Edd Barrett <e...@theunixzoo.co.uk> writes: > Hi, > > (I've CC'd other developers I know to use gpg.) > > Here's an update to the latest gnupg2. The new patches fix some memory > errors. I got these from the upstream git repo. I've been using this for > a week with no issue. > > OK?
I didn't look at the details, but the additional files in PLIST seem largely irrelevant on OpenBSD. Maybe they should be removed? > P.S. > > I notice that gpg version 1 is no longer listed on the download page > upstream, suggesting that it may be (finally) deprecated. I've asked for > clarification as part of this bug: > https://bugs.gnupg.org/gnupg/issue3021 > > If it really is deprecated, we should consider trying to kill it in > favour of gnupg2. I'd prefer to postpone such a decision to after 6.1. > Thanks! > > > Index: Makefile > =================================================================== > RCS file: /home/edd/cvsync/ports/security/gnupg2/Makefile,v > retrieving revision 1.47 > diff -u -p -r1.47 Makefile > --- Makefile 18 Nov 2016 11:30:53 -0000 1.47 > +++ Makefile 27 Mar 2017 14:56:02 -0000 > @@ -2,8 +2,7 @@ > > COMMENT = GNU privacy guard - a free PGP replacement > > -DISTNAME = gnupg-2.1.15 > -REVISION = 2 > +DISTNAME = gnupg-2.1.19 > CATEGORIES = security > > MASTER_SITES = ${MASTER_SITE_GNUPG:=gnupg/} > @@ -43,8 +42,6 @@ CONFIGURE_ARGS += --disable-ldap > > RUN_DEPENDS = security/pinentry > > -# gpg-agent must be installed to run the regress tests > -# Make sure you dont have gpg aliased (e.g. to gpg2) when running tests. > TEST_DEPENDS = ${FULLPKGNAME}:${BUILD_PKGPATH} > PORTHOME=${WRKDIR} > > Index: distinfo > =================================================================== > RCS file: /home/edd/cvsync/ports/security/gnupg2/distinfo,v > retrieving revision 1.19 > diff -u -p -r1.19 distinfo > --- distinfo 19 Sep 2016 17:09:37 -0000 1.19 > +++ distinfo 19 Mar 2017 15:59:24 -0000 > @@ -1,2 +1,2 @@ > -SHA256 (gnupg-2.1.15.tar.bz2) = wowaII8bitY722uI0lL2c0/00z3mtU44SUsR1J4A/90= > -SIZE (gnupg-2.1.15.tar.bz2) = 5723689 > +SHA256 (gnupg-2.1.19.tar.bz2) = RsztH1ZBzinMKCUPUvrfbkF+ZJs7/exJpaDQsipjm/A= > +SIZE (gnupg-2.1.19.tar.bz2) = 6404836 > Index: patches/patch-agent_gpg-agent_c > =================================================================== > RCS file: patches/patch-agent_gpg-agent_c > diff -N patches/patch-agent_gpg-agent_c > --- patches/patch-agent_gpg-agent_c 18 Nov 2016 11:30:53 -0000 1.1 > +++ /dev/null 1 Jan 1970 00:00:00 -0000 > @@ -1,97 +0,0 @@ > -$OpenBSD: patch-agent_gpg-agent_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $ > - > -From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001 > -From: NIIBE Yutaka <gni...@fsij.org> > -Date: Tue, 4 Oct 2016 09:01:13 +0900 > -Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork. > - > -From fc0b392e766af8127094e8b529d25abb84ad1d65 Mon Sep 17 00:00:00 2001 > -From: NIIBE Yutaka <gni...@fsij.org> > -Date: Fri, 7 Oct 2016 10:45:22 +0900 > -Subject: [PATCH] agent, dirmngr, scd: Fix init_common_subsystems. > - > ---- agent/gpg-agent.c.orig Fri Nov 18 12:26:38 2016 > -+++ agent/gpg-agent.c Fri Nov 18 12:26:33 2016 > -@@ -715,7 +715,31 @@ finalize_rereadable_options (void) > - } > - > - > -+static void > -+thread_init_once (void) > -+{ > -+ static int npth_initialized = 0; > - > -+ if (!npth_initialized) > -+ { > -+ npth_initialized++; > -+ npth_init (); > -+ } > -+ gpgrt_set_syscall_clamp (npth_unprotect, npth_protect); > -+} > -+ > -+static void > -+initialize_modules (void) > -+{ > -+ thread_init_once (); > -+ assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH); > -+ initialize_module_cache (); > -+ initialize_module_call_pinentry (); > -+ initialize_module_call_scd (); > -+ initialize_module_trustlist (); > -+} > -+ > -+ > - /* The main entry point. */ > - int > - main (int argc, char **argv ) > -@@ -762,14 +786,11 @@ main (int argc, char **argv ) > - i18n_init (); > - init_common_subsystems (&argc, &argv); > - > -- npth_init (); > -- > - malloc_hooks.malloc = gcry_malloc; > - malloc_hooks.realloc = gcry_realloc; > - malloc_hooks.free = gcry_free; > - assuan_set_malloc_hooks (&malloc_hooks); > - assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT); > -- assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH); > - assuan_sock_init (); > - setup_libassuan_logging (&opt.debug); > - > -@@ -1051,16 +1072,12 @@ main (int argc, char **argv ) > - exit (1); > - } > - > -- initialize_module_cache (); > -- initialize_module_call_pinentry (); > -- initialize_module_call_scd (); > -- initialize_module_trustlist (); > -- > - /* Try to create missing directories. */ > - create_directories (); > - > - if (debug_wait && pipe_server) > - { > -+ thread_init_once (); > - log_debug ("waiting for debugger - my pid is %u .....\n", > - (unsigned int)getpid()); > - gnupg_sleep (debug_wait); > -@@ -1167,6 +1184,8 @@ main (int argc, char **argv ) > - /* This is the simple pipe based server */ > - ctrl_t ctrl; > - > -+ initialize_modules (); > -+ > - ctrl = xtrycalloc (1, sizeof *ctrl); > - if (!ctrl) > - { > -@@ -1369,6 +1388,8 @@ main (int argc, char **argv ) > - /* > - This is the child > - */ > -+ > -+ initialize_modules (); > - > - /* Detach from tty and put process into a new session */ > - if (!nodetach ) > Index: patches/patch-common_init_c > =================================================================== > RCS file: patches/patch-common_init_c > diff -N patches/patch-common_init_c > --- patches/patch-common_init_c 18 Nov 2016 11:30:53 -0000 1.1 > +++ /dev/null 1 Jan 1970 00:00:00 -0000 > @@ -1,40 +0,0 @@ > -$OpenBSD: patch-common_init_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $ > - > -From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001 > -From: NIIBE Yutaka <gni...@fsij.org> > -Date: Tue, 4 Oct 2016 09:01:13 +0900 > -Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork. > - > ---- common/init.c.orig Thu Aug 18 17:00:16 2016 > -+++ common/init.c Fri Nov 18 12:26:33 2016 > -@@ -29,20 +29,12 @@ > - > - #include <config.h> > - > --#ifdef WITHOUT_NPTH /* Give the Makefile a chance to build without Pth. */ > --#undef HAVE_NPTH > --#undef USE_NPTH > --#endif > -- > - #ifdef HAVE_W32_SYSTEM > - # ifdef HAVE_WINSOCK2_H > - # include <winsock2.h> > - # endif > - # include <windows.h> > - #endif > --#ifdef HAVE_NPTH > --# include <npth.h> > --#endif > - #ifdef HAVE_W32CE_SYSTEM > - # include <assuan.h> /* For _assuan_w32ce_finish_pipe. */ > - #endif > -@@ -197,9 +189,6 @@ _init_common_subsystems (gpg_err_source_t errsource, i > - /* Initialize the Estream library. */ > - gpgrt_init (); > - gpgrt_set_alloc_func (gcry_realloc); > --#ifdef USE_NPTH > -- gpgrt_set_syscall_clamp (npth_unprotect, npth_protect); > --#endif > - > - /* Special hack for Windows CE: We extract some options from arg > - to setup the standard handles. */ > Index: patches/patch-dirmngr_dirmngr_c > =================================================================== > RCS file: patches/patch-dirmngr_dirmngr_c > diff -N patches/patch-dirmngr_dirmngr_c > --- patches/patch-dirmngr_dirmngr_c 18 Nov 2016 11:30:53 -0000 1.1 > +++ /dev/null 1 Jan 1970 00:00:00 -0000 > @@ -1,95 +0,0 @@ > -$OpenBSD: patch-dirmngr_dirmngr_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $ > - > -From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001 > -From: NIIBE Yutaka <gni...@fsij.org> > -Date: Tue, 4 Oct 2016 09:01:13 +0900 > -Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork. > - > -From fc0b392e766af8127094e8b529d25abb84ad1d65 Mon Sep 17 00:00:00 2001 > -From: NIIBE Yutaka <gni...@fsij.org> > -Date: Fri, 7 Oct 2016 10:45:22 +0900 > -Subject: [PATCH] agent, dirmngr, scd: Fix init_common_subsystems. > - > ---- dirmngr/dirmngr.c.orig Fri Nov 18 12:26:43 2016 > -+++ dirmngr/dirmngr.c Fri Nov 18 12:26:33 2016 > -@@ -636,6 +636,23 @@ pid_suffix_callback (unsigned long *r_suffix) > - #endif /*!HAVE_W32_SYSTEM*/ > - > - > -+static void > -+thread_init (void) > -+{ > -+ npth_init (); > -+ gpgrt_set_syscall_clamp (npth_unprotect, npth_protect); > -+ > -+ /* Now with NPth running we can set the logging callback. Our > -+ windows implementation does not yet feature the NPth TLS > -+ functions. */ > -+#ifndef HAVE_W32_SYSTEM > -+ if (npth_key_create (&my_tlskey_current_fd, NULL) == 0) > -+ if (npth_setspecific (my_tlskey_current_fd, NULL) == 0) > -+ log_set_pid_suffix_cb (pid_suffix_callback); > -+#endif /*!HAVE_W32_SYSTEM*/ > -+} > -+ > -+ > - int > - main (int argc, char **argv) > - { > -@@ -669,8 +686,6 @@ main (int argc, char **argv) > - i18n_init (); > - init_common_subsystems (&argc, &argv); > - > -- npth_init (); > -- > - gcry_control (GCRYCTL_DISABLE_SECMEM, 0); > - > - /* Check that the libraries are suitable. Do it here because > -@@ -711,15 +726,6 @@ main (int argc, char **argv) > - if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, > "csh") ) > - csh_style = 1; > - > -- /* Now with NPth running we can set the logging callback. Our > -- windows implementation does not yet feature the NPth TLS > -- functions. */ > --#ifndef HAVE_W32_SYSTEM > -- if (npth_key_create (&my_tlskey_current_fd, NULL) == 0) > -- if (npth_setspecific (my_tlskey_current_fd, NULL) == 0) > -- log_set_pid_suffix_cb (pid_suffix_callback); > --#endif /*!HAVE_W32_SYSTEM*/ > -- > - /* Reset rereadable options to default values. */ > - parse_rereadable_options (NULL, 0); > - > -@@ -970,6 +976,7 @@ main (int argc, char **argv) > - ldap_wrapper_launch_thread (); > - #endif /*USE_LDAP*/ > - > -+ thread_init (); > - cert_cache_init (); > - crl_cache_init (); > - start_command_handler (ASSUAN_INVALID_FD); > -@@ -1168,6 +1175,7 @@ main (int argc, char **argv) > - ldap_wrapper_launch_thread (); > - #endif /*USE_LDAP*/ > - > -+ thread_init (); > - cert_cache_init (); > - crl_cache_init (); > - handle_connections (fd); > -@@ -1195,6 +1203,7 @@ main (int argc, char **argv) > - #if USE_LDAP > - ldap_wrapper_launch_thread (); > - #endif /*USE_LDAP*/ > -+ thread_init (); > - cert_cache_init (); > - crl_cache_init (); > - if (!argc) > -@@ -1220,6 +1229,7 @@ main (int argc, char **argv) > - #if USE_LDAP > - ldap_wrapper_launch_thread (); > - #endif /*USE_LDAP*/ > -+ thread_init (); > - cert_cache_init (); > - crl_cache_init (); > - rc = crl_fetch (&ctrlbuf, argv[0], &reader); > Index: patches/patch-g10_getkey_c > =================================================================== > RCS file: patches/patch-g10_getkey_c > diff -N patches/patch-g10_getkey_c > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-g10_getkey_c 19 Mar 2017 17:23:54 -0000 > @@ -0,0 +1,41 @@ > +$OpenBSD$ > + > +gpg: Fix attempt to double free an UID structure. > +https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blobdiff;f=g10/getkey.c;h=be7367faf685e99b6c0f7c92b569d89180f4e2df;hp=163ab801400411fd91b3b2f63bb27ce8a88a8010;hb=4a130bbc2c2f4be6e8c6357512a943f435ade28f;hpb=e6ca015ae182a6dbb0466441efc17c99683e9375 > + > +--- g10/getkey.c.orig Wed Mar 1 13:04:33 2017 > ++++ g10/getkey.c Sun Mar 19 17:21:06 2017 > +@@ -1592,8 +1592,10 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retct > + if (is_valid_mailbox (name) && ctx) > + { > + /* Rank results and return only the most relevant key. */ > +- struct pubkey_cmp_cookie best = { 0 }, new; > +- KBNODE new_keyblock; > ++ struct pubkey_cmp_cookie best = { 0 }; > ++ struct pubkey_cmp_cookie new; > ++ kbnode_t new_keyblock; > ++ > + while (getkey_next (ctx, &new.key, &new_keyblock) == 0) > + { > + int diff = pubkey_cmp (ctrl, name, &best, &new, new_keyblock); > +@@ -1610,17 +1612,20 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX > *retct > + /* Old key is better. */ > + release_public_key_parts (&new.key); > + free_user_id (new.uid); > ++ new.uid = NULL; > + } > + else > + { > + /* A tie. Keep the old key. */ > + release_public_key_parts (&new.key); > + free_user_id (new.uid); > ++ new.uid = NULL; > + } > + } > + getkey_end (ctx); > + ctx = NULL; > + free_user_id (best.uid); > ++ best.uid = NULL; > + > + if (best.valid) > + { > Index: patches/patch-g10_import_c > =================================================================== > RCS file: patches/patch-g10_import_c > diff -N patches/patch-g10_import_c > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-g10_import_c 19 Mar 2017 17:21:09 -0000 > @@ -0,0 +1,43 @@ > +$OpenBSD$ > + > +Fix possible segv when attribute packets are filtered. > +https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=5f6f3f5cae8a95ed469129f9677782c17951dab3 > + > +--- g10/import.c.orig Wed Mar 1 13:04:33 2017 > ++++ g10/import.c Sun Mar 19 17:17:38 2017 > +@@ -1173,7 +1173,8 @@ impex_filter_getval (void *cookie, const char *propnam > + static char numbuf[20]; > + const char *result; > + > +- if (node->pkt->pkttype == PKT_USER_ID) > ++ if (node->pkt->pkttype == PKT_USER_ID > ++ || node->pkt->pkttype == PKT_ATTRIBUTE) > + { > + if (!strcmp (propname, "uid")) > + result = node->pkt->pkt.user_id->name; > +@@ -1191,8 +1192,7 @@ impex_filter_getval (void *cookie, const char *propnam > + else > + result = NULL; > + } > +- else if (node->pkt->pkttype == PKT_SIGNATURE > +- || node->pkt->pkttype == PKT_ATTRIBUTE) > ++ else if (node->pkt->pkttype == PKT_SIGNATURE) > + { > + PKT_signature *sig = node->pkt->pkt.signature; > + > +@@ -1313,12 +1313,12 @@ apply_drop_sig_filter (kbnode_t keyblock, > recsel_expr_ > + if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY > + || node->pkt->pkttype == PKT_SECRET_SUBKEY) > + break; /* ready. */ > +- if (node->pkt->pkttype == PKT_USER_ID) > ++ if (node->pkt->pkttype == PKT_USER_ID > ++ || node->pkt->pkttype == PKT_ATTRIBUTE) > + active = 1; > + if (!active) > + continue; > +- if (node->pkt->pkttype != PKT_SIGNATURE > +- && node->pkt->pkttype != PKT_ATTRIBUTE) > ++ if (node->pkt->pkttype != PKT_SIGNATURE) > + continue; > + > + sig = node->pkt->pkt.signature; > Index: patches/patch-scd_scdaemon_c > =================================================================== > RCS file: patches/patch-scd_scdaemon_c > diff -N patches/patch-scd_scdaemon_c > --- patches/patch-scd_scdaemon_c 18 Nov 2016 11:30:53 -0000 1.1 > +++ /dev/null 1 Jan 1970 00:00:00 -0000 > @@ -1,43 +0,0 @@ > -$OpenBSD: patch-scd_scdaemon_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $ > - > -From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001 > -From: NIIBE Yutaka <gni...@fsij.org> > -Date: Tue, 4 Oct 2016 09:01:13 +0900 > -Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork. > - > -From fc0b392e766af8127094e8b529d25abb84ad1d65 Mon Sep 17 00:00:00 2001 > -From: NIIBE Yutaka <gni...@fsij.org> > -Date: Fri, 7 Oct 2016 10:45:22 +0900 > -Subject: [PATCH] agent, dirmngr, scd: Fix init_common_subsystems. > - > ---- scd/scdaemon.c.orig Fri Nov 18 12:26:40 2016 > -+++ scd/scdaemon.c Fri Nov 18 12:26:33 2016 > -@@ -422,8 +422,6 @@ main (int argc, char **argv ) > - i18n_init (); > - init_common_subsystems (&argc, &argv); > - > -- npth_init (); > -- > - ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free); > - > - malloc_hooks.malloc = gcry_malloc; > -@@ -724,6 +722,9 @@ main (int argc, char **argv ) > - } > - #endif > - > -+ npth_init (); > -+ gpgrt_set_syscall_clamp (npth_unprotect, npth_protect); > -+ > - /* If --debug-allow-core-dump has been given we also need to > - switch the working directory to a place where we can actually > - write. */ > -@@ -860,6 +861,9 @@ main (int argc, char **argv ) > - } /* end parent */ > - > - /* This is the child. */ > -+ > -+ npth_init (); > -+ gpgrt_set_syscall_clamp (npth_unprotect, npth_protect); > - > - /* Detach from tty and put process into a new session. */ > - if (!nodetach ) > Index: pkg/PLIST > =================================================================== > RCS file: /home/edd/cvsync/ports/security/gnupg2/pkg/PLIST,v > retrieving revision 1.15 > diff -u -p -r1.15 PLIST > --- pkg/PLIST 19 Sep 2016 17:09:37 -0000 1.15 > +++ pkg/PLIST 27 Mar 2017 14:51:34 -0000 > @@ -19,6 +19,7 @@ > @bin libexec/gpg-check-pattern > @bin libexec/gpg-preset-passphrase > @bin libexec/gpg-protect-tool > +@bin libexec/gpg-wks-client > @bin libexec/scdaemon > @man man/man1/dirmngr-client.1 > @man man/man1/gpg-agent.1 > @@ -52,6 +53,15 @@ share/doc/gnupg2/examples/README > share/doc/gnupg2/examples/gpgconf.conf > share/doc/gnupg2/examples/pwpattern.list > share/doc/gnupg2/examples/scd-event > +share/doc/gnupg2/examples/systemd-user/ > +share/doc/gnupg2/examples/systemd-user/README > +share/doc/gnupg2/examples/systemd-user/dirmngr.service > +share/doc/gnupg2/examples/systemd-user/dirmngr.socket > +share/doc/gnupg2/examples/systemd-user/gpg-agent-browser.socket > +share/doc/gnupg2/examples/systemd-user/gpg-agent-extra.socket > +share/doc/gnupg2/examples/systemd-user/gpg-agent-ssh.socket > +share/doc/gnupg2/examples/systemd-user/gpg-agent.service > +share/doc/gnupg2/examples/systemd-user/gpg-agent.socket > share/doc/gnupg2/examples/trustlist.txt > share/doc/pkg-readmes/${FULLPKGNAME} > share/gnupg/ -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE