[Pkg-gnupg-commit] [gnupg2] 02/09: more bugfixes from upstream
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu May 11 02:43:35 UTC 2017
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch experimental
in repository gnupg2.
commit 8ccbfe2478a44d37164e0e95309af6f238b25ecb
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Tue Apr 25 22:37:48 2017 -0400
more bugfixes from upstream
---
...ll-length-specifier-when-time_t-is-larger.patch | 43 +++++
.../0032-g10-Minor-clean-up-for-export.c.patch | 90 +++++++++++
...33-dirmngr-Fix-dns-stuff.c-in-another-way.patch | 32 ++++
...-unexpected-suspend-resume-by-CCID-driver.patch | 55 +++++++
.../patches/0035-common-Simplify-format_text.patch | 139 ++++++++++++++++
.../0036-dirmngr-Fix-possible-null-reference.patch | 28 ++++
...tools-Fix-condition-for-gpg-connect-agent.patch | 30 ++++
debian/patches/0038-dirmngr-Fix-type-of-sock.patch | 25 +++
.../0039-common-g10-Fix-enumeration-types.patch | 179 +++++++++++++++++++++
.../patches/0040-dirmngr-Fix-thread-key-type.patch | 25 +++
.../0041-dirmngr-Fix-alignment-of-ADDR.patch | 155 ++++++++++++++++++
...2-dirmngr-Fix-http.c-for-sockaddr_storage.patch | 70 ++++++++
.../0043-dirmngr-More-fix-for-Windows.patch | 73 +++++++++
...44-agent-Clean-up-error-initialize-return.patch | 85 ++++++++++
...0-Fix-import-export-filter-property-match.patch | 25 +++
debian/patches/0046-g10-Minor-fixes.patch | 66 ++++++++
debian/patches/0047-g10-Fix-parse_ring_trust.patch | 25 +++
debian/patches/0048-tests-Minor-memory-fix.patch | 25 +++
debian/patches/0049-agent-Minor-cleanup.patch | 46 ++++++
debian/patches/0050-agent-More-minor-change.patch | 24 +++
...51-dirmngr-Fix-API-difference-for-Windows.patch | 100 ++++++++++++
...0052-dirmngr-Fix-final-close-of-LISTEN_FD.patch | 50 ++++++
...3-g10-invalidate-the-fd-cache-for-keyring.patch | 41 +++++
...054-dirmngr-Fix-aliasing-problem-in-dns.c.patch | 89 ++++++++++
debian/patches/series | 24 +++
25 files changed, 1544 insertions(+)
diff --git a/debian/patches/0031-agent-Use-ll-length-specifier-when-time_t-is-larger.patch b/debian/patches/0031-agent-Use-ll-length-specifier-when-time_t-is-larger.patch
new file mode 100644
index 0000000..3496a8e
--- /dev/null
+++ b/debian/patches/0031-agent-Use-ll-length-specifier-when-time_t-is-larger.patch
@@ -0,0 +1,43 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Mon, 10 Apr 2017 15:04:57 +0900
+Subject: agent: Use "ll" length specifier when time_t is larger.
+
+* agent/command.c (cmd_keytocard): Use KEYTOCARD_TIMESTAMP_FORMAT.
+
+--
+
+On a big-endian 32-bit platform which uses 64-bit time_t, it might go
+wrong.
+
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit 170660ed11b56145dea4865e751ae5aff1681fe2)
+---
+ agent/command.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/agent/command.c b/agent/command.c
+index 1f8f7c2..ab6d7eb 100644
+--- a/agent/command.c
++++ b/agent/command.c
+@@ -2477,6 +2477,12 @@ cmd_delete_key (assuan_context_t ctx, char *line)
+
+
+
++#if SIZEOF_TIME_T > SIZEOF_UNSIGNED_LONG
++#define KEYTOCARD_TIMESTAMP_FORMAT "(10:created-at10:%010llu))"
++#else
++#define KEYTOCARD_TIMESTAMP_FORMAT "(10:created-at10:%010lu))"
++#endif
++
+ static const char hlp_keytocard[] =
+ "KEYTOCARD [--force] <hexstring_with_keygrip> <serialno> <id> <timestamp>\n"
+ "\n";
+@@ -2580,7 +2586,7 @@ cmd_keytocard (assuan_context_t ctx, char *line)
+ gcry_sexp_release (s_skey);
+ keydatalen--; /* Decrement for last '\0'. */
+ /* Add timestamp "created-at" in the private key */
+- snprintf (keydata+keydatalen-1, 30, "(10:created-at10:%010lu))", timestamp);
++ snprintf (keydata+keydatalen-1, 30, KEYTOCARD_TIMESTAMP_FORMAT, timestamp);
+ keydatalen += 10 + 19 - 1;
+ err = divert_writekey (ctrl, force, serialno, id, keydata, keydatalen);
+ xfree (keydata);
diff --git a/debian/patches/0032-g10-Minor-clean-up-for-export.c.patch b/debian/patches/0032-g10-Minor-clean-up-for-export.c.patch
new file mode 100644
index 0000000..ca6f13a
--- /dev/null
+++ b/debian/patches/0032-g10-Minor-clean-up-for-export.c.patch
@@ -0,0 +1,90 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Wed, 12 Apr 2017 08:47:23 +0900
+Subject: g10: Minor clean up for export.c.
+
+* g10/export.c (export_ssh_key): Check IDENTIFIER for error.
+Release base64 thing on error of get_membuf.
+
+--
+
+Compiler (older) may misunderstand the variable IDENTIFIER is not
+initialized, while good one can do better analysys on the value for
+ERR (and thus, IDENTIFIER).
+
+On the error of get_membuf, still, b64enc_finish should be called,
+even if it lost the ERR value.
+
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit 05218829589f6d4b09933fa19f568c2019367d5c)
+---
+ g10/export.c | 35 ++++++++++++++++-------------------
+ 1 file changed, 16 insertions(+), 19 deletions(-)
+
+diff --git a/g10/export.c b/g10/export.c
+index 31caa55..9b203e3 100644
+--- a/g10/export.c
++++ b/g10/export.c
+@@ -2125,7 +2125,7 @@ export_ssh_key (ctrl_t ctrl, const char *userid)
+ u32 curtime = make_timestamp ();
+ kbnode_t latest_key, node;
+ PKT_public_key *pk;
+- const char *identifier;
++ const char *identifier = NULL;
+ membuf_t mb;
+ estream_t fp = NULL;
+ struct b64state b64_state;
+@@ -2321,8 +2321,6 @@ export_ssh_key (ctrl_t ctrl, const char *userid)
+ identifier = "ecdsa-sha2-nistp384";
+ else if (!strcmp (curve, "nistp521"))
+ identifier = "ecdsa-sha2-nistp521";
+- else
+- identifier = NULL;
+
+ if (!identifier)
+ err = gpg_error (GPG_ERR_UNKNOWN_CURVE);
+@@ -2353,7 +2351,7 @@ export_ssh_key (ctrl_t ctrl, const char *userid)
+ break;
+ }
+
+- if (err)
++ if (!identifier)
+ goto leave;
+
+ if (opt.outfile && *opt.outfile && strcmp (opt.outfile, "-"))
+@@ -2369,22 +2367,21 @@ export_ssh_key (ctrl_t ctrl, const char *userid)
+
+ es_fprintf (fp, "%s ", identifier);
+ err = b64enc_start_es (&b64_state, fp, "");
+- if (err)
+- goto leave;
+- {
+- void *blob;
+- size_t bloblen;
++ if (!err)
++ {
++ void *blob;
++ size_t bloblen;
+
+- blob = get_membuf (&mb, &bloblen);
+- if (!blob)
+- err = gpg_error_from_syserror ();
+- else
+- err = b64enc_write (&b64_state, blob, bloblen);
+- xfree (blob);
+- if (err)
+- goto leave;
+- }
+- err = b64enc_finish (&b64_state);
++ blob = get_membuf (&mb, &bloblen);
++ if (blob)
++ {
++ err = b64enc_write (&b64_state, blob, bloblen);
++ xfree (blob);
++ if (err)
++ goto leave;
++ }
++ err = b64enc_finish (&b64_state);
++ }
+ if (err)
+ goto leave;
+ es_fprintf (fp, " openpgp:0x%08lX\n", (ulong)keyid_from_pk (pk, NULL));
diff --git a/debian/patches/0033-dirmngr-Fix-dns-stuff.c-in-another-way.patch b/debian/patches/0033-dirmngr-Fix-dns-stuff.c-in-another-way.patch
new file mode 100644
index 0000000..3a03230
--- /dev/null
+++ b/debian/patches/0033-dirmngr-Fix-dns-stuff.c-in-another-way.patch
@@ -0,0 +1,32 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Wed, 12 Apr 2017 10:19:27 +0900
+Subject: dirmngr: Fix dns-stuff.c in another way.
+
+* dirmngr/dns-stuff.c (T_CERT): Define our own.
+
+--
+
+T_CERT may be defined by another enum type even if the value is same.
+
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit bd0c94939faf8ccfc117fb595e9bc0105edcafa4)
+---
+ dirmngr/dns-stuff.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
+index 728f662..cb0456a 100644
+--- a/dirmngr/dns-stuff.c
++++ b/dirmngr/dns-stuff.c
+@@ -95,9 +95,8 @@
+ #ifndef T_SRV
+ #define T_SRV 33
+ #endif
+-#ifndef T_CERT
+-# define T_CERT 37
+-#endif
++#undef T_CERT
++#define T_CERT 37
+
+ /* The standard SOCKS and TOR ports. */
+ #define SOCKS_PORT 1080
diff --git a/debian/patches/0034-scd-Handle-unexpected-suspend-resume-by-CCID-driver.patch b/debian/patches/0034-scd-Handle-unexpected-suspend-resume-by-CCID-driver.patch
new file mode 100644
index 0000000..53fa774
--- /dev/null
+++ b/debian/patches/0034-scd-Handle-unexpected-suspend-resume-by-CCID-driver.patch
@@ -0,0 +1,55 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Wed, 12 Apr 2017 11:21:08 +0900
+Subject: scd: Handle unexpected suspend/resume by CCID driver.
+
+* scd/ccid-driver.c (bulk_in): Handle unexpected failure.
+
+--
+
+GnuPG-bug-id: 3083
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit f053f99ed0b0c6de7b7c4a07cbd7f7d213ddf0db)
+---
+ scd/ccid-driver.c | 20 ++++++++++++++++----
+ 1 file changed, 16 insertions(+), 4 deletions(-)
+
+diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c
+index d135ca6..efdd6e1 100644
+--- a/scd/ccid-driver.c
++++ b/scd/ccid-driver.c
+@@ -2196,7 +2196,7 @@ bulk_in (ccid_driver_t handle, unsigned char *buffer, size_t length,
+ goto retry;
+ }
+
+- if (buffer[0] != expected_type)
++ if (buffer[0] != expected_type && buffer[0] != RDR_to_PC_SlotStatus)
+ {
+ DEBUGOUT_1 ("unexpected bulk-in msg type (%02x)\n", buffer[0]);
+ abort_cmd (handle, seqno);
+@@ -2236,11 +2236,23 @@ bulk_in (ccid_driver_t handle, unsigned char *buffer, size_t length,
+ switch ((buffer[7] & 0x03))
+ {
+ case 0: /* no error */ break;
+- case 1: return CCID_DRIVER_ERR_CARD_INACTIVE;
+- case 2: return CCID_DRIVER_ERR_NO_CARD;
++ case 1: rc = CCID_DRIVER_ERR_CARD_INACTIVE; break;
++ case 2: rc = CCID_DRIVER_ERR_NO_CARD; break;
+ case 3: /* RFU */ break;
+ }
+- return 0;
++
++ if (rc)
++ {
++ /*
++ * Communication failure by device side.
++ * Possibly, it was forcibly suspended and resumed.
++ */
++ DEBUGOUT ("CCID: card inactive/removed\n");
++ handle->powered_off = 1;
++ scd_kick_the_loop ();
++ }
++
++ return rc;
+ }
+
+
diff --git a/debian/patches/0035-common-Simplify-format_text.patch b/debian/patches/0035-common-Simplify-format_text.patch
new file mode 100644
index 0000000..bb3dc98
--- /dev/null
+++ b/debian/patches/0035-common-Simplify-format_text.patch
@@ -0,0 +1,139 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Wed, 12 Apr 2017 14:47:30 +0900
+Subject: common: Simplify format_text.
+
+* common/stringhelp.c (format_text): Don't allow IN_PLACE formatting.
+* common/stringhelp.h: Change the API with no IN_PLACE.
+* common/t-stringhelp.c (test_format_text): Follow the change.
+* g10/gpgcompose.c (show_help): Likewise.
+* g10/tofu.c (format_conflict_msg_part1, ask_about_binding)
+(show_statistics, show_warning): Likewise.
+
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit 7b4edf14bb16fbe786e55b829a208960396ce8df)
+---
+ common/stringhelp.c | 9 ++++-----
+ common/stringhelp.h | 2 +-
+ common/t-stringhelp.c | 2 +-
+ g10/gpgcompose.c | 2 +-
+ g10/tofu.c | 10 +++++-----
+ 5 files changed, 12 insertions(+), 13 deletions(-)
+
+diff --git a/common/stringhelp.c b/common/stringhelp.c
+index bea1466..509d327 100644
+--- a/common/stringhelp.c
++++ b/common/stringhelp.c
+@@ -1443,11 +1443,10 @@ compare_version_strings (const char *my_version, const char *req_version)
+
+
+ /* Format a string so that it fits within about TARGET_COLS columns.
+- If IN_PLACE is 0, then TEXT is copied to a new buffer, which is
+- returned. Otherwise, TEXT is modified in place and returned.
++ TEXT_IN is copied to a new buffer, which is returned.
+ Normally, target_cols will be 72 and max_cols is 80. */
+ char *
+-format_text (char *text, int in_place, int target_cols, int max_cols)
++format_text (const char *text_in, int target_cols, int max_cols)
+ {
+ const int do_debug = 0;
+
+@@ -1459,9 +1458,9 @@ format_text (char *text, int in_place, int target_cols, int max_cols)
+ char *last_space = NULL;
+ int last_space_cols = 0;
+ int copied_last_space = 0;
++ char *text;
+
+- if (! in_place)
+- text = xstrdup (text);
++ text = xstrdup (text_in);
+
+ p = line = text;
+ while (1)
+diff --git a/common/stringhelp.h b/common/stringhelp.h
+index 3852d0f..a643f35 100644
+--- a/common/stringhelp.h
++++ b/common/stringhelp.h
+@@ -155,7 +155,7 @@ int split_fields (char *string, char **array, int arraysize);
+ int compare_version_strings (const char *my_version, const char *req_version);
+
+ /* Format a string so that it fits within about TARGET_COLS columns. */
+-char *format_text (char *text, int in_place, int target_cols, int max_cols);
++char *format_text (const char *text, int target_cols, int max_cols);
+
+
+ /*-- mapstrings.c --*/
+diff --git a/common/t-stringhelp.c b/common/t-stringhelp.c
+index a105ad1..869ca56 100644
+--- a/common/t-stringhelp.c
++++ b/common/t-stringhelp.c
+@@ -885,7 +885,7 @@ test_format_text (void)
+ {
+ struct test *test = &tests[i];
+ char *result =
+- format_text (test->input, 0, test->target_cols, test->max_cols);
++ format_text (test->input, test->target_cols, test->max_cols);
+ if (strcmp (result, test->expected) != 0)
+ {
+ printf ("%s: Test #%d failed.\nExpected: '%s'\nResult: '%s'\n",
+diff --git a/g10/gpgcompose.c b/g10/gpgcompose.c
+index d585502..071d6bf 100644
+--- a/g10/gpgcompose.c
++++ b/g10/gpgcompose.c
+@@ -305,7 +305,7 @@ show_help (struct option options[])
+
+ if (! option)
+ space = 72;
+- formatted = format_text (tmp, 0, space, space + 4);
++ formatted = format_text (tmp, space, space + 4);
+
+ if (tmp != help)
+ xfree (tmp);
+diff --git a/g10/tofu.c b/g10/tofu.c
+index 169e29e..a6d5461 100644
+--- a/g10/tofu.c
++++ b/g10/tofu.c
+@@ -1355,7 +1355,7 @@ format_conflict_msg_part1 (int policy, strlist_t conflict_set,
+ es_fputc (0, fp);
+ if (es_fclose_snatch (fp, (void **)&tmpstr, NULL))
+ log_fatal ("error snatching memory stream\n");
+- text = format_text (tmpstr, 0, 72, 80);
++ text = format_text (tmpstr, 72, 80);
+ es_free (tmpstr);
+
+ return text;
+@@ -1913,7 +1913,7 @@ ask_about_binding (ctrl_t ctrl,
+ /* TRANSLATORS: Please translate the text found in the source
+ * file below. We don't directly internationalize that text so
+ * that we can tweak it without breaking translations. */
+- char *text = _("TOFU detected a binding conflict");
++ const char *text = _("TOFU detected a binding conflict");
+ char *textbuf;
+ if (!strcmp (text, "TOFU detected a binding conflict"))
+ {
+@@ -1926,7 +1926,7 @@ ask_about_binding (ctrl_t ctrl,
+ "attack! Before accepting this association, you should talk to or "
+ "call the person to make sure this new key is legitimate.";
+ }
+- textbuf = format_text (text, 0, 72, 80);
++ textbuf = format_text (text, 72, 80);
+ es_fprintf (fp, "\n%s\n", textbuf);
+ xfree (textbuf);
+ }
+@@ -3190,7 +3190,7 @@ show_statistics (tofu_dbs_t dbs,
+ es_fputc (0, fp);
+ if (es_fclose_snatch (fp, (void **) &tmpmsg, NULL))
+ log_fatal ("error snatching memory stream\n");
+- msg = format_text (tmpmsg, 0, 72, 80);
++ msg = format_text (tmpmsg, 72, 80);
+ es_free (tmpmsg);
+
+ /* Print a status line but suppress the trailing LF.
+@@ -3265,7 +3265,7 @@ show_warning (const char *fingerprint, strlist_t user_id_list)
+ strlist_length (user_id_list)),
+ set_policy_command);
+
+- text = format_text (tmpmsg, 0, 72, 80);
++ text = format_text (tmpmsg, 72, 80);
+ xfree (tmpmsg);
+ log_string (GPGRT_LOG_INFO, text);
+ xfree (text);
diff --git a/debian/patches/0036-dirmngr-Fix-possible-null-reference.patch b/debian/patches/0036-dirmngr-Fix-possible-null-reference.patch
new file mode 100644
index 0000000..d71c926
--- /dev/null
+++ b/debian/patches/0036-dirmngr-Fix-possible-null-reference.patch
@@ -0,0 +1,28 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Wed, 12 Apr 2017 15:58:11 +0900
+Subject: dirmngr: Fix possible null reference.
+
+* dirmngr/dns.c (dns_error_t dns_trace_fput): Check NULL.
+
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit 7ae1857c90ab43ad9e31f0fb6dbd37f25cc37278)
+---
+ dirmngr/dns.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/dirmngr/dns.c b/dirmngr/dns.c
+index 869e7ed..ebfd4c3 100644
+--- a/dirmngr/dns.c
++++ b/dirmngr/dns.c
+@@ -4594,8 +4594,9 @@ dns_error_t dns_trace_fput(const struct dns_trace_event *te, const void *data, s
+
+ if (fwrite(&tmp, 1, headsize, fp) < headsize)
+ return errno;
+- if (fwrite(data, 1, datasize, fp) < datasize)
+- return errno;
++ if (data)
++ if (fwrite(data, 1, datasize, fp) < datasize)
++ return errno;
+ if (fflush(fp))
+ return errno;
+
diff --git a/debian/patches/0037-tools-Fix-condition-for-gpg-connect-agent.patch b/debian/patches/0037-tools-Fix-condition-for-gpg-connect-agent.patch
new file mode 100644
index 0000000..d18f873
--- /dev/null
+++ b/debian/patches/0037-tools-Fix-condition-for-gpg-connect-agent.patch
@@ -0,0 +1,30 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Wed, 12 Apr 2017 16:01:16 +0900
+Subject: tools: Fix condition for gpg-connect-agent.
+
+* tools/gpg-connect-agent.c (start_agent): Add paren.
+
+--
+
+The intention is comparing the error code depending opt.use_dirmngr.
+Considering C Operator Precedence, we should have paren here.
+
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit f52f6af834cc488d11612e349e4af023d69a45f4)
+---
+ tools/gpg-connect-agent.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/gpg-connect-agent.c b/tools/gpg-connect-agent.c
+index ef71d27..f20d331 100644
+--- a/tools/gpg-connect-agent.c
++++ b/tools/gpg-connect-agent.c
+@@ -2237,7 +2237,7 @@ start_agent (void)
+ {
+ if (!opt.autostart
+ && (gpg_err_code (err)
+- == opt.use_dirmngr? GPG_ERR_NO_DIRMNGR : GPG_ERR_NO_AGENT))
++ == (opt.use_dirmngr? GPG_ERR_NO_DIRMNGR : GPG_ERR_NO_AGENT)))
+ {
+ /* In the no-autostart case we don't make gpg-connect-agent
+ fail on a missing server. */
diff --git a/debian/patches/0038-dirmngr-Fix-type-of-sock.patch b/debian/patches/0038-dirmngr-Fix-type-of-sock.patch
new file mode 100644
index 0000000..ca08ee7
--- /dev/null
+++ b/debian/patches/0038-dirmngr-Fix-type-of-sock.patch
@@ -0,0 +1,25 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Wed, 12 Apr 2017 20:50:50 +0900
+Subject: dirmngr: Fix type of sock.
+
+* dirmngr/http.c (send_request): Use assuan_fd_t for SOCK.
+
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit 6755b3b505f79a5a233b18e85f57a0d3a455e664)
+---
+ dirmngr/http.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/dirmngr/http.c b/dirmngr/http.c
+index 04a30d6..356e2bc 100644
+--- a/dirmngr/http.c
++++ b/dirmngr/http.c
+@@ -1643,7 +1643,7 @@ send_request (http_t hd, const char *httphost, const char *auth,
+ const char *http_proxy = NULL;
+ char *proxy_authstr = NULL;
+ char *authstr = NULL;
+- int sock;
++ assuan_fd_t sock;
+
+ if (hd->uri->use_tls && !hd->session)
+ {
diff --git a/debian/patches/0039-common-g10-Fix-enumeration-types.patch b/debian/patches/0039-common-g10-Fix-enumeration-types.patch
new file mode 100644
index 0000000..c9fbd0a
--- /dev/null
+++ b/debian/patches/0039-common-g10-Fix-enumeration-types.patch
@@ -0,0 +1,179 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Thu, 13 Apr 2017 12:54:52 +0900
+Subject: common, g10: Fix enumeration types.
+
+* common/openpgpdefs.h (CIPHER_ALGO_PRIVATE10, PUBKEY_ALGO_PRIVATE10)
+(DIGEST_ALGO_PRIVATE10, COMPRESS_ALGO_PRIVATE10): New.
+* g10/misc.c (map_pk_gcry_to_openpgp): Add type conversion.
+(map_cipher_openpgp_to_gcry, openpgp_cipher_algo_name)
+(openpgp_pk_test_algo2, map_md_openpgp_to_gcry)
+(pubkey_get_npkey): Add default handling.
+
+--
+
+Compilers may emit code assuming the maximum value of enum type.
+According to OpenPGP specification, there are cases for private uses.
+
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit 74258278efacd7069e8c1df8ff6fc3f4675d713e)
+---
+ common/openpgpdefs.h | 12 ++++++++----
+ g10/misc.c | 23 +++++++++++++----------
+ 2 files changed, 21 insertions(+), 14 deletions(-)
+
+diff --git a/common/openpgpdefs.h b/common/openpgpdefs.h
+index 3d5d306..85a4251 100644
+--- a/common/openpgpdefs.h
++++ b/common/openpgpdefs.h
+@@ -136,7 +136,8 @@ typedef enum
+ CIPHER_ALGO_TWOFISH = 10, /* 256 bit */
+ CIPHER_ALGO_CAMELLIA128 = 11,
+ CIPHER_ALGO_CAMELLIA192 = 12,
+- CIPHER_ALGO_CAMELLIA256 = 13
++ CIPHER_ALGO_CAMELLIA256 = 13,
++ CIPHER_ALGO_PRIVATE10 = 110
+ }
+ cipher_algo_t;
+
+@@ -152,7 +153,8 @@ typedef enum
+ PUBKEY_ALGO_ECDSA = 19, /* RFC-6637 */
+ PUBKEY_ALGO_ELGAMAL = 20, /* Elgamal encrypt+sign (legacy). */
+ /* 21 reserved by OpenPGP. */
+- PUBKEY_ALGO_EDDSA = 22 /* EdDSA (not yet assigned). */
++ PUBKEY_ALGO_EDDSA = 22, /* EdDSA (not yet assigned). */
++ PUBKEY_ALGO_PRIVATE10 = 110
+ }
+ pubkey_algo_t;
+
+@@ -166,7 +168,8 @@ typedef enum
+ DIGEST_ALGO_SHA256 = 8,
+ DIGEST_ALGO_SHA384 = 9,
+ DIGEST_ALGO_SHA512 = 10,
+- DIGEST_ALGO_SHA224 = 11
++ DIGEST_ALGO_SHA224 = 11,
++ DIGEST_ALGO_PRIVATE10 = 110
+ }
+ digest_algo_t;
+
+@@ -176,7 +179,8 @@ typedef enum
+ COMPRESS_ALGO_NONE = 0,
+ COMPRESS_ALGO_ZIP = 1,
+ COMPRESS_ALGO_ZLIB = 2,
+- COMPRESS_ALGO_BZIP2 = 3
++ COMPRESS_ALGO_BZIP2 = 3,
++ COMPRESS_ALGO_PRIVATE10 = 110
+ }
+ compress_algo_t;
+
+diff --git a/g10/misc.c b/g10/misc.c
+index 0ecdb04..abae6c9 100644
+--- a/g10/misc.c
++++ b/g10/misc.c
+@@ -473,8 +473,8 @@ map_cipher_openpgp_to_gcry (cipher_algo_t algo)
+ #else
+ case CIPHER_ALGO_CAMELLIA256: return 0;
+ #endif
++ default: return 0;
+ }
+- return 0;
+ }
+
+ /* The inverse function of above. */
+@@ -509,7 +509,7 @@ map_pk_gcry_to_openpgp (enum gcry_pk_algos algo)
+ {
+ case GCRY_PK_ECDSA: return PUBKEY_ALGO_ECDSA;
+ case GCRY_PK_ECDH: return PUBKEY_ALGO_ECDH;
+- default: return algo < 110 ? algo : 0;
++ default: return algo < 110 ? (pubkey_algo_t)algo : 0;
+ }
+ }
+
+@@ -565,7 +565,6 @@ openpgp_cipher_algo_name (cipher_algo_t algo)
+ {
+ switch (algo)
+ {
+- case CIPHER_ALGO_NONE: break;
+ case CIPHER_ALGO_IDEA: return "IDEA";
+ case CIPHER_ALGO_3DES: return "3DES";
+ case CIPHER_ALGO_CAST5: return "CAST5";
+@@ -577,8 +576,9 @@ openpgp_cipher_algo_name (cipher_algo_t algo)
+ case CIPHER_ALGO_CAMELLIA128: return "CAMELLIA128";
+ case CIPHER_ALGO_CAMELLIA192: return "CAMELLIA192";
+ case CIPHER_ALGO_CAMELLIA256: return "CAMELLIA256";
++ case CIPHER_ALGO_NONE:
++ default: return "?";
+ }
+- return "?";
+ }
+
+
+@@ -636,6 +636,9 @@ openpgp_pk_test_algo2 (pubkey_algo_t algo, unsigned int use)
+ if (RFC2440)
+ ga = GCRY_PK_ELG;
+ break;
++
++ default:
++ break;
+ }
+ if (!ga)
+ return gpg_error (GPG_ERR_PUBKEY_ALGO);
+@@ -699,8 +702,8 @@ openpgp_pk_algo_name (pubkey_algo_t algo)
+ case PUBKEY_ALGO_ECDH: return "ECDH";
+ case PUBKEY_ALGO_ECDSA: return "ECDSA";
+ case PUBKEY_ALGO_EDDSA: return "EDDSA";
++ default: return "?";
+ }
+- return "?";
+ }
+
+
+@@ -832,8 +835,8 @@ map_md_openpgp_to_gcry (digest_algo_t algo)
+ #else
+ case DIGEST_ALGO_SHA512: return 0;
+ #endif
++ default: return 0;
+ }
+- return 0;
+ }
+
+
+@@ -1652,8 +1655,8 @@ pubkey_get_npkey (pubkey_algo_t algo)
+ case PUBKEY_ALGO_ECDSA: return 2;
+ case PUBKEY_ALGO_ELGAMAL: return 3;
+ case PUBKEY_ALGO_EDDSA: return 2;
++ default: return 0;
+ }
+- return 0;
+ }
+
+
+@@ -1672,8 +1675,8 @@ pubkey_get_nskey (pubkey_algo_t algo)
+ case PUBKEY_ALGO_ECDSA: return 3;
+ case PUBKEY_ALGO_ELGAMAL: return 4;
+ case PUBKEY_ALGO_EDDSA: return 3;
++ default: return 0;
+ }
+- return 0;
+ }
+
+ /* Temporary helper. */
+@@ -1691,8 +1694,8 @@ pubkey_get_nsig (pubkey_algo_t algo)
+ case PUBKEY_ALGO_ECDSA: return 2;
+ case PUBKEY_ALGO_ELGAMAL: return 2;
+ case PUBKEY_ALGO_EDDSA: return 2;
++ default: return 0;
+ }
+- return 0;
+ }
+
+
+@@ -1711,8 +1714,8 @@ pubkey_get_nenc (pubkey_algo_t algo)
+ case PUBKEY_ALGO_ECDSA: return 0;
+ case PUBKEY_ALGO_ELGAMAL: return 2;
+ case PUBKEY_ALGO_EDDSA: return 0;
++ default: return 0;
+ }
+- return 0;
+ }
+
+
diff --git a/debian/patches/0040-dirmngr-Fix-thread-key-type.patch b/debian/patches/0040-dirmngr-Fix-thread-key-type.patch
new file mode 100644
index 0000000..3a36382
--- /dev/null
+++ b/debian/patches/0040-dirmngr-Fix-thread-key-type.patch
@@ -0,0 +1,25 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Thu, 13 Apr 2017 13:06:38 +0900
+Subject: dirmngr: Fix thread key type.
+
+* dirmngr/dirmngr.c (my_tlskey_current_fd): Use npth_key_t.
+
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit 37018adce6ea4920b34d59afcfe4f55f716b3086)
+---
+ dirmngr/dirmngr.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
+index 3972977..4b01cb4 100644
+--- a/dirmngr/dirmngr.c
++++ b/dirmngr/dirmngr.c
+@@ -343,7 +343,7 @@ union int_and_ptr_u
+ local storage. We use this in conjunction with the
+ log_set_pid_suffix_cb feature. */
+ #ifndef HAVE_W32_SYSTEM
+-static int my_tlskey_current_fd;
++static npth_key_t my_tlskey_current_fd;
+ #endif
+
+ /* Prototypes. */
diff --git a/debian/patches/0041-dirmngr-Fix-alignment-of-ADDR.patch b/debian/patches/0041-dirmngr-Fix-alignment-of-ADDR.patch
new file mode 100644
index 0000000..d6c640d
--- /dev/null
+++ b/debian/patches/0041-dirmngr-Fix-alignment-of-ADDR.patch
@@ -0,0 +1,155 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Thu, 13 Apr 2017 14:33:33 +0900
+Subject: dirmngr: Fix alignment of ADDR.
+
+* dirmngr/dns-stuff.h (dns_addrinfo_s): Use struct sockaddr_storage
+for size and alignment.
+* dirmngr/dns-stuff.c (resolve_name_libdns): Follow the change.
+(resolve_dns_name): Use struct sockaddr_storage.
+(resolve_addr_standard, resolve_dns_addr): Likewise.
+(resolve_dns_addr): Likewise.
+
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit 892b33bb2c57785927ea6652091191da2deed464)
+---
+ dirmngr/dns-stuff.c | 31 +++++++++++++++++--------------
+ dirmngr/dns-stuff.h | 4 ++--
+ 2 files changed, 19 insertions(+), 16 deletions(-)
+
+diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
+index cb0456a..0635115 100644
+--- a/dirmngr/dns-stuff.c
++++ b/dirmngr/dns-stuff.c
+@@ -844,7 +844,7 @@ resolve_name_libdns (const char *name, unsigned short port,
+ (*r_canonname)[strlen (*r_canonname)-1] = 0;
+ }
+
+- dai = xtrymalloc (sizeof *dai + ent->ai_addrlen -1);
++ dai = xtrymalloc (sizeof *dai);
+ if (dai == NULL)
+ {
+ err = gpg_error_from_syserror ();
+@@ -968,7 +968,7 @@ resolve_name_standard (const char *name, unsigned short port,
+ if (opt_disable_ipv6 && ai->ai_family == AF_INET6)
+ continue;
+
+- dai = xtrymalloc (sizeof *dai + ai->ai_addrlen - 1);
++ dai = xtrymalloc (sizeof *dai);
+ dai->family = ai->ai_family;
+ dai->socktype = ai->ai_socktype;
+ dai->protocol = ai->ai_protocol;
+@@ -1036,7 +1036,7 @@ resolve_dns_name (const char *name, unsigned short port,
+ #ifdef USE_LIBDNS
+ /* Resolve an address using libdns. */
+ static gpg_error_t
+-resolve_addr_libdns (const struct sockaddr *addr, int addrlen,
++resolve_addr_libdns (const struct sockaddr_storage *addr, int addrlen,
+ unsigned int flags, char **r_name)
+ {
+ gpg_error_t err;
+@@ -1050,13 +1050,13 @@ resolve_addr_libdns (const struct sockaddr *addr, int addrlen,
+
+ /* First we turn ADDR into a DNS name (with ".arpa" suffix). */
+ err = 0;
+- if (addr->sa_family == AF_INET6)
++ if (addr->ss_family == AF_INET6)
+ {
+ const struct sockaddr_in6 *a6 = (const struct sockaddr_in6 *)addr;
+ if (!dns_aaaa_arpa (host, sizeof host, (void*)&a6->sin6_addr))
+ err = gpg_error (GPG_ERR_INV_OBJ);
+ }
+- else if (addr->sa_family == AF_INET)
++ else if (addr->ss_family == AF_INET)
+ {
+ const struct sockaddr_in *a4 = (const struct sockaddr_in *)addr;
+ if (!dns_a_arpa (host, sizeof host, (void*)&a4->sin_addr))
+@@ -1144,18 +1144,19 @@ resolve_addr_libdns (const struct sockaddr *addr, int addrlen,
+ buflen = sizeof ptr.host;
+
+ p = buffer;
+- if (addr->sa_family == AF_INET6 && (flags & DNS_WITHBRACKET))
++ if (addr->ss_family == AF_INET6 && (flags & DNS_WITHBRACKET))
+ {
+ *p++ = '[';
+ buflen -= 2;
+ }
+- ec = getnameinfo (addr, addrlen, p, buflen, NULL, 0, NI_NUMERICHOST);
++ ec = getnameinfo ((const struct sockaddr *)addr,
++ addrlen, p, buflen, NULL, 0, NI_NUMERICHOST);
+ if (ec)
+ {
+ err = map_eai_to_gpg_error (ec);
+ goto leave;
+ }
+- if (addr->sa_family == AF_INET6 && (flags & DNS_WITHBRACKET))
++ if (addr->ss_family == AF_INET6 && (flags & DNS_WITHBRACKET))
+ strcat (buffer, "]");
+ }
+
+@@ -1169,7 +1170,7 @@ resolve_addr_libdns (const struct sockaddr *addr, int addrlen,
+
+ /* Resolve an address using the standard system function. */
+ static gpg_error_t
+-resolve_addr_standard (const struct sockaddr *addr, int addrlen,
++resolve_addr_standard (const struct sockaddr_storage *addr, int addrlen,
+ unsigned int flags, char **r_name)
+ {
+ gpg_error_t err;
+@@ -1187,20 +1188,22 @@ resolve_addr_standard (const struct sockaddr *addr, int addrlen,
+ if ((flags & DNS_NUMERICHOST) || tor_mode)
+ ec = EAI_NONAME;
+ else
+- ec = getnameinfo (addr, addrlen, buffer, buflen, NULL, 0, NI_NAMEREQD);
++ ec = getnameinfo ((const struct sockaddr *)addr,
++ addrlen, buffer, buflen, NULL, 0, NI_NAMEREQD);
+
+ if (!ec && *buffer == '[')
+ ec = EAI_FAIL; /* A name may never start with a bracket. */
+ else if (ec == EAI_NONAME)
+ {
+ p = buffer;
+- if (addr->sa_family == AF_INET6 && (flags & DNS_WITHBRACKET))
++ if (addr->ss_family == AF_INET6 && (flags & DNS_WITHBRACKET))
+ {
+ *p++ = '[';
+ buflen -= 2;
+ }
+- ec = getnameinfo (addr, addrlen, p, buflen, NULL, 0, NI_NUMERICHOST);
+- if (!ec && addr->sa_family == AF_INET6 && (flags & DNS_WITHBRACKET))
++ ec = getnameinfo ((const struct sockaddr *)addr,
++ addrlen, p, buflen, NULL, 0, NI_NUMERICHOST);
++ if (!ec && addr->ss_family == AF_INET6 && (flags & DNS_WITHBRACKET))
+ strcat (buffer, "]");
+ }
+
+@@ -1229,7 +1232,7 @@ resolve_addr_standard (const struct sockaddr *addr, int addrlen,
+
+ /* A wrapper around getnameinfo. */
+ gpg_error_t
+-resolve_dns_addr (const struct sockaddr *addr, int addrlen,
++resolve_dns_addr (const struct sockaddr_storage *addr, int addrlen,
+ unsigned int flags, char **r_name)
+ {
+ gpg_error_t err;
+diff --git a/dirmngr/dns-stuff.h b/dirmngr/dns-stuff.h
+index 71605b7..adb0b80 100644
+--- a/dirmngr/dns-stuff.h
++++ b/dirmngr/dns-stuff.h
+@@ -78,7 +78,7 @@ struct dns_addrinfo_s
+ int socktype;
+ int protocol;
+ int addrlen;
+- struct sockaddr addr[1];
++ struct sockaddr_storage addr[1];
+ };
+
+
+@@ -142,7 +142,7 @@ gpg_error_t resolve_dns_name (const char *name, unsigned short port,
+ dns_addrinfo_t *r_dai, char **r_canonname);
+
+ /* Function similar to getnameinfo. */
+-gpg_error_t resolve_dns_addr (const struct sockaddr *addr, int addrlen,
++gpg_error_t resolve_dns_addr (const struct sockaddr_storage *addr, int addrlen,
+ unsigned int flags, char **r_name);
+
+ /* Return true if NAME is a numerical IP address. */
diff --git a/debian/patches/0042-dirmngr-Fix-http.c-for-sockaddr_storage.patch b/debian/patches/0042-dirmngr-Fix-http.c-for-sockaddr_storage.patch
new file mode 100644
index 0000000..7e17e53
--- /dev/null
+++ b/debian/patches/0042-dirmngr-Fix-http.c-for-sockaddr_storage.patch
@@ -0,0 +1,70 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Thu, 13 Apr 2017 14:46:57 +0900
+Subject: dirmngr: Fix http.c for sockaddr_storage.
+
+dirmngr/http.c (use_socks): Use sockaddr_storage.
+(my_sock_new_for_addr, connect_server): Likewise.
+
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit 86dcb03134fd4957d51ebaa06b7991239f9ee56a)
+---
+ dirmngr/http.c | 13 +++++++------
+ 1 file changed, 7 insertions(+), 6 deletions(-)
+
+diff --git a/dirmngr/http.c b/dirmngr/http.c
+index 356e2bc..e645a54 100644
+--- a/dirmngr/http.c
++++ b/dirmngr/http.c
+@@ -2470,13 +2470,13 @@ start_server ()
+ * This function is basically a copy of the same internal fucntion in
+ * Libassuan. */
+ static int
+-use_socks (struct sockaddr *addr)
++use_socks (struct sockaddr_storage *addr)
+ {
+ int mode;
+
+ if (assuan_sock_get_flag (ASSUAN_INVALID_FD, "tor-mode", &mode) || !mode)
+ return 0; /* Not in Tor mode. */
+- else if (addr->sa_family == AF_INET6)
++ else if (addr->ss_family == AF_INET6)
+ {
+ struct sockaddr_in6 *addr_in6 = (struct sockaddr_in6 *)addr;
+ const unsigned char *s;
+@@ -2491,7 +2491,7 @@ use_socks (struct sockaddr *addr)
+
+ return 0; /* This is the loopback address. */
+ }
+- else if (addr->sa_family == AF_INET)
++ else if (addr->ss_family == AF_INET)
+ {
+ struct sockaddr_in *addr_in = (struct sockaddr_in *)addr;
+
+@@ -2508,7 +2508,7 @@ use_socks (struct sockaddr *addr)
+ /* Wrapper around assuan_sock_new which takes the domain from an
+ * address parameter. */
+ static assuan_fd_t
+-my_sock_new_for_addr (struct sockaddr *addr, int type, int proto)
++my_sock_new_for_addr (struct sockaddr_storage *addr, int type, int proto)
+ {
+ int domain;
+
+@@ -2519,7 +2519,7 @@ my_sock_new_for_addr (struct sockaddr *addr, int type, int proto)
+ domain = AF_INET;
+ }
+ else
+- domain = addr->sa_family;
++ domain = addr->ss_family;
+
+ return assuan_sock_new (domain, type, proto);
+ }
+@@ -2644,7 +2644,8 @@ connect_server (const char *server, unsigned short port,
+ }
+
+ anyhostaddr = 1;
+- if (assuan_sock_connect (sock, ai->addr, ai->addrlen))
++ if (assuan_sock_connect (sock, (struct sockaddr *)ai->addr,
++ ai->addrlen))
+ {
+ last_err = gpg_err_make (default_errsource,
+ gpg_err_code_from_syserror ());
diff --git a/debian/patches/0043-dirmngr-More-fix-for-Windows.patch b/debian/patches/0043-dirmngr-More-fix-for-Windows.patch
new file mode 100644
index 0000000..c7b90e7
--- /dev/null
+++ b/debian/patches/0043-dirmngr-More-fix-for-Windows.patch
@@ -0,0 +1,73 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Fri, 14 Apr 2017 08:32:49 +0900
+Subject: dirmngr: More fix for Windows.
+
+* dirmngr/http.c (simple_cookie_read, simple_cookie_write): Only
+valid with HTTP_USE_NTBTLS.
+(_my_socket_new): Simply cast to int since it's for debug.
+(_my_socket_ref, _my_socket_unref): Likewise.
+
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit 4771bad610eb59e701fe8e53468e2af22d45eeb0)
+---
+ dirmngr/http.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/dirmngr/http.c b/dirmngr/http.c
+index e645a54..9b70599 100644
+--- a/dirmngr/http.c
++++ b/dirmngr/http.c
+@@ -166,7 +166,7 @@ static gpgrt_ssize_t cookie_read (void *cookie, void *buffer, size_t size);
+ static gpgrt_ssize_t cookie_write (void *cookie,
+ const void *buffer, size_t size);
+ static int cookie_close (void *cookie);
+-#ifdef HAVE_W32_SYSTEM
++#if defined(HAVE_W32_SYSTEM) && defined(HTTP_USE_NTBTLS)
+ static gpgrt_ssize_t simple_cookie_read (void *cookie,
+ void *buffer, size_t size);
+ static gpgrt_ssize_t simple_cookie_write (void *cookie,
+@@ -213,7 +213,7 @@ typedef struct cookie_s *cookie_t;
+
+ /* Simple cookie functions. Here the cookie is an int with the
+ * socket. */
+-#ifdef HAVE_W32_SYSTEM
++#if defined(HAVE_W32_SYSTEM) && defined(HTTP_USE_NTBTLS)
+ static es_cookie_io_functions_t simple_cookie_functions =
+ {
+ simple_cookie_read,
+@@ -383,7 +383,7 @@ _my_socket_new (int lnr, assuan_fd_t fd)
+ so->refcount = 1;
+ if (opt_debug)
+ log_debug ("http.c:%d:socket_new: object %p for fd %d created\n",
+- lnr, so, so->fd);
++ lnr, so, (int)so->fd);
+ return so;
+ }
+ #define my_socket_new(a) _my_socket_new (__LINE__, (a))
+@@ -395,7 +395,7 @@ _my_socket_ref (int lnr, my_socket_t so)
+ so->refcount++;
+ if (opt_debug > 1)
+ log_debug ("http.c:%d:socket_ref: object %p for fd %d refcount now %d\n",
+- lnr, so, so->fd, so->refcount);
++ lnr, so, (int)so->fd, so->refcount);
+ return so;
+ }
+ #define my_socket_ref(a) _my_socket_ref (__LINE__,(a))
+@@ -413,7 +413,7 @@ _my_socket_unref (int lnr, my_socket_t so,
+ so->refcount--;
+ if (opt_debug > 1)
+ log_debug ("http.c:%d:socket_unref: object %p for fd %d ref now %d\n",
+- lnr, so, so->fd, so->refcount);
++ lnr, so, (int)so->fd, so->refcount);
+
+ if (!so->refcount)
+ {
+@@ -2923,7 +2923,7 @@ cookie_write (void *cookie, const void *buffer_arg, size_t size)
+ }
+
+
+-#ifdef HAVE_W32_SYSTEM
++#if defined(HAVE_W32_SYSTEM) && defined(HTTP_USE_NTBTLS)
+ static gpgrt_ssize_t
+ simple_cookie_read (void *cookie, void *buffer, size_t size)
+ {
diff --git a/debian/patches/0044-agent-Clean-up-error-initialize-return.patch b/debian/patches/0044-agent-Clean-up-error-initialize-return.patch
new file mode 100644
index 0000000..f47ad7e
--- /dev/null
+++ b/debian/patches/0044-agent-Clean-up-error-initialize-return.patch
@@ -0,0 +1,85 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Fri, 14 Apr 2017 12:54:06 +0900
+Subject: agent: Clean up error initialize/return.
+
+* agent/call-pinentry.c (start_pinentry): Return RC.
+* agent/command-ssh.c (ssh_handler_request_identities): Don't set ERR.
+* agent/findkey.c (try_unprotect_cb): Return ERR.
+(unprotect): Don't set RC.
+* agent/gpg-agent.c (handle_connections): Don't set fd.
+
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit 36c4e540f1a4992675ee6e0acca1231325457079)
+---
+ agent/call-pinentry.c | 2 +-
+ agent/command-ssh.c | 1 -
+ agent/findkey.c | 4 +---
+ agent/gpg-agent.c | 1 -
+ 4 files changed, 2 insertions(+), 6 deletions(-)
+
+diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c
+index a35a3fb..6524cb1 100644
+--- a/agent/call-pinentry.c
++++ b/agent/call-pinentry.c
+@@ -654,7 +654,7 @@ start_pinentry (ctrl_t ctrl)
+
+ xfree (flavor_version);
+
+- return 0;
++ return rc;
+ }
+
+
+diff --git a/agent/command-ssh.c b/agent/command-ssh.c
+index b15d8b2..965c865 100644
+--- a/agent/command-ssh.c
++++ b/agent/command-ssh.c
+@@ -2582,7 +2582,6 @@ ssh_handler_request_identities (ctrl_t ctrl,
+
+ key_public = NULL;
+ key_counter = 0;
+- err = 0;
+
+ key_blobs = es_fopenmem (0, "r+b");
+ if (! key_blobs)
+diff --git a/agent/findkey.c b/agent/findkey.c
+index 0b2ddf1..f3c8ca9 100644
+--- a/agent/findkey.c
++++ b/agent/findkey.c
+@@ -328,7 +328,7 @@ try_unprotect_cb (struct pin_entry_info_s *pi)
+ xfree (desc);
+ }
+
+- return 0;
++ return err;
+ }
+
+
+@@ -552,7 +552,6 @@ unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text,
+ return 0;
+ }
+ xfree (pw);
+- rc = 0;
+ }
+ else if (cache_mode == CACHE_MODE_NORMAL)
+ {
+@@ -590,7 +589,6 @@ unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text,
+ return 0;
+ }
+ xfree (pw);
+- rc = 0;
+ }
+ }
+
+diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
+index c16d9a3..098a335 100644
+--- a/agent/gpg-agent.c
++++ b/agent/gpg-agent.c
+@@ -3043,7 +3043,6 @@ handle_connections (gnupg_fd_t listen_fd,
+ xfree (ctrl);
+ }
+ }
+- fd = GNUPG_INVALID_FD;
+ }
+ }
+ }
diff --git a/debian/patches/0045-g10-Fix-import-export-filter-property-match.patch b/debian/patches/0045-g10-Fix-import-export-filter-property-match.patch
new file mode 100644
index 0000000..fbeac30
--- /dev/null
+++ b/debian/patches/0045-g10-Fix-import-export-filter-property-match.patch
@@ -0,0 +1,25 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Mon, 17 Apr 2017 09:08:31 +0900
+Subject: g10: Fix import/export filter property match.
+
+* g10/import.c (impex_filter_getval): Fix to "else if".
+
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit af5f8ecf51f5e1f33e832d4946d02313b78a0536)
+---
+ g10/import.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/g10/import.c b/g10/import.c
+index 54d649b..ba1c44a 100644
+--- a/g10/import.c
++++ b/g10/import.c
+@@ -1261,7 +1261,7 @@ impex_filter_getval (void *cookie, const char *propname)
+ snprintf (numbuf, sizeof numbuf, "%d", pk->pubkey_algo);
+ result = numbuf;
+ }
+- if (!strcmp (propname, "key_created"))
++ else if (!strcmp (propname, "key_created"))
+ {
+ snprintf (numbuf, sizeof numbuf, "%lu", (ulong)pk->timestamp);
+ result = numbuf;
diff --git a/debian/patches/0046-g10-Minor-fixes.patch b/debian/patches/0046-g10-Minor-fixes.patch
new file mode 100644
index 0000000..a33580c
--- /dev/null
+++ b/debian/patches/0046-g10-Minor-fixes.patch
@@ -0,0 +1,66 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Mon, 17 Apr 2017 09:15:13 +0900
+Subject: g10: Minor fixes.
+
+* g10/export.c (cleartext_secret_key_to_openpgp): No initialization.
+(do_export_one_keyblock): Initialize with GPG_ERR_NOT_FOUND.
+* g10/getkey.c (get_best_pubkey_byname): Add non-null check.
+* g10/tofu.c (tofu_set_policy): ERR initialize to 0.
+
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit 0dec0cc281dfa26db89f8cc5ee002dea5c2b2e81)
+---
+ g10/export.c | 4 ++--
+ g10/getkey.c | 3 ++-
+ g10/tofu.c | 2 +-
+ 3 files changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/g10/export.c b/g10/export.c
+index 9b203e3..ce79a2f 100644
+--- a/g10/export.c
++++ b/g10/export.c
+@@ -580,7 +580,7 @@ canon_pk_algo (enum gcry_pk_algos algo)
+ static gpg_error_t
+ cleartext_secret_key_to_openpgp (gcry_sexp_t s_key, PKT_public_key *pk)
+ {
+- gpg_error_t err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
++ gpg_error_t err;
+ gcry_sexp_t top_list;
+ gcry_sexp_t key = NULL;
+ char *key_type = NULL;
+@@ -1539,7 +1539,7 @@ do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid,
+ KEYDB_SEARCH_DESC *desc, size_t ndesc,
+ size_t descindex, gcry_cipher_hd_t cipherhd)
+ {
+- gpg_error_t err;
++ gpg_error_t err = gpg_error (GPG_ERR_NOT_FOUND);
+ char *cache_nonce = NULL;
+ subkey_list_t subkey_list = NULL; /* Track already processed subkeys. */
+ int skip_until_subkey = 0;
+diff --git a/g10/getkey.c b/g10/getkey.c
+index dab63fa..75b8564 100644
+--- a/g10/getkey.c
++++ b/g10/getkey.c
+@@ -1654,7 +1654,8 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retctx, PKT_public_key *pk,
+ if (! ctx->kr_handle)
+ {
+ xfree (ctx);
+- *retctx = NULL;
++ if (retctx)
++ *retctx = NULL;
+ rc = gpg_error_from_syserror ();
+ }
+ else
+diff --git a/g10/tofu.c b/g10/tofu.c
+index a6d5461..d97bbc3 100644
+--- a/g10/tofu.c
++++ b/g10/tofu.c
+@@ -3857,7 +3857,7 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list,
+ gpg_error_t
+ tofu_set_policy (ctrl_t ctrl, kbnode_t kb, enum tofu_policy policy)
+ {
+- gpg_error_t err;
++ gpg_error_t err = 0;
+ time_t now = gnupg_get_time ();
+ tofu_dbs_t dbs;
+ PKT_public_key *pk;
diff --git a/debian/patches/0047-g10-Fix-parse_ring_trust.patch b/debian/patches/0047-g10-Fix-parse_ring_trust.patch
new file mode 100644
index 0000000..05270b2
--- /dev/null
+++ b/debian/patches/0047-g10-Fix-parse_ring_trust.patch
@@ -0,0 +1,25 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Mon, 17 Apr 2017 09:33:19 +0900
+Subject: g10: Fix parse_ring_trust.
+
+* g10/parse-packet.c (parse_ring_trust): Fix condition.
+
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit 256e861bce3dc9aba8fab4df47a40cae3bede175)
+---
+ g10/parse-packet.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/g10/parse-packet.c b/g10/parse-packet.c
+index 2be9849..fa44f83 100644
+--- a/g10/parse-packet.c
++++ b/g10/parse-packet.c
+@@ -2948,7 +2948,7 @@ parse_ring_trust (parse_packet_ctx_t ctx, unsigned long pktlen)
+ if (namelen && pktlen)
+ {
+ rt.url = xtrymalloc (namelen + 1);
+- if (rt.url)
++ if (!rt.url)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
diff --git a/debian/patches/0048-tests-Minor-memory-fix.patch b/debian/patches/0048-tests-Minor-memory-fix.patch
new file mode 100644
index 0000000..eebcc6f
--- /dev/null
+++ b/debian/patches/0048-tests-Minor-memory-fix.patch
@@ -0,0 +1,25 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Mon, 17 Apr 2017 09:44:37 +0900
+Subject: tests: Minor memory fix.
+
+* tests/openpgp/fake-pinentry.c (get_passphrase): Free the memory.
+
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit b9440aa3693a4bb91e1ba8ff09e2d93ff22dd70a)
+---
+ tests/openpgp/fake-pinentry.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/tests/openpgp/fake-pinentry.c b/tests/openpgp/fake-pinentry.c
+index 6585b01..fb0c6ae 100644
+--- a/tests/openpgp/fake-pinentry.c
++++ b/tests/openpgp/fake-pinentry.c
+@@ -126,6 +126,8 @@ get_passphrase (const char *fname)
+ fname, fname_new, strerror (errno));
+ exit (1);
+ }
++
++ free (fname_new);
+ return passphrase;
+ }
+
diff --git a/debian/patches/0049-agent-Minor-cleanup.patch b/debian/patches/0049-agent-Minor-cleanup.patch
new file mode 100644
index 0000000..b18e675
--- /dev/null
+++ b/debian/patches/0049-agent-Minor-cleanup.patch
@@ -0,0 +1,46 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Mon, 17 Apr 2017 16:43:36 +0900
+Subject: agent: Minor cleanup.
+
+* agent/command-ssh.c (ssh_key_to_protected_buffer): Not touch ERR.
+* agent/command.c (cmd_genkey, cmd_import_key): Clean up.
+
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit 45c52cca1401b930878a8f901b63cfbb22e9e327)
+---
+ agent/command-ssh.c | 1 -
+ agent/command.c | 2 --
+ 2 files changed, 3 deletions(-)
+
+diff --git a/agent/command-ssh.c b/agent/command-ssh.c
+index 965c865..648fc9e 100644
+--- a/agent/command-ssh.c
++++ b/agent/command-ssh.c
+@@ -2981,7 +2981,6 @@ ssh_key_to_protected_buffer (gcry_sexp_t key, const char *passphrase,
+ unsigned int buffer_new_n;
+ gpg_error_t err;
+
+- err = 0;
+ buffer_new_n = gcry_sexp_sprint (key, GCRYSEXP_FMT_CANON, NULL, 0);
+ buffer_new = xtrymalloc_secure (buffer_new_n);
+ if (! buffer_new)
+diff --git a/agent/command.c b/agent/command.c
+index ab6d7eb..bd184ac 100644
+--- a/agent/command.c
++++ b/agent/command.c
+@@ -927,7 +927,6 @@ cmd_genkey (assuan_context_t ctx, char *line)
+ }
+ line = skip_options (line);
+
+- p = line;
+ for (p=line; *p && *p != ' ' && *p != '\t'; p++)
+ ;
+ *p = '\0';
+@@ -2105,7 +2104,6 @@ cmd_import_key (assuan_context_t ctx, char *line)
+ force = has_option (line, "--force");
+ line = skip_options (line);
+
+- p = line;
+ for (p=line; *p && *p != ' ' && *p != '\t'; p++)
+ ;
+ *p = '\0';
diff --git a/debian/patches/0050-agent-More-minor-change.patch b/debian/patches/0050-agent-More-minor-change.patch
new file mode 100644
index 0000000..20ff158
--- /dev/null
+++ b/debian/patches/0050-agent-More-minor-change.patch
@@ -0,0 +1,24 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Mon, 17 Apr 2017 20:03:36 +0900
+Subject: agent: More minor change.
+
+* agent/command.c (cmd_pksign): Remove redundant assignment.
+
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit 9296aed4bd2ad09d23339e658264e557c5312585)
+---
+ agent/command.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/agent/command.c b/agent/command.c
+index bd184ac..df788ef 100644
+--- a/agent/command.c
++++ b/agent/command.c
+@@ -791,7 +791,6 @@ cmd_pksign (assuan_context_t ctx, char *line)
+
+ line = skip_options (line);
+
+- p = line;
+ for (p=line; *p && *p != ' ' && *p != '\t'; p++)
+ ;
+ *p = '\0';
diff --git a/debian/patches/0051-dirmngr-Fix-API-difference-for-Windows.patch b/debian/patches/0051-dirmngr-Fix-API-difference-for-Windows.patch
new file mode 100644
index 0000000..c31ec9d
--- /dev/null
+++ b/debian/patches/0051-dirmngr-Fix-API-difference-for-Windows.patch
@@ -0,0 +1,100 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Tue, 18 Apr 2017 09:03:14 +0900
+Subject: dirmngr: Fix API difference for Windows.
+
+* dirmngr/http.c (read_server, write_server): Use assuan_fd_t.
+(http_wait_response): Use FD2INT to get unsigned integer fd.
+(read_server, write_server): Likewise.
+(simple_cookie_read, simple_cookie_write): Use assuan_fd_t.
+
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit 0d0a7efa8fa0accc1da851917376e2328ef33c96)
+---
+ dirmngr/http.c | 19 ++++++++++---------
+ 1 file changed, 10 insertions(+), 9 deletions(-)
+
+diff --git a/dirmngr/http.c b/dirmngr/http.c
+index 9b70599..e74d051 100644
+--- a/dirmngr/http.c
++++ b/dirmngr/http.c
+@@ -98,6 +98,7 @@
+
+ #include "../common/util.h"
+ #include "../common/i18n.h"
++#include "../common/sysutils.h" /* (gnupg_fd_t) */
+ #include "dns-stuff.h"
+ #include "http.h"
+ #include "http-common.h"
+@@ -159,8 +160,8 @@ static gpg_error_t parse_response (http_t hd);
+ static gpg_error_t connect_server (const char *server, unsigned short port,
+ unsigned int flags, const char *srvtag,
+ assuan_fd_t *r_sock);
+-static gpgrt_ssize_t read_server (int sock, void *buffer, size_t size);
+-static gpg_error_t write_server (int sock, const char *data, size_t length);
++static gpgrt_ssize_t read_server (assuan_fd_t sock, void *buffer, size_t size);
++static gpg_error_t write_server (assuan_fd_t sock, const char *data, size_t length);
+
+ static gpgrt_ssize_t cookie_read (void *cookie, void *buffer, size_t size);
+ static gpgrt_ssize_t cookie_write (void *cookie,
+@@ -1065,7 +1066,7 @@ http_wait_response (http_t hd)
+ is not required but some very old servers (e.g. the original pksd
+ keyserver didn't worked without it. */
+ if ((hd->flags & HTTP_FLAG_SHUTDOWN))
+- shutdown (hd->sock->fd, 1);
++ shutdown (FD2INT (hd->sock->fd), 1);
+ hd->in_data = 0;
+
+ /* Create a new cookie and a stream for reading. */
+@@ -2694,7 +2695,7 @@ connect_server (const char *server, unsigned short port,
+ /* Helper to read from a socket. This handles npth things and
+ * EINTR. */
+ static gpgrt_ssize_t
+-read_server (int sock, void *buffer, size_t size)
++read_server (assuan_fd_t sock, void *buffer, size_t size)
+ {
+ int nread;
+
+@@ -2705,7 +2706,7 @@ read_server (int sock, void *buffer, size_t size)
+ # if defined(USE_NPTH)
+ npth_unprotect ();
+ # endif
+- nread = recv (sock, buffer, size, 0);
++ nread = recv (FD2INT (sock), buffer, size, 0);
+ # if defined(USE_NPTH)
+ npth_protect ();
+ # endif
+@@ -2727,7 +2728,7 @@ read_server (int sock, void *buffer, size_t size)
+
+
+ static gpg_error_t
+-write_server (int sock, const char *data, size_t length)
++write_server (assuan_fd_t sock, const char *data, size_t length)
+ {
+ int nleft;
+ int nwritten;
+@@ -2739,7 +2740,7 @@ write_server (int sock, const char *data, size_t length)
+ # if defined(USE_NPTH)
+ npth_unprotect ();
+ # endif
+- nwritten = send (sock, data, nleft, 0);
++ nwritten = send (FD2INT (sock), data, nleft, 0);
+ # if defined(USE_NPTH)
+ npth_protect ();
+ # endif
+@@ -2927,14 +2928,14 @@ cookie_write (void *cookie, const void *buffer_arg, size_t size)
+ static gpgrt_ssize_t
+ simple_cookie_read (void *cookie, void *buffer, size_t size)
+ {
+- int sock = (int)(uintptr_t)cookie;
++ assuan_fd_t sock = (assuan_fd_t)cookie;
+ return read_server (sock, buffer, size);
+ }
+
+ static gpgrt_ssize_t
+ simple_cookie_write (void *cookie, const void *buffer_arg, size_t size)
+ {
+- int sock = (int)(uintptr_t)cookie;
++ assuan_fd_t sock = (assuan_fd_t)cookie;
+ const char *buffer = buffer_arg;
+ int nwritten;
+
diff --git a/debian/patches/0052-dirmngr-Fix-final-close-of-LISTEN_FD.patch b/debian/patches/0052-dirmngr-Fix-final-close-of-LISTEN_FD.patch
new file mode 100644
index 0000000..746370a
--- /dev/null
+++ b/debian/patches/0052-dirmngr-Fix-final-close-of-LISTEN_FD.patch
@@ -0,0 +1,50 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Tue, 18 Apr 2017 09:04:11 +0900
+Subject: dirmngr: Fix final close of LISTEN_FD.
+
+* dirmngr/dirmngr.c (handle_connections): Close LISTEN_FD.
+
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit 4b2581dc0ea1d03e70023bb0748aa0c21c0a2173)
+---
+ dirmngr/dirmngr.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
+index 4b01cb4..e30c16c 100644
+--- a/dirmngr/dirmngr.c
++++ b/dirmngr/dirmngr.c
+@@ -1946,7 +1946,6 @@ handle_connections (assuan_fd_t listen_fd)
+ #endif
+ struct sockaddr_un paddr;
+ socklen_t plen = sizeof( paddr );
+- gnupg_fd_t fd;
+ int nfd, ret;
+ fd_set fdset, read_fdset;
+ int saved_errno;
+@@ -2071,6 +2070,8 @@ handle_connections (assuan_fd_t listen_fd)
+
+ if (FD_ISSET (FD2INT (listen_fd), &read_fdset))
+ {
++ gnupg_fd_t fd;
++
+ plen = sizeof paddr;
+ fd = INT2FD (npth_accept (FD2INT(listen_fd),
+ (struct sockaddr *)&paddr, &plen));
+@@ -2099,7 +2100,6 @@ handle_connections (assuan_fd_t listen_fd)
+ }
+ npth_setname_np (thread, threadname);
+ }
+- fd = GNUPG_INVALID_FD;
+ }
+ }
+
+@@ -2109,7 +2109,7 @@ handle_connections (assuan_fd_t listen_fd)
+ #endif /*HAVE_INOTIFY_INIT*/
+ npth_attr_destroy (&tattr);
+ if (listen_fd != GNUPG_INVALID_FD)
+- assuan_sock_close (fd);
++ assuan_sock_close (listen_fd);
+ cleanup ();
+ log_info ("%s %s stopped\n", strusage(11), strusage(13));
+ }
diff --git a/debian/patches/0053-g10-invalidate-the-fd-cache-for-keyring.patch b/debian/patches/0053-g10-invalidate-the-fd-cache-for-keyring.patch
new file mode 100644
index 0000000..8effa5a
--- /dev/null
+++ b/debian/patches/0053-g10-invalidate-the-fd-cache-for-keyring.patch
@@ -0,0 +1,41 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Tue, 25 Apr 2017 07:48:51 +0900
+Subject: g10: invalidate the fd cache for keyring.
+
+* g10/keyring.c (keyring_search_reset): Don't keep the FD cache.
+
+--
+
+GnuPG-bug-id: 3096
+Fixes-commit: 5556eca5acd46983bff0b38a1ffbc2f07fbaba9f
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit 116cfd60779fbb3540da629db54dc2e148f4a3a2)
+---
+ g10/keyring.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/g10/keyring.c b/g10/keyring.c
+index 51b7687..e223f0f 100644
+--- a/g10/keyring.c
++++ b/g10/keyring.c
+@@ -663,7 +663,6 @@ keyring_search_reset (KEYRING_HANDLE hd)
+ {
+ log_assert (hd);
+
+- hd->current.kr = NULL;
+ iobuf_close (hd->current.iobuf);
+ hd->current.iobuf = NULL;
+ hd->current.eof = 0;
+@@ -671,6 +670,12 @@ keyring_search_reset (KEYRING_HANDLE hd)
+
+ hd->found.kr = NULL;
+ hd->found.offset = 0;
++
++ if (hd->current.kr)
++ iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0,
++ (char*)hd->current.kr->fname);
++ hd->current.kr = NULL;
++
+ return 0;
+ }
+
diff --git a/debian/patches/0054-dirmngr-Fix-aliasing-problem-in-dns.c.patch b/debian/patches/0054-dirmngr-Fix-aliasing-problem-in-dns.c.patch
new file mode 100644
index 0000000..07c2b54
--- /dev/null
+++ b/debian/patches/0054-dirmngr-Fix-aliasing-problem-in-dns.c.patch
@@ -0,0 +1,89 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Tue, 25 Apr 2017 21:00:41 +0900
+Subject: dirmngr: Fix aliasing problem in dns.c.
+
+* dirmngr/dns.c (dns_ai_setent): Care about aliasing.
+
+--
+
+Co-authored-by: Tomas Mraz
+GnuPG-bug-id: 3105
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit 247932f367f856e7ce91528e14f0aaf838150857)
+---
+ dirmngr/dns.c | 34 ++++++++++++++++++----------------
+ 1 file changed, 18 insertions(+), 16 deletions(-)
+
+diff --git a/dirmngr/dns.c b/dirmngr/dns.c
+index ebfd4c3..866f69d 100644
+--- a/dirmngr/dns.c
++++ b/dirmngr/dns.c
+@@ -9440,29 +9440,31 @@ void dns_ai_close(struct dns_addrinfo *ai) {
+
+
+ static int dns_ai_setent(struct addrinfo **ent, union dns_any *any, enum dns_type type, struct dns_addrinfo *ai) {
+- struct sockaddr *saddr;
+- struct sockaddr_in sin;
+- struct sockaddr_in6 sin6;
++ union u {
++ struct sockaddr_in sin;
++ struct sockaddr_in6 sin6;
++ struct sockaddr_storage ss;
++ } addr;
+ const char *cname;
+ size_t clen;
+
+ switch (type) {
+ case DNS_T_A:
+- saddr = memset(&sin, '\0', sizeof sin);
++ memset(&addr.sin, '\0', sizeof addr.sin);
+
+- sin.sin_family = AF_INET;
+- sin.sin_port = htons(ai->port);
++ addr.sin.sin_family = AF_INET;
++ addr.sin.sin_port = htons(ai->port);
+
+- memcpy(&sin.sin_addr, any, sizeof sin.sin_addr);
++ memcpy(&addr.sin.sin_addr, any, sizeof addr.sin.sin_addr);
+
+ break;
+ case DNS_T_AAAA:
+- saddr = memset(&sin6, '\0', sizeof sin6);
++ memset(&addr.sin6, '\0', sizeof addr.sin6);
+
+- sin6.sin6_family = AF_INET6;
+- sin6.sin6_port = htons(ai->port);
++ addr.sin6.sin6_family = AF_INET6;
++ addr.sin6.sin6_port = htons(ai->port);
+
+- memcpy(&sin6.sin6_addr, any, sizeof sin6.sin6_addr);
++ memcpy(&addr.sin6.sin6_addr, any, sizeof addr.sin6.sin6_addr);
+
+ break;
+ default:
+@@ -9477,20 +9479,20 @@ static int dns_ai_setent(struct addrinfo **ent, union dns_any *any, enum dns_typ
+ clen = 0;
+ }
+
+- if (!(*ent = malloc(sizeof **ent + dns_sa_len(saddr) + ((ai->hints.ai_flags & AI_CANONNAME)? clen + 1 : 0))))
++ if (!(*ent = malloc(sizeof **ent + dns_sa_len(&addr) + ((ai->hints.ai_flags & AI_CANONNAME)? clen + 1 : 0))))
+ return dns_syerr();
+
+ memset(*ent, '\0', sizeof **ent);
+
+- (*ent)->ai_family = saddr->sa_family;
++ (*ent)->ai_family = addr.ss.ss_family;
+ (*ent)->ai_socktype = ai->hints.ai_socktype;
+ (*ent)->ai_protocol = ai->hints.ai_protocol;
+
+- (*ent)->ai_addr = memcpy((unsigned char *)*ent + sizeof **ent, saddr, dns_sa_len(saddr));
+- (*ent)->ai_addrlen = dns_sa_len(saddr);
++ (*ent)->ai_addr = memcpy((unsigned char *)*ent + sizeof **ent, &addr, dns_sa_len(&addr));
++ (*ent)->ai_addrlen = dns_sa_len(&addr);
+
+ if (ai->hints.ai_flags & AI_CANONNAME)
+- (*ent)->ai_canonname = memcpy((unsigned char *)*ent + sizeof **ent + dns_sa_len(saddr), cname, clen + 1);
++ (*ent)->ai_canonname = memcpy((unsigned char *)*ent + sizeof **ent + dns_sa_len(&addr), cname, clen + 1);
+
+ ai->found++;
+
diff --git a/debian/patches/series b/debian/patches/series
index 4015799..5b4e16c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -28,3 +28,27 @@ skel-file-removal/0012-g10-remove-skeleton-options-files.patch
0028-gpgscm-Remove-arbitrary-limit-on-number-of-cell-segm.patch
0029-gpgscm-Make-global-data-constant-when-possible.patch
0030-gpgscm-Allocate-small-integers-in-the-rodata-section.patch
+0031-agent-Use-ll-length-specifier-when-time_t-is-larger.patch
+0032-g10-Minor-clean-up-for-export.c.patch
+0033-dirmngr-Fix-dns-stuff.c-in-another-way.patch
+0034-scd-Handle-unexpected-suspend-resume-by-CCID-driver.patch
+0035-common-Simplify-format_text.patch
+0036-dirmngr-Fix-possible-null-reference.patch
+0037-tools-Fix-condition-for-gpg-connect-agent.patch
+0038-dirmngr-Fix-type-of-sock.patch
+0039-common-g10-Fix-enumeration-types.patch
+0040-dirmngr-Fix-thread-key-type.patch
+0041-dirmngr-Fix-alignment-of-ADDR.patch
+0042-dirmngr-Fix-http.c-for-sockaddr_storage.patch
+0043-dirmngr-More-fix-for-Windows.patch
+0044-agent-Clean-up-error-initialize-return.patch
+0045-g10-Fix-import-export-filter-property-match.patch
+0046-g10-Minor-fixes.patch
+0047-g10-Fix-parse_ring_trust.patch
+0048-tests-Minor-memory-fix.patch
+0049-agent-Minor-cleanup.patch
+0050-agent-More-minor-change.patch
+0051-dirmngr-Fix-API-difference-for-Windows.patch
+0052-dirmngr-Fix-final-close-of-LISTEN_FD.patch
+0053-g10-invalidate-the-fd-cache-for-keyring.patch
+0054-dirmngr-Fix-aliasing-problem-in-dns.c.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list