On Tue, Mar 28, 2017 at 11:36:47AM +0100, Edd Barrett wrote: > I did wonder about this myself. systemd. Leave it with me and I'll kill > these files and any links to them.
New diff killing the systemd examples. OK? Index: Makefile =================================================================== RCS file: /home/edd/cvsync/ports/security/gnupg2/Makefile,v retrieving revision 1.47 diff -u -p -r1.47 Makefile --- Makefile 18 Nov 2016 11:30:53 -0000 1.47 +++ Makefile 27 Mar 2017 14:56:02 -0000 @@ -2,8 +2,7 @@ COMMENT = GNU privacy guard - a free PGP replacement -DISTNAME = gnupg-2.1.15 -REVISION = 2 +DISTNAME = gnupg-2.1.19 CATEGORIES = security MASTER_SITES = ${MASTER_SITE_GNUPG:=gnupg/} @@ -43,8 +42,6 @@ CONFIGURE_ARGS += --disable-ldap RUN_DEPENDS = security/pinentry -# gpg-agent must be installed to run the regress tests -# Make sure you dont have gpg aliased (e.g. to gpg2) when running tests. TEST_DEPENDS = ${FULLPKGNAME}:${BUILD_PKGPATH} PORTHOME=${WRKDIR} Index: distinfo =================================================================== RCS file: /home/edd/cvsync/ports/security/gnupg2/distinfo,v retrieving revision 1.19 diff -u -p -r1.19 distinfo --- distinfo 19 Sep 2016 17:09:37 -0000 1.19 +++ distinfo 19 Mar 2017 15:59:24 -0000 @@ -1,2 +1,2 @@ -SHA256 (gnupg-2.1.15.tar.bz2) = wowaII8bitY722uI0lL2c0/00z3mtU44SUsR1J4A/90= -SIZE (gnupg-2.1.15.tar.bz2) = 5723689 +SHA256 (gnupg-2.1.19.tar.bz2) = RsztH1ZBzinMKCUPUvrfbkF+ZJs7/exJpaDQsipjm/A= +SIZE (gnupg-2.1.19.tar.bz2) = 6404836 Index: patches/patch-agent_gpg-agent_c =================================================================== RCS file: patches/patch-agent_gpg-agent_c diff -N patches/patch-agent_gpg-agent_c --- patches/patch-agent_gpg-agent_c 18 Nov 2016 11:30:53 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,97 +0,0 @@ -$OpenBSD: patch-agent_gpg-agent_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $ - -From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001 -From: NIIBE Yutaka <gni...@fsij.org> -Date: Tue, 4 Oct 2016 09:01:13 +0900 -Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork. - -From fc0b392e766af8127094e8b529d25abb84ad1d65 Mon Sep 17 00:00:00 2001 -From: NIIBE Yutaka <gni...@fsij.org> -Date: Fri, 7 Oct 2016 10:45:22 +0900 -Subject: [PATCH] agent, dirmngr, scd: Fix init_common_subsystems. - ---- agent/gpg-agent.c.orig Fri Nov 18 12:26:38 2016 -+++ agent/gpg-agent.c Fri Nov 18 12:26:33 2016 -@@ -715,7 +715,31 @@ finalize_rereadable_options (void) - } - - -+static void -+thread_init_once (void) -+{ -+ static int npth_initialized = 0; - -+ if (!npth_initialized) -+ { -+ npth_initialized++; -+ npth_init (); -+ } -+ gpgrt_set_syscall_clamp (npth_unprotect, npth_protect); -+} -+ -+static void -+initialize_modules (void) -+{ -+ thread_init_once (); -+ assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH); -+ initialize_module_cache (); -+ initialize_module_call_pinentry (); -+ initialize_module_call_scd (); -+ initialize_module_trustlist (); -+} -+ -+ - /* The main entry point. */ - int - main (int argc, char **argv ) -@@ -762,14 +786,11 @@ main (int argc, char **argv ) - i18n_init (); - init_common_subsystems (&argc, &argv); - -- npth_init (); -- - malloc_hooks.malloc = gcry_malloc; - malloc_hooks.realloc = gcry_realloc; - malloc_hooks.free = gcry_free; - assuan_set_malloc_hooks (&malloc_hooks); - assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT); -- assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH); - assuan_sock_init (); - setup_libassuan_logging (&opt.debug); - -@@ -1051,16 +1072,12 @@ main (int argc, char **argv ) - exit (1); - } - -- initialize_module_cache (); -- initialize_module_call_pinentry (); -- initialize_module_call_scd (); -- initialize_module_trustlist (); -- - /* Try to create missing directories. */ - create_directories (); - - if (debug_wait && pipe_server) - { -+ thread_init_once (); - log_debug ("waiting for debugger - my pid is %u .....\n", - (unsigned int)getpid()); - gnupg_sleep (debug_wait); -@@ -1167,6 +1184,8 @@ main (int argc, char **argv ) - /* This is the simple pipe based server */ - ctrl_t ctrl; - -+ initialize_modules (); -+ - ctrl = xtrycalloc (1, sizeof *ctrl); - if (!ctrl) - { -@@ -1369,6 +1388,8 @@ main (int argc, char **argv ) - /* - This is the child - */ -+ -+ initialize_modules (); - - /* Detach from tty and put process into a new session */ - if (!nodetach ) Index: patches/patch-common_init_c =================================================================== RCS file: patches/patch-common_init_c diff -N patches/patch-common_init_c --- patches/patch-common_init_c 18 Nov 2016 11:30:53 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,40 +0,0 @@ -$OpenBSD: patch-common_init_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $ - -From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001 -From: NIIBE Yutaka <gni...@fsij.org> -Date: Tue, 4 Oct 2016 09:01:13 +0900 -Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork. - ---- common/init.c.orig Thu Aug 18 17:00:16 2016 -+++ common/init.c Fri Nov 18 12:26:33 2016 -@@ -29,20 +29,12 @@ - - #include <config.h> - --#ifdef WITHOUT_NPTH /* Give the Makefile a chance to build without Pth. */ --#undef HAVE_NPTH --#undef USE_NPTH --#endif -- - #ifdef HAVE_W32_SYSTEM - # ifdef HAVE_WINSOCK2_H - # include <winsock2.h> - # endif - # include <windows.h> - #endif --#ifdef HAVE_NPTH --# include <npth.h> --#endif - #ifdef HAVE_W32CE_SYSTEM - # include <assuan.h> /* For _assuan_w32ce_finish_pipe. */ - #endif -@@ -197,9 +189,6 @@ _init_common_subsystems (gpg_err_source_t errsource, i - /* Initialize the Estream library. */ - gpgrt_init (); - gpgrt_set_alloc_func (gcry_realloc); --#ifdef USE_NPTH -- gpgrt_set_syscall_clamp (npth_unprotect, npth_protect); --#endif - - /* Special hack for Windows CE: We extract some options from arg - to setup the standard handles. */ Index: patches/patch-dirmngr_dirmngr_c =================================================================== RCS file: patches/patch-dirmngr_dirmngr_c diff -N patches/patch-dirmngr_dirmngr_c --- patches/patch-dirmngr_dirmngr_c 18 Nov 2016 11:30:53 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,95 +0,0 @@ -$OpenBSD: patch-dirmngr_dirmngr_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $ - -From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001 -From: NIIBE Yutaka <gni...@fsij.org> -Date: Tue, 4 Oct 2016 09:01:13 +0900 -Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork. - -From fc0b392e766af8127094e8b529d25abb84ad1d65 Mon Sep 17 00:00:00 2001 -From: NIIBE Yutaka <gni...@fsij.org> -Date: Fri, 7 Oct 2016 10:45:22 +0900 -Subject: [PATCH] agent, dirmngr, scd: Fix init_common_subsystems. - ---- dirmngr/dirmngr.c.orig Fri Nov 18 12:26:43 2016 -+++ dirmngr/dirmngr.c Fri Nov 18 12:26:33 2016 -@@ -636,6 +636,23 @@ pid_suffix_callback (unsigned long *r_suffix) - #endif /*!HAVE_W32_SYSTEM*/ - - -+static void -+thread_init (void) -+{ -+ npth_init (); -+ gpgrt_set_syscall_clamp (npth_unprotect, npth_protect); -+ -+ /* Now with NPth running we can set the logging callback. Our -+ windows implementation does not yet feature the NPth TLS -+ functions. */ -+#ifndef HAVE_W32_SYSTEM -+ if (npth_key_create (&my_tlskey_current_fd, NULL) == 0) -+ if (npth_setspecific (my_tlskey_current_fd, NULL) == 0) -+ log_set_pid_suffix_cb (pid_suffix_callback); -+#endif /*!HAVE_W32_SYSTEM*/ -+} -+ -+ - int - main (int argc, char **argv) - { -@@ -669,8 +686,6 @@ main (int argc, char **argv) - i18n_init (); - init_common_subsystems (&argc, &argv); - -- npth_init (); -- - gcry_control (GCRYCTL_DISABLE_SECMEM, 0); - - /* Check that the libraries are suitable. Do it here because -@@ -711,15 +726,6 @@ main (int argc, char **argv) - if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") ) - csh_style = 1; - -- /* Now with NPth running we can set the logging callback. Our -- windows implementation does not yet feature the NPth TLS -- functions. */ --#ifndef HAVE_W32_SYSTEM -- if (npth_key_create (&my_tlskey_current_fd, NULL) == 0) -- if (npth_setspecific (my_tlskey_current_fd, NULL) == 0) -- log_set_pid_suffix_cb (pid_suffix_callback); --#endif /*!HAVE_W32_SYSTEM*/ -- - /* Reset rereadable options to default values. */ - parse_rereadable_options (NULL, 0); - -@@ -970,6 +976,7 @@ main (int argc, char **argv) - ldap_wrapper_launch_thread (); - #endif /*USE_LDAP*/ - -+ thread_init (); - cert_cache_init (); - crl_cache_init (); - start_command_handler (ASSUAN_INVALID_FD); -@@ -1168,6 +1175,7 @@ main (int argc, char **argv) - ldap_wrapper_launch_thread (); - #endif /*USE_LDAP*/ - -+ thread_init (); - cert_cache_init (); - crl_cache_init (); - handle_connections (fd); -@@ -1195,6 +1203,7 @@ main (int argc, char **argv) - #if USE_LDAP - ldap_wrapper_launch_thread (); - #endif /*USE_LDAP*/ -+ thread_init (); - cert_cache_init (); - crl_cache_init (); - if (!argc) -@@ -1220,6 +1229,7 @@ main (int argc, char **argv) - #if USE_LDAP - ldap_wrapper_launch_thread (); - #endif /*USE_LDAP*/ -+ thread_init (); - cert_cache_init (); - crl_cache_init (); - rc = crl_fetch (&ctrlbuf, argv[0], &reader); Index: patches/patch-doc_Makefile_in =================================================================== RCS file: patches/patch-doc_Makefile_in diff -N patches/patch-doc_Makefile_in --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-doc_Makefile_in 28 Mar 2017 17:06:54 -0000 @@ -0,0 +1,18 @@ +$OpenBSD$ +--- doc/Makefile.in.orig Tue Mar 28 18:06:28 2017 ++++ doc/Makefile.in Tue Mar 28 18:06:50 2017 +@@ -460,14 +460,6 @@ libcommonpth = ../common/libcommonpth.a + libcommontls = ../common/libcommontls.a + libcommontlsnpth = ../common/libcommontlsnpth.a + examples = examples/README examples/scd-event examples/trustlist.txt \ +- examples/systemd-user/README \ +- examples/systemd-user/dirmngr.service \ +- examples/systemd-user/dirmngr.socket \ +- examples/systemd-user/gpg-agent.service \ +- examples/systemd-user/gpg-agent.socket \ +- examples/systemd-user/gpg-agent-ssh.socket \ +- examples/systemd-user/gpg-agent-browser.socket \ +- examples/systemd-user/gpg-agent-extra.socket \ + examples/gpgconf.conf examples/pwpattern.list + + helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt \ Index: patches/patch-g10_getkey_c =================================================================== RCS file: patches/patch-g10_getkey_c diff -N patches/patch-g10_getkey_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-g10_getkey_c 19 Mar 2017 17:23:54 -0000 @@ -0,0 +1,41 @@ +$OpenBSD$ + +gpg: Fix attempt to double free an UID structure. +https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blobdiff;f=g10/getkey.c;h=be7367faf685e99b6c0f7c92b569d89180f4e2df;hp=163ab801400411fd91b3b2f63bb27ce8a88a8010;hb=4a130bbc2c2f4be6e8c6357512a943f435ade28f;hpb=e6ca015ae182a6dbb0466441efc17c99683e9375 + +--- g10/getkey.c.orig Wed Mar 1 13:04:33 2017 ++++ g10/getkey.c Sun Mar 19 17:21:06 2017 +@@ -1592,8 +1592,10 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retct + if (is_valid_mailbox (name) && ctx) + { + /* Rank results and return only the most relevant key. */ +- struct pubkey_cmp_cookie best = { 0 }, new; +- KBNODE new_keyblock; ++ struct pubkey_cmp_cookie best = { 0 }; ++ struct pubkey_cmp_cookie new; ++ kbnode_t new_keyblock; ++ + while (getkey_next (ctx, &new.key, &new_keyblock) == 0) + { + int diff = pubkey_cmp (ctrl, name, &best, &new, new_keyblock); +@@ -1610,17 +1612,20 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retct + /* Old key is better. */ + release_public_key_parts (&new.key); + free_user_id (new.uid); ++ new.uid = NULL; + } + else + { + /* A tie. Keep the old key. */ + release_public_key_parts (&new.key); + free_user_id (new.uid); ++ new.uid = NULL; + } + } + getkey_end (ctx); + ctx = NULL; + free_user_id (best.uid); ++ best.uid = NULL; + + if (best.valid) + { Index: patches/patch-g10_import_c =================================================================== RCS file: patches/patch-g10_import_c diff -N patches/patch-g10_import_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-g10_import_c 19 Mar 2017 17:21:09 -0000 @@ -0,0 +1,43 @@ +$OpenBSD$ + +Fix possible segv when attribute packets are filtered. +https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=5f6f3f5cae8a95ed469129f9677782c17951dab3 + +--- g10/import.c.orig Wed Mar 1 13:04:33 2017 ++++ g10/import.c Sun Mar 19 17:17:38 2017 +@@ -1173,7 +1173,8 @@ impex_filter_getval (void *cookie, const char *propnam + static char numbuf[20]; + const char *result; + +- if (node->pkt->pkttype == PKT_USER_ID) ++ if (node->pkt->pkttype == PKT_USER_ID ++ || node->pkt->pkttype == PKT_ATTRIBUTE) + { + if (!strcmp (propname, "uid")) + result = node->pkt->pkt.user_id->name; +@@ -1191,8 +1192,7 @@ impex_filter_getval (void *cookie, const char *propnam + else + result = NULL; + } +- else if (node->pkt->pkttype == PKT_SIGNATURE +- || node->pkt->pkttype == PKT_ATTRIBUTE) ++ else if (node->pkt->pkttype == PKT_SIGNATURE) + { + PKT_signature *sig = node->pkt->pkt.signature; + +@@ -1313,12 +1313,12 @@ apply_drop_sig_filter (kbnode_t keyblock, recsel_expr_ + if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY + || node->pkt->pkttype == PKT_SECRET_SUBKEY) + break; /* ready. */ +- if (node->pkt->pkttype == PKT_USER_ID) ++ if (node->pkt->pkttype == PKT_USER_ID ++ || node->pkt->pkttype == PKT_ATTRIBUTE) + active = 1; + if (!active) + continue; +- if (node->pkt->pkttype != PKT_SIGNATURE +- && node->pkt->pkttype != PKT_ATTRIBUTE) ++ if (node->pkt->pkttype != PKT_SIGNATURE) + continue; + + sig = node->pkt->pkt.signature; Index: patches/patch-scd_scdaemon_c =================================================================== RCS file: patches/patch-scd_scdaemon_c diff -N patches/patch-scd_scdaemon_c --- patches/patch-scd_scdaemon_c 18 Nov 2016 11:30:53 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,43 +0,0 @@ -$OpenBSD: patch-scd_scdaemon_c,v 1.1 2016/11/18 11:30:53 ajacoutot Exp $ - -From eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Mon Sep 17 00:00:00 2001 -From: NIIBE Yutaka <gni...@fsij.org> -Date: Tue, 4 Oct 2016 09:01:13 +0900 -Subject: [PATCH] agent, dirmngr, scd: npth_init must be after fork. - -From fc0b392e766af8127094e8b529d25abb84ad1d65 Mon Sep 17 00:00:00 2001 -From: NIIBE Yutaka <gni...@fsij.org> -Date: Fri, 7 Oct 2016 10:45:22 +0900 -Subject: [PATCH] agent, dirmngr, scd: Fix init_common_subsystems. - ---- scd/scdaemon.c.orig Fri Nov 18 12:26:40 2016 -+++ scd/scdaemon.c Fri Nov 18 12:26:33 2016 -@@ -422,8 +422,6 @@ main (int argc, char **argv ) - i18n_init (); - init_common_subsystems (&argc, &argv); - -- npth_init (); -- - ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free); - - malloc_hooks.malloc = gcry_malloc; -@@ -724,6 +722,9 @@ main (int argc, char **argv ) - } - #endif - -+ npth_init (); -+ gpgrt_set_syscall_clamp (npth_unprotect, npth_protect); -+ - /* If --debug-allow-core-dump has been given we also need to - switch the working directory to a place where we can actually - write. */ -@@ -860,6 +861,9 @@ main (int argc, char **argv ) - } /* end parent */ - - /* This is the child. */ -+ -+ npth_init (); -+ gpgrt_set_syscall_clamp (npth_unprotect, npth_protect); - - /* Detach from tty and put process into a new session. */ - if (!nodetach ) Index: pkg/PLIST =================================================================== RCS file: /home/edd/cvsync/ports/security/gnupg2/pkg/PLIST,v retrieving revision 1.15 diff -u -p -r1.15 PLIST --- pkg/PLIST 19 Sep 2016 17:09:37 -0000 1.15 +++ pkg/PLIST 28 Mar 2017 17:11:59 -0000 @@ -19,6 +19,7 @@ @bin libexec/gpg-check-pattern @bin libexec/gpg-preset-passphrase @bin libexec/gpg-protect-tool +@bin libexec/gpg-wks-client @bin libexec/scdaemon @man man/man1/dirmngr-client.1 @man man/man1/gpg-agent.1 -- Best Regards Edd Barrett http://www.theunixzoo.co.uk