set_syscall_clamp after npth_init.
-
---
-
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- agent/gpg-agent.c | 1 +
- common/init.c | 11 -----------
- dirmngr/dirmngr.c | 1 +
- scd/scdaemon.c | 2 ++
- 4 files changed, 4 insertions(+), 11 deletions(-)
-
-diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
-index c236180..6b97a3c 100644
---- a/agent/gpg-agent.c
-+++ b/agent/gpg-agent.c
-@@ -944,6 +944,7 @@ thread_init_once (void)
- npth_initialized++;
- npth_init ();
- }
-+ gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
- }
-
-
-diff --git a/common/init.c b/common/init.c
-index 591c854..f71c1be 100644
---- a/common/init.c
-+++ b/common/init.c
-@@ -29,20 +29,12 @@
-
- #include <config.h>
-
--#ifdef WITHOUT_NPTH /* Give the Makefile a chance to build without Pth. */
--#undef HAVE_NPTH
--#undef USE_NPTH
--#endif
--
- #ifdef HAVE_W32_SYSTEM
- # ifdef HAVE_WINSOCK2_H
- # include <winsock2.h>
- # endif
- # include <windows.h>
- #endif
--#ifdef HAVE_NPTH
--# include <npth.h>
--#endif
- #ifdef HAVE_W32CE_SYSTEM
- # include <assuan.h> /* For _assuan_w32ce_finish_pipe. */
- #endif
-@@ -197,9 +189,6 @@ _init_common_subsystems (gpg_err_source_t errsource, int *argcp, char ***argvp)
- /* Initialize the Estream library. */
- gpgrt_init ();
- gpgrt_set_alloc_func (gcry_realloc);
--#ifdef USE_NPTH
-- gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
--#endif
-
- /* Special hack for Windows CE: We extract some options from arg
- to setup the standard handles. */
-diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
-index 67f8490..2bbc0ed 100644
---- a/dirmngr/dirmngr.c
-+++ b/dirmngr/dirmngr.c
-@@ -651,6 +651,7 @@ static void
- thread_init (void)
- {
- npth_init ();
-+ gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
-
- /* Now with NPth running we can set the logging callback. Our
- windows implementation does not yet feature the NPth TLS
-diff --git a/scd/scdaemon.c b/scd/scdaemon.c
-index f0e704b..33a822e 100644
---- a/scd/scdaemon.c
-+++ b/scd/scdaemon.c
-@@ -723,6 +723,7 @@ main (int argc, char **argv )
- #endif
-
- npth_init ();
-+ gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
-
- /* If --debug-allow-core-dump has been given we also need to
- switch the working directory to a place where we can actually
-@@ -862,6 +863,7 @@ main (int argc, char **argv )
- /* This is the child. */
-
- npth_init ();
-+ gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
-
- /* Detach from tty and put process into a new session. */
- if (!nodetach )
diff --git a/debian/patches/0063-agent-Fix-get_socket_name.patch b/debian/patches/0063-agent-Fix-get_socket_name.patch
deleted file mode 100644
index bba2512..0000000
--- a/debian/patches/0063-agent-Fix-get_socket_name.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Fri, 7 Oct 2016 19:00:10 +0900
-Subject: agent: Fix get_socket_name.
-
-* agent/gpg-agent.c (get_socket_name): Fix the size of copying.
-
---
-
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- agent/gpg-agent.c | 14 ++++++++------
- 1 file changed, 8 insertions(+), 6 deletions(-)
-
-diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
-index 6b97a3c..44a6bbb 100644
---- a/agent/gpg-agent.c
-+++ b/agent/gpg-agent.c
-@@ -602,19 +602,21 @@ get_socket_name (int fd)
- log_error ("socket name not present for file descriptor %d\n", fd);
- else if (len > sizeof(un))
- log_error ("socket name for file descriptor %d was truncated "
-- "(passed %lu bytes, wanted %u)\n", fd, sizeof(un), len);
-+ "(passed %zu bytes, wanted %u)\n", fd, sizeof(un), len);
- else
- {
-- log_debug ("file descriptor %d has path %s (%lu octets)\n", fd,
-- un.sun_path, len - offsetof (struct sockaddr_un, sun_path));
-- name = xtrymalloc (len - offsetof (struct sockaddr_un, sun_path) + 1);
-+ size_t namelen = len - offsetof (struct sockaddr_un, sun_path);
-+
-+ log_debug ("file descriptor %d has path %s (%zu octets)\n", fd,
-+ un.sun_path, namelen);
-+ name = xtrymalloc (namelen + 1);
- if (!name)
- log_error ("failed to allocate memory for name of fd %d: %s\n",
- fd, gpg_strerror (gpg_error_from_syserror ()));
- else
- {
-- memcpy (name, un.sun_path, len);
-- name[len] = 0;
-+ memcpy (name, un.sun_path, namelen);
-+ name[namelen] = 0;
- }
- }
-
diff --git a/debian/patches/0064-tools-Fix-error-handling.patch b/debian/patches/0064-tools-Fix-error-handling.patch
deleted file mode 100644
index 02f33c5..0000000
--- a/debian/patches/0064-tools-Fix-error-handling.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Fri, 7 Oct 2016 12:52:09 +0200
-Subject: tools: Fix error handling.
-
-* tools/gpgtar-create.c (gpgtar_create): Do not crash if opening the
-tarball failed.
-
-Signed-off-by: Justus Winter <justus at g10code.com>
----
- tools/gpgtar-create.c | 4 +---
- 1 file changed, 1 insertion(+), 3 deletions(-)
-
-diff --git a/tools/gpgtar-create.c b/tools/gpgtar-create.c
-index 6adc1f5..6780eff 100644
---- a/tools/gpgtar-create.c
-+++ b/tools/gpgtar-create.c
-@@ -853,8 +853,6 @@ gpgtar_create (char **inpattern, int encrypt, int sign)
- if (!outstream)
- {
- err = gpg_error_from_syserror ();
-- log_error (_("can't create '%s': %s\n"),
-- opt.outfile, gpg_strerror (err));
- goto leave;
- }
- }
-@@ -958,7 +956,7 @@ gpgtar_create (char **inpattern, int encrypt, int sign)
- if (err)
- {
- log_error ("creating tarball '%s' failed: %s\n",
-- es_fname_get (outstream), gpg_strerror (err));
-+ opt.outfile ? opt.outfile : "-", gpg_strerror (err));
- if (outstream && outstream != es_stdout)
- es_fclose (outstream);
- if (cipher_stream && cipher_stream != es_stdout)
diff --git a/debian/patches/0065-g10-Fix-a-column-s-type-in-TOFU-DB.patch b/debian/patches/0065-g10-Fix-a-column-s-type-in-TOFU-DB.patch
deleted file mode 100644
index 8e3d625..0000000
--- a/debian/patches/0065-g10-Fix-a-column-s-type-in-TOFU-DB.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From: "Neal H. Walfield" <neal at g10code.com>
-Date: Wed, 12 Oct 2016 21:37:34 +0200
-Subject: g10: Fix a column's type in TOFU DB.
-
-* g10/tofu.c (initdb): Change policy from a boolean to an integer.
-
---
-Signed-off-by: Neal H. Walfield <neal at g10code.com>
-Reported-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-
-Note: sqlite ignores type information so this change has no real
-impact.
----
- g10/tofu.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/g10/tofu.c b/g10/tofu.c
-index ef14e85..87c7e87 100644
---- a/g10/tofu.c
-+++ b/g10/tofu.c
-@@ -567,7 +567,7 @@ initdb (sqlite3 *db)
- "create table bindings\n"
- " (oid INTEGER PRIMARY KEY AUTOINCREMENT,\n"
- " fingerprint TEXT, email TEXT, user_id TEXT, time INTEGER,\n"
-- " policy BOOLEAN CHECK (policy in (%d, %d, %d, %d, %d)),\n"
-+ " policy INTEGER CHECK (policy in (%d, %d, %d, %d, %d)),\n"
- " conflict STRING,\n"
- " unique (fingerprint, email));\n"
- "create index bindings_fingerprint_email\n"
diff --git a/debian/patches/0066-agent-Move-inotify-code-to-common-and-improve-it.patch b/debian/patches/0066-agent-Move-inotify-code-to-common-and-improve-it.patch
deleted file mode 100644
index b7270cd..0000000
--- a/debian/patches/0066-agent-Move-inotify-code-to-common-and-improve-it.patch
+++ /dev/null
@@ -1,335 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Sat, 15 Oct 2016 21:35:05 +0200
-Subject: agent: Move inotify code to common and improve it.
-
-* common/sysutils.c: Include sys/inotify.h.
-(my_error_from_syserror, my_error): New.
-(gnupg_inotify_watch_socket): New.
-(gnupg_inotify_has_name): New.
-* agent/gpg-agent.c: Do not include sys/inotify.h.
-(my_inotify_is_name): Remove.
-(handle_connections): Remove HAVE_INOTIFY_INIT protected code and use
-the new functions.
---
-
-When removing not a simple socket file but the entire directory the
-old code missed most events and thus did not worked properly.
-
-IN_DELETE_SELF has also been added to the watch list to detect a
-removal of the directory. However, in all tests that event was not
-triggered. The only way it could be triggered was by not watching
-the socket dir but an arbitary directory and rmdir that.
-
-GnuPG-bug-id: 2756
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- agent/gpg-agent.c | 65 ++++------------------------
- common/sysutils.c | 127 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
- common/sysutils.h | 4 ++
- 3 files changed, 140 insertions(+), 56 deletions(-)
-
-diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
-index 44a6bbb..0146d85 100644
---- a/agent/gpg-agent.c
-+++ b/agent/gpg-agent.c
-@@ -47,9 +47,6 @@
- #ifdef HAVE_SIGNAL_H
- # include <signal.h>
- #endif
--#ifdef HAVE_INOTIFY_INIT
--# include <sys/inotify.h>
--#endif /*HAVE_INOTIFY_INIT*/
- #include <npth.h>
- #ifdef HAVE_PRCTL
- # include <sys/prctl.h>
-@@ -2724,31 +2721,6 @@ start_connection_thread_ssh (void *arg)
- }
-
-
--#ifdef HAVE_INOTIFY_INIT
--/* Read an inotify event and return true if it matches NAME. */
--static int
--my_inotify_is_name (int fd, const char *name)
--{
-- union {
-- struct inotify_event ev;
-- char _buf[sizeof (struct inotify_event) + 100 + 1];
-- } buf;
-- int n;
--
-- n = npth_read (fd, &buf, sizeof buf);
-- if (n < sizeof (struct inotify_event))
-- return 0;
-- if (buf.ev.len < strlen (name)+1)
-- return 0;
-- if (strcmp (buf.ev.name, name))
-- return 0; /* Not the desired file. */
--
-- return 1; /* Found. */
--}
--#endif /*HAVE_INOTIFY_INIT*/
--
--
--
- /* Connection handler loop. Wait for connection requests and spawn a
- thread after accepting a connection. */
- static void
-@@ -2757,6 +2729,7 @@ handle_connections (gnupg_fd_t listen_fd,
- gnupg_fd_t listen_fd_browser,
- gnupg_fd_t listen_fd_ssh)
- {
-+ gpg_error_t err;
- npth_attr_t tattr;
- struct sockaddr_un paddr;
- socklen_t plen;
-@@ -2772,9 +2745,7 @@ handle_connections (gnupg_fd_t listen_fd,
- HANDLE events[2];
- unsigned int events_set;
- #endif
--#ifdef HAVE_INOTIFY_INIT
-- int my_inotify_fd;
--#endif /*HAVE_INOTIFY_INIT*/
-+ int my_inotify_fd = -1;
- struct {
- const char *name;
- void *(*func) (void *arg);
-@@ -2812,27 +2783,14 @@ handle_connections (gnupg_fd_t listen_fd,
- # endif
- #endif
-
--#ifdef HAVE_INOTIFY_INIT
- if (disable_check_own_socket)
- my_inotify_fd = -1;
-- else if ((my_inotify_fd = inotify_init ()) == -1)
-- log_info ("error enabling fast daemon termination: %s\n",
-- strerror (errno));
-- else
-+ else if ((err = gnupg_inotify_watch_socket (&my_inotify_fd, socket_name)))
- {
-- /* We need to watch the directory for the file becuase there
-- * won't be an IN_DELETE_SELF for a socket file. */
-- char *slash = strrchr (socket_name, '/');
-- log_assert (slash && slash[1]);
-- *slash = 0;
-- if (inotify_add_watch (my_inotify_fd, socket_name, IN_DELETE) == -1)
-- {
-- close (my_inotify_fd);
-- my_inotify_fd = -1;
-- }
-- *slash = '/';
-+ if (gpg_err_code (err) != GPG_ERR_NOT_SUPPORTED)
-+ log_info ("error enabling fast daemon termination: %s\n",
-+ gpg_strerror (err));
- }
--#endif /*HAVE_INOTIFY_INIT*/
-
- /* On Windows we need to fire up a separate thread to listen for
- requests from Putty (an SSH client), so we can replace Putty's
-@@ -2875,14 +2833,12 @@ handle_connections (gnupg_fd_t listen_fd,
- if (FD2INT (listen_fd_ssh) > nfd)
- nfd = FD2INT (listen_fd_ssh);
- }
--#ifdef HAVE_INOTIFY_INIT
- if (my_inotify_fd != -1)
- {
- FD_SET (my_inotify_fd, &fdset);
- if (my_inotify_fd > nfd)
- nfd = my_inotify_fd;
- }
--#endif /*HAVE_INOTIFY_INIT*/
-
- listentbl[0].l_fd = listen_fd;
- listentbl[1].l_fd = listen_fd_extra;
-@@ -2957,14 +2913,13 @@ handle_connections (gnupg_fd_t listen_fd,
- ctrl_t ctrl;
- npth_t thread;
-
--#ifdef HAVE_INOTIFY_INIT
-- if (my_inotify_fd != -1 && FD_ISSET (my_inotify_fd, &read_fdset)
-- && my_inotify_is_name (my_inotify_fd, GPG_AGENT_SOCK_NAME))
-+ if (my_inotify_fd != -1
-+ && FD_ISSET (my_inotify_fd, &read_fdset)
-+ && gnupg_inotify_has_name (my_inotify_fd, GPG_AGENT_SOCK_NAME))
- {
- shutdown_pending = 1;
- log_info ("socket file has been removed - shutting down\n");
- }
--#endif /*HAVE_INOTIFY_INIT*/
-
- for (idx=0; idx < DIM(listentbl); idx++)
- {
-@@ -3012,10 +2967,8 @@ handle_connections (gnupg_fd_t listen_fd,
- }
- }
-
--#ifdef HAVE_INOTIFY_INIT
- if (my_inotify_fd != -1)
- close (my_inotify_fd);
--#endif /*HAVE_INOTIFY_INIT*/
- cleanup ();
- log_info (_("%s %s stopped\n"), strusage(11), strusage(13));
- npth_attr_destroy (&tattr);
-diff --git a/common/sysutils.c b/common/sysutils.c
-index 0f7b7f5..2e663bc 100644
---- a/common/sysutils.c
-+++ b/common/sysutils.c
-@@ -63,6 +63,9 @@
- # endif
- # include <windows.h>
- #endif
-+#ifdef HAVE_INOTIFY_INIT
-+# include <sys/inotify.h>
-+#endif /*HAVE_INOTIFY_INIT*/
- #ifdef HAVE_NPTH
- # include <npth.h>
- #endif
-@@ -78,6 +81,20 @@
- #define tohex(n) ((n) < 10 ? ((n) + '0') : (((n) - 10) + 'A'))
-
-
-+static GPGRT_INLINE gpg_error_t
-+my_error_from_syserror (void)
-+{
-+ return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
-+}
-+
-+static GPGRT_INLINE gpg_error_t
-+my_error (int e)
-+{
-+ return gpg_err_make (default_errsource, (e));
-+}
-+
-+
-+
- #if defined(__linux__) && defined(__alpha__) && __GLIBC__ < 2
- #warning using trap_unaligned
- static int
-@@ -929,3 +946,113 @@ w32_get_user_sid (void)
- return sid;
- }
- #endif /*HAVE_W32_SYSTEM*/
-+
-+
-+
-+/* Support for inotify under Linux. */
-+
-+/* Store a new inotify file handle for SOCKET_NAME at R_FD or return
-+ * an error code. */
-+gpg_error_t
-+gnupg_inotify_watch_socket (int *r_fd, const char *socket_name)
-+{
-+#if HAVE_INOTIFY_INIT
-+ gpg_error_t err;
-+ char *fname;
-+ int fd;
-+ char *p;
-+
-+ *r_fd = -1;
-+
-+ fname = xtrystrdup (socket_name);
-+ if (!fname)
-+ return my_error_from_syserror ();
-+
-+ fd = inotify_init ();
-+ if (fd == -1)
-+ {
-+ err = my_error_from_syserror ();
-+ xfree (fname);
-+ return err;
-+ }
-+
-+ /* We need to watch the directory for the file because there won't
-+ * be an IN_DELETE_SELF for a socket file. To handle a removal of
-+ * the directory we also watch the directory itself. */
-+ p = strrchr (fname, '/');
-+ if (p)
-+ *p = 0;
-+ if (inotify_add_watch (fd, fname,
-+ (IN_DELETE|IN_DELETE_SELF|IN_EXCL_UNLINK)) == -1)
-+ {
-+ err = my_error_from_syserror ();
-+ close (fd);
-+ xfree (fname);
-+ return err;
-+ }
-+
-+ xfree (fname);
-+
-+ *r_fd = fd;
-+ return 0;
-+#else /*!HAVE_INOTIFY_INIT*/
-+
-+ (void)socket_name;
-+ *r_fd = -1;
-+ return my_error (GPG_ERR_NOT_SUPPORTED);
-+
-+#endif /*!HAVE_INOTIFY_INIT*/
-+}
-+
-+
-+/* Read an inotify event and return true if it matches NAME or if it
-+ * sees an IN_DELETE_SELF event for the directory of NAME. */
-+int
-+gnupg_inotify_has_name (int fd, const char *name)
-+{
-+#if USE_NPTH && HAVE_INOTIFY_INIT
-+ union {
-+ struct inotify_event ev;
-+ char _buf[sizeof (struct inotify_event) + 255 + 1];
-+ } buf;
-+ struct inotify_event *evp;
-+ int n;
-+
-+ n = npth_read (fd, &buf, sizeof buf);
-+ /* log_debug ("notify read: n=%d\n", n); */
-+ evp = &buf.ev;
-+ while (n >= sizeof (struct inotify_event))
-+ {
-+ /* log_debug (" mask=%x len=%u name=(%s)\n", */
-+ /* evp->mask, (unsigned int)evp->len, evp->len? evp->name:""); */
-+ if ((evp->mask & IN_UNMOUNT))
-+ {
-+ /* log_debug (" found (dir unmounted)\n"); */
-+ return 3; /* Directory was unmounted. */
-+ }
-+ if ((evp->mask & IN_DELETE_SELF))
-+ {
-+ /* log_debug (" found (dir removed)\n"); */
-+ return 2; /* Directory was removed. */
-+ }
-+ if ((evp->mask & IN_DELETE))
-+ {
-+ if (evp->len >= strlen (name) && !strcmp (evp->name, name))
-+ {
-+ /* log_debug (" found (file removed)\n"); */
-+ return 1; /* File was removed. */
-+ }
-+ }
-+ n -= sizeof (*evp) + evp->len;
-+ evp = (struct inotify_event *)((char*)evp + sizeof (*evp) + evp->len);
-+ }
-+
-+#else /*!(USE_NPTH && HAVE_INOTIFY_INIT)*/
-+
-+ (void)fd;
-+ (void)name;
-+
-+#endif /*!(USE_NPTH && HAVE_INOTIFY_INIT)*/
-+
-+ return 0; /* Not found. */
-+}
-diff --git a/common/sysutils.h b/common/sysutils.h
-index ba66ce6..ea92e4c 100644
---- a/common/sysutils.h
-+++ b/common/sysutils.h
-@@ -67,6 +67,10 @@ int gnupg_setenv (const char *name, const char *value, int overwrite);
- int gnupg_unsetenv (const char *name);
- char *gnupg_getcwd (void);
-
-+gpg_error_t gnupg_inotify_watch_socket (int *r_fd, const char *socket_name);
-+int gnupg_inotify_has_name (int fd, const char *name);
-+
-+
- #ifdef HAVE_W32_SYSTEM
- void *w32_get_user_sid (void);
-
diff --git a/debian/patches/0067-agent-Use-straightforward-names-for-the-default-sock.patch b/debian/patches/0067-agent-Use-straightforward-names-for-the-default-sock.patch
deleted file mode 100644
index d9c9cab..0000000
--- a/debian/patches/0067-agent-Use-straightforward-names-for-the-default-sock.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Sun, 16 Oct 2016 22:30:26 +0200
-Subject: agent: Use straightforward names for the default socket names.
-
-* configure.ac (GPG_AGENT_SOCK_NAME): Change name to *.extra.
-(GPG_AGENT_EXTRA_SOCK_NAME): Change name to *browser.
---
-
-There has been quite some fuzz about the naming of the (new) default
-socket files. The used names do not match the names of the option.
-Because these are just names we now change the names to match the
-names of the options instead of changing the option names to something
-we can't agree upon.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- configure.ac | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index acfd8c2..634a570 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -1747,9 +1747,9 @@ AC_DEFINE_UNQUOTED(GPGTAR_NAME, "gpgtar", [The name of the gpgtar tool])
-
- AC_DEFINE_UNQUOTED(GPG_AGENT_SOCK_NAME, "S.gpg-agent",
- [The name of the agent socket])
--AC_DEFINE_UNQUOTED(GPG_AGENT_EXTRA_SOCK_NAME, "S.gpg-agent.rstrd",
-+AC_DEFINE_UNQUOTED(GPG_AGENT_EXTRA_SOCK_NAME, "S.gpg-agent.extra",
- [The name of the agent socket for remote access])
--AC_DEFINE_UNQUOTED(GPG_AGENT_BROWSER_SOCK_NAME, "S.gpg-agent.brwsr",
-+AC_DEFINE_UNQUOTED(GPG_AGENT_BROWSER_SOCK_NAME, "S.gpg-agent.browser",
- [The name of the agent socket for browsers])
- AC_DEFINE_UNQUOTED(GPG_AGENT_SSH_SOCK_NAME, "S.gpg-agent.ssh",
- [The name of the agent socket for ssh])
diff --git a/debian/patches/0068-gpgconf-Fix-for-homedir.patch b/debian/patches/0068-gpgconf-Fix-for-homedir.patch
deleted file mode 100644
index 23fb7b4..0000000
--- a/debian/patches/0068-gpgconf-Fix-for-homedir.patch
+++ /dev/null
@@ -1,158 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Mon, 17 Oct 2016 11:36:45 +0900
-Subject: gpgconf: Fix for --homedir.
-
-* tools/gpgconf-comp.c (gpg_agent_runtime_change,
-scdaemon_runtime_change, dirmngr_runtime_change): Provide the homedir
-arguments by --homedir when it's not default.
-
---
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- tools/gpgconf-comp.c | 80 +++++++++++++++++++++++++++++++++++++++-------------
- 1 file changed, 60 insertions(+), 20 deletions(-)
-
-diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
-index 82b5325..8bf3086 100644
---- a/tools/gpgconf-comp.c
-+++ b/tools/gpgconf-comp.c
-@@ -1088,33 +1088,48 @@ struct error_line_s
- static void
- gpg_agent_runtime_change (int killflag)
- {
-- gpg_error_t err;
-+ gpg_error_t err = 0;
- const char *pgmname;
-- const char *argv[3];
-+ const char *argv[5];
- pid_t pid;
-+ char *abs_homedir = NULL;
-+ int i = 0;
-
- pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
-- argv[0] = "--no-autostart";
-- argv[1] = killflag? "KILLAGENT" : "RELOADAGENT";
-- argv[2] = NULL;
-+ if (!gnupg_default_homedir_p ())
-+ {
-+ abs_homedir = make_absfilename_try (gnupg_homedir (), NULL);
-+ if (!abs_homedir)
-+ err = gpg_error_from_syserror ();
-
-- err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
-+ argv[i++] = "--homedir";
-+ argv[i++] = abs_homedir;
-+ }
-+ argv[i++] = "--no-autostart";
-+ argv[i++] = killflag? "KILLAGENT" : "RELOADAGENT";
-+ argv[i++] = NULL;
-+
-+ if (!err)
-+ err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
- if (!err)
- err = gnupg_wait_process (pgmname, pid, 1, NULL);
- if (err)
- gc_error (0, 0, "error running '%s %s': %s",
- pgmname, argv[1], gpg_strerror (err));
- gnupg_release_process (pid);
-+ xfree (abs_homedir);
- }
-
-
- static void
- scdaemon_runtime_change (int killflag)
- {
-- gpg_error_t err;
-+ gpg_error_t err = 0;
- const char *pgmname;
-- const char *argv[7];
-+ const char *argv[9];
- pid_t pid;
-+ char *abs_homedir = NULL;
-+ int i = 0;
-
- (void)killflag; /* For scdaemon kill and reload are synonyms. */
-
-@@ -1124,45 +1139,70 @@ scdaemon_runtime_change (int killflag)
- obviously a race condition but that should not harm too much. */
-
- pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
-- argv[0] = "-s";
-- argv[1] = "--no-autostart";
-- argv[2] = "GETINFO scd_running";
-- argv[3] = "/if ${! $?}";
-- argv[4] = "scd killscd";
-- argv[5] = "/end";
-- argv[6] = NULL;
-+ if (!gnupg_default_homedir_p ())
-+ {
-+ abs_homedir = make_absfilename_try (gnupg_homedir (), NULL);
-+ if (!abs_homedir)
-+ err = gpg_error_from_syserror ();
-+
-+ argv[i++] = "--homedir";
-+ argv[i++] = abs_homedir;
-+ }
-+ argv[i++] = "-s";
-+ argv[i++] = "--no-autostart";
-+ argv[i++] = "GETINFO scd_running";
-+ argv[i++] = "/if ${! $?}";
-+ argv[i++] = "scd killscd";
-+ argv[i++] = "/end";
-+ argv[i++] = NULL;
-
-- err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
-+ if (!err)
-+ err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
- if (!err)
- err = gnupg_wait_process (pgmname, pid, 1, NULL);
- if (err)
- gc_error (0, 0, "error running '%s %s': %s",
- pgmname, argv[4], gpg_strerror (err));
- gnupg_release_process (pid);
-+ xfree (abs_homedir);
- }
-
-
- static void
- dirmngr_runtime_change (int killflag)
- {
-- gpg_error_t err;
-+ gpg_error_t err = 0;
- const char *pgmname;
-- const char *argv[4];
-+ const char *argv[6];
- pid_t pid;
-+ char *abs_homedir = NULL;
-
- pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
- argv[0] = "--no-autostart";
- argv[1] = "--dirmngr";
- argv[2] = killflag? "KILLDIRMNGR" : "RELOADDIRMNGR";
-- argv[3] = NULL;
-+ if (gnupg_default_homedir_p ())
-+ argv[3] = NULL;
-+ else
-+ {
-+ abs_homedir = make_absfilename_try (gnupg_homedir (), NULL);
-+ if (!abs_homedir)
-+ err = gpg_error_from_syserror ();
-
-- err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
-+ argv[3] = "--homedir";
-+ argv[4] = abs_homedir;
-+ argv[5] = NULL;
-+ }
-+
-+ if (!err)
-+ err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
- if (!err)
- err = gnupg_wait_process (pgmname, pid, 1, NULL);
- if (err)
- gc_error (0, 0, "error running '%s %s': %s",
- pgmname, argv[2], gpg_strerror (err));
- gnupg_release_process (pid);
-+ xfree (abs_homedir);
- }
-
-
diff --git a/debian/patches/0069-scd-Fix-keytocard-for-ECC.patch b/debian/patches/0069-scd-Fix-keytocard-for-ECC.patch
deleted file mode 100644
index ef6ce96..0000000
--- a/debian/patches/0069-scd-Fix-keytocard-for-ECC.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Mon, 17 Oct 2016 12:02:28 +0900
-Subject: scd: Fix keytocard for ECC.
-
-* scd/app-openpgp.c (build_ecc_privkey_template): Size can be greater
-than 128 when it comes with public key for curve of larger field.
-
---
-
-Reported-by: Arnaud Fontaine <arnaud.fontaine at ssi.gouv.fr>
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- scd/app-openpgp.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
-index 563a045..ef335fe 100644
---- a/scd/app-openpgp.c
-+++ b/scd/app-openpgp.c
-@@ -2689,6 +2689,8 @@ build_ecc_privkey_template (app_t app, int keyno,
- + privkey_len
- + suffix_len
- + datalen);
-+ if (exthdr_len + privkey_len + suffix_len + datalen >= 128)
-+ template_size++;
- tp = template = xtrymalloc_secure (template_size);
- if (!template)
- return gpg_error_from_syserror ();
diff --git a/debian/patches/0070-doc-Point-gpg-agent-1-at-the-right-gpg-manpage-in-SE.patch b/debian/patches/0070-doc-Point-gpg-agent-1-at-the-right-gpg-manpage-in-SE.patch
deleted file mode 100644
index f6edf8d..0000000
--- a/debian/patches/0070-doc-Point-gpg-agent-1-at-the-right-gpg-manpage-in-SE.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-Date: Fri, 14 Oct 2016 02:23:37 -0400
-Subject: doc: Point gpg-agent(1) at the right gpg manpage in SEE ALSO.
-
-* doc/gpg-agent.texi (SEE ALSO): refer to @gpgname, instead of
- hard-coding "gpg2".
-
-Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
----
- doc/gpg-agent.texi | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
-index 232e060..0645741 100644
---- a/doc/gpg-agent.texi
-+++ b/doc/gpg-agent.texi
-@@ -1516,7 +1516,7 @@ much slower or faster than the actual box.
-
- @mansect see also
- @ifset isman
-- at command{gpg2}(1),
-+ at command{@gpgname}(1),
- @command{gpgsm}(1),
- @command{gpg-connect-agent}(1),
- @command{scdaemon}(1)
diff --git a/debian/patches/0071-doc-Document-how-to-manually-shut-down-gpg-agent.patch b/debian/patches/0071-doc-Document-how-to-manually-shut-down-gpg-agent.patch
deleted file mode 100644
index 6362a8c..0000000
--- a/debian/patches/0071-doc-Document-how-to-manually-shut-down-gpg-agent.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-Date: Fri, 14 Oct 2016 12:42:24 -0400
-Subject: doc: Document how to manually shut down gpg-agent.
-
-* doc/gpg-agent.texi: document "gpgconf --kill gpg-agent" for manual
- agent termination.
-
-This was requested in a side-comment in https://bugs.debian.org/840669
-
-Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
----
- doc/gpg-agent.texi | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
-index 0645741..cc016f8 100644
---- a/doc/gpg-agent.texi
-+++ b/doc/gpg-agent.texi
-@@ -85,6 +85,14 @@ gpg-connect-agent /bye
- @end example
-
- @noindent
-+If you want to manually terminate the currently-running agent, you can
-+safely do so with:
-+
-+ at example
-+gpgconf --kill gpg-agent
-+ at end example
-+
-+ at noindent
- @efindex GPG_TTY
- You should always add the following lines to your @code{.bashrc} or
- whatever initialization file is used for all shell invocations:
-@@ -1518,6 +1526,7 @@ much slower or faster than the actual box.
- @ifset isman
- @command{@gpgname}(1),
- @command{gpgsm}(1),
-+ at command{gpgconf}(1),
- @command{gpg-connect-agent}(1),
- @command{scdaemon}(1)
- @end ifset
diff --git a/debian/patches/0072-scd-minor-cleanup-to-merge-other-works.patch b/debian/patches/0072-scd-minor-cleanup-to-merge-other-works.patch
deleted file mode 100644
index c9eb33b..0000000
--- a/debian/patches/0072-scd-minor-cleanup-to-merge-other-works.patch
+++ /dev/null
@@ -1,218 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Tue, 18 Oct 2016 20:40:09 +0900
-Subject: scd: minor cleanup to merge other works.
-
-* scd/iso7816.c (do_generate_keypair): Use const char * for DATA.
-(iso7816_generate_keypair, iso7816_read_public_key): Likewise.
-* scd/app-openpgp.c (get_public_key): Follow the change.
-(do_genkey): Ditto. Use ERR instead of RC. Use u32 for CREATED_AT.
---
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- scd/app-openpgp.c | 58 +++++++++++++++++++++++++------------------------------
- scd/iso7816.c | 9 ++++-----
- scd/iso7816.h | 4 ++--
- 3 files changed, 32 insertions(+), 39 deletions(-)
-
-diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
-index ef335fe..ba16255 100644
---- a/scd/app-openpgp.c
-+++ b/scd/app-openpgp.c
-@@ -1276,12 +1276,10 @@ get_public_key (app_t app, int keyno)
- le_value = 256; /* Use legacy value. */
- }
-
-- err = iso7816_read_public_key
-- (app->slot, exmode,
-- (const unsigned char*)(keyno == 0? "\xB6" :
-- keyno == 1? "\xB8" : "\xA4"), 2,
-- le_value,
-- &buffer, &buflen);
-+ err = iso7816_read_public_key (app->slot, exmode,
-+ (keyno == 0? "\xB6" :
-+ keyno == 1? "\xB8" : "\xA4"),
-+ 2, le_value, &buffer, &buflen);
- if (err)
- {
- log_error (_("reading public key failed: %s\n"), gpg_strerror (err));
-@@ -3534,13 +3532,13 @@ do_genkey (app_t app, ctrl_t ctrl, const char *keynostr, unsigned int flags,
- gpg_error_t (*pincb)(void*, const char *, char **),
- void *pincb_arg)
- {
-- int rc;
-+ gpg_error_t err;
- char numbuf[30];
- unsigned char fprbuf[20];
- const unsigned char *keydata, *m, *e;
- unsigned char *buffer = NULL;
- size_t buflen, keydatalen, mlen, elen;
-- time_t created_at;
-+ u32 created_at;
- int keyno = atoi (keynostr) - 1;
- int force = (flags & 1);
- time_t start_at;
-@@ -3562,9 +3560,9 @@ do_genkey (app_t app, ctrl_t ctrl, const char *keynostr, unsigned int flags,
- app->app_local->pk[keyno].read_done = 0;
-
- /* Check whether a key already exists. */
-- rc = does_key_exist (app, keyno, 1, force);
-- if (rc)
-- return rc;
-+ err = does_key_exist (app, keyno, 1, force);
-+ if (err)
-+ return err;
-
- /* Because we send the key parameter back via status lines we need
- to put a limit on the max. allowed keysize. 2048 bit will
-@@ -3575,8 +3573,8 @@ do_genkey (app_t app, ctrl_t ctrl, const char *keynostr, unsigned int flags,
- return gpg_error (GPG_ERR_TOO_LARGE);
-
- /* Prepare for key generation by verifying the Admin PIN. */
-- rc = verify_chv3 (app, pincb, pincb_arg);
-- if (rc)
-+ err = verify_chv3 (app, pincb, pincb_arg);
-+ if (err)
- goto leave;
-
- /* Test whether we will need extended length mode. (1900 is an
-@@ -3597,17 +3595,13 @@ do_genkey (app_t app, ctrl_t ctrl, const char *keynostr, unsigned int flags,
-
- log_info (_("please wait while key is being generated ...\n"));
- start_at = time (NULL);
-- rc = iso7816_generate_keypair
--/* # warning key generation temporary replaced by reading an existing key. */
--/* rc = iso7816_read_public_key */
-- (app->slot, exmode,
-- (const unsigned char*)(keyno == 0? "\xB6" :
-- keyno == 1? "\xB8" : "\xA4"), 2,
-- le_value,
-- &buffer, &buflen);
-- if (rc)
-+ err = iso7816_generate_keypair (app->slot, exmode,
-+ (keyno == 0? "\xB6" :
-+ keyno == 1? "\xB8" : "\xA4"),
-+ 2, le_value, &buffer, &buflen);
-+ if (err)
- {
-- rc = gpg_error (GPG_ERR_CARD);
-+ err = gpg_error (GPG_ERR_CARD);
- log_error (_("generating key failed\n"));
- goto leave;
- }
-@@ -3622,7 +3616,7 @@ do_genkey (app_t app, ctrl_t ctrl, const char *keynostr, unsigned int flags,
- keydata = find_tlv (buffer, buflen, 0x7F49, &keydatalen);
- if (!keydata)
- {
-- rc = gpg_error (GPG_ERR_CARD);
-+ err = gpg_error (GPG_ERR_CARD);
- log_error (_("response does not contain the public key data\n"));
- goto leave;
- }
-@@ -3630,7 +3624,7 @@ do_genkey (app_t app, ctrl_t ctrl, const char *keynostr, unsigned int flags,
- m = find_tlv (keydata, keydatalen, 0x0081, &mlen);
- if (!m)
- {
-- rc = gpg_error (GPG_ERR_CARD);
-+ err = gpg_error (GPG_ERR_CARD);
- log_error (_("response does not contain the RSA modulus\n"));
- goto leave;
- }
-@@ -3640,15 +3634,15 @@ do_genkey (app_t app, ctrl_t ctrl, const char *keynostr, unsigned int flags,
- e = find_tlv (keydata, keydatalen, 0x0082, &elen);
- if (!e)
- {
-- rc = gpg_error (GPG_ERR_CARD);
-+ err = gpg_error (GPG_ERR_CARD);
- log_error (_("response does not contain the RSA public exponent\n"));
- goto leave;
- }
- /* log_printhex ("RSA e:", e, elen); */
- send_key_data (ctrl, "e", e, elen);
-
-- created_at = createtime? createtime : gnupg_get_time ();
-- sprintf (numbuf, "%lu", (unsigned long)created_at);
-+ created_at = (u32)(createtime? createtime : gnupg_get_time ());
-+ sprintf (numbuf, "%u", created_at);
- send_status_info (ctrl, "KEY-CREATED-AT",
- numbuf, (size_t)strlen(numbuf), NULL, 0);
-
-@@ -3657,16 +3651,16 @@ do_genkey (app_t app, ctrl_t ctrl, const char *keynostr, unsigned int flags,
- for (; elen && !*e; elen--, e++) /* strip leading zeroes */
- ;
-
-- rc = store_fpr (app, keyno, (u32)created_at, fprbuf, PUBKEY_ALGO_RSA,
-- m, mlen, e, elen);
-- if (rc)
-+ err = store_fpr (app, keyno, created_at, fprbuf, PUBKEY_ALGO_RSA,
-+ m, mlen, e, elen);
-+ if (err)
- goto leave;
- send_fpr_if_not_null (ctrl, "KEY-FPR", -1, fprbuf);
-
-
- leave:
- xfree (buffer);
-- return rc;
-+ return err;
- }
-
-
-diff --git a/scd/iso7816.c b/scd/iso7816.c
-index 515e21f..28cd2eb 100644
---- a/scd/iso7816.c
-+++ b/scd/iso7816.c
-@@ -604,8 +604,7 @@ iso7816_internal_authenticate (int slot, int extended_mode,
- (e.g. 4096 bytes), a value larger 256 used that value. */
- static gpg_error_t
- do_generate_keypair (int slot, int extended_mode, int read_only,
-- const unsigned char *data, size_t datalen,
-- int le,
-+ const char *data, size_t datalen, int le,
- unsigned char **result, size_t *resultlen)
- {
- int sw;
-@@ -617,7 +616,7 @@ do_generate_keypair (int slot, int extended_mode, int read_only,
-
- sw = apdu_send_le (slot, extended_mode,
- 0x00, CMD_GENERATE_KEYPAIR, read_only? 0x81:0x80, 0,
-- datalen, (const char*)data,
-+ datalen, data,
- le >= 0 && le < 256? 256:le,
- result, resultlen);
- if (sw != SW_SUCCESS)
-@@ -635,7 +634,7 @@ do_generate_keypair (int slot, int extended_mode, int read_only,
-
- gpg_error_t
- iso7816_generate_keypair (int slot, int extended_mode,
-- const unsigned char *data, size_t datalen,
-+ const char *data, size_t datalen,
- int le,
- unsigned char **result, size_t *resultlen)
- {
-@@ -646,7 +645,7 @@ iso7816_generate_keypair (int slot, int extended_mode,
-
- gpg_error_t
- iso7816_read_public_key (int slot, int extended_mode,
-- const unsigned char *data, size_t datalen,
-+ const char *data, size_t datalen,
- int le,
- unsigned char **result, size_t *resultlen)
- {
-diff --git a/scd/iso7816.h b/scd/iso7816.h
-index 6dd1052..45cd416 100644
---- a/scd/iso7816.h
-+++ b/scd/iso7816.h
-@@ -100,11 +100,11 @@ gpg_error_t iso7816_internal_authenticate (int slot, int extended_mode,
- int le,
- unsigned char **result, size_t *resultlen);
- gpg_error_t iso7816_generate_keypair (int slot, int extended_mode,
-- const unsigned char *data, size_t datalen,
-+ const char *data, size_t datalen,
- int le,
- unsigned char **result, size_t *resultlen);
- gpg_error_t iso7816_read_public_key (int slot, int extended_mode,
-- const unsigned char *data, size_t datalen,
-+ const char *data, size_t datalen,
- int le,
- unsigned char **result, size_t *resultlen);
- gpg_error_t iso7816_get_challenge (int slot,
diff --git a/debian/patches/0073-scd-Support-ECC-key-generation.patch b/debian/patches/0073-scd-Support-ECC-key-generation.patch
deleted file mode 100644
index d65f47f..0000000
--- a/debian/patches/0073-scd-Support-ECC-key-generation.patch
+++ /dev/null
@@ -1,309 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Tue, 18 Oct 2016 22:46:37 +0900
-Subject: scd: Support ECC key generation.
-
-* scd/app-openpgp.c (get_public_key): Fix a message.
-(change_keyattr_from_string, ecc_writekey): Call mpi_release sooner.
-(do_genkey): Add ECC support.
-
---
-
-In OpenPGP card specification 3.0, ECC is introduced. So far, do_genkey
-only supported RSA. Since KDF spec. is needed to calculate the
-fingerprint, it is hard coded in app-openpgp.c. But it's defined by
-OpenPGP ECC (RFC-6637), and card does nothing with KDF in fact.
-
-Co-authored-by: Arnaud Fontaine <arnaud.fontaine at ssi.gouv.fr>
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- scd/app-openpgp.c | 198 +++++++++++++++++++++++++++++++++++++-----------------
- 1 file changed, 137 insertions(+), 61 deletions(-)
-
-diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
-index ba16255..09e4800 100644
---- a/scd/app-openpgp.c
-+++ b/scd/app-openpgp.c
-@@ -1318,7 +1318,7 @@ get_public_key (app_t app, int keyno)
- if (!m)
- {
- err = gpg_error (GPG_ERR_CARD);
-- log_error (_("response does not contain the EC public point\n"));
-+ log_error (_("response does not contain the EC public key\n"));
- goto leave;
- }
- }
-@@ -2847,6 +2847,7 @@ change_keyattr_from_string (app_t app,
- size_t oid_len;
-
- oidstr = openpgp_curve_to_oid (string+n, NULL);
-+ gcry_mpi_release (oid);
- if (!oidstr)
- {
- err = gpg_error (GPG_ERR_INV_DATA);
-@@ -2864,7 +2865,6 @@ change_keyattr_from_string (app_t app,
- string[0] = algo;
- memcpy (string+1, oidbuf+1, oid_len-1);
- err = change_keyattr (app, keyno, string, oid_len, pincb, pincb_arg);
-- gcry_mpi_release (oid);
- }
- else
- err = gpg_error (GPG_ERR_PUBKEY_ALGO);
-@@ -3355,13 +3355,14 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
- if (err)
- goto leave;
- oidbuf = gcry_mpi_get_opaque (oid, &n);
-- oid_len = (n+7)/8;
- if (!oidbuf)
- {
- err = gpg_error_from_syserror ();
- gcry_mpi_release (oid);
- goto leave;
- }
-+ gcry_mpi_release (oid);
-+ oid_len = (n+7)/8;
-
- if (app->app_local->keyattr[keyno].key_type != KEY_TYPE_ECC
- || app->app_local->keyattr[keyno].ecc.oid != oidstr
-@@ -3442,8 +3443,6 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
- ecc_q, ecc_q_len, "\x03\x01\x08\x07", (size_t)4);
-
- leave:
-- if (oidbuf)
-- gcry_mpi_release (oid);
- return err;
- }
-
-@@ -3535,16 +3534,15 @@ do_genkey (app_t app, ctrl_t ctrl, const char *keynostr, unsigned int flags,
- gpg_error_t err;
- char numbuf[30];
- unsigned char fprbuf[20];
-- const unsigned char *keydata, *m, *e;
- unsigned char *buffer = NULL;
-- size_t buflen, keydatalen, mlen, elen;
-+ const unsigned char *keydata;
-+ size_t buflen, keydatalen;
- u32 created_at;
- int keyno = atoi (keynostr) - 1;
- int force = (flags & 1);
- time_t start_at;
-- int exmode;
-- int le_value;
-- unsigned int keybits;
-+ int exmode = 0;
-+ int le_value = 256; /* Use legacy value. */
-
- if (keyno < 0 || keyno > 2)
- return gpg_error (GPG_ERR_INV_ID);
-@@ -3564,34 +3562,34 @@ do_genkey (app_t app, ctrl_t ctrl, const char *keynostr, unsigned int flags,
- if (err)
- return err;
-
-- /* Because we send the key parameter back via status lines we need
-- to put a limit on the max. allowed keysize. 2048 bit will
-- already lead to a 527 byte long status line and thus a 4096 bit
-- key would exceed the Assuan line length limit. */
-- keybits = app->app_local->keyattr[keyno].rsa.n_bits;
-- if (keybits > 4096)
-- return gpg_error (GPG_ERR_TOO_LARGE);
-+ if (app->app_local->keyattr[keyno].key_type == KEY_TYPE_RSA)
-+ {
-+ unsigned int keybits = app->app_local->keyattr[keyno].rsa.n_bits;
-+
-+ /* Because we send the key parameter back via status lines we need
-+ to put a limit on the max. allowed keysize. 2048 bit will
-+ already lead to a 527 byte long status line and thus a 4096 bit
-+ key would exceed the Assuan line length limit. */
-+ if (keybits > 4096)
-+ return gpg_error (GPG_ERR_TOO_LARGE);
-+
-+ /* Test whether we will need extended length mode. (1900 is an
-+ arbitrary length which for sure fits into a short apdu.) */
-+ if (app->app_local->cardcap.ext_lc_le && keybits > 1900)
-+ {
-+ exmode = 1; /* Use extended length w/o a limit. */
-+ le_value = app->app_local->extcap.max_rsp_data;
-+ /* No need to check le_value because it comes from a 16 bit
-+ value and thus can't create an overflow on a 32 bit
-+ system. */
-+ }
-+ }
-
- /* Prepare for key generation by verifying the Admin PIN. */
- err = verify_chv3 (app, pincb, pincb_arg);
- if (err)
-- goto leave;
-+ return err;
-
-- /* Test whether we will need extended length mode. (1900 is an
-- arbitrary length which for sure fits into a short apdu.) */
-- if (app->app_local->cardcap.ext_lc_le && keybits > 1900)
-- {
-- exmode = 1; /* Use extended length w/o a limit. */
-- le_value = app->app_local->extcap.max_rsp_data;
-- /* No need to check le_value because it comes from a 16 bit
-- value and thus can't create an overflow on a 32 bit
-- system. */
-- }
-- else
-- {
-- exmode = 0;
-- le_value = 256; /* Use legacy value. */
-- }
-
- log_info (_("please wait while key is being generated ...\n"));
- start_at = time (NULL);
-@@ -3601,9 +3599,8 @@ do_genkey (app_t app, ctrl_t ctrl, const char *keynostr, unsigned int flags,
- 2, le_value, &buffer, &buflen);
- if (err)
- {
-- err = gpg_error (GPG_ERR_CARD);
- log_error (_("generating key failed\n"));
-- goto leave;
-+ return gpg_error (GPG_ERR_CARD);
- }
-
- {
-@@ -3621,38 +3618,117 @@ do_genkey (app_t app, ctrl_t ctrl, const char *keynostr, unsigned int flags,
- goto leave;
- }
-
-- m = find_tlv (keydata, keydatalen, 0x0081, &mlen);
-- if (!m)
-- {
-- err = gpg_error (GPG_ERR_CARD);
-- log_error (_("response does not contain the RSA modulus\n"));
-- goto leave;
-- }
-- /* log_printhex ("RSA n:", m, mlen); */
-- send_key_data (ctrl, "n", m, mlen);
--
-- e = find_tlv (keydata, keydatalen, 0x0082, &elen);
-- if (!e)
-- {
-- err = gpg_error (GPG_ERR_CARD);
-- log_error (_("response does not contain the RSA public exponent\n"));
-- goto leave;
-- }
-- /* log_printhex ("RSA e:", e, elen); */
-- send_key_data (ctrl, "e", e, elen);
--
- created_at = (u32)(createtime? createtime : gnupg_get_time ());
- sprintf (numbuf, "%u", created_at);
- send_status_info (ctrl, "KEY-CREATED-AT",
- numbuf, (size_t)strlen(numbuf), NULL, 0);
-
-- for (; mlen && !*m; mlen--, m++) /* strip leading zeroes */
-- ;
-- for (; elen && !*e; elen--, e++) /* strip leading zeroes */
-- ;
-+ if (app->app_local->keyattr[keyno].key_type == KEY_TYPE_RSA)
-+ {
-+ const unsigned char *m, *e;
-+ size_t mlen, elen;
-+
-+ m = find_tlv (keydata, keydatalen, 0x0081, &mlen);
-+ if (!m)
-+ {
-+ err = gpg_error (GPG_ERR_CARD);
-+ log_error (_("response does not contain the RSA modulus\n"));
-+ goto leave;
-+ }
-+ /* log_printhex ("RSA n:", m, mlen); */
-+ send_key_data (ctrl, "n", m, mlen);
-+
-+ e = find_tlv (keydata, keydatalen, 0x0082, &elen);
-+ if (!e)
-+ {
-+ err = gpg_error (GPG_ERR_CARD);
-+ log_error (_("response does not contain the RSA public exponent\n"));
-+ goto leave;
-+ }
-+ /* log_printhex ("RSA e:", e, elen); */
-+ send_key_data (ctrl, "e", e, elen);
-+
-+ for (; mlen && !*m; mlen--, m++) /* strip leading zeroes */
-+ ;
-+ for (; elen && !*e; elen--, e++) /* strip leading zeroes */
-+ ;
-+
-+ err = store_fpr (app, keyno, created_at, fprbuf, PUBKEY_ALGO_RSA,
-+ m, mlen, e, elen);
-+ }
-+ else if (app->app_local->keyattr[keyno].key_type == KEY_TYPE_ECC)
-+ {
-+ const unsigned char *ecc_q;
-+ size_t ecc_q_len;
-+ gcry_mpi_t oid;
-+ int n;
-+ const unsigned char *oidbuf;
-+ size_t oid_len;
-+ int algo;
-+
-+ ecc_q = find_tlv (keydata, keydatalen, 0x0086, &ecc_q_len);
-+ if (!ecc_q)
-+ {
-+ err = gpg_error (GPG_ERR_CARD);
-+ log_error (_("response does not contain the EC public key\n"));
-+ goto leave;
-+ }
-+
-+ err = openpgp_oid_from_str (app->app_local->keyattr[keyno].ecc.oid, &oid);
-+ if (err)
-+ goto leave;
-+
-+ oidbuf = gcry_mpi_get_opaque (oid, &n);
-+ if (!oidbuf)
-+ {
-+ err = gpg_error_from_syserror ();
-+ gcry_mpi_release (oid);
-+ goto leave;
-+ }
-+ gcry_mpi_release (oid);
-+ oid_len = (n+7)/8;
-+
-+ if ((app->app_local->keyattr[keyno].ecc.flags & ECC_FLAG_DJB_TWEAK))
-+ { /* Prepend 0x40 prefix. */
-+ unsigned char *q = xtrymalloc (ecc_q_len + 1);
-+
-+ if (!q)
-+ {
-+ err = gpg_error_from_syserror ();
-+ goto leave;
-+ }
-+ *q = 0x40;
-+ memcpy (q+1, ecc_q, ecc_q_len);
-+ send_key_data (ctrl, "q", q, ecc_q_len + 1);
-+ xfree (q);
-+ }
-+ else
-+ {
-+ /* strip leading zeroes */
-+ for (; ecc_q_len && !*ecc_q; ecc_q_len--, ecc_q++)
-+ ;
-+ send_key_data (ctrl, "q", ecc_q, ecc_q_len);
-+ }
-+
-+ send_key_data (ctrl, "curve", oidbuf, oid_len);
-+
-+ if (keyno == 1)
-+ {
-+ send_key_data (ctrl, "kdf", "\x03\x01\x08\x07", (size_t)4);
-+ algo = PUBKEY_ALGO_ECDH;
-+ }
-+ else
-+ {
-+ if ((app->app_local->keyattr[keyno].ecc.flags & ECC_FLAG_DJB_TWEAK))
-+ algo = PUBKEY_ALGO_EDDSA;
-+ else
-+ algo = PUBKEY_ALGO_ECDSA;
-+ }
-+
-+ err = store_fpr (app, keyno, created_at, fprbuf, algo, oidbuf, oid_len,
-+ ecc_q, ecc_q_len, "\x03\x01\x08\x07", (size_t)4);
-+ }
-
-- err = store_fpr (app, keyno, created_at, fprbuf, PUBKEY_ALGO_RSA,
-- m, mlen, e, elen);
- if (err)
- goto leave;
- send_fpr_if_not_null (ctrl, "KEY-FPR", -1, fprbuf);
diff --git a/debian/patches/0074-common-w32-Make-use-of-default_errsource-in-exechelp.patch b/debian/patches/0074-common-w32-Make-use-of-default_errsource-in-exechelp.patch
deleted file mode 100644
index 09225a4..0000000
--- a/debian/patches/0074-common-w32-Make-use-of-default_errsource-in-exechelp.patch
+++ /dev/null
@@ -1,101 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Tue, 18 Oct 2016 14:01:53 +0200
-Subject: common,w32: Make use of default_errsource in exechelp.
-
-* common/exechelp-posix.c (my_error_from_syserror, my_error): New.
-Use them instead of gpg_error and gpg_error_from_syserror.
-
-Fixes-commit: 96c7901ec1c79be732570811223d3ea54875abfe
-Signed-off-by: Justus Winter <justus at g10code.com>
----
- common/exechelp-w32.c | 28 +++++++++++++++++++++-------
- 1 file changed, 21 insertions(+), 7 deletions(-)
-
-diff --git a/common/exechelp-w32.c b/common/exechelp-w32.c
-index b2d2457..418eb9b 100644
---- a/common/exechelp-w32.c
-+++ b/common/exechelp-w32.c
-@@ -84,6 +84,20 @@
- # define handle_to_pid(a) ((int)(a))
-
-
-+/* Helper */
-+static inline gpg_error_t
-+my_error_from_syserror (void)
-+{
-+ return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
-+}
-+
-+static inline gpg_error_t
-+my_error (int errcode)
-+{
-+ return gpg_err_make (default_errsource, errcode);
-+}
-+
-+
- /* Return the maximum number of currently allowed open file
- descriptors. Only useful on POSIX systems but returns a value on
- other systems too. */
-@@ -219,7 +233,7 @@ build_w32_commandline (const char *pgmname, const char * const *argv,
-
- buf = p = xtrymalloc (n);
- if (!buf)
-- return gpg_error_from_syserror ();
-+ return my_error_from_syserror ();
-
- p = build_w32_commandline_copy (p, pgmname);
- for (i=0; argv[i]; i++)
-@@ -293,7 +307,7 @@ do_create_pipe (int filedes[2], int flags)
- HANDLE fds[2];
-
- filedes[0] = filedes[1] = -1;
-- err = gpg_error (GPG_ERR_GENERAL);
-+ err = my_error (GPG_ERR_GENERAL);
- if (!create_inheritable_pipe (fds, flags))
- {
- filedes[0] = _open_osfhandle (handle_to_fd (fds[0]), O_RDONLY);
-@@ -662,7 +676,7 @@ gnupg_spawn_process_fd (const char *pgmname, const char *argv[],
- ))
- {
- log_error ("CreateProcess failed: %s\n", w32_strerror (-1));
-- err = gpg_error (GPG_ERR_GENERAL);
-+ err = my_error (GPG_ERR_GENERAL);
- }
- else
- err = 0;
-@@ -707,7 +721,7 @@ gnupg_wait_processes (const char **pgmnames, pid_t *pids, size_t count,
-
- procs = xtrycalloc (count, sizeof *procs);
- if (procs == NULL)
-- return gpg_error_from_syserror ();
-+ return my_error_from_syserror ();
-
- for (i = 0; i < count; i++)
- {
-@@ -715,7 +729,7 @@ gnupg_wait_processes (const char **pgmnames, pid_t *pids, size_t count,
- r_exitcodes[i] = -1;
-
- if (pids[i] == (pid_t)(-1))
-- return gpg_error (GPG_ERR_INV_VALUE);
-+ return my_error (GPG_ERR_INV_VALUE);
-
- procs[i] = fd_to_handle (pids[i]);
- }
-@@ -818,7 +832,7 @@ gnupg_spawn_process_detached (const char *pgmname, const char *argv[],
- (void)envp;
-
- if (access (pgmname, X_OK))
-- return gpg_error_from_syserror ();
-+ return my_error_from_syserror ();
-
- /* Prepare security attributes. */
- memset (&sec_attr, 0, sizeof sec_attr );
-@@ -856,7 +870,7 @@ gnupg_spawn_process_detached (const char *pgmname, const char *argv[],
- {
- log_error ("CreateProcess(detached) failed: %s\n", w32_strerror (-1));
- xfree (cmdline);
-- return gpg_error (GPG_ERR_GENERAL);
-+ return my_error (GPG_ERR_GENERAL);
- }
- xfree (cmdline);
- cmdline = NULL;
diff --git a/debian/patches/0075-common-w32-Extend-gnupg_create_inbound_pipe-et-al.patch b/debian/patches/0075-common-w32-Extend-gnupg_create_inbound_pipe-et-al.patch
deleted file mode 100644
index 55df5d7..0000000
--- a/debian/patches/0075-common-w32-Extend-gnupg_create_inbound_pipe-et-al.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Tue, 18 Oct 2016 13:55:12 +0200
-Subject: common,w32: Extend gnupg_create_inbound_pipe et al.
-
-* common/exechelp-w32.c (do_create_pipe): Rename, add arguments, and
-create a stream if reqested.
-(gnupg_create_inbound_pipe): Use the extended function to open the
-stream if requested.
-(gnupg_create_outbound_pipe): Likewise.
-(gnupg_create_pipe): Update call site.
-
-Fixes-commit: 5d991e333a1885adc40abd9d00c01fec4bd5d9d7
-Signed-off-by: Justus Winter <justus at g10code.com>
----
- common/exechelp-w32.c | 37 +++++++++++++++++++++++++++----------
- 1 file changed, 27 insertions(+), 10 deletions(-)
-
-diff --git a/common/exechelp-w32.c b/common/exechelp-w32.c
-index 418eb9b..c5d6b08 100644
---- a/common/exechelp-w32.c
-+++ b/common/exechelp-w32.c
-@@ -301,7 +301,8 @@ w32_open_null (int for_write)
-
-
- static gpg_error_t
--do_create_pipe (int filedes[2], int flags)
-+create_pipe_and_estream (int filedes[2], int flags,
-+ estream_t *r_fp, int outbound, int nonblock)
- {
- gpg_error_t err = 0;
- HANDLE fds[2];
-@@ -330,6 +331,25 @@ do_create_pipe (int filedes[2], int flags)
- err = 0;
- }
- }
-+
-+ if (! err && r_fp)
-+ {
-+ if (!outbound)
-+ *r_fp = es_fdopen (filedes[0], nonblock? "r,nonblock" : "r");
-+ else
-+ *r_fp = es_fdopen (filedes[1], nonblock? "w,nonblock" : "w");
-+ if (!*r_fp)
-+ {
-+ err = my_error_from_syserror ();
-+ log_error (_("error creating a stream for a pipe: %s\n"),
-+ gpg_strerror (err));
-+ close (filedes[0]);
-+ close (filedes[1]);
-+ filedes[0] = filedes[1] = -1;
-+ return err;
-+ }
-+ }
-+
- return err;
- }
-
-@@ -339,10 +359,8 @@ do_create_pipe (int filedes[2], int flags)
- gpg_error_t
- gnupg_create_inbound_pipe (int filedes[2], estream_t *r_fp, int nonblock)
- {
-- if (r_fp)
-- return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
-- else
-- return do_create_pipe (filedes, INHERIT_WRITE);
-+ return create_pipe_and_estream (filedes, INHERIT_WRITE,
-+ r_fp, 0, nonblock);
- }
-
-
-@@ -352,10 +370,8 @@ gnupg_create_inbound_pipe (int filedes[2], estream_t *r_fp, int nonblock)
- gpg_error_t
- gnupg_create_outbound_pipe (int filedes[2], estream_t *r_fp, int nonblock)
- {
-- if (r_fp)
-- return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
-- else
-- return do_create_pipe (filedes, INHERIT_READ);
-+ return create_pipe_and_estream (filedes, INHERIT_READ,
-+ r_fp, 1, nonblock);
- }
-
-
-@@ -364,7 +380,8 @@ gnupg_create_outbound_pipe (int filedes[2], estream_t *r_fp, int nonblock)
- gpg_error_t
- gnupg_create_pipe (int filedes[2])
- {
-- return do_create_pipe (filedes, INHERIT_BOTH);
-+ return create_pipe_and_estream (filedes, INHERIT_BOTH,
-+ NULL, 0, 0);
- }
-
-
diff --git a/debian/patches/0076-common-w32-Communicate-with-child-in-non-blocking-mo.patch b/debian/patches/0076-common-w32-Communicate-with-child-in-non-blocking-mo.patch
deleted file mode 100644
index 31dea61..0000000
--- a/debian/patches/0076-common-w32-Communicate-with-child-in-non-blocking-mo.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Tue, 18 Oct 2016 14:04:54 +0200
-Subject: common,w32: Communicate with child in non-blocking mode.
-
-* common/exechelp-w32.c (gnupg_spawn_process): Open streams in
-non-blocking mode if requested.
-
-Fixes-commit: 83811e3f1f0c615b2b63bafdb49a35a0fc198088
-Signed-off-by: Justus Winter <justus at g10code.com>
----
- common/exechelp-w32.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/common/exechelp-w32.c b/common/exechelp-w32.c
-index c5d6b08..19e4d9e 100644
---- a/common/exechelp-w32.c
-+++ b/common/exechelp-w32.c
-@@ -418,6 +418,7 @@ gnupg_spawn_process (const char *pgmname, const char *argv[],
- int i;
- es_syshd_t syshd;
- gpg_err_source_t errsource = default_errsource;
-+ int nonblock = !!(flags & GNUPG_SPAWN_NONBLOCK);
-
- (void)except; /* Not yet used. */
-
-@@ -440,7 +441,7 @@ gnupg_spawn_process (const char *pgmname, const char *argv[],
-
- syshd.type = ES_SYSHD_HANDLE;
- syshd.u.handle = inpipe[1];
-- infp = es_sysopen (&syshd, "w");
-+ infp = es_sysopen (&syshd, nonblock? "w,nonblock" : "w");
- if (!infp)
- {
- err = gpg_err_make (errsource, gpg_err_code_from_syserror ());
-@@ -464,7 +465,7 @@ gnupg_spawn_process (const char *pgmname, const char *argv[],
-
- syshd.type = ES_SYSHD_HANDLE;
- syshd.u.handle = outpipe[0];
-- outfp = es_sysopen (&syshd, "r");
-+ outfp = es_sysopen (&syshd, nonblock? "r,nonblock" : "r");
- if (!outfp)
- {
- err = gpg_err_make (errsource, gpg_err_code_from_syserror ());
-@@ -494,7 +495,7 @@ gnupg_spawn_process (const char *pgmname, const char *argv[],
-
- syshd.type = ES_SYSHD_HANDLE;
- syshd.u.handle = errpipe[0];
-- errfp = es_sysopen (&syshd, "r");
-+ errfp = es_sysopen (&syshd, nonblock? "r,nonblock" : "r");
- if (!errfp)
- {
- err = gpg_err_make (errsource, gpg_err_code_from_syserror ());
diff --git a/debian/patches/0077-common-Fix-copying-data-to-estreams.patch b/debian/patches/0077-common-Fix-copying-data-to-estreams.patch
deleted file mode 100644
index 9992ab1..0000000
--- a/debian/patches/0077-common-Fix-copying-data-to-estreams.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Tue, 18 Oct 2016 17:57:19 +0200
-Subject: common: Fix copying data to estreams.
-
-* common/exectool.c (copy_buffer_do_copy): Correctly account for
-partially written data in the event of errors.
-
-Signed-off-by: Justus Winter <justus at g10code.com>
----
- common/exectool.c | 12 +++++++-----
- 1 file changed, 7 insertions(+), 5 deletions(-)
-
-diff --git a/common/exectool.c b/common/exectool.c
-index e46071c..cf54efe 100644
---- a/common/exectool.c
-+++ b/common/exectool.c
-@@ -248,7 +248,14 @@ copy_buffer_do_copy (struct copy_buffer *c, estream_t source, estream_t sink)
- return 0; /* Done copying. */
-
-
-+ nwritten = 0;
- err = sink? es_write (sink, c->writep, c->nread, &nwritten) : 0;
-+
-+ assert (nwritten <= c->nread);
-+ c->writep += nwritten;
-+ c->nread -= nwritten;
-+ assert (c->writep - c->buffer <= sizeof c->buffer);
-+
- if (err)
- {
- if (errno == EAGAIN)
-@@ -257,11 +264,6 @@ copy_buffer_do_copy (struct copy_buffer *c, estream_t source, estream_t sink)
- return my_error_from_syserror ();
- }
-
-- assert (nwritten <= c->nread);
-- c->writep += nwritten;
-- c->nread -= nwritten;
-- assert (c->writep - c->buffer <= sizeof c->buffer);
--
- if (sink && es_fflush (sink) && errno != EAGAIN)
- err = my_error_from_syserror ();
-
diff --git a/debian/patches/0078-agent-Add-card-option-for-READKEY.patch b/debian/patches/0078-agent-Add-card-option-for-READKEY.patch
deleted file mode 100644
index c860bb0..0000000
--- a/debian/patches/0078-agent-Add-card-option-for-READKEY.patch
+++ /dev/null
@@ -1,274 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Thu, 20 Oct 2016 12:05:15 +0900
-Subject: agent: Add --card option for READKEY.
-
-* agent/findkey.c (agent_write_shadow_key): New.
-* agent/command-ssh.c (card_key_available): Use agent_write_shadow_key.
-* agent/learncard.c (agent_handle_learn): Likewise.
-* agent/command.c (cmd_readkey): Add --card option.
---
-
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- agent/agent.h | 3 +++
- agent/command-ssh.c | 32 +------------------------
- agent/command.c | 69 +++++++++++++++++++++++++++++++++++++++++++----------
- agent/findkey.c | 36 ++++++++++++++++++++++++++++
- agent/learncard.c | 30 +++--------------------
- 5 files changed, 100 insertions(+), 70 deletions(-)
-
-diff --git a/agent/agent.h b/agent/agent.h
-index fe5ffba..a3ec457 100644
---- a/agent/agent.h
-+++ b/agent/agent.h
-@@ -490,6 +490,9 @@ gpg_error_t s2k_hash_passphrase (const char *passphrase, int hashalgo,
- const unsigned char *s2ksalt,
- unsigned int s2kcount,
- unsigned char *key, size_t keylen);
-+gpg_error_t agent_write_shadow_key (const unsigned char *grip,
-+ const char *serialno, const char *keyid,
-+ const unsigned char *pkbuf, int force);
-
-
- /*-- trustlist.c --*/
-diff --git a/agent/command-ssh.c b/agent/command-ssh.c
-index 83a27ed..dd74d2d 100644
---- a/agent/command-ssh.c
-+++ b/agent/command-ssh.c
-@@ -2474,39 +2474,9 @@ card_key_available (ctrl_t ctrl, gcry_sexp_t *r_pk, char **cardsn)
- if ( agent_key_available (grip) )
- {
- /* (Shadow)-key is not available in our key storage. */
-- unsigned char *shadow_info;
-- unsigned char *tmp;
--
-- shadow_info = make_shadow_info (serialno, authkeyid);
-- if (!shadow_info)
-- {
-- err = gpg_error_from_syserror ();
-- xfree (pkbuf);
-- gcry_sexp_release (s_pk);
-- xfree (serialno);
-- xfree (authkeyid);
-- return err;
-- }
-- err = agent_shadow_key (pkbuf, shadow_info, &tmp);
-- xfree (shadow_info);
-- if (err)
-- {
-- log_error (_("shadowing the key failed: %s\n"), gpg_strerror (err));
-- xfree (pkbuf);
-- gcry_sexp_release (s_pk);
-- xfree (serialno);
-- xfree (authkeyid);
-- return err;
-- }
-- xfree (pkbuf);
-- pkbuf = tmp;
-- pkbuflen = gcry_sexp_canon_len (pkbuf, 0, NULL, NULL);
-- assert (pkbuflen);
--
-- err = agent_write_private_key (grip, pkbuf, pkbuflen, 0);
-+ err = agent_write_shadow_key (grip, serialno, authkeyid, pkbuf, 0);
- if (err)
- {
-- log_error (_("error writing key: %s\n"), gpg_strerror (err));
- xfree (pkbuf);
- gcry_sexp_release (s_pk);
- xfree (serialno);
-diff --git a/agent/command.c b/agent/command.c
-index 9522f89..12d90ed 100644
---- a/agent/command.c
-+++ b/agent/command.c
-@@ -981,8 +981,10 @@ cmd_genkey (assuan_context_t ctx, char *line)
-
- static const char hlp_readkey[] =
- "READKEY <hexstring_with_keygrip>\n"
-+ " --card <keyid>\n"
- "\n"
-- "Return the public key for the given keygrip.";
-+ "Return the public key for the given keygrip or keyid.\n"
-+ "With --card, private key file with card information will be created.";
- static gpg_error_t
- cmd_readkey (assuan_context_t ctx, char *line)
- {
-@@ -990,10 +992,57 @@ cmd_readkey (assuan_context_t ctx, char *line)
- int rc;
- unsigned char grip[20];
- gcry_sexp_t s_pkey = NULL;
-+ unsigned char *pkbuf = NULL;
-+ size_t pkbuflen;
-
- if (ctrl->restricted)
- return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
-
-+ if (has_option_name (line, "--card"))
-+ {
-+ const char *keyid;
-+ char *serialno = NULL;
-+
-+ keyid = skip_options (line);
-+
-+ rc = agent_card_getattr (ctrl, "SERIALNO", &serialno);
-+ if (rc)
-+ {
-+ log_error (_("error getting serial number of card: %s\n"),
-+ gpg_strerror (rc));
-+ goto leave;
-+ }
-+
-+ pkbuflen = gcry_sexp_canon_len (pkbuf, 0, NULL, NULL);
-+ rc = agent_card_readkey (ctrl, keyid, &pkbuf);
-+ if (rc)
-+ goto leave;
-+ rc = gcry_sexp_sscan (&s_pkey, NULL, (char*)pkbuf, pkbuflen);
-+ if (rc)
-+ goto leave;
-+
-+ if (!gcry_pk_get_keygrip (s_pkey, grip))
-+ {
-+ rc = gcry_pk_testkey (s_pkey);
-+ if (rc == 0)
-+ rc = gpg_error (GPG_ERR_INTERNAL);
-+
-+ goto leave;
-+ }
-+
-+ rc = agent_write_shadow_key (grip, serialno, keyid, pkbuf, 0);
-+ if (rc)
-+ goto leave;
-+
-+ rc = assuan_send_data (ctx, pkbuf, pkbuflen);
-+
-+ leave:
-+ xfree (serialno);
-+ xfree (pkbuf);
-+ gcry_sexp_release (s_pkey);
-+ return leave_cmd (ctx, rc);
-+ }
-+
- rc = parse_keygrip (ctx, line, grip);
- if (rc)
- return rc; /* Return immediately as this is already an Assuan error code.*/
-@@ -1001,20 +1050,16 @@ cmd_readkey (assuan_context_t ctx, char *line)
- rc = agent_public_key_from_file (ctrl, grip, &s_pkey);
- if (!rc)
- {
-- size_t len;
-- unsigned char *buf;
--
-- len = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, NULL, 0);
-- assert (len);
-- buf = xtrymalloc (len);
-- if (!buf)
-+ pkbuflen = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, NULL, 0);
-+ assert (pkbuflen);
-+ pkbuf = xtrymalloc (pkbuflen);
-+ if (!pkbuf)
- rc = gpg_error_from_syserror ();
- else
- {
-- len = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, buf, len);
-- assert (len);
-- rc = assuan_send_data (ctx, buf, len);
-- xfree (buf);
-+ gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, pkbuf, pkbuflen);
-+ rc = assuan_send_data (ctx, pkbuf, pkbuflen);
-+ xfree (pkbuf);
- }
- gcry_sexp_release (s_pkey);
- }
-diff --git a/agent/findkey.c b/agent/findkey.c
-index c5ab0e9..23e94f0 100644
---- a/agent/findkey.c
-+++ b/agent/findkey.c
-@@ -1492,3 +1492,39 @@ agent_delete_key (ctrl_t ctrl, const char *desc_text,
- gcry_sexp_release (s_skey);
- return err;
- }
-+
-+
-+/* Write an S-expression formatted shadow key to our key storage.
-+ Shadow key is created by an S-expression public key in PKBUF and
-+ card's SERIALNO and the IDSTRING. With FORCE passed as true an
-+ existing key with the given GRIP will get overwritten. */
-+gpg_error_t
-+agent_write_shadow_key (const unsigned char *grip,
-+ const char *serialno, const char *keyid,
-+ const unsigned char *pkbuf, int force)
-+{
-+ gpg_error_t err;
-+ unsigned char *shadow_info;
-+ unsigned char *shdkey;
-+ size_t len;
-+
-+ shadow_info = make_shadow_info (serialno, keyid);
-+ if (!shadow_info)
-+ return gpg_error_from_syserror ();
-+
-+ err = agent_shadow_key (pkbuf, shadow_info, &shdkey);
-+ xfree (shadow_info);
-+ if (err)
-+ {
-+ log_error ("shadowing the key failed: %s\n", gpg_strerror (err));
-+ return err;
-+ }
-+
-+ len = gcry_sexp_canon_len (shdkey, 0, NULL, NULL);
-+ err = agent_write_private_key (grip, shdkey, len, force);
-+ xfree (shdkey);
-+ if (err)
-+ log_error ("error writing key: %s\n", gpg_strerror (err));
-+
-+ return err;
-+}
-diff --git a/agent/learncard.c b/agent/learncard.c
-index e9304fb..103a821 100644
---- a/agent/learncard.c
-+++ b/agent/learncard.c
-@@ -381,8 +381,7 @@ agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context, int force)
-
- for (item = parm.info; item; item = item->next)
- {
-- unsigned char *pubkey, *shdkey;
-- size_t n;
-+ unsigned char *pubkey;
-
- if (opt.verbose)
- log_info (" id: %s (grip=%s)\n", item->id, item->hexgrip);
-@@ -410,33 +409,10 @@ agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context, int force)
- goto leave;
- }
-
-- {
-- unsigned char *shadow_info = make_shadow_info (serialno, item->id);
-- if (!shadow_info)
-- {
-- rc = gpg_error (GPG_ERR_ENOMEM);
-- xfree (pubkey);
-- goto leave;
-- }
-- rc = agent_shadow_key (pubkey, shadow_info, &shdkey);
-- xfree (shadow_info);
-- }
-+ rc = agent_write_shadow_key (grip, serialno, item->id, pubkey, force);
- xfree (pubkey);
- if (rc)
-- {
-- log_error ("shadowing the key failed: %s\n", gpg_strerror (rc));
-- goto leave;
-- }
-- n = gcry_sexp_canon_len (shdkey, 0, NULL, NULL);
-- assert (n);
--
-- rc = agent_write_private_key (grip, shdkey, n, force);
-- xfree (shdkey);
-- if (rc)
-- {
-- log_error ("error writing key: %s\n", gpg_strerror (rc));
-- goto leave;
-- }
-+ goto leave;
-
- if (opt.verbose)
- log_info (" id: %s - shadow key created\n", item->id);
diff --git a/debian/patches/0079-g10-smartcard-keygen-change.patch b/debian/patches/0079-g10-smartcard-keygen-change.patch
deleted file mode 100644
index bd028b3..0000000
--- a/debian/patches/0079-g10-smartcard-keygen-change.patch
+++ /dev/null
@@ -1,341 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Thu, 20 Oct 2016 13:30:47 +0900
-Subject: g10: smartcard keygen change.
-
-* g10/call-agent.c (scd_genkey_cb_append_savedbytes): Remove.
-(scd_genkey_cb): Only handle KEY-CREATED-AT and PROGRESS.
-(agent_scd_genkey): Remove INFO argument. CREATETIME is now in/out
-argument.
-(agent_readkey): Use READKEY --card instead of SCD READKEY.
-* g10/keygen.c (gen_card_key): Use READKEY --card command of the agent
-to retrieve public key information from card and let the agent make
-a file for private key with shadow info.
---
-
-This change removes gpg's KEY-DATA handling for SCD GENKEY. Information
-with KEY-DATA is simply not used. Instead, it is read by READKEY --card
-command of gpg-agent. This can consolidate public key handling in a
-single method by READKEY.
-
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- g10/call-agent.c | 118 ++++++-------------------------------------------------
- g10/call-agent.h | 10 +----
- g10/keygen.c | 54 ++++++++++++++-----------
- 3 files changed, 45 insertions(+), 137 deletions(-)
-
-diff --git a/g10/call-agent.c b/g10/call-agent.c
-index 0fb392c..632cabe 100644
---- a/g10/call-agent.c
-+++ b/g10/call-agent.c
-@@ -103,13 +103,6 @@ struct cache_nonce_parm_s
- };
-
-
--struct scd_genkey_parm_s
--{
-- struct agent_card_genkey_s *cgk;
-- char *savedbytes; /* Malloced space to save key parameter chunks. */
--};
--
--
- static gpg_error_t learn_status_cb (void *opaque, const char *line);
-
-
-@@ -979,133 +972,50 @@ agent_scd_writekey (int keyno, const char *serialno,
-
-
-
--static gpg_error_t
--scd_genkey_cb_append_savedbytes (struct scd_genkey_parm_s *parm,
-- const char *line)
--{
-- gpg_error_t err = 0;
-- char *p;
--
-- if (!parm->savedbytes)
-- {
-- parm->savedbytes = xtrystrdup (line);
-- if (!parm->savedbytes)
-- err = gpg_error_from_syserror ();
-- }
-- else
-- {
-- p = xtrymalloc (strlen (parm->savedbytes) + strlen (line) + 1);
-- if (!p)
-- err = gpg_error_from_syserror ();
-- else
-- {
-- strcpy (stpcpy (p, parm->savedbytes), line);
-- xfree (parm->savedbytes);
-- parm->savedbytes = p;
-- }
-- }
--
-- return err;
--}
--
- /* Status callback for the SCD GENKEY command. */
- static gpg_error_t
- scd_genkey_cb (void *opaque, const char *line)
- {
-- struct scd_genkey_parm_s *parm = opaque;
-+ u32 *createtime = opaque;
- const char *keyword = line;
- int keywordlen;
-- gpg_error_t rc = 0;
-
- for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
- ;
- while (spacep (line))
- line++;
-
-- if (keywordlen == 7 && !memcmp (keyword, "KEY-FPR", keywordlen))
-- {
-- parm->cgk->fprvalid = unhexify_fpr (line, parm->cgk->fpr);
-- }
-- else if (keywordlen == 8 && !memcmp (keyword, "KEY-DATA", keywordlen))
-- {
-- gcry_mpi_t a;
-- const char *name = line;
--
-- while (*line && !spacep (line))
-- line++;
-- while (spacep (line))
-- line++;
--
-- if (*name == '-' && spacep (name+1))
-- rc = scd_genkey_cb_append_savedbytes (parm, line);
-- else
-- {
-- if (parm->savedbytes)
-- {
-- rc = scd_genkey_cb_append_savedbytes (parm, line);
-- if (!rc)
-- rc = gcry_mpi_scan (&a, GCRYMPI_FMT_HEX,
-- parm->savedbytes, 0, NULL);
-- }
-- else
-- rc = gcry_mpi_scan (&a, GCRYMPI_FMT_HEX, line, 0, NULL);
-- if (rc)
-- log_error ("error parsing received key data: %s\n",
-- gpg_strerror (rc));
-- else if (*name == 'n' && spacep (name+1))
-- parm->cgk->n = a;
-- else if (*name == 'e' && spacep (name+1))
-- parm->cgk->e = a;
-- else
-- {
-- log_info ("unknown parameter name in received key data\n");
-- gcry_mpi_release (a);
-- rc = gpg_error (GPG_ERR_INV_PARAMETER);
-- }
--
-- xfree (parm->savedbytes);
-- parm->savedbytes = NULL;
-- }
-- }
-- else if (keywordlen == 14 && !memcmp (keyword,"KEY-CREATED-AT", keywordlen))
-+ if (keywordlen == 14 && !memcmp (keyword,"KEY-CREATED-AT", keywordlen))
- {
-- parm->cgk->created_at = (u32)strtoul (line, NULL, 10);
-+ *createtime = (u32)strtoul (line, NULL, 10);
- }
- else if (keywordlen == 8 && !memcmp (keyword, "PROGRESS", keywordlen))
- {
- write_status_text (STATUS_PROGRESS, line);
- }
-
-- return rc;
-+ return 0;
- }
-
--/* Send a GENKEY command to the SCdaemon. SERIALNO is not used in
-- this implementation. If CREATEDATE is not 0, it will be passed to
-- SCDAEMON so that the key is created with this timestamp. INFO will
-- receive information about the generated key. */
-+/* Send a GENKEY command to the SCdaemon. If CREATETIME is not 0, it
-+ will be passed to SCDAEMON so that the key is created with this
-+ timestamp. On success, creation time is stored back to CREATETIME. */
- int
--agent_scd_genkey (struct agent_card_genkey_s *info, int keyno, int force,
-- const char *serialno, u32 createtime)
-+agent_scd_genkey (int keyno, int force, u32 *createtime)
- {
- int rc;
- char line[ASSUAN_LINELENGTH];
- gnupg_isotime_t tbuf;
-- struct scd_genkey_parm_s parms;
- struct default_inq_parm_s dfltparm;
-
- memset (&dfltparm, 0, sizeof dfltparm);
-
-- (void)serialno;
--
-- memset (&parms, 0, sizeof parms);
-- parms.cgk = info;
--
- rc = start_agent (NULL, 1);
- if (rc)
- return rc;
-
-- if (createtime)
-- epoch2isotime (tbuf, createtime);
-+ if (*createtime)
-+ epoch2isotime (tbuf, *createtime);
- else
- *tbuf = 0;
-
-@@ -1116,12 +1026,9 @@ agent_scd_genkey (struct agent_card_genkey_s *info, int keyno, int force,
- line[DIM(line)-1] = 0;
-
- dfltparm.ctx = agent_ctx;
-- memset (info, 0, sizeof *info);
- rc = assuan_transact (agent_ctx, line,
- NULL, NULL, default_inq_cb, &dfltparm,
-- scd_genkey_cb, &parms);
--
-- xfree (parms.savedbytes);
-+ scd_genkey_cb, createtime);
-
- status_sc_op_failure (rc);
- return rc;
-@@ -1854,7 +1761,8 @@ agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip,
- if (err)
- return err;
-
-- snprintf (line, DIM(line)-1, "%sREADKEY %s", fromcard? "SCD ":"", hexkeygrip);
-+ snprintf (line, DIM(line)-1, "READKEY %s%s", fromcard? "--card ":"",
-+ hexkeygrip);
-
- init_membuf (&data, 1024);
- err = assuan_transact (agent_ctx, line,
-diff --git a/g10/call-agent.h b/g10/call-agent.h
-index d85a6fd..032c345 100644
---- a/g10/call-agent.h
-+++ b/g10/call-agent.h
-@@ -68,13 +68,6 @@ struct agent_card_info_s
- unsigned int status_indicator;
- };
-
--struct agent_card_genkey_s {
-- char fprvalid;
-- char fpr[20];
-- u32 created_at;
-- gcry_mpi_t n;
-- gcry_mpi_t e;
--};
-
-
- /* Release the card info structure. */
-@@ -107,8 +100,7 @@ int agent_scd_writekey (int keyno, const char *serialno,
- const unsigned char *keydata, size_t keydatalen);
-
- /* Send a GENKEY command to the SCdaemon. */
--int agent_scd_genkey (struct agent_card_genkey_s *info, int keyno, int force,
-- const char *serialno, u32 createtime);
-+int agent_scd_genkey (int keyno, int force, u32 *createtime);
-
- /* Send a READKEY command to the SCdaemon. */
- int agent_scd_readcert (const char *certidstr,
-diff --git a/g10/keygen.c b/g10/keygen.c
-index 9cf314d..90f8544 100644
---- a/g10/keygen.c
-+++ b/g10/keygen.c
-@@ -4870,9 +4870,14 @@ gen_card_key (int algo, int keyno, int is_primary, kbnode_t pub_root,
- {
- #ifdef ENABLE_CARD_SUPPORT
- gpg_error_t err;
-- struct agent_card_genkey_s info;
- PACKET *pkt;
- PKT_public_key *pk;
-+ char keyid[10];
-+ unsigned char *public;
-+ gcry_sexp_t s_key;
-+
-+ snprintf (keyid, DIM(keyid)-1, "OPENPGP.%d", keyno);
-+ keyid[DIM(keyid)-1] = 0;
-
- if (algo != PUBKEY_ALGO_RSA)
- return gpg_error (GPG_ERR_PUBKEY_ALGO);
-@@ -4888,7 +4893,7 @@ gen_card_key (int algo, int keyno, int is_primary, kbnode_t pub_root,
- }
-
- /* Note: SCD knows the serialnumber, thus there is no point in passing it. */
-- err = agent_scd_genkey (&info, keyno, 1, NULL, *timestamp);
-+ err = agent_scd_genkey (keyno, 1, timestamp);
- /* The code below is not used because we force creation of
- * the a card key (3rd arg).
- * if (gpg_err_code (rc) == GPG_ERR_EEXIST)
-@@ -4898,16 +4903,9 @@ gen_card_key (int algo, int keyno, int is_primary, kbnode_t pub_root,
- * tty_printf ("\n");
- * if ( cpr_get_answer_is_yes( "keygen.card.replace_key",
- * _("Replace existing key? ")))
-- * rc = agent_scd_genkey (&info, keyno, 1);
-+ * rc = agent_scd_genkey (keyno, 1, timestamp);
- * }
- */
-- if (!err && (!info.n || !info.e))
-- {
-- log_error ("communication error with SCD\n");
-- gcry_mpi_release (info.n);
-- gcry_mpi_release (info.e);
-- err = gpg_error (GPG_ERR_GENERAL);
-- }
- if (err)
- {
- log_error ("key generation failed: %s\n", gpg_strerror (err));
-@@ -4916,30 +4914,40 @@ gen_card_key (int algo, int keyno, int is_primary, kbnode_t pub_root,
- return err;
- }
-
-- /* Send the learn command so that the agent creates a shadow key for
-+ /* Send the READKEY command so that the agent creates a shadow key for
- card key. We need to do that now so that we are able to create
- the self-signatures. */
-- err = agent_scd_learn (NULL, 0);
-+ err = agent_readkey (NULL, 1, keyid, &public);
-+ if (err)
-+ return err;
-+ err = gcry_sexp_sscan (&s_key, NULL, public,
-+ gcry_sexp_canon_len (public, 0, NULL, NULL));
-+ xfree (public);
-+ if (err)
-+ return err;
-+
-+ if (algo == PUBKEY_ALGO_RSA)
-+ err = key_from_sexp (pk->pkey, s_key, "public-key", "ne");
-+ else if (algo == PUBKEY_ALGO_ECDSA
-+ || algo == PUBKEY_ALGO_EDDSA
-+ || algo == PUBKEY_ALGO_ECDH )
-+ err = ecckey_from_sexp (pk->pkey, s_key, algo);
-+ else
-+ err = gpg_error (GPG_ERR_PUBKEY_ALGO);
-+ gcry_sexp_release (s_key);
-+
- if (err)
- {
-- /* Oops: Card removed during generation. */
-- log_error (_("OpenPGP card not available: %s\n"), gpg_strerror (err));
-- xfree (pkt);
-- xfree (pk);
-+ log_error ("key_from_sexp failed: %s\n", gpg_strerror (err) );
-+ free_public_key (pk);
- return err;
- }
-
-- if (*timestamp != info.created_at)
-- log_info ("NOTE: the key does not use the suggested creation date\n");
-- *timestamp = info.created_at;
--
-- pk->timestamp = info.created_at;
-+ pk->timestamp = *timestamp;
- pk->version = 4;
- if (expireval)
- pk->expiredate = pk->timestamp + expireval;
- pk->pubkey_algo = algo;
-- pk->pkey[0] = info.n;
-- pk->pkey[1] = info.e;
-
- pkt->pkttype = is_primary ? PKT_PUBLIC_KEY : PKT_PUBLIC_SUBKEY;
- pkt->pkt.public_key = pk;
diff --git a/debian/patches/0080-scd-GENKEY-updates-the-public-key-in-APP.patch b/debian/patches/0080-scd-GENKEY-updates-the-public-key-in-APP.patch
deleted file mode 100644
index 099c03a..0000000
--- a/debian/patches/0080-scd-GENKEY-updates-the-public-key-in-APP.patch
+++ /dev/null
@@ -1,568 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Thu, 20 Oct 2016 16:25:47 +0900
-Subject: scd: GENKEY updates the public key in APP.
-
-* scd/app-openpgp.c (rsa_read_pubkey, ecc_read_pubkey): New.
-(read_public_key): New.
-(get_public_key, do_genkey): Use read_public_key.
-
---
-
-With this change, since GENKEY updates the public key (pk[keyno].key) in
-APP, READKEY will be possible after the command even for the old
-card (version <= 0x0100).
-
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- scd/app-openpgp.c | 485 +++++++++++++++++++++++++++++-------------------------
- 1 file changed, 257 insertions(+), 228 deletions(-)
-
-diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
-index 09e4800..843fdf0 100644
---- a/scd/app-openpgp.c
-+++ b/scd/app-openpgp.c
-@@ -1221,6 +1221,246 @@ retrieve_key_material (FILE *fp, const char *hexkeyid,
- #endif /*GNUPG_MAJOR_VERSION > 1*/
-
-
-+static gpg_error_t
-+rsa_read_pubkey (app_t app, ctrl_t ctrl, u32 created_at, int keyno,
-+ const unsigned char *data, size_t datalen, gcry_sexp_t *r_sexp)
-+{
-+ gpg_error_t err;
-+ const unsigned char *m, *e;
-+ size_t mlen, elen;
-+ unsigned char *mbuf = NULL, *ebuf = NULL;
-+
-+ m = find_tlv (data, datalen, 0x0081, &mlen);
-+ if (!m)
-+ {
-+ log_error (_("response does not contain the RSA modulus\n"));
-+ return gpg_error (GPG_ERR_CARD);
-+ }
-+
-+ e = find_tlv (data, datalen, 0x0082, &elen);
-+ if (!e)
-+ {
-+ log_error (_("response does not contain the RSA public exponent\n"));
-+ return gpg_error (GPG_ERR_CARD);
-+ }
-+
-+ if (ctrl)
-+ {
-+ send_key_data (ctrl, "n", m, mlen);
-+ send_key_data (ctrl, "e", e, elen);
-+ }
-+
-+ for (; mlen && !*m; mlen--, m++) /* strip leading zeroes */
-+ ;
-+ for (; elen && !*e; elen--, e++) /* strip leading zeroes */
-+ ;
-+
-+ if (ctrl)
-+ {
-+ unsigned char fprbuf[20];
-+
-+ err = store_fpr (app, keyno, created_at, fprbuf, PUBKEY_ALGO_RSA,
-+ m, mlen, e, elen);
-+ if (err)
-+ return err;
-+
-+ send_fpr_if_not_null (ctrl, "KEY-FPR", -1, fprbuf);
-+ }
-+
-+ mbuf = xtrymalloc (mlen + 1);
-+ if (!mbuf)
-+ {
-+ err = gpg_error_from_syserror ();
-+ goto leave;
-+ }
-+ /* Prepend numbers with a 0 if needed. */
-+ if (mlen && (*m & 0x80))
-+ {
-+ *mbuf = 0;
-+ memcpy (mbuf+1, m, mlen);
-+ mlen++;
-+ }
-+ else
-+ memcpy (mbuf, m, mlen);
-+
-+ ebuf = xtrymalloc (elen + 1);
-+ if (!ebuf)
-+ {
-+ err = gpg_error_from_syserror ();
-+ goto leave;
-+ }
-+ /* Prepend numbers with a 0 if needed. */
-+ if (elen && (*e & 0x80))
-+ {
-+ *ebuf = 0;
-+ memcpy (ebuf+1, e, elen);
-+ elen++;
-+ }
-+ else
-+ memcpy (ebuf, e, elen);
-+
-+ err = gcry_sexp_build (r_sexp, NULL, "(public-key(rsa(n%b)(e%b)))",
-+ (int)mlen, mbuf, (int)elen, ebuf);
-+ leave:
-+ xfree (mbuf);
-+ xfree (ebuf);
-+ return err;
-+}
-+
-+static gpg_error_t
-+ecc_read_pubkey (app_t app, ctrl_t ctrl, u32 created_at, int keyno,
-+ const unsigned char *data, size_t datalen, gcry_sexp_t *r_sexp)
-+{
-+ gpg_error_t err;
-+ unsigned char *qbuf;
-+ const unsigned char *ecc_q;
-+ size_t ecc_q_len;
-+ gcry_mpi_t oid;
-+ int n;
-+ const unsigned char *oidbuf;
-+ size_t oid_len;
-+ int algo;
-+ const char *format;
-+ const char *curve;
-+
-+ ecc_q = find_tlv (data, datalen, 0x0086, &ecc_q_len);
-+ if (!ecc_q)
-+ {
-+ log_error (_("response does not contain the EC public key\n"));
-+ return gpg_error (GPG_ERR_CARD);
-+ }
-+
-+ err = openpgp_oid_from_str (app->app_local->keyattr[keyno].ecc.oid, &oid);
-+ if (err)
-+ return err;
-+
-+ oidbuf = gcry_mpi_get_opaque (oid, &n);
-+ if (!oidbuf)
-+ {
-+ err = gpg_error_from_syserror ();
-+ gcry_mpi_release (oid);
-+ return err;
-+ }
-+ gcry_mpi_release (oid);
-+ oid_len = (n+7)/8;
-+
-+ qbuf = xtrymalloc (ecc_q_len + 1);
-+ if (!qbuf)
-+ return gpg_error_from_syserror ();
-+
-+ if ((app->app_local->keyattr[keyno].ecc.flags & ECC_FLAG_DJB_TWEAK))
-+ { /* Prepend 0x40 prefix. */
-+ *qbuf = 0x40;
-+ memcpy (qbuf+1, ecc_q, ecc_q_len);
-+ ecc_q_len++;
-+ }
-+ else
-+ memcpy (qbuf, ecc_q, ecc_q_len);
-+
-+ if (ctrl)
-+ {
-+ send_key_data (ctrl, "q", ecc_q, ecc_q_len);
-+ send_key_data (ctrl, "curve", oidbuf, oid_len);
-+ }
-+
-+ if (keyno == 1)
-+ {
-+ if (ctrl)
-+ send_key_data (ctrl, "kdf", "\x03\x01\x08\x07", (size_t)4);
-+ algo = PUBKEY_ALGO_ECDH;
-+ }
-+ else
-+ {
-+ if ((app->app_local->keyattr[keyno].ecc.flags & ECC_FLAG_DJB_TWEAK))
-+ algo = PUBKEY_ALGO_EDDSA;
-+ else
-+ algo = PUBKEY_ALGO_ECDSA;
-+ }
-+
-+ if (ctrl)
-+ {
-+ unsigned char fprbuf[20];
-+
-+ err = store_fpr (app, keyno, created_at, fprbuf, algo, oidbuf, oid_len,
-+ qbuf, ecc_q_len, "\x03\x01\x08\x07", (size_t)4);
-+ if (err)
-+ goto leave;
-+
-+ send_fpr_if_not_null (ctrl, "KEY-FPR", -1, fprbuf);
-+ }
-+
-+ if (!(app->app_local->keyattr[keyno].ecc.flags & ECC_FLAG_DJB_TWEAK))
-+ format = "(public-key(ecc(curve%s)(q%b)))";
-+ else if (keyno == 1)
-+ format = "(public-key(ecc(curve%s)(flags djb-tweak)(q%b)))";
-+ else
-+ format = "(public-key(ecc(curve%s)(flags eddsa)(q%b)))";
-+
-+ curve = openpgp_oid_to_curve (app->app_local->keyattr[keyno].ecc.oid, 1);
-+ err = gcry_sexp_build (r_sexp, NULL, format, curve, (int)ecc_q_len, qbuf);
-+ leave:
-+ xfree (qbuf);
-+ return err;
-+}
-+
-+
-+/* Parse tag-length-value data for public key in BUFFER of BUFLEN
-+ length. Key of KEYNO in APP is updated with an S-expression of
-+ public key. When CTRL is not NULL, fingerprint is computed with
-+ CREATED_AT, and fingerprint is written to the card, and key data
-+ and fingerprint are send back to the client side.
-+ */
-+static gpg_error_t
-+read_public_key (app_t app, ctrl_t ctrl, u32 created_at, int keyno,
-+ const unsigned char *buffer, size_t buflen)
-+{
-+ gpg_error_t err;
-+ const unsigned char *data;
-+ size_t datalen;
-+ gcry_sexp_t s_pkey = NULL;
-+
-+ data = find_tlv (buffer, buflen, 0x7F49, &datalen);
-+ if (!data)
-+ {
-+ log_error (_("response does not contain the public key data\n"));
-+ return gpg_error (GPG_ERR_CARD);
-+ }
-+
-+ if (app->app_local->keyattr[keyno].key_type == KEY_TYPE_RSA)
-+ err = rsa_read_pubkey (app, ctrl, created_at, keyno,
-+ data, datalen, &s_pkey);
-+ else if (app->app_local->keyattr[keyno].key_type == KEY_TYPE_ECC)
-+ err = ecc_read_pubkey (app, ctrl, created_at, keyno,
-+ data, datalen, &s_pkey);
-+ else
-+ err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
-+
-+ if (!err)
-+ {
-+ unsigned char *keybuf;
-+ size_t len;
-+
-+ len = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, NULL, 0);
-+ keybuf = xtrymalloc (len);
-+ if (!data)
-+ {
-+ err = gpg_error_from_syserror ();
-+ gcry_sexp_release (s_pkey);
-+ return err;
-+ }
-+
-+ gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, keybuf, len);
-+ gcry_sexp_release (s_pkey);
-+
-+ app->app_local->pk[keyno].key = keybuf;
-+ /* Decrement for trailing '\0' */
-+ app->app_local->pk[keyno].keylen = len - 1;
-+ }
-+
-+ return err;
-+}
-+
-+
- /* Get the public key for KEYNO and store it as an S-expresion with
- the APP handle. On error that field gets cleared. If we already
- know about the public key we will just return. Note that this does
-@@ -1237,12 +1477,10 @@ get_public_key (app_t app, int keyno)
- {
- gpg_error_t err = 0;
- unsigned char *buffer;
-- const unsigned char *keydata, *m, *e;
-- size_t buflen, keydatalen;
-+ const unsigned char *m, *e;
-+ size_t buflen;
- size_t mlen = 0;
- size_t elen = 0;
-- unsigned char *mbuf = NULL;
-- unsigned char *ebuf = NULL;
- char *keybuf = NULL;
- gcry_sexp_t s_pkey;
- size_t len;
-@@ -1286,42 +1524,7 @@ get_public_key (app_t app, int keyno)
- goto leave;
- }
-
-- keydata = find_tlv (buffer, buflen, 0x7F49, &keydatalen);
-- if (!keydata)
-- {
-- err = gpg_error (GPG_ERR_CARD);
-- log_error (_("response does not contain the public key data\n"));
-- goto leave;
-- }
--
-- if (app->app_local->keyattr[keyno].key_type == KEY_TYPE_RSA)
-- {
-- m = find_tlv (keydata, keydatalen, 0x0081, &mlen);
-- if (!m)
-- {
-- err = gpg_error (GPG_ERR_CARD);
-- log_error (_("response does not contain the RSA modulus\n"));
-- goto leave;
-- }
--
-- e = find_tlv (keydata, keydatalen, 0x0082, &elen);
-- if (!e)
-- {
-- err = gpg_error (GPG_ERR_CARD);
-- log_error (_("response does not contain the RSA public exponent\n"));
-- goto leave;
-- }
-- }
-- else
-- {
-- m = find_tlv (keydata, keydatalen, 0x0086, &mlen);
-- if (!m)
-- {
-- err = gpg_error (GPG_ERR_CARD);
-- log_error (_("response does not contain the EC public key\n"));
-- goto leave;
-- }
-- }
-+ err = read_public_key (app, NULL, 0U, keyno, buffer, buflen);
- }
- else
- {
-@@ -1375,98 +1578,35 @@ get_public_key (app_t app, int keyno)
- gpg_strerror (err));
- goto leave;
- }
-- }
-
-- mbuf = xtrymalloc (mlen + 1);
-- if (!mbuf)
-- {
-- err = gpg_error_from_syserror ();
-- goto leave;
-- }
-+ err = gcry_sexp_build (&s_pkey, NULL, "(public-key(rsa(n%b)(e%b)))",
-+ (int)mlen, m, (int)elen, e);
-+ if (err)
-+ goto leave;
-
-- if ((app->app_local->keyattr[keyno].key_type == KEY_TYPE_RSA
-- || (app->app_local->keyattr[keyno].key_type == KEY_TYPE_ECC
-- && !(app->app_local->keyattr[keyno].ecc.flags & ECC_FLAG_DJB_TWEAK)))
-- && mlen && (*m & 0x80))
-- { /* Prepend numbers with a 0 if needed for MPI. */
-- *mbuf = 0;
-- memcpy (mbuf+1, m, mlen);
-- mlen++;
-- }
-- else if (app->app_local->keyattr[keyno].key_type == KEY_TYPE_ECC
-- && (app->app_local->keyattr[keyno].ecc.flags & ECC_FLAG_DJB_TWEAK))
-- { /* Prepend 0x40 prefix. */
-- *mbuf = 0x40;
-- memcpy (mbuf+1, m, mlen);
-- mlen++;
-- }
-- else
-- memcpy (mbuf, m, mlen);
-+ len = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, NULL, 0);
-
-- if (app->app_local->keyattr[keyno].key_type == KEY_TYPE_RSA)
-- {
-- ebuf = xtrymalloc (elen + 1);
-- if (!ebuf)
-+ keybuf = xtrymalloc (len);
-+ if (!keybuf)
- {
- err = gpg_error_from_syserror ();
-+ gcry_sexp_release (s_pkey);
- goto leave;
- }
-- /* Prepend numbers with a 0 if needed. */
-- if (elen && (*e & 0x80))
-- {
-- *ebuf = 0;
-- memcpy (ebuf+1, e, elen);
-- elen++;
-- }
-- else
-- memcpy (ebuf, e, elen);
-
-- err = gcry_sexp_build (&s_pkey, NULL, "(public-key(rsa(n%b)(e%b)))",
-- (int)mlen, mbuf, (int)elen, ebuf);
-- }
-- else if (app->app_local->keyattr[keyno].key_type == KEY_TYPE_ECC)
-- {
-- char *format;
--
-- if (!(app->app_local->keyattr[keyno].ecc.flags & ECC_FLAG_DJB_TWEAK))
-- format = "(public-key(ecc(curve%s)(q%b)))";
-- else if (keyno == 1)
-- format = "(public-key(ecc(curve%s)(flags djb-tweak)(q%b)))";
-- else
-- format = "(public-key(ecc(curve%s)(flags eddsa)(q%b)))";
--
-- err = gcry_sexp_build (&s_pkey, NULL, format,
-- openpgp_oid_to_curve (app->app_local->keyattr[keyno].ecc.oid, 1),
-- (int)mlen, mbuf);
-- }
-- else
-- err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
--
-- if (err)
-- goto leave;
--
-- len = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, NULL, 0);
--
-- keybuf = xtrymalloc (len);
-- if (!keybuf)
-- {
-+ gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, keybuf, len);
- gcry_sexp_release (s_pkey);
-- err = gpg_error_from_syserror ();
-- goto leave;
-- }
-- gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, keybuf, len);
-- gcry_sexp_release (s_pkey);
-
-- app->app_local->pk[keyno].key = (unsigned char*)keybuf;
-- app->app_local->pk[keyno].keylen = len - 1; /* Decrement for trailing '\0' */
-+ app->app_local->pk[keyno].key = (unsigned char*)keybuf;
-+ /* Decrement for trailing '\0' */
-+ app->app_local->pk[keyno].keylen = len - 1;
-+ }
-
- leave:
- /* Set a flag to indicate that we tried to read the key. */
- app->app_local->pk[keyno].read_done = 1;
-
- xfree (buffer);
-- xfree (mbuf);
-- xfree (ebuf);
- return err;
- }
- #endif /* GNUPG_MAJOR_VERSION > 1 */
-@@ -3533,7 +3673,6 @@ do_genkey (app_t app, ctrl_t ctrl, const char *keynostr, unsigned int flags,
- {
- gpg_error_t err;
- char numbuf[30];
-- unsigned char fprbuf[20];
- unsigned char *buffer = NULL;
- const unsigned char *keydata;
- size_t buflen, keydatalen;
-@@ -3623,117 +3762,7 @@ do_genkey (app_t app, ctrl_t ctrl, const char *keynostr, unsigned int flags,
- send_status_info (ctrl, "KEY-CREATED-AT",
- numbuf, (size_t)strlen(numbuf), NULL, 0);
-
-- if (app->app_local->keyattr[keyno].key_type == KEY_TYPE_RSA)
-- {
-- const unsigned char *m, *e;
-- size_t mlen, elen;
--
-- m = find_tlv (keydata, keydatalen, 0x0081, &mlen);
-- if (!m)
-- {
-- err = gpg_error (GPG_ERR_CARD);
-- log_error (_("response does not contain the RSA modulus\n"));
-- goto leave;
-- }
-- /* log_printhex ("RSA n:", m, mlen); */
-- send_key_data (ctrl, "n", m, mlen);
--
-- e = find_tlv (keydata, keydatalen, 0x0082, &elen);
-- if (!e)
-- {
-- err = gpg_error (GPG_ERR_CARD);
-- log_error (_("response does not contain the RSA public exponent\n"));
-- goto leave;
-- }
-- /* log_printhex ("RSA e:", e, elen); */
-- send_key_data (ctrl, "e", e, elen);
--
-- for (; mlen && !*m; mlen--, m++) /* strip leading zeroes */
-- ;
-- for (; elen && !*e; elen--, e++) /* strip leading zeroes */
-- ;
--
-- err = store_fpr (app, keyno, created_at, fprbuf, PUBKEY_ALGO_RSA,
-- m, mlen, e, elen);
-- }
-- else if (app->app_local->keyattr[keyno].key_type == KEY_TYPE_ECC)
-- {
-- const unsigned char *ecc_q;
-- size_t ecc_q_len;
-- gcry_mpi_t oid;
-- int n;
-- const unsigned char *oidbuf;
-- size_t oid_len;
-- int algo;
--
-- ecc_q = find_tlv (keydata, keydatalen, 0x0086, &ecc_q_len);
-- if (!ecc_q)
-- {
-- err = gpg_error (GPG_ERR_CARD);
-- log_error (_("response does not contain the EC public key\n"));
-- goto leave;
-- }
--
-- err = openpgp_oid_from_str (app->app_local->keyattr[keyno].ecc.oid, &oid);
-- if (err)
-- goto leave;
--
-- oidbuf = gcry_mpi_get_opaque (oid, &n);
-- if (!oidbuf)
-- {
-- err = gpg_error_from_syserror ();
-- gcry_mpi_release (oid);
-- goto leave;
-- }
-- gcry_mpi_release (oid);
-- oid_len = (n+7)/8;
--
-- if ((app->app_local->keyattr[keyno].ecc.flags & ECC_FLAG_DJB_TWEAK))
-- { /* Prepend 0x40 prefix. */
-- unsigned char *q = xtrymalloc (ecc_q_len + 1);
--
-- if (!q)
-- {
-- err = gpg_error_from_syserror ();
-- goto leave;
-- }
-- *q = 0x40;
-- memcpy (q+1, ecc_q, ecc_q_len);
-- send_key_data (ctrl, "q", q, ecc_q_len + 1);
-- xfree (q);
-- }
-- else
-- {
-- /* strip leading zeroes */
-- for (; ecc_q_len && !*ecc_q; ecc_q_len--, ecc_q++)
-- ;
-- send_key_data (ctrl, "q", ecc_q, ecc_q_len);
-- }
--
-- send_key_data (ctrl, "curve", oidbuf, oid_len);
--
-- if (keyno == 1)
-- {
-- send_key_data (ctrl, "kdf", "\x03\x01\x08\x07", (size_t)4);
-- algo = PUBKEY_ALGO_ECDH;
-- }
-- else
-- {
-- if ((app->app_local->keyattr[keyno].ecc.flags & ECC_FLAG_DJB_TWEAK))
-- algo = PUBKEY_ALGO_EDDSA;
-- else
-- algo = PUBKEY_ALGO_ECDSA;
-- }
--
-- err = store_fpr (app, keyno, created_at, fprbuf, algo, oidbuf, oid_len,
-- ecc_q, ecc_q_len, "\x03\x01\x08\x07", (size_t)4);
-- }
--
-- if (err)
-- goto leave;
-- send_fpr_if_not_null (ctrl, "KEY-FPR", -1, fprbuf);
--
--
-+ err = read_public_key (app, ctrl, created_at, keyno, buffer, buflen);
- leave:
- xfree (buffer);
- return err;
diff --git a/debian/patches/0081-agent-g10-Fix-keygen.patch b/debian/patches/0081-agent-g10-Fix-keygen.patch
deleted file mode 100644
index d72da6c..0000000
--- a/debian/patches/0081-agent-g10-Fix-keygen.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Thu, 20 Oct 2016 20:01:46 +0900
-Subject: agent, g10: Fix keygen.
-
-* agent/command.c (cmd_readkey): Get length after card_readkey.
-* g10/keygen.c (gen_card_key): Fix off-by-one error.
-
---
-
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- agent/command.c | 2 +-
- g10/keygen.c | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/agent/command.c b/agent/command.c
-index 12d90ed..1cab1d4 100644
---- a/agent/command.c
-+++ b/agent/command.c
-@@ -1013,10 +1013,10 @@ cmd_readkey (assuan_context_t ctx, char *line)
- goto leave;
- }
-
-- pkbuflen = gcry_sexp_canon_len (pkbuf, 0, NULL, NULL);
- rc = agent_card_readkey (ctrl, keyid, &pkbuf);
- if (rc)
- goto leave;
-+ pkbuflen = gcry_sexp_canon_len (pkbuf, 0, NULL, NULL);
- rc = gcry_sexp_sscan (&s_pkey, NULL, (char*)pkbuf, pkbuflen);
- if (rc)
- goto leave;
-diff --git a/g10/keygen.c b/g10/keygen.c
-index 90f8544..2115b5a 100644
---- a/g10/keygen.c
-+++ b/g10/keygen.c
-@@ -4876,7 +4876,7 @@ gen_card_key (int algo, int keyno, int is_primary, kbnode_t pub_root,
- unsigned char *public;
- gcry_sexp_t s_key;
-
-- snprintf (keyid, DIM(keyid)-1, "OPENPGP.%d", keyno);
-+ snprintf (keyid, DIM(keyid), "OPENPGP.%d", keyno);
- keyid[DIM(keyid)-1] = 0;
-
- if (algo != PUBKEY_ALGO_RSA)
diff --git a/debian/patches/0082-agent-Fix-saving-with-FORCE-1.patch b/debian/patches/0082-agent-Fix-saving-with-FORCE-1.patch
deleted file mode 100644
index 5f39692..0000000
--- a/debian/patches/0082-agent-Fix-saving-with-FORCE-1.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Fri, 21 Oct 2016 10:57:29 +0900
-Subject: agent: Fix saving with FORCE=1.
-
-* agent/findkey.c (agent_write_private_key): Recover from an error of
-GPG_ERR_ENOENT when FORCE=1 and it is opened with "rb+".
-
---
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- agent/findkey.c | 25 +++++++++++++++++++------
- 1 file changed, 19 insertions(+), 6 deletions(-)
-
-diff --git a/agent/findkey.c b/agent/findkey.c
-index 23e94f0..162e8c2 100644
---- a/agent/findkey.c
-+++ b/agent/findkey.c
-@@ -152,17 +152,30 @@ agent_write_private_key (const unsigned char *grip,
- if (!fp)
- {
- gpg_error_t tmperr = gpg_error_from_syserror ();
-- log_error ("can't create '%s': %s\n", fname, gpg_strerror (tmperr));
-- xfree (fname);
-- return tmperr;
-- }
-
-- /* See if an existing key is in extended format. */
-- if (force)
-+ if (force && gpg_err_code (tmperr) == GPG_ERR_ENOENT)
-+ {
-+ fp = es_fopen (fname, "wbx,mode=-rw");
-+ if (!fp)
-+ {
-+ tmperr = gpg_error_from_syserror ();
-+ goto error;
-+ }
-+ }
-+ else
-+ {
-+ error:
-+ log_error ("can't create '%s': %s\n", fname, gpg_strerror (tmperr));
-+ xfree (fname);
-+ return tmperr;
-+ }
-+ }
-+ else if (force)
- {
- gpg_error_t rc;
- char first;
-
-+ /* See if an existing key is in extended format. */
- if (es_fread (&first, 1, 1, fp) != 1)
- {
- rc = gpg_error_from_syserror ();
diff --git a/debian/patches/0083-Fix-use-cases-of-snprintf.patch b/debian/patches/0083-Fix-use-cases-of-snprintf.patch
deleted file mode 100644
index 3960058..0000000
--- a/debian/patches/0083-Fix-use-cases-of-snprintf.patch
+++ /dev/null
@@ -1,999 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Fri, 21 Oct 2016 12:04:46 +0900
-Subject: Fix use cases of snprintf.
-
-* agent/call-pinentry.c, agent/call-scd.c, agent/command.c,
-build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c,
-dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c,
-g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c,
-sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99.
-
---
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- agent/call-pinentry.c | 75 +++++++++++++++--------------------------
- agent/call-scd.c | 12 +++----
- agent/command.c | 2 +-
- build-aux/speedo/w32/g4wihelp.c | 8 ++---
- common/get-passphrase.c | 6 ++--
- dirmngr/dirmngr.c | 3 +-
- g10/call-agent.c | 65 ++++++++++++++---------------------
- g10/cpr.c | 6 ++--
- g10/keygen.c | 1 -
- g10/openfile.c | 4 +--
- g10/passphrase.c | 4 +--
- scd/app-openpgp.c | 2 +-
- scd/scdaemon.c | 3 +-
- sm/call-agent.c | 50 ++++++++++-----------------
- sm/call-dirmngr.c | 11 +++---
- sm/certreqgen.c | 2 +-
- 16 files changed, 97 insertions(+), 157 deletions(-)
-
-diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c
-index 0f24086..46db9e8 100644
---- a/agent/call-pinentry.c
-+++ b/agent/call-pinentry.c
-@@ -734,8 +734,7 @@ setup_qualitybar (ctrl_t ctrl)
- /* TRANSLATORS: This string is displayed by Pinentry as the label
- for the quality bar. */
- tmpstr = try_percent_escape (L_("Quality:"), "\t\r\n\f\v");
-- snprintf (line, DIM(line)-1, "SETQUALITYBAR %s", tmpstr? tmpstr:"");
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "SETQUALITYBAR %s", tmpstr? tmpstr:"");
- xfree (tmpstr);
- rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
- if (rc == 103 /*(Old assuan error code)*/
-@@ -763,8 +762,7 @@ setup_qualitybar (ctrl_t ctrl)
- }
- tmpstr = try_percent_escape (tooltip, "\t\r\n\f\v");
- xfree (tmpstr2);
-- snprintf (line, DIM(line)-1, "SETQUALITYBAR_TT %s", tmpstr? tmpstr:"");
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "SETQUALITYBAR_TT %s", tmpstr? tmpstr:"");
- xfree (tmpstr);
- rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
- if (rc == 103 /*(Old assuan error code)*/
-@@ -887,27 +885,25 @@ agent_askpin (ctrl_t ctrl,
- if (keyinfo && (cache_mode == CACHE_MODE_NORMAL
- || cache_mode == CACHE_MODE_USER
- || cache_mode == CACHE_MODE_SSH))
-- snprintf (line, DIM(line)-1, "SETKEYINFO %c/%s",
-+ snprintf (line, DIM(line), "SETKEYINFO %c/%s",
- cache_mode == CACHE_MODE_USER? 'u' :
- cache_mode == CACHE_MODE_SSH? 's' : 'n',
- keyinfo);
- else
-- snprintf (line, DIM(line)-1, "SETKEYINFO --clear");
-+ snprintf (line, DIM(line), "SETKEYINFO --clear");
-
- rc = assuan_transact (entry_ctx, line,
- NULL, NULL, NULL, NULL, NULL, NULL);
- if (rc && gpg_err_code (rc) != GPG_ERR_ASS_UNKNOWN_CMD)
- return unlock_pinentry (rc);
-
-- snprintf (line, DIM(line)-1, "SETDESC %s", desc_text);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "SETDESC %s", desc_text);
- rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
- if (rc)
- return unlock_pinentry (rc);
-
-- snprintf (line, DIM(line)-1, "SETPROMPT %s",
-+ snprintf (line, DIM(line), "SETPROMPT %s",
- prompt_text? prompt_text : is_pin? L_("PIN:") : L_("Passphrase:"));
-- line[DIM(line)-1] = 0;
- rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
- if (rc)
- return unlock_pinentry (rc);
-@@ -924,8 +920,7 @@ agent_askpin (ctrl_t ctrl,
-
- if (initial_errtext)
- {
-- snprintf (line, DIM(line)-1, "SETERROR %s", initial_errtext);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "SETERROR %s", initial_errtext);
- rc = assuan_transact (entry_ctx, line,
- NULL, NULL, NULL, NULL, NULL, NULL);
- if (rc)
-@@ -934,9 +929,8 @@ agent_askpin (ctrl_t ctrl,
-
- if (pininfo->with_repeat)
- {
-- snprintf (line, DIM(line)-1, "SETREPEATERROR %s",
-+ snprintf (line, DIM(line), "SETREPEATERROR %s",
- L_("does not match - try again"));
-- line[DIM(line)-1] = 0;
- rc = assuan_transact (entry_ctx, line,
- NULL, NULL, NULL, NULL, NULL, NULL);
- if (rc)
-@@ -956,9 +950,8 @@ agent_askpin (ctrl_t ctrl,
- /* TRANSLATORS: The string is appended to an error message in
- the pinentry. The %s is the actual error message, the
- two %d give the current and maximum number of tries. */
-- snprintf (line, DIM(line)-1, L_("SETERROR %s (try %d of %d)"),
-+ snprintf (line, DIM(line), L_("SETERROR %s (try %d of %d)"),
- errtext, pininfo->failed_tries+1, pininfo->max_tries);
-- line[DIM(line)-1] = 0;
- rc = assuan_transact (entry_ctx, line,
- NULL, NULL, NULL, NULL, NULL, NULL);
- if (rc)
-@@ -968,8 +961,7 @@ agent_askpin (ctrl_t ctrl,
-
- if (pininfo->with_repeat)
- {
-- snprintf (line, DIM(line)-1, "SETREPEAT %s", L_("Repeat:"));
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "SETREPEAT %s", L_("Repeat:"));
- rc = assuan_transact (entry_ctx, line,
- NULL, NULL, NULL, NULL, NULL, NULL);
- if (rc)
-@@ -1100,12 +1092,12 @@ agent_get_passphrase (ctrl_t ctrl,
- if (keyinfo && (cache_mode == CACHE_MODE_NORMAL
- || cache_mode == CACHE_MODE_USER
- || cache_mode == CACHE_MODE_SSH))
-- snprintf (line, DIM(line)-1, "SETKEYINFO %c/%s",
-+ snprintf (line, DIM(line), "SETKEYINFO %c/%s",
- cache_mode == CACHE_MODE_USER? 'u' :
- cache_mode == CACHE_MODE_SSH? 's' : 'n',
- keyinfo);
- else
-- snprintf (line, DIM(line)-1, "SETKEYINFO --clear");
-+ snprintf (line, DIM(line), "SETKEYINFO --clear");
-
- rc = assuan_transact (entry_ctx, line,
- NULL, NULL, NULL, NULL, NULL, NULL);
-@@ -1114,16 +1106,14 @@ agent_get_passphrase (ctrl_t ctrl,
-
-
- if (desc)
-- snprintf (line, DIM(line)-1, "SETDESC %s", desc);
-+ snprintf (line, DIM(line), "SETDESC %s", desc);
- else
-- snprintf (line, DIM(line)-1, "RESET");
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "RESET");
- rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
- if (rc)
- return unlock_pinentry (rc);
-
-- snprintf (line, DIM(line)-1, "SETPROMPT %s", prompt);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "SETPROMPT %s", prompt);
- rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
- if (rc)
- return unlock_pinentry (rc);
-@@ -1137,8 +1127,7 @@ agent_get_passphrase (ctrl_t ctrl,
-
- if (errtext)
- {
-- snprintf (line, DIM(line)-1, "SETERROR %s", errtext);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "SETERROR %s", errtext);
- rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
- if (rc)
- return unlock_pinentry (rc);
-@@ -1205,10 +1194,9 @@ agent_get_confirmation (ctrl_t ctrl,
- return rc;
-
- if (desc)
-- snprintf (line, DIM(line)-1, "SETDESC %s", desc);
-+ snprintf (line, DIM(line), "SETDESC %s", desc);
- else
-- snprintf (line, DIM(line)-1, "RESET");
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "RESET");
- rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
- /* Most pinentries out in the wild return the old Assuan error code
- for canceled which gets translated to an assuan Cancel error and
-@@ -1221,8 +1209,7 @@ agent_get_confirmation (ctrl_t ctrl,
-
- if (ok)
- {
-- snprintf (line, DIM(line)-1, "SETOK %s", ok);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "SETOK %s", ok);
- rc = assuan_transact (entry_ctx,
- line, NULL, NULL, NULL, NULL, NULL, NULL);
- if (rc)
-@@ -1235,8 +1222,7 @@ agent_get_confirmation (ctrl_t ctrl,
- the standard cancel. */
- if (with_cancel)
- {
-- snprintf (line, DIM(line)-1, "SETNOTOK %s", notok);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "SETNOTOK %s", notok);
- rc = assuan_transact (entry_ctx,
- line, NULL, NULL, NULL, NULL, NULL, NULL);
- }
-@@ -1245,8 +1231,7 @@ agent_get_confirmation (ctrl_t ctrl,
-
- if (gpg_err_code (rc) == GPG_ERR_ASS_UNKNOWN_CMD)
- {
-- snprintf (line, DIM(line)-1, "SETCANCEL %s", notok);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "SETCANCEL %s", notok);
- rc = assuan_transact (entry_ctx, line,
- NULL, NULL, NULL, NULL, NULL, NULL);
- }
-@@ -1282,10 +1267,9 @@ agent_show_message (ctrl_t ctrl, const char *desc, const char *ok_btn)
- return rc;
-
- if (desc)
-- snprintf (line, DIM(line)-1, "SETDESC %s", desc);
-+ snprintf (line, DIM(line), "SETDESC %s", desc);
- else
-- snprintf (line, DIM(line)-1, "RESET");
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "RESET");
- rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
- /* Most pinentries out in the wild return the old Assuan error code
- for canceled which gets translated to an assuan Cancel error and
-@@ -1298,8 +1282,7 @@ agent_show_message (ctrl_t ctrl, const char *desc, const char *ok_btn)
-
- if (ok_btn)
- {
-- snprintf (line, DIM(line)-1, "SETOK %s", ok_btn);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "SETOK %s", ok_btn);
- rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL,
- NULL, NULL, NULL);
- if (rc)
-@@ -1354,18 +1337,16 @@ agent_popup_message_start (ctrl_t ctrl, const char *desc, const char *ok_btn)
- return rc;
-
- if (desc)
-- snprintf (line, DIM(line)-1, "SETDESC %s", desc);
-+ snprintf (line, DIM(line), "SETDESC %s", desc);
- else
-- snprintf (line, DIM(line)-1, "RESET");
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "RESET");
- rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
- if (rc)
- return unlock_pinentry (rc);
-
- if (ok_btn)
- {
-- snprintf (line, DIM(line)-1, "SETOK %s", ok_btn);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "SETOK %s", ok_btn);
- rc = assuan_transact (entry_ctx, line, NULL,NULL,NULL,NULL,NULL,NULL);
- if (rc)
- return unlock_pinentry (rc);
-@@ -1465,7 +1446,7 @@ agent_clear_passphrase (ctrl_t ctrl,
- if (rc)
- return rc;
-
-- snprintf (line, DIM(line)-1, "CLEARPASSPHRASE %c/%s",
-+ snprintf (line, DIM(line), "CLEARPASSPHRASE %c/%s",
- cache_mode == CACHE_MODE_USER? 'u' :
- cache_mode == CACHE_MODE_SSH? 's' : 'n',
- keyinfo);
-diff --git a/agent/call-scd.c b/agent/call-scd.c
-index 934ab4c..0f7d570 100644
---- a/agent/call-scd.c
-+++ b/agent/call-scd.c
-@@ -946,8 +946,7 @@ agent_card_pkdecrypt (ctrl_t ctrl,
- inqparm.getpin_cb_arg = getpin_cb_arg;
- inqparm.passthru = 0;
- inqparm.any_inq_seen = 0;
-- snprintf (line, DIM(line)-1, "PKDECRYPT %s", keyid);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "PKDECRYPT %s", keyid);
- rc = assuan_transact (ctrl->scd_local->ctx, line,
- put_membuf_cb, &data,
- inq_needpin, &inqparm,
-@@ -986,8 +985,7 @@ agent_card_readcert (ctrl_t ctrl,
- return rc;
-
- init_membuf (&data, 1024);
-- snprintf (line, DIM(line)-1, "READCERT %s", id);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "READCERT %s", id);
- rc = assuan_transact (ctrl->scd_local->ctx, line,
- put_membuf_cb, &data,
- NULL, NULL,
-@@ -1022,8 +1020,7 @@ agent_card_readkey (ctrl_t ctrl, const char *id, unsigned char **r_buf)
- return rc;
-
- init_membuf (&data, 1024);
-- snprintf (line, DIM(line)-1, "READKEY %s", id);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "READKEY %s", id);
- rc = assuan_transact (ctrl->scd_local->ctx, line,
- put_membuf_cb, &data,
- NULL, NULL,
-@@ -1088,8 +1085,7 @@ agent_card_writekey (ctrl_t ctrl, int force, const char *serialno,
- if (rc)
- return rc;
-
-- snprintf (line, DIM(line)-1, "WRITEKEY %s%s", force ? "--force " : "", id);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "WRITEKEY %s%s", force ? "--force " : "", id);
- parms.ctx = ctrl->scd_local->ctx;
- parms.getpin_cb = getpin_cb;
- parms.getpin_cb_arg = getpin_cb_arg;
-diff --git a/agent/command.c b/agent/command.c
-index 1cab1d4..b17c62d 100644
---- a/agent/command.c
-+++ b/agent/command.c
-@@ -362,7 +362,7 @@ agent_inq_pinentry_launched (ctrl_t ctrl, unsigned long pid)
- if (!ctrl || !ctrl->server_local
- || !ctrl->server_local->allow_pinentry_notify)
- return 0;
-- snprintf (line, DIM(line)-1, "PINENTRY_LAUNCHED %lu", pid);
-+ snprintf (line, DIM(line), "PINENTRY_LAUNCHED %lu", pid);
- return assuan_inquire (ctrl->server_local->assuan_ctx, line, NULL, NULL, 0);
- }
-
-diff --git a/build-aux/speedo/w32/g4wihelp.c b/build-aux/speedo/w32/g4wihelp.c
-index d2c93e7..fe903aa 100644
---- a/build-aux/speedo/w32/g4wihelp.c
-+++ b/build-aux/speedo/w32/g4wihelp.c
-@@ -70,12 +70,12 @@ dummy (HWND hwndParent, int string_size, char *variables,
- // do your stuff here
- {
- char buf[1024];
-- snprintf (buf, sizeof buf - 1, "$R0=%s\r\n$R1=%s\r\n",
-+ snprintf (buf, sizeof buf, "$R0=%s\r\n$R1=%s\r\n",
- getuservariable(INST_R0),
- getuservariable(INST_R1));
- MessageBox (g_hwndParent,buf,0,MB_OK);
-
-- snprintf (buf, sizeof buf - 1,
-+ snprintf (buf, sizeof buf,
- "autoclose =%d\r\n"
- "all_user_var =%d\r\n"
- "exec_error =%d\r\n"
-@@ -278,7 +278,7 @@ void
- service_error (const char *str)
- {
- char buf[1024];
-- snprintf (buf, sizeof (buf) - 1, "error: %s: ec=%d\r\n", str,
-+ snprintf (buf, sizeof (buf), "error: %s: ec=%d\r\n", str,
- GetLastError ());
- MessageBox(g_hwndParent, buf, 0, MB_OK);
-
-@@ -575,7 +575,7 @@ service_stop (HWND hwndParent, int string_size, char *variables,
- if (GetTickCount () - start_time > timeout)
- {
- char buf[1024];
-- snprintf (buf, sizeof (buf) - 1,
-+ snprintf (buf, sizeof (buf),
- "time out waiting for service %s to stop\r\n",
- service_name);
- MessageBox (g_hwndParent, buf, 0, MB_OK);
-diff --git a/common/get-passphrase.c b/common/get-passphrase.c
-index 8f3137b..46a7835 100644
---- a/common/get-passphrase.c
-+++ b/common/get-passphrase.c
-@@ -181,7 +181,7 @@ gnupg_get_passphrase (const char *cache_id,
- if (!(arg4 = percent_plus_escape (desc_msg)))
- goto no_mem;
-
-- snprintf (line, DIM(line)-1,
-+ snprintf (line, DIM(line),
- "GET_PASSPHRASE --data %s--repeat=%d -- %s %s %s %s",
- check_quality? "--check ":"",
- repeat,
-@@ -189,7 +189,6 @@ gnupg_get_passphrase (const char *cache_id,
- arg2? arg2:"X",
- arg3? arg3:"X",
- arg4? arg4:"X");
-- line[DIM(line)-1] = 0;
- xfree (arg2);
- xfree (arg3);
- xfree (arg4);
-@@ -250,8 +249,7 @@ gnupg_clear_passphrase (const char *cache_id)
- if (err)
- return err;
-
-- snprintf (line, DIM(line)-1, "CLEAR_PASSPHRASE %s", cache_id);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "CLEAR_PASSPHRASE %s", cache_id);
- return assuan_transact (agent_ctx, line, NULL, NULL,
- default_inq_cb, NULL, NULL, NULL);
- }
-diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
-index 2bbc0ed..ba9f96d 100644
---- a/dirmngr/dirmngr.c
-+++ b/dirmngr/dirmngr.c
-@@ -2050,9 +2050,8 @@ handle_connections (assuan_fd_t listen_fd)
-
- memset (&argval, 0, sizeof argval);
- argval.afd = fd;
-- snprintf (threadname, sizeof threadname-1,
-+ snprintf (threadname, sizeof threadname,
- "conn fd=%d", FD2INT(fd));
-- threadname[sizeof threadname -1] = 0;
-
- ret = npth_create (&thread, &tattr,
- start_connection_thread, argval.aptr);
-diff --git a/g10/call-agent.c b/g10/call-agent.c
-index 632cabe..c1ad8dd 100644
---- a/g10/call-agent.c
-+++ b/g10/call-agent.c
-@@ -726,7 +726,7 @@ agent_scd_apdu (const char *hexapdu, unsigned int *r_sw)
-
- init_membuf (&mb, 256);
-
-- snprintf (line, DIM(line)-1, "SCD APDU %s", hexapdu);
-+ snprintf (line, DIM(line), "SCD APDU %s", hexapdu);
- err = assuan_transact (agent_ctx, line,
- put_membuf_cb, &mb, NULL, NULL, NULL, NULL);
- if (!err)
-@@ -758,9 +758,8 @@ agent_keytocard (const char *hexgrip, int keyno, int force,
-
- memset (&parm, 0, sizeof parm);
-
-- snprintf (line, DIM(line)-1, "KEYTOCARD %s%s %s OPENPGP.%d %s",
-+ snprintf (line, DIM(line), "KEYTOCARD %s%s %s OPENPGP.%d %s",
- force?"--force ": "", hexgrip, serialno, keyno, timestamp);
-- line[DIM(line)-1] = 0;
-
- rc = start_agent (NULL, 1);
- if (rc)
-@@ -902,8 +901,7 @@ agent_scd_writecert (const char *certidstr,
-
- memset (&parms, 0, sizeof parms);
-
-- snprintf (line, DIM(line)-1, "SCD WRITECERT %s", certidstr);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "SCD WRITECERT %s", certidstr);
- dfltparm.ctx = agent_ctx;
- parms.dflt = &dfltparm;
- parms.certdata = certdata;
-@@ -956,8 +954,7 @@ agent_scd_writekey (int keyno, const char *serialno,
-
- memset (&parms, 0, sizeof parms);
-
-- snprintf (line, DIM(line)-1, "SCD WRITEKEY --force OPENPGP.%d", keyno);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "SCD WRITEKEY --force OPENPGP.%d", keyno);
- dfltparm.ctx = agent_ctx;
- parms.dflt = &dfltparm;
- parms.keydata = keydata;
-@@ -1019,11 +1016,10 @@ agent_scd_genkey (int keyno, int force, u32 *createtime)
- else
- *tbuf = 0;
-
-- snprintf (line, DIM(line)-1, "SCD GENKEY %s%s %s %d",
-+ snprintf (line, DIM(line), "SCD GENKEY %s%s %s %d",
- *tbuf? "--timestamp=":"", tbuf,
- force? "--force":"",
- keyno);
-- line[DIM(line)-1] = 0;
-
- dfltparm.ctx = agent_ctx;
- rc = assuan_transact (agent_ctx, line,
-@@ -1151,8 +1147,7 @@ agent_scd_readcert (const char *certidstr,
-
- init_membuf (&data, 2048);
-
-- snprintf (line, DIM(line)-1, "SCD READCERT %s", certidstr);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "SCD READCERT %s", certidstr);
- rc = assuan_transact (agent_ctx, line,
- put_membuf_cb, &data,
- default_inq_cb, &dfltparm,
-@@ -1202,8 +1197,7 @@ agent_scd_change_pin (int chvno, const char *serialno)
- return rc;
- dfltparm.ctx = agent_ctx;
-
-- snprintf (line, DIM(line)-1, "SCD PASSWD %s %d", reset, chvno);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "SCD PASSWD %s %d", reset, chvno);
- rc = assuan_transact (agent_ctx, line,
- NULL, NULL,
- default_inq_cb, &dfltparm,
-@@ -1230,8 +1224,7 @@ agent_scd_checkpin (const char *serialno)
- return rc;
- dfltparm.ctx = agent_ctx;
-
-- snprintf (line, DIM(line)-1, "SCD CHECKPIN %s", serialno);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "SCD CHECKPIN %s", serialno);
- rc = assuan_transact (agent_ctx, line,
- NULL, NULL,
- default_inq_cb, &dfltparm,
-@@ -1301,7 +1294,7 @@ agent_get_passphrase (const char *cache_id,
- if (!(arg4 = percent_plus_escape (desc_msg)))
- goto no_mem;
-
-- snprintf (line, DIM(line)-1,
-+ snprintf (line, DIM(line),
- "GET_PASSPHRASE --data --repeat=%d%s -- %s %s %s %s",
- repeat,
- check? " --check --qualitybar":"",
-@@ -1309,7 +1302,6 @@ agent_get_passphrase (const char *cache_id,
- arg2? arg2:"X",
- arg3? arg3:"X",
- arg4? arg4:"X");
-- line[DIM(line)-1] = 0;
- xfree (arg1);
- xfree (arg2);
- xfree (arg3);
-@@ -1358,8 +1350,7 @@ agent_clear_passphrase (const char *cache_id)
- return rc;
- dfltparm.ctx = agent_ctx;
-
-- snprintf (line, DIM(line)-1, "CLEAR_PASSPHRASE %s", cache_id);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "CLEAR_PASSPHRASE %s", cache_id);
- return assuan_transact (agent_ctx, line,
- NULL, NULL,
- default_inq_cb, &dfltparm,
-@@ -1387,8 +1378,7 @@ gpg_agent_get_confirmation (const char *desc)
- tmp = percent_plus_escape (desc);
- if (!tmp)
- return gpg_error_from_syserror ();
-- snprintf (line, DIM(line)-1, "GET_CONFIRMATION %s", tmp);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "GET_CONFIRMATION %s", tmp);
- xfree (tmp);
-
- rc = assuan_transact (agent_ctx, line,
-@@ -1574,8 +1564,7 @@ agent_get_keyinfo (ctrl_t ctrl, const char *hexkeygrip,
- if (!hexkeygrip || strlen (hexkeygrip) != 40)
- return gpg_error (GPG_ERR_INV_VALUE);
-
-- snprintf (line, DIM(line)-1, "KEYINFO %s", hexkeygrip);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "KEYINFO %s", hexkeygrip);
-
- err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL,
- keyinfo_status_cb, &keyinfo);
-@@ -1761,7 +1750,7 @@ agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip,
- if (err)
- return err;
-
-- snprintf (line, DIM(line)-1, "READKEY %s%s", fromcard? "--card ":"",
-+ snprintf (line, DIM(line), "READKEY %s%s", fromcard? "--card ":"",
- hexkeygrip);
-
- init_membuf (&data, 1024);
-@@ -1826,16 +1815,14 @@ agent_pksign (ctrl_t ctrl, const char *cache_nonce,
- if (err)
- return err;
-
-- snprintf (line, DIM(line)-1, "SIGKEY %s", keygrip);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "SIGKEY %s", keygrip);
- err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
- if (err)
- return err;
-
- if (desc)
- {
-- snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "SETKEYDESC %s", desc);
- err = assuan_transact (agent_ctx, line,
- NULL, NULL, NULL, NULL, NULL, NULL);
- if (err)
-@@ -1966,8 +1953,7 @@ agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
-
- if (desc)
- {
-- snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "SETKEYDESC %s", desc);
- err = assuan_transact (agent_ctx, line,
- NULL, NULL, NULL, NULL, NULL, NULL);
- if (err)
-@@ -2059,7 +2045,7 @@ agent_keywrap_key (ctrl_t ctrl, int forexport, void **r_kek, size_t *r_keklen)
- return err;
- dfltparm.ctx = agent_ctx;
-
-- snprintf (line, DIM(line)-1, "KEYWRAP_KEY %s",
-+ snprintf (line, DIM(line), "KEYWRAP_KEY %s",
- forexport? "--export":"--import");
-
- init_membuf_secure (&data, 64);
-@@ -2121,8 +2107,7 @@ agent_import_key (ctrl_t ctrl, const char *desc, char **cache_nonce_addr,
-
- if (desc)
- {
-- snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "SETKEYDESC %s", desc);
- err = assuan_transact (agent_ctx, line,
- NULL, NULL, NULL, NULL, NULL, NULL);
- if (err)
-@@ -2182,14 +2167,14 @@ agent_export_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
-
- if (desc)
- {
-- snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
-+ snprintf (line, DIM(line), "SETKEYDESC %s", desc);
- err = assuan_transact (agent_ctx, line,
- NULL, NULL, NULL, NULL, NULL, NULL);
- if (err)
- return err;
- }
-
-- snprintf (line, DIM(line)-1, "EXPORT_KEY %s%s%s %s",
-+ snprintf (line, DIM(line), "EXPORT_KEY %s%s%s %s",
- openpgp_protected ? "--openpgp ":"",
- cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"",
- cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"",
-@@ -2241,14 +2226,14 @@ agent_delete_key (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
-
- if (desc)
- {
-- snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
-+ snprintf (line, DIM(line), "SETKEYDESC %s", desc);
- err = assuan_transact (agent_ctx, line,
- NULL, NULL, NULL, NULL, NULL, NULL);
- if (err)
- return err;
- }
-
-- snprintf (line, DIM(line)-1, "DELETE_KEY%s %s",
-+ snprintf (line, DIM(line), "DELETE_KEY%s %s",
- force? " --force":"", hexkeygrip);
- err = assuan_transact (agent_ctx, line, NULL, NULL,
- default_inq_cb, &dfltparm,
-@@ -2287,7 +2272,7 @@ agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc, int verify,
-
- if (desc)
- {
-- snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
-+ snprintf (line, DIM(line), "SETKEYDESC %s", desc);
- err = assuan_transact (agent_ctx, line,
- NULL, NULL, NULL, NULL, NULL, NULL);
- if (err)
-@@ -2295,12 +2280,12 @@ agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc, int verify,
- }
-
- if (verify)
-- snprintf (line, DIM(line)-1, "PASSWD %s%s --verify %s",
-+ snprintf (line, DIM(line), "PASSWD %s%s --verify %s",
- cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"",
- cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"",
- hexkeygrip);
- else
-- snprintf (line, DIM(line)-1, "PASSWD %s%s %s%s %s",
-+ snprintf (line, DIM(line), "PASSWD %s%s %s%s %s",
- cache_nonce_addr && *cache_nonce_addr? "--cache-nonce=":"",
- cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"",
- passwd_nonce_addr && *passwd_nonce_addr? "--passwd-nonce=":"",
-diff --git a/g10/cpr.c b/g10/cpr.c
-index 9d8fec9..7760847 100644
---- a/g10/cpr.c
-+++ b/g10/cpr.c
-@@ -53,9 +53,9 @@ progress_cb (void *ctx, const char *what, int printchar,
- (void)ctx;
-
- if ( printchar == '\n' && !strcmp (what, "primegen") )
-- snprintf (buf, sizeof buf -1, "%.20s X 100 100", what );
-+ snprintf (buf, sizeof buf, "%.20s X 100 100", what );
- else
-- snprintf (buf, sizeof buf -1, "%.20s %c %d %d",
-+ snprintf (buf, sizeof buf, "%.20s %c %d %d",
- what, printchar=='\n'?'X':printchar, current, total );
- write_status_text (STATUS_PROGRESS, buf);
- }
-@@ -329,7 +329,7 @@ write_status_begin_signing (gcry_md_hd_t md)
- ga = map_md_openpgp_to_gcry (i);
- if (ga && gcry_md_is_enabled (md, ga) && buflen+10 < DIM(buf))
- {
-- snprintf (buf+buflen, DIM(buf) - buflen - 1,
-+ snprintf (buf+buflen, DIM(buf) - buflen,
- "%sH%d", buflen? " ":"",i);
- buflen += strlen (buf+buflen);
- }
-diff --git a/g10/keygen.c b/g10/keygen.c
-index 2115b5a..5ff89f6 100644
---- a/g10/keygen.c
-+++ b/g10/keygen.c
-@@ -4877,7 +4877,6 @@ gen_card_key (int algo, int keyno, int is_primary, kbnode_t pub_root,
- gcry_sexp_t s_key;
-
- snprintf (keyid, DIM(keyid), "OPENPGP.%d", keyno);
-- keyid[DIM(keyid)-1] = 0;
-
- if (algo != PUBKEY_ALGO_RSA)
- return gpg_error (GPG_ERR_PUBKEY_ALGO);
-diff --git a/g10/openfile.c b/g10/openfile.c
-index 006ff35..ad25604 100644
---- a/g10/openfile.c
-+++ b/g10/openfile.c
-@@ -148,9 +148,9 @@ ask_outfile_name( const char *name, size_t namelen )
- n = strlen(s) + (defname?strlen (defname):0) + 10;
- prompt = xmalloc (n);
- if (defname)
-- snprintf (prompt, n-1, "%s [%s]: ", s, defname );
-+ snprintf (prompt, n, "%s [%s]: ", s, defname );
- else
-- snprintf (prompt, n-1, "%s: ", s );
-+ snprintf (prompt, n, "%s: ", s );
- tty_enable_completion(NULL);
- fname = cpr_get ("openfile.askoutname", prompt );
- cpr_kill_prompt ();
-diff --git a/g10/passphrase.c b/g10/passphrase.c
-index be71b68..d75d980 100644
---- a/g10/passphrase.c
-+++ b/g10/passphrase.c
-@@ -347,7 +347,7 @@ passphrase_to_dek (int cipher_algo, STRING2KEY *s2k,
- {
- char buf[50];
-
-- snprintf (buf, sizeof buf -1, "%d %d %d",
-+ snprintf (buf, sizeof buf, "%d %d %d",
- cipher_algo, s2k->mode, s2k->hash_algo );
- write_status_text ( STATUS_NEED_PASSPHRASE_SYM, buf );
- }
-@@ -447,7 +447,7 @@ emit_status_need_passphrase (u32 *keyid, u32 *mainkeyid, int pubkey_algo)
- write_status_text (STATUS_USERID_HINT, us);
- xfree (us);
-
-- snprintf (buf, sizeof buf -1, "%08lX%08lX %08lX%08lX %d 0",
-+ snprintf (buf, sizeof buf, "%08lX%08lX %08lX%08lX %d 0",
- (ulong)keyid[0],
- (ulong)keyid[1],
- (ulong)(mainkeyid? mainkeyid[0]:keyid[0]),
-diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
-index 843fdf0..0931095 100644
---- a/scd/app-openpgp.c
-+++ b/scd/app-openpgp.c
-@@ -1872,7 +1872,7 @@ verify_a_chv (app_t app,
- prompt_buffer = xtrymalloc (promptsize);
- if (!prompt_buffer)
- return gpg_error_from_syserror ();
-- snprintf (prompt_buffer, promptsize-1, PROMPTSTRING, sigcount);
-+ snprintf (prompt_buffer, promptsize, PROMPTSTRING, sigcount);
- prompt = prompt_buffer;
- #undef PROMPTSTRING
- }
-diff --git a/scd/scdaemon.c b/scd/scdaemon.c
-index 33a822e..0d26410 100644
---- a/scd/scdaemon.c
-+++ b/scd/scdaemon.c
-@@ -1292,8 +1292,7 @@ handle_connections (int listen_fd)
- char threadname[50];
- npth_t thread;
-
-- snprintf (threadname, sizeof threadname-1, "conn fd=%d", fd);
-- threadname[sizeof threadname -1] = 0;
-+ snprintf (threadname, sizeof threadname, "conn fd=%d", fd);
- ctrl->thread_startup.fd = INT2FD (fd);
- ret = npth_create (&thread, &tattr, start_connection_thread, ctrl);
- if (ret)
-diff --git a/sm/call-agent.c b/sm/call-agent.c
-index 3262650..c0a2081 100644
---- a/sm/call-agent.c
-+++ b/sm/call-agent.c
-@@ -243,16 +243,14 @@ gpgsm_agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc,
- if (rc)
- return rc;
-
-- snprintf (line, DIM(line)-1, "SIGKEY %s", keygrip);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "SIGKEY %s", keygrip);
- rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
- if (rc)
- return rc;
-
- if (desc)
- {
-- snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "SETKEYDESC %s", desc);
- rc = assuan_transact (agent_ctx, line,
- NULL, NULL, NULL, NULL, NULL, NULL);
- if (rc)
-@@ -335,8 +333,7 @@ gpgsm_scd_pksign (ctrl_t ctrl, const char *keyid, const char *desc,
-
- init_membuf (&data, 1024);
-
-- snprintf (line, DIM(line)-1, "SCD PKSIGN %s %s", hashopt, keyid);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "SCD PKSIGN %s %s", hashopt, keyid);
- rc = assuan_transact (agent_ctx, line,
- put_membuf_cb, &data, default_inq_cb, &inq_parm,
- NULL, NULL);
-@@ -429,16 +426,14 @@ gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
- return rc;
-
- assert ( DIM(line) >= 50 );
-- snprintf (line, DIM(line)-1, "SETKEY %s", keygrip);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "SETKEY %s", keygrip);
- rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
- if (rc)
- return rc;
-
- if (desc)
- {
-- snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "SETKEYDESC %s", desc);
- rc = assuan_transact (agent_ctx, line,
- NULL, NULL, NULL, NULL, NULL, NULL);
- if (rc)
-@@ -594,9 +589,8 @@ gpgsm_agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip,
- if (rc)
- return rc;
-
-- snprintf (line, DIM(line)-1, "%sREADKEY %s",
-+ snprintf (line, DIM(line), "%sREADKEY %s",
- fromcard? "SCD ":"", hexkeygrip);
-- line[DIM(line)-1] = 0;
-
- init_membuf (&data, 1024);
- rc = assuan_transact (agent_ctx, line,
-@@ -810,8 +804,7 @@ gpgsm_agent_istrusted (ctrl_t ctrl, ksba_cert_t cert, const char *hexfpr,
-
- if (hexfpr)
- {
-- snprintf (line, DIM(line)-1, "ISTRUSTED %s", hexfpr);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "ISTRUSTED %s", hexfpr);
- }
- else
- {
-@@ -824,8 +817,7 @@ gpgsm_agent_istrusted (ctrl_t ctrl, ksba_cert_t cert, const char *hexfpr,
- return gpg_error (GPG_ERR_GENERAL);
- }
-
-- snprintf (line, DIM(line)-1, "ISTRUSTED %s", fpr);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "ISTRUSTED %s", fpr);
- xfree (fpr);
- }
-
-@@ -868,8 +860,7 @@ gpgsm_agent_marktrusted (ctrl_t ctrl, ksba_cert_t cert)
- xfree (dn);
- if (!dnfmt)
- return gpg_error_from_syserror ();
-- snprintf (line, DIM(line)-1, "MARKTRUSTED %s S %s", fpr, dnfmt);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "MARKTRUSTED %s S %s", fpr, dnfmt);
- ksba_free (dnfmt);
- xfree (fpr);
-
-@@ -895,8 +886,7 @@ gpgsm_agent_havekey (ctrl_t ctrl, const char *hexkeygrip)
- if (!hexkeygrip || strlen (hexkeygrip) != 40)
- return gpg_error (GPG_ERR_INV_VALUE);
-
-- snprintf (line, DIM(line)-1, "HAVEKEY %s", hexkeygrip);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "HAVEKEY %s", hexkeygrip);
-
- rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
- return rc;
-@@ -1045,16 +1035,14 @@ gpgsm_agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc)
-
- if (desc)
- {
-- snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "SETKEYDESC %s", desc);
- rc = assuan_transact (agent_ctx, line,
- NULL, NULL, NULL, NULL, NULL, NULL);
- if (rc)
- return rc;
- }
-
-- snprintf (line, DIM(line)-1, "PASSWD %s", hexkeygrip);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "PASSWD %s", hexkeygrip);
-
- rc = assuan_transact (agent_ctx, line, NULL, NULL,
- default_inq_cb, &inq_parm, NULL, NULL);
-@@ -1078,8 +1066,7 @@ gpgsm_agent_get_confirmation (ctrl_t ctrl, const char *desc)
- inq_parm.ctrl = ctrl;
- inq_parm.ctx = agent_ctx;
-
-- snprintf (line, DIM(line)-1, "GET_CONFIRMATION %s", desc);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "GET_CONFIRMATION %s", desc);
-
- rc = assuan_transact (agent_ctx, line, NULL, NULL,
- default_inq_cb, &inq_parm, NULL, NULL);
-@@ -1150,8 +1137,7 @@ gpgsm_agent_keyinfo (ctrl_t ctrl, const char *hexkeygrip, char **r_serialno)
- if (!hexkeygrip || strlen (hexkeygrip) != 40)
- return gpg_error (GPG_ERR_INV_VALUE);
-
-- snprintf (line, DIM(line)-1, "KEYINFO %s", hexkeygrip);
-- line[DIM(line)-1] = 0;
-+ snprintf (line, DIM(line), "KEYINFO %s", hexkeygrip);
-
- err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL,
- keyinfo_status_cb, &serialno);
-@@ -1196,7 +1182,7 @@ gpgsm_agent_ask_passphrase (ctrl_t ctrl, const char *desc_msg, int repeat,
- if (desc_msg && *desc_msg && !(arg4 = percent_plus_escape (desc_msg)))
- return gpg_error_from_syserror ();
-
-- snprintf (line, DIM(line)-1, "GET_PASSPHRASE --data%s -- X X X %s",
-+ snprintf (line, DIM(line), "GET_PASSPHRASE --data%s -- X X X %s",
- repeat? " --repeat=1 --check --qualitybar":"",
- arg4);
- xfree (arg4);
-@@ -1241,7 +1227,7 @@ gpgsm_agent_keywrap_key (ctrl_t ctrl, int forexport,
- inq_parm.ctrl = ctrl;
- inq_parm.ctx = agent_ctx;
-
-- snprintf (line, DIM(line)-1, "KEYWRAP_KEY %s",
-+ snprintf (line, DIM(line), "KEYWRAP_KEY %s",
- forexport? "--export":"--import");
-
- init_membuf_secure (&data, 64);
-@@ -1335,14 +1321,14 @@ gpgsm_agent_export_key (ctrl_t ctrl, const char *keygrip, const char *desc,
-
- if (desc)
- {
-- snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
-+ snprintf (line, DIM(line), "SETKEYDESC %s", desc);
- err = assuan_transact (agent_ctx, line,
- NULL, NULL, NULL, NULL, NULL, NULL);
- if (err)
- return err;
- }
-
-- snprintf (line, DIM(line)-1, "EXPORT_KEY %s", keygrip);
-+ snprintf (line, DIM(line), "EXPORT_KEY %s", keygrip);
-
- init_membuf_secure (&data, 1024);
- err = assuan_transact (agent_ctx, line,
-diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c
-index 6987121..4afc697 100644
---- a/sm/call-dirmngr.c
-+++ b/sm/call-dirmngr.c
-@@ -215,9 +215,8 @@ prepare_dirmngr (ctrl_t ctrl, assuan_context_t ctx, gpg_error_t err)
- char *pass = server->pass ? server->pass : "";
- char *base = server->base ? server->base : "";
-
-- snprintf (line, DIM (line) - 1, "LDAPSERVER %s:%i:%s:%s:%s",
-+ snprintf (line, DIM (line), "LDAPSERVER %s:%i:%s:%s:%s",
- server->host, server->port, user, pass, base);
-- line[DIM (line) - 1] = 0;
-
- assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
- /* The code below is not required becuase we don't return an error. */
-@@ -548,10 +547,9 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl,
- NULL, NULL, NULL, NULL, NULL, NULL);
- did_options = 1;
- }
-- snprintf (line, DIM(line)-1, "ISVALID%s %s",
-+ snprintf (line, DIM(line), "ISVALID%s %s",
- use_ocsp == 2? " --only-ocsp --force-default-responder":"",
- certid);
-- line[DIM(line)-1] = 0;
- xfree (certid);
-
- rc = assuan_transact (dirmngr_ctx, line, NULL, NULL,
-@@ -803,9 +801,8 @@ gpgsm_dirmngr_lookup (ctrl_t ctrl, strlist_t names, int cache_only,
-
- return out_of_core ();
- }
-- snprintf (line, DIM(line)-1, "LOOKUP%s %s",
-+ snprintf (line, DIM(line), "LOOKUP%s %s",
- cache_only? " --cache-only":"", pattern);
-- line[DIM(line)-1] = 0;
- xfree (pattern);
-
- parm.ctrl = ctrl;
-@@ -861,7 +858,7 @@ get_cached_cert (assuan_context_t ctx,
- *r_cert = NULL;
-
- bin2hex (fpr, 20, hexfpr);
-- snprintf (line, DIM(line)-1, "LOOKUP --single --cache-only 0x%s", hexfpr);
-+ snprintf (line, DIM(line), "LOOKUP --single --cache-only 0x%s", hexfpr);
-
- init_membuf (&mb, 4096);
- err = assuan_transact (ctx, line, get_cached_cert_data_cb, &mb,
-diff --git a/sm/certreqgen.c b/sm/certreqgen.c
-index 2c6550c..4d50270 100644
---- a/sm/certreqgen.c
-+++ b/sm/certreqgen.c
-@@ -719,7 +719,7 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
- else if (!outctrl->dryrun) /* Generate new key. */
- {
- sprintf (numbuf, "%u", nbits);
-- snprintf ((char*)keyparms, DIM (keyparms)-1,
-+ snprintf ((char*)keyparms, DIM (keyparms),
- "(6:genkey(3:rsa(5:nbits%d:%s)))",
- (int)strlen (numbuf), numbuf);
- rc = gpgsm_agent_genkey (ctrl, keyparms, &public);
diff --git a/debian/patches/0084-g10-Support-ECC-for-gen_card_key.patch b/debian/patches/0084-g10-Support-ECC-for-gen_card_key.patch
deleted file mode 100644
index c245c13..0000000
--- a/debian/patches/0084-g10-Support-ECC-for-gen_card_key.patch
+++ /dev/null
@@ -1,126 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Fri, 21 Oct 2016 13:59:09 +0900
-Subject: g10: Support ECC for gen_card_key.
-
-* g10/keygen.c (gen_card_key): Remove the first argument of ALGO.
-(do_generate_keypair, generate_card_subkeypair): Follow the change.
-
---
-ALGO is determined by the key attribute of the card.
-
-Co-authored-by: Arnaud Fontaine <arnaud.fontaine at ssi.gouv.fr>
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- g10/keygen.c | 32 +++++++++++++++++---------------
- 1 file changed, 17 insertions(+), 15 deletions(-)
-
-diff --git a/g10/keygen.c b/g10/keygen.c
-index 5ff89f6..64e0d43 100644
---- a/g10/keygen.c
-+++ b/g10/keygen.c
-@@ -154,8 +154,7 @@ static gpg_error_t parse_algo_usage_expire (ctrl_t ctrl, int for_subkey,
- static void do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
- struct output_control_s *outctrl, int card );
- static int write_keyblock (iobuf_t out, kbnode_t node);
--static gpg_error_t gen_card_key (int algo, int keyno, int is_primary,
-- kbnode_t pub_root,
-+static gpg_error_t gen_card_key (int keyno, int is_primary, kbnode_t pub_root,
- u32 *timestamp, u32 expireval);
-
-
-@@ -4238,8 +4237,7 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
- get_parameter_passphrase (para),
- &cache_nonce, NULL);
- else
-- err = gen_card_key (PUBKEY_ALGO_RSA, 1, 1, pub_root,
-- ×tamp,
-+ err = gen_card_key (1, 1, pub_root, ×tamp,
- get_parameter_u32 (para, pKEYEXPIRE));
-
- /* Get the pointer to the generated public key packet. */
-@@ -4277,8 +4275,7 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
-
- if (!err && card && get_parameter (para, pAUTHKEYTYPE))
- {
-- err = gen_card_key (PUBKEY_ALGO_RSA, 3, 0, pub_root,
-- ×tamp,
-+ err = gen_card_key (3, 0, pub_root, ×tamp,
- get_parameter_u32 (para, pKEYEXPIRE));
- if (!err)
- err = write_keybinding (pub_root, pri_psk, NULL,
-@@ -4317,7 +4314,7 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
- }
- else
- {
-- err = gen_card_key (PUBKEY_ALGO_RSA, 2, 0, pub_root, ×tamp,
-+ err = gen_card_key (2, 0, pub_root, ×tamp,
- get_parameter_u32 (para, pKEYEXPIRE));
- }
-
-@@ -4749,7 +4746,6 @@ generate_card_subkeypair (kbnode_t pub_keyblock,
- gpg_error_t err = 0;
- kbnode_t node;
- PKT_public_key *pri_pk = NULL;
-- int algo;
- unsigned int use;
- u32 expire;
- u32 cur_time;
-@@ -4800,7 +4796,6 @@ generate_card_subkeypair (kbnode_t pub_keyblock,
- goto leave;
- }
-
-- algo = PUBKEY_ALGO_RSA;
- expire = ask_expire_interval (0, NULL);
- if (keyno == 1)
- use = PUBKEY_USAGE_SIG;
-@@ -4817,7 +4812,7 @@ generate_card_subkeypair (kbnode_t pub_keyblock,
-
- /* Note, that depending on the backend, the card key generation may
- update CUR_TIME. */
-- err = gen_card_key (algo, keyno, 0, pub_keyblock, &cur_time, expire);
-+ err = gen_card_key (keyno, 0, pub_keyblock, &cur_time, expire);
- /* Get the pointer to the generated public subkey packet. */
- if (!err)
- {
-@@ -4865,21 +4860,29 @@ write_keyblock( IOBUF out, KBNODE node )
-
- /* Note that timestamp is an in/out arg. */
- static gpg_error_t
--gen_card_key (int algo, int keyno, int is_primary, kbnode_t pub_root,
-+gen_card_key (int keyno, int is_primary, kbnode_t pub_root,
- u32 *timestamp, u32 expireval)
- {
- #ifdef ENABLE_CARD_SUPPORT
- gpg_error_t err;
-+ struct agent_card_info_s info;
-+ int algo;
- PACKET *pkt;
- PKT_public_key *pk;
- char keyid[10];
- unsigned char *public;
- gcry_sexp_t s_key;
-
-- snprintf (keyid, DIM(keyid), "OPENPGP.%d", keyno);
-+ err = agent_scd_getattr ("KEY-ATTR", &info);
-+ if (err)
-+ {
-+ log_error (_("error getting current key info: %s\n"), gpg_strerror (err));
-+ return err;
-+ }
-
-- if (algo != PUBKEY_ALGO_RSA)
-- return gpg_error (GPG_ERR_PUBKEY_ALGO);
-+ algo = info.key_attr[keyno-1].algo;
-+
-+ snprintf (keyid, DIM(keyid), "OPENPGP.%d", keyno);
-
- pk = xtrycalloc (1, sizeof *pk );
- if (!pk)
-@@ -4954,7 +4957,6 @@ gen_card_key (int algo, int keyno, int is_primary, kbnode_t pub_root,
-
- return 0;
- #else
-- (void)algo;
- (void)keyno;
- (void)is_primary;
- (void)pub_root;
diff --git a/debian/patches/0085-g10-Don-t-ask-keysize-for-for-non-RSA-card.patch b/debian/patches/0085-g10-Don-t-ask-keysize-for-for-non-RSA-card.patch
deleted file mode 100644
index e31b0fa..0000000
--- a/debian/patches/0085-g10-Don-t-ask-keysize-for-for-non-RSA-card.patch
+++ /dev/null
@@ -1,108 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Fri, 21 Oct 2016 14:15:05 +0900
-Subject: g10: Don't ask keysize for for non-RSA card.
-
-* g10/card-util.c (card_status): Bug fix for keyno.
-(ask_card_rsa_keysize, do_change_rsa_keysize): Rename.
-(generate_card_keys): Only ask keysize when RSA.
-(card_generate_subkey): Likewise.
-
---
-
-Co-authored-by: Arnaud Fontaine <arnaud.fontaine at ssi.gouv.fr>
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- g10/card-util.c | 50 ++++++++++++++++++++++++++++----------------------
- 1 file changed, 28 insertions(+), 22 deletions(-)
-
-diff --git a/g10/card-util.c b/g10/card-util.c
-index 2cb44f9..2f3f714 100644
---- a/g10/card-util.c
-+++ b/g10/card-util.c
-@@ -476,7 +476,7 @@ card_status (estream_t fp, char *serialno, size_t serialnobuflen)
-
- es_fprintf (fp, "forcepin:%d:::\n", !info.chv1_cached);
- for (i=0; i < DIM (info.key_attr); i++)
-- if (info.key_attr[0].algo == PUBKEY_ALGO_RSA)
-+ if (info.key_attr[i].algo == PUBKEY_ALGO_RSA)
- es_fprintf (fp, "keyattr:%d:%d:%u:\n", i+1,
- info.key_attr[i].algo, info.key_attr[i].nbits);
- else if (info.key_attr[i].algo == PUBKEY_ALGO_ECDH
-@@ -1277,7 +1277,7 @@ show_keysize_warning (void)
- select the prompt. Returns 0 to use the default size (i.e. NBITS)
- or the selected size. */
- static unsigned int
--ask_card_keysize (int keyno, unsigned int nbits)
-+ask_card_rsa_keysize (int keyno, unsigned int nbits)
- {
- unsigned int min_nbits = 1024;
- unsigned int max_nbits = 4096;
-@@ -1327,7 +1327,7 @@ ask_card_keysize (int keyno, unsigned int nbits)
- /* Change the size of key KEYNO (0..2) to NBITS and show an error
- message if that fails. */
- static gpg_error_t
--do_change_keysize (int keyno, unsigned int nbits)
-+do_change_rsa_keysize (int keyno, unsigned int nbits)
- {
- gpg_error_t err;
- char args[100];
-@@ -1406,15 +1406,18 @@ generate_card_keys (ctrl_t ctrl)
-
- for (keyno = 0; keyno < DIM (info.key_attr); keyno++)
- {
-- nbits = ask_card_keysize (keyno, info.key_attr[keyno].nbits);
-- if (nbits && do_change_keysize (keyno, nbits))
-+ if (info.key_attr[keyno].algo == PUBKEY_ALGO_RSA)
- {
-- /* Error: Better read the default key size again. */
-- agent_release_card_info (&info);
-- if (get_info_for_key_operation (&info))
-- goto leave;
-- /* Ask again for this key size. */
-- keyno--;
-+ nbits = ask_card_rsa_keysize (keyno, info.key_attr[keyno].nbits);
-+ if (nbits && do_change_rsa_keysize (keyno, nbits))
-+ {
-+ /* Error: Better read the default key size again. */
-+ agent_release_card_info (&info);
-+ if (get_info_for_key_operation (&info))
-+ goto leave;
-+ /* Ask again for this key size. */
-+ keyno--;
-+ }
- }
- }
- /* Note that INFO has not be synced. However we will only use
-@@ -1483,18 +1486,21 @@ card_generate_subkey (KBNODE pub_keyblock)
- key size. */
- if (info.is_v2 && info.extcap.aac)
- {
-- unsigned int nbits;
--
-- ask_again:
-- nbits = ask_card_keysize (keyno-1, info.key_attr[keyno-1].nbits);
-- if (nbits && do_change_keysize (keyno-1, nbits))
-+ if (info.key_attr[keyno-1].algo == PUBKEY_ALGO_RSA)
- {
-- /* Error: Better read the default key size again. */
-- agent_release_card_info (&info);
-- err = get_info_for_key_operation (&info);
-- if (err)
-- goto leave;
-- goto ask_again;
-+ unsigned int nbits;
-+
-+ ask_again:
-+ nbits = ask_card_rsa_keysize (keyno-1, info.key_attr[keyno-1].nbits);
-+ if (nbits && do_change_rsa_keysize (keyno-1, nbits))
-+ {
-+ /* Error: Better read the default key size again. */
-+ agent_release_card_info (&info);
-+ err = get_info_for_key_operation (&info);
-+ if (err)
-+ goto leave;
-+ goto ask_again;
-+ }
- }
- /* Note that INFO has not be synced. However we will only use
- the serialnumber and thus it won't harm. */
diff --git a/debian/patches/0086-scd-Fix-segfault-changing-key-attr.patch b/debian/patches/0086-scd-Fix-segfault-changing-key-attr.patch
deleted file mode 100644
index b9fb2b5..0000000
--- a/debian/patches/0086-scd-Fix-segfault-changing-key-attr.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Fri, 21 Oct 2016 16:27:46 +0900
-Subject: scd: Fix segfault changing key attr.
-
-* asc/app-openpgp.c (change_keyattr_from_string): Release after
-allocated.
---
-
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- scd/app-openpgp.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
-index 0931095..f909c6f 100644
---- a/scd/app-openpgp.c
-+++ b/scd/app-openpgp.c
-@@ -2987,7 +2987,6 @@ change_keyattr_from_string (app_t app,
- size_t oid_len;
-
- oidstr = openpgp_curve_to_oid (string+n, NULL);
-- gcry_mpi_release (oid);
- if (!oidstr)
- {
- err = gpg_error (GPG_ERR_INV_DATA);
-@@ -3005,6 +3004,7 @@ change_keyattr_from_string (app_t app,
- string[0] = algo;
- memcpy (string+1, oidbuf+1, oid_len-1);
- err = change_keyattr (app, keyno, string, oid_len, pincb, pincb_arg);
-+ gcry_mpi_release (oid);
- }
- else
- err = gpg_error (GPG_ERR_PUBKEY_ALGO);
diff --git a/debian/patches/0087-g10-scd-Fix-ECC-keygen.patch b/debian/patches/0087-g10-scd-Fix-ECC-keygen.patch
deleted file mode 100644
index 0f2ba5d..0000000
--- a/debian/patches/0087-g10-scd-Fix-ECC-keygen.patch
+++ /dev/null
@@ -1,236 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Fri, 21 Oct 2016 21:37:04 +0900
-Subject: g10,scd: Fix ECC keygen.
-
-* g10/keygen.c (generate_keypair): For card key generation, fill
-parameters by KEY-ATTR.
-
-* scd/app-openpgp.c (ecc_read_pubkey): OID should be freed at last,
-after its reference by OIDBUF is finished.
-(ecc_writekey): Likewise.
---
-
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- g10/call-agent.c | 8 +++++---
- g10/keygen.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++-------
- scd/app-openpgp.c | 23 +++++++++++----------
- 3 files changed, 70 insertions(+), 21 deletions(-)
-
-diff --git a/g10/call-agent.c b/g10/call-agent.c
-index c1ad8dd..e7af001 100644
---- a/g10/call-agent.c
-+++ b/g10/call-agent.c
-@@ -994,9 +994,11 @@ scd_genkey_cb (void *opaque, const char *line)
- return 0;
- }
-
--/* Send a GENKEY command to the SCdaemon. If CREATETIME is not 0, it
-- will be passed to SCDAEMON so that the key is created with this
-- timestamp. On success, creation time is stored back to CREATETIME. */
-+/* Send a GENKEY command to the SCdaemon. If *CREATETIME is not 0,
-+ the value will be passed to SCDAEMON with --timestamp option so that
-+ the key is created with this. Otherwise, timestamp was generated by
-+ SCDEAMON. On success, creation time is stored back to
-+ CREATETIME. */
- int
- agent_scd_genkey (int keyno, int force, u32 *createtime)
- {
-diff --git a/g10/keygen.c b/g10/keygen.c
-index 64e0d43..a59435d 100644
---- a/g10/keygen.c
-+++ b/g10/keygen.c
-@@ -3756,17 +3756,26 @@ generate_keypair (ctrl_t ctrl, int full, const char *fname,
- if (card_serialno)
- {
- #ifdef ENABLE_CARD_SUPPORT
-+ gpg_error_t err;
-+ struct agent_card_info_s info;
-+
-+ memset (&info, 0, sizeof (info));
-+ err = agent_scd_getattr ("KEY-ATTR", &info);
-+ if (err)
-+ {
-+ log_error (_("error getting current key info: %s\n"), gpg_strerror (err));
-+ return;
-+ }
-+
- r = xcalloc (1, sizeof *r + strlen (card_serialno) );
- r->key = pSERIALNO;
- strcpy( r->u.value, card_serialno);
- r->next = para;
- para = r;
-
-- algo = PUBKEY_ALGO_RSA;
--
- r = xcalloc (1, sizeof *r + 20 );
- r->key = pKEYTYPE;
-- sprintf( r->u.value, "%d", algo );
-+ sprintf( r->u.value, "%d", info.key_attr[0].algo );
- r->next = para;
- para = r;
- r = xcalloc (1, sizeof *r + 20 );
-@@ -3774,10 +3783,28 @@ generate_keypair (ctrl_t ctrl, int full, const char *fname,
- strcpy (r->u.value, "sign");
- r->next = para;
- para = r;
-+ if (info.key_attr[0].algo == PUBKEY_ALGO_RSA)
-+ {
-+ r = xcalloc (1, sizeof *r + 20 );
-+ r->key = pKEYLENGTH;
-+ sprintf( r->u.value, "%u", info.key_attr[0].nbits);
-+ r->next = para;
-+ para = r;
-+ }
-+ else if (info.key_attr[0].algo == PUBKEY_ALGO_ECDSA
-+ || info.key_attr[0].algo == PUBKEY_ALGO_EDDSA
-+ || info.key_attr[0].algo == PUBKEY_ALGO_ECDH)
-+ {
-+ r = xcalloc (1, sizeof *r + strlen (info.key_attr[0].curve));
-+ r->key = pKEYCURVE;
-+ strcpy (r->u.value, info.key_attr[0].curve);
-+ r->next = para;
-+ para = r;
-+ }
-
- r = xcalloc (1, sizeof *r + 20 );
- r->key = pSUBKEYTYPE;
-- sprintf( r->u.value, "%d", algo );
-+ sprintf( r->u.value, "%d", info.key_attr[1].algo );
- r->next = para;
- para = r;
- r = xcalloc (1, sizeof *r + 20 );
-@@ -3785,10 +3812,28 @@ generate_keypair (ctrl_t ctrl, int full, const char *fname,
- strcpy (r->u.value, "encrypt");
- r->next = para;
- para = r;
-+ if (info.key_attr[1].algo == PUBKEY_ALGO_RSA)
-+ {
-+ r = xcalloc (1, sizeof *r + 20 );
-+ r->key = pSUBKEYLENGTH;
-+ sprintf( r->u.value, "%u", info.key_attr[1].nbits);
-+ r->next = para;
-+ para = r;
-+ }
-+ else if (info.key_attr[1].algo == PUBKEY_ALGO_ECDSA
-+ || info.key_attr[1].algo == PUBKEY_ALGO_EDDSA
-+ || info.key_attr[1].algo == PUBKEY_ALGO_ECDH)
-+ {
-+ r = xcalloc (1, sizeof *r + strlen (info.key_attr[1].curve));
-+ r->key = pSUBKEYCURVE;
-+ strcpy (r->u.value, info.key_attr[1].curve);
-+ r->next = para;
-+ para = r;
-+ }
-
- r = xcalloc (1, sizeof *r + 20 );
- r->key = pAUTHKEYTYPE;
-- sprintf( r->u.value, "%d", algo );
-+ sprintf( r->u.value, "%d", info.key_attr[2].algo );
- r->next = para;
- para = r;
-
-@@ -4873,6 +4918,7 @@ gen_card_key (int keyno, int is_primary, kbnode_t pub_root,
- unsigned char *public;
- gcry_sexp_t s_key;
-
-+ memset (&info, 0, sizeof (info));
- err = agent_scd_getattr ("KEY-ATTR", &info);
- if (err)
- {
-@@ -4931,8 +4977,8 @@ gen_card_key (int keyno, int is_primary, kbnode_t pub_root,
- if (algo == PUBKEY_ALGO_RSA)
- err = key_from_sexp (pk->pkey, s_key, "public-key", "ne");
- else if (algo == PUBKEY_ALGO_ECDSA
-- || algo == PUBKEY_ALGO_EDDSA
-- || algo == PUBKEY_ALGO_ECDH )
-+ || algo == PUBKEY_ALGO_EDDSA
-+ || algo == PUBKEY_ALGO_ECDH )
- err = ecckey_from_sexp (pk->pkey, s_key, algo);
- else
- err = gpg_error (GPG_ERR_PUBKEY_ALGO);
-diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
-index f909c6f..e6a7698 100644
---- a/scd/app-openpgp.c
-+++ b/scd/app-openpgp.c
-@@ -1312,10 +1312,10 @@ ecc_read_pubkey (app_t app, ctrl_t ctrl, u32 created_at, int keyno,
- const unsigned char *data, size_t datalen, gcry_sexp_t *r_sexp)
- {
- gpg_error_t err;
-- unsigned char *qbuf;
-+ unsigned char *qbuf = NULL;
- const unsigned char *ecc_q;
- size_t ecc_q_len;
-- gcry_mpi_t oid;
-+ gcry_mpi_t oid = NULL;
- int n;
- const unsigned char *oidbuf;
- size_t oid_len;
-@@ -1338,15 +1338,16 @@ ecc_read_pubkey (app_t app, ctrl_t ctrl, u32 created_at, int keyno,
- if (!oidbuf)
- {
- err = gpg_error_from_syserror ();
-- gcry_mpi_release (oid);
-- return err;
-+ goto leave;
- }
-- gcry_mpi_release (oid);
- oid_len = (n+7)/8;
-
- qbuf = xtrymalloc (ecc_q_len + 1);
- if (!qbuf)
-- return gpg_error_from_syserror ();
-+ {
-+ err = gpg_error_from_syserror ();
-+ goto leave;
-+ }
-
- if ((app->app_local->keyattr[keyno].ecc.flags & ECC_FLAG_DJB_TWEAK))
- { /* Prepend 0x40 prefix. */
-@@ -1359,7 +1360,7 @@ ecc_read_pubkey (app_t app, ctrl_t ctrl, u32 created_at, int keyno,
-
- if (ctrl)
- {
-- send_key_data (ctrl, "q", ecc_q, ecc_q_len);
-+ send_key_data (ctrl, "q", qbuf, ecc_q_len);
- send_key_data (ctrl, "curve", oidbuf, oid_len);
- }
-
-@@ -1399,6 +1400,7 @@ ecc_read_pubkey (app_t app, ctrl_t ctrl, u32 created_at, int keyno,
- curve = openpgp_oid_to_curve (app->app_local->keyattr[keyno].ecc.oid, 1);
- err = gcry_sexp_build (r_sexp, NULL, format, curve, (int)ecc_q_len, qbuf);
- leave:
-+ gcry_mpi_release (oid);
- xfree (qbuf);
- return err;
- }
-@@ -3344,8 +3346,8 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
- const char *oidstr = NULL;
- int flag_djb_tweak = 0;
- int algo;
-- gcry_mpi_t oid;
-- const unsigned char *oidbuf = NULL;
-+ gcry_mpi_t oid = NULL;
-+ const unsigned char *oidbuf;
- unsigned int n;
- size_t oid_len;
- unsigned char fprbuf[20];
-@@ -3498,10 +3500,8 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
- if (!oidbuf)
- {
- err = gpg_error_from_syserror ();
-- gcry_mpi_release (oid);
- goto leave;
- }
-- gcry_mpi_release (oid);
- oid_len = (n+7)/8;
-
- if (app->app_local->keyattr[keyno].key_type != KEY_TYPE_ECC
-@@ -3583,6 +3583,7 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
- ecc_q, ecc_q_len, "\x03\x01\x08\x07", (size_t)4);
-
- leave:
-+ gcry_mpi_release (oid);
- return err;
- }
-
diff --git a/debian/patches/0088-g10-Write-first-keybox-record-in-binary-mode.patch b/debian/patches/0088-g10-Write-first-keybox-record-in-binary-mode.patch
deleted file mode 100644
index e05cf16..0000000
--- a/debian/patches/0088-g10-Write-first-keybox-record-in-binary-mode.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From: Andre Heinecke <aheinecke at intevation.de>
-Date: Fri, 21 Oct 2016 14:59:26 +0200
-Subject: g10: Write first keybox record in binary mode
-
-* g10/keydb.c (maybe_create_keyring_or_box): Open in binary mode.
-
---
-This fixes keybox corruption on windows.
-
-Signed-off-by: Andre Heinecke <aheinecke at intevation.de>
----
- g10/keydb.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/g10/keydb.c b/g10/keydb.c
-index e49e25f..b959f05 100644
---- a/g10/keydb.c
-+++ b/g10/keydb.c
-@@ -415,7 +415,7 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force_create)
- that the detection magic will work the next time it is used. */
- if (is_box)
- {
-- FILE *fp = fopen (filename, "w");
-+ FILE *fp = fopen (filename, "wb");
- if (!fp)
- rc = gpg_error_from_syserror ();
- else
diff --git a/debian/patches/0089-g10-More-card-key-generation-change.patch b/debian/patches/0089-g10-More-card-key-generation-change.patch
deleted file mode 100644
index 09ca3c8..0000000
--- a/debian/patches/0089-g10-More-card-key-generation-change.patch
+++ /dev/null
@@ -1,161 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Sat, 22 Oct 2016 08:45:35 +0900
-Subject: g10: More card key generation change.
-
-* g10/keygen.c (gen_card_key): Add back ALGO as the second argument.
-Don't get ALGO by KEY-ATTR by this function. It's caller to provide
-ALGO. Don't do that by both of caller and callee.
-(generate_keypair): Only put paramerters needed. Use parameters
-for ALGO to call gen_card_key.
-(generate_card_subkeypair): Get ALGO and call gen_card_key with it.
-
---
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- g10/keygen.c | 63 +++++++++++++++++++++++-------------------------------------
- 1 file changed, 24 insertions(+), 39 deletions(-)
-
-diff --git a/g10/keygen.c b/g10/keygen.c
-index a59435d..61e070c 100644
---- a/g10/keygen.c
-+++ b/g10/keygen.c
-@@ -152,10 +152,11 @@ static gpg_error_t parse_algo_usage_expire (ctrl_t ctrl, int for_subkey,
- u32 *r_expire,
- unsigned int *r_nbits, char **r_curve);
- static void do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
-- struct output_control_s *outctrl, int card );
-+ struct output_control_s *outctrl, int card );
- static int write_keyblock (iobuf_t out, kbnode_t node);
--static gpg_error_t gen_card_key (int keyno, int is_primary, kbnode_t pub_root,
-- u32 *timestamp, u32 expireval);
-+static gpg_error_t gen_card_key (int keyno, int algo, int is_primary,
-+ kbnode_t pub_root, u32 *timestamp,
-+ u32 expireval);
-
-
- static void
-@@ -255,7 +256,7 @@ keygen_add_key_expire (PKT_signature *sig, void *opaque)
-
- buf[0] = (u >> 24) & 0xff;
- buf[1] = (u >> 16) & 0xff;
-- buf[2] = (u >> 8) & 0xff;
-+ buf[2] = (u >> 8) & 0xff;
- buf[3] = u & 0xff;
- build_sig_subpkt (sig, SIGSUBPKT_KEY_EXPIRE, buf, 4);
- }
-@@ -3783,24 +3784,6 @@ generate_keypair (ctrl_t ctrl, int full, const char *fname,
- strcpy (r->u.value, "sign");
- r->next = para;
- para = r;
-- if (info.key_attr[0].algo == PUBKEY_ALGO_RSA)
-- {
-- r = xcalloc (1, sizeof *r + 20 );
-- r->key = pKEYLENGTH;
-- sprintf( r->u.value, "%u", info.key_attr[0].nbits);
-- r->next = para;
-- para = r;
-- }
-- else if (info.key_attr[0].algo == PUBKEY_ALGO_ECDSA
-- || info.key_attr[0].algo == PUBKEY_ALGO_EDDSA
-- || info.key_attr[0].algo == PUBKEY_ALGO_ECDH)
-- {
-- r = xcalloc (1, sizeof *r + strlen (info.key_attr[0].curve));
-- r->key = pKEYCURVE;
-- strcpy (r->u.value, info.key_attr[0].curve);
-- r->next = para;
-- para = r;
-- }
-
- r = xcalloc (1, sizeof *r + 20 );
- r->key = pSUBKEYTYPE;
-@@ -4282,7 +4265,8 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
- get_parameter_passphrase (para),
- &cache_nonce, NULL);
- else
-- err = gen_card_key (1, 1, pub_root, ×tamp,
-+ err = gen_card_key (1, get_parameter_algo( para, pKEYTYPE, NULL ),
-+ 1, pub_root, ×tamp,
- get_parameter_u32 (para, pKEYEXPIRE));
-
- /* Get the pointer to the generated public key packet. */
-@@ -4320,7 +4304,8 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
-
- if (!err && card && get_parameter (para, pAUTHKEYTYPE))
- {
-- err = gen_card_key (3, 0, pub_root, ×tamp,
-+ err = gen_card_key (3, get_parameter_algo( para, pAUTHKEYTYPE, NULL ),
-+ 0, pub_root, ×tamp,
- get_parameter_u32 (para, pKEYEXPIRE));
- if (!err)
- err = write_keybinding (pub_root, pri_psk, NULL,
-@@ -4359,7 +4344,8 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
- }
- else
- {
-- err = gen_card_key (2, 0, pub_root, ×tamp,
-+ err = gen_card_key (2, 0, get_parameter_algo (para, pSUBKEYTYPE, NULL),
-+ pub_root, ×tamp,
- get_parameter_u32 (para, pKEYEXPIRE));
- }
-
-@@ -4796,9 +4782,20 @@ generate_card_subkeypair (kbnode_t pub_keyblock,
- u32 cur_time;
- struct para_data_s *para = NULL;
- PKT_public_key *sub_pk = NULL;
-+ int algo;
-+ struct agent_card_info_s info;
-
- log_assert (keyno >= 1 && keyno <= 3);
-
-+ memset (&info, 0, sizeof (info));
-+ err = agent_scd_getattr ("KEY-ATTR", &info);
-+ if (err)
-+ {
-+ log_error (_("error getting current key info: %s\n"), gpg_strerror (err));
-+ return err;
-+ }
-+ algo = info.key_attr[keyno-1].algo;
-+
- para = xtrycalloc (1, sizeof *para + strlen (serialno) );
- if (!para)
- {
-@@ -4857,7 +4854,7 @@ generate_card_subkeypair (kbnode_t pub_keyblock,
-
- /* Note, that depending on the backend, the card key generation may
- update CUR_TIME. */
-- err = gen_card_key (keyno, 0, pub_keyblock, &cur_time, expire);
-+ err = gen_card_key (keyno, algo, 0, pub_keyblock, &cur_time, expire);
- /* Get the pointer to the generated public subkey packet. */
- if (!err)
- {
-@@ -4905,29 +4902,17 @@ write_keyblock( IOBUF out, KBNODE node )
-
- /* Note that timestamp is an in/out arg. */
- static gpg_error_t
--gen_card_key (int keyno, int is_primary, kbnode_t pub_root,
-+gen_card_key (int keyno, int algo, int is_primary, kbnode_t pub_root,
- u32 *timestamp, u32 expireval)
- {
- #ifdef ENABLE_CARD_SUPPORT
- gpg_error_t err;
-- struct agent_card_info_s info;
-- int algo;
- PACKET *pkt;
- PKT_public_key *pk;
- char keyid[10];
- unsigned char *public;
- gcry_sexp_t s_key;
-
-- memset (&info, 0, sizeof (info));
-- err = agent_scd_getattr ("KEY-ATTR", &info);
-- if (err)
-- {
-- log_error (_("error getting current key info: %s\n"), gpg_strerror (err));
-- return err;
-- }
--
-- algo = info.key_attr[keyno-1].algo;
--
- snprintf (keyid, DIM(keyid), "OPENPGP.%d", keyno);
-
- pk = xtrycalloc (1, sizeof *pk );
diff --git a/debian/patches/0090-g10-Fix-card-keygen-for-decryption.patch b/debian/patches/0090-g10-Fix-card-keygen-for-decryption.patch
deleted file mode 100644
index 49e11d6..0000000
--- a/debian/patches/0090-g10-Fix-card-keygen-for-decryption.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Mon, 24 Oct 2016 07:52:40 +0900
-Subject: g10: Fix card keygen for decryption.
-
-* g10/keygen.c (do_generate_keypair): Fix arguments.
-
---
-
-Reported-by: Grumpy
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- g10/keygen.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/g10/keygen.c b/g10/keygen.c
-index 61e070c..ed529c7 100644
---- a/g10/keygen.c
-+++ b/g10/keygen.c
-@@ -4344,8 +4344,8 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
- }
- else
- {
-- err = gen_card_key (2, 0, get_parameter_algo (para, pSUBKEYTYPE, NULL),
-- pub_root, ×tamp,
-+ err = gen_card_key (2, get_parameter_algo (para, pSUBKEYTYPE, NULL),
-+ 0, pub_root, ×tamp,
- get_parameter_u32 (para, pKEYEXPIRE));
- }
-
diff --git a/debian/patches/0091-common-Fix-openpgp_is_curve_supported.patch b/debian/patches/0091-common-Fix-openpgp_is_curve_supported.patch
deleted file mode 100644
index 9c087f5..0000000
--- a/debian/patches/0091-common-Fix-openpgp_is_curve_supported.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Mon, 24 Oct 2016 11:20:14 +0900
-Subject: common: Fix openpgp_is_curve_supported.
-
-* common/openpgp-oid.c (openpgp_is_curve_supported): Support both of
-canonical name of the curve and alias.
-
---
-Only alias (the name for print) was allowed before this change.
-
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- common/openpgp-oid.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/common/openpgp-oid.c b/common/openpgp-oid.c
-index 7c93547..dd549e0 100644
---- a/common/openpgp-oid.c
-+++ b/common/openpgp-oid.c
-@@ -424,8 +424,8 @@ openpgp_is_curve_supported (const char *name, int *r_algo)
- *r_algo = 0;
- for (idx = 0; idx < DIM (oidtable) && oidtable[idx].name; idx++)
- {
-- if (!strcmp (name, (oidtable[idx].alias? oidtable[idx].alias
-- /**/ : oidtable[idx].name))
-+ if ((!strcmp (name, oidtable[idx].name)
-+ || (oidtable[idx].alias && !strcmp (name, (oidtable[idx].alias))))
- && curve_supported_p (oidtable[idx].name))
- {
- if (r_algo)
diff --git a/debian/patches/0092-scd-Use-canonical-curve-name-of-libgcrypt.patch b/debian/patches/0092-scd-Use-canonical-curve-name-of-libgcrypt.patch
deleted file mode 100644
index edc7c42..0000000
--- a/debian/patches/0092-scd-Use-canonical-curve-name-of-libgcrypt.patch
+++ /dev/null
@@ -1,318 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Mon, 24 Oct 2016 11:22:44 +0900
-Subject: scd: Use canonical curve name of libgcrypt.
-
-* scd/app-openpgp.c (send_key_attr): Use curve instead of OID.
-(ecdh_params): New.
-(ecc_read_pubkey): Use ecdh_params. Use curve name.
-(ecc_writekey): Likewise.
-(ecc_curve): Rename from ecc_oid.
-(parse_algorithm_attribute): Use ecc_curve.
-* g10/call-agent.c (learn_status_cb): Use openpgp_is_curve_supported to
-intern the curve name string.
-* g10/card-util.c (card_status): Conver curve name to alias for print.
---
-Now, sdcaemon answer for KEY-ATTR is in the canonical curve name
-instead of the alias. Since it is used of key generation for
-card encryption key with backup, it should be canonical name.
-
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- g10/call-agent.c | 10 +------
- g10/card-util.c | 13 +++++++-
- scd/app-openpgp.c | 89 ++++++++++++++++++++++++++++++++++++-------------------
- 3 files changed, 71 insertions(+), 41 deletions(-)
-
-diff --git a/g10/call-agent.c b/g10/call-agent.c
-index e7af001..b17a80f 100644
---- a/g10/call-agent.c
-+++ b/g10/call-agent.c
-@@ -624,15 +624,7 @@ learn_status_cb (void *opaque, const char *line)
- parm->key_attr[keyno].nbits = strtoul (line+n+3, NULL, 10);
- else if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA
- || algo == PUBKEY_ALGO_EDDSA)
-- {
-- const char *curve;
--
-- for (i = 0; (curve = openpgp_enum_curves (&i));)
-- if (!strcmp (curve, line+n))
-- break;
--
-- parm->key_attr[keyno].curve = curve;
-- }
-+ parm->key_attr[keyno].curve = openpgp_is_curve_supported (line+n, NULL);
- }
- else if (keywordlen == 12 && !memcmp (keyword, "PRIVATE-DO-", 11)
- && strchr("1234", keyword[11]))
-diff --git a/g10/card-util.c b/g10/card-util.c
-index 2f3f714..b5fe84b 100644
---- a/g10/card-util.c
-+++ b/g10/card-util.c
-@@ -568,7 +568,18 @@ card_status (estream_t fp, char *serialno, size_t serialnobuflen)
- else if (info.key_attr[i].algo == PUBKEY_ALGO_ECDH
- || info.key_attr[i].algo == PUBKEY_ALGO_ECDSA
- || info.key_attr[i].algo == PUBKEY_ALGO_EDDSA)
-- tty_fprintf (fp, " %s", info.key_attr[i].curve);
-+ {
-+ const char *curve_for_print = "?";
-+
-+ if (info.key_attr[i].curve)
-+ {
-+ const char *oid;
-+ oid = openpgp_curve_to_oid (info.key_attr[i].curve, NULL);
-+ if (oid)
-+ curve_for_print = openpgp_oid_to_curve (oid, 0);
-+ }
-+ tty_fprintf (fp, " %s", curve_for_print);
-+ }
- tty_fprintf (fp, "\n");
- }
- tty_fprintf (fp, "Max. PIN lengths .: %d %d %d\n",
-diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
-index e6a7698..4e042e7 100644
---- a/scd/app-openpgp.c
-+++ b/scd/app-openpgp.c
-@@ -228,7 +228,7 @@ struct app_local_s {
- rsa_key_format_t format;
- } rsa;
- struct {
-- const char *oid;
-+ const char *curve;
- int flags;
- } ecc;
- };
-@@ -913,7 +913,7 @@ send_key_attr (ctrl_t ctrl, app_t app, const char *keyword, int keyno)
- keyno==1? PUBKEY_ALGO_ECDH :
- (app->app_local->keyattr[keyno].ecc.flags & ECC_FLAG_DJB_TWEAK)?
- PUBKEY_ALGO_EDDSA : PUBKEY_ALGO_ECDSA,
-- openpgp_oid_to_curve (app->app_local->keyattr[keyno].ecc.oid, 0));
-+ app->app_local->keyattr[keyno].ecc.curve);
- }
- else
- snprintf (buffer, sizeof buffer, "%d 0 0 UNKNOWN", keyno+1);
-@@ -1307,6 +1307,29 @@ rsa_read_pubkey (app_t app, ctrl_t ctrl, u32 created_at, int keyno,
- return err;
- }
-
-+
-+/* Determine KDF hash algorithm and KEK encryption algorithm by CURVE. */
-+static const unsigned char*
-+ecdh_params (const char *curve)
-+{
-+ unsigned int nbits;
-+
-+ openpgp_curve_to_oid (curve, &nbits);
-+
-+ /* See RFC-6637 for those constants.
-+ 0x03: Number of bytes
-+ 0x01: Version for this parameter format
-+ KDF algo
-+ KEK algo
-+ */
-+ if (nbits <= 256)
-+ return (const unsigned char*)"\x03\x01\x08\x07";
-+ else if (nbits <= 384)
-+ return (const unsigned char*)"\x03\x01\x09\x08";
-+ else
-+ return (const unsigned char*)"\x03\x01\x0a\x09";
-+}
-+
- static gpg_error_t
- ecc_read_pubkey (app_t app, ctrl_t ctrl, u32 created_at, int keyno,
- const unsigned char *data, size_t datalen, gcry_sexp_t *r_sexp)
-@@ -1317,11 +1340,12 @@ ecc_read_pubkey (app_t app, ctrl_t ctrl, u32 created_at, int keyno,
- size_t ecc_q_len;
- gcry_mpi_t oid = NULL;
- int n;
-+ const char *curve;
-+ const char *oidstr;
- const unsigned char *oidbuf;
- size_t oid_len;
- int algo;
- const char *format;
-- const char *curve;
-
- ecc_q = find_tlv (data, datalen, 0x0086, &ecc_q_len);
- if (!ecc_q)
-@@ -1330,10 +1354,11 @@ ecc_read_pubkey (app_t app, ctrl_t ctrl, u32 created_at, int keyno,
- return gpg_error (GPG_ERR_CARD);
- }
-
-- err = openpgp_oid_from_str (app->app_local->keyattr[keyno].ecc.oid, &oid);
-+ curve = app->app_local->keyattr[keyno].ecc.curve;
-+ oidstr = openpgp_curve_to_oid (curve, NULL);
-+ err = openpgp_oid_from_str (oidstr, &oid);
- if (err)
- return err;
--
- oidbuf = gcry_mpi_get_opaque (oid, &n);
- if (!oidbuf)
- {
-@@ -1367,7 +1392,7 @@ ecc_read_pubkey (app_t app, ctrl_t ctrl, u32 created_at, int keyno,
- if (keyno == 1)
- {
- if (ctrl)
-- send_key_data (ctrl, "kdf", "\x03\x01\x08\x07", (size_t)4);
-+ send_key_data (ctrl, "kdf/kek", ecdh_params (curve), (size_t)4);
- algo = PUBKEY_ALGO_ECDH;
- }
- else
-@@ -1383,7 +1408,7 @@ ecc_read_pubkey (app_t app, ctrl_t ctrl, u32 created_at, int keyno,
- unsigned char fprbuf[20];
-
- err = store_fpr (app, keyno, created_at, fprbuf, algo, oidbuf, oid_len,
-- qbuf, ecc_q_len, "\x03\x01\x08\x07", (size_t)4);
-+ qbuf, ecc_q_len, ecdh_params (curve), (size_t)4);
- if (err)
- goto leave;
-
-@@ -1397,8 +1422,9 @@ ecc_read_pubkey (app_t app, ctrl_t ctrl, u32 created_at, int keyno,
- else
- format = "(public-key(ecc(curve%s)(flags eddsa)(q%b)))";
-
-- curve = openpgp_oid_to_curve (app->app_local->keyattr[keyno].ecc.oid, 1);
-- err = gcry_sexp_build (r_sexp, NULL, format, curve, (int)ecc_q_len, qbuf);
-+ err = gcry_sexp_build (r_sexp, NULL, format,
-+ app->app_local->keyattr[keyno].ecc.curve,
-+ (int)ecc_q_len, qbuf);
- leave:
- gcry_mpi_release (oid);
- xfree (qbuf);
-@@ -3342,8 +3368,9 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
- const unsigned char *ecc_q = NULL;
- const unsigned char *ecc_d = NULL;
- size_t ecc_q_len, ecc_d_len;
-+ const char *curve = NULL;
- u32 created_at = 0;
-- const char *oidstr = NULL;
-+ const char *oidstr;
- int flag_djb_tweak = 0;
- int algo;
- gcry_mpi_t oid = NULL;
-@@ -3372,22 +3399,22 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
-
- if (tok && toklen == 5 && !memcmp (tok, "curve", 5))
- {
-- unsigned char *curve;
-+ char *curve_name;
-
- if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
- goto leave;
-
-- curve = xtrymalloc (toklen+1);
-- if (!curve)
-+ curve_name = xtrymalloc (toklen+1);
-+ if (!curve_name)
- {
- err = gpg_error_from_syserror ();
- goto leave;
- }
-
-- memcpy (curve, tok, toklen);
-- curve[toklen] = 0;
-- oidstr = openpgp_curve_to_oid (curve, NULL);
-- xfree (curve);
-+ memcpy (curve_name, tok, toklen);
-+ curve_name[toklen] = 0;
-+ curve = openpgp_is_curve_supported (curve_name, NULL);
-+ xfree (curve_name);
- }
- else if (tok && toklen == 5 && !memcmp (tok, "flags", 5))
- {
-@@ -3474,7 +3501,7 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
-
- /* Check that we have all parameters and that they match the card
- description. */
-- if (!oidstr)
-+ if (!curve)
- {
- log_error (_("unsupported curve\n"));
- err = gpg_error (GPG_ERR_INV_VALUE);
-@@ -3493,6 +3520,7 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
- else
- algo = PUBKEY_ALGO_ECDSA;
-
-+ oidstr = openpgp_curve_to_oid (curve, NULL);
- err = openpgp_oid_from_str (oidstr, &oid);
- if (err)
- goto leave;
-@@ -3505,7 +3533,7 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
- oid_len = (n+7)/8;
-
- if (app->app_local->keyattr[keyno].key_type != KEY_TYPE_ECC
-- || app->app_local->keyattr[keyno].ecc.oid != oidstr
-+ || app->app_local->keyattr[keyno].ecc.curve != curve
- || (flag_djb_tweak !=
- (app->app_local->keyattr[keyno].ecc.flags & ECC_FLAG_DJB_TWEAK)))
- {
-@@ -3580,7 +3608,7 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
- }
-
- err = store_fpr (app, keyno, created_at, fprbuf, algo, oidbuf, oid_len,
-- ecc_q, ecc_q_len, "\x03\x01\x08\x07", (size_t)4);
-+ ecc_q, ecc_q_len, ecdh_params (curve), (size_t)4);
-
- leave:
- gcry_mpi_release (oid);
-@@ -4578,12 +4606,11 @@ parse_historical (struct app_local_s *apploc,
-
- /*
- * Check if the OID in an DER encoding is available by GnuPG/libgcrypt,
-- * and return the constant string in dotted decimal form.
-- * Return NULL if not available.
-+ * and return the curve name. Return NULL if not available.
- * The constant string is not allocated dynamically, never free it.
- */
- static const char *
--ecc_oid (unsigned char *buf, size_t buflen)
-+ecc_curve (unsigned char *buf, size_t buflen)
- {
- gcry_mpi_t oid;
- char *oidstr;
-@@ -4608,7 +4635,7 @@ ecc_oid (unsigned char *buf, size_t buflen)
- if (!oidstr)
- return NULL;
-
-- result = openpgp_curve_to_oid (oidstr, NULL);
-+ result = openpgp_oid_to_curve (oidstr, 1);
- xfree (oidstr);
- return result;
- }
-@@ -4671,7 +4698,7 @@ parse_algorithm_attribute (app_t app, int keyno)
- else if (*buffer == PUBKEY_ALGO_ECDH || *buffer == PUBKEY_ALGO_ECDSA
- || *buffer == PUBKEY_ALGO_EDDSA)
- {
-- const char *oid;
-+ const char *curve;
- int oidlen = buflen - 1;
-
- app->app_local->keyattr[keyno].ecc.flags = 0;
-@@ -4683,22 +4710,22 @@ parse_algorithm_attribute (app_t app, int keyno)
- app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_PUBKEY;
- }
-
-- oid = ecc_oid (buffer + 1, oidlen);
-+ curve = ecc_curve (buffer + 1, oidlen);
-
-- if (!oid)
-+ if (!curve)
- log_printhex ("Curve with OID not supported: ", buffer+1, buflen-1);
- else
- {
- app->app_local->keyattr[keyno].key_type = KEY_TYPE_ECC;
-- app->app_local->keyattr[keyno].ecc.oid = oid;
-+ app->app_local->keyattr[keyno].ecc.curve = curve;
- if (*buffer == PUBKEY_ALGO_EDDSA
- || (*buffer == PUBKEY_ALGO_ECDH
-- && !strcmp (app->app_local->keyattr[keyno].ecc.oid,
-- "1.3.6.1.4.1.3029.1.5.1")))
-+ && !strcmp (app->app_local->keyattr[keyno].ecc.curve,
-+ "Curve25519")))
- app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_DJB_TWEAK;
- if (opt.verbose)
- log_printf
-- ("ECC, curve=%s%s\n", app->app_local->keyattr[keyno].ecc.oid,
-+ ("ECC, curve=%s%s\n", app->app_local->keyattr[keyno].ecc.curve,
- !(app->app_local->keyattr[keyno].ecc.flags & ECC_FLAG_DJB_TWEAK)?
- "": keyno==1? " (djb-tweak)": " (eddsa)");
- }
diff --git a/debian/patches/0093-agent-Slightly-change-structure-of-cmd_readkey.patch b/debian/patches/0093-agent-Slightly-change-structure-of-cmd_readkey.patch
deleted file mode 100644
index 2a57606..0000000
--- a/debian/patches/0093-agent-Slightly-change-structure-of-cmd_readkey.patch
+++ /dev/null
@@ -1,117 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Mon, 24 Oct 2016 12:55:21 +0200
-Subject: agent: Slightly change structure of cmd_readkey.
-
-* agent/command.c (cmd_readkey): Avoid a leave label in the middle of
-the code. Remove the special return.
---
-
-This helps to get better debug output.
-
-The set_error macro which is used by parse_keygrip merely sets the
-error code into the Assuan context. It is thus no problem anymore to
-call leave_cmd after having used set_error. This might havve been
-diffferent in the past.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- agent/command.c | 60 +++++++++++++++++++++++++++++----------------------------
- 1 file changed, 31 insertions(+), 29 deletions(-)
-
-diff --git a/agent/command.c b/agent/command.c
-index b17c62d..ba9fdf7 100644
---- a/agent/command.c
-+++ b/agent/command.c
-@@ -384,7 +384,9 @@ progress_cb (ctrl_t ctrl, const char *what, int printchar,
- }
-
-
--/* Helper to print a message while leaving a command. */
-+/* Helper to print a message while leaving a command. Note that this
-+ * function does not call assuan_set_error; the caller may do this
-+ * prior to calling us. */
- static gpg_error_t
- leave_cmd (assuan_context_t ctx, gpg_error_t err)
- {
-@@ -993,17 +995,19 @@ cmd_readkey (assuan_context_t ctx, char *line)
- unsigned char grip[20];
- gcry_sexp_t s_pkey = NULL;
- unsigned char *pkbuf = NULL;
-+ char *serialno = NULL;
- size_t pkbuflen;
-+ const char *opt_card;
-
- if (ctrl->restricted)
- return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
-
-- if (has_option_name (line, "--card"))
-- {
-- const char *keyid;
-- char *serialno = NULL;
-+ opt_card = has_option_name (line, "--card");
-+ line = skip_options (line);
-
-- keyid = skip_options (line);
-+ if (opt_card)
-+ {
-+ const char *keyid = opt_card;
-
- rc = agent_card_getattr (ctrl, "SERIALNO", &serialno);
- if (rc)
-@@ -1035,35 +1039,33 @@ cmd_readkey (assuan_context_t ctx, char *line)
- goto leave;
-
- rc = assuan_send_data (ctx, pkbuf, pkbuflen);
--
-- leave:
-- xfree (serialno);
-- xfree (pkbuf);
-- gcry_sexp_release (s_pkey);
-- return leave_cmd (ctx, rc);
- }
--
-- rc = parse_keygrip (ctx, line, grip);
-- if (rc)
-- return rc; /* Return immediately as this is already an Assuan error code.*/
--
-- rc = agent_public_key_from_file (ctrl, grip, &s_pkey);
-- if (!rc)
-+ else
- {
-- pkbuflen = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, NULL, 0);
-- assert (pkbuflen);
-- pkbuf = xtrymalloc (pkbuflen);
-- if (!pkbuf)
-- rc = gpg_error_from_syserror ();
-- else
-+ rc = parse_keygrip (ctx, line, grip);
-+ if (rc)
-+ goto leave;
-+
-+ rc = agent_public_key_from_file (ctrl, grip, &s_pkey);
-+ if (!rc)
- {
-- gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, pkbuf, pkbuflen);
-- rc = assuan_send_data (ctx, pkbuf, pkbuflen);
-- xfree (pkbuf);
-+ pkbuflen = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, NULL, 0);
-+ log_assert (pkbuflen);
-+ pkbuf = xtrymalloc (pkbuflen);
-+ if (!pkbuf)
-+ rc = gpg_error_from_syserror ();
-+ else
-+ {
-+ gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, pkbuf, pkbuflen);
-+ rc = assuan_send_data (ctx, pkbuf, pkbuflen);
-+ }
- }
-- gcry_sexp_release (s_pkey);
- }
-
-+ leave:
-+ xfree (serialno);
-+ xfree (pkbuf);
-+ gcry_sexp_release (s_pkey);
- return leave_cmd (ctx, rc);
- }
-
diff --git a/debian/patches/0094-agent-Minor-cleanup-for-recent-change-in-findkey.c.patch b/debian/patches/0094-agent-Minor-cleanup-for-recent-change-in-findkey.c.patch
deleted file mode 100644
index 3005c22..0000000
--- a/debian/patches/0094-agent-Minor-cleanup-for-recent-change-in-findkey.c.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Mon, 24 Oct 2016 13:01:06 +0200
-Subject: agent: Minor cleanup for recent change in findkey.c
-
-* agent/findkey.c (agent_write_private_key): Avoid label name error.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- agent/findkey.c | 8 ++------
- 1 file changed, 2 insertions(+), 6 deletions(-)
-
-diff --git a/agent/findkey.c b/agent/findkey.c
-index 162e8c2..c67dc72 100644
---- a/agent/findkey.c
-+++ b/agent/findkey.c
-@@ -157,14 +157,10 @@ agent_write_private_key (const unsigned char *grip,
- {
- fp = es_fopen (fname, "wbx,mode=-rw");
- if (!fp)
-- {
-- tmperr = gpg_error_from_syserror ();
-- goto error;
-- }
-+ tmperr = gpg_error_from_syserror ();
- }
-- else
-+ if (!fp)
- {
-- error:
- log_error ("can't create '%s': %s\n", fname, gpg_strerror (tmperr));
- xfree (fname);
- return tmperr;
diff --git a/debian/patches/0095-gpg-Replace-two-sprintf-calls.patch b/debian/patches/0095-gpg-Replace-two-sprintf-calls.patch
deleted file mode 100644
index 7e0d5c3..0000000
--- a/debian/patches/0095-gpg-Replace-two-sprintf-calls.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Mon, 24 Oct 2016 13:12:05 +0200
-Subject: gpg: Replace two sprintf calls.
-
-* g10/keygen.c (print_status_key_created): Use snprintf for now.
-(ask_expire_interval): Replace xmalloc and sprintf by xasprintf.
---
-
-Future updates: Replace code like
-
- r = xcalloc (1, sizeof *r + 20 );
- r->key = pKEYLENGTH;
- sprintf( r->u.value, "%u", info.key_attr[0].nbits);
-
-by something like
-
- r = new_r_with_value ("%u", info.key_attr[0].nbits);
- r->key = pKEYLENGTH;
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- g10/keygen.c | 11 +++--------
- 1 file changed, 3 insertions(+), 8 deletions(-)
-
-diff --git a/g10/keygen.c b/g10/keygen.c
-index ed529c7..d98b70b 100644
---- a/g10/keygen.c
-+++ b/g10/keygen.c
-@@ -180,8 +180,9 @@ print_status_key_created (int letter, PKT_public_key *pk, const char *handle)
- *p++ = ' ';
- fingerprint_from_pk (pk, array, &n);
- s = array;
-+ /* Fixme: Use bin2hex */
- for (i=0; i < n ; i++, s++, p += 2)
-- sprintf (p, "%02X", *s);
-+ snprintf (p, 3, "%02X", *s);
- }
- }
- if (*handle)
-@@ -2428,13 +2429,7 @@ ask_expire_interval(int object,const char *def_expire)
- {
- char *prompt;
-
--#define PROMPTSTRING _("Signature is valid for? (%s) ")
-- /* This will actually end up larger than necessary because
-- of the 2 bytes for '%s' */
-- prompt=xmalloc(strlen(PROMPTSTRING)+strlen(def_expire)+1);
-- sprintf(prompt,PROMPTSTRING,def_expire);
--#undef PROMPTSTRING
--
-+ prompt = xasprintf (_("Signature is valid for? (%s) "), def_expire);
- answer = cpr_get("siggen.valid",prompt);
- xfree(prompt);
-
diff --git a/debian/patches/0096-agent-tests-w32-Fix-relaying-pinentry-user-data-fix-.patch b/debian/patches/0096-agent-tests-w32-Fix-relaying-pinentry-user-data-fix-.patch
deleted file mode 100644
index a730f2f..0000000
--- a/debian/patches/0096-agent-tests-w32-Fix-relaying-pinentry-user-data-fix-.patch
+++ /dev/null
@@ -1,190 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Tue, 25 Oct 2016 17:07:08 +0200
-Subject: agent, tests, w32: Fix relaying pinentry user data,
- fix fake-pinentry.
-
-* agent/call-pinentry.c (start_pinentry): Also send the user data
-using an Assuan 'OPTION' command.
-* tests/openpgp/fake-pinentry.c (get_passphrase): Fix updating
-passphrase file.
-(spacep): Include newline characters.
-(rstrip): New function.
-(main): Handle Windows line endings. Handle the userdata option, and
-restart with the new options.
-
-Signed-off-by: Justus Winter <justus at g10code.com>
----
- agent/call-pinentry.c | 13 +++++++++
- tests/openpgp/fake-pinentry.c | 65 ++++++++++++++++++++++++++++++++++++++-----
- 2 files changed, 71 insertions(+), 7 deletions(-)
-
-diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c
-index 46db9e8..813df9a 100644
---- a/agent/call-pinentry.c
-+++ b/agent/call-pinentry.c
-@@ -354,6 +354,19 @@ start_pinentry (ctrl_t ctrl)
- if (DBG_IPC)
- log_debug ("connection to PIN entry established\n");
-
-+ value = session_env_getenv (ctrl->session_env, "PINENTRY_USER_DATA");
-+ if (value != NULL)
-+ {
-+ char *optstr;
-+ if (asprintf (&optstr, "OPTION pinentry-user-data=%s", value) < 0 )
-+ return unlock_pinentry (out_of_core ());
-+ rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
-+ NULL);
-+ xfree (optstr);
-+ if (rc && gpg_err_code (rc) != GPG_ERR_UNKNOWN_OPTION)
-+ return unlock_pinentry (rc);
-+ }
-+
- rc = assuan_transact (entry_ctx,
- opt.no_grab? "OPTION no-grab":"OPTION grab",
- NULL, NULL, NULL, NULL, NULL, NULL);
-diff --git a/tests/openpgp/fake-pinentry.c b/tests/openpgp/fake-pinentry.c
-index 6ef6126..baa79a8 100644
---- a/tests/openpgp/fake-pinentry.c
-+++ b/tests/openpgp/fake-pinentry.c
-@@ -18,10 +18,12 @@
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-+#include <errno.h>
- #include <stdlib.h>
- #include <stdio.h>
- #include <string.h>
- #include <stdarg.h>
-+#include <unistd.h>
-
- FILE *log_stream;
-
-@@ -108,12 +110,39 @@ get_passphrase (const char *fname)
-
- fclose (source);
- fclose (sink);
-- rename (fname_new, fname);
-+ if (unlink (fname))
-+ {
-+ fprintf (stderr, "Failed to remove %s: %s",
-+ fname, strerror (errno));
-+ exit (1);
-+ }
-+
-+ if (rename (fname_new, fname))
-+ {
-+ fprintf (stderr, "Failed to rename %s to %s: %s",
-+ fname, fname_new, strerror (errno));
-+ exit (1);
-+ }
- return passphrase;
- }
-
-
--#define spacep(p) (*(p) == ' ' || *(p) == '\t')
-+#define spacep(p) (*(p) == ' ' || *(p) == '\t' \
-+ || *(p) == '\r' || *(p) == '\n')
-+
-+/* rstrip line. */
-+void
-+rstrip (char *buffer)
-+{
-+ char *p;
-+ for (p = buffer + strlen (buffer) - 1; p >= buffer; p--)
-+ {
-+ if (! spacep (p))
-+ break;
-+ *p = 0;
-+ }
-+}
-+
-
- /* Skip over options in LINE.
-
-@@ -164,6 +193,8 @@ int
- main (int argc, char **argv)
- {
- char *args;
-+ char *option_user_data = NULL;
-+ int got_environment_user_data;
- char *logfile;
- char *passphrasefile;
- char *passphrase;
-@@ -175,9 +206,11 @@ main (int argc, char **argv)
- setvbuf (stdout, NULL, _IOLBF, BUFSIZ);
-
- args = getenv ("PINENTRY_USER_DATA");
-+ got_environment_user_data = args != NULL;
- if (! args)
- args = "";
-
-+ restart:
- logfile = option_value (args, "--logfile");
- if (logfile)
- {
-@@ -214,9 +247,7 @@ main (int argc, char **argv)
- return 1;
- }
-
-- p = passphrase + strlen (passphrase) - 1;
-- if (*p == '\n')
-- *p = 0;
-+ rstrip (passphrase);
- }
- else
- {
-@@ -225,12 +256,13 @@ main (int argc, char **argv)
- passphrase = "no PINENTRY_USER_DATA -- using default passphrase";
- }
-
-- reply ("# fake-pinentry started. Passphrase='%s'.\n", passphrase);
-+ reply ("# fake-pinentry(%d) started. Passphrase='%s'.\n",
-+ getpid (), passphrase);
- reply ("OK - what's up?\n");
-
- while (! feof (stdin))
- {
-- char buffer[1024];
-+ char buffer[1024], *p;
-
- if (fgets (buffer, sizeof buffer, stdin) == NULL)
- break;
-@@ -238,6 +270,8 @@ main (int argc, char **argv)
- if (log_stream)
- fprintf (log_stream, "< %s", buffer);
-
-+ rstrip (buffer);
-+
- if (strncmp (buffer, "GETPIN", 6) == 0)
- reply ("D %s\n", passphrase);
- else if (strncmp (buffer, "BYE", 3) == 0)
-@@ -245,6 +279,22 @@ main (int argc, char **argv)
- reply ("OK\n");
- break;
- }
-+#define OPT_USER_DATA "OPTION pinentry-user-data="
-+ else if (strncmp (buffer, OPT_USER_DATA, strlen (OPT_USER_DATA)) == 0)
-+ {
-+ if (got_environment_user_data)
-+ {
-+ reply ("OK - I already got the data from the environment.\n");
-+ continue;
-+ }
-+
-+ if (log_stream)
-+ fclose (log_stream);
-+ log_stream = NULL;
-+ free (option_user_data);
-+ option_user_data = args = strdup (buffer + strlen (OPT_USER_DATA));
-+ goto restart;
-+ }
-
- reply ("OK\n");
- }
-@@ -253,5 +303,6 @@ main (int argc, char **argv)
- if (log_stream)
- fclose (log_stream);
-
-+ free (option_user_data);
- return 0;
- }
diff --git a/debian/patches/0097-common-avoid-segfault.patch b/debian/patches/0097-common-avoid-segfault.patch
deleted file mode 100644
index b6e12ec..0000000
--- a/debian/patches/0097-common-avoid-segfault.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-Date: Tue, 25 Oct 2016 23:55:07 -0400
-Subject: common: avoid segfault
-
-* common/sysutils.c (gnupg_inotify_watch_socket): return EINVAL if
- socket_name is NULL, rather than segfaulting
---
-Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
----
- common/sysutils.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/common/sysutils.c b/common/sysutils.c
-index 2e663bc..7c44f4a 100644
---- a/common/sysutils.c
-+++ b/common/sysutils.c
-@@ -964,6 +964,9 @@ gnupg_inotify_watch_socket (int *r_fd, const char *socket_name)
-
- *r_fd = -1;
-
-+ if (!socket_name)
-+ return gpg_error (GPG_ERR_EINVAL);
-+
- fname = xtrystrdup (socket_name);
- if (!fname)
- return my_error_from_syserror ();
diff --git a/debian/patches/0098-agent-supervised-mode-improvements.patch b/debian/patches/0098-agent-supervised-mode-improvements.patch
deleted file mode 100644
index ce339c0..0000000
--- a/debian/patches/0098-agent-supervised-mode-improvements.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-Date: Tue, 25 Oct 2016 23:55:08 -0400
-Subject: agent: --supervised mode improvements.
-
-* agent/gpg-agent.c (map_supervised_socket): if the agent is running
- in --supervised mode and is not actually given LISTEN_FDNAMES
- directives, require at least fd 3 to be open for listening.
---
-Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
----
- agent/gpg-agent.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
-index 0146d85..78c4b02 100644
---- a/agent/gpg-agent.c
-+++ b/agent/gpg-agent.c
-@@ -719,12 +719,19 @@ map_supervised_sockets (gnupg_fd_t *r_fd,
- /* Assign the descriptors to the return values. */
- if (!fdnames)
- {
-+ struct stat statbuf;
- if (fd_count != 1)
- log_error ("no LISTEN_FDNAMES and LISTEN_FDS (%d) != 1"
- " in --supervised mode."
- " (ignoring all sockets but the first one)\n",
- fd_count);
-+ if (fstat (3, &statbuf) == -1 && errno ==EBADF)
-+ log_fatal ("file descriptor 3 must be valid in --supervised mode (as the "
-+ "agent's standard socket) if LISTEN_FDNAMES is not set\n");
- *r_fd = 3;
-+ socket_name = get_socket_name (3);
-+ if (!socket_name)
-+ log_error ("cannot learn socket name for fd 3\n");
- }
- else if (fd_count != nfdnames)
- {
diff --git a/debian/patches/0099-doc-Fix-spelling-of-internal.patch b/debian/patches/0099-doc-Fix-spelling-of-internal.patch
deleted file mode 100644
index d37e61a..0000000
--- a/debian/patches/0099-doc-Fix-spelling-of-internal.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-Date: Tue, 25 Oct 2016 21:43:57 -0400
-Subject: doc: Fix spelling of "internal".
-
---
-Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
----
- doc/dirmngr.texi | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
-index 43a1d84..41c6b84 100644
---- a/doc/dirmngr.texi
-+++ b/doc/dirmngr.texi
-@@ -492,7 +492,7 @@ Note that for OCSP responses the certificate specified using the option
-
- @item /etc/gnupg/extra-certs
- This directory may contain extra certificates which are preloaded
--into the interal cache on startup. Applications using dirmngr (e.g. gpgsm)
-+into the internal cache on startup. Applications using dirmngr (e.g. gpgsm)
- can request cached certificates to complete a trust chain.
- This is convenient in cases you have a couple intermediate CA certificates
- or certificates ususally used to sign OCSP responses.
diff --git a/debian/patches/0100-tests-Improve-portability-of-fake-pinentry.patch b/debian/patches/0100-tests-Improve-portability-of-fake-pinentry.patch
deleted file mode 100644
index 9836ac4..0000000
--- a/debian/patches/0100-tests-Improve-portability-of-fake-pinentry.patch
+++ /dev/null
@@ -1,178 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Wed, 26 Oct 2016 08:34:18 +0200
-Subject: tests: Improve portability of fake-pinentry.
-
-* tests/openpgp/fake-pinentry.c: Make all functions static.
-(get_passphrase): s/unlink/remove/ because that is standard C.
-(spacep): Rename to whitespace and change all callers.
-(main): Move macro out of if-then chain.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- tests/openpgp/fake-pinentry.c | 49 ++++++++++++++++++++++++-------------------
- 1 file changed, 28 insertions(+), 21 deletions(-)
-
-diff --git a/tests/openpgp/fake-pinentry.c b/tests/openpgp/fake-pinentry.c
-index baa79a8..f3ff5f1 100644
---- a/tests/openpgp/fake-pinentry.c
-+++ b/tests/openpgp/fake-pinentry.c
-@@ -25,9 +25,10 @@
- #include <stdarg.h>
- #include <unistd.h>
-
--FILE *log_stream;
-+static FILE *log_stream;
-
--int
-+
-+static int
- reply (const char *fmt, ...)
- {
- int result;
-@@ -47,8 +48,9 @@ reply (const char *fmt, ...)
- return result;
- }
-
-+
- /* Return the first line from FNAME, removing it from the file. */
--char *
-+static char *
- get_passphrase (const char *fname)
- {
- char *passphrase = NULL;
-@@ -110,7 +112,7 @@ get_passphrase (const char *fname)
-
- fclose (source);
- fclose (sink);
-- if (unlink (fname))
-+ if (remove (fname))
- {
- fprintf (stderr, "Failed to remove %s: %s",
- fname, strerror (errno));
-@@ -127,17 +129,19 @@ get_passphrase (const char *fname)
- }
-
-
--#define spacep(p) (*(p) == ' ' || *(p) == '\t' \
-- || *(p) == '\r' || *(p) == '\n')
-+#define whitespacep(p) (*(p) == ' ' || *(p) == '\t' \
-+ || *(p) == '\r' || *(p) == '\n')
-
- /* rstrip line. */
--void
-+static void
- rstrip (char *buffer)
- {
- char *p;
-+ if (!*buffer)
-+ return; /* This is to avoid p = buffer - 1 */
- for (p = buffer + strlen (buffer) - 1; p >= buffer; p--)
- {
-- if (! spacep (p))
-+ if (! whitespacep (p))
- break;
- *p = 0;
- }
-@@ -154,13 +158,13 @@ rstrip (char *buffer)
- char *
- skip_options (const char *line)
- {
-- while (spacep (line))
-+ while (whitespacep (line))
- line++;
- while (*line == '-' && line[1] == '-')
- {
-- while (*line && !spacep (line))
-+ while (*line && !whitespacep (line))
- line++;
-- while (spacep (line))
-+ while (whitespacep (line))
- line++;
- }
- return (char*) line;
-@@ -178,12 +182,12 @@ option_value (const char *line, const char *name)
- s = strstr (line, name);
- if (s && s >= skip_options (line))
- return NULL;
-- if (s && (s == line || spacep (s-1))
-- && s[n] && (spacep (s+n) || s[n] == '='))
-+ if (s && (s == line || whitespacep (s-1))
-+ && s[n] && (whitespacep (s+n) || s[n] == '='))
- {
- s += n + 1;
- s += strspn (s, " ");
-- if (*s && !spacep(s))
-+ if (*s && !whitespacep(s))
- return s;
- }
- return NULL;
-@@ -206,7 +210,7 @@ main (int argc, char **argv)
- setvbuf (stdout, NULL, _IOLBF, BUFSIZ);
-
- args = getenv ("PINENTRY_USER_DATA");
-- got_environment_user_data = args != NULL;
-+ got_environment_user_data = !!args;
- if (! args)
- args = "";
-
-@@ -215,7 +219,7 @@ main (int argc, char **argv)
- if (logfile)
- {
- char *p = logfile, more;
-- while (*p && ! spacep (p))
-+ while (*p && ! whitespacep (p))
- p++;
- more = !! *p;
- *p = 0;
-@@ -233,7 +237,7 @@ main (int argc, char **argv)
- if (passphrasefile)
- {
- char *p = passphrasefile, more;
-- while (*p && ! spacep (p))
-+ while (*p && ! whitespacep (p))
- p++;
- more = !! *p;
- *p = 0;
-@@ -256,13 +260,13 @@ main (int argc, char **argv)
- passphrase = "no PINENTRY_USER_DATA -- using default passphrase";
- }
-
-- reply ("# fake-pinentry(%d) started. Passphrase='%s'.\n",
-- getpid (), passphrase);
-+ reply ("# fake-pinentry(%u) started. Passphrase='%s'.\n",
-+ (unsigned int)getpid (), passphrase);
- reply ("OK - what's up?\n");
-
- while (! feof (stdin))
- {
-- char buffer[1024], *p;
-+ char buffer[1024];
-
- if (fgets (buffer, sizeof buffer, stdin) == NULL)
- break;
-@@ -272,6 +276,8 @@ main (int argc, char **argv)
-
- rstrip (buffer);
-
-+#define OPT_USER_DATA "OPTION pinentry-user-data="
-+
- if (strncmp (buffer, "GETPIN", 6) == 0)
- reply ("D %s\n", passphrase);
- else if (strncmp (buffer, "BYE", 3) == 0)
-@@ -279,7 +285,6 @@ main (int argc, char **argv)
- reply ("OK\n");
- break;
- }
--#define OPT_USER_DATA "OPTION pinentry-user-data="
- else if (strncmp (buffer, OPT_USER_DATA, strlen (OPT_USER_DATA)) == 0)
- {
- if (got_environment_user_data)
-@@ -299,6 +304,8 @@ main (int argc, char **argv)
- reply ("OK\n");
- }
-
-+#undef OPT_USER_DATA
-+
- reply ("# Connection terminated.\n");
- if (log_stream)
- fclose (log_stream);
diff --git a/debian/patches/0101-common-Use-GPG_ERR_INV_VALUE-instead-of-GPG_ERR_EINV.patch b/debian/patches/0101-common-Use-GPG_ERR_INV_VALUE-instead-of-GPG_ERR_EINV.patch
deleted file mode 100644
index a5e3a3f..0000000
--- a/debian/patches/0101-common-Use-GPG_ERR_INV_VALUE-instead-of-GPG_ERR_EINV.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Wed, 26 Oct 2016 09:02:10 +0200
-Subject: common: Use GPG_ERR_INV_VALUE instead of GPG_ERR_EINVAL.
-
-* common/sysutils.c (gnupg_inotify_watch_socket): Return
-GPG_ERR_INV_VALUE for a missing socket name and set proper error
-source.
---
-
-By using a different value we can easier see whether the error is due
-to a system call or from GnuPG code.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- common/sysutils.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/common/sysutils.c b/common/sysutils.c
-index 7c44f4a..6c8bd3b 100644
---- a/common/sysutils.c
-+++ b/common/sysutils.c
-@@ -965,7 +965,7 @@ gnupg_inotify_watch_socket (int *r_fd, const char *socket_name)
- *r_fd = -1;
-
- if (!socket_name)
-- return gpg_error (GPG_ERR_EINVAL);
-+ return my_error (GPG_ERR_INV_VALUE);
-
- fname = xtrystrdup (socket_name);
- if (!fname)
diff --git a/debian/patches/0102-agent-Avoid-double-error-message.patch b/debian/patches/0102-agent-Avoid-double-error-message.patch
deleted file mode 100644
index f9d511f..0000000
--- a/debian/patches/0102-agent-Avoid-double-error-message.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Wed, 26 Oct 2016 09:10:29 +0200
-Subject: agent: Avoid double error message.
-
-* agent/gpg-agent.c (map_supervised_sockets): Shorten error message.
-Remove unneeded diagnostic.
---
-
-get_socket_name already prints error messages and thus there is not
-need to print another one.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- agent/gpg-agent.c | 7 +++----
- 1 file changed, 3 insertions(+), 4 deletions(-)
-
-diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
-index 78c4b02..8f4dade 100644
---- a/agent/gpg-agent.c
-+++ b/agent/gpg-agent.c
-@@ -720,18 +720,17 @@ map_supervised_sockets (gnupg_fd_t *r_fd,
- if (!fdnames)
- {
- struct stat statbuf;
-+
- if (fd_count != 1)
- log_error ("no LISTEN_FDNAMES and LISTEN_FDS (%d) != 1"
- " in --supervised mode."
- " (ignoring all sockets but the first one)\n",
- fd_count);
- if (fstat (3, &statbuf) == -1 && errno ==EBADF)
-- log_fatal ("file descriptor 3 must be valid in --supervised mode (as the "
-- "agent's standard socket) if LISTEN_FDNAMES is not set\n");
-+ log_fatal ("file descriptor 3 must be valid in --supervised mode"
-+ " if LISTEN_FDNAMES is not set\n");
- *r_fd = 3;
- socket_name = get_socket_name (3);
-- if (!socket_name)
-- log_error ("cannot learn socket name for fd 3\n");
- }
- else if (fd_count != nfdnames)
- {
diff --git a/debian/patches/0103-dirmngr-Fix-hang-due-to-deferred-thread-initializati.patch b/debian/patches/0103-dirmngr-Fix-hang-due-to-deferred-thread-initializati.patch
deleted file mode 100644
index cd53a60..0000000
--- a/debian/patches/0103-dirmngr-Fix-hang-due-to-deferred-thread-initializati.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Wed, 26 Oct 2016 10:24:41 +0200
-Subject: dirmngr: Fix hang due to deferred thread initialization.
-
-* dirmngr/dirmngr.c (main): Call ldap_wrapper_launch_thread after
-thread_init.
---
-
-Fixes-commit: eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- dirmngr/dirmngr.c | 25 ++++++++++++-------------
- 1 file changed, 12 insertions(+), 13 deletions(-)
-
-diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
-index ba9f96d..cf5061c 100644
---- a/dirmngr/dirmngr.c
-+++ b/dirmngr/dirmngr.c
-@@ -983,13 +983,13 @@ main (int argc, char **argv)
- log_debug ("... okay\n");
- }
-
--#if USE_LDAP
-- ldap_wrapper_launch_thread ();
--#endif /*USE_LDAP*/
-
- thread_init ();
- cert_cache_init ();
- crl_cache_init ();
-+#if USE_LDAP
-+ ldap_wrapper_launch_thread ();
-+#endif /*USE_LDAP*/
- start_command_handler (ASSUAN_INVALID_FD);
- shutdown_reaper ();
- }
-@@ -1182,13 +1182,12 @@ main (int argc, char **argv)
- }
- #endif
-
--#if USE_LDAP
-- ldap_wrapper_launch_thread ();
--#endif /*USE_LDAP*/
--
- thread_init ();
- cert_cache_init ();
- crl_cache_init ();
-+#if USE_LDAP
-+ ldap_wrapper_launch_thread ();
-+#endif /*USE_LDAP*/
- handle_connections (fd);
- assuan_sock_close (fd);
- shutdown_reaper ();
-@@ -1211,12 +1210,12 @@ main (int argc, char **argv)
- memset (&ctrlbuf, 0, sizeof ctrlbuf);
- dirmngr_init_default_ctrl (&ctrlbuf);
-
--#if USE_LDAP
-- ldap_wrapper_launch_thread ();
--#endif /*USE_LDAP*/
- thread_init ();
- cert_cache_init ();
- crl_cache_init ();
-+#if USE_LDAP
-+ ldap_wrapper_launch_thread ();
-+#endif /*USE_LDAP*/
- if (!argc)
- rc = crl_cache_load (&ctrlbuf, NULL);
- else
-@@ -1237,12 +1236,12 @@ main (int argc, char **argv)
- memset (&ctrlbuf, 0, sizeof ctrlbuf);
- dirmngr_init_default_ctrl (&ctrlbuf);
-
--#if USE_LDAP
-- ldap_wrapper_launch_thread ();
--#endif /*USE_LDAP*/
- thread_init ();
- cert_cache_init ();
- crl_cache_init ();
-+#if USE_LDAP
-+ ldap_wrapper_launch_thread ();
-+#endif /*USE_LDAP*/
- rc = crl_fetch (&ctrlbuf, argv[0], &reader);
- if (rc)
- log_error (_("fetching CRL from '%s' failed: %s\n"),
diff --git a/debian/patches/0104-common-Fix-gnupg_inotify_has_name.patch b/debian/patches/0104-common-Fix-gnupg_inotify_has_name.patch
deleted file mode 100644
index 7af9c98..0000000
--- a/debian/patches/0104-common-Fix-gnupg_inotify_has_name.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Thu, 27 Oct 2016 10:16:48 +0900
-Subject: common: Fix gnupg_inotify_has_name.
-
-* common/sysutils.c (gnupg_inotify_has_name): Take care of the
-alignment.
-
---
-
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- common/sysutils.c | 36 ++++++++++++++++++++++--------------
- 1 file changed, 22 insertions(+), 14 deletions(-)
-
-diff --git a/common/sysutils.c b/common/sysutils.c
-index 6c8bd3b..70749cc 100644
---- a/common/sysutils.c
-+++ b/common/sysutils.c
-@@ -1014,40 +1014,48 @@ int
- gnupg_inotify_has_name (int fd, const char *name)
- {
- #if USE_NPTH && HAVE_INOTIFY_INIT
-- union {
-- struct inotify_event ev;
-- char _buf[sizeof (struct inotify_event) + 255 + 1];
-- } buf;
-- struct inotify_event *evp;
-+#define BUFSIZE_FOR_INOTIFY (sizeof (struct inotify_event) + 255 + 1)
-+ char buf[BUFSIZE_FOR_INOTIFY];
-+ char *p;
- int n;
-
-- n = npth_read (fd, &buf, sizeof buf);
-+ n = npth_read (fd, buf, sizeof buf);
-+ p = buf;
- /* log_debug ("notify read: n=%d\n", n); */
-- evp = &buf.ev;
- while (n >= sizeof (struct inotify_event))
- {
-+ struct inotify_event ev;
-+ const char *ev_name;
-+
-+ memcpy (&ev, p, sizeof (struct inotify_event));
-+
-+ if (ev.len > 255 + 1) /* Something goes wrong, skip this data. */
-+ break;
-+
-+ ev_name = p + sizeof (struct inotify_event);
-+ p += sizeof (struct inotify_event) + ev.len;
-+ n -= sizeof (struct inotify_event) + ev.len;
-+
- /* log_debug (" mask=%x len=%u name=(%s)\n", */
-- /* evp->mask, (unsigned int)evp->len, evp->len? evp->name:""); */
-- if ((evp->mask & IN_UNMOUNT))
-+ /* ev.mask, (unsigned int)ev.len, ev.len? ev.name:""); */
-+ if ((ev.mask & IN_UNMOUNT))
- {
- /* log_debug (" found (dir unmounted)\n"); */
- return 3; /* Directory was unmounted. */
- }
-- if ((evp->mask & IN_DELETE_SELF))
-+ if ((ev.mask & IN_DELETE_SELF))
- {
- /* log_debug (" found (dir removed)\n"); */
- return 2; /* Directory was removed. */
- }
-- if ((evp->mask & IN_DELETE))
-+ if ((ev.mask & IN_DELETE))
- {
-- if (evp->len >= strlen (name) && !strcmp (evp->name, name))
-+ if (ev.len >= strlen (name) && !strcmp (ev_name, name))
- {
- /* log_debug (" found (file removed)\n"); */
- return 1; /* File was removed. */
- }
- }
-- n -= sizeof (*evp) + evp->len;
-- evp = (struct inotify_event *)((char*)evp + sizeof (*evp) + evp->len);
- }
-
- #else /*!(USE_NPTH && HAVE_INOTIFY_INIT)*/
diff --git a/debian/patches/0105-dirmngr-report-actual-socket-name.patch b/debian/patches/0105-dirmngr-report-actual-socket-name.patch
deleted file mode 100644
index 58e8396..0000000
--- a/debian/patches/0105-dirmngr-report-actual-socket-name.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-Date: Wed, 26 Oct 2016 16:37:06 -0400
-Subject: dirmngr: report actual socket name.
-
-* dirmngr/dirmngr.[ch] (dirmngr_get_current_socket_name): new function
-to report known socket name.
-* dirmngr/server.c (cmd_getinfo): use dirmngr_get_current_socket_name
-to report correct socket name.
-
---
-
-This fixes the output of 'getinfo socket_name' when dirmngr is invoked
-with --socket-name.
-
-Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
----
- dirmngr/dirmngr.c | 9 +++++++++
- dirmngr/dirmngr.h | 1 +
- dirmngr/server.c | 2 +-
- 3 files changed, 11 insertions(+), 1 deletion(-)
-
-diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
-index cf5061c..d0b31a4 100644
---- a/dirmngr/dirmngr.c
-+++ b/dirmngr/dirmngr.c
-@@ -2074,3 +2074,12 @@ handle_connections (assuan_fd_t listen_fd)
- cleanup ();
- log_info ("%s %s stopped\n", strusage(11), strusage(13));
- }
-+
-+const char*
-+dirmngr_get_current_socket_name (void)
-+{
-+ if (socket_name)
-+ return socket_name;
-+ else
-+ return dirmngr_socket_name ();
-+}
-diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h
-index 6127386..613633f 100644
---- a/dirmngr/dirmngr.h
-+++ b/dirmngr/dirmngr.h
-@@ -183,6 +183,7 @@ void dirmngr_exit( int ); /* Wrapper for exit() */
- void dirmngr_init_default_ctrl (ctrl_t ctrl);
- void dirmngr_deinit_default_ctrl (ctrl_t ctrl);
- void dirmngr_sighup_action (void);
-+const char* dirmngr_get_current_socket_name (void);
-
-
- /*-- Various housekeeping functions. --*/
-diff --git a/dirmngr/server.c b/dirmngr/server.c
-index fe87bbe..2f88ff2 100644
---- a/dirmngr/server.c
-+++ b/dirmngr/server.c
-@@ -2217,7 +2217,7 @@ cmd_getinfo (assuan_context_t ctx, char *line)
- }
- else if (!strcmp (line, "socket_name"))
- {
-- const char *s = dirmngr_socket_name ();
-+ const char *s = dirmngr_get_current_socket_name ();
- err = assuan_send_data (ctx, s, strlen (s));
- }
- else if (!strcmp (line, "tor"))
diff --git a/debian/patches/0106-agent-common-move-get_socket_name-into-common.patch b/debian/patches/0106-agent-common-move-get_socket_name-into-common.patch
deleted file mode 100644
index 98c3b73..0000000
--- a/debian/patches/0106-agent-common-move-get_socket_name-into-common.patch
+++ /dev/null
@@ -1,168 +0,0 @@
-From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-Date: Wed, 26 Oct 2016 16:37:07 -0400
-Subject: agent,common: move get_socket_name() into common.
-
-* agent/gpg-agent.c (get_socket_name): move to ...
-* common/sysutils.c (gnupg_get_socket_name): ... here.
-
---
-This allows us to use the same functionality in dirmngr as well.
-
-Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
----
- agent/gpg-agent.c | 50 ++------------------------------------------------
- common/sysutils.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
- common/sysutils.h | 1 +
- 3 files changed, 52 insertions(+), 48 deletions(-)
-
-diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
-index 8f4dade..d74ea2b 100644
---- a/agent/gpg-agent.c
-+++ b/agent/gpg-agent.c
-@@ -576,52 +576,6 @@ remove_socket (char *name, char *redir_name)
- }
-
-
--/* Return a malloc'ed string that is the path to the passed
-- * unix-domain socket (or return NULL if this is not a valid
-- * unix-domain socket). We use a plain int here because it is only
-- * used on Linux.
-- *
-- * FIXME: This function needs to be moved to libassuan. */
--#ifndef HAVE_W32_SYSTEM
--static char *
--get_socket_name (int fd)
--{
-- struct sockaddr_un un;
-- socklen_t len = sizeof(un);
-- char *name = NULL;
--
-- if (getsockname (fd, (struct sockaddr*)&un, &len) != 0)
-- log_error ("could not getsockname(%d): %s\n", fd,
-- gpg_strerror (gpg_error_from_syserror ()));
-- else if (un.sun_family != AF_UNIX)
-- log_error ("file descriptor %d is not a unix-domain socket\n", fd);
-- else if (len <= offsetof (struct sockaddr_un, sun_path))
-- log_error ("socket name not present for file descriptor %d\n", fd);
-- else if (len > sizeof(un))
-- log_error ("socket name for file descriptor %d was truncated "
-- "(passed %zu bytes, wanted %u)\n", fd, sizeof(un), len);
-- else
-- {
-- size_t namelen = len - offsetof (struct sockaddr_un, sun_path);
--
-- log_debug ("file descriptor %d has path %s (%zu octets)\n", fd,
-- un.sun_path, namelen);
-- name = xtrymalloc (namelen + 1);
-- if (!name)
-- log_error ("failed to allocate memory for name of fd %d: %s\n",
-- fd, gpg_strerror (gpg_error_from_syserror ()));
-- else
-- {
-- memcpy (name, un.sun_path, namelen);
-- name[namelen] = 0;
-- }
-- }
--
-- return name;
--}
--#endif /*!HAVE_W32_SYSTEM*/
--
--
- /* Discover which inherited file descriptors correspond to which
- * services/sockets offered by gpg-agent, using the LISTEN_FDS and
- * LISTEN_FDNAMES convention. The understood labels are "ssh",
-@@ -730,7 +684,7 @@ map_supervised_sockets (gnupg_fd_t *r_fd,
- log_fatal ("file descriptor 3 must be valid in --supervised mode"
- " if LISTEN_FDNAMES is not set\n");
- *r_fd = 3;
-- socket_name = get_socket_name (3);
-+ socket_name = gnupg_get_socket_name (3);
- }
- else if (fd_count != nfdnames)
- {
-@@ -752,7 +706,7 @@ map_supervised_sockets (gnupg_fd_t *r_fd,
- fd = 3 + i;
- if (**tbl[j].fdaddr == -1)
- {
-- name = get_socket_name (fd);
-+ name = gnupg_get_socket_name (fd);
- if (name)
- {
- **tbl[j].fdaddr = fd;
-diff --git a/common/sysutils.c b/common/sysutils.c
-index 70749cc..2927a85 100644
---- a/common/sysutils.c
-+++ b/common/sysutils.c
-@@ -62,6 +62,9 @@
- # include <winsock2.h>
- # endif
- # include <windows.h>
-+#else /*!HAVE_W32_SYSTEM*/
-+# include <sys/socket.h>
-+# include <sys/un.h>
- #endif
- #ifdef HAVE_INOTIFY_INIT
- # include <sys/inotify.h>
-@@ -1067,3 +1070,49 @@ gnupg_inotify_has_name (int fd, const char *name)
-
- return 0; /* Not found. */
- }
-+
-+
-+/* Return a malloc'ed string that is the path to the passed
-+ * unix-domain socket (or return NULL if this is not a valid
-+ * unix-domain socket). We use a plain int here because it is only
-+ * used on Linux.
-+ *
-+ * FIXME: This function needs to be moved to libassuan. */
-+#ifndef HAVE_W32_SYSTEM
-+char *
-+gnupg_get_socket_name (int fd)
-+{
-+ struct sockaddr_un un;
-+ socklen_t len = sizeof(un);
-+ char *name = NULL;
-+
-+ if (getsockname (fd, (struct sockaddr*)&un, &len) != 0)
-+ log_error ("could not getsockname(%d): %s\n", fd,
-+ gpg_strerror (gpg_error_from_syserror ()));
-+ else if (un.sun_family != AF_UNIX)
-+ log_error ("file descriptor %d is not a unix-domain socket\n", fd);
-+ else if (len <= offsetof (struct sockaddr_un, sun_path))
-+ log_error ("socket name not present for file descriptor %d\n", fd);
-+ else if (len > sizeof(un))
-+ log_error ("socket name for file descriptor %d was truncated "
-+ "(passed %zu bytes, wanted %u)\n", fd, sizeof(un), len);
-+ else
-+ {
-+ size_t namelen = len - offsetof (struct sockaddr_un, sun_path);
-+
-+ log_debug ("file descriptor %d has path %s (%zu octets)\n", fd,
-+ un.sun_path, namelen);
-+ name = xtrymalloc (namelen + 1);
-+ if (!name)
-+ log_error ("failed to allocate memory for name of fd %d: %s\n",
-+ fd, gpg_strerror (gpg_error_from_syserror ()));
-+ else
-+ {
-+ memcpy (name, un.sun_path, namelen);
-+ name[namelen] = 0;
-+ }
-+ }
-+
-+ return name;
-+}
-+#endif /*!HAVE_W32_SYSTEM*/
-diff --git a/common/sysutils.h b/common/sysutils.h
-index ea92e4c..7105107 100644
---- a/common/sysutils.h
-+++ b/common/sysutils.h
-@@ -66,6 +66,7 @@ char *gnupg_mkdtemp (char *template);
- int gnupg_setenv (const char *name, const char *value, int overwrite);
- int gnupg_unsetenv (const char *name);
- char *gnupg_getcwd (void);
-+char *gnupg_get_socket_name (int fd);
-
- gpg_error_t gnupg_inotify_watch_socket (int *r_fd, const char *socket_name);
- int gnupg_inotify_has_name (int fd, const char *name);
diff --git a/debian/patches/0107-dirmngr-Implement-supervised-command-for-systemd-etc.patch b/debian/patches/0107-dirmngr-Implement-supervised-command-for-systemd-etc.patch
deleted file mode 100644
index 2d01012..0000000
--- a/debian/patches/0107-dirmngr-Implement-supervised-command-for-systemd-etc.patch
+++ /dev/null
@@ -1,119 +0,0 @@
-From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-Date: Wed, 26 Oct 2016 16:37:08 -0400
-Subject: dirmngr: Implement --supervised command (for systemd, etc).
-
-* dirmngr/dirmngr.c (main): Add new --supervised command, which is a
-mode designed for running under a process supervision system like
-systemd or runit.
-* doc/dirmngr.texi: document --supervised option.
-
---
-
-"dirmngr --supervised" is a way to invoke dirmngr such that a system
-supervisor like systemd can provide socket-activated startup, log
-management, and scheduled shutdown.
-
-When running in this mode, dirmngr:
-
- * Does not open its own listening socket; rather, it expects to be
- given a listening socket on file descriptor 3.
-
- * Does not detach from the invoking process, staying in the
- foreground instead.
-
-Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
----
- dirmngr/dirmngr.c | 40 ++++++++++++++++++++++++++++++++++++++++
- doc/dirmngr.texi | 7 +++++++
- 2 files changed, 47 insertions(+)
-
-diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
-index d0b31a4..9689c9b 100644
---- a/dirmngr/dirmngr.c
-+++ b/dirmngr/dirmngr.c
-@@ -88,6 +88,7 @@ enum cmd_and_opt_values {
-
- aServer,
- aDaemon,
-+ aSupervised,
- aListCRLs,
- aLoadCRL,
- aFetchCRL,
-@@ -149,6 +150,7 @@ static ARGPARSE_OPTS opts[] = {
-
- ARGPARSE_c (aServer, "server", N_("run in server mode (foreground)") ),
- ARGPARSE_c (aDaemon, "daemon", N_("run in daemon mode (background)") ),
-+ ARGPARSE_c (aSupervised, "supervised", N_("run under supervision (e.g. systemd)")),
- ARGPARSE_c (aListCRLs, "list-crls", N_("list the contents of the CRL cache")),
- ARGPARSE_c (aLoadCRL, "load-crl", N_("|FILE|load CRL from FILE into cache")),
- ARGPARSE_c (aFetchCRL, "fetch-crl", N_("|URL|fetch a CRL from URL")),
-@@ -814,6 +816,7 @@ main (int argc, char **argv)
- {
- case aServer:
- case aDaemon:
-+ case aSupervised:
- case aShutdown:
- case aFlush:
- case aListCRLs:
-@@ -993,6 +996,43 @@ main (int argc, char **argv)
- start_command_handler (ASSUAN_INVALID_FD);
- shutdown_reaper ();
- }
-+ else if (cmd == aSupervised)
-+ {
-+ /* In supervised mode, we expect file descriptor 3 to be an
-+ already opened, listening socket.
-+
-+ We will also not detach from the controlling process or close
-+ stderr; the supervisor should handle all of that. */
-+ struct stat statbuf;
-+ if (fstat (3, &statbuf) == -1 && errno ==EBADF)
-+ {
-+ log_error ("file descriptor 3 must be already open in --supervised mode\n");
-+ dirmngr_exit (1);
-+ }
-+ socket_name = gnupg_get_socket_name (3);
-+
-+ /* Now start with logging to a file if this is desired. */
-+ if (logfile)
-+ {
-+ log_set_file (logfile);
-+ log_set_prefix (NULL, (GPGRT_LOG_WITH_PREFIX
-+ |GPGRT_LOG_WITH_TIME
-+ |GPGRT_LOG_WITH_PID));
-+ current_logfile = xstrdup (logfile);
-+ }
-+ else
-+ log_set_prefix (NULL, 0);
-+
-+ thread_init ();
-+ cert_cache_init ();
-+ crl_cache_init ();
-+#if USE_LDAP
-+ ldap_wrapper_launch_thread ();
-+#endif /*USE_LDAP*/
-+ handle_connections (3);
-+ assuan_sock_close (3);
-+ shutdown_reaper ();
-+ }
- else if (cmd == aDaemon)
- {
- assuan_fd_t fd;
-diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
-index 41c6b84..7be2c37 100644
---- a/doc/dirmngr.texi
-+++ b/doc/dirmngr.texi
-@@ -85,6 +85,13 @@ Run in background daemon mode and listen for commands on a socket.
- Note that this also changes the default home directory and enables the
- internal certificate validation code. This mode is deprecated.
-
-+ at item --supervised
-+ at opindex supervised
-+Run in the foreground, sending logs to stderr, and listening on file
-+descriptor 3, which must already be bound to a listening socket. This
-+is useful when running under systemd or other similar process
-+supervision schemes.
-+
- @item --list-crls
- @opindex list-crls
- List the contents of the CRL cache on @code{stdout}. This is probably
diff --git a/debian/patches/0108-g10-ECDH-shared-point-format.patch b/debian/patches/0108-g10-ECDH-shared-point-format.patch
deleted file mode 100644
index 8fe5d1d..0000000
--- a/debian/patches/0108-g10-ECDH-shared-point-format.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From: Arnaud Fontaine <arnaud.fontaine at ssi.gouv.fr>
-Date: Tue, 25 Oct 2016 13:43:08 +0200
-Subject: g10: ECDH shared point format.
-
-* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Improve handling of
-ECDH shared point format.
-
---
-This handles the case where the result comes from scdaemon.
-
-Signed-off-by: Arnaud Fontaine <arnaud.fontaine at ssi.gouv.fr>
----
- g10/ecdh.c | 32 ++++++++++++++++++++++++--------
- 1 file changed, 24 insertions(+), 8 deletions(-)
-
-diff --git a/g10/ecdh.c b/g10/ecdh.c
-index af1d844..886427b 100644
---- a/g10/ecdh.c
-+++ b/g10/ecdh.c
-@@ -132,14 +132,30 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi,
- return err;
- }
-
-+ /* Expected size of the x component */
- secret_x_size = (nbits+7)/8;
-- log_assert (nbytes >= secret_x_size);
-- if ((nbytes & 1))
-- /* Remove the "04" prefix of non-compressed format. */
-- memmove (secret_x, secret_x+1, secret_x_size);
-- if (nbytes - secret_x_size)
-- memset (secret_x+secret_x_size, 0, nbytes-secret_x_size);
-
-+ if (nbytes > secret_x_size)
-+ {
-+ /* Uncompressed format expected, so it must start with 04 */
-+ if (secret_x[0] != (byte)0x04)
-+ {
-+ return gpg_error (GPG_ERR_BAD_DATA);
-+ }
-+
-+ /* Remove the "04" prefix of non-compressed format. */
-+ memmove (secret_x, secret_x+1, secret_x_size);
-+
-+ /* Zeroize the y component following */
-+ if (nbytes > secret_x_size)
-+ memset (secret_x+secret_x_size, 0, nbytes-secret_x_size);
-+ }
-+ else if (nbytes < secret_x_size)
-+ {
-+ /* Raw share secret (x coordinate), without leading zeros */
-+ memmove (secret_x+(secret_x_size - nbytes), secret_x, nbytes);
-+ memset (secret_x, 0, secret_x_size - nbytes);
-+ }
- if (DBG_CRYPTO)
- log_printhex ("ECDH shared secret X is:", secret_x, secret_x_size );
- }
-@@ -235,8 +251,8 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi,
- return err;
- }
- gcry_md_write(h, "\x00\x00\x00\x01", 4); /* counter = 1 */
-- gcry_md_write(h, secret_x, secret_x_size); /* x of the point X */
-- gcry_md_write(h, message, message_size);/* KDF parameters */
-+ gcry_md_write(h, secret_x, secret_x_size); /* x of the point X */
-+ gcry_md_write(h, message, message_size); /* KDF parameters */
-
- gcry_md_final (h);
-
diff --git a/debian/patches/0109-scd-Add-0x41-prefix-for-x-coordinate-only-result.patch b/debian/patches/0109-scd-Add-0x41-prefix-for-x-coordinate-only-result.patch
deleted file mode 100644
index 7b9788f..0000000
--- a/debian/patches/0109-scd-Add-0x41-prefix-for-x-coordinate-only-result.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Thu, 27 Oct 2016 11:56:18 +0900
-Subject: scd: Add 0x41 prefix for x-coordinate only result.
-
-* scd/app-openpgp.c (do_decipher): When it's x-coordinate only, add the
-prefix 0x41.
-
---
-Card should return fixed size bytes, either in format of
-(04 || X || Y) or (X, x-coordinate only).
-
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- scd/app-openpgp.c | 33 +++++++++++++++++++++------------
- 1 file changed, 21 insertions(+), 12 deletions(-)
-
-diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
-index 4e042e7..d75721f 100644
---- a/scd/app-openpgp.c
-+++ b/scd/app-openpgp.c
-@@ -4406,20 +4406,29 @@ do_decipher (app_t app, const char *keyidstr,
- indata, indatalen, le_value, padind,
- outdata, outdatalen);
- xfree (fixbuf);
-- if (app->app_local->keyattr[1].key_type == KEY_TYPE_ECC
-- && (app->app_local->keyattr[1].ecc.flags & ECC_FLAG_DJB_TWEAK))
-- { /* Add the prefix 0x40 */
-- fixbuf = xtrymalloc (*outdatalen + 1);
-- if (!fixbuf)
-- {
-+ if (app->app_local->keyattr[1].key_type == KEY_TYPE_ECC)
-+ {
-+ unsigned char prefix = 0;
-+
-+ if (app->app_local->keyattr[1].ecc.flags & ECC_FLAG_DJB_TWEAK)
-+ prefix = 0x40;
-+ else if ((*outdatalen % 2) == 0) /* No 0x04 -> x-coordinate only */
-+ prefix = 0x41;
-+
-+ if (prefix)
-+ { /* Add the prefix */
-+ fixbuf = xtrymalloc (*outdatalen + 1);
-+ if (!fixbuf)
-+ {
-+ xfree (*outdata);
-+ return gpg_error_from_syserror ();
-+ }
-+ fixbuf[0] = prefix;
-+ memcpy (fixbuf+1, *outdata, *outdatalen);
- xfree (*outdata);
-- return gpg_error_from_syserror ();
-+ *outdata = fixbuf;
-+ *outdatalen = *outdatalen + 1;
- }
-- fixbuf[0] = 0x40;
-- memcpy (fixbuf+1, *outdata, *outdatalen);
-- xfree (*outdata);
-- *outdata = fixbuf;
-- *outdatalen = *outdatalen + 1;
- }
-
- if (gpg_err_code (rc) == GPG_ERR_CARD /* actual SW is 0x640a */
diff --git a/debian/patches/0110-g10-Fix-ECDH-clarifying-the-format.patch b/debian/patches/0110-g10-Fix-ECDH-clarifying-the-format.patch
deleted file mode 100644
index 84a451e..0000000
--- a/debian/patches/0110-g10-Fix-ECDH-clarifying-the-format.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Thu, 27 Oct 2016 12:59:49 +0900
-Subject: g10: Fix ECDH, clarifying the format.
-
-* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Returns error when
-it's short. Clarify the format. Handle other prefixes correctly.
-
---
-With the scdaemon's change, there is no case NBYTES < SECRET_X_SIZE.
-This fixes the break of ECDH with X25519.
-
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- g10/ecdh.c | 38 ++++++++++++++++++++------------------
- 1 file changed, 20 insertions(+), 18 deletions(-)
-
-diff --git a/g10/ecdh.c b/g10/ecdh.c
-index 886427b..dd47544 100644
---- a/g10/ecdh.c
-+++ b/g10/ecdh.c
-@@ -135,27 +135,29 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi,
- /* Expected size of the x component */
- secret_x_size = (nbits+7)/8;
-
-- if (nbytes > secret_x_size)
-+ /* Extract X from the result. It must be in the format of:
-+ 04 || X || Y
-+ 40 || X
-+ 41 || X
-+
-+ Since it always comes with the prefix, it's larger than X. In
-+ old experimental version of libgcrypt, there is a case where it
-+ returns X with no prefix of 40, so, nbytes == secret_x_size
-+ is allowed. */
-+ if (nbytes < secret_x_size)
- {
-- /* Uncompressed format expected, so it must start with 04 */
-- if (secret_x[0] != (byte)0x04)
-- {
-- return gpg_error (GPG_ERR_BAD_DATA);
-- }
-+ xfree (secret_x);
-+ return gpg_error (GPG_ERR_BAD_DATA);
-+ }
-
-- /* Remove the "04" prefix of non-compressed format. */
-- memmove (secret_x, secret_x+1, secret_x_size);
-+ /* Remove the prefix. */
-+ if ((nbytes & 1))
-+ memmove (secret_x, secret_x+1, secret_x_size);
-+
-+ /* Clear the rest of data. */
-+ if (nbytes - secret_x_size)
-+ memset (secret_x+secret_x_size, 0, nbytes-secret_x_size);
-
-- /* Zeroize the y component following */
-- if (nbytes > secret_x_size)
-- memset (secret_x+secret_x_size, 0, nbytes-secret_x_size);
-- }
-- else if (nbytes < secret_x_size)
-- {
-- /* Raw share secret (x coordinate), without leading zeros */
-- memmove (secret_x+(secret_x_size - nbytes), secret_x, nbytes);
-- memset (secret_x, 0, secret_x_size - nbytes);
-- }
- if (DBG_CRYPTO)
- log_printhex ("ECDH shared secret X is:", secret_x, secret_x_size );
- }
diff --git a/debian/patches/0111-dirmngr-Fix-error-return-for-ADNS.patch b/debian/patches/0111-dirmngr-Fix-error-return-for-ADNS.patch
deleted file mode 100644
index 1180366..0000000
--- a/debian/patches/0111-dirmngr-Fix-error-return-for-ADNS.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Thu, 27 Oct 2016 14:49:17 +0900
-Subject: dirmngr: Fix error return for ADNS.
-
-* dirmngr/dns-stuff.c (resolve_name_adns): Use RET for return value.
-
---
-There are cases where libadns returns an error without setting the
-variable ERRNO.
-
-GnuPG-bug-id: 2745
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- dirmngr/dns-stuff.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
-index ac295b0..284ef09 100644
---- a/dirmngr/dns-stuff.c
-+++ b/dirmngr/dns-stuff.c
-@@ -278,7 +278,7 @@ resolve_name_adns (const char *name, unsigned short port,
- my_protect ();
- if (ret)
- {
-- err = gpg_error_from_syserror ();
-+ err = ret;
- log_error ("DNS query failed: %s\n", gpg_strerror (err));
- goto leave;
- }
diff --git a/debian/patches/0112-dirmngr-More-ADNS-error-fix.patch b/debian/patches/0112-dirmngr-More-ADNS-error-fix.patch
deleted file mode 100644
index b3f8359..0000000
--- a/debian/patches/0112-dirmngr-More-ADNS-error-fix.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Thu, 27 Oct 2016 15:01:42 +0900
-Subject: dirmngr: More ADNS error fix.
-
-* dirmngr/dns-stuff.c (get_dns_cert, getsrv, get_dns_cname): Fix return
-value.
-
---
-GnuPG-bug-id: 2745
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- dirmngr/dns-stuff.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
-index 284ef09..28a500c 100644
---- a/dirmngr/dns-stuff.c
-+++ b/dirmngr/dns-stuff.c
-@@ -682,8 +682,8 @@ get_dns_cert (const char *name, int want_certtype,
- my_protect ();
- if (ret)
- {
-- err = gpg_error_from_syserror ();
-- /* log_error ("DNS query failed: %s\n", strerror (errno)); */
-+ err = ret;
-+ /* log_error ("DNS query failed: %s\n", strerror (err)); */
- adns_finish (state);
- return err;
- }
-@@ -1036,7 +1036,7 @@ getsrv (const char *name,struct srventry **list)
- my_protect ();
- if (rc)
- {
-- log_error ("DNS query failed: %s\n", strerror (errno));
-+ log_error ("DNS query failed: %s\n", strerror (rc));
- adns_finish (state);
- return -1;
- }
-@@ -1281,7 +1281,7 @@ get_dns_cname (const char *name, char **r_cname)
- my_protect ();
- if (rc)
- {
-- err = gpg_error_from_syserror ();
-+ err = rc;
- log_error ("DNS query failed: %s\n", gpg_strerror (err));
- adns_finish (state);
- return err;
diff --git a/debian/patches/0113-common-Fix-gnupg_inotify_has_name-differently.patch b/debian/patches/0113-common-Fix-gnupg_inotify_has_name-differently.patch
deleted file mode 100644
index 264d10a..0000000
--- a/debian/patches/0113-common-Fix-gnupg_inotify_has_name-differently.patch
+++ /dev/null
@@ -1,83 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Thu, 27 Oct 2016 15:37:47 +0900
-Subject: common: Fix gnupg_inotify_has_name, differently.
-
-* common/sysutils.c (gnupg_inotify_has_name): Use void * to stop the
-warning.
-
---
-According to the man page of inotify(7), it is aligned by null bytes.
-So, bc28f320fa6f5b9fcdb73dba5e6c582daf7992c5 is reverted.
-
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- common/sysutils.c | 36 +++++++++++++++---------------------
- 1 file changed, 15 insertions(+), 21 deletions(-)
-
-diff --git a/common/sysutils.c b/common/sysutils.c
-index 2927a85..944ae16 100644
---- a/common/sysutils.c
-+++ b/common/sysutils.c
-@@ -1018,47 +1018,41 @@ gnupg_inotify_has_name (int fd, const char *name)
- {
- #if USE_NPTH && HAVE_INOTIFY_INIT
- #define BUFSIZE_FOR_INOTIFY (sizeof (struct inotify_event) + 255 + 1)
-- char buf[BUFSIZE_FOR_INOTIFY];
-- char *p;
-+ union {
-+ struct inotify_event ev;
-+ char _buf[sizeof (struct inotify_event) + 255 + 1];
-+ } buf;
-+ struct inotify_event *evp;
- int n;
-
-- n = npth_read (fd, buf, sizeof buf);
-- p = buf;
-+ n = npth_read (fd, &buf, sizeof buf);
- /* log_debug ("notify read: n=%d\n", n); */
-+ evp = &buf.ev;
- while (n >= sizeof (struct inotify_event))
- {
-- struct inotify_event ev;
-- const char *ev_name;
--
-- memcpy (&ev, p, sizeof (struct inotify_event));
--
-- if (ev.len > 255 + 1) /* Something goes wrong, skip this data. */
-- break;
--
-- ev_name = p + sizeof (struct inotify_event);
-- p += sizeof (struct inotify_event) + ev.len;
-- n -= sizeof (struct inotify_event) + ev.len;
--
- /* log_debug (" mask=%x len=%u name=(%s)\n", */
-- /* ev.mask, (unsigned int)ev.len, ev.len? ev.name:""); */
-- if ((ev.mask & IN_UNMOUNT))
-+ /* evp->mask, (unsigned int)evp->len, evp->len? evp->name:""); */
-+ if ((evp->mask & IN_UNMOUNT))
- {
- /* log_debug (" found (dir unmounted)\n"); */
- return 3; /* Directory was unmounted. */
- }
-- if ((ev.mask & IN_DELETE_SELF))
-+ if ((evp->mask & IN_DELETE_SELF))
- {
- /* log_debug (" found (dir removed)\n"); */
- return 2; /* Directory was removed. */
- }
-- if ((ev.mask & IN_DELETE))
-+ if ((evp->mask & IN_DELETE))
- {
-- if (ev.len >= strlen (name) && !strcmp (ev_name, name))
-+ if (evp->len >= strlen (name) && !strcmp (evp->name, name))
- {
- /* log_debug (" found (file removed)\n"); */
- return 1; /* File was removed. */
- }
- }
-+ n -= sizeof (*evp) + evp->len;
-+ evp = (struct inotify_event *)(void *)
-+ ((char *)evp + sizeof (*evp) + evp->len);
- }
-
- #else /*!(USE_NPTH && HAVE_INOTIFY_INIT)*/
diff --git a/debian/patches/0114-dirmngr-ADNS-error-handling-fix.patch b/debian/patches/0114-dirmngr-ADNS-error-handling-fix.patch
deleted file mode 100644
index a5b0e00..0000000
--- a/debian/patches/0114-dirmngr-ADNS-error-handling-fix.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Thu, 27 Oct 2016 16:22:26 +0900
-Subject: dirmngr: ADNS error handling fix.
-
-* dirmngr/dns-stuff.c (resolve_name_adns, get_dns_cert, get_dns_cname):
-Use gpg_error and gpg_err_code_from_errno to compose the error value.
-
---
-This fixes commits 6f1d8123d61b3efac94b4c61ee75bd947790ba42.
-
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- dirmngr/dns-stuff.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
-index 28a500c..4bd3a87 100644
---- a/dirmngr/dns-stuff.c
-+++ b/dirmngr/dns-stuff.c
-@@ -278,7 +278,7 @@ resolve_name_adns (const char *name, unsigned short port,
- my_protect ();
- if (ret)
- {
-- err = ret;
-+ err = gpg_error (gpg_err_code_from_errno (ret));
- log_error ("DNS query failed: %s\n", gpg_strerror (err));
- goto leave;
- }
-@@ -682,8 +682,8 @@ get_dns_cert (const char *name, int want_certtype,
- my_protect ();
- if (ret)
- {
-- err = ret;
-- /* log_error ("DNS query failed: %s\n", strerror (err)); */
-+ err = gpg_error (gpg_err_code_from_errno (ret));
-+ /* log_error ("DNS query failed: %s\n", gpg_strerror (err)); */
- adns_finish (state);
- return err;
- }
-@@ -1281,7 +1281,7 @@ get_dns_cname (const char *name, char **r_cname)
- my_protect ();
- if (rc)
- {
-- err = rc;
-+ err = gpg_error (gpg_err_code_from_errno (rc));
- log_error ("DNS query failed: %s\n", gpg_strerror (err));
- adns_finish (state);
- return err;
diff --git a/debian/patches/0115-common-Remove-debug-output-from-gnupg_get_socket_nam.patch b/debian/patches/0115-common-Remove-debug-output-from-gnupg_get_socket_nam.patch
deleted file mode 100644
index 0a3a0ec..0000000
--- a/debian/patches/0115-common-Remove-debug-output-from-gnupg_get_socket_nam.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Thu, 27 Oct 2016 09:13:36 +0200
-Subject: common: Remove debug output from gnupg_get_socket_name.
-
-* common/sysutils.c (gnupg_get_socket_name): Remove debug message and
-use my_error_from_syserror.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- common/sysutils.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/common/sysutils.c b/common/sysutils.c
-index 944ae16..bcafad6 100644
---- a/common/sysutils.c
-+++ b/common/sysutils.c
-@@ -1082,7 +1082,7 @@ gnupg_get_socket_name (int fd)
-
- if (getsockname (fd, (struct sockaddr*)&un, &len) != 0)
- log_error ("could not getsockname(%d): %s\n", fd,
-- gpg_strerror (gpg_error_from_syserror ()));
-+ gpg_strerror (my_error_from_syserror ()));
- else if (un.sun_family != AF_UNIX)
- log_error ("file descriptor %d is not a unix-domain socket\n", fd);
- else if (len <= offsetof (struct sockaddr_un, sun_path))
-@@ -1094,12 +1094,12 @@ gnupg_get_socket_name (int fd)
- {
- size_t namelen = len - offsetof (struct sockaddr_un, sun_path);
-
-- log_debug ("file descriptor %d has path %s (%zu octets)\n", fd,
-- un.sun_path, namelen);
-+ /* log_debug ("file descriptor %d has path %s (%zu octets)\n", fd, */
-+ /* un.sun_path, namelen); */
- name = xtrymalloc (namelen + 1);
- if (!name)
- log_error ("failed to allocate memory for name of fd %d: %s\n",
-- fd, gpg_strerror (gpg_error_from_syserror ()));
-+ fd, gpg_strerror (my_error_from_syserror ()));
- else
- {
- memcpy (name, un.sun_path, namelen);
diff --git a/debian/patches/0116-dirmngr-Do-not-implement-supervised-in-Windows.patch b/debian/patches/0116-dirmngr-Do-not-implement-supervised-in-Windows.patch
deleted file mode 100644
index 9efe14a..0000000
--- a/debian/patches/0116-dirmngr-Do-not-implement-supervised-in-Windows.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Thu, 27 Oct 2016 09:27:03 +0200
-Subject: dirmngr: Do not implement --supervised in Windows.
-
-* dirmngr/dirmngr.c (opts) [W32]: Remove --supervised.
-(main) [W32]: Ditto.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
----
- dirmngr/dirmngr.c | 10 +++++++---
- doc/dirmngr.texi | 2 +-
- 2 files changed, 8 insertions(+), 4 deletions(-)
-
-diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
-index 9689c9b..6e76ffc 100644
---- a/dirmngr/dirmngr.c
-+++ b/dirmngr/dirmngr.c
-@@ -150,7 +150,9 @@ static ARGPARSE_OPTS opts[] = {
-
- ARGPARSE_c (aServer, "server", N_("run in server mode (foreground)") ),
- ARGPARSE_c (aDaemon, "daemon", N_("run in daemon mode (background)") ),
-- ARGPARSE_c (aSupervised, "supervised", N_("run under supervision (e.g. systemd)")),
-+#ifndef HAVE_W32_SYSTEM
-+ ARGPARSE_c (aSupervised, "supervised", N_("run in supervised mode")),
-+#endif
- ARGPARSE_c (aListCRLs, "list-crls", N_("list the contents of the CRL cache")),
- ARGPARSE_c (aLoadCRL, "load-crl", N_("|FILE|load CRL from FILE into cache")),
- ARGPARSE_c (aFetchCRL, "fetch-crl", N_("|URL|fetch a CRL from URL")),
-@@ -996,6 +998,7 @@ main (int argc, char **argv)
- start_command_handler (ASSUAN_INVALID_FD);
- shutdown_reaper ();
- }
-+#ifndef HAVE_W32_SYSTEM
- else if (cmd == aSupervised)
- {
- /* In supervised mode, we expect file descriptor 3 to be an
-@@ -1004,9 +1007,9 @@ main (int argc, char **argv)
- We will also not detach from the controlling process or close
- stderr; the supervisor should handle all of that. */
- struct stat statbuf;
-- if (fstat (3, &statbuf) == -1 && errno ==EBADF)
-+ if (fstat (3, &statbuf) == -1 && errno == EBADF)
- {
-- log_error ("file descriptor 3 must be already open in --supervised mode\n");
-+ log_error ("file descriptor 3 must be validin --supervised mode\n");
- dirmngr_exit (1);
- }
- socket_name = gnupg_get_socket_name (3);
-@@ -1033,6 +1036,7 @@ main (int argc, char **argv)
- assuan_sock_close (3);
- shutdown_reaper ();
- }
-+#endif /*HAVE_W32_SYSTEM*/
- else if (cmd == aDaemon)
- {
- assuan_fd_t fd;
-diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
-index 7be2c37..04494a5 100644
---- a/doc/dirmngr.texi
-+++ b/doc/dirmngr.texi
-@@ -90,7 +90,7 @@ internal certificate validation code. This mode is deprecated.
- Run in the foreground, sending logs to stderr, and listening on file
- descriptor 3, which must already be bound to a listening socket. This
- is useful when running under systemd or other similar process
--supervision schemes.
-+supervision schemes. This option is not supported on Windows.
-
- @item --list-crls
- @opindex list-crls
diff --git a/debian/patches/0120-g10-Assert-preconditions.patch b/debian/patches/0120-g10-Assert-preconditions.patch
deleted file mode 100644
index e7b8211..0000000
--- a/debian/patches/0120-g10-Assert-preconditions.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Thu, 27 Oct 2016 14:43:29 +0200
-Subject: g10: Assert preconditions.
-
-* g10/getkey.c (get_pubkey_byname): Assert preconditions.
-
-Signed-off-by: Justus Winter <justus at g10code.com>
-(cherry picked from commit 66a0091d74768ab3a4a5342d3645e1834c59045a)
----
- g10/getkey.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/g10/getkey.c b/g10/getkey.c
-index 8b17598..714d676 100644
---- a/g10/getkey.c
-+++ b/g10/getkey.c
-@@ -1203,6 +1203,9 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
- int nodefault = 0;
- int anylocalfirst = 0;
-
-+ /* If RETCTX is not NULL, then RET_KDBHD must be NULL. */
-+ log_assert (retctx == NULL || ret_kdbhd == NULL);
-+
- if (retctx)
- *retctx = NULL;
-
diff --git a/debian/patches/0121-Fix-typos.patch b/debian/patches/0121-Fix-typos.patch
deleted file mode 100644
index b8dbc8c..0000000
--- a/debian/patches/0121-Fix-typos.patch
+++ /dev/null
@@ -1,181 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Thu, 27 Oct 2016 14:58:01 +0200
-Subject: Fix typos.
-
---
-Signed-off-by: Justus Winter <justus at g10code.com>
-
-(cherry picked from commit 445f0c13d751f6dee9d70ef0785866ab2a7ea120)
----
- agent/command-ssh.c | 2 +-
- build-aux/speedo/w32/exdll.h | 2 +-
- build-aux/speedo/w32/g4wihelp.c | 2 +-
- common/convert.c | 2 +-
- common/get-passphrase.c | 2 +-
- common/session-env.c | 2 +-
- dirmngr/server.c | 2 +-
- g10/getkey.c | 2 +-
- g10/import.c | 2 +-
- g10/mainproc.c | 2 +-
- g13/sh-cmd.c | 4 ++--
- scd/apdu.c | 2 +-
- 12 files changed, 13 insertions(+), 13 deletions(-)
-
-diff --git a/agent/command-ssh.c b/agent/command-ssh.c
-index dd74d2d..b7b42da 100644
---- a/agent/command-ssh.c
-+++ b/agent/command-ssh.c
-@@ -1127,7 +1127,7 @@ confirm_flag_from_sshcontrol (const char *hexgrip)
-
- /* Open the ssh control file for reading. This is a public version of
- open_control_file. The caller must use ssh_close_control_file to
-- release the retruned handle. */
-+ release the returned handle. */
- ssh_control_file_t
- ssh_open_control_file (void)
- {
-diff --git a/build-aux/speedo/w32/exdll.h b/build-aux/speedo/w32/exdll.h
-index e5ba3bb..bb13ae0 100644
---- a/build-aux/speedo/w32/exdll.h
-+++ b/build-aux/speedo/w32/exdll.h
-@@ -23,7 +23,7 @@
- * 3. This notice may not be removed or altered from any source
- * distribution.
- ************************************************************
-- * 2005-11-14 wk Applied license text to orginal exdll.h file from
-+ * 2005-11-14 wk Applied license text to original exdll.h file from
- * NSIS 2.0.4 and did some formatting changes.
- */
-
-diff --git a/build-aux/speedo/w32/g4wihelp.c b/build-aux/speedo/w32/g4wihelp.c
-index fe903aa..012e4af 100644
---- a/build-aux/speedo/w32/g4wihelp.c
-+++ b/build-aux/speedo/w32/g4wihelp.c
-@@ -23,7 +23,7 @@
- ************************************************************
- * The code for the splash screen has been taken from the Splash
- * plugin of the NSIS 2.04 distribution. That code comes without
-- * explicit copyright notices in tyhe source files or author names, it
-+ * explicit copyright notices in the source files or author names, it
- * seems that it has been written by Justin Frankel; not sure about
- * the year, though. [wk 2005-11-28]
- *
-diff --git a/common/convert.c b/common/convert.c
-index 30e5a60..4611e77 100644
---- a/common/convert.c
-+++ b/common/convert.c
-@@ -176,7 +176,7 @@ bin2hexcolon (const void *buffer, size_t length, char *stringbuf)
- store that at BUFFER. HEXSTRING is either delimited by end of
- string or a white space character. The function makes sure that
- the resulting string in BUFFER is terminated by a Nul byte. Note
-- that the retruned string may include embedded Nul bytes; the extra
-+ that the returned string may include embedded Nul bytes; the extra
- Nul byte at the end is used to make sure tha the result can always
- be used as a C-string.
-
-diff --git a/common/get-passphrase.c b/common/get-passphrase.c
-index 46a7835..dab2396 100644
---- a/common/get-passphrase.c
-+++ b/common/get-passphrase.c
-@@ -136,7 +136,7 @@ default_inq_cb (void *opaque, const char *line)
- PROMPT is the prompt string to label the entry box, it may be NULL
- for a default one. DESC_MSG is a longer description to be
- displayed above the entry box, if may be NULL for a default one.
-- If USE_SECMEM is true, the returned passphrase is retruned in
-+ If USE_SECMEM is true, the returned passphrase is returned in
- secure memory. The length of all these strings is limited; they
- need to fit in their encoded form into a standard Assuan line (i.e
- less then about 950 characters). All strings shall be UTF-8. */
-diff --git a/common/session-env.c b/common/session-env.c
-index 8c3dbb5..20b7c06 100644
---- a/common/session-env.c
-+++ b/common/session-env.c
-@@ -372,7 +372,7 @@ session_env_getenv_or_default (session_env_t se, const char *name,
-
- /* List the entire environment stored in SE. The caller initially
- needs to set the value of ITERATOR to 0 and then call this function
-- until it returns NULL. The value is retruned at R_VALUE. If
-+ until it returns NULL. The value is returned at R_VALUE. If
- R_DEFAULT is not NULL, the default flag is stored on return. The
- default flag indicates that the value has been taken from the
- process' environment. The caller must not change the returned
-diff --git a/dirmngr/server.c b/dirmngr/server.c
-index 1bedbd8..e3a6497 100644
---- a/dirmngr/server.c
-+++ b/dirmngr/server.c
-@@ -1321,7 +1321,7 @@ lookup_cert_by_pattern (assuan_context_t ctx, char *line,
- }
- }
-
-- /* First look through the internal cache. The certifcates retruned
-+ /* First look through the internal cache. The certifcates returned
- here are not counted towards the truncation limit. */
- if (single && !cache_only)
- ; /* Do not read from the local cache in this case. */
-diff --git a/g10/getkey.c b/g10/getkey.c
-index 714d676..a9d6cac 100644
---- a/g10/getkey.c
-+++ b/g10/getkey.c
-@@ -1935,7 +1935,7 @@ getkey_byname (ctrl_t ctrl, getkey_ctx_t *retctx, PKT_public_key *pk,
- * and then xfree(PK)).
- *
- * RET_KEYBLOCK can be given as NULL; if it is not NULL it the entire
-- * found keyblock wis retruned hich must be released with
-+ * found keyblock is returned which must be released with
- * release_kbnode. If the function returns an error NULL is stored at
- * RET_KEYBLOCK.
- *
-diff --git a/g10/import.c b/g10/import.c
-index 2e8c941..83298b3 100644
---- a/g10/import.c
-+++ b/g10/import.c
-@@ -82,7 +82,7 @@ struct import_stats_s
- *
- * FIXME: We should put this into the CTRL object but that requires a
- * lot more changes right now. For now we use save and restore
-- * fucntion to temporary change them.
-+ * function to temporary change them.
- */
- /* Definition of the import filters. */
- struct import_filter_s
-diff --git a/g10/mainproc.c b/g10/mainproc.c
-index 5f97d45..27bf9f9 100644
---- a/g10/mainproc.c
-+++ b/g10/mainproc.c
-@@ -2240,7 +2240,7 @@ proc_tree (CTX c, kbnode_t node)
-
- /* We must skip our special plaintext marker packets here because
- they may be the root packet. These packets are only used in
-- addional checks and skipping them here doesn't matter. */
-+ additional checks and skipping them here doesn't matter. */
- while (node
- && node->pkt->pkttype == PKT_GPG_CONTROL
- && node->pkt->pkt.gpg_control->control == CTRLPKT_PLAINTEXT_MARK)
-diff --git a/g13/sh-cmd.c b/g13/sh-cmd.c
-index 8214919..d9a0f6c 100644
---- a/g13/sh-cmd.c
-+++ b/g13/sh-cmd.c
-@@ -161,8 +161,8 @@ static const char hlp_finddevice[] =
- "FINDDEVICE <name>\n"
- "\n"
- "Find the device matching NAME. NAME be any identifier from\n"
-- "g13tab permissable for the user. The corresponding block\n"
-- "device is retruned using a status line.";
-+ "g13tab permissible for the user. The corresponding block\n"
-+ "device is returned using a status line.";
- static gpg_error_t
- cmd_finddevice (assuan_context_t ctx, char *line)
- {
-diff --git a/scd/apdu.c b/scd/apdu.c
-index c139d76..5b7290e 100644
---- a/scd/apdu.c
-+++ b/scd/apdu.c
-@@ -692,7 +692,7 @@ ct_get_status (int slot, unsigned int *status)
- }
-
- /* Actually send the APDU of length APDULEN to SLOT and return a
-- maximum of *BUFLEN data in BUFFER, the actual retruned size will be
-+ maximum of *BUFLEN data in BUFFER, the actual returned size will be
- set to BUFLEN. Returns: CT API error code. */
- static int
- ct_send_apdu (int slot, unsigned char *apdu, size_t apdulen,
diff --git a/debian/patches/0122-g10-Fix-iteration-over-getkey-results.patch b/debian/patches/0122-g10-Fix-iteration-over-getkey-results.patch
deleted file mode 100644
index 8f7ffaf..0000000
--- a/debian/patches/0122-g10-Fix-iteration-over-getkey-results.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Thu, 27 Oct 2016 15:31:30 +0200
-Subject: g10: Fix iteration over getkey results.
-
-* g10/getkey.c (getkey_next): Return the public key in PK even if
-RET_KEYBLOCK is NULL.
-
-Signed-off-by: Justus Winter <justus at g10code.com>
-(cherry picked from commit 8ea72a776a88f3c851e812d258355be80caa1bc1)
----
- g10/getkey.c | 9 ++++++---
- 1 file changed, 6 insertions(+), 3 deletions(-)
-
-diff --git a/g10/getkey.c b/g10/getkey.c
-index a9d6cac..a9eca48 100644
---- a/g10/getkey.c
-+++ b/g10/getkey.c
-@@ -1930,7 +1930,7 @@ getkey_byname (ctrl_t ctrl, getkey_ctx_t *retctx, PKT_public_key *pk,
- * If PK is not NULL, the public key of the next result is returned in
- * *PK. Note: The self-signed data has already been merged into the
- * public key using merge_selfsigs. Free *PK by calling
-- * release_public_key_parts (or, if PK was allocated using xfree, you
-+ * release_public_key_parts (or, if PK was allocated using xmalloc, you
- * can use free_public_key, which calls release_public_key_parts(PK)
- * and then xfree(PK)).
- *
-@@ -1954,8 +1954,11 @@ getkey_next (getkey_ctx_t ctx, PKT_public_key *pk, kbnode_t *ret_keyblock)
- keydb_disable_caching (ctx->kr_handle);
-
- rc = lookup (ctx, ret_keyblock, &found_key, ctx->want_secret);
-- if (!rc && pk && ret_keyblock)
-- pk_from_block (pk, *ret_keyblock, found_key);
-+ if (!rc && pk)
-+ {
-+ log_assert (found_key);
-+ pk_from_block (pk, NULL, found_key);
-+ }
-
- return rc;
- }
diff --git a/debian/patches/0123-common-Add-GNUPG_MODULE_NAME_GPGV.patch b/debian/patches/0123-common-Add-GNUPG_MODULE_NAME_GPGV.patch
deleted file mode 100644
index 732ebf6..0000000
--- a/debian/patches/0123-common-Add-GNUPG_MODULE_NAME_GPGV.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Thu, 27 Oct 2016 11:45:01 +0200
-Subject: common: Add GNUPG_MODULE_NAME_GPGV.
-
-* common/util.h (GNUPG_MODULE_NAME_GPGV): New.
-* common/homedir.c (gnupg_module_name): Implement.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit ece9ade4b44fb3d5d120cfd32b23632e5efd2134)
----
- common/homedir.c | 7 +++++++
- common/util.h | 1 +
- 2 files changed, 8 insertions(+)
-
-diff --git a/common/homedir.c b/common/homedir.c
-index 574561a..13ed44c 100644
---- a/common/homedir.c
-+++ b/common/homedir.c
-@@ -953,6 +953,13 @@ gnupg_module_name (int which)
- X(bindir, GPG_NAME);
- #endif
-
-+ case GNUPG_MODULE_NAME_GPGV:
-+#if USE_GPG2_HACK
-+ X(bindir, GPG_NAME "v2");
-+#else
-+ X(bindir, GPG_NAME "v");
-+#endif
-+
- case GNUPG_MODULE_NAME_CONNECT_AGENT:
- X(bindir, "gpg-connect-agent");
-
-diff --git a/common/util.h b/common/util.h
-index 1c3cce9..543a70b 100644
---- a/common/util.h
-+++ b/common/util.h
-@@ -244,6 +244,7 @@ char *_gnupg_socketdir_internal (int skip_checks, unsigned *r_info);
- #define GNUPG_MODULE_NAME_CONNECT_AGENT 9
- #define GNUPG_MODULE_NAME_GPGCONF 10
- #define GNUPG_MODULE_NAME_DIRMNGR_LDAP 11
-+#define GNUPG_MODULE_NAME_GPGV 12
- const char *gnupg_module_name (int which);
- void gnupg_module_name_flush_some (void);
-
diff --git a/debian/patches/0124-gpg-Verify-multiple-detached-signatures-with-differe.patch b/debian/patches/0124-gpg-Verify-multiple-detached-signatures-with-differe.patch
deleted file mode 100644
index c99bda2..0000000
--- a/debian/patches/0124-gpg-Verify-multiple-detached-signatures-with-differe.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Thu, 27 Oct 2016 19:51:56 +0200
-Subject: gpg: Verify multiple detached signatures with different hash algos.
-
-* g10/mainproc.c (proc_tree): Loose check. Enable all algos.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 8fced66be35db5ac2a6bfdb9bccb2c0e582d8256)
----
- g10/mainproc.c | 28 +++++++++++++++++++++++-----
- 1 file changed, 23 insertions(+), 5 deletions(-)
-
-diff --git a/g10/mainproc.c b/g10/mainproc.c
-index 27bf9f9..c1c590d 100644
---- a/g10/mainproc.c
-+++ b/g10/mainproc.c
-@@ -2353,11 +2353,16 @@ proc_tree (CTX c, kbnode_t node)
- for (; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE)))
- {
- /* We can't currently handle multiple signatures of
-- different classes or digests (we'd pretty much have
-- to run a different hash context for each), but if
-- they are all the same, make an exception. */
-+ * different classes (we'd pretty much have to run a
-+ * different hash context for each), but if they are all
-+ * the same and it is detached signature, we make an
-+ * exception. Note that the old code also disallowed
-+ * multiple signatures if the digest algorithms are
-+ * different. We softened this restriction only for
-+ * detached signatures, to be on the safe side. */
- if (n1->pkt->pkt.signature->sig_class != class
-- || n1->pkt->pkt.signature->digest_algo != hash)
-+ || (c->any.data
-+ && n1->pkt->pkt.signature->digest_algo != hash))
- {
- multiple_ok = 0;
- log_info (_("WARNING: multiple signatures detected. "
-@@ -2379,6 +2384,17 @@ proc_tree (CTX c, kbnode_t node)
- if (rc)
- goto detached_hash_err;
-
-+ if (multiple_ok)
-+ {
-+ /* If we have and want to handle multiple signatures we
-+ * need to enable all hash algorithms for the context. */
-+ for (n1 = node; (n1 = find_next_kbnode (n1, PKT_SIGNATURE)); )
-+ if (!openpgp_md_test_algo (n1->pkt->pkt.signature->digest_algo))
-+ gcry_md_enable (c->mfx.md,
-+ map_md_openpgp_to_gcry
-+ (n1->pkt->pkt.signature->digest_algo));
-+ }
-+
- if (RFC2440 || RFC4880)
- ; /* Strict RFC mode. */
- else if (sig->digest_algo == DIGEST_ALGO_SHA1
-@@ -2386,7 +2402,9 @@ proc_tree (CTX c, kbnode_t node)
- && sig->sig_class == 0x01)
- {
- /* Enable a workaround for a pgp5 bug when the detached
-- * signature has been created in textmode. */
-+ * signature has been created in textmode. Note that we
-+ * do not implement this for multiple signatures with
-+ * different hash algorithms. */
- rc = gcry_md_open (&c->mfx.md2, sig->digest_algo, 0);
- if (rc)
- goto detached_hash_err;
diff --git a/debian/patches/0125-gpg-Enable-the-Issuer-Fingerprint-from-rfc4880bis.patch b/debian/patches/0125-gpg-Enable-the-Issuer-Fingerprint-from-rfc4880bis.patch
deleted file mode 100644
index f61213a..0000000
--- a/debian/patches/0125-gpg-Enable-the-Issuer-Fingerprint-from-rfc4880bis.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Fri, 28 Oct 2016 21:01:23 +0200
-Subject: gpg: Enable the Issuer Fingerprint from rfc4880bis
-
-* g10/build-packet.c (build_sig_subpkt_from_sig): Always write the new
-Issuer Fingerprint sub-packet.
-* g10/mainproc.c (check_sig_and_print): Always consider that
-sub-packet.
---
-
-The specs for this sub-packet have been pushed to the OpenPGP WG's
-repo today.
-
-See-also: https://mailarchive.ietf.org/arch/msg/\
- openpgp/GvPo2eSL9GW9WcGhOocY7KBa9FY
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit b6f08dbb0b45059cdbbb5d9be9725e437f42a8cc)
----
- g10/build-packet.c | 15 +++++----------
- g10/mainproc.c | 3 +--
- 2 files changed, 6 insertions(+), 12 deletions(-)
-
-diff --git a/g10/build-packet.c b/g10/build-packet.c
-index 86d42ef..0115d64 100644
---- a/g10/build-packet.c
-+++ b/g10/build-packet.c
-@@ -1002,17 +1002,12 @@ build_sig_subpkt_from_sig (PKT_signature *sig, PKT_public_key *pksk)
- build_sig_subpkt (sig, SIGSUBPKT_ISSUER, buf, 8);
- }
-
-- /* For a future v5 keys we write the ISSUER_FPR subpacket. We
-- * also write that for a v4 key is experimental support for
-- * RFC4880bis is requested. */
-- if (pksk->version > 4 || opt.flags.rfc4880bis)
-+ /* Write the new ISSUER_FPR subpacket. */
-+ fingerprint_from_pk (pksk, buf+1, &fprlen);
-+ if (fprlen == 20)
- {
-- fingerprint_from_pk (pksk, buf+1, &fprlen);
-- if (fprlen == 20)
-- {
-- buf[0] = pksk->version;
-- build_sig_subpkt (sig, SIGSUBPKT_ISSUER_FPR, buf, 21);
-- }
-+ buf[0] = pksk->version;
-+ build_sig_subpkt (sig, SIGSUBPKT_ISSUER_FPR, buf, 21);
- }
-
- /* Write the timestamp. */
-diff --git a/g10/mainproc.c b/g10/mainproc.c
-index c1c590d..6847b64 100644
---- a/g10/mainproc.c
-+++ b/g10/mainproc.c
-@@ -1736,7 +1736,7 @@ check_sig_and_print (CTX c, kbnode_t node)
- write_status_text (STATUS_NEWSIG, NULL);
-
- astr = openpgp_pk_algo_name ( sig->pubkey_algo );
-- if (opt.flags.rfc4880bis && (issuer_fpr = issuer_fpr_string (sig)))
-+ if ((issuer_fpr = issuer_fpr_string (sig)))
- {
- log_info (_("Signature made %s\n"), asctimestamp(sig->timestamp));
- log_info (_(" using %s key %s\n"),
-@@ -1837,7 +1837,6 @@ check_sig_and_print (CTX c, kbnode_t node)
- * arbitrary keyserver is less subject to web bug like
- * monitoring. */
- if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
-- && opt.flags.rfc4880bis
- && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
- && keyserver_any_configured (c->ctrl))
- {
diff --git a/debian/patches/0126-common-New-function-gnupg_usleep.patch b/debian/patches/0126-common-New-function-gnupg_usleep.patch
deleted file mode 100644
index 04169da..0000000
--- a/debian/patches/0126-common-New-function-gnupg_usleep.patch
+++ /dev/null
@@ -1,117 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Mon, 31 Oct 2016 12:20:33 +0100
-Subject: common: New function gnupg_usleep.
-
-* configure.ac (HAVE_NANOSLEEP): Test for nanosleep.
-* common/sysutils.c: Always include time.h.
-(gnupg_usleep): New.
---
-
-This function has been compiled from nPth and Libassuan.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit ad491ceec6145b3781a05dc7b4a36052abeeb4b4)
----
- common/sysutils.c | 46 +++++++++++++++++++++++++++++++++++++++++++++-
- common/sysutils.h | 1 +
- configure.ac | 10 ++++++++++
- 3 files changed, 56 insertions(+), 1 deletion(-)
-
-diff --git a/common/sysutils.c b/common/sysutils.c
-index bcafad6..2ca1f78 100644
---- a/common/sysutils.c
-+++ b/common/sysutils.c
-@@ -49,8 +49,8 @@
- # include <asm/sysinfo.h>
- # include <asm/unistd.h>
- #endif
-+#include <time.h>
- #ifdef HAVE_SETRLIMIT
--# include <time.h>
- # include <sys/time.h>
- # include <sys/resource.h>
- #endif
-@@ -307,6 +307,50 @@ gnupg_sleep (unsigned int seconds)
- }
-
-
-+/* Wrapper around the platforms usleep function. This one won't wake
-+ * up before the sleep time has really elapsed. When build with nPth
-+ * it merely calls npth_usleep and thus suspends only the current
-+ * thread. */
-+void
-+gnupg_usleep (unsigned int usecs)
-+{
-+#if defined(USE_NPTH)
-+
-+ npth_usleep (usecs);
-+
-+#elif defined(HAVE_W32_SYSTEM)
-+
-+ Sleep ((usecs + 999) / 1000);
-+
-+#elif defined(HAVE_NANOSLEEP)
-+
-+ if (usecs)
-+ {
-+ struct timespec req;
-+ struct timespec rem;
-+
-+ req.tv_sec = 0;
-+ req.tv_nsec = usecs * 1000;
-+
-+ while (nanosleep (&req, &rem) < 0 && errno == EINTR)
-+ req = rem;
-+ }
-+
-+#else /*Standard Unix*/
-+
-+ if (usecs)
-+ {
-+ struct timeval tv;
-+
-+ tv.tv_sec = usecs / 1000000;
-+ tv.tv_usec = usecs % 1000000;
-+ select (0, NULL, NULL, NULL, &tv);
-+ }
-+
-+#endif
-+}
-+
-+
- /* This function is a NOP for POSIX systems but required under Windows
- as the file handles as returned by OS calls (like CreateFile) are
- different from the libc file descriptors (like open). This function
-diff --git a/common/sysutils.h b/common/sysutils.h
-index 7105107..5467b4c 100644
---- a/common/sysutils.h
-+++ b/common/sysutils.h
-@@ -54,6 +54,7 @@ const unsigned char *get_session_marker (size_t *rlen);
- unsigned int get_uint_nonce (void);
- /*int check_permissions (const char *path,int extension,int checkonly);*/
- void gnupg_sleep (unsigned int seconds);
-+void gnupg_usleep (unsigned int usecs);
- int translate_sys2libc_fd (gnupg_fd_t fd, int for_write);
- int translate_sys2libc_fd_int (int fd, int for_write);
- FILE *gnupg_tmpfile (void);
-diff --git a/configure.ac b/configure.ac
-index b43b5ac..83e0917 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -1389,6 +1389,16 @@ AC_CHECK_FUNCS([memicmp stpcpy strsep strlwr strtoul memmove stricmp strtol \
- flockfile funlockfile getpwnam getpwuid \
- getenv inet_pton strpbrk])
-
-+# On some systems (e.g. Solaris) nanosleep requires linking to librl.
-+# Given that we use nanosleep only as an optimization over a select
-+# based wait function we want it only if it is available in libc.
-+_save_libs="$LIBS"
-+AC_SEARCH_LIBS([nanosleep], [],
-+ [AC_DEFINE(HAVE_NANOSLEEP,1,
-+ [Define to 1 if you have the `nanosleep' function in libc.])])
-+LIBS="$_save_libs"
-+
-+
- # See whether libc supports the Linux inotify interface
- case "${host}" in
- *-*-linux*)
diff --git a/debian/patches/0127-Spelling-correct-spelling-of-passphrase.patch b/debian/patches/0127-Spelling-correct-spelling-of-passphrase.patch
deleted file mode 100644
index c6edb65..0000000
--- a/debian/patches/0127-Spelling-correct-spelling-of-passphrase.patch
+++ /dev/null
@@ -1,496 +0,0 @@
-From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-Date: Fri, 28 Oct 2016 15:06:11 -0400
-Subject: Spelling: correct spelling of "passphrase".
-
-There were several different variant spellings of "passphrase". This
-should fix them all for all English text.
-
-I did notice that po/it.po contains multiple instances of
-"passhprase", which also looks suspect to me, but i do not know
-Italian, so i did not try to correct it.
-
-Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-(cherry picked from commit 68b59bbc42ba9ec69496758743924d54a95742f0)
----
- NEWS | 2 +-
- agent/agent.h | 2 +-
- agent/gpg-agent.c | 4 ++--
- doc/help.be.txt | 2 +-
- doc/help.ca.txt | 2 +-
- doc/help.cs.txt | 2 +-
- doc/help.da.txt | 2 +-
- doc/help.el.txt | 2 +-
- doc/help.eo.txt | 2 +-
- doc/help.et.txt | 2 +-
- doc/help.gl.txt | 2 +-
- doc/help.nb.txt | 2 +-
- doc/help.sv.txt | 2 +-
- doc/help.txt | 2 +-
- g10/ChangeLog-2011 | 4 ++--
- po/ca.po | 2 +-
- po/cs.po | 2 +-
- po/de.po | 2 +-
- po/el.po | 2 +-
- po/eo.po | 2 +-
- po/es.po | 2 +-
- po/et.po | 2 +-
- po/fi.po | 2 +-
- po/gl.po | 2 +-
- po/hu.po | 2 +-
- po/id.po | 2 +-
- po/it.po | 2 +-
- po/pt.po | 2 +-
- po/ro.po | 2 +-
- po/sk.po | 2 +-
- po/zh_CN.po | 2 +-
- scd/app-nks.c | 2 +-
- tests/openpgp/ecc.scm | 2 +-
- 33 files changed, 35 insertions(+), 35 deletions(-)
-
-diff --git a/NEWS b/NEWS
-index cbe6645..16fb677 100644
---- a/NEWS
-+++ b/NEWS
-@@ -339,7 +339,7 @@ Noteworthy changes in version 2.1.9 (2015-10-09)
-
- * agent: Fix ssh fingerprint computation for nistp384 and EdDSA.
-
-- * agent: Fix crash during passprase entry on some platforms.
-+ * agent: Fix crash during passphrase entry on some platforms.
-
- * scd: Change timeout to fix problems with some 2.1 cards.
-
-diff --git a/agent/agent.h b/agent/agent.h
-index a3ec457..1d40386 100644
---- a/agent/agent.h
-+++ b/agent/agent.h
-@@ -122,7 +122,7 @@ struct
-
- /* If set, a passphrase history will be written and checked at each
- passphrase change. */
-- int enable_passhrase_history;
-+ int enable_passphrase_history;
-
- int running_detached; /* We are running detached from the tty. */
-
-diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
-index d74ea2b..4e7037c 100644
---- a/agent/gpg-agent.c
-+++ b/agent/gpg-agent.c
-@@ -792,7 +792,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
- opt.min_passphrase_nonalpha = MIN_PASSPHRASE_NONALPHA;
- opt.check_passphrase_pattern = NULL;
- opt.max_passphrase_days = MAX_PASSPHRASE_DAYS;
-- opt.enable_passhrase_history = 0;
-+ opt.enable_passphrase_history = 0;
- opt.ignore_cache_for_signing = 0;
- opt.allow_mark_trusted = 1;
- opt.allow_external_cache = 1;
-@@ -859,7 +859,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
- opt.max_passphrase_days = pargs->r.ret_ulong;
- break;
- case oEnablePassphraseHistory:
-- opt.enable_passhrase_history = 1;
-+ opt.enable_passphrase_history = 1;
- break;
-
- case oIgnoreCacheForSigning: opt.ignore_cache_for_signing = 1; break;
-diff --git a/doc/help.be.txt b/doc/help.be.txt
-index 36c9ffb..d6d07e8 100644
---- a/doc/help.be.txt
-+++ b/doc/help.be.txt
-@@ -228,7 +228,7 @@ self-signatures will be advanced by one second.
-
- .#gpg.passphrase.enter
- # fixme: Please translate and remove the hash mark from the key line.
--Please enter the passhrase; this is a secret sentence
-+Please enter the passphrase; this is a secret sentence
-
- .
-
-diff --git a/doc/help.ca.txt b/doc/help.ca.txt
-index 36c9ffb..d6d07e8 100644
---- a/doc/help.ca.txt
-+++ b/doc/help.ca.txt
-@@ -228,7 +228,7 @@ self-signatures will be advanced by one second.
-
- .#gpg.passphrase.enter
- # fixme: Please translate and remove the hash mark from the key line.
--Please enter the passhrase; this is a secret sentence
-+Please enter the passphrase; this is a secret sentence
-
- .
-
-diff --git a/doc/help.cs.txt b/doc/help.cs.txt
-index 36c9ffb..d6d07e8 100644
---- a/doc/help.cs.txt
-+++ b/doc/help.cs.txt
-@@ -228,7 +228,7 @@ self-signatures will be advanced by one second.
-
- .#gpg.passphrase.enter
- # fixme: Please translate and remove the hash mark from the key line.
--Please enter the passhrase; this is a secret sentence
-+Please enter the passphrase; this is a secret sentence
-
- .
-
-diff --git a/doc/help.da.txt b/doc/help.da.txt
-index 36c9ffb..d6d07e8 100644
---- a/doc/help.da.txt
-+++ b/doc/help.da.txt
-@@ -228,7 +228,7 @@ self-signatures will be advanced by one second.
-
- .#gpg.passphrase.enter
- # fixme: Please translate and remove the hash mark from the key line.
--Please enter the passhrase; this is a secret sentence
-+Please enter the passphrase; this is a secret sentence
-
- .
-
-diff --git a/doc/help.el.txt b/doc/help.el.txt
-index 36c9ffb..d6d07e8 100644
---- a/doc/help.el.txt
-+++ b/doc/help.el.txt
-@@ -228,7 +228,7 @@ self-signatures will be advanced by one second.
-
- .#gpg.passphrase.enter
- # fixme: Please translate and remove the hash mark from the key line.
--Please enter the passhrase; this is a secret sentence
-+Please enter the passphrase; this is a secret sentence
-
- .
-
-diff --git a/doc/help.eo.txt b/doc/help.eo.txt
-index 36c9ffb..d6d07e8 100644
---- a/doc/help.eo.txt
-+++ b/doc/help.eo.txt
-@@ -228,7 +228,7 @@ self-signatures will be advanced by one second.
-
- .#gpg.passphrase.enter
- # fixme: Please translate and remove the hash mark from the key line.
--Please enter the passhrase; this is a secret sentence
-+Please enter the passphrase; this is a secret sentence
-
- .
-
-diff --git a/doc/help.et.txt b/doc/help.et.txt
-index 36c9ffb..d6d07e8 100644
---- a/doc/help.et.txt
-+++ b/doc/help.et.txt
-@@ -228,7 +228,7 @@ self-signatures will be advanced by one second.
-
- .#gpg.passphrase.enter
- # fixme: Please translate and remove the hash mark from the key line.
--Please enter the passhrase; this is a secret sentence
-+Please enter the passphrase; this is a secret sentence
-
- .
-
-diff --git a/doc/help.gl.txt b/doc/help.gl.txt
-index 36c9ffb..d6d07e8 100644
---- a/doc/help.gl.txt
-+++ b/doc/help.gl.txt
-@@ -228,7 +228,7 @@ self-signatures will be advanced by one second.
-
- .#gpg.passphrase.enter
- # fixme: Please translate and remove the hash mark from the key line.
--Please enter the passhrase; this is a secret sentence
-+Please enter the passphrase; this is a secret sentence
-
- .
-
-diff --git a/doc/help.nb.txt b/doc/help.nb.txt
-index 36c9ffb..d6d07e8 100644
---- a/doc/help.nb.txt
-+++ b/doc/help.nb.txt
-@@ -228,7 +228,7 @@ self-signatures will be advanced by one second.
-
- .#gpg.passphrase.enter
- # fixme: Please translate and remove the hash mark from the key line.
--Please enter the passhrase; this is a secret sentence
-+Please enter the passphrase; this is a secret sentence
-
- .
-
-diff --git a/doc/help.sv.txt b/doc/help.sv.txt
-index 36c9ffb..d6d07e8 100644
---- a/doc/help.sv.txt
-+++ b/doc/help.sv.txt
-@@ -228,7 +228,7 @@ self-signatures will be advanced by one second.
-
- .#gpg.passphrase.enter
- # fixme: Please translate and remove the hash mark from the key line.
--Please enter the passhrase; this is a secret sentence
-+Please enter the passphrase; this is a secret sentence
-
- .
-
-diff --git a/doc/help.txt b/doc/help.txt
-index e92cfbe..192ffff 100644
---- a/doc/help.txt
-+++ b/doc/help.txt
-@@ -312,7 +312,7 @@ self-signatures will be advanced by one second.
- .gpg.passphrase.enter
- # (keep a leading empty line)
-
--Please enter the passhrase; this is a secret sentence.
-+Please enter the passphrase; this is a secret sentence.
- .
-
-
-diff --git a/g10/ChangeLog-2011 b/g10/ChangeLog-2011
-index 31359d8..37da37b 100644
---- a/g10/ChangeLog-2011
-+++ b/g10/ChangeLog-2011
-@@ -8210,7 +8210,7 @@
- to all foo-fd options.
- * gpgv.c, openfile.c, ringedit.c, tdbio.c: Minor fixes. Mainly
- replaced hardcoded path separators with EXTSEP_S like macros.
-- * passprase.c [__riscos__]: Disabled agent stuff
-+ * passphrase.c [__riscos__]: Disabled agent stuff
- * trustdb.c (check_trust): Changed r_trustlevel to signed int to
- avoid mismatch problems in pkclist.c
- * pkclist.c (add_ownertrust): Ditto.
-@@ -11583,7 +11583,7 @@ Mon May 4 09:35:53 1998 Werner Koch (wk at isil.d.shuttle.de)
- changed all callers.
-
- * passphrase.c (make_dek_from_passphrase): Removed
-- * (get_passhrase_hash): Changed name to passphrase_to_dek, add arg,
-+ * (get_passphrase_hash): Changed name to passphrase_to_dek, add arg,
- changed all callers.
-
- * all: Introduced the new ELG identifier and added support for the
-diff --git a/po/ca.po b/po/ca.po
-index 8d22f5f..bb57a5c 100644
---- a/po/ca.po
-+++ b/po/ca.po
-@@ -12058,7 +12058,7 @@ msgstr ""
- #~ "a la llista actual de preferències. Les marques de temps de totes les\n"
- #~ "autosignatures afectades s'avançaran un segon.\n"
-
--#~ msgid "Please enter the passhrase; this is a secret sentence \n"
-+#~ msgid "Please enter the passphrase; this is a secret sentence \n"
- #~ msgstr "Introduïu la contrasenya; aquesta ha de ser una frase secreta \n"
-
- #~ msgid ""
-diff --git a/po/cs.po b/po/cs.po
-index 8c5c751..54563f5 100644
---- a/po/cs.po
-+++ b/po/cs.po
-@@ -11929,7 +11929,7 @@ msgstr ""
- #~ "na aktuální seznam předvoleb. Časová razítka všech dotčených podpisů\n"
- #~ "klíčů jimi samotnými budou posunuty o jednu vteřinu dopředu.\n"
-
--#~ msgid "Please enter the passhrase; this is a secret sentence \n"
-+#~ msgid "Please enter the passphrase; this is a secret sentence \n"
- #~ msgstr "Prosím, vložte heslo; toto je tajná věta \n"
-
- #~ msgid ""
-diff --git a/po/de.po b/po/de.po
-index c98cdd5..fc530aa 100644
---- a/po/de.po
-+++ b/po/de.po
-@@ -11876,7 +11876,7 @@ msgstr ""
- #~ "betroffenen\n"
- #~ "Eigenbeglaubigungen werden um eine Sekunde vorgestellt.\n"
-
--#~ msgid "Please enter the passhrase; this is a secret sentence \n"
-+#~ msgid "Please enter the passphrase; this is a secret sentence \n"
- #~ msgstr "Bitte geben Sie die Passphrase ein. Dies ist ein geheimer Satz \n"
-
- #~ msgid ""
-diff --git a/po/el.po b/po/el.po
-index 7c487f3..f5cf668 100644
---- a/po/el.po
-+++ b/po/el.po
-@@ -11865,7 +11865,7 @@ msgstr ""
- #~ "���� ������������ ����� �����������. � ���������� ���� ��� ������������\n"
- #~ "����-��������� �� ������� ���� 1 ������������.\n"
-
--#~ msgid "Please enter the passhrase; this is a secret sentence \n"
-+#~ msgid "Please enter the passphrase; this is a secret sentence \n"
- #~ msgstr "�������������� �� ����� �����߷ ���� ����� ��� ������� ������� \n"
-
- #~ msgid ""
-diff --git a/po/eo.po b/po/eo.po
-index 64178b6..f689938 100644
---- a/po/eo.po
-+++ b/po/eo.po
-@@ -11748,7 +11748,7 @@ msgstr ""
- #~ "al la aktuala listo de preferoj. La dato de �iuj trafitaj\n"
- #~ "mem-subskriboj estos anta�enigitaj je unu sekundo.\n"
-
--#~ msgid "Please enter the passhrase; this is a secret sentence \n"
-+#~ msgid "Please enter the passphrase; this is a secret sentence \n"
- #~ msgstr "Bonvolu doni la pasfrazon; tio estas sekreta frazo \n"
-
- #~ msgid ""
-diff --git a/po/es.po b/po/es.po
-index 3fd94ac..fef1780 100644
---- a/po/es.po
-+++ b/po/es.po
-@@ -12215,7 +12215,7 @@ msgstr ""
- #~ "seleccionados) a la lista actual de preferencias. El sello de tiempo\n"
- #~ "de todas las autofirmas afectadas se avanzar� en un segundo.\n"
-
--#~ msgid "Please enter the passhrase; this is a secret sentence \n"
-+#~ msgid "Please enter the passphrase; this is a secret sentence \n"
- #~ msgstr "Por favor introduzca la contrase�a: una frase secreta \n"
-
- #~ msgid ""
-diff --git a/po/et.po b/po/et.po
-index ea697fe..67f40c4 100644
---- a/po/et.po
-+++ b/po/et.po
-@@ -11752,7 +11752,7 @@ msgstr ""
- #~ "vastavaks hetkel m��ratud seadetele. K�ikide asjasse puutuvate\n"
- #~ "ise loodud allkirjade ajatempleid suurendatakse �he sekundi v�rra.\n"
-
--#~ msgid "Please enter the passhrase; this is a secret sentence \n"
-+#~ msgid "Please enter the passphrase; this is a secret sentence \n"
- #~ msgstr "Palun sisestage parool; see on salajane tekst \n"
-
- #~ msgid ""
-diff --git a/po/fi.po b/po/fi.po
-index ec54f10..f30bbb2 100644
---- a/po/fi.po
-+++ b/po/fi.po
-@@ -11844,7 +11844,7 @@ msgstr ""
- #~ "nykyiseen luetteloon valinnoista. Kaikkien muutettujen\n"
- #~ "oma-allekirjoitusten aikaleima siirretään yhdellä sekunnilla eteenpäin.\n"
-
--#~ msgid "Please enter the passhrase; this is a secret sentence \n"
-+#~ msgid "Please enter the passphrase; this is a secret sentence \n"
- #~ msgstr "Ole hyvä ja syötä salasana, tämän on salainen lause \n"
-
- #~ msgid ""
-diff --git a/po/gl.po b/po/gl.po
-index d5af6ec..05c8ed2 100644
---- a/po/gl.po
-+++ b/po/gl.po
-@@ -11865,7 +11865,7 @@ msgstr ""
- #~ "sinaturas\n"
- #~ "afectadas ha avanzar un segundo.\n"
-
--#~ msgid "Please enter the passhrase; this is a secret sentence \n"
-+#~ msgid "Please enter the passphrase; this is a secret sentence \n"
- #~ msgstr "Por favor, introduza o contrasinal; esta � unha frase secreta \n"
-
- #~ msgid ""
-diff --git a/po/hu.po b/po/hu.po
-index 69b7d89..4becf72 100644
---- a/po/hu.po
-+++ b/po/hu.po
-@@ -11808,7 +11808,7 @@ msgstr ""
- #~ "tartoz� preferenci�kat az aktu�lis preferenci�kra. Minden �rintett\n"
- #~ "�nal��r�s id�pontj�t egy m�sodperccel n�veli.\n"
-
--#~ msgid "Please enter the passhrase; this is a secret sentence \n"
-+#~ msgid "Please enter the passphrase; this is a secret sentence \n"
- #~ msgstr "K�rem, adja meg a jelsz�t! Ezt egy titkos mondat. \n"
-
- #~ msgid ""
-diff --git a/po/id.po b/po/id.po
-index 7104986..a8cede8 100644
---- a/po/id.po
-+++ b/po/id.po
-@@ -11800,7 +11800,7 @@ msgstr ""
- #~ "ke daftar preferensi saat ini. Timestamp seluruh self-signature\n"
- #~ "yang terpengaruh akan bertambah satu detik.\n"
-
--#~ msgid "Please enter the passhrase; this is a secret sentence \n"
-+#~ msgid "Please enter the passphrase; this is a secret sentence \n"
- #~ msgstr "Silakan masukkan passphrase; ini kalimat rahasia\n"
-
- #~ msgid ""
-diff --git a/po/it.po b/po/it.po
-index 0b16df4..9b33f42 100644
---- a/po/it.po
-+++ b/po/it.po
-@@ -11859,7 +11859,7 @@ msgstr ""
- #~ "coinvolte\n"
- #~ "sar� aumentato di un secondo.\n"
-
--#~ msgid "Please enter the passhrase; this is a secret sentence \n"
-+#~ msgid "Please enter the passphrase; this is a secret sentence \n"
- #~ msgstr "Inserisci la passphrase, cio� una frase segreta \n"
-
- #~ msgid ""
-diff --git a/po/pt.po b/po/pt.po
-index fc932d0..7e3b0ef 100644
---- a/po/pt.po
-+++ b/po/pt.po
-@@ -11792,7 +11792,7 @@ msgstr ""
- #~ "O 'timestamp' de todas as auto-assinaturas afectuadas ser� avan�ado\n"
- #~ "em um segundo.\n"
-
--#~ msgid "Please enter the passhrase; this is a secret sentence \n"
-+#~ msgid "Please enter the passphrase; this is a secret sentence \n"
- #~ msgstr "Por favor digite a frase secreta \n"
-
- #~ msgid ""
-diff --git a/po/ro.po b/po/ro.po
-index 2e3238e..ee40058 100644
---- a/po/ro.po
-+++ b/po/ro.po
-@@ -11899,7 +11899,7 @@ msgstr ""
- #~ "cele selectate) conform cu lista curent� de preferin�e. Timestamp-urile\n"
- #~ "tuturor auto-semn�turilor afectate vor fi avansate cu o secund�.\n"
-
--#~ msgid "Please enter the passhrase; this is a secret sentence \n"
-+#~ msgid "Please enter the passphrase; this is a secret sentence \n"
- #~ msgstr ""
- #~ "V� rug�m introduce�i fraza-parol�; aceasta este o propozi�ie secret� \n"
-
-diff --git a/po/sk.po b/po/sk.po
-index 0d4925f..150fff4 100644
---- a/po/sk.po
-+++ b/po/sk.po
-@@ -11824,7 +11824,7 @@ msgstr ""
- #~ "podpisov\n"
- #~ "k���ov nimi samotn�mi bud� posunut� o jednu sekundu dopredu.\n"
-
--#~ msgid "Please enter the passhrase; this is a secret sentence \n"
-+#~ msgid "Please enter the passphrase; this is a secret sentence \n"
- #~ msgstr "Pros�m, vlo�te heslo; toto je tajn� veta \n"
-
- #~ msgid ""
-diff --git a/po/zh_CN.po b/po/zh_CN.po
-index 76c8b80..25e6248 100644
---- a/po/zh_CN.po
-+++ b/po/zh_CN.po
-@@ -11668,7 +11668,7 @@ msgstr ""
- #~ "用现有的首选项更新所有(或选定的)用户标识的首选项。所有受影响的自身签\n"
- #~ "字的时间戳都会增加一秒钟。\n"
-
--#~ msgid "Please enter the passhrase; this is a secret sentence \n"
-+#~ msgid "Please enter the passphrase; this is a secret sentence \n"
- #~ msgstr "请输入密码:这是一个秘密的句子 \n"
-
- #~ msgid ""
-diff --git a/scd/app-nks.c b/scd/app-nks.c
-index d0b96a9..458516b 100644
---- a/scd/app-nks.c
-+++ b/scd/app-nks.c
-@@ -1068,7 +1068,7 @@ do_decipher (app_t app, const char *keyidstr,
-
-
- /* Parse a password ID string. Returns NULL on error or a string
-- suitable as passpahrse prompt on success. On success stores the
-+ suitable as passphrase prompt on success. On success stores the
- reference value for the password at R_PWID and a flag indicating
- that the SigG application is to be used at R_SIGG. If NEW_MODE is
- true, the returned description is suitable for a new Password.
-diff --git a/tests/openpgp/ecc.scm b/tests/openpgp/ecc.scm
-index f2f3b7c..8f38494 100755
---- a/tests/openpgp/ecc.scm
-+++ b/tests/openpgp/ecc.scm
-@@ -187,7 +187,7 @@ Rg==
- ;;
- ;; Now check that we can encrypt and decrypt our own messages.
- ;;
--;; Note that we don't need to provide a passppharse because we already
-+;; Note that we don't need to provide a passphrase because we already
- ;; preset the passphrase into the gpg-agent.
- ;;
- (for-each-p
diff --git a/debian/patches/0128-build-Fix-misspelled-dirmngr.patch b/debian/patches/0128-build-Fix-misspelled-dirmngr.patch
deleted file mode 100644
index 7f625e8..0000000
--- a/debian/patches/0128-build-Fix-misspelled-dirmngr.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-Date: Mon, 31 Oct 2016 20:24:33 -0400
-Subject: build: Fix misspelled dirmngr.
-
-Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-(cherry picked from commit 5e693ddfbe44d149ce0d9393d699c613ad5ea706)
----
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 83e0917..1c00114 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -200,7 +200,7 @@ test -n "$GNUPG_PROTECT_TOOL_PGM" \
- && show_gnupg_protect_tool_pgm="$GNUPG_PROTECT_TOOL_PGM"
-
- AC_ARG_WITH(dirmngr-ldap-pgm,
-- [ --with-dirmngr-ldap-pgm=PATH Use PATH as the default for the dirmnge ldap wrapper)],
-+ [ --with-dirmngr-ldap-pgm=PATH Use PATH as the default for the dirmngr ldap wrapper)],
- GNUPG_DIRMNGR_LDAP_PGM="$withval", GNUPG_DIRMNGR_LDAP_PGM="" )
- AC_SUBST(GNUPG_DIRMNGR_LDAP_PGM)
- AM_CONDITIONAL(GNUPG_DIRMNGR_LDAP_PGM, test -n "$GNUPG_DIRMNGR_LDAP_PGM")
diff --git a/debian/patches/0129-common-Improve-compare_string_versions.patch b/debian/patches/0129-common-Improve-compare_string_versions.patch
deleted file mode 100644
index cefe4af..0000000
--- a/debian/patches/0129-common-Improve-compare_string_versions.patch
+++ /dev/null
@@ -1,272 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Wed, 2 Nov 2016 16:24:58 +0100
-Subject: common: Improve compare_string_versions.
-
-* common/stringhelp.c: Include limits.h.
-(compare_version_strings): Change semantics to behave like strcmp.
-Include the patch lebel in the comparison. Allow checking a single
-version string.
-* common/t-stringhelp.c (test_compare_version_strings): Adjust test
-vectors and a few new vectors.
-* g10/call-agent.c (warn_version_mismatch): Adjust to new sematics.
-* g10/call-dirmngr.c (warn_version_mismatch): Ditto.
-* sm/call-agent.c (warn_version_mismatch): Ditto.
-* sm/call-dirmngr.c (warn_version_mismatch): Ditto.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 488b183811fc25c1ae49b4730491accf1adf518e)
----
- common/stringhelp.c | 63 ++++++++++++++++++++++++++++++++-----------------
- common/t-stringhelp.c | 65 +++++++++++++++++++++++++++++++++------------------
- g10/call-agent.c | 2 +-
- g10/call-dirmngr.c | 2 +-
- sm/call-agent.c | 2 +-
- sm/call-dirmngr.c | 2 +-
- 6 files changed, 87 insertions(+), 49 deletions(-)
-
-diff --git a/common/stringhelp.c b/common/stringhelp.c
-index b5d9f4c..f494bc5 100644
---- a/common/stringhelp.c
-+++ b/common/stringhelp.c
-@@ -49,6 +49,7 @@
- # include <windows.h>
- #endif
- #include <assert.h>
-+#include <limits.h>
-
- #include "util.h"
- #include "common-defs.h"
-@@ -1356,9 +1357,9 @@ parse_version_number (const char *s, int *number)
-
- /* This function breaks up the complete string-representation of the
- version number S, which is of the following struture: <major
-- number>.<minor number>.<micro number><patch level>. The major,
-- minor and micro number components will be stored in *MAJOR, *MINOR
-- and *MICRO.
-+ number>.<minor number>[.<micro number>]<patch level>. The major,
-+ minor, and micro number components will be stored in *MAJOR, *MINOR
-+ and *MICRO. If MICRO is not given 0 is used instead.
-
- On success, the last component, the patch level, will be returned;
- in failure, NULL will be returned. */
-@@ -1385,32 +1386,50 @@ parse_version_string (const char *s, int *major, int *minor, int *micro)
- }
-
-
--/* Check that the version string MY_VERSION is greater or equal than
-- REQ_VERSION. Returns true if the condition is satisfied or false
-- if not. This works with 3 part and two part version strings; for a
-- two part version string the micor part is assumed to be 0. */
-+/* Compare the version string MY_VERSION to the version string
-+ * REQ_VERSION. Returns -1, 0, or 1 if MY_VERSION is found,
-+ * respectively, to be less than, to match, or be greater than
-+ * REQ_VERSION. This function works for three and two part version
-+ * strings; for a two part version string the micro part is assumed to
-+ * be 0. Patch levels are compared as strings. If a version number
-+ * is invalid INT_MIN is returned. If REQ_VERSION is given as NULL
-+ * the function returns 0 if MY_VERSION is parsable version string. */
- int
- compare_version_strings (const char *my_version, const char *req_version)
- {
- int my_major, my_minor, my_micro;
- int rq_major, rq_minor, rq_micro;
--
-- if (!my_version || !req_version)
-- return 0;
--
-- if (!parse_version_string (my_version, &my_major, &my_minor, &my_micro))
-- return 0;
-- if (!parse_version_string(req_version, &rq_major, &rq_minor, &rq_micro))
-- return 0;
--
-- if (my_major > rq_major
-- || (my_major == rq_major && my_minor > rq_minor)
-- || (my_major == rq_major && my_minor == rq_minor
-- && my_micro >= rq_micro))
-+ const char *my_patch, *rq_patch;
-+ int result;
-+
-+ if (!my_version)
-+ return INT_MIN;
-+
-+ my_patch = parse_version_string (my_version, &my_major, &my_minor, &my_micro);
-+ if (!my_patch)
-+ return INT_MIN;
-+ if (!req_version)
-+ return 0; /* MY_VERSION can be parsed. */
-+ rq_patch = parse_version_string (req_version, &rq_major, &rq_minor,&rq_micro);
-+ if (!rq_patch)
-+ return INT_MIN;
-+
-+ if (my_major == rq_major)
- {
-- return 1;
-+ if (my_minor == rq_minor)
-+ {
-+ if (my_micro == rq_micro)
-+ result = strcmp (my_patch, rq_patch);
-+ else
-+ result = my_micro - rq_micro;
-+ }
-+ else
-+ result = my_minor - rq_minor;
- }
-- return 0;
-+ else
-+ result = my_major - rq_major;
-+
-+ return !result? 0 : result < 0 ? -1 : 1;
- }
-
-
-diff --git a/common/t-stringhelp.c b/common/t-stringhelp.c
-index ccadf02..93b014a 100644
---- a/common/t-stringhelp.c
-+++ b/common/t-stringhelp.c
-@@ -40,6 +40,7 @@
- #endif
- #include <unistd.h>
- #include <sys/types.h>
-+#include <limits.h>
-
- #include "t-support.h"
- #include "stringhelp.h"
-@@ -903,45 +904,63 @@ static void
- test_compare_version_strings (void)
- {
- struct { const char *a; const char *b; int okay; } tests[] = {
-- { "1.0.0", "1.0.0", 1 },
-+ { "1.0.0", "1.0.0", 0 },
- { "1.0.0-", "1.0.0", 1 },
- { "1.0.0-1", "1.0.0", 1 },
- { "1.0.0.1", "1.0.0", 1 },
-- { "1.0.0", "1.0.1", 0 },
-- { "1.0.0-", "1.0.1", 0 },
-- { "1.0.0-1", "1.0.1", 0 },
-- { "1.0.0.1", "1.0.1", 0 },
-- { "1.0.0", "1.1.0", 0 },
-- { "1.0.0-", "1.1.0", 0 },
-- { "1.0.0-1", "1.1.0", 0 },
-- { "1.0.0.1", "1.1.0", 0 },
--
-- { "1.0.0", "1.0.0-", 1 },
-- { "1.0.0", "1.0.0-1", 1 },
-- { "1.0.0", "1.0.0.1", 1 },
-+ { "1.0.0", "1.0.1", -1 },
-+ { "1.0.0-", "1.0.1", -1 },
-+ { "1.0.0-1", "1.0.1", -1 },
-+ { "1.0.0.1", "1.0.1", -1 },
-+ { "1.0.0", "1.1.0", -1 },
-+ { "1.0.0-", "1.1.0", -1 },
-+ { "1.0.0-1", "1.1.0", -1 },
-+ { "1.0.0.1", "1.1.0", -1 },
-+
-+ { "1.0.0", "1.0.0-", -1 },
-+ { "1.0.0", "1.0.0-1", -1 },
-+ { "1.0.0", "1.0.0.1", -1 },
- { "1.1.0", "1.0.0", 1 },
- { "1.1.1", "1.1.0", 1 },
-- { "1.1.2", "1.1.2", 1 },
-+ { "1.1.2", "1.1.2", 0 },
- { "1.1.2", "1.0.2", 1 },
- { "1.1.2", "0.0.2", 1 },
-- { "1.1.2", "1.1.3", 0 },
-+ { "1.1.2", "1.1.3", -1 },
-
- { "0.99.1", "0.9.9", 1 },
-- { "0.9.1", "0.91.0", 0 },
-+ { "0.9.1", "0.91.0", -1 },
-
- { "1.5.3", "1.5", 1 },
-- { "1.5.0", "1.5", 1 },
-- { "1.4.99", "1.5", 0 },
-+ { "1.5.0", "1.5", 0 },
-+ { "1.4.99", "1.5", -1 },
- { "1.5", "1.4.99", 1 },
-- { "1.5", "1.5.0", 1 },
-- { "1.5", "1.5.1", 0 },
-+ { "1.5", "1.5.0", 0 },
-+ { "1.5", "1.5.1", -1 },
-
- { "1.5.3-x17", "1.5-23", 1 },
-
- { "1.5.3a", "1.5.3", 1 },
-- { "1.5.3a", "1.5.3b", 1 },
--
-- { NULL, NULL, 0 }
-+ { "1.5.3a", "1.5.3b", -1 },
-+
-+ { "3.1.4-ab", "3.1.4-ab", 0 },
-+ { "3.1.4-ab", "3.1.4-ac", -1 },
-+ { "3.1.4-ac", "3.1.4-ab", 1 },
-+ { "3.1.4-ab", "3.1.4-abb", -1 },
-+ { "3.1.4-abb", "3.1.4-ab", 1 },
-+
-+ { "", "", INT_MIN },
-+ { NULL, "", INT_MIN },
-+ { "1.2.3", "", INT_MIN },
-+ { "1.2.3", "2", INT_MIN },
-+
-+ /* Test cases for validity of A. */
-+ { "", NULL, INT_MIN },
-+ { "1", NULL, INT_MIN },
-+ { "1.", NULL, 0 },
-+ { "1.0", NULL, 0 },
-+ { "1.0.", NULL, 0 },
-+ { "a1.2", NULL, INT_MIN },
-+ { NULL, NULL, INT_MIN }
- };
- int idx;
- int res;
-diff --git a/g10/call-agent.c b/g10/call-agent.c
-index b17a80f..eeea7bf 100644
---- a/g10/call-agent.c
-+++ b/g10/call-agent.c
-@@ -195,7 +195,7 @@ warn_version_mismatch (assuan_context_t ctx, const char *servername, int mode)
- if (err)
- log_error (_("error getting version from '%s': %s\n"),
- servername, gpg_strerror (err));
-- else if (!compare_version_strings (serverversion, myversion))
-+ else if (compare_version_strings (serverversion, myversion) < 0)
- {
- char *warn;
-
-diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c
-index 75a7f46..3970b9f 100644
---- a/g10/call-dirmngr.c
-+++ b/g10/call-dirmngr.c
-@@ -145,7 +145,7 @@ warn_version_mismatch (assuan_context_t ctx, const char *servername)
- if (err)
- log_error (_("error getting version from '%s': %s\n"),
- servername, gpg_strerror (err));
-- else if (!compare_version_strings (serverversion, myversion))
-+ else if (compare_version_strings (serverversion, myversion) < 0)
- {
- char *warn;
-
-diff --git a/sm/call-agent.c b/sm/call-agent.c
-index c0a2081..c9a210f 100644
---- a/sm/call-agent.c
-+++ b/sm/call-agent.c
-@@ -97,7 +97,7 @@ warn_version_mismatch (ctrl_t ctrl, assuan_context_t ctx,
- if (err)
- log_error (_("error getting version from '%s': %s\n"),
- servername, gpg_strerror (err));
-- else if (!compare_version_strings (serverversion, myversion))
-+ else if (compare_version_strings (serverversion, myversion) < 0)
- {
- char *warn;
-
-diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c
-index 4afc697..763506d 100644
---- a/sm/call-dirmngr.c
-+++ b/sm/call-dirmngr.c
-@@ -163,7 +163,7 @@ warn_version_mismatch (ctrl_t ctrl, assuan_context_t ctx,
- if (err)
- log_error (_("error getting version from '%s': %s\n"),
- servername, gpg_strerror (err));
-- else if (!compare_version_strings (serverversion, myversion))
-+ else if (compare_version_strings (serverversion, myversion) < 0)
- {
- char *warn;
-
diff --git a/debian/patches/0130-agent-Extend-the-PINENTRY_LAUNCHED-inquiry-and-statu.patch b/debian/patches/0130-agent-Extend-the-PINENTRY_LAUNCHED-inquiry-and-statu.patch
deleted file mode 100644
index 3857124..0000000
--- a/debian/patches/0130-agent-Extend-the-PINENTRY_LAUNCHED-inquiry-and-statu.patch
+++ /dev/null
@@ -1,144 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Thu, 3 Nov 2016 20:07:56 +0100
-Subject: agent: Extend the PINENTRY_LAUNCHED inquiry and status.
-
-* agent/call-pinentry.c (start_pinentry): Get flavor and version and
-pass it to agent_inq_pinentry_launched.
-* agent/command.c (agent_inq_pinentry_launched): Add arg EXTRA.
-* g10/server.c (gpg_proxy_pinentry_notify): Print a new diagnostic.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit c1ea0b577a468030d2b006317ba27fc1746c4b14)
----
- agent/agent.h | 3 ++-
- agent/call-pinentry.c | 25 ++++++++++++++++++++++++-
- agent/command.c | 7 ++++---
- g10/server.c | 14 ++++++++++++++
- 4 files changed, 44 insertions(+), 5 deletions(-)
-
-diff --git a/agent/agent.h b/agent/agent.h
-index 1d40386..2775c84 100644
---- a/agent/agent.h
-+++ b/agent/agent.h
-@@ -349,7 +349,8 @@ void agent_sighup_action (void);
- int map_pk_openpgp_to_gcry (int openpgp_algo);
-
- /*-- command.c --*/
--gpg_error_t agent_inq_pinentry_launched (ctrl_t ctrl, unsigned long pid);
-+gpg_error_t agent_inq_pinentry_launched (ctrl_t ctrl, unsigned long pid,
-+ const char *extra);
- gpg_error_t agent_write_status (ctrl_t ctrl, const char *keyword, ...)
- GPGRT_ATTR_SENTINEL(0);
- gpg_error_t agent_print_status (ctrl_t ctrl, const char *keyword,
-diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c
-index 813df9a..f83778e 100644
---- a/agent/call-pinentry.c
-+++ b/agent/call-pinentry.c
-@@ -225,6 +225,7 @@ getinfo_pid_cb (void *opaque, const void *buffer, size_t length)
- return 0;
- }
-
-+
- /* Fork off the pin entry if this has not already been done. Note,
- that this function must always be used to acquire the lock for the
- pinentry - we will serialize _all_ pinentry calls.
-@@ -243,6 +244,7 @@ start_pinentry (ctrl_t ctrl)
- unsigned long pinentry_pid;
- const char *value;
- struct timespec abstime;
-+ char *flavor_version;
- int err;
-
- npth_clock_gettime (&abstime);
-@@ -539,6 +541,25 @@ start_pinentry (ctrl_t ctrl)
- }
-
-
-+ /* Ask the pinentry for its version and flavor and streo that as a
-+ * string in MB. This information is useful for helping users to
-+ * figure out Pinentry problems. */
-+ {
-+ membuf_t mb;
-+
-+ init_membuf (&mb, 256);
-+ if (assuan_transact (entry_ctx, "GETINFO flavor",
-+ put_membuf_cb, &mb, NULL, NULL, NULL, NULL))
-+ put_membuf_str (&mb, "unknown");
-+ put_membuf_str (&mb, " ");
-+ if (assuan_transact (entry_ctx, "GETINFO version",
-+ put_membuf_cb, &mb, NULL, NULL, NULL, NULL))
-+ put_membuf_str (&mb, "unknown");
-+ put_membuf (&mb, "", 1);
-+ flavor_version = get_membuf (&mb, NULL);
-+ }
-+
-+
- /* Now ask the Pinentry for its PID. If the Pinentry is new enough
- it will send the pid back and we will use an inquire to notify
- our client. The client may answer the inquiry either with END or
-@@ -555,7 +576,7 @@ start_pinentry (ctrl_t ctrl)
- log_error ("pinentry did not return a PID\n");
- else
- {
-- rc = agent_inq_pinentry_launched (ctrl, pinentry_pid);
-+ rc = agent_inq_pinentry_launched (ctrl, pinentry_pid, flavor_version);
- if (gpg_err_code (rc) == GPG_ERR_CANCELED
- || gpg_err_code (rc) == GPG_ERR_FULLY_CANCELED)
- return unlock_pinentry (gpg_err_make (GPG_ERR_SOURCE_DEFAULT,
-@@ -563,6 +584,8 @@ start_pinentry (ctrl_t ctrl)
- rc = 0;
- }
-
-+ xfree (flavor_version);
-+
- return 0;
- }
-
-diff --git a/agent/command.c b/agent/command.c
-index ba9fdf7..4117e16 100644
---- a/agent/command.c
-+++ b/agent/command.c
-@@ -355,14 +355,15 @@ agent_print_status (ctrl_t ctrl, const char *keyword, const char *format, ...)
- that might disturb some older clients, this is only done if enabled
- via an option. Returns an gpg error code. */
- gpg_error_t
--agent_inq_pinentry_launched (ctrl_t ctrl, unsigned long pid)
-+agent_inq_pinentry_launched (ctrl_t ctrl, unsigned long pid, const char *extra)
- {
-- char line[100];
-+ char line[256];
-
- if (!ctrl || !ctrl->server_local
- || !ctrl->server_local->allow_pinentry_notify)
- return 0;
-- snprintf (line, DIM(line), "PINENTRY_LAUNCHED %lu", pid);
-+ snprintf (line, DIM(line), "PINENTRY_LAUNCHED %lu%s%s",
-+ pid, extra?" ":"", extra? extra:"");
- return assuan_inquire (ctrl->server_local->assuan_ctx, line, NULL, NULL, 0);
- }
-
-diff --git a/g10/server.c b/g10/server.c
-index 258f08a..0e15176 100644
---- a/g10/server.c
-+++ b/g10/server.c
-@@ -770,6 +770,20 @@ gpg_server (ctrl_t ctrl)
- gpg_error_t
- gpg_proxy_pinentry_notify (ctrl_t ctrl, const unsigned char *line)
- {
-+ if (opt.verbose)
-+ {
-+ char *linecopy = xtrystrdup (line);
-+ char *fields[4];
-+
-+ if (linecopy
-+ && split_fields (linecopy, fields, DIM (fields)) >= 4
-+ && !strcmp (fields[0], "PINENTRY_LAUNCHED"))
-+ log_info (_("pinentry launched (pid %s, flavor %s, version %s)\n"),
-+ fields[1], fields[2], fields[3]);
-+
-+ xfree (linecopy);
-+ }
-+
- if (!ctrl || !ctrl->server_local
- || !ctrl->server_local->allow_pinentry_notify)
- {
diff --git a/debian/patches/0131-scd-Add-advanced-option-for-READKEY.patch b/debian/patches/0131-scd-Add-advanced-option-for-READKEY.patch
deleted file mode 100644
index cfe7391..0000000
--- a/debian/patches/0131-scd-Add-advanced-option-for-READKEY.patch
+++ /dev/null
@@ -1,382 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Fri, 4 Nov 2016 13:45:57 +0900
-Subject: scd: Add --advanced option for READKEY.
-
-* scd/command.c (cmd_readkey) : Support ADVANCED arg.
-* scd/app.c (app_readcert): Add ADVANCED arg.
-* scd/app-openpgp.c (do_readkey): Implement ADVANCED arg.
-* scd/app-nks.c (do_readkey): Error return with GPG_ERR_NOT_SUPPORTED.
-
---
-"SCD READKEY --advanced OPENPGP.3" returns key in advanced format.
-With this suport, poldi-ctrl will be no longer needed.
-
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
-(cherry picked from commit f9da935c3eb302e75a80def51128fb6f669661d7)
----
- scd/app-common.h | 4 +-
- scd/app-nks.c | 8 +++-
- scd/app-openpgp.c | 130 ++++++++++++++++++++++++++++++++----------------------
- scd/app.c | 5 ++-
- scd/command.c | 13 ++++--
- 5 files changed, 99 insertions(+), 61 deletions(-)
-
-diff --git a/scd/app-common.h b/scd/app-common.h
-index b4bb55b..cda657f 100644
---- a/scd/app-common.h
-+++ b/scd/app-common.h
-@@ -72,7 +72,7 @@ struct app_ctx_s {
- gpg_error_t (*learn_status) (app_t app, ctrl_t ctrl, unsigned int flags);
- gpg_error_t (*readcert) (app_t app, const char *certid,
- unsigned char **cert, size_t *certlen);
-- gpg_error_t (*readkey) (app_t app, const char *certid,
-+ gpg_error_t (*readkey) (app_t app, int advanced, const char *certid,
- unsigned char **pk, size_t *pklen);
- gpg_error_t (*getattr) (app_t app, ctrl_t ctrl, const char *name);
- gpg_error_t (*setattr) (app_t app, const char *name,
-@@ -154,7 +154,7 @@ gpg_error_t app_write_learn_status (app_t app, ctrl_t ctrl,
- unsigned int flags);
- gpg_error_t app_readcert (app_t app, const char *certid,
- unsigned char **cert, size_t *certlen);
--gpg_error_t app_readkey (app_t app, const char *keyid,
-+gpg_error_t app_readkey (app_t app, int advanced, const char *keyid,
- unsigned char **pk, size_t *pklen);
- gpg_error_t app_getattr (app_t app, ctrl_t ctrl, const char *name);
- gpg_error_t app_setattr (app_t app, const char *name,
-diff --git a/scd/app-nks.c b/scd/app-nks.c
-index 458516b..598dee1 100644
---- a/scd/app-nks.c
-+++ b/scd/app-nks.c
-@@ -618,13 +618,17 @@ do_readcert (app_t app, const char *certid,
- certificate parsing code in commands.c:cmd_readkey. For internal
- use PK and PKLEN may be NULL to just check for an existing key. */
- static gpg_error_t
--do_readkey (app_t app, const char *keyid, unsigned char **pk, size_t *pklen)
-+do_readkey (app_t app, int advanced, const char *keyid,
-+ unsigned char **pk, size_t *pklen)
- {
- gpg_error_t err;
- unsigned char *buffer[2];
- size_t buflen[2];
- unsigned short path[1] = { 0x4500 };
-
-+ if (advanced)
-+ return GPG_ERR_NOT_SUPPORTED;
-+
- /* We use a generic name to retrieve PK.AUT.IFD-SPK. */
- if (!strcmp (keyid, "$IFDAUTHKEY") && app->app_local->nks_version >= 3)
- ;
-@@ -698,7 +702,7 @@ do_writekey (app_t app, ctrl_t ctrl,
- else
- return gpg_error (GPG_ERR_INV_ID);
-
-- if (!force && !do_readkey (app, keyid, NULL, NULL))
-+ if (!force && !do_readkey (app, 0, keyid, NULL, NULL))
- return gpg_error (GPG_ERR_EEXIST);
-
- /* Parse the S-expression. */
-diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
-index d75721f..4bf99ad 100644
---- a/scd/app-openpgp.c
-+++ b/scd/app-openpgp.c
-@@ -1115,8 +1115,8 @@ retrieve_fpr_from_card (app_t app, int keyno, char *fpr)
- #if GNUPG_MAJOR_VERSION > 1
- static gpg_error_t
- retrieve_key_material (FILE *fp, const char *hexkeyid,
-- const unsigned char **m, size_t *mlen,
-- const unsigned char **e, size_t *elen)
-+ const unsigned char **m, size_t *mlen,
-+ const unsigned char **e, size_t *elen)
- {
- gcry_error_t err = 0;
- char *line = NULL; /* read_line() buffer. */
-@@ -1146,10 +1146,10 @@ retrieve_key_material (FILE *fp, const char *hexkeyid,
- if (!i)
- break; /* EOF. */
- if (i < 0)
-- {
-- err = gpg_error_from_syserror ();
-- goto leave; /* Error. */
-- }
-+ {
-+ err = gpg_error_from_syserror ();
-+ goto leave; /* Error. */
-+ }
- if (!max_length)
- {
- err = gpg_error (GPG_ERR_TRUNCATED);
-@@ -1173,7 +1173,7 @@ retrieve_key_material (FILE *fp, const char *hexkeyid,
- && nfields > 4 && !strcmp (fields[4], hexkeyid))
- found_key = 1;
- continue;
-- }
-+ }
-
- if ( !strcmp (fields[0], "sub") || !strcmp (fields[0], "pub") )
- break; /* Next key - stop. */
-@@ -1561,8 +1561,8 @@ get_public_key (app_t app, int keyno)
- Clearly that is not an option and thus we try to locate the
- key using an external helper.
-
-- The helper we use here is gpg itself, which should know about
-- the key in any case. */
-+ The helper we use here is gpg itself, which should know about
-+ the key in any case. */
-
- char fpr[41];
- char *hexkeyid;
-@@ -1574,38 +1574,38 @@ get_public_key (app_t app, int keyno)
-
- err = retrieve_fpr_from_card (app, keyno, fpr);
- if (err)
-- {
-- log_error ("error while retrieving fpr from card: %s\n",
-- gpg_strerror (err));
-- goto leave;
-- }
-+ {
-+ log_error ("error while retrieving fpr from card: %s\n",
-+ gpg_strerror (err));
-+ goto leave;
-+ }
- hexkeyid = fpr + 24;
-
- ret = gpgrt_asprintf
- (&command, "gpg --list-keys --with-colons --with-key-data '%s'", fpr);
- if (ret < 0)
-- {
-- err = gpg_error_from_syserror ();
-- goto leave;
-- }
-+ {
-+ err = gpg_error_from_syserror ();
-+ goto leave;
-+ }
-
- fp = popen (command, "r");
- xfree (command);
- if (!fp)
-- {
-- err = gpg_error_from_syserror ();
-- log_error ("running gpg failed: %s\n", gpg_strerror (err));
-- goto leave;
-- }
-+ {
-+ err = gpg_error_from_syserror ();
-+ log_error ("running gpg failed: %s\n", gpg_strerror (err));
-+ goto leave;
-+ }
-
- err = retrieve_key_material (fp, hexkeyid, &m, &mlen, &e, &elen);
- pclose (fp);
- if (err)
-- {
-- log_error ("error while retrieving key material through pipe: %s\n",
-+ {
-+ log_error ("error while retrieving key material through pipe: %s\n",
- gpg_strerror (err));
-- goto leave;
-- }
-+ goto leave;
-+ }
-
- err = gcry_sexp_build (&s_pkey, NULL, "(public-key(rsa(n%b)(e%b)))",
- (int)mlen, m, (int)elen, e);
-@@ -1726,7 +1726,8 @@ do_learn_status (app_t app, ctrl_t ctrl, unsigned int flags)
- buffer. On error PK and PKLEN are not changed and an error code is
- returned. */
- static gpg_error_t
--do_readkey (app_t app, const char *keyid, unsigned char **pk, size_t *pklen)
-+do_readkey (app_t app, int advanced, const char *keyid,
-+ unsigned char **pk, size_t *pklen)
- {
- #if GNUPG_MAJOR_VERSION > 1
- gpg_error_t err;
-@@ -1749,15 +1750,40 @@ do_readkey (app_t app, const char *keyid, unsigned char **pk, size_t *pklen)
- buf = app->app_local->pk[keyno].key;
- if (!buf)
- return gpg_error (GPG_ERR_NO_PUBKEY);
-- *pklen = app->app_local->pk[keyno].keylen;;
-- *pk = xtrymalloc (*pklen);
-- if (!*pk)
-+
-+ if (advanced)
- {
-- err = gpg_error_from_syserror ();
-- *pklen = 0;
-- return err;
-+ gcry_sexp_t s_key;
-+
-+ err = gcry_sexp_new (&s_key, buf, app->app_local->pk[keyno].keylen, 0);
-+ if (err)
-+ return err;
-+
-+ *pklen = gcry_sexp_sprint (s_key, GCRYSEXP_FMT_ADVANCED, NULL, 0);
-+ *pk = xtrymalloc (*pklen);
-+ if (!*pk)
-+ {
-+ err = gpg_error_from_syserror ();
-+ *pklen = 0;
-+ return err;
-+ }
-+
-+ gcry_sexp_sprint (s_key, GCRYSEXP_FMT_ADVANCED, *pk, *pklen);
-+ gcry_sexp_release (s_key);
-+ }
-+ else
-+ {
-+ *pklen = app->app_local->pk[keyno].keylen;
-+ *pk = xtrymalloc (*pklen);
-+ if (!*pk)
-+ {
-+ err = gpg_error_from_syserror ();
-+ *pklen = 0;
-+ return err;
-+ }
-+ memcpy (*pk, buf, *pklen);
- }
-- memcpy (*pk, buf, *pklen);
-+
- return 0;
- #else
- return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
-@@ -2366,7 +2392,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
- }
- else if (chvno == 1 || chvno == 3)
- {
-- if (!use_pinpad)
-+ if (!use_pinpad)
- {
- char *promptbuf = NULL;
- const char *prompt;
-@@ -3990,23 +4016,23 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
- else
- {
- for (s=keyidstr, n=0; hexdigitp (s); s++, n++)
-- ;
-+ ;
- if (n != 32)
-- return gpg_error (GPG_ERR_INV_ID);
-+ return gpg_error (GPG_ERR_INV_ID);
- else if (!*s)
-- ; /* no fingerprint given: we allow this for now. */
-+ ; /* no fingerprint given: we allow this for now. */
- else if (*s == '/')
-- fpr = s + 1;
-+ fpr = s + 1;
- else
-- return gpg_error (GPG_ERR_INV_ID);
-+ return gpg_error (GPG_ERR_INV_ID);
-
- for (s=keyidstr, n=0; n < 16; s += 2, n++)
-- tmp_sn[n] = xtoi_2 (s);
-+ tmp_sn[n] = xtoi_2 (s);
-
- if (app->serialnolen != 16)
-- return gpg_error (GPG_ERR_INV_CARD);
-+ return gpg_error (GPG_ERR_INV_CARD);
- if (memcmp (app->serialno, tmp_sn, 16))
-- return gpg_error (GPG_ERR_WRONG_CARD);
-+ return gpg_error (GPG_ERR_WRONG_CARD);
- }
-
- /* If a fingerprint has been specified check it against the one on
-@@ -4244,23 +4270,23 @@ do_decipher (app_t app, const char *keyidstr,
- else
- {
- for (s=keyidstr, n=0; hexdigitp (s); s++, n++)
-- ;
-+ ;
- if (n != 32)
-- return gpg_error (GPG_ERR_INV_ID);
-+ return gpg_error (GPG_ERR_INV_ID);
- else if (!*s)
-- ; /* no fingerprint given: we allow this for now. */
-+ ; /* no fingerprint given: we allow this for now. */
- else if (*s == '/')
-- fpr = s + 1;
-+ fpr = s + 1;
- else
-- return gpg_error (GPG_ERR_INV_ID);
-+ return gpg_error (GPG_ERR_INV_ID);
-
- for (s=keyidstr, n=0; n < 16; s += 2, n++)
-- tmp_sn[n] = xtoi_2 (s);
-+ tmp_sn[n] = xtoi_2 (s);
-
- if (app->serialnolen != 16)
-- return gpg_error (GPG_ERR_INV_CARD);
-+ return gpg_error (GPG_ERR_INV_CARD);
- if (memcmp (app->serialno, tmp_sn, 16))
-- return gpg_error (GPG_ERR_WRONG_CARD);
-+ return gpg_error (GPG_ERR_WRONG_CARD);
- }
-
- /* If a fingerprint has been specified check it against the one on
-diff --git a/scd/app.c b/scd/app.c
-index 55b8edd..1f21dc1 100644
---- a/scd/app.c
-+++ b/scd/app.c
-@@ -612,7 +612,8 @@ app_readcert (app_t app, const char *certid,
-
- This function might not be supported by all applications. */
- gpg_error_t
--app_readkey (app_t app, const char *keyid, unsigned char **pk, size_t *pklen)
-+app_readkey (app_t app, int advanced, const char *keyid,
-+ unsigned char **pk, size_t *pklen)
- {
- gpg_error_t err;
-
-@@ -630,7 +631,7 @@ app_readkey (app_t app, const char *keyid, unsigned char **pk, size_t *pklen)
- err = lock_reader (app->slot, NULL /*FIXME*/);
- if (err)
- return err;
-- err= app->fnc.readkey (app, keyid, pk, pklen);
-+ err= app->fnc.readkey (app, advanced, keyid, pk, pklen);
- unlock_reader (app->slot);
- return err;
- }
-diff --git a/scd/command.c b/scd/command.c
-index 9d978ab..edea01c 100644
---- a/scd/command.c
-+++ b/scd/command.c
-@@ -729,17 +729,19 @@ cmd_readcert (assuan_context_t ctx, char *line)
-
-
- static const char hlp_readkey[] =
-- "READKEY <keyid>\n"
-+ "READKEY [--advanced] <keyid>\n"
- "\n"
- "Return the public key for the given cert or key ID as a standard\n"
- "S-expression.\n"
-+ "In --advanced mode it returns the S-expression in advanced format.\n"
- "\n"
-- "Note, that this function may even be used on a locked card.";
-+ "Note that this function may even be used on a locked card.";
- static gpg_error_t
- cmd_readkey (assuan_context_t ctx, char *line)
- {
- ctrl_t ctrl = assuan_get_pointer (ctx);
- int rc;
-+ int advanced = 0;
- unsigned char *cert = NULL;
- size_t ncert, n;
- ksba_cert_t kc = NULL;
-@@ -750,11 +752,16 @@ cmd_readkey (assuan_context_t ctx, char *line)
- if ((rc = open_card (ctrl, NULL)))
- return rc;
-
-+ if (has_option (line, "--advanced"))
-+ advanced = 1;
-+
-+ line = skip_options (line);
-+
- line = xstrdup (line); /* Need a copy of the line. */
- /* If the application supports the READKEY function we use that.
- Otherwise we use the old way by extracting it from the
- certificate. */
-- rc = app_readkey (ctrl->app_ctx, line, &pk, &pklen);
-+ rc = app_readkey (ctrl->app_ctx, advanced, line, &pk, &pklen);
- if (!rc)
- { /* Yeah, got that key - send it back. */
- rc = assuan_send_data (ctx, pk, pklen);
diff --git a/debian/patches/0132-scd-Fix-length-error-for-READKEY.patch b/debian/patches/0132-scd-Fix-length-error-for-READKEY.patch
deleted file mode 100644
index 6bb10a2..0000000
--- a/debian/patches/0132-scd-Fix-length-error-for-READKEY.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Fri, 4 Nov 2016 15:34:35 +0900
-Subject: scd: Fix length error for READKEY.
-
-* scd/app-openpgp.c (do_readkey): Decrement the length.
-
---
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
-
-(cherry picked from commit cd00b07ec26c3408e6aee66957b08c6fd319b700)
----
- scd/app-openpgp.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
-index 4bf99ad..f8d9954 100644
---- a/scd/app-openpgp.c
-+++ b/scd/app-openpgp.c
-@@ -1770,6 +1770,8 @@ do_readkey (app_t app, int advanced, const char *keyid,
-
- gcry_sexp_sprint (s_key, GCRYSEXP_FMT_ADVANCED, *pk, *pklen);
- gcry_sexp_release (s_key);
-+ /* Decrement for trailing '\0' */
-+ *pklen = *pklen - 1;
- }
- else
- {
diff --git a/debian/patches/0133-indent-Move-comments-inside-the-block.patch b/debian/patches/0133-indent-Move-comments-inside-the-block.patch
deleted file mode 100644
index 5c4a2b9..0000000
--- a/debian/patches/0133-indent-Move-comments-inside-the-block.patch
+++ /dev/null
@@ -1,182 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Fri, 4 Nov 2016 14:51:19 +0100
-Subject: indent: Move comments inside the block.
-
---
-
-This fixes a few
-
- if (foo)
- /* A comment
- with several
- lines. */
- {
- }
-
-Which has the problem that the block is visually not related to the
-"if" and might thus falsely be considered a standalone block.
-
-Also adds a asterisk on the left side of longer comments.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 2312a7f836b89b812298f25cf50ba56c6ce1806c)
----
- g10/getkey.c | 93 +++++++++++++++++++++++++++++++-----------------------------
- 1 file changed, 48 insertions(+), 45 deletions(-)
-
-diff --git a/g10/getkey.c b/g10/getkey.c
-index a9eca48..3ef8d73 100644
---- a/g10/getkey.c
-+++ b/g10/getkey.c
-@@ -1213,25 +1213,26 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
- is_mbox = is_valid_mailbox (name);
-
- /* The auto-key-locate feature works as follows: there are a number
-- of methods to look up keys. By default, the local keyring is
-- tried first. Then, each method listed in the --auto-key-locate is
-- tried in the order it appears.
--
-- This can be changed as follows:
--
-- - if nodefault appears anywhere in the list of options, then
-- the local keyring is not tried first, or,
--
-- - if local appears anywhere in the list of options, then the
-- local keyring is not tried first, but in the order in which
-- it was listed in the --auto-key-locate option.
--
-- Note: we only save the search context in RETCTX if the local
-- method is the first method tried (either explicitly or
-- implicitly). */
-+ * of methods to look up keys. By default, the local keyring is
-+ * tried first. Then, each method listed in the --auto-key-locate is
-+ * tried in the order it appears.
-+ *
-+ * This can be changed as follows:
-+ *
-+ * - if nodefault appears anywhere in the list of options, then
-+ * the local keyring is not tried first, or,
-+ *
-+ * - if local appears anywhere in the list of options, then the
-+ * local keyring is not tried first, but in the order in which
-+ * it was listed in the --auto-key-locate option.
-+ *
-+ * Note: we only save the search context in RETCTX if the local
-+ * method is the first method tried (either explicitly or
-+ * implicitly). */
- if (!no_akl)
-- /* auto-key-locate is enabled. */
- {
-+ /* auto-key-locate is enabled. */
-+
- /* nodefault is true if "nodefault" or "local" appear. */
- for (akl = opt.auto_key_locate; akl; akl = akl->next)
- if (akl->type == AKL_NODEFAULT || akl->type == AKL_LOCAL)
-@@ -1251,24 +1252,26 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
- }
-
- if (!nodefault)
-- /* "nodefault" didn't occur. Thus, "local" is implicitly the
-- first method to try. */
-- anylocalfirst = 1;
-+ {
-+ /* "nodefault" didn't occur. Thus, "local" is implicitly the
-+ * first method to try. */
-+ anylocalfirst = 1;
-+ }
-
- if (nodefault && is_mbox)
-- /* Either "nodefault" or "local" (explicitly) appeared in the auto
-- key locate list and NAME appears to be an email address. Don't
-- try the local keyring. */
- {
-+ /* Either "nodefault" or "local" (explicitly) appeared in the
-+ * auto key locate list and NAME appears to be an email address.
-+ * Don't try the local keyring. */
- rc = GPG_ERR_NO_PUBKEY;
- }
- else
-- /* Either "nodefault" and "local" don't appear in the auto key
-- locate list (in which case we try the local keyring first) or
-- NAME does not appear to be an email address (in which case we
-- only try the local keyring). In this case, lookup NAME in the
-- local keyring. */
- {
-+ /* Either "nodefault" and "local" don't appear in the auto key
-+ * locate list (in which case we try the local keyring first) or
-+ * NAME does not appear to be an email address (in which case we
-+ * only try the local keyring). In this case, lookup NAME in
-+ * the local keyring. */
- add_to_strlist (&namelist, name);
- rc = key_byname (retctx, namelist, pk, 0,
- include_unusable, ret_keyblock, ret_kdbhd);
-@@ -1277,11 +1280,11 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
- /* If the requested name resembles a valid mailbox and automatic
- retrieval has been enabled, we try to import the key. */
- if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY && !no_akl && is_mbox)
-- /* NAME wasn't present in the local keyring (or we didn't try the
-- local keyring). Since the auto key locate feature is enabled
-- and NAME appears to be an email address, try the auto locate
-- feature. */
- {
-+ /* NAME wasn't present in the local keyring (or we didn't try
-+ * the local keyring). Since the auto key locate feature is
-+ * enabled and NAME appears to be an email address, try the auto
-+ * locate feature. */
- for (akl = opt.auto_key_locate; akl; akl = akl->next)
- {
- unsigned char *fpr = NULL;
-@@ -1349,9 +1352,9 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
-
- case AKL_KEYSERVER:
- /* Strictly speaking, we don't need to only use a valid
-- mailbox for the getname search, but it helps cut down
-- on the problem of searching for something like "john"
-- and getting a whole lot of keys back. */
-+ * mailbox for the getname search, but it helps cut down
-+ * on the problem of searching for something like "john"
-+ * and getting a whole lot of keys back. */
- if (keyserver_any_configured (ctrl))
- {
- mechanism = "keyserver";
-@@ -1382,12 +1385,12 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
- }
-
- /* Use the fingerprint of the key that we actually fetched.
-- This helps prevent problems where the key that we fetched
-- doesn't have the same name that we used to fetch it. In
-- the case of CERT and PKA, this is an actual security
-- requirement as the URL might point to a key put in by an
-- attacker. By forcing the use of the fingerprint, we
-- won't use the attacker's key here. */
-+ * This helps prevent problems where the key that we fetched
-+ * doesn't have the same name that we used to fetch it. In
-+ * the case of CERT and PKA, this is an actual security
-+ * requirement as the URL might point to a key put in by an
-+ * attacker. By forcing the use of the fingerprint, we
-+ * won't use the attacker's key here. */
- if (!rc && fpr)
- {
- char fpr_string[MAX_FINGERPRINT_LEN * 2 + 1];
-@@ -1407,7 +1410,7 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
- }
- else if (!rc && !fpr && !did_akl_local)
- { /* The acquisition method said no failure occurred, but
-- it didn't return a fingerprint. That's a failure. */
-+ * it didn't return a fingerprint. That's a failure. */
- no_fingerprint = 1;
- rc = GPG_ERR_NO_PUBKEY;
- }
-@@ -1416,9 +1419,9 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
-
- if (!rc && !did_akl_local)
- { /* There was no error and we didn't do a local lookup.
-- This means that we imported a key into the local
-- keyring. Try to read the imported key from the
-- keyring. */
-+ * This means that we imported a key into the local
-+ * keyring. Try to read the imported key from the
-+ * keyring. */
- if (retctx)
- {
- getkey_end (*retctx);
diff --git a/debian/patches/0134-Change-all-http-www.gnu.org-in-license-notices-to-ht.patch b/debian/patches/0134-Change-all-http-www.gnu.org-in-license-notices-to-ht.patch
deleted file mode 100644
index 6fd3e8d..0000000
--- a/debian/patches/0134-Change-all-http-www.gnu.org-in-license-notices-to-ht.patch
+++ /dev/null
@@ -1,6323 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Sat, 5 Nov 2016 12:02:19 +0100
-Subject: Change all http://www.gnu.org in license notices to https://
-
---
-
-(cherry picked from commit 4d7dc432b598d7d28d6caba78a94d12034134b96)
----
- COPYING | 12 ++++++------
- COPYING.LIB | 2 +-
- Makefile.am | 2 +-
- acinclude.m4 | 2 +-
- agent/Makefile.am | 2 +-
- agent/agent.h | 2 +-
- agent/cache.c | 2 +-
- agent/call-pinentry.c | 2 +-
- agent/call-scd.c | 2 +-
- agent/command-ssh.c | 2 +-
- agent/command.c | 2 +-
- agent/cvt-openpgp.c | 2 +-
- agent/cvt-openpgp.h | 2 +-
- agent/divert-scd.c | 2 +-
- agent/findkey.c | 2 +-
- agent/genkey.c | 2 +-
- agent/gpg-agent.c | 2 +-
- agent/learncard.c | 2 +-
- agent/pkdecrypt.c | 2 +-
- agent/pksign.c | 2 +-
- agent/preset-passphrase.c | 2 +-
- agent/protect-tool.c | 2 +-
- agent/protect.c | 2 +-
- agent/t-protect.c | 2 +-
- agent/trans.c | 2 +-
- agent/trustlist.c | 2 +-
- am/cmacros.am | 2 +-
- common/Makefile.am | 2 +-
- common/agent-opt.c | 2 +-
- common/argparse.h | 2 +-
- common/asshelp.c | 2 +-
- common/asshelp.h | 2 +-
- common/asshelp2.c | 2 +-
- common/audit.c | 2 +-
- common/audit.h | 2 +-
- common/b64dec.c | 2 +-
- common/b64enc.c | 2 +-
- common/call-gpg.c | 2 +-
- common/call-gpg.h | 2 +-
- common/ccparray.c | 2 +-
- common/ccparray.h | 2 +-
- common/common-defs.h | 2 +-
- common/convert.c | 2 +-
- common/dotlock.c | 2 +-
- common/dotlock.h | 2 +-
- common/dynload.h | 2 +-
- common/exechelp-posix.c | 2 +-
- common/exechelp-w32.c | 2 +-
- common/exechelp-w32ce.c | 2 +-
- common/exechelp.h | 2 +-
- common/exectool.c | 2 +-
- common/exectool.h | 2 +-
- common/fwddecl.h | 2 +-
- common/get-passphrase.c | 2 +-
- common/get-passphrase.h | 2 +-
- common/gettime.c | 2 +-
- common/gettime.h | 2 +-
- common/gpgrlhelp.c | 2 +-
- common/helpfile.c | 2 +-
- common/homedir.c | 2 +-
- common/host2net.h | 2 +-
- common/i18n.c | 2 +-
- common/init.c | 2 +-
- common/init.h | 2 +-
- common/iobuf.c | 2 +-
- common/iobuf.h | 2 +-
- common/keyserver.h | 2 +-
- common/localename.c | 2 +-
- common/logging.c | 2 +-
- common/logging.h | 2 +-
- common/mapstrings.c | 2 +-
- common/mbox-util.c | 4 ++--
- common/mbox-util.h | 4 ++--
- common/membuf.c | 2 +-
- common/membuf.h | 2 +-
- common/miscellaneous.c | 2 +-
- common/mischelp.c | 2 +-
- common/mischelp.h | 2 +-
- common/mkdir_p.c | 2 +-
- common/mkdir_p.h | 2 +-
- common/name-value.c | 2 +-
- common/name-value.h | 2 +-
- common/openpgp-oid.c | 2 +-
- common/openpgpdefs.h | 2 +-
- common/percent.c | 2 +-
- common/recsel.c | 2 +-
- common/recsel.h | 2 +-
- common/server-help.c | 2 +-
- common/server-help.h | 2 +-
- common/session-env.c | 2 +-
- common/session-env.h | 2 +-
- common/sexp-parse.h | 2 +-
- common/sexputil.c | 2 +-
- common/shareddefs.h | 2 +-
- common/signal.c | 2 +-
- common/simple-pwquery.c | 2 +-
- common/simple-pwquery.h | 2 +-
- common/ssh-utils.c | 2 +-
- common/ssh-utils.h | 2 +-
- common/status.c | 2 +-
- common/status.h | 2 +-
- common/stringhelp.c | 2 +-
- common/stringhelp.h | 2 +-
- common/strlist.c | 2 +-
- common/strlist.h | 2 +-
- common/sysutils.c | 2 +-
- common/sysutils.h | 2 +-
- common/t-b64.c | 2 +-
- common/t-ccparray.c | 2 +-
- common/t-convert.c | 2 +-
- common/t-exechelp.c | 2 +-
- common/t-exectool.c | 2 +-
- common/t-gettime.c | 2 +-
- common/t-helpfile.c | 2 +-
- common/t-mapstrings.c | 2 +-
- common/t-mbox-util.c | 2 +-
- common/t-name-value.c | 2 +-
- common/t-openpgp-oid.c | 2 +-
- common/t-percent.c | 2 +-
- common/t-recsel.c | 2 +-
- common/t-session-env.c | 2 +-
- common/t-sexputil.c | 2 +-
- common/t-ssh-utils.c | 2 +-
- common/t-stringhelp.c | 2 +-
- common/t-strlist.c | 2 +-
- common/t-support.h | 2 +-
- common/t-sysutils.c | 2 +-
- common/t-timestuff.c | 2 +-
- common/t-w32-reg.c | 2 +-
- common/t-zb32.c | 2 +-
- common/tlv.c | 2 +-
- common/tlv.h | 2 +-
- common/ttyio.c | 2 +-
- common/ttyio.h | 2 +-
- common/types.h | 2 +-
- common/userids.c | 2 +-
- common/userids.h | 2 +-
- common/utf8conv.c | 2 +-
- common/utf8conv.h | 2 +-
- common/util.h | 2 +-
- common/utilproto.h | 2 +-
- common/w32-reg.c | 2 +-
- common/w32help.h | 2 +-
- common/xasprintf.c | 2 +-
- common/xreadline.c | 2 +-
- common/yesno.c | 2 +-
- common/zb32.c | 2 +-
- common/zb32.h | 2 +-
- configure.ac | 2 +-
- dirmngr/Makefile.am | 2 +-
- dirmngr/certcache.c | 2 +-
- dirmngr/crlcache.c | 2 +-
- dirmngr/crlfetch.c | 2 +-
- dirmngr/crlfetch.h | 2 +-
- dirmngr/dirmngr-client.c | 2 +-
- dirmngr/dirmngr.c | 2 +-
- dirmngr/dirmngr.h | 2 +-
- dirmngr/dirmngr_ldap.c | 2 +-
- dirmngr/dns-stuff.c | 2 +-
- dirmngr/dns-stuff.h | 2 +-
- dirmngr/http.c | 2 +-
- dirmngr/http.h | 2 +-
- dirmngr/ks-action.c | 2 +-
- dirmngr/ks-action.h | 2 +-
- dirmngr/ks-engine-finger.c | 2 +-
- dirmngr/ks-engine-hkp.c | 2 +-
- dirmngr/ks-engine-http.c | 2 +-
- dirmngr/ks-engine-kdns.c | 2 +-
- dirmngr/ks-engine-ldap.c | 2 +-
- dirmngr/ks-engine.h | 2 +-
- dirmngr/ldap-parse-uri.c | 2 +-
- dirmngr/ldap-parse-uri.h | 2 +-
- dirmngr/ldap-wrapper-ce.c | 2 +-
- dirmngr/ldap-wrapper.c | 2 +-
- dirmngr/ldap-wrapper.h | 2 +-
- dirmngr/ldapserver.h | 2 +-
- dirmngr/server.c | 2 +-
- dirmngr/t-dns-stuff.c | 2 +-
- dirmngr/t-http.c | 2 +-
- dirmngr/t-ldap-parse-uri.c | 2 +-
- dirmngr/t-support.h | 2 +-
- dirmngr/w32-ldap-help.h | 2 +-
- doc/Makefile.am | 2 +-
- doc/gpl.texi | 8 ++++----
- doc/help.be.txt | 2 +-
- doc/help.ca.txt | 2 +-
- doc/help.cs.txt | 2 +-
- doc/help.da.txt | 2 +-
- doc/help.de.txt | 2 +-
- doc/help.el.txt | 2 +-
- doc/help.eo.txt | 2 +-
- doc/help.es.txt | 2 +-
- doc/help.et.txt | 2 +-
- doc/help.fi.txt | 2 +-
- doc/help.fr.txt | 2 +-
- doc/help.gl.txt | 2 +-
- doc/help.hu.txt | 2 +-
- doc/help.id.txt | 2 +-
- doc/help.it.txt | 2 +-
- doc/help.ja.txt | 2 +-
- doc/help.nb.txt | 2 +-
- doc/help.pl.txt | 2 +-
- doc/help.pt.txt | 2 +-
- doc/help.pt_BR.txt | 2 +-
- doc/help.ro.txt | 2 +-
- doc/help.ru.txt | 2 +-
- doc/help.sk.txt | 2 +-
- doc/help.sv.txt | 2 +-
- doc/help.tr.txt | 2 +-
- doc/help.txt | 2 +-
- doc/help.zh_CN.txt | 2 +-
- doc/help.zh_TW.txt | 2 +-
- g10/Makefile.am | 2 +-
- g10/armor.c | 2 +-
- g10/build-packet.c | 2 +-
- g10/call-agent.c | 2 +-
- g10/call-agent.h | 2 +-
- g10/call-dirmngr.c | 2 +-
- g10/call-dirmngr.h | 2 +-
- g10/card-util.c | 2 +-
- g10/cipher.c | 2 +-
- g10/compress-bz2.c | 2 +-
- g10/compress.c | 2 +-
- g10/cpr.c | 2 +-
- g10/dearmor.c | 2 +-
- g10/decrypt-data.c | 2 +-
- g10/decrypt.c | 2 +-
- g10/dek.h | 2 +-
- g10/delkey.c | 2 +-
- g10/ecdh.c | 2 +-
- g10/encrypt.c | 2 +-
- g10/exec.c | 2 +-
- g10/exec.h | 2 +-
- g10/export.c | 2 +-
- g10/filter.h | 2 +-
- g10/free-packet.c | 2 +-
- g10/getkey.c | 2 +-
- g10/gpg.c | 2 +-
- g10/gpg.h | 2 +-
- g10/gpgcompose.c | 2 +-
- g10/gpgsql.c | 2 +-
- g10/gpgsql.h | 2 +-
- g10/gpgv.c | 2 +-
- g10/helptext.c | 2 +-
- g10/import.c | 2 +-
- g10/kbnode.c | 2 +-
- g10/keydb.c | 2 +-
- g10/keydb.h | 2 +-
- g10/keyedit.c | 2 +-
- g10/keygen.c | 2 +-
- g10/keyid.c | 2 +-
- g10/keylist.c | 2 +-
- g10/keyring.c | 2 +-
- g10/keyring.h | 2 +-
- g10/keyserver-internal.h | 2 +-
- g10/keyserver.c | 2 +-
- g10/main.h | 2 +-
- g10/mainproc.c | 2 +-
- g10/mdfilter.c | 2 +-
- g10/migrate.c | 2 +-
- g10/misc.c | 2 +-
- g10/openfile.c | 2 +-
- g10/options.h | 2 +-
- g10/packet.h | 2 +-
- g10/parse-packet.c | 2 +-
- g10/passphrase.c | 2 +-
- g10/photoid.c | 2 +-
- g10/photoid.h | 2 +-
- g10/pkclist.c | 2 +-
- g10/pkglue.c | 2 +-
- g10/pkglue.h | 2 +-
- g10/plaintext.c | 2 +-
- g10/progress.c | 2 +-
- g10/pubkey-enc.c | 2 +-
- g10/revoke.c | 2 +-
- g10/rmd160.c | 2 +-
- g10/rmd160.h | 2 +-
- g10/server.c | 2 +-
- g10/seskey.c | 2 +-
- g10/sig-check.c | 2 +-
- g10/sign.c | 2 +-
- g10/skclist.c | 2 +-
- g10/t-keydb-get-keyblock.c | 2 +-
- g10/t-keydb.c | 2 +-
- g10/t-rmd160.c | 2 +-
- g10/t-stutter.c | 2 +-
- g10/tdbdump.c | 2 +-
- g10/tdbio.c | 2 +-
- g10/tdbio.h | 2 +-
- g10/test-stubs.c | 2 +-
- g10/test.c | 2 +-
- g10/textfilter.c | 2 +-
- g10/tofu.c | 2 +-
- g10/tofu.h | 2 +-
- g10/trust.c | 2 +-
- g10/trustdb.c | 2 +-
- g10/trustdb.h | 2 +-
- g10/verify.c | 2 +-
- g13/Makefile.am | 2 +-
- g13/backend.c | 2 +-
- g13/backend.h | 2 +-
- g13/be-dmcrypt.c | 2 +-
- g13/be-dmcrypt.h | 2 +-
- g13/be-encfs.c | 2 +-
- g13/be-encfs.h | 2 +-
- g13/be-truecrypt.c | 2 +-
- g13/be-truecrypt.h | 2 +-
- g13/call-syshelp.c | 2 +-
- g13/call-syshelp.h | 2 +-
- g13/create.c | 2 +-
- g13/create.h | 2 +-
- g13/g13-common.c | 2 +-
- g13/g13-common.h | 2 +-
- g13/g13-syshelp.c | 2 +-
- g13/g13-syshelp.h | 2 +-
- g13/g13.c | 2 +-
- g13/g13.h | 2 +-
- g13/g13tuple.c | 2 +-
- g13/g13tuple.h | 2 +-
- g13/keyblob.c | 2 +-
- g13/keyblob.h | 2 +-
- g13/mount.c | 2 +-
- g13/mount.h | 2 +-
- g13/mountinfo.c | 2 +-
- g13/mountinfo.h | 2 +-
- g13/runner.c | 2 +-
- g13/runner.h | 2 +-
- g13/server.c | 2 +-
- g13/server.h | 2 +-
- g13/sh-blockdev.c | 2 +-
- g13/sh-cmd.c | 2 +-
- g13/sh-dmcrypt.c | 2 +-
- g13/suspend.c | 2 +-
- g13/suspend.h | 2 +-
- g13/t-g13tuple.c | 2 +-
- kbx/Makefile.am | 2 +-
- kbx/kbxutil.c | 2 +-
- kbx/keybox-blob.c | 2 +-
- kbx/keybox-defs.h | 2 +-
- kbx/keybox-dump.c | 2 +-
- kbx/keybox-file.c | 2 +-
- kbx/keybox-init.c | 2 +-
- kbx/keybox-openpgp.c | 2 +-
- kbx/keybox-search-desc.h | 2 +-
- kbx/keybox-search.c | 2 +-
- kbx/keybox-update.c | 2 +-
- kbx/keybox-util.c | 2 +-
- kbx/keybox.h | 2 +-
- scd/Makefile.am | 2 +-
- scd/apdu.c | 2 +-
- scd/apdu.h | 2 +-
- scd/app-common.h | 2 +-
- scd/app-dinsig.c | 2 +-
- scd/app-geldkarte.c | 2 +-
- scd/app-help.c | 2 +-
- scd/app-nks.c | 2 +-
- scd/app-openpgp.c | 2 +-
- scd/app-p15.c | 2 +-
- scd/app-sc-hsm.c | 2 +-
- scd/app.c | 2 +-
- scd/atr.c | 2 +-
- scd/atr.h | 2 +-
- scd/ccid-driver.c | 2 +-
- scd/ccid-driver.h | 2 +-
- scd/command.c | 2 +-
- scd/iso7816.c | 2 +-
- scd/iso7816.h | 2 +-
- scd/scdaemon.c | 2 +-
- scd/scdaemon.h | 2 +-
- sm/Makefile.am | 2 +-
- sm/base64.c | 2 +-
- sm/call-agent.c | 2 +-
- sm/call-dirmngr.c | 2 +-
- sm/certchain.c | 2 +-
- sm/certcheck.c | 2 +-
- sm/certdump.c | 2 +-
- sm/certlist.c | 2 +-
- sm/certreqgen-ui.c | 2 +-
- sm/certreqgen.c | 2 +-
- sm/decrypt.c | 2 +-
- sm/delete.c | 2 +-
- sm/encrypt.c | 2 +-
- sm/export.c | 2 +-
- sm/fingerprint.c | 2 +-
- sm/gpgsm.c | 2 +-
- sm/gpgsm.h | 2 +-
- sm/import.c | 2 +-
- sm/keydb.c | 2 +-
- sm/keydb.h | 2 +-
- sm/keylist.c | 2 +-
- sm/minip12.c | 2 +-
- sm/minip12.h | 2 +-
- sm/misc.c | 2 +-
- sm/passphrase.c | 2 +-
- sm/passphrase.h | 2 +-
- sm/qualified.c | 2 +-
- sm/server.c | 2 +-
- sm/sign.c | 2 +-
- sm/verify.c | 2 +-
- tests/Makefile.am | 2 +-
- tests/asschk.c | 2 +-
- tests/gpgscm/Makefile.am | 2 +-
- tests/gpgscm/ffi-private.h | 2 +-
- tests/gpgscm/ffi.c | 2 +-
- tests/gpgscm/ffi.h | 2 +-
- tests/gpgscm/main.c | 2 +-
- tests/gpgscm/private.h | 2 +-
- tests/gpgscm/scheme-config.h | 2 +-
- tests/gpgscm/t-child.c | 2 +-
- tests/migrations/Makefile.am | 2 +-
- tests/openpgp/Makefile.am | 2 +-
- tests/openpgp/fake-pinentry.c | 2 +-
- tests/pkits/Makefile.am | 2 +-
- tools/Makefile.am | 2 +-
- tools/call-dirmngr.c | 2 +-
- tools/call-dirmngr.h | 2 +-
- tools/ccidmon.c | 2 +-
- tools/gpg-check-pattern.c | 2 +-
- tools/gpg-connect-agent.c | 2 +-
- tools/gpg-wks-client.c | 2 +-
- tools/gpg-wks-server.c | 2 +-
- tools/gpg-wks.h | 2 +-
- tools/gpgconf-comp.c | 2 +-
- tools/gpgconf.c | 2 +-
- tools/gpgconf.h | 2 +-
- tools/gpgparsemail.c | 2 +-
- tools/gpgsplit.c | 2 +-
- tools/gpgtar-create.c | 2 +-
- tools/gpgtar-extract.c | 2 +-
- tools/gpgtar-list.c | 2 +-
- tools/gpgtar.c | 2 +-
- tools/gpgtar.h | 2 +-
- tools/make-dns-cert.c | 2 +-
- tools/mime-maker.c | 2 +-
- tools/mime-maker.h | 2 +-
- tools/mime-parser.c | 2 +-
- tools/mime-parser.h | 2 +-
- tools/rfc822parse.c | 2 +-
- tools/rfc822parse.h | 2 +-
- tools/send-mail.c | 2 +-
- tools/send-mail.h | 2 +-
- tools/sockprox.c | 2 +-
- tools/symcryptrun.c | 2 +-
- tools/watchgnupg.c | 2 +-
- tools/wks-receive.c | 2 +-
- tools/wks-util.c | 2 +-
- 446 files changed, 456 insertions(+), 456 deletions(-)
-
-diff --git a/COPYING b/COPYING
-index 4432540..ccbbaf6 100644
---- a/COPYING
-+++ b/COPYING
-@@ -2,7 +2,7 @@
- GNU GENERAL PUBLIC LICENSE
- Version 3, 29 June 2007
-
-- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
-+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-@@ -77,7 +77,7 @@ modification follow.
-
- "Copyright" also means copyright-like laws that apply to other kinds of
- works, such as semiconductor masks.
--
-+
- "The Program" refers to any copyrightable work licensed under this
- License. Each licensee is addressed as "you". "Licensees" and
- "recipients" may be individuals or organizations.
-@@ -510,7 +510,7 @@ actual knowledge that, but for the patent license, your conveying the
- covered work in a country, or your recipient's use of the covered work
- in a country, would infringe one or more identifiable patents in that
- country that you have reason to believe are valid.
--
-+
- If, pursuant to or in connection with a single transaction or
- arrangement, you convey, or propagate by procuring conveyance of, a
- covered work, and grant a patent license to some of the parties
-@@ -646,7 +646,7 @@ the "copyright" line and a pointer to where the full notice is found.
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
-- along with this program. If not, see <http://www.gnu.org/licenses/>.
-+ along with this program. If not, see <https://www.gnu.org/licenses/>.
-
- Also add information on how to contact you by electronic and paper mail.
-
-@@ -665,12 +665,12 @@ might be different; for a GUI interface, you would use an "about box".
- You should also get your employer (if you work as a programmer) or school,
- if any, to sign a "copyright disclaimer" for the program, if necessary.
- For more information on this, and how to apply and follow the GNU GPL, see
--<http://www.gnu.org/licenses/>.
-+<https://www.gnu.org/licenses/>.
-
- The GNU General Public License does not permit incorporating your program
- into proprietary programs. If your program is a subroutine library, you
- may consider it more useful to permit linking proprietary applications with
- the library. If this is what you want to do, use the GNU Lesser General
- Public License instead of this License. But first, please read
--<http://www.gnu.org/philosophy/why-not-lgpl.html>.
-+<https://www.gnu.org/philosophy/why-not-lgpl.html>.
-
-diff --git a/COPYING.LIB b/COPYING.LIB
-index fc8a5de..804fcb1 100644
---- a/COPYING.LIB
-+++ b/COPYING.LIB
-@@ -1,7 +1,7 @@
- GNU LESSER GENERAL PUBLIC LICENSE
- Version 3, 29 June 2007
-
-- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
-+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-diff --git a/Makefile.am b/Makefile.am
-index bf12302..f260754 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
- ## Process this file with automake to produce Makefile.in
-
-diff --git a/acinclude.m4 b/acinclude.m4
-index 724c085..2199681 100644
---- a/acinclude.m4
-+++ b/acinclude.m4
-@@ -14,7 +14,7 @@ dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- dnl GNU General Public License for more details.
- dnl
- dnl You should have received a copy of the GNU General Public License
--dnl along with this program; if not, see <http://www.gnu.org/licenses/>.
-+dnl along with this program; if not, see <https://www.gnu.org/licenses/>.
-
- dnl GNUPG_CHECK_TYPEDEF(TYPE, HAVE_NAME)
- dnl Check whether a typedef exists and create a #define $2 if it exists
-diff --git a/agent/Makefile.am b/agent/Makefile.am
-index ed0ed44..045566e 100644
---- a/agent/Makefile.am
-+++ b/agent/Makefile.am
-@@ -13,7 +13,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
- ## Process this file with automake to produce Makefile.in
-
-diff --git a/agent/agent.h b/agent/agent.h
-index 2775c84..9ba7dc8 100644
---- a/agent/agent.h
-+++ b/agent/agent.h
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef AGENT_H
-diff --git a/agent/cache.c b/agent/cache.c
-index 83107a6..f58eaea 100644
---- a/agent/cache.c
-+++ b/agent/cache.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c
-index f83778e..fa00bf9 100644
---- a/agent/call-pinentry.c
-+++ b/agent/call-pinentry.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/agent/call-scd.c b/agent/call-scd.c
-index 0f7d570..ba59c18 100644
---- a/agent/call-scd.c
-+++ b/agent/call-scd.c
-@@ -16,7 +16,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/agent/command-ssh.c b/agent/command-ssh.c
-index b7b42da..208e939 100644
---- a/agent/command-ssh.c
-+++ b/agent/command-ssh.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- /* Only v2 of the ssh-agent protocol is implemented. Relevant RFCs
-diff --git a/agent/command.c b/agent/command.c
-index 4117e16..f1409d7 100644
---- a/agent/command.c
-+++ b/agent/command.c
-@@ -16,7 +16,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- /* FIXME: we should not use the default assuan buffering but setup
-diff --git a/agent/cvt-openpgp.c b/agent/cvt-openpgp.c
-index eb420b0..510b6ff 100644
---- a/agent/cvt-openpgp.c
-+++ b/agent/cvt-openpgp.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/agent/cvt-openpgp.h b/agent/cvt-openpgp.h
-index 9a4fc3d..23092f6 100644
---- a/agent/cvt-openpgp.h
-+++ b/agent/cvt-openpgp.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
- #ifndef GNUPG_AGENT_CVT_OPENPGP_H
- #define GNUPG_AGENT_CVT_OPENPGP_H
-diff --git a/agent/divert-scd.c b/agent/divert-scd.c
-index 5d3b1ef..7b07008 100644
---- a/agent/divert-scd.c
-+++ b/agent/divert-scd.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/agent/findkey.c b/agent/findkey.c
-index c67dc72..1b187ba 100644
---- a/agent/findkey.c
-+++ b/agent/findkey.c
-@@ -16,7 +16,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/agent/genkey.c b/agent/genkey.c
-index 12c3e34..8a43d89 100644
---- a/agent/genkey.c
-+++ b/agent/genkey.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
-index 4e7037c..a8ab103 100644
---- a/agent/gpg-agent.c
-+++ b/agent/gpg-agent.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/agent/learncard.c b/agent/learncard.c
-index 103a821..57bce7a 100644
---- a/agent/learncard.c
-+++ b/agent/learncard.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/agent/pkdecrypt.c b/agent/pkdecrypt.c
-index 8c09b8c..3d0f5aa 100644
---- a/agent/pkdecrypt.c
-+++ b/agent/pkdecrypt.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/agent/pksign.c b/agent/pksign.c
-index 17f2704..b347608 100644
---- a/agent/pksign.c
-+++ b/agent/pksign.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/agent/preset-passphrase.c b/agent/preset-passphrase.c
-index a104977..ae6f0ce 100644
---- a/agent/preset-passphrase.c
-+++ b/agent/preset-passphrase.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/agent/protect-tool.c b/agent/protect-tool.c
-index dbf7811..5917707 100644
---- a/agent/protect-tool.c
-+++ b/agent/protect-tool.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/agent/protect.c b/agent/protect.c
-index 68e4081..e205869 100644
---- a/agent/protect.c
-+++ b/agent/protect.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/agent/t-protect.c b/agent/t-protect.c
-index 431eccf..1d3c8ec 100644
---- a/agent/t-protect.c
-+++ b/agent/t-protect.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/agent/trans.c b/agent/trans.c
-index 9e48889..ff1a34e 100644
---- a/agent/trans.c
-+++ b/agent/trans.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- /* To avoid any problems with the gettext implementation (there used
-diff --git a/agent/trustlist.c b/agent/trustlist.c
-index b8df3fd..9d33259 100644
---- a/agent/trustlist.c
-+++ b/agent/trustlist.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/am/cmacros.am b/am/cmacros.am
-index 8bd839c..9610e4e 100644
---- a/am/cmacros.am
-+++ b/am/cmacros.am
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
- localedir = $(datadir)/locale
-
-diff --git a/common/Makefile.am b/common/Makefile.am
-index 960d1dc..72e3fb4 100644
---- a/common/Makefile.am
-+++ b/common/Makefile.am
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
- ## Process this file with automake to produce Makefile.in
-
-diff --git a/common/agent-opt.c b/common/agent-opt.c
-index 4317ba3..b324482 100644
---- a/common/agent-opt.c
-+++ b/common/agent-opt.c
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/argparse.h b/common/argparse.h
-index 10b838f..81e881d 100644
---- a/common/argparse.h
-+++ b/common/argparse.h
-@@ -25,7 +25,7 @@
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
-- * if not, see <http://www.gnu.org/licenses/>.
-+ * if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_ARGPARSE_H
-diff --git a/common/asshelp.c b/common/asshelp.c
-index c03e67b..eebfb26 100644
---- a/common/asshelp.c
-+++ b/common/asshelp.c
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/asshelp.h b/common/asshelp.h
-index 4eb1d92..dcf6ebb 100644
---- a/common/asshelp.h
-+++ b/common/asshelp.h
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_ASSHELP_H
-diff --git a/common/asshelp2.c b/common/asshelp2.c
-index 0a70d2b..f85c1e6 100644
---- a/common/asshelp2.c
-+++ b/common/asshelp2.c
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/audit.c b/common/audit.c
-index efd5fcd..7d545a3 100644
---- a/common/audit.c
-+++ b/common/audit.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/audit.h b/common/audit.h
-index b324a28..4ef2645 100644
---- a/common/audit.h
-+++ b/common/audit.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_AUDIT_H
-diff --git a/common/b64dec.c b/common/b64dec.c
-index c84c35a..74cf933 100644
---- a/common/b64dec.c
-+++ b/common/b64dec.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/b64enc.c b/common/b64enc.c
-index af861fc..8b99464 100644
---- a/common/b64enc.c
-+++ b/common/b64enc.c
-@@ -17,7 +17,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/call-gpg.c b/common/call-gpg.c
-index 0bda1d3..d42325a 100644
---- a/common/call-gpg.c
-+++ b/common/call-gpg.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/call-gpg.h b/common/call-gpg.h
-index 19993ef..fd7d2e6 100644
---- a/common/call-gpg.h
-+++ b/common/call-gpg.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_CALL_GPG_H
-diff --git a/common/ccparray.c b/common/ccparray.c
-index d3c2833..ff3eb40 100644
---- a/common/ccparray.c
-+++ b/common/ccparray.c
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/ccparray.h b/common/ccparray.h
-index 241d42d..1ecf95b 100644
---- a/common/ccparray.h
-+++ b/common/ccparray.h
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_CCPARRAY_H
-diff --git a/common/common-defs.h b/common/common-defs.h
-index ab5ed34..b1928e6 100644
---- a/common/common-defs.h
-+++ b/common/common-defs.h
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_COMMON_DEFS_H
-diff --git a/common/convert.c b/common/convert.c
-index 4611e77..6d03adc 100644
---- a/common/convert.c
-+++ b/common/convert.c
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/dotlock.c b/common/dotlock.c
-index 26005bf..7ebd523 100644
---- a/common/dotlock.c
-+++ b/common/dotlock.c
-@@ -26,7 +26,7 @@
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
-- * if not, see <http://www.gnu.org/licenses/>.
-+ * if not, see <https://www.gnu.org/licenses/>.
- *
- * ALTERNATIVELY, this file may be distributed under the terms of the
- * following license, in which case the provisions of this license are
-diff --git a/common/dotlock.h b/common/dotlock.h
-index c317c37..78a7e73 100644
---- a/common/dotlock.h
-+++ b/common/dotlock.h
-@@ -25,7 +25,7 @@
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
-- * if not, see <http://www.gnu.org/licenses/>.
-+ * if not, see <https://www.gnu.org/licenses/>.
- *
- * ALTERNATIVELY, this file may be distributed under the terms of the
- * following license, in which case the provisions of this license are
-diff --git a/common/dynload.h b/common/dynload.h
-index 6ba02ff..61930d2 100644
---- a/common/dynload.h
-+++ b/common/dynload.h
-@@ -25,7 +25,7 @@
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
-- * if not, see <http://www.gnu.org/licenses/>.
-+ * if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_DYNLOAD_H
-diff --git a/common/exechelp-posix.c b/common/exechelp-posix.c
-index 943f20a..c02768c 100644
---- a/common/exechelp-posix.c
-+++ b/common/exechelp-posix.c
-@@ -25,7 +25,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/exechelp-w32.c b/common/exechelp-w32.c
-index 19e4d9e..a7a6db3 100644
---- a/common/exechelp-w32.c
-+++ b/common/exechelp-w32.c
-@@ -25,7 +25,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/exechelp-w32ce.c b/common/exechelp-w32ce.c
-index 9e72cef..ec9f014 100644
---- a/common/exechelp-w32ce.c
-+++ b/common/exechelp-w32ce.c
-@@ -25,7 +25,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/exechelp.h b/common/exechelp.h
-index c43cd25..6f2653b 100644
---- a/common/exechelp.h
-+++ b/common/exechelp.h
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_EXECHELP_H
-diff --git a/common/exectool.c b/common/exectool.c
-index cf54efe..4593abd 100644
---- a/common/exectool.c
-+++ b/common/exectool.c
-@@ -25,7 +25,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/exectool.h b/common/exectool.h
-index 94091fd..27bbfc9 100644
---- a/common/exectool.h
-+++ b/common/exectool.h
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_EXECTOOL_H
-diff --git a/common/fwddecl.h b/common/fwddecl.h
-index f9d7536..b945406 100644
---- a/common/fwddecl.h
-+++ b/common/fwddecl.h
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_FWDDECL_H
-diff --git a/common/get-passphrase.c b/common/get-passphrase.c
-index dab2396..199fc34 100644
---- a/common/get-passphrase.c
-+++ b/common/get-passphrase.c
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/get-passphrase.h b/common/get-passphrase.h
-index 7e5cac0..afdbe78 100644
---- a/common/get-passphrase.h
-+++ b/common/get-passphrase.h
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_GET_PASSPHRASE_H
-diff --git a/common/gettime.c b/common/gettime.c
-index 2103d5f..e671001 100644
---- a/common/gettime.c
-+++ b/common/gettime.c
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/gettime.h b/common/gettime.h
-index 08cb3b1..73f1886 100644
---- a/common/gettime.h
-+++ b/common/gettime.h
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_GETTIME_H
-diff --git a/common/gpgrlhelp.c b/common/gpgrlhelp.c
-index e2fdb9a..680d999 100644
---- a/common/gpgrlhelp.c
-+++ b/common/gpgrlhelp.c
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- /* This module may by used by applications to initializes readline
-diff --git a/common/helpfile.c b/common/helpfile.c
-index 0fb4e02..7cb01a4 100644
---- a/common/helpfile.c
-+++ b/common/helpfile.c
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/homedir.c b/common/homedir.c
-index 13ed44c..59b7135 100644
---- a/common/homedir.c
-+++ b/common/homedir.c
-@@ -25,7 +25,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/host2net.h b/common/host2net.h
-index be5e520..9eeaf24 100644
---- a/common/host2net.h
-+++ b/common/host2net.h
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_HOST2NET_H
-diff --git a/common/i18n.c b/common/i18n.c
-index 413fa9a..b5a2864 100644
---- a/common/i18n.c
-+++ b/common/i18n.c
-@@ -23,7 +23,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/init.c b/common/init.c
-index f71c1be..77c520a 100644
---- a/common/init.c
-+++ b/common/init.c
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/init.h b/common/init.h
-index 530a479..28462a7 100644
---- a/common/init.h
-+++ b/common/init.h
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_INIT_H
-diff --git a/common/iobuf.c b/common/iobuf.c
-index 06d0b61..ed90bd7 100644
---- a/common/iobuf.c
-+++ b/common/iobuf.c
-@@ -26,7 +26,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/iobuf.h b/common/iobuf.h
-index a8ca4dc..4fa5660 100644
---- a/common/iobuf.h
-+++ b/common/iobuf.h
-@@ -25,7 +25,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_IOBUF_H
-diff --git a/common/keyserver.h b/common/keyserver.h
-index 200378d..850798e 100644
---- a/common/keyserver.h
-+++ b/common/keyserver.h
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_KEYSERVER_H
-diff --git a/common/localename.c b/common/localename.c
-index 876fdb0..2650ea7 100644
---- a/common/localename.c
-+++ b/common/localename.c
-@@ -23,7 +23,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public
-- * License along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * License along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
- /* Written by Ulrich Drepper <drepper at gnu.org>, 1995. */
- /* Win32 code written by Tor Lillqvist <tml at iki.fi>. */
-diff --git a/common/logging.c b/common/logging.c
-index c70ba35..6118117 100644
---- a/common/logging.c
-+++ b/common/logging.c
-@@ -26,7 +26,7 @@
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
-- * if not, see <http://www.gnu.org/licenses/>.
-+ * if not, see <https://www.gnu.org/licenses/>.
- */
-
-
-diff --git a/common/logging.h b/common/logging.h
-index 2f0b504..002cca8 100644
---- a/common/logging.h
-+++ b/common/logging.h
-@@ -26,7 +26,7 @@
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
-- * if not, see <http://www.gnu.org/licenses/>.
-+ * if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_LOGGING_H
-diff --git a/common/mapstrings.c b/common/mapstrings.c
-index 5c5bec9..614fddd 100644
---- a/common/mapstrings.c
-+++ b/common/mapstrings.c
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/mbox-util.c b/common/mbox-util.c
-index 2029324..de766d1 100644
---- a/common/mbox-util.c
-+++ b/common/mbox-util.c
-@@ -24,8 +24,8 @@
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
-- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * You should have received a copy of the GNU Lesser General Public License
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/mbox-util.h b/common/mbox-util.h
-index 4dd48ec..2897b95 100644
---- a/common/mbox-util.h
-+++ b/common/mbox-util.h
-@@ -23,8 +23,8 @@
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
-- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * You should have received a copy of the GNU Lesser General Public License
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
- #ifndef GNUPG_COMMON_MBOX_UTIL_H
- #define GNUPG_COMMON_MBOX_UTIL_H
-diff --git a/common/membuf.c b/common/membuf.c
-index fde24f6..4c1a844 100644
---- a/common/membuf.c
-+++ b/common/membuf.c
-@@ -25,7 +25,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/membuf.h b/common/membuf.h
-index a1610b6..1497bcd 100644
---- a/common/membuf.h
-+++ b/common/membuf.h
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_MEMBUF_H
-diff --git a/common/miscellaneous.c b/common/miscellaneous.c
-index 1327649..9924943 100644
---- a/common/miscellaneous.c
-+++ b/common/miscellaneous.c
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/mischelp.c b/common/mischelp.c
-index 5662191..fd8f675 100644
---- a/common/mischelp.c
-+++ b/common/mischelp.c
-@@ -25,7 +25,7 @@
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
-- * if not, see <http://www.gnu.org/licenses/>.
-+ * if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/mischelp.h b/common/mischelp.h
-index 3911202..1ad146e 100644
---- a/common/mischelp.h
-+++ b/common/mischelp.h
-@@ -26,7 +26,7 @@
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
-- * if not, see <http://www.gnu.org/licenses/>.
-+ * if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_MISCHELP_H
-diff --git a/common/mkdir_p.c b/common/mkdir_p.c
-index 37b44ec..c26cfee 100644
---- a/common/mkdir_p.c
-+++ b/common/mkdir_p.c
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/mkdir_p.h b/common/mkdir_p.h
-index 28f38d1..1e939b3 100644
---- a/common/mkdir_p.h
-+++ b/common/mkdir_p.h
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef MKDIR_P_H
-diff --git a/common/name-value.c b/common/name-value.c
-index ebc48e5..1018668 100644
---- a/common/name-value.c
-+++ b/common/name-value.c
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- /*
-diff --git a/common/name-value.h b/common/name-value.h
-index f5f17e6..db9270a 100644
---- a/common/name-value.h
-+++ b/common/name-value.h
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_NAME_VALUE_H
-diff --git a/common/openpgp-oid.c b/common/openpgp-oid.c
-index dd549e0..2cf9f70 100644
---- a/common/openpgp-oid.c
-+++ b/common/openpgp-oid.c
-@@ -25,7 +25,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/openpgpdefs.h b/common/openpgpdefs.h
-index 2c0ace2..3d5d306 100644
---- a/common/openpgpdefs.h
-+++ b/common/openpgpdefs.h
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_OPENPGPDEFS_H
-diff --git a/common/percent.c b/common/percent.c
-index 0cab99a..569c5fd 100644
---- a/common/percent.c
-+++ b/common/percent.c
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/recsel.c b/common/recsel.c
-index 5dc685f..0646647 100644
---- a/common/recsel.c
-+++ b/common/recsel.c
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/recsel.h b/common/recsel.h
-index be67afc..0e0a792 100644
---- a/common/recsel.h
-+++ b/common/recsel.h
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
- #ifndef GNUPG_COMMON_RECSEL_H
- #define GNUPG_COMMON_RECSEL_H
-diff --git a/common/server-help.c b/common/server-help.c
-index 2a59dc6..53a888a 100644
---- a/common/server-help.c
-+++ b/common/server-help.c
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/server-help.h b/common/server-help.h
-index 6df9e2c..9e3d7ad 100644
---- a/common/server-help.h
-+++ b/common/server-help.h
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_SERVER_HELP_H
-diff --git a/common/session-env.c b/common/session-env.c
-index 20b7c06..1bc3a2b 100644
---- a/common/session-env.c
-+++ b/common/session-env.c
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/session-env.h b/common/session-env.h
-index 1173ed5..8709e22 100644
---- a/common/session-env.h
-+++ b/common/session-env.h
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_SESSION_ENV_H
-diff --git a/common/sexp-parse.h b/common/sexp-parse.h
-index 442d106..9b14f77 100644
---- a/common/sexp-parse.h
-+++ b/common/sexp-parse.h
-@@ -22,7 +22,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef SEXP_PARSE_H
-diff --git a/common/sexputil.c b/common/sexputil.c
-index 5063546..0c5c730 100644
---- a/common/sexputil.c
-+++ b/common/sexputil.c
-@@ -25,7 +25,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- /* This file implements a few utility functions useful when working
-diff --git a/common/shareddefs.h b/common/shareddefs.h
-index 604b7e9..1594f66 100644
---- a/common/shareddefs.h
-+++ b/common/shareddefs.h
-@@ -22,7 +22,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_SHAREDDEFS_H
-diff --git a/common/signal.c b/common/signal.c
-index 9064adc..ccfa8e6 100644
---- a/common/signal.c
-+++ b/common/signal.c
-@@ -25,7 +25,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/simple-pwquery.c b/common/simple-pwquery.c
-index 240451b..94df2a2 100644
---- a/common/simple-pwquery.c
-+++ b/common/simple-pwquery.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- /* This module is intended as a simple client implementation to
-diff --git a/common/simple-pwquery.h b/common/simple-pwquery.h
-index 2b87b11..f98a396 100644
---- a/common/simple-pwquery.h
-+++ b/common/simple-pwquery.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef SIMPLE_PWQUERY_H
-diff --git a/common/ssh-utils.c b/common/ssh-utils.c
-index 58586a1..60aa07b 100644
---- a/common/ssh-utils.c
-+++ b/common/ssh-utils.c
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/ssh-utils.h b/common/ssh-utils.h
-index dcf0787..36d38a3 100644
---- a/common/ssh-utils.h
-+++ b/common/ssh-utils.h
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_SSH_UTILS_H
-diff --git a/common/status.c b/common/status.c
-index a16e7b4..50afce4 100644
---- a/common/status.c
-+++ b/common/status.c
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/status.h b/common/status.h
-index 079a04a..3de4aa5 100644
---- a/common/status.h
-+++ b/common/status.h
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_STATUS_H
-diff --git a/common/stringhelp.c b/common/stringhelp.c
-index f494bc5..dea2212 100644
---- a/common/stringhelp.c
-+++ b/common/stringhelp.c
-@@ -28,7 +28,7 @@
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
-- * if not, see <http://www.gnu.org/licenses/>.
-+ * if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/stringhelp.h b/common/stringhelp.h
-index 79d2284..d0156d5 100644
---- a/common/stringhelp.h
-+++ b/common/stringhelp.h
-@@ -27,7 +27,7 @@
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
-- * if not, see <http://www.gnu.org/licenses/>.
-+ * if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_STRINGHELP_H
-diff --git a/common/strlist.c b/common/strlist.c
-index d4f8644..02881cd 100644
---- a/common/strlist.c
-+++ b/common/strlist.c
-@@ -26,7 +26,7 @@
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
-- * if not, see <http://www.gnu.org/licenses/>.
-+ * if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/strlist.h b/common/strlist.h
-index 45f5543..d74bc4d 100644
---- a/common/strlist.h
-+++ b/common/strlist.h
-@@ -25,7 +25,7 @@
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
-- * if not, see <http://www.gnu.org/licenses/>.
-+ * if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_STRLIST_H
-diff --git a/common/sysutils.c b/common/sysutils.c
-index 2ca1f78..382b247 100644
---- a/common/sysutils.c
-+++ b/common/sysutils.c
-@@ -26,7 +26,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/sysutils.h b/common/sysutils.h
-index 5467b4c..0847da7 100644
---- a/common/sysutils.h
-+++ b/common/sysutils.h
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_SYSUTILS_H
-diff --git a/common/t-b64.c b/common/t-b64.c
-index c86c920..3b63872 100644
---- a/common/t-b64.c
-+++ b/common/t-b64.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- /*
-diff --git a/common/t-ccparray.c b/common/t-ccparray.c
-index 0512346..eb96526 100644
---- a/common/t-ccparray.c
-+++ b/common/t-ccparray.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/t-convert.c b/common/t-convert.c
-index 68824e0..e25de90 100644
---- a/common/t-convert.c
-+++ b/common/t-convert.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/t-exechelp.c b/common/t-exechelp.c
-index 3a47dc8..cf967fc 100644
---- a/common/t-exechelp.c
-+++ b/common/t-exechelp.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/t-exectool.c b/common/t-exectool.c
-index bbbf8fa..8b6ee6a 100644
---- a/common/t-exectool.c
-+++ b/common/t-exectool.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/t-gettime.c b/common/t-gettime.c
-index 8a222b7..9d9881a 100644
---- a/common/t-gettime.c
-+++ b/common/t-gettime.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/t-helpfile.c b/common/t-helpfile.c
-index 4c77c9a..0e2c79f 100644
---- a/common/t-helpfile.c
-+++ b/common/t-helpfile.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/t-mapstrings.c b/common/t-mapstrings.c
-index 8f4c650..0856c3c 100644
---- a/common/t-mapstrings.c
-+++ b/common/t-mapstrings.c
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/t-mbox-util.c b/common/t-mbox-util.c
-index ff48f6c..979d4b3 100644
---- a/common/t-mbox-util.c
-+++ b/common/t-mbox-util.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/t-name-value.c b/common/t-name-value.c
-index 3b01431..57f685f 100644
---- a/common/t-name-value.c
-+++ b/common/t-name-value.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/t-openpgp-oid.c b/common/t-openpgp-oid.c
-index afb6ebe..cb5709d 100644
---- a/common/t-openpgp-oid.c
-+++ b/common/t-openpgp-oid.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/t-percent.c b/common/t-percent.c
-index c148c22..145a89b 100644
---- a/common/t-percent.c
-+++ b/common/t-percent.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/t-recsel.c b/common/t-recsel.c
-index fe2a7b9..5b0248c 100644
---- a/common/t-recsel.c
-+++ b/common/t-recsel.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/t-session-env.c b/common/t-session-env.c
-index c5c7b0e..aa9d596 100644
---- a/common/t-session-env.c
-+++ b/common/t-session-env.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/t-sexputil.c b/common/t-sexputil.c
-index 77f8199..ceb8280 100644
---- a/common/t-sexputil.c
-+++ b/common/t-sexputil.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/t-ssh-utils.c b/common/t-ssh-utils.c
-index 961f451..f63ea95 100644
---- a/common/t-ssh-utils.c
-+++ b/common/t-ssh-utils.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/t-stringhelp.c b/common/t-stringhelp.c
-index 93b014a..d86d896 100644
---- a/common/t-stringhelp.c
-+++ b/common/t-stringhelp.c
-@@ -26,7 +26,7 @@
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
-- * if not, see <http://www.gnu.org/licenses/>.
-+ * if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/t-strlist.c b/common/t-strlist.c
-index e49d5a7..bd835ca 100644
---- a/common/t-strlist.c
-+++ b/common/t-strlist.c
-@@ -25,7 +25,7 @@
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
-- * if not, see <http://www.gnu.org/licenses/>.
-+ * if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/t-support.h b/common/t-support.h
-index cda6759..5449a56 100644
---- a/common/t-support.h
-+++ b/common/t-support.h
-@@ -25,7 +25,7 @@
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
-- * if not, see <http://www.gnu.org/licenses/>.
-+ * if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_T_SUPPORT_H
-diff --git a/common/t-sysutils.c b/common/t-sysutils.c
-index 68c3e41..79f8385 100644
---- a/common/t-sysutils.c
-+++ b/common/t-sysutils.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/t-timestuff.c b/common/t-timestuff.c
-index a80aaff..1e524f5 100644
---- a/common/t-timestuff.c
-+++ b/common/t-timestuff.c
-@@ -25,7 +25,7 @@
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
-- * if not, see <http://www.gnu.org/licenses/>.
-+ * if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/t-w32-reg.c b/common/t-w32-reg.c
-index a26afe9..48ea0d4 100644
---- a/common/t-w32-reg.c
-+++ b/common/t-w32-reg.c
-@@ -25,7 +25,7 @@
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
-- * if not, see <http://www.gnu.org/licenses/>.
-+ * if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/t-zb32.c b/common/t-zb32.c
-index c46d47f..956c2f5 100644
---- a/common/t-zb32.c
-+++ b/common/t-zb32.c
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/tlv.c b/common/tlv.c
-index 1a6c18f..6813c58 100644
---- a/common/tlv.c
-+++ b/common/tlv.c
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/tlv.h b/common/tlv.h
-index 05ddaa4..ba4ea2e 100644
---- a/common/tlv.h
-+++ b/common/tlv.h
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef SCD_TLV_H
-diff --git a/common/ttyio.c b/common/ttyio.c
-index 6167412..5fb620d 100644
---- a/common/ttyio.c
-+++ b/common/ttyio.c
-@@ -25,7 +25,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/ttyio.h b/common/ttyio.h
-index 0a66d86..004aa85 100644
---- a/common/ttyio.h
-+++ b/common/ttyio.h
-@@ -25,7 +25,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
- #ifndef GNUPG_COMMON_TTYIO_H
- #define GNUPG_COMMON_TTYIO_H
-diff --git a/common/types.h b/common/types.h
-index 0767a27..7d85a35 100644
---- a/common/types.h
-+++ b/common/types.h
-@@ -25,7 +25,7 @@
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
-- * if not, see <http://www.gnu.org/licenses/>.
-+ * if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_TYPES_H
-diff --git a/common/userids.c b/common/userids.c
-index b761d14..01f2cd8 100644
---- a/common/userids.c
-+++ b/common/userids.c
-@@ -26,7 +26,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/userids.h b/common/userids.h
-index dcb6f4a..c60bc33 100644
---- a/common/userids.h
-+++ b/common/userids.h
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_USERIDS_H
-diff --git a/common/utf8conv.c b/common/utf8conv.c
-index 83e6eae..bce9e3a 100644
---- a/common/utf8conv.c
-+++ b/common/utf8conv.c
-@@ -26,7 +26,7 @@
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
-- * if not, see <http://www.gnu.org/licenses/>.
-+ * if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/utf8conv.h b/common/utf8conv.h
-index def35de..1c6c584 100644
---- a/common/utf8conv.h
-+++ b/common/utf8conv.h
-@@ -25,7 +25,7 @@
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
-- * if not, see <http://www.gnu.org/licenses/>.
-+ * if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_UTF8CONF_H
-diff --git a/common/util.h b/common/util.h
-index 543a70b..8f60bc8 100644
---- a/common/util.h
-+++ b/common/util.h
-@@ -25,7 +25,7 @@
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
-- * if not, see <http://www.gnu.org/licenses/>.
-+ * if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_UTIL_H
-diff --git a/common/utilproto.h b/common/utilproto.h
-index 5bb9dd1..7467f6b 100644
---- a/common/utilproto.h
-+++ b/common/utilproto.h
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- /* This file is in general included via util.h but sometimes we do not
-diff --git a/common/w32-reg.c b/common/w32-reg.c
-index 6afb599..2d64215 100644
---- a/common/w32-reg.c
-+++ b/common/w32-reg.c
-@@ -25,7 +25,7 @@
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
-- * if not, see <http://www.gnu.org/licenses/>.
-+ * if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/w32help.h b/common/w32help.h
-index be6dd3e..e495e34 100644
---- a/common/w32help.h
-+++ b/common/w32help.h
-@@ -25,7 +25,7 @@
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
-- * if not, see <http://www.gnu.org/licenses/>.
-+ * if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_W32HELP_H
-diff --git a/common/xasprintf.c b/common/xasprintf.c
-index 8adf2e4..00ff66a 100644
---- a/common/xasprintf.c
-+++ b/common/xasprintf.c
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/xreadline.c b/common/xreadline.c
-index f3c43df..b17579f 100644
---- a/common/xreadline.c
-+++ b/common/xreadline.c
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/yesno.c b/common/yesno.c
-index 7803349..58de63d 100644
---- a/common/yesno.c
-+++ b/common/yesno.c
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/zb32.c b/common/zb32.c
-index 54bd5d4..517321e 100644
---- a/common/zb32.c
-+++ b/common/zb32.c
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/common/zb32.h b/common/zb32.h
-index 1fb41ec..47bb1f8 100644
---- a/common/zb32.h
-+++ b/common/zb32.h
-@@ -24,7 +24,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_COMMON_ZB32_H
-diff --git a/configure.ac b/configure.ac
-index 1c00114..986eed4 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -15,7 +15,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
- # Process this file with autoconf to produce a configure script.
- AC_PREREQ(2.61)
-diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am
-index 6c85886..eb75f5e 100644
---- a/dirmngr/Makefile.am
-+++ b/dirmngr/Makefile.am
-@@ -15,7 +15,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
- ## Process this file with automake to produce Makefile.in
-
-diff --git a/dirmngr/certcache.c b/dirmngr/certcache.c
-index 9e741c1..ad85d99 100644
---- a/dirmngr/certcache.c
-+++ b/dirmngr/certcache.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/dirmngr/crlcache.c b/dirmngr/crlcache.c
-index 94d5f5f..07fa5b1 100644
---- a/dirmngr/crlcache.c
-+++ b/dirmngr/crlcache.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- /*
-diff --git a/dirmngr/crlfetch.c b/dirmngr/crlfetch.c
-index 7e814f5..8fe6e0b 100644
---- a/dirmngr/crlfetch.c
-+++ b/dirmngr/crlfetch.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/dirmngr/crlfetch.h b/dirmngr/crlfetch.h
-index dd28238..cf4a3c0 100644
---- a/dirmngr/crlfetch.h
-+++ b/dirmngr/crlfetch.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef CRLFETCH_H
-diff --git a/dirmngr/dirmngr-client.c b/dirmngr/dirmngr-client.c
-index 9b004cc..01cface 100644
---- a/dirmngr/dirmngr-client.c
-+++ b/dirmngr/dirmngr-client.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
-index 3d43bda..6c04e76 100644
---- a/dirmngr/dirmngr.c
-+++ b/dirmngr/dirmngr.c
-@@ -16,7 +16,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h
-index 613633f..3b26c33 100644
---- a/dirmngr/dirmngr.h
-+++ b/dirmngr/dirmngr.h
-@@ -16,7 +16,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef DIRMNGR_H
-diff --git a/dirmngr/dirmngr_ldap.c b/dirmngr/dirmngr_ldap.c
-index c5702b1..a0acb8e 100644
---- a/dirmngr/dirmngr_ldap.c
-+++ b/dirmngr/dirmngr_ldap.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
-index 4bd3a87..70554f6 100644
---- a/dirmngr/dns-stuff.c
-+++ b/dirmngr/dns-stuff.c
-@@ -25,7 +25,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/dirmngr/dns-stuff.h b/dirmngr/dns-stuff.h
-index ee5132d..10e6d8d 100644
---- a/dirmngr/dns-stuff.h
-+++ b/dirmngr/dns-stuff.h
-@@ -25,7 +25,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
- #ifndef GNUPG_DIRMNGR_DNS_STUFF_H
- #define GNUPG_DIRMNGR_DNS_STUFF_H
-diff --git a/dirmngr/http.c b/dirmngr/http.c
-index 18e3b72..25c5a16 100644
---- a/dirmngr/http.c
-+++ b/dirmngr/http.c
-@@ -27,7 +27,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- /* Simple HTTP client implementation. We try to keep the code as
-diff --git a/dirmngr/http.h b/dirmngr/http.h
-index 569ccea..4a70caf 100644
---- a/dirmngr/http.h
-+++ b/dirmngr/http.h
-@@ -26,7 +26,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
- #ifndef GNUPG_COMMON_HTTP_H
- #define GNUPG_COMMON_HTTP_H
-diff --git a/dirmngr/ks-action.c b/dirmngr/ks-action.c
-index 21aa646..1087bb5 100644
---- a/dirmngr/ks-action.c
-+++ b/dirmngr/ks-action.c
-@@ -16,7 +16,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/dirmngr/ks-action.h b/dirmngr/ks-action.h
-index c373bf9..d576ef0 100644
---- a/dirmngr/ks-action.h
-+++ b/dirmngr/ks-action.h
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef DIRMNGR_KS_ACTION_H
-diff --git a/dirmngr/ks-engine-finger.c b/dirmngr/ks-engine-finger.c
-index 96e092d..b1f02ad 100644
---- a/dirmngr/ks-engine-finger.c
-+++ b/dirmngr/ks-engine-finger.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
-index bcc1750..8530851 100644
---- a/dirmngr/ks-engine-hkp.c
-+++ b/dirmngr/ks-engine-hkp.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/dirmngr/ks-engine-http.c b/dirmngr/ks-engine-http.c
-index adee04f..4c4ab1e 100644
---- a/dirmngr/ks-engine-http.c
-+++ b/dirmngr/ks-engine-http.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/dirmngr/ks-engine-kdns.c b/dirmngr/ks-engine-kdns.c
-index 748274d..d49d046 100644
---- a/dirmngr/ks-engine-kdns.c
-+++ b/dirmngr/ks-engine-kdns.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c
-index 9b9efc7..59aa6d9 100644
---- a/dirmngr/ks-engine-ldap.c
-+++ b/dirmngr/ks-engine-ldap.c
-@@ -16,7 +16,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/dirmngr/ks-engine.h b/dirmngr/ks-engine.h
-index cb48f7f..b5b4dd0 100644
---- a/dirmngr/ks-engine.h
-+++ b/dirmngr/ks-engine.h
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef DIRMNGR_KS_ENGINE_H
-diff --git a/dirmngr/ldap-parse-uri.c b/dirmngr/ldap-parse-uri.c
-index 62f8f6d..9671496 100644
---- a/dirmngr/ldap-parse-uri.c
-+++ b/dirmngr/ldap-parse-uri.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/dirmngr/ldap-parse-uri.h b/dirmngr/ldap-parse-uri.h
-index 1ef1b91..bdbb6c3 100644
---- a/dirmngr/ldap-parse-uri.h
-+++ b/dirmngr/ldap-parse-uri.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef DIRMNGR_LDAP_PARSE_URI_H
-diff --git a/dirmngr/ldap-wrapper-ce.c b/dirmngr/ldap-wrapper-ce.c
-index ce63ea6..478e694 100644
---- a/dirmngr/ldap-wrapper-ce.c
-+++ b/dirmngr/ldap-wrapper-ce.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- /*
-diff --git a/dirmngr/ldap-wrapper.c b/dirmngr/ldap-wrapper.c
-index 5fa3eac..b9931a0 100644
---- a/dirmngr/ldap-wrapper.c
-+++ b/dirmngr/ldap-wrapper.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- /*
-diff --git a/dirmngr/ldap-wrapper.h b/dirmngr/ldap-wrapper.h
-index f7f5680..a015efa 100644
---- a/dirmngr/ldap-wrapper.h
-+++ b/dirmngr/ldap-wrapper.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef LDAP_WRAPPER_H
-diff --git a/dirmngr/ldapserver.h b/dirmngr/ldapserver.h
-index 8056e67..b6eb452 100644
---- a/dirmngr/ldapserver.h
-+++ b/dirmngr/ldapserver.h
-@@ -14,7 +14,7 @@
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
-- along with this program; if not, see <http://www.gnu.org/licenses/>. */
-+ along with this program; if not, see <https://www.gnu.org/licenses/>. */
-
- #ifndef LDAPSERVER_H
- #define LDAPSERVER_H
-diff --git a/dirmngr/server.c b/dirmngr/server.c
-index e3a6497..6862aa0 100644
---- a/dirmngr/server.c
-+++ b/dirmngr/server.c
-@@ -16,7 +16,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/dirmngr/t-dns-stuff.c b/dirmngr/t-dns-stuff.c
-index 05b39a0..5e8bf22 100644
---- a/dirmngr/t-dns-stuff.c
-+++ b/dirmngr/t-dns-stuff.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/dirmngr/t-http.c b/dirmngr/t-http.c
-index 59959c4..a87382a 100644
---- a/dirmngr/t-http.c
-+++ b/dirmngr/t-http.c
-@@ -26,7 +26,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/dirmngr/t-ldap-parse-uri.c b/dirmngr/t-ldap-parse-uri.c
-index 145b47a..932ca7d 100644
---- a/dirmngr/t-ldap-parse-uri.c
-+++ b/dirmngr/t-ldap-parse-uri.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/dirmngr/t-support.h b/dirmngr/t-support.h
-index 99fd267..f773f1e 100644
---- a/dirmngr/t-support.h
-+++ b/dirmngr/t-support.h
-@@ -25,7 +25,7 @@
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
-- * if not, see <http://www.gnu.org/licenses/>.
-+ * if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef DIRMNGR_T_SUPPORT_H
-diff --git a/dirmngr/w32-ldap-help.h b/dirmngr/w32-ldap-help.h
-index 80668d9..566a346 100644
---- a/dirmngr/w32-ldap-help.h
-+++ b/dirmngr/w32-ldap-help.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef W32_LDAP_HELP_H
-diff --git a/doc/Makefile.am b/doc/Makefile.am
-index 8b6b1a5..f96a5c4 100644
---- a/doc/Makefile.am
-+++ b/doc/Makefile.am
-@@ -13,7 +13,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
- ## Process this file with automake to produce Makefile.in
-
-diff --git a/doc/gpl.texi b/doc/gpl.texi
-index d13e9e4..931a93d 100644
---- a/doc/gpl.texi
-+++ b/doc/gpl.texi
-@@ -6,7 +6,7 @@
- @c This file is intended to be included in another file.
-
- @display
--Copyright @copyright{} 2007 Free Software Foundation, Inc. @url{http://fsf.org/}
-+Copyright @copyright{} 2007 Free Software Foundation, Inc. @url{https://fsf.org/}
-
- Everyone is permitted to copy and distribute verbatim copies of this
- license document, but changing it is not allowed.
-@@ -696,7 +696,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
-
- You should have received a copy of the GNU General Public License
--along with this program. If not, see @url{http://www.gnu.org/licenses/}.
-+along with this program. If not, see @url{https://www.gnu.org/licenses/}.
- @end example
-
- @noindent
-@@ -722,11 +722,11 @@ use an ``about box''.
- You should also get your employer (if you work as a programmer) or school,
- if any, to sign a ``copyright disclaimer'' for the program, if necessary.
- For more information on this, and how to apply and follow the GNU GPL, see
-- at url{http://www.gnu.org/licenses/}.
-+ at url{https://www.gnu.org/licenses/}.
-
- The GNU General Public License does not permit incorporating your
- program into proprietary programs. If your program is a subroutine
- library, you may consider it more useful to permit linking proprietary
- applications with the library. If this is what you want to do, use
- the GNU Lesser General Public License instead of this License. But
--first, please read @url{http://www.gnu.org/philosophy/why-not-lgpl.html}.
-+first, please read @url{https://www.gnu.org/philosophy/why-not-lgpl.html}.
-diff --git a/doc/help.be.txt b/doc/help.be.txt
-index d6d07e8..0ac3be7 100644
---- a/doc/help.be.txt
-+++ b/doc/help.be.txt
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
-
- .#gpg.edit_ownertrust.value
-diff --git a/doc/help.ca.txt b/doc/help.ca.txt
-index d6d07e8..0ac3be7 100644
---- a/doc/help.ca.txt
-+++ b/doc/help.ca.txt
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
-
- .#gpg.edit_ownertrust.value
-diff --git a/doc/help.cs.txt b/doc/help.cs.txt
-index d6d07e8..0ac3be7 100644
---- a/doc/help.cs.txt
-+++ b/doc/help.cs.txt
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
-
- .#gpg.edit_ownertrust.value
-diff --git a/doc/help.da.txt b/doc/help.da.txt
-index d6d07e8..0ac3be7 100644
---- a/doc/help.da.txt
-+++ b/doc/help.da.txt
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
-
- .#gpg.edit_ownertrust.value
-diff --git a/doc/help.de.txt b/doc/help.de.txt
-index 7b2fffe..ce0ce14 100644
---- a/doc/help.de.txt
-+++ b/doc/help.de.txt
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
-
- # Die Datei help.txt beschreibt das verwendete Format.
-diff --git a/doc/help.el.txt b/doc/help.el.txt
-index d6d07e8..0ac3be7 100644
---- a/doc/help.el.txt
-+++ b/doc/help.el.txt
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
-
- .#gpg.edit_ownertrust.value
-diff --git a/doc/help.eo.txt b/doc/help.eo.txt
-index d6d07e8..0ac3be7 100644
---- a/doc/help.eo.txt
-+++ b/doc/help.eo.txt
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
-
- .#gpg.edit_ownertrust.value
-diff --git a/doc/help.es.txt b/doc/help.es.txt
-index 42e531b..d59f214 100644
---- a/doc/help.es.txt
-+++ b/doc/help.es.txt
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
-
- .gpg.edit_ownertrust.value
-diff --git a/doc/help.et.txt b/doc/help.et.txt
-index d6d07e8..0ac3be7 100644
---- a/doc/help.et.txt
-+++ b/doc/help.et.txt
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
-
- .#gpg.edit_ownertrust.value
-diff --git a/doc/help.fi.txt b/doc/help.fi.txt
-index 9f92246..4286cc0 100644
---- a/doc/help.fi.txt
-+++ b/doc/help.fi.txt
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
-
- .gpg.edit_ownertrust.value
-diff --git a/doc/help.fr.txt b/doc/help.fr.txt
-index c18fea0..4e4e7da 100644
---- a/doc/help.fr.txt
-+++ b/doc/help.fr.txt
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
-
- .gpg.edit_ownertrust.value
-diff --git a/doc/help.gl.txt b/doc/help.gl.txt
-index d6d07e8..0ac3be7 100644
---- a/doc/help.gl.txt
-+++ b/doc/help.gl.txt
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
-
- .#gpg.edit_ownertrust.value
-diff --git a/doc/help.hu.txt b/doc/help.hu.txt
-index 1440dae..81b3991 100644
---- a/doc/help.hu.txt
-+++ b/doc/help.hu.txt
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
-
- .gpg.edit_ownertrust.value
-diff --git a/doc/help.id.txt b/doc/help.id.txt
-index ae9e808..c07492f 100644
---- a/doc/help.id.txt
-+++ b/doc/help.id.txt
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
-
- .gpg.edit_ownertrust.value
-diff --git a/doc/help.it.txt b/doc/help.it.txt
-index db6127f..675f8c0 100644
---- a/doc/help.it.txt
-+++ b/doc/help.it.txt
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
-
- .gpg.edit_ownertrust.value
-diff --git a/doc/help.ja.txt b/doc/help.ja.txt
-index 0a538b8..c503de6 100644
---- a/doc/help.ja.txt
-+++ b/doc/help.ja.txt
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
- .#pinentry.qualitybar.tooltip
- # [ このエントリは有効にするには、上記のキーの # を削除してください。]
-diff --git a/doc/help.nb.txt b/doc/help.nb.txt
-index d6d07e8..0ac3be7 100644
---- a/doc/help.nb.txt
-+++ b/doc/help.nb.txt
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
-
- .#gpg.edit_ownertrust.value
-diff --git a/doc/help.pl.txt b/doc/help.pl.txt
-index ef719a8..c5444b6 100644
---- a/doc/help.pl.txt
-+++ b/doc/help.pl.txt
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
-
- .gpg.edit_ownertrust.value
-diff --git a/doc/help.pt.txt b/doc/help.pt.txt
-index dac17c0..da9a181 100644
---- a/doc/help.pt.txt
-+++ b/doc/help.pt.txt
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
-
- .gpg.edit_ownertrust.value
-diff --git a/doc/help.pt_BR.txt b/doc/help.pt_BR.txt
-index 25a23c3..e88265c 100644
---- a/doc/help.pt_BR.txt
-+++ b/doc/help.pt_BR.txt
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
-
- .gpg.edit_ownertrust.value
-diff --git a/doc/help.ro.txt b/doc/help.ro.txt
-index f655fdf..b26dd53 100644
---- a/doc/help.ro.txt
-+++ b/doc/help.ro.txt
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
-
- .gpg.edit_ownertrust.value
-diff --git a/doc/help.ru.txt b/doc/help.ru.txt
-index 5a98cb3..b78e1ff 100644
---- a/doc/help.ru.txt
-+++ b/doc/help.ru.txt
-@@ -15,7 +15,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
- # The translated revision was taken from HEAD b8bb16c6c08d3c2947f1ff67
- # which is the same as the revision from STABLE-BRANCH-2-0 776bee6d370
-diff --git a/doc/help.sk.txt b/doc/help.sk.txt
-index a0fa4aa..9e50c76 100644
---- a/doc/help.sk.txt
-+++ b/doc/help.sk.txt
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
-
- .gpg.edit_ownertrust.value
-diff --git a/doc/help.sv.txt b/doc/help.sv.txt
-index d6d07e8..0ac3be7 100644
---- a/doc/help.sv.txt
-+++ b/doc/help.sv.txt
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
-
- .#gpg.edit_ownertrust.value
-diff --git a/doc/help.tr.txt b/doc/help.tr.txt
-index 15bdf8e..086f191 100644
---- a/doc/help.tr.txt
-+++ b/doc/help.tr.txt
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
-
- .gpg.edit_ownertrust.value
-diff --git a/doc/help.txt b/doc/help.txt
-index 192ffff..3a75922 100644
---- a/doc/help.txt
-+++ b/doc/help.txt
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
-
- # Note that this help file needs to be UTF-8 encoded. When looking
-diff --git a/doc/help.zh_CN.txt b/doc/help.zh_CN.txt
-index e000fa0..7b199c2 100644
---- a/doc/help.zh_CN.txt
-+++ b/doc/help.zh_CN.txt
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
-
- .gpg.edit_ownertrust.value
-diff --git a/doc/help.zh_TW.txt b/doc/help.zh_TW.txt
-index 800dad9..5665b70 100644
---- a/doc/help.zh_TW.txt
-+++ b/doc/help.zh_TW.txt
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
-
- .gpg.edit_ownertrust.value
-diff --git a/g10/Makefile.am b/g10/Makefile.am
-index fc33e83..fc31869 100644
---- a/g10/Makefile.am
-+++ b/g10/Makefile.am
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
- ## Process this file with automake to produce Makefile.in
-
-diff --git a/g10/armor.c b/g10/armor.c
-index 9e58520..d13ab60 100644
---- a/g10/armor.c
-+++ b/g10/armor.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/build-packet.c b/g10/build-packet.c
-index 0115d64..ad46a02 100644
---- a/g10/build-packet.c
-+++ b/g10/build-packet.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/call-agent.c b/g10/call-agent.c
-index eeea7bf..1d4bd66 100644
---- a/g10/call-agent.c
-+++ b/g10/call-agent.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/call-agent.h b/g10/call-agent.h
-index 032c345..e4fea57 100644
---- a/g10/call-agent.h
-+++ b/g10/call-agent.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
- #ifndef GNUPG_G10_CALL_AGENT_H
- #define GNUPG_G10_CALL_AGENT_H
-diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c
-index 3970b9f..30a5ea1 100644
---- a/g10/call-dirmngr.c
-+++ b/g10/call-dirmngr.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/call-dirmngr.h b/g10/call-dirmngr.h
-index 4dc1e30..9b4604d 100644
---- a/g10/call-dirmngr.h
-+++ b/g10/call-dirmngr.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
- #ifndef GNUPG_G10_CALL_DIRMNGR_H
- #define GNUPG_G10_CALL_DIRMNGR_H
-diff --git a/g10/card-util.c b/g10/card-util.c
-index b5fe84b..fb89a99 100644
---- a/g10/card-util.c
-+++ b/g10/card-util.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/cipher.c b/g10/cipher.c
-index ae7ba17..98f398e 100644
---- a/g10/cipher.c
-+++ b/g10/cipher.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/compress-bz2.c b/g10/compress-bz2.c
-index 128eadf..22cefd9 100644
---- a/g10/compress-bz2.c
-+++ b/g10/compress-bz2.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/compress.c b/g10/compress.c
-index c34beec..fbc8097 100644
---- a/g10/compress.c
-+++ b/g10/compress.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- /* Note that the code in compress-bz2.c is nearly identical to the
-diff --git a/g10/cpr.c b/g10/cpr.c
-index 7760847..89a00a1 100644
---- a/g10/cpr.c
-+++ b/g10/cpr.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/dearmor.c b/g10/dearmor.c
-index 38c3a3c..6217dda 100644
---- a/g10/dearmor.c
-+++ b/g10/dearmor.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/decrypt-data.c b/g10/decrypt-data.c
-index 96d2177..585b150 100644
---- a/g10/decrypt-data.c
-+++ b/g10/decrypt-data.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/decrypt.c b/g10/decrypt.c
-index 27f51f6..751b7be 100644
---- a/g10/decrypt.c
-+++ b/g10/decrypt.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/dek.h b/g10/dek.h
-index 1a879e3..666810c 100644
---- a/g10/dek.h
-+++ b/g10/dek.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
- #ifndef G10_DEK_H
- #define G10_DEK_H
-diff --git a/g10/delkey.c b/g10/delkey.c
-index 966c571..06aca9e 100644
---- a/g10/delkey.c
-+++ b/g10/delkey.c
-@@ -16,7 +16,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/ecdh.c b/g10/ecdh.c
-index dd47544..89e8cf1 100644
---- a/g10/ecdh.c
-+++ b/g10/ecdh.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/encrypt.c b/g10/encrypt.c
-index 2985408..5268946 100644
---- a/g10/encrypt.c
-+++ b/g10/encrypt.c
-@@ -16,7 +16,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/exec.c b/g10/exec.c
-index 30108eb..b868a1f 100644
---- a/g10/exec.c
-+++ b/g10/exec.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- /*
-diff --git a/g10/exec.h b/g10/exec.h
-index 51304ad..1cb1c72 100644
---- a/g10/exec.h
-+++ b/g10/exec.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef _EXEC_H_
-diff --git a/g10/export.c b/g10/export.c
-index 8c15868..104989f 100644
---- a/g10/export.c
-+++ b/g10/export.c
-@@ -16,7 +16,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/filter.h b/g10/filter.h
-index c3c7966..7accd7d 100644
---- a/g10/filter.h
-+++ b/g10/filter.h
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
- #ifndef G10_FILTER_H
- #define G10_FILTER_H
-diff --git a/g10/free-packet.c b/g10/free-packet.c
-index 516e9a1..2ca1d3b 100644
---- a/g10/free-packet.c
-+++ b/g10/free-packet.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/getkey.c b/g10/getkey.c
-index 3ef8d73..e66f623 100644
---- a/g10/getkey.c
-+++ b/g10/getkey.c
-@@ -16,7 +16,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/gpg.c b/g10/gpg.c
-index ae2125f..38d721c 100644
---- a/g10/gpg.c
-+++ b/g10/gpg.c
-@@ -16,7 +16,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/gpg.h b/g10/gpg.h
-index 1aaff2f..248e097 100644
---- a/g10/gpg.h
-+++ b/g10/gpg.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
- #ifndef GNUPG_G10_GPG_H
- #define GNUPG_G10_GPG_H
-diff --git a/g10/gpgcompose.c b/g10/gpgcompose.c
-index e3bb013..9ff9c2d 100644
---- a/g10/gpgcompose.c
-+++ b/g10/gpgcompose.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/gpgsql.c b/g10/gpgsql.c
-index 72f51b5..2ee9379 100644
---- a/g10/gpgsql.c
-+++ b/g10/gpgsql.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/gpgsql.h b/g10/gpgsql.h
-index a540684..a1fd319 100644
---- a/g10/gpgsql.h
-+++ b/g10/gpgsql.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_GPGSQL_H
-diff --git a/g10/gpgv.c b/g10/gpgv.c
-index 81773db..64c9799 100644
---- a/g10/gpgv.c
-+++ b/g10/gpgv.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/helptext.c b/g10/helptext.c
-index 7bca1db..730f699 100644
---- a/g10/helptext.c
-+++ b/g10/helptext.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/import.c b/g10/import.c
-index 83298b3..31904c4 100644
---- a/g10/import.c
-+++ b/g10/import.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/kbnode.c b/g10/kbnode.c
-index e814fa8..6700dc0 100644
---- a/g10/kbnode.c
-+++ b/g10/kbnode.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/keydb.c b/g10/keydb.c
-index b959f05..76850f9 100644
---- a/g10/keydb.c
-+++ b/g10/keydb.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/keydb.h b/g10/keydb.h
-index 35512bb..bc8c31a 100644
---- a/g10/keydb.h
-+++ b/g10/keydb.h
-@@ -16,7 +16,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef G10_KEYDB_H
-diff --git a/g10/keyedit.c b/g10/keyedit.c
-index 39c3572..ebbf96f 100644
---- a/g10/keyedit.c
-+++ b/g10/keyedit.c
-@@ -16,7 +16,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/keygen.c b/g10/keygen.c
-index d98b70b..e3cf818 100644
---- a/g10/keygen.c
-+++ b/g10/keygen.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/keyid.c b/g10/keyid.c
-index bd396ee..7d37dd1 100644
---- a/g10/keyid.c
-+++ b/g10/keyid.c
-@@ -17,7 +17,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/keylist.c b/g10/keylist.c
-index ad744d4..207321e 100644
---- a/g10/keylist.c
-+++ b/g10/keylist.c
-@@ -16,7 +16,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/keyring.c b/g10/keyring.c
-index aa73290..091151b 100644
---- a/g10/keyring.c
-+++ b/g10/keyring.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/keyring.h b/g10/keyring.h
-index 14d9f42..07f3835 100644
---- a/g10/keyring.h
-+++ b/g10/keyring.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GPG_KEYRING_H
-diff --git a/g10/keyserver-internal.h b/g10/keyserver-internal.h
-index f57dcaa..5749232 100644
---- a/g10/keyserver-internal.h
-+++ b/g10/keyserver-internal.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef _KEYSERVER_INTERNAL_H_
-diff --git a/g10/keyserver.c b/g10/keyserver.c
-index 2e2d6a4..74f13b3 100644
---- a/g10/keyserver.c
-+++ b/g10/keyserver.c
-@@ -16,7 +16,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/main.h b/g10/main.h
-index c7ded7c..d66bfa8 100644
---- a/g10/main.h
-+++ b/g10/main.h
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
- #ifndef G10_MAIN_H
- #define G10_MAIN_H
-diff --git a/g10/mainproc.c b/g10/mainproc.c
-index 6847b64..0ae733b 100644
---- a/g10/mainproc.c
-+++ b/g10/mainproc.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/mdfilter.c b/g10/mdfilter.c
-index 0dbbc3c..69b226c 100644
---- a/g10/mdfilter.c
-+++ b/g10/mdfilter.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/migrate.c b/g10/migrate.c
-index a9da5a0..6ff1014 100644
---- a/g10/migrate.c
-+++ b/g10/migrate.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/misc.c b/g10/misc.c
-index d2537cf..4f9ece3 100644
---- a/g10/misc.c
-+++ b/g10/misc.c
-@@ -16,7 +16,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/openfile.c b/g10/openfile.c
-index ad25604..f62deec 100644
---- a/g10/openfile.c
-+++ b/g10/openfile.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/options.h b/g10/options.h
-index 6b8f649..6bb71af 100644
---- a/g10/options.h
-+++ b/g10/options.h
-@@ -16,7 +16,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
- #ifndef G10_OPTIONS_H
- #define G10_OPTIONS_H
-diff --git a/g10/packet.h b/g10/packet.h
-index 9c9e909..bacdf29 100644
---- a/g10/packet.h
-+++ b/g10/packet.h
-@@ -16,7 +16,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef G10_PACKET_H
-diff --git a/g10/parse-packet.c b/g10/parse-packet.c
-index 86c2be4..f079008 100644
---- a/g10/parse-packet.c
-+++ b/g10/parse-packet.c
-@@ -17,7 +17,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/passphrase.c b/g10/passphrase.c
-index d75d980..ccd232a 100644
---- a/g10/passphrase.c
-+++ b/g10/passphrase.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/photoid.c b/g10/photoid.c
-index e188653..b61ed1b 100644
---- a/g10/photoid.c
-+++ b/g10/photoid.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/photoid.h b/g10/photoid.h
-index 9fc758e..fc7ec6f 100644
---- a/g10/photoid.h
-+++ b/g10/photoid.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- /* Photo ID functions */
-diff --git a/g10/pkclist.c b/g10/pkclist.c
-index 63d32d1..73bc1c9 100644
---- a/g10/pkclist.c
-+++ b/g10/pkclist.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/pkglue.c b/g10/pkglue.c
-index 35c4cd1..198e6bc 100644
---- a/g10/pkglue.c
-+++ b/g10/pkglue.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/pkglue.h b/g10/pkglue.h
-index ba1097c..77a3801 100644
---- a/g10/pkglue.h
-+++ b/g10/pkglue.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_G10_PKGLUE_H
-diff --git a/g10/plaintext.c b/g10/plaintext.c
-index c9fb67c..bdf5592 100644
---- a/g10/plaintext.c
-+++ b/g10/plaintext.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/progress.c b/g10/progress.c
-index f151657..feb639e 100644
---- a/g10/progress.c
-+++ b/g10/progress.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
-index 0df9bfa..117744f 100644
---- a/g10/pubkey-enc.c
-+++ b/g10/pubkey-enc.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/revoke.c b/g10/revoke.c
-index 15a91ac..68fc44a 100644
---- a/g10/revoke.c
-+++ b/g10/revoke.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/rmd160.c b/g10/rmd160.c
-index 8eb005f..7c77ca5 100644
---- a/g10/rmd160.c
-+++ b/g10/rmd160.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- /* For historic reasons gpg uses RIPE-MD160 to to identify names in
-diff --git a/g10/rmd160.h b/g10/rmd160.h
-index 551898b..f186b72 100644
---- a/g10/rmd160.h
-+++ b/g10/rmd160.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
- #ifndef G10_RMD160_H
- #define G10_RMD160_H
-diff --git a/g10/server.c b/g10/server.c
-index 0e15176..b89f0be 100644
---- a/g10/server.c
-+++ b/g10/server.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/seskey.c b/g10/seskey.c
-index e5385af..b2f7169 100644
---- a/g10/seskey.c
-+++ b/g10/seskey.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/sig-check.c b/g10/sig-check.c
-index 334add7..a5ce26d 100644
---- a/g10/sig-check.c
-+++ b/g10/sig-check.c
-@@ -16,7 +16,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/sign.c b/g10/sign.c
-index e5fbd9d..a391128 100644
---- a/g10/sign.c
-+++ b/g10/sign.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/skclist.c b/g10/skclist.c
-index 4cd7f33..cedbce7 100644
---- a/g10/skclist.c
-+++ b/g10/skclist.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/t-keydb-get-keyblock.c b/g10/t-keydb-get-keyblock.c
-index cab1448..993d879 100644
---- a/g10/t-keydb-get-keyblock.c
-+++ b/g10/t-keydb-get-keyblock.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include "test.c"
-diff --git a/g10/t-keydb.c b/g10/t-keydb.c
-index 3606e2e..5eb8d01 100644
---- a/g10/t-keydb.c
-+++ b/g10/t-keydb.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include "test.c"
-diff --git a/g10/t-rmd160.c b/g10/t-rmd160.c
-index ea2933f..e79d15d 100644
---- a/g10/t-rmd160.c
-+++ b/g10/t-rmd160.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/t-stutter.c b/g10/t-stutter.c
-index f3fc653..a2e9666 100644
---- a/g10/t-stutter.c
-+++ b/g10/t-stutter.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- /* This test is based on the paper: "An Attack on CFB Mode Encryption
-diff --git a/g10/tdbdump.c b/g10/tdbdump.c
-index 4c3d7a8..41a0258 100644
---- a/g10/tdbdump.c
-+++ b/g10/tdbdump.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/tdbio.c b/g10/tdbio.c
-index 02fa91e..c1cb312 100644
---- a/g10/tdbio.c
-+++ b/g10/tdbio.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/tdbio.h b/g10/tdbio.h
-index 2e15ffe..1f66b03 100644
---- a/g10/tdbio.h
-+++ b/g10/tdbio.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef G10_TDBIO_H
-diff --git a/g10/test-stubs.c b/g10/test-stubs.c
-index c5f2f79..6ce3181 100644
---- a/g10/test-stubs.c
-+++ b/g10/test-stubs.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/test.c b/g10/test.c
-index e9e2074..734458a 100644
---- a/g10/test.c
-+++ b/g10/test.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/textfilter.c b/g10/textfilter.c
-index 6ca4f88..cb5d444 100644
---- a/g10/textfilter.c
-+++ b/g10/textfilter.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/tofu.c b/g10/tofu.c
-index 87c7e87..21c737e 100644
---- a/g10/tofu.c
-+++ b/g10/tofu.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- /* TODO:
-diff --git a/g10/tofu.h b/g10/tofu.h
-index e3ec819..82c3a3e 100644
---- a/g10/tofu.h
-+++ b/g10/tofu.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef G10_TOFU_H
-diff --git a/g10/trust.c b/g10/trust.c
-index 8790754..2a829b8 100644
---- a/g10/trust.c
-+++ b/g10/trust.c
-@@ -16,7 +16,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/trustdb.c b/g10/trustdb.c
-index 7097be2..0bc9009 100644
---- a/g10/trustdb.c
-+++ b/g10/trustdb.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g10/trustdb.h b/g10/trustdb.h
-index 47d7b72..77aa79d 100644
---- a/g10/trustdb.h
-+++ b/g10/trustdb.h
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef G10_TRUSTDB_H
-diff --git a/g10/verify.c b/g10/verify.c
-index 5cd0bd7..7327e85 100644
---- a/g10/verify.c
-+++ b/g10/verify.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g13/Makefile.am b/g13/Makefile.am
-index 90dd471..c0e7a71 100644
---- a/g13/Makefile.am
-+++ b/g13/Makefile.am
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
- ## Process this file with automake to produce Makefile.in
-
-diff --git a/g13/backend.c b/g13/backend.c
-index 659c6b7..a495f8a 100644
---- a/g13/backend.c
-+++ b/g13/backend.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g13/backend.h b/g13/backend.h
-index d1cedb3..2805d99 100644
---- a/g13/backend.h
-+++ b/g13/backend.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef G13_BACKEND_H
-diff --git a/g13/be-dmcrypt.c b/g13/be-dmcrypt.c
-index c65be08..e048b99 100644
---- a/g13/be-dmcrypt.c
-+++ b/g13/be-dmcrypt.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g13/be-dmcrypt.h b/g13/be-dmcrypt.h
-index 189bfee..cc0fce5 100644
---- a/g13/be-dmcrypt.h
-+++ b/g13/be-dmcrypt.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef G13_BE_DMCRYPT_H
-diff --git a/g13/be-encfs.c b/g13/be-encfs.c
-index a873541..6c648ab 100644
---- a/g13/be-encfs.c
-+++ b/g13/be-encfs.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g13/be-encfs.h b/g13/be-encfs.h
-index 744c16a..1f1b8b3 100644
---- a/g13/be-encfs.h
-+++ b/g13/be-encfs.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef G13_BE_ENCFS_H
-diff --git a/g13/be-truecrypt.c b/g13/be-truecrypt.c
-index 9d75bdf..e75b936 100644
---- a/g13/be-truecrypt.c
-+++ b/g13/be-truecrypt.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g13/be-truecrypt.h b/g13/be-truecrypt.h
-index e98c989..d6d1e84 100644
---- a/g13/be-truecrypt.h
-+++ b/g13/be-truecrypt.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef G13_BE_TRUECRYPT_H
-diff --git a/g13/call-syshelp.c b/g13/call-syshelp.c
-index 76d181b..adffc6e 100644
---- a/g13/call-syshelp.c
-+++ b/g13/call-syshelp.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g13/call-syshelp.h b/g13/call-syshelp.h
-index 0e110c9..3e83829 100644
---- a/g13/call-syshelp.h
-+++ b/g13/call-syshelp.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_G13_CALL_SYSHELP_H
-diff --git a/g13/create.c b/g13/create.c
-index 0126f5b..573039d 100644
---- a/g13/create.c
-+++ b/g13/create.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g13/create.h b/g13/create.h
-index ec4224c..ccb954a 100644
---- a/g13/create.h
-+++ b/g13/create.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef G13_CREATE_H
-diff --git a/g13/g13-common.c b/g13/g13-common.c
-index e6adcb8..8370907 100644
---- a/g13/g13-common.c
-+++ b/g13/g13-common.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
-
-diff --git a/g13/g13-common.h b/g13/g13-common.h
-index a205081..1fe80d3 100644
---- a/g13/g13-common.h
-+++ b/g13/g13-common.h
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef G13_COMMON_H
-diff --git a/g13/g13-syshelp.c b/g13/g13-syshelp.c
-index 7976be4..44a407d 100644
---- a/g13/g13-syshelp.c
-+++ b/g13/g13-syshelp.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g13/g13-syshelp.h b/g13/g13-syshelp.h
-index 618b41d..b6adcbd 100644
---- a/g13/g13-syshelp.h
-+++ b/g13/g13-syshelp.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef G13_SYSHELP_H
-diff --git a/g13/g13.c b/g13/g13.c
-index 7744855..5f02bdc 100644
---- a/g13/g13.c
-+++ b/g13/g13.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g13/g13.h b/g13/g13.h
-index e694890..9c0acb5 100644
---- a/g13/g13.h
-+++ b/g13/g13.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef G13_H
-diff --git a/g13/g13tuple.c b/g13/g13tuple.c
-index ddcb467..f79c82d 100644
---- a/g13/g13tuple.c
-+++ b/g13/g13tuple.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g13/g13tuple.h b/g13/g13tuple.h
-index c9dfb47..77d595d 100644
---- a/g13/g13tuple.h
-+++ b/g13/g13tuple.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef G13_G13TUPLE_H
-diff --git a/g13/keyblob.c b/g13/keyblob.c
-index 8a5b622..81863bb 100644
---- a/g13/keyblob.c
-+++ b/g13/keyblob.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g13/keyblob.h b/g13/keyblob.h
-index 48f0b9c..90fcf60 100644
---- a/g13/keyblob.h
-+++ b/g13/keyblob.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef G13_KEYBLOB_H
-diff --git a/g13/mount.c b/g13/mount.c
-index b46c8d0..7814d5c 100644
---- a/g13/mount.c
-+++ b/g13/mount.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g13/mount.h b/g13/mount.h
-index 0037682..fd403d5 100644
---- a/g13/mount.h
-+++ b/g13/mount.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef G13_MOUNT_H
-diff --git a/g13/mountinfo.c b/g13/mountinfo.c
-index 1c4894d..26eca0c 100644
---- a/g13/mountinfo.c
-+++ b/g13/mountinfo.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g13/mountinfo.h b/g13/mountinfo.h
-index 95e95f5..ab346bf 100644
---- a/g13/mountinfo.h
-+++ b/g13/mountinfo.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef G13_MOUNTINFO_H
-diff --git a/g13/runner.c b/g13/runner.c
-index 35c6843..af2e836 100644
---- a/g13/runner.c
-+++ b/g13/runner.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g13/runner.h b/g13/runner.h
-index 3c82143..36181ad 100644
---- a/g13/runner.h
-+++ b/g13/runner.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef G13_RUNNER_H
-diff --git a/g13/server.c b/g13/server.c
-index 5a273c2..0c4563e 100644
---- a/g13/server.c
-+++ b/g13/server.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g13/server.h b/g13/server.h
-index 41636c8..6338f40 100644
---- a/g13/server.h
-+++ b/g13/server.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef G13_SERVER_H
-diff --git a/g13/sh-blockdev.c b/g13/sh-blockdev.c
-index 4b4dde4..6c12dde 100644
---- a/g13/sh-blockdev.c
-+++ b/g13/sh-blockdev.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g13/sh-cmd.c b/g13/sh-cmd.c
-index d9a0f6c..a54f0ae 100644
---- a/g13/sh-cmd.c
-+++ b/g13/sh-cmd.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g13/sh-dmcrypt.c b/g13/sh-dmcrypt.c
-index 201f856..44496ec 100644
---- a/g13/sh-dmcrypt.c
-+++ b/g13/sh-dmcrypt.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g13/suspend.c b/g13/suspend.c
-index 39aeaeb..7bdf738 100644
---- a/g13/suspend.c
-+++ b/g13/suspend.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/g13/suspend.h b/g13/suspend.h
-index 91702eb..21943e7 100644
---- a/g13/suspend.h
-+++ b/g13/suspend.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef G13_SUSPEND_H
-diff --git a/g13/t-g13tuple.c b/g13/t-g13tuple.c
-index f986efa..bbd9898 100644
---- a/g13/t-g13tuple.c
-+++ b/g13/t-g13tuple.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/kbx/Makefile.am b/kbx/Makefile.am
-index 95138e0..f4a752d 100644
---- a/kbx/Makefile.am
-+++ b/kbx/Makefile.am
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
- ## Process this file with automake to produce Makefile.in
-
-diff --git a/kbx/kbxutil.c b/kbx/kbxutil.c
-index 77b134a..dd8477c 100644
---- a/kbx/kbxutil.c
-+++ b/kbx/kbxutil.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/kbx/keybox-blob.c b/kbx/keybox-blob.c
-index 896f137..73ecfbe 100644
---- a/kbx/keybox-blob.c
-+++ b/kbx/keybox-blob.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- /*
-diff --git a/kbx/keybox-defs.h b/kbx/keybox-defs.h
-index d74a7ef..d9c3d3a 100644
---- a/kbx/keybox-defs.h
-+++ b/kbx/keybox-defs.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef KEYBOX_DEFS_H
-diff --git a/kbx/keybox-dump.c b/kbx/keybox-dump.c
-index f4e7c98..0e8f63a 100644
---- a/kbx/keybox-dump.c
-+++ b/kbx/keybox-dump.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/kbx/keybox-file.c b/kbx/keybox-file.c
-index 59dfe0c..0485e81 100644
---- a/kbx/keybox-file.c
-+++ b/kbx/keybox-file.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/kbx/keybox-init.c b/kbx/keybox-init.c
-index 3b53cd5..7fbfe3a 100644
---- a/kbx/keybox-init.c
-+++ b/kbx/keybox-init.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/kbx/keybox-openpgp.c b/kbx/keybox-openpgp.c
-index a0e4ab9..6885e05 100644
---- a/kbx/keybox-openpgp.c
-+++ b/kbx/keybox-openpgp.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- /* This is a simple OpenPGP parser suitable for all OpenPGP key
-diff --git a/kbx/keybox-search-desc.h b/kbx/keybox-search-desc.h
-index 741f2e8..6298994 100644
---- a/kbx/keybox-search-desc.h
-+++ b/kbx/keybox-search-desc.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- /*
-diff --git a/kbx/keybox-search.c b/kbx/keybox-search.c
-index 681d5c0..ec5aad1 100644
---- a/kbx/keybox-search.c
-+++ b/kbx/keybox-search.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/kbx/keybox-update.c b/kbx/keybox-update.c
-index e5d4dc8..dcf8b2e 100644
---- a/kbx/keybox-update.c
-+++ b/kbx/keybox-update.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/kbx/keybox-util.c b/kbx/keybox-util.c
-index a2ca3f0..aacd0a4 100644
---- a/kbx/keybox-util.c
-+++ b/kbx/keybox-util.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/kbx/keybox.h b/kbx/keybox.h
-index 6180a2f..a248bf0 100644
---- a/kbx/keybox.h
-+++ b/kbx/keybox.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef KEYBOX_H
-diff --git a/scd/Makefile.am b/scd/Makefile.am
-index f160244..db096f6 100644
---- a/scd/Makefile.am
-+++ b/scd/Makefile.am
-@@ -13,7 +13,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
- ## Process this file with automake to produce Makefile.in
-
-diff --git a/scd/apdu.c b/scd/apdu.c
-index 5b7290e..3e2b609 100644
---- a/scd/apdu.c
-+++ b/scd/apdu.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- /* NOTE: This module is also used by other software, thus the use of
-diff --git a/scd/apdu.h b/scd/apdu.h
-index 7ca4c14..e29c971 100644
---- a/scd/apdu.h
-+++ b/scd/apdu.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- *
- * $Id$
- */
-diff --git a/scd/app-common.h b/scd/app-common.h
-index cda657f..e12b4fb 100644
---- a/scd/app-common.h
-+++ b/scd/app-common.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- *
- * $Id$
- */
-diff --git a/scd/app-dinsig.c b/scd/app-dinsig.c
-index 7dad6b1..3f99e2e 100644
---- a/scd/app-dinsig.c
-+++ b/scd/app-dinsig.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
-
-diff --git a/scd/app-geldkarte.c b/scd/app-geldkarte.c
-index f8ee9f6..e3c7dcc 100644
---- a/scd/app-geldkarte.c
-+++ b/scd/app-geldkarte.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
-
-diff --git a/scd/app-help.c b/scd/app-help.c
-index 2576d5c..1cc86b1 100644
---- a/scd/app-help.c
-+++ b/scd/app-help.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/scd/app-nks.c b/scd/app-nks.c
-index 598dee1..a6487c4 100644
---- a/scd/app-nks.c
-+++ b/scd/app-nks.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- /* Notes:
-diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
-index f8d9954..d1c9efe 100644
---- a/scd/app-openpgp.c
-+++ b/scd/app-openpgp.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- /* Some notes:
-diff --git a/scd/app-p15.c b/scd/app-p15.c
-index 12254ab..505073e 100644
---- a/scd/app-p15.c
-+++ b/scd/app-p15.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- /* Information pertaining to the BELPIC developer card samples:
-diff --git a/scd/app-sc-hsm.c b/scd/app-sc-hsm.c
-index 79899ce..c582734 100644
---- a/scd/app-sc-hsm.c
-+++ b/scd/app-sc-hsm.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- /*
-diff --git a/scd/app.c b/scd/app.c
-index 1f21dc1..40bdd22 100644
---- a/scd/app.c
-+++ b/scd/app.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/scd/atr.c b/scd/atr.c
-index 5b94758..9dc79de 100644
---- a/scd/atr.c
-+++ b/scd/atr.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/scd/atr.h b/scd/atr.h
-index b06a83a..d39e243 100644
---- a/scd/atr.h
-+++ b/scd/atr.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef ATR_H
-diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c
-index 478e038..0917105 100644
---- a/scd/ccid-driver.c
-+++ b/scd/ccid-driver.c
-@@ -16,7 +16,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- *
- * ALTERNATIVELY, this file may be distributed under the terms of the
- * following license, in which case the provisions of this license are
-diff --git a/scd/ccid-driver.h b/scd/ccid-driver.h
-index be8a5ce..e3aed9f 100644
---- a/scd/ccid-driver.h
-+++ b/scd/ccid-driver.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- *
- * ALTERNATIVELY, this file may be distributed under the terms of the
- * following license, in which case the provisions of this license are
-diff --git a/scd/command.c b/scd/command.c
-index edea01c..3584593 100644
---- a/scd/command.c
-+++ b/scd/command.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/scd/iso7816.c b/scd/iso7816.c
-index 28cd2eb..6cfa6b6 100644
---- a/scd/iso7816.c
-+++ b/scd/iso7816.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/scd/iso7816.h b/scd/iso7816.h
-index 45cd416..bcef473 100644
---- a/scd/iso7816.h
-+++ b/scd/iso7816.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef ISO7816_H
-diff --git a/scd/scdaemon.c b/scd/scdaemon.c
-index 0d26410..bb27de6 100644
---- a/scd/scdaemon.c
-+++ b/scd/scdaemon.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/scd/scdaemon.h b/scd/scdaemon.h
-index 448cb84..31e9c79 100644
---- a/scd/scdaemon.h
-+++ b/scd/scdaemon.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef SCDAEMON_H
-diff --git a/sm/Makefile.am b/sm/Makefile.am
-index 11f86e9..a9c67a8 100644
---- a/sm/Makefile.am
-+++ b/sm/Makefile.am
-@@ -13,7 +13,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
- ## Process this file with automake to produce Makefile.in
-
-diff --git a/sm/base64.c b/sm/base64.c
-index 43781ab..f3c7def 100644
---- a/sm/base64.c
-+++ b/sm/base64.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/sm/call-agent.c b/sm/call-agent.c
-index c9a210f..6dbaba5 100644
---- a/sm/call-agent.c
-+++ b/sm/call-agent.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c
-index 763506d..7a5d23c 100644
---- a/sm/call-dirmngr.c
-+++ b/sm/call-dirmngr.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/sm/certchain.c b/sm/certchain.c
-index b884d3d..feefbb7 100644
---- a/sm/certchain.c
-+++ b/sm/certchain.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/sm/certcheck.c b/sm/certcheck.c
-index 904556f..04b3917 100644
---- a/sm/certcheck.c
-+++ b/sm/certcheck.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/sm/certdump.c b/sm/certdump.c
-index 0cc492a..e47251e 100644
---- a/sm/certdump.c
-+++ b/sm/certdump.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/sm/certlist.c b/sm/certlist.c
-index 9adcabf..616f4f1 100644
---- a/sm/certlist.c
-+++ b/sm/certlist.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/sm/certreqgen-ui.c b/sm/certreqgen-ui.c
-index 3ccd048..ece8668 100644
---- a/sm/certreqgen-ui.c
-+++ b/sm/certreqgen-ui.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/sm/certreqgen.c b/sm/certreqgen.c
-index 4d50270..9b4ffc9 100644
---- a/sm/certreqgen.c
-+++ b/sm/certreqgen.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- /*
-diff --git a/sm/decrypt.c b/sm/decrypt.c
-index a560272..3cee54b 100644
---- a/sm/decrypt.c
-+++ b/sm/decrypt.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/sm/delete.c b/sm/delete.c
-index bafe601..e8638c3 100644
---- a/sm/delete.c
-+++ b/sm/delete.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/sm/encrypt.c b/sm/encrypt.c
-index c677a42..8555f4a 100644
---- a/sm/encrypt.c
-+++ b/sm/encrypt.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/sm/export.c b/sm/export.c
-index d3dc9b9..1317945 100644
---- a/sm/export.c
-+++ b/sm/export.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/sm/fingerprint.c b/sm/fingerprint.c
-index 8d2b800..d8e8405 100644
---- a/sm/fingerprint.c
-+++ b/sm/fingerprint.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/sm/gpgsm.c b/sm/gpgsm.c
-index e3b1e88..6bb57e7 100644
---- a/sm/gpgsm.c
-+++ b/sm/gpgsm.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/sm/gpgsm.h b/sm/gpgsm.h
-index 9751df4..88db670 100644
---- a/sm/gpgsm.h
-+++ b/sm/gpgsm.h
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GPGSM_H
-diff --git a/sm/import.c b/sm/import.c
-index b2ad839..2011fb5 100644
---- a/sm/import.c
-+++ b/sm/import.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/sm/keydb.c b/sm/keydb.c
-index 8a1efd4..02ca5ad 100644
---- a/sm/keydb.c
-+++ b/sm/keydb.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/sm/keydb.h b/sm/keydb.h
-index 3c0f2d6..5713fde 100644
---- a/sm/keydb.h
-+++ b/sm/keydb.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_KEYDB_H
-diff --git a/sm/keylist.c b/sm/keylist.c
-index 0d975c3..c4d475c 100644
---- a/sm/keylist.c
-+++ b/sm/keylist.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/sm/minip12.c b/sm/minip12.c
-index 0e94753..f066892 100644
---- a/sm/minip12.c
-+++ b/sm/minip12.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifdef HAVE_CONFIG_H
-diff --git a/sm/minip12.h b/sm/minip12.h
-index 7a1950f..39a8193 100644
---- a/sm/minip12.h
-+++ b/sm/minip12.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef MINIP12_H
-diff --git a/sm/misc.c b/sm/misc.c
-index 39897f4..40e989f 100644
---- a/sm/misc.c
-+++ b/sm/misc.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/sm/passphrase.c b/sm/passphrase.c
-index 6ad2b0a..09eac07 100644
---- a/sm/passphrase.c
-+++ b/sm/passphrase.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/sm/passphrase.h b/sm/passphrase.h
-index 3401a0b..c69f4d9 100644
---- a/sm/passphrase.h
-+++ b/sm/passphrase.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GPGSM_PASSPHRASE_H
-diff --git a/sm/qualified.c b/sm/qualified.c
-index bae03a4..61b071c 100644
---- a/sm/qualified.c
-+++ b/sm/qualified.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/sm/server.c b/sm/server.c
-index b4fcb43..d6a2dbb 100644
---- a/sm/server.c
-+++ b/sm/server.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/sm/sign.c b/sm/sign.c
-index 6cb1f86..6eec2e9 100644
---- a/sm/sign.c
-+++ b/sm/sign.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/sm/verify.c b/sm/verify.c
-index 73e0ab4..4df1cc0 100644
---- a/sm/verify.c
-+++ b/sm/verify.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/tests/Makefile.am b/tests/Makefile.am
-index f349763..fcb1199 100644
---- a/tests/Makefile.am
-+++ b/tests/Makefile.am
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
- ## Process this file with automake to produce Makefile.in
-
-diff --git a/tests/asschk.c b/tests/asschk.c
-index a869841..2595c0a 100644
---- a/tests/asschk.c
-+++ b/tests/asschk.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- /* This is a simple stand-alone Assuan server test program. We don't
-diff --git a/tests/gpgscm/Makefile.am b/tests/gpgscm/Makefile.am
-index dad30ed..9a5edc2 100644
---- a/tests/gpgscm/Makefile.am
-+++ b/tests/gpgscm/Makefile.am
-@@ -15,7 +15,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
- EXTRA_DIST = \
- LICENSE.TinySCHEME \
-diff --git a/tests/gpgscm/ffi-private.h b/tests/gpgscm/ffi-private.h
-index 0d58c41..037da56 100644
---- a/tests/gpgscm/ffi-private.h
-+++ b/tests/gpgscm/ffi-private.h
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GPGSCM_FFI_PRIVATE_H
-diff --git a/tests/gpgscm/ffi.c b/tests/gpgscm/ffi.c
-index 57de286..c7b34a4 100644
---- a/tests/gpgscm/ffi.c
-+++ b/tests/gpgscm/ffi.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/tests/gpgscm/ffi.h b/tests/gpgscm/ffi.h
-index 02dd99d..9320324 100644
---- a/tests/gpgscm/ffi.h
-+++ b/tests/gpgscm/ffi.h
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GPGSCM_FFI_H
-diff --git a/tests/gpgscm/main.c b/tests/gpgscm/main.c
-index 6dcc923..e429743 100644
---- a/tests/gpgscm/main.c
-+++ b/tests/gpgscm/main.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/tests/gpgscm/private.h b/tests/gpgscm/private.h
-index efa0cb0..6e330e0 100644
---- a/tests/gpgscm/private.h
-+++ b/tests/gpgscm/private.h
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef __GPGSCM_PRIVATE_H__
-diff --git a/tests/gpgscm/scheme-config.h b/tests/gpgscm/scheme-config.h
-index fe3d746..2003498 100644
---- a/tests/gpgscm/scheme-config.h
-+++ b/tests/gpgscm/scheme-config.h
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #define STANDALONE 0
-diff --git a/tests/gpgscm/t-child.c b/tests/gpgscm/t-child.c
-index fe2e7b4..704634d 100644
---- a/tests/gpgscm/t-child.c
-+++ b/tests/gpgscm/t-child.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <errno.h>
-diff --git a/tests/migrations/Makefile.am b/tests/migrations/Makefile.am
-index 5f76f45..2773969 100644
---- a/tests/migrations/Makefile.am
-+++ b/tests/migrations/Makefile.am
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
- # Process this file with automake to create Makefile.in
-
-
-diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am
-index 5d8acbf..b300cb6 100644
---- a/tests/openpgp/Makefile.am
-+++ b/tests/openpgp/Makefile.am
-@@ -15,7 +15,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
- # Process this file with automake to create Makefile.in
-
-
-diff --git a/tests/openpgp/fake-pinentry.c b/tests/openpgp/fake-pinentry.c
-index f3ff5f1..82d275c 100644
---- a/tests/openpgp/fake-pinentry.c
-+++ b/tests/openpgp/fake-pinentry.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <errno.h>
-diff --git a/tests/pkits/Makefile.am b/tests/pkits/Makefile.am
-index 8098ad2..9de1f8c 100644
---- a/tests/pkits/Makefile.am
-+++ b/tests/pkits/Makefile.am
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
- ## Process this file with automake to produce Makefile.in
-
-diff --git a/tools/Makefile.am b/tools/Makefile.am
-index 54486a3..765f2b4 100644
---- a/tools/Makefile.am
-+++ b/tools/Makefile.am
-@@ -14,7 +14,7 @@
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
--# along with this program; if not, see <http://www.gnu.org/licenses/>.
-+# along with this program; if not, see <https://www.gnu.org/licenses/>.
-
- EXTRA_DIST = \
- Manifest watchgnupg.c no-libgcrypt.c \
-diff --git a/tools/call-dirmngr.c b/tools/call-dirmngr.c
-index 0e591dd..8d7e27e 100644
---- a/tools/call-dirmngr.c
-+++ b/tools/call-dirmngr.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/tools/call-dirmngr.h b/tools/call-dirmngr.h
-index f1bc368..13bdd62 100644
---- a/tools/call-dirmngr.h
-+++ b/tools/call-dirmngr.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
- #ifndef GNUPG_TOOLS_CALL_DIRMNGR_H
- #define GNUPG_TOOLS_CALL_DIRMNGR_H
-diff --git a/tools/ccidmon.c b/tools/ccidmon.c
-index 4e39b5c..e4771bf 100644
---- a/tools/ccidmon.c
-+++ b/tools/ccidmon.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
-
-diff --git a/tools/gpg-check-pattern.c b/tools/gpg-check-pattern.c
-index fba2365..a3224ab 100644
---- a/tools/gpg-check-pattern.c
-+++ b/tools/gpg-check-pattern.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/tools/gpg-connect-agent.c b/tools/gpg-connect-agent.c
-index 106a8eb..1555862 100644
---- a/tools/gpg-connect-agent.c
-+++ b/tools/gpg-connect-agent.c
-@@ -15,7 +15,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c
-index 2c9cc4f..f751f9b 100644
---- a/tools/gpg-wks-client.c
-+++ b/tools/gpg-wks-client.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c
-index e872824..19bb730 100644
---- a/tools/gpg-wks-server.c
-+++ b/tools/gpg-wks-server.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- /* The Web Key Service I-D defines an update protocol to stpre a
-diff --git a/tools/gpg-wks.h b/tools/gpg-wks.h
-index be85eec..dcdb945 100644
---- a/tools/gpg-wks.h
-+++ b/tools/gpg-wks.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_GPG_WKS_H
-diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
-index 8bf3086..55e822c 100644
---- a/tools/gpgconf-comp.c
-+++ b/tools/gpgconf-comp.c
-@@ -15,7 +15,7 @@
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with GnuPG; if not, see <http://www.gnu.org/licenses/>.
-+ * along with GnuPG; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #if HAVE_CONFIG_H
-diff --git a/tools/gpgconf.c b/tools/gpgconf.c
-index 263d726..8c334b3 100644
---- a/tools/gpgconf.c
-+++ b/tools/gpgconf.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/tools/gpgconf.h b/tools/gpgconf.h
-index a1e3828..e99042f 100644
---- a/tools/gpgconf.h
-+++ b/tools/gpgconf.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GPGCONF_H
-diff --git a/tools/gpgparsemail.c b/tools/gpgparsemail.c
-index 57a6203..8c9c4d4 100644
---- a/tools/gpgparsemail.c
-+++ b/tools/gpgparsemail.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
-
-diff --git a/tools/gpgsplit.c b/tools/gpgsplit.c
-index 93dd8ed..3b4bb15 100644
---- a/tools/gpgsplit.c
-+++ b/tools/gpgsplit.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/tools/gpgtar-create.c b/tools/gpgtar-create.c
-index 6780eff..ef906a5 100644
---- a/tools/gpgtar-create.c
-+++ b/tools/gpgtar-create.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/tools/gpgtar-extract.c b/tools/gpgtar-extract.c
-index 8641126..f9a50e7 100644
---- a/tools/gpgtar-extract.c
-+++ b/tools/gpgtar-extract.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/tools/gpgtar-list.c b/tools/gpgtar-list.c
-index cb2e700..8286d08 100644
---- a/tools/gpgtar-list.c
-+++ b/tools/gpgtar-list.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/tools/gpgtar.c b/tools/gpgtar.c
-index 9c17139..23176dc 100644
---- a/tools/gpgtar.c
-+++ b/tools/gpgtar.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- /* GnuPG comes with a shell script gpg-zip which creates archive files
-diff --git a/tools/gpgtar.h b/tools/gpgtar.h
-index 7d03719..8cbe80b 100644
---- a/tools/gpgtar.h
-+++ b/tools/gpgtar.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GPGTAR_H
-diff --git a/tools/make-dns-cert.c b/tools/make-dns-cert.c
-index 4cd4bd3..9a7e20d 100644
---- a/tools/make-dns-cert.c
-+++ b/tools/make-dns-cert.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifdef HAVE_CONFIG_H
-diff --git a/tools/mime-maker.c b/tools/mime-maker.c
-index fa42043..89d419b 100644
---- a/tools/mime-maker.c
-+++ b/tools/mime-maker.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/tools/mime-maker.h b/tools/mime-maker.h
-index b21f7dd..0e8e4d0 100644
---- a/tools/mime-maker.h
-+++ b/tools/mime-maker.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_MIME_MAKER_H
-diff --git a/tools/mime-parser.c b/tools/mime-parser.c
-index 87f11d0..f8cbed5 100644
---- a/tools/mime-parser.c
-+++ b/tools/mime-parser.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/tools/mime-parser.h b/tools/mime-parser.h
-index b217a2c..37a74a1 100644
---- a/tools/mime-parser.h
-+++ b/tools/mime-parser.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_MIME_PARSER_H
-diff --git a/tools/rfc822parse.c b/tools/rfc822parse.c
-index 215ab52..ee81b5d 100644
---- a/tools/rfc822parse.c
-+++ b/tools/rfc822parse.c
-@@ -13,7 +13,7 @@
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
-- * License along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * License along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
-
-diff --git a/tools/rfc822parse.h b/tools/rfc822parse.h
-index c5579fe..966c91e 100644
---- a/tools/rfc822parse.h
-+++ b/tools/rfc822parse.h
-@@ -13,7 +13,7 @@
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
-- * License along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * License along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef RFC822PARSE_H
-diff --git a/tools/send-mail.c b/tools/send-mail.c
-index 2266521..56f2500 100644
---- a/tools/send-mail.c
-+++ b/tools/send-mail.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/tools/send-mail.h b/tools/send-mail.h
-index 5f57854..4d8ae98 100644
---- a/tools/send-mail.h
-+++ b/tools/send-mail.h
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifndef GNUPG_SEND_MAIL_H
-diff --git a/tools/sockprox.c b/tools/sockprox.c
-index 3593598..8648bb5 100644
---- a/tools/sockprox.c
-+++ b/tools/sockprox.c
-@@ -12,7 +12,7 @@
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- /* Hacked by Moritz Schulte <moritz at g10code.com>.
-diff --git a/tools/symcryptrun.c b/tools/symcryptrun.c
-index b2d8f5c..dc680f5 100644
---- a/tools/symcryptrun.c
-+++ b/tools/symcryptrun.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
-
-diff --git a/tools/watchgnupg.c b/tools/watchgnupg.c
-index b226357..44ff43c 100644
---- a/tools/watchgnupg.c
-+++ b/tools/watchgnupg.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #ifdef HAVE_CONFIG_H
-diff --git a/tools/wks-receive.c b/tools/wks-receive.c
-index 59141fc..018ff09 100644
---- a/tools/wks-receive.c
-+++ b/tools/wks-receive.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
-diff --git a/tools/wks-util.c b/tools/wks-util.c
-index 8d9f92b..ae81ede 100644
---- a/tools/wks-util.c
-+++ b/tools/wks-util.c
-@@ -14,7 +14,7 @@
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, see <http://www.gnu.org/licenses/>.
-+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
- #include <config.h>
diff --git a/debian/patches/0135-common-w32-Simplify-locking.patch b/debian/patches/0135-common-w32-Simplify-locking.patch
deleted file mode 100644
index 9249f95..0000000
--- a/debian/patches/0135-common-w32-Simplify-locking.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Tue, 8 Nov 2016 14:05:46 +0100
-Subject: common,w32: Simplify locking.
-
-* common/asshelp.c (lock_spawning): Use the same code on Windows that
-we use on all other platforms.
-(unlock_spawning): Likewise.
-
-Signed-off-by: Justus Winter <justus at g10code.com>
-(cherry picked from commit 7cbb0803847b8db618d39ff50ae6015e409ab1ae)
----
- common/asshelp.c | 49 -------------------------------------------------
- 1 file changed, 49 deletions(-)
-
-diff --git a/common/asshelp.c b/common/asshelp.c
-index eebfb26..6013f2b 100644
---- a/common/asshelp.c
-+++ b/common/asshelp.c
-@@ -255,48 +255,7 @@ static gpg_error_t
- lock_spawning (lock_spawn_t *lock, const char *homedir, const char *name,
- int verbose)
- {
--#ifdef HAVE_W32_SYSTEM
-- int waitrc;
-- int timeout = (!strcmp (name, "agent")
-- ? SECS_TO_WAIT_FOR_AGENT
-- : SECS_TO_WAIT_FOR_DIRMNGR);
--
-- (void)homedir; /* Not required. */
--
-- *lock = CreateMutexW
-- (NULL, FALSE,
-- !strcmp (name, "agent")? L"spawn_"GNUPG_NAME"_agent_sentinel":
-- !strcmp (name, "dirmngr")? L"spawn_"GNUPG_NAME"_dirmngr_sentinel":
-- /* */ L"spawn_"GNUPG_NAME"_unknown_sentinel");
-- if (!*lock)
-- {
-- log_error ("failed to create the spawn_%s mutex: %s\n",
-- name, w32_strerror (-1));
-- return gpg_error (GPG_ERR_GENERAL);
-- }
--
-- retry:
-- waitrc = WaitForSingleObject (*lock, 1000);
-- if (waitrc == WAIT_OBJECT_0)
-- return 0;
--
-- if (waitrc == WAIT_TIMEOUT && timeout)
-- {
-- timeout--;
-- if (verbose)
-- log_info ("another process is trying to start the %s ... (%ds)\n",
-- name, timeout);
-- goto retry;
-- }
-- if (waitrc == WAIT_TIMEOUT)
-- log_info ("error waiting for the spawn_%s mutex: timeout\n", name);
-- else
-- log_info ("error waiting for the spawn_%s mutex: (code=%d) %s\n",
-- name, waitrc, w32_strerror (-1));
-- return gpg_error (GPG_ERR_GENERAL);
--#else /*!HAVE_W32_SYSTEM*/
- char *fname;
--
- (void)verbose;
-
- *lock = NULL;
-@@ -321,7 +280,6 @@ lock_spawning (lock_spawn_t *lock, const char *homedir, const char *name,
- return gpg_error_from_syserror ();
-
- return 0;
--#endif /*!HAVE_W32_SYSTEM*/
- }
-
-
-@@ -331,15 +289,8 @@ unlock_spawning (lock_spawn_t *lock, const char *name)
- {
- if (*lock)
- {
--#ifdef HAVE_W32_SYSTEM
-- if (!ReleaseMutex (*lock))
-- log_error ("failed to release the spawn_%s mutex: %s\n",
-- name, w32_strerror (-1));
-- CloseHandle (*lock);
--#else /*!HAVE_W32_SYSTEM*/
- (void)name;
- dotlock_destroy (*lock);
--#endif /*!HAVE_W32_SYSTEM*/
- *lock = NULL;
- }
- }
diff --git a/debian/patches/0136-dirmngr-Improve-concurrency-in-the-non-adns-case.patch b/debian/patches/0136-dirmngr-Improve-concurrency-in-the-non-adns-case.patch
deleted file mode 100644
index a1531bc..0000000
--- a/debian/patches/0136-dirmngr-Improve-concurrency-in-the-non-adns-case.patch
+++ /dev/null
@@ -1,167 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Thu, 10 Nov 2016 11:38:42 +0100
-Subject: dirmngr: Improve concurrency in the non-adns case.
-
-* dirmngr/dns-stuff.c (map_adns_status_to_gpg_error): New.
-(resolve_name_adns, get_dns_cert, get_dns_cname): Use that function.
-(getsrv) [!USE_ADNS]: Call res_query outside of nPth.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit c7ea98cd3d44abf00e32c081e5049ad1d0b1f12c)
----
- dirmngr/dns-stuff.c | 26 +++++++++++++++++--
- dirmngr/ks-engine-hkp.c | 69 ++++++++++++++++++++++++++-----------------------
- 2 files changed, 60 insertions(+), 35 deletions(-)
-
-diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
-index 70554f6..6849af4 100644
---- a/dirmngr/dns-stuff.c
-+++ b/dirmngr/dns-stuff.c
-@@ -195,6 +195,21 @@ map_eai_to_gpg_error (int ec)
- return err;
- }
-
-+#ifdef USE_ADNS
-+static gpg_error_t
-+map_adns_status_to_gpg_error (adns_status status)
-+{
-+ gpg_err_code_t ec;
-+
-+ switch (status)
-+ {
-+ /* case adns_s_netunreach: ec = GPG_ERR_ENETUNREACH; break; */
-+ default: ec = GPG_ERR_GENERAL; break;
-+ }
-+ return gpg_error (ec);
-+}
-+#endif /*USE_ADNS*/
-+
-
- #ifdef USE_ADNS
- /* Init ADNS and store the new state at R_STATE. Returns 0 on
-@@ -286,6 +301,9 @@ resolve_name_adns (const char *name, unsigned short port,
- err = gpg_error (GPG_ERR_NOT_FOUND);
- if (answer->status != adns_s_ok || answer->type != adns_r_addr)
- {
-+ err = map_adns_status_to_gpg_error (answer->status);
-+ if (gpg_err_code (err) == GPG_ERR_GENERAL)
-+ err = gpg_error (GPG_ERR_NOT_FOUND);
- log_error ("DNS query returned an error: %s (%s)\n",
- adns_strerror (answer->status),
- adns_errabbrev (answer->status));
-@@ -692,7 +710,9 @@ get_dns_cert (const char *name, int want_certtype,
- /* log_error ("DNS query returned an error: %s (%s)\n", */
- /* adns_strerror (answer->status), */
- /* adns_errabbrev (answer->status)); */
-- err = gpg_error (GPG_ERR_NOT_FOUND);
-+ err = map_adns_status_to_gpg_error (answer->status);
-+ if (gpg_err_code (err) == GPG_ERR_GENERAL)
-+ err = gpg_error (GPG_ERR_NOT_FOUND);
- goto leave;
- }
-
-@@ -1095,7 +1115,9 @@ getsrv (const char *name,struct srventry **list)
- if (tor_mode)
- return -1;
-
-+ my_unprotect ();
- r = res_query (name, C_IN, T_SRV, answer, sizeof answer);
-+ my_protect ();
- if (r < sizeof (HEADER) || r > sizeof answer
- || header->rcode != NOERROR || !(count=ntohs (header->ancount)))
- return 0; /* Error or no record found. */
-@@ -1289,7 +1311,7 @@ get_dns_cname (const char *name, char **r_cname)
- if (answer->status != adns_s_ok
- || answer->type != adns_r_cname || answer->nrrs != 1)
- {
-- err = gpg_error (GPG_ERR_GENERAL);
-+ err = map_adns_status_to_gpg_error (answer->status);
- log_error ("DNS query returned an error or no records: %s (%s)\n",
- adns_strerror (answer->status),
- adns_errabbrev (answer->status));
-diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
-index 8530851..3b5e75d 100644
---- a/dirmngr/ks-engine-hkp.c
-+++ b/dirmngr/ks-engine-hkp.c
-@@ -447,45 +447,48 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
- }
- hi = hosttable[idx];
-
--#ifdef USE_DNS_SRV
-- /* Check for SRV records. */
-- srvrecord = xtryasprintf ("_hkp._tcp.%s", name);
-- if (srvrecord == NULL)
-- {
-- err = gpg_error_from_syserror ();
-- xfree (reftbl);
-- return err;
-- }
--
-- srvscount = getsrv (srvrecord, &srvs);
-- xfree (srvrecord);
-- if (srvscount < 0)
-+#ifdef USE_DNS_SRV
-+ if (!is_ip_address (name))
- {
-- err = gpg_error_from_syserror ();
-- xfree (reftbl);
-- return err;
-- }
--
-- if (srvscount > 0)
-- {
-- int i;
-- is_pool = srvscount > 1;
-+ /* Check for SRV records. */
-+ srvrecord = xtryasprintf ("_hkp._tcp.%s", name);
-+ if (srvrecord == NULL)
-+ {
-+ err = gpg_error_from_syserror ();
-+ xfree (reftbl);
-+ return err;
-+ }
-
-- for (i = 0; i < srvscount; i++)
-+ srvscount = getsrv (srvrecord, &srvs);
-+ xfree (srvrecord);
-+ if (srvscount < 0)
- {
-- err = resolve_dns_name (srvs[i].target, 0,
-- AF_UNSPEC, SOCK_STREAM,
-- &ai, &cname);
-- if (err)
-- continue;
-- dirmngr_tick (ctrl);
-- add_host (name, is_pool, ai, srvs[i].port,
-- reftbl, reftblsize, &refidx);
-+ err = gpg_error_from_syserror ();
-+ xfree (reftbl);
-+ return err;
- }
-
-- xfree (srvs);
-+ if (srvscount > 0)
-+ {
-+ int i;
-+ is_pool = srvscount > 1;
-+
-+ for (i = 0; i < srvscount; i++)
-+ {
-+ err = resolve_dns_name (srvs[i].target, 0,
-+ AF_UNSPEC, SOCK_STREAM,
-+ &ai, &cname);
-+ if (err)
-+ continue;
-+ dirmngr_tick (ctrl);
-+ add_host (name, is_pool, ai, srvs[i].port,
-+ reftbl, reftblsize, &refidx);
-+ }
-+
-+ xfree (srvs);
-+ }
- }
--#endif /* USE_DNS_SRV */
-+#endif /* USE_DNS_SRV */
-
- /* Find all A records for this entry and put them into the pool
- list - if any. */
diff --git a/debian/patches/dirmngr-idling/0141-dirmngr-More-win32-system-daemon-cleanup.patch b/debian/patches/dirmngr-idling/0141-dirmngr-More-win32-system-daemon-cleanup.patch
deleted file mode 100644
index a173651..0000000
--- a/debian/patches/dirmngr-idling/0141-dirmngr-More-win32-system-daemon-cleanup.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-Date: Fri, 28 Oct 2016 23:54:43 -0400
-Subject: dirmngr: More win32 system daemon cleanup.
-
-* dirmngr/dirmngr.c (handle_tick): remove win32 tests for
-shutdown_pending, no longer needed.
-
---
-
-In d83ba4897bf217d1045c58d1b99e52bd31c58812, we removed the
-Windows-specific system daemon features, where shutdown_pending was
-set from w32_service_control(). shutdown_pending is now never
-assigned outside of handle_signal() or within an inotify test, neither
-of which are available on win32.
-
-As a result, this stanza in handle_tick() should be dead code, and can
-be removed to keep things simple.
-
-Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
----
- dirmngr/dirmngr.c | 14 --------------
- 1 file changed, 14 deletions(-)
-
-diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
-index 6c04e76..042ac45 100644
---- a/dirmngr/dirmngr.c
-+++ b/dirmngr/dirmngr.c
-@@ -1805,20 +1805,6 @@ time_for_housekeeping_p (time_t curtime)
- static void
- handle_tick (void)
- {
-- /* Under Windows we don't use signals and need a way for the loop to
-- check for the shutdown flag. */
--#ifdef HAVE_W32_SYSTEM
-- if (shutdown_pending)
-- log_info (_("SIGTERM received - shutting down ...\n"));
-- if (shutdown_pending > 2)
-- {
-- log_info (_("shutdown forced\n"));
-- log_info ("%s %s stopped\n", strusage(11), strusage(13) );
-- cleanup ();
-- dirmngr_exit (0);
-- }
--#endif /*HAVE_W32_SYSTEM*/
--
- if (time_for_housekeeping_p (gnupg_get_time ()))
- {
- npth_t thread;
diff --git a/debian/patches/easy-keyservers/0117-dirmngr-Register-hkp-cacert-even-if-the-file-doesn-t.patch b/debian/patches/easy-keyservers/0117-dirmngr-Register-hkp-cacert-even-if-the-file-doesn-t.patch
deleted file mode 100644
index 5233522..0000000
--- a/debian/patches/easy-keyservers/0117-dirmngr-Register-hkp-cacert-even-if-the-file-doesn-t.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-Date: Thu, 27 Oct 2016 15:33:27 -0400
-Subject: dirmngr: Register hkp-cacert even if the file doesn't exist yet.
-
-* dirmngr/dirmngr.c (parse_readable_options): If we're unable to turn
-an argument for hkp-cacert into an absolute filename, terminate
-completely.
-* dirmngr/http.c (http_register_tls_ca): Show a warning if file is not
-immediately accessible, but register it anyway.
-
---
-
-Without this changeset, the condition of the filesystem when dirmngr
-is initialized will have an effect on later activities of dirmngr.
-
-For example, if a file identified by a hkp-cacert directive doesn't
-exist when dirmngr starts, dirmngr will behave as though it simply
-didn't have the hkp-cacert directive set at all, even if the file
-should appear later.
-
-dirmngr currently behaves differently if no hkp-cacert directives have
-been set then it does when at least one hkp-cacert directive has been
-set. For example, its choice of CA cert for
-hkps://hkps.pool.sks-keyservers.net depends on whether a TLS CA file
-has been registered. That behavior shouldn't additionally depend on
-the state of the filesystem at the time of dirmngr launch.
-
-Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
----
- dirmngr/dirmngr.c | 12 +++---------
- dirmngr/http.c | 5 +++++
- 2 files changed, 8 insertions(+), 9 deletions(-)
-
-diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
-index 6e76ffc..3d43bda 100644
---- a/dirmngr/dirmngr.c
-+++ b/dirmngr/dirmngr.c
-@@ -601,15 +601,9 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
- {
- char *tmpname;
-
-- /* Do tilde expansion and print a warning if the file can't be
-- accessed. */
-- tmpname = make_absfilename_try (pargs->r.ret_str, NULL);
-- if (!tmpname || access (tmpname, F_OK))
-- log_info (_("can't access '%s': %s\n"),
-- tmpname? tmpname : pargs->r.ret_str,
-- gpg_strerror (gpg_error_from_syserror()));
-- else
-- http_register_tls_ca (tmpname);
-+ /* Do tilde expansion and make path absolute. */
-+ tmpname = make_absfilename (pargs->r.ret_str, NULL);
-+ http_register_tls_ca (tmpname);
- xfree (tmpname);
- }
- break;
-diff --git a/dirmngr/http.c b/dirmngr/http.c
-index ac8238c..b767c15 100644
---- a/dirmngr/http.c
-+++ b/dirmngr/http.c
-@@ -492,6 +492,11 @@ http_register_tls_ca (const char *fname)
- }
- else
- {
-+ /* Warn if we can't access right now, but register it anyway in
-+ case it becomes accessible later */
-+ if (access (fname, F_OK))
-+ log_info (_("can't access '%s': %s\n"), fname,
-+ gpg_strerror (gpg_error_from_syserror()));
- sl = add_to_strlist (&tls_ca_certlist, fname);
- if (*sl->d && !strcmp (sl->d + strlen (sl->d) - 4, ".pem"))
- sl->flags = 1;
diff --git a/debian/patches/easy-keyservers/0118-dirmngr-Add-system-CAs-if-no-hkp-cacert-is-given.patch b/debian/patches/easy-keyservers/0118-dirmngr-Add-system-CAs-if-no-hkp-cacert-is-given.patch
deleted file mode 100644
index 7b50981..0000000
--- a/debian/patches/easy-keyservers/0118-dirmngr-Add-system-CAs-if-no-hkp-cacert-is-given.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-Date: Thu, 27 Oct 2016 16:16:08 -0400
-Subject: dirmngr: Add system CAs if no hkp-cacert is given.
-
-* dirmngr/dirmngr.c (http_session_new): If the user isn't talking to
-the HKPS pool, and they have not specified any hkp-cacert, then we
-should default to the system CAs, rather than nothing.
-* doc/dirmngr.texi: Document choice of CAs.
-
---
-
-Consider three possible classes of dirmngr configuration:
-
- a) no hkps:// keyserver URLs at all (communication with keyservers is
- entirely in the clear)
-
- b) hkps:// keyserver URLs, but no hkp-cacert directives
-
- c) hkps:// keyserver URLs, and at least one hkp-cacert directive
-
-class (a) provides no confidentiality of requests.
-
-class (b) currently will never work because the server certificate
-cannot be validated.
-
-class (c) is currently supported as intended.
-
-This patch allows users with configurations in class (b) to work as
-most users expect (relying on the system certificate authorities),
-without affecting users in classes (a) or (c).
-
-Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
----
- dirmngr/http.c | 14 +++++++++-----
- doc/dirmngr.texi | 5 +++++
- 2 files changed, 14 insertions(+), 5 deletions(-)
-
-diff --git a/dirmngr/http.c b/dirmngr/http.c
-index b767c15..18e3b72 100644
---- a/dirmngr/http.c
-+++ b/dirmngr/http.c
-@@ -591,6 +591,8 @@ http_session_new (http_session_t *r_session, const char *tls_priority,
- const char *errpos;
- int rc;
- strlist_t sl;
-+ int add_system_cas = !!(flags & HTTP_FLAG_TRUST_SYS);
-+ int is_hkps_pool;
-
- rc = gnutls_certificate_allocate_credentials (&sess->certcred);
- if (rc < 0)
-@@ -601,13 +603,13 @@ http_session_new (http_session_t *r_session, const char *tls_priority,
- goto leave;
- }
-
-+ is_hkps_pool = intended_hostname &&
-+ !ascii_strcasecmp (intended_hostname, "hkps.pool.sks-keyservers.net");
-+
- /* If the user has not specified a CA list, and they are looking
- * for the hkps pool from sks-keyservers.net, then default to
- * Kristian's certificate authority: */
-- if (!tls_ca_certlist
-- && intended_hostname
-- && !ascii_strcasecmp (intended_hostname,
-- "hkps.pool.sks-keyservers.net"))
-+ if (!tls_ca_certlist && is_hkps_pool)
- {
- char *pemname = make_filename_try (gnupg_datadir (),
- "sks-keyservers.netCA.pem", NULL);
-@@ -640,10 +642,12 @@ http_session_new (http_session_t *r_session, const char *tls_priority,
- log_info ("setting CA from file '%s' failed: %s\n",
- sl->d, gnutls_strerror (rc));
- }
-+ if (!tls_ca_certlist && !is_hkps_pool)
-+ add_system_cas = 1;
- }
-
- /* Add system certificates to the session. */
-- if ((flags & HTTP_FLAG_TRUST_SYS))
-+ if (add_system_cas)
- {
- #if GNUTLS_VERSION_NUMBER >= 0x030014
- static int shown;
-diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
-index 04494a5..11bded5 100644
---- a/doc/dirmngr.texi
-+++ b/doc/dirmngr.texi
-@@ -461,6 +461,11 @@ the file is in PEM format a suffix of @code{.pem} is expected for
- @var{file}. This option may be given multiple times to add more
- root certificates. Tilde expansion is supported.
-
-+If no @code{hkp-cacert} directive is present, dirmngr will make a
-+reasonable choice: if the keyserver in question is the special pool
-+ at code{hkps.pool.sks-keyservers.net}, it will use the bundled root
-+certificate for that pool. Otherwise, it will use the system CAs.
-+
- @end table
-
-
diff --git a/debian/patches/easy-keyservers/0119-dirmngr-Use-a-default-keyserver-if-none-is-explicitl.patch b/debian/patches/easy-keyservers/0119-dirmngr-Use-a-default-keyserver-if-none-is-explicitl.patch
deleted file mode 100644
index 6f70070..0000000
--- a/debian/patches/easy-keyservers/0119-dirmngr-Use-a-default-keyserver-if-none-is-explicitl.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-Date: Thu, 27 Oct 2016 18:25:56 -0400
-Subject: dirmngr: Use a default keyserver if none is explicitly set.
-
-* configure.ac: Define DIRMNGR_DEFAULT_KEYSERVER.
-* dirmngr/server.c (ensure_keyserver): Use it if no keyservers are set.
-* doc/dirmngr.texi: Document this behavior.
-
---
-
-A user who doesn't specify a keyserver, but asks gnupg to fetch a key
-currently just gets a simple error messages "No keyserver available".
-
-If the user is asking to contact a keyserver, we should have a
-reasonable default, and not require them to fiddle with settings when
-they might not know what settings to choose. This patch makes the
-default hkps://hkps.pool.sks-keyservers.net.
-
-Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
----
- configure.ac | 2 ++
- dirmngr/server.c | 3 ++-
- doc/dirmngr.texi | 2 ++
- 3 files changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 634a570..b43b5ac 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -1759,6 +1759,8 @@ AC_DEFINE_UNQUOTED(SCDAEMON_SOCK_NAME, "S.scdaemon",
- [The name of the SCdaemon socket])
- AC_DEFINE_UNQUOTED(DIRMNGR_SOCK_NAME, "S.dirmngr",
- [The name of the dirmngr socket])
-+AC_DEFINE_UNQUOTED(DIRMNGR_DEFAULT_KEYSERVER, "hkps://hkps.pool.sks-keyservers.net",
-+ [The default keyserver for dirmngr to use, if none is explicitly given])
-
- AC_DEFINE_UNQUOTED(GPGEXT_GPG, "gpg", [The standard binary file suffix])
-
-diff --git a/dirmngr/server.c b/dirmngr/server.c
-index 2f88ff2..1bedbd8 100644
---- a/dirmngr/server.c
-+++ b/dirmngr/server.c
-@@ -1765,7 +1765,8 @@ ensure_keyserver (ctrl_t ctrl)
- if (ctrl->server_local->keyservers)
- return 0; /* Already set for this session. */
- if (!opt.keyserver)
-- return 0; /* No global option set. */
-+ /* No global option set. fall back to default: */
-+ return make_keyserver_item (DIRMNGR_DEFAULT_KEYSERVER, &ctrl->server_local->keyservers);
-
- for (sl = opt.keyserver; sl; sl = sl->next)
- {
-diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
-index 11bded5..335aa58 100644
---- a/doc/dirmngr.texi
-+++ b/doc/dirmngr.texi
-@@ -276,6 +276,8 @@ service (.onion), Dirmngr selects the keyserver to use depending on
- whether Tor is locally running or not. The check for a running Tor is
- done for each new connection.
-
-+If no keyserver is explicitly configured, dirmngr will use the
-+built-in default of hkps://hkps.pool.sks-keyservers.net.
-
- @item --nameserver @var{ipaddr}
- @opindex nameserver
diff --git a/debian/patches/series b/debian/patches/series
index 0811b76..62226cd 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,144 +1,10 @@
debian-packaging/0001-avoid-beta-warning.patch
block-ptrace-on-agent/0002-Avoid-simple-memory-dumps-via-ptrace.patch
debian-packaging/0003-avoid-regenerating-defsincdate-use-shipped-file.patch
-0004-spelling-s-achived-achieved-and-s-alternativly-alter.patch
-0005-gpg-Fix-regression-in-gpgv-s-printing-of-the-keyid.patch
-0006-gpg-Avoid-homedir-creation-by-list-config.patch
-0007-tests-Run-test-requiring-the-network-only-in-maintai.patch
-0008-gpg-Make-decryption-of-R-work-w-o-try-secret-key-or-.patch
-0009-gpg-Fix-false-negatives-in-Ed25519-signature-verific.patch
-0010-agent-invoke-scdaemon-with-homedir.patch
-0011-scd-Clean-up-unused-shutdown-method.patch
-0012-scd-Release-the-card-reader-after-card-removal.patch
-0013-common-Check-read-errors-in-name-value.c.patch
-0014-scd-Fix-an-action-after-card-removal.patch
-0015-agent-Terminate-on-deletion-of-the-socket-file-Linux.patch
-0016-dirmngr-Terminate-on-deletion-of-the-socket-file-Lin.patch
-0017-gpg-Make-output-work-with-verify.patch
-0018-gpg-Add-options-output-and-yes-to-gpgv.patch
-0019-gpg-Remove-option-yes-from-gpgv.patch
-0020-gpg-print-fingerprint-regardless-of-keyid-format.patch
-0021-spelling-conenction-should-be-connection.patch
-0022-gpg-Improve-usability-of-quick-gen-key.patch
-0023-gpg-Allow-use-of-default-algo-for-quick-addkey.patch
-0024-gpg-Emit-a-new-error-status-line-in-quick-adduid.patch
-0025-tests-gpgscm-Fix-use-of-pointer.patch
-0026-scd-Add-support-of-ECC-pubkey-attribute.patch
-0027-gpg-Avoid-malloc-failure-due-to-no-key-signatures.patch
-0028-gpgscm-Fix-gcrypt-version-check.patch
-0029-dirmngr-Silence-diagnostics-about-starting-housekeep.patch
-0030-gpg-Fix-regression-in-fingerprint-printing.patch
-0031-dirmngr-Open-file-CRL-s-in-binary-mode.patch
-0032-dirmngr-Fix-type.patch
-0033-g10-When-adding-a-user-id-make-sure-the-keyblock-has.patch
-0034-agent-Allow-only-specific-digest-size-for-ECDSA.patch
-0035-dirmngr-Removal-of-no-libgcrypt.o.patch
-0036-agent-sm-Set-CTX-after-start_agent.patch
-0037-common-Correctly-handle-modules-relying-on-npth.patch
-0038-build-Do-not-link-gpg-connect-agent-against-npth.patch
-0039-gpg-Make-sure-that-internal-key-import-is-done-with-.patch
-0040-gpg-Make-import-filter-data-object-more-flexible.patch
-0041-gpg-Reject-import-if-an-import-filter-removed-all-us.patch
-0042-dirmngr-Fix-STARTTLS-on-LDAP-connections.patch
-0043-tools-Give-mime-parser-callbacks-access-to-the-rfc82.patch
-0044-agent-Enable-restricted-browser-and-ssh-socket-by-de.patch
-0045-build-Fix-build-against-libiconv.patch
-0046-agent-Kludge-to-allow-disabling-of-the-extra-sockets.patch
-0047-agent-Create-the-extra-sockets-in-the-standard-socke.patch
-0048-agent-Remove-the-warning-for-the-GKR-hijacking.patch
-0049-agent-dirmngr-scd-npth_init-must-be-after-fork.patch
-0050-tools-Ignore-existing-directories-in-gpgtar.patch
-0051-agent-Implement-supervised-command-for-systemd-etc.patch
-0052-agent-Adjust-supervised-mode-for-the-new-default-soc.patch
-0053-agent-Adjust-cleanup-for-supervised-mode.-Fix-for-W3.patch
-0054-agent-Streamline-the-supervised-mode-code.patch
-0055-agent-Fix-error-handling-in-map_supervised_sockets.patch
-0056-agent-Fix-npth-supervised-mode-problem.patch
-0057-agent-Another-minor-fix-to-map_supervised_sockets.patch
-0058-g10-Don-t-add-user-attributes-to-the-TOFU-DB.patch
-0059-g10-Fix-testing-for-debug-flag.patch
-0060-sm-Remove-statement-without-effect.patch
-0061-common-Avoid-pointer-arithmetic-on-string-literals.patch
-0062-agent-dirmngr-scd-Fix-init_common_subsystems.patch
-0063-agent-Fix-get_socket_name.patch
-0064-tools-Fix-error-handling.patch
-0065-g10-Fix-a-column-s-type-in-TOFU-DB.patch
-0066-agent-Move-inotify-code-to-common-and-improve-it.patch
-0067-agent-Use-straightforward-names-for-the-default-sock.patch
-0068-gpgconf-Fix-for-homedir.patch
-0069-scd-Fix-keytocard-for-ECC.patch
-0070-doc-Point-gpg-agent-1-at-the-right-gpg-manpage-in-SE.patch
-0071-doc-Document-how-to-manually-shut-down-gpg-agent.patch
-0072-scd-minor-cleanup-to-merge-other-works.patch
-0073-scd-Support-ECC-key-generation.patch
-0074-common-w32-Make-use-of-default_errsource-in-exechelp.patch
-0075-common-w32-Extend-gnupg_create_inbound_pipe-et-al.patch
-0076-common-w32-Communicate-with-child-in-non-blocking-mo.patch
-0077-common-Fix-copying-data-to-estreams.patch
-0078-agent-Add-card-option-for-READKEY.patch
-0079-g10-smartcard-keygen-change.patch
-0080-scd-GENKEY-updates-the-public-key-in-APP.patch
-0081-agent-g10-Fix-keygen.patch
-0082-agent-Fix-saving-with-FORCE-1.patch
-0083-Fix-use-cases-of-snprintf.patch
-0084-g10-Support-ECC-for-gen_card_key.patch
-0085-g10-Don-t-ask-keysize-for-for-non-RSA-card.patch
-0086-scd-Fix-segfault-changing-key-attr.patch
-0087-g10-scd-Fix-ECC-keygen.patch
-0088-g10-Write-first-keybox-record-in-binary-mode.patch
-0089-g10-More-card-key-generation-change.patch
-0090-g10-Fix-card-keygen-for-decryption.patch
-0091-common-Fix-openpgp_is_curve_supported.patch
-0092-scd-Use-canonical-curve-name-of-libgcrypt.patch
-0093-agent-Slightly-change-structure-of-cmd_readkey.patch
-0094-agent-Minor-cleanup-for-recent-change-in-findkey.c.patch
-0095-gpg-Replace-two-sprintf-calls.patch
-0096-agent-tests-w32-Fix-relaying-pinentry-user-data-fix-.patch
-0097-common-avoid-segfault.patch
-0098-agent-supervised-mode-improvements.patch
-0099-doc-Fix-spelling-of-internal.patch
-0100-tests-Improve-portability-of-fake-pinentry.patch
-0101-common-Use-GPG_ERR_INV_VALUE-instead-of-GPG_ERR_EINV.patch
-0102-agent-Avoid-double-error-message.patch
-0103-dirmngr-Fix-hang-due-to-deferred-thread-initializati.patch
-0104-common-Fix-gnupg_inotify_has_name.patch
-0105-dirmngr-report-actual-socket-name.patch
-0106-agent-common-move-get_socket_name-into-common.patch
-0107-dirmngr-Implement-supervised-command-for-systemd-etc.patch
-0108-g10-ECDH-shared-point-format.patch
-0109-scd-Add-0x41-prefix-for-x-coordinate-only-result.patch
-0110-g10-Fix-ECDH-clarifying-the-format.patch
-0111-dirmngr-Fix-error-return-for-ADNS.patch
-0112-dirmngr-More-ADNS-error-fix.patch
-0113-common-Fix-gnupg_inotify_has_name-differently.patch
-0114-dirmngr-ADNS-error-handling-fix.patch
-0115-common-Remove-debug-output-from-gnupg_get_socket_nam.patch
-0116-dirmngr-Do-not-implement-supervised-in-Windows.patch
-easy-keyservers/0117-dirmngr-Register-hkp-cacert-even-if-the-file-doesn-t.patch
-easy-keyservers/0118-dirmngr-Add-system-CAs-if-no-hkp-cacert-is-given.patch
-easy-keyservers/0119-dirmngr-Use-a-default-keyserver-if-none-is-explicitl.patch
-0120-g10-Assert-preconditions.patch
-0121-Fix-typos.patch
-0122-g10-Fix-iteration-over-getkey-results.patch
-0123-common-Add-GNUPG_MODULE_NAME_GPGV.patch
-0124-gpg-Verify-multiple-detached-signatures-with-differe.patch
-0125-gpg-Enable-the-Issuer-Fingerprint-from-rfc4880bis.patch
-0126-common-New-function-gnupg_usleep.patch
-0127-Spelling-correct-spelling-of-passphrase.patch
-0128-build-Fix-misspelled-dirmngr.patch
-0129-common-Improve-compare_string_versions.patch
-0130-agent-Extend-the-PINENTRY_LAUNCHED-inquiry-and-statu.patch
-0131-scd-Add-advanced-option-for-READKEY.patch
-0132-scd-Fix-length-error-for-READKEY.patch
-0133-indent-Move-comments-inside-the-block.patch
-0134-Change-all-http-www.gnu.org-in-license-notices-to-ht.patch
-0135-common-w32-Simplify-locking.patch
-0136-dirmngr-Improve-concurrency-in-the-non-adns-case.patch
gpg-agent-idling/0137-agent-Create-framework-of-scheduled-timers.patch
gpg-agent-idling/0138-agent-Allow-threads-to-interrupt-main-select-loop-wi.patch
gpg-agent-idling/0139-agent-Avoid-tight-timer-tick-when-possible.patch
gpg-agent-idling/0140-agent-Avoid-scheduled-checks-on-socket-when-inotify-.patch
-dirmngr-idling/0141-dirmngr-More-win32-system-daemon-cleanup.patch
dirmngr-idling/0142-dirmngr-hkp-Avoid-potential-race-condition-when-some.patch
dirmngr-idling/0143-dimrngr-Avoid-need-for-hkp-housekeeping.patch
dirmngr-idling/0144-dirmngr-Drop-useless-housekeeping.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list