[Pkg-gnupg-commit] [gnupg2] 01/01: more bugfixes from upstream
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Jan 4 18:21:15 UTC 2017
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit 32bae0c609cb0c6180e9405a3d6a8fb3c0dec20e
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Tue Jan 3 15:39:47 2017 -0500
more bugfixes from upstream
---
...ip-root-zone-suffix-from-libdns-cname-res.patch | 43 +++++
...ve-warning-that-DNS-is-not-routed-via-Tor.patch | 29 ++++
...e-gcc-warnings-to-detect-non-portable-cod.patch | 32 ++++
...017-Replace-use-of-variable-length-arrays.patch | 179 +++++++++++++++++++++
...-debug-message-on-correctly-initialized-l.patch | 39 +++++
...e-sure-Tor-mode-is-also-set-for-DNS-on-SI.patch | 170 +++++++++++++++++++
...dirmngr-s-allow-version-check-description.patch | 30 ++++
debian/patches/series | 7 +
8 files changed, 529 insertions(+)
diff --git a/debian/patches/0014-dirmngr-Strip-root-zone-suffix-from-libdns-cname-res.patch b/debian/patches/0014-dirmngr-Strip-root-zone-suffix-from-libdns-cname-res.patch
new file mode 100644
index 0000000..bc4cc3a
--- /dev/null
+++ b/debian/patches/0014-dirmngr-Strip-root-zone-suffix-from-libdns-cname-res.patch
@@ -0,0 +1,43 @@
+From: Werner Koch <wk at gnupg.org>
+Date: Mon, 2 Jan 2017 10:00:33 +0100
+Subject: dirmngr: Strip root zone suffix from libdns cname results.
+
+* dirmngr/dns-stuff.c (resolve_name_libdns): Strip trailing dot.
+(get_dns_cname_libdns): Ditto.
+--
+
+Signed-off-by: Werner Koch <wk at gnupg.org>
+(cherry picked from commit b200e636ab20d2aa93d9f71f3789db5a04af0a56)
+---
+ dirmngr/dns-stuff.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
+index a31b0731c..f2e1df925 100644
+--- a/dirmngr/dns-stuff.c
++++ b/dirmngr/dns-stuff.c
+@@ -732,6 +732,10 @@ resolve_name_libdns (const char *name, unsigned short port,
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
++ /* Libdns appends the root zone part which is problematic
++ * for most other functions - strip it. */
++ if (**r_canonname && (*r_canonname)[strlen (*r_canonname)-1] == '.')
++ (*r_canonname)[strlen (*r_canonname)-1] = 0;
+ }
+
+ dai = xtrymalloc (sizeof *dai + ent->ai_addrlen -1);
+@@ -1899,6 +1903,13 @@ get_dns_cname_libdns (const char *name, char **r_cname)
+ *r_cname = xtrystrdup (cname.host);
+ if (!*r_cname)
+ err = gpg_error_from_syserror ();
++ else
++ {
++ /* Libdns appends the root zone part which is problematic
++ * for most other functions - strip it. */
++ if (**r_cname && (*r_cname)[strlen (*r_cname)-1] == '.')
++ (*r_cname)[strlen (*r_cname)-1] = 0;
++ }
+
+ leave:
+ dns_free (ans);
diff --git a/debian/patches/0015-doc-Remove-warning-that-DNS-is-not-routed-via-Tor.patch b/debian/patches/0015-doc-Remove-warning-that-DNS-is-not-routed-via-Tor.patch
new file mode 100644
index 0000000..89adfaf
--- /dev/null
+++ b/debian/patches/0015-doc-Remove-warning-that-DNS-is-not-routed-via-Tor.patch
@@ -0,0 +1,29 @@
+From: Werner Koch <wk at gnupg.org>
+Date: Mon, 2 Jan 2017 10:39:59 +0100
+Subject: doc: Remove warning that DNS is not routed via Tor
+
+--
+
+Signed-off-by: Werner Koch <wk at gnupg.org>
+(cherry picked from commit 5a4a109354d53cf3673d0636731c67021d3f367a)
+---
+ doc/dirmngr.texi | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
+index 5b4e68bc8..e136dff53 100644
+--- a/doc/dirmngr.texi
++++ b/doc/dirmngr.texi
+@@ -239,10 +239,8 @@ useful for debugging.
+ @item --use-tor
+ @opindex use-tor
+ This option switches Dirmngr and thus GnuPG into ``Tor mode'' to route
+-all network access via Tor (an anonymity network). WARNING: As of now
+-this still leaks the DNS queries; e.g. to lookup the hosts in a
+-keyserver pool. Certain other features are disabled if this mode is
+-active.
++all network access via Tor (an anonymity network). Certain other
++features are disabled if this mode is active.
+
+ @item --standard-resolver
+ @opindex standard-resolver
diff --git a/debian/patches/0016-build-Enable-gcc-warnings-to-detect-non-portable-cod.patch b/debian/patches/0016-build-Enable-gcc-warnings-to-detect-non-portable-cod.patch
new file mode 100644
index 0000000..3ea836f
--- /dev/null
+++ b/debian/patches/0016-build-Enable-gcc-warnings-to-detect-non-portable-cod.patch
@@ -0,0 +1,32 @@
+From: Werner Koch <wk at gnupg.org>
+Date: Mon, 2 Jan 2017 12:59:10 +0100
+Subject: build: Enable gcc warnings to detect non-portable code.
+
+--
+
+Signed-off-by: Werner Koch <wk at gnupg.org>
+(cherry picked from commit c52930d11fcc52515fcc09a1085bf118411566a8)
+---
+ configure.ac | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index 932c741ef..237189cf9 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1575,6 +1575,15 @@ if test "$GCC" = yes; then
+ if test x"$_gcc_wopt" = xyes ; then
+ mycflags="$mycflags -Wdeclaration-after-statement"
+ fi
++
++ AC_MSG_CHECKING([if gcc supports -Wlogical-op and -Wvla])
++ CFLAGS="-Wlogical-op -Wvla"
++ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no)
++ AC_MSG_RESULT($_gcc_wopt)
++ if test x"$_gcc_wopt" = xyes ; then
++ mycflags="$mycflags -Wlogical-op -Wvla"
++ fi
++
+ else
+ mycflags="$mycflags -Wall"
+ fi
diff --git a/debian/patches/0017-Replace-use-of-variable-length-arrays.patch b/debian/patches/0017-Replace-use-of-variable-length-arrays.patch
new file mode 100644
index 0000000..3e3a2a7
--- /dev/null
+++ b/debian/patches/0017-Replace-use-of-variable-length-arrays.patch
@@ -0,0 +1,179 @@
+From: Werner Koch <wk at gnupg.org>
+Date: Mon, 2 Jan 2017 13:29:18 +0100
+Subject: Replace use of variable-length-arrays.
+
+* common/t-iobuf.c (main): Replace variable-length-array.
+* g10/gpgcompose.c (mksubpkt_callback): Ditto.
+(encrypted): Ditto.
+* g10/t-stutter.c (log_hexdump): Ditto.
+(oracle_test): Ditto.
+* g10/tofu.c (get_policy): Ditto. Use "%zu" for size_t.
+* scd/app-openpgp.c (ecc_writekey): Replace variable-length-array.
+Check for zero length OID_LEN.
+
+Signed-off-by: Werner Koch <wk at gnupg.org>
+(cherry picked from commit 6b84ecbf312d98ac8cce9fe5facdc815bc742fa1)
+---
+ common/t-iobuf.c | 6 ++++--
+ g10/gpgcompose.c | 17 ++++++++++++-----
+ g10/t-stutter.c | 17 ++++++++++-------
+ g10/tofu.c | 6 +++---
+ scd/app-openpgp.c | 14 +++++++++++++-
+ 5 files changed, 42 insertions(+), 18 deletions(-)
+
+diff --git a/common/t-iobuf.c b/common/t-iobuf.c
+index 0e6f508a5..bdeab99a4 100644
+--- a/common/t-iobuf.c
++++ b/common/t-iobuf.c
+@@ -362,10 +362,12 @@ main (int argc, char *argv[])
+ {
+ iobuf_t iobuf;
+ int rc;
+- char *content = "0123456789";
++ char content[] = "0123456789";
+ int n;
+ int c;
+- char buffer[strlen (content)];
++ char buffer[10];
++
++ assert (sizeof buffer == sizeof content - 1);
+
+ iobuf = iobuf_temp_with_content (content, strlen (content));
+ assert (iobuf);
+diff --git a/g10/gpgcompose.c b/g10/gpgcompose.c
+index 512cb450a..fafbfd274 100644
+--- a/g10/gpgcompose.c
++++ b/g10/gpgcompose.c
+@@ -1654,13 +1654,17 @@ mksubpkt_callback (PKT_signature *sig, void *cookie)
+
+ if (si->reason_for_revocation)
+ {
+- int l = 1 + strlen (si->reason_for_revocation);
+- char buf[l];
++ int len = 1 + strlen (si->reason_for_revocation);
++ char *buf;
++
++ buf = xmalloc (len);
+
+ buf[0] = si->reason_for_revocation_code;
+- memcpy (&buf[1], si->reason_for_revocation, l - 1);
++ memcpy (&buf[1], si->reason_for_revocation, len - 1);
++
++ build_sig_subpkt (sig, SIGSUBPKT_REVOC_REASON, buf, len);
+
+- build_sig_subpkt (sig, SIGSUBPKT_REVOC_REASON, buf, l);
++ xfree (buf);
+ }
+
+ if (si->features)
+@@ -2540,10 +2544,13 @@ encrypted (const char *option, int argc, char *argv[], void *cookie)
+
+ if (do_debug)
+ {
+- char buf[2 * session_key.keylen + 1];
++ char *buf;
++
++ buf = xmalloc (2 * session_key.keylen + 1);
+ debug ("session key: algo: %d; keylen: %d; key: %s\n",
+ session_key.algo, session_key.keylen,
+ bin2hex (session_key.key, session_key.keylen, buf));
++ xfree (buf);
+ }
+
+ if (strcmp (option, "--encrypted-mdc") == 0)
+diff --git a/g10/t-stutter.c b/g10/t-stutter.c
+index a2e9666bf..359cdf622 100644
+--- a/g10/t-stutter.c
++++ b/g10/t-stutter.c
+@@ -68,8 +68,8 @@ log_hexdump (byte *buffer, int length)
+ {
+ int have = length > 16 ? 16 : length;
+ int i;
+- char formatted[2 * have + 1];
+- char text[have + 1];
++ char formatted[2 * 16 + 1];
++ char text[16 + 1];
+
+ fprintf (stderr, "%-8d ", written);
+ bin2hex (buffer, have, formatted);
+@@ -87,10 +87,12 @@ log_hexdump (byte *buffer, int length)
+ }
+
+ for (i = 0; i < have; i ++)
+- if (isprint (buffer[i]))
+- text[i] = buffer[i];
+- else
+- text[i] = '.';
++ {
++ if (isprint (buffer[i]))
++ text[i] = buffer[i];
++ else
++ text[i] = '.';
++ }
+ text[i] = 0;
+
+ fprintf (stderr, " ");
+@@ -347,8 +349,9 @@ oracle (int debug, byte *ciphertext, int len, byte **plaintextp, byte **cfbp)
+ static int
+ oracle_test (unsigned int d, int b, int debug)
+ {
+- byte probe[blocksize + 2];
++ byte probe[32 + 2];
+
++ log_assert (blocksize + 2 <= sizeof probe);
+ log_assert (d < 256 * 256);
+
+ if (b == 1)
+diff --git a/g10/tofu.c b/g10/tofu.c
+index 2bded9e8d..8d535fa6c 100644
+--- a/g10/tofu.c
++++ b/g10/tofu.c
+@@ -2457,16 +2457,16 @@ get_policy (tofu_dbs_t dbs, PKT_public_key *pk,
+ /* See if the key is signed by an ultimately trusted key. */
+ {
+ int fingerprint_raw_len = strlen (fingerprint) / 2;
+- char fingerprint_raw[fingerprint_raw_len];
++ char fingerprint_raw[20];
+ int len = 0;
+
+- if (fingerprint_raw_len != 20
++ if (fingerprint_raw_len != sizeof fingerprint_raw
+ || ((len = hex2bin (fingerprint,
+ fingerprint_raw, fingerprint_raw_len))
+ != strlen (fingerprint)))
+ {
+ if (DBG_TRUST)
+- log_debug ("TOFU: Bad fingerprint: %s (len: %zd, parsed: %d)\n",
++ log_debug ("TOFU: Bad fingerprint: %s (len: %zu, parsed: %d)\n",
+ fingerprint, strlen (fingerprint), len);
+ }
+ else
+diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
+index 5fa4fd294..4d8b1bc9e 100644
+--- a/scd/app-openpgp.c
++++ b/scd/app-openpgp.c
+@@ -3580,11 +3580,23 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
+ {
+ if (app->app_local->extcap.algo_attr_change)
+ {
+- unsigned char keyattr[oid_len];
++ unsigned char *keyattr;
+
++ if (!oid_len)
++ {
++ err = gpg_error (GPG_ERR_INTERNAL);
++ goto leave;
++ }
++ keyattr = xtrymalloc (oid_len);
++ if (!keyattr)
++ {
++ err = gpg_error_from_syserror ();
++ goto leave;
++ }
+ keyattr[0] = algo;
+ memcpy (keyattr+1, oidbuf+1, oid_len-1);
+ err = change_keyattr (app, keyno, keyattr, oid_len, pincb, pincb_arg);
++ xfree (keyattr);
+ if (err)
+ goto leave;
+ }
diff --git a/debian/patches/0018-dirmngr-New-debug-message-on-correctly-initialized-l.patch b/debian/patches/0018-dirmngr-New-debug-message-on-correctly-initialized-l.patch
new file mode 100644
index 0000000..927f7e3
--- /dev/null
+++ b/debian/patches/0018-dirmngr-New-debug-message-on-correctly-initialized-l.patch
@@ -0,0 +1,39 @@
+From: Werner Koch <wk at gnupg.org>
+Date: Mon, 2 Jan 2017 15:47:24 +0100
+Subject: dirmngr: New debug message on correctly initialized libdns.
+
+* dirmngr/dns-stuff.c (libdns_init): Add debug level diagnostic on
+success.
+--
+
+This output may help to avoid questions when evaluating an Assuan log.
+
+Signed-off-by: Werner Koch <wk at gnupg.org>
+(cherry picked from commit 0004d52ba2f1245c84f95a151342ad99fd72ca3d)
+---
+ dirmngr/dns-stuff.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
+index f2e1df925..cf8cefb2e 100644
+--- a/dirmngr/dns-stuff.c
++++ b/dirmngr/dns-stuff.c
+@@ -507,6 +507,9 @@ libdns_init (void)
+ /* All fine. Make the data global. */
+ libdns = ld;
+
++ if (opt_debug)
++ log_debug ("dns: libdns initialized%s\n", tor_mode?" (tor mode)":"");
++
+ leave:
+ xfree (cfgstr);
+ return err;
+@@ -595,7 +598,7 @@ libdns_res_open (struct dns_resolver **r_res)
+
+
+ #ifdef USE_LIBDNS
+-/* Helper to test whether we need totry again after having swicthed
++/* Helper to test whether we need to try again after having switched
+ * the Tor port. */
+ static int
+ libdns_switch_port_p (gpg_error_t err)
diff --git a/debian/patches/0019-dirmngr-Make-sure-Tor-mode-is-also-set-for-DNS-on-SI.patch b/debian/patches/0019-dirmngr-Make-sure-Tor-mode-is-also-set-for-DNS-on-SI.patch
new file mode 100644
index 0000000..2c02c2e
--- /dev/null
+++ b/debian/patches/0019-dirmngr-Make-sure-Tor-mode-is-also-set-for-DNS-on-SI.patch
@@ -0,0 +1,170 @@
+From: Werner Koch <wk at gnupg.org>
+Date: Tue, 3 Jan 2017 12:03:28 +0100
+Subject: dirmngr: Make sure Tor mode is also set for DNS on SIGHUP.
+
+* dirmngr/dns-stuff.c (enable_dns_tormode): Always succeed.
+(reload_dns_stuff): Reset tor port.
+* dirmngr/dirmngr.c (set_tor_mode): Also enable Tor mode for DNS.
+(main): Remove warning that Tor mode may not fully work.
+* dirmngr/server.c (cmd_dns_cert): Remove explicit Tor for DNS
+initialization.
+* dirmngr/t-dns-stuff.c (main): Remove option --new-circuit and error
+checking for enable_dns_tormode.
+--
+
+This patch also resets the port on SIGHUP so that after starting Tor
+SIGHUP is sufficient to use Tor. Without the SIGHUP and when not
+using the Tor browser Dirmngr would keep on trying the Tor browser
+port.
+
+Signed-off-by: Werner Koch <wk at gnupg.org>
+(cherry picked from commit 969512401603639e4467ede7d892f1b02582c2c9)
+---
+ dirmngr/dirmngr.c | 10 +++-------
+ dirmngr/dns-stuff.c | 12 +++++++-----
+ dirmngr/dns-stuff.h | 6 +++---
+ dirmngr/server.c | 7 -------
+ dirmngr/t-dns-stuff.c | 16 +---------------
+ 5 files changed, 14 insertions(+), 37 deletions(-)
+
+diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
+index 0b8bb02e6..5abfe78c6 100644
+--- a/dirmngr/dirmngr.c
++++ b/dirmngr/dirmngr.c
+@@ -474,6 +474,9 @@ set_tor_mode (void)
+ {
+ if (opt.use_tor)
+ {
++ /* Enable Tor mode and when called again force a new curcuit
++ * (e.g. on SIGHUP). */
++ enable_dns_tormode (1);
+ if (assuan_sock_set_flag (ASSUAN_INVALID_FD, "tor-mode", 1))
+ {
+ log_error ("error enabling Tor mode: %s\n", strerror (errno));
+@@ -912,13 +915,6 @@ main (int argc, char **argv)
+ log_info ("NOTE: this is a development version!\n");
+ #endif
+
+- if (opt.use_tor)
+- {
+- log_info ("WARNING: ***************************************\n");
+- log_info ("WARNING: Tor mode (--use-tor) MAY NOT FULLY WORK!\n");
+- log_info ("WARNING: ***************************************\n");
+- }
+-
+ /* Print a warning if an argument looks like an option. */
+ if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN))
+ {
+diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
+index cf8cefb2e..e32e1e3e1 100644
+--- a/dirmngr/dns-stuff.c
++++ b/dirmngr/dns-stuff.c
+@@ -199,9 +199,9 @@ recursive_resolver_p (void)
+ }
+
+
+-/* Sets the module in Tor mode. Returns 0 is this is possible or an
+- error code. */
+-gpg_error_t
++/* Puts this module eternally into Tor mode. When called agained with
++ * NEW_CIRCUIT request a new TOR circuit for the next DNS query. */
++void
+ enable_dns_tormode (int new_circuit)
+ {
+ if (!*tor_socks_user || new_circuit)
+@@ -215,7 +215,6 @@ enable_dns_tormode (int new_circuit)
+ counter++;
+ }
+ tor_mode = 1;
+- return 0;
+ }
+
+
+@@ -548,7 +547,10 @@ reload_dns_stuff (int force)
+ libdns_reinit_pending = 0;
+ }
+ else
+- libdns_reinit_pending = 1;
++ {
++ libdns_reinit_pending = 1;
++ libdns_tor_port = 0; /* Start again with the default port. */
++ }
+ #else
+ (void)force;
+ #endif
+diff --git a/dirmngr/dns-stuff.h b/dirmngr/dns-stuff.h
+index 0a4a4de2f..eb7fe7246 100644
+--- a/dirmngr/dns-stuff.h
++++ b/dirmngr/dns-stuff.h
+@@ -113,9 +113,9 @@ void enable_recursive_resolver (int yes);
+ /* Return true iff the recursive resolver is used. */
+ int recursive_resolver_p (void);
+
+-/* Calling this function switches the DNS code into Tor mode if
+- possibe. Return 0 on success. */
+-gpg_error_t enable_dns_tormode (int new_circuit);
++/* Put this module eternally into Tor mode. When called agained with
++ * NEW_CIRCUIT request a new TOR circuit for the next DNS query. */
++void enable_dns_tormode (int new_circuit);
+
+ /* Change the default IP address of the nameserver to IPADDR. The
+ address needs to be a numerical IP address and will be used for the
+diff --git a/dirmngr/server.c b/dirmngr/server.c
+index a785238dc..28c2cd428 100644
+--- a/dirmngr/server.c
++++ b/dirmngr/server.c
+@@ -709,13 +709,6 @@ cmd_dns_cert (assuan_context_t ctx, char *line)
+ }
+ }
+
+- if (opt.use_tor && (err = enable_dns_tormode (0)))
+- {
+- /* Tor mode is requested but the DNS code can't enable it. */
+- assuan_set_error (ctx, err, "error enabling Tor mode");
+- goto leave;
+- }
+-
+ if (pka_mode || dane_mode)
+ {
+ char *domain; /* Points to mbox. */
+diff --git a/dirmngr/t-dns-stuff.c b/dirmngr/t-dns-stuff.c
+index b087b5ead..bc4ca9a51 100644
+--- a/dirmngr/t-dns-stuff.c
++++ b/dirmngr/t-dns-stuff.c
+@@ -51,7 +51,6 @@ main (int argc, char **argv)
+ gpg_error_t err;
+ int any_options = 0;
+ int opt_tor = 0;
+- int opt_new_circuit = 0;
+ int opt_cert = 0;
+ int opt_srv = 0;
+ int opt_bracket = 0;
+@@ -103,11 +102,6 @@ main (int argc, char **argv)
+ opt_tor = 1;
+ argc--; argv++;
+ }
+- else if (!strcmp (*argv, "--new-circuit"))
+- {
+- opt_new_circuit = 1;
+- argc--; argv++;
+- }
+ else if (!strcmp (*argv, "--standard-resolver"))
+ {
+ enable_standard_resolver (1);
+@@ -171,15 +165,7 @@ main (int argc, char **argv)
+ init_sockets ();
+
+ if (opt_tor)
+- {
+- err = enable_dns_tormode (opt_new_circuit);
+- if (err)
+- {
+- fprintf (stderr, "error switching into Tor mode: %s\n",
+- gpg_strerror (err));
+- exit (1);
+- }
+- }
++ enable_dns_tormode (0);
+
+ if (opt_cert)
+ {
diff --git a/debian/patches/0020-doc-Extend-dirmngr-s-allow-version-check-description.patch b/debian/patches/0020-doc-Extend-dirmngr-s-allow-version-check-description.patch
new file mode 100644
index 0000000..1ca5f4f
--- /dev/null
+++ b/debian/patches/0020-doc-Extend-dirmngr-s-allow-version-check-description.patch
@@ -0,0 +1,30 @@
+From: Werner Koch <wk at gnupg.org>
+Date: Tue, 3 Jan 2017 13:12:25 +0100
+Subject: doc: Extend dirmngr's --allow-version-check description
+
+--
+
+(cherry picked from commit 293a55bacdacec4501af3a396b14fd32e404e39e)
+---
+ doc/dirmngr.texi | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
+index e136dff53..fc617d81d 100644
+--- a/doc/dirmngr.texi
++++ b/doc/dirmngr.texi
+@@ -264,7 +264,13 @@ the list of current software versions. If this option is enabled, or
+ if @option{use-tor} is active, the list is retrieved when the local
+ copy does not exist or is older than 5 to 7 days. See the option
+ @option{--query-swdb} of the command @command{gpgconf} for more
+-details.
++details. Note, that regardless of this option a version check can
++always be triggered using this command:
++
++ at example
++ gpg-connect-agent --dirmngr 'loadswdb --force' /bye
++ at end example
++
+
+ @item --keyserver @var{name}
+ @opindex keyserver
diff --git a/debian/patches/series b/debian/patches/series
index 7d8bc13..100d01f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -11,3 +11,10 @@ gpg-agent-idling/0003-agent-Avoid-tight-timer-tick-when-possible.patch
gpg-agent-idling/0004-agent-Avoid-scheduled-checks-on-socket-when-inotify-.patch
0012-gpgscm-Guard-use-of-union-member.patch
0013-dirmngr-Fix-for-disable-libdns-usage.patch
+0014-dirmngr-Strip-root-zone-suffix-from-libdns-cname-res.patch
+0015-doc-Remove-warning-that-DNS-is-not-routed-via-Tor.patch
+0016-build-Enable-gcc-warnings-to-detect-non-portable-cod.patch
+0017-Replace-use-of-variable-length-arrays.patch
+0018-dirmngr-New-debug-message-on-correctly-initialized-l.patch
+0019-dirmngr-Make-sure-Tor-mode-is-also-set-for-DNS-on-SI.patch
+0020-doc-Extend-dirmngr-s-allow-version-check-description.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list