[Pkg-gnupg-commit] [gnupg2] 113/116: remove patches already upstream
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Jan 24 04:41:04 UTC 2017
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit 4c977f0eeb95fef7fcdedd47e71cbc0de0a510f2
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Mon Jan 23 23:00:26 2017 -0500
remove patches already upstream
---
.../0012-gpgscm-Guard-use-of-union-member.patch | 27 --
...0013-dirmngr-Fix-for-disable-libdns-usage.patch | 74 ----
...ip-root-zone-suffix-from-libdns-cname-res.patch | 43 --
...ve-warning-that-DNS-is-not-routed-via-Tor.patch | 29 --
...e-gcc-warnings-to-detect-non-portable-cod.patch | 32 --
...017-Replace-use-of-variable-length-arrays.patch | 179 --------
...-debug-message-on-correctly-initialized-l.patch | 39 --
...e-sure-Tor-mode-is-also-set-for-DNS-on-SI.patch | 170 --------
...dirmngr-s-allow-version-check-description.patch | 30 --
...ease-announcement-pointers-to-NEWS-entrie.patch | 460 ---------------------
.../0022-g10-avoid-warning-when-disable-tofu.patch | 27 --
...ion-gpgv-in-the-description-of-gpg-verify.patch | 30 --
.../0024-Silence-two-Wlogical-op-warnings.patch | 48 ---
...doc-Document-summary-values-of-TOFU_STATS.patch | 36 --
...ip-root-zone-suffix-from-libdns-SRV-resul.patch | 30 --
...27-dirmngr-Change-internal-SRV-lookup-API.patch | 169 --------
...0028-dirmngr-Improve-debug-output-for-TLS.patch | 38 --
...lement-experimental-SRV-record-lookup-for.patch | 145 -------
.../0030-doc-Update-man-page-for-watchgnupg.patch | 98 -----
...not-use-a-SRV-record-for-HKP-if-a-port-wa.patch | 197 ---------
...-pgpkey-hkps-and-pgpkey-hkp-for-SRV-recor.patch | 124 ------
debian/patches/0033-common-Fix-fallback-code.patch | 41 --
...x-memory-leaks-and-improve-error-handling.patch | 151 -------
debian/patches/0035-doc-Mention-dirmngr.conf.patch | 50 ---
...n-Avoid-unnecessary-ambiguity-in-argparse.patch | 34 --
...r-Enable-systemctl-user-reload-dirmngr-gp.patch | 36 --
...common-New-function-log_debug_with_string.patch | 273 ------------
.../0039-dirmngr-Add-debug-code-to-http.c.patch | 237 -----------
...r-Implement-debug-option-network-for-http.patch | 44 --
...ove-warnings-about-unused-global-variable.patch | 40 --
...2-dirmngr-Fix-Tor-access-for-v6-addresses.patch | 107 -----
.../0043-dirmngr-Mark-hosts-dead-on-ENETDOWN.patch | 40 --
...er-a-connection-failure-log-a-hint-if-Tor.patch | 35 --
...045-libdns-Provide-replacement-for-EPROTO.patch | 32 --
...nce-Wstrict-prototypes-on-some-function-p.patch | 43 --
...build-Make-autogen.sh-more-POSIX-friendly.patch | 40 --
...Rename-a-var-to-avoid-a-shadowing-warning.patch | 42 --
...e-autogen.sh-more-POSIX-friendly-next-try.patch | 27 --
...-URL-creation-for-literal-IPv6-addresses-.patch | 205 ---------
...id-network-queries-for-literal-IP-address.patch | 36 --
...ngr-Allow-reverse-DNS-lookups-in-Tor-mode.patch | 272 ------------
...lement-hkps-lookups-using-literal-address.patch | 61 ---
...-some-key-cleaning-function-for-use-with-.patch | 97 -----
...n-Remove-unused-function-tty_print_string.patch | 181 --------
...-print-of-additional-sig-data-in-edit-key.patch | 232 -----------
...-bogus-subkey-binding-when-cleaning-a-key.patch | 80 ----
...ndle-packages-with-dashes-in-find-version.patch | 86 ----
.../0059-gpg-Remove-unused-definitions.patch | 61 ---
...conf-Allow-all-for-launch-kill-and-reload.patch | 134 ------
...educe-sleep-time-in-the-progress-callback.patch | 42 --
.../0062-common-Fix-flushing-copy-buffers.patch | 68 ---
debian/patches/series | 51 ---
52 files changed, 4903 deletions(-)
diff --git a/debian/patches/0012-gpgscm-Guard-use-of-union-member.patch b/debian/patches/0012-gpgscm-Guard-use-of-union-member.patch
deleted file mode 100644
index f44bfe6..0000000
--- a/debian/patches/0012-gpgscm-Guard-use-of-union-member.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Wed, 21 Dec 2016 16:14:45 +0100
-Subject: gpgscm: Guard use of union member.
-
-* tests/gpgscm/scheme.c (opexe_5): Check that we have a file port
-before accessing filename. Fixes a crash on 32-bit architectures.
-
-Fixes-commit: e7429b1ced0c69fa7901f888f8dc25f00fc346a4
-Signed-off-by: Justus Winter <justus at g10code.com>
-(cherry picked from commit 6e96cdd41a0e55b672309431062f37c4a4a9f485)
----
- tests/gpgscm/scheme.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c
-index a5b7691fb..284454557 100644
---- a/tests/gpgscm/scheme.c
-+++ b/tests/gpgscm/scheme.c
-@@ -4838,7 +4838,7 @@ static pointer opexe_5(scheme *sc, enum scheme_opcodes op) {
- } else {
- sc->nesting_stack[sc->file_i]++;
- #if USE_TAGS && SHOW_ERROR_LINE
-- {
-+ if (sc->load_stack[sc->file_i].kind & port_file) {
- const char *filename =
- sc->load_stack[sc->file_i].rep.stdio.filename;
- int lineno =
diff --git a/debian/patches/0013-dirmngr-Fix-for-disable-libdns-usage.patch b/debian/patches/0013-dirmngr-Fix-for-disable-libdns-usage.patch
deleted file mode 100644
index b429d8e..0000000
--- a/debian/patches/0013-dirmngr-Fix-for-disable-libdns-usage.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Fri, 23 Dec 2016 16:05:01 +0900
-Subject: dirmngr: Fix for --disable-libdns usage.
-
-* dirmngr/dns-stuff.c (enable_recursive_resolver, set_dns_nameserver)
-(reload_dns_stuff): Conditionalize with USE_LIBDNS.
-(get_h_errno_as_gpg_error): Map HOST_NOT_FOUND to GPG_ERR_NO_NAME.
-
---
-
-get_dns_srv assumes error code of GPG_ERR_NO_NAME when no SRV record
-available.
-
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
-GnuPG-bug-id: 2889
-(cherry picked from commit d26c51825e2255fe58305cbc1cd74fa43f80d93e)
----
- dirmngr/dns-stuff.c | 12 +++++++++---
- 1 file changed, 9 insertions(+), 3 deletions(-)
-
-diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
-index 491fccefd..a31b0731c 100644
---- a/dirmngr/dns-stuff.c
-+++ b/dirmngr/dns-stuff.c
-@@ -181,7 +181,9 @@ void
- enable_recursive_resolver (int yes)
- {
- recursive_resolver = yes;
-+#ifdef USE_LIBDNS
- libdns_reinit_pending = 1;
-+#endif
- }
-
-
-@@ -251,8 +253,10 @@ set_dns_nameserver (const char *ipaddr)
- strncpy (tor_nameserver, ipaddr? ipaddr : DEFAULT_NAMESERVER,
- sizeof tor_nameserver -1);
- tor_nameserver[sizeof tor_nameserver -1] = 0;
-+#ifdef USE_LIBDNS
- libdns_reinit_pending = 1;
- libdns_tor_port = 0; /* Start again with the default port. */
-+#endif
- }
-
-
-@@ -278,7 +282,7 @@ get_h_errno_as_gpg_error (void)
-
- switch (h_errno)
- {
-- case HOST_NOT_FOUND: ec = GPG_ERR_UNKNOWN_HOST; break;
-+ case HOST_NOT_FOUND: ec = GPG_ERR_NO_NAME; break;
- case TRY_AGAIN: ec = GPG_ERR_TRY_LATER; break;
- case NO_RECOVERY: ec = GPG_ERR_SERVER_FAILED; break;
- case NO_DATA: ec = GPG_ERR_NO_DATA; break;
-@@ -534,15 +538,17 @@ libdns_deinit (void)
- void
- reload_dns_stuff (int force)
- {
-+#ifdef USE_LIBDNS
- if (force)
- {
--#ifdef USE_LIBDNS
- libdns_deinit ();
--#endif
- libdns_reinit_pending = 0;
- }
- else
- libdns_reinit_pending = 1;
-+#else
-+ (void)force;
-+#endif
- }
-
-
diff --git a/debian/patches/0014-dirmngr-Strip-root-zone-suffix-from-libdns-cname-res.patch b/debian/patches/0014-dirmngr-Strip-root-zone-suffix-from-libdns-cname-res.patch
deleted file mode 100644
index bc4cc3a..0000000
--- a/debian/patches/0014-dirmngr-Strip-root-zone-suffix-from-libdns-cname-res.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Mon, 2 Jan 2017 10:00:33 +0100
-Subject: dirmngr: Strip root zone suffix from libdns cname results.
-
-* dirmngr/dns-stuff.c (resolve_name_libdns): Strip trailing dot.
-(get_dns_cname_libdns): Ditto.
---
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit b200e636ab20d2aa93d9f71f3789db5a04af0a56)
----
- dirmngr/dns-stuff.c | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
-index a31b0731c..f2e1df925 100644
---- a/dirmngr/dns-stuff.c
-+++ b/dirmngr/dns-stuff.c
-@@ -732,6 +732,10 @@ resolve_name_libdns (const char *name, unsigned short port,
- err = gpg_error_from_syserror ();
- goto leave;
- }
-+ /* Libdns appends the root zone part which is problematic
-+ * for most other functions - strip it. */
-+ if (**r_canonname && (*r_canonname)[strlen (*r_canonname)-1] == '.')
-+ (*r_canonname)[strlen (*r_canonname)-1] = 0;
- }
-
- dai = xtrymalloc (sizeof *dai + ent->ai_addrlen -1);
-@@ -1899,6 +1903,13 @@ get_dns_cname_libdns (const char *name, char **r_cname)
- *r_cname = xtrystrdup (cname.host);
- if (!*r_cname)
- err = gpg_error_from_syserror ();
-+ else
-+ {
-+ /* Libdns appends the root zone part which is problematic
-+ * for most other functions - strip it. */
-+ if (**r_cname && (*r_cname)[strlen (*r_cname)-1] == '.')
-+ (*r_cname)[strlen (*r_cname)-1] = 0;
-+ }
-
- leave:
- dns_free (ans);
diff --git a/debian/patches/0015-doc-Remove-warning-that-DNS-is-not-routed-via-Tor.patch b/debian/patches/0015-doc-Remove-warning-that-DNS-is-not-routed-via-Tor.patch
deleted file mode 100644
index 89adfaf..0000000
--- a/debian/patches/0015-doc-Remove-warning-that-DNS-is-not-routed-via-Tor.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Mon, 2 Jan 2017 10:39:59 +0100
-Subject: doc: Remove warning that DNS is not routed via Tor
-
---
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 5a4a109354d53cf3673d0636731c67021d3f367a)
----
- doc/dirmngr.texi | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
-index 5b4e68bc8..e136dff53 100644
---- a/doc/dirmngr.texi
-+++ b/doc/dirmngr.texi
-@@ -239,10 +239,8 @@ useful for debugging.
- @item --use-tor
- @opindex use-tor
- This option switches Dirmngr and thus GnuPG into ``Tor mode'' to route
--all network access via Tor (an anonymity network). WARNING: As of now
--this still leaks the DNS queries; e.g. to lookup the hosts in a
--keyserver pool. Certain other features are disabled if this mode is
--active.
-+all network access via Tor (an anonymity network). Certain other
-+features are disabled if this mode is active.
-
- @item --standard-resolver
- @opindex standard-resolver
diff --git a/debian/patches/0016-build-Enable-gcc-warnings-to-detect-non-portable-cod.patch b/debian/patches/0016-build-Enable-gcc-warnings-to-detect-non-portable-cod.patch
deleted file mode 100644
index 3ea836f..0000000
--- a/debian/patches/0016-build-Enable-gcc-warnings-to-detect-non-portable-cod.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Mon, 2 Jan 2017 12:59:10 +0100
-Subject: build: Enable gcc warnings to detect non-portable code.
-
---
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit c52930d11fcc52515fcc09a1085bf118411566a8)
----
- configure.ac | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/configure.ac b/configure.ac
-index 932c741ef..237189cf9 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -1575,6 +1575,15 @@ if test "$GCC" = yes; then
- if test x"$_gcc_wopt" = xyes ; then
- mycflags="$mycflags -Wdeclaration-after-statement"
- fi
-+
-+ AC_MSG_CHECKING([if gcc supports -Wlogical-op and -Wvla])
-+ CFLAGS="-Wlogical-op -Wvla"
-+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no)
-+ AC_MSG_RESULT($_gcc_wopt)
-+ if test x"$_gcc_wopt" = xyes ; then
-+ mycflags="$mycflags -Wlogical-op -Wvla"
-+ fi
-+
- else
- mycflags="$mycflags -Wall"
- fi
diff --git a/debian/patches/0017-Replace-use-of-variable-length-arrays.patch b/debian/patches/0017-Replace-use-of-variable-length-arrays.patch
deleted file mode 100644
index 3e3a2a7..0000000
--- a/debian/patches/0017-Replace-use-of-variable-length-arrays.patch
+++ /dev/null
@@ -1,179 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Mon, 2 Jan 2017 13:29:18 +0100
-Subject: Replace use of variable-length-arrays.
-
-* common/t-iobuf.c (main): Replace variable-length-array.
-* g10/gpgcompose.c (mksubpkt_callback): Ditto.
-(encrypted): Ditto.
-* g10/t-stutter.c (log_hexdump): Ditto.
-(oracle_test): Ditto.
-* g10/tofu.c (get_policy): Ditto. Use "%zu" for size_t.
-* scd/app-openpgp.c (ecc_writekey): Replace variable-length-array.
-Check for zero length OID_LEN.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 6b84ecbf312d98ac8cce9fe5facdc815bc742fa1)
----
- common/t-iobuf.c | 6 ++++--
- g10/gpgcompose.c | 17 ++++++++++++-----
- g10/t-stutter.c | 17 ++++++++++-------
- g10/tofu.c | 6 +++---
- scd/app-openpgp.c | 14 +++++++++++++-
- 5 files changed, 42 insertions(+), 18 deletions(-)
-
-diff --git a/common/t-iobuf.c b/common/t-iobuf.c
-index 0e6f508a5..bdeab99a4 100644
---- a/common/t-iobuf.c
-+++ b/common/t-iobuf.c
-@@ -362,10 +362,12 @@ main (int argc, char *argv[])
- {
- iobuf_t iobuf;
- int rc;
-- char *content = "0123456789";
-+ char content[] = "0123456789";
- int n;
- int c;
-- char buffer[strlen (content)];
-+ char buffer[10];
-+
-+ assert (sizeof buffer == sizeof content - 1);
-
- iobuf = iobuf_temp_with_content (content, strlen (content));
- assert (iobuf);
-diff --git a/g10/gpgcompose.c b/g10/gpgcompose.c
-index 512cb450a..fafbfd274 100644
---- a/g10/gpgcompose.c
-+++ b/g10/gpgcompose.c
-@@ -1654,13 +1654,17 @@ mksubpkt_callback (PKT_signature *sig, void *cookie)
-
- if (si->reason_for_revocation)
- {
-- int l = 1 + strlen (si->reason_for_revocation);
-- char buf[l];
-+ int len = 1 + strlen (si->reason_for_revocation);
-+ char *buf;
-+
-+ buf = xmalloc (len);
-
- buf[0] = si->reason_for_revocation_code;
-- memcpy (&buf[1], si->reason_for_revocation, l - 1);
-+ memcpy (&buf[1], si->reason_for_revocation, len - 1);
-+
-+ build_sig_subpkt (sig, SIGSUBPKT_REVOC_REASON, buf, len);
-
-- build_sig_subpkt (sig, SIGSUBPKT_REVOC_REASON, buf, l);
-+ xfree (buf);
- }
-
- if (si->features)
-@@ -2540,10 +2544,13 @@ encrypted (const char *option, int argc, char *argv[], void *cookie)
-
- if (do_debug)
- {
-- char buf[2 * session_key.keylen + 1];
-+ char *buf;
-+
-+ buf = xmalloc (2 * session_key.keylen + 1);
- debug ("session key: algo: %d; keylen: %d; key: %s\n",
- session_key.algo, session_key.keylen,
- bin2hex (session_key.key, session_key.keylen, buf));
-+ xfree (buf);
- }
-
- if (strcmp (option, "--encrypted-mdc") == 0)
-diff --git a/g10/t-stutter.c b/g10/t-stutter.c
-index a2e9666bf..359cdf622 100644
---- a/g10/t-stutter.c
-+++ b/g10/t-stutter.c
-@@ -68,8 +68,8 @@ log_hexdump (byte *buffer, int length)
- {
- int have = length > 16 ? 16 : length;
- int i;
-- char formatted[2 * have + 1];
-- char text[have + 1];
-+ char formatted[2 * 16 + 1];
-+ char text[16 + 1];
-
- fprintf (stderr, "%-8d ", written);
- bin2hex (buffer, have, formatted);
-@@ -87,10 +87,12 @@ log_hexdump (byte *buffer, int length)
- }
-
- for (i = 0; i < have; i ++)
-- if (isprint (buffer[i]))
-- text[i] = buffer[i];
-- else
-- text[i] = '.';
-+ {
-+ if (isprint (buffer[i]))
-+ text[i] = buffer[i];
-+ else
-+ text[i] = '.';
-+ }
- text[i] = 0;
-
- fprintf (stderr, " ");
-@@ -347,8 +349,9 @@ oracle (int debug, byte *ciphertext, int len, byte **plaintextp, byte **cfbp)
- static int
- oracle_test (unsigned int d, int b, int debug)
- {
-- byte probe[blocksize + 2];
-+ byte probe[32 + 2];
-
-+ log_assert (blocksize + 2 <= sizeof probe);
- log_assert (d < 256 * 256);
-
- if (b == 1)
-diff --git a/g10/tofu.c b/g10/tofu.c
-index 2bded9e8d..8d535fa6c 100644
---- a/g10/tofu.c
-+++ b/g10/tofu.c
-@@ -2457,16 +2457,16 @@ get_policy (tofu_dbs_t dbs, PKT_public_key *pk,
- /* See if the key is signed by an ultimately trusted key. */
- {
- int fingerprint_raw_len = strlen (fingerprint) / 2;
-- char fingerprint_raw[fingerprint_raw_len];
-+ char fingerprint_raw[20];
- int len = 0;
-
-- if (fingerprint_raw_len != 20
-+ if (fingerprint_raw_len != sizeof fingerprint_raw
- || ((len = hex2bin (fingerprint,
- fingerprint_raw, fingerprint_raw_len))
- != strlen (fingerprint)))
- {
- if (DBG_TRUST)
-- log_debug ("TOFU: Bad fingerprint: %s (len: %zd, parsed: %d)\n",
-+ log_debug ("TOFU: Bad fingerprint: %s (len: %zu, parsed: %d)\n",
- fingerprint, strlen (fingerprint), len);
- }
- else
-diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
-index 5fa4fd294..4d8b1bc9e 100644
---- a/scd/app-openpgp.c
-+++ b/scd/app-openpgp.c
-@@ -3580,11 +3580,23 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
- {
- if (app->app_local->extcap.algo_attr_change)
- {
-- unsigned char keyattr[oid_len];
-+ unsigned char *keyattr;
-
-+ if (!oid_len)
-+ {
-+ err = gpg_error (GPG_ERR_INTERNAL);
-+ goto leave;
-+ }
-+ keyattr = xtrymalloc (oid_len);
-+ if (!keyattr)
-+ {
-+ err = gpg_error_from_syserror ();
-+ goto leave;
-+ }
- keyattr[0] = algo;
- memcpy (keyattr+1, oidbuf+1, oid_len-1);
- err = change_keyattr (app, keyno, keyattr, oid_len, pincb, pincb_arg);
-+ xfree (keyattr);
- if (err)
- goto leave;
- }
diff --git a/debian/patches/0018-dirmngr-New-debug-message-on-correctly-initialized-l.patch b/debian/patches/0018-dirmngr-New-debug-message-on-correctly-initialized-l.patch
deleted file mode 100644
index 927f7e3..0000000
--- a/debian/patches/0018-dirmngr-New-debug-message-on-correctly-initialized-l.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Mon, 2 Jan 2017 15:47:24 +0100
-Subject: dirmngr: New debug message on correctly initialized libdns.
-
-* dirmngr/dns-stuff.c (libdns_init): Add debug level diagnostic on
-success.
---
-
-This output may help to avoid questions when evaluating an Assuan log.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 0004d52ba2f1245c84f95a151342ad99fd72ca3d)
----
- dirmngr/dns-stuff.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
-index f2e1df925..cf8cefb2e 100644
---- a/dirmngr/dns-stuff.c
-+++ b/dirmngr/dns-stuff.c
-@@ -507,6 +507,9 @@ libdns_init (void)
- /* All fine. Make the data global. */
- libdns = ld;
-
-+ if (opt_debug)
-+ log_debug ("dns: libdns initialized%s\n", tor_mode?" (tor mode)":"");
-+
- leave:
- xfree (cfgstr);
- return err;
-@@ -595,7 +598,7 @@ libdns_res_open (struct dns_resolver **r_res)
-
-
- #ifdef USE_LIBDNS
--/* Helper to test whether we need totry again after having swicthed
-+/* Helper to test whether we need to try again after having switched
- * the Tor port. */
- static int
- libdns_switch_port_p (gpg_error_t err)
diff --git a/debian/patches/0019-dirmngr-Make-sure-Tor-mode-is-also-set-for-DNS-on-SI.patch b/debian/patches/0019-dirmngr-Make-sure-Tor-mode-is-also-set-for-DNS-on-SI.patch
deleted file mode 100644
index 2c02c2e..0000000
--- a/debian/patches/0019-dirmngr-Make-sure-Tor-mode-is-also-set-for-DNS-on-SI.patch
+++ /dev/null
@@ -1,170 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Tue, 3 Jan 2017 12:03:28 +0100
-Subject: dirmngr: Make sure Tor mode is also set for DNS on SIGHUP.
-
-* dirmngr/dns-stuff.c (enable_dns_tormode): Always succeed.
-(reload_dns_stuff): Reset tor port.
-* dirmngr/dirmngr.c (set_tor_mode): Also enable Tor mode for DNS.
-(main): Remove warning that Tor mode may not fully work.
-* dirmngr/server.c (cmd_dns_cert): Remove explicit Tor for DNS
-initialization.
-* dirmngr/t-dns-stuff.c (main): Remove option --new-circuit and error
-checking for enable_dns_tormode.
---
-
-This patch also resets the port on SIGHUP so that after starting Tor
-SIGHUP is sufficient to use Tor. Without the SIGHUP and when not
-using the Tor browser Dirmngr would keep on trying the Tor browser
-port.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 969512401603639e4467ede7d892f1b02582c2c9)
----
- dirmngr/dirmngr.c | 10 +++-------
- dirmngr/dns-stuff.c | 12 +++++++-----
- dirmngr/dns-stuff.h | 6 +++---
- dirmngr/server.c | 7 -------
- dirmngr/t-dns-stuff.c | 16 +---------------
- 5 files changed, 14 insertions(+), 37 deletions(-)
-
-diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
-index 0b8bb02e6..5abfe78c6 100644
---- a/dirmngr/dirmngr.c
-+++ b/dirmngr/dirmngr.c
-@@ -474,6 +474,9 @@ set_tor_mode (void)
- {
- if (opt.use_tor)
- {
-+ /* Enable Tor mode and when called again force a new curcuit
-+ * (e.g. on SIGHUP). */
-+ enable_dns_tormode (1);
- if (assuan_sock_set_flag (ASSUAN_INVALID_FD, "tor-mode", 1))
- {
- log_error ("error enabling Tor mode: %s\n", strerror (errno));
-@@ -912,13 +915,6 @@ main (int argc, char **argv)
- log_info ("NOTE: this is a development version!\n");
- #endif
-
-- if (opt.use_tor)
-- {
-- log_info ("WARNING: ***************************************\n");
-- log_info ("WARNING: Tor mode (--use-tor) MAY NOT FULLY WORK!\n");
-- log_info ("WARNING: ***************************************\n");
-- }
--
- /* Print a warning if an argument looks like an option. */
- if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN))
- {
-diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
-index cf8cefb2e..e32e1e3e1 100644
---- a/dirmngr/dns-stuff.c
-+++ b/dirmngr/dns-stuff.c
-@@ -199,9 +199,9 @@ recursive_resolver_p (void)
- }
-
-
--/* Sets the module in Tor mode. Returns 0 is this is possible or an
-- error code. */
--gpg_error_t
-+/* Puts this module eternally into Tor mode. When called agained with
-+ * NEW_CIRCUIT request a new TOR circuit for the next DNS query. */
-+void
- enable_dns_tormode (int new_circuit)
- {
- if (!*tor_socks_user || new_circuit)
-@@ -215,7 +215,6 @@ enable_dns_tormode (int new_circuit)
- counter++;
- }
- tor_mode = 1;
-- return 0;
- }
-
-
-@@ -548,7 +547,10 @@ reload_dns_stuff (int force)
- libdns_reinit_pending = 0;
- }
- else
-- libdns_reinit_pending = 1;
-+ {
-+ libdns_reinit_pending = 1;
-+ libdns_tor_port = 0; /* Start again with the default port. */
-+ }
- #else
- (void)force;
- #endif
-diff --git a/dirmngr/dns-stuff.h b/dirmngr/dns-stuff.h
-index 0a4a4de2f..eb7fe7246 100644
---- a/dirmngr/dns-stuff.h
-+++ b/dirmngr/dns-stuff.h
-@@ -113,9 +113,9 @@ void enable_recursive_resolver (int yes);
- /* Return true iff the recursive resolver is used. */
- int recursive_resolver_p (void);
-
--/* Calling this function switches the DNS code into Tor mode if
-- possibe. Return 0 on success. */
--gpg_error_t enable_dns_tormode (int new_circuit);
-+/* Put this module eternally into Tor mode. When called agained with
-+ * NEW_CIRCUIT request a new TOR circuit for the next DNS query. */
-+void enable_dns_tormode (int new_circuit);
-
- /* Change the default IP address of the nameserver to IPADDR. The
- address needs to be a numerical IP address and will be used for the
-diff --git a/dirmngr/server.c b/dirmngr/server.c
-index a785238dc..28c2cd428 100644
---- a/dirmngr/server.c
-+++ b/dirmngr/server.c
-@@ -709,13 +709,6 @@ cmd_dns_cert (assuan_context_t ctx, char *line)
- }
- }
-
-- if (opt.use_tor && (err = enable_dns_tormode (0)))
-- {
-- /* Tor mode is requested but the DNS code can't enable it. */
-- assuan_set_error (ctx, err, "error enabling Tor mode");
-- goto leave;
-- }
--
- if (pka_mode || dane_mode)
- {
- char *domain; /* Points to mbox. */
-diff --git a/dirmngr/t-dns-stuff.c b/dirmngr/t-dns-stuff.c
-index b087b5ead..bc4ca9a51 100644
---- a/dirmngr/t-dns-stuff.c
-+++ b/dirmngr/t-dns-stuff.c
-@@ -51,7 +51,6 @@ main (int argc, char **argv)
- gpg_error_t err;
- int any_options = 0;
- int opt_tor = 0;
-- int opt_new_circuit = 0;
- int opt_cert = 0;
- int opt_srv = 0;
- int opt_bracket = 0;
-@@ -103,11 +102,6 @@ main (int argc, char **argv)
- opt_tor = 1;
- argc--; argv++;
- }
-- else if (!strcmp (*argv, "--new-circuit"))
-- {
-- opt_new_circuit = 1;
-- argc--; argv++;
-- }
- else if (!strcmp (*argv, "--standard-resolver"))
- {
- enable_standard_resolver (1);
-@@ -171,15 +165,7 @@ main (int argc, char **argv)
- init_sockets ();
-
- if (opt_tor)
-- {
-- err = enable_dns_tormode (opt_new_circuit);
-- if (err)
-- {
-- fprintf (stderr, "error switching into Tor mode: %s\n",
-- gpg_strerror (err));
-- exit (1);
-- }
-- }
-+ enable_dns_tormode (0);
-
- if (opt_cert)
- {
diff --git a/debian/patches/0020-doc-Extend-dirmngr-s-allow-version-check-description.patch b/debian/patches/0020-doc-Extend-dirmngr-s-allow-version-check-description.patch
deleted file mode 100644
index 1ca5f4f..0000000
--- a/debian/patches/0020-doc-Extend-dirmngr-s-allow-version-check-description.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Tue, 3 Jan 2017 13:12:25 +0100
-Subject: doc: Extend dirmngr's --allow-version-check description
-
---
-
-(cherry picked from commit 293a55bacdacec4501af3a396b14fd32e404e39e)
----
- doc/dirmngr.texi | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
-index e136dff53..fc617d81d 100644
---- a/doc/dirmngr.texi
-+++ b/doc/dirmngr.texi
-@@ -264,7 +264,13 @@ the list of current software versions. If this option is enabled, or
- if @option{use-tor} is active, the list is retrieved when the local
- copy does not exist or is older than 5 to 7 days. See the option
- @option{--query-swdb} of the command @command{gpgconf} for more
--details.
-+details. Note, that regardless of this option a version check can
-+always be triggered using this command:
-+
-+ at example
-+ gpg-connect-agent --dirmngr 'loadswdb --force' /bye
-+ at end example
-+
-
- @item --keyserver @var{name}
- @opindex keyserver
diff --git a/debian/patches/0021-doc-Add-release-announcement-pointers-to-NEWS-entrie.patch b/debian/patches/0021-doc-Add-release-announcement-pointers-to-NEWS-entrie.patch
deleted file mode 100644
index e3fdecd..0000000
--- a/debian/patches/0021-doc-Add-release-announcement-pointers-to-NEWS-entrie.patch
+++ /dev/null
@@ -1,460 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Wed, 4 Jan 2017 18:37:36 +0100
-Subject: doc: Add release announcement pointers to NEWS entries.
-
---
-
-These are used by the website buider to link to the announcement
-mails.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 588121c158384b05099388097053d8d1e8bdf143)
----
- NEWS | 99 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
- 1 file changed, 97 insertions(+), 2 deletions(-)
-
-diff --git a/NEWS b/NEWS
-index 5633c55b0..1e91af31f 100644
---- a/NEWS
-+++ b/NEWS
-@@ -33,6 +33,8 @@ Noteworthy changes in version 2.1.17 (2016-12-20)
- * Major improvements to the test suite. For example it is possible
- to run the external test suite of GPGME.
-
-+ See-also: gnupg-announce/2016q4/000400.html
-+
-
- Noteworthy changes in version 2.1.16 (2016-11-18)
- -------------------------------------------------
-@@ -105,6 +107,8 @@ Noteworthy changes in version 2.1.16 (2016-11-18)
-
- * Many changes and improvements for the test suite.
-
-+ See-also: gnupg-announce/2016q4/000398.html
-+
-
- Noteworthy changes in version 2.1.15 (2016-08-18)
- -------------------------------------------------
-@@ -156,6 +160,8 @@ Noteworthy changes in version 2.1.15 (2016-08-18)
-
- * Spelling and grammar fixes.
-
-+ See-also: gnupg-announce/2016q3/000396.html
-+
-
- Noteworthy changes in version 2.1.14 (2016-07-14)
- -------------------------------------------------
-@@ -214,6 +220,8 @@ Noteworthy changes in version 2.1.14 (2016-07-14)
-
- * The rendering of the man pages has been improved.
-
-+ See-also: gnupg-announce/2016q3/000393.html
-+
-
- Noteworthy changes in version 2.1.13 (2016-06-16)
- -------------------------------------------------
-@@ -264,6 +272,8 @@ Noteworthy changes in version 2.1.13 (2016-06-16)
-
- * Speedup fd closing after a fork.
-
-+ See-also: gnupg-announce/2016q2/000390.html
-+
-
- Noteworthy changes in version 2.1.12 (2016-05-04)
- -------------------------------------------------
-@@ -317,6 +327,8 @@ Noteworthy changes in version 2.1.12 (2016-05-04)
-
- * Lots of internal cleanups and bug fixes.
-
-+ See-also: gnupg-announce/2016q2/000387.html
-+
-
- Noteworthy changes in version 2.1.11 (2016-01-26)
- -------------------------------------------------
-@@ -368,6 +380,8 @@ Noteworthy changes in version 2.1.11 (2016-01-26)
- * Print a warning if a GnuPG component is using an older version of
- gpg-agent, dirmngr, or scdaemon.
-
-+ See-also: gnupg-announce/2016q1/000383.html
-+
-
- Noteworthy changes in version 2.1.10 (2015-12-04)
- -------------------------------------------------
-@@ -426,6 +440,8 @@ Noteworthy changes in version 2.1.10 (2015-12-04)
-
- * Many other cleanups and bug fixes.
-
-+ See-also: gnupg-announce/2015q4/000381.html
-+
-
- Noteworthy changes in version 2.1.9 (2015-10-09)
- ------------------------------------------------
-@@ -456,6 +472,8 @@ Noteworthy changes in version 2.1.9 (2015-10-09)
- * dirmngr: Add option --keyserver. Deprecate that option for gpg.
- Install a dirmngr.conf file from a skeleton for new installations.
-
-+ See-also: gnupg-announce/2015q4/000380.html
-+
-
- Noteworthy changes in version 2.1.8 (2015-09-10)
- ------------------------------------------------
-@@ -483,6 +501,8 @@ Noteworthy changes in version 2.1.8 (2015-09-10)
-
- * Various minor bug fixes.
-
-+ See-also: gnupg-announce/2015q3/000379.html
-+
-
- Noteworthy changes in version 2.1.7 (2015-08-11)
- ------------------------------------------------
-@@ -508,6 +528,8 @@ Noteworthy changes in version 2.1.7 (2015-08-11)
-
- * Various other bug fixes.
-
-+ See-also: gnupg-announce/2015q3/000371.html
-+
-
- Noteworthy changes in version 2.1.6 (2015-07-01)
- ------------------------------------------------
-@@ -538,6 +560,8 @@ Noteworthy changes in version 2.1.6 (2015-07-01)
-
- * Various other bug fixes.
-
-+ See-also: gnupg-announce/2015q3/000370.html
-+
-
- Noteworthy changes in version 2.1.5 (2015-06-11)
- ------------------------------------------------
-@@ -552,6 +576,8 @@ Noteworthy changes in version 2.1.5 (2015-06-11)
-
- * Code cleanups and minor bug fixes.
-
-+ See-also: gnupg-announce/2015q2/000369.html
-+
-
- Noteworthy changes in version 2.1.4 (2015-05-12)
- ------------------------------------------------
-@@ -577,6 +603,8 @@ Noteworthy changes in version 2.1.4 (2015-05-12)
-
- * Fixed lots of smaller bugs.
-
-+ See-also: gnupg-announce/2015q2/000366.html
-+
-
- Noteworthy changes in version 2.1.3 (2015-04-11)
- ------------------------------------------------
-@@ -614,6 +642,8 @@ Noteworthy changes in version 2.1.3 (2015-04-11)
- * Fixed possible problems due to compiler optimization, two minor
- regressions, and other bugs.
-
-+ See-also: gnupg-announce/2015q2/000365.html
-+
-
- Noteworthy changes in version 2.1.2 (2015-02-11)
- ------------------------------------------------
-@@ -648,6 +678,8 @@ Noteworthy changes in version 2.1.2 (2015-02-11)
- * Fixed several bugs related to bogus keyrings and improved some
- other code.
-
-+ See-also: gnupg-announce/2015q1/000361.html
-+
-
- Noteworthy changes in version 2.1.1 (2014-12-16)
- ------------------------------------------------
-@@ -700,6 +732,8 @@ Noteworthy changes in version 2.1.1 (2014-12-16)
-
- * Improved portability and the usual bunch of bug fixes.
-
-+ See-also: gnupg-announce/2014q4/000360.html
-+
-
- Noteworthy changes in version 2.1.0 (2014-11-06)
- ------------------------------------------------
-@@ -1017,6 +1051,8 @@ Noteworthy changes in version 2.1.0 (2014-11-06)
- * Numerical values may now be used as an alternative to the
- debug-level keywords.
-
-+ See-also: gnupg-announce/2014q4/000358.html
-+
-
- Version 2.0.28 (2015-06-02)
- Version 2.0.27 (2015-02-18)
-@@ -1060,6 +1096,8 @@ Noteworthy changes in version 2.0.13 (2009-09-04)
-
- * Minor bug fixes.
-
-+ See-also: gnupg-announce/2009q3/000294.html
-+
-
- Noteworthy changes in version 2.0.12 (2009-06-17)
- -------------------------------------------------
-@@ -1087,6 +1125,8 @@ Noteworthy changes in version 2.0.12 (2009-06-17)
-
- * Changed code to avoid a possible Mac OS X system freeze.
-
-+ See-also: gnupg-announce/2009q2/000288.html
-+
-
- Noteworthy changes in version 2.0.11 (2009-03-03)
- -------------------------------------------------
-@@ -1103,6 +1143,8 @@ Noteworthy changes in version 2.0.11 (2009-03-03)
- due to interoperability problems with Outlook 2003 which still
- can't cope with AES.
-
-+ See-also: gnupg-announce/2009q1/000287.html
-+
-
- Noteworthy changes in version 2.0.10 (2009-01-12)
- -------------------------------------------------
-@@ -1158,6 +1200,8 @@ Noteworthy changes in version 2.0.10 (2009-01-12)
-
- * Libgcrypt 1.4 is now required.
-
-+ See-also: gnupg-announce/2009q1/000284.html
-+
-
- Noteworthy changes in version 2.0.9 (2008-03-26)
- ------------------------------------------------
-@@ -1181,6 +1225,7 @@ Noteworthy changes in version 2.0.9 (2008-03-26)
- * Minor bug fixes.
-
-
-+
- Noteworthy changes in version 2.0.8 (2007-12-20)
- ------------------------------------------------
-
-@@ -1214,6 +1259,8 @@ Noteworthy changes in version 2.0.8 (2007-12-20)
- taken into account. This required a change of our socket emulation
- code and changed the IPC protocol under Windows.
-
-+ See-also: gnupg-announce/2007q4/000267.html
-+
-
- Noteworthy changes in version 2.0.7 (2007-09-10)
- ------------------------------------------------
-@@ -1232,6 +1279,8 @@ Noteworthy changes in version 2.0.7 (2007-09-10)
- installed versions of the programs and does not anymore search via
- PATH for them.
-
-+ See-also: gnupg-announce/2007q3/000259.html
-+
-
- Noteworthy changes in version 2.0.6 (2007-08-16)
- ------------------------------------------------
-@@ -1247,6 +1296,8 @@ Noteworthy changes in version 2.0.6 (2007-08-16)
-
- * Improved Windows support.
-
-+ See-also: gnupg-announce/2007q3/000258.html
-+
-
- Noteworthy changes in version 2.0.5 (2007-07-05)
- ------------------------------------------------
-@@ -1264,6 +1315,8 @@ Noteworthy changes in version 2.0.5 (2007-07-05)
- * Changed key generation to reveal less information about the
- machine. Bug fixes for gpg2's card key generation.
-
-+ See-also: gnupg-announce/2007q3/000255.html
-+
-
- Noteworthy changes in version 2.0.4 (2007-05-09)
- ------------------------------------------------
-@@ -1276,6 +1329,8 @@ Noteworthy changes in version 2.0.4 (2007-05-09)
-
- * Improved the libgcrypt logging support in all modules.
-
-+ See-also: gnupg-announce/2007q2/000254.html
-+
-
- Noteworthy changes in version 2.0.3 (2007-03-08)
- ------------------------------------------------
-@@ -1296,6 +1351,8 @@ Noteworthy changes in version 2.0.3 (2007-03-08)
- * The PIN pad of the Cherry XX44 keyboard is now supported. The
- DINSIG and the NKS applications are now also aware of PIN pads.
-
-+ See-also: gnupg-announce/2007q1/000252.html
-+
-
- Noteworthy changes in version 2.0.2 (2007-01-31)
- ------------------------------------------------
-@@ -1314,6 +1371,8 @@ Noteworthy changes in version 2.0.2 (2007-01-31)
-
- * The status code BEGIN_SIGNING now shows the used hash algorithms.
-
-+ See-also: gnupg-announce/2007q1/000249.html
-+
-
- Noteworthy changes in version 2.0.1 (2006-11-28)
- ------------------------------------------------
-@@ -1327,12 +1386,16 @@ Noteworthy changes in version 2.0.1 (2006-11-28)
-
- * Fixed a buffer overflow in gpg2. [bug#728,CVE-2006-6169]
-
-+ See-also: gnupg-announce/2006q4/000242.html
-+
-
- Noteworthy changes in version 2.0.0 (2006-11-11)
- ------------------------------------------------
-
- * First stable version of a GnuPG integrating OpenPGP and S/MIME.
-
-+ See-also: gnupg-announce/2006q4/000239.html
-+
-
- Noteworthy changes in version 1.9.95 (2006-11-06)
- -------------------------------------------------
-@@ -1373,6 +1436,8 @@ Noteworthy changes in version 1.9.92 (2006-10-11)
-
- * Bug fixes.
-
-+ See-also: gnupg-announce/2006q4/000236.html
-+
-
- Noteworthy changes in version 1.9.91 (2006-10-04)
- -------------------------------------------------
-@@ -1874,6 +1939,8 @@ Noteworthy changes in version 1.3.2 (2003-05-27)
- of GnuPG and other OpenPGP programs, please do not use this
- algorithm.
-
-+ See-also: gnupg-announce/2003q2/000153.html
-+
-
- Noteworthy changes in version 1.3.1 (2002-11-12)
- ------------------------------------------------
-@@ -2200,6 +2267,8 @@ Noteworthy changes in version 1.0.7 (2002-04-29)
-
- * Read only keyrings are now handled as expected.
-
-+ See-also: gnupg-announce/2002q2/000135.html
-+
-
- Noteworthy changes in version 1.0.6 (2001-05-29)
- ------------------------------------------------
-@@ -2218,6 +2287,8 @@ Noteworthy changes in version 1.0.6 (2001-05-29)
-
- * non-writable keyrings are now correctly handled.
-
-+ See-also: gnupg-announce/2001q2/000123.html
-+
-
- Noteworthy changes in version 1.0.5 (2001-04-29)
- ------------------------------------------------
-@@ -2276,6 +2347,8 @@ Noteworthy changes in version 1.0.5 (2001-04-29)
-
- * New translations: Estonian, Turkish.
-
-+ See-also: gnupg-announce/2001q2/000122.html
-+
-
- Noteworthy changes in version 1.0.4 (2000-10-17)
- ------------------------------------------------
-@@ -2291,6 +2364,9 @@ Noteworthy changes in version 1.0.4 (2000-10-17)
-
- * --with-colons now works with --print-md[s].
-
-+ See-also: gnupg-announce/2000q4/000082.html
-+
-+
- Noteworthy changes in version 1.0.3 (2000-09-18)
- ------------------------------------------------
-
-@@ -2322,6 +2398,8 @@ Noteworthy changes in version 1.0.3 (2000-09-18)
- this. Older versions of GnuPG don't support it, so they should be
- upgraded to at least 1.0.2
-
-+ See-also: gnupg-announce/2000q3/000075.html
-+
-
- Noteworthy changes in version 1.0.2 (2000-07-12)
- ----------------------------------------------
-@@ -2380,6 +2458,9 @@ Noteworthy changes in version 1.0.2 (2000-07-12)
-
- * Danish translation
-
-+ See-also: gnupg-announce/2000q3/000069.html
-+
-+
- Noteworthy changes in version 1.0.1 (1999-12-16)
- -----------------------------------
-
-@@ -2411,6 +2492,8 @@ Noteworthy changes in version 1.0.1 (1999-12-16)
- * Removed the GNU Privacy Handbook from the distribution as it will go
- into a separate one.
-
-+ See-also: gnupg-announce/1999q4/000050.html
-+
-
- Noteworthy changes in version 1.0.0 (1999-09-07)
- -----------------------------------
-@@ -2420,6 +2503,8 @@ Noteworthy changes in version 1.0.0 (1999-09-07)
-
- * Changed the version number to GnuPG 2001 ;-)
-
-+ See-also: gnupg-announce/1999q3/000037.html
-+
-
- Noteworthy changes in version 0.9.11 (1999-09-03)
- ------------------------------------
-@@ -2431,6 +2516,8 @@ Noteworthy changes in version 0.9.11 (1999-09-03)
-
- * Fixed a problem when importing new subkeys (duplicated signatures).
-
-+ See-also: gnupg-announce/1999q3/000036.html
-+
-
- Noteworthy changes in version 0.9.10 (1999-07-23)
- ------------------------------------
-@@ -2439,6 +2526,8 @@ Noteworthy changes in version 0.9.10 (1999-07-23)
-
- * Cleaned up the dox a bit.
-
-+ See-also: gnupg-announce/1999q3/000034.html
-+
-
- Noteworthy changes in version 0.9.9
- -----------------------------------
-@@ -2466,6 +2555,8 @@ Noteworthy changes in version 0.9.9
- * New option --allow-non-selfsigned-uid to work around a problem with
- the German IN way of separating signing and encryption keys.
-
-+ See-also: gnupg-announce/1999q3/000028.html
-+
-
- Noteworthy changes in version 0.9.8 (1999-06-26)
- -----------------------------------
-@@ -2487,6 +2578,8 @@ Noteworthy changes in version 0.9.8 (1999-06-26)
-
- * Better support for HPUX.
-
-+ See-also: gnupg-announce/1999q2/000016.html
-+
-
- Noteworthy changes in version 0.9.7 (1999-05-23)
- -----------------------------------
-@@ -2496,6 +2589,8 @@ Noteworthy changes in version 0.9.7 (1999-05-23)
-
- * Enhanced some status outputs.
-
-+ See-also: gnupg-announce/1999q2/000000.html
-+
-
- Noteworthy changes in version 0.9.6 (1999-05-06)
- -----------------------------------
-@@ -2812,7 +2907,7 @@ Noteworthy changes in version 0.3.3 (1998-08-08)
- a copy of the old program.
- 2. Disable the network, make sure that you are the only
- user, be sure that there are no Trojan horses etc ....
-- 3. Use your old gpg (version 0.3.[12]) and set the
-+ 3. Use your old gpg (version 0.3.1 or 0.3.2) and set the
- passphrases of ALL your secret keys to empty!
- (gpg --change-passphrase your-user-id).
- 4. Save your ownertrusts (see the next point)
-@@ -2825,7 +2920,7 @@ Noteworthy changes in version 0.3.3 (1998-08-08)
-
- * The format of the trust database has changed; you must delete
- the old one, so gnupg can create a new one.
-- IMPORTANT: Use version 0.3.[12] to save your assigned ownertrusts
-+ IMPORTANT: Use version 0.3.1 or .2 to save your assigned ownertrusts
- ("gpgm --list-ownertrust >saved-trust"); then build this new version
- and restore the ownertrust with this new version
- ("gpgm --import-ownertrust saved-trust"). Please note that
diff --git a/debian/patches/0022-g10-avoid-warning-when-disable-tofu.patch b/debian/patches/0022-g10-avoid-warning-when-disable-tofu.patch
deleted file mode 100644
index 4443007..0000000
--- a/debian/patches/0022-g10-avoid-warning-when-disable-tofu.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-Date: Wed, 4 Jan 2017 08:31:06 -0500
-Subject: g10: avoid warning when --disable-tofu
-
-If configured with --disable-tofu, we see compiler warnings about an
-unused variable. This should remove those warnings.
-
-(cherry picked from commit 38671cfe5a2a40bb991619f4cb992c42b5f1e8cd)
----
- g10/trustdb.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/g10/trustdb.c b/g10/trustdb.c
-index d402cb2ba..c113b7e9d 100644
---- a/g10/trustdb.c
-+++ b/g10/trustdb.c
-@@ -1002,9 +1002,9 @@ tdb_get_validity_core (ctrl_t ctrl,
- ulong recno;
- #ifdef USE_TOFU
- unsigned int tofu_validity = TRUST_UNKNOWN;
-+ int free_kb = 0;
- #endif
- unsigned int validity = TRUST_UNKNOWN;
-- int free_kb = 0;
-
- if (kb && pk)
- log_assert (keyid_cmp (pk_main_keyid (pk),
diff --git a/debian/patches/0023-doc-Mention-gpgv-in-the-description-of-gpg-verify.patch b/debian/patches/0023-doc-Mention-gpgv-in-the-description-of-gpg-verify.patch
deleted file mode 100644
index a05c742..0000000
--- a/debian/patches/0023-doc-Mention-gpgv-in-the-description-of-gpg-verify.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Thu, 5 Jan 2017 20:25:16 +0100
-Subject: doc: Mention gpgv in the description of gpg --verify.
-
---
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 353f6ff37646ad4c24d309a495e6c6f41e5235e3)
----
- doc/gpg.texi | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/doc/gpg.texi b/doc/gpg.texi
-index 469e5484a..4ea2cd21e 100644
---- a/doc/gpg.texi
-+++ b/doc/gpg.texi
-@@ -255,6 +255,13 @@ out the actual signed data, but there are other pitfalls with this
- format as well. It is suggested to avoid cleartext signatures in
- favor of detached signatures.
-
-+Note: Sometimes the use of the @command{gpgv} tool is easier than
-+using the full-fledged @command{gpg} with this option. @command{gpgv}
-+is designed to compare signed data against a list of trusted keys and
-+returns with success only for a good signature. It has its own manual
-+page.
-+
-+
- @item --multifile
- @opindex multifile
- This modifies certain other commands to accept multiple files for
diff --git a/debian/patches/0024-Silence-two-Wlogical-op-warnings.patch b/debian/patches/0024-Silence-two-Wlogical-op-warnings.patch
deleted file mode 100644
index 78fd134..0000000
--- a/debian/patches/0024-Silence-two-Wlogical-op-warnings.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Thu, 5 Jan 2017 20:42:55 +0100
-Subject: Silence two -Wlogical-op warnings.
-
-* common/tlv.c (parse_ber_header): Avoid compiler warning about a
-duplicate condition.
-* tools/gpgtar-create.c (pattern_valid_p): Likewise.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 6170eb809033c9d144abf3b1f31f8b936878cdd4)
----
- common/tlv.c | 4 ++--
- tools/gpgtar-create.c | 6 +++++-
- 2 files changed, 7 insertions(+), 3 deletions(-)
-
-diff --git a/common/tlv.c b/common/tlv.c
-index 6813c585a..0058b67ca 100644
---- a/common/tlv.c
-+++ b/common/tlv.c
-@@ -214,9 +214,9 @@ parse_ber_header (unsigned char const **buffer, size_t *size,
- else
- {
- unsigned long len = 0;
-- int count = c & 0x7f;
-+ int count = (c & 0x7f);
-
-- if (count > sizeof (len) || count > sizeof (size_t))
-+ if (count > (sizeof(len)<sizeof(size_t)?sizeof(len):sizeof(size_t)))
- return gpg_err_make (default_errsource, GPG_ERR_BAD_BER);
-
- for (; count; count--)
-diff --git a/tools/gpgtar-create.c b/tools/gpgtar-create.c
-index ef906a5dd..ffd239f42 100644
---- a/tools/gpgtar-create.c
-+++ b/tools/gpgtar-create.c
-@@ -429,7 +429,11 @@ pattern_valid_p (const char *pattern)
- return 0;
- if (*pattern == '.' && pattern[1] == '.')
- return 0;
-- if (*pattern == '/' || *pattern == DIRSEP_C)
-+ if (*pattern == '/'
-+#ifdef HAVE_DOSISH_SYSTEM
-+ || *pattern == '\\'
-+#endif
-+ )
- return 0; /* Absolute filenames are not supported. */
- #ifdef HAVE_DRIVE_LETTERS
- if (((*pattern >= 'a' && *pattern <= 'z')
diff --git a/debian/patches/0025-doc-Document-summary-values-of-TOFU_STATS.patch b/debian/patches/0025-doc-Document-summary-values-of-TOFU_STATS.patch
deleted file mode 100644
index 1ee390f..0000000
--- a/debian/patches/0025-doc-Document-summary-values-of-TOFU_STATS.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From: Andre Heinecke <aheinecke at intevation.de>
-Date: Fri, 6 Jan 2017 12:26:01 +0100
-Subject: doc: Document summary values of TOFU_STATS
-
---
-
-Signed-off-by: Andre Heinecke <aheinecke at intevation.de>
-(cherry picked from commit e1f68337b979fe4b7c3bd095a83ea832e14efb74)
----
- doc/DETAILS | 13 +++++++++++++
- 1 file changed, 13 insertions(+)
-
-diff --git a/doc/DETAILS b/doc/DETAILS
-index 568500e51..ac599fc62 100644
---- a/doc/DETAILS
-+++ b/doc/DETAILS
-@@ -761,6 +761,19 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
- takes on value 0. Instead, if there is a conflict, VALIDITY still
- reflects the key's validity (values: 1-4).
-
-+ SUMMARY values use the euclidean distance (m = sqrt(a² + b²)) rather
-+ then the sum of the magnitudes (m = a + b) to ensure a balance between
-+ verified signatures and encrypted messages.
-+
-+ Values are calculated based on the number of days where a key was used
-+ for verifying a signature or to encrypt to it.
-+ The ranges for the values are:
-+
-+ - 1 :: signature_days + encryption_days == 0
-+ - 2 :: 1 <= sqrt(signature_days² + encryption_days²) < 8
-+ - 3 :: 8 <= sqrt(signature_days² + encryption_days²) < 42
-+ - 4 :: sqrt(signature_days² + encryption_days²) >= 42
-+
- SIGN-COUNT and ENCRYPTION-COUNT are the number of messages that we
- have seen that have been signed by this key / encryption to this
- key.
diff --git a/debian/patches/0026-dirmngr-Strip-root-zone-suffix-from-libdns-SRV-resul.patch b/debian/patches/0026-dirmngr-Strip-root-zone-suffix-from-libdns-SRV-resul.patch
deleted file mode 100644
index 80c5e94..0000000
--- a/debian/patches/0026-dirmngr-Strip-root-zone-suffix-from-libdns-SRV-resul.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Sun, 8 Jan 2017 18:00:38 +0100
-Subject: dirmngr: Strip root zone suffix from libdns SRV results.
-
-* dirmngr/dns-stuff.c (getsrv_libdns): Strip trailing dot from the
-target.
---
-
-See-also: b200e636ab20d2aa93d9f71f3789db5a04af0a56
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 9fa94aa10778bbd680315e93b23175423e338c40)
----
- dirmngr/dns-stuff.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
-index e32e1e3e1..028b065ab 100644
---- a/dirmngr/dns-stuff.c
-+++ b/dirmngr/dns-stuff.c
-@@ -1591,6 +1591,10 @@ getsrv_libdns (const char *name, struct srventry **list, unsigned int *r_count)
- srv->weight = dsrv.weight;
- srv->port = dsrv.port;
- mem2str (srv->target, dsrv.target, sizeof srv->target);
-+ /* Libdns appends the root zone part which is problematic for
-+ * most other functions - strip it. */
-+ if (*srv->target && (srv->target)[strlen (srv->target)-1] == '.')
-+ (srv->target)[strlen (srv->target)-1] = 0;
- }
-
- *r_count = srvcount;
diff --git a/debian/patches/0027-dirmngr-Change-internal-SRV-lookup-API.patch b/debian/patches/0027-dirmngr-Change-internal-SRV-lookup-API.patch
deleted file mode 100644
index c792b3f..0000000
--- a/debian/patches/0027-dirmngr-Change-internal-SRV-lookup-API.patch
+++ /dev/null
@@ -1,169 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Sun, 8 Jan 2017 18:04:59 +0100
-Subject: dirmngr: Change internal SRV lookup API.
-
-* dirmngr/dns-stuff.c (get_dns_srv): Add args SERVICE and PROTO.
-* dirmngr/http.c (connect_server): Simplify SRV lookup.
-* dirmngr/ks-engine-hkp.c (map_host): Ditto.
-* dirmngr/t-dns-stuff.c (main): Adjust for changed get_dns_srv.
---
-
-This new API is more convenient because it includes commonly used
-code. Note that right now http.c's SRV record code is not used.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 16078f3deea5b82ea26e2f01dbd3ef3a5ce25410)
----
- dirmngr/dns-stuff.c | 25 +++++++++++++++++++++++--
- dirmngr/dns-stuff.h | 1 +
- dirmngr/http.c | 28 +++++-----------------------
- dirmngr/ks-engine-hkp.c | 12 +-----------
- dirmngr/t-dns-stuff.c | 2 +-
- 5 files changed, 31 insertions(+), 37 deletions(-)
-
-diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
-index 028b065ab..a8713eb44 100644
---- a/dirmngr/dns-stuff.c
-+++ b/dirmngr/dns-stuff.c
-@@ -1740,17 +1740,37 @@ getsrv_standard (const char *name,
- }
-
-
--/* Note that we do not return NONAME but simply store 0 at R_COUNT. */
-+/* Query a SRV record for SERVICE and PROTO for NAME. If SERVICE is
-+ * NULL, NAME is expected to contain the full query name. Note that
-+ * we do not return NONAME but simply store 0 at R_COUNT. On error an
-+ * error code is returned and 0 stored at R_COUNT. */
- gpg_error_t
--get_dns_srv (const char *name, struct srventry **list, unsigned int *r_count)
-+get_dns_srv (const char *name, const char *service, const char *proto,
-+ struct srventry **list, unsigned int *r_count)
- {
- gpg_error_t err;
-+ char *namebuffer = NULL;
- unsigned int srvcount;
- int i;
-
- *list = NULL;
- *r_count = 0;
- srvcount = 0;
-+
-+ /* If SERVICE is given construct the query from it and PROTO. */
-+ if (service)
-+ {
-+ namebuffer = xtryasprintf ("_%s._%s.%s",
-+ service, proto? proto:"tcp", name);
-+ if (!namebuffer)
-+ {
-+ err = gpg_error_from_syserror ();
-+ goto leave;
-+ }
-+ name = namebuffer;
-+ }
-+
-+
- #ifdef USE_LIBDNS
- if (!standard_resolver)
- {
-@@ -1852,6 +1872,7 @@ get_dns_srv (const char *name, struct srventry **list, unsigned int *r_count)
- }
- if (!err)
- *r_count = srvcount;
-+ xfree (namebuffer);
- return err;
- }
-
-diff --git a/dirmngr/dns-stuff.h b/dirmngr/dns-stuff.h
-index eb7fe7246..d68dd1728 100644
---- a/dirmngr/dns-stuff.h
-+++ b/dirmngr/dns-stuff.h
-@@ -153,6 +153,7 @@ gpg_error_t get_dns_cert (const char *name, int want_certtype,
-
- /* Return an array of SRV records. */
- gpg_error_t get_dns_srv (const char *name,
-+ const char *service, const char *proto,
- struct srventry **list, unsigned int *r_count);
-
-
-diff --git a/dirmngr/http.c b/dirmngr/http.c
-index 14d60df4b..7a028047d 100644
---- a/dirmngr/http.c
-+++ b/dirmngr/http.c
-@@ -2362,29 +2362,11 @@ connect_server (const char *server, unsigned short port,
- /* Do the SRV thing */
- if (srvtag)
- {
-- /* We're using SRV, so append the tags. */
-- if (1 + strlen (srvtag) + 6 + strlen (server) + 1
-- <= DIMof (struct srventry, target))
-- {
-- char *srvname = xtrymalloc (DIMof (struct srventry, target));
--
-- if (!srvname) /* Out of core */
-- {
-- serverlist = NULL;
-- srvcount = 0;
-- }
-- else
-- {
-- stpcpy (stpcpy (stpcpy (stpcpy (srvname,"_"), srvtag),
-- "._tcp."), server);
-- err = get_dns_srv (srvname, &serverlist, &srvcount);
-- if (err)
-- log_info ("getting SRV '%s' failed: %s\n",
-- srvname, gpg_strerror (err));
-- xfree (srvname);
-- /* Note that on error SRVCOUNT is zero. */
-- }
-- }
-+ err = get_dns_srv (server, srvtag, NULL, &serverlist, &srvcount);
-+ if (err)
-+ log_info ("getting '%s' SRV for '%s' failed: %s\n",
-+ srvtag, server, gpg_strerror (err));
-+ /* Note that on error SRVCOUNT is zero. */
- }
-
- if (!serverlist)
-diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
-index 6f1c2e8e0..5b54c443a 100644
---- a/dirmngr/ks-engine-hkp.c
-+++ b/dirmngr/ks-engine-hkp.c
-@@ -447,7 +447,6 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
- int refidx;
- int is_pool = 0;
- char *cname;
-- char *srvrecord;
- struct srventry *srvs;
- unsigned int srvscount;
-
-@@ -469,16 +468,7 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
- if (!is_ip_address (name))
- {
- /* Check for SRV records. */
-- srvrecord = xtryasprintf ("_hkp._tcp.%s", name);
-- if (srvrecord == NULL)
-- {
-- err = gpg_error_from_syserror ();
-- xfree (reftbl);
-- return err;
-- }
--
-- err = get_dns_srv (srvrecord, &srvs, &srvscount);
-- xfree (srvrecord);
-+ err = get_dns_srv (name, "hkp", NULL, &srvs, &srvscount);
- if (err)
- {
- xfree (reftbl);
-diff --git a/dirmngr/t-dns-stuff.c b/dirmngr/t-dns-stuff.c
-index bc4ca9a51..23c0c6aa0 100644
---- a/dirmngr/t-dns-stuff.c
-+++ b/dirmngr/t-dns-stuff.c
-@@ -235,7 +235,7 @@ main (int argc, char **argv)
- int i;
-
- err = get_dns_srv (name? name : "_hkp._tcp.wwwkeys.pgp.net",
-- &srv, &count);
-+ NULL, NULL, &srv, &count);
- if (err)
- printf ("get_dns_srv failed: %s <%s>\n",
- gpg_strerror (err), gpg_strsource (err));
diff --git a/debian/patches/0028-dirmngr-Improve-debug-output-for-TLS.patch b/debian/patches/0028-dirmngr-Improve-debug-output-for-TLS.patch
deleted file mode 100644
index 59b07d6..0000000
--- a/debian/patches/0028-dirmngr-Improve-debug-output-for-TLS.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Sun, 8 Jan 2017 18:07:18 +0100
-Subject: dirmngr: Improve debug output for TLS.
-
-* dirmngr/misc.c (dump_cert): Also print SubjectAltNames.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 714faea4fa7f30d42e9986358214a99aa8fa57b3)
----
- dirmngr/misc.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/dirmngr/misc.c b/dirmngr/misc.c
-index ac3856e09..2ee6d82bd 100644
---- a/dirmngr/misc.c
-+++ b/dirmngr/misc.c
-@@ -296,6 +296,7 @@ dump_cert (const char *text, ksba_cert_t cert)
- ksba_sexp_t sexp;
- char *p;
- ksba_isotime_t t;
-+ int idx;
-
- log_debug ("BEGIN Certificate '%s':\n", text? text:"");
- if (cert)
-@@ -326,6 +327,13 @@ dump_cert (const char *text, ksba_cert_t cert)
- dump_string (p);
- ksba_free (p);
- log_printf ("\n");
-+ for (idx=1; (p = ksba_cert_get_subject (cert, idx)); idx++)
-+ {
-+ log_debug (" aka: ");
-+ dump_string (p);
-+ ksba_free (p);
-+ log_printf ("\n");
-+ }
-
- log_debug (" hash algo: %s\n", ksba_cert_get_digest_algo (cert));
-
diff --git a/debian/patches/0029-dirmngr-Implement-experimental-SRV-record-lookup-for.patch b/debian/patches/0029-dirmngr-Implement-experimental-SRV-record-lookup-for.patch
deleted file mode 100644
index bdc278f..0000000
--- a/debian/patches/0029-dirmngr-Implement-experimental-SRV-record-lookup-for.patch
+++ /dev/null
@@ -1,145 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Sun, 8 Jan 2017 18:42:50 +0100
-Subject: dirmngr: Implement experimental SRV record lookup for WKD.
-
-* dirmngr/server.c (cmd_wkd_get): Support SRV records.
---
-
-This patch changes the way a WKD query is done. Now we first look for
-a SRV record for service "openpgpkey" and port "tcp" under the
-to-be-queried domain. If such a record was found and the target host
-matches the to-be-queried domain or is a suffix to that domain, that
-target host is used instead of the domain name. The SRV record also
-allows to change the port and obviously can be used for
-load-balancing.
-
-For example a query for the submission address of example.org with the
-SRV record specification
-
-_openpgpkey._tcp IN SRV 0 0 0 wkd.foo.org.
- IN SRV 0 0 0 wkd.example.net.
- IN SRV 0 0 4711 wkd.example.org.
-
-(queried using the name "_openpgpkey._tcp.example.org") would fetch
-from this URL:
-
- https://wkd.example.org:4711/.well-known/openpgpkey/submission-address
-
-Note that the first two SRV records won't be used because foo.org and
-example.net do not match example.org. We require that the target host
-is identical to the domain or be a subdomain of it. This is so that
-an attacker modifying the SRV records needs to setup a server in a
-sub-domain of the actual domain and can't use an arbitrary domain.
-Whether this is a sufficient requirement is not clear and needs
-further discussion.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 88dc3af3d4ae1afe1d5e136bc4c38bc4e7d4cd10)
----
- dirmngr/server.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++++++-
- 1 file changed, 51 insertions(+), 1 deletion(-)
-
-diff --git a/dirmngr/server.c b/dirmngr/server.c
-index 28c2cd428..c9c4ad437 100644
---- a/dirmngr/server.c
-+++ b/dirmngr/server.c
-@@ -826,13 +826,15 @@ cmd_wkd_get (assuan_context_t ctx, char *line)
- ctrl_t ctrl = assuan_get_pointer (ctx);
- gpg_error_t err = 0;
- char *mbox = NULL;
-- char *domain; /* Points to mbox. */
-+ char *domainbuf = NULL;
-+ char *domain; /* Points to mbox or domainbuf. */
- char sha1buf[20];
- char *uri = NULL;
- char *encodedhash = NULL;
- int opt_submission_addr;
- int opt_policy_flags;
- int no_log = 0;
-+ char portstr[20] = { 0 };
-
- opt_submission_addr = has_option (line, "--submission-address");
- opt_policy_flags = has_option (line, "--policy-flags");
-@@ -846,6 +848,50 @@ cmd_wkd_get (assuan_context_t ctx, char *line)
- }
- *domain++ = 0;
-
-+ /* Check for SRV records. */
-+ if (1)
-+ {
-+ struct srventry *srvs;
-+ unsigned int srvscount;
-+ size_t domainlen, targetlen;
-+ int i;
-+
-+ err = get_dns_srv (domain, "openpgpkey", NULL, &srvs, &srvscount);
-+ if (err)
-+ goto leave;
-+
-+ /* Find the first target which also ends in DOMAIN or is equal
-+ * to DOMAIN. */
-+ domainlen = strlen (domain);
-+ for (i = 0; i < srvscount; i++)
-+ {
-+ log_debug ("srv: trying '%s:%hu'\n", srvs[i].target, srvs[i].port);
-+ targetlen = strlen (srvs[i].target);
-+ if ((targetlen > domainlen + 1
-+ && srvs[i].target[targetlen - domainlen - 1] == '.'
-+ && !ascii_strcasecmp (srvs[i].target + targetlen - domainlen,
-+ domain))
-+ || (targetlen == domainlen
-+ && !ascii_strcasecmp (srvs[i].target, domain)))
-+ {
-+ /* found. */
-+ domainbuf = xtrystrdup (srvs[i].target);
-+ if (!domainbuf)
-+ {
-+ err = gpg_error_from_syserror ();
-+ xfree (srvs);
-+ goto leave;
-+ }
-+ domain = domainbuf;
-+ if (srvs[i].port)
-+ snprintf (portstr, sizeof portstr, ":%hu", srvs[i].port);
-+ break;
-+ }
-+ }
-+ xfree (srvs);
-+ log_debug ("srv: got '%s%s'\n", domain, portstr);
-+ }
-+
- gcry_md_hash_buffer (GCRY_MD_SHA1, sha1buf, mbox, strlen (mbox));
- encodedhash = zb32_encode (sha1buf, 8*20);
- if (!encodedhash)
-@@ -858,6 +904,7 @@ cmd_wkd_get (assuan_context_t ctx, char *line)
- {
- uri = strconcat ("https://",
- domain,
-+ portstr,
- "/.well-known/openpgpkey/submission-address",
- NULL);
- }
-@@ -865,6 +912,7 @@ cmd_wkd_get (assuan_context_t ctx, char *line)
- {
- uri = strconcat ("https://",
- domain,
-+ portstr,
- "/.well-known/openpgpkey/policy",
- NULL);
- }
-@@ -872,6 +920,7 @@ cmd_wkd_get (assuan_context_t ctx, char *line)
- {
- uri = strconcat ("https://",
- domain,
-+ portstr,
- "/.well-known/openpgpkey/hu/",
- encodedhash,
- NULL);
-@@ -907,6 +956,7 @@ cmd_wkd_get (assuan_context_t ctx, char *line)
- xfree (uri);
- xfree (encodedhash);
- xfree (mbox);
-+ xfree (domainbuf);
- return leave_cmd (ctx, err);
- }
-
diff --git a/debian/patches/0030-doc-Update-man-page-for-watchgnupg.patch b/debian/patches/0030-doc-Update-man-page-for-watchgnupg.patch
deleted file mode 100644
index f5c7868..0000000
--- a/debian/patches/0030-doc-Update-man-page-for-watchgnupg.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Mon, 9 Jan 2017 08:54:45 +0100
-Subject: doc: Update man page for watchgnupg
-
---
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 2baba11fad6dd680a992260d161dffa1eeae0e42)
----
- doc/tools.texi | 43 +++++++++++++++++++++++++------------------
- 1 file changed, 25 insertions(+), 18 deletions(-)
-
-diff --git a/doc/tools.texi b/doc/tools.texi
-index d321b699a..f0e6fe70c 100644
---- a/doc/tools.texi
-+++ b/doc/tools.texi
-@@ -54,13 +54,14 @@ other utilities. This tool is not available for Windows.
- @command{watchgnupg} is commonly invoked as
-
- @example
--watchgnupg --force ~/.gnupg/S.log
-+watchgnupg --force $(gpgconf --list-dirs socketdir)/S.log
- @end example
- @manpause
-
- @noindent
--This starts it on the current terminal for listening on the socket
-- at file{~/.gnupg/S.log}.
-+This starts it on the current terminal for listening on the standard
-+logging socket (which is either @file{~/.gnupg/S.log} or
-+ at file{/var/run/user/UID/gnupg/S.log}).
-
- @mansect options
- @noindent
-@@ -77,6 +78,10 @@ Delete an already existing socket file.
- Instead of reading from a local socket, listen for connects on TCP port
- @var{n}.
-
-+ at item --time-only
-+ at opindex time-only
-+Do not print the date part of the timestamp.
-+
- @item --verbose
- @opindex verbose
- Enable extra informational output.
-@@ -96,21 +101,22 @@ Display a brief help page and exit.
- @chapheading Examples
-
- @example
--$ watchgnupg --force /home/foo/.gnupg/S.log
-+$ watchgnupg --force --time-only $(gpgconf --list-dirs socketdir)/S.log
- @end example
-
- This waits for connections on the local socket
-- at file{/home/foo/.gnupg/S.log} and shows all log entries. To make this
--work the option @option{log-file} needs to be used with all modules
--which logs are to be shown. The value for that option must be given
--with a special prefix (e.g. in the conf files):
-+(e.g. @file{/home/foo/.gnupg/S.log}) and shows all log entries. To
-+make this work the option @option{log-file} needs to be used with all
-+modules which logs are to be shown. The suggested entry for the
-+configuration files is:
-
- @example
--log-file socket:///home/foo/.gnupg/S.log
-+log-file socket://
- @end example
-
--If only @code{socket://} is used a default socket file named
-- at file{S.log} in the standard socket directory is used.
-+If the default socket as given above and returned by "echo $(gpgconf
-+--list-dirs socketdir)/S.log" is not desired an arbitrary socket name
-+can be specified, for example @file{socket:///home/foo/bar/mysocket}.
- For debugging purposes it is also possible to do remote logging. Take
- care if you use this feature because the information is send in the
- clear over the network. Use this syntax in the conf files:
-@@ -119,13 +125,14 @@ clear over the network. Use this syntax in the conf files:
- log-file tcp://192.168.1.1:4711
- @end example
-
--You may use any port and not just 4711 as shown above; only IP addresses
--are supported (v4 and v6) and no host names. You need to start
-- at command{watchgnupg} with the @option{tcp} option. Note that under
--Windows the registry entry @var{HKCU\Software\GNU\GnuPG:DefaultLogFile}
--can be used to change the default log output from @code{stderr} to
--whatever is given by that entry. However the only useful entry is a TCP
--name for remote debugging.
-+You may use any port and not just 4711 as shown above; only IP
-+addresses are supported (v4 and v6) and no host names. You need to
-+start @command{watchgnupg} with the @option{tcp} option. Note that
-+under Windows the registry entry
-+ at var{HKCU\Software\GNU\GnuPG:DefaultLogFile} can be used to change the
-+default log output from @code{stderr} to whatever is given by that
-+entry. However the only useful entry is a TCP name for remote
-+debugging.
-
-
- @mansect see also
diff --git a/debian/patches/0031-dirmngr-Do-not-use-a-SRV-record-for-HKP-if-a-port-wa.patch b/debian/patches/0031-dirmngr-Do-not-use-a-SRV-record-for-HKP-if-a-port-wa.patch
deleted file mode 100644
index 797d7b8..0000000
--- a/debian/patches/0031-dirmngr-Do-not-use-a-SRV-record-for-HKP-if-a-port-wa.patch
+++ /dev/null
@@ -1,197 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Mon, 9 Jan 2017 10:11:20 +0100
-Subject: dirmngr: Do not use a SRV record for HKP if a port was specified.
-
-* dirmngr/http.h (parsed_uri_s): Add field EXPLICIT_PORT.
-* dirmngr/http.c (do_parse_uri): That it.
-* dirmngr/ks-engine-hkp.c (map_host): Add arg NO_SRV.
-(make_host_part): Ditto.
-(ks_hkp_resolve): Set NO_SRV from EXPLICIT_PORT.
-(ks_hkp_search): Ditto.
-(ks_hkp_get): Ditto.
-(ks_hkp_put): Ditto.
---
-
-This implements the behaviour of the keyserver helpers from 1.4 and
-2.0.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit c2cbe2f87c480c62239dc4c2cbb352acd98cd267)
----
- dirmngr/http.c | 2 ++
- dirmngr/http.h | 1 +
- dirmngr/ks-engine-hkp.c | 65 ++++++++++++++++++++++++++++---------------------
- 3 files changed, 40 insertions(+), 28 deletions(-)
-
-diff --git a/dirmngr/http.c b/dirmngr/http.c
-index 7a028047d..0a47d9f59 100644
---- a/dirmngr/http.c
-+++ b/dirmngr/http.c
-@@ -1169,6 +1169,7 @@ do_parse_uri (parsed_uri_t uri, int only_local_part,
- uri->opaque = 0;
- uri->v6lit = 0;
- uri->onion = 0;
-+ uri->explicit_port = 0;
-
- /* A quick validity check. */
- if (strspn (p, VALID_URI_CHARS) != n)
-@@ -1241,6 +1242,7 @@ do_parse_uri (parsed_uri_t uri, int only_local_part,
- {
- *p3++ = '\0';
- uri->port = atoi (p3);
-+ uri->explicit_port = 1;
- }
-
- if ((n = remove_escapes (uri->host)) < 0)
-diff --git a/dirmngr/http.h b/dirmngr/http.h
-index 2a36fdaa8..32556a4e0 100644
---- a/dirmngr/http.h
-+++ b/dirmngr/http.h
-@@ -53,6 +53,7 @@ struct parsed_uri_s
- unsigned int opaque:1;/* Unknown scheme; PATH has the rest. */
- unsigned int v6lit:1; /* Host was given as a literal v6 address. */
- unsigned int onion:1; /* .onion address given. */
-+ unsigned int explicit_port :1; /* The port was explicitly specified. */
- char *auth; /* username/password for basic auth. */
- char *host; /* Host (converted to lowercase). */
- unsigned short port; /* Port (always set if the host is set). */
-diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
-index 5b54c443a..b5150d478 100644
---- a/dirmngr/ks-engine-hkp.c
-+++ b/dirmngr/ks-engine-hkp.c
-@@ -394,19 +394,20 @@ add_host (const char *name, int is_pool,
-
-
- /* Map the host name NAME to the actual to be used host name. This
-- allows us to manage round robin DNS names. We use our own strategy
-- to choose one of the hosts. For example we skip those hosts which
-- failed for some time and we stick to one host for a time
-- independent of DNS retry times. If FORCE_RESELECT is true a new
-- host is always selected. The selected host is stored as a malloced
-- string at R_HOST; on error NULL is stored. If we know the port
-- used by the selected host, a string representation is written to
-- R_PORTSTR, otherwise it is left untouched. If R_HTTPFLAGS is not
-- NULL it will receive flags which are to be passed to http_open. If
-- R_POOLNAME is not NULL a malloced name of the pool is stored or
-- NULL if it is not a pool. */
-+ * allows us to manage round robin DNS names. We use our own strategy
-+ * to choose one of the hosts. For example we skip those hosts which
-+ * failed for some time and we stick to one host for a time
-+ * independent of DNS retry times. If FORCE_RESELECT is true a new
-+ * host is always selected. If NO_SRV is set no service record lookup
-+ * will be done. The selected host is stored as a malloced string at
-+ * R_HOST; on error NULL is stored. If we know the port used by the
-+ * selected host from a service record, a string representation is
-+ * written to R_PORTSTR, otherwise it is left untouched. If
-+ * R_HTTPFLAGS is not NULL it will receive flags which are to be
-+ * passed to http_open. If R_POOLNAME is not NULL a malloced name of
-+ * the pool is stored or NULL if it is not a pool. */
- static gpg_error_t
--map_host (ctrl_t ctrl, const char *name, int force_reselect,
-+map_host (ctrl_t ctrl, const char *name, int force_reselect, int no_srv,
- char **r_host, char *r_portstr,
- unsigned int *r_httpflags, char **r_poolname)
- {
-@@ -465,7 +466,7 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
- }
- hi = hosttable[idx];
-
-- if (!is_ip_address (name))
-+ if (!no_srv && !is_ip_address (name))
- {
- /* Check for SRV records. */
- err = get_dns_srv (name, "hkp", NULL, &srvs, &srvscount);
-@@ -874,13 +875,13 @@ ks_hkp_help (ctrl_t ctrl, parsed_uri_t uri)
-
-
- /* Build the remote part of the URL from SCHEME, HOST and an optional
-- PORT. Returns an allocated string at R_HOSTPORT or NULL on failure
-- If R_POOLNAME is not NULL it receives a malloced string with the
-- poolname. */
-+ * PORT. If NO_SRV is set no SRV record lookup will be done. Returns
-+ * an allocated string at R_HOSTPORT or NULL on failure If R_POOLNAME
-+ * is not NULL it receives a malloced string with the poolname. */
- static gpg_error_t
- make_host_part (ctrl_t ctrl,
- const char *scheme, const char *host, unsigned short port,
-- int force_reselect,
-+ int force_reselect, int no_srv,
- char **r_hostport, unsigned int *r_httpflags, char **r_poolname)
- {
- gpg_error_t err;
-@@ -890,11 +891,18 @@ make_host_part (ctrl_t ctrl,
- *r_hostport = NULL;
-
- portstr[0] = 0;
-- err = map_host (ctrl, host, force_reselect,
-+ err = map_host (ctrl, host, force_reselect, no_srv,
- &hostname, portstr, r_httpflags, r_poolname);
- if (err)
- return err;
-
-+ /* If map_host did not return a port (from a SRV record) but a port
-+ * has been specified (implicitly or explicitly) then use that port.
-+ * Only in the case that a port was not specified (which might be a
-+ * bug in https.c) we will later make sure that it has been set. */
-+ if (!*portstr && port)
-+ snprintf (portstr, sizeof portstr, "%hu", port);
-+
- /* Map scheme and port. */
- if (!strcmp (scheme, "hkps") || !strcmp (scheme,"https"))
- {
-@@ -908,12 +916,6 @@ make_host_part (ctrl_t ctrl,
- if (! *portstr)
- strcpy (portstr, "11371");
- }
-- if (port)
-- snprintf (portstr, sizeof portstr, "%hu", port);
-- else
-- {
-- /*fixme_do_srv_lookup ()*/
-- }
-
- *r_hostport = strconcat (scheme, "://", hostname, ":", portstr, NULL);
- xfree (hostname);
-@@ -939,7 +941,11 @@ ks_hkp_resolve (ctrl_t ctrl, parsed_uri_t uri)
- gpg_error_t err;
- char *hostport = NULL;
-
-- err = make_host_part (ctrl, uri->scheme, uri->host, uri->port, 1,
-+ /* NB: With an explicitly given port we do not want to consult a
-+ * service record because that might be in conflict with the port
-+ * from such a service record. */
-+ err = make_host_part (ctrl, uri->scheme, uri->host, uri->port,
-+ 1, uri->explicit_port,
- &hostport, NULL, NULL);
- if (err)
- {
-@@ -1217,7 +1223,8 @@ ks_hkp_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
-
- xfree (hostport); hostport = NULL;
- xfree (httphost); httphost = NULL;
-- err = make_host_part (ctrl, uri->scheme, uri->host, uri->port, reselect,
-+ err = make_host_part (ctrl, uri->scheme, uri->host, uri->port,
-+ reselect, uri->explicit_port,
- &hostport, &httpflags, &httphost);
- if (err)
- goto leave;
-@@ -1358,7 +1365,8 @@ ks_hkp_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec, estream_t *r_fp)
- /* Build the request string. */
- xfree (hostport); hostport = NULL;
- xfree (httphost); httphost = NULL;
-- err = make_host_part (ctrl, uri->scheme, uri->host, uri->port, reselect,
-+ err = make_host_part (ctrl, uri->scheme, uri->host, uri->port,
-+ reselect, uri->explicit_port,
- &hostport, &httpflags, &httphost);
- if (err)
- goto leave;
-@@ -1470,7 +1478,8 @@ ks_hkp_put (ctrl_t ctrl, parsed_uri_t uri, const void *data, size_t datalen)
- again:
- xfree (hostport); hostport = NULL;
- xfree (httphost); httphost = NULL;
-- err = make_host_part (ctrl, uri->scheme, uri->host, uri->port, reselect,
-+ err = make_host_part (ctrl, uri->scheme, uri->host, uri->port,
-+ reselect, uri->explicit_port,
- &hostport, &httpflags, &httphost);
- if (err)
- goto leave;
diff --git a/debian/patches/0032-dirmngr-Use-pgpkey-hkps-and-pgpkey-hkp-for-SRV-recor.patch b/debian/patches/0032-dirmngr-Use-pgpkey-hkps-and-pgpkey-hkp-for-SRV-recor.patch
deleted file mode 100644
index 21f9150..0000000
--- a/debian/patches/0032-dirmngr-Use-pgpkey-hkps-and-pgpkey-hkp-for-SRV-recor.patch
+++ /dev/null
@@ -1,124 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Mon, 9 Jan 2017 10:42:30 +0100
-Subject: dirmngr: Use "pgpkey-hkps" and "pgpkey-hkp" for SRV record lookups.
-
-* dirmngr/ks-engine-hkp.c (map_host): Chnage arg NO_SRV to SRVTAG.
-(make_host_part): Rewrite.
---
-
-This fixes a regression from 2.0 and 1.4 where these tags have been in
-used since 2009. For whatever reason this was not ported to 2.1 and
-"hkp" was always used.
-
-GnuPG-bug-id: 2451
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 0cc975d8a1cd54115938202432e43263b8893ea4)
----
- dirmngr/ks-engine-hkp.c | 63 ++++++++++++++++++++++++++-----------------------
- 1 file changed, 34 insertions(+), 29 deletions(-)
-
-diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
-index b5150d478..31fef39db 100644
---- a/dirmngr/ks-engine-hkp.c
-+++ b/dirmngr/ks-engine-hkp.c
-@@ -398,16 +398,17 @@ add_host (const char *name, int is_pool,
- * to choose one of the hosts. For example we skip those hosts which
- * failed for some time and we stick to one host for a time
- * independent of DNS retry times. If FORCE_RESELECT is true a new
-- * host is always selected. If NO_SRV is set no service record lookup
-- * will be done. The selected host is stored as a malloced string at
-- * R_HOST; on error NULL is stored. If we know the port used by the
-- * selected host from a service record, a string representation is
-- * written to R_PORTSTR, otherwise it is left untouched. If
-- * R_HTTPFLAGS is not NULL it will receive flags which are to be
-- * passed to http_open. If R_POOLNAME is not NULL a malloced name of
-- * the pool is stored or NULL if it is not a pool. */
-+ * host is always selected. If SRVTAG is NULL no service record
-+ * lookup will be done, if it is set that service name is used. The
-+ * selected host is stored as a malloced string at R_HOST; on error
-+ * NULL is stored. If we know the port used by the selected host from
-+ * a service record, a string representation is written to R_PORTSTR,
-+ * otherwise it is left untouched. If R_HTTPFLAGS is not NULL it will
-+ * receive flags which are to be passed to http_open. If R_POOLNAME
-+ * is not NULL a malloced name of the pool is stored or NULL if it is
-+ * not a pool. */
- static gpg_error_t
--map_host (ctrl_t ctrl, const char *name, int force_reselect, int no_srv,
-+map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect,
- char **r_host, char *r_portstr,
- unsigned int *r_httpflags, char **r_poolname)
- {
-@@ -466,10 +467,10 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, int no_srv,
- }
- hi = hosttable[idx];
-
-- if (!no_srv && !is_ip_address (name))
-+ if (srvtag && !is_ip_address (name))
- {
- /* Check for SRV records. */
-- err = get_dns_srv (name, "hkp", NULL, &srvs, &srvscount);
-+ err = get_dns_srv (name, srvtag, NULL, &srvs, &srvscount);
- if (err)
- {
- xfree (reftbl);
-@@ -885,38 +886,42 @@ make_host_part (ctrl_t ctrl,
- char **r_hostport, unsigned int *r_httpflags, char **r_poolname)
- {
- gpg_error_t err;
-+ const char *srvtag;
- char portstr[10];
- char *hostname;
-
- *r_hostport = NULL;
-
-- portstr[0] = 0;
-- err = map_host (ctrl, host, force_reselect, no_srv,
-- &hostname, portstr, r_httpflags, r_poolname);
-- if (err)
-- return err;
--
-- /* If map_host did not return a port (from a SRV record) but a port
-- * has been specified (implicitly or explicitly) then use that port.
-- * Only in the case that a port was not specified (which might be a
-- * bug in https.c) we will later make sure that it has been set. */
-- if (!*portstr && port)
-- snprintf (portstr, sizeof portstr, "%hu", port);
--
-- /* Map scheme and port. */
- if (!strcmp (scheme, "hkps") || !strcmp (scheme,"https"))
- {
- scheme = "https";
-- if (! *portstr)
-- strcpy (portstr, "443");
-+ srvtag = no_srv? NULL : "pgpkey-https";
- }
- else /* HKP or HTTP. */
- {
- scheme = "http";
-- if (! *portstr)
-- strcpy (portstr, "11371");
-+ srvtag = no_srv? NULL : "pgpkey-http";
- }
-
-+ portstr[0] = 0;
-+ err = map_host (ctrl, host, srvtag, force_reselect,
-+ &hostname, portstr, r_httpflags, r_poolname);
-+ if (err)
-+ return err;
-+
-+ /* If map_host did not return a port (from a SRV record) but a port
-+ * has been specified (implicitly or explicitly) then use that port.
-+ * In the case that a port was not specified (which is probably a
-+ * bug in https.c) we will set up defaults. */
-+ if (*portstr)
-+ ;
-+ else if (!*portstr && port)
-+ snprintf (portstr, sizeof portstr, "%hu", port);
-+ else if (!strcmp (scheme,"https"))
-+ strcpy (portstr, "443");
-+ else
-+ strcpy (portstr, "11371");
-+
- *r_hostport = strconcat (scheme, "://", hostname, ":", portstr, NULL);
- xfree (hostname);
- if (!*r_hostport)
diff --git a/debian/patches/0033-common-Fix-fallback-code.patch b/debian/patches/0033-common-Fix-fallback-code.patch
deleted file mode 100644
index ffc0979..0000000
--- a/debian/patches/0033-common-Fix-fallback-code.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Tue, 10 Jan 2017 12:31:46 +0100
-Subject: common: Fix fallback code.
-
-* common/logging.c (_log_assert): Fix the variant for compilers that
-do not support __FUNCTION__.
-* common/logging.h (_log_assert): Likewise.
-
-Signed-off-by: Justus Winter <justus at g10code.com>
-(cherry picked from commit bfd6a490129ffc7c7ac8776bf5a5da3b1ddf6d42)
----
- common/logging.c | 2 +-
- common/logging.h | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/common/logging.c b/common/logging.c
-index ca1341c20..c06a34f38 100644
---- a/common/logging.c
-+++ b/common/logging.c
-@@ -1007,7 +1007,7 @@ void
- _log_assert (const char *expr, const char *file, int line)
- {
- log_log (GPGRT_LOG_BUG, "Assertion \"%s\" failed (%s:%d)\n",
-- file, line, func);
-+ expr, file, line);
- abort (); /* Never called; just to make the compiler happy. */
- }
- #endif /*!GPGRT_HAVE_MACRO_FUNCTION*/
-diff --git a/common/logging.h b/common/logging.h
-index 64b999d66..d062f1413 100644
---- a/common/logging.h
-+++ b/common/logging.h
-@@ -62,7 +62,7 @@ estream_t log_get_stream (void);
- } while (0)
- #else /*!GPGRT_HAVE_MACRO_FUNCTION*/
- void bug_at (const char *file, int line);
-- void _log_assert (const char *expr, const char *file, int line;
-+ void _log_assert (const char *expr, const char *file, int line);
- # define BUG() bug_at( __FILE__ , __LINE__ )
- # define log_assert(expr) do { \
- if (!(expr)) \
diff --git a/debian/patches/0034-tools-Fix-memory-leaks-and-improve-error-handling.patch b/debian/patches/0034-tools-Fix-memory-leaks-and-improve-error-handling.patch
deleted file mode 100644
index c9426ec..0000000
--- a/debian/patches/0034-tools-Fix-memory-leaks-and-improve-error-handling.patch
+++ /dev/null
@@ -1,151 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Tue, 10 Jan 2017 15:42:27 +0100
-Subject: tools: Fix memory leaks and improve error handling.
-
-* tools/gpgconf-comp.c (gc_option_free): New function.
-(gc_components_free): Likewise.
-(gc_components_init): Likewise.
-(retrieve_options_from_program): Use 'xfree', fix memory leak.
-(change_options_program): Improve error handling.
-(gc_component_change_options): Fix memory leaks.
-* tools/gpgconf.c (main): Initialize components.
-* tools/gpgconf.h (gc_components_init): New prototype.
-
-Signed-off-by: Justus Winter <justus at g10code.com>
-(cherry picked from commit 1f5caf90bfaaaf7b9d8c06c12087aeeae3748032)
----
- tools/gpgconf-comp.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++------
- tools/gpgconf.c | 1 +
- tools/gpgconf.h | 4 ++++
- 3 files changed, 52 insertions(+), 6 deletions(-)
-
-diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
-index 925f1cf2d..2dcf0758e 100644
---- a/tools/gpgconf-comp.c
-+++ b/tools/gpgconf-comp.c
-@@ -1102,6 +1102,35 @@ struct error_line_s
-
-
-
-+
-+/* Initialization and finalization. */
-+
-+static void
-+gc_option_free (gc_option_t *o)
-+{
-+ if (o == NULL || o->name == NULL)
-+ return;
-+
-+ xfree (o->value);
-+ gc_option_free (o + 1);
-+}
-+
-+static void
-+gc_components_free (void)
-+{
-+ int i;
-+ for (i = 0; i < DIM (gc_component); i++)
-+ gc_option_free (gc_component[i].options);
-+}
-+
-+void
-+gc_components_init (void)
-+{
-+ atexit (gc_components_free);
-+}
-+
-+
-+
- /* Engine specific support. */
- static void
- gpg_agent_runtime_change (int killflag)
-@@ -2183,7 +2212,7 @@ retrieve_options_from_program (gc_component_t component, gc_backend_t backend)
- if (!(option->flags & GC_OPT_FLAG_LIST))
- {
- if (option->value)
-- free (option->value);
-+ xfree (option->value);
- option->value = opt_value;
- }
- else
-@@ -2192,10 +2221,9 @@ retrieve_options_from_program (gc_component_t component, gc_backend_t backend)
- option->value = opt_value;
- else
- {
-- char *opt_val = opt_value;
--
-- option->value = xasprintf ("%s,%s", option->value,
-- opt_val);
-+ char *old = option->value;
-+ option->value = xasprintf ("%s,%s", old, opt_value);
-+ xfree (old);
- xfree (opt_value);
- }
- }
-@@ -2872,7 +2900,12 @@ change_options_program (gc_component_t component, gc_backend_t backend,
- res = link (dest_filename, orig_filename);
- #endif
- if (res < 0 && errno != ENOENT)
-- return -1;
-+ {
-+ xfree (dest_filename);
-+ xfree (src_filename);
-+ xfree (orig_filename);
-+ return -1;
-+ }
- if (res < 0)
- {
- xfree (orig_filename);
-@@ -3365,6 +3398,7 @@ gc_component_change_options (int component, estream_t in, estream_t out,
- }
- if (err)
- break;
-+ xfree (src_filename[i]);
- src_filename[i] = NULL;
- }
- }
-@@ -3434,10 +3468,17 @@ gc_component_change_options (int component, estream_t in, estream_t out,
- unlink (backup_filename);
- #endif /* HAVE_W32_SYSTEM */
- rename (orig_filename[backend], backup_filename);
-+ xfree (backup_filename);
- }
-
- leave:
- xfree (line);
-+ for (backend = 0; backend < GC_BACKEND_NR; backend++)
-+ {
-+ xfree (src_filename[backend]);
-+ xfree (dest_filename[backend]);
-+ xfree (orig_filename[backend]);
-+ }
- }
-
-
-diff --git a/tools/gpgconf.c b/tools/gpgconf.c
-index af65424e0..a1034e663 100644
---- a/tools/gpgconf.c
-+++ b/tools/gpgconf.c
-@@ -470,6 +470,7 @@ main (int argc, char **argv)
- /* Make sure that our subsystems are ready. */
- i18n_init();
- init_common_subsystems (&argc, &argv);
-+ gc_components_init ();
-
- /* Parse the command line. */
- pargs.argc = &argc;
-diff --git a/tools/gpgconf.h b/tools/gpgconf.h
-index 39d34b6d0..d6d7627aa 100644
---- a/tools/gpgconf.h
-+++ b/tools/gpgconf.h
-@@ -38,6 +38,10 @@ struct
-
-
- /*-- gpgconf-comp.c --*/
-+
-+/* Initialize the components. */
-+void gc_components_init (void);
-+
- /* Percent-Escape special characters. The string is valid until the
- next invocation of the function. */
- char *gc_percent_escape (const char *src);
diff --git a/debian/patches/0035-doc-Mention-dirmngr.conf.patch b/debian/patches/0035-doc-Mention-dirmngr.conf.patch
deleted file mode 100644
index 0384bef..0000000
--- a/debian/patches/0035-doc-Mention-dirmngr.conf.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Tue, 10 Jan 2017 16:24:31 +0100
-Subject: doc: Mention dirmngr.conf
-
---
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 7345c64b0887e51d8c8c6eaf49c9dbf5b0f45228)
----
- doc/dirmngr.texi | 17 +++++++++++++++--
- 1 file changed, 15 insertions(+), 2 deletions(-)
-
-diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
-index fc617d81d..4448bf0e6 100644
---- a/doc/dirmngr.texi
-+++ b/doc/dirmngr.texi
-@@ -131,6 +131,10 @@ will thus trigger reading of fresh CRLs.
- @node Dirmngr Options
- @section Option Summary
-
-+Note that all long options with the exception of @option{--options}
-+and @option{--homedir} may also be given in the configuration file
-+after stripping off the two leading dashes.
-+
- @table @gnupgtabopt
-
- @item --options @var{file}
-@@ -497,11 +501,20 @@ certificate for that pool. Otherwise, it will use the system CAs.
- @section Configuration
-
- Dirmngr makes use of several directories when running in daemon mode:
-+There are a few configuration files whih control the operation of
-+dirmngr. By default they may all be found in the current home
-+directory (@pxref{option --homedir}).
-
- @table @file
-
-- at item ~/.gnupg
--This is the standard home directory for all configuration files.
-+ at item dirmngr.conf
-+ at efindex dirmngr.conf
-+This is the standard configuration file read by @command{dirmngr} on
-+startup. It may contain any valid long option; the leading two dashes
-+may not be entered and the option may not be abbreviated. This file
-+is also read after a @code{SIGHUP} however not all options will
-+actually have an effect. This default name may be changed on the
-+command line (@pxref{option --options}). You should backup this file.
-
- @item /etc/gnupg/trusted-certs
- This directory should be filled with certificates of Root CAs you
diff --git a/debian/patches/0037-common-Avoid-unnecessary-ambiguity-in-argparse.patch b/debian/patches/0037-common-Avoid-unnecessary-ambiguity-in-argparse.patch
deleted file mode 100644
index be0cce7..0000000
--- a/debian/patches/0037-common-Avoid-unnecessary-ambiguity-in-argparse.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-Date: Tue, 10 Jan 2017 15:59:36 -0500
-Subject: common: Avoid unnecessary ambiguity in argparse.
-
-* common/argparse.c (find_long_option): Avoid unnecessary ambiguity.
---
-
-If two struct ARGPARSE_OPTS share a prefix in their long_opt name, but
-have the exact same short_opt and flags, they are aliases and not
-distinct options. Avoid reporting this as an ambiguity, so that (for
-example) both --clearsign and --clear-sign can be invoked as --clear.
-
-Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-Debian-Bug-Id: 850475
-(cherry picked from commit 7249ab0f95d1f6cb8ee61eefedc79801bb56398f)
----
- common/argparse.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/common/argparse.c b/common/argparse.c
-index dce725af9..d395229ad 100644
---- a/common/argparse.c
-+++ b/common/argparse.c
-@@ -898,7 +898,9 @@ find_long_option( ARGPARSE_ARGS *arg,
- int j;
- for(j=i+1; opts[j].short_opt; j++ ) {
- if( opts[j].long_opt
-- && !strncmp( opts[j].long_opt, keyword, n ) )
-+ && !strncmp( opts[j].long_opt, keyword, n )
-+ && !(opts[j].short_opt == opts[i].short_opt
-+ && opts[j].flags == opts[i].flags ) )
- return -2; /* abbreviation is ambiguous */
- }
- return i;
diff --git a/debian/patches/0037-systemd-user-Enable-systemctl-user-reload-dirmngr-gp.patch b/debian/patches/0037-systemd-user-Enable-systemctl-user-reload-dirmngr-gp.patch
deleted file mode 100644
index 137dc5f..0000000
--- a/debian/patches/0037-systemd-user-Enable-systemctl-user-reload-dirmngr-gp.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-Date: Tue, 10 Jan 2017 17:12:09 -0500
-Subject: systemd-user: Enable "systemctl --user reload {dirmngr,gpg-agent}"
-
-* doc/examples/systemd-user/*.service: Add ExecReload directives to
- indicate the canonical way to reload the services.
-
-GnuPG recommends reloading the agent and dirmngr with "gpgconf
---reload". if anyone is running them as systemd user services, they
-might ask them to reload in the systemd way, so teach systemd the
-right thing to do.
-
-Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
----
- doc/examples/systemd-user/dirmngr.service | 1 +
- doc/examples/systemd-user/gpg-agent.service | 1 +
- 2 files changed, 2 insertions(+)
-
-diff --git a/doc/examples/systemd-user/dirmngr.service b/doc/examples/systemd-user/dirmngr.service
-index c79dfc58a..ded533b2f 100644
---- a/doc/examples/systemd-user/dirmngr.service
-+++ b/doc/examples/systemd-user/dirmngr.service
-@@ -8,3 +8,4 @@ RefuseManualStart=true
-
- [Service]
- ExecStart=/usr/bin/dirmngr --supervised
-+ExecReload=/usr/bin/gpgconf --reload dirmngr
-diff --git a/doc/examples/systemd-user/gpg-agent.service b/doc/examples/systemd-user/gpg-agent.service
-index 9ab922081..e88dc7f5f 100644
---- a/doc/examples/systemd-user/gpg-agent.service
-+++ b/doc/examples/systemd-user/gpg-agent.service
-@@ -8,3 +8,4 @@ RefuseManualStart=true
-
- [Service]
- ExecStart=/usr/bin/gpg-agent --supervised
-+ExecReload=/usr/bin/gpgconf --reload gpg-agent
diff --git a/debian/patches/0038-common-New-function-log_debug_with_string.patch b/debian/patches/0038-common-New-function-log_debug_with_string.patch
deleted file mode 100644
index 77b5acc..0000000
--- a/debian/patches/0038-common-New-function-log_debug_with_string.patch
+++ /dev/null
@@ -1,273 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Wed, 11 Jan 2017 10:21:32 +0100
-Subject: common: New function log_debug_with_string.
-
-* common/logging.c (do_logv): Factor some code out to ...
-(print_prefix): new.
-(log_logv): Add arg EXTRASTRING and print it. Change all callers to
-pass NULL for it.
-(log_debug_with_string): New. Uses EXTRASTRING.
---
-
-This function can be used to print a human readable buffer in addition
-to a log message to the log stream. This function will keep all lines
-together and prefix them with ">> ".
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 088d71d3671e74eb088386026f0e439a7e3b5543)
----
- common/logging.c | 141 ++++++++++++++++++++++++++++++++++++++++---------------
- common/logging.h | 2 +
- 2 files changed, 106 insertions(+), 37 deletions(-)
-
-diff --git a/common/logging.c b/common/logging.c
-index c06a34f38..0db1860c1 100644
---- a/common/logging.c
-+++ b/common/logging.c
-@@ -665,31 +665,10 @@ log_get_stream ()
- return logstream;
- }
-
-+
- static void
--do_logv (int level, int ignore_arg_ptr, const char *fmt, va_list arg_ptr)
-+print_prefix (int level, int leading_backspace)
- {
-- if (!logstream)
-- {
--#ifdef HAVE_W32_SYSTEM
-- char *tmp;
--
-- tmp = (no_registry
-- ? NULL
-- : read_w32_registry_string (NULL, GNUPG_REGISTRY_DIR,
-- "DefaultLogFile"));
-- log_set_file (tmp && *tmp? tmp : NULL);
-- xfree (tmp);
--#else
-- log_set_file (NULL); /* Make sure a log stream has been set. */
--#endif
-- assert (logstream);
-- }
--
-- es_flockfile (logstream);
-- if (missing_lf && level != GPGRT_LOG_CONT)
-- es_putc_unlocked ('\n', logstream );
-- missing_lf = 0;
--
- if (level != GPGRT_LOG_CONT)
- { /* Note this does not work for multiple line logging as we would
- * need to print to a buffer first */
-@@ -720,11 +699,9 @@ do_logv (int level, int ignore_arg_ptr, const char *fmt, va_list arg_ptr)
- es_putc_unlocked (':', logstream);
- /* A leading backspace suppresses the extra space so that we can
- correctly output, programname, filename and linenumber. */
-- if (fmt && *fmt == '\b')
-- fmt++;
-- else
-- if (with_time || with_prefix || with_pid || force_prefixes)
-- es_putc_unlocked (' ', logstream);
-+ if (!leading_backspace
-+ && (with_time || with_prefix || with_pid || force_prefixes))
-+ es_putc_unlocked (' ', logstream);
- }
-
- switch (level)
-@@ -741,6 +718,40 @@ do_logv (int level, int ignore_arg_ptr, const char *fmt, va_list arg_ptr)
- es_fprintf_unlocked (logstream,"[Unknown log level %d]: ", level);
- break;
- }
-+}
-+
-+
-+static void
-+do_logv (int level, int ignore_arg_ptr, const char *extrastring,
-+ const char *fmt, va_list arg_ptr)
-+{
-+ int leading_backspace = (fmt && *fmt == '\b');
-+
-+ if (!logstream)
-+ {
-+#ifdef HAVE_W32_SYSTEM
-+ char *tmp;
-+
-+ tmp = (no_registry
-+ ? NULL
-+ : read_w32_registry_string (NULL, GNUPG_REGISTRY_DIR,
-+ "DefaultLogFile"));
-+ log_set_file (tmp && *tmp? tmp : NULL);
-+ xfree (tmp);
-+#else
-+ log_set_file (NULL); /* Make sure a log stream has been set. */
-+#endif
-+ assert (logstream);
-+ }
-+
-+ es_flockfile (logstream);
-+ if (missing_lf && level != GPGRT_LOG_CONT)
-+ es_putc_unlocked ('\n', logstream );
-+ missing_lf = 0;
-+
-+ print_prefix (level, leading_backspace);
-+ if (leading_backspace)
-+ fmt++;
-
- if (fmt)
- {
-@@ -766,6 +777,48 @@ do_logv (int level, int ignore_arg_ptr, const char *fmt, va_list arg_ptr)
- missing_lf = 1;
- }
-
-+ /* If we have an EXTRASTRING print it now while we still hold the
-+ * lock on the logstream. */
-+ if (extrastring)
-+ {
-+ int c;
-+
-+ if (missing_lf)
-+ {
-+ es_putc_unlocked ('\n', logstream);
-+ missing_lf = 0;
-+ }
-+ print_prefix (level, leading_backspace);
-+ es_fputs_unlocked (">> ", logstream);
-+ missing_lf = 1;
-+ while ((c = *extrastring++))
-+ {
-+ missing_lf = 1;
-+ if (c == '\\')
-+ es_fputs_unlocked ("\\\\", logstream);
-+ else if (c == '\r')
-+ es_fputs_unlocked ("\\r", logstream);
-+ else if ((c == '\n'))
-+ {
-+ es_fputs_unlocked ("\\n\n", logstream);
-+ if (*extrastring)
-+ {
-+ print_prefix (level, leading_backspace);
-+ es_fputs_unlocked (">> ", logstream);
-+ }
-+ else
-+ missing_lf = 0;
-+ }
-+ else
-+ es_putc_unlocked (c, logstream);
-+ }
-+ if (missing_lf)
-+ {
-+ es_putc_unlocked ('\n', logstream);
-+ missing_lf = 0;
-+ }
-+ }
-+
- if (level == GPGRT_LOG_FATAL)
- {
- if (missing_lf)
-@@ -804,7 +857,7 @@ log_log (int level, const char *fmt, ...)
- va_list arg_ptr ;
-
- va_start (arg_ptr, fmt) ;
-- do_logv (level, 0, fmt, arg_ptr);
-+ do_logv (level, 0, NULL, fmt, arg_ptr);
- va_end (arg_ptr);
- }
-
-@@ -812,7 +865,7 @@ log_log (int level, const char *fmt, ...)
- void
- log_logv (int level, const char *fmt, va_list arg_ptr)
- {
-- do_logv (level, 0, fmt, arg_ptr);
-+ do_logv (level, 0, NULL, fmt, arg_ptr);
- }
-
-
-@@ -821,7 +874,7 @@ do_log_ignore_arg (int level, const char *str, ...)
- {
- va_list arg_ptr;
- va_start (arg_ptr, str);
-- do_logv (level, 1, str, arg_ptr);
-+ do_logv (level, 1, NULL, str, arg_ptr);
- va_end (arg_ptr);
- }
-
-@@ -843,7 +896,7 @@ log_info (const char *fmt, ...)
- va_list arg_ptr ;
-
- va_start (arg_ptr, fmt);
-- do_logv (GPGRT_LOG_INFO, 0, fmt, arg_ptr);
-+ do_logv (GPGRT_LOG_INFO, 0, NULL, fmt, arg_ptr);
- va_end (arg_ptr);
- }
-
-@@ -854,7 +907,7 @@ log_error (const char *fmt, ...)
- va_list arg_ptr ;
-
- va_start (arg_ptr, fmt);
-- do_logv (GPGRT_LOG_ERROR, 0, fmt, arg_ptr);
-+ do_logv (GPGRT_LOG_ERROR, 0, NULL, fmt, arg_ptr);
- va_end (arg_ptr);
- /* Protect against counter overflow. */
- if (errorcount < 30000)
-@@ -868,7 +921,7 @@ log_fatal (const char *fmt, ...)
- va_list arg_ptr ;
-
- va_start (arg_ptr, fmt);
-- do_logv (GPGRT_LOG_FATAL, 0, fmt, arg_ptr);
-+ do_logv (GPGRT_LOG_FATAL, 0, NULL, fmt, arg_ptr);
- va_end (arg_ptr);
- abort (); /* Never called; just to make the compiler happy. */
- }
-@@ -880,7 +933,7 @@ log_bug (const char *fmt, ...)
- va_list arg_ptr ;
-
- va_start (arg_ptr, fmt);
-- do_logv (GPGRT_LOG_BUG, 0, fmt, arg_ptr);
-+ do_logv (GPGRT_LOG_BUG, 0, NULL, fmt, arg_ptr);
- va_end (arg_ptr);
- abort (); /* Never called; just to make the compiler happy. */
- }
-@@ -892,7 +945,21 @@ log_debug (const char *fmt, ...)
- va_list arg_ptr ;
-
- va_start (arg_ptr, fmt);
-- do_logv (GPGRT_LOG_DEBUG, 0, fmt, arg_ptr);
-+ do_logv (GPGRT_LOG_DEBUG, 0, NULL, fmt, arg_ptr);
-+ va_end (arg_ptr);
-+}
-+
-+
-+/* The same as log_debug but at the end of the output STRING is
-+ * printed with LFs expanded to include the prefix and a final --end--
-+ * marker. */
-+void
-+log_debug_with_string (const char *string, const char *fmt, ...)
-+{
-+ va_list arg_ptr ;
-+
-+ va_start (arg_ptr, fmt);
-+ do_logv (GPGRT_LOG_DEBUG, 0, string, fmt, arg_ptr);
- va_end (arg_ptr);
- }
-
-@@ -903,7 +970,7 @@ log_printf (const char *fmt, ...)
- va_list arg_ptr;
-
- va_start (arg_ptr, fmt);
-- do_logv (fmt ? GPGRT_LOG_CONT : GPGRT_LOG_BEGIN, 0, fmt, arg_ptr);
-+ do_logv (fmt ? GPGRT_LOG_CONT : GPGRT_LOG_BEGIN, 0, NULL, fmt, arg_ptr);
- va_end (arg_ptr);
- }
-
-diff --git a/common/logging.h b/common/logging.h
-index d062f1413..8215a2b2a 100644
---- a/common/logging.h
-+++ b/common/logging.h
-@@ -96,6 +96,8 @@ void log_fatal (const char *fmt, ...) GPGRT_ATTR_NR_PRINTF(1,2);
- void log_error (const char *fmt, ...) GPGRT_ATTR_PRINTF(1,2);
- void log_info (const char *fmt, ...) GPGRT_ATTR_PRINTF(1,2);
- void log_debug (const char *fmt, ...) GPGRT_ATTR_PRINTF(1,2);
-+void log_debug_with_string (const char *string, const char *fmt,
-+ ...) GPGRT_ATTR_PRINTF(2,3);
- void log_printf (const char *fmt, ...) GPGRT_ATTR_PRINTF(1,2);
- void log_flush (void);
-
diff --git a/debian/patches/0039-dirmngr-Add-debug-code-to-http.c.patch b/debian/patches/0039-dirmngr-Add-debug-code-to-http.c.patch
deleted file mode 100644
index 2e145e7..0000000
--- a/debian/patches/0039-dirmngr-Add-debug-code-to-http.c.patch
+++ /dev/null
@@ -1,237 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Wed, 11 Jan 2017 10:34:49 +0100
-Subject: dirmngr: Add debug code to http.c.
-
-* dirmngr/http.c (opt_verbose, opt_debug): New vars.
-(http_set_verbose): New function.
-(_my_socket_new): Add debug output.
-(_my_socket_ref, _my_socket_unref, session_unref): Call log_debug if
-OPT_DEBUG has ben set to 2 in a debugger.
-(http_session_new, http_session_ref): Ditto.
-(send_request, http_start_data): Print debug output for the request.
-(parse_response): Change to use log_debug_string for the response.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 02ab4b0085f8b4cdfe163d25ddd0fc80753d7f4a)
----
- dirmngr/http.c | 74 +++++++++++++++++++++++++++++++++++++++++-----------------
- dirmngr/http.h | 2 ++
- 2 files changed, 54 insertions(+), 22 deletions(-)
-
-diff --git a/dirmngr/http.c b/dirmngr/http.c
-index 0a47d9f59..c1a60be41 100644
---- a/dirmngr/http.c
-+++ b/dirmngr/http.c
-@@ -2,7 +2,7 @@
- * Copyright (C) 1999, 2001, 2002, 2003, 2004, 2006, 2009, 2010,
- * 2011 Free Software Foundation, Inc.
- * Copyright (C) 2014 Werner Koch
-- * Copyright (C) 2015 g10 Code GmbH
-+ * Copyright (C) 2015-2017 g10 Code GmbH
- *
- * This file is part of GnuPG.
- *
-@@ -255,6 +255,12 @@ struct http_context_s
- };
-
-
-+/* Two flags to enable verbose and debug mode. Although currently not
-+ * set-able a value > 1 for OPT_DEBUG enables debugging of the session
-+ * reference counting. */
-+static int opt_verbose;
-+static int opt_debug;
-+
- /* The global callback for the verification function. */
- static gpg_error_t (*tls_callback) (http_t, http_session_t, int);
-
-@@ -330,9 +336,9 @@ _my_socket_new (int lnr, assuan_fd_t fd)
- }
- so->fd = fd;
- so->refcount = 1;
-- /* log_debug ("http.c:socket_new(%d): object %p for fd %d created\n", */
-- /* lnr, so, so->fd); */
-- (void)lnr;
-+ if (opt_debug)
-+ log_debug ("http.c:%d:socket_new: object %p for fd %d created\n",
-+ lnr, so, so->fd);
- return so;
- }
- #define my_socket_new(a) _my_socket_new (__LINE__, (a))
-@@ -342,9 +348,9 @@ static my_socket_t
- _my_socket_ref (int lnr, my_socket_t so)
- {
- so->refcount++;
-- /* log_debug ("http.c:socket_ref(%d) object %p for fd %d refcount now %d\n", */
-- /* lnr, so, so->fd, so->refcount); */
-- (void)lnr;
-+ if (opt_debug > 1)
-+ log_debug ("http.c:%d:socket_ref: object %p for fd %d refcount now %d\n",
-+ lnr, so, so->fd, so->refcount);
- return so;
- }
- #define my_socket_ref(a) _my_socket_ref (__LINE__,(a))
-@@ -360,9 +366,10 @@ _my_socket_unref (int lnr, my_socket_t so,
- if (so)
- {
- so->refcount--;
-- /* log_debug ("http.c:socket_unref(%d): object %p for fd %d ref now %d\n", */
-- /* lnr, so, so->fd, so->refcount); */
-- (void)lnr;
-+ if (opt_debug > 1)
-+ log_debug ("http.c:%d:socket_unref: object %p for fd %d ref now %d\n",
-+ lnr, so, so->fd, so->refcount);
-+
- if (!so->refcount)
- {
- if (preclose)
-@@ -469,6 +476,15 @@ make_header_line (const char *prefix, const char *suffix,
-
-
-
-+/* Set verbosity and debug mode for this module. */
-+void
-+http_set_verbose (int verbose, int debug)
-+{
-+ opt_verbose = verbose;
-+ opt_debug = debug;
-+}
-+
-+
- /* Register a non-standard global TLS callback function. If no
- verification is desired a callback needs to be registered which
- always returns NULL. */
-@@ -562,9 +578,9 @@ session_unref (int lnr, http_session_t sess)
- return;
-
- sess->refcount--;
-- /* log_debug ("http.c:session_unref(%d): sess %p ref now %d\n", */
-- /* lnr, sess, sess->refcount); */
-- (void)lnr;
-+ if (opt_debug > 1)
-+ log_debug ("http.c:%d:session_unref: sess %p ref now %d\n",
-+ lnr, sess, sess->refcount);
- if (sess->refcount)
- return;
-
-@@ -731,7 +747,8 @@ http_session_new (http_session_t *r_session, const char *tls_priority,
- }
- #endif /*!HTTP_USE_GNUTLS*/
-
-- /* log_debug ("http.c:session_new: sess %p created\n", sess); */
-+ if (opt_debug > 1)
-+ log_debug ("http.c:session_new: sess %p created\n", sess);
- err = 0;
-
- #if USE_TLS
-@@ -754,8 +771,9 @@ http_session_ref (http_session_t sess)
- if (sess)
- {
- sess->refcount++;
-- /* log_debug ("http.c:session_ref: sess %p ref now %d\n", sess, */
-- /* sess->refcount); */
-+ if (opt_debug > 1)
-+ log_debug ("http.c:session_ref: sess %p ref now %d\n",
-+ sess, sess->refcount);
- }
- return sess;
- }
-@@ -937,6 +955,8 @@ http_start_data (http_t hd)
- {
- if (!hd->in_data)
- {
-+ if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
-+ log_debug_with_string ("\r\n", "http.c:request-header:");
- es_fputs ("\r\n", hd->fp_write);
- es_fflush (hd->fp_write);
- hd->in_data = 1;
-@@ -1881,7 +1901,8 @@ send_request (http_t hd, const char *httphost, const char *auth,
- return err;
- }
-
-- /* log_debug ("request:\n%s\nEND request\n", request); */
-+ if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
-+ log_debug_with_string (request, "http.c:request:");
-
- /* First setup estream so that we can write even the first line
- using estream. This is also required for the sake of gnutls. */
-@@ -1916,6 +1937,8 @@ send_request (http_t hd, const char *httphost, const char *auth,
- {
- for (;headers; headers=headers->next)
- {
-+ if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
-+ log_debug_with_string (headers->d, "http.c:request-header:");
- if ((es_fputs (headers->d, hd->fp_write) || es_fflush (hd->fp_write))
- || (es_fputs("\r\n",hd->fp_write) || es_fflush(hd->fp_write)))
- {
-@@ -2167,8 +2190,7 @@ parse_response (http_t hd)
- return GPG_ERR_EOF;
-
- if ((hd->flags & HTTP_FLAG_LOG_RESP))
-- log_info ("RESP: '%.*s'\n",
-- (int)strlen(line)-(*line&&line[1]?2:0),line);
-+ log_debug_with_string (line, "http.c:response:\n");
- }
- while (!*line);
-
-@@ -2213,7 +2235,7 @@ parse_response (http_t hd)
- if ((*line == '\r' && line[1] == '\n') || *line == '\n')
- *line = 0;
- if ((hd->flags & HTTP_FLAG_LOG_RESP))
-- log_info ("RESP: '%.*s'\n",
-+ log_info ("http.c:RESP: '%.*s'\n",
- (int)strlen(line)-(*line&&line[1]?2:0),line);
- if (*line)
- {
-@@ -2341,6 +2363,9 @@ connect_server (const char *server, unsigned short port,
- {
- #ifdef ASSUAN_SOCK_TOR
-
-+ if (opt_debug)
-+ log_debug ("http.c:connect_server:onion: name='%s' port=%hu\n",
-+ server, port);
- sock = assuan_sock_connect_byname (server, port, 0, NULL,
- ASSUAN_SOCK_TOR);
- if (sock == ASSUAN_INVALID_FD)
-@@ -2389,6 +2414,9 @@ connect_server (const char *server, unsigned short port,
- {
- dns_addrinfo_t aibuf, ai;
-
-+ if (opt_debug)
-+ log_debug ("http.c:connect_server: trying name='%s' port=%hu\n",
-+ serverlist[srv].target, port);
- err = resolve_dns_name (serverlist[srv].target, port, 0, SOCK_STREAM,
- &aibuf, NULL);
- if (err)
-@@ -2539,7 +2567,8 @@ cookie_read (void *cookie, void *buffer, size_t size)
-
- ntbtls_get_stream (c->session->tls_session, &in, &out);
- nread = es_fread (buffer, 1, size, in);
-- log_debug ("TLS network read: %d/%u\n", nread, size);
-+ if (opt_debug)
-+ log_debug ("TLS network read: %d/%u\n", nread, size);
- }
- else
- #elif HTTP_USE_GNUTLS
-@@ -2631,7 +2660,8 @@ cookie_write (void *cookie, const void *buffer_arg, size_t size)
- es_fflush (out);
- else
- nwritten = es_fwrite (buffer, 1, size, out);
-- log_debug ("TLS network write: %d/%u\n", nwritten, size);
-+ if (opt_debug)
-+ log_debug ("TLS network write: %d/%u\n", nwritten, size);
- }
- else
- #elif HTTP_USE_GNUTLS
-diff --git a/dirmngr/http.h b/dirmngr/http.h
-index 32556a4e0..0b581fe3c 100644
---- a/dirmngr/http.h
-+++ b/dirmngr/http.h
-@@ -97,6 +97,8 @@ typedef struct http_session_s *http_session_t;
- struct http_context_s;
- typedef struct http_context_s *http_t;
-
-+void http_set_verbose (int verbose, int debug);
-+
- void http_register_tls_callback (gpg_error_t (*cb)(http_t,http_session_t,int));
- void http_register_tls_ca (const char *fname);
- void http_register_netactivity_cb (void (*cb)(void));
diff --git a/debian/patches/0040-dirmngr-Implement-debug-option-network-for-http.patch b/debian/patches/0040-dirmngr-Implement-debug-option-network-for-http.patch
deleted file mode 100644
index 5be1e4a..0000000
--- a/debian/patches/0040-dirmngr-Implement-debug-option-network-for-http.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Wed, 11 Jan 2017 10:35:46 +0100
-Subject: dirmngr: Implement debug option "network" for http.
-
-* dirmngr/dirmngr.c (parse_rereadable_options): Set http debugging.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit da894c48ec3393e7c815f575daa5a52ab37cc102)
----
- dirmngr/dirmngr.c | 1 +
- doc/dirmngr.texi | 8 +++++---
- 2 files changed, 6 insertions(+), 3 deletions(-)
-
-diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
-index 5abfe78c6..c225d02da 100644
---- a/dirmngr/dirmngr.c
-+++ b/dirmngr/dirmngr.c
-@@ -644,6 +644,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
- }
-
- set_dns_verbose (opt.verbose, !!DBG_DNS);
-+ http_set_verbose (opt.verbose, !!DBG_NETWORK);
-
- return 1; /* Handled. */
- }
-diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
-index 4448bf0e6..e27157c00 100644
---- a/doc/dirmngr.texi
-+++ b/doc/dirmngr.texi
-@@ -198,9 +198,11 @@ however carefully selected to best aid in debugging.
-
- @item --debug @var{flags}
- @opindex debug
--This option is only useful for debugging and the behavior may change at
--any time without notice. FLAGS are bit encoded and may be given in
--usual C-Syntax.
-+Set debugging flags. This option is only useful for debugging and its
-+behavior may change with a new release. All flags are or-ed and may
-+be given in C syntax (e.g. 0x0042) or as a comma separated list of
-+flag names. To get a list of all supported flags the single word
-+"help" can be used.
-
- @item --debug-all
- @opindex debug-all
diff --git a/debian/patches/0041-dirmngr-Remove-warnings-about-unused-global-variable.patch b/debian/patches/0041-dirmngr-Remove-warnings-about-unused-global-variable.patch
deleted file mode 100644
index c30eaa5..0000000
--- a/debian/patches/0041-dirmngr-Remove-warnings-about-unused-global-variable.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Wed, 11 Jan 2017 10:48:20 +0100
-Subject: dirmngr: Remove warnings about unused global variables.
-
-* dirmngr/crlcache.c (oidstr_issuingDistributionPoint): Comment.
-* dirmngr/ocsp.c (oidstr_certHash): Comment.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 915864e7f0315b0c96315d0bcd48b1b93592353a)
----
- dirmngr/crlcache.c | 2 +-
- dirmngr/ocsp.c | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/dirmngr/crlcache.c b/dirmngr/crlcache.c
-index 07fa5b1d3..2e471cb09 100644
---- a/dirmngr/crlcache.c
-+++ b/dirmngr/crlcache.c
-@@ -127,7 +127,7 @@
-
-
- static const char oidstr_crlNumber[] = "2.5.29.20";
--static const char oidstr_issuingDistributionPoint[] = "2.5.29.28";
-+/* static const char oidstr_issuingDistributionPoint[] = "2.5.29.28"; */
- static const char oidstr_authorityKeyIdentifier[] = "2.5.29.35";
-
-
-diff --git a/dirmngr/ocsp.c b/dirmngr/ocsp.c
-index 8c893aa47..9127cf754 100644
---- a/dirmngr/ocsp.c
-+++ b/dirmngr/ocsp.c
-@@ -44,7 +44,7 @@ static const char oidstr_ocsp[] = "1.3.6.1.5.5.7.48.1";
- HashAlgorithm AlgorithmIdentifier,
- certificateHash OCTET STRING }
- */
--static const char oidstr_certHash[] = "1.3.36.8.3.13";
-+/* static const char oidstr_certHash[] = "1.3.36.8.3.13"; */
-
-
-
diff --git a/debian/patches/0042-dirmngr-Fix-Tor-access-for-v6-addresses.patch b/debian/patches/0042-dirmngr-Fix-Tor-access-for-v6-addresses.patch
deleted file mode 100644
index acea282..0000000
--- a/debian/patches/0042-dirmngr-Fix-Tor-access-for-v6-addresses.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Wed, 11 Jan 2017 16:41:15 +0100
-Subject: dirmngr: Fix Tor access for v6 addresses.
-
-* dirmngr/http.c (use_socks): New.
-(my_sock_new_for_addr): New.
-(connect_server): Replace assuan_sock_new by my_sock_new_for_addr.
---
-
-Libassuan always uses 127.0.0.1 to connect to the local Tor proxy.
-https.c used to create a socket for the actual address family and thus
-the connect call in Libassuan fails when it tries to connect to a v6
-address using a v4 socket.
-
-It would be cleaner to have the my_sock_new_for_addr function as a
-public interface in Libassuan; for now we need to duplicate some code.
-from Libassuan.
-
-GnuPG-bug-id: 2902
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 09aeac41c97bc8ecb44a09886c7fdbd9a6ec5c7f)
----
- dirmngr/http.c | 64 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
- 1 file changed, 63 insertions(+), 1 deletion(-)
-
-diff --git a/dirmngr/http.c b/dirmngr/http.c
-index c1a60be41..75701ecb1 100644
---- a/dirmngr/http.c
-+++ b/dirmngr/http.c
-@@ -2337,6 +2337,68 @@ start_server ()
- }
- #endif
-
-+
-+
-+/* Return true if SOCKS shall be used. This is the case if tor_mode
-+ * is enabled and the desired address is not the loopback address.
-+ * This function is basically a copy of the same internal fucntion in
-+ * Libassuan. */
-+static int
-+use_socks (struct sockaddr *addr)
-+{
-+ int mode;
-+
-+ if (assuan_sock_get_flag (ASSUAN_INVALID_FD, "tor-mode", &mode) || !mode)
-+ return 0; /* Not in Tor mode. */
-+ else if (addr->sa_family == AF_INET6)
-+ {
-+ struct sockaddr_in6 *addr_in6 = (struct sockaddr_in6 *)addr;
-+ const unsigned char *s;
-+ int i;
-+
-+ s = (unsigned char *)&addr_in6->sin6_addr.s6_addr;
-+ if (s[15] != 1)
-+ return 1; /* Last octet is not 1 - not the loopback address. */
-+ for (i=0; i < 15; i++, s++)
-+ if (*s)
-+ return 1; /* Non-zero octet found - not the loopback address. */
-+
-+ return 0; /* This is the loopback address. */
-+ }
-+ else if (addr->sa_family == AF_INET)
-+ {
-+ struct sockaddr_in *addr_in = (struct sockaddr_in *)addr;
-+
-+ if (*(unsigned char*)&addr_in->sin_addr.s_addr == 127)
-+ return 0; /* Loopback (127.0.0.0/8) */
-+
-+ return 1;
-+ }
-+ else
-+ return 0;
-+}
-+
-+
-+/* Wrapper around assuan_sock_new which takes the domain from an
-+ * address parameter. */
-+static assuan_fd_t
-+my_sock_new_for_addr (struct sockaddr *addr, int type, int proto)
-+{
-+ int domain;
-+
-+ if (use_socks (addr))
-+ {
-+ /* Libassaun always uses 127.0.0.1 to connect to the socks
-+ * server (i.e. the Tor daemon). */
-+ domain = AF_INET;
-+ }
-+ else
-+ domain = addr->sa_family;
-+
-+ return assuan_sock_new (domain, type, proto);
-+}
-+
-+
- /* Actually connect to a server. Returns the file descriptor or -1 on
- error. ERRNO is set on error. */
- static assuan_fd_t
-@@ -2436,7 +2498,7 @@ connect_server (const char *server, unsigned short port,
-
- if (sock != ASSUAN_INVALID_FD)
- assuan_sock_close (sock);
-- sock = assuan_sock_new (ai->family, ai->socktype, ai->protocol);
-+ sock = my_sock_new_for_addr (ai->addr, ai->socktype, ai->protocol);
- if (sock == ASSUAN_INVALID_FD)
- {
- int save_errno = errno;
diff --git a/debian/patches/0043-dirmngr-Mark-hosts-dead-on-ENETDOWN.patch b/debian/patches/0043-dirmngr-Mark-hosts-dead-on-ENETDOWN.patch
deleted file mode 100644
index 3114150..0000000
--- a/debian/patches/0043-dirmngr-Mark-hosts-dead-on-ENETDOWN.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Wed, 11 Jan 2017 16:43:30 +0100
-Subject: dirmngr: Mark hosts dead on ENETDOWN.
-
-* dirmngr/ks-engine-hkp.c (handle_send_request_error): Take care of
-ENETDOWN.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 76fb2febde10da8237bbe7613830b51af2a45139)
----
- dirmngr/ks-engine-hkp.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
-index 31fef39db..6e3a38de2 100644
---- a/dirmngr/ks-engine-hkp.c
-+++ b/dirmngr/ks-engine-hkp.c
-@@ -1130,10 +1130,14 @@ handle_send_request_error (gpg_error_t err, const char *request,
- {
- int retry = 0;
-
-+ /* Fixme: Should we disable all hosts of a protocol family if a
-+ * request for an address of that familiy returned ENETDOWN? */
-+
- switch (gpg_err_code (err))
- {
- case GPG_ERR_ECONNREFUSED:
- case GPG_ERR_ENETUNREACH:
-+ case GPG_ERR_ENETDOWN:
- case GPG_ERR_UNKNOWN_HOST:
- case GPG_ERR_NETWORK:
- if (mark_host_dead (request) && *tries_left)
-@@ -1146,6 +1150,7 @@ handle_send_request_error (gpg_error_t err, const char *request,
- log_info ("selecting a different host due to a timeout\n");
- retry = 1;
- }
-+ break;
-
- default:
- break;
diff --git a/debian/patches/0044-dirmngr-After-a-connection-failure-log-a-hint-if-Tor.patch b/debian/patches/0044-dirmngr-After-a-connection-failure-log-a-hint-if-Tor.patch
deleted file mode 100644
index 56e29c4..0000000
--- a/debian/patches/0044-dirmngr-After-a-connection-failure-log-a-hint-if-Tor.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Wed, 11 Jan 2017 17:09:16 +0100
-Subject: dirmngr: After a connection failure log a hint if Tor is not running.
-
-* dirmngr/ks-engine-hkp.c (handle_send_request_error): Check whether
-Tor is running.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 20dfcfe08c618d23134d5d6efef7676b090f30d3)
----
- dirmngr/ks-engine-hkp.c | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
-index 6e3a38de2..3b8f65a55 100644
---- a/dirmngr/ks-engine-hkp.c
-+++ b/dirmngr/ks-engine-hkp.c
-@@ -1136,6 +1136,17 @@ handle_send_request_error (gpg_error_t err, const char *request,
- switch (gpg_err_code (err))
- {
- case GPG_ERR_ECONNREFUSED:
-+ if (opt.use_tor)
-+ {
-+ assuan_fd_t sock;
-+
-+ sock = assuan_sock_connect_byname (NULL, 0, 0, NULL, ASSUAN_SOCK_TOR);
-+ if (sock == ASSUAN_INVALID_FD)
-+ log_info ("(it seems Tor is not running)\n");
-+ else
-+ assuan_sock_close (sock);
-+ }
-+ /*FALLTHRU*/
- case GPG_ERR_ENETUNREACH:
- case GPG_ERR_ENETDOWN:
- case GPG_ERR_UNKNOWN_HOST:
diff --git a/debian/patches/0045-libdns-Provide-replacement-for-EPROTO.patch b/debian/patches/0045-libdns-Provide-replacement-for-EPROTO.patch
deleted file mode 100644
index b16fd26..0000000
--- a/debian/patches/0045-libdns-Provide-replacement-for-EPROTO.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Thu, 12 Jan 2017 09:20:49 +0100
-Subject: libdns: Provide replacement for EPROTO.
-
-* dirmngr/dns.c (EPROTO) ![EPROTO]: Define to EPROTONOSUPPORT.
---
-
-This is the same replacement we use in Libassuan
-(commit 8ab3b9273524bd344bdb90dd5d3bc8e5f53ead6e) to make it work on
-OpenBSD and may other BSD based OSes.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 0fadff9cdde47e42f7e428bc903b3626c67ba9c0)
----
- dirmngr/dns.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/dirmngr/dns.c b/dirmngr/dns.c
-index 4b61b72c2..b580e4031 100644
---- a/dirmngr/dns.c
-+++ b/dirmngr/dns.c
-@@ -288,6 +288,10 @@ int dns_v_api(void) {
- *
- * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
-
-+#ifndef EPROTO
-+# define EPROTO EPROTONOSUPPORT
-+#endif
-+
- #if _WIN32
-
- #define DNS_EINTR WSAEINTR
diff --git a/debian/patches/0046-libdns-Silence-Wstrict-prototypes-on-some-function-p.patch b/debian/patches/0046-libdns-Silence-Wstrict-prototypes-on-some-function-p.patch
deleted file mode 100644
index 19b1d39..0000000
--- a/debian/patches/0046-libdns-Silence-Wstrict-prototypes-on-some-function-p.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Thu, 12 Jan 2017 09:22:14 +0100
-Subject: libdns: Silence -Wstrict-prototypes on some function ptrs.
-
-* dirmngr/dns.c (dns_rrtype): Ignore -Wstrict-prototypes warning.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 97372b39cd9b4c84a083eadbf072fff77799617f)
----
- dirmngr/dns.c | 13 +++++++++++++
- 1 file changed, 13 insertions(+)
-
-diff --git a/dirmngr/dns.c b/dirmngr/dns.c
-index b580e4031..016ff44f4 100644
---- a/dirmngr/dns.c
-+++ b/dirmngr/dns.c
-@@ -4246,6 +4246,15 @@ size_t dns_txt_print(void *_dst, size_t lim, struct dns_txt *txt) {
- } /* dns_txt_print() */
-
-
-+/* Some of the function pointers of DNS_RRTYPES are initialized with
-+ * slighlly different fucntions, thus we can't use prototypes. */
-+DNS_PRAGMA_PUSH
-+#if __clang__
-+#pragma clang diagnostic ignored "-Wstrict-prototypes"
-+#elif DNS_GNUC_PREREQ(4,6,0)
-+#pragma GCC diagnostic ignored "-Wstrict-prototypes"
-+#endif
-+
- static const struct dns_rrtype {
- enum dns_type type;
- const char *name;
-@@ -4271,6 +4280,10 @@ static const struct dns_rrtype {
- { DNS_T_AXFR, "AXFR", 0, 0, 0, 0, 0, 0, },
- }; /* dns_rrtypes[] */
-
-+DNS_PRAGMA_POP /*(-Wstrict-prototypes)*/
-+
-+
-+
- static const struct dns_rrtype *dns_rrtype(enum dns_type type) {
- const struct dns_rrtype *t;
-
diff --git a/debian/patches/0047-build-Make-autogen.sh-more-POSIX-friendly.patch b/debian/patches/0047-build-Make-autogen.sh-more-POSIX-friendly.patch
deleted file mode 100644
index 8b67a68..0000000
--- a/debian/patches/0047-build-Make-autogen.sh-more-POSIX-friendly.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Thu, 12 Jan 2017 09:58:57 +0100
-Subject: build: Make autogen.sh more POSIX friendly.
-
-* autogen.sh: Replace non POSIX "cp -a" and "head -c".
---
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 3c00b52f7cb0fbd756c0bbe5134b8f2d69c60dd1)
----
- autogen.sh | 9 ++++++---
- 1 file changed, 6 insertions(+), 3 deletions(-)
-
-diff --git a/autogen.sh b/autogen.sh
-index 6b631a241..2b703ff54 100755
---- a/autogen.sh
-+++ b/autogen.sh
-@@ -225,7 +225,7 @@ if [ "$myhost" = "find-version" ]; then
- fi
- [ -n "$tmp" ] && beta=yes
- rev=$(git rev-parse --short HEAD | tr -d '\n\r')
-- rvd=$((0x$(echo ${rev} | head -c 4)))
-+ rvd=$((0x$(echo ${rev} | dd bs=1 count=2 2>/dev/null)))
- else
- ingit=no
- beta=no
-@@ -417,8 +417,11 @@ fi
-
- # Check the git setup.
- if [ -d .git ]; then
-- CP="cp -a"
-- [ -z "${SILENT}" ] && CP="$CP -v"
-+ CP="cp -p"
-+ # If we have a GNU cp we can add -v
-+ if cp --version >/dev/null 2>/dev/null; then
-+ [ -z "${SILENT}" ] && CP="$CP -v"
-+ fi
- if [ -f .git/hooks/pre-commit.sample -a ! -f .git/hooks/pre-commit ] ; then
- [ -z "${SILENT}" ] && cat <<EOF
- *** Activating trailing whitespace git pre-commit hook. ***
diff --git a/debian/patches/0048-gpg-Rename-a-var-to-avoid-a-shadowing-warning.patch b/debian/patches/0048-gpg-Rename-a-var-to-avoid-a-shadowing-warning.patch
deleted file mode 100644
index edf6950..0000000
--- a/debian/patches/0048-gpg-Rename-a-var-to-avoid-a-shadowing-warning.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Thu, 12 Jan 2017 10:40:26 +0100
-Subject: gpg: Rename a var to avoid a shadowing warning.
-
-* g10/keygen.c (keygen_set_std_prefs): Rename variable.
---
-
-I consider it better not to use the name of a commonly used function.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit c99a09f111c5980ae034faaea61a00d9ad60463c)
----
- g10/keygen.c | 8 +++++---
- 1 file changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/g10/keygen.c b/g10/keygen.c
-index b4fddba00..98ef29efb 100644
---- a/g10/keygen.c
-+++ b/g10/keygen.c
-@@ -434,9 +434,11 @@ keygen_set_std_prefs (const char *string,int personal)
-
- if(strlen(string))
- {
-- char *dup, *tok, *prefstring;
-+ char *prefstringbuf;
-+ char *tok, *prefstring;
-
-- dup = prefstring = xstrdup (string); /* need a writable string! */
-+ /* We need a writable string. */
-+ prefstring = prefstringbuf = xstrdup (string);
-
- while((tok=strsep(&prefstring," ,")))
- {
-@@ -470,7 +472,7 @@ keygen_set_std_prefs (const char *string,int personal)
- }
- }
-
-- xfree (dup);
-+ xfree (prefstringbuf);
- }
-
- if(!rc)
diff --git a/debian/patches/0049-build-Make-autogen.sh-more-POSIX-friendly-next-try.patch b/debian/patches/0049-build-Make-autogen.sh-more-POSIX-friendly-next-try.patch
deleted file mode 100644
index d5012ef..0000000
--- a/debian/patches/0049-build-Make-autogen.sh-more-POSIX-friendly-next-try.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Thu, 12 Jan 2017 11:22:37 +0100
-Subject: build: Make autogen.sh more POSIX friendly (next try)
-
-* autogen.sh: Fix dd count to 5.
---
-
-Fixes-commit: 3c00b52f7cb0fbd756c0bbe5134b8f2d69c60dd1
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 3db76c9277d918dec9721a6439f4db3b3c06aba3)
----
- autogen.sh | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/autogen.sh b/autogen.sh
-index 2b703ff54..0cecf0d89 100755
---- a/autogen.sh
-+++ b/autogen.sh
-@@ -225,7 +225,7 @@ if [ "$myhost" = "find-version" ]; then
- fi
- [ -n "$tmp" ] && beta=yes
- rev=$(git rev-parse --short HEAD | tr -d '\n\r')
-- rvd=$((0x$(echo ${rev} | dd bs=1 count=2 2>/dev/null)))
-+ rvd=$((0x$(echo ${rev} | dd bs=1 count=4 2>/dev/null)))
- else
- ingit=no
- beta=no
diff --git a/debian/patches/0050-dirmngr-Fix-URL-creation-for-literal-IPv6-addresses-.patch b/debian/patches/0050-dirmngr-Fix-URL-creation-for-literal-IPv6-addresses-.patch
deleted file mode 100644
index f7d299f..0000000
--- a/debian/patches/0050-dirmngr-Fix-URL-creation-for-literal-IPv6-addresses-.patch
+++ /dev/null
@@ -1,205 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Thu, 12 Jan 2017 21:09:42 +0100
-Subject: dirmngr: Fix URL creation for literal IPv6 addresses in HKP.
-
-* dirmngr/dns-stuff.c (is_ip_address): Make the return value depend on
-the address family.
-* dirmngr/ks-engine-hkp.c (map_host): Rename arg R_POOLNAME to
-R_HTTPHOST because that is its purpose. Note that the former
-behaviour of storing a NULL to indicate that it is not a pool has not
-been used.
-(make_host_part): Ditto.
-(make_host_part): Make sure that literal v6 addresses are correclty
-marked in the constructed URL.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 82646bbf1a5a7d745da81b239a12667a51703dc1)
----
- dirmngr/dns-stuff.c | 12 +++++-----
- dirmngr/ks-engine-hkp.c | 58 +++++++++++++++++++++++++++----------------------
- 2 files changed, 39 insertions(+), 31 deletions(-)
-
-diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
-index a8713eb44..1b30c2cab 100644
---- a/dirmngr/dns-stuff.c
-+++ b/dirmngr/dns-stuff.c
-@@ -993,8 +993,10 @@ resolve_dns_addr (const struct sockaddr *addr, int addrlen,
- }
-
-
--/* Check whether NAME is an IP address. Returns true if it is either
-- an IPv6 or IPv4 numerical address. */
-+/* Check whether NAME is an IP address. Returns a true if it is
-+ * either an IPv6 or a IPv4 numerical address. The actual return
-+ * values can also be used to identify whether it is v4 or v6: The
-+ * true value will surprisingly be 4 for IPv4 and 6 for IPv6. */
- int
- is_ip_address (const char *name)
- {
-@@ -1002,7 +1004,7 @@ is_ip_address (const char *name)
- int ndots, dblcol, n;
-
- if (*name == '[')
-- return 1; /* yes: A legal DNS name may not contain this character;
-+ return 6; /* yes: A legal DNS name may not contain this character;
- this mut be bracketed v6 address. */
- if (*name == '.')
- return 0; /* No. A leading dot is not a valid IP address. */
-@@ -1035,7 +1037,7 @@ is_ip_address (const char *name)
- if (ndots > 7)
- return 0; /* No: Too many colons. */
- else if (ndots > 1)
-- return 1; /* Yes: At least 2 colons indicate an v6 address. */
-+ return 6; /* Yes: At least 2 colons indicate an v6 address. */
-
- legacy:
- /* Check whether it is legacy IP address. */
-@@ -1056,7 +1058,7 @@ is_ip_address (const char *name)
- else if (++n > 3)
- return 0; /* No: More than 3 digits. */
- }
-- return !!(ndots == 3);
-+ return (ndots == 3)? 4 : 0;
- }
-
-
-diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
-index 3b8f65a55..88ac65ee7 100644
---- a/dirmngr/ks-engine-hkp.c
-+++ b/dirmngr/ks-engine-hkp.c
-@@ -404,13 +404,14 @@ add_host (const char *name, int is_pool,
- * NULL is stored. If we know the port used by the selected host from
- * a service record, a string representation is written to R_PORTSTR,
- * otherwise it is left untouched. If R_HTTPFLAGS is not NULL it will
-- * receive flags which are to be passed to http_open. If R_POOLNAME
-- * is not NULL a malloced name of the pool is stored or NULL if it is
-- * not a pool. */
-+ * receive flags which are to be passed to http_open. If R_HTTPHOST
-+ * is not NULL a malloced name of the host is stored there; this might
-+ * be different from R_HOST in case it has been selected from a
-+ * pool. */
- static gpg_error_t
- map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect,
- char **r_host, char *r_portstr,
-- unsigned int *r_httpflags, char **r_poolname)
-+ unsigned int *r_httpflags, char **r_httphost)
- {
- gpg_error_t err = 0;
- hostinfo_t hi;
-@@ -420,8 +421,8 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect,
- *r_host = NULL;
- if (r_httpflags)
- *r_httpflags = 0;
-- if (r_poolname)
-- *r_poolname = NULL;
-+ if (r_httphost)
-+ *r_httphost = NULL;
-
- /* No hostname means localhost. */
- if (!name || !*name)
-@@ -557,10 +558,10 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect,
- if (hi->pool)
- {
- /* Deal with the pool name before selecting a host. */
-- if (r_poolname)
-+ if (r_httphost)
- {
-- *r_poolname = xtrystrdup (hi->cname? hi->cname : hi->name);
-- if (!*r_poolname)
-+ *r_httphost = xtrystrdup (hi->cname? hi->cname : hi->name);
-+ if (!*r_httphost)
- return gpg_error_from_syserror ();
- }
-
-@@ -579,10 +580,10 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect,
- if (hi->poolidx == -1)
- {
- log_error ("no alive host found in pool '%s'\n", name);
-- if (r_poolname)
-+ if (r_httphost)
- {
-- xfree (*r_poolname);
-- *r_poolname = NULL;
-+ xfree (*r_httphost);
-+ *r_httphost = NULL;
- }
- return gpg_error (GPG_ERR_NO_KEYSERVER);
- }
-@@ -596,10 +597,10 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect,
- if (!host_is_alive (hi, curtime))
- {
- log_error ("host '%s' marked as dead\n", hi->name);
-- if (r_poolname)
-+ if (r_httphost)
- {
-- xfree (*r_poolname);
-- *r_poolname = NULL;
-+ xfree (*r_httphost);
-+ *r_httphost = NULL;
- }
- return gpg_error (GPG_ERR_NO_KEYSERVER);
- }
-@@ -626,10 +627,10 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect,
- if (!*r_host)
- {
- err = gpg_error_from_syserror ();
-- if (r_poolname)
-+ if (r_httphost)
- {
-- xfree (*r_poolname);
-- *r_poolname = NULL;
-+ xfree (*r_httphost);
-+ *r_httphost = NULL;
- }
- return err;
- }
-@@ -877,13 +878,15 @@ ks_hkp_help (ctrl_t ctrl, parsed_uri_t uri)
-
- /* Build the remote part of the URL from SCHEME, HOST and an optional
- * PORT. If NO_SRV is set no SRV record lookup will be done. Returns
-- * an allocated string at R_HOSTPORT or NULL on failure If R_POOLNAME
-- * is not NULL it receives a malloced string with the poolname. */
-+ * an allocated string at R_HOSTPORT or NULL on failure. If
-+ * R_HTTPHOST is not NULL it receives a malloced string with the
-+ * hostname; this may be different from HOST if HOST is selected from
-+ * a pool. */
- static gpg_error_t
- make_host_part (ctrl_t ctrl,
- const char *scheme, const char *host, unsigned short port,
- int force_reselect, int no_srv,
-- char **r_hostport, unsigned int *r_httpflags, char **r_poolname)
-+ char **r_hostport, unsigned int *r_httpflags, char **r_httphost)
- {
- gpg_error_t err;
- const char *srvtag;
-@@ -905,7 +908,7 @@ make_host_part (ctrl_t ctrl,
-
- portstr[0] = 0;
- err = map_host (ctrl, host, srvtag, force_reselect,
-- &hostname, portstr, r_httpflags, r_poolname);
-+ &hostname, portstr, r_httpflags, r_httphost);
- if (err)
- return err;
-
-@@ -922,14 +925,17 @@ make_host_part (ctrl_t ctrl,
- else
- strcpy (portstr, "11371");
-
-- *r_hostport = strconcat (scheme, "://", hostname, ":", portstr, NULL);
-+ if (*hostname != '[' && is_ip_address (hostname) == 6)
-+ *r_hostport = strconcat (scheme, "://[", hostname, "]:", portstr, NULL);
-+ else
-+ *r_hostport = strconcat (scheme, "://", hostname, ":", portstr, NULL);
- xfree (hostname);
- if (!*r_hostport)
- {
-- if (r_poolname)
-+ if (r_httphost)
- {
-- xfree (*r_poolname);
-- *r_poolname = NULL;
-+ xfree (*r_httphost);
-+ *r_httphost = NULL;
- }
- return gpg_error_from_syserror ();
- }
diff --git a/debian/patches/0051-dirmngr-Avoid-network-queries-for-literal-IP-address.patch b/debian/patches/0051-dirmngr-Avoid-network-queries-for-literal-IP-address.patch
deleted file mode 100644
index 5387127..0000000
--- a/debian/patches/0051-dirmngr-Avoid-network-queries-for-literal-IP-address.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Mon, 16 Jan 2017 09:10:46 +0100
-Subject: dirmngr: Avoid network queries for literal IP addresses.
-
-* dirmngr/dns-stuff.c (resolve_name_libdns): USe flags AI_NUMERICHOST
-for literal IP addresses.
-(resolve_name_standard): Ditto.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit daae97bc14742c75408c4eb05808a2102cfe2bcf)
----
- dirmngr/dns-stuff.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
-index 1b30c2cab..2debdcad0 100644
---- a/dirmngr/dns-stuff.c
-+++ b/dirmngr/dns-stuff.c
-@@ -685,6 +685,8 @@ resolve_name_libdns (const char *name, unsigned short port,
- hints.ai_flags = AI_ADDRCONFIG;
- if (r_canonname)
- hints.ai_flags |= AI_CANONNAME;
-+ if (is_ip_address (name))
-+ hints.ai_flags |= AI_NUMERICHOST;
-
- if (port)
- {
-@@ -806,6 +808,8 @@ resolve_name_standard (const char *name, unsigned short port,
- hints.ai_flags = AI_ADDRCONFIG;
- if (r_canonname)
- hints.ai_flags |= AI_CANONNAME;
-+ if (is_ip_address (name))
-+ hints.ai_flags |= AI_NUMERICHOST;
-
- if (port)
- snprintf (portstr, sizeof portstr, "%hu", port);
diff --git a/debian/patches/0052-dirmngr-Allow-reverse-DNS-lookups-in-Tor-mode.patch b/debian/patches/0052-dirmngr-Allow-reverse-DNS-lookups-in-Tor-mode.patch
deleted file mode 100644
index 522bac3..0000000
--- a/debian/patches/0052-dirmngr-Allow-reverse-DNS-lookups-in-Tor-mode.patch
+++ /dev/null
@@ -1,272 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Mon, 16 Jan 2017 19:03:39 +0100
-Subject: dirmngr: Allow reverse DNS lookups in Tor-mode.
-
-* dirmngr/dns-stuff.c (resolve_dns_name): Move up in the file.
-(resolve_addr_libdns): New.
-(resolve_dns_addr): Divert to resolve_dns_addr.
---
-
-In the old code reverse lookups where disabled in Tor mode. By
-implementing the reverse lookups via libdns it is now possible to do
-them also in Tor mode.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 9850124c7bdf0a0e7c1866abc85f3437257d7095)
----
- dirmngr/dns-stuff.c | 213 ++++++++++++++++++++++++++++++++++++++++++++--------
- 1 file changed, 182 insertions(+), 31 deletions(-)
-
-diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
-index 2debdcad0..28ecb1857 100644
---- a/dirmngr/dns-stuff.c
-+++ b/dirmngr/dns-stuff.c
-@@ -892,6 +892,177 @@ resolve_name_standard (const char *name, unsigned short port,
- }
-
-
-+/* This a wrapper around getaddrinfo with slightly different semantics.
-+ NAME is the name to resolve.
-+ PORT is the requested port or 0.
-+ WANT_FAMILY is either 0 (AF_UNSPEC), AF_INET6, or AF_INET4.
-+ WANT_SOCKETTYPE is either SOCK_STREAM or SOCK_DGRAM.
-+
-+ On success the result is stored in a linked list with the head
-+ stored at the address R_AI; the caller must call gpg_addrinfo_free
-+ on this. If R_CANONNAME is not NULL the official name of the host
-+ is stored there as a malloced string; if that name is not available
-+ NULL is stored. */
-+gpg_error_t
-+resolve_dns_name (const char *name, unsigned short port,
-+ int want_family, int want_socktype,
-+ dns_addrinfo_t *r_ai, char **r_canonname)
-+{
-+ gpg_error_t err;
-+
-+#ifdef USE_LIBDNS
-+ if (!standard_resolver)
-+ {
-+ err = resolve_name_libdns (name, port, want_family, want_socktype,
-+ r_ai, r_canonname);
-+ if (err && libdns_switch_port_p (err))
-+ err = resolve_name_libdns (name, port, want_family, want_socktype,
-+ r_ai, r_canonname);
-+ }
-+ else
-+#endif /*USE_LIBDNS*/
-+ err = resolve_name_standard (name, port, want_family, want_socktype,
-+ r_ai, r_canonname);
-+ if (opt_debug)
-+ log_debug ("dns: resolve_dns_name(%s): %s\n", name, gpg_strerror (err));
-+ return err;
-+}
-+
-+
-+#ifdef USE_LIBDNS
-+/* Resolve an address using libdns. */
-+static gpg_error_t
-+resolve_addr_libdns (const struct sockaddr *addr, int addrlen,
-+ unsigned int flags, char **r_name)
-+{
-+ gpg_error_t err;
-+ char host[DNS_D_MAXNAME + 1];
-+ struct dns_resolver *res;
-+ struct dns_packet *ans = NULL;
-+ struct dns_ptr ptr;
-+ int derr;
-+
-+ *r_name = NULL;
-+
-+ /* First we turn ADDR into a DNS name (with ".arpa" suffix). */
-+ err = 0;
-+ if (addr->sa_family == AF_INET6)
-+ {
-+ const struct sockaddr_in6 *a6 = (const struct sockaddr_in6 *)addr;
-+ if (!dns_aaaa_arpa (host, sizeof host, (void*)&a6->sin6_addr))
-+ err = gpg_error (GPG_ERR_INV_OBJ);
-+ }
-+ else if (addr->sa_family == AF_INET)
-+ {
-+ const struct sockaddr_in *a4 = (const struct sockaddr_in *)addr;
-+ if (!dns_a_arpa (host, sizeof host, (void*)&a4->sin_addr))
-+ err = gpg_error (GPG_ERR_INV_OBJ);
-+ }
-+ else
-+ err = gpg_error (GPG_ERR_EAFNOSUPPORT);
-+ if (err)
-+ goto leave;
-+
-+
-+ err = libdns_res_open (&res);
-+ if (err)
-+ goto leave;
-+
-+ err = libdns_res_submit (res, host, DNS_T_PTR, DNS_C_IN);
-+ if (err)
-+ goto leave;
-+
-+ err = libdns_res_wait (res);
-+ if (err)
-+ goto leave;
-+
-+ ans = dns_res_fetch (res, &derr);
-+ if (!ans)
-+ {
-+ err = libdns_error_to_gpg_error (derr);
-+ goto leave;
-+ }
-+
-+ /* Check the rcode. */
-+ switch (dns_p_rcode (ans))
-+ {
-+ case DNS_RC_NOERROR:
-+ break;
-+ case DNS_RC_NXDOMAIN:
-+ err = gpg_error (GPG_ERR_NO_NAME);
-+ break;
-+ default:
-+ err = GPG_ERR_SERVER_FAILED;
-+ goto leave;
-+ }
-+
-+ /* Parse the result. */
-+ if (!err)
-+ {
-+ struct dns_rr rr;
-+ struct dns_rr_i rri;
-+
-+ memset (&rri, 0, sizeof rri);
-+ dns_rr_i_init (&rri, ans);
-+ rri.section = DNS_S_ALL & ~DNS_S_QD;
-+ rri.name = host;
-+ rri.type = DNS_T_PTR;
-+
-+ if (!dns_rr_grep (&rr, 1, &rri, ans, &derr))
-+ {
-+ err = gpg_error (GPG_ERR_NOT_FOUND);
-+ goto leave;
-+ }
-+
-+ err = libdns_error_to_gpg_error (dns_ptr_parse (&ptr, &rr, ans));
-+ if (err)
-+ goto leave;
-+
-+ /* Copy result. */
-+ *r_name = xtrystrdup (ptr.host);
-+ if (!*r_name)
-+ {
-+ err = gpg_error_from_syserror ();
-+ goto leave;
-+ }
-+ /* Libdns appends the root zone part which is problematic
-+ * for most other functions - strip it. */
-+ if (**r_name && (*r_name)[strlen (*r_name)-1] == '.')
-+ (*r_name)[strlen (*r_name)-1] = 0;
-+ }
-+ else /* GPG_ERR_NO_NAME */
-+ {
-+ char *buffer, *p;
-+ int buflen;
-+ int ec;
-+
-+ buffer = ptr.host;
-+ buflen = sizeof ptr.host;
-+
-+ p = buffer;
-+ if (addr->sa_family == AF_INET6 && (flags & DNS_WITHBRACKET))
-+ {
-+ *p++ = '[';
-+ buflen -= 2;
-+ }
-+ ec = getnameinfo (addr, addrlen, p, buflen, NULL, 0, NI_NUMERICHOST);
-+ if (ec)
-+ {
-+ err = map_eai_to_gpg_error (ec);
-+ goto leave;
-+ }
-+ if (addr->sa_family == AF_INET6 && (flags & DNS_WITHBRACKET))
-+ strcat (buffer, "]");
-+ }
-+
-+ leave:
-+ dns_free (ans);
-+ dns_res_close (res);
-+ return err;
-+}
-+#endif /*USE_LIBDNS*/
-+
-+
- /* Resolve an address using the standard system function. */
- static gpg_error_t
- resolve_addr_standard (const struct sockaddr *addr, int addrlen,
-@@ -952,51 +1123,31 @@ resolve_addr_standard (const struct sockaddr *addr, int addrlen,
- }
-
-
--/* This a wrapper around getaddrinfo with slightly different semantics.
-- NAME is the name to resolve.
-- PORT is the requested port or 0.
-- WANT_FAMILY is either 0 (AF_UNSPEC), AF_INET6, or AF_INET4.
-- WANT_SOCKETTYPE is either SOCK_STREAM or SOCK_DGRAM.
--
-- On success the result is stored in a linked list with the head
-- stored at the address R_AI; the caller must call gpg_addrinfo_free
-- on this. If R_CANONNAME is not NULL the official name of the host
-- is stored there as a malloced string; if that name is not available
-- NULL is stored. */
-+/* A wrapper around getnameinfo. */
- gpg_error_t
--resolve_dns_name (const char *name, unsigned short port,
-- int want_family, int want_socktype,
-- dns_addrinfo_t *r_ai, char **r_canonname)
-+resolve_dns_addr (const struct sockaddr *addr, int addrlen,
-+ unsigned int flags, char **r_name)
- {
- gpg_error_t err;
-
- #ifdef USE_LIBDNS
-- if (!standard_resolver)
-+ /* Note that we divert to the standard resolver for NUMERICHOST. */
-+ if (!standard_resolver && !(flags & DNS_NUMERICHOST))
- {
-- err = resolve_name_libdns (name, port, want_family, want_socktype,
-- r_ai, r_canonname);
-+ err = resolve_addr_libdns (addr, addrlen, flags, r_name);
- if (err && libdns_switch_port_p (err))
-- err = resolve_name_libdns (name, port, want_family, want_socktype,
-- r_ai, r_canonname);
-+ err = resolve_addr_libdns (addr, addrlen, flags, r_name);
- }
- else
- #endif /*USE_LIBDNS*/
-- err = resolve_name_standard (name, port, want_family, want_socktype,
-- r_ai, r_canonname);
-+ err = resolve_addr_standard (addr, addrlen, flags, r_name);
-+
- if (opt_debug)
-- log_debug ("dns: resolve_dns_name(%s): %s\n", name, gpg_strerror (err));
-+ log_debug ("dns: resolve_dns_addr(): %s\n", gpg_strerror (err));
- return err;
- }
-
-
--gpg_error_t
--resolve_dns_addr (const struct sockaddr *addr, int addrlen,
-- unsigned int flags, char **r_name)
--{
-- return resolve_addr_standard (addr, addrlen, flags, r_name);
--}
--
--
- /* Check whether NAME is an IP address. Returns a true if it is
- * either an IPv6 or a IPv4 numerical address. The actual return
- * values can also be used to identify whether it is v4 or v6: The
-@@ -1096,7 +1247,7 @@ get_dns_cert_libdns (const char *name, int want_certtype,
- int derr;
- int qtype;
-
-- /* Gte the query type from WANT_CERTTYPE (which in general indicates
-+ /* Get the query type from WANT_CERTTYPE (which in general indicates
- * the subtype we want). */
- qtype = (want_certtype < DNS_CERTTYPE_RRBASE
- ? T_CERT
diff --git a/debian/patches/0053-dirmngr-Implement-hkps-lookups-using-literal-address.patch b/debian/patches/0053-dirmngr-Implement-hkps-lookups-using-literal-address.patch
deleted file mode 100644
index 51f8f34..0000000
--- a/debian/patches/0053-dirmngr-Implement-hkps-lookups-using-literal-address.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Mon, 16 Jan 2017 19:04:58 +0100
-Subject: dirmngr: Implement hkps lookups using literal addresses.
-
-* dirmngr/ks-engine-hkp.c (map_host): For literal addresses do a
-reverse lookup.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit e6aebfe3d0f16c483296fd125b66a44017fe15f4)
----
- dirmngr/ks-engine-hkp.c | 30 +++++++++++++++++++++++++++++-
- 1 file changed, 29 insertions(+), 1 deletion(-)
-
-diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
-index 88ac65ee7..06df55971 100644
---- a/dirmngr/ks-engine-hkp.c
-+++ b/dirmngr/ks-engine-hkp.c
-@@ -85,7 +85,7 @@ struct hostinfo_s
- time_t died_at; /* The time the host was marked dead. If this is
- 0 the host has been manually marked dead. */
- char *cname; /* Canonical name of the host. Only set if this
-- is a pool. */
-+ is a pool or NAME has a numerical IP address. */
- char *v4addr; /* A string with the v4 IP address of the host.
- NULL if NAME has a numeric IP address or no v4
- address is available. */
-@@ -593,6 +593,34 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect,
- hi = hosttable[hi->poolidx];
- assert (hi);
- }
-+ else if (r_httphost && is_ip_address (hi->name))
-+ {
-+ /* This is a numerical IP address and not a pool. We want to
-+ * find the canonical name so that it can be used in the HTTP
-+ * Host header. Fixme: We should store that name in the
-+ * hosttable. */
-+ dns_addrinfo_t aibuf, ai;
-+ char *host;
-+
-+ err = resolve_dns_name (hi->name, 0, 0, SOCK_STREAM, &aibuf, NULL);
-+ if (!err)
-+ {
-+ for (ai = aibuf; ai; ai = ai->next)
-+ {
-+ if (ai->family == AF_INET6 || ai->family == AF_INET)
-+ {
-+ err = resolve_dns_addr (ai->addr, ai->addrlen, 0, &host);
-+ if (!err)
-+ {
-+ /* Okay, we return the first found name. */
-+ *r_httphost = host;
-+ break;
-+ }
-+ }
-+ }
-+ }
-+ free_dns_addrinfo (aibuf);
-+ }
-
- if (!host_is_alive (hi, curtime))
- {
diff --git a/debian/patches/0054-gpg-Prepare-some-key-cleaning-function-for-use-with-.patch b/debian/patches/0054-gpg-Prepare-some-key-cleaning-function-for-use-with-.patch
deleted file mode 100644
index 7e08807..0000000
--- a/debian/patches/0054-gpg-Prepare-some-key-cleaning-function-for-use-with-.patch
+++ /dev/null
@@ -1,97 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Tue, 17 Jan 2017 09:14:44 +0100
-Subject: gpg: Prepare some key cleaning function for use with secret key
- packets.
-
-* g10/trust.c (mark_usable_uid_certs): Allow use of secret key packets.
-(clean_sigs_from_uid): Ditto.
-(clean_uid_from_key): Ditto.
-(clean_one_uid): Ditto.
-(clean_key): Ditto.
---
-
-Since 2.1 secret keys and public keys use identical data structure and
-thus we should not restrict those key cleaning functions to work only
-with public key packets. This change has no immediate effect but may
-come handy in the future.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit adbfbf608e75cdd72ae7b3a538b91bc0e236a18f)
----
- g10/trust.c | 21 ++++++++++++++-------
- 1 file changed, 14 insertions(+), 7 deletions(-)
-
-diff --git a/g10/trust.c b/g10/trust.c
-index 080926a36..102444865 100644
---- a/g10/trust.c
-+++ b/g10/trust.c
-@@ -434,7 +434,8 @@ mark_usable_uid_certs (kbnode_t keyblock, kbnode_t uidnode,
-
- node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
- if (node->pkt->pkttype == PKT_USER_ID
-- || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
-+ || node->pkt->pkttype == PKT_PUBLIC_SUBKEY
-+ || node->pkt->pkttype == PKT_SECRET_SUBKEY)
- break; /* ready */
- if (node->pkt->pkttype != PKT_SIGNATURE)
- continue;
-@@ -476,7 +477,8 @@ mark_usable_uid_certs (kbnode_t keyblock, kbnode_t uidnode,
- u32 kid[2];
- u32 sigdate;
-
-- if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
-+ if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
-+ || node->pkt->pkttype == PKT_SECRET_SUBKEY)
- break;
- if ( !(node->flag & (1<<9)) )
- continue; /* not a node to look at */
-@@ -491,7 +493,8 @@ mark_usable_uid_certs (kbnode_t keyblock, kbnode_t uidnode,
- /* Now find the latest and greatest signature */
- for (n=uidnode->next; n; n = n->next)
- {
-- if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY)
-+ if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY
-+ || n->pkt->pkttype == PKT_SECRET_SUBKEY)
- break;
- if ( !(n->flag & (1<<9)) )
- continue;
-@@ -588,7 +591,8 @@ clean_sigs_from_uid (kbnode_t keyblock, kbnode_t uidnode,
- kbnode_t node;
- u32 keyid[2];
-
-- log_assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
-+ log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY
-+ || keyblock->pkt->pkttype == PKT_SECRET_KEY);
-
- keyid_from_pk (keyblock->pkt->pkt.public_key, keyid);
-
-@@ -681,7 +685,8 @@ clean_uid_from_key (kbnode_t keyblock, kbnode_t uidnode, int noisy)
- PKT_user_id *uid = uidnode->pkt->pkt.user_id;
- int deleted = 0;
-
-- log_assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
-+ log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY
-+ || keyblock->pkt->pkttype == PKT_SECRET_KEY);
- log_assert (uidnode->pkt->pkttype==PKT_USER_ID);
-
- /* Skip valid user IDs, compacted user IDs, and non-self-signed user
-@@ -733,7 +738,8 @@ clean_one_uid (kbnode_t keyblock, kbnode_t uidnode, int noisy, int self_only,
- {
- int dummy = 0;
-
-- log_assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
-+ log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY
-+ || keyblock->pkt->pkttype == PKT_SECRET_KEY);
- log_assert (uidnode->pkt->pkttype==PKT_USER_ID);
-
- if (!uids_cleaned)
-@@ -759,7 +765,8 @@ clean_key (kbnode_t keyblock, int noisy, int self_only,
- merge_keys_and_selfsig (keyblock);
-
- for (uidnode = keyblock->next;
-- uidnode && uidnode->pkt->pkttype != PKT_PUBLIC_SUBKEY;
-+ uidnode && !(uidnode->pkt->pkttype == PKT_PUBLIC_SUBKEY
-+ || uidnode->pkt->pkttype == PKT_SECRET_SUBKEY);
- uidnode = uidnode->next)
- {
- if (uidnode->pkt->pkttype == PKT_USER_ID)
diff --git a/debian/patches/0055-common-Remove-unused-function-tty_print_string.patch b/debian/patches/0055-common-Remove-unused-function-tty_print_string.patch
deleted file mode 100644
index 910cd4c..0000000
--- a/debian/patches/0055-common-Remove-unused-function-tty_print_string.patch
+++ /dev/null
@@ -1,181 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Tue, 17 Jan 2017 10:19:06 +0100
-Subject: common: Remove unused function tty_print_string.
-
-* common/ttyio.c (tty_print_string): Rename to ...
-(do_print_string): this. Make local. Simplify FP case by using
-print_utf8_buffer. Change caller.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit bae42e543799a428e59bad870aed9719dd6e6e45)
----
- common/ttyio.c | 128 +++++++++++++++++++++------------------------------------
- common/ttyio.h | 1 -
- 2 files changed, 46 insertions(+), 83 deletions(-)
-
-diff --git a/common/ttyio.c b/common/ttyio.c
-index 5fb620dfa..29af1b3ff 100644
---- a/common/ttyio.c
-+++ b/common/ttyio.c
-@@ -309,95 +309,59 @@ tty_fprintf (estream_t fp, const char *fmt, ... )
- }
-
-
--/****************
-- * Print a string, but filter all control characters out. If FP is
-- * not NULL print to that stream instead to the tty.
-- */
--void
--tty_print_string (estream_t fp, const byte *p, size_t n )
-+/* Print a string, but filter all control characters out. If FP is
-+ * not NULL print to that stream instead to the tty. */
-+static void
-+do_print_string (estream_t fp, const byte *p, size_t n )
- {
-- if (no_terminal && !fp)
-- return;
-+ if (no_terminal && !fp)
-+ return;
-
-- if( !initialized & !fp)
-- init_ttyfp();
-+ if (!initialized && !fp)
-+ init_ttyfp();
-+
-+ if (fp)
-+ {
-+ print_utf8_buffer (fp, p, n);
-+ return;
-+ }
-
- #ifdef USE_W32_CONSOLE
-- /* not so effective, change it if you want */
-- if (fp)
-- {
-- for( ; n; n--, p++ )
-- {
-- if( iscntrl( *p ) )
-- {
-- if( *p == '\n' )
-- tty_fprintf (fp, "\\n");
-- else if( !*p )
-- tty_fprintf (fp, "\\0");
-- else
-- tty_fprintf (fp, "\\x%02x", *p);
-- }
-- else
-- tty_fprintf (fp, "%c", *p);
-- }
-- }
-- else
-- {
-- for( ; n; n--, p++ )
-- {
-- if( iscntrl( *p ) )
-- {
-- if( *p == '\n' )
-- tty_printf ("\\n");
-- else if( !*p )
-- tty_printf ("\\0");
-- else
-- tty_printf ("\\x%02x", *p);
-- }
-- else
-- tty_printf ("%c", *p);
-- }
-- }
-+ /* Not so effective, change it if you want */
-+ for (; n; n--, p++)
-+ {
-+ if (iscntrl (*p))
-+ {
-+ if( *p == '\n' )
-+ tty_printf ("\\n");
-+ else if( !*p )
-+ tty_printf ("\\0");
-+ else
-+ tty_printf ("\\x%02x", *p);
-+ }
-+ else
-+ tty_printf ("%c", *p);
-+ }
- #else
-- if (fp)
-- {
-- for( ; n; n--, p++ )
-- {
-- if (iscntrl (*p))
-- {
-- es_putc ('\\', fp);
-- if ( *p == '\n' )
-- es_putc ('n', fp);
-- else if ( !*p )
-- es_putc ('0', fp);
-- else
-- es_fprintf (fp, "x%02x", *p);
-- }
-- else
-- es_putc (*p, fp);
-- }
-- }
-- else
-- {
-- for (; n; n--, p++)
-- {
-- if (iscntrl (*p))
-- {
-- putc ('\\', ttyfp);
-- if ( *p == '\n' )
-- putc ('n', ttyfp);
-- else if ( !*p )
-- putc ('0', ttyfp);
-- else
-- fprintf (ttyfp, "x%02x", *p );
-- }
-- else
-- putc (*p, ttyfp);
-- }
-- }
-+ for (; n; n--, p++)
-+ {
-+ if (iscntrl (*p))
-+ {
-+ putc ('\\', ttyfp);
-+ if ( *p == '\n' )
-+ putc ('n', ttyfp);
-+ else if ( !*p )
-+ putc ('0', ttyfp);
-+ else
-+ fprintf (ttyfp, "x%02x", *p );
-+ }
-+ else
-+ putc (*p, ttyfp);
-+ }
- #endif
- }
-
-+
- void
- tty_print_utf8_string2 (estream_t fp, const byte *p, size_t n, size_t max_n)
- {
-@@ -425,7 +389,7 @@ tty_print_utf8_string2 (estream_t fp, const byte *p, size_t n, size_t max_n)
- if( max_n && (n > max_n) ) {
- n = max_n;
- }
-- tty_print_string (fp, p, n );
-+ do_print_string (fp, p, n );
- }
- }
-
-diff --git a/common/ttyio.h b/common/ttyio.h
-index 004aa859a..5bff82fbb 100644
---- a/common/ttyio.h
-+++ b/common/ttyio.h
-@@ -47,7 +47,6 @@ void tty_printf (const char *fmt, ... );
- void tty_fprintf (estream_t fp, const char *fmt, ... );
- char *tty_getf (const char *promptfmt, ... );
- #endif
--void tty_print_string (estream_t fp, const unsigned char *p, size_t n);
- void tty_print_utf8_string (const unsigned char *p, size_t n);
- void tty_print_utf8_string2 (estream_t fp,
- const unsigned char *p, size_t n, size_t max_n);
diff --git a/debian/patches/0056-gpg-Sync-print-of-additional-sig-data-in-edit-key.patch b/debian/patches/0056-gpg-Sync-print-of-additional-sig-data-in-edit-key.patch
deleted file mode 100644
index 1d7b97d..0000000
--- a/debian/patches/0056-gpg-Sync-print-of-additional-sig-data-in-edit-key.patch
+++ /dev/null
@@ -1,232 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Tue, 17 Jan 2017 10:23:52 +0100
-Subject: gpg: Sync print of additional sig data in --edit-key.
-
-* g10/keylist.c (show_policy_url): Implement MODE -1.
-(show_keyserver_url): Ditto.
-(show_notation): Ditto.
-* g10/keyedit.c (print_one_sig): Print policy URL, keyserver URL and
-notation data to the tty.
---
-
-With this change the listing of signatures in the key edit menu does
-now include policy URLs et al in order and not possible after leaving
-the menu (it used to go to stdout and not the tty).
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 766c25018b288a7185c6da6adac0dec01a64e94a)
----
- g10/keyedit.c | 6 ++---
- g10/keylist.c | 87 +++++++++++++++++++++++++++++------------------------------
- 2 files changed, 45 insertions(+), 48 deletions(-)
-
-diff --git a/g10/keyedit.c b/g10/keyedit.c
-index dadf58685..1456d2867 100644
---- a/g10/keyedit.c
-+++ b/g10/keyedit.c
-@@ -281,11 +281,11 @@ print_one_sig (int rc, KBNODE keyblock, KBNODE node,
-
- if (sig->flags.policy_url
- && ((opt.list_options & LIST_SHOW_POLICY_URLS) || extended))
-- show_policy_url (sig, 3, 0);
-+ show_policy_url (sig, 3, -1);
-
- if (sig->flags.notation
- && ((opt.list_options & LIST_SHOW_NOTATIONS) || extended))
-- show_notation (sig, 3, 0,
-+ show_notation (sig, 3, -1,
- ((opt.
- list_options & LIST_SHOW_STD_NOTATIONS) ? 1 : 0) +
- ((opt.
-@@ -293,7 +293,7 @@ print_one_sig (int rc, KBNODE keyblock, KBNODE node,
-
- if (sig->flags.pref_ks
- && ((opt.list_options & LIST_SHOW_KEYSERVER_URLS) || extended))
-- show_keyserver_url (sig, 3, 0);
-+ show_keyserver_url (sig, 3, -1);
-
- if (extended)
- {
-diff --git a/g10/keylist.c b/g10/keylist.c
-index a5fdc06a8..4fe1e4034 100644
---- a/g10/keylist.c
-+++ b/g10/keylist.c
-@@ -304,6 +304,7 @@ status_one_subpacket (sigsubpkttype_t type, size_t len, int flags,
-
-
- /* Print a policy URL. Allowed values for MODE are:
-+ * -1 - print to the TTY
- * 0 - print to stdout.
- * 1 - use log_info and emit status messages.
- * 2 - emit only status messages.
-@@ -314,50 +315,48 @@ show_policy_url (PKT_signature * sig, int indent, int mode)
- const byte *p;
- size_t len;
- int seq = 0, crit;
-- estream_t fp = mode ? log_get_stream () : es_stdout;
-+ estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout;
-
- while ((p =
- enum_sig_subpkt (sig->hashed, SIGSUBPKT_POLICY, &len, &seq, &crit)))
- {
- if (mode != 2)
- {
-- int i;
- const char *str;
-
-- for (i = 0; i < indent; i++)
-- es_putc (' ', fp);
-+ tty_fprintf (fp, "%*s", indent, "");
-
- if (crit)
- str = _("Critical signature policy: ");
- else
- str = _("Signature policy: ");
-- if (mode)
-+ if (mode > 0)
- log_info ("%s", str);
- else
-- es_fprintf (fp, "%s", str);
-- print_utf8_buffer (fp, p, len);
-- es_fprintf (fp, "\n");
-+ tty_fprintf (fp, "%s", str);
-+ tty_print_utf8_string2 (fp, p, len, 0);
-+ tty_fprintf (fp, "\n");
- }
-
-- if (mode)
-+ if (mode > 0)
- write_status_buffer (STATUS_POLICY_URL, p, len, 0);
- }
- }
-
-
--/*
-- mode=0 for stdout.
-- mode=1 for log_info + status messages
-- mode=2 for status messages only
--*/
--/* TODO: use this */
-+/* Print a keyserver URL. Allowed values for MODE are:
-+ * -1 - print to the TTY
-+ * 0 - print to stdout.
-+ * 1 - use log_info and emit status messages.
-+ * 2 - emit only status messages.
-+ */
- void
- show_keyserver_url (PKT_signature * sig, int indent, int mode)
- {
- const byte *p;
- size_t len;
- int seq = 0, crit;
-- estream_t fp = mode ? log_get_stream () : es_stdout;
-+ estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout;
-
- while ((p =
- enum_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_KS, &len, &seq,
-@@ -365,43 +364,43 @@ show_keyserver_url (PKT_signature * sig, int indent, int mode)
- {
- if (mode != 2)
- {
-- int i;
- const char *str;
-
-- for (i = 0; i < indent; i++)
-- es_putc (' ', es_stdout);
-+ tty_fprintf (fp, "%*s", indent, "");
-
- if (crit)
- str = _("Critical preferred keyserver: ");
- else
- str = _("Preferred keyserver: ");
-- if (mode)
-+ if (mode > 0)
- log_info ("%s", str);
- else
-- es_fprintf (es_stdout, "%s", str);
-- print_utf8_buffer (fp, p, len);
-- es_fprintf (fp, "\n");
-+ tty_fprintf (es_stdout, "%s", str);
-+ tty_print_utf8_string2 (fp, p, len, 0);
-+ tty_fprintf (fp, "\n");
- }
-
-- if (mode)
-+ if (mode > 0)
- status_one_subpacket (SIGSUBPKT_PREF_KS, len,
- (crit ? 0x02 : 0) | 0x01, p);
- }
- }
-
--/*
-- mode=0 for stdout.
-- mode=1 for log_info + status messages
-- mode=2 for status messages only
--
-- Defined bits in WHICH:
-- 1 == standard notations
-- 2 == user notations
--*/
-+
-+/* Print notation data. Allowed values for MODE are:
-+ * -1 - print to the TTY
-+ * 0 - print to stdout.
-+ * 1 - use log_info and emit status messages.
-+ * 2 - emit only status messages.
-+ *
-+ * Defined bits in WHICH:
-+ * 1 - standard notations
-+ * 2 - user notations
-+ */
- void
- show_notation (PKT_signature * sig, int indent, int mode, int which)
- {
-- estream_t fp = mode ? log_get_stream () : es_stdout;
-+ estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout;
- notation_t nd, notations;
-
- if (which == 0)
-@@ -418,34 +417,32 @@ show_notation (PKT_signature * sig, int indent, int mode, int which)
-
- if ((which & 1 && !has_at) || (which & 2 && has_at))
- {
-- int i;
- const char *str;
-
-- for (i = 0; i < indent; i++)
-- es_putc (' ', es_stdout);
-+ tty_fprintf (fp, "%*s", indent, "");
-
- if (nd->flags.critical)
- str = _("Critical signature notation: ");
- else
- str = _("Signature notation: ");
-- if (mode)
-+ if (mode > 0)
- log_info ("%s", str);
- else
-- es_fprintf (es_stdout, "%s", str);
-+ tty_fprintf (es_stdout, "%s", str);
- /* This is all UTF8 */
-- print_utf8_buffer (fp, nd->name, strlen (nd->name));
-- es_fprintf (fp, "=");
-- print_utf8_buffer (fp, nd->value, strlen (nd->value));
-+ tty_print_utf8_string2 (fp, nd->name, strlen (nd->name), 0);
-+ tty_fprintf (fp, "=");
-+ tty_print_utf8_string2 (fp, nd->value, strlen (nd->value), 0);
- /* (We need to use log_printf so that the next call to a
- log function does not insert an extra LF.) */
-- if (mode)
-+ if (mode > 0)
- log_printf ("\n");
- else
-- es_putc ('\n', fp);
-+ tty_fprintf (fp, "\n");
- }
- }
-
-- if (mode)
-+ if (mode > 0)
- {
- write_status_buffer (STATUS_NOTATION_NAME,
- nd->name, strlen (nd->name), 0);
diff --git a/debian/patches/0057-gpg-Clean-bogus-subkey-binding-when-cleaning-a-key.patch b/debian/patches/0057-gpg-Clean-bogus-subkey-binding-when-cleaning-a-key.patch
deleted file mode 100644
index d427a7c..0000000
--- a/debian/patches/0057-gpg-Clean-bogus-subkey-binding-when-cleaning-a-key.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Tue, 17 Jan 2017 10:26:34 +0100
-Subject: gpg: Clean bogus subkey binding when cleaning a key.
-
-* g10/trust.c (clean_key): Also clean bogus subkey bindings.
---
-
-GnuPG-bug-id: 2922
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 356323768a1a29138581d0aceed0336ab8be0d5c)
----
- g10/export.c | 1 +
- g10/trust.c | 34 +++++++++++++++++++++++++++-------
- 2 files changed, 28 insertions(+), 7 deletions(-)
-
-diff --git a/g10/export.c b/g10/export.c
-index ad42b41b5..b36200ac0 100644
---- a/g10/export.c
-+++ b/g10/export.c
-@@ -1518,6 +1518,7 @@ do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid,
- u32 subkidbuf[2], *subkid;
- kbnode_t kbctx, node;
-
-+ /* NB: walk_kbnode skips packets marked as deleted. */
- for (kbctx=NULL; (node = walk_kbnode (keyblock, &kbctx, 0)); )
- {
- if (skip_until_subkey)
-diff --git a/g10/trust.c b/g10/trust.c
-index 102444865..888b4ca53 100644
---- a/g10/trust.c
-+++ b/g10/trust.c
-@@ -756,21 +756,41 @@ clean_one_uid (kbnode_t keyblock, kbnode_t uidnode, int noisy, int self_only,
- }
-
-
-+/* NB: This function marks the deleted nodes only and the caller is
-+ * responsible to skip or remove them. */
- void
- clean_key (kbnode_t keyblock, int noisy, int self_only,
- int *uids_cleaned, int *sigs_cleaned)
- {
-- kbnode_t uidnode;
-+ kbnode_t node;
-
- merge_keys_and_selfsig (keyblock);
-
-- for (uidnode = keyblock->next;
-- uidnode && !(uidnode->pkt->pkttype == PKT_PUBLIC_SUBKEY
-- || uidnode->pkt->pkttype == PKT_SECRET_SUBKEY);
-- uidnode = uidnode->next)
-+ for (node = keyblock->next;
-+ node && !(node->pkt->pkttype == PKT_PUBLIC_SUBKEY
-+ || node->pkt->pkttype == PKT_SECRET_SUBKEY);
-+ node = node->next)
- {
-- if (uidnode->pkt->pkttype == PKT_USER_ID)
-- clean_one_uid (keyblock, uidnode,noisy, self_only,
-+ if (node->pkt->pkttype == PKT_USER_ID)
-+ clean_one_uid (keyblock, node, noisy, self_only,
- uids_cleaned, sigs_cleaned);
- }
-+
-+ /* Remove bogus subkey binding signatures: The only signatures
-+ * allowed are of class 0x18 and 0x28. */
-+ log_assert (!node || (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
-+ || node->pkt->pkttype == PKT_SECRET_SUBKEY));
-+ for (; node; node = node->next)
-+ {
-+ if (is_deleted_kbnode (node))
-+ continue;
-+ if (node->pkt->pkttype == PKT_SIGNATURE
-+ && !(IS_SUBKEY_SIG (node->pkt->pkt.signature)
-+ || IS_SUBKEY_REV (node->pkt->pkt.signature)))
-+ {
-+ delete_kbnode (node);
-+ if (sigs_cleaned)
-+ ++*sigs_cleaned;
-+ }
-+ }
- }
diff --git a/debian/patches/0058-build-Handle-packages-with-dashes-in-find-version.patch b/debian/patches/0058-build-Handle-packages-with-dashes-in-find-version.patch
deleted file mode 100644
index 3e09c48..0000000
--- a/debian/patches/0058-build-Handle-packages-with-dashes-in-find-version.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Tue, 17 Jan 2017 12:14:53 +0100
-Subject: build: Handle packages with dashes in --find-version.
-
-* autogen.sh (--find-version): Improve version extraction.
-* (--help): Extend.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit a09f258b1412209763222e2e81bab79663e4d685)
----
- autogen.sh | 27 ++++++++++++++++++++++-----
- 1 file changed, 22 insertions(+), 5 deletions(-)
-
-diff --git a/autogen.sh b/autogen.sh
-index 0cecf0d89..d7bab0383 100755
---- a/autogen.sh
-+++ b/autogen.sh
-@@ -1,6 +1,6 @@
- #! /bin/sh
- # autogen.sh
--# Copyright (C) 2003, 2014 g10 Code GmbH
-+# Copyright (C) 2003, 2014, 2017 g10 Code GmbH
- #
- # This file is free software; as a special exception the author gives
- # unlimited permission to copy and/or distribute it, with or without
-@@ -15,7 +15,7 @@
- # configure it for the respective package. It is maintained as part of
- # GnuPG and source copied by other packages.
- #
--# Version: 2014-06-06
-+# Version: 2017-01-17
-
- configure_ac="configure.ac"
-
-@@ -80,7 +80,17 @@ if [ -n "${AUTOGEN_SH_SILENT}" ]; then
- SILENT=" --silent"
- fi
- if test x"$1" = x"--help"; then
-- echo "usage: ./autogen.sh [--silent] [--force] [--build-TYPE] [ARGS]"
-+ echo "usage: ./autogen.sh [OPTIONS] [ARGS]"
-+ echo " Options:"
-+ echo " --silent Silent operation"
-+ echo " --force Pass --force to autoconf"
-+ echo " --find-version Helper for configure.ac"
-+ echo " --build-TYPE Configure to cross build for TYPE"
-+ echo " --print-host Print only the host triplet"
-+ echo " --print-build Print only the build platform triplet"
-+ echo ""
-+ echo " ARGS are passed to configure in --build-TYPE mode."
-+ echo " Configuration for this script is expected in autogen.rc"
- exit 0
- fi
- if test x"$1" = x"--silent"; then
-@@ -200,6 +210,11 @@ if [ "$myhost" = "find-version" ]; then
- minor="$3"
- micro="$4"
-
-+ if [ -z "$package" -o -z "$major" -o -z "$minor" ]; then
-+ echo "usage: ./autogen.sh --find-version PACKAGE MAJOR MINOR [MICRO]" >&2
-+ exit 1
-+ fi
-+
- case "$version_parts" in
- 2)
- matchstr1="$package-$major.[0-9]*"
-@@ -217,8 +232,10 @@ if [ "$myhost" = "find-version" ]; then
- if false; then
- ingit=yes
- tmp=$(git describe --match "${matchstr1}" --long 2>/dev/null)
-+ tmp=$(echo "$tmp" | sed s/^"$package"//)
- if [ -n "$tmp" ]; then
-- tmp=$(echo "$tmp"|awk -F- '$3!=0 && $3 !~ /^beta/ {print"-beta"$3}')
-+ tmp=$(echo "$tmp" | sed s/^"$package"// \
-+ | awk -F- '$3!=0 && $3 !~ /^beta/ {print"-beta"$3}')
- else
- tmp=$(git describe --match "${matchstr2}" --long 2>/dev/null \
- | awk -F- '$4!=0{print"-beta"$4}')
-@@ -426,7 +443,7 @@ if [ -d .git ]; then
- [ -z "${SILENT}" ] && cat <<EOF
- *** Activating trailing whitespace git pre-commit hook. ***
- For more information see this thread:
-- http://mail.gnome.org/archives/desktop-devel-list/2009-May/msg00084.html
-+ https://mail.gnome.org/archives/desktop-devel-list/2009-May/msg00084.html
- To deactivate this pre-commit hook again move .git/hooks/pre-commit
- and .git/hooks/pre-commit.sample out of the way.
- EOF
diff --git a/debian/patches/0059-gpg-Remove-unused-definitions.patch b/debian/patches/0059-gpg-Remove-unused-definitions.patch
deleted file mode 100644
index 1ee72d7..0000000
--- a/debian/patches/0059-gpg-Remove-unused-definitions.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Tue, 17 Jan 2017 12:43:13 +0100
-Subject: gpg: Remove unused definitions.
-
-* g10/keydb.h (rt_UNKNOWN, rt_RING): Remove constants.
-(keyblock_pos_struct, KBPOS): Remove struct and type.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 701f54eccf3da3319dd6d74f46b852c64d90bc52)
----
- g10/keydb.h | 24 ++----------------------
- 1 file changed, 2 insertions(+), 22 deletions(-)
-
-diff --git a/g10/keydb.h b/g10/keydb.h
-index 8daa9ee0f..c9f5b1c4a 100644
---- a/g10/keydb.h
-+++ b/g10/keydb.h
-@@ -61,12 +61,6 @@ struct kbnode_struct {
- #define is_cloned_kbnode(a) ((a)->private_flag & 2)
-
-
--enum resource_type {
-- rt_UNKNOWN = 0,
-- rt_RING = 1
--};
--
--
- /* Bit flags used with build_pk_list. */
- enum
- {
-@@ -75,28 +69,14 @@ enum
- PK_LIST_CONFIG = 4, /* Specified via config file. */
- PK_LIST_FROM_FILE = 8 /* Take key from file with that name. */
- };
-+
- /* To store private data in the flags the private data must be left
-- shifted by this value. */
-+ * shifted by this value. */
- enum
- {
- PK_LIST_SHIFT = 4
- };
-
--/****************
-- * A data structure to hold information about the external position
-- * of a keyblock.
-- */
--struct keyblock_pos_struct {
-- int resno; /* resource number */
-- enum resource_type rt;
-- off_t offset; /* position information */
-- unsigned count; /* length of the keyblock in packets */
-- iobuf_t fp; /* Used by enum_keyblocks. */
-- int secret; /* working on a secret keyring */
-- PACKET *pkt; /* ditto */
-- int valid;
--};
--typedef struct keyblock_pos_struct KBPOS;
-
- /* Structure to hold a couple of public key certificates. */
- typedef struct pk_list *PK_LIST; /* Deprecated. */
diff --git a/debian/patches/0060-gpgconf-Allow-all-for-launch-kill-and-reload.patch b/debian/patches/0060-gpgconf-Allow-all-for-launch-kill-and-reload.patch
deleted file mode 100644
index 1852f43..0000000
--- a/debian/patches/0060-gpgconf-Allow-all-for-launch-kill-and-reload.patch
+++ /dev/null
@@ -1,134 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Wed, 18 Jan 2017 10:01:55 +0100
-Subject: gpgconf: Allow "all" for --launch, --kill, and --reload.
-
-* tools/gpgconf-comp.c (gc_component_launch): Allow -1 for COMPONENT.
-(gc_component_kill): Ditto.
-(gc_component_reload): For robustness change the condition to < 0.
-* tools/gpgconf.c (main) <aLaunch, aKill, aReload>: Support argument
-"all".
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 2312248b2e3adffa52d8a3ac4f24fe2c88f0f569)
----
- doc/tools.texi | 15 +++++++++------
- tools/gpgconf-comp.c | 21 +++++++++++++++++++--
- tools/gpgconf.c | 14 +++++++++++++-
- 3 files changed, 41 insertions(+), 9 deletions(-)
-
-diff --git a/doc/tools.texi b/doc/tools.texi
-index f0e6fe70c..bdef6a261 100644
---- a/doc/tools.texi
-+++ b/doc/tools.texi
-@@ -336,9 +336,10 @@ force an update of that file this command can be used:
-
- @item --reload [@var{component}]
- @opindex reload
--Reload all or the given component. This is basically the same as sending
--a SIGHUP to the component. Components which don't support reloading are
--ignored.
-+Reload all or the given component. This is basically the same as
-+sending a SIGHUP to the component. Components which don't support
-+reloading are ignored. Without @var{component} or by using "all" for
-+ at var{component} all components which are daemons are reloaded.
-
- @item --launch [@var{component}]
- @opindex launch
-@@ -346,14 +347,16 @@ If the @var{component} is not already running, start it.
- @command{component} must be a daemon. This is in general not required
- because the system starts these daemons as needed. However, external
- software making direct use of @command{gpg-agent} or @command{dirmngr}
--may use this command to ensure that they are started.
-+may use this command to ensure that they are started. Using "all" for
-+ at var{component} launches all components which are daemons.
-
- @item --kill [@var{component}]
- @opindex kill
- Kill the given component. Components which support killing are
- @command{gpg-agent} and @command{scdaemon}. Components which don't
--support reloading are ignored. Note that as of now reload and kill
--have the same effect for @command{scdaemon}.
-+support reloading are ignored. Using "all" for @var{component} kills
-+all components running as daemons. Note that as of now reload and
-+kill have the same effect for @command{scdaemon}.
-
- @item --create-socketdir
- @opindex create-socketdir
-diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
-index 2dcf0758e..300f63da6 100644
---- a/tools/gpgconf-comp.c
-+++ b/tools/gpgconf-comp.c
-@@ -1263,6 +1263,14 @@ gc_component_launch (int component)
- int i;
- pid_t pid;
-
-+ if (component < 0)
-+ {
-+ err = gc_component_launch (GC_COMPONENT_GPG_AGENT);
-+ if (!err)
-+ err = gc_component_launch (GC_COMPONENT_DIRMNGR);
-+ return err;
-+ }
-+
- if (!(component == GC_COMPONENT_GPG_AGENT
- || component == GC_COMPONENT_DIRMNGR))
- {
-@@ -1304,7 +1312,16 @@ gc_component_kill (int component)
- for (backend = 0; backend < GC_BACKEND_NR; backend++)
- runtime[backend] = 0;
-
-- if (component >= 0)
-+ if (component < 0)
-+ {
-+ for (component = 0; component < GC_COMPONENT_NR; component++)
-+ {
-+ option = gc_component[component].options;
-+ for (; option && option->name; option++)
-+ runtime[option->backend] = 1;
-+ }
-+ }
-+ else
- {
- assert (component < GC_COMPONENT_NR);
- option = gc_component[component].options;
-@@ -1333,7 +1350,7 @@ gc_component_reload (int component)
- for (backend = 0; backend < GC_BACKEND_NR; backend++)
- runtime[backend] = 0;
-
-- if (component == -1)
-+ if (component < 0)
- {
- for (component = 0; component < GC_COMPONENT_NR; component++)
- {
-diff --git a/tools/gpgconf.c b/tools/gpgconf.c
-index a1034e663..c69b1c3e2 100644
---- a/tools/gpgconf.c
-+++ b/tools/gpgconf.c
-@@ -589,6 +589,18 @@ main (int argc, char **argv)
- es_putc ('\n', es_stderr);
- exit (2);
- }
-+ else if (!strcmp (fname, "all"))
-+ {
-+ if (cmd == aLaunch)
-+ {
-+ if (gc_component_launch (-1))
-+ exit (1);
-+ }
-+ else
-+ {
-+ gc_component_kill (-1);
-+ }
-+ }
- else
- {
- /* Launch/Kill a given component. */
-@@ -617,7 +629,7 @@ main (int argc, char **argv)
- break;
-
- case aReload:
-- if (!fname)
-+ if (!fname || !strcmp (fname, "all"))
- {
- /* Reload all. */
- gc_component_reload (-1);
diff --git a/debian/patches/0061-agent-Reduce-sleep-time-in-the-progress-callback.patch b/debian/patches/0061-agent-Reduce-sleep-time-in-the-progress-callback.patch
deleted file mode 100644
index c645d3e..0000000
--- a/debian/patches/0061-agent-Reduce-sleep-time-in-the-progress-callback.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Wed, 18 Jan 2017 10:13:04 +0100
-Subject: agent: Reduce sleep time in the progress callback.
-
-* agent/gpg-agent.c (agent_libgcrypt_progress_cb): Reduce sleep time
-from 100ms to 1ms or use gpgrt_yield when build against a recent
-libgpg-error.
---
-
-Debian-bug-id: 851298
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 3d356d165aed7d76a3ea811b1d24ed0a05ac90d4)
----
- agent/gpg-agent.c | 12 ++++++++++--
- 1 file changed, 10 insertions(+), 2 deletions(-)
-
-diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
-index d8c574fe6..5d62faf26 100644
---- a/agent/gpg-agent.c
-+++ b/agent/gpg-agent.c
-@@ -1770,11 +1770,19 @@ agent_libgcrypt_progress_cb (void *data, const char *what, int printchar,
-
- /* Libgcrypt < 1.8 does not know about nPth and thus when it reads
- * from /dev/random this will block the process. To mitigate this
-- * problem we take a short nap when Libgcrypt tells us that it needs
-+ * problem we yield the thread when Libgcrypt tells us that it needs
- * more entropy. This way other threads have chance to run. */
- #if GCRYPT_VERSION_NUMBER < 0x010800 /* 1.8.0 */
- if (what && !strcmp (what, "need_entropy"))
-- npth_usleep (100000); /* 100ms */
-+ {
-+#if GPGRT_VERSION_NUMBER < 0x011900 /* 1.25 */
-+ /* In older gpg-error versions gpgrt_yield is buggy for use with
-+ * nPth and thus we need to resort to a sleep call. */
-+ npth_usleep (1000); /* 1ms */
-+#else
-+ gpgrt_yield ();
-+#endif
-+ }
- #endif
- }
-
diff --git a/debian/patches/0062-common-Fix-flushing-copy-buffers.patch b/debian/patches/0062-common-Fix-flushing-copy-buffers.patch
deleted file mode 100644
index ae23022..0000000
--- a/debian/patches/0062-common-Fix-flushing-copy-buffers.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Wed, 18 Jan 2017 18:14:41 +0100
-Subject: common: Fix flushing copy buffers.
-
-* common/exectool.c (copy_buffer_flush): Write and flush the data, but
-do not hide EAGAIN from the caller.
-(gnupg_exec_tool_stream): Retry on EAGAIN.
-
-GnuPG-bug-id: 2425
-Signed-off-by: Justus Winter <justus at g10code.com>
-(cherry picked from commit 34fa2d79a07a079be472c3ff486debfdac8c6070)
----
- common/exectool.c | 26 +++++++++++++++++++-------
- 1 file changed, 19 insertions(+), 7 deletions(-)
-
-diff --git a/common/exectool.c b/common/exectool.c
-index 4593abdc2..0067fc63a 100644
---- a/common/exectool.c
-+++ b/common/exectool.c
-@@ -276,15 +276,23 @@ static gpg_error_t
- copy_buffer_flush (struct copy_buffer *c, estream_t sink)
- {
- gpg_error_t err;
-+ size_t nwritten;
-
-- while (c->nread > 0)
-- {
-- err = copy_buffer_do_copy (c, NULL, sink);
-- if (err)
-- return err;
-- }
-+ nwritten = 0;
-+ err = es_write (sink, c->writep, c->nread, &nwritten);
-+
-+ assert (nwritten <= c->nread);
-+ c->writep += nwritten;
-+ c->nread -= nwritten;
-+ assert (c->writep - c->buffer <= sizeof c->buffer);
-+
-+ if (err)
-+ return err;
-
-- return 0;
-+ if (es_fflush (sink))
-+ err = my_error_from_syserror ();
-+
-+ return err;
- }
-
-
-@@ -444,6 +452,8 @@ gnupg_exec_tool_stream (const char *pgmname, const char *argv[],
- if (es_feof (input))
- {
- err = copy_buffer_flush (cpbuf_in, fds[0].stream);
-+ if (err == GPG_ERR_EAGAIN)
-+ continue; /* Retry next time. */
- if (err)
- {
- log_error ("error feeding data to '%s': %s\n",
-@@ -470,6 +480,8 @@ gnupg_exec_tool_stream (const char *pgmname, const char *argv[],
- if (es_feof (inextra))
- {
- err = copy_buffer_flush (cpbuf_extra, fds[3].stream);
-+ if (err == GPG_ERR_EAGAIN)
-+ continue; /* Retry next time. */
- if (err)
- {
- log_error ("error feeding data to '%s': %s\n",
diff --git a/debian/patches/series b/debian/patches/series
index d83fb62..a43241d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -9,54 +9,3 @@ gpg-agent-idling/0001-agent-Create-framework-of-scheduled-timers.patch
gpg-agent-idling/0002-agent-Allow-threads-to-interrupt-main-select-loop-wi.patch
gpg-agent-idling/0003-agent-Avoid-tight-timer-tick-when-possible.patch
gpg-agent-idling/0004-agent-Avoid-scheduled-checks-on-socket-when-inotify-.patch
-0012-gpgscm-Guard-use-of-union-member.patch
-0013-dirmngr-Fix-for-disable-libdns-usage.patch
-0014-dirmngr-Strip-root-zone-suffix-from-libdns-cname-res.patch
-0015-doc-Remove-warning-that-DNS-is-not-routed-via-Tor.patch
-0016-build-Enable-gcc-warnings-to-detect-non-portable-cod.patch
-0017-Replace-use-of-variable-length-arrays.patch
-0018-dirmngr-New-debug-message-on-correctly-initialized-l.patch
-0019-dirmngr-Make-sure-Tor-mode-is-also-set-for-DNS-on-SI.patch
-0020-doc-Extend-dirmngr-s-allow-version-check-description.patch
-0021-doc-Add-release-announcement-pointers-to-NEWS-entrie.patch
-0022-g10-avoid-warning-when-disable-tofu.patch
-0023-doc-Mention-gpgv-in-the-description-of-gpg-verify.patch
-0024-Silence-two-Wlogical-op-warnings.patch
-0025-doc-Document-summary-values-of-TOFU_STATS.patch
-0026-dirmngr-Strip-root-zone-suffix-from-libdns-SRV-resul.patch
-0027-dirmngr-Change-internal-SRV-lookup-API.patch
-0028-dirmngr-Improve-debug-output-for-TLS.patch
-0029-dirmngr-Implement-experimental-SRV-record-lookup-for.patch
-0030-doc-Update-man-page-for-watchgnupg.patch
-0031-dirmngr-Do-not-use-a-SRV-record-for-HKP-if-a-port-wa.patch
-0032-dirmngr-Use-pgpkey-hkps-and-pgpkey-hkp-for-SRV-recor.patch
-0033-common-Fix-fallback-code.patch
-0034-tools-Fix-memory-leaks-and-improve-error-handling.patch
-0035-doc-Mention-dirmngr.conf.patch
-0037-systemd-user-Enable-systemctl-user-reload-dirmngr-gp.patch
-0037-common-Avoid-unnecessary-ambiguity-in-argparse.patch
-0038-common-New-function-log_debug_with_string.patch
-0039-dirmngr-Add-debug-code-to-http.c.patch
-0040-dirmngr-Implement-debug-option-network-for-http.patch
-0041-dirmngr-Remove-warnings-about-unused-global-variable.patch
-0042-dirmngr-Fix-Tor-access-for-v6-addresses.patch
-0043-dirmngr-Mark-hosts-dead-on-ENETDOWN.patch
-0044-dirmngr-After-a-connection-failure-log-a-hint-if-Tor.patch
-0045-libdns-Provide-replacement-for-EPROTO.patch
-0046-libdns-Silence-Wstrict-prototypes-on-some-function-p.patch
-0047-build-Make-autogen.sh-more-POSIX-friendly.patch
-0048-gpg-Rename-a-var-to-avoid-a-shadowing-warning.patch
-0049-build-Make-autogen.sh-more-POSIX-friendly-next-try.patch
-0050-dirmngr-Fix-URL-creation-for-literal-IPv6-addresses-.patch
-0051-dirmngr-Avoid-network-queries-for-literal-IP-address.patch
-0052-dirmngr-Allow-reverse-DNS-lookups-in-Tor-mode.patch
-0053-dirmngr-Implement-hkps-lookups-using-literal-address.patch
-0054-gpg-Prepare-some-key-cleaning-function-for-use-with-.patch
-0055-common-Remove-unused-function-tty_print_string.patch
-0056-gpg-Sync-print-of-additional-sig-data-in-edit-key.patch
-0057-gpg-Clean-bogus-subkey-binding-when-cleaning-a-key.patch
-0058-build-Handle-packages-with-dashes-in-find-version.patch
-0059-gpg-Remove-unused-definitions.patch
-0060-gpgconf-Allow-all-for-launch-kill-and-reload.patch
-0061-agent-Reduce-sleep-time-in-the-progress-callback.patch
-0062-common-Fix-flushing-copy-buffers.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list