[Pkg-gnupg-commit] [gnupg2] 162/166: drop patches already applied upstream
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Mar 16 22:33:20 UTC 2017
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch experimental
in repository gnupg2.
commit 71bc21af02945d1e23a6557239f520942e1c63d5
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Sun Mar 5 01:45:41 2017 +0100
drop patches already applied upstream
---
debian/patches/0012-tools-Fix-memory-leak.patch | 28 --
.../0013-tools-Improve-error-handling.patch | 29 --
.../0014-dirmngr-New-option-disable-ipv4.patch | 245 -------------
...gr-Simplify-error-returning-inside-http.c.patch | 255 --------------
.../0016-gpg-Print-a-warning-on-Tor-problems.patch | 188 ----------
debian/patches/0017-agent-Fix-double-free.patch | 49 ---
...-searching-for-mail-addresses-in-keyrings.patch | 54 ---
...ew-option-no-use-tor-and-internal-changes.patch | 382 ---------------------
.../0020-gpg-Remove-period-at-end-of-warning.patch | 26 --
.../patches/0021-gpg-Add-newline-to-output.patch | 25 --
...int-out-TOFU-statistics-for-conflicts-in-.patch | 187 ----------
...e-is-a-TOFU-conflict-elide-the-too-few-me.patch | 42 ---
...TOFU-bindings-associated-with-UTKs-are-re.patch | 60 ----
...Don-t-assume-that-strtoul-interprets-as-0.patch | 53 ---
...-More-diagnostics-for-a-launched-pinentry.patch | 81 -----
.../0027-doc-Clarify-abbreviation-of-help.patch | 27 --
.../0028-scd-Backport-two-fixes-from-master.patch | 55 ---
.../patches/0029-scd-Fix-use-case-of-PC-SC.patch | 93 -----
debian/patches/0030-scd-Fix-factory-reset.patch | 353 -------------------
debian/patches/series | 19 -
20 files changed, 2251 deletions(-)
diff --git a/debian/patches/0012-tools-Fix-memory-leak.patch b/debian/patches/0012-tools-Fix-memory-leak.patch
deleted file mode 100644
index 4d47557..0000000
--- a/debian/patches/0012-tools-Fix-memory-leak.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Mon, 23 Jan 2017 11:52:30 +0100
-Subject: tools: Fix memory leak.
-
-* tools/gpgconf-comp.c (change_options_file): Fix leak.
---
-Previously, 'src_filename' and 'orig_filename' leaked if creating the
-backup file failed.
-
-Signed-off-by: Justus Winter <justus at g10code.com>
-(cherry picked from commit 5b28f025085b386e0ec49535d4cd3f875a414eb0)
----
- tools/gpgconf-comp.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
-index a25b5136e..85eb80ab5 100644
---- a/tools/gpgconf-comp.c
-+++ b/tools/gpgconf-comp.c
-@@ -2641,6 +2641,8 @@ change_options_file (gc_component_t component, gc_backend_t backend,
- if (res < 0 && errno != ENOENT)
- {
- xfree (dest_filename);
-+ xfree (src_filename);
-+ xfree (orig_filename);
- return -1;
- }
- if (res < 0)
diff --git a/debian/patches/0013-tools-Improve-error-handling.patch b/debian/patches/0013-tools-Improve-error-handling.patch
deleted file mode 100644
index b0034da..0000000
--- a/debian/patches/0013-tools-Improve-error-handling.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Mon, 23 Jan 2017 14:24:22 +0100
-Subject: tools: Improve error handling.
-
-* tools/gpgconf-comp.c (gp_component_change_options): Improve error
-handling when reading from stdin.
---
-Previously, errors encountered while reading the configuration changes
-were ignored.
-
-Signed-off-by: Justus Winter <justus at g10code.com>
-(cherry picked from commit b0348fdb26637b0bcbd68a96c1746a1613b309af)
----
- tools/gpgconf-comp.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
-index 85eb80ab5..180fd65c2 100644
---- a/tools/gpgconf-comp.c
-+++ b/tools/gpgconf-comp.c
-@@ -3328,6 +3328,8 @@ gc_component_change_options (int component, estream_t in, estream_t out,
-
- change_one_value (option, runtime, flags, new_value, 0);
- }
-+ if (length < 0 || gpgrt_ferror (in))
-+ gc_error (1, errno, "error reading stream 'in'");
- }
-
- /* Now that we have collected and locally verified the changes,
diff --git a/debian/patches/0014-dirmngr-New-option-disable-ipv4.patch b/debian/patches/0014-dirmngr-New-option-disable-ipv4.patch
deleted file mode 100644
index 0aa0549..0000000
--- a/debian/patches/0014-dirmngr-New-option-disable-ipv4.patch
+++ /dev/null
@@ -1,245 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Tue, 24 Jan 2017 16:36:28 +0100
-Subject: dirmngr: New option --disable-ipv4.
-
-* dirmngr/dirmngr.c (oDisableIPv4): New const.
-(opts): New option --disable-ipv4.
-(parse_rereadable_options): Set that option.
-* dirmngr/dirmngr.h (opt): New field 'disable_ipv4'.
-* dirmngr/dns-stuff.c (opt_disable_ipv4): bew var.
-(set_dns_disable_ipv4): New.
-(resolve_name_standard): Skip v4 addresses when OPT_DISABLE_IPV4 is
-set.
-* dirmngr/ks-engine-hkp.c (map_host): Ditto.
-(send_request): Pass HTTP_FLAG_IGNORE_IPv4 if opt.disable_v4 is set.
-* dirmngr/crlfetch.c (crl_fetch): Ditto.
-* dirmngr/ks-engine-finger.c (ks_finger_fetch): Ditto.
-* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
-* dirmngr/ocsp.c (do_ocsp_request): Ditto.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 72736af86a501592d974d46ff754a63959e183bd)
----
- dirmngr/crlfetch.c | 4 +++-
- dirmngr/dirmngr.c | 5 +++++
- dirmngr/dirmngr.h | 1 +
- dirmngr/dns-stuff.c | 15 +++++++++++++++
- dirmngr/dns-stuff.h | 4 ++++
- dirmngr/ks-engine-finger.c | 4 +++-
- dirmngr/ks-engine-hkp.c | 8 ++++++--
- dirmngr/ks-engine-http.c | 3 ++-
- dirmngr/ocsp.c | 3 ++-
- doc/dirmngr.texi | 5 +++++
- 10 files changed, 46 insertions(+), 6 deletions(-)
-
-diff --git a/dirmngr/crlfetch.c b/dirmngr/crlfetch.c
-index 8fe6e0b1b..aa82137f7 100644
---- a/dirmngr/crlfetch.c
-+++ b/dirmngr/crlfetch.c
-@@ -198,7 +198,9 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
- err = http_open_document (&hd, url, NULL,
- ((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
- |(DBG_LOOKUP? HTTP_FLAG_LOG_RESP:0)
-- |(opt.use_tor? HTTP_FLAG_FORCE_TOR:0)),
-+ |(opt.use_tor? HTTP_FLAG_FORCE_TOR:0)
-+ |(opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4:0)
-+ ),
- ctrl->http_proxy, NULL, NULL, NULL);
-
- switch ( err? 99999 : http_get_status_code (hd) )
-diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
-index 8d9de9e5a..83356c94c 100644
---- a/dirmngr/dirmngr.c
-+++ b/dirmngr/dirmngr.c
-@@ -111,6 +111,7 @@ enum cmd_and_opt_values {
- oBatch,
- oDisableHTTP,
- oDisableLDAP,
-+ oDisableIPv4,
- oIgnoreLDAPDP,
- oIgnoreHTTPDP,
- oIgnoreOCSPSvcUrl,
-@@ -224,6 +225,8 @@ static ARGPARSE_OPTS opts[] = {
-
- ARGPARSE_s_n (oUseTor, "use-tor", N_("route all network traffic via Tor")),
-
-+ ARGPARSE_s_n (oDisableIPv4, "disable-ipv4", "@"),
-+
- ARGPARSE_s_s (oSocketName, "socket-name", "@"), /* Only for debugging. */
-
- ARGPARSE_s_u (oFakedSystemTime, "faked-system-time", "@"), /*(epoch time)*/
-@@ -586,6 +589,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
-
- case oDisableHTTP: opt.disable_http = 1; break;
- case oDisableLDAP: opt.disable_ldap = 1; break;
-+ case oDisableIPv4: opt.disable_ipv4 = 1; break;
- case oHonorHTTPProxy: opt.honor_http_proxy = 1; break;
- case oHTTPProxy: opt.http_proxy = pargs->r.ret_str; break;
- case oLDAPProxy: opt.ldap_proxy = pargs->r.ret_str; break;
-@@ -645,6 +649,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
-
- set_dns_verbose (opt.verbose, !!DBG_DNS);
- http_set_verbose (opt.verbose, !!DBG_NETWORK);
-+ set_dns_disable_ipv4 (opt.disable_ipv4);
-
- return 1; /* Handled. */
- }
-diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h
-index acd4c636d..fd80d7237 100644
---- a/dirmngr/dirmngr.h
-+++ b/dirmngr/dirmngr.h
-@@ -98,6 +98,7 @@ struct
-
- int disable_http; /* Do not use HTTP at all. */
- int disable_ldap; /* Do not use LDAP at all. */
-+ int disable_ipv4; /* Do not use leagacy IP addresses. */
- int honor_http_proxy; /* Honor the http_proxy env variable. */
- const char *http_proxy; /* The default HTTP proxy. */
- const char *ldap_proxy; /* Use given LDAP proxy. */
-diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
-index 9347196b3..ad19fc2ce 100644
---- a/dirmngr/dns-stuff.c
-+++ b/dirmngr/dns-stuff.c
-@@ -119,6 +119,10 @@ static int opt_debug;
- /* The timeout in seconds for libdns requests. */
- static int opt_timeout;
-
-+/* The flag to disable IPv4 access - right now this only skips
-+ * returned A records. */
-+static int opt_disable_ipv4;
-+
- /* If set force the use of the standard resolver. */
- static int standard_resolver;
-
-@@ -227,6 +231,15 @@ set_dns_verbose (int verbose, int debug)
- }
-
-
-+/* Set the Disable-IPv4 flag so that the name resolver does not return
-+ * A addresses. */
-+void
-+set_dns_disable_ipv4 (int yes)
-+{
-+ opt_disable_ipv4 = !!yes;
-+}
-+
-+
- /* Set the timeout for libdns requests to SECONDS. A value of 0 sets
- * the default timeout and values are capped at 10 minutes. */
- void
-@@ -873,6 +886,8 @@ resolve_name_standard (const char *name, unsigned short port,
- {
- if (ai->ai_family != AF_INET6 && ai->ai_family != AF_INET)
- continue;
-+ if (opt_disable_ipv4 && ai->ai_family == AF_INET)
-+ continue;
-
- dai = xtrymalloc (sizeof *dai + ai->ai_addrlen - 1);
- dai->family = ai->ai_family;
-diff --git a/dirmngr/dns-stuff.h b/dirmngr/dns-stuff.h
-index d68dd1728..9eb97fd6a 100644
---- a/dirmngr/dns-stuff.h
-+++ b/dirmngr/dns-stuff.h
-@@ -95,6 +95,10 @@ struct srventry
- /* Set verbosity and debug mode for this module. */
- void set_dns_verbose (int verbose, int debug);
-
-+/* Set the Disable-IPv4 flag so that the name resolver does not return
-+ * A addresses. */
-+void set_dns_disable_ipv4 (int yes);
-+
- /* Set the timeout for libdns requests to SECONDS. */
- void set_dns_timeout (int seconds);
-
-diff --git a/dirmngr/ks-engine-finger.c b/dirmngr/ks-engine-finger.c
-index b1f02ad7d..114f2e9ac 100644
---- a/dirmngr/ks-engine-finger.c
-+++ b/dirmngr/ks-engine-finger.c
-@@ -83,7 +83,9 @@ ks_finger_fetch (ctrl_t ctrl, parsed_uri_t uri, estream_t *r_fp)
- *server++ = 0;
-
- err = http_raw_connect (&http, server, 79,
-- (opt.use_tor? HTTP_FLAG_FORCE_TOR : 0), NULL);
-+ ((opt.use_tor? HTTP_FLAG_FORCE_TOR : 0)
-+ | (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)),
-+ NULL);
- if (err)
- {
- xfree (name);
-diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
-index 2b90441e2..dad83efcd 100644
---- a/dirmngr/ks-engine-hkp.c
-+++ b/dirmngr/ks-engine-hkp.c
-@@ -526,6 +526,8 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect,
- {
- if (ai->family != AF_INET && ai->family != AF_INET6)
- continue;
-+ if (opt.disable_ipv4 && ai->family == AF_INET)
-+ continue;
- dirmngr_tick (ctrl);
-
- add_host (name, is_pool, ai, 0, reftbl, reftblsize, &refidx);
-@@ -607,7 +609,8 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect,
- {
- for (ai = aibuf; ai; ai = ai->next)
- {
-- if (ai->family == AF_INET6 || ai->family == AF_INET)
-+ if (ai->family == AF_INET6
-+ || (!opt.disable_ipv4 && ai->family == AF_INET))
- {
- err = resolve_dns_addr (ai->addr, ai->addrlen, 0, &host);
- if (!err)
-@@ -1058,7 +1061,8 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
- /* fixme: AUTH */ NULL,
- (httpflags
- |(opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
-- |(opt.use_tor? HTTP_FLAG_FORCE_TOR:0)),
-+ |(opt.use_tor? HTTP_FLAG_FORCE_TOR:0)
-+ |(opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)),
- ctrl->http_proxy,
- session,
- NULL,
-diff --git a/dirmngr/ks-engine-http.c b/dirmngr/ks-engine-http.c
-index 858c943ea..dbbf4bb79 100644
---- a/dirmngr/ks-engine-http.c
-+++ b/dirmngr/ks-engine-http.c
-@@ -88,7 +88,8 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
- /* httphost */ NULL,
- /* fixme: AUTH */ NULL,
- ((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
-- | (opt.use_tor? HTTP_FLAG_FORCE_TOR:0)),
-+ | (opt.use_tor? HTTP_FLAG_FORCE_TOR:0)
-+ | (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)),
- ctrl->http_proxy,
- session,
- NULL,
-diff --git a/dirmngr/ocsp.c b/dirmngr/ocsp.c
-index 9127cf754..b46c78567 100644
---- a/dirmngr/ocsp.c
-+++ b/dirmngr/ocsp.c
-@@ -174,7 +174,8 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md,
- once_more:
- err = http_open (&http, HTTP_REQ_POST, url, NULL, NULL,
- ((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
-- | (opt.use_tor? HTTP_FLAG_FORCE_TOR:0)),
-+ | (opt.use_tor? HTTP_FLAG_FORCE_TOR:0)
-+ | (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)),
- ctrl->http_proxy, NULL, NULL, NULL);
- if (err)
- {
-diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
-index dd104273d..b00c2d377 100644
---- a/doc/dirmngr.texi
-+++ b/doc/dirmngr.texi
-@@ -312,6 +312,11 @@ not be used a different one can be given using this option. Note that
- a numerical IP address must be given (IPv6 or IPv4) and that no error
- checking is done for @var{ipaddr}.
-
-+ at item --disable-ipv4
-+ at opindex disable-ipv4
-+Disable the use of all IPv4 addresses. This option is mainly useful
-+for debugging.
-+
- @item --disable-ldap
- @opindex disable-ldap
- Entirely disables the use of LDAP.
diff --git a/debian/patches/0015-dirmngr-Simplify-error-returning-inside-http.c.patch b/debian/patches/0015-dirmngr-Simplify-error-returning-inside-http.c.patch
deleted file mode 100644
index bcf4ee6..0000000
--- a/debian/patches/0015-dirmngr-Simplify-error-returning-inside-http.c.patch
+++ /dev/null
@@ -1,255 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Tue, 24 Jan 2017 18:41:43 +0100
-Subject: dirmngr: Simplify error returning inside http.c.
-
-* dirmngr/http.c (connect_server): Change to return an gpg_error_t
-and to store socket at the passed address.
-(http_raw_connect, send_request): Adjust accordingly.
---
-
-This change removes cruft from the code and allows to return the error
-code from the name lookup.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 51e5a5e5a46279809848b4ab4419f35045336010)
----
- dirmngr/http.c | 101 ++++++++++++++++++++++++++++-----------------------------
- 1 file changed, 50 insertions(+), 51 deletions(-)
-
-diff --git a/dirmngr/http.c b/dirmngr/http.c
-index 35877d241..fe9c3c734 100644
---- a/dirmngr/http.c
-+++ b/dirmngr/http.c
-@@ -155,9 +155,9 @@ static gpg_error_t send_request (http_t hd, const char *httphost,
- static char *build_rel_path (parsed_uri_t uri);
- static gpg_error_t parse_response (http_t hd);
-
--static assuan_fd_t connect_server (const char *server, unsigned short port,
-+static gpg_error_t connect_server (const char *server, unsigned short port,
- unsigned int flags, const char *srvtag,
-- int *r_host_not_found);
-+ assuan_fd_t *r_sock);
- static gpg_error_t write_server (int sock, const char *data, size_t length);
-
- static gpgrt_ssize_t cookie_read (void *cookie, void *buffer, size_t size);
-@@ -924,7 +924,6 @@ http_raw_connect (http_t *r_hd, const char *server, unsigned short port,
- gpg_error_t err = 0;
- http_t hd;
- cookie_t cookie;
-- int hnf;
-
- *r_hd = NULL;
-
-@@ -950,12 +949,9 @@ http_raw_connect (http_t *r_hd, const char *server, unsigned short port,
- {
- assuan_fd_t sock;
-
-- sock = connect_server (server, port, hd->flags, srvtag, &hnf);
-- if (sock == ASSUAN_INVALID_FD)
-+ err = connect_server (server, port, hd->flags, srvtag, &sock);
-+ if (err)
- {
-- err = gpg_err_make (default_errsource,
-- (hnf? GPG_ERR_UNKNOWN_HOST
-- : gpg_err_code_from_syserror ()));
- xfree (hd);
- return err;
- }
-@@ -1643,7 +1639,6 @@ send_request (http_t hd, const char *httphost, const char *auth,
- char *proxy_authstr = NULL;
- char *authstr = NULL;
- int sock;
-- int hnf;
-
- if (hd->uri->use_tls && !hd->session)
- {
-@@ -1713,7 +1708,6 @@ send_request (http_t hd, const char *httphost, const char *auth,
- && *http_proxy ))
- {
- parsed_uri_t uri;
-- int save_errno;
-
- if (proxy)
- http_proxy = proxy;
-@@ -1760,25 +1754,20 @@ send_request (http_t hd, const char *httphost, const char *auth,
- }
- }
-
-- sock = connect_server (*uri->host ? uri->host : "localhost",
-- uri->port ? uri->port : 80,
-- hd->flags, srvtag, &hnf);
-- save_errno = errno;
-+ err = connect_server (*uri->host ? uri->host : "localhost",
-+ uri->port ? uri->port : 80,
-+ hd->flags, srvtag, &sock);
- http_release_parsed_uri (uri);
-- if (sock == ASSUAN_INVALID_FD)
-- gpg_err_set_errno (save_errno);
- }
- else
- {
-- sock = connect_server (server, port, hd->flags, srvtag, &hnf);
-+ err = connect_server (server, port, hd->flags, srvtag, &sock);
- }
-
-- if (sock == ASSUAN_INVALID_FD)
-+ if (err)
- {
- xfree (proxy_authstr);
-- return gpg_err_make (default_errsource,
-- (hnf? GPG_ERR_UNKNOWN_HOST
-- : gpg_err_code_from_syserror ()));
-+ return err;
- }
- hd->sock = my_socket_new (sock);
- if (!hd->sock)
-@@ -1788,7 +1777,6 @@ send_request (http_t hd, const char *httphost, const char *auth,
- }
-
-
--
- #if HTTP_USE_NTBTLS
- if (hd->uri->use_tls)
- {
-@@ -2476,11 +2464,13 @@ my_sock_new_for_addr (struct sockaddr *addr, int type, int proto)
- }
-
-
--/* Actually connect to a server. Returns the file descriptor or -1 on
-- error. ERRNO is set on error. */
--static assuan_fd_t
-+/* Actually connect to a server. On success 0 is returned and the
-+ * file descriptor for the socket is stored at R_SOCK; on error an
-+ * error code is returned and ASSUAN_INVALID_FD is stored at
-+ * R_SOCK. */
-+static gpg_error_t
- connect_server (const char *server, unsigned short port,
-- unsigned int flags, const char *srvtag, int *r_host_not_found)
-+ unsigned int flags, const char *srvtag, assuan_fd_t *r_sock)
- {
- gpg_error_t err;
- assuan_fd_t sock = ASSUAN_INVALID_FD;
-@@ -2488,11 +2478,11 @@ connect_server (const char *server, unsigned short port,
- int hostfound = 0;
- int anyhostaddr = 0;
- int srv, connected;
-- int last_errno = 0;
-+ gpg_error_t last_err = 0;
- struct srventry *serverlist = NULL;
-- int ret;
-
-- *r_host_not_found = 0;
-+ *r_sock = ASSUAN_INVALID_FD;
-+
- #if defined(HAVE_W32_SYSTEM) && !defined(HTTP_NO_WSASTARTUP)
- init_sockets ();
- #endif /*Windows*/
-@@ -2509,18 +2499,21 @@ connect_server (const char *server, unsigned short port,
- ASSUAN_SOCK_TOR);
- if (sock == ASSUAN_INVALID_FD)
- {
-- if (errno == EHOSTUNREACH)
-- *r_host_not_found = 1;
-- log_error ("can't connect to '%s': %s\n", server, strerror (errno));
-+ err = gpg_err_make (default_errsource,
-+ (errno == EHOSTUNREACH)? GPG_ERR_UNKNOWN_HOST
-+ : gpg_err_code_from_syserror ());
-+ log_error ("can't connect to '%s': %s\n", server, gpg_strerror (err));
-+ return err;
- }
-- else
-- notify_netactivity ();
-- return sock;
-+
-+ notify_netactivity ();
-+ *r_sock = sock;
-+ return 0;
-
- #else /*!ASSUAN_SOCK_TOR*/
-
-- gpg_err_set_errno (ENETUNREACH);
-- return -1; /* Out of core. */
-+ err = gpg_err_make (default_errsource, GPG_ERR_ENETUNREACH);
-+ return ASSUAN_INVALID_FD;
-
- #endif /*!HASSUAN_SOCK_TOR*/
- }
-@@ -2533,6 +2526,7 @@ connect_server (const char *server, unsigned short port,
- log_info ("getting '%s' SRV for '%s' failed: %s\n",
- srvtag, server, gpg_strerror (err));
- /* Note that on error SRVCOUNT is zero. */
-+ err = 0;
- }
-
- if (!serverlist)
-@@ -2541,7 +2535,8 @@ connect_server (const char *server, unsigned short port,
- up a fake SRV record. */
- serverlist = xtrycalloc (1, sizeof *serverlist);
- if (!serverlist)
-- return -1; /* Out of core. */
-+ return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
-+
- serverlist->port = port;
- strncpy (serverlist->target, server, DIMof (struct srventry, target));
- serverlist->target[DIMof (struct srventry, target)-1] = '\0';
-@@ -2562,6 +2557,7 @@ connect_server (const char *server, unsigned short port,
- {
- log_info ("resolving '%s' failed: %s\n",
- serverlist[srv].target, gpg_strerror (err));
-+ last_err = err;
- continue; /* Not found - try next one. */
- }
- hostfound = 1;
-@@ -2578,18 +2574,20 @@ connect_server (const char *server, unsigned short port,
- sock = my_sock_new_for_addr (ai->addr, ai->socktype, ai->protocol);
- if (sock == ASSUAN_INVALID_FD)
- {
-- int save_errno = errno;
-- log_error ("error creating socket: %s\n", strerror (errno));
-+ err = gpg_err_make (default_errsource,
-+ gpg_err_code_from_syserror ());
-+ log_error ("error creating socket: %s\n", gpg_strerror (err));
- free_dns_addrinfo (aibuf);
- xfree (serverlist);
-- errno = save_errno;
-- return ASSUAN_INVALID_FD;
-+ return err;
- }
-
- anyhostaddr = 1;
-- ret = assuan_sock_connect (sock, ai->addr, ai->addrlen);
-- if (ret)
-- last_errno = errno;
-+ if (assuan_sock_connect (sock, ai->addr, ai->addrlen))
-+ {
-+ last_err = gpg_err_make (default_errsource,
-+ gpg_err_code_from_syserror ());
-+ }
- else
- {
- connected = 1;
-@@ -2616,17 +2614,18 @@ connect_server (const char *server, unsigned short port,
- server, (int)WSAGetLastError());
- #else
- log_error ("can't connect to '%s': %s\n",
-- server, strerror (last_errno));
-+ server, gpg_strerror (last_err));
- #endif
- }
-- if (!hostfound || (hostfound && !anyhostaddr))
-- *r_host_not_found = 1;
-+ err = last_err? last_err : gpg_err_make (default_errsource,
-+ GPG_ERR_UNKNOWN_HOST);
- if (sock != ASSUAN_INVALID_FD)
- assuan_sock_close (sock);
-- gpg_err_set_errno (last_errno);
-- return ASSUAN_INVALID_FD;
-+ return err;
- }
-- return sock;
-+
-+ *r_sock = sock;
-+ return 0;
- }
-
-
diff --git a/debian/patches/0016-gpg-Print-a-warning-on-Tor-problems.patch b/debian/patches/0016-gpg-Print-a-warning-on-Tor-problems.patch
deleted file mode 100644
index 1979069..0000000
--- a/debian/patches/0016-gpg-Print-a-warning-on-Tor-problems.patch
+++ /dev/null
@@ -1,188 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Tue, 24 Jan 2017 20:45:31 +0100
-Subject: gpg: Print a warning on Tor problems.
-
-* dirmngr/ks-engine-hkp.c (tor_not_running_p): New.
-(map_host): Call that to print a warning.
-(handle_send_request_error): Ditto and avoid marking the host dead.
-Also print a tor_config_problem warning. Add arg CTRL; adjust callers
-to pass that new arg.
-* g10/call-dirmngr.c (ks_status_cb): Detect and print the new
-warnings.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 770b75a746836773909af25ccb9b480e61cea677)
----
- dirmngr/ks-engine-hkp.c | 60 ++++++++++++++++++++++++++++++++++++-------------
- g10/call-dirmngr.c | 26 ++++++++++++++++++++-
- 2 files changed, 70 insertions(+), 16 deletions(-)
-
-diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
-index dad83efcd..858cd2f26 100644
---- a/dirmngr/ks-engine-hkp.c
-+++ b/dirmngr/ks-engine-hkp.c
-@@ -278,6 +278,31 @@ arecords_is_pool (dns_addrinfo_t aibuf)
- }
-
-
-+/* Print a warninng iff Tor is not running but Tor has been requested.
-+ * Also return true if it is not running. */
-+static int
-+tor_not_running_p (ctrl_t ctrl)
-+{
-+ assuan_fd_t sock;
-+
-+ if (!opt.use_tor)
-+ return 0;
-+
-+ sock = assuan_sock_connect_byname (NULL, 0, 0, NULL, ASSUAN_SOCK_TOR);
-+ if (sock != ASSUAN_INVALID_FD)
-+ {
-+ assuan_sock_close (sock);
-+ return 0;
-+ }
-+
-+ log_info ("(it seems Tor is not running)\n");
-+ dirmngr_status (ctrl, "WARNING", "tor_not_running 0",
-+ "Tor is enabled but the local Tor daemon"
-+ " seems to be down", NULL);
-+ return 1;
-+}
-+
-+
- /* Add the host AI under the NAME into the HOSTTABLE. If PORT is not
- zero, it specifies which port to use to talk to the host. If NAME
- specifies a pool (as indicated by IS_POOL), update the given
-@@ -475,6 +500,8 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect,
- if (err)
- {
- xfree (reftbl);
-+ if (gpg_err_code (err) == GPG_ERR_ECONNREFUSED)
-+ tor_not_running_p (ctrl);
- return err;
- }
-
-@@ -1180,13 +1207,13 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
- }
-
-
--/* Helper to evaluate the error code ERR form a send_request() call
-+/* Helper to evaluate the error code ERR from a send_request() call
- with REQUEST. The function returns true if the caller shall try
- again. TRIES_LEFT points to a variable to track the number of
- retries; this function decrements it and won't return true if it is
- down to zero. */
- static int
--handle_send_request_error (gpg_error_t err, const char *request,
-+handle_send_request_error (ctrl_t ctrl, gpg_error_t err, const char *request,
- unsigned int *tries_left)
- {
- int retry = 0;
-@@ -1197,16 +1224,9 @@ handle_send_request_error (gpg_error_t err, const char *request,
- switch (gpg_err_code (err))
- {
- case GPG_ERR_ECONNREFUSED:
-- if (opt.use_tor)
-- {
-- assuan_fd_t sock;
--
-- sock = assuan_sock_connect_byname (NULL, 0, 0, NULL, ASSUAN_SOCK_TOR);
-- if (sock == ASSUAN_INVALID_FD)
-- log_info ("(it seems Tor is not running)\n");
-- else
-- assuan_sock_close (sock);
-- }
-+ if (tor_not_running_p (ctrl))
-+ break; /* A retry does not make sense. */
-+ /* Okay: Tor is up or --use-tor is not used. */
- /*FALLTHRU*/
- case GPG_ERR_ENETUNREACH:
- case GPG_ERR_ENETDOWN:
-@@ -1224,6 +1244,16 @@ handle_send_request_error (gpg_error_t err, const char *request,
- }
- break;
-
-+ case GPG_ERR_EACCES:
-+ if (opt.use_tor)
-+ {
-+ log_info ("(Tor configuration problem)\n");
-+ dirmngr_status (ctrl, "WARNING", "tor_config_problem 0",
-+ "Please check that the \"SocksPort\" flag "
-+ "\"IPv6Traffic\" is set in torrc", NULL);
-+ }
-+ break;
-+
- default:
- break;
- }
-@@ -1334,7 +1364,7 @@ ks_hkp_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
- /* Send the request. */
- err = send_request (ctrl, request, hostport, httphost, httpflags,
- NULL, NULL, &fp, r_http_status);
-- if (handle_send_request_error (err, request, &tries))
-+ if (handle_send_request_error (ctrl, err, request, &tries))
- {
- reselect = 1;
- goto again;
-@@ -1468,7 +1498,7 @@ ks_hkp_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec, estream_t *r_fp)
- /* Send the request. */
- err = send_request (ctrl, request, hostport, httphost, httpflags,
- NULL, NULL, &fp, NULL);
-- if (handle_send_request_error (err, request, &tries))
-+ if (handle_send_request_error (ctrl, err, request, &tries))
- {
- reselect = 1;
- goto again;
-@@ -1577,7 +1607,7 @@ ks_hkp_put (ctrl_t ctrl, parsed_uri_t uri, const void *data, size_t datalen)
- /* Send the request. */
- err = send_request (ctrl, request, hostport, httphost, 0,
- put_post_cb, &parm, &fp, NULL);
-- if (handle_send_request_error (err, request, &tries))
-+ if (handle_send_request_error (ctrl, err, request, &tries))
- {
- reselect = 1;
- goto again;
-diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c
-index 4be9da117..2f2ba982e 100644
---- a/g10/call-dirmngr.c
-+++ b/g10/call-dirmngr.c
-@@ -374,7 +374,8 @@ ks_status_cb (void *opaque, const char *line)
- {
- struct ks_status_parm_s *parm = opaque;
- gpg_error_t err = 0;
-- const char *s;
-+ const char *s, *s2;
-+ const char *warn;
-
- if ((s = has_leading_keyword (line, parm->keyword? parm->keyword : "SOURCE")))
- {
-@@ -385,6 +386,29 @@ ks_status_cb (void *opaque, const char *line)
- err = gpg_error_from_syserror ();
- }
- }
-+ else if ((s = has_leading_keyword (line, "WARNING")))
-+ {
-+ if ((s2 = has_leading_keyword (s, "tor_not_running")))
-+ warn = _("Tor is not running");
-+ else if ((s2 = has_leading_keyword (s, "tor_config_problem")))
-+ warn = _("Tor is not properly configured");
-+ else
-+ warn = NULL;
-+
-+ if (warn)
-+ {
-+ log_info (_("WARNING: %s\n"), warn);
-+ if (s2)
-+ {
-+ while (*s2 && !spacep (s2))
-+ s2++;
-+ while (*s2 && spacep (s2))
-+ s2++;
-+ if (*s2)
-+ print_further_info ("%s", s2);
-+ }
-+ }
-+ }
-
- return err;
- }
diff --git a/debian/patches/0017-agent-Fix-double-free.patch b/debian/patches/0017-agent-Fix-double-free.patch
deleted file mode 100644
index b3d96ed..0000000
--- a/debian/patches/0017-agent-Fix-double-free.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Wed, 25 Jan 2017 13:51:57 +0100
-Subject: agent: Fix double free.
-
-* agent/cache.c (agent_store_cache_hit): Make sure the update is
-atomic.
---
-Previously, the function freed the last key, and duplicated the new
-key after doing that. There is a chance, however, that calling the
-allocator surrenders control to a different thread, causing a double
-free if a different thread also calls this function.
-
-To make sure the update is atomic under the non-preemptive thread
-model, we must make sure not to surrender control to a different
-thread. Therefore, we avoid calling the allocator during the
-update.
-
-Signed-off-by: Justus Winter <justus at g10code.com>
-(cherry picked from commit e175152ef7515921635bf1e00383e812668d13fc)
----
- agent/cache.c | 17 +++++++++++++++--
- 1 file changed, 15 insertions(+), 2 deletions(-)
-
-diff --git a/agent/cache.c b/agent/cache.c
-index f58eaeaaa..248368277 100644
---- a/agent/cache.c
-+++ b/agent/cache.c
-@@ -475,6 +475,19 @@ agent_get_cache (const char *key, cache_mode_t cache_mode)
- void
- agent_store_cache_hit (const char *key)
- {
-- xfree (last_stored_cache_key);
-- last_stored_cache_key = key? xtrystrdup (key) : NULL;
-+ char *new;
-+ char *old;
-+
-+ /* To make sure the update is atomic under the non-preemptive thread
-+ * model, we must make sure not to surrender control to a different
-+ * thread. Therefore, we avoid calling the allocator during the
-+ * update. */
-+ new = key ? xtrystrdup (key) : NULL;
-+
-+ /* Atomic update. */
-+ old = last_stored_cache_key;
-+ last_stored_cache_key = new;
-+ /* Done. */
-+
-+ xfree (old);
- }
diff --git a/debian/patches/0018-gpg-Fix-searching-for-mail-addresses-in-keyrings.patch b/debian/patches/0018-gpg-Fix-searching-for-mail-addresses-in-keyrings.patch
deleted file mode 100644
index 6365109..0000000
--- a/debian/patches/0018-gpg-Fix-searching-for-mail-addresses-in-keyrings.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From: Justus Winter <justus at g10code.com>
-Date: Wed, 25 Jan 2017 16:33:20 +0100
-Subject: gpg: Fix searching for mail addresses in keyrings.
-
-* g10/keyring.c (compare_name): Fix KEYDB_SEARCH_MODE_MAIL* searches
-in keyrings when the UID is a plain addr-spec.
---
-Previously, 'gpg --list-key "<foo at example.org>"' failed if 1/ the
-keyring format is used and 2/ the key's UID is a plain addr-spec
-(cf. RFC2822 section 4.3), e.g. 'foo at example.org'.
-
-GnuPG-bug-id: 2930
-Signed-off-by: Justus Winter <justus at g10code.com>
-(cherry picked from commit 3f4f20ee6eff052c88647b820d9ecfdbd8df0f40)
----
- g10/keyring.c | 22 ++++++++++++++++++----
- 1 file changed, 18 insertions(+), 4 deletions(-)
-
-diff --git a/g10/keyring.c b/g10/keyring.c
-index f1281e98e..328290ed8 100644
---- a/g10/keyring.c
-+++ b/g10/keyring.c
-@@ -928,13 +928,27 @@ compare_name (int mode, const char *name, const char *uid, size_t uidlen)
- else if ( mode == KEYDB_SEARCH_MODE_MAIL
- || mode == KEYDB_SEARCH_MODE_MAILSUB
- || mode == KEYDB_SEARCH_MODE_MAILEND) {
-+ int have_angles = 1;
- for (i=0, s= uid; i < uidlen && *s != '<'; s++, i++)
- ;
-+ if (i == uidlen)
-+ {
-+ /* The UID is a plain addr-spec (cf. RFC2822 section 4.3). */
-+ have_angles = 0;
-+ s = uid;
-+ i = 0;
-+ }
- if (i < uidlen) {
-- /* skip opening delim and one char and look for the closing one*/
-- s++; i++;
-- for (se=s+1, i++; i < uidlen && *se != '>'; se++, i++)
-- ;
-+ if (have_angles)
-+ {
-+ /* skip opening delim and one char and look for the closing one*/
-+ s++; i++;
-+ for (se=s+1, i++; i < uidlen && *se != '>'; se++, i++)
-+ ;
-+ }
-+ else
-+ se = s + uidlen;
-+
- if (i < uidlen) {
- i = se - s;
- if (mode == KEYDB_SEARCH_MODE_MAIL) {
diff --git a/debian/patches/0019-dirmngr-New-option-no-use-tor-and-internal-changes.patch b/debian/patches/0019-dirmngr-New-option-no-use-tor-and-internal-changes.patch
deleted file mode 100644
index f936685..0000000
--- a/debian/patches/0019-dirmngr-New-option-no-use-tor-and-internal-changes.patch
+++ /dev/null
@@ -1,382 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Wed, 1 Feb 2017 17:54:14 +0100
-Subject: dirmngr: New option --no-use-tor and internal changes.
-
-* dirmngr/dns-stuff.c (disable_dns_tormode): New.
-* dirmngr/dirmngr.c (oNoUseTor): New const.
-(opts): New option --no-use-tor.
-(tor_mode): New var.
-(parse_rereadable_options): Change to use TOR_MODE.
-(dirmngr_use_tor): New.
-(set_tor_mode): Call disable_dns_tormode. Implement oNoUseTor.
-* dirmngr/dirmngr.h (opt): Remove field 'use_tor'. Replace all
-references by a call to dirmngr_use_tor().
-* dirmngr/server.c (cmd_getinfo): Distinguish between default and
-enforced TOR_MODE.
---
-
-This patch replaces the global variable opt.use_tar by a function
-testing a file local mode flag. This patch prepares for a
-use-tor-if-available mode.
-
-GnuPG-bug-id: 2935
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 7440119e729d3fdedda8a9b44b70f8959beea8d7)
----
- dirmngr/crlfetch.c | 10 +++++-----
- dirmngr/dirmngr.c | 46 +++++++++++++++++++++++++++++++++++++++++++---
- dirmngr/dirmngr.h | 3 +--
- dirmngr/dns-stuff.c | 8 ++++++++
- dirmngr/dns-stuff.h | 1 +
- dirmngr/ks-engine-finger.c | 2 +-
- dirmngr/ks-engine-hkp.c | 6 +++---
- dirmngr/ks-engine-http.c | 2 +-
- dirmngr/ks-engine-ldap.c | 6 +++---
- dirmngr/ocsp.c | 4 ++--
- dirmngr/server.c | 10 +++++++---
- 11 files changed, 75 insertions(+), 23 deletions(-)
-
-diff --git a/dirmngr/crlfetch.c b/dirmngr/crlfetch.c
-index aa82137f7..337fe6e4d 100644
---- a/dirmngr/crlfetch.c
-+++ b/dirmngr/crlfetch.c
-@@ -198,7 +198,7 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
- err = http_open_document (&hd, url, NULL,
- ((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
- |(DBG_LOOKUP? HTTP_FLAG_LOG_RESP:0)
-- |(opt.use_tor? HTTP_FLAG_FORCE_TOR:0)
-+ |(dirmngr_use_tor()? HTTP_FLAG_FORCE_TOR:0)
- |(opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4:0)
- ),
- ctrl->http_proxy, NULL, NULL, NULL);
-@@ -292,7 +292,7 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
- "LDAP");
- err = gpg_error (GPG_ERR_NOT_SUPPORTED);
- }
-- else if (opt.use_tor)
-+ else if (dirmngr_use_tor ())
- {
- /* For now we do not support LDAP over Tor. */
- log_error (_("CRL access not possible due to Tor mode\n"));
-@@ -318,7 +318,7 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
- gpg_error_t
- crl_fetch_default (ctrl_t ctrl, const char *issuer, ksba_reader_t *reader)
- {
-- if (opt.use_tor)
-+ if (dirmngr_use_tor ())
- {
- /* For now we do not support LDAP over Tor. */
- log_error (_("CRL access not possible due to Tor mode\n"));
-@@ -350,7 +350,7 @@ crl_fetch_default (ctrl_t ctrl, const char *issuer, ksba_reader_t *reader)
- gpg_error_t
- ca_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context, const char *dn)
- {
-- if (opt.use_tor)
-+ if (dirmngr_use_tor ())
- {
- /* For now we do not support LDAP over Tor. */
- log_error (_("CRL access not possible due to Tor mode\n"));
-@@ -377,7 +377,7 @@ gpg_error_t
- start_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context,
- strlist_t patterns, const ldap_server_t server)
- {
-- if (opt.use_tor)
-+ if (dirmngr_use_tor ())
- {
- /* For now we do not support LDAP over Tor. */
- log_error (_("CRL access not possible due to Tor mode\n"));
-diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
-index 83356c94c..43e9cbd07 100644
---- a/dirmngr/dirmngr.c
-+++ b/dirmngr/dirmngr.c
-@@ -138,6 +138,7 @@ enum cmd_and_opt_values {
- oHTTPWrapperProgram,
- oIgnoreCertExtension,
- oUseTor,
-+ oNoUseTor,
- oKeyServer,
- oNameServer,
- oDisableCheckOwnSocket,
-@@ -224,6 +225,7 @@ static ARGPARSE_OPTS opts[] = {
- N_("|FILE|use the CA certificates in FILE for HKP over TLS")),
-
- ARGPARSE_s_n (oUseTor, "use-tor", N_("route all network traffic via Tor")),
-+ ARGPARSE_s_n (oNoUseTor, "no-use-tor", "@"),
-
- ARGPARSE_s_n (oDisableIPv4, "disable-ipv4", "@"),
-
-@@ -300,6 +302,16 @@ static volatile int shutdown_pending;
- /* Flags to indicate that we shall not watch our own socket. */
- static int disable_check_own_socket;
-
-+/* Flag to control the Tor mode. */
-+static enum
-+ { TOR_MODE_AUTO = 0, /* Switch to NO or YES */
-+ TOR_MODE_NEVER, /* Never use Tor. */
-+ TOR_MODE_NO, /* Do not use Tor */
-+ TOR_MODE_YES, /* Use Tor */
-+ TOR_MODE_FORCE /* Force using Tor */
-+ } tor_mode;
-+
-+
- /* Counter for the active connections. */
- static int active_connections;
-
-@@ -475,7 +487,7 @@ set_debug (void)
- static void
- set_tor_mode (void)
- {
-- if (opt.use_tor)
-+ if (dirmngr_use_tor ())
- {
- /* Enable Tor mode and when called again force a new curcuit
- * (e.g. on SIGHUP). */
-@@ -486,6 +498,26 @@ set_tor_mode (void)
- log_info ("(is your Libassuan recent enough?)\n");
- }
- }
-+ else
-+ disable_dns_tormode ();
-+}
-+
-+
-+/* Return true if Tor shall be used. */
-+int
-+dirmngr_use_tor (void)
-+{
-+ if (tor_mode == TOR_MODE_AUTO)
-+ {
-+ /* FIXME: Figure out whether Tor is running. */
-+ }
-+
-+ if (tor_mode == TOR_MODE_FORCE)
-+ return 2; /* Use Tor (using 2 to indicate force mode) */
-+ else if (tor_mode == TOR_MODE_YES)
-+ return 1; /* Use Tor */
-+ else
-+ return 0; /* Do not use Tor. */
- }
-
-
-@@ -548,7 +580,9 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
- FREE_STRLIST (opt.ignored_cert_extensions);
- http_register_tls_ca (NULL);
- FREE_STRLIST (opt.keyserver);
-- /* Note: We do not allow resetting of opt.use_tor at runtime. */
-+ /* Note: We do not allow resetting of TOR_MODE_FORCE at runtime. */
-+ if (tor_mode != TOR_MODE_FORCE)
-+ tor_mode = TOR_MODE_AUTO;
- disable_check_own_socket = 0;
- enable_standard_resolver (0);
- set_dns_timeout (0);
-@@ -625,7 +659,13 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
- add_to_strlist (&opt.ignored_cert_extensions, pargs->r.ret_str);
- break;
-
-- case oUseTor: opt.use_tor = 1; break;
-+ case oUseTor:
-+ tor_mode = TOR_MODE_FORCE;
-+ break;
-+ case oNoUseTor:
-+ if (tor_mode != TOR_MODE_FORCE)
-+ tor_mode = TOR_MODE_NEVER;
-+ break;
-
- case oStandardResolver: enable_standard_resolver (1); break;
- case oRecursiveResolver: enable_recursive_resolver (1); break;
-diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h
-index fd80d7237..6a4fd003f 100644
---- a/dirmngr/dirmngr.h
-+++ b/dirmngr/dirmngr.h
-@@ -91,7 +91,6 @@ struct
- program. */
-
- int running_detached; /* We are running in detached mode. */
-- int use_tor; /* Tor mode has been enabled. */
- int allow_version_check; /* --allow-version-check is active. */
-
- int force; /* Force loading outdated CRLs. */
-@@ -191,7 +190,7 @@ void dirmngr_init_default_ctrl (ctrl_t ctrl);
- void dirmngr_deinit_default_ctrl (ctrl_t ctrl);
- void dirmngr_sighup_action (void);
- const char* dirmngr_get_current_socket_name (void);
--
-+int dirmngr_use_tor (void);
-
- /*-- Various housekeeping functions. --*/
- void ks_hkp_reload (void);
-diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
-index ad19fc2ce..52f011a00 100644
---- a/dirmngr/dns-stuff.c
-+++ b/dirmngr/dns-stuff.c
-@@ -222,6 +222,14 @@ enable_dns_tormode (int new_circuit)
- }
-
-
-+/* Disable tor mode. */
-+void
-+disable_dns_tormode (void)
-+{
-+ tor_mode = 0;
-+}
-+
-+
- /* Set verbosity and debug mode for this module. */
- void
- set_dns_verbose (int verbose, int debug)
-diff --git a/dirmngr/dns-stuff.h b/dirmngr/dns-stuff.h
-index 9eb97fd6a..9b8303c3b 100644
---- a/dirmngr/dns-stuff.h
-+++ b/dirmngr/dns-stuff.h
-@@ -120,6 +120,7 @@ int recursive_resolver_p (void);
- /* Put this module eternally into Tor mode. When called agained with
- * NEW_CIRCUIT request a new TOR circuit for the next DNS query. */
- void enable_dns_tormode (int new_circuit);
-+void disable_dns_tormode (void);
-
- /* Change the default IP address of the nameserver to IPADDR. The
- address needs to be a numerical IP address and will be used for the
-diff --git a/dirmngr/ks-engine-finger.c b/dirmngr/ks-engine-finger.c
-index 114f2e9ac..811b72de4 100644
---- a/dirmngr/ks-engine-finger.c
-+++ b/dirmngr/ks-engine-finger.c
-@@ -83,7 +83,7 @@ ks_finger_fetch (ctrl_t ctrl, parsed_uri_t uri, estream_t *r_fp)
- *server++ = 0;
-
- err = http_raw_connect (&http, server, 79,
-- ((opt.use_tor? HTTP_FLAG_FORCE_TOR : 0)
-+ ((dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR : 0)
- | (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)),
- NULL);
- if (err)
-diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
-index 858cd2f26..be8b08333 100644
---- a/dirmngr/ks-engine-hkp.c
-+++ b/dirmngr/ks-engine-hkp.c
-@@ -285,7 +285,7 @@ tor_not_running_p (ctrl_t ctrl)
- {
- assuan_fd_t sock;
-
-- if (!opt.use_tor)
-+ if (!dirmngr_use_tor ())
- return 0;
-
- sock = assuan_sock_connect_byname (NULL, 0, 0, NULL, ASSUAN_SOCK_TOR);
-@@ -1088,7 +1088,7 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
- /* fixme: AUTH */ NULL,
- (httpflags
- |(opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
-- |(opt.use_tor? HTTP_FLAG_FORCE_TOR:0)
-+ |(dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR:0)
- |(opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)),
- ctrl->http_proxy,
- session,
-@@ -1245,7 +1245,7 @@ handle_send_request_error (ctrl_t ctrl, gpg_error_t err, const char *request,
- break;
-
- case GPG_ERR_EACCES:
-- if (opt.use_tor)
-+ if (dirmngr_use_tor ())
- {
- log_info ("(Tor configuration problem)\n");
- dirmngr_status (ctrl, "WARNING", "tor_config_problem 0",
-diff --git a/dirmngr/ks-engine-http.c b/dirmngr/ks-engine-http.c
-index dbbf4bb79..69642ff98 100644
---- a/dirmngr/ks-engine-http.c
-+++ b/dirmngr/ks-engine-http.c
-@@ -88,7 +88,7 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
- /* httphost */ NULL,
- /* fixme: AUTH */ NULL,
- ((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
-- | (opt.use_tor? HTTP_FLAG_FORCE_TOR:0)
-+ | (dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR:0)
- | (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)),
- ctrl->http_proxy,
- session,
-diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c
-index 6d520e98e..b7aa7cc65 100644
---- a/dirmngr/ks-engine-ldap.c
-+++ b/dirmngr/ks-engine-ldap.c
-@@ -850,7 +850,7 @@ ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec,
-
- (void) ctrl;
-
-- if (opt.use_tor)
-+ if (dirmngr_use_tor ())
- {
- /* For now we do not support LDAP over Tor. */
- log_error (_("LDAP access not possible due to Tor mode\n"));
-@@ -1033,7 +1033,7 @@ ks_ldap_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
-
- (void) ctrl;
-
-- if (opt.use_tor)
-+ if (dirmngr_use_tor ())
- {
- /* For now we do not support LDAP over Tor. */
- log_error (_("LDAP access not possible due to Tor mode\n"));
-@@ -1909,7 +1909,7 @@ ks_ldap_put (ctrl_t ctrl, parsed_uri_t uri,
- /* Elide a warning. */
- (void) ctrl;
-
-- if (opt.use_tor)
-+ if (dirmngr_use_tor ())
- {
- /* For now we do not support LDAP over Tor. */
- log_error (_("LDAP access not possible due to Tor mode\n"));
-diff --git a/dirmngr/ocsp.c b/dirmngr/ocsp.c
-index b46c78567..aff8e3288 100644
---- a/dirmngr/ocsp.c
-+++ b/dirmngr/ocsp.c
-@@ -132,7 +132,7 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md,
-
- (void)ctrl;
-
-- if (opt.use_tor)
-+ if (dirmngr_use_tor ())
- {
- /* For now we do not allow OCSP via Tor due to possible privacy
- concerns. Needs further research. */
-@@ -174,7 +174,7 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md,
- once_more:
- err = http_open (&http, HTTP_REQ_POST, url, NULL, NULL,
- ((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
-- | (opt.use_tor? HTTP_FLAG_FORCE_TOR:0)
-+ | (dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR:0)
- | (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)),
- ctrl->http_proxy, NULL, NULL, NULL);
- if (err)
-diff --git a/dirmngr/server.c b/dirmngr/server.c
-index c9c4ad437..bca3a61e4 100644
---- a/dirmngr/server.c
-+++ b/dirmngr/server.c
-@@ -625,7 +625,7 @@ option_handler (assuan_context_t ctx, const char *key, const char *value)
- else if (!strcmp (key, "honor-keyserver-url-used"))
- {
- /* Return an error if we are running in Tor mode. */
-- if (opt.use_tor)
-+ if (dirmngr_use_tor ())
- err = gpg_error (GPG_ERR_FORBIDDEN);
- }
- else
-@@ -2338,14 +2338,18 @@ cmd_getinfo (assuan_context_t ctx, char *line)
- }
- else if (!strcmp (line, "tor"))
- {
-- if (opt.use_tor)
-+ int use_tor;
-+
-+ use_tor = dirmngr_use_tor ();
-+ if (use_tor)
- {
- if (!is_tor_running (ctrl))
- err = assuan_write_status (ctx, "NO_TOR", "Tor not running");
- else
- err = 0;
- if (!err)
-- assuan_set_okay_line (ctx, "- Tor mode is enabled");
-+ assuan_set_okay_line (ctx, use_tor == 1 ? "- Tor mode is enabled"
-+ /**/ : "- Tor mode is enforced");
- }
- else
- err = set_error (GPG_ERR_FALSE, "Tor mode is NOT enabled");
diff --git a/debian/patches/0020-gpg-Remove-period-at-end-of-warning.patch b/debian/patches/0020-gpg-Remove-period-at-end-of-warning.patch
deleted file mode 100644
index 247ff44..0000000
--- a/debian/patches/0020-gpg-Remove-period-at-end-of-warning.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From: "Neal H. Walfield" <neal at g10code.com>
-Date: Fri, 6 Jan 2017 11:51:08 +0100
-Subject: gpg: Remove period at end of warning.
-
-* g10/tofu.c (tofu_register_encryption): Remove period at end of
-warning.
-
-Signed-off-by: Neal H. Walfield <neal at g10code.com>
-(cherry picked from commit 6f9d8a956b2ca0f5a0eb7acc656fc17af2f2de47)
----
- g10/tofu.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/g10/tofu.c b/g10/tofu.c
-index 8d535fa6c..149a18545 100644
---- a/g10/tofu.c
-+++ b/g10/tofu.c
-@@ -3480,7 +3480,7 @@ tofu_register_encryption (ctrl_t ctrl,
-
- if (! user_id_list)
- log_info (_("WARNING: Encrypting to %s, which has no "
-- "non-revoked user ids.\n"),
-+ "non-revoked user ids\n"),
- keystr (pk->keyid));
- }
-
diff --git a/debian/patches/0021-gpg-Add-newline-to-output.patch b/debian/patches/0021-gpg-Add-newline-to-output.patch
deleted file mode 100644
index b79c546..0000000
--- a/debian/patches/0021-gpg-Add-newline-to-output.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From: "Neal H. Walfield" <neal at g10code.com>
-Date: Thu, 2 Feb 2017 11:00:51 +0100
-Subject: gpg: Add newline to output.
-
-* g10/tofu.c (ask_about_binding): Add newline to output.
-
-Signed-off-by: Neal H. Walfield <neal at g10code.com>
-(cherry picked from commit 74268180e5a3acc827f3a369f1fe5971f3bbe285)
----
- g10/tofu.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/g10/tofu.c b/g10/tofu.c
-index 149a18545..9f5f40694 100644
---- a/g10/tofu.c
-+++ b/g10/tofu.c
-@@ -1969,7 +1969,7 @@ ask_about_binding (ctrl_t ctrl,
- else if (!response[0])
- /* Default to unknown. Don't save it. */
- {
-- tty_printf (_("Defaulting to unknown."));
-+ tty_printf (_("Defaulting to unknown.\n"));
- *policy = TOFU_POLICY_UNKNOWN;
- break;
- }
diff --git a/debian/patches/0022-gpg-Only-print-out-TOFU-statistics-for-conflicts-in-.patch b/debian/patches/0022-gpg-Only-print-out-TOFU-statistics-for-conflicts-in-.patch
deleted file mode 100644
index d8b5d79..0000000
--- a/debian/patches/0022-gpg-Only-print-out-TOFU-statistics-for-conflicts-in-.patch
+++ /dev/null
@@ -1,187 +0,0 @@
-From: "Neal H. Walfield" <neal at g10code.com>
-Date: Thu, 2 Feb 2017 13:24:57 +0100
-Subject: gpg: Only print out TOFU statistics for conflicts in interactive mode
-
-* g10/tofu.c (get_trust): Add arguments POLICYP and CONFLICT_SETP. If
-they are not NULL, return the policy and conflict set (if there is
-one), respectively. Update callers. If MAY_ASK is FALSE, don't print
-out the statistics.
-(tofu_register_encryption): If there is a conflict and we haven't yet
-printed the statistics about the conflicting bindings, do so now.
-(tofu_get_validity): Likewise.
-
-Signed-off-by: Neal H. Walfield <neal at g10code.com>
-GnuPG-bug-id: 2914
-(cherry picked from commit 027b81b35fe36692005b8dba22d9eb2db05e8c80)
----
- g10/tofu.c | 83 +++++++++++++++++++++++++++++++++++++++++++++++++++-----------
- 1 file changed, 69 insertions(+), 14 deletions(-)
-
-diff --git a/g10/tofu.c b/g10/tofu.c
-index 9f5f40694..fc03c5a7d 100644
---- a/g10/tofu.c
-+++ b/g10/tofu.c
-@@ -2644,7 +2644,9 @@ get_policy (tofu_dbs_t dbs, PKT_public_key *pk,
- static enum tofu_policy
- get_trust (ctrl_t ctrl, PKT_public_key *pk,
- const char *fingerprint, const char *email,
-- const char *user_id, int may_ask, time_t now)
-+ const char *user_id, int may_ask,
-+ enum tofu_policy *policyp, strlist_t *conflict_setp,
-+ time_t now)
- {
- tofu_dbs_t dbs = ctrl->tofu.dbs;
- int in_transaction = 0;
-@@ -2683,6 +2685,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
- if (tdb_keyid_is_utk (kid))
- {
- trust_level = TRUST_ULTIMATE;
-+ policy = TOFU_POLICY_GOOD;
- goto out;
- }
- }
-@@ -2690,7 +2693,8 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
- begin_transaction (ctrl, 0);
- in_transaction = 1;
-
-- policy = get_policy (dbs, pk, fingerprint, user_id, email, &conflict_set, now);
-+ policy = get_policy (dbs, pk, fingerprint, user_id, email,
-+ &conflict_set, now);
- if (policy == TOFU_POLICY_AUTO)
- {
- policy = opt.tofu_default_policy;
-@@ -2758,10 +2762,6 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
- }
- else
- {
-- for (iter = conflict_set; iter; iter = iter->next)
-- show_statistics (dbs, iter->d, email,
-- TOFU_POLICY_ASK, NULL, 1, now);
--
- trust_level = TRUST_UNDEFINED;
- }
-
-@@ -2807,7 +2807,13 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
- if (in_transaction)
- end_transaction (ctrl, 0);
-
-- free_strlist (conflict_set);
-+ if (policyp)
-+ *policyp = policy;
-+
-+ if (conflict_setp)
-+ *conflict_setp = conflict_set;
-+ else
-+ free_strlist (conflict_set);
-
- return trust_level;
- }
-@@ -3326,7 +3332,8 @@ tofu_register_signature (ctrl_t ctrl,
-
- /* Make sure the binding exists and record any TOFU
- conflicts. */
-- if (get_trust (ctrl, pk, fingerprint, email, user_id->d, 0, now)
-+ if (get_trust (ctrl, pk, fingerprint, email, user_id->d,
-+ 0, NULL, NULL, now)
- == _tofu_GET_TRUST_ERROR)
- {
- rc = gpg_error (GPG_ERR_GENERAL);
-@@ -3492,11 +3499,13 @@ tofu_register_encryption (ctrl_t ctrl,
- for (user_id = user_id_list; user_id; user_id = user_id->next)
- {
- char *email = email_from_user_id (user_id->d);
-+ strlist_t conflict_set = NULL;
-+ enum tofu_policy policy;
-
- /* Make sure the binding exists and that we recognize any
- conflicts. */
- int tl = get_trust (ctrl, pk, fingerprint, email, user_id->d,
-- may_ask, now);
-+ may_ask, &policy, &conflict_set, now);
- if (tl == _tofu_GET_TRUST_ERROR)
- {
- /* An error. */
-@@ -3505,6 +3514,28 @@ tofu_register_encryption (ctrl_t ctrl,
- goto die;
- }
-
-+
-+ /* If there is a conflict and MAY_ASK is true, we need to show
-+ * the TOFU statistics for the current binding and the
-+ * conflicting bindings. But, if we are not in batch mode, then
-+ * they have already been printed (this is required to make sure
-+ * the information is available to the caller before cpr_get is
-+ * called). */
-+ if (policy == TOFU_POLICY_ASK && may_ask && opt.batch)
-+ {
-+ strlist_t iter;
-+
-+ /* The conflict set should contain at least the current
-+ * key. */
-+ log_assert (conflict_set);
-+
-+ for (iter = conflict_set; iter; iter = iter->next)
-+ show_statistics (dbs, iter->d, email,
-+ TOFU_POLICY_ASK, NULL, 1, now);
-+ }
-+
-+ free_strlist (conflict_set);
-+
- rc = gpgsql_stepx
- (dbs->db, &dbs->s.register_encryption, NULL, NULL, &err,
- "insert into encryptions\n"
-@@ -3681,11 +3712,13 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list,
- for (user_id = user_id_list; user_id; user_id = user_id->next, bindings ++)
- {
- char *email = email_from_user_id (user_id->d);
-+ strlist_t conflict_set = NULL;
-+ enum tofu_policy policy;
-
- /* Always call get_trust to make sure the binding is
- registered. */
- int tl = get_trust (ctrl, pk, fingerprint, email, user_id->d,
-- may_ask, now);
-+ may_ask, &policy, &conflict_set, now);
- if (tl == _tofu_GET_TRUST_ERROR)
- {
- /* An error. */
-@@ -3708,13 +3741,35 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list,
-
- if (may_ask && tl != TRUST_ULTIMATE && tl != TRUST_EXPIRED)
- {
-- enum tofu_policy policy =
-- get_policy (dbs, pk, fingerprint, user_id->d, email, NULL, now);
-+ /* If policy is ask, then we already printed out the
-+ * conflict information in ask_about_binding or will do so
-+ * in a moment. */
-+ if (policy != TOFU_POLICY_ASK)
-+ need_warning |=
-+ show_statistics (dbs, fingerprint, email, policy, NULL, 0, now);
-+
-+ /* If there is a conflict and MAY_ASK is true, we need to
-+ * show the TOFU statistics for the current binding and the
-+ * conflicting bindings. But, if we are not in batch mode,
-+ * then they have already been printed (this is required to
-+ * make sure the information is available to the caller
-+ * before cpr_get is called). */
-+ if (policy == TOFU_POLICY_ASK && opt.batch)
-+ {
-+ strlist_t iter;
-
-- need_warning |=
-- show_statistics (dbs, fingerprint, email, policy, NULL, 0, now);
-+ /* The conflict set should contain at least the current
-+ * key. */
-+ log_assert (conflict_set);
-+
-+ for (iter = conflict_set; iter; iter = iter->next)
-+ show_statistics (dbs, iter->d, email,
-+ TOFU_POLICY_ASK, NULL, 1, now);
-+ }
- }
-
-+ free_strlist (conflict_set);
-+
- if (tl == TRUST_NEVER)
- trust_level = TRUST_NEVER;
- else if (tl == TRUST_EXPIRED)
diff --git a/debian/patches/0023-gpg-If-there-is-a-TOFU-conflict-elide-the-too-few-me.patch b/debian/patches/0023-gpg-If-there-is-a-TOFU-conflict-elide-the-too-few-me.patch
deleted file mode 100644
index 2ae2abe..0000000
--- a/debian/patches/0023-gpg-If-there-is-a-TOFU-conflict-elide-the-too-few-me.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From: "Neal H. Walfield" <neal at g10code.com>
-Date: Thu, 2 Feb 2017 13:26:17 +0100
-Subject: gpg: If there is a TOFU conflict, elide the too few message warning.
-
-* g10/tofu.c (tofu_get_validity): If there was a conflict, don't also
-print out a warning about too few messages.
-
-Signed-off-by: Neal H. Walfield <neal at g10code.com>
-(cherry picked from commit a08c781739e7561093f32b732c4991f2bd817ec2)
----
- g10/tofu.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/g10/tofu.c b/g10/tofu.c
-index fc03c5a7d..41bdd5f30 100644
---- a/g10/tofu.c
-+++ b/g10/tofu.c
-@@ -3694,6 +3694,7 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list,
- int bindings = 0;
- int bindings_valid = 0;
- int need_warning = 0;
-+ int had_conflict = 0;
-
- dbs = opendbs (ctrl);
- if (! dbs)
-@@ -3762,6 +3763,7 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list,
- * key. */
- log_assert (conflict_set);
-
-+ had_conflict = 1;
- for (iter = conflict_set; iter; iter = iter->next)
- show_statistics (dbs, iter->d, email,
- TOFU_POLICY_ASK, NULL, 1, now);
-@@ -3794,7 +3796,7 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list,
- xfree (email);
- }
-
-- if (need_warning)
-+ if (need_warning && ! had_conflict)
- show_warning (fingerprint, user_id_list);
-
- die:
diff --git a/debian/patches/0024-gpg-Ensure-TOFU-bindings-associated-with-UTKs-are-re.patch b/debian/patches/0024-gpg-Ensure-TOFU-bindings-associated-with-UTKs-are-re.patch
deleted file mode 100644
index 42d257e..0000000
--- a/debian/patches/0024-gpg-Ensure-TOFU-bindings-associated-with-UTKs-are-re.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From: "Neal H. Walfield" <neal at g10code.com>
-Date: Thu, 2 Feb 2017 14:24:38 +0100
-Subject: gpg: Ensure TOFU bindings associated with UTKs are registered as
- usual
-
-* g10/tofu.c (get_trust): Call get_policy before short-circuiting the
-policy lookup for ultimately trusted keys to make sure the binding is
-added to the bindings table, if necessary.
-
-Signed-off-by: Neal H. Walfield <neal at g10code.com>
-GnuPG-bug-id: 2929
-(cherry picked from commit 769272ba87f282a69e8d5f9bb27c86e6bec4496b)
----
- g10/tofu.c | 19 +++++++++++++------
- 1 file changed, 13 insertions(+), 6 deletions(-)
-
-diff --git a/g10/tofu.c b/g10/tofu.c
-index 41bdd5f30..85347bb74 100644
---- a/g10/tofu.c
-+++ b/g10/tofu.c
-@@ -2306,7 +2306,11 @@ build_conflict_set (tofu_dbs_t dbs,
- /* Return the effective policy for the binding <FINGERPRINT, EMAIL>
- * (email has already been normalized) and any conflict information in
- * *CONFLICT_SETP, if CONFLICT_SETP is not NULL. Returns
-- * _tofu_GET_POLICY_ERROR if an error occurs. */
-+ * _tofu_GET_POLICY_ERROR if an error occurs.
-+ *
-+ * This function registers the binding in the bindings table if it has
-+ * not yet been registered.
-+ */
- static enum tofu_policy
- get_policy (tofu_dbs_t dbs, PKT_public_key *pk,
- const char *fingerprint, const char *user_id, const char *email,
-@@ -2677,6 +2681,14 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
- && _tofu_GET_TRUST_ERROR != TRUST_FULLY
- && _tofu_GET_TRUST_ERROR != TRUST_ULTIMATE);
-
-+ begin_transaction (ctrl, 0);
-+ in_transaction = 1;
-+
-+ /* We need to call get_policy even if the key is ultimately trusted
-+ * to make sure the binding has been registered. */
-+ policy = get_policy (dbs, pk, fingerprint, user_id, email,
-+ &conflict_set, now);
-+
- /* If the key is ultimately trusted, there is nothing to do. */
- {
- u32 kid[2];
-@@ -2690,11 +2702,6 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
- }
- }
-
-- begin_transaction (ctrl, 0);
-- in_transaction = 1;
--
-- policy = get_policy (dbs, pk, fingerprint, user_id, email,
-- &conflict_set, now);
- if (policy == TOFU_POLICY_AUTO)
- {
- policy = opt.tofu_default_policy;
diff --git a/debian/patches/0025-gpg-Don-t-assume-that-strtoul-interprets-as-0.patch b/debian/patches/0025-gpg-Don-t-assume-that-strtoul-interprets-as-0.patch
deleted file mode 100644
index b92a49f..0000000
--- a/debian/patches/0025-gpg-Don-t-assume-that-strtoul-interprets-as-0.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From: "Neal H. Walfield" <neal at g10code.com>
-Date: Thu, 2 Feb 2017 15:48:45 +0100
-Subject: gpg: Don't assume that strtoul interprets "" as 0.
-
-* g10/tofu.c (show_statistics): If there are not records, return 0
-instead of NULL.
-
---
-Signed-off-by: Neal H. Walfield <neal at g10code.com>
-GnuPG-bug-id: 2853
-
-According to SUSv3:
-
- If the subject sequence is empty or does not have the expected form,
- no conversion is performed
- ...
- If no conversion could be performed, 0 is returned and errno may be
- set to [EINVAL].
-
- http://pubs.opengroup.org/onlinepubs/007908799/xsh/strtol.html
-
-It appears that MacOS X sets errno to EINVAL, but glibc doesn't.
-Hence, we map NULL to 0 explicitly.
-
-(cherry picked from commit 407f5f9baea5591f148974240a87dfb43e5efef3)
----
- g10/tofu.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/g10/tofu.c b/g10/tofu.c
-index 85347bb74..449e921b6 100644
---- a/g10/tofu.c
-+++ b/g10/tofu.c
-@@ -2983,7 +2983,8 @@ show_statistics (tofu_dbs_t dbs,
- /* Get the signature stats. */
- rc = gpgsql_exec_printf
- (dbs->db, strings_collect_cb, &strlist, &err,
-- "select count (*), min (signatures.time), max (signatures.time)\n"
-+ "select count (*), coalesce (min (signatures.time), 0),\n"
-+ " coalesce (max (signatures.time), 0)\n"
- " from signatures\n"
- " left join bindings on signatures.binding = bindings.oid\n"
- " where fingerprint = %Q and email = %Q;",
-@@ -3036,7 +3037,8 @@ show_statistics (tofu_dbs_t dbs,
- /* Get the encryption stats. */
- rc = gpgsql_exec_printf
- (dbs->db, strings_collect_cb, &strlist, &err,
-- "select count (*), min (encryptions.time), max (encryptions.time)\n"
-+ "select count (*), coalesce (min (encryptions.time), 0),\n"
-+ " coalesce (max (encryptions.time), 0)\n"
- " from encryptions\n"
- " left join bindings on encryptions.binding = bindings.oid\n"
- " where fingerprint = %Q and email = %Q;",
diff --git a/debian/patches/0026-gpg-More-diagnostics-for-a-launched-pinentry.patch b/debian/patches/0026-gpg-More-diagnostics-for-a-launched-pinentry.patch
deleted file mode 100644
index 7fe05e5..0000000
--- a/debian/patches/0026-gpg-More-diagnostics-for-a-launched-pinentry.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-From: Werner Koch <wk at gnupg.org>
-Date: Fri, 3 Feb 2017 12:04:52 +0100
-Subject: gpg: More diagnostics for a launched pinentry.
-
-* agent/call-pinentry.c (start_pinentry): Call getinfo/ttyinfo.
-* g10/server.c (gpg_proxy_pinentry_notify): Simplify the output so
-that we do not change the code when adding new fields to
-PINENTRY_LAUNCHED.
---
-
-This patch changes the --verbose output of gpg to show
-for example
-
- gpg: pinentry launched (5228 gtk2 1.0.1-beta10 \
- /dev/pts/4 xterm localhost:10.0)
-
-the used tty, its type, and the value of DISPLAY in addiion to the
-pid, flavor, and version.
-
-Signed-off-by: Werner Koch <wk at gnupg.org>
-(cherry picked from commit 7052a0d77cf8f3a445b252a809d29be445788625)
----
- agent/call-pinentry.c | 6 +++++-
- g10/server.c | 19 ++++++++-----------
- 2 files changed, 13 insertions(+), 12 deletions(-)
-
-diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c
-index fa00bf921..2bebee205 100644
---- a/agent/call-pinentry.c
-+++ b/agent/call-pinentry.c
-@@ -541,7 +541,7 @@ start_pinentry (ctrl_t ctrl)
- }
-
-
-- /* Ask the pinentry for its version and flavor and streo that as a
-+ /* Ask the pinentry for its version and flavor and store that as a
- * string in MB. This information is useful for helping users to
- * figure out Pinentry problems. */
- {
-@@ -555,6 +555,10 @@ start_pinentry (ctrl_t ctrl)
- if (assuan_transact (entry_ctx, "GETINFO version",
- put_membuf_cb, &mb, NULL, NULL, NULL, NULL))
- put_membuf_str (&mb, "unknown");
-+ put_membuf_str (&mb, " ");
-+ if (assuan_transact (entry_ctx, "GETINFO ttyinfo",
-+ put_membuf_cb, &mb, NULL, NULL, NULL, NULL))
-+ put_membuf_str (&mb, "? ? ?");
- put_membuf (&mb, "", 1);
- flavor_version = get_membuf (&mb, NULL);
- }
-diff --git a/g10/server.c b/g10/server.c
-index b89f0be69..e3a3bad22 100644
---- a/g10/server.c
-+++ b/g10/server.c
-@@ -770,18 +770,15 @@ gpg_server (ctrl_t ctrl)
- gpg_error_t
- gpg_proxy_pinentry_notify (ctrl_t ctrl, const unsigned char *line)
- {
-- if (opt.verbose)
-- {
-- char *linecopy = xtrystrdup (line);
-- char *fields[4];
--
-- if (linecopy
-- && split_fields (linecopy, fields, DIM (fields)) >= 4
-- && !strcmp (fields[0], "PINENTRY_LAUNCHED"))
-- log_info (_("pinentry launched (pid %s, flavor %s, version %s)\n"),
-- fields[1], fields[2], fields[3]);
-+ const char *s;
-
-- xfree (linecopy);
-+ if (opt.verbose
-+ && !strncmp (line, "PINENTRY_LAUNCHED", 17)
-+ && (line[17]==' '||!line[17]))
-+ {
-+ for (s = line + 17; *s && spacep (s); s++)
-+ ;
-+ log_info (_("pinentry launched (%s)\n"), s);
- }
-
- if (!ctrl || !ctrl->server_local
diff --git a/debian/patches/0027-doc-Clarify-abbreviation-of-help.patch b/debian/patches/0027-doc-Clarify-abbreviation-of-help.patch
deleted file mode 100644
index 6d08d4b..0000000
--- a/debian/patches/0027-doc-Clarify-abbreviation-of-help.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-Date: Sat, 4 Feb 2017 01:28:08 -0500
-Subject: doc: Clarify abbreviation of --help.
-
-* doc/gpg.texi: clarify abbreviation of --help.
-
-Debian-bug-id: 852979
-Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
-(cherry picked from commit f2b276dffbe2435b17abf2b3c51684d3636f3f11)
----
- doc/gpg.texi | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/doc/gpg.texi b/doc/gpg.texi
-index 8e1a5e6fc..b79b78334 100644
---- a/doc/gpg.texi
-+++ b/doc/gpg.texi
-@@ -141,7 +141,8 @@ cannot abbreviate this command.
- @itemx -h
- @opindex help
- Print a usage message summarizing the most useful command-line options.
--Note that you cannot abbreviate this command.
-+Note that you cannot arbitrarily abbreviate this command
-+(though you can use its short form @option{-h}).
-
- @item --warranty
- @opindex warranty
diff --git a/debian/patches/0028-scd-Backport-two-fixes-from-master.patch b/debian/patches/0028-scd-Backport-two-fixes-from-master.patch
deleted file mode 100644
index 2193f94..0000000
--- a/debian/patches/0028-scd-Backport-two-fixes-from-master.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Sun, 5 Feb 2017 08:34:08 +0900
-Subject: scd: Backport two fixes from master.
-
-* scd/app.c (app_new_register): Initialize by -1, so that it can detect
-an error correctly when card reader can't power-on the card initially.
-* scd/command.c (open_card_with_request): Release APP before the scan.
-
---
-The first one-liner patch handles an erroneous card.
-
-The second patch handles the case when we repeatedly do
-signing/decrypting by a single session of scdaemon.
-
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- scd/app.c | 1 +
- scd/command.c | 5 +++++
- 2 files changed, 6 insertions(+)
-
-diff --git a/scd/app.c b/scd/app.c
-index b10a452d6..989e0c060 100644
---- a/scd/app.c
-+++ b/scd/app.c
-@@ -192,6 +192,7 @@ app_new_register (int slot, ctrl_t ctrl, const char *name)
- }
-
- app->slot = slot;
-+ app->card_status = (unsigned int)-1;
-
- if (npth_mutex_init (&app->lock, NULL))
- {
-diff --git a/scd/command.c b/scd/command.c
-index 8c7ca20a6..0ae6d29aa 100644
---- a/scd/command.c
-+++ b/scd/command.c
-@@ -217,6 +217,7 @@ open_card_with_request (ctrl_t ctrl, const char *apptype, const char *serialno)
- gpg_error_t err;
- unsigned char *serialno_bin = NULL;
- size_t serialno_bin_len = 0;
-+ app_t app = ctrl->app_ctx;
-
- /* If we are already initialized for one specific application we
- need to check that the client didn't requested a specific
-@@ -224,6 +225,10 @@ open_card_with_request (ctrl_t ctrl, const char *apptype, const char *serialno)
- if (apptype && ctrl->app_ctx)
- return check_application_conflict (apptype, ctrl->app_ctx);
-
-+ /* Re-scan USB devices. Release APP, before the scan. */
-+ ctrl->app_ctx = NULL;
-+ release_application (app);
-+
- if (serialno)
- serialno_bin = hex_to_buffer (serialno, &serialno_bin_len);
-
diff --git a/debian/patches/0029-scd-Fix-use-case-of-PC-SC.patch b/debian/patches/0029-scd-Fix-use-case-of-PC-SC.patch
deleted file mode 100644
index a26360d..0000000
--- a/debian/patches/0029-scd-Fix-use-case-of-PC-SC.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Mon, 13 Feb 2017 11:09:13 +0900
-Subject: scd: Fix use case of PC/SC.
-
-* scd/apdu.c (apdu_open_reader): Add an argument APP_EMPTY.
-When CCID driver fails to open, try PC/SC if APP is nothing.
-* scd/app.c (select_application): Supply arg if APP is nothing.
-
---
-
-After scanning available card readers by CCID driver, scdaemon should
-try PC/SC service if no APP is registered yet. Also, when the slot
-is allocated for PC/SC (ccid.handle==NULL), it should not call
-ccid_compare_BAI, otherwise scdaemon crashes.
-
-Debian-bug-id: 852702, 854005, 854595, 854616
-
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
----
- scd/apdu.c | 14 +++++++++++---
- scd/apdu.h | 2 +-
- scd/app.c | 2 +-
- 3 files changed, 13 insertions(+), 5 deletions(-)
-
-diff --git a/scd/apdu.c b/scd/apdu.c
-index 38ebd2be5..149154cf3 100644
---- a/scd/apdu.c
-+++ b/scd/apdu.c
-@@ -3117,7 +3117,7 @@ apdu_open_one_reader (const char *portstr)
- }
-
- int
--apdu_open_reader (struct dev_list *dl)
-+apdu_open_reader (struct dev_list *dl, int app_empty)
- {
- int slot;
-
-@@ -3167,6 +3167,7 @@ apdu_open_reader (struct dev_list *dl)
- /* Check identity by BAI against already opened HANDLEs. */
- for (slot = 0; slot < MAX_READER; slot++)
- if (reader_table[slot].used
-+ && reader_table[slot].ccid.handle
- && ccid_compare_BAI (reader_table[slot].ccid.handle, bai))
- break;
-
-@@ -3191,12 +3192,19 @@ apdu_open_reader (struct dev_list *dl)
- dl->idx++;
- }
-
-- slot = -1;
-+ /* Not found. Try one for PC/SC, only when it's the initial scan. */
-+ if (app_empty && dl->idx == dl->idx_max)
-+ {
-+ dl->idx++;
-+ slot = apdu_open_one_reader (dl->portstr);
-+ }
-+ else
-+ slot = -1;
- }
- else
- #endif
- { /* PC/SC readers. */
-- if (dl->idx == 0)
-+ if (app_empty && dl->idx == 0)
- {
- dl->idx++;
- slot = apdu_open_one_reader (dl->portstr);
-diff --git a/scd/apdu.h b/scd/apdu.h
-index 473def518..6751e8c9b 100644
---- a/scd/apdu.h
-+++ b/scd/apdu.h
-@@ -91,7 +91,7 @@ gpg_error_t apdu_dev_list_start (const char *portstr, struct dev_list **l_p);
- void apdu_dev_list_finish (struct dev_list *l);
-
- /* Note, that apdu_open_reader returns no status word but -1 on error. */
--int apdu_open_reader (struct dev_list *l);
-+int apdu_open_reader (struct dev_list *l, int app_empty);
- int apdu_open_remote_reader (const char *portstr,
- const unsigned char *cookie, size_t length,
- int (*readfnc) (void *opaque,
-diff --git a/scd/app.c b/scd/app.c
-index 989e0c060..8fb0d4553 100644
---- a/scd/app.c
-+++ b/scd/app.c
-@@ -340,7 +340,7 @@ select_application (ctrl_t ctrl, const char *name, app_t *r_app,
- int slot;
- int sw;
-
-- slot = apdu_open_reader (l);
-+ slot = apdu_open_reader (l, !app_top);
- if (slot < 0)
- break;
-
diff --git a/debian/patches/0030-scd-Fix-factory-reset.patch b/debian/patches/0030-scd-Fix-factory-reset.patch
deleted file mode 100644
index 09951bb..0000000
--- a/debian/patches/0030-scd-Fix-factory-reset.patch
+++ /dev/null
@@ -1,353 +0,0 @@
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Fri, 17 Feb 2017 03:30:05 -0500
-Subject: scd: Fix factory-reset.
-
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
-
-Backport from master branch:
-
- 99d4dfe83
- e2792813a
- 031e3fa7b
----
- scd/app-common.h | 3 +-
- scd/app.c | 83 +++++++++++++++++++++++++++++++-------------------------
- scd/command.c | 6 ++--
- scd/scdaemon.c | 51 +++++++++++++++++++++++++++++++---
- scd/scdaemon.h | 1 +
- 5 files changed, 99 insertions(+), 45 deletions(-)
-
-diff --git a/scd/app-common.h b/scd/app-common.h
-index b979f5476..c7a057521 100644
---- a/scd/app-common.h
-+++ b/scd/app-common.h
-@@ -54,6 +54,7 @@ struct app_ctx_s {
- const char *apptype;
- unsigned int card_version;
- unsigned int card_status;
-+ unsigned int reset_requested:1;
- unsigned int require_get_status:1;
- unsigned int did_chv1:1;
- unsigned int force_chv1:1; /* True if the card does not cache CHV1. */
-@@ -134,7 +135,7 @@ gpg_error_t select_application (ctrl_t ctrl, const char *name, app_t *r_app,
- int scan, const unsigned char *serialno_bin,
- size_t serialno_bin_len);
- char *get_supported_applications (void);
--void release_application (app_t app);
-+void release_application (app_t app, int locked_already);
- gpg_error_t app_munge_serialno (app_t app);
- gpg_error_t app_write_learn_status (app_t app, ctrl_t ctrl,
- unsigned int flags);
-diff --git a/scd/app.c b/scd/app.c
-index 8fb0d4553..af86ab830 100644
---- a/scd/app.c
-+++ b/scd/app.c
-@@ -136,40 +136,32 @@ check_application_conflict (const char *name, app_t app)
- }
-
-
--static void
--release_application_internal (app_t app)
--{
-- if (!app->ref_count)
-- log_bug ("trying to release an already released context\n");
--
-- --app->ref_count;
--}
--
- gpg_error_t
- app_reset (app_t app, ctrl_t ctrl, int send_reset)
- {
-- gpg_error_t err;
--
-- err = lock_app (app, ctrl);
-- if (err)
-- return err;
-+ gpg_error_t err = 0;
-
- if (send_reset)
- {
-- int sw = apdu_reset (app->slot);
-+ int sw;
-+
-+ lock_app (app, ctrl);
-+ sw = apdu_reset (app->slot);
- if (sw)
- err = gpg_error (GPG_ERR_CARD_RESET);
-
-- /* Release the same application which is used by other sessions. */
-- send_client_notifications (app, 1);
-+ app->reset_requested = 1;
-+ unlock_app (app);
-+
-+ scd_kick_the_loop ();
-+ gnupg_sleep (1);
- }
- else
- {
- ctrl->app_ctx = NULL;
-- release_application_internal (app);
-+ release_application (app, 0);
- }
-
-- unlock_app (app);
- return err;
- }
-
-@@ -465,6 +457,8 @@ deallocate_app (app_t app)
- }
-
- xfree (app->serialno);
-+
-+ unlock_app (app);
- xfree (app);
- }
-
-@@ -474,7 +468,7 @@ deallocate_app (app_t app)
- actually deferring the deallocation to allow for a later reuse by
- a new connection. */
- void
--release_application (app_t app)
-+release_application (app_t app, int locked_already)
- {
- if (!app)
- return;
-@@ -484,9 +478,15 @@ release_application (app_t app)
- is using the card - this way the PIN cache and other cached data
- are preserved. */
-
-- lock_app (app, NULL);
-- release_application_internal (app);
-- unlock_app (app);
-+ if (!locked_already)
-+ lock_app (app, NULL);
-+
-+ if (!app->ref_count)
-+ log_bug ("trying to release an already released context\n");
-+
-+ --app->ref_count;
-+ if (!locked_already)
-+ unlock_app (app);
- }
-
-
-@@ -1023,11 +1023,16 @@ scd_update_reader_status_file (void)
- npth_mutex_lock (&app_list_lock);
- for (a = app_top; a; a = app_next)
- {
-+ unsigned int status;
-+
-+ lock_app (a, NULL);
- app_next = a->next;
-- if (a->require_get_status)
-+
-+ if (a->reset_requested)
-+ status = 0;
-+ else
- {
- int sw;
-- unsigned int status;
- sw = apdu_get_status (a->slot, 0, &status);
-
- if (sw == SW_HOST_NO_READER)
-@@ -1038,22 +1043,26 @@ scd_update_reader_status_file (void)
- else if (sw)
- {
- /* Get status failed. Ignore that. */
-+ unlock_app (a);
- continue;
- }
-+ }
-+
-+ if (a->card_status != status)
-+ {
-+ report_change (a->slot, a->card_status, status);
-+ send_client_notifications (a, status == 0);
-
-- if (a->card_status != status)
-+ if (status == 0)
-+ {
-+ log_debug ("Removal of a card: %d\n", a->slot);
-+ apdu_close_reader (a->slot);
-+ deallocate_app (a);
-+ }
-+ else
- {
-- report_change (a->slot, a->card_status, status);
-- send_client_notifications (a, status == 0);
--
-- if (status == 0)
-- {
-- log_debug ("Removal of a card: %d\n", a->slot);
-- apdu_close_reader (a->slot);
-- deallocate_app (a);
-- }
-- else
-- a->card_status = status;
-+ a->card_status = status;
-+ unlock_app (a);
- }
- }
- }
-diff --git a/scd/command.c b/scd/command.c
-index 0ae6d29aa..b17c4a109 100644
---- a/scd/command.c
-+++ b/scd/command.c
-@@ -227,7 +227,7 @@ open_card_with_request (ctrl_t ctrl, const char *apptype, const char *serialno)
-
- /* Re-scan USB devices. Release APP, before the scan. */
- ctrl->app_ctx = NULL;
-- release_application (app);
-+ release_application (app, 0);
-
- if (serialno)
- serialno_bin = hex_to_buffer (serialno, &serialno_bin_len);
-@@ -1492,7 +1492,7 @@ cmd_restart (assuan_context_t ctx, char *line)
- if (app)
- {
- ctrl->app_ctx = NULL;
-- release_application (app);
-+ release_application (app, 0);
- }
- if (locked_session && ctrl->server_local == locked_session)
- {
-@@ -1919,7 +1919,7 @@ send_client_notifications (app_t app, int removal)
- {
- sl->ctrl_backlink->app_ctx = NULL;
- sl->card_removed = 1;
-- release_application (app);
-+ release_application (app, 1);
- }
-
- if (!sl->event_signal || !sl->assuan_ctx)
-diff --git a/scd/scdaemon.c b/scd/scdaemon.c
-index 74fed4454..02f0e7221 100644
---- a/scd/scdaemon.c
-+++ b/scd/scdaemon.c
-@@ -52,6 +52,7 @@
- #include "ccid-driver.h"
- #include "gc-opt-flags.h"
- #include "asshelp.h"
-+#include "exechelp.h"
- #include "../common/init.h"
-
- #ifndef ENAMETOOLONG
-@@ -224,7 +225,8 @@ static assuan_sock_nonce_t socket_nonce;
- disabled but it won't perform any ticker specific actions. */
- static int ticker_disabled;
-
--
-+/* FD to notify update of usb devices. */
-+static int notify_fd;
-
- static char *create_socket_name (char *standard_name);
- static gnupg_fd_t create_server_socket (const char *name,
-@@ -1181,6 +1183,16 @@ start_connection_thread (void *arg)
- }
-
-
-+void
-+scd_kick_the_loop (void)
-+{
-+ int ret;
-+
-+ /* Kick the select loop. */
-+ ret = write (notify_fd, "", 1);
-+ (void)ret;
-+}
-+
- /* Connection handler loop. Wait for connection requests and spawn a
- thread after accepting a connection. LISTEN_FD is allowed to be -1
- in which case this code will only do regular timeouts and handle
-@@ -1202,9 +1214,23 @@ handle_connections (int listen_fd)
- #ifndef HAVE_W32_SYSTEM
- int signo;
- #endif
-+ int pipe_fd[2];
-+
-+ ret = gnupg_create_pipe (pipe_fd);
-+ if (ret)
-+ {
-+ log_error ("pipe creation failed: %s\n", gpg_strerror (ret));
-+ return;
-+ }
-+ notify_fd = pipe_fd[1];
-
- ret = npth_attr_init(&tattr);
-- /* FIXME: Check error. */
-+ if (ret)
-+ {
-+ log_error ("npth_attr_init failed: %s\n", strerror (ret));
-+ return;
-+ }
-+
- npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
-
- #ifndef HAVE_W32_SYSTEM
-@@ -1233,6 +1259,8 @@ handle_connections (int listen_fd)
-
- for (;;)
- {
-+ int max_fd;
-+
- if (shutdown_pending)
- {
- if (active_connections == 0)
-@@ -1261,14 +1289,20 @@ handle_connections (int listen_fd)
- thus a simple assignment is fine to copy the entire set. */
- read_fdset = fdset;
-
-+ FD_SET (pipe_fd[0], &read_fdset);
-+ if (nfd < pipe_fd[0])
-+ max_fd = pipe_fd[0];
-+ else
-+ max_fd = nfd;
-+
- #ifndef HAVE_W32_SYSTEM
-- ret = npth_pselect (nfd+1, &read_fdset, NULL, NULL, &timeout, npth_sigev_sigmask());
-+ ret = npth_pselect (max_fd+1, &read_fdset, NULL, NULL, &timeout, npth_sigev_sigmask());
- saved_errno = errno;
-
- while (npth_sigev_get_pending(&signo))
- handle_signal (signo);
- #else
-- ret = npth_eselect (nfd+1, &read_fdset, NULL, NULL, &timeout, NULL, NULL);
-+ ret = npth_eselect (max_fd+1, &read_fdset, NULL, NULL, &timeout, NULL, NULL);
- saved_errno = errno;
- #endif
-
-@@ -1284,6 +1318,13 @@ handle_connections (int listen_fd)
- /* Timeout. Will be handled when calculating the next timeout. */
- continue;
-
-+ if (FD_ISSET (pipe_fd[0], &read_fdset))
-+ {
-+ char buf[256];
-+
-+ ret = read (pipe_fd[0], buf, sizeof buf);
-+ }
-+
- if (listen_fd != -1 && FD_ISSET (listen_fd, &read_fdset))
- {
- ctrl_t ctrl;
-@@ -1322,6 +1363,8 @@ handle_connections (int listen_fd)
- }
- }
-
-+ close (pipe_fd[0]);
-+ close (pipe_fd[1]);
- cleanup ();
- log_info (_("%s %s stopped\n"), strusage(11), strusage(13));
- npth_attr_destroy (&tattr);
-diff --git a/scd/scdaemon.h b/scd/scdaemon.h
-index d0bc98efe..fcab6489f 100644
---- a/scd/scdaemon.h
-+++ b/scd/scdaemon.h
-@@ -125,6 +125,7 @@ void send_status_info (ctrl_t ctrl, const char *keyword, ...)
- void send_status_direct (ctrl_t ctrl, const char *keyword, const char *args);
- void scd_update_reader_status_file (void);
- void send_client_notifications (app_t app, int removal);
-+void scd_kick_the_loop (void);
-
-
- #endif /*SCDAEMON_H*/
diff --git a/debian/patches/series b/debian/patches/series
index afa84e1..a43241d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -9,22 +9,3 @@ gpg-agent-idling/0001-agent-Create-framework-of-scheduled-timers.patch
gpg-agent-idling/0002-agent-Allow-threads-to-interrupt-main-select-loop-wi.patch
gpg-agent-idling/0003-agent-Avoid-tight-timer-tick-when-possible.patch
gpg-agent-idling/0004-agent-Avoid-scheduled-checks-on-socket-when-inotify-.patch
-0012-tools-Fix-memory-leak.patch
-0013-tools-Improve-error-handling.patch
-0014-dirmngr-New-option-disable-ipv4.patch
-0015-dirmngr-Simplify-error-returning-inside-http.c.patch
-0016-gpg-Print-a-warning-on-Tor-problems.patch
-0017-agent-Fix-double-free.patch
-0018-gpg-Fix-searching-for-mail-addresses-in-keyrings.patch
-0019-dirmngr-New-option-no-use-tor-and-internal-changes.patch
-0020-gpg-Remove-period-at-end-of-warning.patch
-0021-gpg-Add-newline-to-output.patch
-0022-gpg-Only-print-out-TOFU-statistics-for-conflicts-in-.patch
-0023-gpg-If-there-is-a-TOFU-conflict-elide-the-too-few-me.patch
-0024-gpg-Ensure-TOFU-bindings-associated-with-UTKs-are-re.patch
-0025-gpg-Don-t-assume-that-strtoul-interprets-as-0.patch
-0026-gpg-More-diagnostics-for-a-launched-pinentry.patch
-0027-doc-Clarify-abbreviation-of-help.patch
-0028-scd-Backport-two-fixes-from-master.patch
-0029-scd-Fix-use-case-of-PC-SC.patch
-0030-scd-Fix-factory-reset.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list