[Pkg-gnupg-commit] [gnupg2] 01/02: more upstream bugfixes (Closes: #858400)
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Apr 7 15:46:22 UTC 2017
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch experimental
in repository gnupg2.
commit a3c1ff395c98c695157ddd91ea1d14eb417abfe1
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Fri Apr 7 11:36:41 2017 -0400
more upstream bugfixes (Closes: #858400)
---
...gent-Serialize-access-to-passphrase-cache.patch | 220 +++++
...eep-CCID-reader-open-when-card-is-not-ava.patch | 41 +
.../0023-scd-Internal-CCID-reader-cleanup.patch | 449 +++++++++
...-gpg-Fix-printing-of-offline-taken-subkey.patch | 27 +
.../0025-doc-Explain-the-in-a-key-listing.patch | 34 +
.../0026-gpgscm-Fix-compact-vector-encoding.patch | 43 +
...ve-arbitrary-limit-on-number-of-cell-segm.patch | 285 ++++++
...m-Make-global-data-constant-when-possible.patch | 156 +++
...cate-small-integers-in-the-rodata-section.patch | 1011 ++++++++++++++++++++
debian/patches/series | 9 +
10 files changed, 2275 insertions(+)
diff --git a/debian/patches/0021-agent-Serialize-access-to-passphrase-cache.patch b/debian/patches/0021-agent-Serialize-access-to-passphrase-cache.patch
new file mode 100644
index 0000000..7f30b27
--- /dev/null
+++ b/debian/patches/0021-agent-Serialize-access-to-passphrase-cache.patch
@@ -0,0 +1,220 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Fri, 7 Apr 2017 08:39:26 +0900
+Subject: agent: Serialize access to passphrase cache.
+
+* agent/cache.c (encryption_lock): Remove.
+(cache_lock): New. Now, we have coarse grain lock to serialize
+entire cache access.
+(initialize_module_cache): Use CACHE_LOCK.
+(init_encryption, new_data): Remove ENCRYPTION_LOCK.
+(agent_flush_cache, agent_put_cache, agent_get_cache): Lock the cache.
+
+--
+
+GnuPG-bug-id: 3027
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit ebe12be034f052cdec871f0d8ad1bfab85d7b943)
+---
+ agent/cache.c | 73 ++++++++++++++++++++++++++++++-----------------------------
+ 1 file changed, 37 insertions(+), 36 deletions(-)
+
+diff --git a/agent/cache.c b/agent/cache.c
+index 41e0905..80d5f8d 100644
+--- a/agent/cache.c
++++ b/agent/cache.c
+@@ -31,9 +31,8 @@
+ /* The size of the encryption key in bytes. */
+ #define ENCRYPTION_KEYSIZE (128/8)
+
+-/* A mutex used to protect the encryption. This is required because
+- we use one context to do all encryption and decryption. */
+-static npth_mutex_t encryption_lock;
++/* A mutex used to serialize access to the cache. */
++static npth_mutex_t cache_lock;
+ /* The encryption context. This is the only place where the
+ encryption key for all cached entries is available. It would be nice
+ to keep this (or just the key) in some hardware device, for example
+@@ -76,7 +75,7 @@ initialize_module_cache (void)
+ {
+ int err;
+
+- err = npth_mutex_init (&encryption_lock, NULL);
++ err = npth_mutex_init (&cache_lock, NULL);
+
+ if (err)
+ log_fatal ("error initializing cache module: %s\n", strerror (err));
+@@ -102,15 +101,10 @@ init_encryption (void)
+ {
+ gpg_error_t err;
+ void *key;
+- int res;
+
+ if (encryption_handle)
+ return 0; /* Shortcut - Already initialized. */
+
+- res = npth_mutex_lock (&encryption_lock);
+- if (res)
+- log_fatal ("failed to acquire cache encryption mutex: %s\n", strerror (res));
+-
+ err = gcry_cipher_open (&encryption_handle, GCRY_CIPHER_AES128,
+ GCRY_CIPHER_MODE_AESWRAP, GCRY_CIPHER_SECURE);
+ if (!err)
+@@ -133,10 +127,6 @@ init_encryption (void)
+ log_error ("error initializing cache encryption context: %s\n",
+ gpg_strerror (err));
+
+- res = npth_mutex_unlock (&encryption_lock);
+- if (res)
+- log_fatal ("failed to release cache encryption mutex: %s\n", strerror (res));
+-
+ return err? gpg_error (GPG_ERR_NOT_INITIALIZED) : 0;
+ }
+
+@@ -155,7 +145,6 @@ new_data (const char *string, struct secret_data_s **r_data)
+ struct secret_data_s *d, *d_enc;
+ size_t length;
+ int total;
+- int res;
+
+ *r_data = NULL;
+
+@@ -186,17 +175,9 @@ new_data (const char *string, struct secret_data_s **r_data)
+ }
+
+ d_enc->totallen = total;
+- res = npth_mutex_lock (&encryption_lock);
+- if (res)
+- log_fatal ("failed to acquire cache encryption mutex: %s\n",
+- strerror (res));
+-
+ err = gcry_cipher_encrypt (encryption_handle, d_enc->data, total,
+ d->data, total - 8);
+ xfree (d);
+- res = npth_mutex_unlock (&encryption_lock);
+- if (res)
+- log_fatal ("failed to release cache encryption mutex: %s\n", strerror (res));
+ if (err)
+ {
+ xfree (d_enc);
+@@ -281,10 +262,15 @@ void
+ agent_flush_cache (void)
+ {
+ ITEM r;
++ int res;
+
+ if (DBG_CACHE)
+ log_debug ("agent_flush_cache\n");
+
++ res = npth_mutex_lock (&cache_lock);
++ if (res)
++ log_fatal ("failed to acquire cache mutex: %s\n", strerror (res));
++
+ for (r=thecache; r; r = r->next)
+ {
+ if (r->pw)
+@@ -296,6 +282,10 @@ agent_flush_cache (void)
+ r->accessed = 0;
+ }
+ }
++
++ res = npth_mutex_unlock (&cache_lock);
++ if (res)
++ log_fatal ("failed to release cache mutex: %s\n", strerror (res));
+ }
+
+
+@@ -321,6 +311,11 @@ agent_put_cache (const char *key, cache_mode_t cache_mode,
+ {
+ gpg_error_t err = 0;
+ ITEM r;
++ int res;
++
++ res = npth_mutex_lock (&cache_lock);
++ if (res)
++ log_fatal ("failed to acquire cache mutex: %s\n", strerror (res));
+
+ if (DBG_CACHE)
+ log_debug ("agent_put_cache '%s' (mode %d) requested ttl=%d\n",
+@@ -336,7 +331,7 @@ agent_put_cache (const char *key, cache_mode_t cache_mode,
+ }
+ }
+ if ((!ttl && data) || cache_mode == CACHE_MODE_IGNORE)
+- return 0;
++ goto out;
+
+ for (r=thecache; r; r = r->next)
+ {
+@@ -386,6 +381,12 @@ agent_put_cache (const char *key, cache_mode_t cache_mode,
+ if (err)
+ log_error ("error inserting cache item: %s\n", gpg_strerror (err));
+ }
++
++ out:
++ res = npth_mutex_unlock (&cache_lock);
++ if (res)
++ log_fatal ("failed to release cache mutex: %s\n", strerror (res));
++
+ return err;
+ }
+
+@@ -405,15 +406,18 @@ agent_get_cache (const char *key, cache_mode_t cache_mode)
+ if (cache_mode == CACHE_MODE_IGNORE)
+ return NULL;
+
++ res = npth_mutex_lock (&cache_lock);
++ if (res)
++ log_fatal ("failed to acquire cache mutex: %s\n", strerror (res));
++
+ if (!key)
+ {
+ key = last_stored_cache_key;
+ if (!key)
+- return NULL;
++ goto out;
+ last_stored = 1;
+ }
+
+-
+ if (DBG_CACHE)
+ log_debug ("agent_get_cache '%s' (mode %d)%s ...\n",
+ key, cache_mode,
+@@ -440,17 +444,9 @@ agent_get_cache (const char *key, cache_mode_t cache_mode)
+ err = gpg_error_from_syserror ();
+ else
+ {
+- res = npth_mutex_lock (&encryption_lock);
+- if (res)
+- log_fatal ("failed to acquire cache encryption mutex: %s\n",
+- strerror (res));
+ err = gcry_cipher_decrypt (encryption_handle,
+ value, r->pw->totallen - 8,
+ r->pw->data, r->pw->totallen);
+- res = npth_mutex_unlock (&encryption_lock);
+- if (res)
+- log_fatal ("failed to release cache encryption mutex: %s\n",
+- strerror (res));
+ }
+ if (err)
+ {
+@@ -459,13 +455,18 @@ agent_get_cache (const char *key, cache_mode_t cache_mode)
+ log_error ("retrieving cache entry '%s' failed: %s\n",
+ key, gpg_strerror (err));
+ }
+- return value;
++ break;
+ }
+ }
+- if (DBG_CACHE)
++ if (DBG_CACHE && value == NULL)
+ log_debug ("... miss\n");
+
+- return NULL;
++ out:
++ res = npth_mutex_unlock (&cache_lock);
++ if (res)
++ log_fatal ("failed to release cache mutex: %s\n", strerror (res));
++
++ return value;
+ }
+
+
diff --git a/debian/patches/0022-scd-Don-t-keep-CCID-reader-open-when-card-is-not-ava.patch b/debian/patches/0022-scd-Don-t-keep-CCID-reader-open-when-card-is-not-ava.patch
new file mode 100644
index 0000000..a662eb1
--- /dev/null
+++ b/debian/patches/0022-scd-Don-t-keep-CCID-reader-open-when-card-is-not-ava.patch
@@ -0,0 +1,41 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Fri, 7 Apr 2017 12:18:16 +0900
+Subject: scd: Don't keep CCID reader open when card is not available.
+
+* scd/apdu.c (open_ccid_reader): Fail if no ATR.
+
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit 3c93595d701c59cbc9b67a7fd0bcde7ee0fada1a)
+---
+ scd/apdu.c | 11 +++--------
+ 1 file changed, 3 insertions(+), 8 deletions(-)
+
+diff --git a/scd/apdu.c b/scd/apdu.c
+index 147bf73..65f770d 100644
+--- a/scd/apdu.c
++++ b/scd/apdu.c
+@@ -1496,6 +1496,9 @@ open_ccid_reader (struct dev_list *dl)
+
+ err = ccid_open_reader (dl->portstr, dl->idx, dl->ccid_table,
+ &slotp->ccid.handle, &slotp->rdrname);
++ if (!err)
++ err = ccid_get_atr (slotp->ccid.handle,
++ slotp->atr, sizeof slotp->atr, &slotp->atrlen);
+ if (err)
+ {
+ slotp->used = 0;
+@@ -1503,14 +1506,6 @@ open_ccid_reader (struct dev_list *dl)
+ return -1;
+ }
+
+- err = ccid_get_atr (slotp->ccid.handle,
+- slotp->atr, sizeof slotp->atr, &slotp->atrlen);
+- if (err)
+- {
+- slotp->atrlen = 0;
+- err = 0;
+- }
+-
+ require_get_status = ccid_require_get_status (slotp->ccid.handle);
+
+ reader_table[slot].close_reader = close_ccid_reader;
diff --git a/debian/patches/0023-scd-Internal-CCID-reader-cleanup.patch b/debian/patches/0023-scd-Internal-CCID-reader-cleanup.patch
new file mode 100644
index 0000000..36cf5d3
--- /dev/null
+++ b/debian/patches/0023-scd-Internal-CCID-reader-cleanup.patch
@@ -0,0 +1,449 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Fri, 7 Apr 2017 13:30:35 +0900
+Subject: scd: Internal CCID reader cleanup.
+
+* scd/ccid-reader.c (scan_usb_device): Only for scan mode, so, rename
+from scan_or_find_usb_device.
+(scan_devices): Likewise. Remove support of special transport types.
+(ccid_get_reader_list): Simplify.
+(abort_cmd): Fix error return.
+(send_escape_cmd): Fix for RESULTLEN == NULL.
+(ccid_transceive_secure): Remove unnecessary var updates.
+
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit cc420d34880e2a050b39f969873974cfc35fa5c3)
+---
+ scd/ccid-driver.c | 310 ++++++++----------------------------------------------
+ 1 file changed, 41 insertions(+), 269 deletions(-)
+
+diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c
+index a471adf..d135ca6 100644
+--- a/scd/ccid-driver.c
++++ b/scd/ccid-driver.c
+@@ -1129,21 +1129,11 @@ find_endpoint (const struct libusb_interface_descriptor *ifcdesc, int mode)
+ }
+
+
+-/* Helper for scan_or_find_devices. This function returns true if a
++/* Helper for scan_devices. This function returns true if a
+ requested device has been found or the caller should stop scanning
+ for other reasons. */
+-static int
+-scan_or_find_usb_device (int scan_mode,
+- int readerno, int *count, char **rid_list,
+- const char *readerid,
+- struct libusb_device *dev,
+- char **r_rid,
+- struct libusb_device_descriptor *desc,
+- libusb_device_handle **r_idev,
+- unsigned char **ifcdesc_extra,
+- size_t *ifcdesc_extra_len,
+- int *interface_number, int *setting_number,
+- int *ep_bulk_out, int *ep_bulk_in, int *ep_intr)
++static void
++scan_usb_device (int *count, char **rid_list, struct libusb_device *dev)
+ {
+ int ifc_no;
+ int set_no;
+@@ -1152,16 +1142,16 @@ scan_or_find_usb_device (int scan_mode,
+ libusb_device_handle *idev = NULL;
+ int err;
+ struct libusb_config_descriptor *config;
++ struct libusb_device_descriptor desc;
++ char *p;
+
+- err = libusb_get_device_descriptor (dev, desc);
++ err = libusb_get_device_descriptor (dev, &desc);
+ if (err)
+- return 0;
+-
+- *r_idev = NULL;
++ return;
+
+ err = libusb_get_active_config_descriptor (dev, &config);
+ if (err)
+- return 0;
++ return;
+
+ for (ifc_no=0; ifc_no < config->bNumInterfaces; ifc_no++)
+ for (set_no=0; set_no < config->interface[ifc_no].num_altsetting; set_no++)
+@@ -1177,15 +1167,13 @@ scan_or_find_usb_device (int scan_mode,
+ && ifcdesc->bInterfaceSubClass == 0
+ && ifcdesc->bInterfaceProtocol == 0)
+ || (ifcdesc->bInterfaceClass == 255
+- && desc->idVendor == VENDOR_SCM
+- && desc->idProduct == SCM_SPR532)
++ && desc.idVendor == VENDOR_SCM
++ && desc.idProduct == SCM_SPR532)
+ || (ifcdesc->bInterfaceClass == 255
+- && desc->idVendor == VENDOR_CHERRY
+- && desc->idProduct == CHERRY_ST2000)))
++ && desc.idVendor == VENDOR_CHERRY
++ && desc.idProduct == CHERRY_ST2000)))
+ {
+ ++*count;
+- if (!scan_mode && ((readerno > 0 && readerno != *count - 1)))
+- continue;
+
+ err = libusb_open (dev, &idev);
+ if (err)
+@@ -1194,89 +1182,36 @@ scan_or_find_usb_device (int scan_mode,
+ continue; /* with next setting. */
+ }
+
+- rid = make_reader_id (idev, desc->idVendor, desc->idProduct,
+- desc->iSerialNumber);
++ rid = make_reader_id (idev, desc.idVendor, desc.idProduct,
++ desc.iSerialNumber);
+ if (!rid)
+ {
+ libusb_free_config_descriptor (config);
+- return 0;
++ return;
+ }
+
+- if (!scan_mode && readerno == -1 && readerid
+- && strncmp (rid, readerid, strlen (readerid)))
+- continue;
+-
+- if (scan_mode)
++ /* We are collecting infos about all available CCID
++ readers. Store them and continue. */
++ DEBUGOUT_2 ("found CCID reader %d (ID=%s)\n", *count, rid);
++ p = malloc ((*rid_list? strlen (*rid_list):0) + 1
++ + strlen (rid) + 1);
++ if (p)
+ {
+- char *p;
+-
+- /* We are collecting infos about all
+- available CCID readers. Store them and
+- continue. */
+- DEBUGOUT_2 ("found CCID reader %d (ID=%s)\n", *count, rid);
+- p = malloc ((*rid_list? strlen (*rid_list):0) + 1
+- + strlen (rid) + 1);
+- if (p)
+- {
+- *p = 0;
+- if (*rid_list)
+- {
+- strcat (p, *rid_list);
+- free (*rid_list);
+- }
+- strcat (p, rid);
+- strcat (p, "\n");
+- *rid_list = p;
+- }
+- else /* Out of memory. */
++ *p = 0;
++ if (*rid_list)
+ {
+- libusb_free_config_descriptor (config);
+- free (rid);
+- return 0;
++ strcat (p, *rid_list);
++ free (*rid_list);
+ }
++ strcat (p, rid);
++ strcat (p, "\n");
++ *rid_list = p;
+ }
+- else
++ else /* Out of memory. */
+ {
+- /* We found the requested reader. */
+- if (ifcdesc_extra && ifcdesc_extra_len)
+- {
+- *ifcdesc_extra = malloc (ifcdesc->extra_length);
+- if (!*ifcdesc_extra)
+- {
+- libusb_close (idev);
+- free (rid);
+- libusb_free_config_descriptor (config);
+- return 1; /* Out of core. */
+- }
+- memcpy (*ifcdesc_extra, ifcdesc->extra,
+- ifcdesc->extra_length);
+- *ifcdesc_extra_len = ifcdesc->extra_length;
+- }
+-
+- if (interface_number)
+- *interface_number = ifc_no;
+-
+- if (setting_number)
+- *setting_number = set_no;
+-
+- if (ep_bulk_out)
+- *ep_bulk_out = find_endpoint (ifcdesc, 0);
+- if (ep_bulk_in)
+- *ep_bulk_in = find_endpoint (ifcdesc, 1);
+- if (ep_intr)
+- *ep_intr = find_endpoint (ifcdesc, 2);
+-
+- if (r_rid)
+- {
+- *r_rid = rid;
+- rid = NULL;
+- }
+- else
+- free (rid);
+-
+- *r_idev = idev;
+ libusb_free_config_descriptor (config);
+- return 1; /* Found requested device. */
++ free (rid);
++ return;
+ }
+
+ free (rid);
+@@ -1286,205 +1221,44 @@ scan_or_find_usb_device (int scan_mode,
+ }
+
+ libusb_free_config_descriptor (config);
+-
+- return 0;
+ }
+
+-/* Combination function to either scan all CCID devices or to find and
+- open one specific device.
++/* Scan all CCID devices.
+
+ The function returns 0 if a reader has been found or when a scan
+ returned without error.
+
+- With READERNO = -1 and READERID is NULL, scan mode is used and
+ R_RID should be the address where to store the list of reader_ids
+ we found. If on return this list is empty, no CCID device has been
+ found; otherwise it points to an allocated linked list of reader
+- IDs. Note that in this mode the function always returns NULL.
+-
+- With READERNO >= 0 or READERID is not NULL find mode is used. This
+- uses the same algorithm as the scan mode but stops and returns at
+- the entry number READERNO and return the handle for the opened
+- USB device. If R_RID is not NULL it will receive the reader ID of
+- that device. If R_DEV is not NULL it will the device pointer of
+- that device. If IFCDESC_EXTRA is NOT NULL it will receive a
+- malloced copy of the interfaces "extra: data filed;
+- IFCDESC_EXTRA_LEN receive the length of this field. If there is
+- no reader with number READERNO or that reader is not usable by our
+- implementation NULL will be returned. The caller must close a
+- returned USB device handle and free (if not passed as NULL) the
+- returned reader ID info as well as the IFCDESC_EXTRA. On error
+- NULL will get stored at R_RID, R_DEV, IFCDESC_EXTRA and
+- IFCDESC_EXTRA_LEN. With READERID being -1 the function stops if
+- the READERID was found.
+-
+- If R_FD is not -1 on return the device is not using USB for
+- transport but the device associated with that file descriptor. In
+- this case INTERFACE will receive the transport type and the other
+- USB specific return values are not used; the return value is
+- (void*)(1).
+-
+- Note that the first entry of the returned reader ID list in scan mode
+- corresponds with a READERNO of 0 in find mode.
++ IDs.
+ */
+ static int
+-scan_or_find_devices (int readerno, const char *readerid,
+- char **r_rid,
+- struct libusb_device_descriptor *r_desc,
+- unsigned char **ifcdesc_extra,
+- size_t *ifcdesc_extra_len,
+- int *interface_number, int *setting_number,
+- int *ep_bulk_out, int *ep_bulk_in, int *ep_intr,
+- libusb_device_handle **r_idev,
+- int *r_fd)
++scan_devices (char **r_rid)
+ {
+ char *rid_list = NULL;
+ int count = 0;
+ libusb_device **dev_list = NULL;
+ libusb_device *dev;
+- libusb_device_handle *idev = NULL;
+- int scan_mode = (readerno == -1 && !readerid);
+ int i;
+ ssize_t n;
+- struct libusb_device_descriptor desc;
+
+ /* Set return values to a default. */
+ if (r_rid)
+ *r_rid = NULL;
+- if (ifcdesc_extra)
+- *ifcdesc_extra = NULL;
+- if (ifcdesc_extra_len)
+- *ifcdesc_extra_len = 0;
+- if (interface_number)
+- *interface_number = 0;
+- if (setting_number)
+- *setting_number = 0;
+- if (r_idev)
+- *r_idev = NULL;
+- if (r_fd)
+- *r_fd = -1;
+-
+- /* See whether we want scan or find mode. */
+- if (scan_mode)
+- {
+- assert (r_rid);
+- }
+
+ n = libusb_get_device_list (NULL, &dev_list);
+
+ for (i = 0; i < n; i++)
+ {
+ dev = dev_list[i];
+- if (scan_or_find_usb_device (scan_mode, readerno, &count, &rid_list,
+- readerid,
+- dev,
+- r_rid,
+- &desc,
+- &idev,
+- ifcdesc_extra,
+- ifcdesc_extra_len,
+- interface_number, setting_number,
+- ep_bulk_out, ep_bulk_in, ep_intr))
+- {
+- libusb_free_device_list (dev_list, 1);
+- /* Found requested device or out of core. */
+- if (!idev)
+- {
+- free (rid_list);
+- return -1; /* error */
+- }
+- *r_idev = idev;
+- if (r_desc)
+- memcpy (r_desc, &desc, sizeof (struct libusb_device_descriptor));
+- return 0;
+- }
++ scan_usb_device (&count, &rid_list, dev);
+ }
+
+ libusb_free_device_list (dev_list, 1);
+
+- /* Now check whether there are any devices with special transport types. */
+- for (i=0; transports[i].name; i++)
+- {
+- int fd;
+- char *rid, *p;
+-
+- fd = open (transports[i].name, O_RDWR);
+- if (fd == -1 && scan_mode && errno == EBUSY)
+- {
+- /* Ignore this error in scan mode because it indicates that
+- the device exists but is already open (most likely by us)
+- and thus in general suitable as a reader. */
+- }
+- else if (fd == -1)
+- {
+- DEBUGOUT_2 ("failed to open '%s': %s\n",
+- transports[i].name, strerror (errno));
+- continue;
+- }
+-
+- rid = malloc (strlen (transports[i].name) + 30 + 10);
+- if (!rid)
+- {
+- if (fd != -1)
+- close (fd);
+- free (rid_list);
+- return -1; /* Error. */
+- }
+- sprintf (rid, "0000:%04X:%s:0", transports[i].type, transports[i].name);
+- if (scan_mode)
+- {
+- DEBUGOUT_2 ("found CCID reader %d (ID=%s)\n", count, rid);
+- p = malloc ((rid_list? strlen (rid_list):0) + 1 + strlen (rid) + 1);
+- if (!p)
+- {
+- if (fd != -1)
+- close (fd);
+- free (rid_list);
+- free (rid);
+- return -1; /* Error. */
+- }
+- *p = 0;
+- if (rid_list)
+- {
+- strcat (p, rid_list);
+- free (rid_list);
+- }
+- strcat (p, rid);
+- strcat (p, "\n");
+- rid_list = p;
+- ++count;
+- }
+- else if (!readerno ||
+- (readerno < 0 && readerid && !strcmp (readerid, rid)))
+- {
+- /* Found requested device. */
+- if (interface_number)
+- *interface_number = transports[i].type;
+- if (r_rid)
+- *r_rid = rid;
+- else
+- free (rid);
+- if (r_fd)
+- *r_fd = fd;
+- return 0; /* Okay, found device */
+- }
+- else /* This is not yet the reader we want. */
+- {
+- if (readerno >= 0)
+- --readerno;
+- }
+- free (rid);
+- if (fd != -1)
+- close (fd);
+- }
+-
+- if (scan_mode)
+- {
+- *r_rid = rid_list;
+- return 0;
+- }
+- else
+- return -1;
++ *r_rid = rid_list;
++ return 0;
+ }
+
+
+@@ -1517,8 +1291,7 @@ ccid_get_reader_list (void)
+ initialized_usb = 1;
+ }
+
+- if (scan_or_find_devices (-1, NULL, &reader_list, NULL, NULL, NULL, NULL,
+- NULL, NULL, NULL, NULL, NULL, NULL))
++ if (scan_devices (&reader_list))
+ return NULL; /* Error. */
+ return reader_list;
+ }
+@@ -2484,7 +2257,7 @@ abort_cmd (ccid_driver_t handle, int seqno)
+ if (!handle->idev)
+ {
+ /* I don't know how to send an abort to non-USB devices. */
+- rc = CCID_DRIVER_ERR_NOT_SUPPORTED;
++ return CCID_DRIVER_ERR_NOT_SUPPORTED;
+ }
+
+ seqno &= 0xff;
+@@ -2639,7 +2412,8 @@ send_escape_cmd (ccid_driver_t handle,
+ else
+ {
+ memcpy (result, msg, msglen);
+- *resultlen = msglen;
++ if (resultlen)
++ *resultlen = msglen;
+ rc = 0;
+ }
+ }
+@@ -4006,9 +3780,7 @@ ccid_transceive_secure (ccid_driver_t handle,
+ }
+
+ memcpy (resp, p, n);
+- resp += n;
+ *nresp += n;
+- maxresplen -= n;
+ }
+
+ if (!(tpdu[1] & 0x20))
diff --git a/debian/patches/0024-gpg-Fix-printing-of-offline-taken-subkey.patch b/debian/patches/0024-gpg-Fix-printing-of-offline-taken-subkey.patch
new file mode 100644
index 0000000..fe88391
--- /dev/null
+++ b/debian/patches/0024-gpg-Fix-printing-of-offline-taken-subkey.patch
@@ -0,0 +1,27 @@
+From: Werner Koch <wk at gnupg.org>
+Date: Fri, 7 Apr 2017 10:11:07 +0200
+Subject: gpg: Fix printing of offline taken subkey.
+
+* g10/keylist.c (list_keyblock_print): Set SECRET to 2 and not 0x32.
+--
+
+Reported-by: Danielle McLean <dani at 00dani.me>
+Signed-off-by: Werner Koch <wk at gnupg.org>
+(cherry picked from commit 547bc01d57528ecc27b3b5e16797967a7f88fecf)
+---
+ g10/keylist.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/g10/keylist.c b/g10/keylist.c
+index 2b6ee9f..c75856f 100644
+--- a/g10/keylist.c
++++ b/g10/keylist.c
+@@ -1016,7 +1016,7 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
+ if (!agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
+ secret = serialno? 3 : 1;
+ else
+- secret = '2'; /* Key not found. */
++ secret = 2; /* Key not found. */
+ }
+
+ /* Print the "sub" line. */
diff --git a/debian/patches/0025-doc-Explain-the-in-a-key-listing.patch b/debian/patches/0025-doc-Explain-the-in-a-key-listing.patch
new file mode 100644
index 0000000..fd7d5bd
--- /dev/null
+++ b/debian/patches/0025-doc-Explain-the-in-a-key-listing.patch
@@ -0,0 +1,34 @@
+From: Werner Koch <wk at gnupg.org>
+Date: Fri, 7 Apr 2017 10:26:55 +0200
+Subject: doc: Explain the '>' in a key listing.
+
+--
+
+Signed-off-by: Werner Koch <wk at gnupg.org>
+(cherry picked from commit 9c9fde1495be4accf4526a2626110876fd9d788d)
+---
+ doc/gpg.texi | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/doc/gpg.texi b/doc/gpg.texi
+index 37e1ff1..c0d7cc4 100644
+--- a/doc/gpg.texi
++++ b/doc/gpg.texi
+@@ -301,10 +301,13 @@ and other programs.
+ @itemx -K
+ @opindex list-secret-keys
+ List the specified secret keys. If no keys are specified, then all
+-known secret keys are listed. A @code{#} after the letters @code{sec}
+-means that the secret key is not usable (for example, if it was
+-exported using @option{--export-secret-subkeys}). See also
+- at option{--list-keys}.
++known secret keys are listed. A @code{#} after the intial tags
++ at code{sec} or @code{ssb} means that the secret key or subkey is
++currently not usable. We also say that this key has been taken
++offline (for example, a primary key can be taken offline by exported
++the key using the command @option{--export-secret-subkeys}). A
++ at code{>} after these tags indicate that the key is stored on a
++smartcard. See also @option{--list-keys}.
+
+ @item --list-signatures
+ @opindex list-signatures
diff --git a/debian/patches/0026-gpgscm-Fix-compact-vector-encoding.patch b/debian/patches/0026-gpgscm-Fix-compact-vector-encoding.patch
new file mode 100644
index 0000000..16ad861
--- /dev/null
+++ b/debian/patches/0026-gpgscm-Fix-compact-vector-encoding.patch
@@ -0,0 +1,43 @@
+From: Justus Winter <justus at g10code.com>
+Date: Fri, 7 Apr 2017 12:27:47 +0200
+Subject: gpgscm: Fix compact vector encoding.
+
+* tests/gpgscm/scheme-private.h (struct cell): Use uintptr_t for
+'_flags'. This way, '_flags' has the size of a machine word.
+--
+
+The compact vector representation introduced in 49e2ae65 requires that
+we can tell apart pointers and type flags. This did not work on
+64-bit big-endian architectures.
+
+Fixes a crash on 64-bit big-endian architectures.
+
+Hat-tip-to: gniibe
+Fixes-commit: 49e2ae65e892f93be7f87cfaae3392b50a99e4b1
+Signed-off-by: Justus Winter <justus at g10code.com>
+(cherry picked from commit bf8b5e9042b3d86d419b2ac1987a9298c9d21500)
+---
+ tests/gpgscm/scheme-private.h | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/tests/gpgscm/scheme-private.h b/tests/gpgscm/scheme-private.h
+index abd89e8..fe50135 100644
+--- a/tests/gpgscm/scheme-private.h
++++ b/tests/gpgscm/scheme-private.h
+@@ -3,6 +3,7 @@
+ #ifndef _SCHEME_PRIVATE_H
+ #define _SCHEME_PRIVATE_H
+
++#include <stdint.h>
+ #include "scheme.h"
+ /*------------------ Ugly internals -----------------------------------*/
+ /*------------------ Of interest only to FFI users --------------------*/
+@@ -42,7 +43,7 @@ typedef struct port {
+
+ /* cell structure */
+ struct cell {
+- unsigned int _flag;
++ uintptr_t _flag;
+ union {
+ struct {
+ char *_svalue;
diff --git a/debian/patches/0027-gpgscm-Remove-arbitrary-limit-on-number-of-cell-segm.patch b/debian/patches/0027-gpgscm-Remove-arbitrary-limit-on-number-of-cell-segm.patch
new file mode 100644
index 0000000..39a5c2b
--- /dev/null
+++ b/debian/patches/0027-gpgscm-Remove-arbitrary-limit-on-number-of-cell-segm.patch
@@ -0,0 +1,285 @@
+From: Justus Winter <justus at g10code.com>
+Date: Wed, 22 Mar 2017 16:22:57 +0100
+Subject: gpgscm: Remove arbitrary limit on number of cell segments.
+
+* tests/gpgscm/scheme-private.h (struct scheme): Remove fixed-size
+arrays for cell segments, replace them with a pointer to the new
+'struct cell_segment' instead.
+* tests/gpgscm/scheme.c (struct cell_segment): New definition.
+(_alloc_cellseg): Allocate the header within the segment, return a
+pointer to the header.
+(_dealloc_cellseg): New function.
+(alloc_cellseg): Insert the segments into a list.
+(_get_cell): Allocate a new segment if less than a quarter of
+CELL_SIGSIZE is recovered during garbage collection.
+(initialize_small_integers): Adapt callsite.
+(gc): Walk the list of segments.
+(scheme_init_custom_alloc): Remove initialization of removed field.
+(scheme_deinit): Adapt deallocation.
+--
+
+Previously the number of cells that could be allocated was a
+compile-time limit. Remove this limit.
+
+Signed-off-by: Justus Winter <justus at g10code.com>
+(cherry picked from commit 56638c28adc1bbe9fc052b92549a50935c0fe99c)
+---
+ tests/gpgscm/scheme-private.h | 10 +---
+ tests/gpgscm/scheme.c | 108 ++++++++++++++++++++++++++++--------------
+ 2 files changed, 74 insertions(+), 44 deletions(-)
+
+diff --git a/tests/gpgscm/scheme-private.h b/tests/gpgscm/scheme-private.h
+index fe50135..093442f 100644
+--- a/tests/gpgscm/scheme-private.h
++++ b/tests/gpgscm/scheme-private.h
+@@ -108,12 +108,7 @@ int tracing;
+ #ifndef CELL_SEGSIZE
+ #define CELL_SEGSIZE 5000 /* # of cells in one segment */
+ #endif
+-#ifndef CELL_NSEGMENT
+-#define CELL_NSEGMENT 10 /* # of segments for cells */
+-#endif
+-void *alloc_seg[CELL_NSEGMENT];
+-pointer cell_seg[CELL_NSEGMENT];
+-int last_cell_seg;
++struct cell_segment *cell_segments;
+
+ /* We use 4 registers. */
+ pointer args; /* register for arguments of function */
+@@ -159,8 +154,7 @@ pointer COMPILE_HOOK; /* *compile-hook* */
+
+ #if USE_SMALL_INTEGERS
+ /* A fixed allocation of small integers. */
+-void *integer_alloc;
+-pointer integer_cells;
++struct cell_segment *integer_segment;
+ #endif
+
+ pointer free_cell; /* pointer to top of free cells */
+diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c
+index aa0cf69..08b53a1 100644
+--- a/tests/gpgscm/scheme.c
++++ b/tests/gpgscm/scheme.c
+@@ -725,9 +725,26 @@ get_tag(scheme *sc, pointer v)
+
+
+
++/* Low-level allocator.
++ *
++ * Memory is allocated in segments. Every segment holds a fixed
++ * number of cells. Segments are linked into a list, sorted in
++ * reverse address order (i.e. those with a higher address first).
++ * This is used in the garbage collector to build the freelist in
++ * address order.
++ */
++
++struct cell_segment
++{
++ struct cell_segment *next;
++ void *alloc;
++ pointer cells;
++ size_t cells_len;
++};
++
+ /* Allocate a new cell segment but do not make it available yet. */
+ static int
+-_alloc_cellseg(scheme *sc, size_t len, void **alloc, pointer *cells)
++_alloc_cellseg(scheme *sc, size_t len, struct cell_segment **segment)
+ {
+ int adj = ADJ;
+ void *cp;
+@@ -735,46 +752,64 @@ _alloc_cellseg(scheme *sc, size_t len, void **alloc, pointer *cells)
+ if (adj < sizeof(struct cell))
+ adj = sizeof(struct cell);
+
+- cp = sc->malloc(len * sizeof(struct cell) + adj);
++ /* The segment header is conveniently allocated with the cells. */
++ cp = sc->malloc(sizeof **segment + len * sizeof(struct cell) + adj);
+ if (cp == NULL)
+ return 1;
+
+- *alloc = cp;
++ *segment = cp;
++ (*segment)->next = NULL;
++ (*segment)->alloc = cp;
++ cp = (void *) ((uintptr_t) cp + sizeof **segment);
+
+ /* adjust in TYPE_BITS-bit boundary */
+ if (((uintptr_t) cp) % adj != 0)
+ cp = (void *) (adj * ((uintptr_t) cp / adj + 1));
+
+- *cells = cp;
++ (*segment)->cells = cp;
++ (*segment)->cells_len = len;
+ return 0;
+ }
+
++/* Deallocate a cell segment. Returns the next cell segment.
++ * Convenient for deallocation in a loop. */
++static struct cell_segment *
++_dealloc_cellseg(scheme *sc, struct cell_segment *segment)
++{
++
++ struct cell_segment *next;
++
++ if (segment == NULL)
++ return NULL;
++
++ next = segment->next;
++ sc->free(segment->alloc);
++ return next;
++}
++
+ /* allocate new cell segment */
+ static int alloc_cellseg(scheme *sc, int n) {
+- pointer newp;
+ pointer last;
+ pointer p;
+- long i;
+ int k;
+
+ for (k = 0; k < n; k++) {
+- if (sc->last_cell_seg >= CELL_NSEGMENT - 1)
+- return k;
+- i = ++sc->last_cell_seg;
+- if (_alloc_cellseg(sc, CELL_SEGSIZE, &sc->alloc_seg[i], &newp)) {
+- sc->last_cell_seg--;
++ struct cell_segment *new, **s;
++ if (_alloc_cellseg(sc, CELL_SEGSIZE, &new)) {
+ return k;
+ }
+- /* insert new segment in address order */
+- sc->cell_seg[i] = newp;
+- while (i > 0 && sc->cell_seg[i - 1] > sc->cell_seg[i]) {
+- p = sc->cell_seg[i];
+- sc->cell_seg[i] = sc->cell_seg[i - 1];
+- sc->cell_seg[--i] = p;
+- }
+- sc->fcells += CELL_SEGSIZE;
+- last = newp + CELL_SEGSIZE - 1;
+- for (p = newp; p <= last; p++) {
++ /* insert new segment in reverse address order */
++ for (s = &sc->cell_segments;
++ *s && (uintptr_t) (*s)->alloc > (uintptr_t) new->alloc;
++ s = &(*s)->next) {
++ /* walk */
++ }
++ new->next = *s;
++ *s = new;
++
++ sc->fcells += new->cells_len;
++ last = new->cells + new->cells_len - 1;
++ for (p = new->cells; p <= last; p++) {
+ typeflag(p) = 0;
+ cdr(p) = p + 1;
+ car(p) = sc->NIL;
+@@ -782,13 +817,13 @@ static int alloc_cellseg(scheme *sc, int n) {
+ /* insert new cells in address order on free list */
+ if (sc->free_cell == sc->NIL || p < sc->free_cell) {
+ cdr(last) = sc->free_cell;
+- sc->free_cell = newp;
++ sc->free_cell = new->cells;
+ } else {
+ p = sc->free_cell;
+- while (cdr(p) != sc->NIL && newp > cdr(p))
++ while (cdr(p) != sc->NIL && (uintptr_t) new->cells > (uintptr_t) cdr(p))
+ p = cdr(p);
+ cdr(last) = cdr(p);
+- cdr(p) = newp;
++ cdr(p) = new->cells;
+ }
+ }
+ return n;
+@@ -922,7 +957,7 @@ static pointer _get_cell(scheme *sc, pointer a, pointer b) {
+
+ assert (gc_enabled (sc));
+ if (sc->free_cell == sc->NIL) {
+- const int min_to_be_recovered = sc->last_cell_seg*8;
++ const int min_to_be_recovered = CELL_SEGSIZE / 4;
+ gc(sc,a, b);
+ if (sc->fcells < min_to_be_recovered
+ || sc->free_cell == sc->NIL) {
+@@ -1283,12 +1318,11 @@ static int
+ initialize_small_integers(scheme *sc)
+ {
+ int i;
+- if (_alloc_cellseg(sc, MAX_SMALL_INTEGER, &sc->integer_alloc,
+- &sc->integer_cells))
++ if (_alloc_cellseg(sc, MAX_SMALL_INTEGER, &sc->integer_segment))
+ return 1;
+
+ for (i = 0; i < MAX_SMALL_INTEGER; i++) {
+- pointer x = &sc->integer_cells[i];
++ pointer x = &sc->integer_segment->cells[i];
+ typeflag(x) = T_NUMBER | T_ATOM | MARK;
+ ivalue_unchecked(x) = i;
+ set_num_integer(x);
+@@ -1302,7 +1336,7 @@ mk_small_integer(scheme *sc, long n)
+ {
+ #define mk_small_integer_allocates 0
+ assert(0 <= n && n < MAX_SMALL_INTEGER);
+- return &sc->integer_cells[n];
++ return &sc->integer_segment->cells[n];
+ }
+ #else
+
+@@ -1666,6 +1700,7 @@ E6: /* up. Undo the link switching from steps E4 and E5. */
+ /* garbage collection. parameter a, b is marked. */
+ static void gc(scheme *sc, pointer a, pointer b) {
+ pointer p;
++ struct cell_segment *s;
+ int i;
+
+ assert (gc_enabled (sc));
+@@ -1712,9 +1747,9 @@ static void gc(scheme *sc, pointer a, pointer b) {
+ (which are also kept sorted by address) downwards to build the
+ free-list in sorted order.
+ */
+- for (i = sc->last_cell_seg; i >= 0; i--) {
+- p = sc->cell_seg[i] + CELL_SEGSIZE;
+- while (--p >= sc->cell_seg[i]) {
++ for (s = sc->cell_segments; s; s = s->next) {
++ p = s->cells + s->cells_len;
++ while (--p >= s->cells) {
+ if ((typeflag(p) & 1) == 0)
+ /* All types have the LSB set. This is not a typeflag. */
+ continue;
+@@ -5592,7 +5627,6 @@ int scheme_init_custom_alloc(scheme *sc, func_alloc malloc, func_dealloc free) {
+ sc->gensym_cnt=0;
+ sc->malloc=malloc;
+ sc->free=free;
+- sc->last_cell_seg = -1;
+ sc->sink = &sc->_sink;
+ sc->NIL = &sc->_NIL;
+ sc->T = &sc->_HASHT;
+@@ -5626,6 +5660,7 @@ int scheme_init_custom_alloc(scheme *sc, func_alloc malloc, func_dealloc free) {
+ }
+ sc->strbuff_size = STRBUFFSIZE;
+
++ sc->cell_segments = NULL;
+ if (alloc_cellseg(sc,FIRST_CELLSEGS) != FIRST_CELLSEGS) {
+ sc->no_memory=1;
+ return 0;
+@@ -5726,6 +5761,7 @@ void scheme_set_external_data(scheme *sc, void *p) {
+ }
+
+ void scheme_deinit(scheme *sc) {
++ struct cell_segment *s;
+ int i;
+
+ sc->oblist=sc->NIL;
+@@ -5758,11 +5794,11 @@ void scheme_deinit(scheme *sc) {
+ gc(sc,sc->NIL,sc->NIL);
+
+ #if USE_SMALL_INTEGERS
+- sc->free(sc->integer_alloc);
++ _dealloc_cellseg(sc, sc->integer_segment);
+ #endif
+
+- for(i=0; i<=sc->last_cell_seg; i++) {
+- sc->free(sc->alloc_seg[i]);
++ for (s = sc->cell_segments; s; s = _dealloc_cellseg(sc, s)) {
++ /* nop */
+ }
+ sc->free(sc->strbuff);
+ }
diff --git a/debian/patches/0028-gpgscm-Make-global-data-constant-when-possible.patch b/debian/patches/0028-gpgscm-Make-global-data-constant-when-possible.patch
new file mode 100644
index 0000000..673de95
--- /dev/null
+++ b/debian/patches/0028-gpgscm-Make-global-data-constant-when-possible.patch
@@ -0,0 +1,156 @@
+From: Justus Winter <justus at g10code.com>
+Date: Thu, 23 Mar 2017 12:50:27 +0100
+Subject: gpgscm: Make global data constant when possible.
+
+* tests/gpgscm/scheme-private.h (struct scheme): Make 'vptr' const.
+* tests/gpgscm/scheme.c (num_zero): Statically initialize and turn
+into constant.
+(num_one): Likewise.
+(charnames): Change type so that it can be stored in rodata.
+(is_ascii_name): Adapt slightly.
+(assign_proc): Make argument const char *.
+(op_code_info): Make some fields const char *.
+(tests): Make const.
+(dispatch_table): Make const. At least it can be made read-only after
+relocation.
+(Eval_Cycle): Adapt slightly.
+(vtbl): Make const.
+
+Signed-off-by: Justus Winter <justus at g10code.com>
+(cherry picked from commit c9c3fe883271868d3b2dd287d295cf6a8f8ffc05)
+---
+ tests/gpgscm/scheme-private.h | 2 +-
+ tests/gpgscm/scheme.c | 32 ++++++++++++++------------------
+ 2 files changed, 15 insertions(+), 19 deletions(-)
+
+diff --git a/tests/gpgscm/scheme-private.h b/tests/gpgscm/scheme-private.h
+index 093442f..69b78f2 100644
+--- a/tests/gpgscm/scheme-private.h
++++ b/tests/gpgscm/scheme-private.h
+@@ -200,7 +200,7 @@ unsigned int flags;
+ void *ext_data; /* For the benefit of foreign functions */
+ long gensym_cnt;
+
+-struct scheme_interface *vptr;
++const struct scheme_interface *vptr;
+ };
+
+ /* operator code */
+diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c
+index 08b53a1..c37b568 100644
+--- a/tests/gpgscm/scheme.c
++++ b/tests/gpgscm/scheme.c
+@@ -205,8 +205,8 @@ static INLINE int num_is_integer(pointer p) {
+ return ((p)->_object._number.is_fixnum);
+ }
+
+-static num num_zero;
+-static num num_one;
++static const struct num num_zero = { 1, {0} };
++static const struct num num_one = { 1, {1} };
+
+ /* macros for cell operations */
+ #define typeflag(p) ((p)->_flag)
+@@ -339,7 +339,7 @@ static INLINE int Cislower(int c) { return isascii(c) && islower(c); }
+ #endif
+
+ #if USE_ASCII_NAMES
+-static const char *charnames[32]={
++static const char charnames[32][3]={
+ "nul",
+ "soh",
+ "stx",
+@@ -377,12 +377,12 @@ static const char *charnames[32]={
+ static int is_ascii_name(const char *name, int *pc) {
+ int i;
+ for(i=0; i<32; i++) {
+- if(stricmp(name,charnames[i])==0) {
++ if (strncasecmp(name, charnames[i], 3) == 0) {
+ *pc=i;
+ return 1;
+ }
+ }
+- if(stricmp(name,"del")==0) {
++ if (strcasecmp(name, "del") == 0) {
+ *pc=127;
+ return 1;
+ }
+@@ -447,7 +447,7 @@ static pointer opexe_6(scheme *sc, enum scheme_opcodes op);
+ static void Eval_Cycle(scheme *sc, enum scheme_opcodes op);
+ static void assign_syntax(scheme *sc, char *name);
+ static int syntaxnum(pointer p);
+-static void assign_proc(scheme *sc, enum scheme_opcodes, char *name);
++static void assign_proc(scheme *sc, enum scheme_opcodes, const char *name);
+
+ #define num_ivalue(n) (n.is_fixnum?(n).value.ivalue:(long)(n).value.rvalue)
+ #define num_rvalue(n) (!n.is_fixnum?(n).value.rvalue:(double)(n).value.ivalue)
+@@ -5308,7 +5308,7 @@ static int is_nonneg(pointer p) {
+ }
+
+ /* Correspond carefully with following defines! */
+-static struct {
++static const struct {
+ test_predicate fct;
+ const char *kind;
+ } tests[]={
+@@ -5347,17 +5347,18 @@ static struct {
+
+ typedef struct {
+ dispatch_func func;
+- char *name;
++ const char *name;
+ int min_arity;
+ int max_arity;
+- char *arg_tests_encoding;
++ const char *arg_tests_encoding;
+ } op_code_info;
+
+ #define INF_ARG 0xffff
+
+-static op_code_info dispatch_table[]= {
++static const op_code_info dispatch_table[]= {
+ #define _OP_DEF(A,B,C,D,E,OP) {A,B,C,D,E},
+ #include "opdefines.h"
++#undef _OP_DEF
+ { 0 }
+ };
+
+@@ -5374,7 +5375,7 @@ static const char *procname(pointer x) {
+ static void Eval_Cycle(scheme *sc, enum scheme_opcodes op) {
+ sc->op = op;
+ for (;;) {
+- op_code_info *pcd=dispatch_table+sc->op;
++ const op_code_info *pcd=dispatch_table+sc->op;
+ if (pcd->name!=0) { /* if built-in function, check arguments */
+ char msg[STRBUFFSIZE];
+ int ok=1;
+@@ -5457,7 +5458,7 @@ static void assign_syntax(scheme *sc, char *name) {
+ typeflag(x) |= T_SYNTAX;
+ }
+
+-static void assign_proc(scheme *sc, enum scheme_opcodes op, char *name) {
++static void assign_proc(scheme *sc, enum scheme_opcodes op, const char *name) {
+ pointer x, y;
+
+ x = mk_symbol(sc, name);
+@@ -5519,7 +5520,7 @@ INTERFACE static pointer s_immutable_cons(scheme *sc, pointer a, pointer b) {
+ return immutable_cons(sc,a,b);
+ }
+
+-static struct scheme_interface vtbl ={
++static const struct scheme_interface vtbl = {
+ scheme_define,
+ s_cons,
+ s_immutable_cons,
+@@ -5616,11 +5617,6 @@ int scheme_init_custom_alloc(scheme *sc, func_alloc malloc, func_dealloc free) {
+ int i, n=sizeof(dispatch_table)/sizeof(dispatch_table[0]);
+ pointer x;
+
+- num_zero.is_fixnum=1;
+- num_zero.value.ivalue=0;
+- num_one.is_fixnum=1;
+- num_one.value.ivalue=1;
+-
+ #if USE_INTERFACE
+ sc->vptr=&vtbl;
+ #endif
diff --git a/debian/patches/0029-gpgscm-Allocate-small-integers-in-the-rodata-section.patch b/debian/patches/0029-gpgscm-Allocate-small-integers-in-the-rodata-section.patch
new file mode 100644
index 0000000..1484856
--- /dev/null
+++ b/debian/patches/0029-gpgscm-Allocate-small-integers-in-the-rodata-section.patch
@@ -0,0 +1,1011 @@
+From: Justus Winter <justus at g10code.com>
+Date: Thu, 23 Mar 2017 15:21:36 +0100
+Subject: gpgscm: Allocate small integers in the rodata section.
+
+* tests/gpgscm/Makefile.am (gpgscm_SOURCES): Add new file.
+* tests/gpgscm/scheme-private.h (struct cell): Move number to the top
+of the union so that we can initialize it.
+(struct scheme): Remove 'integer_segment'.
+* tests/gpgscm/scheme.c (initialize_small_integers): Remove function.
+(small_integers): New variable.
+(MAX_SMALL_INTEGER): Compute.
+(mk_small_integer): Adapt.
+(mark): Avoid marking objects already marked. This allows us to run
+the algorithm over objects in the rodata section if they are already
+marked.
+(scheme_init_custom_alloc): Remove initialization.
+(scheme_deinit): Remove deallocation.
+* tests/gpgscm/small-integers.h: New file.
+--
+
+Allocate small integers from a fixed pool in the rodata section. This
+spares us the initialization, and deduplicates integers across
+different processes. It also makes the integers immutable, increasing
+memory safety.
+
+Signed-off-by: Justus Winter <justus at g10code.com>
+(cherry picked from commit 8640fa880d7050917f4729f2c0cb506e165ee446)
+---
+ tests/gpgscm/Makefile.am | 3 +-
+ tests/gpgscm/scheme-private.h | 7 +-
+ tests/gpgscm/scheme.c | 41 +-
+ tests/gpgscm/small-integers.h | 847 ++++++++++++++++++++++++++++++++++++++++++
+ 4 files changed, 861 insertions(+), 37 deletions(-)
+ create mode 100644 tests/gpgscm/small-integers.h
+
+diff --git a/tests/gpgscm/Makefile.am b/tests/gpgscm/Makefile.am
+index 8942c7c..15fc883 100644
+--- a/tests/gpgscm/Makefile.am
++++ b/tests/gpgscm/Makefile.am
+@@ -44,7 +44,8 @@ commonpth_libs = ../$(libcommonpth)
+ gpgscm_CFLAGS = -imacros scheme-config.h \
+ $(LIBGCRYPT_CFLAGS) $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS)
+ gpgscm_SOURCES = main.c private.h ffi.c ffi.h ffi-private.h \
+- scheme-config.h opdefines.h scheme.c scheme.h scheme-private.h
++ scheme-config.h scheme.c scheme.h scheme-private.h \
++ opdefines.h small-integers.h
+ gpgscm_LDADD = $(LDADD) $(common_libs) \
+ $(NETLIBS) $(LIBICONV) $(LIBREADLINE) $(LIBINTL) \
+ $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS)
+diff --git a/tests/gpgscm/scheme-private.h b/tests/gpgscm/scheme-private.h
+index 69b78f2..abe65e7 100644
+--- a/tests/gpgscm/scheme-private.h
++++ b/tests/gpgscm/scheme-private.h
+@@ -45,11 +45,11 @@ typedef struct port {
+ struct cell {
+ uintptr_t _flag;
+ union {
++ num _number;
+ struct {
+ char *_svalue;
+ int _length;
+ } _string;
+- num _number;
+ port *_port;
+ foreign_func _ff;
+ struct {
+@@ -152,11 +152,6 @@ pointer SHARP_HOOK; /* *sharp-hook* */
+ pointer COMPILE_HOOK; /* *compile-hook* */
+ #endif
+
+-#if USE_SMALL_INTEGERS
+-/* A fixed allocation of small integers. */
+-struct cell_segment *integer_segment;
+-#endif
+-
+ pointer free_cell; /* pointer to top of free cells */
+ long fcells; /* # of free cells */
+ size_t inhibit_gc; /* nesting of gc_disable */
+diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c
+index c37b568..e04394d 100644
+--- a/tests/gpgscm/scheme.c
++++ b/tests/gpgscm/scheme.c
+@@ -1312,31 +1312,22 @@ INTERFACE pointer mk_character(scheme *sc, int c) {
+
+ /* s_save assumes that all opcodes can be expressed as a small
+ * integer. */
+-#define MAX_SMALL_INTEGER OP_MAXDEFINED
+-
+-static int
+-initialize_small_integers(scheme *sc)
+-{
+- int i;
+- if (_alloc_cellseg(sc, MAX_SMALL_INTEGER, &sc->integer_segment))
+- return 1;
+-
+- for (i = 0; i < MAX_SMALL_INTEGER; i++) {
+- pointer x = &sc->integer_segment->cells[i];
+- typeflag(x) = T_NUMBER | T_ATOM | MARK;
+- ivalue_unchecked(x) = i;
+- set_num_integer(x);
+- }
++static const struct cell small_integers[] = {
++#define DEFINE_INTEGER(n) { T_NUMBER | T_ATOM | MARK, {{ 1, {n}}}},
++#include "small-integers.h"
++#undef DEFINE_INTEGER
++ {0}
++};
+
+- return 0;
+-}
++#define MAX_SMALL_INTEGER (sizeof small_integers / sizeof *small_integers - 1)
+
+ static INLINE pointer
+ mk_small_integer(scheme *sc, long n)
+ {
+ #define mk_small_integer_allocates 0
++ (void) sc;
+ assert(0 <= n && n < MAX_SMALL_INTEGER);
+- return &sc->integer_segment->cells[n];
++ return (pointer) &small_integers[n];
+ }
+ #else
+
+@@ -1644,7 +1635,8 @@ static void mark(pointer a) {
+
+ t = (pointer) 0;
+ p = a;
+-E2: setmark(p);
++E2: if (! is_mark(p))
++ setmark(p);
+ if(is_vector(p)) {
+ int i;
+ for (i = 0; i < vector_length(p); i++) {
+@@ -5629,13 +5621,6 @@ int scheme_init_custom_alloc(scheme *sc, func_alloc malloc, func_dealloc free) {
+ sc->F = &sc->_HASHF;
+ sc->EOF_OBJ=&sc->_EOF_OBJ;
+
+-#if USE_SMALL_INTEGERS
+- if (initialize_small_integers(sc)) {
+- sc->no_memory=1;
+- return 0;
+- }
+-#endif
+-
+ sc->free_cell = &sc->_NIL;
+ sc->fcells = 0;
+ sc->inhibit_gc = GC_ENABLED;
+@@ -5789,10 +5774,6 @@ void scheme_deinit(scheme *sc) {
+ sc->gc_verbose=0;
+ gc(sc,sc->NIL,sc->NIL);
+
+-#if USE_SMALL_INTEGERS
+- _dealloc_cellseg(sc, sc->integer_segment);
+-#endif
+-
+ for (s = sc->cell_segments; s; s = _dealloc_cellseg(sc, s)) {
+ /* nop */
+ }
+diff --git a/tests/gpgscm/small-integers.h b/tests/gpgscm/small-integers.h
+new file mode 100644
+index 0000000..46eda34
+--- /dev/null
++++ b/tests/gpgscm/small-integers.h
+@@ -0,0 +1,847 @@
++/* Constant integer objects for TinySCHEME.
++ *
++ * Copyright (C) 2017 g10 code GmbH
++ *
++ * This file is part of GnuPG.
++ *
++ * GnuPG is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 3 of the License, or
++ * (at your option) any later version.
++ *
++ * GnuPG is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, see <https://www.gnu.org/licenses/>.
++ */
++
++/*
++ * Ohne Worte. Generated using:
++ *
++ * $ n=0; while read line ; do \
++ * echo "DEFINE_INTEGER($n)" ; \
++ * n="$(expr $n + 1)" ; \
++ * done <./init.scm >> small-integers.h
++ */
++
++DEFINE_INTEGER(0)
++DEFINE_INTEGER(1)
++DEFINE_INTEGER(2)
++DEFINE_INTEGER(3)
++DEFINE_INTEGER(4)
++DEFINE_INTEGER(5)
++DEFINE_INTEGER(6)
++DEFINE_INTEGER(7)
++DEFINE_INTEGER(8)
++DEFINE_INTEGER(9)
++DEFINE_INTEGER(10)
++DEFINE_INTEGER(11)
++DEFINE_INTEGER(12)
++DEFINE_INTEGER(13)
++DEFINE_INTEGER(14)
++DEFINE_INTEGER(15)
++DEFINE_INTEGER(16)
++DEFINE_INTEGER(17)
++DEFINE_INTEGER(18)
++DEFINE_INTEGER(19)
++DEFINE_INTEGER(20)
++DEFINE_INTEGER(21)
++DEFINE_INTEGER(22)
++DEFINE_INTEGER(23)
++DEFINE_INTEGER(24)
++DEFINE_INTEGER(25)
++DEFINE_INTEGER(26)
++DEFINE_INTEGER(27)
++DEFINE_INTEGER(28)
++DEFINE_INTEGER(29)
++DEFINE_INTEGER(30)
++DEFINE_INTEGER(31)
++DEFINE_INTEGER(32)
++DEFINE_INTEGER(33)
++DEFINE_INTEGER(34)
++DEFINE_INTEGER(35)
++DEFINE_INTEGER(36)
++DEFINE_INTEGER(37)
++DEFINE_INTEGER(38)
++DEFINE_INTEGER(39)
++DEFINE_INTEGER(40)
++DEFINE_INTEGER(41)
++DEFINE_INTEGER(42)
++DEFINE_INTEGER(43)
++DEFINE_INTEGER(44)
++DEFINE_INTEGER(45)
++DEFINE_INTEGER(46)
++DEFINE_INTEGER(47)
++DEFINE_INTEGER(48)
++DEFINE_INTEGER(49)
++DEFINE_INTEGER(50)
++DEFINE_INTEGER(51)
++DEFINE_INTEGER(52)
++DEFINE_INTEGER(53)
++DEFINE_INTEGER(54)
++DEFINE_INTEGER(55)
++DEFINE_INTEGER(56)
++DEFINE_INTEGER(57)
++DEFINE_INTEGER(58)
++DEFINE_INTEGER(59)
++DEFINE_INTEGER(60)
++DEFINE_INTEGER(61)
++DEFINE_INTEGER(62)
++DEFINE_INTEGER(63)
++DEFINE_INTEGER(64)
++DEFINE_INTEGER(65)
++DEFINE_INTEGER(66)
++DEFINE_INTEGER(67)
++DEFINE_INTEGER(68)
++DEFINE_INTEGER(69)
++DEFINE_INTEGER(70)
++DEFINE_INTEGER(71)
++DEFINE_INTEGER(72)
++DEFINE_INTEGER(73)
++DEFINE_INTEGER(74)
++DEFINE_INTEGER(75)
++DEFINE_INTEGER(76)
++DEFINE_INTEGER(77)
++DEFINE_INTEGER(78)
++DEFINE_INTEGER(79)
++DEFINE_INTEGER(80)
++DEFINE_INTEGER(81)
++DEFINE_INTEGER(82)
++DEFINE_INTEGER(83)
++DEFINE_INTEGER(84)
++DEFINE_INTEGER(85)
++DEFINE_INTEGER(86)
++DEFINE_INTEGER(87)
++DEFINE_INTEGER(88)
++DEFINE_INTEGER(89)
++DEFINE_INTEGER(90)
++DEFINE_INTEGER(91)
++DEFINE_INTEGER(92)
++DEFINE_INTEGER(93)
++DEFINE_INTEGER(94)
++DEFINE_INTEGER(95)
++DEFINE_INTEGER(96)
++DEFINE_INTEGER(97)
++DEFINE_INTEGER(98)
++DEFINE_INTEGER(99)
++DEFINE_INTEGER(100)
++DEFINE_INTEGER(101)
++DEFINE_INTEGER(102)
++DEFINE_INTEGER(103)
++DEFINE_INTEGER(104)
++DEFINE_INTEGER(105)
++DEFINE_INTEGER(106)
++DEFINE_INTEGER(107)
++DEFINE_INTEGER(108)
++DEFINE_INTEGER(109)
++DEFINE_INTEGER(110)
++DEFINE_INTEGER(111)
++DEFINE_INTEGER(112)
++DEFINE_INTEGER(113)
++DEFINE_INTEGER(114)
++DEFINE_INTEGER(115)
++DEFINE_INTEGER(116)
++DEFINE_INTEGER(117)
++DEFINE_INTEGER(118)
++DEFINE_INTEGER(119)
++DEFINE_INTEGER(120)
++DEFINE_INTEGER(121)
++DEFINE_INTEGER(122)
++DEFINE_INTEGER(123)
++DEFINE_INTEGER(124)
++DEFINE_INTEGER(125)
++DEFINE_INTEGER(126)
++DEFINE_INTEGER(127)
++DEFINE_INTEGER(128)
++DEFINE_INTEGER(129)
++DEFINE_INTEGER(130)
++DEFINE_INTEGER(131)
++DEFINE_INTEGER(132)
++DEFINE_INTEGER(133)
++DEFINE_INTEGER(134)
++DEFINE_INTEGER(135)
++DEFINE_INTEGER(136)
++DEFINE_INTEGER(137)
++DEFINE_INTEGER(138)
++DEFINE_INTEGER(139)
++DEFINE_INTEGER(140)
++DEFINE_INTEGER(141)
++DEFINE_INTEGER(142)
++DEFINE_INTEGER(143)
++DEFINE_INTEGER(144)
++DEFINE_INTEGER(145)
++DEFINE_INTEGER(146)
++DEFINE_INTEGER(147)
++DEFINE_INTEGER(148)
++DEFINE_INTEGER(149)
++DEFINE_INTEGER(150)
++DEFINE_INTEGER(151)
++DEFINE_INTEGER(152)
++DEFINE_INTEGER(153)
++DEFINE_INTEGER(154)
++DEFINE_INTEGER(155)
++DEFINE_INTEGER(156)
++DEFINE_INTEGER(157)
++DEFINE_INTEGER(158)
++DEFINE_INTEGER(159)
++DEFINE_INTEGER(160)
++DEFINE_INTEGER(161)
++DEFINE_INTEGER(162)
++DEFINE_INTEGER(163)
++DEFINE_INTEGER(164)
++DEFINE_INTEGER(165)
++DEFINE_INTEGER(166)
++DEFINE_INTEGER(167)
++DEFINE_INTEGER(168)
++DEFINE_INTEGER(169)
++DEFINE_INTEGER(170)
++DEFINE_INTEGER(171)
++DEFINE_INTEGER(172)
++DEFINE_INTEGER(173)
++DEFINE_INTEGER(174)
++DEFINE_INTEGER(175)
++DEFINE_INTEGER(176)
++DEFINE_INTEGER(177)
++DEFINE_INTEGER(178)
++DEFINE_INTEGER(179)
++DEFINE_INTEGER(180)
++DEFINE_INTEGER(181)
++DEFINE_INTEGER(182)
++DEFINE_INTEGER(183)
++DEFINE_INTEGER(184)
++DEFINE_INTEGER(185)
++DEFINE_INTEGER(186)
++DEFINE_INTEGER(187)
++DEFINE_INTEGER(188)
++DEFINE_INTEGER(189)
++DEFINE_INTEGER(190)
++DEFINE_INTEGER(191)
++DEFINE_INTEGER(192)
++DEFINE_INTEGER(193)
++DEFINE_INTEGER(194)
++DEFINE_INTEGER(195)
++DEFINE_INTEGER(196)
++DEFINE_INTEGER(197)
++DEFINE_INTEGER(198)
++DEFINE_INTEGER(199)
++DEFINE_INTEGER(200)
++DEFINE_INTEGER(201)
++DEFINE_INTEGER(202)
++DEFINE_INTEGER(203)
++DEFINE_INTEGER(204)
++DEFINE_INTEGER(205)
++DEFINE_INTEGER(206)
++DEFINE_INTEGER(207)
++DEFINE_INTEGER(208)
++DEFINE_INTEGER(209)
++DEFINE_INTEGER(210)
++DEFINE_INTEGER(211)
++DEFINE_INTEGER(212)
++DEFINE_INTEGER(213)
++DEFINE_INTEGER(214)
++DEFINE_INTEGER(215)
++DEFINE_INTEGER(216)
++DEFINE_INTEGER(217)
++DEFINE_INTEGER(218)
++DEFINE_INTEGER(219)
++DEFINE_INTEGER(220)
++DEFINE_INTEGER(221)
++DEFINE_INTEGER(222)
++DEFINE_INTEGER(223)
++DEFINE_INTEGER(224)
++DEFINE_INTEGER(225)
++DEFINE_INTEGER(226)
++DEFINE_INTEGER(227)
++DEFINE_INTEGER(228)
++DEFINE_INTEGER(229)
++DEFINE_INTEGER(230)
++DEFINE_INTEGER(231)
++DEFINE_INTEGER(232)
++DEFINE_INTEGER(233)
++DEFINE_INTEGER(234)
++DEFINE_INTEGER(235)
++DEFINE_INTEGER(236)
++DEFINE_INTEGER(237)
++DEFINE_INTEGER(238)
++DEFINE_INTEGER(239)
++DEFINE_INTEGER(240)
++DEFINE_INTEGER(241)
++DEFINE_INTEGER(242)
++DEFINE_INTEGER(243)
++DEFINE_INTEGER(244)
++DEFINE_INTEGER(245)
++DEFINE_INTEGER(246)
++DEFINE_INTEGER(247)
++DEFINE_INTEGER(248)
++DEFINE_INTEGER(249)
++DEFINE_INTEGER(250)
++DEFINE_INTEGER(251)
++DEFINE_INTEGER(252)
++DEFINE_INTEGER(253)
++DEFINE_INTEGER(254)
++DEFINE_INTEGER(255)
++DEFINE_INTEGER(256)
++DEFINE_INTEGER(257)
++DEFINE_INTEGER(258)
++DEFINE_INTEGER(259)
++DEFINE_INTEGER(260)
++DEFINE_INTEGER(261)
++DEFINE_INTEGER(262)
++DEFINE_INTEGER(263)
++DEFINE_INTEGER(264)
++DEFINE_INTEGER(265)
++DEFINE_INTEGER(266)
++DEFINE_INTEGER(267)
++DEFINE_INTEGER(268)
++DEFINE_INTEGER(269)
++DEFINE_INTEGER(270)
++DEFINE_INTEGER(271)
++DEFINE_INTEGER(272)
++DEFINE_INTEGER(273)
++DEFINE_INTEGER(274)
++DEFINE_INTEGER(275)
++DEFINE_INTEGER(276)
++DEFINE_INTEGER(277)
++DEFINE_INTEGER(278)
++DEFINE_INTEGER(279)
++DEFINE_INTEGER(280)
++DEFINE_INTEGER(281)
++DEFINE_INTEGER(282)
++DEFINE_INTEGER(283)
++DEFINE_INTEGER(284)
++DEFINE_INTEGER(285)
++DEFINE_INTEGER(286)
++DEFINE_INTEGER(287)
++DEFINE_INTEGER(288)
++DEFINE_INTEGER(289)
++DEFINE_INTEGER(290)
++DEFINE_INTEGER(291)
++DEFINE_INTEGER(292)
++DEFINE_INTEGER(293)
++DEFINE_INTEGER(294)
++DEFINE_INTEGER(295)
++DEFINE_INTEGER(296)
++DEFINE_INTEGER(297)
++DEFINE_INTEGER(298)
++DEFINE_INTEGER(299)
++DEFINE_INTEGER(300)
++DEFINE_INTEGER(301)
++DEFINE_INTEGER(302)
++DEFINE_INTEGER(303)
++DEFINE_INTEGER(304)
++DEFINE_INTEGER(305)
++DEFINE_INTEGER(306)
++DEFINE_INTEGER(307)
++DEFINE_INTEGER(308)
++DEFINE_INTEGER(309)
++DEFINE_INTEGER(310)
++DEFINE_INTEGER(311)
++DEFINE_INTEGER(312)
++DEFINE_INTEGER(313)
++DEFINE_INTEGER(314)
++DEFINE_INTEGER(315)
++DEFINE_INTEGER(316)
++DEFINE_INTEGER(317)
++DEFINE_INTEGER(318)
++DEFINE_INTEGER(319)
++DEFINE_INTEGER(320)
++DEFINE_INTEGER(321)
++DEFINE_INTEGER(322)
++DEFINE_INTEGER(323)
++DEFINE_INTEGER(324)
++DEFINE_INTEGER(325)
++DEFINE_INTEGER(326)
++DEFINE_INTEGER(327)
++DEFINE_INTEGER(328)
++DEFINE_INTEGER(329)
++DEFINE_INTEGER(330)
++DEFINE_INTEGER(331)
++DEFINE_INTEGER(332)
++DEFINE_INTEGER(333)
++DEFINE_INTEGER(334)
++DEFINE_INTEGER(335)
++DEFINE_INTEGER(336)
++DEFINE_INTEGER(337)
++DEFINE_INTEGER(338)
++DEFINE_INTEGER(339)
++DEFINE_INTEGER(340)
++DEFINE_INTEGER(341)
++DEFINE_INTEGER(342)
++DEFINE_INTEGER(343)
++DEFINE_INTEGER(344)
++DEFINE_INTEGER(345)
++DEFINE_INTEGER(346)
++DEFINE_INTEGER(347)
++DEFINE_INTEGER(348)
++DEFINE_INTEGER(349)
++DEFINE_INTEGER(350)
++DEFINE_INTEGER(351)
++DEFINE_INTEGER(352)
++DEFINE_INTEGER(353)
++DEFINE_INTEGER(354)
++DEFINE_INTEGER(355)
++DEFINE_INTEGER(356)
++DEFINE_INTEGER(357)
++DEFINE_INTEGER(358)
++DEFINE_INTEGER(359)
++DEFINE_INTEGER(360)
++DEFINE_INTEGER(361)
++DEFINE_INTEGER(362)
++DEFINE_INTEGER(363)
++DEFINE_INTEGER(364)
++DEFINE_INTEGER(365)
++DEFINE_INTEGER(366)
++DEFINE_INTEGER(367)
++DEFINE_INTEGER(368)
++DEFINE_INTEGER(369)
++DEFINE_INTEGER(370)
++DEFINE_INTEGER(371)
++DEFINE_INTEGER(372)
++DEFINE_INTEGER(373)
++DEFINE_INTEGER(374)
++DEFINE_INTEGER(375)
++DEFINE_INTEGER(376)
++DEFINE_INTEGER(377)
++DEFINE_INTEGER(378)
++DEFINE_INTEGER(379)
++DEFINE_INTEGER(380)
++DEFINE_INTEGER(381)
++DEFINE_INTEGER(382)
++DEFINE_INTEGER(383)
++DEFINE_INTEGER(384)
++DEFINE_INTEGER(385)
++DEFINE_INTEGER(386)
++DEFINE_INTEGER(387)
++DEFINE_INTEGER(388)
++DEFINE_INTEGER(389)
++DEFINE_INTEGER(390)
++DEFINE_INTEGER(391)
++DEFINE_INTEGER(392)
++DEFINE_INTEGER(393)
++DEFINE_INTEGER(394)
++DEFINE_INTEGER(395)
++DEFINE_INTEGER(396)
++DEFINE_INTEGER(397)
++DEFINE_INTEGER(398)
++DEFINE_INTEGER(399)
++DEFINE_INTEGER(400)
++DEFINE_INTEGER(401)
++DEFINE_INTEGER(402)
++DEFINE_INTEGER(403)
++DEFINE_INTEGER(404)
++DEFINE_INTEGER(405)
++DEFINE_INTEGER(406)
++DEFINE_INTEGER(407)
++DEFINE_INTEGER(408)
++DEFINE_INTEGER(409)
++DEFINE_INTEGER(410)
++DEFINE_INTEGER(411)
++DEFINE_INTEGER(412)
++DEFINE_INTEGER(413)
++DEFINE_INTEGER(414)
++DEFINE_INTEGER(415)
++DEFINE_INTEGER(416)
++DEFINE_INTEGER(417)
++DEFINE_INTEGER(418)
++DEFINE_INTEGER(419)
++DEFINE_INTEGER(420)
++DEFINE_INTEGER(421)
++DEFINE_INTEGER(422)
++DEFINE_INTEGER(423)
++DEFINE_INTEGER(424)
++DEFINE_INTEGER(425)
++DEFINE_INTEGER(426)
++DEFINE_INTEGER(427)
++DEFINE_INTEGER(428)
++DEFINE_INTEGER(429)
++DEFINE_INTEGER(430)
++DEFINE_INTEGER(431)
++DEFINE_INTEGER(432)
++DEFINE_INTEGER(433)
++DEFINE_INTEGER(434)
++DEFINE_INTEGER(435)
++DEFINE_INTEGER(436)
++DEFINE_INTEGER(437)
++DEFINE_INTEGER(438)
++DEFINE_INTEGER(439)
++DEFINE_INTEGER(440)
++DEFINE_INTEGER(441)
++DEFINE_INTEGER(442)
++DEFINE_INTEGER(443)
++DEFINE_INTEGER(444)
++DEFINE_INTEGER(445)
++DEFINE_INTEGER(446)
++DEFINE_INTEGER(447)
++DEFINE_INTEGER(448)
++DEFINE_INTEGER(449)
++DEFINE_INTEGER(450)
++DEFINE_INTEGER(451)
++DEFINE_INTEGER(452)
++DEFINE_INTEGER(453)
++DEFINE_INTEGER(454)
++DEFINE_INTEGER(455)
++DEFINE_INTEGER(456)
++DEFINE_INTEGER(457)
++DEFINE_INTEGER(458)
++DEFINE_INTEGER(459)
++DEFINE_INTEGER(460)
++DEFINE_INTEGER(461)
++DEFINE_INTEGER(462)
++DEFINE_INTEGER(463)
++DEFINE_INTEGER(464)
++DEFINE_INTEGER(465)
++DEFINE_INTEGER(466)
++DEFINE_INTEGER(467)
++DEFINE_INTEGER(468)
++DEFINE_INTEGER(469)
++DEFINE_INTEGER(470)
++DEFINE_INTEGER(471)
++DEFINE_INTEGER(472)
++DEFINE_INTEGER(473)
++DEFINE_INTEGER(474)
++DEFINE_INTEGER(475)
++DEFINE_INTEGER(476)
++DEFINE_INTEGER(477)
++DEFINE_INTEGER(478)
++DEFINE_INTEGER(479)
++DEFINE_INTEGER(480)
++DEFINE_INTEGER(481)
++DEFINE_INTEGER(482)
++DEFINE_INTEGER(483)
++DEFINE_INTEGER(484)
++DEFINE_INTEGER(485)
++DEFINE_INTEGER(486)
++DEFINE_INTEGER(487)
++DEFINE_INTEGER(488)
++DEFINE_INTEGER(489)
++DEFINE_INTEGER(490)
++DEFINE_INTEGER(491)
++DEFINE_INTEGER(492)
++DEFINE_INTEGER(493)
++DEFINE_INTEGER(494)
++DEFINE_INTEGER(495)
++DEFINE_INTEGER(496)
++DEFINE_INTEGER(497)
++DEFINE_INTEGER(498)
++DEFINE_INTEGER(499)
++DEFINE_INTEGER(500)
++DEFINE_INTEGER(501)
++DEFINE_INTEGER(502)
++DEFINE_INTEGER(503)
++DEFINE_INTEGER(504)
++DEFINE_INTEGER(505)
++DEFINE_INTEGER(506)
++DEFINE_INTEGER(507)
++DEFINE_INTEGER(508)
++DEFINE_INTEGER(509)
++DEFINE_INTEGER(510)
++DEFINE_INTEGER(511)
++DEFINE_INTEGER(512)
++DEFINE_INTEGER(513)
++DEFINE_INTEGER(514)
++DEFINE_INTEGER(515)
++DEFINE_INTEGER(516)
++DEFINE_INTEGER(517)
++DEFINE_INTEGER(518)
++DEFINE_INTEGER(519)
++DEFINE_INTEGER(520)
++DEFINE_INTEGER(521)
++DEFINE_INTEGER(522)
++DEFINE_INTEGER(523)
++DEFINE_INTEGER(524)
++DEFINE_INTEGER(525)
++DEFINE_INTEGER(526)
++DEFINE_INTEGER(527)
++DEFINE_INTEGER(528)
++DEFINE_INTEGER(529)
++DEFINE_INTEGER(530)
++DEFINE_INTEGER(531)
++DEFINE_INTEGER(532)
++DEFINE_INTEGER(533)
++DEFINE_INTEGER(534)
++DEFINE_INTEGER(535)
++DEFINE_INTEGER(536)
++DEFINE_INTEGER(537)
++DEFINE_INTEGER(538)
++DEFINE_INTEGER(539)
++DEFINE_INTEGER(540)
++DEFINE_INTEGER(541)
++DEFINE_INTEGER(542)
++DEFINE_INTEGER(543)
++DEFINE_INTEGER(544)
++DEFINE_INTEGER(545)
++DEFINE_INTEGER(546)
++DEFINE_INTEGER(547)
++DEFINE_INTEGER(548)
++DEFINE_INTEGER(549)
++DEFINE_INTEGER(550)
++DEFINE_INTEGER(551)
++DEFINE_INTEGER(552)
++DEFINE_INTEGER(553)
++DEFINE_INTEGER(554)
++DEFINE_INTEGER(555)
++DEFINE_INTEGER(556)
++DEFINE_INTEGER(557)
++DEFINE_INTEGER(558)
++DEFINE_INTEGER(559)
++DEFINE_INTEGER(560)
++DEFINE_INTEGER(561)
++DEFINE_INTEGER(562)
++DEFINE_INTEGER(563)
++DEFINE_INTEGER(564)
++DEFINE_INTEGER(565)
++DEFINE_INTEGER(566)
++DEFINE_INTEGER(567)
++DEFINE_INTEGER(568)
++DEFINE_INTEGER(569)
++DEFINE_INTEGER(570)
++DEFINE_INTEGER(571)
++DEFINE_INTEGER(572)
++DEFINE_INTEGER(573)
++DEFINE_INTEGER(574)
++DEFINE_INTEGER(575)
++DEFINE_INTEGER(576)
++DEFINE_INTEGER(577)
++DEFINE_INTEGER(578)
++DEFINE_INTEGER(579)
++DEFINE_INTEGER(580)
++DEFINE_INTEGER(581)
++DEFINE_INTEGER(582)
++DEFINE_INTEGER(583)
++DEFINE_INTEGER(584)
++DEFINE_INTEGER(585)
++DEFINE_INTEGER(586)
++DEFINE_INTEGER(587)
++DEFINE_INTEGER(588)
++DEFINE_INTEGER(589)
++DEFINE_INTEGER(590)
++DEFINE_INTEGER(591)
++DEFINE_INTEGER(592)
++DEFINE_INTEGER(593)
++DEFINE_INTEGER(594)
++DEFINE_INTEGER(595)
++DEFINE_INTEGER(596)
++DEFINE_INTEGER(597)
++DEFINE_INTEGER(598)
++DEFINE_INTEGER(599)
++DEFINE_INTEGER(600)
++DEFINE_INTEGER(601)
++DEFINE_INTEGER(602)
++DEFINE_INTEGER(603)
++DEFINE_INTEGER(604)
++DEFINE_INTEGER(605)
++DEFINE_INTEGER(606)
++DEFINE_INTEGER(607)
++DEFINE_INTEGER(608)
++DEFINE_INTEGER(609)
++DEFINE_INTEGER(610)
++DEFINE_INTEGER(611)
++DEFINE_INTEGER(612)
++DEFINE_INTEGER(613)
++DEFINE_INTEGER(614)
++DEFINE_INTEGER(615)
++DEFINE_INTEGER(616)
++DEFINE_INTEGER(617)
++DEFINE_INTEGER(618)
++DEFINE_INTEGER(619)
++DEFINE_INTEGER(620)
++DEFINE_INTEGER(621)
++DEFINE_INTEGER(622)
++DEFINE_INTEGER(623)
++DEFINE_INTEGER(624)
++DEFINE_INTEGER(625)
++DEFINE_INTEGER(626)
++DEFINE_INTEGER(627)
++DEFINE_INTEGER(628)
++DEFINE_INTEGER(629)
++DEFINE_INTEGER(630)
++DEFINE_INTEGER(631)
++DEFINE_INTEGER(632)
++DEFINE_INTEGER(633)
++DEFINE_INTEGER(634)
++DEFINE_INTEGER(635)
++DEFINE_INTEGER(636)
++DEFINE_INTEGER(637)
++DEFINE_INTEGER(638)
++DEFINE_INTEGER(639)
++DEFINE_INTEGER(640)
++DEFINE_INTEGER(641)
++DEFINE_INTEGER(642)
++DEFINE_INTEGER(643)
++DEFINE_INTEGER(644)
++DEFINE_INTEGER(645)
++DEFINE_INTEGER(646)
++DEFINE_INTEGER(647)
++DEFINE_INTEGER(648)
++DEFINE_INTEGER(649)
++DEFINE_INTEGER(650)
++DEFINE_INTEGER(651)
++DEFINE_INTEGER(652)
++DEFINE_INTEGER(653)
++DEFINE_INTEGER(654)
++DEFINE_INTEGER(655)
++DEFINE_INTEGER(656)
++DEFINE_INTEGER(657)
++DEFINE_INTEGER(658)
++DEFINE_INTEGER(659)
++DEFINE_INTEGER(660)
++DEFINE_INTEGER(661)
++DEFINE_INTEGER(662)
++DEFINE_INTEGER(663)
++DEFINE_INTEGER(664)
++DEFINE_INTEGER(665)
++DEFINE_INTEGER(666)
++DEFINE_INTEGER(667)
++DEFINE_INTEGER(668)
++DEFINE_INTEGER(669)
++DEFINE_INTEGER(670)
++DEFINE_INTEGER(671)
++DEFINE_INTEGER(672)
++DEFINE_INTEGER(673)
++DEFINE_INTEGER(674)
++DEFINE_INTEGER(675)
++DEFINE_INTEGER(676)
++DEFINE_INTEGER(677)
++DEFINE_INTEGER(678)
++DEFINE_INTEGER(679)
++DEFINE_INTEGER(680)
++DEFINE_INTEGER(681)
++DEFINE_INTEGER(682)
++DEFINE_INTEGER(683)
++DEFINE_INTEGER(684)
++DEFINE_INTEGER(685)
++DEFINE_INTEGER(686)
++DEFINE_INTEGER(687)
++DEFINE_INTEGER(688)
++DEFINE_INTEGER(689)
++DEFINE_INTEGER(690)
++DEFINE_INTEGER(691)
++DEFINE_INTEGER(692)
++DEFINE_INTEGER(693)
++DEFINE_INTEGER(694)
++DEFINE_INTEGER(695)
++DEFINE_INTEGER(696)
++DEFINE_INTEGER(697)
++DEFINE_INTEGER(698)
++DEFINE_INTEGER(699)
++DEFINE_INTEGER(700)
++DEFINE_INTEGER(701)
++DEFINE_INTEGER(702)
++DEFINE_INTEGER(703)
++DEFINE_INTEGER(704)
++DEFINE_INTEGER(705)
++DEFINE_INTEGER(706)
++DEFINE_INTEGER(707)
++DEFINE_INTEGER(708)
++DEFINE_INTEGER(709)
++DEFINE_INTEGER(710)
++DEFINE_INTEGER(711)
++DEFINE_INTEGER(712)
++DEFINE_INTEGER(713)
++DEFINE_INTEGER(714)
++DEFINE_INTEGER(715)
++DEFINE_INTEGER(716)
++DEFINE_INTEGER(717)
++DEFINE_INTEGER(718)
++DEFINE_INTEGER(719)
++DEFINE_INTEGER(720)
++DEFINE_INTEGER(721)
++DEFINE_INTEGER(722)
++DEFINE_INTEGER(723)
++DEFINE_INTEGER(724)
++DEFINE_INTEGER(725)
++DEFINE_INTEGER(726)
++DEFINE_INTEGER(727)
++DEFINE_INTEGER(728)
++DEFINE_INTEGER(729)
++DEFINE_INTEGER(730)
++DEFINE_INTEGER(731)
++DEFINE_INTEGER(732)
++DEFINE_INTEGER(733)
++DEFINE_INTEGER(734)
++DEFINE_INTEGER(735)
++DEFINE_INTEGER(736)
++DEFINE_INTEGER(737)
++DEFINE_INTEGER(738)
++DEFINE_INTEGER(739)
++DEFINE_INTEGER(740)
++DEFINE_INTEGER(741)
++DEFINE_INTEGER(742)
++DEFINE_INTEGER(743)
++DEFINE_INTEGER(744)
++DEFINE_INTEGER(745)
++DEFINE_INTEGER(746)
++DEFINE_INTEGER(747)
++DEFINE_INTEGER(748)
++DEFINE_INTEGER(749)
++DEFINE_INTEGER(750)
++DEFINE_INTEGER(751)
++DEFINE_INTEGER(752)
++DEFINE_INTEGER(753)
++DEFINE_INTEGER(754)
++DEFINE_INTEGER(755)
++DEFINE_INTEGER(756)
++DEFINE_INTEGER(757)
++DEFINE_INTEGER(758)
++DEFINE_INTEGER(759)
++DEFINE_INTEGER(760)
++DEFINE_INTEGER(761)
++DEFINE_INTEGER(762)
++DEFINE_INTEGER(763)
++DEFINE_INTEGER(764)
++DEFINE_INTEGER(765)
++DEFINE_INTEGER(766)
++DEFINE_INTEGER(767)
++DEFINE_INTEGER(768)
++DEFINE_INTEGER(769)
++DEFINE_INTEGER(770)
++DEFINE_INTEGER(771)
++DEFINE_INTEGER(772)
++DEFINE_INTEGER(773)
++DEFINE_INTEGER(774)
++DEFINE_INTEGER(775)
++DEFINE_INTEGER(776)
++DEFINE_INTEGER(777)
++DEFINE_INTEGER(778)
++DEFINE_INTEGER(779)
++DEFINE_INTEGER(780)
++DEFINE_INTEGER(781)
++DEFINE_INTEGER(782)
++DEFINE_INTEGER(783)
++DEFINE_INTEGER(784)
++DEFINE_INTEGER(785)
++DEFINE_INTEGER(786)
++DEFINE_INTEGER(787)
++DEFINE_INTEGER(788)
++DEFINE_INTEGER(789)
++DEFINE_INTEGER(790)
++DEFINE_INTEGER(791)
++DEFINE_INTEGER(792)
++DEFINE_INTEGER(793)
++DEFINE_INTEGER(794)
++DEFINE_INTEGER(795)
++DEFINE_INTEGER(796)
++DEFINE_INTEGER(797)
++DEFINE_INTEGER(798)
++DEFINE_INTEGER(799)
++DEFINE_INTEGER(800)
++DEFINE_INTEGER(801)
++DEFINE_INTEGER(802)
++DEFINE_INTEGER(803)
++DEFINE_INTEGER(804)
++DEFINE_INTEGER(805)
++DEFINE_INTEGER(806)
++DEFINE_INTEGER(807)
++DEFINE_INTEGER(808)
++DEFINE_INTEGER(809)
++DEFINE_INTEGER(810)
++DEFINE_INTEGER(811)
++DEFINE_INTEGER(812)
++DEFINE_INTEGER(813)
++DEFINE_INTEGER(814)
++DEFINE_INTEGER(815)
++DEFINE_INTEGER(816)
++DEFINE_INTEGER(817)
diff --git a/debian/patches/series b/debian/patches/series
index f9ca2a8..30d8f0f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -18,3 +18,12 @@ gpg-agent-idling/0011-agent-Avoid-scheduled-checks-on-socket-when-inotify-.patch
0018-tests-Make-test-more-robust.patch
0019-gpgscm-Initialize-unused-slots-in-vectors.patch
0020-gpgscm-Avoid-mutating-integer.patch
+0021-agent-Serialize-access-to-passphrase-cache.patch
+0022-scd-Don-t-keep-CCID-reader-open-when-card-is-not-ava.patch
+0023-scd-Internal-CCID-reader-cleanup.patch
+0024-gpg-Fix-printing-of-offline-taken-subkey.patch
+0025-doc-Explain-the-in-a-key-listing.patch
+0026-gpgscm-Fix-compact-vector-encoding.patch
+0027-gpgscm-Remove-arbitrary-limit-on-number-of-cell-segm.patch
+0028-gpgscm-Make-global-data-constant-when-possible.patch
+0029-gpgscm-Allocate-small-integers-in-the-rodata-section.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list