Quantcast

UPDATE: gnupg-2.1.19

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
28 messages Options
12
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

UPDATE: gnupg-2.1.19

Edd Barrett-3
Hi,

(I've CC'd other developers I know to use gpg.)

Here's an update to the latest gnupg2. The new patches fix some memory
errors. I got these from the upstream git repo. I've been using this for
a week with no issue.

OK?

P.S.

I notice that gpg version 1 is no longer listed on the download page
upstream, suggesting that it may be (finally) deprecated. I've asked for
clarification as part of this bug:
https://bugs.gnupg.org/gnupg/issue3021

If it really is deprecated, we should consider trying to kill it in
favour of gnupg2.

Thanks!


Index: Makefile
===================================================================
RCS file: /home/edd/cvsync/ports/security/gnupg2/Makefile,v
retrieving revision 1.47
diff -u -p -r1.47 Makefile
--- Makefile 18 Nov 2016 11:30:53 -0000 1.47
+++ Makefile 27 Mar 2017 14:56:02 -0000
@@ -2,8 +2,7 @@
 
 COMMENT = GNU privacy guard - a free PGP replacement
 
-DISTNAME = gnupg-2.1.15
-REVISION = 2
+DISTNAME = gnupg-2.1.19
 CATEGORIES = security
 
 MASTER_SITES = ${MASTER_SITE_GNUPG:=gnupg/}
@@ -43,8 +42,6 @@ CONFIGURE_ARGS += --disable-ldap
 
 RUN_DEPENDS = security/pinentry
 
-# gpg-agent must be installed to run the regress tests
-# Make sure you dont have gpg aliased (e.g. to gpg2) when running tests.
 TEST_DEPENDS = ${FULLPKGNAME}:${BUILD_PKGPATH}
 PORTHOME=${WRKDIR}
 
Index: distinfo
===================================================================
RCS file: /home/edd/cvsync/ports/security/gnupg2/distinfo,v
retrieving revision 1.19
diff -u -p -r1.19 distinfo
--- distinfo 19 Sep 2016 17:09:37 -0000 1.19
+++ distinfo 19 Mar 2017 15:59:24 -0000
@@ -1,2 +1,2 @@
-SHA256 (gnupg-2.1.15.tar.bz2) = wowaII8bitY722uI0lL2c0/00z3mtU44SUsR1J4A/90=
-SIZE (gnupg-2.1.15.tar.bz2) = 5723689
+SHA256 (gnupg-2.1.19.tar.bz2) = RsztH1ZBzinMKCUPUvrfbkF+ZJs7/exJpaDQsipjm/A=
+SIZE (gnupg-2.1.19.tar.bz2) = 6404836
Index: patches/patch-agent_gpg-agent_c
===================================================================
RCS file: patches/patch-agent_gpg-agent_c
diff -N patches/patch-agent_gpg-agent_c
--- patches/patch-agent_gpg-agent_c 18 Nov 2016 11:30:53 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,97 +0,0 @@
-$OpenBSD: patch-agent_gpg-agent_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $
-
-From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <[hidden email]>
-Date: Tue, 4 Oct 2016 09:01:13 +0900
-Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork.
-
-From fc0b392e766af8127094e8b529d25abb84ad1d65 Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <[hidden email]>
-Date: Fri, 7 Oct 2016 10:45:22 +0900
-Subject: [PATCH] agent, dirmngr, scd: Fix init_common_subsystems.
-
---- agent/gpg-agent.c.orig Fri Nov 18 12:26:38 2016
-+++ agent/gpg-agent.c Fri Nov 18 12:26:33 2016
-@@ -715,7 +715,31 @@ finalize_rereadable_options (void)
- }
-
-
-+static void
-+thread_init_once (void)
-+{
-+  static int npth_initialized = 0;
-
-+  if (!npth_initialized)
-+    {
-+      npth_initialized++;
-+      npth_init ();
-+    }
-+  gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
-+}
-+
-+static void
-+initialize_modules (void)
-+{
-+  thread_init_once ();
-+  assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH);
-+  initialize_module_cache ();
-+  initialize_module_call_pinentry ();
-+  initialize_module_call_scd ();
-+  initialize_module_trustlist ();
-+}
-+
-+
- /* The main entry point.  */
- int
- main (int argc, char **argv )
-@@ -762,14 +786,11 @@ main (int argc, char **argv )
-   i18n_init ();
-   init_common_subsystems (&argc, &argv);
-
--  npth_init ();
--
-   malloc_hooks.malloc = gcry_malloc;
-   malloc_hooks.realloc = gcry_realloc;
-   malloc_hooks.free = gcry_free;
-   assuan_set_malloc_hooks (&malloc_hooks);
-   assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
--  assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH);
-   assuan_sock_init ();
-   setup_libassuan_logging (&opt.debug);
-
-@@ -1051,16 +1072,12 @@ main (int argc, char **argv )
-       exit (1);
-     }
-
--  initialize_module_cache ();
--  initialize_module_call_pinentry ();
--  initialize_module_call_scd ();
--  initialize_module_trustlist ();
--
-   /* Try to create missing directories. */
-   create_directories ();
-
-   if (debug_wait && pipe_server)
-     {
-+      thread_init_once ();
-       log_debug ("waiting for debugger - my pid is %u .....\n",
-                  (unsigned int)getpid());
-       gnupg_sleep (debug_wait);
-@@ -1167,6 +1184,8 @@ main (int argc, char **argv )
-       /* This is the simple pipe based server */
-       ctrl_t ctrl;
-
-+      initialize_modules ();
-+
-       ctrl = xtrycalloc (1, sizeof *ctrl);
-       if (!ctrl)
-         {
-@@ -1369,6 +1388,8 @@ main (int argc, char **argv )
-       /*
-          This is the child
-        */
-+
-+      initialize_modules ();
-
-       /* Detach from tty and put process into a new session */
-       if (!nodetach )
Index: patches/patch-common_init_c
===================================================================
RCS file: patches/patch-common_init_c
diff -N patches/patch-common_init_c
--- patches/patch-common_init_c 18 Nov 2016 11:30:53 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,40 +0,0 @@
-$OpenBSD: patch-common_init_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $
-
-From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <[hidden email]>
-Date: Tue, 4 Oct 2016 09:01:13 +0900
-Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork.
-
---- common/init.c.orig Thu Aug 18 17:00:16 2016
-+++ common/init.c Fri Nov 18 12:26:33 2016
-@@ -29,20 +29,12 @@
-
- #include <config.h>
-
--#ifdef WITHOUT_NPTH /* Give the Makefile a chance to build without Pth.  */
--#undef HAVE_NPTH
--#undef USE_NPTH
--#endif
--
- #ifdef HAVE_W32_SYSTEM
- # ifdef HAVE_WINSOCK2_H
- #  include <winsock2.h>
- # endif
- # include <windows.h>
- #endif
--#ifdef HAVE_NPTH
--# include <npth.h>
--#endif
- #ifdef HAVE_W32CE_SYSTEM
- # include <assuan.h> /* For _assuan_w32ce_finish_pipe. */
- #endif
-@@ -197,9 +189,6 @@ _init_common_subsystems (gpg_err_source_t errsource, i
-   /* Initialize the Estream library. */
-   gpgrt_init ();
-   gpgrt_set_alloc_func (gcry_realloc);
--#ifdef USE_NPTH
--  gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
--#endif
-
-   /* Special hack for Windows CE: We extract some options from arg
-      to setup the standard handles.  */
Index: patches/patch-dirmngr_dirmngr_c
===================================================================
RCS file: patches/patch-dirmngr_dirmngr_c
diff -N patches/patch-dirmngr_dirmngr_c
--- patches/patch-dirmngr_dirmngr_c 18 Nov 2016 11:30:53 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,95 +0,0 @@
-$OpenBSD: patch-dirmngr_dirmngr_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $
-
-From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <[hidden email]>
-Date: Tue, 4 Oct 2016 09:01:13 +0900
-Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork.
-
-From fc0b392e766af8127094e8b529d25abb84ad1d65 Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <[hidden email]>
-Date: Fri, 7 Oct 2016 10:45:22 +0900
-Subject: [PATCH] agent, dirmngr, scd: Fix init_common_subsystems.
-
---- dirmngr/dirmngr.c.orig Fri Nov 18 12:26:43 2016
-+++ dirmngr/dirmngr.c Fri Nov 18 12:26:33 2016
-@@ -636,6 +636,23 @@ pid_suffix_callback (unsigned long *r_suffix)
- #endif /*!HAVE_W32_SYSTEM*/
-
-
-+static void
-+thread_init (void)
-+{
-+  npth_init ();
-+  gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
-+
-+  /* Now with NPth running we can set the logging callback.  Our
-+     windows implementation does not yet feature the NPth TLS
-+     functions.  */
-+#ifndef HAVE_W32_SYSTEM
-+  if (npth_key_create (&my_tlskey_current_fd, NULL) == 0)
-+    if (npth_setspecific (my_tlskey_current_fd, NULL) == 0)
-+      log_set_pid_suffix_cb (pid_suffix_callback);
-+#endif /*!HAVE_W32_SYSTEM*/
-+}
-+
-+
- int
- main (int argc, char **argv)
- {
-@@ -669,8 +686,6 @@ main (int argc, char **argv)
-   i18n_init ();
-   init_common_subsystems (&argc, &argv);
-
--  npth_init ();
--
-   gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
-
-  /* Check that the libraries are suitable.  Do it here because
-@@ -711,15 +726,6 @@ main (int argc, char **argv)
-   if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") )
-     csh_style = 1;
-
--    /* Now with NPth running we can set the logging callback.  Our
--     windows implementation does not yet feature the NPth TLS
--     functions.  */
--#ifndef HAVE_W32_SYSTEM
--  if (npth_key_create (&my_tlskey_current_fd, NULL) == 0)
--    if (npth_setspecific (my_tlskey_current_fd, NULL) == 0)
--      log_set_pid_suffix_cb (pid_suffix_callback);
--#endif /*!HAVE_W32_SYSTEM*/
--
-   /* Reset rereadable options to default values. */
-   parse_rereadable_options (NULL, 0);
-
-@@ -970,6 +976,7 @@ main (int argc, char **argv)
-       ldap_wrapper_launch_thread ();
- #endif /*USE_LDAP*/
-
-+      thread_init ();
-       cert_cache_init ();
-       crl_cache_init ();
-       start_command_handler (ASSUAN_INVALID_FD);
-@@ -1168,6 +1175,7 @@ main (int argc, char **argv)
-       ldap_wrapper_launch_thread ();
- #endif /*USE_LDAP*/
-
-+      thread_init ();
-       cert_cache_init ();
-       crl_cache_init ();
-       handle_connections (fd);
-@@ -1195,6 +1203,7 @@ main (int argc, char **argv)
- #if USE_LDAP
-       ldap_wrapper_launch_thread ();
- #endif /*USE_LDAP*/
-+      thread_init ();
-       cert_cache_init ();
-       crl_cache_init ();
-       if (!argc)
-@@ -1220,6 +1229,7 @@ main (int argc, char **argv)
- #if USE_LDAP
-       ldap_wrapper_launch_thread ();
- #endif /*USE_LDAP*/
-+      thread_init ();
-       cert_cache_init ();
-       crl_cache_init ();
-       rc = crl_fetch (&ctrlbuf, argv[0], &reader);
Index: patches/patch-g10_getkey_c
===================================================================
RCS file: patches/patch-g10_getkey_c
diff -N patches/patch-g10_getkey_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-g10_getkey_c 19 Mar 2017 17:23:54 -0000
@@ -0,0 +1,41 @@
+$OpenBSD$
+
+gpg: Fix attempt to double free an UID structure.
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blobdiff;f=g10/getkey.c;h=be7367faf685e99b6c0f7c92b569d89180f4e2df;hp=163ab801400411fd91b3b2f63bb27ce8a88a8010;hb=4a130bbc2c2f4be6e8c6357512a943f435ade28f;hpb=e6ca015ae182a6dbb0466441efc17c99683e9375
+
+--- g10/getkey.c.orig Wed Mar  1 13:04:33 2017
++++ g10/getkey.c Sun Mar 19 17:21:06 2017
+@@ -1592,8 +1592,10 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retct
+   if (is_valid_mailbox (name) && ctx)
+     {
+       /* Rank results and return only the most relevant key.  */
+-      struct pubkey_cmp_cookie best = { 0 }, new;
+-      KBNODE new_keyblock;
++      struct pubkey_cmp_cookie best = { 0 };
++      struct pubkey_cmp_cookie new;
++      kbnode_t new_keyblock;
++
+       while (getkey_next (ctx, &new.key, &new_keyblock) == 0)
+         {
+           int diff = pubkey_cmp (ctrl, name, &best, &new, new_keyblock);
+@@ -1610,17 +1612,20 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retct
+               /* Old key is better.  */
+               release_public_key_parts (&new.key);
+               free_user_id (new.uid);
++              new.uid = NULL;
+             }
+           else
+             {
+               /* A tie.  Keep the old key.  */
+               release_public_key_parts (&new.key);
+               free_user_id (new.uid);
++              new.uid = NULL;
+             }
+         }
+       getkey_end (ctx);
+       ctx = NULL;
+       free_user_id (best.uid);
++      best.uid = NULL;
+
+       if (best.valid)
+         {
Index: patches/patch-g10_import_c
===================================================================
RCS file: patches/patch-g10_import_c
diff -N patches/patch-g10_import_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-g10_import_c 19 Mar 2017 17:21:09 -0000
@@ -0,0 +1,43 @@
+$OpenBSD$
+
+Fix possible segv when attribute packets are filtered.
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=5f6f3f5cae8a95ed469129f9677782c17951dab3
+
+--- g10/import.c.orig Wed Mar  1 13:04:33 2017
++++ g10/import.c Sun Mar 19 17:17:38 2017
+@@ -1173,7 +1173,8 @@ impex_filter_getval (void *cookie, const char *propnam
+   static char numbuf[20];
+   const char *result;
+
+-  if (node->pkt->pkttype == PKT_USER_ID)
++  if (node->pkt->pkttype == PKT_USER_ID
++      || node->pkt->pkttype == PKT_ATTRIBUTE)
+     {
+       if (!strcmp (propname, "uid"))
+         result = node->pkt->pkt.user_id->name;
+@@ -1191,8 +1192,7 @@ impex_filter_getval (void *cookie, const char *propnam
+       else
+         result = NULL;
+     }
+-  else if (node->pkt->pkttype == PKT_SIGNATURE
+-           || node->pkt->pkttype == PKT_ATTRIBUTE)
++  else if (node->pkt->pkttype == PKT_SIGNATURE)
+     {
+       PKT_signature *sig = node->pkt->pkt.signature;
+
+@@ -1313,12 +1313,12 @@ apply_drop_sig_filter (kbnode_t keyblock, recsel_expr_
+       if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+           || node->pkt->pkttype == PKT_SECRET_SUBKEY)
+         break; /* ready.  */
+-      if (node->pkt->pkttype == PKT_USER_ID)
++      if (node->pkt->pkttype == PKT_USER_ID
++          || node->pkt->pkttype == PKT_ATTRIBUTE)
+         active = 1;
+       if (!active)
+         continue;
+-      if (node->pkt->pkttype != PKT_SIGNATURE
+-          && node->pkt->pkttype != PKT_ATTRIBUTE)
++      if (node->pkt->pkttype != PKT_SIGNATURE)
+         continue;
+
+       sig = node->pkt->pkt.signature;
Index: patches/patch-scd_scdaemon_c
===================================================================
RCS file: patches/patch-scd_scdaemon_c
diff -N patches/patch-scd_scdaemon_c
--- patches/patch-scd_scdaemon_c 18 Nov 2016 11:30:53 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,43 +0,0 @@
-$OpenBSD: patch-scd_scdaemon_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $
-
-From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <[hidden email]>
-Date: Tue, 4 Oct 2016 09:01:13 +0900
-Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork.
-
-From fc0b392e766af8127094e8b529d25abb84ad1d65 Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <[hidden email]>
-Date: Fri, 7 Oct 2016 10:45:22 +0900
-Subject: [PATCH] agent, dirmngr, scd: Fix init_common_subsystems.
-
---- scd/scdaemon.c.orig Fri Nov 18 12:26:40 2016
-+++ scd/scdaemon.c Fri Nov 18 12:26:33 2016
-@@ -422,8 +422,6 @@ main (int argc, char **argv )
-   i18n_init ();
-   init_common_subsystems (&argc, &argv);
-
--  npth_init ();
--
-   ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free);
-
-   malloc_hooks.malloc = gcry_malloc;
-@@ -724,6 +722,9 @@ main (int argc, char **argv )
-       }
- #endif
-
-+      npth_init ();
-+      gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
-+
-       /* If --debug-allow-core-dump has been given we also need to
-          switch the working directory to a place where we can actually
-          write. */
-@@ -860,6 +861,9 @@ main (int argc, char **argv )
-         } /* end parent */
-
-       /* This is the child. */
-+
-+      npth_init ();
-+      gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
-
-       /* Detach from tty and put process into a new session. */
-       if (!nodetach )
Index: pkg/PLIST
===================================================================
RCS file: /home/edd/cvsync/ports/security/gnupg2/pkg/PLIST,v
retrieving revision 1.15
diff -u -p -r1.15 PLIST
--- pkg/PLIST 19 Sep 2016 17:09:37 -0000 1.15
+++ pkg/PLIST 27 Mar 2017 14:51:34 -0000
@@ -19,6 +19,7 @@
 @bin libexec/gpg-check-pattern
 @bin libexec/gpg-preset-passphrase
 @bin libexec/gpg-protect-tool
+@bin libexec/gpg-wks-client
 @bin libexec/scdaemon
 @man man/man1/dirmngr-client.1
 @man man/man1/gpg-agent.1
@@ -52,6 +53,15 @@ share/doc/gnupg2/examples/README
 share/doc/gnupg2/examples/gpgconf.conf
 share/doc/gnupg2/examples/pwpattern.list
 share/doc/gnupg2/examples/scd-event
+share/doc/gnupg2/examples/systemd-user/
+share/doc/gnupg2/examples/systemd-user/README
+share/doc/gnupg2/examples/systemd-user/dirmngr.service
+share/doc/gnupg2/examples/systemd-user/dirmngr.socket
+share/doc/gnupg2/examples/systemd-user/gpg-agent-browser.socket
+share/doc/gnupg2/examples/systemd-user/gpg-agent-extra.socket
+share/doc/gnupg2/examples/systemd-user/gpg-agent-ssh.socket
+share/doc/gnupg2/examples/systemd-user/gpg-agent.service
+share/doc/gnupg2/examples/systemd-user/gpg-agent.socket
 share/doc/gnupg2/examples/trustlist.txt
 share/doc/pkg-readmes/${FULLPKGNAME}
 share/gnupg/

--
Best Regards
Edd Barrett

http://www.theunixzoo.co.uk

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: UPDATE: gnupg-2.1.19

Jérémie Courrèges-Anglas-4
Edd Barrett <[hidden email]> writes:

> Hi,
>
> (I've CC'd other developers I know to use gpg.)
>
> Here's an update to the latest gnupg2. The new patches fix some memory
> errors. I got these from the upstream git repo. I've been using this for
> a week with no issue.
>
> OK?

I didn't look at the details, but the additional files in PLIST seem
largely irrelevant on OpenBSD.  Maybe they should be removed?

> P.S.
>
> I notice that gpg version 1 is no longer listed on the download page
> upstream, suggesting that it may be (finally) deprecated. I've asked for
> clarification as part of this bug:
> https://bugs.gnupg.org/gnupg/issue3021
>
> If it really is deprecated, we should consider trying to kill it in
> favour of gnupg2.

I'd prefer to postpone such a decision to after 6.1.

> Thanks!
>
>
> Index: Makefile
> ===================================================================
> RCS file: /home/edd/cvsync/ports/security/gnupg2/Makefile,v
> retrieving revision 1.47
> diff -u -p -r1.47 Makefile
> --- Makefile 18 Nov 2016 11:30:53 -0000 1.47
> +++ Makefile 27 Mar 2017 14:56:02 -0000
> @@ -2,8 +2,7 @@
>  
>  COMMENT = GNU privacy guard - a free PGP replacement
>  
> -DISTNAME = gnupg-2.1.15
> -REVISION = 2
> +DISTNAME = gnupg-2.1.19
>  CATEGORIES = security
>  
>  MASTER_SITES = ${MASTER_SITE_GNUPG:=gnupg/}
> @@ -43,8 +42,6 @@ CONFIGURE_ARGS += --disable-ldap
>  
>  RUN_DEPENDS = security/pinentry
>  
> -# gpg-agent must be installed to run the regress tests
> -# Make sure you dont have gpg aliased (e.g. to gpg2) when running tests.
>  TEST_DEPENDS = ${FULLPKGNAME}:${BUILD_PKGPATH}
>  PORTHOME=${WRKDIR}
>  
> Index: distinfo
> ===================================================================
> RCS file: /home/edd/cvsync/ports/security/gnupg2/distinfo,v
> retrieving revision 1.19
> diff -u -p -r1.19 distinfo
> --- distinfo 19 Sep 2016 17:09:37 -0000 1.19
> +++ distinfo 19 Mar 2017 15:59:24 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (gnupg-2.1.15.tar.bz2) = wowaII8bitY722uI0lL2c0/00z3mtU44SUsR1J4A/90=
> -SIZE (gnupg-2.1.15.tar.bz2) = 5723689
> +SHA256 (gnupg-2.1.19.tar.bz2) = RsztH1ZBzinMKCUPUvrfbkF+ZJs7/exJpaDQsipjm/A=
> +SIZE (gnupg-2.1.19.tar.bz2) = 6404836
> Index: patches/patch-agent_gpg-agent_c
> ===================================================================
> RCS file: patches/patch-agent_gpg-agent_c
> diff -N patches/patch-agent_gpg-agent_c
> --- patches/patch-agent_gpg-agent_c 18 Nov 2016 11:30:53 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,97 +0,0 @@
> -$OpenBSD: patch-agent_gpg-agent_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $
> -
> -From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001
> -From: NIIBE Yutaka <[hidden email]>
> -Date: Tue, 4 Oct 2016 09:01:13 +0900
> -Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork.
> -
> -From fc0b392e766af8127094e8b529d25abb84ad1d65 Mon Sep 17 00:00:00 2001
> -From: NIIBE Yutaka <[hidden email]>
> -Date: Fri, 7 Oct 2016 10:45:22 +0900
> -Subject: [PATCH] agent, dirmngr, scd: Fix init_common_subsystems.
> -
> ---- agent/gpg-agent.c.orig Fri Nov 18 12:26:38 2016
> -+++ agent/gpg-agent.c Fri Nov 18 12:26:33 2016
> -@@ -715,7 +715,31 @@ finalize_rereadable_options (void)
> - }
> -
> -
> -+static void
> -+thread_init_once (void)
> -+{
> -+  static int npth_initialized = 0;
> -
> -+  if (!npth_initialized)
> -+    {
> -+      npth_initialized++;
> -+      npth_init ();
> -+    }
> -+  gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
> -+}
> -+
> -+static void
> -+initialize_modules (void)
> -+{
> -+  thread_init_once ();
> -+  assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH);
> -+  initialize_module_cache ();
> -+  initialize_module_call_pinentry ();
> -+  initialize_module_call_scd ();
> -+  initialize_module_trustlist ();
> -+}
> -+
> -+
> - /* The main entry point.  */
> - int
> - main (int argc, char **argv )
> -@@ -762,14 +786,11 @@ main (int argc, char **argv )
> -   i18n_init ();
> -   init_common_subsystems (&argc, &argv);
> -
> --  npth_init ();
> --
> -   malloc_hooks.malloc = gcry_malloc;
> -   malloc_hooks.realloc = gcry_realloc;
> -   malloc_hooks.free = gcry_free;
> -   assuan_set_malloc_hooks (&malloc_hooks);
> -   assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
> --  assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH);
> -   assuan_sock_init ();
> -   setup_libassuan_logging (&opt.debug);
> -
> -@@ -1051,16 +1072,12 @@ main (int argc, char **argv )
> -       exit (1);
> -     }
> -
> --  initialize_module_cache ();
> --  initialize_module_call_pinentry ();
> --  initialize_module_call_scd ();
> --  initialize_module_trustlist ();
> --
> -   /* Try to create missing directories. */
> -   create_directories ();
> -
> -   if (debug_wait && pipe_server)
> -     {
> -+      thread_init_once ();
> -       log_debug ("waiting for debugger - my pid is %u .....\n",
> -                  (unsigned int)getpid());
> -       gnupg_sleep (debug_wait);
> -@@ -1167,6 +1184,8 @@ main (int argc, char **argv )
> -       /* This is the simple pipe based server */
> -       ctrl_t ctrl;
> -
> -+      initialize_modules ();
> -+
> -       ctrl = xtrycalloc (1, sizeof *ctrl);
> -       if (!ctrl)
> -         {
> -@@ -1369,6 +1388,8 @@ main (int argc, char **argv )
> -       /*
> -          This is the child
> -        */
> -+
> -+      initialize_modules ();
> -
> -       /* Detach from tty and put process into a new session */
> -       if (!nodetach )
> Index: patches/patch-common_init_c
> ===================================================================
> RCS file: patches/patch-common_init_c
> diff -N patches/patch-common_init_c
> --- patches/patch-common_init_c 18 Nov 2016 11:30:53 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,40 +0,0 @@
> -$OpenBSD: patch-common_init_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $
> -
> -From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001
> -From: NIIBE Yutaka <[hidden email]>
> -Date: Tue, 4 Oct 2016 09:01:13 +0900
> -Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork.
> -
> ---- common/init.c.orig Thu Aug 18 17:00:16 2016
> -+++ common/init.c Fri Nov 18 12:26:33 2016
> -@@ -29,20 +29,12 @@
> -
> - #include <config.h>
> -
> --#ifdef WITHOUT_NPTH /* Give the Makefile a chance to build without Pth.  */
> --#undef HAVE_NPTH
> --#undef USE_NPTH
> --#endif
> --
> - #ifdef HAVE_W32_SYSTEM
> - # ifdef HAVE_WINSOCK2_H
> - #  include <winsock2.h>
> - # endif
> - # include <windows.h>
> - #endif
> --#ifdef HAVE_NPTH
> --# include <npth.h>
> --#endif
> - #ifdef HAVE_W32CE_SYSTEM
> - # include <assuan.h> /* For _assuan_w32ce_finish_pipe. */
> - #endif
> -@@ -197,9 +189,6 @@ _init_common_subsystems (gpg_err_source_t errsource, i
> -   /* Initialize the Estream library. */
> -   gpgrt_init ();
> -   gpgrt_set_alloc_func (gcry_realloc);
> --#ifdef USE_NPTH
> --  gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
> --#endif
> -
> -   /* Special hack for Windows CE: We extract some options from arg
> -      to setup the standard handles.  */
> Index: patches/patch-dirmngr_dirmngr_c
> ===================================================================
> RCS file: patches/patch-dirmngr_dirmngr_c
> diff -N patches/patch-dirmngr_dirmngr_c
> --- patches/patch-dirmngr_dirmngr_c 18 Nov 2016 11:30:53 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,95 +0,0 @@
> -$OpenBSD: patch-dirmngr_dirmngr_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $
> -
> -From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001
> -From: NIIBE Yutaka <[hidden email]>
> -Date: Tue, 4 Oct 2016 09:01:13 +0900
> -Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork.
> -
> -From fc0b392e766af8127094e8b529d25abb84ad1d65 Mon Sep 17 00:00:00 2001
> -From: NIIBE Yutaka <[hidden email]>
> -Date: Fri, 7 Oct 2016 10:45:22 +0900
> -Subject: [PATCH] agent, dirmngr, scd: Fix init_common_subsystems.
> -
> ---- dirmngr/dirmngr.c.orig Fri Nov 18 12:26:43 2016
> -+++ dirmngr/dirmngr.c Fri Nov 18 12:26:33 2016
> -@@ -636,6 +636,23 @@ pid_suffix_callback (unsigned long *r_suffix)
> - #endif /*!HAVE_W32_SYSTEM*/
> -
> -
> -+static void
> -+thread_init (void)
> -+{
> -+  npth_init ();
> -+  gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
> -+
> -+  /* Now with NPth running we can set the logging callback.  Our
> -+     windows implementation does not yet feature the NPth TLS
> -+     functions.  */
> -+#ifndef HAVE_W32_SYSTEM
> -+  if (npth_key_create (&my_tlskey_current_fd, NULL) == 0)
> -+    if (npth_setspecific (my_tlskey_current_fd, NULL) == 0)
> -+      log_set_pid_suffix_cb (pid_suffix_callback);
> -+#endif /*!HAVE_W32_SYSTEM*/
> -+}
> -+
> -+
> - int
> - main (int argc, char **argv)
> - {
> -@@ -669,8 +686,6 @@ main (int argc, char **argv)
> -   i18n_init ();
> -   init_common_subsystems (&argc, &argv);
> -
> --  npth_init ();
> --
> -   gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
> -
> -  /* Check that the libraries are suitable.  Do it here because
> -@@ -711,15 +726,6 @@ main (int argc, char **argv)
> -   if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") )
> -     csh_style = 1;
> -
> --    /* Now with NPth running we can set the logging callback.  Our
> --     windows implementation does not yet feature the NPth TLS
> --     functions.  */
> --#ifndef HAVE_W32_SYSTEM
> --  if (npth_key_create (&my_tlskey_current_fd, NULL) == 0)
> --    if (npth_setspecific (my_tlskey_current_fd, NULL) == 0)
> --      log_set_pid_suffix_cb (pid_suffix_callback);
> --#endif /*!HAVE_W32_SYSTEM*/
> --
> -   /* Reset rereadable options to default values. */
> -   parse_rereadable_options (NULL, 0);
> -
> -@@ -970,6 +976,7 @@ main (int argc, char **argv)
> -       ldap_wrapper_launch_thread ();
> - #endif /*USE_LDAP*/
> -
> -+      thread_init ();
> -       cert_cache_init ();
> -       crl_cache_init ();
> -       start_command_handler (ASSUAN_INVALID_FD);
> -@@ -1168,6 +1175,7 @@ main (int argc, char **argv)
> -       ldap_wrapper_launch_thread ();
> - #endif /*USE_LDAP*/
> -
> -+      thread_init ();
> -       cert_cache_init ();
> -       crl_cache_init ();
> -       handle_connections (fd);
> -@@ -1195,6 +1203,7 @@ main (int argc, char **argv)
> - #if USE_LDAP
> -       ldap_wrapper_launch_thread ();
> - #endif /*USE_LDAP*/
> -+      thread_init ();
> -       cert_cache_init ();
> -       crl_cache_init ();
> -       if (!argc)
> -@@ -1220,6 +1229,7 @@ main (int argc, char **argv)
> - #if USE_LDAP
> -       ldap_wrapper_launch_thread ();
> - #endif /*USE_LDAP*/
> -+      thread_init ();
> -       cert_cache_init ();
> -       crl_cache_init ();
> -       rc = crl_fetch (&ctrlbuf, argv[0], &reader);
> Index: patches/patch-g10_getkey_c
> ===================================================================
> RCS file: patches/patch-g10_getkey_c
> diff -N patches/patch-g10_getkey_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-g10_getkey_c 19 Mar 2017 17:23:54 -0000
> @@ -0,0 +1,41 @@
> +$OpenBSD$
> +
> +gpg: Fix attempt to double free an UID structure.
> +https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blobdiff;f=g10/getkey.c;h=be7367faf685e99b6c0f7c92b569d89180f4e2df;hp=163ab801400411fd91b3b2f63bb27ce8a88a8010;hb=4a130bbc2c2f4be6e8c6357512a943f435ade28f;hpb=e6ca015ae182a6dbb0466441efc17c99683e9375
> +
> +--- g10/getkey.c.orig Wed Mar  1 13:04:33 2017
> ++++ g10/getkey.c Sun Mar 19 17:21:06 2017
> +@@ -1592,8 +1592,10 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retct
> +   if (is_valid_mailbox (name) && ctx)
> +     {
> +       /* Rank results and return only the most relevant key.  */
> +-      struct pubkey_cmp_cookie best = { 0 }, new;
> +-      KBNODE new_keyblock;
> ++      struct pubkey_cmp_cookie best = { 0 };
> ++      struct pubkey_cmp_cookie new;
> ++      kbnode_t new_keyblock;
> ++
> +       while (getkey_next (ctx, &new.key, &new_keyblock) == 0)
> +         {
> +           int diff = pubkey_cmp (ctrl, name, &best, &new, new_keyblock);
> +@@ -1610,17 +1612,20 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retct
> +               /* Old key is better.  */
> +               release_public_key_parts (&new.key);
> +               free_user_id (new.uid);
> ++              new.uid = NULL;
> +             }
> +           else
> +             {
> +               /* A tie.  Keep the old key.  */
> +               release_public_key_parts (&new.key);
> +               free_user_id (new.uid);
> ++              new.uid = NULL;
> +             }
> +         }
> +       getkey_end (ctx);
> +       ctx = NULL;
> +       free_user_id (best.uid);
> ++      best.uid = NULL;
> +
> +       if (best.valid)
> +         {
> Index: patches/patch-g10_import_c
> ===================================================================
> RCS file: patches/patch-g10_import_c
> diff -N patches/patch-g10_import_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-g10_import_c 19 Mar 2017 17:21:09 -0000
> @@ -0,0 +1,43 @@
> +$OpenBSD$
> +
> +Fix possible segv when attribute packets are filtered.
> +https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=5f6f3f5cae8a95ed469129f9677782c17951dab3
> +
> +--- g10/import.c.orig Wed Mar  1 13:04:33 2017
> ++++ g10/import.c Sun Mar 19 17:17:38 2017
> +@@ -1173,7 +1173,8 @@ impex_filter_getval (void *cookie, const char *propnam
> +   static char numbuf[20];
> +   const char *result;
> +
> +-  if (node->pkt->pkttype == PKT_USER_ID)
> ++  if (node->pkt->pkttype == PKT_USER_ID
> ++      || node->pkt->pkttype == PKT_ATTRIBUTE)
> +     {
> +       if (!strcmp (propname, "uid"))
> +         result = node->pkt->pkt.user_id->name;
> +@@ -1191,8 +1192,7 @@ impex_filter_getval (void *cookie, const char *propnam
> +       else
> +         result = NULL;
> +     }
> +-  else if (node->pkt->pkttype == PKT_SIGNATURE
> +-           || node->pkt->pkttype == PKT_ATTRIBUTE)
> ++  else if (node->pkt->pkttype == PKT_SIGNATURE)
> +     {
> +       PKT_signature *sig = node->pkt->pkt.signature;
> +
> +@@ -1313,12 +1313,12 @@ apply_drop_sig_filter (kbnode_t keyblock, recsel_expr_
> +       if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
> +           || node->pkt->pkttype == PKT_SECRET_SUBKEY)
> +         break; /* ready.  */
> +-      if (node->pkt->pkttype == PKT_USER_ID)
> ++      if (node->pkt->pkttype == PKT_USER_ID
> ++          || node->pkt->pkttype == PKT_ATTRIBUTE)
> +         active = 1;
> +       if (!active)
> +         continue;
> +-      if (node->pkt->pkttype != PKT_SIGNATURE
> +-          && node->pkt->pkttype != PKT_ATTRIBUTE)
> ++      if (node->pkt->pkttype != PKT_SIGNATURE)
> +         continue;
> +
> +       sig = node->pkt->pkt.signature;
> Index: patches/patch-scd_scdaemon_c
> ===================================================================
> RCS file: patches/patch-scd_scdaemon_c
> diff -N patches/patch-scd_scdaemon_c
> --- patches/patch-scd_scdaemon_c 18 Nov 2016 11:30:53 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,43 +0,0 @@
> -$OpenBSD: patch-scd_scdaemon_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $
> -
> -From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001
> -From: NIIBE Yutaka <[hidden email]>
> -Date: Tue, 4 Oct 2016 09:01:13 +0900
> -Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork.
> -
> -From fc0b392e766af8127094e8b529d25abb84ad1d65 Mon Sep 17 00:00:00 2001
> -From: NIIBE Yutaka <[hidden email]>
> -Date: Fri, 7 Oct 2016 10:45:22 +0900
> -Subject: [PATCH] agent, dirmngr, scd: Fix init_common_subsystems.
> -
> ---- scd/scdaemon.c.orig Fri Nov 18 12:26:40 2016
> -+++ scd/scdaemon.c Fri Nov 18 12:26:33 2016
> -@@ -422,8 +422,6 @@ main (int argc, char **argv )
> -   i18n_init ();
> -   init_common_subsystems (&argc, &argv);
> -
> --  npth_init ();
> --
> -   ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free);
> -
> -   malloc_hooks.malloc = gcry_malloc;
> -@@ -724,6 +722,9 @@ main (int argc, char **argv )
> -       }
> - #endif
> -
> -+      npth_init ();
> -+      gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
> -+
> -       /* If --debug-allow-core-dump has been given we also need to
> -          switch the working directory to a place where we can actually
> -          write. */
> -@@ -860,6 +861,9 @@ main (int argc, char **argv )
> -         } /* end parent */
> -
> -       /* This is the child. */
> -+
> -+      npth_init ();
> -+      gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
> -
> -       /* Detach from tty and put process into a new session. */
> -       if (!nodetach )
> Index: pkg/PLIST
> ===================================================================
> RCS file: /home/edd/cvsync/ports/security/gnupg2/pkg/PLIST,v
> retrieving revision 1.15
> diff -u -p -r1.15 PLIST
> --- pkg/PLIST 19 Sep 2016 17:09:37 -0000 1.15
> +++ pkg/PLIST 27 Mar 2017 14:51:34 -0000
> @@ -19,6 +19,7 @@
>  @bin libexec/gpg-check-pattern
>  @bin libexec/gpg-preset-passphrase
>  @bin libexec/gpg-protect-tool
> +@bin libexec/gpg-wks-client
>  @bin libexec/scdaemon
>  @man man/man1/dirmngr-client.1
>  @man man/man1/gpg-agent.1
> @@ -52,6 +53,15 @@ share/doc/gnupg2/examples/README
>  share/doc/gnupg2/examples/gpgconf.conf
>  share/doc/gnupg2/examples/pwpattern.list
>  share/doc/gnupg2/examples/scd-event
> +share/doc/gnupg2/examples/systemd-user/
> +share/doc/gnupg2/examples/systemd-user/README
> +share/doc/gnupg2/examples/systemd-user/dirmngr.service
> +share/doc/gnupg2/examples/systemd-user/dirmngr.socket
> +share/doc/gnupg2/examples/systemd-user/gpg-agent-browser.socket
> +share/doc/gnupg2/examples/systemd-user/gpg-agent-extra.socket
> +share/doc/gnupg2/examples/systemd-user/gpg-agent-ssh.socket
> +share/doc/gnupg2/examples/systemd-user/gpg-agent.service
> +share/doc/gnupg2/examples/systemd-user/gpg-agent.socket
>  share/doc/gnupg2/examples/trustlist.txt
>  share/doc/pkg-readmes/${FULLPKGNAME}
>  share/gnupg/

--
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: UPDATE: gnupg-2.1.19

Edd Barrett-3
On Tue, Mar 28, 2017 at 12:13:31PM +0200, Jeremie Courreges-Anglas wrote:
> Edd Barrett <[hidden email]> writes:
>
> I didn't look at the details, but the additional files in PLIST seem
> largely irrelevant on OpenBSD.  Maybe they should be removed?

I did wonder about this myself. systemd. Leave it with me and I'll kill
these files and any links to them.

> > If it really is deprecated, we should consider trying to kill it in
> > favour of gnupg2.
>
> I'd prefer to postpone such a decision to after 6.1.

Absolutely! Now is certainly not the time.

--
Best Regards
Edd Barrett

http://www.theunixzoo.co.uk

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: UPDATE: gnupg-2.1.19

Edd Barrett-3
On Tue, Mar 28, 2017 at 11:36:47AM +0100, Edd Barrett wrote:
> I did wonder about this myself. systemd. Leave it with me and I'll kill
> these files and any links to them.

New diff killing the systemd examples.

OK?

Index: Makefile
===================================================================
RCS file: /home/edd/cvsync/ports/security/gnupg2/Makefile,v
retrieving revision 1.47
diff -u -p -r1.47 Makefile
--- Makefile 18 Nov 2016 11:30:53 -0000 1.47
+++ Makefile 27 Mar 2017 14:56:02 -0000
@@ -2,8 +2,7 @@
 
 COMMENT = GNU privacy guard - a free PGP replacement
 
-DISTNAME = gnupg-2.1.15
-REVISION = 2
+DISTNAME = gnupg-2.1.19
 CATEGORIES = security
 
 MASTER_SITES = ${MASTER_SITE_GNUPG:=gnupg/}
@@ -43,8 +42,6 @@ CONFIGURE_ARGS += --disable-ldap
 
 RUN_DEPENDS = security/pinentry
 
-# gpg-agent must be installed to run the regress tests
-# Make sure you dont have gpg aliased (e.g. to gpg2) when running tests.
 TEST_DEPENDS = ${FULLPKGNAME}:${BUILD_PKGPATH}
 PORTHOME=${WRKDIR}
 
Index: distinfo
===================================================================
RCS file: /home/edd/cvsync/ports/security/gnupg2/distinfo,v
retrieving revision 1.19
diff -u -p -r1.19 distinfo
--- distinfo 19 Sep 2016 17:09:37 -0000 1.19
+++ distinfo 19 Mar 2017 15:59:24 -0000
@@ -1,2 +1,2 @@
-SHA256 (gnupg-2.1.15.tar.bz2) = wowaII8bitY722uI0lL2c0/00z3mtU44SUsR1J4A/90=
-SIZE (gnupg-2.1.15.tar.bz2) = 5723689
+SHA256 (gnupg-2.1.19.tar.bz2) = RsztH1ZBzinMKCUPUvrfbkF+ZJs7/exJpaDQsipjm/A=
+SIZE (gnupg-2.1.19.tar.bz2) = 6404836
Index: patches/patch-agent_gpg-agent_c
===================================================================
RCS file: patches/patch-agent_gpg-agent_c
diff -N patches/patch-agent_gpg-agent_c
--- patches/patch-agent_gpg-agent_c 18 Nov 2016 11:30:53 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,97 +0,0 @@
-$OpenBSD: patch-agent_gpg-agent_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $
-
-From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <[hidden email]>
-Date: Tue, 4 Oct 2016 09:01:13 +0900
-Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork.
-
-From fc0b392e766af8127094e8b529d25abb84ad1d65 Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <[hidden email]>
-Date: Fri, 7 Oct 2016 10:45:22 +0900
-Subject: [PATCH] agent, dirmngr, scd: Fix init_common_subsystems.
-
---- agent/gpg-agent.c.orig Fri Nov 18 12:26:38 2016
-+++ agent/gpg-agent.c Fri Nov 18 12:26:33 2016
-@@ -715,7 +715,31 @@ finalize_rereadable_options (void)
- }
-
-
-+static void
-+thread_init_once (void)
-+{
-+  static int npth_initialized = 0;
-
-+  if (!npth_initialized)
-+    {
-+      npth_initialized++;
-+      npth_init ();
-+    }
-+  gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
-+}
-+
-+static void
-+initialize_modules (void)
-+{
-+  thread_init_once ();
-+  assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH);
-+  initialize_module_cache ();
-+  initialize_module_call_pinentry ();
-+  initialize_module_call_scd ();
-+  initialize_module_trustlist ();
-+}
-+
-+
- /* The main entry point.  */
- int
- main (int argc, char **argv )
-@@ -762,14 +786,11 @@ main (int argc, char **argv )
-   i18n_init ();
-   init_common_subsystems (&argc, &argv);
-
--  npth_init ();
--
-   malloc_hooks.malloc = gcry_malloc;
-   malloc_hooks.realloc = gcry_realloc;
-   malloc_hooks.free = gcry_free;
-   assuan_set_malloc_hooks (&malloc_hooks);
-   assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
--  assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH);
-   assuan_sock_init ();
-   setup_libassuan_logging (&opt.debug);
-
-@@ -1051,16 +1072,12 @@ main (int argc, char **argv )
-       exit (1);
-     }
-
--  initialize_module_cache ();
--  initialize_module_call_pinentry ();
--  initialize_module_call_scd ();
--  initialize_module_trustlist ();
--
-   /* Try to create missing directories. */
-   create_directories ();
-
-   if (debug_wait && pipe_server)
-     {
-+      thread_init_once ();
-       log_debug ("waiting for debugger - my pid is %u .....\n",
-                  (unsigned int)getpid());
-       gnupg_sleep (debug_wait);
-@@ -1167,6 +1184,8 @@ main (int argc, char **argv )
-       /* This is the simple pipe based server */
-       ctrl_t ctrl;
-
-+      initialize_modules ();
-+
-       ctrl = xtrycalloc (1, sizeof *ctrl);
-       if (!ctrl)
-         {
-@@ -1369,6 +1388,8 @@ main (int argc, char **argv )
-       /*
-          This is the child
-        */
-+
-+      initialize_modules ();
-
-       /* Detach from tty and put process into a new session */
-       if (!nodetach )
Index: patches/patch-common_init_c
===================================================================
RCS file: patches/patch-common_init_c
diff -N patches/patch-common_init_c
--- patches/patch-common_init_c 18 Nov 2016 11:30:53 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,40 +0,0 @@
-$OpenBSD: patch-common_init_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $
-
-From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <[hidden email]>
-Date: Tue, 4 Oct 2016 09:01:13 +0900
-Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork.
-
---- common/init.c.orig Thu Aug 18 17:00:16 2016
-+++ common/init.c Fri Nov 18 12:26:33 2016
-@@ -29,20 +29,12 @@
-
- #include <config.h>
-
--#ifdef WITHOUT_NPTH /* Give the Makefile a chance to build without Pth.  */
--#undef HAVE_NPTH
--#undef USE_NPTH
--#endif
--
- #ifdef HAVE_W32_SYSTEM
- # ifdef HAVE_WINSOCK2_H
- #  include <winsock2.h>
- # endif
- # include <windows.h>
- #endif
--#ifdef HAVE_NPTH
--# include <npth.h>
--#endif
- #ifdef HAVE_W32CE_SYSTEM
- # include <assuan.h> /* For _assuan_w32ce_finish_pipe. */
- #endif
-@@ -197,9 +189,6 @@ _init_common_subsystems (gpg_err_source_t errsource, i
-   /* Initialize the Estream library. */
-   gpgrt_init ();
-   gpgrt_set_alloc_func (gcry_realloc);
--#ifdef USE_NPTH
--  gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
--#endif
-
-   /* Special hack for Windows CE: We extract some options from arg
-      to setup the standard handles.  */
Index: patches/patch-dirmngr_dirmngr_c
===================================================================
RCS file: patches/patch-dirmngr_dirmngr_c
diff -N patches/patch-dirmngr_dirmngr_c
--- patches/patch-dirmngr_dirmngr_c 18 Nov 2016 11:30:53 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,95 +0,0 @@
-$OpenBSD: patch-dirmngr_dirmngr_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $
-
-From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <[hidden email]>
-Date: Tue, 4 Oct 2016 09:01:13 +0900
-Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork.
-
-From fc0b392e766af8127094e8b529d25abb84ad1d65 Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <[hidden email]>
-Date: Fri, 7 Oct 2016 10:45:22 +0900
-Subject: [PATCH] agent, dirmngr, scd: Fix init_common_subsystems.
-
---- dirmngr/dirmngr.c.orig Fri Nov 18 12:26:43 2016
-+++ dirmngr/dirmngr.c Fri Nov 18 12:26:33 2016
-@@ -636,6 +636,23 @@ pid_suffix_callback (unsigned long *r_suffix)
- #endif /*!HAVE_W32_SYSTEM*/
-
-
-+static void
-+thread_init (void)
-+{
-+  npth_init ();
-+  gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
-+
-+  /* Now with NPth running we can set the logging callback.  Our
-+     windows implementation does not yet feature the NPth TLS
-+     functions.  */
-+#ifndef HAVE_W32_SYSTEM
-+  if (npth_key_create (&my_tlskey_current_fd, NULL) == 0)
-+    if (npth_setspecific (my_tlskey_current_fd, NULL) == 0)
-+      log_set_pid_suffix_cb (pid_suffix_callback);
-+#endif /*!HAVE_W32_SYSTEM*/
-+}
-+
-+
- int
- main (int argc, char **argv)
- {
-@@ -669,8 +686,6 @@ main (int argc, char **argv)
-   i18n_init ();
-   init_common_subsystems (&argc, &argv);
-
--  npth_init ();
--
-   gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
-
-  /* Check that the libraries are suitable.  Do it here because
-@@ -711,15 +726,6 @@ main (int argc, char **argv)
-   if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") )
-     csh_style = 1;
-
--    /* Now with NPth running we can set the logging callback.  Our
--     windows implementation does not yet feature the NPth TLS
--     functions.  */
--#ifndef HAVE_W32_SYSTEM
--  if (npth_key_create (&my_tlskey_current_fd, NULL) == 0)
--    if (npth_setspecific (my_tlskey_current_fd, NULL) == 0)
--      log_set_pid_suffix_cb (pid_suffix_callback);
--#endif /*!HAVE_W32_SYSTEM*/
--
-   /* Reset rereadable options to default values. */
-   parse_rereadable_options (NULL, 0);
-
-@@ -970,6 +976,7 @@ main (int argc, char **argv)
-       ldap_wrapper_launch_thread ();
- #endif /*USE_LDAP*/
-
-+      thread_init ();
-       cert_cache_init ();
-       crl_cache_init ();
-       start_command_handler (ASSUAN_INVALID_FD);
-@@ -1168,6 +1175,7 @@ main (int argc, char **argv)
-       ldap_wrapper_launch_thread ();
- #endif /*USE_LDAP*/
-
-+      thread_init ();
-       cert_cache_init ();
-       crl_cache_init ();
-       handle_connections (fd);
-@@ -1195,6 +1203,7 @@ main (int argc, char **argv)
- #if USE_LDAP
-       ldap_wrapper_launch_thread ();
- #endif /*USE_LDAP*/
-+      thread_init ();
-       cert_cache_init ();
-       crl_cache_init ();
-       if (!argc)
-@@ -1220,6 +1229,7 @@ main (int argc, char **argv)
- #if USE_LDAP
-       ldap_wrapper_launch_thread ();
- #endif /*USE_LDAP*/
-+      thread_init ();
-       cert_cache_init ();
-       crl_cache_init ();
-       rc = crl_fetch (&ctrlbuf, argv[0], &reader);
Index: patches/patch-doc_Makefile_in
===================================================================
RCS file: patches/patch-doc_Makefile_in
diff -N patches/patch-doc_Makefile_in
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-doc_Makefile_in 28 Mar 2017 17:06:54 -0000
@@ -0,0 +1,18 @@
+$OpenBSD$
+--- doc/Makefile.in.orig Tue Mar 28 18:06:28 2017
++++ doc/Makefile.in Tue Mar 28 18:06:50 2017
+@@ -460,14 +460,6 @@ libcommonpth = ../common/libcommonpth.a
+ libcommontls = ../common/libcommontls.a
+ libcommontlsnpth = ../common/libcommontlsnpth.a
+ examples = examples/README examples/scd-event examples/trustlist.txt \
+-   examples/systemd-user/README \
+-   examples/systemd-user/dirmngr.service \
+-   examples/systemd-user/dirmngr.socket \
+-   examples/systemd-user/gpg-agent.service \
+-   examples/systemd-user/gpg-agent.socket \
+-   examples/systemd-user/gpg-agent-ssh.socket \
+-   examples/systemd-user/gpg-agent-browser.socket \
+-   examples/systemd-user/gpg-agent-extra.socket \
+   examples/gpgconf.conf examples/pwpattern.list
+
+ helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt \
Index: patches/patch-g10_getkey_c
===================================================================
RCS file: patches/patch-g10_getkey_c
diff -N patches/patch-g10_getkey_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-g10_getkey_c 19 Mar 2017 17:23:54 -0000
@@ -0,0 +1,41 @@
+$OpenBSD$
+
+gpg: Fix attempt to double free an UID structure.
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blobdiff;f=g10/getkey.c;h=be7367faf685e99b6c0f7c92b569d89180f4e2df;hp=163ab801400411fd91b3b2f63bb27ce8a88a8010;hb=4a130bbc2c2f4be6e8c6357512a943f435ade28f;hpb=e6ca015ae182a6dbb0466441efc17c99683e9375
+
+--- g10/getkey.c.orig Wed Mar  1 13:04:33 2017
++++ g10/getkey.c Sun Mar 19 17:21:06 2017
+@@ -1592,8 +1592,10 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retct
+   if (is_valid_mailbox (name) && ctx)
+     {
+       /* Rank results and return only the most relevant key.  */
+-      struct pubkey_cmp_cookie best = { 0 }, new;
+-      KBNODE new_keyblock;
++      struct pubkey_cmp_cookie best = { 0 };
++      struct pubkey_cmp_cookie new;
++      kbnode_t new_keyblock;
++
+       while (getkey_next (ctx, &new.key, &new_keyblock) == 0)
+         {
+           int diff = pubkey_cmp (ctrl, name, &best, &new, new_keyblock);
+@@ -1610,17 +1612,20 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retct
+               /* Old key is better.  */
+               release_public_key_parts (&new.key);
+               free_user_id (new.uid);
++              new.uid = NULL;
+             }
+           else
+             {
+               /* A tie.  Keep the old key.  */
+               release_public_key_parts (&new.key);
+               free_user_id (new.uid);
++              new.uid = NULL;
+             }
+         }
+       getkey_end (ctx);
+       ctx = NULL;
+       free_user_id (best.uid);
++      best.uid = NULL;
+
+       if (best.valid)
+         {
Index: patches/patch-g10_import_c
===================================================================
RCS file: patches/patch-g10_import_c
diff -N patches/patch-g10_import_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-g10_import_c 19 Mar 2017 17:21:09 -0000
@@ -0,0 +1,43 @@
+$OpenBSD$
+
+Fix possible segv when attribute packets are filtered.
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=5f6f3f5cae8a95ed469129f9677782c17951dab3
+
+--- g10/import.c.orig Wed Mar  1 13:04:33 2017
++++ g10/import.c Sun Mar 19 17:17:38 2017
+@@ -1173,7 +1173,8 @@ impex_filter_getval (void *cookie, const char *propnam
+   static char numbuf[20];
+   const char *result;
+
+-  if (node->pkt->pkttype == PKT_USER_ID)
++  if (node->pkt->pkttype == PKT_USER_ID
++      || node->pkt->pkttype == PKT_ATTRIBUTE)
+     {
+       if (!strcmp (propname, "uid"))
+         result = node->pkt->pkt.user_id->name;
+@@ -1191,8 +1192,7 @@ impex_filter_getval (void *cookie, const char *propnam
+       else
+         result = NULL;
+     }
+-  else if (node->pkt->pkttype == PKT_SIGNATURE
+-           || node->pkt->pkttype == PKT_ATTRIBUTE)
++  else if (node->pkt->pkttype == PKT_SIGNATURE)
+     {
+       PKT_signature *sig = node->pkt->pkt.signature;
+
+@@ -1313,12 +1313,12 @@ apply_drop_sig_filter (kbnode_t keyblock, recsel_expr_
+       if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+           || node->pkt->pkttype == PKT_SECRET_SUBKEY)
+         break; /* ready.  */
+-      if (node->pkt->pkttype == PKT_USER_ID)
++      if (node->pkt->pkttype == PKT_USER_ID
++          || node->pkt->pkttype == PKT_ATTRIBUTE)
+         active = 1;
+       if (!active)
+         continue;
+-      if (node->pkt->pkttype != PKT_SIGNATURE
+-          && node->pkt->pkttype != PKT_ATTRIBUTE)
++      if (node->pkt->pkttype != PKT_SIGNATURE)
+         continue;
+
+       sig = node->pkt->pkt.signature;
Index: patches/patch-scd_scdaemon_c
===================================================================
RCS file: patches/patch-scd_scdaemon_c
diff -N patches/patch-scd_scdaemon_c
--- patches/patch-scd_scdaemon_c 18 Nov 2016 11:30:53 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,43 +0,0 @@
-$OpenBSD: patch-scd_scdaemon_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $
-
-From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <[hidden email]>
-Date: Tue, 4 Oct 2016 09:01:13 +0900
-Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork.
-
-From fc0b392e766af8127094e8b529d25abb84ad1d65 Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <[hidden email]>
-Date: Fri, 7 Oct 2016 10:45:22 +0900
-Subject: [PATCH] agent, dirmngr, scd: Fix init_common_subsystems.
-
---- scd/scdaemon.c.orig Fri Nov 18 12:26:40 2016
-+++ scd/scdaemon.c Fri Nov 18 12:26:33 2016
-@@ -422,8 +422,6 @@ main (int argc, char **argv )
-   i18n_init ();
-   init_common_subsystems (&argc, &argv);
-
--  npth_init ();
--
-   ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free);
-
-   malloc_hooks.malloc = gcry_malloc;
-@@ -724,6 +722,9 @@ main (int argc, char **argv )
-       }
- #endif
-
-+      npth_init ();
-+      gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
-+
-       /* If --debug-allow-core-dump has been given we also need to
-          switch the working directory to a place where we can actually
-          write. */
-@@ -860,6 +861,9 @@ main (int argc, char **argv )
-         } /* end parent */
-
-       /* This is the child. */
-+
-+      npth_init ();
-+      gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
-
-       /* Detach from tty and put process into a new session. */
-       if (!nodetach )
Index: pkg/PLIST
===================================================================
RCS file: /home/edd/cvsync/ports/security/gnupg2/pkg/PLIST,v
retrieving revision 1.15
diff -u -p -r1.15 PLIST
--- pkg/PLIST 19 Sep 2016 17:09:37 -0000 1.15
+++ pkg/PLIST 28 Mar 2017 17:11:59 -0000
@@ -19,6 +19,7 @@
 @bin libexec/gpg-check-pattern
 @bin libexec/gpg-preset-passphrase
 @bin libexec/gpg-protect-tool
+@bin libexec/gpg-wks-client
 @bin libexec/scdaemon
 @man man/man1/dirmngr-client.1
 @man man/man1/gpg-agent.1

--
Best Regards
Edd Barrett

http://www.theunixzoo.co.uk

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: UPDATE: gnupg-2.1.19

Edd Barrett-3
On Tue, Mar 28, 2017 at 06:18:25PM +0100, Edd Barrett wrote:
> On Tue, Mar 28, 2017 at 11:36:47AM +0100, Edd Barrett wrote:
> > I did wonder about this myself. systemd. Leave it with me and I'll kill
> > these files and any links to them.
>
> New diff killing the systemd examples.

Ah, forgot to mention, there is one test failure:
https://bugs.gnupg.org/gnupg/issue3030

I've addded a link to this in the Makefile. Will post a new diff after
unlock.

--
Best Regards
Edd Barrett

http://www.theunixzoo.co.uk

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

UPDATE: gnupg-2.1.20

Edd Barrett-3
Hi,

On Fri, Mar 31, 2017 at 07:15:56AM +0100, Edd Barrett wrote:
> Ah, forgot to mention, there is one test failure:
> https://bugs.gnupg.org/gnupg/issue3030
>
> I've addded a link to this in the Makefile. Will post a new diff after
> unlock.

Here's an update to gnupg-2.1.20, which does not seem to have this test
failure. All tests passing.

OK?

Index: Makefile
===================================================================
RCS file: /home/edd/cvsync/ports/security/gnupg2/Makefile,v
retrieving revision 1.47
diff -u -p -r1.47 Makefile
--- Makefile 18 Nov 2016 11:30:53 -0000 1.47
+++ Makefile 6 Apr 2017 09:02:36 -0000
@@ -2,8 +2,7 @@
 
 COMMENT = GNU privacy guard - a free PGP replacement
 
-DISTNAME = gnupg-2.1.15
-REVISION = 2
+DISTNAME = gnupg-2.1.20
 CATEGORIES = security
 
 MASTER_SITES = ${MASTER_SITE_GNUPG:=gnupg/}
@@ -43,8 +42,6 @@ CONFIGURE_ARGS += --disable-ldap
 
 RUN_DEPENDS = security/pinentry
 
-# gpg-agent must be installed to run the regress tests
-# Make sure you dont have gpg aliased (e.g. to gpg2) when running tests.
 TEST_DEPENDS = ${FULLPKGNAME}:${BUILD_PKGPATH}
 PORTHOME=${WRKDIR}
 
Index: distinfo
===================================================================
RCS file: /home/edd/cvsync/ports/security/gnupg2/distinfo,v
retrieving revision 1.19
diff -u -p -r1.19 distinfo
--- distinfo 19 Sep 2016 17:09:37 -0000 1.19
+++ distinfo 6 Apr 2017 08:47:09 -0000
@@ -1,2 +1,2 @@
-SHA256 (gnupg-2.1.15.tar.bz2) = wowaII8bitY722uI0lL2c0/00z3mtU44SUsR1J4A/90=
-SIZE (gnupg-2.1.15.tar.bz2) = 5723689
+SHA256 (gnupg-2.1.20.tar.bz2) = JM+aaTab5kqfb4zBGhvjOrd4Ctd6ahuTcZQ49J9plg0=
+SIZE (gnupg-2.1.20.tar.bz2) = 6456128
Index: patches/patch-agent_gpg-agent_c
===================================================================
RCS file: patches/patch-agent_gpg-agent_c
diff -N patches/patch-agent_gpg-agent_c
--- patches/patch-agent_gpg-agent_c 18 Nov 2016 11:30:53 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,97 +0,0 @@
-$OpenBSD: patch-agent_gpg-agent_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $
-
-From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <[hidden email]>
-Date: Tue, 4 Oct 2016 09:01:13 +0900
-Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork.
-
-From fc0b392e766af8127094e8b529d25abb84ad1d65 Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <[hidden email]>
-Date: Fri, 7 Oct 2016 10:45:22 +0900
-Subject: [PATCH] agent, dirmngr, scd: Fix init_common_subsystems.
-
---- agent/gpg-agent.c.orig Fri Nov 18 12:26:38 2016
-+++ agent/gpg-agent.c Fri Nov 18 12:26:33 2016
-@@ -715,7 +715,31 @@ finalize_rereadable_options (void)
- }
-
-
-+static void
-+thread_init_once (void)
-+{
-+  static int npth_initialized = 0;
-
-+  if (!npth_initialized)
-+    {
-+      npth_initialized++;
-+      npth_init ();
-+    }
-+  gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
-+}
-+
-+static void
-+initialize_modules (void)
-+{
-+  thread_init_once ();
-+  assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH);
-+  initialize_module_cache ();
-+  initialize_module_call_pinentry ();
-+  initialize_module_call_scd ();
-+  initialize_module_trustlist ();
-+}
-+
-+
- /* The main entry point.  */
- int
- main (int argc, char **argv )
-@@ -762,14 +786,11 @@ main (int argc, char **argv )
-   i18n_init ();
-   init_common_subsystems (&argc, &argv);
-
--  npth_init ();
--
-   malloc_hooks.malloc = gcry_malloc;
-   malloc_hooks.realloc = gcry_realloc;
-   malloc_hooks.free = gcry_free;
-   assuan_set_malloc_hooks (&malloc_hooks);
-   assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
--  assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH);
-   assuan_sock_init ();
-   setup_libassuan_logging (&opt.debug);
-
-@@ -1051,16 +1072,12 @@ main (int argc, char **argv )
-       exit (1);
-     }
-
--  initialize_module_cache ();
--  initialize_module_call_pinentry ();
--  initialize_module_call_scd ();
--  initialize_module_trustlist ();
--
-   /* Try to create missing directories. */
-   create_directories ();
-
-   if (debug_wait && pipe_server)
-     {
-+      thread_init_once ();
-       log_debug ("waiting for debugger - my pid is %u .....\n",
-                  (unsigned int)getpid());
-       gnupg_sleep (debug_wait);
-@@ -1167,6 +1184,8 @@ main (int argc, char **argv )
-       /* This is the simple pipe based server */
-       ctrl_t ctrl;
-
-+      initialize_modules ();
-+
-       ctrl = xtrycalloc (1, sizeof *ctrl);
-       if (!ctrl)
-         {
-@@ -1369,6 +1388,8 @@ main (int argc, char **argv )
-       /*
-          This is the child
-        */
-+
-+      initialize_modules ();
-
-       /* Detach from tty and put process into a new session */
-       if (!nodetach )
Index: patches/patch-common_init_c
===================================================================
RCS file: patches/patch-common_init_c
diff -N patches/patch-common_init_c
--- patches/patch-common_init_c 18 Nov 2016 11:30:53 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,40 +0,0 @@
-$OpenBSD: patch-common_init_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $
-
-From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <[hidden email]>
-Date: Tue, 4 Oct 2016 09:01:13 +0900
-Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork.
-
---- common/init.c.orig Thu Aug 18 17:00:16 2016
-+++ common/init.c Fri Nov 18 12:26:33 2016
-@@ -29,20 +29,12 @@
-
- #include <config.h>
-
--#ifdef WITHOUT_NPTH /* Give the Makefile a chance to build without Pth.  */
--#undef HAVE_NPTH
--#undef USE_NPTH
--#endif
--
- #ifdef HAVE_W32_SYSTEM
- # ifdef HAVE_WINSOCK2_H
- #  include <winsock2.h>
- # endif
- # include <windows.h>
- #endif
--#ifdef HAVE_NPTH
--# include <npth.h>
--#endif
- #ifdef HAVE_W32CE_SYSTEM
- # include <assuan.h> /* For _assuan_w32ce_finish_pipe. */
- #endif
-@@ -197,9 +189,6 @@ _init_common_subsystems (gpg_err_source_t errsource, i
-   /* Initialize the Estream library. */
-   gpgrt_init ();
-   gpgrt_set_alloc_func (gcry_realloc);
--#ifdef USE_NPTH
--  gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
--#endif
-
-   /* Special hack for Windows CE: We extract some options from arg
-      to setup the standard handles.  */
Index: patches/patch-dirmngr_dirmngr_c
===================================================================
RCS file: patches/patch-dirmngr_dirmngr_c
diff -N patches/patch-dirmngr_dirmngr_c
--- patches/patch-dirmngr_dirmngr_c 18 Nov 2016 11:30:53 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,95 +0,0 @@
-$OpenBSD: patch-dirmngr_dirmngr_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $
-
-From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <[hidden email]>
-Date: Tue, 4 Oct 2016 09:01:13 +0900
-Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork.
-
-From fc0b392e766af8127094e8b529d25abb84ad1d65 Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <[hidden email]>
-Date: Fri, 7 Oct 2016 10:45:22 +0900
-Subject: [PATCH] agent, dirmngr, scd: Fix init_common_subsystems.
-
---- dirmngr/dirmngr.c.orig Fri Nov 18 12:26:43 2016
-+++ dirmngr/dirmngr.c Fri Nov 18 12:26:33 2016
-@@ -636,6 +636,23 @@ pid_suffix_callback (unsigned long *r_suffix)
- #endif /*!HAVE_W32_SYSTEM*/
-
-
-+static void
-+thread_init (void)
-+{
-+  npth_init ();
-+  gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
-+
-+  /* Now with NPth running we can set the logging callback.  Our
-+     windows implementation does not yet feature the NPth TLS
-+     functions.  */
-+#ifndef HAVE_W32_SYSTEM
-+  if (npth_key_create (&my_tlskey_current_fd, NULL) == 0)
-+    if (npth_setspecific (my_tlskey_current_fd, NULL) == 0)
-+      log_set_pid_suffix_cb (pid_suffix_callback);
-+#endif /*!HAVE_W32_SYSTEM*/
-+}
-+
-+
- int
- main (int argc, char **argv)
- {
-@@ -669,8 +686,6 @@ main (int argc, char **argv)
-   i18n_init ();
-   init_common_subsystems (&argc, &argv);
-
--  npth_init ();
--
-   gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
-
-  /* Check that the libraries are suitable.  Do it here because
-@@ -711,15 +726,6 @@ main (int argc, char **argv)
-   if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") )
-     csh_style = 1;
-
--    /* Now with NPth running we can set the logging callback.  Our
--     windows implementation does not yet feature the NPth TLS
--     functions.  */
--#ifndef HAVE_W32_SYSTEM
--  if (npth_key_create (&my_tlskey_current_fd, NULL) == 0)
--    if (npth_setspecific (my_tlskey_current_fd, NULL) == 0)
--      log_set_pid_suffix_cb (pid_suffix_callback);
--#endif /*!HAVE_W32_SYSTEM*/
--
-   /* Reset rereadable options to default values. */
-   parse_rereadable_options (NULL, 0);
-
-@@ -970,6 +976,7 @@ main (int argc, char **argv)
-       ldap_wrapper_launch_thread ();
- #endif /*USE_LDAP*/
-
-+      thread_init ();
-       cert_cache_init ();
-       crl_cache_init ();
-       start_command_handler (ASSUAN_INVALID_FD);
-@@ -1168,6 +1175,7 @@ main (int argc, char **argv)
-       ldap_wrapper_launch_thread ();
- #endif /*USE_LDAP*/
-
-+      thread_init ();
-       cert_cache_init ();
-       crl_cache_init ();
-       handle_connections (fd);
-@@ -1195,6 +1203,7 @@ main (int argc, char **argv)
- #if USE_LDAP
-       ldap_wrapper_launch_thread ();
- #endif /*USE_LDAP*/
-+      thread_init ();
-       cert_cache_init ();
-       crl_cache_init ();
-       if (!argc)
-@@ -1220,6 +1229,7 @@ main (int argc, char **argv)
- #if USE_LDAP
-       ldap_wrapper_launch_thread ();
- #endif /*USE_LDAP*/
-+      thread_init ();
-       cert_cache_init ();
-       crl_cache_init ();
-       rc = crl_fetch (&ctrlbuf, argv[0], &reader);
Index: patches/patch-doc_Makefile_in
===================================================================
RCS file: patches/patch-doc_Makefile_in
diff -N patches/patch-doc_Makefile_in
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-doc_Makefile_in 6 Apr 2017 08:50:25 -0000
@@ -0,0 +1,18 @@
+$OpenBSD$
+--- doc/Makefile.in.orig Thu Apr  6 09:49:58 2017
++++ doc/Makefile.in Thu Apr  6 09:50:22 2017
+@@ -461,14 +461,6 @@ libcommontls = ../common/libcommontls.a
+ libcommontlsnpth = ../common/libcommontlsnpth.a
+ examples = examples/README examples/scd-event examples/trustlist.txt \
+   examples/vsnfd.prf examples/debug.prf                        \
+-   examples/systemd-user/README \
+-   examples/systemd-user/dirmngr.service \
+-   examples/systemd-user/dirmngr.socket \
+-   examples/systemd-user/gpg-agent.service \
+-   examples/systemd-user/gpg-agent.socket \
+-   examples/systemd-user/gpg-agent-ssh.socket \
+-   examples/systemd-user/gpg-agent-browser.socket \
+-   examples/systemd-user/gpg-agent-extra.socket \
+   examples/gpgconf.conf examples/pwpattern.list
+
+ helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt \
Index: patches/patch-scd_scdaemon_c
===================================================================
RCS file: patches/patch-scd_scdaemon_c
diff -N patches/patch-scd_scdaemon_c
--- patches/patch-scd_scdaemon_c 18 Nov 2016 11:30:53 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,43 +0,0 @@
-$OpenBSD: patch-scd_scdaemon_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $
-
-From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <[hidden email]>
-Date: Tue, 4 Oct 2016 09:01:13 +0900
-Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork.
-
-From fc0b392e766af8127094e8b529d25abb84ad1d65 Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <[hidden email]>
-Date: Fri, 7 Oct 2016 10:45:22 +0900
-Subject: [PATCH] agent, dirmngr, scd: Fix init_common_subsystems.
-
---- scd/scdaemon.c.orig Fri Nov 18 12:26:40 2016
-+++ scd/scdaemon.c Fri Nov 18 12:26:33 2016
-@@ -422,8 +422,6 @@ main (int argc, char **argv )
-   i18n_init ();
-   init_common_subsystems (&argc, &argv);
-
--  npth_init ();
--
-   ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free);
-
-   malloc_hooks.malloc = gcry_malloc;
-@@ -724,6 +722,9 @@ main (int argc, char **argv )
-       }
- #endif
-
-+      npth_init ();
-+      gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
-+
-       /* If --debug-allow-core-dump has been given we also need to
-          switch the working directory to a place where we can actually
-          write. */
-@@ -860,6 +861,9 @@ main (int argc, char **argv )
-         } /* end parent */
-
-       /* This is the child. */
-+
-+      npth_init ();
-+      gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
-
-       /* Detach from tty and put process into a new session. */
-       if (!nodetach )
Index: pkg/PLIST
===================================================================
RCS file: /home/edd/cvsync/ports/security/gnupg2/pkg/PLIST,v
retrieving revision 1.15
diff -u -p -r1.15 PLIST
--- pkg/PLIST 19 Sep 2016 17:09:37 -0000 1.15
+++ pkg/PLIST 6 Apr 2017 08:54:17 -0000
@@ -19,6 +19,7 @@
 @bin libexec/gpg-check-pattern
 @bin libexec/gpg-preset-passphrase
 @bin libexec/gpg-protect-tool
+@bin libexec/gpg-wks-client
 @bin libexec/scdaemon
 @man man/man1/dirmngr-client.1
 @man man/man1/gpg-agent.1
@@ -49,10 +50,12 @@ share/doc/gnupg2/README
 share/doc/gnupg2/TRANSLATE
 share/doc/gnupg2/examples/
 share/doc/gnupg2/examples/README
+share/doc/gnupg2/examples/debug.prf
 share/doc/gnupg2/examples/gpgconf.conf
 share/doc/gnupg2/examples/pwpattern.list
 share/doc/gnupg2/examples/scd-event
 share/doc/gnupg2/examples/trustlist.txt
+share/doc/gnupg2/examples/vsnfd.prf
 share/doc/pkg-readmes/${FULLPKGNAME}
 share/gnupg/
 share/gnupg/dirmngr-conf.skel

--
Best Regards
Edd Barrett

http://www.theunixzoo.co.uk

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: UPDATE: gnupg-2.1.20

Pierre-Emmanuel André-2
On Thu, Apr 06, 2017 at 10:32:11AM +0100, Edd Barrett wrote:

> Hi,
>
> On Fri, Mar 31, 2017 at 07:15:56AM +0100, Edd Barrett wrote:
> > Ah, forgot to mention, there is one test failure:
> > https://bugs.gnupg.org/gnupg/issue3030
> >
> > I've addded a link to this in the Makefile. Will post a new diff after
> > unlock.
>
> Here's an update to gnupg-2.1.20, which does not seem to have this test
> failure. All tests passing.
>
> OK?
>

Works fine on @amd64. Diff looks good.
ok pea@

> Index: Makefile
> ===================================================================
> RCS file: /home/edd/cvsync/ports/security/gnupg2/Makefile,v
> retrieving revision 1.47
> diff -u -p -r1.47 Makefile
> --- Makefile 18 Nov 2016 11:30:53 -0000 1.47
> +++ Makefile 6 Apr 2017 09:02:36 -0000
> @@ -2,8 +2,7 @@
>  
>  COMMENT = GNU privacy guard - a free PGP replacement
>  
> -DISTNAME = gnupg-2.1.15
> -REVISION = 2
> +DISTNAME = gnupg-2.1.20
>  CATEGORIES = security
>  
>  MASTER_SITES = ${MASTER_SITE_GNUPG:=gnupg/}
> @@ -43,8 +42,6 @@ CONFIGURE_ARGS += --disable-ldap
>  
>  RUN_DEPENDS = security/pinentry
>  
> -# gpg-agent must be installed to run the regress tests
> -# Make sure you dont have gpg aliased (e.g. to gpg2) when running tests.
>  TEST_DEPENDS = ${FULLPKGNAME}:${BUILD_PKGPATH}
>  PORTHOME=${WRKDIR}
>  
> Index: distinfo
> ===================================================================
> RCS file: /home/edd/cvsync/ports/security/gnupg2/distinfo,v
> retrieving revision 1.19
> diff -u -p -r1.19 distinfo
> --- distinfo 19 Sep 2016 17:09:37 -0000 1.19
> +++ distinfo 6 Apr 2017 08:47:09 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (gnupg-2.1.15.tar.bz2) = wowaII8bitY722uI0lL2c0/00z3mtU44SUsR1J4A/90=
> -SIZE (gnupg-2.1.15.tar.bz2) = 5723689
> +SHA256 (gnupg-2.1.20.tar.bz2) = JM+aaTab5kqfb4zBGhvjOrd4Ctd6ahuTcZQ49J9plg0=
> +SIZE (gnupg-2.1.20.tar.bz2) = 6456128
> Index: patches/patch-agent_gpg-agent_c
> ===================================================================
> RCS file: patches/patch-agent_gpg-agent_c
> diff -N patches/patch-agent_gpg-agent_c
> --- patches/patch-agent_gpg-agent_c 18 Nov 2016 11:30:53 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,97 +0,0 @@
> -$OpenBSD: patch-agent_gpg-agent_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $
> -
> -From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001
> -From: NIIBE Yutaka <[hidden email]>
> -Date: Tue, 4 Oct 2016 09:01:13 +0900
> -Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork.
> -
> -From fc0b392e766af8127094e8b529d25abb84ad1d65 Mon Sep 17 00:00:00 2001
> -From: NIIBE Yutaka <[hidden email]>
> -Date: Fri, 7 Oct 2016 10:45:22 +0900
> -Subject: [PATCH] agent, dirmngr, scd: Fix init_common_subsystems.
> -
> ---- agent/gpg-agent.c.orig Fri Nov 18 12:26:38 2016
> -+++ agent/gpg-agent.c Fri Nov 18 12:26:33 2016
> -@@ -715,7 +715,31 @@ finalize_rereadable_options (void)
> - }
> -
> -
> -+static void
> -+thread_init_once (void)
> -+{
> -+  static int npth_initialized = 0;
> -
> -+  if (!npth_initialized)
> -+    {
> -+      npth_initialized++;
> -+      npth_init ();
> -+    }
> -+  gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
> -+}
> -+
> -+static void
> -+initialize_modules (void)
> -+{
> -+  thread_init_once ();
> -+  assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH);
> -+  initialize_module_cache ();
> -+  initialize_module_call_pinentry ();
> -+  initialize_module_call_scd ();
> -+  initialize_module_trustlist ();
> -+}
> -+
> -+
> - /* The main entry point.  */
> - int
> - main (int argc, char **argv )
> -@@ -762,14 +786,11 @@ main (int argc, char **argv )
> -   i18n_init ();
> -   init_common_subsystems (&argc, &argv);
> -
> --  npth_init ();
> --
> -   malloc_hooks.malloc = gcry_malloc;
> -   malloc_hooks.realloc = gcry_realloc;
> -   malloc_hooks.free = gcry_free;
> -   assuan_set_malloc_hooks (&malloc_hooks);
> -   assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
> --  assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH);
> -   assuan_sock_init ();
> -   setup_libassuan_logging (&opt.debug);
> -
> -@@ -1051,16 +1072,12 @@ main (int argc, char **argv )
> -       exit (1);
> -     }
> -
> --  initialize_module_cache ();
> --  initialize_module_call_pinentry ();
> --  initialize_module_call_scd ();
> --  initialize_module_trustlist ();
> --
> -   /* Try to create missing directories. */
> -   create_directories ();
> -
> -   if (debug_wait && pipe_server)
> -     {
> -+      thread_init_once ();
> -       log_debug ("waiting for debugger - my pid is %u .....\n",
> -                  (unsigned int)getpid());
> -       gnupg_sleep (debug_wait);
> -@@ -1167,6 +1184,8 @@ main (int argc, char **argv )
> -       /* This is the simple pipe based server */
> -       ctrl_t ctrl;
> -
> -+      initialize_modules ();
> -+
> -       ctrl = xtrycalloc (1, sizeof *ctrl);
> -       if (!ctrl)
> -         {
> -@@ -1369,6 +1388,8 @@ main (int argc, char **argv )
> -       /*
> -          This is the child
> -        */
> -+
> -+      initialize_modules ();
> -
> -       /* Detach from tty and put process into a new session */
> -       if (!nodetach )
> Index: patches/patch-common_init_c
> ===================================================================
> RCS file: patches/patch-common_init_c
> diff -N patches/patch-common_init_c
> --- patches/patch-common_init_c 18 Nov 2016 11:30:53 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,40 +0,0 @@
> -$OpenBSD: patch-common_init_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $
> -
> -From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001
> -From: NIIBE Yutaka <[hidden email]>
> -Date: Tue, 4 Oct 2016 09:01:13 +0900
> -Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork.
> -
> ---- common/init.c.orig Thu Aug 18 17:00:16 2016
> -+++ common/init.c Fri Nov 18 12:26:33 2016
> -@@ -29,20 +29,12 @@
> -
> - #include <config.h>
> -
> --#ifdef WITHOUT_NPTH /* Give the Makefile a chance to build without Pth.  */
> --#undef HAVE_NPTH
> --#undef USE_NPTH
> --#endif
> --
> - #ifdef HAVE_W32_SYSTEM
> - # ifdef HAVE_WINSOCK2_H
> - #  include <winsock2.h>
> - # endif
> - # include <windows.h>
> - #endif
> --#ifdef HAVE_NPTH
> --# include <npth.h>
> --#endif
> - #ifdef HAVE_W32CE_SYSTEM
> - # include <assuan.h> /* For _assuan_w32ce_finish_pipe. */
> - #endif
> -@@ -197,9 +189,6 @@ _init_common_subsystems (gpg_err_source_t errsource, i
> -   /* Initialize the Estream library. */
> -   gpgrt_init ();
> -   gpgrt_set_alloc_func (gcry_realloc);
> --#ifdef USE_NPTH
> --  gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
> --#endif
> -
> -   /* Special hack for Windows CE: We extract some options from arg
> -      to setup the standard handles.  */
> Index: patches/patch-dirmngr_dirmngr_c
> ===================================================================
> RCS file: patches/patch-dirmngr_dirmngr_c
> diff -N patches/patch-dirmngr_dirmngr_c
> --- patches/patch-dirmngr_dirmngr_c 18 Nov 2016 11:30:53 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,95 +0,0 @@
> -$OpenBSD: patch-dirmngr_dirmngr_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $
> -
> -From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001
> -From: NIIBE Yutaka <[hidden email]>
> -Date: Tue, 4 Oct 2016 09:01:13 +0900
> -Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork.
> -
> -From fc0b392e766af8127094e8b529d25abb84ad1d65 Mon Sep 17 00:00:00 2001
> -From: NIIBE Yutaka <[hidden email]>
> -Date: Fri, 7 Oct 2016 10:45:22 +0900
> -Subject: [PATCH] agent, dirmngr, scd: Fix init_common_subsystems.
> -
> ---- dirmngr/dirmngr.c.orig Fri Nov 18 12:26:43 2016
> -+++ dirmngr/dirmngr.c Fri Nov 18 12:26:33 2016
> -@@ -636,6 +636,23 @@ pid_suffix_callback (unsigned long *r_suffix)
> - #endif /*!HAVE_W32_SYSTEM*/
> -
> -
> -+static void
> -+thread_init (void)
> -+{
> -+  npth_init ();
> -+  gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
> -+
> -+  /* Now with NPth running we can set the logging callback.  Our
> -+     windows implementation does not yet feature the NPth TLS
> -+     functions.  */
> -+#ifndef HAVE_W32_SYSTEM
> -+  if (npth_key_create (&my_tlskey_current_fd, NULL) == 0)
> -+    if (npth_setspecific (my_tlskey_current_fd, NULL) == 0)
> -+      log_set_pid_suffix_cb (pid_suffix_callback);
> -+#endif /*!HAVE_W32_SYSTEM*/
> -+}
> -+
> -+
> - int
> - main (int argc, char **argv)
> - {
> -@@ -669,8 +686,6 @@ main (int argc, char **argv)
> -   i18n_init ();
> -   init_common_subsystems (&argc, &argv);
> -
> --  npth_init ();
> --
> -   gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
> -
> -  /* Check that the libraries are suitable.  Do it here because
> -@@ -711,15 +726,6 @@ main (int argc, char **argv)
> -   if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") )
> -     csh_style = 1;
> -
> --    /* Now with NPth running we can set the logging callback.  Our
> --     windows implementation does not yet feature the NPth TLS
> --     functions.  */
> --#ifndef HAVE_W32_SYSTEM
> --  if (npth_key_create (&my_tlskey_current_fd, NULL) == 0)
> --    if (npth_setspecific (my_tlskey_current_fd, NULL) == 0)
> --      log_set_pid_suffix_cb (pid_suffix_callback);
> --#endif /*!HAVE_W32_SYSTEM*/
> --
> -   /* Reset rereadable options to default values. */
> -   parse_rereadable_options (NULL, 0);
> -
> -@@ -970,6 +976,7 @@ main (int argc, char **argv)
> -       ldap_wrapper_launch_thread ();
> - #endif /*USE_LDAP*/
> -
> -+      thread_init ();
> -       cert_cache_init ();
> -       crl_cache_init ();
> -       start_command_handler (ASSUAN_INVALID_FD);
> -@@ -1168,6 +1175,7 @@ main (int argc, char **argv)
> -       ldap_wrapper_launch_thread ();
> - #endif /*USE_LDAP*/
> -
> -+      thread_init ();
> -       cert_cache_init ();
> -       crl_cache_init ();
> -       handle_connections (fd);
> -@@ -1195,6 +1203,7 @@ main (int argc, char **argv)
> - #if USE_LDAP
> -       ldap_wrapper_launch_thread ();
> - #endif /*USE_LDAP*/
> -+      thread_init ();
> -       cert_cache_init ();
> -       crl_cache_init ();
> -       if (!argc)
> -@@ -1220,6 +1229,7 @@ main (int argc, char **argv)
> - #if USE_LDAP
> -       ldap_wrapper_launch_thread ();
> - #endif /*USE_LDAP*/
> -+      thread_init ();
> -       cert_cache_init ();
> -       crl_cache_init ();
> -       rc = crl_fetch (&ctrlbuf, argv[0], &reader);
> Index: patches/patch-doc_Makefile_in
> ===================================================================
> RCS file: patches/patch-doc_Makefile_in
> diff -N patches/patch-doc_Makefile_in
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-doc_Makefile_in 6 Apr 2017 08:50:25 -0000
> @@ -0,0 +1,18 @@
> +$OpenBSD$
> +--- doc/Makefile.in.orig Thu Apr  6 09:49:58 2017
> ++++ doc/Makefile.in Thu Apr  6 09:50:22 2017
> +@@ -461,14 +461,6 @@ libcommontls = ../common/libcommontls.a
> + libcommontlsnpth = ../common/libcommontlsnpth.a
> + examples = examples/README examples/scd-event examples/trustlist.txt \
> +   examples/vsnfd.prf examples/debug.prf                        \
> +-   examples/systemd-user/README \
> +-   examples/systemd-user/dirmngr.service \
> +-   examples/systemd-user/dirmngr.socket \
> +-   examples/systemd-user/gpg-agent.service \
> +-   examples/systemd-user/gpg-agent.socket \
> +-   examples/systemd-user/gpg-agent-ssh.socket \
> +-   examples/systemd-user/gpg-agent-browser.socket \
> +-   examples/systemd-user/gpg-agent-extra.socket \
> +   examples/gpgconf.conf examples/pwpattern.list
> +
> + helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt \
> Index: patches/patch-scd_scdaemon_c
> ===================================================================
> RCS file: patches/patch-scd_scdaemon_c
> diff -N patches/patch-scd_scdaemon_c
> --- patches/patch-scd_scdaemon_c 18 Nov 2016 11:30:53 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,43 +0,0 @@
> -$OpenBSD: patch-scd_scdaemon_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $
> -
> -From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001
> -From: NIIBE Yutaka <[hidden email]>
> -Date: Tue, 4 Oct 2016 09:01:13 +0900
> -Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork.
> -
> -From fc0b392e766af8127094e8b529d25abb84ad1d65 Mon Sep 17 00:00:00 2001
> -From: NIIBE Yutaka <[hidden email]>
> -Date: Fri, 7 Oct 2016 10:45:22 +0900
> -Subject: [PATCH] agent, dirmngr, scd: Fix init_common_subsystems.
> -
> ---- scd/scdaemon.c.orig Fri Nov 18 12:26:40 2016
> -+++ scd/scdaemon.c Fri Nov 18 12:26:33 2016
> -@@ -422,8 +422,6 @@ main (int argc, char **argv )
> -   i18n_init ();
> -   init_common_subsystems (&argc, &argv);
> -
> --  npth_init ();
> --
> -   ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free);
> -
> -   malloc_hooks.malloc = gcry_malloc;
> -@@ -724,6 +722,9 @@ main (int argc, char **argv )
> -       }
> - #endif
> -
> -+      npth_init ();
> -+      gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
> -+
> -       /* If --debug-allow-core-dump has been given we also need to
> -          switch the working directory to a place where we can actually
> -          write. */
> -@@ -860,6 +861,9 @@ main (int argc, char **argv )
> -         } /* end parent */
> -
> -       /* This is the child. */
> -+
> -+      npth_init ();
> -+      gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
> -
> -       /* Detach from tty and put process into a new session. */
> -       if (!nodetach )
> Index: pkg/PLIST
> ===================================================================
> RCS file: /home/edd/cvsync/ports/security/gnupg2/pkg/PLIST,v
> retrieving revision 1.15
> diff -u -p -r1.15 PLIST
> --- pkg/PLIST 19 Sep 2016 17:09:37 -0000 1.15
> +++ pkg/PLIST 6 Apr 2017 08:54:17 -0000
> @@ -19,6 +19,7 @@
>  @bin libexec/gpg-check-pattern
>  @bin libexec/gpg-preset-passphrase
>  @bin libexec/gpg-protect-tool
> +@bin libexec/gpg-wks-client
>  @bin libexec/scdaemon
>  @man man/man1/dirmngr-client.1
>  @man man/man1/gpg-agent.1
> @@ -49,10 +50,12 @@ share/doc/gnupg2/README
>  share/doc/gnupg2/TRANSLATE
>  share/doc/gnupg2/examples/
>  share/doc/gnupg2/examples/README
> +share/doc/gnupg2/examples/debug.prf
>  share/doc/gnupg2/examples/gpgconf.conf
>  share/doc/gnupg2/examples/pwpattern.list
>  share/doc/gnupg2/examples/scd-event
>  share/doc/gnupg2/examples/trustlist.txt
> +share/doc/gnupg2/examples/vsnfd.prf
>  share/doc/pkg-readmes/${FULLPKGNAME}
>  share/gnupg/
>  share/gnupg/dirmngr-conf.skel
>
> --
> Best Regards
> Edd Barrett
>
> http://www.theunixzoo.co.uk

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: UPDATE: gnupg-2.1.20

Pavel Korovin-2
Hi Pierre-Emmanuel,
It worked fine for me ~1 year until this update.
I have passphrase-protected private key on Yubikey, and gpg-agent doesn't ask
for the passphrase any more. No idea how to debug this issue, since there are
many moving parts involved.

Various tweaks like
export PINENTRY_USER_DATA="USE_CURSES=1"
or setting
pinentry-program /usr/local/bin/pinentry-curses in
$GNUPGHOME/gpg-agent.conf
didn't help.

--
With best regards,
Pavel Korovin

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: UPDATE: gnupg-2.1.20

Edd Barrett-3
Hi,

On Mon, Apr 10, 2017 at 12:20:31AM +0300, Pavel Korovin wrote:
> pinentry-program /usr/local/bin/pinentry-curses in

This is what I do, albeit with pinentry-gtk-2.

Can you try killing any running gpg-agents and running a new one with
debug logging enabled, like this:

 $ gpg-agent --daemon --log-file /tmp/log --debug-level advanced

Then try to use your yubikey. Is there any useful debug info in the log
file?

Thanks

--
Best Regards
Edd Barrett

http://www.theunixzoo.co.uk

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: UPDATE: gnupg-2.1.20

Pavel Korovin-2
On 04/11, Edd Barrett wrote:
>
> Can you try killing any running gpg-agents and running a new one with
> debug logging enabled, like this:
>
>  $ gpg-agent --daemon --log-file /tmp/log --debug-level advanced
>
> Then try to use your yubikey. Is there any useful debug info in the log
> file?
 
Edd, do you use gnupg-2.1.20 port with Yubikey?

I have the same issue as described here:
https://dev.gnupg.org/T2933

gpg --card-status doesn't work with my original settings:

2017-04-10 12:47:20 scdaemon[64625] listening on socket
'/home/p/.config/gnupg/S.scdaemon'
2017-04-10 12:47:20 scdaemon[64625] handler for fd -1 started
2017-04-10 12:47:20 scdaemon[64625] DBG: chan_5 -> OK GNU Privacy
Guard's Smartcard server ready
2017-04-10 12:47:20 scdaemon[64625] DBG: chan_5 <- GETINFO socket_name
2017-04-10 12:47:20 scdaemon[64625] DBG: chan_5 -> D
/home/p/.config/gnupg/S.scdaemon
2017-04-10 12:47:20 scdaemon[64625] DBG: chan_5 -> OK
2017-04-10 12:47:20 scdaemon[64625] DBG: chan_5 <- OPTION
event-signal=31
2017-04-10 12:47:20 scdaemon[64625] DBG: chan_5 -> OK
2017-04-10 12:47:20 scdaemon[64625] DBG: chan_5 <- GETINFO version
2017-04-10 12:47:20 scdaemon[64625] DBG: chan_5 -> D 2.1.20
2017-04-10 12:47:20 scdaemon[64625] DBG: chan_5 -> OK
2017-04-10 12:47:20 scdaemon[64625] DBG: chan_5 <- SERIALNO openpgp
2017-04-10 12:47:20 scdaemon[64625] DBG: apdu_open_reader: BAI=302
2017-04-10 12:47:20 scdaemon[64625] DBG: apdu_open_reader: new
device=302

And nothing else. gpg just hangs until I interrupt it with Control-C.

I tried to set "disable-ccid" option, after that scdaemon fails early:

$ gpg --card-status
gpg: selecting openpgp failed: Operation not supported by device                                                        
gpg: OpenPGP card not available: Operation not supported by device

scdaemon.log:

2017-04-10 12:53:32 scdaemon[55296] handler for fd -1 started
2017-04-10 12:53:32 scdaemon[55296] DBG: chan_5 -> OK GNU Privacy
Guard's Smartcard server ready
2017-04-10 12:53:32 scdaemon[55296] DBG: chan_5 <- GETINFO socket_name
2017-04-10 12:53:32 scdaemon[55296] DBG: chan_5 -> D
/home/p/.config/gnupg/S.scdaemon
2017-04-10 12:53:32 scdaemon[55296] DBG: chan_5 -> OK
2017-04-10 12:53:32 scdaemon[55296] DBG: chan_5 <- OPTION
event-signal=31
2017-04-10 12:53:32 scdaemon[55296] DBG: chan_5 -> OK
2017-04-10 12:53:32 scdaemon[55296] DBG: chan_5 <- GETINFO version
2017-04-10 12:53:32 scdaemon[55296] DBG: chan_5 -> D 2.1.20
2017-04-10 12:53:32 scdaemon[55296] DBG: chan_5 -> OK
2017-04-10 12:53:32 scdaemon[55296] DBG: chan_5 <- SERIALNO openpgp
2017-04-10 12:53:32 scdaemon[55296] DBG: enter: apdu_open_reader:
portstr=(null)
2017-04-10 12:53:32 scdaemon[55296] pcsc_establish_context failed: no
service (0x8010001d)
2017-04-10 12:53:32 scdaemon[55296] DBG: leave: apdu_open_reader =>
slot=-1 [pc/sc]
2017-04-10 12:53:32 scdaemon[55296] DBG: chan_5 -> ERR 100696144
Operation not supported by device <SCD>

--
With best regards,
Pavel Korovin

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: UPDATE: gnupg-2.1.20

Edd Barrett-3
Hi,

Unfortunately, i don't own a yubikey to test with. Anyone got a spare?

Does ktrace offer any clues to why the scdaemon is failing?



On 16 April 2017 17:44:27 BST, Pavel Korovin <[hidden email]> wrote:

>On 04/11, Edd Barrett wrote:
>>
>> Can you try killing any running gpg-agents and running a new one with
>> debug logging enabled, like this:
>>
>>  $ gpg-agent --daemon --log-file /tmp/log --debug-level advanced
>>
>> Then try to use your yubikey. Is there any useful debug info in the
>log
>> file?
>
>Edd, do you use gnupg-2.1.20 port with Yubikey?
>
>I have the same issue as described here:
>https://dev.gnupg.org/T2933
>
>gpg --card-status doesn't work with my original settings:
>
>2017-04-10 12:47:20 scdaemon[64625] listening on socket
>'/home/p/.config/gnupg/S.scdaemon'
>2017-04-10 12:47:20 scdaemon[64625] handler for fd -1 started
>2017-04-10 12:47:20 scdaemon[64625] DBG: chan_5 -> OK GNU Privacy
>Guard's Smartcard server ready
>2017-04-10 12:47:20 scdaemon[64625] DBG: chan_5 <- GETINFO socket_name
>2017-04-10 12:47:20 scdaemon[64625] DBG: chan_5 -> D
>/home/p/.config/gnupg/S.scdaemon
>2017-04-10 12:47:20 scdaemon[64625] DBG: chan_5 -> OK
>2017-04-10 12:47:20 scdaemon[64625] DBG: chan_5 <- OPTION
>event-signal=31
>2017-04-10 12:47:20 scdaemon[64625] DBG: chan_5 -> OK
>2017-04-10 12:47:20 scdaemon[64625] DBG: chan_5 <- GETINFO version
>2017-04-10 12:47:20 scdaemon[64625] DBG: chan_5 -> D 2.1.20
>2017-04-10 12:47:20 scdaemon[64625] DBG: chan_5 -> OK
>2017-04-10 12:47:20 scdaemon[64625] DBG: chan_5 <- SERIALNO openpgp
>2017-04-10 12:47:20 scdaemon[64625] DBG: apdu_open_reader: BAI=302
>2017-04-10 12:47:20 scdaemon[64625] DBG: apdu_open_reader: new
>device=302
>
>And nothing else. gpg just hangs until I interrupt it with Control-C.
>
>I tried to set "disable-ccid" option, after that scdaemon fails early:
>
>$ gpg --card-status
>gpg: selecting openpgp failed: Operation not supported by device      
>                                                
>gpg: OpenPGP card not available: Operation not supported by device
>
>scdaemon.log:
>
>2017-04-10 12:53:32 scdaemon[55296] handler for fd -1 started
>2017-04-10 12:53:32 scdaemon[55296] DBG: chan_5 -> OK GNU Privacy
>Guard's Smartcard server ready
>2017-04-10 12:53:32 scdaemon[55296] DBG: chan_5 <- GETINFO socket_name
>2017-04-10 12:53:32 scdaemon[55296] DBG: chan_5 -> D
>/home/p/.config/gnupg/S.scdaemon
>2017-04-10 12:53:32 scdaemon[55296] DBG: chan_5 -> OK
>2017-04-10 12:53:32 scdaemon[55296] DBG: chan_5 <- OPTION
>event-signal=31
>2017-04-10 12:53:32 scdaemon[55296] DBG: chan_5 -> OK
>2017-04-10 12:53:32 scdaemon[55296] DBG: chan_5 <- GETINFO version
>2017-04-10 12:53:32 scdaemon[55296] DBG: chan_5 -> D 2.1.20
>2017-04-10 12:53:32 scdaemon[55296] DBG: chan_5 -> OK
>2017-04-10 12:53:32 scdaemon[55296] DBG: chan_5 <- SERIALNO openpgp
>2017-04-10 12:53:32 scdaemon[55296] DBG: enter: apdu_open_reader:
>portstr=(null)
>2017-04-10 12:53:32 scdaemon[55296] pcsc_establish_context failed: no
>service (0x8010001d)
>2017-04-10 12:53:32 scdaemon[55296] DBG: leave: apdu_open_reader =>
>slot=-1 [pc/sc]
>2017-04-10 12:53:32 scdaemon[55296] DBG: chan_5 -> ERR 100696144
>Operation not supported by device <SCD>
>
>--
>With best regards,
>Pavel Korovin

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: UPDATE: gnupg-2.1.20

Stuart Henderson
In reply to this post by Pavel Korovin-2
On 2017/04/10 00:20, Pavel Korovin wrote:
> Hi Pierre-Emmanuel,
> It worked fine for me ~1 year until this update.
> I have passphrase-protected private key on Yubikey, and gpg-agent doesn't ask
> for the passphrase any more. No idea how to debug this issue, since there are
> many moving parts involved.

Can you show how you setup the yubikey to work with this?

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: UPDATE: gnupg-2.1.20

Pavel Korovin-2
On 04/16, Stuart Henderson wrote:
> On 2017/04/10 00:20, Pavel Korovin wrote:
> > Hi Pierre-Emmanuel,
> > It worked fine for me ~1 year until this update.
> > I have passphrase-protected private key on Yubikey, and gpg-agent doesn't ask
> > for the passphrase any more. No idea how to debug this issue, since there are
> > many moving parts involved.
>
> Can you show how you setup the yubikey to work with this?

Nothing special, just standard procedure of generating master key with
subkeys followed by transfer of the private subkeys to Yubikey like:

### transfer private subkeys:
# gpg2 --edit-key $masterkey
toggle
key 1
keytocard
key 1
key 2
keytocard
## etc.
save

### trust keys:
gpg2 --edit-key $masterkey
toggle
key 1
key 2
key 3
trust
save

### configure touch option for yubikey4:
yubitouch sig on <pin>
yubitouch aut off <pin>
yubitouch dec on <pin>

### set pins:
gpg2 --card-edit
admin
passwd
<set pins>

--
With best regards,
Pavel Korovin

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: UPDATE: gnupg-2.1.20

Pavel Korovin-2
In reply to this post by Edd Barrett-3
On 04/16, Edd Barrett wrote:
>
> Does ktrace offer any clues to why the scdaemon is failing?
 
Will try to setup system for test next week (I use gpg key with ssh, and it
becomes a problem to connect anywhere when gpg doesn't work :)

--
With best regards,
Pavel Korovin

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: UPDATE: gnupg-2.1.20

Stuart Henderson
In reply to this post by Pavel Korovin-2
On 2017/04/16 20:47, Pavel Korovin wrote:

> On 04/16, Stuart Henderson wrote:
> > On 2017/04/10 00:20, Pavel Korovin wrote:
> > > Hi Pierre-Emmanuel,
> > > It worked fine for me ~1 year until this update.
> > > I have passphrase-protected private key on Yubikey, and gpg-agent doesn't ask
> > > for the passphrase any more. No idea how to debug this issue, since there are
> > > many moving parts involved.
> >
> > Can you show how you setup the yubikey to work with this?
>
> Nothing special, just standard procedure of generating master key with
> subkeys followed by transfer of the private subkeys to Yubikey like:

Can you show specifics so that someone who has a yubikey but isn't
particularly interested in learning how to use GPG can follow? (like,
without $masterkey and "etc"..)

> ### transfer private subkeys:
> # gpg2 --edit-key $masterkey
> toggle
> key 1
> keytocard
> key 1
> key 2
> keytocard
> ## etc.
> save
>
> ### trust keys:
> gpg2 --edit-key $masterkey
> toggle
> key 1
> key 2
> key 3
> trust
> save
>
> ### configure touch option for yubikey4:
> yubitouch sig on <pin>
> yubitouch aut off <pin>
> yubitouch dec on <pin>
>
> ### set pins:
> gpg2 --card-edit
> admin
> passwd
> <set pins>
>
> --
> With best regards,
> Pavel Korovin
>

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: UPDATE: gnupg-2.1.20

Edd Barrett-3
In reply to this post by Pavel Korovin-2
Thanks.

If we cant figure it out, we can think about rolling back until a fix is found. We cant have this blocking people from using gpg and ssh.

Can you tell me which yubikey you have?
Ill see if i can source one for a decent price.

Can you also raise a bug upstream and see if they offer any insights?

Cheers

On 16 April 2017 19:00:47 BST, Pavel Korovin <[hidden email]> wrote:

>On 04/16, Edd Barrett wrote:
>>
>> Does ktrace offer any clues to why the scdaemon is failing?
>
>Will try to setup system for test next week (I use gpg key with ssh,
>and it
>becomes a problem to connect anywhere when gpg doesn't work :)
>
>--
>With best regards,
>Pavel Korovin

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: UPDATE: gnupg-2.1.20

Pavel Korovin-2
In reply to this post by Stuart Henderson
On 04/16, Stuart Henderson wrote:
> Can you show specifics so that someone who has a yubikey but isn't
> particularly interested in learning how to use GPG can follow? (like,
> without $masterkey and "etc"..)

Oh, sorry. I think the most simple approach for testing will be just running

gpg –card-edit

without generating any keys, since the problem seems to be with
scdaemon part.
Here's the yubico reference:
https://www.yubico.com/support/knowledge-base/categories/articles/use-yubikey-openpgp/
 
--
With best regards,
Pavel Korovin

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: UPDATE: gnupg-2.1.20

Pavel Korovin-2
In reply to this post by Edd Barrett-3
On 04/16, Edd Barrett wrote:
> Can you tell me which yubikey you have?
> Ill see if i can source one for a decent price.

I have YubiKey 4 Nano, there's less expensive version YubiKey 4 with the
same functionality ($40 vs $50 for Nano):
https://www.yubico.com/products/yubikey-hardware/
 
> Can you also raise a bug upstream and see if they offer any insights?
That's what I was going to do this week, but due to urgent business trip
had to postpone.

--
With best regards,
Pavel Korovin

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: UPDATE: gnupg-2.1.20

Edd Barrett-3
Seems like i'd have to pay around 40GBP for a yubikey 4 from a UK reseller :(

Cant really justify the expense i'm afraid.



On 16 April 2017 19:45:29 BST, Pavel Korovin <[hidden email]> wrote:

>On 04/16, Edd Barrett wrote:
>> Can you tell me which yubikey you have?
>> Ill see if i can source one for a decent price.
>
>I have YubiKey 4 Nano, there's less expensive version YubiKey 4 with
>the
>same functionality ($40 vs $50 for Nano):
>https://www.yubico.com/products/yubikey-hardware/
>
>> Can you also raise a bug upstream and see if they offer any insights?
>That's what I was going to do this week, but due to urgent business
>trip
>had to postpone.
>
>--
>With best regards,
>Pavel Korovin

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: UPDATE: gnupg-2.1.20

Stuart Henderson
In reply to this post by Pavel Korovin-2
On 2017/04/16 21:36, Pavel Korovin wrote:

> On 04/16, Stuart Henderson wrote:
> > Can you show specifics so that someone who has a yubikey but isn't
> > particularly interested in learning how to use GPG can follow? (like,
> > without $masterkey and "etc"..)
>
> Oh, sorry. I think the most simple approach for testing will be just running
>
> gpg –card-edit
>
> without generating any keys, since the problem seems to be with
> scdaemon part.
> Here's the yubico reference:
> https://www.yubico.com/support/knowledge-base/categories/articles/use-yubikey-openpgp/

I'll have a look for my neo, but I haven't figured out how to get the
newer things working at all with OpenBSD yet so not sure I'll be able to
enable ccid on it..

12
Loading...