On Tue, Mar 28, 2017 at 11:36:47AM +0100, Edd Barrett wrote:
> I did wonder about this myself. systemd. Leave it with me and I'll kill
> these files and any links to them.
New diff killing the systemd examples.
OK?
Index: Makefile
===================================================================
RCS file: /home/edd/cvsync/ports/security/gnupg2/Makefile,v
retrieving revision 1.47
diff -u -p -r1.47 Makefile
--- Makefile 18 Nov 2016 11:30:53 -0000 1.47
+++ Makefile 27 Mar 2017 14:56:02 -0000
@@ -2,8 +2,7 @@
COMMENT = GNU privacy guard - a free PGP replacement
-DISTNAME = gnupg-2.1.15
-REVISION = 2
+DISTNAME = gnupg-2.1.19
CATEGORIES = security
MASTER_SITES = ${MASTER_SITE_GNUPG:=gnupg/}
@@ -43,8 +42,6 @@ CONFIGURE_ARGS += --disable-ldap
RUN_DEPENDS = security/pinentry
-# gpg-agent must be installed to run the regress tests
-# Make sure you dont have gpg aliased (e.g. to gpg2) when running tests.
TEST_DEPENDS = ${FULLPKGNAME}:${BUILD_PKGPATH}
PORTHOME=${WRKDIR}
Index: distinfo
===================================================================
RCS file: /home/edd/cvsync/ports/security/gnupg2/distinfo,v
retrieving revision 1.19
diff -u -p -r1.19 distinfo
--- distinfo 19 Sep 2016 17:09:37 -0000 1.19
+++ distinfo 19 Mar 2017 15:59:24 -0000
@@ -1,2 +1,2 @@
-SHA256 (gnupg-2.1.15.tar.bz2) = wowaII8bitY722uI0lL2c0/00z3mtU44SUsR1J4A/90=
-SIZE (gnupg-2.1.15.tar.bz2) = 5723689
+SHA256 (gnupg-2.1.19.tar.bz2) = RsztH1ZBzinMKCUPUvrfbkF+ZJs7/exJpaDQsipjm/A=
+SIZE (gnupg-2.1.19.tar.bz2) = 6404836
Index: patches/patch-agent_gpg-agent_c
===================================================================
RCS file: patches/patch-agent_gpg-agent_c
diff -N patches/patch-agent_gpg-agent_c
--- patches/patch-agent_gpg-agent_c 18 Nov 2016 11:30:53 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,97 +0,0 @@
-$OpenBSD: patch-agent_gpg-agent_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $
-
-From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <[email protected]>
-Date: Tue, 4 Oct 2016 09:01:13 +0900
-Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork.
-
-From fc0b392e766af8127094e8b529d25abb84ad1d65 Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <[email protected]>
-Date: Fri, 7 Oct 2016 10:45:22 +0900
-Subject: [PATCH] agent, dirmngr, scd: Fix init_common_subsystems.
-
---- agent/gpg-agent.c.orig Fri Nov 18 12:26:38 2016
-+++ agent/gpg-agent.c Fri Nov 18 12:26:33 2016
-@@ -715,7 +715,31 @@ finalize_rereadable_options (void)
- }
-
-
-+static void
-+thread_init_once (void)
-+{
-+ static int npth_initialized = 0;
-
-+ if (!npth_initialized)
-+ {
-+ npth_initialized++;
-+ npth_init ();
-+ }
-+ gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
-+}
-+
-+static void
-+initialize_modules (void)
-+{
-+ thread_init_once ();
-+ assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH);
-+ initialize_module_cache ();
-+ initialize_module_call_pinentry ();
-+ initialize_module_call_scd ();
-+ initialize_module_trustlist ();
-+}
-+
-+
- /* The main entry point. */
- int
- main (int argc, char **argv )
-@@ -762,14 +786,11 @@ main (int argc, char **argv )
- i18n_init ();
- init_common_subsystems (&argc, &argv);
-
-- npth_init ();
--
- malloc_hooks.malloc = gcry_malloc;
- malloc_hooks.realloc = gcry_realloc;
- malloc_hooks.free = gcry_free;
- assuan_set_malloc_hooks (&malloc_hooks);
- assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
-- assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH);
- assuan_sock_init ();
- setup_libassuan_logging (&opt.debug);
-
-@@ -1051,16 +1072,12 @@ main (int argc, char **argv )
- exit (1);
- }
-
-- initialize_module_cache ();
-- initialize_module_call_pinentry ();
-- initialize_module_call_scd ();
-- initialize_module_trustlist ();
--
- /* Try to create missing directories. */
- create_directories ();
-
- if (debug_wait && pipe_server)
- {
-+ thread_init_once ();
- log_debug ("waiting for debugger - my pid is %u .....\n",
- (unsigned int)getpid());
- gnupg_sleep (debug_wait);
-@@ -1167,6 +1184,8 @@ main (int argc, char **argv )
- /* This is the simple pipe based server */
- ctrl_t ctrl;
-
-+ initialize_modules ();
-+
- ctrl = xtrycalloc (1, sizeof *ctrl);
- if (!ctrl)
- {
-@@ -1369,6 +1388,8 @@ main (int argc, char **argv )
- /*
- This is the child
- */
-+
-+ initialize_modules ();
-
- /* Detach from tty and put process into a new session */
- if (!nodetach )
Index: patches/patch-common_init_c
===================================================================
RCS file: patches/patch-common_init_c
diff -N patches/patch-common_init_c
--- patches/patch-common_init_c 18 Nov 2016 11:30:53 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,40 +0,0 @@
-$OpenBSD: patch-common_init_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $
-
-From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <[email protected]>
-Date: Tue, 4 Oct 2016 09:01:13 +0900
-Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork.
-
---- common/init.c.orig Thu Aug 18 17:00:16 2016
-+++ common/init.c Fri Nov 18 12:26:33 2016
-@@ -29,20 +29,12 @@
-
- #include <config.h>
-
--#ifdef WITHOUT_NPTH /* Give the Makefile a chance to build without Pth. */
--#undef HAVE_NPTH
--#undef USE_NPTH
--#endif
--
- #ifdef HAVE_W32_SYSTEM
- # ifdef HAVE_WINSOCK2_H
- # include <winsock2.h>
- # endif
- # include <windows.h>
- #endif
--#ifdef HAVE_NPTH
--# include <npth.h>
--#endif
- #ifdef HAVE_W32CE_SYSTEM
- # include <assuan.h> /* For _assuan_w32ce_finish_pipe. */
- #endif
-@@ -197,9 +189,6 @@ _init_common_subsystems (gpg_err_source_t errsource, i
- /* Initialize the Estream library. */
- gpgrt_init ();
- gpgrt_set_alloc_func (gcry_realloc);
--#ifdef USE_NPTH
-- gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
--#endif
-
- /* Special hack for Windows CE: We extract some options from arg
- to setup the standard handles. */
Index: patches/patch-dirmngr_dirmngr_c
===================================================================
RCS file: patches/patch-dirmngr_dirmngr_c
diff -N patches/patch-dirmngr_dirmngr_c
--- patches/patch-dirmngr_dirmngr_c 18 Nov 2016 11:30:53 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,95 +0,0 @@
-$OpenBSD: patch-dirmngr_dirmngr_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $
-
-From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <[email protected]>
-Date: Tue, 4 Oct 2016 09:01:13 +0900
-Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork.
-
-From fc0b392e766af8127094e8b529d25abb84ad1d65 Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <[email protected]>
-Date: Fri, 7 Oct 2016 10:45:22 +0900
-Subject: [PATCH] agent, dirmngr, scd: Fix init_common_subsystems.
-
---- dirmngr/dirmngr.c.orig Fri Nov 18 12:26:43 2016
-+++ dirmngr/dirmngr.c Fri Nov 18 12:26:33 2016
-@@ -636,6 +636,23 @@ pid_suffix_callback (unsigned long *r_suffix)
- #endif /*!HAVE_W32_SYSTEM*/
-
-
-+static void
-+thread_init (void)
-+{
-+ npth_init ();
-+ gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
-+
-+ /* Now with NPth running we can set the logging callback. Our
-+ windows implementation does not yet feature the NPth TLS
-+ functions. */
-+#ifndef HAVE_W32_SYSTEM
-+ if (npth_key_create (&my_tlskey_current_fd, NULL) == 0)
-+ if (npth_setspecific (my_tlskey_current_fd, NULL) == 0)
-+ log_set_pid_suffix_cb (pid_suffix_callback);
-+#endif /*!HAVE_W32_SYSTEM*/
-+}
-+
-+
- int
- main (int argc, char **argv)
- {
-@@ -669,8 +686,6 @@ main (int argc, char **argv)
- i18n_init ();
- init_common_subsystems (&argc, &argv);
-
-- npth_init ();
--
- gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
-
- /* Check that the libraries are suitable. Do it here because
-@@ -711,15 +726,6 @@ main (int argc, char **argv)
- if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh")
)
- csh_style = 1;
-
-- /* Now with NPth running we can set the logging callback. Our
-- windows implementation does not yet feature the NPth TLS
-- functions. */
--#ifndef HAVE_W32_SYSTEM
-- if (npth_key_create (&my_tlskey_current_fd, NULL) == 0)
-- if (npth_setspecific (my_tlskey_current_fd, NULL) == 0)
-- log_set_pid_suffix_cb (pid_suffix_callback);
--#endif /*!HAVE_W32_SYSTEM*/
--
- /* Reset rereadable options to default values. */
- parse_rereadable_options (NULL, 0);
-
-@@ -970,6 +976,7 @@ main (int argc, char **argv)
- ldap_wrapper_launch_thread ();
- #endif /*USE_LDAP*/
-
-+ thread_init ();
- cert_cache_init ();
- crl_cache_init ();
- start_command_handler (ASSUAN_INVALID_FD);
-@@ -1168,6 +1175,7 @@ main (int argc, char **argv)
- ldap_wrapper_launch_thread ();
- #endif /*USE_LDAP*/
-
-+ thread_init ();
- cert_cache_init ();
- crl_cache_init ();
- handle_connections (fd);
-@@ -1195,6 +1203,7 @@ main (int argc, char **argv)
- #if USE_LDAP
- ldap_wrapper_launch_thread ();
- #endif /*USE_LDAP*/
-+ thread_init ();
- cert_cache_init ();
- crl_cache_init ();
- if (!argc)
-@@ -1220,6 +1229,7 @@ main (int argc, char **argv)
- #if USE_LDAP
- ldap_wrapper_launch_thread ();
- #endif /*USE_LDAP*/
-+ thread_init ();
- cert_cache_init ();
- crl_cache_init ();
- rc = crl_fetch (&ctrlbuf, argv[0], &reader);
Index: patches/patch-doc_Makefile_in
===================================================================
RCS file: patches/patch-doc_Makefile_in
diff -N patches/patch-doc_Makefile_in
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-doc_Makefile_in 28 Mar 2017 17:06:54 -0000
@@ -0,0 +1,18 @@
+$OpenBSD$
+--- doc/Makefile.in.orig Tue Mar 28 18:06:28 2017
++++ doc/Makefile.in Tue Mar 28 18:06:50 2017
+@@ -460,14 +460,6 @@ libcommonpth = ../common/libcommonpth.a
+ libcommontls = ../common/libcommontls.a
+ libcommontlsnpth = ../common/libcommontlsnpth.a
+ examples = examples/README examples/scd-event examples/trustlist.txt \
+- examples/systemd-user/README \
+- examples/systemd-user/dirmngr.service \
+- examples/systemd-user/dirmngr.socket \
+- examples/systemd-user/gpg-agent.service \
+- examples/systemd-user/gpg-agent.socket \
+- examples/systemd-user/gpg-agent-ssh.socket \
+- examples/systemd-user/gpg-agent-browser.socket \
+- examples/systemd-user/gpg-agent-extra.socket \
+ examples/gpgconf.conf examples/pwpattern.list
+
+ helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt \
Index: patches/patch-g10_getkey_c
===================================================================
RCS file: patches/patch-g10_getkey_c
diff -N patches/patch-g10_getkey_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-g10_getkey_c 19 Mar 2017 17:23:54 -0000
@@ -0,0 +1,41 @@
+$OpenBSD$
+
+gpg: Fix attempt to double free an UID structure.
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blobdiff;f=g10/getkey.c;h=be7367faf685e99b6c0f7c92b569d89180f4e2df;hp=163ab801400411fd91b3b2f63bb27ce8a88a8010;hb=4a130bbc2c2f4be6e8c6357512a943f435ade28f;hpb=e6ca015ae182a6dbb0466441efc17c99683e9375
+
+--- g10/getkey.c.orig Wed Mar 1 13:04:33 2017
++++ g10/getkey.c Sun Mar 19 17:21:06 2017
+@@ -1592,8 +1592,10 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retct
+ if (is_valid_mailbox (name) && ctx)
+ {
+ /* Rank results and return only the most relevant key. */
+- struct pubkey_cmp_cookie best = { 0 }, new;
+- KBNODE new_keyblock;
++ struct pubkey_cmp_cookie best = { 0 };
++ struct pubkey_cmp_cookie new;
++ kbnode_t new_keyblock;
++
+ while (getkey_next (ctx, &new.key, &new_keyblock) == 0)
+ {
+ int diff = pubkey_cmp (ctrl, name, &best, &new, new_keyblock);
+@@ -1610,17 +1612,20 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retct
+ /* Old key is better. */
+ release_public_key_parts (&new.key);
+ free_user_id (new.uid);
++ new.uid = NULL;
+ }
+ else
+ {
+ /* A tie. Keep the old key. */
+ release_public_key_parts (&new.key);
+ free_user_id (new.uid);
++ new.uid = NULL;
+ }
+ }
+ getkey_end (ctx);
+ ctx = NULL;
+ free_user_id (best.uid);
++ best.uid = NULL;
+
+ if (best.valid)
+ {
Index: patches/patch-g10_import_c
===================================================================
RCS file: patches/patch-g10_import_c
diff -N patches/patch-g10_import_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-g10_import_c 19 Mar 2017 17:21:09 -0000
@@ -0,0 +1,43 @@
+$OpenBSD$
+
+Fix possible segv when attribute packets are filtered.
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=5f6f3f5cae8a95ed469129f9677782c17951dab3
+
+--- g10/import.c.orig Wed Mar 1 13:04:33 2017
++++ g10/import.c Sun Mar 19 17:17:38 2017
+@@ -1173,7 +1173,8 @@ impex_filter_getval (void *cookie, const char *propnam
+ static char numbuf[20];
+ const char *result;
+
+- if (node->pkt->pkttype == PKT_USER_ID)
++ if (node->pkt->pkttype == PKT_USER_ID
++ || node->pkt->pkttype == PKT_ATTRIBUTE)
+ {
+ if (!strcmp (propname, "uid"))
+ result = node->pkt->pkt.user_id->name;
+@@ -1191,8 +1192,7 @@ impex_filter_getval (void *cookie, const char *propnam
+ else
+ result = NULL;
+ }
+- else if (node->pkt->pkttype == PKT_SIGNATURE
+- || node->pkt->pkttype == PKT_ATTRIBUTE)
++ else if (node->pkt->pkttype == PKT_SIGNATURE)
+ {
+ PKT_signature *sig = node->pkt->pkt.signature;
+
+@@ -1313,12 +1313,12 @@ apply_drop_sig_filter (kbnode_t keyblock, recsel_expr_
+ if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+ || node->pkt->pkttype == PKT_SECRET_SUBKEY)
+ break; /* ready. */
+- if (node->pkt->pkttype == PKT_USER_ID)
++ if (node->pkt->pkttype == PKT_USER_ID
++ || node->pkt->pkttype == PKT_ATTRIBUTE)
+ active = 1;
+ if (!active)
+ continue;
+- if (node->pkt->pkttype != PKT_SIGNATURE
+- && node->pkt->pkttype != PKT_ATTRIBUTE)
++ if (node->pkt->pkttype != PKT_SIGNATURE)
+ continue;
+
+ sig = node->pkt->pkt.signature;
Index: patches/patch-scd_scdaemon_c
===================================================================
RCS file: patches/patch-scd_scdaemon_c
diff -N patches/patch-scd_scdaemon_c
--- patches/patch-scd_scdaemon_c 18 Nov 2016 11:30:53 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,43 +0,0 @@
-$OpenBSD: patch-scd_scdaemon_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $
-
-From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <[email protected]>
-Date: Tue, 4 Oct 2016 09:01:13 +0900
-Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork.
-
-From fc0b392e766af8127094e8b529d25abb84ad1d65 Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <[email protected]>
-Date: Fri, 7 Oct 2016 10:45:22 +0900
-Subject: [PATCH] agent, dirmngr, scd: Fix init_common_subsystems.
-
---- scd/scdaemon.c.orig Fri Nov 18 12:26:40 2016
-+++ scd/scdaemon.c Fri Nov 18 12:26:33 2016
-@@ -422,8 +422,6 @@ main (int argc, char **argv )
- i18n_init ();
- init_common_subsystems (&argc, &argv);
-
-- npth_init ();
--
- ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free);
-
- malloc_hooks.malloc = gcry_malloc;
-@@ -724,6 +722,9 @@ main (int argc, char **argv )
- }
- #endif
-
-+ npth_init ();
-+ gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
-+
- /* If --debug-allow-core-dump has been given we also need to
- switch the working directory to a place where we can actually
- write. */
-@@ -860,6 +861,9 @@ main (int argc, char **argv )
- } /* end parent */
-
- /* This is the child. */
-+
-+ npth_init ();
-+ gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
-
- /* Detach from tty and put process into a new session. */
- if (!nodetach )
Index: pkg/PLIST
===================================================================
RCS file: /home/edd/cvsync/ports/security/gnupg2/pkg/PLIST,v
retrieving revision 1.15
diff -u -p -r1.15 PLIST
--- pkg/PLIST 19 Sep 2016 17:09:37 -0000 1.15
+++ pkg/PLIST 28 Mar 2017 17:11:59 -0000
@@ -19,6 +19,7 @@
@bin libexec/gpg-check-pattern
@bin libexec/gpg-preset-passphrase
@bin libexec/gpg-protect-tool
+@bin libexec/gpg-wks-client
@bin libexec/scdaemon
@man man/man1/dirmngr-client.1
@man man/man1/gpg-agent.1
--
Best Regards
Edd Barrett
http://www.theunixzoo.co.uk
