On Tue, Mar 28, 2017 at 11:36:47AM +0100, Edd Barrett wrote:
> I did wonder about this myself. systemd. Leave it with me and I'll kill
> these files and any links to them.

New diff killing the systemd examples.

OK?

Index: Makefile
===================================================================
RCS file: /home/edd/cvsync/ports/security/gnupg2/Makefile,v
retrieving revision 1.47
diff -u -p -r1.47 Makefile
--- Makefile    18 Nov 2016 11:30:53 -0000      1.47
+++ Makefile    27 Mar 2017 14:56:02 -0000
@@ -2,8 +2,7 @@
 
 COMMENT =      GNU privacy guard - a free PGP replacement
 
-DISTNAME =     gnupg-2.1.15
-REVISION =     2
+DISTNAME =     gnupg-2.1.19
 CATEGORIES =   security
 
 MASTER_SITES = ${MASTER_SITE_GNUPG:=gnupg/}
@@ -43,8 +42,6 @@ CONFIGURE_ARGS +=     --disable-ldap
 
 RUN_DEPENDS =          security/pinentry
 
-# gpg-agent must be installed to run the regress tests
-# Make sure you dont have gpg aliased (e.g. to gpg2) when running tests.
 TEST_DEPENDS =         ${FULLPKGNAME}:${BUILD_PKGPATH}
 PORTHOME=${WRKDIR}
 
Index: distinfo
===================================================================
RCS file: /home/edd/cvsync/ports/security/gnupg2/distinfo,v
retrieving revision 1.19
diff -u -p -r1.19 distinfo
--- distinfo    19 Sep 2016 17:09:37 -0000      1.19
+++ distinfo    19 Mar 2017 15:59:24 -0000
@@ -1,2 +1,2 @@
-SHA256 (gnupg-2.1.15.tar.bz2) = wowaII8bitY722uI0lL2c0/00z3mtU44SUsR1J4A/90=
-SIZE (gnupg-2.1.15.tar.bz2) = 5723689
+SHA256 (gnupg-2.1.19.tar.bz2) = RsztH1ZBzinMKCUPUvrfbkF+ZJs7/exJpaDQsipjm/A=
+SIZE (gnupg-2.1.19.tar.bz2) = 6404836
Index: patches/patch-agent_gpg-agent_c
===================================================================
RCS file: patches/patch-agent_gpg-agent_c
diff -N patches/patch-agent_gpg-agent_c
--- patches/patch-agent_gpg-agent_c     18 Nov 2016 11:30:53 -0000      1.1
+++ /dev/null   1 Jan 1970 00:00:00 -0000
@@ -1,97 +0,0 @@
-$OpenBSD: patch-agent_gpg-agent_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $
-
-From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <gni...@fsij.org>
-Date: Tue, 4 Oct 2016 09:01:13 +0900
-Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork.
-
-From fc0b392e766af8127094e8b529d25abb84ad1d65 Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <gni...@fsij.org>
-Date: Fri, 7 Oct 2016 10:45:22 +0900
-Subject: [PATCH] agent, dirmngr, scd: Fix init_common_subsystems.
-
---- agent/gpg-agent.c.orig     Fri Nov 18 12:26:38 2016
-+++ agent/gpg-agent.c  Fri Nov 18 12:26:33 2016
-@@ -715,7 +715,31 @@ finalize_rereadable_options (void)
- }
- 
- 
-+static void
-+thread_init_once (void)
-+{
-+  static int npth_initialized = 0;
- 
-+  if (!npth_initialized)
-+    {
-+      npth_initialized++;
-+      npth_init ();
-+    }
-+  gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
-+}
-+
-+static void
-+initialize_modules (void)
-+{
-+  thread_init_once ();
-+  assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH);
-+  initialize_module_cache ();
-+  initialize_module_call_pinentry ();
-+  initialize_module_call_scd ();
-+  initialize_module_trustlist ();
-+}
-+
-+
- /* The main entry point.  */
- int
- main (int argc, char **argv )
-@@ -762,14 +786,11 @@ main (int argc, char **argv )
-   i18n_init ();
-   init_common_subsystems (&argc, &argv);
- 
--  npth_init ();
--
-   malloc_hooks.malloc = gcry_malloc;
-   malloc_hooks.realloc = gcry_realloc;
-   malloc_hooks.free = gcry_free;
-   assuan_set_malloc_hooks (&malloc_hooks);
-   assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
--  assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH);
-   assuan_sock_init ();
-   setup_libassuan_logging (&opt.debug);
- 
-@@ -1051,16 +1072,12 @@ main (int argc, char **argv )
-       exit (1);
-     }
- 
--  initialize_module_cache ();
--  initialize_module_call_pinentry ();
--  initialize_module_call_scd ();
--  initialize_module_trustlist ();
--
-   /* Try to create missing directories. */
-   create_directories ();
- 
-   if (debug_wait && pipe_server)
-     {
-+      thread_init_once ();
-       log_debug ("waiting for debugger - my pid is %u .....\n",
-                  (unsigned int)getpid());
-       gnupg_sleep (debug_wait);
-@@ -1167,6 +1184,8 @@ main (int argc, char **argv )
-       /* This is the simple pipe based server */
-       ctrl_t ctrl;
- 
-+      initialize_modules ();
-+
-       ctrl = xtrycalloc (1, sizeof *ctrl);
-       if (!ctrl)
-         {
-@@ -1369,6 +1388,8 @@ main (int argc, char **argv )
-       /*
-          This is the child
-        */
-+
-+      initialize_modules ();
- 
-       /* Detach from tty and put process into a new session */
-       if (!nodetach )
Index: patches/patch-common_init_c
===================================================================
RCS file: patches/patch-common_init_c
diff -N patches/patch-common_init_c
--- patches/patch-common_init_c 18 Nov 2016 11:30:53 -0000      1.1
+++ /dev/null   1 Jan 1970 00:00:00 -0000
@@ -1,40 +0,0 @@
-$OpenBSD: patch-common_init_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $
-
-From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <gni...@fsij.org>
-Date: Tue, 4 Oct 2016 09:01:13 +0900
-Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork.
-
---- common/init.c.orig Thu Aug 18 17:00:16 2016
-+++ common/init.c      Fri Nov 18 12:26:33 2016
-@@ -29,20 +29,12 @@
- 
- #include <config.h>
- 
--#ifdef WITHOUT_NPTH /* Give the Makefile a chance to build without Pth.  */
--#undef HAVE_NPTH
--#undef USE_NPTH
--#endif
--
- #ifdef HAVE_W32_SYSTEM
- # ifdef HAVE_WINSOCK2_H
- #  include <winsock2.h>
- # endif
- # include <windows.h>
- #endif
--#ifdef HAVE_NPTH
--# include <npth.h>
--#endif
- #ifdef HAVE_W32CE_SYSTEM
- # include <assuan.h> /* For _assuan_w32ce_finish_pipe. */
- #endif
-@@ -197,9 +189,6 @@ _init_common_subsystems (gpg_err_source_t errsource, i
-   /* Initialize the Estream library. */
-   gpgrt_init ();
-   gpgrt_set_alloc_func (gcry_realloc);
--#ifdef USE_NPTH
--  gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
--#endif
- 
-   /* Special hack for Windows CE: We extract some options from arg
-      to setup the standard handles.  */
Index: patches/patch-dirmngr_dirmngr_c
===================================================================
RCS file: patches/patch-dirmngr_dirmngr_c
diff -N patches/patch-dirmngr_dirmngr_c
--- patches/patch-dirmngr_dirmngr_c     18 Nov 2016 11:30:53 -0000      1.1
+++ /dev/null   1 Jan 1970 00:00:00 -0000
@@ -1,95 +0,0 @@
-$OpenBSD: patch-dirmngr_dirmngr_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $
-
-From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <gni...@fsij.org>
-Date: Tue, 4 Oct 2016 09:01:13 +0900
-Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork.
-
-From fc0b392e766af8127094e8b529d25abb84ad1d65 Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <gni...@fsij.org>
-Date: Fri, 7 Oct 2016 10:45:22 +0900
-Subject: [PATCH] agent, dirmngr, scd: Fix init_common_subsystems.
-
---- dirmngr/dirmngr.c.orig     Fri Nov 18 12:26:43 2016
-+++ dirmngr/dirmngr.c  Fri Nov 18 12:26:33 2016
-@@ -636,6 +636,23 @@ pid_suffix_callback (unsigned long *r_suffix)
- #endif /*!HAVE_W32_SYSTEM*/
- 
- 
-+static void
-+thread_init (void)
-+{
-+  npth_init ();
-+  gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
-+
-+  /* Now with NPth running we can set the logging callback.  Our
-+     windows implementation does not yet feature the NPth TLS
-+     functions.  */
-+#ifndef HAVE_W32_SYSTEM
-+  if (npth_key_create (&my_tlskey_current_fd, NULL) == 0)
-+    if (npth_setspecific (my_tlskey_current_fd, NULL) == 0)
-+      log_set_pid_suffix_cb (pid_suffix_callback);
-+#endif /*!HAVE_W32_SYSTEM*/
-+}
-+
-+
- int
- main (int argc, char **argv)
- {
-@@ -669,8 +686,6 @@ main (int argc, char **argv)
-   i18n_init ();
-   init_common_subsystems (&argc, &argv);
- 
--  npth_init ();
--
-   gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
- 
-  /* Check that the libraries are suitable.  Do it here because
-@@ -711,15 +726,6 @@ main (int argc, char **argv)
-   if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") 
)
-     csh_style = 1;
- 
--    /* Now with NPth running we can set the logging callback.  Our
--     windows implementation does not yet feature the NPth TLS
--     functions.  */
--#ifndef HAVE_W32_SYSTEM
--  if (npth_key_create (&my_tlskey_current_fd, NULL) == 0)
--    if (npth_setspecific (my_tlskey_current_fd, NULL) == 0)
--      log_set_pid_suffix_cb (pid_suffix_callback);
--#endif /*!HAVE_W32_SYSTEM*/
--
-   /* Reset rereadable options to default values. */
-   parse_rereadable_options (NULL, 0);
- 
-@@ -970,6 +976,7 @@ main (int argc, char **argv)
-       ldap_wrapper_launch_thread ();
- #endif /*USE_LDAP*/
- 
-+      thread_init ();
-       cert_cache_init ();
-       crl_cache_init ();
-       start_command_handler (ASSUAN_INVALID_FD);
-@@ -1168,6 +1175,7 @@ main (int argc, char **argv)
-       ldap_wrapper_launch_thread ();
- #endif /*USE_LDAP*/
- 
-+      thread_init ();
-       cert_cache_init ();
-       crl_cache_init ();
-       handle_connections (fd);
-@@ -1195,6 +1203,7 @@ main (int argc, char **argv)
- #if USE_LDAP
-       ldap_wrapper_launch_thread ();
- #endif /*USE_LDAP*/
-+      thread_init ();
-       cert_cache_init ();
-       crl_cache_init ();
-       if (!argc)
-@@ -1220,6 +1229,7 @@ main (int argc, char **argv)
- #if USE_LDAP
-       ldap_wrapper_launch_thread ();
- #endif /*USE_LDAP*/
-+      thread_init ();
-       cert_cache_init ();
-       crl_cache_init ();
-       rc = crl_fetch (&ctrlbuf, argv[0], &reader);
Index: patches/patch-doc_Makefile_in
===================================================================
RCS file: patches/patch-doc_Makefile_in
diff -N patches/patch-doc_Makefile_in
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-doc_Makefile_in       28 Mar 2017 17:06:54 -0000
@@ -0,0 +1,18 @@
+$OpenBSD$
+--- doc/Makefile.in.orig       Tue Mar 28 18:06:28 2017
++++ doc/Makefile.in    Tue Mar 28 18:06:50 2017
+@@ -460,14 +460,6 @@ libcommonpth = ../common/libcommonpth.a
+ libcommontls = ../common/libcommontls.a
+ libcommontlsnpth = ../common/libcommontlsnpth.a
+ examples = examples/README examples/scd-event examples/trustlist.txt  \
+-         examples/systemd-user/README                                 \
+-         examples/systemd-user/dirmngr.service                        \
+-         examples/systemd-user/dirmngr.socket                         \
+-         examples/systemd-user/gpg-agent.service                      \
+-         examples/systemd-user/gpg-agent.socket                       \
+-         examples/systemd-user/gpg-agent-ssh.socket                   \
+-         examples/systemd-user/gpg-agent-browser.socket               \
+-         examples/systemd-user/gpg-agent-extra.socket                 \
+          examples/gpgconf.conf examples/pwpattern.list
+ 
+ helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt              \
Index: patches/patch-g10_getkey_c
===================================================================
RCS file: patches/patch-g10_getkey_c
diff -N patches/patch-g10_getkey_c
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-g10_getkey_c  19 Mar 2017 17:23:54 -0000
@@ -0,0 +1,41 @@
+$OpenBSD$
+
+gpg: Fix attempt to double free an UID structure.
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blobdiff;f=g10/getkey.c;h=be7367faf685e99b6c0f7c92b569d89180f4e2df;hp=163ab801400411fd91b3b2f63bb27ce8a88a8010;hb=4a130bbc2c2f4be6e8c6357512a943f435ade28f;hpb=e6ca015ae182a6dbb0466441efc17c99683e9375
+
+--- g10/getkey.c.orig  Wed Mar  1 13:04:33 2017
++++ g10/getkey.c       Sun Mar 19 17:21:06 2017
+@@ -1592,8 +1592,10 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retct
+   if (is_valid_mailbox (name) && ctx)
+     {
+       /* Rank results and return only the most relevant key.  */
+-      struct pubkey_cmp_cookie best = { 0 }, new;
+-      KBNODE new_keyblock;
++      struct pubkey_cmp_cookie best = { 0 };
++      struct pubkey_cmp_cookie new;
++      kbnode_t new_keyblock;
++
+       while (getkey_next (ctx, &new.key, &new_keyblock) == 0)
+         {
+           int diff = pubkey_cmp (ctrl, name, &best, &new, new_keyblock);
+@@ -1610,17 +1612,20 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retct
+               /* Old key is better.  */
+               release_public_key_parts (&new.key);
+               free_user_id (new.uid);
++              new.uid = NULL;
+             }
+           else
+             {
+               /* A tie.  Keep the old key.  */
+               release_public_key_parts (&new.key);
+               free_user_id (new.uid);
++              new.uid = NULL;
+             }
+         }
+       getkey_end (ctx);
+       ctx = NULL;
+       free_user_id (best.uid);
++      best.uid = NULL;
+ 
+       if (best.valid)
+         {
Index: patches/patch-g10_import_c
===================================================================
RCS file: patches/patch-g10_import_c
diff -N patches/patch-g10_import_c
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-g10_import_c  19 Mar 2017 17:21:09 -0000
@@ -0,0 +1,43 @@
+$OpenBSD$
+
+Fix possible segv when attribute packets are filtered.
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=5f6f3f5cae8a95ed469129f9677782c17951dab3
+
+--- g10/import.c.orig  Wed Mar  1 13:04:33 2017
++++ g10/import.c       Sun Mar 19 17:17:38 2017
+@@ -1173,7 +1173,8 @@ impex_filter_getval (void *cookie, const char *propnam
+   static char numbuf[20];
+   const char *result;
+ 
+-  if (node->pkt->pkttype == PKT_USER_ID)
++  if (node->pkt->pkttype == PKT_USER_ID
++      || node->pkt->pkttype == PKT_ATTRIBUTE)
+     {
+       if (!strcmp (propname, "uid"))
+         result = node->pkt->pkt.user_id->name;
+@@ -1191,8 +1192,7 @@ impex_filter_getval (void *cookie, const char *propnam
+       else
+         result = NULL;
+     }
+-  else if (node->pkt->pkttype == PKT_SIGNATURE
+-           || node->pkt->pkttype == PKT_ATTRIBUTE)
++  else if (node->pkt->pkttype == PKT_SIGNATURE)
+     {
+       PKT_signature *sig = node->pkt->pkt.signature;
+ 
+@@ -1313,12 +1313,12 @@ apply_drop_sig_filter (kbnode_t keyblock, recsel_expr_
+       if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+           || node->pkt->pkttype == PKT_SECRET_SUBKEY)
+         break; /* ready.  */
+-      if (node->pkt->pkttype == PKT_USER_ID)
++      if (node->pkt->pkttype == PKT_USER_ID
++          || node->pkt->pkttype == PKT_ATTRIBUTE)
+         active = 1;
+       if (!active)
+         continue;
+-      if (node->pkt->pkttype != PKT_SIGNATURE
+-          && node->pkt->pkttype != PKT_ATTRIBUTE)
++      if (node->pkt->pkttype != PKT_SIGNATURE)
+         continue;
+ 
+       sig = node->pkt->pkt.signature;
Index: patches/patch-scd_scdaemon_c
===================================================================
RCS file: patches/patch-scd_scdaemon_c
diff -N patches/patch-scd_scdaemon_c
--- patches/patch-scd_scdaemon_c        18 Nov 2016 11:30:53 -0000      1.1
+++ /dev/null   1 Jan 1970 00:00:00 -0000
@@ -1,43 +0,0 @@
-$OpenBSD: patch-scd_scdaemon_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $
-
-From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <gni...@fsij.org>
-Date: Tue, 4 Oct 2016 09:01:13 +0900
-Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork.
-
-From fc0b392e766af8127094e8b529d25abb84ad1d65 Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <gni...@fsij.org>
-Date: Fri, 7 Oct 2016 10:45:22 +0900
-Subject: [PATCH] agent, dirmngr, scd: Fix init_common_subsystems.
-
---- scd/scdaemon.c.orig        Fri Nov 18 12:26:40 2016
-+++ scd/scdaemon.c     Fri Nov 18 12:26:33 2016
-@@ -422,8 +422,6 @@ main (int argc, char **argv )
-   i18n_init ();
-   init_common_subsystems (&argc, &argv);
- 
--  npth_init ();
--
-   ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free);
- 
-   malloc_hooks.malloc = gcry_malloc;
-@@ -724,6 +722,9 @@ main (int argc, char **argv )
-       }
- #endif
- 
-+      npth_init ();
-+      gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
-+
-       /* If --debug-allow-core-dump has been given we also need to
-          switch the working directory to a place where we can actually
-          write. */
-@@ -860,6 +861,9 @@ main (int argc, char **argv )
-         } /* end parent */
- 
-       /* This is the child. */
-+
-+      npth_init ();
-+      gpgrt_set_syscall_clamp (npth_unprotect, npth_protect);
- 
-       /* Detach from tty and put process into a new session. */
-       if (!nodetach )
Index: pkg/PLIST
===================================================================
RCS file: /home/edd/cvsync/ports/security/gnupg2/pkg/PLIST,v
retrieving revision 1.15
diff -u -p -r1.15 PLIST
--- pkg/PLIST   19 Sep 2016 17:09:37 -0000      1.15
+++ pkg/PLIST   28 Mar 2017 17:11:59 -0000
@@ -19,6 +19,7 @@
 @bin libexec/gpg-check-pattern
 @bin libexec/gpg-preset-passphrase
 @bin libexec/gpg-protect-tool
+@bin libexec/gpg-wks-client
 @bin libexec/scdaemon
 @man man/man1/dirmngr-client.1
 @man man/man1/gpg-agent.1

-- 
Best Regards
Edd Barrett

http://www.theunixzoo.co.uk

Reply via email to