[Pkg-gnupg-commit] [gnupg2] 03/20: more patches from upstream
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Jul 26 20:20:45 UTC 2017
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch experimental
in repository gnupg2.
commit cd5612bf706cfd9a3615bd9d664b437647543803
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Sun Jun 11 00:55:25 2017 +0200
more patches from upstream
---
debian/patches/0028-agent-Fix-memory-leaks.patch | 96 ++++++++++++++++++++++
debian/patches/0029-gpg-Fix-typos.patch | 48 +++++++++++
.../0030-scd-Handle-a-failure-of-libusb_init.patch | 62 ++++++++++++++
...scd-Fix-error-code-on-failure-at-usb_init.patch | 25 ++++++
.../0032-agent-Fix-error-from-do_encryption.patch | 86 +++++++++++++++++++
.../patches/0033-doc-Improve-documentation.patch | 26 ++++++
debian/patches/0034-sm-Fix-typo.patch | 25 ++++++
debian/patches/0035-sm-Simplify-code.patch | 35 ++++++++
...ailure-exit-when-scdaemon-is-disabled-but.patch | 35 ++++++++
debian/patches/series | 9 ++
10 files changed, 447 insertions(+)
diff --git a/debian/patches/0028-agent-Fix-memory-leaks.patch b/debian/patches/0028-agent-Fix-memory-leaks.patch
new file mode 100644
index 0000000..db2c8b0
--- /dev/null
+++ b/debian/patches/0028-agent-Fix-memory-leaks.patch
@@ -0,0 +1,96 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Tue, 30 May 2017 13:56:20 +0900
+Subject: agent: Fix memory leaks.
+
+* agent/divert-scd.c (ask_for_card): Free WANT_KID and WANT_SN_DISP.
+* agent/gpg-agent.c (create_server_socket): Free UNADDR.
+
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit 996544626ea416c173a940db47f47f9e5cbd844c)
+---
+ agent/divert-scd.c | 8 +++++---
+ agent/gpg-agent.c | 7 ++++++-
+ 2 files changed, 11 insertions(+), 4 deletions(-)
+
+diff --git a/agent/divert-scd.c b/agent/divert-scd.c
+index 153119b..88b35cd 100644
+--- a/agent/divert-scd.c
++++ b/agent/divert-scd.c
+@@ -52,6 +52,7 @@ ask_for_card (ctrl_t ctrl, const unsigned char *shadow_info, char **r_kid)
+ {
+ rc = gpg_error_from_syserror ();
+ xfree (want_sn);
++ xfree (want_kid);
+ return rc;
+ }
+
+@@ -84,6 +85,7 @@ ask_for_card (ctrl_t ctrl, const unsigned char *shadow_info, char **r_kid)
+ serialno = NULL;
+ if (!i)
+ {
++ xfree (want_sn_disp);
+ xfree (want_sn);
+ *r_kid = want_kid;
+ return 0; /* yes, we have the correct card */
+@@ -122,9 +124,9 @@ ask_for_card (ctrl_t ctrl, const unsigned char *shadow_info, char **r_kid)
+ else
+ {
+ rc = agent_get_confirmation (ctrl, desc, NULL, NULL, 0);
+- if (ctrl->pinentry_mode == PINENTRY_MODE_LOOPBACK &&
+- gpg_err_code (rc) == GPG_ERR_NO_PIN_ENTRY)
+- rc = gpg_error (GPG_ERR_CARD_NOT_PRESENT);
++ if (ctrl->pinentry_mode == PINENTRY_MODE_LOOPBACK &&
++ gpg_err_code (rc) == GPG_ERR_NO_PIN_ENTRY)
++ rc = gpg_error (GPG_ERR_CARD_NOT_PRESENT);
+
+ xfree (desc);
+ }
+diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
+index d522f18..733987a 100644
+--- a/agent/gpg-agent.c
++++ b/agent/gpg-agent.c
+@@ -2140,6 +2140,7 @@ create_server_socket (char *name, int primary, int cygwin,
+ log_error ("error preparing socket '%s': %s\n",
+ name, gpg_strerror (gpg_error_from_syserror ()));
+ *name = 0; /* Inhibit removal of the socket by cleanup(). */
++ xfree (unaddr);
+ agent_exit (2);
+ }
+ if (redirected)
+@@ -2177,6 +2178,7 @@ create_server_socket (char *name, int primary, int cygwin,
+ "not starting a new one\n"));
+ *name = 0; /* Inhibit removal of the socket by cleanup(). */
+ assuan_sock_close (fd);
++ xfree (unaddr);
+ agent_exit (2);
+ }
+ gnupg_remove (unaddr->sun_path);
+@@ -2189,11 +2191,12 @@ create_server_socket (char *name, int primary, int cygwin,
+ /* We use gpg_strerror here because it allows us to get strings
+ for some W32 socket error codes. */
+ log_error (_("error binding socket to '%s': %s\n"),
+- unaddr->sun_path,
++ unaddr->sun_path,
+ gpg_strerror (gpg_error_from_syserror ()));
+
+ assuan_sock_close (fd);
+ *name = 0; /* Inhibit removal of the socket by cleanup(). */
++ xfree (unaddr);
+ agent_exit (2);
+ }
+
+@@ -2206,12 +2209,14 @@ create_server_socket (char *name, int primary, int cygwin,
+ log_error (_("listen() failed: %s\n"), strerror (errno));
+ *name = 0; /* Inhibit removal of the socket by cleanup(). */
+ assuan_sock_close (fd);
++ xfree (unaddr);
+ agent_exit (2);
+ }
+
+ if (opt.verbose)
+ log_info (_("listening on socket '%s'\n"), unaddr->sun_path);
+
++ xfree (unaddr);
+ return fd;
+ }
+
diff --git a/debian/patches/0029-gpg-Fix-typos.patch b/debian/patches/0029-gpg-Fix-typos.patch
new file mode 100644
index 0000000..f05866f
--- /dev/null
+++ b/debian/patches/0029-gpg-Fix-typos.patch
@@ -0,0 +1,48 @@
+From: Justus Winter <justus at g10code.com>
+Date: Mon, 29 May 2017 15:23:36 +0200
+Subject: gpg: Fix typos.
+
+--
+Signed-off-by: Justus Winter <justus at g10code.com>
+
+(cherry picked from commit 663e5ed0737465e79a9c877f18d93bddfd05a7a4)
+---
+ g10/cpr.c | 2 +-
+ g10/mainproc.c | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/g10/cpr.c b/g10/cpr.c
+index 3391071..1548720 100644
+--- a/g10/cpr.c
++++ b/g10/cpr.c
+@@ -73,7 +73,7 @@ status_currently_allowed (int no)
+ return 1; /* Yes. */
+
+ /* We allow some statis anyway, so that import statistics are
+- correct and to avoid problems if the retriebval subsystem will
++ correct and to avoid problems if the retrieval subsystem will
+ prompt the user. */
+ switch (no)
+ {
+diff --git a/g10/mainproc.c b/g10/mainproc.c
+index 950f214..9500081 100644
+--- a/g10/mainproc.c
++++ b/g10/mainproc.c
+@@ -845,7 +845,7 @@ proc_compressed (CTX c, PACKET *pkt)
+
+ /*
+ * Check the signature. If R_PK is not NULL a copy of the public key
+- * used to verify the signature will be stored tehre, or NULL if not
++ * used to verify the signature will be stored there, or NULL if not
+ * found. Returns: 0 = valid signature or an error code
+ */
+ static int
+@@ -1925,7 +1925,7 @@ check_sig_and_print (CTX c, kbnode_t node)
+ statno = STATUS_GOODSIG;
+
+ /* FIXME: We should have the public key in PK and thus the
+- * keyboock has already been fetched. Thus we could use the
++ * keyblock has already been fetched. Thus we could use the
+ * fingerprint or PK itself to lookup the entire keyblock. That
+ * would best be done with a cache. */
+ keyblock = get_pubkeyblock (c->ctrl, sig->keyid);
diff --git a/debian/patches/0030-scd-Handle-a-failure-of-libusb_init.patch b/debian/patches/0030-scd-Handle-a-failure-of-libusb_init.patch
new file mode 100644
index 0000000..ed3c3f5
--- /dev/null
+++ b/debian/patches/0030-scd-Handle-a-failure-of-libusb_init.patch
@@ -0,0 +1,62 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Wed, 31 May 2017 09:49:54 +0900
+Subject: scd: Handle a failure of libusb_init.
+
+* scd/ccid-driver.c (ccid_get_reader_list, ccid_dev_scan): Handle
+failure.
+
+--
+
+Reported-by: Yuriy M. Kaminskiy <yumkam at gmail.com>
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit 5c33649782bf255af5a55f16eac5e85f059b00bf)
+---
+ scd/ccid-driver.c | 19 +++++++++++++++----
+ 1 file changed, 15 insertions(+), 4 deletions(-)
+
+diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c
+index fbbd157..1d5e8f2 100644
+--- a/scd/ccid-driver.c
++++ b/scd/ccid-driver.c
+@@ -1228,7 +1228,12 @@ ccid_get_reader_list (void)
+
+ if (!initialized_usb)
+ {
+- libusb_init (NULL);
++ int rc;
++ if ((rc = libusb_init (NULL)))
++ {
++ DEBUGOUT_1 ("usb_init failed: %s.\n", libusb_error_name (rc));
++ return NULL;
++ }
+ initialized_usb = 1;
+ }
+
+@@ -1292,9 +1297,17 @@ ccid_dev_scan (int *idx_max_p, struct ccid_dev_table **t_p)
+ int idx = 0;
+ int err = 0;
+
++ *idx_max_p = 0;
++ *t_p = NULL;
++
+ if (!initialized_usb)
+ {
+- libusb_init (NULL);
++ int rc;
++ if ((rc = libusb_init (NULL)))
++ {
++ DEBUGOUT_1 ("usb_init failed: %s.\n", libusb_error_name (rc));
++ return gpg_error (GPG_ERR_NOT_FOUND);
++ }
+ initialized_usb = 1;
+ }
+
+@@ -1373,8 +1386,6 @@ ccid_dev_scan (int *idx_max_p, struct ccid_dev_table **t_p)
+
+ if (err)
+ {
+- *idx_max_p = 0;
+- *t_p = NULL;
+ for (i = 0; i < idx; i++)
+ {
+ free (ccid_dev_table[idx].ifcdesc_extra);
diff --git a/debian/patches/0031-scd-Fix-error-code-on-failure-at-usb_init.patch b/debian/patches/0031-scd-Fix-error-code-on-failure-at-usb_init.patch
new file mode 100644
index 0000000..a3ace58
--- /dev/null
+++ b/debian/patches/0031-scd-Fix-error-code-on-failure-at-usb_init.patch
@@ -0,0 +1,25 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Wed, 31 May 2017 10:05:36 +0900
+Subject: scd: Fix error code on failure at usb_init.
+
+* scd/ccid-driver.c (ccid_dev_scan): Return GPG_ERR_ENODEV.
+
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit 8defb21d34410d000c8b776e0e3a1edd04762638)
+---
+ scd/ccid-driver.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c
+index 1d5e8f2..ce6133f 100644
+--- a/scd/ccid-driver.c
++++ b/scd/ccid-driver.c
+@@ -1306,7 +1306,7 @@ ccid_dev_scan (int *idx_max_p, struct ccid_dev_table **t_p)
+ if ((rc = libusb_init (NULL)))
+ {
+ DEBUGOUT_1 ("usb_init failed: %s.\n", libusb_error_name (rc));
+- return gpg_error (GPG_ERR_NOT_FOUND);
++ return gpg_error (GPG_ERR_ENODEV);
+ }
+ initialized_usb = 1;
+ }
diff --git a/debian/patches/0032-agent-Fix-error-from-do_encryption.patch b/debian/patches/0032-agent-Fix-error-from-do_encryption.patch
new file mode 100644
index 0000000..3dfc427
--- /dev/null
+++ b/debian/patches/0032-agent-Fix-error-from-do_encryption.patch
@@ -0,0 +1,86 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Wed, 31 May 2017 18:42:55 +0900
+Subject: agent: Fix error from do_encryption.
+
+* agent/protect.c (do_encryption): Don't mask failure of OUTBUF
+allocation.
+
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit c03e0eb01dc4632432d0472a6f8051142082bea4)
+---
+ agent/protect.c | 31 +++++++++++++++++++------------
+ 1 file changed, 19 insertions(+), 12 deletions(-)
+
+diff --git a/agent/protect.c b/agent/protect.c
+index 66c3741..18b44f1 100644
+--- a/agent/protect.c
++++ b/agent/protect.c
+@@ -381,7 +381,10 @@ do_encryption (const unsigned char *hashbegin, size_t hashlen,
+ outbuf = gcry_malloc_secure (outlen);
+ }
+ if (!outbuf)
+- rc = out_of_core ();
++ {
++ rc = out_of_core ();
++ goto leave;
++ }
+
+ /* Allocate a buffer for the nonce and the salt. */
+ if (!rc)
+@@ -421,11 +424,13 @@ do_encryption (const unsigned char *hashbegin, size_t hashlen,
+ }
+ }
+
++ if (rc)
++ goto leave;
++
+ /* Set the IV/nonce. */
+- if (!rc)
+- {
+- rc = gcry_cipher_setiv (hd, iv, use_ocb? 12 : blklen);
+- }
++ rc = gcry_cipher_setiv (hd, iv, use_ocb? 12 : blklen);
++ if (rc)
++ goto leave;
+
+ if (use_ocb)
+ {
+@@ -436,7 +441,6 @@ do_encryption (const unsigned char *hashbegin, size_t hashlen,
+ if (!rc)
+ rc = gcry_cipher_authenticate
+ (hd, protbegin+protlen, hashlen - (protbegin+protlen - hashbegin));
+-
+ }
+ else
+ {
+@@ -500,14 +504,11 @@ do_encryption (const unsigned char *hashbegin, size_t hashlen,
+ }
+ }
+
++ if (rc)
++ goto leave;
++
+ /* Release cipher handle and check for errors. */
+ gcry_cipher_close (hd);
+- if (rc)
+- {
+- xfree (iv);
+- xfree (outbuf);
+- return rc;
+- }
+
+ /* Now allocate the buffer we want to return. This is
+
+@@ -546,6 +547,12 @@ do_encryption (const unsigned char *hashbegin, size_t hashlen,
+ xfree (iv);
+ xfree (outbuf);
+ return 0;
++
++ leave:
++ gcry_cipher_close (hd);
++ xfree (iv);
++ xfree (outbuf);
++ return rc;
+ }
+
+
diff --git a/debian/patches/0033-doc-Improve-documentation.patch b/debian/patches/0033-doc-Improve-documentation.patch
new file mode 100644
index 0000000..3a3a52f
--- /dev/null
+++ b/debian/patches/0033-doc-Improve-documentation.patch
@@ -0,0 +1,26 @@
+From: Justus Winter <justus at g10code.com>
+Date: Wed, 31 May 2017 12:11:56 +0200
+Subject: doc: Improve documentation.
+
+* doc/gpgsm.texi: Mention that '--with-key-data' implies
+'--with-colons'.
+
+Signed-off-by: Justus Winter <justus at g10code.com>
+(cherry picked from commit 485b5a6e6dfe7aa545afa926e060d516ae911e42)
+---
+ doc/gpgsm.texi | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi
+index c3f5aac..79db177 100644
+--- a/doc/gpgsm.texi
++++ b/doc/gpgsm.texi
+@@ -564,7 +564,7 @@ Write output to @var{file}. The default is to write it to stdout.
+ Displays extra information with the @code{--list-keys} commands. Especially
+ a line tagged @code{grp} is printed which tells you the keygrip of a
+ key. This string is for example used as the file name of the
+-secret key.
++secret key. Implies @code{--with-colons}.
+
+ @anchor{gpgsm-option --with-validation}
+ @item --with-validation
diff --git a/debian/patches/0034-sm-Fix-typo.patch b/debian/patches/0034-sm-Fix-typo.patch
new file mode 100644
index 0000000..c44de67
--- /dev/null
+++ b/debian/patches/0034-sm-Fix-typo.patch
@@ -0,0 +1,25 @@
+From: Justus Winter <justus at g10code.com>
+Date: Wed, 31 May 2017 12:12:42 +0200
+Subject: sm: Fix typo.
+
+--
+Signed-off-by: Justus Winter <justus at g10code.com>
+
+(cherry picked from commit 30c71a9476fa6557ab2846f703acb625b49f1b37)
+---
+ sm/decrypt.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sm/decrypt.c b/sm/decrypt.c
+index 976bd12..f8b0199 100644
+--- a/sm/decrypt.c
++++ b/sm/decrypt.c
+@@ -41,7 +41,7 @@ struct decrypt_filter_parm_s
+ gcry_cipher_hd_t hd;
+ char iv[16];
+ size_t ivlen;
+- int any_data; /* dod we push anything through the filter at all? */
++ int any_data; /* did we push anything through the filter at all? */
+ unsigned char lastblock[16]; /* to strip the padding we have to
+ keep this one */
+ char helpblock[16]; /* needed because there is no block buffering in
diff --git a/debian/patches/0035-sm-Simplify-code.patch b/debian/patches/0035-sm-Simplify-code.patch
new file mode 100644
index 0000000..8a6fc1d
--- /dev/null
+++ b/debian/patches/0035-sm-Simplify-code.patch
@@ -0,0 +1,35 @@
+From: Justus Winter <justus at g10code.com>
+Date: Wed, 31 May 2017 12:51:56 +0200
+Subject: sm: Simplify code.
+
+* sm/verify.c (gpgsm_verify): Simplify by using a newer gcrypt
+interface.
+
+Signed-off-by: Justus Winter <justus at g10code.com>
+(cherry picked from commit f9cb15b385f64f7c9403670f03632f81a874f213)
+---
+ sm/verify.c | 7 +------
+ 1 file changed, 1 insertion(+), 6 deletions(-)
+
+diff --git a/sm/verify.c b/sm/verify.c
+index 6c034e6..7bdc68b 100644
+--- a/sm/verify.c
++++ b/sm/verify.c
+@@ -341,16 +341,11 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
+ &msgdigest, &msgdigestlen);
+ if (!rc)
+ {
+- size_t is_enabled;
+-
+ algoid = ksba_cms_get_digest_algo (cms, signer);
+ algo = gcry_md_map_name (algoid);
+ if (DBG_X509)
+ log_debug ("signer %d - digest algo: %d\n", signer, algo);
+- is_enabled = sizeof algo;
+- if ( gcry_md_info (data_md, GCRYCTL_IS_ALGO_ENABLED,
+- &algo, &is_enabled)
+- || !is_enabled)
++ if (! gcry_md_is_enabled (data_md, algo))
+ {
+ log_error ("digest algo %d (%s) has not been enabled\n",
+ algo, algoid?algoid:"");
diff --git a/debian/patches/0036-gpg-Avoid-failure-exit-when-scdaemon-is-disabled-but.patch b/debian/patches/0036-gpg-Avoid-failure-exit-when-scdaemon-is-disabled-but.patch
new file mode 100644
index 0000000..a075013
--- /dev/null
+++ b/debian/patches/0036-gpg-Avoid-failure-exit-when-scdaemon-is-disabled-but.patch
@@ -0,0 +1,35 @@
+From: Werner Koch <wk at gnupg.org>
+Date: Mon, 5 Jun 2017 11:57:02 +0200
+Subject: gpg: Avoid failure exit when scdaemon is disabled but not needed.
+
+* g10/call-agent.c (warn_version_mismatch): Use log_info if error is
+"not supported".
+--
+
+This fix may make the fix for
+GnuPG-bug-id: 3192
+even more robust.
+
+Signed-off-by: Werner Koch <wk at gnupg.org>
+(cherry picked from commit 17e5afd80f247c356f03c71e8b61da424ffedabb)
+---
+ g10/call-agent.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/g10/call-agent.c b/g10/call-agent.c
+index e6dbb73..7b76933 100644
+--- a/g10/call-agent.c
++++ b/g10/call-agent.c
+@@ -194,8 +194,10 @@ warn_version_mismatch (assuan_context_t ctx, const char *servername, int mode)
+
+ err = get_assuan_server_version (ctx, mode, &serverversion);
+ if (err)
+- log_error (_("error getting version from '%s': %s\n"),
+- servername, gpg_strerror (err));
++ log_log (gpg_err_code (err) == GPG_ERR_NOT_SUPPORTED?
++ GPGRT_LOG_INFO : GPGRT_LOG_ERROR,
++ _("error getting version from '%s': %s\n"),
++ servername, gpg_strerror (err));
+ else if (compare_version_strings (serverversion, myversion) < 0)
+ {
+ char *warn;
diff --git a/debian/patches/series b/debian/patches/series
index de9346c..c0e4c24 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -25,3 +25,12 @@ skip-missing-signing-keys/0013-g10-Skip-signing-keys-where-no-secret-key-is-avai
0025-agent-Make-digest-algorithms-for-ssh-fingerprints-co.patch
0026-dirmngr-Re-init-libdns-resolver-on-towel-change-of-r.patch
0027-dirmngr-This-towel-should-better-detect-a-changed-re.patch
+0028-agent-Fix-memory-leaks.patch
+0029-gpg-Fix-typos.patch
+0030-scd-Handle-a-failure-of-libusb_init.patch
+0031-scd-Fix-error-code-on-failure-at-usb_init.patch
+0032-agent-Fix-error-from-do_encryption.patch
+0033-doc-Improve-documentation.patch
+0034-sm-Fix-typo.patch
+0035-sm-Simplify-code.patch
+0036-gpg-Avoid-failure-exit-when-scdaemon-is-disabled-but.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list