From cvs at cvs.gnupg.org  Thu Oct  1 01:58:31 2015
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Thu, 01 Oct 2015 01:58:31 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.8-54-ga9895a5
Message-ID: <E1ZhR86-0000vu-VO@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  a9895a5a72a851c5fcc70f16d5f8f588cc885751 (commit)
      from  c8584a1e559bc720412e1a2fc546a54ff4517205 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit a9895a5a72a851c5fcc70f16d5f8f588cc885751
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Thu Oct 1 08:57:06 2015 +0900

    common: Fix strsplit.
    
    * common/stringhelp.c (strsplit): Fix arguments order.

diff --git a/common/stringhelp.c b/common/stringhelp.c
index 576c2ea..38c3832 100644
--- a/common/stringhelp.c
+++ b/common/stringhelp.c
@@ -1230,7 +1230,7 @@ strsplit (char *string, char delim, char replacement, int *count)
   for (t = strchr (string, delim); t; t = strchr (t + 1, delim))
     fields ++;
 
-  result = xtrycalloc (sizeof (*result), (fields + 1));
+  result = xtrycalloc ((fields + 1), sizeof (*result));
   if (! result)
     return NULL;
 

-----------------------------------------------------------------------

Summary of changes:
 common/stringhelp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Oct  1 07:33:54 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 01 Oct 2015 07:33:54 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0,
 updated. gnupg-2.0.29-11-gb1653a4
Message-ID: <E1ZhWMe-0004mV-LW@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-0 has been updated
       via  b1653a4083b91cfa85d90f59612fa1c3f4d51778 (commit)
      from  fea9d4354c93b662c75febe020fb799ce4f2ec89 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b1653a4083b91cfa85d90f59612fa1c3f4d51778
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Sep 18 15:08:51 2014 +0200

    gpg: Silence a compiler warning.
    
    * g10/parse-packet.c (enum_sig_subpkt): Replace hack.
    
    --
    
    GCC 5 failure reported by Kevin Locke <kevin at kevinlocke.name>
    
    (backport from master commit 6a0c3fa19cfcdd590b96691e8a8ffb48fb5e0ec4)

diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index a8f9d99..c925e94 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -1258,10 +1258,10 @@ enum_sig_subpkt( const subpktarea_t *pktbuf, sigsubpkttype_t reqtype,
       critical=&critical_dummy;
 
     if( !pktbuf || reqseq == -1 ) {
-	/* return some value different from NULL to indicate that
-	 * there is no critical bit we do not understand.  The caller
-	 * will never use the value.  Yes I know, it is an ugly hack */
-	return reqtype == SIGSUBPKT_TEST_CRITICAL? (const byte*)&pktbuf : NULL;
+	static char dummy[] = "x";
+	/* Return a value different from NULL to indicate that
+	 * there is no critical bit we do not understand.  */
+	return reqtype ==	SIGSUBPKT_TEST_CRITICAL ? dummy : NULL;
     }
     buffer = pktbuf->data;
     buflen = pktbuf->len;

-----------------------------------------------------------------------

Summary of changes:
 g10/parse-packet.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Oct  1 07:35:02 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 01 Oct 2015 07:35:02 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4,
 updated. gnupg-1.4.19-12-g6db18e2
Message-ID: <E1ZhWNl-0004oW-7V@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-1-4 has been updated
       via  6db18e29eb81b37ed6feb592add77d492c60fc35 (commit)
      from  9232df23ac545e358d10c5539bdc9de2d05f15e8 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 6db18e29eb81b37ed6feb592add77d492c60fc35
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Sep 18 15:08:51 2014 +0200

    gpg: Silence a compiler warning.
    
    * g10/parse-packet.c (enum_sig_subpkt): Replace hack.
    
    --
    
    GCC 5 failure reported by Kevin Locke <kevin at kevinlocke.name>
    
    (backport from master commit 6a0c3fa19cfcdd590b96691e8a8ffb48fb5e0ec4)

diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 8d4450c..beee77e 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -1183,10 +1183,10 @@ enum_sig_subpkt( const subpktarea_t *pktbuf, sigsubpkttype_t reqtype,
       critical=&critical_dummy;
 
     if( !pktbuf || reqseq == -1 ) {
-	/* return some value different from NULL to indicate that
-	 * there is no critical bit we do not understand.  The caller
-	 * will never use the value.  Yes I know, it is an ugly hack */
-	return reqtype == SIGSUBPKT_TEST_CRITICAL? (const byte*)&pktbuf : NULL;
+	static char dummy[] = "x";
+	/* Return a value different from NULL to indicate that
+	 * there is no critical bit we do not understand.  */
+	return reqtype == SIGSUBPKT_TEST_CRITICAL ? dummy : NULL;
     }
     buffer = pktbuf->data;
     buflen = pktbuf->len;

-----------------------------------------------------------------------

Summary of changes:
 g10/parse-packet.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Oct  1 16:28:48 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 01 Oct 2015 16:28:48 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.8-55-g13a3f65
Message-ID: <E1ZheiK-0004IQ-Pq@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  13a3f65968f4a8205ca664cc46b1a53de4dc489b (commit)
      from  a9895a5a72a851c5fcc70f16d5f8f588cc885751 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 13a3f65968f4a8205ca664cc46b1a53de4dc489b
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Oct 1 16:22:29 2015 +0200

    gpg: Add debug helper to --edit-keys's check sub-command.
    
    * g10/keyedit.c (print_and_check_one_sig): Add arg "extended" and
    print an asterisk for the chosen selfsig.
    (check_all_keysigs): Add arg "only_selfsig"
    (keyedit_menu) <cmdCHECK>: Add optional arg "selfsig".
    --
    
    Using "check selfsig" prints only the self-signatures and indicates
    the chosen selfsig with an asterisk.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/doc/gpg.texi b/doc/gpg.texi
index 9d62afb..28e4f83 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -660,7 +660,8 @@ create a signature of any type desired.
 
   @item check
   @opindex keyedit:check
-  Check the signatures on all selected user IDs.
+  Check the signatures on all selected user IDs.  With the extra
+  option @code{selfsig} only self-signatures are shown.
 
   @item adduid
   @opindex keyedit:adduid
diff --git a/g10/keyedit.c b/g10/keyedit.c
index 61aceb2..8d87a01 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -185,13 +185,15 @@ print_and_check_one_sig_colon (KBNODE keyblock, KBNODE node,
 
 
 /*
- * Print information about a signature, check it and return true
- * if the signature is okay. NODE must be a signature packet.
+ * Print information about a signature, check it and return true if
+ * the signature is okay.  NODE must be a signature packet.  With
+ * EXTENDED set all possible signature list options will always be
+ * printed.
  */
 static int
 print_and_check_one_sig (KBNODE keyblock, KBNODE node,
 			 int *inv_sigs, int *no_key, int *oth_err,
-			 int *is_selfsig, int print_without_key)
+			 int *is_selfsig, int print_without_key, int extended)
 {
   PKT_signature *sig = node->pkt->pkt.signature;
   int rc, sigrc;
@@ -241,9 +243,10 @@ print_and_check_one_sig (KBNODE keyblock, KBNODE node,
 		  sig->flags.expired ? 'X' : ' ',
 		  (sig->trust_depth > 9) ? 'T' : (sig->trust_depth >
 						  0) ? '0' +
-		  sig->trust_depth : ' ', keystr (sig->keyid),
+		  sig->trust_depth : ' ',
+                  keystr (sig->keyid),
 		  datestr_from_sig (sig));
-      if (opt.list_options & LIST_SHOW_SIG_EXPIRE)
+      if ((opt.list_options & LIST_SHOW_SIG_EXPIRE) || extended )
 	tty_printf (" %s", expirestr_from_sig (sig));
       tty_printf ("  ");
       if (sigrc == '%')
@@ -253,6 +256,8 @@ print_and_check_one_sig (KBNODE keyblock, KBNODE node,
       else if (*is_selfsig)
 	{
 	  tty_printf (is_rev ? _("[revocation]") : _("[self-signature]"));
+          if (extended && sig->flags.chosen_selfsig)
+            tty_printf ("*");
 	}
       else
 	{
@@ -267,17 +272,20 @@ print_and_check_one_sig (KBNODE keyblock, KBNODE node,
 	}
       tty_printf ("\n");
 
-      if (sig->flags.policy_url && (opt.list_options & LIST_SHOW_POLICY_URLS))
+      if (sig->flags.policy_url
+          && ((opt.list_options & LIST_SHOW_POLICY_URLS) || extended))
 	show_policy_url (sig, 3, 0);
 
-      if (sig->flags.notation && (opt.list_options & LIST_SHOW_NOTATIONS))
+      if (sig->flags.notation
+          && ((opt.list_options & LIST_SHOW_NOTATIONS) || extended))
 	show_notation (sig, 3, 0,
 		       ((opt.
 			 list_options & LIST_SHOW_STD_NOTATIONS) ? 1 : 0) +
 		       ((opt.
 			 list_options & LIST_SHOW_USER_NOTATIONS) ? 2 : 0));
 
-      if (sig->flags.pref_ks && (opt.list_options & LIST_SHOW_KEYSERVER_URLS))
+      if (sig->flags.pref_ks
+          && ((opt.list_options & LIST_SHOW_KEYSERVER_URLS) || extended))
 	show_keyserver_url (sig, 3, 0);
     }
 
@@ -291,7 +299,7 @@ print_and_check_one_sig (KBNODE keyblock, KBNODE node,
  * Returns true if error found.
  */
 static int
-check_all_keysigs (KBNODE keyblock, int only_selected)
+check_all_keysigs (KBNODE keyblock, int only_selected, int only_selfsigs)
 {
   KBNODE kbctx;
   KBNODE node;
@@ -302,10 +310,16 @@ check_all_keysigs (KBNODE keyblock, int only_selected)
   int mis_selfsig = 0;
   int selected = !only_selected;
   int anyuid = 0;
+  u32 keyid[2];
 
   for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
     {
-      if (node->pkt->pkttype == PKT_USER_ID)
+      if (node->pkt->pkttype == PKT_PUBLIC_KEY)
+        {
+          if (only_selfsigs)
+            keyid_from_pk (node->pkt->pkt.public_key, keyid);
+        }
+      else if (node->pkt->pkttype == PKT_USER_ID)
 	{
 	  PKT_user_id *uid = node->pkt->pkt.user_id;
 
@@ -327,9 +341,14 @@ check_all_keysigs (KBNODE keyblock, int only_selected)
 		   || node->pkt->pkt.signature->sig_class == 0x30))
 	{
 	  int selfsig;
-
-	  if (print_and_check_one_sig (keyblock, node, &inv_sigs,
-				       &no_key, &oth_err, &selfsig, 0))
+          PKT_signature *sig = node->pkt->pkt.signature;
+
+          if (only_selfsigs
+              && !(keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]))
+            ;  /* Not a selfsig but we want only selfsigs - skip.  */
+	  else if (print_and_check_one_sig (keyblock, node, &inv_sigs,
+                                            &no_key, &oth_err, &selfsig,
+                                            0, only_selfsigs))
 	    {
 	      if (selfsig)
 		has_selfsig = 1;
@@ -1679,7 +1698,8 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
 	  break;
 
 	case cmdCHECK:
-	  check_all_keysigs (keyblock, count_selected_uids (keyblock));
+	  check_all_keysigs (keyblock, count_selected_uids (keyblock),
+                             !strcmp (arg_string, "selfsig"));
 	  break;
 
 	case cmdSIGN:
@@ -3601,7 +3621,7 @@ menu_delsig (KBNODE pub_keyblock)
 	  else
 	    valid = print_and_check_one_sig (pub_keyblock, node,
 					     &inv_sig, &no_key, &other_err,
-					     &selfsig, 1);
+					     &selfsig, 1, 0);
 
 	  if (valid)
 	    {

-----------------------------------------------------------------------

Summary of changes:
 doc/gpg.texi  |  3 ++-
 g10/keyedit.c | 50 +++++++++++++++++++++++++++++++++++---------------
 2 files changed, 37 insertions(+), 16 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Oct  1 18:02:47 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 01 Oct 2015 18:02:47 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.8-57-g2acceba
Message-ID: <E1ZhgBG-0000hz-Ru@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  2acceba5cc299796c7b5b1851a9baeb75d9f32a1 (commit)
       via  2c60663a72f090573c4869e305b098b4b1fb23bd (commit)
      from  13a3f65968f4a8205ca664cc46b1a53de4dc489b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 2acceba5cc299796c7b5b1851a9baeb75d9f32a1
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Oct 1 17:59:03 2015 +0200

    gpg: Fix a practical hang after use of --faked-system-time.
    
    * g10/sign.c (update_keysig_packet): Bail out if we would need to long
    for a new timestamp.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/packet.h b/g10/packet.h
index 1906ec5..eb7da75 100644
--- a/g10/packet.h
+++ b/g10/packet.h
@@ -663,7 +663,7 @@ int make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
 			int (*mksubpkt)(PKT_signature *, void *),
 			void *opaque,
                         const char *cache_nonce);
-int update_keysig_packet( PKT_signature **ret_sig,
+gpg_error_t update_keysig_packet (PKT_signature **ret_sig,
                       PKT_signature *orig_sig,
                       PKT_public_key *pk,
                       PKT_user_id *uid,
diff --git a/g10/sign.c b/g10/sign.c
index 4a30f1e..782b9fc 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -1477,7 +1477,7 @@ make_keysig_packet (PKT_signature **ret_sig, PKT_public_key *pk,
  *
  * TODO: Merge this with make_keysig_packet.
  */
-int
+gpg_error_t
 update_keysig_packet( PKT_signature **ret_sig,
                       PKT_signature *orig_sig,
                       PKT_public_key *pk,
@@ -1488,7 +1488,7 @@ update_keysig_packet( PKT_signature **ret_sig,
                       void *opaque)
 {
     PKT_signature *sig;
-    int rc = 0;
+    gpg_error_t rc = 0;
     int digest_algo;
     gcry_md_hd_t md;
 
@@ -1524,11 +1524,19 @@ update_keysig_packet( PKT_signature **ret_sig,
 
     /* ... but we won't make a timestamp earlier than the existing
        one. */
-    while(sig->timestamp<=orig_sig->timestamp)
-      {
-	gnupg_sleep (1);
-	sig->timestamp=make_timestamp();
-      }
+    {
+      int tmout = 0;
+      while(sig->timestamp<=orig_sig->timestamp)
+        {
+          if (++tmout > 5 && !opt.ignore_time_conflict)
+            {
+              rc = gpg_error (GPG_ERR_TIME_CONFLICT);
+              goto leave;
+            }
+          gnupg_sleep (1);
+          sig->timestamp=make_timestamp();
+        }
+    }
 
     /* Note that already expired sigs will remain expired (with a
        duration of 1) since build-packet.c:build_sig_subpkt_from_sig
@@ -1550,6 +1558,7 @@ update_keysig_packet( PKT_signature **ret_sig,
 	rc = complete_sig (sig, pksk, md, NULL);
     }
 
+ leave:
     gcry_md_close (md);
     if( rc )
 	free_seckey_enc (sig);

commit 2c60663a72f090573c4869e305b098b4b1fb23bd
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Oct 1 17:57:39 2015 +0200

    gpg: Print more info with "check selfsig".
    
    * g10/keyedit.c (print_and_check_one_sig): Print more Some sigsub
    packets.

diff --git a/g10/keyedit.c b/g10/keyedit.c
index 8d87a01..143c748 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -46,6 +46,7 @@
 #include "i18n.h"
 #include "keyserver-internal.h"
 #include "call-agent.h"
+#include "host2net.h"
 
 static void show_prefs (PKT_user_id * uid, PKT_signature * selfsig,
 			int verbose);
@@ -287,6 +288,22 @@ print_and_check_one_sig (KBNODE keyblock, KBNODE node,
       if (sig->flags.pref_ks
           && ((opt.list_options & LIST_SHOW_KEYSERVER_URLS) || extended))
 	show_keyserver_url (sig, 3, 0);
+
+      if (extended)
+        {
+          PKT_public_key *pk = keyblock->pkt->pkt.public_key;
+          const unsigned char *s;
+          u32 expire;
+
+          s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PRIMARY_UID, NULL);
+          if (s && *s)
+            tty_printf ("             [primary]\n");
+
+          s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
+          if (s && buf32_to_u32 (s))
+            tty_printf ("             [expires: %s]\n",
+                        isotimestamp (pk->timestamp + buf32_to_u32 (s)));
+        }
     }
 
   return (sigrc == '!');

-----------------------------------------------------------------------

Summary of changes:
 g10/keyedit.c | 17 +++++++++++++++++
 g10/packet.h  |  2 +-
 g10/sign.c    | 23 ++++++++++++++++-------
 3 files changed, 34 insertions(+), 8 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Oct  1 18:24:03 2015
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Thu, 01 Oct 2015 18:24:03 +0200
Subject: [git] GpgOL - branch, mime-addin, updated. gpgol-1.2.0-36-g9036bb3
Message-ID: <E1ZhgVp-0001zR-DO@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".

The branch, mime-addin has been updated
       via  9036bb3fe96742b6e4f46581d86ca8bf59c6a9a5 (commit)
      from  fdbeb6fbb026b750bc36bfb97c52697e645bd0e1 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 9036bb3fe96742b6e4f46581d86ca8bf59c6a9a5
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Thu Oct 1 17:56:56 2015 +0200

    Change ribbon UI for mime functionality.
    
    * gpgoladdin.cpp (GetIDsOfNames): Add ID's for mime actions.
      (Invoke): Handle new actions.
      (GetCustomUI): Remove most of the Ribbon UI only leave
      encrypt / sign / start certificate manager buttons.
    * src/mailitem-events.cpp (sign_encrypt_item): Renamed to
      do_crypto_on_item.
      (do_crypto_on_item): Do crypto according to draft flags.
      (needs_crypto): New. Check if the mailitem needs crypto at all.
      (Invoke): Pass send when no crypto action is selected.
    * src/mapihelp.cpp (get_gpgol_draft_info_flags),
      (set_gpgol_draft_info_flags): New helpers to work with draft info.
    * src/mapihelp.h: Declare above functions.
    * src/ribbon-callbacks.cpp (message_flag_status): Show a messagebox
      to inform about crypto actions.
      (mark_mime_action): New. Set the draft_info_flags.
      (mime_sign, mime_encrypt): New. Callback functions for outlook.

diff --git a/src/gpgoladdin.cpp b/src/gpgoladdin.cpp
index 6f189c7..c7da01d 100644
--- a/src/gpgoladdin.cpp
+++ b/src/gpgoladdin.cpp
@@ -464,6 +464,10 @@ GpgolRibbonExtender::GetIDsOfNames (REFIID riid, LPOLESTR *rgszNames,
       ID_MAPPER (L"addEncAttachment", ID_CMD_ATT_ENC_FILE)
       ID_MAPPER (L"signBody", ID_CMD_SIGN_BODY)
       ID_MAPPER (L"verifyBody", ID_CMD_VERIFY_BODY)
+
+      /* MIME support: */
+      ID_MAPPER (L"encryptMime", ID_CMD_MIME_ENCRYPT)
+      ID_MAPPER (L"signMime", ID_CMD_MIME_SIGN)
     }
 
   if (cNames > 1)
@@ -513,6 +517,10 @@ GpgolRibbonExtender::Invoke (DISPID dispid, REFIID riid, LCID lcid,
         return signBody (parms->rgvarg[0].pdispVal);
       case ID_CMD_VERIFY_BODY:
         return verifyBody (parms->rgvarg[0].pdispVal);
+      case ID_CMD_MIME_SIGN:
+        return mime_sign (parms->rgvarg[0].pdispVal);
+      case ID_CMD_MIME_ENCRYPT:
+        return mime_encrypt (parms->rgvarg[0].pdispVal);
       case ID_BTN_CERTMANAGER:
       case ID_BTN_ENCRYPT:
       case ID_BTN_DECRYPT:
@@ -529,7 +537,6 @@ GpgolRibbonExtender::Invoke (DISPID dispid, REFIID riid, LCID lcid,
   return DISP_E_MEMBERNOTFOUND;
 }
 
-
 /* Returns the XML markup for the various RibbonID's
 
    The custom ui syntax is documented at:
@@ -541,289 +548,81 @@ GpgolRibbonExtender::Invoke (DISPID dispid, REFIID riid, LCID lcid,
 STDMETHODIMP
 GpgolRibbonExtender::GetCustomUI (BSTR RibbonID, BSTR * RibbonXml)
 {
-  wchar_t buffer[8192];
+  char * buffer = NULL;
+
   const char *certManagerTTip =
     _("Start the Certificate Management Software");
   const char *certManagerSTip =
     _("Open GPA or Kleopatra to manage your certificates. "
       "You can use this you to generate your "
       "own certificates. ");
-  const char *encryptTextTTip =
-    _("Encrypt the text of the message");
-  const char *encryptTextSTip =
-    _("Choose the certificates for which the message "
-      "should be encrypted and replace the text "
-      "with the encrypted message.");
-  const char *encryptFileTTip =
-    _("Add a file as an encrypted attachment");
-  const char *encryptFileSTip =
-    _("Encrypts a file and adds it as an attachment to the "
-      "message. ");
-  const char *encryptSignFileTTip =
-    _("Add a file as an encrypted attachment with a signature");
-  const char *encryptSignFileSTip =
-    _("Encrypts a file, signs it and adds both the encrypted file "
-      "and the signature as attachments to the message. ");
-  const char *decryptTextTTip=
-    _("Decrypt the message");
-  const char *decryptTextSTip =
-    _("Look for PGP or S/MIME encrypted data in the message text "
-      "and decrypt it.");
-  const char *signTextTTip =
-    _("Add a signature of the message");
-  const char *signTextSTip =
-    _("Appends a signed copy of the message text in an opaque signature. "
-      "An opaque signature ensures that the signed text is not modified by "
-      "embedding it in the signature itself. "
-      "The combination of the signed message text and your signature is "
-      "added below the plain text. "
-      "The message will not be encrypted!");
-
-  memset(buffer, 0, sizeof buffer);
+  const char *encryptTTip =
+    _("Encrypt the message.");
+  const char *encryptSTip =
+    _("Encrypts the message and all attachments before sending.");
+  const char *signTTip =
+    _("Sign the message.");
+  const char *signSTip =
+    _("Sign the message and all attchments before sending.");
 
   log_debug ("%s:%s: GetCustomUI for id: %ls", SRCNAME, __func__, RibbonID);
 
-  if (!RibbonXml)
+  if (!RibbonXml || !RibbonID)
     return E_POINTER;
 
   if (!wcscmp (RibbonID, L"Microsoft.Outlook.Mail.Compose"))
     {
-      swprintf (buffer,
-        L"<customUI xmlns=\"http://schemas.microsoft.com/office/2009/07/customui\">"
-        L" <ribbon>"
-        L"   <tabs>"
-        L"    <tab id=\"gpgolTab\""
-        L"         label=\"%hs\">"
-        L"     <group id=\"general\""
-        L"            label=\"%hs\">"
-        L"       <button id=\"CustomButton\""
-        L"               getImage=\"btnCertManager\""
-        L"               size=\"large\""
-        L"               label=\"%hs\""
-        L"               screentip=\"%hs\""
-        L"               supertip=\"%hs\""
-        L"               onAction=\"startCertManager\"/>"
-        L"     </group>"
-        L"     <group id=\"textGroup\""
-        L"            label=\"%hs\">"
-        L"       <button id=\"fullTextEncrypt\""
-        L"               getImage=\"btnEncryptLarge\""
-        L"               size=\"large\""
-        L"               label=\"%hs\""
-        L"               screentip=\"%hs\""
-        L"               supertip=\"%hs\""
-        L"               onAction=\"encryptBody\"/>"
-        L"       <button id=\"fullTextDecrypt\""
-        L"               getImage=\"btnDecryptLarge\""
-        L"               size=\"large\""
-        L"               label=\"%hs\""
-        L"               screentip=\"%hs\""
-        L"               supertip=\"%hs\""
-        L"               onAction=\"decryptBody\"/>"
-        L"       <button id=\"fullTextSign\""
-        L"               getImage=\"btnSignLarge\""
-        L"               size=\"large\""
-        L"               label=\"%hs\""
-        L"               screentip=\"%hs\""
-        L"               supertip=\"%hs\""
-        L"               onAction=\"signBody\"/>"
-        L"       <button id=\"fullTextVerify\""
-        L"               getImage=\"btnVerifyLarge\""
-        L"               size=\"large\""
-        L"               label=\"%hs\""
-        L"               onAction=\"verifyBody\"/>"
-        L"     </group>"
-        L"     <group id=\"attachmentGroup\""
-        L"            label=\"%hs\">"
-        L"       <button id=\"encryptedFile\""
-        L"               getImage=\"btnEncryptLarge\""
-        L"               size=\"large\""
-        L"               label=\"%hs\""
-        L"               screentip=\"%hs\""
-        L"               supertip=\"%hs\""
-        L"               onAction=\"addEncAttachment\"/>"
-        L"       <button id=\"encryptSignFile\""
-        L"               getImage=\"btnEncryptFileLarge\""
-        L"               size=\"large\""
-        L"               label=\"%hs\""
-        L"               screentip=\"%hs\""
-        L"               supertip=\"%hs\""
-        L"               onAction=\"addEncSignedAttachment\"/>"
-        L"     </group>"
-        L"    </tab>"
-        L"   </tabs>"
-        L" </ribbon>"
-        L" <contextMenus>"
-        L"  <contextMenu idMso=\"ContextMenuText\">"
-        L"    <button id=\"encryptButton\""
-        L"            label=\"%hs\""
-        L"            getImage=\"btnEncrypt\""
-        L"            onAction=\"encryptSelection\"/>"
-        L"    <button id=\"decryptButton\""
-        L"            label=\"%hs\""
-        L"            getImage=\"btnDecrypt\""
-        L"            onAction=\"decryptSelection\"/>"
-        L" </contextMenu>"
-        L"</contextMenus>"
-        L"</customUI>", _("GpgOL"), _("General"),
+      asprintf (&buffer,
+        "<customUI xmlns=\"http://schemas.microsoft.com/office/2009/07/customui\">"
+        " <ribbon>"
+        "   <tabs>"
+        "    <tab id=\"gpgolTab\""
+        "         label=\"%s\">"
+        "     <group id=\"general\""
+        "            label=\"%s\">"
+        "       <button id=\"CustomButton\""
+        "               getImage=\"btnCertManager\""
+        "               size=\"large\""
+        "               label=\"%s\""
+        "               screentip=\"%s\""
+        "               supertip=\"%s\""
+        "               onAction=\"startCertManager\"/>"
+        "     </group>"
+        "     <group id=\"textGroup\""
+        "            label=\"%s\">"
+        "       <button id=\"mimeEncrypt\""
+        "               getImage=\"btnEncryptLarge\""
+        "               size=\"large\""
+        "               label=\"%s\""
+        "               screentip=\"%s\""
+        "               supertip=\"%s\""
+        "               onAction=\"encryptMime\"/>"
+        "       <button id=\"mimeSign\""
+        "               getImage=\"btnSignLarge\""
+        "               size=\"large\""
+        "               label=\"%s\""
+        "               screentip=\"%s\""
+        "               supertip=\"%s\""
+        "               onAction=\"signMime\"/>"
+        "     </group>"
+        "    </tab>"
+        "   </tabs>"
+        " </ribbon>"
+        "</customUI>", _("GpgOL"), _("General"),
         _("Start Certificate Manager"), certManagerTTip, certManagerSTip,
-        _("Textbody"),
-        _("Encrypt"), encryptTextTTip, encryptTextSTip,
-        _("Decrypt"), decryptTextTTip, decryptTextSTip,
-        _("Sign"), signTextTTip, signTextSTip,
-        _("Verify"),
-        _("Attachments"),
-        _("Encrypted file"), encryptFileTTip, encryptFileSTip,
-        _("Encrypted file and Signature"), encryptSignFileTTip, encryptSignFileSTip,
-        _("Encrypt"), _("Decrypt")
+        _("GnuPG"),
+        _("Encrypt"), encryptTTip, encryptSTip,
+        _("Sign"), signTTip, signSTip
         );
     }
-  else if (!wcscmp (RibbonID, L"Microsoft.Outlook.Mail.Read"))
-    {
-      swprintf (buffer,
-        L"<customUI xmlns=\"http://schemas.microsoft.com/office/2009/07/customui\">"
-        L" <ribbon>"
-        L"   <tabs>"
-        L"    <tab id=\"gpgolTab\""
-        L"         label=\"%hs\">"
-        L"     <group id=\"general\""
-        L"            label=\"%hs\">"
-        L"       <button id=\"CustomButton\""
-        L"               getImage=\"btnCertManager\""
-        L"               size=\"large\""
-        L"               label=\"%hs\""
-        L"               screentip=\"%hs\""
-        L"               supertip=\"%hs\""
-        L"               onAction=\"startCertManager\"/>"
-        L"     </group>"
-        L"     <group id=\"textGroup\""
-        L"            label=\"%hs\">"
-        L"       <button id=\"fullTextDecrypt\""
-        L"               getImage=\"btnDecryptLarge\""
-        L"               size=\"large\""
-        L"               label=\"%hs\""
-        L"               screentip=\"%hs\""
-        L"               supertip=\"%hs\""
-        L"               onAction=\"decryptBody\"/>"
-        L"       <button id=\"fullTextVerify\""
-        L"               getImage=\"btnVerifyLarge\""
-        L"               size=\"large\""
-        L"               label=\"%hs\""
-        L"               onAction=\"verifyBody\"/>"
-        L"     </group>"
-        L"    </tab>"
-        L"   </tabs>"
-        L"  <contextualTabs>"
-        L"    <tabSet idMso=\"TabSetAttachments\">"
-        L"        <tab idMso=\"TabAttachments\">"
-        L"            <group label=\"%hs\" id=\"gnupgLabel\">"
-        L"                <button id=\"gpgol_contextual_decrypt\""
-        L"                    size=\"large\""
-        L"                    label=\"%hs\""
-        L"                    getImage=\"btnDecryptLarge\""
-        L"                    onAction=\"attachmentDecryptCallback\" />"
-        L"            </group>"
-        L"        </tab>"
-        L"    </tabSet>"
-        L"  </contextualTabs>"
-        L" </ribbon>"
-        L"<contextMenus>"
-        L"<contextMenu idMso=\"ContextMenuReadOnlyMailText\">"
-        L"   <button id=\"decryptReadButton\""
-        L"           label=\"%hs\""
-        L"           getImage=\"btnDecrypt\""
-        L"           onAction=\"decryptSelection\"/>"
-        L" </contextMenu>"
-        L" <contextMenu idMso=\"ContextMenuAttachments\">"
-        L"   <button id=\"gpgol_decrypt\""
-        L"           label=\"%hs\""
-        L"           getImage=\"btnDecrypt\""
-        L"           onAction=\"attachmentDecryptCallback\"/>"
-        L" </contextMenu>"
-        L"</contextMenus>"
-        L"</customUI>",
-        _("GpgOL"), _("General"),
-        _("Start Certificate Manager"), certManagerTTip, certManagerSTip,
-        _("Textbody"),
-        _("Decrypt"), decryptTextTTip, decryptTextSTip,
-        _("Verify"),
-        _("GpgOL"), _("Save and decrypt"),
-        _("Decrypt"),
-        _("Decrypt"));
-    }
-  else if (!wcscmp (RibbonID, L"Microsoft.Outlook.Explorer"))
+
+  if (buffer)
     {
-      swprintf (buffer,
-        L"<customUI xmlns=\"http://schemas.microsoft.com/office/2009/07/customui\">"
-        L" <ribbon>"
-        L"   <tabs>"
-        L"    <tab id=\"gpgolTab\""
-        L"         label=\"%hs\">"
-        L"     <group id=\"general\""
-        L"            label=\"%hs\">"
-        L"       <button id=\"CustomButton\""
-        L"               getImage=\"btnCertManager\""
-        L"               size=\"large\""
-        L"               label=\"%hs\""
-        L"               screentip=\"%hs\""
-        L"               supertip=\"%hs\""
-        L"               onAction=\"startCertManager\"/>"
-        L"     </group>"
-        /* This would be totally nice but Outlook
-           saves the decrypted text aftewards automatically.
-           Yay,..
-        L"     <group id=\"textGroup\""
-        L"            label=\"%hs\">"
-        L"       <button id=\"fullTextDecrypt\""
-        L"               getImage=\"btnDecryptLarge\""
-        L"               size=\"large\""
-        L"               label=\"%hs\""
-        L"               onAction=\"decryptBody\"/>"
-        L"     </group>"
-        */
-        L"    </tab>"
-        L"   </tabs>"
-        L"  <contextualTabs>"
-        L"    <tabSet idMso=\"TabSetAttachments\">"
-        L"        <tab idMso=\"TabAttachments\">"
-        L"            <group label=\"%hs\" id=\"gnupgLabel\">"
-        L"                <button id=\"gpgol_contextual_decrypt\""
-        L"                    size=\"large\""
-        L"                    label=\"%hs\""
-        L"                    getImage=\"btnDecryptLarge\""
-        L"                    onAction=\"attachmentDecryptCallback\" />"
-        L"            </group>"
-        L"        </tab>"
-        L"    </tabSet>"
-        L"  </contextualTabs>"
-        L" </ribbon>"
-        L" <contextMenus>"
-        /*
-           There appears to be no way to access the word editor
-           / get the selected text from that Context.
-        L" <contextMenu idMso=\"ContextMenuReadOnlyMailText\">"
-        L" <button id=\"decryptReadButton1\""
-        L"         label=\"%hs\""
-        L"         onAction=\"decryptSelection\"/>"
-        L" </contextMenu>"
-        */
-        L" <contextMenu idMso=\"ContextMenuAttachments\">"
-        L"   <button id=\"gpgol_decrypt\""
-        L"           label=\"%hs\""
-        L"           getImage=\"btnDecrypt\""
-        L"           onAction=\"attachmentDecryptCallback\"/>"
-        L" </contextMenu>"
-        L" </contextMenus>"
-        L"</customUI>",
-        _("GpgOL"), _("General"),
-        _("Start Certificate Manager"), certManagerTTip, certManagerSTip,
-        /*_("Mail Body"), _("Decrypt"),*/
-        _("GpgOL"), _("Save and decrypt"),/*_("Decrypt"), */
-        _("Save and decrypt"));
+      wchar_t *wbuf = utf8_to_wchar2 (buffer, strlen(buffer));
+      xfree (buffer);
+      *RibbonXml = SysAllocString (wbuf);
+      xfree (wbuf);
     }
-
-  if (wcslen (buffer))
-    *RibbonXml = SysAllocString (buffer);
   else
     *RibbonXml = NULL;
 
diff --git a/src/mailitem-events.cpp b/src/mailitem-events.cpp
index bf364f1..492e2db 100644
--- a/src/mailitem-events.cpp
+++ b/src/mailitem-events.cpp
@@ -167,9 +167,10 @@ MailItemEvents::handle_before_read()
 
 
 static int
-sign_encrypt_item (LPDISPATCH mailitem)
+do_crypto_on_item (LPDISPATCH mailitem)
 {
-  int err = -1;
+  int err = -1,
+      flags = 0;
   LPMESSAGE message = get_oom_base_message (mailitem);
   if (!message)
     {
@@ -177,12 +178,30 @@ sign_encrypt_item (LPDISPATCH mailitem)
                  SRCNAME, __func__);
       return err;
     }
-  log_debug ("%s:%s: Sign / Encrypting message",
-             SRCNAME, __func__);
-  /* TODO check for message flags to determine */
-  err = message_sign_encrypt (message, PROTOCOL_UNKNOWN,
-                              NULL);
-  log_debug ("%s:%s: Sign / Encryption status: %i",
+  flags = get_gpgol_draft_info_flags (message);
+  if (flags == 3)
+    {
+      log_debug ("%s:%s: Sign / Encrypting message",
+                 SRCNAME, __func__);
+      err = message_sign_encrypt (message, PROTOCOL_UNKNOWN,
+                                  NULL);
+    }
+  else if (flags == 2)
+    {
+      err = message_sign (message, PROTOCOL_UNKNOWN,
+                          NULL);
+    }
+  else if (flags == 1)
+    {
+      err = message_encrypt (message, PROTOCOL_UNKNOWN,
+                             NULL);
+    }
+  else
+    {
+      log_debug ("%s:%s: Unknown flags for crypto: %i",
+                 SRCNAME, __func__, flags);
+    }
+  log_debug ("%s:%s: Status: %i",
              SRCNAME, __func__, err);
   message->Release ();
   return err;
@@ -213,6 +232,22 @@ request_send (LPVOID arg)
   return 0;
 }
 
+static bool
+needs_crypto (LPDISPATCH mailitem)
+{
+  LPMESSAGE message = get_oom_message (mailitem);
+  bool ret;
+  if (!message)
+    {
+      log_error ("%s:%s: Failed to get message.",
+                 SRCNAME, __func__);
+      return false;
+    }
+  ret = get_gpgol_draft_info_flags (message);
+  message->Release ();
+  return ret;
+}
+
 /* The main Invoke function. The return value of this
    function does not appear to have any effect on outlook
    although I have read in an example somewhere that you
@@ -262,9 +297,9 @@ EVENT_SINK_INVOKE(MailItemEvents)
                         SRCNAME, __func__);
              break;
            }
-          if (m_crypt_successful)
+          if (!needs_crypto (m_object) || m_crypt_successful)
             {
-               log_debug ("%s:%s: Message %p sucessfully encrypted. May go.",
+               log_debug ("%s:%s: Passing send event for message %p.",
                           SRCNAME, __func__, m_object);
                m_send_seen = false;
                break;
@@ -317,7 +352,7 @@ EVENT_SINK_INVOKE(MailItemEvents)
           if (m_send_seen)
             {
               m_send_seen = false;
-              m_crypt_successful = !sign_encrypt_item (m_object);
+              m_crypt_successful = !do_crypto_on_item (m_object);
               if (m_crypt_successful)
                 {
                   /* We can't trigger a Send event in the current state.
diff --git a/src/mapihelp.cpp b/src/mapihelp.cpp
index 81b3fd2..049f784 100644
--- a/src/mapihelp.cpp
+++ b/src/mapihelp.cpp
@@ -2638,6 +2638,49 @@ mapi_get_mime_info (LPMESSAGE msg)
 }
 
 
+/* Helper around mapi_get_gpgol_draft_info to avoid
+   the string handling.
+   Return values are:
+   0 -> Do nothing
+   1 -> Encrypt
+   2 -> Sign
+   3 -> Encrypt & Sign*/
+int
+get_gpgol_draft_info_flags (LPMESSAGE message)
+{
+  char *buf = mapi_get_gpgol_draft_info (message);
+  int ret = 0;
+  if (!buf)
+    {
+      return 0;
+    }
+  if (buf[0] == 'E')
+    {
+      ret |= 1;
+    }
+  if (buf[1] == 'S')
+    {
+      ret |= 2;
+    }
+  xfree (buf);
+  return ret;
+}
+
+/* Sets the draft info flags. Protocol is always Auto.
+   flags should be the same as defined by
+   get_gpgol_draft_info_flags
+*/
+int
+set_gpgol_draft_info_flags (LPMESSAGE message, int flags)
+{
+  char buf[4];
+  buf[3] = '\0';
+  buf[2] = 'A'; /* Protocol */
+  buf[1] = flags & 2 ? 'S' : 's';
+  buf[0] = flags & 1 ? 'E' : 'e';
+
+  return mapi_set_gpgol_draft_info (message, buf);
+}
 
 
 /* Helper for mapi_get_msg_content_type() */
diff --git a/src/mapihelp.h b/src/mapihelp.h
index 8173b94..a154d95 100644
--- a/src/mapihelp.h
+++ b/src/mapihelp.h
@@ -172,6 +172,10 @@ int   mapi_delete_gpgol_body_attachment (LPMESSAGE message);
 int   mapi_attachment_to_body (LPMESSAGE message, mapi_attach_item_t *item);
 
 attachtype_t get_gpgolattachtype (LPATTACH obj, ULONG tag);
+
+int get_gpgol_draft_info_flags (LPMESSAGE message);
+
+int set_gpgol_draft_info_flags (LPMESSAGE message, int flags);
 #ifdef __cplusplus
 }
 #endif
diff --git a/src/ribbon-callbacks.cpp b/src/ribbon-callbacks.cpp
index eef0b2a..cd5c4c8 100644
--- a/src/ribbon-callbacks.cpp
+++ b/src/ribbon-callbacks.cpp
@@ -1231,3 +1231,95 @@ HRESULT verifyBody (LPDISPATCH ctrl)
 {
   return do_reader_action (ctrl, DATA_BODY | OP_VERIFY);
 }
+
+static void
+message_flag_status (HWND window, int flags)
+{
+  const char * message;
+  if (flags & OP_ENCRYPT && flags & OP_SIGN)
+    {
+      message = _("The message will be signed & encrypted.");
+    }
+  else if (flags & OP_ENCRYPT)
+    {
+      message = _("The message will be encrypted.");
+    }
+  else if (flags & OP_SIGN)
+    {
+      message = _("The message will be signed.");
+    }
+  else
+    {
+      message = _("The message will be sent plain and without a signature.");
+    }
+  MessageBox (NULL,
+              message,
+              _("GpgOL"),
+              MB_ICONINFORMATION|MB_OK);
+}
+
+static HRESULT
+mark_mime_action (LPDISPATCH ctrl, int flags)
+{
+  HRESULT hr;
+  HRESULT rc = E_FAIL;
+  HWND cur_window;
+  LPDISPATCH context = NULL,
+             mailitem = NULL;
+  LPMESSAGE message = NULL;
+  int oldflags,
+      newflags;
+
+  log_debug ("%s:%s: enter", SRCNAME, __func__);
+  hr = getContext (ctrl, &context);
+  if (FAILED(hr))
+      return hr;
+  cur_window = get_oom_context_window (context);
+
+  mailitem = get_oom_object (context, "CurrentItem");
+
+  if (!mailitem)
+    {
+      log_error ("%s:%s: Failed to get mailitem.",
+                 SRCNAME, __func__);
+      goto done;
+    }
+
+  message = get_oom_message (mailitem);
+
+  if (!message)
+    {
+      log_error ("%s:%s: Failed to get message.",
+                 SRCNAME, __func__);
+      goto done;
+    }
+
+  oldflags = get_gpgol_draft_info_flags (message);
+
+  newflags = oldflags xor flags;
+
+  if (set_gpgol_draft_info_flags (message, newflags))
+    {
+      log_error ("%s:%s: Failed to set draft flags.",
+                 SRCNAME, __func__);
+    }
+
+  message_flag_status (cur_window, newflags);
+
+done:
+  RELDISP (context);
+  RELDISP (mailitem);
+  RELDISP (message);
+
+  return rc;
+}
+
+HRESULT mime_sign (LPDISPATCH ctrl)
+{
+  return mark_mime_action (ctrl, OP_SIGN);
+}
+
+HRESULT mime_encrypt (LPDISPATCH ctrl)
+{
+  return mark_mime_action (ctrl, OP_ENCRYPT);
+}
diff --git a/src/ribbon-callbacks.h b/src/ribbon-callbacks.h
index 0f46af4..8c4762d 100644
--- a/src/ribbon-callbacks.h
+++ b/src/ribbon-callbacks.h
@@ -36,6 +36,8 @@
 #define ID_CMD_SIGN_BODY        10
 #define ID_CMD_ATT_ENC_FILE     11
 #define ID_CMD_VERIFY_BODY      12
+#define ID_CMD_MIME_SIGN        13
+#define ID_CMD_MIME_ENCRYPT     14
 
 #define ID_BTN_CERTMANAGER       IDI_KEY_MANAGER_64_PNG
 #define ID_BTN_DECRYPT           IDI_DECRYPT_16_PNG
@@ -57,4 +59,9 @@ HRESULT getIcon (int id, VARIANT* result);
 HRESULT startCertManager (LPDISPATCH ctrl);
 HRESULT signBody (LPDISPATCH ctrl);
 HRESULT verifyBody (LPDISPATCH ctrl);
+
+/* Mark the mail to be mime encrypted on send. */
+HRESULT mime_encrypt (LPDISPATCH ctrl);
+/* Mark the mail to be mime signed on send. */
+HRESULT mime_sign (LPDISPATCH ctrl);
 #endif

-----------------------------------------------------------------------

Summary of changes:
 src/gpgoladdin.cpp       | 331 ++++++++++-------------------------------------
 src/mailitem-events.cpp  |  57 ++++++--
 src/mapihelp.cpp         |  43 ++++++
 src/mapihelp.h           |   4 +
 src/ribbon-callbacks.cpp |  92 +++++++++++++
 src/ribbon-callbacks.h   |   7 +
 6 files changed, 257 insertions(+), 277 deletions(-)


hooks/post-receive
-- 
GnuPG extension for MS Outlook
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Oct  1 22:39:32 2015
From: cvs at cvs.gnupg.org (by Neal H. Walfield)
Date: Thu, 01 Oct 2015 22:39:32 +0200
Subject: [git] GnuPG - branch, neal/next, updated. gnupg-2.1.8-58-ge6c065b
Message-ID: <E1ZhkV4-0004XE-0x@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, neal/next has been updated
  discards  f009c9b4cb0c0a459351b793de9db15296cfa1a6 (commit)
       via  e6c065b058a612cbcb857b7223a1bc5bb7df7cf7 (commit)
       via  2acceba5cc299796c7b5b1851a9baeb75d9f32a1 (commit)
       via  2c60663a72f090573c4869e305b098b4b1fb23bd (commit)
       via  13a3f65968f4a8205ca664cc46b1a53de4dc489b (commit)
       via  a9895a5a72a851c5fcc70f16d5f8f588cc885751 (commit)

This update added new revisions after undoing existing revisions.  That is
to say, the old revision is not a strict subset of the new revision.  This
situation occurs when you --force push a change and generate a repository
containing something like this:

 * -- * -- B -- O -- O -- O (f009c9b4cb0c0a459351b793de9db15296cfa1a6)
            \
             N -- N -- N (e6c065b058a612cbcb857b7223a1bc5bb7df7cf7)

When this happens we assume that you've already had alert emails for all
of the O revisions, and so we here report only the revisions in the N
branch from the common base, B.

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e6c065b058a612cbcb857b7223a1bc5bb7df7cf7
Author: Neal H. Walfield <neal at g10code.com>
Date:   Sat Sep 19 01:32:51 2015 +0200

    TOFU stuff.

diff --git a/common/mkdir_p.c b/common/mkdir_p.c
index 6a54600..d3c9d01 100644
--- a/common/mkdir_p.c
+++ b/common/mkdir_p.c
@@ -31,10 +31,10 @@
 #define DEBUG 0
 
 int
-amkdir_p (char **directory_components)
+amkdir_p (const char **directory_components)
 {
   int count;
-  char **dirs;
+  const char **dirs;
   int i;
   int rc;
 
@@ -131,12 +131,12 @@ amkdir_p (char **directory_components)
 }
 
 int
-mkdir_p (char *directory_component, ...)
+mkdir_p (const char *directory_component, ...)
 {
   va_list ap;
   int i;
   int space = 1;
-  char **dirs = xmalloc (space * sizeof (char *));
+  const char **dirs = xmalloc (space * sizeof (char *));
   int rc;
 
   dirs[0] = directory_component;
diff --git a/common/mkdir_p.h b/common/mkdir_p.h
index ddf412b..fd3c106 100644
--- a/common/mkdir_p.h
+++ b/common/mkdir_p.h
@@ -29,7 +29,7 @@
    first try to create the directory "foo/bar" and then the directory
    "foo/bar/xyzzy".  On success returns 0, otherwise an error code is
    returned.  */
-int mkdir_p (char *directory_component, ...) GPGRT_ATTR_SENTINEL(0);
+int mkdir_p (const char *directory_component, ...) GPGRT_ATTR_SENTINEL(0);
 
 /* Like mkdir_p, but DIRECTORY_COMPONENTS is a NULL terminated
    array, e.g.:
@@ -37,6 +37,6 @@ int mkdir_p (char *directory_component, ...) GPGRT_ATTR_SENTINEL(0);
      char **dirs = { "foo", "bar", NULL };
      amkdir_p (dirs);
  */
-int amkdir_p (char **directory_components);
+int amkdir_p (const char **directory_components);
 
 #endif
diff --git a/configure.ac b/configure.ac
index 27fc9a9..bee69ec 100644
--- a/configure.ac
+++ b/configure.ac
@@ -780,6 +780,12 @@ DL_LIBS=$LIBS
 AC_SUBST(DL_LIBS)
 LIBS="$gnupg_dlopen_save_libs"
 
+# Checks for g10
+
+PKG_CHECK_MODULES(SQLITE3, sqlite3)
+AC_SUBST(SQLITE3_CFLAGS)
+AC_SUBST(SQLITE3_LIBS)
+
 # Checks for g13
 
 AC_PATH_PROG(ENCFS, encfs, /usr/bin/encfs)
diff --git a/doc/DETAILS b/doc/DETAILS
index 811b105..97079b0 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -206,6 +206,10 @@ described here.
 
     For pub, sub, sec, and ssb records this field is used for the ECC
     curve name.
+*** Field 18 - TOFU Policy
+
+    This is the TOFU policy.  It is either good, bad, unknown, ask or
+    auto.  This is only shows for uid records.
 
 ** Special fields
 
diff --git a/g10/Makefile.am b/g10/Makefile.am
index 2fd52b3..cf5a19f 100644
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@@ -25,7 +25,7 @@ AM_CPPFLAGS = -I$(top_srcdir)/common
 
 include $(top_srcdir)/am/cmacros.am
 
-AM_CFLAGS = $(LIBGCRYPT_CFLAGS) \
+AM_CFLAGS = $(SQLITE3_CFLAGS) $(LIBGCRYPT_CFLAGS) \
             $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS)
 
 needed_libs = ../kbx/libkeybox.a $(libcommon)
@@ -125,7 +125,8 @@ gpg2_SOURCES  = gpg.c		\
 	      call-agent.c call-agent.h \
 	      trust.c $(trust_source) \
 	      $(card_source) \
-	      exec.c exec.h
+	      exec.c exec.h \
+	      tofu.h tofu.c
 
 gpgv2_SOURCES = gpgv.c           \
 	      $(common_source)  \
@@ -140,7 +141,7 @@ gpgv2_SOURCES = gpgv.c           \
 
 LDADD =  $(needed_libs) ../common/libgpgrl.a \
          $(ZLIBS) $(LIBINTL) $(CAPLIBS) $(NETLIBS)
-gpg2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(LIBREADLINE) \
+gpg2_LDADD = $(LDADD) $(SQLITE3_LIBS) $(LIBGCRYPT_LIBS) $(LIBREADLINE) \
              $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \
 	     $(LIBICONV) $(resource_objs) $(extra_sys_libs)
 gpg2_LDFLAGS = $(extra_bin_ldflags)
diff --git a/g10/gpg.c b/g10/gpg.c
index 9454b53..761e2ba 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -59,6 +59,7 @@
 #include "gc-opt-flags.h"
 #include "asshelp.h"
 #include "call-dirmngr.h"
+#include "tofu.h"
 #include "../common/init.h"
 #include "../common/shareddefs.h"
 
@@ -162,6 +163,7 @@ enum cmd_and_opt_values
     aChangePIN,
     aPasswd,
     aServer,
+    aTOFUPolicy,
 
     oTextmode,
     oNoTextmode,
@@ -384,6 +386,7 @@ enum cmd_and_opt_values
     oFakedSystemTime,
     oNoAutostart,
     oPrintPKARecords,
+    oTOFUDefaultPolicy,
 
     oNoop
   };
@@ -474,6 +477,8 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_c (aPrimegen, "gen-prime", "@" ),
   ARGPARSE_c (aGenRandom,"gen-random", "@" ),
   ARGPARSE_c (aServer,   "server",  N_("run in server mode")),
+  ARGPARSE_c (aTOFUPolicy, "tofu-policy",
+	      N_("|VALUE|set the TOFU policy for a key (good, unknown, bad, ask, auto)")),
 
   ARGPARSE_group (301, N_("@\nOptions:\n ")),
 
@@ -669,6 +674,7 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_i (oDefCertLevel, "default-cert-check-level", "@"), /* old */
   ARGPARSE_s_n (oAlwaysTrust, "always-trust", "@"),
   ARGPARSE_s_s (oTrustModel, "trust-model", "@"),
+  ARGPARSE_s_s (oTOFUDefaultPolicy, "tofu-default-policy", "@"),
   ARGPARSE_s_s (oSetFilename, "set-filename", "@"),
   ARGPARSE_s_n (oForYourEyesOnly, "for-your-eyes-only", "@"),
   ARGPARSE_s_n (oNoForYourEyesOnly, "no-for-your-eyes-only", "@"),
@@ -1937,6 +1943,12 @@ parse_trust_model(const char *model)
     opt.trust_model=TM_ALWAYS;
   else if(ascii_strcasecmp(model,"direct")==0)
     opt.trust_model=TM_DIRECT;
+  else if(ascii_strcasecmp(model,"tofu")==0)
+    opt.trust_model=TM_TOFU;
+  else if(ascii_strcasecmp(model,"tofu+pgp")==0)
+    opt.trust_model=TM_TOFU_PGP;
+  else if(ascii_strcasecmp(model,"tofu+wot")==0)
+    opt.trust_model=TM_TOFU_PGP;
   else if(ascii_strcasecmp(model,"auto")==0)
     opt.trust_model=TM_AUTO;
   else
@@ -1944,6 +1956,26 @@ parse_trust_model(const char *model)
 }
 #endif /*NO_TRUST_MODELS*/
 
+static int
+parse_tofu_policy (const char *policy)
+{
+  if (ascii_strcasecmp (policy, "auto") == 0)
+    return TOFU_BINDING_AUTO;
+  else if (ascii_strcasecmp (policy, "good") == 0)
+    return TOFU_BINDING_GOOD;
+  else if (ascii_strcasecmp (policy, "unknown") == 0)
+    return TOFU_BINDING_UNKNOWN;
+  else if (ascii_strcasecmp (policy, "bad") == 0)
+    return TOFU_BINDING_BAD;
+  else if (ascii_strcasecmp (policy, "ask") == 0)
+    return TOFU_BINDING_ASK;
+  else
+    log_fatal("unknown TOFU policy '%s'"
+	      " (expected 'bad', 'ask', 'auto' or 'good')\n",
+	      policy);
+
+  BUG();
+}
 
 /* This fucntion called to initialized a new control object.  It is
    assumed that this object has been zeroed out before calling this
@@ -2148,6 +2180,7 @@ main (int argc, char **argv)
 #else
     opt.trust_model = TM_AUTO;
 #endif
+    opt.tofu_default_policy = TOFU_BINDING_AUTO;
     opt.mangle_dos_filenames = 0;
     opt.min_cert_level = 2;
     set_screen_dimensions ();
@@ -2370,6 +2403,10 @@ main (int argc, char **argv)
             opt.batch = 1;
             break;
 
+          case aTOFUPolicy:
+            set_cmd (&cmd, pargs.r_opt);
+            break;
+
 	  case oArmor: opt.armor = 1; opt.no_armor=0; break;
 	  case oOutput: opt.outfile = pargs.r.ret_str; break;
 	  case oMaxOutput: opt.max_output = pargs.r.ret_ulong; break;
@@ -2551,6 +2588,9 @@ main (int argc, char **argv)
 	    parse_trust_model(pargs.r.ret_str);
 	    break;
 #endif /*!NO_TRUST_MODELS*/
+	  case oTOFUDefaultPolicy:
+	    opt.tofu_default_policy = parse_tofu_policy (pargs.r.ret_str);
+	    break;
 
 	  case oForceOwnertrust:
 	    log_info(_("Note: %s is not for normal use!\n"),
@@ -4348,6 +4388,66 @@ main (int argc, char **argv)
         gcry_control (GCRYCTL_PRINT_CONFIG, stdout);
         break;
 
+      case aTOFUPolicy:
+	{
+	  int policy;
+	  int i;
+	  KEYDB_HANDLE hd;
+
+	  if (argc < 2)
+	    wrong_args("--tofu-policy POLICY KEYID [KEYID...]");
+
+	  policy = parse_tofu_policy (argv[0]);
+
+	  hd = keydb_new ();
+	  if (! hd)
+	    log_fatal (_("Failed to open the keyring DB.\n"));
+
+	  for (i = 1; i < argc; i ++)
+	    {
+	      KEYDB_SEARCH_DESC desc;
+	      kbnode_t kb;
+
+	      rc = classify_user_id (argv[i], &desc, 0);
+	      if (rc)
+		log_fatal (_("Failed to parse `%s'.\n"), argv[i]);
+
+	      if (! (desc.mode == KEYDB_SEARCH_MODE_SHORT_KID
+		     || desc.mode == KEYDB_SEARCH_MODE_LONG_KID
+		     || desc.mode == KEYDB_SEARCH_MODE_FPR16
+		     || desc.mode == KEYDB_SEARCH_MODE_FPR20
+		     || desc.mode == KEYDB_SEARCH_MODE_FPR
+		     || desc.mode == KEYDB_SEARCH_MODE_KEYGRIP))
+		log_fatal (_("`%s' does not appear to be a valid"
+			     " key id, fingerprint or key grip.\n"),
+			   argv[i]);
+
+	      rc = keydb_search_reset (hd);
+	      if (rc)
+		log_fatal (_("Failed to reset keyring handle.\n"));
+
+	      rc = keydb_search (hd, &desc, 1, NULL);
+	      if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY)
+		log_fatal (_("Key `%s' is not available\n"), argv[i]);
+	      else if (rc)
+		log_fatal (_("Failed to find key `%s'\n"), argv[i]);
+
+	      rc = keydb_get_keyblock (hd, &kb);
+	      if (rc)
+		log_fatal (_("Failed to read key `%s' from the keyring\n"),
+			   argv[i]);
+
+	      merge_keys_and_selfsig (kb);
+
+	      if (tofu_set_policy (kb, policy))
+		g10_exit (1);
+	    }
+
+	  keydb_release (hd);
+
+	}
+	break;
+
       case aListPackets:
 	opt.list_packets=2;
       default:
diff --git a/g10/gpgv.c b/g10/gpgv.c
index 412f4be..47ddfd3 100644
--- a/g10/gpgv.c
+++ b/g10/gpgv.c
@@ -285,10 +285,13 @@ get_validity_info (PKT_public_key *pk, PKT_user_id *uid)
 }
 
 unsigned int
-get_validity (PKT_public_key *pk, PKT_user_id *uid)
+get_validity (PKT_public_key *pk, PKT_user_id *uid, PKT_signature *sig,
+	      int may_ask)
 {
   (void)pk;
   (void)uid;
+  (void)sig;
+  (void)may_ask;
   return 0;
 }
 
@@ -592,3 +595,26 @@ gpg_dirmngr_get_pka (ctrl_t ctrl, const char *userid,
     *r_url = NULL;
   return gpg_error (GPG_ERR_NOT_FOUND);
 }
+
+enum tofu_binding_policy
+  {
+    tofu_binding_policy
+  };
+
+gpg_error_t
+tofu_get_policy (PKT_public_key *pk, PKT_user_id *user_id,
+		 enum tofu_binding_policy *policy)
+{
+  (void)pk;
+  (void)user_id;
+  (void)policy;
+  return gpg_error (GPG_ERR_GENERAL);
+}
+
+const char *
+tofu_binding_policy_str (enum tofu_binding_policy policy)
+{
+  (void)policy;
+
+  return "unknown";
+}
diff --git a/g10/keyedit.c b/g10/keyedit.c
index 143c748..7a5650a 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -47,6 +47,7 @@
 #include "keyserver-internal.h"
 #include "call-agent.h"
 #include "host2net.h"
+#include "tofu.h"
 
 static void show_prefs (PKT_user_id * uid, PKT_signature * selfsig,
 			int verbose);
@@ -2928,6 +2929,14 @@ show_key_with_all_names_colon (ctrl_t ctrl, estream_t fp, kbnode_t keyblock)
 	  if ((node->flag & NODFLG_MARK_A))
 	    es_putc ('m', fp);
 	  es_putc (':', fp);
+	  if (opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP)
+	    {
+	      enum tofu_binding_policy policy;
+	      if (! tofu_get_policy (primary, uid, &policy)
+		  && policy != TOFU_BINDING_NONE)
+		es_fprintf (fp, "%s", tofu_binding_policy_str (policy));
+	    }
+	  es_putc (':', fp);
 	  es_putc ('\n', fp);
 	}
     }
@@ -3043,7 +3052,8 @@ show_key_with_all_names (ctrl_t ctrl, estream_t fp,
 
 	      /* Show a warning once */
 	      if (!did_warn
-		  && (get_validity (pk, NULL) & TRUST_FLAG_PENDING_CHECK))
+		  && (get_validity (pk, NULL, NULL, 0)
+		      & TRUST_FLAG_PENDING_CHECK))
 		{
 		  did_warn = 1;
 		  do_warn = 1;
@@ -5335,7 +5345,7 @@ menu_revuid (KBNODE pub_keyblock)
 		/* If the trustdb has an entry for this key+uid then the
 		   trustdb needs an update. */
 		if (!update_trust
-		    && (get_validity (pk, uid) & TRUST_MASK) >=
+		    && (get_validity (pk, uid, NULL, 0) & TRUST_MASK) >=
 		    TRUST_UNDEFINED)
 		  update_trust = 1;
 #endif /*!NO_TRUST_MODELS*/
diff --git a/g10/keylist.c b/g10/keylist.c
index bfc6d49..84f0fe0 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -43,6 +43,7 @@
 #include "status.h"
 #include "call-agent.h"
 #include "mbox-util.h"
+#include "tofu.h"
 
 
 static void list_all (int, int);
@@ -97,7 +98,8 @@ public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode)
 	es_fprintf (es_stdout, "o");
       if (trust_model != opt.trust_model)
 	es_fprintf (es_stdout, "t");
-      if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC)
+      if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
+	  || opt.trust_model == TM_TOFU_PGP)
 	{
 	  if (marginals != opt.marginals_needed)
 	    es_fprintf (es_stdout, "m");
@@ -986,7 +988,7 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr,
      include, but it looks sort of confusing in the listing... */
   if (opt.list_options & LIST_SHOW_VALIDITY)
     {
-      int validity = get_validity (pk, NULL);
+      int validity = get_validity (pk, NULL, NULL, 0);
       es_fprintf (es_stdout, " [%s]", trust_value_to_string (validity));
     }
 #endif
@@ -1357,6 +1359,7 @@ list_keyblock_colon (KBNODE keyblock, int secret, int has_secret, int fpr)
       xfree (curve);
     }
   es_putc (':', es_stdout);		/* End of field 17. */
+  es_putc (':', es_stdout);		/* End of field 18. */
   es_putc ('\n', es_stdout);
 
   print_revokers (es_stdout, pk);
@@ -1414,6 +1417,15 @@ list_keyblock_colon (KBNODE keyblock, int secret, int has_secret, int fpr)
 	    es_fprintf (es_stdout, "%u %lu", uid->numattribs, uid->attrib_len);
 	  else
 	    es_write_sanitized (es_stdout, uid->name, uid->len, ":", NULL);
+	  es_fprintf (es_stdout, "::::::::");
+	  if (opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP)
+	    {
+	      enum tofu_binding_policy policy;
+	      if (! tofu_get_policy (pk, uid, &policy)
+		  && policy != TOFU_BINDING_NONE)
+		es_fprintf (es_stdout, "%s",
+			    tofu_binding_policy_str (policy));
+	    }
 	  es_putc (':', es_stdout);
 	  es_putc ('\n', es_stdout);
 	}
diff --git a/g10/mainproc.c b/g10/mainproc.c
index f7b7c6b..3ff757b 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -835,6 +835,7 @@ do_check_sig (CTX c, kbnode_t node, int *is_selfsig,
   PKT_signature *sig;
   gcry_md_hd_t md = NULL;
   gcry_md_hd_t md2 = NULL;
+  gcry_md_hd_t md_good = NULL;
   int algo, rc;
 
   assert (node->pkt->pkttype == PKT_SIGNATURE);
@@ -910,8 +911,21 @@ do_check_sig (CTX c, kbnode_t node, int *is_selfsig,
     return GPG_ERR_SIG_CLASS;
 
   rc = signature_check2 (sig, md, NULL, is_expkey, is_revkey, NULL);
-  if (gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE && md2)
-    rc = signature_check2 (sig, md2, NULL, is_expkey, is_revkey, NULL);
+  if (! rc)
+    md_good = md;
+  else if (gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE && md2)
+    {
+      rc = signature_check2 (sig, md2, NULL, is_expkey, is_revkey, NULL);
+      if (! rc)
+	md_good = md2;
+    }
+
+  if (md_good)
+    {
+      unsigned char *buffer = gcry_md_read (md_good, 0);
+      sig->digest_len = gcry_md_get_algo_dlen (map_md_openpgp_to_gcry (algo));
+      memcpy (sig->digest, buffer, sig->digest_len);
+    }
 
   gcry_md_close (md);
   gcry_md_close (md2);
@@ -1832,9 +1846,9 @@ check_sig_and_print (CTX c, kbnode_t node)
 
           assert (pk);
 
-          /* Get it before we print anything to avoid interrupting the
-             output with the "please do a --check-trustdb" line. */
-          valid = get_validity (pk, un->pkt->pkt.user_id);
+	  /* Since this is just informational, don't actually ask the
+	     user to update any trust information.  */
+          valid = get_validity (pk, un->pkt->pkt.user_id, sig, 0);
 
           keyid_str[17] = 0; /* cut off the "[uncertain]" part */
 
@@ -1923,8 +1937,11 @@ check_sig_and_print (CTX c, kbnode_t node)
                   else if (un->pkt->pkt.user_id->is_expired)
                     valid = _("expired");
                   else
+		    /* Since this is just informational, don't
+		       actually ask the user to update any trust
+		       information.  */
                     valid = (trust_value_to_string
-                             (get_validity (pk, un->pkt->pkt.user_id)));
+                             (get_validity (pk, un->pkt->pkt.user_id, sig, 0)));
                   log_printf (" [%s]\n",valid);
                 }
               else
diff --git a/g10/options.h b/g10/options.h
index fd2f4a2..51979c5 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -117,8 +117,16 @@ struct
      we started storing the trust model inside the trustdb. */
   enum
     {
-      TM_CLASSIC=0, TM_PGP=1, TM_EXTERNAL=2, TM_ALWAYS, TM_DIRECT, TM_AUTO
+      TM_CLASSIC=0, TM_PGP=1, TM_EXTERNAL=2,
+      TM_ALWAYS, TM_DIRECT, TM_AUTO, TM_TOFU, TM_TOFU_PGP
     } trust_model;
+  enum
+    {
+      TOFU_DB_SPLIT=0, TOFU_DB_FLAT
+    } tofu_db_format;
+  /* TOFU_BINDING_BAD, TOFU_BINDING_ASK, TOFU_BINDING_AUTO, or
+     TOFU_BINDING_GOOD.  */
+  int tofu_default_policy;
   int force_ownertrust;
   enum
     {
diff --git a/g10/packet.h b/g10/packet.h
index eb7da75..2c1b478 100644
--- a/g10/packet.h
+++ b/g10/packet.h
@@ -175,6 +175,11 @@ typedef struct
   subpktarea_t *unhashed;    /* Ditto for unhashed data. */
   byte digest_start[2];      /* First 2 bytes of the digest. */
   gcry_mpi_t  data[PUBKEY_MAX_NSIG];
+  /* The message digest and its length (in bytes).  Note the maximum
+     digest length is 512 bits (64 bytes).  If DIGEST_LEN is 0, then
+     the digest's value has not been saved here.  */
+  byte digest[512 / 8];
+  int digest_len;
 } PKT_signature;
 
 #define ATTRIB_IMAGE 1
diff --git a/g10/pkclist.c b/g10/pkclist.c
index 9996d18..06ba86e 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -37,6 +37,7 @@
 #include "status.h"
 #include "photoid.h"
 #include "i18n.h"
+#include "tofu.h"
 
 #define CONTROL_D ('D' - 'A' + 1)
 
@@ -507,13 +508,13 @@ do_we_trust_pre( PKT_public_key *pk, unsigned int trustlevel )
 
 /****************
  * Check whether we can trust this signature.
- * Returns: Error if we shall not trust this signatures.
+ * Returns an error code if we should not trust this signature.
  */
 int
 check_signatures_trust( PKT_signature *sig )
 {
   PKT_public_key *pk = xmalloc_clear( sizeof *pk );
-  unsigned int trustlevel;
+  unsigned int trustlevel = TRUST_UNKNOWN;
   int rc=0;
 
   rc = get_pubkey( pk, sig->keyid );
@@ -537,7 +538,7 @@ check_signatures_trust( PKT_signature *sig )
     log_info(_("WARNING: this key might be revoked (revocation key"
 	       " not present)\n"));
 
-  trustlevel = get_validity (pk, NULL);
+  trustlevel = get_validity (pk, NULL, sig, 1);
 
   if ( (trustlevel & TRUST_FLAG_REVOKED) )
     {
@@ -829,7 +830,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
     }
 
   /* Key found and usable.  Check validity. */
-  trustlevel = get_validity (pk, pk->user_id);
+  trustlevel = get_validity (pk, pk->user_id, NULL, 1);
   if ( (trustlevel & TRUST_FLAG_DISABLED) )
     {
       /* Key has been disabled. */
@@ -1114,7 +1115,7 @@ build_pk_list (ctrl_t ctrl,
                 { /* Check validity of this key. */
                   int trustlevel;
 
-                  trustlevel = get_validity (pk, pk->user_id);
+                  trustlevel = get_validity (pk, pk->user_id, NULL, 1);
                   if ( (trustlevel & TRUST_FLAG_DISABLED) )
                     {
                       tty_printf (_("Public key is disabled.\n") );
diff --git a/g10/test-stubs.c b/g10/test-stubs.c
index c6f6d68..4829aea 100644
--- a/g10/test-stubs.c
+++ b/g10/test-stubs.c
@@ -104,10 +104,13 @@ get_validity_info (PKT_public_key *pk, PKT_user_id *uid)
 }
 
 unsigned int
-get_validity (PKT_public_key *pk, PKT_user_id *uid)
+get_validity (PKT_public_key *pk, PKT_user_id *uid, PKT_signature *sig,
+	      int may_ask)
 {
   (void)pk;
   (void)uid;
+  (void)sig;
+  (void)may_ask;
   return 0;
 }
 
@@ -411,3 +414,26 @@ gpg_dirmngr_get_pka (ctrl_t ctrl, const char *userid,
     *r_url = NULL;
   return gpg_error (GPG_ERR_NOT_FOUND);
 }
+
+enum tofu_binding_policy
+  {
+    tofu_binding_policy
+  };
+
+gpg_error_t
+tofu_get_policy (PKT_public_key *pk, PKT_user_id *user_id,
+		 enum tofu_binding_policy *policy)
+{
+  (void)pk;
+  (void)user_id;
+  (void)policy;
+  return gpg_error (GPG_ERR_GENERAL);
+}
+
+const char *
+tofu_binding_policy_str (enum tofu_binding_policy policy)
+{
+  (void)policy;
+
+  return "unknown";
+}
diff --git a/g10/tofu.c b/g10/tofu.c
new file mode 100644
index 0000000..3dd8314
--- /dev/null
+++ b/g10/tofu.c
@@ -0,0 +1,1668 @@
+/* XXX:
+
+   - Add some test cases.
+
+   - Format the fingerprints nicely when printing.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <assert.h>
+#include <sqlite3.h>
+
+#include "gpg.h"
+#include "types.h"
+#include "logging.h"
+#include "stringhelp.h"
+#include "options.h"
+#include "mbox-util.h"
+#include "i18n.h"
+#include "trustdb.h"
+#include "mkdir_p.h"
+
+#include "tofu.h"
+
+enum db_type
+  {
+    DB_COMBINED,
+    DB_EMAIL,
+    DB_KEY
+  };
+
+struct db
+{
+  struct db *next;
+  enum db_type type;
+  sqlite3 *db;
+  char name[1];
+};
+
+const char *
+tofu_binding_policy_str (enum tofu_binding_policy policy)
+{
+  switch (policy)
+    {
+    case TOFU_BINDING_NONE: return "none";
+    case TOFU_BINDING_AUTO: return "auto";
+    case TOFU_BINDING_GOOD: return "good";
+    case TOFU_BINDING_UNKNOWN: return "unknown";
+    case TOFU_BINDING_BAD: return "bad";
+    case TOFU_BINDING_ASK: return "ask";
+    default: return "???";
+    }
+}
+
+int
+tofu_binding_policy_to_trust (enum tofu_binding_policy policy)
+{
+  if (policy == TOFU_BINDING_AUTO)
+    /* If POLICY is AUTO, fallback to OPT.TOFU_DEFAULT_POLICY.  */
+    policy = opt.tofu_default_policy;
+  if (policy == TOFU_BINDING_AUTO)
+    policy = TOFU_BINDING_GOOD;
+
+  switch (policy)
+    {
+    case TOFU_BINDING_GOOD:
+      return TRUST_FULLY;
+    case TOFU_BINDING_UNKNOWN:
+      return TRUST_UNKNOWN;
+    case TOFU_BINDING_BAD:
+      return TRUST_NEVER;
+    case TOFU_BINDING_ASK:
+      return TRUST_ASK;
+    default:
+      log_bug ("Bad value for trust policy: %d\n",
+	       opt.tofu_default_policy);
+      return 0;
+    }
+}
+
+static int
+sqlite3_exec_printf (sqlite3 *db,
+		     int (*callback)(void*,int,char**,char**), void *cookie,
+		     char **errmsg,
+		     const char *sql, ...)
+{
+  va_list ap;
+  int rc;
+  char *sql2;
+
+  va_start (ap, sql);
+  sql2 = sqlite3_vmprintf (sql, ap);
+  va_end (ap);
+
+#if 0
+  log_debug ("tofo db: executing: `%s'\n", sql2);
+#endif
+
+  rc = sqlite3_exec (db, sql2, callback, cookie, errmsg);
+
+  sqlite3_free (sql2);
+
+  return rc;
+}
+
+static int
+version_check_cb (void *cookie, int argc, char **argv, char **azColName)
+{
+  int *version = cookie;
+
+  if (argc != 1 || strcmp (azColName[0], "version") != 0)
+    *version = -1;
+
+  if (strcmp (argv[0], "0") == 0)
+    *version = 0;
+  else
+    log_error (_("TOFU: unsupported database version: %s\n"), argv[0]);
+
+  /* Don't run again.  */
+  return 1;
+}
+
+/* Return 1 if the database is okay and 0 otherwise.  */
+static int
+initdb (sqlite3 *db, enum db_type type)
+{
+  char *err = NULL;
+  int rc;
+  int version = -1;
+
+  rc = sqlite3_exec (db, "select version from version;", version_check_cb,
+		     &version, &err);
+  if (rc == SQLITE_ABORT && version == 0)
+    /* Happy, happy, joy, joy.  */
+    {
+      sqlite3_free (err);
+      return 1;
+    }
+
+  rc = sqlite3_exec (db, "begin transaction;", NULL, NULL, &err);
+  if (rc)
+    {
+      log_error (_("Error beginning transaction on TOFU database: %s\n"),
+		 err);
+      sqlite3_free (err);
+      return 0;
+    }
+
+  /* If the version table doesn't exist, then this might be a new
+     file and we need to initialize the whole sheband.  */
+  rc = sqlite3_exec (db,
+		     "create table version (version INTEGER);",
+		     NULL, NULL, &err);
+  if (rc)
+    {
+      log_error (_("Error initializing TOFU database (%s): %s\n"),
+		 "version", err);
+      sqlite3_free (err);
+      goto out;
+    }
+
+  rc = sqlite3_exec (db,
+		     "insert into version values (0);",
+		     NULL, NULL, &err);
+  if (rc)
+    {
+      log_error (_("Error initializing TOFU database (%s): %s\n"),
+		 "version, init", err);
+      sqlite3_free (err);
+      goto out;
+    }
+
+  /* The list of <fingerprint, email> bindings and auxiliary data.
+
+       OID is a unique ID identifying this binding (and used by the
+         signatures table, see below).  Note: OIDs will never be
+         reused.
+
+       FINGERPRINT: The key's fingerprint.
+
+       EMAIL: The normalized email address.
+
+       USER_ID: The unmodified user id from which EMAIL was extracted.
+
+       TIME: The time this binding was first observed.
+
+       POLICY: The trust policy (-1, 0, 1, or 2; see the
+         documentation for TOFU_BINDING_BAD, etc. above).  */
+  rc = sqlite3_exec_printf
+    (db, NULL, NULL, &err,
+     "create table bindings\n"
+     " (oid INTEGER PRIMARY KEY AUTOINCREMENT,\n"
+     "  fingerprint TEXT, email TEXT, user_id TEXT, time INTEGER,"
+     "  policy BOOLEAN CHECK (policy in (%d, %d, %d, %d, %d)),\n"
+     "  unique (fingerprint, email));\n"
+     "create index bindings_fingerprint_email\n"
+     " on bindings (fingerprint, email);",
+     TOFU_BINDING_AUTO, TOFU_BINDING_GOOD, TOFU_BINDING_UNKNOWN,
+     TOFU_BINDING_BAD, TOFU_BINDING_ASK);
+  if (rc)
+    {
+      log_error (_("Error initializing TOFU database (%s): %s\n"),
+		 "bindings", err);
+      sqlite3_free (err);
+      goto out;
+    }
+
+  if (type != DB_KEY)
+    {
+      /* The signatures that we have observed.
+
+	 BINDING refers to a record in the bindings table, which describes
+         the binding.
+
+	 SIG_DIGEST is the digest stored in the signature.
+
+	 SIG_TIME is the timestamp stored in the signature.
+
+	 ORIGIN is a free-form string that describes who fed this
+         signature to GnuPG (e.g., email:claws).
+
+	 TIME is the time this signature was registered.  */
+      rc = sqlite3_exec (db,
+			 "create table signatures "
+			 " (binding INTEGER NOT NULL, sig_digest TEXT,"
+			 "  origin TEXT, sig_time INTEGER, time INTEGER,"
+			 "  primary key (binding, sig_digest, origin));",
+			 NULL, NULL, &err);
+      if (rc)
+	{
+	  log_error (_("Error initializing TOFU database (%s): %s\n"),
+		     "signatures", err);
+	  sqlite3_free (err);
+	  goto out;
+	}
+    }
+
+ out:
+  if (rc)
+    {
+      rc = sqlite3_exec (db, "rollback;", NULL, NULL, &err);
+      if (rc)
+	{
+	  log_error (_("%s: Error aborting transaction: %s\n"),
+		     __func__, err);
+	  sqlite3_free (err);
+	}
+      return 0;
+    }
+  else
+    {
+      rc = sqlite3_exec (db, "commit transaction;", NULL, NULL, &err);
+      if (rc)
+	{
+	  log_error (_("%s: Error commit transaction: %s\n"),
+		     __func__, err);
+	  sqlite3_free (err);
+	  return 0;
+	}
+      return 1;
+    }
+}
+
+
+/* Open and initialize a low-level TOFU database.  Returns NULL on
+   failure.  */
+static sqlite3 *
+opendb (char *filename, enum db_type type)
+{
+  sqlite3 *db;
+  int filename_free = 0;
+  int rc;
+
+  if (opt.tofu_db_format == TOFU_DB_FLAT)
+    {
+      assert (! filename);
+      assert (type == DB_COMBINED);
+      filename = make_filename (opt.homedir, "tofu.db", NULL);
+      filename_free = 1;
+    }
+  else
+    assert (type == DB_EMAIL || type == DB_KEY);
+
+  assert (filename);
+
+  rc = sqlite3_open (filename, &db);
+  if (rc)
+    {
+      log_error (_("Can't open TOFU database ('%s'): %s\n"),
+		 filename, sqlite3_errmsg (db));
+      sqlite3_close (db);
+      db = NULL;
+    }
+
+  if (filename_free)
+    xfree (filename);
+
+  if (db && initdb (db, type) == 0)
+    {
+      sqlite3_close (db);
+      db = NULL;
+    }
+
+  return db;
+}
+
+static sqlite3 *
+getdb (struct db *dbs, const char *name, enum db_type type)
+{
+  struct db *t = NULL;
+  int i;
+  sqlite3 *sqlitedb = NULL;
+  char *name_sanitized = NULL;
+  char *filename = NULL;
+
+  assert (! dbs->name[0]);
+
+  if (opt.tofu_db_format == TOFU_DB_FLAT)
+    /* When using the flat format, we only have a single DB.  */
+    {
+      assert (dbs->db);
+      assert (! dbs->next);
+      assert (type == DB_COMBINED);
+      return dbs->db;
+    }
+  else
+    /* When using the split format the first entry on the DB list is a
+       dummy entry.  */
+    assert (! dbs->db);
+
+  /* We have the split format.  */
+  assert (type == DB_EMAIL || type == DB_KEY);
+
+  /* Only allow alpha-numeric characters in the filename.  */
+  name_sanitized = xstrdup (name);
+  for (i = 0; name[i]; i ++)
+    {
+      char c = name_sanitized[i];
+      if (! (('a' <= c && c <= 'z')
+	     || ('A' <= c && c <= 'Z')
+	     || ('0' <= c && c <= '9')))
+	name_sanitized[i] = '_';
+    }
+
+  for (t = dbs; t; t = t->next)
+    if (type == t->type && strcmp (t->name, name_sanitized) == 0)
+      return t->db;
+
+  /* Open the DB.  The filename has the form:
+
+       tofu.d/TYPE/PREFIX/NAME.db
+
+     We use a short prefix to try to avoid having many files in a
+     single directory.  */
+  {
+    char *type_str = type == DB_EMAIL ? "email" : "key";
+    char prefix[3] = { name_sanitized[0], name_sanitized[1], 0 };
+    char *name_db;
+
+    /* Make the directory.  */
+    if (mkdir_p (opt.homedir, "tofu.d", type_str, prefix, NULL) != 0)
+      log_fatal ("Unable to create directory %s/%s/%s/%s",
+		 opt.homedir, "tofu.d", type_str, prefix);
+
+    name_db = xstrconcat (name_sanitized, ".db", NULL);
+    filename = make_filename
+      (opt.homedir, "tofu.d", type_str, prefix, name_db, NULL);
+    xfree (name_db);
+  }
+
+  sqlitedb = opendb (filename, type);
+  if (! sqlitedb)
+    goto out;
+
+  t = xmalloc (sizeof (struct db) + strlen (name_sanitized));
+  t->type = type;
+  t->db = sqlitedb;
+  strcpy (t->name, name_sanitized);
+
+  t->next = dbs->next;
+  dbs->next = t;
+
+ out:
+  xfree (filename);
+  xfree (name_sanitized);
+
+  if (! t)
+    return NULL;
+  return t->db;
+}
+
+
+/* Create a new DB meta-handle.  Returns NULL on error.  */
+static struct db *
+opendbs (void)
+{
+  sqlite3 *db = NULL;
+  struct db *dbs;
+
+  if (opt.tofu_db_format == TOFU_DB_FLAT)
+    {
+      db = opendb (NULL, DB_COMBINED);
+      if (! db)
+	return NULL;
+    }
+
+  dbs = xmalloc_clear (sizeof (*dbs));
+  dbs->db = db;
+  dbs->type = DB_COMBINED;
+
+  return dbs;
+}
+
+/* Release all of the resources associated with a DB meta-handle.  */
+static void
+closedbs (struct db *dbs)
+{
+  struct db *n;
+
+  /* The first entry is always the combined DB.  */
+  assert (dbs->type == DB_COMBINED);
+  if (opt.tofu_db_format == TOFU_DB_FLAT)
+    {
+      /* If we are using the flat format, then there is only ever the
+	 combined DB.  */
+      assert (! dbs->next);
+      assert (dbs->db);
+    }
+  else
+    /* In the split format, the combined record is just a place holder
+       so that we have a stable handle.  */
+    assert (! dbs->db);
+
+  while (dbs)
+    {
+      n = dbs->next;
+
+      if (dbs->db)
+	{
+	  assert (opt.tofu_db_format == TOFU_DB_SPLIT);
+	  assert (dbs->type != DB_COMBINED);
+	  assert (dbs->name[0]);
+
+	  sqlite3_close (dbs->db);
+	}
+      else
+	{
+	  assert (dbs->type == DB_COMBINED);
+	  assert (! dbs->name[0]);
+	}
+
+      xfree (dbs);
+
+      dbs = n;
+    }
+}
+
+
+/* Collect results of a select min (foo) ...; style query.  Aborts if
+   the argument is not a valid integer (or real of the form X.0).  */
+static int
+get_single_long_cb (void *cookie, int argc, char **argv, char **azColName)
+{
+  long *count = cookie;
+  char *tail = NULL;
+
+  (void) azColName;
+
+  assert (argc == 1);
+
+  errno = 0;
+  *count = strtol (argv[0], &tail, 0);
+  if (errno || *tail != '\0')
+    /* Abort.  */
+    return 1;
+  return 0;
+}
+
+/* Record (or update) a trust policy about a (possibly new)
+   binding.  */
+static gpg_error_t
+record_binding (struct db *dbs, const char *fingerprint, const char *email,
+		const char *user_id, int policy, int show_old)
+{
+  sqlite3 *db = NULL, *db2 = NULL;
+  int rc;
+  char *err = NULL;
+  long policy_old = TOFU_BINDING_NONE;
+  int i;
+
+  db = getdb (dbs, email, DB_EMAIL);
+  if (! db)
+    return gpg_error (GPG_ERR_GENERAL);
+
+  if (opt.tofu_db_format == TOFU_DB_SPLIT)
+    /* In the split format, we need to update two DBs.  */
+    {
+      db2 = getdb (dbs, fingerprint, DB_KEY);
+      if (! db2)
+	return gpg_error (GPG_ERR_GENERAL);
+
+      rc = sqlite3_exec (db, "begin transaction;", NULL, NULL, &err);
+      if (rc)
+	{
+	  log_error (_("Error beginning transaction on TOFU database `%s': %s\n"),
+		     dbs->name, err);
+	  sqlite3_free (err);
+	  return gpg_error (GPG_ERR_GENERAL);
+	}
+
+      rc = sqlite3_exec (db2, "begin transaction;", NULL, NULL, &err);
+      if (rc)
+	{
+	  log_error (_("Error beginning transaction on TOFU database `%s': %s\n"),
+		     dbs->name, err);
+	  sqlite3_free (err);
+	  goto out_revert_one;
+	}
+    }
+
+  if (! (policy == TOFU_BINDING_AUTO
+	 || policy == TOFU_BINDING_GOOD
+	 || policy == TOFU_BINDING_UNKNOWN
+	 || policy == TOFU_BINDING_BAD
+	 || policy == TOFU_BINDING_ASK))
+    log_bug ("TOFU: %s: Bad value for policy (%d)!\n", __func__, policy);
+
+  if (show_old)
+    /* Get the old policy.  Since this is just for informational
+       purposes, there is no need to start a transaction or to die if
+       there is a failure.  */
+    {
+      rc = sqlite3_exec_printf
+	(db, get_single_long_cb, &policy_old, &err,
+	 "select policy from bindings"
+	 " where fingerprint = %Q and email = %Q",
+	 fingerprint, email);
+      if (rc)
+	{
+	  log_debug ("TOFU: Error reading from binding database"
+		     " (reading policy for <%s, %s>): %s\n",
+		     fingerprint, email, err);
+	  sqlite3_free (err);
+	}
+    }
+
+  if (policy_old != TOFU_BINDING_NONE)
+    log_info (_("TOFU: Changing trust policy for binding <%s, %s>"
+		" from %s to %s.\n"),
+	      fingerprint, email,
+	      tofu_binding_policy_str (policy_old),
+	      tofu_binding_policy_str (policy));
+  else
+    log_info (_("TOFU: Set trust policy for binding <%s, %s> to %s.\n"),
+	      fingerprint, email,
+	      tofu_binding_policy_str (policy));
+
+  if (policy_old == policy)
+    /* Nothing to do.  */
+    goto out;
+
+  for (i = 0; i <= (opt.tofu_db_format == TOFU_DB_SPLIT); i ++)
+    {
+      rc = sqlite3_exec_printf
+	(i == 0 ? db : db2, NULL, NULL, &err,
+	 "insert or replace into bindings\n"
+	 " (oid, fingerprint, email, user_id, time, policy)\n"
+	 " values (\n"
+	 /* If we don't explicitly reuse the OID, then SQLite will
+	    reallocate a new one.  We just need to search for the OID
+	    based on the fingerprint and email since they are unique.  */
+	 "  (select oid from bindings where fingerprint = %Q and email = %Q),\n"
+	 "  %Q, %Q, %Q, strftime('%%s','now'), %d);",
+	 fingerprint, email, fingerprint, email, user_id, policy);
+      if (rc)
+	{
+	  log_error ("TOFU: Error updating binding database"
+		     " (inserting <%s, %s, %s>): %s\n",
+		     fingerprint, email, tofu_binding_policy_str (policy),
+		     err);
+	  sqlite3_free (err);
+	  goto out;
+	}
+    }
+
+ out:
+  if (opt.tofu_db_format == TOFU_DB_SPLIT)
+    /* We only need a transaction for the split format.  */
+    {
+      int rc2;
+
+      rc2 = sqlite3_exec_printf (db2, NULL, NULL, &err,
+				 rc ? "rollback;" : "end transaction;");
+      if (rc2)
+	{
+	  log_error (_("Error ending transaction on TOFU database: %s\n"),
+		     err);
+	  sqlite3_free (err);
+	}
+
+    out_revert_one:
+      rc2 = sqlite3_exec_printf (db, NULL, NULL, &err,
+				 rc ? "rollback;" : "end transaction;");
+      if (rc2)
+	{
+	  log_error (_("Error ending transaction on TOFU database: %s\n"),
+		     err);
+	  sqlite3_free (err);
+	}
+    }
+
+  return rc ? gpg_error (GPG_ERR_GENERAL) : 0;
+}
+
+
+/* Collect results of a select count (*) ...; style query.  Aborts if
+   the argument is not a valid integer (or real of the form X.0).  */
+static int
+get_single_unsigned_long_cb (void *cookie, int argc, char **argv,
+			     char **azColName)
+{
+  unsigned long int *count = cookie;
+  char *tail = NULL;
+
+  (void) azColName;
+
+  assert (argc == 1);
+
+  errno = 0;
+  *count = strtoul (argv[0], &tail, 0);
+  if (errno || *tail != '\0')
+    /* Abort.  */
+    return 1;
+  return 0;
+}
+
+/* Collect the strings returned by a query in a simply string list.
+   Any NULL values are converted to the empty string.
+
+   If a result has 3 rows and each row contains two columns, then the
+   results are added to the list as follows (the value is parentheses
+   is the 1-based index in the final list):
+
+     row 1, col 2 (6)
+     row 1, col 1 (5)
+     row 2, col 2 (4)
+     row 2, col 1 (3)
+     row 3, col 2 (2)
+     row 3, col 1 (1)
+
+   This is because add_to_strlist pushes the results onto the front of
+   the list.  The end result is that the rows are backwards, but the
+   columns are in the expected order.  */
+static int
+strings_collect_cb (void *cookie, int argc, char **argv, char **azColName)
+{
+  int i;
+  strlist_t *strlist = cookie;
+
+  (void) azColName;
+
+  for (i = argc - 1; i >= 0; i --)
+    add_to_strlist (strlist, argv[i] ? argv[i] : "");
+
+  return 0;
+}
+
+/* Auxiliary data structure to collect statistics about
+   signatures.  */
+struct signature_stats
+{
+  struct signature_stats *next;
+
+  /* The user-assigned policy for this binding.  */
+  enum tofu_binding_policy policy;
+
+  /* How long ago the signature was created (rounded to a multiple of
+     TIME_AGO_UNIT_SMALL, etc.).  */
+  long time_ago;
+  /* Number of signatures during this time.  */
+  unsigned long count;
+
+  /* The key that generated this signature.  */
+  char fingerprint[1];
+};
+
+static void
+signature_stats_free (struct signature_stats *stats)
+{
+  while (stats)
+    {
+      struct signature_stats *next = stats->next;
+      xfree (stats);
+      stats = next;
+    }
+}
+
+/* Process rows that contain the four columns:
+
+     <fingerprint, policy, time ago, count>.  */
+static int
+signature_stats_collect_cb (void *cookie, int argc, char **argv,
+			    char **azColName)
+{
+  struct signature_stats **statsp = cookie;
+  struct signature_stats *stats = xmalloc (sizeof (*stats) + strlen (argv[0]));
+  char *tail;
+  int i = 0;
+
+  (void) azColName;
+
+  stats->next = *statsp;
+  *statsp = stats;
+
+  strcpy (stats->fingerprint, argv[i]);
+  i ++;
+
+  tail = NULL;
+  errno = 0;
+  stats->policy = strtol (argv[i], &tail, 0);
+  if (errno || ! (strcmp (tail, ".0") == 0 || *tail == '\0'))
+    {
+      /* Abort.  */
+      log_error ("%s: Error converting %s to an integer (tail = `%s')\n",
+		 __func__, argv[i], tail);
+      return 1;
+    }
+  i ++;
+
+  tail = NULL;
+  errno = 0;
+  stats->time_ago = strtol (argv[i], &tail, 0);
+  if (errno || ! (strcmp (tail, ".0") == 0 || *tail == '\0'))
+    {
+      /* Abort.  */
+      log_error ("%s: Error converting %s to an integer (tail = `%s')\n",
+		 __func__, argv[i], tail);
+      return 1;
+    }
+  i ++;
+
+  tail = NULL;
+  errno = 0;
+  stats->count = strtoul (argv[i], &tail, 0);
+  if (errno || ! (strcmp (tail, ".0") == 0 || *tail == '\0'))
+    {
+      /* Abort.  */
+      log_error ("%s: Error converting %s to an integer (tail = `%s')\n",
+		 __func__, argv[i], tail);
+      return 1;
+    }
+  i ++;
+
+  assert (argc == i);
+
+  return 0;
+}
+
+/* The grouping parameters when collecting signature statistics.  */
+
+/* If a message is signed a couple of hours in the future, just assume
+   some clock skew.  */
+#define TIME_AGO_FUTURE_IGNORE (2 * 60 * 60)
+#if 1
+#  define TIME_AGO_UNIT_SMALL 60
+#  define TIME_AGO_UNIT_SMALL_NAME _("minute")
+#  define TIME_AGO_UNIT_SMALL_NAME_PLURAL _("minutes")
+#  define TIME_AGO_MEDIUM_THRESHOLD (60 * TIME_AGO_UNIT_SMALL)
+#  define TIME_AGO_UNIT_MEDIUM (60 * 60)
+#  define TIME_AGO_UNIT_MEDIUM_NAME _("hour")
+#  define TIME_AGO_UNIT_MEDIUM_NAME_PLURAL _("hours")
+#  define TIME_AGO_LARGE_THRESHOLD (24 * 60 * TIME_AGO_UNIT_SMALL)
+#  define TIME_AGO_UNIT_LARGE (24 * 60 * 60)
+#  define TIME_AGO_UNIT_LARGE_NAME _("day")
+#  define TIME_AGO_UNIT_LARGE_NAME_PLURAL _("days")
+#else
+#  define TIME_AGO_UNIT_SMALL (24 * 60 * 60)
+#  define TIME_AGO_UNIT_SMALL_NAME _("day")
+#  define TIME_AGO_UNIT_SMALL_NAME_PLURAL _("days")
+#  define TIME_AGO_MEDIUM_THRESHOLD (4 * TIME_AGO_UNIT_SMALL)
+#  define TIME_AGO_UNIT_MEDIUM (7 * 24 * 60 * 60)
+#  define TIME_AGO_UNIT_MEDIUM_NAME _("week")
+#  define TIME_AGO_UNIT_MEDIUM_NAME_PLURAL _("weeks")
+#  define TIME_AGO_LARGE_THRESHOLD (28 * TIME_AGO_UNIT_SMALL)
+#  define TIME_AGO_UNIT_LARGE (30 * 24 * 60 * 60)
+#  define TIME_AGO_UNIT_LARGE_NAME _("month")
+#  define TIME_AGO_UNIT_LARGE_NAME_PLURAL _("months")
+#endif
+
+/* Convert from seconds to time units.
+
+   Note: T should already be a multiple of TIME_AGO_UNIT_SMALL or
+   TIME_AGO_UNIT_MEDIUM or TIME_AGO_UNIT_LARGE.  */
+signed long
+time_ago_scale (signed long t)
+{
+  if (t < TIME_AGO_UNIT_MEDIUM)
+    return t / TIME_AGO_UNIT_SMALL;
+  if (t < TIME_AGO_UNIT_LARGE)
+    return t / TIME_AGO_UNIT_MEDIUM;
+  return t / TIME_AGO_UNIT_LARGE;
+}
+
+/* Return the appropriate unit (respecting whether it is plural or
+   singular).  */
+const char *
+time_ago_unit (signed long t)
+{
+  signed long t_scaled = time_ago_scale (t);
+
+  if (t < TIME_AGO_UNIT_MEDIUM)
+    {
+      if (t_scaled == 1)
+	return TIME_AGO_UNIT_SMALL_NAME;
+      return TIME_AGO_UNIT_SMALL_NAME_PLURAL;
+    }
+  if (t < TIME_AGO_UNIT_LARGE)
+    {
+      if (t_scaled == 1)
+	return TIME_AGO_UNIT_MEDIUM_NAME;
+      return TIME_AGO_UNIT_MEDIUM_NAME_PLURAL;
+    }
+  if (t_scaled == 1)
+    return TIME_AGO_UNIT_LARGE_NAME;
+  return TIME_AGO_UNIT_LARGE_NAME_PLURAL;
+}
+
+
+#define GET_POLICY_ERROR -1
+
+static enum tofu_binding_policy
+get_policy (struct db *dbs, const char *fingerprint, const char *email)
+{
+  sqlite3 *db;
+  int policy;
+  int rc;
+  char *err = NULL;
+
+  assert (GET_POLICY_ERROR != TOFU_BINDING_AUTO
+	  && GET_POLICY_ERROR != TOFU_BINDING_GOOD
+	  && GET_POLICY_ERROR != TOFU_BINDING_UNKNOWN
+	  && GET_POLICY_ERROR != TOFU_BINDING_BAD
+	  && GET_POLICY_ERROR != TOFU_BINDING_ASK);
+
+  db = getdb (dbs, email, DB_EMAIL);
+  if (! db)
+    return GET_POLICY_ERROR;
+
+  /* Check if the <FINGERPRINT, EMAIL> binding is known
+     (TOFU_BINDING_NONE cannot appear in the DB.  Thus, if POLICY is
+     still TOFU_BINDING_NONE after executing the query, then the
+     result set was empty.)  */
+  policy = TOFU_BINDING_NONE;
+  assert (policy != TOFU_BINDING_AUTO
+	  && policy != TOFU_BINDING_GOOD
+	  && policy != TOFU_BINDING_UNKNOWN
+	  && policy != TOFU_BINDING_BAD
+	  && policy != TOFU_BINDING_ASK);
+  rc = sqlite3_exec_printf
+    (db, get_single_unsigned_long_cb, &policy, &err,
+     "select policy from bindings where fingerprint = %Q and email = %Q",
+     fingerprint, email);
+  if (rc)
+    {
+      log_error ("Error reading from TOFU database"
+		 " (checking for existing bad bindings): %s (%d)\n",
+		 err, rc);
+      sqlite3_free (err);
+      policy = GET_POLICY_ERROR;
+    }
+
+  return policy;
+}
+
+#define GET_TRUST_ERROR -1
+
+/* Return the trust policy (TRUST_NEVER, etc.) for the binding
+   <fingerprint, email>.  If we don't have a policy, returns
+   TOFU_BINDING_NONE.  If an error occurs, returns GET_TRUST_ERROR.  */
+static int
+get_trust (struct db *dbs, const char *fingerprint, const char *email,
+	   const char *user_id, int may_ask)
+{
+  sqlite3 *db;
+  strlist_t fingerprints = NULL;
+  int policy;
+  int rc;
+  char *err = NULL;
+  int trust_level = TRUST_UNKNOWN;
+  int count;
+
+  if (opt.batch)
+    may_ask = 0;
+
+  assert (GET_TRUST_ERROR != TRUST_UNKNOWN
+	  && GET_TRUST_ERROR != TRUST_EXPIRED
+	  && GET_TRUST_ERROR != TRUST_UNDEFINED
+	  && GET_TRUST_ERROR != TRUST_NEVER
+	  && GET_TRUST_ERROR != TRUST_MARGINAL
+	  && GET_TRUST_ERROR != TRUST_FULLY
+	  && GET_TRUST_ERROR != TRUST_ULTIMATE);
+
+  db = getdb (dbs, email, DB_EMAIL);
+  if (! db)
+    return GET_TRUST_ERROR;
+
+  policy = get_policy (dbs, fingerprint, email);
+  switch (policy)
+    {
+    case TOFU_BINDING_AUTO:
+      /* The saved judgement is auto.  If opt.tofu_default_policy is
+	 not ask, we don't have to ask the user anything.  */
+      log_info ("TOFU: auto (default trust: %s) binding: <%s, %s>\n",
+		tofu_binding_policy_str (opt.tofu_default_policy),
+		fingerprint, email);
+      if (opt.tofu_default_policy == TOFU_BINDING_ASK)
+	/* We need to ask the user what to do.  Case #1 below.  */
+	{
+	  if (! may_ask)
+	    {
+	      trust_level = TRUST_UNDEFINED;
+	      goto out;
+	    }
+	}
+      else
+	{
+	  assert (opt.tofu_default_policy == TOFU_BINDING_AUTO
+		  || opt.tofu_default_policy == TOFU_BINDING_GOOD
+		  || opt.tofu_default_policy == TOFU_BINDING_UNKNOWN
+		  || opt.tofu_default_policy == TOFU_BINDING_BAD);
+	  trust_level = tofu_binding_policy_to_trust (policy);
+	  goto out;
+	}
+
+      break;
+
+    case TOFU_BINDING_GOOD:
+    case TOFU_BINDING_UNKNOWN:
+    case TOFU_BINDING_BAD:
+      /* The saved judgement is good, unknown or bad.  We don't need
+	 to ask the user anything.  */
+      log_info ("TOFU: Known binding <%s, %s>'s policy: %s\n",
+		fingerprint, email, tofu_binding_policy_str (policy));
+      trust_level = tofu_binding_policy_to_trust (policy);
+      goto out;
+
+    case TOFU_BINDING_ASK:
+      /* We need to ask the user what to do.  Case #2 below.  */
+      if (! may_ask)
+	{
+	  trust_level = TRUST_UNDEFINED;
+	  goto out;
+	}
+
+      break;
+
+    case TOFU_BINDING_NONE:
+      /* The binding is new, we need to check for conflicts.  Case #3
+	 below.  */
+      break;
+
+    default:
+      log_bug ("%s: Impossible value for policy (%d)\n", __func__, policy);
+    }
+
+
+  /* We get here if:
+
+       1. The saved policy is auto and the default trust policy is
+          ask (need to ask),
+
+       2. The saved trust judgement is undefined (last time, the user
+          selected accept once or reject once) (need to ask), or,
+
+       3. We don't yet have a saved trust policy (policy ==
+          TOFU_BINDING_NONE) (need to check for a conflict).
+   */
+
+  /* Look for conflicts.  This is need in all 3 cases.
+
+     Get the fingerprints of any bindings that share the email
+     address.  Note: if the binding in question is in the DB, it will
+     also be returned.  Thus, if the result set is empty, then this is
+     a new binding.  */
+  rc = sqlite3_exec_printf
+    (db, strings_collect_cb, &fingerprints, &err,
+     "select distinct fingerprint from bindings where email = %Q;",
+     email);
+  if (rc)
+    {
+      log_error ("TOFU: Error reading from database"
+		 " (listing fingerprints): %s\n",
+		 err);
+      sqlite3_free (err);
+      goto out;
+    }
+
+  count = strlist_length (fingerprints);
+  if (count == 0 && opt.tofu_default_policy != TOFU_BINDING_ASK)
+    /* New binding with no conflict and a concrete default policy.
+
+       We've never observed a binding with this email address (COUNT
+       is 0 and the above query would return the current binding if it
+       were in the DB) and we have a default policy, which is not to
+       ask the user.  */
+    {
+      /* If we've seen this binding, then we've seen this email and
+	 policy couldn't possibly be TOFU_BINDING_NONE.  */
+      assert (policy == TOFU_BINDING_NONE);
+
+      log_info ("TOFU: New binding <%s, %s>, no conflict.\n",
+		email, fingerprint);
+
+      if (record_binding (dbs, fingerprint, email, user_id,
+			  TOFU_BINDING_AUTO, 0) != 0)
+	{
+	  log_error ("TOFU: Error setting binding's trust level to %s\n",
+		     "auto");
+	  trust_level = GET_TRUST_ERROR;
+	  goto out;
+	}
+
+      trust_level = tofu_binding_policy_to_trust (TOFU_BINDING_AUTO);
+      goto out;
+    }
+
+#if 1
+  /* XXX: Is this behavior desirable?  */
+  if (policy == TOFU_BINDING_NONE)
+    /* This is a new binding and we have a conflict.  Mark any
+       conflicting bindings that have an automatic policy as now
+       requiring confirmation.  */
+    {
+      rc = sqlite3_exec_printf
+	(db, NULL, NULL, &err,
+	 "update bindings set policy = %d"
+	 " where email = %Q and policy = %d;",
+	 TOFU_BINDING_ASK, email, TOFU_BINDING_AUTO);
+      if (rc)
+	{
+	  log_error ("TOFU: Error changing judgement: %s\n", err);
+	  sqlite3_free (err);
+	  goto out;
+	}
+    }
+#endif
+
+  if (! may_ask)
+    /* We can only get here in the third case (no saved policy) and if
+       there is a conflict.  */
+    {
+      assert (policy == TOFU_BINDING_NONE);
+      trust_level = TRUST_UNDEFINED;
+
+      if (record_binding (dbs, fingerprint, email, user_id,
+			  TOFU_BINDING_ASK, 0) != 0)
+	log_error ("TOFU: Error setting binding's trust level to %s\n",
+		   "ask");
+
+      goto out;
+    }
+
+  /* If we get here, we need to ask the user about the binding.  There
+     are three ways we could end up here:
+
+       - This is a new binding and there is a conflict
+         (policy == TOFU_BINDING_NONE && length(fingerprints) > 0),
+
+       - This is a new binding and opt.tofu_default_policy is set to
+         ask.  (policy == TOFU_BINDING_NONE && opt.tofu_default_policy ==
+         TOFU_BINDING_ASK), or,
+
+       - The trust policy is ask (the user deferred last time)
+         (policy == TOFU_BINDING_ASK).
+   */
+  {
+    estream_t fp;
+    strlist_t other_user_ids = NULL;
+    struct signature_stats *stats = NULL;
+    struct signature_stats *stats_iter = NULL;
+    char *prompt;
+    char *choices;
+
+    fp = es_fopenmem (0, "rw,samethread");
+    if (! fp)
+      log_fatal ("Error creating memory stream\n");
+
+    if (policy == TOFU_BINDING_NONE)
+      es_fprintf (fp, "The binding <%s, %s> is NOT known.  ",
+		  email, fingerprint);
+    es_fprintf (fp, "Please indicate whether you believe the binding ");
+    if (policy != TOFU_BINDING_NONE)
+      es_fprintf (fp, "<%s, %s> ", email, fingerprint);
+    es_fprintf (fp, "is legitimate (good) or a forgery (bad).\n\n");
+
+
+    /* Find other user ids associated with this key and whether the
+       bindings are marked as good or bad.  */
+    {
+      sqlite3 *db2;
+
+      if (opt.tofu_db_format == TOFU_DB_SPLIT)
+	/* In the split format, we need to search in the fingerprint
+	   DB, not the email DB.  */
+	db2 = getdb (dbs, fingerprint, DB_KEY);
+      else
+	db2 = db;
+
+      if (db2)
+	{
+	  rc = sqlite3_exec_printf
+	    (db2, strings_collect_cb, &other_user_ids, &err,
+	     "select user_id, policy from bindings where fingerprint = %Q;",
+	     fingerprint);
+	  if (rc)
+	    {
+	      log_error ("TOFU: Error gathering other user ids: %s.\n", err);
+	      sqlite3_free (err);
+	      err = NULL;
+	    }
+	}
+    }
+
+    if (other_user_ids)
+      {
+	strlist_t strlist_iter;
+
+	es_fprintf (fp, "Known user ids associated with this key:\n");
+	for (strlist_iter = other_user_ids;
+	     strlist_iter;
+	     strlist_iter = strlist_iter->next)
+	  {
+	    char *other_user_id = strlist_iter->d;
+	    char *other_policy;
+
+	    assert (strlist_iter->next);
+	    strlist_iter = strlist_iter->next;
+	    other_policy = strlist_iter->d;
+
+	    es_fprintf (fp, "  %s (policy: %s)\n",
+			other_user_id,
+			tofu_binding_policy_str (atoi (other_policy)));
+	  }
+	es_fprintf (fp, "\n");
+
+	free_strlist (other_user_ids);
+      }
+
+    /* Find other keys associated with this email address.  */
+    rc = sqlite3_exec_printf
+      (db, signature_stats_collect_cb, &stats, &err,
+       "select fingerprint, policy, time_ago, count(*)\n"
+       " from (select bindings.*,\n"
+       "        case\n"
+       /* From the future (but if its just a couple of hours in the
+	  future don't turn it into a warning)?  Or should we use
+	  small, medium or large units?  (Note: whatever we do, we
+	  keep the value in seconds.  Then when we group, everything
+	  that rounds to the same number of seconds is grouped.)  */
+       "         when delta < -%d then -1\n"
+       "         when delta < %d then max(0, round(delta / %d) * %d)\n"
+       "         when delta < %d then round(delta / %d) * %d\n"
+       "         else round(delta / %d) * %d\n"
+       "        end time_ago,\n"
+       "        delta time_ago_raw\n"
+       "       from (select *,\n"
+       "              cast(strftime('%%s','now') - sig_time as real) delta\n"
+       "             from signatures) ss\n"
+       "       left join bindings on ss.binding = bindings.oid)\n"
+       " where email = %Q\n"
+       " group by fingerprint, time_ago\n"
+       " order by fingerprint = %Q asc, fingerprint desc, time_ago desc;\n",
+       TIME_AGO_FUTURE_IGNORE,
+       TIME_AGO_MEDIUM_THRESHOLD, TIME_AGO_UNIT_SMALL, TIME_AGO_UNIT_SMALL,
+       TIME_AGO_LARGE_THRESHOLD, TIME_AGO_UNIT_MEDIUM, TIME_AGO_UNIT_MEDIUM,
+       TIME_AGO_UNIT_LARGE, TIME_AGO_UNIT_LARGE,
+       email, fingerprint);
+    if (rc)
+      {
+	strlist_t strlist_iter;
+
+	log_error ("TOFU: Error gathering signature stats: %s.\n",
+		   err);
+	sqlite3_free (err);
+	err = NULL;
+
+	es_fprintf
+	  (fp, "The email address (%s) is associated with %d keys:\n",
+	   email, count);
+	for (strlist_iter = fingerprints;
+	     strlist_iter;
+	     strlist_iter = strlist_iter->next)
+	  es_fprintf (fp, "  %s\n", strlist_iter->d);
+      }
+    else
+      {
+	char *key = NULL;
+
+	es_fprintf (fp, "Statistics for keys with the email `%s':\n", email);
+	for (stats_iter = stats; stats_iter; stats_iter = stats_iter->next)
+	  {
+	    if (! key || strcmp (key, stats_iter->fingerprint) != 0)
+	      {
+		int this_key;
+		key = stats_iter->fingerprint;
+		this_key = strcmp (key, fingerprint) == 0;
+		es_fprintf (fp, "  %s", key);
+		if (this_key)
+		  es_fprintf (fp, " (this key):");
+		else
+		  es_fprintf (fp, ", which was judged to be %s:",
+			      tofu_binding_policy_str (stats_iter->policy));
+		es_fprintf (fp, "\n");
+	      }
+
+	    if (stats_iter->time_ago == -1)
+	      es_fprintf (fp, "    %ld %s signed in the future.\n",
+			  stats_iter->count,
+			  stats_iter->count == 1 ? "message" : "messages");
+	    else
+	      es_fprintf (fp, "    %ld %s %ld %s ago.\n",
+			  stats_iter->count,
+			  stats_iter->count == 1 ? "message" : "messages",
+			  time_ago_scale (stats_iter->time_ago),
+			  time_ago_unit (stats_iter->time_ago));
+	  }
+      }
+
+    es_fputc ('\n', fp);
+    es_fprintf
+      (fp,
+       _("Normally, there is only a single key associated with an email\n"
+	 "address.  However, people sometimes generate a new key if\n"
+	 "their key is too old or they think it might be compromised.\n"
+	 "Alternatively, a new key may indicate a man-in-the-middle attack!\n"
+	 "Before accepting this key, you should talk to or call the person\n"
+	 "to make sure this new key is legitimate.\n"));
+
+    es_fputc ('\n', fp);
+    choices = _("gGaArUuRbB");
+    es_fprintf (fp, _("(G)ood/(A)ccept once/(U)nknown/(R)eject once/(B)ad? "));
+
+    /* Add a NUL terminator.  */
+    es_fputc (0, fp);
+    if (es_fclose_snatch (fp, (void **) &prompt, NULL))
+      log_fatal ("error snatching memory stream\n");
+
+    while (1)
+      {
+	char *response;
+
+	if (strlen (choices) != 10)
+	  log_bug ("Bad TOFU conflict translation!  Please report.");
+
+	response = cpr_get ("tofu conflict", prompt);
+	trim_spaces(response);
+	cpr_kill_prompt();
+	if (strlen (response) == 1)
+	  {
+	    char *choice = strchr (choices, *response);
+	    if (choice)
+	      {
+		int c = ((size_t) choice - (size_t) choices) / 2;
+		assert (0 <= c && c <= 3);
+
+		switch (c)
+		  {
+		  case 0: /* Good.  */
+		    policy = TOFU_BINDING_GOOD;
+		    trust_level = tofu_binding_policy_to_trust (policy);
+		    if (record_binding (dbs, fingerprint, email, user_id,
+					policy, 0) != 0)
+		      /* If there's an error registering the
+			 binding, don't save the signature.  */
+		      trust_level = GET_TRUST_ERROR;
+		    break;
+		  case 1: /* Accept once.  */
+		    policy = TOFU_BINDING_ASK;
+		    trust_level =
+		      tofu_binding_policy_to_trust (TOFU_BINDING_GOOD);
+		    if (record_binding (dbs, fingerprint, email, user_id,
+					policy, 0) != 0)
+		      trust_level = GET_TRUST_ERROR;
+		    break;
+		  case 2: /* Unknown.  */
+		    policy = TOFU_BINDING_UNKNOWN;
+		    trust_level = tofu_binding_policy_to_trust (policy);
+		    if (record_binding (dbs, fingerprint, email, user_id,
+					policy, 0) != 0)
+		      trust_level = GET_TRUST_ERROR;
+		    break;
+		  case 3: /* Reject once.  */
+		    policy = TOFU_BINDING_ASK;
+		    trust_level =
+		      tofu_binding_policy_to_trust (TOFU_BINDING_BAD);
+		    if (record_binding (dbs, fingerprint, email, user_id,
+					policy, 0) != 0)
+		      trust_level = GET_TRUST_ERROR;
+		    break;
+		  case 4: /* Bad.  */
+		    policy = TOFU_BINDING_BAD;
+		    trust_level = tofu_binding_policy_to_trust (policy);
+		    if (record_binding (dbs, fingerprint, email, user_id,
+					policy, 0) != 0)
+		      trust_level = GET_TRUST_ERROR;
+		    break;
+		  default:
+		    log_bug ("c should be between 0 and 3 but it is %d!", c);
+		  }
+
+		break;
+	      }
+	  }
+	xfree (response);
+      }
+
+    xfree (prompt);
+
+    signature_stats_free (stats);
+  }
+
+ out:
+  free_strlist (fingerprints);
+
+  return trust_level;
+}
+
+static char *
+email_from_user_id (const char *user_id)
+{
+  char *email = mailbox_from_userid (user_id);
+  if (! email)
+    /* Hmm, no email address was provided.  Just take the lower-case
+       version of the whole user id.  It could be a hostname, for
+       instance.  */
+    email = ascii_strlwr (xstrdup (user_id));
+
+  return email;
+}
+
+int
+tofu_register (const byte *fingerprint_bin, const char *user_id,
+	       const byte *sig_digest_bin, int sig_digest_bin_len,
+	       time_t sig_time, const char *origin, int may_ask)
+{
+  struct db *dbs;
+  sqlite3 *db;
+  char fingerprint[MAX_FINGERPRINT_LEN * 2 + 1];
+  char *email = NULL;
+  char *err = NULL;
+  int rc;
+  int trust_level = TRUST_UNKNOWN;
+  char *sig_digest;
+  unsigned long c;
+
+  dbs = opendbs ();
+  if (! dbs)
+    {
+      log_info ("TOFU: Error opening DB.\n");
+      goto die;
+    }
+
+  bin2hex (fingerprint_bin, MAX_FINGERPRINT_LEN, fingerprint);
+
+  if (! *user_id)
+    {
+      log_info ("TOFU: user id is empty.  Can't continue.\n");
+      goto die;
+    }
+
+  email = email_from_user_id (user_id);
+
+  if (! origin)
+    /* The default origin is simply "unknown".  */
+    origin = "unknown";
+
+  trust_level = get_trust (dbs, fingerprint, email, user_id, may_ask);
+  if (trust_level == GET_TRUST_ERROR)
+    /* An error.  */
+    {
+      trust_level = TRUST_UNKNOWN;
+      goto die;
+    }
+
+  /* Save the observed signature in the DB.  */
+  sig_digest = make_radix64_string (sig_digest_bin, sig_digest_bin_len);
+
+  db = getdb (dbs, email, DB_EMAIL);
+  if (! db)
+    {
+      log_info ("TOFU: Error opening DB.\n");
+      goto die;
+    }
+
+  /* We do a query and then an insert.  Make sure they are atomic
+     by wrapping them in a transaction.  */
+  rc = sqlite3_exec (db, "begin transaction;", NULL, NULL, &err);
+  if (rc)
+    {
+      log_error ("Error beginning transaction on TOFU database: %s\n", err);
+      sqlite3_free (err);
+      goto die;
+    }
+
+  /* If we've already seen this signature before, then don't add
+     it again.  */
+  rc = sqlite3_exec_printf
+    (db, get_single_unsigned_long_cb, &c, &err,
+     "select count (*)\n"
+     " from signatures left join bindings\n"
+     "  on signatures.binding = bindings.oid\n"
+     " where fingerprint = %Q and email = %Q and sig_time = 0x%lx\n"
+     "  and sig_digest = %Q",
+     fingerprint, email, (unsigned long) sig_time, sig_digest);
+  if (rc)
+    {
+      log_error ("Error reading from SIGNATURES database"
+		 " (checking existence): %s\n",
+		 err);
+      sqlite3_free (err);
+    }
+  else if (c > 1)
+    /* Duplicates!  This should not happen.  In particular,
+       because <fingerprint, email, sig_time, sig_digest> is the
+       primary key!  */
+    log_debug ("SIGNATURES DB contains duplicate records"
+	       " <key: %s, %s, time: 0x%lx, sig: %s, %s>."
+	       "  Please report.\n",
+	       fingerprint, email, (unsigned long) sig_time,
+	       sig_digest, origin);
+  else if (c == 1)
+    log_debug ("Already observed the signature"
+	       " <key: %s, %s, time: 0x%lx, sig: %s, %s>\n",
+	       fingerprint, email, (unsigned long) sig_time,
+	       sig_digest, origin);
+  else
+    /* This is the first time that we've seen this signature.
+       Record it.  */
+    {
+      log_debug ("TOFU: Saving signature <%s, %s, %s>\n",
+		 fingerprint, email, sig_digest);
+
+      assert (c == 0);
+
+      rc = sqlite3_exec_printf
+	(db, NULL, NULL, &err,
+	 "insert into signatures\n"
+	 " (binding, sig_digest, origin, sig_time, time)\n"
+	 " values\n"
+	 " ((select oid from bindings\n"
+	 "    where fingerprint = %Q and email = %Q),\n"
+	 "  %Q, %Q, 0x%lx, strftime('%%s', 'now'));",
+	 fingerprint, email, sig_digest, origin, (unsigned long) sig_time);
+      if (rc)
+	{
+	  log_error ("TOFU: Error updating DB"
+		     " (inserting into signatures table): %s\n",
+		     err);
+	  sqlite3_free (err);
+	}
+    }
+
+  /* It only matters whether we abort or commit the transaction
+     (so long as we do something) if we execute the insert.  */
+  if (rc)
+    rc = sqlite3_exec (db, "rollback;", NULL, NULL, &err);
+  else
+    rc = sqlite3_exec (db, "commit transaction;", NULL, NULL, &err);
+  if (rc)
+    {
+      log_error ("Error ending transaction on TOFU database: %s\n", err);
+      sqlite3_free (err);
+      goto die;
+    }
+
+ die:
+  xfree (email);
+  if (dbs)
+    closedbs (dbs);
+
+  return trust_level;
+}
+
+int
+tofu_wot_trust_combine (int tofu_base, int wot_base)
+{
+  int tofu = tofu_base & TRUST_MASK;
+  int wot = wot_base & TRUST_MASK;
+  int upper = (tofu_base & ~TRUST_MASK) | (wot_base & ~TRUST_MASK);
+
+  assert (tofu == TRUST_UNKNOWN
+	  || tofu == TRUST_EXPIRED
+	  || tofu == TRUST_UNDEFINED
+	  || tofu == TRUST_NEVER
+	  || tofu == TRUST_MARGINAL
+	  || tofu == TRUST_FULLY
+	  || tofu == TRUST_ULTIMATE);
+  assert (wot == TRUST_UNKNOWN
+	  || wot == TRUST_EXPIRED
+	  || wot == TRUST_UNDEFINED
+	  || wot == TRUST_NEVER
+	  || wot == TRUST_MARGINAL
+	  || wot == TRUST_FULLY
+	  || wot == TRUST_ULTIMATE);
+
+  /* We first consider negative trust policys.  These trump positive
+     trust policies.  */
+  if (tofu == TRUST_NEVER || wot == TRUST_NEVER)
+    /* TRUST_NEVER trumps everything else.  */
+    return upper | TRUST_NEVER;
+  if (tofu == TRUST_EXPIRED || wot == TRUST_EXPIRED)
+    /* TRUST_EXPIRED trumps everything but TRUST_NEVER.  */
+    return upper | TRUST_EXPIRED;
+
+  /* Now we only have positive or neutral trust policies.  We take
+     the max.  */
+  if (tofu == TRUST_ULTIMATE || wot == TRUST_ULTIMATE)
+    return upper | TRUST_ULTIMATE;
+  if (tofu == TRUST_FULLY || wot == TRUST_FULLY)
+    return upper | TRUST_FULLY;
+  if (tofu == TRUST_MARGINAL || wot == TRUST_MARGINAL)
+    return upper | TRUST_MARGINAL;
+  if (tofu == TRUST_UNDEFINED || wot == TRUST_UNDEFINED)
+    return upper | TRUST_UNDEFINED;
+  return upper | TRUST_UNKNOWN;
+}
+
+int
+tofu_get_validity (const byte *fingerprint_bin, const char *user_id,
+		   int may_ask)
+{
+  struct db *dbs;
+  char fingerprint[MAX_FINGERPRINT_LEN * 2 + 1];
+  char *email = NULL;
+  int trust_level = TRUST_UNDEFINED;
+
+  dbs = opendbs ();
+  if (! dbs)
+    {
+      log_info ("TOFU: Error opening DB.\n");
+      goto die;
+    }
+
+  bin2hex (fingerprint_bin, MAX_FINGERPRINT_LEN, fingerprint);
+
+  if (! *user_id)
+    {
+      log_info ("TOFU: user id is empty.  Can't continue.\n");
+      goto die;
+    }
+
+  email = email_from_user_id (user_id);
+
+  trust_level = get_trust (dbs, fingerprint, email, user_id, may_ask);
+  if (trust_level == GET_TRUST_ERROR)
+    /* An error.  */
+    trust_level = TRUST_UNKNOWN;
+
+ die:
+  xfree (email);
+  closedbs (dbs);
+
+  return trust_level;
+}
+
+int
+tofu_set_policy (kbnode_t kb, enum tofu_binding_policy policy)
+{
+  struct db *dbs;
+  PKT_public_key *pk;
+  char fingerprint_bin[MAX_FINGERPRINT_LEN];
+  size_t fingerprint_bin_len = sizeof (fingerprint_bin);
+  char fingerprint[MAX_FINGERPRINT_LEN * 2 + 1];
+
+  assert (kb->pkt->pkttype == PKT_PUBLIC_KEY);
+  pk = kb->pkt->pkt.public_key;
+
+  dbs = opendbs ();
+  if (! dbs)
+    {
+      log_info ("TOFU: Error opening DB.\n");
+      return gpg_error (GPG_ERR_GENERAL);
+    }
+
+  log_info ("Setting TOFU policy for %s to %s\n",
+	    keystr (pk->keyid), tofu_binding_policy_str (policy));
+  if (! (pk->main_keyid[0] == pk->keyid[0]
+	 && pk->main_keyid[1] == pk->keyid[1]))
+    log_bug ("%s: Passed a subkey, but expecting a primary key.\n", __func__);
+
+  fingerprint_from_pk (pk, fingerprint_bin, &fingerprint_bin_len);
+  assert (fingerprint_bin_len == sizeof (fingerprint_bin));
+
+  bin2hex (fingerprint_bin, MAX_FINGERPRINT_LEN, fingerprint);
+
+  for (; kb; kb = kb->next)
+    {
+      PKT_user_id *user_id;
+      char *email;
+
+      if (kb->pkt->pkttype != PKT_USER_ID)
+	continue;
+
+      user_id = kb->pkt->pkt.user_id;
+      if (user_id->is_revoked)
+	/* Skip revoked user ids.  (Don't skip expired user ids, the
+	   expiry can be changed.)  */
+	continue;
+
+      email = email_from_user_id (user_id->name);
+
+      record_binding (dbs, fingerprint, email, user_id->name, policy, 1);
+
+      xfree (email);
+    }
+
+  closedbs (dbs);
+
+  return 0;
+}
+
+int
+tofu_set_policy_by_keyid (u32 *keyid, enum tofu_binding_policy policy)
+{
+  kbnode_t keyblock = get_pubkeyblock (keyid);
+  if (! keyblock)
+    return gpg_error (GPG_ERR_NO_PUBKEY);
+
+  return tofu_set_policy (keyblock, policy);
+}
+
+gpg_error_t
+tofu_get_policy (PKT_public_key *pk, PKT_user_id *user_id,
+		 enum tofu_binding_policy *policy)
+{
+  struct db *dbs;
+  char fingerprint_bin[MAX_FINGERPRINT_LEN];
+  size_t fingerprint_bin_len = sizeof (fingerprint_bin);
+  char fingerprint[MAX_FINGERPRINT_LEN * 2 + 1];
+  char *email;
+
+  /* Make sure PK is a primary key.  */
+  assert (pk->main_keyid[0] == pk->keyid[0]
+	  && pk->main_keyid[1] == pk->keyid[1]);
+
+  dbs = opendbs ();
+  if (! dbs)
+    {
+      log_info ("TOFU: Error opening DB.\n");
+      return gpg_error (GPG_ERR_GENERAL);
+    }
+
+  fingerprint_from_pk (pk, fingerprint_bin, &fingerprint_bin_len);
+  assert (fingerprint_bin_len == sizeof (fingerprint_bin));
+
+  bin2hex (fingerprint_bin, MAX_FINGERPRINT_LEN, fingerprint);
+
+  email = email_from_user_id (user_id->name);
+
+  *policy = get_policy (dbs, fingerprint, email);
+
+  closedbs (dbs);
+  xfree (email);
+
+  if (*policy == GET_POLICY_ERROR)
+    return gpg_error (GPG_ERR_GENERAL);
+  return 0;
+}
diff --git a/g10/tofu.h b/g10/tofu.h
new file mode 100644
index 0000000..cd243bd
--- /dev/null
+++ b/g10/tofu.h
@@ -0,0 +1,78 @@
+#ifndef G10_TOFU_H
+#define G10_TOFU_H
+
+#include <config.h>
+
+/* For each binding, we have a trust policy.  There are four
+   possible trust policies.  */
+enum tofu_binding_policy
+  {
+    /* This value is used by tofu_get_policy to indicate that there is
+       no policy set for the specified binding.  */
+    TOFU_BINDING_NONE = 0,
+
+    /* We made a default policy decision.  This is only done if there
+       is no conflict with another binding (that is, the email address
+       is not part of another known key).  The default policy is
+       configurable (and specified using: --tofu-default-policy).
+
+       Note: when using the default policy, we save TOFU_BINDING_AUTO
+       with the binding, not the policy that was in effect.  This way,
+       if the user invokes gpg again, but with a different value for
+       --tofu-default-policy, a different decision is made.  */
+    TOFU_BINDING_AUTO = 1,
+
+    /* The user explicitly marked the binding as good.  In this case,
+       we return TRUST_FULLY.  */
+    TOFU_BINDING_GOOD = 2,
+
+    /* The user explicitly marked the binding as unknown.  In this
+       case, we return TRUST_UNKNOWN.  */
+    TOFU_BINDING_UNKNOWN = 3,
+
+    /* The user explicitly marked the binding as bad.  In this case,
+       we always return TRUST_NEVER.  */
+    TOFU_BINDING_BAD = 4,
+
+    /* The user deferred a definitive policy decision about the
+       binding (by selecting accept once or reject once).  The next
+       time we see this binding, we should ask the user what to
+       do.  */
+    TOFU_BINDING_ASK = 5
+  };
+
+/* Return a string representation of a trust policy.  Returns
+   "unknown" if POLICY is not valid.  */
+const char *tofu_binding_policy_str (enum tofu_binding_policy policy);
+
+/* Convert a trust policy (e.g., TOFU_BINDING_BAD) to a trust value
+   (e.g., TRUST_BAD) in light of the current configuration.  */
+int tofu_binding_policy_to_trust (enum tofu_binding_policy policy);
+
+
+/* PRIMARY_KEY_FINGERPRINT should be MAX_FINGERPRINT_LEN bytes
+   long.  */
+int tofu_register (const byte *primary_key_fingerprint, const char *name,
+		   const byte *sigs_digest, int sigs_digest_len,
+		   time_t sig_time, const char *origin, int may_ask);
+
+/* Determine the validity (TRUST_NEVER, etc.) of a given binding.  */
+int tofu_get_validity (const byte *fingerprint_bin, const char *user_id,
+		       int may_ask);
+
+/* Set the policy for all non-revoked and non-expired user ids in
+   the */
+int tofu_set_policy (kbnode_t kb, enum tofu_binding_policy policy);
+
+int tofu_set_policy_by_keyid (u32 *keyid, enum tofu_binding_policy policy);
+
+/* Return the policy.  If no policy has been set, returns
+   TOFU_BINDING_NONE.  */
+gpg_error_t tofu_get_policy (PKT_public_key *pk, PKT_user_id *user_id,
+			     enum tofu_binding_policy *policy);
+
+/* When in PGP+WOT mode, we need to combine TOFU and WOT trust
+   policies.  */
+int tofu_wot_trust_combine (int tofu, int wot);
+
+#endif
diff --git a/g10/trust.c b/g10/trust.c
index 316fe2f..38d957e 100644
--- a/g10/trust.c
+++ b/g10/trust.c
@@ -152,7 +152,7 @@ uid_trust_string_fixed (PKT_public_key *key, PKT_user_id *uid)
     return                         _("[ expired]");
   else if(key)
     {
-      switch (get_validity(key,uid)&TRUST_MASK)
+      switch (get_validity (key, uid, NULL, 0) & TRUST_MASK)
         {
         case TRUST_UNKNOWN:   return _("[ unknown]");
         case TRUST_EXPIRED:   return _("[ expired]");
@@ -298,7 +298,8 @@ check_or_update_trustdb (void)
  * otherwise, a reasonable value for the entire key is returned.
  */
 unsigned int
-get_validity (PKT_public_key *pk, PKT_user_id *uid)
+get_validity (PKT_public_key *pk, PKT_user_id *uid, PKT_signature *sig,
+	      int may_ask)
 {
   int rc;
   unsigned int validity;
@@ -330,7 +331,7 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
 #ifdef NO_TRUST_MODELS
   validity = TRUST_UNKNOWN;
 #else
-  validity = tdb_get_validity_core (pk, uid, main_pk);
+  validity = tdb_get_validity_core (pk, uid, main_pk, sig, may_ask);
 #endif
 
  leave:
@@ -359,7 +360,7 @@ get_validity_info (PKT_public_key *pk, PKT_user_id *uid)
   if (!pk)
     return '?';  /* Just in case a NULL PK is passed.  */
 
-  trustlevel = get_validity (pk, uid);
+  trustlevel = get_validity (pk, uid, NULL, 0);
   if ((trustlevel & TRUST_FLAG_REVOKED))
     return 'r';
   return trust_letter (trustlevel);
@@ -374,7 +375,7 @@ get_validity_string (PKT_public_key *pk, PKT_user_id *uid)
   if (!pk)
     return "err";  /* Just in case a NULL PK is passed.  */
 
-  trustlevel = get_validity (pk, uid);
+  trustlevel = get_validity (pk, uid, NULL, 0);
   if ((trustlevel & TRUST_FLAG_REVOKED))
     return _("revoked");
   return trust_value_to_string (trustlevel);
diff --git a/g10/trustdb.c b/g10/trustdb.c
index b16682d..eb72ecf 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -40,6 +40,7 @@
 #include "i18n.h"
 #include "tdbio.h"
 #include "trustdb.h"
+#include "tofu.h"
 
 
 typedef struct key_item **KeyHashTable; /* see new_key_hash_table() */
@@ -379,6 +380,8 @@ trust_model_string(void)
     case TM_CLASSIC:  return "classic";
     case TM_PGP:      return "PGP";
     case TM_EXTERNAL: return "external";
+    case TM_TOFU:     return "TOFU";
+    case TM_TOFU_PGP: return "TOFU+PGP";
     case TM_ALWAYS:   return "always";
     case TM_DIRECT:   return "direct";
     default:          return "unknown";
@@ -963,16 +966,21 @@ tdb_check_trustdb_stale (void)
 
 /*
  * Return the validity information for PK.  This is the core of
- * get_validity.
+ * get_validity.  If SIG is not NULL, then the trust is being
+ * evaluated in the context of the provided signature.  This is used
+ * by the TOFU code to record statistics.
  */
 unsigned int
 tdb_get_validity_core (PKT_public_key *pk, PKT_user_id *uid,
-                       PKT_public_key *main_pk)
+                       PKT_public_key *main_pk,
+		       PKT_signature *sig,
+		       int may_ask)
 {
   TRUSTREC trec, vrec;
   gpg_error_t err;
   ulong recno;
-  unsigned int validity;
+  unsigned int tofu_validity = TRUST_UNKNOWN;
+  unsigned int validity = TRUST_UNKNOWN;
 
   init_trustdb ();
 
@@ -993,60 +1001,146 @@ tdb_get_validity_core (PKT_public_key *pk, PKT_user_id *uid,
       goto leave;
     }
 
-  err = read_trust_record (main_pk, &trec);
-  if (err && gpg_err_code (err) != GPG_ERR_NOT_FOUND)
-    {
-      tdbio_invalid ();
-      return 0;
-    }
-  if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
+  if (opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP)
     {
-      /* No record found.  */
-      validity = TRUST_UNKNOWN;
-      goto leave;
-    }
+      kbnode_t user_id_node;
+      int user_ids = 0;
+      int user_ids_expired = 0;
 
-  /* Loop over all user IDs */
-  recno = trec.r.trust.validlist;
-  validity = 0;
-  while (recno)
-    {
-      read_record (recno, &vrec, RECTYPE_VALID);
+      char fingerprint[MAX_FINGERPRINT_LEN];
+      size_t fingerprint_len = sizeof (fingerprint);
+
+      fingerprint_from_pk (pk, fingerprint, &fingerprint_len);
+      assert (fingerprint_len == sizeof (fingerprint));
 
-      if(uid)
+      /* If the caller didn't supply a user id then iterate over all
+	 uids.  */
+      if (! uid)
+	user_id_node = get_pubkeyblock (pk->main_keyid);
+
+      while (uid
+	     || (user_id_node = find_next_kbnode (user_id_node, PKT_USER_ID)))
 	{
-	  /* If a user ID is given we return the validity for that
-	     user ID ONLY.  If the namehash is not found, then there
-	     is no validity at all (i.e. the user ID wasn't
-	     signed). */
-	  if(memcmp(vrec.r.valid.namehash,uid->namehash,20)==0)
+	  unsigned int tl;
+	  PKT_user_id *user_id;
+
+	  if (uid)
+	    user_id = uid;
+	  else
+	    user_id = user_id_node->pkt->pkt.user_id;
+
+	  if (user_id->is_revoked || user_id->is_expired)
+	    /* If the user id is revoked or expired, then skip it.  */
 	    {
-	      validity=(vrec.r.valid.validity & TRUST_MASK);
-	      break;
+	      char *s;
+	      if (user_id->is_revoked && user_id->is_expired)
+		s = "revoked and expired";
+	      else if (user_id->is_revoked)
+		s = "revoked";
+	      else
+		s = "expire";
+
+	      log_info ("TOFU: Ignoring %s user id (%s)\n", s, user_id->name);
+
+	      continue;
 	    }
+
+	  user_ids ++;
+
+	  if (sig)
+	    tl = tofu_register (fingerprint, user_id->name,
+				sig->digest, sig->digest_len,
+				sig->timestamp, "unknown",
+				may_ask);
+	  else
+	    tl = tofu_get_validity (fingerprint, user_id->name, may_ask);
+
+	  if (tl == TRUST_EXPIRED)
+	    user_ids_expired ++;
+	  else if (tl == TRUST_UNDEFINED || tl == TRUST_UNKNOWN)
+	    ;
+	  else if (tl == TRUST_NEVER)
+	    tofu_validity = TRUST_NEVER;
+	  else
+	    {
+	      assert (tl == TRUST_MARGINAL
+		      || tl == TRUST_FULLY
+		      || tl == TRUST_ULTIMATE);
+
+	      if (tl > tofu_validity)
+		/* XXX: We we really want the max?  */
+		tofu_validity = tl;
+	    }
+
+	  if (uid)
+	    /* If the caller specified a user id, then we stop
+	       now.  */
+	    break;
 	}
-      else
+    }
+
+  if (opt.trust_model == TM_TOFU_PGP
+      || opt.trust_model == TM_CLASSIC
+      || opt.trust_model == TM_PGP)
+    {
+      err = read_trust_record (main_pk, &trec);
+      if (err && gpg_err_code (err) != GPG_ERR_NOT_FOUND)
 	{
-	  /* If no namehash is given, we take the maximum validity
-	     over all user IDs */
-	  if ( validity < (vrec.r.valid.validity & TRUST_MASK) )
-	    validity = (vrec.r.valid.validity & TRUST_MASK);
+	  tdbio_invalid ();
+	  return 0;
+	}
+      if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
+	{
+	  /* No record found.  */
+	  validity = TRUST_UNKNOWN;
+	  goto leave;
 	}
 
-      recno = vrec.r.valid.next;
-    }
+      /* Loop over all user IDs */
+      recno = trec.r.trust.validlist;
+      validity = 0;
+      while (recno)
+	{
+	  read_record (recno, &vrec, RECTYPE_VALID);
 
-  if ( (trec.r.trust.ownertrust & TRUST_FLAG_DISABLED) )
-    {
-      validity |= TRUST_FLAG_DISABLED;
-      pk->flags.disabled = 1;
+	  if(uid)
+	    {
+	      /* If a user ID is given we return the validity for that
+		 user ID ONLY.  If the namehash is not found, then
+		 there is no validity at all (i.e. the user ID wasn't
+		 signed). */
+	      if(memcmp(vrec.r.valid.namehash,uid->namehash,20)==0)
+		{
+		  validity=(vrec.r.valid.validity & TRUST_MASK);
+		  break;
+		}
+	    }
+	  else
+	    {
+	      /* If no user ID is given, we take the maximum validity
+		 over all user IDs */
+	      if (validity < (vrec.r.valid.validity & TRUST_MASK))
+		validity = (vrec.r.valid.validity & TRUST_MASK);
+	    }
+
+	  recno = vrec.r.valid.next;
+	}
+
+      if ((trec.r.trust.ownertrust & TRUST_FLAG_DISABLED))
+	{
+	  validity |= TRUST_FLAG_DISABLED;
+	  pk->flags.disabled = 1;
+	}
+      else
+	pk->flags.disabled = 0;
+      pk->flags.disabled_valid = 1;
     }
-  else
-    pk->flags.disabled = 0;
-  pk->flags.disabled_valid = 1;
 
  leave:
-  if (pending_check_trustdb)
+  validity = tofu_wot_trust_combine (tofu_validity, validity);
+
+  if (opt.trust_model != TM_TOFU
+      && pending_check_trustdb)
     validity |= TRUST_FLAG_PENDING_CHECK;
 
   return validity;
diff --git a/g10/trustdb.h b/g10/trustdb.h
index 771a821..0a0fbec 100644
--- a/g10/trustdb.h
+++ b/g10/trustdb.h
@@ -30,6 +30,7 @@
 #define TRUST_MARGINAL	  4  /* m: marginally trusted */
 #define TRUST_FULLY	  5  /* f: fully trusted      */
 #define TRUST_ULTIMATE	  6  /* u: ultimately trusted */
+#define TRUST_ASK	 31  /* This is only used for TOFU.  */
 /* trust values not covered by the mask */
 #define TRUST_FLAG_REVOKED 32 /* r: revoked */
 #define TRUST_FLAG_SUB_REVOKED 64 /* r: revoked but for subkeys */
@@ -86,7 +87,8 @@ void revalidation_mark (void);
 void check_trustdb_stale (void);
 void check_or_update_trustdb (void);
 
-unsigned int get_validity (PKT_public_key *pk, PKT_user_id *uid);
+unsigned int get_validity (PKT_public_key *pk, PKT_user_id *uid,
+			   PKT_signature *sig, int may_ask);
 int get_validity_info (PKT_public_key *pk, PKT_user_id *uid);
 const char *get_validity_string (PKT_public_key *pk, PKT_user_id *uid);
 
@@ -120,7 +122,8 @@ void tdb_check_or_update (void);
 int tdb_cache_disabled_value (PKT_public_key *pk);
 
 unsigned int tdb_get_validity_core (PKT_public_key *pk, PKT_user_id *uid,
-                                    PKT_public_key *main_pk);
+                                    PKT_public_key *main_pk,
+				    PKT_signature *sig, int may_askx);
 
 void list_trust_path( const char *username );
 int enum_cert_paths( void **context, ulong *lid,
diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am
index 4fdb0a6..6e78e8c 100644
--- a/tests/openpgp/Makefile.am
+++ b/tests/openpgp/Makefile.am
@@ -27,7 +27,7 @@ TESTS_ENVIRONMENT = GNUPGHOME=$(abs_builddir) GPG_AGENT_INFO= LC_ALL=C
 
 # Note: version.test needs to be the first test to run and finish.test
 # the last one
-TESTS = version.test mds.test \
+TESTS = tofu.test version.test mds.test \
 	decrypt.test decrypt-dsa.test \
 	sigs.test sigs-dsa.test \
 	encrypt.test encrypt-dsa.test  \
@@ -46,7 +46,9 @@ TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \
 	     pubring.pkr.asc secring.skr.asc secdemo.asc pubdemo.asc \
              gpg.conf.tmpl gpg-agent.conf.tmpl \
 	     bug537-test.data.asc bug894-test.asc \
-	     bug1223-good.asc bug1223-bogus.asc 4gb-packet.asc
+	     bug1223-good.asc bug1223-bogus.asc 4gb-packet.asc \
+	     tofu-keys.asc tofu-keys-secret.asc \
+	     tofu-2183839A-1.txt tofu-BC15C85A-1.txt tofu-EE37CF96-1.txt
 
 data_files = data-500 data-9000 data-32000 data-80000 plain-large
 
@@ -93,10 +95,10 @@ CLEANFILES = prepared.stamp x y yy z out err  $(data_files) \
 	     *.test.log gpg_dearmor gpg.conf gpg-agent.conf S.gpg-agent \
 	     pubring.gpg pubring.gpg~ pubring.kbx pubring.kbx~ \
 	     secring.gpg pubring.pkr secring.skr \
-	     gnupg-test.stop random_seed gpg-agent.log
+	     gnupg-test.stop random_seed gpg-agent.log tofu.db
 
 clean-local:
-	-rm -rf private-keys-v1.d openpgp-revocs.d
+	-rm -rf private-keys-v1.d openpgp-revocs.d tofu.d
 
 
 # We need to depend on a couple of programs so that the tests don't
diff --git a/tests/openpgp/tofu-2183839A-1.txt b/tests/openpgp/tofu-2183839A-1.txt
new file mode 100644
index 0000000..521b3bb
Binary files /dev/null and b/tests/openpgp/tofu-2183839A-1.txt differ
diff --git a/tests/openpgp/tofu-BC15C85A-1.txt b/tests/openpgp/tofu-BC15C85A-1.txt
new file mode 100644
index 0000000..88cc649
--- /dev/null
+++ b/tests/openpgp/tofu-BC15C85A-1.txt
@@ -0,0 +1,9 @@
+-----BEGIN PGP MESSAGE-----
+Version: GnuPG v2
+
+owGbwMvMwMF46tzNaXtET0QxnmZPYgj9/c+Sq2MOCwMjBwMbKxOIy8DFKQBTo/SK
+hWFThVuj19r3R/6VzQkpaZuQx7s3r9BQ46v8KXkjb58dSjmXyr7enlCzb7dg1zE7
+aynbc6YTF+wXZI4IlAgPuLJhUeSXo0+WllxbFXUz39407cv15TcXThLj+3tFkSnZ
+YFXwM9+nfAoHpt6I/ZY96SJT3XFZKzO1jeZNJhZsV4Vfrjp0UmnH3E4A
+=X9WM
+-----END PGP MESSAGE-----
diff --git a/tests/openpgp/tofu-EE37CF96-1.txt b/tests/openpgp/tofu-EE37CF96-1.txt
new file mode 100644
index 0000000..33a38db
--- /dev/null
+++ b/tests/openpgp/tofu-EE37CF96-1.txt
@@ -0,0 +1,9 @@
+-----BEGIN PGP MESSAGE-----
+Version: GnuPG v2
+
+owGbwMvMwMEY0Tqz9J35+WmMp9mTGEJ//xPk6pjDwsDIwcDGygTiMnBxCsDULFZm
+/sk4S36iQ6FuZZPMPdOSe/rZOxNThTmzvJN4l1qe9XGdlLhtpumfzh0uhRnzT2Xc
+jmra+ZdN9+XBhml//i7v6XrfuWu56OuEI/fXH0i3P5HELb+j++6SO85VemLq/tvO
+hNvWtddvuZ7+z2JJaqnP4wiu2t+sEze/MWKZ9zz+u2FV6a3OIyJxjwA=
+=JMtb
+-----END PGP MESSAGE-----
diff --git a/tests/openpgp/tofu-keys-secret.asc b/tests/openpgp/tofu-keys-secret.asc
new file mode 100755
index 0000000..68e0d20
--- /dev/null
+++ b/tests/openpgp/tofu-keys-secret.asc
@@ -0,0 +1,95 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+Version: GnuPG v2
+
+lgAAAgYEVfv86AEEAN20yizZgtnQaJPUV++9Z+rRg4XzjWpLvmiWMpTsn8qhjpyS
+kAa4/4P4/MRWVvSXiRC1uJ7T59Sbm/KFs8TdKaqIMuON3QYjztxm2NmDMA/f5FTv
+RuLkgKAEpwGOqI1Zvm3uleH8hkx0n45tHxCI3bLCfW+12lZxJCGNDBnhvj+5ABEB
+AAH+BwMCeYHLsHWjaoTufvOw6/xINpFQV8JcwSc+RaEIfmIwEwO242+vUEZefkia
+yMMJTd20C144zMr/3Tsx/+c8ULAbR/NBtuG49jsGWFJH2uN/5pi40x2S/afJuwru
+0co5xQSnpZtM4v9mvFM517IROhHY1pl6KpK87pZm5JHGB4525DpAYJ7vTTmHE2NW
+e5jr7a7SpXwTU7dKHbLxY+kofH7DLvMX6KjOJ/kDLIqnK3AeCwfhXkkRRP8UI/0J
+pZEPUyImag6FryRdoZJPTPX7TMWM4zrdnT6xOffIe1REpo59LVkvg6TiPtnlnuY8
+Y9NVZ+mWz0RHtxFh1b70G6D5C5Mdi/iGUAAfTwNhjdnmYsN1qKxcO533qlj/rXHn
+6uxauiR4d+7Ioy2RsPpY2FqTkgymhBLn6ZcYvzwEXaAygLUs8HmzPuiVm5Ls5UXn
+VKaRMc+DBQPz3W3CuMWsHAyKsg4ibp/6MSf0klYHUG8WVXI4tLGOkbg5HbQTVGVz
+dGluZyAoaW5zZWN1cmUhKYi9BBMBCAAnBQJV+/zoAhsDBQkB4TOABQsJCAcCBhUI
+CQoLAgQWAgMBAh4BAheAAAoJEFiFmXXuN8+WqPYEAIW+qAoFnc2emFnx/b+vKW9X
+1g3NLmsLyUUBI34GCh+sGa6C0SptdKc68uvKUc6daBiHuoukN4F+1rYUuNG8WNMs
+V/JwGPKVADPIFrgGiotMW770ZnzZsoqGWvwUnyrlaUI6AYHe4Uj9YAmnmi647A/u
+UxcI1H20M3dENSUyiS1zngAAAgUEVfv86AEEAMgaJrwhFOhEmHHgqyzx2KFzG4SD
+F6jyAg1CIVKmiLSBfNXWa43vJwfxLo7vbT1wy0iiJF8+ALD/ghppmZb9NpsiUC+X
+xT4ublOSvRgN+527WdUX8ym0EXxjpuSSW+hVZZwUP0K0fBdIVaVCawJGEp5Lc/mX
+KnjmXvLQxWSQYgB9ABEBAAH+BwMCtE0VqaVadDju5hPxFcvSTjNkKwGVZZgQBWVZ
+sYj/Sd/Pbc90xb3TSf/VQGVQhKei+GBmUPYOPqStOP30pJvK0SBxkJ2BYb876RJC
+lj48lkTGFPZwhw69BZq6QA5nfBm41V+W6iakdyEww6g1Q93AyzuAirBJraR+oQ6Q
+beqo52TtYAhpAQbUBsQ/1VO/1zx8eHOG298kYpU2Jo7Te81d03rWcSaDbJqcEmsI
+jJe1ccvQ8oU+k6ttbY3xTiKYWfJCxEaOcYpO4z1/94CPFYv1D5rJqJ/C0/SPmS4t
+4ZMqenEhsAGhMgPLKXNmQadQA2WBOATsSxmKCcC9LNjw1YudXPiLfHEnBKGQSbRF
+sZ2xZqRm7wRTQ/eXAJGGiQ41owstwSUAcFTGIhHunw9dy41CdgnZIEQCxb7R8tBv
+isRlG0cIpO5159LB3NECR4++xBB02nq6lOjysKDmYuWYuQakD1u9L6R+LQBVTxYL
+/iEK8wyf18n/iKUEGAEIAA8FAlX7/OgCGwwFCQHhM4AACgkQWIWZde43z5ZTvAP9
+EWGZu97aZhjIbD18Y2HjbXQn4L6iyeDMuM++Tsnnn57li+HLUAX8ieRHy1l/VE3t
+HhdcqRqAsrxnkGAWKMlYYZS9WHDzrffxtQlszOwpAOWdNDsWsPdbko95XvLatoqk
+t9KxB19sLao6eCBKwB9muMs10i86P+Cehwh97n/UNGOWAAACBgRV+/07AQQAxCWd
+rsUW2IhexMxOvMi32Z63bOEC5JkEy8tntGYwk54I2XGXRebdutMrXqh0nKO7p23k
+gfWjRp1dpbSp20AzdIkwsRlAjOuqhZ3Q6t+kP6xWtxAQI8YZ6lQ0VeZC0dTBllr3
+UlY4tw0emLcScNsGuDVUPYhQoJBMkk4oNw+wWfUAEQEAAf4HAwJNRwdntiqzHO76
+GxxlNilWuwitCGbGwZfmo8K8m2uAMzSKsxUp16rcLVvfQsEzS6rDhF4VbJQyLvZJ
+LDkXB0/DFbPVrxG8byJ2i6WKUzsqcevM29OXOmFfH1NVuVi5oUWbwCR6ctsNQSL7
+Bje0E6+6pme9YQtKgUIBzc2Dw+nq6WjfLc0aEc+rrXzWsJKEUKkjnaUa/AeAVYyO
+rTOk5fLrw6vy/sKsuScvLNvQUrr7U+g69gpk53Cyw2WILlADxbysg2CDMDsDmXk/
+sK6zikAgDjQTRaOJkX4BzCBoqZRaDbLMfze6kA6cwQqDTsUELy1ziH56FjRXuBqj
+D4IziA0/XE8gyMRtoMYXmF0pKBQh0RLoudorcPQE9PCFvKaXmASA80nMeBoYxlIm
+kPMBkkkwiXU4irc1m8phlcrZjYE12pxzWgSYBEwTbbzNe2EcFKf+H1vp9DXqZSua
+wLdiUx6JrSHGzoPl3XFAQXNFoOEGvlFN9nH+tBNUZXN0aW5nIChpbnNlY3VyZSEp
+iL0EEwEIACcFAlX7/TsCGwMFCQHhM4AFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AA
+CgkQys7ZlrwVyFq0NgP/cazey0+qJrTaQ0Z6eab1p8PMFE8BpcegrokxfJn61zo7
+JECjQW+htoOBBIQH32mtqjO/J/SbiBDp3xNcdabCnkphW4jkcgn+FoUbLA3GFk9f
+xtElNDGXHcQNimvhhxfrEr2Mi1yo2rKShiIO0N2yySXCJJIC9CXpDCAIhNdEYeCe
+AAACBQRV+/07AQQA3BJN5N1RI6uesA03xwTW1ABTV4tbjLROKLlTPbxb+TjWQAfQ
+lztbSavzjTO6wPPmHnGv2sXPiH2guET+thKAw1WchItKx+MiT8nnsBJHl950mqI8
+uTHGljkQBuKARVl1ELS3do6CQvGyG+5qHyl3crpED152Q5C/F53b4EfgNXEAEQEA
+Af4HAwL449o07unvl+6XONg4R9pVE0Qp0xCL5CmjhwlL8lUuGTvjciN+lXD6k7VH
+Xj9Wu86alkKZQKyZxESPtsRR5dGWgrvhmUrvPftRmO4PV7A5AS0yi54CQGaWSnOL
+nqVkENUs85Pq1LLfnM8MRIdGpS9225bwsAoB/eJk7zKNRGOUlzCDGW3f12aemyrR
+2RHGVPOvn6SVb8r8RkqCDMApR0j76cTMDiMyaGByi93y8qhXiu88Y+J/+fK5wQis
+FwPJGZVCqNTiglclgrNG4+z8G4SUvkA6W5yDiZyftN67TXqxJKKBXFS5gzWujPti
+boDzivsY9sP4Mkoc94TAmJeaLtNrqHy4UMo/m9YBmuP4hRJ7TCKmvVN4hZCN2mvJ
+4S1vi4Z9GnyxJAbxq9Gb1UA9glVAVt6bQVYO6ySIp4W29xFnoRUm4i0tCovWBn9x
+MWSkG5SLznbh2tKLN0uJGzh4G8xo2fdfx6tWy2x0gw95T5WDg7S2oe6IpQQYAQgA
+DwUCVfv9OwIbDAUJAeEzgAAKCRDKztmWvBXIWqexA/9nZUXs9BGcwpodhqjGY+H9
+/IUJua95jti9t0BleEu+h0R9O+XDEE/77IK9ET4f0t9WMfMhPO7ZIgUxFutB/Z7U
+MuyVteIvGxF/TTbQAKuCrnLYuPWkGiYjR9e0ZDbgmKrRZ/jwhdaxF0IHrR1PJLUn
+vO97qfZC7097/urCsWDMo5YAAAIGBFX8ElYBBACfcdcAcR6BJ2Ba3/HnQR1S0rG3
+8bWq8Rdtt072hDd16oQCNFpQs5WQNruCCpobmB6yOmjKJv8Cf9mxBdcQDxobcw6M
+lHPWZl04SoQKQOa5h6ptITxr+UFFFqfh7AZ7ZtDYaFfBqQX9fvdOX99C18SIcCcN
+0rHoxXfG7D/AaHEysQARAQAB/gcDAj0P/+idN7Q87sZYs1aBo3OqKKdl+a51tcgd
+80HdoEQWyIwOStl9+XleUHyrU5f9kni1I2NCrl+hLyPGaT8dGJinH103fgsGvY/L
+Z2lg5gsPdfb5U5Kyn8MfgAuAEVh0XiLOAVZf4tVjcn3jGW9VM/cDHQI9uwz0MtN0
+xxj1iw151/ydtFt4Qw+Ljh0cwBauiHSaG8rhfObJGbKpXNBJG6QfaGBlOAErO1my
+fr7UgWbul6xCZe/t7Um2rp5GxTJsN+AwDDLqSbwCzmArXRJiEnL5qaw891HuXTIC
++lxtGNxP6bqe+4Bg/T+MIjJVWzx9avGR2WweSKBqbsyRkmZQCIkWDmp/g9t17ujo
+RrzNUT60Y0gMhJOQxZcgdXJtlT/X0RvP+tGAiVEAlvpQ+9RTzqvf4sZAPndpE4PY
+dKXJF5Pua9cWU+UceQV/Nr+JAlLzNWOlwSOJUVGsQ+RzeFJyB2D5xoG6tRI9idYU
+V+vcNGRpJzsXO6S0E1Rlc3RpbmcgKGluc2VjdXJlISmIvQQTAQgAJwUCVfwSVgIb
+AwUJAeEzgAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRA8WpFfIYODmknrA/96
+90yhjN3ELmWSJetKzvt7MlUS0j6UkA5VvDObCmAm+bDrQSGdwDJj6gu88b4biNEx
+Cz/Dmo67R9Z+gLE6LGvzYCPZ+GE/ZQ9VMo/AeUEZO44Aa7vRwnYFU0VmMJUeGQbC
+Je4JnLjF/+0yIgh/CtwFL3J/+9eayf6e6L/9WhUZ5J4AAAIGBFX8ElYBBADXznv8
+7J5i/EN8dMtjzx99LXtJdSJ3iJfp69d5V1FygvsDSlMZVekflWKF2ipHRulxLXea
+8mH0salQviQ32qPAyfCWpELLL2srTVezj6ntKVF9hZruQ2d1KBVV+syq6nSY9Eg8
+0mHizvIV5cR2b2X/X6qybJrwhW10oWh+cuLg6QARAQAB/gcDAkwZfkpx6rGW7qkb
+iuwl3c6d1o2x9HeiZG8fZ8UGU5n0Nx4bp4a60j/d+bJowww8sPRcJ+8mi/dNi9dC
+1Dls2CmmOP8U2DsPT189d+JiqlXUumhRyTo5ptglMrHkrMp489QpyCIUhW6HVopI
+ppdOJGE0kTJ7pRx0fevz3la5553IyglJ9iUqgxz2+9XlvDhSplz8zVhyZd5UPW94
+hi+vHCDf3TSakMFFZEVPCQaMunB7urI1wXx/mOT5BTSOp1PVq4SE5TtC2/GrHBU6
+/5wuqyhlT3oH+jF/GfvZQgattnkaFn/JY77/mfTCzyQb1/2iQMO8uTe8KjWAKd5h
+AoCcgxoX0rqSxe7YS2Obl1v0icWbg4wvI8WUAv5pRL7EMVcuUugrb40rWzOiJzYY
+IwEmO+tp08Ev+arbjEMzk+IXLTr3wDip/2oHHU3P2OSi46iLdueUvVnnNXff0H4e
+mqT2zlJQoPCbYMaKxL0yxvFnZLfCWolLOJaIpQQYAQgADwUCVfwSVgIbDAUJAeEz
+gAAKCRA8WpFfIYODmqzxBACNLC9j2EJvoiKhRMAUJTGCQvDWNWAI/2Ln/61Ftqu5
++OoOI0N7uL1LjWNHrhS/PMKwcIu9iZn/uQV/OGj9YuKw58WeyKkTIEnD7bU5aUQk
+8jdRITPnr/InyHvs21P9hh18MZvDk9L9rL+uwK+9BkeL0MDL3wlAG57Fay9OXgY1
+CQ==
+=2SlE
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/openpgp/tofu-keys.asc b/tests/openpgp/tofu-keys.asc
new file mode 100755
index 0000000..2de1cf7
--- /dev/null
+++ b/tests/openpgp/tofu-keys.asc
@@ -0,0 +1,47 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2
+
+mI0EVfv86AEEAN20yizZgtnQaJPUV++9Z+rRg4XzjWpLvmiWMpTsn8qhjpySkAa4
+/4P4/MRWVvSXiRC1uJ7T59Sbm/KFs8TdKaqIMuON3QYjztxm2NmDMA/f5FTvRuLk
+gKAEpwGOqI1Zvm3uleH8hkx0n45tHxCI3bLCfW+12lZxJCGNDBnhvj+5ABEBAAG0
+E1Rlc3RpbmcgKGluc2VjdXJlISmIvQQTAQgAJwUCVfv86AIbAwUJAeEzgAULCQgH
+AgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBYhZl17jfPlqj2BACFvqgKBZ3NnphZ8f2/
+rylvV9YNzS5rC8lFASN+BgofrBmugtEqbXSnOvLrylHOnWgYh7qLpDeBfta2FLjR
+vFjTLFfycBjylQAzyBa4BoqLTFu+9GZ82bKKhlr8FJ8q5WlCOgGB3uFI/WAJp5ou
+uOwP7lMXCNR9tDN3RDUlMoktc7iNBFX7/OgBBADIGia8IRToRJhx4Kss8dihcxuE
+gxeo8gINQiFSpoi0gXzV1muN7ycH8S6O7209cMtIoiRfPgCw/4IaaZmW/TabIlAv
+l8U+Lm5Tkr0YDfudu1nVF/MptBF8Y6bkklvoVWWcFD9CtHwXSFWlQmsCRhKeS3P5
+lyp45l7y0MVkkGIAfQARAQABiKUEGAEIAA8FAlX7/OgCGwwFCQHhM4AACgkQWIWZ
+de43z5ZTvAP9EWGZu97aZhjIbD18Y2HjbXQn4L6iyeDMuM++Tsnnn57li+HLUAX8
+ieRHy1l/VE3tHhdcqRqAsrxnkGAWKMlYYZS9WHDzrffxtQlszOwpAOWdNDsWsPdb
+ko95XvLatoqkt9KxB19sLao6eCBKwB9muMs10i86P+Cehwh97n/UNGOYjQRV+/07
+AQQAxCWdrsUW2IhexMxOvMi32Z63bOEC5JkEy8tntGYwk54I2XGXRebdutMrXqh0
+nKO7p23kgfWjRp1dpbSp20AzdIkwsRlAjOuqhZ3Q6t+kP6xWtxAQI8YZ6lQ0VeZC
+0dTBllr3UlY4tw0emLcScNsGuDVUPYhQoJBMkk4oNw+wWfUAEQEAAbQTVGVzdGlu
+ZyAoaW5zZWN1cmUhKYi9BBMBCAAnBQJV+/07AhsDBQkB4TOABQsJCAcCBhUICQoL
+AgQWAgMBAh4BAheAAAoJEMrO2Za8FchatDYD/3Gs3stPqia02kNGenmm9afDzBRP
+AaXHoK6JMXyZ+tc6OyRAo0FvobaDgQSEB99praozvyf0m4gQ6d8TXHWmwp5KYVuI
+5HIJ/haFGywNxhZPX8bRJTQxlx3EDYpr4YcX6xK9jItcqNqykoYiDtDdssklwiSS
+AvQl6QwgCITXRGHguI0EVfv9OwEEANwSTeTdUSOrnrANN8cE1tQAU1eLW4y0Tii5
+Uz28W/k41kAH0Jc7W0mr840zusDz5h5xr9rFz4h9oLhE/rYSgMNVnISLSsfjIk/J
+57ASR5fedJqiPLkxxpY5EAbigEVZdRC0t3aOgkLxshvuah8pd3K6RA9edkOQvxed
+2+BH4DVxABEBAAGIpQQYAQgADwUCVfv9OwIbDAUJAeEzgAAKCRDKztmWvBXIWqex
+A/9nZUXs9BGcwpodhqjGY+H9/IUJua95jti9t0BleEu+h0R9O+XDEE/77IK9ET4f
+0t9WMfMhPO7ZIgUxFutB/Z7UMuyVteIvGxF/TTbQAKuCrnLYuPWkGiYjR9e0ZDbg
+mKrRZ/jwhdaxF0IHrR1PJLUnvO97qfZC7097/urCsWDMo5iNBFX8ElYBBACfcdcA
+cR6BJ2Ba3/HnQR1S0rG38bWq8Rdtt072hDd16oQCNFpQs5WQNruCCpobmB6yOmjK
+Jv8Cf9mxBdcQDxobcw6MlHPWZl04SoQKQOa5h6ptITxr+UFFFqfh7AZ7ZtDYaFfB
+qQX9fvdOX99C18SIcCcN0rHoxXfG7D/AaHEysQARAQABtBNUZXN0aW5nIChpbnNl
+Y3VyZSEpiL0EEwEIACcFAlX8ElYCGwMFCQHhM4AFCwkIBwIGFQgJCgsCBBYCAwEC
+HgECF4AACgkQPFqRXyGDg5pJ6wP/evdMoYzdxC5lkiXrSs77ezJVEtI+lJAOVbwz
+mwpgJvmw60EhncAyY+oLvPG+G4jRMQs/w5qOu0fWfoCxOixr82Aj2fhhP2UPVTKP
+wHlBGTuOAGu70cJ2BVNFZjCVHhkGwiXuCZy4xf/tMiIIfwrcBS9yf/vXmsn+nui/
+/VoVGeS4jQRV/BJWAQQA1857/OyeYvxDfHTLY88ffS17SXUid4iX6evXeVdRcoL7
+A0pTGVXpH5VihdoqR0bpcS13mvJh9LGpUL4kN9qjwMnwlqRCyy9rK01Xs4+p7SlR
+fYWa7kNndSgVVfrMqup0mPRIPNJh4s7yFeXEdm9l/1+qsmya8IVtdKFofnLi4OkA
+EQEAAYilBBgBCAAPBQJV/BJWAhsMBQkB4TOAAAoJEDxakV8hg4OarPEEAI0sL2PY
+Qm+iIqFEwBQlMYJC8NY1YAj/Yuf/rUW2q7n46g4jQ3u4vUuNY0euFL88wrBwi72J
+mf+5BX84aP1i4rDnxZ7IqRMgScPttTlpRCTyN1EhM+ev8ifIe+zbU/2GHXwxm8OT
+0v2sv67Ar70GR4vQwMvfCUAbnsVrL05eBjUJ
+=Btw1
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/tofu.test b/tests/openpgp/tofu.test
new file mode 100755
index 0000000..82a1394
--- /dev/null
+++ b/tests/openpgp/tofu.test
@@ -0,0 +1,219 @@
+#!/bin/sh
+
+. $srcdir/defs.inc || exit 3
+
+# set -x
+
+KEYS="2183839A BC15C85A EE37CF96"
+
+# Make sure $srcdir is set.
+if test "x$srcdir" = x
+then
+    echo srcdir environment variable not set!
+    exit 1
+fi
+
+# Make sure $GNUPGHOME is set.
+if test "x$GNUPGHOME" = x
+then
+    echo "GNUPGHOME not set."
+    exit 1
+fi
+
+# Import the test keys.
+$GPG --import $srcdir/tofu-keys.asc
+
+# Make sure the keys are imported.
+for k in $KEYS
+do
+    if ! $GPG --list-keys $k >/dev/null 2>&1
+    then
+	echo Missing key $k
+	exit 1
+    fi
+done
+
+# Carefully remove the TOFU db.
+test -e $GNUPGHOME/tofu.db && rm $GNUPGHOME/tofu.db
+test -e $GNUPGHOME/tofu.d/email && rm -r $GNUPGHOME/tofu.d/email
+test -e $GNUPGHOME/tofu.d/key && rm -r $GNUPGHOME/tofu.d/key
+# This will fail if the directory is not empty.
+test -e $GNUPGHOME/tofu.d && rmdir $GNUPGHOME/tofu.d
+
+debug()
+{
+    echo "$@" >&2
+}
+
+# $1 is the keyid of the policy to lookup.  Any remaining arguments
+# are simply passed to GPG.
+#
+# This function only supports keys with a single user id.
+getpolicy()
+{
+    keyid=$1
+    if test x$keyid = x
+    then
+	echo No keyid supplied!
+	exit 1
+    fi
+    shift
+
+    debug $GPG --trust-model=tofu --with-colons $@ --list-keys "$keyid"
+    policy=$($GPG --trust-model=tofu --with-colons $@ --list-keys "$keyid" \
+		    | awk -F: '/^uid:/ { print $18 }')
+    if test $(echo "$policy" | wc -l) -ne 1
+    then
+	echo "Got: $policy" >&2
+	echo "error"
+    else
+	case $policy in
+	    auto|good|unknown|bad|ask) echo $policy ;;
+	    *) echo "error" ;;
+	esac
+    fi
+}
+
+# $1 is the key id
+# $2 is the expected policy
+# The rest are additional options to pass to gpg.
+checkpolicy()
+{
+    keyid=$1
+    shift
+    expected_policy=$1
+    shift
+    policy=$(getpolicy "$keyid" ${@:+"$@"})
+    if test "x$policy" != "x$expected_policy"
+    then
+	echo "$keyid: Expected policy to be \`$expected_policy', but got \`$policy'."
+	exit 1
+    fi
+}
+
+# $1 is the keyid of the trust level to lookup.  Any remaining
+# arguments are simply passed to GPG.
+#
+# This function only supports keys with a single user id.
+gettrust()
+{
+    keyid=$1
+    if test x$keyid = x
+    then
+	echo No keyid supplied!
+	exit 1
+    fi
+    shift
+
+    $GPG --trust-model=tofu --with-colons $@ --list-keys "$keyid" \
+		    | awk -F: '/^pub:/ { print $2 }' >&2
+    trust=$($GPG --trust-model=tofu --with-colons $@ --list-keys "$keyid" \
+		    | awk -F: '/^pub:/ { print $2 }')
+    if test $(echo "$trust" | wc -l) -ne 1
+    then
+	echo "error"
+    else
+	case $trust in
+	    [oidreqnmfuws-]) echo $trust ;;
+	    *) echo "Bad trust value: $trust" >&2; echo "error" ;;
+	esac
+    fi
+}
+
+# $1 is the key id
+# $2 is the expected trust level
+# The rest are additional options to pass to gpg.
+checktrust()
+{
+    keyid=$1
+    shift
+    expected_trust=$1
+    shift
+    trust=$(gettrust "$keyid" ${@:+"$@"})
+    if test "x$trust" != "x$expected_trust"
+    then
+	echo "$keyid: Expected trust to be \`$expected_trust', but got \`$trust'."
+	exit 1
+    fi
+}
+
+# Set key $1's policy to $2.  Any remaining arguments are passed as
+# options to gpg.
+setpolicy()
+{
+    keyid=$1
+    shift
+    policy=$1
+    shift
+
+    $GPG --trust-model=tofu ${@:+"$@"} --tofu-policy $policy $keyid
+}
+
+# Verify a message.  There should be no conflict and the trust policy
+# should be set to auto.
+$GPG --trust-model=tofu --verify $srcdir/tofu-2183839A-1.txt
+
+checkpolicy 2183839A auto
+
+trust=$(gettrust 2183839A)
+debug "default trust = $trust"
+if test "x$trust" != xf
+then
+    echo "Wrong default trust.  Got: \`$trust', expected \`f'"
+    exit 1
+fi
+
+# Trust should be derived lazily.  Thus, if the policy is set to auto
+# and we change --tofu-default-policy, then the trust should change as
+# well.  Try it.
+checktrust 2183839A f --tofu-default-policy=good
+checktrust 2183839A - --tofu-default-policy=unknown
+checktrust 2183839A n --tofu-default-policy=bad
+
+# Change the policy to something other than auto and make sure the
+# policy and the trust are correct.
+for policy in good unknown bad
+do
+    if test $policy = good
+    then
+	expected_trust='f'
+    elif test $policy = unknown
+    then
+	expected_trust='-'
+    else
+	expected_trust='n'
+    fi
+
+    debug
+    debug "Setting TOFU policy to $policy"
+    setpolicy 2183839A $policy
+
+    # Since we have a fixed policy, the trust level shouldn't change
+    # if we change the default policy.
+    for default_policy in auto good unknown bad ask
+    do
+	checkpolicy 2183839A $policy --tofu-default-policy=$default_policy
+	checktrust 2183839A $expected_trust \
+		   --tofu-default-policy=$default_policy
+    done
+done
+
+# BC15C85A conflicts with 2183839A.  On conflict, this will set
+# BC15C85A to ask.  If 2183839A is auto (it's not, it's bad), then it
+# will be set to ask.
+$GPG --trust-model=tofu --verify $srcdir/tofu-BC15C85A-1.txt
+checkpolicy BC15C85A ask
+checkpolicy 2183839A bad
+
+# EE37CF96 conflicts with 2183839A and BC15C85A.  We change BC15C85A's
+# policy to auto and leave 2183839A's policy at bad.  This conflict
+# should cause BC15C85A's policy to be changed to ask (since it is
+# auto), but not affect 2183839A's policy.
+setpolicy BC15C85A auto
+checkpolicy BC15C85A auto
+$GPG --trust-model=tofu --verify $srcdir/tofu-EE37CF96-1.txt
+checkpolicy BC15C85A ask
+checkpolicy 2183839A bad
+checkpolicy EE37CF96 ask
+
+exit 0

-----------------------------------------------------------------------

Summary of changes:
 common/stringhelp.c                |   2 +-
 doc/DETAILS                        |   4 +
 doc/gpg.texi                       |   3 +-
 g10/gpg.c                          |  14 +-
 g10/gpgv.c                         |  23 +++
 g10/keyedit.c                      |  76 +++++++--
 g10/keylist.c                      |  14 +-
 g10/packet.h                       |   2 +-
 g10/sign.c                         |  23 ++-
 g10/test-stubs.c                   |  23 +++
 g10/tofu.c                         | 312 ++++++++++++++++++++++---------------
 g10/tofu.h                         |  34 ++--
 tests/openpgp/Makefile.am          |  10 +-
 tests/openpgp/tofu-2183839A-1.txt  | Bin 0 -> 191 bytes
 tests/openpgp/tofu-BC15C85A-1.txt  |   9 ++
 tests/openpgp/tofu-EE37CF96-1.txt  |   9 ++
 tests/openpgp/tofu-keys-secret.asc |  95 +++++++++++
 tests/openpgp/tofu-keys.asc        |  47 ++++++
 tests/openpgp/tofu.test            | 219 ++++++++++++++++++++++++++
 19 files changed, 748 insertions(+), 171 deletions(-)
 create mode 100644 tests/openpgp/tofu-2183839A-1.txt
 create mode 100644 tests/openpgp/tofu-BC15C85A-1.txt
 create mode 100644 tests/openpgp/tofu-EE37CF96-1.txt
 create mode 100755 tests/openpgp/tofu-keys-secret.asc
 create mode 100755 tests/openpgp/tofu-keys.asc
 create mode 100755 tests/openpgp/tofu.test


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Oct  2 09:51:08 2015
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Fri, 02 Oct 2015 09:51:08 +0200
Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.6-4-ge9d063e
Message-ID: <E1Zhuyz-00006g-Ts@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The standard pinentry collection".

The branch, master has been updated
       via  e9d063e2371540ad9c1d7a727c44f9dcc1e9e400 (commit)
      from  08ec9556c8a384ea7bb5d42d3f6aab6c2f6a8786 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e9d063e2371540ad9c1d7a727c44f9dcc1e9e400
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Fri Oct 2 09:47:21 2015 +0200

    Qt: Fix quoting of have_qt5_libs init in FIND_QT
    
    * m4/qt.m4 (FIND_QT): Quote initialization of have_qt5_libs var.
    
    --
    
    Problem reported by Kristian F.
    
    GnuPG-bug-id: 2105

diff --git a/m4/qt.m4 b/m4/qt.m4
index 0e47ec6..1afd50d 100644
--- a/m4/qt.m4
+++ b/m4/qt.m4
@@ -34,7 +34,7 @@ AC_DEFUN([FIND_QT],
                 enable_pinentry_qt5=$enableval,
                 enable_pinentry_qt5="try")
 
-  have_qt5_libs = no;
+  have_qt5_libs = "no";
 
   if test "$enable_pinentry_qt5" != "no"; then
     PKG_CHECK_MODULES(PINENTRY_QT,

-----------------------------------------------------------------------

Summary of changes:
 m4/qt.m4 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


hooks/post-receive
-- 
The standard pinentry collection
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Oct  2 10:25:00 2015
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Fri, 02 Oct 2015 10:25:00 +0200
Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.6-5-g48ab8cd
Message-ID: <E1ZhvVl-0001g3-T7@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The standard pinentry collection".

The branch, master has been updated
       via  48ab8cdccff4eefec4d8fa2e23b933c2277bc30c (commit)
      from  e9d063e2371540ad9c1d7a727c44f9dcc1e9e400 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 48ab8cdccff4eefec4d8fa2e23b933c2277bc30c
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Fri Oct 2 10:21:55 2015 +0200

    Qt: Fix assignment of have_qt5_libs variable.
    
    * m4/qt.m4 (FIND_QT): Remove spaces in variable assignment.
    
    --
    GnuPG-bug-id: 2105

diff --git a/m4/qt.m4 b/m4/qt.m4
index 1afd50d..8e5a557 100644
--- a/m4/qt.m4
+++ b/m4/qt.m4
@@ -34,7 +34,7 @@ AC_DEFUN([FIND_QT],
                 enable_pinentry_qt5=$enableval,
                 enable_pinentry_qt5="try")
 
-  have_qt5_libs = "no";
+  have_qt5_libs="no";
 
   if test "$enable_pinentry_qt5" != "no"; then
     PKG_CHECK_MODULES(PINENTRY_QT,

-----------------------------------------------------------------------

Summary of changes:
 m4/qt.m4 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


hooks/post-receive
-- 
The standard pinentry collection
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Oct  2 10:59:31 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 02 Oct 2015 10:59:31 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2,
 created. gnupg-2.1.8-57-g2acceba
Message-ID: <E1Zhw3A-0003Fa-Q0@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-2 has been created
        at  2acceba5cc299796c7b5b1851a9baeb75d9f32a1 (commit)

- Log -----------------------------------------------------------------
-----------------------------------------------------------------------


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Oct  2 11:35:16 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 02 Oct 2015 11:35:16 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.8-59-g75c64c2
Message-ID: <E1Zhwbm-0004cw-6b@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  75c64c2b6d77856b90903cc3b7c6a2f62ff8eb7b (commit)
       via  ddf9dd135acd2b3635bb986f6dfc0e4e446d5fad (commit)
      from  2acceba5cc299796c7b5b1851a9baeb75d9f32a1 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 75c64c2b6d77856b90903cc3b7c6a2f62ff8eb7b
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Oct 2 11:31:45 2015 +0200

    dirmngr: Fix use-after-free due to a realloc shrinking.
    
    * dirmngr/ks-engine-hkp.c (map_host): Do not use original pointer
    after realloc.
    --
    
    vex01 reported and debugged the problem.
    
    GnuPG-bug-id: 2107
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index 18ad731..411f108 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -383,7 +383,7 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
           int n_v6, n_v4;
 
           /* First figure out whether this is a pool.  For a pool we
-             use a different strategy than for a plains erver: We use
+             use a different strategy than for a plain server: We use
              the canonical name of the pool as the virtual host along
              with the IP addresses.  If it is not a pool, we use the
              specified name. */
@@ -512,7 +512,7 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
               xfree (reftbl);
               return err;
             }
-          qsort (reftbl, refidx, sizeof *reftbl, sort_hostpool);
+          qsort (hi->pool, refidx, sizeof *reftbl, sort_hostpool);
         }
       else
         xfree (reftbl);

commit ddf9dd135acd2b3635bb986f6dfc0e4e446d5fad
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Oct 1 13:21:25 2015 +0200

    agent: Fix alignment problem with the second passphrase struct.
    
    * agent/genkey.c (agent_ask_new_passphrase): Use a separate malloc for
    PI2.  Check return value of the malloc function.
    * agent/command-ssh.c (ssh_identity_register): Use a separate malloc
    for PI2.  Wipe PI2.
    --
    
    For whatever stupid reasons I once allocated only one memory area and
    split that into PI and PI2.  This is actually a common pattern with
    malloc but here we used a made up object size and do not take the
    extra alignment required into account.  One of these not yet hit by
    a (sig)bus PC/VAX hacker bugs.
    
    Instead of trying to fix the alignment, it is better to use a second
    calloc for the second struct.
    
    GnuPG-bug-id: 2112
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index 8be1255..0aa0098 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -3070,7 +3070,8 @@ ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec,
   char *comment = NULL;
   char *key_fpr = NULL;
   const char *initial_errtext = NULL;
-  struct pin_entry_info_s *pi = NULL, *pi2;
+  struct pin_entry_info_s *pi = NULL;
+  struct pin_entry_info_s *pi2 = NULL;
 
   err = ssh_key_grip (key, key_grip_raw);
   if (err)
@@ -3101,13 +3102,18 @@ ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec,
       goto out;
     }
 
-  pi = gcry_calloc_secure (2, sizeof (*pi) + MAX_PASSPHRASE_LEN + 1);
+  pi = gcry_calloc_secure (1, sizeof (*pi) + MAX_PASSPHRASE_LEN + 1);
   if (!pi)
     {
       err = gpg_error_from_syserror ();
       goto out;
     }
-  pi2 = pi + (sizeof *pi + MAX_PASSPHRASE_LEN + 1);
+  pi2 = gcry_calloc_secure (1, sizeof (*pi2) + MAX_PASSPHRASE_LEN + 1);
+  if (!pi2)
+    {
+      err = gpg_error_from_syserror ();
+      goto out;
+    }
   pi->max_length = MAX_PASSPHRASE_LEN + 1;
   pi->max_tries = 1;
   pi->with_repeat = 1;
@@ -3155,6 +3161,9 @@ ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec,
 
 
  out:
+  if (pi2 && pi2->max_length)
+    wipememory (pi2->pin, pi2->max_length);
+  xfree (pi2);
   if (pi && pi->max_length)
     wipememory (pi->pin, pi->max_length);
   xfree (pi);
diff --git a/agent/genkey.c b/agent/genkey.c
index 13858ca..e8195c2 100644
--- a/agent/genkey.c
+++ b/agent/genkey.c
@@ -374,8 +374,16 @@ agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt,
 	return err;
     }
 
-  pi = gcry_calloc_secure (2, sizeof (*pi) + MAX_PASSPHRASE_LEN + 1);
-  pi2 = pi + (sizeof *pi + MAX_PASSPHRASE_LEN + 1);
+  pi = gcry_calloc_secure (1, sizeof (*pi) + MAX_PASSPHRASE_LEN + 1);
+  if (!pi)
+    return gpg_error_from_syserror ();
+  pi2 = gcry_calloc_secure (1, sizeof (*pi2) + MAX_PASSPHRASE_LEN + 1);
+  if (!pi2)
+    {
+      err = gpg_error_from_syserror ();
+      xfree (pi2);
+      return err;
+    }
   pi->max_length = MAX_PASSPHRASE_LEN + 1;
   pi->max_tries = 3;
   pi->with_qualitybar = 1;
@@ -422,6 +430,7 @@ agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt,
     }
 
   xfree (initial_errtext);
+  xfree (pi2);
   xfree (pi);
   return err;
 }

-----------------------------------------------------------------------

Summary of changes:
 agent/command-ssh.c     | 15 ++++++++++++---
 agent/genkey.c          | 13 +++++++++++--
 dirmngr/ks-engine-hkp.c |  4 ++--
 3 files changed, 25 insertions(+), 7 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Oct  2 12:25:02 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 02 Oct 2015 12:25:02 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.8-60-gbdd180f
Message-ID: <E1ZhxNv-0006wq-RR@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  bdd180f47cb0d63a2f8c4a7ed9b2aa66b4781cd8 (commit)
      from  75c64c2b6d77856b90903cc3b7c6a2f62ff8eb7b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit bdd180f47cb0d63a2f8c4a7ed9b2aa66b4781cd8
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Oct 2 12:21:31 2015 +0200

    scd: Use Assuan macro instead of a number constant.
    
    --

diff --git a/agent/call-scd.c b/agent/call-scd.c
index 6cd5825..65b5e7c 100644
--- a/agent/call-scd.c
+++ b/agent/call-scd.c
@@ -326,11 +326,12 @@ start_scd (ctrl_t ctrl)
     }
   no_close_list[i] = ASSUAN_INVALID_FD;
 
-  /* Connect to the pinentry and perform initial handshaking.  Use
-     detached flag (128) so that under W32 SCDAEMON does not show up a
+  /* Connect to the scdaemon and perform initial handshaking.  Use
+     detached flag so that under Windows SCDAEMON does not show up a
      new window.  */
   rc = assuan_pipe_connect (ctx, opt.scdaemon_program, argv,
-			    no_close_list, atfork_cb, NULL, 128);
+			    no_close_list, atfork_cb, NULL,
+                            ASSUAN_PIPE_CONNECT_DETACHED);
   if (rc)
     {
       log_error ("can't connect to the SCdaemon: %s\n",

-----------------------------------------------------------------------

Summary of changes:
 agent/call-scd.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Oct  2 14:40:55 2015
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Fri, 02 Oct 2015 14:40:55 +0200
Subject: [git] GpgOL - branch, mime-addin, updated. gpgol-1.2.0-40-g8afa4a3
Message-ID: <E1ZhzVP-0004F8-TL@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".

The branch, mime-addin has been updated
       via  8afa4a3780c8e6da5ea9549b48b7369a41851164 (commit)
       via  033570ca70fda9939106868a739f016f379806e2 (commit)
       via  9196bff24b3176d8d2db38f4a3c15e71cf0cad3a (commit)
       via  ac08e521e553b9a49d32fd55c6b15718e145bffd (commit)
      from  9036bb3fe96742b6e4f46581d86ca8bf59c6a9a5 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 8afa4a3780c8e6da5ea9549b48b7369a41851164
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Fri Oct 2 14:32:28 2015 +0200

    Remove mailitem event handler on unload
    
    * src/mailitem-events.cpp (invoke): Handle unload.
    
    --
    Thought this might fix a crash but it did not. Anyway
    removing the event handler on unload and deleting it
    is the right thing to do to avoid leaking it and a
    ref to an unloaded mailitem.

diff --git a/src/mailitem-events.cpp b/src/mailitem-events.cpp
index e1d024b..dab2c99 100644
--- a/src/mailitem-events.cpp
+++ b/src/mailitem-events.cpp
@@ -359,6 +359,16 @@ EVENT_SINK_INVOKE(MailItemEvents)
             }
           break;
         }
+      case Unload:
+        {
+          log_debug ("%s:%s: Unloading event handler for msg: %p.",
+                     SRCNAME, __func__, m_object);
+          detach_MailItemEvents_sink (this);
+          delete this;
+          log_debug ("%s:%s: Unloaded.",
+                     SRCNAME, __func__);
+          return S_OK;
+        }
       default:
         log_oom_extra ("%s:%s: Message:%p Unhandled Event: %lx \n",
                        SRCNAME, __func__, m_object, dispid);

commit 033570ca70fda9939106868a739f016f379806e2
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Fri Oct 2 14:29:02 2015 +0200

    Hopefully fix Ol 2016 crash on send
    
    * src/mailitem-events.cpp (request_send): Remove delay.
    
    --
    Earlier tests with 2013 made me think that the delay was necessary
    here. But Ol 2016 and Ol 2013 work reliably without it.
    This makes the code more deterministic (Placing a Window message
    in the Queue right after the encryption is done.) and appears
    to fix a random crash in Ol 2016 where Outlook Itself would crash
    after sending the message.

diff --git a/src/mailitem-events.cpp b/src/mailitem-events.cpp
index 492e2db..e1d024b 100644
--- a/src/mailitem-events.cpp
+++ b/src/mailitem-events.cpp
@@ -17,6 +17,7 @@
  * along with this program; if not, see <http://www.gnu.org/licenses/>.
  */
 
+#include "config.h"
 #include "common.h"
 #include "eventsink.h"
 #include "eventsinks.h"
@@ -211,23 +212,15 @@ do_crypto_on_item (LPDISPATCH mailitem)
 DWORD WINAPI
 request_send (LPVOID arg)
 {
-  int not_sent = 1;
-  int tries = 0;
-  do
+  log_debug ("%s:%s: requesting send for: %p",
+             SRCNAME, __func__, arg);
+  if (do_in_ui_thread (REQUEST_SEND_MAIL, arg))
     {
-      /* Outlook needs to handle the message some more to unblock
-         calls to Send. Lets give it 50ms before we send it again. */
-      Sleep (50);
-      log_debug ("%s:%s: requesting send for: %p",
-                 SRCNAME, __func__, arg);
-      not_sent = do_in_ui_thread (REQUEST_SEND_MAIL, arg);
-      tries++;
-    } while (not_sent && tries < 50);
-  if (tries == 50)
-    {
-      // Hum should not happen but I rather avoid
-      // an endless loop in that case.
-      // TODO show error message.
+      MessageBox (NULL,
+                  "Error while requesting send of message.\n"
+                  "Please press the send button again.",
+                  _("GpgOL"),
+                  MB_ICONINFORMATION|MB_OK);
     }
   return 0;
 }

commit 9196bff24b3176d8d2db38f4a3c15e71cf0cad3a
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Fri Oct 2 14:26:07 2015 +0200

    Fix return value of invoke_oom_method
    
    * src/oomhelp.cpp (invoke_oom_method): Return false on success.
    
    --
    This is the opposite of Qt style I'm used to that returns false on
    error so I'm confusing myself sometimes. But usually gpgol
    int return values return zero on success.

diff --git a/src/oomhelp.cpp b/src/oomhelp.cpp
index a920b51..ad50ec9 100644
--- a/src/oomhelp.cpp
+++ b/src/oomhelp.cpp
@@ -1088,9 +1088,9 @@ invoke_oom_method (LPDISPATCH pDisp, const char *name, VARIANT *rVariant)
           log_debug ("%s:%s: Method '%s' invokation failed: %#lx",
                      SRCNAME, __func__, name, hr);
           dump_excepinfo (execpinfo);
-          return false;
+          return -1;
         }
     }
 
-  return true;
+  return 0;
 }

commit ac08e521e553b9a49d32fd55c6b15718e145bffd
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Fri Oct 2 14:24:20 2015 +0200

    Fix return value of mark_mime_action
    
    * src/ribbon-callbacks.cpp (mark_mime_action): Return S_OK when ok.
    
    --
    Weirdly enough Outlook 2016 does not care about the return value
    but versions < 2016 show an error.

diff --git a/src/ribbon-callbacks.cpp b/src/ribbon-callbacks.cpp
index cd5c4c8..ade0330 100644
--- a/src/ribbon-callbacks.cpp
+++ b/src/ribbon-callbacks.cpp
@@ -1306,6 +1306,8 @@ mark_mime_action (LPDISPATCH ctrl, int flags)
 
   message_flag_status (cur_window, newflags);
 
+  rc = S_OK;
+
 done:
   RELDISP (context);
   RELDISP (mailitem);

-----------------------------------------------------------------------

Summary of changes:
 src/mailitem-events.cpp  | 35 +++++++++++++++++++----------------
 src/oomhelp.cpp          |  4 ++--
 src/ribbon-callbacks.cpp |  2 ++
 3 files changed, 23 insertions(+), 18 deletions(-)


hooks/post-receive
-- 
GnuPG extension for MS Outlook
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Oct  5 11:02:05 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 05 Oct 2015 11:02:05 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.8-61-g0bae2ff
Message-ID: <E1Zj1WH-0007y5-P4@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  0bae2ff5996bb9d73a750839ac7fd5b2976134da (commit)
      from  bdd180f47cb0d63a2f8c4a7ed9b2aa66b4781cd8 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 0bae2ff5996bb9d73a750839ac7fd5b2976134da
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Oct 5 10:58:00 2015 +0200

    tests: Two new OpenPGP test keys from E2E.
    
    --

diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am
index 4fdb0a6..95bb92c 100644
--- a/tests/openpgp/Makefile.am
+++ b/tests/openpgp/Makefile.am
@@ -83,7 +83,9 @@ sample_keys = samplekeys/ecc-sample-1-pub.asc \
 	      samplekeys/eddsa-sample-1-sec.asc \
 	      samplekeys/dda252ebb8ebe1af-1.asc \
 	      samplekeys/dda252ebb8ebe1af-2.asc \
-	      samplekeys/whats-new-in-2.1.asc
+	      samplekeys/whats-new-in-2.1.asc \
+	      samplekeys/e2e-p256-1-clr.asc \
+	      samplekeys/e2e-p256-1-prt.asc
 
 EXTRA_DIST = defs.inc pinentry.sh $(TESTS) $(TEST_FILES) ChangeLog-2011 \
 	     mkdemodirs signdemokey $(priv_keys) $(sample_keys)
diff --git a/tests/openpgp/samplekeys/README b/tests/openpgp/samplekeys/README
index d130fa0..0d9490a 100644
--- a/tests/openpgp/samplekeys/README
+++ b/tests/openpgp/samplekeys/README
@@ -11,3 +11,5 @@ eddsa-sample-1-sec.asc Ditto, but as protected secret keyblock.
 dda252ebb8ebe1af-1.asc rsa4096 key 1
 dda252ebb8ebe1af-2.asc rsa4096 key 2 with a long keyid collision.
 whats-new-in-2.1.asc   Collection of sample keys.
+e2e-p256-1-clr.asc     Google End-end-End test key (no protection)
+e2e-p256-1-prt.asc     Ditto, but protected with passphrase "a".
diff --git a/tests/openpgp/samplekeys/e2e-p256-1-clr.asc b/tests/openpgp/samplekeys/e2e-p256-1-clr.asc
new file mode 100644
index 0000000..2b53091
--- /dev/null
+++ b/tests/openpgp/samplekeys/e2e-p256-1-clr.asc
@@ -0,0 +1,37 @@
+pub   nistp256/03288C74F8BE8F0F 1970-01-01
+uid                 [ unknown] <example at another.test>
+sub   nistp256/A6ED196C7C513F1E 1970-01-01
+
+Not protected.
+
+Taken from
+https://github.com/google/end-to-end/issues/326#issuecomment-123585977
+
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+Charset: UTF-8
+Version: End-To-End v0.3.1342
+
+xf8AAAB3BAAAAAATCCqGSM49AwEHAgMEmUwnXtxBvQY+nXvduAbd626NmYshRVi4
+HULGQ9fAHjKqfld4qWk97o+ggZDAnhQJ/Jm3ljtXr3/SosXUsSh7AAABAP2/JEYo
+22A3Ju3N3vhcbSuvJiHggUDtaomAX2ts2uGYEOvN/wAAABY8ZXhhbXBsZUBhbm90
+aGVyLnRlc3Q+wv8AAACNBBATCAA//wAAAAWCVazty/8AAAACiwn/AAAACZADKIx0
++L6PD/8AAAAFlQgJCgv/AAAAA5YBAv8AAAACmwP/AAAAAp4BAACIEgD8C80DxHrk
+iIBDHF5EWguzM+gUTb4xmIdTAJ2wGUOnTOoA/RpWuJNKU3kdtnnmqce88//jN8VF
+1Ho0BONH1b7dRV4ix/8AAAB7BAAAAAASCCqGSM49AwEHAgMEyfb375CDU05C3BXj
+FY3tGbGEmGrTgNj0lAzdbi7TVm5tiHidcNWPHSQPS8aMmygH23OvIkTBmJdCHR38
+lGID/gMBCAcAAQD8IOp5uKaGHtkmHNdwiwizTl3a2fAltOEAmWwyS6X0qBD1wv8A
+AABtBBgTCAAf/wAAAAWCVazty/8AAAAJkAMojHT4vo8P/wAAAAKbDAAA88EBAKve
+TpskPN10clQ6TeCFqlq51jhB5ZhzPSq64ChB7p8nAQCa9aJZneQOvMDquN/1vpJK
+MvDHHXB+EgIsuAzL0DtfL8b/AAAAUgQAAAAAEwgqhkjOPQMBBwIDBJlMJ17cQb0G
+Pp173bgG3etujZmLIUVYuB1CxkPXwB4yqn5XeKlpPe6PoIGQwJ4UCfyZt5Y7V69/
+0qLF1LEoewDN/wAAABY8ZXhhbXBsZUBhbm90aGVyLnRlc3Q+wv8AAACNBBATCAA/
+/wAAAAWCVazty/8AAAACiwn/AAAACZADKIx0+L6PD/8AAAAFlQgJCgv/AAAAA5YB
+Av8AAAACmwP/AAAAAp4BAACIEgD8C80DxHrkiIBDHF5EWguzM+gUTb4xmIdTAJ2w
+GUOnTOoA/RpWuJNKU3kdtnnmqce88//jN8VF1Ho0BONH1b7dRV4izv8AAABWBAAA
+AAASCCqGSM49AwEHAgMEyfb375CDU05C3BXjFY3tGbGEmGrTgNj0lAzdbi7TVm5t
+iHidcNWPHSQPS8aMmygH23OvIkTBmJdCHR38lGID/gMBCAfC/wAAAG0EGBMIAB//
+AAAABYJVrO3L/wAAAAmQAyiMdPi+jw//AAAAApsMAADzwQD/ahaSqogMflSlGJRU
+Z6Qb51EAaYBB5nL/u1ckWLh/CCEBAM83CFzh1qJXzYnl5DJNAPnj4jJgJKtSxOhn
+bvlk62wx
+=Xjs9
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/openpgp/samplekeys/e2e-p256-1-prt.asc b/tests/openpgp/samplekeys/e2e-p256-1-prt.asc
new file mode 100644
index 0000000..d30e8c0
--- /dev/null
+++ b/tests/openpgp/samplekeys/e2e-p256-1-prt.asc
@@ -0,0 +1,39 @@
+pub   nistp256/03288C74F8BE8F0F 1970-01-01
+uid                 [ unknown] <example at another.test>
+sub   nistp256/A6ED196C7C513F1E 1970-01-01
+
+Passphrase is "a".
+
+Taken from
+https://github.com/google/end-to-end/issues/326#issuecomment-123585977
+
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+Charset: UTF-8
+Version: End-To-End v0.3.1342
+
+xf8AAAClBAAAAAATCCqGSM49AwEHAgMEmUwnXtxBvQY+nXvduAbd626NmYshRVi4
+HULGQ9fAHjKqfld4qWk97o+ggZDAnhQJ/Jm3ljtXr3/SosXUsSh7AP4JAwLJdqYd
+6K+4XWACOPArMgQfaUFtQY54pRS1Vo98N4Jpw7o0iYAr80y40s5DaBIcUD5UuMHM
+p5no4vv8/hVCkIWJvoD/08rIzJDYEc9h2S4Lzf8AAAAWPGV4YW1wbGVAYW5vdGhl
+ci50ZXN0PsL/AAAAjQQQEwgAP/8AAAAFglWs7cv/AAAAAosJ/wAAAAmQAyiMdPi+
+jw//AAAABZUICQoL/wAAAAOWAQL/AAAAApsD/wAAAAKeAQAAiBIA/AvNA8R65IiA
+QxxeRFoLszPoFE2+MZiHUwCdsBlDp0zqAP0aVriTSlN5HbZ55qnHvPP/4zfFRdR6
+NATjR9W+3UVeIsf/AAAAqQQAAAAAEggqhkjOPQMBBwIDBMn29++Qg1NOQtwV4xWN
+7RmxhJhq04DY9JQM3W4u01ZubYh4nXDVjx0kD0vGjJsoB9tzryJEwZiXQh0d/JRi
+A/4DAQgH/gkDAsplyBF6DNuBYC3tTyYEL0QQjWrcaaeTk4JSb93mog6QlL610EO5
++muowWT9Dl8Ll77BjQSpj7mmqGHIj/IxJubOYqa+iW1e4pj5qlXCaBbC/wAAAG0E
+GBMIAB//AAAABYJVrO3L/wAAAAmQAyiMdPi+jw//AAAAApsMAADzwQEAq95OmyQ8
+3XRyVDpN4IWqWrnWOEHlmHM9KrrgKEHunycBAJr1olmd5A68wOq43/W+kkoy8Mcd
+cH4SAiy4DMvQO18vxv8AAABSBAAAAAATCCqGSM49AwEHAgMEmUwnXtxBvQY+nXvd
+uAbd626NmYshRVi4HULGQ9fAHjKqfld4qWk97o+ggZDAnhQJ/Jm3ljtXr3/SosXU
+sSh7AM3/AAAAFjxleGFtcGxlQGFub3RoZXIudGVzdD7C/wAAAI0EEBMIAD//AAAA
+BYJVrO3L/wAAAAKLCf8AAAAJkAMojHT4vo8P/wAAAAWVCAkKC/8AAAADlgEC/wAA
+AAKbA/8AAAACngEAAIgSAPwLzQPEeuSIgEMcXkRaC7Mz6BRNvjGYh1MAnbAZQ6dM
+6gD9Gla4k0pTeR22eeapx7zz/+M3xUXUejQE40fVvt1FXiLO/wAAAFYEAAAAABII
+KoZIzj0DAQcCAwTJ9vfvkINTTkLcFeMVje0ZsYSYatOA2PSUDN1uLtNWbm2IeJ1w
+1Y8dJA9LxoybKAfbc68iRMGYl0IdHfyUYgP+AwEIB8L/AAAAbQQYEwgAH/8AAAAF
+glWs7cv/AAAACZADKIx0+L6PD/8AAAACmwwAAPPBAP9qFpKqiAx+VKUYlFRnpBvn
+UQBpgEHmcv+7VyRYuH8IIQEAzzcIXOHWolfNieXkMk0A+ePiMmAkq1LE6Gdu+WTr
+bDE=
+=Sgsj
+-----END PGP PRIVATE KEY BLOCK-----

-----------------------------------------------------------------------

Summary of changes:
 tests/openpgp/Makefile.am                   |  4 ++-
 tests/openpgp/samplekeys/README             |  2 ++
 tests/openpgp/samplekeys/e2e-p256-1-clr.asc | 37 +++++++++++++++++++++++++++
 tests/openpgp/samplekeys/e2e-p256-1-prt.asc | 39 +++++++++++++++++++++++++++++
 4 files changed, 81 insertions(+), 1 deletion(-)
 create mode 100644 tests/openpgp/samplekeys/e2e-p256-1-clr.asc
 create mode 100644 tests/openpgp/samplekeys/e2e-p256-1-prt.asc


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Oct  5 11:35:12 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 05 Oct 2015 11:35:12 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.8-64-g4387303
Message-ID: <E1Zj22I-000149-0w@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  438730323a5d9bbf8dd5cd60d479b6c03f8721d0 (commit)
       via  7392d3018204937af4ecc176baed931fb89c6634 (commit)
       via  c6400c1aa82239f1c154ca27596600cae964515d (commit)
      from  0bae2ff5996bb9d73a750839ac7fd5b2976134da (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 438730323a5d9bbf8dd5cd60d479b6c03f8721d0
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Oct 5 11:31:31 2015 +0200

    dirmngr: Make clear that --use-tor is not yet ready for use.
    
    * dirmngr/dirmngr.c (main): Print a warning if --use-tor has been
    given.
    * tools/gpgconf-comp.c (gc_options_dirmngr): Make --use-tor invisible.

diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index fb9a701..31833eb 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -960,6 +960,14 @@ main (int argc, char **argv)
   log_info ("NOTE: this is a development version!\n");
 #endif
 
+  if (opt.use_tor)
+    {
+      log_info ("WARNING: ***************************************\n");
+      log_info ("WARNING: TOR mode (--use-tor) DOES NOT YET WORK!\n");
+      log_info ("WARNING: ***************************************\n");
+    }
+
+
   /* Print a warning if an argument looks like an option.  */
   if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN))
     {
diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
index d62e2d5..7757acf 100644
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@@ -236,6 +236,12 @@ sufficient.
 Enabling this option forces loading of expired CRLs; this is only
 useful for debugging.
 
+ at item --use-tor
+ at opindex use-tor
+This options is not yet functional!  It will eventually switch GnuPG
+into a TOR mode to route all network access via TOR (an anonymity
+network).
+
 @item --disable-ldap
 @opindex disable-ldap
 Entirely disables the use of LDAP.
diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index cf53ebc..464b89b 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -911,7 +911,7 @@ static gc_option_t gc_options_dirmngr[] =
    { "TOR",
      GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
      "gnupg", N_("Options controlling the use of TOR") },
-   { "use-tor", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
+   { "use-tor", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
      "dirmngr", "route all network traffic via TOR",
       GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
 

commit 7392d3018204937af4ecc176baed931fb89c6634
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Oct 5 11:17:40 2015 +0200

    po: Update the German translation.
    
    --

diff --git a/po/de.po b/po/de.po
index db82908..279377a 100644
--- a/po/de.po
+++ b/po/de.po
@@ -9,7 +9,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: gnupg-2.1.0\n"
 "Report-Msgid-Bugs-To: translations at gnupg.org\n"
-"PO-Revision-Date: 2015-08-20 16:27+0200\n"
+"PO-Revision-Date: 2015-10-05 11:17+0200\n"
 "Last-Translator: Werner Koch <wk at gnupg.org>\n"
 "Language-Team: German <de at li.org>\n"
 "Language: de\n"
@@ -702,6 +702,10 @@ msgid "a %zu bit hash is not valid for a %u bit %s key\n"
 msgstr ""
 "Ein %zu-Bit Hashverfahren ist f?r einen %u-Bit %s Schl?ssel nicht m?glich\n"
 
+#, c-format
+msgid "checking created signature failed: %s\n"
+msgstr "Pr?fung der erstellten Signatur ist fehlgeschlagen: %s\n"
+
 msgid "secret key parts are not available\n"
 msgstr "Teile des geheimen Schl?ssels sind nicht vorhanden\n"
 
@@ -3146,6 +3150,10 @@ msgstr "Dieser Befehl ist im %s-Modus nicht erlaubt.\n"
 msgid "You must select at least one user ID.\n"
 msgstr "Zumindestens eine User-ID mu? ausgew?hlt werden.\n"
 
+#, c-format
+msgid "(Use the '%s' command.)\n"
+msgstr "(Benutze den '%s' Befehl.)\n"
+
 msgid "You can't delete the last user ID!\n"
 msgstr "Die letzte User-ID kann nicht gel?scht werden!\n"
 
@@ -5124,10 +5132,6 @@ msgstr ""
 "(zu gro?). Verwende \"unerweiterte\".\n"
 
 #, c-format
-msgid "checking created signature failed: %s\n"
-msgstr "Pr?fung der erstellten Signatur ist fehlgeschlagen: %s\n"
-
-#, c-format
 msgid "%s/%s signature from: \"%s\"\n"
 msgstr "%s/%s Signatur von: \"%s\"\n"
 
@@ -7033,6 +7037,9 @@ msgstr "Fehler beim Holen von `%s': %s\n"
 msgid "error retrieving '%s': http status %u\n"
 msgstr "Fehler beim Holen von `%s': HTTP Status %u\n"
 
+msgid "CRL access not possible due to TOR mode\n"
+msgstr "CRL Zugriff ist im TOR Modus nicht m?glich\n"
+
 #, c-format
 msgid "certificate search not possible due to disabled %s\n"
 msgstr "Zertifikatsuche ist nicht m?glich da %s abgeschaltet ist\n"
@@ -7241,6 +7248,9 @@ msgstr "|N|Nicht mehr als N Angaben in einer Anfrage zur?ckgeben"
 msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
 msgstr "|DATEI|Benutze die CA Zertifikate in DATEI f?r HKP ?ber TLS"
 
+msgid "route all network traffic via TOR"
+msgstr "Netzzugriff nur ?ber TOR"
+
 msgid ""
 "@\n"
 "(See the \"info\" manual for a complete listing of all commands and "
@@ -7534,6 +7544,9 @@ msgstr "Fehler beim Lesen vom Responder: %s\n"
 msgid "response from server too large; limit is %d bytes\n"
 msgstr "Antwort vom Server zu lang; die Grenze sind %d Bytes\n"
 
+msgid "OCSP request not possible due to TOR mode\n"
+msgstr "OCSP Anfrage ist im TOR Modus nicht m?glich\n"
+
 msgid "OCSP request not possible due to disabled HTTP\n"
 msgstr "OCSP Anfrage nicht m?glich da HTTP abgeschaltet ist\n"
 
@@ -7885,6 +7898,9 @@ msgstr "Optionen zum Einstellen der Ausgabeformate"
 msgid "Options controlling the interactivity and enforcement"
 msgstr "Optionen zur Einstellung der Interaktivit?t und Geltendmachung"
 
+msgid "Options controlling the use of TOR"
+msgstr "Optionen zur Benutzung von TOR"
+
 msgid "Configuration for HTTP servers"
 msgstr "Konfiguration f?r HTTP Server"
 
@@ -7912,8 +7928,8 @@ msgstr "Smartcard Daemon"
 msgid "GPG for S/MIME"
 msgstr "GPG f?r S/MIME"
 
-msgid "Directory Manager"
-msgstr "Directory Manager"
+msgid "Key Acquirer"
+msgstr "Schl?sselzugriff"
 
 msgid "PIN and Passphrase Entry"
 msgstr "PIN und Passphrase Eingabe"
@@ -8133,6 +8149,9 @@ msgstr ""
 "Syntax: gpg-check-pattern [optionen] Musterdatei\n"
 "Die von stdin gelesene Passphrase gegen die Musterdatei pr?fen\n"
 
+#~ msgid "Directory Manager"
+#~ msgstr "Directory Manager"
+
 #~ msgid "toggle between the secret and public key listings"
 #~ msgstr ""
 #~ "Umschalten zwischen dem Auflisten geheimer und ?ffentlicher Schl?ssel"

commit c6400c1aa82239f1c154ca27596600cae964515d
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Oct 5 11:08:34 2015 +0200

    gpgconf: Change displayed name of Dirmngr to "Key Acquirer".
    
    * tools/gpgconf-comp.c (gc_component): Change printed name.
    --
    
    All network access is handled by Dirmngr so at least in the GUI option
    dialog we should acknowledge that by changing the name to an issuer to
    understand term.  This is an update of
    819bba75aaed11ecef2e274add173718358212b9 suggested by Neal Walfield.
    The former term "Network Manager" conflicts with the well known GNOME
    network manager tool.

diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index 550945a..cf53ebc 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -1055,7 +1055,7 @@ static struct
     { "gpg-agent","gnupg", N_("GPG Agent"), gc_options_gpg_agent },
     { "scdaemon", "gnupg", N_("Smartcard Daemon"), gc_options_scdaemon },
     { "gpgsm",    "gnupg", N_("GPG for S/MIME"), gc_options_gpgsm },
-    { "dirmngr",  "gnupg", N_("Network Manager"), gc_options_dirmngr },
+    { "dirmngr",  "gnupg", N_("Key Acquirer"), gc_options_dirmngr },
     { "pinentry", "gnupg", N_("PIN and Passphrase Entry"), gc_options_pinentry }
   };
 

-----------------------------------------------------------------------

Summary of changes:
 dirmngr/dirmngr.c    |  8 ++++++++
 doc/dirmngr.texi     |  6 ++++++
 po/de.po             | 33 ++++++++++++++++++++++++++-------
 tools/gpgconf-comp.c |  4 ++--
 4 files changed, 42 insertions(+), 9 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Oct  5 17:57:16 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 05 Oct 2015 17:57:16 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.8-66-gae471fa
Message-ID: <E1Zj801-0001xe-EH@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  ae471fa978589fb61ecb0f89bbfe4d43cf2d5eac (commit)
       via  a48e6de603c3a312f02b1b5fdb813032eeae9074 (commit)
      from  438730323a5d9bbf8dd5cd60d479b6c03f8721d0 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ae471fa978589fb61ecb0f89bbfe4d43cf2d5eac
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Oct 5 17:52:28 2015 +0200

    gpg: Deprecate the --keyserver option.
    
    * g10/keyserver.c (keyserver_refresh): Change return type to
    gpg_error_t.  Use gpg_dirmngr_ks_list to print the name of the
    keyserver to use.
    (keyserver_search): Do not print the "no keyserver" error
    message.  The same error is anyway returned from dirmngr.
    * g10/call-dirmngr.c (ks_status_parm_s): Add field "keyword".
    (ks_status_cb): Handle other status keywords.
    (gpg_dirmngr_ks_list): New.
    * tools/gpgconf-comp.c (gc_options_gpg): Deprecate "keyserver".
    (gc_options_dirmngr): Add "Keyserver" group and "keyserver".
    --
    
    Along with the corresponding dirmngr change this option allows to
    configure the keyserver only in dirmngr.conf.  Existing
    configurations will continue to work.  However, GUIs using gpgconf
    now the keyserver option under the dirmngr (aka Key Acquirer) tab
    unless they are in export mode in which the keyserver option is also
    show for gpg.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/doc/gpg.texi b/doc/gpg.texi
index 28e4f83..7d78e9e 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1504,6 +1504,9 @@ ignored if the option --with-colons is used.
 
 @item --keyserver @code{name}
 @opindex keyserver
+This option is deprecated - please use the @option{--keyserver} in
+ at file{dirmngr.conf} instead.
+
 Use @code{name} as your keyserver. This is the server that
 @option{--recv-keys}, @option{--send-keys}, and @option{--search-keys}
 will communicate with to receive keys from, send keys to, and search for
@@ -1586,6 +1589,7 @@ are available for all keyserver types, some common options are:
   @option{--recv-keys} command as a whole. Defaults to 30 seconds.
 
   @item http-proxy=@code{value}
+  This options is deprecated.
   Set the proxy to use for HTTP and HKP keyservers.
   This overrides any proxy defined in @file{dirmngr.conf}.
 
diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c
index df19e4c..75cd51d 100644
--- a/g10/call-dirmngr.c
+++ b/g10/call-dirmngr.c
@@ -44,6 +44,7 @@
 /* Parameter structure used to gather status info.  */
 struct ks_status_parm_s
 {
+  const char *keyword; /* Look for this keyword or NULL for "SOURCE". */
   char *source;
 };
 
@@ -334,7 +335,7 @@ clear_context_flags (ctrl_t ctrl, assuan_context_t ctx)
 
 
 

-/* Status callback for ks_get and ks_search.  */
+/* Status callback for ks_list, ks_get and ks_search.  */
 static gpg_error_t
 ks_status_cb (void *opaque, const char *line)
 {
@@ -342,7 +343,7 @@ ks_status_cb (void *opaque, const char *line)
   gpg_error_t err = 0;
   const char *s;
 
-  if ((s = has_leading_keyword (line, "SOURCE")))
+  if ((s = has_leading_keyword (line, parm->keyword? parm->keyword : "SOURCE")))
     {
       if (!parm->source)
         {
@@ -357,6 +358,44 @@ ks_status_cb (void *opaque, const char *line)
 
 
 

+/* Run the "KEYSERVER" command to return the name of the used
+   keyserver at R_KEYSERVER.  */
+gpg_error_t
+gpg_dirmngr_ks_list (ctrl_t ctrl, char **r_keyserver)
+{
+  gpg_error_t err;
+  assuan_context_t ctx;
+  struct ks_status_parm_s stparm;
+
+  memset (&stparm, 0, sizeof stparm);
+  stparm.keyword = "KEYSERVER";
+  *r_keyserver = NULL;
+
+  err = open_context (ctrl, &ctx);
+  if (err)
+    return err;
+
+  err = assuan_transact (ctx, "KEYSERVER", NULL, NULL,
+                         NULL, NULL, ks_status_cb, &stparm);
+  if (err)
+    goto leave;
+  if (!stparm.source)
+    {
+      err = gpg_error (GPG_ERR_NO_KEYSERVER);
+      goto leave;
+    }
+
+  *r_keyserver = stparm.source;
+  stparm.source = NULL;
+
+ leave:
+  xfree (stparm.source);
+  close_context (ctrl, ctx);
+  return err;
+}
+
+
+

 /* Data callback for the KS_SEARCH command. */
 static gpg_error_t
 ks_search_data_cb (void *opaque, const void *data, size_t datalen)
diff --git a/g10/call-dirmngr.h b/g10/call-dirmngr.h
index b9b8e21..cdad645 100644
--- a/g10/call-dirmngr.h
+++ b/g10/call-dirmngr.h
@@ -21,6 +21,7 @@
 
 void gpg_dirmngr_deinit_session_data (ctrl_t ctrl);
 
+gpg_error_t gpg_dirmngr_ks_list (ctrl_t ctrl, char **r_keyserver);
 gpg_error_t gpg_dirmngr_ks_search (ctrl_t ctrl, const char *searchstr,
                                    gpg_error_t (*cb)(void*, int, char *),
                                    void *cb_value);
diff --git a/g10/keyserver-internal.h b/g10/keyserver-internal.h
index fc1c343..beaa13c 100644
--- a/g10/keyserver-internal.h
+++ b/g10/keyserver-internal.h
@@ -37,7 +37,7 @@ int keyserver_import_fprint (ctrl_t ctrl, const byte *fprint,size_t fprint_len,
                              struct keyserver_spec *keyserver);
 int keyserver_import_keyid (ctrl_t ctrl, u32 *keyid,
                             struct keyserver_spec *keyserver);
-int keyserver_refresh (ctrl_t ctrl, strlist_t users);
+gpg_error_t keyserver_refresh (ctrl_t ctrl, strlist_t users);
 gpg_error_t keyserver_search (ctrl_t ctrl, strlist_t tokens);
 int keyserver_fetch (ctrl_t ctrl, strlist_t urilist);
 int keyserver_import_cert (ctrl_t ctrl, const char *name,
diff --git a/g10/keyserver.c b/g10/keyserver.c
index 40ba49a..e20c16b 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -1357,10 +1357,12 @@ keyidlist(strlist_t users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
 /* Note this is different than the original HKP refresh.  It allows
    usernames to refresh only part of the keyring. */
 
-int
+gpg_error_t
 keyserver_refresh (ctrl_t ctrl, strlist_t users)
 {
-  int rc,count,numdesc,fakev3=0;
+  gpg_error_t err;
+  int count, numdesc;
+  int fakev3 = 0;
   KEYDB_SEARCH_DESC *desc;
   unsigned int options=opt.keyserver_options.import_options;
 
@@ -1381,9 +1383,9 @@ keyserver_refresh (ctrl_t ctrl, strlist_t users)
 	 ascii_strcasecmp(opt.keyserver->scheme,"mailto")==0))
     fakev3=1;
 
-  rc=keyidlist(users,&desc,&numdesc,fakev3);
-  if(rc)
-    return rc;
+  err = keyidlist (users, &desc, &numdesc, fakev3);
+  if (err)
+    return err;
 
   count=numdesc;
   if(count>0)
@@ -1403,11 +1405,11 @@ keyserver_refresh (ctrl_t ctrl, strlist_t users)
 	      /* We use the keyserver structure we parsed out before.
 		 Note that a preferred keyserver without a scheme://
 		 will be interpreted as hkp:// */
-	      rc = keyserver_get (ctrl, &desc[i], 1, keyserver, NULL, NULL);
-	      if(rc)
+	      err = keyserver_get (ctrl, &desc[i], 1, keyserver, NULL, NULL);
+	      if (err)
 		log_info(_("WARNING: unable to refresh key %s"
 			   " via %s: %s\n"),keystr_from_desc(&desc[i]),
-			 keyserver->uri,gpg_strerror (rc));
+			 keyserver->uri,gpg_strerror (err));
 	      else
 		{
 		  /* We got it, so mark it as NONE so we don't try and
@@ -1424,16 +1426,22 @@ keyserver_refresh (ctrl_t ctrl, strlist_t users)
 
   if(count>0)
     {
-      if(opt.keyserver && !opt.quiet)
-	{
-	  if(count==1)
-	    log_info(_("refreshing 1 key from %s\n"),opt.keyserver->uri);
-	  else
-	    log_info(_("refreshing %d keys from %s\n"),
-		     count,opt.keyserver->uri);
-	}
+      char *tmpuri;
 
-      rc=keyserver_get (ctrl, desc, numdesc, NULL, NULL, NULL);
+      err = gpg_dirmngr_ks_list (ctrl, &tmpuri);
+      if (!err)
+        {
+          if (!opt.quiet)
+            {
+              if(count==1)
+                log_info(_("refreshing 1 key from %s\n"), tmpuri);
+              else
+                log_info(_("refreshing %d keys from %s\n"), count, tmpuri);
+            }
+          xfree (tmpuri);
+
+          err = keyserver_get (ctrl, desc, numdesc, NULL, NULL, NULL);
+        }
     }
 
   xfree(desc);
@@ -1445,7 +1453,7 @@ keyserver_refresh (ctrl_t ctrl, strlist_t users)
   if(!(opt.keyserver_options.import_options&IMPORT_FAST))
     check_or_update_trustdb ();
 
-  return rc;
+  return err;
 }
 
 
@@ -1463,12 +1471,6 @@ keyserver_search (ctrl_t ctrl, strlist_t tokens)
   if (!tokens)
     return 0;  /* Return success if no patterns are given.  */
 
-  if (!opt.keyserver)
-    {
-      log_error (_("no keyserver known (use option --keyserver)\n"));
-      return gpg_error (GPG_ERR_NO_KEYSERVER);
-    }
-
   /* Write global options */
 
   /* for(temp=opt.keyserver_options.other;temp;temp=temp->next) */
diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index 464b89b..e736162 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -724,8 +724,8 @@ static gc_option_t gc_options_gpg[] =
    { "Keyserver",
      GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
      "gnupg", N_("Configuration for Keyservers") },
-   { "keyserver", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
-     "gnupg", N_("|URL|use keyserver at URL"),
+   { "keyserver", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
+     "gnupg", N_("|URL|use keyserver at URL"), /* Deprecated - use dirmngr */
      GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
    { "allow-pka-lookup", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
      "gnupg", N_("allow PKA lookups (DNS requests)"),
@@ -735,8 +735,6 @@ static gc_option_t gc_options_gpg[] =
      GC_ARG_TYPE_STRING, GC_BACKEND_GPG },
 
 
-
-
    GC_OPTION_NULL
  };
 #endif /*BUILD_WITH_GPG*/
@@ -915,6 +913,13 @@ static gc_option_t gc_options_dirmngr[] =
      "dirmngr", "route all network traffic via TOR",
       GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
 
+   { "Keyserver",
+     GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
+     "gnupg", N_("Configuration for Keyservers") },
+   { "keyserver", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
+     "gnupg", N_("|URL|use keyserver at URL"),
+     GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
+
    { "HTTP",
      GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
      "gnupg", N_("Configuration for HTTP servers") },

commit a48e6de603c3a312f02b1b5fdb813032eeae9074
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Oct 5 17:44:20 2015 +0200

    dirmngr: Add option --keyserver.
    
    * dirmngr/dirmngr.c (oKeyServer): New.
    (opts): Add "keyserver".
    (parse_rereadable_options): Parse that options
    (main): Add option to the gpgconf list.
    * dirmngr/dirmngr.h (opt): Add field "keyserver".
    * dirmngr/server.c (ensure_keyserver): New.
    (make_keyserver_item): New.  Factored out from
    (cmd_keyserver): here.  Call ensure_keyserver.
    (cmd_ks_search): Call ensure_keyserver.
    (cmd_ks_get): Ditto.
    (cmd_ks_fetch): Ditto.
    (cmd_ks_put): Ditto.
    --
    
    This option specifies the keyserver to be used if the client does not
    set another keyserver.  We want to fade out the use of --keyserver in
    gpg.conf in favor of specifying it here.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index 31833eb..847a65d 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -141,6 +141,7 @@ enum cmd_and_opt_values {
   oHTTPWrapperProgram,
   oIgnoreCertExtension,
   oUseTor,
+  oKeyServer,
   aTest
 };
 
@@ -213,6 +214,7 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_i (oMaxReplies, "max-replies",
                 N_("|N|do not return more than N items in one query")),
 
+  ARGPARSE_s_s (oKeyServer, "keyserver", "@"),
   ARGPARSE_s_s (oHkpCaCert, "hkp-cacert",
                 N_("|FILE|use the CA certificates in FILE for HKP over TLS")),
 
@@ -520,7 +522,9 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
         }
       FREE_STRLIST (opt.ignored_cert_extensions);
       http_register_tls_ca (NULL);
-      /* We do not allow resetting of opt.use_tor at runtime.  */
+      xfree (opt.keyserver);
+      opt.keyserver = NULL;
+      /* Note: We do not allow resetting of opt.use_tor at runtime.  */
       return 1;
     }
 
@@ -585,6 +589,11 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
 
     case oUseTor: opt.use_tor = 1; break;
 
+    case oKeyServer:
+      xfree (opt.keyserver);
+      opt.keyserver = *pargs->r.ret_str? xtrystrdup (pargs->r.ret_str) : NULL;
+      break;
+
     default:
       return 0; /* Not handled. */
     }
@@ -1418,7 +1427,9 @@ main (int argc, char **argv)
       /* Note: The next one is to fix a typo in gpgconf - should be
          removed eventually. */
       es_printf ("ignore-ocsp-servic-url:%lu:\n", flags | GC_OPT_FLAG_NONE);
+
       es_printf ("use-tor:%lu:\n", flags | GC_OPT_FLAG_NONE);
+      es_printf ("keyserver:%lu:\n", flags | GC_OPT_FLAG_NONE);
     }
   cleanup ();
   return !!rc;
diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h
index a2db627..b2b94f9 100644
--- a/dirmngr/dirmngr.h
+++ b/dirmngr/dirmngr.h
@@ -130,6 +130,8 @@ struct
                                        considered valid after thisUpdate. */
   unsigned int ocsp_current_period; /* Seconds a response is considered
                                        current after nextUpdate. */
+
+  char *keyserver;    /* Malloced string with the default keyserver.  */
 } opt;
 
 
diff --git a/dirmngr/server.c b/dirmngr/server.c
index 694a881..5400a98 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -1626,7 +1626,65 @@ cmd_validate (assuan_context_t ctx, char *line)
   return leave_cmd (ctx, err);
 }
 
+
 

+/* Parse an keyserver URI and store it in a new uri item which is
+   returned at R_ITEM.  On error return an error code.  */
+static gpg_error_t
+make_keyserver_item (const char *uri, uri_item_t *r_item)
+{
+  gpg_error_t err;
+  uri_item_t item;
+
+  *r_item = NULL;
+  item = xtrymalloc (sizeof *item + strlen (uri));
+  if (!item)
+    return gpg_error_from_syserror ();
+
+  item->next = NULL;
+  item->parsed_uri = NULL;
+  strcpy (item->uri, uri);
+
+#if USE_LDAP
+  if (ldap_uri_p (item->uri))
+    err = ldap_parse_uri (&item->parsed_uri, uri);
+  else
+#endif
+    {
+      err = http_parse_uri (&item->parsed_uri, uri, 1);
+    }
+
+  if (err)
+    xfree (item);
+  else
+    *r_item = item;
+  return err;
+}
+
+
+/* If no keyserver is stored in CTRL but a global keyserver has been
+   set, put that global keyserver into CTRL.  We need use this
+   function to help migrate from the old gpg based keyserver
+   configuration to the new dirmngr based configuration.  */
+static gpg_error_t
+ensure_keyserver (ctrl_t ctrl)
+{
+  gpg_error_t err;
+  uri_item_t item;
+
+  if (ctrl->server_local->keyservers)
+    return 0; /* Already set for this session.  */
+  if (!opt.keyserver)
+    return 0; /* No global option set.  */
+
+  err = make_keyserver_item (opt.keyserver, &item);
+  if (!err)
+    ctrl->server_local->keyservers = item;
+
+  return err;
+}
+
+
 static const char hlp_keyserver[] =
   "KEYSERVER [<options>] [<uri>|<host>]\n"
   "Options are:\n"
@@ -1671,7 +1729,9 @@ cmd_keyserver (assuan_context_t ctx, char *line)
 
   if (resolve_flag)
     {
-      err = ks_action_resolve (ctrl, ctrl->server_local->keyservers);
+      err = ensure_keyserver (ctrl);
+      if (!err)
+        err = ks_action_resolve (ctrl, ctrl->server_local->keyservers);
       if (err)
         goto leave;
     }
@@ -1711,29 +1771,9 @@ cmd_keyserver (assuan_context_t ctx, char *line)
 
   if (add_flag)
     {
-      item = xtrymalloc (sizeof *item + strlen (line));
-      if (!item)
-        {
-          err = gpg_error_from_syserror ();
-          goto leave;
-        }
-      item->next = NULL;
-      item->parsed_uri = NULL;
-      strcpy (item->uri, line);
-
-#if USE_LDAP
-      if (ldap_uri_p (item->uri))
-	err = ldap_parse_uri (&item->parsed_uri, line);
-      else
-#endif
-	{
-	  err = http_parse_uri (&item->parsed_uri, line, 1);
-	}
+      err = make_keyserver_item (line, &item);
       if (err)
-        {
-          xfree (item);
-          goto leave;
-        }
+        goto leave;
     }
   if (clear_flag)
     release_ctrl_keyservers (ctrl);
@@ -1743,10 +1783,20 @@ cmd_keyserver (assuan_context_t ctx, char *line)
       ctrl->server_local->keyservers = item;
     }
 
-  if (!add_flag && !clear_flag && !help_flag) /* List configured keyservers.  */
+  if (!add_flag && !clear_flag && !help_flag)
     {
+      /* List configured keyservers.  However, we first add a global
+         keyserver. */
       uri_item_t u;
 
+      err = ensure_keyserver (ctrl);
+      if (err)
+        {
+          assuan_set_error (ctx, err,
+                            "Bad keyserver configuration in dirmngr.conf");
+          goto leave;
+        }
+
       for (u=ctrl->server_local->keyservers; u; u = u->next)
         dirmngr_status (ctrl, "KEYSERVER", u->uri, NULL);
     }
@@ -1799,6 +1849,10 @@ cmd_ks_search (assuan_context_t ctx, char *line)
         }
     }
 
+  err = ensure_keyserver (ctrl);
+  if (err)
+    goto leave;
+
   /* Setup an output stream and perform the search.  */
   outfp = es_fopencookie (ctx, "w", data_line_cookie_functions);
   if (!outfp)
@@ -1861,6 +1915,10 @@ cmd_ks_get (assuan_context_t ctx, char *line)
         }
     }
 
+  err = ensure_keyserver (ctrl);
+  if (err)
+    goto leave;
+
   /* Setup an output stream and perform the get.  */
   outfp = es_fopencookie (ctx, "w", data_line_cookie_functions);
   if (!outfp)
@@ -1891,6 +1949,10 @@ cmd_ks_fetch (assuan_context_t ctx, char *line)
   /* No options for now.  */
   line = skip_options (line);
 
+  err = ensure_keyserver (ctrl);
+  if (err)
+    goto leave;
+
   /* Setup an output stream and perform the get.  */
   outfp = es_fopencookie (ctx, "w", data_line_cookie_functions);
   if (!outfp)
@@ -1901,6 +1963,7 @@ cmd_ks_fetch (assuan_context_t ctx, char *line)
       es_fclose (outfp);
     }
 
+ leave:
   return leave_cmd (ctx, err);
 }
 
@@ -1936,6 +1999,10 @@ cmd_ks_put (assuan_context_t ctx, char *line)
   /* No options for now.  */
   line = skip_options (line);
 
+  err = ensure_keyserver (ctrl);
+  if (err)
+    goto leave;
+
   /* Ask for the key material.  */
   err = assuan_inquire (ctx, "KEYBLOCK",
                         &value, &valuelen, MAX_KEYBLOCK_LENGTH);
diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
index 7757acf..a5bcc73 100644
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@@ -242,6 +242,25 @@ This options is not yet functional!  It will eventually switch GnuPG
 into a TOR mode to route all network access via TOR (an anonymity
 network).
 
+ at item --keyserver @code{name}
+ at opindex keyserver
+Use @code{name} as your keyserver.  This is the server that @command{gpg}
+communicates with to receive keys, send keys, and search for
+keys.  The format of the @code{name} is a URI:
+`scheme:[//]keyservername[:port]' The scheme is the type of keyserver:
+"hkp" for the HTTP (or compatible) keyservers, "ldap" for the LDAP
+keyservers, or "mailto" for the Graff email keyserver. Note that your
+particular installation of GnuPG may have other keyserver types
+available as well. Keyserver schemes are case-insensitive. After the
+keyserver name, optional keyserver configuration options may be
+provided. These are the same as the global @option{--keyserver-options}
+from below, but apply only to this particular keyserver.
+
+Most keyservers synchronize with each other, so there is generally no
+need to send keys to more than one server. The keyserver
+ at code{hkp://keys.gnupg.net} uses round robin DNS to give a different
+keyserver each time you use it.
+
 @item --disable-ldap
 @opindex disable-ldap
 Entirely disables the use of LDAP.

-----------------------------------------------------------------------

Summary of changes:
 dirmngr/dirmngr.c        |  13 +++++-
 dirmngr/dirmngr.h        |   2 +
 dirmngr/server.c         | 115 +++++++++++++++++++++++++++++++++++++----------
 doc/dirmngr.texi         |  19 ++++++++
 doc/gpg.texi             |   4 ++
 g10/call-dirmngr.c       |  43 +++++++++++++++++-
 g10/call-dirmngr.h       |   1 +
 g10/keyserver-internal.h |   2 +-
 g10/keyserver.c          |  50 +++++++++++----------
 tools/gpgconf-comp.c     |  13 ++++--
 10 files changed, 206 insertions(+), 56 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Oct  5 19:14:46 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 05 Oct 2015 19:14:46 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0,
 updated. gnupg-2.0.29-12-gcaa555a
Message-ID: <E1Zj9D0-0005QO-Rh@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-0 has been updated
       via  caa555a5bfaa98f8f630901427a653bd8dc7b95e (commit)
      from  b1653a4083b91cfa85d90f59612fa1c3f4d51778 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit caa555a5bfaa98f8f630901427a653bd8dc7b95e
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Oct 1 13:21:25 2015 +0200

    agent: Fix alignment problem with the second passphrase struct.
    
    * agent/genkey.c (agent_ask_new_passphrase): Use a separate malloc for
    PI2.  Check return value of the malloc function.
    * agent/command-ssh.c (ssh_identity_register): Use a separate malloc
    for PI2.  Wipe PI2.
    --
    
    For whatever stupid reasons I once allocated only one memory area and
    split that into PI and PI2.  This is actually a common pattern with
    malloc but here we used a made up object size and do not take the
    extra alignment required into account.  One of these not yet hit by
    a (sig)bus PC/VAX hacker bugs.
    
    Instead of trying to fix the alignment, it is better to use a second
    calloc for the second struct.
    
    GnuPG-bug-id: 2112
    Signed-off-by: Werner Koch <wk at gnupg.org>
    
    Resolved conflicts:
    	agent/command-ssh.c
    	agent/genkey.c
    
    (backport master commit ddf9dd135acd2b3635bb986f6dfc0e4e446d5fad)

diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index 2aacecc..0a12bb6 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -2835,7 +2835,8 @@ ssh_identity_register (ctrl_t ctrl, gcry_sexp_t key, int ttl, int confirm)
   char *key_fpr = NULL;
   const char *initial_errtext = NULL;
   unsigned int i;
-  struct pin_entry_info_s *pi = NULL, *pi2;
+  struct pin_entry_info_s *pi = NULL;
+  struct pin_entry_info_s *pi2 = NULL;
 
   err = ssh_key_grip (key, key_grip_raw);
   if (err)
@@ -2866,16 +2867,21 @@ ssh_identity_register (ctrl_t ctrl, gcry_sexp_t key, int ttl, int confirm)
       goto out;
     }
 
-  pi = gcry_calloc_secure (2, sizeof (*pi) + 100 + 1);
+  pi = gcry_calloc_secure (1, sizeof (*pi) + 100 + 1);
   if (!pi)
     {
       err = gpg_error_from_syserror ();
       goto out;
     }
-  pi2 = pi + (sizeof *pi + 100 + 1);
-  pi->max_length = 100;
+  pi->max_length = 100 + 1;
   pi->max_tries = 1;
-  pi2->max_length = 100;
+  pi2 = gcry_calloc_secure (1, sizeof (*pi2) + 100 + 1);
+  if (!pi2)
+    {
+      err = gpg_error_from_syserror ();
+      goto out;
+    }
+  pi2->max_length = 100 + 1;
   pi2->max_tries = 1;
   pi2->check_cb = reenter_compare_cb;
   pi2->check_cb_arg = pi->pin;
@@ -2920,6 +2926,9 @@ ssh_identity_register (ctrl_t ctrl, gcry_sexp_t key, int ttl, int confirm)
 
 
  out:
+  if (pi2 && pi2->max_length)
+    wipememory (pi2->pin, pi2->max_length);
+  xfree (pi2);
   if (pi && pi->max_length)
     wipememory (pi->pin, pi->max_length);
   xfree (pi);
diff --git a/agent/genkey.c b/agent/genkey.c
index 65477ad..562f7a2 100644
--- a/agent/genkey.c
+++ b/agent/genkey.c
@@ -310,12 +310,12 @@ agent_genkey (ctrl_t ctrl, const char *keyparam, size_t keyparamlen,
     const char *text2 = _("Please re-enter this passphrase");
     const char *initial_errtext = NULL;
 
-    pi = gcry_calloc_secure (2, sizeof (*pi) + 100);
-    pi2 = pi + (sizeof *pi + 100);
-    pi->max_length = 100;
+    pi = gcry_calloc_secure (1, sizeof (*pi) + 100 + 1);
+    pi->max_length = 100 + 1;
     pi->max_tries = 3;
     pi->with_qualitybar = 1;
-    pi2->max_length = 100;
+    pi2 = gcry_calloc_secure (1, sizeof (*pi) + 100 + 1);
+    pi2->max_length = 100 + 1;
     pi2->max_tries = 3;
     pi2->check_cb = reenter_compare_cb;
     pi2->check_cb_arg = pi->pin;
@@ -345,13 +345,15 @@ agent_genkey (ctrl_t ctrl, const char *keyparam, size_t keyparamlen,
     if (rc)
       {
         xfree (pi);
+        xfree (pi2);
         return rc;
       }
 
     if (!*pi->pin)
       {
         xfree (pi);
-        pi = NULL; /* User does not want a passphrase. */
+        xfree (pi2);
+        pi = pi2 = NULL; /* User does not want a passphrase. */
       }
   }
 
@@ -361,6 +363,7 @@ agent_genkey (ctrl_t ctrl, const char *keyparam, size_t keyparamlen,
     {
       log_error ("key generation failed: %s\n", gpg_strerror (rc));
       xfree (pi);
+      xfree (pi2);
       return rc;
     }
 
@@ -371,6 +374,7 @@ agent_genkey (ctrl_t ctrl, const char *keyparam, size_t keyparamlen,
       log_error ("key generation failed: invalid return value\n");
       gcry_sexp_release (s_key);
       xfree (pi);
+      xfree (pi2);
       return gpg_error (GPG_ERR_INV_DATA);
     }
   s_public = gcry_sexp_find_token (s_key, "public-key", 0);
@@ -380,6 +384,7 @@ agent_genkey (ctrl_t ctrl, const char *keyparam, size_t keyparamlen,
       gcry_sexp_release (s_private);
       gcry_sexp_release (s_key);
       xfree (pi);
+      xfree (pi2);
       return gpg_error (GPG_ERR_INV_DATA);
     }
   gcry_sexp_release (s_key); s_key = NULL;
@@ -388,7 +393,8 @@ agent_genkey (ctrl_t ctrl, const char *keyparam, size_t keyparamlen,
   if (DBG_CRYPTO)
     log_debug ("storing private key\n");
   rc = store_key (s_private, pi? pi->pin:NULL, 0);
-  xfree (pi); pi = NULL;
+  xfree (pi);
+  xfree (pi2);
   gcry_sexp_release (s_private);
   if (rc)
     {
@@ -432,12 +438,12 @@ agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey)
     const char *text2 = _("Please re-enter this passphrase");
     const char *initial_errtext = NULL;
 
-    pi = gcry_calloc_secure (2, sizeof (*pi) + 100);
-    pi2 = pi + (sizeof *pi + 100);
-    pi->max_length = 100;
+    pi = gcry_calloc_secure (1, sizeof (*pi) + 100 + 1);
+    pi->max_length = 100 + 1;
     pi->max_tries = 3;
     pi->with_qualitybar = 1;
-    pi2->max_length = 100;
+    pi2 = gcry_calloc_secure (1, sizeof (*pi) + 100 + 1);
+    pi2->max_length = 100 + 1;
     pi2->max_tries = 3;
     pi2->check_cb = reenter_compare_cb;
     pi2->check_cb_arg = pi->pin;
@@ -468,17 +474,20 @@ agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey)
     if (rc)
       {
         xfree (pi);
+        xfree (pi2);
         return rc;
       }
 
     if (!*pi->pin)
       {
         xfree (pi);
-        pi = NULL; /* User does not want a passphrase. */
+        xfree (pi2);
+        pi = pi2 = NULL; /* User does not want a passphrase. */
       }
   }
 
   rc = store_key (s_skey, pi? pi->pin:NULL, 1);
   xfree (pi);
+  xfree (pi2);
   return rc;
 }

-----------------------------------------------------------------------

Summary of changes:
 agent/command-ssh.c | 19 ++++++++++++++-----
 agent/genkey.c      | 31 ++++++++++++++++++++-----------
 2 files changed, 34 insertions(+), 16 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Oct  5 19:52:58 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 05 Oct 2015 19:52:58 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.8-67-gf3959f1
Message-ID: <E1Zj9nz-0006v3-7d@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  f3959f14b6c496c726bbca5230becb7b6844a234 (commit)
      from  ae471fa978589fb61ecb0f89bbfe4d43cf2d5eac (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit f3959f14b6c496c726bbca5230becb7b6844a234
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Oct 5 19:48:47 2015 +0200

    gpg: Install a dirmngr.conf file.
    
    * g10/dirmngr-conf.skel: New.
    * g10/Makefile.am (EXTRA_DIST): Add file.
    (install-data-local, uninstall-local): Install that file.
    * g10/openfile.c (copy_options_file): Add arg "name", return a value,
    simplify with xstrconcat, and factor warning message out to:
    (try_make_homedir): here.  Also install dirmngr.conf.
    * g10/options.skel: Remove --keyserver entry.
    --
    
    The option --keyserver in gpg has been deprecated in favor of
    --keyserver in dirmngr.conf.  Thus we need to install a skeleton file
    for dirmngr to set a default keyserver.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/Makefile.am b/g10/Makefile.am
index 2fd52b3..cd12183 100644
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@@ -18,7 +18,8 @@
 
 ## Process this file with automake to produce Makefile.in
 
-EXTRA_DIST = options.skel distsigkey.gpg ChangeLog-2011 gpg-w32info.rc \
+EXTRA_DIST = options.skel dirmngr-conf.skel distsigkey.gpg \
+	     ChangeLog-2011 gpg-w32info.rc \
 	     gpg.w32-manifest.in test.c t-keydb-keyring.kbx
 
 AM_CPPFLAGS = -I$(top_srcdir)/common
@@ -164,11 +165,14 @@ install-data-local:
 	$(mkinstalldirs) $(DESTDIR)$(pkgdatadir)
 	$(INSTALL_DATA) $(srcdir)/options.skel \
 				$(DESTDIR)$(pkgdatadir)/gpg-conf.skel
+	$(INSTALL_DATA) $(srcdir)/dirmngr-conf.skel \
+				$(DESTDIR)$(pkgdatadir)/dirmngr-conf.skel
 	$(INSTALL_DATA) $(srcdir)/distsigkey.gpg \
 				$(DESTDIR)$(pkgdatadir)/distsigkey.gpg
 
 uninstall-local:
 	- at rm $(DESTDIR)$(pkgdatadir)/gpg-conf.skel
+	- at rm $(DESTDIR)$(pkgdatadir)/dirmngr-conf.skel
 	- at rm $(DESTDIR)$(pkgdatadir)/distsigkey.gpg
 
 
diff --git a/g10/dirmngr-conf.skel b/g10/dirmngr-conf.skel
new file mode 100644
index 0000000..0888fb7
--- /dev/null
+++ b/g10/dirmngr-conf.skel
@@ -0,0 +1,61 @@
+# dirmngr-conf.skel - Skeleton to create dirmngr.conf.
+# (Note that the first three lines are not copied.)
+#
+# dirmngr.conf - Options for Dirmngr
+# Written in 2015 by The GnuPG Project <https://gnupg.org>
+#
+# To the extent possible under law, the authors have dedicated all
+# copyright and related and neighboring rights to this file to the
+# public domain worldwide.  This file is distributed without any
+# warranty.  You should have received a copy of the CC0 Public Domain
+# Dedication along with this file. If not, see
+# <http://creativecommons.org/publicdomain/zero/1.0/>.
+#
+#
+# Unless you specify which option file to use (with the command line
+# option "--options filename"), the file ~/.gnupg/dirmngr.conf is used
+# by dirmngr.  The file can contain any long options which are valid
+# for Dirmngr.  If the first non white space character of a line is a
+# '#', the line is ignored.  Empty lines are also ignored.  See the
+# dirmngr man page or the manual for a list of options.
+#
+
+# --keyserver URI
+#
+# GPG can send and receive keys to and from a keyserver.  These
+# servers can be HKP, Email, or LDAP (if GnuPG is built with LDAP
+# support).
+#
+# Example HKP keyservers:
+#      hkp://keys.gnupg.net
+#
+# Example HKPS keyservers (see --hkp-cacert below):
+#       hkps://hkps.pool.sks-keyservers.net
+#
+# Example LDAP keyservers:
+#      ldap://pgp.surfnet.nl:11370
+#
+# Regular URL syntax applies, and you can set an alternate port
+# through the usual method:
+#      hkp://keyserver.example.net:22742
+#
+# Most users just set the name and type of their preferred keyserver.
+# Note that most servers (with the notable exception of
+# ldap://keyserver.pgp.com) synchronize changes with each other.  Note
+# also that a single server name may actually point to multiple
+# servers via DNS round-robin.  hkp://keys.gnupg.net is an example of
+# such a "server", which spreads the load over a number of physical
+# servers.
+
+keyserver hkp://keys.gnupg.net
+
+# --hkp-cacert FILENAME
+#
+# For the "hkps" scheme (keyserver access over TLS), Dirmngr needs to
+# know the root certificates for verification of the TLS certificates
+# used for the connection.  Enter the full name of a file with the
+# root certificates here.  If that file is in PEM format a ".pem"
+# suffix is expected.  This option may be given multiple times to add
+# more root certificates.
+
+#hkp-cacert /path/to/CA/sks-keyservers.netCA.pem
diff --git a/g10/openfile.c b/g10/openfile.c
index 76961e5..859090e 100644
--- a/g10/openfile.c
+++ b/g10/openfile.c
@@ -375,10 +375,11 @@ open_sigfile (const char *sigfilename, progress_filter_context_t *pfx)
 
 
 /****************
- * Copy the option file skeleton to the given directory.
+ * Copy the option file skeleton for NAME to the given directory.
+ * Returns true if the new option file has any option.
  */
-static void
-copy_options_file (const char *destdir)
+static int
+copy_options_file (const char *destdir, const char *name)
 {
   const char *datadir = gnupg_datadir ();
   char *fname;
@@ -390,10 +391,9 @@ copy_options_file (const char *destdir)
   int any_option = 0;
 
   if (opt.dry_run)
-    return;
+    return 0;
 
-  fname = xmalloc (strlen(datadir) + strlen(destdir) + 15);
-  strcpy (stpcpy(fname, datadir), DIRSEP_S "gpg-conf" SKELEXT);
+  fname = xstrconcat (datadir, DIRSEP_S, name, "-conf", SKELEXT, NULL);
   src = fopen (fname, "r");
   if (src && is_secured_file (fileno (src)))
     {
@@ -405,9 +405,10 @@ copy_options_file (const char *destdir)
     {
       log_info (_("can't open '%s': %s\n"), fname, strerror(errno));
       xfree(fname);
-      return;
+      return 0;
     }
-  strcpy (stpcpy (fname, destdir), DIRSEP_S GPGEXT_GPG EXTSEP_S "conf");
+  xfree (fname);
+  fname = xstrconcat (destdir, DIRSEP_S, name, EXTSEP_S, "conf", NULL);
 
   oldmask = umask (077);
   if (is_secured_filename (fname))
@@ -424,7 +425,7 @@ copy_options_file (const char *destdir)
       log_info (_("can't create '%s': %s\n"), fname, strerror(errno) );
       fclose (src);
       xfree (fname);
-      return;
+      return 0;
     }
 
   while ((c = getc (src)) != EOF)
@@ -455,11 +456,8 @@ copy_options_file (const char *destdir)
   fclose (src);
 
   log_info (_("new configuration file '%s' created\n"), fname);
-  if (any_option)
-    log_info (_("WARNING: options in '%s'"
-                " are not yet active during this run\n"),
-              fname);
   xfree (fname);
+  return any_option;
 }
 
 
@@ -492,7 +490,15 @@ try_make_homedir (const char *fname)
                     fname, strerror(errno) );
       else if (!opt.quiet )
         log_info ( _("directory '%s' created\n"), fname );
-      copy_options_file( fname );
+
+      /* Note that we also copy a dirmngr.conf file here.  This is
+         because gpg is likely the first invoked tool and thus creates
+         the directory.  */
+      copy_options_file (fname, DIRMNGR_NAME);
+      if (copy_options_file (fname, GPG_NAME))
+        log_info (_("WARNING: options in '%s'"
+                    " are not yet active during this run\n"),
+                  fname);
     }
 }
 
diff --git a/g10/options.skel b/g10/options.skel
index 20b5711..e8f1882 100644
--- a/g10/options.skel
+++ b/g10/options.skel
@@ -95,39 +95,9 @@ require-cross-certification
 
 #lock-once
 
-# GnuPG can send and receive keys to and from a keyserver.  These
-# servers can be HKP, email, or LDAP (if GnuPG is built with LDAP
-# support).
-#
-# Example HKP keyservers:
-#      hkp://keys.gnupg.net
-#
-# Example LDAP keyservers:
-#      ldap://pgp.surfnet.nl:11370
-#
-# Regular URL syntax applies, and you can set an alternate port
-# through the usual method:
-#      hkp://keyserver.example.net:22742
-#
-# If you have problems connecting to a HKP server through a buggy http
-# proxy, you can use keyserver option broken-http-proxy (see below),
-# but first you should make sure that you have read the man page
-# regarding proxies (keyserver option honor-http-proxy)
-#
-# Most users just set the name and type of their preferred keyserver.
-# Note that most servers (with the notable exception of
-# ldap://keyserver.pgp.com) synchronize changes with each other.  Note
-# also that a single server name may actually point to multiple
-# servers via DNS round-robin.  hkp://keys.gnupg.net is an example of
-# such a "server", which spreads the load over a number of physical
-# servers.  To see the IP address of the server actually used, you may use
-# the "--keyserver-options debug".
-
-keyserver hkp://keys.gnupg.net
-#keyserver http://http-keys.gnupg.net
-#keyserver mailto:pgp-public-keys at keys.nl.pgp.net
 
 # Common options for keyserver functions:
+# (Note that the --keyserver option has been moved to dirmngr.conf)
 #
 # include-disabled = when searching, include keys marked as "disabled"
 #                    on the keyserver (not all keyservers support this).

-----------------------------------------------------------------------

Summary of changes:
 g10/Makefile.am       |  6 ++++-
 g10/dirmngr-conf.skel | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++
 g10/openfile.c        | 34 ++++++++++++++++------------
 g10/options.skel      | 32 +--------------------------
 4 files changed, 87 insertions(+), 46 deletions(-)
 create mode 100644 g10/dirmngr-conf.skel


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Oct  6 00:53:19 2015
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Tue, 06 Oct 2015 00:53:19 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.8-68-gce2a84b
Message-ID: <E1ZjEUd-0002Ri-NK@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  ce2a84b58833fd308d5fe11756721f39c953280a (commit)
      from  f3959f14b6c496c726bbca5230becb7b6844a234 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ce2a84b58833fd308d5fe11756721f39c953280a
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Tue Oct 6 02:05:04 2015 +0900

    agent: Fix non-allocation for pinentry_loopback.
    
    * agent/call-pinentry.c (agent_get_passphrase): Don't allocate, it will
    be allocated by pinentry_loopback.

diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c
index 9845a03..0140387 100644
--- a/agent/call-pinentry.c
+++ b/agent/call-pinentry.c
@@ -1063,12 +1063,10 @@ agent_get_passphrase (ctrl_t ctrl,
         {
 	  size_t size;
 	  size_t len = ASSUAN_LINELENGTH/2;
-	  unsigned char *buffer = gcry_malloc_secure (len);
+	  unsigned char *buffer;
 
 	  rc = pinentry_loopback(ctrl, "PASSPHRASE", &buffer, &size, len);
-	  if (rc)
-	    xfree(buffer);
-	  else
+	  if (!rc)
 	    {
 	      buffer[size] = 0;
 	      *retpass = buffer;

-----------------------------------------------------------------------

Summary of changes:
 agent/call-pinentry.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Oct  6 08:14:16 2015
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Tue, 06 Oct 2015 08:14:16 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.8-69-g4a5bd17
Message-ID: <E1ZjLNL-00042V-Fl@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  4a5bd1720f5a3dbb26f5daeb03725cae29be7e24 (commit)
      from  ce2a84b58833fd308d5fe11756721f39c953280a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 4a5bd1720f5a3dbb26f5daeb03725cae29be7e24
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Tue Oct 6 15:10:25 2015 +0900

    agent: Fix verification of signature for smartcard.
    
    * agent/pksign.c (agent_pksign_do): Use public key smartcard.
    
    --
    
    Since gcry_pk_verify can't handle shadowed private key, public
    key SEXP should be prepared for smartcard.

diff --git a/agent/pksign.c b/agent/pksign.c
index 243c49d..e079c3f 100644
--- a/agent/pksign.c
+++ b/agent/pksign.c
@@ -291,6 +291,7 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
 {
   gcry_sexp_t s_skey = NULL, s_sig = NULL;
   gcry_sexp_t s_hash = NULL;
+  gcry_sexp_t s_pkey = NULL;
   unsigned char *shadow_info = NULL;
   unsigned int rc = 0;		/* FIXME: gpg-error? */
   const unsigned char *data;
@@ -331,6 +332,13 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
       int is_ECDSA = 0;
       int is_EdDSA = 0;
 
+      rc = agent_public_key_from_file (ctrl, ctrl->keygrip, &s_pkey);
+      if (rc)
+        {
+          log_error ("failed to read the public key\n");
+          goto leave;
+        }
+
       if (agent_is_eddsa_key (s_skey))
         is_EdDSA = 1;
       else
@@ -497,7 +505,7 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
                                ctrl->digest.raw_value);
         }
 
-      rc = gcry_pk_verify (s_sig, s_hash, s_skey);
+      rc = gcry_pk_verify (s_sig, s_hash, s_pkey? s_pkey: s_skey);
 
       if (rc)
         {
@@ -512,6 +520,7 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
 
   *signature_sexp = s_sig;
 
+  gcry_sexp_release (s_pkey);
   gcry_sexp_release (s_skey);
   gcry_sexp_release (s_hash);
   xfree (shadow_info);

-----------------------------------------------------------------------

Summary of changes:
 agent/pksign.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Oct  6 09:47:51 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 06 Oct 2015 09:47:51 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.8-70-g625e292
Message-ID: <E1ZjMpv-0007je-OZ@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  625e292108cc0fd9077769587a8c22abe7805e33 (commit)
      from  4a5bd1720f5a3dbb26f5daeb03725cae29be7e24 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 625e292108cc0fd9077769587a8c22abe7805e33
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Oct 6 09:40:57 2015 +0200

    gpg: Fail decryption for AES etc message w/o MDC.
    
    * g10/mainproc.c (proc_encrypted): Fail for modern messages w/o MDC.
    --
    
    This change turns the missing MDC warning into an error if the message
    has been encrypted using a cipher with a non-64 bit block length cipher
    and it is not Twofish.
    
    We can assume that such messages are created by code which should have
    been able to create MDC packets.  AES was introduced with 1.0.3 on
    2000-09-18 shortly after MDC (1.0.2 on 2000-07-12).  We need to
    exclude Twofish because that might have been used before MDC.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/mainproc.c b/g10/mainproc.c
index f7b7c6b..9f02b15 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -607,6 +607,22 @@ proc_encrypted (CTX c, PACKET *pkt)
 
   if (result == -1)
     ;
+  else if (!result
+           && !opt.ignore_mdc_error
+           && !pkt->pkt.encrypted->mdc_method
+           && openpgp_cipher_get_algo_blklen (c->dek->algo) != 8
+           && c->dek->algo != CIPHER_ALGO_TWOFISH)
+    {
+      /* The message has been decrypted but has no MDC despite that a
+         modern cipher (blocklength != 64 bit, except for Twofish) is
+         used and the option to ignore MDC errors is not used: To
+         avoid attacks changing an MDC message to a non-MDC message,
+         we fail here.  */
+      log_error (_("WARNING: message was not integrity protected\n"));
+      if (opt.verbose > 1)
+        log_info ("decryption forced to fail\n");
+      write_status (STATUS_DECRYPTION_FAILED);
+    }
   else if (!result || (gpg_err_code (result) == GPG_ERR_BAD_SIGNATURE
                        && opt.ignore_mdc_error))
     {

-----------------------------------------------------------------------

Summary of changes:
 g10/mainproc.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Oct  6 13:15:23 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 06 Oct 2015 13:15:23 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.8-72-gd5b4b4d
Message-ID: <E1ZjQ4l-0008T0-3l@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  d5b4b4d9c16cb42331aa379755038fd5abf0f2d0 (commit)
       via  9db6547a00cded92c00c8f8382b1b605be1027d2 (commit)
      from  625e292108cc0fd9077769587a8c22abe7805e33 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit d5b4b4d9c16cb42331aa379755038fd5abf0f2d0
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Oct 6 13:11:12 2015 +0200

    po: Typo fix in German translation.
    
    --

diff --git a/po/de.po b/po/de.po
index 279377a..eadc7b9 100644
--- a/po/de.po
+++ b/po/de.po
@@ -9,7 +9,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: gnupg-2.1.0\n"
 "Report-Msgid-Bugs-To: translations at gnupg.org\n"
-"PO-Revision-Date: 2015-10-05 11:17+0200\n"
+"PO-Revision-Date: 2015-10-06 12:50+0200\n"
 "Last-Translator: Werner Koch <wk at gnupg.org>\n"
 "Language-Team: German <de at li.org>\n"
 "Language: de\n"
@@ -5227,7 +5227,7 @@ msgstr "trustdb Transaktion zu gro?\n"
 
 #, c-format
 msgid "can't access '%s': %s\n"
-msgstr "kann aus `%s' nicht zugreifen: %s\n"
+msgstr "kann auf `%s' nicht zugreifen: %s\n"
 
 #, c-format
 msgid "%s: directory does not exist!\n"

commit 9db6547a00cded92c00c8f8382b1b605be1027d2
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Oct 6 13:10:26 2015 +0200

    dirmngr: Do tilde expansion for --hkp-cacert.
    
    * dirmngr/dirmngr.c (parse_rereadable_options): Do tilde expansion and
    check for cert file existance in option --hkp-cacert.
    --
    
    GnuPG-bug-id: 2120
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index 847a65d..a32040e 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -580,7 +580,20 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
     case oMaxReplies: opt.max_replies = pargs->r.ret_int; break;
 
     case oHkpCaCert:
-      http_register_tls_ca (pargs->r.ret_str);
+      {
+        char *tmpname;
+
+        /* Do tilde expansion and print a warning if the file can't be
+           accessed.  */
+        tmpname = make_absfilename_try (pargs->r.ret_str, NULL);
+        if (!tmpname || access (tmpname, F_OK))
+          log_info (_("can't access '%s': %s\n"),
+                    tmpname? tmpname : pargs->r.ret_str,
+                    gpg_strerror (gpg_error_from_syserror()));
+        else
+          http_register_tls_ca (tmpname);
+        xfree (tmpname);
+      }
       break;
 
     case oIgnoreCertExtension:
diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
index a5bcc73..18e8189 100644
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@@ -433,7 +433,7 @@ Use the root certificates in @var{file} for verification of the TLS
 certificates used with @code{hkps} (keyserver access over TLS).  If
 the file is in PEM format a suffix of @code{.pem} is expected for
 @var{file}.  This option may be given multiple times to add more
-root certificates.
+root certificates.  Tilde expansion is supported.
 
 @end table
 
diff --git a/g10/dirmngr-conf.skel b/g10/dirmngr-conf.skel
index 0888fb7..8857843 100644
--- a/g10/dirmngr-conf.skel
+++ b/g10/dirmngr-conf.skel
@@ -56,6 +56,6 @@ keyserver hkp://keys.gnupg.net
 # used for the connection.  Enter the full name of a file with the
 # root certificates here.  If that file is in PEM format a ".pem"
 # suffix is expected.  This option may be given multiple times to add
-# more root certificates.
+# more root certificates.  Tilde expansion is supported.
 
 #hkp-cacert /path/to/CA/sks-keyservers.netCA.pem

-----------------------------------------------------------------------

Summary of changes:
 dirmngr/dirmngr.c     | 15 ++++++++++++++-
 doc/dirmngr.texi      |  2 +-
 g10/dirmngr-conf.skel |  2 +-
 po/de.po              |  4 ++--
 4 files changed, 18 insertions(+), 5 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Oct  6 13:59:12 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 06 Oct 2015 13:59:12 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.8-73-g7faf45e
Message-ID: <E1ZjQl9-0001yT-8i@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  7faf45effcd47d2d04d35090a1e01a1dbb99ec70 (commit)
      from  d5b4b4d9c16cb42331aa379755038fd5abf0f2d0 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 7faf45effcd47d2d04d35090a1e01a1dbb99ec70
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Oct 6 13:55:38 2015 +0200

    dirmngr: Make commands RELOADDIRMNGR and KILLDIRMNGR work properly.
    
    * dirmngr/server.c (cmd_killdirmngr): Set assuan close flag.
    (cmd_reloaddirmngr): Use check_owner_permission.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/dirmngr/server.c b/dirmngr/server.c
index 5400a98..63a5cd8 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -2120,6 +2120,7 @@ cmd_killdirmngr (assuan_context_t ctx, char *line)
   if (!err)
     {
       ctrl->server_local->stopme = 1;
+      assuan_set_flag (ctx, ASSUAN_FORCE_CLOSE, 1);
       err = gpg_error (GPG_ERR_EOF);
     }
   return err;
@@ -2141,14 +2142,12 @@ cmd_reloaddirmngr (assuan_context_t ctx, char *line)
     {
 #ifndef HAVE_W32_SYSTEM
       {
-        gpg_err_code_t ec;
-        assuan_peercred_t cred;
-
-        ec = gpg_err_code (assuan_get_peercred (ctx, &cred));
-        if (!ec && cred->uid)
-          ec = GPG_ERR_EPERM; /* Only root may terminate.  */
-        if (ec)
-          return set_error (ec, "no permission to reload this process");
+        gpg_error_t err;
+
+        err = check_owner_permission (ctx,
+                                      "no permission to reload this process");
+        if (err)
+          return err;
       }
 #endif
     }

-----------------------------------------------------------------------

Summary of changes:
 dirmngr/server.c | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Oct  6 20:03:46 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 06 Oct 2015 20:03:46 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.8-76-g264a81d
Message-ID: <E1ZjWRy-0008O3-Fh@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  264a81d82737369ee8beef771cf2bd2cd874320a (commit)
       via  211b8084ee4391baec35e8c5bd75a9ecbcb889a7 (commit)
       via  6cf80dc77ec5df3722924301ff4be2475966937b (commit)
      from  7faf45effcd47d2d04d35090a1e01a1dbb99ec70 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 264a81d82737369ee8beef771cf2bd2cd874320a
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Oct 6 19:59:56 2015 +0200

    dirmngr: Addlow fetching keys using OpenPGP DANE
    
    * dirmngr/server.c (cmd_dns_cert): Add option --dane.
    --
    
    This implements draft-ietf-dane-openpgpkey-05.txt
    To test this use
    
      $ gpg-connect-agent --dirmngr
      > /hex
      > dns_cert --dane wk at gnupg.org
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/dirmngr/server.c b/dirmngr/server.c
index 63a5cd8..bfcdd57 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -643,6 +643,7 @@ option_handler (assuan_context_t ctx, const char *key, const char *value)
 static const char hlp_dns_cert[] =
   "DNS_CERT <subtype> <name>\n"
   "DNS_CERT --pka <user_id>\n"
+  "DNS_CERT --dane <user_id>\n"
   "\n"
   "Return the CERT record for <name>.  <subtype> is one of\n"
   "  *     Return the first record of any supported subtype\n"
@@ -650,13 +651,14 @@ static const char hlp_dns_cert[] =
   "  IPGP  Return the first record of subtype IPGP (6)\n"
   "If the content of a certifciate is available (PGP) it is returned\n"
   "by data lines.  Fingerprints and URLs are returned via status lines.\n"
-  "In --pka mode the fingerprint and if available an URL is returned.";
+  "In --pka mode the fingerprint and if available an URL is returned.\n"
+  "In --dane mode the key is returned from RR type 61";
 static gpg_error_t
 cmd_dns_cert (assuan_context_t ctx, char *line)
 {
   /* ctrl_t ctrl = assuan_get_pointer (ctx); */
   gpg_error_t err = 0;
-  int pka_mode;
+  int pka_mode, dane_mode;
   char *mbox = NULL;
   char *namebuf = NULL;
   char *encodedhash = NULL;
@@ -670,8 +672,16 @@ cmd_dns_cert (assuan_context_t ctx, char *line)
   char *url = NULL;
 
   pka_mode = has_option (line, "--pka");
+  dane_mode = has_option (line, "--dane");
   line = skip_options (line);
-  if (pka_mode)
+
+  if (pka_mode && dane_mode)
+    {
+      err = PARM_ERROR ("either --pka or --dane may be given");
+      goto leave;
+    }
+
+  if (pka_mode || dane_mode)
     ; /* No need to parse here - we do this later.  */
   else
     {
@@ -709,11 +719,14 @@ cmd_dns_cert (assuan_context_t ctx, char *line)
       goto leave;
     }
 
-  if (pka_mode)
+  if (pka_mode || dane_mode)
     {
-      char *domain;  /* Points to mbox.  */
-      char hashbuf[20];
+      char *domain;     /* Points to mbox.  */
+      char hashbuf[32]; /* For SHA-1 and SHA-256. */
 
+      /* We lowercase ascii characters but the DANE I-D does not allow
+         this.  FIXME: Check after the release of the RFC whether to
+         change this.  */
       mbox = mailbox_from_userid (line);
       if (!mbox || !(domain = strchr (mbox, '@')))
         {
@@ -722,21 +735,45 @@ cmd_dns_cert (assuan_context_t ctx, char *line)
         }
       *domain++ = 0;
 
-      gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf, mbox, strlen (mbox));
-      encodedhash = zb32_encode (hashbuf, 8*20);
-      if (!encodedhash)
+      if (pka_mode)
         {
-          err = gpg_error_from_syserror ();
-          goto leave;
+          gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf, mbox, strlen (mbox));
+          encodedhash = zb32_encode (hashbuf, 8*20);
+          if (!encodedhash)
+            {
+              err = gpg_error_from_syserror ();
+              goto leave;
+            }
+          namebuf = strconcat (encodedhash, "._pka.", domain, NULL);
+          if (!namebuf)
+            {
+              err = gpg_error_from_syserror ();
+              goto leave;
+            }
+          name = namebuf;
+          certtype = DNS_CERTTYPE_IPGP;
         }
-      namebuf = strconcat (encodedhash, "._pka.", domain, NULL);
-      if (!namebuf)
+      else
         {
-          err = gpg_error_from_syserror ();
-          goto leave;
+          /* Note: The hash is truncated to 28 bytes and we lowercase
+             the result only for aesthetic reasons.  */
+          gcry_md_hash_buffer (GCRY_MD_SHA256, hashbuf, mbox, strlen (mbox));
+          encodedhash = bin2hex (hashbuf, 28, NULL);
+          if (!encodedhash)
+            {
+              err = gpg_error_from_syserror ();
+              goto leave;
+            }
+          ascii_strlwr (encodedhash);
+          namebuf = strconcat (encodedhash, "._openpgpkey.", domain, NULL);
+          if (!namebuf)
+            {
+              err = gpg_error_from_syserror ();
+              goto leave;
+            }
+          name = namebuf;
+          certtype = DNS_CERTTYPE_RR61;
         }
-      name = namebuf;
-      certtype = DNS_CERTTYPE_IPGP;
     }
   else
     name = line;

commit 211b8084ee4391baec35e8c5bd75a9ecbcb889a7
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Oct 6 19:57:00 2015 +0200

    dirmngr: Improve DNS code to retrieve arbitrary records.
    
    * dirmngr/dns-cert.c (get_dns_cert): Add hack to retrieve arbitrary
    resource records.
    * dirmngr/dns-cert.h (DNS_CERTTYPE_RRBASE): New.
    (DNS_CERTTYPE_RR61): New.
    --
    
    This has been tested with ADNS on Unix and with the standard
    resolver.  Because ADNS works it should also work on Windows.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/dirmngr/dns-cert.c b/dirmngr/dns-cert.c
index 03c1de1..3845a4b 100644
--- a/dirmngr/dns-cert.c
+++ b/dirmngr/dns-cert.c
@@ -99,7 +99,11 @@ get_dns_cert (const char *name, int want_certtype,
       return err;
     }
 
-  if (adns_synchronous (state, name, (adns_r_unknown | my_adns_r_cert),
+  if (adns_synchronous (state, name,
+                        (adns_r_unknown
+                         | (want_certtype < DNS_CERTTYPE_RRBASE
+                            ? my_adns_r_cert
+                            : (want_certtype - DNS_CERTTYPE_RRBASE))),
                         adns_qf_quoteok_query, &answer))
     {
       err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
@@ -122,6 +126,26 @@ get_dns_cert (const char *name, int want_certtype,
       int datalen = answer->rrs.byteblock[count].len;
       const unsigned char *data = answer->rrs.byteblock[count].data;
 
+      /* First check for our generic RR hack.  */
+      if (datalen
+          && want_certtype >= DNS_CERTTYPE_RRBASE
+          && ((want_certtype - DNS_CERTTYPE_RRBASE)
+              == (answer->type & ~adns_r_unknown)))
+        {
+          /* Found the requested record - return it.  */
+          *r_key = xtrymalloc (datalen);
+          if (!*r_key)
+            err = gpg_err_make (default_errsource,
+                                gpg_err_code_from_syserror ());
+          else
+            {
+              memcpy (*r_key, data, datalen);
+              *r_keylen = datalen;
+              err = 0;
+            }
+          goto leave;
+        }
+
       if (datalen < 5)
         continue;  /* Truncated CERT record - skip.  */
 
@@ -219,7 +243,11 @@ get_dns_cert (const char *name, int want_certtype,
 
   err = gpg_err_make (default_errsource, GPG_ERR_NOT_FOUND);
 
-  r = res_query (name, C_IN, T_CERT, answer, 65536);
+  r = res_query (name, C_IN,
+                 (want_certtype < DNS_CERTTYPE_RRBASE
+                  ? T_CERT
+                  : (want_certtype - DNS_CERTTYPE_RRBASE)),
+                 answer, 65536);
   /* Not too big, not too small, no errors and at least 1 answer. */
   if (r >= sizeof (HEADER) && r <= 65536
       && (((HEADER *) answer)->rcode) == NOERROR
@@ -283,7 +311,28 @@ get_dns_cert (const char *name, int want_certtype,
           pt += 2;
 
           /* Check the type and parse.  */
-          if (type == T_CERT)
+          if (want_certtype >= DNS_CERTTYPE_RRBASE
+              && type == (want_certtype - DNS_CERTTYPE_RRBASE)
+              && r_key)
+            {
+              *r_key = xtrymalloc (dlen);
+              if (!*r_key)
+                err = gpg_err_make (default_errsource,
+                                    gpg_err_code_from_syserror ());
+              else
+                {
+                  memcpy (*r_key, pt, dlen);
+                  *r_keylen = dlen;
+                  err = 0;
+                }
+              goto leave;
+            }
+          else if (want_certtype >= DNS_CERTTYPE_RRBASE)
+            {
+              /* We did not found the requested RR.  */
+              pt += dlen;
+            }
+          else if (type == T_CERT)
             {
               /* We got a CERT type.   */
               ctype = buf16_to_u16 (pt);
diff --git a/dirmngr/dns-cert.h b/dirmngr/dns-cert.h
index 5a579ec..9dbc58c 100644
--- a/dirmngr/dns-cert.h
+++ b/dirmngr/dns-cert.h
@@ -43,7 +43,9 @@
 #define DNS_CERTTYPE_IACPKIX   8 /* The URL of an Attribute Certificate.  */
 #define DNS_CERTTYPE_URI     253 /* URI private.  */
 #define DNS_CERTTYPE_OID     254 /* OID private.  */
-
+/* Hacks for our implementation.  */
+#define DNS_CERTTYPE_RRBASE 1024 /* Base of special constants.  */
+#define DNS_CERTTYPE_RR61   (DNS_CERTTYPE_RRBASE + 61)
 
 gpg_error_t get_dns_cert (const char *name, int want_certtype,
                           void **r_key, size_t *r_keylen,

commit 6cf80dc77ec5df3722924301ff4be2475966937b
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Oct 6 17:34:13 2015 +0200

    dirmngr: Change DNS code to make additions easier.
    
    * dirmngr/dns-cert.c (get_dns_cert) [!USE_ADNS]: Change loop to allow
    adding more resource types.

diff --git a/dirmngr/dns-cert.c b/dirmngr/dns-cert.c
index de523b5..03c1de1 100644
--- a/dirmngr/dns-cert.c
+++ b/dirmngr/dns-cert.c
@@ -53,7 +53,7 @@
 /* Not every installation has gotten around to supporting CERTs
    yet... */
 #ifndef T_CERT
-#define T_CERT 37
+# define T_CERT 37
 #endif
 
 /* ADNS has no support for CERT yet. */
@@ -69,7 +69,7 @@
    string and returned at R_URL.  If WANT_CERTTYPE is 0 this function
    returns the first CERT found with a supported type; it is expected
    that only one CERT record is used.  If WANT_CERTTYPE is one of the
-   supported certtypes only records wih this certtype are considered
+   supported certtypes only records with this certtype are considered
    and the first found is returned.  (R_KEY,R_KEYLEN) are optional. */
 gpg_error_t
 get_dns_cert (const char *name, int want_certtype,
@@ -282,83 +282,85 @@ get_dns_cert (const char *name, int want_certtype,
           dlen = buf16_to_u16 (pt);
           pt += 2;
 
-          /* We asked for CERT and got something else - might be a
-             CNAME, so loop around again. */
-          if (type != T_CERT)
+          /* Check the type and parse.  */
+          if (type == T_CERT)
             {
-              pt += dlen;
-              continue;
-            }
-
-          /* The CERT type */
-          ctype = buf16_to_u16 (pt);
-          pt += 2;
+              /* We got a CERT type.   */
+              ctype = buf16_to_u16 (pt);
+              pt += 2;
 
-          /* Skip the CERT key tag and algo which we don't need. */
-          pt += 3;
+              /* Skip the CERT key tag and algo which we don't need. */
+              pt += 3;
 
-          dlen -= 5;
+              dlen -= 5;
 
-          /* 15 bytes takes us to here */
-          if (want_certtype && want_certtype != ctype)
-            ; /* Not of the requested certtype.  */
-          else if (ctype == DNS_CERTTYPE_PGP && dlen && r_key && r_keylen)
-            {
-              /* PGP type */
-              *r_key = xtrymalloc (dlen);
-              if (!*r_key)
-                err = gpg_err_make (default_errsource,
-                                    gpg_err_code_from_syserror ());
-              else
+              /* 15 bytes takes us to here */
+              if (want_certtype && want_certtype != ctype)
+                ; /* Not of the requested certtype.  */
+              else if (ctype == DNS_CERTTYPE_PGP && dlen && r_key && r_keylen)
                 {
-                  memcpy (*r_key, pt, dlen);
-                  *r_keylen = dlen;
-                  err = 0;
+                  /* PGP type */
+                  *r_key = xtrymalloc (dlen);
+                  if (!*r_key)
+                    err = gpg_err_make (default_errsource,
+                                        gpg_err_code_from_syserror ());
+                  else
+                    {
+                      memcpy (*r_key, pt, dlen);
+                      *r_keylen = dlen;
+                      err = 0;
+                    }
+                  goto leave;
                 }
-              goto leave;
-            }
-          else if (ctype == DNS_CERTTYPE_IPGP
-                   && dlen && dlen < 1023 && dlen >= pt[0] + 1)
-            {
-              /* IPGP type */
-              *r_fprlen = pt[0];
-              if (*r_fprlen)
+              else if (ctype == DNS_CERTTYPE_IPGP
+                       && dlen && dlen < 1023 && dlen >= pt[0] + 1)
                 {
-                  *r_fpr = xtrymalloc (*r_fprlen);
-                  if (!*r_fpr)
+                  /* IPGP type */
+                  *r_fprlen = pt[0];
+                  if (*r_fprlen)
                     {
-                      err = gpg_err_make (default_errsource,
-                                          gpg_err_code_from_syserror ());
-                      goto leave;
+                      *r_fpr = xtrymalloc (*r_fprlen);
+                      if (!*r_fpr)
+                        {
+                          err = gpg_err_make (default_errsource,
+                                              gpg_err_code_from_syserror ());
+                          goto leave;
+                        }
+                      memcpy (*r_fpr, &pt[1], *r_fprlen);
                     }
-                  memcpy (*r_fpr, &pt[1], *r_fprlen);
-                }
-              else
-                *r_fpr = NULL;
+                  else
+                    *r_fpr = NULL;
 
-              if (dlen > *r_fprlen + 1)
-                {
-                  *r_url = xtrymalloc (dlen - (*r_fprlen + 1) + 1);
-                  if (!*r_fpr)
+                  if (dlen > *r_fprlen + 1)
                     {
-                      err = gpg_err_make (default_errsource,
-                                          gpg_err_code_from_syserror ());
-                      xfree (*r_fpr);
-                      *r_fpr = NULL;
-                      goto leave;
+                      *r_url = xtrymalloc (dlen - (*r_fprlen + 1) + 1);
+                      if (!*r_fpr)
+                        {
+                          err = gpg_err_make (default_errsource,
+                                              gpg_err_code_from_syserror ());
+                          xfree (*r_fpr);
+                          *r_fpr = NULL;
+                          goto leave;
+                        }
+                      memcpy (*r_url, &pt[*r_fprlen + 1],
+                              dlen - (*r_fprlen + 1));
+                      (*r_url)[dlen - (*r_fprlen + 1)] = '\0';
                     }
-                  memcpy (*r_url, &pt[*r_fprlen + 1], dlen - (*r_fprlen + 1));
-                  (*r_url)[dlen - (*r_fprlen + 1)] = '\0';
+                  else
+                    *r_url = NULL;
+
+                  err = 0;
+                  goto leave;
                 }
-              else
-                *r_url = NULL;
 
-              err = 0;
-              goto leave;
+              /* No subtype matches, so continue with the next answer. */
+              pt += dlen;
+            }
+          else
+            {
+              /* Not a requested type - might be a CNAME. Try next item.  */
+              pt += dlen;
             }
-
-          /* Neither type matches, so go around to the next answer. */
-          pt += dlen;
         }
     }
 

-----------------------------------------------------------------------

Summary of changes:
 dirmngr/dns-cert.c | 165 +++++++++++++++++++++++++++++++++++------------------
 dirmngr/dns-cert.h |   4 +-
 dirmngr/server.c   |  71 +++++++++++++++++------
 3 files changed, 165 insertions(+), 75 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Oct  6 20:35:38 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 06 Oct 2015 20:35:38 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.8-77-g9ac31f9
Message-ID: <E1ZjWwn-0001Pq-7g@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  9ac31f91b10059474da1c9580fb99e94278d4c11 (commit)
      from  264a81d82737369ee8beef771cf2bd2cd874320a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 9ac31f91b10059474da1c9580fb99e94278d4c11
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Oct 6 20:31:43 2015 +0200

    gpg: Add new --auto-key-locate mechanism "dane".
    
    * g10/call-dirmngr.c (gpg_dirmngr_dns_cert): Allow fetching via DANE.
    * g10/keyserver.c (keyserver_import_cert): Add arg "dane_mode".
    * g10/options.h (AKL_DANE): New.
    * g10/getkey.c (get_pubkey_byname): Implement AKL_DANE.
    (parse_auto_key_locate): Ditto.
    --
    
    To test this use
    
      gpg --auto-key-locate clear,dane,local --locate-key -v wk at gnupg.org
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/doc/gpg.texi b/doc/gpg.texi
index 7d78e9e..980d326 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1463,6 +1463,10 @@ mechanisms, in the order they are to be tried:
   @item pka
   Locate a key using DNS PKA.
 
+  @item dane
+  Locate a key using DANE, as specified
+  in draft-ietf-dane-openpgpkey-05.txt.
+
   @item ldap
   Using DNS Service Discovery, check the domain in question for any LDAP
   keyservers to use.  If this fails, attempt to locate the key using the
diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c
index 75cd51d..10dcb20 100644
--- a/g10/call-dirmngr.c
+++ b/g10/call-dirmngr.c
@@ -1103,7 +1103,10 @@ dns_cert_status_cb (void *opaque, const char *line)
    CERT record found with a supported type; it is expected that only
    one CERT record is used.  If CERTTYPE is one of the supported
    certtypes, only records with this certtype are considered and the
-   first one found is returned.  All R_* args are optional. */
+   first one found is returned.  All R_* args are optional.
+
+   If CERTTYPE is NULL the DANE method is used to fetch the key.
+ */
 gpg_error_t
 gpg_dirmngr_dns_cert (ctrl_t ctrl, const char *name, const char *certtype,
                       estream_t *r_key,
@@ -1129,7 +1132,7 @@ gpg_dirmngr_dns_cert (ctrl_t ctrl, const char *name, const char *certtype,
   if (err)
     return err;
 
-  line = es_bsprintf ("DNS_CERT %s %s", certtype, name);
+  line = es_bsprintf ("DNS_CERT %s %s", certtype? certtype : "--dane", name);
   if (!line)
     {
       err = gpg_error_from_syserror ();
diff --git a/g10/getkey.c b/g10/getkey.c
index ba29c3d..a5f5689 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -898,7 +898,7 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
 	    case AKL_CERT:
 	      mechanism = "DNS CERT";
 	      glo_ctrl.in_auto_key_retrieve++;
-	      rc = keyserver_import_cert (ctrl, name, &fpr, &fpr_len);
+	      rc = keyserver_import_cert (ctrl, name, 0, &fpr, &fpr_len);
 	      glo_ctrl.in_auto_key_retrieve--;
 	      break;
 
@@ -909,6 +909,13 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
 	      glo_ctrl.in_auto_key_retrieve--;
 	      break;
 
+	    case AKL_DANE:
+	      mechanism = "DANE";
+	      glo_ctrl.in_auto_key_retrieve++;
+	      rc = keyserver_import_cert (ctrl, name, 1, &fpr, &fpr_len);
+	      glo_ctrl.in_auto_key_retrieve--;
+	      break;
+
 	    case AKL_LDAP:
 	      mechanism = "LDAP";
 	      glo_ctrl.in_auto_key_retrieve++;
@@ -3060,6 +3067,8 @@ parse_auto_key_locate (char *options)
 #endif
       else if (ascii_strcasecmp (tok, "pka") == 0)
 	akl->type = AKL_PKA;
+      else if (ascii_strcasecmp (tok, "dane") == 0)
+	akl->type = AKL_DANE;
       else if ((akl->spec = parse_keyserver_uri (tok, 1)))
 	akl->type = AKL_SPEC;
       else
diff --git a/g10/keyserver-internal.h b/g10/keyserver-internal.h
index beaa13c..676b4db 100644
--- a/g10/keyserver-internal.h
+++ b/g10/keyserver-internal.h
@@ -40,7 +40,7 @@ int keyserver_import_keyid (ctrl_t ctrl, u32 *keyid,
 gpg_error_t keyserver_refresh (ctrl_t ctrl, strlist_t users);
 gpg_error_t keyserver_search (ctrl_t ctrl, strlist_t tokens);
 int keyserver_fetch (ctrl_t ctrl, strlist_t urilist);
-int keyserver_import_cert (ctrl_t ctrl, const char *name,
+int keyserver_import_cert (ctrl_t ctrl, const char *name, int dane_mode,
                            unsigned char **fpr,size_t *fpr_len);
 gpg_error_t keyserver_import_pka (ctrl_t ctrl, const char *name,
                                   unsigned char **fpr,size_t *fpr_len);
diff --git a/g10/keyserver.c b/g10/keyserver.c
index e20c16b..a6257e5 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -1881,30 +1881,34 @@ keyserver_fetch (ctrl_t ctrl, strlist_t urilist)
 }
 
 
-/* Import key in a CERT or pointed to by a CERT */
+/* Import key in a CERT or pointed to by a CERT.  In DANE_MODE fetch
+   the certificate using the DANE method.  */
 int
-keyserver_import_cert (ctrl_t ctrl,
-                       const char *name,unsigned char **fpr,size_t *fpr_len)
+keyserver_import_cert (ctrl_t ctrl, const char *name, int dane_mode,
+                       unsigned char **fpr,size_t *fpr_len)
 {
   gpg_error_t err;
-  char *domain,*look,*url;
+  char *look,*url;
   estream_t key;
 
+  look = xstrdup(name);
 
-  look=xstrdup(name);
-
-  domain=strrchr(look,'@');
-  if(domain)
-    *domain='.';
+  if (!dane_mode)
+    {
+      char *domain = strrchr (look,'@');
+      if (domain)
+        *domain='.';
+    }
 
-  err = gpg_dirmngr_dns_cert (ctrl, look, "*", &key, fpr, fpr_len, &url);
+  err = gpg_dirmngr_dns_cert (ctrl, look, dane_mode? NULL : "*",
+                              &key, fpr, fpr_len, &url);
   if (err)
     ;
   else if (key)
     {
       int armor_status=opt.no_armor;
 
-      /* CERTs are always in binary format */
+      /* CERTs and DANE records are always in binary format */
       opt.no_armor=1;
 
       err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len,
diff --git a/g10/options.h b/g10/options.h
index fd2f4a2..f5b23dd 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -240,6 +240,7 @@ struct
       AKL_LOCAL,
       AKL_CERT,
       AKL_PKA,
+      AKL_DANE,
       AKL_LDAP,
       AKL_KEYSERVER,
       AKL_SPEC

-----------------------------------------------------------------------

Summary of changes:
 doc/gpg.texi             |  4 ++++
 g10/call-dirmngr.c       |  7 +++++--
 g10/getkey.c             | 11 ++++++++++-
 g10/keyserver-internal.h |  2 +-
 g10/keyserver.c          | 26 +++++++++++++++-----------
 g10/options.h            |  1 +
 6 files changed, 36 insertions(+), 15 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Oct  8 15:44:48 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 08 Oct 2015 15:44:48 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.8-81-gd7b8e76
Message-ID: <E1ZkBMR-00080f-Ey@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  d7b8e76f9930750d669405dee3108c9bc8e87b91 (commit)
       via  a2600e42f91aa7187f3d6ac74cfb5e4c22ed4a58 (commit)
       via  b6d621583fc9cbda6f9376a24f2f4cf11499a4fd (commit)
       via  a400958323d93036dca9c63135b167012ea64f8b (commit)
      from  9ac31f91b10059474da1c9580fb99e94278d4c11 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit d7b8e76f9930750d669405dee3108c9bc8e87b91
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Oct 8 15:04:45 2015 +0200

    gpg: Add option --print-dane-records.
    
    * g10/options.h (opt): Add field "print_dane_records".
    * g10/gpg.c (oPrintDANERecords): new.
    (opts): Add --print-dane-records.
    (main): Set that option.
    * g10/export.c (do_export): Remove EXPORT_DANE_FORMAT handling.
    (do_export_stream): Add EXPORT_DANE_FORMAT handling.
    * g10/keylist.c (list_keyblock_pka): Implement DANE record printing.
    
    * g10/gpgv.c (export_pubkey_buffer): New stub.
    * g10/test-stubs.c (export_pubkey_buffer): New stub.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/doc/gpg.texi b/doc/gpg.texi
index 980d326..35291a8 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -2039,6 +2039,13 @@ Modify the output of the list commands to print PKA records suitable
 to put into DNS zone files.  An ORIGIN line is printed before each
 record to allow diverting the records to the corresponding zone file.
 
+ at item --print-dane-records
+ at opindex print-dane-records
+Modify the output of the list commands to print OpenPGP DANE records
+suitable to put into DNS zone files.  An ORIGIN line is printed before
+each record to allow diverting the records to the corresponding zone
+file.
+
 @item --fixed-list-mode
 @opindex fixed-list-mode
 Do not merge primary user ID and primary key in @option{--with-colon}
diff --git a/g10/export.c b/g10/export.c
index 94a3256..2e9e61c 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -198,15 +198,11 @@ do_export (ctrl_t ctrl, strlist_t users, int secret, unsigned int options )
   if (rc)
     return rc;
 
-  /* We don't want an Armor for DANE format.  */
-  if (!(options & EXPORT_DANE_FORMAT))
+  if ( opt.armor )
     {
-      if ( opt.armor )
-        {
-          afx = new_armor_context ();
-          afx->what = secret? 5 : 1;
-          push_armor_filter (afx, out);
-        }
+      afx = new_armor_context ();
+      afx->what = secret? 5 : 1;
+      push_armor_filter (afx, out);
     }
 
   rc = do_export_stream (ctrl, out, users, secret, NULL, options, &any );
@@ -776,6 +772,11 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
   init_packet (&pkt);
   kdbhd = keydb_new ();
 
+  /* For the DANE format override the options.  */
+  if ((options & EXPORT_DANE_FORMAT))
+    options = (EXPORT_DANE_FORMAT | EXPORT_MINIMAL | EXPORT_CLEAN);
+
+
   if (!users)
     {
       ndesc = 1;
diff --git a/g10/gpg.c b/g10/gpg.c
index 557eeec..39cc2e5 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -384,6 +384,7 @@ enum cmd_and_opt_values
     oFakedSystemTime,
     oNoAutostart,
     oPrintPKARecords,
+    oPrintDANERecords,
 
     oNoop
   };
@@ -716,6 +717,7 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oLegacyListMode, "legacy-list-mode", "@"),
   ARGPARSE_s_n (oListOnly, "list-only", "@"),
   ARGPARSE_s_n (oPrintPKARecords, "print-pka-records", "@"),
+  ARGPARSE_s_n (oPrintDANERecords, "print-dane-records", "@"),
   ARGPARSE_s_n (oIgnoreTimeConflict, "ignore-time-conflict", "@"),
   ARGPARSE_s_n (oIgnoreValidFrom,    "ignore-valid-from", "@"),
   ARGPARSE_s_n (oIgnoreCrcError, "ignore-crc-error", "@"),
@@ -2998,6 +3000,7 @@ main (int argc, char **argv)
 	  case oFixedListMode: /* Dummy */ break;
           case oLegacyListMode: opt.legacy_list_mode = 1; break;
 	  case oPrintPKARecords: opt.print_pka_records = 1; break;
+	  case oPrintDANERecords: opt.print_dane_records = 1; break;
 	  case oListOnly: opt.list_only=1; break;
 	  case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break;
 	  case oIgnoreValidFrom: opt.ignore_valid_from = 1; break;
diff --git a/g10/gpgv.c b/g10/gpgv.c
index 412f4be..8bb3fc4 100644
--- a/g10/gpgv.c
+++ b/g10/gpgv.c
@@ -592,3 +592,17 @@ gpg_dirmngr_get_pka (ctrl_t ctrl, const char *userid,
     *r_url = NULL;
   return gpg_error (GPG_ERR_NOT_FOUND);
 }
+
+gpg_error_t
+export_pubkey_buffer (ctrl_t ctrl, const char *keyspec, unsigned int options,
+                      kbnode_t *r_keyblock, void **r_data, size_t *r_datalen)
+{
+  (void)ctrl;
+  (void)keyspec;
+  (void)options;
+
+  *r_keyblock = NULL;
+  *r_data = NULL;
+  *r_datalen = 0;
+  return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+}
diff --git a/g10/keylist.c b/g10/keylist.c
index 192ced7..3814f1c 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -847,6 +847,9 @@ list_keyblock_pka (ctrl_t ctrl, kbnode_t keyblock)
   PKT_public_key *pk;
   char pkstrbuf[PUBKEY_STRING_SIZE];
   char *hexfpr;
+  char *hexkeyblock = NULL;
+  unsigned int hexkeyblocklen;
+  const char *s;
 
   /* Get the keyid from the keyblock.  */
   node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
@@ -859,11 +862,55 @@ list_keyblock_pka (ctrl_t ctrl, kbnode_t keyblock)
 
   pk = node->pkt->pkt.public_key;
 
-  es_fprintf (es_stdout, ";; pub  %s/%s %s\n;; ",
+  /* First print an overview of the key with all userids.  */
+  es_fprintf (es_stdout, ";; pub  %s/%s %s\n;;",
               pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
               keystr_from_pk (pk), datestr_from_pk (pk));
   print_fingerprint (NULL, pk, 10);
+  for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
+    {
+      if (node->pkt->pkttype == PKT_USER_ID)
+	{
+	  PKT_user_id *uid = node->pkt->pkt.user_id;
+
+	  if (pk && (uid->is_expired || uid->is_revoked)
+	      && !(opt.list_options & LIST_SHOW_UNUSABLE_UIDS))
+            continue;
+
+          es_fputs (";; uid  ", es_stdout);
+          print_utf8_buffer (es_stdout, uid->name, uid->len);
+          es_putc ('\n', es_stdout);
+        }
+    }
+
+
   hexfpr = hexfingerprint (pk);
+  if (opt.print_dane_records)
+    {
+      kbnode_t dummy_keyblock;
+      void *data;
+      size_t datalen;
+      gpg_error_t err;
+
+      /* We do not have an export fucntion which allows to pass a
+         keyblock, thus we need to search the key again.  */
+      err = export_pubkey_buffer (ctrl, hexfpr,
+                                  EXPORT_DANE_FORMAT,
+                                  &dummy_keyblock, &data, &datalen);
+      release_kbnode (dummy_keyblock);
+      if (!err)
+        {
+          hexkeyblocklen = datalen;
+          hexkeyblock = bin2hex (data, datalen, NULL);
+          if (!hexkeyblock)
+            err = gpg_error_from_syserror ();
+          xfree (data);
+          ascii_strlwr (hexkeyblock);
+        }
+      if (err)
+        log_error (_("skipped \"%s\": %s\n"), hexfpr, gpg_strerror (err));
+
+    }
 
   for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
     {
@@ -877,27 +924,57 @@ list_keyblock_pka (ctrl_t ctrl, kbnode_t keyblock)
 	      && !(opt.list_options & LIST_SHOW_UNUSABLE_UIDS))
             continue;
 
-          es_fputs (";; uid  ", es_stdout);
-          print_utf8_buffer (es_stdout, uid->name, uid->len);
-	  es_putc ('\n', es_stdout);
           mbox = mailbox_from_userid (uid->name);
           if (mbox && (p = strchr (mbox, '@')))
             {
-              char hashbuf[20];
+              char hashbuf[32];
               char *hash;
               unsigned int len;
 
               *p++ = 0;
-              es_fprintf (es_stdout, "$ORIGIN _pka.%s.\n", p);
-              gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf, mbox, strlen (mbox));
-              hash = zb32_encode (hashbuf, 8*20);
-              if (hash)
+              if (opt.print_pka_records)
                 {
-                  len = strlen (hexfpr)/2;
-                  es_fprintf (es_stdout,
-                              "%s TYPE37 \\# %u 0006 0000 00 %02X %s\n",
-                              hash, 6 + len, len, hexfpr);
-                  xfree (hash);
+                  es_fprintf (es_stdout, "$ORIGIN _pka.%s.\n; %s\n; ",
+                              p, hexfpr);
+                  print_utf8_buffer (es_stdout, uid->name, uid->len);
+                  es_putc ('\n', es_stdout);
+                  gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf,
+                                       mbox, strlen (mbox));
+                  hash = zb32_encode (hashbuf, 8*20);
+                  if (hash)
+                    {
+                      len = strlen (hexfpr)/2;
+                      es_fprintf (es_stdout,
+                                  "%s TYPE37 \\# %u 0006 0000 00 %02X %s\n",
+                                  hash, 6 + len, len, hexfpr);
+                      xfree (hash);
+                    }
+                }
+              if (opt.print_dane_records && hexkeyblock)
+                {
+                  es_fprintf (es_stdout, "$ORIGIN _openpgpkey.%s.\n; %s\n; ",
+                              p, hexfpr);
+                  print_utf8_buffer (es_stdout, uid->name, uid->len);
+                  es_putc ('\n', es_stdout);
+                  gcry_md_hash_buffer (GCRY_MD_SHA256, hashbuf,
+                                       mbox, strlen (mbox));
+                  hash = bin2hex (hashbuf, 28, NULL);
+                  if (hash)
+                    {
+                      ascii_strlwr (hash);
+                      es_fprintf (es_stdout, "%s TYPE61 \\# %u (\n",
+                                  hash, hexkeyblocklen);
+                      xfree (hash);
+                      s = hexkeyblock;
+                      for (;;)
+                        {
+                          es_fprintf (es_stdout, "\t%.64s\n", s);
+                          if (strlen (s) < 64)
+                            break;
+                          s += 64;
+                        }
+                      es_fputs ("\t)\n", es_stdout);
+                    }
                 }
             }
           xfree (mbox);
@@ -906,6 +983,7 @@ list_keyblock_pka (ctrl_t ctrl, kbnode_t keyblock)
     }
   es_putc ('\n', es_stdout);
 
+  xfree (hexkeyblock);
   xfree (hexfpr);
 }
 
@@ -1679,7 +1757,7 @@ list_keyblock (ctrl_t ctrl,
                struct keylist_context *listctx)
 {
   reorder_keyblock (keyblock);
-  if (opt.print_pka_records)
+  if (opt.print_pka_records || opt.print_dane_records)
     list_keyblock_pka (ctrl, keyblock);
   else if (opt.with_colons)
     list_keyblock_colon (keyblock, secret, has_secret, fpr);
diff --git a/g10/options.h b/g10/options.h
index 694c29f..d57ab5d 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -74,6 +74,7 @@ struct
   int fingerprint; /* list fingerprints */
   int list_sigs;   /* list signatures */
   int print_pka_records;
+  int print_dane_records;
   int no_armor;
   int list_packets; /* list-packets mode: 1=normal, 2=invoked by command*/
   int def_cipher_algo;
diff --git a/g10/test-stubs.c b/g10/test-stubs.c
index c6f6d68..f3155fd 100644
--- a/g10/test-stubs.c
+++ b/g10/test-stubs.c
@@ -411,3 +411,17 @@ gpg_dirmngr_get_pka (ctrl_t ctrl, const char *userid,
     *r_url = NULL;
   return gpg_error (GPG_ERR_NOT_FOUND);
 }
+
+gpg_error_t
+export_pubkey_buffer (ctrl_t ctrl, const char *keyspec, unsigned int options,
+                      kbnode_t *r_keyblock, void **r_data, size_t *r_datalen)
+{
+  (void)ctrl;
+  (void)keyspec;
+  (void)options;
+
+  *r_keyblock = NULL;
+  *r_data = NULL;
+  *r_datalen = 0;
+  return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+}

commit a2600e42f91aa7187f3d6ac74cfb5e4c22ed4a58
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Oct 8 14:58:26 2015 +0200

    Fix two unused/possible-uninitialized var warnings.
    
    --

diff --git a/common/mkdir_p.c b/common/mkdir_p.c
index 6a54600..53c3f0f 100644
--- a/common/mkdir_p.c
+++ b/common/mkdir_p.c
@@ -36,7 +36,7 @@ amkdir_p (char **directory_components)
   int count;
   char **dirs;
   int i;
-  int rc;
+  int rc = 0;
 
   for (count = 0; directory_components[count]; count ++)
     ;
diff --git a/g10/keyedit.c b/g10/keyedit.c
index 143c748..4803f9e 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -293,7 +293,6 @@ print_and_check_one_sig (KBNODE keyblock, KBNODE node,
         {
           PKT_public_key *pk = keyblock->pkt->pkt.public_key;
           const unsigned char *s;
-          u32 expire;
 
           s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PRIMARY_UID, NULL);
           if (s && *s)

commit b6d621583fc9cbda6f9376a24f2f4cf11499a4fd
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Oct 8 14:55:07 2015 +0200

    gpg: Pass CTRL parameter to all key listing functions.
    
    * g10/keylist.c (public_key_list): Add arg CTRL.
    (secret_key_list): Ditto.
    (list_all, list_one): Ditto.
    (locate_one): Ditto.
    (list_keyblock_pka): Ditto.
    (list_keyblock): Ditto.
    (list_keyblock_direct): Ditto.
    * g10/keygen.c (proc_parameter_file): Add arg CTRL.
    (read_parameter_file): Ditto.
    (quick_generate_keypair): Ditto.
    (do_generate_keypair): Ditto.
    (generate_keypair): Pass arg CTRL.
    * g10/gpg.c (main): Pass arg CTRL to quick_generate_keypair.
    --
    
    This will help use to implement the --server mode.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/gpg.c b/g10/gpg.c
index 9454b53..557eeec 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -3949,7 +3949,7 @@ main (int argc, char **argv)
         if (argc != 1 )
           wrong_args("--gen-key user-id");
         username = make_username (fname);
-        quick_generate_keypair (username);
+        quick_generate_keypair (ctrl, username);
         xfree (username);
         break;
 
diff --git a/g10/keygen.c b/g10/keygen.c
index dd37559..85bbe13 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -135,7 +135,7 @@ static byte zip_prefs[MAX_PREFS];
 static int nzip_prefs;
 static int mdc_available,ks_modify;
 
-static void do_generate_keypair( struct para_data_s *para,
+static void do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
 				 struct output_control_s *outctrl, int card );
 static int write_keyblock (iobuf_t out, kbnode_t node);
 static gpg_error_t gen_card_key (int algo, int keyno, int is_primary,
@@ -3036,7 +3036,7 @@ get_parameter_revkey( struct para_data_s *para, enum para_name key )
 }
 
 static int
-proc_parameter_file( struct para_data_s *para, const char *fname,
+proc_parameter_file (ctrl_t ctrl, struct para_data_s *para, const char *fname,
                      struct output_control_s *outctrl, int card )
 {
   struct para_data_s *r;
@@ -3222,7 +3222,7 @@ proc_parameter_file( struct para_data_s *para, const char *fname,
       append_to_parameter (para, r);
     }
 
-  do_generate_keypair( para, outctrl, card );
+  do_generate_keypair (ctrl, para, outctrl, card );
   return 0;
 }
 
@@ -3233,7 +3233,7 @@ proc_parameter_file( struct para_data_s *para, const char *fname,
  * Note, that string parameters are expected to be in UTF-8
  */
 static void
-read_parameter_file( const char *fname )
+read_parameter_file (ctrl_t ctrl, const char *fname )
 {
     static struct { const char *name;
 		    enum para_name key;
@@ -3328,7 +3328,7 @@ read_parameter_file( const char *fname )
                 outctrl.keygen_flags |= KEYGEN_FLAG_TRANSIENT_KEY;
 	    else if( !ascii_strcasecmp( keyword, "%commit" ) ) {
 		outctrl.lnr = lnr;
-		if (proc_parameter_file( para, fname, &outctrl, 0 ))
+		if (proc_parameter_file (ctrl, para, fname, &outctrl, 0 ))
                   print_status_key_not_created
                     (get_parameter_value (para, pHANDLE));
 		release_parameter_list( para );
@@ -3384,7 +3384,7 @@ read_parameter_file( const char *fname )
 
 	if( keywords[i].key == pKEYTYPE && para ) {
 	    outctrl.lnr = lnr;
-	    if (proc_parameter_file( para, fname, &outctrl, 0 ))
+	    if (proc_parameter_file (ctrl, para, fname, &outctrl, 0 ))
               print_status_key_not_created
                 (get_parameter_value (para, pHANDLE));
 	    release_parameter_list( para );
@@ -3414,7 +3414,7 @@ read_parameter_file( const char *fname )
     }
     else if( para ) {
 	outctrl.lnr = lnr;
-	if (proc_parameter_file( para, fname, &outctrl, 0 ))
+	if (proc_parameter_file (ctrl, para, fname, &outctrl, 0 ))
           print_status_key_not_created (get_parameter_value (para, pHANDLE));
     }
 
@@ -3479,7 +3479,7 @@ quickgen_set_para (struct para_data_s *para, int for_subkey,
  * Unattended generation of a standard key.
  */
 void
-quick_generate_keypair (const char *uid)
+quick_generate_keypair (ctrl_t ctrl, const char *uid)
 {
   gpg_error_t err;
   struct para_data_s *para = NULL;
@@ -3569,7 +3569,7 @@ quick_generate_keypair (const char *uid)
       para = r;
     }
 
-  proc_parameter_file (para, "[internal]", &outctrl, 0);
+  proc_parameter_file (ctrl, para, "[internal]", &outctrl, 0);
  leave:
   release_parameter_list (para);
 }
@@ -3613,7 +3613,7 @@ generate_keypair (ctrl_t ctrl, int full, const char *fname,
 
   if (opt.batch)
     {
-      read_parameter_file( fname );
+      read_parameter_file (ctrl, fname);
       return;
     }
 
@@ -3841,7 +3841,7 @@ generate_keypair (ctrl_t ctrl, int full, const char *fname,
   r->next = para;
   para = r;
 
-  proc_parameter_file (para, "[internal]", &outctrl, !!card_serialno);
+  proc_parameter_file (ctrl, para, "[internal]", &outctrl, !!card_serialno);
   release_parameter_list (para);
 }
 
@@ -3958,7 +3958,7 @@ start_tree(KBNODE *tree)
 
 
 static void
-do_generate_keypair (struct para_data_s *para,
+do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
 		     struct output_control_s *outctrl, int card)
 {
   gpg_error_t err;
@@ -4192,7 +4192,7 @@ do_generate_keypair (struct para_data_s *para,
             {
               tty_printf (_("public and secret key created and signed.\n") );
               tty_printf ("\n");
-              list_keyblock_direct (pub_root, 0, 1, 1);
+              list_keyblock_direct (ctrl, pub_root, 0, 1, 1);
             }
 
 
diff --git a/g10/keylist.c b/g10/keylist.c
index bfc6d49..192ced7 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -45,8 +45,9 @@
 #include "mbox-util.h"
 
 
-static void list_all (int, int);
-static void list_one (strlist_t names, int secret, int mark_secret);
+static void list_all (ctrl_t, int, int);
+static void list_one (ctrl_t ctrl,
+                      strlist_t names, int secret, int mark_secret);
 static void locate_one (ctrl_t ctrl, strlist_t names);
 static void print_card_serialno (const char *serialno);
 
@@ -60,7 +61,8 @@ struct keylist_context
 };
 
 
-static void list_keyblock (kbnode_t keyblock, int secret, int has_secret,
+static void list_keyblock (ctrl_t ctrl,
+                           kbnode_t keyblock, int secret, int has_secret,
                            int fpr, struct keylist_context *listctx);
 
 
@@ -131,9 +133,9 @@ public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode)
   if (locate_mode)
     locate_one (ctrl, list);
   else if (!list)
-    list_all (0, opt.with_secret);
+    list_all (ctrl, 0, opt.with_secret);
   else
-    list_one (list, 0, opt.with_secret);
+    list_one (ctrl, list, 0, opt.with_secret);
 }
 
 
@@ -145,9 +147,9 @@ secret_key_list (ctrl_t ctrl, strlist_t list)
   check_trustdb_stale ();
 
   if (!list)
-    list_all (1, 0);
+    list_all (ctrl, 1, 0);
   else				/* List by user id */
-    list_one (list, 1, 0);
+    list_one (ctrl, list, 1, 0);
 }
 
 void
@@ -466,7 +468,7 @@ print_signature_stats (struct keylist_context *s)
    MARK_SECRET is true secret keys are indicated in a public key
    listing.  */
 static void
-list_all (int secret, int mark_secret)
+list_all (ctrl_t ctrl, int secret, int mark_secret)
 {
   KEYDB_HANDLE hd;
   KBNODE keyblock = NULL;
@@ -527,7 +529,7 @@ list_all (int secret, int mark_secret)
                 }
             }
           merge_keys_and_selfsig (keyblock);
-          list_keyblock (keyblock, secret, any_secret, opt.fingerprint,
+          list_keyblock (ctrl, keyblock, secret, any_secret, opt.fingerprint,
                          &listctx);
         }
       release_kbnode (keyblock);
@@ -552,7 +554,7 @@ list_all (int secret, int mark_secret)
 
 
 static void
-list_one (strlist_t names, int secret, int mark_secret)
+list_one (ctrl_t ctrl, strlist_t names, int secret, int mark_secret)
 {
   int rc = 0;
   KBNODE keyblock = NULL;
@@ -593,7 +595,8 @@ list_one (strlist_t names, int secret, int mark_secret)
             es_putc ('-', es_stdout);
           es_putc ('\n', es_stdout);
         }
-      list_keyblock (keyblock, secret, mark_secret, opt.fingerprint, &listctx);
+      list_keyblock (ctrl,
+                     keyblock, secret, mark_secret, opt.fingerprint, &listctx);
       release_kbnode (keyblock);
     }
   while (!getkey_next (ctx, NULL, &keyblock));
@@ -634,7 +637,7 @@ locate_one (ctrl_t ctrl, strlist_t names)
 	{
 	  do
 	    {
-	      list_keyblock (keyblock, 0, 0, opt.fingerprint, &listctx);
+	      list_keyblock (ctrl, keyblock, 0, 0, opt.fingerprint, &listctx);
 	      release_kbnode (keyblock);
 	    }
 	  while (ctx && !getkey_next (ctx, NULL, &keyblock));
@@ -837,7 +840,7 @@ dump_attribs (const PKT_user_id *uid, PKT_public_key *pk)
 
 /* Print IPGP cert records instead of a standard key listing.  */
 static void
-list_keyblock_pka (kbnode_t keyblock)
+list_keyblock_pka (ctrl_t ctrl, kbnode_t keyblock)
 {
   kbnode_t kbctx;
   kbnode_t node;
@@ -1671,12 +1674,13 @@ reorder_keyblock (KBNODE keyblock)
 }
 
 static void
-list_keyblock (KBNODE keyblock, int secret, int has_secret, int fpr,
+list_keyblock (ctrl_t ctrl,
+               KBNODE keyblock, int secret, int has_secret, int fpr,
                struct keylist_context *listctx)
 {
   reorder_keyblock (keyblock);
   if (opt.print_pka_records)
-    list_keyblock_pka (keyblock);
+    list_keyblock_pka (ctrl, keyblock);
   else if (opt.with_colons)
     list_keyblock_colon (keyblock, secret, has_secret, fpr);
   else
@@ -1688,12 +1692,13 @@ list_keyblock (KBNODE keyblock, int secret, int has_secret, int fpr,
 
 /* Public function used by keygen to list a keyblock.  */
 void
-list_keyblock_direct (kbnode_t keyblock, int secret, int has_secret, int fpr)
+list_keyblock_direct (ctrl_t ctrl,
+                      kbnode_t keyblock, int secret, int has_secret, int fpr)
 {
   struct keylist_context listctx;
 
   memset (&listctx, 0, sizeof (listctx));
-  list_keyblock (keyblock, secret, has_secret, fpr, &listctx);
+  list_keyblock (ctrl, keyblock, secret, has_secret, fpr, &listctx);
   keylist_context_release (&listctx);
 }
 
diff --git a/g10/main.h b/g10/main.h
index 42d5ce1..0bace61 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -256,7 +256,7 @@ void show_basic_key_info (KBNODE keyblock);
 u32 parse_expire_string(const char *string);
 u32 ask_expire_interval(int object,const char *def_expire);
 u32 ask_expiredate(void);
-void quick_generate_keypair (const char *uid);
+void quick_generate_keypair (ctrl_t ctrl, const char *uid);
 void generate_keypair (ctrl_t ctrl, int full, const char *fname,
                        const char *card_serialno, int card_backup_key);
 int keygen_set_std_prefs (const char *string,int personal);
@@ -347,8 +347,8 @@ void public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode );
 void secret_key_list (ctrl_t ctrl, strlist_t list );
 void print_subpackets_colon(PKT_signature *sig);
 void reorder_keyblock (KBNODE keyblock);
-void list_keyblock_direct (kbnode_t keyblock, int secret, int has_secret,
-                           int fpr);
+void list_keyblock_direct (ctrl_t ctrl, kbnode_t keyblock, int secret,
+                           int has_secret, int fpr);
 void print_fingerprint (estream_t fp, PKT_public_key *pk, int mode);
 void print_revokers (estream_t fp, PKT_public_key *pk);
 void show_policy_url(PKT_signature *sig,int indent,int mode);

commit a400958323d93036dca9c63135b167012ea64f8b
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Oct 7 16:55:15 2015 +0200

    gpg: Remove unfinished experimental code to export as S-expressions.
    
    * g10/options.h (EXPORT_SEXP_FORMAT): Remove.
    (EXPORT_DANE_FORMAT): New.
    * g10/export.c (parse_export_options): Remove "export-sexp-format".
    (export_seckeys): Adjust for removed option.
    (export_secsubkeys): Ditto.
    (do_export): Prepare for DANE format.
    (build_sexp, build_sexp_seckey): Remove.
    (do_export_stream): Remove use of removed functions.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/export.c b/g10/export.c
index 62802d3..94a3256 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -1,7 +1,7 @@
 /* export.c - Export keys in the OpenPGP defined format.
  * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
  *               2005, 2010 Free Software Foundation, Inc.
- * Copyright (C) 2014  Werner Koch
+ * Copyright (C) 1998-2015  Werner Koch
  *
  * This file is part of GnuPG.
  *
@@ -52,7 +52,6 @@ static int do_export_stream (ctrl_t ctrl, iobuf_t out,
                              strlist_t users, int secret,
                              kbnode_t *keyblock_out, unsigned int options,
 			     int *any);
-static int build_sexp (iobuf_t out, PACKET *pkt, int *indent);
 
 
 int
@@ -70,8 +69,6 @@ parse_export_options(char *str,unsigned int *options,int noisy)
        N_("remove unusable parts from key during export")},
       {"export-minimal",EXPORT_MINIMAL|EXPORT_CLEAN,NULL,
        N_("remove as much as possible from key during export")},
-      {"export-sexp-format",EXPORT_SEXP_FORMAT, NULL,
-       N_("export keys in an S-expression based format")},
       /* Aliases for backward compatibility */
       {"include-local-sigs",EXPORT_LOCAL_SIGS,NULL,NULL},
       {"include-attributes",EXPORT_ATTRIBUTES,NULL,NULL},
@@ -172,17 +169,13 @@ export_pubkey_buffer (ctrl_t ctrl, const char *keyspec, unsigned int options,
 int
 export_seckeys (ctrl_t ctrl, strlist_t users )
 {
-  /* Use only relevant options for the secret key. */
-  unsigned int options = (opt.export_options & EXPORT_SEXP_FORMAT);
-  return do_export (ctrl, users, 1, options);
+  return do_export (ctrl, users, 1, 0);
 }
 
 int
 export_secsubkeys (ctrl_t ctrl, strlist_t users )
 {
-  /* Use only relevant options for the secret key. */
-  unsigned int options = (opt.export_options & EXPORT_SEXP_FORMAT);
-  return do_export (ctrl, users, 2, options);
+  return do_export (ctrl, users, 2, 0);
 }
 
 
@@ -205,7 +198,8 @@ do_export (ctrl_t ctrl, strlist_t users, int secret, unsigned int options )
   if (rc)
     return rc;
 
-  if (!(options & EXPORT_SEXP_FORMAT))
+  /* We don't want an Armor for DANE format.  */
+  if (!(options & EXPORT_DANE_FORMAT))
     {
       if ( opt.armor )
         {
@@ -760,7 +754,7 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk)
    export options to apply.  If KEYBLOCK_OUT is not NULL, AND the exit
    code is zero, a pointer to the first keyblock found and exported
    will be stored at this address; no other keyblocks are exported in
-   this case.  The caller must free it the returned keyblock.  If any
+   this case.  The caller must free the returned keyblock.  If any
    key has been exported true is stored at ANY. */
 static int
 do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
@@ -775,7 +769,6 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
   subkey_list_t subkey_list = NULL;  /* Track already processed subkeys. */
   KEYDB_HANDLE kdbhd;
   strlist_t sl;
-  int indent = 0;
   gcry_cipher_hd_t cipherhd = NULL;
   char *cache_nonce = NULL;
 
@@ -1114,10 +1107,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
                         ski->iv[ski->ivlen] = xtoi_2 (s);
                     }
 
-                  if ((options&EXPORT_SEXP_FORMAT))
-                    err = build_sexp (out, node->pkt, &indent);
-                  else
-                    err = build_packet (out, node->pkt);
+                  err = build_packet (out, node->pkt);
                 }
               else if (!err)
                 {
@@ -1172,10 +1162,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
                   if (err)
                     goto unwraperror;
 
-                  if ((options&EXPORT_SEXP_FORMAT))
-                    err = build_sexp (out, node->pkt, &indent);
-                  else
-                    err = build_packet (out, node->pkt);
+                  err = build_packet (out, node->pkt);
                   goto unwraperror_leave;
 
                 unwraperror:
@@ -1212,10 +1199,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
             }
           else
             {
-              if ((options&EXPORT_SEXP_FORMAT))
-                err = build_sexp (out, node->pkt, &indent);
-              else
-                err = build_packet (out, node->pkt);
+              err = build_packet (out, node->pkt);
             }
 
           if (err)
@@ -1229,25 +1213,12 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
             *any = 1;
 	}
 
-      if ((options&EXPORT_SEXP_FORMAT) && indent)
-        {
-          for (; indent; indent--)
-            iobuf_put (out, ')');
-          iobuf_put (out, '\n');
-        }
-
       if (keyblock_out)
         {
           *keyblock_out = keyblock;
           break;
         }
     }
-  if ((options&EXPORT_SEXP_FORMAT) && indent)
-    {
-      for (; indent; indent--)
-        iobuf_put (out, ')');
-      iobuf_put (out, '\n');
-    }
   if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
     err = 0;
 
@@ -1263,139 +1234,3 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
     log_info(_("WARNING: nothing exported\n"));
   return err;
 }
-
-
-
-/* static int */
-/* write_sexp_line (iobuf_t out, int *indent, const char *text) */
-/* { */
-/*   int i; */
-
-/*   for (i=0; i < *indent; i++) */
-/*     iobuf_put (out, ' '); */
-/*   iobuf_writestr (out, text); */
-/*   return 0; */
-/* } */
-
-/* static int */
-/* write_sexp_keyparm (iobuf_t out, int *indent, const char *name, gcry_mpi_t a) */
-/* { */
-/*   int rc; */
-/*   unsigned char *buffer; */
-
-/*   write_sexp_line (out, indent, "("); */
-/*   iobuf_writestr (out, name); */
-/*   iobuf_writestr (out, " #"); */
-
-/*   rc = gcry_mpi_aprint (GCRYMPI_FMT_HEX, &buffer, NULL, a); */
-/*   assert (!rc); */
-/*   iobuf_writestr (out, buffer); */
-/*   iobuf_writestr (out, "#)"); */
-/*   gcry_free (buffer); */
-/*   return 0; */
-/* } */
-
-static int
-build_sexp_seckey (iobuf_t out, PACKET *pkt, int *indent)
-{
-  (void)out;
-  (void)pkt;
-  (void)indent;
-
-  /* FIXME: Not yet implemented.  */
-  return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
-  /* PKT_secret_key *sk = pkt->pkt.secret_key; */
-  /* char tmpbuf[100]; */
-
-  /* if (pkt->pkttype == PKT_SECRET_KEY) */
-  /*   { */
-  /*     iobuf_writestr (out, "(openpgp-key\n"); */
-  /*     (*indent)++; */
-  /*   } */
-  /* else */
-  /*   { */
-  /*     iobuf_writestr (out, " (subkey\n"); */
-  /*     (*indent)++; */
-  /*   } */
-  /* (*indent)++; */
-  /* write_sexp_line (out, indent, "(private-key\n"); */
-  /* (*indent)++; */
-  /* if (is_RSA (sk->pubkey_algo) && !sk->is_protected) */
-  /*   { */
-  /*     write_sexp_line (out, indent, "(rsa\n"); */
-  /*     (*indent)++; */
-  /*     write_sexp_keyparm (out, indent, "n", sk->skey[0]); iobuf_put (out,'\n'); */
-  /*     write_sexp_keyparm (out, indent, "e", sk->skey[1]); iobuf_put (out,'\n'); */
-  /*     write_sexp_keyparm (out, indent, "d", sk->skey[2]); iobuf_put (out,'\n'); */
-  /*     write_sexp_keyparm (out, indent, "p", sk->skey[3]); iobuf_put (out,'\n'); */
-  /*     write_sexp_keyparm (out, indent, "q", sk->skey[4]); iobuf_put (out,'\n'); */
-  /*     write_sexp_keyparm (out, indent, "u", sk->skey[5]);  */
-  /*     iobuf_put (out,')'); iobuf_put (out,'\n'); */
-  /*     (*indent)--; */
-  /*   } */
-  /* else if (sk->pubkey_algo == PUBKEY_ALGO_DSA && !sk->is_protected) */
-  /*   { */
-  /*     write_sexp_line (out, indent, "(dsa\n"); */
-  /*     (*indent)++; */
-  /*     write_sexp_keyparm (out, indent, "p", sk->skey[0]); iobuf_put (out,'\n'); */
-  /*     write_sexp_keyparm (out, indent, "q", sk->skey[1]); iobuf_put (out,'\n'); */
-  /*     write_sexp_keyparm (out, indent, "g", sk->skey[2]); iobuf_put (out,'\n'); */
-  /*     write_sexp_keyparm (out, indent, "y", sk->skey[3]); iobuf_put (out,'\n'); */
-  /*     write_sexp_keyparm (out, indent, "x", sk->skey[4]); */
-  /*     iobuf_put (out,')'); iobuf_put (out,'\n'); */
-  /*     (*indent)--; */
-  /*   } */
-  /* else if (sk->pubkey_algo == PUBKEY_ALGO_ECDSA && !sk->is_protected) */
-  /*   { */
-  /*     write_sexp_line (out, indent, "(ecdsa\n"); */
-  /*     (*indent)++;  */
-  /*     write_sexp_keyparm (out, indent, "c", sk->skey[0]); iobuf_put (out,'\n'); */
-  /*     write_sexp_keyparm (out, indent, "q", sk->skey[6]); iobuf_put (out,'\n'); */
-  /*     write_sexp_keyparm (out, indent, "d", sk->skey[7]); */
-  /*     iobuf_put (out,')'); iobuf_put (out,'\n'); */
-  /*     (*indent)--; */
-  /*   } */
-  /* else if (is_ELGAMAL (sk->pubkey_algo) && !sk->is_protected) */
-  /*   { */
-  /*     write_sexp_line (out, indent, "(elg\n"); */
-  /*     (*indent)++; */
-  /*     write_sexp_keyparm (out, indent, "p", sk->skey[0]); iobuf_put (out,'\n'); */
-  /*     write_sexp_keyparm (out, indent, "g", sk->skey[2]); iobuf_put (out,'\n'); */
-  /*     write_sexp_keyparm (out, indent, "y", sk->skey[3]); iobuf_put (out,'\n'); */
-  /*     write_sexp_keyparm (out, indent, "x", sk->skey[4]); */
-  /*     iobuf_put (out,')'); iobuf_put (out,'\n'); */
-  /*     (*indent)--; */
-  /*   } */
-  /* write_sexp_line (out, indent,  "(attrib\n"); (*indent)++; */
-  /* sprintf (tmpbuf, "(created \"%lu\"", (unsigned long)sk->timestamp); */
-  /* write_sexp_line (out, indent, tmpbuf); */
-  /* iobuf_put (out,')'); (*indent)--; /\* close created *\/ */
-  /* iobuf_put (out,')'); (*indent)--; /\* close attrib *\/ */
-  /* iobuf_put (out,')'); (*indent)--; /\* close private-key *\/ */
-  /* if (pkt->pkttype != PKT_SECRET_KEY) */
-  /*   iobuf_put (out,')'), (*indent)--; /\* close subkey *\/ */
-  /* iobuf_put (out,'\n'); */
-
-  /* return 0; */
-}
-
-
-/* For some packet types we write them in a S-expression format.  This
-   is still EXPERIMENTAL and subject to change.  */
-static int
-build_sexp (iobuf_t out, PACKET *pkt, int *indent)
-{
-  int rc;
-
-  switch (pkt->pkttype)
-    {
-    case PKT_SECRET_KEY:
-    case PKT_SECRET_SUBKEY:
-      rc = build_sexp_seckey (out, pkt, indent);
-      break;
-    default:
-      rc = 0;
-      break;
-    }
-  return rc;
-}
diff --git a/g10/options.h b/g10/options.h
index f5b23dd..694c29f 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -334,7 +334,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
 #define EXPORT_RESET_SUBKEY_PASSWD       (1<<3)
 #define EXPORT_MINIMAL                   (1<<4)
 #define EXPORT_CLEAN                     (1<<5)
-#define EXPORT_SEXP_FORMAT               (1<<6)
+#define EXPORT_DANE_FORMAT               (1<<6)
 
 #define LIST_SHOW_PHOTOS                 (1<<0)
 #define LIST_SHOW_POLICY_URLS            (1<<1)

-----------------------------------------------------------------------

Summary of changes:
 common/mkdir_p.c |   2 +-
 doc/gpg.texi     |   7 ++
 g10/export.c     | 196 +++++--------------------------------------------------
 g10/gpg.c        |   5 +-
 g10/gpgv.c       |  14 ++++
 g10/keyedit.c    |   1 -
 g10/keygen.c     |  26 ++++----
 g10/keylist.c    | 147 ++++++++++++++++++++++++++++++++---------
 g10/main.h       |   6 +-
 g10/options.h    |   3 +-
 g10/test-stubs.c |  14 ++++
 11 files changed, 189 insertions(+), 232 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Oct  8 18:38:47 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 08 Oct 2015 18:38:47 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.8-83-g2eee292
Message-ID: <E1ZkE4m-0007kS-LD@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  2eee29253d5940e6da9cb2f44e9c44033675ec12 (commit)
       via  4c298525903f844eee95ecbcdc45f5ac034fa148 (commit)
      from  d7b8e76f9930750d669405dee3108c9bc8e87b91 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 2eee29253d5940e6da9cb2f44e9c44033675ec12
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Oct 8 18:24:26 2015 +0200

    speedo: Add a w32-release target.
    
    --
    
    This simplifies building a release to:
    
      git tag -s gnupg-2.n.m
      ./autogen.sh --force
      cd ~/b/gnupg
      ~/s/gnupg/configure --enable-maintainer-mode
      make distcheck
      tar xJf gnupg-2.n.m.tar.bz2
      make -f gnupg-2.n.m/build-aux/speedo.mk w32-release
      gpg -sbvu KEYID gnupg-2.n.m.tar.bz2
      gpg -sbvu KEYID gnupg-w32-2.n.m-20151008.tar.xz
      gpg -sbvu KEYID gnupg-w32-2.n.m-20151008.exe
      scp gnupg-2.n.m.tar.bz2              $TARGET
      scp gnupg-w32-2.n.m-20151008.tar.xz  $TARGET
      scp gnupg-w32-2.n.m-20151008.exe     $TARGET

diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk
index dc949ba..cd3a66d 100644
--- a/build-aux/speedo.mk
+++ b/build-aux/speedo.mk
@@ -57,6 +57,7 @@ help:
 	@echo '  native-gui     Ditto but with pinentry and GPA'
 	@echo '  w32-installer  Build a Windows installer'
 	@echo '  w32-source     Pack a source archive'
+	@echo '  w32-release    Build a Windows release'
 	@echo
 	@echo 'You may append INSTALL_PREFIX=<dir> for native builds.'
 	@echo 'Prepend TARGET with "git-" to build from GIT repos.'
@@ -104,6 +105,11 @@ this-w32-source: check-tools
 	$(SPEEDOMAKE) TARGETOS=w32    WHAT=this    WITH_GUI=0 \
 	                                           CUSTOM_SWDB=1 dist-source
 
+w32-release: check-tools
+	$(SPEEDOMAKE) TARGETOS=w32 WHAT=release    WITH_GUI=0 SELFCHECK=0 \
+                                                   installer-from-source
+
+
 
 # Set this to "git" to build from git,
 #          to "release" from tarballs,
@@ -1050,7 +1056,7 @@ clean-speedo:
 # {{{
 ifeq ($(TARGETOS),w32)
 
-dist-source: all
+dist-source: installer
 	for i in 00 01 02 03; do sleep 1;touch PLAY/stamps/stamp-*-${i}-*;done
 	(set -e;\
 	 tarname="$(INST_NAME)-$(INST_VERSION)_$(BUILD_DATESTR).tar" ;\
@@ -1061,6 +1067,7 @@ dist-source: all
 	 tar --totals -rf "$$tarname" --exclude-backups --exclude-vc \
               --transform='s,^,$(INST_NAME)-$(INST_VERSION)/,' \
 	     PLAY/stamps/stamp-*-00-unpack PLAY/src swdb.lst swdb.lst.sig ;\
+	 [ -f "$$tarname".xz ] && rm "$$tarname".xz;\
          xz "$$tarname" ;\
 	)
 
@@ -1112,6 +1119,18 @@ installer: all w32_insthelpers $(w32src)/inst-options.ini $(bdir)/README.txt
 		    $(extra_installer_options) $(w32src)/inst.nsi
 	@echo "Ready: $(idir)/$(INST_NAME)-$(INST_VERSION)_$(BUILD_DATESTR).exe"
 
+# Build the installer from the source tarball.
+installer-from-source: dist-source
+	(set -e;\
+	 [ -d PLAY-release ] && rm -rf PLAY-release; \
+	 mkdir PLAY-release;\
+	 cd PLAY-release; \
+	 tar xJf "../$(INST_NAME)-$(INST_VERSION)_$(BUILD_DATESTR).tar.xz";\
+	 cd $(INST_NAME)-$(INST_VERSION); \
+         $(MAKE) -f build-aux/speedo.mk this-w32-installer SELFCHECK=0;\
+	 mv "PLAY/inst/$(INST_NAME)-$(INST_VERSION)_$(BUILD_DATESTR).exe" ../.. ;\
+	)
+
 endif
 # }}} W32
 

commit 4c298525903f844eee95ecbcdc45f5ac034fa148
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Oct 8 16:42:14 2015 +0200

    common: Allow building of mkdir_p.c for Windows.
    
    * common/mkdir_p.c: Change license and comment debug statements.
    (amkdir_p, mkdir_p): Fail on malloc error and use default_errsource to
    build an error code.  Change return value to gpg_error_t.
    (amkdir_p): Use gnupg_mkdir.
    
    * common/membuf.c: Include util.h first to avoid redefined macro
    warnings.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/common/membuf.c b/common/membuf.c
index cc7772f..f4430a9 100644
--- a/common/membuf.c
+++ b/common/membuf.c
@@ -33,9 +33,8 @@
 #include <errno.h>
 #include <stdarg.h>
 
-#include "membuf.h"
-
 #include "util.h"
+#include "membuf.h"
 
 
 /* A simple implementation of a dynamic buffer.  Use init_membuf() to
diff --git a/common/mkdir_p.c b/common/mkdir_p.c
index 53c3f0f..42469f8 100644
--- a/common/mkdir_p.c
+++ b/common/mkdir_p.c
@@ -3,12 +3,22 @@
  *
  * This file is part of GnuPG.
  *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of either
  *
- * GnuPG is distributed in the hope that it will be useful,
+ *   - the GNU Lesser General Public License as published by the Free
+ *     Software Foundation; either version 3 of the License, or (at
+ *     your option) any later version.
+ *
+ * or
+ *
+ *   - the GNU General Public License as published by the Free
+ *     Software Foundation; either version 2 of the License, or (at
+ *     your option) any later version.
+ *
+ * or both in parallel, as here.
+ *
+ * This file is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -23,28 +33,30 @@
 #include <assert.h>
 #include <stdarg.h>
 
-#include "mkdir_p.h"
+#include "util.h"
 #include "stringhelp.h"
 #include "logging.h"
-#include "util.h"
+#include "sysutils.h"
+#include "mkdir_p.h"
 
-#define DEBUG 0
 
-int
+gpg_error_t
 amkdir_p (char **directory_components)
 {
+  gpg_error_t err = 0;
   int count;
   char **dirs;
   int i;
-  int rc = 0;
 
   for (count = 0; directory_components[count]; count ++)
     ;
 
-  if (DEBUG)
-    log_debug ("%s: %d directory components.\n", __func__, count);
+  /* log_debug ("%s: %d directory components.\n", __func__, count); */
+
+  dirs = xtrycalloc (count, sizeof (char *));
+  if (!dirs)
+    return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
 
-  dirs = xcalloc (count, sizeof (char *));
   for (i = 0; directory_components[i]; i ++)
     {
       if (i == 0)
@@ -52,41 +64,39 @@ amkdir_p (char **directory_components)
       else
 	dirs[i] = make_filename (dirs[i - 1], directory_components[i], NULL);
 
-      if (DEBUG)
-	log_debug ("%s: Directory %d: `%s'.\n", __func__, i, dirs[i]);
+      /* log_debug ("%s: Directory %d: `%s'.\n", __func__, i, dirs[i]); */
     }
 
   for (i = count - 1; i >= 0; i --)
     {
       struct stat s;
 
-      if (DEBUG)
-	log_debug ("%s: stat(%s)\n", __func__, dirs[i]);
-
-      rc = stat (dirs[i], &s);
-      if (rc == 0 && ! S_ISDIR (s.st_mode))
-	{
-	  if (DEBUG)
-	    log_debug ("%s: %s exists, but is not a directory!\n",
-		       __func__, dirs[i]);
-	  rc = gpg_error (GPG_ERR_ENOTDIR);
-	  goto out;
-	}
-      else if (rc == 0)
-	{
-	  /* Got a directory.  */
-	  if (DEBUG)
-	    log_debug ("%s: %s exists and is a directory!\n",
-		       __func__, dirs[i]);
-	  break;
-	}
+      /* log_debug ("%s: stat(%s)\n", __func__, dirs[i]); */
+
+      if (!stat (dirs[i], &s))
+        {
+          if ( ! S_ISDIR (s.st_mode))
+            {
+              /* log_debug ("%s: %s exists, but is not a directory!\n", */
+              /*            __func__, dirs[i]); */
+              err = gpg_err_make (default_errsource, GPG_ERR_ENOTDIR);
+              goto out;
+            }
+          else
+            {
+              /* Got a directory.  */
+              /* log_debug ("%s: %s exists and is a directory!\n",  */
+              /*            __func__, dirs[i]); */
+              err = 0;
+              break;
+            }
+        }
       else if (errno == ENOENT)
 	/* This directory does not exist yet.  Continue walking up the
 	   hierarchy.  */
 	{
-	  if (DEBUG)
-	    log_debug ("%s: %s does not exist!\n",
-		       __func__, dirs[i]);
+          /* log_debug ("%s: %s does not exist!\n", */
+          /*            __func__, dirs[i]); */
 	  continue;
 	}
       else
@@ -94,10 +104,9 @@ amkdir_p (char **directory_components)
 	   (we return this above), which means that a component of the
 	   path prefix is not a directory.  */
 	{
-	  if (DEBUG)
-	    log_debug ("%s: stat(%s) => %s!\n",
-		       __func__, dirs[i], strerror (errno));
-	  rc = gpg_error_from_syserror ();
+          /* log_debug ("%s: stat(%s) => %s!\n", */
+          /*            __func__, dirs[i], strerror (errno)); */
+	  err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
 	  goto out;
 	}
     }
@@ -108,13 +117,11 @@ amkdir_p (char **directory_components)
 
   for (; i < count; i ++)
     {
-      if (DEBUG)
-	log_debug ("Creating directory: %s\n", dirs[i]);
+      /* log_debug ("Creating directory: %s\n", dirs[i]); */
 
-      rc = mkdir (dirs[i], S_IRUSR | S_IWUSR | S_IXUSR);
-      if (rc)
+      if (gnupg_mkdir (dirs[i], "-rwx"))
 	{
-	  rc = gpg_error_from_syserror ();
+	  err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
 	  goto out;
 	}
     }
@@ -124,20 +131,24 @@ amkdir_p (char **directory_components)
     xfree (dirs[i]);
   xfree (dirs);
 
-  if (DEBUG)
-    log_debug ("%s: Returning %s\n", __func__, gpg_strerror (rc));
+  /* log_debug ("%s: Returning %s\n", __func__, gpg_strerror (rc)); */
 
-  return rc;
+  return err;
 }
 
-int
+
+gpg_error_t
 mkdir_p (char *directory_component, ...)
 {
   va_list ap;
+  gpg_error_t err = 0;
   int i;
   int space = 1;
-  char **dirs = xmalloc (space * sizeof (char *));
-  int rc;
+  char **dirs;
+
+  dirs = xtrymalloc (space * sizeof (char *));
+  if (!dirs)
+    return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
 
   dirs[0] = directory_component;
 
@@ -146,16 +157,26 @@ mkdir_p (char *directory_component, ...)
     {
       if (i == space)
 	{
+          char **tmp_dirs;
+
 	  space = 2 * space;
-	  dirs = xrealloc (dirs, space * sizeof (char *));
+	  tmp_dirs = xtryrealloc (dirs, space * sizeof (char *));
+          if (!tmp_dirs)
+            {
+              err = gpg_err_make (default_errsource,
+                                  gpg_err_code_from_syserror ());
+              break;
+            }
+          dirs = tmp_dirs;
 	}
       dirs[i] = va_arg (ap, char *);
     }
   va_end (ap);
 
-  rc = amkdir_p (dirs);
+  if (!err)
+    err = amkdir_p (dirs);
 
   xfree (dirs);
 
-  return rc;
+  return err;
 }
diff --git a/common/mkdir_p.h b/common/mkdir_p.h
index ddf412b..0a6cf3d 100644
--- a/common/mkdir_p.h
+++ b/common/mkdir_p.h
@@ -3,12 +3,22 @@
  *
  * This file is part of GnuPG.
  *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of either
  *
- * GnuPG is distributed in the hope that it will be useful,
+ *   - the GNU Lesser General Public License as published by the Free
+ *     Software Foundation; either version 3 of the License, or (at
+ *     your option) any later version.
+ *
+ * or
+ *
+ *   - the GNU General Public License as published by the Free
+ *     Software Foundation; either version 2 of the License, or (at
+ *     your option) any later version.
+ *
+ * or both in parallel, as here.
+ *
+ * This file is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
@@ -29,7 +39,7 @@
    first try to create the directory "foo/bar" and then the directory
    "foo/bar/xyzzy".  On success returns 0, otherwise an error code is
    returned.  */
-int mkdir_p (char *directory_component, ...) GPGRT_ATTR_SENTINEL(0);
+gpg_error_t mkdir_p (char *directory_component, ...) GPGRT_ATTR_SENTINEL(0);
 
 /* Like mkdir_p, but DIRECTORY_COMPONENTS is a NULL terminated
    array, e.g.:
@@ -37,6 +47,6 @@ int mkdir_p (char *directory_component, ...) GPGRT_ATTR_SENTINEL(0);
      char **dirs = { "foo", "bar", NULL };
      amkdir_p (dirs);
  */
-int amkdir_p (char **directory_components);
+gpg_error_t amkdir_p (char **directory_components);
 
 #endif

-----------------------------------------------------------------------

Summary of changes:
 build-aux/speedo.mk |  21 ++++++++-
 common/membuf.c     |   3 +-
 common/mkdir_p.c    | 133 ++++++++++++++++++++++++++++++----------------------
 common/mkdir_p.h    |  24 +++++++---
 4 files changed, 115 insertions(+), 66 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Oct  8 19:14:40 2015
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Thu, 08 Oct 2015 19:14:40 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.8-84-gea079d2
Message-ID: <E1ZkEdU-0001Kt-Kh@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  ea079d283de6bf4ac70d7530fac70938e7c5e8f5 (commit)
      from  2eee29253d5940e6da9cb2f44e9c44033675ec12 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ea079d283de6bf4ac70d7530fac70938e7c5e8f5
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Fri Sep 25 11:43:16 2015 +0200

    dirmngr: Default to http protocol for http-proxy
    
    * common/http.c (send_request): Fix handling for hostname:port string.
    
    --
    The first pass to parse_uri should already do a scheme check so
    that a hostname:port string is detected as invlaid and the retry
    code actually takes effect and adds a http://
    
    GnuPG-bug-id: 2109

diff --git a/common/http.c b/common/http.c
index be5bd30..edd8a6d 100644
--- a/common/http.c
+++ b/common/http.c
@@ -1513,7 +1513,7 @@ send_request (http_t hd, const char *httphost, const char *auth,
       if (proxy)
 	http_proxy = proxy;
 
-      err = parse_uri (&uri, http_proxy, 1, 0);
+      err = parse_uri (&uri, http_proxy, 0, 0);
       if (gpg_err_code (err) == GPG_ERR_INV_URI
           && is_hostname_port (http_proxy))
         {

-----------------------------------------------------------------------

Summary of changes:
 common/http.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Oct  8 19:23:41 2015
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Thu, 08 Oct 2015 19:23:41 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2,
 updated. gnupg-2.1.8-84-gea079d2
Message-ID: <E1ZkEmD-0001m6-5R@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-2 has been updated
       via  ea079d283de6bf4ac70d7530fac70938e7c5e8f5 (commit)
       via  2eee29253d5940e6da9cb2f44e9c44033675ec12 (commit)
       via  4c298525903f844eee95ecbcdc45f5ac034fa148 (commit)
       via  d7b8e76f9930750d669405dee3108c9bc8e87b91 (commit)
       via  a2600e42f91aa7187f3d6ac74cfb5e4c22ed4a58 (commit)
       via  b6d621583fc9cbda6f9376a24f2f4cf11499a4fd (commit)
       via  a400958323d93036dca9c63135b167012ea64f8b (commit)
       via  9ac31f91b10059474da1c9580fb99e94278d4c11 (commit)
       via  264a81d82737369ee8beef771cf2bd2cd874320a (commit)
       via  211b8084ee4391baec35e8c5bd75a9ecbcb889a7 (commit)
       via  6cf80dc77ec5df3722924301ff4be2475966937b (commit)
       via  7faf45effcd47d2d04d35090a1e01a1dbb99ec70 (commit)
       via  d5b4b4d9c16cb42331aa379755038fd5abf0f2d0 (commit)
       via  9db6547a00cded92c00c8f8382b1b605be1027d2 (commit)
       via  625e292108cc0fd9077769587a8c22abe7805e33 (commit)
       via  4a5bd1720f5a3dbb26f5daeb03725cae29be7e24 (commit)
       via  ce2a84b58833fd308d5fe11756721f39c953280a (commit)
       via  f3959f14b6c496c726bbca5230becb7b6844a234 (commit)
       via  ae471fa978589fb61ecb0f89bbfe4d43cf2d5eac (commit)
       via  a48e6de603c3a312f02b1b5fdb813032eeae9074 (commit)
       via  438730323a5d9bbf8dd5cd60d479b6c03f8721d0 (commit)
       via  7392d3018204937af4ecc176baed931fb89c6634 (commit)
       via  c6400c1aa82239f1c154ca27596600cae964515d (commit)
       via  0bae2ff5996bb9d73a750839ac7fd5b2976134da (commit)
       via  bdd180f47cb0d63a2f8c4a7ed9b2aa66b4781cd8 (commit)
       via  75c64c2b6d77856b90903cc3b7c6a2f62ff8eb7b (commit)
       via  ddf9dd135acd2b3635bb986f6dfc0e4e446d5fad (commit)
      from  2acceba5cc299796c7b5b1851a9baeb75d9f32a1 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 agent/call-pinentry.c                       |   6 +-
 agent/call-scd.c                            |   7 +-
 agent/command-ssh.c                         |  15 ++-
 agent/genkey.c                              |  13 +-
 agent/pksign.c                              |  11 +-
 build-aux/speedo.mk                         |  21 ++-
 common/http.c                               |   2 +-
 common/membuf.c                             |   3 +-
 common/mkdir_p.c                            | 133 ++++++++++--------
 common/mkdir_p.h                            |  24 +++-
 dirmngr/dirmngr.c                           |  36 ++++-
 dirmngr/dirmngr.h                           |   2 +
 dirmngr/dns-cert.c                          | 165 +++++++++++++++--------
 dirmngr/dns-cert.h                          |   4 +-
 dirmngr/ks-engine-hkp.c                     |   4 +-
 dirmngr/server.c                            | 201 +++++++++++++++++++++-------
 doc/dirmngr.texi                            |  27 +++-
 doc/gpg.texi                                |  15 +++
 g10/Makefile.am                             |   6 +-
 g10/call-dirmngr.c                          |  50 ++++++-
 g10/call-dirmngr.h                          |   1 +
 g10/dirmngr-conf.skel                       |  61 +++++++++
 g10/export.c                                | 196 +++------------------------
 g10/getkey.c                                |  11 +-
 g10/gpg.c                                   |   5 +-
 g10/gpgv.c                                  |  14 ++
 g10/keyedit.c                               |   1 -
 g10/keygen.c                                |  26 ++--
 g10/keylist.c                               | 147 +++++++++++++++-----
 g10/keyserver-internal.h                    |   4 +-
 g10/keyserver.c                             |  76 ++++++-----
 g10/main.h                                  |   6 +-
 g10/mainproc.c                              |  16 +++
 g10/openfile.c                              |  34 +++--
 g10/options.h                               |   4 +-
 g10/options.skel                            |  32 +----
 g10/test-stubs.c                            |  14 ++
 po/de.po                                    |  35 +++--
 tests/openpgp/Makefile.am                   |   4 +-
 tests/openpgp/samplekeys/README             |   2 +
 tests/openpgp/samplekeys/e2e-p256-1-clr.asc |  37 +++++
 tests/openpgp/samplekeys/e2e-p256-1-prt.asc |  39 ++++++
 tools/gpgconf-comp.c                        |  17 ++-
 43 files changed, 1001 insertions(+), 526 deletions(-)
 create mode 100644 g10/dirmngr-conf.skel
 create mode 100644 tests/openpgp/samplekeys/e2e-p256-1-clr.asc
 create mode 100644 tests/openpgp/samplekeys/e2e-p256-1-prt.asc


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Oct  9 04:39:41 2015
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Fri, 09 Oct 2015 04:39:41 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.8-85-gf70f669
Message-ID: <E1ZkNSG-0003OO-9o@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  f70f6695368444d8058305ab696e5e5a1bace18c (commit)
      from  ea079d283de6bf4ac70d7530fac70938e7c5e8f5 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit f70f6695368444d8058305ab696e5e5a1bace18c
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Fri Oct 9 11:33:13 2015 +0900

    agent: Fix function return type for check_cb and agent_askpin.
    
    * agent/call-pinentry.c (unlock_pinentry): Return gpg_error_t.
    (start_pinentry, setup_qualitybar): Likewise.
    (agent_askpin): Fix return value check of check_cb.
    * agent/command-ssh.c (reenter_compare_cb): Return gpg_error_t.
    (ssh_identity_register): Fix return value check of agent_askpin.
    * agent/cvt-openpgp.c (try_do_unprotect_cb): Return gpg_error_t.
    * agent/findkey.c (try_unprotect_cb): Likewise.
    * agent/genkey.c (reenter_compare_cb): Return gpg_error_t.
    (agent_ask_new_passphrase): Fix return value check of agent_askpin.

diff --git a/agent/agent.h b/agent/agent.h
index b3e8470..6e24df4 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -257,7 +257,8 @@ struct pin_entry_info_s
   int with_qualitybar; /* Set if the quality bar should be displayed.  */
   int with_repeat;  /* Request repetition of the passphrase.  */
   int repeat_okay;  /* Repetition worked. */
-  int (*check_cb)(struct pin_entry_info_s *); /* CB used to check the PIN */
+  gpg_error_t (*check_cb)(struct pin_entry_info_s *); /* CB used to check
+                                                         the PIN */
   void *check_cb_arg;  /* optional argument which might be of use in the CB */
   const char *cb_errtext; /* used by the cb to display a specific error */
   size_t max_length;   /* Allocated length of the buffer PIN. */
@@ -402,11 +403,11 @@ void initialize_module_call_pinentry (void);
 void agent_query_dump_state (void);
 void agent_reset_query (ctrl_t ctrl);
 int pinentry_active_p (ctrl_t ctrl, int waitseconds);
-int agent_askpin (ctrl_t ctrl,
-                  const char *desc_text, const char *prompt_text,
-                  const char *inital_errtext,
-                  struct pin_entry_info_s *pininfo,
-                  const char *keyinfo, cache_mode_t cache_mode);
+gpg_error_t agent_askpin (ctrl_t ctrl,
+                          const char *desc_text, const char *prompt_text,
+                          const char *inital_errtext,
+                          struct pin_entry_info_s *pininfo,
+                          const char *keyinfo, cache_mode_t cache_mode);
 int agent_get_passphrase (ctrl_t ctrl, char **retpass,
                           const char *desc, const char *prompt,
                           const char *errtext, int with_qualitybar,
diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c
index 0140387..def3320 100644
--- a/agent/call-pinentry.c
+++ b/agent/call-pinentry.c
@@ -127,8 +127,8 @@ agent_reset_query (ctrl_t ctrl)
    disconnect that pinentry - we do this after the unlock so that a
    stalled pinentry does not block other threads.  Fixme: We should
    have a timeout in Assuan for the disconnect operation. */
-static int
-unlock_pinentry (int rc)
+static gpg_error_t
+unlock_pinentry (gpg_error_t rc)
 {
   assuan_context_t ctx = entry_ctx;
   int err;
@@ -229,7 +229,7 @@ getinfo_pid_cb (void *opaque, const void *buffer, size_t length)
    that this function must always be used to aquire the lock for the
    pinentry - we will serialize _all_ pinentry calls.
  */
-static int
+static gpg_error_t
 start_pinentry (ctrl_t ctrl)
 {
   int rc = 0;
@@ -709,7 +709,7 @@ inq_quality (void *opaque, const char *line)
 
 
 /* Helper for agent_askpin and agent_get_passphrase.  */
-static int
+static gpg_error_t
 setup_qualitybar (ctrl_t ctrl)
 {
   int rc;
@@ -801,14 +801,14 @@ pinentry_status_cb (void *opaque, const char *line)
    number here and repeat it as long as we have invalid formed
    numbers.  KEYINFO and CACHE_MODE are used to tell pinentry something
    about the key. */
-int
+gpg_error_t
 agent_askpin (ctrl_t ctrl,
               const char *desc_text, const char *prompt_text,
               const char *initial_errtext,
               struct pin_entry_info_s *pininfo,
               const char *keyinfo, cache_mode_t cache_mode)
 {
-  int rc;
+  gpg_error_t rc;
   char line[ASSUAN_LINELENGTH];
   struct entry_parm_s parm;
   const char *errtext = NULL;
@@ -1006,7 +1006,8 @@ agent_askpin (ctrl_t ctrl,
           /* More checks by utilizing the optional callback. */
           pininfo->cb_errtext = NULL;
           rc = pininfo->check_cb (pininfo);
-          if (rc == -1 && pininfo->cb_errtext)
+          if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE
+              && pininfo->cb_errtext)
             errtext = pininfo->cb_errtext;
           else if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE
                    || gpg_err_code (rc) == GPG_ERR_BAD_PIN)
diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index 0aa0098..6144ae1 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -3040,14 +3040,14 @@ ssh_key_to_protected_buffer (gcry_sexp_t key, const char *passphrase,
 
 /* Callback function to compare the first entered PIN with the one
    currently being entered. */
-static int
+static gpg_error_t
 reenter_compare_cb (struct pin_entry_info_s *pi)
 {
   const char *pin1 = pi->check_cb_arg;
 
   if (!strcmp (pin1, pi->pin))
     return 0; /* okay */
-  return -1;
+  return gpg_error (GPG_ERR_BAD_PASSPHRASE);
 }
 
 
@@ -3133,7 +3133,7 @@ ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec,
   if (*pi->pin && !pi->repeat_okay)
     {
       err = agent_askpin (ctrl, description2, NULL, NULL, pi2, NULL, 0);
-      if (err == -1)
+      if (gpg_err_code (err) == GPG_ERR_BAD_PASSPHRASE)
 	{ /* The re-entered one did not match and the user did not
 	     hit cancel. */
 	  initial_errtext = L_("does not match - try again");
diff --git a/agent/cvt-openpgp.c b/agent/cvt-openpgp.c
index fb5a473..0b9ecf0 100644
--- a/agent/cvt-openpgp.c
+++ b/agent/cvt-openpgp.c
@@ -657,7 +657,7 @@ do_unprotect (const char *passphrase,
 
 /* Callback function to try the unprotection from the passphrase query
    code.  */
-static int
+static gpg_error_t
 try_do_unprotect_cb (struct pin_entry_info_s *pi)
 {
   gpg_error_t err;
diff --git a/agent/findkey.c b/agent/findkey.c
index c49c37a..af61e7e 100644
--- a/agent/findkey.c
+++ b/agent/findkey.c
@@ -111,7 +111,7 @@ agent_write_private_key (const unsigned char *grip,
 
 /* Callback function to try the unprotection from the passphrase query
    code. */
-static int
+static gpg_error_t
 try_unprotect_cb (struct pin_entry_info_s *pi)
 {
   struct try_unprotect_arg_s *arg = pi->check_cb_arg;
diff --git a/agent/genkey.c b/agent/genkey.c
index e8195c2..b780c50 100644
--- a/agent/genkey.c
+++ b/agent/genkey.c
@@ -326,14 +326,14 @@ check_passphrase_constraints (ctrl_t ctrl, const char *pw,
 
 /* Callback function to compare the first entered PIN with the one
    currently being entered. */
-static int
+static gpg_error_t
 reenter_compare_cb (struct pin_entry_info_s *pi)
 {
   const char *pin1 = pi->check_cb_arg;
 
   if (!strcmp (pin1, pi->pin))
     return 0; /* okay */
-  return -1;
+  return gpg_error (GPG_ERR_BAD_PASSPHRASE);
 }
 
 
@@ -410,7 +410,7 @@ agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt,
       if (*pi->pin && !pi->repeat_okay)
         {
           err = agent_askpin (ctrl, text2, NULL, NULL, pi2, NULL, 0);
-          if (err == -1)
+          if (gpg_err_code (err) == GPG_ERR_BAD_PASSPHRASE)
             { /* The re-entered one did not match and the user did not
                  hit cancel. */
               initial_errtext = xtrystrdup (L_("does not match - try again"));

-----------------------------------------------------------------------

Summary of changes:
 agent/agent.h         | 13 +++++++------
 agent/call-pinentry.c | 15 ++++++++-------
 agent/command-ssh.c   |  6 +++---
 agent/cvt-openpgp.c   |  2 +-
 agent/findkey.c       |  2 +-
 agent/genkey.c        |  6 +++---
 6 files changed, 23 insertions(+), 21 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Oct  9 04:47:33 2015
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Fri, 09 Oct 2015 04:47:33 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.8-86-g818fa4f
Message-ID: <E1ZkNZs-0003r5-79@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  818fa4f71e1056831b35d0f8aff715c0e1d537e6 (commit)
      from  f70f6695368444d8058305ab696e5e5a1bace18c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 818fa4f71e1056831b35d0f8aff715c0e1d537e6
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Fri Oct 9 11:46:23 2015 +0900

    agent: fix agent_askpin.
    
    * agent/call-pinentry.c (agent_askpin): Fix off-by-one error.

diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c
index def3320..5092375 100644
--- a/agent/call-pinentry.c
+++ b/agent/call-pinentry.c
@@ -830,7 +830,7 @@ agent_askpin (ctrl_t ctrl,
 
 	  *pininfo->pin = 0; /* Reset the PIN. */
 	  rc = pinentry_loopback(ctrl, "PASSPHRASE", &passphrase, &size,
-		  pininfo->max_length);
+		  pininfo->max_length - 1);
 	  if (rc)
 	    return rc;
 

-----------------------------------------------------------------------

Summary of changes:
 agent/call-pinentry.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Oct  9 04:57:01 2015
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Fri, 09 Oct 2015 04:57:01 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.8-87-g5a12c45
Message-ID: <E1ZkNj2-0004NL-C1@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  5a12c45666cd16bc750d7f0e63620c295feb77ea (commit)
      from  818fa4f71e1056831b35d0f8aff715c0e1d537e6 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 5a12c45666cd16bc750d7f0e63620c295feb77ea
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Fri Oct 9 11:55:18 2015 +0900

    agent: simplify agent_get_passphrase.
    
    * agent/call-pinentry.c (agent_get_passphrase): Simplify.

diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c
index 5092375..ada477a 100644
--- a/agent/call-pinentry.c
+++ b/agent/call-pinentry.c
@@ -1064,15 +1064,9 @@ agent_get_passphrase (ctrl_t ctrl,
         {
 	  size_t size;
 	  size_t len = ASSUAN_LINELENGTH/2;
-	  unsigned char *buffer;
 
-	  rc = pinentry_loopback(ctrl, "PASSPHRASE", &buffer, &size, len);
-	  if (!rc)
-	    {
-	      buffer[size] = 0;
-	      *retpass = buffer;
-	    }
-	  return rc;
+	  return pinentry_loopback (ctrl, "PASSPHRASE",
+				    (unsigned char **)retpass, &size, len);
         }
       return gpg_error (GPG_ERR_NO_PIN_ENTRY);
     }

-----------------------------------------------------------------------

Summary of changes:
 agent/call-pinentry.c | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Sat Oct 10 11:53:14 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Sat, 10 Oct 2015 11:53:14 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.8-91-gb0627ec
Message-ID: <E1ZkqhM-00023L-4x@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  b0627ec25903f48e4b57eb2c1348507e69a4d6f5 (commit)
       via  086b8738f71ba26d36287db81f6d78116053ba66 (commit)
       via  26fff2d6c4fa60989752df0ef67b87e615d4a8a7 (commit)
       via  2f1afc7da299ce6a779459a8d55995c830330a43 (commit)
      from  5a12c45666cd16bc750d7f0e63620c295feb77ea (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b0627ec25903f48e4b57eb2c1348507e69a4d6f5
Author: Werner Koch <wk at gnupg.org>
Date:   Sat Oct 10 11:49:32 2015 +0200

    Post release updates.
    
    --

diff --git a/NEWS b/NEWS
index b502b78..977b341 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,7 @@
+Noteworthy changes in version 2.1.10 (unreleased)
+-------------------------------------------------
+
+
 Noteworthy changes in version 2.1.9 (2015-10-09)
 ------------------------------------------------
 
diff --git a/configure.ac b/configure.ac
index 27fc9a9..289df2a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -28,7 +28,7 @@ min_automake_version="1.14"
 m4_define([mym4_package],[gnupg])
 m4_define([mym4_major], [2])
 m4_define([mym4_minor], [1])
-m4_define([mym4_micro], [9])
+m4_define([mym4_micro], [10])
 
 # To start a new development series, i.e a new major or minor number
 # you need to mark an arbitrary commit before the first beta release

-----------------------------------------------------------------------

Summary of changes:
 AUTHORS      |  4 ++--
 NEWS         | 31 +++++++++++++++++++++++++-
 configure.ac |  2 +-
 po/ca.po     | 50 ++++++++++++++++++++++++++---------------
 po/cs.po     | 64 ++++++++++++++++++++++++++++++++++++----------------
 po/da.po     | 56 +++++++++++++++++++++++++++++++---------------
 po/de.po     | 26 +++++++++++-----------
 po/el.po     | 50 ++++++++++++++++++++++++++---------------
 po/eo.po     | 50 ++++++++++++++++++++++++++---------------
 po/es.po     | 66 +++++++++++++++++++++++++++++++++---------------------
 po/et.po     | 50 ++++++++++++++++++++++++++---------------
 po/fi.po     | 50 ++++++++++++++++++++++++++---------------
 po/fr.po     | 66 ++++++++++++++++++++++++++++++++++++++----------------
 po/gl.po     | 52 +++++++++++++++++++++++++++----------------
 po/hu.po     | 50 ++++++++++++++++++++++++++---------------
 po/id.po     | 50 ++++++++++++++++++++++++++---------------
 po/it.po     | 50 ++++++++++++++++++++++++++---------------
 po/ja.po     | 73 ++++++++++++++++++++++++++++++++++++++++--------------------
 po/nb.po     | 48 +++++++++++++++++++++++++--------------
 po/pl.po     | 56 +++++++++++++++++++++++++++++++---------------
 po/pt.po     | 50 ++++++++++++++++++++++++++---------------
 po/ro.po     | 50 ++++++++++++++++++++++++++---------------
 po/ru.po     | 65 +++++++++++++++++++++++++++++++++++++----------------
 po/sk.po     | 50 ++++++++++++++++++++++++++---------------
 po/sv.po     | 56 +++++++++++++++++++++++++++++++---------------
 po/tr.po     | 56 +++++++++++++++++++++++++++++++---------------
 po/uk.po     | 65 ++++++++++++++++++++++++++++++++++++-----------------
 po/zh_CN.po  | 50 ++++++++++++++++++++++++++---------------
 po/zh_TW.po  | 63 +++++++++++++++++++++++++++++++++++----------------
 29 files changed, 963 insertions(+), 486 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Sat Oct 10 12:42:34 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Sat, 10 Oct 2015 12:42:34 +0200
Subject: [git] gnupg-doc - branch, master,
 updated. d4b11c37cc0991a6befce8659d51d7d1ff2a5ed6
Message-ID: <E1ZkrT5-0005OQ-B8@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, master has been updated
       via  d4b11c37cc0991a6befce8659d51d7d1ff2a5ed6 (commit)
      from  26faeb02c3de3b7a94f2b3af8cbfd51e1ebeb887 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit d4b11c37cc0991a6befce8659d51d7d1ff2a5ed6
Author: Werner Koch <wk at gnupg.org>
Date:   Sat Oct 10 12:15:01 2015 +0200

    swdb: Release of GnuPG 2.1.9

diff --git a/web/index.org b/web/index.org
index a86a56f..538e75e 100644
--- a/web/index.org
+++ b/web/index.org
@@ -65,6 +65,11 @@ The latest release news:\\
 # point or paste the [[news.en.rss][RSS file]] into your aggregator.
 
 
+** GnuPG 2.1.9 released (2015-10-09)
+
+A new version of the /modern/ branch of GnuPG has been released.
+Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q4/000380.html][anouncement mail]] for details.
+
 ** GnuPG 2.1.8 released (2015-09-10)
 
 A new version of the /modern/ branch of GnuPG has been released.
diff --git a/web/swdb.mac b/web/swdb.mac
index 9145fc5..3c58454 100644
--- a/web/swdb.mac
+++ b/web/swdb.mac
@@ -18,14 +18,14 @@
 #
 # GnuPG-2.1
 #
-#+macro: gnupg21_ver     2.1.8
-#+macro: gnupg21_branch  master
-#+macro: gnupg21_size    4786k
-#+macro: gnupg21_sha1    61f5bc656dd7fddd4ab67b720d47ef0651bfb727
-#
-#+macro: gnupg21_w32_ver  2.1.8_20150910
-#+macro: gnupg21_w32_size 2579k
-#+macro: gnupg21_w32_sha1 fb70068a7e77f28946c24ac29a508fb5f419ffeb
+#+macro: gnupg21_ver     2.1.9
+#+macro: gnupg21_branch  STABLE-BRANCH-2-2
+#+macro: gnupg21_size    4810k
+#+macro: gnupg21_sha1    119bab38d2ff3a849be62914be9bf7333da68883
+#
+#+macro: gnupg21_w32_ver  2.1.9_20151009
+#+macro: gnupg21_w32_size 2580k
+#+macro: gnupg21_w32_sha1 f6568d0c407090d1528cda87ca0af85eec2b7b22
 
 
 #

-----------------------------------------------------------------------

Summary of changes:
 web/index.org |  5 +++++
 web/swdb.mac  | 16 ++++++++--------
 2 files changed, 13 insertions(+), 8 deletions(-)


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Oct 12 09:35:40 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 12 Oct 2015 09:35:40 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.8-92-g4584125
Message-ID: <E1ZlXVI-0000pn-9S@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  4584125802be11833a5b289e864b45eedc2b45fd (commit)
      from  b0627ec25903f48e4b57eb2c1348507e69a4d6f5 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 4584125802be11833a5b289e864b45eedc2b45fd
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Oct 12 09:31:44 2015 +0200

    gpg: Try hard to use MDC also for sign+symenc.
    
    * g10/encrypt.c (use_mdc): Make it a global func.
    * g10/sign.c (sign_symencrypt_file): Use that function to decide
    whether to use an MDC.
    * tests/openpgp/conventional-mdc.test: Add a simple test case.
    --
    
    We used --force-mdc in sign+symenc mode (-cs) only with --force-mdc.
    That broke our assumption from commit 625e292 (GnuPG 2.1.9) that all
    uses of modern ciphers are using MDC.
    
    Reported-by: Ben Kibbey <bjk at luxsci.net>
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/encrypt.c b/g10/encrypt.c
index e2e1c05..8bdbe8c 100644
--- a/g10/encrypt.c
+++ b/g10/encrypt.c
@@ -101,8 +101,8 @@ encrypt_seskey (DEK *dek, DEK **seskey, byte *enckey)
 
 
 /* We try very hard to use a MDC */
-static int
-use_mdc(PK_LIST pk_list,int algo)
+int
+use_mdc (pk_list_t pk_list,int algo)
 {
   /* RFC-2440 don't has MDC */
   if (RFC2440)
diff --git a/g10/main.h b/g10/main.h
index 0bace61..c9521ad 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -211,6 +211,7 @@ void display_online_help( const char *keyword );
 
 /*-- encode.c --*/
 int setup_symkey (STRING2KEY **symkey_s2k,DEK **symkey_dek);
+int use_mdc (pk_list_t pk_list,int algo);
 int encrypt_symmetric (const char *filename );
 int encrypt_store (const char *filename );
 int encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
diff --git a/g10/sign.c b/g10/sign.c
index 782b9fc..fadf4cc 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -1261,12 +1261,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
         goto leave;
     }
 
-    /* We have no way to tell if the recipient can handle messages
-       with an MDC, so this defaults to no.  Perhaps in a few years,
-       this can be defaulted to yes.  Note that like regular
-       encrypting, --force-mdc overrides --disable-mdc. */
-    if(opt.force_mdc)
-      cfx.dek->use_mdc=1;
+    cfx.dek->use_mdc = use_mdc (NULL, cfx.dek->algo);
 
     /* now create the outfile */
     rc = open_outfile (-1, fname, opt.armor? 1:0, 0, &out);
@@ -1309,7 +1304,11 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
 
     /* Push the compress filter */
     if (default_compress_algo())
-      push_compress_filter(out,&zfx,default_compress_algo());
+      {
+        if (cfx.dek && cfx.dek->use_mdc)
+          zfx.new_ctb = 1;
+        push_compress_filter (out, &zfx,default_compress_algo() );
+      }
 
     /* Write the one-pass signature packets */
     /*(current filters: zip - encrypt - armor)*/
diff --git a/tests/openpgp/conventional-mdc.test b/tests/openpgp/conventional-mdc.test
index 744e11e..031fc0e 100755
--- a/tests/openpgp/conventional-mdc.test
+++ b/tests/openpgp/conventional-mdc.test
@@ -31,5 +31,14 @@ for ciph in `all_cipher_algos`; do
     cmp z y || error "$ciph/$i: mismatch"
   done
 done
-
 progress_end
+
+#info Checking sign+symencrypt
+for i in $plain_files $data_files; do
+    echo "Hier spricht HAL" | $GPG --passphrase-fd 0 $s2k -cs -o x --yes $i
+    echo "Hier spricht HAL" | $GPG --passphrase-fd 0 $s2k     -o y --yes x
+    cmp $i y || error "$i: mismatch in sign+symenc"
+done
+
+
+# eof

-----------------------------------------------------------------------

Summary of changes:
 g10/encrypt.c                       |  4 ++--
 g10/main.h                          |  1 +
 g10/sign.c                          | 13 ++++++-------
 tests/openpgp/conventional-mdc.test | 11 ++++++++++-
 4 files changed, 19 insertions(+), 10 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Oct 13 04:37:18 2015
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Tue, 13 Oct 2015 04:37:18 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.8-93-g0b4ebc3
Message-ID: <E1ZlpK3-00058A-Uz@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  0b4ebc398cc8aad3f25f84034cd6b129e55f1368 (commit)
      from  4584125802be11833a5b289e864b45eedc2b45fd (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 0b4ebc398cc8aad3f25f84034cd6b129e55f1368
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Tue Oct 13 11:37:09 2015 +0900

    po: Update Japanese translation.

diff --git a/po/ja.po b/po/ja.po
index a318b3c..31ab206 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -8,9 +8,9 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: gnupg 2.1.8\n"
+"Project-Id-Version: gnupg 2.1.9\n"
 "Report-Msgid-Bugs-To: translations at gnupg.org\n"
-"PO-Revision-Date: 2015-09-15 15:12+0900\n"
+"PO-Revision-Date: 2015-10-13 11:32+0900\n"
 "Last-Translator: NIIBE Yutaka <gniibe at fsij.org>\n"
 "Language-Team: none\n"
 "Language: ja\n"
@@ -3040,7 +3040,7 @@ msgstr "???ID??????????????????\n"
 
 #, c-format
 msgid "(Use the '%s' command.)\n"
-msgstr ""
+msgstr "('%s'??????????????)\n"
 
 msgid "You can't delete the last user ID!\n"
 msgstr "??????ID????????!\n"
@@ -6761,10 +6761,8 @@ msgstr "'%s'??????????: %s\n"
 msgid "error retrieving '%s': http status %u\n"
 msgstr "'%s'??????: http????? %u\n"
 
-#, fuzzy
-#| msgid "CRL access not possible due to disabled %s\n"
 msgid "CRL access not possible due to TOR mode\n"
-msgstr "CRL??????????%s????????\n"
+msgstr "CRL?????TOR???????????\n"
 
 #, c-format
 msgid "certificate search not possible due to disabled %s\n"
@@ -6974,7 +6972,7 @@ msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
 msgstr "|FILE|FILE???CA????TLS??HKP???"
 
 msgid "route all network traffic via TOR"
-msgstr ""
+msgstr "?????????????????TOR?????"
 
 msgid ""
 "@\n"
@@ -7266,10 +7264,8 @@ msgstr "????????????: %s\n"
 msgid "response from server too large; limit is %d bytes\n"
 msgstr "??????????????? (??%d???)?\n"
 
-#, fuzzy
-#| msgid "OCSP request not possible due to disabled HTTP\n"
 msgid "OCSP request not possible due to TOR mode\n"
-msgstr "HTTP??????????OCSP???????????\n"
+msgstr "TOR??????OCSP???????????\n"
 
 msgid "OCSP request not possible due to disabled HTTP\n"
 msgstr "HTTP??????????OCSP???????????\n"
@@ -7617,10 +7613,8 @@ msgstr "??????????????????"
 msgid "Options controlling the interactivity and enforcement"
 msgstr "???????????????????????"
 
-#, fuzzy
-#| msgid "Options controlling the security"
 msgid "Options controlling the use of TOR"
-msgstr "????????????????"
+msgstr "TOR?????????????"
 
 msgid "Configuration for HTTP servers"
 msgstr "HTTP??????????????"
@@ -7650,7 +7644,7 @@ msgid "GPG for S/MIME"
 msgstr "S/MIME ????GPG"
 
 msgid "Key Acquirer"
-msgstr ""
+msgstr "?????????"
 
 msgid "PIN and Passphrase Entry"
 msgstr "PIN??????????"

-----------------------------------------------------------------------

Summary of changes:
 po/ja.po | 22 ++++++++--------------
 1 file changed, 8 insertions(+), 14 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Oct 13 05:34:50 2015
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Tue, 13 Oct 2015 05:34:50 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-263-g73374fd
Message-ID: <E1ZlqDi-0006z3-Lm@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  73374fdd27c7ba28b19f9672c68a6f5b72252fe5 (commit)
      from  3a3d5410cc83f7069c7cb1ab384905f382292d32 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 73374fdd27c7ba28b19f9672c68a6f5b72252fe5
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Tue Oct 13 12:28:00 2015 +0900

    Fix declaration of return type.
    
    * src/gcrypt-int.h (_gcry_sexp_extract_param): Return gpg_error_t.
    * cipher/dsa.c (dsa_generate): Fix call to _gcry_sexp_extract_param.
    * src/g10lib.h (_gcry_vcontrol): Return gcry_err_code_t.
    * src/visibility.c (gcry_mpi_snatch): Fix call to _gcry_mpi_snatch.
    
    --
    
    GnuPG-bug-id: 2074

diff --git a/cipher/dsa.c b/cipher/dsa.c
index 09cd969..723f690 100644
--- a/cipher/dsa.c
+++ b/cipher/dsa.c
@@ -968,12 +968,14 @@ dsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
 static gcry_err_code_t
 dsa_check_secret_key (gcry_sexp_t keyparms)
 {
+  gcry_error_t err;
   gcry_err_code_t rc;
   DSA_secret_key sk = {NULL, NULL, NULL, NULL, NULL};
 
-  rc = _gcry_sexp_extract_param (keyparms, NULL, "pqgyx",
-                                 &sk.p, &sk.q, &sk.g, &sk.y, &sk.x,
-                                 NULL);
+  err = _gcry_sexp_extract_param (keyparms, NULL, "pqgyx",
+                                  &sk.p, &sk.q, &sk.g, &sk.y, &sk.x,
+                                  NULL);
+  rc = gpg_err_code (err);
   if (rc)
     goto leave;
 
diff --git a/src/g10lib.h b/src/g10lib.h
index 50a08ec..d1f9426 100644
--- a/src/g10lib.h
+++ b/src/g10lib.h
@@ -92,7 +92,7 @@
 
 /*-- src/global.c -*/
 int _gcry_global_is_operational (void);
-gcry_error_t _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr);
+gcry_err_code_t _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr);
 void  _gcry_check_heap (const void *a);
 int _gcry_get_debug_flag (unsigned int mask);
 
diff --git a/src/gcrypt-int.h b/src/gcrypt-int.h
index 29d4fd3..ea3c8d5 100644
--- a/src/gcrypt-int.h
+++ b/src/gcrypt-int.h
@@ -329,10 +329,10 @@ void *_gcry_sexp_nth_buffer (const gcry_sexp_t list, int number,
                              size_t *rlength);
 char *_gcry_sexp_nth_string (gcry_sexp_t list, int number);
 gcry_mpi_t _gcry_sexp_nth_mpi (gcry_sexp_t list, int number, int mpifmt);
-gpg_err_code_t _gcry_sexp_extract_param (gcry_sexp_t sexp,
-                                         const char *path,
-                                         const char *list,
-                                         ...) _GCRY_GCC_ATTR_SENTINEL(0);
+gpg_error_t _gcry_sexp_extract_param (gcry_sexp_t sexp,
+                                      const char *path,
+                                      const char *list,
+                                      ...) _GCRY_GCC_ATTR_SENTINEL(0);
 
 #define sexp_new(a, b, c, d)         _gcry_sexp_new ((a), (b), (c), (d))
 #define sexp_create(a, b, c, d, e)   _gcry_sexp_create ((a), (b), (c), (d), (e))
diff --git a/src/visibility.c b/src/visibility.c
index fa23e53..3e1f28b 100644
--- a/src/visibility.c
+++ b/src/visibility.c
@@ -292,7 +292,7 @@ gcry_mpi_copy (const gcry_mpi_t a)
 void
 gcry_mpi_snatch (gcry_mpi_t w, const gcry_mpi_t u)
 {
-  return _gcry_mpi_snatch (w, u);
+  _gcry_mpi_snatch (w, u);
 }
 
 gcry_mpi_t

-----------------------------------------------------------------------

Summary of changes:
 cipher/dsa.c     | 8 +++++---
 src/g10lib.h     | 2 +-
 src/gcrypt-int.h | 8 ++++----
 src/visibility.c | 2 +-
 4 files changed, 11 insertions(+), 9 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Oct 13 06:11:58 2015
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Tue, 13 Oct 2015 06:11:58 +0200
Subject: [git] GCRYPT - branch, LIBGCRYPT-1-6-BRANCH,
 updated. libgcrypt-1.6.4-2-g24f6c65
Message-ID: <E1Zlqne-0000AX-Tv@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, LIBGCRYPT-1-6-BRANCH has been updated
       via  24f6c65e36edec13aa781862ff1ff45ca3e99b99 (commit)
      from  936098e99bd29cb3627c6aa296e3895feb53fa27 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 24f6c65e36edec13aa781862ff1ff45ca3e99b99
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Tue Oct 13 12:28:00 2015 +0900

    Fix declaration of return type.
    
    * src/gcrypt-int.h (_gcry_sexp_extract_param): Return gpg_error_t.
    (_gcry_mpi_ec_new, _gcry_mpi_ec_set_mpi, _gcry_mpi_ec_set_point):
    Remove.
    * cipher/dsa.c (dsa_generate): Fix call to _gcry_sexp_extract_param.
    * src/g10lib.h (_gcry_vcontrol): Return gcry_err_code_t.
    * src/visibility.c (gcry_mpi_snatch): Fix call to _gcry_mpi_snatch.
    
    --
    
    GnuPG-bug-id: 2074
    
    (backported from master
     commit 73374fdd27c7ba28b19f9672c68a6f5b72252fe5)

diff --git a/cipher/dsa.c b/cipher/dsa.c
index 09cd969..723f690 100644
--- a/cipher/dsa.c
+++ b/cipher/dsa.c
@@ -968,12 +968,14 @@ dsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
 static gcry_err_code_t
 dsa_check_secret_key (gcry_sexp_t keyparms)
 {
+  gcry_error_t err;
   gcry_err_code_t rc;
   DSA_secret_key sk = {NULL, NULL, NULL, NULL, NULL};
 
-  rc = _gcry_sexp_extract_param (keyparms, NULL, "pqgyx",
-                                 &sk.p, &sk.q, &sk.g, &sk.y, &sk.x,
-                                 NULL);
+  err = _gcry_sexp_extract_param (keyparms, NULL, "pqgyx",
+                                  &sk.p, &sk.q, &sk.g, &sk.y, &sk.x,
+                                  NULL);
+  rc = gpg_err_code (err);
   if (rc)
     goto leave;
 
diff --git a/src/g10lib.h b/src/g10lib.h
index 238871d..3bd48fa 100644
--- a/src/g10lib.h
+++ b/src/g10lib.h
@@ -92,7 +92,7 @@
 
 /*-- src/global.c -*/
 int _gcry_global_is_operational (void);
-gcry_error_t _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr);
+gcry_err_code_t _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr);
 void  _gcry_check_heap (const void *a);
 int _gcry_get_debug_flag (unsigned int mask);
 
diff --git a/src/gcrypt-int.h b/src/gcrypt-int.h
index 65dcb4d..b6e5826 100644
--- a/src/gcrypt-int.h
+++ b/src/gcrypt-int.h
@@ -328,10 +328,10 @@ void *_gcry_sexp_nth_buffer (const gcry_sexp_t list, int number,
                              size_t *rlength);
 char *_gcry_sexp_nth_string (gcry_sexp_t list, int number);
 gcry_mpi_t _gcry_sexp_nth_mpi (gcry_sexp_t list, int number, int mpifmt);
-gpg_err_code_t _gcry_sexp_extract_param (gcry_sexp_t sexp,
-                                         const char *path,
-                                         const char *list,
-                                         ...) _GCRY_GCC_ATTR_SENTINEL(0);
+gpg_error_t _gcry_sexp_extract_param (gcry_sexp_t sexp,
+                                      const char *path,
+                                      const char *list,
+                                      ...) _GCRY_GCC_ATTR_SENTINEL(0);
 
 #define sexp_new(a, b, c, d)         _gcry_sexp_new ((a), (b), (c), (d))
 #define sexp_create(a, b, c, d, e)   _gcry_sexp_create ((a), (b), (c), (d), (e))
@@ -415,15 +415,9 @@ gcry_mpi_point_t _gcry_mpi_point_set (gcry_mpi_point_t point,
 gcry_mpi_point_t _gcry_mpi_point_snatch_set (gcry_mpi_point_t point,
                                             gcry_mpi_t x, gcry_mpi_t y,
                                             gcry_mpi_t z);
-gpg_error_t _gcry_mpi_ec_new (gcry_ctx_t *r_ctx,
-                             gcry_sexp_t keyparam, const char *curvename);
 gcry_mpi_t _gcry_mpi_ec_get_mpi (const char *name, gcry_ctx_t ctx, int copy);
 gcry_mpi_point_t _gcry_mpi_ec_get_point (const char *name,
                                         gcry_ctx_t ctx, int copy);
-gpg_error_t _gcry_mpi_ec_set_mpi (const char *name, gcry_mpi_t newvalue,
-                                 gcry_ctx_t ctx);
-gpg_error_t _gcry_mpi_ec_set_point (const char *name, gcry_mpi_point_t newvalue,
-                                   gcry_ctx_t ctx);
 int _gcry_mpi_ec_get_affine (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_point_t point,
                              mpi_ec_t ctx);
 void _gcry_mpi_ec_dup (gcry_mpi_point_t w, gcry_mpi_point_t u, gcry_ctx_t ctx);
diff --git a/src/visibility.c b/src/visibility.c
index 2989498..b71c839 100644
--- a/src/visibility.c
+++ b/src/visibility.c
@@ -292,7 +292,7 @@ gcry_mpi_copy (const gcry_mpi_t a)
 void
 gcry_mpi_snatch (gcry_mpi_t w, const gcry_mpi_t u)
 {
-  return _gcry_mpi_snatch (w, u);
+  _gcry_mpi_snatch (w, u);
 }
 
 gcry_mpi_t

-----------------------------------------------------------------------

Summary of changes:
 cipher/dsa.c     |  8 +++++---
 src/g10lib.h     |  2 +-
 src/gcrypt-int.h | 14 ++++----------
 src/visibility.c |  2 +-
 4 files changed, 11 insertions(+), 15 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Oct 13 07:02:23 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 13 Oct 2015 07:02:23 +0200
Subject: [git] gnupg-doc - branch, master,
 updated. dff46b6668fe0f673f3880c854657d06fe8c953b
Message-ID: <E1ZlraS-0002Us-1O@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, master has been updated
       via  dff46b6668fe0f673f3880c854657d06fe8c953b (commit)
       via  4ee0800866b01dfcc2de68701a5d10e91f0573ab (commit)
      from  d4b11c37cc0991a6befce8659d51d7d1ff2a5ed6 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit dff46b6668fe0f673f3880c854657d06fe8c953b
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Oct 13 06:58:43 2015 +0200

    Add a ping command to the donate script.

diff --git a/cgi/procdonate.cgi b/cgi/procdonate.cgi
index bb95ca0..71e4006 100755
--- a/cgi/procdonate.cgi
+++ b/cgi/procdonate.cgi
@@ -681,6 +681,18 @@ sub complete_sepa ()
 }
 
 
+# Send a PING command to see whether payprocd is alive.
+sub ping_pong ()
+{
+    my %data = ();
+
+    if (payproc ('PING', \%data )) {
+       print $q->header(-type=>'text/HTML', -charset=>'utf-8');
+       print "\n";
+       print "<p>OK</p>\n";
+    }
+}
+
 
 #
 # Main
@@ -698,6 +710,10 @@ elsif ($mode eq '') {
     # No mode: Show empty template.
     write_main_page();
 }
+elsif ($mode eq 'ping') {
+    # Check aliveness
+    ping_pong();
+}
 elsif ($mode eq 'main') {
     # Returning from the donation start page
     check_donation();
@@ -722,6 +738,10 @@ elsif ($mode eq 'checkout-paypal') {
     # The approved Paypal payment has been approved - charge.
     complete_paypal_checkout();
 }
+elsif ($mode eq 'pong') {
+    # Helper to test a script checking PING.
+    fail "Error connecting to payprocd: Forced to fail";
+}
 else {
     fail('Internal error: Unknown mode');
 }

commit 4ee0800866b01dfcc2de68701a5d10e91f0573ab
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Oct 13 06:56:23 2015 +0200

    web: Remove dead link to Korean documentation.
    
    --
    GnuPG-bug-id: 2124

diff --git a/web/documentation/guides.org b/web/documentation/guides.org
index e25aff7..a442f3f 100644
--- a/web/documentation/guides.org
+++ b/web/documentation/guides.org
@@ -81,8 +81,7 @@
 
    The [[https://emailselfdefense.fsf.org/][Email Self-Defense]] site is an introduction with infographic.
 
-   At [[http://kldp.org/~yong/misc/gnupg/][kldp.org]] you can find some Korean language information on GnuPG.
-   [[http://gnupg.hclippr.com/][Japanese language documentation]] is also available.
+   Documentation in the [[http://gnupg.hclippr.com/][Japanese]] language.
 
    Julien Francoz, alias CoCoZ, wrote a guide for French users
    entitled [[http://francoz.net/doc/gpg/gpg.html][Utilisation de GnuPG]] , which covers the basic usage of

-----------------------------------------------------------------------

Summary of changes:
 cgi/procdonate.cgi           | 20 ++++++++++++++++++++
 web/documentation/guides.org |  3 +--
 2 files changed, 21 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Oct 13 07:48:04 2015
From: cvs at cvs.gnupg.org (by Jussi Kivilinna)
Date: Tue, 13 Oct 2015 07:48:04 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-264-gfa94b61
Message-ID: <E1ZlsIe-0004AG-VV@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  fa94b6111948a614ebdcb67f7942eced8b84c579 (commit)
      from  73374fdd27c7ba28b19f9672c68a6f5b72252fe5 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit fa94b6111948a614ebdcb67f7942eced8b84c579
Author: Jussi Kivilinna <jussi.kivilinna at iki.fi>
Date:   Tue Oct 13 08:33:00 2015 +0300

    Fix compiling AES/AES-NI implementation on linux-i386
    
    * cipher/rijndael-aesni.c (do_aesni_ctr_4): Split assembly block in
    two parts to reduce number of register constraints needed.
    --
    
    Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>

diff --git a/cipher/rijndael-aesni.c b/cipher/rijndael-aesni.c
index 5c85903..97e0ad0 100644
--- a/cipher/rijndael-aesni.c
+++ b/cipher/rijndael-aesni.c
@@ -961,8 +961,17 @@ do_aesni_ctr_4 (const RIJNDAEL_context *ctx,
                 aesenclast_xmm1_xmm2
                 aesenclast_xmm1_xmm3
                 aesenclast_xmm1_xmm4
+                :
+                : [ctr] "r" (ctr),
+                  [key] "r" (ctx->keyschenc),
+                  [rounds] "g" (ctx->rounds),
+                  [addb_1] "m" (bige_addb_const[0][0]),
+                  [addb_2] "m" (bige_addb_const[1][0]),
+                  [addb_3] "m" (bige_addb_const[2][0]),
+                  [addb_4] "m" (bige_addb_const[3][0])
+                : "%esi", "cc", "memory");
 
-                "movdqu (%[src]), %%xmm1\n\t"    /* Get block 1.      */
+  asm volatile ("movdqu (%[src]), %%xmm1\n\t"    /* Get block 1.      */
                 "pxor %%xmm1, %%xmm0\n\t"        /* EncCTR-1 ^= input */
                 "movdqu %%xmm0, (%[dst])\n\t"    /* Store block 1     */
 
@@ -977,18 +986,10 @@ do_aesni_ctr_4 (const RIJNDAEL_context *ctx,
                 "movdqu 48(%[src]), %%xmm1\n\t"  /* Get block 4.      */
                 "pxor %%xmm1, %%xmm4\n\t"        /* EncCTR-4 ^= input */
                 "movdqu %%xmm4, 48(%[dst])"      /* Store block 4.   */
-
                 :
-                : [ctr] "r" (ctr),
-                  [src] "r" (a),
-                  [dst] "r" (b),
-                  [key] "r" (ctx->keyschenc),
-                  [rounds] "g" (ctx->rounds),
-                  [addb_1] "m" (bige_addb_const[0][0]),
-                  [addb_2] "m" (bige_addb_const[1][0]),
-                  [addb_3] "m" (bige_addb_const[2][0]),
-                  [addb_4] "m" (bige_addb_const[3][0])
-                : "%esi", "cc", "memory");
+                : [src] "r" (a),
+                  [dst] "r" (b)
+                : "memory");
 #undef aesenc_xmm1_xmm0
 #undef aesenc_xmm1_xmm2
 #undef aesenc_xmm1_xmm3

-----------------------------------------------------------------------

Summary of changes:
 cipher/rijndael-aesni.c | 25 +++++++++++++------------
 1 file changed, 13 insertions(+), 12 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Oct 13 15:51:08 2015
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Tue, 13 Oct 2015 15:51:08 +0200
Subject: [git] GpgOL - branch, mime-addin, updated. gpgol-1.2.0-48-g383cb09
Message-ID: <E1Zlzq8-0000ma-MX@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".

The branch, mime-addin has been updated
       via  383cb09127d268a9e49e80c013e7db29cea8ff65 (commit)
       via  364f116578c37ad97ba6ff27c5e6e688fc20e21d (commit)
       via  b4529483bfe8aa7d633bc9e1f69342ef5eae489c (commit)
       via  aeec015b64fa3440fae8c70d84fd3a9666ccc1be (commit)
       via  7df5ec613b717aaefa3249342bc6f92f6d7f19e7 (commit)
       via  c25fec2b0e18fcf954d048e2ddb71b4186f4db49 (commit)
       via  869bedfffb4aa4be8ea042e1b84e1841de24f483 (commit)
       via  a8d772736473ce8153827c335c35aff589e63d06 (commit)
      from  8afa4a3780c8e6da5ea9549b48b7369a41851164 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 383cb09127d268a9e49e80c013e7db29cea8ff65
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Tue Oct 13 15:49:08 2015 +0200

    Fix various warnings
    
    * src/mapihelp.cpp (get_msgcls_from_pgp_lines): Add braces.
    * src/message.cpp (message_decrypt): Add braces.
    * src/oomhelp.cpp (dump_excepinfo): Remove additional format params.

diff --git a/src/mapihelp.cpp b/src/mapihelp.cpp
index 8460bcc..361f24a 100644
--- a/src/mapihelp.cpp
+++ b/src/mapihelp.cpp
@@ -620,7 +620,7 @@ get_msgcls_from_pgp_lines (LPMESSAGE message)
 
   /* The first ~1k of the body of the message is now available in the
      utf-8 string BODY.  Walk over it to figure out its type.  */
-  for (p=body; p && *p; p = (p=strchr (p+1, '\n')? (p+1):NULL))
+  for (p=body; p && *p; p = ((p=strchr (p+1, '\n')) ? (p+1) : NULL))
     {
       if (!strncmp (p, "-----BEGIN PGP ", 15))
         {
diff --git a/src/message.cpp b/src/message.cpp
index db3e1ff..c36e7fc 100644
--- a/src/message.cpp
+++ b/src/message.cpp
@@ -1012,7 +1012,7 @@ message_decrypt (LPMESSAGE message, msgtype_t msgtype, int force, HWND hwnd)
             }
 
 
-          if (part1_idx == -1 || part2_idx == -1 
+          if ((part1_idx == -1 || part2_idx == -1)
               && !table[0].end_of_table && table[1].end_of_table
               && table[0].attach_type == ATTACHTYPE_MOSS
               && table[0].filename 
diff --git a/src/oomhelp.cpp b/src/oomhelp.cpp
index ad50ec9..dd12002 100644
--- a/src/oomhelp.cpp
+++ b/src/oomhelp.cpp
@@ -123,8 +123,7 @@ dump_excepinfo (EXCEPINFO err)
              err.bstrSource, err.bstrDescription, err.bstrHelpFile,
              (unsigned int) err.dwHelpContext,
              (unsigned int) err.pfnDeferredFillIn,
-             (unsigned int) err.scode,
-             SRCNAME, __func__);
+             (unsigned int) err.scode);
 }
 
 /* Return the OOM object's IDispatch interface described by FULLNAME.

commit 364f116578c37ad97ba6ff27c5e6e688fc20e21d
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Tue Oct 13 15:46:51 2015 +0200

    Release application event sink instead of deleting
    
    * src/gpgoladdin.cpp (GpgolAddin::~GpgolAddin): Release instead
      of delete.
    
    --
    delete for IDispatch results in undefined behavior.

diff --git a/src/gpgoladdin.cpp b/src/gpgoladdin.cpp
index 0a0e89d..e154285 100644
--- a/src/gpgoladdin.cpp
+++ b/src/gpgoladdin.cpp
@@ -167,7 +167,7 @@ GpgolAddin::~GpgolAddin (void)
              SRCNAME, __func__);
 
   delete m_ribbonExtender;
-  delete m_applicationEventSink;
+  m_applicationEventSink->Release ();
 
   if (!m_disabled)
     {

commit b4529483bfe8aa7d633bc9e1f69342ef5eae489c
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Tue Oct 13 15:42:57 2015 +0200

    Fix unused variable warnings
    
    * src/eventsink.h (USE_INVOKE_ARGS): Also add dispid.
    * src/gpgoladdin.cpp (GpgolAddinFactory::CreateInstance): Unused punk.
     (GpgolAddin::Invoke, GpgolRibbonExtender::Invoke): Use invoke args.
    * src/mailitem.cpp (GpgolItemEvents::Write): Remove want_html var.
    * src/ribbon-callbacks.cpp (message_flag_status): Remove window param.
      (mark_mime_action): Update call accordingly.

diff --git a/src/eventsink.h b/src/eventsink.h
index 4886d65..83e6772 100644
--- a/src/eventsink.h
+++ b/src/eventsink.h
@@ -85,8 +85,8 @@ STDMETHODIMP subcls::Invoke (DISPID dispid, REFIID riid, LCID lcid,      \
 /* End of macro EVENT_SINK_INVOKE.  */
 
 #define USE_INVOKE_ARGS                                                  \
-  (void)riid; (void)lcid; (void) flags; (void)parms; (void)result;       \
-  (void)exepinfo; (void)argerr;
+  (void)riid; (void)lcid; (void)flags; (void)parms; (void)result;       \
+  (void)exepinfo; (void)argerr; (void)dispid;
 /* End of macro USE_INVOKE_ARGS. */
 
 #define EVENT_SINK_DEFAULT_DTOR_CODE(subcls)                             \
diff --git a/src/gpgoladdin.cpp b/src/gpgoladdin.cpp
index c7da01d..0a0e89d 100644
--- a/src/gpgoladdin.cpp
+++ b/src/gpgoladdin.cpp
@@ -46,6 +46,7 @@
 #include "gpgol-ids.h"
 #include "ribbon-callbacks.h"
 #include "eventsinks.h"
+#include "eventsink.h"
 #include "windowmessages.h"
 
 #define TRACEPOINT() do { log_debug ("%s:%s:%d: tracepoint\n", \
@@ -120,6 +121,7 @@ STDMETHODIMP GpgolAddinFactory::QueryInterface (REFIID riid, LPVOID* ppvObj)
 STDMETHODIMP GpgolAddinFactory::CreateInstance (LPUNKNOWN punk, REFIID riid,
                                                 LPVOID* ppvObj)
 {
+  (void)punk;
   *ppvObj = NULL;
 
   GpgolAddin* obj = new GpgolAddin();
@@ -341,6 +343,7 @@ GpgolAddin::Invoke (DISPID dispid, REFIID riid, LCID lcid,
                     WORD flags, DISPPARAMS *parms, VARIANT *result,
                     EXCEPINFO *exepinfo, UINT *argerr)
 {
+  USE_INVOKE_ARGS
   TRACEPOINT(); /* Should not happen */
   return DISP_E_MEMBERNOTFOUND;
 }
@@ -483,6 +486,7 @@ GpgolRibbonExtender::Invoke (DISPID dispid, REFIID riid, LCID lcid,
                              WORD flags, DISPPARAMS *parms, VARIANT *result,
                              EXCEPINFO *exepinfo, UINT *argerr)
 {
+  USE_INVOKE_ARGS
   log_debug ("%s:%s: enter with dispid: %x",
              SRCNAME, __func__, (int)dispid);
 
diff --git a/src/mailitem.cpp b/src/mailitem.cpp
index 9cdc2a5..b1ad383 100644
--- a/src/mailitem.cpp
+++ b/src/mailitem.cpp
@@ -118,7 +118,7 @@ GpgolItemEvents::Read (void)
 STDMETHODIMP
 GpgolItemEvents::Write (PBOOL cancel_default)
 {
-  bool sign, encrypt, need_crypto, want_html;
+  bool sign, encrypt, need_crypto;
   HWND hwnd = NULL;  /* Fixme.  */
  
   log_debug ("%s:%s: Called (this=%p) (send_seen=%d)",
@@ -153,11 +153,7 @@ GpgolItemEvents::Write (PBOOL cancel_default)
 
       bodyfmt = get_oom_int (m_object, "BodyFormat");
 
-      if (bodyfmt == 1)
-        want_html = 0;
-      else if (bodyfmt == 2)
-        want_html = 1;
-      else
+      if (bodyfmt != 1 && bodyfmt != 2)
         {
           log_debug ("%s:%s: BodyFormat is %d", SRCNAME, __func__, bodyfmt);
           MessageBox (hwnd,
diff --git a/src/ribbon-callbacks.cpp b/src/ribbon-callbacks.cpp
index 882240e..5802153 100644
--- a/src/ribbon-callbacks.cpp
+++ b/src/ribbon-callbacks.cpp
@@ -1234,7 +1234,7 @@ HRESULT verifyBody (LPDISPATCH ctrl)
 }
 
 static void
-message_flag_status (HWND window, int flags)
+message_flag_status (int flags)
 {
   const char * message;
   if (flags & OP_ENCRYPT && flags & OP_SIGN)
@@ -1264,7 +1264,6 @@ mark_mime_action (LPDISPATCH ctrl, int flags)
 {
   HRESULT hr;
   HRESULT rc = E_FAIL;
-  HWND cur_window;
   LPDISPATCH context = NULL,
              mailitem = NULL;
   LPMESSAGE message = NULL;
@@ -1275,7 +1274,6 @@ mark_mime_action (LPDISPATCH ctrl, int flags)
   hr = getContext (ctrl, &context);
   if (FAILED(hr))
       return hr;
-  cur_window = get_oom_context_window (context);
 
   mailitem = get_oom_object (context, "CurrentItem");
 
@@ -1305,7 +1303,7 @@ mark_mime_action (LPDISPATCH ctrl, int flags)
                  SRCNAME, __func__);
     }
 
-  message_flag_status (cur_window, newflags);
+  message_flag_status (newflags);
 
   rc = S_OK;
 

commit aeec015b64fa3440fae8c70d84fd3a9666ccc1be
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Tue Oct 13 15:38:52 2015 +0200

    Don't check for stpcpy.
    
    * configure.ac: Don't check for stpcpy.
    * src/rfc822parse.c (my_stpcpy): Define our own stpcpy
      unconditionally.
    
    --
    Windows does not have stpcpy and It's not part of mingw. The
    function check failed accordingly but GCC still warned about
    shadowing a builtin function.
    
    Just avoid this trouble and always define our own function.

diff --git a/configure.ac b/configure.ac
index b8b16b6..d11744d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -183,8 +183,6 @@ USE_NLS=yes
 AC_HEADER_STDC
 AC_CHECK_HEADERS(string.h unistd.h langinfo.h termio.h locale.h)
 
-AC_CHECK_FUNCS(stpcpy)
-
 # Checks for typedefs, structures, and compiler characteristics.
 AC_C_CONST
 AC_C_INLINE
diff --git a/src/rfc822parse.c b/src/rfc822parse.c
index 760e8f7..d1e3bf2 100644
--- a/src/rfc822parse.c
+++ b/src/rfc822parse.c
@@ -154,9 +154,8 @@ capitalize_header_name (unsigned char *name)
 }
 
 
-#ifndef HAVE_STPCPY
 static char *
-stpcpy (char *a,const char *b)
+my_stpcpy (char *a,const char *b)
 {
   while (*b)
     *a++ = *b++;
@@ -164,7 +163,6 @@ stpcpy (char *a,const char *b)
 
   return (char*)a;
 }
-#endif
 
 /* If a callback has been registerd, call it for the event of type
    EVENT. */
@@ -548,11 +546,11 @@ rfc822parse_get_field (rfc822parse_t msg, const char *name, int which,
   buf = p = malloc (n);
   if (buf)
     {
-      p = stpcpy (p, h->line);
+      p = my_stpcpy (p, h->line);
       *p++ = '\n';
       for (h2 = h->next; h2 && h2->cont; h2 = h2->next)
         {
-          p = stpcpy (p, h2->line);
+          p = my_stpcpy (p, h2->line);
           *p++ = '\n';
         }
       p[-1] = 0;

commit 7df5ec613b717aaefa3249342bc6f92f6d7f19e7
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Tue Oct 13 15:27:42 2015 +0200

    Fix write-string warnings.
    
    * src/gpgolstr.cpp, src/gpgolstr.h: New. Small string wrapper.
    * src/Makefile.am: Add to sources.
    * src/display.cpp (open_inspector),
     src/mapihelp.cpp (create_gpgol_tag, get_internetcharsetbody_tag),
     src/ribbon-callbacks.cpp (do_composer_action, do_reader_action),
     src/message.cpp (pgp_body_to_attachment): Use it.
    
    --
    If MS wants mutable strings, MS get's mutable strings.

diff --git a/src/Makefile.am b/src/Makefile.am
index 93312cd..ef859bf 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -91,7 +91,8 @@ gpgol_SOURCES = \
 	eventsinks.h application-events.cpp \
 	mailitem-events.cpp \
 	attachment.h attachment.cpp \
-	windowmessages.h windowmessages.cpp
+	windowmessages.h windowmessages.cpp \
+	gpgolstr.h gpgolstr.cpp
 
 
 #treeview_SOURCES = treeview.c
diff --git a/src/display.cpp b/src/display.cpp
index c81d78c..bd10921 100644
--- a/src/display.cpp
+++ b/src/display.cpp
@@ -31,6 +31,7 @@
 #include "mapihelp.h"
 #include "olflange-def.h"
 #include "display.h"
+#include "gpgolstr.h"
 
 
 /* Check wether the string BODY is HTML formatted. */
@@ -456,12 +457,12 @@ open_inspector (LPEXCHEXTCALLBACK peecb, LPMESSAGE message)
   message2->Release(); message2 = NULL;
 
   hr = session->ShowForm (0,
-                          mdb, mfolder, 
+                          mdb, mfolder,
                           NULL,  token,
-                          NULL,  
+                          NULL,
                           0,
                           0,  0,
-                          0,  "IPM.Note");
+                          0, GpgOLStr("IPM.Note"));
   log_debug ("%s:%s: ShowForm result: hr=%#lx\n", 
              SRCNAME, __func__, hr);
   
diff --git a/src/gpgolstr.cpp b/src/gpgolstr.cpp
new file mode 100644
index 0000000..d24dd35
--- /dev/null
+++ b/src/gpgolstr.cpp
@@ -0,0 +1,60 @@
+/* gpgolstr.cpp - String helper class for Outlook API.
+ *    Copyright (C) 2015 Intevation GmbH
+ *
+ * This file is part of GpgOL.
+ *
+ * GpgOL is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * GpgOL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#include "gpgolstr.h"
+#include "util.h"
+
+GpgOLStr::GpgOLStr(const char *str) :
+  m_utf8str(NULL), m_widestr(NULL)
+{
+  if (!str)
+    return;
+  m_utf8str = strdup (str);
+}
+
+GpgOLStr::GpgOLStr(const wchar_t *str) :
+  m_utf8str(NULL), m_widestr(NULL)
+{
+  if (!str)
+    return;
+  m_widestr = wcsdup (str);
+}
+
+GpgOLStr::~GpgOLStr()
+{
+  xfree (m_utf8str);
+  xfree (m_widestr);
+}
+
+GpgOLStr::operator char*()
+{
+  if (!m_utf8str && m_widestr)
+    {
+      m_utf8str = wchar_to_utf8_2 (m_widestr, wcslen (m_widestr));
+    }
+  return m_utf8str;
+}
+
+GpgOLStr::operator wchar_t*()
+{
+  if (!m_widestr && m_utf8str)
+    {
+      m_widestr = utf8_to_wchar2 (m_utf8str, strlen (m_utf8str));
+    }
+  return m_widestr;
+}
diff --git a/src/gpgolstr.h b/src/gpgolstr.h
new file mode 100644
index 0000000..5bd6d26
--- /dev/null
+++ b/src/gpgolstr.h
@@ -0,0 +1,44 @@
+/* gpgolstr.h - String helper class for Outlook API.
+ *    Copyright (C) 2015 Intevation GmbH
+ *
+ * This file is part of GpgOL.
+ *
+ * GpgOL is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * GpgOL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stddef.h>
+
+/* Small string wrapper that handles wchar / utf8 conversion and
+   can be used as a temporary object for an allocated string.
+   Modifying the char or wchar_t pointer directly results in
+   undefined behavior.
+   They are intended to be used for API calls that expect a
+   mutable string but are actually a constant.
+   */
+class GpgOLStr
+{
+public:
+  GpgOLStr() : m_utf8str(NULL), m_widestr(NULL) {}
+
+  GpgOLStr(const char *str);
+  GpgOLStr(const wchar_t *widestr);
+  ~GpgOLStr();
+
+  operator char* ();
+  operator wchar_t* ();
+
+private:
+  char *m_utf8str;
+  wchar_t *m_widestr;
+};
diff --git a/src/mapihelp.cpp b/src/mapihelp.cpp
index 049f784..8460bcc 100644
--- a/src/mapihelp.cpp
+++ b/src/mapihelp.cpp
@@ -31,6 +31,7 @@
 #include "serpent.h"
 #include "mapihelp.h"
 #include "parsetlv.h"
+#include "gpgolstr.h"
 
 #ifndef CRYPT_E_STREAM_INSUFFICIENT_DATA
 #define CRYPT_E_STREAM_INSUFFICIENT_DATA 0x80091011
@@ -110,11 +111,12 @@ log_mapi_property (LPMESSAGE message, ULONG prop, const char *propname)
 
 /* Helper to create a named property. */
 static ULONG 
-create_gpgol_tag (LPMESSAGE message, wchar_t *name, const char *func)
+create_gpgol_tag (LPMESSAGE message, const wchar_t *name, const char *func)
 {
   HRESULT hr;
   LPSPropTagArray proparr = NULL;
-  MAPINAMEID mnid, *pmnid;	
+  MAPINAMEID mnid, *pmnid;
+  GpgOLStr propname(name);
   /* {31805ab8-3e92-11dc-879c-00061b031004}: GpgOL custom properties.  */
   GUID guid = {0x31805ab8, 0x3e92, 0x11dc, {0x87, 0x9c, 0x00, 0x06,
                                             0x1b, 0x03, 0x10, 0x04}};
@@ -123,7 +125,7 @@ create_gpgol_tag (LPMESSAGE message, wchar_t *name, const char *func)
   memset (&mnid, 0, sizeof mnid);
   mnid.lpguid = &guid;
   mnid.ulKind = MNID_STRING;
-  mnid.Kind.lpwstrName = name;
+  mnid.Kind.lpwstrName = propname;
   pmnid = &mnid;
   hr = message->GetIDsFromNames (1, &pmnid, MAPI_CREATE, &proparr);
   if (FAILED (hr))
@@ -254,12 +256,13 @@ get_internetcharsetbody_tag (LPMESSAGE message, ULONG *r_tag)
   /* {4E3A7680-B77A-11D0-9DA5-00C04FD65685} */
   GUID guid = {0x4E3A7680, 0xB77A, 0x11D0, {0x9D, 0xA5, 0x00, 0xC0,
                                             0x4F, 0xD6, 0x56, 0x85}};
+  GpgOLStr propname (L"Internet Charset Body");
   int result;
 
   memset (&mnid, 0, sizeof mnid);
   mnid.lpguid = &guid;
   mnid.ulKind = MNID_STRING;
-  mnid.Kind.lpwstrName = L"Internet Charset Body";
+  mnid.Kind.lpwstrName = propname;
   pmnid = &mnid;
   hr = message->GetIDsFromNames (1, &pmnid, 0, &proparr);
   if (FAILED (hr))
diff --git a/src/message.cpp b/src/message.cpp
index 38b095e..db3e1ff 100644
--- a/src/message.cpp
+++ b/src/message.cpp
@@ -31,6 +31,7 @@
 #include "mimemaker.h"
 #include "display.h"
 #include "message.h"
+#include "gpgolstr.h"
 
 #define TRACEPOINT() do { log_debug ("%s:%s:%d: tracepoint\n", \
                                      SRCNAME, __func__, __LINE__); \
@@ -687,6 +688,7 @@ pgp_body_to_attachment (LPMESSAGE message)
   SPropValue prop;
   LPSTREAM outstream = NULL;
   LPUNKNOWN punk;
+  GpgOLStr body_filename (PGPBODYFILENAME);
 
   instream = mapi_get_body_as_stream (message);
   if (!instream)
@@ -733,7 +735,7 @@ pgp_body_to_attachment (LPMESSAGE message)
     }
 
   prop.ulPropTag = PR_ATTACH_FILENAME_A;
-  prop.Value.lpszA = PGPBODYFILENAME;
+  prop.Value.lpszA = body_filename;
   hr = HrSetOneProp ((LPMAPIPROP)newatt, &prop);
   if (hr)
     {
diff --git a/src/ribbon-callbacks.cpp b/src/ribbon-callbacks.cpp
index ade0330..882240e 100644
--- a/src/ribbon-callbacks.cpp
+++ b/src/ribbon-callbacks.cpp
@@ -45,6 +45,7 @@
 #include "mapihelp.h"
 #include "mimemaker.h"
 #include "filetype.h"
+#include "gpgolstr.h"
 
 /* Gets the context of a ribbon control. And prints some
    useful debug output */
@@ -265,7 +266,7 @@ do_composer_action (LPDISPATCH ctrl, int flags)
   hr = OpenStreamOnFile (MAPIAllocateBuffer, MAPIFreeBuffer,
                          (SOF_UNIQUEFILENAME | STGM_DELETEONRELEASE
                           | STGM_CREATE | STGM_READWRITE),
-                         NULL, "GPG", &tmpstream);
+                         NULL, GpgOLStr("GPG"), &tmpstream);
 
   if (FAILED (hr))
     {
@@ -714,7 +715,7 @@ do_reader_action (LPDISPATCH ctrl, int flags)
   hr = OpenStreamOnFile (MAPIAllocateBuffer, MAPIFreeBuffer,
                          (SOF_UNIQUEFILENAME | STGM_DELETEONRELEASE
                           | STGM_CREATE | STGM_READWRITE),
-                         NULL, "GPG", &tmpstream);
+                         NULL, GpgOLStr("GPG"), &tmpstream);
 
   if (FAILED (hr))
     {

commit c25fec2b0e18fcf954d048e2ddb71b4186f4db49
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Tue Oct 13 11:20:56 2015 +0200

    Fix compiler warnings in engine-assuan
    
    * src/engine-assuan.c: Don't redefine WINVER. Include windows.h
      after assuan.h (because of winsock)
      (async_worker_thread): Return 0 on success.
      (start_command): Cast status callback to correct type.

diff --git a/src/engine-assuan.c b/src/engine-assuan.c
index c7f3312..2cf1837 100644
--- a/src/engine-assuan.c
+++ b/src/engine-assuan.c
@@ -25,11 +25,9 @@
 #include <time.h>
 #include <errno.h>
 #include <assert.h>
-#define WIN32_LEAN_AND_MEAN 
-#define WINVER 0x0500  /* Required for AllowSetForegroundWindow.  */
-#include <windows.h>
 
 #include <assuan.h>
+#include <windows.h>
 #include "common.h"
 #include "engine.h"
 #include "engine-assuan.h"
@@ -1230,6 +1228,7 @@ async_worker_thread (void *dummy)
 
       LeaveCriticalSection (&work_queue_lock);
     }
+  return 0;
 }
 
 
@@ -1502,7 +1501,7 @@ start_command (assuan_context_t ctx, closure_data_t cld,
     return gpg_error (GPG_ERR_GENERAL);	/* Ooops.  */
 
   cld->cmdid = cmdid;
-  cld->status_cbs.write = status_in_cb;
+  cld->status_cbs.write = (gpgme_data_write_cb_t) status_in_cb;
   cld->assctx = ctx;
   /* Fixme: We might want to have reference counting for CLD to cope
      with the problem that the gpgme data object uses CLD which might

commit 869bedfffb4aa4be8ea042e1b84e1841de24f483
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Tue Oct 13 10:33:58 2015 +0200

    Log error in mimemaker write_attachments.
    
    * src/mimemaker.c (write_attachments): Log error.
    --
    
    Fixes an unused variable warning and makes sense.

diff --git a/src/mimemaker.c b/src/mimemaker.c
index 93450db..55e5782 100644
--- a/src/mimemaker.c
+++ b/src/mimemaker.c
@@ -942,6 +942,10 @@ write_attachments (sink_t sink,
             return -1;
           rc = write_part (sink, buffer, buflen, boundary,
                            table[idx].filename, 0);
+          if (rc)
+            {
+              log_error ("Write part returned err: %i", rc);
+            }
           xfree (buffer);
         }
   return 0;

commit a8d772736473ce8153827c335c35aff589e63d06
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Tue Oct 13 10:27:18 2015 +0200

    Fix body handling of sent mails.
    
    * src/mailitem-events.cpp (handle_read): Work on the base message.
    
    --
    Outlook somehow is confused about the attachment
    table of our sent mails. The securemessage interface
    gives us access to the real attach table but the attachment
    table of the message itself is broken.
    
    So unprotect attachments does not work for sent mails
    as the attachment table of the mapiitem is invalid.
    We need to somehow get outlook to use the attachment table
    of the base message and and then decrypt those.
    This will probably mean removing all attachments for the
    message and adding the attachments from the base message then
    we can call unprotect_attachments as usual.
    
    For now this works only for the body.

diff --git a/src/mailitem-events.cpp b/src/mailitem-events.cpp
index dab2c99..e4f6044 100644
--- a/src/mailitem-events.cpp
+++ b/src/mailitem-events.cpp
@@ -107,21 +107,24 @@ MailItemEvents::handle_read()
   int err;
   int is_html, was_protected = 0;
   char *body = NULL;
-  LPMESSAGE message = get_oom_message (m_object);
-  if (!message)
+  /* Outlook somehow is confused about the attachment
+     table of our sent mails. The securemessage interface
+     gives us access to the real attach table but the attachment
+     table of the message itself is broken. */
+  LPMESSAGE base_message = get_oom_base_message (m_object);
+  if (!base_message)
     {
-      log_error ("%s:%s: Failed to get message \n",
+      log_error ("%s:%s: Failed to get base message \n",
                  SRCNAME, __func__);
       return S_OK;
     }
-  err = mapi_get_gpgol_body_attachment (message, &body, NULL,
+  err = mapi_get_gpgol_body_attachment (base_message, &body, NULL,
                                         &is_html, &was_protected);
-  message->Release ();
   if (err || !body)
     {
       log_error ("%s:%s: Failed to get body attachment of \n",
                  SRCNAME, __func__);
-      return S_OK;
+      goto done;
     }
   if (put_oom_string (m_object, is_html ? "HTMLBody" : "Body", body))
     {
@@ -130,13 +133,21 @@ MailItemEvents::handle_read()
     }
 
   xfree (body);
-
+  /* TODO: unprotect attachments does not work for sent mails
+     as the attachment table of the mapiitem is invalid.
+     We need to somehow get outlook to use the attachment table
+     of the base message and and then decrypt those.
+     This will probably mean removing all attachments for the
+     message and adding the attachments from the base message then
+     we can call unprotect_attachments as usual. */
   if (unprotect_attachments (m_object))
     {
       log_error ("%s:%s: Failed to unprotect attachments. \n",
                  SRCNAME, __func__);
     }
 
+done:
+  RELDISP (base_message);
   return S_OK;
 }
 

-----------------------------------------------------------------------

Summary of changes:
 configure.ac                     |  2 --
 src/Makefile.am                  |  3 +-
 src/display.cpp                  |  7 +++--
 src/engine-assuan.c              |  7 ++---
 src/eventsink.h                  |  4 +--
 src/gpgoladdin.cpp               |  6 +++-
 src/gpgolstr.cpp                 | 60 ++++++++++++++++++++++++++++++++++++++++
 src/{eventsinks.h => gpgolstr.h} | 34 +++++++++++++++++------
 src/mailitem-events.cpp          | 25 ++++++++++++-----
 src/mailitem.cpp                 |  8 ++----
 src/mapihelp.cpp                 | 13 +++++----
 src/message.cpp                  |  6 ++--
 src/mimemaker.c                  |  4 +++
 src/oomhelp.cpp                  |  3 +-
 src/rfc822parse.c                |  8 ++----
 src/ribbon-callbacks.cpp         | 11 ++++----
 16 files changed, 146 insertions(+), 55 deletions(-)
 create mode 100644 src/gpgolstr.cpp
 copy src/{eventsinks.h => gpgolstr.h} (52%)


hooks/post-receive
-- 
GnuPG extension for MS Outlook
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Oct 13 16:39:15 2015
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Tue, 13 Oct 2015 16:39:15 +0200
Subject: [git] GpgOL - branch, mime-addin, updated. gpgol-1.2.0-51-g7bf40a9
Message-ID: <E1Zm0ah-0002tE-8M@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".

The branch, mime-addin has been updated
       via  7bf40a952a1822cb42bebf866992d7a6eb9db4f6 (commit)
       via  c41751e7f287b8b9323ae4d0b8e383fa3dd8a515 (commit)
       via  3ab27fd8a4f7c740d1cafc8979be21ff9264516c (commit)
      from  383cb09127d268a9e49e80c013e7db29cea8ff65 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 7bf40a952a1822cb42bebf866992d7a6eb9db4f6
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Tue Oct 13 16:38:28 2015 +0200

    Enable -Werror in maintainer-mode
    
    * configure.ac: Enable Werror in maintainer-mode.

diff --git a/configure.ac b/configure.ac
index d11744d..90b0af2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -201,10 +201,10 @@ if test "$GCC" = yes; then
     CFLAGS="$CFLAGS -Wall -mms-bitfields -fno-strict-aliasing"
     CXXFLAGS="$CXXFLAGS -Wall -mms-bitfields -fno-strict-aliasing"
     if test "$USE_MAINTAINER_MODE" = "yes"; then
-        CFLAGS="$CFLAGS -Wcast-align -Wshadow -Wstrict-prototypes"
+        CFLAGS="$CFLAGS -Werror -Wcast-align -Wshadow -Wstrict-prototypes"
         CFLAGS="$CFLAGS -Wno-format-y2k -Wformat-security"
         CFLAGS="$CFLAGS -W -Wno-sign-compare"
-        CXXFLAGS="$CXXFLAGS -Wcast-align -Wshadow"
+        CXXFLAGS="$CXXFLAGS -Werror -Wcast-align -Wshadow"
         CXXFLAGS="$CXXFLAGS -Wno-format-y2k -Wformat-security"
         CXXFLAGS="$CXXFLAGS -W -Wno-sign-compare"
         AC_MSG_CHECKING([if gcc supports -Wno-missing-field-initializers])

commit c41751e7f287b8b9323ae4d0b8e383fa3dd8a515
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Tue Oct 13 16:32:44 2015 +0200

    Cast gpgme callback functions to fix warning.
    
    * src/engine.c (engine_create_filter): Cast callback functions.

diff --git a/src/engine.c b/src/engine.c
index f208799..c5b9088 100644
--- a/src/engine.c
+++ b/src/engine.c
@@ -571,8 +571,8 @@ engine_create_filter (engine_filter_t *r_filter,
   engine_filter_t filter;
 
   filter = create_filter ();
-  filter->cb_inbound.read = filter_gpgme_read_cb;
-  filter->cb_outbound.write = filter_gpgme_write_cb;
+  filter->cb_inbound.read = (gpgme_data_read_cb_t) filter_gpgme_read_cb;
+  filter->cb_outbound.write = (gpgme_data_write_cb_t) filter_gpgme_write_cb;
   filter->outfnc = outfnc? outfnc : dummy_outfnc;
   filter->outfncdata = outfncdata;
 

commit 3ab27fd8a4f7c740d1cafc8979be21ff9264516c
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Tue Oct 13 16:28:10 2015 +0200

    Remove engine-gpgme
    
    * src/engine-gpgme.c, src/engine-gpgme.h: Remove historic code.
    * src/engine.c: Assume use_assuan and remove engine-gpgme calls.
    * src/Makefile.am: Update accordingly.
    
    --
    The fallback to the gpgme-engine without assuan was unmaintained
    and did not provide all the features anyway. It was mostly there
    for historic reasons as this predates assuan.

diff --git a/src/Makefile.am b/src/Makefile.am
index ef859bf..db5f572 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -59,7 +59,6 @@ gpgol_SOURCES = \
 	msgcache.c msgcache.h       \
 	engine.c engine.h           \
         engine-assuan.c engine-assuan.h \
-        engine-gpgme.c engine-gpgme.h   \
 	rfc822parse.c rfc822parse.h \
         common.h common.c util.h    \
 	xmalloc.h		    \
diff --git a/src/engine-gpgme.c b/src/engine-gpgme.c
deleted file mode 100644
index 5f2c823..0000000
--- a/src/engine-gpgme.c
+++ /dev/null
@@ -1,1276 +0,0 @@
-/* engine-gpgme.c - Crypto engine with GPGME
- *	Copyright (C) 2005, 2006, 2007, 2008 g10 Code GmbH
- *
- * This file is part of GpgOL.
- *
- * GpgOL is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 
- * of the License, or (at your option) any later version.
- *  
- * GpgOL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-
-#include <config.h>
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include <errno.h>
-#include <assert.h>
-#define WIN32_LEAN_AND_MEAN 
-#include <windows.h>
-
-#include "common.h"
-#include "passcache.h"
-#include "engine.h"
-#include "engine-gpgme.h"
-
-#define TRACEPOINT() do { log_debug ("%s:%s:%d: tracepoint\n", \
-                                       SRCNAME, __func__, __LINE__); \
-                        } while (0)
-
-
-/* Because we are using asynchronous gpgme commands, we need to have a
-   closure to cleanup allocated resources and run the code required
-   adfter gpgme finished the command (e.g. getting the signature
-   verification result.  Thus all functions need to implement a
-   closure function and pass it using a closure_data_t object via the
-   gpgme_progress_cb hack.  */
-struct closure_data_s;
-typedef struct closure_data_s *closure_data_t;
-struct closure_data_s
-{
-  void (*closure)(closure_data_t, gpgme_ctx_t, gpg_error_t);
-  engine_filter_t filter;
-  struct passphrase_cb_s pw_cb;  /* Passphrase callback info.  */
-  int with_verify;
-  gpgme_data_t sigobj;
-};
-
-
-static int basic_init_done = 0;
-static int init_done = 0;
-static int shutdown_gpgme = 0;
-
-static DWORD WINAPI waiter_thread (void *dummy);
-static CRITICAL_SECTION waiter_thread_lock;
-static HANDLE waiter_thread_handle = INVALID_HANDLE_VALUE;
-static void update_passphrase_cache (int err, 
-                                     struct passphrase_cb_s *pass_cb_value);
-/* static void add_verify_attestation (gpgme_data_t at,  */
-/*                                     gpgme_ctx_t ctx,  */
-/*                                     gpgme_verify_result_t res, */
-/*                                     const char *filename); */
-
-
-
-static void
-cleanup (void)
-{
-  if (init_done && waiter_thread_handle != INVALID_HANDLE_VALUE )
-    {
-      DWORD ec;
-
-      EnterCriticalSection (&waiter_thread_lock);
-      shutdown_gpgme = 1;
-      LeaveCriticalSection (&waiter_thread_lock);
-      while ( GetExitCodeThread (waiter_thread_handle, &ec) )
-        Sleep (100);
-      waiter_thread_handle = INVALID_HANDLE_VALUE;
-    }
-}
-
-
-/* Cleanup static resources. */
-void
-op_gpgme_deinit (void)
-{
-  cleanup ();
-}
-
-
-/* First part of the gpgme initialization.  This is sufficient if we
-   only use the gpgme_data_t stuff.  */
-int
-op_gpgme_basic_init (void)
-{
-  if (basic_init_done)
-    return 0;
-
-  if (!gpgme_check_version (NEED_GPGME_VERSION)) 
-    {
-      log_debug ("gpgme is too old (need %s, have %s)\n",
-                 NEED_GPGME_VERSION, gpgme_check_version (NULL) );
-      return gpg_error (GPG_ERR_GENERAL);
-    }
-
-  basic_init_done = 1;
-  return 0;
-}
-
-
-int
-op_gpgme_init (void)
-{
-  gpgme_error_t err;
-
-  if (init_done)
-    return 0;
-
-  err = op_gpgme_basic_init ();
-  if (err)
-    return err;
-
-  err = gpgme_engine_check_version (GPGME_PROTOCOL_OpenPGP);
-  if (err)
-    {
-      log_debug ("gpgme can't find a suitable OpenPGP backend: %s\n",
-                 gpgme_strerror (err));
-      return err;
-    }
-
-  err = gpgme_engine_check_version (GPGME_PROTOCOL_CMS);
-  if (err)
-    {
-      log_debug ("gpgme can't find a suitable CMS backend: %s\n",
-                 gpgme_strerror (err));
-      return err;
-    }
-
-  {
-    HANDLE th;
-    DWORD tid;
-
-    waiter_thread_handle = INVALID_HANDLE_VALUE;
-    InitializeCriticalSection (&waiter_thread_lock);
-    th = CreateThread (NULL, 128*1024, waiter_thread, NULL, 0, &tid);
-    if (th == INVALID_HANDLE_VALUE)
-      log_error ("failed to start the gpgme waiter thread\n");
-    else
-      waiter_thread_handle = th;
-  }
-
-  init_done = 1;
-  return 0;
-}
-
-
-/* The worker for the asynchronous commands.  */
-static DWORD WINAPI
-waiter_thread (void *dummy)
-{
-  gpgme_ctx_t ctx;
-  gpg_error_t err;
-  void *a_voidptr;
-  closure_data_t closure_data;
-
-  (void)dummy;
-
-  while (!shutdown_gpgme)
-    {
-      /*  Note: We don't use hang because this will end up in a tight
-          loop and does not do a voluntary context switch.  Thus we do
-          this by ourself.  Actually it would be better to start
-          gpgme_wait only if we really have something to do but that
-          is a bit more complicated.  */
-      EnterCriticalSection (&waiter_thread_lock);
-      ctx = gpgme_wait (NULL, &err, 0);
-      LeaveCriticalSection (&waiter_thread_lock);
-      if (ctx)
-        {
-          gpgme_get_progress_cb (ctx, NULL, &a_voidptr);
-          closure_data = a_voidptr;
-          assert (closure_data);
-          assert (closure_data->closure);
-          closure_data->closure (closure_data, ctx, err);
-          xfree (closure_data);
-          gpgme_release (ctx);
-        }
-      else if (err)
-        log_debug ("%s:%s: gpgme_wait failed: %s\n", SRCNAME, __func__, 
-                   gpg_strerror (err));
-      else
-        Sleep (50);
-    }
-  ExitThread (0);
-  return 0;
-}
-
-
-void
-engine_gpgme_cancel (void *cancel_data)
-{
-  gpg_error_t err;
-  gpgme_ctx_t ctx = cancel_data;
-
-  if (ctx)
-    {
-      EnterCriticalSection (&waiter_thread_lock);
-      err = gpgme_cancel (ctx);
-      LeaveCriticalSection (&waiter_thread_lock);
-      if (err)
-        log_debug ("%s:%s: gpgme_cancel failed: %s\n", 
-                   SRCNAME, __func__,  gpg_strerror (err));
-    }
-}
-
-
-/* This routine should be called immediately after an operation to
-   make sure that the passphrase cache gets updated. ERR is expected
-   to be the error code from the gpgme operation and PASS_CB_VALUE the
-   context used by the passphrase callback.  
-
-   On any error we flush a possible passphrase for the used keyID from
-   the cache.  On success we store the passphrase into the cache.  The
-   cache will take care of the supplied TTL and for example actually
-   delete it if the TTL is 0 or an empty value is used. We also wipe
-   the passphrase from the context here. */
-static void
-update_passphrase_cache (int err, struct passphrase_cb_s *pass_cb_value)
-{
-  if (!pass_cb_value)
-    return;
-  if (pass_cb_value->keyid && *pass_cb_value->keyid)
-    {
-      if (err)
-        passcache_put (pass_cb_value->keyid, NULL, 0);
-      else
-        passcache_put (pass_cb_value->keyid, pass_cb_value->pass,
-                       pass_cb_value->ttl);
-    }
-  if (pass_cb_value->pass)
-    {
-      wipestring (pass_cb_value->pass);
-      xfree (pass_cb_value->pass);
-      pass_cb_value->pass = NULL;
-    }
-}
-
-
-
-

-/* Try to figure out why the encryption failed and provide a more
-   suitable error code than the one returned by the encryption
-   routine. */
-static gpgme_error_t
-check_encrypt_result (gpgme_ctx_t ctx, gpgme_error_t err)
-{
-  gpgme_encrypt_result_t res;
-
-  res = gpgme_op_encrypt_result (ctx);
-  if (!res)
-    return err;
-  if (res->invalid_recipients)
-    return gpg_error (GPG_ERR_UNUSABLE_PUBKEY);
-  /* XXX: we need to do more here! */
-  return err;
-}
-
-
-/* Release an array of GPGME keys. */
-static void 
-release_key_array (gpgme_key_t *keys)
-{
-  int i;
-
-  if (keys)
-    {
-      for (i = 0; keys[i]; i++) 
-	gpgme_key_release (keys[i]);
-      xfree (keys);
-    }
-}
-
-/* Return the number of strings in the array STRINGS. */
-static size_t
-count_strings (char **strings)
-{
-  size_t i;
-
-  for (i=0; strings[i]; i++)
-    ;
-  return i;
-}
-
-/* Return the number of keys in the gpgme_key_t array KEYS.  */
-static size_t
-count_keys (gpgme_key_t *keys)
-{
-  size_t i;
-  
-  for (i=0; keys[i]; i++)
-    ;
-  return i;
-}
-
-
-/* Return an array of gpgme key objects derived from thye list of
-   strings in RECPIENTS. */
-static gpg_error_t
-prepare_recipient_keys (gpgme_key_t **r_keys, char **recipients, HWND hwnd)
-{
-  gpg_error_t err;
-  gpgme_key_t *keys = NULL;
-  char **unknown = NULL;
-  size_t n_keys, n_unknown, n_recp;
-  int i;
-
-  *r_keys = NULL;
-  if (op_lookup_keys (recipients, &keys, &unknown))
-    {
-      log_debug ("%s:%s: leave (lookup keys failed)\n", SRCNAME, __func__);
-      return gpg_error (GPG_ERR_GENERAL);  
-    }
-
-  n_recp = count_strings (recipients);
-  n_keys = count_keys (keys);
-  n_unknown = count_strings (unknown);
-
-  log_debug ("%s:%s: found %d recipients, need %d, unknown=%d\n",
-             SRCNAME, __func__, (int)n_keys, (int)n_recp, (int)n_unknown);
-  
-  if (n_keys != n_recp)
-    {
-      unsigned int opts;
-      gpgme_key_t *keys2;
-
-      log_debug ("%s:%s: calling recipient_dialog_box2", SRCNAME, __func__);
-      opts = recipient_dialog_box2 (keys, unknown, &keys2);
-      release_key_array (keys);
-      keys = keys2;
-      if ( (opts & OPT_FLAG_CANCEL) ) 
-        {
-          err = gpg_error (GPG_ERR_CANCELED);
-          goto leave;
-	}
-    }
-
-
-  /* If a default key has been set, add it to the list of keys.  Check
-     that the key is actually available. */
-  if (opt.enable_default_key && opt.default_key && *opt.default_key)
-    {
-      gpgme_key_t defkey;
-      
-      defkey = op_get_one_key (opt.default_key);
-      if (!defkey)
-        {
-          MessageBox (hwnd,
-                 _("The configured default encryption certificate is not "
-                   "available or does not unambigiously specify one. "
-                   "Please fix this in the option dialog.\n\n"
-                   "This message won't be be encrypted to this certificate!"),
-                   _("Encryption"), MB_ICONWARNING|MB_OK);
-        }
-      else
-        {
-          gpgme_key_t *tmpkeys;
-
-          n_keys = count_keys (keys) + 1;
-          tmpkeys = xcalloc (n_keys+1, sizeof *tmpkeys);
-          for (i = 0; keys[i]; i++) 
-            {
-              tmpkeys[i] = keys[i];
-              gpgme_key_ref (tmpkeys[i]);
-            }
-          tmpkeys[i++] = defkey;
-          tmpkeys[i] = NULL;
-          release_key_array (keys);
-          keys = tmpkeys;
-        }
-    }
-  
-  if (keys)
-    {
-      for (i=0; keys[i]; i++)
-        log_debug ("%s:%s: recp.%d 0x%s %s\n", SRCNAME, __func__,
-                   i, keyid_from_key (keys[i]), userid_from_key (keys[i]));
-    }
-  *r_keys = keys;
-  keys = NULL;
-  err = 0;
-
- leave:
-  release_key_array (keys);
-  return err;
-}
-
-
-/* Not that this closure is called in the context of the
-   waiter_thread.  */
-static void
-encrypt_closure (closure_data_t cld, gpgme_ctx_t ctx, gpg_error_t err)
-{
-  if (cld->pw_cb.ctx)
-    {
-      /* Signing was also request; thus update the passphrase cache.  */ 
-      update_passphrase_cache (err, &cld->pw_cb);
-    }
-  if (err)
-    err = check_encrypt_result (ctx, err);
-  engine_private_finished (cld->filter, err);
-}
-
-
-/* Encrypt the data from INDATA to the OUTDATA object for all
-   recpients given in the NULL terminated array RECIPIENTS.  This
-   function terminates with success and then expects the caller to
-   wait for the result of the encryption using engine_wait.  FILTER is
-   used for asynchronous commnication with the engine module.  HWND is
-   the window handle of the current window and used to maintain the
-   correct relationship between a popups and the active window.  */
-int
-op_gpgme_encrypt (protocol_t protocol, 
-                  gpgme_data_t indata, gpgme_data_t outdata,
-                  engine_filter_t filter, void *hwnd,
-                  char **recipients)
-{
-  gpg_error_t err;
-  closure_data_t cld;
-  gpgme_ctx_t ctx = NULL;
-  gpgme_key_t *keys = NULL;
-
-  (void)hwnd;
-
-  cld = xcalloc (1, sizeof *cld);
-  cld->closure = encrypt_closure;
-  cld->filter = filter;
-
-  err = prepare_recipient_keys (&keys, recipients, NULL);
-  if (err)
-    goto leave;
-
-  err = gpgme_new (&ctx);
-  if (err)
-    goto leave;
-  gpgme_set_progress_cb (ctx, NULL, cld);
-  switch (protocol)
-    {
-    case PROTOCOL_OPENPGP:  /* Gpgme's default.  */
-      break;
-    case PROTOCOL_SMIME:
-      err = gpgme_set_protocol (ctx, GPGME_PROTOCOL_CMS);
-      break;
-    default:
-      err = gpg_error (GPG_ERR_UNSUPPORTED_PROTOCOL);
-      break;
-    }
-  if (err)
-    goto leave;
-
-
-  gpgme_set_armor (ctx, 1);
-  /* FIXME:  We should not hardcode always trust. */
-/*   if (sign_key) */
-/*     { */
-/*       gpgme_set_passphrase_cb (ctx, passphrase_callback_box, &cld->pw_cb); */
-/*       cld->pw_cb.ctx = ctx; */
-/*       cld->pw_cb.ttl = opt.passwd_ttl; */
-/*       err = gpgme_signers_add (ctx, sign_key); */
-/*       if (!err) */
-/*         err = gpgme_op_encrypt_sign_start (ctx, keys, */
-/*                                            GPGME_ENCRYPT_ALWAYS_TRUST, */
-/*                                            indata, outdata); */
-/*     } */
-/*   else */
-    err = gpgme_op_encrypt_start (ctx, keys, GPGME_ENCRYPT_ALWAYS_TRUST, 
-                                  indata, outdata);
-
- leave:
-  if (err)
-    {
-      xfree (cld);
-      gpgme_release (ctx);
-    }
-  else
-    engine_private_set_cancel (filter, ctx);
-  release_key_array (keys);
-  return err;
-}
-
-
-
-

-/* Not that this closure is called in the context of the
-   waiter_thread.  */
-static void
-sign_closure (closure_data_t cld, gpgme_ctx_t ctx, gpg_error_t err)
-{
-  (void)ctx;
-
-  update_passphrase_cache (err, &cld->pw_cb);
-  engine_private_finished (cld->filter, err);
-}
-
-
-/* Created a detached signature for INDATA and write it to OUTDATA.
-   On termination of the signing command engine_private_finished() is
-   called with FILTER as the first argument.  */
-int
-op_gpgme_sign (protocol_t protocol, 
-               gpgme_data_t indata, gpgme_data_t outdata,
-               engine_filter_t filter, void *hwnd)
-{
-  gpg_error_t err;
-  closure_data_t cld;
-  gpgme_ctx_t ctx = NULL;
-  gpgme_key_t sign_key = NULL;
-
-  (void)hwnd;
-
-  if (signer_dialog_box (&sign_key, NULL, 0) == -1)
-    {
-      log_debug ("%s:%s: leave (dialog failed)\n", SRCNAME, __func__);
-      return gpg_error (GPG_ERR_CANCELED);  
-    }
-
-  cld = xcalloc (1, sizeof *cld);
-  cld->closure = sign_closure;
-  cld->filter = filter;
-
-  err = gpgme_new (&ctx);
-  if (err)
-    goto leave;
-  gpgme_set_progress_cb (ctx, NULL, cld);
-  switch (protocol)
-    {
-    case PROTOCOL_OPENPGP:  /* Gpgme's default.  */
-      break;
-    case PROTOCOL_SMIME:
-      err = gpgme_set_protocol (ctx, GPGME_PROTOCOL_CMS);
-      break;
-    default:
-      err = gpg_error (GPG_ERR_UNSUPPORTED_PROTOCOL);
-      break;
-    }
-  if (err)
-    goto leave;
-
-  gpgme_set_armor (ctx, 1);
-  gpgme_set_passphrase_cb (ctx, passphrase_callback_box, &cld->pw_cb);
-  cld->pw_cb.ctx = ctx;
-  cld->pw_cb.ttl = opt.passwd_ttl;
-  err = gpgme_signers_add (ctx, sign_key);
-  if (!err)
-    err = gpgme_op_sign_start (ctx, indata, outdata, GPGME_SIG_MODE_DETACH);
-
- leave:
-  if (err)
-    {
-      xfree (cld);
-      gpgme_release (ctx);
-    }
-  else
-    engine_private_set_cancel (filter, ctx);
-  gpgme_key_unref (sign_key);
-  return err;
-}
-
-
-

-/* Not that this closure is called in the context of the
-   waiter_thread.  */
-static void
-decrypt_closure (closure_data_t cld, gpgme_ctx_t ctx, gpg_error_t err)
-{
-  update_passphrase_cache (err, &cld->pw_cb);
-
-  if (!err && !cld->with_verify) 
-    ;
-  else if (!err) 
-    {
-      gpgme_verify_result_t res;
-
-      /* Decryption succeeded.  Now check the state of the signatures. */
-      res = gpgme_op_verify_result (ctx);
-      if (res && res->signatures)
-        verify_dialog_box (gpgme_get_protocol (ctx), res, NULL);
-    }
-  else if (gpg_err_code (err) == GPG_ERR_DECRYPT_FAILED)
-    {
-      /* The decryption failed.  See whether we can figure out a more
-         suitable error code.  */
-      gpgme_decrypt_result_t res;
-
-      res = gpgme_op_decrypt_result (ctx);
-      if (res && res->recipients 
-          && gpgme_err_code (res->recipients->status) == GPG_ERR_NO_SECKEY)
-        err = gpg_error (GPG_ERR_NO_SECKEY);
-      /* Fixme: return the keyids */
-    }
-  else
-    {
-      /* Decryption failed for other reasons. */
-    }
-
-  /* If the passphrase callback indicated a cancel operation, change
-     the the error code accordingly. */
-  if (err && (cld->pw_cb.opts & OPT_FLAG_CANCEL))
-    err = gpg_error (GPG_ERR_CANCELED);
-
-  engine_private_finished (cld->filter, err);
-}
-
-
-/* Decrypt data from INDATA to OUTDATE.  If WITH_VERIFY is set, a
-   signature of PGP/MIME combined message is also verified the same
-   way as with op_gpgme_verify.  */
-int
-op_gpgme_decrypt (protocol_t protocol,
-                  gpgme_data_t indata, gpgme_data_t outdata, 
-                  engine_filter_t filter, void *hwnd,
-                  int with_verify)
-{
-  gpgme_error_t err;
-  closure_data_t cld;
-  gpgme_ctx_t ctx = NULL;
-  
-  (void)hwnd;
-
-  cld = xcalloc (1, sizeof *cld);
-  cld->closure = decrypt_closure;
-  cld->filter = filter;
-  cld->with_verify = with_verify;
-
-  err = gpgme_new (&ctx);
-  if (err)
-    goto leave;
-  gpgme_set_progress_cb (ctx, NULL, cld);
-  switch (protocol)
-    {
-    case PROTOCOL_OPENPGP:  /* Gpgme's default.  */
-      break;
-    case PROTOCOL_SMIME:
-      err = gpgme_set_protocol (ctx, GPGME_PROTOCOL_CMS);
-      break;
-    default:
-      err = gpg_error (GPG_ERR_UNSUPPORTED_PROTOCOL);
-      break;
-    }
-  if (err)
-    goto leave;
-
-  /* Note: We do no error checking for the next call because some
-     backends may not implement a command hanler at all.  */
-  gpgme_set_passphrase_cb (ctx, passphrase_callback_box, &cld->pw_cb);
-  cld->pw_cb.ctx = ctx;
-
-  if (with_verify) 
-    err = gpgme_op_decrypt_verify_start (ctx, indata, outdata);
-  else
-    err = gpgme_op_decrypt_start (ctx, indata, outdata);
-
-
- leave:
-  if (err)
-    {
-      xfree (cld);
-      gpgme_release (ctx);
-    }
-  else
-    engine_private_set_cancel (filter, ctx);
-  return err;
-}
-
-
-
-

-/* Not that this closure is called in the context of the
-   waiter_thread.  */
-static void
-verify_closure (closure_data_t cld, gpgme_ctx_t ctx, gpg_error_t err)
-{
-  if (!err)
-    {
-      gpgme_verify_result_t res;
-
-      res = gpgme_op_verify_result (ctx);
-      if (res) 
-        verify_dialog_box (gpgme_get_protocol (ctx), res, NULL);
-    }
-  gpgme_data_release (cld->sigobj);
-  engine_private_finished (cld->filter, err);
-}
-
-
-/* Verify a detached message where the data is in the gpgme object
-   DATA and the signature given as the string SIGNATUEE. */
-int
-op_gpgme_verify (gpgme_protocol_t protocol, 
-                 gpgme_data_t data, const char *signature, size_t sig_len,
-                 engine_filter_t filter, void *hwnd)
-{
-  gpgme_error_t err;
-  closure_data_t cld;
-  gpgme_ctx_t ctx = NULL;
-  gpgme_data_t sigobj = NULL;
-
-  (void)hwnd;
-
-  cld = xcalloc (1, sizeof *cld);
-  cld->closure = verify_closure;
-  cld->filter = filter;
-
-  err = gpgme_new (&ctx);
-  if (err)
-    goto leave;
-
-  gpgme_set_progress_cb (ctx, NULL, cld);
-  switch (protocol)
-    {
-    case PROTOCOL_OPENPGP:  /* Gpgme's default.  */
-      break;
-    case PROTOCOL_SMIME:
-      err = gpgme_set_protocol (ctx, GPGME_PROTOCOL_CMS);
-      break;
-    default:
-      err = gpg_error (GPG_ERR_UNSUPPORTED_PROTOCOL);
-      break;
-    }
-  if (err)
-    goto leave;
-
-  err = gpgme_data_new_from_mem (&sigobj, signature, sig_len, 0);
-  if (err)
-    goto leave;
-  cld->sigobj = sigobj;
-
-  err = gpgme_op_verify_start (ctx, sigobj, data, NULL);
-
- leave:
-  if (err)
-    {
-      gpgme_data_release (sigobj);
-      xfree (cld);
-      gpgme_release (ctx);
-    }
-  else
-    engine_private_set_cancel (filter, ctx);
-  return err;
-}
-
-
-
-
-
-

-#if 0
-static void
-at_puts (gpgme_data_t a, const char *s)
-{
-  gpgme_data_write (a, s, strlen (s));
-}
-
-static void 
-at_print_time (gpgme_data_t a, time_t t)
-{
-  char buf[200];
-
-  strftime (buf, sizeof (buf)-1, "%c", localtime (&t));
-  at_puts (a, buf);
-}
-
-static void 
-at_fingerprint (gpgme_data_t a, gpgme_key_t key)
-{
-  const char *s;
-  int i, is_pgp;
-  char *buf, *p;
-  const char *prefix = _("Fingerprint: ");
-
-  if (!key)
-    return;
-  s = key->subkeys ? key->subkeys->fpr : NULL;
-  if (!s)
-    return;
-  is_pgp = (key->protocol == GPGME_PROTOCOL_OpenPGP);
-
-  buf = xmalloc ( strlen (prefix) + strlen(s) * 4 + 2 );
-  p = stpcpy (buf, prefix);
-  if (is_pgp && strlen (s) == 40)
-    { 
-      /* v4 style formatted. */
-      for (i=0; *s && s[1] && s[2] && s[3] && s[4]; s += 4, i++)
-        {
-          *p++ = s[0];
-          *p++ = s[1];
-          *p++ = s[2];
-          *p++ = s[3];
-          *p++ = ' ';
-          if (i == 4)
-            *p++ = ' ';
-        }
-    }
-  else
-    { 
-      /* v3 style or X.509 formatted. */
-      for (i=0; *s && s[1] && s[2]; s += 2, i++)
-        {
-          *p++ = s[0];
-          *p++ = s[1];
-          *p++ = is_pgp? ' ':':';
-          if (is_pgp && i == 7)
-            *p++ = ' ';
-        }
-    }
-
-  /* Just in case print remaining odd digits */
-  for (; *s; s++)
-    *p++ = *s;
-  *p++ = '\n';
-  *p = 0;
-  at_puts (a, buf);
-  xfree (buf);
-}
-
-
-/* Print common attributes of the signature summary SUM.  Returns
-   true if a severe warning has been encountered. */
-static int 
-at_sig_summary (gpgme_data_t a,  
-                unsigned long sum, gpgme_signature_t sig, gpgme_key_t key)
-{
-  int severe = 0;
-
-  if ((sum & GPGME_SIGSUM_VALID))
-    at_puts (a, _("This signature is valid\n"));
-  if ((sum & GPGME_SIGSUM_GREEN))
-    at_puts (a, _("signature state is \"green\"\n"));
-  if ((sum & GPGME_SIGSUM_RED))
-    at_puts (a, _("signature state is \"red\"\n"));
-
-  if ((sum & GPGME_SIGSUM_KEY_REVOKED))
-    {
-      at_puts (a, _("Warning: One of the certificates has been revoked\n"));
-      severe = 1;
-    }
-  
-  if ((sum & GPGME_SIGSUM_KEY_EXPIRED))
-    {
-      time_t t = key->subkeys->expires ? key->subkeys->expires : 0;
-
-      if (t)
-        {
-          at_puts (a, _("Warning: The certificate used to create the "
-                        "signature expired at: "));
-          at_print_time (a, t);
-          at_puts (a, "\n");
-        }
-      else
-        at_puts (a, _("Warning: At least one certification certificate "
-                      "has expired\n"));
-    }
-
-  if ((sum & GPGME_SIGSUM_SIG_EXPIRED))
-    {
-      at_puts (a, _("Warning: The signature expired at: "));
-      at_print_time (a, sig ? sig->exp_timestamp : 0);
-      at_puts (a, "\n");
-    }
-
-  if ((sum & GPGME_SIGSUM_KEY_MISSING))
-    at_puts (a, _("Can't verify due to a missing certificate\n"));
-
-  if ((sum & GPGME_SIGSUM_CRL_MISSING))
-    {
-      at_puts (a, _("The CRL is not available\n"));
-      severe = 1;
-    }
-
-  if ((sum & GPGME_SIGSUM_CRL_TOO_OLD))
-    {
-      at_puts (a, _("Available CRL is too old\n"));
-      severe = 1;
-    }
-
-  if ((sum & GPGME_SIGSUM_BAD_POLICY))
-    at_puts (a, _("A policy requirement was not met\n"));
-
-  if ((sum & GPGME_SIGSUM_SYS_ERROR))
-    {
-      const char *t0 = NULL, *t1 = NULL;
-
-      at_puts (a, _("A system error occured"));
-
-      /* Try to figure out some more detailed system error information. */
-      if (sig)
-	{
-	  t0 = "";
-	  t1 = sig->wrong_key_usage ? "Wrong_Key_Usage" : "";
-	}
-
-      if (t0 || t1)
-        {
-          at_puts (a, ": ");
-          if (t0)
-            at_puts (a, t0);
-          if (t1 && !(t0 && !strcmp (t0, t1)))
-            {
-              if (t0)
-                at_puts (a, ",");
-              at_puts (a, t1);
-            }
-        }
-      at_puts (a, "\n");
-    }
-
-  return severe;
-}
-
-
-/* Print the validity of a key used for one signature. */
-static void 
-at_sig_validity (gpgme_data_t a, gpgme_signature_t sig)
-{
-  const char *txt = NULL;
-
-  switch (sig ? sig->validity : 0)
-    {
-    case GPGME_VALIDITY_UNKNOWN:
-      txt = _("WARNING: We have NO indication whether "
-              "this certificate belongs to the person named "
-              "as shown above\n");
-      break;
-    case GPGME_VALIDITY_UNDEFINED:
-      break;
-    case GPGME_VALIDITY_NEVER:
-      txt = _("WARNING: The certificate does NOT BELONG to "
-              "the person named as shown above\n");
-      break;
-    case GPGME_VALIDITY_MARGINAL:
-      txt = _("WARNING: It is NOT certain that the certificate "
-              "belongs to the person named as shown above\n");
-      break;
-    case GPGME_VALIDITY_FULL:
-    case GPGME_VALIDITY_ULTIMATE:
-      txt = NULL;
-      break;
-    }
-
-  if (txt)
-    at_puts (a, txt);
-}
-
-
-/* Print a text with the attestation of the signature verification
-   (which is in RES) to A.  FILENAME may also be used in the
-   attestation. */
-static void
-add_verify_attestation (gpgme_data_t a, gpgme_ctx_t ctx,
-                        gpgme_verify_result_t res, const char *filename)
-{
-  time_t created;
-  const char *fpr, *uid;
-  gpgme_key_t key = NULL;
-  int i, anybad = 0, anywarn = 0;
-  unsigned int sum;
-  gpgme_user_id_t uids = NULL;
-  gpgme_signature_t sig;
-  gpgme_error_t err;
-
-  if (!gpgme_data_seek (a, 0, SEEK_CUR))
-    {
-      /* Nothing yet written to the stream.  Insert the current time. */
-      at_puts (a, _("Verification started at: "));
-      at_print_time (a, time (NULL));
-      at_puts (a, "\n\n");
-    }
-
-  at_puts (a, _("Verification result for: "));
-  at_puts (a, filename ? filename : _("[unnamed part]"));
-  at_puts (a, "\n");
-  if (res)
-    {
-      for (sig = res->signatures; sig; sig = sig->next)
-        {
-          created = sig->timestamp;
-          fpr = sig->fpr;
-          sum = sig->summary;
-
-          if (gpg_err_code (sig->status) != GPG_ERR_NO_ERROR)
-            anybad = 1;
-
-          err = gpgme_get_key (ctx, fpr, &key, 0);
-          uid = !err && key->uids && key->uids->uid ? key->uids->uid : "[?]";
-
-          if ((sum & GPGME_SIGSUM_GREEN))
-            {
-              at_puts (a, _("Good signature from: "));
-              at_puts (a, uid);
-              at_puts (a, "\n");
-              for (i = 1, uids = key->uids; uids; i++, uids = uids->next)
-                {
-                  if (uids->revoked)
-                    continue;
-                  at_puts (a, _("                aka: "));
-                  at_puts (a, uids->uid);
-                  at_puts (a, "\n");
-                }
-              at_puts (a, _("            created: "));
-              at_print_time (a, created);
-              at_puts (a, "\n");
-              if (at_sig_summary (a, sum, sig, key))
-                anywarn = 1;
-              at_sig_validity (a, sig);
-            }
-          else if ((sum & GPGME_SIGSUM_RED))
-            {
-              at_puts (a, _("*BAD* signature claimed to be from: "));
-              at_puts (a, uid);
-              at_puts (a, "\n");
-              at_sig_summary (a, sum, sig, key);
-            }
-          else if (!anybad && key && (key->protocol == GPGME_PROTOCOL_OpenPGP))
-            { /* We can't decide (yellow) but this is a PGP key with a
-                 good signature, so we display what a PGP user
-                 expects: The name, fingerprint and the key validity
-                 (which is neither fully or ultimate). */
-              at_puts (a, _("Good signature from: "));
-              at_puts (a, uid);
-              at_puts (a, "\n");
-              at_puts (a, _("            created: "));
-              at_print_time (a, created);
-              at_puts (a, "\n");
-              at_sig_validity (a, sig);
-              at_fingerprint (a, key);
-              if (at_sig_summary (a, sum, sig, key))
-                anywarn = 1;
-            }
-          else /* can't decide (yellow) */
-            {
-              at_puts (a, _("Error checking signature"));
-              at_puts (a, "\n");
-              at_sig_summary (a, sum, sig, key);
-            }
-          
-          gpgme_key_release (key);
-        }
-
-      if (!anybad )
-        {
-          gpgme_sig_notation_t notation;
-          
-          for (sig = res->signatures; sig; sig = sig->next)
-            {
-              if (!sig->notations)
-                continue;
-              at_puts (a, _("*** Begin Notation (signature by: "));
-              at_puts (a, sig->fpr);
-              at_puts (a, ") ***\n");
-              for (notation = sig->notations; notation;
-                   notation = notation->next)
-                {
-                  if (notation->name)
-                    {
-                      at_puts (a, notation->name);
-                      at_puts (a, "=");
-                    }
-                  if (notation->value)
-                    {
-                      at_puts (a, notation->value);
-                      if (!(*notation->value
-                            && (notation->value[strlen (notation->value)-1]
-                                =='\n')))
-                        at_puts (a, "\n");
-                    }
-                }
-              at_puts (a, _("*** End Notation ***\n"));
-            }
-	}
-    }
-  at_puts (a, "\n");
-}
-#endif
-
-
-

-/* Try to find a key for each item in array NAMES. Items not found are
-   stored as malloced strings in the newly allocated array UNKNOWN.
-   Found keys are stored in the newly allocated array KEYS.  Both
-   arrays are terminated by a NULL entry.  Caller needs to release
-   KEYS and UNKNOWN.
-
-   Returns: 0 on success. However success may also be that one or all
-   keys are unknown.
-*/
-int 
-op_lookup_keys (char **names, gpgme_key_t **keys, char ***unknown)
-{
-  gpgme_error_t err;
-  gpgme_ctx_t ctx;
-  size_t n;
-  int i, kpos, upos;
-  gpgme_key_t k, k2;
-
-  *keys = NULL;
-  *unknown = NULL;
-
-  err = gpgme_new (&ctx);
-  if (err)
-    return -1; /* Error. */
-
-  for (n=0; names[n]; n++)
-    ;
-
-  *keys =  xcalloc (n+1, sizeof *keys);
-  *unknown = xcalloc (n+1, sizeof *unknown);
-
-  for (i=kpos=upos=0; names[i]; i++)
-    {
-      k = NULL;
-      err = gpgme_op_keylist_start (ctx, names[i], 0);
-      if (!err)
-        {
-          err = gpgme_op_keylist_next (ctx, &k);
-          if (!err && !gpgme_op_keylist_next (ctx, &k2))
-            {
-              /* More than one matching key available.  Take this one
-                 as unknown. */
-              gpgme_key_release (k);
-              gpgme_key_release (k2);
-              k = k2 = NULL;
-            }
-        }
-      gpgme_op_keylist_end (ctx);
-
-      
-      /* only useable keys will be added otherwise they will be stored
-         in unknown (marked with their status). */
-      if (k && !k->revoked && !k->disabled && !k->expired)
-        (*keys)[kpos++] = k;
-      else if (k)
-	{
-	  char *p, *fmt = "%s (%s)";
-	  char *warn = k->revoked? "revoked" : k->expired? "expired" : "disabled";
-	  
-	  p = xcalloc (1, strlen (names[i]) + strlen (warn) + strlen (fmt) +1);
-	  sprintf (p, fmt, names[i], warn);
-	  (*unknown)[upos++] = p;
-	  gpgme_key_release (k);
-	}
-      else if (!k)
-        (*unknown)[upos++] = xstrdup (names[i]);
-    }
-
-  gpgme_release (ctx);
-  return 0;
-}
-
-
-/* Return a GPGME key object matching PATTERN.  If no key matches or
-   the match is ambiguous, return NULL. */
-gpgme_key_t 
-op_get_one_key (char *pattern)
-{
-  gpgme_error_t err;
-  gpgme_ctx_t ctx;
-  gpgme_key_t k, k2;
-
-  err = gpgme_new (&ctx);
-  if (err)
-    return NULL; /* Error. */
-  err = gpgme_op_keylist_start (ctx, pattern, 0);
-  if (!err)
-    {
-      err = gpgme_op_keylist_next (ctx, &k);
-      if (!err && !gpgme_op_keylist_next (ctx, &k2))
-        {
-          /* More than one matching key available.  Return an error
-             instead. */
-          gpgme_key_release (k);
-          gpgme_key_release (k2);
-          k = k2 = NULL;
-        }
-    }
-  gpgme_op_keylist_end (ctx);
-  gpgme_release (ctx);
-  return k;
-}
-
-
-/* Copy the data from the GPGME object DAT to a newly created file
-   with name OUTFILE.  Returns 0 on success. */
-static gpgme_error_t
-data_to_file (gpgme_data_t *dat, const char *outfile)
-{
-  FILE *out;
-  char *buf;
-  size_t n=0;
-
-  out = fopen (outfile, "wb");
-  if (!out)
-    return GPG_ERR_UNKNOWN_ERRNO; /* FIXME: We need to check why we
-                                     can't use errno here. */
-  /* FIXME: Why at all are we using an in memory object wqhen we are
-     later going to write to a file anyway. */
-  buf = gpgme_data_release_and_get_mem (*dat, &n);
-  *dat = NULL;
-  if (!n)
-    {
-      fclose (out);
-      return GPG_ERR_EOF; /* FIXME:  wrap this into a gpgme_error() */
-    }
-  fwrite (buf, 1, n, out);
-  fclose (out);
-  /* FIXME: We have no error checking above. */
-  gpgme_free (buf);
-  return 0;
-}
-
-
-int
-op_export_keys (const char *pattern[], const char *outfile)
-{      
-    /* @untested@ */
-    gpgme_ctx_t ctx=NULL;
-    gpgme_data_t  out=NULL;    
-    gpgme_error_t err;
-
-    err = gpgme_new (&ctx);
-    if (err)
-	return err;
-    err = gpgme_data_new (&out);
-    if (err) {
-	gpgme_release (ctx);
-	return err;
-    }
-
-    gpgme_set_armor (ctx, 1);
-    err = gpgme_op_export_ext (ctx, pattern, 0, out);
-    if (!err)
-	data_to_file (&out, outfile);
-
-    gpgme_data_release (out);  
-    gpgme_release (ctx);  
-    return err;
-}
-
-
-const char *
-userid_from_key (gpgme_key_t k)
-{
-  if (k && k->uids && k->uids->uid)
-    return k->uids->uid;
-  else
-    return "?";
-}
-
-const char *
-keyid_from_key (gpgme_key_t k)
-{
-  
-  if (k && k->subkeys && k->subkeys->keyid)
-    return k->subkeys->keyid;
-  else
-    return "????????";
-}
-
diff --git a/src/engine-gpgme.h b/src/engine-gpgme.h
deleted file mode 100644
index e5590ba..0000000
--- a/src/engine-gpgme.h
+++ /dev/null
@@ -1,70 +0,0 @@
-/* engine-gpgme.h - GPGME based crypto engine
- *	Copyright (C) 2005, 2007 g10 Code GmbH
- *
- * This file is part of Gpgol.
- *
- * GpgOL is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 
- * of the License, or (at your option) any later version.
- *  
- * GpgOL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef GPGOL_ENGINE_GPGME_H
-#define GPGOL_ENGINE_GPGME_H
-
-#ifdef __cplusplus
-extern "C" {
-#if 0
-}
-#endif
-#endif
-
-#include <gpgme.h>
-
-typedef engine_sigtype_t op_sigtype_t;
-
-
-int op_gpgme_basic_init (void);
-int op_gpgme_init (void);
-void op_gpgme_deinit (void);
-void engine_gpgme_cancel (void *cancel_data);
-
-
-int op_gpgme_encrypt (protocol_t protocol,
-                      gpgme_data_t indata, gpgme_data_t outdata, 
-                      engine_filter_t filter, void *hwnd,
-                      char **recipients);
-int op_gpgme_sign (protocol_t protocol, 
-                   gpgme_data_t indata, gpgme_data_t outdata,
-                   engine_filter_t filter, void *hwnd);
-int op_gpgme_decrypt (protocol_t protocol,
-                      gpgme_data_t indata, gpgme_data_t outdata, 
-                      engine_filter_t filter, void *hwnd,
-                      int with_verify);
-int op_gpgme_verify (gpgme_protocol_t protocol, 
-                     gpgme_data_t data, const char *signature, size_t sig_len,
-                     engine_filter_t filter, void *hwnd);
-
-
-
-
-int op_export_keys (const char *pattern[], const char *outfile);
-
-int op_lookup_keys (char **names, gpgme_key_t **keys, char ***unknown);
-gpgme_key_t op_get_one_key (char *pattern);
-
-const char *userid_from_key (gpgme_key_t k);
-const char *keyid_from_key (gpgme_key_t k);
-
-#ifdef __cplusplus
-}
-#endif
-#endif /*GPGOL_ENGINE_GPGME_H*/
diff --git a/src/engine.c b/src/engine.c
index 1dc471e..f208799 100644
--- a/src/engine.c
+++ b/src/engine.c
@@ -30,7 +30,6 @@
 
 #include "common.h"
 #include "engine.h"
-#include "engine-gpgme.h"
 #include "engine-assuan.h"
 
 
@@ -44,10 +43,6 @@
 #define debug_filter        (opt.enable_debug & DBG_FILTER)
 #define debug_filter_extra  (opt.enable_debug & DBG_FILTER_EXTRA)
 
-/* This variable indicates whether the assuan engine is used.  */
-static int use_assuan;
-
-
 /* Definition of the key object.  */
 struct engine_keyinfo_s
 {
@@ -62,7 +57,6 @@ struct engine_keyinfo_s
    accessed by one thread. */
 struct engine_filter_s
 {
-  int use_assuan;          /* The same as the global USE_ASSUAN.  */
 
   struct {
     CRITICAL_SECTION lock; /* The lock for the this object. */
@@ -177,11 +171,7 @@ create_filter (void)
 
   /* If we are using the assuan engine we need to make the gpgme read
      callback non blocking.  */
-  if (use_assuan)
-    {
-      filter->use_assuan = 1;
-      filter->in.nonblock = 1;
-    }
+  filter->in.nonblock = 1;
 
   return filter;
 }
@@ -381,10 +371,6 @@ engine_init (void)
 {
   gpg_error_t err;
 
-  err = op_gpgme_basic_init ();
-  if (err)
-    return err;
-
   do
     err = op_assuan_init ();
   while (err
@@ -394,20 +380,6 @@ engine_init (void)
                           "want to try again."),
                         _("GpgOL"),
                         MB_ICONQUESTION|MB_RETRYCANCEL) == IDRETRY);
-  if (err)
-    {
-      use_assuan = 0;
-      MessageBox (NULL,
-                  _("The user interface server is not available or does "
-                    "not work.  Using an internal user interface.\n\n"
-                    "This is limited to the PGP/MIME protocol and "
-                    "thus S/MIME protected message are not readable."),
-                  _("GpgOL"), MB_ICONWARNING|MB_OK);
-      err = op_gpgme_init ();
-    }
-  else
-    use_assuan = 1;
-
   return err;
 }
 
@@ -417,7 +389,6 @@ void
 engine_deinit (void)
 {
   op_assuan_deinit ();
-  op_gpgme_deinit ();
 }
 
 /* Helper function to return a new session number.  */
@@ -807,10 +778,7 @@ engine_cancel (engine_filter_t filter)
     {
       log_debug ("%s:%s: filter %p: sending cancel command to backend",
                  SRCNAME, __func__, filter);
-      if (filter->use_assuan)
-        engine_assuan_cancel (cancel_data);
-      else
-        engine_gpgme_cancel (cancel_data);
+      engine_assuan_cancel (cancel_data);
       if (WaitForSingleObject (filter->in.ready_event, INFINITE)
           != WAIT_OBJECT_0)
         log_error_w32 (-1, "%s:%s: filter %p: WFSO failed", 
@@ -856,18 +824,12 @@ engine_encrypt_prepare (engine_filter_t filter, HWND hwnd,
   protocol_t used_protocol;
 
   *r_protocol = req_protocol;
-  if (filter->use_assuan)
-    {
-      err = op_assuan_encrypt (req_protocol, filter->indata, filter->outdata,
-                               filter, hwnd, flags, sender, recipients,
-                               &used_protocol, &filter->encstate);
-      if (!err)
-        *r_protocol = used_protocol;
-    }
-  else
-    err = op_gpgme_encrypt (req_protocol, filter->indata, filter->outdata,
-                            filter, hwnd, recipients);
-      
+  err = op_assuan_encrypt (req_protocol, filter->indata, filter->outdata,
+                           filter, hwnd, flags, sender, recipients,
+                           &used_protocol, &filter->encstate);
+  if (!err)
+    *r_protocol = used_protocol;
+
   return err;
 }
 
@@ -877,14 +839,9 @@ engine_encrypt_start (engine_filter_t filter, int cancel)
 {
   gpg_error_t err;
 
-  if (filter->use_assuan)
-    {
-      err = op_assuan_encrypt_bottom (filter->encstate, cancel);
-      filter->encstate = NULL;
-    }
-  else
-    err = 0; /* This is a dummy here.  */
-      
+  err = op_assuan_encrypt_bottom (filter->encstate, cancel);
+  filter->encstate = NULL;
+
   return err;
 }
 
@@ -903,22 +860,12 @@ engine_sign_start (engine_filter_t filter, HWND hwnd, protocol_t protocol,
   gpg_error_t err;
   protocol_t used_protocol;
 
-  if (filter->use_assuan)
-    {
-      err = op_assuan_sign (protocol, filter->indata, filter->outdata,
-                            filter, hwnd, sender, &used_protocol,
-                            ENGINE_FLAG_DETACHED);
-      if (!err)
-        *r_protocol = used_protocol;
-    }
-  else
-    {
-      err = op_gpgme_sign (protocol, filter->indata, filter->outdata,
-                           filter, hwnd);
-      if (!err)
-        *r_protocol = (protocol == GPGME_PROTOCOL_UNKNOWN?
-                       GPGME_PROTOCOL_OpenPGP : protocol);
-    }
+  err = op_assuan_sign (protocol, filter->indata, filter->outdata,
+                        filter, hwnd, sender, &used_protocol,
+                        ENGINE_FLAG_DETACHED);
+  if (!err)
+    *r_protocol = used_protocol;
+
   return err;
 }
 
@@ -932,16 +879,11 @@ engine_sign_opaque_start (engine_filter_t filter, HWND hwnd,
   gpg_error_t err;
   protocol_t used_protocol;
 
-  if (filter->use_assuan)
-    {
-      err = op_assuan_sign (protocol, filter->indata, filter->outdata,
-                            filter, hwnd, sender, &used_protocol,
-                            0);
-      if (!err)
-        *r_protocol = used_protocol;
-    }
-  else
-    return gpg_error (GPG_ERR_NOT_SUPPORTED);
+  err = op_assuan_sign (protocol, filter->indata, filter->outdata,
+                        filter, hwnd, sender, &used_protocol,
+                        0);
+  if (!err)
+    *r_protocol = used_protocol;
 
   return err;
 }
@@ -961,12 +903,8 @@ engine_decrypt_start (engine_filter_t filter, HWND hwnd, protocol_t protocol,
 {
   gpg_error_t err;
 
-  if (filter->use_assuan)
-    err = op_assuan_decrypt (protocol, filter->indata, filter->outdata,
-                            filter, hwnd, with_verify, from_address);
-  else
-    err = op_gpgme_decrypt (protocol, filter->indata, filter->outdata,
-                            filter, hwnd, with_verify);
+  err = op_assuan_decrypt (protocol, filter->indata, filter->outdata,
+                          filter, hwnd, with_verify, from_address);
   return err;
 }
 
@@ -987,23 +925,13 @@ engine_verify_start (engine_filter_t filter, HWND hwnd, const char *signature,
 {
   gpg_error_t err;
 
-  if (!signature && !filter->use_assuan)
-    {
-      log_error ("%s:%s: opaque signatures are not supported "
-                 "by the internal backend\n",
-                 SRCNAME, __func__);
-      return gpg_error (GPG_ERR_NOT_SUPPORTED);
-    }
-
-  if (filter->use_assuan && !signature)
+  if (!signature)
     err = op_assuan_verify (protocol, filter->indata, NULL, 0,
-			    filter->outdata, filter, hwnd, from_address);
-  else if (filter->use_assuan)
-    err = op_assuan_verify (protocol, filter->indata, signature, sig_len,
-			    NULL, filter, hwnd, from_address);
+                            filter->outdata, filter, hwnd, from_address);
   else
-    err = op_gpgme_verify (protocol, filter->indata, signature, sig_len,
-                           filter, hwnd);
+    err = op_assuan_verify (protocol, filter->indata, signature, sig_len,
+                            NULL, filter, hwnd, from_address);
+
   return err;
 }
 
@@ -1012,18 +940,12 @@ engine_verify_start (engine_filter_t filter, HWND hwnd, const char *signature,
 int
 engine_start_keymanager (HWND hwnd)
 {
-  if (use_assuan)
-    return op_assuan_start_keymanager (hwnd);
-  else
-    return gpg_error (GPG_ERR_NOT_SUPPORTED);
+  return op_assuan_start_keymanager (hwnd);
 }
 
 /* Fire up the config dialog.  Returns 0 on success.  */
 int
 engine_start_confdialog (HWND hwnd)
 {
-  if (use_assuan)
-    return op_assuan_start_confdialog (hwnd);
-  else
-    return gpg_error (GPG_ERR_NOT_SUPPORTED);
+  return op_assuan_start_confdialog (hwnd);
 }

-----------------------------------------------------------------------

Summary of changes:
 configure.ac       |    4 +-
 src/Makefile.am    |    1 -
 src/engine-gpgme.c | 1276 ----------------------------------------------------
 src/engine-gpgme.h |   70 ---
 src/engine.c       |  144 ++----
 5 files changed, 35 insertions(+), 1460 deletions(-)
 delete mode 100644 src/engine-gpgme.c
 delete mode 100644 src/engine-gpgme.h


hooks/post-receive
-- 
GnuPG extension for MS Outlook
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Oct 14 05:09:26 2015
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Wed, 14 Oct 2015 05:09:26 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-265-g813565a
Message-ID: <E1ZmCIf-0005wP-0Z@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  813565a07ca575c87e1252c6ed26018653ecd338 (commit)
      from  fa94b6111948a614ebdcb67f7942eced8b84c579 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 813565a07ca575c87e1252c6ed26018653ecd338
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Wed Oct 14 11:52:40 2015 +0900

    Fix gpg_error_t and gpg_err_code_t confusion.
    
    * src/gcrypt-int.h (_gcry_sexp_extract_param): Revert the change.
    * cipher/dsa.c (dsa_check_secret_key): Ditto.
    * src/sexp.c (_gcry_sexp_extract_param): Return gpg_err_code_t.
    
    * src/gcrypt-int.h (_gcry_err_make_from_errno)
    (_gcry_error_from_errno): Return gpg_error_t.
    * cipher/cipher.c (_gcry_cipher_open_internal)
    (_gcry_cipher_ctl, _gcry_cipher_ctl): Don't use gcry_error.
    * src/global.c (_gcry_vcontrol): Likewise.
    * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Use
     gpg_err_code_from_syserror.
    * cipher/mac.c (mac_reset, mac_setkey, mac_setiv, mac_write)
    (mac_read, mac_verify): Return gcry_err_code_t.
    * cipher/rsa-common.c (mgf1): Use gcry_err_code_t for ERR.
    * src/visibility.c (gcry_error_from_errno): Return gpg_error_t.
    
    --
    
    Reverting a part of 73374fdd and fix _gcry_sexp_extract_param
    return type, instead.
    
    Fix similar coding mistakes, throughout.

diff --git a/cipher/cipher.c b/cipher/cipher.c
index 30c2f48..ab9f0dc 100644
--- a/cipher/cipher.c
+++ b/cipher/cipher.c
@@ -590,7 +590,7 @@ _gcry_cipher_open_internal (gcry_cipher_hd_t *handle,
 
   *handle = err ? NULL : h;
 
-  return gcry_error (err);
+  return err;
 }
 
 
@@ -1271,10 +1271,10 @@ _gcry_cipher_ctl (gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen)
         size_t authtaglen;
 
         if (h->mode != GCRY_CIPHER_MODE_CCM)
-          return gcry_error (GPG_ERR_INV_CIPHER_MODE);
+          return GPG_ERR_INV_CIPHER_MODE;
 
         if (!buffer || buflen != 3 * sizeof(u64))
-          return gcry_error (GPG_ERR_INV_ARG);
+          return GPG_ERR_INV_ARG;
 
         /* This command is used to pass additional length parameters needed
            by CCM mode to initialize CBC-MAC.  */
@@ -1317,7 +1317,7 @@ _gcry_cipher_ctl (gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen)
       /* This command expects NULL for H and BUFFER to point to an
          integer with the algo number.  */
       if( h || !buffer || buflen != sizeof(int) )
-	return gcry_error (GPG_ERR_CIPHER_ALGO);
+	return GPG_ERR_CIPHER_ALGO;
       disable_cipher_algo( *(int*)buffer );
       break;
 
diff --git a/cipher/dsa.c b/cipher/dsa.c
index 723f690..01d153f 100644
--- a/cipher/dsa.c
+++ b/cipher/dsa.c
@@ -968,14 +968,12 @@ dsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
 static gcry_err_code_t
 dsa_check_secret_key (gcry_sexp_t keyparms)
 {
-  gcry_error_t err;
   gcry_err_code_t rc;
   DSA_secret_key sk = {NULL, NULL, NULL, NULL, NULL};
 
-  err = _gcry_sexp_extract_param (keyparms, NULL, "pqgyx",
+  rc = _gcry_sexp_extract_param (keyparms, NULL, "pqgyx",
                                   &sk.p, &sk.q, &sk.g, &sk.y, &sk.x,
                                   NULL);
-  rc = gpg_err_code (err);
   if (rc)
     goto leave;
 
diff --git a/cipher/ecc-eddsa.c b/cipher/ecc-eddsa.c
index 1e95489..2a52b78 100644
--- a/cipher/ecc-eddsa.c
+++ b/cipher/ecc-eddsa.c
@@ -508,7 +508,7 @@ _gcry_ecc_eddsa_genkey (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx,
   hash_d = xtrymalloc_secure (2*b);
   if (!hash_d)
     {
-      rc = gpg_error_from_syserror ();
+      rc = gpg_err_code_from_syserror ();
       goto leave;
     }
   dlen = b;
diff --git a/cipher/mac.c b/cipher/mac.c
index 9bb360c..b8a5534 100644
--- a/cipher/mac.c
+++ b/cipher/mac.c
@@ -241,7 +241,7 @@ mac_open (gcry_mac_hd_t * hd, int algo, int secure, gcry_ctx_t ctx)
 }
 
 
-static gcry_error_t
+static gcry_err_code_t
 mac_reset (gcry_mac_hd_t hd)
 {
   if (hd->spec->ops->reset)
@@ -263,7 +263,7 @@ mac_close (gcry_mac_hd_t hd)
 }
 
 
-static gcry_error_t
+static gcry_err_code_t
 mac_setkey (gcry_mac_hd_t hd, const void *key, size_t keylen)
 {
   if (!hd->spec->ops->setkey)
@@ -275,7 +275,7 @@ mac_setkey (gcry_mac_hd_t hd, const void *key, size_t keylen)
 }
 
 
-static gcry_error_t
+static gcry_err_code_t
 mac_setiv (gcry_mac_hd_t hd, const void *iv, size_t ivlen)
 {
   if (!hd->spec->ops->setiv)
@@ -287,7 +287,7 @@ mac_setiv (gcry_mac_hd_t hd, const void *iv, size_t ivlen)
 }
 
 
-static gcry_error_t
+static gcry_err_code_t
 mac_write (gcry_mac_hd_t hd, const void *inbuf, size_t inlen)
 {
   if (!hd->spec->ops->write)
@@ -299,7 +299,7 @@ mac_write (gcry_mac_hd_t hd, const void *inbuf, size_t inlen)
 }
 
 
-static gcry_error_t
+static gcry_err_code_t
 mac_read (gcry_mac_hd_t hd, void *outbuf, size_t * outlen)
 {
   if (!outbuf || !outlen || *outlen == 0 || !hd->spec->ops->read)
@@ -309,7 +309,7 @@ mac_read (gcry_mac_hd_t hd, void *outbuf, size_t * outlen)
 }
 
 
-static gcry_error_t
+static gcry_err_code_t
 mac_verify (gcry_mac_hd_t hd, const void *buf, size_t buflen)
 {
   if (!buf || buflen == 0 || !hd->spec->ops->verify)
diff --git a/cipher/rsa-common.c b/cipher/rsa-common.c
index f56e989..b260142 100644
--- a/cipher/rsa-common.c
+++ b/cipher/rsa-common.c
@@ -393,7 +393,7 @@ mgf1 (unsigned char *output, size_t outlen, unsigned char *seed, size_t seedlen,
   size_t dlen, nbytes, n;
   int idx;
   gcry_md_hd_t hd;
-  gcry_error_t err;
+  gcry_err_code_t err;
 
   err = _gcry_md_open (&hd, algo, 0);
   if (err)
diff --git a/src/gcrypt-int.h b/src/gcrypt-int.h
index ea3c8d5..8014d61 100644
--- a/src/gcrypt-int.h
+++ b/src/gcrypt-int.h
@@ -277,7 +277,7 @@ _gcry_err_code_to_errno (gcry_err_code_t code)
 
 /* Return an error value with the error source SOURCE and the system
    error ERR.  */
-static inline gcry_err_code_t
+static inline gcry_error_t
 _gcry_err_make_from_errno (gpg_err_source_t source, int err)
 {
   return gpg_err_make_from_errno (source, err);
@@ -285,7 +285,7 @@ _gcry_err_make_from_errno (gpg_err_source_t source, int err)
 
 
 /* Return an error value with the system error ERR.  */
-static inline gcry_err_code_t
+static inline gcry_error_t
 _gcry_error_from_errno (int err)
 {
   return gpg_error (gpg_err_code_from_errno (err));
@@ -329,10 +329,10 @@ void *_gcry_sexp_nth_buffer (const gcry_sexp_t list, int number,
                              size_t *rlength);
 char *_gcry_sexp_nth_string (gcry_sexp_t list, int number);
 gcry_mpi_t _gcry_sexp_nth_mpi (gcry_sexp_t list, int number, int mpifmt);
-gpg_error_t _gcry_sexp_extract_param (gcry_sexp_t sexp,
-                                      const char *path,
-                                      const char *list,
-                                      ...) _GCRY_GCC_ATTR_SENTINEL(0);
+gpg_err_code_t _gcry_sexp_extract_param (gcry_sexp_t sexp,
+                                         const char *path,
+                                         const char *list,
+                                         ...) _GCRY_GCC_ATTR_SENTINEL(0);
 
 #define sexp_new(a, b, c, d)         _gcry_sexp_new ((a), (b), (c), (d))
 #define sexp_create(a, b, c, d, e)   _gcry_sexp_create ((a), (b), (c), (d), (e))
diff --git a/src/global.c b/src/global.c
index 4e8df86..2290393 100644
--- a/src/global.c
+++ b/src/global.c
@@ -490,7 +490,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
       _gcry_set_preferred_rng_type (0);
       rc = _gcry_rndegd_set_socket_name (va_arg (arg_ptr, const char *));
 #else
-      rc = gpg_error (GPG_ERR_NOT_SUPPORTED);
+      rc = GPG_ERR_NOT_SUPPORTED;
 #endif
       break;
 
diff --git a/src/sexp.c b/src/sexp.c
index 1c014e0..f1bbffa 100644
--- a/src/sexp.c
+++ b/src/sexp.c
@@ -2423,7 +2423,7 @@ _gcry_sexp_vextract_param (gcry_sexp_t sexp, const char *path,
   return rc;
 }
 
-gpg_error_t
+gpg_err_code_t
 _gcry_sexp_extract_param (gcry_sexp_t sexp, const char *path,
                           const char *list, ...)
 {
@@ -2433,5 +2433,5 @@ _gcry_sexp_extract_param (gcry_sexp_t sexp, const char *path,
   va_start (arg_ptr, list);
   rc = _gcry_sexp_vextract_param (sexp, path, list, arg_ptr);
   va_end (arg_ptr);
-  return gpg_error (rc);
+  return rc;
 }
diff --git a/src/visibility.c b/src/visibility.c
index 3e1f28b..cbf24e7 100644
--- a/src/visibility.c
+++ b/src/visibility.c
@@ -57,7 +57,7 @@ gcry_err_make_from_errno (gcry_err_source_t source, int err)
   return _gcry_err_make_from_errno (source, err);
 }
 
-gcry_err_code_t
+gcry_error_t
 gcry_error_from_errno (int err)
 {
   return _gcry_error_from_errno (err);

-----------------------------------------------------------------------

Summary of changes:
 cipher/cipher.c     |  8 ++++----
 cipher/dsa.c        |  4 +---
 cipher/ecc-eddsa.c  |  2 +-
 cipher/mac.c        | 12 ++++++------
 cipher/rsa-common.c |  2 +-
 src/gcrypt-int.h    | 12 ++++++------
 src/global.c        |  2 +-
 src/sexp.c          |  4 ++--
 src/visibility.c    |  2 +-
 9 files changed, 23 insertions(+), 25 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Oct 14 05:43:44 2015
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Wed, 14 Oct 2015 05:43:44 +0200
Subject: [git] GCRYPT - branch, LIBGCRYPT-1-6-BRANCH,
 updated. libgcrypt-1.6.4-3-gd501cc4
Message-ID: <E1ZmCpr-000707-1f@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, LIBGCRYPT-1-6-BRANCH has been updated
       via  d501cc4edd55d3953d7581b3f8ff0c348df31ef0 (commit)
      from  24f6c65e36edec13aa781862ff1ff45ca3e99b99 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit d501cc4edd55d3953d7581b3f8ff0c348df31ef0
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Wed Oct 14 11:52:40 2015 +0900

    Fix gpg_error_t and gpg_err_code_t confusion.
    
    * src/gcrypt-int.h (_gcry_sexp_extract_param): Revert the change.
    * cipher/dsa.c (dsa_check_secret_key): Ditto.
    * src/sexp.c (_gcry_sexp_extract_param): Return gpg_err_code_t.
    
    * src/gcrypt-int.h (_gcry_err_make_from_errno)
    (_gcry_error_from_errno): Return gpg_error_t.
    * cipher/cipher.c (_gcry_cipher_open_internal)
    (_gcry_cipher_ctl, _gcry_cipher_ctl): Don't use gcry_error.
    * src/global.c (_gcry_vcontrol): Likewise.
    * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Use
     gpg_err_code_from_syserror.
    * cipher/mac.c (mac_reset, mac_setkey, mac_setiv, mac_write)
    (mac_read, mac_verify): Return gcry_err_code_t.
    * cipher/rsa-common.c (mgf1): Use gcry_err_code_t for ERR.
    * src/visibility.c (gcry_error_from_errno): Return gpg_error_t.
    
    --
    
    Reverting a part of 24f6c65e and fix _gcry_sexp_extract_param
    return type, instead.
    
    Fix similar coding mistakes, throughout.
    
    (backported from master
         commit 813565a07ca575c87e1252c6ed26018653ecd338)

diff --git a/cipher/cipher.c b/cipher/cipher.c
index 8c5a0b4..1741a7b 100644
--- a/cipher/cipher.c
+++ b/cipher/cipher.c
@@ -542,7 +542,7 @@ _gcry_cipher_open_internal (gcry_cipher_hd_t *handle,
 
   *handle = err ? NULL : h;
 
-  return gcry_error (err);
+  return err;
 }
 
 
@@ -1153,10 +1153,10 @@ _gcry_cipher_ctl (gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen)
         size_t authtaglen;
 
         if (h->mode != GCRY_CIPHER_MODE_CCM)
-          return gcry_error (GPG_ERR_INV_CIPHER_MODE);
+          return GPG_ERR_INV_CIPHER_MODE;
 
         if (!buffer || buflen != 3 * sizeof(u64))
-          return gcry_error (GPG_ERR_INV_ARG);
+          return GPG_ERR_INV_ARG;
 
         /* This command is used to pass additional length parameters needed
            by CCM mode to initialize CBC-MAC.  */
@@ -1176,7 +1176,7 @@ _gcry_cipher_ctl (gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen)
       /* This command expects NULL for H and BUFFER to point to an
          integer with the algo number.  */
       if( h || !buffer || buflen != sizeof(int) )
-	return gcry_error (GPG_ERR_CIPHER_ALGO);
+	return GPG_ERR_CIPHER_ALGO;
       disable_cipher_algo( *(int*)buffer );
       break;
 
diff --git a/cipher/dsa.c b/cipher/dsa.c
index 723f690..01d153f 100644
--- a/cipher/dsa.c
+++ b/cipher/dsa.c
@@ -968,14 +968,12 @@ dsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
 static gcry_err_code_t
 dsa_check_secret_key (gcry_sexp_t keyparms)
 {
-  gcry_error_t err;
   gcry_err_code_t rc;
   DSA_secret_key sk = {NULL, NULL, NULL, NULL, NULL};
 
-  err = _gcry_sexp_extract_param (keyparms, NULL, "pqgyx",
+  rc = _gcry_sexp_extract_param (keyparms, NULL, "pqgyx",
                                   &sk.p, &sk.q, &sk.g, &sk.y, &sk.x,
                                   NULL);
-  rc = gpg_err_code (err);
   if (rc)
     goto leave;
 
diff --git a/cipher/ecc-eddsa.c b/cipher/ecc-eddsa.c
index 62e6729..589ae17 100644
--- a/cipher/ecc-eddsa.c
+++ b/cipher/ecc-eddsa.c
@@ -508,7 +508,7 @@ _gcry_ecc_eddsa_genkey (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx,
   hash_d = xtrymalloc_secure (2*b);
   if (!hash_d)
     {
-      rc = gpg_error_from_syserror ();
+      rc = gpg_err_code_from_syserror ();
       goto leave;
     }
   dlen = b;
diff --git a/cipher/mac.c b/cipher/mac.c
index d87ac13..85a32c1 100644
--- a/cipher/mac.c
+++ b/cipher/mac.c
@@ -229,7 +229,7 @@ mac_open (gcry_mac_hd_t * hd, int algo, int secure, gcry_ctx_t ctx)
 }
 
 
-static gcry_error_t
+static gcry_err_code_t
 mac_reset (gcry_mac_hd_t hd)
 {
   if (hd->spec->ops->reset)
@@ -251,7 +251,7 @@ mac_close (gcry_mac_hd_t hd)
 }
 
 
-static gcry_error_t
+static gcry_err_code_t
 mac_setkey (gcry_mac_hd_t hd, const void *key, size_t keylen)
 {
   if (!hd->spec->ops->setkey)
@@ -263,7 +263,7 @@ mac_setkey (gcry_mac_hd_t hd, const void *key, size_t keylen)
 }
 
 
-static gcry_error_t
+static gcry_err_code_t
 mac_setiv (gcry_mac_hd_t hd, const void *iv, size_t ivlen)
 {
   if (!hd->spec->ops->setiv)
@@ -275,7 +275,7 @@ mac_setiv (gcry_mac_hd_t hd, const void *iv, size_t ivlen)
 }
 
 
-static gcry_error_t
+static gcry_err_code_t
 mac_write (gcry_mac_hd_t hd, const void *inbuf, size_t inlen)
 {
   if (!hd->spec->ops->write)
@@ -287,7 +287,7 @@ mac_write (gcry_mac_hd_t hd, const void *inbuf, size_t inlen)
 }
 
 
-static gcry_error_t
+static gcry_err_code_t
 mac_read (gcry_mac_hd_t hd, void *outbuf, size_t * outlen)
 {
   if (!outbuf || !outlen || *outlen == 0 || !hd->spec->ops->read)
@@ -297,7 +297,7 @@ mac_read (gcry_mac_hd_t hd, void *outbuf, size_t * outlen)
 }
 
 
-static gcry_error_t
+static gcry_err_code_t
 mac_verify (gcry_mac_hd_t hd, const void *buf, size_t buflen)
 {
   if (!buf || buflen == 0 || !hd->spec->ops->verify)
diff --git a/cipher/rsa-common.c b/cipher/rsa-common.c
index 4f5a659..09774e5 100644
--- a/cipher/rsa-common.c
+++ b/cipher/rsa-common.c
@@ -328,7 +328,7 @@ mgf1 (unsigned char *output, size_t outlen, unsigned char *seed, size_t seedlen,
   size_t dlen, nbytes, n;
   int idx;
   gcry_md_hd_t hd;
-  gcry_error_t err;
+  gcry_err_code_t err;
 
   err = _gcry_md_open (&hd, algo, 0);
   if (err)
diff --git a/src/gcrypt-int.h b/src/gcrypt-int.h
index b6e5826..6cf3a70 100644
--- a/src/gcrypt-int.h
+++ b/src/gcrypt-int.h
@@ -276,7 +276,7 @@ _gcry_err_code_to_errno (gcry_err_code_t code)
 
 /* Return an error value with the error source SOURCE and the system
    error ERR.  */
-static inline gcry_err_code_t
+static inline gcry_error_t
 _gcry_err_make_from_errno (gpg_err_source_t source, int err)
 {
   return gpg_err_make_from_errno (source, err);
@@ -284,7 +284,7 @@ _gcry_err_make_from_errno (gpg_err_source_t source, int err)
 
 
 /* Return an error value with the system error ERR.  */
-static inline gcry_err_code_t
+static inline gcry_error_t
 _gcry_error_from_errno (int err)
 {
   return gpg_error (gpg_err_code_from_errno (err));
@@ -328,10 +328,10 @@ void *_gcry_sexp_nth_buffer (const gcry_sexp_t list, int number,
                              size_t *rlength);
 char *_gcry_sexp_nth_string (gcry_sexp_t list, int number);
 gcry_mpi_t _gcry_sexp_nth_mpi (gcry_sexp_t list, int number, int mpifmt);
-gpg_error_t _gcry_sexp_extract_param (gcry_sexp_t sexp,
-                                      const char *path,
-                                      const char *list,
-                                      ...) _GCRY_GCC_ATTR_SENTINEL(0);
+gpg_err_code_t _gcry_sexp_extract_param (gcry_sexp_t sexp,
+                                         const char *path,
+                                         const char *list,
+                                         ...) _GCRY_GCC_ATTR_SENTINEL(0);
 
 #define sexp_new(a, b, c, d)         _gcry_sexp_new ((a), (b), (c), (d))
 #define sexp_create(a, b, c, d, e)   _gcry_sexp_create ((a), (b), (c), (d), (e))
diff --git a/src/global.c b/src/global.c
index 6f9cbf9..f5c26ab 100644
--- a/src/global.c
+++ b/src/global.c
@@ -499,7 +499,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
       _gcry_set_preferred_rng_type (0);
       rc = _gcry_rndegd_set_socket_name (va_arg (arg_ptr, const char *));
 #else
-      rc = gpg_error (GPG_ERR_NOT_SUPPORTED);
+      rc = GPG_ERR_NOT_SUPPORTED;
 #endif
       break;
 
diff --git a/src/sexp.c b/src/sexp.c
index 1c014e0..f1bbffa 100644
--- a/src/sexp.c
+++ b/src/sexp.c
@@ -2423,7 +2423,7 @@ _gcry_sexp_vextract_param (gcry_sexp_t sexp, const char *path,
   return rc;
 }
 
-gpg_error_t
+gpg_err_code_t
 _gcry_sexp_extract_param (gcry_sexp_t sexp, const char *path,
                           const char *list, ...)
 {
@@ -2433,5 +2433,5 @@ _gcry_sexp_extract_param (gcry_sexp_t sexp, const char *path,
   va_start (arg_ptr, list);
   rc = _gcry_sexp_vextract_param (sexp, path, list, arg_ptr);
   va_end (arg_ptr);
-  return gpg_error (rc);
+  return rc;
 }
diff --git a/src/visibility.c b/src/visibility.c
index b71c839..ca57113 100644
--- a/src/visibility.c
+++ b/src/visibility.c
@@ -57,7 +57,7 @@ gcry_err_make_from_errno (gcry_err_source_t source, int err)
   return _gcry_err_make_from_errno (source, err);
 }
 
-gcry_err_code_t
+gcry_error_t
 gcry_error_from_errno (int err)
 {
   return _gcry_error_from_errno (err);

-----------------------------------------------------------------------

Summary of changes:
 cipher/cipher.c     |  8 ++++----
 cipher/dsa.c        |  4 +---
 cipher/ecc-eddsa.c  |  2 +-
 cipher/mac.c        | 12 ++++++------
 cipher/rsa-common.c |  2 +-
 src/gcrypt-int.h    | 12 ++++++------
 src/global.c        |  2 +-
 src/sexp.c          |  4 ++--
 src/visibility.c    |  2 +-
 9 files changed, 23 insertions(+), 25 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Oct 14 12:01:13 2015
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Wed, 14 Oct 2015 12:01:13 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-4-g3de5ef7
Message-ID: <E1ZmIjD-0001gi-5j@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  3de5ef759895837fe499cff7fb1fa7798e6d5754 (commit)
      from  0b4ebc398cc8aad3f25f84034cd6b129e55f1368 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 3de5ef759895837fe499cff7fb1fa7798e6d5754
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Wed Oct 14 18:57:26 2015 +0900

    cleanup: Fix confusion between gpg_error_t and gpg_err_code_t.
    
    * dirmngr/crlcache.c (hash_dbfile): Use gpg_error_t for ERR.
    * kbx/keybox-update.c (keybox_set_flags): Call
    gpg_err_code_from_syserror.

diff --git a/dirmngr/crlcache.c b/dirmngr/crlcache.c
index a0a5104..64836e2 100644
--- a/dirmngr/crlcache.c
+++ b/dirmngr/crlcache.c
@@ -994,7 +994,7 @@ hash_dbfile (const char *fname, unsigned char *md5buffer)
   char *buffer;
   size_t n;
   gcry_md_hd_t md5;
-  gpg_err_code_t err;
+  gpg_error_t err;
 
   buffer = xtrymalloc (65536);
   fp = buffer? es_fopen (fname, "rb") : NULL;
diff --git a/kbx/keybox-update.c b/kbx/keybox-update.c
index 4b14b2f..2eaae86 100644
--- a/kbx/keybox-update.c
+++ b/kbx/keybox-update.c
@@ -603,7 +603,7 @@ keybox_set_flags (KEYBOX_HANDLE hd, int what, int idx, unsigned int value)
 
   ec = 0;
   if (fseeko (fp, off, SEEK_SET))
-    ec = gpg_error_from_syserror ();
+    ec = gpg_err_code_from_syserror ();
   else
     {
       unsigned char tmp[4];

-----------------------------------------------------------------------

Summary of changes:
 dirmngr/crlcache.c  | 2 +-
 kbx/keybox-update.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Oct 14 14:40:31 2015
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Wed, 14 Oct 2015 14:40:31 +0200
Subject: [git] GpgOL - branch, mime-addin, updated. gpgol-1.2.0-52-g5d62fdb
Message-ID: <E1ZmLDJ-0007xZ-Ep@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".

The branch, mime-addin has been updated
       via  5d62fdbfc5b0931080efda5aca1f52d18acbb7f1 (commit)
      from  7bf40a952a1822cb42bebf866992d7a6eb9db4f6 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 5d62fdbfc5b0931080efda5aca1f52d18acbb7f1
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Wed Oct 14 14:33:17 2015 +0200

    Fix resource id's and remove unused resources.
    
    * dialogs.h: Only use the upper 28 bit for id's. Remove 32/64px ids.
    * oomhelp.cpp (put_oom_icon): Clarify comment and use new ids for mask.
    * explorers.cpp (add_explorer_controls),
     inspectors.cpp (add_inspector_controls, update_crypto_info):
      Use _16 id directly.
    * decrypt-32.bmp,
     decrypt-32m.bmp,
     decrypt-verify-32.bmp,
     decrypt-verify-32m.bmp,
     encrypt-32.bmp,
     encrypt-32m.bmp,
     key-manager-32.bmp,
     key-manager-32m.bmp,
     key-manager-64.bmp,
     key-manager-64m.bmp,
     sign-32.bmp,
     sign-32m.bmp,
     verify-32.bmp,
     verify-32m.bmp: Removed
    
    --
    
    The binutils 2.25 complained about resource merge failures because
    the upper 28 bits from some of our resoruce were identical and the
    last four bits are appearently used by microsoft for some kind of
    string table lookup.
    
    While fixing this I've noticed that the 32 / 64 px size bitmap
    resources were not used anywhere. So they are removed now.

diff --git a/src/decrypt-32.bmp b/src/decrypt-32.bmp
deleted file mode 100644
index f7d4405..0000000
Binary files a/src/decrypt-32.bmp and /dev/null differ
diff --git a/src/decrypt-32m.bmp b/src/decrypt-32m.bmp
deleted file mode 100644
index 47256be..0000000
Binary files a/src/decrypt-32m.bmp and /dev/null differ
diff --git a/src/decrypt-verify-32.bmp b/src/decrypt-verify-32.bmp
deleted file mode 100644
index 41e7040..0000000
Binary files a/src/decrypt-verify-32.bmp and /dev/null differ
diff --git a/src/decrypt-verify-32m.bmp b/src/decrypt-verify-32m.bmp
deleted file mode 100644
index ae9026a..0000000
Binary files a/src/decrypt-verify-32m.bmp and /dev/null differ
diff --git a/src/dialogs.h b/src/dialogs.h
index aec411c..cec97c5 100644
--- a/src/dialogs.h
+++ b/src/dialogs.h
@@ -7,141 +7,112 @@
 #define DIALOGS_H
 
 
-/* Ids used for bitmaps.  There is some magic in the identifiers: In
-   the code we only use values like 3000, the icon code then uses the
-   current system pixel size to the Id and tries to load this one.
-   The mask is always the next id.  */
-#define IDB_ENCRYPT                     3000
-#define IDB_ENCRYPT_16                  3016
-#define IDB_ENCRYPT_16M                 3017
-#define IDB_ENCRYPT_32                  3032
-#define IDB_ENCRYPT_32M                 3033
-#define IDB_ENCRYPT_64                  3064
-#define IDB_ENCRYPT_64M                 3065
-
-#define IDB_SIGN                        3100
-#define IDB_SIGN_16                     3116
-#define IDB_SIGN_16M                    3117
-#define IDB_SIGN_32                     3132
-#define IDB_SIGN_32M                    3133
-#define IDB_SIGN_64                     3164
-#define IDB_SIGN_64M                    3165
-
-#define IDB_KEY_MANAGER                 3200
-#define IDB_KEY_MANAGER_16              3216
-#define IDB_KEY_MANAGER_16M             3217
-#define IDB_KEY_MANAGER_32              3232
-#define IDB_KEY_MANAGER_32M             3233
-#define IDB_KEY_MANAGER_64              3264
-#define IDB_KEY_MANAGER_64M             3265
-
-#define IDB_DECRYPT                     3300
-#define IDB_DECRYPT_16                  3316
-#define IDB_DECRYPT_16M                 3317
-#define IDB_DECRYPT_32                  3332
-#define IDB_DECRYPT_32M                 3333
-#define IDB_DECRYPT_64                  3364
-#define IDB_DECRYPT_64M                 3365
-
-#define IDB_VERIFY                      3400
-#define IDB_VERIFY_16                   3416
-#define IDB_VERIFY_16M                  3417
-#define IDB_VERIFY_32                   3432
-#define IDB_VERIFY_32M                  3433
-#define IDB_VERIFY_64                   3464
-#define IDB_VERIFY_64M                  3465
-
-#define IDB_DECRYPT_VERIFY              3500
-#define IDB_DECRYPT_VERIFY_16           3516
-#define IDB_DECRYPT_VERIFY_16M          3517
-#define IDB_DECRYPT_VERIFY_32           3532
-#define IDB_DECRYPT_VERIFY_32M          3533
-#define IDB_DECRYPT_VERIFY_64           3564
-#define IDB_DECRYPT_VERIFY_64M          3565
+/* Ids used for bitmaps. There is some magic in the identifiers: In
+   the code we only use the first ID value and add 16 to find the mask.
+   The last 4 bits should always be 0 to avoid problems with ld's resource merge
+   code which only uses the first 28 bits as the "name" of the resource
+   and tries to merge resource entries with the same name.
+   */
+#define IDB_ENCRYPT_16                  0x1000
+#define IDB_ENCRYPT_16M                 0x1010
 
+#define IDB_SIGN_16                     0x1100
+#define IDB_SIGN_16M                    0x1110
 
-/* Special */
-#define IDB_BANNER                      3900  /* The g10 Code logo.  */
+#define IDB_KEY_MANAGER_16              0x1200
+#define IDB_KEY_MANAGER_16M             0x1210
 
+#define IDB_DECRYPT_16                  0x1300
+#define IDB_DECRYPT_16M                 0x1310
+
+#define IDB_VERIFY_16                   0x1400
+#define IDB_VERIFY_16M                  0x1410
+
+#define IDB_DECRYPT_VERIFY_16           0x1500
+#define IDB_DECRYPT_VERIFY_16M          0x1510
+
+/* Special */
+#define IDB_BANNER                      0x3900  /* The g10 Code logo.  */
 
-/* Ids used for the main config dialog.  */
-#define IDD_GPG_OPTIONS                 4001
-#define IDC_TIME_PHRASES                4010
-#define IDC_ENCRYPT_DEFAULT             4011
-#define IDC_SIGN_DEFAULT                4012
-#define IDC_ENCRYPT_WITH_STANDARD_KEY   4013
-#define IDC_OPENPGP_DEFAULT             4014
-#define IDC_SMIME_DEFAULT               4015
-#define IDC_GPG_OPTIONS                 4016
-#define IDC_BITMAP                      4017
-#define IDC_VERSION_INFO                4018
-#define IDC_ENCRYPT_TO                  4019
-#define IDC_ENABLE_SMIME                4020
-#define IDC_PREVIEW_DECRYPT             4021
-#define IDC_PREFER_HTML                 4022
-#define IDC_G_GENERAL                   4023
-#define IDC_G_SEND                      4024
-#define IDC_G_RECV                      4025
-#define IDC_BODY_AS_ATTACHMENT          4026
-#define IDC_GPG_CONF                    4027
-#define IDC_G10CODE_STRING              4028
 
 
 /* Ids for the extended options dialog.  */
-#define IDD_EXT_OPTIONS                 4101
-#define IDC_T_DEBUG_LOGFILE             4113
-#define IDC_DEBUG_LOGFILE               4114
+#define IDD_EXT_OPTIONS                 0x4110
+#define IDC_T_DEBUG_LOGFILE             0x4120
+#define IDC_DEBUG_LOGFILE               0x4130
 
 
 /* Ids for the recipient selection dialog.  */
-#define IDD_ENC                         4201
-#define IDC_ENC_RSET1                   4210
-#define IDC_ENC_RSET2_T                 4211
-#define IDC_ENC_RSET2                   4212
-#define IDC_ENC_NOTFOUND_T              4213
-#define IDC_ENC_NOTFOUND                4214
+#define IDD_ENC                         0x4210
+#define IDC_ENC_RSET1                   0x4220
+#define IDC_ENC_RSET2_T                 0x4230
+#define IDC_ENC_RSET2                   0x4240
+#define IDC_ENC_NOTFOUND_T              0x4250
+#define IDC_ENC_NOTFOUND                0x4260
 
 
 /* Ids for the two decryption dialogs.  */
-#define IDD_DEC                         4301
-#define IDD_DECEXT                      4302
-#define IDC_DEC_KEYLIST                 4310
-#define IDC_DEC_HINT                    4311
-#define IDC_DEC_PASSINF                 4312
-#define IDC_DEC_PASS                    4313
-#define IDC_DEC_HIDE                    4314
-#define IDC_DECEXT_RSET_T               4320
-#define IDC_DECEXT_RSET                 4321
-#define IDC_DECEXT_KEYLIST              4322
-#define IDC_DECEXT_HINT                 4323
-#define IDC_DECEXT_PASSINF              4324
-#define IDC_DECEXT_PASS                 4325
-#define IDC_DECEXT_HIDE                 4326
+#define IDD_DEC                         0x4310
+#define IDD_DECEXT                      0x4320
+#define IDC_DEC_KEYLIST                 0x4330
+#define IDC_DEC_HINT                    0x4340
+#define IDC_DEC_PASSINF                 0x4350
+#define IDC_DEC_PASS                    0x4360
+#define IDC_DEC_HIDE                    0x4370
+#define IDC_DECEXT_RSET_T               0x4380
+#define IDC_DECEXT_RSET                 0x4390
+#define IDC_DECEXT_KEYLIST              0x43A0
+#define IDC_DECEXT_HINT                 0x43B0
+#define IDC_DECEXT_PASSINF              0x43C0
+#define IDC_DECEXT_PASS                 0x43D0
+#define IDC_DECEXT_HIDE                 0x43E0
 
 
 /* Ids for the verification dialog.  */
-#define IDD_VRY                         4401
-#define IDC_VRY_TIME_T                  4410
-#define IDC_VRY_TIME                    4411
-#define IDC_VRY_PKALGO_T                4412
-#define IDC_VRY_PKALGO                  4413
-#define IDC_VRY_KEYID_T                 4414
-#define IDC_VRY_KEYID                   4415
-#define IDC_VRY_STATUS                  4416
-#define IDC_VRY_ISSUER_T                4417
-#define IDC_VRY_ISSUER                  4418
-#define IDC_VRY_AKALIST_T               4419
-#define IDC_VRY_AKALIST                 4420
-#define IDC_VRY_HINT                    4421
+#define IDD_VRY                         0x4410
+#define IDC_VRY_TIME_T                  0x4420
+#define IDC_VRY_TIME                    0x4430
+#define IDC_VRY_PKALGO_T                0x4440
+#define IDC_VRY_PKALGO                  0x4450
+#define IDC_VRY_KEYID_T                 0x4460
+#define IDC_VRY_KEYID                   0x4470
+#define IDC_VRY_STATUS                  0x4480
+#define IDC_VRY_ISSUER_T                0x4490
+#define IDC_VRY_ISSUER                  0x44A0
+#define IDC_VRY_AKALIST_T               0x44B0
+#define IDC_VRY_AKALIST                 0x44C0
+#define IDC_VRY_HINT                    0x44D0
+
+/* Ids used for the main config dialog.  */
+#define IDD_GPG_OPTIONS                 0x5000
+#define IDC_TIME_PHRASES                0x5010
+#define IDC_ENCRYPT_DEFAULT             0x5020
+#define IDC_SIGN_DEFAULT                0x5030
+#define IDC_ENCRYPT_WITH_STANDARD_KEY   0x5040
+#define IDC_OPENPGP_DEFAULT             0x5050
+#define IDC_SMIME_DEFAULT               0x5060
+#define IDC_GPG_OPTIONS                 0x5070
+#define IDC_BITMAP                      0x5080
+#define IDC_VERSION_INFO                0x5090
+#define IDC_ENCRYPT_TO                  0x50A0
+#define IDC_ENABLE_SMIME                0x50B0
+#define IDC_PREVIEW_DECRYPT             0x50C0
+#define IDC_PREFER_HTML                 0x50D0
+#define IDC_G_GENERAL                   0x50E0
+#define IDC_G_SEND                      0x50F0
+#define IDC_G_RECV                      0x5100
+#define IDC_BODY_AS_ATTACHMENT          0x5110
+#define IDC_GPG_CONF                    0x5120
+#define IDC_G10CODE_STRING              0x5130
 
 /* Ids for PNG Images */
-#define IDI_ENCRYPT_16_PNG              6000
-#define IDI_ENCRYPT_48_PNG              6001
-#define IDI_DECRYPT_16_PNG              6010
-#define IDI_DECRYPT_48_PNG              6011
-#define IDI_KEY_MANAGER_64_PNG          6020
-#define IDI_ENCSIGN_FILE_48_PNG         6030
-#define IDI_SIGN_48_PNG                 6040
-#define IDI_VERIFY_48_PNG               6050
+#define IDI_ENCRYPT_16_PNG              0x6000
+#define IDI_ENCRYPT_48_PNG              0x6010
+#define IDI_DECRYPT_16_PNG              0x6020
+#define IDI_DECRYPT_48_PNG              0x6030
+#define IDI_KEY_MANAGER_64_PNG          0x6040
+#define IDI_ENCSIGN_FILE_48_PNG         0x6050
+#define IDI_SIGN_48_PNG                 0x6060
+#define IDI_VERIFY_48_PNG               0x6070
 
 #endif /*DIALOGS_H*/
diff --git a/src/encrypt-32.bmp b/src/encrypt-32.bmp
deleted file mode 100644
index b2c400e..0000000
Binary files a/src/encrypt-32.bmp and /dev/null differ
diff --git a/src/encrypt-32m.bmp b/src/encrypt-32m.bmp
deleted file mode 100644
index f4fc2dc..0000000
Binary files a/src/encrypt-32m.bmp and /dev/null differ
diff --git a/src/explorers.cpp b/src/explorers.cpp
index d1f7081..388fdff 100644
--- a/src/explorers.cpp
+++ b/src/explorers.cpp
@@ -124,7 +124,7 @@ add_explorer_controls (LPOOMEXPLORER explorer)
           put_oom_bool (button, "BeginGroup", true);
           put_oom_int (button, "Style", msoButtonIconAndCaption );
           put_oom_string (button, "Caption", _("GnuPG Certificate &Manager"));
-          put_oom_icon (button, IDB_KEY_MANAGER, 16);
+          put_oom_icon (button, IDB_KEY_MANAGER_16, 16);
           
           install_GpgolCommandBarButtonEvents_sink (button);
           /* Fixme:  Save the returned object for an Unadvice.  */
@@ -165,7 +165,7 @@ add_explorer_controls (LPOOMEXPLORER explorer)
           put_oom_int (button, "Style", msoButtonIcon );
           put_oom_string (button, "TooltipText",
                           _("Open the certificate manager"));
-          put_oom_icon (button, IDB_KEY_MANAGER, 16);
+          put_oom_icon (button, IDB_KEY_MANAGER_16, 16);
           
           install_GpgolCommandBarButtonEvents_sink (button);
           /* Fixme:  store the event sink object somewhere.  */
diff --git a/src/inspectors.cpp b/src/inspectors.cpp
index 966df5b..626dc64 100644
--- a/src/inspectors.cpp
+++ b/src/inspectors.cpp
@@ -685,7 +685,7 @@ add_inspector_controls (LPOOMINSPECTOR inspector)
               put_oom_int (button, "Style", msoButtonIconAndCaption );
               put_oom_string (button, "Caption",
                               _("&encrypt message with GnuPG"));
-              put_oom_icon (button, IDB_ENCRYPT, 16);
+              put_oom_icon (button, IDB_ENCRYPT_16, 16);
               put_oom_int (button, "State",
                            opt.encrypt_default? msoButtonDown: msoButtonUp);
               
@@ -699,7 +699,7 @@ add_inspector_controls (LPOOMINSPECTOR inspector)
               tag = add_tag (button, "GpgOL_Inspector_Sign");
               put_oom_int (button, "Style", msoButtonIconAndCaption );
               put_oom_string (button, "Caption", _("&sign message with GnuPG"));
-              put_oom_icon (button, IDB_SIGN, 16);
+              put_oom_icon (button, IDB_SIGN_16, 16);
               put_oom_int (button, "State",
                            opt.sign_default? msoButtonDown: msoButtonUp);
               
@@ -725,7 +725,7 @@ add_inspector_controls (LPOOMINSPECTOR inspector)
           tag = add_tag (button, "GpgOL_Inspector_Verify");
           put_oom_int (button, "Style", msoButtonIconAndCaption );
           put_oom_string (button, "Caption", _("GpgOL Decrypt/Verify"));
-          put_oom_icon (button, IDB_DECRYPT_VERIFY, 16);
+          put_oom_icon (button, IDB_DECRYPT_VERIFY_16, 16);
           
           obj = install_GpgolCommandBarButtonEvents_sink (button);
           move_to_button_list (&buttonlist, obj, button, tag);
@@ -786,7 +786,7 @@ add_inspector_controls (LPOOMINSPECTOR inspector)
           tag = add_tag (button, "GpgOL_Inspector_Encrypt at t");
           put_oom_int (button, "Style", msoButtonIcon );
           put_oom_string (button, "Caption", _("Encrypt message with GnuPG"));
-          put_oom_icon (button, IDB_ENCRYPT, 16);
+          put_oom_icon (button, IDB_ENCRYPT_16, 16);
           put_oom_int (button, "State", msoButtonMixed );
           put_oom_int (button, "State",
                        opt.encrypt_default? msoButtonDown: msoButtonUp);
@@ -802,7 +802,7 @@ add_inspector_controls (LPOOMINSPECTOR inspector)
           tag = add_tag (button, "GpgOL_Inspector_Sign at t");
           put_oom_int (button, "Style", msoButtonIcon);
           put_oom_string (button, "Caption", _("Sign message with GnuPG"));
-          put_oom_icon (button, IDB_SIGN, 16);
+          put_oom_icon (button, IDB_SIGN_16, 16);
           put_oom_int (button, "State", msoButtonDown);
           put_oom_int (button, "State",
                        opt.sign_default? msoButtonDown: msoButtonUp);
@@ -920,19 +920,19 @@ update_crypto_info (LPDISPATCH inspector)
             {
               tooltip =  _("This is a signed and encrypted message.\n"
                            "Click for more information. ");
-              iconrc = IDB_DECRYPT_VERIFY;
+              iconrc = IDB_DECRYPT_VERIFY_16;
             }
           else if (is_signed)
             {
               tooltip =  _("This is a signed message.\n"
                            "Click for more information. ");
-              iconrc = IDB_VERIFY;
+              iconrc = IDB_VERIFY_16;
             }
           else if (is_encrypted)
             {
               tooltip =  _("This is an encrypted message.\n"
                            "Click for more information. ");
-              iconrc = IDB_DECRYPT;
+              iconrc = IDB_DECRYPT_16;
             }
           
           message->Release ();
diff --git a/src/key-manager-32.bmp b/src/key-manager-32.bmp
deleted file mode 100644
index 4e97da0..0000000
Binary files a/src/key-manager-32.bmp and /dev/null differ
diff --git a/src/key-manager-32m.bmp b/src/key-manager-32m.bmp
deleted file mode 100644
index 9c4f21e..0000000
Binary files a/src/key-manager-32m.bmp and /dev/null differ
diff --git a/src/key-manager-64.bmp b/src/key-manager-64.bmp
deleted file mode 100644
index 036ac2d..0000000
Binary files a/src/key-manager-64.bmp and /dev/null differ
diff --git a/src/key-manager-64m.bmp b/src/key-manager-64m.bmp
deleted file mode 100644
index d79e998..0000000
Binary files a/src/key-manager-64m.bmp and /dev/null differ
diff --git a/src/oomhelp.cpp b/src/oomhelp.cpp
index dd12002..1d8f7da 100644
--- a/src/oomhelp.cpp
+++ b/src/oomhelp.cpp
@@ -375,15 +375,15 @@ put_oom_icon (LPDISPATCH pDisp, int resource_id, int size)
 {
   int rc;
 
-  /* Fixme: For now we assume a system pixel size of 16.  What we
-     actually should do is to get the current value and then find the
-     best matching icon.  */
-  resource_id += 16;
+  /* This code is only relevant for Outlook < 2010.
+    Ideally it should grab the system pixel size and use an
+    icon of the appropiate size (e.g. 32 or 64px)
+  */
 
   rc = put_picture_or_mask (pDisp, resource_id, size, 0);
   if (!rc)
-    rc = put_picture_or_mask (pDisp, resource_id+1, size, 1);
-  
+    rc = put_picture_or_mask (pDisp, resource_id + 16, size, 1);
+
   return rc;
 }
 
diff --git a/src/sign-32.bmp b/src/sign-32.bmp
deleted file mode 100644
index 5bb0784..0000000
Binary files a/src/sign-32.bmp and /dev/null differ
diff --git a/src/sign-32m.bmp b/src/sign-32m.bmp
deleted file mode 100644
index 0efcd7c..0000000
Binary files a/src/sign-32m.bmp and /dev/null differ
diff --git a/src/verify-32.bmp b/src/verify-32.bmp
deleted file mode 100644
index 45eea7e..0000000
Binary files a/src/verify-32.bmp and /dev/null differ
diff --git a/src/verify-32m.bmp b/src/verify-32m.bmp
deleted file mode 100644
index 7335023..0000000
Binary files a/src/verify-32m.bmp and /dev/null differ

-----------------------------------------------------------------------

Summary of changes:
 src/decrypt-32.bmp         | Bin 1726 -> 0 bytes
 src/decrypt-32m.bmp        | Bin 190 -> 0 bytes
 src/decrypt-verify-32.bmp  | Bin 2098 -> 0 bytes
 src/decrypt-verify-32m.bmp | Bin 190 -> 0 bytes
 src/dialogs.h              | 207 +++++++++++++++++++--------------------------
 src/encrypt-32.bmp         | Bin 1846 -> 0 bytes
 src/encrypt-32m.bmp        | Bin 190 -> 0 bytes
 src/explorers.cpp          |   4 +-
 src/inspectors.cpp         |  16 ++--
 src/key-manager-32.bmp     | Bin 1898 -> 0 bytes
 src/key-manager-32m.bmp    | Bin 190 -> 0 bytes
 src/key-manager-64.bmp     | Bin 5170 -> 0 bytes
 src/key-manager-64m.bmp    | Bin 574 -> 0 bytes
 src/oomhelp.cpp            |  12 +--
 src/sign-32.bmp            | Bin 1766 -> 0 bytes
 src/sign-32m.bmp           | Bin 190 -> 0 bytes
 src/verify-32.bmp          | Bin 2098 -> 0 bytes
 src/verify-32m.bmp         | Bin 190 -> 0 bytes
 18 files changed, 105 insertions(+), 134 deletions(-)
 delete mode 100644 src/decrypt-32.bmp
 delete mode 100644 src/decrypt-32m.bmp
 delete mode 100644 src/decrypt-verify-32.bmp
 delete mode 100644 src/decrypt-verify-32m.bmp
 delete mode 100644 src/encrypt-32.bmp
 delete mode 100644 src/encrypt-32m.bmp
 delete mode 100644 src/key-manager-32.bmp
 delete mode 100644 src/key-manager-32m.bmp
 delete mode 100644 src/key-manager-64.bmp
 delete mode 100644 src/key-manager-64m.bmp
 delete mode 100644 src/sign-32.bmp
 delete mode 100644 src/sign-32m.bmp
 delete mode 100644 src/verify-32.bmp
 delete mode 100644 src/verify-32m.bmp


hooks/post-receive
-- 
GnuPG extension for MS Outlook
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Oct 14 15:47:00 2015
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Wed, 14 Oct 2015 15:47:00 +0200
Subject: [git] GpgOL - branch, mime-addin, updated. gpgol-1.2.0-56-g43b9c35
Message-ID: <E1ZmMFe-0001HR-PK@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".

The branch, mime-addin has been updated
       via  43b9c35e830f7e59082d229a56c823ed0b726473 (commit)
       via  4a6e3c3bbccff7026c34cbd93d88604c43382ff4 (commit)
       via  4385a90fbb54365e795a5884227582fedf3cc723 (commit)
       via  05b4aff708549c0116e7b6ee653faf1e8686ac95 (commit)
      from  5d62fdbfc5b0931080efda5aca1f52d18acbb7f1 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 43b9c35e830f7e59082d229a56c823ed0b726473
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Wed Oct 14 15:46:26 2015 +0200

    Remove engine-gpgme.c from potfiles
    
    * POTFILES.in: Remove engine-gpgme.c

diff --git a/po/POTFILES.in b/po/POTFILES.in
index 4d78f3a..1076575 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -4,7 +4,6 @@ src/common.c
 src/config-dialog.c
 src/display.cpp
 src/engine.c
-src/engine-gpgme.c
 src/engine-assuan.c
 src/ext-commands.cpp
 src/main.c

commit 4a6e3c3bbccff7026c34cbd93d88604c43382ff4
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Wed Oct 14 15:30:57 2015 +0200

    Really fix msg merge failures.
    
    * src/Makefile.am: Do not link dialog.o into gpgol.dll. It's
     already included in resource.o.
    * src/dialogs.h: Remove comment about not using the lower 4 bit.
    * src/oomhelp.cpp (put_oom_icon): Update accordingly. (To use +1 again)
    
    --
    This fixes the problem 5d62fdbf was supposed to fix.
    The "28 bit" ID part was just a red herring. The whole merge
    code was triggered because we linked the resources twice into
    the dll. Once through dialog.o and once through resource.o
    
    The fix from 5d62fdbf only worked because changes to the id did
    not cause the dialog object to be rebuild and so the problem
    disappeared for me because dialog.o and resource.o used different
    ID's. A clean build triggered the problem again.

diff --git a/src/Makefile.am b/src/Makefile.am
index 5e6aedd..d66c39e 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -28,7 +28,7 @@ EXTRA_DIST = \
 	decrypt-16.png decrypt-48.png \
 	encrypt-sign-file-48.png \
 	sign-48.png verify-48.png \
-	README.icons
+	dialogs.rc README.icons
 
 EXEEXT = .dll
 
@@ -42,7 +42,7 @@ gpgol_SOURCES = \
 	olflange.cpp olflange.h     \
 	olflange-def.h              \
 	olflange-dlgs.cpp           \
-	dialogs.rc dialogs.h        \
+	dialogs.h                   \
 	myexchext.h                 \
 	display.cpp display.h       \
 	message.cpp message.h       \
@@ -120,7 +120,7 @@ gpgol_LDADD = $(srcdir)/gpgol.def  \
 	-lole32 -loleaut32 -lws2_32 -ladvapi32 \
 	-luuid -lgdiplus
 
-resource.o: resource.rc versioninfo.rc dialogs.rc 
+resource.o: resource.rc versioninfo.rc dialogs.rc dialogs.h
 
 .rc.o:
 	$(WINDRES) -I $(srcdir) -I . `test -f '$<' || echo '$(srcdir)/'`$< $@
diff --git a/src/dialogs.h b/src/dialogs.h
index 747ffc8..81c351b 100644
--- a/src/dialogs.h
+++ b/src/dialogs.h
@@ -8,28 +8,25 @@
 
 
 /* Ids used for bitmaps. There is some magic in the identifiers: In
-   the code we only use the first ID value and add 16 to find the mask.
-   The last 4 bits should always be 0 to avoid problems with ld's resource merge
-   code which only uses the first 28 bits as the "name" of the resource
-   and tries to merge resource entries with the same name.
+   the code we only use the first ID value and add 1 to find the mask.
    */
 #define IDB_ENCRYPT_16                  0x1000
-#define IDB_ENCRYPT_16M                 0x1010
+#define IDB_ENCRYPT_16M                 0x1001
 
-#define IDB_SIGN_16                     0x1100
-#define IDB_SIGN_16M                    0x1110
+#define IDB_SIGN_16                     0x1010
+#define IDB_SIGN_16M                    0x1011
 
-#define IDB_KEY_MANAGER_16              0x1200
-#define IDB_KEY_MANAGER_16M             0x1210
+#define IDB_KEY_MANAGER_16              0x1020
+#define IDB_KEY_MANAGER_16M             0x1021
 
-#define IDB_DECRYPT_16                  0x1300
-#define IDB_DECRYPT_16M                 0x1310
+#define IDB_DECRYPT_16                  0x1030
+#define IDB_DECRYPT_16M                 0x1031
 
-#define IDB_VERIFY_16                   0x1400
-#define IDB_VERIFY_16M                  0x1410
+#define IDB_VERIFY_16                   0x1040
+#define IDB_VERIFY_16M                  0x1041
 
-#define IDB_DECRYPT_VERIFY_16           0x1500
-#define IDB_DECRYPT_VERIFY_16M          0x1510
+#define IDB_DECRYPT_VERIFY_16           0x1050
+#define IDB_DECRYPT_VERIFY_16M          0x1051
 
 
 /* Ids for the extended options dialog.  */
diff --git a/src/oomhelp.cpp b/src/oomhelp.cpp
index 1d8f7da..a04b4be 100644
--- a/src/oomhelp.cpp
+++ b/src/oomhelp.cpp
@@ -382,7 +382,7 @@ put_oom_icon (LPDISPATCH pDisp, int resource_id, int size)
 
   rc = put_picture_or_mask (pDisp, resource_id, size, 0);
   if (!rc)
-    rc = put_picture_or_mask (pDisp, resource_id + 16, size, 1);
+    rc = put_picture_or_mask (pDisp, resource_id + 1, size, 1);
 
   return rc;
 }

commit 4385a90fbb54365e795a5884227582fedf3cc723
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Wed Oct 14 15:25:13 2015 +0200

    Remove unused g10 code logo.
    
    * logo.bmp: Removed.
    * Makefile.am (EXTRA_DIST), dialogs.h, dialogs.rc: Update accordingly.

diff --git a/src/Makefile.am b/src/Makefile.am
index 6991d97..5e6aedd 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -28,7 +28,7 @@ EXTRA_DIST = \
 	decrypt-16.png decrypt-48.png \
 	encrypt-sign-file-48.png \
 	sign-48.png verify-48.png \
-	logo.bmp README.icons
+	README.icons
 
 EXEEXT = .dll
 
diff --git a/src/dialogs.h b/src/dialogs.h
index cec97c5..747ffc8 100644
--- a/src/dialogs.h
+++ b/src/dialogs.h
@@ -31,10 +31,6 @@
 #define IDB_DECRYPT_VERIFY_16           0x1500
 #define IDB_DECRYPT_VERIFY_16M          0x1510
 
-/* Special */
-#define IDB_BANNER                      0x3900  /* The g10 Code logo.  */
-
-
 
 /* Ids for the extended options dialog.  */
 #define IDD_EXT_OPTIONS                 0x4110
diff --git a/src/dialogs.rc b/src/dialogs.rc
index 1f36da9..45b4628 100644
--- a/src/dialogs.rc
+++ b/src/dialogs.rc
@@ -50,8 +50,6 @@ IDB_DECRYPT_VERIFY_16M    BITMAP  DISCARDABLE  "decrypt-verify-16m.bmp"
 
 IDI_ENCSIGN_FILE_48_PNG   RCDATA               "encrypt-sign-file-48.png"
 
-IDB_BANNER              BITMAP  DISCARDABLE     "logo.bmp"
-
 
 
 IDD_GPG_OPTIONS  DIALOG DISCARDABLE  0, 0, 266, 274
diff --git a/src/logo.bmp b/src/logo.bmp
deleted file mode 100644
index fa85bfd..0000000
Binary files a/src/logo.bmp and /dev/null differ

commit 05b4aff708549c0116e7b6ee653faf1e8686ac95
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Wed Oct 14 15:00:42 2015 +0200

    Fix unused bitmap removal
    
    * src/dialogs.rc: Do not reference the removed files.
    * src/Makefile.am (EXTRA_DIST): Do not include the removed files.
    
    --
    This was accidentally left out of the previous commit.

diff --git a/src/Makefile.am b/src/Makefile.am
index db5f572..6991d97 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -18,18 +18,11 @@ bin_PROGRAMS = gpgol
 EXTRA_DIST = \
 	versioninfo.rc.in mapi32.def $(unused_sources) Outlook.gpl \
 	encrypt-16.bmp encrypt-16m.bmp \
-	encrypt-32.bmp encrypt-32m.bmp \
 	sign-16.bmp sign-16m.bmp \
-	sign-32.bmp sign-32m.bmp \
 	key-manager-16.bmp key-manager-16m.bmp \
-	key-manager-32.bmp key-manager-32m.bmp \
-	key-manager-64.bmp key-manager-64m.bmp \
 	decrypt-16.bmp decrypt-16m.bmp \
-	decrypt-32.bmp decrypt-32m.bmp \
 	verify-16.bmp  verify-16m.bmp \
-	verify-32.bmp  verify-32m.bmp \
 	decrypt-verify-16.bmp decrypt-verify-16m.bmp \
-	decrypt-verify-32.bmp decrypt-verify-32m.bmp \
 	encrypt-16.png encrypt-48.png \
 	key-manager-64.png \
 	decrypt-16.png decrypt-48.png \
diff --git a/src/dialogs.rc b/src/dialogs.rc
index dc88866..1f36da9 100644
--- a/src/dialogs.rc
+++ b/src/dialogs.rc
@@ -25,42 +25,28 @@
 
 IDB_ENCRYPT_16            BITMAP  DISCARDABLE  "encrypt-16.bmp"
 IDB_ENCRYPT_16M           BITMAP  DISCARDABLE  "encrypt-16m.bmp"
-IDB_ENCRYPT_32            BITMAP  DISCARDABLE  "encrypt-32.bmp"
-IDB_ENCRYPT_32M           BITMAP  DISCARDABLE  "encrypt-32m.bmp"
 IDI_ENCRYPT_16_PNG        RCDATA               "encrypt-16.png"
 IDI_ENCRYPT_48_PNG        RCDATA               "encrypt-48.png"
 
 IDB_SIGN_16               BITMAP  DISCARDABLE  "sign-16.bmp"
 IDB_SIGN_16M              BITMAP  DISCARDABLE  "sign-16m.bmp"
-IDB_SIGN_32               BITMAP  DISCARDABLE  "sign-32.bmp"
-IDB_SIGN_32M              BITMAP  DISCARDABLE  "sign-32m.bmp"
 IDI_SIGN_48_PNG           RCDATA               "sign-48.png"
 
 IDB_KEY_MANAGER_16        BITMAP  DISCARDABLE  "key-manager-16.bmp"
 IDB_KEY_MANAGER_16M       BITMAP  DISCARDABLE  "key-manager-16m.bmp"
-IDB_KEY_MANAGER_32        BITMAP  DISCARDABLE  "key-manager-32.bmp"
-IDB_KEY_MANAGER_32M       BITMAP  DISCARDABLE  "key-manager-32m.bmp"
-IDB_KEY_MANAGER_64        BITMAP  DISCARDABLE  "key-manager-64.bmp"
-IDB_KEY_MANAGER_64M       BITMAP  DISCARDABLE  "key-manager-64m.bmp"
 IDI_KEY_MANAGER_64_PNG    RCDATA               "key-manager-64.png"
 
 IDB_DECRYPT_16            BITMAP  DISCARDABLE  "decrypt-16.bmp"
 IDB_DECRYPT_16M           BITMAP  DISCARDABLE  "decrypt-16m.bmp"
-IDB_DECRYPT_32            BITMAP  DISCARDABLE  "decrypt-32.bmp"
-IDB_DECRYPT_32M           BITMAP  DISCARDABLE  "decrypt-32m.bmp"
 IDI_DECRYPT_16_PNG        RCDATA               "decrypt-16.png"
 IDI_DECRYPT_48_PNG        RCDATA               "decrypt-48.png"
 
 IDB_VERIFY_16             BITMAP  DISCARDABLE  "verify-16.bmp"
 IDB_VERIFY_16M            BITMAP  DISCARDABLE  "verify-16m.bmp"
-IDB_VERIFY_32             BITMAP  DISCARDABLE  "verify-32.bmp"
-IDB_VERIFY_32M            BITMAP  DISCARDABLE  "verify-32m.bmp"
 IDI_VERIFY_48_PNG         RCDATA               "verify-48.png"
 
 IDB_DECRYPT_VERIFY_16     BITMAP  DISCARDABLE  "decrypt-verify-16.bmp" 
 IDB_DECRYPT_VERIFY_16M    BITMAP  DISCARDABLE  "decrypt-verify-16m.bmp"
-IDB_DECRYPT_VERIFY_32     BITMAP  DISCARDABLE  "decrypt-verify-32.bmp"
-IDB_DECRYPT_VERIFY_32M    BITMAP  DISCARDABLE  "decrypt-verify-32m.bmp"
 
 IDI_ENCSIGN_FILE_48_PNG   RCDATA               "encrypt-sign-file-48.png"
 

-----------------------------------------------------------------------

Summary of changes:
 po/POTFILES.in  |   1 -
 src/Makefile.am |  13 +++----------
 src/dialogs.h   |  31 ++++++++++++-------------------
 src/dialogs.rc  |  16 ----------------
 src/logo.bmp    | Bin 1342 -> 0 bytes
 src/oomhelp.cpp |   2 +-
 6 files changed, 16 insertions(+), 47 deletions(-)
 delete mode 100644 src/logo.bmp


hooks/post-receive
-- 
GnuPG extension for MS Outlook
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Oct 14 17:28:10 2015
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Wed, 14 Oct 2015 17:28:10 +0200
Subject: [git] GpgOL - branch, master, updated. gpgol-1.2.0-59-gd298cda
Message-ID: <E1ZmNpZ-0004Kd-3o@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".

The branch, master has been updated
       via  d298cda7e18a252ecb97837a779df129d885c263 (commit)
       via  06a2a5a80425610178d5efbe8a9c8b6e351d5265 (commit)
       via  c33b7dff407a279971527b52d4dc3a516f25cc2d (commit)
       via  43b9c35e830f7e59082d229a56c823ed0b726473 (commit)
       via  4a6e3c3bbccff7026c34cbd93d88604c43382ff4 (commit)
       via  4385a90fbb54365e795a5884227582fedf3cc723 (commit)
       via  05b4aff708549c0116e7b6ee653faf1e8686ac95 (commit)
       via  5d62fdbfc5b0931080efda5aca1f52d18acbb7f1 (commit)
       via  7bf40a952a1822cb42bebf866992d7a6eb9db4f6 (commit)
       via  c41751e7f287b8b9323ae4d0b8e383fa3dd8a515 (commit)
       via  3ab27fd8a4f7c740d1cafc8979be21ff9264516c (commit)
       via  383cb09127d268a9e49e80c013e7db29cea8ff65 (commit)
       via  364f116578c37ad97ba6ff27c5e6e688fc20e21d (commit)
       via  b4529483bfe8aa7d633bc9e1f69342ef5eae489c (commit)
       via  aeec015b64fa3440fae8c70d84fd3a9666ccc1be (commit)
       via  7df5ec613b717aaefa3249342bc6f92f6d7f19e7 (commit)
       via  c25fec2b0e18fcf954d048e2ddb71b4186f4db49 (commit)
       via  869bedfffb4aa4be8ea042e1b84e1841de24f483 (commit)
       via  a8d772736473ce8153827c335c35aff589e63d06 (commit)
       via  8afa4a3780c8e6da5ea9549b48b7369a41851164 (commit)
       via  033570ca70fda9939106868a739f016f379806e2 (commit)
       via  9196bff24b3176d8d2db38f4a3c15e71cf0cad3a (commit)
       via  ac08e521e553b9a49d32fd55c6b15718e145bffd (commit)
       via  9036bb3fe96742b6e4f46581d86ca8bf59c6a9a5 (commit)
       via  fdbeb6fbb026b750bc36bfb97c52697e645bd0e1 (commit)
       via  560cea7e5bbf7f0404e4f1977b42710245f26b1f (commit)
       via  3674e1868412eb48576267a01cab522ffd327f4c (commit)
       via  094b038883f8e03645ca88f21780205f026c7aa0 (commit)
       via  d2e45d9a24787e04e17bde0ce9c8aba0d3104bfa (commit)
       via  1e170dea1f8c918f7cc0e48a264785086c2e41ea (commit)
       via  312f71f0904b8642674ffd2b1af5d39f82a5f03d (commit)
       via  930a31db041544f0d171b1220f491e00fcc69b8d (commit)
       via  d706915a7b7c06e51122f0a732603b6d522477eb (commit)
       via  8b2a69864ba6ca7b192366c71c8f3c6df00b1f28 (commit)
       via  6286d7355fbb16060a5354fb5d3ccf1b624615cb (commit)
       via  77c1e2278577792dcd398cf56ea6c522b808eeb6 (commit)
       via  bee8da4c91363c6139000d70503f7e65cb7854d9 (commit)
       via  0fcbfd7907de44d81bc0136110a20f344588e2f1 (commit)
       via  cb6c248aed297d8240b152b8f49554c48a380ef7 (commit)
       via  b4e52ecfd4e62a0d3cb571e5dc72e19fbfcdccae (commit)
       via  f5689fdafa7bab95633faebf3a25f36f234bc8c1 (commit)
       via  c4133613ddf6ded619226eb46f78d585ee25a538 (commit)
       via  9e1a2bcddd28a16aadf86c6dd11e02c70411198e (commit)
       via  85e426b2905d077350353110c6f49143a1184a19 (commit)
      from  cda3411314722326816026b96c858160f8980e7b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 NEWS                            |    2 +-
 configure.ac                    |   20 +-
 po/POTFILES.in                  |    1 -
 src/Makefile.am                 |   22 +-
 src/application-events.cpp      |  107 ++++
 src/attachment.cpp              |  333 ++++++++++
 src/attachment.h                |   52 ++
 src/comhelp.h                   |   36 --
 src/decrypt-32.bmp              |  Bin 1726 -> 0 bytes
 src/decrypt-32m.bmp             |  Bin 190 -> 0 bytes
 src/decrypt-verify-32.bmp       |  Bin 2098 -> 0 bytes
 src/decrypt-verify-32m.bmp      |  Bin 190 -> 0 bytes
 src/dialogs.h                   |  204 +++----
 src/dialogs.rc                  |   16 -
 src/display.cpp                 |    7 +-
 src/encrypt-32.bmp              |  Bin 1846 -> 0 bytes
 src/encrypt-32m.bmp             |  Bin 190 -> 0 bytes
 src/engine-assuan.c             |    7 +-
 src/engine-gpgme.c              | 1276 ---------------------------------------
 src/engine-gpgme.h              |   70 ---
 src/engine.c                    |  144 +----
 src/eventsink.h                 |   17 +-
 src/{xmalloc.h => eventsinks.h} |   40 +-
 src/explorers.cpp               |    4 +-
 src/gpgoladdin.cpp              |  523 +++++++++-------
 src/gpgoladdin.h                |    5 +-
 src/gpgolstr.cpp                |   60 ++
 src/gpgolstr.h                  |   44 ++
 src/inspectors.cpp              |   16 +-
 src/key-manager-32.bmp          |  Bin 1898 -> 0 bytes
 src/key-manager-32m.bmp         |  Bin 190 -> 0 bytes
 src/key-manager-64.bmp          |  Bin 5170 -> 0 bytes
 src/key-manager-64m.bmp         |  Bin 574 -> 0 bytes
 src/logo.bmp                    |  Bin 1342 -> 0 bytes
 src/mailitem-events.cpp         |  389 ++++++++++++
 src/mailitem.cpp                |    8 +-
 src/mapihelp.cpp                |   58 +-
 src/mapihelp.h                  |   11 +-
 src/message.cpp                 |    6 +-
 src/message.h                   |    2 +
 src/mimemaker.c                 |    4 +
 src/mymapi.h                    |   37 +-
 src/oomhelp.cpp                 |  129 +++-
 src/oomhelp.h                   |   50 +-
 src/rfc822parse.c               |    8 +-
 src/ribbon-callbacks.cpp        |   69 ++-
 src/ribbon-callbacks.h          |    7 +
 src/sign-32.bmp                 |  Bin 1766 -> 0 bytes
 src/sign-32m.bmp                |  Bin 190 -> 0 bytes
 src/util.h                      |    5 +
 src/verify-32.bmp               |  Bin 2098 -> 0 bytes
 src/verify-32m.bmp              |  Bin 190 -> 0 bytes
 src/windowmessages.cpp          |  110 ++++
 src/windowmessages.h            |   66 ++
 54 files changed, 2018 insertions(+), 1947 deletions(-)
 create mode 100644 src/application-events.cpp
 create mode 100644 src/attachment.cpp
 create mode 100644 src/attachment.h
 delete mode 100644 src/comhelp.h
 delete mode 100644 src/decrypt-32.bmp
 delete mode 100644 src/decrypt-32m.bmp
 delete mode 100644 src/decrypt-verify-32.bmp
 delete mode 100644 src/decrypt-verify-32m.bmp
 delete mode 100644 src/encrypt-32.bmp
 delete mode 100644 src/encrypt-32m.bmp
 delete mode 100644 src/engine-gpgme.c
 delete mode 100644 src/engine-gpgme.h
 copy src/{xmalloc.h => eventsinks.h} (61%)
 create mode 100644 src/gpgolstr.cpp
 create mode 100644 src/gpgolstr.h
 delete mode 100644 src/key-manager-32.bmp
 delete mode 100644 src/key-manager-32m.bmp
 delete mode 100644 src/key-manager-64.bmp
 delete mode 100644 src/key-manager-64m.bmp
 delete mode 100644 src/logo.bmp
 create mode 100644 src/mailitem-events.cpp
 delete mode 100644 src/sign-32.bmp
 delete mode 100644 src/sign-32m.bmp
 delete mode 100644 src/verify-32.bmp
 delete mode 100644 src/verify-32m.bmp
 create mode 100644 src/windowmessages.cpp
 create mode 100644 src/windowmessages.h


hooks/post-receive
-- 
GnuPG extension for MS Outlook
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Oct 14 17:28:12 2015
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Wed, 14 Oct 2015 17:28:12 +0200
Subject: [git] GpgOL - branch, mime-addin, updated. gpgol-1.2.0-59-gd298cda
Message-ID: <E1ZmNpb-0004Ky-Jv@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".

The branch, mime-addin has been updated
       via  d298cda7e18a252ecb97837a779df129d885c263 (commit)
       via  06a2a5a80425610178d5efbe8a9c8b6e351d5265 (commit)
       via  c33b7dff407a279971527b52d4dc3a516f25cc2d (commit)
      from  43b9c35e830f7e59082d229a56c823ed0b726473 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 NEWS                     |   2 +-
 configure.ac             |  14 ++-
 src/gpgoladdin.cpp       | 310 ++++++++++++++++++++++++++++++++++++++++++++++-
 src/ribbon-callbacks.cpp |  28 -----
 4 files changed, 319 insertions(+), 35 deletions(-)


hooks/post-receive
-- 
GnuPG extension for MS Outlook
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Oct 14 22:38:39 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 14 Oct 2015 22:38:39 +0200
Subject: [git] gnupg-doc - branch, master,
 updated. 1dcfa0399c627d2cb4daa0ee440dd90aab5aad87
Message-ID: <E1ZmSg1-0008Ke-Na@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, master has been updated
       via  1dcfa0399c627d2cb4daa0ee440dd90aab5aad87 (commit)
      from  dff46b6668fe0f673f3880c854657d06fe8c953b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 1dcfa0399c627d2cb4daa0ee440dd90aab5aad87
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Oct 14 22:35:07 2015 +0200

    web: Enable SEPA payments

diff --git a/cgi/procdonate.cgi b/cgi/procdonate.cgi
index 71e4006..91a1bb0 100755
--- a/cgi/procdonate.cgi
+++ b/cgi/procdonate.cgi
@@ -665,7 +665,7 @@ sub complete_sepa ()
         write_main_page ();
         return;
     }
-    $separef = $request{"SEPA-Ref"};
+    $separef = $request{"Sepa-Ref"};
     $amount = $request{"Amount"};
 
     # Set remaining vars for the checkout page.
diff --git a/web/donate/index.org b/web/donate/index.org
index f77f7cb..9b2412b 100644
--- a/web/donate/index.org
+++ b/web/donate/index.org
@@ -104,6 +104,13 @@
                      value="pp" /><!--CHECK_PP-->PayPal</label>
      </td>
    </tr>
+   <tr>
+     <td></td>
+     <td>
+       <label><input type="radio" name="paytype"
+                     value="se" /><!--CHECK_SE-->SEPA</label>
+     </td>
+   </tr>
    <tr><td>&nbsp;</td></tr>
    <tr>
       <td></td>

-----------------------------------------------------------------------

Summary of changes:
 cgi/procdonate.cgi   | 2 +-
 web/donate/index.org | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Oct 15 04:30:24 2015
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Thu, 15 Oct 2015 04:30:24 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-266-g1c6d269
Message-ID: <E1ZmYAP-0000Go-SF@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  1c6d2698a84e4bf82735287c1d64954bfc1a1982 (commit)
      from  813565a07ca575c87e1252c6ed26018653ecd338 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 1c6d2698a84e4bf82735287c1d64954bfc1a1982
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Thu Oct 15 11:28:54 2015 +0900

    Fix double free on error.
    
    * src/hmac256.c (_gcry_hmac256_finalize): Don't free HD.

diff --git a/src/hmac256.c b/src/hmac256.c
index 94a26da..6b62ed3 100644
--- a/src/hmac256.c
+++ b/src/hmac256.c
@@ -426,10 +426,8 @@ _gcry_hmac256_finalize (hmac256_context_t hd, size_t *r_dlen)
 
       tmphd = _gcry_hmac256_new (NULL, 0);
       if (!tmphd)
-        {
-          free (hd);
-          return NULL;
-        }
+	return NULL;
+
       _gcry_hmac256_update (tmphd, hd->opad, 64);
       _gcry_hmac256_update (tmphd, hd->buf, 32);
       finalize (tmphd);

-----------------------------------------------------------------------

Summary of changes:
 src/hmac256.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Oct 15 04:32:35 2015
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Thu, 15 Oct 2015 04:32:35 +0200
Subject: [git] GCRYPT - branch, LIBGCRYPT-1-6-BRANCH,
 updated. libgcrypt-1.6.4-4-gdf3cfdb
Message-ID: <E1ZmYCX-0000Kz-Ne@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, LIBGCRYPT-1-6-BRANCH has been updated
       via  df3cfdb32c332b57822d54040fc911bcb0594acb (commit)
      from  d501cc4edd55d3953d7581b3f8ff0c348df31ef0 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit df3cfdb32c332b57822d54040fc911bcb0594acb
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Thu Oct 15 11:28:54 2015 +0900

    Fix double free on error.
    
    * src/hmac256.c (_gcry_hmac256_finalize): Don't free HD.
    
    --
    
    (backport from master
     commit 1c6d2698a84e4bf82735287c1d64954bfc1a1982)

diff --git a/src/hmac256.c b/src/hmac256.c
index 94a26da..6b62ed3 100644
--- a/src/hmac256.c
+++ b/src/hmac256.c
@@ -426,10 +426,8 @@ _gcry_hmac256_finalize (hmac256_context_t hd, size_t *r_dlen)
 
       tmphd = _gcry_hmac256_new (NULL, 0);
       if (!tmphd)
-        {
-          free (hd);
-          return NULL;
-        }
+	return NULL;
+
       _gcry_hmac256_update (tmphd, hd->opad, 64);
       _gcry_hmac256_update (tmphd, hd->buf, 32);
       finalize (tmphd);

-----------------------------------------------------------------------

Summary of changes:
 src/hmac256.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Oct 15 17:40:26 2015
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Thu, 15 Oct 2015 17:40:26 +0200
Subject: [git] GpgOL - branch, master, updated. gpgol-1.2.0-66-gdb829bd
Message-ID: <E1ZmkUy-0005p5-Cf@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".

The branch, master has been updated
       via  db829bd34a6372a734f7ebe669f410cf5b7c9f96 (commit)
       via  9d1b85f5be3ee56a3d89b26cb85cf75bbc4921d3 (commit)
       via  1bab2eba47249b258759ad7d897ef96e76bb9557 (commit)
       via  f8d0d2a70238f39f4bc7c07819bc1c864ba8352f (commit)
       via  5d674036b79dfe53bde846f60e6fa58359f96e1a (commit)
       via  6e5205941ce0bfa312454a9bb810ea88c69550ba (commit)
       via  0f0122066f7f76cb795596a028300906239e3b0b (commit)
      from  d298cda7e18a252ecb97837a779df129d885c263 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit db829bd34a6372a734f7ebe669f410cf5b7c9f96
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Thu Oct 15 17:15:36 2015 +0200

    Add information to body of encrypted messages
    
    * src/mailitem-events.cpp (HTML_TEMPLATE): A message to be shown in
      the body of encrypted messages. Will become a template for l10n
      later.
    * src/mailitem-events.cpp (Invoke): Use the message to wipe the body.
      (handle_read): Use the message in case of failed decryption.
    
    --
    This message is whats shown for processed messages that are stored.
    E.g. If you access them with another client or if gpgol is uninstalled
    or deactivated.

diff --git a/src/mailitem-events.cpp b/src/mailitem-events.cpp
index e4f6044..2c002b2 100644
--- a/src/mailitem-events.cpp
+++ b/src/mailitem-events.cpp
@@ -30,10 +30,34 @@
 #include "gpgoladdin.h"
 #include "windowmessages.h"
 
-/* TODO Add a proper / l10n encrypted thing message. */
-static const char * ENCRYPTED_MESSAGE_BODY = \
-"This message is encrypted. Please install or activate GpgOL"\
-" to decrypt this message.";
+
+/* TODO: Localize this once it is less bound to change.
+   TODO: Use a dedicated message for failed decryption. */
+#define HTML_TEMPLATE  \
+"<html><head></head><body>" \
+"<table border=\"0\" width=\"100%\" cellspacing=\"1\" cellpadding=\"1\" bgcolor=\"#0069cc\">" \
+"<tr>" \
+"<td bgcolor=\"#0080ff\">" \
+"<p><span style=\"font-weight:600; background-color:#0080ff;\"><center>This message is encrypted</center><span></p></td></tr>" \
+"<tr>" \
+"<td bgcolor=\"#e0f0ff\">" \
+"<center>" \
+"<br/>You can decrypt this message with GnuPG" \
+"<br/>Open this message to decrypt it." \
+"<br/>Opening any attachments while this message is shown will only give you access to encrypted data. </center>" \
+"<br/><br/>If you have GpgOL (The GnuPG Outlook plugin installed) this message should have been automatically decrypted." \
+"<br/>Reasons that you still see this message can be: " \
+"<ul>" \
+"<li>Decryption failed: <ul><li> Refer to the Decrypt / Verify popup window for details.</li></ul></li>" \
+"<li>Outlook tried to save the decrypted content:" \
+" <ul> "\
+" <li>To protect your data GpgOL encrypts a message when it is saved by Outlook.</li>" \
+" <li>You will need to restart Outlook to allow GpgOL to decrypt this message again.</li>" \
+" </ul>" \
+"<li>GpgOL is not activated: <ul><li>Check under Options -> Add-Ins -> COM-Add-Ins to see if this is the case.</li></ul></li>" \
+"</ul>"\
+"</td></tr>" \
+"</table></body></html>"
 
 typedef enum
   {
@@ -124,6 +148,7 @@ MailItemEvents::handle_read()
     {
       log_error ("%s:%s: Failed to get body attachment of \n",
                  SRCNAME, __func__);
+      put_oom_string (m_object, "HTMLBody", HTML_TEMPLATE);
       goto done;
     }
   if (put_oom_string (m_object, is_html ? "HTMLBody" : "Body", body))
@@ -335,8 +360,7 @@ EVENT_SINK_INVOKE(MailItemEvents)
               log_debug ("%s:%s: Message %p removing plaintext from Message.",
                          SRCNAME, __func__, m_object);
               if (put_oom_string (m_object, "HTMLBody",
-                                  ENCRYPTED_MESSAGE_BODY) ||
-                  put_oom_string (m_object, "Body", ENCRYPTED_MESSAGE_BODY) ||
+                                  HTML_TEMPLATE) ||
                   protect_attachments (m_object))
                 {
                   /* An error cleaning the mail should not happen normally.

commit 9d1b85f5be3ee56a3d89b26cb85cf75bbc4921d3
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Thu Oct 15 15:14:13 2015 +0200

    Improve TRACEPOINT macro.
    
    * src/util.h (TRACEPOINT): Remove the while loop.
    
    --
    Now you can write TRACEPOINT or TRACEPOINT;
    I find this better.

diff --git a/src/util.h b/src/util.h
index d950163..88ff7bd 100644
--- a/src/util.h
+++ b/src/util.h
@@ -100,9 +100,8 @@ void log_window_hierarchy (HWND window, const char *fmt,
 const char *log_srcname (const char *s);
 #define SRCNAME log_srcname (__FILE__)
 
-#define TRACEPOINT do { log_debug ("%s:%s:%d: tracepoint\n", \
-                                     SRCNAME, __func__, __LINE__); \
-                      } while (0)
+#define TRACEPOINT log_debug ("%s:%s:%d: tracepoint\n", \
+                              SRCNAME, __func__, __LINE__);
 
 const char *get_log_file (void);
 void set_log_file (const char *name);

commit 1bab2eba47249b258759ad7d897ef96e76bb9557
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Thu Oct 15 15:08:04 2015 +0200

    Use UTF8 in addin localization.
    
    * src/w32-gettext.c, src/w32-gettext.h (utf8_gettext): New.
      gettext that returns UTF8.
    * src/w32-gettext.c (internal_gettext): Helper that can return
      either UTF8 or native encoding.
    * src/gpgoladdin.cpp: Use UTF8 gettext variants.
    
    --
    Using native encoding is always problematic on Windows and should
    be avoided. Native encoding can't represent Unicode and conversions
    to wchar are bound to lose data. This usually breaks in a lot of ways
    with Unicode filenames etc.
    
    I like to use UTF8 internally for all strings and convert them to
    UTF 16 (wchar) for Windows API use.
    
    For compatibility reasons (not to break the old Exchange Extension)
    the default gettext still returns native encoding and you have to
    redefine _ to get the utf8 gettext.

diff --git a/src/gpgoladdin.cpp b/src/gpgoladdin.cpp
index 6ea4c21..2b59f51 100644
--- a/src/gpgoladdin.cpp
+++ b/src/gpgoladdin.cpp
@@ -52,6 +52,10 @@
 #define ICON_SIZE_LARGE  32
 #define ICON_SIZE_NORMAL 16
 
+/* We use UTF-8 internally. */
+#undef _
+#define _(a) utf8_gettext (a)
+
 ULONG addinLocks = 0;
 
 /* This is the main entry point for the addin
diff --git a/src/w32-gettext.c b/src/w32-gettext.c
index f27f48b..a073bc4 100644
--- a/src/w32-gettext.c
+++ b/src/w32-gettext.c
@@ -1554,7 +1554,7 @@ native_to_utf8 (const char *string)
 
 
 static const char*
-get_string (struct loaded_domain *domain, u32 idx)
+get_string (struct loaded_domain *domain, u32 idx, int utf8)
 {
   struct overflow_space_s *os;
   char *p;
@@ -1568,7 +1568,7 @@ get_string (struct loaded_domain *domain, u32 idx)
       domain->mapped[idx] = 1;
 
       plen = strlen (p);
-      buf = utf8_to_native (p);
+      buf = utf8 ? strdup (p) : utf8_to_native (p);
       buflen = strlen (buf);
       if (buflen <= plen)
         strcpy (p, buf);
@@ -1690,14 +1690,13 @@ bindtextdomain (const char *domainname, const char *dirname)
   return (char*)dirname;
 }
 
-
-const char *
-gettext (const char *msgid)
+static const char *
+internal_gettext (const char *msgid, int utf8)
 {
   struct loaded_domain *domain;
   size_t act = 0;
   size_t top, bottom;
-  
+
   if (!(domain = the_domain))
     goto not_found;
 
@@ -1712,38 +1711,38 @@ gettext (const char *msgid)
       u32 nstr = SWAPIT (domain->must_swap, domain->hash_tab[idx]);
 
       if (!nstr)
-	/* Hash table entry is empty.  */
-	goto not_found;
+        /* Hash table entry is empty.  */
+        goto not_found;
 
       if (SWAPIT (domain->must_swap,
-		  domain->orig_tab[nstr - 1].length) == len
-	  && !strcmp (msgid,
-		      domain->data
-		      + SWAPIT (domain->must_swap,
-				domain->orig_tab[nstr - 1].offset)))
-	return get_string (domain, nstr - 1);
-      
-	for(;;)
-	  {
-	    if (idx >= domain->hash_size - incr)
-	      idx -= domain->hash_size - incr;
-	    else
-	      idx += incr;
-
-	    nstr = SWAPIT (domain->must_swap, domain->hash_tab[idx]);
-	    if (!nstr)
-	      /* Hash table entry is empty.  */
-	      goto not_found;
-
-	    if (SWAPIT (domain->must_swap,
-			domain->orig_tab[nstr - 1].length) == len
-		&& !strcmp (msgid,
-			    domain->data
-			    + SWAPIT (domain->must_swap,
-				      domain->orig_tab[nstr - 1].offset)))
-	      return get_string (domain, nstr-1);
-	  }
-	/* NOTREACHED */
+                  domain->orig_tab[nstr - 1].length) == len
+          && !strcmp (msgid,
+                      domain->data
+                      + SWAPIT (domain->must_swap,
+                                domain->orig_tab[nstr - 1].offset)))
+        return get_string (domain, nstr - 1, utf8);
+
+        for(;;)
+          {
+            if (idx >= domain->hash_size - incr)
+              idx -= domain->hash_size - incr;
+            else
+              idx += incr;
+
+            nstr = SWAPIT (domain->must_swap, domain->hash_tab[idx]);
+            if (!nstr)
+              /* Hash table entry is empty.  */
+              goto not_found;
+
+            if (SWAPIT (domain->must_swap,
+                        domain->orig_tab[nstr - 1].length) == len
+                && !strcmp (msgid,
+                            domain->data
+                            + SWAPIT (domain->must_swap,
+                                      domain->orig_tab[nstr - 1].offset)))
+              return get_string (domain, nstr-1, utf8);
+          }
+        /* NOTREACHED */
     }
 
   /* Now we try the default method: binary search in the sorted array
@@ -1756,19 +1755,33 @@ gettext (const char *msgid)
 
       act = (bottom + top) / 2;
       cmp_val = strcmp(msgid, domain->data
-		       + SWAPIT (domain->must_swap,
-				 domain->orig_tab[act].offset));
+                       + SWAPIT (domain->must_swap,
+                                 domain->orig_tab[act].offset));
       if (cmp_val < 0)
-	top = act;
+        top = act;
       else if (cmp_val > 0)
-	bottom = act + 1;
+        bottom = act + 1;
       else
-	return get_string (domain, act);
+        return get_string (domain, act, utf8);
     }
  not_found:
   return msgid;
 }
 
+/** Get the localized string for msgid in the native 8 bit codepage. */
+const char *
+gettext (const char *msgid)
+{
+  return internal_gettext (msgid, 0);
+}
+
+/** Get the localized string for msgid as utf8 encoded value. */
+const char *
+utf8_gettext (const char *msgid)
+{
+  return internal_gettext (msgid, 1);
+}
+
 
 char *
 textdomain (const char *domainname)
diff --git a/src/w32-gettext.h b/src/w32-gettext.h
index 2fbbb03..9ef5525 100644
--- a/src/w32-gettext.h
+++ b/src/w32-gettext.h
@@ -30,6 +30,7 @@
 char *bindtextdomain (const char *domainname, const char *dirname);
 
 const char *gettext (const char *msgid);
+const char *utf8_gettext (const char *msgid);
 
 char *textdomain (const char *domainname);
 

commit f8d0d2a70238f39f4bc7c07819bc1c864ba8352f
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Thu Oct 15 14:32:33 2015 +0200

    Only define TRACEPOINT macro once.
    
    * src/util.h (TRACEPOINT): Define here.
    * src/attached-file-events.cpp,
      src/engine-assuan.c,
      src/engine.c,
      src/ext-commands.cpp,
      src/item-events.cpp,
      src/mapihelp.cpp,
      src/message-events.cpp,
      src/message.cpp,
      src/mimemaker.c,
      src/mimeparser.c,
      src/olflange.cpp,
      src/passphrase-dialog.c,
      src/property-sheets.cpp,
      src/recipient-dialog.c,
      src/revert.cpp,
      src/session-events.cpp,
      src/user-events.cpp: Remove unused macro.
    * src/gpgoladdin.cpp: Switch to new macro without useless braces.

diff --git a/src/attached-file-events.cpp b/src/attached-file-events.cpp
index d7bbdd4..6ae4f0b 100644
--- a/src/attached-file-events.cpp
+++ b/src/attached-file-events.cpp
@@ -32,10 +32,6 @@
 #include "serpent.h"
 #include "attached-file-events.h"
 
-#define TRACEPOINT() do { log_debug ("%s:%s:%d: tracepoint\n", \
-                                     SRCNAME, __func__, __LINE__); \
-                        } while (0)
-
 #define COPYBUFFERSIZE 4096
 
 /* Copy STREAM to a new file FILENAME while decrypting it using the
diff --git a/src/engine-assuan.c b/src/engine-assuan.c
index 2cf1837..86207c3 100644
--- a/src/engine-assuan.c
+++ b/src/engine-assuan.c
@@ -33,11 +33,6 @@
 #include "engine-assuan.h"
 #include "util.h"
 
-
-#define TRACEPOINT() do { log_debug ("%s:%s:%d: tracepoint\n", \
-                                       SRCNAME, __func__, __LINE__); \
-                        } while (0)
-
 /* Debug macros.  */
 #define debug_ioworker        (opt.enable_debug & DBG_IOWORKER)
 #define debug_ioworker_extra  (opt.enable_debug & DBG_IOWORKER_EXTRA)
diff --git a/src/engine.c b/src/engine.c
index c5b9088..73e20b6 100644
--- a/src/engine.c
+++ b/src/engine.c
@@ -36,10 +36,6 @@
 #define FILTER_BUFFER_SIZE (128*1024)
 
 
-#define TRACEPOINT() do { log_debug ("%s:%s:%d: tracepoint\n", \
-                                       SRCNAME, __func__, __LINE__); \
-                        } while (0)
-
 #define debug_filter        (opt.enable_debug & DBG_FILTER)
 #define debug_filter_extra  (opt.enable_debug & DBG_FILTER_EXTRA)
 
diff --git a/src/ext-commands.cpp b/src/ext-commands.cpp
index 85feb2d..0411cf0 100644
--- a/src/ext-commands.cpp
+++ b/src/ext-commands.cpp
@@ -45,11 +45,6 @@
 #include "explorers.h"
 #include "inspectors.h"
 
-#define TRACEPOINT() do { log_debug ("%s:%s:%d: tracepoint\n", \
-                                     SRCNAME, __func__, __LINE__); \
-                        } while (0)
-
-
 /* Keep copies of some bitmaps.  */
 static int bitmaps_initialized;
 static HBITMAP my_check_bitmap, my_uncheck_bitmap;
diff --git a/src/gpgoladdin.cpp b/src/gpgoladdin.cpp
index 3b03bdf..6ea4c21 100644
--- a/src/gpgoladdin.cpp
+++ b/src/gpgoladdin.cpp
@@ -49,10 +49,6 @@
 #include "eventsink.h"
 #include "windowmessages.h"
 
-#define TRACEPOINT() do { log_debug ("%s:%s:%d: tracepoint\n", \
-                                     SRCNAME, __func__, __LINE__); \
-                        } while (0)
-
 #define ICON_SIZE_LARGE  32
 #define ICON_SIZE_NORMAL 16
 
@@ -278,7 +274,7 @@ STDMETHODIMP
 GpgolAddin::OnStartupComplete (SAFEARRAY** custom)
 {
   (void)custom;
-  TRACEPOINT();
+  TRACEPOINT;
 
   install_forms ();
 
@@ -303,7 +299,7 @@ STDMETHODIMP
 GpgolAddin::OnBeginShutdown (SAFEARRAY * * custom)
 {
   (void)custom;
-  TRACEPOINT();
+  TRACEPOINT;
   return S_OK;
 }
 
@@ -311,7 +307,7 @@ STDMETHODIMP
 GpgolAddin::GetTypeInfoCount (UINT *r_count)
 {
   *r_count = 0;
-  TRACEPOINT(); /* Should not happen */
+  TRACEPOINT; /* Should not happen */
   return S_OK;
 }
 
@@ -322,7 +318,7 @@ GpgolAddin::GetTypeInfo (UINT iTypeInfo, LCID lcid,
   (void)iTypeInfo;
   (void)lcid;
   (void)r_typeinfo;
-  TRACEPOINT(); /* Should not happen */
+  TRACEPOINT; /* Should not happen */
   return S_OK;
 }
 
@@ -336,7 +332,7 @@ GpgolAddin::GetIDsOfNames (REFIID riid, LPOLESTR *rgszNames,
   (void)cNames;
   (void)lcid;
   (void)rgDispId;
-  TRACEPOINT(); /* Should not happen */
+  TRACEPOINT; /* Should not happen */
   return E_NOINTERFACE;
 }
 
@@ -346,7 +342,7 @@ GpgolAddin::Invoke (DISPID dispid, REFIID riid, LCID lcid,
                     EXCEPINFO *exepinfo, UINT *argerr)
 {
   USE_INVOKE_ARGS
-  TRACEPOINT(); /* Should not happen */
+  TRACEPOINT; /* Should not happen */
   return DISP_E_MEMBERNOTFOUND;
 }
 
@@ -395,7 +391,7 @@ STDMETHODIMP
 GpgolRibbonExtender::GetTypeInfoCount (UINT *r_count)
 {
   *r_count = 0;
-  TRACEPOINT(); /* Should not happen */
+  TRACEPOINT; /* Should not happen */
   return S_OK;
 }
 
@@ -406,7 +402,7 @@ GpgolRibbonExtender::GetTypeInfo (UINT iTypeInfo, LCID lcid,
   (void)iTypeInfo;
   (void)lcid;
   (void)r_typeinfo;
-  TRACEPOINT(); /* Should not happen */
+  TRACEPOINT; /* Should not happen */
   return S_OK;
 }
 
diff --git a/src/item-events.cpp b/src/item-events.cpp
index 7ac0cae..36305f0 100644
--- a/src/item-events.cpp
+++ b/src/item-events.cpp
@@ -35,10 +35,6 @@
 #include "display.h"
 #include "item-events.h"
 
-#define TRACEPOINT() do { log_debug ("%s:%s:%d: tracepoint\n", \
-                                     SRCNAME, __func__, __LINE__); \
-                        } while (0)
-
 
 /* Wrapper around UlRelease with error checking. */
 static void 
diff --git a/src/mapihelp.cpp b/src/mapihelp.cpp
index 361f24a..fed0848 100644
--- a/src/mapihelp.cpp
+++ b/src/mapihelp.cpp
@@ -41,11 +41,6 @@
 #endif
 
 
-#define TRACEPOINT() do { log_debug ("%s:%s:%d: tracepoint\n", \
-                                     SRCNAME, __func__, __LINE__); \
-                        } while (0)
-
-
 static int get_attach_method (LPATTACH obj);
 static int has_smime_filename (LPATTACH obj);
 static char *get_attach_mime_tag (LPATTACH obj);
diff --git a/src/message-events.cpp b/src/message-events.cpp
index 940b08f..fe6e72e 100644
--- a/src/message-events.cpp
+++ b/src/message-events.cpp
@@ -40,11 +40,6 @@
 #include "explorers.h"
 #include "inspectors.h"
 
-#define TRACEPOINT() do { log_debug ("%s:%s:%d: tracepoint\n", \
-                                     SRCNAME, __func__, __LINE__); \
-                        } while (0)
-
-
 
 /* Wrapper around UlRelease with error checking. */
 static void 
diff --git a/src/message.cpp b/src/message.cpp
index c36e7fc..9344246 100644
--- a/src/message.cpp
+++ b/src/message.cpp
@@ -33,10 +33,6 @@
 #include "message.h"
 #include "gpgolstr.h"
 
-#define TRACEPOINT() do { log_debug ("%s:%s:%d: tracepoint\n", \
-                                     SRCNAME, __func__, __LINE__); \
-                        } while (0)
-
 
 /* Wrapper around UlRelease with error checking. */
 static void 
diff --git a/src/mimemaker.c b/src/mimemaker.c
index 55e5782..6ddb19d 100644
--- a/src/mimemaker.c
+++ b/src/mimemaker.c
@@ -40,11 +40,6 @@
 #include "mapihelp.h"
 #include "mimemaker.h"
 
-#define TRACEPOINT() do { log_debug ("%s:%s:%d: tracepoint\n", \
-                                     SRCNAME, __func__, __LINE__); \
-                        } while (0)
-
-
 static const char oid_mimetag[] =
     {0x2A, 0x86, 0x48, 0x86, 0xf7, 0x14, 0x03, 0x0a, 0x04};
 
diff --git a/src/mimeparser.c b/src/mimeparser.c
index e885729..af21ad5 100644
--- a/src/mimeparser.c
+++ b/src/mimeparser.c
@@ -45,10 +45,6 @@
 #include "parsetlv.h"
 
 
-#define TRACEPOINT() do { log_debug ("%s:%s:%d: tracepoint\n", \
-                                     SRCNAME, __func__, __LINE__); \
-                        } while (0)
-
 #define debug_mime_parser (opt.enable_debug & (DBG_MIME_PARSER|DBG_MIME_DATA))
 #define debug_mime_data (opt.enable_debug & DBG_MIME_DATA)
 
diff --git a/src/olflange.cpp b/src/olflange.cpp
index 10be051..f24b134 100644
--- a/src/olflange.cpp
+++ b/src/olflange.cpp
@@ -57,10 +57,6 @@
 #include "mailitem.h"
 #include "cmdbarcontrols.h"
 
-#define TRACEPOINT() do { log_debug ("%s:%s:%d: tracepoint\n", \
-                                     SRCNAME, __func__, __LINE__); \
-                        } while (0)
-
 static bool g_initdll = FALSE;
 
 static char *olversion;
diff --git a/src/passphrase-dialog.c b/src/passphrase-dialog.c
index 4fa695d..54fdcea 100644
--- a/src/passphrase-dialog.c
+++ b/src/passphrase-dialog.c
@@ -33,10 +33,6 @@
 #include "dialogs.h"
 
 
-#define TRACEPOINT() do { log_debug ("%s:%s:%d: tracepoint\n", \
-                                     SRCNAME, __func__, __LINE__); \
-                        } while (0)
-
 /* Object to maintai8n state in the dialogs. */
 struct dialog_context_s
 {
diff --git a/src/property-sheets.cpp b/src/property-sheets.cpp
index ae48a8a..693e952 100644
--- a/src/property-sheets.cpp
+++ b/src/property-sheets.cpp
@@ -38,13 +38,6 @@
 #include "property-sheets.h"
 
 
-#define TRACEPOINT() do { log_debug ("%s:%s:%d: tracepoint\n", \
-                                     SRCNAME, __func__, __LINE__); \
-                        } while (0)
-
-
-
-
 GpgolPropertySheets::GpgolPropertySheets (GpgolExt* pParentInterface)
 { 
     m_pExchExt = pParentInterface;
diff --git a/src/recipient-dialog.c b/src/recipient-dialog.c
index c4de8a9..a2684f8 100644
--- a/src/recipient-dialog.c
+++ b/src/recipient-dialog.c
@@ -36,12 +36,6 @@
 #include "gpgol-ids.h"
 #include "dialogs.h"
 
-
-#define TRACEPOINT() do { log_debug ("%s:%s:%d: tracepoint\n", \
-                                     SRCNAME, __func__, __LINE__); \
-                        } while (0)
-
-
 struct recipient_cb_s 
 {
   char **unknown_keys;  /* A string array with the names of the
diff --git a/src/revert.cpp b/src/revert.cpp
index e76f782..5e1d474 100644
--- a/src/revert.cpp
+++ b/src/revert.cpp
@@ -31,10 +31,6 @@
 #include "message.h"
 
 
-#define TRACEPOINT() do { log_debug ("%s:%s:%d: tracepoint\n", \
-                                     SRCNAME, __func__, __LINE__); \
-                        } while (0)
-
 /* Wrapper around UlRelease with error checking. */
 static void 
 ul_release (LPVOID punk, const char *func, int lnr)
diff --git a/src/session-events.cpp b/src/session-events.cpp
index 0c6e9b6..1ee67b1 100644
--- a/src/session-events.cpp
+++ b/src/session-events.cpp
@@ -37,12 +37,6 @@
 #include "session-events.h"
 
 
-#define TRACEPOINT() do { log_debug ("%s:%s:%d: tracepoint\n", \
-                                     SRCNAME, __func__, __LINE__); \
-                        } while (0)
-
-
-
 /* Wrapper around UlRelease with error checking. */
 static void 
 ul_release (LPVOID punk, const char *func, int lnr)
diff --git a/src/user-events.cpp b/src/user-events.cpp
index c56a9f5..66b8611 100644
--- a/src/user-events.cpp
+++ b/src/user-events.cpp
@@ -36,11 +36,6 @@
 #include "olflange.h"
 #include "user-events.h"
 
-#define TRACEPOINT() do { log_debug ("%s:%s:%d: tracepoint\n", \
-                                     SRCNAME, __func__, __LINE__); \
-                        } while (0)
-
-
 /* Wrapper around UlRelease with error checking. */
 static void 
 ul_release (LPVOID punk, const char *func, int lnr)
diff --git a/src/util.h b/src/util.h
index 38924f8..d950163 100644
--- a/src/util.h
+++ b/src/util.h
@@ -99,7 +99,11 @@ void log_window_hierarchy (HWND window, const char *fmt,
 
 const char *log_srcname (const char *s);
 #define SRCNAME log_srcname (__FILE__)
-     
+
+#define TRACEPOINT do { log_debug ("%s:%s:%d: tracepoint\n", \
+                                     SRCNAME, __func__, __LINE__); \
+                      } while (0)
+
 const char *get_log_file (void);
 void set_log_file (const char *name);
 void set_default_key (const char *name);

commit 5d674036b79dfe53bde846f60e6fa58359f96e1a
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Thu Oct 15 14:23:46 2015 +0200

    Check for result pointer in getIcon
    
    * src/ribbon-callbacks.cpp (getIcon): Check if result is NULL.
    
    --
    There are crashes reported to occur randomly in this function.
    Maybe someone passes us a NULL pointer as result ptr?
    Shouldn't happen but Let's guard against it.

diff --git a/src/ribbon-callbacks.cpp b/src/ribbon-callbacks.cpp
index 7c8aa19..f08d168 100644
--- a/src/ribbon-callbacks.cpp
+++ b/src/ribbon-callbacks.cpp
@@ -890,6 +890,12 @@ getIcon (int id, VARIANT* result)
   pdesc.cbSizeofstruct = sizeof pdesc;
   pdesc.picType = PICTYPE_BITMAP;
 
+  if (!result)
+    {
+      log_error ("getIcon called without result variant.");
+      return E_POINTER;
+    }
+
   /* Initialize GDI */
   gdiplusStartupInput.DebugEventCallback = NULL;
   gdiplusStartupInput.SuppressBackgroundThread = FALSE;

commit 6e5205941ce0bfa312454a9bb810ea88c69550ba
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Thu Oct 15 14:12:46 2015 +0200

    Fix crash on unload.
    
    * src/gpgoladdin.cpp (GpgolAddin::~GpgolAddin): Release ribbonextender
      instead of deleting it.
    
    --
    Previously the ribbonextender was deleted twice on unload causing
    outlook to crash.

diff --git a/src/gpgoladdin.cpp b/src/gpgoladdin.cpp
index 404fcf0..3b03bdf 100644
--- a/src/gpgoladdin.cpp
+++ b/src/gpgoladdin.cpp
@@ -166,7 +166,7 @@ GpgolAddin::~GpgolAddin (void)
   log_debug ("%s:%s: cleaning up GpgolAddin object;",
              SRCNAME, __func__);
 
-  delete m_ribbonExtender;
+  m_ribbonExtender->Release ();
   m_applicationEventSink->Release ();
 
   if (!m_disabled)

commit 0f0122066f7f76cb795596a028300906239e3b0b
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Thu Oct 15 14:05:13 2015 +0200

    Install forms for addin
    
    * src/gpgoladdin.cpp (GpgolAddin::OnStartupComplete): Call
      install_forms.
    
    --
    
    Installing the forms for Outlook 2010 and later does not appear
    to have any effect apart from providing the correct
    icons for the message list. So we can just use the old form
    configs for this.

diff --git a/src/gpgoladdin.cpp b/src/gpgoladdin.cpp
index 8547fd5..404fcf0 100644
--- a/src/gpgoladdin.cpp
+++ b/src/gpgoladdin.cpp
@@ -280,6 +280,8 @@ GpgolAddin::OnStartupComplete (SAFEARRAY** custom)
   (void)custom;
   TRACEPOINT();
 
+  install_forms ();
+
   if (!create_responder_window())
     {
       log_error ("%s:%s: Failed to create the responder window;",

-----------------------------------------------------------------------

Summary of changes:
 src/attached-file-events.cpp |  4 --
 src/engine-assuan.c          |  5 ---
 src/engine.c                 |  4 --
 src/ext-commands.cpp         |  5 ---
 src/gpgoladdin.cpp           | 28 +++++++------
 src/item-events.cpp          |  4 --
 src/mailitem-events.cpp      | 36 ++++++++++++++---
 src/mapihelp.cpp             |  5 ---
 src/message-events.cpp       |  5 ---
 src/message.cpp              |  4 --
 src/mimemaker.c              |  5 ---
 src/mimeparser.c             |  4 --
 src/olflange.cpp             |  4 --
 src/passphrase-dialog.c      |  4 --
 src/property-sheets.cpp      |  7 ----
 src/recipient-dialog.c       |  6 ---
 src/revert.cpp               |  4 --
 src/ribbon-callbacks.cpp     |  6 +++
 src/session-events.cpp       |  6 ---
 src/user-events.cpp          |  5 ---
 src/util.h                   |  5 ++-
 src/w32-gettext.c            | 95 +++++++++++++++++++++++++-------------------
 src/w32-gettext.h            |  1 +
 23 files changed, 110 insertions(+), 142 deletions(-)


hooks/post-receive
-- 
GnuPG extension for MS Outlook
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Oct 16 02:54:52 2015
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Fri, 16 Oct 2015 02:54:52 +0200
Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-4-g0d9d0a6
Message-ID: <E1Zmt9U-00031A-Vo@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".

The branch, master has been updated
       via  0d9d0a6b5b0c6f474a079bbaef11078c5df5f3b5 (commit)
      from  f0ccce855bd99fca7cfbbcafe3544e3113fedc67 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 0d9d0a6b5b0c6f474a079bbaef11078c5df5f3b5
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Fri Oct 16 09:51:42 2015 +0900

    cleanup: Fix type mismatch around gpgme_error_t.
    
    * src/data-compat.c (gpgme_error_to_errno): Use gpg_err_code
    to get error code from gpgme_error_t.
    * src/gpgme.c (gpgme_new): Don't use gpgme_error.

diff --git a/src/data-compat.c b/src/data-compat.c
index 99827f1..abb7863 100644
--- a/src/data-compat.c
+++ b/src/data-compat.c
@@ -146,7 +146,7 @@ gpgme_data_new_from_file (gpgme_data_t *r_dh, const char *fname, int copy)
 static int
 gpgme_error_to_errno (gpgme_error_t err)
 {
-  int res = gpg_err_code_to_errno (err);
+  int res = gpg_err_code_to_errno (gpg_err_code (err));
 
   if (!err)
     {
diff --git a/src/gpgme.c b/src/gpgme.c
index 343e775..3c4e8e9 100644
--- a/src/gpgme.c
+++ b/src/gpgme.c
@@ -91,7 +91,7 @@ gpgme_new (gpgme_ctx_t *r_ctx)
   TRACE_BEG (DEBUG_CTX, "gpgme_new", r_ctx);
 
   if (_gpgme_selftest)
-    return TRACE_ERR (gpgme_error (_gpgme_selftest));
+    return TRACE_ERR (_gpgme_selftest);
 
   if (!r_ctx)
     return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE));

-----------------------------------------------------------------------

Summary of changes:
 src/data-compat.c | 2 +-
 src/gpgme.c       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
GnuPG Made Easy
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Oct 16 14:11:10 2015
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Fri, 16 Oct 2015 14:11:10 +0200
Subject: [git] GpgOL - branch, master, updated. gpgol-1.2.0-67-g7016fec
Message-ID: <E1Zn3hx-0003xo-WA@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".

The branch, master has been updated
       via  7016fec9aef7be53f164829f7c76e28c6a83e228 (commit)
      from  db829bd34a6372a734f7ebe669f410cf5b7c9f96 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 7016fec9aef7be53f164829f7c76e28c6a83e228
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Fri Oct 16 11:57:06 2015 +0200

    Add Tracepoints for issue 1837
    
    * src/gpgoladdin.cpp (GpgolRibbonExtender::GetCustomUI),
     src/ribbon-callbacks.cpp (getIcon): Add Tracepoints.
    
    --
    User kjathome reports seemingly random crashed in issue1837
    where at least outlook thinks that they happen in the getIcon
    and GetCustomUI callbacks. As this is both pretty static code
    I am clueless why they would crash randomly.
    
    This Trace output might give us a better idea. It should be
    reverted before a release.

diff --git a/src/gpgoladdin.cpp b/src/gpgoladdin.cpp
index 2b59f51..74b7fcc 100644
--- a/src/gpgoladdin.cpp
+++ b/src/gpgoladdin.cpp
@@ -644,6 +644,7 @@ GpgolRibbonExtender::GetCustomUI (BSTR RibbonID, BSTR * RibbonXml)
 STDMETHODIMP
 GpgolRibbonExtender::GetCustomUI (BSTR RibbonID, BSTR * RibbonXml)
 {
+  TRACEPOINT
   char *buffer = NULL;
   const char *certManagerTTip =
     _("Start the Certificate Management Software");
@@ -681,14 +682,17 @@ GpgolRibbonExtender::GetCustomUI (BSTR RibbonID, BSTR * RibbonXml)
       "The combination of the signed message text and your signature is "
       "added below the plain text. "
       "The message will not be encrypted!");
+  TRACEPOINT
 
   log_debug ("%s:%s: GetCustomUI for id: %ls", SRCNAME, __func__, RibbonID);
 
   if (!RibbonXml)
     return E_POINTER;
 
+  TRACEPOINT
   if (!wcscmp (RibbonID, L"Microsoft.Outlook.Mail.Compose"))
     {
+      TRACEPOINT
       asprintf (&buffer,
         "<customUI xmlns=\"http://schemas.microsoft.com/office/2009/07/customui\">"
         " <ribbon>"
@@ -781,6 +785,7 @@ GpgolRibbonExtender::GetCustomUI (BSTR RibbonID, BSTR * RibbonXml)
     }
   else if (!wcscmp (RibbonID, L"Microsoft.Outlook.Mail.Read"))
     {
+      TRACEPOINT
       asprintf (&buffer,
         "<customUI xmlns=\"http://schemas.microsoft.com/office/2009/07/customui\">"
         " <ribbon>"
@@ -854,6 +859,7 @@ GpgolRibbonExtender::GetCustomUI (BSTR RibbonID, BSTR * RibbonXml)
     }
   else if (!wcscmp (RibbonID, L"Microsoft.Outlook.Explorer"))
     {
+      TRACEPOINT
       asprintf (&buffer,
         "<customUI xmlns=\"http://schemas.microsoft.com/office/2009/07/customui\">"
         " <ribbon>"
@@ -922,17 +928,23 @@ GpgolRibbonExtender::GetCustomUI (BSTR RibbonID, BSTR * RibbonXml)
         _("GpgOL"), _("Save and decrypt"),/*_("Decrypt"), */
         _("Save and decrypt"));
     }
+  TRACEPOINT
 
   if (buffer)
     {
+      TRACEPOINT
       wchar_t *wbuf = utf8_to_wchar2 (buffer, strlen(buffer));
       xfree (buffer);
+      TRACEPOINT
       *RibbonXml = SysAllocString (wbuf);
+      TRACEPOINT
       xfree (wbuf);
+      TRACEPOINT
     }
   else
     *RibbonXml = NULL;
 
+  TRACEPOINT
   return S_OK;
 }
 #endif /* MIME_SEND */
diff --git a/src/ribbon-callbacks.cpp b/src/ribbon-callbacks.cpp
index f08d168..dff6a74 100644
--- a/src/ribbon-callbacks.cpp
+++ b/src/ribbon-callbacks.cpp
@@ -875,6 +875,7 @@ do_reader_action (LPDISPATCH ctrl, int flags)
 HRESULT
 getIcon (int id, VARIANT* result)
 {
+  TRACEPOINT
   PICTDESC pdesc;
   LPDISPATCH pPict;
   HRESULT hr;
@@ -890,6 +891,7 @@ getIcon (int id, VARIANT* result)
   pdesc.cbSizeofstruct = sizeof pdesc;
   pdesc.picType = PICTYPE_BITMAP;
 
+  TRACEPOINT
   if (!result)
     {
       log_error ("getIcon called without result variant.");
@@ -904,6 +906,7 @@ getIcon (int id, VARIANT* result)
   GdiplusStartup (&gdiplusToken, &gdiplusStartupInput, NULL);
 
   /* Get the image from the resource file */
+  TRACEPOINT
   hResource = FindResource (glob_hinst, MAKEINTRESOURCE(id), RT_RCDATA);
   if (!hResource)
     {
@@ -912,10 +915,12 @@ getIcon (int id, VARIANT* result)
       return E_FAIL;
     }
 
+  TRACEPOINT
   imageSize = SizeofResource (glob_hinst, hResource);
   if (!imageSize)
     return E_FAIL;
 
+  TRACEPOINT
   pResourceData = LockResource (LoadResource(glob_hinst, hResource));
 
   if (!pResourceData)
@@ -925,36 +930,47 @@ getIcon (int id, VARIANT* result)
       return E_FAIL;
     }
 
+  TRACEPOINT
   hBuffer = GlobalAlloc (GMEM_MOVEABLE, imageSize);
 
+  TRACEPOINT
   if (hBuffer)
     {
       void* pBuffer = GlobalLock (hBuffer);
       if (pBuffer)
         {
+          TRACEPOINT
           IStream* pStream = NULL;
           CopyMemory (pBuffer, pResourceData, imageSize);
 
+          TRACEPOINT
           if (CreateStreamOnHGlobal (hBuffer, FALSE, &pStream) == S_OK)
             {
+              TRACEPOINT
               pbitmap = Gdiplus::Bitmap::FromStream (pStream);
               pStream->Release();
               if (!pbitmap || pbitmap->GetHBITMAP (0, &pdesc.bmp.hbitmap))
                 {
+                  TRACEPOINT
                   log_error ("%s:%s: failed to get PNG.",
                              SRCNAME, __func__);
                 }
             }
         }
+      TRACEPOINT
       GlobalUnlock (pBuffer);
     }
+  TRACEPOINT
   GlobalFree (hBuffer);
 
+  TRACEPOINT
   Gdiplus::GdiplusShutdown (gdiplusToken);
+  TRACEPOINT
 
   /* Wrap the image into an OLE object.  */
   hr = OleCreatePictureIndirect (&pdesc, IID_IPictureDisp,
                                  TRUE, (void **) &pPict);
+  TRACEPOINT
   if (hr != S_OK || !pPict)
     {
       log_error ("%s:%s: OleCreatePictureIndirect failed: hr=%#lx\n",
@@ -962,8 +978,10 @@ getIcon (int id, VARIANT* result)
       return -1;
     }
 
+  TRACEPOINT
   result->pdispVal = pPict;
   result->vt = VT_DISPATCH;
+  TRACEPOINT
 
   return S_OK;
 }

-----------------------------------------------------------------------

Summary of changes:
 src/gpgoladdin.cpp       | 12 ++++++++++++
 src/ribbon-callbacks.cpp | 18 ++++++++++++++++++
 2 files changed, 30 insertions(+)


hooks/post-receive
-- 
GnuPG extension for MS Outlook
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Oct 16 14:15:31 2015
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Fri, 16 Oct 2015 14:15:31 +0200
Subject: [git] GpgOL - branch, mime-addin, deleted. gpgol-1.2.0-59-gd298cda
Message-ID: <E1Zn3mB-00049f-DO@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".

The branch, mime-addin has been deleted
       was  d298cda7e18a252ecb97837a779df129d885c263

-----------------------------------------------------------------------
d298cda7e18a252ecb97837a779df129d885c263 Increase version to 1.3.0
-----------------------------------------------------------------------


hooks/post-receive
-- 
GnuPG extension for MS Outlook
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Oct 16 16:44:20 2015
From: cvs at cvs.gnupg.org (by Neal H. Walfield)
Date: Fri, 16 Oct 2015 16:44:20 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-5-g93e8555
Message-ID: <E1Zn66D-0008Um-2D@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  93e855553eba03f5c31682e0aaf39f18f29860b7 (commit)
      from  3de5ef759895837fe499cff7fb1fa7798e6d5754 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 93e855553eba03f5c31682e0aaf39f18f29860b7
Author: Neal H. Walfield <neal at g10code.com>
Date:   Fri Oct 16 16:30:46 2015 +0200

    common: Prefix the mkdir functions with gnupg_.  Make args const.
    
    * common/mkdir_p.h (mkdir_p): Rename from this...
    (gnupg_mkdir_p): ... to this.  Change directory_component's type from
    char * to const char *.
    (amkdir_p): Rename from this...
    (gnupg_amkdir_p): ... to this.  Change directory_component's type from
    char * to const char *.
    * common/mkdir_p.c (mkdir_p): Rename from this...
    (gnupg_mkdir_p): ... to this.  Change directory_component's type from
    char * to const char *.
    (amkdir_p): Rename from this...
    (gnupg_amkdir_p): ... to this.  Change directory_component's type from
    char * to const char *.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>.

diff --git a/common/mkdir_p.c b/common/mkdir_p.c
index 42469f8..43f9e02 100644
--- a/common/mkdir_p.c
+++ b/common/mkdir_p.c
@@ -41,7 +41,7 @@
 
 
 gpg_error_t
-amkdir_p (char **directory_components)
+gnupg_amkdir_p (const char **directory_components)
 {
   gpg_error_t err = 0;
   int count;
@@ -138,7 +138,7 @@ amkdir_p (char **directory_components)
 
 
 gpg_error_t
-mkdir_p (char *directory_component, ...)
+gnupg_mkdir_p (const char *directory_component, ...)
 {
   va_list ap;
   gpg_error_t err = 0;
@@ -174,7 +174,7 @@ mkdir_p (char *directory_component, ...)
   va_end (ap);
 
   if (!err)
-    err = amkdir_p (dirs);
+    err = gnupg_amkdir_p (dirs);
 
   xfree (dirs);
 
diff --git a/common/mkdir_p.h b/common/mkdir_p.h
index 0a6cf3d..28f38d1 100644
--- a/common/mkdir_p.h
+++ b/common/mkdir_p.h
@@ -39,7 +39,7 @@
    first try to create the directory "foo/bar" and then the directory
    "foo/bar/xyzzy".  On success returns 0, otherwise an error code is
    returned.  */
-gpg_error_t mkdir_p (char *directory_component, ...) GPGRT_ATTR_SENTINEL(0);
+gpg_error_t gnupg_mkdir_p (const char *directory_component, ...) GPGRT_ATTR_SENTINEL(0);
 
 /* Like mkdir_p, but DIRECTORY_COMPONENTS is a NULL terminated
    array, e.g.:
@@ -47,6 +47,6 @@ gpg_error_t mkdir_p (char *directory_component, ...) GPGRT_ATTR_SENTINEL(0);
      char **dirs = { "foo", "bar", NULL };
      amkdir_p (dirs);
  */
-gpg_error_t amkdir_p (char **directory_components);
+gpg_error_t gnupg_amkdir_p (const char **directory_components);
 
 #endif

-----------------------------------------------------------------------

Summary of changes:
 common/mkdir_p.c | 6 +++---
 common/mkdir_p.h | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Oct 16 19:29:09 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 16 Oct 2015 19:29:09 +0200
Subject: [git] gnupg-doc - branch, master,
 updated. 6d5ebbb843ac68a3b280baa78eaf329b55fd980c
Message-ID: <E1Zn8fg-0005FW-Ct@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, master has been updated
       via  6d5ebbb843ac68a3b280baa78eaf329b55fd980c (commit)
      from  1dcfa0399c627d2cb4daa0ee440dd90aab5aad87 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 6d5ebbb843ac68a3b280baa78eaf329b55fd980c
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Oct 16 19:25:25 2015 +0200

    web: Add note about data retention act.

diff --git a/web/misc/vds_timeline-300x150.png b/web/misc/vds_timeline-300x150.png
new file mode 100644
index 0000000..9bbca41
Binary files /dev/null and b/web/misc/vds_timeline-300x150.png differ
diff --git a/web/share/gpgweb.el b/web/share/gpgweb.el
index 55402fb..d8ef81e 100644
--- a/web/share/gpgweb.el
+++ b/web/share/gpgweb.el
@@ -294,6 +294,8 @@ string of the source file or nil if not available."
   <ul>
 ")
     (gpgweb--insert-menu gpgweb-gnupg-bottom-menu-alist 0 nil)
+    (insert "  <li>
+<a href=\"https://netzpolitik.org\"><img src=\"misc/vds_timeline-300x150.png\" title=\"Germany parliament again adopts data retention act - after the German (in 2010) and the European supreme court (in 2014) nixed such acts.\"></a></li>")
     (insert "  </ul>
   </div>
 ")

-----------------------------------------------------------------------

Summary of changes:
 web/misc/vds_timeline-300x150.png | Bin 0 -> 29670 bytes
 web/share/gpgweb.el               |   2 ++
 2 files changed, 2 insertions(+)
 create mode 100644 web/misc/vds_timeline-300x150.png


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Sun Oct 18 15:31:15 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Sun, 18 Oct 2015 15:31:15 +0200
Subject: [git] GPG-ERROR - branch, master,
 updated. libgpg-error-1.20-7-g75172ad
Message-ID: <E1ZnnuX-0007kj-Mi@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Error codes used by GnuPG et al.".

The branch, master has been updated
       via  75172adc3b103bd7ef75575a0c0c9c3b63fa4023 (commit)
      from  c09997bc50f3fffaf76d60d2e571b1d85536571e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 75172adc3b103bd7ef75575a0c0c9c3b63fa4023
Author: Werner Koch <wk at gnupg.org>
Date:   Sun Oct 18 15:26:14 2015 +0200

    estream: Avoid calling write(fd,NULL,n).
    
    * src/estream.c (es_func_fd_write): Take care of a flush requests.
    (es_func_w32_write): Ditto.
    (es_func_fp_write): Ditto.
    --
    
    The write handlers may be called with (BUFFER,SIZE) of (NULL,0) to
    propagate flush events to user supplied functions (es_fopencookie).
    However we need to take care to also do this with the internal
    handler.  Might be a reason for system faults due to write or fwrite
    with a NULL buffer; on Linux this seems to be harmless.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/doc/errorref.txt b/doc/errorref.txt
index 268454f..563ce9b 100644
--- a/doc/errorref.txt
+++ b/doc/errorref.txt
@@ -670,6 +670,7 @@ GPG_ERR_COMPR_FAILED           Compression or decompression failed
 GPG_ERR_WOULD_WRAP             A counter would wrap
 
     NTBTLS: - Too many messages exchanged
+    Other:  - A counter would wrap.
 
 GPG_ERR_FATAL_ALERT            Fatal alert message received
 
diff --git a/src/estream.c b/src/estream.c
index 21694a3..1c3e772 100644
--- a/src/estream.c
+++ b/src/estream.c
@@ -955,7 +955,7 @@ es_func_fd_write (void *cookie, const void *buffer, size_t size)
       _gpgrt_yield ();
       bytes_written = size; /* Yeah:  Success writing to the bit bucket.  */
     }
-  else
+  else if (buffer)
     {
       if (pre_syscall_func)
         pre_syscall_func ();
@@ -967,6 +967,8 @@ es_func_fd_write (void *cookie, const void *buffer, size_t size)
       if (post_syscall_func)
         post_syscall_func ();
     }
+  else
+    bytes_written = size; /* Note that for a flush SIZE should be 0.  */
 
   return bytes_written;
 }
@@ -1171,7 +1173,7 @@ es_func_w32_write (void *cookie, const void *buffer, size_t size)
       _gpgrt_yield ();
       bytes_written = size; /* Yeah:  Success writing to the bit bucket.  */
     }
-  else
+  else if (buffer)
     {
       if (pre_syscall_func)
         pre_syscall_func ();
@@ -1191,6 +1193,8 @@ es_func_w32_write (void *cookie, const void *buffer, size_t size)
       if (post_syscall_func)
         post_syscall_func ();
     }
+  else
+    bytes_written = size; /* Note that for a flush SIZE should be 0.  */
 
   return bytes_written;
 }
@@ -1369,32 +1373,39 @@ es_func_fp_write (void *cookie, const void *buffer, size_t size)
     {
       if (pre_syscall_func)
         pre_syscall_func ();
-#ifdef HAVE_W32_SYSTEM
-      /* Using an fwrite to stdout connected to the console fails with
-	 the error "Not enough space" for an fwrite size of >= 52KB
-	 (tested on Windows XP SP2).  To solve this we always chunk
-	 the writes up into smaller blocks.  */
-      bytes_written = 0;
-      while (bytes_written < size)
+      if (buffer)
         {
-          size_t cnt = size - bytes_written;
-
-          if (cnt > 32*1024)
-            cnt = 32*1024;
-          if (fwrite ((const char*)buffer + bytes_written,
-                      cnt, 1, file_cookie->fp) != 1)
-            break; /* Write error.  */
-          bytes_written += cnt;
-        }
+#ifdef HAVE_W32_SYSTEM
+          /* Using an fwrite to stdout connected to the console fails
+             with the error "Not enough space" for an fwrite size of
+             >= 52KB (tested on Windows XP SP2).  To solve this we
+             always chunk the writes up into smaller blocks.  */
+          bytes_written = 0;
+          while (bytes_written < size)
+            {
+              size_t cnt = size - bytes_written;
+
+              if (cnt > 32*1024)
+                cnt = 32*1024;
+              if (fwrite ((const char*)buffer + bytes_written,
+                          cnt, 1, file_cookie->fp) != 1)
+                break; /* Write error.  */
+              bytes_written += cnt;
+            }
 #else
-      bytes_written = fwrite (buffer, 1, size, file_cookie->fp);
+          bytes_written = fwrite (buffer, 1, size, file_cookie->fp);
 #endif
+        }
+      else /* Only flush requested.  */
+        bytes_written = size;
+
       fflush (file_cookie->fp);
       if (post_syscall_func)
         post_syscall_func ();
     }
   else
     bytes_written = size; /* Successfully written to the bit bucket.  */
+
   if (bytes_written != size)
     return -1;
   return bytes_written;
@@ -2515,7 +2526,8 @@ es_writen (estream_t _GPGRT__RESTRICT stream,
 
 
 static int
-es_peek (estream_t _GPGRT__RESTRICT stream, unsigned char **_GPGRT__RESTRICT data,
+es_peek (estream_t _GPGRT__RESTRICT stream,
+         unsigned char **_GPGRT__RESTRICT data,
 	 size_t *_GPGRT__RESTRICT data_len)
 {
   int err;

-----------------------------------------------------------------------

Summary of changes:
 doc/errorref.txt |  1 +
 src/estream.c    | 52 ++++++++++++++++++++++++++++++++--------------------
 2 files changed, 33 insertions(+), 20 deletions(-)


hooks/post-receive
-- 
Error codes used by GnuPG et al.
http://git.gnupg.org



From cvs at cvs.gnupg.org  Sun Oct 18 16:42:39 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Sun, 18 Oct 2015 16:42:39 +0200
Subject: [git] Assuan - branch, master, updated. libassuan-2.3.0-2-g85ece74
Message-ID: <E1Znp1c-0001B6-2F@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPC library used by GnuPG".

The branch, master has been updated
       via  85ece74a11718338dcd76d6e43ea8100183df02f (commit)
      from  3aec1981cfd0a7b29750965c065a45ad928e66dc (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 85ece74a11718338dcd76d6e43ea8100183df02f
Author: Werner Koch <wk at gnupg.org>
Date:   Sun Oct 18 16:24:34 2015 +0200

    Support SOCKS5 for assuan_sock_connect.
    
    * src/assuan-socket.c: Include netinet/in.h and arpa/inet.h.
    (SOCKS_PORT, TOR_PORT): New constants.
    (tor_mode): New variable.
    (_assuan_sock_set_flag): Add flags "tor-mode" and "socks".
    (_assuan_sock_get_flag): Ditto.
    (do_readn, do_writen): Always build.
    (socks5_connect): New.
    (use_socks): New.
    (_assuan_sock_connect): Divert to socks5_connect if requested.
    
    * tests/socks5.c: New.
    * configure.ac (AH_TOP): Define GPGRT_ENABLE_ES_MACROS.
    (AC_CHECK_FUNC): Check for getaddrinfo.
    * tests/Makefile.am (testtools): New. Add socks5.
    (AM_LDFLAGS): Add -no-install for easier debugging.
    --
    
    A future extension might be a new assuan_sock_direct_connect call
    takes the hostname as a string and returns a new socket.  This allows
    the proxy to do the resolving.  However, in the long term these socket
    wrapper should be moved to libgpgrt (aka libgpg-error).
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/configure.ac b/configure.ac
index 040ce7f..8e8768f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -126,6 +126,10 @@ AH_TOP([
 
 /* Enable gpg-error's strerror macro under W32CE.  */
 #define GPG_ERR_ENABLE_ERRNO_MACROS 1
+
+/* Provide the es_ macro for estream.  */
+#define GPGRT_ENABLE_ES_MACROS 1
+
 ])
 
 AH_BOTTOM([
@@ -356,7 +360,7 @@ AM_PATH_GPG_ERROR(1.8,, AC_MSG_ERROR([libgpg-error was not found]))
 #
 # Checks for library functions.
 #
-AC_CHECK_FUNCS([flockfile funlockfile inet_pton stat])
+AC_CHECK_FUNCS([flockfile funlockfile inet_pton stat getaddrinfo])
 
 # On some systems (e.g. Solaris) nanosleep requires linking to librl.
 # Given that we use nanosleep only as an optimization over a select
diff --git a/doc/assuan.texi b/doc/assuan.texi
index c822190..9161f0b 100644
--- a/doc/assuan.texi
+++ b/doc/assuan.texi
@@ -2082,6 +2082,20 @@ this flag for connecting to a Cygwin style socket because no state is
 required at the client.  On non-Windows platforms setting this flag is
 ignored, reading the flag always returns a value of 0.
 
+ at item tor-mode
+ at itemx socks
+If @var{value} is 1 globally enable SOCKS5 mode for new connections
+using IPv6 or IPv4. @var{fd} must be set to @code{ASSUAN_INVALID_FD} A
+future extension may allow to disable SOCKS5 mode for a specified
+socket but globally disabling SOCKS5 mode is not possible.  Using the
+flag ``tor-mode'' expects the SOCKS5 proxy to listen on port 9050, the
+flag ``socks'' expects the proxy to listen on port 1080.
+
+Connections to the loopback address are not routed though the SOCKS
+proxy.  UDP requests are not supported at all.  The proxy will be
+connected at address 127.0.0.1; an IPv6 connection to the proxy is not
+yet supported.
+
 @end table
 
 
diff --git a/src/assuan-socket.c b/src/assuan-socket.c
index ae90802..9a6ee66 100644
--- a/src/assuan-socket.c
+++ b/src/assuan-socket.c
@@ -34,6 +34,8 @@
 #else
 # include <sys/types.h>
 # include <sys/socket.h>
+# include <netinet/in.h>
+# include <arpa/inet.h>
 #endif
 #include <errno.h>
 #ifdef HAVE_SYS_STAT_H
@@ -74,11 +76,17 @@
 # define ENAMETOOLONG EINVAL
 #endif
 
+
 #ifndef SUN_LEN
 # define SUN_LEN(ptr) ((size_t) (((struct sockaddr_un *) 0)->sun_path) \
 	               + strlen ((ptr)->sun_path))
 #endif
 
+
+/* The standard SOCKS and TOR port.  */
+#define SOCKS_PORT 1080
+#define TOR_PORT   9050
+
 /* In the future, we can allow access to sock_ctx, if that context's
    hook functions need to be overridden.  There can only be one global
    assuan_sock_* user (one library or one application) with this
@@ -86,6 +94,12 @@
    needed.  */
 static assuan_context_t sock_ctx;
 
+/* This global flag can be set using assuan_sock_set_flag to enable
+   TOR or SOCKS mode for all sockets.  It may not be reset.  The value
+   is the port to be used. */
+static unsigned short tor_mode;
+
+
 
 #ifdef HAVE_W32_SYSTEM
 /* A table of active Cygwin connections.  This is only used for
@@ -498,8 +512,10 @@ _assuan_sock_new (assuan_context_t ctx, int domain, int type, int proto)
 
 int
 _assuan_sock_set_flag (assuan_context_t ctx, assuan_fd_t sockfd,
-		      const char *name, int value)
+                       const char *name, int value)
 {
+  (void)ctx;
+
   if (!strcmp (name, "cygwin"))
     {
 #ifdef HAVE_W32_SYSTEM
@@ -511,6 +527,39 @@ _assuan_sock_set_flag (assuan_context_t ctx, assuan_fd_t sockfd,
       /* Setting the Cygwin flag on non-Windows is ignored.  */
 #endif
     }
+  else if (!strcmp (name, "tor-mode") || !strcmp (name, "socks"))
+    {
+      /* If SOCKFD is ASSUAN_INVALID_FD this controls global flag to
+         switch AF_INET and AF_INET6 into TOR mode by using a SOCKS5
+         proxy on localhost:9050.  It may only be switched on and this
+         needs to be done before any new threads are started.  Once
+         TOR mode has been enabled, TOR mode can be disabled for a
+         specific socket by using SOCKFD with a VALUE of 0.  */
+      if (sockfd == ASSUAN_INVALID_FD)
+        {
+          if (tor_mode && !value)
+            {
+              gpg_err_set_errno (EPERM);
+              return -1; /* Clearing the global flag is not allowed.  */
+            }
+          else if (value)
+            {
+              if (*name == 's')
+                tor_mode = SOCKS_PORT;
+              else
+                tor_mode = TOR_PORT;
+            }
+        }
+      else if (tor_mode && sockfd != ASSUAN_INVALID_FD)
+        {
+          /* Fixme: Disable/enable tormode for the given context.  */
+        }
+      else
+        {
+          gpg_err_set_errno (EINVAL);
+          return -1;
+        }
+    }
   else
     {
       gpg_err_set_errno (EINVAL);
@@ -535,6 +584,15 @@ _assuan_sock_get_flag (assuan_context_t ctx, assuan_fd_t sockfd,
       *r_value = 0;
 #endif
     }
+  else if (!strcmp (name, "tor-mode"))
+    {
+      /* FIXME: Find tor-mode for the given socket.  */
+      *r_value = tor_mode == TOR_PORT;
+    }
+  else if (!strcmp (name, "socks"))
+    {
+      *r_value = tor_mode == SOCKS_PORT;
+    }
   else
     {
       gpg_err_set_errno (EINVAL);
@@ -547,7 +605,6 @@ _assuan_sock_get_flag (assuan_context_t ctx, assuan_fd_t sockfd,
 
 /* Read NBYTES from SOCKFD into BUFFER.  Return 0 on success.  Handle
    EAGAIN and EINTR.  */
-#ifdef HAVE_W32_SYSTEM
 static int
 do_readn (assuan_context_t ctx, assuan_fd_t sockfd,
           void *buffer, size_t nbytes)
@@ -561,7 +618,7 @@ do_readn (assuan_context_t ctx, assuan_fd_t sockfd,
       if (n < 0 && errno == EINTR)
         ;
       else if (n < 0 && errno == EAGAIN)
-        Sleep (100);
+        _assuan_usleep (ctx, 100000); /* 100ms */
       else if (n < 0)
         return -1;
       else if (!n)
@@ -598,7 +655,164 @@ do_writen (assuan_context_t ctx, assuan_fd_t sockfd,
 
   return ret;
 }
-#endif /*HAVE_W32_SYSTEM*/
+
+
+/* Connect using the SOCKS5 protocol.  */
+static int
+socks5_connect (assuan_context_t ctx, int sock,
+                struct sockaddr *addr, socklen_t length)
+{
+  int ret;
+  /* struct sockaddr_in6 proxyaddr_in6; */
+  struct sockaddr_in  proxyaddr_in;
+  struct sockaddr *proxyaddr;
+  size_t proxyaddrlen;
+  struct sockaddr_in6 *addr_in6;
+  struct sockaddr_in  *addr_in;
+  unsigned char buffer[22];
+  size_t buflen;
+
+  /* memset (&proxyaddr_in6, 0, sizeof proxyaddr_in6); */
+  memset (&proxyaddr_in, 0, sizeof proxyaddr_in);
+
+  /* Connect to local host.  */
+  /* Fixme: First try to use IPv6.  */
+  proxyaddr_in.sin_family = AF_INET;
+  proxyaddr_in.sin_port = htons (tor_mode);
+  proxyaddr_in.sin_addr.s_addr = htonl (INADDR_LOOPBACK);
+  proxyaddr = (struct sockaddr *)&proxyaddr_in;
+  proxyaddrlen = sizeof proxyaddr_in;
+  ret = _assuan_connect (ctx, sock, proxyaddr, proxyaddrlen);
+  if (ret)
+    return ret;
+  buffer[0] = 5; /* RFC-1928 VER field.  */
+  buffer[1] = 1; /* NMETHODS */
+  buffer[2] = 0; /* Method: No authentication required. */
+
+  /* Negotiate method.  */
+  ret = do_writen (ctx, sock, buffer, 3);
+  if (ret)
+    return ret;
+  ret = do_readn (ctx, sock, buffer, 2);
+  if (ret)
+    return ret;
+  if (buffer[0] != 5 || buffer[1] != 0 )
+    {
+      /* Socks server returned wrong version or does not support our
+         requested method.  */
+      gpg_err_set_errno (ENOTSUP); /* Fixme: Is there a better errno? */
+      return -1;
+    }
+
+  /* Send request details (rfc-1928, 4).  */
+  buffer[0] = 5; /* VER  */
+  buffer[1] = 1; /* CMD = CONNECT  */
+  buffer[2] = 0; /* RSV  */
+  if (addr->sa_family == AF_INET6)
+    {
+      addr_in6 = (struct sockaddr_in6 *)addr;
+
+      buffer[3] = 4; /* ATYP = IPv6 */
+      memcpy (buffer+ 4, &addr_in6->sin6_addr.s6_addr, 16); /* DST.ADDR */
+      memcpy (buffer+20, &addr_in6->sin6_port, 2);          /* DST.PORT */
+      buflen = 22;
+    }
+  else
+    {
+      addr_in = (struct sockaddr_in *)addr;
+
+      buffer[3] = 1; /* ATYP = IPv4 */
+      memcpy (buffer+4, &addr_in->sin_addr.s_addr, 4); /* DST.ADDR */
+      memcpy (buffer+8, &addr_in->sin_port, 2);        /* DST.PORT */
+      buflen = 10;
+    }
+  ret = do_writen (ctx, sock, buffer, buflen);
+  if (ret)
+    return ret;
+  ret = do_readn (ctx, sock, buffer, buflen);
+  if (ret)
+    return ret;
+  if (buffer[0] != 5 || buffer[2] != 0 )
+    {
+      /* Socks server returned wrong version or the reserved field is
+         not zero.  */
+      gpg_err_set_errno (EPROTO);
+      return -1;
+    }
+  if (buffer[1])
+    {
+      switch (buffer[1])
+        {
+        case 0x01: /* general SOCKS server failure.  */
+          gpg_err_set_errno (ENETDOWN);
+          break;
+        case 0x02: /* connection not allowed by ruleset.  */
+          gpg_err_set_errno (EACCES);
+          break;
+        case 0x03: /* Network unreachable */
+          gpg_err_set_errno (ENETUNREACH);
+          break;
+        case 0x04: /* Host unreachable */
+          gpg_err_set_errno (EHOSTUNREACH);
+          break;
+        case 0x05: /* Connection refused */
+          gpg_err_set_errno (ECONNREFUSED);
+          break;
+        case 0x06: /* TTL expired */
+          gpg_err_set_errno (ETIMEDOUT);
+          break;
+        case 0x08: /* Address type not supported */
+          gpg_err_set_errno (EPROTONOSUPPORT);
+          break;
+        case 0x07: /* Command not supported */
+        default:
+          gpg_err_set_errno (ENOTSUP); /* Fixme: Is there a better errno? */
+        }
+      return -1;
+    }
+  /* FIXME: We have not way to store the actual address used by the
+     server.  */
+
+
+  return 0;
+}
+
+
+/* Return true if SOCKS shall be used.  This is the case if tor_mode
+   is enabled and and the desired address is not the loopback
+   address.  */
+static int
+use_socks (struct sockaddr *addr)
+{
+  if (!tor_mode)
+    return 0;
+  else if (addr->sa_family == AF_INET6)
+    {
+      struct sockaddr_in6 *addr_in6 = (struct sockaddr_in6 *)addr;
+      const unsigned char *s;
+      int i;
+
+      s = (unsigned char *)&addr_in6->sin6_addr.s6_addr;
+      if (s[15] != 1)
+        return 1;   /* Last octet is not 1 - not the loopback address.  */
+      for (i=0; i < 15; i++, s++)
+        if (*s)
+          return 1; /* Non-zero octet found - not the loopback address.  */
+
+      return 0; /* This is the loopback address.  */
+    }
+  else if (addr->sa_family == AF_INET)
+    {
+      struct sockaddr_in *addr_in = (struct sockaddr_in *)addr;
+
+      if (*(unsigned char*)&addr_in->sin_addr.s_addr == 127)
+        return 0; /* Loopback (127.0.0.0/8) */
+
+      return 1;
+    }
+  else
+    return 0;
+}
 
 
 int
@@ -658,11 +872,13 @@ _assuan_sock_connect (assuan_context_t ctx, assuan_fd_t sockfd,
         }
       return ret;
     }
+  else if (use_socks (addr))
+    {
+      return socks5_connect (ctx, HANDLE2SOCKET (sockfd), addr, addrlen);
+    }
   else
     {
-      int ret;
-      ret = _assuan_connect (ctx, HANDLE2SOCKET (sockfd), addr, addrlen);
-      return ret;
+      return _assuan_connect (ctx, HANDLE2SOCKET (sockfd), addr, addrlen);
     }
 #else
 # if HAVE_STAT
@@ -697,7 +913,15 @@ _assuan_sock_connect (assuan_context_t ctx, assuan_fd_t sockfd,
 
     }
 # endif /*HAVE_STAT*/
-  return _assuan_connect (ctx, sockfd, addr, addrlen);
+
+  if (use_socks (addr))
+    {
+      return socks5_connect (ctx, sockfd, addr, addrlen);
+    }
+  else
+    {
+      return _assuan_connect (ctx, sockfd, addr, addrlen);
+    }
 #endif
 }
 
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 024ffe2..0ccb981 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -20,11 +20,13 @@
 
 TESTS_ENVIRONMENT =
 
-EXTRA_DIST = motd ce-createpipe.c
+EXTRA_DIST = motd ce-createpipe.c $(testtools)
 
 BUILT_SOURCES =
 CLEANFILES =
 
+testtools = socks5
+
 TESTS = version pipeconnect
 
 if HAVE_W32CE_SYSTEM
@@ -35,10 +37,10 @@ if USE_DESCRIPTOR_PASSING
 TESTS += fdpassing
 endif
 
-
 AM_CFLAGS = $(GPG_ERROR_CFLAGS)
+AM_LDFLAGS = -no-install
 
 noinst_HEADERS = common.h
-noinst_PROGRAMS = $(TESTS) $(w32cetools)
+noinst_PROGRAMS = $(TESTS) $(w32cetools) $(testtools)
 LDADD = ../src/libassuan.la  $(NETLIBS) $(GPG_ERROR_LIBS)
 
diff --git a/tests/socks5.c b/tests/socks5.c
new file mode 100644
index 0000000..c179108
--- /dev/null
+++ b/tests/socks5.c
@@ -0,0 +1,240 @@
+/* socks5.c - Check the SOCKS5 client feature
+ * Copyright (C) 2015 g10 Code GmbH
+ *
+ * This file is part of Assuan.
+ *
+ * Assuan is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Assuan is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#ifdef HAVE_W32_SYSTEM
+# ifdef HAVE_WINSOCK2_H
+#  include <winsock2.h>
+# endif
+# include <windows.h>
+#else /*!HAVE_W32_SYSTEM*/
+# include <sys/types.h>
+# include <sys/socket.h>
+# include <netdb.h>
+#endif /*!HAVE_W32_SYSTEM*/
+
+#include "../src/assuan.h"
+#include "common.h"
+
+#ifndef HAVE_GETADDRINFO
+int
+main (void)
+{
+  fputs ("socks5: getaddrinfo not supported\n", stderr);
+  return 77; /* Skip test.  */
+}
+#else /* HAVE_GETADDRINFO */
+
+

+/*
+
+     M A I N
+
+*/
+int
+main (int argc, char **argv)
+{
+  int last_argc = -1;
+  gpg_error_t err;
+  int only_v6 = 0;
+  int only_v4 = 0;
+  int use_tor = 0;
+  int disable_socks = 0;
+  assuan_fd_t sock = ASSUAN_INVALID_FD;
+  estream_t infp, outfp;
+  int c;
+
+  if (argc)
+    {
+      log_set_prefix (*argv);
+      argc--; argv++;
+    }
+  while (argc && last_argc != argc )
+    {
+      last_argc = argc;
+      if (!strcmp (*argv, "--"))
+        {
+          argc--; argv++;
+          break;
+        }
+      else if (!strcmp (*argv, "--help"))
+        {
+          puts (
+"usage: ./socks5 [options] HOST PORT\n"
+"\n"
+"Options:\n"
+"  --verbose        Show what is going on\n"
+"  --use-tor        Use port 9050 instead of 1080\n"
+"  --inet6-only     Use only IPv6\n"
+"  --inet4-only     Use only IPv4\n"
+"  --disable-socks  Connect w/o SOCKS\n"
+);
+          exit (0);
+        }
+      if (!strcmp (*argv, "--verbose"))
+        {
+          verbose = 1;
+          argc--; argv++;
+        }
+      else if (!strcmp (*argv, "--debug"))
+        {
+          verbose = debug = 1;
+          argc--; argv++;
+        }
+      else if (!strcmp (*argv, "-6") || !strcmp (*argv, "--inet6-only"))
+        {
+          only_v6 = 1;
+          argc--; argv++;
+        }
+      else if (!strcmp (*argv, "-4") || !strcmp (*argv, "--inet4-only"))
+        {
+          only_v4 = 1;
+          argc--; argv++;
+        }
+      else if (!strcmp (*argv, "--use-tor"))
+        {
+          use_tor = 1;
+          argc--; argv++;
+        }
+      else if (!strcmp (*argv, "--disable-socks"))
+        {
+          disable_socks = 1;
+          argc--; argv++;
+        }
+      else if (!strncmp (*argv, "--", 2))
+        {
+          log_error ("unknown option '%s'\n", *argv);
+          exit (1);
+        }
+    }
+
+  if (argc != 2)
+    {
+      fputs ("usage: socks5 HOST PORT\n", stderr);
+      exit (1);
+    }
+
+  assuan_set_assuan_log_prefix (log_prefix);
+
+  if (!assuan_check_version (ASSUAN_VERSION))
+    log_error ("assuan_check_version returned an error\n");
+
+  assuan_sock_init ();
+
+  if (!disable_socks
+      && assuan_sock_set_flag (ASSUAN_INVALID_FD,
+                               use_tor? "tor-mode":"socks", 1))
+    {
+      err = gpg_error_from_syserror ();
+      log_fatal ("setting %s mode failed: %s\n",
+                 use_tor? "TOR": "SOCKS", gpg_strerror (err));
+    }
+
+  {
+    struct addrinfo hints, *res, *ai;
+    int ret;
+    int anyok = 0;
+
+    memset (&hints, 0, sizeof (hints));
+    hints.ai_socktype = SOCK_STREAM;
+    ret = getaddrinfo (argv[0], argv[1], &hints, &res);
+    if (ret)
+      {
+        log_error ("error resolving '%s': %s\n", argv[0], gai_strerror (ret));
+        exit (1);
+      }
+
+    for (ai = res; ai; ai = ai->ai_next)
+      {
+        if (ai->ai_family == AF_INET && only_v6)
+          continue;
+        if (ai->ai_family == AF_INET6 && only_v4)
+          continue;
+
+        if (sock != ASSUAN_INVALID_FD)
+          assuan_sock_close (sock);
+        sock = assuan_sock_new (ai->ai_family, ai->ai_socktype,
+                                ai->ai_protocol);
+        if (sock == ASSUAN_INVALID_FD)
+          {
+            err = gpg_error_from_syserror ();
+            log_error ("error creating socket: %s\n", gpg_strerror (err));
+            freeaddrinfo (res);
+            exit (1);
+          }
+
+        if (assuan_sock_connect (sock,  ai->ai_addr, ai->ai_addrlen))
+          {
+            err = gpg_error_from_syserror ();
+            log_error ("assuan_sock_connect (%s) failed: %s\n",
+                       ai->ai_family == AF_INET6? "v6" :
+                       ai->ai_family == AF_INET ? "v4" : "?",
+                       gpg_strerror (err));
+          }
+        else
+          {
+            log_info ("assuan_sock_connect succeeded (%d)\n",
+                      ai->ai_family == AF_INET6? "v6" :
+                      ai->ai_family == AF_INET ? "v4" : "?");
+            anyok = 1;
+            break;
+          }
+      }
+    freeaddrinfo (res);
+    if (!anyok)
+      exit (1);
+  }
+
+  infp = es_fdopen_nc (sock, "rb");
+  if (!infp)
+    {
+      err = gpg_error_from_syserror ();
+      assuan_sock_close (sock);
+      log_fatal ("opening inbound stream failed: %s\n", gpg_strerror (err));
+    }
+  outfp = es_fdopen (sock, "wb");
+  if (!outfp)
+    {
+      err = gpg_error_from_syserror ();
+      es_fclose (infp);
+        assuan_sock_close (sock);
+        log_fatal ("opening outbound stream failed: %s\n", gpg_strerror (err));
+    }
+
+  es_fputs ("HEAD / HTTP/1.0\r\n\r\n", outfp);
+  es_fflush (outfp);
+  while ((c = es_fgetc (infp)) != EOF)
+    {
+      putchar (c);
+      if (c == '\n')
+        break;
+    }
+  es_fclose (infp);
+  es_fclose (outfp);
+
+  return errorcount ? 1 : 0;
+}
+#endif /*HAVE_GETADDRINFO*/

-----------------------------------------------------------------------

Summary of changes:
 configure.ac        |   6 +-
 doc/assuan.texi     |  14 +++
 src/assuan-socket.c | 240 ++++++++++++++++++++++++++++++++++++++++++++++++++--
 tests/Makefile.am   |   8 +-
 tests/socks5.c      | 240 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 496 insertions(+), 12 deletions(-)
 create mode 100644 tests/socks5.c


hooks/post-receive
-- 
IPC library used by GnuPG
http://git.gnupg.org



From cvs at cvs.gnupg.org  Sun Oct 18 19:12:58 2015
From: cvs at cvs.gnupg.org (by Neal H. Walfield)
Date: Sun, 18 Oct 2015 19:12:58 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-7-g128a456
Message-ID: <E1ZnrN5-00050j-Hw@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  128a456e775edf393d47e40bb9ae8b62434e2978 (commit)
      from  f77913e0ff7be4cd9c6337a70ac715e6f4a43572 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 128a456e775edf393d47e40bb9ae8b62434e2978
Author: Neal H. Walfield <neal at g10code.com>
Date:   Sun Oct 18 19:08:18 2015 +0200

    g10: Fix assert.
    
    * g10/tofu.c (get_trust): Fix assert.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>.

diff --git a/g10/tofu.c b/g10/tofu.c
index 39377cb..b8705d7 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -1676,7 +1676,7 @@ get_trust (struct db *dbs, const char *fingerprint, const char *email,
 	    if (choice)
 	      {
 		int c = ((size_t) choice - (size_t) choices) / 2;
-		assert (0 <= c && c <= 3);
+		assert (0 <= c && c <= 4);
 
 		switch (c)
 		  {

-----------------------------------------------------------------------

Summary of changes:
 g10/tofu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Sun Oct 18 20:22:21 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Sun, 18 Oct 2015 20:22:21 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-11-gc2c4007
Message-ID: <E1ZnsSG-0006mT-6N@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  c2c400714854d5a127a6966200d345d0d6cfc7d4 (commit)
       via  558bcd43ae0a841cf1e58e06f5d72a19d5bc70cd (commit)
       via  e64c805b0c270d859ddf2c35d573110cf25e8d48 (commit)
       via  5aa1b392b1bf6fcf4cd380862c5affac39a4f34d (commit)
      from  128a456e775edf393d47e40bb9ae8b62434e2978 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit c2c400714854d5a127a6966200d345d0d6cfc7d4
Author: Werner Koch <wk at gnupg.org>
Date:   Sun Oct 18 20:17:24 2015 +0200

    gpg: Silence two more warnings.
    
    * g10/trustdb.c (tdb_get_validity_core): Silence a warning.
    * g10/tofu.c (tofu_register): Move SIG_DIGEST computation to the top
    so that it is not uninitialized in case of an early error.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/tofu.c b/g10/tofu.c
index 21a54bc..9b21d86 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -2096,6 +2096,8 @@ tofu_register (const byte *fingerprint_bin, const char *user_id,
   unsigned long c;
   int already_verified = 0;
 
+  sig_digest = make_radix64_string (sig_digest_bin, sig_digest_bin_len);
+
   dbs = opendbs ();
   if (! dbs)
     {
@@ -2128,8 +2130,6 @@ tofu_register (const byte *fingerprint_bin, const char *user_id,
     }
 
   /* Save the observed signature in the DB.  */
-  sig_digest = make_radix64_string (sig_digest_bin, sig_digest_bin_len);
-
   db = getdb (dbs, email, DB_EMAIL);
   if (! db)
     {
diff --git a/g10/trustdb.c b/g10/trustdb.c
index 170c041..f58051a 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -1003,7 +1003,7 @@ tdb_get_validity_core (PKT_public_key *pk, PKT_user_id *uid,
 
   if (opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP)
     {
-      kbnode_t user_id_node;
+      kbnode_t user_id_node = NULL; /* Silence -Wmaybe-uninitialized.  */
       int user_ids = 0;
       int user_ids_expired = 0;
 

commit 558bcd43ae0a841cf1e58e06f5d72a19d5bc70cd
Author: Werner Koch <wk at gnupg.org>
Date:   Sun Oct 18 20:07:26 2015 +0200

    gpg: Fix harmless compiler warnings.
    
    * g10/tofu.h (_tofu_GET_POLICY_ERROR): New.  This avoids warnings
    about undefined enum values in a switch.
    * g10/trustdb.h (_tofu_GET_TRUST_ERROR): New.
    * g10/tofu.c (TIME_AGO_FUTURE_IGNORE): Move to the top.
    (opendbs): Avoid compiler warning (use braces).
    (GET_POLICY_ERROR): Replace define by enum _tofu_GET_POLICY_ERROR.
    (get_policy): Remove assert.
    (GET_TRUST_ERROR): Replace by _tofu_GET_TRUST_ERROR macro.
    (show_statistics): Undef MIN_SECS et al. after use.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/tofu.c b/g10/tofu.c
index b8705d7..21a54bc 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -82,6 +82,39 @@ struct db
   char name[1];
 };
 
+/* The grouping parameters when collecting signature statistics.  */
+
+/* If a message is signed a couple of hours in the future, just assume
+   some clock skew.  */
+#define TIME_AGO_FUTURE_IGNORE (2 * 60 * 60)
+#if 0
+#  define TIME_AGO_UNIT_SMALL 60
+#  define TIME_AGO_UNIT_SMALL_NAME _("minute")
+#  define TIME_AGO_UNIT_SMALL_NAME_PLURAL _("minutes")
+#  define TIME_AGO_MEDIUM_THRESHOLD (60 * TIME_AGO_UNIT_SMALL)
+#  define TIME_AGO_UNIT_MEDIUM (60 * 60)
+#  define TIME_AGO_UNIT_MEDIUM_NAME _("hour")
+#  define TIME_AGO_UNIT_MEDIUM_NAME_PLURAL _("hours")
+#  define TIME_AGO_LARGE_THRESHOLD (24 * 60 * TIME_AGO_UNIT_SMALL)
+#  define TIME_AGO_UNIT_LARGE (24 * 60 * 60)
+#  define TIME_AGO_UNIT_LARGE_NAME _("day")
+#  define TIME_AGO_UNIT_LARGE_NAME_PLURAL _("days")
+#else
+#  define TIME_AGO_UNIT_SMALL (24 * 60 * 60)
+#  define TIME_AGO_UNIT_SMALL_NAME _("day")
+#  define TIME_AGO_UNIT_SMALL_NAME_PLURAL _("days")
+#  define TIME_AGO_MEDIUM_THRESHOLD (4 * TIME_AGO_UNIT_SMALL)
+#  define TIME_AGO_UNIT_MEDIUM (7 * 24 * 60 * 60)
+#  define TIME_AGO_UNIT_MEDIUM_NAME _("week")
+#  define TIME_AGO_UNIT_MEDIUM_NAME_PLURAL _("weeks")
+#  define TIME_AGO_LARGE_THRESHOLD (28 * TIME_AGO_UNIT_SMALL)
+#  define TIME_AGO_UNIT_LARGE (30 * 24 * 60 * 60)
+#  define TIME_AGO_UNIT_LARGE_NAME _("month")
+#  define TIME_AGO_UNIT_LARGE_NAME_PLURAL _("months")
+#endif
+
+
+
 const char *
 tofu_policy_str (enum tofu_policy policy)
 {
@@ -647,8 +680,9 @@ opendbs (void)
 	return NULL;
     }
   else
-    /* Create a dummy entry so that we have a handle.  */
-    ;
+    {
+      /* Create a dummy entry so that we have a handle.  */
+    }
 
   dbs = xmalloc_clear (sizeof (*dbs));
   dbs->db = db;
@@ -1058,37 +1092,6 @@ signature_stats_collect_cb (void *cookie, int argc, char **argv,
   return 0;
 }
 
-/* The grouping parameters when collecting signature statistics.  */
-
-/* If a message is signed a couple of hours in the future, just assume
-   some clock skew.  */
-#define TIME_AGO_FUTURE_IGNORE (2 * 60 * 60)
-#if 0
-#  define TIME_AGO_UNIT_SMALL 60
-#  define TIME_AGO_UNIT_SMALL_NAME _("minute")
-#  define TIME_AGO_UNIT_SMALL_NAME_PLURAL _("minutes")
-#  define TIME_AGO_MEDIUM_THRESHOLD (60 * TIME_AGO_UNIT_SMALL)
-#  define TIME_AGO_UNIT_MEDIUM (60 * 60)
-#  define TIME_AGO_UNIT_MEDIUM_NAME _("hour")
-#  define TIME_AGO_UNIT_MEDIUM_NAME_PLURAL _("hours")
-#  define TIME_AGO_LARGE_THRESHOLD (24 * 60 * TIME_AGO_UNIT_SMALL)
-#  define TIME_AGO_UNIT_LARGE (24 * 60 * 60)
-#  define TIME_AGO_UNIT_LARGE_NAME _("day")
-#  define TIME_AGO_UNIT_LARGE_NAME_PLURAL _("days")
-#else
-#  define TIME_AGO_UNIT_SMALL (24 * 60 * 60)
-#  define TIME_AGO_UNIT_SMALL_NAME _("day")
-#  define TIME_AGO_UNIT_SMALL_NAME_PLURAL _("days")
-#  define TIME_AGO_MEDIUM_THRESHOLD (4 * TIME_AGO_UNIT_SMALL)
-#  define TIME_AGO_UNIT_MEDIUM (7 * 24 * 60 * 60)
-#  define TIME_AGO_UNIT_MEDIUM_NAME _("week")
-#  define TIME_AGO_UNIT_MEDIUM_NAME_PLURAL _("weeks")
-#  define TIME_AGO_LARGE_THRESHOLD (28 * TIME_AGO_UNIT_SMALL)
-#  define TIME_AGO_UNIT_LARGE (30 * 24 * 60 * 60)
-#  define TIME_AGO_UNIT_LARGE_NAME _("month")
-#  define TIME_AGO_UNIT_LARGE_NAME_PLURAL _("months")
-#endif
-
 /* Convert from seconds to time units.
 
    Note: T should already be a multiple of TIME_AGO_UNIT_SMALL or
@@ -1128,11 +1131,9 @@ time_ago_unit (signed long t)
 }
 
 
-#define GET_POLICY_ERROR 100
-
 /* Return the policy for the binding <FINGERPRINT, EMAIL> (email has
    already been normalized) and any conflict information in *CONFLICT
-   if CONFLICT is not NULL.  Returns GET_POLICY_ERROR if an error
+   if CONFLICT is not NULL.  Returns _tofu_GET_POLICY_ERROR if an error
    occurs.  */
 static enum tofu_policy
 get_policy (struct db *dbs, const char *fingerprint, const char *email,
@@ -1143,18 +1144,11 @@ get_policy (struct db *dbs, const char *fingerprint, const char *email,
   char *err = NULL;
   strlist_t strlist = NULL;
   char *tail = NULL;
-  enum tofu_policy policy = GET_POLICY_ERROR;
-
-  assert (GET_POLICY_ERROR != TOFU_POLICY_NONE
-	  && GET_POLICY_ERROR != TOFU_POLICY_AUTO
-	  && GET_POLICY_ERROR != TOFU_POLICY_GOOD
-	  && GET_POLICY_ERROR != TOFU_POLICY_UNKNOWN
-	  && GET_POLICY_ERROR != TOFU_POLICY_BAD
-	  && GET_POLICY_ERROR != TOFU_POLICY_ASK);
+  enum tofu_policy policy = _tofu_GET_POLICY_ERROR;
 
   db = getdb (dbs, email, DB_EMAIL);
   if (! db)
-    return GET_POLICY_ERROR;
+    return _tofu_GET_POLICY_ERROR;
 
   /* Check if the <FINGERPRINT, EMAIL> binding is known
      (TOFU_POLICY_NONE cannot appear in the DB.  Thus, if POLICY is
@@ -1209,7 +1203,7 @@ get_policy (struct db *dbs, const char *fingerprint, const char *email,
     {
       log_error (_("TOFU DB is corrupted.  Invalid value for policy (%d).\n"),
 		 policy);
-      policy = GET_POLICY_ERROR;
+      policy = _tofu_GET_POLICY_ERROR;
       goto out;
     }
 
@@ -1226,7 +1220,7 @@ get_policy (struct db *dbs, const char *fingerprint, const char *email,
     }
 
  out:
-  assert (policy == GET_POLICY_ERROR
+  assert (policy == _tofu_GET_POLICY_ERROR
 	  || policy == TOFU_POLICY_NONE
 	  || policy == TOFU_POLICY_AUTO
 	  || policy == TOFU_POLICY_GOOD
@@ -1239,12 +1233,10 @@ get_policy (struct db *dbs, const char *fingerprint, const char *email,
   return policy;
 }
 
-#define GET_TRUST_ERROR 100
-
 /* Return the trust level (TRUST_NEVER, etc.) for the binding
    <FINGERPRINT, EMAIL> (email is already normalized).  If no policy
    is registered, returns TOFU_POLICY_NONE.  If an error occurs,
-   returns GET_TRUST_ERROR.
+   returns _tofu_GET_TRUST_ERROR.
 
    USER_ID is the unadultered user id.
 
@@ -1270,19 +1262,19 @@ get_trust (struct db *dbs, const char *fingerprint, const char *email,
   if (opt.batch)
     may_ask = 0;
 
-  /* Make sure GET_TRUST_ERROR isn't equal to any of the trust
+  /* Make sure _tofu_GET_TRUST_ERROR isn't equal to any of the trust
      levels.  */
-  assert (GET_TRUST_ERROR != TRUST_UNKNOWN
-	  && GET_TRUST_ERROR != TRUST_EXPIRED
-	  && GET_TRUST_ERROR != TRUST_UNDEFINED
-	  && GET_TRUST_ERROR != TRUST_NEVER
-	  && GET_TRUST_ERROR != TRUST_MARGINAL
-	  && GET_TRUST_ERROR != TRUST_FULLY
-	  && GET_TRUST_ERROR != TRUST_ULTIMATE);
+  assert (_tofu_GET_TRUST_ERROR != TRUST_UNKNOWN
+	  && _tofu_GET_TRUST_ERROR != TRUST_EXPIRED
+	  && _tofu_GET_TRUST_ERROR != TRUST_UNDEFINED
+	  && _tofu_GET_TRUST_ERROR != TRUST_NEVER
+	  && _tofu_GET_TRUST_ERROR != TRUST_MARGINAL
+	  && _tofu_GET_TRUST_ERROR != TRUST_FULLY
+	  && _tofu_GET_TRUST_ERROR != TRUST_ULTIMATE);
 
   db = getdb (dbs, email, DB_EMAIL);
   if (! db)
-    return GET_TRUST_ERROR;
+    return _tofu_GET_TRUST_ERROR;
 
   policy = get_policy (dbs, fingerprint, email, &conflict);
   if (policy == TOFU_POLICY_AUTO)
@@ -1322,8 +1314,8 @@ get_trust (struct db *dbs, const char *fingerprint, const char *email,
 	 below.  */
       break;
 
-    case GET_POLICY_ERROR:
-      trust_level = GET_TRUST_ERROR;
+    case _tofu_GET_POLICY_ERROR:
+      trust_level = _tofu_GET_TRUST_ERROR;
       goto out;
 
     default:
@@ -1388,7 +1380,7 @@ get_trust (struct db *dbs, const char *fingerprint, const char *email,
 	{
 	  log_error (_("error setting TOFU binding's trust level to %s\n"),
 		       "auto");
-	  trust_level = GET_TRUST_ERROR;
+	  trust_level = _tofu_GET_TRUST_ERROR;
 	  goto out;
 	}
 
@@ -1710,7 +1702,7 @@ get_trust (struct db *dbs, const char *fingerprint, const char *email,
 				    policy, 0) != 0)
 		  /* If there's an error registering the
 		     binding, don't save the signature.  */
-		  trust_level = GET_TRUST_ERROR;
+		  trust_level = _tofu_GET_TRUST_ERROR;
 
 		break;
 	      }
@@ -1894,6 +1886,12 @@ show_statistics (struct db *dbs, const char *fingerprint,
 		}
 	      seconds = first_seen_ago;
 
+#undef MIN_SECS
+#undef HOUR_SECS
+#undef DAY_SECS
+#undef MONTH_SECS
+#undef YEAR_SECS
+
 	      if (years)
 		{
 		  if (years > 1)
@@ -2122,7 +2120,7 @@ tofu_register (const byte *fingerprint_bin, const char *user_id,
   /* It's necessary to get the trust so that we are certain that the
      binding has been registered.  */
   trust_level = get_trust (dbs, fingerprint, email, user_id, may_ask);
-  if (trust_level == GET_TRUST_ERROR)
+  if (trust_level == _tofu_GET_TRUST_ERROR)
     /* An error.  */
     {
       trust_level = TRUST_UNKNOWN;
@@ -2327,7 +2325,7 @@ tofu_get_validity (const byte *fingerprint_bin, const char *user_id,
   email = email_from_user_id (user_id);
 
   trust_level = get_trust (dbs, fingerprint, email, user_id, may_ask);
-  if (trust_level == GET_TRUST_ERROR)
+  if (trust_level == _tofu_GET_TRUST_ERROR)
     /* An error.  */
     trust_level = TRUST_UNDEFINED;
 
@@ -2466,7 +2464,7 @@ tofu_get_policy (PKT_public_key *pk, PKT_user_id *user_id,
   xfree (fingerprint);
   closedbs (dbs);
 
-  if (*policy == GET_POLICY_ERROR)
+  if (*policy == _tofu_GET_POLICY_ERROR)
     return gpg_error (GPG_ERR_GENERAL);
   return 0;
 }
diff --git a/g10/tofu.h b/g10/tofu.h
index 7516684..b0fcc5b 100644
--- a/g10/tofu.h
+++ b/g10/tofu.h
@@ -56,7 +56,11 @@ enum tofu_policy
        binding (by selecting accept once or reject once).  The next
        time we see this binding, we should ask the user what to
        do.  */
-    TOFU_POLICY_ASK = 5
+    TOFU_POLICY_ASK = 5,
+
+
+    /* Privat evalue used only within tofu.c.  */
+    _tofu_GET_POLICY_ERROR = 100
   };
 
 /* Return a string representation of a trust policy.  Returns "???" if
diff --git a/g10/trustdb.h b/g10/trustdb.h
index 2c3f865..adb75d7 100644
--- a/g10/trustdb.h
+++ b/g10/trustdb.h
@@ -36,6 +36,11 @@
 #define TRUST_FLAG_DISABLED 128 /* d: key/uid disabled */
 #define TRUST_FLAG_PENDING_CHECK 256 /* a check-trustdb is pending */
 
+/* Private value used in tofu.c - must be different from the trust
+   values.  */
+#define _tofu_GET_TRUST_ERROR 100
+
+/* Length of the hash used to select UIDs in keyedit.c.  */
 #define NAMEHASH_LEN  20
 
 

commit e64c805b0c270d859ddf2c35d573110cf25e8d48
Author: Werner Koch <wk at gnupg.org>
Date:   Sun Oct 18 19:37:41 2015 +0200

    common: Avoid warning about const char ** assignment.
    
    * common/mkdir_p.c (gnupg_amkdir_p): Also strdup first item.  Return
    an error on malloc failure.
    (gnupg_mkdir_p): Fix type of dirs and tmp_dirs.
    --
    
    The code was correct but it inhibits type checking.  Instead of
    casting it seems easier to simply allocate also the the first item in
    DIRS.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/common/mkdir_p.c b/common/mkdir_p.c
index 43f9e02..2e93d65 100644
--- a/common/mkdir_p.c
+++ b/common/mkdir_p.c
@@ -53,16 +53,21 @@ gnupg_amkdir_p (const char **directory_components)
 
   /* log_debug ("%s: %d directory components.\n", __func__, count); */
 
-  dirs = xtrycalloc (count, sizeof (char *));
+  dirs = xtrycalloc (count, sizeof *dirs);
   if (!dirs)
     return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
 
   for (i = 0; directory_components[i]; i ++)
     {
       if (i == 0)
-	dirs[i] = directory_components[i];
+	dirs[i] = xtrystrdup (directory_components[i]);
       else
-	dirs[i] = make_filename (dirs[i - 1], directory_components[i], NULL);
+	dirs[i] = make_filename_try (dirs[i-1], directory_components[i], NULL);
+      if (!dirs[i])
+        {
+          err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
+          goto out;
+        }
 
       /* log_debug ("%s: Directory %d: `%s'.\n", __func__, i, dirs[i]); */
     }
@@ -127,7 +132,7 @@ gnupg_amkdir_p (const char **directory_components)
     }
 
  out:
-  for (i = 1; i < count; i ++)
+  for (i = 0; i < count; i ++)
     xfree (dirs[i]);
   xfree (dirs);
 
@@ -144,7 +149,7 @@ gnupg_mkdir_p (const char *directory_component, ...)
   gpg_error_t err = 0;
   int i;
   int space = 1;
-  char **dirs;
+  const char **dirs;
 
   dirs = xtrymalloc (space * sizeof (char *));
   if (!dirs)
@@ -157,7 +162,7 @@ gnupg_mkdir_p (const char *directory_component, ...)
     {
       if (i == space)
 	{
-          char **tmp_dirs;
+          const char **tmp_dirs;
 
 	  space = 2 * space;
 	  tmp_dirs = xtryrealloc (dirs, space * sizeof (char *));

commit 5aa1b392b1bf6fcf4cd380862c5affac39a4f34d
Author: Werner Koch <wk at gnupg.org>
Date:   Sun Oct 18 20:07:44 2015 +0200

    Move http module from common/ to dirmngr/.
    
    * common/http.c: Move to ../dirmngr/.
    * common/http.h: Move to ../dirmngr/.
    * common/t-http.c: Move to ../dirmngr/.
    * common/tls-ca.pem: Move to ../dirmngr/.
    * common/Makefile.am: Do not build libcommontls.a libcommontlsnpth.a.
    Remove http.c related stuff.
    * po/POTFILES.in: Move http.c to dirmngr/.
    * dirmngr/Makefile.am (EXTRA_DIST): Add tls-ca.pem.
    (module_maint_tests): New.
    (noinst_PROGRAMS): Add module_maint_tests.
    (dirmngr_SOURCES): Add http.c and http.h.
    (dirmngr_LDADD): Remove libcommontlsnpth.
    (t_common_ldadd): Ditto.
    (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New.
    (t_ldap_parse_uri_SOURCES): Add http.c.
    (t_ldap_parse_uri_CFLAGS): Build without npth.
    ($(PROGRAMS)): Do not require libcommontls.a libcommontlsnpth.a.
    * dirmngr/dirmngr.h, dirmngr/ks-engine.h: Fix include of http.h.
    --
    
    All network access is done via dirmngr and thus http.c should be
    there.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/common/Makefile.am b/common/Makefile.am
index 7c87fa9..2be51f1 100644
--- a/common/Makefile.am
+++ b/common/Makefile.am
@@ -20,10 +20,9 @@
 
 EXTRA_DIST = mkstrtable.awk exaudit.awk exstatus.awk ChangeLog-2011 \
              audit-events.h status-codes.h ChangeLog.jnlib \
-	     ChangeLog-2011.include w32info-rc.h.in gnupg.ico tls-ca.pem
+	     ChangeLog-2011.include w32info-rc.h.in gnupg.ico
 
-noinst_LIBRARIES = libcommon.a libcommonpth.a libgpgrl.a \
-                   libcommontls.a libcommontlsnpth.a
+noinst_LIBRARIES = libcommon.a libcommonpth.a libgpgrl.a
 if !HAVE_W32CE_SYSTEM
 noinst_LIBRARIES += libsimple-pwquery.a
 endif
@@ -93,12 +92,6 @@ if HAVE_W32_SYSTEM
 common_sources += w32-reg.c w32-afunix.c w32-afunix.h
 endif
 
-# Sources possible requiring a TLS library are put into a separate
-# conveince library.
-tls_sources = \
-	http.c http.h
-
-
 # To make the code easier to read we have split home some code into
 # separate source files.
 if HAVE_W32_SYSTEM
@@ -128,12 +121,6 @@ libcommonpth_a_SOURCES += srv.c
 endif
 libcommonpth_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS)
 
-libcommontls_a_SOURCES = $(tls_sources)
-libcommontls_a_CFLAGS = $(AM_CFLAGS) $(LIBGNUTLS_CFLAGS) -DWITHOUT_NPTH=1
-
-libcommontlsnpth_a_SOURCES = $(tls_sources)
-libcommontlsnpth_a_CFLAGS = $(AM_CFLAGS) $(LIBGNUTLS_CFLAGS) $(NPTH_CFLAGS)
-
 if !HAVE_W32CE_SYSTEM
 libsimple_pwquery_a_SOURCES = \
 	simple-pwquery.c simple-pwquery.h asshelp.c asshelp.h
@@ -179,7 +166,7 @@ module_tests += t-w32-reg
 endif
 
 if MAINTAINER_MODE
-module_maint_tests = t-helpfile t-b64 t-http
+module_maint_tests = t-helpfile t-b64
 else
 module_maint_tests =
 endif
@@ -222,11 +209,5 @@ t_w32_reg_SOURCES = t-w32-reg.c $(t_extra_src)
 t_w32_reg_LDADD   = $(t_common_ldadd)
 endif
 
-# http tests
-t_http_SOURCES = t-http.c
-t_http_CFLAGS  = $(t_common_cflags) $(NTBTLS_CFLAGS) $(LIBGNUTLS_CFLAGS)
-t_http_LDADD   = libcommontls.a $(t_common_ldadd) \
-	         $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(DNSLIBS)
-
 # All programs should depend on the created libs.
-$(PROGRAMS) : libcommon.a libcommonpth.a libcommontls.a libcommontlsnpth.a
+$(PROGRAMS) : libcommon.a libcommonpth.a
diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am
index cee777a..a9f09fd 100644
--- a/dirmngr/Makefile.am
+++ b/dirmngr/Makefile.am
@@ -19,7 +19,7 @@
 
 ## Process this file with automake to produce Makefile.in
 
-EXTRA_DIST = OAUTHORS ONEWS ChangeLog-2011
+EXTRA_DIST = OAUTHORS ONEWS ChangeLog-2011 tls-ca.pem
 
 bin_PROGRAMS = dirmngr dirmngr-client
 
@@ -27,7 +27,7 @@ if USE_LDAPWRAPPER
 libexec_PROGRAMS = dirmngr_ldap
 endif
 
-noinst_PROGRAMS = $(module_tests)
+noinst_PROGRAMS = $(module_tests) $(module_maint_tests)
 TESTS = $(module_tests)
 
 AM_CPPFLAGS = -I$(top_srcdir)/common
@@ -62,6 +62,7 @@ dirmngr_SOURCES = dirmngr.c dirmngr.h server.c crlcache.c crlfetch.c	\
 	cdb.h cdblib.c misc.c dirmngr-err.h  \
 	ocsp.c ocsp.h validate.c validate.h  \
 	dns-cert.c dns-cert.h \
+	http.c http.h \
 	ks-action.c ks-action.h ks-engine.h \
 	ks-engine-hkp.c ks-engine-http.c ks-engine-finger.c ks-engine-kdns.c
 
@@ -75,7 +76,7 @@ ldaplibs =
 endif
 
 
-dirmngr_LDADD = $(libcommontlsnpth) $(libcommonpth) \
+dirmngr_LDADD = $(libcommonpth) \
         $(DNSLIBS) $(LIBASSUAN_LIBS) \
 	$(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(NPTH_LIBS) \
 	$(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV)
@@ -108,8 +109,7 @@ no-libgcrypt.c : $(top_srcdir)/tools/no-libgcrypt.c
 
 
 t_common_src = t-support.h
-# We need libcommontls, because we use the http functions.
-t_common_ldadd = $(libcommontls) $(libcommon) no-libgcrypt.o \
+t_common_ldadd = $(libcommon) no-libgcrypt.o \
                  $(GPG_ERROR_LIBS) $(NETLIBS) \
                  $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) \
                  $(DNSLIBS) $(LIBINTL) $(LIBICONV)
@@ -120,12 +120,28 @@ if USE_LDAP
 module_tests += t-ldap-parse-uri
 endif
 
+if MAINTAINER_MODE
+module_maint_tests = t-http
+else
+module_maint_tests =
+endif
+
+
+# http tests
+t_http_SOURCES = t-http.c http.c
+t_http_CFLAGS  = -DWITHOUT_NPTH=1 \
+	         $(LIBGCRYPT_CFLAGS) $(NTBTLS_CFLAGS) $(LIBGNUTLS_CFLAGS) \
+                 $(GPG_ERROR_CFLAGS)
+t_http_LDADD   = $(t_common_ldadd) \
+	         $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(DNSLIBS)
+
 t_ldap_parse_uri_SOURCES = \
-	t-ldap-parse-uri.c ldap-parse-uri.c ldap-parse-uri.h \
+	t-ldap-parse-uri.c ldap-parse-uri.c ldap-parse-uri.h http.c \
         $(ldap_url) $(t_common_src)
+t_ldap_parse_uri_CFLAGS = -DWITHOUT_NPTH=1
 t_ldap_parse_uri_LDADD = $(ldaplibs) $(t_common_ldadd)
 
 t_dns_cert_SOURCES = t-dns-cert.c dns-cert.c
 t_dns_cert_LDADD   = $(t_common_ldadd)
 
-$(PROGRAMS) : $(libcommon) $(libcommonpth) $(libcommontls) $(libcommontlsnpth)
+$(PROGRAMS) : $(libcommon) $(libcommonpth)
diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h
index b2b94f9..dff902a 100644
--- a/dirmngr/dirmngr.h
+++ b/dirmngr/dirmngr.h
@@ -33,7 +33,7 @@
 #include "../common/membuf.h"
 #include "../common/sysutils.h" /* (gnupg_fd_t) */
 #include "../common/i18n.h"
-#include "../common/http.h"     /* (parsed_uri_t) */
+#include "http.h"     /* (parsed_uri_t) */
 
 /* This objects keeps information about a particular LDAP server and
    is used as item of a single linked list of servers. */
diff --git a/common/http.c b/dirmngr/http.c
similarity index 100%
rename from common/http.c
rename to dirmngr/http.c
diff --git a/common/http.h b/dirmngr/http.h
similarity index 100%
rename from common/http.h
rename to dirmngr/http.h
diff --git a/dirmngr/ks-engine.h b/dirmngr/ks-engine.h
index aff6cf4..6684a12 100644
--- a/dirmngr/ks-engine.h
+++ b/dirmngr/ks-engine.h
@@ -21,7 +21,7 @@
 #ifndef DIRMNGR_KS_ENGINE_H
 #define DIRMNGR_KS_ENGINE_H 1
 
-#include "../common/http.h"
+#include "http.h"
 
 /*-- ks-action.c --*/
 gpg_error_t ks_print_help (ctrl_t ctrl, const char *text);
diff --git a/common/t-http.c b/dirmngr/t-http.c
similarity index 100%
rename from common/t-http.c
rename to dirmngr/t-http.c
diff --git a/common/tls-ca.pem b/dirmngr/tls-ca.pem
similarity index 100%
rename from common/tls-ca.pem
rename to dirmngr/tls-ca.pem
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 09c6ec4..dc88448 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -15,7 +15,6 @@ agent/cvt-openpgp.c
 common/exechelp-posix.c
 common/exechelp-w32.c
 common/exechelp-w32ce.c
-common/http.c
 common/simple-pwquery.c
 common/sysutils.c
 common/yesno.c
@@ -110,6 +109,7 @@ dirmngr/crlfetch.c
 dirmngr/dirmngr-client.c
 dirmngr/dirmngr.c
 dirmngr/dirmngr_ldap.c
+dirmngr/http.c
 dirmngr/ldap-wrapper-ce.c
 dirmngr/ldap-wrapper.c
 dirmngr/ldap.c

-----------------------------------------------------------------------

Summary of changes:
 common/Makefile.am             |  27 ++-------
 common/mkdir_p.c               |  17 ++++--
 dirmngr/Makefile.am            |  30 ++++++---
 dirmngr/dirmngr.h              |   2 +-
 {common => dirmngr}/http.c     |   0
 {common => dirmngr}/http.h     |   0
 dirmngr/ks-engine.h            |   2 +-
 {common => dirmngr}/t-http.c   |   0
 {common => dirmngr}/tls-ca.pem |   0
 g10/tofu.c                     | 134 ++++++++++++++++++++---------------------
 g10/tofu.h                     |   6 +-
 g10/trustdb.c                  |   2 +-
 g10/trustdb.h                  |   5 ++
 po/POTFILES.in                 |   2 +-
 14 files changed, 118 insertions(+), 109 deletions(-)
 rename {common => dirmngr}/http.c (100%)
 rename {common => dirmngr}/http.h (100%)
 rename {common => dirmngr}/t-http.c (100%)
 rename {common => dirmngr}/tls-ca.pem (100%)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Oct 19 10:39:20 2015
From: cvs at cvs.gnupg.org (by Neal H. Walfield)
Date: Mon, 19 Oct 2015 10:39:20 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-14-g253afa2
Message-ID: <E1Zo5pb-0004GC-NR@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  253afa244487dd8129816615ac2865c9fe812aaf (commit)
       via  e56a116f9a1171ccf8b3293887a217953a46fc20 (commit)
       via  55d88454652543c98d74376977d855e394df6c92 (commit)
      from  c2c400714854d5a127a6966200d345d0d6cfc7d4 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 253afa244487dd8129816615ac2865c9fe812aaf
Author: Neal H. Walfield <neal at g10code.com>
Date:   Mon Oct 19 10:36:21 2015 +0200

    gpg: Fix formatting.
    
    * g10/tofu.c (get_trust): Fix formatting.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/g10/tofu.c b/g10/tofu.c
index 6510927..a7f9e90 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -1634,12 +1634,12 @@ get_trust (struct db *dbs, const char *fingerprint, const char *email,
 	if (strcmp (text, "TOFU detected a binding conflict") == 0)
 	  /* No translation.  Use the English text.  */
 	  text =
-	    "Normally, there is only a single key associated with an email"
-	    "address.  However, people sometimes generate a new key if"
-	    "their key is too old or they think it might be compromised."
-	    "Alternatively, a new key may indicate a man-in-the-middle attack!"
-	    "Before accepting this key, you should talk to or call the person"
-	    "to make sure this new key is legitimate.";
+	    "Normally, there is only a single key associated with an email "
+	    "address.  However, people sometimes generate a new key if "
+	    "their key is too old or they think it might be compromised.  "
+	    "Alternatively, a new key may indicate a man-in-the-middle"
+	    "attack!  Before accepting this key, you should talk to or "
+	    "call the person to make sure this new key is legitimate.";
 	es_fprintf (fp, "\n%s\n", text);
       }
 

commit e56a116f9a1171ccf8b3293887a217953a46fc20
Author: Neal H. Walfield <neal at g10code.com>
Date:   Mon Oct 19 10:35:38 2015 +0200

    gpg: Don't forget to free some memory.
    
    * g10/tofu.c (tofu_register): Free SIG_DIGEST before returning.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/g10/tofu.c b/g10/tofu.c
index 2d4c738..6510927 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -2248,6 +2248,7 @@ tofu_register (const byte *fingerprint_bin, const char *user_id,
   xfree (fingerprint);
   if (dbs)
     closedbs (dbs);
+  xfree (sig_digest);
 
   return trust_level;
 }

commit 55d88454652543c98d74376977d855e394df6c92
Author: Neal H. Walfield <neal at g10code.com>
Date:   Mon Oct 19 10:34:15 2015 +0200

    gpg: If a conflict occurs in batch mode, record that.
    
    * g10/tofu.c (get_trust): If a conflict occurs when MAY_ASK is false,
    set conflict to the key.  When prompting the user, don't show the
    conflicting key if the conflicting key is the current key.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/g10/tofu.c b/g10/tofu.c
index 9b21d86..2d4c738 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -1450,7 +1450,10 @@ get_trust (struct db *dbs, const char *fingerprint, const char *email,
 	es_fprintf (fp, _("The binding %s is NOT known.  "), binding);
 	binding_shown = 1;
       }
-    else if (policy == TOFU_POLICY_ASK && conflict)
+    else if (policy == TOFU_POLICY_ASK
+	     /* If there the conflict is with itself, then don't
+		display this message.  */
+	     && conflict && strcmp (conflict, fingerprint) != 0)
       {
 	es_fprintf (fp,
 		    _("%s raised a conflict with this binding.  Since this"
@@ -1718,11 +1721,22 @@ get_trust (struct db *dbs, const char *fingerprint, const char *email,
  out:
   if (change_conflicting_to_ask)
     {
-      rc = sqlite3_exec_printf
-	(db, NULL, NULL, &err,
-	 "update bindings set policy = %d, conflict = %Q"
-	 " where email = %Q and fingerprint != %Q and policy = %d;",
-	 TOFU_POLICY_ASK, fingerprint, email, fingerprint, TOFU_POLICY_AUTO);
+      if (! may_ask)
+	/* If we weren't allowed to ask, also update this key as
+	   conflicting with itself.  */
+	rc = sqlite3_exec_printf
+	  (db, NULL, NULL, &err,
+	   "update bindings set policy = %d, conflict = %Q"
+	   " where email = %Q"
+	   "  and (policy = %d or (policy = %d and fingerprint = %Q));",
+	   TOFU_POLICY_ASK, fingerprint, email, TOFU_POLICY_AUTO,
+	   TOFU_POLICY_ASK, fingerprint);
+      else
+	rc = sqlite3_exec_printf
+	  (db, NULL, NULL, &err,
+	   "update bindings set policy = %d, conflict = %Q"
+	   " where email = %Q and fingerprint != %Q and policy = %d;",
+	   TOFU_POLICY_ASK, fingerprint, email, fingerprint, TOFU_POLICY_AUTO);
       if (rc)
 	{
 	  log_error (_("error changing TOFU policy: %s\n"), err);

-----------------------------------------------------------------------

Summary of changes:
 g10/tofu.c | 39 +++++++++++++++++++++++++++------------
 1 file changed, 27 insertions(+), 12 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Oct 19 13:22:00 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 19 Oct 2015 13:22:00 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-16-g6983fd1
Message-ID: <E1Zo8Mz-00082e-5q@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  6983fd131f648ba4acd57b266de9868911874d14 (commit)
       via  8c609eaf35b547f02979ef0b206520dd0853b294 (commit)
      from  253afa244487dd8129816615ac2865c9fe812aaf (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 6983fd131f648ba4acd57b266de9868911874d14
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Oct 19 13:12:24 2015 +0200

    dirmngr: Make --use-tor work - still leaks DNS.
    
    * dirmngr/dirmngr.c (set_tor_mode): New.
    (main, reread_configuration): Call it.
    * dirmngr/http.c (http_raw_connect, send_request): Check whether TOR
    mode is enabled if the FORCE_TOR flag is given.
    --
    
    The patch for http.c is a sanity check because tor mode is anyway
    global as long as the Assuan socket wrappers are used.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index a32040e..744fb52 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -466,6 +466,20 @@ set_debug (void)
 
 
 static void
+set_tor_mode (void)
+{
+  if (opt.use_tor)
+    {
+      if (assuan_sock_set_flag (ASSUAN_INVALID_FD, "tor-mode", 1))
+        {
+          log_error ("error enabling TOR mode: %s\n", strerror (errno));
+          log_info ("(is your Libassuan recent enough?)\n");
+        }
+    }
+}
+
+
+static void
 wrong_args (const char *text)
 {
   es_fprintf (es_stderr, _("usage: %s [options] "), DIRMNGR_NAME);
@@ -985,11 +999,10 @@ main (int argc, char **argv)
   if (opt.use_tor)
     {
       log_info ("WARNING: ***************************************\n");
-      log_info ("WARNING: TOR mode (--use-tor) DOES NOT YET WORK!\n");
+      log_info ("WARNING: TOR mode (--use-tor) MAY NOT FULLY WORK!\n");
       log_info ("WARNING: ***************************************\n");
     }
 
-
   /* Print a warning if an argument looks like an option.  */
   if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN))
     {
@@ -1018,6 +1031,7 @@ main (int argc, char **argv)
     }
 
   set_debug ();
+  set_tor_mode ();
 
   /* Get LDAP server list from file. */
 #if USE_LDAP
@@ -1783,6 +1797,7 @@ reread_configuration (void)
   fclose (fp);
 
   set_debug ();
+  set_tor_mode ();
 }
 
 
diff --git a/dirmngr/http.c b/dirmngr/http.c
index 6ba2987..6f8bf3d 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -751,8 +751,13 @@ http_raw_connect (http_t *r_hd, const char *server, unsigned short port,
 
   if ((flags & HTTP_FLAG_FORCE_TOR))
     {
-      log_error ("TOR support is not yet available\n");
-      return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
+      int mode;
+
+      if (assuan_sock_get_flag (ASSUAN_INVALID_FD, "tor-mode", &mode) || !mode)
+        {
+          log_error ("TOR support is not available\n");
+          return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
+        }
     }
 
   /* Create the handle. */
@@ -1466,8 +1471,13 @@ send_request (http_t hd, const char *httphost, const char *auth,
 
   if ((hd->flags & HTTP_FLAG_FORCE_TOR))
     {
-      log_error ("TOR support is not yet available\n");
-      return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
+      int mode;
+
+      if (assuan_sock_get_flag (ASSUAN_INVALID_FD, "tor-mode", &mode) || !mode)
+        {
+          log_error ("TOR support is not available\n");
+          return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
+        }
     }
 
   server = *hd->uri->host ? hd->uri->host : "localhost";
diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
index 18e8189..d1d4211 100644
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@@ -238,9 +238,11 @@ useful for debugging.
 
 @item --use-tor
 @opindex use-tor
-This options is not yet functional!  It will eventually switch GnuPG
-into a TOR mode to route all network access via TOR (an anonymity
-network).
+This option switches Dirmngr and thus GnuPG into ``TOR mode'' to route
+all network access via TOR (an anonymity network).  WARNING: As of now
+this still leaks the DNS queries; e.g. to lookup the hosts in a
+keyserver pool.  Certain other features are disabled if this mode is
+active.
 
 @item --keyserver @code{name}
 @opindex keyserver

commit 8c609eaf35b547f02979ef0b206520dd0853b294
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Oct 19 12:43:22 2015 +0200

    dirmngr: Use Assuan socket wrappers for http.c
    
    * dirmngr/http.c: Include assuan.h.  Changed all code taking a socket
    descriptor from int to assuan_fd_t.
    (my_unprotect, my_protect): New.
    (my_connect): Remove.
    (_my_socket_new, _my_socket_unref): use assuan_sock_close.
    (connect_server): Use assuan_sock_connect, assuan_sock_new, and
    assuan_sock_close.
    * dirmngr/Makefile.am (t_common_ldadd): Add LIBASSUAN_LIBS.
    --
    
    This change prepares for the use of SOCKS5 with http.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am
index a9f09fd..ae16660 100644
--- a/dirmngr/Makefile.am
+++ b/dirmngr/Makefile.am
@@ -109,7 +109,7 @@ no-libgcrypt.c : $(top_srcdir)/tools/no-libgcrypt.c
 
 
 t_common_src = t-support.h
-t_common_ldadd = $(libcommon) no-libgcrypt.o \
+t_common_ldadd = $(libcommon) no-libgcrypt.o $(LIBASSUAN_LIBS) \
                  $(GPG_ERROR_LIBS) $(NETLIBS) \
                  $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) \
                  $(DNSLIBS) $(LIBINTL) $(LIBICONV)
diff --git a/dirmngr/http.c b/dirmngr/http.c
index edd8a6d..6ba2987 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -94,6 +94,7 @@
 # include <gnutls/x509.h>
 #endif /*HTTP_USE_GNUTLS*/
 
+#include <assuan.h>  /* We need the socket wrapper.  */
 
 #include "util.h"
 #include "i18n.h"
@@ -119,12 +120,14 @@ struct srventry
 
 #ifdef USE_NPTH
 # define my_select(a,b,c,d,e)  npth_select ((a), (b), (c), (d), (e))
-# define my_connect(a,b,c)     npth_connect ((a), (b), (c))
 # define my_accept(a,b,c)      npth_accept ((a), (b), (c))
+# define my_unprotect()        npth_unprotect ()
+# define my_protect()          npth_protect ()
 #else
 # define my_select(a,b,c,d,e)  select ((a), (b), (c), (d), (e))
-# define my_connect(a,b,c)     connect ((a), (b), (c))
 # define my_accept(a,b,c)      accept ((a), (b), (c))
+# define my_unprotect()        do { } while(0)
+# define my_protect()          do { } while(0)
 #endif
 
 #ifdef HAVE_W32_SYSTEM
@@ -181,9 +184,9 @@ static gpg_error_t send_request (http_t hd, const char *httphost,
 static char *build_rel_path (parsed_uri_t uri);
 static gpg_error_t parse_response (http_t hd);
 
-static int connect_server (const char *server, unsigned short port,
-                           unsigned int flags, const char *srvtag,
-                           int *r_host_not_found);
+static assuan_fd_t connect_server (const char *server, unsigned short port,
+                                   unsigned int flags, const char *srvtag,
+                                   int *r_host_not_found);
 static gpg_error_t write_server (int sock, const char *data, size_t length);
 
 static ssize_t cookie_read (void *cookie, void *buffer, size_t size);
@@ -194,8 +197,8 @@ static int cookie_close (void *cookie);
 /* A socket object used to a allow ref counting of sockets.  */
 struct my_socket_s
 {
-  int fd;       /* The actual socket - shall never be -1.  */
-  int refcount; /* Number of references to this socket.  */
+  assuan_fd_t fd; /* The actual socket - shall never be ASSUAN_INVALID_FD.  */
+  int refcount;   /* Number of references to this socket.  */
 };
 typedef struct my_socket_s *my_socket_t;
 
@@ -338,7 +341,7 @@ init_sockets (void)
 /* Create a new socket object.  Returns NULL and closes FD if not
    enough memory is available.  */
 static my_socket_t
-_my_socket_new (int lnr, int fd)
+_my_socket_new (int lnr, assuan_fd_t fd)
 {
   my_socket_t so;
 
@@ -346,7 +349,7 @@ _my_socket_new (int lnr, int fd)
   if (!so)
     {
       int save_errno = errno;
-      sock_close (fd);
+      assuan_sock_close (fd);
       gpg_err_set_errno (save_errno);
       return NULL;
     }
@@ -389,7 +392,7 @@ _my_socket_unref (int lnr, my_socket_t so,
         {
           if (preclose)
             preclose (preclosearg);
-          sock_close (so->fd);
+          assuan_sock_close (so->fd);
           xfree (so);
         }
     }
@@ -740,7 +743,6 @@ http_raw_connect (http_t *r_hd, const char *server, unsigned short port,
                   unsigned int flags, const char *srvtag)
 {
   gpg_error_t err = 0;
-  int sock;
   http_t hd;
   cookie_t cookie;
   int hnf;
@@ -761,22 +763,26 @@ http_raw_connect (http_t *r_hd, const char *server, unsigned short port,
   hd->flags = flags;
 
   /* Connect.  */
-  sock = connect_server (server, port, hd->flags, srvtag, &hnf);
-  if (sock == -1)
-    {
-      err = gpg_err_make (default_errsource,
-                          (hnf? GPG_ERR_UNKNOWN_HOST
-                              : gpg_err_code_from_syserror ()));
-      xfree (hd);
-      return err;
-    }
-  hd->sock = my_socket_new (sock);
-  if (!hd->sock)
-    {
-      err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
-      xfree (hd);
-      return err;
-    }
+  {
+    assuan_fd_t sock;
+
+    sock = connect_server (server, port, hd->flags, srvtag, &hnf);
+    if (sock == ASSUAN_INVALID_FD)
+      {
+        err = gpg_err_make (default_errsource,
+                            (hnf? GPG_ERR_UNKNOWN_HOST
+                             : gpg_err_code_from_syserror ()));
+        xfree (hd);
+        return err;
+      }
+    hd->sock = my_socket_new (sock);
+    if (!hd->sock)
+      {
+        err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
+        xfree (hd);
+        return err;
+      }
+  }
 
   /* Setup estreams for reading and writing.  */
   cookie = xtrycalloc (1, sizeof *cookie);
@@ -1560,7 +1566,7 @@ send_request (http_t hd, const char *httphost, const char *auth,
                              hd->flags, srvtag, &hnf);
       save_errno = errno;
       http_release_parsed_uri (uri);
-      if (sock == -1)
+      if (sock == ASSUAN_INVALID_FD)
         gpg_err_set_errno (save_errno);
     }
   else
@@ -1568,7 +1574,7 @@ send_request (http_t hd, const char *httphost, const char *auth,
       sock = connect_server (server, port, hd->flags, srvtag, &hnf);
     }
 
-  if (sock == -1)
+  if (sock == ASSUAN_INVALID_FD)
     {
       xfree (proxy_authstr);
       return gpg_err_make (default_errsource,
@@ -2183,11 +2189,11 @@ start_server ()
 
 /* Actually connect to a server.  Returns the file descriptor or -1 on
    error.  ERRNO is set on error. */
-static int
+static assuan_fd_t
 connect_server (const char *server, unsigned short port,
                 unsigned int flags, const char *srvtag, int *r_host_not_found)
 {
-  int sock = -1;
+  assuan_fd_t sock = ASSUAN_INVALID_FD;
   int srvcount = 0;
   int hostfound = 0;
   int anyhostaddr = 0;
@@ -2197,6 +2203,7 @@ connect_server (const char *server, unsigned short port,
 #ifdef HAVE_W32_SYSTEM
   unsigned long inaddr;
 #endif
+  int ret;
 
   *r_host_not_found = 0;
 #ifdef HAVE_W32_SYSTEM
@@ -2213,21 +2220,24 @@ connect_server (const char *server, unsigned short port,
 
       memset(&addr,0,sizeof(addr));
 
-      sock = socket(AF_INET,SOCK_STREAM,0);
-      if ( sock==INVALID_SOCKET )
+      sock = assuan_sock_socket (AF_INET, SOCK_STREAM, 0);
+      if (sock == ASSUAN_INVALID_FD)
 	{
-	  log_error("error creating socket: ec=%d\n",(int)WSAGetLastError());
-	  return -1;
+	  log_error ("error creating socket: %s\n", strerror (errno));
+	  return ASSUAN_INVALID_FD;
 	}
 
       addr.sin_family = AF_INET;
       addr.sin_port = htons(port);
       memcpy (&addr.sin_addr,&inaddr,sizeof(inaddr));
 
-      if (!my_connect (sock,(struct sockaddr *)&addr,sizeof(addr)) )
+      my_unprotect ();
+      ret = assuan_sock_connect (sock,(struct sockaddr *)&addr,sizeof(addr));
+      my_protect ();
+      if (!ret)
 	return sock;
-      sock_close(sock);
-      return -1;
+      assuan_sock_close (sock);
+      return ASSUAN_INVALID_FD;
     }
 #endif /*HAVE_W32_SYSTEM*/
 
@@ -2284,21 +2294,25 @@ connect_server (const char *server, unsigned short port,
           if (ai->ai_family == AF_INET6 && (flags & HTTP_FLAG_IGNORE_IPv6))
             continue;
 
-          if (sock != -1)
-            sock_close (sock);
-          sock = socket (ai->ai_family, ai->ai_socktype, ai->ai_protocol);
-          if (sock == -1)
+          if (sock != ASSUAN_INVALID_FD)
+            assuan_sock_close (sock);
+          sock = assuan_sock_new (ai->ai_family, ai->ai_socktype,
+                                  ai->ai_protocol);
+          if (sock == ASSUAN_INVALID_FD)
             {
               int save_errno = errno;
               log_error ("error creating socket: %s\n", strerror (errno));
               freeaddrinfo (res);
               xfree (serverlist);
               errno = save_errno;
-              return -1;
+              return ASSUAN_INVALID_FD;
             }
 
           anyhostaddr = 1;
-          if (my_connect (sock, ai->ai_addr, ai->ai_addrlen))
+          my_unprotect ();
+          ret = assuan_sock_connect (sock, ai->ai_addr, ai->ai_addrlen);
+          my_protect ();
+          if (ret)
             last_errno = errno;
           else
             connected = 1;
@@ -2321,14 +2335,14 @@ connect_server (const char *server, unsigned short port,
         continue;
       hostfound = 1;
 
-      if (sock != -1)
-        sock_close (sock);
-      sock = socket (host->h_addrtype, SOCK_STREAM, 0);
-      if (sock == -1)
+      if (sock != ASSUAN_INVALID_FD)
+        assuan_sock_close (sock);
+      sock = assuan_sock_new (host->h_addrtype, SOCK_STREAM, 0);
+      if (sock == ASSUAN_INVALID_FD)
         {
           log_error ("error creating socket: %s\n", strerror (errno));
           xfree (serverlist);
-          return -1;
+          return ASSUAN_INVALID_FD;
         }
 
       addr.sin_family = host->h_addrtype;
@@ -2337,7 +2351,7 @@ connect_server (const char *server, unsigned short port,
 	  log_error ("unknown address family for '%s'\n",
                      serverlist[srv].target);
           xfree (serverlist);
-	  return -1;
+	  return ASSUAN_INVALID_FD;
 	}
       addr.sin_port = htons (serverlist[srv].port);
       if (host->h_length != 4)
@@ -2345,7 +2359,7 @@ connect_server (const char *server, unsigned short port,
           log_error ("illegal address length for '%s'\n",
                      serverlist[srv].target);
           xfree (serverlist);
-          return -1;
+          return ASSUAN_INVALID_FD;
         }
 
       /* Try all A records until one responds. */
@@ -2353,7 +2367,11 @@ connect_server (const char *server, unsigned short port,
         {
           anyhostaddr = 1;
           memcpy (&addr.sin_addr, host->h_addr_list[i], host->h_length);
-          if (my_connect (sock, (struct sockaddr *) &addr, sizeof (addr)))
+          my_unprotect ();
+          ret = assuan_sock_connect (sock,
+                                     (struct sockaddr *) &addr, sizeof (addr));
+          my_protect ();
+          if (ret)
             last_errno = errno;
           else
             {
@@ -2386,10 +2404,10 @@ connect_server (const char *server, unsigned short port,
         }
       if (!hostfound || (hostfound && !anyhostaddr))
         *r_host_not_found = 1;
-      if (sock != -1)
-	sock_close (sock);
+      if (sock != ASSUAN_INVALID_FD)
+	assuan_sock_close (sock);
       gpg_err_set_errno (last_errno);
-      return -1;
+      return ASSUAN_INVALID_FD;
     }
   return sock;
 }

-----------------------------------------------------------------------

Summary of changes:
 dirmngr/Makefile.am |   2 +-
 dirmngr/dirmngr.c   |  19 ++++++-
 dirmngr/http.c      | 146 +++++++++++++++++++++++++++++++---------------------
 doc/dirmngr.texi    |   8 +--
 4 files changed, 110 insertions(+), 65 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Oct 19 14:29:46 2015
From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor)
Date: Mon, 19 Oct 2015 14:29:46 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-17-g76afaed
Message-ID: <E1Zo9QX-0001JV-Tb@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  76afaed65e3b0ddfa4923cb577ada43217dd4b18 (commit)
      from  6983fd131f648ba4acd57b266de9868911874d14 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 76afaed65e3b0ddfa4923cb577ada43217dd4b18
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date:   Sun Oct 18 17:35:32 2015 -0400

    gpg: Add option --weak-digest to gpg and gpgv.
    
    * g10/options.h: Add additional_weak_digests linked list to opts.
    * g10/main.h: Declare weakhash linked list struct and
    additional_weak_digest() function to insert newly-declared weak
    digests into opts.
    * g10/misc.c: (additional_weak_digest): New function.
    (print_digest_algo_note): Check for deprecated digests; use proper
    gcry_md_algos type.
    * g10/sig-check.c: (do_check): Reject weak digests in addition to MD5.
    * g10/gpg.c: Add --weak-digest option to gpg.
    * doc/gpg.texi: Document gpg --weak-digest option.
    * g10/gpgv.c: Add --weak-digest option to gpgv.
    * doc/gpgv.texi: Document gpgv --weak-digest option.
    
    --
    gpg and gpgv treat signatures made over MD5 as unreliable, unless the
    user supplies --allow-weak-digests to gpg.  Signatures over any other
    digest are considered acceptable.
    
    Despite SHA-1 being a mandatory-to-implement digest algorithm in RFC
    4880, the collision-resistance of SHA-1 is weaker than anyone would
    like it to be.
    
    Some operators of high-value targets that depend on OpenPGP signatures
    may wish to require their signers to use a stronger digest algorithm
    than SHA1, even if the OpenPGP ecosystem at large cannot deprecate
    SHA1 entirely today.
    
    This changeset adds a new "--weak-digest DIGEST" option for both gpg
    and gpgv, which makes it straightforward for anyone to treat any
    signature or certification made over the specified digest as
    unreliable.
    
    This option can be supplied multiple times if the operator wishes to
    deprecate multiple digest algorithms, and will be ignored completely
    if the operator supplies --allow-weak-digests (as before).
    
    MD5 is still always considered weak, regardless of any further
    --weak-digest options supplied.
    
    Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
    
    Capitialized some comments, shorted a line in do_check, and changed
    subject to name the option.  -wk

diff --git a/doc/gpg.texi b/doc/gpg.texi
index a702040..ffd7a97 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -2789,9 +2789,20 @@ message was tampered with intentionally by an attacker.
 
 @item --allow-weak-digest-algos
 @opindex allow-weak-digest-algos
-Signatures made with the broken MD5 algorithm are normally rejected
-with an ``invalid digest algorithm'' message.  This option allows the
-verification of signatures made with such weak algorithms.
+Signatures made with known-weak digest algorithms are normally
+rejected with an ``invalid digest algorithm'' message.  This option
+allows the verification of signatures made with such weak algorithms.
+MD5 is the only digest algorithm considered weak by default.  See also
+ at option{--weak-digest} to reject other digest algorithms.
+
+ at item --weak-digest @code{name}
+ at opindex weak-digest
+Treat the specified digest algorithm as weak.  Signatures made over
+weak digests algorithms are normally rejected. This option can be
+supplied multiple times if multiple algorithms should be considered
+weak.  See also @option{--allow-weak-digest-algos} to disable
+rejection of weak digests.  MD5 is always considered weak, and does
+not need to be listed explicitly.
 
 @item --no-default-keyring
 @opindex no-default-keyring
diff --git a/doc/gpgv.texi b/doc/gpgv.texi
index 6bcbc0a..280966b 100644
--- a/doc/gpgv.texi
+++ b/doc/gpgv.texi
@@ -118,6 +118,14 @@ checks into warnings.
 
 @include opt-homedir.texi
 
+ at item --weak-digest @code{name}
+ at opindex weak-digest
+Treat the specified digest algorithm as weak.  Signatures made over
+weak digests algorithms are normally rejected. This option can be
+supplied multiple times if multiple algorithms should be considered
+weak.  MD5 is always considered weak, and does not need to be listed
+explicitly.
+
 @end table
 
 @mansect return value
diff --git a/g10/gpg.c b/g10/gpg.c
index ada913c..cb610a1 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -389,6 +389,7 @@ enum cmd_and_opt_values
     oPrintDANERecords,
     oTOFUDefaultPolicy,
     oTOFUDBFormat,
+    oWeakDigest,
 
     oNoop
   };
@@ -749,6 +750,7 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_s (oPersonalCompressPreferences,
                                          "personal-compress-preferences", "@"),
   ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"),
+  ARGPARSE_s_s (oWeakDigest, "weak-digest","@"),
 
   /* Aliases.  I constantly mistype these, and assume other people do
      as well. */
@@ -2208,6 +2210,7 @@ main (int argc, char **argv)
     set_homedir (default_homedir ());
     opt.passphrase_repeat = 1;
     opt.emit_version = 1; /* Limit to the major number.  */
+    opt.additional_weak_digests = NULL;
 
     /* Check whether we have a config file on the command line.  */
     orig_argc = argc;
@@ -3124,6 +3127,9 @@ main (int argc, char **argv)
 	    break;
           case oAgentProgram: opt.agent_program = pargs.r.ret_str;  break;
           case oDirmngrProgram: opt.dirmngr_program = pargs.r.ret_str; break;
+          case oWeakDigest:
+	    additional_weak_digest(pargs.r.ret_str);
+	    break;
 
           case oDisplay:
             set_opt_session_env ("DISPLAY", pargs.r.ret_str);
diff --git a/g10/gpgv.c b/g10/gpgv.c
index 0807622..23e7610 100644
--- a/g10/gpgv.c
+++ b/g10/gpgv.c
@@ -61,6 +61,7 @@ enum cmd_and_opt_values {
   oStatusFD,
   oLoggerFD,
   oHomedir,
+  oWeakDigest,
   aTest
 };
 
@@ -78,6 +79,7 @@ static ARGPARSE_OPTS opts[] = {
                 N_("|FD|write status info to this FD")),
   ARGPARSE_s_i (oLoggerFD, "logger-fd", "@"),
   ARGPARSE_s_s (oHomedir, "homedir", "@"),
+  ARGPARSE_s_s (oWeakDigest, "weak-digest", "@"),
 
   ARGPARSE_end ()
 };
@@ -192,6 +194,9 @@ main( int argc, char **argv )
           log_set_fd (translate_sys2libc_fd_int (pargs.r.ret_int, 1));
           break;
         case oHomedir: opt.homedir = pargs.r.ret_str; break;
+        case oWeakDigest:
+          additional_weak_digest(pargs.r.ret_str);
+          break;
         case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break;
         default : pargs.err = ARGPARSE_PRINT_ERROR; break;
 	}
diff --git a/g10/main.h b/g10/main.h
index c9521ad..0226c64 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -69,6 +69,12 @@ struct groupitem
   struct groupitem *next;
 };
 
+struct weakhash
+{
+  enum gcry_md_algos algo;
+  struct weakhash *next;
+};
+
 
 /*-- gpg.c --*/
 extern int g10_errors_seen;
@@ -82,6 +88,7 @@ void print_pubkey_algo_note (pubkey_algo_t algo);
 void print_cipher_algo_note (cipher_algo_t algo);
 void print_digest_algo_note (digest_algo_t algo);
 void print_md5_rejected_note (void);
+void additional_weak_digest (const char* digestname);
 
 /*-- armor.c --*/
 char *make_radix64_string( const byte *data, size_t len );
diff --git a/g10/misc.c b/g10/misc.c
index 9134b28..c135059 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -307,6 +307,10 @@ print_cipher_algo_note (cipher_algo_t algo)
 void
 print_digest_algo_note (digest_algo_t algo)
 {
+  int deprecated = 0;
+  const enum gcry_md_algos galgo = map_md_openpgp_to_gcry (algo);
+  const struct weakhash *weak;
+
   if(algo >= 100 && algo <= 110)
     {
       static int warn=0;
@@ -315,14 +319,21 @@ print_digest_algo_note (digest_algo_t algo)
 	  warn=1;
           es_fflush (es_stdout);
 	  log_info (_("WARNING: using experimental digest algorithm %s\n"),
-                    gcry_md_algo_name (algo));
+                    gcry_md_algo_name (galgo));
 	}
     }
-  else if(algo==DIGEST_ALGO_MD5)
+  else if(algo == DIGEST_ALGO_MD5)
+    deprecated = 1;
+  else
+      for (weak = opt.additional_weak_digests; weak != NULL; weak = weak->next)
+        if (weak->algo == galgo)
+          deprecated = 1;
+
+  if (deprecated)
     {
       es_fflush (es_stdout);
       log_info (_("WARNING: digest algorithm %s is deprecated\n"),
-                gcry_md_algo_name (algo));
+                gcry_md_algo_name (galgo));
     }
 }
 
@@ -1676,3 +1687,37 @@ ecdsa_qbits_from_Q (unsigned int qbits)
   qbits /= 2;
   return qbits;
 }
+
+
+/* Ignore signatures and certifications made over certain digest
+ * algorithms by default, MD5 is considered weak.  This allows users
+ * to deprecate support for other algorithms as well.
+ */
+void
+additional_weak_digest (const char* digestname)
+{
+  struct weakhash *weak = NULL;
+  const enum gcry_md_algos algo = string_to_digest_algo(digestname);
+
+  if (algo == GCRY_MD_MD5)
+    return; /* MD5 is always considered weak, no need to add it.  */
+
+  if (algo == GCRY_MD_NONE)
+    {
+      log_error(_("Unknown weak digest '%s'\n"), digestname);
+      return;
+    }
+
+  /* Check to ensure it's not already present.  */
+  for (weak = opt.additional_weak_digests; weak != NULL; weak = weak->next)
+    {
+      if (algo == weak->algo)
+        return;
+    }
+
+  /* Add it to the head of the list.  */
+  weak = xmalloc(sizeof(*weak));
+  weak->algo = algo;
+  weak->next = opt.additional_weak_digests;
+  opt.additional_weak_digests = weak;
+}
diff --git a/g10/options.h b/g10/options.h
index 2135aa0..c1ea9dd 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -170,6 +170,7 @@ struct
   prefitem_t *personal_cipher_prefs;
   prefitem_t *personal_digest_prefs;
   prefitem_t *personal_compress_prefs;
+  struct weakhash *additional_weak_digests;
   int no_perm_warn;
   int no_mdc_warn;
   char *temp_dir;
diff --git a/g10/sig-check.c b/g10/sig-check.c
index d45a9f3..84930d6 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -274,15 +274,18 @@ do_check( PKT_public_key *pk, PKT_signature *sig, gcry_md_hd_t digest,
 {
     gcry_mpi_t result = NULL;
     int rc = 0;
+    const struct weakhash *weak;
 
     if( (rc=do_check_messages(pk,sig,r_expired,r_revoked)) )
         return rc;
 
-    if (sig->digest_algo == GCRY_MD_MD5
-        && !opt.flags.allow_weak_digest_algos)
+    if (!opt.flags.allow_weak_digest_algos)
       {
-        print_md5_rejected_note ();
-        return GPG_ERR_DIGEST_ALGO;
+        if (sig->digest_algo == GCRY_MD_MD5)
+          return GPG_ERR_DIGEST_ALGO;
+        for (weak = opt.additional_weak_digests; weak; weak = weak->next)
+          if (sig->digest_algo == weak->algo)
+            return GPG_ERR_DIGEST_ALGO;
       }
 
     /* Make sure the digest algo is enabled (in case of a detached

-----------------------------------------------------------------------

Summary of changes:
 doc/gpg.texi    | 17 ++++++++++++++---
 doc/gpgv.texi   |  8 ++++++++
 g10/gpg.c       |  6 ++++++
 g10/gpgv.c      |  5 +++++
 g10/main.h      |  7 +++++++
 g10/misc.c      | 51 ++++++++++++++++++++++++++++++++++++++++++++++++---
 g10/options.h   |  1 +
 g10/sig-check.c | 11 +++++++----
 8 files changed, 96 insertions(+), 10 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Oct 19 17:38:10 2015
From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor)
Date: Mon, 19 Oct 2015 17:38:10 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-18-gb989398
Message-ID: <E1ZoCMr-0006no-WC@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  b98939812abf6c643c752ce7c325f98039a1a9e2 (commit)
      from  76afaed65e3b0ddfa4923cb577ada43217dd4b18 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b98939812abf6c643c752ce7c325f98039a1a9e2
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date:   Mon Oct 19 10:41:23 2015 -0400

    gpg: Print warning when rejecting weak digests
    
    * g10/misc.c (print_md5_rejected_note): Rename to ..
    (print_digest_rejected_note): this.  Parameterize function to take an
    enum gcry_md_algos.
    * g10/sig-check.c: Use print_digest_rejected_note() when rejecting
    signatures.
    
    --
    
    76afaed65e3b0ddfa4923cb577ada43217dd4b18 allowed extra --weak-digests,
    but removed the one call to print_md5_rejected_note().  This replaces
    and generalizes that warning.
    
    Signed-Off-By: Daniel Kahn Gillmor <dkg at fifthhorseman.net>

diff --git a/g10/main.h b/g10/main.h
index 0226c64..601a952 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -87,7 +87,7 @@ extern int g10_errors_seen;
 void print_pubkey_algo_note (pubkey_algo_t algo);
 void print_cipher_algo_note (cipher_algo_t algo);
 void print_digest_algo_note (digest_algo_t algo);
-void print_md5_rejected_note (void);
+void print_digest_rejected_note (enum gcry_md_algos algo);
 void additional_weak_digest (const char* digestname);
 
 /*-- armor.c --*/
diff --git a/g10/misc.c b/g10/misc.c
index c135059..93ddaa0 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -339,7 +339,7 @@ print_digest_algo_note (digest_algo_t algo)
 
 
 void
-print_md5_rejected_note (void)
+print_digest_rejected_note (enum gcry_md_algos algo)
 {
   static int shown;
 
@@ -348,7 +348,7 @@ print_md5_rejected_note (void)
       es_fflush (es_stdout);
       log_info
         (_("Note: signatures using the %s algorithm are rejected\n"),
-         "MD5");
+         gcry_md_algo_name(algo));
       shown = 1;
     }
 }
diff --git a/g10/sig-check.c b/g10/sig-check.c
index 84930d6..23f42b9 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -282,10 +282,16 @@ do_check( PKT_public_key *pk, PKT_signature *sig, gcry_md_hd_t digest,
     if (!opt.flags.allow_weak_digest_algos)
       {
         if (sig->digest_algo == GCRY_MD_MD5)
-          return GPG_ERR_DIGEST_ALGO;
+          {
+            print_digest_rejected_note(sig->digest_algo);
+            return GPG_ERR_DIGEST_ALGO;
+          }
         for (weak = opt.additional_weak_digests; weak; weak = weak->next)
           if (sig->digest_algo == weak->algo)
-            return GPG_ERR_DIGEST_ALGO;
+            {
+              print_digest_rejected_note(sig->digest_algo);
+              return GPG_ERR_DIGEST_ALGO;
+            }
       }
 
     /* Make sure the digest algo is enabled (in case of a detached

-----------------------------------------------------------------------

Summary of changes:
 g10/main.h      |  2 +-
 g10/misc.c      |  4 ++--
 g10/sig-check.c | 10 ++++++++--
 3 files changed, 11 insertions(+), 5 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Oct 19 20:47:38 2015
From: cvs at cvs.gnupg.org (by Neal H. Walfield)
Date: Mon, 19 Oct 2015 20:47:38 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-22-gc376211
Message-ID: <E1ZoFKF-0003XE-If@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  c37621166e9cc2a818de73bc99287a393dbb5744 (commit)
       via  a608ee750dd83bf77a5fb4f0ab5bcf812436ba4d (commit)
       via  0433e667029508d6933e8798d3d95bcdde70a7aa (commit)
       via  547a1b3fb881bb8581d03dbf4eacf49163eaa4b5 (commit)
      from  b98939812abf6c643c752ce7c325f98039a1a9e2 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit c37621166e9cc2a818de73bc99287a393dbb5744
Author: Neal H. Walfield <neal at g10code.com>
Date:   Mon Oct 19 15:04:45 2015 +0200

    gpg: Fix --desig-revoke.
    
    * g10/revoke.c (gen_desig_revoke): Add additional parameter ctrl.
    Check that the secret key is available.  If not, display an error
    message.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>
    Regression-due-to: 8459bcf9

diff --git a/g10/gpg.c b/g10/gpg.c
index cb610a1..794d5ea 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -4179,11 +4179,11 @@ main (int argc, char **argv)
 	break;
 
       case aDesigRevoke:
-	if( argc != 1 )
-	    wrong_args("--desig-revoke user-id");
-	username =  make_username(*argv);
-	gen_desig_revoke( username, locusr );
-	xfree( username );
+	if (argc != 1)
+	    wrong_args ("--desig-revoke user-id");
+	username = make_username (*argv);
+	gen_desig_revoke (ctrl, username, locusr);
+	xfree (username);
 	break;
 
       case aDeArmor:
diff --git a/g10/main.h b/g10/main.h
index 518ec94..a50c85c 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -356,7 +356,7 @@ int enarmor_file( const char *fname );
 struct revocation_reason_info;
 int gen_standard_revoke (PKT_public_key *psk, const char *cache_nonce);
 int gen_revoke( const char *uname );
-int gen_desig_revoke( const char *uname, strlist_t locusr);
+int gen_desig_revoke (ctrl_t ctrl, const char *uname, strlist_t locusr);
 int revocation_reason_build_cb( PKT_signature *sig, void *opaque );
 struct revocation_reason_info *
 		ask_revocation_reason( int key_rev, int cert_rev, int hint );
diff --git a/g10/revoke.c b/g10/revoke.c
index eb3a989..b341cce 100644
--- a/g10/revoke.c
+++ b/g10/revoke.c
@@ -195,7 +195,7 @@ export_minimal_pk(IOBUF out,KBNODE keyblock,
  * Generate a revocation certificate for UNAME via a designated revoker
  */
 int
-gen_desig_revoke( const char *uname, strlist_t locusr )
+gen_desig_revoke (ctrl_t ctrl, const char *uname, strlist_t locusr)
 {
     int rc = 0;
     armor_filter_context_t *afx;
@@ -312,6 +312,13 @@ gen_desig_revoke( const char *uname, strlist_t locusr )
 	      tty_printf(_("(This is a sensitive revocation key)\n"));
 	    tty_printf("\n");
 
+	    rc = agent_probe_secret_key (ctrl, pk2);
+	    if (rc)
+	      {
+		tty_printf (_("Secret key is not available.\n"));
+		continue;
+	      }
+
 	    if( !cpr_get_answer_is_yes("gen_desig_revoke.okay",
          _("Create a designated revocation certificate for this key? (y/N) ")))
 	      continue;
@@ -321,10 +328,6 @@ gen_desig_revoke( const char *uname, strlist_t locusr )
 	    if( !reason )
 	      continue;
 
-	    rc = -1;/*FIXME: check_secret_key (pk2, 0 );*/
-	    if (rc)
-	      continue;
-
 	    if( !opt.armor )
 	      tty_printf(_("ASCII armored output forced.\n"));
 

commit a608ee750dd83bf77a5fb4f0ab5bcf812436ba4d
Author: Neal H. Walfield <neal at g10code.com>
Date:   Mon Oct 19 11:15:00 2015 +0200

    gpg: Improve function documentation and some comments.
    
    * g10/main.h: Improve function documentation.
    * g10/packet.h.h: Improve function documentation.
    * g10/sig-check.c: Improve function documentation and some comments.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/g10/main.h b/g10/main.h
index 601a952..518ec94 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -181,7 +181,7 @@ int mpi_print (estream_t stream, gcry_mpi_t a, int mode);
 unsigned int ecdsa_qbits_from_Q (unsigned int qbits);
 
 
-/*-- status.c --*/
+/*-- cpr.c --*/
 void set_status_fd ( int fd );
 int  is_status_enabled ( void );
 void write_status ( int no );
@@ -239,10 +239,22 @@ int clearsign_file( const char *fname, strlist_t locusr, const char *outfile );
 int sign_symencrypt_file (const char *fname, strlist_t locusr);
 
 /*-- sig-check.c --*/
+
+/* SIG is a revocation signature.  Check if any of PK's designated
+   revokers generated it.  If so, return 0.  Note: this function
+   (correctly) doesn't care if the designated revoker is revoked.  */
 int check_revocation_keys (PKT_public_key *pk, PKT_signature *sig);
+/* Check that the backsig BACKSIG from the subkey SUB_PK to its
+   primary key MAIN_PK is valid.  */
 int check_backsig(PKT_public_key *main_pk,PKT_public_key *sub_pk,
 		  PKT_signature *backsig);
-int check_key_signature( KBNODE root, KBNODE node, int *is_selfsig );
+/* Check that the signature SIG over a key (e.g., a key binding or a
+   key revocation) is valid.  (To check signatures over data, use
+   check_signature.)  */
+int check_key_signature( KBNODE root, KBNODE sig, int *is_selfsig );
+/* Like check_key_signature, but with the ability to specify some
+   additional parameters and get back additional information.  See the
+   documentation for the implementation for details.  */
 int check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
 			  PKT_public_key *ret_pk, int *is_selfsig,
 			  u32 *r_expiredate, int *r_expired );
diff --git a/g10/packet.h b/g10/packet.h
index 87671a6..2bc911d 100644
--- a/g10/packet.h
+++ b/g10/packet.h
@@ -638,9 +638,18 @@ int cmp_user_ids( PKT_user_id *a, PKT_user_id *b );
 
 
 /*-- sig-check.c --*/
-int check_signature( PKT_signature *sig, gcry_md_hd_t digest );
-int check_signature2( PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate,
-		      int *r_expired, int *r_revoked, PKT_public_key *ret_pk );
+/* Check a signature.  This is shorthand for check_signature2 with
+   the unnamed arguments passed as NULL.  */
+int check_signature (PKT_signature *sig, gcry_md_hd_t digest);
+
+/* Check a signature.  Looks up the public key from the key db.  (If
+   RET_PK is not NULL, it is returned in *RET_PK.)  DIGEST contains a
+   valid hash context that already includes the signed data.  This
+   function adds the relevant meta-data to the hash before finalizing
+   it and verifying the signature.  */
+int check_signature2 (PKT_signature *sig, gcry_md_hd_t digest,
+		      u32 *r_expiredate, int *r_expired, int *r_revoked,
+		      PKT_public_key *ret_pk);
 
 
 /*-- pubkey-enc.c --*/
diff --git a/g10/sig-check.c b/g10/sig-check.c
index fe6aba9..f912c0c 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -40,18 +40,50 @@ static int check_signature_end (PKT_public_key *pk, PKT_signature *sig,
 				int *r_expired, int *r_revoked,
 				PKT_public_key *ret_pk);
 
-
-/****************
- * Check the signature which is contained in SIG.
- * The MD_HANDLE should be currently open, so that this function
- * is able to append some data, before finalizing the digest.
- */
+/* Check a signature.  This is shorthand for check_signature2 with
+   the unnamed arguments passed as NULL.  */
 int
 check_signature (PKT_signature *sig, gcry_md_hd_t digest)
 {
     return check_signature2 (sig, digest, NULL, NULL, NULL, NULL);
 }
 
+/* Check a signature.
+
+   Looks up the public key that created the signature (SIG->KEYID)
+   from the key db.  Makes sure that the signature is valid (it was
+   not created prior to the key, the public key was created in the
+   past, and the signature does not include any unsupported critical
+   features), finishes computing the hash of the signature data, and
+   checks that the signature verifies the digest.  If the key that
+   generated the signature is a subkey, this function also verifies
+   that there is a valid backsig from the subkey to the primary key.
+   Finally, if status fd is enabled and the signature class is 0x00 or
+   0x01, then a STATUS_SIG_ID is emitted on the status fd.
+
+   SIG is the signature to check.
+
+   DIGEST contains a valid hash context that already includes the
+   signed data.  This function adds the relevant meta-data from the
+   signature packet to compute the final hash.  (See Section 5.2 of
+   RFC 4880: "The concatenation of the data being signed and the
+   signature data from the version number through the hashed subpacket
+   data (inclusive) is hashed.")
+
+   If R_EXPIREDATE is not NULL, R_EXPIREDATE is set to the key's
+   expiry.
+
+   If R_EXPIRED is not NULL, *R_EXPIRED is set to 1 if PK has expired
+   (0 otherwise).  Note: PK being expired does not cause this function
+   to fail.
+
+   If R_REVOKED is not NULL, *R_REVOKED is set to 1 if PK has been
+   revoked (0 otherwise).  Note: PK being revoked does not cause this
+   function to fail.
+
+   If PK is not NULL, the public key is saved in *PK on success.
+
+   Returns 0 on success.  An error code otherwise.  */
 int
 check_signature2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate,
 		  int *r_expired, int *r_revoked, PKT_public_key *pk )
@@ -204,6 +236,23 @@ check_signature2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate,
 }
 
 
+/* The signature SIG was generated with the public key PK.  Check
+   whether the signature is valid in the following sense:
+
+     - Make sure the public key was created before the signature was
+       generated.
+
+     - Make sure the public key was created in the past
+
+     - Check whether PK has expired (set *R_EXPIRED to 1 if so and 0
+       otherwise)
+
+     - Check whether PK has been revoked (set *R_REVOKED to 1 if so
+       and 0 otherwise).
+
+   If either of the first two tests fail, returns an error code.
+   Otherwise returns 0.  (Thus, this function doesn't fail if the
+   public key is expired or revoked.)  */
 static int
 check_signature_metadata_validity (PKT_public_key *pk, PKT_signature *sig,
 				   int *r_expired, int *r_revoked)
@@ -268,6 +317,35 @@ check_signature_metadata_validity (PKT_public_key *pk, PKT_signature *sig,
 }
 
 
+/* Finish generating a signature and check it.  Concretely: make sure
+   that the signature is valid (it was not created prior to the key,
+   the public key was created in the past, and the signature does not
+   include any unsupported critical features), finish computing the
+   digest by adding the relevant data from the signature packet, and
+   check that the signature verifies the digest.
+
+   DIGEST contains a hash context, which has already hashed the signed
+   data.  This function adds the relevant meta-data from the signature
+   packet to compute the final hash.  (See Section 5.2 of RFC 4880:
+   "The concatenation of the data being signed and the signature data
+   from the version number through the hashed subpacket data
+   (inclusive) is hashed.")
+
+   SIG is the signature to check.
+
+   PK is the public key used to generate the signature.
+
+   If R_EXPIRED is not NULL, *R_EXPIRED is set to 1 if PK has expired
+   (0 otherwise).  Note: PK being expired does not cause this function
+   to fail.
+
+   If R_REVOKED is not NULL, *R_REVOKED is set to 1 if PK has been
+   revoked (0 otherwise).  Note: PK being revoked does not cause this
+   function to fail.
+
+   If RET_PK is not NULL, PK is copied into RET_PK on success.
+
+   Returns 0 on success.  An error code other.  */
 static int
 check_signature_end (PKT_public_key *pk, PKT_signature *sig,
 		     gcry_md_hd_t digest,
@@ -330,7 +408,7 @@ check_signature_end (PKT_public_key *pk, PKT_signature *sig,
 	  gcry_md_putc (digest, 0);
 	  n = 6;
 	}
-	/* add some magic */
+	/* add some magic per Section 5.2.4 of RFC 4880.  */
 	buf[0] = sig->version;
 	buf[1] = 0xff;
 	buf[2] = n >> 24;
@@ -341,9 +419,12 @@ check_signature_end (PKT_public_key *pk, PKT_signature *sig,
     }
     gcry_md_final( digest );
 
+    /* Convert the digest to an MPI.  */
     result = encode_md_value (pk, digest, sig->digest_algo );
     if (!result)
         return GPG_ERR_GENERAL;
+
+    /* Verify the signature.  */
     rc = pk_verify( pk->pubkey_algo, result, sig->data, pk->pkey );
     gcry_mpi_release (result);
 
@@ -361,7 +442,8 @@ check_signature_end (PKT_public_key *pk, PKT_signature *sig,
 }
 
 
-
+/* Add a uid node to a hash context.  See section 5.2.4, paragraph 4
+   of RFC 4880.  */
 static void
 hash_uid_node( KBNODE unode, gcry_md_hd_t md, PKT_signature *sig )
 {
@@ -411,24 +493,37 @@ cache_sig_result ( PKT_signature *sig, int result )
     }
 }
 
-/* Check the revocation keys to see if any of them have revoked our
-   pk.  sig is the revocation sig.  pk is the key it is on.  This code
-   will need to be modified if gpg ever becomes multi-threaded.  Note
-   that this guarantees that a designated revocation sig will never be
-   considered valid unless it is actually valid, as well as being
-   issued by a revocation key in a valid direct signature.  Note also
-   that this is written so that a revoked revoker can still issue
-   revocations: i.e. If A revokes B, but A is revoked, B is still
-   revoked.  I'm not completely convinced this is the proper behavior,
-   but it matches how PGP does it. -dms */
-
-/* Returns 0 if sig is valid (i.e. pk is revoked), non-0 if not
-   revoked.  It is important that GPG_ERR_NO_PUBKEY is only returned
-   when a revocation signature is from a valid revocation key
-   designated in a revkey subpacket, but the revocation key itself
-   isn't present. */
+/* SIG is a key revocation signature.  Check if this signature was
+   generated by any of the public key PK's designated revokers.
+
+     PK is the public key that SIG allegedly revokes.
+
+     SIG is the revocation signature to check.
+
+   This function avoids infinite recursion, which can happen if two
+   keys are designed revokers for each other and they revoke each
+   other.  This is done by observing that if a key A is revoked by key
+   B we still consider the revocation to be valid even if B is
+   revoked.  Thus, we don't need to determine whether B is revoked to
+   determine whether A has been revoked by B, we just need to check
+   the signature.
+
+   Returns 0 if sig is valid (i.e. pk is revoked), non-0 if not
+   revoked.  We are careful to make sure that GPG_ERR_NO_PUBKEY is
+   only returned when a revocation signature is from a valid
+   revocation key designated in a revkey subpacket, but the revocation
+   key itself isn't present.  */
+
+/* XXX: This code will need to be modified if gpg ever becomes
+   multi-threaded.  Note that this guarantees that a designated
+   revocation sig will never be considered valid unless it is actually
+   valid, as well as being issued by a revocation key in a valid
+   direct signature.  Note also that this is written so that a revoked
+   revoker can still issue revocations: i.e. If A revokes B, but A is
+   revoked, B is still revoked.  I'm not completely convinced this is
+   the proper behavior, but it matches how PGP does it. -dms */
 int
-check_revocation_keys(PKT_public_key *pk,PKT_signature *sig)
+check_revocation_keys (PKT_public_key *pk, PKT_signature *sig)
 {
   static int busy=0;
   int i;
@@ -437,6 +532,30 @@ check_revocation_keys(PKT_public_key *pk,PKT_signature *sig)
   assert(IS_KEY_REV(sig));
   assert((sig->keyid[0]!=pk->keyid[0]) || (sig->keyid[0]!=pk->keyid[1]));
 
+  /* Avoid infinite recursion.  Consider the following:
+
+       - We want to check if A is revoked.
+
+       - C is a designated revoker for B and has revoked B.
+
+       - B is a designated revoker for A and has revoked A.
+
+     When checking if A is revoked (in merge_selfsigs_main), we
+     observe that A has a designed revoker.  As such, we call this
+     function.  This function sees that there is a valid revocation
+     signature, which is signed by B.  It then calls check_signature()
+     to verify that the signature is good.  To check the sig, we need
+     to lookup B.  Looking up B means calling merge_selfsigs_main,
+     which checks whether B is revoked, which calls this function to
+     see if B was revoked by some key.
+
+     In this case, the added level of indirection doesn't hurt.  It
+     just means a bit more work.  However, if C == A, then we'd end up
+     in a loop.  But, it doesn't make sense to look up C anyways: even
+     if B is revoked, we conservatively consider a valid revocation
+     signed by B to revoke A.  Since this is the only place where this
+     type of recursion can occur, we simply cause this function to
+     fail if it is entered recursively.  */
   if (busy)
     {
       /* Return an error (i.e. not revoked), but mark the pk as
@@ -457,17 +576,22 @@ check_revocation_keys(PKT_public_key *pk,PKT_signature *sig)
   else
       for(i=0;i<pk->numrevkeys;i++)
 	{
+	  /* The revoker's keyid.  */
           u32 keyid[2];
 
           keyid_from_fingerprint(pk->revkey[i].fpr,MAX_FINGERPRINT_LEN,keyid);
 
           if(keyid[0]==sig->keyid[0] && keyid[1]==sig->keyid[1])
+	    /* The signature was generated by a designated revoker.
+	       Verify the signature.  */
 	    {
               gcry_md_hd_t md;
 
               if (gcry_md_open (&md, sig->digest_algo, 0))
                 BUG ();
               hash_public_key(md,pk);
+	      /* Note: check_signature only checks that the signature
+		 is good.  It does not fail if the key is revoked.  */
               rc=check_signature(sig,md);
 	      cache_sig_result(sig,rc);
               gcry_md_close (md);
@@ -480,21 +604,24 @@ check_revocation_keys(PKT_public_key *pk,PKT_signature *sig)
   return rc;
 }
 
-/* Backsigs (0x19) have the same format as binding sigs (0x18), but
+/* Check that the backsig BACKSIG from the subkey SUB_PK to its
+   primary key MAIN_PK is valid.
+
+   Backsigs (0x19) have the same format as binding sigs (0x18), but
    this function is simpler than check_key_signature in a few ways.
    For example, there is no support for expiring backsigs since it is
    questionable what such a thing actually means.  Note also that the
    sig cache check here, unlike other sig caches in GnuPG, is not
    persistent. */
 int
-check_backsig(PKT_public_key *main_pk,PKT_public_key *sub_pk,
-	      PKT_signature *backsig)
+check_backsig (PKT_public_key *main_pk,PKT_public_key *sub_pk,
+	       PKT_signature *backsig)
 {
   gcry_md_hd_t md;
   int rc;
 
   /* Always check whether the algorithm is available.  Although
-     gcry_md_open woyuld throw an error, some libgcrypt versions will
+     gcry_md_open would throw an error, some libgcrypt versions will
      print a debug message in that case too. */
   if ((rc=openpgp_md_test_algo (backsig->digest_algo)))
     return rc;
@@ -516,27 +643,53 @@ check_backsig(PKT_public_key *main_pk,PKT_public_key *sub_pk,
 }
 
 
-/****************
- * check the signature pointed to by NODE. This is a key signature.
- * If the function detects a self-signature, it uses the PK from
- * ROOT and does not read any public key.
- */
+/* Check that a signature over a key is valid.  This is a
+   specialization of check_key_signature2 with the unnamed parameters
+   passed as NULL.  See the documentation for that function for more
+   details.  */
 int
-check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
+check_key_signature (KBNODE root, KBNODE node, int *is_selfsig)
 {
-  return check_key_signature2(root, node, NULL, NULL, is_selfsig, NULL, NULL );
+  return check_key_signature2 (root, node, NULL, NULL, is_selfsig, NULL, NULL);
 }
 
-/* If check_pk is set, then use it to check the signature in node
-   rather than getting it from root or the keydb.  If ret_pk is set,
-   fill in the public key that was used to verify the signature.
-   ret_pk is only meaningful when the verification was successful. */
+/* Check that a signature over a key (e.g., a key revocation, key
+   binding, user id certification, etc.) is valid.  If the function
+   detects a self-signature, it uses the public key from the specified
+   key block and does not bother looking up the key specified in the
+   signature packet.
+
+   ROOT is a keyblock.
+
+   NODE references a signature packet that appears in the keyblock
+   that should be verified.
+
+   If CHECK_PK is set, the specified key is sometimes preferred for
+   verifying signatures.  See the implementation for details.
+
+   If RET_PK is not NULL, the public key that successfully verified
+   the signature is copied into *RET_PK.
+
+   If IS_SELFSIG is not NULL, *IS_SELFSIG is set to 1 if NODE is a
+   self-signature.
+
+   If R_EXPIREDATE is not NULL, *R_EXPIREDATE is set to the expiry
+   date.
+
+   If R_EXPIRED is not NULL, *R_EXPIRED is set to 1 if PK has been
+   expired (0 otherwise).  Note: PK being revoked does not cause this
+   function to fail.
+
+
+   If OPT.NO_SIG_CACHE is not set, this function will first check if
+   the result of a previous verification is already cached in the
+   signature packet's data structure.  */
 /* TODO: add r_revoked here as well.  It has the same problems as
    r_expiredate and r_expired and the cache. */
 int
-check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
-		      PKT_public_key *ret_pk, int *is_selfsig,
-		      u32 *r_expiredate, int *r_expired )
+check_key_signature2(KBNODE root, KBNODE node, PKT_public_key *check_pk,
+		     PKT_public_key *ret_pk, int *is_selfsig,
+		     u32 *r_expiredate, int *r_expired )
 {
     gcry_md_hd_t md;
     PKT_public_key *pk;
@@ -668,6 +821,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
 	    hash_public_key( md, pk );
 	    hash_uid_node( unode, md, sig );
 	    if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] )
+	      /* The primary key is the signing key.  */
 	      {
 		if( is_selfsig )
 		  *is_selfsig = 1;

commit 0433e667029508d6933e8798d3d95bcdde70a7aa
Author: Neal H. Walfield <neal at g10code.com>
Date:   Mon Oct 19 11:06:57 2015 +0200

    gpg: Improve and regularize naming of signature checking functions.
    
    * g10/packet.h (signature_check): Rename from this...
    (check_signature): ... to this.  Update users.
    (signature_check2): Rename from this...
    (check_signature2): ... to this.  Update users.
    * g10/sig-check.c (do_check): Rename from this...
    (check_signature_end): ... to this.  Update users.
    (do_check_messages): Rename from this...
    (check_signature_metadata_validity): ... to this.  Update users.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/g10/mainproc.c b/g10/mainproc.c
index af50987..4bf5a4e 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -873,7 +873,7 @@ do_check_sig (CTX c, kbnode_t node, int *is_selfsig,
         }
       else /* detached signature */
         {
-          /* signature_check() will enable the md. */
+          /* check_signature() will enable the md. */
           if (gcry_md_open (&md, 0, 0 ))
             BUG ();
         }
@@ -892,7 +892,7 @@ do_check_sig (CTX c, kbnode_t node, int *is_selfsig,
       else /* detached signature */
         {
           log_debug ("Do we really need this here?");
-          /* signature_check() will enable the md*/
+          /* check_signature() will enable the md*/
           if (gcry_md_open (&md, 0, 0 ))
             BUG ();
           if (gcry_md_open (&md2, 0, 0 ))
@@ -926,12 +926,14 @@ do_check_sig (CTX c, kbnode_t node, int *is_selfsig,
   else
     return GPG_ERR_SIG_CLASS;
 
-  rc = signature_check2 (sig, md, NULL, is_expkey, is_revkey, NULL);
+  /* We only get here if we are checking the signature of a binary
+     (0x00) or text document (0x01).  */
+  rc = check_signature2 (sig, md, NULL, is_expkey, is_revkey, NULL);
   if (! rc)
     md_good = md;
   else if (gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE && md2)
     {
-      rc = signature_check2 (sig, md2, NULL, is_expkey, is_revkey, NULL);
+      rc = check_signature2 (sig, md2, NULL, is_expkey, is_revkey, NULL);
       if (! rc)
 	md_good = md2;
     }
diff --git a/g10/packet.h b/g10/packet.h
index 2c1b478..87671a6 100644
--- a/g10/packet.h
+++ b/g10/packet.h
@@ -638,8 +638,8 @@ int cmp_user_ids( PKT_user_id *a, PKT_user_id *b );
 
 
 /*-- sig-check.c --*/
-int signature_check( PKT_signature *sig, gcry_md_hd_t digest );
-int signature_check2( PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate,
+int check_signature( PKT_signature *sig, gcry_md_hd_t digest );
+int check_signature2( PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate,
 		      int *r_expired, int *r_revoked, PKT_public_key *ret_pk );
 
 
diff --git a/g10/sig-check.c b/g10/sig-check.c
index 23f42b9..fe6aba9 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -1,6 +1,7 @@
 /* sig-check.c -  Check a signature
  * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
  *               2004, 2006 Free Software Foundation, Inc.
+ * Copyright (C) 2015 g10 Code GmbH
  *
  * This file is part of GnuPG.
  *
@@ -34,26 +35,25 @@
 #include "options.h"
 #include "pkglue.h"
 
+static int check_signature_end (PKT_public_key *pk, PKT_signature *sig,
+				gcry_md_hd_t digest,
+				int *r_expired, int *r_revoked,
+				PKT_public_key *ret_pk);
 
 
-
-static int do_check( PKT_public_key *pk, PKT_signature *sig,
-                     gcry_md_hd_t digest,
-		     int *r_expired, int *r_revoked, PKT_public_key *ret_pk);
-
 /****************
  * Check the signature which is contained in SIG.
  * The MD_HANDLE should be currently open, so that this function
  * is able to append some data, before finalizing the digest.
  */
 int
-signature_check (PKT_signature *sig, gcry_md_hd_t digest)
+check_signature (PKT_signature *sig, gcry_md_hd_t digest)
 {
-    return signature_check2( sig, digest, NULL, NULL, NULL, NULL );
+    return check_signature2 (sig, digest, NULL, NULL, NULL, NULL);
 }
 
 int
-signature_check2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate,
+check_signature2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate,
 		  int *r_expired, int *r_revoked, PKT_public_key *pk )
 {
     int rc=0;
@@ -93,14 +93,14 @@ signature_check2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate,
         if(r_expiredate)
 	  *r_expiredate = pk->expiredate;
 
-	rc = do_check( pk, sig, digest, r_expired, r_revoked, NULL );
+	rc = check_signature_end (pk, sig, digest, r_expired, r_revoked, NULL);
 
 	/* Check the backsig.  This is a 0x19 signature from the
 	   subkey on the primary key.  The idea here is that it should
 	   not be possible for someone to "steal" subkeys and claim
 	   them as their own.  The attacker couldn't actually use the
 	   subkey, but they could try and claim ownership of any
-	   signaures issued by it. */
+	   signatures issued by it. */
 	if(rc==0 && !pk->flags.primary && pk->flags.backsig < 2)
 	  {
 	    if (!pk->flags.backsig)
@@ -205,8 +205,8 @@ signature_check2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate,
 
 
 static int
-do_check_messages( PKT_public_key *pk, PKT_signature *sig,
-		   int *r_expired, int *r_revoked )
+check_signature_metadata_validity (PKT_public_key *pk, PKT_signature *sig,
+				   int *r_expired, int *r_revoked)
 {
     u32 cur_time;
 
@@ -269,14 +269,16 @@ do_check_messages( PKT_public_key *pk, PKT_signature *sig,
 
 
 static int
-do_check( PKT_public_key *pk, PKT_signature *sig, gcry_md_hd_t digest,
-	  int *r_expired, int *r_revoked, PKT_public_key *ret_pk )
+check_signature_end (PKT_public_key *pk, PKT_signature *sig,
+		     gcry_md_hd_t digest,
+		     int *r_expired, int *r_revoked, PKT_public_key *ret_pk)
 {
     gcry_mpi_t result = NULL;
     int rc = 0;
     const struct weakhash *weak;
 
-    if( (rc=do_check_messages(pk,sig,r_expired,r_revoked)) )
+    if ((rc = check_signature_metadata_validity (pk, sig,
+						 r_expired, r_revoked)))
         return rc;
 
     if (!opt.flags.allow_weak_digest_algos)
@@ -466,7 +468,7 @@ check_revocation_keys(PKT_public_key *pk,PKT_signature *sig)
               if (gcry_md_open (&md, sig->digest_algo, 0))
                 BUG ();
               hash_public_key(md,pk);
-              rc=signature_check(sig,md);
+              rc=check_signature(sig,md);
 	      cache_sig_result(sig,rc);
               gcry_md_close (md);
 	      break;
@@ -505,7 +507,7 @@ check_backsig(PKT_public_key *main_pk,PKT_public_key *sub_pk,
     {
       hash_public_key(md,main_pk);
       hash_public_key(md,sub_pk);
-      rc=do_check(sub_pk,backsig,md,NULL,NULL,NULL);
+      rc = check_signature_end (sub_pk, backsig, md, NULL, NULL, NULL);
       cache_sig_result(backsig,rc);
       gcry_md_close(md);
     }
@@ -570,7 +572,8 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
 	    }
 	    /* BUG: This is wrong for non-self-sigs.. needs to be the
 	       actual pk */
-	    if((rc=do_check_messages(pk,sig,r_expired,NULL)))
+	    if((rc = check_signature_metadata_validity (pk, sig,
+							r_expired, NULL)))
 	      return rc;
             return sig->flags.valid? 0 : gpg_error (GPG_ERR_BAD_SIGNATURE);
         }
@@ -593,7 +596,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
 	    if (gcry_md_open (&md, algo, 0 ))
               BUG ();
 	    hash_public_key( md, pk );
-	    rc = do_check( pk, sig, md, r_expired, NULL, ret_pk );
+	    rc = check_signature_end (pk, sig, md, r_expired, NULL, ret_pk);
 	    cache_sig_result ( sig, rc );
 	    gcry_md_close(md);
 	  }
@@ -606,7 +609,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
               BUG ();
 	    hash_public_key( md, pk );
 	    hash_public_key( md, snode->pkt->pkt.public_key );
-	    rc = do_check( pk, sig, md, r_expired, NULL, ret_pk );
+	    rc = check_signature_end (pk, sig, md, r_expired, NULL, ret_pk);
             cache_sig_result ( sig, rc );
 	    gcry_md_close(md);
 	}
@@ -633,7 +636,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
               BUG ();
 	    hash_public_key( md, pk );
 	    hash_public_key( md, snode->pkt->pkt.public_key );
-	    rc = do_check( pk, sig, md, r_expired, NULL, ret_pk );
+	    rc = check_signature_end (pk, sig, md, r_expired, NULL, ret_pk);
             cache_sig_result ( sig, rc );
 	    gcry_md_close(md);
 	}
@@ -649,7 +652,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
         if (gcry_md_open (&md, algo, 0 ))
           BUG ();
 	hash_public_key( md, pk );
-	rc = do_check( pk, sig, md, r_expired, NULL, ret_pk );
+	rc = check_signature_end (pk, sig, md, r_expired, NULL, ret_pk);
         cache_sig_result ( sig, rc );
 	gcry_md_close(md);
     }
@@ -668,12 +671,17 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
 	      {
 		if( is_selfsig )
 		  *is_selfsig = 1;
-		rc = do_check( pk, sig, md, r_expired, NULL, ret_pk );
+		rc = check_signature_end (pk, sig, md, r_expired, NULL, ret_pk);
 	      }
 	    else if (check_pk)
-	      rc=do_check(check_pk,sig,md,r_expired,NULL,ret_pk);
+	      /* The caller specified a key.  Try that.  */
+	      rc = check_signature_end (check_pk, sig, md,
+					r_expired, NULL, ret_pk);
 	    else
-	      rc=signature_check2(sig,md,r_expiredate,r_expired,NULL,ret_pk);
+	      /* Look up the key.  XXX: Could it be that the key is
+		 not is not in this keyblock?  */
+	      rc = check_signature2 (sig, md, r_expiredate, r_expired,
+				     NULL, ret_pk);
 
             cache_sig_result ( sig, rc );
 	    gcry_md_close(md);

commit 547a1b3fb881bb8581d03dbf4eacf49163eaa4b5
Author: Neal H. Walfield <neal at g10code.com>
Date:   Mon Oct 19 10:51:05 2015 +0200

    gpg: Mark local function as static.
    
    * g10/tdbio.c (put_record_into_cache): Mark as static.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/g10/tdbio.c b/g10/tdbio.c
index 69b9789..c7432a8 100644
--- a/g10/tdbio.c
+++ b/g10/tdbio.c
@@ -225,7 +225,7 @@ write_cache_item (CACHE_CTRL r)
  *
  * Returns: 0 on success or an error code.
  */
-int
+static int
 put_record_into_cache (ulong recno, const char *data)
 {
   CACHE_CTRL r, unused;

-----------------------------------------------------------------------

Summary of changes:
 g10/gpg.c       |  10 +-
 g10/main.h      |  18 +++-
 g10/mainproc.c  |  10 +-
 g10/packet.h    |  15 ++-
 g10/revoke.c    |  13 ++-
 g10/sig-check.c | 298 +++++++++++++++++++++++++++++++++++++++++++-------------
 g10/tdbio.c     |   2 +-
 7 files changed, 277 insertions(+), 89 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Oct 19 20:56:14 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 19 Oct 2015 20:56:14 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-23-g4e42ad3
Message-ID: <E1ZoFSX-0003wU-N9@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  4e42ad300b3de9fab25095a9e82431b1ea2740e7 (commit)
      from  c37621166e9cc2a818de73bc99287a393dbb5744 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 4e42ad300b3de9fab25095a9e82431b1ea2740e7
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Oct 19 20:30:27 2015 +0200

    dirmngr: Allow building with libassuan < 2.3.
    
    * dirmngr/dirmngr.c (set_tor_mode): Use newer assuan function only if
    available.
    * dirmngr/http.c (http_raw_connect): Ditto.
    --
    
    Frankly we should require that but we can also wait for 2.4.0 and
    switch then.

diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index 744fb52..9aa1ca3 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -470,7 +470,9 @@ set_tor_mode (void)
 {
   if (opt.use_tor)
     {
+#if ASSUAN_VERSION_NUMBER >= 0x020300 /* >= 2.3.0 */
       if (assuan_sock_set_flag (ASSUAN_INVALID_FD, "tor-mode", 1))
+#endif
         {
           log_error ("error enabling TOR mode: %s\n", strerror (errno));
           log_info ("(is your Libassuan recent enough?)\n");
diff --git a/dirmngr/http.c b/dirmngr/http.c
index 6f8bf3d..ab32bd8 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -753,7 +753,9 @@ http_raw_connect (http_t *r_hd, const char *server, unsigned short port,
     {
       int mode;
 
+#if ASSUAN_VERSION_NUMBER >= 0x020300 /* >= 2.3.0 */
       if (assuan_sock_get_flag (ASSUAN_INVALID_FD, "tor-mode", &mode) || !mode)
+#endif
         {
           log_error ("TOR support is not available\n");
           return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);

-----------------------------------------------------------------------

Summary of changes:
 dirmngr/dirmngr.c | 2 ++
 dirmngr/http.c    | 2 ++
 2 files changed, 4 insertions(+)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Oct 20 12:18:35 2015
From: cvs at cvs.gnupg.org (by Neal H. Walfield)
Date: Tue, 20 Oct 2015 12:18:35 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-25-gc3bb9fc
Message-ID: <E1ZoTrE-0004ud-S5@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  c3bb9fccb7963a0918b9ec6a4f10d568fac7c125 (commit)
       via  d1a0b520b15bb941cdbf66c2e832c617af778ac8 (commit)
      from  4e42ad300b3de9fab25095a9e82431b1ea2740e7 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit c3bb9fccb7963a0918b9ec6a4f10d568fac7c125
Author: Neal H. Walfield <neal at g10code.com>
Date:   Tue Oct 20 12:10:03 2015 +0200

    common: Make sure tilde expansion works for the mkdir functions.
    
    * common/mkdir_p.c (gnupg_amkdir_p): Use make_filename_try on the
    first directory component as well.
    
    --
    If there is only a single directory component, then tilde expansion
    won't be done.
    
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/common/mkdir_p.c b/common/mkdir_p.c
index 2e93d65..37b44ec 100644
--- a/common/mkdir_p.c
+++ b/common/mkdir_p.c
@@ -60,7 +60,7 @@ gnupg_amkdir_p (const char **directory_components)
   for (i = 0; directory_components[i]; i ++)
     {
       if (i == 0)
-	dirs[i] = xtrystrdup (directory_components[i]);
+	dirs[i] = make_filename_try (directory_components[i], NULL);
       else
 	dirs[i] = make_filename_try (dirs[i-1], directory_components[i], NULL);
       if (!dirs[i])

commit d1a0b520b15bb941cdbf66c2e832c617af778ac8
Author: Neal H. Walfield <neal at g10code.com>
Date:   Tue Oct 20 10:21:40 2015 +0200

    gpg: Remove unused prototype digest_algo_from_sig.
    
    * g10/packet.h (digest_algo_from_sig): Remove prototype without a
    corresponding implementation.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/g10/packet.h b/g10/packet.h
index 2bc911d..2fb5d7d 100644
--- a/g10/packet.h
+++ b/g10/packet.h
@@ -621,7 +621,6 @@ void free_notation(struct notation *notation);
 void free_symkey_enc( PKT_symkey_enc *enc );
 void free_pubkey_enc( PKT_pubkey_enc *enc );
 void free_seckey_enc( PKT_signature *enc );
-int  digest_algo_from_sig( PKT_signature *sig );
 void release_public_key_parts( PKT_public_key *pk );
 void free_public_key( PKT_public_key *key );
 void free_attributes(PKT_user_id *uid);

-----------------------------------------------------------------------

Summary of changes:
 common/mkdir_p.c | 2 +-
 g10/packet.h     | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Oct 20 13:21:32 2015
From: cvs at cvs.gnupg.org (by Neal H. Walfield)
Date: Tue, 20 Oct 2015 13:21:32 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-26-geb8a0b0
Message-ID: <E1ZoUq2-0006T5-N7@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  eb8a0b051faa03584b3820200e10301936e82f51 (commit)
      from  c3bb9fccb7963a0918b9ec6a4f10d568fac7c125 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit eb8a0b051faa03584b3820200e10301936e82f51
Author: Neal H. Walfield <neal at g10code.com>
Date:   Tue Oct 20 12:22:00 2015 +0200

    gpg: Make failing to create a directory a soft error.
    
    * g10/tofu.c (getdb): Don't exit if we can't create the directory.
    Just return an error.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/g10/tofu.c b/g10/tofu.c
index a7f9e90..f97a3f7 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -574,7 +574,7 @@ getdb (struct db *dbs, const char *name, enum db_type type)
       {
 	log_error (_("unable to create directory %s/%s/%s/%s"),
 		   opt.homedir, "tofu.d", type_str, prefix);
-	g10_exit (1);
+        goto out;
       }
 
     name_db = xstrconcat (name_sanitized, ".db", NULL);

-----------------------------------------------------------------------

Summary of changes:
 g10/tofu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Oct 20 13:50:38 2015
From: cvs at cvs.gnupg.org (by Neal H. Walfield)
Date: Tue, 20 Oct 2015 13:50:38 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-28-g445f94b
Message-ID: <E1ZoVID-0007B9-0P@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  445f94bc81b20959a667a4ad80ea6c73059540bf (commit)
       via  4957e3236796979b58f35628351505ea5f4e936a (commit)
      from  eb8a0b051faa03584b3820200e10301936e82f51 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 445f94bc81b20959a667a4ad80ea6c73059540bf
Author: Neal H. Walfield <neal at g10code.com>
Date:   Tue Oct 20 13:42:20 2015 +0200

    gpg: Improve text.
    
    * g10/tofu.c (show_statistics): Improve text.
    
    --
    Signed-off-by: Neal H. Walfield <neal at walfield.org>
    Suggested-by: Malte <malte at wk3.org>

diff --git a/g10/tofu.c b/g10/tofu.c
index f9aa68f..d34a204 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -2005,14 +2005,16 @@ show_statistics (struct db *dbs, const char *fingerprint,
 		 directly internationalize that text so that we can
 		 tweak it without breaking translations.  */
 	      text = _("TOFU: few signatures %s");
-	      if (strcmp (text, "TOFU: few signatures %s") == 0)
+	      if (strcmp (text, "TOFU: few signatures %d %s %s") == 0)
 		text =
-		  "Warning: if this value is unexpectedly low, this might "
-		  "indicate that this key is a forgery!  Carefully examine "
-		  "the email address for small variations (e.g., additional "
-		  "white space).  If the key is suspect, then use '%s' to "
-		  "mark the key as being bad.\n";
-	      log_info (text, set_policy_command);
+		  "Warning: if you think you've seen more than %d %s "
+		  "signed by this key, then this key might be a forgery!  "
+		  "Carefully examine the email address for small variations "
+		  "(e.g., additional white space).  If the key is suspect, "
+		  "then use '%s' to mark it as being bad.\n";
+	      log_info (text,
+			messages, messages == 1 ? _("message") : _("message"),
+			set_policy_command);
 	      free (set_policy_command);
 	    }
 	}

commit 4957e3236796979b58f35628351505ea5f4e936a
Author: Neal H. Walfield <neal at g10code.com>
Date:   Tue Oct 20 13:40:37 2015 +0200

    gpg: Use the right variable to display the information.
    
    * g10/tofu.c (get_trust): Use the right variable to display the
    conflicting key.
    
    --
    Signed-off-by: Neal H. Walfield <neal at walfield.org>
    Reported-by: Andre Heinecke <aheinecke at intevation.de>

diff --git a/g10/tofu.c b/g10/tofu.c
index f97a3f7..f9aa68f 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -1456,9 +1456,10 @@ get_trust (struct db *dbs, const char *fingerprint, const char *email,
 	     && conflict && strcmp (conflict, fingerprint) != 0)
       {
 	es_fprintf (fp,
-		    _("%s raised a conflict with this binding.  Since this"
-		      " binding's policy was 'auto', it was changed to 'ask'.  "),
-		    binding);
+		    _("The key %s raised a conflict with this binding.  Since"
+                      " this binding's policy was 'auto', it was changed to "
+                      "'ask'.  "),
+		    conflict);
 	binding_shown = 1;
       }
     es_fprintf (fp,

-----------------------------------------------------------------------

Summary of changes:
 g10/tofu.c | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Oct 20 14:52:19 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 20 Oct 2015 14:52:19 +0200
Subject: [git] ADNS-g10 - branch, master, updated. adns-1.4-g10-6-3-g56eef0a
Message-ID: <E1ZoWFs-0000B2-Kr@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "ADNS migrated to autotools/libtool".

The branch, master has been updated
       via  56eef0afa4c01d2352f8b671a9b22405dc8119db (commit)
       via  cd40bf7477fa0f245235910ed177bbcafb7cd287 (commit)
      from  eaf33fc56b3cdf5f2f52d95c6ed1d3277e281cc8 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 56eef0afa4c01d2352f8b671a9b22405dc8119db
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Oct 20 14:48:23 2015 +0200

    Add flag adns_if_tormode to provide a basic TOR mode.
    
    * src/adns.h (adns_if_tormode): New.
    * src/query.c (adns_submit): For a VC in tormode.
    (adns_submit_reverse_any): Ditto.
    (adns_synchronous): Ditto.
    * src/event.c (use_socks_p, socks_connect): New.  Based on code from
    Libassuan.
    (adns__tcp_tryconnect): Move setnonblock after the init of ADDR.  Call
    socks_connect if needed.
    
    * client/adh-opts.c (global_options): Add "--use-tor"
    (ov_tormode): New.
    * client/adnshost.h (ov_tormode): New declaration.
    * client/adh-query.c (ensure_adns_init): Enable TOR mode uf OV_TORMODE
    is set.
    --
    
    This patch has the problem that connecting to the TOR server and more
    important establishing the TOR connection will block.  Changing this
    would require quite some report of the TCP code in ADNS.
    
    In fact it has always been the case that when falling back to TCP mode
    and the connect would have blocked the connection won't be established
    but times outs.  There is no retry code for if connect returns with
    EWOULDBLOCK or EINPROGRESS.
    
    To test the code this command can be used.
    
      adnshost --config 'nameserver 8.8.8.8' --use-tor NAME
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/client/adh-opts.c b/client/adh-opts.c
index 5bb7273..5797b6c 100644
--- a/client/adh-opts.c
+++ b/client/adh-opts.c
@@ -27,7 +27,7 @@
 
 #include "adnshost.h"
 
-int ov_env=1, ov_pipe=0, ov_asynch=0;
+int ov_env=1, ov_pipe=0, ov_asynch=0, ov_tormode = 0;
 int ov_verbose= 0;
 adns_rrtype ov_type= adns_r_none;
 int ov_search=0, ov_qc_query=0, ov_qc_anshost=0, ov_qc_cname=1;
@@ -43,6 +43,8 @@ static const struct optioninfo global_options[]= {
     "f", "pipe",           &ov_pipe, 1 },
   { ot_flag,             "Allow answers to be reordered",
     "a", "asynch",         &ov_asynch, 1 },
+  { ot_flag,             "Run over TOR",
+    0, "use-tor",          &ov_tormode, 1 },
 
   { ot_desconly, "answer/error output format and destination (see below):" },
   { ot_value,            "Answers to stdout, errors as messages to stderr (default)",
diff --git a/client/adh-query.c b/client/adh-query.c
index b5cfad7..a2fb4f5 100644
--- a/client/adh-query.c
+++ b/client/adh-query.c
@@ -9,20 +9,20 @@
  *    Copyright (C) 1999-2000,2003,2006  Tony Finch
  *    Copyright (C) 1991 Massachusetts Institute of Technology
  *  (See the file INSTALL for full details.)
- *  
+ *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
  *  the Free Software Foundation; either version 2, or (at your option)
  *  any later version.
- *  
+ *
  *  This program is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU General Public License for more details.
- *  
+ *
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, write to the Free Software Foundation,
- *  Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 
+ *  Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
  */
 
 #include "adnshost.h"
@@ -35,15 +35,15 @@ static unsigned long idcounter;
 /* inet_aton implementation.  [Taken from the adns 1.0 W32 port.
    Copyright (C) 2000, 2004 Jarle (jgaa) Aase <jgaa at jgaa.com>] */
 #ifdef HAVE_W32_SYSTEM
-static int 
+static int
 inet_aton (const char *cp, struct in_addr *inp)
 {
   if (!cp || !*cp || !inp)
     {
       errno = EINVAL;
-      return -1; 
+      return -1;
     }
-  
+
   if (!strcmp(cp, "255.255.255.255"))
     {
       /*  Although this is a valid address, the old inet_addr fucntion
@@ -51,7 +51,7 @@ inet_aton (const char *cp, struct in_addr *inp)
         inp->s_addr = INADDR_NONE;
         return 0;
     }
-  
+
   inp->s_addr = inet_addr (cp);
   return (inp->s_addr == INADDR_NONE) ? -1 : 0;
 }
@@ -61,7 +61,7 @@ inet_aton (const char *cp, struct in_addr *inp)
 void ensure_adns_init(void) {
   adns_initflags initflags;
   int r;
-  
+
   if (ads) return;
 
 #ifndef HAVE_W32_SYSTEM
@@ -70,6 +70,7 @@ void ensure_adns_init(void) {
 
   initflags= adns_if_noautosys|adns_if_nosigpipe|ov_verbose;
   if (!ov_env) initflags |= adns_if_noenv;
+  if (ov_tormode) initflags |= adns_if_tormode;
 
   if (config_text) {
     r= adns_init_strcfg(&ads, initflags, stderr, config_text);
@@ -86,7 +87,7 @@ void type_info(adns_rrtype type, const char **typename_r,
 	       const void *datap, char **data_r) {
   static char buf[12];
   adns_status st;
-  
+
   st= adns_rr_info(type, typename_r, 0,0, datap,data_r);
   if (st == adns_s_nomemory) sysfail("adns_rr_info failed",ENOMEM);
   assert(!st);
@@ -99,10 +100,10 @@ void type_info(adns_rrtype type, const char **typename_r,
 static void prep_query(struct query_node **qun_r, int *quflags_r) {
   struct query_node *qun;
   char idbuf[20];
-  
+
   if (ov_pipe && !ads) usageerr("-f/--pipe not consistent with domains on command line");
   ensure_adns_init();
-  
+
   qun= malloc(sizeof(*qun));
   qun->pqfr= ov_pqfr;
   if (ov_id) {
@@ -121,10 +122,10 @@ static void prep_query(struct query_node **qun_r, int *quflags_r) {
     (ov_qc_anshost ? adns_qf_quoteok_anshost : 0) |
     (ov_qc_cname ? 0 : adns_qf_quoteok_cname) |
     ov_cname,
-    
+
   *qun_r= qun;
 }
-  
+
 void of_ptr(const struct optioninfo *oi, const char *arg, const char *arg2) {
   struct query_node *qun;
   int quflags, r;
@@ -200,7 +201,7 @@ static void print_withspace(const char *str) {
 static void print_ttl(struct query_node *qun, adns_answer *answer) {
   unsigned long ttl;
   time_t now;
-  
+
   switch (qun->pqfr.ttl) {
   case tm_none:
     return;
@@ -262,7 +263,7 @@ static void print_status(adns_status st, struct query_node *qun, adns_answer *an
 static void print_dnsfail(adns_status st, struct query_node *qun, adns_answer *answer) {
   int r;
   const char *typename, *statusstring;
-  
+
   if (ov_format == fmt_inline) {
     if (fputs("; failed ",stdout) == EOF) outerr();
     print_status(st,qun,answer);
@@ -283,7 +284,7 @@ static void print_dnsfail(adns_status st, struct query_node *qun, adns_answer *a
   }
   if (r == EOF) sysfail("write error message to stderr",errno);
 }
-    
+
 void query_done(struct query_node *qun, adns_answer *answer) {
   adns_status st;
   int rrn, nrrs;
diff --git a/client/adnshost.h b/client/adnshost.h
index 876b021..f83d1e8 100644
--- a/client/adnshost.h
+++ b/client/adnshost.h
@@ -8,20 +8,20 @@
  *    Copyright (C) 1999-2000,2003,2006  Tony Finch
  *    Copyright (C) 1991 Massachusetts Institute of Technology
  *  (See the file INSTALL for full details.)
- *  
+ *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
  *  the Free Software Foundation; either version 2, or (at your option)
  *  any later version.
- *  
+ *
  *  This program is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU General Public License for more details.
- *  
+ *
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, write to the Free Software Foundation,
- *  Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 
+ *  Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
  */
 
 #ifndef ADNSHOST_H_INCLUDED
@@ -78,7 +78,7 @@ struct perqueryflags_remember {
   int ttl;
 };
 
-extern int ov_env, ov_pipe, ov_asynch;
+extern int ov_env, ov_pipe, ov_asynch, ov_tormode;
 extern int ov_verbose;
 extern adns_rrtype ov_type;
 extern int ov_search, ov_qc_query, ov_qc_anshost, ov_qc_cname;
diff --git a/src/adns.h b/src/adns.h
index feb7cb1..6ed9a97 100644
--- a/src/adns.h
+++ b/src/adns.h
@@ -92,7 +92,8 @@ typedef enum { /* In general, or together the desired flags: */
  adns_if_eintr=       0x0020,/* allow _wait and _synchronous to return EINTR */
  adns_if_nosigpipe=   0x0040,/* applic has SIGPIPE ignored, do not protect */
  adns_if_checkc_entex=0x0100,/* consistency checks on entry/exit to adns fns */
- adns_if_checkc_freq= 0x0300 /* consistency checks very frequently (slow!) */
+ adns_if_checkc_freq= 0x0300,/* consistency checks very frequently (slow!) */
+ adns_if_tormode=     0x1000 /* route all trafic via TOR.  */
 } adns_initflags;
 
 typedef enum { /* In general, or together the desired flags: */
diff --git a/src/event.c b/src/event.c
index 6a88f98..8aae3af 100644
--- a/src/event.c
+++ b/src/event.c
@@ -9,6 +9,7 @@
  *    Copyright (C) 1997-2000,2003,2006  Ian Jackson
  *    Copyright (C) 1999-2000,2003,2006  Tony Finch
  *    Copyright (C) 1991 Massachusetts Institute of Technology
+ *    Copyright (C) 2015 g10 Code GmbH
  *  (See the file INSTALL for full details.)
  *
  *  This program is free software; you can redistribute it and/or modify
@@ -96,6 +97,177 @@ static void tcp_broken_events(adns_state ads) {
   ads->tcpstate= server_disconnected;
 }
 
+
+/* Return true if SOCKS shall be used.  This is the case if
+   adns_if_tormode is set and the desired address is not the loopback
+   address.  */
+static int
+use_socks_p (adns_state ads, const struct sockaddr *addr)
+{
+  if (!(ads->iflags & adns_if_tormode))
+    return 0;
+  else if (addr->sa_family == AF_INET6)
+    {
+      const struct sockaddr_in6 *addr_in6 = (struct sockaddr_in6 *)addr;
+      const unsigned char *s;
+      int i;
+
+      s = (unsigned char *)&addr_in6->sin6_addr.s6_addr;
+      if (s[15] != 1)
+        return 1;   /* Last octet is not 1 - not the loopback address.  */
+      for (i=0; i < 15; i++, s++)
+        if (*s)
+          return 1; /* Non-zero octet found - not the loopback address.  */
+
+      return 0; /* This is the loopback address.  */
+    }
+  else if (addr->sa_family == AF_INET)
+    {
+      const struct sockaddr_in *addr_in = (struct sockaddr_in *)addr;
+
+      if (*(unsigned char*)&addr_in->sin_addr.s_addr == 127)
+        return 0; /* Loopback (127.0.0.0/8) */
+
+      return 1;
+    }
+  else
+    return 0;
+}
+
+
+/* Connect to TOR using the SOCKS5 protocol.  We assume that the
+   connection to the SOCKS proxy (TOR server) does not block; if it
+   would block we return and the the usual retry logic of the caller
+   kicks in.  */
+static int
+socks_connect (adns_state ads, int fd,
+               const struct sockaddr *addr, socklen_t length)
+{
+  int ret;
+  struct sockaddr_in  proxyaddr_in;
+  struct sockaddr *proxyaddr;
+  size_t proxyaddrlen;
+  struct sockaddr_in6 *addr_in6;
+  struct sockaddr_in  *addr_in;
+  unsigned char buffer[22];
+  size_t buflen;
+
+  memset (&proxyaddr_in, 0, sizeof proxyaddr_in);
+
+  /* Connect to local host.  */
+  /* Fixme: First try to use IPv6.  */
+  proxyaddr_in.sin_family = AF_INET;
+  proxyaddr_in.sin_port = htons (9050);
+  proxyaddr_in.sin_addr.s_addr = htonl (INADDR_LOOPBACK);
+  proxyaddr = (struct sockaddr *)&proxyaddr_in;
+  proxyaddrlen = sizeof proxyaddr_in;
+  ret = adns__sock_connect(fd, proxyaddr, proxyaddrlen);
+  if (ret)
+    return ret;
+
+  /* Negotiate method.  */
+  buffer[0] = 5; /* RFC-1928 VER field.  */
+  buffer[1] = 1; /* NMETHODS */
+  buffer[2] = 0; /* Method: No authentication required. */
+  adns__sigpipe_protect(ads);
+  ret = adns__sock_write(fd, buffer, 3);
+  adns__sigpipe_unprotect(ads);
+  if (ret != 3)
+    {
+      if (ret >= 0)
+        errno = EIO;
+      return -1;
+    }
+  ret = adns__sock_read(fd, buffer, 2);
+  if (ret < 0)
+    return ret;
+  if (ret != 2 || buffer[0] != 5 || buffer[1] != 0 )
+    {
+      /* Socks server returned wrong version or does not support our
+         requested method.  */
+      errno = ENOTSUP; /* Fixme: Is there a better errno? */
+      return -1;
+    }
+
+  /* Send request details (rfc-1928, 4).  */
+  buffer[0] = 5; /* VER  */
+  buffer[1] = 1; /* CMD = CONNECT  */
+  buffer[2] = 0; /* RSV  */
+  if (addr->sa_family == AF_INET6)
+    {
+      addr_in6 = (struct sockaddr_in6 *)addr;
+
+      buffer[3] = 4; /* ATYP = IPv6 */
+      memcpy (buffer+ 4, &addr_in6->sin6_addr.s6_addr, 16); /* DST.ADDR */
+      memcpy (buffer+20, &addr_in6->sin6_port, 2);          /* DST.PORT */
+      buflen = 22;
+    }
+  else
+    {
+      addr_in = (struct sockaddr_in *)addr;
+
+      buffer[3] = 1; /* ATYP = IPv4 */
+      memcpy (buffer+4, &addr_in->sin_addr.s_addr, 4); /* DST.ADDR */
+      memcpy (buffer+8, &addr_in->sin_port, 2);        /* DST.PORT */
+      buflen = 10;
+    }
+  adns__sigpipe_protect(ads);
+  ret = adns__sock_write(fd, buffer, buflen);
+  adns__sigpipe_unprotect(ads);
+  if (ret != buflen)
+    {
+      if (ret >= 0)
+        errno = EIO;
+      return -1;
+    }
+  ret = adns__sock_read(fd, buffer, buflen);
+  if (ret < 0)
+    return ret;
+  if (ret != buflen || buffer[0] != 5 || buffer[2] != 0 )
+    {
+      /* Socks server returned wrong version or the reserved field is
+         not zero.  */
+      errno = EPROTO;
+      return -1;
+    }
+  if (buffer[1])
+    {
+      switch (buffer[1])
+        {
+        case 0x01: /* general SOCKS server failure.  */
+          errno = ENETDOWN;
+          break;
+        case 0x02: /* connection not allowed by ruleset.  */
+          errno = EACCES;
+          break;
+        case 0x03: /* Network unreachable */
+          errno = ENETUNREACH;
+          break;
+        case 0x04: /* Host unreachable */
+          errno = EHOSTUNREACH;
+          break;
+        case 0x05: /* Connection refused */
+          errno = ECONNREFUSED;
+          break;
+        case 0x06: /* TTL expired */
+          errno = ETIMEDOUT;
+          break;
+        case 0x08: /* Address type not supported */
+          errno = EPROTONOSUPPORT;
+          break;
+        case 0x07: /* Command not supported */
+        default:
+          errno = ENOTSUP; /* Fixme: Is there a better errno? */
+        }
+      return -1;
+    }
+  /* FIXME: We have not way to store the actual address used by the
+     server.  */
+
+  return 0;
+}
+
+
 void adns__tcp_tryconnect(adns_state ads, struct timeval now) {
   int r, fd, tries;
   struct sockaddr_in addr;
@@ -127,21 +299,41 @@ void adns__tcp_tryconnect(adns_state ads, struct timeval now) {
       adns__diag(ads,-1,0,"cannot create TCP socket: %s",strerror(errno));
       return;
     }
-    r= adns__setnonblock(ads,fd);
-    if (r) {
-      adns__diag(ads,-1,0,"cannot make TCP socket nonblocking:"
-		 " %s",strerror(r));
-      adns__sock_close(fd);
-      return;
-    }
     memset(&addr,0,sizeof(addr));
     addr.sin_family= AF_INET;
     addr.sin_port= htons(DNS_PORT);
     addr.sin_addr= ads->servers[ads->tcpserver].addr;
-    r= adns__sock_connect(fd,(const struct sockaddr*)&addr,sizeof(addr));
+    if (use_socks_p(ads, (const struct sockaddr*)&addr))
+      {
+        r= socks_connect(ads, fd,(const struct sockaddr*)&addr,sizeof(addr));
+        if (!r)
+          {
+            r= adns__setnonblock(ads,fd);
+            if (r) {
+              adns__diag(ads,-1,0,"cannot make TCP socket nonblocking:"
+                         " %s",strerror(r));
+              adns__sock_close(fd);
+              return;
+            }
+          }
+      }
+    else
+      {
+        r= adns__setnonblock(ads,fd);
+        if (r) {
+          adns__diag(ads,-1,0,"cannot make TCP socket nonblocking:"
+                     " %s",strerror(r));
+          adns__sock_close(fd);
+          return;
+        }
+        r= adns__sock_connect(fd,(const struct sockaddr*)&addr,sizeof(addr));
+      }
     ads->tcpsocket= fd;
     ads->tcpstate= server_connecting;
-    if (r==0) { tcp_connected(ads,now); return; }
+    if (r==0) {
+      tcp_connected(ads,now);
+      return;
+    }
     if (errno == EWOULDBLOCK || errno == EINPROGRESS) {
       ads->tcptimeout= now;
       timevaladd(&ads->tcptimeout,TCPCONNMS);
diff --git a/src/internal.h b/src/internal.h
index c3aa213..6bc0702 100644
--- a/src/internal.h
+++ b/src/internal.h
@@ -277,7 +277,7 @@ struct adns__query {
    *        too big for UDP /             UDP timeout  \  \ send via UDP
    *        send via TCP   /              more retries  \  \
    *        when conn'd   /                  desired     \  \
-   *                     |     	       	       	       	  |  |
+   *        or TOR-mode  |     	       	       	       	  |  |
    *                     v				  |  v
    *              +-----------+         	    	+-------------+
    *              | tcpw/tcpw | ________                | tosend/udpw |
diff --git a/src/query.c b/src/query.c
index 948b5d3..c719bad 100644
--- a/src/query.c
+++ b/src/query.c
@@ -222,12 +222,15 @@ int adns_submit(adns_state ads,
 
   adns__consistency(ads,0,cc_entex);
 
+  if ((ads->iflags & adns_if_tormode))
+    flags |= adns_qf_usevc;
+
   typei= adns__findtype(type);
   if (!typei) return ENOSYS;
 
   r= gettimeofday(&now,0); if (r) goto x_errno;
   qu= query_alloc(ads,typei,type,flags,now); if (!qu) goto x_errno;
-  
+
   qu->ctx.ext= context;
   qu->ctx.callback= 0;
   memset(&qu->ctx.info,0,sizeof(qu->ctx.info));
@@ -287,6 +290,8 @@ int adns_submit_reverse_any(adns_state ads,
   int r, lreq;
 
   flags &= ~adns_qf_search;
+  if ((ads->iflags & adns_if_tormode))
+    flags |= adns_qf_usevc;
 
   if (addr->sa_family != AF_INET) return ENOSYS;
   iaddr= (const unsigned char*)
@@ -315,6 +320,10 @@ int adns_submit_reverse(adns_state ads,
 			void *context,
 			adns_query *query_r) {
   if (type != adns_r_ptr && type != adns_r_ptr_raw) return EINVAL;
+
+  if ((ads->iflags & adns_if_tormode))
+    flags |= adns_qf_usevc;
+
   return adns_submit_reverse_any(ads,addr,"in-addr.arpa",
 				 type,flags,context,query_r);
 }
@@ -326,7 +335,10 @@ int adns_synchronous(adns_state ads,
 		     adns_answer **answer_r) {
   adns_query qu;
   int r;
-  
+
+  if ((ads->iflags & adns_if_tormode))
+    flags |= adns_qf_usevc;
+
   r= adns_submit(ads,owner,type,flags,0,&qu);
   if (r) return r;
 

commit cd40bf7477fa0f245235910ed177bbcafb7cd287
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Oct 20 08:24:36 2015 +0200

    Silence compiler warnings.
    
    * regress/hplayback.c (Q_vb): Remove unused var r.
    * src/event.c (tcp_close): Remove unused var serv.
    * src/reply.c (adns__procdgram): Remove unused var arstart.
    * src/internal.h (GET_W, GTE_L): Do not return arg tv; it is not used.
    --
    
    Also remove some trailing white space.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/regress/hplayback.c b/regress/hplayback.c
index 594f7e6..f8d920c 100644
--- a/regress/hplayback.c
+++ b/regress/hplayback.c
@@ -140,7 +140,7 @@ static void Ppollfds(struct pollfd *fds, int nfds) {
   for (i=0; i<nfds; i++) {
     Pstring("{fd=","{fd= in pollfds");
     fds->fd= strtoul(vb2.buf+vb2.used,&ep,10);
-    vb2.used= ep - (char*)vb2.buf;    
+    vb2.used= ep - (char*)vb2.buf;
     Pstring(", events=",", events= in pollfds");
     fds->events= Ppollfdevents();
     Pstring(", revents=",", revents= in pollfds");
@@ -194,11 +194,10 @@ static int Pbytes(byte *buf, int maxlen) {
   }
 }
 void Q_vb(void) {
-  int r;
   const char *nl;
   Tensurerecordfile();
   if (!adns__vbuf_ensure(&vb2,vb.used+2)) Tnomem();
-  r= fread(vb2.buf,1,vb.used+2,Tinputfile);
+  fread(vb2.buf,1,vb.used+2,Tinputfile);
   if (feof(Tinputfile)) {
     fprintf(stderr,"adns test harness: input ends prematurely; program did:\n %.*s\n",
            vb.used,vb.buf);
@@ -241,9 +240,9 @@ int Hselect(	int max , fd_set *rfds , fd_set *wfds , fd_set *efds , struct timev
   r= strtoul(vb2.buf+8,&ep,10);
   if (*ep && *ep!=' ') Psyntax("return value not E* or positive number");
   vb2.used= ep - (char*)vb2.buf;
-	Parg("rfds"); Pfdset(rfds,max); 
-	Parg("wfds"); Pfdset(wfds,max); 
-	Parg("efds"); Pfdset(efds,max); 
+	Parg("rfds"); Pfdset(rfds,max);
+	Parg("wfds"); Pfdset(wfds,max);
+	Parg("efds"); Pfdset(efds,max);
  assert(vb2.used <= amtread);
  if (vb2.used != amtread) Psyntax("junk at end of line");
  P_updatetime();
@@ -273,7 +272,7 @@ int Hpoll(	struct pollfd *fds , int nfds , int timeout 	) {
   r= strtoul(vb2.buf+6,&ep,10);
   if (*ep && *ep!=' ') Psyntax("return value not E* or positive number");
   vb2.used= ep - (char*)vb2.buf;
-        Parg("fds"); Ppollfds(fds,nfds); 
+        Parg("fds"); Ppollfds(fds,nfds);
  assert(vb2.used <= amtread);
  if (vb2.used != amtread) Psyntax("junk at end of line");
  P_updatetime();
@@ -283,8 +282,8 @@ int Hpoll(	struct pollfd *fds , int nfds , int timeout 	) {
 int Hsocket(	int domain , int type , int protocol 	) {
  int r, amtread;
  char *ep;
-	Tmust("socket","domain",domain==AF_INET); 
-  Tmust("socket","type",type==SOCK_STREAM || type==SOCK_DGRAM); 
+	Tmust("socket","domain",domain==AF_INET);
+  Tmust("socket","type",type==SOCK_STREAM || type==SOCK_DGRAM);
  Qsocket(	 type 	);
  if (!adns__vbuf_ensure(&vb2,1000)) Tnomem();
  fgets(vb2.buf,vb2.avail,Tinputfile); Pcheckinput();
@@ -312,13 +311,13 @@ int Hsocket(	int domain , int type , int protocol 	) {
 }
 int Hfcntl(	int fd , int cmd , ... 	) {
  int r, amtread;
-	va_list al; long arg; 
+	va_list al; long arg;
   Tmust("fcntl","cmd",cmd==F_SETFL || cmd==F_GETFL);
   if (cmd == F_SETFL) {
     va_start(al,cmd); arg= va_arg(al,long); va_end(al);
   } else {
     arg= 0;
-  } 
+  }
  Qfcntl(	fd , cmd , arg 	);
  if (!adns__vbuf_ensure(&vb2,1000)) Tnomem();
  fgets(vb2.buf,vb2.avail,Tinputfile); Pcheckinput();
@@ -469,7 +468,7 @@ int Hclose(	int fd 	) {
 int Hsendto(	int fd , const void *msg , int msglen , unsigned int flags , const struct sockaddr *addr , int addrlen 	) {
  int r, amtread;
  char *ep;
-	Tmust("sendto","flags",flags==0); 
+	Tmust("sendto","flags",flags==0);
  Qsendto(	fd , msg , msglen , addr , addrlen 	);
  if (!adns__vbuf_ensure(&vb2,1000)) Tnomem();
  fgets(vb2.buf,vb2.avail,Tinputfile); Pcheckinput();
@@ -497,8 +496,8 @@ int Hsendto(	int fd , const void *msg , int msglen , unsigned int flags , const
 }
 int Hrecvfrom(	int fd , void *buf , int buflen , unsigned int flags , struct sockaddr *addr , int *addrlen 	) {
  int r, amtread;
-	Tmust("recvfrom","flags",flags==0); 
-	Tmust("recvfrom","*addrlen",*addrlen>=sizeof(struct sockaddr_in)); 
+	Tmust("recvfrom","flags",flags==0);
+	Tmust("recvfrom","*addrlen",*addrlen>=sizeof(struct sockaddr_in));
  Qrecvfrom(	fd , buflen , *addrlen 	);
  if (!adns__vbuf_ensure(&vb2,1000)) Tnomem();
  fgets(vb2.buf,vb2.avail,Tinputfile); Pcheckinput();
@@ -519,10 +518,10 @@ int Hrecvfrom(	int fd , void *buf , int buflen , unsigned int flags , struct soc
   if (memcmp(vb2.buf+10,"OK",2)) Psyntax("success/fail not E* or OK");
   vb2.used= 10+2;
   r= 0;
-	Parg("addr"); Paddr(addr,addrlen); 
+	Parg("addr"); Paddr(addr,addrlen);
  assert(vb2.used <= amtread);
  if (vb2.used != amtread) Psyntax("junk at end of line");
-	r= Pbytes(buf,buflen); 
+	r= Pbytes(buf,buflen);
  P_updatetime();
  return r;
 }
@@ -550,7 +549,7 @@ int Hread(	int fd , void *buf , size_t buflen 	) {
   r= 0;
  assert(vb2.used <= amtread);
  if (vb2.used != amtread) Psyntax("junk at end of line");
-	r= Pbytes(buf,buflen); 
+	r= Pbytes(buf,buflen);
  P_updatetime();
  return r;
 }
diff --git a/src/event.c b/src/event.c
index 2bf689e..6a88f98 100644
--- a/src/event.c
+++ b/src/event.c
@@ -10,20 +10,20 @@
  *    Copyright (C) 1999-2000,2003,2006  Tony Finch
  *    Copyright (C) 1991 Massachusetts Institute of Technology
  *  (See the file INSTALL for full details.)
- *  
+ *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
  *  the Free Software Foundation; either version 2, or (at your option)
  *  any later version.
- *  
+ *
  *  This program is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU General Public License for more details.
- *  
+ *
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, write to the Free Software Foundation,
- *  Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 
+ *  Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
  */
 
 #include <errno.h>
@@ -45,9 +45,6 @@
 /* TCP connection management. */
 
 static void tcp_close(adns_state ads) {
-  int serv;
-  
-  serv= ads->tcpserver;
   adns__sock_close(ads->tcpsocket);
   ads->tcpsocket= -1;
   ads->tcprecv.used= ads->tcprecv_skip= ads->tcpsend.used= 0;
@@ -56,7 +53,7 @@ static void tcp_close(adns_state ads) {
 void adns__tcp_broken(adns_state ads, const char *what, const char *why) {
   int serv;
   adns_query qu;
-  
+
   assert(ads->tcpstate == server_connecting || ads->tcpstate == server_ok);
   serv= ads->tcpserver;
   if (what) adns__warn(ads,serv,0,"TCP connection failed: %s: %s",what,why);
@@ -74,7 +71,7 @@ void adns__tcp_broken(adns_state ads, const char *what, const char *why) {
 
 static void tcp_connected(adns_state ads, struct timeval now) {
   adns_query qu, nqu;
-  
+
   adns__debug(ads,ads->tcpserver,0,"TCP connected");
   ads->tcpstate= server_ok;
   for (qu= ads->tcpw.head; qu && ads->tcpstate == server_ok; qu= nqu) {
@@ -86,7 +83,7 @@ static void tcp_connected(adns_state ads, struct timeval now) {
 
 static void tcp_broken_events(adns_state ads) {
   adns_query qu, nqu;
-  
+
   assert(ads->tcpstate == server_broken);
   for (qu= ads->tcpw.head; qu; qu= nqu) {
     nqu= qu->next;
@@ -115,7 +112,7 @@ void adns__tcp_tryconnect(adns_state ads, struct timeval now) {
     default:
       abort();
     }
-    
+
     assert(!ads->tcpsend.used);
     assert(!ads->tcprecv.used);
     assert(!ads->tcprecv_skip);
@@ -180,7 +177,7 @@ static void inter_immed(struct timeval **tv_io, struct timeval *tvbuf) {
 
   timerclear(rbuf);
 }
-    
+
 static void inter_maxto(struct timeval **tv_io, struct timeval *tvbuf,
 			struct timeval maxto) {
   struct timeval *rbuf;
@@ -217,7 +214,7 @@ static void timeouts_queue(adns_state ads, int act,
 			   struct timeval **tv_io, struct timeval *tvbuf,
 			   struct timeval now, struct query_queue *queue) {
   adns_query qu, nqu;
-  
+
   for (qu= queue->head; qu; qu= nqu) {
     nqu= qu->next;
     if (!timercmp(&now,&qu->timeout,>)) {
@@ -341,7 +338,7 @@ int adns_processreadable(adns_state ads, int fd, const struct timeval *now) {
   int want, dgramlen, r, udpaddrlen, serv, old_skip;
   byte udpbuf[DNS_MAXUDP];
   struct sockaddr_in udpaddr;
-  
+
   adns__consistency(ads,0,cc_entex);
 
   switch (ads->tcpstate) {
@@ -441,7 +438,7 @@ xit:
 
 int adns_processwriteable(adns_state ads, int fd, const struct timeval *now) {
   int r;
-  
+
   adns__consistency(ads,0,cc_entex);
 
   switch (ads->tcpstate) {
@@ -495,7 +492,7 @@ xit:
   adns__consistency(ads,0,cc_entex);
   return r;
 }
-  
+
 int adns_processexceptional(adns_state ads, int fd,
 			    const struct timeval *now) {
   adns__consistency(ads,0,cc_entex);
@@ -522,7 +519,7 @@ static void fd_event(adns_state ads, int fd,
 				 const struct timeval *now),
 		     struct timeval now, int *r_r) {
   int r;
-  
+
   if (!(revent & pollflag)) return;
   if (fds && !(fd<maxfd && FD_ISSET(fd,fds))) return;
   r= func(ads,fd,&now);
@@ -566,7 +563,7 @@ void adns_beforeselect(adns_state ads, int *maxfd_io, fd_set *readfds_io,
   struct timeval tv_nowbuf;
   struct pollfd pollfds[MAX_POLLFDS];
   int i, fd, maxfd, npollfds;
-  
+
   adns__consistency(ads,0,cc_entex);
 
   if (tv_mod && (!*tv_mod || (*tv_mod)->tv_sec || (*tv_mod)->tv_usec)) {
@@ -620,7 +617,7 @@ void adns_globalsystemfailure(adns_state ads) {
 
   while (ads->udpw.head) adns__query_fail(ads->udpw.head, adns_s_systemfail);
   while (ads->tcpw.head) adns__query_fail(ads->tcpw.head, adns_s_systemfail);
-  
+
   switch (ads->tcpstate) {
   case server_connecting:
   case server_ok:
@@ -699,7 +696,7 @@ int adns_wait(adns_state ads,
   int r, maxfd, rsel;
   fd_set readfds, writefds, exceptfds;
   struct timeval tvbuf, *tvp;
-  
+
   adns__consistency(ads,*query_io,cc_entex);
   for (;;) {
     r= adns__internal_check(ads,query_io,answer_r,context_r);
@@ -731,7 +728,7 @@ int adns_check(adns_state ads,
 	       void **context_r) {
   struct timeval now;
   int r;
-  
+
   adns__consistency(ads,*query_io,cc_entex);
   r= gettimeofday(&now,0);
   if (!r) adns__autosys(ads,now);
diff --git a/src/internal.h b/src/internal.h
index a2e8c43..c3aa213 100644
--- a/src/internal.h
+++ b/src/internal.h
@@ -759,13 +759,13 @@ static inline int errno_resources(int e) { return e==ENOMEM || e==ENOBUFS; }
 
 #define GETIL_B(cb) (((dgram)[(cb)++]) & 0x0ff)
 #define GET_B(cb,tv) ((tv)= GETIL_B((cb)))
-#define GET_W(cb,tv) ((tv)=0,(tv)|=(GETIL_B((cb))<<8), (tv)|=GETIL_B(cb), (tv))
+#define GET_W(cb,tv) ((tv)=0,(tv)|=(GETIL_B((cb))<<8), (tv)|=GETIL_B(cb))
 #define GET_L(cb,tv) ( (tv)=0,				\
 		       (tv)|=(GETIL_B((cb))<<24),	\
 		       (tv)|=(GETIL_B((cb))<<16),	\
 		       (tv)|=(GETIL_B((cb))<<8),	\
-		       (tv)|=GETIL_B(cb),		\
-		       (tv) )
+		       (tv)|=GETIL_B(cb)		\
+		      )
 
 
 
diff --git a/src/query.c b/src/query.c
index d09702e..948b5d3 100644
--- a/src/query.c
+++ b/src/query.c
@@ -10,20 +10,20 @@
  *    Copyright (C) 1999-2000,2003,2006  Tony Finch
  *    Copyright (C) 1991 Massachusetts Institute of Technology
  *  (See the file INSTALL for full details.)
- *  
+ *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
  *  the Free Software Foundation; either version 2, or (at your option)
  *  any later version.
- *  
+ *
  *  This program is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU General Public License for more details.
- *  
+ *
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, write to the Free Software Foundation,
- *  Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 
+ *  Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
  */
 
 #include "internal.h"
@@ -41,11 +41,11 @@ static adns_query query_alloc(adns_state ads,
 			      adns_queryflags flags, struct timeval now) {
   /* Allocate a virgin query and return it. */
   adns_query qu;
-  
+
   qu= malloc(sizeof(*qu));  if (!qu) return 0;
   qu->answer= malloc(sizeof(*qu->answer));
   if (!qu->answer) { free(qu); return 0; }
-  
+
   qu->ads= ads;
   qu->state= query_tosend;
   qu->back= qu->next= qu->parent= 0;
@@ -100,11 +100,11 @@ static void query_submit(adns_state ads, adns_query qu,
 
   qu->query_dgram= malloc(qu->vb.used);
   if (!qu->query_dgram) { adns__query_fail(qu,adns_s_nomemory); return; }
-  
+
   qu->id= id;
   qu->query_dglen= qu->vb.used;
   memcpy(qu->query_dgram,qu->vb.buf,qu->vb.used);
-  
+
   adns__query_send(qu,now);
 }
 
@@ -121,7 +121,7 @@ adns_status adns__internal_submit(adns_state ads, adns_query *query_r,
 
   memcpy(&qu->ctx,ctx,sizeof(qu->ctx));
   query_submit(ads,qu, typei,qumsg_vb,id,flags,now);
-  
+
   return adns_s_ok;
 }
 
@@ -153,7 +153,7 @@ static void query_simple(adns_state ads, adns_query qu,
 void adns__search_next(adns_state ads, adns_query qu, struct timeval now) {
   const char *nextentry;
   adns_status stat;
-  
+
   if (qu->search_doneabs<0) {
     nextentry= 0;
     qu->search_doneabs= 1;
@@ -237,7 +237,7 @@ int adns_submit(adns_state ads,
   ol= strlen(owner);
   if (!ol) { stat= adns_s_querydomaininvalid; goto x_adnsfail; }
   if (ol>DNS_MAXDOMAIN+1) { stat= adns_s_querydomaintoolong; goto x_adnsfail; }
-				 
+
   if (ol>=1 && owner[ol-1]=='.' && (ol<2 || owner[ol-2]!='\\')) {
     flags &= ~adns_qf_search;
     qu->flags= flags;
@@ -349,7 +349,7 @@ static void *alloc_common(adns_query qu, size_t sz) {
 
 void *adns__alloc_interim(adns_query qu, size_t sz) {
   void *rv;
-  
+
   sz= MEM_ROUND(sz);
   rv= alloc_common(qu,sz);
   if (!rv) return 0;
@@ -359,7 +359,7 @@ void *adns__alloc_interim(adns_query qu, size_t sz) {
 
 void *adns__alloc_preserved(adns_query qu, size_t sz) {
   void *rv;
-  
+
   sz= MEM_ROUND(sz);
   rv= adns__alloc_interim(qu,sz);
   if (!rv) return 0;
@@ -380,7 +380,7 @@ void adns__transfer_interim(adns_query from, adns_query to,
 
   assert(!to->final_allocspace);
   assert(!from->final_allocspace);
-  
+
   LIST_UNLINK(from->allocations,an);
   LIST_LINK_TAIL(to->allocations,an);
 
@@ -490,17 +490,17 @@ static void makefinal_query(adns_query qu) {
   qu->final_allocspace= (byte*)ans + MEM_ROUND(sizeof(*ans));
   adns__makefinal_str(qu,&ans->cname);
   adns__makefinal_str(qu,&ans->owner);
-  
+
   if (ans->nrrs) {
     adns__makefinal_block(qu, &ans->rrs.untyped, ans->nrrs*ans->rrsz);
 
     for (rrn=0; rrn<ans->nrrs; rrn++)
       qu->typei->makefinal(qu, ans->rrs.bytes + rrn*ans->rrsz);
   }
-  
+
   free_query_allocs(qu);
   return;
-  
+
  x_nomem:
   qu->preserved_allocd= 0;
   qu->answer->cname= 0;
@@ -573,7 +573,7 @@ void adns__makefinal_str(adns_query qu, char **strp) {
   l= strlen(before)+1;
   after= adns__alloc_final(qu,l);
   memcpy(after,before,l);
-  *strp= after;  
+  *strp= after;
 }
 
 void adns__makefinal_block(adns_query qu, void **blpp, size_t sz) {
diff --git a/src/reply.c b/src/reply.c
index 64b41d7..68087c1 100644
--- a/src/reply.c
+++ b/src/reply.c
@@ -8,33 +8,33 @@
  *    Copyright (C) 1999-2000,2003,2006  Tony Finch
  *    Copyright (C) 1991 Massachusetts Institute of Technology
  *  (See the file INSTALL for full details.)
- *  
+ *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
  *  the Free Software Foundation; either version 2, or (at your option)
  *  any later version.
- *  
+ *
  *  This program is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU General Public License for more details.
- *  
+ *
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, write to the Free Software Foundation,
- *  Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 
+ *  Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
  */
 
 #include <stdlib.h>
 
 #include "internal.h"
-    
+
 void adns__procdgram(adns_state ads, const byte *dgram, int dglen,
 		     int serv, int viatcp, struct timeval now) {
   int cbyte, rrstart, wantedrrs, rri, foundsoa, foundns, cname_here;
   int id, f1, f2, qdcount, ancount, nscount, arcount;
   int flg_ra, flg_rd, flg_tc, flg_qr, opcode;
   int rrtype, rrclass, rdlength, rdstart;
-  int anstart, nsstart, arstart;
+  int anstart, nsstart;
   int ownermatched, l, nrrs;
   unsigned long ttl, soattl;
   const typeinfo *typei;
@@ -44,7 +44,7 @@ void adns__procdgram(adns_state ads, const byte *dgram, int dglen,
   vbuf tempvb;
   byte *newquery, *rrsdata;
   parseinfo pai;
-  
+
   if (dglen<DNS_HDRSIZE) {
     adns__diag(ads,serv,0,"received datagram"
 	       " too short for message header (%d)",dglen);
@@ -68,7 +68,7 @@ void adns__procdgram(adns_state ads, const byte *dgram, int dglen,
   rcode= (f2&0x0f);
 
   cname_here= 0;
-  
+
   if (!flg_qr) {
     adns__diag(ads,serv,0,"server sent us a query, not a response");
     return;
@@ -80,7 +80,7 @@ void adns__procdgram(adns_state ads, const byte *dgram, int dglen,
   }
 
   qu= 0;
-  /* See if we can find the relevant query, or leave qu=0 otherwise ... */   
+  /* See if we can find the relevant query, or leave qu=0 otherwise ... */
 
   if (qdcount == 1) {
     for (qu= viatcp ? ads->tcpw.head : ads->udpw.head; qu; qu= nqu) {
@@ -105,7 +105,7 @@ void adns__procdgram(adns_state ads, const byte *dgram, int dglen,
       else LIST_UNLINK(ads->udpw,qu);
     }
   }
-  
+
   /* If we're going to ignore the packet, we return as soon as we have
    * failed the query (if any) and printed the warning message (if
    * any).
@@ -155,9 +155,8 @@ void adns__procdgram(adns_state ads, const byte *dgram, int dglen,
 
   /* We're definitely going to do something with this packet and this
    * query now. */
-  
+
   anstart= qu->query_dglen;
-  arstart= -1;
 
   /* Now, take a look at the answer section, and see if it is complete.
    * If it has any CNAMEs we stuff them in the answer.
@@ -241,7 +240,7 @@ void adns__procdgram(adns_state ads, const byte *dgram, int dglen,
    * which we could use.
    */
   if (flg_tc) goto x_truncated;
-  
+
   nsstart= cbyte;
 
   if (!wantedrrs) {
@@ -266,7 +265,7 @@ void adns__procdgram(adns_state ads, const byte *dgram, int dglen,
       if (rrtype == adns_r_soa_raw) { foundsoa= 1; soattl= ttl; break; }
       else if (rrtype == adns_r_ns_raw) { foundns= 1; }
     }
-    
+
     if (rcode == rcode_nxdomain) {
       /* We still wanted to look for the SOA so we could find the TTL. */
       adns__update_expires(qu,soattl,now);
@@ -360,29 +359,29 @@ void adns__procdgram(adns_state ads, const byte *dgram, int dglen,
   return;
 
  x_truncated:
-  
+
   if (!flg_tc) {
     adns__diag(ads,serv,qu,"server sent datagram which points outside itself");
     adns__query_fail(qu,adns_s_invalidresponse);
     return;
   }
   qu->flags |= adns_qf_usevc;
-  
+
  x_restartquery:
   if (qu->cname_dgram) {
     st= adns__mkquery_frdgram(qu->ads,&qu->vb,&qu->id,
 			      qu->cname_dgram,qu->cname_dglen,qu->cname_begin,
 			      qu->answer->type, qu->flags);
     if (st) { adns__query_fail(qu,st); return; }
-    
+
     newquery= realloc(qu->query_dgram,qu->vb.used);
     if (!newquery) { adns__query_fail(qu,adns_s_nomemory); return; }
-    
+
     qu->query_dgram= newquery;
     qu->query_dglen= qu->vb.used;
     memcpy(newquery,qu->vb.buf,qu->vb.used);
   }
-  
+
   if (qu->state == query_tcpw) qu->state= query_tosend;
   qu->retries= 0;
   adns__reset_preserved(qu);

-----------------------------------------------------------------------

Summary of changes:
 client/adh-opts.c   |   4 +-
 client/adh-query.c  |  35 ++++----
 client/adnshost.h   |  10 +--
 regress/hplayback.c |  33 ++++---
 src/adns.h          |   3 +-
 src/event.c         | 249 +++++++++++++++++++++++++++++++++++++++++++++-------
 src/internal.h      |   8 +-
 src/query.c         |  52 ++++++-----
 src/reply.c         |  37 ++++----
 9 files changed, 317 insertions(+), 114 deletions(-)


hooks/post-receive
-- 
ADNS migrated to autotools/libtool
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Oct 20 14:54:28 2015
From: cvs at cvs.gnupg.org (by Neal H. Walfield)
Date: Tue, 20 Oct 2015 14:54:28 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-31-gbc9ff6c
Message-ID: <E1ZoWHz-0000Fp-N8@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  bc9ff6c85e2d89be4ee873b8a72a214759a66157 (commit)
       via  251c070f91e2c65baa3f1195f14a176440a8aafa (commit)
       via  d3eca517745a862432fcfeaa729e5333b15ffa6a (commit)
      from  445f94bc81b20959a667a4ad80ea6c73059540bf (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit bc9ff6c85e2d89be4ee873b8a72a214759a66157
Author: Neal H. Walfield <neal at g10code.com>
Date:   Tue Oct 20 14:53:29 2015 +0200

    gpg: Improve output.
    
    * g10/tofu.c (get_trust): Also show the binding when indicating a
    conflict occurred.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/g10/tofu.c b/g10/tofu.c
index 0b5fa29..3f2cd25 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -1468,10 +1468,10 @@ get_trust (struct db *dbs, const char *fingerprint, const char *email,
 	     && conflict && strcmp (conflict, fingerprint) != 0)
       {
 	es_fprintf (fp,
-		    _("The key %s raised a conflict with this binding.  Since"
-                      " this binding's policy was 'auto', it was changed to "
-                      "'ask'.  "),
-		    conflict);
+		    _("The key %s raised a conflict with this binding (%s)."
+                      "  Since this binding's policy was 'auto', it was"
+                      "changed to 'ask'.  "),
+		    conflict, binding);
 	binding_shown = 1;
       }
     es_fprintf (fp,

commit 251c070f91e2c65baa3f1195f14a176440a8aafa
Author: Neal H. Walfield <neal at g10code.com>
Date:   Tue Oct 20 14:52:39 2015 +0200

    gpg: Synchronize translation template.
    
    * g10/tofu.c (show_statistics): Synchronize translation template.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/g10/tofu.c b/g10/tofu.c
index 5886c5e..0b5fa29 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -2018,7 +2018,7 @@ show_statistics (struct db *dbs, const char *fingerprint,
 	      /* TRANSLATORS: translate the below text.  We don't
 		 directly internationalize that text so that we can
 		 tweak it without breaking translations.  */
-	      text = _("TOFU: few signatures %s");
+	      text = _("TOFU: few signatures %d %s %s");
 	      if (strcmp (text, "TOFU: few signatures %d %s %s") == 0)
 		text =
 		  "Warning: if you think you've seen more than %d %s "

commit d3eca517745a862432fcfeaa729e5333b15ffa6a
Author: Neal H. Walfield <neal at g10code.com>
Date:   Tue Oct 20 14:50:21 2015 +0200

    gpg: When showing conflicts, also show bindings with no recorded sigs.
    
    * g10/tofu.c (signature_stats_collect_cb): If the time_ago column is
    NULL, then both time_ago and count should be 0.
    (get_trust): Reverse the direction of the join so that we also get
    statistics about bindings without any signatures.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/g10/tofu.c b/g10/tofu.c
index d34a204..5886c5e 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -1061,27 +1061,39 @@ signature_stats_collect_cb (void *cookie, int argc, char **argv,
     }
   i ++;
 
-  tail = NULL;
-  errno = 0;
-  time_ago = strtol (argv[i], &tail, 0);
-  if (errno || ! (strcmp (tail, ".0") == 0 || *tail == '\0'))
+  if (! argv[i])
+    time_ago = 0;
+  else
     {
-      /* Abort.  */
-      log_error ("%s: Error converting %s to an integer (tail = '%s')\n",
-		 __func__, argv[i], tail);
-      return 1;
+      tail = NULL;
+      errno = 0;
+      time_ago = strtol (argv[i], &tail, 0);
+      if (errno || ! (strcmp (tail, ".0") == 0 || *tail == '\0'))
+        {
+          /* Abort.  */
+          log_error ("%s: Error converting %s to an integer (tail = '%s')\n",
+                     __func__, argv[i], tail);
+          return 1;
+        }
     }
   i ++;
 
-  tail = NULL;
-  errno = 0;
-  count = strtoul (argv[i], &tail, 0);
-  if (errno || ! (strcmp (tail, ".0") == 0 || *tail == '\0'))
+  /* If time_ago is NULL, then we had no messages, but we still have a
+     single row, which count(*) turns into 1.  */
+  if (! argv[i - 1])
+    count = 0;
+  else
     {
-      /* Abort.  */
-      log_error ("%s: Error converting %s to an integer (tail = '%s')\n",
-		 __func__, argv[i], tail);
-      return 1;
+      tail = NULL;
+      errno = 0;
+      count = strtoul (argv[i], &tail, 0);
+      if (errno || ! (strcmp (tail, ".0") == 0 || *tail == '\0'))
+        {
+          /* Abort.  */
+          log_error ("%s: Error converting %s to an integer (tail = '%s')\n",
+                     __func__, argv[i], tail);
+          return 1;
+        }
     }
   i ++;
 
@@ -1551,10 +1563,12 @@ get_trust (struct db *dbs, const char *fingerprint, const char *email,
        "         else round(delta / %d) * %d\n"
        "        end time_ago,\n"
        "        delta time_ago_raw\n"
-       "       from (select *,\n"
-       "              cast(strftime('%%s','now') - sig_time as real) delta\n"
-       "             from signatures) ss\n"
-       "       left join bindings on ss.binding = bindings.oid)\n"
+       "       from bindings\n"
+       "       left join\n"
+       "         (select *,\n"
+       "            cast(strftime('%%s','now') - sig_time as real) delta\n"
+       "           from signatures) ss\n"
+       "        on ss.binding = bindings.oid)\n"
        " where email = %Q\n"
        " group by fingerprint, time_ago\n"
        /* Make sure the current key is first.  */

-----------------------------------------------------------------------

Summary of changes:
 g10/tofu.c | 64 ++++++++++++++++++++++++++++++++++++++------------------------
 1 file changed, 39 insertions(+), 25 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Oct 20 15:12:36 2015
From: cvs at cvs.gnupg.org (by Neal H. Walfield)
Date: Tue, 20 Oct 2015 15:12:36 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-32-g26d457c
Message-ID: <E1ZoWZW-0000hm-NN@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  26d457c218c2e93b2e2cf316f0c1074c70894d0f (commit)
      from  bc9ff6c85e2d89be4ee873b8a72a214759a66157 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 26d457c218c2e93b2e2cf316f0c1074c70894d0f
Author: Neal H. Walfield <neal at g10code.com>
Date:   Tue Oct 20 15:12:23 2015 +0200

    gpg: Don't die immediately if the TOFU DB is locked.
    
    * g10/tofu.c (opendb): Don't die immediately if the DB is locked.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/g10/tofu.c b/g10/tofu.c
index 3f2cd25..4ad44eb 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -487,6 +487,10 @@ opendb (char *filename, enum db_type type)
       db = NULL;
     }
 
+  /* If a DB is locked wait up to 5 seconds for the lock to be cleared
+     before failing.  */
+  sqlite3_busy_timeout (db, 5 * 1000);
+
   if (filename_free)
     xfree (filename);
 

-----------------------------------------------------------------------

Summary of changes:
 g10/tofu.c | 4 ++++
 1 file changed, 4 insertions(+)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Oct 20 16:58:13 2015
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Tue, 20 Oct 2015 16:58:13 +0200
Subject: [git] GpgOL - branch, master, updated. gpgol-1.2.0-69-gb5c358e
Message-ID: <E1ZoYDi-0003x4-EI@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".

The branch, master has been updated
       via  b5c358e535504d391651bb411eee24fd9a29698c (commit)
       via  c66067e20be3f854b1a9ab68ad9d6f3fe54902ca (commit)
      from  7016fec9aef7be53f164829f7c76e28c6a83e228 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b5c358e535504d391651bb411eee24fd9a29698c
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Tue Oct 20 16:53:18 2015 +0200

    More logging and error checking in App Events
    
    * src/application-events.cpp (ApplicationEvents::Invoke): Check
     that parms is not NULL. Add more debug output.
    
    --
    According to the Windows Event log attached to gnupg-bug: 1837
    gpgol caused a crash while handling 0xFBA7 (ItemLoad).
    This should help to home in on such a crash. I doub't that
    parms is NULL in the Invoke call but as you can never
    know let's be more defensive with error checks.

diff --git a/src/application-events.cpp b/src/application-events.cpp
index 8b3b0c2..196e6ed 100644
--- a/src/application-events.cpp
+++ b/src/application-events.cpp
@@ -65,23 +65,26 @@ EVENT_SINK_INVOKE(ApplicationEvents)
           LPDISPATCH mailItem;
           LPDISPATCH mailEventSink;
           /* The mailItem should be the first argument */
-          if (parms->cArgs != 1 || parms->rgvarg[0].vt != VT_DISPATCH)
+          if (!parms || parms->cArgs != 1 ||
+              parms->rgvarg[0].vt != VT_DISPATCH)
             {
               log_error ("%s:%s: ItemLoad with unexpected Arguments.",
                          SRCNAME, __func__);
               break;
             }
 
+          log_debug ("%s:%s: ItemLoad event. Getting object.",
+                     SRCNAME, __func__);
           mailItem = get_object_by_id (parms->rgvarg[0].pdispVal,
                                        IID_MailItem);
           if (!mailItem)
             {
-              log_error ("%s:%s: ItemLoad event without mailitem.",
+              log_debug ("%s:%s: ItemLoad event without mailitem.",
                          SRCNAME, __func__);
               break;
             }
-          log_oom ("%s:%s: Installing event sink on mailitem: %p",
-                   SRCNAME, __func__, mailItem);
+          log_debug ("%s:%s: Installing event sink on mailitem: %p",
+                     SRCNAME, __func__, mailItem);
           mailEventSink = install_MailItemEvents_sink (mailItem);
           /* TODO figure out what we need to do with the event sink.
              Does it need to be Released at some point? What happens
@@ -91,6 +94,11 @@ EVENT_SINK_INVOKE(ApplicationEvents)
               log_error ("%s:%s: Failed to install MailItemEvents sink.",
                          SRCNAME, __func__);
             }
+          else
+            {
+              log_debug ("%s:%s: MailItem event handler installed.",
+                         SRCNAME, __func__);
+            }
           mailItem->Release ();
           break;
         }

commit c66067e20be3f854b1a9ab68ad9d6f3fe54902ca
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Tue Oct 20 16:52:15 2015 +0200

    Log UTC time instead of tick count.
    
    * src/main.c (do_log): Log the current UTC time to allow
     corellating debug output to Windows event logs.

diff --git a/src/main.c b/src/main.c
index f2a8cf5..5e3a05d 100644
--- a/src/main.c
+++ b/src/main.c
@@ -22,6 +22,7 @@
 #include <windows.h>
 #include <wincrypt.h>
 #include <ctype.h>
+#include <winnls.h>
 
 #include "mymapi.h"
 #include "mymapitags.h"
@@ -254,9 +255,26 @@ do_log (const char *fmt, va_list a, int w32err, int err,
       return;
     }
 
-  fprintf (logfp, "%05lu/%lu/",
-           ((unsigned long)GetTickCount () % 100000),
-           (unsigned long)GetCurrentThreadId ());
+  char time_str[9];
+  SYSTEMTIME utc_time;
+  GetSystemTime (&utc_time);
+  if (GetTimeFormatA (LOCALE_INVARIANT,
+                      TIME_FORCE24HOURFORMAT | LOCALE_USE_CP_ACP,
+                      &utc_time,
+                      "HH:mm:ss",
+                      time_str,
+                      9))
+    {
+      fprintf (logfp, "%s/%lu/",
+               time_str,
+               (unsigned long)GetCurrentThreadId ());
+    }
+  else
+    {
+      fprintf (logfp, "unknown/%lu/",
+               (unsigned long)GetCurrentThreadId ());
+    }
+
   if (err == 1)
     fputs ("ERROR/", logfp);
   vfprintf (logfp, fmt, a);

-----------------------------------------------------------------------

Summary of changes:
 src/application-events.cpp | 16 ++++++++++++----
 src/main.c                 | 24 +++++++++++++++++++++---
 2 files changed, 33 insertions(+), 7 deletions(-)


hooks/post-receive
-- 
GnuPG extension for MS Outlook
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Oct 20 17:37:36 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 20 Oct 2015 17:37:36 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-34-gc83b627
Message-ID: <E1ZoYpq-0004ug-Jq@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  c83b627174f46e841f1ccc018322fe499969c267 (commit)
       via  734c61dc9d4915605816803182c9adcc1594e008 (commit)
      from  26d457c218c2e93b2e2cf316f0c1074c70894d0f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit c83b627174f46e841f1ccc018322fe499969c267
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Oct 20 17:33:18 2015 +0200

    w32: Allow building again.
    
    * dirmngr/http.c (connect_server): Fix called function name.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/dirmngr/http.c b/dirmngr/http.c
index ab32bd8..c2a0431 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -2232,7 +2232,7 @@ connect_server (const char *server, unsigned short port,
 
       memset(&addr,0,sizeof(addr));
 
-      sock = assuan_sock_socket (AF_INET, SOCK_STREAM, 0);
+      sock = assuan_sock_new (AF_INET, SOCK_STREAM, 0);
       if (sock == ASSUAN_INVALID_FD)
 	{
 	  log_error ("error creating socket: %s\n", strerror (errno));

commit 734c61dc9d4915605816803182c9adcc1594e008
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Oct 20 17:32:23 2015 +0200

    build: Allow building without SQLlite support.
    
    * configure.ac: Add option --dsiable-tofu and --disable-sqlite.
    (NEED_SQLITE_VERSION): New var.
    (USE_TOFU): New ac_define and am_conditional.
    * autogen.sh (build-w32): Add PKG_CONFIG_LIBDIR to configure so that
    pkg-config find the correct .pc file.
    
    * g10/Makefile.am (tofu_source): New.  Build only if enabled.
    * g10/gpg.c (parse_trust_model)[!USE_TOFU]: Disable tofu models.
    (parse_tofu_policy)[!USE_TOFU]: Disable all.
    (parse_tofu_db_format)[!USE_TOFU]: Disable all.
    (main) <aTOFUPolicy>[!USE_TOFU]: Skip.
    * g10/keyedit.c (show_key_with_all_names_colon)[!USE_TOFU]: Do not
    call tofu functions.
    * g10/keylist.c (list_keyblock_colon)[!USE_TOFU]: Ditto.
    * g10/trustdb.c (tdb_get_validity_core)[!USE_TOFU]: Skip tofu
    processing.
    --
    
    This allows to build a minimal version of GnuPG.  It is also currently
    required to build for Windows.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/autogen.sh b/autogen.sh
index 7effd56..3fe24ea 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -311,6 +311,7 @@ if [ "$myhost" = "w32" ]; then
     $tsdir/configure --enable-maintainer-mode ${SILENT} \
              --prefix=${w32root}  \
              --host=${host} --build=${build} SYSROOT=${w32root} \
+             PKG_CONFIG_LIBDIR=${w32root} \
              ${configure_opts} ${extraoptions} "$@"
     rc=$?
     exit $rc
diff --git a/configure.ac b/configure.ac
index ddbc065..3ec9895 100644
--- a/configure.ac
+++ b/configure.ac
@@ -69,6 +69,7 @@ NEED_NPTH_VERSION=0.91
 
 NEED_GNUTLS_VERSION=3.0
 
+NEED_SQLITE_VERSION=3.7
 
 development_version=mym4_isbeta
 PACKAGE=$PACKAGE_NAME
@@ -91,6 +92,7 @@ have_libassuan=no
 have_ksba=no
 have_ntbtls=no
 have_gnutls=no
+have_sqlite=no
 have_npth=no
 have_libusb=no
 have_adns=no
@@ -100,6 +102,7 @@ use_zip=yes
 use_bzip2=yes
 use_exec=yes
 use_trust_models=yes
+use_tofu=yes
 card_support=yes
 use_ccid_driver=yes
 dirmngr_auto_start=yes
@@ -247,6 +250,14 @@ if test "$use_trust_models" = no ; then
              [Define to include only trust-model always])
 fi
 
+AC_MSG_CHECKING([whether to enable TOFU])
+AC_ARG_ENABLE(tofu,
+                AC_HELP_STRING([--disable-tofu],
+                               [disable the TOFU trust model]),
+              use_tofu=$enableval, use_tofu=yes)
+AC_MSG_RESULT($use_tofu)
+
+
 
 #
 # Options to disable algorithm
@@ -780,11 +791,39 @@ DL_LIBS=$LIBS
 AC_SUBST(DL_LIBS)
 LIBS="$gnupg_dlopen_save_libs"
 
+
 # Checks for g10
 
-PKG_CHECK_MODULES(SQLITE3, sqlite3)
-AC_SUBST(SQLITE3_CFLAGS)
-AC_SUBST(SQLITE3_LIBS)
+AC_ARG_ENABLE(sqlite,
+                AC_HELP_STRING([--disable-sqlite],
+                               [disable the use of SQLITE]),
+              try_sqlite=$enableval, try_sqlite=yes)
+
+if test x"$use_tofu" = xyes ; then
+  if test x"$try_sqlite" = xyes ; then
+    PKG_CHECK_MODULES([SQLITE3], [sqlite3 >= $NEED_SQLITE_VERSION],
+                                 [have_sqlite=yes],
+                                 [have_sqlite=no])
+  fi
+  if test "$have_sqlite" = "yes"; then
+    :
+    AC_SUBST([SQLITE3_CFLAGS])
+    AC_SUBST([SQLITE3_LIBS])
+  else
+    use_tofu=no
+    tmp=$(echo "$SQLITE3_PKG_ERRORS" | tr '\n' '\v' | sed 's/\v/\n*** /g')
+    AC_MSG_WARN([[
+***
+*** Building without SQLite support - TOFU disabled
+***
+*** $tmp]])
+  fi
+fi
+
+if test x"$use_tofu" = xyes ; then
+    AC_DEFINE(USE_TOFU, 1, [Enable to build the TOFU code])
+fi
+
 
 # Checks for g13
 
@@ -1547,7 +1586,8 @@ AM_CONDITIONAL(BUILD_SYMCRYPTRUN, test "$build_symcryptrun" = "yes")
 AM_CONDITIONAL(BUILD_GPGTAR,      test "$build_gpgtar" = "yes")
 
 AM_CONDITIONAL(ENABLE_CARD_SUPPORT, test "$card_support" = yes)
-AM_CONDITIONAL(NO_TRUST_MODELS, test "$use_trust_models" = no)
+AM_CONDITIONAL(NO_TRUST_MODELS,     test "$use_trust_models" = no)
+AM_CONDITIONAL(USE_TOFU,            test "$use_tofu" = yes)
 
 AM_CONDITIONAL(RUN_GPG_TESTS,
                test x$cross_compiling = xno -a "$build_gpg" = yes )
@@ -1800,6 +1840,7 @@ echo "
         LDAP support:        $gnupg_have_ldap
         DNS SRV support:     $use_dns_srv
         TLS support:         $use_tls_library
+        TOFU support:        $use_tofu
 "
 if test x"$use_regex" != xyes ; then
 echo "
diff --git a/g10/Makefile.am b/g10/Makefile.am
index 7357843..75ccac8 100644
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@@ -56,6 +56,12 @@ else
 trust_source = trustdb.c trustdb.h tdbdump.c tdbio.c tdbio.h
 endif
 
+if USE_TOFU
+tofu_source = tofu.h tofu.c
+else
+tofu_source =
+endif
+
 
 if HAVE_W32_SYSTEM
 resource_objs += gpg-w32info.o
@@ -124,10 +130,9 @@ gpg2_SOURCES  = gpg.c		\
 	      call-dirmngr.c call-dirmngr.h \
 	      photoid.c photoid.h \
 	      call-agent.c call-agent.h \
-	      trust.c $(trust_source) \
+	      trust.c $(trust_source) $(tofu_source) \
 	      $(card_source) \
-	      exec.c exec.h \
-	      tofu.h tofu.c
+	      exec.c exec.h
 
 gpgv2_SOURCES = gpgv.c           \
 	      $(common_source)  \
diff --git a/g10/gpg.c b/g10/gpg.c
index 794d5ea..ff6e59f 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -1949,10 +1949,12 @@ parse_trust_model(const char *model)
     opt.trust_model=TM_ALWAYS;
   else if(ascii_strcasecmp(model,"direct")==0)
     opt.trust_model=TM_DIRECT;
+#ifdef USE_TOFU
   else if(ascii_strcasecmp(model,"tofu")==0)
     opt.trust_model=TM_TOFU;
   else if(ascii_strcasecmp(model,"tofu+pgp")==0)
     opt.trust_model=TM_TOFU_PGP;
+#endif /*USE_TOFU*/
   else if(ascii_strcasecmp(model,"auto")==0)
     opt.trust_model=TM_AUTO;
   else
@@ -1963,6 +1965,7 @@ parse_trust_model(const char *model)
 static int
 parse_tofu_policy (const char *policy)
 {
+#ifdef USE_TOFU
   if (ascii_strcasecmp (policy, "auto") == 0)
     return TOFU_POLICY_AUTO;
   else if (ascii_strcasecmp (policy, "good") == 0)
@@ -1974,6 +1977,7 @@ parse_tofu_policy (const char *policy)
   else if (ascii_strcasecmp (policy, "ask") == 0)
     return TOFU_POLICY_ASK;
   else
+#endif /*USE_TOFU*/
     {
       log_error (_("unknown TOFU policy '%s'\n"), policy);
       g10_exit (1);
@@ -1983,6 +1987,7 @@ parse_tofu_policy (const char *policy)
 static int
 parse_tofu_db_format (const char *db_format)
 {
+#ifdef USE_TOFU
   if (ascii_strcasecmp (db_format, "auto") == 0)
     return TOFU_DB_AUTO;
   else if (ascii_strcasecmp (db_format, "split") == 0)
@@ -1990,6 +1995,7 @@ parse_tofu_db_format (const char *db_format)
   else if (ascii_strcasecmp (db_format, "flat") == 0)
     return TOFU_DB_FLAT;
   else
+#endif /*USE_TOFU*/
     {
       log_error (_("unknown TOFU DB format '%s'\n"), db_format);
       g10_exit (1);
@@ -4417,6 +4423,7 @@ main (int argc, char **argv)
         break;
 
       case aTOFUPolicy:
+#ifdef USE_TOFU
 	{
 	  int policy;
 	  int i;
@@ -4487,7 +4494,6 @@ main (int argc, char **argv)
 		}
 
 	      merge_keys_and_selfsig (kb);
-
 	      if (tofu_set_policy (kb, policy))
 		g10_exit (1);
 	    }
@@ -4495,6 +4501,7 @@ main (int argc, char **argv)
 	  keydb_release (hd);
 
 	}
+#endif /*USE_TOFU*/
 	break;
 
       case aListPackets:
diff --git a/g10/keyedit.c b/g10/keyedit.c
index 432ba86..fba7d35 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -2930,10 +2930,12 @@ show_key_with_all_names_colon (ctrl_t ctrl, estream_t fp, kbnode_t keyblock)
 	  es_putc (':', fp);
 	  if (opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP)
 	    {
+#ifdef USE_TOFU
 	      enum tofu_policy policy;
 	      if (! tofu_get_policy (primary, uid, &policy)
 		  && policy != TOFU_POLICY_NONE)
 		es_fprintf (fp, "%s", tofu_policy_str (policy));
+#endif /*USE_TOFU*/
 	    }
 	  es_putc (':', fp);
 	  es_putc ('\n', fp);
diff --git a/g10/keylist.c b/g10/keylist.c
index 1541697..2a766a1 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -1501,10 +1501,12 @@ list_keyblock_colon (KBNODE keyblock, int secret, int has_secret, int fpr)
 	  es_fprintf (es_stdout, "::::::::");
 	  if (opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP)
 	    {
+#ifdef USE_TOFU
 	      enum tofu_policy policy;
 	      if (! tofu_get_policy (pk, uid, &policy)
 		  && policy != TOFU_POLICY_NONE)
 		es_fprintf (es_stdout, "%s", tofu_policy_str (policy));
+#endif /*USE_TOFU*/
 	    }
 	  es_putc (':', es_stdout);
 	  es_putc ('\n', es_stdout);
diff --git a/g10/tofu.h b/g10/tofu.h
index b0fcc5b..adf87ab 100644
--- a/g10/tofu.h
+++ b/g10/tofu.h
@@ -106,4 +106,4 @@ gpg_error_t tofu_set_policy_by_keyid (u32 *keyid, enum tofu_policy policy);
 gpg_error_t tofu_get_policy (PKT_public_key *pk, PKT_user_id *user_id,
 			     enum tofu_policy *policy);
 
-#endif
+#endif /*G10_TOFU_H*/
diff --git a/g10/trustdb.c b/g10/trustdb.c
index f58051a..cadc7e9 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -1001,6 +1001,7 @@ tdb_get_validity_core (PKT_public_key *pk, PKT_user_id *uid,
       goto leave;
     }
 
+#ifdef USE_TOFU
   if (opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP)
     {
       kbnode_t user_id_node = NULL; /* Silence -Wmaybe-uninitialized.  */
@@ -1078,6 +1079,7 @@ tdb_get_validity_core (PKT_public_key *pk, PKT_user_id *uid,
 	    break;
 	}
     }
+#endif /*USE_TOFU*/
 
   if (opt.trust_model == TM_TOFU_PGP
       || opt.trust_model == TM_CLASSIC
@@ -1137,7 +1139,18 @@ tdb_get_validity_core (PKT_public_key *pk, PKT_user_id *uid,
     }
 
  leave:
+#ifdef USE_TOFU
   validity = tofu_wot_trust_combine (tofu_validity, validity);
+#else /*!USE_TOFU*/
+  validity &= TRUST_MASK;
+
+  if (validity == TRUST_NEVER)
+    /* TRUST_NEVER trumps everything else.  */
+    validity |= TRUST_NEVER;
+  if (validity == TRUST_EXPIRED)
+    /* TRUST_EXPIRED trumps everything but TRUST_NEVER.  */
+    validity |= TRUST_EXPIRED;
+#endif /*!USE_TOFU*/
 
   if (opt.trust_model != TM_TOFU
       && pending_check_trustdb)

-----------------------------------------------------------------------

Summary of changes:
 autogen.sh      |  1 +
 configure.ac    | 49 +++++++++++++++++++++++++++++++++++++++++++++----
 dirmngr/http.c  |  2 +-
 g10/Makefile.am | 11 ++++++++---
 g10/gpg.c       |  9 ++++++++-
 g10/keyedit.c   |  2 ++
 g10/keylist.c   |  2 ++
 g10/tofu.h      |  2 +-
 g10/trustdb.c   | 13 +++++++++++++
 9 files changed, 81 insertions(+), 10 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Oct 20 19:00:44 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 20 Oct 2015 19:00:44 +0200
Subject: [git] ADNS-g10 - branch, master, updated. adns-1.4-g10-6-4-ge317a09
Message-ID: <E1Zoa8I-0007fM-3I@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "ADNS migrated to autotools/libtool".

The branch, master has been updated
       via  e317a09c6f855e806efa035ecb97f27f6b6942fd (commit)
      from  56eef0afa4c01d2352f8b671a9b22405dc8119db (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e317a09c6f855e806efa035ecb97f27f6b6942fd
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Oct 20 18:39:57 2015 +0200

    Add lost config script.
    
    * src/adns-config.in: New.  Content was lost.
    * configure.ac (ADNS_CONFIG_HOST): New.
    (adns-conf): New ac_config_command.

diff --git a/configure.ac b/configure.ac
index 4059627..45ab374 100644
--- a/configure.ac
+++ b/configure.ac
@@ -246,9 +246,11 @@ fi
 #
 ADNS_CONFIG_LIBS="-ladns"
 ADNS_CONFIG_CFLAGS=""
-AC_SUBST(ADNS_CONFIG_LIBS)
-AC_SUBST(ADNS_CONFIG_CFLAGS)
+ADNS_CONFIG_HOST="$host"
 AC_SUBST(ADNS_CONFIG_API_VERSION)
+AC_SUBST(ADNS_CONFIG_CFLAGS)
+AC_SUBST(ADNS_CONFIG_LIBS)
+AC_SUBST(ADNS_CONFIG_HOST)
 
 # The Makefiles need to know about cross compiling
 AM_CONDITIONAL(CROSS_COMPILING, test x$cross_compiling = xyes)
@@ -349,6 +351,9 @@ src/versioninfo.rc
 client/Makefile
 regress/Makefile
 ])
+AC_CONFIG_COMMANDS([adns-conf],[[
+chmod +x src/adns-config
+]])
 AC_OUTPUT
 
 
diff --git a/src/adns-config.in b/src/adns-config.in
index e69de29..823cd43 100644
--- a/src/adns-config.in
+++ b/src/adns-config.in
@@ -0,0 +1,169 @@
+#!/bin/sh
+# Copyright (C) 2015 g10 code GmbH
+#
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+#
+# This file is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+#
+# File: @configure_input@
+
+# General.
+prefix="@prefix@"
+exec_prefix="@exec_prefix@"
+version="@VERSION@"
+includedir="@includedir@"
+libdir="@libdir@"
+
+# libgcrypt values.
+libs="@ADNS_CONFIG_LIBS@"
+cflags="@ADNS_CONFIG_CFLAGS@"
+
+# API info
+api_version="@ADNS_CONFIG_API_VERSION@"
+
+# Configured for host
+my_host="@ADNS_CONFIG_HOST@"
+
+# Misc information.
+
+# State variables.
+echo_libs=no
+echo_cflags=no
+echo_prefix=no
+echo_exec_prefix=no
+echo_version=no
+echo_api_version=no
+echo_host=no
+
+# Prints usage information.
+usage()
+{
+    cat <<EOF
+Usage: $0 [OPTIONS]
+Options:
+	[--prefix]
+	[--exec-prefix]
+	[--version]
+        [--api-version]
+	[--libs]
+	[--cflags]
+        [--host]
+EOF
+    exit $1
+}
+
+if test $# -eq 0; then
+    # Nothing to do.
+    usage 1 1>&2
+fi
+
+while test $# -gt 0; do
+    case "$1" in
+	# Set up `optarg'.
+	--*=*)
+	    optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'`
+	    ;;
+	*)
+	    optarg=""
+	    ;;
+    esac
+
+    case $1 in
+        --prefix=*)
+            # For compatibility reasons with old M4 macros, we ignore
+            # setting of prefix.
+            ;;
+	--prefix)
+	    echo_prefix=yes
+	    ;;
+        --exec-prefix=*)
+            ;;
+	--exec-prefix)
+	    echo_exec_prefix=yes
+	    ;;
+	--version)
+	    echo_version=yes
+	    ;;
+        --api-version)
+            echo_api_version=yes
+            ;;
+	--cflags)
+	    echo_cflags=yes
+	    ;;
+	--libs)
+	    echo_libs=yes
+	    ;;
+        --host)
+            echo_host=yes
+            ;;
+	*)
+	    usage 1 1>&2
+	    ;;
+    esac
+    shift
+done
+
+if test "$echo_prefix" = "yes"; then
+    echo "$prefix"
+fi
+
+if test "$echo_exec_prefix" = "yes"; then
+    echo "$exec_prefix"
+fi
+
+if test "$echo_cflags" = "yes"; then
+    includes=""
+    cflags_final="$cflags"
+
+    # Set up `includes'.
+    if test "x$includedir" != "x/usr/include" -a "x$includedir" != "x/include"; then
+	includes="-I$includedir"
+    fi
+    # Set up `cflags_final'.
+    cflags_final="$cflags_final $gpg_error_cflags"
+
+    tmp=""
+    for i in $includes $cflags_final; do
+       if echo "$tmp" | fgrep -v -- "$i" >/dev/null; then
+           tmp="$tmp $i"
+       fi
+    done
+    echo $tmp
+fi
+
+if test "$echo_libs" = "yes"; then
+    libdirs=""
+    libs_final="$libs"
+
+    # Set up `libdirs'.
+    if test "x$libdir" != "x/usr/lib" -a "x$libdir" != "x/lib"; then
+	libdirs="-L$libdir"
+    fi
+
+    # Set up `libs_final'.
+    libs_final="$libs_final $gpg_error_libs"
+
+    tmp=""
+    for i in $libdirs $libs_final; do
+       if echo "$tmp" | fgrep -v -- "$i" >/dev/null; then
+           tmp="$tmp $i"
+       fi
+    done
+    echo $tmp
+fi
+
+if test "$echo_version" = "yes"; then
+    echo "$version"
+fi
+
+if test "$echo_api_version" = "yes"; then
+    echo "$api_version"
+fi
+
+if test "$echo_host" = "yes"; then
+    echo "$my_host"
+fi

-----------------------------------------------------------------------

Summary of changes:
 configure.ac       |   9 ++-
 src/adns-config.in | 169 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 176 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
ADNS migrated to autotools/libtool
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Oct 20 19:38:31 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 20 Oct 2015 19:38:31 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-35-g58ebe50
Message-ID: <E1Zoaiq-0008P8-S3@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  58ebe50bdf4837e9ab2d3f8c6e5fcf28c66f26e9 (commit)
      from  c83b627174f46e841f1ccc018322fe499969c267 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 58ebe50bdf4837e9ab2d3f8c6e5fcf28c66f26e9
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Oct 20 19:03:26 2015 +0200

    dirmngr: Prefer ADNS over system resolver.
    
    * configure.ac (HAVE_ADNS_IF_TORMODE): New ac_define.
    (USE_DNS_CERT): Prefer ADNS over the system resolver.
    * dirmngr/dns-cert.c (tor_mode): New global var.
    (enable_dns_tormode): New func.
    (get_dns_cert): Use DNS resolver at 8.8.8.8 in tor-mode.
    * dirmngr/server.c (cmd_dns_cert): If supported allow DNS requests.

diff --git a/configure.ac b/configure.ac
index 3ec9895..bdfff88 100644
--- a/configure.ac
+++ b/configure.ac
@@ -948,6 +948,16 @@ if test "$with_adns" != "no"; then
                              [have_adns=yes],
                              [CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}]),
                              [CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}])
+
+  AC_MSG_CHECKING([if adns supports adns_if_tormode])
+  AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+    #include <adns.h>
+    adns_initflags flags = adns_if_tormode;
+  ]],[])],[adns_if_tormode=yes],[adns_if_tormode=no])
+  AC_MSG_RESULT($adns_if_tormode)
+  if test x"$adns_if_tormode" = xyes; then
+    AC_DEFINE(HAVE_ADNS_IF_TORMODE,1,[define if adns_if_tormode is available])
+  fi
 fi
 if test "$have_adns" = "yes"; then
   ADNSLIBS="-ladns"
@@ -970,24 +980,40 @@ AC_ARG_ENABLE(dns-cert,
 if test x"$use_dns_srv" = xyes || test x"$use_dns_cert" = xyes; then
   _dns_save_libs=$LIBS
   LIBS=""
-  # the double underscore thing is a glibc-ism?
-  AC_SEARCH_LIBS(res_query,resolv bind,,
-                 AC_SEARCH_LIBS(__res_query,resolv bind,,have_resolver=no))
-  AC_SEARCH_LIBS(dn_expand,resolv bind,,
-                 AC_SEARCH_LIBS(__dn_expand,resolv bind,,have_resolver=no))
-  AC_SEARCH_LIBS(dn_skipname,resolv bind,,
-                 AC_SEARCH_LIBS(__dn_skipname,resolv bind,,have_resolver=no))
-
-  if test x"$have_resolver" != xno ; then
-
-    # Make sure that the BIND 4 resolver interface is workable before
-    # enabling any code that calls it.  At some point I'll rewrite the
-    # code to use the BIND 8 resolver API.
-    # We might also want to use adns instead.  Problem with ADNS is that
-    # it does not support v6.
-
-    AC_MSG_CHECKING([whether the resolver is usable])
-    AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
+
+  if test x"$have_adns" = xyes ; then
+    # We prefer ADNS.
+    DNSLIBS="$ADNSLIBS"
+    AC_DEFINE(USE_ADNS,1,[Use ADNS as resolver library.])
+
+    if test x"$use_dns_srv" = xyes ; then
+        AC_DEFINE(USE_DNS_SRV,1)
+    fi
+
+    if test x"$use_dns_cert" = xyes ; then
+        AC_DEFINE(USE_DNS_CERT,1,[define to use DNS CERT])
+    fi
+  else
+    # With no ADNS find the system resolver.
+
+    # the double underscore thing is a glibc-ism?
+    AC_SEARCH_LIBS(res_query,resolv bind,,
+                   AC_SEARCH_LIBS(__res_query,resolv bind,,have_resolver=no))
+    AC_SEARCH_LIBS(dn_expand,resolv bind,,
+                   AC_SEARCH_LIBS(__dn_expand,resolv bind,,have_resolver=no))
+    AC_SEARCH_LIBS(dn_skipname,resolv bind,,
+                   AC_SEARCH_LIBS(__dn_skipname,resolv bind,,have_resolver=no))
+
+    if test x"$have_resolver" != xno ; then
+
+      # Make sure that the BIND 4 resolver interface is workable before
+      # enabling any code that calls it.  At some point I'll rewrite the
+      # code to use the BIND 8 resolver API.
+      # We might also want to use adns instead.  Problem with ADNS is that
+      # it does not support v6.
+
+      AC_MSG_CHECKING([whether the resolver is usable])
+      AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
 #include <netinet/in.h>
 #include <arpa/nameser.h>
 #include <resolv.h>]],
@@ -996,15 +1022,15 @@ if test x"$use_dns_srv" = xyes || test x"$use_dns_cert" = xyes; then
   dn_skipname(0,0);
   dn_expand(0,0,0,0,0);
 ]])],have_resolver=yes,have_resolver=no)
-    AC_MSG_RESULT($have_resolver)
+      AC_MSG_RESULT($have_resolver)
 
-    # This is Apple-specific and somewhat bizarre as they changed the
-    # define in bind 8 for some reason.
+      # This is Apple-specific and somewhat bizarre as they changed the
+      # define in bind 8 for some reason.
 
-    if test x"$have_resolver" != xyes ; then
-       AC_MSG_CHECKING(
+      if test x"$have_resolver" != xyes ; then
+         AC_MSG_CHECKING(
              [whether I can make the resolver usable with BIND_8_COMPAT])
-       AC_LINK_IFELSE([AC_LANG_PROGRAM([[#define BIND_8_COMPAT
+        AC_LINK_IFELSE([AC_LANG_PROGRAM([[#define BIND_8_COMPAT
 #include <sys/types.h>
 #include <netinet/in.h>
 #include <arpa/nameser.h>
@@ -1013,42 +1039,28 @@ if test x"$use_dns_srv" = xyes || test x"$use_dns_cert" = xyes; then
   res_query("foo.bar",C_IN,T_A,answer,PACKETSZ);
   dn_skipname(0,0); dn_expand(0,0,0,0,0);
 ]])],[have_resolver=yes ; need_compat=yes])
-       AC_MSG_RESULT($have_resolver)
+         AC_MSG_RESULT($have_resolver)
+      fi
     fi
-  fi
 
-  if test x"$have_resolver" = xyes ; then
-     DNSLIBS=$LIBS
+    if test x"$have_resolver" = xyes ; then
+      DNSLIBS=$LIBS
 
-     if test x"$use_dns_srv" = xyes ; then
-        AC_DEFINE(USE_DNS_SRV,1,[define to use DNS SRV])
-     fi
+      if test x"$use_dns_srv" = xyes ; then
+         AC_DEFINE(USE_DNS_SRV,1,[define to use DNS SRV])
+      fi
 
-     if test x"$use_dns_cert" = xyes ; then
+      if test x"$use_dns_cert" = xyes ; then
         AC_DEFINE(USE_DNS_CERT,1,[define to use DNS CERT])
-     fi
+      fi
 
-     if test x"$need_compat" = xyes ; then
+      if test x"$need_compat" = xyes ; then
         AC_DEFINE(BIND_8_COMPAT,1,[an Apple OSXism])
-     fi
-  else
-     # If we have no resolver library but ADNS (e.g. under W32) enable the
-     # code parts which can be used with ADNS.
-     if test x"$have_adns" = xyes ; then
-        DNSLIBS="$ADNSLIBS"
-        AC_DEFINE(USE_ADNS,1,[Use ADNS as resolver library.])
-
-        if test x"$use_dns_srv" = xyes ; then
-           AC_DEFINE(USE_DNS_SRV,1)
-        fi
-
-        if test x"$use_dns_cert" = xyes ; then
-           AC_DEFINE(USE_DNS_CERT,1,[define to use DNS CERT])
-        fi
-     else
-        use_dns_srv=no
-        use_dns_cert=no
-     fi
+      fi
+    else
+      use_dns_srv=no
+      use_dns_cert=no
+    fi
   fi
 
   LIBS=$_dns_save_libs
diff --git a/dirmngr/dns-cert.c b/dirmngr/dns-cert.c
index 3845a4b..712dfc0 100644
--- a/dirmngr/dns-cert.c
+++ b/dirmngr/dns-cert.c
@@ -59,7 +59,22 @@
 /* ADNS has no support for CERT yet. */
 #define my_adns_r_cert 37
 
+/* If set Tor mode shall be used.  */
+static int tor_mode;
 
+/* Sets the module in TOR mode.  Returns 0 is this is possible or an
+   error code.  */
+gpg_error_t
+enable_dns_tormode (void)
+{
+#if defined(USE_DNS_CERT) && defined(USE_ADNS)
+# if HAVE_ADNS_IF_TORMODE
+   tor_mode = 1;
+   return 0;
+# endif
+#endif
+  return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+}
 
 /* Returns 0 on success or an error code.  If a PGP CERT record was
    found, the malloced data is returned at (R_KEY, R_KEYLEN) and
@@ -92,7 +107,9 @@ get_dns_cert (const char *name, int want_certtype,
   *r_fprlen = 0;
   *r_url = NULL;
 
-  if (adns_init (&state, adns_if_noerrprint, NULL))
+  if (tor_mode? adns_init_strcfg (&state, adns_if_noerrprint|adns_if_tormode,
+                                  NULL, "nameserver 8.8.8.8")
+      /*    */: adns_init (&state, adns_if_noerrprint, NULL))
     {
       err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
       log_error ("error initializing adns: %s\n", strerror (errno));
diff --git a/dirmngr/dns-cert.h b/dirmngr/dns-cert.h
index 9dbc58c..e5cd4eb 100644
--- a/dirmngr/dns-cert.h
+++ b/dirmngr/dns-cert.h
@@ -47,6 +47,7 @@
 #define DNS_CERTTYPE_RRBASE 1024 /* Base of special constants.  */
 #define DNS_CERTTYPE_RR61   (DNS_CERTTYPE_RRBASE + 61)
 
+gpg_error_t enable_dns_tormode (void);
 gpg_error_t get_dns_cert (const char *name, int want_certtype,
                           void **r_key, size_t *r_keylen,
                           unsigned char **r_fpr, size_t *r_fprlen,
diff --git a/dirmngr/server.c b/dirmngr/server.c
index bfcdd57..f6225d4 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -713,8 +713,9 @@ cmd_dns_cert (assuan_context_t ctx, char *line)
         }
     }
 
-  if (opt.use_tor)
+  if (opt.use_tor && enable_dns_tormode ())
     {
+      /* TOR mode is requested but the DNS code can't enable it.  */
       err = gpg_error (GPG_ERR_FORBIDDEN);
       goto leave;
     }

-----------------------------------------------------------------------

Summary of changes:
 configure.ac       | 118 +++++++++++++++++++++++++++++------------------------
 dirmngr/dns-cert.c |  19 ++++++++-
 dirmngr/dns-cert.h |   1 +
 dirmngr/server.c   |   3 +-
 4 files changed, 86 insertions(+), 55 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Oct 21 09:00:01 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 21 Oct 2015 09:00:01 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-36-g42571a3
Message-ID: <E1ZonEV-0004Ew-Gd@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  42571a38344e39f747315f754700a8181b8744fe (commit)
      from  58ebe50bdf4837e9ab2d3f8c6e5fcf28c66f26e9 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 42571a38344e39f747315f754700a8181b8744fe
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Oct 21 08:30:52 2015 +0200

    common: Add status code for use by g13.
    
    * common/status.h (STATUS_PLAINTEXT_FOLLOWS): New.

diff --git a/common/status.h b/common/status.h
index f1af587..76b1b30 100644
--- a/common/status.h
+++ b/common/status.h
@@ -124,6 +124,8 @@ enum
 
     STATUS_PINENTRY_LAUNCHED,
 
+    STATUS_PLAINTEXT_FOLLOWS,   /* Used by g13-syshelp  */
+
     STATUS_ERROR,
     STATUS_SUCCESS,
     STATUS_FAILURE,

-----------------------------------------------------------------------

Summary of changes:
 common/status.h | 2 ++
 1 file changed, 2 insertions(+)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Oct 21 10:38:29 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 21 Oct 2015 10:38:29 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-38-g485e0a2
Message-ID: <E1Zooln-00066y-QL@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  485e0a221deb5c68f29b6a7a110b349dbe41c027 (commit)
       via  5055b617a94587580bc16a56bb82333077b05693 (commit)
      from  42571a38344e39f747315f754700a8181b8744fe (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 485e0a221deb5c68f29b6a7a110b349dbe41c027
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Oct 21 10:34:41 2015 +0200

    build: Make --disable-g13 the default.
    
    * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Add --enable-g13.  Remove
    --enable-gpgtar because that is enabled anyway.
    * configure.ac: Do not build g13 by default.
    --
    
    The g13 part is not very useful for a standard user right now, thus do
    not build it.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/Makefile.am b/Makefile.am
index 0613545..8e213f3 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -19,7 +19,7 @@
 ## Process this file with automake to produce Makefile.in
 
 ACLOCAL_AMFLAGS = -I m4
-DISTCHECK_CONFIGURE_FLAGS = --enable-symcryptrun --enable-mailto --enable-gpgtar
+DISTCHECK_CONFIGURE_FLAGS = --enable-symcryptrun --enable-mailto --enable-g13
 
 GITLOG_TO_CHANGELOG=gitlog-to-changelog
 
diff --git a/configure.ac b/configure.ac
index bdfff88..22d1cfc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -114,7 +114,7 @@ GNUPG_BUILD_PROGRAM(gpgsm, yes)
 # The agent is a required part and can't be disabled anymore.
 build_agent=yes
 GNUPG_BUILD_PROGRAM(scdaemon, yes)
-GNUPG_BUILD_PROGRAM(g13, yes)
+GNUPG_BUILD_PROGRAM(g13, no)
 GNUPG_BUILD_PROGRAM(dirmngr, yes)
 GNUPG_BUILD_PROGRAM(tools, yes)
 GNUPG_BUILD_PROGRAM(doc, yes)

commit 5055b617a94587580bc16a56bb82333077b05693
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Oct 21 10:29:02 2015 +0200

    dirmngr: Rename file dns-cert.c.
    
    * dirmngr/dns-cert.c: Rename to dirmngr/dns-stuff.c.
    * dirmngr/dns-cert.h: Rename to dirmngr/dns-stuff.h and change
    includers.
    * dirmngr/t-dns-cert.c: Rename to dirmngr/t-dns-stuff.c.
    * dirmngr/Makefile.am: Adjust.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am
index ae16660..8cb1bb7 100644
--- a/dirmngr/Makefile.am
+++ b/dirmngr/Makefile.am
@@ -61,7 +61,7 @@ dirmngr_SOURCES = dirmngr.c dirmngr.h server.c crlcache.c crlfetch.c	\
 	certcache.c certcache.h \
 	cdb.h cdblib.c misc.c dirmngr-err.h  \
 	ocsp.c ocsp.h validate.c validate.h  \
-	dns-cert.c dns-cert.h \
+	dns-stuff.c dns-stuff.h \
 	http.c http.h \
 	ks-action.c ks-action.h ks-engine.h \
 	ks-engine-hkp.c ks-engine-http.c ks-engine-finger.c ks-engine-kdns.c
@@ -114,7 +114,7 @@ t_common_ldadd = $(libcommon) no-libgcrypt.o $(LIBASSUAN_LIBS) \
                  $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) \
                  $(DNSLIBS) $(LIBINTL) $(LIBICONV)
 
-module_tests = t-dns-cert
+module_tests = t-dns-stuff
 
 if USE_LDAP
 module_tests += t-ldap-parse-uri
@@ -141,7 +141,7 @@ t_ldap_parse_uri_SOURCES = \
 t_ldap_parse_uri_CFLAGS = -DWITHOUT_NPTH=1
 t_ldap_parse_uri_LDADD = $(ldaplibs) $(t_common_ldadd)
 
-t_dns_cert_SOURCES = t-dns-cert.c dns-cert.c
-t_dns_cert_LDADD   = $(t_common_ldadd)
+t_dns_stuff_SOURCES = t-dns-stuff.c dns-stuff.c
+t_dns_stuff_LDADD   = $(t_common_ldadd)
 
 $(PROGRAMS) : $(libcommon) $(libcommonpth)
diff --git a/dirmngr/dns-cert.c b/dirmngr/dns-stuff.c
similarity index 98%
rename from dirmngr/dns-cert.c
rename to dirmngr/dns-stuff.c
index 712dfc0..c2d40c9 100644
--- a/dirmngr/dns-cert.c
+++ b/dirmngr/dns-stuff.c
@@ -1,7 +1,8 @@
-/* dns-cert.c - DNS CERT code (rfc-4398)
+/* dns-stuff.c - DNS related code including CERT RR (rfc-4398)
  * Copyright (C) 2005, 2006, 2009 Free Software Foundation, Inc.
+ * Copyright (C) 2005, 2006, 2009, 2015 Werner Koch
  *
- * This file is part of GNUPG.
+ * This file is part of GnuPG.
  *
  * This file is free software; you can redistribute it and/or modify
  * it under the terms of either
@@ -48,7 +49,7 @@
 
 #include "util.h"
 #include "host2net.h"
-#include "dns-cert.h"
+#include "dns-stuff.h"
 
 /* Not every installation has gotten around to supporting CERTs
    yet... */
diff --git a/dirmngr/dns-cert.h b/dirmngr/dns-stuff.h
similarity index 86%
rename from dirmngr/dns-cert.h
rename to dirmngr/dns-stuff.h
index e5cd4eb..aea0e69 100644
--- a/dirmngr/dns-cert.h
+++ b/dirmngr/dns-stuff.h
@@ -1,5 +1,6 @@
-/* dns-cert.h - DNS CERT definition
+/* dns-stuff.c - DNS related code including CERT RR (rfc-4398)
  * Copyright (C) 2006 Free Software Foundation, Inc.
+ * Copyright (C) 2006, 2015 Werner Koch
  *
  * This file is part of GnuPG.
  *
@@ -26,8 +27,8 @@
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, see <http://www.gnu.org/licenses/>.
  */
-#ifndef GNUPG_DIRMNGR_DNS_CERT_H
-#define GNUPG_DIRMNGR_DNS_CERT_H
+#ifndef GNUPG_DIRMNGR_DNS_STUFF_H
+#define GNUPG_DIRMNGR_DNS_STUFF_H
 
 
 #define DNS_CERTTYPE_ANY       0 /* Internal catch all type. */
@@ -47,7 +48,11 @@
 #define DNS_CERTTYPE_RRBASE 1024 /* Base of special constants.  */
 #define DNS_CERTTYPE_RR61   (DNS_CERTTYPE_RRBASE + 61)
 
+/* Calling this function switches the DNS code into Tor mode if
+   possibe.  Return 0 on success.  */
 gpg_error_t enable_dns_tormode (void);
+
+/* Return a CERT record or an arbitray RR.  */
 gpg_error_t get_dns_cert (const char *name, int want_certtype,
                           void **r_key, size_t *r_keylen,
                           unsigned char **r_fpr, size_t *r_fprlen,
@@ -55,4 +60,4 @@ gpg_error_t get_dns_cert (const char *name, int want_certtype,
 
 
 
-#endif /*GNUPG_DIRMNGR_DNS_CERT_H*/
+#endif /*GNUPG_DIRMNGR_DNS_STUFF_H*/
diff --git a/dirmngr/server.c b/dirmngr/server.c
index f6225d4..23ecdd8 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -50,7 +50,7 @@
 #if USE_LDAP
 # include "ldap-parse-uri.h"
 #endif
-#include "dns-cert.h"
+#include "dns-stuff.h"
 #include "mbox-util.h"
 
 /* To avoid DoS attacks we limit the size of a certificate to
diff --git a/dirmngr/t-dns-cert.c b/dirmngr/t-dns-stuff.c
similarity index 92%
rename from dirmngr/t-dns-cert.c
rename to dirmngr/t-dns-stuff.c
index 61536c5..e34f809 100644
--- a/dirmngr/t-dns-cert.c
+++ b/dirmngr/t-dns-stuff.c
@@ -1,5 +1,6 @@
-/* t-dns-cert.c - Module test for dns-cert.c
+/* t-dns-cert.c - Module test for dns-stuff.c
  * Copyright (C) 2011 Free Software Foundation, Inc.
+ * Copyright (C) 2011, 2015 Werner Koch
  *
  * This file is part of GnuPG.
  *
@@ -23,7 +24,7 @@
 #include <assert.h>
 
 #include "util.h"
-#include "dns-cert.h"
+#include "dns-stuff.h"
 
 
 int
@@ -49,7 +50,7 @@ main (int argc, char **argv)
     name = *argv;
   else
     {
-      fputs ("usage: t-dns-cert [name]\n", stderr);
+      fputs ("usage: t-dns-stuff [name]\n", stderr);
       return 1;
     }
 

-----------------------------------------------------------------------

Summary of changes:
 Makefile.am                             |  2 +-
 configure.ac                            |  2 +-
 dirmngr/Makefile.am                     |  8 ++++----
 dirmngr/{dns-cert.c => dns-stuff.c}     |  7 ++++---
 dirmngr/{dns-cert.h => dns-stuff.h}     | 13 +++++++++----
 dirmngr/server.c                        |  2 +-
 dirmngr/{t-dns-cert.c => t-dns-stuff.c} |  7 ++++---
 7 files changed, 24 insertions(+), 17 deletions(-)
 rename dirmngr/{dns-cert.c => dns-stuff.c} (98%)
 rename dirmngr/{dns-cert.h => dns-stuff.h} (86%)
 rename dirmngr/{t-dns-cert.c => t-dns-stuff.c} (92%)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Oct 21 13:52:36 2015
From: cvs at cvs.gnupg.org (by Neal H. Walfield)
Date: Wed, 21 Oct 2015 13:52:36 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-46-g9afeb4c
Message-ID: <E1Zornf-0002XF-Ae@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  9afeb4cca10c3632495fe71b23df99a4878bd3a5 (commit)
       via  8c3b7915d675ca5346c17244654d5c6ab583ac44 (commit)
       via  cbaca254ac818c49c18d4480d3c7bd246cc57ae8 (commit)
       via  df57390d68482c5b3fa5ff3a42a29ae1b6cbb23c (commit)
       via  d05ff81732e20e6f9d6d7a6281a96a312b001abb (commit)
       via  243f90afba87e99ca42e2451ac5cc59d00a044ac (commit)
       via  a79045e38d239a7f6e787cf7c1132772c737cc0e (commit)
       via  85bd7d9491f8cc13c2b03f19b4f70ea13b45c704 (commit)
      from  485e0a221deb5c68f29b6a7a110b349dbe41c027 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 9afeb4cca10c3632495fe71b23df99a4878bd3a5
Author: Neal H. Walfield <neal at g10code.com>
Date:   Wed Oct 21 13:37:11 2015 +0200

    gpg: If the saved trust model is unknown, default to tofu+pgp.
    
    * g10/trustdb.c (init_trustdb): If the saved trust model is unknown,
    default to tofu+pgp instead of pgp.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/g10/trustdb.c b/g10/trustdb.c
index e2f1935..32061e4 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -466,8 +466,8 @@ init_trustdb ()
 	 && opt.trust_model != TM_EXTERNAL)
 	{
 	  log_info(_("unable to use unknown trust model (%d) - "
-		     "assuming %s trust model\n"),opt.trust_model,"PGP");
-	  opt.trust_model=TM_PGP;
+		     "assuming %s trust model\n"),opt.trust_model,"tofu+pgp");
+	  opt.trust_model = TM_TOFU_PGP;
 	}
 
       if(opt.verbose)

commit 8c3b7915d675ca5346c17244654d5c6ab583ac44
Author: Neal H. Walfield <neal at g10code.com>
Date:   Wed Oct 21 13:36:12 2015 +0200

    gpg: Don't accidentally free UTK_LIST.
    
    * g10/trustdb.c (validate_keys): Don't free UTK_LIST.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/g10/trustdb.c b/g10/trustdb.c
index 022131a..e2f1935 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -2097,7 +2097,8 @@ validate_keys (int interactive)
  leave:
   keydb_release (kdb);
   release_key_array (keys);
-  release_key_items (klist);
+  if (klist != utk_list)
+    release_key_items (klist);
   release_key_hash_table (full_trust);
   release_key_hash_table (used);
   release_key_hash_table (stored);

commit cbaca254ac818c49c18d4480d3c7bd246cc57ae8
Author: Neal H. Walfield <neal at g10code.com>
Date:   Wed Oct 21 13:31:00 2015 +0200

    gpg: When evaluating trust reg exps, treat tofu+pgp like pgp.
    
    * g10/trustdb.c (validate_one_keyblock): When checking trust regular
    expressions, treat the tofu+pgp trust model the same as the pgp trust
    model.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/g10/trustdb.c b/g10/trustdb.c
index 296083c..022131a 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -1579,7 +1579,8 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
              since we don't accept a regexp on the sig unless it's a
              trust sig. */
           if (kr && (!kr->trust_regexp
-                     || opt.trust_model != TM_PGP
+                     || !(opt.trust_model == TM_PGP
+                          || opt.trust_model == TM_TOFU_PGP)
                      || (uidnode
                          && check_regexp(kr->trust_regexp,
                                          uidnode->pkt->pkt.user_id->name))))
@@ -1589,7 +1590,8 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
                  lesser trust sig or value.  I could make a decent
                  argument for any of these cases, but this seems to be
                  what PGP does, and I'd like to be compatible. -dms */
-              if (opt.trust_model == TM_PGP
+              if ((opt.trust_model == TM_PGP
+                   || opt.trust_model == TM_TOFU_PGP)
                   && sig->trust_depth
                   && pk->trust_timestamp <= sig->timestamp)
 		{

commit df57390d68482c5b3fa5ff3a42a29ae1b6cbb23c
Author: Neal H. Walfield <neal at g10code.com>
Date:   Wed Oct 21 13:35:27 2015 +0200

    gpg: If a key is ultimate trusted, return that in the tofu model.
    
    * g10/tofu.c (get_trust): If the policy is auto or none, check if the
    key is ultimately trusted.  If so, return that.
    (tofu_register): If the key is ultimately trusted, don't show any
    statistics.
    (tofu_get_validity): Likewise.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>
    Suggested-by: Andre Heinecke <aheinecke at intevation.de>

diff --git a/g10/tofu.c b/g10/tofu.c
index 0a23626..b758875 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -1295,6 +1295,58 @@ get_trust (struct db *dbs, const char *fingerprint, const char *email,
     return _tofu_GET_TRUST_ERROR;
 
   policy = get_policy (dbs, fingerprint, email, &conflict);
+  if (policy == TOFU_POLICY_AUTO || policy == TOFU_POLICY_NONE)
+    /* See if the key is ultimately trusted.  If so, we're done.  */
+    {
+      int i, j;
+      char keyid[17];
+      KEYDB_SEARCH_DESC desc;
+
+      /* We need to convert the fingerprint as a string to a long
+         keyid.
+
+         FINGERPRINT has the form:
+
+           362D 3527 F53A AD19 71AA  FDE6 5885 9975 EE37 CF96
+                                          -------------------
+
+         The last 16 characters are the long keyid.
+      */
+      assert (strlen (fingerprint) > 4 * 4 + 3);
+      for (i = strlen (fingerprint) - (4 * 4 + 3), j = 0; j < 16; i ++, j ++)
+        {
+          if (fingerprint[i] == ' ')
+            i ++;
+          keyid[j] = fingerprint[i];
+        }
+      keyid[j] = 0;
+
+      rc = classify_user_id (keyid, &desc, 1);
+      if (rc || desc.mode != KEYDB_SEARCH_MODE_LONG_KID)
+        {
+          log_error (_("'%s' is not a valid long keyID\n"), keyid);
+          return _tofu_GET_TRUST_ERROR;
+        }
+
+      if (tdb_keyid_is_utk (desc.u.kid))
+        {
+          if (policy == TOFU_POLICY_NONE)
+            {
+              if (record_binding (dbs, fingerprint, email, user_id,
+                                  TOFU_POLICY_AUTO, 0) != 0)
+                {
+                  log_error (_("error setting TOFU binding's trust level to %s\n"),
+                             "auto");
+                  trust_level = _tofu_GET_TRUST_ERROR;
+                  goto out;
+                }
+            }
+
+          trust_level = TRUST_ULTIMATE;
+          goto out;
+        }
+    }
+
   if (policy == TOFU_POLICY_AUTO)
     {
       policy = opt.tofu_default_policy;
@@ -2261,7 +2313,7 @@ tofu_register (const byte *fingerprint_bin, const char *user_id,
     }
 
  die:
-  if (may_ask)
+  if (may_ask && trust_level != TRUST_ULTIMATE)
     /* It's only appropriate to show the statistics in an interactive
        context.  */
     show_statistics (dbs, fingerprint, email, user_id,
@@ -2367,7 +2419,7 @@ tofu_get_validity (const byte *fingerprint_bin, const char *user_id,
     /* An error.  */
     trust_level = TRUST_UNDEFINED;
 
-  if (may_ask)
+  if (may_ask && trust_level != TRUST_ULTIMATE)
     show_statistics (dbs, fingerprint, email, user_id, NULL);
 
  die:

commit d05ff81732e20e6f9d6d7a6281a96a312b001abb
Author: Neal H. Walfield <neal at g10code.com>
Date:   Wed Oct 21 13:28:15 2015 +0200

    gpg: Keep the trust DB up to date for the tofu and tofu+pgp models.
    
    * g10/trustdb.c (init_trustdb): Recognize tofu and tofu+pgp as
    possibly saved trust models.  Also register the ultimately trusted
    keys if the trust model is tofu or tofu+pgp.
    (check_trustdb): Don't skip if the trust model is tofu or tofu+pgp.
    (update_trustdb): Likewise.
    (tdb_check_trustdb_stale): Likewise.
    (validate_keys): If the trust model is TOFU, just write out the
    ultimately trusted keys.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/g10/trustdb.c b/g10/trustdb.c
index 1be98b5..296083c 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -459,9 +459,11 @@ init_trustdb ()
       opt.trust_model=tdbio_read_model();
 
       /* Sanity check this ;) */
-      if(opt.trust_model!=TM_CLASSIC
-	 && opt.trust_model!=TM_PGP
-	 && opt.trust_model!=TM_EXTERNAL)
+      if(opt.trust_model != TM_CLASSIC
+	 && opt.trust_model != TM_PGP
+	 && opt.trust_model != TM_TOFU_PGP
+	 && opt.trust_model != TM_TOFU
+	 && opt.trust_model != TM_EXTERNAL)
 	{
 	  log_info(_("unable to use unknown trust model (%d) - "
 		     "assuming %s trust model\n"),opt.trust_model,"PGP");
@@ -472,7 +474,8 @@ init_trustdb ()
 	log_info(_("using %s trust model\n"),trust_model_string());
     }
 
-  if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
+  if (opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC
+      || opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP)
     {
       /* Verify the list of ultimately trusted keys and move the
 	 --trusted-keys list there as well. */
@@ -494,7 +497,8 @@ void
 check_trustdb ()
 {
   init_trustdb();
-  if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
+  if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
+      || opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU)
     {
       if (opt.batch && !opt.answer_yes)
 	{
@@ -530,7 +534,8 @@ void
 update_trustdb()
 {
   init_trustdb();
-  if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
+  if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
+      || opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU)
     validate_keys (1);
   else
     log_info (_("no need for a trustdb update with '%s' trust model\n"),
@@ -946,7 +951,8 @@ tdb_check_trustdb_stale (void)
     return;  /* No trustdb => can't be stale.  */
 
   if (!did_nextcheck
-      && (opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC))
+      && (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
+          || opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU))
     {
       ulong scheduled;
 
@@ -1938,6 +1944,11 @@ validate_keys (int interactive)
       do_sync ();
     }
 
+  if (opt.trust_model == TM_TOFU)
+    /* In the TOFU trust model, we only need to save the ultimately
+       trusted keys.  */
+    goto leave;
+
   klist = utk_list;
 
   log_info(_("%d marginal(s) needed, %d complete(s) needed, %s trust model\n"),

commit 243f90afba87e99ca42e2451ac5cc59d00a044ac
Author: Neal H. Walfield <neal at g10code.com>
Date:   Wed Oct 21 12:52:56 2015 +0200

    gpg: Factor out code into a standalone function.
    
    * g10/trustdb.c (tdb_keyid_is_utk): New function.
    (add_utk): Use it.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/g10/trustdb.c b/g10/trustdb.c
index cadc7e9..1be98b5 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -229,13 +229,8 @@ add_utk (u32 *kid)
 {
   struct key_item *k;
 
-  for (k = utk_list; k; k = k->next)
-    {
-      if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
-        {
-          return 0;
-        }
-    }
+  if (tdb_keyid_is_utk (kid))
+    return 0;
 
   k = new_key_item ();
   k->kid[0] = kid[0];
@@ -317,6 +312,18 @@ verify_own_keys(void)
   return;
 }
 
+/* Returns whether KID is on the list of ultimately trusted keys.  */
+int
+tdb_keyid_is_utk (u32 *kid)
+{
+  struct key_item *k;
+
+  for (k = utk_list; k; k = k->next)
+    if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
+      return 1;
+
+  return 0;
+}
 

 /*********************************************
  *********** TrustDB stuff *******************
diff --git a/g10/trustdb.h b/g10/trustdb.h
index adb75d7..718f779 100644
--- a/g10/trustdb.h
+++ b/g10/trustdb.h
@@ -111,6 +111,8 @@ void clean_key (kbnode_t keyblock, int noisy, int self_only,
 /*-- trustdb.c --*/
 void tdb_register_trusted_keyid (u32 *keyid);
 void tdb_register_trusted_key (const char *string);
+/* Returns whether KID is on the list of ultimately trusted keys.  */
+int tdb_keyid_is_utk (u32 *kid);
 void check_trustdb (void);
 void update_trustdb (void);
 int setup_trustdb( int level, const char *dbname );

commit a79045e38d239a7f6e787cf7c1132772c737cc0e
Author: Neal H. Walfield <neal at g10code.com>
Date:   Tue Oct 20 20:53:40 2015 +0200

    dirmngr: Allow building with libassuan < 2.3.
    
    * dirmngr/http.c (send_request): Use newer assuan function only if
    available.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>
    Regression-due-to: 4e42ad30

diff --git a/dirmngr/http.c b/dirmngr/http.c
index c2a0431..1365ea1 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -1475,7 +1475,9 @@ send_request (http_t hd, const char *httphost, const char *auth,
     {
       int mode;
 
+#if ASSUAN_VERSION_NUMBER >= 0x020300 /* >= 2.3.0 */
       if (assuan_sock_get_flag (ASSUAN_INVALID_FD, "tor-mode", &mode) || !mode)
+#endif
         {
           log_error ("TOR support is not available\n");
           return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);

commit 85bd7d9491f8cc13c2b03f19b4f70ea13b45c704
Author: Neal H. Walfield <neal at g10code.com>
Date:   Tue Oct 20 20:42:44 2015 +0200

    gpg: Make the tofu DB check and initialization atomic.
    
    * g10/tofu.c (initdb): Make the version check and the database
    initialization atomic.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>
    Co-authored-by: Andre Heinecke <aheinecke at intevation.de>

diff --git a/g10/tofu.c b/g10/tofu.c
index 4ad44eb..0a23626 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -248,6 +248,15 @@ initdb (sqlite3 *db, enum db_type type)
   unsigned long int count;
   int version = -1;
 
+  rc = sqlite3_exec (db, "begin transaction;", NULL, NULL, &err);
+  if (rc)
+    {
+      log_error (_("error beginning transaction on TOFU database: %s\n"),
+		 err);
+      sqlite3_free (err);
+      return 1;
+    }
+
   /* If the DB has no tables, then assume this is a new DB that needs
      to be initialized.  */
   rc = sqlite3_exec (db,
@@ -258,7 +267,7 @@ initdb (sqlite3 *db, enum db_type type)
       log_error (_("error querying TOFU DB's available tables: %s\n"),
 		 err);
       sqlite3_free (err);
-      return 1;
+      goto out;
     }
   else if (count != 0)
     /* Assume that the DB is already initialized.  Make sure the
@@ -270,21 +279,22 @@ initdb (sqlite3 *db, enum db_type type)
 	/* Happy, happy, joy, joy.  */
 	{
 	  sqlite3_free (err);
-	  return 0;
+          rc = 0;
+          goto out;
 	}
       else if (rc == SQLITE_ABORT && version == -1)
 	/* Unsupported version.  */
 	{
 	  /* An error message was already displayed.  */
 	  sqlite3_free (err);
-	  return 1;
+          goto out;
 	}
       else if (rc)
 	/* Some error.  */
 	{
 	  log_error (_("error determining TOFU DB's version: %s\n"), err);
 	  sqlite3_free (err);
-	  return 1;
+          goto out;
 	}
       else
 	/* Unexpected success.  This can only happen if there are no
@@ -292,19 +302,11 @@ initdb (sqlite3 *db, enum db_type type)
 	{
 	  log_error (_("error determining TOFU DB's version: %s\n"),
 		     "select returned 0, but expected ABORT");
-	  return 1;
+          rc = 1;
+          goto out;
 	}
     }
 
-  rc = sqlite3_exec (db, "begin transaction;", NULL, NULL, &err);
-  if (rc)
-    {
-      log_error (_("error beginning transaction on TOFU database: %s\n"),
-		 err);
-      sqlite3_free (err);
-      return 1;
-    }
-
   /* Create the version table.  */
   rc = sqlite3_exec (db,
 		     "create table version (version INTEGER);",

-----------------------------------------------------------------------

Summary of changes:
 dirmngr/http.c |  2 ++
 g10/tofu.c     | 86 +++++++++++++++++++++++++++++++++++++++++++++++-----------
 g10/trustdb.c  | 59 +++++++++++++++++++++++++++-------------
 g10/trustdb.h  |  2 ++
 4 files changed, 114 insertions(+), 35 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Oct 21 15:11:47 2015
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Wed, 21 Oct 2015 15:11:47 +0200
Subject: [git] GpgOL - branch, master, updated. gpgol-1.2.0-71-g4da36c8
Message-ID: <E1Zot2E-0005FK-Tp@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".

The branch, master has been updated
       via  4da36c8755eb25291c8e21b43e0d6005e45e1d41 (commit)
       via  3ab33db5689818195f095bdae7a7509f96d67fce (commit)
      from  b5c358e535504d391651bb411eee24fd9a29698c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 4da36c8755eb25291c8e21b43e0d6005e45e1d41
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Wed Oct 21 15:08:53 2015 +0200

    Make old decrypt / verify buttons work with mime
    
    * src/ribbon-callbacks.cpp (verify_mime): New. Force message handling
     again.
     (do_reader_action): Call verify_mime on action and print info
     on decrypt.
    
    --
    I've tried to set the body to the plain text again and decrypt
    the attachments in that case too. But It's no good. There are
    several issues with it. We can't reliably detect if we need
    to wipe the message as outlook sometimes does not give us the
    MAPI Object in the write event. And Attachments are not properly
    updated after decryption.
    The Read event still appears the only place for us to correctly
    insert the plain text.

diff --git a/src/ribbon-callbacks.cpp b/src/ribbon-callbacks.cpp
index dff6a74..8af2a30 100644
--- a/src/ribbon-callbacks.cpp
+++ b/src/ribbon-callbacks.cpp
@@ -46,6 +46,7 @@
 #include "mimemaker.h"
 #include "filetype.h"
 #include "gpgolstr.h"
+#include "message.h"
 
 /* Gets the context of a ribbon control. And prints some
    useful debug output */
@@ -574,6 +575,26 @@ decryptAttachments (LPDISPATCH ctrl)
                   callback function failed in an ugly window. */
 }
 
+/* MIME erify mail helper. Returns 0 if it
+  was not called with a MIME crypto message or on error. */
+static int
+verify_mime (LPDISPATCH mailitem)
+{
+  int ret = 0;
+
+  LPMESSAGE message = get_oom_base_message (mailitem);
+  if (!message)
+    {
+      log_error ("%s:%s: Failed to get the base message",
+                 SRCNAME, __func__);
+      return 0;
+    }
+  ret = message_incoming_handler (message, NULL, true /*force */);
+  message->Release ();
+
+  return ret;
+}
+
 /* do_reader_action
    decrypts the content of an inspector. Controled by flags
    similary to the do_composer_action.
@@ -653,6 +674,23 @@ do_reader_action (LPDISPATCH ctrl, int flags)
         }
     }
 
+  if (verify_mime (mailItem))
+    {
+      log_debug ("%s:%s: This was a mime message.",
+                 SRCNAME, __func__);
+
+      if (flags & OP_DECRYPT)
+        {
+          MessageBox (NULL,
+                      "This message is in MIME format. Due to technical restrictions "
+                      "it can only be decrypted once per session. To decrypt it again "
+                      "please restart Outlook and open the message.",
+                      _("GpgOL"),
+                      MB_ICONINFORMATION|MB_OK);
+        }
+      goto failure;
+    }
+
   if (flags & DATA_SELECTION)
     {
       encData = get_oom_string (selection, "Text");

commit 3ab33db5689818195f095bdae7a7509f96d67fce
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Wed Oct 21 14:22:16 2015 +0200

    Fix crash on attachment decryption
    
    * src/attachment.cpp (do_crypt): Check return value of mapiobject.
    
    --
    It appears that sometimes a "Ghost" attachment is listed
    by outlook. That attachment does not have a Mapiobject or
    GpgOL properties attached to it. So we ignore it.

diff --git a/src/attachment.cpp b/src/attachment.cpp
index b7e7102..66588d5 100644
--- a/src/attachment.cpp
+++ b/src/attachment.cpp
@@ -294,6 +294,13 @@ do_crypt (LPDISPATCH mailitem, bool protect)
         }
       mapi_attachment = (LPATTACH) get_oom_iunknown (attachment,
                                                      "MapiObject");
+      if (!mapi_attachment)
+        {
+          log_debug ("%s:%s: Failed to get MapiObject of attachment: %p",
+                     SRCNAME, __func__, attachment);
+          attachment->Release ();
+          continue;
+        }
 
       att_type = get_gpgolattachtype (mapi_attachment, tag_id);
       if ((protect && att_type == ATTACHTYPE_FROMMOSS_DEC) ||

-----------------------------------------------------------------------

Summary of changes:
 src/attachment.cpp       |  7 +++++++
 src/ribbon-callbacks.cpp | 38 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+)


hooks/post-receive
-- 
GnuPG extension for MS Outlook
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Oct 21 18:18:31 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 21 Oct 2015 18:18:31 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-50-g9ffcb77
Message-ID: <E1Zovwz-00030S-4l@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  9ffcb77e2565651afdeda523374bcbb24b5bd735 (commit)
       via  afbe87fa2d259b665b2d67a038a8535cfcfee094 (commit)
       via  8bccbf477878fd99baa96e11db9db99aaf1e8d91 (commit)
       via  ffe60eb3d2b8f7d6c506804ce4645d695c91f237 (commit)
      from  9afeb4cca10c3632495fe71b23df99a4878bd3a5 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 9ffcb77e2565651afdeda523374bcbb24b5bd735
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Oct 21 18:14:24 2015 +0200

    Change capitalization of TOR to Tor.
    
    --

diff --git a/dirmngr/crlfetch.c b/dirmngr/crlfetch.c
index 0f34e27..7e814f5 100644
--- a/dirmngr/crlfetch.c
+++ b/dirmngr/crlfetch.c
@@ -292,8 +292,8 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
         }
       else if (opt.use_tor)
         {
-          /* For now we do not support LDAP over TOR.  */
-          log_error (_("CRL access not possible due to TOR mode\n"));
+          /* For now we do not support LDAP over Tor.  */
+          log_error (_("CRL access not possible due to Tor mode\n"));
           err = gpg_error (GPG_ERR_NOT_SUPPORTED);
         }
       else
@@ -318,8 +318,8 @@ crl_fetch_default (ctrl_t ctrl, const char *issuer, ksba_reader_t *reader)
 {
   if (opt.use_tor)
     {
-      /* For now we do not support LDAP over TOR.  */
-      log_error (_("CRL access not possible due to TOR mode\n"));
+      /* For now we do not support LDAP over Tor.  */
+      log_error (_("CRL access not possible due to Tor mode\n"));
       return gpg_error (GPG_ERR_NOT_SUPPORTED);
     }
   if (opt.disable_ldap)
@@ -350,8 +350,8 @@ ca_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context, const char *dn)
 {
   if (opt.use_tor)
     {
-      /* For now we do not support LDAP over TOR.  */
-      log_error (_("CRL access not possible due to TOR mode\n"));
+      /* For now we do not support LDAP over Tor.  */
+      log_error (_("CRL access not possible due to Tor mode\n"));
       return gpg_error (GPG_ERR_NOT_SUPPORTED);
     }
   if (opt.disable_ldap)
@@ -377,8 +377,8 @@ start_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context,
 {
   if (opt.use_tor)
     {
-      /* For now we do not support LDAP over TOR.  */
-      log_error (_("CRL access not possible due to TOR mode\n"));
+      /* For now we do not support LDAP over Tor.  */
+      log_error (_("CRL access not possible due to Tor mode\n"));
       return gpg_error (GPG_ERR_NOT_SUPPORTED);
     }
   if (opt.disable_ldap)
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index 9aa1ca3..d6c1670 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -218,7 +218,7 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_s (oHkpCaCert, "hkp-cacert",
                 N_("|FILE|use the CA certificates in FILE for HKP over TLS")),
 
-  ARGPARSE_s_n (oUseTor, "use-tor", N_("route all network traffic via TOR")),
+  ARGPARSE_s_n (oUseTor, "use-tor", N_("route all network traffic via Tor")),
 
   ARGPARSE_s_s (oSocketName, "socket-name", "@"),  /* Only for debugging.  */
 
@@ -474,7 +474,7 @@ set_tor_mode (void)
       if (assuan_sock_set_flag (ASSUAN_INVALID_FD, "tor-mode", 1))
 #endif
         {
-          log_error ("error enabling TOR mode: %s\n", strerror (errno));
+          log_error ("error enabling Tor mode: %s\n", strerror (errno));
           log_info ("(is your Libassuan recent enough?)\n");
         }
     }
@@ -1001,7 +1001,7 @@ main (int argc, char **argv)
   if (opt.use_tor)
     {
       log_info ("WARNING: ***************************************\n");
-      log_info ("WARNING: TOR mode (--use-tor) MAY NOT FULLY WORK!\n");
+      log_info ("WARNING: Tor mode (--use-tor) MAY NOT FULLY WORK!\n");
       log_info ("WARNING: ***************************************\n");
     }
 
diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h
index dff902a..b2b14cc 100644
--- a/dirmngr/dirmngr.h
+++ b/dirmngr/dirmngr.h
@@ -93,7 +93,7 @@ struct
   int system_service;   /* We are running as W32 service (implies daemon).  */
   int system_daemon;    /* We are running in system daemon mode.  */
   int running_detached; /* We are running in detached mode.  */
-  int use_tor;          /* TOR mode has been enabled.  */
+  int use_tor;          /* Tor mode has been enabled.  */
 
   int force;          /* Force loading outdated CRLs. */
 
diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
index ba4ab8f..00d2b3e 100644
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@@ -62,7 +62,7 @@
 /* If set Tor mode shall be used.  */
 static int tor_mode;
 
-/* Sets the module in TOR mode.  Returns 0 is this is possible or an
+/* Sets the module in Tor mode.  Returns 0 is this is possible or an
    error code.  */
 gpg_error_t
 enable_dns_tormode (void)
diff --git a/dirmngr/http.c b/dirmngr/http.c
index 1365ea1..90dfc08 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -757,7 +757,7 @@ http_raw_connect (http_t *r_hd, const char *server, unsigned short port,
       if (assuan_sock_get_flag (ASSUAN_INVALID_FD, "tor-mode", &mode) || !mode)
 #endif
         {
-          log_error ("TOR support is not available\n");
+          log_error ("Tor support is not available\n");
           return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
         }
     }
@@ -1479,7 +1479,7 @@ send_request (http_t hd, const char *httphost, const char *auth,
       if (assuan_sock_get_flag (ASSUAN_INVALID_FD, "tor-mode", &mode) || !mode)
 #endif
         {
-          log_error ("TOR support is not available\n");
+          log_error ("Tor support is not available\n");
           return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
         }
     }
diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c
index c6fa5eb..77a2dd0 100644
--- a/dirmngr/ks-engine-ldap.c
+++ b/dirmngr/ks-engine-ldap.c
@@ -838,8 +838,8 @@ ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec,
 
   if (opt.use_tor)
     {
-      /* For now we do not support LDAP over TOR.  */
-      log_error (_("LDAP access not possible due to TOR mode\n"));
+      /* For now we do not support LDAP over Tor.  */
+      log_error (_("LDAP access not possible due to Tor mode\n"));
       return gpg_error (GPG_ERR_NOT_SUPPORTED);
     }
 
@@ -1021,8 +1021,8 @@ ks_ldap_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
 
   if (opt.use_tor)
     {
-      /* For now we do not support LDAP over TOR.  */
-      log_error (_("LDAP access not possible due to TOR mode\n"));
+      /* For now we do not support LDAP over Tor.  */
+      log_error (_("LDAP access not possible due to Tor mode\n"));
       return gpg_error (GPG_ERR_NOT_SUPPORTED);
     }
 
@@ -1897,8 +1897,8 @@ ks_ldap_put (ctrl_t ctrl, parsed_uri_t uri,
 
   if (opt.use_tor)
     {
-      /* For now we do not support LDAP over TOR.  */
-      log_error (_("LDAP access not possible due to TOR mode\n"));
+      /* For now we do not support LDAP over Tor.  */
+      log_error (_("LDAP access not possible due to Tor mode\n"));
       return gpg_error (GPG_ERR_NOT_SUPPORTED);
     }
 
diff --git a/dirmngr/ocsp.c b/dirmngr/ocsp.c
index f81f335..392c02b 100644
--- a/dirmngr/ocsp.c
+++ b/dirmngr/ocsp.c
@@ -134,9 +134,9 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md,
 
   if (opt.use_tor)
     {
-      /* For now we do not allow OCSP via TOR due to possible privacy
+      /* For now we do not allow OCSP via Tor due to possible privacy
          concerns.  Needs further research.  */
-      log_error (_("OCSP request not possible due to TOR mode\n"));
+      log_error (_("OCSP request not possible due to Tor mode\n"));
       return gpg_error (GPG_ERR_NOT_SUPPORTED);
     }
 
diff --git a/dirmngr/server.c b/dirmngr/server.c
index 23ecdd8..a41d34f 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -628,7 +628,7 @@ option_handler (assuan_context_t ctx, const char *key, const char *value)
     }
   else if (!strcmp (key, "honor-keyserver-url-used"))
     {
-      /* Return an error if we are running in TOR mode.  */
+      /* Return an error if we are running in Tor mode.  */
       if (opt.use_tor)
         err = gpg_error (GPG_ERR_FORBIDDEN);
     }
@@ -715,7 +715,7 @@ cmd_dns_cert (assuan_context_t ctx, char *line)
 
   if (opt.use_tor && enable_dns_tormode ())
     {
-      /* TOR mode is requested but the DNS code can't enable it.  */
+      /* Tor mode is requested but the DNS code can't enable it.  */
       err = gpg_error (GPG_ERR_FORBIDDEN);
       goto leave;
     }
@@ -2087,7 +2087,7 @@ static const char hlp_getinfo[] =
   "\n"
   "version     - Return the version of the program.\n"
   "pid         - Return the process id of the server.\n"
-  "tor         - Return OK if running in TOR mode\n"
+  "tor         - Return OK if running in Tor mode\n"
   "socket_name - Return the name of the socket.\n";
 static gpg_error_t
 cmd_getinfo (assuan_context_t ctx, char *line)
@@ -2120,7 +2120,7 @@ cmd_getinfo (assuan_context_t ctx, char *line)
     }
   else if (!strcmp (line, "tor"))
     {
-      err = opt.use_tor? 0:set_error (GPG_ERR_GENERAL, "TOR mode not enabled");
+      err = opt.use_tor? 0:set_error (GPG_ERR_GENERAL, "Tor mode not enabled");
     }
   else
     err = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT");
diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
index d1d4211..073cbc2 100644
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@@ -238,8 +238,8 @@ useful for debugging.
 
 @item --use-tor
 @opindex use-tor
-This option switches Dirmngr and thus GnuPG into ``TOR mode'' to route
-all network access via TOR (an anonymity network).  WARNING: As of now
+This option switches Dirmngr and thus GnuPG into ``Tor mode'' to route
+all network access via Tor (an anonymity network).  WARNING: As of now
 this still leaks the DNS queries; e.g. to lookup the hosts in a
 keyserver pool.  Certain other features are disabled if this mode is
 active.
diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c
index 10dcb20..83af0be 100644
--- a/g10/call-dirmngr.c
+++ b/g10/call-dirmngr.c
@@ -183,13 +183,13 @@ create_context (ctrl_t ctrl, assuan_context_t *r_ctx)
       else if ((opt.keyserver_options.options & KEYSERVER_HONOR_KEYSERVER_URL))
         {
           /* Tell the dirmngr that this possibly privacy invading
-             option is in use.  If Dirmngr is running in TOR mode, it
+             option is in use.  If Dirmngr is running in Tor mode, it
              will return an error.  */
           err = assuan_transact (ctx, "OPTION honor-keyserver-url-used",
                                  NULL, NULL, NULL, NULL, NULL, NULL);
           if (gpg_err_code (err) == GPG_ERR_FORBIDDEN)
             log_error (_("keyserver option \"honor-keyserver-url\""
-                         " may not be used in TOR mode\n"));
+                         " may not be used in Tor mode\n"));
           else if (gpg_err_code (err) == GPG_ERR_UNKNOWN_OPTION)
             err = 0; /* Old dirmngr versions do not support this option.  */
         }
diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index e736162..b235e22 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -906,9 +906,9 @@ static gc_option_t gc_options_dirmngr[] =
      "dirmngr", "force loading of outdated CRLs",
      GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
 
-   { "TOR",
+   { "Tor",
      GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
-     "gnupg", N_("Options controlling the use of TOR") },
+     "gnupg", N_("Options controlling the use of Tor") },
    { "use-tor", GC_OPT_FLAG_NONE, GC_LEVEL_INVISIBLE,
      "dirmngr", "route all network traffic via TOR",
       GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },

commit afbe87fa2d259b665b2d67a038a8535cfcfee094
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Oct 21 17:46:21 2015 +0200

    dirmngr: Use the new DNS wrapper for the HKP engine.
    
    * dirmngr/ks-engine-hkp.c (my_getnameinfo): Change arg type to
    dns_addrinfo_t.
    (map_host): Replace getaddrinfo by resolve_dns_name.
    --
    
    Note that we still need to replace getnameinfo so that the PTR lookup
    is either suppressed or also done via ADNS.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index 411f108..444f305 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -38,6 +38,7 @@
 #include "dirmngr.h"
 #include "misc.h"
 #include "userids.h"
+#include "dns-stuff.h"
 #include "ks-engine.h"
 
 /* Substitutes for missing Mingw macro.  The EAI_SYSTEM mechanism
@@ -240,7 +241,7 @@ select_random_host (int *table)
    0 on success or an EAI error code.  True is stored at R_ISNUMERIC
    if HOST has a numeric IP address. */
 static int
-my_getnameinfo (struct addrinfo *ai, char *host, size_t hostlen,
+my_getnameinfo (dns_addrinfo_t ai, char *host, size_t hostlen,
                 int numeric, int *r_isnumeric)
 {
   int ec;
@@ -254,7 +255,7 @@ my_getnameinfo (struct addrinfo *ai, char *host, size_t hostlen,
   if (numeric)
     ec = EAI_NONAME;
   else
-    ec = getnameinfo (ai->ai_addr, ai->ai_addrlen,
+    ec = getnameinfo (ai->addr, ai->addrlen,
                       host, hostlen, NULL, 0, NI_NAMEREQD);
 
   if (!ec && *host == '[')
@@ -262,14 +263,14 @@ my_getnameinfo (struct addrinfo *ai, char *host, size_t hostlen,
   else if (ec == EAI_NONAME)
     {
       p = host;
-      if (ai->ai_family == AF_INET6)
+      if (ai->family == AF_INET6)
         {
           *p++ = '[';
           hostlen -= 2;
         }
-      ec = getnameinfo (ai->ai_addr, ai->ai_addrlen,
+      ec = getnameinfo (ai->addr, ai->addrlen,
                         p, hostlen, NULL, 0, NI_NUMERICHOST);
-      if (!ec && ai->ai_family == AF_INET6)
+      if (!ec && ai->family == AF_INET6)
         strcat (host, "]");
 
       *r_isnumeric = 1;
@@ -347,11 +348,12 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
   if (idx == -1)
     {
       /* We never saw this host.  Allocate a new entry.  */
-      struct addrinfo hints, *aibuf, *ai;
+      dns_addrinfo_t aibuf, ai;
       int *reftbl;
       size_t reftblsize;
       int refidx;
       int is_pool = 0;
+      char *cname;
 
       reftblsize = 100;
       reftbl = xtrymalloc (reftblsize * sizeof *reftbl);
@@ -370,15 +372,13 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
 
       /* Find all A records for this entry and put them into the pool
          list - if any.  */
-      memset (&hints, 0, sizeof (hints));
-      hints.ai_family = AF_UNSPEC;
-      hints.ai_socktype = SOCK_STREAM;
-      hints.ai_flags = AI_CANONNAME;
-      /* We can't use the the AI_IDN flag because that does the
-         conversion using the current locale.  However, GnuPG always
-         used UTF-8.  To support IDN we would need to make use of the
-         libidn API.  */
-      if (!getaddrinfo (name, NULL, &hints, &aibuf))
+      err = resolve_dns_name (name, 0, 0, SOCK_STREAM, &aibuf, &cname);
+      if (err)
+        {
+          log_error ("resolving '%s' failed: %s\n", name, gpg_strerror (err));
+          err = 0;
+        }
+      else
         {
           int n_v6, n_v4;
 
@@ -388,19 +388,22 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
              with the IP addresses.  If it is not a pool, we use the
              specified name. */
           n_v6 = n_v4 = 0;
-          for (ai = aibuf; ai; ai = ai->ai_next)
+          for (ai = aibuf; ai; ai = ai->next)
             {
-              if (ai->ai_family != AF_INET6)
+              if (ai->family != AF_INET6)
                 n_v6++;
-              else if (ai->ai_family != AF_INET)
+              else if (ai->family != AF_INET)
                 n_v4++;
             }
           if (n_v6 > 1 || n_v4 > 1)
             is_pool = 1;
-          if (is_pool && aibuf->ai_canonname)
-            hi->cname = xtrystrdup (aibuf->ai_canonname);
+          if (is_pool && cname)
+            {
+              hi->cname = cname;
+              cname = NULL;
+            }
 
-          for (ai = aibuf; ai; ai = ai->ai_next)
+          for (ai = aibuf; ai; ai = ai->next)
             {
               char tmphost[NI_MAXHOST + 2];
               int tmpidx;
@@ -408,7 +411,7 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
               int ec;
               int i;
 
-              if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
+              if (ai->family != AF_INET && ai->family != AF_INET6)
                 continue;
 
               dirmngr_tick (ctrl);
@@ -474,13 +477,13 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
                                       gai_strerror (ec));
                         }
 
-                      if (ai->ai_family == AF_INET6)
+                      if (ai->family == AF_INET6)
                         {
                           hosttable[tmpidx]->v6 = 1;
                           xfree (hosttable[tmpidx]->v6addr);
                           hosttable[tmpidx]->v6addr = ipaddr;
                         }
-                      else if (ai->ai_family == AF_INET)
+                      else if (ai->family == AF_INET)
                         {
                           hosttable[tmpidx]->v4 = 1;
                           xfree (hosttable[tmpidx]->v4addr);
@@ -497,9 +500,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
                     }
                 }
             }
-          freeaddrinfo (aibuf);
         }
       reftbl[refidx] = -1;
+      xfree (cname);
+      free_dns_addrinfo (aibuf);
+
       if (refidx && is_pool)
         {
           assert (!hi->pool);

commit 8bccbf477878fd99baa96e11db9db99aaf1e8d91
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Oct 21 17:55:56 2015 +0200

    dirmngr: Implement a getaddrinfo wrapper.
    
    * dirmngr/dns-stuff.h: Include some header files.
    (dns_addinfo_t, dns_addrinfo_s): New.
    * dirmngr/dns-stuff.c: Always include DNS related headers.
    (free_dns_addrinfo): New.
    (resolve_name_standard): New.
    (resolve_dns_name): New.
    
    * dirmngr/t-dns-stuff.c: Include netdb.h.
    (main): Keep old default mode with no args but else print outout of
    resolve_dns_name.  Revamp option parser.
    --
    
    This wrapper allows us to switch to ADNS and thus Tor for standard
    name resultion.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
index c2d40c9..ba4ab8f 100644
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@@ -30,19 +30,18 @@
 
 #include <config.h>
 #include <sys/types.h>
-#ifdef USE_DNS_CERT
-# ifdef HAVE_W32_SYSTEM
-#  ifdef HAVE_WINSOCK2_H
-#   include <winsock2.h>
-#  endif
-#  include <windows.h>
-# else
-#  include <netinet/in.h>
-#  include <arpa/nameser.h>
-#  include <resolv.h>
+#ifdef HAVE_W32_SYSTEM
+# ifdef HAVE_WINSOCK2_H
+#  include <winsock2.h>
 # endif
-# include <string.h>
+# include <windows.h>
+#else
+# include <netinet/in.h>
+# include <arpa/nameser.h>
+# include <resolv.h>
+# include <netdb.h>
 #endif
+#include <string.h>
 #ifdef USE_ADNS
 # include <adns.h>
 #endif
@@ -77,6 +76,142 @@ enable_dns_tormode (void)
   return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
 }
 
+/* Free an addressinfo linked list as returned by resolve_dns_name.  */
+void
+free_dns_addrinfo (dns_addrinfo_t ai)
+{
+  while (ai)
+    {
+      dns_addrinfo_t next = ai->next;
+      xfree (ai);
+      ai = next;
+    }
+}
+
+
+/* Resolve a name using the standard system function.  */
+static gpg_error_t
+resolve_name_standard (const char *name, unsigned short port,
+                       int want_family, int want_socktype,
+                       dns_addrinfo_t *r_dai, char **r_canonname)
+{
+  gpg_error_t err = 0;
+  dns_addrinfo_t daihead = NULL;
+  dns_addrinfo_t dai;
+  struct addrinfo *aibuf = NULL;
+  struct addrinfo hints, *ai;
+  char portstr[21];
+  int ret;
+
+  *r_dai = NULL;
+  if (r_canonname)
+    *r_canonname = NULL;
+
+  memset (&hints, 0, sizeof hints);
+  hints.ai_family = want_family;
+  hints.ai_socktype = want_socktype;
+  if (r_canonname)
+    hints.ai_flags = AI_CANONNAME;
+
+  if (port)
+    snprintf (portstr, sizeof portstr, "%hu", port);
+  else
+    *portstr = 0;
+
+  /* We can't use the the AI_IDN flag because that does the conversion
+     using the current locale.  However, GnuPG always used UTF-8.  To
+     support IDN we would need to make use of the libidn API.  */
+  ret = getaddrinfo (name, *portstr? portstr : NULL, &hints, &aibuf);
+  if (ret)
+    {
+      aibuf = NULL;
+      switch (ret)
+        {
+        case EAI_AGAIN:     err = gpg_error (GPG_ERR_EAGAIN); break;
+        case EAI_BADFLAGS:  err = gpg_error (GPG_ERR_INV_FLAG); break;
+        case EAI_FAIL:      err = gpg_error (GPG_ERR_SERVER_FAILED); break;
+        case EAI_MEMORY:    err = gpg_error (GPG_ERR_ENOMEM); break;
+        case EAI_NODATA:    err = gpg_error (GPG_ERR_NO_DATA); break;
+        case EAI_NONAME:    err = gpg_error (GPG_ERR_NO_NAME); break;
+        case EAI_SERVICE:   err = gpg_error (GPG_ERR_NOT_SUPPORTED); break;
+        case EAI_ADDRFAMILY:err = gpg_error (GPG_ERR_EADDRNOTAVAIL); break;
+        case EAI_FAMILY:    err = gpg_error (GPG_ERR_EAFNOSUPPORT); break;
+        case EAI_SOCKTYPE:  err = gpg_error (GPG_ERR_ESOCKTNOSUPPORT); break;
+        case EAI_SYSTEM:    err = gpg_error_from_syserror (); break;
+        default:            err = gpg_error (GPG_ERR_UNKNOWN_ERRNO); break;
+        }
+      goto leave;
+    }
+
+  if (r_canonname && aibuf && aibuf->ai_canonname)
+    {
+      *r_canonname = xtrystrdup (aibuf->ai_canonname);
+      if (!*r_canonname)
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
+    }
+
+  for (ai = aibuf; ai; ai = ai->ai_next)
+    {
+      if (ai->ai_family != AF_INET6 && ai->ai_family != AF_INET)
+        continue;
+
+      dai = xtrymalloc (sizeof *dai + ai->ai_addrlen - 1);
+      dai->family = ai->ai_family;
+      dai->socktype = ai->ai_socktype;
+      dai->protocol = ai->ai_protocol;
+      dai->addrlen = ai->ai_addrlen;
+      memcpy (dai->addr, ai->ai_addr, ai->ai_addrlen);
+      dai->next = daihead;
+      daihead = dai;
+    }
+
+ leave:
+  if (aibuf)
+    freeaddrinfo (aibuf);
+  if (err)
+    {
+      if (r_canonname)
+        {
+          xfree (*r_canonname);
+          *r_canonname = NULL;
+        }
+      free_dns_addrinfo (daihead);
+    }
+  else
+    *r_dai = daihead;
+  return err;
+}
+
+
+/* This a wrapper around getaddrinfo with slighly different semantics.
+   NAME is the name to resolve.
+   PORT is the requested port or 0.
+   WANT_FAMILY is either 0 (AF_UNSPEC), AF_INET6, or AF_INET4.
+   WANT_SOCKETTYPE is either SOCK_STREAM or SOCK_DGRAM.
+
+   On success the result is stored in a linked list with the head
+   stored at the address R_AI; the caller must call gpg_addrinfo_free
+   on this.  If R_CANONNAME is not NULL the official name of the host
+   is stored there as a malloced string; if that name is not available
+   NULL is stored.  */
+gpg_error_t
+resolve_dns_name (const char *name, unsigned short port,
+                  int want_family, int want_socktype,
+                  dns_addrinfo_t *r_ai, char **r_canonname)
+{
+#ifdef USE_ADNS_disabled_for_now
+  return resolve_name_adns (name, port, want_family, want_socktype,
+                            r_ai, r_canonname);
+#else
+  return resolve_name_standard (name, port, want_family, want_socktype,
+                                r_ai, r_canonname);
+#endif
+}
+
+
 /* Returns 0 on success or an error code.  If a PGP CERT record was
    found, the malloced data is returned at (R_KEY, R_KEYLEN) and
    the other return parameters are set to NULL/0.  If an IPGP CERT
diff --git a/dirmngr/dns-stuff.h b/dirmngr/dns-stuff.h
index aea0e69..090e79b 100644
--- a/dirmngr/dns-stuff.h
+++ b/dirmngr/dns-stuff.h
@@ -30,6 +30,16 @@
 #ifndef GNUPG_DIRMNGR_DNS_STUFF_H
 #define GNUPG_DIRMNGR_DNS_STUFF_H
 
+#ifdef HAVE_W32_SYSTEM
+# ifdef HAVE_WINSOCK2_H
+#  include <winsock2.h>
+# endif
+# include <windows.h>
+#else
+# include <sys/types.h>
+# include <sys/socket.h>
+#endif
+
 
 #define DNS_CERTTYPE_ANY       0 /* Internal catch all type. */
 /* Certificate types according to RFC-4398:  */
@@ -48,10 +58,31 @@
 #define DNS_CERTTYPE_RRBASE 1024 /* Base of special constants.  */
 #define DNS_CERTTYPE_RR61   (DNS_CERTTYPE_RRBASE + 61)
 
+struct dns_addrinfo_s;
+typedef struct dns_addrinfo_s *dns_addrinfo_t;
+struct dns_addrinfo_s
+{
+  dns_addrinfo_t next;
+  int family;
+  int socktype;
+  int protocol;
+  int addrlen;
+  struct sockaddr addr[1];
+};
+
+
+
 /* Calling this function switches the DNS code into Tor mode if
    possibe.  Return 0 on success.  */
 gpg_error_t enable_dns_tormode (void);
 
+void free_dns_addrinfo (dns_addrinfo_t ai);
+
+/* Provide function similar to getaddrinfo.  */
+gpg_error_t resolve_dns_name (const char *name, unsigned short port,
+                              int want_family, int want_socktype,
+                              dns_addrinfo_t *r_dai, char **r_canonname);
+
 /* Return a CERT record or an arbitray RR.  */
 gpg_error_t get_dns_cert (const char *name, int want_certtype,
                           void **r_key, size_t *r_keylen,
diff --git a/dirmngr/t-dns-stuff.c b/dirmngr/t-dns-stuff.c
index e34f809..e8a74ea 100644
--- a/dirmngr/t-dns-stuff.c
+++ b/dirmngr/t-dns-stuff.c
@@ -22,73 +22,168 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <assert.h>
+#ifndef HAVE_W32_SYSTEM
+# include <netdb.h>
+#endif
 
 #include "util.h"
 #include "dns-stuff.h"
 
+#define PGM "t-dns-stuff"
+
+static int verbose;
+static int debug;
+
+
 
 int
 main (int argc, char **argv)
 {
+  int last_argc = -1;
   gpg_error_t err;
-  unsigned char *fpr;
-  size_t fpr_len;
-  char *url;
-  void *key;
-  size_t keylen;
+  int opt_cert = 0;
   char const *name;
 
+  gpgrt_init ();
   if (argc)
+    { argc--; argv++; }
+  while (argc && last_argc != argc )
     {
-      argc--;
-      argv++;
+      last_argc = argc;
+      if (!strcmp (*argv, "--"))
+        {
+          argc--; argv++;
+          break;
+        }
+      else if (!strcmp (*argv, "--help"))
+        {
+          fputs ("usage: " PGM " [HOST]\n"
+                 "Options:\n"
+                 "  --verbose         print timings etc.\n"
+                 "  --debug           flyswatter\n"
+                 "  --cert            lookup a CERT RR\n"
+                 , stdout);
+          exit (0);
+        }
+      else if (!strcmp (*argv, "--verbose"))
+        {
+          verbose++;
+          argc--; argv++;
+        }
+      else if (!strcmp (*argv, "--debug"))
+        {
+          verbose += 2;
+          debug++;
+          argc--; argv++;
+        }
+      else if (!strcmp (*argv, "--cert"))
+        {
+          opt_cert = 1;
+          argc--; argv++;
+        }
+      else if (!strncmp (*argv, "--", 2))
+        {
+          fprintf (stderr, PGM ": unknown option '%s'\n", *argv);
+          exit (1);
+        }
     }
 
   if (!argc)
-    name = "simon.josefsson.org";
+    {
+      opt_cert = 1;
+      name = "simon.josefsson.org";
+    }
   else if (argc == 1)
     name = *argv;
   else
     {
-      fputs ("usage: t-dns-stuff [name]\n", stderr);
-      return 1;
+      fprintf (stderr, PGM ": too many host names given\n");
+      exit (1);
     }
 
-  printf ("CERT lookup on '%s'\n", name);
-
-  err = get_dns_cert (name, DNS_CERTTYPE_ANY, &key, &keylen,
-                      &fpr, &fpr_len, &url);
-  if (err)
-    printf ("get_dns_cert failed: %s <%s>\n",
-            gpg_strerror (err), gpg_strsource (err));
-  else if (key)
+  if (opt_cert)
     {
-      printf ("Key found (%u bytes)\n", (unsigned int)keylen);
+      unsigned char *fpr;
+      size_t fpr_len;
+      char *url;
+      void *key;
+      size_t keylen;
+
+      printf ("CERT lookup on '%s'\n", name);
+
+      err = get_dns_cert (name, DNS_CERTTYPE_ANY, &key, &keylen,
+                          &fpr, &fpr_len, &url);
+      if (err)
+        printf ("get_dns_cert failed: %s <%s>\n",
+                gpg_strerror (err), gpg_strsource (err));
+      else if (key)
+        {
+          printf ("Key found (%u bytes)\n", (unsigned int)keylen);
+        }
+      else
+        {
+          if (fpr)
+            {
+              int i;
+
+              printf ("Fingerprint found (%d bytes): ", (int)fpr_len);
+              for (i = 0; i < fpr_len; i++)
+                printf ("%02X", fpr[i]);
+              putchar ('\n');
+            }
+          else
+            printf ("No fingerprint found\n");
+
+          if (url)
+            printf ("URL found: %s\n", url);
+          else
+            printf ("No URL found\n");
+
+        }
+
+      xfree (key);
+      xfree (fpr);
+      xfree (url);
     }
-  else
+  else /* Standard lookup.  */
     {
-      if (fpr)
-	{
-	  int i;
-
-	  printf ("Fingerprint found (%d bytes): ", (int)fpr_len);
-	  for (i = 0; i < fpr_len; i++)
-	    printf ("%02X", fpr[i]);
-	  putchar ('\n');
-	}
-      else
-	printf ("No fingerprint found\n");
+      char *cname;
+      dns_addrinfo_t aibuf, ai;
+      int ret;
+      char hostbuf[1025];
 
-      if (url)
-	printf ("URL found: %s\n", url);
-      else
-	printf ("No URL found\n");
+      printf ("Lookup on '%s'\n", name);
+
+      err = resolve_dns_name (name, 0, 0, SOCK_STREAM, &aibuf, &cname);
+      if (err)
+        {
+          fprintf (stderr, PGM": resolving '%s' failed: %s\n",
+                   name, gpg_strerror (err));
+          exit (1);
+        }
+
+      if (cname)
+        printf ("cname: %s\n", cname);
+      for (ai = aibuf; ai; ai = ai->next)
+        {
+          printf ("%s %3d %3d   ",
+                  ai->family == AF_INET6? "inet6" :
+                  ai->family == AF_INET?  "inet4" : "?    ",
+                  ai->socktype, ai->protocol);
 
+          ret = getnameinfo (ai->addr, ai->addrlen,
+                             hostbuf, sizeof hostbuf,
+                             NULL, 0,
+                             NI_NUMERICHOST);
+          if (ret)
+            printf ("[getnameinfo failed: %s]\n", gai_strerror (ret));
+          else
+            printf ("%s\n", hostbuf);
+        }
+      xfree (cname);
+      free_dns_addrinfo (aibuf);
     }
 
-  xfree (key);
-  xfree (fpr);
-  xfree (url);
 
   return 0;
 }

commit ffe60eb3d2b8f7d6c506804ce4645d695c91f237
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Oct 21 17:38:33 2015 +0200

    common: Add more replacement error codes.
    
    * common/util.h (GPG_ERR_SERVER_FAILED): New.
    (GPG_ERR_NO_KEY): New.
    (GPG_ERR_NO_NAME): New.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/common/util.h b/common/util.h
index af1a319..06d5f87 100644
--- a/common/util.h
+++ b/common/util.h
@@ -126,6 +126,9 @@
 # define GPG_ERR_LDAP_PROX_AUTH_DENIED      891
 #endif /*GPG_ERROR_VERSION_NUMBER < 0x011300*/
 #if GPG_ERROR_VERSION_NUMBER < 0x011500  /* 1.21 */
+# define GPG_ERR_SERVER_FAILED              219
+# define GPG_ERR_NO_KEY                     220
+# define GPG_ERR_NO_NAME                    221
 # define GPG_ERR_TRUE                       255
 # define GPG_ERR_FALSE                      256
 #endif

-----------------------------------------------------------------------

Summary of changes:
 common/util.h            |   3 +
 dirmngr/crlfetch.c       |  16 ++---
 dirmngr/dirmngr.c        |   6 +-
 dirmngr/dirmngr.h        |   2 +-
 dirmngr/dns-stuff.c      | 159 +++++++++++++++++++++++++++++++++++++++----
 dirmngr/dns-stuff.h      |  31 +++++++++
 dirmngr/http.c           |   4 +-
 dirmngr/ks-engine-hkp.c  |  55 ++++++++-------
 dirmngr/ks-engine-ldap.c |  12 ++--
 dirmngr/ocsp.c           |   4 +-
 dirmngr/server.c         |   8 +--
 dirmngr/t-dns-stuff.c    | 171 ++++++++++++++++++++++++++++++++++++-----------
 doc/dirmngr.texi         |   4 +-
 g10/call-dirmngr.c       |   4 +-
 tools/gpgconf-comp.c     |   4 +-
 15 files changed, 376 insertions(+), 107 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Oct 21 18:24:15 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 21 Oct 2015 18:24:15 +0200
Subject: [git] GPG-ERROR - branch, master,
 updated. libgpg-error-1.20-8-ga144fa8
Message-ID: <E1Zow2U-00036Z-QX@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Error codes used by GnuPG et al.".

The branch, master has been updated
       via  a144fa8863846dc3f6d34731741cd63251620837 (commit)
      from  75172adc3b103bd7ef75575a0c0c9c3b63fa4023 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit a144fa8863846dc3f6d34731741cd63251620837
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Oct 21 14:55:23 2015 +0200

    Add error codes NO_NAME, NO_KEY, and SERVER_FAILURE.

diff --git a/NEWS b/NEWS
index 8df0a14..3ff3af5 100644
--- a/NEWS
+++ b/NEWS
@@ -16,6 +16,9 @@ Noteworthy changes in version 1.21 (unreleased) [C17/A17/R0]
  es_poll                          NEW macro.
  GPG_ERR_TRUE                     NEW.
  GPG_ERR_FALSE                    NEW.
+ GPG_ERR_NO_NAME                  NEW.
+ GPG_ERR_NO_KEY                   NEW.
+ GPG_ERR_SERVER_FAILED            NEW.
 
 
 Noteworthy changes in version 1.20 (2015-08-26) [C16/A16/R0]
diff --git a/doc/errorref.txt b/doc/errorref.txt
index 563ce9b..89c0723 100644
--- a/doc/errorref.txt
+++ b/doc/errorref.txt
@@ -624,6 +624,16 @@ GPG_ERR_MAC_ALGO
 212	GPG_ERR_SEXP_ODD_HEX_NUMBERS	Odd hexadecimal numbers in S-expression
 213	GPG_ERR_SEXP_BAD_OCT_CHAR	Bad octal character in S-expression
 
+GPG_ERR_SERVER_FAILED (219)		Server indicated a failure
+
+GPG_ERR_NO_NAME	(220)		No name
+
+    EAI_NONAME may be mapped to this code.
+
+GPG_ERR_NO_KEY (221)		No key
+
+    Some kind of key was not found.
+
 GPG_ERR_LEGACY_KEY (222)        Legacy key
 
     Used by GnuPG to identify version 2 and 3 OpenPGP key packets.
diff --git a/src/err-codes.h.in b/src/err-codes.h.in
index e05d41f..d481145 100644
--- a/src/err-codes.h.in
+++ b/src/err-codes.h.in
@@ -247,8 +247,11 @@
 212	GPG_ERR_SEXP_ODD_HEX_NUMBERS	Odd hexadecimal numbers in S-expression
 213	GPG_ERR_SEXP_BAD_OCT_CHAR	Bad octal character in S-expression
 
-# 214 to 221 are free to be used.
+# 214 to 218 are free to be used.
 
+219	GPG_ERR_SERVER_FAILED		Server indicated a failure
+220	GPG_ERR_NO_NAME			No name
+221	GPG_ERR_NO_KEY			No key
 222	GPG_ERR_LEGACY_KEY		Legacy key
 223	GPG_ERR_REQUEST_TOO_SHORT	Request too short
 224	GPG_ERR_REQUEST_TOO_LONG	Request too long

-----------------------------------------------------------------------

Summary of changes:
 NEWS               |  3 +++
 doc/errorref.txt   | 10 ++++++++++
 src/err-codes.h.in |  5 ++++-
 3 files changed, 17 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
Error codes used by GnuPG et al.
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Oct 21 18:27:07 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 21 Oct 2015 18:27:07 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-51-g03e230f
Message-ID: <E1Zow5H-0003F1-FW@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  03e230f0ea62fa7ec363e727ea1cf1344643464f (commit)
      from  9ffcb77e2565651afdeda523374bcbb24b5bd735 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 03e230f0ea62fa7ec363e727ea1cf1344643464f
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Oct 21 18:23:25 2015 +0200

    gpg: Add a new OpenPGP card vendor.
    
    --

diff --git a/g10/card-util.c b/g10/card-util.c
index ed69058..b8c5054 100644
--- a/g10/card-util.c
+++ b/g10/card-util.c
@@ -210,6 +210,7 @@ get_manufacturer (unsigned int no)
     case 0x0006: return "Yubico";
     case 0x0007: return "OpenKMS";
     case 0x0008: return "LogoEmail";
+    case 0x0009: return "Fidesmo";
 
     case 0x002A: return "Magrathea";
 

-----------------------------------------------------------------------

Summary of changes:
 g10/card-util.c | 1 +
 1 file changed, 1 insertion(+)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Oct 21 22:45:31 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 21 Oct 2015 22:45:31 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-54-g1e34007
Message-ID: <E1Zp07M-0000MY-EM@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  1e34007c972c1d7730cfcacd88f6bbebba7dec1d (commit)
       via  b6af3377e14fad35b9c6041b11888cabce6e8a56 (commit)
       via  6fafda979df8e7e117f8e6929bcce89513a6e746 (commit)
      from  03e230f0ea62fa7ec363e727ea1cf1344643464f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 1e34007c972c1d7730cfcacd88f6bbebba7dec1d
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Oct 21 22:41:12 2015 +0200

    dirmngr: Use the new DNS wrapper for the HTTP module.
    
    * dirmngr/t-http.c (main): Init assuan sockets.
    * dirmngr/http.c: Include dns-stuff.h.
    (connect_server)[!HAVE_GETADDRINFO]: Remove all code.
    (connect_server): Change to use resolve_dns_name.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/dirmngr/http.c b/dirmngr/http.c
index f49d3d0..19d5f8f 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -98,6 +98,7 @@
 
 #include "util.h"
 #include "i18n.h"
+#include "dns-stuff.h"
 #include "http.h"
 #ifdef USE_DNS_SRV
 # include "srv.h"
@@ -2213,6 +2214,7 @@ static assuan_fd_t
 connect_server (const char *server, unsigned short port,
                 unsigned int flags, const char *srvtag, int *r_host_not_found)
 {
+  gpg_error_t err;
   assuan_fd_t sock = ASSUAN_INVALID_FD;
   int srvcount = 0;
   int hostfound = 0;
@@ -2293,36 +2295,36 @@ connect_server (const char *server, unsigned short port,
       srvcount = 1;
     }
 
-#ifdef HAVE_GETADDRINFO
   connected = 0;
   for (srv=0; srv < srvcount && !connected; srv++)
     {
-      struct addrinfo hints, *res, *ai;
-      char portstr[35];
+      dns_addrinfo_t aibuf, ai;
 
-      snprintf (portstr, sizeof portstr, "%hu", port);
-      memset (&hints, 0, sizeof (hints));
-      hints.ai_socktype = SOCK_STREAM;
-      if (getaddrinfo (serverlist[srv].target, portstr, &hints, &res))
-        continue; /* Not found - try next one. */
+      err = resolve_dns_name (serverlist[srv].target, port, 0, SOCK_STREAM,
+                              &aibuf, NULL);
+      if (err)
+        {
+          log_info ("resolving '%s' failed: %s\n",
+                    serverlist[srv].target, gpg_strerror (err));
+          continue; /* Not found - try next one. */
+        }
       hostfound = 1;
 
-      for (ai = res; ai && !connected; ai = ai->ai_next)
+      for (ai = aibuf; ai && !connected; ai = ai->next)
         {
-          if (ai->ai_family == AF_INET && (flags & HTTP_FLAG_IGNORE_IPv4))
+          if (ai->family == AF_INET && (flags & HTTP_FLAG_IGNORE_IPv4))
             continue;
-          if (ai->ai_family == AF_INET6 && (flags & HTTP_FLAG_IGNORE_IPv6))
+          if (ai->family == AF_INET6 && (flags & HTTP_FLAG_IGNORE_IPv6))
             continue;
 
           if (sock != ASSUAN_INVALID_FD)
             assuan_sock_close (sock);
-          sock = assuan_sock_new (ai->ai_family, ai->ai_socktype,
-                                  ai->ai_protocol);
+          sock = assuan_sock_new (ai->family, ai->socktype, ai->protocol);
           if (sock == ASSUAN_INVALID_FD)
             {
               int save_errno = errno;
               log_error ("error creating socket: %s\n", strerror (errno));
-              freeaddrinfo (res);
+              free_dns_addrinfo (aibuf);
               xfree (serverlist);
               errno = save_errno;
               return ASSUAN_INVALID_FD;
@@ -2330,77 +2332,15 @@ connect_server (const char *server, unsigned short port,
 
           anyhostaddr = 1;
           my_unprotect ();
-          ret = assuan_sock_connect (sock, ai->ai_addr, ai->ai_addrlen);
+          ret = assuan_sock_connect (sock, ai->addr, ai->addrlen);
           my_protect ();
           if (ret)
             last_errno = errno;
           else
             connected = 1;
         }
-      freeaddrinfo (res);
-    }
-#else /* !HAVE_GETADDRINFO */
-  connected = 0;
-  for (srv=0; srv < srvcount && !connected; srv++)
-    {
-      int i;
-      struct hostent *host = NULL;
-      struct sockaddr_in addr;
-
-      /* Note: This code is not thread-safe.  */
-
-      memset (&addr, 0, sizeof (addr));
-      host = gethostbyname (serverlist[srv].target);
-      if (!host)
-        continue;
-      hostfound = 1;
-
-      if (sock != ASSUAN_INVALID_FD)
-        assuan_sock_close (sock);
-      sock = assuan_sock_new (host->h_addrtype, SOCK_STREAM, 0);
-      if (sock == ASSUAN_INVALID_FD)
-        {
-          log_error ("error creating socket: %s\n", strerror (errno));
-          xfree (serverlist);
-          return ASSUAN_INVALID_FD;
-        }
-
-      addr.sin_family = host->h_addrtype;
-      if (addr.sin_family != AF_INET)
-	{
-	  log_error ("unknown address family for '%s'\n",
-                     serverlist[srv].target);
-          xfree (serverlist);
-	  return ASSUAN_INVALID_FD;
-	}
-      addr.sin_port = htons (serverlist[srv].port);
-      if (host->h_length != 4)
-        {
-          log_error ("illegal address length for '%s'\n",
-                     serverlist[srv].target);
-          xfree (serverlist);
-          return ASSUAN_INVALID_FD;
-        }
-
-      /* Try all A records until one responds. */
-      for (i = 0; host->h_addr_list[i] && !connected; i++)
-        {
-          anyhostaddr = 1;
-          memcpy (&addr.sin_addr, host->h_addr_list[i], host->h_length);
-          my_unprotect ();
-          ret = assuan_sock_connect (sock,
-                                     (struct sockaddr *) &addr, sizeof (addr));
-          my_protect ();
-          if (ret)
-            last_errno = errno;
-          else
-            {
-              connected = 1;
-              break;
-            }
-        }
+      free_dns_addrinfo (aibuf);
     }
-#endif /* !HAVE_GETADDRINFO */
 
   xfree (serverlist);
 
diff --git a/dirmngr/t-http.c b/dirmngr/t-http.c
index 41b2dd1..816b744 100644
--- a/dirmngr/t-http.c
+++ b/dirmngr/t-http.c
@@ -243,6 +243,9 @@ main (int argc, char **argv)
   if (!cafile)
     cafile = prepend_srcdir ("tls-ca.pem");
 
+  /* http.c makes use of the assuan socket wrapper.  */
+  assuan_sock_init ();
+
 #if HTTP_USE_NTBTLS
 
   (void)err;

commit b6af3377e14fad35b9c6041b11888cabce6e8a56
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Oct 21 22:38:21 2015 +0200

    dirmngr: Allow use of http.c if USE_NPTH is not defined.
    
    * dirmngr/http.c (send_request): Always set the gnutls pull/push
    functions.
    (my_npth_read): Rename to ...
    (my_gnutls_read) .. this.  Use system read if !USE_NPTH.
    (my_npth_write): Rename to ...
    (my_gnutls_write) .. this.  Use system write if !USE_NPTH.
    --
    
    This is necessary to run t-http because we once switched to a ref
    counted object with the socket descriptor.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/dirmngr/http.c b/dirmngr/http.c
index 90dfc08..f49d3d0 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -400,20 +400,28 @@ _my_socket_unref (int lnr, my_socket_t so,
 #define my_socket_unref(a,b,c) _my_socket_unref (__LINE__,(a),(b),(c))
 
 
-#if defined (USE_NPTH) && defined(HTTP_USE_GNUTLS)
+#ifdef HTTP_USE_GNUTLS
 static ssize_t
-my_npth_read (gnutls_transport_ptr_t ptr, void *buffer, size_t size)
+my_gnutls_read (gnutls_transport_ptr_t ptr, void *buffer, size_t size)
 {
   my_socket_t sock = ptr;
+#if USE_NPTH
   return npth_read (sock->fd, buffer, size);
+#else
+  return read (sock->fd, buffer, size);
+#endif
 }
 static ssize_t
-my_npth_write (gnutls_transport_ptr_t ptr, const void *buffer, size_t size)
+my_gnutls_write (gnutls_transport_ptr_t ptr, const void *buffer, size_t size)
 {
   my_socket_t sock = ptr;
+#if USE_NPTH
   return npth_write (sock->fd, buffer, size);
+#else
+  return write (sock->fd, buffer, size);
+#endif
 }
-#endif /*USE_NPTH && HTTP_USE_GNUTLS*/
+#endif /*HTTP_USE_GNUTLS*/
 
 
 
@@ -1641,12 +1649,10 @@ send_request (http_t hd, const char *httphost, const char *auth,
 
       my_socket_ref (hd->sock);
       gnutls_transport_set_ptr (hd->session->tls_session, hd->sock);
-#ifdef USE_NPTH
       gnutls_transport_set_pull_function (hd->session->tls_session,
-                                          my_npth_read);
+                                          my_gnutls_read);
       gnutls_transport_set_push_function (hd->session->tls_session,
-                                          my_npth_write);
-#endif
+                                          my_gnutls_write);
 
       do
         {

commit 6fafda979df8e7e117f8e6929bcce89513a6e746
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Oct 21 22:11:59 2015 +0200

    dirmngr: Check that getaddrinfo is available.
    
    * dirmngr/Makefile.am (t_http_SOURCES): Add dns-stuff.c.
    (t_ldap_parse_uri_SOURCES): Ditto.
    * dirmngr/dns-stuff.c: Bail out if neither ADNS nor getaddrinfo is
    available.
    --
    
    We used to have replacement code for getaddrinfo and thus check for it
    in configure.  However, this was for the old http and dns-cert code
    from common/.  For dirmngr I made liberal use of getaddrinfo w/o
    without checking.  Just in case someone tries to build on an old
    platform we now error our with a suitable #error.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am
index 8cb1bb7..0d4400f 100644
--- a/dirmngr/Makefile.am
+++ b/dirmngr/Makefile.am
@@ -128,7 +128,7 @@ endif
 
 
 # http tests
-t_http_SOURCES = t-http.c http.c
+t_http_SOURCES = t-http.c http.c dns-stuff.c
 t_http_CFLAGS  = -DWITHOUT_NPTH=1 \
 	         $(LIBGCRYPT_CFLAGS) $(NTBTLS_CFLAGS) $(LIBGNUTLS_CFLAGS) \
                  $(GPG_ERROR_CFLAGS)
@@ -136,7 +136,8 @@ t_http_LDADD   = $(t_common_ldadd) \
 	         $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(DNSLIBS)
 
 t_ldap_parse_uri_SOURCES = \
-	t-ldap-parse-uri.c ldap-parse-uri.c ldap-parse-uri.h http.c \
+	t-ldap-parse-uri.c ldap-parse-uri.c ldap-parse-uri.h \
+        http.c dns-stuff.c \
         $(ldap_url) $(t_common_src)
 t_ldap_parse_uri_CFLAGS = -DWITHOUT_NPTH=1
 t_ldap_parse_uri_LDADD = $(ldaplibs) $(t_common_ldadd)
diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
index 00d2b3e..3fa6054 100644
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@@ -46,6 +46,10 @@
 # include <adns.h>
 #endif
 
+#if !defined(HAVE_GETADDRINFO) && !defined(USE_ADNS)
+# error Either getaddrinfo or the ADNS libary is required.
+#endif
+
 #include "util.h"
 #include "host2net.h"
 #include "dns-stuff.h"

-----------------------------------------------------------------------

Summary of changes:
 dirmngr/Makefile.am |   5 ++-
 dirmngr/dns-stuff.c |   4 ++
 dirmngr/http.c      | 118 ++++++++++++++--------------------------------------
 dirmngr/t-http.c    |   3 ++
 4 files changed, 42 insertions(+), 88 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Oct 22 03:38:10 2015
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Thu, 22 Oct 2015 03:38:10 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-267-gf7505b5
Message-ID: <E1Zp4gX-0001RQ-Dr@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  f7505b550dd591e33d3a3fab9277c43c460f1bad (commit)
      from  1c6d2698a84e4bf82735287c1d64954bfc1a1982 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit f7505b550dd591e33d3a3fab9277c43c460f1bad
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Thu Oct 22 09:58:24 2015 +0900

    md: keep contexts for HMAC in GcryDigestEntry.
    
    * cipher/md.c (struct gcry_md_context): Add flags.hmac.
    Remove macpads and mcpads_Bsize.
    (md_open): Initialize flags.hmac.  Remove macpads initialization.
    (md_enable): Allocate contexts when flags.hmac is enabled.
    (md_copy): Remove macpads copying.  Add copying contexts.
    (_gcry_md_reset): When flags.hmac is enabled, restore precomputed
    context with input pad
    (md_close): Remove macpads wiping.
    (md_final): When flags.hmac is enabled, compute hmac by precomputed
    context with output pad.
    (prepare_macpads): Prepare precomputed contexts with input pad and
    output pad for each registered digest entry.
    (_gcry_md_setkey): Just call prepare_macpads.
    
    --
    
    This change is making things straight in HMAC computation.  This makes
    HMAC computation allow multple algorithms in future.
    
    Libgcrypt's code has a potential to compute digests for multiple
    algorithms at once (currently, it's not enabled).  HMAC code didn't
    work well with multple algorithms, because the macpads were only
    allocated for an algorithm.  Now, it's allocated for each algorithm.
    
    We now precompute hash contexts, instead of keeping input pad and
    output pad.  This can be performance improvement, which is described
    in RFC 2104.
    
    Thanks to:
    
       Andrea Visconti, Simone Bossi, Hany Ragab and Alexandro Cal?
    
    For the discussion and their paper of CANS2015, which titled:
    
       On the weaknesses of PBKDF2

diff --git a/cipher/md.c b/cipher/md.c
index 19b2c9b..c6bf90d 100644
--- a/cipher/md.c
+++ b/cipher/md.c
@@ -108,10 +108,9 @@ struct gcry_md_context
     unsigned int secure: 1;
     unsigned int finalized:1;
     unsigned int bugemu1:1;
+    unsigned int hmac:1;
   } flags;
   GcryDigestEntry *list;
-  byte *macpads;
-  int macpads_Bsize;             /* Blocksize as used for the HMAC pads. */
 };
 
 
@@ -331,43 +330,8 @@ md_open (gcry_md_hd_t *h, int algo, unsigned int flags)
       ctx->magic = secure ? CTX_MAGIC_SECURE : CTX_MAGIC_NORMAL;
       ctx->actual_handle_size = n + sizeof (struct gcry_md_context);
       ctx->flags.secure = secure;
+      ctx->flags.hmac = hmac;
       ctx->flags.bugemu1 = !!(flags & GCRY_MD_FLAG_BUGEMU1);
-
-      if (hmac)
-	{
-	  switch (algo)
-            {
-              case GCRY_MD_SHA3_224:
-                ctx->macpads_Bsize = 1152 / 8;
-                break;
-              case GCRY_MD_SHA3_256:
-                ctx->macpads_Bsize = 1088 / 8;
-                break;
-              case GCRY_MD_SHA3_384:
-                ctx->macpads_Bsize = 832 / 8;
-                break;
-              case GCRY_MD_SHA3_512:
-                ctx->macpads_Bsize = 576 / 8;
-                break;
-              case GCRY_MD_SHA384:
-              case GCRY_MD_SHA512:
-                ctx->macpads_Bsize = 128;
-                break;
-              case GCRY_MD_GOSTR3411_94:
-              case GCRY_MD_GOSTR3411_CP:
-                ctx->macpads_Bsize = 32;
-                break;
-              default:
-                ctx->macpads_Bsize = 64;
-                break;
-            }
-          ctx->macpads = xtrymalloc_secure (2*(ctx->macpads_Bsize));
-	  if (!ctx->macpads)
-	    {
-	      err = gpg_err_code_from_errno (errno);
-	      md_close (hd);
-	    }
-	}
     }
 
   if (! err)
@@ -447,7 +411,7 @@ md_enable (gcry_md_hd_t hd, int algorithm)
   if (!err)
     {
       size_t size = (sizeof (*entry)
-                     + spec->contextsize
+                     + spec->contextsize * (h->flags.hmac? 3 : 1)
                      - sizeof (entry->context));
 
       /* And allocate a new list entry. */
@@ -515,17 +479,6 @@ md_copy (gcry_md_hd_t ahd, gcry_md_hd_t *b_hd)
       memcpy (b, a, sizeof *a);
       b->list = NULL;
       b->debug = NULL;
-      if (a->macpads)
-	{
-	  b->macpads = xtrymalloc_secure (2*(a->macpads_Bsize));
-	  if (! b->macpads)
-	    {
-	      err = gpg_err_code_from_errno (errno);
-	      md_close (bhd);
-	    }
-	  else
-	    memcpy (b->macpads, a->macpads, (2*(a->macpads_Bsize)));
-	}
     }
 
   /* Copy the complete list of algorithms.  The copied list is
@@ -535,13 +488,9 @@ md_copy (gcry_md_hd_t ahd, gcry_md_hd_t *b_hd)
       for (ar = a->list; ar; ar = ar->next)
         {
           if (a->flags.secure)
-            br = xtrymalloc_secure (sizeof *br
-                                    + ar->spec->contextsize
-                                    - sizeof(ar->context));
+            br = xtrymalloc_secure (ar->actual_struct_size);
           else
-            br = xtrymalloc (sizeof *br
-                             + ar->spec->contextsize
-                             - sizeof (ar->context));
+            br = xtrymalloc (ar->actual_struct_size);
           if (!br)
             {
 	      err = gpg_err_code_from_errno (errno);
@@ -549,8 +498,7 @@ md_copy (gcry_md_hd_t ahd, gcry_md_hd_t *b_hd)
               break;
             }
 
-          memcpy (br, ar, (sizeof (*br) + ar->spec->contextsize
-                           - sizeof (ar->context)));
+          memcpy (br, ar, ar->actual_struct_size);
           br->next = b->list;
           b->list = br;
         }
@@ -591,14 +539,19 @@ _gcry_md_reset (gcry_md_hd_t a)
 
   a->bufpos = a->ctx->flags.finalized = 0;
 
-  for (r = a->ctx->list; r; r = r->next)
-    {
-      memset (r->context.c, 0, r->spec->contextsize);
-      (*r->spec->init) (&r->context.c,
-                        a->ctx->flags.bugemu1? GCRY_MD_FLAG_BUGEMU1:0);
-    }
-  if (a->ctx->macpads)
-    md_write (a, a->ctx->macpads, a->ctx->macpads_Bsize); /* inner pad */
+  if (a->ctx->flags.hmac)
+    for (r = a->ctx->list; r; r = r->next)
+      {
+        memcpy (r->context.c, r->context.c + r->spec->contextsize,
+                r->spec->contextsize);
+      }
+  else
+    for (r = a->ctx->list; r; r = r->next)
+      {
+        memset (r->context.c, 0, r->spec->contextsize);
+        (*r->spec->init) (&r->context.c,
+                          a->ctx->flags.bugemu1? GCRY_MD_FLAG_BUGEMU1:0);
+      }
 }
 
 
@@ -618,12 +571,6 @@ md_close (gcry_md_hd_t a)
       xfree (r);
     }
 
-  if (a->ctx->macpads)
-    {
-      wipememory (a->ctx->macpads, 2*(a->ctx->macpads_Bsize));
-      xfree(a->ctx->macpads);
-    }
-
   wipememory (a, a->ctx->actual_handle_size);
   xfree(a);
 }
@@ -686,66 +633,120 @@ md_final (gcry_md_hd_t a)
 
   a->ctx->flags.finalized = 1;
 
-  if (a->ctx->macpads)
+  if (!a->ctx->flags.hmac)
+    return;
+
+  for (r = a->ctx->list; r; r = r->next)
     {
-      /* Finish the hmac. */
-      int algo = md_get_algo (a);
-      byte *p = md_read (a, algo);
-      size_t dlen = md_digest_length (algo);
-      gcry_md_hd_t om;
+      byte *p = r->spec->read (&r->context.c);
+      size_t dlen = r->spec->mdlen;
+      byte *hash;
       gcry_err_code_t err;
 
-      err = md_open (&om, algo,
-                     ((a->ctx->flags.secure? GCRY_MD_FLAG_SECURE:0)
-                      | (a->ctx->flags.bugemu1? GCRY_MD_FLAG_BUGEMU1:0)));
-      if (err)
-	_gcry_fatal_error (err, NULL);
-      md_write (om,
-                (a->ctx->macpads)+(a->ctx->macpads_Bsize),
-                a->ctx->macpads_Bsize);
-      md_write (om, p, dlen);
-      md_final (om);
-      /* Replace our digest with the mac (they have the same size). */
-      memcpy (p, md_read (om, algo), dlen);
-      md_close (om);
+      if (a->ctx->flags.secure)
+        hash = xtrymalloc_secure (dlen);
+      else
+        hash = xtrymalloc (dlen);
+      if (!hash)
+        {
+          err = gpg_err_code_from_errno (errno);
+          _gcry_fatal_error (err, NULL);
+        }
+
+      memcpy (hash, p, dlen);
+      memcpy (r->context.c, r->context.c + r->spec->contextsize * 2,
+              r->spec->contextsize);
+      (*r->spec->write) (&r->context.c, hash, dlen);
+      (*r->spec->final) (&r->context.c);
+      xfree (hash);
     }
 }
 
 
 static gcry_err_code_t
-prepare_macpads (gcry_md_hd_t hd, const unsigned char *key, size_t keylen)
+prepare_macpads (gcry_md_hd_t a, const unsigned char *key, size_t keylen)
 {
-  int i;
-  int algo = md_get_algo (hd);
-  unsigned char *helpkey = NULL;
-  unsigned char *ipad, *opad;
+  GcryDigestEntry *r;
 
-  if (!algo)
+  if (!a->ctx->list)
     return GPG_ERR_DIGEST_ALGO; /* Might happen if no algo is enabled.  */
 
-  if ( keylen > hd->ctx->macpads_Bsize )
+  for (r = a->ctx->list; r; r = r->next)
     {
-      helpkey = xtrymalloc_secure (md_digest_length (algo));
-      if (!helpkey)
-        return gpg_err_code_from_errno (errno);
-      _gcry_md_hash_buffer (algo, helpkey, key, keylen);
-      key = helpkey;
-      keylen = md_digest_length (algo);
-      gcry_assert ( keylen <= hd->ctx->macpads_Bsize );
-    }
+      const unsigned char *k;
+      size_t k_len;
+      unsigned char *key_allocated = NULL;
+      int macpad_Bsize;
+      int i;
 
-  memset ( hd->ctx->macpads, 0, 2*(hd->ctx->macpads_Bsize) );
-  ipad = hd->ctx->macpads;
-  opad = (hd->ctx->macpads)+(hd->ctx->macpads_Bsize);
-  memcpy ( ipad, key, keylen );
-  memcpy ( opad, key, keylen );
-  for (i=0; i < hd->ctx->macpads_Bsize; i++ )
-    {
-      ipad[i] ^= 0x36;
-      opad[i] ^= 0x5c;
+      switch (r->spec->algo)
+        {
+        case GCRY_MD_SHA3_224:
+          macpad_Bsize = 1152 / 8;
+          break;
+        case GCRY_MD_SHA3_256:
+          macpad_Bsize = 1088 / 8;
+          break;
+        case GCRY_MD_SHA3_384:
+          macpad_Bsize = 832 / 8;
+          break;
+        case GCRY_MD_SHA3_512:
+          macpad_Bsize = 576 / 8;
+          break;
+        case GCRY_MD_SHA384:
+        case GCRY_MD_SHA512:
+          macpad_Bsize = 128;
+          break;
+        case GCRY_MD_GOSTR3411_94:
+        case GCRY_MD_GOSTR3411_CP:
+          macpad_Bsize = 32;
+          break;
+        default:
+          macpad_Bsize = 64;
+          break;
+        }
+
+      if ( keylen > macpad_Bsize )
+        {
+          k = key_allocated = xtrymalloc_secure (r->spec->mdlen);
+          if (!k)
+            return gpg_err_code_from_errno (errno);
+          _gcry_md_hash_buffer (r->spec->algo, key_allocated, key, keylen);
+          k_len = r->spec->mdlen;
+          gcry_assert ( k_len <= macpad_Bsize );
+        }
+      else
+        {
+          k = key;
+          k_len = keylen;
+        }
+
+      (*r->spec->init) (&r->context.c,
+                        a->ctx->flags.bugemu1? GCRY_MD_FLAG_BUGEMU1:0);
+      a->bufpos = 0;
+      for (i=0; i < k_len; i++ )
+        _gcry_md_putc (a, k[i] ^ 0x36);
+      for (; i < macpad_Bsize; i++ )
+        _gcry_md_putc (a, 0x36);
+      (*r->spec->write) (&r->context.c, a->buf, a->bufpos);
+      memcpy (r->context.c + r->spec->contextsize, r->context.c,
+              r->spec->contextsize);
+
+      (*r->spec->init) (&r->context.c,
+                        a->ctx->flags.bugemu1? GCRY_MD_FLAG_BUGEMU1:0);
+      a->bufpos = 0;
+      for (i=0; i < k_len; i++ )
+        _gcry_md_putc (a, k[i] ^ 0x5c);
+      for (; i < macpad_Bsize; i++ )
+        _gcry_md_putc (a, 0x5c);
+      (*r->spec->write) (&r->context.c, a->buf, a->bufpos);
+      memcpy (r->context.c + r->spec->contextsize*2, r->context.c,
+              r->spec->contextsize);
+
+      xfree (key_allocated);
     }
-  xfree (helpkey);
 
+  a->bufpos = 0;
   return 0;
 }
 
@@ -780,14 +781,9 @@ _gcry_md_setkey (gcry_md_hd_t hd, const void *key, size_t keylen)
 {
   gcry_err_code_t rc;
 
-  if (!hd->ctx->macpads)
-    rc = GPG_ERR_CONFLICT;
-  else
-    {
-      rc = prepare_macpads (hd, key, keylen);
-      if (!rc)
-	_gcry_md_reset (hd);
-    }
+  rc = prepare_macpads (hd, key, keylen);
+  if (!rc)
+    _gcry_md_reset (hd);
 
   return rc;
 }

-----------------------------------------------------------------------

Summary of changes:
 cipher/md.c | 244 ++++++++++++++++++++++++++++++------------------------------
 1 file changed, 120 insertions(+), 124 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Oct 22 10:07:58 2015
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Thu, 22 Oct 2015 10:07:58 +0200
Subject: [git] GpgOL - branch, master, updated. gpgol-1.2.0-72-g694a6e4
Message-ID: <E1ZpAll-0000VS-Uw@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".

The branch, master has been updated
       via  694a6e486aa9187db71a2e70641660b1941321f1 (commit)
      from  4da36c8755eb25291c8e21b43e0d6005e45e1d41 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 694a6e486aa9187db71a2e70641660b1941321f1
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Thu Oct 22 10:04:35 2015 +0200

    Use utf8 gettext in inspectors
    
    * src/inspectors.cpp: Use utf8 gettext.
    
    --
    Any string thats passed to put_oom_string should be
    utf8 encoded.
    
    GnuPG-bug-id: 1247

diff --git a/src/inspectors.cpp b/src/inspectors.cpp
index 626dc64..729a7e9 100644
--- a/src/inspectors.cpp
+++ b/src/inspectors.cpp
@@ -36,6 +36,9 @@
 #include "mailitem.h"
 #include "revert.h"
 
+#undef _
+#define _(a) utf8_gettext (a)
+
 

 /* Event sink for an Inspectors collection object.  */
 BEGIN_EVENT_SINK(GpgolInspectorsEvents, IOOMInspectorsEvents)

-----------------------------------------------------------------------

Summary of changes:
 src/inspectors.cpp | 3 +++
 1 file changed, 3 insertions(+)


hooks/post-receive
-- 
GnuPG extension for MS Outlook
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Oct 22 10:58:27 2015
From: cvs at cvs.gnupg.org (by Dirk Mueller)
Date: Thu, 22 Oct 2015 10:58:27 +0200
Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.6-6-gf143d21
Message-ID: <E1ZpBYb-0001PE-Qg@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The standard pinentry collection".

The branch, master has been updated
       via  f143d216eff4eac3f05a85640b9f91431aec5588 (commit)
      from  48ab8cdccff4eefec4d8fa2e23b933c2277bc30c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit f143d216eff4eac3f05a85640b9f91431aec5588
Author: Dirk Mueller <dirk at dmllr.de>
Date:   Wed Oct 21 14:41:53 2015 +0200

    Qt: Do not use temporary reference to utf8 pin
    
    * qt/main.cpp (qt_cmd_handler): Keep utf8 pin byte array.
    
    --
    The pin pointer was invalid after the UTF8 conversion
    as the converted byte array only was temporary in that
    call and the data pointer becomes invalid after it's
    destruction.
    
    Commit message amended by Andre Heinecke. The original
    commit message was:
    
    const char* does not keep the temporary string returned
    from toUtf8() active, since it doesn't keep the reference counter
    set. So you usually just copy out garbage instead of the
    pin that was entered. Just keep the QByteArray which keeps
    the reference active.
    
    GnuPG-bug-id: 2133

diff --git a/qt/main.cpp b/qt/main.cpp
index 70e08de..c7518fa 100644
--- a/qt/main.cpp
+++ b/qt/main.cpp
@@ -190,15 +190,15 @@ qt_cmd_handler (pinentry_t pe)
       if (!ret)
 	return -1;
 
-      const char *pin = pinentry.pin().toUtf8().constData();
+      QByteArray pin = pinentry.pin().toUtf8 ();
 
-      int len = strlen (pin);
+      int len = strlen (pin.constData ());
       if (len >= 0)
 	{
 	  pinentry_setbufferlen (pe, len + 1);
 	  if (pe->pin)
 	    {
-	      strcpy (pe->pin, pin);
+	      strcpy (pe->pin, pin.constData ());
 	      return len;
 	    }
 	}

-----------------------------------------------------------------------

Summary of changes:
 qt/main.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
The standard pinentry collection
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Oct 22 17:08:18 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 22 Oct 2015 17:08:18 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-57-g8b06d7f
Message-ID: <E1ZpHKX-0003nB-WD@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  8b06d7f41aec6cb993445935dba7c60e033d026a (commit)
       via  e03a4a94bb67d4a6c958b37671f83456e203f325 (commit)
       via  41bb01ae792af78edd28bf1b735cacc0b3ac428a (commit)
      from  1e34007c972c1d7730cfcacd88f6bbebba7dec1d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 8b06d7f41aec6cb993445935dba7c60e033d026a
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Oct 22 10:14:10 2015 +0200

    dirmngr: Implement Tor mode for SRV RRs.
    
    * dirmngr/dns-stuff.c (get_dns_cert): Factor adns init out to...
    (my_adns_init): new.
    (getsrv)[USE_ADNS]: Use my_adns_init.
    (getsrv)[!USE_ADNS]: Return an error if Tor mode is active.
    
    * dirmngr/t-dns-stuff.c: Add option --use-tor.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
index 639388f..300d086 100644
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@@ -219,6 +219,29 @@ resolve_dns_name (const char *name, unsigned short port,
 }
 
 
+#ifdef USE_ADNS
+/* Init ADNS and store the new state at R_STATE.  Returns 0 on
+   success; prints an error message and returns an error code on
+   failure.  */
+static gpg_error_t
+my_adns_init (adns_state *r_state)
+{
+  gpg_error_t err;
+
+  if (tor_mode? adns_init_strcfg (r_state,
+                                  adns_if_noerrprint|adns_if_tormode,
+                                  NULL, "nameserver 8.8.8.8")
+      /*    */: adns_init (r_state, adns_if_noerrprint, NULL))
+    {
+      err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
+      log_error ("error initializing adns: %s\n", gpg_strerror (err));
+      return err;
+    }
+  return 0;
+}
+#endif /*USE_ADNS*/
+
+
 /* Returns 0 on success or an error code.  If a PGP CERT record was
    found, the malloced data is returned at (R_KEY, R_KEYLEN) and
    the other return parameters are set to NULL/0.  If an IPGP CERT
@@ -250,14 +273,9 @@ get_dns_cert (const char *name, int want_certtype,
   *r_fprlen = 0;
   *r_url = NULL;
 
-  if (tor_mode? adns_init_strcfg (&state, adns_if_noerrprint|adns_if_tormode,
-                                  NULL, "nameserver 8.8.8.8")
-      /*    */: adns_init (&state, adns_if_noerrprint, NULL))
-    {
-      err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
-      log_error ("error initializing adns: %s\n", strerror (errno));
-      return err;
-    }
+  err = my_adns_init (&state);
+  if (err)
+    return err;
 
   if (adns_synchronous (state, name,
                         (adns_r_unknown
@@ -620,12 +638,8 @@ getsrv (const char *name,struct srventry **list)
     adns_state state;
     adns_answer *answer = NULL;
 
-    rc = adns_init (&state, adns_if_noerrprint, NULL);
-    if (rc)
-      {
-        log_error ("error initializing adns: %s\n", strerror (errno));
-        return -1;
-      }
+    if (my_adns_init (&state))
+      return -1;
 
     rc = adns_synchronous (state, name, adns_r_srv, adns_qf_quoteok_query,
                            &answer);
@@ -682,6 +696,10 @@ getsrv (const char *name,struct srventry **list)
     int r;
     u16 dlen;
 
+    /* Do not allow a query using the standard resolver in Tor mode.  */
+    if (tor_mode)
+      return -1;
+
     r = res_query (name, C_IN, T_SRV, answer, sizeof answer);
     if (r < sizeof (HEADER) || r > sizeof answer)
       return -1;
diff --git a/dirmngr/t-dns-stuff.c b/dirmngr/t-dns-stuff.c
index d2ead8f..63d4cdd 100644
--- a/dirmngr/t-dns-stuff.c
+++ b/dirmngr/t-dns-stuff.c
@@ -42,6 +42,7 @@ main (int argc, char **argv)
   int last_argc = -1;
   gpg_error_t err;
   int any_options = 0;
+  int opt_tor = 0;
   int opt_cert = 0;
   int opt_srv = 0;
   char const *name = NULL;
@@ -64,6 +65,7 @@ main (int argc, char **argv)
                  "Options:\n"
                  "  --verbose         print timings etc.\n"
                  "  --debug           flyswatter\n"
+                 "  --use-tor         use Tor\n"
                  "  --cert            lookup a CERT RR\n"
                  "  --srv             lookup a SRV RR\n"
                  , stdout);
@@ -80,6 +82,11 @@ main (int argc, char **argv)
           debug++;
           argc--; argv++;
         }
+      else if (!strcmp (*argv, "--use-tor"))
+        {
+          opt_tor = 1;
+          argc--; argv++;
+        }
       else if (!strcmp (*argv, "--cert"))
         {
           any_options = opt_cert = 1;
@@ -110,6 +117,17 @@ main (int argc, char **argv)
       exit (1);
     }
 
+  if (opt_tor)
+    {
+      err = enable_dns_tormode ();
+      if (err)
+        {
+          fprintf (stderr, "error switching into Tor mode: %s\n",
+                   gpg_strerror (err));
+          exit (1);
+        }
+    }
+
   if (opt_cert)
     {
       unsigned char *fpr;

commit e03a4a94bb67d4a6c958b37671f83456e203f325
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Oct 22 09:52:51 2015 +0200

    dirmngr: Do not use MAXDNAME.
    
    * dirmngr/dns-stuff.c (getsrv): Replace MAXDNAME.
    * dirmngr/dns-stuff.h (MAXDNAME): Remove.
    (struct srventry): Use a fixed value instead of MAXDNAME.
    * dirmngr/http.c (connect_server): Use DIMof instead of MAXDNAME.
    Malloc a helper array.
    
    --
    
    Depending on the order of included headers it might be that we allocate
    the array with a different size than what we test against in another
    module.  To make it more robust we use the actual known size of
    checking.
    
    A better would be to use a linked list and avoid these large arrays.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
index c500c34..639388f 100644
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@@ -651,7 +651,7 @@ getsrv (const char *name,struct srventry **list)
         struct srventry *srv = NULL;
         struct srventry *newlist;
 
-        if (strlen (answer->rrs.srvha[count].ha.host) >= MAXDNAME)
+        if (strlen (answer->rrs.srvha[count].ha.host) >= sizeof srv->target)
           {
             log_info ("hostname in SRV record too long - skipped\n");
             continue;
@@ -747,7 +747,7 @@ getsrv (const char *name,struct srventry **list)
         /* Get the name.  2782 doesn't allow name compression, but
            dn_expand still works to pull the name out of the
            packet. */
-        rc = dn_expand(answer,emsg,pt,srv->target,MAXDNAME);
+        rc = dn_expand(answer,emsg,pt,srv->target, sizeof srv->target);
         if (rc == 1 && srv->target[0] == 0) /* "." */
           {
             xfree(*list);
diff --git a/dirmngr/dns-stuff.h b/dirmngr/dns-stuff.h
index 5ffa017..13c47df 100644
--- a/dirmngr/dns-stuff.h
+++ b/dirmngr/dns-stuff.h
@@ -71,18 +71,13 @@ struct dns_addrinfo_s
 };
 
 
-
-#ifndef MAXDNAME
-#define MAXDNAME 1025
-#endif
-
 struct srventry
 {
   unsigned short priority;
   unsigned short weight;
   unsigned short port;
   int run_count;
-  char target[MAXDNAME];
+  char target[1025];
 };
 
 
diff --git a/dirmngr/http.c b/dirmngr/http.c
index 4387b96..de5edc3 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -2251,13 +2251,23 @@ connect_server (const char *server, unsigned short port,
   if (srvtag)
     {
       /* We're using SRV, so append the tags. */
-      if (1+strlen (srvtag) + 6 + strlen (server) + 1 <= MAXDNAME)
+      if (1 + strlen (srvtag) + 6 + strlen (server) + 1
+          <= DIMof (struct srventry, target))
 	{
-	  char srvname[MAXDNAME];
+	  char *srvname = xtrymalloc (DIMof (struct srventry, target));
 
-	  stpcpy (stpcpy (stpcpy (stpcpy (srvname,"_"), srvtag),
-                           "._tcp."), server);
-	  srvcount = getsrv (srvname, &serverlist);
+          if (!srvname) /* Out of core */
+            {
+              serverlist = NULL;
+              srvcount = 0;
+            }
+          else
+            {
+              stpcpy (stpcpy (stpcpy (stpcpy (srvname,"_"), srvtag),
+                              "._tcp."), server);
+              srvcount = getsrv (srvname, &serverlist);
+              xfree (srvname);
+            }
 	}
     }
 #else
@@ -2273,8 +2283,8 @@ connect_server (const char *server, unsigned short port,
       if (!serverlist)
         return -1; /* Out of core.  */
       serverlist->port = port;
-      strncpy (serverlist->target, server, MAXDNAME);
-      serverlist->target[MAXDNAME-1] = '\0';
+      strncpy (serverlist->target, server, DIMof (struct srventry, target));
+      serverlist->target[DIMof (struct srventry, target)-1] = '\0';
       srvcount = 1;
     }
 

commit 41bb01ae792af78edd28bf1b735cacc0b3ac428a
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Oct 22 09:22:41 2015 +0200

    Move SRV RR code from common/ to dirmngr/.
    
    * common/srv.c: Merge into dirmngr/dns-stuff.c.  Delete file.
    * common/srv.h: Merge into dirmngr/dns-stuff.h.  Delete file.
    * common/Makefile.am (common_sources): Remove srv.c and srv.h.
    * g10/keyserver.c: Do not include srv.h.  The code using it is anyway
    disabled.
    * dirmngr/http.c: Remove header srv.h and stubs.
    * dirmngr/t-dns-stuff.c: Add option --srv.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/common/Makefile.am b/common/Makefile.am
index 2be51f1..6cbde0b 100644
--- a/common/Makefile.am
+++ b/common/Makefile.am
@@ -78,7 +78,6 @@ common_sources = \
 	exechelp.h \
 	signal.c \
 	audit.c audit.h \
-	srv.h \
 	localename.c \
 	session-env.c session-env.h \
 	userids.c userids.h \
@@ -110,15 +109,9 @@ without_npth_sources = \
 
 
 libcommon_a_SOURCES = $(common_sources) $(without_npth_sources)
-if USE_DNS_SRV
-libcommon_a_SOURCES += srv.c
-endif
 libcommon_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) -DWITHOUT_NPTH=1
 
 libcommonpth_a_SOURCES = $(common_sources)
-if USE_DNS_SRV
-libcommonpth_a_SOURCES += srv.c
-endif
 libcommonpth_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS)
 
 if !HAVE_W32CE_SYSTEM
diff --git a/common/srv.c b/common/srv.c
deleted file mode 100644
index 2107aa5..0000000
--- a/common/srv.c
+++ /dev/null
@@ -1,333 +0,0 @@
-/* srv.c - DNS SRV code
- * Copyright (C) 2003, 2009 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include <config.h>
-#include <sys/types.h>
-#ifdef _WIN32
-# ifdef HAVE_WINSOCK2_H
-#  include <winsock2.h>
-# endif
-# include <windows.h>
-#else
-#include <netinet/in.h>
-#include <arpa/nameser.h>
-#include <resolv.h>
-#endif
-#include <unistd.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#ifdef USE_ADNS
-# include <adns.h>
-#endif
-
-#include "util.h"
-#include "host2net.h"
-#include "srv.h"
-
-/* Not every installation has gotten around to supporting SRVs
-   yet... */
-#ifndef T_SRV
-#define T_SRV 33
-#endif
-
-static int
-priosort(const void *a,const void *b)
-{
-  const struct srventry *sa=a,*sb=b;
-  if(sa->priority>sb->priority)
-    return 1;
-  else if(sa->priority<sb->priority)
-    return -1;
-  else
-    return 0;
-}
-
-
-int
-getsrv (const char *name,struct srventry **list)
-{
-  int srvcount=0;
-  u16 count;
-  int i, rc;
-
-  *list = NULL;
-
-#ifdef USE_ADNS
-  {
-    adns_state state;
-    adns_answer *answer = NULL;
-
-    rc = adns_init (&state, adns_if_noerrprint, NULL);
-    if (rc)
-      {
-        log_error ("error initializing adns: %s\n", strerror (errno));
-        return -1;
-      }
-
-    rc = adns_synchronous (state, name, adns_r_srv, adns_qf_quoteok_query,
-                           &answer);
-    if (rc)
-      {
-        log_error ("DNS query failed: %s\n", strerror (errno));
-        adns_finish (state);
-        return -1;
-      }
-    if (answer->status != adns_s_ok
-        || answer->type != adns_r_srv || !answer->nrrs)
-      {
-        log_error ("DNS query returned an error or no records: %s (%s)\n",
-                   adns_strerror (answer->status),
-                   adns_errabbrev (answer->status));
-        adns_free (answer);
-        adns_finish (state);
-        return 0;
-      }
-
-    for (count = 0; count < answer->nrrs; count++)
-      {
-        struct srventry *srv = NULL;
-        struct srventry *newlist;
-
-        if (strlen (answer->rrs.srvha[count].ha.host) >= MAXDNAME)
-          {
-            log_info ("hostname in SRV record too long - skipped\n");
-            continue;
-          }
-
-        newlist = xtryrealloc (*list, (srvcount+1)*sizeof(struct srventry));
-        if (!newlist)
-          goto fail;
-        *list = newlist;
-        memset (&(*list)[srvcount], 0, sizeof(struct srventry));
-        srv = &(*list)[srvcount];
-        srvcount++;
-
-        srv->priority = answer->rrs.srvha[count].priority;
-        srv->weight   = answer->rrs.srvha[count].weight;
-        srv->port     = answer->rrs.srvha[count].port;
-        strcpy (srv->target, answer->rrs.srvha[count].ha.host);
-      }
-
-    adns_free (answer);
-    adns_finish (state);
-  }
-#else /*!USE_ADNS*/
-  {
-    unsigned char answer[2048];
-    HEADER *header = (HEADER *)answer;
-    unsigned char *pt, *emsg;
-    int r;
-    u16 dlen;
-
-    r = res_query (name, C_IN, T_SRV, answer, sizeof answer);
-    if (r < sizeof (HEADER) || r > sizeof answer)
-      return -1;
-    if (header->rcode != NOERROR || !(count=ntohs (header->ancount)))
-      return 0; /* Error or no record found.  */
-
-    emsg = &answer[r];
-    pt = &answer[sizeof(HEADER)];
-
-    /* Skip over the query */
-    rc = dn_skipname (pt, emsg);
-    if (rc == -1)
-      goto fail;
-
-    pt += rc + QFIXEDSZ;
-
-    while (count-- > 0 && pt < emsg)
-      {
-        struct srventry *srv=NULL;
-        u16 type,class;
-        struct srventry *newlist;
-
-        newlist = xtryrealloc (*list, (srvcount+1)*sizeof(struct srventry));
-        if (!newlist)
-          goto fail;
-        *list = newlist;
-        memset(&(*list)[srvcount],0,sizeof(struct srventry));
-        srv=&(*list)[srvcount];
-        srvcount++;
-
-        rc = dn_skipname(pt,emsg); /* the name we just queried for */
-        if (rc == -1)
-          goto fail;
-        pt+=rc;
-
-        /* Truncated message? */
-        if((emsg-pt)<16)
-          goto fail;
-
-        type = buf16_to_u16 (pt);
-        pt += 2;
-        /* We asked for SRV and got something else !? */
-        if(type!=T_SRV)
-          goto fail;
-
-        class = buf16_to_u16 (pt);
-        pt += 2;
-        /* We asked for IN and got something else !? */
-        if(class!=C_IN)
-          goto fail;
-
-        pt += 4; /* ttl */
-        dlen = buf16_to_u16 (pt);
-        pt += 2;
-
-        srv->priority = buf16_to_ushort (pt);
-        pt += 2;
-        srv->weight = buf16_to_ushort (pt);
-        pt += 2;
-        srv->port = buf16_to_ushort (pt);
-        pt += 2;
-
-        /* Get the name.  2782 doesn't allow name compression, but
-           dn_expand still works to pull the name out of the
-           packet. */
-        rc = dn_expand(answer,emsg,pt,srv->target,MAXDNAME);
-        if (rc == 1 && srv->target[0] == 0) /* "." */
-          {
-            xfree(*list);
-            *list = NULL;
-            return 0;
-          }
-        if (rc == -1)
-          goto fail;
-        pt += rc;
-        /* Corrupt packet? */
-        if (dlen != rc+6)
-          goto fail;
-      }
-  }
-#endif /*!USE_ADNS*/
-
-  /* Now we have an array of all the srv records. */
-
-  /* Order by priority */
-  qsort(*list,srvcount,sizeof(struct srventry),priosort);
-
-  /* For each priority, move the zero-weighted items first. */
-  for (i=0; i < srvcount; i++)
-    {
-      int j;
-
-      for (j=i;j < srvcount && (*list)[i].priority == (*list)[j].priority; j++)
-        {
-          if((*list)[j].weight==0)
-            {
-              /* Swap j with i */
-              if(j!=i)
-                {
-                  struct srventry temp;
-
-                  memcpy (&temp,&(*list)[j],sizeof(struct srventry));
-                  memcpy (&(*list)[j],&(*list)[i],sizeof(struct srventry));
-                  memcpy (&(*list)[i],&temp,sizeof(struct srventry));
-                }
-
-              break;
-            }
-        }
-    }
-
-  /* Run the RFC-2782 weighting algorithm.  We don't need very high
-     quality randomness for this, so regular libc srand/rand is
-     sufficient.  Fixme: It is a bit questionaly to reinitalize srand
-     - better use a gnupg fucntion for this.  */
-  srand(time(NULL)*getpid());
-
-  for (i=0; i < srvcount; i++)
-    {
-      int j;
-      float prio_count=0,chose;
-
-      for (j=i; j < srvcount && (*list)[i].priority == (*list)[j].priority; j++)
-        {
-          prio_count+=(*list)[j].weight;
-          (*list)[j].run_count=prio_count;
-        }
-
-      chose=prio_count*rand()/RAND_MAX;
-
-      for (j=i;j<srvcount && (*list)[i].priority==(*list)[j].priority;j++)
-        {
-          if (chose<=(*list)[j].run_count)
-            {
-              /* Swap j with i */
-              if(j!=i)
-                {
-                  struct srventry temp;
-
-                  memcpy(&temp,&(*list)[j],sizeof(struct srventry));
-                  memcpy(&(*list)[j],&(*list)[i],sizeof(struct srventry));
-                  memcpy(&(*list)[i],&temp,sizeof(struct srventry));
-                }
-              break;
-            }
-        }
-    }
-
-  return srvcount;
-
- fail:
-  xfree(*list);
-  *list=NULL;
-  return -1;
-}
-
-#ifdef TEST
-int
-main(int argc,char *argv[])
-{
-  struct srventry *srv;
-  int rc,i;
-
-  rc=getsrv("_hkp._tcp.wwwkeys.pgp.net",&srv);
-  printf("Count=%d\n\n",rc);
-  for(i=0;i<rc;i++)
-    {
-      printf("priority=%hu\n",srv[i].priority);
-      printf("weight=%hu\n",srv[i].weight);
-      printf("port=%hu\n",srv[i].port);
-      printf("target=%s\n",srv[i].target);
-      printf("\n");
-    }
-
-  xfree(srv);
-
-  return 0;
-}
-#endif /* TEST */
-
-/*
-Local Variables:
-compile-command: "cc -DTEST -I.. -I../include -Wall -g -o srv srv.c -lresolv  ../tools/no-libgcrypt.o  ../common/libcommon.a"
-End:
-*/
diff --git a/common/srv.h b/common/srv.h
deleted file mode 100644
index 016d2b1..0000000
--- a/common/srv.h
+++ /dev/null
@@ -1,62 +0,0 @@
-/* srv.h
- * Copyright (C) 2003, 2004 Free Software Foundation, Inc.
- *
- * This file is part of GNUPG.
- *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
- *
- *   - the GNU Lesser General Public License as published by the Free
- *     Software Foundation; either version 3 of the License, or (at
- *     your option) any later version.
- *
- * or
- *
- *   - the GNU General Public License as published by the Free
- *     Software Foundation; either version 2 of the License, or (at
- *     your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef GNUPG_COMMON_SRV_H
-#define GNUPG_COMMON_SRV_H
-
-#ifdef USE_DNS_SRV
-# ifdef _WIN32
-#  ifdef HAVE_WINSOCK2_H
-#   include <winsock2.h>
-#  endif
-#  include <windows.h>
-# else
-#  include <netinet/in.h>
-#  include <arpa/nameser.h>
-#  include <resolv.h>
-# endif /* !_WIN32 */
-#endif /* USE_DNS_SRV */
-
-
-#ifndef MAXDNAME
-#define MAXDNAME 1025
-#endif
-
-struct srventry
-{
-  unsigned short priority;
-  unsigned short weight;
-  unsigned short port;
-  int run_count;
-  char target[MAXDNAME];
-};
-
-int getsrv(const char *name,struct srventry **list);
-
-#endif /*GNUPG_COMMON_SRV_H*/
diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
index 3fa6054..c500c34 100644
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@@ -1,5 +1,5 @@
 /* dns-stuff.c - DNS related code including CERT RR (rfc-4398)
- * Copyright (C) 2005, 2006, 2009 Free Software Foundation, Inc.
+ * Copyright (C) 2003, 2005, 2006, 2009 Free Software Foundation, Inc.
  * Copyright (C) 2005, 2006, 2009, 2015 Werner Koch
  *
  * This file is part of GnuPG.
@@ -54,8 +54,11 @@
 #include "host2net.h"
 #include "dns-stuff.h"
 
-/* Not every installation has gotten around to supporting CERTs
-   yet... */
+/* Not every installation has gotten around to supporting SRVs or
+   CERTs yet... */
+#ifndef T_SRV
+#define T_SRV 33
+#endif
 #ifndef T_CERT
 # define T_CERT 37
 #endif
@@ -588,3 +591,250 @@ get_dns_cert (const char *name, int want_certtype,
   return gpg_err_make (default_errsource, GPG_ERR_NOT_SUPPORTED);
 #endif
 }
+
+#ifdef USE_DNS_SRV
+static int
+priosort(const void *a,const void *b)
+{
+  const struct srventry *sa=a,*sb=b;
+  if(sa->priority>sb->priority)
+    return 1;
+  else if(sa->priority<sb->priority)
+    return -1;
+  else
+    return 0;
+}
+
+
+int
+getsrv (const char *name,struct srventry **list)
+{
+  int srvcount=0;
+  u16 count;
+  int i, rc;
+
+  *list = NULL;
+
+#ifdef USE_ADNS
+  {
+    adns_state state;
+    adns_answer *answer = NULL;
+
+    rc = adns_init (&state, adns_if_noerrprint, NULL);
+    if (rc)
+      {
+        log_error ("error initializing adns: %s\n", strerror (errno));
+        return -1;
+      }
+
+    rc = adns_synchronous (state, name, adns_r_srv, adns_qf_quoteok_query,
+                           &answer);
+    if (rc)
+      {
+        log_error ("DNS query failed: %s\n", strerror (errno));
+        adns_finish (state);
+        return -1;
+      }
+    if (answer->status != adns_s_ok
+        || answer->type != adns_r_srv || !answer->nrrs)
+      {
+        log_error ("DNS query returned an error or no records: %s (%s)\n",
+                   adns_strerror (answer->status),
+                   adns_errabbrev (answer->status));
+        adns_free (answer);
+        adns_finish (state);
+        return 0;
+      }
+
+    for (count = 0; count < answer->nrrs; count++)
+      {
+        struct srventry *srv = NULL;
+        struct srventry *newlist;
+
+        if (strlen (answer->rrs.srvha[count].ha.host) >= MAXDNAME)
+          {
+            log_info ("hostname in SRV record too long - skipped\n");
+            continue;
+          }
+
+        newlist = xtryrealloc (*list, (srvcount+1)*sizeof(struct srventry));
+        if (!newlist)
+          goto fail;
+        *list = newlist;
+        memset (&(*list)[srvcount], 0, sizeof(struct srventry));
+        srv = &(*list)[srvcount];
+        srvcount++;
+
+        srv->priority = answer->rrs.srvha[count].priority;
+        srv->weight   = answer->rrs.srvha[count].weight;
+        srv->port     = answer->rrs.srvha[count].port;
+        strcpy (srv->target, answer->rrs.srvha[count].ha.host);
+      }
+
+    adns_free (answer);
+    adns_finish (state);
+  }
+#else /*!USE_ADNS*/
+  {
+    unsigned char answer[2048];
+    HEADER *header = (HEADER *)answer;
+    unsigned char *pt, *emsg;
+    int r;
+    u16 dlen;
+
+    r = res_query (name, C_IN, T_SRV, answer, sizeof answer);
+    if (r < sizeof (HEADER) || r > sizeof answer)
+      return -1;
+    if (header->rcode != NOERROR || !(count=ntohs (header->ancount)))
+      return 0; /* Error or no record found.  */
+
+    emsg = &answer[r];
+    pt = &answer[sizeof(HEADER)];
+
+    /* Skip over the query */
+    rc = dn_skipname (pt, emsg);
+    if (rc == -1)
+      goto fail;
+
+    pt += rc + QFIXEDSZ;
+
+    while (count-- > 0 && pt < emsg)
+      {
+        struct srventry *srv=NULL;
+        u16 type,class;
+        struct srventry *newlist;
+
+        newlist = xtryrealloc (*list, (srvcount+1)*sizeof(struct srventry));
+        if (!newlist)
+          goto fail;
+        *list = newlist;
+        memset(&(*list)[srvcount],0,sizeof(struct srventry));
+        srv=&(*list)[srvcount];
+        srvcount++;
+
+        rc = dn_skipname(pt,emsg); /* the name we just queried for */
+        if (rc == -1)
+          goto fail;
+        pt+=rc;
+
+        /* Truncated message? */
+        if((emsg-pt)<16)
+          goto fail;
+
+        type = buf16_to_u16 (pt);
+        pt += 2;
+        /* We asked for SRV and got something else !? */
+        if(type!=T_SRV)
+          goto fail;
+
+        class = buf16_to_u16 (pt);
+        pt += 2;
+        /* We asked for IN and got something else !? */
+        if(class!=C_IN)
+          goto fail;
+
+        pt += 4; /* ttl */
+        dlen = buf16_to_u16 (pt);
+        pt += 2;
+
+        srv->priority = buf16_to_ushort (pt);
+        pt += 2;
+        srv->weight = buf16_to_ushort (pt);
+        pt += 2;
+        srv->port = buf16_to_ushort (pt);
+        pt += 2;
+
+        /* Get the name.  2782 doesn't allow name compression, but
+           dn_expand still works to pull the name out of the
+           packet. */
+        rc = dn_expand(answer,emsg,pt,srv->target,MAXDNAME);
+        if (rc == 1 && srv->target[0] == 0) /* "." */
+          {
+            xfree(*list);
+            *list = NULL;
+            return 0;
+          }
+        if (rc == -1)
+          goto fail;
+        pt += rc;
+        /* Corrupt packet? */
+        if (dlen != rc+6)
+          goto fail;
+      }
+  }
+#endif /*!USE_ADNS*/
+
+  /* Now we have an array of all the srv records. */
+
+  /* Order by priority */
+  qsort(*list,srvcount,sizeof(struct srventry),priosort);
+
+  /* For each priority, move the zero-weighted items first. */
+  for (i=0; i < srvcount; i++)
+    {
+      int j;
+
+      for (j=i;j < srvcount && (*list)[i].priority == (*list)[j].priority; j++)
+        {
+          if((*list)[j].weight==0)
+            {
+              /* Swap j with i */
+              if(j!=i)
+                {
+                  struct srventry temp;
+
+                  memcpy (&temp,&(*list)[j],sizeof(struct srventry));
+                  memcpy (&(*list)[j],&(*list)[i],sizeof(struct srventry));
+                  memcpy (&(*list)[i],&temp,sizeof(struct srventry));
+                }
+
+              break;
+            }
+        }
+    }
+
+  /* Run the RFC-2782 weighting algorithm.  We don't need very high
+     quality randomness for this, so regular libc srand/rand is
+     sufficient.  Fixme: It is a bit questionaly to reinitalize srand
+     - better use a gnupg fucntion for this.  */
+  srand(time(NULL)*getpid());
+
+  for (i=0; i < srvcount; i++)
+    {
+      int j;
+      float prio_count=0,chose;
+
+      for (j=i; j < srvcount && (*list)[i].priority == (*list)[j].priority; j++)
+        {
+          prio_count+=(*list)[j].weight;
+          (*list)[j].run_count=prio_count;
+        }
+
+      chose=prio_count*rand()/RAND_MAX;
+
+      for (j=i;j<srvcount && (*list)[i].priority==(*list)[j].priority;j++)
+        {
+          if (chose<=(*list)[j].run_count)
+            {
+              /* Swap j with i */
+              if(j!=i)
+                {
+                  struct srventry temp;
+
+                  memcpy(&temp,&(*list)[j],sizeof(struct srventry));
+                  memcpy(&(*list)[j],&(*list)[i],sizeof(struct srventry));
+                  memcpy(&(*list)[i],&temp,sizeof(struct srventry));
+                }
+              break;
+            }
+        }
+    }
+
+  return srvcount;
+
+ fail:
+  xfree(*list);
+  *list=NULL;
+  return -1;
+}
+#endif /*USE_DNS_SRV*/
diff --git a/dirmngr/dns-stuff.h b/dirmngr/dns-stuff.h
index 090e79b..5ffa017 100644
--- a/dirmngr/dns-stuff.h
+++ b/dirmngr/dns-stuff.h
@@ -72,6 +72,20 @@ struct dns_addrinfo_s
 
 
 
+#ifndef MAXDNAME
+#define MAXDNAME 1025
+#endif
+
+struct srventry
+{
+  unsigned short priority;
+  unsigned short weight;
+  unsigned short port;
+  int run_count;
+  char target[MAXDNAME];
+};
+
+
 /* Calling this function switches the DNS code into Tor mode if
    possibe.  Return 0 on success.  */
 gpg_error_t enable_dns_tormode (void);
@@ -89,6 +103,7 @@ gpg_error_t get_dns_cert (const char *name, int want_certtype,
                           unsigned char **r_fpr, size_t *r_fprlen,
                           char **r_url);
 
+int getsrv (const char *name,struct srventry **list);
 
 
 #endif /*GNUPG_DIRMNGR_DNS_STUFF_H*/
diff --git a/dirmngr/http.c b/dirmngr/http.c
index 19d5f8f..4387b96 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -100,23 +100,6 @@
 #include "i18n.h"
 #include "dns-stuff.h"
 #include "http.h"
-#ifdef USE_DNS_SRV
-# include "srv.h"
-#else /*!USE_DNS_SRV*/
-  /* If we are not compiling with SRV record support we provide stub
-     data structures. */
-# ifndef MAXDNAME
-#  define MAXDNAME 1025
-# endif
-struct srventry
-{
-  unsigned short priority;
-  unsigned short weight;
-  unsigned short port;
-  int run_count;
-  char target[MAXDNAME];
-};
-#endif/*!USE_DNS_SRV*/
 
 
 #ifdef USE_NPTH
diff --git a/dirmngr/t-dns-stuff.c b/dirmngr/t-dns-stuff.c
index e8a74ea..d2ead8f 100644
--- a/dirmngr/t-dns-stuff.c
+++ b/dirmngr/t-dns-stuff.c
@@ -41,10 +41,13 @@ main (int argc, char **argv)
 {
   int last_argc = -1;
   gpg_error_t err;
+  int any_options = 0;
   int opt_cert = 0;
-  char const *name;
+  int opt_srv = 0;
+  char const *name = NULL;
 
   gpgrt_init ();
+  log_set_prefix (PGM, GPGRT_LOG_WITH_PREFIX);
   if (argc)
     { argc--; argv++; }
   while (argc && last_argc != argc )
@@ -62,6 +65,7 @@ main (int argc, char **argv)
                  "  --verbose         print timings etc.\n"
                  "  --debug           flyswatter\n"
                  "  --cert            lookup a CERT RR\n"
+                 "  --srv             lookup a SRV RR\n"
                  , stdout);
           exit (0);
         }
@@ -78,7 +82,12 @@ main (int argc, char **argv)
         }
       else if (!strcmp (*argv, "--cert"))
         {
-          opt_cert = 1;
+          any_options = opt_cert = 1;
+          argc--; argv++;
+        }
+      else if (!strcmp (*argv, "--srv"))
+        {
+          any_options = opt_srv = 1;
           argc--; argv++;
         }
       else if (!strncmp (*argv, "--", 2))
@@ -88,7 +97,7 @@ main (int argc, char **argv)
         }
     }
 
-  if (!argc)
+  if (!argc && !any_options)
     {
       opt_cert = 1;
       name = "simon.josefsson.org";
@@ -97,7 +106,7 @@ main (int argc, char **argv)
     name = *argv;
   else
     {
-      fprintf (stderr, PGM ": too many host names given\n");
+      fprintf (stderr, PGM ": none or too many host names given\n");
       exit (1);
     }
 
@@ -145,6 +154,24 @@ main (int argc, char **argv)
       xfree (fpr);
       xfree (url);
     }
+  else if (opt_srv)
+    {
+      struct srventry *srv;
+      int rc,i;
+
+      rc=getsrv("_hkp._tcp.wwwkeys.pgp.net",&srv);
+      printf("Count=%d\n\n",rc);
+      for(i=0;i<rc;i++)
+        {
+          printf("priority=%hu\n",srv[i].priority);
+          printf("weight=%hu\n",srv[i].weight);
+          printf("port=%hu\n",srv[i].port);
+          printf("target=%s\n",srv[i].target);
+          printf("\n");
+        }
+
+      xfree(srv);
+    }
   else /* Standard lookup.  */
     {
       char *cname;
diff --git a/g10/keyserver.c b/g10/keyserver.c
index a6257e5..37e62fd 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -41,9 +41,6 @@
 #include "trustdb.h"
 #include "keyserver-internal.h"
 #include "util.h"
-#ifdef USE_DNS_SRV
-#include "srv.h"
-#endif
 #include "membuf.h"
 #include "call-dirmngr.h"
 
@@ -2029,6 +2026,7 @@ keyserver_import_ldap (ctrl_t ctrl,
 #ifdef USE_DNS_SRV
   snprintf(srvname,MAXDNAME,"_pgpkey-ldap._tcp.%s",domain);
 
+  FIXME("network related - move to dirmngr or drop the code");
   srvcount=getsrv(srvname,&srvlist);
 
   for(i=0;i<srvcount;i++)

-----------------------------------------------------------------------

Summary of changes:
 common/Makefile.am    |   7 --
 common/srv.c          | 333 --------------------------------------------------
 common/srv.h          |  62 ----------
 dirmngr/dns-stuff.c   | 290 +++++++++++++++++++++++++++++++++++++++++--
 dirmngr/dns-stuff.h   |  10 ++
 dirmngr/http.c        |  41 +++----
 dirmngr/t-dns-stuff.c |  53 +++++++-
 g10/keyserver.c       |   4 +-
 8 files changed, 356 insertions(+), 444 deletions(-)
 delete mode 100644 common/srv.c
 delete mode 100644 common/srv.h


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Oct 23 17:42:33 2015
From: cvs at cvs.gnupg.org (by Neal H. Walfield)
Date: Fri, 23 Oct 2015 17:42:33 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-61-g7f65e84
Message-ID: <E1ZpeLF-0001Tf-4F@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  7f65e84ac035e8f7a25639a6b09eb6000115e337 (commit)
       via  297cf8660ce346638e42934d84d746768f8bb10a (commit)
       via  cd879d4bd69a578be5a1ff96497f8c1181885563 (commit)
       via  3c4c89cc35280164b509977c5288b0a06d6f530e (commit)
      from  8b06d7f41aec6cb993445935dba7c60e033d026a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 7f65e84ac035e8f7a25639a6b09eb6000115e337
Author: Neal H. Walfield <neal at g10code.com>
Date:   Fri Oct 23 17:23:17 2015 +0200

    gpg: Provide an interface to patch TOFU updates.
    
    * g10/tofu.c (struct db): Rename begin_transaction to savepoint_batch.
    Rename end_transaction to savepoint_batch_commit.  Update users.
    Remove field rollback.  Add fields savepoint_inner and
    savepoint_inner_commit.  Add field batch_update.
    (dump_cache): New function.
    (batch_update): New variable.
    (begin_transaction). New function.
    (end_transaction): New function.
    (rollback_transaction): New function.
    (tofu_begin_batch_update): New function.
    (tofu_end_batch_update): New function.
    (closedb): End any pending batch transaction.
    (closedbs): Assert that none of the DBs have a started batch
    transaction if we not in batch mode.
    (record_binding): Use the begin_transaction, end_transaction and
    rollback_transaction functions instead of including the SQL inline.
    Also start a batch mode transaction if we are using the flat format.
    (tofu_register): Use the begin_transaction, end_transaction and
    rollback_transaction functions instead of including the SQL inline.
    * g10/gpgv.c (tofu_begin_batch_update): New function.
    (tofu_end_batch_update): New function.
    * g10/test-stubs.c (tofu_begin_batch_update): New function.
    (tofu_end_batch_update): New function.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/g10/gpgv.c b/g10/gpgv.c
index 1d7dc74..ec09706 100644
--- a/g10/gpgv.c
+++ b/g10/gpgv.c
@@ -632,3 +632,13 @@ tofu_policy_str (enum tofu_policy policy)
 
   return "unknown";
 }
+
+void
+tofu_begin_batch_update (void)
+{
+}
+
+void
+tofu_end_batch_update (void)
+{
+}
diff --git a/g10/keylist.c b/g10/keylist.c
index 2a766a1..d4e6b74 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -132,12 +132,16 @@ public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode)
      which is associated with the inode of a deleted file.  */
   check_trustdb_stale ();
 
+  tofu_begin_batch_update ();
+
   if (locate_mode)
     locate_one (ctrl, list);
   else if (!list)
     list_all (ctrl, 0, opt.with_secret);
   else
     list_one (ctrl, list, 0, opt.with_secret);
+
+  tofu_end_batch_update ();
 }
 
 
diff --git a/g10/test-stubs.c b/g10/test-stubs.c
index 4edea69..dfe6edb 100644
--- a/g10/test-stubs.c
+++ b/g10/test-stubs.c
@@ -446,3 +446,13 @@ tofu_policy_str (enum tofu_policy policy)
 
   return "unknown";
 }
+
+void
+tofu_begin_batch_update (void)
+{
+}
+
+void
+tofu_end_batch_update (void)
+{
+}
diff --git a/g10/tofu.c b/g10/tofu.c
index 3b8ced0..ad61536 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -86,9 +86,11 @@ struct db
 
   struct
   {
-    sqlite3_stmt *begin_transaction;
-    sqlite3_stmt *end_transaction;
-    sqlite3_stmt *rollback;
+    sqlite3_stmt *savepoint_batch;
+    sqlite3_stmt *savepoint_batch_commit;
+
+    sqlite3_stmt *savepoint_inner;
+    sqlite3_stmt *savepoint_inner_commit;
 
     sqlite3_stmt *record_binding_get_old_policy;
     sqlite3_stmt *record_binding_update;
@@ -101,17 +103,35 @@ struct db
     sqlite3_stmt *register_insert;
   } s;
 
-
 #if DEBUG_TOFU_CACHE
   int hits;
 #endif
 
+  int batch_update;
+
   /* If TYPE is DB_COMBINED, this is "".  Otherwise, it is either the
      fingerprint (type == DB_KEY) or the normalized email address
      (type == DB_EMAIL).  */
   char name[1];
 };
 
+static struct db *db_cache;
+static int db_cache_count;
+#define DB_CACHE_ENTRIES 16
+
+static void tofu_cache_dump (struct db *db) GPGRT_ATTR_USED;
+
+static void
+tofu_cache_dump (struct db *db)
+{
+  log_info ("Connection %p:\n", db);
+  for (; db; db = db->next)
+    log_info ("  %s: %sbatch mode\n", db->name, db->batch_update ? "" : "NOT ");
+  log_info ("Cache:\n");
+  for (db = db_cache; db; db = db->next)
+    log_info ("  %s: %sbatch mode\n", db->name, db->batch_update ? "" : "NOT ");
+}
+
 #define STRINGIFY(s) STRINGIFY2(s)
 #define STRINGIFY2(s) #s
 
@@ -400,7 +420,160 @@ sqlite3_stepx (sqlite3 *db,
 
   return rc;
 }
+

+static int batch_update;
+
+/* Start a transaction on DB.  */
+static gpg_error_t
+begin_transaction (struct db *db, int only_batch)
+{
+  int rc;
+  char *err = NULL;
+
+  /* XXX: In split mode, this can end in deadlock.
+
+     Consider: we have two gpg processes running simultaneously and
+     they each want to lock DB A and B, but in different orders.  This
+     will be automatically resolved by causing one of them to return
+     EBUSY and aborting.
+
+     A more intelligent approach would be to commit and retake the
+     batch transaction.  This requires a list of all DBs that are
+     currently in batch mode.  */
+
+  if (batch_update && ! db->batch_update)
+    {
+      rc = sqlite3_stepx (db->db, &db->s.savepoint_batch,
+                          NULL, NULL, &err,
+                          "savepoint batch;", SQLITE_ARG_END);
+      if (rc)
+        {
+          log_error
+            (_("error beginning %s transaction on TOFU database '%s': %s\n"),
+             "batch", *db->name ? db->name : "combined", err);
+          sqlite3_free (err);
+          return gpg_error (GPG_ERR_GENERAL);
+        }
+
+      db->batch_update = 1;
+    }
+
+  if (only_batch)
+    return 0;
+
+  rc = sqlite3_stepx (db->db, &db->s.savepoint_inner,
+                      NULL, NULL, &err,
+                      "savepoint inner;", SQLITE_ARG_END);
+  if (rc)
+    {
+      log_error
+        (_("error beginning %s transaction on TOFU database '%s': %s\n"),
+         "inner", *db->name ? db->name : "combined", err);
+      sqlite3_free (err);
+      return gpg_error (GPG_ERR_GENERAL);
+    }
+
+  return 0;
+}
+
+/* Commit a transaction.  If ONLY_BATCH is 1, then this only ends the
+   batch transaction if we have left batch mode.  If ONLY_BATCH is 2,
+   this ends any open batch transaction even if we are still in batch
+   mode.  */
+static gpg_error_t
+end_transaction (struct db *db, int only_batch)
+{
+  int rc;
+  char *err = NULL;
+
+  if ((! batch_update || only_batch == 2) && db->batch_update)
+    /* The batch transaction is still in open, but we left batch
+       mode.  */
+    {
+      db->batch_update = 0;
+
+      rc = sqlite3_stepx (db->db, &db->s.savepoint_batch_commit,
+                          NULL, NULL, &err,
+                          "release batch;", SQLITE_ARG_END);
+      if (rc)
+        {
+          log_error
+            (_("error committing %s transaction on TOFU database '%s': %s\n"),
+             "batch", *db->name ? db->name : "combined", err);
+          sqlite3_free (err);
+          return gpg_error (GPG_ERR_GENERAL);
+        }
+
+      /* Releasing an outer transaction releases an open inner
+         transactions.  We're done.  */
+      return 0;
+    }
+
+  if (only_batch)
+    return 0;
+
+  rc = sqlite3_stepx (db->db, &db->s.savepoint_inner_commit,
+                      NULL, NULL, &err,
+                      "release inner;", SQLITE_ARG_END);
+  if (rc)
+    {
+      log_error
+        (_("error committing %s transaction on TOFU database '%s': %s\n"),
+         "inner", *db->name ? db->name : "combined", err);
+      sqlite3_free (err);
+      return gpg_error (GPG_ERR_GENERAL);
+    }
+
+  return 0;
+}
 
+static gpg_error_t
+rollback_transaction (struct db *db)
+{
+  int rc;
+  char *err = NULL;
+
+  if (db->batch_update)
+    /* Just undo the most recent update; don't revert any progress
+       made by the batch transaction.  */
+    rc = sqlite3_exec (db->db, "rollback to inner;", NULL, NULL, &err);
+  else
+    /* Rollback the whole she-bang.  */
+    rc = sqlite3_exec (db->db, "rollback;", NULL, NULL, &err);
+
+  if (rc)
+    {
+      log_error
+        (_("error rolling back inner transaction on TOFU database '%s': %s\n"),
+         *db->name ? db->name : "combined", err);
+      sqlite3_free (err);
+      return gpg_error (GPG_ERR_GENERAL);
+    }
+
+  return 0;
+}
+
+void
+tofu_begin_batch_update (void)
+{
+  batch_update ++;
+}
+
+void
+tofu_end_batch_update (void)
+{
+  assert (batch_update > 0);
+  batch_update --;
+
+  if (batch_update == 0)
+    {
+      struct db *db;
+
+      for (db = db_cache; db; db = db->next)
+        end_transaction (db, 1);
+    }
+}
+

 /* Collect results of a select count (*) ...; style query.  Aborts if
    the argument is not a valid integer (or real of the form X.0).  */
 static int
@@ -652,7 +825,7 @@ initdb (sqlite3 *db, enum db_type type)
     }
   else
     {
-      rc = sqlite3_exec (db, "commit transaction;", NULL, NULL, &err);
+      rc = sqlite3_exec (db, "end transaction;", NULL, NULL, &err);
       if (rc)
 	{
 	  log_error (_("error committing transaction on TOFU DB: %s\n"),
@@ -736,10 +909,6 @@ link_db (struct db **head, struct db *db)
   *head = db;
 }
 
-static struct db *db_cache;
-static int db_cache_count;
-#define DB_CACHE_ENTRIES 16
-
 /* Return a database handle.  <type, name> describes the required
    database.  If there is a cached handle in DBS, that handle is
    returned.  Otherwise, the database is opened and cached in DBS.
@@ -889,7 +1058,10 @@ closedb (struct db *db)
       assert (db->name[0]);
     }
 
-  for (statements = &db->s.begin_transaction;
+  if (db->batch_update)
+    end_transaction (db, 2);
+
+  for (statements = (void *) &db->s;
        (void *) statements < (void *) &(&db->s)[1];
        statements ++)
     sqlite3_finalize (*statements);
@@ -983,7 +1155,14 @@ closedbs (struct dbs *dbs)
 
       /* Find the last DB.  */
       for (db = dbs->db, count = 1; db->next; db = db->next, count ++)
-        ;
+        {
+          /* When we leave batch mode we leave batch mode on any
+             cached connections.  */
+          if (! batch_update)
+            assert (! db->batch_update);
+        }
+      if (! batch_update)
+        assert (! db->batch_update);
 
       /* Join the two lists.  */
       db->next = db_cache;
@@ -1084,29 +1263,22 @@ record_binding (struct dbs *dbs, const char *fingerprint, const char *email,
       if (! db_key)
 	return gpg_error (GPG_ERR_GENERAL);
 
-      rc = sqlite3_stepx (db_email->db, &db_email->s.begin_transaction,
-                          NULL, NULL, &err,
-                          "begin transaction;", SQLITE_ARG_END);
+      rc = begin_transaction (db_email, 0);
       if (rc)
-	{
-	  log_error (_("error beginning transaction on TOFU %s database: %s\n"),
-		     "email", err);
-	  sqlite3_free (err);
-	  return gpg_error (GPG_ERR_GENERAL);
-	}
+        return gpg_error (GPG_ERR_GENERAL);
 
-      rc = sqlite3_stepx (db_key->db, &db_key->s.begin_transaction,
-                          NULL, NULL, &err,
-                          "begin transaction;", SQLITE_ARG_END);
+      rc = begin_transaction (db_key, 0);
       if (rc)
-	{
-	  log_error (_("error beginning transaction on TOFU %s database: %s\n"),
-		     "key", err);
-	  sqlite3_free (err);
-	  goto out_revert_one;
-	}
+        goto out_revert_one;
+    }
+  else
+    {
+      rc = begin_transaction (db_email, 1);
+      if (rc)
+        return gpg_error (GPG_ERR_GENERAL);
     }
 
+
   if (show_old)
     /* Get the old policy.  Since this is just for informational
        purposes, there is no need to start a transaction or to die if
@@ -1206,13 +1378,9 @@ record_binding (struct dbs *dbs, const char *fingerprint, const char *email,
       int rc2;
 
       if (rc)
-        rc2 = sqlite3_stepx (db_key->db, &db_key->s.rollback,
-                             NULL, NULL, &err,
-                             "rollback;", SQLITE_ARG_END);
+        rc2 = rollback_transaction (db_key);
       else
-        rc2 = sqlite3_stepx (db_key->db, &db_key->s.end_transaction,
-                             NULL, NULL, &err,
-                             "end transaction;", SQLITE_ARG_END);
+        rc2 = end_transaction (db_key, 0);
       if (rc2)
 	{
 	  log_error (_("error ending transaction on TOFU database: %s\n"),
@@ -1222,13 +1390,9 @@ record_binding (struct dbs *dbs, const char *fingerprint, const char *email,
 
     out_revert_one:
       if (rc)
-        rc2 = sqlite3_stepx (db_email->db, &db_email->s.rollback,
-                             NULL, NULL, &err,
-                             "rollback;", SQLITE_ARG_END);
+        rc2 = rollback_transaction (db_email);
       else
-        rc2 = sqlite3_stepx (db_email->db, &db_email->s.end_transaction,
-                             NULL, NULL, &err,
-                             "end transaction;", SQLITE_ARG_END);
+        rc2 = end_transaction (db_email, 0);
       if (rc2)
 	{
 	  log_error (_("error ending transaction on TOFU database: %s\n"),
@@ -2524,15 +2688,9 @@ tofu_register (const byte *fingerprint_bin, const char *user_id,
 
   /* We do a query and then an insert.  Make sure they are atomic
      by wrapping them in a transaction.  */
-  rc = sqlite3_stepx (db->db, &db->s.begin_transaction,
-                      NULL, NULL, &err, "begin transaction;",
-                      SQLITE_ARG_END);
+  rc = begin_transaction (db, 0);
   if (rc)
-    {
-      log_error (_("error beginning transaction on TOFU database: %s\n"), err);
-      sqlite3_free (err);
-      goto die;
-    }
+    goto die;
 
   /* If we've already seen this signature before, then don't add
      it again.  */
@@ -2607,11 +2765,9 @@ tofu_register (const byte *fingerprint_bin, const char *user_id,
   /* It only matters whether we abort or commit the transaction
      (so long as we do something) if we execute the insert.  */
   if (rc)
-    rc = sqlite3_stepx (db->db, &db->s.rollback, NULL, NULL, &err,
-                        "rollback;", SQLITE_ARG_END);
+    rc = rollback_transaction (db);
   else
-    rc = sqlite3_stepx (db->db, &db->s.end_transaction, NULL, NULL, &err,
-                        "end transaction;", SQLITE_ARG_END);
+    rc = end_transaction (db, 0);
   if (rc)
     {
       log_error (_("error ending transaction on TOFU database: %s\n"), err);
diff --git a/g10/tofu.h b/g10/tofu.h
index adf87ab..2d23e86 100644
--- a/g10/tofu.h
+++ b/g10/tofu.h
@@ -106,4 +106,10 @@ gpg_error_t tofu_set_policy_by_keyid (u32 *keyid, enum tofu_policy policy);
 gpg_error_t tofu_get_policy (PKT_public_key *pk, PKT_user_id *user_id,
 			     enum tofu_policy *policy);
 
+/* When doing a lot of DB activities (in particular, when listing
+   keys), this causes the DB to enter batch mode, which can
+   significantly speed up operations.  */
+void tofu_begin_batch_update (void);
+void tofu_end_batch_update (void);
+
 #endif /*G10_TOFU_H*/

commit 297cf8660ce346638e42934d84d746768f8bb10a
Author: Neal H. Walfield <neal at g10code.com>
Date:   Fri Oct 23 13:42:50 2015 +0200

    gpg: Cache prepared SQL queries and open DB connections.
    
    * g10/tofu.c: Include <stdarg.h>.
    (prepares_saved) [DEBUG_TOFU_CACHE]: New variable.
    (queries) [DEBUG_TOFU_CACHE]: New variable.
    (struct db): Add fields prevp, begin_transaction, end_transaction,
    rollback, record_binding_get_old_policy, record_binding_update,
    record_binding_update2, get_policy_select_policy_and_conflict,
    get_trust_bindings_with_this_email, get_trust_gather_other_user_ids,
    get_trust_gather_other_keys, register_already_seen, and
    register_insert.
    [DEBUG_TOFU_CACHE]: Add field hits.
    (STRINGIFY): New macro.
    (STRINGIFY2): New macro.
    (enum sqlite_arg_type): New enum.
    (sqlite3_stepx): New function.
    (combined_db): Remove variable.
    (opendb): Don't cache the combined db.
    (struct dbs): New struct.  Update users to use this as the head of the
    local DB list rather than overloading struct db.
    (unlink_db): New function.
    (link_db): New function.
    (db_cache): New variable.
    (db_cache_count): New variable.
    (DB_CACHE_ENTRIES): Define.
    (getdb): If the dbs specific cache doesn't include the DB, look at
    DB_CACHE.  Only if that also doesn't include the DB open the
    corresponding DB.
    (closedb): New function.
    (opendbs): Don't open the combined DB.  Just return an initialized
    struct dbs.
    (closedbs): Don't close the dbs specific dbs.  Attach them to the
    front of DB_CACHE.  If DB_CACHE contains more than DB_CACHE_ENTRIES,
    close enough dbs from the end of the DB_CACHE list such that DB_CACHE
    only contains DB_CACHE_ENTRIES.  Don't directly close the dbs, instead
    use the new closedb function.
    [DEBUG_TOFU_CACHE]: Print out some statistics.
    (record_binding): Use sqlite3_stepx instead of sqlite3_exec or
    sqlite3_exec_printf.
    (get_policy): Likewise.
    (get_trust): Likewise.
    (tofu_register): Likewise.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/g10/tofu.c b/g10/tofu.c
index 69a2b3b..3b8ced0 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -27,6 +27,7 @@
 #include <stdio.h>
 #include <sys/stat.h>
 #include <assert.h>
+#include <stdarg.h>
 #include <sqlite3.h>
 
 #include "gpg.h"
@@ -41,6 +42,12 @@
 
 #include "tofu.h"
 
+#define DEBUG_TOFU_CACHE 0
+#if DEBUG_TOFU_CACHE
+static int prepares_saved;
+static int queries;
+#endif
+
 /* The TOFU data can be saved in two different formats: either in a
    single combined database (opt.tofu_db_format == TOFU_DB_FLAT) or in
    a split file format (opt.tofu_db_format == TOFU_DB_SPLIT).  In the
@@ -71,17 +78,43 @@ enum db_type
 struct db
 {
   struct db *next;
+  struct db **prevp;
 
   enum db_type type;
 
   sqlite3 *db;
 
+  struct
+  {
+    sqlite3_stmt *begin_transaction;
+    sqlite3_stmt *end_transaction;
+    sqlite3_stmt *rollback;
+
+    sqlite3_stmt *record_binding_get_old_policy;
+    sqlite3_stmt *record_binding_update;
+    sqlite3_stmt *record_binding_update2;
+    sqlite3_stmt *get_policy_select_policy_and_conflict;
+    sqlite3_stmt *get_trust_bindings_with_this_email;
+    sqlite3_stmt *get_trust_gather_other_user_ids;
+    sqlite3_stmt *get_trust_gather_other_keys;
+    sqlite3_stmt *register_already_seen;
+    sqlite3_stmt *register_insert;
+  } s;
+
+
+#if DEBUG_TOFU_CACHE
+  int hits;
+#endif
+
   /* If TYPE is DB_COMBINED, this is "".  Otherwise, it is either the
      fingerprint (type == DB_KEY) or the normalized email address
      (type == DB_EMAIL).  */
   char name[1];
 };
 
+#define STRINGIFY(s) STRINGIFY2(s)
+#define STRINGIFY2(s) #s
+
 /* The grouping parameters when collecting signature statistics.  */
 
 /* If a message is signed a couple of hours in the future, just assume
@@ -187,6 +220,186 @@ sqlite3_exec_printf (sqlite3 *db,
   return rc;
 }
 
+enum sqlite_arg_type
+  {
+    SQLITE_ARG_END = 0xdead001,
+    SQLITE_ARG_INT,
+    SQLITE_ARG_LONG_LONG,
+    SQLITE_ARG_STRING
+  };
+
+static int
+sqlite3_stepx (sqlite3 *db,
+               sqlite3_stmt **stmtp,
+               int (*callback) (void*,int,char**,char**),
+               void *cookie,
+               char **errmsg,
+               const char *sql, ...)
+{
+  int rc;
+  int err = 0;
+  sqlite3_stmt *stmt = NULL;
+
+  va_list va;
+  int args;
+  enum sqlite_arg_type t;
+  int i;
+
+  int cols;
+  /* Names of the columns.  We initialize this lazily to avoid the
+     overhead in case the query doesn't return any results.  */
+  const char **azColName = 0;
+  int callback_initialized = 0;
+
+  const char **azVals = 0;
+
+  callback_initialized = 0;
+
+  if (stmtp && *stmtp)
+    {
+      stmt = *stmtp;
+
+      /* Make sure this statement is associated with the supplied db.  */
+      assert (db == sqlite3_db_handle (stmt));
+
+#if DEBUG_TOFU_CACHE
+      prepares_saved ++;
+#endif
+    }
+  else
+    {
+      rc = sqlite3_prepare_v2 (db, sql, -1, &stmt, NULL);
+      if (rc)
+        log_fatal ("failed to prepare SQL: %s", sql);
+
+      if (stmtp)
+        *stmtp = stmt;
+    }
+
+#if DEBUG_TOFU_CACHE
+  queries ++;
+#endif
+
+  args = sqlite3_bind_parameter_count (stmt);
+  va_start (va, sql);
+  if (args)
+    {
+      for (i = 1; i <= args; i ++)
+        {
+          t = va_arg (va, enum sqlite_arg_type);
+          switch (t)
+            {
+            case SQLITE_ARG_INT:
+              {
+                int value = va_arg (va, int);
+                err = sqlite3_bind_int (stmt, i, value);
+                break;
+              }
+            case SQLITE_ARG_LONG_LONG:
+              {
+                long long value = va_arg (va, long long);
+                err = sqlite3_bind_int64 (stmt, i, value);
+                break;
+              }
+            case SQLITE_ARG_STRING:
+              {
+                char *text = va_arg (va, char *);
+                err = sqlite3_bind_text (stmt, i, text, -1, SQLITE_STATIC);
+                break;
+              }
+            default:
+              /* Internal error.  Likely corruption.  */
+              log_fatal ("Bad value for parameter type %d.\n", t);
+            }
+
+          if (err)
+            {
+              log_fatal ("Error binding parameter %d\n", i);
+              goto out;
+            }
+        }
+
+    }
+  t = va_arg (va, enum sqlite_arg_type);
+  assert (t == SQLITE_ARG_END);
+  va_end (va);
+
+  for (;;)
+    {
+      rc = sqlite3_step (stmt);
+
+      if (rc != SQLITE_ROW)
+        /* No more data (SQLITE_DONE) or an error occured.  */
+        break;
+
+      if (! callback)
+        continue;
+
+      if (! callback_initialized)
+        {
+          cols = sqlite3_column_count (stmt);
+          azColName = xmalloc (2 * cols * sizeof (const char *) + 1);
+
+          for (i = 0; i < cols; i ++)
+            azColName[i] = sqlite3_column_name (stmt, i);
+
+          callback_initialized = 1;
+        }
+
+      azVals = &azColName[cols];
+      for (i = 0; i < cols; i ++)
+        {
+          azVals[i] = sqlite3_column_text (stmt, i);
+          if (! azVals[i] && sqlite3_column_type (stmt, i) != SQLITE_NULL)
+            /* Out of memory.  */
+            {
+              err = SQLITE_NOMEM;
+              break;
+            }
+        }
+
+      if (callback (cookie, cols, (char **) azVals, (char **) azColName))
+        /* A non-zero result means to abort.  */
+        {
+          err = SQLITE_ABORT;
+          break;
+        }
+    }
+
+ out:
+  xfree (azColName);
+
+  if (stmtp)
+    rc = sqlite3_reset (stmt);
+  else
+    rc = sqlite3_finalize (stmt);
+  if (rc == SQLITE_OK && err)
+    /* Local error.  */
+    {
+      rc = err;
+      if (errmsg)
+        {
+          const char *e = sqlite3_errstr (err);
+          size_t l = strlen (e) + 1;
+          *errmsg = sqlite3_malloc (l);
+          if (! *errmsg)
+            log_fatal ("Out of memory.\n");
+          memcpy (*errmsg, e, l);
+        }
+    }
+  else if (rc != SQLITE_OK && errmsg)
+    /* Error reported by sqlite.  */
+    {
+      const char * e = sqlite3_errmsg (db);
+      size_t l = strlen (e) + 1;
+      *errmsg = sqlite3_malloc (l);
+      if (! *errmsg)
+        log_fatal ("Out of memory.\n");
+      memcpy (*errmsg, e, l);
+    }
+
+  return rc;
+}
 
 /* Collect results of a select count (*) ...; style query.  Aborts if
    the argument is not a valid integer (or real of the form X.0).  */
@@ -451,8 +664,6 @@ initdb (sqlite3 *db, enum db_type type)
     }
 }
 
-static sqlite3 *combined_db;
-
 /* Open and initialize a low-level TOFU database.  Returns NULL on
    failure.  This function should not normally be directly called to
    get a database handle.  Instead, use getdb().  */
@@ -468,9 +679,6 @@ opendb (char *filename, enum db_type type)
       assert (! filename);
       assert (type == DB_COMBINED);
 
-      if (combined_db)
-	return combined_db;
-
       filename = make_filename (opt.homedir, "tofu.db", NULL);
       filename_free = 1;
     }
@@ -502,12 +710,36 @@ opendb (char *filename, enum db_type type)
       db = NULL;
     }
 
-  if (opt.tofu_db_format == TOFU_DB_FLAT)
-    combined_db = db;
-
   return db;
 }
 
+struct dbs
+{
+  struct db *db;
+};
+
+static void
+unlink_db (struct db *db)
+{
+  *db->prevp = db->next;
+  if (db->next)
+    db->next->prevp = db->prevp;
+}
+
+static void
+link_db (struct db **head, struct db *db)
+{
+  db->next = *head;
+  if (db->next)
+    db->next->prevp = &db->next;
+  db->prevp = head;
+  *head = db;
+}
+
+static struct db *db_cache;
+static int db_cache_count;
+#define DB_CACHE_ENTRIES 16
+
 /* Return a database handle.  <type, name> describes the required
    database.  If there is a cached handle in DBS, that handle is
    returned.  Otherwise, the database is opened and cached in DBS.
@@ -517,108 +749,165 @@ opendb (char *filename, enum db_type type)
    TYPE must be either DB_MAIL or DB_KEY.  In the combined format, the
    combined DB is always returned.  */
 static struct db *
-getdb (struct db *dbs, const char *name, enum db_type type)
+getdb (struct dbs *dbs, const char *name, enum db_type type)
 {
   struct db *t = NULL;
-  sqlite3 *sqlitedb = NULL;
   char *name_sanitized = NULL;
+  int count;
   char *filename = NULL;
-  int i;
+  int need_link = 1;
+  sqlite3 *sqlitedb = NULL;
 
+  assert (dbs);
   assert (name);
   assert (type == DB_EMAIL || type == DB_KEY);
 
-  assert (dbs);
-  /* The first entry is always for the combined DB.  */
-  assert (dbs->type == DB_COMBINED);
-  assert (! dbs->name[0]);
-
   if (opt.tofu_db_format == TOFU_DB_FLAT)
-    /* When using the flat format, we only have a single combined
-       DB.  */
+    /* When using the flat format, we only have a single DB, the
+       combined DB.  */
     {
-      assert (dbs->db);
-      assert (! dbs->next);
-      return dbs;
-    }
-  else
-    /* When using the split format the first entry on the DB list is a
-       dummy entry.  */
-    assert (! dbs->db);
+      if (dbs->db)
+        {
+          assert (dbs->db->type == DB_COMBINED);
+          assert (! dbs->db->next);
+          return dbs->db;
+        }
 
-  /* We have the split format.  */
+      type = DB_COMBINED;
+    }
 
-  /* Only allow alpha-numeric characters in the filename.  */
-  name_sanitized = xstrdup (name);
-  for (i = 0; name[i]; i ++)
+  if (type != DB_COMBINED)
+    /* Only allow alpha-numeric characters in the name.  */
     {
-      char c = name_sanitized[i];
-      if (! (('a' <= c && c <= 'z')
-	     || ('A' <= c && c <= 'Z')
-	     || ('0' <= c && c <= '9')))
-	name_sanitized[i] = '_';
+      int i;
+
+      name_sanitized = xstrdup (name);
+      for (i = 0; name[i]; i ++)
+        {
+          char c = name_sanitized[i];
+          if (! (('a' <= c && c <= 'z')
+                 || ('A' <= c && c <= 'Z')
+                 || ('0' <= c && c <= '9')))
+            name_sanitized[i] = '_';
+        }
     }
 
   /* See if the DB is cached.  */
-  for (t = dbs->next; t; t = t->next)
-    if (type == t->type && strcmp (t->name, name_sanitized) == 0)
-      goto out;
+  for (t = dbs->db; t; t = t->next)
+    if (t->type == type
+        && (type == DB_COMBINED || strcmp (t->name, name_sanitized) == 0))
+      {
+        need_link = 0;
+        goto out;
+      }
 
-  /* Open the DB.  The filename has the form:
+  for (t = db_cache, count = 0; t; t = t->next, count ++)
+    if (type == t->type
+        && (type == DB_COMBINED || strcmp (t->name, name_sanitized) == 0))
+      {
+        unlink_db (t);
+        db_cache_count --;
+        goto out;
+      }
 
-       tofu.d/TYPE/PREFIX/NAME.db
+  assert (db_cache_count == count);
 
-     We use a short prefix to try to avoid having many files in a
-     single directory.  */
-  {
-    char *type_str = type == DB_EMAIL ? "email" : "key";
-    char prefix[3] = { name_sanitized[0], name_sanitized[1], 0 };
-    char *name_db;
+  if (type == DB_COMBINED)
+    filename = NULL;
+  else
+    {
+      /* Open the DB.  The filename has the form:
 
-    /* Make the directory.  */
-    if (gnupg_mkdir_p (opt.homedir, "tofu.d", type_str, prefix, NULL) != 0)
+         tofu.d/TYPE/PREFIX/NAME.db
+
+         We use a short prefix to try to avoid having many files in a
+         single directory.  */
       {
-	log_error (_("unable to create directory %s/%s/%s/%s"),
-		   opt.homedir, "tofu.d", type_str, prefix);
-        goto out;
+        char *type_str = type == DB_EMAIL ? "email" : "key";
+        char prefix[3] = { name_sanitized[0], name_sanitized[1], 0 };
+        char *name_db;
+
+        /* Make the directory.  */
+        if (gnupg_mkdir_p (opt.homedir, "tofu.d", type_str, prefix, NULL) != 0)
+          {
+            log_error (_("unable to create directory %s/%s/%s/%s"),
+                       opt.homedir, "tofu.d", type_str, prefix);
+            goto out;
+          }
+
+        name_db = xstrconcat (name_sanitized, ".db", NULL);
+        filename = make_filename
+          (opt.homedir, "tofu.d", type_str, prefix, name_db, NULL);
+        xfree (name_db);
       }
-
-    name_db = xstrconcat (name_sanitized, ".db", NULL);
-    filename = make_filename
-      (opt.homedir, "tofu.d", type_str, prefix, name_db, NULL);
-    xfree (name_db);
-  }
+    }
 
   sqlitedb = opendb (filename, type);
   if (! sqlitedb)
     goto out;
 
-  t = xmalloc (sizeof (struct db) + strlen (name_sanitized));
+  t = xmalloc_clear (sizeof (struct db)
+                     + (name_sanitized ? strlen (name_sanitized) : 0));
   t->type = type;
   t->db = sqlitedb;
-  strcpy (t->name, name_sanitized);
-
-  /* Insert it immediately after the first element.  */
-  t->next = dbs->next;
-  dbs->next = t;
+  if (name_sanitized)
+    strcpy (t->name, name_sanitized);
 
  out:
+  if (t && need_link)
+    link_db (&dbs->db, t);
+
+#if DEBUG_TOFU_CACHE
+  if (t)
+    t->hits ++;
+#endif
+
   xfree (filename);
   xfree (name_sanitized);
-
-  if (! t)
-    return NULL;
   return t;
 }
 
+static void
+closedb (struct db *db)
+{
+  sqlite3_stmt **statements;
+
+  if (opt.tofu_db_format == TOFU_DB_FLAT)
+    /* If we are using the flat format, then there is only ever the
+       combined DB.  */
+    assert (! db->next);
+
+  if (db->type == DB_COMBINED)
+    {
+      assert (opt.tofu_db_format == TOFU_DB_FLAT);
+      assert (! db->name[0]);
+    }
+  else
+    {
+      assert (opt.tofu_db_format == TOFU_DB_SPLIT);
+      assert (db->type != DB_COMBINED);
+      assert (db->name[0]);
+    }
+
+  for (statements = &db->s.begin_transaction;
+       (void *) statements < (void *) &(&db->s)[1];
+       statements ++)
+    sqlite3_finalize (*statements);
+
+  sqlite3_close (db->db);
+
+#if DEBUG_TOFU_CACHE
+  log_debug ("Freeing db.  Used %d times.\n", db->hits);
+#endif
+
+  xfree (db);
+}
+
 
 /* Create a new DB meta-handle.  Returns NULL on error.  */
-static struct db *
+static struct dbs *
 opendbs (void)
 {
-  sqlite3 *db = NULL;
-  struct db *dbs;
-
   if (opt.tofu_db_format == TOFU_DB_AUTO)
     {
       char *filename = make_filename (opt.homedir, "tofu.db", NULL);
@@ -679,88 +968,63 @@ opendbs (void)
 	}
     }
 
-  if (opt.tofu_db_format == TOFU_DB_FLAT)
-    {
-      db = opendb (NULL, DB_COMBINED);
-      if (! db)
-	return NULL;
-    }
-  else
-    {
-      /* Create a dummy entry so that we have a handle.  */
-    }
-
-  dbs = xmalloc_clear (sizeof (*dbs));
-  dbs->db = db;
-  dbs->type = DB_COMBINED;
-
-  return dbs;
+  return xmalloc_clear (sizeof (struct dbs));
 }
 
 /* Release all of the resources associated with a DB meta-handle.  */
 static void
-closedbs (struct db *dbs)
+closedbs (struct dbs *dbs)
 {
-  struct db *db;
-  struct db *n;
-
-  /* The first entry is always the combined DB.  */
-  assert (dbs->type == DB_COMBINED);
-  if (opt.tofu_db_format == TOFU_DB_FLAT)
+  if (dbs->db)
     {
-      /* If we are using the flat format, then there is only ever the
-	 combined DB.  */
-      assert (! dbs->next);
-      assert (dbs->db);
-      assert (dbs->db == combined_db);
-    }
-  else
-    /* In the split format, the combined record is just a place holder
-       so that we have a stable handle.  */
-    assert (! dbs->db);
+      struct db *old_head = db_cache;
+      struct db *db;
+      int count;
 
-  for (db = dbs; db; db = n)
-    {
-      n = db->next;
+      /* Find the last DB.  */
+      for (db = dbs->db, count = 1; db->next; db = db->next, count ++)
+        ;
 
-      if (combined_db && db->db == combined_db)
-	{
-	  assert (opt.tofu_db_format == TOFU_DB_FLAT);
-	  assert (dbs == db);
-	  assert (db->type == DB_COMBINED);
-	  assert (! db->name[0]);
-	}
-      else if (db->db)
-	/* Not the dummy entry.  */
-	{
-	  if (dbs == db)
-	    /* The first entry.  */
-	    {
-	      assert (opt.tofu_db_format == TOFU_DB_FLAT);
-	      assert (db->type == DB_COMBINED);
-	      assert (! db->name[0]);
-	    }
-	  else
-	    /* Not the first entry.  */
-	    {
-	      assert (opt.tofu_db_format == TOFU_DB_SPLIT);
-	      assert (db->type != DB_COMBINED);
-	      assert (db->name[0]);
-	    }
+      /* Join the two lists.  */
+      db->next = db_cache;
+      if (db_cache)
+        db_cache->prevp = &db->next;
 
-	  sqlite3_close (db->db);
-	}
-      else
-	/* The dummy entry.  */
-	{
-	  assert (opt.tofu_db_format == TOFU_DB_SPLIT);
-	  assert (dbs == db);
-	  assert (db->type == DB_COMBINED);
-	  assert (! db->name[0]);
-	}
+      /* Update the (new) first element.  */
+      db_cache = dbs->db;
+      dbs->db->prevp = &db_cache;
+
+      db_cache_count += count;
+
+      /* Make sure that we don't have too many DBs on DB_CACHE.  If
+         so, free some.  */
+      if (db_cache_count > DB_CACHE_ENTRIES)
+        {
+          /* We need to find the (DB_CACHE_ENTRIES + 1)th entry.  It
+             is easy to skip the first COUNT entries since we still
+             have a handle on the old head.  */
+          int skip = DB_CACHE_ENTRIES - count;
+          while (-- skip > 0)
+            old_head = old_head->next;
 
-      xfree (db);
+          *old_head->prevp = NULL;
+
+          while (old_head)
+            {
+              db = old_head->next;
+              closedb (old_head);
+              old_head = db;
+              db_cache_count --;
+            }
+        }
     }
+
+  xfree (dbs);
+
+#if DEBUG_TOFU_CACHE
+  log_debug ("Queries: %d (prepares saved: %d)\n",
+             queries, prepares_saved);
+#endif
 }
 
 
@@ -790,7 +1054,7 @@ get_single_long_cb (void *cookie, int argc, char **argv, char **azColName)
 
    If SHOW_OLD is set, the binding's old policy is displayed.  */
 static gpg_error_t
-record_binding (struct db *dbs, const char *fingerprint, const char *email,
+record_binding (struct dbs *dbs, const char *fingerprint, const char *email,
 		const char *user_id, enum tofu_policy policy, int show_old)
 {
   struct db *db_email = NULL, *db_key = NULL;
@@ -820,7 +1084,9 @@ record_binding (struct db *dbs, const char *fingerprint, const char *email,
       if (! db_key)
 	return gpg_error (GPG_ERR_GENERAL);
 
-      rc = sqlite3_exec (db_email->db, "begin transaction;", NULL, NULL, &err);
+      rc = sqlite3_stepx (db_email->db, &db_email->s.begin_transaction,
+                          NULL, NULL, &err,
+                          "begin transaction;", SQLITE_ARG_END);
       if (rc)
 	{
 	  log_error (_("error beginning transaction on TOFU %s database: %s\n"),
@@ -829,7 +1095,9 @@ record_binding (struct db *dbs, const char *fingerprint, const char *email,
 	  return gpg_error (GPG_ERR_GENERAL);
 	}
 
-      rc = sqlite3_exec (db_key->db, "begin transaction;", NULL, NULL, &err);
+      rc = sqlite3_stepx (db_key->db, &db_key->s.begin_transaction,
+                          NULL, NULL, &err,
+                          "begin transaction;", SQLITE_ARG_END);
       if (rc)
 	{
 	  log_error (_("error beginning transaction on TOFU %s database: %s\n"),
@@ -844,10 +1112,12 @@ record_binding (struct db *dbs, const char *fingerprint, const char *email,
        purposes, there is no need to start a transaction or to die if
        there is a failure.  */
     {
-      rc = sqlite3_exec_printf
-	(db_email->db, get_single_long_cb, &policy_old, &err,
-	 "select policy from bindings where fingerprint = %Q and email = %Q",
-	 fingerprint, email);
+      rc = sqlite3_stepx
+	(db_email->db, &db_email->s.record_binding_get_old_policy,
+         get_single_long_cb, &policy_old, &err,
+	 "select policy from bindings where fingerprint = ? and email = ?",
+	 SQLITE_ARG_STRING, fingerprint, SQLITE_ARG_STRING, email,
+         SQLITE_ARG_END);
       if (rc)
 	{
 	  log_debug ("TOFU: Error reading from binding database"
@@ -875,17 +1145,20 @@ record_binding (struct db *dbs, const char *fingerprint, const char *email,
     /* Nothing to do.  */
     goto out;
 
-  rc = sqlite3_exec_printf
-    (db_email->db, NULL, NULL, &err,
+  rc = sqlite3_stepx
+    (db_email->db, &db_email->s.record_binding_update, NULL, NULL, &err,
      "insert or replace into bindings\n"
      " (oid, fingerprint, email, user_id, time, policy)\n"
      " values (\n"
      /* If we don't explicitly reuse the OID, then SQLite will
 	reallocate a new one.  We just need to search for the OID
 	based on the fingerprint and email since they are unique.  */
-     "  (select oid from bindings where fingerprint = %Q and email = %Q),\n"
-     "  %Q, %Q, %Q, strftime('%%s','now'), %d);",
-     fingerprint, email, fingerprint, email, user_id, policy);
+     "  (select oid from bindings where fingerprint = ? and email = ?),\n"
+     "  ?, ?, ?, strftime('%s','now'), ?);",
+     SQLITE_ARG_STRING, fingerprint, SQLITE_ARG_STRING, email,
+     SQLITE_ARG_STRING, fingerprint, SQLITE_ARG_STRING, email,
+     SQLITE_ARG_STRING, user_id, SQLITE_ARG_INT, (int) policy,
+     SQLITE_ARG_END);
   if (rc)
     {
       log_error (_("error updating TOFU binding database"
@@ -901,17 +1174,19 @@ record_binding (struct db *dbs, const char *fingerprint, const char *email,
     {
       assert (opt.tofu_db_format == TOFU_DB_SPLIT);
 
-      rc = sqlite3_exec_printf
-	(db_key->db, NULL, NULL, &err,
+      rc = sqlite3_stepx
+	(db_key->db, &db_key->s.record_binding_update2, NULL, NULL, &err,
 	 "insert or replace into bindings\n"
 	 " (oid, fingerprint, email, user_id)\n"
 	 " values (\n"
 	 /* If we don't explicitly reuse the OID, then SQLite will
 	    reallocate a new one.  We just need to search for the OID
 	    based on the fingerprint and email since they are unique.  */
-	 "  (select oid from bindings where fingerprint = %Q and email = %Q),\n"
-	 "  %Q, %Q, %Q);",
-	 fingerprint, email, fingerprint, email, user_id);
+	 "  (select oid from bindings where fingerprint = ? and email = ?),\n"
+	 "  ?, ?, ?);",
+	 SQLITE_ARG_STRING, fingerprint, SQLITE_ARG_STRING, email,
+         SQLITE_ARG_STRING, fingerprint, SQLITE_ARG_STRING, email,
+         SQLITE_ARG_STRING, user_id, SQLITE_ARG_END);
       if (rc)
 	{
 	  log_error (_("error updating TOFU binding database"
@@ -930,8 +1205,14 @@ record_binding (struct db *dbs, const char *fingerprint, const char *email,
     {
       int rc2;
 
-      rc2 = sqlite3_exec_printf (db_key->db, NULL, NULL, &err,
-				 rc ? "rollback;" : "end transaction;");
+      if (rc)
+        rc2 = sqlite3_stepx (db_key->db, &db_key->s.rollback,
+                             NULL, NULL, &err,
+                             "rollback;", SQLITE_ARG_END);
+      else
+        rc2 = sqlite3_stepx (db_key->db, &db_key->s.end_transaction,
+                             NULL, NULL, &err,
+                             "end transaction;", SQLITE_ARG_END);
       if (rc2)
 	{
 	  log_error (_("error ending transaction on TOFU database: %s\n"),
@@ -940,8 +1221,14 @@ record_binding (struct db *dbs, const char *fingerprint, const char *email,
 	}
 
     out_revert_one:
-      rc2 = sqlite3_exec_printf (db_email->db, NULL, NULL, &err,
-				 rc ? "rollback;" : "end transaction;");
+      if (rc)
+        rc2 = sqlite3_stepx (db_email->db, &db_email->s.rollback,
+                             NULL, NULL, &err,
+                             "rollback;", SQLITE_ARG_END);
+      else
+        rc2 = sqlite3_stepx (db_email->db, &db_email->s.end_transaction,
+                             NULL, NULL, &err,
+                             "end transaction;", SQLITE_ARG_END);
       if (rc2)
 	{
 	  log_error (_("error ending transaction on TOFU database: %s\n"),
@@ -1154,7 +1441,7 @@ time_ago_unit (signed long t)
    if CONFLICT is not NULL.  Returns _tofu_GET_POLICY_ERROR if an error
    occurs.  */
 static enum tofu_policy
-get_policy (struct db *dbs, const char *fingerprint, const char *email,
+get_policy (struct dbs *dbs, const char *fingerprint, const char *email,
 	    char **conflict)
 {
   struct db *db;
@@ -1172,11 +1459,13 @@ get_policy (struct db *dbs, const char *fingerprint, const char *email,
      (TOFU_POLICY_NONE cannot appear in the DB.  Thus, if POLICY is
      still TOFU_POLICY_NONE after executing the query, then the
      result set was empty.)  */
-  rc = sqlite3_exec_printf
-    (db->db, strings_collect_cb, &strlist, &err,
-     "select policy, conflict from bindings\n"
-     " where fingerprint = %Q and email = %Q",
-     fingerprint, email);
+  rc = sqlite3_stepx (db->db, &db->s.get_policy_select_policy_and_conflict,
+                      strings_collect_cb, &strlist, &err,
+                      "select policy, conflict from bindings\n"
+                      " where fingerprint = ? and email = ?",
+                      SQLITE_ARG_STRING, fingerprint,
+                      SQLITE_ARG_STRING, email,
+                      SQLITE_ARG_END);
   if (rc)
     {
       log_error (_("error reading from TOFU database"
@@ -1264,7 +1553,7 @@ get_policy (struct db *dbs, const char *fingerprint, const char *email,
    conflicting binding's policy to TOFU_POLICY_ASK.  In either case,
    we return TRUST_UNDEFINED.  */
 static enum tofu_policy
-get_trust (struct db *dbs, const char *fingerprint, const char *email,
+get_trust (struct dbs *dbs, const char *fingerprint, const char *email,
 	   const char *user_id, int may_ask)
 {
   struct db *db;
@@ -1408,16 +1697,17 @@ get_trust (struct db *dbs, const char *fingerprint, const char *email,
           (need to check for a conflict).
    */
 
-  /* Look for conflicts.  This is need in all 3 cases.
+  /* Look for conflicts.  This is needed in all 3 cases.
 
      Get the fingerprints of any bindings that share the email
      address.  Note: if the binding in question is in the DB, it will
      also be returned.  Thus, if the result set is empty, then this is
      a new binding.  */
-  rc = sqlite3_exec_printf
-    (db->db, strings_collect_cb, &bindings_with_this_email, &err,
-     "select distinct fingerprint from bindings where email = %Q;",
-     email);
+  rc = sqlite3_stepx
+    (db->db, &db->s.get_trust_bindings_with_this_email,
+     strings_collect_cb, &bindings_with_this_email, &err,
+     "select distinct fingerprint from bindings where email = ?;",
+     SQLITE_ARG_STRING, email, SQLITE_ARG_END);
   if (rc)
     {
       log_error (_("error reading from TOFU database"
@@ -1556,11 +1846,13 @@ get_trust (struct db *dbs, const char *fingerprint, const char *email,
 
       if (db_key)
 	{
-	  rc = sqlite3_exec_printf
-	    (db_key->db, strings_collect_cb, &other_user_ids, &err,
-	     "select user_id, %s from bindings where fingerprint = %Q;",
-	     opt.tofu_db_format == TOFU_DB_SPLIT ? "email" : "policy",
-	     fingerprint);
+	  rc = sqlite3_stepx
+	    (db_key->db, &db_key->s.get_trust_gather_other_user_ids,
+             strings_collect_cb, &other_user_ids, &err,
+             opt.tofu_db_format == TOFU_DB_SPLIT
+	     ? "select user_id, email from bindings where fingerprint = ?;"
+	     : "select user_id, policy from bindings where fingerprint = ?;",
+	     SQLITE_ARG_STRING, fingerprint, SQLITE_ARG_END);
 	  if (rc)
 	    {
 	      log_error (_("error gathering other user ids: %s.\n"), err);
@@ -1605,8 +1897,9 @@ get_trust (struct db *dbs, const char *fingerprint, const char *email,
     /* XXX: When generating the statistics, do we want the time
        embedded in the signature (column 'sig_time') or the time that
        we first verified the signature (column 'time').  */
-    rc = sqlite3_exec_printf
-      (db->db, signature_stats_collect_cb, &stats, &err,
+    rc = sqlite3_stepx
+      (db->db, &db->s.get_trust_gather_other_keys,
+       signature_stats_collect_cb, &stats, &err,
        "select fingerprint, policy, time_ago, count(*)\n"
        " from (select bindings.*,\n"
        "        case\n"
@@ -1615,27 +1908,30 @@ get_trust (struct db *dbs, const char *fingerprint, const char *email,
 	  small, medium or large units?  (Note: whatever we do, we
 	  keep the value in seconds.  Then when we group, everything
 	  that rounds to the same number of seconds is grouped.)  */
-       "         when delta < -%d then -1\n"
-       "         when delta < %d then max(0, round(delta / %d) * %d)\n"
-       "         when delta < %d then round(delta / %d) * %d\n"
-       "         else round(delta / %d) * %d\n"
+       "         when delta < -("STRINGIFY (TIME_AGO_FUTURE_IGNORE)") then -1\n"
+       "         when delta < ("STRINGIFY (TIME_AGO_MEDIUM_THRESHOLD)")\n"
+       "          then max(0,\n"
+       "                   round(delta / ("STRINGIFY (TIME_AGO_UNIT_SMALL)"))\n"
+       "               * ("STRINGIFY (TIME_AGO_UNIT_SMALL)"))\n"
+       "         when delta < ("STRINGIFY (TIME_AGO_LARGE_THRESHOLD)")\n"
+       "          then round(delta / ("STRINGIFY (TIME_AGO_UNIT_MEDIUM)"))\n"
+       "               * ("STRINGIFY (TIME_AGO_UNIT_MEDIUM)")\n"
+       "         else round(delta / ("STRINGIFY (TIME_AGO_UNIT_LARGE)"))\n"
+       "              * ("STRINGIFY (TIME_AGO_UNIT_LARGE)")\n"
        "        end time_ago,\n"
        "        delta time_ago_raw\n"
        "       from bindings\n"
        "       left join\n"
        "         (select *,\n"
-       "            cast(strftime('%%s','now') - sig_time as real) delta\n"
+       "            cast(strftime('%s','now') - sig_time as real) delta\n"
        "           from signatures) ss\n"
        "        on ss.binding = bindings.oid)\n"
-       " where email = %Q\n"
+       " where email = ?\n"
        " group by fingerprint, time_ago\n"
        /* Make sure the current key is first.  */
-       " order by fingerprint = %Q asc, fingerprint desc, time_ago desc;\n",
-       TIME_AGO_FUTURE_IGNORE,
-       TIME_AGO_MEDIUM_THRESHOLD, TIME_AGO_UNIT_SMALL, TIME_AGO_UNIT_SMALL,
-       TIME_AGO_LARGE_THRESHOLD, TIME_AGO_UNIT_MEDIUM, TIME_AGO_UNIT_MEDIUM,
-       TIME_AGO_UNIT_LARGE, TIME_AGO_UNIT_LARGE,
-       email, fingerprint);
+       " order by fingerprint = ? asc, fingerprint desc, time_ago desc;\n",
+       SQLITE_ARG_STRING, email, SQLITE_ARG_STRING, fingerprint,
+       SQLITE_ARG_END);
     if (rc)
       {
 	strlist_t strlist_iter;
@@ -1825,7 +2121,7 @@ get_trust (struct db *dbs, const char *fingerprint, const char *email,
 }
 
 static void
-show_statistics (struct db *dbs, const char *fingerprint,
+show_statistics (struct dbs *dbs, const char *fingerprint,
 		 const char *email, const char *user_id,
 		 const char *sig_exclude)
 {
@@ -2174,7 +2470,7 @@ tofu_register (const byte *fingerprint_bin, const char *user_id,
 	       const byte *sig_digest_bin, int sig_digest_bin_len,
 	       time_t sig_time, const char *origin, int may_ask)
 {
-  struct db *dbs;
+  struct dbs *dbs;
   struct db *db;
   char *fingerprint = NULL;
   char *email = NULL;
@@ -2228,7 +2524,9 @@ tofu_register (const byte *fingerprint_bin, const char *user_id,
 
   /* We do a query and then an insert.  Make sure they are atomic
      by wrapping them in a transaction.  */
-  rc = sqlite3_exec (db->db, "begin transaction;", NULL, NULL, &err);
+  rc = sqlite3_stepx (db->db, &db->s.begin_transaction,
+                      NULL, NULL, &err, "begin transaction;",
+                      SQLITE_ARG_END);
   if (rc)
     {
       log_error (_("error beginning transaction on TOFU database: %s\n"), err);
@@ -2238,14 +2536,18 @@ tofu_register (const byte *fingerprint_bin, const char *user_id,
 
   /* If we've already seen this signature before, then don't add
      it again.  */
-  rc = sqlite3_exec_printf
-    (db->db, get_single_unsigned_long_cb, &c, &err,
+  rc = sqlite3_stepx
+    (db->db, &db->s.register_already_seen,
+     get_single_unsigned_long_cb, &c, &err,
      "select count (*)\n"
      " from signatures left join bindings\n"
      "  on signatures.binding = bindings.oid\n"
-     " where fingerprint = %Q and email = %Q and sig_time = 0x%lx\n"
-     "  and sig_digest = %Q",
-     fingerprint, email, (unsigned long) sig_time, sig_digest);
+     " where fingerprint = ? and email = ? and sig_time = ?\n"
+     "  and sig_digest = ?",
+     SQLITE_ARG_STRING, fingerprint, SQLITE_ARG_STRING, email,
+     SQLITE_ARG_LONG_LONG, (long long) sig_time,
+     SQLITE_ARG_STRING, sig_digest,
+     SQLITE_ARG_END);
   if (rc)
     {
       log_error (_("error reading from signatures database"
@@ -2281,15 +2583,18 @@ tofu_register (const byte *fingerprint_bin, const char *user_id,
 
       assert (c == 0);
 
-      rc = sqlite3_exec_printf
-	(db->db, NULL, NULL, &err,
+      rc = sqlite3_stepx
+	(db->db, &db->s.register_insert, NULL, NULL, &err,
 	 "insert into signatures\n"
 	 " (binding, sig_digest, origin, sig_time, time)\n"
 	 " values\n"
 	 " ((select oid from bindings\n"
-	 "    where fingerprint = %Q and email = %Q),\n"
-	 "  %Q, %Q, 0x%lx, strftime('%%s', 'now'));",
-	 fingerprint, email, sig_digest, origin, (unsigned long) sig_time);
+	 "    where fingerprint = ? and email = ?),\n"
+	 "  ?, ?, ?, strftime('%s', 'now'));",
+	 SQLITE_ARG_STRING, fingerprint, SQLITE_ARG_STRING, email,
+         SQLITE_ARG_STRING, sig_digest, SQLITE_ARG_STRING, origin,
+         SQLITE_ARG_LONG_LONG, (long long) sig_time,
+         SQLITE_ARG_END);
       if (rc)
 	{
 	  log_error (_("error updating TOFU DB"
@@ -2302,9 +2607,11 @@ tofu_register (const byte *fingerprint_bin, const char *user_id,
   /* It only matters whether we abort or commit the transaction
      (so long as we do something) if we execute the insert.  */
   if (rc)
-    rc = sqlite3_exec (db->db, "rollback;", NULL, NULL, &err);
+    rc = sqlite3_stepx (db->db, &db->s.rollback, NULL, NULL, &err,
+                        "rollback;", SQLITE_ARG_END);
   else
-    rc = sqlite3_exec (db->db, "commit transaction;", NULL, NULL, &err);
+    rc = sqlite3_stepx (db->db, &db->s.end_transaction, NULL, NULL, &err,
+                        "end transaction;", SQLITE_ARG_END);
   if (rc)
     {
       log_error (_("error ending transaction on TOFU database: %s\n"), err);
@@ -2392,7 +2699,7 @@ int
 tofu_get_validity (const byte *fingerprint_bin, const char *user_id,
 		   int may_ask)
 {
-  struct db *dbs;
+  struct dbs *dbs;
   char *fingerprint = NULL;
   char *email = NULL;
   int trust_level = TRUST_UNDEFINED;
@@ -2441,7 +2748,7 @@ tofu_get_validity (const byte *fingerprint_bin, const char *user_id,
 gpg_error_t
 tofu_set_policy (kbnode_t kb, enum tofu_policy policy)
 {
-  struct db *dbs;
+  struct dbs *dbs;
   PKT_public_key *pk;
   char fingerprint_bin[MAX_FINGERPRINT_LEN];
   size_t fingerprint_bin_len = sizeof (fingerprint_bin);
@@ -2524,7 +2831,7 @@ gpg_error_t
 tofu_get_policy (PKT_public_key *pk, PKT_user_id *user_id,
 		 enum tofu_policy *policy)
 {
-  struct db *dbs;
+  struct dbs *dbs;
   char fingerprint_bin[MAX_FINGERPRINT_LEN];
   size_t fingerprint_bin_len = sizeof (fingerprint_bin);
   char *fingerprint;

commit cd879d4bd69a578be5a1ff96497f8c1181885563
Author: Neal H. Walfield <neal at g10code.com>
Date:   Wed Oct 21 21:16:43 2015 +0200

    gpg: Return the DBs meta-handle rather than the sqlite3 handle.
    
    * g10/tofu.c (getdb): Return a struct db * instead of an sqlite *.
    Update users.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/g10/tofu.c b/g10/tofu.c
index b758875..69a2b3b 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -516,7 +516,7 @@ opendb (char *filename, enum db_type type)
 
    TYPE must be either DB_MAIL or DB_KEY.  In the combined format, the
    combined DB is always returned.  */
-static sqlite3 *
+static struct db *
 getdb (struct db *dbs, const char *name, enum db_type type)
 {
   struct db *t = NULL;
@@ -539,7 +539,7 @@ getdb (struct db *dbs, const char *name, enum db_type type)
     {
       assert (dbs->db);
       assert (! dbs->next);
-      return dbs->db;
+      return dbs;
     }
   else
     /* When using the split format the first entry on the DB list is a
@@ -608,7 +608,7 @@ getdb (struct db *dbs, const char *name, enum db_type type)
 
   if (! t)
     return NULL;
-  return t->db;
+  return t;
 }
 
 
@@ -793,7 +793,7 @@ static gpg_error_t
 record_binding (struct db *dbs, const char *fingerprint, const char *email,
 		const char *user_id, enum tofu_policy policy, int show_old)
 {
-  sqlite3 *db_email = NULL, *db_key = NULL;
+  struct db *db_email = NULL, *db_key = NULL;
   int rc;
   char *err = NULL;
   enum tofu_policy policy_old = TOFU_POLICY_NONE;
@@ -820,7 +820,7 @@ record_binding (struct db *dbs, const char *fingerprint, const char *email,
       if (! db_key)
 	return gpg_error (GPG_ERR_GENERAL);
 
-      rc = sqlite3_exec (db_email, "begin transaction;", NULL, NULL, &err);
+      rc = sqlite3_exec (db_email->db, "begin transaction;", NULL, NULL, &err);
       if (rc)
 	{
 	  log_error (_("error beginning transaction on TOFU %s database: %s\n"),
@@ -829,7 +829,7 @@ record_binding (struct db *dbs, const char *fingerprint, const char *email,
 	  return gpg_error (GPG_ERR_GENERAL);
 	}
 
-      rc = sqlite3_exec (db_key, "begin transaction;", NULL, NULL, &err);
+      rc = sqlite3_exec (db_key->db, "begin transaction;", NULL, NULL, &err);
       if (rc)
 	{
 	  log_error (_("error beginning transaction on TOFU %s database: %s\n"),
@@ -845,7 +845,7 @@ record_binding (struct db *dbs, const char *fingerprint, const char *email,
        there is a failure.  */
     {
       rc = sqlite3_exec_printf
-	(db_email, get_single_long_cb, &policy_old, &err,
+	(db_email->db, get_single_long_cb, &policy_old, &err,
 	 "select policy from bindings where fingerprint = %Q and email = %Q",
 	 fingerprint, email);
       if (rc)
@@ -876,7 +876,7 @@ record_binding (struct db *dbs, const char *fingerprint, const char *email,
     goto out;
 
   rc = sqlite3_exec_printf
-    (db_email, NULL, NULL, &err,
+    (db_email->db, NULL, NULL, &err,
      "insert or replace into bindings\n"
      " (oid, fingerprint, email, user_id, time, policy)\n"
      " values (\n"
@@ -902,7 +902,7 @@ record_binding (struct db *dbs, const char *fingerprint, const char *email,
       assert (opt.tofu_db_format == TOFU_DB_SPLIT);
 
       rc = sqlite3_exec_printf
-	(db_key, NULL, NULL, &err,
+	(db_key->db, NULL, NULL, &err,
 	 "insert or replace into bindings\n"
 	 " (oid, fingerprint, email, user_id)\n"
 	 " values (\n"
@@ -930,7 +930,7 @@ record_binding (struct db *dbs, const char *fingerprint, const char *email,
     {
       int rc2;
 
-      rc2 = sqlite3_exec_printf (db_key, NULL, NULL, &err,
+      rc2 = sqlite3_exec_printf (db_key->db, NULL, NULL, &err,
 				 rc ? "rollback;" : "end transaction;");
       if (rc2)
 	{
@@ -940,7 +940,7 @@ record_binding (struct db *dbs, const char *fingerprint, const char *email,
 	}
 
     out_revert_one:
-      rc2 = sqlite3_exec_printf (db_email, NULL, NULL, &err,
+      rc2 = sqlite3_exec_printf (db_email->db, NULL, NULL, &err,
 				 rc ? "rollback;" : "end transaction;");
       if (rc2)
 	{
@@ -1157,7 +1157,7 @@ static enum tofu_policy
 get_policy (struct db *dbs, const char *fingerprint, const char *email,
 	    char **conflict)
 {
-  sqlite3 *db;
+  struct db *db;
   int rc;
   char *err = NULL;
   strlist_t strlist = NULL;
@@ -1173,7 +1173,7 @@ get_policy (struct db *dbs, const char *fingerprint, const char *email,
      still TOFU_POLICY_NONE after executing the query, then the
      result set was empty.)  */
   rc = sqlite3_exec_printf
-    (db, strings_collect_cb, &strlist, &err,
+    (db->db, strings_collect_cb, &strlist, &err,
      "select policy, conflict from bindings\n"
      " where fingerprint = %Q and email = %Q",
      fingerprint, email);
@@ -1267,7 +1267,7 @@ static enum tofu_policy
 get_trust (struct db *dbs, const char *fingerprint, const char *email,
 	   const char *user_id, int may_ask)
 {
-  sqlite3 *db;
+  struct db *db;
   enum tofu_policy policy;
   char *conflict = NULL;
   int rc;
@@ -1415,7 +1415,7 @@ get_trust (struct db *dbs, const char *fingerprint, const char *email,
      also be returned.  Thus, if the result set is empty, then this is
      a new binding.  */
   rc = sqlite3_exec_printf
-    (db, strings_collect_cb, &bindings_with_this_email, &err,
+    (db->db, strings_collect_cb, &bindings_with_this_email, &err,
      "select distinct fingerprint from bindings where email = %Q;",
      email);
   if (rc)
@@ -1544,7 +1544,7 @@ get_trust (struct db *dbs, const char *fingerprint, const char *email,
     /* Find other user ids associated with this key and whether the
        bindings are marked as good or bad.  */
     {
-      sqlite3 *db_key;
+      struct db *db_key;
 
       if (opt.tofu_db_format == TOFU_DB_SPLIT)
 	/* In the split format, we need to search in the fingerprint
@@ -1557,7 +1557,7 @@ get_trust (struct db *dbs, const char *fingerprint, const char *email,
       if (db_key)
 	{
 	  rc = sqlite3_exec_printf
-	    (db_key, strings_collect_cb, &other_user_ids, &err,
+	    (db_key->db, strings_collect_cb, &other_user_ids, &err,
 	     "select user_id, %s from bindings where fingerprint = %Q;",
 	     opt.tofu_db_format == TOFU_DB_SPLIT ? "email" : "policy",
 	     fingerprint);
@@ -1606,7 +1606,7 @@ get_trust (struct db *dbs, const char *fingerprint, const char *email,
        embedded in the signature (column 'sig_time') or the time that
        we first verified the signature (column 'time').  */
     rc = sqlite3_exec_printf
-      (db, signature_stats_collect_cb, &stats, &err,
+      (db->db, signature_stats_collect_cb, &stats, &err,
        "select fingerprint, policy, time_ago, count(*)\n"
        " from (select bindings.*,\n"
        "        case\n"
@@ -1798,7 +1798,7 @@ get_trust (struct db *dbs, const char *fingerprint, const char *email,
 	/* If we weren't allowed to ask, also update this key as
 	   conflicting with itself.  */
 	rc = sqlite3_exec_printf
-	  (db, NULL, NULL, &err,
+	  (db->db, NULL, NULL, &err,
 	   "update bindings set policy = %d, conflict = %Q"
 	   " where email = %Q"
 	   "  and (policy = %d or (policy = %d and fingerprint = %Q));",
@@ -1806,7 +1806,7 @@ get_trust (struct db *dbs, const char *fingerprint, const char *email,
 	   TOFU_POLICY_ASK, fingerprint);
       else
 	rc = sqlite3_exec_printf
-	  (db, NULL, NULL, &err,
+	  (db->db, NULL, NULL, &err,
 	   "update bindings set policy = %d, conflict = %Q"
 	   " where email = %Q and fingerprint != %Q and policy = %d;",
 	   TOFU_POLICY_ASK, fingerprint, email, fingerprint, TOFU_POLICY_AUTO);
@@ -1829,7 +1829,7 @@ show_statistics (struct db *dbs, const char *fingerprint,
 		 const char *email, const char *user_id,
 		 const char *sig_exclude)
 {
-  sqlite3 *db;
+  struct db *db;
   int rc;
   strlist_t strlist = NULL;
   char *err = NULL;
@@ -1839,7 +1839,7 @@ show_statistics (struct db *dbs, const char *fingerprint,
     return;
 
   rc = sqlite3_exec_printf
-    (db, strings_collect_cb, &strlist, &err,
+    (db->db, strings_collect_cb, &strlist, &err,
      "select count (*), strftime('%%s','now') - min (signatures.time)\n"
      " from signatures\n"
      " left join bindings on signatures.binding = bindings.oid\n"
@@ -2175,7 +2175,7 @@ tofu_register (const byte *fingerprint_bin, const char *user_id,
 	       time_t sig_time, const char *origin, int may_ask)
 {
   struct db *dbs;
-  sqlite3 *db;
+  struct db *db;
   char *fingerprint = NULL;
   char *email = NULL;
   char *err = NULL;
@@ -2228,7 +2228,7 @@ tofu_register (const byte *fingerprint_bin, const char *user_id,
 
   /* We do a query and then an insert.  Make sure they are atomic
      by wrapping them in a transaction.  */
-  rc = sqlite3_exec (db, "begin transaction;", NULL, NULL, &err);
+  rc = sqlite3_exec (db->db, "begin transaction;", NULL, NULL, &err);
   if (rc)
     {
       log_error (_("error beginning transaction on TOFU database: %s\n"), err);
@@ -2239,7 +2239,7 @@ tofu_register (const byte *fingerprint_bin, const char *user_id,
   /* If we've already seen this signature before, then don't add
      it again.  */
   rc = sqlite3_exec_printf
-    (db, get_single_unsigned_long_cb, &c, &err,
+    (db->db, get_single_unsigned_long_cb, &c, &err,
      "select count (*)\n"
      " from signatures left join bindings\n"
      "  on signatures.binding = bindings.oid\n"
@@ -2282,7 +2282,7 @@ tofu_register (const byte *fingerprint_bin, const char *user_id,
       assert (c == 0);
 
       rc = sqlite3_exec_printf
-	(db, NULL, NULL, &err,
+	(db->db, NULL, NULL, &err,
 	 "insert into signatures\n"
 	 " (binding, sig_digest, origin, sig_time, time)\n"
 	 " values\n"
@@ -2302,9 +2302,9 @@ tofu_register (const byte *fingerprint_bin, const char *user_id,
   /* It only matters whether we abort or commit the transaction
      (so long as we do something) if we execute the insert.  */
   if (rc)
-    rc = sqlite3_exec (db, "rollback;", NULL, NULL, &err);
+    rc = sqlite3_exec (db->db, "rollback;", NULL, NULL, &err);
   else
-    rc = sqlite3_exec (db, "commit transaction;", NULL, NULL, &err);
+    rc = sqlite3_exec (db->db, "commit transaction;", NULL, NULL, &err);
   if (rc)
     {
       log_error (_("error ending transaction on TOFU database: %s\n"), err);

commit 3c4c89cc35280164b509977c5288b0a06d6f530e
Author: Neal H. Walfield <neal at g10code.com>
Date:   Wed Oct 21 20:24:27 2015 +0200

    gpg: Use the proper type.
    
    * g10/options.h: Include "tofu.h".
    (opt.tofu_default_policy): Change type to enum tofu_policy.
    * g10/gpgv.c (enum tofu_policy): Don't redeclare.
    * g10/test-stubs.c (enum tofu_policy): Likewise.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/g10/gpgv.c b/g10/gpgv.c
index 23e7610..1d7dc74 100644
--- a/g10/gpgv.c
+++ b/g10/gpgv.c
@@ -615,11 +615,6 @@ export_pubkey_buffer (ctrl_t ctrl, const char *keyspec, unsigned int options,
   return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
 }
 
-enum tofu_policy
-  {
-    tofu_policy
-  };
-
 gpg_error_t
 tofu_get_policy (PKT_public_key *pk, PKT_user_id *user_id,
 		 enum tofu_policy *policy)
diff --git a/g10/options.h b/g10/options.h
index c1ea9dd..0c674e6 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -24,6 +24,7 @@
 #include <types.h>
 #include "main.h"
 #include "packet.h"
+#include "tofu.h"
 #include "../common/session-env.h"
 
 #ifndef EXTERN_UNLESS_MAIN_MODULE
@@ -125,9 +126,7 @@ struct
     {
       TOFU_DB_AUTO=0, TOFU_DB_SPLIT, TOFU_DB_FLAT
     } tofu_db_format;
-  /* TOFU_BINDING_BAD, TOFU_BINDING_ASK, TOFU_BINDING_AUTO, or
-     TOFU_BINDING_GOOD.  */
-  int tofu_default_policy;
+  enum tofu_policy tofu_default_policy;
   int force_ownertrust;
   enum
     {
diff --git a/g10/test-stubs.c b/g10/test-stubs.c
index dba6034..4edea69 100644
--- a/g10/test-stubs.c
+++ b/g10/test-stubs.c
@@ -429,11 +429,6 @@ export_pubkey_buffer (ctrl_t ctrl, const char *keyspec, unsigned int options,
   return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
 }
 
-enum tofu_policy
-  {
-    tofu_policy
-  };
-
 gpg_error_t
 tofu_get_policy (PKT_public_key *pk, PKT_user_id *user_id,
 		 enum tofu_policy *policy)

-----------------------------------------------------------------------

Summary of changes:
 g10/gpgv.c       |  15 +-
 g10/keylist.c    |   4 +
 g10/options.h    |   5 +-
 g10/test-stubs.c |  15 +-
 g10/tofu.c       | 941 +++++++++++++++++++++++++++++++++++++++++--------------
 g10/tofu.h       |   6 +
 6 files changed, 734 insertions(+), 252 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Sun Oct 25 16:51:34 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Sun, 25 Oct 2015 16:51:34 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-65-g5e7ac03
Message-ID: <E1ZqNR1-0007IO-4T@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  5e7ac031f513ad3b60e4f092fa72b3bec0676515 (commit)
       via  0e3c9f184a5fb3e41277700d690febc2eee9600a (commit)
       via  927f34603d942868af6a7bd0f347681bbad76a94 (commit)
       via  816505958ac4308ee0dfe787d1b706982428b6cc (commit)
      from  7f65e84ac035e8f7a25639a6b09eb6000115e337 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 5e7ac031f513ad3b60e4f092fa72b3bec0676515
Author: Werner Koch <wk at gnupg.org>
Date:   Sun Oct 25 16:38:07 2015 +0100

    dirmngr: Add workaround for broken getaddrinfo.
    
    * dirmngr/dns-stuff.c (resolve_name_standard): On failure retry by
    first resolving the CNAME.
    (get_dns_cname): New.
    
    * dirmngr/t-dns-stuff.c (main): Add option --cname.
    --
    
    At least the getaddrinfo implementation in glibc 2.19-13 from Debian
    returns EAI_NONAME if the CNAME points to a too long list of A/AAAA
    addresses.  Looking at the wire the data is correctly returned from
    the server but getaddrinfo seems to get confused by truncation and
    retry.  To fix this we resolve the CNAME again and call getaddrinfo
    again with the canonical name.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am
index 0d4400f..009802a 100644
--- a/dirmngr/Makefile.am
+++ b/dirmngr/Makefile.am
@@ -140,9 +140,9 @@ t_ldap_parse_uri_SOURCES = \
         http.c dns-stuff.c \
         $(ldap_url) $(t_common_src)
 t_ldap_parse_uri_CFLAGS = -DWITHOUT_NPTH=1
-t_ldap_parse_uri_LDADD = $(ldaplibs) $(t_common_ldadd)
+t_ldap_parse_uri_LDADD = $(ldaplibs) $(t_common_ldadd) $(DNSLIBS)
 
 t_dns_stuff_SOURCES = t-dns-stuff.c dns-stuff.c
-t_dns_stuff_LDADD   = $(t_common_ldadd)
+t_dns_stuff_LDADD   = $(t_common_ldadd) $(DNSLIBS)
 
 $(PROGRAMS) : $(libcommon) $(libcommonpth)
diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
index d784ccf..f3b622d 100644
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@@ -163,7 +163,29 @@ resolve_name_standard (const char *name, unsigned short port,
     {
       aibuf = NULL;
       err = map_eai_to_gpg_error (ret);
-      goto leave;
+      if (gpg_err_code (err) == GPG_ERR_NO_NAME)
+        {
+          /* There seems to be a bug in the glibc getaddrinfo function
+             if the CNAME points to a long list of A and AAAA records
+             in which case the function return NO_NAME.  Let's do the
+             CNAME redirection again.  */
+          char *cname;
+
+          if (get_dns_cname (name, &cname))
+            goto leave; /* Still no success.  */
+
+          ret = getaddrinfo (cname, *portstr? portstr : NULL, &hints, &aibuf);
+          xfree (cname);
+          if (ret)
+            {
+              aibuf = NULL;
+              err = map_eai_to_gpg_error (ret);
+              goto leave;
+            }
+          err = 0; /* Yep, now it worked.  */
+        }
+      else
+        goto leave;
     }
 
   if (r_canonname && aibuf && aibuf->ai_canonname)
@@ -1011,3 +1033,112 @@ getsrv (const char *name,struct srventry **list)
   return -1;
 }
 #endif /*USE_DNS_SRV*/
+
+
+gpg_error_t
+get_dns_cname (const char *name, char **r_cname)
+{
+  gpg_error_t err;
+  int rc;
+
+  *r_cname = NULL;
+
+#ifdef USE_ADNS
+  {
+    adns_state state;
+    adns_answer *answer = NULL;
+
+    if (my_adns_init (&state))
+      return gpg_error (GPG_ERR_GENERAL);
+
+    rc = adns_synchronous (state, name, adns_r_cname, adns_qf_quoteok_query,
+                           &answer);
+    if (rc)
+      {
+        err = gpg_error_from_syserror ();
+        log_error ("DNS query failed: %s\n", gpg_strerror (err));
+        adns_finish (state);
+        return err;
+      }
+    if (answer->status != adns_s_ok
+        || answer->type != adns_r_cname || answer->nrrs != 1)
+      {
+        err = gpg_error (GPG_ERR_GENERAL);
+        log_error ("DNS query returned an error or no records: %s (%s)\n",
+                   adns_strerror (answer->status),
+                   adns_errabbrev (answer->status));
+        adns_free (answer);
+        adns_finish (state);
+        return err;
+      }
+    *r_cname = xtrystrdup (answer->rrs.str[0]);
+    if (!*r_cname)
+      err = gpg_error_from_syserror ();
+    else
+      err = 0;
+
+    adns_free (answer);
+    adns_finish (state);
+    return err;
+  }
+#else /*!USE_ADNS*/
+  {
+    unsigned char answer[2048];
+    HEADER *header = (HEADER *)answer;
+    unsigned char *pt, *emsg;
+    int r;
+    char *cname;
+    int cnamesize = 1025;
+    u16 count;
+
+    /* Do not allow a query using the standard resolver in Tor mode.  */
+    if (tor_mode)
+      return -1;
+
+    r = res_query (name, C_IN, T_CERT, answer, sizeof answer);
+    if (r < sizeof (HEADER) || r > sizeof answer)
+      return gpg_error (GPG_ERR_SERVER_FAILED);
+    if (header->rcode != NOERROR || !(count=ntohs (header->ancount)))
+      return gpg_error (GPG_ERR_NO_NAME); /* Error or no record found.  */
+    if (count != 1)
+      return gpg_error (GPG_ERR_SERVER_FAILED);
+
+    emsg = &answer[r];
+    pt = &answer[sizeof(HEADER)];
+    rc = dn_skipname (pt, emsg);
+    if (rc == -1)
+      return gpg_error (GPG_ERR_SERVER_FAILED);
+
+    pt += rc + QFIXEDSZ;
+    if (pt >= emsg)
+      return gpg_error (GPG_ERR_SERVER_FAILED);
+
+    rc = dn_skipname (pt, emsg);
+    if (rc == -1)
+      return gpg_error (GPG_ERR_SERVER_FAILED);
+    pt += rc + 2 + 2 + 4;
+    if (pt+2 >= emsg)
+      return gpg_error (GPG_ERR_SERVER_FAILED);
+    pt += 2;  /* Skip rdlen */
+
+    cname = xtrymalloc (cnamesize);
+    if (!cname)
+      return gpg_error_from_syserror ();
+
+    rc = dn_expand (answer, emsg, pt, cname, cnamesize -1);
+    if (rc == -1)
+      {
+        xfree (cname);
+        return gpg_error (GPG_ERR_SERVER_FAILED);
+      }
+    *r_cname = xtryrealloc (cname, strlen (cname)+1);
+    if (!*r_cname)
+      {
+        err = gpg_error_from_syserror ();
+        xfree (cname);
+        return err;
+      }
+    return 0;
+  }
+#endif /*!USE_ADNS*/
+}
diff --git a/dirmngr/dns-stuff.h b/dirmngr/dns-stuff.h
index fd1c43a..c3effad 100644
--- a/dirmngr/dns-stuff.h
+++ b/dirmngr/dns-stuff.h
@@ -110,6 +110,9 @@ gpg_error_t resolve_dns_addr (const struct sockaddr *addr, int addrlen,
 /* Return true if NAME is a numerical IP address.  */
 int is_ip_address (const char *name);
 
+/* Get the canonical name for NAME.  */
+gpg_error_t get_dns_cname (const char *name, char **r_cname);
+
 /* Return a CERT record or an arbitray RR.  */
 gpg_error_t get_dns_cert (const char *name, int want_certtype,
                           void **r_key, size_t *r_keylen,
diff --git a/dirmngr/t-dns-stuff.c b/dirmngr/t-dns-stuff.c
index f216d06..4ecbd64 100644
--- a/dirmngr/t-dns-stuff.c
+++ b/dirmngr/t-dns-stuff.c
@@ -44,6 +44,7 @@ main (int argc, char **argv)
   int opt_cert = 0;
   int opt_srv = 0;
   int opt_bracket = 0;
+  int opt_cname = 0;
   char const *name = NULL;
 
   gpgrt_init ();
@@ -68,6 +69,7 @@ main (int argc, char **argv)
                  "  --bracket         enclose v6 addresses in brackets\n"
                  "  --cert            lookup a CERT RR\n"
                  "  --srv             lookup a SRV RR\n"
+                 "  --cname           lookup a CNAME RR\n"
                  , stdout);
           exit (0);
         }
@@ -102,6 +104,11 @@ main (int argc, char **argv)
           any_options = opt_srv = 1;
           argc--; argv++;
         }
+      else if (!strcmp (*argv, "--cname"))
+        {
+          any_options = opt_cname = 1;
+          argc--; argv++;
+        }
       else if (!strncmp (*argv, "--", 2))
         {
           fprintf (stderr, PGM ": unknown option '%s'\n", *argv);
@@ -177,6 +184,22 @@ main (int argc, char **argv)
       xfree (fpr);
       xfree (url);
     }
+  else if (opt_cname)
+    {
+      char *cname;
+
+      printf ("CNAME lookup on '%s'\n", name);
+      err = get_dns_cname (name, &cname);
+      if (err)
+        printf ("get_dns_cname failed: %s <%s>\n",
+                gpg_strerror (err), gpg_strsource (err));
+      else
+        {
+          printf ("CNAME found: '%s'\n", cname);
+        }
+
+      xfree (cname);
+    }
   else if (opt_srv)
     {
       struct srventry *srv;
diff --git a/dirmngr/t-http.c b/dirmngr/t-http.c
index 816b744..35858f6 100644
--- a/dirmngr/t-http.c
+++ b/dirmngr/t-http.c
@@ -36,6 +36,7 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <unistd.h>
+#include <assuan.h>
 
 #include "util.h"
 #include "logging.h"

commit 0e3c9f184a5fb3e41277700d690febc2eee9600a
Author: Werner Koch <wk at gnupg.org>
Date:   Sat Oct 24 16:27:47 2015 +0200

    dirmngr: Better handle systems without IPv6 or IPv4.
    
    * dirmngr/dns-stuff.c (resolve_name_standard): Use AI_ADDRCONFIG.

diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
index dc5cb89..d784ccf 100644
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@@ -146,8 +146,9 @@ resolve_name_standard (const char *name, unsigned short port,
   memset (&hints, 0, sizeof hints);
   hints.ai_family = want_family;
   hints.ai_socktype = want_socktype;
+  hints.ai_flags = AI_ADDRCONFIG;
   if (r_canonname)
-    hints.ai_flags = AI_CANONNAME;
+    hints.ai_flags |= AI_CANONNAME;
 
   if (port)
     snprintf (portstr, sizeof portstr, "%hu", port);

commit 927f34603d942868af6a7bd0f347681bbad76a94
Author: Werner Koch <wk at gnupg.org>
Date:   Sat Oct 24 12:25:17 2015 +0200

    dirmngr: Replace use of getnameinfo by resolve_dns_addr.
    
    * dirmngr/ks-engine-hkp.c (my_getnameinfo): Remove.
    (map_host): Use resolve_dns_addr.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index 809204d..340b012 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -234,52 +234,6 @@ select_random_host (int *table)
 }
 
 
-/* Simplified version of getnameinfo which also returns a numeric
-   hostname inside of brackets.  The caller should provide a buffer
-   for HOST which is 2 bytes larger than the largest hostname.  If
-   NUMERIC is true the returned value is numeric IP address.  Returns
-   0 on success or an EAI error code.  True is stored at R_ISNUMERIC
-   if HOST has a numeric IP address. */
-static int
-my_getnameinfo (dns_addrinfo_t ai, char *host, size_t hostlen,
-                int numeric, int *r_isnumeric)
-{
-  int ec;
-  char *p;
-
-  *r_isnumeric = 0;
-
-  if (hostlen < 5)
-    return EAI_OVERFLOW;
-
-  if (numeric)
-    ec = EAI_NONAME;
-  else
-    ec = getnameinfo (ai->addr, ai->addrlen,
-                      host, hostlen, NULL, 0, NI_NAMEREQD);
-
-  if (!ec && *host == '[')
-    ec = EAI_FAIL;  /* A name may never start with a bracket.  */
-  else if (ec == EAI_NONAME)
-    {
-      p = host;
-      if (ai->family == AF_INET6)
-        {
-          *p++ = '[';
-          hostlen -= 2;
-        }
-      ec = getnameinfo (ai->addr, ai->addrlen,
-                        p, hostlen, NULL, 0, NI_NUMERICHOST);
-      if (!ec && ai->family == AF_INET6)
-        strcat (host, "]");
-
-      *r_isnumeric = 1;
-    }
-
-  return ec;
-}
-
-
 /* Map the host name NAME to the actual to be used host name.  This
    allows us to manage round robin DNS names.  We use our own strategy
    to choose one of the hosts.  For example we skip those hosts which
@@ -373,10 +327,10 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
 
           for (ai = aibuf; ai; ai = ai->next)
             {
-              char tmphost[NI_MAXHOST + 2];
+              gpg_error_t tmperr;
+              char *tmphost;
               int tmpidx;
-              int is_numeric;
-              int ec;
+              int is_numeric = 0;
               int i;
 
               if (ai->family != AF_INET && ai->family != AF_INET6)
@@ -387,37 +341,35 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
               if (!is_pool && !is_ip_address (name))
                 {
                   /* This is a hostname but not a pool.  Use the name
-                     as given without going through getnameinfo.  */
-                  if (strlen (name)+1 > sizeof tmphost)
-                    {
-                      ec = EAI_SYSTEM;
-                      gpg_err_set_errno (EINVAL);
-                    }
+                     as given without going through resolve_dns_addr.  */
+                  tmphost = xtrystrdup (name);
+                  if (!tmphost)
+                    tmperr = gpg_error_from_syserror ();
                   else
-                    {
-                      ec = 0;
-                      strcpy (tmphost, name);
-                    }
-                  is_numeric = 0;
+                    tmperr = 0;
                 }
               else
-                ec = my_getnameinfo (ai, tmphost, sizeof tmphost,
-                                     0, &is_numeric);
+                {
+                  tmperr = resolve_dns_addr (ai->addr, ai->addrlen,
+                                             DNS_WITHBRACKET, &tmphost);
+                  if (tmphost && is_ip_address (tmphost))
+                    is_numeric = 1;
+                }
 
-              if (ec)
+              if (tmperr)
                 {
-                  log_info ("getnameinfo failed while checking '%s': %s\n",
-                            name, gai_strerror (ec));
+                  log_info ("resolve_dns_addr failed while checking '%s': %s\n",
+                            name, gpg_strerror (tmperr));
                 }
               else if (refidx+1 >= reftblsize)
                 {
-                  log_error ("getnameinfo returned for '%s': '%s'"
-                            " [index table full - ignored]\n", name, tmphost);
+                  log_error ("resolve_dns_addr for '%s': '%s'"
+                             " [index table full - ignored]\n", name, tmphost);
                 }
               else
                 {
                   tmpidx = find_hostinfo (tmphost);
-                  log_info ("getnameinfo returned for '%s': '%s'%s\n",
+                  log_info ("resolve_dns_addr for '%s': '%s'%s\n",
                             name, tmphost,
                             tmpidx == -1? "" : " [already known]");
 
@@ -436,13 +388,19 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
 
                       if (!is_numeric)
                         {
-                          ec = my_getnameinfo (ai, tmphost, sizeof tmphost,
-                                               1, &is_numeric);
-                          if (!ec && !(ipaddr = xtrystrdup (tmphost)))
-                            ec = EAI_SYSTEM;
-                          if (ec)
-                            log_info ("getnameinfo failed: %s\n",
-                                      gai_strerror (ec));
+                          xfree (tmphost);
+                          tmperr = resolve_dns_addr (ai->addr, ai->addrlen,
+                                                     (DNS_NUMERICHOST
+                                                      | DNS_WITHBRACKET),
+                                                     &tmphost);
+                          if (tmperr)
+                            log_info ("resolve_dns_addr failed: %s\n",
+                                      gpg_strerror (tmperr));
+                          else
+                            {
+                              ipaddr = tmphost;
+                              tmphost = NULL;
+                            }
                         }
 
                       if (ai->family == AF_INET6)
@@ -467,6 +425,7 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
                         reftbl[refidx++] = tmpidx;
                     }
                 }
+              xfree (tmphost);
             }
         }
       reftbl[refidx] = -1;
diff --git a/dirmngr/t-dns-stuff.c b/dirmngr/t-dns-stuff.c
index 0511f93..f216d06 100644
--- a/dirmngr/t-dns-stuff.c
+++ b/dirmngr/t-dns-stuff.c
@@ -225,7 +225,7 @@ main (int argc, char **argv)
                                    | (opt_bracket? DNS_WITHBRACKET:0)),
                                   &host);
           if (err)
-            printf ("[getnameinfo failed: %s]", gpg_strerror (err));
+            printf ("[resolve_dns_addr failed: %s]", gpg_strerror (err));
           else
             {
               printf ("%s", host);
@@ -236,7 +236,7 @@ main (int argc, char **argv)
                                   (opt_bracket? DNS_WITHBRACKET:0),
                                   &host);
           if (err)
-            printf ("[getnameinfo failed (2): %s]", gpg_strerror (err));
+            printf ("[resolve_dns_addr failed (2): %s]", gpg_strerror (err));
           else
             {
               if (!is_ip_address (host))

commit 816505958ac4308ee0dfe787d1b706982428b6cc
Author: Werner Koch <wk at gnupg.org>
Date:   Sat Oct 24 16:27:47 2015 +0200

    dirmngr: Implement a getnameinfo wrapper.
    
    * dirmngr/dns-stuff.h (DNS_NUMERICHOST): New.
    (DNS_WITHBRACKET): New.
    * dirmngr/dns-stuff.c (resolve_name_standard): Factor code out to...
    (map_eai_to_gpg_error): new.
    (resolve_addr_standard): New.
    (resolve_dns_addr): New.
    
    * dirmngr/ks-engine-hkp.c (is_ip_address): Move to ...
    * dirmngr/dns-stuff.c (is_ip_address): here.  Add support for non
    bracketed v6 addresses.
    
    * dirmngr/t-dns-stuff.c: Remove header netdb.h.
    (main): Add option --bracket.  Use resolve_dns_name instead of
    getnameinfo.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
index 300d086..dc5cb89 100644
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@@ -54,6 +54,11 @@
 #include "host2net.h"
 #include "dns-stuff.h"
 
+
+#if AF_UNSPEC != 0
+# error AF_UNSPEC does not have the value 0
+#endif
+
 /* Not every installation has gotten around to supporting SRVs or
    CERTs yet... */
 #ifndef T_SRV
@@ -96,6 +101,30 @@ free_dns_addrinfo (dns_addrinfo_t ai)
 }
 
 
+static gpg_error_t
+map_eai_to_gpg_error (int ec)
+{
+  gpg_error_t err;
+
+  switch (ec)
+    {
+    case EAI_AGAIN:     err = gpg_error (GPG_ERR_EAGAIN); break;
+    case EAI_BADFLAGS:  err = gpg_error (GPG_ERR_INV_FLAG); break;
+    case EAI_FAIL:      err = gpg_error (GPG_ERR_SERVER_FAILED); break;
+    case EAI_MEMORY:    err = gpg_error (GPG_ERR_ENOMEM); break;
+    case EAI_NODATA:    err = gpg_error (GPG_ERR_NO_DATA); break;
+    case EAI_NONAME:    err = gpg_error (GPG_ERR_NO_NAME); break;
+    case EAI_SERVICE:   err = gpg_error (GPG_ERR_NOT_SUPPORTED); break;
+    case EAI_ADDRFAMILY:err = gpg_error (GPG_ERR_EADDRNOTAVAIL); break;
+    case EAI_FAMILY:    err = gpg_error (GPG_ERR_EAFNOSUPPORT); break;
+    case EAI_SOCKTYPE:  err = gpg_error (GPG_ERR_ESOCKTNOSUPPORT); break;
+    case EAI_SYSTEM:    err = gpg_error_from_syserror (); break;
+    default:            err = gpg_error (GPG_ERR_UNKNOWN_ERRNO); break;
+    }
+  return err;
+}
+
+
 /* Resolve a name using the standard system function.  */
 static gpg_error_t
 resolve_name_standard (const char *name, unsigned short port,
@@ -132,21 +161,7 @@ resolve_name_standard (const char *name, unsigned short port,
   if (ret)
     {
       aibuf = NULL;
-      switch (ret)
-        {
-        case EAI_AGAIN:     err = gpg_error (GPG_ERR_EAGAIN); break;
-        case EAI_BADFLAGS:  err = gpg_error (GPG_ERR_INV_FLAG); break;
-        case EAI_FAIL:      err = gpg_error (GPG_ERR_SERVER_FAILED); break;
-        case EAI_MEMORY:    err = gpg_error (GPG_ERR_ENOMEM); break;
-        case EAI_NODATA:    err = gpg_error (GPG_ERR_NO_DATA); break;
-        case EAI_NONAME:    err = gpg_error (GPG_ERR_NO_NAME); break;
-        case EAI_SERVICE:   err = gpg_error (GPG_ERR_NOT_SUPPORTED); break;
-        case EAI_ADDRFAMILY:err = gpg_error (GPG_ERR_EADDRNOTAVAIL); break;
-        case EAI_FAMILY:    err = gpg_error (GPG_ERR_EAFNOSUPPORT); break;
-        case EAI_SOCKTYPE:  err = gpg_error (GPG_ERR_ESOCKTNOSUPPORT); break;
-        case EAI_SYSTEM:    err = gpg_error_from_syserror (); break;
-        default:            err = gpg_error (GPG_ERR_UNKNOWN_ERRNO); break;
-        }
+      err = map_eai_to_gpg_error (ret);
       goto leave;
     }
 
@@ -193,6 +208,66 @@ resolve_name_standard (const char *name, unsigned short port,
 }
 
 
+/* Resolve an address using the standard system function.  */
+static gpg_error_t
+resolve_addr_standard (const struct sockaddr *addr, int addrlen,
+                       unsigned int flags, char **r_name)
+{
+  gpg_error_t err;
+  int ec;
+  char *buffer, *p;
+  int buflen;
+
+  *r_name = NULL;
+
+  buflen = NI_MAXHOST;
+  buffer = xtrymalloc (buflen + 2 + 1);
+  if (!buffer)
+    return gpg_error_from_syserror ();
+
+  if ((flags & DNS_NUMERICHOST) || tor_mode)
+    ec = EAI_NONAME;
+  else
+    ec = getnameinfo (addr, addrlen, buffer, buflen, NULL, 0, NI_NAMEREQD);
+
+  if (!ec && *buffer == '[')
+    ec = EAI_FAIL;  /* A name may never start with a bracket.  */
+  else if (ec == EAI_NONAME)
+    {
+      p = buffer;
+      if (addr->sa_family == AF_INET6 && (flags & DNS_WITHBRACKET))
+        {
+          *p++ = '[';
+          buflen -= 2;
+        }
+      ec = getnameinfo (addr, addrlen, p, buflen, NULL, 0, NI_NUMERICHOST);
+      if (!ec && addr->sa_family == AF_INET6 && (flags & DNS_WITHBRACKET))
+        strcat (buffer, "]");
+    }
+
+  if (ec)
+    err = map_eai_to_gpg_error (ec);
+  else
+    {
+      p = xtryrealloc (buffer, strlen (buffer)+1);
+      if (!p)
+        err = gpg_error_from_syserror ();
+      else
+        {
+          buffer = p;
+          err = 0;
+        }
+    }
+
+  if (err)
+    xfree (buffer);
+  else
+    *r_name = buffer;
+
+  return err;
+}
+
+
 /* This a wrapper around getaddrinfo with slighly different semantics.
    NAME is the name to resolve.
    PORT is the requested port or 0.
@@ -219,6 +294,85 @@ resolve_dns_name (const char *name, unsigned short port,
 }
 
 
+gpg_error_t
+resolve_dns_addr (const struct sockaddr *addr, int addrlen,
+                  unsigned int flags, char **r_name)
+{
+#ifdef USE_ADNS_disabled_for_now
+  return resolve_addr_adns (addr, addrlen, flags, r_name);
+#else
+  return resolve_addr_standard (addr, addrlen, flags, r_name);
+#endif
+}
+
+
+/* Check whether NAME is an IP address.  Returns true if it is either
+   an IPv6 or IPv4 numerical address.  */
+int
+is_ip_address (const char *name)
+{
+  const char *s;
+  int ndots, dblcol, n;
+
+  if (*name == '[')
+    return 1; /* yes: A legal DNS name may not contain this character;
+                 this mut be bracketed v6 address.  */
+  if (*name == '.')
+    return 0; /* No.  A leading dot is not a valid IP address.  */
+
+  /* Check whether this is a v6 address.  */
+  ndots = n = dblcol = 0;
+  for (s=name; *s; s++)
+    {
+      if (*s == ':')
+        {
+          ndots++;
+          if (s[1] == ':')
+            {
+              ndots++;
+              if (dblcol)
+                return 0; /* No: Only one "::" allowed.  */
+              dblcol++;
+              if (s[1])
+                s++;
+            }
+          n = 0;
+        }
+      else if (*s == '.')
+        goto legacy;
+      else if (!strchr ("0123456789abcdefABCDEF", *s))
+        return 0; /* No: Not a hex digit.  */
+      else if (++n > 4)
+        return 0; /* To many digits in a group.  */
+    }
+  if (ndots > 7)
+    return 0; /* No: Too many colons.  */
+  else if (ndots > 1)
+    return 1; /* Yes: At least 2 colons indicate an v6 address.  */
+
+ legacy:
+  /* Check whether it is legacy IP address.  */
+  ndots = n = 0;
+  for (s=name; *s; s++)
+    {
+      if (*s == '.')
+        {
+          if (s[1] == '.')
+            return 0; /* No:  Douple dot. */
+          if (atoi (s+1) > 255)
+            return 0; /* No:  Ipv4 byte value too large.  */
+          ndots++;
+          n = 0;
+        }
+      else if (!strchr ("0123456789", *s))
+        return 0; /* No: Not a digit.  */
+      else if (++n > 3)
+        return 0; /* No: More than 3 digits.  */
+    }
+  return !!(ndots == 3);
+}
+
+
 #ifdef USE_ADNS
 /* Init ADNS and store the new state at R_STATE.  Returns 0 on
    success; prints an error message and returns an error code on
diff --git a/dirmngr/dns-stuff.h b/dirmngr/dns-stuff.h
index 13c47df..fd1c43a 100644
--- a/dirmngr/dns-stuff.h
+++ b/dirmngr/dns-stuff.h
@@ -40,7 +40,16 @@
 # include <sys/socket.h>
 #endif
 
+/*
+ * Flags used with resolve_dns_addr.
+ */
+#define DNS_NUMERICHOST        1  /* Force numeric output format.  */
+#define DNS_WITHBRACKET        2  /* Put brackets around numeric v6
+                                     addresses.  */
 
+/*
+ * Constants for use with get_dns_cert.
+ */
 #define DNS_CERTTYPE_ANY       0 /* Internal catch all type. */
 /* Certificate types according to RFC-4398:  */
 #define DNS_CERTTYPE_PKIX      1 /* X.509 as per PKIX. */
@@ -58,6 +67,8 @@
 #define DNS_CERTTYPE_RRBASE 1024 /* Base of special constants.  */
 #define DNS_CERTTYPE_RR61   (DNS_CERTTYPE_RRBASE + 61)
 
+
+
 struct dns_addrinfo_s;
 typedef struct dns_addrinfo_s *dns_addrinfo_t;
 struct dns_addrinfo_s
@@ -87,17 +98,25 @@ gpg_error_t enable_dns_tormode (void);
 
 void free_dns_addrinfo (dns_addrinfo_t ai);
 
-/* Provide function similar to getaddrinfo.  */
+/* Function similar to getaddrinfo.  */
 gpg_error_t resolve_dns_name (const char *name, unsigned short port,
                               int want_family, int want_socktype,
                               dns_addrinfo_t *r_dai, char **r_canonname);
 
+/* Function similar to getnameinfo.  */
+gpg_error_t resolve_dns_addr (const struct sockaddr *addr, int addrlen,
+                              unsigned int flags, char **r_name);
+
+/* Return true if NAME is a numerical IP address.  */
+int is_ip_address (const char *name);
+
 /* Return a CERT record or an arbitray RR.  */
 gpg_error_t get_dns_cert (const char *name, int want_certtype,
                           void **r_key, size_t *r_keylen,
                           unsigned char **r_fpr, size_t *r_fprlen,
                           char **r_url);
 
+
 int getsrv (const char *name,struct srventry **list);
 
 
diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index 444f305..809204d 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -280,38 +280,6 @@ my_getnameinfo (dns_addrinfo_t ai, char *host, size_t hostlen,
 }
 
 
-/* Check whether NAME is an IP address.  */
-static int
-is_ip_address (const char *name)
-{
-  int ndots, n;
-
-  if (*name == '[')
-    return 1;
-  /* Check whether it is legacy IP address.  */
-  if (*name == '.')
-    return 0; /* No.  */
-  ndots = n = 0;
-  for (; *name; name++)
-    {
-      if (*name == '.')
-        {
-          if (name[1] == '.')
-            return 0; /* No. */
-          if (atoi (name+1) > 255)
-            return 0; /* Value too large.  */
-          ndots++;
-          n = 0;
-        }
-      else if (!strchr ("012345678", *name))
-        return 0; /* Not a digit.  */
-      else if (++n > 3)
-        return 0; /* More than 3 digits.  */
-    }
-  return !!(ndots == 3);
-}
-
-
 /* Map the host name NAME to the actual to be used host name.  This
    allows us to manage round robin DNS names.  We use our own strategy
    to choose one of the hosts.  For example we skip those hosts which
diff --git a/dirmngr/t-dns-stuff.c b/dirmngr/t-dns-stuff.c
index 63d4cdd..0511f93 100644
--- a/dirmngr/t-dns-stuff.c
+++ b/dirmngr/t-dns-stuff.c
@@ -22,9 +22,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <assert.h>
-#ifndef HAVE_W32_SYSTEM
-# include <netdb.h>
-#endif
+
 
 #include "util.h"
 #include "dns-stuff.h"
@@ -45,6 +43,7 @@ main (int argc, char **argv)
   int opt_tor = 0;
   int opt_cert = 0;
   int opt_srv = 0;
+  int opt_bracket = 0;
   char const *name = NULL;
 
   gpgrt_init ();
@@ -66,6 +65,7 @@ main (int argc, char **argv)
                  "  --verbose         print timings etc.\n"
                  "  --debug           flyswatter\n"
                  "  --use-tor         use Tor\n"
+                 "  --bracket         enclose v6 addresses in brackets\n"
                  "  --cert            lookup a CERT RR\n"
                  "  --srv             lookup a SRV RR\n"
                  , stdout);
@@ -87,6 +87,11 @@ main (int argc, char **argv)
           opt_tor = 1;
           argc--; argv++;
         }
+      else if (!strcmp (*argv, "--bracket"))
+        {
+          opt_bracket = 1;
+          argc--; argv++;
+        }
       else if (!strcmp (*argv, "--cert"))
         {
           any_options = opt_cert = 1;
@@ -194,8 +199,7 @@ main (int argc, char **argv)
     {
       char *cname;
       dns_addrinfo_t aibuf, ai;
-      int ret;
-      char hostbuf[1025];
+      char *host;
 
       printf ("Lookup on '%s'\n", name);
 
@@ -216,14 +220,30 @@ main (int argc, char **argv)
                   ai->family == AF_INET?  "inet4" : "?    ",
                   ai->socktype, ai->protocol);
 
-          ret = getnameinfo (ai->addr, ai->addrlen,
-                             hostbuf, sizeof hostbuf,
-                             NULL, 0,
-                             NI_NUMERICHOST);
-          if (ret)
-            printf ("[getnameinfo failed: %s]\n", gai_strerror (ret));
+          err = resolve_dns_addr (ai->addr, ai->addrlen,
+                                  (DNS_NUMERICHOST
+                                   | (opt_bracket? DNS_WITHBRACKET:0)),
+                                  &host);
+          if (err)
+            printf ("[getnameinfo failed: %s]", gpg_strerror (err));
+          else
+            {
+              printf ("%s", host);
+              xfree (host);
+            }
+
+          err = resolve_dns_addr (ai->addr, ai->addrlen,
+                                  (opt_bracket? DNS_WITHBRACKET:0),
+                                  &host);
+          if (err)
+            printf ("[getnameinfo failed (2): %s]", gpg_strerror (err));
           else
-            printf ("%s\n", hostbuf);
+            {
+              if (!is_ip_address (host))
+                printf ("  (%s)", host);
+              xfree (host);
+            }
+          putchar ('\n');
         }
       xfree (cname);
       free_dns_addrinfo (aibuf);

-----------------------------------------------------------------------

Summary of changes:
 dirmngr/Makefile.am     |   4 +-
 dirmngr/dns-stuff.c     | 316 +++++++++++++++++++++++++++++++++++++++++++++---
 dirmngr/dns-stuff.h     |  24 +++-
 dirmngr/ks-engine-hkp.c | 141 ++++++---------------
 dirmngr/t-dns-stuff.c   |  67 ++++++++--
 dirmngr/t-http.c        |   1 +
 6 files changed, 416 insertions(+), 137 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Oct 26 13:42:14 2015
From: cvs at cvs.gnupg.org (by Neal H. Walfield)
Date: Mon, 26 Oct 2015 13:42:14 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-67-gc18fb0d
Message-ID: <E1ZqgxJ-0001iS-4C@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  c18fb0d99b633bb267dead6e7c46229f4b780bc3 (commit)
       via  5b0ed7674dc718ee98e0c80aa93ce014f2b51411 (commit)
      from  5e7ac031f513ad3b60e4f092fa72b3bec0676515 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit c18fb0d99b633bb267dead6e7c46229f4b780bc3
Author: Neal H. Walfield <neal at g10code.com>
Date:   Mon Oct 26 13:41:07 2015 +0100

    gpg: Make sure we only have a single SQL statement.
    
    * g10/tofu.c (sqlite3_stepx): Make sure SQL only contains a single SQL
    statement.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/g10/tofu.c b/g10/tofu.c
index 4eab487..43a6224 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -289,10 +289,25 @@ sqlite3_stepx (sqlite3 *db,
     }
   else
     {
-      rc = sqlite3_prepare_v2 (db, sql, -1, &stmt, NULL);
+      const char *tail = NULL;
+
+      rc = sqlite3_prepare_v2 (db, sql, -1, &stmt, &tail);
       if (rc)
         log_fatal ("failed to prepare SQL: %s", sql);
 
+      /* We can only process a single statement.  */
+      if (tail)
+        {
+          while (*tail == ' ' || *tail == ';')
+            tail ++;
+
+          if (*tail)
+            log_fatal
+              ("sqlite3_stepx can only process a single SQL statement."
+               "  Second statement starts with: '%s'\n",
+               tail);
+        }
+
       if (stmtp)
         *stmtp = stmt;
     }

commit 5b0ed7674dc718ee98e0c80aa93ce014f2b51411
Author: Neal H. Walfield <neal at g10code.com>
Date:   Mon Oct 26 13:36:12 2015 +0100

    gpg: When the TOFU DB is in batch mode, periodically drop the locks.
    
    * g10/tofu.c: Include <sched.h>.
    (batch_update_started): New variable.
    (begin_transaction): If we've been in batch mode for a while, then
    commit any extant batch transactions.
    (tofu_begin_batch_update): If we are not in batch mode, initialize
    batch_update_started.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/g10/tofu.c b/g10/tofu.c
index ad61536..4eab487 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -28,6 +28,7 @@
 #include <sys/stat.h>
 #include <assert.h>
 #include <stdarg.h>
+#include <sched.h>
 #include <sqlite3.h>
 
 #include "gpg.h"
@@ -422,6 +423,9 @@ sqlite3_stepx (sqlite3 *db,
 }
 

 static int batch_update;
+static time_t batch_update_started;
+
+static gpg_error_t end_transaction (struct db *db, int only_batch);
 
 /* Start a transaction on DB.  */
 static gpg_error_t
@@ -430,6 +434,29 @@ begin_transaction (struct db *db, int only_batch)
   int rc;
   char *err = NULL;
 
+  if (batch_update && batch_update_started != gnupg_get_time ())
+    /* We've been in batch update mode for a while (on average, more
+       than 500 ms).  To prevent starving other gpg processes, we drop
+       and retake the batch lock.
+
+       Note: if we wanted higher resolution, we could use
+       npth_clock_gettime.  */
+    {
+      struct db *t;
+
+      for (t = db_cache; t; t = t->next)
+        if (t->batch_update)
+          end_transaction (t, 1);
+      for (t = db; t; t = t->next)
+        if (t->batch_update)
+          end_transaction (t, 1);
+
+      batch_update_started = gnupg_get_time ();
+
+      /* Yield to allow another process a chance to run.  */
+      sched_yield ();
+    }
+
   /* XXX: In split mode, this can end in deadlock.
 
      Consider: we have two gpg processes running simultaneously and
@@ -556,6 +583,9 @@ rollback_transaction (struct db *db)
 void
 tofu_begin_batch_update (void)
 {
+  if (! batch_update)
+    batch_update_started = gnupg_get_time ();
+
   batch_update ++;
 }
 

-----------------------------------------------------------------------

Summary of changes:
 g10/tofu.c | 47 ++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 46 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Oct 26 14:40:20 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 26 Oct 2015 14:40:20 +0100
Subject: [git] Assuan - branch, master, updated. libassuan-2.3.0-3-g4061ac5
Message-ID: <E1ZqhrU-0002a3-Fe@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPC library used by GnuPG".

The branch, master has been updated
       via  4061ac57ca84a1e0ed779096897a160d49b50c03 (commit)
      from  85ece74a11718338dcd76d6e43ea8100183df02f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 4061ac57ca84a1e0ed779096897a160d49b50c03
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Oct 26 14:35:41 2015 +0100

    Support hostname based SOCKS5 connection.
    
    * src/assuan.h.in (ASSUAN_SOCK_SOCKS): New.
    (ASSUAN_SOCK_TOR): New.
    (assuan_sock_connect_byname): New.
    * src/libassuan.def, src/libassuan.vers: Add that function.
    
    * src/assuan-socket.c (socks5_connect): Add args socksport,
    credentials, hostname, and hostport.  Implement user/password
    authentication and domainname address type.  Change callers
    accordingly.
    (_assuan_sock_connect_byname): New.
    (assuan_sock_connect_byname): New.
    
    * tests/socks5.c (main): Add options --byname, --user, and --pass.
    --
    
    The assuan_sock_connect_byname may eventually be extended to work
    without Tor or SOCKS by using getaddrinfo.  Or we move that all to
    libgpgrt (aka libgpg-error).
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/NEWS b/NEWS
index 934feda..01fa3b6 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,18 @@
-Noteworthy changes in version 2.3.1 (unreleased) [C6/A6/R_]
+Noteworthy changes in version 2.4.0 (unreleased) [C6/A6/R_]
 ------------------------------------------------
 
+ * New flags "socks" and "tor-mode" for assuan_sock_{set,get}_flag.
+
+ * New function assuan_sock_connect_byname.
+
+ * Interface changes relative to the 2.3.0 release:
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ assuan_sock_connect_byname    NEW.
+ ASSUAN_SOCK_TOR               NEW.
+ ASSUAN_SOCK_SOCKS             NEW.
+ assuan_sock_set_flag          EXTENDED.
+ assuan_sock_get_flag          EXTENDED.
+
 
 Noteworthy changes in version 2.3.0 (2015-08-28) [C6/A6/R0]
 ------------------------------------------------
diff --git a/doc/assuan.texi b/doc/assuan.texi
index 9161f0b..8445eb4 100644
--- a/doc/assuan.texi
+++ b/doc/assuan.texi
@@ -1979,6 +1979,22 @@ details on the redirection file format.
 @end deftypefun
 
 
+ at deftypefun int assuan_sock_connect_byname (@w{const char * @var{host}}, @
+         @w{unsigned short @var{port}}, @
+         @w{int @var{reserved}}, @
+         @w{const char *@var{credentials}}, @
+         @w{unsigned int @var{flags}})
+
+Directly connect to @var{port} on @var{host} given as a name.  The
+current implementation requires that @var{flags} has either
+ at code{ASSUAN_SOCK_SOCKS} or @code{ASSUAN_SOCK_TOR} set.  On success a
+new TCP STREAM socket is returned; on error @code{ASSUAN_INVALID_FD}
+and ERRNO set.  If @var{credentials} is not @code{NULL}, it is a
+string used for password based SOCKS authentication.  Username and
+password are separated by a colon. @var{reserved} should be 0.
+ at end deftypefun
+
+
 @deftypefun int assuan_sock_bind ( @
         @w{assuan_fd_t @var{sockfd}}, @
         @w{struct sockaddr *@var{addr}}, @
diff --git a/src/assuan-socket.c b/src/assuan-socket.c
index 9a6ee66..12e9e38 100644
--- a/src/assuan-socket.c
+++ b/src/assuan-socket.c
@@ -657,9 +657,11 @@ do_writen (assuan_context_t ctx, assuan_fd_t sockfd,
 }
 
 
-/* Connect using the SOCKS5 protocol.  */
+/* Connect using the SOCKS5 protocol. */
 static int
-socks5_connect (assuan_context_t ctx, int sock,
+socks5_connect (assuan_context_t ctx, int sock, unsigned short socksport,
+                const char *credentials,
+                const char *hostname, unsigned short hostport,
                 struct sockaddr *addr, socklen_t length)
 {
   int ret;
@@ -669,16 +671,36 @@ socks5_connect (assuan_context_t ctx, int sock,
   size_t proxyaddrlen;
   struct sockaddr_in6 *addr_in6;
   struct sockaddr_in  *addr_in;
-  unsigned char buffer[22];
-  size_t buflen;
+  unsigned char buffer[22+512]; /* The extra 512 gives enough space
+                                   for username/password or the
+                                   hostname. */
+  size_t buflen, hostnamelen;
+  int method;
 
   /* memset (&proxyaddr_in6, 0, sizeof proxyaddr_in6); */
   memset (&proxyaddr_in, 0, sizeof proxyaddr_in);
 
+  /* Either HOSTNAME or ADDR may be given.  */
+  if (hostname && addr)
+    {
+      gpg_err_set_errno (EINVAL);
+      return -1;
+    }
+
+  /* If a hostname is given it must fit into our buffer and it must be
+     less than 256 so that its length can be encoded in one byte.  */
+  hostnamelen = hostname? strlen (hostname) : 0;
+  if (hostnamelen > 255)
+    {
+      gpg_err_set_errno (ENAMETOOLONG);
+      return -1;
+    }
+
   /* Connect to local host.  */
-  /* Fixme: First try to use IPv6.  */
+  /* Fixme: First try to use IPv6 but note that
+     _assuan_sock_connect_byname created the socket with AF_INET.  */
   proxyaddr_in.sin_family = AF_INET;
-  proxyaddr_in.sin_port = htons (tor_mode);
+  proxyaddr_in.sin_port = htons (socksport);
   proxyaddr_in.sin_addr.s_addr = htonl (INADDR_LOOPBACK);
   proxyaddr = (struct sockaddr *)&proxyaddr_in;
   proxyaddrlen = sizeof proxyaddr_in;
@@ -687,7 +709,11 @@ socks5_connect (assuan_context_t ctx, int sock,
     return ret;
   buffer[0] = 5; /* RFC-1928 VER field.  */
   buffer[1] = 1; /* NMETHODS */
-  buffer[2] = 0; /* Method: No authentication required. */
+  if (credentials)
+    method = 2; /* Method: username/password authentication. */
+  else
+    method = 0; /* Method: No authentication required. */
+  buffer[2] = method;
 
   /* Negotiate method.  */
   ret = do_writen (ctx, sock, buffer, 3);
@@ -696,7 +722,7 @@ socks5_connect (assuan_context_t ctx, int sock,
   ret = do_readn (ctx, sock, buffer, 2);
   if (ret)
     return ret;
-  if (buffer[0] != 5 || buffer[1] != 0 )
+  if (buffer[0] != 5 || buffer[1] != method )
     {
       /* Socks server returned wrong version or does not support our
          requested method.  */
@@ -704,11 +730,70 @@ socks5_connect (assuan_context_t ctx, int sock,
       return -1;
     }
 
+  if (credentials)
+    {
+      const char *password;
+      int ulen, plen;
+
+      password = strchr (credentials, ':');
+      if (!password)
+        {
+          gpg_err_set_errno (EINVAL); /* No password given.  */
+          return -1;
+        }
+      ulen = password - credentials;
+      password++;
+      plen = strlen (password);
+      if (!ulen || ulen > 255 || !plen || plen > 255)
+        {
+          gpg_err_set_errno (EINVAL);
+          return -1;
+        }
+
+      buffer[0] = 1; /* VER of the sub-negotiation. */
+      buffer[1] = ulen;
+      buflen = 2;
+      memcpy (buffer+buflen, credentials, ulen);
+      buflen += ulen;
+      buffer[buflen++] = plen;
+      memcpy (buffer+buflen, password, plen);
+      buflen += plen;
+      ret = do_writen (ctx, sock, buffer, buflen);
+      wipememory (buffer, buflen);
+      if (ret)
+        return ret;
+      ret = do_readn (ctx, sock, buffer, 2);
+      if (ret)
+        return ret;
+      if (buffer[0] != 1)
+        {
+          /* SOCKS server returned wrong version.  */
+          gpg_err_set_errno (EPROTO);
+          return -1;
+        }
+      if (buffer[1])
+        {
+          /* SOCKS server denied access.  */
+          gpg_err_set_errno (EACCES);
+          return -1;
+        }
+    }
+
   /* Send request details (rfc-1928, 4).  */
   buffer[0] = 5; /* VER  */
   buffer[1] = 1; /* CMD = CONNECT  */
   buffer[2] = 0; /* RSV  */
-  if (addr->sa_family == AF_INET6)
+  if (hostname)
+    {
+      buffer[3] = 3; /* ATYP = DOMAINNAME */
+      buflen = 4;
+      buffer[buflen++] = hostnamelen;
+      memcpy (buffer+buflen, hostname, hostnamelen);
+      buflen += hostnamelen;
+      buffer[buflen++] = (hostport >> 8); /* DST.PORT */
+      buffer[buflen++] = hostport;
+    }
+  else if (addr->sa_family == AF_INET6)
     {
       addr_in6 = (struct sockaddr_in6 *)addr;
 
@@ -729,7 +814,7 @@ socks5_connect (assuan_context_t ctx, int sock,
   ret = do_writen (ctx, sock, buffer, buflen);
   if (ret)
     return ret;
-  ret = do_readn (ctx, sock, buffer, buflen);
+  ret = do_readn (ctx, sock, buffer, 10 /* Length for IPv4 */);
   if (ret)
     return ret;
   if (buffer[0] != 5 || buffer[2] != 0 )
@@ -743,10 +828,10 @@ socks5_connect (assuan_context_t ctx, int sock,
     {
       switch (buffer[1])
         {
-        case 0x01: /* general SOCKS server failure.  */
+        case 0x01: /* General SOCKS server failure.  */
           gpg_err_set_errno (ENETDOWN);
           break;
-        case 0x02: /* connection not allowed by ruleset.  */
+        case 0x02: /* Connection not allowed by ruleset.  */
           gpg_err_set_errno (EACCES);
           break;
         case 0x03: /* Network unreachable */
@@ -770,6 +855,15 @@ socks5_connect (assuan_context_t ctx, int sock,
         }
       return -1;
     }
+  if (buffer[3] == 4)
+    {
+      /* ATYP indicates a v6 address.  We need to read the remaining
+         12 bytes.  */
+      ret = do_readn (ctx, sock, buffer+10, 12);
+      if (ret)
+        return ret;
+    }
+
   /* FIXME: We have not way to store the actual address used by the
      server.  */
 
@@ -779,7 +873,7 @@ socks5_connect (assuan_context_t ctx, int sock,
 
 
 /* Return true if SOCKS shall be used.  This is the case if tor_mode
-   is enabled and and the desired address is not the loopback
+   is enabled and the desired address is not the loopback
    address.  */
 static int
 use_socks (struct sockaddr *addr)
@@ -874,7 +968,8 @@ _assuan_sock_connect (assuan_context_t ctx, assuan_fd_t sockfd,
     }
   else if (use_socks (addr))
     {
-      return socks5_connect (ctx, HANDLE2SOCKET (sockfd), addr, addrlen);
+      return socks5_connect (ctx, HANDLE2SOCKET (sockfd), tor_mode,
+                             NULL, NULL, 0, addr, addrlen);
     }
   else
     {
@@ -916,7 +1011,8 @@ _assuan_sock_connect (assuan_context_t ctx, assuan_fd_t sockfd,
 
   if (use_socks (addr))
     {
-      return socks5_connect (ctx, sockfd, addr, addrlen);
+      return socks5_connect (ctx, sockfd, tor_mode,
+                             NULL, NULL, 0, addr, addrlen);
     }
   else
     {
@@ -926,6 +1022,48 @@ _assuan_sock_connect (assuan_context_t ctx, assuan_fd_t sockfd,
 }
 
 
+/* Connect to HOST specified as host name on PORT.  The current
+   implementation requires that either the flags ASSUAN_SOCK_SOCKS or
+   ASSUAN_SOCK_TOR are give in FLAGS.  On success a new socket is
+   returned; on error ASSUAN_INVALID_FD is returned and ERRNO set.  If
+   CREDENTIALS is not NULL, it is a string used for password based
+   authentication.  Username and password are separated by a
+   colon.  RESERVED must be 0. */
+assuan_fd_t
+_assuan_sock_connect_byname (assuan_context_t ctx, const char *host,
+                             unsigned short port, int reserved,
+                             const char *credentials, unsigned int flags)
+{
+  int fd;
+  unsigned short socksport;
+
+  if ((flags & ASSUAN_SOCK_TOR))
+    socksport = TOR_PORT;
+  else if ((flags & ASSUAN_SOCK_SOCKS))
+    socksport = SOCKS_PORT;
+  else
+    {
+      gpg_err_set_errno (ENOTSUP);
+      return ASSUAN_INVALID_FD;
+    }
+
+  fd = _assuan_sock_new (ctx, AF_INET, SOCK_STREAM, 0);
+  if (fd == ASSUAN_INVALID_FD)
+    return fd;
+
+  if (socks5_connect (ctx, fd, socksport,
+                      credentials, host, port, NULL, 0))
+    {
+      int save_errno = errno;
+      assuan_sock_close (fd);
+      gpg_err_set_errno (save_errno);
+      return -1;
+    }
+
+  return fd;
+}
+
+
 int
 _assuan_sock_bind (assuan_context_t ctx, assuan_fd_t sockfd,
 		   struct sockaddr *addr, int addrlen)
@@ -1257,6 +1395,15 @@ assuan_sock_connect (assuan_fd_t sockfd, struct sockaddr *addr, int addrlen)
   return _assuan_sock_connect (sock_ctx, sockfd, addr, addrlen);
 }
 
+assuan_fd_t
+assuan_sock_connect_byname (const char *host, unsigned short port,
+                            int reserved, const char *credentials,
+                            unsigned int flags)
+{
+  return _assuan_sock_connect_byname (sock_ctx,
+                                      host, port, reserved, credentials, flags);
+}
+
 int
 assuan_sock_bind (assuan_fd_t sockfd, struct sockaddr *addr, int addrlen)
 {
diff --git a/src/assuan.h.in b/src/assuan.h.in
index b26fa3b..67a1c20 100644
--- a/src/assuan.h.in
+++ b/src/assuan.h.in
@@ -461,6 +461,14 @@ gpg_error_t assuan_set_error (assuan_context_t ctx, gpg_error_t err,
 
 /*-- assuan-socket.c --*/
 
+/* This flag is used with assuan_sock_connect_byname to
+   connect via SOCKS.  */
+#define ASSUAN_SOCK_SOCKS   1
+/* This flag is used with assuan_sock_connect_byname to force a
+   connection via Tor even if the socket subsystem has not been
+   swicthed into Tor mode.  This flags overrides ASSUAN_SOCK_SOCKS. */
+#define ASSUAN_SOCK_TOR     2
+
 /* These are socket wrapper functions to support an emulation of Unix
    domain sockets on Windows W32.  */
 gpg_error_t assuan_sock_init (void);
@@ -471,6 +479,10 @@ int assuan_sock_set_flag (assuan_fd_t sockfd, const char *name, int value);
 int assuan_sock_get_flag (assuan_fd_t sockfd, const char *name, int *r_value);
 int assuan_sock_connect (assuan_fd_t sockfd,
                          struct sockaddr *addr, int addrlen);
+assuan_fd_t assuan_sock_connect_byname (const char *host, unsigned short port,
+                                        int reserved,
+                                        const char *credentials,
+                                        unsigned int flags);
 int assuan_sock_bind (assuan_fd_t sockfd, struct sockaddr *addr, int addrlen);
 int assuan_sock_set_sockaddr_un (const char *fname, struct sockaddr *addr,
                                  int *r_redirected);
diff --git a/src/libassuan.def b/src/libassuan.def
index 9f31c31..c320151 100644
--- a/src/libassuan.def
+++ b/src/libassuan.def
@@ -114,6 +114,7 @@ EXPORTS
     assuan_sock_set_sockaddr_un         @93
     assuan_sock_set_flag                @94
     assuan_sock_get_flag                @95
+    assuan_sock_connect_byname          @96
 
 ; END
 
diff --git a/src/libassuan.vers b/src/libassuan.vers
index 2b2389d..37c0131 100644
--- a/src/libassuan.vers
+++ b/src/libassuan.vers
@@ -104,6 +104,7 @@ LIBASSUAN_1.0 {
     assuan_sock_set_sockaddr_un;
     assuan_sock_set_flag;
     assuan_sock_get_flag;
+    assuan_sock_connect_byname;
 
     __assuan_close;
     __assuan_pipe;
diff --git a/tests/socks5.c b/tests/socks5.c
index c179108..7aa2b71 100644
--- a/tests/socks5.c
+++ b/tests/socks5.c
@@ -63,6 +63,9 @@ main (int argc, char **argv)
   int only_v4 = 0;
   int use_tor = 0;
   int disable_socks = 0;
+  int opt_byname = 0;
+  const char *user = NULL;
+  const char *pass = NULL;
   assuan_fd_t sock = ASSUAN_INVALID_FD;
   estream_t infp, outfp;
   int c;
@@ -83,15 +86,18 @@ main (int argc, char **argv)
       else if (!strcmp (*argv, "--help"))
         {
           puts (
-"usage: ./socks5 [options] HOST PORT\n"
-"\n"
-"Options:\n"
-"  --verbose        Show what is going on\n"
-"  --use-tor        Use port 9050 instead of 1080\n"
-"  --inet6-only     Use only IPv6\n"
-"  --inet4-only     Use only IPv4\n"
-"  --disable-socks  Connect w/o SOCKS\n"
-);
+                "usage: ./socks5 [options] HOST PORT\n"
+                "\n"
+                "Options:\n"
+                "  --verbose        Show what is going on\n"
+                "  --use-tor        Use port 9050 instead of 1080\n"
+                "  --inet6-only     Use only IPv6\n"
+                "  --inet4-only     Use only IPv4\n"
+                "  --disable-socks  Connect w/o SOCKS\n"
+                "  --byname         Use assuan_sock_connect_byname\n"
+                "  --user STRING    Use STRING as user for authentication\n"
+                "  --pass STRING    Use STRING as password for authentication\n"
+                );
           exit (0);
         }
       if (!strcmp (*argv, "--verbose"))
@@ -124,6 +130,29 @@ main (int argc, char **argv)
           disable_socks = 1;
           argc--; argv++;
         }
+      else if (!strcmp (*argv, "--byname"))
+        {
+          opt_byname = 1;
+          argc--; argv++;
+        }
+      else if (!strcmp (*argv, "--user"))
+        {
+          argc--; argv++;
+          if (argc)
+            {
+              user = *argv;
+              argc--; argv++;
+            }
+        }
+      else if (!strcmp (*argv, "--pass"))
+        {
+          argc--; argv++;
+          if (argc)
+            {
+              pass = *argv;
+              argc--; argv++;
+            }
+        }
       else if (!strncmp (*argv, "--", 2))
         {
           log_error ("unknown option '%s'\n", *argv);
@@ -153,60 +182,86 @@ main (int argc, char **argv)
                  use_tor? "TOR": "SOCKS", gpg_strerror (err));
     }
 
-  {
-    struct addrinfo hints, *res, *ai;
-    int ret;
-    int anyok = 0;
-
-    memset (&hints, 0, sizeof (hints));
-    hints.ai_socktype = SOCK_STREAM;
-    ret = getaddrinfo (argv[0], argv[1], &hints, &res);
-    if (ret)
-      {
-        log_error ("error resolving '%s': %s\n", argv[0], gai_strerror (ret));
+  if (opt_byname)
+    {
+      unsigned short port;
+      char *cred;
+
+      if (user || pass)
+        cred = xstrconcat (user?user:"", ":", pass, NULL);
+      else
+        cred = NULL;
+
+      port = strtoul (argv[1], NULL, 10);
+      if (port < 0 || port > 65535)
+        log_fatal ("port number out of range\n");
+
+      sock = assuan_sock_connect_byname (argv[0], port, 0, cred,
+                                         ASSUAN_SOCK_TOR);
+      if (sock == ASSUAN_INVALID_FD)
+        {
+          err = gpg_error_from_syserror ();
+          log_error ("assuan_sock_connect_byname (%s) failed: %s\n",
+                     argv[0], gpg_strerror (err));
+          exit (1);
+        }
+      xfree (cred);
+    }
+  else
+    {
+      struct addrinfo hints, *res, *ai;
+      int ret;
+      int anyok = 0;
+
+      memset (&hints, 0, sizeof (hints));
+      hints.ai_socktype = SOCK_STREAM;
+      ret = getaddrinfo (argv[0], argv[1], &hints, &res);
+      if (ret)
+        {
+          log_error ("error resolving '%s': %s\n", argv[0], gai_strerror (ret));
+          exit (1);
+        }
+
+      for (ai = res; ai; ai = ai->ai_next)
+        {
+          if (ai->ai_family == AF_INET && only_v6)
+            continue;
+          if (ai->ai_family == AF_INET6 && only_v4)
+            continue;
+
+          if (sock != ASSUAN_INVALID_FD)
+            assuan_sock_close (sock);
+          sock = assuan_sock_new (ai->ai_family, ai->ai_socktype,
+                                  ai->ai_protocol);
+          if (sock == ASSUAN_INVALID_FD)
+            {
+              err = gpg_error_from_syserror ();
+              log_error ("error creating socket: %s\n", gpg_strerror (err));
+              freeaddrinfo (res);
+              exit (1);
+            }
+
+          if (assuan_sock_connect (sock,  ai->ai_addr, ai->ai_addrlen))
+            {
+              err = gpg_error_from_syserror ();
+              log_error ("assuan_sock_connect (%s) failed: %s\n",
+                         ai->ai_family == AF_INET6? "v6" :
+                         ai->ai_family == AF_INET ? "v4" : "?",
+                         gpg_strerror (err));
+            }
+          else
+            {
+              log_info ("assuan_sock_connect succeeded (%s)\n",
+                        ai->ai_family == AF_INET6? "v6" :
+                        ai->ai_family == AF_INET ? "v4" : "?");
+              anyok = 1;
+              break;
+            }
+        }
+      freeaddrinfo (res);
+      if (!anyok)
         exit (1);
-      }
-
-    for (ai = res; ai; ai = ai->ai_next)
-      {
-        if (ai->ai_family == AF_INET && only_v6)
-          continue;
-        if (ai->ai_family == AF_INET6 && only_v4)
-          continue;
-
-        if (sock != ASSUAN_INVALID_FD)
-          assuan_sock_close (sock);
-        sock = assuan_sock_new (ai->ai_family, ai->ai_socktype,
-                                ai->ai_protocol);
-        if (sock == ASSUAN_INVALID_FD)
-          {
-            err = gpg_error_from_syserror ();
-            log_error ("error creating socket: %s\n", gpg_strerror (err));
-            freeaddrinfo (res);
-            exit (1);
-          }
-
-        if (assuan_sock_connect (sock,  ai->ai_addr, ai->ai_addrlen))
-          {
-            err = gpg_error_from_syserror ();
-            log_error ("assuan_sock_connect (%s) failed: %s\n",
-                       ai->ai_family == AF_INET6? "v6" :
-                       ai->ai_family == AF_INET ? "v4" : "?",
-                       gpg_strerror (err));
-          }
-        else
-          {
-            log_info ("assuan_sock_connect succeeded (%d)\n",
-                      ai->ai_family == AF_INET6? "v6" :
-                      ai->ai_family == AF_INET ? "v4" : "?");
-            anyok = 1;
-            break;
-          }
-      }
-    freeaddrinfo (res);
-    if (!anyok)
-      exit (1);
-  }
+    }
 
   infp = es_fdopen_nc (sock, "rb");
   if (!infp)
@@ -220,8 +275,8 @@ main (int argc, char **argv)
     {
       err = gpg_error_from_syserror ();
       es_fclose (infp);
-        assuan_sock_close (sock);
-        log_fatal ("opening outbound stream failed: %s\n", gpg_strerror (err));
+      assuan_sock_close (sock);
+      log_fatal ("opening outbound stream failed: %s\n", gpg_strerror (err));
     }
 
   es_fputs ("HEAD / HTTP/1.0\r\n\r\n", outfp);

-----------------------------------------------------------------------

Summary of changes:
 NEWS                |  14 +++-
 doc/assuan.texi     |  16 +++++
 src/assuan-socket.c | 177 +++++++++++++++++++++++++++++++++++++++++++++-----
 src/assuan.h.in     |  12 ++++
 src/libassuan.def   |   1 +
 src/libassuan.vers  |   1 +
 tests/socks5.c      | 183 ++++++++++++++++++++++++++++++++++------------------
 7 files changed, 324 insertions(+), 80 deletions(-)


hooks/post-receive
-- 
IPC library used by GnuPG
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Oct 26 16:43:09 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 26 Oct 2015 16:43:09 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-71-g0d37a40
Message-ID: <E1ZqjmN-000583-Bc@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  0d37a40fc34519e93af3ceffff2cd726d29576d3 (commit)
       via  68100b4a0b6118cfd2813fa73ace0df441079379 (commit)
       via  4524a2a3714f263d56bb7db349c169b456994fd9 (commit)
       via  7735bbe539af35ce16e270946d5ae798c5989d6e (commit)
      from  c18fb0d99b633bb267dead6e7c46229f4b780bc3 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 0d37a40fc34519e93af3ceffff2cd726d29576d3
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Oct 26 16:38:41 2015 +0100

    w32: Make it build again if Tofu support is not available.
    
    * g10/keylist.c (public_key_list) [!USE_TOFU]: Do not call tofu
    functions.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/keylist.c b/g10/keylist.c
index d4e6b74..509cf7c 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -132,7 +132,9 @@ public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode)
      which is associated with the inode of a deleted file.  */
   check_trustdb_stale ();
 
+#ifdef USE_TOFU
   tofu_begin_batch_update ();
+#endif
 
   if (locate_mode)
     locate_one (ctrl, list);
@@ -141,7 +143,9 @@ public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode)
   else
     list_one (ctrl, list, 0, opt.with_secret);
 
+#ifdef USE_TOFU
   tofu_end_batch_update ();
+#endif
 }
 
 

commit 68100b4a0b6118cfd2813fa73ace0df441079379
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Oct 26 16:32:32 2015 +0100

    dirmngr: Add example Tor hidden service.
    
    --

diff --git a/README b/README
index 6ad3e51..f1215ef 100644
--- a/README
+++ b/README
@@ -169,7 +169,7 @@
   "https://gnupg.org/faq/whats-new-in-2.1.html" .
 
   The primary WWW page is "https://www.gnupg.org"
-             or using TOR "http://ic6au7wa3f6naxjq.onion"
+             or using Tor "http://ic6au7wa3f6naxjq.onion"
   The primary FTP site is "ftp://ftp.gnupg.org/gcrypt/"
 
   See [[https://gnupg.org/download/mirrors.html]] for a list of
diff --git a/g10/dirmngr-conf.skel b/g10/dirmngr-conf.skel
index 8857843..2ba5e4d 100644
--- a/g10/dirmngr-conf.skel
+++ b/g10/dirmngr-conf.skel
@@ -29,6 +29,9 @@
 # Example HKP keyservers:
 #      hkp://keys.gnupg.net
 #
+# Example HKP keyserver using a Tor hidden service
+#      hkp://dyh2j3qyrirn43iw.onion
+#
 # Example HKPS keyservers (see --hkp-cacert below):
 #       hkps://hkps.pool.sks-keyservers.net
 #

commit 4524a2a3714f263d56bb7db349c169b456994fd9
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Oct 26 16:32:03 2015 +0100

    dirmngr: Support Tor hidden services.
    
    * dirmngr/dns-stuff.c (is_onion_address): New.
    * dirmngr/ks-engine-hkp.c (hostinfo_s): Add field "onion".
    (map_host): Special case onion addresses.
    (ks_hkp_print_hosttable): Print an 'O' for an onion address.
    * dirmngr/http.c (connect_server): Special case onion addresses.
    --
    
    Note that this requires the latest libassuan from git.  Onion addresses
    are always support regardless of the --use-tor flag.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
index c80ee1d..21e5610 100644
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@@ -403,6 +403,20 @@ is_ip_address (const char *name)
 }
 
 
+/* Return true if NAME is an onion address.  */
+int
+is_onion_address (const char *name)
+{
+  size_t len;
+
+  len = name? strlen (name) : 0;
+  if (len < 8 || strcmp (name + len - 6, ".onion"))
+    return 0;
+  /* Note that we require at least 2 characters before the suffix.  */
+  return 1;  /* Yes.  */
+}
+
+
 #ifdef USE_ADNS
 /* Init ADNS and store the new state at R_STATE.  Returns 0 on
    success; prints an error message and returns an error code on
diff --git a/dirmngr/dns-stuff.h b/dirmngr/dns-stuff.h
index c3effad..515a859 100644
--- a/dirmngr/dns-stuff.h
+++ b/dirmngr/dns-stuff.h
@@ -110,6 +110,9 @@ gpg_error_t resolve_dns_addr (const struct sockaddr *addr, int addrlen,
 /* Return true if NAME is a numerical IP address.  */
 int is_ip_address (const char *name);
 
+/* Return true if NAME is an onion address.  */
+int is_onion_address (const char *name);
+
 /* Get the canonical name for NAME.  */
 gpg_error_t get_dns_cname (const char *name, char **r_cname);
 
diff --git a/dirmngr/http.c b/dirmngr/http.c
index 1a7c1ff..9e2ba90 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -2212,6 +2212,32 @@ connect_server (const char *server, unsigned short port,
   init_sockets ();
 #endif /*Windows*/
 
+  /* Onion addresses require special treatment.  */
+  if (is_onion_address (server))
+    {
+#ifdef ASSUAN_SOCK_TOR
+
+      my_unprotect ();
+      sock = assuan_sock_connect_byname (server, port, 0, NULL,
+                                         ASSUAN_SOCK_TOR);
+      my_protect ();
+
+      if (sock == ASSUAN_INVALID_FD)
+        {
+          if (errno == EHOSTUNREACH)
+            *r_host_not_found = 1;
+          log_error ("can't connect to '%s': %s\n", server, strerror (errno));
+        }
+      return sock;
+
+#else /*!ASSUAN_SOCK_TOR*/
+
+      gpg_err_set_errno (ENETUNREACH);
+      return -1; /* Out of core.  */
+
+#endif /*!HASSUAN_SOCK_TOR*/
+    }
+
 #ifdef USE_DNS_SRV
   /* Do the SRV thing */
   if (srvtag)
diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index 340b012..a658727 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -80,6 +80,7 @@ struct hostinfo_s
   int poolidx;       /* Index into POOL with the used host.  -1 if not set.  */
   unsigned int v4:1; /* Host supports AF_INET.  */
   unsigned int v6:1; /* Host supports AF_INET6.  */
+  unsigned int onion:1;/* NAME is an onion (Tor HS) address.  */
   unsigned int dead:1; /* Host is currently unresponsive.  */
   time_t died_at;    /* The time the host was marked dead.  If this is
                         0 the host has been manually marked dead.  */
@@ -124,6 +125,7 @@ create_new_hostinfo (const char *name)
   hi->lastfail = (time_t)(-1);
   hi->v4 = 0;
   hi->v6 = 0;
+  hi->onion = 0;
   hi->dead = 0;
   hi->died_at = 0;
   hi->cname = NULL;
@@ -267,7 +269,15 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
 
   /* See whether the host is in our table.  */
   idx = find_hostinfo (name);
-  if (idx == -1)
+  if (idx == -1 && is_onion_address (name))
+    {
+      idx = create_new_hostinfo (name);
+      if (idx == -1)
+        return gpg_error_from_syserror ();
+      hi = hosttable[idx];
+      hi->onion = 1;
+    }
+  else if (idx == -1)
     {
       /* We never saw this host.  Allocate a new entry.  */
       dns_addrinfo_t aibuf, ai;
@@ -512,6 +522,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
         *r_httpflags |= HTTP_FLAG_IGNORE_IPv4;
       if (!hi->v6)
         *r_httpflags |= HTTP_FLAG_IGNORE_IPv6;
+
+      /* Note that we do not set the HTTP_FLAG_FORCE_TOR for onion
+         addresses because the http module detects this itself.  This
+         also allows us to use an onion address without Tor mode being
+         enabled.  */
     }
 
   *r_host = xtrystrdup (hi->name);
@@ -683,7 +698,9 @@ ks_hkp_print_hosttable (ctrl_t ctrl)
         else
           diedstr = died = NULL;
         err = ks_printf_help (ctrl, "%3d %s %s %s %s%s%s%s%s%s%s%s\n",
-                              idx, hi->v6? "6":" ", hi->v4? "4":" ",
+                              idx,
+                              hi->onion? "O" : hi->v6? "6":" ",
+                              hi->v4? "4":" ",
                               hi->dead? "d":" ",
                               hi->name,
                               hi->v6addr? " v6=":"",

commit 7735bbe539af35ce16e270946d5ae798c5989d6e
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Oct 26 15:53:31 2015 +0100

    dirmngr,w32: Remove gethostbyname hack and make it build again.
    
    * dirmngr/http.c (connect_server) [W32]: Remove gethostbyname hack;
    we require getaddrinfo anyway.
    * dirmngr/dns-stuff.c (AI_ADDRCONFIG): Add replacement if not defined.
    (map_eai_to_gpg_error) [W32]: Take care of unsupported codes.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
index f3b622d..c80ee1d 100644
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@@ -59,6 +59,11 @@
 # error AF_UNSPEC does not have the value 0
 #endif
 
+/* Windows does not support tge AI_ADDRCONFIG flag - use zero instead.  */
+#ifndef AI_ADDRCONFIG
+# define AI_ADDRCONFIG 0
+#endif
+
 /* Not every installation has gotten around to supporting SRVs or
    CERTs yet... */
 #ifndef T_SRV
@@ -115,10 +120,12 @@ map_eai_to_gpg_error (int ec)
     case EAI_NODATA:    err = gpg_error (GPG_ERR_NO_DATA); break;
     case EAI_NONAME:    err = gpg_error (GPG_ERR_NO_NAME); break;
     case EAI_SERVICE:   err = gpg_error (GPG_ERR_NOT_SUPPORTED); break;
-    case EAI_ADDRFAMILY:err = gpg_error (GPG_ERR_EADDRNOTAVAIL); break;
     case EAI_FAMILY:    err = gpg_error (GPG_ERR_EAFNOSUPPORT); break;
     case EAI_SOCKTYPE:  err = gpg_error (GPG_ERR_ESOCKTNOSUPPORT); break;
+#ifndef HAVE_W32_SYSTEM
+    case EAI_ADDRFAMILY:err = gpg_error (GPG_ERR_EADDRNOTAVAIL); break;
     case EAI_SYSTEM:    err = gpg_error_from_syserror (); break;
+#endif
     default:            err = gpg_error (GPG_ERR_UNKNOWN_ERRNO); break;
     }
   return err;
diff --git a/dirmngr/http.c b/dirmngr/http.c
index de5edc3..1a7c1ff 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -2205,46 +2205,12 @@ connect_server (const char *server, unsigned short port,
   int srv, connected;
   int last_errno = 0;
   struct srventry *serverlist = NULL;
-#ifdef HAVE_W32_SYSTEM
-  unsigned long inaddr;
-#endif
   int ret;
 
   *r_host_not_found = 0;
-#ifdef HAVE_W32_SYSTEM
-
-#ifndef HTTP_NO_WSASTARTUP
+#if defined(HAVE_W32_SYSTEM) && !defined(HTTP_NO_WSASTARTUP)
   init_sockets ();
-#endif
-  /* Win32 gethostbyname doesn't handle IP addresses internally, so we
-     try inet_addr first on that platform only. */
-  inaddr = inet_addr(server);
-  if ( inaddr != INADDR_NONE )
-    {
-      struct sockaddr_in addr;
-
-      memset(&addr,0,sizeof(addr));
-
-      sock = assuan_sock_new (AF_INET, SOCK_STREAM, 0);
-      if (sock == ASSUAN_INVALID_FD)
-	{
-	  log_error ("error creating socket: %s\n", strerror (errno));
-	  return ASSUAN_INVALID_FD;
-	}
-
-      addr.sin_family = AF_INET;
-      addr.sin_port = htons(port);
-      memcpy (&addr.sin_addr,&inaddr,sizeof(inaddr));
-
-      my_unprotect ();
-      ret = assuan_sock_connect (sock,(struct sockaddr *)&addr,sizeof(addr));
-      my_protect ();
-      if (!ret)
-	return sock;
-      assuan_sock_close (sock);
-      return ASSUAN_INVALID_FD;
-    }
-#endif /*HAVE_W32_SYSTEM*/
+#endif /*Windows*/
 
 #ifdef USE_DNS_SRV
   /* Do the SRV thing */

-----------------------------------------------------------------------

Summary of changes:
 README                  |  2 +-
 dirmngr/dns-stuff.c     | 23 ++++++++++++++++++++++-
 dirmngr/dns-stuff.h     |  3 +++
 dirmngr/http.c          | 50 +++++++++++++++++++++----------------------------
 dirmngr/ks-engine-hkp.c | 21 +++++++++++++++++++--
 g10/dirmngr-conf.skel   |  3 +++
 g10/keylist.c           |  4 ++++
 7 files changed, 73 insertions(+), 33 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Oct 26 17:01:20 2015
From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor)
Date: Mon, 26 Oct 2015 17:01:20 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-72-g91015d0
Message-ID: <E1Zqk3x-0005dk-1p@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  91015d021b3dcbe21ad0e580a4f34c523abf9e72 (commit)
      from  0d37a40fc34519e93af3ceffff2cd726d29576d3 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 91015d021b3dcbe21ad0e580a4f34c523abf9e72
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date:   Fri Oct 23 17:46:57 2015 -0400

    gpg: Ensure all weak digest rejection notices are shown
    
    * g10/main.h: Add rejection_shown flag to each weakhash struct
    * g10/misc.c (print_digest_algo_note, additional_weak_digest): Do not
    treat MD5 separately; (print_digest_rejected_note): Use
    weakhash.rejection_shown instead of static shown.
    * g10/options.h (opt): Change from additional_weak_digests to
    weak_digests.
    * g10/sig-check.c: Do not treat MD5 separately.
    * g10/gpg.c (main): Explicitly set MD5 as weak.
    * g10/gpgv.c (main): Explicitly set MD5 as weak.
    
    --
    
    Previously, only one weak digest rejection message was shown, of
    whichever was the first type encountered.  This meant that if "gpg
    --weak-digest SHA224" encountered both an MD5 digest and a SHA224
    digest, it would only show the user that the MD5 digest was rejected.
    
    In order to let the user know which algorithms were rejected, we
    needed to move the "shown" flag into a per-weak-algorithm location.
    Given this additional complication, it made no sense to continue to
    treat MD5 specially, so it is added as a default weak algorithm in the
    same opt.weak_digests data structure as any other.
    
    Signed-Off-By: Daniel Kahn Gillmor <dkg at fifthhorseman.net>

diff --git a/g10/gpg.c b/g10/gpg.c
index ff6e59f..c18edd0 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -2216,7 +2216,8 @@ main (int argc, char **argv)
     set_homedir (default_homedir ());
     opt.passphrase_repeat = 1;
     opt.emit_version = 1; /* Limit to the major number.  */
-    opt.additional_weak_digests = NULL;
+    opt.weak_digests = NULL;
+    additional_weak_digest("MD5");
 
     /* Check whether we have a config file on the command line.  */
     orig_argc = argc;
diff --git a/g10/gpgv.c b/g10/gpgv.c
index ec09706..9a6dbd6 100644
--- a/g10/gpgv.c
+++ b/g10/gpgv.c
@@ -169,11 +169,13 @@ main( int argc, char **argv )
   opt.batch = 1;
 
   opt.homedir = default_homedir ();
+  opt.weak_digests = NULL;
 
   tty_no_terminal(1);
   tty_batchmode(1);
   dotlock_disable ();
   gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
+  additional_weak_digest("MD5");
 
   pargs.argc = &argc;
   pargs.argv = &argv;
diff --git a/g10/main.h b/g10/main.h
index a50c85c..cb79a71 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -72,6 +72,7 @@ struct groupitem
 struct weakhash
 {
   enum gcry_md_algos algo;
+  int rejection_shown;
   struct weakhash *next;
 };
 
diff --git a/g10/misc.c b/g10/misc.c
index 93ddaa0..5c77714 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -307,7 +307,6 @@ print_cipher_algo_note (cipher_algo_t algo)
 void
 print_digest_algo_note (digest_algo_t algo)
 {
-  int deprecated = 0;
   const enum gcry_md_algos galgo = map_md_openpgp_to_gcry (algo);
   const struct weakhash *weak;
 
@@ -322,34 +321,38 @@ print_digest_algo_note (digest_algo_t algo)
                     gcry_md_algo_name (galgo));
 	}
     }
-  else if(algo == DIGEST_ALGO_MD5)
-    deprecated = 1;
   else
-      for (weak = opt.additional_weak_digests; weak != NULL; weak = weak->next)
+      for (weak = opt.weak_digests; weak != NULL; weak = weak->next)
         if (weak->algo == galgo)
-          deprecated = 1;
-
-  if (deprecated)
-    {
-      es_fflush (es_stdout);
-      log_info (_("WARNING: digest algorithm %s is deprecated\n"),
-                gcry_md_algo_name (galgo));
-    }
+          {
+            es_fflush (es_stdout);
+            log_info (_("WARNING: digest algorithm %s is deprecated\n"),
+                      gcry_md_algo_name (galgo));
+          }
 }
 
 
 void
 print_digest_rejected_note (enum gcry_md_algos algo)
 {
-  static int shown;
-
-  if (!shown)
+  struct weakhash* weak;
+  int show = 1;
+  for (weak = opt.weak_digests; weak; weak = weak->next)
+    if (weak->algo == algo)
+      {
+        if (weak->rejection_shown)
+          show = 0;
+        else
+          weak->rejection_shown = 1;
+        break;
+      }
+
+  if (show)
     {
       es_fflush (es_stdout);
       log_info
         (_("Note: signatures using the %s algorithm are rejected\n"),
          gcry_md_algo_name(algo));
-      shown = 1;
     }
 }
 
@@ -1699,9 +1702,6 @@ additional_weak_digest (const char* digestname)
   struct weakhash *weak = NULL;
   const enum gcry_md_algos algo = string_to_digest_algo(digestname);
 
-  if (algo == GCRY_MD_MD5)
-    return; /* MD5 is always considered weak, no need to add it.  */
-
   if (algo == GCRY_MD_NONE)
     {
       log_error(_("Unknown weak digest '%s'\n"), digestname);
@@ -1709,15 +1709,14 @@ additional_weak_digest (const char* digestname)
     }
 
   /* Check to ensure it's not already present.  */
-  for (weak = opt.additional_weak_digests; weak != NULL; weak = weak->next)
-    {
-      if (algo == weak->algo)
-        return;
-    }
+  for (weak = opt.weak_digests; weak; weak = weak->next)
+    if (algo == weak->algo)
+      return;
 
   /* Add it to the head of the list.  */
   weak = xmalloc(sizeof(*weak));
   weak->algo = algo;
-  weak->next = opt.additional_weak_digests;
-  opt.additional_weak_digests = weak;
+  weak->rejection_shown = 0;
+  weak->next = opt.weak_digests;
+  opt.weak_digests = weak;
 }
diff --git a/g10/options.h b/g10/options.h
index 0c674e6..4c7a5db 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -169,7 +169,7 @@ struct
   prefitem_t *personal_cipher_prefs;
   prefitem_t *personal_digest_prefs;
   prefitem_t *personal_compress_prefs;
-  struct weakhash *additional_weak_digests;
+  struct weakhash *weak_digests;
   int no_perm_warn;
   int no_mdc_warn;
   char *temp_dir;
diff --git a/g10/sig-check.c b/g10/sig-check.c
index f912c0c..2cfc5da 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -360,19 +360,12 @@ check_signature_end (PKT_public_key *pk, PKT_signature *sig,
         return rc;
 
     if (!opt.flags.allow_weak_digest_algos)
-      {
-        if (sig->digest_algo == GCRY_MD_MD5)
+      for (weak = opt.weak_digests; weak; weak = weak->next)
+        if (sig->digest_algo == weak->algo)
           {
             print_digest_rejected_note(sig->digest_algo);
             return GPG_ERR_DIGEST_ALGO;
           }
-        for (weak = opt.additional_weak_digests; weak; weak = weak->next)
-          if (sig->digest_algo == weak->algo)
-            {
-              print_digest_rejected_note(sig->digest_algo);
-              return GPG_ERR_DIGEST_ALGO;
-            }
-      }
 
     /* Make sure the digest algo is enabled (in case of a detached
        signature).  */

-----------------------------------------------------------------------

Summary of changes:
 g10/gpg.c       |  3 ++-
 g10/gpgv.c      |  2 ++
 g10/main.h      |  1 +
 g10/misc.c      | 51 +++++++++++++++++++++++++--------------------------
 g10/options.h   |  2 +-
 g10/sig-check.c | 11 ++---------
 6 files changed, 33 insertions(+), 37 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Oct 26 20:40:34 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 26 Oct 2015 20:40:34 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-73-ga6c2c09
Message-ID: <E1ZqnU6-0001kg-QR@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  a6c2c098435a703ca02abf651ff4fa45e5a4db9a (commit)
      from  91015d021b3dcbe21ad0e580a4f34c523abf9e72 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit a6c2c098435a703ca02abf651ff4fa45e5a4db9a
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Oct 26 20:36:16 2015 +0100

    gpg: Do not call an extra get_validity if no-show-uid-validity is used.
    
    * g10/mainproc.c (check_sig_and_print): Do not call the informational
    get_validity if we are not going to use it.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/mainproc.c b/g10/mainproc.c
index 4bf5a4e..b8e0ea6 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -1838,7 +1838,8 @@ check_sig_and_print (CTX c, kbnode_t node)
       snprintf (keyid_str, sizeof keyid_str, "%08lX%08lX [uncertain] ",
                 (ulong)sig->keyid[0], (ulong)sig->keyid[1]);
 
-      /* Find and print the primary user ID.  */
+      /* Find and print the primary user ID along with the
+         "Good|Expired|Bad signature" line.  */
       for (un=keyblock; un; un = un->next)
         {
           int valid;
@@ -1866,8 +1867,13 @@ check_sig_and_print (CTX c, kbnode_t node)
 
 	  /* Since this is just informational, don't actually ask the
 	     user to update any trust information.  (Note: we register
-	     the signature later.)  */
-          valid = get_validity (pk, un->pkt->pkt.user_id, NULL, 0);
+	     the signature later.)  Because print_good_bad_signature
+	     does not print a LF we need to compute the validity
+	     before calling that function.  */
+          if ((opt.verify_options & VERIFY_SHOW_UID_VALIDITY))
+            valid = get_validity (pk, un->pkt->pkt.user_id, NULL, 0);
+          else
+            valid = 0; /* Not used.  */
 
           keyid_str[17] = 0; /* cut off the "[uncertain]" part */
 
@@ -1878,11 +1884,17 @@ check_sig_and_print (CTX c, kbnode_t node)
           else
             log_printf ("\n");
 
+          /* Get a string description of the algo for informational
+             output we want to print later.  It is convenient to do it
+             here because we already have the right public key. */
           pubkey_string (pk, pkstrbuf, sizeof pkstrbuf);
           count++;
 	}
 
-      if (!count)  /* Just in case that we have no valid textual userid */
+      /* In case we did not found a valid valid textual userid above
+         we print the first user id packet or a "[?]" instead along
+         with the "Good|Expired|Bad signature" line.  */
+      if (!count)
         {
           /* Try for an invalid textual userid */
           for (un=keyblock; un; un = un->next)
@@ -1927,11 +1939,12 @@ check_sig_and_print (CTX c, kbnode_t node)
                    || un->pkt->pkt.user_id->is_expired)
                   && !(opt.verify_options & VERIFY_SHOW_UNUSABLE_UIDS))
                 continue;
-              /* Only skip textual primaries */
+              /* Skip textual primary user ids which we printed above. */
               if (un->pkt->pkt.user_id->is_primary
                   && !un->pkt->pkt.user_id->attrib_data )
                 continue;
 
+              /* If this user id has attribute data, print that.  */
               if (un->pkt->pkt.user_id->attrib_data)
                 {
                   dump_attribs (un->pkt->pkt.user_id, pk);
@@ -1969,6 +1982,7 @@ check_sig_and_print (CTX c, kbnode_t node)
 	}
       release_kbnode( keyblock );
 
+      /* For good signatures print notation data.  */
       if (!rc)
         {
           if ((opt.verify_options & VERIFY_SHOW_POLICY_URLS))
@@ -1990,9 +2004,9 @@ check_sig_and_print (CTX c, kbnode_t node)
             show_notation (sig, 0, 2, 0);
         }
 
+      /* For good signatures print the VALIDSIG status line.  */
       if (!rc && is_status_enabled ())
         {
-          /* Print a status response with the fingerprint. */
           PKT_public_key *vpk = xmalloc_clear (sizeof *vpk);
 
           if (!get_pubkey (vpk, sig->keyid))
@@ -2040,6 +2054,9 @@ check_sig_and_print (CTX c, kbnode_t node)
           free_public_key (vpk);
 	}
 
+      /* For good signatures compute and print the trust information.
+         Note that in the Tofu trust model this may ask the user on
+         how to resolve a conflict.  */
       if (!rc)
         {
           if ((opt.verify_options & VERIFY_PKA_LOOKUPS))
@@ -2047,6 +2064,7 @@ check_sig_and_print (CTX c, kbnode_t node)
           rc = check_signatures_trust (sig);
         }
 
+      /* Print extra information about the signature.  */
       if (sig->flags.expired)
         {
           log_info (_("Signature expired %s\n"), asctimestamp(sig->expiredate));
@@ -2063,6 +2081,7 @@ check_sig_and_print (CTX c, kbnode_t node)
                   *pkstrbuf?_(", key algorithm "):"",
                   pkstrbuf);
 
+      /* Print final warnings.  */
       if (!rc && !c->signed_data.used)
         {
           /* Signature is basically good but we test whether the

-----------------------------------------------------------------------

Summary of changes:
 g10/mainproc.c | 31 +++++++++++++++++++++++++------
 1 file changed, 25 insertions(+), 6 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Oct 26 21:08:40 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 26 Oct 2015 21:08:40 +0100
Subject: [git] Assuan - branch, master, updated. libassuan-2.3.0-4-gdda9c84
Message-ID: <E1ZqnvI-0002OB-2T@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPC library used by GnuPG".

The branch, master has been updated
       via  dda9c84bc67326a6d2bef1e5c45b5de8b67eeb40 (commit)
      from  4061ac57ca84a1e0ed779096897a160d49b50c03 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit dda9c84bc67326a6d2bef1e5c45b5de8b67eeb40
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Oct 26 21:04:54 2015 +0100

    Tests: Cope with broken HTTP servers.
    
    * tests/socks5.c (main): Use GET instead of HEAD

diff --git a/tests/socks5.c b/tests/socks5.c
index 7aa2b71..68659fc 100644
--- a/tests/socks5.c
+++ b/tests/socks5.c
@@ -69,6 +69,7 @@ main (int argc, char **argv)
   assuan_fd_t sock = ASSUAN_INVALID_FD;
   estream_t infp, outfp;
   int c;
+  int lf_seen;
 
   if (argc)
     {
@@ -279,13 +280,22 @@ main (int argc, char **argv)
       log_fatal ("opening outbound stream failed: %s\n", gpg_strerror (err));
     }
 
-  es_fputs ("HEAD / HTTP/1.0\r\n\r\n", outfp);
+  es_fputs ("GET / HTTP/1.0\r\n\r\n", outfp);
   es_fflush (outfp);
+  lf_seen = 0;
   while ((c = es_fgetc (infp)) != EOF)
     {
+      if (c == '\r')
+        continue;
       putchar (c);
       if (c == '\n')
-        break;
+        {
+          if (lf_seen)
+            break;
+          lf_seen = 1;
+        }
+      else
+        lf_seen = 0;
     }
   es_fclose (infp);
   es_fclose (outfp);

-----------------------------------------------------------------------

Summary of changes:
 tests/socks5.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
IPC library used by GnuPG
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Oct 28 10:19:17 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 28 Oct 2015 10:19:17 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-75-g949a5cf
Message-ID: <E1ZrMjw-0006lg-Lw@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  949a5cfdabcafab93c1ac092c0459b59318805b9 (commit)
       via  e026efb4363bc6e3c41ed533daf06f103ebd2e32 (commit)
      from  a6c2c098435a703ca02abf651ff4fa45e5a4db9a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 949a5cfdabcafab93c1ac092c0459b59318805b9
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Oct 28 10:14:07 2015 +0100

    dirmngr: Minor cleanup of the SRV RR code.
    
    * dirmngr/dns-stuff.c: Include unistd.h.
    (getsrv): Run srand only once.
    * dirmngr/t-dns-stuff.c (main): Allow passing another name for --srv
    and change output format.

diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
index 3689d8f..3220d76 100644
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@@ -42,6 +42,7 @@
 # include <netdb.h>
 #endif
 #include <string.h>
+#include <unistd.h>
 #ifdef USE_ADNS
 # include <adns.h>
 #endif
@@ -1103,9 +1104,16 @@ getsrv (const char *name,struct srventry **list)
 
   /* Run the RFC-2782 weighting algorithm.  We don't need very high
      quality randomness for this, so regular libc srand/rand is
-     sufficient.  Fixme: It is a bit questionaly to reinitalize srand
-     - better use a gnupg fucntion for this.  */
-  srand(time(NULL)*getpid());
+     sufficient.  */
+
+  {
+    static int done;
+    if (!done)
+      {
+        done = 1;
+        srand (time (NULL)*getpid());
+      }
+  }
 
   for (i=0; i < srvcount; i++)
     {
diff --git a/dirmngr/t-dns-stuff.c b/dirmngr/t-dns-stuff.c
index 4ecbd64..191b581 100644
--- a/dirmngr/t-dns-stuff.c
+++ b/dirmngr/t-dns-stuff.c
@@ -205,15 +205,14 @@ main (int argc, char **argv)
       struct srventry *srv;
       int rc,i;
 
-      rc=getsrv("_hkp._tcp.wwwkeys.pgp.net",&srv);
-      printf("Count=%d\n\n",rc);
+      rc=getsrv (name? name : "_hkp._tcp.wwwkeys.pgp.net", &srv);
+      printf("Count=%d\n",rc);
       for(i=0;i<rc;i++)
         {
-          printf("priority=%hu\n",srv[i].priority);
-          printf("weight=%hu\n",srv[i].weight);
-          printf("port=%hu\n",srv[i].port);
+          printf("priority=%-8hu  ",srv[i].priority);
+          printf("weight=%-8hu  ",srv[i].weight);
+          printf("port=%-5hu  ",srv[i].port);
           printf("target=%s\n",srv[i].target);
-          printf("\n");
         }
 
       xfree(srv);

commit e026efb4363bc6e3c41ed533daf06f103ebd2e32
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Oct 28 08:55:01 2015 +0100

    dirmngr: Add a getaddrinfo wrapper backend using ADNS.
    
    * dirmngr/dns-stuff.c: Replace all use of default_errsource.
    (my_adns_init): Move to top.
    (resolve_name_adns): New.
    (resolve_dns_name) [USE_ADNS]: Divert to new func.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c
index 21e5610..3689d8f 100644
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@@ -54,12 +54,12 @@
 #include "host2net.h"
 #include "dns-stuff.h"
 
-
+/* We allow the use of 0 instead of AF_UNSPEC - check this assumption.  */
 #if AF_UNSPEC != 0
 # error AF_UNSPEC does not have the value 0
 #endif
 
-/* Windows does not support tge AI_ADDRCONFIG flag - use zero instead.  */
+/* Windows does not support the AI_ADDRCONFIG flag - use zero instead.  */
 #ifndef AI_ADDRCONFIG
 # define AI_ADDRCONFIG 0
 #endif
@@ -132,6 +132,129 @@ map_eai_to_gpg_error (int ec)
 }
 
 
+#ifdef USE_ADNS
+/* Init ADNS and store the new state at R_STATE.  Returns 0 on
+   success; prints an error message and returns an error code on
+   failure.  */
+static gpg_error_t
+my_adns_init (adns_state *r_state)
+{
+  gpg_error_t err;
+
+  if (tor_mode? adns_init_strcfg (r_state,
+                                  adns_if_noerrprint|adns_if_tormode,
+                                  NULL, "nameserver 8.8.8.8")
+      /*    */: adns_init (r_state, adns_if_noerrprint, NULL))
+    {
+      err = gpg_error_from_syserror ();
+      log_error ("error initializing adns: %s\n", gpg_strerror (err));
+      return err;
+    }
+  return 0;
+}
+#endif /*USE_ADNS*/
+
+
+#ifdef USE_ADNS
+/* Resolve a name using the ADNS library.  See resolve_dns_name for
+   the description.  */
+static gpg_error_t
+resolve_name_adns (const char *name, unsigned short port,
+                   int want_family, int want_socktype,
+                   dns_addrinfo_t *r_dai, char **r_canonname)
+{
+  gpg_error_t err = 0;
+  dns_addrinfo_t daihead = NULL;
+  dns_addrinfo_t dai;
+  adns_state state;
+  adns_answer *answer = NULL;
+  int count;
+
+  *r_dai = NULL;
+  if (r_canonname)
+    *r_canonname = NULL;
+
+  if (want_socktype != SOCK_STREAM && want_socktype != SOCK_DGRAM)
+    return gpg_error (GPG_ERR_ESOCKTNOSUPPORT);
+
+  err = my_adns_init (&state);
+  if (err)
+    return err;
+
+  if (adns_synchronous (state, name, adns_r_addr,
+                        adns_qf_quoteok_query, &answer))
+    {
+      err = gpg_error_from_syserror ();
+      log_error ("DNS query failed: %s\n", gpg_strerror (err));
+      goto leave;
+    }
+
+  err = gpg_error (GPG_ERR_NOT_FOUND);
+  if (answer->status != adns_s_ok || answer->type != adns_r_addr)
+    {
+      log_error ("DNS query returned an error: %s (%s)\n",
+                 adns_strerror (answer->status),
+                 adns_errabbrev (answer->status));
+      goto leave;
+    }
+
+  if (r_canonname && answer->cname)
+    {
+      *r_canonname = xtrystrdup (answer->cname);
+      if (!*r_canonname)
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
+    }
+
+  for (count = 0; count < answer->nrrs; count++)
+    {
+      int len;
+      adns_rr_addr *addr;
+
+      len  = answer->rrs.addr[count].len;
+      addr = &answer->rrs.addr[count];
+      if (addr->addr.sa.sa_family != AF_INET6
+          && addr->addr.sa.sa_family != AF_INET)
+        continue;
+
+      dai = xtrymalloc (sizeof *dai + len - 1);
+      if (!dai)
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
+      dai->family = addr->addr.sa.sa_family;
+      dai->socktype = want_socktype == SOCK_STREAM? SOCK_STREAM : SOCK_DGRAM;
+      dai->protocol = want_socktype == SOCK_STREAM? IPPROTO_TCP : IPPROTO_UDP;
+      dai->addrlen = len;
+      memcpy (dai->addr, &addr->addr.sa, len);
+      dai->next = daihead;
+      daihead = dai;
+      err = 0;
+    }
+
+ leave:
+  adns_free (answer);
+  adns_finish (state);
+  if (err)
+    {
+      if (r_canonname)
+        {
+          xfree (*r_canonname);
+          *r_canonname = NULL;
+        }
+      free_dns_addrinfo (daihead);
+    }
+  else
+    *r_dai = daihead;
+  return err;
+}
+#endif /*USE_ADNS*/
+
+
+#ifndef USE_ADNS
 /* Resolve a name using the standard system function.  */
 static gpg_error_t
 resolve_name_standard (const char *name, unsigned short port,
@@ -236,6 +359,7 @@ resolve_name_standard (const char *name, unsigned short port,
     *r_dai = daihead;
   return err;
 }
+#endif /*!USE_ADNS*/
 
 
 /* Resolve an address using the standard system function.  */
@@ -314,7 +438,7 @@ resolve_dns_name (const char *name, unsigned short port,
                   int want_family, int want_socktype,
                   dns_addrinfo_t *r_ai, char **r_canonname)
 {
-#ifdef USE_ADNS_disabled_for_now
+#ifdef USE_ADNS
   return resolve_name_adns (name, port, want_family, want_socktype,
                             r_ai, r_canonname);
 #else
@@ -417,29 +541,6 @@ is_onion_address (const char *name)
 }
 
 
-#ifdef USE_ADNS
-/* Init ADNS and store the new state at R_STATE.  Returns 0 on
-   success; prints an error message and returns an error code on
-   failure.  */
-static gpg_error_t
-my_adns_init (adns_state *r_state)
-{
-  gpg_error_t err;
-
-  if (tor_mode? adns_init_strcfg (r_state,
-                                  adns_if_noerrprint|adns_if_tormode,
-                                  NULL, "nameserver 8.8.8.8")
-      /*    */: adns_init (r_state, adns_if_noerrprint, NULL))
-    {
-      err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
-      log_error ("error initializing adns: %s\n", gpg_strerror (err));
-      return err;
-    }
-  return 0;
-}
-#endif /*USE_ADNS*/
-
-
 /* Returns 0 on success or an error code.  If a PGP CERT record was
    found, the malloced data is returned at (R_KEY, R_KEYLEN) and
    the other return parameters are set to NULL/0.  If an IPGP CERT
@@ -482,7 +583,7 @@ get_dns_cert (const char *name, int want_certtype,
                             : (want_certtype - DNS_CERTTYPE_RRBASE))),
                         adns_qf_quoteok_query, &answer))
     {
-      err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
+      err = gpg_error_from_syserror ();
       /* log_error ("DNS query failed: %s\n", strerror (errno)); */
       adns_finish (state);
       return err;
@@ -492,11 +593,11 @@ get_dns_cert (const char *name, int want_certtype,
       /* log_error ("DNS query returned an error: %s (%s)\n", */
       /*            adns_strerror (answer->status), */
       /*            adns_errabbrev (answer->status)); */
-      err = gpg_err_make (default_errsource, GPG_ERR_NOT_FOUND);
+      err = gpg_error (GPG_ERR_NOT_FOUND);
       goto leave;
     }
 
-  err = gpg_err_make (default_errsource, GPG_ERR_NOT_FOUND);
+  err = gpg_error (GPG_ERR_NOT_FOUND);
   for (count = 0; count < answer->nrrs; count++)
     {
       int datalen = answer->rrs.byteblock[count].len;
@@ -511,8 +612,7 @@ get_dns_cert (const char *name, int want_certtype,
           /* Found the requested record - return it.  */
           *r_key = xtrymalloc (datalen);
           if (!*r_key)
-            err = gpg_err_make (default_errsource,
-                                gpg_err_code_from_syserror ());
+            err = gpg_error_from_syserror ();
           else
             {
               memcpy (*r_key, data, datalen);
@@ -538,8 +638,7 @@ get_dns_cert (const char *name, int want_certtype,
              thus we do the same.  */
           *r_key = xtrymalloc (datalen);
           if (!*r_key)
-            err = gpg_err_make (default_errsource,
-                                gpg_err_code_from_syserror ());
+            err = gpg_error_from_syserror ();
           else
             {
               memcpy (*r_key, data, datalen);
@@ -560,8 +659,7 @@ get_dns_cert (const char *name, int want_certtype,
               *r_fpr = xtrymalloc (*r_fprlen);
               if (!*r_fpr)
                 {
-                  err = gpg_err_make (default_errsource,
-                                      gpg_err_code_from_syserror ());
+                  err = gpg_error_from_syserror ();
                   goto leave;
                 }
               memcpy (*r_fpr, data + 1, *r_fprlen);
@@ -574,8 +672,7 @@ get_dns_cert (const char *name, int want_certtype,
               *r_url = xtrymalloc (datalen - (*r_fprlen + 1) + 1);
               if (!*r_url)
                 {
-                  err = gpg_err_make (default_errsource,
-                                      gpg_err_code_from_syserror ());
+                  err = gpg_error_from_syserror ();
                   xfree (*r_fpr);
                   *r_fpr = NULL;
                   goto leave;
@@ -615,10 +712,9 @@ get_dns_cert (const char *name, int want_certtype,
   /* Allocate a 64k buffer which is the limit for an DNS response.  */
   answer = xtrymalloc (65536);
   if (!answer)
-    return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
-
-  err = gpg_err_make (default_errsource, GPG_ERR_NOT_FOUND);
+    return gpg_error_from_syserror ();
 
+  err = gpg_error (GPG_ERR_NOT_FOUND);
   r = res_query (name, C_IN,
                  (want_certtype < DNS_CERTTYPE_RRBASE
                   ? T_CERT
@@ -641,7 +737,7 @@ get_dns_cert (const char *name, int want_certtype,
       rc = dn_skipname (pt, emsg);
       if (rc == -1)
         {
-          err = gpg_err_make (default_errsource, GPG_ERR_INV_OBJ);
+          err = gpg_error (GPG_ERR_INV_OBJ);
           goto leave;
         }
       pt += rc + QFIXEDSZ;
@@ -659,7 +755,7 @@ get_dns_cert (const char *name, int want_certtype,
           rc = dn_skipname (pt, emsg);  /* the name we just queried for */
           if (rc == -1)
             {
-              err = gpg_err_make (default_errsource, GPG_ERR_INV_OBJ);
+              err = gpg_error (GPG_ERR_INV_OBJ);
               goto leave;
             }
 
@@ -693,8 +789,7 @@ get_dns_cert (const char *name, int want_certtype,
             {
               *r_key = xtrymalloc (dlen);
               if (!*r_key)
-                err = gpg_err_make (default_errsource,
-                                    gpg_err_code_from_syserror ());
+                err = gpg_error_from_syserror ();
               else
                 {
                   memcpy (*r_key, pt, dlen);
@@ -727,8 +822,7 @@ get_dns_cert (const char *name, int want_certtype,
                   /* PGP type */
                   *r_key = xtrymalloc (dlen);
                   if (!*r_key)
-                    err = gpg_err_make (default_errsource,
-                                        gpg_err_code_from_syserror ());
+                    err = gpg_error_from_syserror ();
                   else
                     {
                       memcpy (*r_key, pt, dlen);
@@ -747,8 +841,7 @@ get_dns_cert (const char *name, int want_certtype,
                       *r_fpr = xtrymalloc (*r_fprlen);
                       if (!*r_fpr)
                         {
-                          err = gpg_err_make (default_errsource,
-                                              gpg_err_code_from_syserror ());
+                          err = gpg_error_from_syserror ();
                           goto leave;
                         }
                       memcpy (*r_fpr, &pt[1], *r_fprlen);
@@ -761,8 +854,7 @@ get_dns_cert (const char *name, int want_certtype,
                       *r_url = xtrymalloc (dlen - (*r_fprlen + 1) + 1);
                       if (!*r_fpr)
                         {
-                          err = gpg_err_make (default_errsource,
-                                              gpg_err_code_from_syserror ());
+                          err = gpg_error_from_syserror ();
                           xfree (*r_fpr);
                           *r_fpr = NULL;
                           goto leave;
@@ -804,7 +896,7 @@ get_dns_cert (const char *name, int want_certtype,
   *r_fprlen = 0;
   *r_url = NULL;
 
-  return gpg_err_make (default_errsource, GPG_ERR_NOT_SUPPORTED);
+  return gpg_error (GPG_ERR_NOT_SUPPORTED);
 #endif
 }
 

-----------------------------------------------------------------------

Summary of changes:
 dirmngr/dns-stuff.c   | 208 +++++++++++++++++++++++++++++++++++++-------------
 dirmngr/t-dns-stuff.c |  11 ++-
 2 files changed, 159 insertions(+), 60 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Oct 28 10:24:47 2015
From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor)
Date: Wed, 28 Oct 2015 10:24:47 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-77-g1f872cb
Message-ID: <E1ZrMpF-0006rW-8n@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  1f872cb4ad2d3dcc3598fed689504c9731600caa (commit)
       via  02dc518787c5d8525c18986947a59c8ef1bd41da (commit)
      from  949a5cfdabcafab93c1ac092c0459b59318805b9 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 1f872cb4ad2d3dcc3598fed689504c9731600caa
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date:   Tue Oct 27 17:09:43 2015 -0400

    Fix typos
    
    --

diff --git a/agent/ChangeLog-2011 b/agent/ChangeLog-2011
index f56be1f..d32d69c 100644
--- a/agent/ChangeLog-2011
+++ b/agent/ChangeLog-2011
@@ -2654,7 +2654,7 @@
 	to the control struct so that they are per connection.
 	* gpg-agent.c (agent_init_default_ctrl): New.
 	(main): Assign those command line options to new default_* variables.
-	Reset DISPLAY in server mode so that tehre is no implicit default.
+	Reset DISPLAY in server mode so that there is no implicit default.
 	* command.c (start_command_handler): Initialize and deinitialize
 	the control values.
 	(option_handler): Work on the ctrl values and not on the opt.
diff --git a/common/ChangeLog-2011 b/common/ChangeLog-2011
index 7fed0a7..4b95b35 100644
--- a/common/ChangeLog-2011
+++ b/common/ChangeLog-2011
@@ -1600,7 +1600,7 @@
 	(SPWQ_NO_PIN_ENTRY): New.
 	* simple-pwquery.c (simple_pw_set_socket): New.
 	(agent_open): Use it if GPG_AGENT_INFO is not set.
-	(simple_pwquery): Extended to allow returning of otehyr error codes.
+	(simple_pwquery): Extended to allow returning of other error codes.
 
 	* util.h (GNUPG_MODULE_NAME_AGENT, GNUPG_MODULE_NAME_PINENTRY)
 	(GNUPG_MODULE_NAME_SCDAEMON, GNUPG_MODULE_NAME_DIRMNGR)
diff --git a/common/ttyio.c b/common/ttyio.c
index 0f8c780..3b409e9 100644
--- a/common/ttyio.c
+++ b/common/ttyio.c
@@ -134,7 +134,7 @@ tty_get_ttyname (void)
       got_name = 1;
     }
 #endif /*HAVE_CTERMID*/
-  /* Assume the standard tty on memory error or when tehre is no
+  /* Assume the standard tty on memory error or when there is no
      ctermid. */
   return name? name : "/dev/tty";
 }
diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
index 073cbc2..06da87e 100644
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@@ -1002,7 +1002,7 @@ as a binary blob.
 @c
 @c Here we may encounter a recursive situation:
 @c @code{validate_cert_chain} needs to look at other certificates and
- at c also at CRLs to check whether tehse other certificates and well, the
+ at c also at CRLs to check whether these other certificates and well, the
 @c CRL issuer certificate itself are not revoked.  FIXME: We need to make
 @c sure that @code{validate_cert_chain} does not try to lookup the CRL we
 @c are currently processing. This would be a catch-22 and may indicate a
diff --git a/doc/tools.texi b/doc/tools.texi
index 1dd1b35..425790e 100644
--- a/doc/tools.texi
+++ b/doc/tools.texi
@@ -1500,7 +1500,7 @@ The return value of this command is
 
 @item 0
 The certificate under question is valid; i.e. there is a valid CRL
-available and it is not listed tehre or teh OCSP request returned that
+available and it is not listed there or the OCSP request returned that
 that certificate is valid.
 
 @item 1
diff --git a/kbx/keybox-search.c b/kbx/keybox-search.c
index cb07c97..a0b778f 100644
--- a/kbx/keybox-search.c
+++ b/kbx/keybox-search.c
@@ -171,7 +171,7 @@ _keybox_get_flag_location (const unsigned char *buffer, size_t length,
 
 
 
-/* Return one of the flags WHAT in VALUE from teh blob BUFFER of
+/* Return one of the flags WHAT in VALUE from the blob BUFFER of
    LENGTH bytes.  Return 0 on success or an raw error code. */
 static gpg_err_code_t
 get_flag_from_image (const unsigned char *buffer, size_t length,

commit 02dc518787c5d8525c18986947a59c8ef1bd41da
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date:   Tue Oct 27 17:09:40 2015 -0400

    agent: Clarify agent's KEYWRAP_KEY description.
    
    --
    
    Signed-Off-By: Daniel Kahn Gillmor <dkg at fifthhorseman.net>

diff --git a/agent/command.c b/agent/command.c
index f09a2ff..509f457 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -1978,7 +1978,7 @@ static const char hlp_keywrap_key[] =
   "mechanism or not used at all if the key is a pre-shared key.  In any\n"
   "case wrapping the import and export of keys is a requirement for\n"
   "certain cryptographic validations and thus useful.  The key persists\n"
-  "a RESET command but may be cleared using the option --clear.\n"
+  "until a RESET command but may be cleared using the option --clear.\n"
   "\n"
   "Supported modes are:\n"
   "  --import  - Return a key to import a key into gpg-agent\n"

-----------------------------------------------------------------------

Summary of changes:
 agent/ChangeLog-2011  | 2 +-
 agent/command.c       | 2 +-
 common/ChangeLog-2011 | 2 +-
 common/ttyio.c        | 2 +-
 doc/dirmngr.texi      | 2 +-
 doc/tools.texi        | 2 +-
 kbx/keybox-search.c   | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Oct 28 11:45:35 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 28 Oct 2015 11:45:35 +0100
Subject: [git] KSBA - branch, master, updated. libksba-1.3.3-4-g3d968bb
Message-ID: <E1ZrO5Q-0000sr-T0@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "KSBA is a library to access X.509 certificates and CMS data.".

The branch, master has been updated
       via  3d968bbffc3a0acda890e342fbbfa5b34a26085e (commit)
       via  9df0ac3a4afa0272dbff08d17e9064f13be95814 (commit)
      from  538188812ace9594aad92a9b0f73b75e5ffc4526 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 3d968bbffc3a0acda890e342fbbfa5b34a26085e
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Oct 28 11:41:25 2015 +0100

    Add more curves to the name->OID table.
    
    * src/keyinfo.c (curve_names): Add more curves.
    --
    
    This aligns the table with the one used in libgcrypt master.  Note
    that the GOST2001-CryptoPro-{A,C} curves have two different OIDs; we
    can only support one.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/src/keyinfo.c b/src/keyinfo.c
index 3ea0cfa..265b475 100644
--- a/src/keyinfo.c
+++ b/src/keyinfo.c
@@ -230,19 +230,30 @@ static const struct
   const char *name;
 } curve_names[] =
   {
+    { "1.3.6.1.4.1.3029.1.5.1", "Curve25519" },
+    { "1.3.6.1.4.1.11591.15.1", "Ed25519"    },
+
     { "1.2.840.10045.3.1.1", "NIST P-192" },
+    { "1.2.840.10045.3.1.1", "nistp192"   },
     { "1.2.840.10045.3.1.1", "prime192v1" },
     { "1.2.840.10045.3.1.1", "secp192r1"  },
 
-    { "1.3.132.0.33",        "secp224r1" },
+    { "1.3.132.0.33",        "NIST P-224" },
+    { "1.3.132.0.33",        "nistp224"   },
+    { "1.3.132.0.33",        "secp224r1"  },
 
-    { "1.2.840.10045.3.1.7", "NIST P-256", },
+    { "1.2.840.10045.3.1.7", "NIST P-256" },
+    { "1.2.840.10045.3.1.7", "nistp256"   },
     { "1.2.840.10045.3.1.7", "prime256v1" },
     { "1.2.840.10045.3.1.7", "secp256r1"  },
 
-    { "1.3.132.0.34",        "secp384r1" },
+    { "1.3.132.0.34",        "NIST P-384" },
+    { "1.3.132.0.34",        "nistp384"   },
+    { "1.3.132.0.34",        "secp384r1"  },
 
-    { "1.3.132.0.35",        "secp521r1" },
+    { "1.3.132.0.35",        "NIST P-521" },
+    { "1.3.132.0.35",        "nistp521"   },
+    { "1.3.132.0.35",        "secp521r1"  },
 
     { "1.3.36.3.3.2.8.1.1.1" , "brainpoolP160r1" },
     { "1.3.36.3.3.2.8.1.1.3" , "brainpoolP192r1" },
@@ -252,6 +263,15 @@ static const struct
     { "1.3.36.3.3.2.8.1.1.11", "brainpoolP384r1" },
     { "1.3.36.3.3.2.8.1.1.13", "brainpoolP512r1" },
 
+
+    { "1.2.643.2.2.35.1",    "GOST2001-CryptoPro-A" },
+    { "1.2.643.2.2.35.2",    "GOST2001-CryptoPro-B" },
+    { "1.2.643.2.2.35.3",    "GOST2001-CryptoPro-C" },
+    { "1.2.643.7.1.2.1.2.1", "GOST2012-tc26-A"      },
+    { "1.2.643.7.1.2.1.2.2", "GOST2012-tc26-B"      },
+
+    { "1.3.132.0.10",        "secp256k1" },
+
     { NULL, NULL}
   };
 

commit 9df0ac3a4afa0272dbff08d17e9064f13be95814
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Oct 28 11:18:59 2015 +0100

    Fix lookup of ECC OIDs by name.
    
    * src/keyinfo.c (get_ecc_curve_oid): Fix obviously never tested table
    lookup.
    --
    
    This led to a crash see
     https://lists.gnupg.org/pipermail/gnupg-devel/2015-October/030445.html
    
    The fix is obvious but I do not have test data for this.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/src/keyinfo.c b/src/keyinfo.c
index 02dc7ae..3ea0cfa 100644
--- a/src/keyinfo.c
+++ b/src/keyinfo.c
@@ -322,10 +322,10 @@ get_ecc_curve_oid (const unsigned char *buf, size_t buflen, size_t *r_oidlen)
         if (buflen == strlen (curve_names[i].name)
             && !memcmp (buf, curve_names[i].name, buflen))
           break;
-      if (curve_names[i].oid)
+      if (!curve_names[i].oid)
         return NULL; /* Not found.  */
-      buf = curve_names[i].name;
-      buflen = strlen (curve_names[i].name);
+      buf = curve_names[i].oid;
+      buflen = strlen (curve_names[i].oid);
     }
 
   if (_ksba_oid_from_buf (buf, buflen, &der_oid, r_oidlen))

-----------------------------------------------------------------------

Summary of changes:
 src/keyinfo.c | 34 +++++++++++++++++++++++++++-------
 1 file changed, 27 insertions(+), 7 deletions(-)


hooks/post-receive
-- 
KSBA is a library to access X.509 certificates and CMS data.
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Oct 28 12:00:52 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 28 Oct 2015 12:00:52 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-78-gfa15a71
Message-ID: <E1ZrOKE-0001Da-OW@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  fa15a71daff8414bf4112bc2826dc495ff2fb01f (commit)
      from  1f872cb4ad2d3dcc3598fed689504c9731600caa (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit fa15a71daff8414bf4112bc2826dc495ff2fb01f
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Oct 28 11:57:00 2015 +0100

    dirmngr: Fix NULL-deref while loading a CRL.
    
    * dirmngr/crlcache.c (crl_parse_insert): Set error before leaping to
    failure.
    --
    
    GnuPG-bug-id: 2082
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/dirmngr/crlcache.c b/dirmngr/crlcache.c
index 64836e2..d205999 100644
--- a/dirmngr/crlcache.c
+++ b/dirmngr/crlcache.c
@@ -1702,7 +1702,8 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl,
         {
         case KSBA_SR_BEGIN_ITEMS:
           {
-            if (start_sig_check (crl, &md, &algo ))
+            err = start_sig_check (crl, &md, &algo);
+            if (err)
               goto failure;
 
             err = ksba_crl_get_update_times (crl, thisupdate, nextupdate);

-----------------------------------------------------------------------

Summary of changes:
 dirmngr/crlcache.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Oct 28 12:15:50 2015
From: cvs at cvs.gnupg.org (by Damien Goutte-Gattat)
Date: Wed, 28 Oct 2015 12:15:50 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-79-ge095a3f
Message-ID: <E1ZrOYi-0001ov-Kj@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  e095a3fcf2ccc6cc4e258111dc395558069a1164 (commit)
      from  fa15a71daff8414bf4112bc2826dc495ff2fb01f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e095a3fcf2ccc6cc4e258111dc395558069a1164
Author: Damien Goutte-Gattat <dgouttegattat at incenp.org>
Date:   Wed Oct 28 08:09:49 2015 +0100

    doc: Document some changed default options.
    
    * doc/gpg.texi: Update the description of some options which are
      now enabled by default.
    
    Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>

diff --git a/doc/gpg.texi b/doc/gpg.texi
index ffd7a97..6e62917 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1099,7 +1099,7 @@ give the opposite meaning.  The options are:
   @item show-uid-validity
   @opindex list-options:show-uid-validity
   Display the calculated validity of user IDs during key listings.
-  Defaults to no.
+  Defaults to yes.
 
   @item show-unusable-uids
   @opindex list-options:show-unusable-uids
@@ -1144,7 +1144,7 @@ the opposite meaning. The options are:
 
   @item show-policy-urls
   @opindex verify-options:show-policy-urls
-  Show policy URLs in the signature being verified. Defaults to no.
+  Show policy URLs in the signature being verified. Defaults to yes.
 
   @item show-notations
   @itemx show-std-notations
@@ -1158,12 +1158,12 @@ the opposite meaning. The options are:
   @item show-keyserver-urls
   @opindex verify-options:show-keyserver-urls
   Show any preferred keyserver URL in the signature being verified.
-  Defaults to no.
+  Defaults to yes.
 
   @item show-uid-validity
   @opindex verify-options:show-uid-validity
   Display the calculated validity of the user IDs on the key that issued
-  the signature. Defaults to no.
+  the signature. Defaults to yes.
 
   @item show-unusable-uids
   @opindex verify-options:show-unusable-uids

-----------------------------------------------------------------------

Summary of changes:
 doc/gpg.texi | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Oct 28 16:34:17 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 28 Oct 2015 16:34:17 +0100
Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-7-gbb2d11c
Message-ID: <E1ZrSao-0000zS-8x@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".

The branch, master has been updated
       via  bb2d11c1eebd4bcfb0f2cfce728026a7420dca47 (commit)
       via  a82e9b182f62966207cad0972be6fa284329a5a1 (commit)
       via  bb600aa8fd2f9575ee7afc64c978e3e7523b1173 (commit)
      from  0d9d0a6b5b0c6f474a079bbaef11078c5df5f3b5 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit bb2d11c1eebd4bcfb0f2cfce728026a7420dca47
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Oct 28 16:27:49 2015 +0100

    w32: Add extra diagnostic about possible missing gpgme-w32spawn.exe.
    
    * src/w32-io.c (_gpgme_io_spawn): Add a new diagnostic.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/src/w32-io.c b/src/w32-io.c
index 42961e3..a6d5238 100644
--- a/src/w32-io.c
+++ b/src/w32-io.c
@@ -1550,6 +1550,7 @@ _gpgme_io_spawn (const char *path, char *const argv[], unsigned int flags,
   int debug_me = 0;
   int tmp_fd;
   char *tmp_name;
+  const char *spawnhelper;
 
   TRACE_BEG1 (DEBUG_SYSIO, "_gpgme_io_spawn", path,
 	      "path=%s", path);
@@ -1603,7 +1604,8 @@ _gpgme_io_spawn (const char *path, char *const argv[], unsigned int flags,
   if ((flags & IOSPAWN_FLAG_DETACHED))
     cr_flags |= DETACHED_PROCESS;
   cr_flags |= GetPriorityClass (GetCurrentProcess ());
-  if (!CreateProcessA (_gpgme_get_w32spawn_path (),
+  spawnhelper = _gpgme_get_w32spawn_path ();
+  if (!CreateProcessA (spawnhelper,
 		       arg_string,
 		       &sec_attr,     /* process security attributes */
 		       &sec_attr,     /* thread security attributes */
@@ -1614,7 +1616,10 @@ _gpgme_io_spawn (const char *path, char *const argv[], unsigned int flags,
 		       &si,           /* startup information */
 		       &pi))          /* returns process information */
     {
-      TRACE_LOG1 ("CreateProcess failed: ec=%d", (int) GetLastError ());
+      int lasterr = (int)GetLastError ();
+      TRACE_LOG1 ("CreateProcess failed: ec=%d", lasterr);
+      if (lasterr == ERROR_INVALID_PARAMETER)
+        TRACE_LOG1 ("(is '%s' correctly installed?)", spawnhelper);
       free (arg_string);
       close (tmp_fd);
       DeleteFileA (tmp_name);

commit a82e9b182f62966207cad0972be6fa284329a5a1
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Oct 28 16:26:03 2015 +0100

    w32: Improve locating gpgconf on 64 bit systems.
    
    * src/w32-util.c (find_program_at_standard_place): Fallback to
    CSIDL_PROGRAM_FILESX86.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/src/w32-util.c b/src/w32-util.c
index f611b6c..3600b28 100644
--- a/src/w32-util.c
+++ b/src/w32-util.c
@@ -409,8 +409,13 @@ find_program_at_standard_place (const char *name)
   char path[MAX_PATH];
   char *result = NULL;
 
-  /* See http://wiki.tcl.tk/17492 for details on compatibility.  */
-  if (SHGetSpecialFolderPathA (NULL, path, CSIDL_PROGRAM_FILES, 0))
+  /* See http://wiki.tcl.tk/17492 for details on compatibility.
+
+     We First try the generic place and then fallback to the x86
+     (i.e. 32 bit) place.  This will prefer a 64 bit of the program
+     over a 32 bit version on 64 bit Windows if installed.  */
+  if (SHGetSpecialFolderPathA (NULL, path, CSIDL_PROGRAM_FILES, 0)
+      || SHGetSpecialFolderPathA (NULL, path, CSIDL_PROGRAM_FILESX86, 0))
     {
       result = malloc (strlen (path) + 1 + strlen (name) + 1);
       if (result)

commit bb600aa8fd2f9575ee7afc64c978e3e7523b1173
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Oct 28 16:24:30 2015 +0100

    w32: Add new global flag "w32-inst-dir".
    
    * src/gpgme.c (gpgme_set_global_flag): Add flag "w32-inst-dir";
    * src/posix-util.c (_gpgme_set_override_inst_dir): New stub.
    * src/w32-util.c (override_inst_dir): New var.
    (_gpgme_get_inst_dir): Return this var is set.
    (_gpgme_set_override_inst_dir): New.
    --
    
    See
    https://lists.gnupg.org/pipermail/gnupg-devel/2015-September/030267.html
    for background.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/doc/gpgme.texi b/doc/gpgme.texi
index a764ce4..1c680b5 100644
--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@@ -701,6 +701,16 @@ directory part is used as the default installation directory; the
 @code{.exe} suffix is added by GPGME.  Use forward slashed even under
 Windows.
 
+ at item "w32-inst-dir"
+On Windows GPGME needs to know its installation directory to find its
+spawn helper.  This is in general no problem because a DLL has this
+information.  Some applications however link statically to GPGME and
+thus GPGME can only figure out the installation directory of this
+application which may be wrong in certain cases.  By supplying an
+installation directory as value to this flag, GPGME will assume that
+that directory is the installation directory.  This flag has no effect
+on non-Windows platforms.
+
 @end table
 
 This function returns @code{0} on success.  In contrast to other
diff --git a/src/gpgme.c b/src/gpgme.c
index 3c4e8e9..0b42ea1 100644
--- a/src/gpgme.c
+++ b/src/gpgme.c
@@ -75,6 +75,8 @@ gpgme_set_global_flag (const char *name, const char *value)
     return _gpgme_set_default_gpgconf_name (value);
   else if (!strcmp (name, "gpg-name"))
     return _gpgme_set_default_gpg_name (value);
+  else if (!strcmp (name, "w32-inst-dir"))
+    return _gpgme_set_override_inst_dir (value);
   else
     return -1;
 }
diff --git a/src/posix-util.c b/src/posix-util.c
index f7e0a17..0fce5c2 100644
--- a/src/posix-util.c
+++ b/src/posix-util.c
@@ -71,6 +71,15 @@ _gpgme_set_default_gpgconf_name (const char *name)
 }
 
 
+/* Dummy function - see w32-util.c for the actual code.  */
+int
+_gpgme_set_override_inst_dir (const char *dir)
+{
+  (void)dir;
+  return 0;
+}
+
+
 /* Find an executable program PGM along the envvar PATH.  */
 static char *
 walk_path (const char *pgm)
diff --git a/src/sys-util.h b/src/sys-util.h
index 589634b..541c557 100644
--- a/src/sys-util.h
+++ b/src/sys-util.h
@@ -23,6 +23,7 @@
 /*-- {posix,w32}-util.c --*/
 int _gpgme_set_default_gpg_name (const char *name);
 int _gpgme_set_default_gpgconf_name (const char *name);
+int _gpgme_set_override_inst_dir (const char *dir);
 
 char *_gpgme_get_gpg_path (void);
 char *_gpgme_get_gpgconf_path (void);
diff --git a/src/w32-util.c b/src/w32-util.c
index 9aba26f..f611b6c 100644
--- a/src/w32-util.c
+++ b/src/w32-util.c
@@ -85,7 +85,10 @@ static HMODULE my_hmodule;
    binaries.  The are set only once by gpgme_set_global_flag.  */
 static char *default_gpg_name;
 static char *default_gpgconf_name;
-
+/* If this variable is not NULL the value is assumed to be the
+   installation directory.  The variable may only be set once by
+   gpgme_set_global_flag and accessed by _gpgme_get_inst_dir.  */
+static char *override_inst_dir;
 
 #ifdef HAVE_ALLOW_SET_FOREGROUND_WINDOW
 
@@ -347,6 +350,9 @@ _gpgme_get_inst_dir (void)
 {
   static char *inst_dir;
 
+  if (override_inst_dir)
+    return override_inst_dir;
+
   LOCK (get_path_lock);
   if (!inst_dir)
     {
@@ -456,6 +462,28 @@ _gpgme_set_default_gpgconf_name (const char *name)
 }
 
 
+/* Set the override installation directory.  This function may only be
+   called by gpgme_set_global_flag.  Returns 0 on success.  */
+int
+_gpgme_set_override_inst_dir (const char *dir)
+{
+  if (!override_inst_dir)
+    {
+      override_inst_dir = malloc (strlen (dir) + 1);
+      if (override_inst_dir)
+        {
+          strcpy (override_inst_dir, dir);
+          replace_slashes (override_inst_dir);
+          /* Remove a trailing slash.  */
+          if (*override_inst_dir
+              && override_inst_dir[strlen (override_inst_dir)-1] == '\\')
+            override_inst_dir[strlen (override_inst_dir)-1] = 0;
+        }
+    }
+  return !override_inst_dir;
+}
+
+
 /* Return the full file name of the GPG binary.  This function is used
    iff gpgconf was not found and thus it can be assumed that gpg2 is
    not installed.  This function is only called by get_gpgconf_item

-----------------------------------------------------------------------

Summary of changes:
 doc/gpgme.texi   | 10 ++++++++++
 src/gpgme.c      |  2 ++
 src/posix-util.c |  9 +++++++++
 src/sys-util.h   |  1 +
 src/w32-io.c     |  9 +++++++--
 src/w32-util.c   | 39 ++++++++++++++++++++++++++++++++++++---
 6 files changed, 65 insertions(+), 5 deletions(-)


hooks/post-receive
-- 
GnuPG Made Easy
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Oct 28 19:01:54 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 28 Oct 2015 19:01:54 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-80-g8b6c83d
Message-ID: <E1ZrUtf-0005Pv-O9@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  8b6c83dcb086ef09b2676e4d5b0111c88b7b8bf8 (commit)
      from  e095a3fcf2ccc6cc4e258111dc395558069a1164 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 8b6c83dcb086ef09b2676e4d5b0111c88b7b8bf8
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Oct 28 18:57:53 2015 +0100

    sm: Allow combination of usage flags --gen-key.
    
    * sm/certreqgen.c (create_request): Re-implement building of the
    key-usage extension.
    --
    
    GnuPG-bug-id: 2029
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/sm/certreqgen.c b/sm/certreqgen.c
index 0774591..2c6550c 100644
--- a/sm/certreqgen.c
+++ b/sm/certreqgen.c
@@ -917,38 +917,53 @@ create_request (ctrl_t ctrl,
 
   /* Set key usage flags.  */
   use = get_parameter_uint (para, pKEYUSAGE);
-  if (use == GCRY_PK_USAGE_SIGN)
+  if (use)
     {
-      /* For signing only we encode the bits:
-         KSBA_KEYUSAGE_DIGITAL_SIGNATURE
-         KSBA_KEYUSAGE_NON_REPUDIATION */
-      err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1,
-                                        "\x03\x02\x06\xC0", 4);
-    }
-  else if (use == GCRY_PK_USAGE_ENCR)
-    {
-      /* For encrypt only we encode the bits:
-         KSBA_KEYUSAGE_KEY_ENCIPHERMENT
-         KSBA_KEYUSAGE_DATA_ENCIPHERMENT */
-      err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1,
-                                        "\x03\x02\x04\x30", 4);
-    }
-  else if (use == GCRY_PK_USAGE_CERT)
-    {
-      /* For certify only we encode the bits:
-         KSBA_KEYUSAGE_KEY_CERT_SIGN
-         KSBA_KEYUSAGE_CRL_SIGN */
-      err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1,
-                                        "\x03\x02\x01\x06", 4);
-    }
-  else
-    err = 0; /* Both or none given: don't request one. */
-  if (err)
-    {
-      log_error ("error setting the key usage: %s\n",
-                 gpg_strerror (err));
-      rc = err;
-      goto leave;
+      unsigned int mask, pos;
+      unsigned char der[4];
+
+      der[0] = 0x03;
+      der[1] = 0x02;
+      der[2] = 0;
+      der[3] = 0;
+      if ((use & GCRY_PK_USAGE_SIGN))
+        {
+          /* For signing only we encode the bits:
+             KSBA_KEYUSAGE_DIGITAL_SIGNATURE
+             KSBA_KEYUSAGE_NON_REPUDIATION  = 0b11 -> 0b11000000 */
+          der[3] |= 0xc0;
+        }
+      if ((use & GCRY_PK_USAGE_ENCR))
+        {
+          /* For encrypt only we encode the bits:
+             KSBA_KEYUSAGE_KEY_ENCIPHERMENT
+             KSBA_KEYUSAGE_DATA_ENCIPHERMENT = 0b1100 -> 0b00110000 */
+          der[3] |= 0x30;
+        }
+      if ((use & GCRY_PK_USAGE_CERT))
+        {
+          /* For certify only we encode the bits:
+             KSBA_KEYUSAGE_KEY_CERT_SIGN
+             KSBA_KEYUSAGE_CRL_SIGN      = 0b1100000 -> 0b00000110 */
+          der[3] |= 0x06;
+        }
+
+      /* Count number of unused bits.  */
+      for (mask=1, pos=0; pos < 8 * sizeof mask; pos++, mask <<= 1)
+        {
+          if ((der[3] & mask))
+            break;
+          der[2]++;
+        }
+
+      err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1, der, 4);
+      if (err)
+        {
+          log_error ("error setting the key usage: %s\n",
+                     gpg_strerror (err));
+          rc = err;
+          goto leave;
+        }
     }
 
 

-----------------------------------------------------------------------

Summary of changes:
 sm/certreqgen.c | 77 ++++++++++++++++++++++++++++++++++-----------------------
 1 file changed, 46 insertions(+), 31 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Oct 28 19:11:30 2015
From: cvs at cvs.gnupg.org (by Jussi Kivilinna)
Date: Wed, 28 Oct 2015 19:11:30 +0100
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-271-g74184c2
Message-ID: <E1ZrV2x-0005hS-IY@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  74184c28fbe7ff58cf57f0094ef957d94045da7d (commit)
       via  909644ef5883927262366c356eed530e55aba478 (commit)
       via  16fd540f4d01eb6dc23d9509ae549353617c7a67 (commit)
       via  ae40af427fd2a856b24ec2a41323ec8b80ffc9c0 (commit)
      from  f7505b550dd591e33d3a3fab9277c43c460f1bad (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 74184c28fbe7ff58cf57f0094ef957d94045da7d
Author: Jussi Kivilinna <jussi.kivilinna at iki.fi>
Date:   Fri Oct 23 22:30:48 2015 +0300

    keccak: rewrite for improved performance
    
    * cipher/Makefile.am: Add 'keccak_permute_32.h' and
    'keccak_permute_64.h'.
    * cipher/hash-common.h [USE_SHA3] (MD_BLOCK_MAX_BLOCKSIZE): Remove.
    * cipher/keccak.c (USE_64BIT, USE_32BIT, USE_64BIT_BMI2)
    (USE_64BIT_SHLD, USE_32BIT_BMI2, NEED_COMMON64, NEED_COMMON32BI)
    (keccak_ops_t): New.
    (KECCAK_STATE): Add 'state64' and 'state32bi' members.
    (KECCAK_CONTEXT): Remove 'bctx'; add 'blocksize', 'count' and 'ops'.
    (rol64, keccak_f1600_state_permute): Remove.
    [NEED_COMMON64] (round_consts_64bit, keccak_extract_inplace64): New.
    [NEED_COMMON32BI] (round_consts_32bit, keccak_extract_inplace32bi)
    (keccak_absorb_lane32bi): New.
    [USE_64BIT] (ANDN64, ROL64, keccak_f1600_state_permute64)
    (keccak_absorb_lanes64, keccak_generic64_ops): New.
    [USE_64BIT_SHLD] (ANDN64, ROL64, keccak_f1600_state_permute64_shld)
    (keccak_absorb_lanes64_shld, keccak_shld_64_ops): New.
    [USE_64BIT_BMI2] (ANDN64, ROL64, keccak_f1600_state_permute64_bmi2)
    (keccak_absorb_lanes64_bmi2, keccak_bmi2_64_ops): New.
    [USE_32BIT] (ANDN64, ROL64, keccak_f1600_state_permute32bi)
    (keccak_absorb_lanes32bi, keccak_generic32bi_ops): New.
    [USE_32BIT_BMI2] (ANDN64, ROL64, keccak_f1600_state_permute32bi_bmi2)
    (pext, pdep, keccak_absorb_lane32bi_bmi2, keccak_absorb_lanes32bi_bmi2)
    (keccak_extract_inplace32bi_bmi2, keccak_bmi2_32bi_ops): New.
    (keccak_write): New.
    (keccak_init): Adjust to KECCAK_CONTEXT changes; add implementation
    selection based on HWF features.
    (keccak_final): Adjust to KECCAK_CONTEXT changes; use selected 'ops'
    for state manipulation.
    (keccak_read): Adjust to KECCAK_CONTEXT changes.
    (_gcry_digest_spec_sha3_224, _gcry_digest_spec_sha3_256)
    (_gcry_digest_spec_sha3_348, _gcry_digest_spec_sha3_512): Use
    'keccak_write' instead of '_gcry_md_block_write'.
    * cipher/keccak_permute_32.h: New.
    * cipher/keccak_permute_64.h: New.
    --
    
    Patch adds new generic 64-bit and 32-bit implementations and
    optimized implementations for SHA3:
     - Generic 64-bit implementation based on 'simple' implementation
       from SUPERCOP package.
     - Generic 32-bit bit-inteleaved implementataion based on
       'simple32bi' implementation from SUPERCOP package.
     - Intel BMI2 optimized variants of 64-bit and 32-bit BI
       implementations.
     - Intel SHLD optimized variant of 64-bit implementation.
    
    Patch also makes proper use of sponge construction to avoid
    use of addition input buffer.
    
    Below are bench-slope benchmarks for new 64-bit implementations
    made on Intel Core i5-4570 (no turbo, 3.2 Ghz, gcc-4.9.2).
    
    Before (amd64):
    
     SHA3-224       |      3.92 ns/B     243.2 MiB/s     12.55 c/B
     SHA3-256       |      4.15 ns/B     230.0 MiB/s     13.27 c/B
     SHA3-384       |      5.40 ns/B     176.6 MiB/s     17.29 c/B
     SHA3-512       |      7.77 ns/B     122.7 MiB/s     24.87 c/B
    
    After (generic 64-bit, amd64), 1.10x faster):
    
     SHA3-224       |      3.57 ns/B     267.4 MiB/s     11.42 c/B
     SHA3-256       |      3.77 ns/B     252.8 MiB/s     12.07 c/B
     SHA3-384       |      4.91 ns/B     194.1 MiB/s     15.72 c/B
     SHA3-512       |      7.06 ns/B     135.0 MiB/s     22.61 c/B
    
    After (Intel SHLD 64-bit, amd64, 1.13x faster):
    
     SHA3-224       |      3.48 ns/B     273.7 MiB/s     11.15 c/B
     SHA3-256       |      3.68 ns/B     258.9 MiB/s     11.79 c/B
     SHA3-384       |      4.80 ns/B     198.7 MiB/s     15.36 c/B
     SHA3-512       |      6.89 ns/B     138.4 MiB/s     22.05 c/B
    
    After (Intel BMI2 64-bit, amd64, 1.45x faster):
    
     SHA3-224       |      2.71 ns/B     352.1 MiB/s      8.67 c/B
     SHA3-256       |      2.86 ns/B     333.2 MiB/s      9.16 c/B
     SHA3-384       |      3.72 ns/B     256.2 MiB/s     11.91 c/B
     SHA3-512       |      5.34 ns/B     178.5 MiB/s     17.10 c/B
    
    Benchmarks of new 32-bit implementations on Intel Core i5-4570
    (no turbo, 3.2 Ghz, gcc-4.9.2):
    
    Before (win32):
    
     SHA3-224       |     12.05 ns/B     79.16 MiB/s     38.56 c/B
     SHA3-256       |     12.75 ns/B     74.78 MiB/s     40.82 c/B
     SHA3-384       |     16.63 ns/B     57.36 MiB/s     53.22 c/B
     SHA3-512       |     23.97 ns/B     39.79 MiB/s     76.72 c/B
    
    After (generic 32-bit BI, win32, 1.23x to 1.29x faster):
    
     SHA3-224       |      9.76 ns/B     97.69 MiB/s     31.25 c/B
     SHA3-256       |     10.27 ns/B     92.82 MiB/s     32.89 c/B
     SHA3-384       |     13.22 ns/B     72.16 MiB/s     42.31 c/B
     SHA3-512       |     18.65 ns/B     51.13 MiB/s     59.70 c/B
    
    After (Intel BMI2 32-bit BI, win32, 1.66x to 1.70x faster):
    
     SHA3-224       |      7.26 ns/B     131.4 MiB/s     23.23 c/B
     SHA3-256       |      7.65 ns/B     124.7 MiB/s     24.47 c/B
     SHA3-384       |      9.87 ns/B     96.67 MiB/s     31.58 c/B
     SHA3-512       |     14.05 ns/B     67.85 MiB/s     44.99 c/B
    
    Benchmarks of new 32-bit implementation on ARM Cortex-A8
    (1008 Mhz, gcc-4.9.1):
    
    Before:
    
     SHA3-224       |     148.6 ns/B      6.42 MiB/s     149.8 c/B
     SHA3-256       |     157.2 ns/B      6.07 MiB/s     158.4 c/B
     SHA3-384       |     205.3 ns/B      4.65 MiB/s     206.9 c/B
     SHA3-512       |     296.3 ns/B      3.22 MiB/s     298.6 c/B
    
    After (1.56x faster):
    
     SHA3-224       |     96.12 ns/B      9.92 MiB/s     96.89 c/B
     SHA3-256       |     101.5 ns/B      9.40 MiB/s     102.3 c/B
     SHA3-384       |     131.4 ns/B      7.26 MiB/s     132.5 c/B
     SHA3-512       |     188.2 ns/B      5.07 MiB/s     189.7 c/B
    
    Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>

diff --git a/cipher/Makefile.am b/cipher/Makefile.am
index b08c9a9..be03d06 100644
--- a/cipher/Makefile.am
+++ b/cipher/Makefile.am
@@ -90,7 +90,7 @@ sha1.c sha1-ssse3-amd64.S sha1-avx-amd64.S sha1-avx-bmi2-amd64.S \
 sha256.c sha256-ssse3-amd64.S sha256-avx-amd64.S sha256-avx2-bmi2-amd64.S \
 sha512.c sha512-ssse3-amd64.S sha512-avx-amd64.S sha512-avx2-bmi2-amd64.S \
   sha512-armv7-neon.S \
-keccak.c \
+keccak.c keccak_permute_32.h keccak_permute_64.h \
 stribog.c \
 tiger.c \
 whirlpool.c whirlpool-sse2-amd64.S \
diff --git a/cipher/hash-common.h b/cipher/hash-common.h
index e1ae5a2..27d670d 100644
--- a/cipher/hash-common.h
+++ b/cipher/hash-common.h
@@ -33,15 +33,9 @@ typedef unsigned int (*_gcry_md_block_write_t) (void *c,
 						const unsigned char *blks,
 						size_t nblks);
 
-#if defined(HAVE_U64_TYPEDEF) && (defined(USE_SHA512) || defined(USE_SHA3) || \
-				  defined(USE_WHIRLPOOL))
-/* SHA-512, SHA-3 and Whirlpool needs u64. SHA-512 and SHA3 need larger
- * buffer. */
-# ifdef USE_SHA3
-#  define MD_BLOCK_MAX_BLOCKSIZE (1152 / 8)
-# else
-#  define MD_BLOCK_MAX_BLOCKSIZE 128
-# endif
+#if defined(HAVE_U64_TYPEDEF) && (defined(USE_SHA512) || defined(USE_WHIRLPOOL))
+/* SHA-512 and Whirlpool needs u64. SHA-512 needs larger buffer. */
+# define MD_BLOCK_MAX_BLOCKSIZE 128
 # define MD_NBLOCKS_TYPE u64
 #else
 # define MD_BLOCK_MAX_BLOCKSIZE 64
diff --git a/cipher/keccak.c b/cipher/keccak.c
index 4a9c1f2..3a72294 100644
--- a/cipher/keccak.c
+++ b/cipher/keccak.c
@@ -27,11 +27,45 @@
 #include "hash-common.h"
 
 
-/* The code is based on public-domain/CC0 "Keccak-readable-and-compact.c"
- * implementation by the Keccak, Keyak and Ketje Teams, namely, Guido Bertoni,
- * Joan Daemen, Micha?l Peeters, Gilles Van Assche and Ronny Van Keer. From:
- *   https://github.com/gvanas/KeccakCodePackage
- */
+
+/* USE_64BIT indicates whether to use 64-bit generic implementation.
+ * USE_32BIT indicates whether to use 32-bit generic implementation. */
+#undef USE_64BIT
+#if defined(__x86_64__) || SIZEOF_UNSIGNED_LONG == 8
+# define USE_64BIT 1
+#else
+# define USE_32BIT 1
+#endif
+
+
+/* USE_64BIT_BMI2 indicates whether to compile with 64-bit Intel BMI2 code. */
+#undef USE_64BIT_BMI2
+#if defined(USE_64BIT) && defined(HAVE_GCC_INLINE_ASM_BMI2)
+# define USE_64BIT_BMI2 1
+#endif
+
+
+/* USE_64BIT_SHLD indicates whether to compile with 64-bit Intel SHLD code. */
+#undef USE_64BIT_SHLD
+#if defined(USE_64BIT) && defined (__GNUC__) && defined(__x86_64__)
+# define USE_64BIT_SHLD 1
+#endif
+
+
+/* USE_32BIT_BMI2 indicates whether to compile with 32-bit Intel BMI2 code. */
+#undef USE_32BIT_BMI2
+#if defined(USE_32BIT) && defined(HAVE_GCC_INLINE_ASM_BMI2)
+# define USE_32BIT_BMI2 1
+#endif
+
+
+#ifdef USE_64BIT
+# define NEED_COMMON64 1
+#endif
+
+#ifdef USE_32BIT
+# define NEED_COMMON32BI 1
+#endif
 
 
 #define SHA3_DELIMITED_SUFFIX 0x06
@@ -40,220 +74,528 @@
 
 typedef struct
 {
-  u64 state[5][5];
+  union {
+#ifdef NEED_COMMON64
+    u64 state64[25];
+#endif
+#ifdef NEED_COMMON32BI
+    u32 state32bi[50];
+#endif
+  } u;
 } KECCAK_STATE;
 
 
 typedef struct
 {
-  gcry_md_block_ctx_t bctx;
+  unsigned int (*permute)(KECCAK_STATE *hd);
+  unsigned int (*absorb)(KECCAK_STATE *hd, int pos, const byte *lanes,
+			 unsigned int nlanes, int blocklanes);
+  unsigned int (*extract_inplace) (KECCAK_STATE *hd, unsigned int outlen);
+} keccak_ops_t;
+
+
+typedef struct KECCAK_CONTEXT_S
+{
   KECCAK_STATE state;
   unsigned int outlen;
+  unsigned int blocksize;
+  unsigned int count;
+  const keccak_ops_t *ops;
 } KECCAK_CONTEXT;
 
 
-static inline u64
-rol64 (u64 x, unsigned int n)
+
+#ifdef NEED_COMMON64
+
+static const u64 round_consts_64bit[24] =
 {
-  return ((x << n) | (x >> (64 - n)));
-}
+  U64_C(0x0000000000000001), U64_C(0x0000000000008082),
+  U64_C(0x800000000000808A), U64_C(0x8000000080008000),
+  U64_C(0x000000000000808B), U64_C(0x0000000080000001),
+  U64_C(0x8000000080008081), U64_C(0x8000000000008009),
+  U64_C(0x000000000000008A), U64_C(0x0000000000000088),
+  U64_C(0x0000000080008009), U64_C(0x000000008000000A),
+  U64_C(0x000000008000808B), U64_C(0x800000000000008B),
+  U64_C(0x8000000000008089), U64_C(0x8000000000008003),
+  U64_C(0x8000000000008002), U64_C(0x8000000000000080),
+  U64_C(0x000000000000800A), U64_C(0x800000008000000A),
+  U64_C(0x8000000080008081), U64_C(0x8000000000008080),
+  U64_C(0x0000000080000001), U64_C(0x8000000080008008)
+};
 
-/* Function that computes the Keccak-f[1600] permutation on the given state. */
-static unsigned int keccak_f1600_state_permute(KECCAK_STATE *hd)
+static unsigned int
+keccak_extract_inplace64(KECCAK_STATE *hd, unsigned int outlen)
 {
-  static const u64 round_consts[24] =
-  {
-    U64_C(0x0000000000000001), U64_C(0x0000000000008082),
-    U64_C(0x800000000000808A), U64_C(0x8000000080008000),
-    U64_C(0x000000000000808B), U64_C(0x0000000080000001),
-    U64_C(0x8000000080008081), U64_C(0x8000000000008009),
-    U64_C(0x000000000000008A), U64_C(0x0000000000000088),
-    U64_C(0x0000000080008009), U64_C(0x000000008000000A),
-    U64_C(0x000000008000808B), U64_C(0x800000000000008B),
-    U64_C(0x8000000000008089), U64_C(0x8000000000008003),
-    U64_C(0x8000000000008002), U64_C(0x8000000000000080),
-    U64_C(0x000000000000800A), U64_C(0x800000008000000A),
-    U64_C(0x8000000080008081), U64_C(0x8000000000008080),
-    U64_C(0x0000000080000001), U64_C(0x8000000080008008)
-  };
-  unsigned int round;
+  unsigned int i;
 
-  for (round = 0; round < 24; round++)
+  for (i = 0; i < outlen / 8 + !!(outlen % 8); i++)
     {
-      {
-	/* ? step (see [Keccak Reference, Section 2.3.2]) === */
-	u64 C[5], D[5];
-
-	/* Compute the parity of the columns */
-	C[0] = hd->state[0][0] ^ hd->state[1][0] ^ hd->state[2][0]
-	      ^ hd->state[3][0] ^ hd->state[4][0];
-	C[1] = hd->state[0][1] ^ hd->state[1][1] ^ hd->state[2][1]
-	      ^ hd->state[3][1] ^ hd->state[4][1];
-	C[2] = hd->state[0][2] ^ hd->state[1][2] ^ hd->state[2][2]
-	      ^ hd->state[3][2] ^ hd->state[4][2];
-	C[3] = hd->state[0][3] ^ hd->state[1][3] ^ hd->state[2][3]
-	      ^ hd->state[3][3] ^ hd->state[4][3];
-	C[4] = hd->state[0][4] ^ hd->state[1][4] ^ hd->state[2][4]
-	      ^ hd->state[3][4] ^ hd->state[4][4];
-
-	/* Compute the ? effect for a given column */
-	D[0] = C[4] ^ rol64(C[1], 1);
-	D[1] = C[0] ^ rol64(C[2], 1);
-	D[2] = C[1] ^ rol64(C[3], 1);
-	D[3] = C[2] ^ rol64(C[4], 1);
-	D[4] = C[3] ^ rol64(C[0], 1);
-
-	/* Add the ? effect to the whole column */
-	hd->state[0][0] ^= D[0];
-	hd->state[1][0] ^= D[0];
-	hd->state[2][0] ^= D[0];
-	hd->state[3][0] ^= D[0];
-	hd->state[4][0] ^= D[0];
-
-	/* Add the ? effect to the whole column */
-	hd->state[0][1] ^= D[1];
-	hd->state[1][1] ^= D[1];
-	hd->state[2][1] ^= D[1];
-	hd->state[3][1] ^= D[1];
-	hd->state[4][1] ^= D[1];
-
-	/* Add the ? effect to the whole column */
-	hd->state[0][2] ^= D[2];
-	hd->state[1][2] ^= D[2];
-	hd->state[2][2] ^= D[2];
-	hd->state[3][2] ^= D[2];
-	hd->state[4][2] ^= D[2];
-
-	/* Add the ? effect to the whole column */
-	hd->state[0][3] ^= D[3];
-	hd->state[1][3] ^= D[3];
-	hd->state[2][3] ^= D[3];
-	hd->state[3][3] ^= D[3];
-	hd->state[4][3] ^= D[3];
-
-	/* Add the ? effect to the whole column */
-	hd->state[0][4] ^= D[4];
-	hd->state[1][4] ^= D[4];
-	hd->state[2][4] ^= D[4];
-	hd->state[3][4] ^= D[4];
-	hd->state[4][4] ^= D[4];
-      }
-
-      {
-	/* ? and ? steps (see [Keccak Reference, Sections 2.3.3 and 2.3.4]) */
-	u64 current, temp;
-
-#define do_swap_n_rol(x, y, r) \
-  temp = hd->state[y][x]; \
-  hd->state[y][x] = rol64(current, r); \
-  current = temp;
-
-	/* Start at coordinates (1 0) */
-	current = hd->state[0][1];
-
-	/* Iterate over ((0 1)(2 3))^t * (1 0) for 0 ? t ? 23 */
-	do_swap_n_rol(0, 2, 1);
-	do_swap_n_rol(2, 1, 3);
-	do_swap_n_rol(1, 2, 6);
-	do_swap_n_rol(2, 3, 10);
-	do_swap_n_rol(3, 3, 15);
-	do_swap_n_rol(3, 0, 21);
-	do_swap_n_rol(0, 1, 28);
-	do_swap_n_rol(1, 3, 36);
-	do_swap_n_rol(3, 1, 45);
-	do_swap_n_rol(1, 4, 55);
-	do_swap_n_rol(4, 4, 2);
-	do_swap_n_rol(4, 0, 14);
-	do_swap_n_rol(0, 3, 27);
-	do_swap_n_rol(3, 4, 41);
-	do_swap_n_rol(4, 3, 56);
-	do_swap_n_rol(3, 2, 8);
-	do_swap_n_rol(2, 2, 25);
-	do_swap_n_rol(2, 0, 43);
-	do_swap_n_rol(0, 4, 62);
-	do_swap_n_rol(4, 2, 18);
-	do_swap_n_rol(2, 4, 39);
-	do_swap_n_rol(4, 1, 61);
-	do_swap_n_rol(1, 1, 20);
-	do_swap_n_rol(1, 0, 44);
-
-#undef do_swap_n_rol
-      }
-
-      {
-	/* ? step (see [Keccak Reference, Section 2.3.1]) */
-	u64 temp[5];
-
-#define do_x_step_for_plane(y) \
-  /* Take a copy of the plane */ \
-  temp[0] = hd->state[y][0]; \
-  temp[1] = hd->state[y][1]; \
-  temp[2] = hd->state[y][2]; \
-  temp[3] = hd->state[y][3]; \
-  temp[4] = hd->state[y][4]; \
-  \
-  /* Compute ? on the plane */ \
-  hd->state[y][0] = temp[0] ^ ((~temp[1]) & temp[2]); \
-  hd->state[y][1] = temp[1] ^ ((~temp[2]) & temp[3]); \
-  hd->state[y][2] = temp[2] ^ ((~temp[3]) & temp[4]); \
-  hd->state[y][3] = temp[3] ^ ((~temp[4]) & temp[0]); \
-  hd->state[y][4] = temp[4] ^ ((~temp[0]) & temp[1]);
-
-	do_x_step_for_plane(0);
-	do_x_step_for_plane(1);
-	do_x_step_for_plane(2);
-	do_x_step_for_plane(3);
-	do_x_step_for_plane(4);
-
-#undef do_x_step_for_plane
-      }
-
-      {
-	/* ? step (see [Keccak Reference, Section 2.3.5]) */
-
-	hd->state[0][0] ^= round_consts[round];
-      }
+      hd->u.state64[i] = le_bswap64(hd->u.state64[i]);
     }
 
-  return sizeof(void *) * 4 + sizeof(u64) * 10;
+  return 0;
 }
 
+#endif /* NEED_COMMON64 */
+
+
+#ifdef NEED_COMMON32BI
+
+static const u32 round_consts_32bit[2 * 24] =
+{
+  0x00000001UL, 0x00000000UL, 0x00000000UL, 0x00000089UL,
+  0x00000000UL, 0x8000008bUL, 0x00000000UL, 0x80008080UL,
+  0x00000001UL, 0x0000008bUL, 0x00000001UL, 0x00008000UL,
+  0x00000001UL, 0x80008088UL, 0x00000001UL, 0x80000082UL,
+  0x00000000UL, 0x0000000bUL, 0x00000000UL, 0x0000000aUL,
+  0x00000001UL, 0x00008082UL, 0x00000000UL, 0x00008003UL,
+  0x00000001UL, 0x0000808bUL, 0x00000001UL, 0x8000000bUL,
+  0x00000001UL, 0x8000008aUL, 0x00000001UL, 0x80000081UL,
+  0x00000000UL, 0x80000081UL, 0x00000000UL, 0x80000008UL,
+  0x00000000UL, 0x00000083UL, 0x00000000UL, 0x80008003UL,
+  0x00000001UL, 0x80008088UL, 0x00000000UL, 0x80000088UL,
+  0x00000001UL, 0x00008000UL, 0x00000000UL, 0x80008082UL
+};
 
 static unsigned int
-transform_blk (void *context, const unsigned char *data)
+keccak_extract_inplace32bi(KECCAK_STATE *hd, unsigned int outlen)
 {
-  KECCAK_CONTEXT *ctx = context;
-  KECCAK_STATE *hd = &ctx->state;
-  u64 *state = (u64 *)hd->state;
-  const size_t bsize = ctx->bctx.blocksize;
   unsigned int i;
+  u32 x0;
+  u32 x1;
+  u32 t;
+
+  for (i = 0; i < outlen / 8 + !!(outlen % 8); i++)
+    {
+      x0 = hd->u.state32bi[i * 2 + 0];
+      x1 = hd->u.state32bi[i * 2 + 1];
+
+      t = (x0 & 0x0000FFFFUL) + (x1 << 16);
+      x1 = (x0 >> 16) + (x1 & 0xFFFF0000UL);
+      x0 = t;
+      t = (x0 ^ (x0 >> 8)) & 0x0000FF00UL; x0 = x0 ^ t ^ (t << 8);
+      t = (x0 ^ (x0 >> 4)) & 0x00F000F0UL; x0 = x0 ^ t ^ (t << 4);
+      t = (x0 ^ (x0 >> 2)) & 0x0C0C0C0CUL; x0 = x0 ^ t ^ (t << 2);
+      t = (x0 ^ (x0 >> 1)) & 0x22222222UL; x0 = x0 ^ t ^ (t << 1);
+      t = (x1 ^ (x1 >> 8)) & 0x0000FF00UL; x1 = x1 ^ t ^ (t << 8);
+      t = (x1 ^ (x1 >> 4)) & 0x00F000F0UL; x1 = x1 ^ t ^ (t << 4);
+      t = (x1 ^ (x1 >> 2)) & 0x0C0C0C0CUL; x1 = x1 ^ t ^ (t << 2);
+      t = (x1 ^ (x1 >> 1)) & 0x22222222UL; x1 = x1 ^ t ^ (t << 1);
+
+      hd->u.state32bi[i * 2 + 0] = le_bswap32(x0);
+      hd->u.state32bi[i * 2 + 1] = le_bswap32(x1);
+    }
 
-  /* Absorb input block. */
-  for (i = 0; i < bsize / 8; i++)
-    state[i] ^= buf_get_le64(data + i * 8);
+  return 0;
+}
 
-  return keccak_f1600_state_permute(hd) + 4 * sizeof(void *);
+static inline void
+keccak_absorb_lane32bi(u32 *lane, u32 x0, u32 x1)
+{
+  u32 t;
+
+  t = (x0 ^ (x0 >> 1)) & 0x22222222UL; x0 = x0 ^ t ^ (t << 1);
+  t = (x0 ^ (x0 >> 2)) & 0x0C0C0C0CUL; x0 = x0 ^ t ^ (t << 2);
+  t = (x0 ^ (x0 >> 4)) & 0x00F000F0UL; x0 = x0 ^ t ^ (t << 4);
+  t = (x0 ^ (x0 >> 8)) & 0x0000FF00UL; x0 = x0 ^ t ^ (t << 8);
+  t = (x1 ^ (x1 >> 1)) & 0x22222222UL; x1 = x1 ^ t ^ (t << 1);
+  t = (x1 ^ (x1 >> 2)) & 0x0C0C0C0CUL; x1 = x1 ^ t ^ (t << 2);
+  t = (x1 ^ (x1 >> 4)) & 0x00F000F0UL; x1 = x1 ^ t ^ (t << 4);
+  t = (x1 ^ (x1 >> 8)) & 0x0000FF00UL; x1 = x1 ^ t ^ (t << 8);
+  lane[0] ^= (x0 & 0x0000FFFFUL) + (x1 << 16);
+  lane[1] ^= (x0 >> 16) + (x1 & 0xFFFF0000UL);
 }
 
+#endif /* NEED_COMMON32BI */
+
+
+/* Construct generic 64-bit implementation. */
+#ifdef USE_64BIT
+
+# define ANDN64(x, y) (~(x) & (y))
+# define ROL64(x, n) (((x) << ((unsigned int)n & 63)) | \
+		      ((x) >> ((64 - (unsigned int)(n)) & 63)))
+
+# define KECCAK_F1600_PERMUTE_FUNC_NAME keccak_f1600_state_permute64
+# include "keccak_permute_64.h"
+
+# undef ANDN64
+# undef ROL64
+# undef KECCAK_F1600_PERMUTE_FUNC_NAME
 
 static unsigned int
-transform (void *context, const unsigned char *data, size_t nblks)
+keccak_absorb_lanes64(KECCAK_STATE *hd, int pos, const byte *lanes,
+		      unsigned int nlanes, int blocklanes)
 {
-  KECCAK_CONTEXT *ctx = context;
-  const size_t bsize = ctx->bctx.blocksize;
-  unsigned int burn;
+  unsigned int burn = 0;
+
+  while (nlanes)
+    {
+      hd->u.state64[pos] ^= buf_get_le64(lanes);
+      lanes += 8;
+      nlanes--;
+
+      if (++pos == blocklanes)
+	{
+	  burn = keccak_f1600_state_permute64(hd);
+	  pos = 0;
+	}
+    }
+
+  return burn;
+}
+
+static const keccak_ops_t keccak_generic64_ops =
+{
+  .permute = keccak_f1600_state_permute64,
+  .absorb = keccak_absorb_lanes64,
+  .extract_inplace = keccak_extract_inplace64,
+};
+
+#endif /* USE_64BIT */
+
+
+/* Construct 64-bit Intel SHLD implementation. */
+#ifdef USE_64BIT_SHLD
+
+# define ANDN64(x, y) (~(x) & (y))
+# define ROL64(x, n) ({ \
+			u64 tmp = (x); \
+			asm ("shldq %1, %0, %0" \
+			     : "+r" (tmp) \
+			     : "J" ((n) & 63) \
+			     : "cc"); \
+			tmp; })
+
+# define KECCAK_F1600_PERMUTE_FUNC_NAME keccak_f1600_state_permute64_shld
+# include "keccak_permute_64.h"
+
+# undef ANDN64
+# undef ROL64
+# undef KECCAK_F1600_PERMUTE_FUNC_NAME
+
+static unsigned int
+keccak_absorb_lanes64_shld(KECCAK_STATE *hd, int pos, const byte *lanes,
+			   unsigned int nlanes, int blocklanes)
+{
+  unsigned int burn = 0;
+
+  while (nlanes)
+    {
+      hd->u.state64[pos] ^= buf_get_le64(lanes);
+      lanes += 8;
+      nlanes--;
+
+      if (++pos == blocklanes)
+	{
+	  burn = keccak_f1600_state_permute64_shld(hd);
+	  pos = 0;
+	}
+    }
+
+  return burn;
+}
+
+static const keccak_ops_t keccak_shld_64_ops =
+{
+  .permute = keccak_f1600_state_permute64_shld,
+  .absorb = keccak_absorb_lanes64_shld,
+  .extract_inplace = keccak_extract_inplace64,
+};
+
+#endif /* USE_64BIT_SHLD */
+
+
+/* Construct 64-bit Intel BMI2 implementation. */
+#ifdef USE_64BIT_BMI2
+
+# define ANDN64(x, y) ({ \
+			u64 tmp; \
+			asm ("andnq %2, %1, %0" \
+			     : "=r" (tmp) \
+			     : "r0" (x), "rm" (y)); \
+			tmp; })
+
+# define ROL64(x, n) ({ \
+			u64 tmp; \
+			asm ("rorxq %2, %1, %0" \
+			     : "=r" (tmp) \
+			     : "rm0" (x), "J" (64 - ((n) & 63))); \
+			tmp; })
+
+# define KECCAK_F1600_PERMUTE_FUNC_NAME keccak_f1600_state_permute64_bmi2
+# include "keccak_permute_64.h"
+
+# undef ANDN64
+# undef ROL64
+# undef KECCAK_F1600_PERMUTE_FUNC_NAME
+
+static unsigned int
+keccak_absorb_lanes64_bmi2(KECCAK_STATE *hd, int pos, const byte *lanes,
+			   unsigned int nlanes, int blocklanes)
+{
+  unsigned int burn = 0;
+
+  while (nlanes)
+    {
+      hd->u.state64[pos] ^= buf_get_le64(lanes);
+      lanes += 8;
+      nlanes--;
+
+      if (++pos == blocklanes)
+	{
+	  burn = keccak_f1600_state_permute64_bmi2(hd);
+	  pos = 0;
+	}
+    }
+
+  return burn;
+}
+
+static const keccak_ops_t keccak_bmi2_64_ops =
+{
+  .permute = keccak_f1600_state_permute64_bmi2,
+  .absorb = keccak_absorb_lanes64_bmi2,
+  .extract_inplace = keccak_extract_inplace64,
+};
+
+#endif /* USE_64BIT_BMI2 */
+
+
+/* Construct generic 32-bit implementation. */
+#ifdef USE_32BIT
+
+# define ANDN32(x, y) (~(x) & (y))
+# define ROL32(x, n) (((x) << ((unsigned int)n & 31)) | \
+		      ((x) >> ((32 - (unsigned int)(n)) & 31)))
+
+# define KECCAK_F1600_PERMUTE_FUNC_NAME keccak_f1600_state_permute32bi
+# include "keccak_permute_32.h"
+
+# undef ANDN32
+# undef ROL32
+# undef KECCAK_F1600_PERMUTE_FUNC_NAME
+
+static unsigned int
+keccak_absorb_lanes32bi(KECCAK_STATE *hd, int pos, const byte *lanes,
+		        unsigned int nlanes, int blocklanes)
+{
+  unsigned int burn = 0;
 
-  /* Absorb full blocks. */
-  do
+  while (nlanes)
     {
-      burn = transform_blk (context, data);
-      data += bsize;
+      keccak_absorb_lane32bi(&hd->u.state32bi[pos * 2],
+			     buf_get_le32(lanes + 0),
+			     buf_get_le32(lanes + 4));
+      lanes += 8;
+      nlanes--;
+
+      if (++pos == blocklanes)
+	{
+	  burn = keccak_f1600_state_permute32bi(hd);
+	  pos = 0;
+	}
     }
-  while (--nblks);
 
   return burn;
 }
 
+static const keccak_ops_t keccak_generic32bi_ops =
+{
+  .permute = keccak_f1600_state_permute32bi,
+  .absorb = keccak_absorb_lanes32bi,
+  .extract_inplace = keccak_extract_inplace32bi,
+};
+
+#endif /* USE_32BIT */
+
+
+/* Construct 32-bit Intel BMI2 implementation. */
+#ifdef USE_32BIT_BMI2
+
+# define ANDN32(x, y) ({ \
+			u32 tmp; \
+			asm ("andnl %2, %1, %0" \
+			     : "=r" (tmp) \
+			     : "r0" (x), "rm" (y)); \
+			tmp; })
+
+# define ROL32(x, n) ({ \
+			u32 tmp; \
+			asm ("rorxl %2, %1, %0" \
+			     : "=r" (tmp) \
+			     : "rm0" (x), "J" (32 - ((n) & 31))); \
+			tmp; })
+
+# define KECCAK_F1600_PERMUTE_FUNC_NAME keccak_f1600_state_permute32bi_bmi2
+# include "keccak_permute_32.h"
+
+# undef ANDN32
+# undef ROL32
+# undef KECCAK_F1600_PERMUTE_FUNC_NAME
+
+static inline u32 pext(u32 x, u32 mask)
+{
+  u32 tmp;
+  asm ("pextl %2, %1, %0" : "=r" (tmp) : "r0" (x), "rm" (mask));
+  return tmp;
+}
+
+static inline u32 pdep(u32 x, u32 mask)
+{
+  u32 tmp;
+  asm ("pdepl %2, %1, %0" : "=r" (tmp) : "r0" (x), "rm" (mask));
+  return tmp;
+}
+
+static inline void
+keccak_absorb_lane32bi_bmi2(u32 *lane, u32 x0, u32 x1)
+{
+  x0 = pdep(pext(x0, 0x55555555), 0x0000ffff) | (pext(x0, 0xaaaaaaaa) << 16);
+  x1 = pdep(pext(x1, 0x55555555), 0x0000ffff) | (pext(x1, 0xaaaaaaaa) << 16);
+
+  lane[0] ^= (x0 & 0x0000FFFFUL) + (x1 << 16);
+  lane[1] ^= (x0 >> 16) + (x1 & 0xFFFF0000UL);
+}
+
+static unsigned int
+keccak_absorb_lanes32bi_bmi2(KECCAK_STATE *hd, int pos, const byte *lanes,
+		             unsigned int nlanes, int blocklanes)
+{
+  unsigned int burn = 0;
+
+  while (nlanes)
+    {
+      keccak_absorb_lane32bi_bmi2(&hd->u.state32bi[pos * 2],
+			          buf_get_le32(lanes + 0),
+			          buf_get_le32(lanes + 4));
+      lanes += 8;
+      nlanes--;
+
+      if (++pos == blocklanes)
+	{
+	  burn = keccak_f1600_state_permute32bi_bmi2(hd);
+	  pos = 0;
+	}
+    }
+
+  return burn;
+}
+
+static unsigned int
+keccak_extract_inplace32bi_bmi2(KECCAK_STATE *hd, unsigned int outlen)
+{
+  unsigned int i;
+  u32 x0;
+  u32 x1;
+  u32 t;
+
+  for (i = 0; i < outlen / 8 + !!(outlen % 8); i++)
+    {
+      x0 = hd->u.state32bi[i * 2 + 0];
+      x1 = hd->u.state32bi[i * 2 + 1];
+
+      t = (x0 & 0x0000FFFFUL) + (x1 << 16);
+      x1 = (x0 >> 16) + (x1 & 0xFFFF0000UL);
+      x0 = t;
+
+      x0 = pdep(pext(x0, 0xffff0001), 0xaaaaaaab) | pdep(x0 >> 1, 0x55555554);
+      x1 = pdep(pext(x1, 0xffff0001), 0xaaaaaaab) | pdep(x1 >> 1, 0x55555554);
+
+      hd->u.state32bi[i * 2 + 0] = le_bswap32(x0);
+      hd->u.state32bi[i * 2 + 1] = le_bswap32(x1);
+    }
+
+  return 0;
+}
+
+static const keccak_ops_t keccak_bmi2_32bi_ops =
+{
+  .permute = keccak_f1600_state_permute32bi_bmi2,
+  .absorb = keccak_absorb_lanes32bi_bmi2,
+  .extract_inplace = keccak_extract_inplace32bi_bmi2,
+};
+
+#endif /* USE_32BIT */
+
+
+static void
+keccak_write (void *context, const void *inbuf_arg, size_t inlen)
+{
+  KECCAK_CONTEXT *ctx = context;
+  const size_t bsize = ctx->blocksize;
+  const size_t blocklanes = bsize / 8;
+  const byte *inbuf = inbuf_arg;
+  unsigned int nburn, burn = 0;
+  unsigned int count, i;
+  unsigned int pos, nlanes;
+
+  count = ctx->count;
+
+  if (inlen && (count % 8))
+    {
+      byte lane[8] = { 0, };
+
+      /* Complete absorbing partial input lane. */
+
+      pos = count / 8;
+
+      for (i = count % 8; inlen && i < 8; i++)
+	{
+	  lane[i] = *inbuf++;
+	  inlen--;
+	  count++;
+	}
+
+      if (count == bsize)
+	count = 0;
+
+      nburn = ctx->ops->absorb(&ctx->state, pos, lane, 1,
+			       (count % 8) ? -1 : blocklanes);
+      burn = nburn > burn ? nburn : burn;
+    }
+
+  /* Absorb full input lanes. */
+
+  pos = count / 8;
+  nlanes = inlen / 8;
+  if (nlanes > 0)
+    {
+      nburn = ctx->ops->absorb(&ctx->state, pos, inbuf, nlanes, blocklanes);
+      burn = nburn > burn ? nburn : burn;
+      inlen -= nlanes * 8;
+      inbuf += nlanes * 8;
+      count += nlanes * 8;
+      count = count % bsize;
+    }
+
+  if (inlen)
+    {
+      byte lane[8] = { 0, };
+
+      /* Absorb remaining partial input lane. */
+
+      pos = count / 8;
+
+      for (i = count % 8; inlen && i < 8; i++)
+	{
+	  lane[i] = *inbuf++;
+	  inlen--;
+	  count++;
+	}
+
+      nburn = ctx->ops->absorb(&ctx->state, pos, lane, 1, -1);
+      burn = nburn > burn ? nburn : burn;
+
+      gcry_assert(count < bsize);
+    }
+
+  ctx->count = count;
+
+  if (burn)
+    _gcry_burn_stack (burn);
+}
+
 
 static void
 keccak_init (int algo, void *context, unsigned int flags)
@@ -267,29 +609,48 @@ keccak_init (int algo, void *context, unsigned int flags)
 
   memset (hd, 0, sizeof *hd);
 
-  ctx->bctx.nblocks = 0;
-  ctx->bctx.nblocks_high = 0;
-  ctx->bctx.count = 0;
-  ctx->bctx.bwrite = transform;
+  ctx->count = 0;
+
+  /* Select generic implementation. */
+#ifdef USE_64BIT
+  ctx->ops = &keccak_generic64_ops;
+#elif defined USE_32BIT
+  ctx->ops = &keccak_generic32bi_ops;
+#endif
+
+  /* Select optimized implementation based in hw features. */
+  if (0) {}
+#ifdef USE_64BIT_BMI2
+  else if (features & HWF_INTEL_BMI2)
+    ctx->ops = &keccak_bmi2_64_ops;
+#endif
+#ifdef USE_32BIT_BMI2
+  else if (features & HWF_INTEL_BMI2)
+    ctx->ops = &keccak_bmi2_32bi_ops;
+#endif
+#ifdef USE_64BIT_SHLD
+  else if (features & HWF_INTEL_FAST_SHLD)
+    ctx->ops = &keccak_shld_64_ops;
+#endif
 
   /* Set input block size, in Keccak terms this is called 'rate'. */
 
   switch (algo)
     {
     case GCRY_MD_SHA3_224:
-      ctx->bctx.blocksize = 1152 / 8;
+      ctx->blocksize = 1152 / 8;
       ctx->outlen = 224 / 8;
       break;
     case GCRY_MD_SHA3_256:
-      ctx->bctx.blocksize = 1088 / 8;
+      ctx->blocksize = 1088 / 8;
       ctx->outlen = 256 / 8;
       break;
     case GCRY_MD_SHA3_384:
-      ctx->bctx.blocksize = 832 / 8;
+      ctx->blocksize = 832 / 8;
       ctx->outlen = 384 / 8;
       break;
     case GCRY_MD_SHA3_512:
-      ctx->bctx.blocksize = 576 / 8;
+      ctx->blocksize = 576 / 8;
       ctx->outlen = 512 / 8;
       break;
     default:
@@ -334,59 +695,37 @@ keccak_final (void *context)
 {
   KECCAK_CONTEXT *ctx = context;
   KECCAK_STATE *hd = &ctx->state;
-  const size_t bsize = ctx->bctx.blocksize;
+  const size_t bsize = ctx->blocksize;
   const byte suffix = SHA3_DELIMITED_SUFFIX;
-  u64 *state = (u64 *)hd->state;
-  unsigned int stack_burn_depth;
+  unsigned int nburn, burn = 0;
   unsigned int lastbytes;
-  unsigned int i;
-  byte *buf;
+  byte lane[8];
 
-  _gcry_md_block_write (context, NULL, 0); /* flush */
-
-  buf = ctx->bctx.buf;
-  lastbytes = ctx->bctx.count;
-
-  /* Absorb remaining bytes. */
-  for (i = 0; i < lastbytes / 8; i++)
-    {
-      state[i] ^= buf_get_le64(buf);
-      buf += 8;
-    }
-
-  for (i = 0; i < lastbytes % 8; i++)
-    {
-      state[lastbytes / 8] ^= (u64)*buf << (i * 8);
-      buf++;
-    }
+  lastbytes = ctx->count;
 
   /* Do the padding and switch to the squeezing phase */
 
   /* Absorb the last few bits and add the first bit of padding (which
      coincides with the delimiter in delimited suffix) */
-  state[lastbytes / 8] ^= (u64)suffix << ((lastbytes % 8) * 8);
+  buf_put_le64(lane, (u64)suffix << ((lastbytes % 8) * 8));
+  nburn = ctx->ops->absorb(&ctx->state, lastbytes / 8, lane, 1, -1);
+  burn = nburn > burn ? nburn : burn;
 
   /* Add the second bit of padding. */
-  state[(bsize - 1) / 8] ^= (u64)0x80 << (((bsize - 1) % 8) * 8);
+  buf_put_le64(lane, (u64)0x80 << (((bsize - 1) % 8) * 8));
+  nburn = ctx->ops->absorb(&ctx->state, (bsize - 1) / 8, lane, 1, -1);
+  burn = nburn > burn ? nburn : burn;
 
   /* Switch to the squeezing phase. */
-  stack_burn_depth = keccak_f1600_state_permute(hd);
+  nburn = ctx->ops->permute(hd);
+  burn = nburn > burn ? nburn : burn;
 
   /* Squeeze out all the output blocks */
   if (ctx->outlen < bsize)
     {
       /* Output SHA3 digest. */
-      buf = ctx->bctx.buf;
-      for (i = 0; i < ctx->outlen / 8; i++)
-	{
-	  buf_put_le64(buf, state[i]);
-	  buf += 8;
-	}
-      for (i = 0; i < ctx->outlen % 8; i++)
-	{
-	  *buf = state[ctx->outlen / 8] >> (i * 8);
-	  buf++;
-	}
+      nburn = ctx->ops->extract_inplace(hd, ctx->outlen);
+      burn = nburn > burn ? nburn : burn;
     }
   else
     {
@@ -394,15 +733,18 @@ keccak_final (void *context)
       BUG();
     }
 
-  _gcry_burn_stack (stack_burn_depth);
+  wipememory(lane, sizeof(lane));
+  if (burn)
+    _gcry_burn_stack (burn);
 }
 
 
 static byte *
 keccak_read (void *context)
 {
-  KECCAK_CONTEXT *hd = (KECCAK_CONTEXT *) context;
-  return hd->bctx.buf;
+  KECCAK_CONTEXT *ctx = (KECCAK_CONTEXT *) context;
+  KECCAK_STATE *hd = &ctx->state;
+  return (byte *)&hd->u;
 }
 
 
@@ -585,7 +927,7 @@ gcry_md_spec_t _gcry_digest_spec_sha3_224 =
   {
     GCRY_MD_SHA3_224, {0, 1},
     "SHA3-224", sha3_224_asn, DIM (sha3_224_asn), oid_spec_sha3_224, 28,
-    sha3_224_init, _gcry_md_block_write, keccak_final, keccak_read,
+    sha3_224_init, keccak_write, keccak_final, keccak_read,
     sizeof (KECCAK_CONTEXT),
     run_selftests
   };
@@ -593,7 +935,7 @@ gcry_md_spec_t _gcry_digest_spec_sha3_256 =
   {
     GCRY_MD_SHA3_256, {0, 1},
     "SHA3-256", sha3_256_asn, DIM (sha3_256_asn), oid_spec_sha3_256, 32,
-    sha3_256_init, _gcry_md_block_write, keccak_final, keccak_read,
+    sha3_256_init, keccak_write, keccak_final, keccak_read,
     sizeof (KECCAK_CONTEXT),
     run_selftests
   };
@@ -601,7 +943,7 @@ gcry_md_spec_t _gcry_digest_spec_sha3_384 =
   {
     GCRY_MD_SHA3_384, {0, 1},
     "SHA3-384", sha3_384_asn, DIM (sha3_384_asn), oid_spec_sha3_384, 48,
-    sha3_384_init, _gcry_md_block_write, keccak_final, keccak_read,
+    sha3_384_init, keccak_write, keccak_final, keccak_read,
     sizeof (KECCAK_CONTEXT),
     run_selftests
   };
@@ -609,7 +951,7 @@ gcry_md_spec_t _gcry_digest_spec_sha3_512 =
   {
     GCRY_MD_SHA3_512, {0, 1},
     "SHA3-512", sha3_512_asn, DIM (sha3_512_asn), oid_spec_sha3_512, 64,
-    sha3_512_init, _gcry_md_block_write, keccak_final, keccak_read,
+    sha3_512_init, keccak_write, keccak_final, keccak_read,
     sizeof (KECCAK_CONTEXT),
     run_selftests
   };
diff --git a/cipher/keccak_permute_32.h b/cipher/keccak_permute_32.h
new file mode 100644
index 0000000..fed9383
--- /dev/null
+++ b/cipher/keccak_permute_32.h
@@ -0,0 +1,535 @@
+/* keccak_permute_32.h - Keccak permute function (simple 32bit bit-interleaved)
+ * Copyright (C) 2015 Jussi Kivilinna <jussi.kivilinna at iki.fi>
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* The code is based on public-domain/CC0 "keccakc1024/simple32bi/
+ * Keccak-simple32BI.c" implementation by Ronny Van Keer from SUPERCOP toolkit
+ * package.
+ */
+
+/* Function that computes the Keccak-f[1600] permutation on the given state. */
+static unsigned int
+KECCAK_F1600_PERMUTE_FUNC_NAME(KECCAK_STATE *hd)
+{
+  const u32 *round_consts = round_consts_32bit;
+  u32 Aba0, Abe0, Abi0, Abo0, Abu0;
+  u32 Aba1, Abe1, Abi1, Abo1, Abu1;
+  u32 Aga0, Age0, Agi0, Ago0, Agu0;
+  u32 Aga1, Age1, Agi1, Ago1, Agu1;
+  u32 Aka0, Ake0, Aki0, Ako0, Aku0;
+  u32 Aka1, Ake1, Aki1, Ako1, Aku1;
+  u32 Ama0, Ame0, Ami0, Amo0, Amu0;
+  u32 Ama1, Ame1, Ami1, Amo1, Amu1;
+  u32 Asa0, Ase0, Asi0, Aso0, Asu0;
+  u32 Asa1, Ase1, Asi1, Aso1, Asu1;
+  u32 BCa0, BCe0, BCi0, BCo0, BCu0;
+  u32 BCa1, BCe1, BCi1, BCo1, BCu1;
+  u32 Da0, De0, Di0, Do0, Du0;
+  u32 Da1, De1, Di1, Do1, Du1;
+  u32 Eba0, Ebe0, Ebi0, Ebo0, Ebu0;
+  u32 Eba1, Ebe1, Ebi1, Ebo1, Ebu1;
+  u32 Ega0, Ege0, Egi0, Ego0, Egu0;
+  u32 Ega1, Ege1, Egi1, Ego1, Egu1;
+  u32 Eka0, Eke0, Eki0, Eko0, Eku0;
+  u32 Eka1, Eke1, Eki1, Eko1, Eku1;
+  u32 Ema0, Eme0, Emi0, Emo0, Emu0;
+  u32 Ema1, Eme1, Emi1, Emo1, Emu1;
+  u32 Esa0, Ese0, Esi0, Eso0, Esu0;
+  u32 Esa1, Ese1, Esi1, Eso1, Esu1;
+  u32 *state = hd->u.state32bi;
+  unsigned int round;
+
+  Aba0 = state[0];
+  Aba1 = state[1];
+  Abe0 = state[2];
+  Abe1 = state[3];
+  Abi0 = state[4];
+  Abi1 = state[5];
+  Abo0 = state[6];
+  Abo1 = state[7];
+  Abu0 = state[8];
+  Abu1 = state[9];
+  Aga0 = state[10];
+  Aga1 = state[11];
+  Age0 = state[12];
+  Age1 = state[13];
+  Agi0 = state[14];
+  Agi1 = state[15];
+  Ago0 = state[16];
+  Ago1 = state[17];
+  Agu0 = state[18];
+  Agu1 = state[19];
+  Aka0 = state[20];
+  Aka1 = state[21];
+  Ake0 = state[22];
+  Ake1 = state[23];
+  Aki0 = state[24];
+  Aki1 = state[25];
+  Ako0 = state[26];
+  Ako1 = state[27];
+  Aku0 = state[28];
+  Aku1 = state[29];
+  Ama0 = state[30];
+  Ama1 = state[31];
+  Ame0 = state[32];
+  Ame1 = state[33];
+  Ami0 = state[34];
+  Ami1 = state[35];
+  Amo0 = state[36];
+  Amo1 = state[37];
+  Amu0 = state[38];
+  Amu1 = state[39];
+  Asa0 = state[40];
+  Asa1 = state[41];
+  Ase0 = state[42];
+  Ase1 = state[43];
+  Asi0 = state[44];
+  Asi1 = state[45];
+  Aso0 = state[46];
+  Aso1 = state[47];
+  Asu0 = state[48];
+  Asu1 = state[49];
+
+  for (round = 0; round < 24; round += 2)
+    {
+      /* prepareTheta */
+      BCa0 = Aba0 ^ Aga0 ^ Aka0 ^ Ama0 ^ Asa0;
+      BCa1 = Aba1 ^ Aga1 ^ Aka1 ^ Ama1 ^ Asa1;
+      BCe0 = Abe0 ^ Age0 ^ Ake0 ^ Ame0 ^ Ase0;
+      BCe1 = Abe1 ^ Age1 ^ Ake1 ^ Ame1 ^ Ase1;
+      BCi0 = Abi0 ^ Agi0 ^ Aki0 ^ Ami0 ^ Asi0;
+      BCi1 = Abi1 ^ Agi1 ^ Aki1 ^ Ami1 ^ Asi1;
+      BCo0 = Abo0 ^ Ago0 ^ Ako0 ^ Amo0 ^ Aso0;
+      BCo1 = Abo1 ^ Ago1 ^ Ako1 ^ Amo1 ^ Aso1;
+      BCu0 = Abu0 ^ Agu0 ^ Aku0 ^ Amu0 ^ Asu0;
+      BCu1 = Abu1 ^ Agu1 ^ Aku1 ^ Amu1 ^ Asu1;
+
+      /* thetaRhoPiChiIota(round  , A, E) */
+      Da0 = BCu0 ^ ROL32(BCe1, 1);
+      Da1 = BCu1 ^ BCe0;
+      De0 = BCa0 ^ ROL32(BCi1, 1);
+      De1 = BCa1 ^ BCi0;
+      Di0 = BCe0 ^ ROL32(BCo1, 1);
+      Di1 = BCe1 ^ BCo0;
+      Do0 = BCi0 ^ ROL32(BCu1, 1);
+      Do1 = BCi1 ^ BCu0;
+      Du0 = BCo0 ^ ROL32(BCa1, 1);
+      Du1 = BCo1 ^ BCa0;
+
+      Aba0 ^= Da0;
+      BCa0 = Aba0;
+      Age0 ^= De0;
+      BCe0 = ROL32(Age0, 22);
+      Aki1 ^= Di1;
+      BCi0 = ROL32(Aki1, 22);
+      Amo1 ^= Do1;
+      BCo0 = ROL32(Amo1, 11);
+      Asu0 ^= Du0;
+      BCu0 = ROL32(Asu0, 7);
+      Eba0 = BCa0 ^ ANDN32(BCe0, BCi0);
+      Eba0 ^= round_consts[round * 2 + 0];
+      Ebe0 = BCe0 ^ ANDN32(BCi0, BCo0);
+      Ebi0 = BCi0 ^ ANDN32(BCo0, BCu0);
+      Ebo0 = BCo0 ^ ANDN32(BCu0, BCa0);
+      Ebu0 = BCu0 ^ ANDN32(BCa0, BCe0);
+
+      Aba1 ^= Da1;
+      BCa1 = Aba1;
+      Age1 ^= De1;
+      BCe1 = ROL32(Age1, 22);
+      Aki0 ^= Di0;
+      BCi1 = ROL32(Aki0, 21);
+      Amo0 ^= Do0;
+      BCo1 = ROL32(Amo0, 10);
+      Asu1 ^= Du1;
+      BCu1 = ROL32(Asu1, 7);
+      Eba1 = BCa1 ^ ANDN32(BCe1, BCi1);
+      Eba1 ^= round_consts[round * 2 + 1];
+      Ebe1 = BCe1 ^ ANDN32(BCi1, BCo1);
+      Ebi1 = BCi1 ^ ANDN32(BCo1, BCu1);
+      Ebo1 = BCo1 ^ ANDN32(BCu1, BCa1);
+      Ebu1 = BCu1 ^ ANDN32(BCa1, BCe1);
+
+      Abo0 ^= Do0;
+      BCa0 = ROL32(Abo0, 14);
+      Agu0 ^= Du0;
+      BCe0 = ROL32(Agu0, 10);
+      Aka1 ^= Da1;
+      BCi0 = ROL32(Aka1, 2);
+      Ame1 ^= De1;
+      BCo0 = ROL32(Ame1, 23);
+      Asi1 ^= Di1;
+      BCu0 = ROL32(Asi1, 31);
+      Ega0 = BCa0 ^ ANDN32(BCe0, BCi0);
+      Ege0 = BCe0 ^ ANDN32(BCi0, BCo0);
+      Egi0 = BCi0 ^ ANDN32(BCo0, BCu0);
+      Ego0 = BCo0 ^ ANDN32(BCu0, BCa0);
+      Egu0 = BCu0 ^ ANDN32(BCa0, BCe0);
+
+      Abo1 ^= Do1;
+      BCa1 = ROL32(Abo1, 14);
+      Agu1 ^= Du1;
+      BCe1 = ROL32(Agu1, 10);
+      Aka0 ^= Da0;
+      BCi1 = ROL32(Aka0, 1);
+      Ame0 ^= De0;
+      BCo1 = ROL32(Ame0, 22);
+      Asi0 ^= Di0;
+      BCu1 = ROL32(Asi0, 30);
+      Ega1 = BCa1 ^ ANDN32(BCe1, BCi1);
+      Ege1 = BCe1 ^ ANDN32(BCi1, BCo1);
+      Egi1 = BCi1 ^ ANDN32(BCo1, BCu1);
+      Ego1 = BCo1 ^ ANDN32(BCu1, BCa1);
+      Egu1 = BCu1 ^ ANDN32(BCa1, BCe1);
+
+      Abe1 ^= De1;
+      BCa0 = ROL32(Abe1, 1);
+      Agi0 ^= Di0;
+      BCe0 = ROL32(Agi0, 3);
+      Ako1 ^= Do1;
+      BCi0 = ROL32(Ako1, 13);
+      Amu0 ^= Du0;
+      BCo0 = ROL32(Amu0, 4);
+      Asa0 ^= Da0;
+      BCu0 = ROL32(Asa0, 9);
+      Eka0 = BCa0 ^ ANDN32(BCe0, BCi0);
+      Eke0 = BCe0 ^ ANDN32(BCi0, BCo0);
+      Eki0 = BCi0 ^ ANDN32(BCo0, BCu0);
+      Eko0 = BCo0 ^ ANDN32(BCu0, BCa0);
+      Eku0 = BCu0 ^ ANDN32(BCa0, BCe0);
+
+      Abe0 ^= De0;
+      BCa1 = Abe0;
+      Agi1 ^= Di1;
+      BCe1 = ROL32(Agi1, 3);
+      Ako0 ^= Do0;
+      BCi1 = ROL32(Ako0, 12);
+      Amu1 ^= Du1;
+      BCo1 = ROL32(Amu1, 4);
+      Asa1 ^= Da1;
+      BCu1 = ROL32(Asa1, 9);
+      Eka1 = BCa1 ^ ANDN32(BCe1, BCi1);
+      Eke1 = BCe1 ^ ANDN32(BCi1, BCo1);
+      Eki1 = BCi1 ^ ANDN32(BCo1, BCu1);
+      Eko1 = BCo1 ^ ANDN32(BCu1, BCa1);
+      Eku1 = BCu1 ^ ANDN32(BCa1, BCe1);
+
+      Abu1 ^= Du1;
+      BCa0 = ROL32(Abu1, 14);
+      Aga0 ^= Da0;
+      BCe0 = ROL32(Aga0, 18);
+      Ake0 ^= De0;
+      BCi0 = ROL32(Ake0, 5);
+      Ami1 ^= Di1;
+      BCo0 = ROL32(Ami1, 8);
+      Aso0 ^= Do0;
+      BCu0 = ROL32(Aso0, 28);
+      Ema0 = BCa0 ^ ANDN32(BCe0, BCi0);
+      Eme0 = BCe0 ^ ANDN32(BCi0, BCo0);
+      Emi0 = BCi0 ^ ANDN32(BCo0, BCu0);
+      Emo0 = BCo0 ^ ANDN32(BCu0, BCa0);
+      Emu0 = BCu0 ^ ANDN32(BCa0, BCe0);
+
+      Abu0 ^= Du0;
+      BCa1 = ROL32(Abu0, 13);
+      Aga1 ^= Da1;
+      BCe1 = ROL32(Aga1, 18);
+      Ake1 ^= De1;
+      BCi1 = ROL32(Ake1, 5);
+      Ami0 ^= Di0;
+      BCo1 = ROL32(Ami0, 7);
+      Aso1 ^= Do1;
+      BCu1 = ROL32(Aso1, 28);
+      Ema1 = BCa1 ^ ANDN32(BCe1, BCi1);
+      Eme1 = BCe1 ^ ANDN32(BCi1, BCo1);
+      Emi1 = BCi1 ^ ANDN32(BCo1, BCu1);
+      Emo1 = BCo1 ^ ANDN32(BCu1, BCa1);
+      Emu1 = BCu1 ^ ANDN32(BCa1, BCe1);
+
+      Abi0 ^= Di0;
+      BCa0 = ROL32(Abi0, 31);
+      Ago1 ^= Do1;
+      BCe0 = ROL32(Ago1, 28);
+      Aku1 ^= Du1;
+      BCi0 = ROL32(Aku1, 20);
+      Ama1 ^= Da1;
+      BCo0 = ROL32(Ama1, 21);
+      Ase0 ^= De0;
+      BCu0 = ROL32(Ase0, 1);
+      Esa0 = BCa0 ^ ANDN32(BCe0, BCi0);
+      Ese0 = BCe0 ^ ANDN32(BCi0, BCo0);
+      Esi0 = BCi0 ^ ANDN32(BCo0, BCu0);
+      Eso0 = BCo0 ^ ANDN32(BCu0, BCa0);
+      Esu0 = BCu0 ^ ANDN32(BCa0, BCe0);
+
+      Abi1 ^= Di1;
+      BCa1 = ROL32(Abi1, 31);
+      Ago0 ^= Do0;
+      BCe1 = ROL32(Ago0, 27);
+      Aku0 ^= Du0;
+      BCi1 = ROL32(Aku0, 19);
+      Ama0 ^= Da0;
+      BCo1 = ROL32(Ama0, 20);
+      Ase1 ^= De1;
+      BCu1 = ROL32(Ase1, 1);
+      Esa1 = BCa1 ^ ANDN32(BCe1, BCi1);
+      Ese1 = BCe1 ^ ANDN32(BCi1, BCo1);
+      Esi1 = BCi1 ^ ANDN32(BCo1, BCu1);
+      Eso1 = BCo1 ^ ANDN32(BCu1, BCa1);
+      Esu1 = BCu1 ^ ANDN32(BCa1, BCe1);
+
+      /* prepareTheta */
+      BCa0 = Eba0 ^ Ega0 ^ Eka0 ^ Ema0 ^ Esa0;
+      BCa1 = Eba1 ^ Ega1 ^ Eka1 ^ Ema1 ^ Esa1;
+      BCe0 = Ebe0 ^ Ege0 ^ Eke0 ^ Eme0 ^ Ese0;
+      BCe1 = Ebe1 ^ Ege1 ^ Eke1 ^ Eme1 ^ Ese1;
+      BCi0 = Ebi0 ^ Egi0 ^ Eki0 ^ Emi0 ^ Esi0;
+      BCi1 = Ebi1 ^ Egi1 ^ Eki1 ^ Emi1 ^ Esi1;
+      BCo0 = Ebo0 ^ Ego0 ^ Eko0 ^ Emo0 ^ Eso0;
+      BCo1 = Ebo1 ^ Ego1 ^ Eko1 ^ Emo1 ^ Eso1;
+      BCu0 = Ebu0 ^ Egu0 ^ Eku0 ^ Emu0 ^ Esu0;
+      BCu1 = Ebu1 ^ Egu1 ^ Eku1 ^ Emu1 ^ Esu1;
+
+      /* thetaRhoPiChiIota(round+1, E, A) */
+      Da0 = BCu0 ^ ROL32(BCe1, 1);
+      Da1 = BCu1 ^ BCe0;
+      De0 = BCa0 ^ ROL32(BCi1, 1);
+      De1 = BCa1 ^ BCi0;
+      Di0 = BCe0 ^ ROL32(BCo1, 1);
+      Di1 = BCe1 ^ BCo0;
+      Do0 = BCi0 ^ ROL32(BCu1, 1);
+      Do1 = BCi1 ^ BCu0;
+      Du0 = BCo0 ^ ROL32(BCa1, 1);
+      Du1 = BCo1 ^ BCa0;
+
+      Eba0 ^= Da0;
+      BCa0 = Eba0;
+      Ege0 ^= De0;
+      BCe0 = ROL32(Ege0, 22);
+      Eki1 ^= Di1;
+      BCi0 = ROL32(Eki1, 22);
+      Emo1 ^= Do1;
+      BCo0 = ROL32(Emo1, 11);
+      Esu0 ^= Du0;
+      BCu0 = ROL32(Esu0, 7);
+      Aba0 = BCa0 ^ ANDN32(BCe0, BCi0);
+      Aba0 ^= round_consts[round * 2 + 2];
+      Abe0 = BCe0 ^ ANDN32(BCi0, BCo0);
+      Abi0 = BCi0 ^ ANDN32(BCo0, BCu0);
+      Abo0 = BCo0 ^ ANDN32(BCu0, BCa0);
+      Abu0 = BCu0 ^ ANDN32(BCa0, BCe0);
+
+      Eba1 ^= Da1;
+      BCa1 = Eba1;
+      Ege1 ^= De1;
+      BCe1 = ROL32(Ege1, 22);
+      Eki0 ^= Di0;
+      BCi1 = ROL32(Eki0, 21);
+      Emo0 ^= Do0;
+      BCo1 = ROL32(Emo0, 10);
+      Esu1 ^= Du1;
+      BCu1 = ROL32(Esu1, 7);
+      Aba1 = BCa1 ^ ANDN32(BCe1, BCi1);
+      Aba1 ^= round_consts[round * 2 + 3];
+      Abe1 = BCe1 ^ ANDN32(BCi1, BCo1);
+      Abi1 = BCi1 ^ ANDN32(BCo1, BCu1);
+      Abo1 = BCo1 ^ ANDN32(BCu1, BCa1);
+      Abu1 = BCu1 ^ ANDN32(BCa1, BCe1);
+
+      Ebo0 ^= Do0;
+      BCa0 = ROL32(Ebo0, 14);
+      Egu0 ^= Du0;
+      BCe0 = ROL32(Egu0, 10);
+      Eka1 ^= Da1;
+      BCi0 = ROL32(Eka1, 2);
+      Eme1 ^= De1;
+      BCo0 = ROL32(Eme1, 23);
+      Esi1 ^= Di1;
+      BCu0 = ROL32(Esi1, 31);
+      Aga0 = BCa0 ^ ANDN32(BCe0, BCi0);
+      Age0 = BCe0 ^ ANDN32(BCi0, BCo0);
+      Agi0 = BCi0 ^ ANDN32(BCo0, BCu0);
+      Ago0 = BCo0 ^ ANDN32(BCu0, BCa0);
+      Agu0 = BCu0 ^ ANDN32(BCa0, BCe0);
+
+      Ebo1 ^= Do1;
+      BCa1 = ROL32(Ebo1, 14);
+      Egu1 ^= Du1;
+      BCe1 = ROL32(Egu1, 10);
+      Eka0 ^= Da0;
+      BCi1 = ROL32(Eka0, 1);
+      Eme0 ^= De0;
+      BCo1 = ROL32(Eme0, 22);
+      Esi0 ^= Di0;
+      BCu1 = ROL32(Esi0, 30);
+      Aga1 = BCa1 ^ ANDN32(BCe1, BCi1);
+      Age1 = BCe1 ^ ANDN32(BCi1, BCo1);
+      Agi1 = BCi1 ^ ANDN32(BCo1, BCu1);
+      Ago1 = BCo1 ^ ANDN32(BCu1, BCa1);
+      Agu1 = BCu1 ^ ANDN32(BCa1, BCe1);
+
+      Ebe1 ^= De1;
+      BCa0 = ROL32(Ebe1, 1);
+      Egi0 ^= Di0;
+      BCe0 = ROL32(Egi0, 3);
+      Eko1 ^= Do1;
+      BCi0 = ROL32(Eko1, 13);
+      Emu0 ^= Du0;
+      BCo0 = ROL32(Emu0, 4);
+      Esa0 ^= Da0;
+      BCu0 = ROL32(Esa0, 9);
+      Aka0 = BCa0 ^ ANDN32(BCe0, BCi0);
+      Ake0 = BCe0 ^ ANDN32(BCi0, BCo0);
+      Aki0 = BCi0 ^ ANDN32(BCo0, BCu0);
+      Ako0 = BCo0 ^ ANDN32(BCu0, BCa0);
+      Aku0 = BCu0 ^ ANDN32(BCa0, BCe0);
+
+      Ebe0 ^= De0;
+      BCa1 = Ebe0;
+      Egi1 ^= Di1;
+      BCe1 = ROL32(Egi1, 3);
+      Eko0 ^= Do0;
+      BCi1 = ROL32(Eko0, 12);
+      Emu1 ^= Du1;
+      BCo1 = ROL32(Emu1, 4);
+      Esa1 ^= Da1;
+      BCu1 = ROL32(Esa1, 9);
+      Aka1 = BCa1 ^ ANDN32(BCe1, BCi1);
+      Ake1 = BCe1 ^ ANDN32(BCi1, BCo1);
+      Aki1 = BCi1 ^ ANDN32(BCo1, BCu1);
+      Ako1 = BCo1 ^ ANDN32(BCu1, BCa1);
+      Aku1 = BCu1 ^ ANDN32(BCa1, BCe1);
+
+      Ebu1 ^= Du1;
+      BCa0 = ROL32(Ebu1, 14);
+      Ega0 ^= Da0;
+      BCe0 = ROL32(Ega0, 18);
+      Eke0 ^= De0;
+      BCi0 = ROL32(Eke0, 5);
+      Emi1 ^= Di1;
+      BCo0 = ROL32(Emi1, 8);
+      Eso0 ^= Do0;
+      BCu0 = ROL32(Eso0, 28);
+      Ama0 = BCa0 ^ ANDN32(BCe0, BCi0);
+      Ame0 = BCe0 ^ ANDN32(BCi0, BCo0);
+      Ami0 = BCi0 ^ ANDN32(BCo0, BCu0);
+      Amo0 = BCo0 ^ ANDN32(BCu0, BCa0);
+      Amu0 = BCu0 ^ ANDN32(BCa0, BCe0);
+
+      Ebu0 ^= Du0;
+      BCa1 = ROL32(Ebu0, 13);
+      Ega1 ^= Da1;
+      BCe1 = ROL32(Ega1, 18);
+      Eke1 ^= De1;
+      BCi1 = ROL32(Eke1, 5);
+      Emi0 ^= Di0;
+      BCo1 = ROL32(Emi0, 7);
+      Eso1 ^= Do1;
+      BCu1 = ROL32(Eso1, 28);
+      Ama1 = BCa1 ^ ANDN32(BCe1, BCi1);
+      Ame1 = BCe1 ^ ANDN32(BCi1, BCo1);
+      Ami1 = BCi1 ^ ANDN32(BCo1, BCu1);
+      Amo1 = BCo1 ^ ANDN32(BCu1, BCa1);
+      Amu1 = BCu1 ^ ANDN32(BCa1, BCe1);
+
+      Ebi0 ^= Di0;
+      BCa0 = ROL32(Ebi0, 31);
+      Ego1 ^= Do1;
+      BCe0 = ROL32(Ego1, 28);
+      Eku1 ^= Du1;
+      BCi0 = ROL32(Eku1, 20);
+      Ema1 ^= Da1;
+      BCo0 = ROL32(Ema1, 21);
+      Ese0 ^= De0;
+      BCu0 = ROL32(Ese0, 1);
+      Asa0 = BCa0 ^ ANDN32(BCe0, BCi0);
+      Ase0 = BCe0 ^ ANDN32(BCi0, BCo0);
+      Asi0 = BCi0 ^ ANDN32(BCo0, BCu0);
+      Aso0 = BCo0 ^ ANDN32(BCu0, BCa0);
+      Asu0 = BCu0 ^ ANDN32(BCa0, BCe0);
+
+      Ebi1 ^= Di1;
+      BCa1 = ROL32(Ebi1, 31);
+      Ego0 ^= Do0;
+      BCe1 = ROL32(Ego0, 27);
+      Eku0 ^= Du0;
+      BCi1 = ROL32(Eku0, 19);
+      Ema0 ^= Da0;
+      BCo1 = ROL32(Ema0, 20);
+      Ese1 ^= De1;
+      BCu1 = ROL32(Ese1, 1);
+      Asa1 = BCa1 ^ ANDN32(BCe1, BCi1);
+      Ase1 = BCe1 ^ ANDN32(BCi1, BCo1);
+      Asi1 = BCi1 ^ ANDN32(BCo1, BCu1);
+      Aso1 = BCo1 ^ ANDN32(BCu1, BCa1);
+      Asu1 = BCu1 ^ ANDN32(BCa1, BCe1);
+    }
+
+  state[0] = Aba0;
+  state[1] = Aba1;
+  state[2] = Abe0;
+  state[3] = Abe1;
+  state[4] = Abi0;
+  state[5] = Abi1;
+  state[6] = Abo0;
+  state[7] = Abo1;
+  state[8] = Abu0;
+  state[9] = Abu1;
+  state[10] = Aga0;
+  state[11] = Aga1;
+  state[12] = Age0;
+  state[13] = Age1;
+  state[14] = Agi0;
+  state[15] = Agi1;
+  state[16] = Ago0;
+  state[17] = Ago1;
+  state[18] = Agu0;
+  state[19] = Agu1;
+  state[20] = Aka0;
+  state[21] = Aka1;
+  state[22] = Ake0;
+  state[23] = Ake1;
+  state[24] = Aki0;
+  state[25] = Aki1;
+  state[26] = Ako0;
+  state[27] = Ako1;
+  state[28] = Aku0;
+  state[29] = Aku1;
+  state[30] = Ama0;
+  state[31] = Ama1;
+  state[32] = Ame0;
+  state[33] = Ame1;
+  state[34] = Ami0;
+  state[35] = Ami1;
+  state[36] = Amo0;
+  state[37] = Amo1;
+  state[38] = Amu0;
+  state[39] = Amu1;
+  state[40] = Asa0;
+  state[41] = Asa1;
+  state[42] = Ase0;
+  state[43] = Ase1;
+  state[44] = Asi0;
+  state[45] = Asi1;
+  state[46] = Aso0;
+  state[47] = Aso1;
+  state[48] = Asu0;
+  state[49] = Asu1;
+
+  return sizeof(void *) * 4 + sizeof(u32) * 12 * 5 * 2;
+}
diff --git a/cipher/keccak_permute_64.h b/cipher/keccak_permute_64.h
new file mode 100644
index 0000000..1264f19
--- /dev/null
+++ b/cipher/keccak_permute_64.h
@@ -0,0 +1,290 @@
+/* keccak_permute_64.h - Keccak permute function (simple 64bit)
+ * Copyright (C) 2015 Jussi Kivilinna <jussi.kivilinna at iki.fi>
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* The code is based on public-domain/CC0 "keccakc1024/simple/Keccak-simple.c"
+ * implementation by Ronny Van Keer from SUPERCOP toolkit package.
+ */
+
+/* Function that computes the Keccak-f[1600] permutation on the given state. */
+static unsigned int
+KECCAK_F1600_PERMUTE_FUNC_NAME(KECCAK_STATE *hd)
+{
+  const u64 *round_consts = round_consts_64bit;
+  u64 Aba, Abe, Abi, Abo, Abu;
+  u64 Aga, Age, Agi, Ago, Agu;
+  u64 Aka, Ake, Aki, Ako, Aku;
+  u64 Ama, Ame, Ami, Amo, Amu;
+  u64 Asa, Ase, Asi, Aso, Asu;
+  u64 BCa, BCe, BCi, BCo, BCu;
+  u64 Da, De, Di, Do, Du;
+  u64 Eba, Ebe, Ebi, Ebo, Ebu;
+  u64 Ega, Ege, Egi, Ego, Egu;
+  u64 Eka, Eke, Eki, Eko, Eku;
+  u64 Ema, Eme, Emi, Emo, Emu;
+  u64 Esa, Ese, Esi, Eso, Esu;
+  u64 *state = hd->u.state64;
+  unsigned int round;
+
+  Aba = state[0];
+  Abe = state[1];
+  Abi = state[2];
+  Abo = state[3];
+  Abu = state[4];
+  Aga = state[5];
+  Age = state[6];
+  Agi = state[7];
+  Ago = state[8];
+  Agu = state[9];
+  Aka = state[10];
+  Ake = state[11];
+  Aki = state[12];
+  Ako = state[13];
+  Aku = state[14];
+  Ama = state[15];
+  Ame = state[16];
+  Ami = state[17];
+  Amo = state[18];
+  Amu = state[19];
+  Asa = state[20];
+  Ase = state[21];
+  Asi = state[22];
+  Aso = state[23];
+  Asu = state[24];
+
+  for (round = 0; round < 24; round += 2)
+    {
+      /* prepareTheta */
+      BCa = Aba ^ Aga ^ Aka ^ Ama ^ Asa;
+      BCe = Abe ^ Age ^ Ake ^ Ame ^ Ase;
+      BCi = Abi ^ Agi ^ Aki ^ Ami ^ Asi;
+      BCo = Abo ^ Ago ^ Ako ^ Amo ^ Aso;
+      BCu = Abu ^ Agu ^ Aku ^ Amu ^ Asu;
+
+      /* thetaRhoPiChiIotaPrepareTheta(round  , A, E) */
+      Da = BCu ^ ROL64(BCe, 1);
+      De = BCa ^ ROL64(BCi, 1);
+      Di = BCe ^ ROL64(BCo, 1);
+      Do = BCi ^ ROL64(BCu, 1);
+      Du = BCo ^ ROL64(BCa, 1);
+
+      Aba ^= Da;
+      BCa = Aba;
+      Age ^= De;
+      BCe = ROL64(Age, 44);
+      Aki ^= Di;
+      BCi = ROL64(Aki, 43);
+      Amo ^= Do;
+      BCo = ROL64(Amo, 21);
+      Asu ^= Du;
+      BCu = ROL64(Asu, 14);
+      Eba = BCa ^ ANDN64(BCe, BCi);
+      Eba ^= (u64)round_consts[round];
+      Ebe = BCe ^ ANDN64(BCi, BCo);
+      Ebi = BCi ^ ANDN64(BCo, BCu);
+      Ebo = BCo ^ ANDN64(BCu, BCa);
+      Ebu = BCu ^ ANDN64(BCa, BCe);
+
+      Abo ^= Do;
+      BCa = ROL64(Abo, 28);
+      Agu ^= Du;
+      BCe = ROL64(Agu, 20);
+      Aka ^= Da;
+      BCi = ROL64(Aka, 3);
+      Ame ^= De;
+      BCo = ROL64(Ame, 45);
+      Asi ^= Di;
+      BCu = ROL64(Asi, 61);
+      Ega = BCa ^ ANDN64(BCe, BCi);
+      Ege = BCe ^ ANDN64(BCi, BCo);
+      Egi = BCi ^ ANDN64(BCo, BCu);
+      Ego = BCo ^ ANDN64(BCu, BCa);
+      Egu = BCu ^ ANDN64(BCa, BCe);
+
+      Abe ^= De;
+      BCa = ROL64(Abe, 1);
+      Agi ^= Di;
+      BCe = ROL64(Agi, 6);
+      Ako ^= Do;
+      BCi = ROL64(Ako, 25);
+      Amu ^= Du;
+      BCo = ROL64(Amu, 8);
+      Asa ^= Da;
+      BCu = ROL64(Asa, 18);
+      Eka = BCa ^ ANDN64(BCe, BCi);
+      Eke = BCe ^ ANDN64(BCi, BCo);
+      Eki = BCi ^ ANDN64(BCo, BCu);
+      Eko = BCo ^ ANDN64(BCu, BCa);
+      Eku = BCu ^ ANDN64(BCa, BCe);
+
+      Abu ^= Du;
+      BCa = ROL64(Abu, 27);
+      Aga ^= Da;
+      BCe = ROL64(Aga, 36);
+      Ake ^= De;
+      BCi = ROL64(Ake, 10);
+      Ami ^= Di;
+      BCo = ROL64(Ami, 15);
+      Aso ^= Do;
+      BCu = ROL64(Aso, 56);
+      Ema = BCa ^ ANDN64(BCe, BCi);
+      Eme = BCe ^ ANDN64(BCi, BCo);
+      Emi = BCi ^ ANDN64(BCo, BCu);
+      Emo = BCo ^ ANDN64(BCu, BCa);
+      Emu = BCu ^ ANDN64(BCa, BCe);
+
+      Abi ^= Di;
+      BCa = ROL64(Abi, 62);
+      Ago ^= Do;
+      BCe = ROL64(Ago, 55);
+      Aku ^= Du;
+      BCi = ROL64(Aku, 39);
+      Ama ^= Da;
+      BCo = ROL64(Ama, 41);
+      Ase ^= De;
+      BCu = ROL64(Ase, 2);
+      Esa = BCa ^ ANDN64(BCe, BCi);
+      Ese = BCe ^ ANDN64(BCi, BCo);
+      Esi = BCi ^ ANDN64(BCo, BCu);
+      Eso = BCo ^ ANDN64(BCu, BCa);
+      Esu = BCu ^ ANDN64(BCa, BCe);
+
+      /* prepareTheta */
+      BCa = Eba ^ Ega ^ Eka ^ Ema ^ Esa;
+      BCe = Ebe ^ Ege ^ Eke ^ Eme ^ Ese;
+      BCi = Ebi ^ Egi ^ Eki ^ Emi ^ Esi;
+      BCo = Ebo ^ Ego ^ Eko ^ Emo ^ Eso;
+      BCu = Ebu ^ Egu ^ Eku ^ Emu ^ Esu;
+
+      /* thetaRhoPiChiIotaPrepareTheta(round+1, E, A) */
+      Da = BCu ^ ROL64(BCe, 1);
+      De = BCa ^ ROL64(BCi, 1);
+      Di = BCe ^ ROL64(BCo, 1);
+      Do = BCi ^ ROL64(BCu, 1);
+      Du = BCo ^ ROL64(BCa, 1);
+
+      Eba ^= Da;
+      BCa = Eba;
+      Ege ^= De;
+      BCe = ROL64(Ege, 44);
+      Eki ^= Di;
+      BCi = ROL64(Eki, 43);
+      Emo ^= Do;
+      BCo = ROL64(Emo, 21);
+      Esu ^= Du;
+      BCu = ROL64(Esu, 14);
+      Aba = BCa ^ ANDN64(BCe, BCi);
+      Aba ^= (u64)round_consts[round + 1];
+      Abe = BCe ^ ANDN64(BCi, BCo);
+      Abi = BCi ^ ANDN64(BCo, BCu);
+      Abo = BCo ^ ANDN64(BCu, BCa);
+      Abu = BCu ^ ANDN64(BCa, BCe);
+
+      Ebo ^= Do;
+      BCa = ROL64(Ebo, 28);
+      Egu ^= Du;
+      BCe = ROL64(Egu, 20);
+      Eka ^= Da;
+      BCi = ROL64(Eka, 3);
+      Eme ^= De;
+      BCo = ROL64(Eme, 45);
+      Esi ^= Di;
+      BCu = ROL64(Esi, 61);
+      Aga = BCa ^ ANDN64(BCe, BCi);
+      Age = BCe ^ ANDN64(BCi, BCo);
+      Agi = BCi ^ ANDN64(BCo, BCu);
+      Ago = BCo ^ ANDN64(BCu, BCa);
+      Agu = BCu ^ ANDN64(BCa, BCe);
+
+      Ebe ^= De;
+      BCa = ROL64(Ebe, 1);
+      Egi ^= Di;
+      BCe = ROL64(Egi, 6);
+      Eko ^= Do;
+      BCi = ROL64(Eko, 25);
+      Emu ^= Du;
+      BCo = ROL64(Emu, 8);
+      Esa ^= Da;
+      BCu = ROL64(Esa, 18);
+      Aka = BCa ^ ANDN64(BCe, BCi);
+      Ake = BCe ^ ANDN64(BCi, BCo);
+      Aki = BCi ^ ANDN64(BCo, BCu);
+      Ako = BCo ^ ANDN64(BCu, BCa);
+      Aku = BCu ^ ANDN64(BCa, BCe);
+
+      Ebu ^= Du;
+      BCa = ROL64(Ebu, 27);
+      Ega ^= Da;
+      BCe = ROL64(Ega, 36);
+      Eke ^= De;
+      BCi = ROL64(Eke, 10);
+      Emi ^= Di;
+      BCo = ROL64(Emi, 15);
+      Eso ^= Do;
+      BCu = ROL64(Eso, 56);
+      Ama = BCa ^ ANDN64(BCe, BCi);
+      Ame = BCe ^ ANDN64(BCi, BCo);
+      Ami = BCi ^ ANDN64(BCo, BCu);
+      Amo = BCo ^ ANDN64(BCu, BCa);
+      Amu = BCu ^ ANDN64(BCa, BCe);
+
+      Ebi ^= Di;
+      BCa = ROL64(Ebi, 62);
+      Ego ^= Do;
+      BCe = ROL64(Ego, 55);
+      Eku ^= Du;
+      BCi = ROL64(Eku, 39);
+      Ema ^= Da;
+      BCo = ROL64(Ema, 41);
+      Ese ^= De;
+      BCu = ROL64(Ese, 2);
+      Asa = BCa ^ ANDN64(BCe, BCi);
+      Ase = BCe ^ ANDN64(BCi, BCo);
+      Asi = BCi ^ ANDN64(BCo, BCu);
+      Aso = BCo ^ ANDN64(BCu, BCa);
+      Asu = BCu ^ ANDN64(BCa, BCe);
+    }
+
+  state[0] = Aba;
+  state[1] = Abe;
+  state[2] = Abi;
+  state[3] = Abo;
+  state[4] = Abu;
+  state[5] = Aga;
+  state[6] = Age;
+  state[7] = Agi;
+  state[8] = Ago;
+  state[9] = Agu;
+  state[10] = Aka;
+  state[11] = Ake;
+  state[12] = Aki;
+  state[13] = Ako;
+  state[14] = Aku;
+  state[15] = Ama;
+  state[16] = Ame;
+  state[17] = Ami;
+  state[18] = Amo;
+  state[19] = Amu;
+  state[20] = Asa;
+  state[21] = Ase;
+  state[22] = Asi;
+  state[23] = Aso;
+  state[24] = Asu;
+
+  return sizeof(void *) * 4 + sizeof(u64) * 12 * 5;
+}

commit 909644ef5883927262366c356eed530e55aba478
Author: Jussi Kivilinna <jussi.kivilinna at iki.fi>
Date:   Fri Oct 23 22:39:47 2015 +0300

    hwf-x86: add detection for Intel CPUs with fast SHLD instruction
    
    * cipher/sha1.c (sha1_init): Use HWF_INTEL_FAST_SHLD instead of
    HWF_INTEL_CPU.
    * cipher/sha256.c (sha256_init, sha224_init): Ditto.
    * cipher/sha512.c (sha512_init, sha384_init): Ditto.
    * src/g10lib.h (HWF_INTEL_FAST_SHLD): New.
    (HWF_INTEL_BMI2, HWF_INTEL_SSSE3, HWF_INTEL_PCLMUL, HWF_INTEL_AESNI)
    (HWF_INTEL_RDRAND, HWF_INTEL_AVX, HWF_INTEL_AVX2)
    (HWF_ARM_NEON): Update.
    * src/hwf-x86.c (detect_x86_gnuc): Add detection of Intel Core
    CPUs with fast SHLD/SHRD instruction.
    * src/hwfeatures.c (hwflist): Add "intel-fast-shld".
    --
    
    Intel Core CPUs since codename sandy-bridge have been able to
    execute SHLD/SHRD instructions faster than rotate instructions
    ROL/ROR. Since SHLD/SHRD can be used to do rotation, some
    optimized implementations (SHA1/SHA256/SHA512) use SHLD/SHRD
    instructions in-place of ROL/ROR.
    
    This patch provides more accurate detection of CPUs with
    fast SHLD implementation.
    
    Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>

diff --git a/cipher/sha1.c b/cipher/sha1.c
index eb42883..554d55c 100644
--- a/cipher/sha1.c
+++ b/cipher/sha1.c
@@ -136,7 +136,7 @@ sha1_init (void *context, unsigned int flags)
 #ifdef USE_AVX
   /* AVX implementation uses SHLD which is known to be slow on non-Intel CPUs.
    * Therefore use this implementation on Intel CPUs only. */
-  hd->use_avx = (features & HWF_INTEL_AVX) && (features & HWF_INTEL_CPU);
+  hd->use_avx = (features & HWF_INTEL_AVX) && (features & HWF_INTEL_FAST_SHLD);
 #endif
 #ifdef USE_BMI2
   hd->use_bmi2 = (features & HWF_INTEL_AVX) && (features & HWF_INTEL_BMI2);
diff --git a/cipher/sha256.c b/cipher/sha256.c
index 59ffa43..63869d5 100644
--- a/cipher/sha256.c
+++ b/cipher/sha256.c
@@ -124,7 +124,7 @@ sha256_init (void *context, unsigned int flags)
 #ifdef USE_AVX
   /* AVX implementation uses SHLD which is known to be slow on non-Intel CPUs.
    * Therefore use this implementation on Intel CPUs only. */
-  hd->use_avx = (features & HWF_INTEL_AVX) && (features & HWF_INTEL_CPU);
+  hd->use_avx = (features & HWF_INTEL_AVX) && (features & HWF_INTEL_FAST_SHLD);
 #endif
 #ifdef USE_AVX2
   hd->use_avx2 = (features & HWF_INTEL_AVX2) && (features & HWF_INTEL_BMI2);
@@ -162,7 +162,7 @@ sha224_init (void *context, unsigned int flags)
 #ifdef USE_AVX
   /* AVX implementation uses SHLD which is known to be slow on non-Intel CPUs.
    * Therefore use this implementation on Intel CPUs only. */
-  hd->use_avx = (features & HWF_INTEL_AVX) && (features & HWF_INTEL_CPU);
+  hd->use_avx = (features & HWF_INTEL_AVX) && (features & HWF_INTEL_FAST_SHLD);
 #endif
 #ifdef USE_AVX2
   hd->use_avx2 = (features & HWF_INTEL_AVX2) && (features & HWF_INTEL_BMI2);
diff --git a/cipher/sha512.c b/cipher/sha512.c
index 029f8f0..4be1cab 100644
--- a/cipher/sha512.c
+++ b/cipher/sha512.c
@@ -154,7 +154,7 @@ sha512_init (void *context, unsigned int flags)
   ctx->use_ssse3 = (features & HWF_INTEL_SSSE3) != 0;
 #endif
 #ifdef USE_AVX
-  ctx->use_avx = (features & HWF_INTEL_AVX) && (features & HWF_INTEL_CPU);
+  ctx->use_avx = (features & HWF_INTEL_AVX) && (features & HWF_INTEL_FAST_SHLD);
 #endif
 #ifdef USE_AVX2
   ctx->use_avx2 = (features & HWF_INTEL_AVX2) && (features & HWF_INTEL_BMI2);
@@ -194,7 +194,7 @@ sha384_init (void *context, unsigned int flags)
   ctx->use_ssse3 = (features & HWF_INTEL_SSSE3) != 0;
 #endif
 #ifdef USE_AVX
-  ctx->use_avx = (features & HWF_INTEL_AVX) && (features & HWF_INTEL_CPU);
+  ctx->use_avx = (features & HWF_INTEL_AVX) && (features & HWF_INTEL_FAST_SHLD);
 #endif
 #ifdef USE_AVX2
   ctx->use_avx2 = (features & HWF_INTEL_AVX2) && (features & HWF_INTEL_BMI2);
diff --git a/src/g10lib.h b/src/g10lib.h
index d1f9426..a579e94 100644
--- a/src/g10lib.h
+++ b/src/g10lib.h
@@ -197,16 +197,17 @@ int _gcry_log_verbosity( int level );
 #define HWF_PADLOCK_SHA  4
 #define HWF_PADLOCK_MMUL 8
 
-#define HWF_INTEL_CPU    16
-#define HWF_INTEL_BMI2   32
-#define HWF_INTEL_SSSE3  64
-#define HWF_INTEL_PCLMUL 128
-#define HWF_INTEL_AESNI  256
-#define HWF_INTEL_RDRAND 512
-#define HWF_INTEL_AVX    1024
-#define HWF_INTEL_AVX2   2048
-
-#define HWF_ARM_NEON     4096
+#define HWF_INTEL_CPU       16
+#define HWF_INTEL_FAST_SHLD 32
+#define HWF_INTEL_BMI2      64
+#define HWF_INTEL_SSSE3     128
+#define HWF_INTEL_PCLMUL    256
+#define HWF_INTEL_AESNI     512
+#define HWF_INTEL_RDRAND    1024
+#define HWF_INTEL_AVX       2048
+#define HWF_INTEL_AVX2      4096
+
+#define HWF_ARM_NEON        8192
 
 
 gpg_err_code_t _gcry_disable_hw_feature (const char *name);
diff --git a/src/hwf-x86.c b/src/hwf-x86.c
index 399952c..fbd6331 100644
--- a/src/hwf-x86.c
+++ b/src/hwf-x86.c
@@ -174,6 +174,7 @@ detect_x86_gnuc (void)
   unsigned int features;
   unsigned int os_supports_avx_avx2_registers = 0;
   unsigned int max_cpuid_level;
+  unsigned int fms, family, model;
   unsigned int result = 0;
 
   (void)os_supports_avx_avx2_registers;
@@ -236,8 +237,37 @@ detect_x86_gnuc (void)
   /* Detect Intel features, that might also be supported by other
      vendors.  */
 
-  /* Get CPU info and Intel feature flags (ECX).  */
-  get_cpuid(1, NULL, NULL, &features, NULL);
+  /* Get CPU family/model/stepping (EAX) and Intel feature flags (ECX).  */
+  get_cpuid(1, &fms, NULL, &features, NULL);
+
+  family = ((fms & 0xf00) >> 8) + ((fms & 0xff00000) >> 20);
+  model = ((fms & 0xf0) >> 4) + ((fms & 0xf0000) >> 12);
+
+  if ((result & HWF_INTEL_CPU) && family == 6)
+    {
+      /* These Intel Core processor models have SHLD/SHRD instruction that
+       * can do integer rotation faster actual ROL/ROR instructions. */
+      switch (model)
+	{
+	case 0x2A:
+	case 0x2D:
+	case 0x3A:
+	case 0x3C:
+	case 0x3F:
+	case 0x45:
+	case 0x46:
+	case 0x3D:
+	case 0x4F:
+	case 0x56:
+	case 0x47:
+	case 0x4E:
+	case 0x5E:
+	case 0x55:
+	case 0x66:
+	  result |= HWF_INTEL_FAST_SHLD;
+	  break;
+	}
+    }
 
 #ifdef ENABLE_PCLMUL_SUPPORT
   /* Test bit 1 for PCLMUL.  */
diff --git a/src/hwfeatures.c b/src/hwfeatures.c
index 58099c4..e7c55cc 100644
--- a/src/hwfeatures.c
+++ b/src/hwfeatures.c
@@ -42,19 +42,20 @@ static struct
   const char *desc;
 } hwflist[] =
   {
-    { HWF_PADLOCK_RNG, "padlock-rng" },
-    { HWF_PADLOCK_AES, "padlock-aes" },
-    { HWF_PADLOCK_SHA, "padlock-sha" },
-    { HWF_PADLOCK_MMUL,"padlock-mmul"},
-    { HWF_INTEL_CPU,   "intel-cpu" },
-    { HWF_INTEL_BMI2,  "intel-bmi2" },
-    { HWF_INTEL_SSSE3, "intel-ssse3" },
-    { HWF_INTEL_PCLMUL,"intel-pclmul" },
-    { HWF_INTEL_AESNI, "intel-aesni" },
-    { HWF_INTEL_RDRAND,"intel-rdrand" },
-    { HWF_INTEL_AVX,   "intel-avx" },
-    { HWF_INTEL_AVX2,  "intel-avx2" },
-    { HWF_ARM_NEON,    "arm-neon" }
+    { HWF_PADLOCK_RNG,     "padlock-rng" },
+    { HWF_PADLOCK_AES,     "padlock-aes" },
+    { HWF_PADLOCK_SHA,     "padlock-sha" },
+    { HWF_PADLOCK_MMUL,    "padlock-mmul"},
+    { HWF_INTEL_CPU,       "intel-cpu" },
+    { HWF_INTEL_FAST_SHLD, "intel-fast-shld" },
+    { HWF_INTEL_BMI2,      "intel-bmi2" },
+    { HWF_INTEL_SSSE3,     "intel-ssse3" },
+    { HWF_INTEL_PCLMUL,    "intel-pclmul" },
+    { HWF_INTEL_AESNI,     "intel-aesni" },
+    { HWF_INTEL_RDRAND,    "intel-rdrand" },
+    { HWF_INTEL_AVX,       "intel-avx" },
+    { HWF_INTEL_AVX2,      "intel-avx2" },
+    { HWF_ARM_NEON,        "arm-neon" }
   };
 
 /* A bit vector with the hardware features which shall not be used.

commit 16fd540f4d01eb6dc23d9509ae549353617c7a67
Author: Jussi Kivilinna <jussi.kivilinna at iki.fi>
Date:   Sat Oct 24 12:41:23 2015 +0300

    Fix OCB amd64 assembly implementations for x32
    
    * cipher/camellia-glue.c (_gcry_camellia_aesni_avx_ocb_enc)
    (_gcry_camellia_aesni_avx_ocb_dec, _gcry_camellia_aesni_avx_ocb_auth)
    (_gcry_camellia_aesni_avx2_ocb_enc, _gcry_camellia_aesni_avx2_ocb_dec)
    (_gcry_camellia_aesni_avx2_ocb_auth, _gcry_camellia_ocb_crypt)
    (_gcry_camellia_ocb_auth): Change 'Ls' from pointer array to u64 array.
    * cipher/serpent.c (_gcry_serpent_sse2_ocb_enc)
    (_gcry_serpent_sse2_ocb_dec, _gcry_serpent_sse2_ocb_auth)
    (_gcry_serpent_avx2_ocb_enc, _gcry_serpent_avx2_ocb_dec)
    (_gcry_serpent_ocb_crypt, _gcry_serpent_ocb_auth): Ditto.
    * cipher/twofish.c (_gcry_twofish_amd64_ocb_enc)
    (_gcry_twofish_amd64_ocb_dec, _gcry_twofish_amd64_ocb_auth)
    (twofish_amd64_ocb_enc, twofish_amd64_ocb_dec, twofish_amd64_ocb_auth)
    (_gcry_twofish_ocb_crypt, _gcry_twofish_ocb_auth): Ditto.
    --
    
    Pointers on x32 are 32-bit, but amd64 assembly implementations
    expect 64-bit pointers. Pass 'Ls' array to 64-bit integers so
    that input arrays has correct format for assembly functions.
    
    Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>

diff --git a/cipher/camellia-glue.c b/cipher/camellia-glue.c
index dee0169..dfddb4a 100644
--- a/cipher/camellia-glue.c
+++ b/cipher/camellia-glue.c
@@ -141,20 +141,20 @@ extern void _gcry_camellia_aesni_avx_ocb_enc(CAMELLIA_context *ctx,
 					     const unsigned char *in,
 					     unsigned char *offset,
 					     unsigned char *checksum,
-					     const void *Ls[16]) ASM_FUNC_ABI;
+					     const u64 Ls[16]) ASM_FUNC_ABI;
 
 extern void _gcry_camellia_aesni_avx_ocb_dec(CAMELLIA_context *ctx,
 					     unsigned char *out,
 					     const unsigned char *in,
 					     unsigned char *offset,
 					     unsigned char *checksum,
-					     const void *Ls[16]) ASM_FUNC_ABI;
+					     const u64 Ls[16]) ASM_FUNC_ABI;
 
 extern void _gcry_camellia_aesni_avx_ocb_auth(CAMELLIA_context *ctx,
 					     const unsigned char *abuf,
 					     unsigned char *offset,
 					     unsigned char *checksum,
-					     const void *Ls[16]) ASM_FUNC_ABI;
+					     const u64 Ls[16]) ASM_FUNC_ABI;
 
 extern void _gcry_camellia_aesni_avx_keygen(CAMELLIA_context *ctx,
 					    const unsigned char *key,
@@ -185,20 +185,20 @@ extern void _gcry_camellia_aesni_avx2_ocb_enc(CAMELLIA_context *ctx,
 					      const unsigned char *in,
 					      unsigned char *offset,
 					      unsigned char *checksum,
-					      const void *Ls[32]) ASM_FUNC_ABI;
+					      const u64 Ls[32]) ASM_FUNC_ABI;
 
 extern void _gcry_camellia_aesni_avx2_ocb_dec(CAMELLIA_context *ctx,
 					      unsigned char *out,
 					      const unsigned char *in,
 					      unsigned char *offset,
 					      unsigned char *checksum,
-					      const void *Ls[32]) ASM_FUNC_ABI;
+					      const u64 Ls[32]) ASM_FUNC_ABI;
 
 extern void _gcry_camellia_aesni_avx2_ocb_auth(CAMELLIA_context *ctx,
 					       const unsigned char *abuf,
 					       unsigned char *offset,
 					       unsigned char *checksum,
-					       const void *Ls[32]) ASM_FUNC_ABI;
+					       const u64 Ls[32]) ASM_FUNC_ABI;
 #endif
 
 static const char *selftest(void);
@@ -630,27 +630,29 @@ _gcry_camellia_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg,
   if (ctx->use_aesni_avx2)
     {
       int did_use_aesni_avx2 = 0;
-      const void *Ls[32];
+      u64 Ls[32];
       unsigned int n = 32 - (blkn % 32);
-      const void **l;
+      u64 *l;
       int i;
 
       if (nblocks >= 32)
 	{
 	  for (i = 0; i < 32; i += 8)
 	    {
-	      Ls[(i + 0 + n) % 32] = c->u_mode.ocb.L[0];
-	      Ls[(i + 1 + n) % 32] = c->u_mode.ocb.L[1];
-	      Ls[(i + 2 + n) % 32] = c->u_mode.ocb.L[0];
-	      Ls[(i + 3 + n) % 32] = c->u_mode.ocb.L[2];
-	      Ls[(i + 4 + n) % 32] = c->u_mode.ocb.L[0];
-	      Ls[(i + 5 + n) % 32] = c->u_mode.ocb.L[1];
-	      Ls[(i + 6 + n) % 32] = c->u_mode.ocb.L[0];
+	      /* Use u64 to store pointers for x32 support (assembly function
+	       * assumes 64-bit pointers). */
+	      Ls[(i + 0 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
+	      Ls[(i + 1 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[1];
+	      Ls[(i + 2 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
+	      Ls[(i + 3 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[2];
+	      Ls[(i + 4 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
+	      Ls[(i + 5 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[1];
+	      Ls[(i + 6 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
 	    }
 
-	  Ls[(7 + n) % 32] = c->u_mode.ocb.L[3];
-	  Ls[(15 + n) % 32] = c->u_mode.ocb.L[4];
-	  Ls[(23 + n) % 32] = c->u_mode.ocb.L[3];
+	  Ls[(7 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[3];
+	  Ls[(15 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[4];
+	  Ls[(23 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[3];
 	  l = &Ls[(31 + n) % 32];
 
 	  /* Process data in 32 block chunks. */
@@ -658,7 +660,7 @@ _gcry_camellia_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg,
 	    {
 	      /* l_tmp will be used only every 65536-th block. */
 	      blkn += 32;
-	      *l = ocb_get_l(c, l_tmp, blkn - blkn % 32);
+	      *l = (uintptr_t)(void *)ocb_get_l(c, l_tmp, blkn - blkn % 32);
 
 	      if (encrypt)
 		_gcry_camellia_aesni_avx2_ocb_enc(ctx, outbuf, inbuf, c->u_iv.iv,
@@ -691,25 +693,27 @@ _gcry_camellia_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg,
   if (ctx->use_aesni_avx)
     {
       int did_use_aesni_avx = 0;
-      const void *Ls[16];
+      u64 Ls[16];
       unsigned int n = 16 - (blkn % 16);
-      const void **l;
+      u64 *l;
       int i;
 
       if (nblocks >= 16)
 	{
 	  for (i = 0; i < 16; i += 8)
 	    {
-	      Ls[(i + 0 + n) % 16] = c->u_mode.ocb.L[0];
-	      Ls[(i + 1 + n) % 16] = c->u_mode.ocb.L[1];
-	      Ls[(i + 2 + n) % 16] = c->u_mode.ocb.L[0];
-	      Ls[(i + 3 + n) % 16] = c->u_mode.ocb.L[2];
-	      Ls[(i + 4 + n) % 16] = c->u_mode.ocb.L[0];
-	      Ls[(i + 5 + n) % 16] = c->u_mode.ocb.L[1];
-	      Ls[(i + 6 + n) % 16] = c->u_mode.ocb.L[0];
+	      /* Use u64 to store pointers for x32 support (assembly function
+	       * assumes 64-bit pointers). */
+	      Ls[(i + 0 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
+	      Ls[(i + 1 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[1];
+	      Ls[(i + 2 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
+	      Ls[(i + 3 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[2];
+	      Ls[(i + 4 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
+	      Ls[(i + 5 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[1];
+	      Ls[(i + 6 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
 	    }
 
-	  Ls[(7 + n) % 16] = c->u_mode.ocb.L[3];
+	  Ls[(7 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[3];
 	  l = &Ls[(15 + n) % 16];
 
 	  /* Process data in 16 block chunks. */
@@ -717,7 +721,7 @@ _gcry_camellia_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg,
 	    {
 	      /* l_tmp will be used only every 65536-th block. */
 	      blkn += 16;
-	      *l = ocb_get_l(c, l_tmp, blkn - blkn % 16);
+	      *l = (uintptr_t)(void *)ocb_get_l(c, l_tmp, blkn - blkn % 16);
 
 	      if (encrypt)
 		_gcry_camellia_aesni_avx_ocb_enc(ctx, outbuf, inbuf, c->u_iv.iv,
@@ -780,27 +784,29 @@ _gcry_camellia_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg,
   if (ctx->use_aesni_avx2)
     {
       int did_use_aesni_avx2 = 0;
-      const void *Ls[32];
+      u64 Ls[32];
       unsigned int n = 32 - (blkn % 32);
-      const void **l;
+      u64 *l;
       int i;
 
       if (nblocks >= 32)
 	{
 	  for (i = 0; i < 32; i += 8)
 	    {
-	      Ls[(i + 0 + n) % 32] = c->u_mode.ocb.L[0];
-	      Ls[(i + 1 + n) % 32] = c->u_mode.ocb.L[1];
-	      Ls[(i + 2 + n) % 32] = c->u_mode.ocb.L[0];
-	      Ls[(i + 3 + n) % 32] = c->u_mode.ocb.L[2];
-	      Ls[(i + 4 + n) % 32] = c->u_mode.ocb.L[0];
-	      Ls[(i + 5 + n) % 32] = c->u_mode.ocb.L[1];
-	      Ls[(i + 6 + n) % 32] = c->u_mode.ocb.L[0];
+	      /* Use u64 to store pointers for x32 support (assembly function
+	       * assumes 64-bit pointers). */
+	      Ls[(i + 0 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
+	      Ls[(i + 1 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[1];
+	      Ls[(i + 2 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
+	      Ls[(i + 3 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[2];
+	      Ls[(i + 4 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
+	      Ls[(i + 5 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[1];
+	      Ls[(i + 6 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
 	    }
 
-	  Ls[(7 + n) % 32] = c->u_mode.ocb.L[3];
-	  Ls[(15 + n) % 32] = c->u_mode.ocb.L[4];
-	  Ls[(23 + n) % 32] = c->u_mode.ocb.L[3];
+	  Ls[(7 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[3];
+	  Ls[(15 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[4];
+	  Ls[(23 + n) % 32] = (uintptr_t)(void *)c->u_mode.ocb.L[3];
 	  l = &Ls[(31 + n) % 32];
 
 	  /* Process data in 32 block chunks. */
@@ -808,7 +814,7 @@ _gcry_camellia_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg,
 	    {
 	      /* l_tmp will be used only every 65536-th block. */
 	      blkn += 32;
-	      *l = ocb_get_l(c, l_tmp, blkn - blkn % 32);
+	      *l = (uintptr_t)(void *)ocb_get_l(c, l_tmp, blkn - blkn % 32);
 
 	      _gcry_camellia_aesni_avx2_ocb_auth(ctx, abuf,
 						 c->u_mode.ocb.aad_offset,
@@ -837,25 +843,27 @@ _gcry_camellia_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg,
   if (ctx->use_aesni_avx)
     {
       int did_use_aesni_avx = 0;
-      const void *Ls[16];
+      u64 Ls[16];
       unsigned int n = 16 - (blkn % 16);
-      const void **l;
+      u64 *l;
       int i;
 
       if (nblocks >= 16)
 	{
 	  for (i = 0; i < 16; i += 8)
 	    {
-	      Ls[(i + 0 + n) % 16] = c->u_mode.ocb.L[0];
-	      Ls[(i + 1 + n) % 16] = c->u_mode.ocb.L[1];
-	      Ls[(i + 2 + n) % 16] = c->u_mode.ocb.L[0];
-	      Ls[(i + 3 + n) % 16] = c->u_mode.ocb.L[2];
-	      Ls[(i + 4 + n) % 16] = c->u_mode.ocb.L[0];
-	      Ls[(i + 5 + n) % 16] = c->u_mode.ocb.L[1];
-	      Ls[(i + 6 + n) % 16] = c->u_mode.ocb.L[0];
+	      /* Use u64 to store pointers for x32 support (assembly function
+	       * assumes 64-bit pointers). */
+	      Ls[(i + 0 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
+	      Ls[(i + 1 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[1];
+	      Ls[(i + 2 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
+	      Ls[(i + 3 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[2];
+	      Ls[(i + 4 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
+	      Ls[(i + 5 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[1];
+	      Ls[(i + 6 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
 	    }
 
-	  Ls[(7 + n) % 16] = c->u_mode.ocb.L[3];
+	  Ls[(7 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[3];
 	  l = &Ls[(15 + n) % 16];
 
 	  /* Process data in 16 block chunks. */
@@ -863,7 +871,7 @@ _gcry_camellia_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg,
 	    {
 	      /* l_tmp will be used only every 65536-th block. */
 	      blkn += 16;
-	      *l = ocb_get_l(c, l_tmp, blkn - blkn % 16);
+	      *l = (uintptr_t)(void *)ocb_get_l(c, l_tmp, blkn - blkn % 16);
 
 	      _gcry_camellia_aesni_avx_ocb_auth(ctx, abuf,
 						c->u_mode.ocb.aad_offset,
diff --git a/cipher/serpent.c b/cipher/serpent.c
index fc3afa6..4ef7f52 100644
--- a/cipher/serpent.c
+++ b/cipher/serpent.c
@@ -125,20 +125,20 @@ extern void _gcry_serpent_sse2_ocb_enc(serpent_context_t *ctx,
 				       const unsigned char *in,
 				       unsigned char *offset,
 				       unsigned char *checksum,
-				       const void *Ls[8]) ASM_FUNC_ABI;
+				       const u64 Ls[8]) ASM_FUNC_ABI;
 
 extern void _gcry_serpent_sse2_ocb_dec(serpent_context_t *ctx,
 				       unsigned char *out,
 				       const unsigned char *in,
 				       unsigned char *offset,
 				       unsigned char *checksum,
-				       const void *Ls[8]) ASM_FUNC_ABI;
+				       const u64 Ls[8]) ASM_FUNC_ABI;
 
 extern void _gcry_serpent_sse2_ocb_auth(serpent_context_t *ctx,
 					const unsigned char *abuf,
 					unsigned char *offset,
 					unsigned char *checksum,
-					const void *Ls[8]) ASM_FUNC_ABI;
+					const u64 Ls[8]) ASM_FUNC_ABI;
 #endif
 
 #ifdef USE_AVX2
@@ -165,20 +165,20 @@ extern void _gcry_serpent_avx2_ocb_enc(serpent_context_t *ctx,
 				       const unsigned char *in,
 				       unsigned char *offset,
 				       unsigned char *checksum,
-				       const void *Ls[16]) ASM_FUNC_ABI;
+				       const u64 Ls[16]) ASM_FUNC_ABI;
 
 extern void _gcry_serpent_avx2_ocb_dec(serpent_context_t *ctx,
 				       unsigned char *out,
 				       const unsigned char *in,
 				       unsigned char *offset,
 				       unsigned char *checksum,
-				       const void *Ls[16]) ASM_FUNC_ABI;
+				       const u64 Ls[16]) ASM_FUNC_ABI;
 
 extern void _gcry_serpent_avx2_ocb_auth(serpent_context_t *ctx,
 					const unsigned char *abuf,
 					unsigned char *offset,
 					unsigned char *checksum,
-					const void *Ls[16]) ASM_FUNC_ABI;
+					const u64 Ls[16]) ASM_FUNC_ABI;
 #endif
 
 #ifdef USE_NEON
@@ -1249,25 +1249,27 @@ _gcry_serpent_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg,
   if (ctx->use_avx2)
     {
       int did_use_avx2 = 0;
-      const void *Ls[16];
+      u64 Ls[16];
       unsigned int n = 16 - (blkn % 16);
-      const void **l;
+      u64 *l;
       int i;
 
       if (nblocks >= 16)
 	{
 	  for (i = 0; i < 16; i += 8)
 	    {
-	      Ls[(i + 0 + n) % 16] = c->u_mode.ocb.L[0];
-	      Ls[(i + 1 + n) % 16] = c->u_mode.ocb.L[1];
-	      Ls[(i + 2 + n) % 16] = c->u_mode.ocb.L[0];
-	      Ls[(i + 3 + n) % 16] = c->u_mode.ocb.L[2];
-	      Ls[(i + 4 + n) % 16] = c->u_mode.ocb.L[0];
-	      Ls[(i + 5 + n) % 16] = c->u_mode.ocb.L[1];
-	      Ls[(i + 6 + n) % 16] = c->u_mode.ocb.L[0];
+	      /* Use u64 to store pointers for x32 support (assembly function
+	       * assumes 64-bit pointers). */
+	      Ls[(i + 0 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
+	      Ls[(i + 1 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[1];
+	      Ls[(i + 2 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
+	      Ls[(i + 3 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[2];
+	      Ls[(i + 4 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
+	      Ls[(i + 5 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[1];
+	      Ls[(i + 6 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
 	    }
 
-	  Ls[(7 + n) % 16] = c->u_mode.ocb.L[3];
+	  Ls[(7 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[3];
 	  l = &Ls[(15 + n) % 16];
 
 	  /* Process data in 16 block chunks. */
@@ -1275,7 +1277,7 @@ _gcry_serpent_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg,
 	    {
 	      /* l_tmp will be used only every 65536-th block. */
 	      blkn += 16;
-	      *l = ocb_get_l(c, l_tmp, blkn - blkn % 16);
+	      *l = (uintptr_t)(void *)ocb_get_l(c, l_tmp, blkn - blkn % 16);
 
 	      if (encrypt)
 		_gcry_serpent_avx2_ocb_enc(ctx, outbuf, inbuf, c->u_iv.iv,
@@ -1305,19 +1307,21 @@ _gcry_serpent_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg,
 #ifdef USE_SSE2
   {
     int did_use_sse2 = 0;
-    const void *Ls[8];
+    u64 Ls[8];
     unsigned int n = 8 - (blkn % 8);
-    const void **l;
+    u64 *l;
 
     if (nblocks >= 8)
       {
-	Ls[(0 + n) % 8] = c->u_mode.ocb.L[0];
-	Ls[(1 + n) % 8] = c->u_mode.ocb.L[1];
-	Ls[(2 + n) % 8] = c->u_mode.ocb.L[0];
-	Ls[(3 + n) % 8] = c->u_mode.ocb.L[2];
-	Ls[(4 + n) % 8] = c->u_mode.ocb.L[0];
-	Ls[(5 + n) % 8] = c->u_mode.ocb.L[1];
-	Ls[(6 + n) % 8] = c->u_mode.ocb.L[0];
+	/* Use u64 to store pointers for x32 support (assembly function
+	  * assumes 64-bit pointers). */
+	Ls[(0 + n) % 8] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
+	Ls[(1 + n) % 8] = (uintptr_t)(void *)c->u_mode.ocb.L[1];
+	Ls[(2 + n) % 8] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
+	Ls[(3 + n) % 8] = (uintptr_t)(void *)c->u_mode.ocb.L[2];
+	Ls[(4 + n) % 8] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
+	Ls[(5 + n) % 8] = (uintptr_t)(void *)c->u_mode.ocb.L[1];
+	Ls[(6 + n) % 8] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
 	l = &Ls[(7 + n) % 8];
 
 	/* Process data in 8 block chunks. */
@@ -1325,7 +1329,7 @@ _gcry_serpent_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg,
 	  {
 	    /* l_tmp will be used only every 65536-th block. */
 	    blkn += 8;
-	    *l = ocb_get_l(c, l_tmp, blkn - blkn % 8);
+	    *l = (uintptr_t)(void *)ocb_get_l(c, l_tmp, blkn - blkn % 8);
 
 	    if (encrypt)
 	      _gcry_serpent_sse2_ocb_enc(ctx, outbuf, inbuf, c->u_iv.iv,
@@ -1435,25 +1439,27 @@ _gcry_serpent_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg,
   if (ctx->use_avx2)
     {
       int did_use_avx2 = 0;
-      const void *Ls[16];
+      u64 Ls[16];
       unsigned int n = 16 - (blkn % 16);
-      const void **l;
+      u64 *l;
       int i;
 
       if (nblocks >= 16)
 	{
 	  for (i = 0; i < 16; i += 8)
 	    {
-	      Ls[(i + 0 + n) % 16] = c->u_mode.ocb.L[0];
-	      Ls[(i + 1 + n) % 16] = c->u_mode.ocb.L[1];
-	      Ls[(i + 2 + n) % 16] = c->u_mode.ocb.L[0];
-	      Ls[(i + 3 + n) % 16] = c->u_mode.ocb.L[2];
-	      Ls[(i + 4 + n) % 16] = c->u_mode.ocb.L[0];
-	      Ls[(i + 5 + n) % 16] = c->u_mode.ocb.L[1];
-	      Ls[(i + 6 + n) % 16] = c->u_mode.ocb.L[0];
+	      /* Use u64 to store pointers for x32 support (assembly function
+	       * assumes 64-bit pointers). */
+	      Ls[(i + 0 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
+	      Ls[(i + 1 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[1];
+	      Ls[(i + 2 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
+	      Ls[(i + 3 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[2];
+	      Ls[(i + 4 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
+	      Ls[(i + 5 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[1];
+	      Ls[(i + 6 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
 	    }
 
-	  Ls[(7 + n) % 16] = c->u_mode.ocb.L[3];
+	  Ls[(7 + n) % 16] = (uintptr_t)(void *)c->u_mode.ocb.L[3];
 	  l = &Ls[(15 + n) % 16];
 
 	  /* Process data in 16 block chunks. */
@@ -1461,7 +1467,7 @@ _gcry_serpent_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg,
 	    {
 	      /* l_tmp will be used only every 65536-th block. */
 	      blkn += 16;
-	      *l = ocb_get_l(c, l_tmp, blkn - blkn % 16);
+	      *l = (uintptr_t)(void *)ocb_get_l(c, l_tmp, blkn - blkn % 16);
 
 	      _gcry_serpent_avx2_ocb_auth(ctx, abuf, c->u_mode.ocb.aad_offset,
 					  c->u_mode.ocb.aad_sum, Ls);
@@ -1486,19 +1492,21 @@ _gcry_serpent_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg,
 #ifdef USE_SSE2
   {
     int did_use_sse2 = 0;
-    const void *Ls[8];
+    u64 Ls[8];
     unsigned int n = 8 - (blkn % 8);
-    const void **l;
+    u64 *l;
 
     if (nblocks >= 8)
       {
-	Ls[(0 + n) % 8] = c->u_mode.ocb.L[0];
-	Ls[(1 + n) % 8] = c->u_mode.ocb.L[1];
-	Ls[(2 + n) % 8] = c->u_mode.ocb.L[0];
-	Ls[(3 + n) % 8] = c->u_mode.ocb.L[2];
-	Ls[(4 + n) % 8] = c->u_mode.ocb.L[0];
-	Ls[(5 + n) % 8] = c->u_mode.ocb.L[1];
-	Ls[(6 + n) % 8] = c->u_mode.ocb.L[0];
+	/* Use u64 to store pointers for x32 support (assembly function
+	* assumes 64-bit pointers). */
+	Ls[(0 + n) % 8] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
+	Ls[(1 + n) % 8] = (uintptr_t)(void *)c->u_mode.ocb.L[1];
+	Ls[(2 + n) % 8] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
+	Ls[(3 + n) % 8] = (uintptr_t)(void *)c->u_mode.ocb.L[2];
+	Ls[(4 + n) % 8] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
+	Ls[(5 + n) % 8] = (uintptr_t)(void *)c->u_mode.ocb.L[1];
+	Ls[(6 + n) % 8] = (uintptr_t)(void *)c->u_mode.ocb.L[0];
 	l = &Ls[(7 + n) % 8];
 
 	/* Process data in 8 block chunks. */
@@ -1506,7 +1514,7 @@ _gcry_serpent_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg,
 	  {
 	    /* l_tmp will be used only every 65536-th block. */
 	    blkn += 8;
-	    *l = ocb_get_l(c, l_tmp, blkn - blkn % 8);
+	    *l = (uintptr_t)(void *)ocb_get_l(c, l_tmp, blkn - blkn % 8);
 
 	    _gcry_serpent_sse2_ocb_auth(ctx, abuf, c->u_mode.ocb.aad_offset,
 					c->u_mode.ocb.aad_sum, Ls);
diff --git a/cipher/twofish.c b/cipher/twofish.c
index 7f361c9..f6ecd67 100644
--- a/cipher/twofish.c
+++ b/cipher/twofish.c
@@ -734,15 +734,15 @@ extern void _gcry_twofish_amd64_cfb_dec(const TWOFISH_context *c, byte *out,
 
 extern void _gcry_twofish_amd64_ocb_enc(const TWOFISH_context *ctx, byte *out,
 					const byte *in, byte *offset,
-					byte *checksum, const void *Ls[3]);
+					byte *checksum, const u64 Ls[3]);
 
 extern void _gcry_twofish_amd64_ocb_dec(const TWOFISH_context *ctx, byte *out,
 					const byte *in, byte *offset,
-					byte *checksum, const void *Ls[3]);
+					byte *checksum, const u64 Ls[3]);
 
 extern void _gcry_twofish_amd64_ocb_auth(const TWOFISH_context *ctx,
 					 const byte *abuf, byte *offset,
-					 byte *checksum, const void *Ls[3]);
+					 byte *checksum, const u64 Ls[3]);
 
 #ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS
 static inline void
@@ -854,7 +854,7 @@ twofish_amd64_cfb_dec(const TWOFISH_context *c, byte *out, const byte *in,
 
 static inline void
 twofish_amd64_ocb_enc(const TWOFISH_context *ctx, byte *out, const byte *in,
-		      byte *offset, byte *checksum, const void *Ls[3])
+		      byte *offset, byte *checksum, const u64 Ls[3])
 {
 #ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS
   call_sysv_fn6(_gcry_twofish_amd64_ocb_enc, ctx, out, in, offset, checksum, Ls);
@@ -865,7 +865,7 @@ twofish_amd64_ocb_enc(const TWOFISH_context *ctx, byte *out, const byte *in,
 
 static inline void
 twofish_amd64_ocb_dec(const TWOFISH_context *ctx, byte *out, const byte *in,
-		      byte *offset, byte *checksum, const void *Ls[3])
+		      byte *offset, byte *checksum, const u64 Ls[3])
 {
 #ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS
   call_sysv_fn6(_gcry_twofish_amd64_ocb_dec, ctx, out, in, offset, checksum, Ls);
@@ -876,7 +876,7 @@ twofish_amd64_ocb_dec(const TWOFISH_context *ctx, byte *out, const byte *in,
 
 static inline void
 twofish_amd64_ocb_auth(const TWOFISH_context *ctx, const byte *abuf,
-		       byte *offset, byte *checksum, const void *Ls[3])
+		       byte *offset, byte *checksum, const u64 Ls[3])
 {
 #ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS
   call_sysv_fn5(_gcry_twofish_amd64_ocb_auth, ctx, abuf, offset, checksum, Ls);
@@ -1261,15 +1261,17 @@ _gcry_twofish_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg,
   u64 blkn = c->u_mode.ocb.data_nblocks;
 
   {
-    const void *Ls[3];
+    /* Use u64 to store pointers for x32 support (assembly function
+      * assumes 64-bit pointers). */
+    u64 Ls[3];
 
     /* Process data in 3 block chunks. */
     while (nblocks >= 3)
       {
 	/* l_tmp will be used only every 65536-th block. */
-	Ls[0] = ocb_get_l(c, l_tmp, blkn + 1);
-	Ls[1] = ocb_get_l(c, l_tmp, blkn + 2);
-	Ls[2] = ocb_get_l(c, l_tmp, blkn + 3);
+	Ls[0] = (uintptr_t)(const void *)ocb_get_l(c, l_tmp, blkn + 1);
+	Ls[1] = (uintptr_t)(const void *)ocb_get_l(c, l_tmp, blkn + 2);
+	Ls[2] = (uintptr_t)(const void *)ocb_get_l(c, l_tmp, blkn + 3);
 	blkn += 3;
 
 	if (encrypt)
@@ -1320,15 +1322,17 @@ _gcry_twofish_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg,
   u64 blkn = c->u_mode.ocb.aad_nblocks;
 
   {
-    const void *Ls[3];
+    /* Use u64 to store pointers for x32 support (assembly function
+      * assumes 64-bit pointers). */
+    u64 Ls[3];
 
     /* Process data in 3 block chunks. */
     while (nblocks >= 3)
       {
 	/* l_tmp will be used only every 65536-th block. */
-	Ls[0] = ocb_get_l(c, l_tmp, blkn + 1);
-	Ls[1] = ocb_get_l(c, l_tmp, blkn + 2);
-	Ls[2] = ocb_get_l(c, l_tmp, blkn + 3);
+	Ls[0] = (uintptr_t)(const void *)ocb_get_l(c, l_tmp, blkn + 1);
+	Ls[1] = (uintptr_t)(const void *)ocb_get_l(c, l_tmp, blkn + 2);
+	Ls[2] = (uintptr_t)(const void *)ocb_get_l(c, l_tmp, blkn + 3);
 	blkn += 3;
 
 	twofish_amd64_ocb_auth(ctx, abuf, c->u_mode.ocb.aad_offset,

commit ae40af427fd2a856b24ec2a41323ec8b80ffc9c0
Author: Jussi Kivilinna <jussi.kivilinna at iki.fi>
Date:   Fri Oct 23 22:24:47 2015 +0300

    bench-slope: add KDF/PBKDF2 benchmark
    
    * tests/bench-slope.c (bench_kdf_mode, bench_kdf_init, bench_kdf_free)
    (bench_kdf_do_bench, kdf_ops, kdf_bench_one, kdf_bench): New.
    (print_help): Add 'kdf'.
    (main): Add KDF benchmarks.
    --
    
    Introduce KDF benchmarking to bench-slope. Output is given as
    nanosecs/iter (and cycles/iter if --cpu-mhz used). Only PBKDF2
    is support with this initial patch.
    
    For example, below shows output of KDF bench-slope before
    and after commit "md: keep contexts for HMAC in GcryDigestEntry",
    on Intel Core i5-4570 @ 3.2 Ghz:
    
    Before:
    
    $ tests/bench-slope --cpu-mhz 3201 kdf
    KDF:
                              |  nanosecs/iter   cycles/iter
     PBKDF2-HMAC-MD5          |          882.4        2824.7
     PBKDF2-HMAC-SHA1         |          832.6        2665.0
     PBKDF2-HMAC-RIPEMD160    |         1148.3        3675.6
     PBKDF2-HMAC-TIGER192     |         1339.6        4288.2
     PBKDF2-HMAC-SHA256       |         1460.5        4675.1
     PBKDF2-HMAC-SHA384       |         1723.2        5515.8
     PBKDF2-HMAC-SHA512       |         1729.1        5534.7
     PBKDF2-HMAC-SHA224       |         1424.0        4558.3
     PBKDF2-HMAC-WHIRLPOOL    |         2459.7        7873.5
     PBKDF2-HMAC-TIGER        |         1350.2        4322.1
     PBKDF2-HMAC-TIGER2       |         1348.7        4317.3
     PBKDF2-HMAC-GOSTR3411_94 |         7374.1       23604.4
     PBKDF2-HMAC-STRIBOG256   |         6060.0       19398.1
     PBKDF2-HMAC-STRIBOG512   |         7512.8       24048.3
     PBKDF2-HMAC-GOSTR3411_CP |         7378.3       23618.0
     PBKDF2-HMAC-SHA3-224     |         2789.6        8929.5
     PBKDF2-HMAC-SHA3-256     |         2785.1        8915.0
     PBKDF2-HMAC-SHA3-384     |         2955.5        9460.5
     PBKDF2-HMAC-SHA3-512     |         2859.7        9153.9
                              =
    
    After:
    
    $ tests/bench-slope --cpu-mhz 3201 kdf
    KDF:
                              |  nanosecs/iter   cycles/iter
     PBKDF2-HMAC-MD5          |          405.9        1299.2
     PBKDF2-HMAC-SHA1         |          392.1        1255.0
     PBKDF2-HMAC-RIPEMD160    |          540.9        1731.5
     PBKDF2-HMAC-TIGER192     |          637.1        2039.4
     PBKDF2-HMAC-SHA256       |          691.8        2214.3
     PBKDF2-HMAC-SHA384       |          848.0        2714.3
     PBKDF2-HMAC-SHA512       |          875.7        2803.1
     PBKDF2-HMAC-SHA224       |          689.2        2206.0
     PBKDF2-HMAC-WHIRLPOOL    |         1535.6        4915.5
     PBKDF2-HMAC-TIGER        |          636.3        2036.7
     PBKDF2-HMAC-TIGER2       |          636.6        2037.7
     PBKDF2-HMAC-GOSTR3411_94 |         5311.5       17002.2
     PBKDF2-HMAC-STRIBOG256   |         4308.0       13790.0
     PBKDF2-HMAC-STRIBOG512   |         5767.4       18461.4
     PBKDF2-HMAC-GOSTR3411_CP |         5309.4       16995.4
     PBKDF2-HMAC-SHA3-224     |         1333.1        4267.2
     PBKDF2-HMAC-SHA3-256     |         1327.8        4250.4
     PBKDF2-HMAC-SHA3-384     |         1392.8        4458.3
     PBKDF2-HMAC-SHA3-512     |         1428.5        4572.7
                              =
    
    Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>

diff --git a/tests/bench-slope.c b/tests/bench-slope.c
index 394d7fc..2679556 100644
--- a/tests/bench-slope.c
+++ b/tests/bench-slope.c
@@ -1571,13 +1571,176 @@ mac_bench (char **argv, int argc)
 }
 
 
+/************************************************************ KDF benchmarks. */
+
+struct bench_kdf_mode
+{
+  struct bench_ops *ops;
+
+  int algo;
+  int subalgo;
+};
+
+
+static int
+bench_kdf_init (struct bench_obj *obj)
+{
+  struct bench_kdf_mode *mode = obj->priv;
+
+  if (mode->algo == GCRY_KDF_PBKDF2)
+    {
+      obj->min_bufsize = 2;
+      obj->max_bufsize = 2 * 32;
+      obj->step_size = 2;
+    }
+
+  obj->num_measure_repetitions = num_measurement_repetitions;
+
+  return 0;
+}
+
+static void
+bench_kdf_free (struct bench_obj *obj)
+{
+  (void)obj;
+}
+
+static void
+bench_kdf_do_bench (struct bench_obj *obj, void *buf, size_t buflen)
+{
+  struct bench_kdf_mode *mode = obj->priv;
+  char keybuf[16];
+
+  (void)buf;
+
+  if (mode->algo == GCRY_KDF_PBKDF2)
+    {
+      gcry_kdf_derive("qwerty", 6, mode->algo, mode->subalgo, "01234567", 8,
+		      buflen, sizeof(keybuf), keybuf);
+    }
+}
+
+static struct bench_ops kdf_ops = {
+  &bench_kdf_init,
+  &bench_kdf_free,
+  &bench_kdf_do_bench
+};
+
+
+static void
+kdf_bench_one (int algo, int subalgo)
+{
+  struct bench_kdf_mode mode = { &kdf_ops };
+  struct bench_obj obj = { 0 };
+  double nsecs_per_iteration;
+  double cycles_per_iteration;
+  char algo_name[32];
+  char nsecpiter_buf[16];
+  char cpiter_buf[16];
+
+  mode.algo = algo;
+  mode.subalgo = subalgo;
+
+  switch (subalgo)
+    {
+    case GCRY_MD_CRC32:
+    case GCRY_MD_CRC32_RFC1510:
+    case GCRY_MD_CRC24_RFC2440:
+    case GCRY_MD_MD4:
+      /* Skip CRC32s. */
+      return;
+    }
+
+  *algo_name = 0;
+
+  if (algo == GCRY_KDF_PBKDF2)
+    {
+      snprintf (algo_name, sizeof(algo_name), "PBKDF2-HMAC-%s",
+		gcry_md_algo_name (subalgo));
+    }
+
+  bench_print_algo (-24, algo_name);
+
+  obj.ops = mode.ops;
+  obj.priv = &mode;
+
+  nsecs_per_iteration = do_slope_benchmark (&obj);
+
+  strcpy(cpiter_buf, csv_mode ? "" : "-");
+
+  double_to_str (nsecpiter_buf, sizeof (nsecpiter_buf), nsecs_per_iteration);
+
+  /* If user didn't provide CPU speed, we cannot show cycles/iter results.  */
+  if (cpu_ghz > 0.0)
+    {
+      cycles_per_iteration = nsecs_per_iteration * cpu_ghz;
+      double_to_str (cpiter_buf, sizeof (cpiter_buf), cycles_per_iteration);
+    }
+
+  if (csv_mode)
+    {
+      printf ("%s,%s,%s,,,,,,,,,%s,ns/iter,%s,c/iter\n",
+	      current_section_name,
+	      current_algo_name ? current_algo_name : "",
+	      current_mode_name ? current_mode_name : "",
+	      nsecpiter_buf,
+	      cpiter_buf);
+    }
+  else
+    {
+      printf ("%14s %13s\n", nsecpiter_buf, cpiter_buf);
+    }
+}
+
+void
+kdf_bench (char **argv, int argc)
+{
+  char algo_name[32];
+  int i, j;
+
+  bench_print_section ("kdf", "KDF");
+
+  if (!csv_mode)
+    {
+      printf (" %-*s | ", 24, "");
+      printf ("%14s %13s\n", "nanosecs/iter", "cycles/iter");
+    }
+
+  if (argv && argc)
+    {
+      for (i = 0; i < argc; i++)
+	{
+	  for (j = 1; j < 400; j++)
+	    {
+	      if (gcry_md_test_algo (j))
+		continue;
+
+	      snprintf (algo_name, sizeof(algo_name), "PBKDF2-HMAC-%s",
+			gcry_md_algo_name (j));
+
+	      if (!strcmp(argv[i], algo_name))
+		kdf_bench_one (GCRY_KDF_PBKDF2, j);
+	    }
+	}
+    }
+  else
+    {
+      for (i = 1; i < 400; i++)
+	if (!gcry_md_test_algo (i))
+	  kdf_bench_one (GCRY_KDF_PBKDF2, i);
+    }
+
+  bench_print_footer (24);
+}
+
+
 /************************************************************** Main program. */
 
 void
 print_help (void)
 {
   static const char *help_lines[] = {
-    "usage: bench-slope [options] [hash|mac|cipher [algonames]]",
+    "usage: bench-slope [options] [hash|mac|cipher|kdf [algonames]]",
     "",
     " options:",
     "   --cpu-mhz <mhz>           Set CPU speed for calculating cycles",
@@ -1744,6 +1907,7 @@ main (int argc, char **argv)
       hash_bench (NULL, 0);
       mac_bench (NULL, 0);
       cipher_bench (NULL, 0);
+      kdf_bench (NULL, 0);
     }
   else if (!strcmp (*argv, "hash"))
     {
@@ -1769,6 +1933,14 @@ main (int argc, char **argv)
       warm_up_cpu ();
       cipher_bench ((argc == 0) ? NULL : argv, argc);
     }
+  else if (!strcmp (*argv, "kdf"))
+    {
+      argc--;
+      argv++;
+
+      warm_up_cpu ();
+      kdf_bench ((argc == 0) ? NULL : argv, argc);
+    }
   else
     {
       fprintf (stderr, PGM ": unknown argument: %s\n", *argv);

-----------------------------------------------------------------------

Summary of changes:
 cipher/Makefile.am         |   2 +-
 cipher/camellia-glue.c     | 116 ++++---
 cipher/hash-common.h       |  12 +-
 cipher/keccak.c            | 808 ++++++++++++++++++++++++++++++++-------------
 cipher/keccak_permute_32.h | 535 ++++++++++++++++++++++++++++++
 cipher/keccak_permute_64.h | 290 ++++++++++++++++
 cipher/serpent.c           | 104 +++---
 cipher/sha1.c              |   2 +-
 cipher/sha256.c            |   4 +-
 cipher/sha512.c            |   4 +-
 cipher/twofish.c           |  32 +-
 src/g10lib.h               |  21 +-
 src/hwf-x86.c              |  34 +-
 src/hwfeatures.c           |  27 +-
 tests/bench-slope.c        | 174 +++++++++-
 15 files changed, 1775 insertions(+), 390 deletions(-)
 create mode 100644 cipher/keccak_permute_32.h
 create mode 100644 cipher/keccak_permute_64.h


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Oct 29 02:28:50 2015
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Thu, 29 Oct 2015 02:28:50 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-81-gd25e29a
Message-ID: <E1ZrbsB-0007Jm-KH@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  d25e29ad9374da1c11ccfc38f392dbab2d707042 (commit)
      from  8b6c83dcb086ef09b2676e4d5b0111c88b7b8bf8 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit d25e29ad9374da1c11ccfc38f392dbab2d707042
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Thu Oct 29 10:26:04 2015 +0900

    doc: Don't install gpg-zip.1.
    
    * doc/Makefile.am (myman_pages): Remove gpg-zip.1.
    (DISTCLEANFILES): Add gpg-zip.1.
    
    --
    
    Thanks to Thomas Klausner.
    
    GnuPG-bug-id: 2095

diff --git a/doc/Makefile.am b/doc/Makefile.am
index 3ed3057..c6a5e25 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -71,7 +71,7 @@ myman_sources = gnupg7.texi gpg.texi gpgsm.texi gpg-agent.texi \
 myman_pages   = gpg2.1 gpgsm.1 gpg-agent.1 dirmngr.8 scdaemon.1 gpgv2.1 \
                 watchgnupg.1 gpgconf.1 addgnupghome.8 gpg-preset-passphrase.1 \
 		gpg-connect-agent.1 gpgparsemail.1 symcryptrun.1 \
-		applygnupgdefaults.8 gpg-zip.1 \
+		applygnupgdefaults.8 \
 		dirmngr-client.1
 
 man_MANS = $(myman_pages) gnupg.7
@@ -82,7 +82,7 @@ watchgnupg_SOURCE = gnupg.texi
 CLEANFILES = yat2m mkdefsinc defs.inc
 
 DISTCLEANFILES = gnupg.tmp gnupg.ops yat2m-stamp.tmp yat2m-stamp \
-		 $(myman_pages) gnupg.7
+		 $(myman_pages) gpg-zip.1 gnupg.7
 
 yat2m: yat2m.c
 	$(CC_FOR_BUILD) -o $@ $(srcdir)/yat2m.c

-----------------------------------------------------------------------

Summary of changes:
 doc/Makefile.am | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Oct 29 02:32:18 2015
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Thu, 29 Oct 2015 02:32:18 +0100
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0,
 updated. gnupg-2.0.29-13-g01fa4c7
Message-ID: <E1ZrbvX-0007NW-5x@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-0 has been updated
       via  01fa4c7b8b821da21a5acdeaeeafdd8c78a7a7cd (commit)
      from  caa555a5bfaa98f8f630901427a653bd8dc7b95e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 01fa4c7b8b821da21a5acdeaeeafdd8c78a7a7cd
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Thu Oct 29 10:26:04 2015 +0900

    doc: Don't install gpg-zip.1.
    
    * doc/Makefile.am (myman_pages): Remove gpg-zip.1.
    (DISTCLEANFILES): Add gpg-zip.1.
    
    --
    
    (backport of commit d25e29ad9374da1c11ccfc38f392dbab2d707042)
    
    Thanks to Thomas Klausner.
    
    GnuPG-bug-id: 2095

diff --git a/doc/Makefile.am b/doc/Makefile.am
index 0be9668..af24196 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -65,7 +65,7 @@ myman_sources = gnupg7.texi gpg.texi gpgsm.texi gpg-agent.texi \
 myman_pages   = gpg2.1 gpgsm.1 gpg-agent.1 scdaemon.1 gpgv2.1 \
                 watchgnupg.1 gpgconf.1 addgnupghome.8 gpg-preset-passphrase.1 \
 		gpg-connect-agent.1 gpgparsemail.1 symcryptrun.1 \
-		gpgsm-gencert.sh.1 applygnupgdefaults.8 gpg-zip.1
+		gpgsm-gencert.sh.1 applygnupgdefaults.8
 
 man_MANS = $(myman_pages)
 noinst_MANS = gnupg.7
@@ -76,7 +76,7 @@ watchgnupg_SOURCE = gnupg.texi
 CLEANFILES = yat2m faq.txt
 
 DISTCLEANFILES = gnupg.tmp gnupg.ops yat2m-stamp.tmp yat2m-stamp \
-		 $(myman_pages) gnupg.7
+		 $(myman_pages) gpg-zip.1 gnupg.7
 
 yat2m: yat2m.c
 	$(CC_FOR_BUILD) -o $@ $(srcdir)/yat2m.c

-----------------------------------------------------------------------

Summary of changes:
 doc/Makefile.am | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Oct 29 10:12:54 2015
From: cvs at cvs.gnupg.org (by Neal H. Walfield)
Date: Thu, 29 Oct 2015 10:12:54 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-88-g641df61
Message-ID: <E1Zrj7J-0007Mf-Nr@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  641df615da4937b0073c420a0503c5810c237972 (commit)
       via  d68bdc553a206e54234d5d53ad35c4ba34133118 (commit)
       via  ef052591ba51ee16bafc3c5b79d837ed8f01b520 (commit)
       via  89eee5f6b7ca3da7ebdcc3e5d069701d0834b39e (commit)
       via  99c84b49b787dab8da26cf61eed24dd4a2b77fd9 (commit)
       via  421827424fe87855307fe3e803b42ffa02738600 (commit)
       via  351f4213e192aa11500c0c590d11183edbe326c5 (commit)
      from  d25e29ad9374da1c11ccfc38f392dbab2d707042 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 641df615da4937b0073c420a0503c5810c237972
Author: Neal H. Walfield <neal at g10code.com>
Date:   Thu Oct 29 10:09:58 2015 +0100

    gpg: Display the correct error message.
    
    * g10/trustdb.c (validate_keys): If tdbio_update_version_record fails,
    RC does not contain the error code.  Save the error code in rc2 and
    use that.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/g10/trustdb.c b/g10/trustdb.c
index 54a779e..64de985 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -2106,6 +2106,8 @@ validate_keys (int interactive)
   release_key_hash_table (stored);
   if (!rc && !quit) /* mark trustDB as checked */
     {
+      int rc2;
+
       if (next_expire == 0xffffffff || next_expire < start_time )
         tdbio_write_nextcheck (0);
       else
@@ -2115,11 +2117,12 @@ validate_keys (int interactive)
                     strtimestamp (next_expire));
         }
 
-      if(tdbio_update_version_record()!=0)
+      rc2 = tdbio_update_version_record ();
+      if (rc2)
 	{
-	  log_error(_("unable to update trustdb version record: "
-		      "write failed: %s\n"), gpg_strerror (rc));
-	  tdbio_invalid();
+	  log_error (_("unable to update trustdb version record: "
+                       "write failed: %s\n"), gpg_strerror (rc2));
+	  tdbio_invalid ();
 	}
 
       do_sync ();

commit d68bdc553a206e54234d5d53ad35c4ba34133118
Author: Neal H. Walfield <neal at g10code.com>
Date:   Thu Oct 29 10:01:43 2015 +0100

    gpg: Eliminate a memory leak.
    
    * g10/trustdb.c (validate_key_list): Don't leak the keyblocks on
    failure.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/g10/trustdb.c b/g10/trustdb.c
index 32061e4..54a779e 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -1729,9 +1729,8 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
     }
   if (rc)
     {
-      log_error ("keydb_search_first failed: %s\n", gpg_strerror (rc));
-      xfree (keys);
-      return NULL;
+      log_error ("keydb_search(first) failed: %s\n", gpg_strerror (rc));
+      goto die;
     }
 
   desc.mode = KEYDB_SEARCH_MODE_NEXT; /* change mode */
@@ -1746,8 +1745,7 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
       if (rc)
         {
           log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (rc));
-          xfree (keys);
-          return NULL;
+	  goto die;
         }
 
       if ( keyblock->pkt->pkttype != PKT_PUBLIC_KEY)
@@ -1804,12 +1802,16 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
   if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
     {
       log_error ("keydb_search_next failed: %s\n", gpg_strerror (rc));
-      xfree (keys);
-      return NULL;
+      goto die;
     }
 
   keys[nkeys].keyblock = NULL;
   return keys;
+
+ die:
+  keys[nkeys].keyblock = NULL;
+  release_key_array (keys);
+  return NULL;
 }
 
 /* Caller must sync */

commit ef052591ba51ee16bafc3c5b79d837ed8f01b520
Author: Neal H. Walfield <neal at g10code.com>
Date:   Thu Oct 29 09:58:02 2015 +0100

    gpg: Remove unused prototype.
    
    g10/keyring.h (keyring_locate_writable): Remove unused prototype.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/g10/keyring.h b/g10/keyring.h
index 1469b70..d97bd4c 100644
--- a/g10/keyring.h
+++ b/g10/keyring.h
@@ -36,7 +36,6 @@ int keyring_lock (KEYRING_HANDLE hd, int yes);
 int keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb);
 int keyring_update_keyblock (KEYRING_HANDLE hd, KBNODE kb);
 int keyring_insert_keyblock (KEYRING_HANDLE hd, KBNODE kb);
-int keyring_locate_writable (KEYRING_HANDLE hd);
 int keyring_delete_keyblock (KEYRING_HANDLE hd);
 int keyring_search_reset (KEYRING_HANDLE hd);
 int keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,

commit 89eee5f6b7ca3da7ebdcc3e5d069701d0834b39e
Author: Neal H. Walfield <neal at g10code.com>
Date:   Thu Oct 29 09:57:00 2015 +0100

    gpg: Eliminate a memory leak.
    
    * g10/gpg.c (main): Don't leak OPT.DEF_RECIPIENT.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/g10/gpg.c b/g10/gpg.c
index c18edd0..0f1c74a 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -2580,7 +2580,10 @@ main (int argc, char **argv)
 	  case oDefaultKey: opt.def_secret_key = pargs.r.ret_str; break;
 	  case oDefRecipient:
             if( *pargs.r.ret_str )
-              opt.def_recipient = make_username(pargs.r.ret_str);
+	      {
+		xfree (opt.def_recipient);
+		opt.def_recipient = make_username(pargs.r.ret_str);
+	      }
             break;
 	  case oDefRecipientSelf:
             xfree(opt.def_recipient); opt.def_recipient = NULL;

commit 99c84b49b787dab8da26cf61eed24dd4a2b77fd9
Author: Neal H. Walfield <neal at g10code.com>
Date:   Thu Oct 29 09:52:56 2015 +0100

    gpg: Fix keyring support.
    
    * g10/keydb.c (keydb_rebuild_caches): Only mark the cached as prepared
    if it is actually prepared, which it only is if the resource is a
    keybox.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/g10/keydb.c b/g10/keydb.c
index da18bc0..bcafe90 100644
--- a/g10/keydb.c
+++ b/g10/keydb.c
@@ -1701,7 +1701,8 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
   if (!hd->no_caching
       && !rc
       && ndesc == 1 && (desc[0].mode == KEYDB_SEARCH_MODE_FPR20
-                        || desc[0].mode == KEYDB_SEARCH_MODE_FPR))
+                        || desc[0].mode == KEYDB_SEARCH_MODE_FPR)
+      && hd->active[hd->current].type == KEYDB_RESOURCE_TYPE_KEYBOX)
     {
       hd->keyblock_cache.state = KEYBLOCK_CACHE_PREPARED;
       memcpy (hd->keyblock_cache.fpr, desc[0].u.fpr, 20);

commit 421827424fe87855307fe3e803b42ffa02738600
Author: Neal H. Walfield <neal at g10code.com>
Date:   Thu Oct 29 09:36:36 2015 +0100

    gpg: Change sqlite3_stepx to pass the sqlite3_stmt * to the callback.
    
    * g10/sqlite.h (enum sqlite_arg_type): Add SQLITE_ARG_BLOB.
    (sqlite3_stepx_callback): New declaration.
    (sqlite3_stepx): Change the callback's type to sqlite3_stepx_callback,
    which passes an additional parameter, the sqlite3_stmt *.  Update
    users.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/g10/sqlite.c b/g10/sqlite.c
index da3ca96..ee7514c 100644
--- a/g10/sqlite.c
+++ b/g10/sqlite.c
@@ -59,7 +59,7 @@ sqlite3_exec_printf (sqlite3 *db,
 int
 sqlite3_stepx (sqlite3 *db,
                sqlite3_stmt **stmtp,
-               int (*callback) (void*,int,char**,char**),
+               sqlite3_stepx_callback callback,
                void *cookie,
                char **errmsg,
                const char *sql, ...)
@@ -150,6 +150,13 @@ sqlite3_stepx (sqlite3 *db,
                 err = sqlite3_bind_text (stmt, i, text, -1, SQLITE_STATIC);
                 break;
               }
+            case SQLITE_ARG_BLOB:
+              {
+                char *blob = va_arg (va, void *);
+                long long length = va_arg (va, long long);
+                err = sqlite3_bind_blob (stmt, i, blob, length, SQLITE_STATIC);
+                break;
+              }
             default:
               /* Internal error.  Likely corruption.  */
               log_fatal ("Bad value for parameter type %d.\n", t);
@@ -201,7 +208,7 @@ sqlite3_stepx (sqlite3 *db,
             }
         }
 
-      if (callback (cookie, cols, (char **) azVals, (char **) azColName))
+      if (callback (cookie, cols, (char **) azVals, (char **) azColName, stmt))
         /* A non-zero result means to abort.  */
         {
           err = SQLITE_ABORT;
diff --git a/g10/sqlite.h b/g10/sqlite.h
index 7ebe8d9..753e37a 100644
--- a/g10/sqlite.h
+++ b/g10/sqlite.h
@@ -27,7 +27,10 @@ enum sqlite_arg_type
     SQLITE_ARG_END = 0xdead001,
     SQLITE_ARG_INT,
     SQLITE_ARG_LONG_LONG,
-    SQLITE_ARG_STRING
+    SQLITE_ARG_STRING,
+    /* This takes two arguments: the blob as a void * and the length
+       of the blob as a long long.  */
+    SQLITE_ARG_BLOB
   };
 
 
@@ -36,9 +39,22 @@ int sqlite3_exec_printf (sqlite3 *db,
                          char **errmsg,
                          const char *sql, ...);
 
+typedef int (*sqlite3_stepx_callback) (void *cookie,
+                                       /* number of columns.  */
+                                       int cols,
+                                       /* columns as text.  */
+                                       char **values,
+                                       /* column names.  */
+                                       char **names,
+                                       /* The prepared statement so
+                                          that it is possible to use
+                                          something like
+                                          sqlite3_column_blob().  */
+                                       sqlite3_stmt *statement);
+
 int sqlite3_stepx (sqlite3 *db,
                    sqlite3_stmt **stmtp,
-                   int (*callback) (void*,int,char**,char**),
+                   sqlite3_stepx_callback callback,
                    void *cookie,
                    char **errmsg,
                    const char *sql, ...);
diff --git a/g10/tofu.c b/g10/tofu.c
index 905010c..6dda873 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -418,6 +418,14 @@ get_single_unsigned_long_cb (void *cookie, int argc, char **argv,
   return 0;
 }
 
+static int
+get_single_unsigned_long_cb2 (void *cookie, int argc, char **argv,
+			     char **azColName, sqlite3_stmt *stmt)
+{
+  (void) stmt;
+  return get_single_unsigned_long_cb (cookie, argc, argv, azColName);
+}
+
 /* We expect a single integer column whose name is "version".  COOKIE
    must point to an int.  This function always aborts.  On error or a
    if the version is bad, sets *VERSION to -1.  */
@@ -1050,6 +1058,13 @@ get_single_long_cb (void *cookie, int argc, char **argv, char **azColName)
   return 0;
 }
 
+static int
+get_single_long_cb2 (void *cookie, int argc, char **argv, char **azColName,
+                     sqlite3_stmt *stmt)
+{
+  (void) stmt;
+  return get_single_long_cb (cookie, argc, argv, azColName);
+}
 
 /* Record (or update) a trust policy about a (possibly new)
    binding.
@@ -1109,7 +1124,7 @@ record_binding (struct dbs *dbs, const char *fingerprint, const char *email,
     {
       rc = sqlite3_stepx
 	(db_email->db, &db_email->s.record_binding_get_old_policy,
-         get_single_long_cb, &policy_old, &err,
+         get_single_long_cb2, &policy_old, &err,
 	 "select policy from bindings where fingerprint = ? and email = ?",
 	 SQLITE_ARG_STRING, fingerprint, SQLITE_ARG_STRING, email,
          SQLITE_ARG_END);
@@ -1261,6 +1276,15 @@ strings_collect_cb (void *cookie, int argc, char **argv, char **azColName)
   return 0;
 }
 
+static int
+strings_collect_cb2 (void *cookie, int argc, char **argv, char **azColName,
+                     sqlite3_stmt *stmt)
+{
+  (void) stmt;
+  return strings_collect_cb (cookie, argc, argv, azColName);
+
+}
+
 /* Auxiliary data structure to collect statistics about
    signatures.  */
 struct signature_stats
@@ -1316,7 +1340,7 @@ signature_stats_prepend (struct signature_stats **statsp,
      <fingerprint, policy, time ago, count>.  */
 static int
 signature_stats_collect_cb (void *cookie, int argc, char **argv,
-			    char **azColName)
+			    char **azColName, sqlite3_stmt *stmt)
 {
   struct signature_stats **statsp = cookie;
   char *tail;
@@ -1326,6 +1350,7 @@ signature_stats_collect_cb (void *cookie, int argc, char **argv,
   unsigned long count;
 
   (void) azColName;
+  (void) stmt;
 
   i ++;
 
@@ -1447,7 +1472,7 @@ get_policy (struct dbs *dbs, const char *fingerprint, const char *email,
      still TOFU_POLICY_NONE after executing the query, then the
      result set was empty.)  */
   rc = sqlite3_stepx (db->db, &db->s.get_policy_select_policy_and_conflict,
-                      strings_collect_cb, &strlist, &err,
+                      strings_collect_cb2, &strlist, &err,
                       "select policy, conflict from bindings\n"
                       " where fingerprint = ? and email = ?",
                       SQLITE_ARG_STRING, fingerprint,
@@ -1692,7 +1717,7 @@ get_trust (struct dbs *dbs, const char *fingerprint, const char *email,
      a new binding.  */
   rc = sqlite3_stepx
     (db->db, &db->s.get_trust_bindings_with_this_email,
-     strings_collect_cb, &bindings_with_this_email, &err,
+     strings_collect_cb2, &bindings_with_this_email, &err,
      "select distinct fingerprint from bindings where email = ?;",
      SQLITE_ARG_STRING, email, SQLITE_ARG_END);
   if (rc)
@@ -1835,7 +1860,7 @@ get_trust (struct dbs *dbs, const char *fingerprint, const char *email,
 	{
 	  rc = sqlite3_stepx
 	    (db_key->db, &db_key->s.get_trust_gather_other_user_ids,
-             strings_collect_cb, &other_user_ids, &err,
+             strings_collect_cb2, &other_user_ids, &err,
              opt.tofu_db_format == TOFU_DB_SPLIT
 	     ? "select user_id, email from bindings where fingerprint = ?;"
 	     : "select user_id, policy from bindings where fingerprint = ?;",
@@ -2519,7 +2544,7 @@ tofu_register (const byte *fingerprint_bin, const char *user_id,
      it again.  */
   rc = sqlite3_stepx
     (db->db, &db->s.register_already_seen,
-     get_single_unsigned_long_cb, &c, &err,
+     get_single_unsigned_long_cb2, &c, &err,
      "select count (*)\n"
      " from signatures left join bindings\n"
      "  on signatures.binding = bindings.oid\n"

commit 351f4213e192aa11500c0c590d11183edbe326c5
Author: Neal H. Walfield <neal at g10code.com>
Date:   Wed Oct 28 13:12:27 2015 +0100

    gpg: Move sqlite helper functions into their own file.
    
    * g10/tofu.c (sqlite3_exec_printf): Move from here...
    * g10/sqlite.c (sqlite3_exec_printf): ... to this new file.  Don't
    mark as static.
    * g10/tofu.c (sqlite3_stepx): Move from here...
    * g10/sqlite.c (sqlite3_stepx): ... to this new file.  Don't
    mark as static.
    * g10/tofu.c (enum sqlite_arg_type): Move from here...
    * g10/sqlite.h (enum sqlite_arg_type): ... to this new file.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/g10/Makefile.am b/g10/Makefile.am
index 75ccac8..2fe5c9a 100644
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@@ -57,7 +57,7 @@ trust_source = trustdb.c trustdb.h tdbdump.c tdbio.c tdbio.h
 endif
 
 if USE_TOFU
-tofu_source = tofu.h tofu.c
+tofu_source = tofu.h tofu.c sqlite.c sqlite.h
 else
 tofu_source =
 endif
diff --git a/g10/sqlite.c b/g10/sqlite.c
new file mode 100644
index 0000000..da3ca96
--- /dev/null
+++ b/g10/sqlite.c
@@ -0,0 +1,245 @@
+/* sqlite.c - SQLite helper functions.
+ * Copyright (C) 2015 g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include "gpg.h"
+#include "util.h"
+#include "logging.h"
+
+#include "sqlite.h"
+
+/* This is a convenience function that combines sqlite3_mprintf and
+   sqlite3_exec.  */
+int
+sqlite3_exec_printf (sqlite3 *db,
+		     int (*callback)(void*,int,char**,char**), void *cookie,
+		     char **errmsg,
+		     const char *sql, ...)
+{
+  va_list ap;
+  int rc;
+  char *sql2;
+
+  va_start (ap, sql);
+  sql2 = sqlite3_vmprintf (sql, ap);
+  va_end (ap);
+
+#if 0
+  log_debug ("tofo db: executing: '%s'\n", sql2);
+#endif
+
+  rc = sqlite3_exec (db, sql2, callback, cookie, errmsg);
+
+  sqlite3_free (sql2);
+
+  return rc;
+}
+
+int
+sqlite3_stepx (sqlite3 *db,
+               sqlite3_stmt **stmtp,
+               int (*callback) (void*,int,char**,char**),
+               void *cookie,
+               char **errmsg,
+               const char *sql, ...)
+{
+  int rc;
+  int err = 0;
+  sqlite3_stmt *stmt = NULL;
+
+  va_list va;
+  int args;
+  enum sqlite_arg_type t;
+  int i;
+
+  int cols;
+  /* Names of the columns.  We initialize this lazily to avoid the
+     overhead in case the query doesn't return any results.  */
+  const char **azColName = 0;
+  int callback_initialized = 0;
+
+  const char **azVals = 0;
+
+  callback_initialized = 0;
+
+  if (stmtp && *stmtp)
+    {
+      stmt = *stmtp;
+
+      /* Make sure this statement is associated with the supplied db.  */
+      assert (db == sqlite3_db_handle (stmt));
+
+#if DEBUG_TOFU_CACHE
+      prepares_saved ++;
+#endif
+    }
+  else
+    {
+      const char *tail = NULL;
+
+      rc = sqlite3_prepare_v2 (db, sql, -1, &stmt, &tail);
+      if (rc)
+        log_fatal ("failed to prepare SQL: %s", sql);
+
+      /* We can only process a single statement.  */
+      if (tail)
+        {
+          while (*tail == ' ' || *tail == ';')
+            tail ++;
+
+          if (*tail)
+            log_fatal
+              ("sqlite3_stepx can only process a single SQL statement."
+               "  Second statement starts with: '%s'\n",
+               tail);
+        }
+
+      if (stmtp)
+        *stmtp = stmt;
+    }
+
+#if DEBUG_TOFU_CACHE
+  queries ++;
+#endif
+
+  args = sqlite3_bind_parameter_count (stmt);
+  va_start (va, sql);
+  if (args)
+    {
+      for (i = 1; i <= args; i ++)
+        {
+          t = va_arg (va, enum sqlite_arg_type);
+          switch (t)
+            {
+            case SQLITE_ARG_INT:
+              {
+                int value = va_arg (va, int);
+                err = sqlite3_bind_int (stmt, i, value);
+                break;
+              }
+            case SQLITE_ARG_LONG_LONG:
+              {
+                long long value = va_arg (va, long long);
+                err = sqlite3_bind_int64 (stmt, i, value);
+                break;
+              }
+            case SQLITE_ARG_STRING:
+              {
+                char *text = va_arg (va, char *);
+                err = sqlite3_bind_text (stmt, i, text, -1, SQLITE_STATIC);
+                break;
+              }
+            default:
+              /* Internal error.  Likely corruption.  */
+              log_fatal ("Bad value for parameter type %d.\n", t);
+            }
+
+          if (err)
+            {
+              log_fatal ("Error binding parameter %d\n", i);
+              goto out;
+            }
+        }
+
+    }
+  t = va_arg (va, enum sqlite_arg_type);
+  assert (t == SQLITE_ARG_END);
+  va_end (va);
+
+  for (;;)
+    {
+      rc = sqlite3_step (stmt);
+
+      if (rc != SQLITE_ROW)
+        /* No more data (SQLITE_DONE) or an error occured.  */
+        break;
+
+      if (! callback)
+        continue;
+
+      if (! callback_initialized)
+        {
+          cols = sqlite3_column_count (stmt);
+          azColName = xmalloc (2 * cols * sizeof (const char *) + 1);
+
+          for (i = 0; i < cols; i ++)
+            azColName[i] = sqlite3_column_name (stmt, i);
+
+          callback_initialized = 1;
+        }
+
+      azVals = &azColName[cols];
+      for (i = 0; i < cols; i ++)
+        {
+          azVals[i] = sqlite3_column_text (stmt, i);
+          if (! azVals[i] && sqlite3_column_type (stmt, i) != SQLITE_NULL)
+            /* Out of memory.  */
+            {
+              err = SQLITE_NOMEM;
+              break;
+            }
+        }
+
+      if (callback (cookie, cols, (char **) azVals, (char **) azColName))
+        /* A non-zero result means to abort.  */
+        {
+          err = SQLITE_ABORT;
+          break;
+        }
+    }
+
+ out:
+  xfree (azColName);
+
+  if (stmtp)
+    rc = sqlite3_reset (stmt);
+  else
+    rc = sqlite3_finalize (stmt);
+  if (rc == SQLITE_OK && err)
+    /* Local error.  */
+    {
+      rc = err;
+      if (errmsg)
+        {
+          const char *e = sqlite3_errstr (err);
+          size_t l = strlen (e) + 1;
+          *errmsg = sqlite3_malloc (l);
+          if (! *errmsg)
+            log_fatal ("Out of memory.\n");
+          memcpy (*errmsg, e, l);
+        }
+    }
+  else if (rc != SQLITE_OK && errmsg)
+    /* Error reported by sqlite.  */
+    {
+      const char * e = sqlite3_errmsg (db);
+      size_t l = strlen (e) + 1;
+      *errmsg = sqlite3_malloc (l);
+      if (! *errmsg)
+        log_fatal ("Out of memory.\n");
+      memcpy (*errmsg, e, l);
+    }
+
+  return rc;
+}
diff --git a/g10/sqlite.h b/g10/sqlite.h
new file mode 100644
index 0000000..7ebe8d9
--- /dev/null
+++ b/g10/sqlite.h
@@ -0,0 +1,46 @@
+/* sqlite.h - SQLite helper functions.
+ * Copyright (C) 2015 g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GNUPG_SQLITE_H
+#define GNUPG_SQLITE_H
+
+#include <sqlite3.h>
+
+enum sqlite_arg_type
+  {
+    SQLITE_ARG_END = 0xdead001,
+    SQLITE_ARG_INT,
+    SQLITE_ARG_LONG_LONG,
+    SQLITE_ARG_STRING
+  };
+
+
+int sqlite3_exec_printf (sqlite3 *db,
+                         int (*callback)(void*,int,char**,char**), void *cookie,
+                         char **errmsg,
+                         const char *sql, ...);
+
+int sqlite3_stepx (sqlite3 *db,
+                   sqlite3_stmt **stmtp,
+                   int (*callback) (void*,int,char**,char**),
+                   void *cookie,
+                   char **errmsg,
+                   const char *sql, ...);
+
+#endif
diff --git a/g10/tofu.c b/g10/tofu.c
index 43a6224..905010c 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -40,6 +40,7 @@
 #include "i18n.h"
 #include "trustdb.h"
 #include "mkdir_p.h"
+#include "sqlite.h"
 
 #include "tofu.h"
 
@@ -213,229 +214,6 @@ tofu_policy_to_trust_level (enum tofu_policy policy)
       return 0;
     }
 }
-
-/* This is a convenience function that combines sqlite3_mprintf and
-   sqlite3_exec.  */
-static int
-sqlite3_exec_printf (sqlite3 *db,
-		     int (*callback)(void*,int,char**,char**), void *cookie,
-		     char **errmsg,
-		     const char *sql, ...)
-{
-  va_list ap;
-  int rc;
-  char *sql2;
-
-  va_start (ap, sql);
-  sql2 = sqlite3_vmprintf (sql, ap);
-  va_end (ap);
-
-#if 0
-  log_debug ("tofo db: executing: '%s'\n", sql2);
-#endif
-
-  rc = sqlite3_exec (db, sql2, callback, cookie, errmsg);
-
-  sqlite3_free (sql2);
-
-  return rc;
-}
-
-enum sqlite_arg_type
-  {
-    SQLITE_ARG_END = 0xdead001,
-    SQLITE_ARG_INT,
-    SQLITE_ARG_LONG_LONG,
-    SQLITE_ARG_STRING
-  };
-
-static int
-sqlite3_stepx (sqlite3 *db,
-               sqlite3_stmt **stmtp,
-               int (*callback) (void*,int,char**,char**),
-               void *cookie,
-               char **errmsg,
-               const char *sql, ...)
-{
-  int rc;
-  int err = 0;
-  sqlite3_stmt *stmt = NULL;
-
-  va_list va;
-  int args;
-  enum sqlite_arg_type t;
-  int i;
-
-  int cols;
-  /* Names of the columns.  We initialize this lazily to avoid the
-     overhead in case the query doesn't return any results.  */
-  const char **azColName = 0;
-  int callback_initialized = 0;
-
-  const char **azVals = 0;
-
-  callback_initialized = 0;
-
-  if (stmtp && *stmtp)
-    {
-      stmt = *stmtp;
-
-      /* Make sure this statement is associated with the supplied db.  */
-      assert (db == sqlite3_db_handle (stmt));
-
-#if DEBUG_TOFU_CACHE
-      prepares_saved ++;
-#endif
-    }
-  else
-    {
-      const char *tail = NULL;
-
-      rc = sqlite3_prepare_v2 (db, sql, -1, &stmt, &tail);
-      if (rc)
-        log_fatal ("failed to prepare SQL: %s", sql);
-
-      /* We can only process a single statement.  */
-      if (tail)
-        {
-          while (*tail == ' ' || *tail == ';')
-            tail ++;
-
-          if (*tail)
-            log_fatal
-              ("sqlite3_stepx can only process a single SQL statement."
-               "  Second statement starts with: '%s'\n",
-               tail);
-        }
-
-      if (stmtp)
-        *stmtp = stmt;
-    }
-
-#if DEBUG_TOFU_CACHE
-  queries ++;
-#endif
-
-  args = sqlite3_bind_parameter_count (stmt);
-  va_start (va, sql);
-  if (args)
-    {
-      for (i = 1; i <= args; i ++)
-        {
-          t = va_arg (va, enum sqlite_arg_type);
-          switch (t)
-            {
-            case SQLITE_ARG_INT:
-              {
-                int value = va_arg (va, int);
-                err = sqlite3_bind_int (stmt, i, value);
-                break;
-              }
-            case SQLITE_ARG_LONG_LONG:
-              {
-                long long value = va_arg (va, long long);
-                err = sqlite3_bind_int64 (stmt, i, value);
-                break;
-              }
-            case SQLITE_ARG_STRING:
-              {
-                char *text = va_arg (va, char *);
-                err = sqlite3_bind_text (stmt, i, text, -1, SQLITE_STATIC);
-                break;
-              }
-            default:
-              /* Internal error.  Likely corruption.  */
-              log_fatal ("Bad value for parameter type %d.\n", t);
-            }
-
-          if (err)
-            {
-              log_fatal ("Error binding parameter %d\n", i);
-              goto out;
-            }
-        }
-
-    }
-  t = va_arg (va, enum sqlite_arg_type);
-  assert (t == SQLITE_ARG_END);
-  va_end (va);
-
-  for (;;)
-    {
-      rc = sqlite3_step (stmt);
-
-      if (rc != SQLITE_ROW)
-        /* No more data (SQLITE_DONE) or an error occured.  */
-        break;
-
-      if (! callback)
-        continue;
-
-      if (! callback_initialized)
-        {
-          cols = sqlite3_column_count (stmt);
-          azColName = xmalloc (2 * cols * sizeof (const char *) + 1);
-
-          for (i = 0; i < cols; i ++)
-            azColName[i] = sqlite3_column_name (stmt, i);
-
-          callback_initialized = 1;
-        }
-
-      azVals = &azColName[cols];
-      for (i = 0; i < cols; i ++)
-        {
-          azVals[i] = sqlite3_column_text (stmt, i);
-          if (! azVals[i] && sqlite3_column_type (stmt, i) != SQLITE_NULL)
-            /* Out of memory.  */
-            {
-              err = SQLITE_NOMEM;
-              break;
-            }
-        }
-
-      if (callback (cookie, cols, (char **) azVals, (char **) azColName))
-        /* A non-zero result means to abort.  */
-        {
-          err = SQLITE_ABORT;
-          break;
-        }
-    }
-
- out:
-  xfree (azColName);
-
-  if (stmtp)
-    rc = sqlite3_reset (stmt);
-  else
-    rc = sqlite3_finalize (stmt);
-  if (rc == SQLITE_OK && err)
-    /* Local error.  */
-    {
-      rc = err;
-      if (errmsg)
-        {
-          const char *e = sqlite3_errstr (err);
-          size_t l = strlen (e) + 1;
-          *errmsg = sqlite3_malloc (l);
-          if (! *errmsg)
-            log_fatal ("Out of memory.\n");
-          memcpy (*errmsg, e, l);
-        }
-    }
-  else if (rc != SQLITE_OK && errmsg)
-    /* Error reported by sqlite.  */
-    {
-      const char * e = sqlite3_errmsg (db);
-      size_t l = strlen (e) + 1;
-      *errmsg = sqlite3_malloc (l);
-      if (! *errmsg)
-        log_fatal ("Out of memory.\n");
-      memcpy (*errmsg, e, l);
-    }
-
-  return rc;
-}
 

 static int batch_update;
 static time_t batch_update_started;

-----------------------------------------------------------------------

Summary of changes:
 g10/Makefile.am |   2 +-
 g10/gpg.c       |   5 +-
 g10/keydb.c     |   3 +-
 g10/keyring.h   |   1 -
 g10/sqlite.c    | 252 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 g10/sqlite.h    |  62 ++++++++++++++
 g10/tofu.c      | 261 +++++++-------------------------------------------------
 g10/trustdb.c   |  27 +++---
 8 files changed, 369 insertions(+), 244 deletions(-)
 create mode 100644 g10/sqlite.c
 create mode 100644 g10/sqlite.h


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Oct 29 10:20:50 2015
From: cvs at cvs.gnupg.org (by Neal H. Walfield)
Date: Thu, 29 Oct 2015 10:20:50 +0100
Subject: [git] GnuPG - branch, neal/next, updated. gnupg-2.1.9-89-g692fe5f
Message-ID: <E1ZrjEx-0007Vd-5Z@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, neal/next has been updated
  discards  8b34fae89eab607c35f9f414549d886d3e1a0ed3 (commit)
       via  692fe5f7ac301d828085f7685e451fec3f6d06bb (commit)
       via  641df615da4937b0073c420a0503c5810c237972 (commit)
       via  d68bdc553a206e54234d5d53ad35c4ba34133118 (commit)
       via  ef052591ba51ee16bafc3c5b79d837ed8f01b520 (commit)
       via  89eee5f6b7ca3da7ebdcc3e5d069701d0834b39e (commit)
       via  99c84b49b787dab8da26cf61eed24dd4a2b77fd9 (commit)
       via  421827424fe87855307fe3e803b42ffa02738600 (commit)
       via  351f4213e192aa11500c0c590d11183edbe326c5 (commit)
       via  d25e29ad9374da1c11ccfc38f392dbab2d707042 (commit)
       via  8b6c83dcb086ef09b2676e4d5b0111c88b7b8bf8 (commit)
       via  e095a3fcf2ccc6cc4e258111dc395558069a1164 (commit)
       via  fa15a71daff8414bf4112bc2826dc495ff2fb01f (commit)
       via  1f872cb4ad2d3dcc3598fed689504c9731600caa (commit)
       via  02dc518787c5d8525c18986947a59c8ef1bd41da (commit)
       via  949a5cfdabcafab93c1ac092c0459b59318805b9 (commit)
       via  e026efb4363bc6e3c41ed533daf06f103ebd2e32 (commit)
       via  a6c2c098435a703ca02abf651ff4fa45e5a4db9a (commit)
       via  91015d021b3dcbe21ad0e580a4f34c523abf9e72 (commit)
       via  0d37a40fc34519e93af3ceffff2cd726d29576d3 (commit)
       via  68100b4a0b6118cfd2813fa73ace0df441079379 (commit)
       via  4524a2a3714f263d56bb7db349c169b456994fd9 (commit)
       via  7735bbe539af35ce16e270946d5ae798c5989d6e (commit)
       via  c18fb0d99b633bb267dead6e7c46229f4b780bc3 (commit)
       via  5b0ed7674dc718ee98e0c80aa93ce014f2b51411 (commit)
       via  5e7ac031f513ad3b60e4f092fa72b3bec0676515 (commit)
       via  0e3c9f184a5fb3e41277700d690febc2eee9600a (commit)
       via  927f34603d942868af6a7bd0f347681bbad76a94 (commit)
       via  816505958ac4308ee0dfe787d1b706982428b6cc (commit)
       via  7f65e84ac035e8f7a25639a6b09eb6000115e337 (commit)
       via  297cf8660ce346638e42934d84d746768f8bb10a (commit)
       via  cd879d4bd69a578be5a1ff96497f8c1181885563 (commit)
       via  3c4c89cc35280164b509977c5288b0a06d6f530e (commit)
       via  8b06d7f41aec6cb993445935dba7c60e033d026a (commit)
       via  e03a4a94bb67d4a6c958b37671f83456e203f325 (commit)
       via  41bb01ae792af78edd28bf1b735cacc0b3ac428a (commit)
       via  1e34007c972c1d7730cfcacd88f6bbebba7dec1d (commit)
       via  b6af3377e14fad35b9c6041b11888cabce6e8a56 (commit)
       via  6fafda979df8e7e117f8e6929bcce89513a6e746 (commit)
       via  03e230f0ea62fa7ec363e727ea1cf1344643464f (commit)
       via  9ffcb77e2565651afdeda523374bcbb24b5bd735 (commit)
       via  afbe87fa2d259b665b2d67a038a8535cfcfee094 (commit)
       via  8bccbf477878fd99baa96e11db9db99aaf1e8d91 (commit)
       via  ffe60eb3d2b8f7d6c506804ce4645d695c91f237 (commit)
       via  9afeb4cca10c3632495fe71b23df99a4878bd3a5 (commit)
       via  8c3b7915d675ca5346c17244654d5c6ab583ac44 (commit)
       via  cbaca254ac818c49c18d4480d3c7bd246cc57ae8 (commit)
       via  df57390d68482c5b3fa5ff3a42a29ae1b6cbb23c (commit)
       via  d05ff81732e20e6f9d6d7a6281a96a312b001abb (commit)
       via  243f90afba87e99ca42e2451ac5cc59d00a044ac (commit)
       via  a79045e38d239a7f6e787cf7c1132772c737cc0e (commit)
       via  85bd7d9491f8cc13c2b03f19b4f70ea13b45c704 (commit)
       via  485e0a221deb5c68f29b6a7a110b349dbe41c027 (commit)
       via  5055b617a94587580bc16a56bb82333077b05693 (commit)
       via  42571a38344e39f747315f754700a8181b8744fe (commit)
       via  58ebe50bdf4837e9ab2d3f8c6e5fcf28c66f26e9 (commit)
       via  c83b627174f46e841f1ccc018322fe499969c267 (commit)
       via  734c61dc9d4915605816803182c9adcc1594e008 (commit)
       via  26d457c218c2e93b2e2cf316f0c1074c70894d0f (commit)
       via  bc9ff6c85e2d89be4ee873b8a72a214759a66157 (commit)
       via  251c070f91e2c65baa3f1195f14a176440a8aafa (commit)
       via  d3eca517745a862432fcfeaa729e5333b15ffa6a (commit)
       via  445f94bc81b20959a667a4ad80ea6c73059540bf (commit)
       via  4957e3236796979b58f35628351505ea5f4e936a (commit)
       via  eb8a0b051faa03584b3820200e10301936e82f51 (commit)
       via  c3bb9fccb7963a0918b9ec6a4f10d568fac7c125 (commit)
       via  d1a0b520b15bb941cdbf66c2e832c617af778ac8 (commit)
       via  4e42ad300b3de9fab25095a9e82431b1ea2740e7 (commit)
       via  c37621166e9cc2a818de73bc99287a393dbb5744 (commit)
       via  a608ee750dd83bf77a5fb4f0ab5bcf812436ba4d (commit)
       via  0433e667029508d6933e8798d3d95bcdde70a7aa (commit)
       via  547a1b3fb881bb8581d03dbf4eacf49163eaa4b5 (commit)
       via  b98939812abf6c643c752ce7c325f98039a1a9e2 (commit)
       via  76afaed65e3b0ddfa4923cb577ada43217dd4b18 (commit)
       via  6983fd131f648ba4acd57b266de9868911874d14 (commit)
       via  8c609eaf35b547f02979ef0b206520dd0853b294 (commit)
       via  253afa244487dd8129816615ac2865c9fe812aaf (commit)
       via  e56a116f9a1171ccf8b3293887a217953a46fc20 (commit)
       via  55d88454652543c98d74376977d855e394df6c92 (commit)
       via  c2c400714854d5a127a6966200d345d0d6cfc7d4 (commit)
       via  558bcd43ae0a841cf1e58e06f5d72a19d5bc70cd (commit)
       via  e64c805b0c270d859ddf2c35d573110cf25e8d48 (commit)
       via  5aa1b392b1bf6fcf4cd380862c5affac39a4f34d (commit)
       via  128a456e775edf393d47e40bb9ae8b62434e2978 (commit)
       via  f77913e0ff7be4cd9c6337a70ac715e6f4a43572 (commit)

This update added new revisions after undoing existing revisions.  That is
to say, the old revision is not a strict subset of the new revision.  This
situation occurs when you --force push a change and generate a repository
containing something like this:

 * -- * -- B -- O -- O -- O (8b34fae89eab607c35f9f414549d886d3e1a0ed3)
            \
             N -- N -- N (692fe5f7ac301d828085f7685e451fec3f6d06bb)

When this happens we assume that you've already had alert emails for all
of the O revisions, and so we here report only the revisions in the N
branch from the common base, B.

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 692fe5f7ac301d828085f7685e451fec3f6d06bb
Author: Neal H. Walfield <neal at g10code.com>
Date:   Thu Oct 29 10:18:13 2015 +0100

    New key db.

diff --git a/g10/Makefile.am b/g10/Makefile.am
index 2fe5c9a..766e4b7 100644
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@@ -29,7 +29,7 @@ include $(top_srcdir)/am/cmacros.am
 AM_CFLAGS = $(SQLITE3_CFLAGS) $(LIBGCRYPT_CFLAGS) \
             $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS)
 
-needed_libs = ../kbx/libkeybox.a $(libcommon)
+needed_libs = ../kbx/libkeybox.a $(libcommon) $(SQLITE3_LIBS)
 
 bin_PROGRAMS = gpg2
 if !HAVE_W32CE_SYSTEM
@@ -57,7 +57,7 @@ trust_source = trustdb.c trustdb.h tdbdump.c tdbio.c tdbio.h
 endif
 
 if USE_TOFU
-tofu_source = tofu.h tofu.c sqlite.c sqlite.h
+tofu_source = tofu.h tofu.c
 else
 tofu_source =
 endif
@@ -101,7 +101,9 @@ common_source =  \
 	      sig-check.c	\
 	      keylist.c 	\
 	      pkglue.c pkglue.h \
-	      ecdh.c
+	      ecdh.c            \
+	      kdb.c kdb.h       \
+	      sqlite.c sqlite.h
 
 gpg2_SOURCES  = gpg.c		\
 	      server.c          \
@@ -147,7 +149,7 @@ gpgv2_SOURCES = gpgv.c           \
 
 LDADD =  $(needed_libs) ../common/libgpgrl.a \
          $(ZLIBS) $(LIBINTL) $(CAPLIBS) $(NETLIBS)
-gpg2_LDADD = $(LDADD) $(SQLITE3_LIBS) $(LIBGCRYPT_LIBS) $(LIBREADLINE) \
+gpg2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(LIBREADLINE) \
              $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \
 	     $(LIBICONV) $(resource_objs) $(extra_sys_libs)
 gpg2_LDFLAGS = $(extra_bin_ldflags)
diff --git a/g10/kdb.c b/g10/kdb.c
new file mode 100644
index 0000000..a60c884
--- /dev/null
+++ b/g10/kdb.c
@@ -0,0 +1,938 @@
+#include <config.h>
+#include <assert.h>
+#include <sqlite3.h>
+
+#include "gpg.h"
+#include "util.h"
+#include "logging.h"
+#include "i18n.h"
+#include "mbox-util.h"
+#include "sqlite.h"
+
+#include "kdb.h"
+
+struct kdb_resource
+{
+  struct kdb_resource *next;
+  int read_only;
+  sqlite3 *db;
+  char fname[1];
+};
+typedef struct kdb_resource *KDB_RESOURCE;
+typedef struct kdb_resource const * CONST_KDB_RESOURCE;
+
+/* All registered resources.  */
+static KDB_RESOURCE kdb_resources;
+
+struct keydb_handle {
+  CONST_KDB_RESOURCE resource;
+  /* Current key.  */
+  long long int key;
+  int eof;
+  struct {
+    long long int key;
+    int pk_no;
+    int uid_no;
+  } found, saved_found;
+};
+
+/* RESOURCE is a value returned by a previous call to
+   kdb_register_file in *RESOURCEP.  */
+KDB_HANDLE
+kdb_new (void *resource)
+{
+  KDB_RESOURCE r;
+  KDB_HANDLE hd;
+
+  /* Assert that the resource was indeed previously registered.  */
+  for (r = kdb_resources; r; r = r->next)
+    if (r == resource)
+      break;
+  assert (r);
+
+  hd = xmalloc_clear (sizeof (*hd));
+  hd->resource = resource;
+  hd->key = -1;
+  return hd;
+}
+
+
+/* Collect a series of integers from a query.  Aborts if the argument
+   is not a valid integer (or real of the form X.0).  COOKIE points to
+   an array of unsigned long ints, which has enough space for ARGC
+   values.  */
+static int
+get_unsigned_longs_cb (void *cookie, int argc, char **argv, char **azColName)
+{
+  unsigned long int *values = cookie;
+  int i;
+  char *tail = NULL;
+
+  (void) azColName;
+
+  for (i = 0; i < argc; i ++)
+    {
+      errno = 0;
+      values[i] = strtoul (argv[i], &tail, 0);
+      if (errno || ! (strcmp (tail, ".0") == 0 || *tail == '\0'))
+        /* Abort.  */
+        return 1;
+    }
+
+  return 0;
+}
+
+static int
+get_unsigned_longs_cb2 (void *cookie, int argc, char **argv, char **azColName,
+                        sqlite3_stmt *stmt)
+{
+  (void) stmt;
+  return get_unsigned_longs_cb (cookie, argc, argv, azColName);
+}
+
+/* We expect a single integer column whose name is "version".  COOKIE
+   must point to an int.  This function always aborts.  On error or a
+   if the version is bad, sets *VERSION to -1.  */
+static int
+version_check_cb (void *cookie, int argc, char **argv, char **azColName)
+{
+  int *version = cookie;
+
+  if (argc != 1 || strcmp (azColName[0], "version") != 0)
+    {
+      *version = -1;
+      return 1;
+    }
+
+  if (strcmp (argv[0], "1") == 0)
+    *version = 1;
+  else
+    {
+      log_error (_("unsupported TOFU DB version: %s\n"), argv[0]);
+      *version = -1;
+    }
+
+  /* Don't run again.  */
+  return 1;
+}
+
+/* Register a new file.  If the file has already been registered then
+   returns NULL otherwise returns */
+gpg_error_t
+kdb_register_file (const char *fname, int read_only, void **resourcep)
+{
+  KDB_RESOURCE resource;
+  int rc;
+  sqlite3 *db = NULL;
+  char *err;
+  unsigned long int count;
+  int need_init = 1;
+
+  for (resource = kdb_resources; resource; resource = resource->next)
+    if (same_file_p (resource->fname, fname))
+      {
+        if (resourcep)
+          *resourcep = resource;
+        if (read_only)
+          resource->read_only = 1;
+        return 0;
+      }
+
+  rc = sqlite3_open_v2 (fname, &db,
+                        read_only
+                        ? SQLITE_OPEN_READONLY
+                        : (SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE),
+                        NULL);
+  if (rc)
+    {
+      log_error ("Failed to open the key db '%s': %s\n",
+                 fname, sqlite3_errstr (rc));
+      return rc;
+    }
+
+  /* If the DB has no tables, then assume this is a new DB that needs
+     to be initialized.  */
+  rc = sqlite3_exec (db,
+		     "select count(*) from sqlite_master where type='table';",
+		     get_unsigned_longs_cb, &count, &err);
+  if (rc)
+    {
+      log_error (_("error querying kdb's available tables: %s\n"),
+		 err);
+      sqlite3_free (err);
+      goto out;
+    }
+  else if (count != 0)
+    /* Assume that the DB is already initialized.  Make sure the
+       version is okay.  */
+    {
+      int version = -1;
+      rc = sqlite3_exec (db, "select version from version;", version_check_cb,
+			 &version, &err);
+      if (rc == SQLITE_ABORT && version == 1)
+	/* Happy, happy, joy, joy.  */
+	{
+	  sqlite3_free (err);
+          rc = 0;
+          need_init = 0;
+	}
+      else if (rc == SQLITE_ABORT && version == -1)
+	/* Unsupported version.  */
+	{
+	  /* An error message was already displayed.  */
+	  sqlite3_free (err);
+          goto out;
+	}
+      else if (rc)
+	/* Some error.  */
+	{
+	  log_error (_("error determining kdb's version: %s\n"), err);
+	  sqlite3_free (err);
+          goto out;
+	}
+      else
+	/* Unexpected success.  This can only happen if there are no
+	   rows.  */
+	{
+	  log_error (_("error determining kdb's version: %s\n"),
+		     "select returned 0, but expected ABORT");
+          rc = 1;
+          goto out;
+	}
+    }
+
+  if (need_init)
+    {
+      /* Create the version table.  */
+      rc = sqlite3_exec (db,
+                         "create table version (version INTEGER);",
+                         NULL, NULL, &err);
+      if (rc)
+        {
+          log_error (_("error initializing kdb database (%s): %s\n"),
+                     "version", err);
+          sqlite3_free (err);
+          goto out;
+        }
+
+      /* Initialize the version table, which contains a single integer
+         value.  */
+      rc = sqlite3_exec (db,
+                         "insert into version values (1);",
+                         NULL, NULL, &err);
+      if (rc)
+        {
+          log_error (_("error initializing kdb database (%s): %s\n"),
+                     "version, init", err);
+          sqlite3_free (err);
+          goto out;
+        }
+
+      /* We have 3 tables:
+
+         primaries - the list of all primary keys and the key block.
+
+         keys - the list of all keys and subkeys.
+
+         user ids - the list of all user ids.  */
+
+      rc = sqlite3_exec
+        (db,
+         /* Enable foreign key constraints.  */
+         "pragma foreign_keys = on;\n"
+         "create table primaries\n"
+         " (oid INTEGER PRIMARY KEY AUTOINCREMENT,\n"
+         "  fingerprint_rev TEXT COLLATE NOCASE, keyblock BLOB);\n"
+         "create index primaries_fingerprint on primaries\n"
+         " (fingerprint_rev COLLATE NOCASE);\n"
+         "\n"
+         "create table keys\n"
+         " (primary_key INTEGER, fingerprint_rev TEXT COLLATE NOCASE,\n"
+         "  pk_no INTEGER,\n"
+         "  unique (primary_key, pk_no),\n"
+         "  foreign key (primary_key) references primaries(oid));\n"
+         "create index keys_fingerprint_primary_key_pk_no on keys\n"
+         " (fingerprint_rev COLLATE NOCASE, primary_key, pk_no);\n"
+         "create index keys_primary_key_pk_no on keys (primary_key, pk_no);\n"
+         "\n"
+         /* XXX: Is COLLATE NOCASE reasonable?  */
+         "create table uids\n"
+         " (primary_key INTEGER, uid TEXT COLLATE NOCASE,\n"
+         "  email TEXT COLLATE NOCASE, uid_no INTEGER,\n"
+         "  unique (primary_key, uid_no),\n"
+         "  foreign key (primary_key) references primaries(oid));\n"
+         "create index uids_ordered on uids (primary_key, uid_no);\n"
+         /* In most cases, we search for a substring (like
+            '%foo at bar.com%'.  This can't exploit an index so the
+            following indices mostly represent overhead.  */
+#if 0
+         "create index uids_uid_ordered on uids\n"
+         " (uid COLLATE NOCASE, primary_key, uid_no);\n"
+         "create index uids_email_ordered on uids\n"
+         " (email COLLATE NOCASE, primary_key, uid_no);\n"
+#endif
+         ,
+         NULL, NULL, &err);
+      if (rc)
+        {
+          log_error (_("error initializing kdb database: %s\n"), err);
+          sqlite3_free (err);
+          goto out;
+        }
+    }
+
+  resource = xmalloc_clear (sizeof *resource + strlen (fname));
+  strcpy (resource->fname, fname);
+  resource->read_only = read_only;
+  resource->db = db;
+  resource->next = kdb_resources;
+  kdb_resources = resource;
+
+  if (resourcep)
+    *resourcep = resource;
+
+ out:
+  if (rc)
+    {
+      if (resourcep)
+        *resourcep = NULL;
+
+      sqlite3_close (db);
+      return gpg_error (GPG_ERR_GENERAL);
+    }
+
+  return 0;
+}
+
+int
+kdb_is_writable (void *token)
+{
+  KDB_RESOURCE resource = token;
+  if (resource->read_only)
+    return 0;
+  return 1;
+}
+
+/* Release the handle.  */
+void
+kdb_release (KDB_HANDLE hd)
+{
+  KDB_RESOURCE r;
+
+  if (! hd)
+    return;
+
+  /* Check for double frees.  */
+  assert (hd->resource);
+  for (r = kdb_resources; r; r = r->next)
+    if (r == hd->resource)
+      break;
+  assert (r);
+
+  hd->resource = NULL;
+
+  xfree (hd);
+}
+
+void
+kdb_push_found_state (KDB_HANDLE hd)
+{
+  hd->saved_found = hd->found;
+  hd->found.key = -1;
+}
+
+void
+kdb_pop_found_state (KDB_HANDLE hd)
+{
+  hd->found = hd->saved_found;
+  hd->saved_found.key = -1;
+}
+
+const char *
+kdb_get_resource_name (KDB_HANDLE hd)
+{
+  if (!hd || !hd->resource)
+    return NULL;
+  return hd->resource->fname;
+}
+
+/* If YES is 1, lock the DB.  Otherwise, unlock it.  Returns an error
+   code if locking failed.  */
+int
+kdb_lock (KDB_HANDLE hd, int yes)
+{
+  int rc;
+  char *err;
+
+  if (yes)
+    /* Lock.  */
+    {
+      rc = sqlite3_exec (hd->resource->db, "begin transaction;",
+                         NULL, NULL, &err);
+      if (rc)
+        {
+          log_error (_("error beginning transaction on KDB database: %s\n"),
+                     err);
+          sqlite3_free (err);
+          return 1;
+        }
+
+      return 0;
+    }
+  else
+    /* Unlock.  */
+    {
+      rc = sqlite3_exec (hd->resource->db, "end transaction;", NULL, NULL, &err);
+      if (rc)
+        {
+          log_error (_("error ending transaction on KDB database: %s\n"),
+                     err);
+          sqlite3_free (err);
+          return 1;
+        }
+
+      return 0;
+    }
+}
+
+static int
+keyblock_cb (void *cookie, int cols, char **values, char **names,
+             sqlite3_stmt *stmt)
+{
+  iobuf_t *iobuf = cookie;
+  const char *data = sqlite3_column_blob (stmt, 0);
+  long long len = sqlite3_column_bytes (stmt, 0);
+
+  (void) cols;
+  (void) values;
+  (void) names;
+
+  assert (! *iobuf);
+  *iobuf = iobuf_temp_with_content (data, len);
+
+  /* Abort to indicate success.  */
+  return 1;
+}
+
+int
+kdb_get_keyblock (KDB_HANDLE hd, iobuf_t *iobuf,
+                  int *pk_no, int *uid_no, u32 **sigstatus)
+{
+  int rc;
+  char *err;
+  sqlite3_stmt *stmt = NULL;
+
+  /* XXX: Fill these in.  */
+  *sigstatus = NULL;
+
+  if (pk_no)
+    *pk_no = 0;
+  if (uid_no)
+    *uid_no = 0;
+
+  if (hd->found.key == -1)
+    /* Got nothing.  */
+    return gpg_error (GPG_ERR_EOF);
+
+  *iobuf = NULL;
+  rc = sqlite3_stepx
+    (hd->resource->db,
+     &stmt, keyblock_cb, iobuf, &err,
+     "select keyblock from primaries where oid = ?",
+     SQLITE_ARG_LONG_LONG, hd->found.key, SQLITE_ARG_END);
+  if (rc == SQLITE_ABORT)
+    /* Success.  */
+    {
+      assert (*iobuf);
+      rc = 0;
+      if (uid_no)
+        *uid_no = hd->found.uid_no;
+      if (pk_no)
+        *pk_no = hd->found.pk_no;
+    }
+  else if (! rc)
+    /* If we don't get an abort, then we didn't find the record.  */
+    rc = gpg_error (GPG_ERR_NOT_FOUND);
+  else
+    {
+      log_error (_("reading keyblock from keydb DB: %s\n"), err);
+      sqlite3_free (err);
+      rc = gpg_error (GPG_ERR_GENERAL);
+    }
+
+  sqlite3_finalize (stmt);
+  return rc;
+}
+
+int
+kdb_update_keyblock (KDB_HANDLE hd, kbnode_t kb,
+                     const void *image, size_t imagelen)
+{
+  (void) hd;
+  (void) kb;
+  (void) image;
+  (void) imagelen;
+
+  log_fatal ("Implement %s.", __func__);
+}
+
+static char *
+strrev (char *str)
+{
+  int i;
+  int l = strlen (str);
+
+  for (i = 0; i < l / 2; i ++)
+    {
+      char t = str[i];
+      str[i] = str[l - 1 - i];
+      str[l - 1 - i] = t;
+    }
+
+  return str;
+}
+
+static char *
+fingerprint_ascii_rev (char *fingerprint_bin, int len)
+{
+  char *fingerprint = xmalloc (2 * len + 1);
+  bin2hex (fingerprint_bin, len, fingerprint);
+  return strrev (fingerprint);
+}
+
+gpg_error_t
+kdb_insert_keyblock (KDB_HANDLE hd, kbnode_t root,
+                     const void *image, size_t imagelen, u32 *sigstatus)
+{
+  PKT_public_key *mainpk = root->pkt->pkt.public_key;
+  char fingerprint_bin[MAX_FINGERPRINT_LEN];
+  size_t fingerprint_bin_len = sizeof (fingerprint_bin);
+  char *fingerprint_rev = NULL;
+
+  int rc;
+  char *err;
+
+  sqlite3_stmt *uid_stmt = NULL;
+  sqlite3_stmt *key_stmt = NULL;
+
+  long long oid;
+  int uid_no;
+  int pk_no;
+  kbnode_t k;
+
+  /* FIXME: Use sigstatus?  */
+  (void) sigstatus;
+
+  if (!hd)
+    return gpg_error (GPG_ERR_INV_VALUE);
+
+
+  /* XXX: If we have a search result (hd->found), are we supposed to
+     replace it even if it isn't for the same key?  */
+  /* See if we are replacing or adding this record to the
+     database.  */
+  fingerprint_from_pk (mainpk, fingerprint_bin, &fingerprint_bin_len);
+  assert (fingerprint_bin_len == sizeof (fingerprint_bin));
+  fingerprint_rev = fingerprint_ascii_rev (fingerprint_bin,
+                                           fingerprint_bin_len);
+
+  oid = -1;
+  rc = sqlite3_stepx
+    (hd->resource->db, NULL, get_unsigned_longs_cb2, &oid, &err,
+     "select oid from primaries where fingerprint_rev = ?;",
+     SQLITE_ARG_STRING, fingerprint_rev, SQLITE_ARG_END);
+  if (rc)
+    {
+      log_error (_("looking up key in keydb DB: %s\n"), err);
+      sqlite3_free (err);
+      return gpg_error (GPG_ERR_GENERAL);
+    }
+
+  if (oid != -1)
+    /* This key is already in the DB.  Replace it.  */
+    {
+      rc = sqlite3_exec_printf
+        (hd->resource->db, NULL, NULL, &err,
+         "delete from primaries where oid = %lld;"
+         "delete from keys where primary_key = %lld;"
+         "delete from uids where primary_key = %lld;",
+         oid, oid, oid);
+      if (rc)
+        {
+          log_error (_("updating key in keydb DB: %s\n"), err);
+          sqlite3_free (err);
+          return gpg_error (GPG_ERR_GENERAL);
+        }
+
+      /* Reuse the oid.  So that any extant search won't return the
+         new record.  */
+      rc = sqlite3_stepx
+        (hd->resource->db, NULL, NULL, NULL, &err,
+         "insert into primaries (oid, fingerprint_rev, keyblock)\n"
+         " values (?, ?, ?);",
+         SQLITE_ARG_LONG_LONG, oid,
+         SQLITE_ARG_STRING, fingerprint_rev,
+         SQLITE_ARG_BLOB, image, (long long) imagelen,
+         SQLITE_ARG_END);
+    }
+  else
+    rc = sqlite3_stepx
+      (hd->resource->db, NULL, NULL, NULL, &err,
+       "insert into primaries (fingerprint_rev, keyblock) values (?, ?);",
+       SQLITE_ARG_STRING, fingerprint_rev,
+       SQLITE_ARG_BLOB, image, (long long) imagelen,
+       SQLITE_ARG_END);
+  if (rc)
+    {
+      log_error (_("inserting %s record into keydb DB: %s\n"),
+                 "primary key", err);
+      sqlite3_free (err);
+      return gpg_error (GPG_ERR_GENERAL);
+    }
+
+  xfree (fingerprint_rev);
+  fingerprint_rev = NULL;
+
+  oid = sqlite3_last_insert_rowid (hd->resource->db);
+
+  uid_no = 0;
+  pk_no = 0;
+  for (k = root; k; k = k->next)
+    {
+      if (k->pkt->pkttype == PKT_USER_ID)
+        {
+          PKT_user_id *uid = k->pkt->pkt.user_id;
+          const char *user_id = uid->name;
+          char *email = mailbox_from_userid (user_id);
+
+          uid_no ++;
+
+          rc = sqlite3_stepx
+            (hd->resource->db, &uid_stmt, NULL, NULL, &err,
+             "insert into uids (primary_key, uid, email, uid_no)"
+             " values (?, ?, ?, ?);",
+             SQLITE_ARG_LONG_LONG, oid,
+             SQLITE_ARG_STRING, user_id, SQLITE_ARG_STRING, email,
+             SQLITE_ARG_INT, uid_no,
+             SQLITE_ARG_END);
+          xfree (email);
+          if (rc)
+            {
+              log_error (_("inserting %s record into keydb DB: %s\n"),
+                         "uid", err);
+              sqlite3_free (err);
+              return gpg_error (GPG_ERR_GENERAL);
+            }
+        }
+      else if (k->pkt->pkttype == PKT_PUBLIC_KEY
+               || k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+        {
+          PKT_public_key *pk = k->pkt->pkt.public_key;
+
+          pk_no ++;
+
+          fingerprint_from_pk (pk, fingerprint_bin, &fingerprint_bin_len);
+          assert (fingerprint_bin_len == sizeof (fingerprint_bin));
+          fingerprint_rev = fingerprint_ascii_rev (fingerprint_bin,
+                                                   fingerprint_bin_len);
+
+          rc = sqlite3_stepx
+            (hd->resource->db, &key_stmt, NULL, NULL, &err,
+             "insert into keys (primary_key, fingerprint_rev, pk_no)"
+             " values (?, ?, ?);",
+             SQLITE_ARG_LONG_LONG, oid,
+             SQLITE_ARG_STRING, fingerprint_rev,
+             SQLITE_ARG_INT, pk_no,
+             SQLITE_ARG_END);
+
+          xfree (fingerprint_rev);
+          fingerprint_rev = NULL;
+
+          if (rc)
+            {
+              log_error (_("inserting %s record into keydb DB: %s\n"),
+                         "key", err);
+              sqlite3_free (err);
+              return gpg_error (GPG_ERR_GENERAL);
+            }
+        }
+    }
+
+  sqlite3_finalize (uid_stmt);
+  sqlite3_finalize (key_stmt);
+
+  return 0;
+}
+
+int
+kdb_delete (KDB_HANDLE hd)
+{
+  int rc;
+  char *err;
+
+  if (!hd)
+    return gpg_error (GPG_ERR_INV_VALUE);
+
+  if (hd->found.key == -1)
+    /* No search result.  */
+    return gpg_error (GPG_ERR_NOTHING_FOUND);
+
+  rc = sqlite3_exec_printf
+    (hd->resource->db, NULL, NULL, &err,
+     "begin transaction;\n"
+     "delete from keys where primary = %d;\n"
+     "delete from uids where primary = %d;\n"
+     "delete from primaries where oid = %d;\n"
+     "end transaction;\n",
+     hd->found.key, hd->found.key, hd->found.key);
+  if (rc)
+    {
+      log_error (_("error deleting key from kdb database: %s\n"), err);
+      sqlite3_free (err);
+      rc = gpg_error (GPG_ERR_GENERAL);
+    }
+
+  return rc;
+}
+
+int
+kdb_search_reset (KDB_HANDLE hd)
+{
+  hd->key = -1;
+  hd->eof = 0;
+  return 0;
+}
+
+int
+kdb_search (KDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
+            size_t ndesc, size_t *descindex)
+{
+  int n;
+  char *where_uid = NULL;
+  char *where_key = NULL;
+  char *text;
+  int anyskip = 0;
+  /* This must match the number of items that are returned.  */
+  unsigned long int result[3];
+  int rc = 0;
+  char *err = NULL;
+  char *sql = NULL;
+
+  result[0] = -1;
+
+  /* If we are doing a scan, just get the next record.  */
+  for (n = 0; n < ndesc; n ++)
+    {
+      if (desc[n].mode == KEYDB_SEARCH_MODE_FIRST)
+        {
+          kdb_search_reset (hd);
+          rc = sqlite3_exec (hd->resource->db,
+                             "select min(oid) from primaries",
+                             get_unsigned_longs_cb, result, &err);
+        }
+      else if (desc[n].mode == KEYDB_SEARCH_MODE_NEXT)
+        rc = sqlite3_exec_printf
+          (hd->resource->db, get_unsigned_longs_cb, result, &err,
+           "select oid from primaries where oid > %lld order by oid limit 1",
+           hd->key);
+      else
+        continue;
+
+      if (rc)
+        {
+          log_fatal ("error getting next record: %s\n", err);
+          sqlite3_free (err);
+        }
+      else if (result[0] == -1)
+        /* EOF.  */
+        hd->eof = 1;
+      else
+        {
+          hd->key = hd->found.key = result[0];
+          hd->found.pk_no = hd->found.uid_no = 0;
+        }
+
+      goto out;
+    }
+
+  if (hd->eof)
+    /* We're at the end of the file.  There is nothing else to get.  */
+    return gpg_error (GPG_ERR_EOF);
+
+#define ADD_TERM(thing, op, fmt, ...) do {              \
+    char *t = sqlite3_mprintf                           \
+      ("%s%s("fmt")",                                   \
+       thing ? thing : "", thing ? "\n "op" " : "",     \
+       ##__VA_ARGS__);                                  \
+    sqlite3_free (thing);                               \
+    thing = t;                                          \
+  } while (0)
+#define O(thing, fmt, ...) ADD_TERM(thing, "OR", fmt, ##__VA_ARGS__)
+#define A(thing, fmt, ...) ADD_TERM(thing, "AND", fmt, ##__VA_ARGS__)
+
+  if (descindex)
+    log_fatal ("Implement descindex\n");
+
+  for (n = 0; n < ndesc; n ++)
+    {
+      KEYDB_SEARCH_DESC *d = &desc[n];
+
+      switch (d->mode)
+        {
+        case KEYDB_SEARCH_MODE_EXACT:
+          O(where_uid, "uids.uid = %Q", desc[n].u.name);
+          break;
+
+        case KEYDB_SEARCH_MODE_SUBSTR:
+        case KEYDB_SEARCH_MODE_MAIL:
+        case KEYDB_SEARCH_MODE_MAILSUB:
+        case KEYDB_SEARCH_MODE_MAILEND:
+          {
+            char *escaped = xmalloc (1 + 2 * strlen (d->u.name) + 1 + 1);
+            int i, j = 0;
+
+            if (d->mode == KEYDB_SEARCH_MODE_SUBSTR
+                || d->mode == KEYDB_SEARCH_MODE_MAILSUB
+                || d->mode == KEYDB_SEARCH_MODE_MAILEND)
+              escaped[j ++] = '%';
+
+            for (i = 0; i < strlen (d->u.name); i ++)
+              {
+                if (d->u.name[i] == '%' || d->u.name[i] == '_'
+                    || d->u.name[i] == '\'' || d->u.name[i] == '\\')
+                  escaped[j ++] = '\\';
+                escaped[j ++] = d->u.name[i];
+              }
+
+            if (d->mode == KEYDB_SEARCH_MODE_SUBSTR
+                || d->mode == KEYDB_SEARCH_MODE_MAILSUB)
+              escaped[j ++] = '%';
+
+            escaped[j] = 0;
+
+            O(where_uid, "uids.%s like %Q",
+              d->mode == KEYDB_SEARCH_MODE_SUBSTR ? "uid" : "email",
+              escaped);
+          }
+          break;
+
+
+        case KEYDB_SEARCH_MODE_WORDS:
+          log_fatal ("Implement me!\n");
+          break;
+
+
+        case KEYDB_SEARCH_MODE_SHORT_KID:
+          text = bin2hex (&d->u.kid[1], 4, NULL);
+          /* Fall through.  */
+
+        case KEYDB_SEARCH_MODE_LONG_KID:
+          if (d->mode == KEYDB_SEARCH_MODE_LONG_KID)
+            {
+              text = xmalloc (17);
+              bin2hex (&d->u.kid[1], 4, text);
+              bin2hex (&d->u.kid[0], 4, &text[strlen (text)]);
+              strrev (text);
+            }
+
+          O(where_key, "keys.fingerprint_rev like '%s%%'", text);
+          xfree (text);
+          break;
+
+        case KEYDB_SEARCH_MODE_FPR16:
+          if (d->mode == KEYDB_SEARCH_MODE_FPR16)
+            text = bin2hex (d->u.fpr, 16, NULL);
+          /* Fall through.  */
+
+        case KEYDB_SEARCH_MODE_FPR20:
+        case KEYDB_SEARCH_MODE_FPR:
+          if (d->mode == KEYDB_SEARCH_MODE_FPR20
+              || d->mode == KEYDB_SEARCH_MODE_FPR)
+            text = bin2hex (d->u.fpr, 20, NULL);
+
+          strrev (text);
+          O(where_key, "keys.fingerprint_rev = '%s'", text);
+          xfree (text);
+          break;
+
+        case KEYDB_SEARCH_MODE_FIRST:
+        case KEYDB_SEARCH_MODE_NEXT:
+          /* Already handled above.  */
+          break;
+
+        default:
+          break;
+        }
+
+      if (d->skipfnc)
+        anyskip = 1;
+    }
+
+  if (anyskip)
+    log_fatal ("Implement anyskip.");
+
+  assert (where_uid || where_key);
+  if (where_uid && where_key)
+    sql = sqlite3_mprintf
+      ("select keys.primary_key, keys.pk_no, uids.uid_no\n"
+       " from primaries\n"
+       " left join keys on primaries.oid = keys.primary_key\n"
+       " left join uids on primaries.oid = uids.primary_key\n"
+       " where %s%lld and (%s and %s)\n"
+       " order by keys.primary_key, keys.pk_no, uids.uid_no\n"
+       " limit 1\n",
+       hd->key == -1 ? "" : "keys.primary_key > ", hd->key,
+       where_uid, where_key);
+  else if (where_key)
+    sql = sqlite3_mprintf
+      ("select primary_key, pk_no\n"
+       " from keys\n"
+       " where %s%lld and (%s)\n"
+       " order by primary_key, pk_no\n"
+       " limit 1;\n",
+       hd->key == -1 ? "" : "primary_key > ", hd->key, where_key);
+  else
+    sql = sqlite3_mprintf
+      ("select primary_key, uid_no\n"
+       " from uids\n"
+       " where %s%lld and (%s)\n"
+       " order by primary_key, uid_no\n"
+       " limit 1;\n",
+       hd->key == -1 ? "" : "primary_key > ", hd->key, where_uid);
+#if 0
+  log_info("Running '%s'\n", sql);
+#endif
+  rc = sqlite3_exec (hd->resource->db, sql, get_unsigned_longs_cb, result, &err);
+  if (rc)
+    {
+      log_fatal ("error search DB: %s\n", err);
+      sqlite3_free (err);
+      goto out;
+    }
+
+  if (result[0] == -1)
+    /* No result.  */
+    hd->eof = 1;
+  else
+    {
+      hd->key = result[0];
+      hd->found.key = result[0];
+      hd->found.pk_no = result[1];
+      hd->found.uid_no = result[2];
+    }
+
+ out:
+  sqlite3_free (sql);
+  sqlite3_free (where_uid);
+  sqlite3_free (where_key);
+
+  if (rc)
+    return gpg_error (GPG_ERR_GENERAL);
+  if (hd->eof)
+    {
+      hd->key = -1;
+      return gpg_error (GPG_ERR_EOF);
+    }
+
+  return 0;
+}
diff --git a/g10/kdb.h b/g10/kdb.h
new file mode 100644
index 0000000..55e6962
--- /dev/null
+++ b/g10/kdb.h
@@ -0,0 +1,29 @@
+#ifndef GNUPG_KDB_H
+#define GNUPG_KDB_H
+
+#include "keydb.h"
+
+typedef struct keydb_handle *KDB_HANDLE;
+
+gpg_error_t kdb_register_file (const char *fname, int read_only, void **ptr);
+int kdb_is_writable (void *token);
+
+KDB_HANDLE kdb_new (void *token);
+void kdb_release (KDB_HANDLE hd);
+void kdb_push_found_state (KDB_HANDLE hd);
+void kdb_pop_found_state (KDB_HANDLE hd);
+const char *kdb_get_resource_name (KDB_HANDLE hd);
+int kdb_lock (KDB_HANDLE hd, int yes);
+int kdb_get_keyblock (KDB_HANDLE hd, iobuf_t *iobuf,
+                      int *pk_no, int *uid_no, u32 **sigstatus);
+int kdb_update_keyblock (KDB_HANDLE hd, kbnode_t kb,
+                         const void *image, size_t imagelen);
+gpg_error_t kdb_insert_keyblock (KDB_HANDLE hd, kbnode_t kb,
+                                 const void *image, size_t imagelen,
+                                 u32 *sigstatus);
+int kdb_delete (KDB_HANDLE hd);
+int kdb_search_reset (KDB_HANDLE hd);
+int kdb_search (KDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
+                size_t ndesc, size_t *descindex);
+
+#endif
diff --git a/g10/keydb.c b/g10/keydb.c
index bcafe90..fb79377 100644
--- a/g10/keydb.c
+++ b/g10/keydb.c
@@ -37,6 +37,7 @@
 #include "../kbx/keybox.h"
 #include "keydb.h"
 #include "i18n.h"
+#include "kdb.h"
 
 static int active_handles;
 
@@ -44,7 +45,8 @@ typedef enum
   {
     KEYDB_RESOURCE_TYPE_NONE = 0,
     KEYDB_RESOURCE_TYPE_KEYRING,
-    KEYDB_RESOURCE_TYPE_KEYBOX
+    KEYDB_RESOURCE_TYPE_KEYBOX,
+    KEYDB_RESOURCE_TYPE_KEYDB
   } KeydbResourceType;
 #define MAX_KEYDB_RESOURCES 40
 
@@ -54,6 +56,7 @@ struct resource_item
   union {
     KEYRING_HANDLE kr;
     KEYBOX_HANDLE kb;
+    KDB_HANDLE kdb;
   } u;
   void *token;
 };
@@ -251,13 +254,14 @@ keyblock_cache_clear (struct keydb_handle *hd)
 /* Handle the creation of a keyring or a keybox if it does not yet
    exist.  Take into account that other processes might have the
    keyring/keybox already locked.  This lock check does not work if
-   the directory itself is not yet available.  If IS_BOX is true the
-   filename is expected to refer to a keybox.  If FORCE_CREATE is true
-   the keyring or keybox will be created.
+   the directory itself is not yet available.  RT is the type of
+   resource being created.  If FORCE_CREATE is true the keyring or
+   keybox will be created.
 
    Return 0 if it is okay to access the specified file.  */
 static int
-maybe_create_keyring_or_box (char *filename, int is_box, int force_create)
+maybe_create_resource (char *filename, KeydbResourceType rt,
+                             int force_create)
 {
   dotlock_t lockhd = NULL;
   IOBUF iobuf;
@@ -361,12 +365,25 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force_create)
   if (!iobuf)
     {
       rc = gpg_error_from_syserror ();
-      if (is_box)
-        log_error (_("error creating keybox '%s': %s\n"),
-                   filename, gpg_strerror (rc));
-      else
-        log_error (_("error creating keyring '%s': %s\n"),
-                   filename, gpg_strerror (rc));
+      switch (rt)
+        {
+        case KEYDB_RESOURCE_TYPE_NONE:
+          log_fatal ("Bad value for resource type: %d\n", rt);
+          break;
+
+        case KEYDB_RESOURCE_TYPE_KEYRING:
+          log_error (_("error creating keyring '%s': %s\n"),
+                     filename, gpg_strerror (rc));
+          break;
+        case KEYDB_RESOURCE_TYPE_KEYBOX:
+          log_error (_("error creating keybox '%s': %s\n"),
+                     filename, gpg_strerror (rc));
+          break;
+        case KEYDB_RESOURCE_TYPE_KEYDB:
+          log_error (_("error creating keydb '%s': %s\n"),
+                     filename, gpg_strerror (rc));
+          break;
+        }
       goto leave;
     }
 
@@ -376,7 +393,7 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force_create)
 
   /* Make sure that at least one record is in a new keybox file, so
      that the detection magic will work the next time it is used.  */
-  if (is_box)
+  if (rt == KEYDB_RESOURCE_TYPE_KEYBOX)
     {
       FILE *fp = fopen (filename, "w");
       if (!fp)
@@ -388,22 +405,29 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force_create)
         }
       if (rc)
         {
-          if (is_box)
-            log_error (_("error creating keybox '%s': %s\n"),
-                       filename, gpg_strerror (rc));
-          else
-            log_error (_("error creating keyring '%s': %s\n"),
-                       filename, gpg_strerror (rc));
+          log_error (_("error creating keybox '%s': %s\n"),
+                     filename, gpg_strerror (rc));
           goto leave;
         }
     }
 
   if (!opt.quiet)
     {
-      if (is_box)
-        log_info (_("keybox '%s' created\n"), filename);
-      else
-        log_info (_("keyring '%s' created\n"), filename);
+      switch (rt)
+        {
+        case KEYDB_RESOURCE_TYPE_NONE:
+          log_fatal ("Bad value for resource type: %d\n", rt);
+          break;
+        case KEYDB_RESOURCE_TYPE_KEYRING:
+          log_info (_("keyring '%s' created\n"), filename);
+          break;
+        case KEYDB_RESOURCE_TYPE_KEYBOX:
+          log_info (_("keybox '%s' created\n"), filename);
+          break;
+        case KEYDB_RESOURCE_TYPE_KEYDB:
+          log_info (_("keydb '%s' created\n"), filename);
+          break;
+        }
     }
 
   rc = 0;
@@ -445,6 +469,8 @@ rt_from_file (const char *filename, int *r_found, int *r_openpgp)
         {
           if (magic == 0x13579ace || magic == 0xce9a5713)
             ; /* GDBM magic - not anymore supported. */
+          else if (memcmp (&magic, "SQLi", 4) == 0)
+            rt = KEYDB_RESOURCE_TYPE_KEYDB;
           else if (fread (&verbuf, 4, 1, fp) == 1
                    && verbuf[0] == 1
                    && fread (&magic, 4, 1, fp) == 1
@@ -497,6 +523,11 @@ keydb_add_resource (const char *url, unsigned int flags)
       rt = KEYDB_RESOURCE_TYPE_KEYBOX;
       resname += 10;
     }
+  else if (strlen (resname) > 10 && !strncmp (resname, "gnupg-kdb:", 10) )
+    {
+      rt = KEYDB_RESOURCE_TYPE_KEYDB;
+      resname += 10;
+    }
 #if !defined(HAVE_DRIVE_LETTERS) && !defined(__riscos__)
   else if (strchr (resname, ':'))
     {
@@ -600,7 +631,8 @@ keydb_add_resource (const char *url, unsigned int flags)
       goto leave;
 
     case KEYDB_RESOURCE_TYPE_KEYRING:
-      rc = maybe_create_keyring_or_box (filename, 0, create);
+      rc = maybe_create_resource (filename, KEYDB_RESOURCE_TYPE_KEYRING,
+                                  create);
       if (rc)
         goto leave;
 
@@ -630,7 +662,8 @@ keydb_add_resource (const char *url, unsigned int flags)
 
     case KEYDB_RESOURCE_TYPE_KEYBOX:
       {
-        rc = maybe_create_keyring_or_box (filename, 1, create);
+        rc = maybe_create_resource (filename, KEYDB_RESOURCE_TYPE_KEYBOX,
+                                    create);
         if (rc)
           goto leave;
 
@@ -665,6 +698,36 @@ keydb_add_resource (const char *url, unsigned int flags)
       }
       break;
 
+    case KEYDB_RESOURCE_TYPE_KEYDB:
+      {
+        rc = maybe_create_resource (filename, KEYDB_RESOURCE_TYPE_KEYDB, create);
+        if (rc)
+          goto leave;
+
+        rc = kdb_register_file (filename, read_only, &token);
+        if (rc == 0)
+          {
+            if (used_resources >= MAX_KEYDB_RESOURCES)
+              rc = gpg_error (GPG_ERR_RESOURCE_LIMIT);
+            else
+              {
+                /* if ((flags & KEYDB_RESOURCE_FLAG_PRIMARY)) */
+                /*   primary_keyring = token; */
+                all_resources[used_resources].type = rt;
+                all_resources[used_resources].u.kb = NULL; /* Not used here */
+                all_resources[used_resources].token = token;
+
+                used_resources++;
+              }
+          }
+
+        /* XXX: How to mark this as a primary if it was already
+           registered.  */
+        /* if ((flags & KEYDB_RESOURCE_FLAG_PRIMARY)) */
+        /*   primary_keyring = token; */
+      }
+      break;
+
       default:
 	log_error ("resource type of '%s' not supported\n", url);
 	rc = gpg_error (GPG_ERR_GENERAL);
@@ -730,6 +793,14 @@ keydb_new (void)
 	    die = 1;
           j++;
           break;
+        case KEYDB_RESOURCE_TYPE_KEYDB:
+          hd->active[j].type   = all_resources[i].type;
+          hd->active[j].token  = all_resources[i].token;
+          hd->active[j].u.kdb  = kdb_new (all_resources[i].token);
+          if (!hd->active[j].u.kdb)
+	    die = 1;
+          j++;
+          break;
         }
     }
   hd->used = j;
@@ -769,6 +840,9 @@ keydb_release (KEYDB_HANDLE hd)
         case KEYDB_RESOURCE_TYPE_KEYBOX:
           keybox_release (hd->active[i].u.kb);
           break;
+        case KEYDB_RESOURCE_TYPE_KEYDB:
+          kdb_release (hd->active[i].u.kdb);
+          break;
         }
     }
 
@@ -811,6 +885,9 @@ keydb_get_resource_name (KEYDB_HANDLE hd)
     case KEYDB_RESOURCE_TYPE_KEYBOX:
       s = keybox_get_resource_name (hd->active[idx].u.kb);
       break;
+    case KEYDB_RESOURCE_TYPE_KEYDB:
+      s = kdb_get_resource_name (hd->active[idx].u.kdb);
+      break;
     }
 
   return s? s: "";
@@ -842,6 +919,9 @@ lock_all (KEYDB_HANDLE hd)
         case KEYDB_RESOURCE_TYPE_KEYBOX:
           rc = keybox_lock (hd->active[i].u.kb, 1);
           break;
+        case KEYDB_RESOURCE_TYPE_KEYDB:
+          rc = kdb_lock (hd->active[i].u.kdb, 1);
+          break;
         }
     }
 
@@ -860,6 +940,9 @@ lock_all (KEYDB_HANDLE hd)
             case KEYDB_RESOURCE_TYPE_KEYBOX:
               rc = keybox_lock (hd->active[i].u.kb, 0);
               break;
+            case KEYDB_RESOURCE_TYPE_KEYDB:
+              rc = kdb_lock (hd->active[i].u.kdb, 0);
+              break;
             }
         }
     }
@@ -890,6 +973,9 @@ unlock_all (KEYDB_HANDLE hd)
         case KEYDB_RESOURCE_TYPE_KEYBOX:
           keybox_lock (hd->active[i].u.kb, 0);
           break;
+        case KEYDB_RESOURCE_TYPE_KEYDB:
+          kdb_lock (hd->active[i].u.kdb, 0);
+          break;
         }
     }
   hd->locked = 0;
@@ -919,6 +1005,9 @@ keydb_push_found_state (KEYDB_HANDLE hd)
     case KEYDB_RESOURCE_TYPE_KEYBOX:
       keybox_push_found_state (hd->active[hd->found].u.kb);
       break;
+    case KEYDB_RESOURCE_TYPE_KEYDB:
+      kdb_push_found_state (hd->active[hd->found].u.kdb);
+      break;
     }
 
   hd->saved_found = hd->found;
@@ -947,6 +1036,9 @@ keydb_pop_found_state (KEYDB_HANDLE hd)
     case KEYDB_RESOURCE_TYPE_KEYBOX:
       keybox_pop_found_state (hd->active[hd->found].u.kb);
       break;
+    case KEYDB_RESOURCE_TYPE_KEYDB:
+      kdb_pop_found_state (hd->active[hd->found].u.kdb);
+      break;
     }
 }
 
@@ -1192,6 +1284,23 @@ keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb)
           }
       }
       break;
+    case KEYDB_RESOURCE_TYPE_KEYDB:
+      {
+        iobuf_t iobuf;
+        u32 *sigstatus;
+        int pk_no, uid_no;
+
+        err = kdb_get_keyblock (hd->active[hd->found].u.kdb, &iobuf,
+                                &pk_no, &uid_no, &sigstatus);
+        if (!err)
+          {
+            err = parse_keyblock_image (iobuf, pk_no, uid_no, sigstatus,
+                                        ret_kb);
+            xfree (sigstatus);
+            iobuf_close (iobuf);
+          }
+        break;
+      }
     }
 
   if (hd->keyblock_cache.state != KEYBLOCK_CACHE_FILLED)
@@ -1337,6 +1446,20 @@ keydb_update_keyblock (KEYDB_HANDLE hd, kbnode_t kb)
           }
       }
       break;
+    case KEYDB_RESOURCE_TYPE_KEYDB:
+      {
+        iobuf_t iobuf;
+
+        err = build_keyblock_image (kb, &iobuf, NULL);
+        if (!err)
+          {
+            err = kdb_update_keyblock (hd->active[hd->found].u.kdb, kb,
+                                       iobuf_get_temp_buffer (iobuf),
+                                       iobuf_get_temp_length (iobuf));
+            iobuf_close (iobuf);
+          }
+      }
+      break;
     }
 
   unlock_all (hd);
@@ -1398,6 +1521,23 @@ keydb_insert_keyblock (KEYDB_HANDLE hd, kbnode_t kb)
           }
       }
       break;
+    case KEYDB_RESOURCE_TYPE_KEYDB:
+      {
+        iobuf_t iobuf;
+        u32 *sigstatus;
+
+        err = build_keyblock_image (kb, &iobuf, &sigstatus);
+        if (!err)
+          {
+            err = kdb_insert_keyblock (hd->active[idx].u.kdb, kb,
+                                       iobuf_get_temp_buffer (iobuf),
+                                       iobuf_get_temp_length (iobuf),
+                                       sigstatus);
+            xfree (sigstatus);
+            iobuf_close (iobuf);
+          }
+      }
+      break;
     }
 
   unlock_all (hd);
@@ -1437,6 +1577,9 @@ keydb_delete_keyblock (KEYDB_HANDLE hd)
     case KEYDB_RESOURCE_TYPE_KEYBOX:
       rc = keybox_delete (hd->active[hd->found].u.kb);
       break;
+    case KEYDB_RESOURCE_TYPE_KEYDB:
+      rc = kdb_delete (hd->active[hd->found].u.kdb);
+      break;
     }
 
   unlock_all (hd);
@@ -1491,6 +1634,10 @@ keydb_locate_writable (KEYDB_HANDLE hd)
           if (keybox_is_writable (hd->active[hd->current].token))
             return 0; /* found (hd->current is set to it) */
           break;
+        case KEYDB_RESOURCE_TYPE_KEYDB:
+          if (kdb_is_writable (hd->active[hd->current].token))
+            return 0; /* found (hd->current is set to it) */
+          break;
         }
     }
 
@@ -1519,6 +1666,9 @@ keydb_rebuild_caches (int noisy)
         case KEYDB_RESOURCE_TYPE_KEYBOX:
           /* N/A.  */
           break;
+        case KEYDB_RESOURCE_TYPE_KEYDB:
+          /* N/A.  */
+          break;
         }
     }
 }
@@ -1564,6 +1714,9 @@ keydb_search_reset (KEYDB_HANDLE hd)
         case KEYDB_RESOURCE_TYPE_KEYBOX:
           rc = keybox_search_reset (hd->active[i].u.kb);
           break;
+        case KEYDB_RESOURCE_TYPE_KEYDB:
+          rc = kdb_search_reset (hd->active[i].u.kdb);
+          break;
         }
     }
   hd->is_reset = 1;
@@ -1682,6 +1835,10 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
                               ndesc, KEYBOX_BLOBTYPE_PGP,
                               descindex, &hd->skipped_long_blobs);
           break;
+        case KEYDB_RESOURCE_TYPE_KEYDB:
+          rc = kdb_search (hd->active[hd->current].u.kdb, desc,
+                           ndesc, descindex);
+          break;
         }
       if (rc == -1 || gpg_err_code (rc) == GPG_ERR_EOF)
         {

-----------------------------------------------------------------------

Summary of changes:
 Makefile.am                         |    2 +-
 README                              |    2 +-
 agent/ChangeLog-2011                |    2 +-
 agent/command.c                     |    2 +-
 autogen.sh                          |    1 +
 common/ChangeLog-2011               |    2 +-
 common/Makefile.am                  |   34 +-
 common/mkdir_p.c                    |   17 +-
 common/srv.c                        |  333 ---------
 common/srv.h                        |   62 --
 common/status.h                     |    2 +
 common/ttyio.c                      |    2 +-
 common/util.h                       |    3 +
 configure.ac                        |  169 +++--
 dirmngr/Makefile.am                 |   39 +-
 dirmngr/crlcache.c                  |    3 +-
 dirmngr/crlfetch.c                  |   16 +-
 dirmngr/dirmngr.c                   |   23 +-
 dirmngr/dirmngr.h                   |    4 +-
 dirmngr/dns-cert.c                  |  433 ------------
 dirmngr/dns-stuff.c                 | 1265 +++++++++++++++++++++++++++++++++++
 dirmngr/{dns-cert.h => dns-stuff.h} |   80 ++-
 {common => dirmngr}/http.c          |  311 ++++-----
 {common => dirmngr}/http.h          |    0
 dirmngr/ks-engine-hkp.c             |  207 +++---
 dirmngr/ks-engine-ldap.c            |   12 +-
 dirmngr/ks-engine.h                 |    2 +-
 dirmngr/ocsp.c                      |    4 +-
 dirmngr/server.c                    |   11 +-
 dirmngr/t-dns-cert.c                |   93 ---
 dirmngr/t-dns-stuff.c               |  276 ++++++++
 {common => dirmngr}/t-http.c        |    4 +
 {common => dirmngr}/tls-ca.pem      |    0
 doc/Makefile.am                     |    4 +-
 doc/dirmngr.texi                    |   10 +-
 doc/gpg.texi                        |   25 +-
 doc/gpgv.texi                       |    8 +
 doc/tools.texi                      |    2 +-
 g10/Makefile.am                     |   19 +-
 g10/call-dirmngr.c                  |    4 +-
 g10/card-util.c                     |    1 +
 g10/dirmngr-conf.skel               |    3 +
 g10/gpg.c                           |   64 +-
 g10/gpgv.c                          |   22 +-
 g10/kdb.c                           |  938 ++++++++++++++++++++++++++
 g10/kdb.h                           |   29 +
 g10/keydb.c                         |  208 +++++-
 g10/keyedit.c                       |    2 +
 g10/keylist.c                       |   10 +
 g10/keyring.h                       |    1 -
 g10/keyserver.c                     |    4 +-
 g10/main.h                          |   28 +-
 g10/mainproc.c                      |   41 +-
 g10/misc.c                          |   70 +-
 g10/options.h                       |    6 +-
 g10/packet.h                        |   16 +-
 g10/revoke.c                        |   13 +-
 g10/sig-check.c                     |  312 +++++++--
 g10/sqlite.c                        |  252 +++++++
 g10/sqlite.h                        |   62 ++
 g10/tdbio.c                         |    2 +-
 g10/test-stubs.c                    |   15 +-
 g10/tofu.c                          | 1207 ++++++++++++++++++++++-----------
 g10/tofu.h                          |   14 +-
 g10/trustdb.c                       |  105 ++-
 g10/trustdb.h                       |    9 +-
 kbx/keybox-search.c                 |    2 +-
 po/POTFILES.in                      |    2 +-
 sm/certreqgen.c                     |   77 ++-
 tests/openpgp/Makefile.am           |    5 +-
 tools/gpgconf-comp.c                |    4 +-
 71 files changed, 4977 insertions(+), 2035 deletions(-)
 delete mode 100644 common/srv.c
 delete mode 100644 common/srv.h
 delete mode 100644 dirmngr/dns-cert.c
 create mode 100644 dirmngr/dns-stuff.c
 rename dirmngr/{dns-cert.h => dns-stuff.h} (52%)
 rename {common => dirmngr}/http.c (92%)
 rename {common => dirmngr}/http.h (100%)
 delete mode 100644 dirmngr/t-dns-cert.c
 create mode 100644 dirmngr/t-dns-stuff.c
 rename {common => dirmngr}/t-http.c (99%)
 rename {common => dirmngr}/tls-ca.pem (100%)
 create mode 100644 g10/kdb.c
 create mode 100644 g10/kdb.h
 create mode 100644 g10/sqlite.c
 create mode 100644 g10/sqlite.h


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Oct 29 10:51:23 2015
From: cvs at cvs.gnupg.org (by Neal H. Walfield)
Date: Thu, 29 Oct 2015 10:51:23 +0100
Subject: [git] GnuPG - branch, neal/next, updated. gnupg-2.1.9-89-g3322631
Message-ID: <E1ZrjiV-00089k-BE@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, neal/next has been updated
  discards  692fe5f7ac301d828085f7685e451fec3f6d06bb (commit)
       via  3322631fc9c1d476c80f8d33f1987663c73289ee (commit)

This update added new revisions after undoing existing revisions.  That is
to say, the old revision is not a strict subset of the new revision.  This
situation occurs when you --force push a change and generate a repository
containing something like this:

 * -- * -- B -- O -- O -- O (692fe5f7ac301d828085f7685e451fec3f6d06bb)
            \
             N -- N -- N (3322631fc9c1d476c80f8d33f1987663c73289ee)

When this happens we assume that you've already had alert emails for all
of the O revisions, and so we here report only the revisions in the N
branch from the common base, B.

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 3322631fc9c1d476c80f8d33f1987663c73289ee
Author: Neal H. Walfield <neal at g10code.com>
Date:   Thu Oct 29 10:18:13 2015 +0100

    New key db.

diff --git a/g10/Makefile.am b/g10/Makefile.am
index 2fe5c9a..766e4b7 100644
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@@ -29,7 +29,7 @@ include $(top_srcdir)/am/cmacros.am
 AM_CFLAGS = $(SQLITE3_CFLAGS) $(LIBGCRYPT_CFLAGS) \
             $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS)
 
-needed_libs = ../kbx/libkeybox.a $(libcommon)
+needed_libs = ../kbx/libkeybox.a $(libcommon) $(SQLITE3_LIBS)
 
 bin_PROGRAMS = gpg2
 if !HAVE_W32CE_SYSTEM
@@ -57,7 +57,7 @@ trust_source = trustdb.c trustdb.h tdbdump.c tdbio.c tdbio.h
 endif
 
 if USE_TOFU
-tofu_source = tofu.h tofu.c sqlite.c sqlite.h
+tofu_source = tofu.h tofu.c
 else
 tofu_source =
 endif
@@ -101,7 +101,9 @@ common_source =  \
 	      sig-check.c	\
 	      keylist.c 	\
 	      pkglue.c pkglue.h \
-	      ecdh.c
+	      ecdh.c            \
+	      kdb.c kdb.h       \
+	      sqlite.c sqlite.h
 
 gpg2_SOURCES  = gpg.c		\
 	      server.c          \
@@ -147,7 +149,7 @@ gpgv2_SOURCES = gpgv.c           \
 
 LDADD =  $(needed_libs) ../common/libgpgrl.a \
          $(ZLIBS) $(LIBINTL) $(CAPLIBS) $(NETLIBS)
-gpg2_LDADD = $(LDADD) $(SQLITE3_LIBS) $(LIBGCRYPT_LIBS) $(LIBREADLINE) \
+gpg2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(LIBREADLINE) \
              $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \
 	     $(LIBICONV) $(resource_objs) $(extra_sys_libs)
 gpg2_LDFLAGS = $(extra_bin_ldflags)
diff --git a/g10/kdb.c b/g10/kdb.c
new file mode 100644
index 0000000..6a97177
--- /dev/null
+++ b/g10/kdb.c
@@ -0,0 +1,956 @@
+#include <config.h>
+#include <assert.h>
+#include <sqlite3.h>
+
+#include "gpg.h"
+#include "util.h"
+#include "logging.h"
+#include "i18n.h"
+#include "mbox-util.h"
+#include "sqlite.h"
+
+#include "kdb.h"
+
+struct kdb_resource
+{
+  struct kdb_resource *next;
+  int read_only;
+  sqlite3 *db;
+  char fname[1];
+};
+typedef struct kdb_resource *KDB_RESOURCE;
+typedef struct kdb_resource const * CONST_KDB_RESOURCE;
+
+/* All registered resources.  */
+static KDB_RESOURCE kdb_resources;
+
+struct keydb_handle {
+  CONST_KDB_RESOURCE resource;
+  /* Current key.  */
+  long long int key;
+  int eof;
+  struct {
+    long long int key;
+    int pk_no;
+    int uid_no;
+  } found, saved_found;
+};
+
+/* RESOURCE is a value returned by a previous call to
+   kdb_register_file in *RESOURCEP.  */
+KDB_HANDLE
+kdb_new (void *resource)
+{
+  KDB_RESOURCE r;
+  KDB_HANDLE hd;
+
+  /* Assert that the resource was indeed previously registered.  */
+  for (r = kdb_resources; r; r = r->next)
+    if (r == resource)
+      break;
+  assert (r);
+
+  hd = xmalloc_clear (sizeof (*hd));
+  hd->resource = resource;
+  hd->key = -1;
+  return hd;
+}
+
+
+/* Collect a series of integers from a query.  Aborts if the argument
+   is not a valid integer (or real of the form X.0).  COOKIE points to
+   an array of unsigned long ints, which has enough space for ARGC
+   values.  */
+static int
+get_unsigned_longs_cb (void *cookie, int argc, char **argv, char **azColName)
+{
+  unsigned long int *values = cookie;
+  int i;
+  char *tail = NULL;
+
+  (void) azColName;
+
+  for (i = 0; i < argc; i ++)
+    {
+      if (! argv[i])
+        values[i] = 0;
+      else
+        {
+          errno = 0;
+          values[i] = strtoul (argv[i], &tail, 0);
+          if (errno || ! (strcmp (tail, ".0") == 0 || *tail == '\0'))
+            /* Abort.  */
+            return 1;
+        }
+    }
+
+  return 0;
+}
+
+static int
+get_unsigned_longs_cb2 (void *cookie, int argc, char **argv, char **azColName,
+                        sqlite3_stmt *stmt)
+{
+  (void) stmt;
+  return get_unsigned_longs_cb (cookie, argc, argv, azColName);
+}
+
+/* We expect a single integer column whose name is "version".  COOKIE
+   must point to an int.  This function always aborts.  On error or a
+   if the version is bad, sets *VERSION to -1.  */
+static int
+version_check_cb (void *cookie, int argc, char **argv, char **azColName)
+{
+  int *version = cookie;
+
+  if (argc != 1 || strcmp (azColName[0], "version") != 0)
+    {
+      *version = -1;
+      return 1;
+    }
+
+  if (strcmp (argv[0], "1") == 0)
+    *version = 1;
+  else
+    {
+      log_error (_("unsupported TOFU DB version: %s\n"), argv[0]);
+      *version = -1;
+    }
+
+  /* Don't run again.  */
+  return 1;
+}
+
+/* Register a new file.  If the file has already been registered then
+   returns NULL otherwise returns */
+gpg_error_t
+kdb_register_file (const char *fname, int read_only, void **resourcep)
+{
+  KDB_RESOURCE resource;
+  int rc;
+  sqlite3 *db = NULL;
+  char *err;
+  unsigned long int count;
+  int need_init = 1;
+
+  for (resource = kdb_resources; resource; resource = resource->next)
+    if (same_file_p (resource->fname, fname))
+      {
+        if (resourcep)
+          *resourcep = resource;
+        if (read_only)
+          resource->read_only = 1;
+        return 0;
+      }
+
+  rc = sqlite3_open_v2 (fname, &db,
+                        read_only
+                        ? SQLITE_OPEN_READONLY
+                        : (SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE),
+                        NULL);
+  if (rc)
+    {
+      log_error ("Failed to open the key db '%s': %s\n",
+                 fname, sqlite3_errstr (rc));
+      return rc;
+    }
+
+  /* If the DB has no tables, then assume this is a new DB that needs
+     to be initialized.  */
+  rc = sqlite3_exec (db,
+		     "select count(*) from sqlite_master where type='table';",
+		     get_unsigned_longs_cb, &count, &err);
+  if (rc)
+    {
+      log_error (_("error querying kdb's available tables: %s\n"),
+		 err);
+      sqlite3_free (err);
+      goto out;
+    }
+  else if (count != 0)
+    /* Assume that the DB is already initialized.  Make sure the
+       version is okay.  */
+    {
+      int version = -1;
+      rc = sqlite3_exec (db, "select version from version;", version_check_cb,
+			 &version, &err);
+      if (rc == SQLITE_ABORT && version == 1)
+	/* Happy, happy, joy, joy.  */
+	{
+	  sqlite3_free (err);
+          rc = 0;
+          need_init = 0;
+	}
+      else if (rc == SQLITE_ABORT && version == -1)
+	/* Unsupported version.  */
+	{
+	  /* An error message was already displayed.  */
+	  sqlite3_free (err);
+          goto out;
+	}
+      else if (rc)
+	/* Some error.  */
+	{
+	  log_error (_("error determining kdb's version: %s\n"), err);
+	  sqlite3_free (err);
+          goto out;
+	}
+      else
+	/* Unexpected success.  This can only happen if there are no
+	   rows.  */
+	{
+	  log_error (_("error determining kdb's version: %s\n"),
+		     "select returned 0, but expected ABORT");
+          rc = 1;
+          goto out;
+	}
+    }
+
+  if (need_init)
+    {
+      /* Create the version table.  */
+      rc = sqlite3_exec (db,
+                         "create table version (version INTEGER);",
+                         NULL, NULL, &err);
+      if (rc)
+        {
+          log_error (_("error initializing kdb database (%s): %s\n"),
+                     "version", err);
+          sqlite3_free (err);
+          goto out;
+        }
+
+      /* Initialize the version table, which contains a single integer
+         value.  */
+      rc = sqlite3_exec (db,
+                         "insert into version values (1);",
+                         NULL, NULL, &err);
+      if (rc)
+        {
+          log_error (_("error initializing kdb database (%s): %s\n"),
+                     "version, init", err);
+          sqlite3_free (err);
+          goto out;
+        }
+
+      /* We have 3 tables:
+
+         primaries - the list of all primary keys and the key block.
+
+         keys - the list of all keys and subkeys.
+
+         user ids - the list of all user ids.  */
+
+      rc = sqlite3_exec
+        (db,
+         /* Enable foreign key constraints.  */
+         "pragma foreign_keys = on;\n"
+         "create table primaries\n"
+         " (oid INTEGER PRIMARY KEY AUTOINCREMENT,\n"
+         "  fingerprint_rev TEXT COLLATE NOCASE, keyblock BLOB);\n"
+         "create index primaries_fingerprint on primaries\n"
+         " (fingerprint_rev COLLATE NOCASE);\n"
+         "\n"
+         "create table keys\n"
+         " (primary_key INTEGER, fingerprint_rev TEXT COLLATE NOCASE,\n"
+         "  pk_no INTEGER,\n"
+         "  unique (primary_key, pk_no),\n"
+         "  foreign key (primary_key) references primaries(oid));\n"
+         "create index keys_fingerprint_primary_key_pk_no on keys\n"
+         " (fingerprint_rev COLLATE NOCASE, primary_key, pk_no);\n"
+         "create index keys_primary_key_pk_no on keys (primary_key, pk_no);\n"
+         "\n"
+         /* XXX: Is COLLATE NOCASE reasonable?  */
+         "create table uids\n"
+         " (primary_key INTEGER, uid TEXT COLLATE NOCASE,\n"
+         "  email TEXT COLLATE NOCASE, uid_no INTEGER,\n"
+         "  unique (primary_key, uid_no),\n"
+         "  foreign key (primary_key) references primaries(oid));\n"
+         "create index uids_ordered on uids (primary_key, uid_no);\n"
+         /* In most cases, we search for a substring (like
+            '%foo at bar.com%'.  This can't exploit an index so the
+            following indices mostly represent overhead.  */
+#if 0
+         "create index uids_uid_ordered on uids\n"
+         " (uid COLLATE NOCASE, primary_key, uid_no);\n"
+         "create index uids_email_ordered on uids\n"
+         " (email COLLATE NOCASE, primary_key, uid_no);\n"
+#endif
+         ,
+         NULL, NULL, &err);
+      if (rc)
+        {
+          log_error (_("error initializing kdb database: %s\n"), err);
+          sqlite3_free (err);
+          goto out;
+        }
+    }
+
+  resource = xmalloc_clear (sizeof *resource + strlen (fname));
+  strcpy (resource->fname, fname);
+  resource->read_only = read_only;
+  resource->db = db;
+  resource->next = kdb_resources;
+  kdb_resources = resource;
+
+  if (resourcep)
+    *resourcep = resource;
+
+ out:
+  if (rc)
+    {
+      if (resourcep)
+        *resourcep = NULL;
+
+      sqlite3_close (db);
+      return gpg_error (GPG_ERR_GENERAL);
+    }
+
+  return 0;
+}
+
+int
+kdb_is_writable (void *token)
+{
+  KDB_RESOURCE resource = token;
+  if (resource->read_only)
+    return 0;
+  return 1;
+}
+
+/* Release the handle.  */
+void
+kdb_release (KDB_HANDLE hd)
+{
+  KDB_RESOURCE r;
+
+  if (! hd)
+    return;
+
+  /* Check for double frees.  */
+  assert (hd->resource);
+  for (r = kdb_resources; r; r = r->next)
+    if (r == hd->resource)
+      break;
+  assert (r);
+
+  hd->resource = NULL;
+
+  xfree (hd);
+}
+
+void
+kdb_push_found_state (KDB_HANDLE hd)
+{
+  hd->saved_found = hd->found;
+  hd->found.key = -1;
+}
+
+void
+kdb_pop_found_state (KDB_HANDLE hd)
+{
+  hd->found = hd->saved_found;
+  hd->saved_found.key = -1;
+}
+
+const char *
+kdb_get_resource_name (KDB_HANDLE hd)
+{
+  if (!hd || !hd->resource)
+    return NULL;
+  return hd->resource->fname;
+}
+
+/* If YES is 1, lock the DB.  Otherwise, unlock it.  Returns an error
+   code if locking failed.  */
+int
+kdb_lock (KDB_HANDLE hd, int yes)
+{
+  int rc;
+  char *err;
+
+  if (yes)
+    /* Lock.  */
+    {
+      rc = sqlite3_exec (hd->resource->db, "begin transaction;",
+                         NULL, NULL, &err);
+      if (rc)
+        {
+          log_error (_("error beginning transaction on KDB database: %s\n"),
+                     err);
+          sqlite3_free (err);
+          return 1;
+        }
+
+      return 0;
+    }
+  else
+    /* Unlock.  */
+    {
+      rc = sqlite3_exec (hd->resource->db, "end transaction;", NULL, NULL, &err);
+      if (rc)
+        {
+          log_error (_("error ending transaction on KDB database: %s\n"),
+                     err);
+          sqlite3_free (err);
+          return 1;
+        }
+
+      return 0;
+    }
+}
+
+static int
+keyblock_cb (void *cookie, int cols, char **values, char **names,
+             sqlite3_stmt *stmt)
+{
+  iobuf_t *iobuf = cookie;
+  const char *data = sqlite3_column_blob (stmt, 0);
+  long long len = sqlite3_column_bytes (stmt, 0);
+
+  (void) cols;
+  (void) values;
+  (void) names;
+
+  assert (! *iobuf);
+  *iobuf = iobuf_temp_with_content (data, len);
+
+  /* Abort to indicate success.  */
+  return 1;
+}
+
+int
+kdb_get_keyblock (KDB_HANDLE hd, iobuf_t *iobuf,
+                  int *pk_no, int *uid_no, u32 **sigstatus)
+{
+  int rc;
+  char *err;
+  sqlite3_stmt *stmt = NULL;
+
+  /* XXX: Fill these in.  */
+  *sigstatus = NULL;
+
+  if (pk_no)
+    *pk_no = 0;
+  if (uid_no)
+    *uid_no = 0;
+
+  if (hd->found.key == -1)
+    /* Got nothing.  */
+    return gpg_error (GPG_ERR_EOF);
+
+  *iobuf = NULL;
+  rc = sqlite3_stepx
+    (hd->resource->db,
+     &stmt, keyblock_cb, iobuf, &err,
+     "select keyblock from primaries where oid = ?",
+     SQLITE_ARG_LONG_LONG, hd->found.key, SQLITE_ARG_END);
+  if (rc == SQLITE_ABORT)
+    /* Success.  */
+    {
+      assert (*iobuf);
+      rc = 0;
+      if (uid_no)
+        *uid_no = hd->found.uid_no;
+      if (pk_no)
+        *pk_no = hd->found.pk_no;
+    }
+  else if (! rc)
+    /* If we don't get an abort, then we didn't find the record.  */
+    rc = gpg_error (GPG_ERR_NOT_FOUND);
+  else
+    {
+      log_error (_("reading keyblock from keydb DB: %s\n"), err);
+      sqlite3_free (err);
+      rc = gpg_error (GPG_ERR_GENERAL);
+    }
+
+  sqlite3_finalize (stmt);
+  return rc;
+}
+
+int
+kdb_update_keyblock (KDB_HANDLE hd, kbnode_t kb,
+                     const void *image, size_t imagelen)
+{
+  (void) hd;
+  (void) kb;
+  (void) image;
+  (void) imagelen;
+
+  log_fatal ("Implement %s.", __func__);
+}
+
+static char *
+strrev (char *str)
+{
+  int i;
+  int l = strlen (str);
+
+  for (i = 0; i < l / 2; i ++)
+    {
+      char t = str[i];
+      str[i] = str[l - 1 - i];
+      str[l - 1 - i] = t;
+    }
+
+  return str;
+}
+
+static char *
+fingerprint_ascii_rev (char *fingerprint_bin, int len)
+{
+  char *fingerprint = xmalloc (2 * len + 1);
+  bin2hex (fingerprint_bin, len, fingerprint);
+  return strrev (fingerprint);
+}
+
+gpg_error_t
+kdb_insert_keyblock (KDB_HANDLE hd, kbnode_t root,
+                     const void *image, size_t imagelen, u32 *sigstatus)
+{
+  PKT_public_key *mainpk = root->pkt->pkt.public_key;
+  char fingerprint_bin[MAX_FINGERPRINT_LEN];
+  size_t fingerprint_bin_len = sizeof (fingerprint_bin);
+  char *fingerprint_rev = NULL;
+
+  int rc;
+  char *err;
+
+  sqlite3_stmt *uid_stmt = NULL;
+  sqlite3_stmt *key_stmt = NULL;
+
+  long long oid;
+  int uid_no;
+  int pk_no;
+  kbnode_t k;
+
+  /* FIXME: Use sigstatus?  */
+  (void) sigstatus;
+
+  if (!hd)
+    return gpg_error (GPG_ERR_INV_VALUE);
+
+
+  /* XXX: If we have a search result (hd->found), are we supposed to
+     replace it even if it isn't for the same key?  */
+  /* See if we are replacing or adding this record to the
+     database.  */
+  fingerprint_from_pk (mainpk, fingerprint_bin, &fingerprint_bin_len);
+  assert (fingerprint_bin_len == sizeof (fingerprint_bin));
+  fingerprint_rev = fingerprint_ascii_rev (fingerprint_bin,
+                                           fingerprint_bin_len);
+
+  oid = -1;
+  rc = sqlite3_stepx
+    (hd->resource->db, NULL, get_unsigned_longs_cb2, &oid, &err,
+     "select oid from primaries where fingerprint_rev = ?;",
+     SQLITE_ARG_STRING, fingerprint_rev, SQLITE_ARG_END);
+  if (rc)
+    {
+      log_error (_("looking up key in keydb DB: %s\n"), err);
+      sqlite3_free (err);
+      return gpg_error (GPG_ERR_GENERAL);
+    }
+
+  if (oid != -1)
+    /* This key is already in the DB.  Replace it.  */
+    {
+      rc = sqlite3_exec_printf
+        (hd->resource->db, NULL, NULL, &err,
+         "delete from primaries where oid = %lld;"
+         "delete from keys where primary_key = %lld;"
+         "delete from uids where primary_key = %lld;",
+         oid, oid, oid);
+      if (rc)
+        {
+          log_error (_("updating key in keydb DB: %s\n"), err);
+          sqlite3_free (err);
+          return gpg_error (GPG_ERR_GENERAL);
+        }
+
+      /* Reuse the oid.  So that any extant search won't return the
+         new record.  */
+      rc = sqlite3_stepx
+        (hd->resource->db, NULL, NULL, NULL, &err,
+         "insert into primaries (oid, fingerprint_rev, keyblock)\n"
+         " values (?, ?, ?);",
+         SQLITE_ARG_LONG_LONG, oid,
+         SQLITE_ARG_STRING, fingerprint_rev,
+         SQLITE_ARG_BLOB, image, (long long) imagelen,
+         SQLITE_ARG_END);
+    }
+  else
+    rc = sqlite3_stepx
+      (hd->resource->db, NULL, NULL, NULL, &err,
+       "insert into primaries (fingerprint_rev, keyblock) values (?, ?);",
+       SQLITE_ARG_STRING, fingerprint_rev,
+       SQLITE_ARG_BLOB, image, (long long) imagelen,
+       SQLITE_ARG_END);
+  if (rc)
+    {
+      log_error (_("inserting %s record into keydb DB: %s\n"),
+                 "primary key", err);
+      sqlite3_free (err);
+      return gpg_error (GPG_ERR_GENERAL);
+    }
+
+  xfree (fingerprint_rev);
+  fingerprint_rev = NULL;
+
+  oid = sqlite3_last_insert_rowid (hd->resource->db);
+
+  uid_no = 0;
+  pk_no = 0;
+  for (k = root; k; k = k->next)
+    {
+      if (k->pkt->pkttype == PKT_USER_ID)
+        {
+          PKT_user_id *uid = k->pkt->pkt.user_id;
+          const char *user_id = uid->name;
+          char *email = mailbox_from_userid (user_id);
+
+          uid_no ++;
+
+          rc = sqlite3_stepx
+            (hd->resource->db, &uid_stmt, NULL, NULL, &err,
+             "insert into uids (primary_key, uid, email, uid_no)"
+             " values (?, ?, ?, ?);",
+             SQLITE_ARG_LONG_LONG, oid,
+             SQLITE_ARG_STRING, user_id, SQLITE_ARG_STRING, email,
+             SQLITE_ARG_INT, uid_no,
+             SQLITE_ARG_END);
+          xfree (email);
+          if (rc)
+            {
+              log_error (_("inserting %s record into keydb DB: %s\n"),
+                         "uid", err);
+              sqlite3_free (err);
+              return gpg_error (GPG_ERR_GENERAL);
+            }
+        }
+      else if (k->pkt->pkttype == PKT_PUBLIC_KEY
+               || k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+        {
+          PKT_public_key *pk = k->pkt->pkt.public_key;
+
+          pk_no ++;
+
+          fingerprint_from_pk (pk, fingerprint_bin, &fingerprint_bin_len);
+          assert (fingerprint_bin_len == sizeof (fingerprint_bin));
+          fingerprint_rev = fingerprint_ascii_rev (fingerprint_bin,
+                                                   fingerprint_bin_len);
+
+          rc = sqlite3_stepx
+            (hd->resource->db, &key_stmt, NULL, NULL, &err,
+             "insert into keys (primary_key, fingerprint_rev, pk_no)"
+             " values (?, ?, ?);",
+             SQLITE_ARG_LONG_LONG, oid,
+             SQLITE_ARG_STRING, fingerprint_rev,
+             SQLITE_ARG_INT, pk_no,
+             SQLITE_ARG_END);
+
+          xfree (fingerprint_rev);
+          fingerprint_rev = NULL;
+
+          if (rc)
+            {
+              log_error (_("inserting %s record into keydb DB: %s\n"),
+                         "key", err);
+              sqlite3_free (err);
+              return gpg_error (GPG_ERR_GENERAL);
+            }
+        }
+    }
+
+  sqlite3_finalize (uid_stmt);
+  sqlite3_finalize (key_stmt);
+
+  return 0;
+}
+
+int
+kdb_delete (KDB_HANDLE hd)
+{
+  int rc;
+  char *err;
+
+  if (!hd)
+    return gpg_error (GPG_ERR_INV_VALUE);
+
+  if (hd->found.key == -1)
+    /* No search result.  */
+    return gpg_error (GPG_ERR_NOTHING_FOUND);
+
+  rc = sqlite3_exec_printf
+    (hd->resource->db, NULL, NULL, &err,
+     "begin transaction;\n"
+     "delete from keys where primary = %d;\n"
+     "delete from uids where primary = %d;\n"
+     "delete from primaries where oid = %d;\n"
+     "end transaction;\n",
+     hd->found.key, hd->found.key, hd->found.key);
+  if (rc)
+    {
+      log_error (_("error deleting key from kdb database: %s\n"), err);
+      sqlite3_free (err);
+      rc = gpg_error (GPG_ERR_GENERAL);
+    }
+
+  return rc;
+}
+
+int
+kdb_search_reset (KDB_HANDLE hd)
+{
+  hd->key = -1;
+  hd->eof = 0;
+  return 0;
+}
+
+int
+kdb_search (KDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
+            size_t ndesc, size_t *descindex)
+{
+  int n;
+  char *where_uid = NULL;
+  char *where_key = NULL;
+  char *text;
+  int anyskip = 0;
+  /* This must match the number of items that are returned.  */
+  unsigned long int result[3];
+  int rc = 0;
+  char *err = NULL;
+  char *sql = NULL;
+
+  result[0] = -1;
+
+  /* If we are doing a scan, just get the next record.  */
+  for (n = 0; n < ndesc; n ++)
+    {
+      if (desc[n].mode == KEYDB_SEARCH_MODE_FIRST)
+        {
+          kdb_search_reset (hd);
+          rc = sqlite3_exec (hd->resource->db,
+                             "select coalesce(min(oid), -1) from primaries",
+                             get_unsigned_longs_cb, result, &err);
+        }
+      else if (desc[n].mode == KEYDB_SEARCH_MODE_NEXT)
+        rc = sqlite3_exec_printf
+          (hd->resource->db, get_unsigned_longs_cb, result, &err,
+           "select oid from primaries where oid > %lld order by oid limit 1",
+           hd->key);
+      else
+        continue;
+
+      if (rc)
+        {
+          log_fatal ("error getting next record: %s\n", err);
+          sqlite3_free (err);
+        }
+      else if (result[0] == -1)
+        /* EOF.  */
+        hd->eof = 1;
+      else
+        {
+          hd->key = hd->found.key = result[0];
+          hd->found.pk_no = hd->found.uid_no = 0;
+        }
+
+      goto out;
+    }
+
+  if (hd->eof)
+    /* We're at the end of the file.  There is nothing else to get.  */
+    return gpg_error (GPG_ERR_EOF);
+
+#define ADD_TERM(thing, op, fmt, ...) do {              \
+    char *t = sqlite3_mprintf                           \
+      ("%s%s("fmt")",                                   \
+       thing ? thing : "", thing ? "\n "op" " : "",     \
+       ##__VA_ARGS__);                                  \
+    sqlite3_free (thing);                               \
+    thing = t;                                          \
+  } while (0)
+#define O(thing, fmt, ...) ADD_TERM(thing, "OR", fmt, ##__VA_ARGS__)
+#define A(thing, fmt, ...) ADD_TERM(thing, "AND", fmt, ##__VA_ARGS__)
+
+  if (descindex)
+    log_fatal ("Implement descindex\n");
+
+  for (n = 0; n < ndesc; n ++)
+    {
+      KEYDB_SEARCH_DESC *d = &desc[n];
+
+      switch (d->mode)
+        {
+        case KEYDB_SEARCH_MODE_EXACT:
+          O(where_uid, "uids.uid = %Q", desc[n].u.name);
+          break;
+
+        case KEYDB_SEARCH_MODE_SUBSTR:
+        case KEYDB_SEARCH_MODE_MAIL:
+        case KEYDB_SEARCH_MODE_MAILSUB:
+        case KEYDB_SEARCH_MODE_MAILEND:
+          {
+            char *escaped = xmalloc (1 + 2 * strlen (d->u.name) + 1 + 1);
+            int i, j = 0;
+
+            if (d->mode == KEYDB_SEARCH_MODE_SUBSTR
+                || d->mode == KEYDB_SEARCH_MODE_MAILSUB
+                || d->mode == KEYDB_SEARCH_MODE_MAILEND)
+              escaped[j ++] = '%';
+
+            for (i = 0; i < strlen (d->u.name); i ++)
+              {
+                if (d->u.name[i] == '%' || d->u.name[i] == '_'
+                    || d->u.name[i] == '\'' || d->u.name[i] == '\\')
+                  escaped[j ++] = '\\';
+                escaped[j ++] = d->u.name[i];
+              }
+
+            if (d->mode == KEYDB_SEARCH_MODE_SUBSTR
+                || d->mode == KEYDB_SEARCH_MODE_MAILSUB)
+              escaped[j ++] = '%';
+
+            escaped[j] = 0;
+
+            O(where_uid, "uids.%s like %Q",
+              d->mode == KEYDB_SEARCH_MODE_SUBSTR ? "uid" : "email",
+              escaped);
+          }
+          break;
+
+
+        case KEYDB_SEARCH_MODE_WORDS:
+          log_fatal ("Implement me!\n");
+          break;
+
+
+        case KEYDB_SEARCH_MODE_SHORT_KID:
+          text = bin2hex (&d->u.kid[1], 4, NULL);
+          /* Fall through.  */
+
+        case KEYDB_SEARCH_MODE_LONG_KID:
+          if (d->mode == KEYDB_SEARCH_MODE_LONG_KID)
+            {
+              text = xmalloc (17);
+              bin2hex (&d->u.kid[1], 4, text);
+              bin2hex (&d->u.kid[0], 4, &text[strlen (text)]);
+              strrev (text);
+            }
+
+          O(where_key, "keys.fingerprint_rev like '%s%%'", text);
+          xfree (text);
+          break;
+
+        case KEYDB_SEARCH_MODE_FPR16:
+          if (d->mode == KEYDB_SEARCH_MODE_FPR16)
+            text = bin2hex (d->u.fpr, 16, NULL);
+          /* Fall through.  */
+
+        case KEYDB_SEARCH_MODE_FPR20:
+        case KEYDB_SEARCH_MODE_FPR:
+          if (d->mode == KEYDB_SEARCH_MODE_FPR20
+              || d->mode == KEYDB_SEARCH_MODE_FPR)
+            text = bin2hex (d->u.fpr, 20, NULL);
+
+          strrev (text);
+          O(where_key, "keys.fingerprint_rev = '%s'", text);
+          xfree (text);
+          break;
+
+        case KEYDB_SEARCH_MODE_FIRST:
+        case KEYDB_SEARCH_MODE_NEXT:
+          /* Already handled above.  */
+          break;
+
+        default:
+          break;
+        }
+
+      if (d->skipfnc)
+        anyskip = 1;
+    }
+
+  if (anyskip)
+    log_fatal ("Implement anyskip.");
+
+  assert (where_uid || where_key);
+  if (where_uid && where_key)
+    sql = sqlite3_mprintf
+      ("select keys.primary_key, keys.pk_no, uids.uid_no\n"
+       " from primaries\n"
+       " left join keys on primaries.oid = keys.primary_key\n"
+       " left join uids on primaries.oid = uids.primary_key\n"
+       " where %s%lld and (%s and %s)\n"
+       " order by keys.primary_key, keys.pk_no, uids.uid_no\n"
+       " limit 1\n",
+       hd->key == -1 ? "" : "keys.primary_key > ", hd->key,
+       where_uid, where_key);
+  else if (where_key)
+    sql = sqlite3_mprintf
+      ("select primary_key, pk_no\n"
+       " from keys\n"
+       " where %s%lld and (%s)\n"
+       " order by primary_key, pk_no\n"
+       " limit 1;\n",
+       hd->key == -1 ? "" : "primary_key > ", hd->key, where_key);
+  else
+    sql = sqlite3_mprintf
+      ("select primary_key, uid_no\n"
+       " from uids\n"
+       " where %s%lld and (%s)\n"
+       " order by primary_key, uid_no\n"
+       " limit 1;\n",
+       hd->key == -1 ? "" : "primary_key > ", hd->key, where_uid);
+#if 0
+  log_info("Running '%s'\n", sql);
+#endif
+  rc = sqlite3_exec (hd->resource->db, sql, get_unsigned_longs_cb, result, &err);
+  if (rc)
+    {
+      log_fatal ("error search DB: %s\n", err);
+      sqlite3_free (err);
+      goto out;
+    }
+
+  if (result[0] == -1)
+    /* No result.  */
+    hd->eof = 1;
+  else
+    {
+      hd->key = result[0];
+      hd->found.key = result[0];
+      if (where_key && where_uid)
+        {
+          hd->found.pk_no = result[1];
+          hd->found.uid_no = result[2];
+        }
+      else if (where_key)
+        {
+          hd->found.pk_no = result[1];
+          hd->found.uid_no = 0;
+        }
+      else
+        {
+          hd->found.pk_no = 0;
+          hd->found.uid_no = result[1];
+        }
+    }
+
+ out:
+  sqlite3_free (sql);
+  sqlite3_free (where_uid);
+  sqlite3_free (where_key);
+
+  if (rc)
+    return gpg_error (GPG_ERR_GENERAL);
+  if (hd->eof)
+    {
+      hd->key = -1;
+      return gpg_error (GPG_ERR_EOF);
+    }
+
+  return 0;
+}
diff --git a/g10/kdb.h b/g10/kdb.h
new file mode 100644
index 0000000..55e6962
--- /dev/null
+++ b/g10/kdb.h
@@ -0,0 +1,29 @@
+#ifndef GNUPG_KDB_H
+#define GNUPG_KDB_H
+
+#include "keydb.h"
+
+typedef struct keydb_handle *KDB_HANDLE;
+
+gpg_error_t kdb_register_file (const char *fname, int read_only, void **ptr);
+int kdb_is_writable (void *token);
+
+KDB_HANDLE kdb_new (void *token);
+void kdb_release (KDB_HANDLE hd);
+void kdb_push_found_state (KDB_HANDLE hd);
+void kdb_pop_found_state (KDB_HANDLE hd);
+const char *kdb_get_resource_name (KDB_HANDLE hd);
+int kdb_lock (KDB_HANDLE hd, int yes);
+int kdb_get_keyblock (KDB_HANDLE hd, iobuf_t *iobuf,
+                      int *pk_no, int *uid_no, u32 **sigstatus);
+int kdb_update_keyblock (KDB_HANDLE hd, kbnode_t kb,
+                         const void *image, size_t imagelen);
+gpg_error_t kdb_insert_keyblock (KDB_HANDLE hd, kbnode_t kb,
+                                 const void *image, size_t imagelen,
+                                 u32 *sigstatus);
+int kdb_delete (KDB_HANDLE hd);
+int kdb_search_reset (KDB_HANDLE hd);
+int kdb_search (KDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
+                size_t ndesc, size_t *descindex);
+
+#endif
diff --git a/g10/keydb.c b/g10/keydb.c
index bcafe90..fb79377 100644
--- a/g10/keydb.c
+++ b/g10/keydb.c
@@ -37,6 +37,7 @@
 #include "../kbx/keybox.h"
 #include "keydb.h"
 #include "i18n.h"
+#include "kdb.h"
 
 static int active_handles;
 
@@ -44,7 +45,8 @@ typedef enum
   {
     KEYDB_RESOURCE_TYPE_NONE = 0,
     KEYDB_RESOURCE_TYPE_KEYRING,
-    KEYDB_RESOURCE_TYPE_KEYBOX
+    KEYDB_RESOURCE_TYPE_KEYBOX,
+    KEYDB_RESOURCE_TYPE_KEYDB
   } KeydbResourceType;
 #define MAX_KEYDB_RESOURCES 40
 
@@ -54,6 +56,7 @@ struct resource_item
   union {
     KEYRING_HANDLE kr;
     KEYBOX_HANDLE kb;
+    KDB_HANDLE kdb;
   } u;
   void *token;
 };
@@ -251,13 +254,14 @@ keyblock_cache_clear (struct keydb_handle *hd)
 /* Handle the creation of a keyring or a keybox if it does not yet
    exist.  Take into account that other processes might have the
    keyring/keybox already locked.  This lock check does not work if
-   the directory itself is not yet available.  If IS_BOX is true the
-   filename is expected to refer to a keybox.  If FORCE_CREATE is true
-   the keyring or keybox will be created.
+   the directory itself is not yet available.  RT is the type of
+   resource being created.  If FORCE_CREATE is true the keyring or
+   keybox will be created.
 
    Return 0 if it is okay to access the specified file.  */
 static int
-maybe_create_keyring_or_box (char *filename, int is_box, int force_create)
+maybe_create_resource (char *filename, KeydbResourceType rt,
+                             int force_create)
 {
   dotlock_t lockhd = NULL;
   IOBUF iobuf;
@@ -361,12 +365,25 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force_create)
   if (!iobuf)
     {
       rc = gpg_error_from_syserror ();
-      if (is_box)
-        log_error (_("error creating keybox '%s': %s\n"),
-                   filename, gpg_strerror (rc));
-      else
-        log_error (_("error creating keyring '%s': %s\n"),
-                   filename, gpg_strerror (rc));
+      switch (rt)
+        {
+        case KEYDB_RESOURCE_TYPE_NONE:
+          log_fatal ("Bad value for resource type: %d\n", rt);
+          break;
+
+        case KEYDB_RESOURCE_TYPE_KEYRING:
+          log_error (_("error creating keyring '%s': %s\n"),
+                     filename, gpg_strerror (rc));
+          break;
+        case KEYDB_RESOURCE_TYPE_KEYBOX:
+          log_error (_("error creating keybox '%s': %s\n"),
+                     filename, gpg_strerror (rc));
+          break;
+        case KEYDB_RESOURCE_TYPE_KEYDB:
+          log_error (_("error creating keydb '%s': %s\n"),
+                     filename, gpg_strerror (rc));
+          break;
+        }
       goto leave;
     }
 
@@ -376,7 +393,7 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force_create)
 
   /* Make sure that at least one record is in a new keybox file, so
      that the detection magic will work the next time it is used.  */
-  if (is_box)
+  if (rt == KEYDB_RESOURCE_TYPE_KEYBOX)
     {
       FILE *fp = fopen (filename, "w");
       if (!fp)
@@ -388,22 +405,29 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force_create)
         }
       if (rc)
         {
-          if (is_box)
-            log_error (_("error creating keybox '%s': %s\n"),
-                       filename, gpg_strerror (rc));
-          else
-            log_error (_("error creating keyring '%s': %s\n"),
-                       filename, gpg_strerror (rc));
+          log_error (_("error creating keybox '%s': %s\n"),
+                     filename, gpg_strerror (rc));
           goto leave;
         }
     }
 
   if (!opt.quiet)
     {
-      if (is_box)
-        log_info (_("keybox '%s' created\n"), filename);
-      else
-        log_info (_("keyring '%s' created\n"), filename);
+      switch (rt)
+        {
+        case KEYDB_RESOURCE_TYPE_NONE:
+          log_fatal ("Bad value for resource type: %d\n", rt);
+          break;
+        case KEYDB_RESOURCE_TYPE_KEYRING:
+          log_info (_("keyring '%s' created\n"), filename);
+          break;
+        case KEYDB_RESOURCE_TYPE_KEYBOX:
+          log_info (_("keybox '%s' created\n"), filename);
+          break;
+        case KEYDB_RESOURCE_TYPE_KEYDB:
+          log_info (_("keydb '%s' created\n"), filename);
+          break;
+        }
     }
 
   rc = 0;
@@ -445,6 +469,8 @@ rt_from_file (const char *filename, int *r_found, int *r_openpgp)
         {
           if (magic == 0x13579ace || magic == 0xce9a5713)
             ; /* GDBM magic - not anymore supported. */
+          else if (memcmp (&magic, "SQLi", 4) == 0)
+            rt = KEYDB_RESOURCE_TYPE_KEYDB;
           else if (fread (&verbuf, 4, 1, fp) == 1
                    && verbuf[0] == 1
                    && fread (&magic, 4, 1, fp) == 1
@@ -497,6 +523,11 @@ keydb_add_resource (const char *url, unsigned int flags)
       rt = KEYDB_RESOURCE_TYPE_KEYBOX;
       resname += 10;
     }
+  else if (strlen (resname) > 10 && !strncmp (resname, "gnupg-kdb:", 10) )
+    {
+      rt = KEYDB_RESOURCE_TYPE_KEYDB;
+      resname += 10;
+    }
 #if !defined(HAVE_DRIVE_LETTERS) && !defined(__riscos__)
   else if (strchr (resname, ':'))
     {
@@ -600,7 +631,8 @@ keydb_add_resource (const char *url, unsigned int flags)
       goto leave;
 
     case KEYDB_RESOURCE_TYPE_KEYRING:
-      rc = maybe_create_keyring_or_box (filename, 0, create);
+      rc = maybe_create_resource (filename, KEYDB_RESOURCE_TYPE_KEYRING,
+                                  create);
       if (rc)
         goto leave;
 
@@ -630,7 +662,8 @@ keydb_add_resource (const char *url, unsigned int flags)
 
     case KEYDB_RESOURCE_TYPE_KEYBOX:
       {
-        rc = maybe_create_keyring_or_box (filename, 1, create);
+        rc = maybe_create_resource (filename, KEYDB_RESOURCE_TYPE_KEYBOX,
+                                    create);
         if (rc)
           goto leave;
 
@@ -665,6 +698,36 @@ keydb_add_resource (const char *url, unsigned int flags)
       }
       break;
 
+    case KEYDB_RESOURCE_TYPE_KEYDB:
+      {
+        rc = maybe_create_resource (filename, KEYDB_RESOURCE_TYPE_KEYDB, create);
+        if (rc)
+          goto leave;
+
+        rc = kdb_register_file (filename, read_only, &token);
+        if (rc == 0)
+          {
+            if (used_resources >= MAX_KEYDB_RESOURCES)
+              rc = gpg_error (GPG_ERR_RESOURCE_LIMIT);
+            else
+              {
+                /* if ((flags & KEYDB_RESOURCE_FLAG_PRIMARY)) */
+                /*   primary_keyring = token; */
+                all_resources[used_resources].type = rt;
+                all_resources[used_resources].u.kb = NULL; /* Not used here */
+                all_resources[used_resources].token = token;
+
+                used_resources++;
+              }
+          }
+
+        /* XXX: How to mark this as a primary if it was already
+           registered.  */
+        /* if ((flags & KEYDB_RESOURCE_FLAG_PRIMARY)) */
+        /*   primary_keyring = token; */
+      }
+      break;
+
       default:
 	log_error ("resource type of '%s' not supported\n", url);
 	rc = gpg_error (GPG_ERR_GENERAL);
@@ -730,6 +793,14 @@ keydb_new (void)
 	    die = 1;
           j++;
           break;
+        case KEYDB_RESOURCE_TYPE_KEYDB:
+          hd->active[j].type   = all_resources[i].type;
+          hd->active[j].token  = all_resources[i].token;
+          hd->active[j].u.kdb  = kdb_new (all_resources[i].token);
+          if (!hd->active[j].u.kdb)
+	    die = 1;
+          j++;
+          break;
         }
     }
   hd->used = j;
@@ -769,6 +840,9 @@ keydb_release (KEYDB_HANDLE hd)
         case KEYDB_RESOURCE_TYPE_KEYBOX:
           keybox_release (hd->active[i].u.kb);
           break;
+        case KEYDB_RESOURCE_TYPE_KEYDB:
+          kdb_release (hd->active[i].u.kdb);
+          break;
         }
     }
 
@@ -811,6 +885,9 @@ keydb_get_resource_name (KEYDB_HANDLE hd)
     case KEYDB_RESOURCE_TYPE_KEYBOX:
       s = keybox_get_resource_name (hd->active[idx].u.kb);
       break;
+    case KEYDB_RESOURCE_TYPE_KEYDB:
+      s = kdb_get_resource_name (hd->active[idx].u.kdb);
+      break;
     }
 
   return s? s: "";
@@ -842,6 +919,9 @@ lock_all (KEYDB_HANDLE hd)
         case KEYDB_RESOURCE_TYPE_KEYBOX:
           rc = keybox_lock (hd->active[i].u.kb, 1);
           break;
+        case KEYDB_RESOURCE_TYPE_KEYDB:
+          rc = kdb_lock (hd->active[i].u.kdb, 1);
+          break;
         }
     }
 
@@ -860,6 +940,9 @@ lock_all (KEYDB_HANDLE hd)
             case KEYDB_RESOURCE_TYPE_KEYBOX:
               rc = keybox_lock (hd->active[i].u.kb, 0);
               break;
+            case KEYDB_RESOURCE_TYPE_KEYDB:
+              rc = kdb_lock (hd->active[i].u.kdb, 0);
+              break;
             }
         }
     }
@@ -890,6 +973,9 @@ unlock_all (KEYDB_HANDLE hd)
         case KEYDB_RESOURCE_TYPE_KEYBOX:
           keybox_lock (hd->active[i].u.kb, 0);
           break;
+        case KEYDB_RESOURCE_TYPE_KEYDB:
+          kdb_lock (hd->active[i].u.kdb, 0);
+          break;
         }
     }
   hd->locked = 0;
@@ -919,6 +1005,9 @@ keydb_push_found_state (KEYDB_HANDLE hd)
     case KEYDB_RESOURCE_TYPE_KEYBOX:
       keybox_push_found_state (hd->active[hd->found].u.kb);
       break;
+    case KEYDB_RESOURCE_TYPE_KEYDB:
+      kdb_push_found_state (hd->active[hd->found].u.kdb);
+      break;
     }
 
   hd->saved_found = hd->found;
@@ -947,6 +1036,9 @@ keydb_pop_found_state (KEYDB_HANDLE hd)
     case KEYDB_RESOURCE_TYPE_KEYBOX:
       keybox_pop_found_state (hd->active[hd->found].u.kb);
       break;
+    case KEYDB_RESOURCE_TYPE_KEYDB:
+      kdb_pop_found_state (hd->active[hd->found].u.kdb);
+      break;
     }
 }
 
@@ -1192,6 +1284,23 @@ keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb)
           }
       }
       break;
+    case KEYDB_RESOURCE_TYPE_KEYDB:
+      {
+        iobuf_t iobuf;
+        u32 *sigstatus;
+        int pk_no, uid_no;
+
+        err = kdb_get_keyblock (hd->active[hd->found].u.kdb, &iobuf,
+                                &pk_no, &uid_no, &sigstatus);
+        if (!err)
+          {
+            err = parse_keyblock_image (iobuf, pk_no, uid_no, sigstatus,
+                                        ret_kb);
+            xfree (sigstatus);
+            iobuf_close (iobuf);
+          }
+        break;
+      }
     }
 
   if (hd->keyblock_cache.state != KEYBLOCK_CACHE_FILLED)
@@ -1337,6 +1446,20 @@ keydb_update_keyblock (KEYDB_HANDLE hd, kbnode_t kb)
           }
       }
       break;
+    case KEYDB_RESOURCE_TYPE_KEYDB:
+      {
+        iobuf_t iobuf;
+
+        err = build_keyblock_image (kb, &iobuf, NULL);
+        if (!err)
+          {
+            err = kdb_update_keyblock (hd->active[hd->found].u.kdb, kb,
+                                       iobuf_get_temp_buffer (iobuf),
+                                       iobuf_get_temp_length (iobuf));
+            iobuf_close (iobuf);
+          }
+      }
+      break;
     }
 
   unlock_all (hd);
@@ -1398,6 +1521,23 @@ keydb_insert_keyblock (KEYDB_HANDLE hd, kbnode_t kb)
           }
       }
       break;
+    case KEYDB_RESOURCE_TYPE_KEYDB:
+      {
+        iobuf_t iobuf;
+        u32 *sigstatus;
+
+        err = build_keyblock_image (kb, &iobuf, &sigstatus);
+        if (!err)
+          {
+            err = kdb_insert_keyblock (hd->active[idx].u.kdb, kb,
+                                       iobuf_get_temp_buffer (iobuf),
+                                       iobuf_get_temp_length (iobuf),
+                                       sigstatus);
+            xfree (sigstatus);
+            iobuf_close (iobuf);
+          }
+      }
+      break;
     }
 
   unlock_all (hd);
@@ -1437,6 +1577,9 @@ keydb_delete_keyblock (KEYDB_HANDLE hd)
     case KEYDB_RESOURCE_TYPE_KEYBOX:
       rc = keybox_delete (hd->active[hd->found].u.kb);
       break;
+    case KEYDB_RESOURCE_TYPE_KEYDB:
+      rc = kdb_delete (hd->active[hd->found].u.kdb);
+      break;
     }
 
   unlock_all (hd);
@@ -1491,6 +1634,10 @@ keydb_locate_writable (KEYDB_HANDLE hd)
           if (keybox_is_writable (hd->active[hd->current].token))
             return 0; /* found (hd->current is set to it) */
           break;
+        case KEYDB_RESOURCE_TYPE_KEYDB:
+          if (kdb_is_writable (hd->active[hd->current].token))
+            return 0; /* found (hd->current is set to it) */
+          break;
         }
     }
 
@@ -1519,6 +1666,9 @@ keydb_rebuild_caches (int noisy)
         case KEYDB_RESOURCE_TYPE_KEYBOX:
           /* N/A.  */
           break;
+        case KEYDB_RESOURCE_TYPE_KEYDB:
+          /* N/A.  */
+          break;
         }
     }
 }
@@ -1564,6 +1714,9 @@ keydb_search_reset (KEYDB_HANDLE hd)
         case KEYDB_RESOURCE_TYPE_KEYBOX:
           rc = keybox_search_reset (hd->active[i].u.kb);
           break;
+        case KEYDB_RESOURCE_TYPE_KEYDB:
+          rc = kdb_search_reset (hd->active[i].u.kdb);
+          break;
         }
     }
   hd->is_reset = 1;
@@ -1682,6 +1835,10 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
                               ndesc, KEYBOX_BLOBTYPE_PGP,
                               descindex, &hd->skipped_long_blobs);
           break;
+        case KEYDB_RESOURCE_TYPE_KEYDB:
+          rc = kdb_search (hd->active[hd->current].u.kdb, desc,
+                           ndesc, descindex);
+          break;
         }
       if (rc == -1 || gpg_err_code (rc) == GPG_ERR_EOF)
         {

-----------------------------------------------------------------------

Summary of changes:
 g10/kdb.c | 34 ++++++++++++++++++++++++++--------
 1 file changed, 26 insertions(+), 8 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Oct 29 15:07:51 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 29 Oct 2015 15:07:51 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-89-g9654860
Message-ID: <E1Zrnih-00069h-7m@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  965486031bd094bd017c3eba9b53cf7b1e3ab6a8 (commit)
      from  641df615da4937b0073c420a0503c5810c237972 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 965486031bd094bd017c3eba9b53cf7b1e3ab6a8
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Oct 29 15:03:55 2015 +0100

    Use of some C99 features is now permitted.
    
    --
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/doc/HACKING b/doc/HACKING
index 5d72017..2f3dd43 100644
--- a/doc/HACKING
+++ b/doc/HACKING
@@ -123,11 +123,51 @@ Note that such a comment will be removed if the git commit option
   need.  If you really need to do it, use a separate commit for such a
   change.
 
-  - C99 syntax should not be used; stick to C90.
+  - Only certain C99 features may be used (see below); in general
+    stick to C90.
   - Please do not use C++ =//= style comments.
   - Try to fit lines into 80 columns.
   - Ignore signed/unsigned pointer mismatches
   - No arithmetic on void pointers; cast to char* first.
+  - We use our own printf style functions like =es_printf=, and
+    =es_asprintf= which implement most C99 features with the exception
+    of =wchar_t= (which should anyway not be used).  Please always use
+    them and do not resort to those provided by libc.  The rationale
+    for using them is that we know that the format specifiers work on
+    all platforms and that we do not need to chase platform dependent
+    bugs.
+  - It is common to have a label named "leave" for a function's
+    cleanup and return code.  This helps with freeing memory and is a
+    convenient location to set a breakpoint for debugging.
+  - Always use xfree() instead of free().  If it is not easy to see
+    that the freed variable is not anymore used, explicitly set the
+    variable to NULL.
+  - Init function local variables only if needed so that the compiler
+    can do a better job in detecting uninitialized variables which may
+    indicate a problem with the code.
+  - Never init static or file local variables to 0 to make sure they
+    end up in BSS.
+  - Use --enable-maintainer-mode with configure.
+
+*** C99 language features
+
+  In GnuPG 2.x, but *not in 1.4* and not in most libraries, a limited
+  set of C99 features may be used:
+
+  - Variadic macros:
+    : #define foo(a,...)  bar(a, __VA_ARGS__)
+
+  - The predefined macro =__func__=:
+    : log_debug ("%s: Problem with foo\n", __func__);
+
+  - Variable declaration inside a for():
+    : for (int i = 0; i < 5; ++)
+    :   bar (i);
+
+  Although we usually make use of the =u16=, =u32=, and =u64= types,
+  it is also possible to include =<stdint.h>= and use =int16_t=,
+  =int32_t=, =int64_t=, =uint16_t=, =uint32_t=, and =uint64_t=.  But do
+  not use =int8_t= or =uint8_t=.
 
 ** Commit log keywords
 

-----------------------------------------------------------------------

Summary of changes:
 doc/HACKING | 42 +++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 41 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Oct 29 23:06:01 2015
From: cvs at cvs.gnupg.org (by Ben Kibbey)
Date: Thu, 29 Oct 2015 23:06:01 +0100
Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-8-gdfa79f9
Message-ID: <E1ZrvBQ-0005d9-TM@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".

The branch, master has been updated
       via  dfa79f9300b837b0f7f2ea44afa589bfcda1dbd9 (commit)
      from  bb2d11c1eebd4bcfb0f2cfce728026a7420dca47 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit dfa79f9300b837b0f7f2ea44afa589bfcda1dbd9
Author: Ben Kibbey <bjk at luxsci.net>
Date:   Wed Oct 28 18:16:27 2015 -0400

    Make use of user passphrase handler during passwd.
    
    * src/passwd.c (passwd_start): set engine passphrase command handler.
    
    --
    This allows for inquiring a passphrase when changing a passphrase rather
    than requiring a pinentry.

diff --git a/src/passwd.c b/src/passwd.c
index ff30df0..c34f357 100644
--- a/src/passwd.c
+++ b/src/passwd.c
@@ -148,6 +148,14 @@ passwd_start (gpgme_ctx_t ctx, int synchronous, gpgme_key_t key,
 
   _gpgme_engine_set_status_handler (ctx->engine, passwd_status_handler, ctx);
 
+  if (ctx->passphrase_cb)
+    {
+      err = _gpgme_engine_set_command_handler
+        (ctx->engine, _gpgme_passphrase_command_handler, ctx, NULL);
+      if (err)
+        return err;
+    }
+
   return _gpgme_engine_op_passwd (ctx->engine, key, flags);
 }
 

-----------------------------------------------------------------------

Summary of changes:
 src/passwd.c | 8 ++++++++
 1 file changed, 8 insertions(+)


hooks/post-receive
-- 
GnuPG Made Easy
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Oct 30 12:44:53 2015
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 30 Oct 2015 12:44:53 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-91-gd89a9fc
Message-ID: <E1Zs7xt-0007EU-Q4@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  d89a9fca46d9bba497dde0793b57217c800b0e8d (commit)
       via  5aadb4b62d26e1bfb40a1ce444a81c2a5a56159c (commit)
      from  965486031bd094bd017c3eba9b53cf7b1e3ab6a8 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit d89a9fca46d9bba497dde0793b57217c800b0e8d
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Oct 30 12:40:22 2015 +0100

    common: Improve t-zb32 to be used for manual encoding.
    
    * common/t-support.h (no_exit_on_fail, errcount): New.
    (fail): Bump errcount.
    * common/t-zb32.c (main): Add options to allow manual use.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/common/Makefile.am b/common/Makefile.am
index fd3a04f..f84cea1 100644
--- a/common/Makefile.am
+++ b/common/Makefile.am
@@ -192,7 +192,10 @@ t_session_env_LDADD = $(t_common_ldadd)
 t_openpgp_oid_LDADD = $(t_common_ldadd)
 t_ssh_utils_LDADD = $(t_common_ldadd)
 t_mapstrings_LDADD = $(t_common_ldadd)
+
+t_zb32_SOURCES = t-zb32.c $(t_extra_src)
 t_zb32_LDADD = $(t_common_ldadd)
+
 t_mbox_util_LDADD = $(t_common_ldadd)
 t_iobuf_LDADD = $(t_common_ldadd)
 
diff --git a/common/t-support.h b/common/t-support.h
index 555158e..c0d0c8c 100644
--- a/common/t-support.h
+++ b/common/t-support.h
@@ -69,8 +69,15 @@ void  gcry_free (void *a);
 #define pass()  do { ; } while(0)
 #define fail(a)  do { fprintf (stderr, "%s:%d: test %d failed\n",\
                                __FILE__,__LINE__, (a));          \
-                     exit (1);                                   \
+                      errcount++;                                \
+                      if (!no_exit_on_fail)                      \
+                         exit (1);                               \
                    } while(0)
 
+/* If this flag is set the fail macro does not call exit.  */
+static int no_exit_on_fail;
+/* Error counter.  */
+static int errcount;
+
 
 #endif /*GNUPG_COMMON_T_SUPPORT_H*/
diff --git a/common/t-zb32.c b/common/t-zb32.c
index 2b19c09..c46d47f 100644
--- a/common/t-zb32.c
+++ b/common/t-zb32.c
@@ -30,17 +30,21 @@
 #include <config.h>
 #include <stdio.h>
 #include <stdlib.h>
+#include <string.h>
 #include <sys/stat.h>
 #include <unistd.h>
+#include <errno.h>
+#ifdef HAVE_DOSISH_SYSTEM
+# include <fcntl.h>
+#endif
 
-#include "util.h"
+#include "zb32.h"
+#include "t-support.h"
 
-#define pass()  do { ; } while(0)
-#define fail(a)  do { fprintf (stderr, "%s:%d: test %d failed\n",\
-                               __FILE__,__LINE__, (a));          \
-                     errcount++;                                 \
-                   } while(0)
+#define PGM "t-zb32"
 
+static int verbose;
+static int debug;
 static int errcount;
 
 
@@ -89,8 +93,8 @@ test_zb32enc (void)
       output = zb32_encode (tests[tidx].data, tests[tidx].datalen);
       if (!output)
         {
-          fprintf (stderr, "%s:%d: error encoding test %d: %s\n",
-                   __FILE__, __LINE__, tidx, strerror (errno));
+          fprintf (stderr, PGM": error encoding test %d: %s\n",
+                   tidx, strerror (errno));
           exit (1);
         }
       /* puts (output); */
@@ -101,13 +105,201 @@ test_zb32enc (void)
 }
 
 
+/* Read the file FNAME or stdin if FNAME is NULL and return a malloced
+   buffer with the content.  R_LENGTH received the length of the file.
+   Print a diagnostic and returns NULL on error.  */
+static char *
+read_file (const char *fname, size_t *r_length)
+{
+  FILE *fp;
+  char *buf;
+  size_t buflen;
+
+  if (!fname)
+    {
+      size_t nread, bufsize = 0;
+
+      fp = stdin;
+#ifdef HAVE_DOSISH_SYSTEM
+      setmode (fileno(fp) , O_BINARY );
+#endif
+      buf = NULL;
+      buflen = 0;
+#define NCHUNK 8192
+      do
+        {
+          bufsize += NCHUNK;
+          if (!buf)
+            buf = xmalloc (bufsize);
+          else
+            buf = xrealloc (buf, bufsize);
+
+          nread = fread (buf+buflen, 1, NCHUNK, fp);
+          if (nread < NCHUNK && ferror (fp))
+            {
+              fprintf (stderr, PGM": error reading '[stdin]': %s\n",
+                       strerror (errno));
+              xfree (buf);
+              return NULL;
+            }
+          buflen += nread;
+        }
+      while (nread == NCHUNK);
+#undef NCHUNK
+
+    }
+  else
+    {
+      struct stat st;
+
+      fp = fopen (fname, "rb");
+      if (!fp)
+        {
+          fprintf (stderr, PGM": can't open '%s': %s\n",
+                   fname, strerror (errno));
+          return NULL;
+        }
+
+      if (fstat (fileno(fp), &st))
+        {
+          fprintf (stderr, PGM": can't stat '%s': %s\n",
+                   fname, strerror (errno));
+          fclose (fp);
+          return NULL;
+        }
+
+      buflen = st.st_size;
+      buf = xmalloc (buflen+1);
+      if (fread (buf, buflen, 1, fp) != 1)
+        {
+          fprintf (stderr, PGM": error reading '%s': %s\n",
+                   fname, strerror (errno));
+          fclose (fp);
+          xfree (buf);
+          return NULL;
+        }
+      fclose (fp);
+    }
+
+  *r_length = buflen;
+  return buf;
+}
+
+
+/* Debug helper to encode or decode to/from zb32.  */
+static void
+endecode_file (const char *fname, int decode)
+{
+  char *buffer;
+  size_t buflen;
+  char *result;
+
+  if (decode)
+    {
+      fprintf (stderr, PGM": decode mode has not yet been implemented\n");
+      errcount++;
+      return;
+    }
+
+#ifdef HAVE_DOSISH_SYSTEM
+  if (decode)
+    setmode (fileno (stdout), O_BINARY);
+#endif
+
+
+  buffer = read_file (fname, &buflen);
+  if (!buffer)
+    {
+      errcount++;
+      return;
+    }
+
+  result = zb32_encode (buffer, 8 * buflen);
+  if (!result)
+    {
+      fprintf (stderr, PGM": error encoding data: %s\n", strerror (errno));
+      errcount++;
+      xfree (buffer);
+      return;
+    }
+
+  fputs (result, stdout);
+  putchar ('\n');
+
+  xfree (result);
+  xfree (buffer);
+}
+
+
 int
 main (int argc, char **argv)
 {
-  (void)argc;
-  (void)argv;
+  int last_argc = -1;
+  int opt_endecode = 0;
 
-  test_zb32enc ();
+  no_exit_on_fail = 1;
+
+  if (argc)
+    { argc--; argv++; }
+  while (argc && last_argc != argc )
+    {
+      last_argc = argc;
+      if (!strcmp (*argv, "--"))
+        {
+          argc--; argv++;
+          break;
+        }
+      else if (!strcmp (*argv, "--help"))
+        {
+          fputs ("usage: " PGM " [FILE]\n"
+                 "Options:\n"
+                 "  --verbose         Print timings etc.\n"
+                 "  --debug           Flyswatter\n"
+                 "  --encode          Encode FILE or stdin\n"
+                 "  --decode          Decode FILE or stdin\n"
+                 , stdout);
+          exit (0);
+        }
+      else if (!strcmp (*argv, "--verbose"))
+        {
+          verbose++;
+          argc--; argv++;
+        }
+      else if (!strcmp (*argv, "--debug"))
+        {
+          verbose += 2;
+          debug++;
+          argc--; argv++;
+        }
+      else if (!strcmp (*argv, "--encode"))
+        {
+          opt_endecode = 1;
+          argc--; argv++;
+        }
+      else if (!strcmp (*argv, "--decode"))
+        {
+          opt_endecode = -1;
+          argc--; argv++;
+        }
+      else if (!strncmp (*argv, "--", 2))
+        {
+          fprintf (stderr, PGM ": unknown option '%s'\n", *argv);
+          exit (1);
+        }
+    }
+
+  if (argc > 1)
+    {
+      fprintf (stderr, PGM ": to many arguments given\n");
+      exit (1);
+    }
+
+  if (opt_endecode)
+    {
+      endecode_file (argc? *argv : NULL, (opt_endecode < 0));
+    }
+  else
+    test_zb32enc ();
 
   return !!errcount;
 }

commit 5aadb4b62d26e1bfb40a1ce444a81c2a5a56159c
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Oct 30 12:33:40 2015 +0100

    common: Add separate header for zb32.c.
    
    * common/util.h (zb32_encode): Move prototype to ...
    * common/zb32.h: new.  Include this for all callers of zb32_encode.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/common/Makefile.am b/common/Makefile.am
index 6cbde0b..fd3a04f 100644
--- a/common/Makefile.am
+++ b/common/Makefile.am
@@ -64,7 +64,7 @@ common_sources = \
 	homedir.c \
 	gettime.c gettime.h \
 	yesno.c \
-	b64enc.c b64dec.c zb32.c \
+	b64enc.c b64dec.c zb32.c zb32.h \
 	convert.c \
 	percent.c \
 	mbox-util.c mbox-util.h \
diff --git a/common/util.h b/common/util.h
index 06d5f87..b2651c4 100644
--- a/common/util.h
+++ b/common/util.h
@@ -274,11 +274,6 @@ gpg_error_t b64dec_proc (struct b64state *state, void *buffer, size_t length,
                          size_t *r_nbytes);
 gpg_error_t b64dec_finish (struct b64state *state);
 
-
-/*-- zb32.c --*/
-char *zb32_encode (const void *data, unsigned int databits);
-
-
 /*-- sexputil.c */
 char *canon_sexp_to_string (const unsigned char *canon, size_t canonlen);
 void log_printcanon (const char *text,
diff --git a/common/zb32.h b/common/zb32.h
new file mode 100644
index 0000000..1fb41ec
--- /dev/null
+++ b/common/zb32.h
@@ -0,0 +1,38 @@
+/* zb32.h - z-base-32 functions
+ * Copyright (C) 2014  Werner Koch
+ *
+ * This file is part of GnuPG.
+ *
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of either
+ *
+ *   - the GNU Lesser General Public License as published by the Free
+ *     Software Foundation; either version 3 of the License, or (at
+ *     your option) any later version.
+ *
+ * or
+ *
+ *   - the GNU General Public License as published by the Free
+ *     Software Foundation; either version 2 of the License, or (at
+ *     your option) any later version.
+ *
+ * or both in parallel, as here.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GNUPG_COMMON_ZB32_H
+#define GNUPG_COMMON_ZB32_H
+
+/* Encode DATA which has a length of DATABITS (bits!) using the
+   zbase32 encoder and return a malloced string.  Returns NULL on
+   error and sets ERRNO.  */
+char *zb32_encode (const void *data, unsigned int databits);
+
+#endif /*GNUPG_COMMON_ZB32_H*/
diff --git a/dirmngr/server.c b/dirmngr/server.c
index a41d34f..74e00fb 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -52,6 +52,7 @@
 #endif
 #include "dns-stuff.h"
 #include "mbox-util.h"
+#include "zb32.h"
 
 /* To avoid DoS attacks we limit the size of a certificate to
    something reasonable.  The DoS was actually only an issue back when
diff --git a/g10/keylist.c b/g10/keylist.c
index 509cf7c..cc97846 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -43,6 +43,7 @@
 #include "status.h"
 #include "call-agent.h"
 #include "mbox-util.h"
+#include "zb32.h"
 #include "tofu.h"
 
 
diff --git a/g10/misc.c b/g10/misc.c
index 5c77714..7f0b08a 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -67,6 +67,7 @@
 #include "options.h"
 #include "call-agent.h"
 #include "i18n.h"
+#include "zb32.h"
 
 #include <assert.h>
 

-----------------------------------------------------------------------

Summary of changes:
 common/Makefile.am             |   5 +-
 common/t-support.h             |   9 +-
 common/t-zb32.c                | 214 ++++++++++++++++++++++++++++++++++++++---
 common/util.h                  |   5 -
 common/{ssh-utils.h => zb32.h} |  19 ++--
 dirmngr/server.c               |   1 +
 g10/keylist.c                  |   1 +
 g10/misc.c                     |   1 +
 8 files changed, 227 insertions(+), 28 deletions(-)
 copy common/{ssh-utils.h => zb32.h} (71%)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Oct 30 15:01:24 2015
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Fri, 30 Oct 2015 15:01:24 +0100
Subject: [git] GpgOL - branch, master, updated. gpgol-1.2.0-76-g9207e8f
Message-ID: <E1ZsA5z-0002qj-6j@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".

The branch, master has been updated
       via  9207e8fb039b4dd4fc9c8e924f46fe9e1f223da0 (commit)
       via  55c2d14b39e67bf722ac29cd4854ab3dcd0d85fa (commit)
       via  c351c76ad43ffb3b59900c8c48256bf911495820 (commit)
      from  691aa0a716e615d7f119f3b62390c906a0280973 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 9207e8fb039b4dd4fc9c8e924f46fe9e1f223da0
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Fri Oct 30 14:49:38 2015 +0100

    Factor logic out of event handler
    
    * src/Makefile.am: Add mail.h and mail.cpp
    * src/mail.cpp, src/mail.h: New. Class containing information and
      functionality to work with mails.
    * src/application-events.cpp (EVENT_SINK_INVOKE): Create mail objects
      on ItemLoad event for Mailitems.
    * src/mailitem-events.cpp (HTML_TEMPLATE): Move to mail.cpp
      (BEGIN_EVENT_SINK): Reduce member variables.
      (MailItemEvents::MailItemEvents): Less initializations.
      (MailItemEvents::handle_read): Moved to Mail::insert_plaintext.
      (MailItemEvents::handle_before_read): Moved to Mail::process_message
      (do_crypto_on_item): Moved to Mail::do_crypto
      (needs_crypto): Moved to Mail::needs_crypto
      (EVENT_SINK_INVOKE): Get reference to according mail object.
      (EVENT_SINK_INVOKE): Call Mail methods according to events.
      (EVENT_SINK_INVOKE): Wipe code moved to Mail::wipe
    
    --
    mailitem-events should only "respond to events" from now on.
    Encapsulating all information about a Mail in a single class makes
    sense as we can keep track of data independently of events. The
    mix of state variables (e.g. needs_wipe) in the event handler
    made it difficult to access that information from anywhere.
    Additionally we now keep track of all Mail items loaded with
    our Event sinks set and expose them through Mail::get_mail_for_item.
    This should help solving problems like "wiping all plaintext on
    unload"

diff --git a/src/Makefile.am b/src/Makefile.am
index d66c39e..ff96120 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -84,7 +84,8 @@ gpgol_SOURCES = \
 	mailitem-events.cpp \
 	attachment.h attachment.cpp \
 	windowmessages.h windowmessages.cpp \
-	gpgolstr.h gpgolstr.cpp
+	gpgolstr.h gpgolstr.cpp \
+	mail.h mail.cpp
 
 
 #treeview_SOURCES = treeview.c
diff --git a/src/application-events.cpp b/src/application-events.cpp
index 196e6ed..4fe89cc 100644
--- a/src/application-events.cpp
+++ b/src/application-events.cpp
@@ -23,10 +23,10 @@
    in their invoke methods.
 */
 #include "eventsink.h"
-#include "eventsinks.h"
 #include "ocidl.h"
 #include "common.h"
 #include "oomhelp.h"
+#include "mail.h"
 
 /* Application Events */
 BEGIN_EVENT_SINK(ApplicationEvents, IDispatch)
@@ -63,7 +63,6 @@ EVENT_SINK_INVOKE(ApplicationEvents)
       case ItemLoad:
         {
           LPDISPATCH mailItem;
-          LPDISPATCH mailEventSink;
           /* The mailItem should be the first argument */
           if (!parms || parms->cArgs != 1 ||
               parms->rgvarg[0].vt != VT_DISPATCH)
@@ -83,23 +82,9 @@ EVENT_SINK_INVOKE(ApplicationEvents)
                          SRCNAME, __func__);
               break;
             }
-          log_debug ("%s:%s: Installing event sink on mailitem: %p",
+          log_debug ("%s:%s: Creating mail object for item: %p",
                      SRCNAME, __func__, mailItem);
-          mailEventSink = install_MailItemEvents_sink (mailItem);
-          /* TODO figure out what we need to do with the event sink.
-             Does it need to be Released at some point? What happens
-             on unload? */
-          if (!mailEventSink)
-            {
-              log_error ("%s:%s: Failed to install MailItemEvents sink.",
-                         SRCNAME, __func__);
-            }
-          else
-            {
-              log_debug ("%s:%s: MailItem event handler installed.",
-                         SRCNAME, __func__);
-            }
-          mailItem->Release ();
+          new Mail (mailItem);
           break;
         }
       default:
diff --git a/src/gpgoladdin.cpp b/src/gpgoladdin.cpp
index 81e43b3..5ba8a72 100644
--- a/src/gpgoladdin.cpp
+++ b/src/gpgoladdin.cpp
@@ -167,7 +167,7 @@ GpgolAddin::~GpgolAddin (void)
              SRCNAME, __func__);
 
   m_ribbonExtender->Release ();
-  m_applicationEventSink->Release ();
+  m_applicationEventSink->Release() ;
 
   if (!m_disabled)
     {
diff --git a/src/mail.cpp b/src/mail.cpp
new file mode 100644
index 0000000..1e7d9bc
--- /dev/null
+++ b/src/mail.cpp
@@ -0,0 +1,282 @@
+/* @file mail.h
+ * @brief High level class to work with Outlook Mailitems.
+ *
+ *    Copyright (C) 2015 Intevation GmbH
+ *
+ * This file is part of GpgOL.
+ *
+ * GpgOL is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * GpgOL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "config.h"
+#include "common.h"
+#include "mail.h"
+#include "eventsinks.h"
+#include "attachment.h"
+#include "mapihelp.h"
+#include "message.h"
+
+#include <map>
+
+static std::map<LPDISPATCH, Mail*> g_mail_map;
+
+/* TODO: Localize this once it is less bound to change.
+   TODO: Use a dedicated message for failed decryption. */
+#define HTML_TEMPLATE  \
+"<html><head></head><body>" \
+"<table border=\"0\" width=\"100%\" cellspacing=\"1\" cellpadding=\"1\" bgcolor=\"#0069cc\">" \
+"<tr>" \
+"<td bgcolor=\"#0080ff\">" \
+"<p><span style=\"font-weight:600; background-color:#0080ff;\"><center>This message is encrypted</center><span></p></td></tr>" \
+"<tr>" \
+"<td bgcolor=\"#e0f0ff\">" \
+"<center>" \
+"<br/>You can decrypt this message with GnuPG" \
+"<br/>Open this message to decrypt it." \
+"<br/>Opening any attachments while this message is shown will only give you access to encrypted data. </center>" \
+"<br/><br/>If you have GpgOL (The GnuPG Outlook plugin installed) this message should have been automatically decrypted." \
+"<br/>Reasons that you still see this message can be: " \
+"<ul>" \
+"<li>Decryption failed: <ul><li> Refer to the Decrypt / Verify popup window for details.</li></ul></li>" \
+"<li>Outlook tried to save the decrypted content:" \
+" <ul> "\
+" <li>To protect your data GpgOL encrypts a message when it is saved by Outlook.</li>" \
+" <li>You will need to restart Outlook to allow GpgOL to decrypt this message again.</li>" \
+" </ul>" \
+"<li>GpgOL is not activated: <ul><li>Check under Options -> Add-Ins -> COM-Add-Ins to see if this is the case.</li></ul></li>" \
+"</ul>"\
+"</td></tr>" \
+"</table></body></html>"
+
+Mail::Mail (LPDISPATCH mailitem) :
+    m_mailitem(mailitem),
+    m_processed(false),
+    m_needs_wipe(false),
+    m_crypt_successful(false)
+{
+  if (get_mail_for_item (mailitem))
+    {
+      log_error ("Mail object for item: %p already exists. Bug.",
+                 mailitem);
+      return;
+    }
+
+  m_event_sink = install_MailItemEvents_sink (mailitem);
+  if (!m_event_sink)
+    {
+      /* Should not happen but in that case we don't add us to the list
+         and just release the Mail item. */
+      log_error ("%s:%s: Failed to install MailItemEvents sink.",
+                 SRCNAME, __func__);
+      mailitem->Release ();
+      return;
+    }
+  g_mail_map.insert (std::pair<LPDISPATCH, Mail *> (mailitem, this));
+}
+
+int
+Mail::process_message ()
+{
+  int err;
+  LPMESSAGE message = get_oom_base_message (m_mailitem);
+  if (!message)
+    {
+      log_error ("%s:%s: Failed to get base message.",
+                 SRCNAME, __func__);
+      return 0;
+    }
+  log_oom_extra ("%s:%s: GetBaseMessage OK.",
+                 SRCNAME, __func__);
+  err = message_incoming_handler (message, NULL,
+                                  false);
+  m_processed = (err == 1) || (err == 2);
+
+  log_debug ("%s:%s: incoming handler status: %i",
+             SRCNAME, __func__, err);
+  message->Release ();
+  return 0;
+}
+
+Mail::~Mail()
+{
+  std::map<LPDISPATCH, Mail *>::iterator it;
+
+  detach_MailItemEvents_sink (m_event_sink);
+
+  it = g_mail_map.find(m_mailitem);
+  if (it != g_mail_map.end())
+    {
+      g_mail_map.erase (it);
+    }
+
+  m_mailitem->Release ();
+}
+
+Mail *
+Mail::get_mail_for_item (LPDISPATCH mailitem)
+{
+  if (!mailitem)
+    {
+      return NULL;
+    }
+  std::map<LPDISPATCH, Mail *>::iterator it;
+  it = g_mail_map.find(mailitem);
+  if (it == g_mail_map.end())
+    {
+      return NULL;
+    }
+  return it->second;
+}
+
+int
+Mail::insert_plaintext ()
+{
+  int err = 0;
+  int is_html, was_protected = 0;
+  char *body = NULL;
+
+  if (!m_processed)
+    {
+      return 0;
+    }
+
+  /* Outlook somehow is confused about the attachment
+     table of our sent mails. The securemessage interface
+     gives us access to the real attach table but the attachment
+     table of the message itself is broken. */
+  LPMESSAGE base_message = get_oom_base_message (m_mailitem);
+  if (!base_message)
+    {
+      log_error ("%s:%s: Failed to get base message",
+                 SRCNAME, __func__);
+      return 0;
+    }
+  err = mapi_get_gpgol_body_attachment (base_message, &body, NULL,
+                                        &is_html, &was_protected);
+  m_needs_wipe = was_protected;
+  if (err || !body)
+    {
+      log_error ("%s:%s: Failed to get body attachment. Err: %i",
+                 SRCNAME, __func__, err);
+      put_oom_string (m_mailitem, "HTMLBody", HTML_TEMPLATE);
+      err = -1;
+      goto done;
+    }
+  if (put_oom_string (m_mailitem, is_html ? "HTMLBody" : "Body", body))
+    {
+      log_error ("%s:%s: Failed to modify body of item.",
+                 SRCNAME, __func__);
+      err = -1;
+    }
+
+  xfree (body);
+  /* TODO: unprotect attachments does not work for sent mails
+     as the attachment table of the mapiitem is invalid.
+     We need to somehow get outlook to use the attachment table
+     of the base message and and then decrypt those.
+     This will probably mean removing all attachments for the
+     message and adding the attachments from the base message then
+     we can call unprotect_attachments as usual. */
+  if (unprotect_attachments (m_mailitem))
+    {
+      log_error ("%s:%s: Failed to unprotect attachments.",
+                 SRCNAME, __func__);
+      err = -1;
+    }
+
+done:
+  RELDISP (base_message);
+  return err;
+}
+
+int
+Mail::do_crypto ()
+{
+  int err = -1,
+      flags = 0;
+  if (!needs_crypto())
+    {
+      return 0;
+    }
+  LPMESSAGE message = get_oom_base_message (m_mailitem);
+  if (!message)
+    {
+      log_error ("%s:%s: Failed to get base message.",
+                 SRCNAME, __func__);
+      return err;
+    }
+  flags = get_gpgol_draft_info_flags (message);
+  if (flags == 3)
+    {
+      log_debug ("%s:%s: Sign / Encrypting message",
+                 SRCNAME, __func__);
+      err = message_sign_encrypt (message, PROTOCOL_UNKNOWN,
+                                  NULL);
+    }
+  else if (flags == 2)
+    {
+      err = message_sign (message, PROTOCOL_UNKNOWN,
+                          NULL);
+    }
+  else if (flags == 1)
+    {
+      err = message_encrypt (message, PROTOCOL_UNKNOWN,
+                             NULL);
+    }
+  else
+    {
+      log_debug ("%s:%s: Unknown flags for crypto: %i",
+                 SRCNAME, __func__, flags);
+    }
+  log_debug ("%s:%s: Status: %i",
+             SRCNAME, __func__, err);
+  message->Release ();
+  m_crypt_successful = !err;
+  return err;
+}
+
+bool
+Mail::needs_crypto ()
+{
+  LPMESSAGE message = get_oom_message (m_mailitem);
+  bool ret;
+  if (!message)
+    {
+      log_error ("%s:%s: Failed to get message.",
+                 SRCNAME, __func__);
+      return false;
+    }
+  ret = get_gpgol_draft_info_flags (message);
+  message->Release ();
+  return ret;
+}
+
+int
+Mail::wipe ()
+{
+  if (!m_needs_wipe)
+    {
+      return 0;
+    }
+  log_debug ("%s:%s: Removing plaintext from mailitem: %p.",
+             SRCNAME, __func__, m_mailitem);
+  if (put_oom_string (m_mailitem, "HTMLBody",
+                      HTML_TEMPLATE) ||
+      protect_attachments (m_mailitem))
+    {
+      return -1;
+    }
+  m_needs_wipe = false;
+  return 0;
+}
diff --git a/src/mail.h b/src/mail.h
new file mode 100644
index 0000000..019e9bb
--- /dev/null
+++ b/src/mail.h
@@ -0,0 +1,107 @@
+/* @file mail.h
+ * @brief High level class to work with Outlook Mailitems.
+ *
+ *    Copyright (C) 2015 Intevation GmbH
+ *
+ * This file is part of GpgOL.
+ *
+ * GpgOL is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * GpgOL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+#ifndef MAIL_H
+#define MAIL_H
+
+#include "oomhelp.h"
+
+/** @brief Data wrapper around a mailitem.
+ *
+ * This class is intended to bundle all that we know about
+ * a Mail. Due to the restrictions in Outlook we sometimes may
+ * need additional information that is not available at the time
+ * like the sender address of an exchange account in the afterWrite
+ * event.
+ *
+ * This class bundles such information and also provides a way to
+ * access the event handler of a mail.
+ */
+class Mail
+{
+public:
+  /** @brief Construct a mail object for the item.
+    *
+    * This also installs the event sink for this item.
+    *
+    * The mail object takes ownership of the mailitem
+    * reference. Do not Release it! */
+  Mail (LPDISPATCH mailitem);
+
+  ~Mail ();
+
+  /** @brief looks for existing Mail objects for the OOM mailitem.
+
+    @returns A reference to an existing mailitem or NULL in case none
+    could be found.
+  */
+  static Mail* get_mail_for_item (LPDISPATCH mailitem);
+
+  /** @brief Reference to the mailitem. Do not Release! */
+  LPDISPATCH item () { return m_mailitem; }
+
+  /** @brief Process the message. Ususally to be called from BeforeRead.
+   *
+   * This function assumes that the base message interface can be accessed
+   * and calles the MAPI Message handling which creates the GpgOL style
+   * attachments and sets up the message class etc.
+   *
+   * Sets the was_encrypted / processed variables.
+   *
+   * @returns 0 on success.
+   */
+  int process_message ();
+
+  /** @brief Replace the body with the plaintext and session decrypts
+   * attachments.
+   *
+   * Sets the needs_wipe variable.
+   *
+   * @returns 0 on success. */
+  int insert_plaintext ();
+
+  /** @brief do crypto operations as selected by the user.
+   *
+   * Initiates the crypto operations according to the gpgol
+   * draft info flags.
+   *
+   * @returns 0 on success. */
+  int do_crypto ();
+
+  /** @brief Necessary crypto operations were completed successfully. */
+  bool crypto_successful () { return !needs_crypto() || m_crypt_successful; }
+
+  /** @brief Message should be encrypted and or signed. */
+  bool needs_crypto ();
+
+  /** @brief wipe the plaintext from the message and ecnrypt attachments.
+   *
+   * @returns 0 on success; */
+  int wipe ();
+
+private:
+  LPDISPATCH m_mailitem;
+  LPDISPATCH m_event_sink;
+  char * m_sender_addr;
+  bool m_processed,    /* The message has been porcessed by us.  */
+       m_needs_wipe,   /* We have added plaintext to the mesage. */
+       m_crypt_successful; /* We successfuly performed crypto on the item. */
+};
+#endif // MAIL_H
diff --git a/src/mailitem-events.cpp b/src/mailitem-events.cpp
index 2c002b2..e187d60 100644
--- a/src/mailitem-events.cpp
+++ b/src/mailitem-events.cpp
@@ -22,43 +22,12 @@
 #include "eventsink.h"
 #include "eventsinks.h"
 #include "mymapi.h"
-#include "message.h"
 #include "oomhelp.h"
 #include "ocidl.h"
-#include "attachment.h"
-#include "mapihelp.h"
-#include "gpgoladdin.h"
 #include "windowmessages.h"
+#include "mail.h"
 
 
-/* TODO: Localize this once it is less bound to change.
-   TODO: Use a dedicated message for failed decryption. */
-#define HTML_TEMPLATE  \
-"<html><head></head><body>" \
-"<table border=\"0\" width=\"100%\" cellspacing=\"1\" cellpadding=\"1\" bgcolor=\"#0069cc\">" \
-"<tr>" \
-"<td bgcolor=\"#0080ff\">" \
-"<p><span style=\"font-weight:600; background-color:#0080ff;\"><center>This message is encrypted</center><span></p></td></tr>" \
-"<tr>" \
-"<td bgcolor=\"#e0f0ff\">" \
-"<center>" \
-"<br/>You can decrypt this message with GnuPG" \
-"<br/>Open this message to decrypt it." \
-"<br/>Opening any attachments while this message is shown will only give you access to encrypted data. </center>" \
-"<br/><br/>If you have GpgOL (The GnuPG Outlook plugin installed) this message should have been automatically decrypted." \
-"<br/>Reasons that you still see this message can be: " \
-"<ul>" \
-"<li>Decryption failed: <ul><li> Refer to the Decrypt / Verify popup window for details.</li></ul></li>" \
-"<li>Outlook tried to save the decrypted content:" \
-" <ul> "\
-" <li>To protect your data GpgOL encrypts a message when it is saved by Outlook.</li>" \
-" <li>You will need to restart Outlook to allow GpgOL to decrypt this message again.</li>" \
-" </ul>" \
-"<li>GpgOL is not activated: <ul><li>Check under Options -> Add-Ins -> COM-Add-Ins to see if this is the case.</li></ul></li>" \
-"</ul>"\
-"</td></tr>" \
-"</table></body></html>"
-
 typedef enum
   {
     AfterWrite = 0xFC8D,
@@ -94,15 +63,8 @@ BEGIN_EVENT_SINK(MailItemEvents, IDispatch)
 /* We are still in the class declaration */
 
 private:
-  bool m_send_seen,   /* The message is about to be submitted */
-       m_want_html,    /* Encryption of HTML is desired. */
-       m_processed,    /* The message has been porcessed by us.  */
-       m_needs_wipe,   /* We have added plaintext to the mesage. */
-       m_was_encrypted, /* The original message was encrypted.  */
-       m_crypt_successful; /* We successfuly performed crypto on the item. */
-
-  HRESULT handle_before_read();
-  HRESULT handle_read();
+  Mail * m_mail; /* The mail object related to this mailitem */
+  bool m_send_seen;   /* The message is about to be submitted */
 };
 
 MailItemEvents::MailItemEvents() :
@@ -110,10 +72,8 @@ MailItemEvents::MailItemEvents() :
     m_pCP(NULL),
     m_cookie(0),
     m_ref(1),
-    m_send_seen(false),
-    m_want_html(false),
-    m_processed(false),
-    m_crypt_successful(false)
+    m_mail(NULL),
+    m_send_seen (false)
 {
 }
 
@@ -125,127 +85,7 @@ MailItemEvents::~MailItemEvents()
     m_object->Release();
 }
 
-HRESULT
-MailItemEvents::handle_read()
-{
-  int err;
-  int is_html, was_protected = 0;
-  char *body = NULL;
-  /* Outlook somehow is confused about the attachment
-     table of our sent mails. The securemessage interface
-     gives us access to the real attach table but the attachment
-     table of the message itself is broken. */
-  LPMESSAGE base_message = get_oom_base_message (m_object);
-  if (!base_message)
-    {
-      log_error ("%s:%s: Failed to get base message \n",
-                 SRCNAME, __func__);
-      return S_OK;
-    }
-  err = mapi_get_gpgol_body_attachment (base_message, &body, NULL,
-                                        &is_html, &was_protected);
-  if (err || !body)
-    {
-      log_error ("%s:%s: Failed to get body attachment of \n",
-                 SRCNAME, __func__);
-      put_oom_string (m_object, "HTMLBody", HTML_TEMPLATE);
-      goto done;
-    }
-  if (put_oom_string (m_object, is_html ? "HTMLBody" : "Body", body))
-    {
-      log_error ("%s:%s: Failed to modify body of item. \n",
-                 SRCNAME, __func__);
-    }
-
-  xfree (body);
-  /* TODO: unprotect attachments does not work for sent mails
-     as the attachment table of the mapiitem is invalid.
-     We need to somehow get outlook to use the attachment table
-     of the base message and and then decrypt those.
-     This will probably mean removing all attachments for the
-     message and adding the attachments from the base message then
-     we can call unprotect_attachments as usual. */
-  if (unprotect_attachments (m_object))
-    {
-      log_error ("%s:%s: Failed to unprotect attachments. \n",
-                 SRCNAME, __func__);
-    }
-
-done:
-  RELDISP (base_message);
-  return S_OK;
-}
-
-/* Before read is the time where we can access the underlying
-   base message. So this is where we create our attachment. */
-HRESULT
-MailItemEvents::handle_before_read()
-{
-  int err;
-  LPMESSAGE message = get_oom_base_message (m_object);
-  if (!message)
-    {
-      log_error ("%s:%s: Failed to get base message.",
-                 SRCNAME, __func__);
-      return S_OK;
-    }
-  log_oom_extra ("%s:%s: GetBaseMessage OK.",
-                 SRCNAME, __func__);
-  err = message_incoming_handler (message, NULL,
-                                  false);
-  m_processed = (err == 1) || (err == 2);
-  m_was_encrypted = err == 2;
-
-  log_debug ("%s:%s: incoming handler status: %i",
-             SRCNAME, __func__, err);
-  message->Release ();
-  return S_OK;
-}
-
-
-static int
-do_crypto_on_item (LPDISPATCH mailitem)
-{
-  int err = -1,
-      flags = 0;
-  LPMESSAGE message = get_oom_base_message (mailitem);
-  if (!message)
-    {
-      log_error ("%s:%s: Failed to get base message.",
-                 SRCNAME, __func__);
-      return err;
-    }
-  flags = get_gpgol_draft_info_flags (message);
-  if (flags == 3)
-    {
-      log_debug ("%s:%s: Sign / Encrypting message",
-                 SRCNAME, __func__);
-      err = message_sign_encrypt (message, PROTOCOL_UNKNOWN,
-                                  NULL);
-    }
-  else if (flags == 2)
-    {
-      err = message_sign (message, PROTOCOL_UNKNOWN,
-                          NULL);
-    }
-  else if (flags == 1)
-    {
-      err = message_encrypt (message, PROTOCOL_UNKNOWN,
-                             NULL);
-    }
-  else
-    {
-      log_debug ("%s:%s: Unknown flags for crypto: %i",
-                 SRCNAME, __func__, flags);
-    }
-  log_debug ("%s:%s: Status: %i",
-             SRCNAME, __func__, err);
-  message->Release ();
-  return err;
-}
-
-
-DWORD WINAPI
+static DWORD WINAPI
 request_send (LPVOID arg)
 {
   log_debug ("%s:%s: requesting send for: %p",
@@ -261,21 +101,6 @@ request_send (LPVOID arg)
   return 0;
 }
 
-static bool
-needs_crypto (LPDISPATCH mailitem)
-{
-  LPMESSAGE message = get_oom_message (mailitem);
-  bool ret;
-  if (!message)
-    {
-      log_error ("%s:%s: Failed to get message.",
-                 SRCNAME, __func__);
-      return false;
-    }
-  ret = get_gpgol_draft_info_flags (message);
-  message->Release ();
-  return ret;
-}
 
 /* The main Invoke function. The return value of this
    function does not appear to have any effect on outlook
@@ -288,20 +113,35 @@ needs_crypto (LPDISPATCH mailitem)
 EVENT_SINK_INVOKE(MailItemEvents)
 {
   USE_INVOKE_ARGS
+  if (!m_mail)
+    {
+      m_mail = Mail::get_mail_for_item (m_object);
+      if (!m_mail)
+        {
+          log_error ("%s:%s: mail event without mail object known. Bug.",
+                     SRCNAME, __func__);
+          return S_OK;
+        }
+    }
   switch(dispid)
     {
       case BeforeRead:
         {
-          return handle_before_read();
+          if (m_mail->process_message ())
+            {
+              log_error ("%s:%s: Process message failed.",
+                         SRCNAME, __func__);
+            }
+          break;
         }
       case Read:
         {
-          if (m_processed)
+          if (m_mail->insert_plaintext ())
             {
-              m_needs_wipe = m_was_encrypted;
-              handle_read();
+              log_error ("%s:%s: Failed to insert plaintext into oom.",
+                         SRCNAME, __func__);
             }
-          return S_OK;
+          break;
         }
       case Send:
         {
@@ -326,7 +166,7 @@ EVENT_SINK_INVOKE(MailItemEvents)
                         SRCNAME, __func__);
              break;
            }
-          if (!needs_crypto (m_object) || m_crypt_successful)
+          if (m_mail->crypto_successful ())
             {
                log_debug ("%s:%s: Passing send event for message %p.",
                           SRCNAME, __func__, m_object);
@@ -355,23 +195,16 @@ EVENT_SINK_INVOKE(MailItemEvents)
                       SRCNAME, __func__);
              break;
            }
-          if (m_processed && m_needs_wipe && !m_send_seen)
+
+          if (m_mail->wipe ())
             {
-              log_debug ("%s:%s: Message %p removing plaintext from Message.",
-                         SRCNAME, __func__, m_object);
-              if (put_oom_string (m_object, "HTMLBody",
-                                  HTML_TEMPLATE) ||
-                  protect_attachments (m_object))
-                {
-                  /* An error cleaning the mail should not happen normally.
-                     But just in case there is an error we cancel the
-                     write here. */
-                  log_debug ("%s:%s: Failed to remove plaintext.",
-                             SRCNAME, __func__);
-                  *(parms->rgvarg[0].pboolVal) = VARIANT_TRUE;
-                  return E_ABORT;
-                }
-              m_needs_wipe = false;
+              /* An error cleaning the mail should not happen normally.
+                 But just in case there is an error we cancel the
+                 write here. */
+              log_debug ("%s:%s: Failed to remove plaintext.",
+                         SRCNAME, __func__);
+              *(parms->rgvarg[0].pboolVal) = VARIANT_TRUE;
+              return E_ABORT;
             }
           break;
         }
@@ -380,8 +213,8 @@ EVENT_SINK_INVOKE(MailItemEvents)
           if (m_send_seen)
             {
               m_send_seen = false;
-              m_crypt_successful = !do_crypto_on_item (m_object);
-              if (m_crypt_successful)
+              m_mail->do_crypto ();
+              if (m_mail->crypto_successful ())
                 {
                   /* We can't trigger a Send event in the current state.
                      Appearently Outlook locks some methods in some events.
@@ -396,12 +229,9 @@ EVENT_SINK_INVOKE(MailItemEvents)
         }
       case Unload:
         {
-          log_debug ("%s:%s: Unloading event handler for msg: %p.",
+          log_debug ("%s:%s: Removing Mail for message: %p.",
                      SRCNAME, __func__, m_object);
-          detach_MailItemEvents_sink (this);
-          delete this;
-          log_debug ("%s:%s: Unloaded.",
-                     SRCNAME, __func__);
+          delete m_mail;
           return S_OK;
         }
       default:

commit 55c2d14b39e67bf722ac29cd4854ab3dcd0d85fa
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Fri Oct 30 14:46:54 2015 +0100

    Fix recipient lookup for SMTP addresses
    
    * src/message.cpp (get_recipients): Look for SMTP address property
    and also the EMAIL address property.
    
    --
    For SMTP Addresses in the EMAIL address property the STMP address
    is not set. So we check first for SMTP (which handles exchange)
    and if we don't find that property we use the EMAIL value as before.

diff --git a/src/message.cpp b/src/message.cpp
index e1eca26..34dd48f 100644
--- a/src/message.cpp
+++ b/src/message.cpp
@@ -1112,9 +1112,8 @@ message_decrypt (LPMESSAGE message, msgtype_t msgtype, int force, HWND hwnd)
 static char **
 get_recipients (LPMESSAGE message)
 {
-  ULONG addr_prop = g_ol_version_major > 13 ? PR_SMTP_ADDRESS :
-                                              PR_EMAIL_ADDRESS;
-  static SizedSPropTagArray (1L, PropRecipientNum) = {1L, {addr_prop}};
+  static SizedSPropTagArray (2L, PropRecipientNum) = {2L, {PR_SMTP_ADDRESS,
+                                                           PR_EMAIL_ADDRESS}};
   HRESULT hr;
   LPMAPITABLE lpRecipientTable = NULL;
   LPSRowSet lpRecipientRows = NULL;
@@ -1148,28 +1147,40 @@ get_recipients (LPMESSAGE message)
 
   for (rowidx=0, rsetidx=0; rowidx < lpRecipientRows->cRows; rowidx++)
     {
-      if (!lpRecipientRows->aRow[rowidx].cValues)
-        continue;
-      row = lpRecipientRows->aRow[rowidx].lpProps;
-
-      switch (PROP_TYPE (row->ulPropTag))
+      bool found_one = false;
+      for (int colidx = 0; colidx < lpRecipientRows->aRow[rowidx].cValues;
+           colidx++)
         {
-        case PT_UNICODE:
-          if ((rset[rsetidx] = wchar_to_utf8 (row->Value.lpszW)))
-            rsetidx++;
-          else
-            log_debug ("%s:%s: error converting recipient to utf8\n",
-                       SRCNAME, __func__);
-          break;
-      
-        case PT_STRING8: /* Assume ASCII. */
-          rset[rsetidx++] = xstrdup (row->Value.lpszA);
-          break;
-          
-        default:
-          log_debug ("%s:%s: proptag=0x%08lx not supported\n",
-                     SRCNAME, __func__, row->ulPropTag);
-          break;
+          row = lpRecipientRows->aRow[rowidx].lpProps;
+
+          switch (PROP_TYPE (row->ulPropTag))
+            {
+            case PT_UNICODE:
+              if ((rset[rsetidx] = wchar_to_utf8 (row->Value.lpszW)))
+                {
+                  rsetidx++;
+                  found_one = true;
+                }
+              else
+                log_debug ("%s:%s: error converting recipient to utf8\n",
+                           SRCNAME, __func__);
+              break;
+
+            case PT_STRING8: /* Assume ASCII. */
+              rset[rsetidx++] = xstrdup (row->Value.lpszA);
+              found_one = true;
+              break;
+
+            default:
+              log_debug ("%s:%s: proptag=0x%08lx not supported\n",
+                         SRCNAME, __func__, row->ulPropTag);
+              break;
+            }
+          if (found_one)
+            {
+              break;
+            }
+
         }
     }
 

commit c351c76ad43ffb3b59900c8c48256bf911495820
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Wed Oct 28 12:40:44 2015 +0100

    Fix recipient address lookup for Exchange addrs
    
    * src/gpgoladdin.cpp (GpgolAddin::OnConnection): Store major version.
    * src/main.c: Define major version variable.
    * src/message.cpp (get_recipients): Use SMTP addr property for new
      versions.
    * src/mymapitags.h: Define SMTP_ADDRESS property ids.
    * src/olflange.cpp (GpgolExt:Install): Store major version.
    * src/oomhelp.h: Rename PR_SMTP_ADDRESS URI to PR_STMP_ADDRESS_DASL.
    * src/oomhelp.cpp (get_oom_recipients): Update accordingly.
    * src/ribbon-callbacks.cpp (do_composer_action, do_reader_action),
      (attachEncryptedFile): Update accordingly.
    * src/util.h: Declare major version variable.
    
    --
    We can't use the OOM Recipient objects here as this is not
    accessible in the after write event. This still leaves the
    sender lookup to be done. There appears to be no MAPI property
    that contains the SMTP Address of the sender when sending mails
    through exchange.

diff --git a/src/gpgoladdin.cpp b/src/gpgoladdin.cpp
index 74b7fcc..81e43b3 100644
--- a/src/gpgoladdin.cpp
+++ b/src/gpgoladdin.cpp
@@ -235,6 +235,8 @@ GpgolAddin::OnConnection (LPDISPATCH Application, ext_ConnectMode ConnectMode,
   log_debug ("%s:%s:   using GPGME %s\n",
              SRCNAME, __func__, version);
 
+  g_ol_version_major = atoi (version);
+
   if (!version || !strlen (version) ||
       (strncmp (version, "14", 2) &&
        strncmp (version, "15", 2) &&
diff --git a/src/main.c b/src/main.c
index 5e3a05d..6e7eb79 100644
--- a/src/main.c
+++ b/src/main.c
@@ -53,6 +53,9 @@ static char *the_session_marker;
 static char *get_locale_dir (void);
 static void drop_locale_dir (char *locale_dir);
 
+/* The major version of Outlook we are attached to */
+int g_ol_version_major;
+
 
 

 /* Initialization of gloabl options.  These are merely the defaults
diff --git a/src/message.cpp b/src/message.cpp
index 9344246..e1eca26 100644
--- a/src/message.cpp
+++ b/src/message.cpp
@@ -1112,7 +1112,9 @@ message_decrypt (LPMESSAGE message, msgtype_t msgtype, int force, HWND hwnd)
 static char **
 get_recipients (LPMESSAGE message)
 {
-  static SizedSPropTagArray (1L, PropRecipientNum) = {1L, {PR_EMAIL_ADDRESS}};
+  ULONG addr_prop = g_ol_version_major > 13 ? PR_SMTP_ADDRESS :
+                                              PR_EMAIL_ADDRESS;
+  static SizedSPropTagArray (1L, PropRecipientNum) = {1L, {addr_prop}};
   HRESULT hr;
   LPMAPITABLE lpRecipientTable = NULL;
   LPSRowSet lpRecipientRows = NULL;
diff --git a/src/mymapitags.h b/src/mymapitags.h
index 7eda9b4..c85ce37 100644
--- a/src/mymapitags.h
+++ b/src/mymapitags.h
@@ -838,6 +838,9 @@
 #define PR_INITIAL_DETAILS_PANE               PROP_TAG( PT_LONG,        0x3F08)
 #define PR_MSG_EDITOR_FORMAT                  PROP_TAG( PT_LONG,        0x5903)
 #define PR_ATTACHMENT_HIDDEN                  PROP_TAG( PT_BOOLEAN,     0x7ffe)
+#define PR_SMTP_ADDRESS                       PROP_TAG( PT_TSTRING,     0x39fe)
+#define PR_SMTP_ADDRESS_W                     PROP_TAG( PT_UNICODE,     0x39fe)
+#define PR_SMTP_ADDRESS_A                     PROP_TAG( PT_STRING8,     0x39fe)
 
 #define PROP_ID_SECURE_MIN                0x67F0
 #define PROP_ID_SECURE_MAX                0x67FF
diff --git a/src/olflange.cpp b/src/olflange.cpp
index f24b134..3850d06 100644
--- a/src/olflange.cpp
+++ b/src/olflange.cpp
@@ -686,6 +686,7 @@ GpgolExt::Install(LPEXCHEXTCALLBACK pEECB, ULONG lContext, ULONG lFlags)
           if (disp)
             {
               olversion = get_oom_string (disp, "Version");
+              g_ol_version_major = atoi (olversion);
               disp->Release ();
             }
           obj->Release ();
diff --git a/src/oomhelp.cpp b/src/oomhelp.cpp
index a04b4be..7ba2775 100644
--- a/src/oomhelp.cpp
+++ b/src/oomhelp.cpp
@@ -903,7 +903,7 @@ get_oom_recipients (LPDISPATCH recipients)
           char *address,
                *resolved;
           address = get_oom_string (recipient, "Address");
-          resolved = get_pa_string (recipient, PR_SMTP_ADDRESS);
+          resolved = get_pa_string (recipient, PR_SMTP_ADDRESS_DASL);
           if (resolved)
             {
               xfree (address);
diff --git a/src/oomhelp.h b/src/oomhelp.h
index 66c9cab..9d2a3b3 100644
--- a/src/oomhelp.h
+++ b/src/oomhelp.h
@@ -77,8 +77,8 @@ DEFINE_OLEGUID(IID_IUnknown,                  0x00000000, 0, 0);
 DEFINE_OLEGUID(IID_IDispatch,                 0x00020400, 0, 0);
 DEFINE_OLEGUID(IID_IOleWindow,                0x00000114, 0, 0);
 
-#ifndef PR_SMTP_ADDRESS
-#define PR_SMTP_ADDRESS "http://schemas.microsoft.com/mapi/proptag/0x39FE001E"
+#ifndef PR_SMTP_ADDRESS_DASL
+#define PR_SMTP_ADDRESS_DASL "http://schemas.microsoft.com/mapi/proptag/0x39FE001E"
 #endif
 
 #ifdef __cplusplus
diff --git a/src/ribbon-callbacks.cpp b/src/ribbon-callbacks.cpp
index 8af2a30..e9182fe 100644
--- a/src/ribbon-callbacks.cpp
+++ b/src/ribbon-callbacks.cpp
@@ -296,7 +296,7 @@ do_composer_action (LPDISPATCH ctrl, int flags)
   engine_set_session_number (filter, session_number);
   engine_set_session_title (filter, _("GpgOL"));
 
-  senderAddr = get_pa_string (sender, PR_SMTP_ADDRESS);
+  senderAddr = get_pa_string (sender, PR_SMTP_ADDRESS_DASL);
 
   if (flags & OP_ENCRYPT)
     {
@@ -732,7 +732,7 @@ do_reader_action (LPDISPATCH ctrl, int flags)
         {
           /* Not SMTP, fall back to try getting the property. */
           LPDISPATCH sender = get_oom_object (mailItem, "Sender");
-          senderAddr = get_pa_string (sender, PR_SMTP_ADDRESS);
+          senderAddr = get_pa_string (sender, PR_SMTP_ADDRESS_DASL);
           RELDISP (sender);
         }
       xfree (addrType);
@@ -742,7 +742,7 @@ do_reader_action (LPDISPATCH ctrl, int flags)
       /* If the message has not been sent we might be composing
          in this case use the current address */
       LPDISPATCH sender = get_oom_object (mailItem, "Session.CurrentUser");
-      senderAddr = get_pa_string (sender, PR_SMTP_ADDRESS);
+      senderAddr = get_pa_string (sender, PR_SMTP_ADDRESS_DASL);
       RELDISP (sender);
     }
 
@@ -1127,7 +1127,7 @@ attachEncryptedFile (LPDISPATCH ctrl, int flags)
       goto failure;
     }
 
-  senderAddr = get_pa_string (sender, PR_SMTP_ADDRESS);
+  senderAddr = get_pa_string (sender, PR_SMTP_ADDRESS_DASL);
 
   curWindow = get_oom_context_window (context);
 
diff --git a/src/util.h b/src/util.h
index 88ff7bd..3dfab5f 100644
--- a/src/util.h
+++ b/src/util.h
@@ -170,7 +170,7 @@ _gpgol_stpcpy (char *a, const char *b)
 #define stpcpy(a,b) _gpgol_stpcpy ((a), (b))
 #endif /*!HAVE_STPCPY*/
 
-
+extern int g_ol_version_major;
 
 #ifdef __cplusplus
 }

-----------------------------------------------------------------------

Summary of changes:
 src/Makefile.am            |   3 +-
 src/application-events.cpp |  21 +---
 src/gpgoladdin.cpp         |   4 +-
 src/mail.cpp               | 282 +++++++++++++++++++++++++++++++++++++++++++++
 src/mail.h                 | 107 +++++++++++++++++
 src/mailitem-events.cpp    | 250 +++++++---------------------------------
 src/main.c                 |   3 +
 src/message.cpp            |  57 +++++----
 src/mymapitags.h           |   3 +
 src/olflange.cpp           |   1 +
 src/oomhelp.cpp            |   2 +-
 src/oomhelp.h              |   4 +-
 src/ribbon-callbacks.cpp   |   8 +-
 src/util.h                 |   2 +-
 14 files changed, 487 insertions(+), 260 deletions(-)
 create mode 100644 src/mail.cpp
 create mode 100644 src/mail.h


hooks/post-receive
-- 
GnuPG extension for MS Outlook
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Oct 30 16:49:16 2015
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Fri, 30 Oct 2015 16:49:16 +0100
Subject: [git] GpgOL - branch, master, updated. gpgol-1.2.0-78-ga3fba91
Message-ID: <E1ZsBmM-00055r-92@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".

The branch, master has been updated
       via  a3fba91652d00c1f38bdf30e2028ddc4ac7fe9ab (commit)
       via  8d8f8c604dffd08d95a100524d88d8d72c15a0fc (commit)
      from  9207e8fb039b4dd4fc9c8e924f46fe9e1f223da0 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit a3fba91652d00c1f38bdf30e2028ddc4ac7fe9ab
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Fri Oct 30 16:48:30 2015 +0100

    Release detached event sink.
    
    * src/mail.cpp (Mail::~Mail): Release detached mail event sink.

diff --git a/src/mail.cpp b/src/mail.cpp
index 67dfbd5..232183a 100644
--- a/src/mail.cpp
+++ b/src/mail.cpp
@@ -114,6 +114,7 @@ Mail::~Mail()
   std::map<LPDISPATCH, Mail *>::iterator it;
 
   detach_MailItemEvents_sink (m_event_sink);
+  m_event_sink->Release ();
 
   it = g_mail_map.find(m_mailitem);
   if (it != g_mail_map.end())

commit 8d8f8c604dffd08d95a100524d88d8d72c15a0fc
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Fri Oct 30 16:41:07 2015 +0100

    Enable sender handling for Exchange Accounts
    
    * src/mail.cpp (Mail::update_sender): New. Updates sender address
      from OOM.
      (Mail::get_sender): New. Access the sender.
      (Mail::do_crypt): Pass sender to crypto functions.
    * src/mail.h: Update accordingly.
    * src/mailitem-events.cpp (EVENT_SINK_INVOKE): Update sender on send
      event.
    * src/message.cpp, src/message.h, src/mimemaker.c, src/mimemaker.h:
      Add optional sender parameter to crypto functions and use it.
    
    --
    In the after write event we can't use OOM methods so we can't look
    up the sender over the session. This makes it neccessary to save
    the sender address beforehand as I could not find any way to get this
    information through MAPI (probably over the MAPISession).

diff --git a/src/mail.cpp b/src/mail.cpp
index 1e7d9bc..67dfbd5 100644
--- a/src/mail.cpp
+++ b/src/mail.cpp
@@ -63,7 +63,8 @@ Mail::Mail (LPDISPATCH mailitem) :
     m_mailitem(mailitem),
     m_processed(false),
     m_needs_wipe(false),
-    m_crypt_successful(false)
+    m_crypt_successful(false),
+    m_sender(NULL)
 {
   if (get_mail_for_item (mailitem))
     {
@@ -222,17 +223,17 @@ Mail::do_crypto ()
       log_debug ("%s:%s: Sign / Encrypting message",
                  SRCNAME, __func__);
       err = message_sign_encrypt (message, PROTOCOL_UNKNOWN,
-                                  NULL);
+                                  NULL, get_sender ());
     }
   else if (flags == 2)
     {
       err = message_sign (message, PROTOCOL_UNKNOWN,
-                          NULL);
+                          NULL, get_sender ());
     }
   else if (flags == 1)
     {
       err = message_encrypt (message, PROTOCOL_UNKNOWN,
-                             NULL);
+                             NULL, get_sender ());
     }
   else
     {
@@ -280,3 +281,38 @@ Mail::wipe ()
   m_needs_wipe = false;
   return 0;
 }
+
+int
+Mail::update_sender ()
+{
+  LPDISPATCH sender = NULL;
+  sender = get_oom_object (m_mailitem, "Session.CurrentUser");
+
+  xfree (m_sender);
+
+  if (!sender)
+    {
+      log_error ("%s:%s: Failed to get sender object.",
+                 SRCNAME, __func__);
+      return -1;
+    }
+  m_sender = get_pa_string (sender, PR_SMTP_ADDRESS_DASL);
+
+  if (!m_sender)
+    {
+      log_error ("%s:%s: Failed to get smtp address of sender.",
+                 SRCNAME, __func__);
+      return -1;
+    }
+  return 0;
+}
+
+const char *
+Mail::get_sender ()
+{
+  if (!m_sender)
+    {
+      update_sender();
+    }
+  return m_sender;
+}
diff --git a/src/mail.h b/src/mail.h
index 019e9bb..fc9ca21 100644
--- a/src/mail.h
+++ b/src/mail.h
@@ -96,12 +96,30 @@ public:
    * @returns 0 on success; */
   int wipe ();
 
+  /** @brief update the sender address.
+   *
+   * For Exchange 2013 at least we don't have any other way to get the
+   * senders SMTP address then through the object model. So we have to
+   * store the sender address for later events that do not allow us to
+   * access the OOM but enable us to work with the underlying MAPI structure.
+   *
+   * @returns 0 on success */
+  int update_sender ();
+
+  /** @brief get sender SMTP address (UTF-8 encoded).
+   *
+   * If the sender address has not been set through update_sender this
+   * calls update_sender before returning the sender.
+   *
+   * @returns A reference to the utf8 sender address. Or NULL. */
+  const char *get_sender ();
+
 private:
   LPDISPATCH m_mailitem;
   LPDISPATCH m_event_sink;
-  char * m_sender_addr;
   bool m_processed,    /* The message has been porcessed by us.  */
        m_needs_wipe,   /* We have added plaintext to the mesage. */
        m_crypt_successful; /* We successfuly performed crypto on the item. */
+  char *m_sender;
 };
 #endif // MAIL_H
diff --git a/src/mailitem-events.cpp b/src/mailitem-events.cpp
index e187d60..910eabf 100644
--- a/src/mailitem-events.cpp
+++ b/src/mailitem-events.cpp
@@ -173,6 +173,7 @@ EVENT_SINK_INVOKE(MailItemEvents)
                m_send_seen = false;
                break;
             }
+          m_mail->update_sender ();
           m_send_seen = true;
           log_debug ("%s:%s: Message %p cancelling send to let us do crypto.",
                      SRCNAME, __func__, m_object);
diff --git a/src/message.cpp b/src/message.cpp
index 34dd48f..7ddd896 100644
--- a/src/message.cpp
+++ b/src/message.cpp
@@ -1213,7 +1213,8 @@ release_recipient_array (char **recipients)
 
 
 static int
-sign_encrypt (LPMESSAGE message, protocol_t protocol, HWND hwnd, int signflag)
+sign_encrypt (LPMESSAGE message, protocol_t protocol, HWND hwnd, int signflag,
+              const char *sender)
 {
   gpg_error_t err;
   char **recipients;
@@ -1229,9 +1230,11 @@ sign_encrypt (LPMESSAGE message, protocol_t protocol, HWND hwnd, int signflag)
   else
     {
       if (signflag)
-        err = mime_sign_encrypt (message, hwnd, protocol, recipients);
+        err = mime_sign_encrypt (message, hwnd, protocol, recipients,
+                                 sender);
       else
-        err = mime_encrypt (message, hwnd, protocol, recipients);
+        err = mime_encrypt (message, hwnd, protocol, recipients,
+                            sender);
       if (gpg_err_code (err) == GPG_ERR_NO_DATA)
         {
           MessageBox (hwnd, _("Encrypting or signing an empty message "
@@ -1254,11 +1257,12 @@ sign_encrypt (LPMESSAGE message, protocol_t protocol, HWND hwnd, int signflag)
 
 /* Sign the MESSAGE.  */
 int 
-message_sign (LPMESSAGE message, protocol_t protocol, HWND hwnd)
+message_sign (LPMESSAGE message, protocol_t protocol, HWND hwnd,
+              const char *sender)
 {
   gpg_error_t err;
 
-  err = mime_sign (message, hwnd, protocol);
+  err = mime_sign (message, hwnd, protocol, sender);
   if (gpg_err_code (err) == GPG_ERR_NO_DATA)
     {
       MessageBox (hwnd, _("Encrypting or signing an empty message "
@@ -1280,17 +1284,19 @@ message_sign (LPMESSAGE message, protocol_t protocol, HWND hwnd)
 
 /* Encrypt the MESSAGE.  */
 int 
-message_encrypt (LPMESSAGE message, protocol_t protocol, HWND hwnd)
+message_encrypt (LPMESSAGE message, protocol_t protocol, HWND hwnd,
+                 const char *sender)
 {
-  return sign_encrypt (message, protocol, hwnd, 0);
+  return sign_encrypt (message, protocol, hwnd, 0, sender);
 }
 
 
 /* Sign+Encrypt the MESSAGE.  */
 int 
-message_sign_encrypt (LPMESSAGE message, protocol_t protocol, HWND hwnd)
+message_sign_encrypt (LPMESSAGE message, protocol_t protocol, HWND hwnd,
+                      const char *sender)
 {
-  return sign_encrypt (message, protocol, hwnd, 1);
+  return sign_encrypt (message, protocol, hwnd, 1, sender);
 }
 
 
diff --git a/src/message.h b/src/message.h
index 7331e99..cd743bb 100644
--- a/src/message.h
+++ b/src/message.h
@@ -34,9 +34,12 @@ int message_verify (LPMESSAGE message, msgtype_t msgtype, int force,
                     HWND hwnd);
 int message_decrypt (LPMESSAGE message, msgtype_t msgtype, int force, 
                      HWND hwnd);
-int message_sign (LPMESSAGE message, protocol_t protocol, HWND hwnd);
-int message_encrypt (LPMESSAGE message, protocol_t protocol, HWND hwnd);
-int message_sign_encrypt (LPMESSAGE message, protocol_t protocol, HWND hwnd);
+int message_sign (LPMESSAGE message, protocol_t protocol, HWND hwnd,
+                  const char *sender = NULL);
+int message_encrypt (LPMESSAGE message, protocol_t protocol, HWND hwnd,
+                     const char *sender = NULL);
+int message_sign_encrypt (LPMESSAGE message, protocol_t protocol, HWND hwnd,
+                          const char *sender = NULL);
 
 
 #endif /*MESSAGE_H*/
diff --git a/src/mimemaker.c b/src/mimemaker.c
index 6ddb19d..0d4ddee 100644
--- a/src/mimemaker.c
+++ b/src/mimemaker.c
@@ -1155,7 +1155,7 @@ create_top_signing_header (char *buffer, size_t buflen, protocol_t protocol,
 static int
 do_mime_sign (LPMESSAGE message, HWND hwnd, protocol_t protocol,
               mapi_attach_item_t **r_att_table, sink_t tmpsink,
-              unsigned int session_number)
+              unsigned int session_number, const char *sender)
 {
   int result = -1;
   int rc;
@@ -1172,7 +1172,7 @@ do_mime_sign (LPMESSAGE message, HWND hwnd, protocol_t protocol,
   char top_header[BOUNDARYSIZE+200];
   engine_filter_t filter = NULL;
   struct databuf_s sigbuffer;
-  char *sender = NULL;
+  char *my_sender = NULL;
 
   *r_att_table = NULL;
 
@@ -1222,8 +1222,11 @@ do_mime_sign (LPMESSAGE message, HWND hwnd, protocol_t protocol,
       }
     }
 
-  sender = mapi_get_sender (message);
-  if (engine_sign_start (filter, hwnd, protocol, sender, &protocol))
+  if (sender)
+    my_sender = xstrdup (sender);
+  else
+    my_sender = mapi_get_sender (message);
+  if (engine_sign_start (filter, hwnd, protocol, my_sender, &protocol))
     goto failure;
 
   protocol = check_protocol (protocol);
@@ -1402,7 +1405,7 @@ do_mime_sign (LPMESSAGE message, HWND hwnd, protocol_t protocol,
   else
     *r_att_table = att_table;
   xfree (sigbuffer.buf);
-  xfree (sender);
+  xfree (my_sender);
   return result;
 }
 
@@ -1414,13 +1417,14 @@ do_mime_sign (LPMESSAGE message, HWND hwnd, protocol_t protocol,
    keep the original message intact but there is no 100% guarantee for
    it. */
 int
-mime_sign (LPMESSAGE message, HWND hwnd, protocol_t protocol)
+mime_sign (LPMESSAGE message, HWND hwnd, protocol_t protocol,
+           const char *sender)
 {
   int result = -1;
   mapi_attach_item_t *att_table;
 
   result = do_mime_sign (message, hwnd, protocol, &att_table, 0,
-                         engine_new_session_number ());
+                         engine_new_session_number (), sender);
   if (!result)
     {
       if (!finalize_message (message, att_table, protocol, 0))
@@ -1604,7 +1608,8 @@ create_top_encryption_header (sink_t sink, protocol_t protocol, char *boundary)
 /* Encrypt the MESSAGE.  */
 int
 mime_encrypt (LPMESSAGE message, HWND hwnd,
-              protocol_t protocol, char **recipients)
+              protocol_t protocol, char **recipients,
+              const char *sender)
 {
   int result = -1;
   int rc;
@@ -1619,7 +1624,7 @@ mime_encrypt (LPMESSAGE message, HWND hwnd,
   char *body = NULL;
   int n_att_usable;
   engine_filter_t filter = NULL;
-  char *sender = NULL;
+  char *my_sender = NULL;
 
   memset (sink, 0, sizeof *sink);
   memset (encsink, 0, sizeof *encsink);
@@ -1662,9 +1667,12 @@ mime_encrypt (LPMESSAGE message, HWND hwnd,
     xfree (tmp);
   }
 
-  sender = mapi_get_sender (message);
+  if (sender)
+    my_sender = xstrdup (sender);
+  else
+    my_sender = mapi_get_sender (message);
   if (engine_encrypt_prepare (filter, hwnd, protocol, 0,
-                              sender, recipients, &protocol))
+                              my_sender, recipients, &protocol))
     goto failure;
   if (engine_encrypt_start (filter, 0))
     goto failure;
@@ -1743,7 +1751,7 @@ mime_encrypt (LPMESSAGE message, HWND hwnd,
   cancel_mapi_attachment (&attach, sink);
   xfree (body);
   mapi_release_attach_table (att_table);
-  xfree (sender);
+  xfree (my_sender);
   return result;
 }
 
@@ -1753,7 +1761,8 @@ mime_encrypt (LPMESSAGE message, HWND hwnd,
 /* Sign and Encrypt the MESSAGE.  */
 int
 mime_sign_encrypt (LPMESSAGE message, HWND hwnd,
-                   protocol_t protocol, char **recipients)
+                   protocol_t protocol, char **recipients,
+                   const char *sender)
 {
   int result = -1;
   int rc = 0;
@@ -1770,7 +1779,7 @@ mime_sign_encrypt (LPMESSAGE message, HWND hwnd,
   mapi_attach_item_t *att_table = NULL;
   engine_filter_t filter = NULL;
   unsigned int session_number;
-  char *sender = NULL;
+  char *my_sender = NULL;
 
   memset (sink, 0, sizeof *sink);
   memset (encsink, 0, sizeof *encsink);
@@ -1842,10 +1851,13 @@ mime_sign_encrypt (LPMESSAGE message, HWND hwnd,
     xfree (tmp);
   }
 
-  sender = mapi_get_sender (message);
+  if (sender)
+    my_sender = xstrdup (sender);
+  else
+    my_sender = mapi_get_sender (message);
   if ((rc=engine_encrypt_prepare (filter, hwnd,
                                   protocol, ENGINE_FLAG_SIGN_FOLLOWS,
-                                  sender, recipients, &protocol)))
+                                  my_sender, recipients, &protocol)))
     goto failure;
 
   protocol = check_protocol (protocol);
@@ -1859,7 +1871,7 @@ mime_sign_encrypt (LPMESSAGE message, HWND hwnd,
      the signature.  Note that the protocol to use is taken from the
      encryption operation. */
   if (do_mime_sign (message, hwnd, protocol, &att_table, tmpsink,
-                    session_number))
+                    session_number, sender))
     goto failure;
 
   /* Now send the actual ENCRYPT command.  This split up between
@@ -1958,6 +1970,6 @@ mime_sign_encrypt (LPMESSAGE message, HWND hwnd,
   if (tmpstream)
     IStream_Release (tmpstream);
   mapi_release_attach_table (att_table);
-  xfree (sender);
+  xfree (my_sender);
   return result;
 }
diff --git a/src/mimemaker.h b/src/mimemaker.h
index fa7eca7..187e80e 100644
--- a/src/mimemaker.h
+++ b/src/mimemaker.h
@@ -44,11 +44,14 @@ struct sink_s
 /*   } b64; */
 };
 
-int mime_sign (LPMESSAGE message, HWND hwnd, protocol_t protocol);
+int mime_sign (LPMESSAGE message, HWND hwnd, protocol_t protocol,
+               const char *sender);
 int mime_encrypt (LPMESSAGE message, HWND hwnd,
-                  protocol_t protocol, char **recipients);
+                  protocol_t protocol, char **recipients,
+                  const char *sender);
 int mime_sign_encrypt (LPMESSAGE message, HWND hwnd,
-                       protocol_t protocol, char **recipients);
+                       protocol_t protocol, char **recipients,
+                       const char *sender);
 int sink_std_write (sink_t sink, const void *data, size_t datalen);
 int sink_file_write (sink_t sink, const void *data, size_t datalen);
 int sink_encryption_write (sink_t encsink, const void *data, size_t datalen);

-----------------------------------------------------------------------

Summary of changes:
 src/mail.cpp            | 45 +++++++++++++++++++++++++++++++++++++++++----
 src/mail.h              | 20 +++++++++++++++++++-
 src/mailitem-events.cpp |  1 +
 src/message.cpp         | 24 +++++++++++++++---------
 src/message.h           |  9 ++++++---
 src/mimemaker.c         | 48 ++++++++++++++++++++++++++++++------------------
 src/mimemaker.h         |  9 ++++++---
 7 files changed, 118 insertions(+), 38 deletions(-)


hooks/post-receive
-- 
GnuPG extension for MS Outlook
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Oct 30 17:09:24 2015
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Fri, 30 Oct 2015 17:09:24 +0100
Subject: [git] GpgOL - branch, master, updated. gpgol-1.2.0-79-g6f2f9a3
Message-ID: <E1ZsC5q-0005kG-P2@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".

The branch, master has been updated
       via  6f2f9a3042f856ec54ec89808cb204f0b9dcd058 (commit)
      from  a3fba91652d00c1f38bdf30e2028ddc4ac7fe9ab (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 6f2f9a3042f856ec54ec89808cb204f0b9dcd058
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Fri Oct 30 16:55:54 2015 +0100

    Fix regression introduced by 383cb091
    
    * src/message.cpp (message_decrypt): Fix parenthesis.
    
    --
    The fix for -Wparentheses used the wrong paranthesis and
    this broke detection of our "own" pgp/mime mails.
    
    Should have been more attentive in my first semester
    "basics of programming" course :-)

diff --git a/src/message.cpp b/src/message.cpp
index 7ddd896..1d9fb4a 100644
--- a/src/message.cpp
+++ b/src/message.cpp
@@ -1008,11 +1008,11 @@ message_decrypt (LPMESSAGE message, msgtype_t msgtype, int force, HWND hwnd)
             }
 
 
-          if ((part1_idx == -1 || part2_idx == -1)
+          if (part1_idx == -1 || (part2_idx == -1
               && !table[0].end_of_table && table[1].end_of_table
               && table[0].attach_type == ATTACHTYPE_MOSS
               && table[0].filename 
-              && !strcmp (table[0].filename, MIMEATTACHFILENAME))
+              && !strcmp (table[0].filename, MIMEATTACHFILENAME)))
             {
               /* This is likely a PGP/MIME created by us.  Due to the
                  way we created that message, the MAPI derived content

-----------------------------------------------------------------------

Summary of changes:
 src/message.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
GnuPG extension for MS Outlook
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Oct 30 18:26:11 2015
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Fri, 30 Oct 2015 18:26:11 +0100
Subject: [git] GpgOL - branch, master, updated. gpgol-1.2.0-80-geb54d1f
Message-ID: <E1ZsDI9-0007Us-41@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".

The branch, master has been updated
       via  eb54d1fb786b2944d787ee764f99843bbfab2641 (commit)
      from  6f2f9a3042f856ec54ec89808cb204f0b9dcd058 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit eb54d1fb786b2944d787ee764f99843bbfab2641
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Fri Oct 30 18:24:10 2015 +0100

    Fix from address lookup for exchange
    
    * src/mapihelp.cpp (mapi_get_from_address): Try additional SMTP
      tags before falling back to EMAIL tag.
    * src/mymapitags.h (PidTagSenderSmtpAddress_W),
     (PR_SENT_REPRESENTING_SMTP_ADDRESS_W): Define property ids.

diff --git a/src/mapihelp.cpp b/src/mapihelp.cpp
index fed0848..abd5d9b 100644
--- a/src/mapihelp.cpp
+++ b/src/mapihelp.cpp
@@ -1474,18 +1474,34 @@ mapi_get_from_address (LPMESSAGE message)
   HRESULT hr;
   LPSPropValue propval = NULL;
   char *buf;
-  
+  ULONG try_props[3] = {PidTagSenderSmtpAddress_W,
+                        PR_SENT_REPRESENTING_SMTP_ADDRESS_W,
+                        PR_SENDER_EMAIL_ADDRESS_W};
+
   if (!message)
     return xstrdup ("[no message]"); /* Ooops.  */
 
-  hr = HrGetOneProp ((LPMAPIPROP)message, PR_SENDER_EMAIL_ADDRESS_W, &propval);
+  for (int i = 0; i < 3; i++)
+    {
+      /* We try to get different properties first as they contain
+         the SMTP address of the sender. EMAIL address can be
+         some LDAP stuff for exchange. */
+      hr = HrGetOneProp ((LPMAPIPROP)message, try_props[i],
+                         &propval);
+      if (!FAILED (hr))
+        {
+          break;
+        }
+    }
+   /* This is the last result that should always work but not necessarily
+      contain an SMTP Address. */
   if (FAILED (hr))
     {
       log_debug ("%s:%s: HrGetOneProp failed: hr=%#lx\n",
                  SRCNAME, __func__, hr);
       return NULL;
     }
-    
+
   if (PROP_TYPE (propval->ulPropTag) != PT_UNICODE) 
     {
       log_debug ("%s:%s: HrGetOneProp returns invalid type %lu\n",
diff --git a/src/mymapitags.h b/src/mymapitags.h
index c85ce37..c2d6e4f 100644
--- a/src/mymapitags.h
+++ b/src/mymapitags.h
@@ -841,6 +841,10 @@
 #define PR_SMTP_ADDRESS                       PROP_TAG( PT_TSTRING,     0x39fe)
 #define PR_SMTP_ADDRESS_W                     PROP_TAG( PT_UNICODE,     0x39fe)
 #define PR_SMTP_ADDRESS_A                     PROP_TAG( PT_STRING8,     0x39fe)
+#define PR_SENT_REPRESENTING_SMTP_ADDRESS     PROP_TAG( PT_TSTRING,     0x5d02)
+#define PR_SENT_REPRESENTING_SMTP_ADDRESS_A   PROP_TAG( PT_STRING8,     0x5d02)
+#define PR_SENT_REPRESENTING_SMTP_ADDRESS_W   PROP_TAG( PT_UNICODE,     0x5d02)
+#define PidTagSenderSmtpAddress_W             PROP_TAG( PT_UNICODE,     0x5d01)
 
 #define PROP_ID_SECURE_MIN                0x67F0
 #define PROP_ID_SECURE_MAX                0x67FF

-----------------------------------------------------------------------

Summary of changes:
 src/mapihelp.cpp | 22 +++++++++++++++++++---
 src/mymapitags.h |  4 ++++
 2 files changed, 23 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
GnuPG extension for MS Outlook
http://git.gnupg.org



From cvs at cvs.gnupg.org  Sat Oct 31 01:47:06 2015
From: cvs at cvs.gnupg.org (by Neal H. Walfield)
Date: Sat, 31 Oct 2015 01:47:06 +0100
Subject: [git] GnuPG - branch, neal/next, updated. gnupg-2.1.9-89-g3ad5c81
Message-ID: <E1ZsKAq-0000pb-6k@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, neal/next has been updated
  discards  3322631fc9c1d476c80f8d33f1987663c73289ee (commit)
       via  3ad5c815fddcd8403d5f9159a0fff3c84c066452 (commit)

This update added new revisions after undoing existing revisions.  That is
to say, the old revision is not a strict subset of the new revision.  This
situation occurs when you --force push a change and generate a repository
containing something like this:

 * -- * -- B -- O -- O -- O (3322631fc9c1d476c80f8d33f1987663c73289ee)
            \
             N -- N -- N (3ad5c815fddcd8403d5f9159a0fff3c84c066452)

When this happens we assume that you've already had alert emails for all
of the O revisions, and so we here report only the revisions in the N
branch from the common base, B.

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 3ad5c815fddcd8403d5f9159a0fff3c84c066452
Author: Neal H. Walfield <neal at g10code.com>
Date:   Thu Oct 29 10:18:13 2015 +0100

    New key db.

diff --git a/g10/Makefile.am b/g10/Makefile.am
index 2fe5c9a..766e4b7 100644
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@@ -29,7 +29,7 @@ include $(top_srcdir)/am/cmacros.am
 AM_CFLAGS = $(SQLITE3_CFLAGS) $(LIBGCRYPT_CFLAGS) \
             $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS)
 
-needed_libs = ../kbx/libkeybox.a $(libcommon)
+needed_libs = ../kbx/libkeybox.a $(libcommon) $(SQLITE3_LIBS)
 
 bin_PROGRAMS = gpg2
 if !HAVE_W32CE_SYSTEM
@@ -57,7 +57,7 @@ trust_source = trustdb.c trustdb.h tdbdump.c tdbio.c tdbio.h
 endif
 
 if USE_TOFU
-tofu_source = tofu.h tofu.c sqlite.c sqlite.h
+tofu_source = tofu.h tofu.c
 else
 tofu_source =
 endif
@@ -101,7 +101,9 @@ common_source =  \
 	      sig-check.c	\
 	      keylist.c 	\
 	      pkglue.c pkglue.h \
-	      ecdh.c
+	      ecdh.c            \
+	      kdb.c kdb.h       \
+	      sqlite.c sqlite.h
 
 gpg2_SOURCES  = gpg.c		\
 	      server.c          \
@@ -147,7 +149,7 @@ gpgv2_SOURCES = gpgv.c           \
 
 LDADD =  $(needed_libs) ../common/libgpgrl.a \
          $(ZLIBS) $(LIBINTL) $(CAPLIBS) $(NETLIBS)
-gpg2_LDADD = $(LDADD) $(SQLITE3_LIBS) $(LIBGCRYPT_LIBS) $(LIBREADLINE) \
+gpg2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(LIBREADLINE) \
              $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \
 	     $(LIBICONV) $(resource_objs) $(extra_sys_libs)
 gpg2_LDFLAGS = $(extra_bin_ldflags)
diff --git a/g10/import.c b/g10/import.c
index 048b136..ee722ee 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -1154,6 +1154,9 @@ import_one (ctrl_t ctrl,
           goto leave;
         }
 
+      assert (strcmp (keystr_from_pk(keyblock_orig->pkt->pkt.public_key),
+                      keystr_from_pk(pk)) == 0);
+
       /* Make sure the original direct key sigs are all sane.  */
       n_sigs_cleaned = fix_bad_direct_key_sigs (keyblock_orig, keyid);
       if (n_sigs_cleaned)
diff --git a/g10/kdb.c b/g10/kdb.c
new file mode 100644
index 0000000..caa49a3
--- /dev/null
+++ b/g10/kdb.c
@@ -0,0 +1,1268 @@
+#include <config.h>
+#include <assert.h>
+#include <sqlite3.h>
+
+#include "gpg.h"
+#include "util.h"
+#include "logging.h"
+#include "i18n.h"
+#include "mbox-util.h"
+#include "sqlite.h"
+
+#include "kdb.h"
+
+#if 0
+#  define DEBUG(fmt, ...)                                        \
+  do {                                                           \
+    log_debug("%s:%d: "fmt, __func__, __LINE__, ##__VA_ARGS__);  \
+  } while (0)
+#else
+#  define DEBUG(fmt, ...) do {} while (0)
+#endif
+
+
+struct kdb_resource
+{
+  struct kdb_resource *next;
+  int read_only;
+  sqlite3 *db;
+
+  long long int key;
+  char *kb;
+  int kb_len;
+  u32 *sigstatus;
+
+  char fname[1];
+};
+typedef struct kdb_resource *KDB_RESOURCE;
+typedef struct kdb_resource const * CONST_KDB_RESOURCE;
+
+/* All registered resources.  */
+static KDB_RESOURCE kdb_resources;
+
+struct key
+{
+  unsigned long int key;
+  char *kb;
+  size_t kb_len;
+  u32 *sigstatus;
+};
+
+struct keydb_handle {
+  KDB_RESOURCE resource;
+  /* Current key.  */
+  long long int key;
+  int eof;
+
+  struct key *full_scan;
+
+  struct {
+    long long int key;
+    int pk_no;
+    int uid_no;
+  } found, saved_found;
+};
+
+static void
+hdr_cache_clear (KDB_RESOURCE resource)
+{
+  xfree (resource->kb);
+  resource->kb = NULL;
+
+  xfree (resource->sigstatus);
+  resource->sigstatus = NULL;
+
+  resource->key = -1;
+}
+
+static void
+hd_cache_clear (KDB_HANDLE hd)
+{
+  int i;
+  if (! hd->full_scan)
+    return;
+
+  for (i = 0; hd->full_scan[i].key != -1; i ++)
+    {
+      xfree (hd->full_scan[i].kb);
+      xfree (hd->full_scan[i].sigstatus);
+    }
+  xfree (hd->full_scan);
+  hd->full_scan = NULL;
+}
+
+/* RESOURCE is a value returned by a previous call to
+   kdb_register_file in *RESOURCEP.  */
+KDB_HANDLE
+kdb_new (void *resource)
+{
+  KDB_RESOURCE r;
+  KDB_HANDLE hd;
+
+  /* Assert that the resource was indeed previously registered.  */
+  for (r = kdb_resources; r; r = r->next)
+    if (r == resource)
+      break;
+  assert (r);
+
+  hd = xmalloc_clear (sizeof (*hd));
+  hd->resource = resource;
+  hd->key = -1;
+  return hd;
+}
+
+
+/* Collect a series of integers from a query.  Aborts if the argument
+   is not a valid integer (or real of the form X.0).  COOKIE points to
+   an array of unsigned long ints, which has enough space for ARGC
+   values.  */
+static int
+get_unsigned_longs_cb (void *cookie, int argc, char **argv, char **azColName)
+{
+  unsigned long int *values = cookie;
+  int i;
+  char *tail = NULL;
+
+  (void) azColName;
+
+  for (i = 0; i < argc; i ++)
+    {
+      if (! argv[i])
+        values[i] = 0;
+      else
+        {
+          errno = 0;
+          values[i] = strtoul (argv[i], &tail, 0);
+          if (errno || ! (strcmp (tail, ".0") == 0 || *tail == '\0'))
+            /* Abort.  */
+            return 1;
+        }
+    }
+
+  return 0;
+}
+
+static int
+get_unsigned_longs_cb2 (void *cookie, int argc, char **argv, char **azColName,
+                        sqlite3_stmt *stmt)
+{
+  (void) stmt;
+  return get_unsigned_longs_cb (cookie, argc, argv, azColName);
+}
+
+/* We expect a single integer column whose name is "version".  COOKIE
+   must point to an int.  This function always aborts.  On error or a
+   if the version is bad, sets *VERSION to -1.  */
+static int
+version_check_cb (void *cookie, int argc, char **argv, char **azColName)
+{
+  int *version = cookie;
+
+  if (argc != 1 || strcmp (azColName[0], "version") != 0)
+    {
+      *version = -1;
+      return 1;
+    }
+
+  if (strcmp (argv[0], "1") == 0)
+    *version = 1;
+  else
+    {
+      log_error (_("unsupported kdb version: %s\n"), argv[0]);
+      *version = -1;
+    }
+
+  /* Don't run again.  */
+  return 1;
+}
+
+/* Register a new file.  If the file has already been registered then
+   returns NULL otherwise returns */
+gpg_error_t
+kdb_register_file (const char *fname, int read_only, void **resourcep)
+{
+  KDB_RESOURCE resource;
+  int rc;
+  sqlite3 *db = NULL;
+  char *err;
+  unsigned long int count;
+  int need_init = 1;
+
+  for (resource = kdb_resources; resource; resource = resource->next)
+    if (same_file_p (resource->fname, fname))
+      {
+        if (resourcep)
+          *resourcep = resource;
+        if (read_only)
+          resource->read_only = 1;
+        return 0;
+      }
+
+  rc = sqlite3_open_v2 (fname, &db,
+                        read_only
+                        ? SQLITE_OPEN_READONLY
+                        : (SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE),
+                        NULL);
+  if (rc)
+    {
+      log_error ("Failed to open the key db '%s': %s\n",
+                 fname, sqlite3_errstr (rc));
+      return rc;
+    }
+
+  /* If the DB has no tables, then assume this is a new DB that needs
+     to be initialized.  */
+  rc = sqlite3_exec (db,
+		     "select count(*) from sqlite_master where type='table';",
+		     get_unsigned_longs_cb, &count, &err);
+  if (rc)
+    {
+      log_error (_("error querying kdb's available tables: %s\n"),
+		 err);
+      sqlite3_free (err);
+      goto out;
+    }
+  else if (count != 0)
+    /* Assume that the DB is already initialized.  Make sure the
+       version is okay.  */
+    {
+      int version = -1;
+      rc = sqlite3_exec (db, "select version from version;", version_check_cb,
+			 &version, &err);
+      if (rc == SQLITE_ABORT && version == 1)
+	/* Happy, happy, joy, joy.  */
+	{
+	  sqlite3_free (err);
+          rc = 0;
+          need_init = 0;
+	}
+      else if (rc == SQLITE_ABORT && version == -1)
+	/* Unsupported version.  */
+	{
+	  /* An error message was already displayed.  */
+	  sqlite3_free (err);
+          goto out;
+	}
+      else if (rc)
+	/* Some error.  */
+	{
+	  log_error (_("error determining kdb's version: %s\n"), err);
+	  sqlite3_free (err);
+          goto out;
+	}
+      else
+	/* Unexpected success.  This can only happen if there are no
+	   rows.  */
+	{
+	  log_error (_("error determining kdb's version: %s\n"),
+		     "select returned 0, but expected ABORT");
+          rc = 1;
+          goto out;
+	}
+    }
+
+  if (need_init)
+    {
+      /* Create the version table.  */
+      rc = sqlite3_exec (db,
+                         "create table version (version INTEGER);",
+                         NULL, NULL, &err);
+      if (rc)
+        {
+          log_error (_("error initializing kdb database (%s): %s\n"),
+                     "version", err);
+          sqlite3_free (err);
+          goto out;
+        }
+
+      /* Initialize the version table, which contains a single integer
+         value.  */
+      rc = sqlite3_exec (db,
+                         "insert into version values (1);",
+                         NULL, NULL, &err);
+      if (rc)
+        {
+          log_error (_("error initializing kdb database (%s): %s\n"),
+                     "version, init", err);
+          sqlite3_free (err);
+          goto out;
+        }
+
+      /* We have 3 tables:
+
+         primaries - the list of all primary keys and the key block.
+
+         keys - the list of all keys and subkeys.
+
+         user ids - the list of all user ids.  */
+
+      rc = sqlite3_exec
+        (db,
+         /* Enable foreign key constraints.  */
+         "pragma foreign_keys = on;\n"
+         "create table primaries\n"
+         " (oid INTEGER PRIMARY KEY AUTOINCREMENT,\n"
+         "  fingerprint_rev TEXT COLLATE NOCASE, keyblock BLOB,\n"
+         "  sigstatus TEXT);\n"
+         "create index primaries_fingerprint on primaries\n"
+         " (fingerprint_rev COLLATE NOCASE);\n"
+         "\n"
+         "create table keys\n"
+         " (primary_key INTEGER, fingerprint_rev TEXT COLLATE NOCASE,\n"
+         "  pk_no INTEGER,\n"
+         "  unique (primary_key, pk_no),\n"
+         "  foreign key (primary_key) references primaries(oid));\n"
+         "create index keys_fingerprint_primary_key_pk_no on keys\n"
+         " (fingerprint_rev COLLATE NOCASE, primary_key, pk_no);\n"
+         "create index keys_primary_key_pk_no on keys (primary_key, pk_no);\n"
+         "\n"
+         /* XXX: Is COLLATE NOCASE reasonable?  */
+         "create table uids\n"
+         " (primary_key INTEGER, uid TEXT COLLATE NOCASE,\n"
+         "  email TEXT COLLATE NOCASE, uid_no INTEGER,\n"
+         "  unique (primary_key, uid_no),\n"
+         "  foreign key (primary_key) references primaries(oid));\n"
+         "create index uids_ordered on uids (primary_key, uid_no);\n"
+         /* In most cases, we search for a substring (like
+            '%foo at bar.com%'.  This can't exploit an index so the
+            following indices mostly represent overhead.  */
+#if 0
+         "create index uids_uid_ordered on uids\n"
+         " (uid COLLATE NOCASE, primary_key, uid_no);\n"
+         "create index uids_email_ordered on uids\n"
+         " (email COLLATE NOCASE, primary_key, uid_no);\n"
+#endif
+         ,
+         NULL, NULL, &err);
+      if (rc)
+        {
+          log_error (_("error initializing kdb database: %s\n"), err);
+          sqlite3_free (err);
+          goto out;
+        }
+    }
+
+  resource = xmalloc_clear (sizeof *resource + strlen (fname));
+  strcpy (resource->fname, fname);
+  resource->read_only = read_only;
+  resource->db = db;
+  resource->next = kdb_resources;
+  kdb_resources = resource;
+
+  if (resourcep)
+    *resourcep = resource;
+
+ out:
+  if (rc)
+    {
+      if (resourcep)
+        *resourcep = NULL;
+
+      sqlite3_close (db);
+      return gpg_error (GPG_ERR_GENERAL);
+    }
+
+  return 0;
+}
+
+int
+kdb_is_writable (void *token)
+{
+  KDB_RESOURCE resource = token;
+  if (resource->read_only)
+    return 0;
+  return 1;
+}
+
+/* Release the handle.  */
+void
+kdb_release (KDB_HANDLE hd)
+{
+  KDB_RESOURCE r;
+
+  if (! hd)
+    return;
+
+  /* Check for double frees.  */
+  assert (hd->resource);
+  for (r = kdb_resources; r; r = r->next)
+    if (r == hd->resource)
+      break;
+  assert (r);
+
+  hd_cache_clear (hd);
+
+  hd->resource = NULL;
+
+  xfree (hd);
+}
+
+void
+kdb_push_found_state (KDB_HANDLE hd)
+{
+  hd->saved_found = hd->found;
+  hd->found.key = -1;
+}
+
+void
+kdb_pop_found_state (KDB_HANDLE hd)
+{
+  hd->found = hd->saved_found;
+  hd->saved_found.key = -1;
+}
+
+const char *
+kdb_get_resource_name (KDB_HANDLE hd)
+{
+  if (!hd || !hd->resource)
+    return NULL;
+  return hd->resource->fname;
+}
+
+/* If YES is 1, lock the DB.  Otherwise, unlock it.  Returns an error
+   code if locking failed.  */
+int
+kdb_lock (KDB_HANDLE hd, int yes)
+{
+  int rc;
+  char *err;
+
+  if (yes)
+    /* Lock.  */
+    {
+      rc = sqlite3_exec (hd->resource->db, "savepoint lock;",
+                         NULL, NULL, &err);
+      if (rc)
+        {
+          log_error (_("error beginning transaction on KDB database: %s\n"),
+                     err);
+          sqlite3_free (err);
+          return 1;
+        }
+
+      return 0;
+    }
+  else
+    /* Unlock.  */
+    {
+      rc = sqlite3_exec (hd->resource->db, "release lock;", NULL, NULL, &err);
+      if (rc)
+        {
+          log_error (_("error ending transaction on KDB database: %s\n"),
+                     err);
+          sqlite3_free (err);
+          return 1;
+        }
+
+      return 0;
+    }
+}
+
+static u32 *
+sigstatus_parse (const char *sigstatus_str)
+{
+  int entries;
+  int i;
+  u32 *sigstatus;
+  char *tail;
+
+  /* Count the number of values (= # of semicolons plus 1).  */
+  entries = 1;
+  for (i = 0; i < strlen (sigstatus_str); i ++)
+    if (sigstatus_str[i] == ';')
+      entries ++;
+
+  /* The first entry is the number of entries.  */
+  sigstatus = xmalloc (sizeof (sigstatus[0]) * (1 + entries));
+  sigstatus[0] = entries;
+
+  for (i = 0; i < entries; i ++)
+    {
+      errno = 0;
+      sigstatus[i + 1] = strtoul (sigstatus_str, &tail, 0);
+      if (errno || ! ((i < entries - 1 && *tail == ';')
+                      || (i == entries - 1 && *tail == '\0')))
+        /* Abort.  */
+        {
+          log_info ("%s: Failed to parse %s\n", __func__, sigstatus_str);
+          return NULL;
+        }
+
+      sigstatus_str = tail;
+      if (i < entries - 1)
+        {
+          assert (*tail == ';');
+          sigstatus_str ++;
+        }
+      else
+        assert (*tail == '\0');
+    }
+
+  return sigstatus;
+}
+
+static int keyblock_cached;
+static int keyblock_cache_hit;
+static int keyblock_cache_miss;
+
+/* The caller needs to make sure that hd->resource->key is updated!  */
+static int
+keyblock_cb (void *cookie, int cols, char **values, char **names,
+             sqlite3_stmt *stmt)
+{
+  KDB_HANDLE hd = cookie;
+
+  (void) cols;
+  (void) values;
+  (void) names;
+
+  assert (cols == 2);
+  assert (strcmp (names[0], "keyblock") == 0);
+  assert (strcmp (names[1], "sigstatus") == 0);
+
+  xfree (hd->resource->kb);
+  hd->resource->kb_len = sqlite3_column_bytes (stmt, 0);
+  hd->resource->kb = xmalloc (hd->resource->kb_len);
+  memcpy (hd->resource->kb, sqlite3_column_blob (stmt, 0),
+          hd->resource->kb_len);
+  hd->resource->sigstatus = sigstatus_parse (values[1]);
+
+  keyblock_cached ++;
+
+  /* Abort to indicate success.  */
+  return 1;
+}
+
+int
+kdb_get_keyblock (KDB_HANDLE hd, iobuf_t *iobuf,
+                  int *pk_no, int *uid_no, u32 **sigstatus)
+{
+  int rc;
+  char *err;
+  sqlite3_stmt *stmt = NULL;
+
+  if (pk_no)
+    *pk_no = 0;
+  if (uid_no)
+    *uid_no = 0;
+  if (sigstatus)
+    *sigstatus = NULL;
+
+  if (hd->found.key == -1)
+    /* Got nothing.  */
+    return gpg_error (GPG_ERR_EOF);
+
+  DEBUG ("getting keyblock for key #%lld\n", hd->found.key);
+
+  if (keyblock_cache_hit || keyblock_cache_miss)
+    DEBUG ("keyblock cache: %d fills, %d hits (%d%%), %d misses\n",
+           keyblock_cached, keyblock_cache_hit,
+           (keyblock_cache_hit * 100)
+           / (keyblock_cache_hit + keyblock_cache_miss),
+           keyblock_cache_miss);
+
+  if (hd->resource->kb && hd->resource->key == hd->found.key)
+    {
+      DEBUG("read keyblock from cache.\n");
+      keyblock_cache_hit ++;
+      *iobuf = iobuf_temp_with_content (hd->resource->kb, hd->resource->kb_len);
+      if (hd->resource->sigstatus)
+        {
+          size_t s = (sizeof (hd->resource->sigstatus[0])
+                      * (1 + hd->resource->sigstatus[0]));
+          *sigstatus = xmalloc (s);
+          memcpy (*sigstatus, hd->resource->sigstatus, s);
+        }
+      return 0;
+    }
+  else
+    keyblock_cache_miss ++;
+
+  rc = sqlite3_stepx
+    (hd->resource->db,
+     &stmt, keyblock_cb, hd, &err,
+     "select keyblock, sigstatus from primaries where oid = ?",
+     SQLITE_ARG_LONG_LONG, hd->found.key, SQLITE_ARG_END);
+  if (rc == SQLITE_ABORT)
+    /* Success.  */
+    {
+      assert (hd->resource->kb);
+      hd->resource->key = hd->found.key;
+      *iobuf = iobuf_temp_with_content (hd->resource->kb, hd->resource->kb_len);
+
+      rc = 0;
+      if (uid_no)
+        *uid_no = hd->found.uid_no;
+      if (pk_no)
+        *pk_no = hd->found.pk_no;
+      if (sigstatus && hd->resource->sigstatus)
+        {
+          size_t s = (sizeof (hd->resource->sigstatus[0])
+                      * (1 + hd->resource->sigstatus[0]));
+          *sigstatus = xmalloc (s);
+          memcpy (*sigstatus, hd->resource->sigstatus, s);
+        }
+    }
+  else if (! rc)
+    /* If we don't get an abort, then we didn't find the record.  */
+    rc = gpg_error (GPG_ERR_NOT_FOUND);
+  else
+    {
+      log_error (_("reading keyblock from keydb DB: %s\n"), err);
+      sqlite3_free (err);
+      rc = gpg_error (GPG_ERR_GENERAL);
+    }
+
+  sqlite3_finalize (stmt);
+  return rc;
+}
+
+int
+kdb_update_keyblock (KDB_HANDLE hd, kbnode_t kb,
+                     const void *image, size_t imagelen)
+{
+  (void) hd;
+  (void) kb;
+  (void) image;
+  (void) imagelen;
+
+  log_fatal ("Implement %s.", __func__);
+}
+
+static char *
+strrev (char *str)
+{
+  int i;
+  int l = strlen (str);
+
+  for (i = 0; i < l / 2; i ++)
+    {
+      char t = str[i];
+      str[i] = str[l - 1 - i];
+      str[l - 1 - i] = t;
+    }
+
+  return str;
+}
+
+static char *
+fingerprint_ascii_rev (char *fingerprint_bin, int len)
+{
+  char *fingerprint = xmalloc (2 * len + 1);
+  bin2hex (fingerprint_bin, len, fingerprint);
+  return strrev (fingerprint);
+}
+
+gpg_error_t
+kdb_insert_keyblock (KDB_HANDLE hd, kbnode_t root,
+                     const void *image, size_t imagelen, u32 *sigstatus)
+{
+  PKT_public_key *mainpk = root->pkt->pkt.public_key;
+  char fingerprint_bin[MAX_FINGERPRINT_LEN];
+  size_t fingerprint_bin_len = sizeof (fingerprint_bin);
+  char *fingerprint_rev = NULL;
+
+  char *sigstatus_str = NULL;
+
+  int rc;
+  char *err;
+
+  sqlite3_stmt *uid_stmt = NULL;
+  sqlite3_stmt *key_stmt = NULL;
+
+  long long oid;
+  int uid_no;
+  int pk_no;
+  kbnode_t k;
+
+  if (!hd)
+    return gpg_error (GPG_ERR_INV_VALUE);
+
+  hdr_cache_clear (hd->resource);
+  hd_cache_clear (hd);
+
+  /* XXX: If we have a search result (hd->found), are we supposed to
+     replace it even if it isn't for the same key?  */
+  /* See if we are replacing or adding this record to the
+     database.  */
+  fingerprint_from_pk (mainpk, fingerprint_bin, &fingerprint_bin_len);
+  assert (fingerprint_bin_len == sizeof (fingerprint_bin));
+  fingerprint_rev =
+    fingerprint_ascii_rev (fingerprint_bin, fingerprint_bin_len);
+
+  if (sigstatus)
+    {
+      int i;
+      char *p;
+      p = sigstatus_str = xmalloc ((10 + 1) * sigstatus[0]);
+      for (i = 0; i < sigstatus[0]; i ++)
+        {
+          p += sprintf (p, "%d", sigstatus[i + 1]);
+          if (i != sigstatus[0] - 1)
+            *p ++ = ';';
+        }
+    }
+
+  oid = -1;
+  rc = sqlite3_stepx
+    (hd->resource->db, NULL, get_unsigned_longs_cb2, &oid, &err,
+     "select oid from primaries where fingerprint_rev = ?;",
+     SQLITE_ARG_STRING, fingerprint_rev, SQLITE_ARG_END);
+  if (rc)
+    {
+      log_error (_("looking up key in keydb DB: %s\n"), err);
+      sqlite3_free (err);
+      return gpg_error (GPG_ERR_GENERAL);
+    }
+
+  if (oid != -1)
+    /* This key is already in the DB.  Replace it.  */
+    {
+      DEBUG ("%s already in DB (oid = %lld), updating.\n",
+             fingerprint_rev, oid);
+
+      hdr_cache_clear (hd->resource);
+
+      rc = sqlite3_exec_printf
+        (hd->resource->db, NULL, NULL, &err,
+         "delete from primaries where oid = %lld;"
+         "delete from keys where primary_key = %lld;"
+         "delete from uids where primary_key = %lld;",
+         oid, oid, oid);
+      if (rc)
+        {
+          log_error (_("updating key in keydb DB: %s\n"), err);
+          sqlite3_free (err);
+          return gpg_error (GPG_ERR_GENERAL);
+        }
+
+      /* Reuse the oid.  So that any extant search won't return the
+         new record.  */
+      rc = sqlite3_stepx
+        (hd->resource->db, NULL, NULL, NULL, &err,
+         "insert into primaries (oid, fingerprint_rev, keyblock, sigstatus)\n"
+         " values (?, ?, ?, ?);",
+         SQLITE_ARG_LONG_LONG, oid,
+         SQLITE_ARG_STRING, fingerprint_rev,
+         SQLITE_ARG_BLOB, image, (long long) imagelen,
+         SQLITE_ARG_STRING, sigstatus_str,
+         SQLITE_ARG_END);
+    }
+  else
+    {
+      DEBUG ("New keyblock for %s.\n", fingerprint_rev);
+      rc = sqlite3_stepx
+        (hd->resource->db, NULL, NULL, NULL, &err,
+         "insert into primaries (fingerprint_rev, keyblock, sigstatus)\n"
+         " values (?, ?, ?);",
+         SQLITE_ARG_STRING, fingerprint_rev,
+         SQLITE_ARG_BLOB, image, (long long) imagelen,
+         SQLITE_ARG_STRING, sigstatus_str,
+         SQLITE_ARG_END);
+    }
+
+  xfree (sigstatus_str);
+  xfree (fingerprint_rev);
+  fingerprint_rev = NULL;
+
+  if (rc)
+    {
+      log_error (_("inserting %s record into keydb DB: %s\n"),
+                 "primary key", err);
+      sqlite3_free (err);
+      return gpg_error (GPG_ERR_GENERAL);
+    }
+
+  oid = sqlite3_last_insert_rowid (hd->resource->db);
+
+  uid_no = 0;
+  pk_no = 0;
+  for (k = root; k; k = k->next)
+    {
+      if (k->pkt->pkttype == PKT_USER_ID)
+        {
+          PKT_user_id *uid = k->pkt->pkt.user_id;
+          const char *user_id = uid->name;
+          char *email = mailbox_from_userid (user_id);
+
+          uid_no ++;
+
+          rc = sqlite3_stepx
+            (hd->resource->db, &uid_stmt, NULL, NULL, &err,
+             "insert into uids (primary_key, uid, email, uid_no)"
+             " values (?, ?, ?, ?);",
+             SQLITE_ARG_LONG_LONG, oid,
+             SQLITE_ARG_STRING, user_id, SQLITE_ARG_STRING, email,
+             SQLITE_ARG_INT, uid_no,
+             SQLITE_ARG_END);
+          xfree (email);
+          if (rc)
+            {
+              log_error (_("inserting %s record into keydb DB: %s\n"),
+                         "uid", err);
+              sqlite3_free (err);
+              return gpg_error (GPG_ERR_GENERAL);
+            }
+        }
+      else if (k->pkt->pkttype == PKT_PUBLIC_KEY
+               || k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+        {
+          PKT_public_key *pk = k->pkt->pkt.public_key;
+
+          pk_no ++;
+
+          fingerprint_from_pk (pk, fingerprint_bin, &fingerprint_bin_len);
+          assert (fingerprint_bin_len == sizeof (fingerprint_bin));
+          fingerprint_rev = fingerprint_ascii_rev (fingerprint_bin,
+                                                   fingerprint_bin_len);
+
+          rc = sqlite3_stepx
+            (hd->resource->db, &key_stmt, NULL, NULL, &err,
+             "insert into keys (primary_key, fingerprint_rev, pk_no)"
+             " values (?, ?, ?);",
+             SQLITE_ARG_LONG_LONG, oid,
+             SQLITE_ARG_STRING, fingerprint_rev,
+             SQLITE_ARG_INT, pk_no,
+             SQLITE_ARG_END);
+
+          xfree (fingerprint_rev);
+          fingerprint_rev = NULL;
+
+          if (rc)
+            {
+              log_error (_("inserting %s record into keydb DB: %s\n"),
+                         "key", err);
+              sqlite3_free (err);
+              return gpg_error (GPG_ERR_GENERAL);
+            }
+        }
+    }
+
+  sqlite3_finalize (uid_stmt);
+  sqlite3_finalize (key_stmt);
+
+  return 0;
+}
+
+int
+kdb_delete (KDB_HANDLE hd)
+{
+  int rc;
+  char *err;
+
+  if (!hd)
+    return gpg_error (GPG_ERR_INV_VALUE);
+
+  if (hd->found.key == -1)
+    /* No search result.  */
+    return gpg_error (GPG_ERR_NOTHING_FOUND);
+
+  hdr_cache_clear (hd->resource);
+  hd_cache_clear (hd);
+
+  rc = sqlite3_exec_printf
+    (hd->resource->db, NULL, NULL, &err,
+     "delete from keys where primary = %d;\n"
+     "delete from uids where primary = %d;\n"
+     "delete from primaries where oid = %d;\n",
+     hd->found.key, hd->found.key, hd->found.key);
+  if (rc)
+    {
+      log_error (_("error deleting key from kdb database: %s\n"), err);
+      sqlite3_free (err);
+      rc = gpg_error (GPG_ERR_GENERAL);
+    }
+
+  return rc;
+}
+
+int
+kdb_search_reset (KDB_HANDLE hd)
+{
+  hd->key = -1;
+  hd->eof = 0;
+
+  hd->found.key = -1;
+
+  return 0;
+}
+
+struct key_array
+{
+  long int count;
+  long int size;
+  struct key *keys;
+};
+
+static int
+get_keyblock_array_cb (void *cookie, int argc, char **argv,
+                       char **azColName, sqlite3_stmt *stmt)
+{
+  struct key_array *a = cookie;
+  struct key *entry;
+  size_t len = sqlite3_column_bytes (stmt, 0);
+  char *tail;
+
+  assert (argc == 3);
+
+  (void) azColName;
+
+  assert (a->count < a->size);
+  entry = &a->keys[a->count ++];
+
+  entry->kb_len = len;
+  entry->kb = xmalloc (len);
+  memcpy (entry->kb, sqlite3_column_blob (stmt, 0), len);
+
+  entry->sigstatus = sigstatus_parse (argv[1]);
+
+  errno = 0;
+  entry->key = strtoul (argv[2], &tail, 0);
+  if (errno || ! (strcmp (tail, ".0") == 0 || *tail == '\0'))
+    /* Abort.  */
+    return 1;
+
+  return 0;
+}
+
+static int
+kdb_search_cb (void *cookie, int argc, char **argv, char **azColName,
+               sqlite3_stmt *stmt)
+{
+  KDB_HANDLE hd = cookie;
+  int i = 0;
+  unsigned long int values[argc];
+  int got_keyblock = 0;
+
+  /* Get the keyblock.  */
+  if (argc >= 2
+      && strcmp (azColName[0], "keyblock") == 0
+      && strcmp (azColName[1], "sigstatus") == 0)
+    {
+      /* When we do: select keyblock, min(oid) and we don't have any
+         results, then keyblock will be NULL.  */
+      if (argv[0])
+        {
+          keyblock_cb (hd, 2, argv, azColName, stmt);
+          got_keyblock = 1;
+        }
+      i = 2;
+    }
+
+  get_unsigned_longs_cb (&values[i], argc - i, &argv[i], &azColName[i]);
+  hd->found.uid_no = hd->found.pk_no = 0;
+  for (; i < argc; i ++)
+    if (strcmp (azColName[i], "oid") == 0)
+      {
+        hd->key = hd->found.key = values[i];
+        if (got_keyblock)
+          hd->resource->key = hd->key;
+      }
+    else if (strcmp (azColName[i], "uid_no") == 0)
+      hd->found.uid_no = values[i];
+    else if (strcmp (azColName[i], "pk_no") == 0)
+      hd->found.pk_no = values[i];
+    else
+      log_bug ("%s: Bad column name: %s\n", __func__, azColName[i]);
+
+  /* Abort.  */
+  return 1;
+}
+
+
+int
+kdb_search (KDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
+            size_t ndesc, size_t *descindex)
+{
+  int n;
+  char *where_uid = NULL;
+  char *where_key = NULL;
+  char *text;
+  int anyskip = 0;
+  int rc = 0;
+  char *err = NULL;
+  char *sql = NULL;
+
+  hd->found.key = -1;
+
+  /* If we are doing a scan, just get the next record.  */
+  for (n = 0; n < ndesc; n ++)
+    {
+      if (desc[n].mode == KEYDB_SEARCH_MODE_FIRST)
+        {
+          struct key_array a;
+          a.count = 0;
+
+          hd_cache_clear (hd);
+
+          rc = sqlite3_exec
+            (hd->resource->db, "select count(*) from primaries",
+             get_unsigned_longs_cb, &a.size, &err);
+          if (rc)
+            {
+              log_fatal ("error scan primaries table: %s\n", err);
+              sqlite3_free (err);
+            }
+
+          if (a.size == 0)
+            {
+              hd->eof = 1;
+              goto out;
+            }
+
+          hd->full_scan = a.keys = xmalloc (sizeof (*a.keys) * (a.size + 1));
+          a.keys[a.size].key = -1;
+
+          rc = sqlite3_stepx
+            (hd->resource->db, NULL,
+             get_keyblock_array_cb, &a, &err,
+             "select keyblock, sigstatus, oid from primaries order by oid",
+             SQLITE_ARG_END);
+          if (rc)
+            {
+              log_fatal ("error listing primary table: %s\n", err);
+              sqlite3_free (err);
+            }
+
+          assert (a.count == a.size);
+
+          hd->key = hd->found.key = hd->full_scan[0].key;
+          goto out;
+        }
+      else if (desc[n].mode == KEYDB_SEARCH_MODE_NEXT)
+        {
+          if (hd->full_scan)
+            {
+              int i;
+              for (i = 0; hd->full_scan[i].key != -1; i ++)
+                if (hd->full_scan[i].key == hd->key)
+                  break;
+
+              if (hd->full_scan[i].key == -1)
+                log_bug ("Didn't find current key (%lld) in full_scan!\n",
+                         hd->key);
+              else if (hd->full_scan[i + 1].key == -1)
+                hd->eof = 1;
+              else
+                hd->key = hd->found.key = hd->full_scan[i + 1].key;
+
+              goto out;
+            }
+
+          rc = sqlite3_stepx
+            (hd->resource->db, NULL, kdb_search_cb, hd, &err,
+             "select keyblock, sigstatus, oid from primaries\n"
+             " where oid > ? order by oid limit 1",
+             SQLITE_ARG_LONG_LONG, hd->key, SQLITE_ARG_END);
+
+          if ((rc == SQLITE_ABORT && hd->found.key == -1)
+              || (rc == 0 && hd->found.key == -1))
+            /* EOF.  */
+            {
+              hd->eof = 1;
+              rc = 0;
+            }
+          else if (rc == SQLITE_ABORT)
+            /* Success.  */
+            rc = 0;
+          else if (rc)
+            {
+              log_fatal ("error getting next record: %s\n", err);
+              sqlite3_free (err);
+            }
+          else
+            log_bug ("Impossible: rc == 0 && hd->found.key != -1!\n");
+
+          goto out;
+        }
+      else
+        continue;
+    }
+
+  hd_cache_clear (hd);
+
+  if (hd->eof)
+    /* We're at the end of the file.  There is nothing else to get.  */
+    return gpg_error (GPG_ERR_EOF);
+
+#define ADD_TERM(thing, op, fmt, ...) do {              \
+    char *t = sqlite3_mprintf                           \
+      ("%s%s("fmt")",                                   \
+       thing ? thing : "", thing ? "\n "op" " : "",     \
+       ##__VA_ARGS__);                                  \
+    sqlite3_free (thing);                               \
+    thing = t;                                          \
+  } while (0)
+#define O(thing, fmt, ...) ADD_TERM(thing, "OR", fmt, ##__VA_ARGS__)
+#define A(thing, fmt, ...) ADD_TERM(thing, "AND", fmt, ##__VA_ARGS__)
+
+  if (descindex)
+    log_fatal ("Implement descindex\n");
+
+  for (n = 0; n < ndesc; n ++)
+    {
+      KEYDB_SEARCH_DESC *d = &desc[n];
+
+      switch (d->mode)
+        {
+        case KEYDB_SEARCH_MODE_EXACT:
+          O(where_uid, "uids.uid = %Q", desc[n].u.name);
+          break;
+
+        case KEYDB_SEARCH_MODE_SUBSTR:
+        case KEYDB_SEARCH_MODE_MAIL:
+        case KEYDB_SEARCH_MODE_MAILSUB:
+        case KEYDB_SEARCH_MODE_MAILEND:
+          {
+            char *escaped = xmalloc (1 + 2 * strlen (d->u.name) + 1 + 1);
+            int i, j = 0;
+
+            if (d->mode == KEYDB_SEARCH_MODE_SUBSTR
+                || d->mode == KEYDB_SEARCH_MODE_MAILSUB
+                || d->mode == KEYDB_SEARCH_MODE_MAILEND)
+              escaped[j ++] = '%';
+
+            for (i = 0; i < strlen (d->u.name); i ++)
+              {
+                if (d->u.name[i] == '%' || d->u.name[i] == '_'
+                    || d->u.name[i] == '\'' || d->u.name[i] == '\\')
+                  escaped[j ++] = '\\';
+                escaped[j ++] = d->u.name[i];
+              }
+
+            if (d->mode == KEYDB_SEARCH_MODE_SUBSTR
+                || d->mode == KEYDB_SEARCH_MODE_MAILSUB)
+              escaped[j ++] = '%';
+
+            escaped[j] = 0;
+
+            O(where_uid, "uids.%s like %Q",
+              d->mode == KEYDB_SEARCH_MODE_SUBSTR ? "uid" : "email",
+              escaped);
+          }
+          break;
+
+
+        case KEYDB_SEARCH_MODE_WORDS:
+          log_fatal ("Implement me!\n");
+          break;
+
+
+        case KEYDB_SEARCH_MODE_SHORT_KID:
+          text = xmalloc (8 + 1);
+          snprintf (text, 9, "%08lX", (ulong) d->u.kid[1]);
+          O(where_key, "keys.fingerprint_rev like '%s%%'", strrev (text));
+          xfree (text);
+          break;
+
+        case KEYDB_SEARCH_MODE_LONG_KID:
+          text = xmalloc (8 * 2 + 1);
+          snprintf (text, 8 * 2 + 1, "%08lX%08lX",
+                    (ulong) d->u.kid[0], (ulong) d->u.kid[1]);
+          O(where_key, "keys.fingerprint_rev like '%s%%'", strrev (text));
+          xfree (text);
+          break;
+
+        case KEYDB_SEARCH_MODE_FPR16:
+          if (d->mode == KEYDB_SEARCH_MODE_FPR16)
+            text = bin2hex (d->u.fpr, 16, NULL);
+          /* Fall through.  */
+
+        case KEYDB_SEARCH_MODE_FPR20:
+        case KEYDB_SEARCH_MODE_FPR:
+          if (d->mode == KEYDB_SEARCH_MODE_FPR20
+              || d->mode == KEYDB_SEARCH_MODE_FPR)
+            text = bin2hex (d->u.fpr, 20, NULL);
+
+          strrev (text);
+          O(where_key, "keys.fingerprint_rev = '%s'", text);
+          xfree (text);
+          break;
+
+        case KEYDB_SEARCH_MODE_FIRST:
+        case KEYDB_SEARCH_MODE_NEXT:
+          /* Already handled above.  */
+          break;
+
+        default:
+          break;
+        }
+
+      if (d->skipfnc)
+        anyskip = 1;
+    }
+
+  if (anyskip)
+    log_fatal ("Implement anyskip.");
+
+  DEBUG ("uid: %s\n", where_uid);
+  DEBUG ("key: %s\n", where_key);
+
+  assert (where_uid || where_key);
+  if (where_uid && where_key)
+    sql = sqlite3_mprintf
+      ("select keyblock, sigstatus,\n"
+       "  keys.primary_key oid, keys.pk_no, uids.uid_no\n"
+       " from primaries\n"
+       " left join keys on primaries.oid = keys.primary_key\n"
+       " left join uids on primaries.oid = uids.primary_key\n"
+       " where %s%lld and (%s and %s)\n"
+       " order by keys.primary_key, keys.pk_no, uids.uid_no\n"
+       " limit 1\n",
+       hd->key == -1 ? "" : "keys.primary_key > ", hd->key,
+       where_uid, where_key);
+  else if (where_key)
+    sql = sqlite3_mprintf
+      ("select primary_key oid, pk_no\n"
+       " from keys\n"
+       " where %s%lld and (%s)\n"
+       " order by primary_key, pk_no\n"
+       " limit 1;\n",
+       hd->key == -1 ? "" : "primary_key > ", hd->key, where_key);
+  else
+    sql = sqlite3_mprintf
+      ("select primary_key oid, uid_no\n"
+       " from uids\n"
+       " where %s%lld and (%s)\n"
+       " order by primary_key, uid_no\n"
+       " limit 1;\n",
+       hd->key == -1 ? "" : "primary_key > ", hd->key, where_uid);
+  DEBUG ("Running '%s'\n", sql);
+  rc = sqlite3_stepx (hd->resource->db, NULL, kdb_search_cb, hd, &err,
+                      sql, SQLITE_ARG_END);
+  if (rc == SQLITE_ABORT)
+    /* Success.  */
+    rc = 0;
+  else if (rc)
+    {
+      log_fatal ("error search DB: %s\n", err);
+      sqlite3_free (err);
+      goto out;
+    }
+  else
+    /* EOF.  */
+    {
+      assert (hd->found.key == -1);
+      hd->eof = 1;
+    }
+
+ out:
+  sqlite3_free (sql);
+  sqlite3_free (where_uid);
+  sqlite3_free (where_key);
+
+  if (rc)
+    {
+      DEBUG ("Search result: Error.\n");
+      return gpg_error (GPG_ERR_GENERAL);
+    }
+  if (hd->eof)
+    {
+      DEBUG ("Search result: ENOENT.\n");
+      return gpg_error (GPG_ERR_EOF);
+    }
+
+  DEBUG ("Search result: key #%lld.\n", hd->key);
+
+  return 0;
+}
diff --git a/g10/kdb.h b/g10/kdb.h
new file mode 100644
index 0000000..55e6962
--- /dev/null
+++ b/g10/kdb.h
@@ -0,0 +1,29 @@
+#ifndef GNUPG_KDB_H
+#define GNUPG_KDB_H
+
+#include "keydb.h"
+
+typedef struct keydb_handle *KDB_HANDLE;
+
+gpg_error_t kdb_register_file (const char *fname, int read_only, void **ptr);
+int kdb_is_writable (void *token);
+
+KDB_HANDLE kdb_new (void *token);
+void kdb_release (KDB_HANDLE hd);
+void kdb_push_found_state (KDB_HANDLE hd);
+void kdb_pop_found_state (KDB_HANDLE hd);
+const char *kdb_get_resource_name (KDB_HANDLE hd);
+int kdb_lock (KDB_HANDLE hd, int yes);
+int kdb_get_keyblock (KDB_HANDLE hd, iobuf_t *iobuf,
+                      int *pk_no, int *uid_no, u32 **sigstatus);
+int kdb_update_keyblock (KDB_HANDLE hd, kbnode_t kb,
+                         const void *image, size_t imagelen);
+gpg_error_t kdb_insert_keyblock (KDB_HANDLE hd, kbnode_t kb,
+                                 const void *image, size_t imagelen,
+                                 u32 *sigstatus);
+int kdb_delete (KDB_HANDLE hd);
+int kdb_search_reset (KDB_HANDLE hd);
+int kdb_search (KDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
+                size_t ndesc, size_t *descindex);
+
+#endif
diff --git a/g10/keydb.c b/g10/keydb.c
index bcafe90..fb79377 100644
--- a/g10/keydb.c
+++ b/g10/keydb.c
@@ -37,6 +37,7 @@
 #include "../kbx/keybox.h"
 #include "keydb.h"
 #include "i18n.h"
+#include "kdb.h"
 
 static int active_handles;
 
@@ -44,7 +45,8 @@ typedef enum
   {
     KEYDB_RESOURCE_TYPE_NONE = 0,
     KEYDB_RESOURCE_TYPE_KEYRING,
-    KEYDB_RESOURCE_TYPE_KEYBOX
+    KEYDB_RESOURCE_TYPE_KEYBOX,
+    KEYDB_RESOURCE_TYPE_KEYDB
   } KeydbResourceType;
 #define MAX_KEYDB_RESOURCES 40
 
@@ -54,6 +56,7 @@ struct resource_item
   union {
     KEYRING_HANDLE kr;
     KEYBOX_HANDLE kb;
+    KDB_HANDLE kdb;
   } u;
   void *token;
 };
@@ -251,13 +254,14 @@ keyblock_cache_clear (struct keydb_handle *hd)
 /* Handle the creation of a keyring or a keybox if it does not yet
    exist.  Take into account that other processes might have the
    keyring/keybox already locked.  This lock check does not work if
-   the directory itself is not yet available.  If IS_BOX is true the
-   filename is expected to refer to a keybox.  If FORCE_CREATE is true
-   the keyring or keybox will be created.
+   the directory itself is not yet available.  RT is the type of
+   resource being created.  If FORCE_CREATE is true the keyring or
+   keybox will be created.
 
    Return 0 if it is okay to access the specified file.  */
 static int
-maybe_create_keyring_or_box (char *filename, int is_box, int force_create)
+maybe_create_resource (char *filename, KeydbResourceType rt,
+                             int force_create)
 {
   dotlock_t lockhd = NULL;
   IOBUF iobuf;
@@ -361,12 +365,25 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force_create)
   if (!iobuf)
     {
       rc = gpg_error_from_syserror ();
-      if (is_box)
-        log_error (_("error creating keybox '%s': %s\n"),
-                   filename, gpg_strerror (rc));
-      else
-        log_error (_("error creating keyring '%s': %s\n"),
-                   filename, gpg_strerror (rc));
+      switch (rt)
+        {
+        case KEYDB_RESOURCE_TYPE_NONE:
+          log_fatal ("Bad value for resource type: %d\n", rt);
+          break;
+
+        case KEYDB_RESOURCE_TYPE_KEYRING:
+          log_error (_("error creating keyring '%s': %s\n"),
+                     filename, gpg_strerror (rc));
+          break;
+        case KEYDB_RESOURCE_TYPE_KEYBOX:
+          log_error (_("error creating keybox '%s': %s\n"),
+                     filename, gpg_strerror (rc));
+          break;
+        case KEYDB_RESOURCE_TYPE_KEYDB:
+          log_error (_("error creating keydb '%s': %s\n"),
+                     filename, gpg_strerror (rc));
+          break;
+        }
       goto leave;
     }
 
@@ -376,7 +393,7 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force_create)
 
   /* Make sure that at least one record is in a new keybox file, so
      that the detection magic will work the next time it is used.  */
-  if (is_box)
+  if (rt == KEYDB_RESOURCE_TYPE_KEYBOX)
     {
       FILE *fp = fopen (filename, "w");
       if (!fp)
@@ -388,22 +405,29 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force_create)
         }
       if (rc)
         {
-          if (is_box)
-            log_error (_("error creating keybox '%s': %s\n"),
-                       filename, gpg_strerror (rc));
-          else
-            log_error (_("error creating keyring '%s': %s\n"),
-                       filename, gpg_strerror (rc));
+          log_error (_("error creating keybox '%s': %s\n"),
+                     filename, gpg_strerror (rc));
           goto leave;
         }
     }
 
   if (!opt.quiet)
     {
-      if (is_box)
-        log_info (_("keybox '%s' created\n"), filename);
-      else
-        log_info (_("keyring '%s' created\n"), filename);
+      switch (rt)
+        {
+        case KEYDB_RESOURCE_TYPE_NONE:
+          log_fatal ("Bad value for resource type: %d\n", rt);
+          break;
+        case KEYDB_RESOURCE_TYPE_KEYRING:
+          log_info (_("keyring '%s' created\n"), filename);
+          break;
+        case KEYDB_RESOURCE_TYPE_KEYBOX:
+          log_info (_("keybox '%s' created\n"), filename);
+          break;
+        case KEYDB_RESOURCE_TYPE_KEYDB:
+          log_info (_("keydb '%s' created\n"), filename);
+          break;
+        }
     }
 
   rc = 0;
@@ -445,6 +469,8 @@ rt_from_file (const char *filename, int *r_found, int *r_openpgp)
         {
           if (magic == 0x13579ace || magic == 0xce9a5713)
             ; /* GDBM magic - not anymore supported. */
+          else if (memcmp (&magic, "SQLi", 4) == 0)
+            rt = KEYDB_RESOURCE_TYPE_KEYDB;
           else if (fread (&verbuf, 4, 1, fp) == 1
                    && verbuf[0] == 1
                    && fread (&magic, 4, 1, fp) == 1
@@ -497,6 +523,11 @@ keydb_add_resource (const char *url, unsigned int flags)
       rt = KEYDB_RESOURCE_TYPE_KEYBOX;
       resname += 10;
     }
+  else if (strlen (resname) > 10 && !strncmp (resname, "gnupg-kdb:", 10) )
+    {
+      rt = KEYDB_RESOURCE_TYPE_KEYDB;
+      resname += 10;
+    }
 #if !defined(HAVE_DRIVE_LETTERS) && !defined(__riscos__)
   else if (strchr (resname, ':'))
     {
@@ -600,7 +631,8 @@ keydb_add_resource (const char *url, unsigned int flags)
       goto leave;
 
     case KEYDB_RESOURCE_TYPE_KEYRING:
-      rc = maybe_create_keyring_or_box (filename, 0, create);
+      rc = maybe_create_resource (filename, KEYDB_RESOURCE_TYPE_KEYRING,
+                                  create);
       if (rc)
         goto leave;
 
@@ -630,7 +662,8 @@ keydb_add_resource (const char *url, unsigned int flags)
 
     case KEYDB_RESOURCE_TYPE_KEYBOX:
       {
-        rc = maybe_create_keyring_or_box (filename, 1, create);
+        rc = maybe_create_resource (filename, KEYDB_RESOURCE_TYPE_KEYBOX,
+                                    create);
         if (rc)
           goto leave;
 
@@ -665,6 +698,36 @@ keydb_add_resource (const char *url, unsigned int flags)
       }
       break;
 
+    case KEYDB_RESOURCE_TYPE_KEYDB:
+      {
+        rc = maybe_create_resource (filename, KEYDB_RESOURCE_TYPE_KEYDB, create);
+        if (rc)
+          goto leave;
+
+        rc = kdb_register_file (filename, read_only, &token);
+        if (rc == 0)
+          {
+            if (used_resources >= MAX_KEYDB_RESOURCES)
+              rc = gpg_error (GPG_ERR_RESOURCE_LIMIT);
+            else
+              {
+                /* if ((flags & KEYDB_RESOURCE_FLAG_PRIMARY)) */
+                /*   primary_keyring = token; */
+                all_resources[used_resources].type = rt;
+                all_resources[used_resources].u.kb = NULL; /* Not used here */
+                all_resources[used_resources].token = token;
+
+                used_resources++;
+              }
+          }
+
+        /* XXX: How to mark this as a primary if it was already
+           registered.  */
+        /* if ((flags & KEYDB_RESOURCE_FLAG_PRIMARY)) */
+        /*   primary_keyring = token; */
+      }
+      break;
+
       default:
 	log_error ("resource type of '%s' not supported\n", url);
 	rc = gpg_error (GPG_ERR_GENERAL);
@@ -730,6 +793,14 @@ keydb_new (void)
 	    die = 1;
           j++;
           break;
+        case KEYDB_RESOURCE_TYPE_KEYDB:
+          hd->active[j].type   = all_resources[i].type;
+          hd->active[j].token  = all_resources[i].token;
+          hd->active[j].u.kdb  = kdb_new (all_resources[i].token);
+          if (!hd->active[j].u.kdb)
+	    die = 1;
+          j++;
+          break;
         }
     }
   hd->used = j;
@@ -769,6 +840,9 @@ keydb_release (KEYDB_HANDLE hd)
         case KEYDB_RESOURCE_TYPE_KEYBOX:
           keybox_release (hd->active[i].u.kb);
           break;
+        case KEYDB_RESOURCE_TYPE_KEYDB:
+          kdb_release (hd->active[i].u.kdb);
+          break;
         }
     }
 
@@ -811,6 +885,9 @@ keydb_get_resource_name (KEYDB_HANDLE hd)
     case KEYDB_RESOURCE_TYPE_KEYBOX:
       s = keybox_get_resource_name (hd->active[idx].u.kb);
       break;
+    case KEYDB_RESOURCE_TYPE_KEYDB:
+      s = kdb_get_resource_name (hd->active[idx].u.kdb);
+      break;
     }
 
   return s? s: "";
@@ -842,6 +919,9 @@ lock_all (KEYDB_HANDLE hd)
         case KEYDB_RESOURCE_TYPE_KEYBOX:
           rc = keybox_lock (hd->active[i].u.kb, 1);
           break;
+        case KEYDB_RESOURCE_TYPE_KEYDB:
+          rc = kdb_lock (hd->active[i].u.kdb, 1);
+          break;
         }
     }
 
@@ -860,6 +940,9 @@ lock_all (KEYDB_HANDLE hd)
             case KEYDB_RESOURCE_TYPE_KEYBOX:
               rc = keybox_lock (hd->active[i].u.kb, 0);
               break;
+            case KEYDB_RESOURCE_TYPE_KEYDB:
+              rc = kdb_lock (hd->active[i].u.kdb, 0);
+              break;
             }
         }
     }
@@ -890,6 +973,9 @@ unlock_all (KEYDB_HANDLE hd)
         case KEYDB_RESOURCE_TYPE_KEYBOX:
           keybox_lock (hd->active[i].u.kb, 0);
           break;
+        case KEYDB_RESOURCE_TYPE_KEYDB:
+          kdb_lock (hd->active[i].u.kdb, 0);
+          break;
         }
     }
   hd->locked = 0;
@@ -919,6 +1005,9 @@ keydb_push_found_state (KEYDB_HANDLE hd)
     case KEYDB_RESOURCE_TYPE_KEYBOX:
       keybox_push_found_state (hd->active[hd->found].u.kb);
       break;
+    case KEYDB_RESOURCE_TYPE_KEYDB:
+      kdb_push_found_state (hd->active[hd->found].u.kdb);
+      break;
     }
 
   hd->saved_found = hd->found;
@@ -947,6 +1036,9 @@ keydb_pop_found_state (KEYDB_HANDLE hd)
     case KEYDB_RESOURCE_TYPE_KEYBOX:
       keybox_pop_found_state (hd->active[hd->found].u.kb);
       break;
+    case KEYDB_RESOURCE_TYPE_KEYDB:
+      kdb_pop_found_state (hd->active[hd->found].u.kdb);
+      break;
     }
 }
 
@@ -1192,6 +1284,23 @@ keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb)
           }
       }
       break;
+    case KEYDB_RESOURCE_TYPE_KEYDB:
+      {
+        iobuf_t iobuf;
+        u32 *sigstatus;
+        int pk_no, uid_no;
+
+        err = kdb_get_keyblock (hd->active[hd->found].u.kdb, &iobuf,
+                                &pk_no, &uid_no, &sigstatus);
+        if (!err)
+          {
+            err = parse_keyblock_image (iobuf, pk_no, uid_no, sigstatus,
+                                        ret_kb);
+            xfree (sigstatus);
+            iobuf_close (iobuf);
+          }
+        break;
+      }
     }
 
   if (hd->keyblock_cache.state != KEYBLOCK_CACHE_FILLED)
@@ -1337,6 +1446,20 @@ keydb_update_keyblock (KEYDB_HANDLE hd, kbnode_t kb)
           }
       }
       break;
+    case KEYDB_RESOURCE_TYPE_KEYDB:
+      {
+        iobuf_t iobuf;
+
+        err = build_keyblock_image (kb, &iobuf, NULL);
+        if (!err)
+          {
+            err = kdb_update_keyblock (hd->active[hd->found].u.kdb, kb,
+                                       iobuf_get_temp_buffer (iobuf),
+                                       iobuf_get_temp_length (iobuf));
+            iobuf_close (iobuf);
+          }
+      }
+      break;
     }
 
   unlock_all (hd);
@@ -1398,6 +1521,23 @@ keydb_insert_keyblock (KEYDB_HANDLE hd, kbnode_t kb)
           }
       }
       break;
+    case KEYDB_RESOURCE_TYPE_KEYDB:
+      {
+        iobuf_t iobuf;
+        u32 *sigstatus;
+
+        err = build_keyblock_image (kb, &iobuf, &sigstatus);
+        if (!err)
+          {
+            err = kdb_insert_keyblock (hd->active[idx].u.kdb, kb,
+                                       iobuf_get_temp_buffer (iobuf),
+                                       iobuf_get_temp_length (iobuf),
+                                       sigstatus);
+            xfree (sigstatus);
+            iobuf_close (iobuf);
+          }
+      }
+      break;
     }
 
   unlock_all (hd);
@@ -1437,6 +1577,9 @@ keydb_delete_keyblock (KEYDB_HANDLE hd)
     case KEYDB_RESOURCE_TYPE_KEYBOX:
       rc = keybox_delete (hd->active[hd->found].u.kb);
       break;
+    case KEYDB_RESOURCE_TYPE_KEYDB:
+      rc = kdb_delete (hd->active[hd->found].u.kdb);
+      break;
     }
 
   unlock_all (hd);
@@ -1491,6 +1634,10 @@ keydb_locate_writable (KEYDB_HANDLE hd)
           if (keybox_is_writable (hd->active[hd->current].token))
             return 0; /* found (hd->current is set to it) */
           break;
+        case KEYDB_RESOURCE_TYPE_KEYDB:
+          if (kdb_is_writable (hd->active[hd->current].token))
+            return 0; /* found (hd->current is set to it) */
+          break;
         }
     }
 
@@ -1519,6 +1666,9 @@ keydb_rebuild_caches (int noisy)
         case KEYDB_RESOURCE_TYPE_KEYBOX:
           /* N/A.  */
           break;
+        case KEYDB_RESOURCE_TYPE_KEYDB:
+          /* N/A.  */
+          break;
         }
     }
 }
@@ -1564,6 +1714,9 @@ keydb_search_reset (KEYDB_HANDLE hd)
         case KEYDB_RESOURCE_TYPE_KEYBOX:
           rc = keybox_search_reset (hd->active[i].u.kb);
           break;
+        case KEYDB_RESOURCE_TYPE_KEYDB:
+          rc = kdb_search_reset (hd->active[i].u.kdb);
+          break;
         }
     }
   hd->is_reset = 1;
@@ -1682,6 +1835,10 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
                               ndesc, KEYBOX_BLOBTYPE_PGP,
                               descindex, &hd->skipped_long_blobs);
           break;
+        case KEYDB_RESOURCE_TYPE_KEYDB:
+          rc = kdb_search (hd->active[hd->current].u.kdb, desc,
+                           ndesc, descindex);
+          break;
         }
       if (rc == -1 || gpg_err_code (rc) == GPG_ERR_EOF)
         {
diff --git a/g10/trustdb.c b/g10/trustdb.c
index 64de985..5a63e4f 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -1722,7 +1722,8 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
   desc.skipfnc = search_skipfnc;
   desc.skipfncvalue = full_trust;
   rc = keydb_search (hd, &desc, 1, NULL);
-  if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
+  if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND
+      || gpg_err_code (rc) == GPG_ERR_EOF)
     {
       keys[nkeys].keyblock = NULL;
       return keys;

-----------------------------------------------------------------------

Summary of changes:
 g10/import.c  |   3 +
 g10/kdb.c     | 520 ++++++++++++++++++++++++++++++++++++++++++++++------------
 g10/trustdb.c |   3 +-
 3 files changed, 421 insertions(+), 105 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Sat Oct 31 01:54:10 2015
From: cvs at cvs.gnupg.org (by Neal H. Walfield)
Date: Sat, 31 Oct 2015 01:54:10 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-92-g18cd092
Message-ID: <E1ZsKHg-00010O-4a@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  18cd09246f5dcddcafb8662afd84fa046e36de3f (commit)
      from  d89a9fca46d9bba497dde0793b57217c800b0e8d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 18cd09246f5dcddcafb8662afd84fa046e36de3f
Author: Neal H. Walfield <neal at g10code.com>
Date:   Sat Oct 31 01:49:32 2015 +0100

    gpg: Consider newlines to be whitespace in an SQL statement.
    
    * g10/sqlite.c (sqlite3_stepx): When making sure that there is no
    second SQL statement, ignore newlines.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/g10/sqlite.c b/g10/sqlite.c
index ee7514c..04f15d9 100644
--- a/g10/sqlite.c
+++ b/g10/sqlite.c
@@ -105,7 +105,7 @@ sqlite3_stepx (sqlite3 *db,
       /* We can only process a single statement.  */
       if (tail)
         {
-          while (*tail == ' ' || *tail == ';')
+          while (*tail == ' ' || *tail == ';' || *tail == '\n')
             tail ++;
 
           if (*tail)

-----------------------------------------------------------------------

Summary of changes:
 g10/sqlite.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org