[Pkg-gnupg-commit] [gnupg2] 181/185: drop upstream patches already applied
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Aug 7 11:55:40 UTC 2017
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch experimental
in repository gnupg2.
commit 085e1a4cecb9ab438412e9c2ef16bb863905e4ba
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Mon Aug 7 00:04:29 2017 -0400
drop upstream patches already applied
---
...gure-the-environments-to-use-scdaemon-fro.patch | 67 -----
...uppress-error-for-card-availability-check.patch | 84 ------
debian/patches/0015-g10-Fix-gpgcompose.c.patch | 28 --
...ests-Fix-agent-teardown-in-release-builds.patch | 41 ---
...-gpgscm-Fix-checking-for-opcode-arguments.patch | 30 --
.../0018-docs-Point-to-https-dev.gnupg.org.patch | 83 ------
debian/patches/0019-doc-Fix-spellings.patch | 32 ---
...ault-key-selection-for-signing-possibly-b.patch | 169 ------------
...t-Add-const-qualifier-for-read-only-table.patch | 115 --------
...ort-different-digest-algorithms-for-ssh-f.patch | 224 ---------------
...ectly-render-SHA256-based-ssh-fingerprint.patch | 303 ---------------------
...-both-ssh-fingerprints-to-sshcontrol-file.patch | 79 ------
...digest-algorithms-for-ssh-fingerprints-co.patch | 141 ----------
...init-libdns-resolver-on-towel-change-of-r.patch | 110 --------
...s-towel-should-better-detect-a-changed-re.patch | 47 ----
debian/patches/0028-agent-Fix-memory-leaks.patch | 96 -------
debian/patches/0029-gpg-Fix-typos.patch | 48 ----
.../0030-scd-Handle-a-failure-of-libusb_init.patch | 62 -----
...scd-Fix-error-code-on-failure-at-usb_init.patch | 25 --
.../0032-agent-Fix-error-from-do_encryption.patch | 86 ------
.../patches/0033-doc-Improve-documentation.patch | 26 --
debian/patches/0034-sm-Fix-typo.patch | 25 --
debian/patches/0035-sm-Simplify-code.patch | 35 ---
...ailure-exit-when-scdaemon-is-disabled-but.patch | 35 ---
debian/patches/0037-gpg-Remove-dead-code.patch | 39 ---
...gpg-Support-gpgcompose-encrypted-pop-help.patch | 57 ----
...039-gpg-Improve-some-output-of-gpgcompose.patch | 34 ---
...gcompose-help-output-to-stdout-not-stderr.patch | 62 -----
debian/patches/series | 28 --
29 files changed, 2211 deletions(-)
diff --git a/debian/patches/0013-tests-Configure-the-environments-to-use-scdaemon-fro.patch b/debian/patches/0013-tests-Configure-the-environments-to-use-scdaemon-fro.patch
deleted file mode 100644
index e00d751..0000000
--- a/debian/patches/0013-tests-Configure-the-environments-to-use-scdaemon-fro.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Tue, 16 May 2017 16:07:25 +0200
-Subject: tests: Configure the environments to use scdaemon from build tree.
-
-* tests/gpgme/gpgme-defs.scm: Use the scdaemon from the build tree
-when writing a 'gpg-agent.conf'.
-* tests/gpgsm/gpgsm-defs.scm: Likewise.
-* tests/openpgp/defs.scm: Likewise.
---
-
-As of 97a2394ecafaa6f58e4a1f70ecfd04408dc15606 gpg may query the
-scdaemon for a signing key to use. To make sure that the agent calls
-the right scdaemon, we provide the path explicitly in the
-'gpg-agent.conf' that is used in the tests, similar to what we do for
-the agent itself and the pinentry.
-
-GnuPG-bug-id: 3165
-Signed-off-by: Justus Winter <justus at g10code.com>
-(cherry picked from commit 386a7bbb245dd3ab7c4156a554adbe75d82bdf49)
----
- tests/gpgme/gpgme-defs.scm | 4 +++-
- tests/gpgsm/gpgsm-defs.scm | 4 +++-
- tests/openpgp/defs.scm | 1 +
- 3 files changed, 7 insertions(+), 2 deletions(-)
-
-diff --git a/tests/gpgme/gpgme-defs.scm b/tests/gpgme/gpgme-defs.scm
-index e24db25..0de589f 100644
---- a/tests/gpgme/gpgme-defs.scm
-+++ b/tests/gpgme/gpgme-defs.scm
-@@ -66,7 +66,9 @@
- (string-append "agent-program " (tool 'gpg-agent) "|--debug-quick-random\n"))
- (create-file
- "gpg-agent.conf"
-- (string-append "pinentry-program " (tool 'pinentry)))
-+ (string-append "pinentry-program " (tool 'pinentry))
-+ (string-append "scdaemon-program " (tool 'scdaemon))
-+ )
-
- (start-agent)
-
-diff --git a/tests/gpgsm/gpgsm-defs.scm b/tests/gpgsm/gpgsm-defs.scm
-index 711922a..d99d7da 100644
---- a/tests/gpgsm/gpgsm-defs.scm
-+++ b/tests/gpgsm/gpgsm-defs.scm
-@@ -66,7 +66,9 @@
- "disable-crl-checks"
- "faked-system-time 1008241200")
- (create-file "gpg-agent.conf"
-- (string-append "pinentry-program " (tool 'pinentry)))
-+ (string-append "pinentry-program " (tool 'pinentry))
-+ (string-append "scdaemon-program " (tool 'scdaemon))
-+ )
- (start-agent)
- (create-file
- "trustlist.txt"
-diff --git a/tests/openpgp/defs.scm b/tests/openpgp/defs.scm
-index 1531dc1..0cd45ad 100644
---- a/tests/openpgp/defs.scm
-+++ b/tests/openpgp/defs.scm
-@@ -349,6 +349,7 @@
- "no-grab"
- "enable-ssh-support"
- (string-append "pinentry-program " (tool 'pinentry))
-+ (string-append "scdaemon-program " (tool 'scdaemon))
- ))
-
- ;; Initialize the test environment, install appropriate configuration
diff --git a/debian/patches/0014-g10-Suppress-error-for-card-availability-check.patch b/debian/patches/0014-g10-Suppress-error-for-card-availability-check.patch
deleted file mode 100644
index 2d35546..0000000
--- a/debian/patches/0014-g10-Suppress-error-for-card-availability-check.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Wed, 17 May 2017 09:46:06 +0900
-Subject: g10: Suppress error for card availability check.
-
-* g10/call-agent.c (start_agent): Add semantics for card; Suppress
-error for card check.
-(warn_version_mismatch): Ignore an error for scdaemon.
-(agent_scd_serialno): Call start_agent with
-FLAG_FOR_CARD_SUPPRESS_ERRORS.
-
---
-
-GnuPG-bug-id: 3165
-Fixes-commit: 97a2394ecafaa6f58e4a1f70ecfd04408dc15606
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
-(cherry picked from commit a8dd96826f8484c0ae93c954035b95c2a75c80f2)
----
- g10/call-agent.c | 15 +++++++++------
- 1 file changed, 9 insertions(+), 6 deletions(-)
-
-diff --git a/g10/call-agent.c b/g10/call-agent.c
-index be8c33d..4698a25 100644
---- a/g10/call-agent.c
-+++ b/g10/call-agent.c
-@@ -184,7 +184,8 @@ default_inq_cb (void *opaque, const char *line)
-
-
- /* Print a warning if the server's version number is less than our
-- version number. Returns an error code on a connection problem. */
-+ version number. Returns an error code on a connection problem.
-+ Ignore an error for scdaemon (MODE==2). */
- static gpg_error_t
- warn_version_mismatch (assuan_context_t ctx, const char *servername, int mode)
- {
-@@ -193,7 +194,7 @@ warn_version_mismatch (assuan_context_t ctx, const char *servername, int mode)
- const char *myversion = strusage (13);
-
- err = get_assuan_server_version (ctx, mode, &serverversion);
-- if (err)
-+ if (err && mode != 2)
- log_error (_("error getting version from '%s': %s\n"),
- servername, gpg_strerror (err));
- else if (compare_version_strings (serverversion, myversion) < 0)
-@@ -217,10 +218,12 @@ warn_version_mismatch (assuan_context_t ctx, const char *servername, int mode)
- }
-
-
-+#define FLAG_FOR_CARD_SUPPRESS_ERRORS 2
-+
- /* Try to connect to the agent via socket or fork it off and work by
- pipes. Handle the server's initial greeting */
- static int
--start_agent (ctrl_t ctrl, int for_card)
-+start_agent (ctrl_t ctrl, int flag_for_card)
- {
- int rc;
-
-@@ -280,7 +283,7 @@ start_agent (ctrl_t ctrl, int for_card)
- }
- }
-
-- if (!rc && for_card && !did_early_card_test)
-+ if (!rc && flag_for_card && !did_early_card_test)
- {
- /* Request the serial number of the card for an early test. */
- struct agent_card_info_s info;
-@@ -292,7 +295,7 @@ start_agent (ctrl_t ctrl, int for_card)
- rc = assuan_transact (agent_ctx, "SCD SERIALNO openpgp",
- NULL, NULL, NULL, NULL,
- learn_status_cb, &info);
-- if (rc)
-+ if (rc && !(flag_for_card & FLAG_FOR_CARD_SUPPRESS_ERRORS))
- {
- switch (gpg_err_code (rc))
- {
-@@ -1023,7 +1026,7 @@ agent_scd_serialno (char **r_serialno, const char *demand)
- char *serialno = NULL;
- char line[ASSUAN_LINELENGTH];
-
-- err = start_agent (NULL, 1);
-+ err = start_agent (NULL, 1 | FLAG_FOR_CARD_SUPPRESS_ERRORS);
- if (err)
- return err;
-
diff --git a/debian/patches/0015-g10-Fix-gpgcompose.c.patch b/debian/patches/0015-g10-Fix-gpgcompose.c.patch
deleted file mode 100644
index 733e640..0000000
--- a/debian/patches/0015-g10-Fix-gpgcompose.c.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Wed, 17 May 2017 10:14:43 +0900
-Subject: g10: Fix gpgcompose.c.
-
-* g10/gpgcompose.c (show_help): Check return value.
-
---
-
-Fixes-commit: 00b7767bc6fe309aa20375c859ebf708cfc7b9ea
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
-(cherry picked from commit ae95a7f5335e605fcd71fbe4a18ed384c88d590a)
----
- g10/gpgcompose.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/g10/gpgcompose.c b/g10/gpgcompose.c
-index 4a2cb81..e541cfe 100644
---- a/g10/gpgcompose.c
-+++ b/g10/gpgcompose.c
-@@ -306,7 +306,7 @@ show_help (struct option options[])
- if (! option)
- space = 72;
- formatted = format_text (tmp, space, space + 4);
-- if (!format_text)
-+ if (!formatted)
- abort ();
-
- if (tmp != help)
diff --git a/debian/patches/0016-tests-Fix-agent-teardown-in-release-builds.patch b/debian/patches/0016-tests-Fix-agent-teardown-in-release-builds.patch
deleted file mode 100644
index 2d87f0a..0000000
--- a/debian/patches/0016-tests-Fix-agent-teardown-in-release-builds.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Wed, 17 May 2017 12:14:55 +0200
-Subject: tests: Fix agent teardown in release builds.
-
-* tests/openpgp/defs.scm (start-agent,stop-agent): Use gpg-conf which
-will properly use the '--build-prefix' argument to make gpgconf use
-tools from the build directory.
-
-GnuPG-bug-id: 3165
-Fixes-commit: 2c9d9ac55ea455a5ec26428989dced0311ed46cc
-Signed-off-by: Justus Winter <justus at g10code.com>
-(cherry picked from commit 0e1729bb993648deca84a2664ae78edc848d7003)
----
- tests/openpgp/defs.scm | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/tests/openpgp/defs.scm b/tests/openpgp/defs.scm
-index 0cd45ad..a61e6c3 100644
---- a/tests/openpgp/defs.scm
-+++ b/tests/openpgp/defs.scm
-@@ -448,7 +448,7 @@
- (with-home-directory gnupghome
- (stop-agent)))))
- (catch (log "Warning: Creating socket directory failed:" (car *error*))
-- (call-popen `(,(tool 'gpgconf) --create-socketdir) ""))
-+ (gpg-conf '--create-socketdir))
- (call-check `(,(tool 'gpg-connect-agent) --verbose
- ,(string-append "--agent-program=" (tool 'gpg-agent)
- "|--debug-quick-random")
-@@ -457,9 +457,9 @@
- ;; Stop the agent and other daemons and remove the socket dir.
- (define (stop-agent)
- (log "Stopping gpg-agent...")
-- (call-check `(,(tool 'gpgconf) --kill all))
-+ (gpg-conf '--kill 'all)
- (catch (log "Warning: Removing socket directory failed.")
-- (call-popen `(,(tool 'gpgconf) --remove-socketdir) "")))
-+ (gpg-conf '--remove-socketdir)))
-
-
- ;; end
diff --git a/debian/patches/0017-gpgscm-Fix-checking-for-opcode-arguments.patch b/debian/patches/0017-gpgscm-Fix-checking-for-opcode-arguments.patch
deleted file mode 100644
index 65fa2bc..0000000
--- a/debian/patches/0017-gpgscm-Fix-checking-for-opcode-arguments.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Wed, 17 May 2017 16:10:37 +0200
-Subject: gpgscm: Fix checking for opcode arguments.
-
-* tests/gpgscm/scheme.c (Eval_Cycle): Update 'pcd' after dispatching
-an instruction.
-
-Fixes-commit: 9c6407d17e0cb9f4a370b1b83e7816577ec7d29d
-Signed-off-by: Justus Winter <justus at g10code.com>
-(cherry picked from commit aae50e0b6a61549e226e0c7785260ad517f0ffff)
----
- tests/gpgscm/scheme.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c
-index 26bb5a5..593bc74 100644
---- a/tests/gpgscm/scheme.c
-+++ b/tests/gpgscm/scheme.c
-@@ -3451,9 +3451,10 @@ Eval_Cycle(scheme *sc, enum scheme_opcodes op) {
- double dd;
- #endif
- int (*comp_func)(num, num) = NULL;
-- const struct op_code_info *pcd = &dispatch_table[op];
-+ const struct op_code_info *pcd;
-
- dispatch:
-+ pcd = &dispatch_table[op];
- if (pcd->name[0] != 0) { /* if built-in function, check arguments */
- char msg[STRBUFFSIZE];
- if (! check_arguments (sc, pcd, msg, sizeof msg)) {
diff --git a/debian/patches/0018-docs-Point-to-https-dev.gnupg.org.patch b/debian/patches/0018-docs-Point-to-https-dev.gnupg.org.patch
deleted file mode 100644
index b55d26b..0000000
--- a/debian/patches/0018-docs-Point-to-https-dev.gnupg.org.patch
+++ /dev/null
@@ -1,83 +0,0 @@
-From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-Date: Thu, 18 May 2017 15:05:57 -0400
-Subject: docs: Point to https://dev.gnupg.org/ .
-
-Replace mentions of bugs.gnupg.org with https://dev.gnupg.org/. Since
-the project has transitioned to a better workflow for supporting
-contributions, we should ensure that our documentation points to the
-right place.
-
-Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-(cherry picked from commit 705da1eb23aef92c42d6d657b20a0984b104f72f)
----
- AUTHORS | 4 ++--
- README | 2 +-
- configure.ac | 2 +-
- doc/gpg.texi | 2 +-
- tests/fake-pinentries/README.txt | 2 +-
- 5 files changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/AUTHORS b/AUTHORS
-index ec4b742..fc2ee9b 100644
---- a/AUTHORS
-+++ b/AUTHORS
-@@ -1,8 +1,8 @@
- Program: GnuPG
- Homepage: https://www.gnupg.org
--Download: ftp://ftp.gnupg.org/gcrypt/gnupg/
-+Download: https://gnupg.org/ftp/gcrypt/gnupg/
- Repository: git://git.gnupg.org/gnupg.git
--Bug reports: https://bugs.gnupg.org
-+Bug reports: https://dev.gnupg.org
- Security related bug reports: <security at gnupg.org>
- Maintainer: Werner Koch <wk at gnupg.org>
- License: GPLv3+
-diff --git a/README b/README
-index 8be43d7..e0c5d71 100644
---- a/README
-+++ b/README
-@@ -227,7 +227,7 @@
- https://www.gnupg.org/documentation/mailing-lists.html for archives
- of the mailing lists.
-
-- Please direct bug reports to http://bugs.gnupg.org or post them
-+ Please direct bug reports to http://dev.gnupg.org or post them
- direct to the mailing list <gnupg-devel at gnupg.org>.
-
- Please direct questions about GnuPG to the users mailing list or one
-diff --git a/configure.ac b/configure.ac
-index 4e4272e..cdf3405 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -47,7 +47,7 @@ m4_define([mym4_version], m4_argn(4, mym4_verslist))
- m4_define([mym4_revision], m4_argn(7, mym4_verslist))
- m4_define([mym4_revision_dec], m4_argn(8, mym4_verslist))
- m4_esyscmd([echo ]mym4_version[>VERSION])
--AC_INIT([mym4_package],[mym4_version], [https://bugs.gnupg.org])
-+AC_INIT([mym4_package],[mym4_version], [https://dev.gnupg.org])
-
- NEED_GPG_ERROR_VERSION=1.24
-
-diff --git a/doc/gpg.texi b/doc/gpg.texi
-index 1a0ea55..fbe6367 100644
---- a/doc/gpg.texi
-+++ b/doc/gpg.texi
-@@ -3777,7 +3777,7 @@ may be recoverable from it later.
-
- Before you report a bug you should first search the mailing list
- archives for similar problems and second check whether such a bug has
--already been reported to our bug tracker at http://bugs.gnupg.org .
-+already been reported to our bug tracker at https://dev.gnupg.org .
-
- @c *******************************************
- @c *************** **************
-diff --git a/tests/fake-pinentries/README.txt b/tests/fake-pinentries/README.txt
-index 9272ae5..0654f56 100644
---- a/tests/fake-pinentries/README.txt
-+++ b/tests/fake-pinentries/README.txt
-@@ -35,4 +35,4 @@ Troubleshooting
-
- If you have any trouble with this technique, please drop a line to the
- GnuPG development mailing list <gnupg-devel at gnupg.org> or open a
--report on the GnuPG bug tracker at https://bugs.gnupg.org/gnupg
-+report on the GnuPG bug tracker at https://dev.gnupg.org/gnupg
diff --git a/debian/patches/0019-doc-Fix-spellings.patch b/debian/patches/0019-doc-Fix-spellings.patch
deleted file mode 100644
index ec98a8f..0000000
--- a/debian/patches/0019-doc-Fix-spellings.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-Date: Thu, 18 May 2017 16:34:37 -0400
-Subject: doc: Fix spellings.
-
-Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-(cherry picked from commit 3713f67026467f63f80649c92ac4cc7973589855)
----
- doc/gpg.texi | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/doc/gpg.texi b/doc/gpg.texi
-index fbe6367..c128254 100644
---- a/doc/gpg.texi
-+++ b/doc/gpg.texi
-@@ -301,7 +301,7 @@ and other programs.
- @itemx -K
- @opindex list-secret-keys
- List the specified secret keys. If no keys are specified, then all
--known secret keys are listed. A @code{#} after the intial tags
-+known secret keys are listed. A @code{#} after the initial tags
- @code{sec} or @code{ssb} means that the secret key or subkey is
- currently not usable. We also say that this key has been taken
- offline (for example, a primary key can be taken offline by exported
-@@ -1691,7 +1691,7 @@ Set what trust model GnuPG should follow. The models are:
- @item direct
- @opindex trust-model:direct
- Key validity is set directly by the user and not calculated via the
-- Web of Trust. This model is soley based on the key and does
-+ Web of Trust. This model is solely based on the key and does
- not distinguish user IDs. Note that when changing to another trust
- model the trust values assigned to a key are transformed into
- ownertrust values, which also indicate how you trust the owner of
diff --git a/debian/patches/0020-g10-Fix-default-key-selection-for-signing-possibly-b.patch b/debian/patches/0020-g10-Fix-default-key-selection-for-signing-possibly-b.patch
deleted file mode 100644
index 70a6c48..0000000
--- a/debian/patches/0020-g10-Fix-default-key-selection-for-signing-possibly-b.patch
+++ /dev/null
@@ -1,169 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Mon, 22 May 2017 09:27:36 +0900
-Subject: g10: Fix default-key selection for signing, possibly by card.
-
-* g10/call-agent.c (warn_version_mismatch): Revert.
-(start_agent): Suppress version mismatch if relevant.
-* g10/getkey.c (get_seckey_default_or_card): New.
-* g10/skclist.c (build_sk_list): Use get_seckey_default_or_card.
-
---
-
-The change of 97a2394, which prefers available card than default key
-specified is too strong.
-
-Fixes-commit: 97a2394ecafaa6f58e4a1f70ecfd04408dc15606
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
-(cherry picked from commit fbb2259d22e6c6eadc2af722bdc52922da348677)
----
- g10/call-agent.c | 8 ++++----
- g10/getkey.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
- g10/keydb.h | 2 ++
- g10/skclist.c | 16 ++++------------
- 4 files changed, 62 insertions(+), 16 deletions(-)
-
-diff --git a/g10/call-agent.c b/g10/call-agent.c
-index 4698a25..e6dbb73 100644
---- a/g10/call-agent.c
-+++ b/g10/call-agent.c
-@@ -184,8 +184,7 @@ default_inq_cb (void *opaque, const char *line)
-
-
- /* Print a warning if the server's version number is less than our
-- version number. Returns an error code on a connection problem.
-- Ignore an error for scdaemon (MODE==2). */
-+ version number. Returns an error code on a connection problem. */
- static gpg_error_t
- warn_version_mismatch (assuan_context_t ctx, const char *servername, int mode)
- {
-@@ -194,7 +193,7 @@ warn_version_mismatch (assuan_context_t ctx, const char *servername, int mode)
- const char *myversion = strusage (13);
-
- err = get_assuan_server_version (ctx, mode, &serverversion);
-- if (err && mode != 2)
-+ if (err)
- log_error (_("error getting version from '%s': %s\n"),
- servername, gpg_strerror (err));
- else if (compare_version_strings (serverversion, myversion) < 0)
-@@ -290,7 +289,8 @@ start_agent (ctrl_t ctrl, int flag_for_card)
-
- memset (&info, 0, sizeof info);
-
-- rc = warn_version_mismatch (agent_ctx, SCDAEMON_NAME, 2);
-+ if (!(flag_for_card & FLAG_FOR_CARD_SUPPRESS_ERRORS))
-+ rc = warn_version_mismatch (agent_ctx, SCDAEMON_NAME, 2);
- if (!rc)
- rc = assuan_transact (agent_ctx, "SCD SERIALNO openpgp",
- NULL, NULL, NULL, NULL,
-diff --git a/g10/getkey.c b/g10/getkey.c
-index a81041f..9ac32f7 100644
---- a/g10/getkey.c
-+++ b/g10/getkey.c
-@@ -3967,6 +3967,58 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk)
- }
- }
-
-+gpg_error_t
-+get_seckey_default_or_card (ctrl_t ctrl, PKT_public_key *pk,
-+ const byte *fpr_card, size_t fpr_len)
-+{
-+ gpg_error_t err;
-+ strlist_t namelist = NULL;
-+
-+ const char *def_secret_key = parse_def_secret_key (ctrl);
-+
-+ if (def_secret_key)
-+ add_to_strlist (&namelist, def_secret_key);
-+ else if (fpr_card)
-+ return get_pubkey_byfprint (ctrl, pk, NULL, fpr_card, fpr_len);
-+
-+ if (!fpr_card
-+ || (def_secret_key && def_secret_key[strlen (def_secret_key)-1] == '!'))
-+ err = key_byname (ctrl, NULL, namelist, pk, 1, 0, NULL, NULL);
-+ else
-+ { /* Default key is specified and card key is also available. */
-+ kbnode_t k, keyblock = NULL;
-+
-+ err = key_byname (ctrl, NULL, namelist, pk, 1, 0, &keyblock, NULL);
-+ if (!err)
-+ for (k = keyblock; k; k = k->next)
-+ {
-+ PKT_public_key *pk_candidate;
-+ char fpr[MAX_FINGERPRINT_LEN];
-+
-+ if (k->pkt->pkttype != PKT_PUBLIC_KEY
-+ &&k->pkt->pkttype != PKT_PUBLIC_SUBKEY)
-+ continue;
-+
-+ pk_candidate = k->pkt->pkt.public_key;
-+ if (!pk_candidate->flags.valid)
-+ continue;
-+ if (!((pk_candidate->pubkey_usage & USAGE_MASK) & pk->req_usage))
-+ continue;
-+ fingerprint_from_pk (pk_candidate, fpr, NULL);
-+ if (!memcmp (fpr_card, fpr, fpr_len))
-+ {
-+ release_public_key_parts (pk);
-+ copy_public_key (pk, pk_candidate);
-+ break;
-+ }
-+ }
-+ release_kbnode (keyblock);
-+ }
-+
-+ free_strlist (namelist);
-+
-+ return err;
-+}
-
- /*********************************************
- *********** User ID printing helpers *******
-diff --git a/g10/keydb.h b/g10/keydb.h
-index 1da93a7..4016723 100644
---- a/g10/keydb.h
-+++ b/g10/keydb.h
-@@ -351,6 +351,8 @@ const char *parse_def_secret_key (ctrl_t ctrl);
-
- /* Look up a secret key. */
- gpg_error_t get_seckey_default (ctrl_t ctrl, PKT_public_key *pk);
-+gpg_error_t get_seckey_default_or_card (ctrl_t ctrl, PKT_public_key *pk,
-+ const byte *fpr, size_t fpr_len);
-
- /* Search for keys matching some criteria. */
- gpg_error_t getkey_bynames (ctrl_t ctrl,
-diff --git a/g10/skclist.c b/g10/skclist.c
-index 489277c..78890dc 100644
---- a/g10/skclist.c
-+++ b/g10/skclist.c
-@@ -137,7 +137,7 @@ build_sk_list (ctrl_t ctrl,
- pk = xmalloc_clear (sizeof *pk);
- pk->req_usage = use;
-
-- /* Check if a card is available. If any, use it. */
-+ /* Check if a card is available. If any, use the key as a hint. */
- err = agent_scd_serialno (&serialno, NULL);
- if (!err)
- {
-@@ -146,19 +146,11 @@ build_sk_list (ctrl_t ctrl,
- if (err)
- log_error ("error retrieving key fingerprint from card: %s\n",
- gpg_strerror (err));
-- else if (info.fpr1valid)
-- {
-- if ((err = get_pubkey_byfprint (ctrl, pk, NULL, info.fpr1, 20)))
-- {
-- info.fpr1valid = 0;
-- log_error ("error on card key to sign: %s, try default\n",
-- gpg_strerror (err));
-- }
-- }
- }
-
-- if (!info.fpr1valid
-- && (err = getkey_byname (ctrl, NULL, pk, NULL, 1, NULL)))
-+ err = get_seckey_default_or_card (ctrl, pk,
-+ info.fpr1valid? info.fpr1 : NULL, 20);
-+ if (err)
- {
- free_public_key (pk);
- pk = NULL;
diff --git a/debian/patches/0021-agent-Add-const-qualifier-for-read-only-table.patch b/debian/patches/0021-agent-Add-const-qualifier-for-read-only-table.patch
deleted file mode 100644
index 30d21ec..0000000
--- a/debian/patches/0021-agent-Add-const-qualifier-for-read-only-table.patch
+++ /dev/null
@@ -1,115 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Tue, 23 May 2017 06:42:44 +0900
-Subject: agent: Add const qualifier for read-only table.
-
-* agent/call-pinentry.c (start_pinentry): Add const to tbl.
-* agent/command-ssh.c (request_specs): Add const.
-(ssh_key_types): Likewise.
-(request_spec_lookup): Add const to the return value and SPEC.
-(ssh_request_process): Likewise.
-* agent/protect.c (protect_info): Add const.
-(agent_unprotect): Add const to algotable.
-
---
-
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
-(cherry picked from commit 509e4a4d7491daf496b21e5892f4f63ab90e8e21)
----
- agent/call-pinentry.c | 2 +-
- agent/command-ssh.c | 10 +++++-----
- agent/gpg-agent.c | 2 +-
- agent/protect.c | 4 ++--
- 4 files changed, 9 insertions(+), 9 deletions(-)
-
-diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c
-index 1ff4059..9d8e7f6 100644
---- a/agent/call-pinentry.c
-+++ b/agent/call-pinentry.c
-@@ -489,7 +489,7 @@ start_pinentry (ctrl_t ctrl)
- {
- /* Provide a few default strings for use by the pinentries. This
- may help a pinentry to avoid implementing localization code. */
-- static struct { const char *key, *value; int what; } tbl[] = {
-+ static const struct { const char *key, *value; int what; } tbl[] = {
- /* TRANSLATORS: These are labels for buttons etc used in
- Pinentries. An underscore indicates that the next letter
- should be used as an accelerator. Double the underscore for
-diff --git a/agent/command-ssh.c b/agent/command-ssh.c
-index 57e2e42..99c80c0 100644
---- a/agent/command-ssh.c
-+++ b/agent/command-ssh.c
-@@ -262,7 +262,7 @@ static gpg_error_t ssh_key_extract_comment (gcry_sexp_t key, char **comment);
- /* Associating request types with the corresponding request
- handlers. */
-
--static ssh_request_spec_t request_specs[] =
-+static const ssh_request_spec_t request_specs[] =
- {
- #define REQUEST_SPEC_DEFINE(id, name, secret_input) \
- { SSH_REQUEST_##id, ssh_handler_##name, #name, secret_input }
-@@ -280,7 +280,7 @@ static ssh_request_spec_t request_specs[] =
-
-
- /* Table holding key type specifications. */
--static ssh_key_type_spec_t ssh_key_types[] =
-+static const ssh_key_type_spec_t ssh_key_types[] =
- {
- {
- "ssh-ed25519", "Ed25519", GCRY_PK_EDDSA, "qd", "q", "rs", "qd",
-@@ -3376,10 +3376,10 @@ ssh_handler_unlock (ctrl_t ctrl, estream_t request, estream_t response)
- /* Return the request specification for the request identified by TYPE
- or NULL in case the requested request specification could not be
- found. */
--static ssh_request_spec_t *
-+static const ssh_request_spec_t *
- request_spec_lookup (int type)
- {
-- ssh_request_spec_t *spec;
-+ const ssh_request_spec_t *spec;
- unsigned int i;
-
- for (i = 0; i < DIM (request_specs); i++)
-@@ -3403,7 +3403,7 @@ request_spec_lookup (int type)
- static int
- ssh_request_process (ctrl_t ctrl, estream_t stream_sock)
- {
-- ssh_request_spec_t *spec;
-+ const ssh_request_spec_t *spec;
- estream_t response = NULL;
- estream_t request = NULL;
- unsigned char request_type;
-diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
-index 098a335..e7eef2b 100644
---- a/agent/gpg-agent.c
-+++ b/agent/gpg-agent.c
-@@ -1922,7 +1922,7 @@ agent_copy_startup_env (ctrl_t ctrl)
- const char *value;
-
- for (idx=0; !err && names[idx]; idx++)
-- if ((value = session_env_getenv (opt.startup_env, names[idx])))
-+ if ((value = session_env_getenv (opt.startup_env, names[idx])))
- err = session_env_setenv (ctrl->session_env, names[idx], value);
-
- if (!err && !ctrl->lc_ctype && opt.startup_lc_ctype)
-diff --git a/agent/protect.c b/agent/protect.c
-index a9de732..66c3741 100644
---- a/agent/protect.c
-+++ b/agent/protect.c
-@@ -54,7 +54,7 @@
-
- /* A table containing the information needed to create a protected
- private key. */
--static struct {
-+static const struct {
- const char *algo;
- const char *parmlist;
- int prot_from, prot_to;
-@@ -1010,7 +1010,7 @@ agent_unprotect (ctrl_t ctrl,
- gnupg_isotime_t protected_at,
- unsigned char **result, size_t *resultlen)
- {
-- static struct {
-+ static const struct {
- const char *name; /* Name of the protection method. */
- int algo; /* (A zero indicates the "openpgp-native" hack.) */
- int keylen; /* Used key length in bytes. */
diff --git a/debian/patches/0022-common-Support-different-digest-algorithms-for-ssh-f.patch b/debian/patches/0022-common-Support-different-digest-algorithms-for-ssh-f.patch
deleted file mode 100644
index 8e7c8ad..0000000
--- a/debian/patches/0022-common-Support-different-digest-algorithms-for-ssh-f.patch
+++ /dev/null
@@ -1,224 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Fri, 4 Dec 2015 15:19:07 +0100
-Subject: common: Support different digest algorithms for ssh fingerprints.
-
-* common/ssh-utils.c (get_fingerprint): Add and honor 'algo' parameter.
-(ssh_get_fingerprint{,_string}): Likewise.
-* common/ssh-utils.h (ssh_get_fingerprint{,_string}): Update prototypes.
-* common/t-ssh-utils.c (main): Adapt accordingly.
-* agent/command-ssh.c (agent_raw_key_from_file): Likewise.
-(ssh_identity_register): Likewise.
-* agent/command.c (do_one_keyinfo): Likewise.
-* agent/findkey.c (modify_description): Likewise.
---
-This lays the foundation to support other algorithms.
-
-GnuPG-bug-id: 2106
-Signed-off-by: Justus Winter <justus at g10code.com>
-(cherry picked from commit 3ac1a9d3a018816233a855faff059b4e0657a0f1)
----
- agent/command-ssh.c | 4 ++--
- agent/command.c | 2 +-
- agent/findkey.c | 2 +-
- common/ssh-utils.c | 59 +++++++++++++++++++++++++++-------------------------
- common/ssh-utils.h | 6 ++++--
- common/t-ssh-utils.c | 4 ++--
- 6 files changed, 41 insertions(+), 36 deletions(-)
-
-diff --git a/agent/command-ssh.c b/agent/command-ssh.c
-index 99c80c0..3dd3dd7 100644
---- a/agent/command-ssh.c
-+++ b/agent/command-ssh.c
-@@ -2760,7 +2760,7 @@ data_sign (ctrl_t ctrl, ssh_key_type_spec_t *spec,
- err = agent_raw_key_from_file (ctrl, ctrl->keygrip, &key);
- if (err)
- goto out;
-- err = ssh_get_fingerprint_string (key, &fpr);
-+ err = ssh_get_fingerprint_string (key, GCRY_MD_MD5, &fpr);
- if (!err)
- {
- gcry_sexp_t tmpsxp = gcry_sexp_find_token (key, "comment", 0);
-@@ -3038,7 +3038,7 @@ ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec,
-
- bin2hex (key_grip_raw, 20, key_grip);
-
-- err = ssh_get_fingerprint_string (key, &key_fpr);
-+ err = ssh_get_fingerprint_string (key, GCRY_MD_MD5, &key_fpr);
- if (err)
- goto out;
-
-diff --git a/agent/command.c b/agent/command.c
-index df788ef..d370821 100644
---- a/agent/command.c
-+++ b/agent/command.c
-@@ -1201,7 +1201,7 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx,
-
- if (!agent_raw_key_from_file (ctrl, grip, &key))
- {
-- ssh_get_fingerprint_string (key, &fpr);
-+ ssh_get_fingerprint_string (key, GCRY_MD_MD5, &fpr);
- gcry_sexp_release (key);
- }
- }
-diff --git a/agent/findkey.c b/agent/findkey.c
-index b24d8f1..1f547b0 100644
---- a/agent/findkey.c
-+++ b/agent/findkey.c
-@@ -412,7 +412,7 @@ agent_modify_description (const char *in, const char *comment,
-
- case 'F': /* SSH style fingerprint. */
- if (!ssh_fpr && key)
-- ssh_get_fingerprint_string (key, &ssh_fpr);
-+ ssh_get_fingerprint_string (key, GCRY_MD_MD5, &ssh_fpr);
- if (ssh_fpr)
- {
- if (out)
-diff --git a/common/ssh-utils.c b/common/ssh-utils.c
-index 60aa07b..3925602 100644
---- a/common/ssh-utils.c
-+++ b/common/ssh-utils.c
-@@ -65,12 +65,13 @@ is_eddsa (gcry_sexp_t keyparms)
- }
-
-
--/* Return the Secure Shell type fingerprint for KEY. The length of
-- the fingerprint is returned at R_LEN and the fingerprint itself at
-- R_FPR. In case of a error code is returned and NULL stored at
-- R_FPR. */
-+/* Return the Secure Shell type fingerprint for KEY using digest ALGO.
-+ The length of the fingerprint is returned at R_LEN and the
-+ fingerprint itself at R_FPR. In case of a error code is returned
-+ and NULL stored at R_FPR. */
- static gpg_error_t
--get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len, int as_string)
-+get_fingerprint (gcry_sexp_t key, int algo,
-+ void **r_fpr, size_t *r_len, int as_string)
- {
- gpg_error_t err;
- gcry_sexp_t list = NULL;
-@@ -111,7 +112,7 @@ get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len, int as_string)
- goto leave;
- }
-
-- err = gcry_md_open (&md, GCRY_MD_MD5, 0);
-+ err = gcry_md_open (&md, algo, 0);
- if (err)
- goto leave;
-
-@@ -229,23 +230,23 @@ get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len, int as_string)
- }
- }
-
-- *r_fpr = gcry_malloc (as_string? 61:20);
-- if (!*r_fpr)
-- {
-- err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
-- goto leave;
-- }
--
- if (as_string)
- {
-- bin2hexcolon (gcry_md_read (md, GCRY_MD_MD5), 16, *r_fpr);
-- *r_len = 3*16+1;
-+ *r_fpr = (algo == GCRY_MD_MD5 ? bin2hexcolon : /* XXX we need base64 */ bin2hex)
-+ (gcry_md_read (md, algo), gcry_md_get_algo_dlen (algo), NULL);
-+ *r_len = strlen (*r_fpr) + 1;
- strlwr (*r_fpr);
- }
- else
- {
-- memcpy (*r_fpr, gcry_md_read (md, GCRY_MD_MD5), 16);
-- *r_len = 16;
-+ *r_len = gcry_md_get_algo_dlen (algo);
-+ *r_fpr = xtrymalloc (*r_len);
-+ if (!*r_fpr)
-+ {
-+ err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
-+ goto leave;
-+ }
-+ memcpy (*r_fpr, gcry_md_read (md, algo), *r_len);
- }
- err = 0;
-
-@@ -257,28 +258,30 @@ get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len, int as_string)
- return err;
- }
-
--/* Return the Secure Shell type fingerprint for KEY. The length of
-- the fingerprint is returned at R_LEN and the fingerprint itself at
-- R_FPR. In case of an error an error code is returned and NULL
-- stored at R_FPR. */
-+/* Return the Secure Shell type fingerprint for KEY using digest ALGO.
-+ The length of the fingerprint is returned at R_LEN and the
-+ fingerprint itself at R_FPR. In case of an error an error code is
-+ returned and NULL stored at R_FPR. */
- gpg_error_t
--ssh_get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len)
-+ssh_get_fingerprint (gcry_sexp_t key, int algo,
-+ void **r_fpr, size_t *r_len)
- {
-- return get_fingerprint (key, r_fpr, r_len, 0);
-+ return get_fingerprint (key, algo, r_fpr, r_len, 0);
- }
-
-
--/* Return the Secure Shell type fingerprint for KEY as a string. The
-- fingerprint is mallcoed and stored at R_FPRSTR. In case of an
-- error an error code is returned and NULL stored at R_FPRSTR. */
-+/* Return the Secure Shell type fingerprint for KEY using digest ALGO
-+ as a string. The fingerprint is mallcoed and stored at R_FPRSTR.
-+ In case of an error an error code is returned and NULL stored at
-+ R_FPRSTR. */
- gpg_error_t
--ssh_get_fingerprint_string (gcry_sexp_t key, char **r_fprstr)
-+ssh_get_fingerprint_string (gcry_sexp_t key, int algo, char **r_fprstr)
- {
- gpg_error_t err;
- size_t dummy;
- void *string;
-
-- err = get_fingerprint (key, &string, &dummy, 1);
-+ err = get_fingerprint (key, algo, &string, &dummy, 1);
- *r_fprstr = string;
- return err;
- }
-diff --git a/common/ssh-utils.h b/common/ssh-utils.h
-index 36d38a3..53d9f55 100644
---- a/common/ssh-utils.h
-+++ b/common/ssh-utils.h
-@@ -31,9 +31,11 @@
- #define GNUPG_COMMON_SSH_UTILS_H
-
-
--gpg_error_t ssh_get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len);
-+gpg_error_t ssh_get_fingerprint (gcry_sexp_t key, int algo,
-+ void **r_fpr, size_t *r_len);
-
--gpg_error_t ssh_get_fingerprint_string (gcry_sexp_t key, char **r_fprstr);
-+gpg_error_t ssh_get_fingerprint_string (gcry_sexp_t key, int algo,
-+ char **r_fprstr);
-
-
- #endif /*GNUPG_COMMON_SSH_UTILS_H*/
-diff --git a/common/t-ssh-utils.c b/common/t-ssh-utils.c
-index f63ea95..a4e948f 100644
---- a/common/t-ssh-utils.c
-+++ b/common/t-ssh-utils.c
-@@ -262,7 +262,7 @@ main (int argc, char **argv)
- if (argc == 2)
- {
- key = read_key (argv[1]);
-- err = ssh_get_fingerprint_string (key, &string);
-+ err = ssh_get_fingerprint_string (key, GCRY_MD_MD5, &string);
- if (err)
- {
- fprintf (stderr, "%s:%d: error getting fingerprint: %s\n",
-@@ -287,7 +287,7 @@ main (int argc, char **argv)
- exit (1);
- }
-
-- err = ssh_get_fingerprint_string (key, &string);
-+ err = ssh_get_fingerprint_string (key, GCRY_MD_MD5, &string);
- gcry_sexp_release (key);
- if (err)
- {
diff --git a/debian/patches/0023-common-Correctly-render-SHA256-based-ssh-fingerprint.patch b/debian/patches/0023-common-Correctly-render-SHA256-based-ssh-fingerprint.patch
deleted file mode 100644
index 5c99f60..0000000
--- a/debian/patches/0023-common-Correctly-render-SHA256-based-ssh-fingerprint.patch
+++ /dev/null
@@ -1,303 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Wed, 24 May 2017 17:03:58 +0200
-Subject: common: Correctly render SHA256-based ssh fingerprints.
-
-* common/ssh-utils.c (dummy_realloc): New function.
-(dummy_free): Likewise.
-(get_fingerprint): Prepend the fingerprint with the name of the digest
-algorithm. Correctly render SHA256-based ssh fingerprints.
-* common/t-ssh-utils.c (sample_keys): Add SHA256 hashes for the keys.
-(main): Add an option to dump the keys to gather fingerprints, also
-print the SHA256 fingerprint for keys given as arguments, and check
-the SHA256 fingerprints of the test keys.
-
-GnuPG-bug-id: 2106
-Signed-off-by: Justus Winter <justus at g10code.com>
-(cherry picked from commit 3a07a69dfc87b4fff610740d3dde8e23f0d2f8bc)
----
- common/ssh-utils.c | 73 ++++++++++++++++++++++++++++++++++++--
- common/t-ssh-utils.c | 99 ++++++++++++++++++++++++++++++++++++++++++++++------
- 2 files changed, 158 insertions(+), 14 deletions(-)
-
-diff --git a/common/ssh-utils.c b/common/ssh-utils.c
-index 3925602..38d6e8a 100644
---- a/common/ssh-utils.c
-+++ b/common/ssh-utils.c
-@@ -64,6 +64,9 @@ is_eddsa (gcry_sexp_t keyparms)
- return result;
- }
-
-+/* Dummy functions for es_mopen. */
-+static void *dummy_realloc (void *mem, size_t size) { (void) size; return mem; }
-+static void dummy_free (void *mem) { (void) mem; }
-
- /* Return the Secure Shell type fingerprint for KEY using digest ALGO.
- The length of the fingerprint is returned at R_LEN and the
-@@ -232,10 +235,74 @@ get_fingerprint (gcry_sexp_t key, int algo,
-
- if (as_string)
- {
-- *r_fpr = (algo == GCRY_MD_MD5 ? bin2hexcolon : /* XXX we need base64 */ bin2hex)
-- (gcry_md_read (md, algo), gcry_md_get_algo_dlen (algo), NULL);
-+ const char *algo_name;
-+ char *fpr;
-+
-+ /* Prefix string with the algorithm name and a colon. */
-+ algo_name = gcry_md_algo_name (algo);
-+ *r_fpr = xtrymalloc (strlen (algo_name) + 1 + 3 * gcry_md_get_algo_dlen (algo) + 1);
-+ if (*r_fpr == NULL)
-+ {
-+ err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
-+ goto leave;
-+ }
-+
-+ strncpy (*r_fpr, algo_name, strlen (algo_name));
-+ fpr = (char *) *r_fpr + strlen (algo_name);
-+ *fpr++ = ':';
-+
-+ if (algo == GCRY_MD_MD5)
-+ {
-+ bin2hexcolon (gcry_md_read (md, algo), gcry_md_get_algo_dlen (algo), fpr);
-+ strlwr (fpr);
-+ }
-+ else
-+ {
-+ struct b64state b64s;
-+ estream_t stream;
-+ char *p;
-+ long int len;
-+
-+ /* Write the base64-encoded hash to fpr. */
-+ stream = es_mopen (fpr, 3 * gcry_md_get_algo_dlen (algo) + 1, 0,
-+ 0, dummy_realloc, dummy_free, "w");
-+ if (stream == NULL)
-+ {
-+ err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
-+ goto leave;
-+ }
-+
-+ err = b64enc_start_es (&b64s, stream, "");
-+ if (err)
-+ {
-+ es_fclose (stream);
-+ goto leave;
-+ }
-+
-+ err = b64enc_write (&b64s,
-+ gcry_md_read (md, algo), gcry_md_get_algo_dlen (algo));
-+ if (err)
-+ {
-+ es_fclose (stream);
-+ goto leave;
-+ }
-+
-+ /* Finish, get the length, and close the stream. */
-+ err = b64enc_finish (&b64s);
-+ len = es_ftell (stream);
-+ es_fclose (stream);
-+ if (err)
-+ goto leave;
-+
-+ /* Terminate. */
-+ fpr[len] = 0;
-+
-+ /* Strip the trailing padding characters. */
-+ for (p = fpr + len - 1; p > fpr && *p == '='; p--)
-+ *p = 0;
-+ }
-+
- *r_len = strlen (*r_fpr) + 1;
-- strlwr (*r_fpr);
- }
- else
- {
-diff --git a/common/t-ssh-utils.c b/common/t-ssh-utils.c
-index a4e948f..1c9b87b 100644
---- a/common/t-ssh-utils.c
-+++ b/common/t-ssh-utils.c
-@@ -28,7 +28,12 @@
- #include "ssh-utils.h"
-
-
--static struct { const char *key; const char *fpr; } sample_keys[] = {
-+static struct
-+{
-+ const char *key;
-+ const char *fpr_md5;
-+ const char *fpr_sha256;
-+} sample_keys[] = {
- { "(protected-private-key "
- "(rsa "
- "(n #"
-@@ -70,7 +75,8 @@ static struct { const char *key; const char *fpr; } sample_keys[] = {
- ")"
- "(comment passphrase_is_abc)"
- ")",
-- "c7:c6:a7:ec:04:6c:87:59:54:f2:88:58:09:e0:f2:b1"
-+ "MD5:c7:c6:a7:ec:04:6c:87:59:54:f2:88:58:09:e0:f2:b1",
-+ "SHA256:ksKb4DKk2SFX56GRtpt0szBnyjiYARSb2FNlUb7snnE"
- },
- {
- "(protected-private-key "
-@@ -99,7 +105,8 @@ static struct { const char *key; const char *fpr; } sample_keys[] = {
- ")"
- "(comment sample_dsa_passphrase_is_abc)"
- ")",
-- "2d:b1:70:1a:04:9e:41:a3:ce:27:a5:c7:22:fe:3a:a3"
-+ "MD5:2d:b1:70:1a:04:9e:41:a3:ce:27:a5:c7:22:fe:3a:a3",
-+ "SHA256:z8+8HEuD/5QpegGS4tSK02dJF+a6o2V67VM2gOPz9oQ"
- },
- { /* OpenSSH 6.7p1 generated key: */
- "(protected-private-key "
-@@ -118,7 +125,8 @@ static struct { const char *key; const char *fpr; } sample_keys[] = {
- ")"
- "(comment \"ecdsa w/o comment\")"
- ")", /* Passphrase="abc" */
-- "93:4f:08:02:7d:cb:16:9b:0c:39:21:4b:cf:28:5a:19"
-+ "MD5:93:4f:08:02:7d:cb:16:9b:0c:39:21:4b:cf:28:5a:19",
-+ "SHA256:zSj4uXfE1hlQnESD2LO723fMGXsNwzHrfqOfqep37is"
- },
- { /* OpenSSH 6.7p1 generated key: */
- "(protected-private-key "
-@@ -139,7 +147,8 @@ static struct { const char *key; const char *fpr; } sample_keys[] = {
- ")"
- "(comment \"ecdsa w/o comment\")"
- ")", /* Passphrase="abc" */
-- "a3:cb:44:c8:56:15:25:62:85:fd:e8:04:7a:26:dc:76"
-+ "MD5:a3:cb:44:c8:56:15:25:62:85:fd:e8:04:7a:26:dc:76",
-+ "SHA256:JuQh5fjduynuuTEwI9C6yAKK1NnLX9PPd7TP0qZfbGs"
- },
- { /* OpenSSH 6.7p1 generated key: */
- "(protected-private-key "
-@@ -161,7 +170,8 @@ static struct { const char *key; const char *fpr; } sample_keys[] = {
- ")"
- "(comment \"ecdsa w/o comment\")"
- ")", /* Passphrase="abc" */
-- "1e:a6:94:ab:bd:81:73:5f:22:bc:0e:c7:89:f6:68:df"
-+ "MD5:1e:a6:94:ab:bd:81:73:5f:22:bc:0e:c7:89:f6:68:df",
-+ "SHA256:+pbRyYa2UBwDki1k4Wziu2CKrdJIbZM/hOWOQ/sNe/0"
- },
- { /* OpenSSH 6.7p1 generated key: */
- "(protected-private-key "
-@@ -180,7 +190,8 @@ static struct { const char *key; const char *fpr; } sample_keys[] = {
- ")"
- "(comment \"eddsa w/o comment\")"
- ")", /* Passphrase="abc" */
-- "f1:fa:c8:a6:40:bb:b9:a1:65:d7:62:65:ac:26:78:0e"
-+ "MD5:f1:fa:c8:a6:40:bb:b9:a1:65:d7:62:65:ac:26:78:0e",
-+ "SHA256:yhwBfYnTOnSXcWf1EOPo+oIIpNJ6w/bG36udZ96MmsQ"
- },
- {
- NULL,
-@@ -259,9 +270,43 @@ main (int argc, char **argv)
- char *string;
- int idx;
-
-- if (argc == 2)
-+ /* --dump-keys dumps the keys as KEYGRIP.key.IDX. Useful to compute
-+ fingerprints to enhance the test vectors. */
-+ if (argc == 2 && strcmp (argv[1], "--dump-keys") == 0)
-+ for (idx=0; sample_keys[idx].key; idx++)
-+ {
-+ FILE *s;
-+ char *name;
-+ char grip[20];
-+ char *hexgrip;
-+
-+ err = keygrip_from_canon_sexp (sample_keys[idx].key,
-+ strlen (sample_keys[idx].key),
-+ grip);
-+ if (err)
-+ {
-+ fprintf (stderr, "%s:%d: error computing keygrip: %s\n",
-+ __FILE__, __LINE__, gpg_strerror (err));
-+ exit (1);
-+ }
-+ hexgrip = bin2hex (grip, 20, NULL);
-+
-+ name = xtryasprintf ("%s.key.%d", hexgrip, idx);
-+ s = fopen (name, "w");
-+ if (s == NULL)
-+ {
-+ fprintf (stderr, "%s:%d: error opening file: %s\n",
-+ __FILE__, __LINE__, gpg_strerror (gpg_error_from_syserror ()));
-+ exit (1);
-+ }
-+ xfree (name);
-+ fprintf (s, "%s", sample_keys[idx].key);
-+ fclose (s);
-+ }
-+ else if (argc == 2)
- {
- key = read_key (argv[1]);
-+
- err = ssh_get_fingerprint_string (key, GCRY_MD_MD5, &string);
- if (err)
- {
-@@ -271,6 +316,17 @@ main (int argc, char **argv)
- }
- puts (string);
- xfree (string);
-+
-+ err = ssh_get_fingerprint_string (key, GCRY_MD_SHA256, &string);
-+ if (err)
-+ {
-+ fprintf (stderr, "%s:%d: error getting fingerprint: %s\n",
-+ __FILE__, __LINE__, gpg_strerror (err));
-+ exit (1);
-+ }
-+ puts (string);
-+ xfree (string);
-+
- gcry_sexp_release (key);
- }
- else
-@@ -288,7 +344,6 @@ main (int argc, char **argv)
- }
-
- err = ssh_get_fingerprint_string (key, GCRY_MD_MD5, &string);
-- gcry_sexp_release (key);
- if (err)
- {
- fprintf (stderr, "%s:%d: error getting fingerprint for "
-@@ -297,16 +352,38 @@ main (int argc, char **argv)
- exit (1);
- }
-
-- if (strcmp (string, sample_keys[idx].fpr))
-+ if (strcmp (string, sample_keys[idx].fpr_md5))
-+ {
-+ fprintf (stderr, "%s:%d: fingerprint mismatch for "
-+ "sample key %d\n",
-+ __FILE__, __LINE__, idx);
-+ fprintf (stderr, "want: %s\n got: %s\n",
-+ sample_keys[idx].fpr_md5, string);
-+ exit (1);
-+ }
-+ xfree (string);
-+
-+ err = ssh_get_fingerprint_string (key, GCRY_MD_SHA256, &string);
-+ if (err)
-+ {
-+ fprintf (stderr, "%s:%d: error getting fingerprint for "
-+ "sample key %d: %s\n",
-+ __FILE__, __LINE__, idx, gpg_strerror (err));
-+ exit (1);
-+ }
-+
-+ if (strcmp (string, sample_keys[idx].fpr_sha256))
- {
- fprintf (stderr, "%s:%d: fingerprint mismatch for "
- "sample key %d\n",
- __FILE__, __LINE__, idx);
- fprintf (stderr, "want: %s\n got: %s\n",
-- sample_keys[idx].fpr, string);
-+ sample_keys[idx].fpr_sha256, string);
- exit (1);
- }
- xfree (string);
-+
-+ gcry_sexp_release (key);
- }
- }
-
diff --git a/debian/patches/0024-agent-Write-both-ssh-fingerprints-to-sshcontrol-file.patch b/debian/patches/0024-agent-Write-both-ssh-fingerprints-to-sshcontrol-file.patch
deleted file mode 100644
index 9e08e72..0000000
--- a/debian/patches/0024-agent-Write-both-ssh-fingerprints-to-sshcontrol-file.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Wed, 24 May 2017 17:29:31 +0200
-Subject: agent: Write both ssh fingerprints to 'sshcontrol' file.
-
-* agent/command-ssh.c (add_control_entry): Hand in the key, write both
-the MD5- and the SHA256-based fingerprint to the 'sshcontrol' file
-when adding ssh keys.
-(ssh_identity_register): Adapt callsite.
-
-GnuPG-bug-id: 2106
-Signed-off-by: Justus Winter <justus at g10code.com>
-(cherry picked from commit a5f046d99a084b6a95268f03c1b588e8b78083cb)
----
- agent/command-ssh.c | 22 ++++++++++++++++++----
- 1 file changed, 18 insertions(+), 4 deletions(-)
-
-diff --git a/agent/command-ssh.c b/agent/command-ssh.c
-index 3dd3dd7..b8edd1a 100644
---- a/agent/command-ssh.c
-+++ b/agent/command-ssh.c
-@@ -1040,12 +1040,14 @@ search_control_file (ssh_control_file_t cf, const char *hexgrip,
- We can assume that the user wants to allow ssh using this key. */
- static gpg_error_t
- add_control_entry (ctrl_t ctrl, ssh_key_type_spec_t *spec,
-- const char *hexgrip, const char *fmtfpr,
-+ const char *hexgrip, gcry_sexp_t key,
- int ttl, int confirm)
- {
- gpg_error_t err;
- ssh_control_file_t cf;
- int disabled;
-+ char *fpr_md5 = NULL;
-+ char *fpr_sha256 = NULL;
-
- (void)ctrl;
-
-@@ -1059,19 +1061,31 @@ add_control_entry (ctrl_t ctrl, ssh_key_type_spec_t *spec,
- struct tm *tp;
- time_t atime = time (NULL);
-
-+ err = ssh_get_fingerprint_string (key, GCRY_MD_MD5, &fpr_md5);
-+ if (err)
-+ goto out;
-+
-+ err = ssh_get_fingerprint_string (key, GCRY_MD_SHA256, &fpr_sha256);
-+ if (err)
-+ goto out;
-+
- /* Not yet in the file - add it. Because the file has been
- opened in append mode, we simply need to write to it. */
- tp = localtime (&atime);
- fprintf (cf->fp,
- ("# %s key added on: %04d-%02d-%02d %02d:%02d:%02d\n"
-- "# MD5 Fingerprint: %s\n"
-+ "# Fingerprints: %s\n"
-+ "# %s\n"
- "%s %d%s\n"),
- spec->name,
- 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday,
- tp->tm_hour, tp->tm_min, tp->tm_sec,
-- fmtfpr, hexgrip, ttl, confirm? " confirm":"");
-+ fpr_md5, fpr_sha256, hexgrip, ttl, confirm? " confirm":"");
-
- }
-+ out:
-+ xfree (fpr_md5);
-+ xfree (fpr_sha256);
- close_control_file (cf);
- return 0;
- }
-@@ -3118,7 +3132,7 @@ ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec,
-
- key_exists:
- /* And add an entry to the sshcontrol file. */
-- err = add_control_entry (ctrl, spec, key_grip, key_fpr, ttl, confirm);
-+ err = add_control_entry (ctrl, spec, key_grip, key, ttl, confirm);
-
-
- out:
diff --git a/debian/patches/0025-agent-Make-digest-algorithms-for-ssh-fingerprints-co.patch b/debian/patches/0025-agent-Make-digest-algorithms-for-ssh-fingerprints-co.patch
deleted file mode 100644
index e6307a4..0000000
--- a/debian/patches/0025-agent-Make-digest-algorithms-for-ssh-fingerprints-co.patch
+++ /dev/null
@@ -1,141 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Wed, 24 May 2017 17:48:42 +0200
-Subject: agent: Make digest algorithms for ssh fingerprints configurable.
-
-* agent/agent.h (opt): New field 'ssh_fingerprint_digest'.
-* agent/command-ssh.c (data_sign, ssh_identity_register): Honor the
-option for strings used to communicate with the user.
-* agent/findkey.c (agent_modify_description): Likewise.
-* agent/gpg-agent.c (cmd_and_opt_values): New value.
-(opts): New option '--ssh-fingerprint-digest'.
-(parse_rereadable_options): Set the default to MD5 for now.
-(main): Handle the new option.
-* doc/gpg-agent.texi: Document the new option.
---
-
-OpenSSH has transitioned from using MD5 to compute key fingerprints to
-SHA256. This patch makes the digest used when communicating key
-fingerprints to the user (e.g. in pinentry dialogs) configurable.
-For now this patch conservatively defaults to MD5.
-
-GnuPG-bug-id: 2106
-Signed-off-by: Justus Winter <justus at g10code.com>
-(cherry picked from commit 525f2c482abb6bc2002eb878b03558fb43e6b004)
----
- agent/agent.h | 4 ++++
- agent/command-ssh.c | 4 ++--
- agent/findkey.c | 3 ++-
- agent/gpg-agent.c | 9 +++++++++
- doc/gpg-agent.texi | 7 +++++++
- 5 files changed, 24 insertions(+), 3 deletions(-)
-
-diff --git a/agent/agent.h b/agent/agent.h
-index fadc8e8..0fa4e1b 100644
---- a/agent/agent.h
-+++ b/agent/agent.h
-@@ -167,6 +167,10 @@ struct
- gpg-agent.c: If the value is less than 2 the name has not yet
- been malloced. */
- int browser_socket;
-+
-+ /* The digest algorithm to use for ssh fingerprints when
-+ * communicating with the user. */
-+ int ssh_fingerprint_digest;
- } opt;
-
-
-diff --git a/agent/command-ssh.c b/agent/command-ssh.c
-index b8edd1a..e450aed 100644
---- a/agent/command-ssh.c
-+++ b/agent/command-ssh.c
-@@ -2774,7 +2774,7 @@ data_sign (ctrl_t ctrl, ssh_key_type_spec_t *spec,
- err = agent_raw_key_from_file (ctrl, ctrl->keygrip, &key);
- if (err)
- goto out;
-- err = ssh_get_fingerprint_string (key, GCRY_MD_MD5, &fpr);
-+ err = ssh_get_fingerprint_string (key, opt.ssh_fingerprint_digest, &fpr);
- if (!err)
- {
- gcry_sexp_t tmpsxp = gcry_sexp_find_token (key, "comment", 0);
-@@ -3052,7 +3052,7 @@ ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec,
-
- bin2hex (key_grip_raw, 20, key_grip);
-
-- err = ssh_get_fingerprint_string (key, GCRY_MD_MD5, &key_fpr);
-+ err = ssh_get_fingerprint_string (key, opt.ssh_fingerprint_digest, &key_fpr);
- if (err)
- goto out;
-
-diff --git a/agent/findkey.c b/agent/findkey.c
-index 1f547b0..cff0a7d 100644
---- a/agent/findkey.c
-+++ b/agent/findkey.c
-@@ -412,7 +412,8 @@ agent_modify_description (const char *in, const char *comment,
-
- case 'F': /* SSH style fingerprint. */
- if (!ssh_fpr && key)
-- ssh_get_fingerprint_string (key, GCRY_MD_MD5, &ssh_fpr);
-+ ssh_get_fingerprint_string (key, opt.ssh_fingerprint_digest,
-+ &ssh_fpr);
- if (ssh_fpr)
- {
- if (out)
-diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
-index e7eef2b..d522f18 100644
---- a/agent/gpg-agent.c
-+++ b/agent/gpg-agent.c
-@@ -132,6 +132,7 @@ enum cmd_and_opt_values
- oKeepTTY,
- oKeepDISPLAY,
- oSSHSupport,
-+ oSSHFingerprintDigest,
- oPuttySupport,
- oDisableScdaemon,
- oDisableCheckOwnSocket,
-@@ -235,6 +236,8 @@ static ARGPARSE_OPTS opts[] = {
- /* */ N_("allow passphrase to be prompted through Emacs")),
-
- ARGPARSE_s_n (oSSHSupport, "enable-ssh-support", N_("enable ssh support")),
-+ ARGPARSE_s_s (oSSHFingerprintDigest, "ssh-fingerprint-digest",
-+ N_("digest to use when communicating ssh fingerprints")),
- ARGPARSE_s_n (oPuttySupport, "enable-putty-support",
- #ifdef HAVE_W32_SYSTEM
- /* */ N_("enable putty support")
-@@ -806,6 +809,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
- opt.allow_emacs_pinentry = 0;
- opt.disable_scdaemon = 0;
- disable_check_own_socket = 0;
-+ opt.ssh_fingerprint_digest = GCRY_MD_MD5;
- return 1;
- }
-
-@@ -1187,6 +1191,11 @@ main (int argc, char **argv )
- case oSSHSupport:
- ssh_support = 1;
- break;
-+ case oSSHFingerprintDigest:
-+ opt.ssh_fingerprint_digest = gcry_md_map_name (pargs.r.ret_str);
-+ if (opt.ssh_fingerprint_digest == 0)
-+ log_error ("Unknown digest algorithm: %s\n", pargs.r.ret_str);
-+ break;
- case oPuttySupport:
- # ifdef HAVE_W32_SYSTEM
- putty_support = 1;
-diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
-index 6ed0ff8..d61dc85 100644
---- a/doc/gpg-agent.texi
-+++ b/doc/gpg-agent.texi
-@@ -636,6 +636,13 @@ and allows the use of gpg-agent with the ssh implementation
- @command{putty}. This is similar to the regular ssh-agent support but
- makes use of Windows message queue as required by @command{putty}.
-
-+ at anchor{option --ssh-fingerprint-digest}
-+ at item --ssh-fingerprint-digest
-+ at opindex ssh-fingerprint-digest
-+
-+Select the digest algorithm used to compute ssh fingerprints that are
-+communicated to the user, e.g. in pinentry dialogs. OpenSSH has
-+transitioned from using MD5 to the more secure SHA256.
-
- @end table
-
diff --git a/debian/patches/0026-dirmngr-Re-init-libdns-resolver-on-towel-change-of-r.patch b/debian/patches/0026-dirmngr-Re-init-libdns-resolver-on-towel-change-of-r.patch
deleted file mode 100644
index 6f9b332..0000000
--- a/debian/patches/0026-dirmngr-Re-init-libdns-resolver-on-towel-change-of-r.patch
+++ /dev/null
@@ -1,110 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Thu, 25 May 2017 11:33:07 +0200
-Subject: dirmngr: Re-init libdns resolver on towel change of resolv.conf
-MIME-Version: 1.0
-Content-Type: text/plain; charset="utf-8"
-Content-Transfer-Encoding: 8bit
-
-* dirmngr/dns-stuff.c: Include sys/stat.h.
-(RESOLV_CONF_NAME): New macro to replace a string.
-(resolv_conf_changed_p): New.
-(libdns_init): Call new function
-(libdns_res_open): Ditto.
---
-
-Don't panic. This is a simple change
-Suggested-by: Stefan Bühler <stbuehler at web.de>
-to avoid complicated if-up.d hooks to reload resolv.conf.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit b5f356e9fba2d99909f8f54d7b7e6836bed87b68)
----
- dirmngr/dns-stuff.c | 47 ++++++++++++++++++++++++++++++++++++++++++++++-
- 1 file changed, 46 insertions(+), 1 deletion(-)
-
-diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
-index a6c14cd..a8ddbc6 100644
---- a/dirmngr/dns-stuff.c
-+++ b/dirmngr/dns-stuff.c
-@@ -45,6 +45,9 @@
- # endif
- # include <netdb.h>
- #endif
-+#ifdef HAVE_STAT
-+# include <sys/stat.h>
-+#endif
- #include <string.h>
- #include <unistd.h>
-
-@@ -111,6 +114,8 @@
- #define DEFAULT_TIMEOUT 30
-
-
-+#define RESOLV_CONF_NAME "/etc/resolv.conf"
-+
- /* Two flags to enable verbose and debug mode. */
- static int opt_verbose;
- static int opt_debug;
-@@ -391,6 +396,37 @@ libdns_error_to_gpg_error (int serr)
- #endif /*USE_LIBDNS*/
-
-
-+/* Return true if resolve.conf changed since it was last loaded. */
-+#ifdef USE_LIBDNS
-+static int
-+resolv_conf_changed_p (void)
-+{
-+#if defined(HAVE_W32_SYSTEM) || !defined(HAVE_STAT)
-+ return 0;
-+#else
-+ static time_t last_mtime;
-+ const char *fname = RESOLV_CONF_NAME;
-+ struct stat statbuf;
-+ int changed;
-+
-+ if (stat (fname, &statbuf))
-+ {
-+ log_error ("stat'ing '%s' failed: %s\n",
-+ fname, gpg_strerror (gpg_error_from_syserror ()));
-+ changed = 0;
-+ last_mtime = 1; /* Force a "changed" result the next time stat
-+ * works. */
-+ }
-+ else
-+ {
-+ changed = last_mtime && (last_mtime != statbuf.st_mtime);
-+ last_mtime = statbuf.st_mtime;
-+ }
-+ return changed;
-+#endif
-+}
-+#endif /*USE_LIBDNS*/
-+
- #ifdef USE_LIBDNS
- /* Initialize libdns. Returns 0 on success; prints a diagnostic and
- * returns an error code on failure. */
-@@ -496,7 +532,8 @@ libdns_init (void)
- #else /* Unix */
- const char *fname;
-
-- fname = "/etc/resolv.conf";
-+ fname = RESOLV_CONF_NAME;
-+ resolv_conf_changed_p (); /* Reset timestamp. */
- err = libdns_error_to_gpg_error
- (dns_resconf_loadpath (ld.resolv_conf, fname));
- if (err)
-@@ -653,6 +690,14 @@ libdns_res_open (struct dns_resolver **r_res)
-
- *r_res = NULL;
-
-+ /* Force a reload if resolv.conf has changed. */
-+ if (resolv_conf_changed_p ())
-+ {
-+ if (opt_debug)
-+ log_debug ("dns: resolv.conf changed - forcing reload\n");
-+ libdns_reinit_pending = 1;
-+ }
-+
- if (libdns_reinit_pending)
- {
- libdns_reinit_pending = 0;
diff --git a/debian/patches/0027-dirmngr-This-towel-should-better-detect-a-changed-re.patch b/debian/patches/0027-dirmngr-This-towel-should-better-detect-a-changed-re.patch
deleted file mode 100644
index d38e30b..0000000
--- a/debian/patches/0027-dirmngr-This-towel-should-better-detect-a-changed-re.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Thu, 25 May 2017 20:26:54 +0200
-Subject: dirmngr: This towel should better detect a changed resolv.conf.
-
-* dirmngr/dns-stuff.c (resolv_conf_changed_p): Fix initialization time
-issue.
---
-
-Fixes-commit: b5f356e9fba2d99909f8f54d7b7e6836bed87b68
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit de3a0988ef9addccd6b5c7950fb8797afbc3978d)
----
- dirmngr/dns-stuff.c | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
-index a8ddbc6..7324aae 100644
---- a/dirmngr/dns-stuff.c
-+++ b/dirmngr/dns-stuff.c
-@@ -407,21 +407,23 @@ resolv_conf_changed_p (void)
- static time_t last_mtime;
- const char *fname = RESOLV_CONF_NAME;
- struct stat statbuf;
-- int changed;
-+ int changed = 0;
-
- if (stat (fname, &statbuf))
- {
- log_error ("stat'ing '%s' failed: %s\n",
- fname, gpg_strerror (gpg_error_from_syserror ()));
-- changed = 0;
- last_mtime = 1; /* Force a "changed" result the next time stat
- * works. */
- }
-- else
-+ else if (!last_mtime)
-+ last_mtime = statbuf.st_mtime;
-+ else if (last_mtime != statbuf.st_mtime)
- {
-- changed = last_mtime && (last_mtime != statbuf.st_mtime);
-+ changed = 1;
- last_mtime = statbuf.st_mtime;
- }
-+
- return changed;
- #endif
- }
diff --git a/debian/patches/0028-agent-Fix-memory-leaks.patch b/debian/patches/0028-agent-Fix-memory-leaks.patch
deleted file mode 100644
index db2c8b0..0000000
--- a/debian/patches/0028-agent-Fix-memory-leaks.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Tue, 30 May 2017 13:56:20 +0900
-Subject: agent: Fix memory leaks.
-
-* agent/divert-scd.c (ask_for_card): Free WANT_KID and WANT_SN_DISP.
-* agent/gpg-agent.c (create_server_socket): Free UNADDR.
-
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
-(cherry picked from commit 996544626ea416c173a940db47f47f9e5cbd844c)
----
- agent/divert-scd.c | 8 +++++---
- agent/gpg-agent.c | 7 ++++++-
- 2 files changed, 11 insertions(+), 4 deletions(-)
-
-diff --git a/agent/divert-scd.c b/agent/divert-scd.c
-index 153119b..88b35cd 100644
---- a/agent/divert-scd.c
-+++ b/agent/divert-scd.c
-@@ -52,6 +52,7 @@ ask_for_card (ctrl_t ctrl, const unsigned char *shadow_info, char **r_kid)
- {
- rc = gpg_error_from_syserror ();
- xfree (want_sn);
-+ xfree (want_kid);
- return rc;
- }
-
-@@ -84,6 +85,7 @@ ask_for_card (ctrl_t ctrl, const unsigned char *shadow_info, char **r_kid)
- serialno = NULL;
- if (!i)
- {
-+ xfree (want_sn_disp);
- xfree (want_sn);
- *r_kid = want_kid;
- return 0; /* yes, we have the correct card */
-@@ -122,9 +124,9 @@ ask_for_card (ctrl_t ctrl, const unsigned char *shadow_info, char **r_kid)
- else
- {
- rc = agent_get_confirmation (ctrl, desc, NULL, NULL, 0);
-- if (ctrl->pinentry_mode == PINENTRY_MODE_LOOPBACK &&
-- gpg_err_code (rc) == GPG_ERR_NO_PIN_ENTRY)
-- rc = gpg_error (GPG_ERR_CARD_NOT_PRESENT);
-+ if (ctrl->pinentry_mode == PINENTRY_MODE_LOOPBACK &&
-+ gpg_err_code (rc) == GPG_ERR_NO_PIN_ENTRY)
-+ rc = gpg_error (GPG_ERR_CARD_NOT_PRESENT);
-
- xfree (desc);
- }
-diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
-index d522f18..733987a 100644
---- a/agent/gpg-agent.c
-+++ b/agent/gpg-agent.c
-@@ -2140,6 +2140,7 @@ create_server_socket (char *name, int primary, int cygwin,
- log_error ("error preparing socket '%s': %s\n",
- name, gpg_strerror (gpg_error_from_syserror ()));
- *name = 0; /* Inhibit removal of the socket by cleanup(). */
-+ xfree (unaddr);
- agent_exit (2);
- }
- if (redirected)
-@@ -2177,6 +2178,7 @@ create_server_socket (char *name, int primary, int cygwin,
- "not starting a new one\n"));
- *name = 0; /* Inhibit removal of the socket by cleanup(). */
- assuan_sock_close (fd);
-+ xfree (unaddr);
- agent_exit (2);
- }
- gnupg_remove (unaddr->sun_path);
-@@ -2189,11 +2191,12 @@ create_server_socket (char *name, int primary, int cygwin,
- /* We use gpg_strerror here because it allows us to get strings
- for some W32 socket error codes. */
- log_error (_("error binding socket to '%s': %s\n"),
-- unaddr->sun_path,
-+ unaddr->sun_path,
- gpg_strerror (gpg_error_from_syserror ()));
-
- assuan_sock_close (fd);
- *name = 0; /* Inhibit removal of the socket by cleanup(). */
-+ xfree (unaddr);
- agent_exit (2);
- }
-
-@@ -2206,12 +2209,14 @@ create_server_socket (char *name, int primary, int cygwin,
- log_error (_("listen() failed: %s\n"), strerror (errno));
- *name = 0; /* Inhibit removal of the socket by cleanup(). */
- assuan_sock_close (fd);
-+ xfree (unaddr);
- agent_exit (2);
- }
-
- if (opt.verbose)
- log_info (_("listening on socket '%s'\n"), unaddr->sun_path);
-
-+ xfree (unaddr);
- return fd;
- }
-
diff --git a/debian/patches/0029-gpg-Fix-typos.patch b/debian/patches/0029-gpg-Fix-typos.patch
deleted file mode 100644
index f05866f..0000000
--- a/debian/patches/0029-gpg-Fix-typos.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Mon, 29 May 2017 15:23:36 +0200
-Subject: gpg: Fix typos.
-
---
-Signed-off-by: Justus Winter <justus at g10code.com>
-
-(cherry picked from commit 663e5ed0737465e79a9c877f18d93bddfd05a7a4)
----
- g10/cpr.c | 2 +-
- g10/mainproc.c | 4 ++--
- 2 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/g10/cpr.c b/g10/cpr.c
-index 3391071..1548720 100644
---- a/g10/cpr.c
-+++ b/g10/cpr.c
-@@ -73,7 +73,7 @@ status_currently_allowed (int no)
- return 1; /* Yes. */
-
- /* We allow some statis anyway, so that import statistics are
-- correct and to avoid problems if the retriebval subsystem will
-+ correct and to avoid problems if the retrieval subsystem will
- prompt the user. */
- switch (no)
- {
-diff --git a/g10/mainproc.c b/g10/mainproc.c
-index 950f214..9500081 100644
---- a/g10/mainproc.c
-+++ b/g10/mainproc.c
-@@ -845,7 +845,7 @@ proc_compressed (CTX c, PACKET *pkt)
-
- /*
- * Check the signature. If R_PK is not NULL a copy of the public key
-- * used to verify the signature will be stored tehre, or NULL if not
-+ * used to verify the signature will be stored there, or NULL if not
- * found. Returns: 0 = valid signature or an error code
- */
- static int
-@@ -1925,7 +1925,7 @@ check_sig_and_print (CTX c, kbnode_t node)
- statno = STATUS_GOODSIG;
-
- /* FIXME: We should have the public key in PK and thus the
-- * keyboock has already been fetched. Thus we could use the
-+ * keyblock has already been fetched. Thus we could use the
- * fingerprint or PK itself to lookup the entire keyblock. That
- * would best be done with a cache. */
- keyblock = get_pubkeyblock (c->ctrl, sig->keyid);
diff --git a/debian/patches/0030-scd-Handle-a-failure-of-libusb_init.patch b/debian/patches/0030-scd-Handle-a-failure-of-libusb_init.patch
deleted file mode 100644
index ed3c3f5..0000000
--- a/debian/patches/0030-scd-Handle-a-failure-of-libusb_init.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Wed, 31 May 2017 09:49:54 +0900
-Subject: scd: Handle a failure of libusb_init.
-
-* scd/ccid-driver.c (ccid_get_reader_list, ccid_dev_scan): Handle
-failure.
-
---
-
-Reported-by: Yuriy M. Kaminskiy <yumkam at gmail.com>
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
-(cherry picked from commit 5c33649782bf255af5a55f16eac5e85f059b00bf)
----
- scd/ccid-driver.c | 19 +++++++++++++++----
- 1 file changed, 15 insertions(+), 4 deletions(-)
-
-diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c
-index fbbd157..1d5e8f2 100644
---- a/scd/ccid-driver.c
-+++ b/scd/ccid-driver.c
-@@ -1228,7 +1228,12 @@ ccid_get_reader_list (void)
-
- if (!initialized_usb)
- {
-- libusb_init (NULL);
-+ int rc;
-+ if ((rc = libusb_init (NULL)))
-+ {
-+ DEBUGOUT_1 ("usb_init failed: %s.\n", libusb_error_name (rc));
-+ return NULL;
-+ }
- initialized_usb = 1;
- }
-
-@@ -1292,9 +1297,17 @@ ccid_dev_scan (int *idx_max_p, struct ccid_dev_table **t_p)
- int idx = 0;
- int err = 0;
-
-+ *idx_max_p = 0;
-+ *t_p = NULL;
-+
- if (!initialized_usb)
- {
-- libusb_init (NULL);
-+ int rc;
-+ if ((rc = libusb_init (NULL)))
-+ {
-+ DEBUGOUT_1 ("usb_init failed: %s.\n", libusb_error_name (rc));
-+ return gpg_error (GPG_ERR_NOT_FOUND);
-+ }
- initialized_usb = 1;
- }
-
-@@ -1373,8 +1386,6 @@ ccid_dev_scan (int *idx_max_p, struct ccid_dev_table **t_p)
-
- if (err)
- {
-- *idx_max_p = 0;
-- *t_p = NULL;
- for (i = 0; i < idx; i++)
- {
- free (ccid_dev_table[idx].ifcdesc_extra);
diff --git a/debian/patches/0031-scd-Fix-error-code-on-failure-at-usb_init.patch b/debian/patches/0031-scd-Fix-error-code-on-failure-at-usb_init.patch
deleted file mode 100644
index a3ace58..0000000
--- a/debian/patches/0031-scd-Fix-error-code-on-failure-at-usb_init.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Wed, 31 May 2017 10:05:36 +0900
-Subject: scd: Fix error code on failure at usb_init.
-
-* scd/ccid-driver.c (ccid_dev_scan): Return GPG_ERR_ENODEV.
-
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
-(cherry picked from commit 8defb21d34410d000c8b776e0e3a1edd04762638)
----
- scd/ccid-driver.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c
-index 1d5e8f2..ce6133f 100644
---- a/scd/ccid-driver.c
-+++ b/scd/ccid-driver.c
-@@ -1306,7 +1306,7 @@ ccid_dev_scan (int *idx_max_p, struct ccid_dev_table **t_p)
- if ((rc = libusb_init (NULL)))
- {
- DEBUGOUT_1 ("usb_init failed: %s.\n", libusb_error_name (rc));
-- return gpg_error (GPG_ERR_NOT_FOUND);
-+ return gpg_error (GPG_ERR_ENODEV);
- }
- initialized_usb = 1;
- }
diff --git a/debian/patches/0032-agent-Fix-error-from-do_encryption.patch b/debian/patches/0032-agent-Fix-error-from-do_encryption.patch
deleted file mode 100644
index 3dfc427..0000000
--- a/debian/patches/0032-agent-Fix-error-from-do_encryption.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Wed, 31 May 2017 18:42:55 +0900
-Subject: agent: Fix error from do_encryption.
-
-* agent/protect.c (do_encryption): Don't mask failure of OUTBUF
-allocation.
-
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
-(cherry picked from commit c03e0eb01dc4632432d0472a6f8051142082bea4)
----
- agent/protect.c | 31 +++++++++++++++++++------------
- 1 file changed, 19 insertions(+), 12 deletions(-)
-
-diff --git a/agent/protect.c b/agent/protect.c
-index 66c3741..18b44f1 100644
---- a/agent/protect.c
-+++ b/agent/protect.c
-@@ -381,7 +381,10 @@ do_encryption (const unsigned char *hashbegin, size_t hashlen,
- outbuf = gcry_malloc_secure (outlen);
- }
- if (!outbuf)
-- rc = out_of_core ();
-+ {
-+ rc = out_of_core ();
-+ goto leave;
-+ }
-
- /* Allocate a buffer for the nonce and the salt. */
- if (!rc)
-@@ -421,11 +424,13 @@ do_encryption (const unsigned char *hashbegin, size_t hashlen,
- }
- }
-
-+ if (rc)
-+ goto leave;
-+
- /* Set the IV/nonce. */
-- if (!rc)
-- {
-- rc = gcry_cipher_setiv (hd, iv, use_ocb? 12 : blklen);
-- }
-+ rc = gcry_cipher_setiv (hd, iv, use_ocb? 12 : blklen);
-+ if (rc)
-+ goto leave;
-
- if (use_ocb)
- {
-@@ -436,7 +441,6 @@ do_encryption (const unsigned char *hashbegin, size_t hashlen,
- if (!rc)
- rc = gcry_cipher_authenticate
- (hd, protbegin+protlen, hashlen - (protbegin+protlen - hashbegin));
--
- }
- else
- {
-@@ -500,14 +504,11 @@ do_encryption (const unsigned char *hashbegin, size_t hashlen,
- }
- }
-
-+ if (rc)
-+ goto leave;
-+
- /* Release cipher handle and check for errors. */
- gcry_cipher_close (hd);
-- if (rc)
-- {
-- xfree (iv);
-- xfree (outbuf);
-- return rc;
-- }
-
- /* Now allocate the buffer we want to return. This is
-
-@@ -546,6 +547,12 @@ do_encryption (const unsigned char *hashbegin, size_t hashlen,
- xfree (iv);
- xfree (outbuf);
- return 0;
-+
-+ leave:
-+ gcry_cipher_close (hd);
-+ xfree (iv);
-+ xfree (outbuf);
-+ return rc;
- }
-
-
diff --git a/debian/patches/0033-doc-Improve-documentation.patch b/debian/patches/0033-doc-Improve-documentation.patch
deleted file mode 100644
index 3a3a52f..0000000
--- a/debian/patches/0033-doc-Improve-documentation.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Wed, 31 May 2017 12:11:56 +0200
-Subject: doc: Improve documentation.
-
-* doc/gpgsm.texi: Mention that '--with-key-data' implies
-'--with-colons'.
-
-Signed-off-by: Justus Winter <justus at g10code.com>
-(cherry picked from commit 485b5a6e6dfe7aa545afa926e060d516ae911e42)
----
- doc/gpgsm.texi | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi
-index c3f5aac..79db177 100644
---- a/doc/gpgsm.texi
-+++ b/doc/gpgsm.texi
-@@ -564,7 +564,7 @@ Write output to @var{file}. The default is to write it to stdout.
- Displays extra information with the @code{--list-keys} commands. Especially
- a line tagged @code{grp} is printed which tells you the keygrip of a
- key. This string is for example used as the file name of the
--secret key.
-+secret key. Implies @code{--with-colons}.
-
- @anchor{gpgsm-option --with-validation}
- @item --with-validation
diff --git a/debian/patches/0034-sm-Fix-typo.patch b/debian/patches/0034-sm-Fix-typo.patch
deleted file mode 100644
index c44de67..0000000
--- a/debian/patches/0034-sm-Fix-typo.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Wed, 31 May 2017 12:12:42 +0200
-Subject: sm: Fix typo.
-
---
-Signed-off-by: Justus Winter <justus at g10code.com>
-
-(cherry picked from commit 30c71a9476fa6557ab2846f703acb625b49f1b37)
----
- sm/decrypt.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/sm/decrypt.c b/sm/decrypt.c
-index 976bd12..f8b0199 100644
---- a/sm/decrypt.c
-+++ b/sm/decrypt.c
-@@ -41,7 +41,7 @@ struct decrypt_filter_parm_s
- gcry_cipher_hd_t hd;
- char iv[16];
- size_t ivlen;
-- int any_data; /* dod we push anything through the filter at all? */
-+ int any_data; /* did we push anything through the filter at all? */
- unsigned char lastblock[16]; /* to strip the padding we have to
- keep this one */
- char helpblock[16]; /* needed because there is no block buffering in
diff --git a/debian/patches/0035-sm-Simplify-code.patch b/debian/patches/0035-sm-Simplify-code.patch
deleted file mode 100644
index 8a6fc1d..0000000
--- a/debian/patches/0035-sm-Simplify-code.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Wed, 31 May 2017 12:51:56 +0200
-Subject: sm: Simplify code.
-
-* sm/verify.c (gpgsm_verify): Simplify by using a newer gcrypt
-interface.
-
-Signed-off-by: Justus Winter <justus at g10code.com>
-(cherry picked from commit f9cb15b385f64f7c9403670f03632f81a874f213)
----
- sm/verify.c | 7 +------
- 1 file changed, 1 insertion(+), 6 deletions(-)
-
-diff --git a/sm/verify.c b/sm/verify.c
-index 6c034e6..7bdc68b 100644
---- a/sm/verify.c
-+++ b/sm/verify.c
-@@ -341,16 +341,11 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
- &msgdigest, &msgdigestlen);
- if (!rc)
- {
-- size_t is_enabled;
--
- algoid = ksba_cms_get_digest_algo (cms, signer);
- algo = gcry_md_map_name (algoid);
- if (DBG_X509)
- log_debug ("signer %d - digest algo: %d\n", signer, algo);
-- is_enabled = sizeof algo;
-- if ( gcry_md_info (data_md, GCRYCTL_IS_ALGO_ENABLED,
-- &algo, &is_enabled)
-- || !is_enabled)
-+ if (! gcry_md_is_enabled (data_md, algo))
- {
- log_error ("digest algo %d (%s) has not been enabled\n",
- algo, algoid?algoid:"");
diff --git a/debian/patches/0036-gpg-Avoid-failure-exit-when-scdaemon-is-disabled-but.patch b/debian/patches/0036-gpg-Avoid-failure-exit-when-scdaemon-is-disabled-but.patch
deleted file mode 100644
index a075013..0000000
--- a/debian/patches/0036-gpg-Avoid-failure-exit-when-scdaemon-is-disabled-but.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Mon, 5 Jun 2017 11:57:02 +0200
-Subject: gpg: Avoid failure exit when scdaemon is disabled but not needed.
-
-* g10/call-agent.c (warn_version_mismatch): Use log_info if error is
-"not supported".
---
-
-This fix may make the fix for
-GnuPG-bug-id: 3192
-even more robust.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 17e5afd80f247c356f03c71e8b61da424ffedabb)
----
- g10/call-agent.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/g10/call-agent.c b/g10/call-agent.c
-index e6dbb73..7b76933 100644
---- a/g10/call-agent.c
-+++ b/g10/call-agent.c
-@@ -194,8 +194,10 @@ warn_version_mismatch (assuan_context_t ctx, const char *servername, int mode)
-
- err = get_assuan_server_version (ctx, mode, &serverversion);
- if (err)
-- log_error (_("error getting version from '%s': %s\n"),
-- servername, gpg_strerror (err));
-+ log_log (gpg_err_code (err) == GPG_ERR_NOT_SUPPORTED?
-+ GPGRT_LOG_INFO : GPGRT_LOG_ERROR,
-+ _("error getting version from '%s': %s\n"),
-+ servername, gpg_strerror (err));
- else if (compare_version_strings (serverversion, myversion) < 0)
- {
- char *warn;
diff --git a/debian/patches/0037-gpg-Remove-dead-code.patch b/debian/patches/0037-gpg-Remove-dead-code.patch
deleted file mode 100644
index 5faa6e1..0000000
--- a/debian/patches/0037-gpg-Remove-dead-code.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From: "Neal H. Walfield" <neal at g10code.com>
-Date: Sun, 11 Jun 2017 13:58:44 +0200
-Subject: gpg: Remove dead code.
-
-* g10/gpgcompose.c (filter_pop): F->PKTTYPE will never be
-PKT_ENCRYPTED_MDC.
-(encrypted_pop): Likewise and there is no option --encrypted-mdc-pop.
-
-(cherry picked from commit 8a9066865688cf17594b2bdde4b260b0ef36d68e)
----
- g10/gpgcompose.c | 8 +-------
- 1 file changed, 1 insertion(+), 7 deletions(-)
-
-diff --git a/g10/gpgcompose.c b/g10/gpgcompose.c
-index e541cfe..a8da54c 100644
---- a/g10/gpgcompose.c
-+++ b/g10/gpgcompose.c
-@@ -81,7 +81,7 @@ filter_pop (iobuf_t out, int expected_type)
- "but current container is a %s container.\n",
- pkttype_str (f->pkttype), pkttype_str (expected_type));
-
-- if (f->pkttype == PKT_ENCRYPTED || f->pkttype == PKT_ENCRYPTED_MDC)
-+ if (f->pkttype == PKT_ENCRYPTED)
- {
- err = iobuf_pop_filter (out, f->func, f->context);
- if (err)
-@@ -2588,12 +2588,6 @@ encrypted_pop (const char *option, int argc, char *argv[], void *cookie)
- (void) argc;
- (void) argv;
-
-- if (strcmp (option, "--encrypted-pop") == 0)
-- filter_pop (out, PKT_ENCRYPTED);
-- else if (strcmp (option, "--encrypted-mdc-pop") == 0)
-- filter_pop (out, PKT_ENCRYPTED_MDC);
-- else
-- log_fatal ("%s: option not handled by this function!\n", option);
-
- debug ("Popped encryption container.\n");
-
diff --git a/debian/patches/0038-gpg-Support-gpgcompose-encrypted-pop-help.patch b/debian/patches/0038-gpg-Support-gpgcompose-encrypted-pop-help.patch
deleted file mode 100644
index 3331541..0000000
--- a/debian/patches/0038-gpg-Support-gpgcompose-encrypted-pop-help.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From: "Neal H. Walfield" <neal at g10code.com>
-Date: Sun, 11 Jun 2017 14:00:22 +0200
-Subject: gpg: Support 'gpgcompose --encrypted-pop --help'
-
-* g10/gpgcompose.c (encrypted_pop_options): New variable.
-(encrypted_pop): Support the --help option.
-
-Reported-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-(cherry picked from commit 4ddf4e114c8df06d89144e857b7601de0b7e5a7c)
----
- g10/gpgcompose.c | 24 +++++++++++++++++++++---
- 1 file changed, 21 insertions(+), 3 deletions(-)
-
-diff --git a/g10/gpgcompose.c b/g10/gpgcompose.c
-index a8da54c..49bb8af 100644
---- a/g10/gpgcompose.c
-+++ b/g10/gpgcompose.c
-@@ -2580,18 +2580,36 @@ encrypted (const char *option, int argc, char *argv[], void *cookie)
- return processed;
- }
-
-+static struct option encrypted_pop_options[] = {
-+ { NULL, NULL,
-+ "Example:\n\n"
-+ " $ gpgcompose --sk-esk PASSWORD \\\n"
-+ " --encrypted-mdc \\\n"
-+ " --literal --value foo \\\n"
-+ " --encrypted-pop | " GPG_NAME " --list-packets" }
-+};
-+
- static int
- encrypted_pop (const char *option, int argc, char *argv[], void *cookie)
- {
- iobuf_t out = cookie;
-+ int processed;
-
-- (void) argc;
-- (void) argv;
-+ processed = process_options (option,
-+ major_options,
-+ encrypted_pop_options,
-+ NULL,
-+ global_options, NULL,
-+ argc, argv);
-+ /* We only support a single option, --help, which causes the program
-+ * to exit. */
-+ log_assert (processed == 0);
-
-+ filter_pop (out, PKT_ENCRYPTED);
-
- debug ("Popped encryption container.\n");
-
-- return 0;
-+ return processed;
- }
-
- struct data
diff --git a/debian/patches/0039-gpg-Improve-some-output-of-gpgcompose.patch b/debian/patches/0039-gpg-Improve-some-output-of-gpgcompose.patch
deleted file mode 100644
index 82577ef..0000000
--- a/debian/patches/0039-gpg-Improve-some-output-of-gpgcompose.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From: "Neal H. Walfield" <neal at g10code.com>
-Date: Sun, 11 Jun 2017 14:07:02 +0200
-Subject: gpg: Improve some output of gpgcompose.
-
-(cherry picked from commit cb0484e0762a1ce05d00d949f4b70162e2f7b82c)
----
- g10/gpgcompose.c | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/g10/gpgcompose.c b/g10/gpgcompose.c
-index 49bb8af..98c04f2 100644
---- a/g10/gpgcompose.c
-+++ b/g10/gpgcompose.c
-@@ -512,7 +512,8 @@ static struct option major_options[] = {
- { "--encrypted-mdc", encrypted,
- "Create a symmetrically encrypted and integrity protected data packet." },
- { "--encrypted-pop", encrypted_pop,
-- "Pop an encryption container." },
-+ "Pop the most recent encryption container started by either"
-+ " --encrypted or --encrypted-mdc." },
- { "--compressed", NULL, "Create a compressed data packet." },
- { "--literal", literal, "Create a literal (plaintext) data packet." },
- { "--signature", signature, "Create a signature packet." },
-@@ -2534,7 +2535,9 @@ encrypted (const char *option, int argc, char *argv[], void *cookie)
- argc, argv);
-
- if (! session_key.algo)
-- log_fatal ("%s: no session key configured.\n", option);
-+ log_fatal ("%s: no session key configured\n"
-+ " (use e.g. --sk-esk PASSWORD or --pk-esk KEYID).\n",
-+ option);
-
- memset (&e, 0, sizeof (e));
- /* We only need to set E->LEN, E->EXTRALEN (if E->LEN is not
diff --git a/debian/patches/0040-gpg-Send-gpgcompose-help-output-to-stdout-not-stderr.patch b/debian/patches/0040-gpg-Send-gpgcompose-help-output-to-stdout-not-stderr.patch
deleted file mode 100644
index aa71205..0000000
--- a/debian/patches/0040-gpg-Send-gpgcompose-help-output-to-stdout-not-stderr.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From: "Neal H. Walfield" <neal at g10code.com>
-Date: Sun, 11 Jun 2017 14:10:46 +0200
-Subject: gpg: Send gpgcompose --help output to stdout, not stderr.
-
-* g10/gpgcompose.c (show_help): Send gpgcompose --help output to
-stdout, not stderr.
-
-Reported-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-(cherry picked from commit 7aeac20f12ed257d3d159b304afeeac7f406c9d2)
----
- g10/gpgcompose.c | 14 +++++++-------
- 1 file changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/g10/gpgcompose.c b/g10/gpgcompose.c
-index 98c04f2..8e29c2f 100644
---- a/g10/gpgcompose.c
-+++ b/g10/gpgcompose.c
-@@ -281,18 +281,18 @@ show_help (struct option options[])
- {
- const char *o = option[0] ? option : "ARG";
- l = strlen (o);
-- fprintf (stderr, "%s", o);
-+ fprintf (stdout, "%s", o);
- }
-
- if (! help)
- {
-- fputc ('\n', stderr);
-+ fputc ('\n', stdout);
- continue;
- }
-
- if (option)
- for (j = l; j < max_length + 2; j ++)
-- fputc (' ', stderr);
-+ fputc (' ', stdout);
-
- #define BOLD_START "\033[1m"
- #define NORMAL_RESTORE "\033[0m"
-@@ -314,7 +314,7 @@ show_help (struct option options[])
-
- if (! option)
- {
-- fprintf (stderr, "\n%s\n", formatted);
-+ printf ("\n%s\n", formatted);
- break;
- }
-
-@@ -330,10 +330,10 @@ show_help (struct option options[])
-
- if (p != formatted)
- for (j = 0; j < max_length + 2; j ++)
-- fputc (' ', stderr);
-+ fputc (' ', stdout);
-
-- fwrite (p, l, 1, stderr);
-- fputc ('\n', stderr);
-+ fwrite (p, l, 1, stdout);
-+ fputc ('\n', stdout);
- }
-
- xfree (formatted);
diff --git a/debian/patches/series b/debian/patches/series
index c223c32..ea6811b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -10,31 +10,3 @@ gpg-agent-idling/0009-agent-Allow-threads-to-interrupt-main-select-loop-wi.patch
gpg-agent-idling/0010-agent-Avoid-tight-timer-tick-when-possible.patch
gpg-agent-idling/0011-agent-Avoid-scheduled-checks-on-socket-when-inotify-.patch
skip-missing-signing-keys/0013-g10-Skip-signing-keys-where-no-secret-key-is-availab.patch
-0013-tests-Configure-the-environments-to-use-scdaemon-fro.patch
-0014-g10-Suppress-error-for-card-availability-check.patch
-0015-g10-Fix-gpgcompose.c.patch
-0016-tests-Fix-agent-teardown-in-release-builds.patch
-0017-gpgscm-Fix-checking-for-opcode-arguments.patch
-0018-docs-Point-to-https-dev.gnupg.org.patch
-0019-doc-Fix-spellings.patch
-0020-g10-Fix-default-key-selection-for-signing-possibly-b.patch
-0021-agent-Add-const-qualifier-for-read-only-table.patch
-0022-common-Support-different-digest-algorithms-for-ssh-f.patch
-0023-common-Correctly-render-SHA256-based-ssh-fingerprint.patch
-0024-agent-Write-both-ssh-fingerprints-to-sshcontrol-file.patch
-0025-agent-Make-digest-algorithms-for-ssh-fingerprints-co.patch
-0026-dirmngr-Re-init-libdns-resolver-on-towel-change-of-r.patch
-0027-dirmngr-This-towel-should-better-detect-a-changed-re.patch
-0028-agent-Fix-memory-leaks.patch
-0029-gpg-Fix-typos.patch
-0030-scd-Handle-a-failure-of-libusb_init.patch
-0031-scd-Fix-error-code-on-failure-at-usb_init.patch
-0032-agent-Fix-error-from-do_encryption.patch
-0033-doc-Improve-documentation.patch
-0034-sm-Fix-typo.patch
-0035-sm-Simplify-code.patch
-0036-gpg-Avoid-failure-exit-when-scdaemon-is-disabled-but.patch
-0037-gpg-Remove-dead-code.patch
-0038-gpg-Support-gpgcompose-encrypted-pop-help.patch
-0039-gpg-Improve-some-output-of-gpgcompose.patch
-0040-gpg-Send-gpgcompose-help-output-to-stdout-not-stderr.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list