[Pkg-gnupg-commit] [gnupg2] 01/06: adopt bugfixes from upstream master
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Oct 10 18:09:25 UTC 2017
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit 477873cab0485beba0c899a37daca0bf8189b27d
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Tue Sep 26 12:47:28 2017 -0400
adopt bugfixes from upstream master
This includes:
Select a secret key by checking availability under gpg-agent.
which supercedes our older:
Skip signing keys where no secret key is available.
Also, we drop the numeric identifiers, in the patch filenames -- they
were either causing spurious differences in git history, or they were
actually out of order and implying untrue things about patch
sequences.
debian/patches/series is and remains the canonical place for patch
ordering.
---
... => Avoid-simple-memory-dumps-via-ptrace.patch} | 0
...beta-warning.patch => avoid-beta-warning.patch} | 0
...egenerating-defsincdate-use-shipped-file.patch} | 0
...oid-automatically-checking-upstream-swdb.patch} | 0
... dirmngr-Avoid-need-for-hkp-housekeeping.patch} | 0
...tch => dirmngr-Drop-useless-housekeeping.patch} | 0
...Avoid-potential-race-condition-when-some.patch} | 0
...nt-Fix-cancellation-handling-for-scdaemon.patch | 140 +++++++++++++++++++++
...le-time-configuration-of-s2k-calibration.patch} | 0
...pt-the-Z-suffix-for-yymmddThhmmssZ-format.patch | 44 +++++++
.../common-Fix-gnupg_wait_processes.patch | 82 ++++++++++++
...a-secret-key-by-checking-availability-und.patch | 71 +++++++++++
...atch => gpg-default-to-3072-bit-RSA-keys.patch} | 0
...-AES-256.patch => gpg-default-to-AES-256.patch} | 0
....patch => gpgsm-default-to-3072-bit-keys.patch} | 0
...inguish-cancel-by-user-and-protocol-error.patch | 68 ++++++++++
...threads-to-interrupt-main-select-loop-wi.patch} | 0
...scheduled-checks-on-socket-when-inotify-.patch} | 0
...ent-Avoid-tight-timer-tick-when-possible.patch} | 0
...ent-Create-framework-of-scheduled-timers.patch} | 0
debian/patches/series | 40 +++---
...gning-keys-where-no-secret-key-is-availab.patch | 50 --------
...to-SHA-512-for-all-signature-types-on-RS.patch} | 0
...HA-512-and-SHA-384-in-default-preference.patch} | 0
24 files changed, 427 insertions(+), 68 deletions(-)
diff --git a/debian/patches/block-ptrace-on-agent/0003-Avoid-simple-memory-dumps-via-ptrace.patch b/debian/patches/block-ptrace-on-agent/Avoid-simple-memory-dumps-via-ptrace.patch
similarity index 100%
rename from debian/patches/block-ptrace-on-agent/0003-Avoid-simple-memory-dumps-via-ptrace.patch
rename to debian/patches/block-ptrace-on-agent/Avoid-simple-memory-dumps-via-ptrace.patch
diff --git a/debian/patches/debian-packaging/0001-avoid-beta-warning.patch b/debian/patches/debian-packaging/avoid-beta-warning.patch
similarity index 100%
rename from debian/patches/debian-packaging/0001-avoid-beta-warning.patch
rename to debian/patches/debian-packaging/avoid-beta-warning.patch
diff --git a/debian/patches/debian-packaging/0002-avoid-regenerating-defsincdate-use-shipped-file.patch b/debian/patches/debian-packaging/avoid-regenerating-defsincdate-use-shipped-file.patch
similarity index 100%
rename from debian/patches/debian-packaging/0002-avoid-regenerating-defsincdate-use-shipped-file.patch
rename to debian/patches/debian-packaging/avoid-regenerating-defsincdate-use-shipped-file.patch
diff --git a/debian/patches/dirmngr-idling/0006-dirmngr-Avoid-automatically-checking-upstream-swdb.patch b/debian/patches/dirmngr-idling/dirmngr-Avoid-automatically-checking-upstream-swdb.patch
similarity index 100%
rename from debian/patches/dirmngr-idling/0006-dirmngr-Avoid-automatically-checking-upstream-swdb.patch
rename to debian/patches/dirmngr-idling/dirmngr-Avoid-automatically-checking-upstream-swdb.patch
diff --git a/debian/patches/dirmngr-idling/0005-dirmngr-Avoid-need-for-hkp-housekeeping.patch b/debian/patches/dirmngr-idling/dirmngr-Avoid-need-for-hkp-housekeeping.patch
similarity index 100%
rename from debian/patches/dirmngr-idling/0005-dirmngr-Avoid-need-for-hkp-housekeeping.patch
rename to debian/patches/dirmngr-idling/dirmngr-Avoid-need-for-hkp-housekeeping.patch
diff --git a/debian/patches/dirmngr-idling/0007-dirmngr-Drop-useless-housekeeping.patch b/debian/patches/dirmngr-idling/dirmngr-Drop-useless-housekeeping.patch
similarity index 100%
rename from debian/patches/dirmngr-idling/0007-dirmngr-Drop-useless-housekeeping.patch
rename to debian/patches/dirmngr-idling/dirmngr-Drop-useless-housekeeping.patch
diff --git a/debian/patches/dirmngr-idling/0004-dirmngr-hkp-Avoid-potential-race-condition-when-some.patch b/debian/patches/dirmngr-idling/dirmngr-hkp-Avoid-potential-race-condition-when-some.patch
similarity index 100%
rename from debian/patches/dirmngr-idling/0004-dirmngr-hkp-Avoid-potential-race-condition-when-some.patch
rename to debian/patches/dirmngr-idling/dirmngr-hkp-Avoid-potential-race-condition-when-some.patch
diff --git a/debian/patches/from-master/agent-Fix-cancellation-handling-for-scdaemon.patch b/debian/patches/from-master/agent-Fix-cancellation-handling-for-scdaemon.patch
new file mode 100644
index 0000000..9f80d25
--- /dev/null
+++ b/debian/patches/from-master/agent-Fix-cancellation-handling-for-scdaemon.patch
@@ -0,0 +1,140 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Wed, 20 Sep 2017 10:42:28 +0900
+Subject: agent: Fix cancellation handling for scdaemon.
+
+* agent/call-scd.c (cancel_inquire): Remove.
+(agent_card_pksign, agent_card_pkdecrypt, agent_card_writekey)
+(agent_card_scd): Don't call cancel_inquire.
+
+--
+
+Since libassuan 2.1.0, cancellation command "CAN" is handled within
+the library, by assuan_transact. So, cancel_inquire just caused
+spurious "CAN" command to scdaemon which resulted an error.
+
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit 9f5e50e7c85aa8b847d38010241ed570ac114fc3)
+---
+ agent/call-scd.c | 41 -----------------------------------------
+ 1 file changed, 41 deletions(-)
+
+diff --git a/agent/call-scd.c b/agent/call-scd.c
+index d8fe35a..e5b5435 100644
+--- a/agent/call-scd.c
++++ b/agent/call-scd.c
+@@ -89,7 +89,6 @@ struct inq_needpin_parm_s
+ const char *getpin_cb_desc;
+ assuan_context_t passthru; /* If not NULL, pass unknown inquiries
+ up to the caller. */
+- int any_inq_seen;
+
+ /* The next fields are used by inq_writekey_parm. */
+ const unsigned char *keydata;
+@@ -729,7 +728,6 @@ inq_needpin (void *opaque, const char *line)
+ size_t pinlen;
+ int rc;
+
+- parm->any_inq_seen = 1;
+ if ((s = has_leading_keyword (line, "NEEDPIN")))
+ {
+ line = s;
+@@ -813,30 +811,6 @@ hash_algo_option (int algo)
+ }
+
+
+-static gpg_error_t
+-cancel_inquire (ctrl_t ctrl, gpg_error_t rc)
+-{
+- gpg_error_t oldrc = rc;
+-
+- /* The inquire callback was called and transact returned a
+- cancel error. We assume that the inquired process sent a
+- CANCEL. The passthrough code is not able to pass on the
+- CANCEL and thus scdaemon would stuck on this. As a
+- workaround we send a CANCEL now. */
+- rc = assuan_write_line (ctrl->scd_local->ctx, "CAN");
+- if (!rc) {
+- char *line;
+- size_t len;
+-
+- rc = assuan_read_line (ctrl->scd_local->ctx, &line, &len);
+- if (!rc)
+- rc = oldrc;
+- }
+-
+- return rc;
+-}
+-
+-
+ /* Create a signature using the current card. MDALGO is either 0 or
+ * gives the digest algorithm. DESC_TEXT is an additional parameter
+ * passed to GETPIN_CB. */
+@@ -877,7 +851,6 @@ agent_card_pksign (ctrl_t ctrl,
+ inqparm.getpin_cb_arg = getpin_cb_arg;
+ inqparm.getpin_cb_desc = desc_text;
+ inqparm.passthru = 0;
+- inqparm.any_inq_seen = 0;
+ inqparm.keydata = NULL;
+ inqparm.keydatalen = 0;
+
+@@ -890,9 +863,6 @@ agent_card_pksign (ctrl_t ctrl,
+ put_membuf_cb, &data,
+ inq_needpin, &inqparm,
+ NULL, NULL);
+- if (inqparm.any_inq_seen && (gpg_err_code(rc) == GPG_ERR_CANCELED ||
+- gpg_err_code(rc) == GPG_ERR_ASS_CANCELED))
+- rc = cancel_inquire (ctrl, rc);
+
+ if (rc)
+ {
+@@ -976,7 +946,6 @@ agent_card_pkdecrypt (ctrl_t ctrl,
+ inqparm.getpin_cb_arg = getpin_cb_arg;
+ inqparm.getpin_cb_desc = desc_text;
+ inqparm.passthru = 0;
+- inqparm.any_inq_seen = 0;
+ inqparm.keydata = NULL;
+ inqparm.keydatalen = 0;
+ snprintf (line, DIM(line), "PKDECRYPT %s", keyid);
+@@ -984,9 +953,6 @@ agent_card_pkdecrypt (ctrl_t ctrl,
+ put_membuf_cb, &data,
+ inq_needpin, &inqparm,
+ padding_info_cb, r_padding);
+- if (inqparm.any_inq_seen && (gpg_err_code(rc) == GPG_ERR_CANCELED ||
+- gpg_err_code(rc) == GPG_ERR_ASS_CANCELED))
+- rc = cancel_inquire (ctrl, rc);
+
+ if (rc)
+ {
+@@ -1113,15 +1079,11 @@ agent_card_writekey (ctrl_t ctrl, int force, const char *serialno,
+ parms.getpin_cb_arg = getpin_cb_arg;
+ parms.getpin_cb_desc= NULL;
+ parms.passthru = 0;
+- parms.any_inq_seen = 0;
+ parms.keydata = keydata;
+ parms.keydatalen = keydatalen;
+
+ rc = assuan_transact (ctrl->scd_local->ctx, line, NULL, NULL,
+ inq_writekey_parms, &parms, NULL, NULL);
+- if (parms.any_inq_seen && (gpg_err_code(rc) == GPG_ERR_CANCELED ||
+- gpg_err_code(rc) == GPG_ERR_ASS_CANCELED))
+- rc = cancel_inquire (ctrl, rc);
+ return unlock_scd (ctrl, rc);
+ }
+
+@@ -1346,7 +1308,6 @@ agent_card_scd (ctrl_t ctrl, const char *cmdline,
+ inqparm.getpin_cb_arg = getpin_cb_arg;
+ inqparm.getpin_cb_desc = NULL;
+ inqparm.passthru = assuan_context;
+- inqparm.any_inq_seen = 0;
+ inqparm.keydata = NULL;
+ inqparm.keydatalen = 0;
+
+@@ -1356,8 +1317,6 @@ agent_card_scd (ctrl_t ctrl, const char *cmdline,
+ pass_data_thru, assuan_context,
+ inq_needpin, &inqparm,
+ pass_status_thru, assuan_context);
+- if (inqparm.any_inq_seen && gpg_err_code(rc) == GPG_ERR_ASS_CANCELED)
+- rc = cancel_inquire (ctrl, rc);
+
+ assuan_set_flag (ctrl->scd_local->ctx, ASSUAN_CONVEY_COMMENTS, saveflag);
+ if (rc)
diff --git a/debian/patches/from-master/0016-agent-compile-time-configuration-of-s2k-calibration.patch b/debian/patches/from-master/agent-compile-time-configuration-of-s2k-calibration.patch
similarity index 100%
rename from debian/patches/from-master/0016-agent-compile-time-configuration-of-s2k-calibration.patch
rename to debian/patches/from-master/agent-compile-time-configuration-of-s2k-calibration.patch
diff --git a/debian/patches/from-master/common-Accept-the-Z-suffix-for-yymmddThhmmssZ-format.patch b/debian/patches/from-master/common-Accept-the-Z-suffix-for-yymmddThhmmssZ-format.patch
new file mode 100644
index 0000000..12bcc07
--- /dev/null
+++ b/debian/patches/from-master/common-Accept-the-Z-suffix-for-yymmddThhmmssZ-format.patch
@@ -0,0 +1,44 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Tue, 19 Sep 2017 16:09:05 +0900
+Subject: common: Accept the Z-suffix for yymmddThhmmssZ format.
+
+* common/gettime.c (isotime_p): Accept the Z suffix.
+
+--
+
+The intention is use for human interface.
+
+GnuPG-bug-id: 3278
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit ba8afc4966cca1f6aaf9b2a9bfc3220782306c2b)
+---
+ common/gettime.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/common/gettime.c b/common/gettime.c
+index 3e1ee55..4ad99f5 100644
+--- a/common/gettime.c
++++ b/common/gettime.c
+@@ -222,6 +222,8 @@ isotime_p (const char *string)
+ for (s++, i=9; i < 15; i++, s++)
+ if (!digitp (s))
+ return 0;
++ if (*s == 'Z')
++ s++;
+ if ( !(!*s || (isascii (*s) && isspace(*s)) || *s == ':' || *s == ','))
+ return 0; /* Wrong delimiter. */
+
+@@ -354,9 +356,10 @@ string2isotime (gnupg_isotime_t atime, const char *string)
+ }
+
+
+-/* Scan an ISO timestamp and return an Epoch based timestamp. The only
+- supported format is "yyyymmddThhmmss" delimited by white space, nul, a
+- colon or a comma. Returns (time_t)(-1) for an invalid string. */
++/* Scan an ISO timestamp and return an Epoch based timestamp. The
++ only supported format is "yyyymmddThhmmss[Z]" delimited by white
++ space, nul, a colon or a comma. Returns (time_t)(-1) for an
++ invalid string. */
+ time_t
+ isotime2epoch (const char *string)
+ {
diff --git a/debian/patches/from-master/common-Fix-gnupg_wait_processes.patch b/debian/patches/from-master/common-Fix-gnupg_wait_processes.patch
new file mode 100644
index 0000000..b1b9ed4
--- /dev/null
+++ b/debian/patches/from-master/common-Fix-gnupg_wait_processes.patch
@@ -0,0 +1,82 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Tue, 19 Sep 2017 12:28:43 +0900
+Subject: common: Fix gnupg_wait_processes.
+
+* common/exechelp-posix.c (gnupg_wait_processes): Loop for r_exitcodes
+even if we already see an error.
+
+--
+
+The value stored by waitpid for exit code is encoded; It requires
+decoded by WEXITSTATUS macro, regardless of an error.
+
+For example, when one of processes is already exited and another is
+still running, it resulted wrong value of in r_exitcodes[n].
+
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit eeb3da6eb717ed6a1a1069a7611eb37503e8672d)
+---
+ common/exechelp-posix.c | 50 +++++++++++++++++++++++++------------------------
+ 1 file changed, 26 insertions(+), 24 deletions(-)
+
+diff --git a/common/exechelp-posix.c b/common/exechelp-posix.c
+index 7237993..3acf74a 100644
+--- a/common/exechelp-posix.c
++++ b/common/exechelp-posix.c
+@@ -784,30 +784,32 @@ gnupg_wait_processes (const char **pgmnames, pid_t *pids, size_t count,
+ }
+ }
+
+- if (ec == 0)
+- for (i = 0; i < count; i++)
+- {
+- if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i]) == 127)
+- {
+- log_error (_("error running '%s': probably not installed\n"),
+- pgmnames[i]);
+- ec = GPG_ERR_CONFIGURATION;
+- }
+- else if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i]))
+- {
+- if (dummy)
+- log_error (_("error running '%s': exit status %d\n"),
+- pgmnames[i], WEXITSTATUS (r_exitcodes[i]));
+- else
+- r_exitcodes[i] = WEXITSTATUS (r_exitcodes[i]);
+- ec = GPG_ERR_GENERAL;
+- }
+- else if (!WIFEXITED (r_exitcodes[i]))
+- {
+- log_error (_("error running '%s': terminated\n"), pgmnames[i]);
+- ec = GPG_ERR_GENERAL;
+- }
+- }
++ for (i = 0; i < count; i++)
++ {
++ if (r_exitcodes[i] == -1)
++ continue;
++
++ if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i]) == 127)
++ {
++ log_error (_("error running '%s': probably not installed\n"),
++ pgmnames[i]);
++ ec = GPG_ERR_CONFIGURATION;
++ }
++ else if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i]))
++ {
++ if (dummy)
++ log_error (_("error running '%s': exit status %d\n"),
++ pgmnames[i], WEXITSTATUS (r_exitcodes[i]));
++ else
++ r_exitcodes[i] = WEXITSTATUS (r_exitcodes[i]);
++ ec = GPG_ERR_GENERAL;
++ }
++ else if (!WIFEXITED (r_exitcodes[i]))
++ {
++ log_error (_("error running '%s': terminated\n"), pgmnames[i]);
++ ec = GPG_ERR_GENERAL;
++ }
++ }
+
+ xfree (dummy);
+ return gpg_err_make (GPG_ERR_SOURCE_DEFAULT, ec);
diff --git a/debian/patches/from-master/g10-Select-a-secret-key-by-checking-availability-und.patch b/debian/patches/from-master/g10-Select-a-secret-key-by-checking-availability-und.patch
new file mode 100644
index 0000000..01ce79d
--- /dev/null
+++ b/debian/patches/from-master/g10-Select-a-secret-key-by-checking-availability-und.patch
@@ -0,0 +1,71 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Tue, 26 Sep 2017 11:02:05 +0900
+Subject: g10: Select a secret key by checking availability under gpg-agent.
+
+* g10/getkey.c (finish_lookup): Add WANT_SECRET argument to confirm
+by agent_probe_secret_key.
+(get_pubkey_fromfile, lookup): Supply WANT_SECRET argument.
+
+--
+
+GnuPG-bug-id: 1967
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit 0a76611294998ae34b9d9ebde484ef8ad3a9a3a6)
+---
+ g10/getkey.c | 15 +++++++++++----
+ 1 file changed, 11 insertions(+), 4 deletions(-)
+
+diff --git a/g10/getkey.c b/g10/getkey.c
+index 852c532..486330a 100644
+--- a/g10/getkey.c
++++ b/g10/getkey.c
+@@ -144,7 +144,7 @@ static int lookup (ctrl_t ctrl, getkey_ctx_t ctx, int want_secret,
+ kbnode_t *ret_keyblock, kbnode_t *ret_found_key);
+ static kbnode_t finish_lookup (kbnode_t keyblock,
+ unsigned int req_usage, int want_exact,
+- unsigned int *r_flags);
++ int want_secret, unsigned int *r_flags);
+ static void print_status_key_considered (kbnode_t keyblock, unsigned int flags);
+
+
+@@ -1734,7 +1734,7 @@ get_pubkey_fromfile (ctrl_t ctrl, PKT_public_key *pk, const char *fname)
+ /* Warning: node flag bits 0 and 1 should be preserved by
+ * merge_selfsigs. FIXME: Check whether this still holds. */
+ merge_selfsigs (ctrl, keyblock);
+- found_key = finish_lookup (keyblock, pk->req_usage, 0, &infoflags);
++ found_key = finish_lookup (keyblock, pk->req_usage, 0, 0, &infoflags);
+ print_status_key_considered (keyblock, infoflags);
+ if (found_key)
+ pk_from_block (pk, keyblock, found_key);
+@@ -3428,7 +3428,7 @@ merge_selfsigs (ctrl_t ctrl, kbnode_t keyblock)
+ */
+ static kbnode_t
+ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
+- unsigned int *r_flags)
++ int want_secret, unsigned int *r_flags)
+ {
+ kbnode_t k;
+
+@@ -3570,6 +3570,13 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
+ continue;
+ }
+
++ if (want_secret && agent_probe_secret_key (NULL, pk))
++ {
++ if (DBG_LOOKUP)
++ log_debug ("\tno secret key\n");
++ continue;
++ }
++
+ if (DBG_LOOKUP)
+ log_debug ("\tsubkey might be fine\n");
+ /* In case a key has a timestamp of 0 set, we make sure
+@@ -3757,7 +3764,7 @@ lookup (ctrl_t ctrl, getkey_ctx_t ctx, int want_secret,
+ * merge_selfsigs. */
+ merge_selfsigs (ctrl, keyblock);
+ found_key = finish_lookup (keyblock, ctx->req_usage, ctx->exact,
+- &infoflags);
++ want_secret, &infoflags);
+ print_status_key_considered (keyblock, infoflags);
+ if (found_key)
+ {
diff --git a/debian/patches/from-master/0014-gpg-default-to-3072-bit-RSA-keys.patch b/debian/patches/from-master/gpg-default-to-3072-bit-RSA-keys.patch
similarity index 100%
rename from debian/patches/from-master/0014-gpg-default-to-3072-bit-RSA-keys.patch
rename to debian/patches/from-master/gpg-default-to-3072-bit-RSA-keys.patch
diff --git a/debian/patches/from-master/0015-gpg-default-to-AES-256.patch b/debian/patches/from-master/gpg-default-to-AES-256.patch
similarity index 100%
rename from debian/patches/from-master/0015-gpg-default-to-AES-256.patch
rename to debian/patches/from-master/gpg-default-to-AES-256.patch
diff --git a/debian/patches/from-master/0013-gpgsm-default-to-3072-bit-keys.patch b/debian/patches/from-master/gpgsm-default-to-3072-bit-keys.patch
similarity index 100%
rename from debian/patches/from-master/0013-gpgsm-default-to-3072-bit-keys.patch
rename to debian/patches/from-master/gpgsm-default-to-3072-bit-keys.patch
diff --git a/debian/patches/from-master/scd-Distinguish-cancel-by-user-and-protocol-error.patch b/debian/patches/from-master/scd-Distinguish-cancel-by-user-and-protocol-error.patch
new file mode 100644
index 0000000..64dce38
--- /dev/null
+++ b/debian/patches/from-master/scd-Distinguish-cancel-by-user-and-protocol-error.patch
@@ -0,0 +1,68 @@
+From: NIIBE Yutaka <gniibe at fsij.org>
+Date: Wed, 20 Sep 2017 10:06:43 +0900
+Subject: scd: Distinguish cancel by user and protocol error.
+
+* scd/apdu.h (SW_HOST_CANCELLED): New.
+* scd/apdu.c (host_sw_string): Support SW_HOST_CANCELLED.
+(pcsc_error_to_sw): Return SW_HOST_CANCELLED for PCSC_E_CANCELLED.
+* scd/iso7816.c (map_sw): Return GPG_ERR_INV_RESPONSE for
+SW_HOST_ABORTED and GPG_ERR_CANCELED for SW_HOST_CANCELLED.
+
+Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
+(cherry picked from commit 2396055c096884d521c26b76f26263a146207c24)
+---
+ scd/apdu.c | 3 ++-
+ scd/apdu.h | 3 ++-
+ scd/iso7816.c | 3 ++-
+ 3 files changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/scd/apdu.c b/scd/apdu.c
+index 97624eb..1b25ceb 100644
+--- a/scd/apdu.c
++++ b/scd/apdu.c
+@@ -496,6 +496,7 @@ host_sw_string (long err)
+ case SW_HOST_ABORTED: return "aborted";
+ case SW_HOST_NO_PINPAD: return "no pinpad";
+ case SW_HOST_ALREADY_CONNECTED: return "already connected";
++ case SW_HOST_CANCELLED: return "cancelled";
+ default: return "unknown host status error";
+ }
+ }
+@@ -602,7 +603,7 @@ pcsc_error_to_sw (long ec)
+ {
+ case 0: rc = 0; break;
+
+- case PCSC_E_CANCELLED: rc = SW_HOST_ABORTED; break;
++ case PCSC_E_CANCELLED: rc = SW_HOST_CANCELLED; break;
+ case PCSC_E_NO_MEMORY: rc = SW_HOST_OUT_OF_CORE; break;
+ case PCSC_E_TIMEOUT: rc = SW_HOST_CARD_IO_ERROR; break;
+ case PCSC_E_NO_SERVICE:
+diff --git a/scd/apdu.h b/scd/apdu.h
+index 6751e8c..8a0d4bd 100644
+--- a/scd/apdu.h
++++ b/scd/apdu.h
+@@ -71,7 +71,8 @@ enum {
+ SW_HOST_NO_READER = 0x1000c,
+ SW_HOST_ABORTED = 0x1000d,
+ SW_HOST_NO_PINPAD = 0x1000e,
+- SW_HOST_ALREADY_CONNECTED = 0x1000f
++ SW_HOST_ALREADY_CONNECTED = 0x1000f,
++ SW_HOST_CANCELLED = 0x10010
+ };
+
+ struct dev_list;
+diff --git a/scd/iso7816.c b/scd/iso7816.c
+index 081b080..29208c2 100644
+--- a/scd/iso7816.c
++++ b/scd/iso7816.c
+@@ -93,8 +93,9 @@ map_sw (int sw)
+ case SW_HOST_CARD_IO_ERROR: ec = GPG_ERR_EIO; break;
+ case SW_HOST_GENERAL_ERROR: ec = GPG_ERR_GENERAL; break;
+ case SW_HOST_NO_READER: ec = GPG_ERR_ENODEV; break;
+- case SW_HOST_ABORTED: ec = GPG_ERR_CANCELED; break;
++ case SW_HOST_ABORTED: ec = GPG_ERR_INV_RESPONSE; break;
+ case SW_HOST_NO_PINPAD: ec = GPG_ERR_NOT_SUPPORTED; break;
++ case SW_HOST_CANCELLED: ec = GPG_ERR_CANCELED; break;
+
+ default:
+ if ((sw & 0x010000))
diff --git a/debian/patches/gpg-agent-idling/0009-agent-Allow-threads-to-interrupt-main-select-loop-wi.patch b/debian/patches/gpg-agent-idling/agent-Allow-threads-to-interrupt-main-select-loop-wi.patch
similarity index 100%
rename from debian/patches/gpg-agent-idling/0009-agent-Allow-threads-to-interrupt-main-select-loop-wi.patch
rename to debian/patches/gpg-agent-idling/agent-Allow-threads-to-interrupt-main-select-loop-wi.patch
diff --git a/debian/patches/gpg-agent-idling/0011-agent-Avoid-scheduled-checks-on-socket-when-inotify-.patch b/debian/patches/gpg-agent-idling/agent-Avoid-scheduled-checks-on-socket-when-inotify-.patch
similarity index 100%
rename from debian/patches/gpg-agent-idling/0011-agent-Avoid-scheduled-checks-on-socket-when-inotify-.patch
rename to debian/patches/gpg-agent-idling/agent-Avoid-scheduled-checks-on-socket-when-inotify-.patch
diff --git a/debian/patches/gpg-agent-idling/0010-agent-Avoid-tight-timer-tick-when-possible.patch b/debian/patches/gpg-agent-idling/agent-Avoid-tight-timer-tick-when-possible.patch
similarity index 100%
rename from debian/patches/gpg-agent-idling/0010-agent-Avoid-tight-timer-tick-when-possible.patch
rename to debian/patches/gpg-agent-idling/agent-Avoid-tight-timer-tick-when-possible.patch
diff --git a/debian/patches/gpg-agent-idling/0008-agent-Create-framework-of-scheduled-timers.patch b/debian/patches/gpg-agent-idling/agent-Create-framework-of-scheduled-timers.patch
similarity index 100%
rename from debian/patches/gpg-agent-idling/0008-agent-Create-framework-of-scheduled-timers.patch
rename to debian/patches/gpg-agent-idling/agent-Create-framework-of-scheduled-timers.patch
diff --git a/debian/patches/series b/debian/patches/series
index 9468904..958ce84 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,18 +1,22 @@
-debian-packaging/0001-avoid-beta-warning.patch
-debian-packaging/0002-avoid-regenerating-defsincdate-use-shipped-file.patch
-block-ptrace-on-agent/0003-Avoid-simple-memory-dumps-via-ptrace.patch
-dirmngr-idling/0004-dirmngr-hkp-Avoid-potential-race-condition-when-some.patch
-dirmngr-idling/0005-dirmngr-Avoid-need-for-hkp-housekeeping.patch
-dirmngr-idling/0006-dirmngr-Avoid-automatically-checking-upstream-swdb.patch
-dirmngr-idling/0007-dirmngr-Drop-useless-housekeeping.patch
-gpg-agent-idling/0008-agent-Create-framework-of-scheduled-timers.patch
-gpg-agent-idling/0009-agent-Allow-threads-to-interrupt-main-select-loop-wi.patch
-gpg-agent-idling/0010-agent-Avoid-tight-timer-tick-when-possible.patch
-gpg-agent-idling/0011-agent-Avoid-scheduled-checks-on-socket-when-inotify-.patch
-skip-missing-signing-keys/0013-g10-Skip-signing-keys-where-no-secret-key-is-availab.patch
-from-master/0013-gpgsm-default-to-3072-bit-keys.patch
-from-master/0014-gpg-default-to-3072-bit-RSA-keys.patch
-from-master/0015-gpg-default-to-AES-256.patch
-from-master/0016-agent-compile-time-configuration-of-s2k-calibration.patch
-update-defaults/0017-gpg-Default-to-SHA-512-for-all-signature-types-on-RS.patch
-update-defaults/0018-gpg-Prefer-SHA-512-and-SHA-384-in-default-preference.patch
+debian-packaging/avoid-beta-warning.patch
+debian-packaging/avoid-regenerating-defsincdate-use-shipped-file.patch
+block-ptrace-on-agent/Avoid-simple-memory-dumps-via-ptrace.patch
+dirmngr-idling/dirmngr-hkp-Avoid-potential-race-condition-when-some.patch
+dirmngr-idling/dirmngr-Avoid-need-for-hkp-housekeeping.patch
+dirmngr-idling/dirmngr-Avoid-automatically-checking-upstream-swdb.patch
+dirmngr-idling/dirmngr-Drop-useless-housekeeping.patch
+gpg-agent-idling/agent-Create-framework-of-scheduled-timers.patch
+gpg-agent-idling/agent-Allow-threads-to-interrupt-main-select-loop-wi.patch
+gpg-agent-idling/agent-Avoid-tight-timer-tick-when-possible.patch
+gpg-agent-idling/agent-Avoid-scheduled-checks-on-socket-when-inotify-.patch
+from-master/gpgsm-default-to-3072-bit-keys.patch
+from-master/gpg-default-to-3072-bit-RSA-keys.patch
+from-master/gpg-default-to-AES-256.patch
+from-master/agent-compile-time-configuration-of-s2k-calibration.patch
+from-master/common-Fix-gnupg_wait_processes.patch
+from-master/common-Accept-the-Z-suffix-for-yymmddThhmmssZ-format.patch
+from-master/scd-Distinguish-cancel-by-user-and-protocol-error.patch
+from-master/agent-Fix-cancellation-handling-for-scdaemon.patch
+from-master/g10-Select-a-secret-key-by-checking-availability-und.patch
+update-defaults/gpg-Default-to-SHA-512-for-all-signature-types-on-RS.patch
+update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-default-preference.patch
diff --git a/debian/patches/skip-missing-signing-keys/0013-g10-Skip-signing-keys-where-no-secret-key-is-availab.patch b/debian/patches/skip-missing-signing-keys/0013-g10-Skip-signing-keys-where-no-secret-key-is-availab.patch
deleted file mode 100644
index d00e0e6..0000000
--- a/debian/patches/skip-missing-signing-keys/0013-g10-Skip-signing-keys-where-no-secret-key-is-availab.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From: Simon Arlott <simon at arlott.org>
-Date: Sun, 5 Feb 2017 16:31:35 -0500
-Subject: g10: Skip signing keys where no secret key is available.
-
-* g10/getkey.c (finish_lookup): When requiring PUBKEY_USAGE_SIG, skip
-over keys where no signing key is available.
-
---
-
-This should only be relevant when gpg is required to choose which key
-to sign with -- if verifying signatures, we already know which subkey
-to look at, and indeed gpg doesn't seem to have a problem with this.
-
-This patch comes from https://dev.gnupg.org/D296
-
-I (dkg) have reviewed and tested it with missing local keys, and it
-makes sense to me as the default behavior. If the user has the secret
-key for a signing-capable subkey available and the command is --sign,
-it should be used.
-
-If the user has explicitly specified a subkey that happens to be
-missing (e.g. with the trailing ! for --default-key 0x${FPR}!) then
-this does not override that behavior (the signature will still fail).
-
-GnuPG-bug-id: 1967
-Debian-bug-id: 834922
-
-Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
----
- g10/getkey.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/g10/getkey.c b/g10/getkey.c
-index 852c532..946ca90 100644
---- a/g10/getkey.c
-+++ b/g10/getkey.c
-@@ -3570,6 +3570,13 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
- continue;
- }
-
-+ if ((req_usage & PUBKEY_USAGE_SIG) && agent_probe_secret_key (NULL, pk))
-+ {
-+ if (DBG_LOOKUP)
-+ log_debug ("\tno secret key for signing\n");
-+ continue;
-+ }
-+
- if (DBG_LOOKUP)
- log_debug ("\tsubkey might be fine\n");
- /* In case a key has a timestamp of 0 set, we make sure
diff --git a/debian/patches/update-defaults/0017-gpg-Default-to-SHA-512-for-all-signature-types-on-RS.patch b/debian/patches/update-defaults/gpg-Default-to-SHA-512-for-all-signature-types-on-RS.patch
similarity index 100%
rename from debian/patches/update-defaults/0017-gpg-Default-to-SHA-512-for-all-signature-types-on-RS.patch
rename to debian/patches/update-defaults/gpg-Default-to-SHA-512-for-all-signature-types-on-RS.patch
diff --git a/debian/patches/update-defaults/0018-gpg-Prefer-SHA-512-and-SHA-384-in-default-preference.patch b/debian/patches/update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-default-preference.patch
similarity index 100%
rename from debian/patches/update-defaults/0018-gpg-Prefer-SHA-512-and-SHA-384-in-default-preference.patch
rename to debian/patches/update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-default-preference.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list